Logo
CuaDocs
Cua DriverReference

Changelog

Release history for cua-driver

cua-driver Changelog

All notable changes to cua-driver are documented here.

These are the cua-driver-rs (Rust port) releases. The Rust port ships the same user-facing cua-driver binary for macOS and Windows, plus Linux pre-release artifacts for early testing. All versions are currently published as GitHub prereleases under the cua-driver-rs-v* tag prefix (distinct from the Swift driver's cua-driver-v* tags so their artifacts don't collide).

The canonical, always-current source is the GitHub releases page. Each GitHub release body is auto-generated per release from the commits touching libs/cua-driver/rust, including SHA256 checksums and install instructions.

0.5.3 (2026-06-11)

  • Linux: background drag and held-button tools + MPX parallel drags (#1871). Adds parallel_mouse_drag: each session gets its own MPX master pointer (fed by a per-session uinput slave), so multiple agent cursors can drag concurrently in the same window. Drags follow full waypoint paths — a straight from→to segment or a function fn = y(x) (e.g. "300+150*sin(x/40)") — as one continuous held glide. A device-specific XI2 shield grab keeps the window manager blind to the drag's button press, so parallel drags no longer steal focus from the user's active window, and drag masters are cleaned up per call. Also adds a confirmation-gated install_ffmpeg tool that detects the platform package manager and (only with confirm: true) installs the ffmpeg binary the video recording backend shells out to.
  • Linux: agent cursor in background sessions + background terminal typing (#1789). The agent cursor overlay now renders for background (unfocused) sessions, and typing reaches background terminals; Linux keyboard input switched from XSendEvent to XTEST injection (#1805) so synthetic keys are accepted by apps that ignore sent events.

0.5.2 (2026-06-04)

  • Windows: background input without z-raise — input lands in target windows without raising them, plus multi-cursor demos and agent cursor overlay improvements (#1809).
  • Windows: DPI awareness manifest so coordinates are correct on scaled displays (#1821).
  • Python: cua-driver PyPI wrapper with bundled binaries (#1849), plus Windows ARM64 support and cua-driver-uia.exe extraction (#1850).

0.5.1 (2026-06-01)

  • Install home unified on ~/.cua-driver + collision fix. The release installer (install.sh_install-rust.sh) was still defaulting its package home to the legacy ~/.cua-driver-rs, while the local installer (install-local.sh) and the runtime already used ~/.cua-driver (renamed in v0.2.16). That mismatch meant a machine could end up with two homes and two conflicting installs. The release installer now defaults to ~/.cua-driver (still honoring the CUA_DRIVER_RS_HOME override), and on every install it (a) cleans up a prior install-local dev build under the shared home — stops the daemon, removes the *-local-* release dirs and the local signing-identity marker — and (b) sweeps a stale ~/.cua-driver-rs left by an older release. Both steps are best-effort, idempotent, and conservative (marker-gated; they never touch a real release dir, the current symlink, or unrelated user state). TCC grants are preserved — the /Applications/CuaDriver.app bundle is replaced in place, not tccutil reset. The Windows installer (install.ps1) already used ~/.cua-driver and migrated the legacy home, so it is unchanged.

0.5.0 (2026-06-01)

  • Windows: per-session agent cursors — the per-session cursor model (macOS #1779) is ported to Windows, so concurrent sessions are tracked per-session on Windows too (#1801).
  • Streamable-HTTP MCP transport (parallel multi-agent). Over stdio, one cua-driver mcp process is a single pipe, so a client's tool calls — including multiple subagents — serialize. The daemon itself is concurrent. Set CUA_DRIVER_RS_MCP_HTTP_PORT=<port> and the daemon also serves MCP over HTTP (POST http://127.0.0.1:<port>/mcp, loopback only), so each agent opens its own connection and they run truly in parallel — measured 3.6× on 10 concurrent calls. Per-connection ordering keeps a single agent's sequence correct; the per-(pid, window_id) cache + per-session cursor make concurrent cross-connection actions safe. move_cursor is now readOnlyHint:true so MCP clients also parallelize cursor moves on stdio (mutating tools stay serialized on purpose) (#1799).
  • Breaking — session identity is now caller-declared. A "session" (which owns the agent cursor + per-session state) used to be minted per MCP connection, so it couldn't be set from the CLI and couldn't span a run that touches multiple apps. It's now an explicit identity you declare: pass a session id (or call the new start_session/end_session tools), and the same id drives the same cursor over MCP, the CLI, or the raw socket, following the run across any apps/windows. The cursor is now opt-in: a run shows a cursor only when it declares a session — anonymous calls execute without one. Sessions are reclaimed by end_session or an idle-TTL (default 300s, override CUA_DRIVER_RS_SESSION_IDLE_TTL_SECS) instead of connection-EOF. Per-session config + recording keep their existing connection-scoped cleanup as a fallback when no session is declared. Update agents to start_session at the start of a run (the bundled skill + MCP instructions now say so).
  • macOS: fix a daemon crash (EXC_BREAKPOINT in AXUIElementCopyActionNames) when two sessions drive the same window concurrently. Element actions (click, type_text, set_value, …) read the target AXUIElementRef out of the per-(pid, window_id) cache, but a concurrent get_window_state could replace that cache entry and CFRelease the element to zero while the action was still using it — a use-after-free. The cache now hands out a retained guard (CFRetain under the cache lock, CFRelease on drop), so an in-flight action keeps the element alive across a concurrent refresh.
  • macOS (local dev install only): install-local.sh now clears a stale TCC grant left over from a previous signing identity. If you first granted Accessibility / Screen Recording while the bundle was ad-hoc signed, that grant was pinned to the per-build cdhash and silently stopped matching on the next rebuild — the daemon read NOT granted while System Settings still showed CuaDriver toggled ON, a dead end re-toggling couldn't fix. The installer records the signing identity and, when it changes, runs tccutil reset so the next grant re-pins cleanly to the stable self-signed certificate (after which grants survive all future rebuilds). Release builds are unaffected — they're CI-signed with a stable identity (#1792 follow-up).

