Releases: arthjean/paneflow
Release list
v0.7.7
Paneflow v0.7.7
Paneflow v0.7.7 is a major hardening release across the agent control plane, terminal runtime, workspace persistence, diff workflow, and distribution pipeline. The release covers 36 commits since v0.7.6, including the final version bump and release-fix commits.
Highlights
- Agent control plane: MCP pane tools are explicitly read-only, workspace-scoped by default, and wrap terminal output as untrusted content. Workspace automation gained safer spawn planning, bounded prefill/context handling, and stricter scripting gates.
- Terminal runtime: cell geometry, search, input, bracketed paste, OSC52 handling, copy mode, hyperlinks, scroll state, and output detection were hardened. Hera dogfood diagnostics now provide a shadow/side-by-side runtime for render parity checks behind an opt-in environment gate.
- Workspace and sessions: tabbed pane state now persists across restore, session restore is stricter, fleet surfaces are more stable, Rosetta/attention queues are less fragile, and notification surfaces are opt-in.
- Diff and review: the in-app diff engine, worktree scans, generated/binary file handling, review state, and agents diff dock are more resilient under large or multi-project changes.
- Updates and distribution: signed self-update installers, Windows MSI relay, macOS DMG, Debian, RPM, AppImage, Homebrew, Winget, AppStream, and release CI gates were tightened.
- Docs: Conductor, MCP bridge, scripting, Context7 docs metadata, and user-facing launch/demo material were refreshed to match the runtime contracts.
Agent Control Plane And MCP
- Added the Paneflow MCP bridge hardening pass:
list_panes,read_pane, andsearch_paneadvertise read-only behavior, clamp output, scope access to the current workspace by default, and require an explicit global scope opt-in for instance-wide reads. - Terminal data returned to agents is fenced as untrusted terminal output, reducing prompt-injection risk when agents inspect pane contents.
- MCP install/status/uninstall logic is now idempotent across Claude Code, Codex, Gemini, and opencode configs, with config locks, backup-aware writes, TOML/JSON/JSONC preservation, and cross-platform command resolution.
- Shared subprocess execution now uses a bounded helper with timeouts, stdout/stderr caps, null stdin, and process-tree cleanup on Unix and Windows.
workspace.upand related IPC methods now plan pane spawns before execution, canonicalize working directories, dedupe labels, bound context/prefill content, gate orchestration primitives, and provide clearer failure shapes.surface.read,surface.send_text,surface.send_keystroke,events.subscribe, andai.*routes have tighter validation, pagination, fencing, CR/LF rejection where appropriate, submit echo handling, and better structured responses.- CLI automation was expanded around
paneflow up,paneflow flow,paneflow wait,paneflow watch, split/select/focus helpers, dry-run/json modes, env token substitution, managed worktrees, and public IPC barriers.
Workspace, Sessions, And UI
- Persisted surface schema now exposes tabbed surface fields so split/tab layouts can be restored more faithfully.
- Session restore, worktree scans, pane scans, stale session cleanup, surface identity mapping, mode routing, and agents surfaces were hardened.
- Agents UI runtime fixes cover fleet sidebar rows, bottom panel behavior, visibility, labels, active/running protection, and noisy interrupt completion events.
- Rosetta and attention queue state received stability fixes for cross-agent status surfaces.
- Notification surfaces are opt-in instead of silently on by default.
- Settings primitives, input handling, shortcut recording, theme shortcuts, window chrome, markdown theme sync, and the main panel bottom corners were polished.
Terminal, Search, And Rendering
- Renderer cell geometry was aligned with frame metrics, backed by golden Hera snapshots and broader layout tests.
- Search/input handling now deals better with wide characters, regex errors, lowercase expansion, row/column mapping, copy mode, and focus changes.
- Hyperlink and file-path activation, OSC52 clipboard handling, bracketed paste state, cursor blink/color, scrollbars, and terminal output-service detection were hardened.
- Hera dogfood runtime can run disabled, shadow, or side-by-side modes via environment configuration, emit scrubbed/raw artifacts, track render mismatches, and compare viewport/cursor/style state against Paneflow's terminal model.
