Logo
CuaDocs
Cua DriverReference

Changelog

Release history for cua-driver

cua-driver Changelog

All notable changes to cua-driver are documented here.

These are the cua-driver-rs (Rust port) releases. The Rust port ships the same user-facing cua-driver binary for macOS and Windows, plus Linux pre-release artifacts for early testing. All versions are currently published as GitHub prereleases under the cua-driver-rs-v* tag prefix (distinct from the Swift driver's cua-driver-v* tags so their artifacts don't collide).

The canonical, always-current source is the GitHub releases page. Each GitHub release body is auto-generated per release from the commits touching libs/cua-driver/rust, including SHA256 checksums and install instructions.

Unreleased

  • Install home unified on ~/.cua-driver + collision fix. The release installer (install.sh_install-rust.sh) was still defaulting its package home to the legacy ~/.cua-driver-rs, while the local installer (install-local.sh) and the runtime already used ~/.cua-driver (renamed in v0.2.16). That mismatch meant a machine could end up with two homes and two conflicting installs. The release installer now defaults to ~/.cua-driver (still honoring the CUA_DRIVER_RS_HOME override), and on every install it (a) cleans up a prior install-local dev build under the shared home — stops the daemon, removes the *-local-* release dirs and the local signing-identity marker — and (b) sweeps a stale ~/.cua-driver-rs left by an older release. Both steps are best-effort, idempotent, and conservative (marker-gated; they never touch a real release dir, the current symlink, or unrelated user state). TCC grants are preserved — the /Applications/CuaDriver.app bundle is replaced in place, not tccutil reset. The Windows installer (install.ps1) already used ~/.cua-driver and migrated the legacy home, so it is unchanged.

0.5.0 (2026-06-01)

  • Windows: per-session agent cursors — the per-session cursor model (macOS #1779) is ported to Windows, so concurrent sessions are tracked per-session on Windows too (#1801).
  • Streamable-HTTP MCP transport (parallel multi-agent). Over stdio, one cua-driver mcp process is a single pipe, so a client's tool calls — including multiple subagents — serialize. The daemon itself is concurrent. Set CUA_DRIVER_RS_MCP_HTTP_PORT=<port> and the daemon also serves MCP over HTTP (POST http://127.0.0.1:<port>/mcp, loopback only), so each agent opens its own connection and they run truly in parallel — measured 3.6× on 10 concurrent calls. Per-connection ordering keeps a single agent's sequence correct; the per-(pid, window_id) cache + per-session cursor make concurrent cross-connection actions safe. move_cursor is now readOnlyHint:true so MCP clients also parallelize cursor moves on stdio (mutating tools stay serialized on purpose) (#1799).
  • Breaking — session identity is now caller-declared. A "session" (which owns the agent cursor + per-session state) used to be minted per MCP connection, so it couldn't be set from the CLI and couldn't span a run that touches multiple apps. It's now an explicit identity you declare: pass a session id (or call the new start_session/end_session tools), and the same id drives the same cursor over MCP, the CLI, or the raw socket, following the run across any apps/windows. The cursor is now opt-in: a run shows a cursor only when it declares a session — anonymous calls execute without one. Sessions are reclaimed by end_session or an idle-TTL (default 300s, override CUA_DRIVER_RS_SESSION_IDLE_TTL_SECS) instead of connection-EOF. Per-session config + recording keep their existing connection-scoped cleanup as a fallback when no session is declared. Update agents to start_session at the start of a run (the bundled skill + MCP instructions now say so).
  • macOS: fix a daemon crash (EXC_BREAKPOINT in AXUIElementCopyActionNames) when two sessions drive the same window concurrently. Element actions (click, type_text, set_value, …) read the target AXUIElementRef out of the per-(pid, window_id) cache, but a concurrent get_window_state could replace that cache entry and CFRelease the element to zero while the action was still using it — a use-after-free. The cache now hands out a retained guard (CFRetain under the cache lock, CFRelease on drop), so an in-flight action keeps the element alive across a concurrent refresh.
  • macOS (local dev install only): install-local.sh now clears a stale TCC grant left over from a previous signing identity. If you first granted Accessibility / Screen Recording while the bundle was ad-hoc signed, that grant was pinned to the per-build cdhash and silently stopped matching on the next rebuild — the daemon read NOT granted while System Settings still showed CuaDriver toggled ON, a dead end re-toggling couldn't fix. The installer records the signing identity and, when it changes, runs tccutil reset so the next grant re-pins cleanly to the stable self-signed certificate (after which grants survive all future rebuilds). Release builds are unaffected — they're CI-signed with a stable identity (#1792 follow-up).

