All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Added
[security.tools]andTMUX_MCP_TOOLSallow/deny filters for hiding and denying exact tools or tool groups at runtime.
- Runtime-denied tools are pruned from the advertised MCP tool list instead of only failing when called.
- Added
send-keys enter=truefor type-and-submit workflows. - Added the
paste-texttool for bracketed multi-line paste into interactive panes. - Added CI coverage for tmux integration tests, including zsh bracketed-paste behavior.
- Moved
paste-textunder theinteractivefeature gate with the other raw input tools. - Documented hardened builds, paste behavior, memory limits, and tmux tab-delimited parsing limitations.
- Enforced the tmux 3.x startup requirement with a clearer version check.
- Passed leading-dash user values after
--so tmux does not parse them as flags. - Switched split sizing to the tmux 3.x-compatible
-l <percent>%form. - Bounded abandoned pending command tracking entries.
- Cleaned up temporary paste buffers when paste delivery fails.
- Rejected malformed
TMUX_MCP_SSHvalues from the environment during startup.
- Quoted remote tmux commands for SSH execution so shell-sensitive socket and payload values preserve argv intent.
- Applied command filters to each non-empty pasted or submitted line, closing anchored regex bypasses for multi-line input.
- Added the
send-hextool to send raw bytes viatmux send-keys -H(e.g. CSI-u sequences). - Added a configurable
tracking_deadline_seconds(default 600) for command tracking. - Added the
interactiveandspecial-keysCargo features (both on by default) so a hardened build can omit the raw keystroke tools entirely, leaving the filteredexecute-commandas the sole shell-input path. See the README "Hardened build" section.
- Chunked
send-keys -Hpayloads to stay within argv/tmux limits, mirroring literal send-keys chunking. - Switched integration test panes to
/usr/bin/env bash --norc --noprofilefor portability on non-FHS systems. - Clarified in the README that
send-hexdenylist screening is best-effort.
- Recovered command tracking when the START marker scrolls out of reach instead of marking the command as errored.
- Fixed sticky-
Errorstatus on still-running tracked commands. - Fixed a hang in the capture backoff loop when the backoff factor was 1.
- Rejected line-editing control bytes (
0x08,0x15,0x17,0x7f) insend-hexto prevent denylist bypasses.
- Upgraded
rmcpfrom1.2to1.4.
- Upgraded
rmcpfrom0.14to1.2. - Migrated server metadata and read-resource handling to the
rmcp1.x constructor-based model API. - Refreshed compatible dependency versions in
Cargo.lock, includingtokio,clap,uuid,tempfile,tracing-subscriber,schemars,regex, andtoml0.9.x.
- Enforced session allowlist checks across pane/window tools and resources.
- Added configurable command tracking settings (capture limits and backoff).
- Added retention controls for completed command history.
- Added search streaming threshold for large buffer searches.
- Bound command results to the resolved tmux socket and enforced socket policy on command reads.
- Improved literal send-keys performance with chunked fast paths for large payloads.
- Upgraded the optional rapidfuzz dependency to 0.5.0 for fuzzy similarity scoring.
- Improved the README
- Added probe-and-refine workflow and tmux-buffer-explorer buffer tooling.
- Initial Release