v2.6.0

What's Changed

• feat: add daemon session persistence and recovery by @Zurgli in #3
• refactor(company): cleanup a2a MCP server and add project docs by @openwong2kim in #4

New Contributors

• @openwong2kim made their first contribution in #4

Full Changelog: v2.4.1...v2.6.0

What's Changed

• refactor(company): cleanup a2a MCP server and add project docs by @openwong2kim in #4

New Contributors

• @openwong2kim made their first contribution in #4

Full Changelog: v2.5.0...v2.6.0

What's Changed

• refactor(company): cleanup a2a MCP server and add project docs by @openwong2kim in #4

New Contributors

• @openwong2kim made their first contribution in #4

Full Changelog: v2.5.0...v2.6.0

What's Changed

• refactor(company): cleanup a2a MCP server and add project docs by @openwong2kim in #4

New Contributors

• @openwong2kim made their first contribution in #4

Full Changelog: v2.5.0...v2.6.0

v2.5.0 — AI Agent Terminal

What's New

Token/Cost Tracker

• Real-time Claude Code API token/cost display per terminal pane
• StatusBar shows ⚡ 42.3K tokens · $1.28 for active pane
• Cost data persists across app restarts

Layout Presets

• One-click workspace templates: Horizontal Split, Vertical Split, Three Columns, Main+Sidebar, 2x2 Grid
• Preset picker dropdown on workspace + button

Shell Integration

• Auto-inject shell hooks for PowerShell and Bash
• OSC 7 (CWD) + OSC 7727 (git branch) real-time reporting
• Pane headers and StatusBar show live CWD and git branch
• CMD supported (CWD only)

Onboarding Tutorial

• Interactive spotlight walkthrough on first run
• 5 steps covering core features (split, workspace, browser, palette, notifications)
• Re-triggerable from Settings > General > Restart Tutorial
• Localized: EN, KO, JA, ZH

MCP Cross-Workspace Control

• terminal_send and terminal_send_key now accept optional ptyId to target any terminal
• terminal_read fully implemented — reads xterm buffer content
• surface_list and pane_list accept optional workspaceId for cross-workspace queries
• workspace_list now includes metadata (CWD, git branch, agent status)
• Daemon fallback for PTY write — works across all workspaces in daemon mode

Workspace Copy Button Enhanced

• Copy button (⧉) now outputs per-pane details: Surface ID, PTY ID, CWD, git branch, shell type
• Includes MCP tool usage instructions for AI agent control
• Shell names show actual type (PowerShell 7, Bash, CMD) instead of generic "Terminal"

Architecture

• PTYBridge refactored to middleware pipeline pattern for extensibility
• 80+ new tests added (186 → 266 total)

Full Changelog: v2.4.5...v2.5.0

v2.4.5

v2.4.5

• fix: improve reboot persistence and rebuild app icon as path-based SVG
• revert: unstable session lifecycle changes reverted for stability

Full Changelog: v2.4.4...v2.4.5

v2.4.4

Full Changelog: v2.4.3...v2.4.4

v2.4.3

Security Hardening

• Timing-safe token comparison: PipeServer now uses crypto.timingSafeEqual (matches DaemonPipeServer)
• TCP port file permissions: Set 0o600 to restrict access
• Prototype pollution defense: Added JSON.parse reviver to McpRegistrar
• Shell injection prevention: Replaced execSync with execFileSync for PID lookups
• CSPRNG for CDP port: Use crypto.randomInt() instead of Math.random()
• Ref parameter sanitization: Validate ref params against ^[a-zA-Z0-9_-]+$ before CSS selector insertion
• Reproducible release builds: Changed npm install to npm ci in release workflow
• Lockfile sync: Aligned package-lock.json version with package.json

Full Changelog: v2.4.2...v2.4.3

v2.4.2

v2.4.2
Session Persistence & Recovery
Wmux now remembers your sessions across restarts. Terminal sessions are automatically saved on exit and restored on next launch — including scrollback history.
What's new

Sessions survive daemon restarts, crashes, and reboots
Scrollback buffer is preserved and restored per session
Live sessions are snapshotted every 30 seconds — at most 30 seconds of output is lost on a forced kill or power loss
On Windows, a synchronous save fires on process exit as a last resort
Corrupted state files fall back to .bak automatically

Session data is stored in ~/.wmux/sessions.json and ~/.wmux/buffers/.

Security Hardening
Six security fixes contributed by @Zurgli.