0.4.3 (2026-05-31)

  • macOS: the agent-cursor overlay now actually renders in the serve daemon. It was only wired into the in-process mcp path, so in the daemon-proxy setup (the default) every cursor command was a silent no-op and the agent cursor never appeared (#1790).
  • macOS: cua-driver permissions grant no longer spams the TCC prompt — it raises a single dialog and then polls silently, and the gate honours its deadline instead of re-prompting (and restarting the daemon) on every ~25s re-exec (#1791).
  • Dev: install-local now signs the bundle with a stable self-signed identity, so TCC grants (Accessibility / Screen Recording) survive rebuilds instead of resetting on every install (#1792).

0.4.2 (2026-05-31)

  • macOS: guard the SkyLight auth-message selector on macOS 14 Sonoma so the driver no longer crashes on launch (#1782, #1503).
  • macOS: enable Chromium/Electron accessibility trees via AXManualAccessibility, so get_window_state can see their window content (#1756).

0.4.1 (2026-05-31)

  • macOS: per-session agent cursors, so concurrent sessions each get their own visual agent cursor (#1779).
  • macOS: ship AppIcon.icns in the bundle so CuaDriver.app no longer shows a blank icon (#1780, #1496).
  • macOS: guard AppKit initialization so mcp runs headless instead of SIGABRT-ing (#1781, #1724).

0.4.0 (2026-05-31)

  • Daemon session-identity model: the daemon now owns and cleans up session-scoped recording and config, tying that state to the session that created it (#1776).

0.3.6 (2026-05-30)

  • macOS: fix permissions status so it reports the driver's real TCC grants (via the daemon) instead of the calling terminal's — it no longer claims granted when only the caller holds the grant (#1774).

0.3.5 (2026-05-30)

  • macOS: bind the serve socket before the permissions gate, so clients can connect even while permissions are still being resolved (#1761, #1773).

0.3.4 (2026-05-30)

  • Maintenance release (no path-specific changes).

0.3.3 (2026-05-30)

  • Maintenance release (no path-specific changes).

0.3.2 (2026-05-27)

  • Add a check-update CLI verb and a check_for_update MCP tool so clients can detect when a newer driver is available (#1734).

0.3.1 (2026-05-27)

  • First release in the 0.3.x line, which began the macOS TCC / permissions hardening series.

0.2.x (2026-05-17 – 2026-05-21)

  • Pre-release iteration on the Rust port across versions 0.2.0–0.2.18, including cross-platform build and packaging work for the macOS, Windows, and Linux pre-release artifacts.

0.1.x (2026-05-14)

Was this page helpful?

Known limits

What Cua Driver can't do, and the workarounds

Introduction

Next Page

On this page

cua-driver ChangelogUnreleased0.5.0 (2026-06-01)0.4.3 (2026-05-31)0.4.2 (2026-05-31)0.4.1 (2026-05-31)0.4.0 (2026-05-31)0.3.6 (2026-05-30)0.3.5 (2026-05-30)0.3.4 (2026-05-30)0.3.3 (2026-05-30)0.3.2 (2026-05-27)0.3.1 (2026-05-27)0.2.x (2026-05-17 – 2026-05-21)0.1.x (2026-05-14)