- Multiline surface sends and terminal IPC paths now reject or route ambiguous content more predictably.
Diff, Review, Markdown, And Security
- Diff scopes, worktree branch selection, multi-project grouping, watcher parking, warm-resume cache, generated/binary file handling, and large patch boundaries are more stable.
- The agents diff dock uses shared diff colors/pipelines, better resize behavior, split/unified toggles, collapse state, cached rows, and per-file scroll spans.
- Markdown rendering received state and security hardening, including safer rendering boundaries, link behavior, and renderer lifecycle fixes.
- Cross-platform test gates were tightened for release and layout behavior, including Unix-specific clippy coverage and Windows-only import guards.
Updates, Packaging, And Release Gates
- Signed self-update flows now reject unsigned/keyless builds before touching disk, use stricter semver guards, verify AppImage replacements, and stage Windows MSI updates through a relay after the current process exits.
- System package update routes cover APT, DNF, and Zypper, with rpm-ostree and unknown package managers falling back to explicit user guidance.
- Release packaging was hardened across Windows MSI, macOS DMG, Debian, RPM, AppImage, tar.gz, Homebrew, Winget, AppStream metadata, SHA256/minisig sidecars, and repository publish checks. The Windows MSI Start Menu shortcut now uses the HKCU KeyPath required by WiX ICE38/ICE43 while binaries and PATH remain machine-wide.
- Release CI now checks workspace tests, formatting, clippy, AppStream freshness against the workspace version, MSI relay integrity, and platform-specific packaging behavior before publishing assets.
- The final v0.7.7 bump updates the workspace version, lockfile package versions, Debian changelog, and AppStream top release entry.
Behavioral Notes
- MCP bridge reads now default to the active workspace. Use the documented opt-in global scope only when an agent truly needs instance-wide visibility.
- Notification surfaces are now opt-in, so existing configs may be quieter until explicitly enabled.
surface.send_keystrokerejects newline bytes. Usesurface.send_textfor text submission flows.- The release workflow requires the first AppStream release entry to match the workspace version.
Validation
Local validation before tagging:
cargo check --workspacecargo fmt --checkcargo clippy --workspace -- -D warningscargo test --workspacegit diff --check- AppStream XML parsed locally and first release version verified as
0.7.7
GitHub release workflow: https://github.com/arthjean/paneflow/actions/runs/28795870781, all build, smoke, auto-update, and publish jobs succeeded.
Repository publish workflow: https://github.com/arthjean/paneflow/actions/runs/28798467533, APT amd64/arm64 and RPM x86_64/aarch64 metadata verified at pkg.paneflow.dev.
Release assets: 32 assets published on GitHub, including Linux AppImage/deb/rpm/tar.gz for x86_64 and aarch64, macOS aarch64 DMG, Windows x86_64 MSI, SHA256/minisig sidecars, and AppImage zsync files.
Full Commit Set
47a219e1docs(readme): add Paneflow badge56d046c3docs(readme): tighten Paneflow badge spacingd66bd859docs(readme): refresh Paneflow badge source76bdbed6fix(config): expose persisted surface fields in schemaf6acc27edocs(user): refresh Conductor docs for Context75fbc533afeat(agent-control): add MCP hardening and Hera dogfood runtime5c297472fix(agent-control): normalize agent launchesf0db92d2feat(workspace): persist tabbed surface state8702205efix(terminal): align renderer cell geometryc1ca5c03fix(terminal): harden input and search handling3056247ffix(ipc): guard multiline surface sendse337a2f4fix(app): centralize mode routing and expose agents surfacesc7ea92e5fix(app): harden session persistence restore14ecad53fix(workspace): harden worktree and surface scans52bf7b6dfix(cli): harden orchestration control planecac3ba4bfix(agents): harden agents UI runtimefc1a217bfix(app): stabilize Rosetta and attention queue state4dcb30cffix(app): harden fleet sidebar surfaces1b719cb6fix(diff): harden diff engine edge casesd8417141fix(diff): stabilize review and agents