Browser RPC boundary — removed raw CDP passthrough; clients can no longer execute arbitrary DevTools commands
SSRF enforcement — navigation policy now validates resolved IP addresses, including IPv6-mapped IPv4 (::ffff:x.x.x.x) bypass
Filesystem bridge — symlink traversal blocked via realpath double-check before sensitive path validation
Browser profile isolation — each surface now uses its own partition instead of a shared one
Export path restriction — PDF and trace exports are confined to a controlled output directory
Token hardening — Windows ACL hardening applied consistently to both daemon and MCP auth tokens

Contributors
@Zurgli — first external contribution, both PRs

v2.4.1

What's New

Workspace Identity Resolution for MCP Servers

Claude Code doesn't propagate WMUX_WORKSPACE_ID environment variables to MCP child processes, causing agents to be unable to identify which workspace they belong to. This release fixes the core issue:

• PID-based identity resolution: PTYManager writes shell PID→workspaceId mappings to ~/.wmux/pid-map/ on PTY creation (both local and daemon modes)
• Process tree walking: MCP servers resolve their workspace identity by calling a2a.resolve.identity RPC, then walking the process tree upward via PowerShell to find the matching PTY shell PID
• Removed dangerous fallback: The activeWorkspaceId fallback that caused identity confusion when focus changed between workspaces has been removed. All A2A operations now require explicit workspace identity
• Clear error messages: When workspace identity cannot be determined, agents receive actionable error messages instead of silently using the wrong workspace

Company Mode Scaffolding

• Company/department/team member data model and store
• Agent persona generator, cost estimator, message queue
• Built-in company templates
• Company RPC handlers and worktree management
• wmux-a2a MCP server for structured inter-agent communication

A2A Protocol Improvements

• a2a.resolve.identity RPC for workspace identity resolution
• Background task execution via ClaudeWorker
• Improved task routing and workspace matching

Full Changelog: v2.4.0...v2.4.1

Full Changelog: v2.4.0...v2.4.1

v2.4.0

What's New

Real A2A Protocol

• Replaced fake A2A messaging with a real task-based Agent-to-Agent protocol following Google A2A spec
• Task lifecycle management: submitted → working → completed/failed/canceled
• Structured message parts (text, data, file) with artifact support

Security Hardening (by @Zurgli)

• Browser RPC boundary: Removed raw browser.cdp.send, replaced with reviewed browser.goBack
• SSRF enforcement: DNS-resolved IP validation blocks private/link-local/metadata addresses
• Filesystem bridge: realpath canonicalization prevents symlink-based path traversal
• Browser profile isolation: Dynamic partition from ProfileManager instead of hardcoded string
• Export path restriction: Browser exports locked to ~/.wmux/exports
• Token hardening: Centralized secureWriteTokenFile with Windows ACL — fails closed on error

Features

• Support Shift+Enter newline in Claude Code input
• Bundle Cascadia Code font for consistent terminal rendering
• New app icon (>w terminal face design)
• CONTRIBUTING.md added

Stability & Fixes

• Fix intermittent CJK text garbling on font load race
• Fix WebGL context exhaustion, font garbling, resize drag, and MCP browser reliability
• Keep MCP registration persistent across wmux restarts
• Fix transparent overlay to block webview pointer capture during resize
• Increase daemon pipe fallback attempts from 4 to 8
• Connect daemon before creating window to prevent session loss
• Re-reconcile PTYs when daemon connects after renderer load
• Reclaim zombie Windows named pipes instead of falling back
• Auto-open browser surface when no CDP page exists
• Wrap paste in bracketed paste sequences and expose readImage API
• Simplify Inspector output to minimal AI-actionable info
• Remove file-based session persistence, rely on daemon memory

Contributors

• @Zurgli — First external contributor! Submitted comprehensive security hardening across 6 areas with test coverage. Thank you! 🎉

Full Changelog: v2.2.2...v2.4.0

What's Changed

• Security hardening for browser boundary, SSRF, FS bridge, profile isolation, exports, and tokens by @Zurgli in #1
• Security hardening for browser boundary, SSRF, FS bridge, profile isolation, exports, and tokens by @Zurgli in #2

New Contributors

• @Zurgli made their first contribution in #1

Full Changelog: v2.3.1...v2.4.0

v2.3.1

Changes

• Remove file-based session persistence — daemon memory is the single source of truth. Eliminated StateWriter, SessionManager, RingBuffer file dumps, and session recovery logic. Reduces crash risk from I/O failures.
• Simplify Inspector output — strip parent/siblings, text content, and decorative attributes. Keep only selector + tag + actionable attrs (type, name, placeholder, value, href, src, role, aria-label) for minimal AI token usage.
• Add license: MIT field to package.json

Full Changelog: v2.3.0...v2.3.1

v2.3.0

What's New

Features

• Shift+Enter newline — Claude Code 입력에서 Shift+Enter로 줄바꿈 지원 (kitty keyboard protocol)

Fixes

• Bracketed paste mode — 붙여넣기 시 [N lines] 확인 UI가 정상 표시되도록 bracketed paste 시퀀스 지원
• readImage clipboard API — preload에서 누락된 이미지 붙여넣기 API 노출
• Auto-open browser surface — CDP 페이지 없을 때 브라우저 표면 자동 열기
• Zombie pipe reclaim — Windows named pipe 좀비 프로세스 회수
• PTY re-reconcile — 데몬 연결 후 PTY 재조정
• Session loss prevention — 창 생성 전 데몬 연결로 세션 손실 방지
• Pipe fallback attempts — 데몬 파이프 폴백 시도 4→8회 증가
• Resize drag overlay — 리사이즈 중 webview 포인터 캡처 차단
• MCP persistence — wmux 재시작 시 MCP 등록 유지
• WebGL context exhaustion — WebGL 컨텍스트 소진, 폰트 깨짐, 리사이즈 드래그 수정

Full Changelog: v2.2.2...v2.3.0