0.4.3 (2026-05-31)

  • macOS: the agent-cursor overlay now actually renders in the serve daemon. It was only wired into the in-process mcp path, so in the daemon-proxy setup (the default) every cursor command was a silent no-op and the agent cursor never appeared (#1790).
  • macOS: cua-driver permissions grant no longer spams the TCC prompt — it raises a single dialog and then polls silently, and the gate honours its deadline instead of re-prompting (and restarting the daemon) on every ~25s re-exec (#1791).
  • Dev: install-local now signs the bundle with a stable self-signed identity, so TCC grants (Accessibility / Screen Recording) survive rebuilds instead of resetting on every install (#1792).

0.4.2 (2026-05-31)

  • macOS: guard the SkyLight auth-message selector on macOS 14 Sonoma so the driver no longer crashes on launch (#1782, #1503).
  • macOS: enable Chromium/Electron accessibility trees via AXManualAccessibility, so get_window_state can see their window content (#1756).

0.4.1 (2026-05-31)

  • macOS: per-session agent cursors, so concurrent sessions each get their own visual agent cursor (#1779).
  • macOS: ship AppIcon.icns in the bundle so CuaDriver.app no longer shows a blank icon (#1780, #1496).
  • macOS: guard AppKit initialization so mcp runs headless instead of SIGABRT-ing (#1781, #1724).

0.4.0 (2026-05-31)

  • Daemon session-identity model: the daemon now owns and cleans up session-scoped recording and config, tying that state to the session that created it (#1776).

0.3.6 (2026-05-30)

  • macOS: fix permissions status so it reports the driver's real TCC grants (via the daemon) instead of the calling terminal's — it no longer claims granted when only the caller holds the grant (#1774).

0.3.5 (2026-05-30)

  • macOS: bind the serve socket before the permissions gate, so clients can connect even while permissions are still being resolved (#1761, #1773).

0.3.4 (2026-05-30)

  • Maintenance release (no path-specific changes).

0.3.3 (2026-05-30)

  • Maintenance release (no path-specific changes).

0.3.2 (2026-05-27)

  • Add a check-update CLI verb and a check_for_update MCP tool so clients can detect when a newer driver is available (#1734).

0.3.1 (2026-05-27)

  • First release in the 0.3.x line, which began the macOS TCC / permissions hardening series.

0.2.x (2026-05-17 – 2026-05-21)

  • Pre-release iteration on the Rust port across versions 0.2.0–0.2.18, including cross-platform build and packaging work for the macOS, Windows, and Linux pre-release artifacts.

0.1.x (2026-05-14)

Was this page helpful?

Known limits

What Cua Driver can't do, and the workarounds

Introduction

Next Page

On this page

cua-driver Changelog0.5.3 (2026-06-11)0.5.2 (2026-06-04)0.5.1 (2026-06-01)0.5.0 (2026-06-01)0.4.3 (2026-05-31)0.4.2 (2026-05-31)0.4.1 (2026-05-31)0.4.0 (2026-05-31)0.3.6 (2026-05-30)0.3.5 (2026-05-30)0.3.4 (2026-05-30)0.3.3 (2026-05-30)0.3.2 (2026-05-27)0.3.1 (2026-05-27)0.2.x (2026-05-17 – 2026-05-21)0.1.x (2026-05-14)