diff state9e0623ebfix(markdown): harden renderer state and securityeef7e66cfix(ci): stabilize cross-platform test gates3e28ff57fix(app): satisfy unix markdown clippy38287675fix(ui): harden settings primitives and input handling19779b2dfix(app): harden theme shortcuts and window chrome91435e40fix(update): harden signed self-update installersf9ef896efix(release): harden distribution packaging83f9eeadfix(docs): align public surfaces with runtime contracts028a561achore(tasks): harden PRD and demo artifactsd49ca3ecci(tests): harden release and layout gates744ee6b7fix(update): gate MSI stdio import on Windows494dab67fix(config): make notification surfaces opt in58de4c98fix(app): suppress interrupt completion noisefdaca5d9fix(app): square main panel bottom cornersde717e42chore(release): bump version to v0.7.79d7789f5fix(release): allow MSI shortcut key path
Full changelog: v0.7.6...v0.7.7
v0.7.6
Highlights
- Terminal appearance is now much more tunable. Settings > Terminal exposes cursor shape, cursor color, font size, font weight, line height, cell width, integrated block glyphs, color emoji, ligatures, scrollback, and Windows terminal material controls, with matching
paneflow.jsonschema coverage. - The terminal renderer got a sharper visual pass. Text is rounded onto stable cell pixels, cursor painting handles wide glyphs and emoji more accurately, the default cursor color moves to Apple system blue, and golden snapshots now lock the new renderer output.
- Windows material mode is cleaner and safer. Windows-only terminal and chrome material toggles let Mica or blur show through the CLI surface and chrome, while non-CLI surfaces stay opaque and cross-platform configs remain safe on Linux/macOS.
- The app now builds on Rust 1.96.1 everywhere: local toolchain, CI, release workflow, docs, and README are in lockstep.
- Security audit is clean again:
anyhowwas updated to clearRUSTSEC-2026-0190.
Install
See the Installation section in the README.
Validation
- Local checks:
cargo check --workspace,cargo fmt --check,cargo clippy --workspace -- -D warnings,cargo test --workspace. - Test CI: run_tests.yml run 28518881646 passed on the
0.7.6release commit. - Release CI: release.yml run 28518883543 passed across Linux x86_64/aarch64, macOS Apple Silicon, Windows x64 MSI, package smoke tests, auto-update e2e, and GitHub Release publication.
- Repo publish: repo_publish run 28521051417 passed.
- Homebrew cask update: update_cask run 28521051376 passed.
- Release assets: 32 assets published, including Linux x86_64/aarch64 AppImage,
.deb,.rpm,.tar.gz; macOS Apple Silicon.dmg; Windows x64.msi; plus minisign and SHA-256 sidecars.
Full Changelog
Features
8f297cd4feat(app): refine terminal material appearance- adds Windows-aware terminal and chrome material switches, transparent CLI terminal backgrounds when material is enabled, rounded panel corner masks, material-aware startup/backdrop painting, and safer native-backdrop resolution across Windows, macOS, Linux, Diff, Agents, and Settings.600a1c7cfeat(terminal): add renderer appearance controls- adds Settings controls and config/schema fields for cursor shape, cursor color, font weight, cell width, integrated glyphs, color emoji, Windows terminal material, and related renderer defaults; also reworks font resolution, cell metrics, text paint alignment, and cursor rendering.
Maintenance And Security
19414984chore(rust): bump pinned toolchain to 1.96.1- moves the repo pin, README badge/docs,run_tests, audit, release workflow inputs, and update e2e script expectations to Rust 1.96.1.5cb18899fix(deps): update anyhow for RUSTSEC-2026-0190- updatesanyhowfrom 1.0.102 to 1.0.103 so advisory scanning passes again.da101da3test(terminal): refresh renderer golden snapshots- refreshes terminal renderer golden files for ANSI colors, APCA contrast, block glyphs, CJK spacer, cursor shapes, dim/inverse/selection, indexed color, and truecolor output after the renderer appearance changes.b8db1bcfchore(release): bump version to 0.7.6- updates the workspace package version, internal lockfile package versions, and Debian changelog for the release.
