arbidle turns idle agent time into income — without ever reading your code. We spot wait states from the command you launch via the editor's Shell Integration API — never its output, your files, or your environment. Every ad arrives as an Ed25519-signed payload in a fully sandboxed iframe. You stay in control. Your security team stays calm.
The only things that leave your machine: which command you launched, your active language, and a one-way hash of your workspace name — never your code, output, or env.
arbidle listens to the editor's Shell Integration API — the command you launch and the signal that it finished, the same signal that draws the little checkmark next to a finished command. From the command name we recognize a heavy job and size the wait. We never read what it prints, your files, or anything else in your workspace.
EDR- and DLP-safe by construction. Nothing to exfiltrate, because nothing is read. We didn't write a stricter privacy policy — we removed the capability to misbehave.
We read the command you launch — enough to tell a build from a test from an agent — and nothing else. Never its output, your files, env, or logs.
classify("npm test") → test · 0 output readsEvery ad is Ed25519-signed and rendered in an iframe with no allow-same-origin. A bad signature renders nothing.
verify(sig, pubkey) → trueEach impression carries a Hashcash PoW solution + behavioral attestation, so budgets fund real developers, not bots.
sha256(salt‖nonce) · leading hex zerosTurn it off per workspace anytime. The threat model and the exact permissions we request are published.
set "arbidle.enabled": falseThe Shell Integration API hands us the command you ran (e.g. `npm test`) and the signal that it finished. We classify the command to size the wait — never its output, your files, or your workspace.
The exchange ships the ad as an Ed25519-signed payload. Your extension verifies the signature against a pinned public key before rendering. Tampered payload → nothing renders.
The ad mounts in an iframe with sandbox and no allow-same-origin. No DOM access, no network back to your editor, no remote code execution. Supply-chain attacks have nowhere to land.
Verified, non-fraudulent impressions accrue against your client id at 70% of the clearing price. Stripe Connect handles withdrawals — wired and ready, switched on when payouts go live.
Idle agent time has a cost to you and zero price on the open market. A dev-tools company would pay real money to reach you in exactly that moment. arbidle is the exchange that closes the spread — and routes it to your account. See the bid, the take rate, and your kickback on every fill. No opaque creator pool, no clawbacks.
Idle time is pure overhead to you — and priced at zero on the open market.
An illustrative advertiser bid for that single attentive moment.
Drag the sliders. Whether you write code or buy attention, the math is transparent — and so are the assumptions. These are estimates, not promises.
You keep 70% of the clearing price on each verified impression.
Illustrative estimate from the assumptions you set above — not a forecast or a guarantee. Real numbers depend on live auction demand, your stack, and verified-impression volume. No money moves until payouts are switched on (see the FAQ).
When an agent is thinking, the developer is watching the sidebar — and open to what comes next. Bid for those moments. Target by the language and wait-state context the editor shares — never by reading their work. Pay only for cryptographically verified impressions.
Three products monetize agent wait states. We don't think the honest pitch is “they're evil” — it's that arbidle's guarantees are mechanical and checkable. Our column links to the code; the competitor columns reflect their public sites.
Competitor details reflect kickbacks.ai and aibcmedia.com as of June 2026. We couldn't verify AIBC Media's mechanics from public material, so we mark those cells “not publicly documented” rather than guessing. If anything here is wrong, tell us and we'll correct it.
The differentiators are architectural, not policy promises. Audit the mechanism, not our marketing.
GET /api/keys → the Ed25519 public key your extension verifies every ad againstThe agent wait time you already spend watching a spinner can pay you back — without ever reading a line of your code. Install in one click in Cursor, Windsurf, or VSCodium from the Open VSX registry. It starts in demo mode — real, signed sample ads, no backend, no account.
published as arbidle.arbidle· in Cursor / VSCodium, search “arbidle” in Extensions · demo mode needs no backend
We read the command line of jobs you launch in the terminal — e.g. `npm test` or `claude …` — to recognize a build/test/agent and roughly how long it runs, plus your active file's language and a one-way hash of your workspace folder name for coarse targeting. That's the entire input. We never read terminal output, source files, environment variables, .jsonl agent logs, git, or your clipboard. An extension that can't read your workspace contents can't leak them — that's the whole point.
kickbacks.ai is the closest comparison — it also monetizes agent wait states and states it doesn't read your code, only the spinner position. Our differentiators are things you can audit: every ad is Ed25519-signed and verified in the extension host before it renders, then sandboxed in an iframe; every impression carries a Proof-of-Work proof; the protocol, verification code, and threat model are open. AIBC Media is in the same category, but we couldn't verify its mechanics from public material as of June 2026, so we don't make claims about it. See the comparison above and judge for yourself.
No. Every creative is an Ed25519-signed payload verified against a pinned public key before it renders (in demo mode the key is an ephemeral per-session key, so the same verify path still runs), and it renders in a sandboxed iframe with no allow-same-origin — so it has no access to your editor's DOM, no network back-channel, and no privileged execution. A tampered or unsigned ad is dropped, not shown.
It shouldn't. Because we never read files or buffers, there are no suspicious file-access patterns for endpoint security to detect and nothing for DLP to intercept. We publish the exact editor and OS permissions we request so your security team can review the full surface in minutes.
You earn a transparent 70% of the clearing price on each verified impression, shown in the dashboard. Honest status: the signed-ad auction, Proof-of-Work verification, and earnings ledger run on live infrastructure today. Payouts go through Stripe Connect and switch on the moment Stripe is connected to the exchange — until then your balance accrues but withdrawals are disabled, and we say so rather than imply money is already moving.
Ads appear only during wait states you're already idle in, in a sidebar — never as a modal, never while you're typing or actively editing. We monetize the seconds you already spend watching a spinner, and you can mute or disable it per project at any time.
Every impression and click carries a cryptographic Proof-of-Work stamp plus behavioral attestation, delivered as signed event receipts. You're buying attested human idle-moments — not headless-browser farms draining your budget.