Compare: v0.7.5...v0.7.6
v0.7.5
Highlights
- Agent session discovery is broader. The docked sessions sidebar now goes beyond Claude, Codex, and OpenCode with discovery/resume support for Pi, Hermes, Grok, Cursor Agent, Gemini, and Kiro through documented local stores or CLI list commands. Resume commands keep the strict session-id guard before anything reaches a PTY.
- Agents terminals now follow your current shell settings. Bottom-dock terminals and sidebar agent terminals can be restarted with the active integrated-terminal shell, and Settings now makes it clear when running terminals need a restart versus when new or finished terminals will pick up the change automatically.
- The Files sidebar is smoother and keyboard-first. It now animates open/close, focuses on toggle, supports arrow/Home/End/Enter/Escape navigation, preserves selection as the tree changes, and handles loading, empty roots, workspace switches, and file-watcher churn more defensively.
- Diff review is much more interactive. The Agents diff dock and Review surface gained shared direct-paint scrolling, unified/split switching, collapse-all and per-file folding, fold expansion for hidden context, horizontal scrolling per file/side, language/file icons, better untracked-file stats, and warmer revalidation for visible columns.
- Linux readability is safer by default. Native compositor backdrop/blur on Linux is now opt-in through
PANEFLOW_LINUX_NATIVE_BACKDROP, so Wayland/X11 users get an opaque background unless they explicitly enable experimental blur.
Install
See the Installation section in the README.
Validation
- Local checks:
cargo check --workspace,cargo fmt --check,cargo clippy --workspace -- -D warnings,cargo test --workspace. - Release CI: release.yml run 28456228236 passed after hardening the openSUSE smoke-test refresh against slow Tumbleweed metadata downloads.
- Release assets: 32 assets published, covering Linux x86_64/aarch64 AppImage,
.deb,.rpm,.tar.gz; macOS Apple Silicon.dmg; Windows x64.msi; plus minisign and SHA-256 sidecars.
Full Changelog
Features
cbd783c0feat(app): expand agent session discovery- adds session discovery for Pi, Hermes, Grok, Cursor Agent, Gemini, and Kiro; wires the docked sessions sidebar to all supported agent readers; adds safe resume-command shapes per agent; and keeps attribution matching available for the wider agent set.fcd9d6aafeat(terminal): restart agents terminals with current shell- adds restart controls for bottom-dock and sidebar terminals, makes terminal shell changes visible in Settings, and lets finished/new terminals reopen with the current shell while warning when running terminals need a restart.d13d05ebfeat(files): add animated keyboard sidebar controls- adds the Files sidebar toggle binding, open/close animation, focus tracking, row selection, keyboard navigation, and Markdown activation while keeping selection clamped as folders expand or collapse.4a41d8e4feat(diff): add interactive scrolling and fold expansion- upgrades the Agents diff and Review diff surfaces with unified/split row caches, file collapse/expand controls, fold expansion, horizontal wheel and scrollbar support, file/language icons, binary/file stats handling, and visible-column revalidation.
Fixes And Polish
e59ed986fix(files): harden files sidebar state and rendering- makes the Files sidebar more resilient around root hydration, empty listings, stale expansion state, context menus, file watcher updates, and active-session changes.665df894style(diff): refine review diff gutter styling- tightens the diff gutter treatment, row styling, and theme colors so review diffs scan cleaner.ad33b556fix(app): keep Linux backdrop opaque by default- makes Linux native blur opt-in withPANEFLOW_LINUX_NATIVE_BACKDROPand forces an opaque background when it is disabled.8acd7357refactor(app): collapse project git stats guard- simplifies the guard around project git stats updates.
Docs And Release Infrastructure
3588b096docs(show-hn): refresh launch draft claims- refreshes the Show HN launch draft to match the current product claims.46a318f7chore(release): bump version to 0.7.5- updates the workspace version, lockfile package versions, and Debian changelog.f3ee2abeci(release): harden openSUSE smoke refresh- extends the openSUSE smoke-test zypper timeouts so slow Tumbleweed metadata downloads do not block a valid release.235f0d70ci(release): bootstrap zypp config in openSUSE smoke test- creates the zypp config file when the container image does not ship one before applying the timeout override.
Compare: v0.7.4...v0.7.5
v0.7.4
Highlights
- Build reusable workspace templates directly from Settings. Templates can define a project path, layout preset, panes, agents, shell commands, optional pane labels, cwd overrides, env, and prompt prefill, then launch through the same
workspace.uppath used by the CLI. - Run a saved workflow from an already-open matching workspace via the workspace context menu. Pane launches reuse the open project, respect the pane limit, preserve focus, and schedule commands or prompts after PTY startup.
- Settings is tighter and easier to scan. The Terminal page now keeps the primary controls: cursor shape, bell, font family, and font size. Advanced terminal knobs remain supported in
paneflow.json. - Native chrome and tab polish: Windows and macOS material stays unobscured, Linux keeps its readability veil, and the CLI new-tab affordance now sits directly with the tab chips.
Install
See the Installation section in the README.
Validation
- Local checks:
cargo check --workspace,cargo fmt --check,cargo clippy --workspace -- -D warnings,cargo test --workspace. - Release CI: release.yml run 28385390002 passed.
- Release assets: 32 assets published, covering Linux x86_64/aarch64 AppImage,
.deb,.rpm,.tar.gz; macOS Apple Silicon.dmg; Windows x64.msi; plus minisign and SHA-256 sidecars.
Full Changelog
Features
f01fa4bffeat(settings): add workspace template builder- adds a visual Workspaces settings page for reusable workspace templates backed bycommands[].workspace, including layout presets, pane definitions, agent/command/shell pane types, project path picking, duplication, deletion, and launch plumbing.81cec6a9feat(settings): refine workspace workflow controls- adds the workspace context-menu Run Workflow action for matching saved templates, launches templates into existing workspaces, improves pane deletion and workflow button treatment, and aligns the main-vertical layout split to an even center split.
Fixes And Polish
f41d509efix(app): keep native chrome material unobscured- keeps Windows and macOS chrome transparent so platform-owned Mica/AppKit material remains visible, while Linux keeps the theme-aware blur veil.043e975dstyle(app): align CLI new-tab button with tabs- moves the new terminal tab affordance out of the action cluster and places it directly after the tab chips with the same tab-strip sizing.aa7bf7cfrefactor(settings): simplify terminal settings page- reduces the Terminal settings UI to the core controls and leaves advanced settings available through config.
Maintenance
5f7ec259chore(mcp): normalize tool schema EOFs- normalizes MCP tool schema file endings.b956425fchore(release): bump version to v0.7.4- updates the workspace package version, lockfile package versions, and Debian changelog.
Compare: v0.7.3...v0.7.4
v0.7.3
Patch release focused on Windows agent-status hooks in installed builds.
Fixed
- Windows hook commands are now wrapped in an explicit PowerShell invocation, so installed paths under
C:\Program Files\PaneFlow\...work when a hook runner executes through PowerShell instead ofcmd.exe. - Codex's Windows-specific
commandWindowshook field now uses the same shell-safe command as the genericcommandfield. - Claude-compatible strict hook configs for CodeBuddy, Qoder, Gemini, Cursor, Grok, and Hermes now receive one shell-safe
commandwithout adding unsupportedcommandWindowsfields. - Persistent
paneflow hooks setupentries now use the same Windows-safe command format, andpaneflow hooks statuscan still detect/update wrapped hook paths.
Validation
cargo check --workspacecargo test --workspacecargo clippy --workspace -- -D warningscargo fmt --check- GitHub Actions release run
28361448357passed builds for Windows x64, Linux x64, Linux ARM64, and macOS ARM64. - Release smoke tests passed for Windows MSI install + relay, Ubuntu 22.04, Debian 12, Fedora 40, openSUSE Tumbleweed, Arch Linux tarball, and Linux x86_64 auto-update e2e.
Artifacts
Published 32 signed assets for Windows, macOS Apple Silicon, Linux x86_64, and Linux ARM64.
Full Changelog: v0.7.2...v0.7.3
v0.7.2
Paneflow v0.7.2 is a focused reliability release for Windows/Codex hooks and the in-app update banner. It keeps the v0.7.x cross-platform release surface stable while fixing two sharp edges found after v0.7.1.
Fixed
- Fixed Codex hook commands on Windows when Paneflow is installed under paths with spaces, including
C:\Program Files\PaneFlow. The generic Codexcommandfield now invokespaneflow-ai-hook.exethrough an explicit PowerShell command, with single-quote escaping and forward-slash paths so PowerShell sessions execute the hook reliably. - Kept Paneflow-managed hook cleanup reliable for PowerShell-wrapped commands by detecting embedded
paneflow-ai-hook/paneflow-ai-hook.exeprogram tokens, including quoted paths and orphaned hook commands. - Fixed the sidebar update banner so clicking the banner starts the self-update flow directly, while clicking the dismiss control only dismisses the update. This restores the intended update action path from the sidebar UI.
Release
- Bumped the workspace, lockfile, Debian changelog, and README release asset example to
0.7.2. - Published signed release artifacts for Linux x86_64/aarch64, macOS Apple Silicon, and Windows x64.
- Passed release workflow
28355116650: four-platform build matrix, Ubuntu/Debian.debsmoke tests, Fedora/openSUSE.rpmsmoke tests, Arch Linuxtar.gzsmoke test, Windows MSI install + relay, and Linux x86_64 auto-update e2e.
Full Changelog: v0.7.1...v0.7.2
v0.7.1
Paneflow v0.7.1 is a Windows agent-status hotfix release. It also cleans up the public docs and architecture guide so the repository matches the release surface shipped in v0.7.x.
Fixed
- Fixed agent status hooks on Windows for release installs under paths such as
C:\Program Files\PaneFlow. - Hardened Codex Windows hook fallback commands so they do not rely on POSIX single quotes when Codex runs the generic
commandfield. - Updated Gemini hook installation to the current matcher-group schema and millisecond timeout expected by Gemini CLI.
- Kept Cursor in its flat
hooks.jsonschema while writing a Windows-safe command string. - Tightened CodeBuddy, Qoder, and Grok hook installs to avoid undocumented Paneflow-only fields while keeping cleanup idempotent through
paneflow-ai-hookbasename detection. - Kept OpenCode and Pi on the direct TypeScript IPC bridge path, avoiding per-event
paneflow-ai-hook.exesubprocesses.
Documentation
- Rewrote the README around the current native Rust/GPUI release surface: Linux, macOS Apple Silicon, and Windows x64 artifacts, no Electron, no WSL requirement, install table, core workflows, and safety model.
- Updated Windows support docs and issue-template copy to reflect the signed MSI path and current Windows release status.
- Reworked
ABOUT.mdinto the English product summary used by the repo and public-facing surfaces. - Added
llms.txtso agents and AI search tools have a concise map of the repository, docs, release/trust pages, and safety boundaries. - Refreshed
ARCHITECTURE.mdto match the current codebase: workspace crates, helper binaries, IPC namespaces, agent lifecycle events, 50 ms app poll loop, MCP bridge, telemetry, self-update, and current platform matrix.
Release
- Bumped the workspace, lockfile, Debian changelog, and release asset examples to
0.7.1. - Published signed release artifacts for Linux x86_64/aarch64, macOS Apple Silicon, and Windows x64.
- Passed release smoke tests for Ubuntu 22.04
.deb, Debian 12.deb, Fedora 40.rpm, openSUSE Tumbleweed.rpm, Arch Linuxtar.gz, Windows MSI install + relay, and Linux x86_64 auto-update.
Full Changelog: v0.7.0...v0.7.1
v0.7.0
Highlights
- Rosetta is now built into Paneflow as an in-app, top-center agent status surface for CLI and Agents mode.
- Rosetta turns scattered agent signals into one prioritized view: who is running, who needs input, who stalled, who failed, and which completed events are still worth seeing.
- Rows are actionable. Clicking or pressing Enter on a navigable row routes back to the exact workspace pane or Agents thread instead of making you scan the sidebar manually.
- Notification controls now live in a dedicated Settings -> Notifications page, covering native OS notifications, Rosetta visibility, and passive running-agent summaries.
- The Paneflow MCP bridge now ships explicit tool manifests for
list_panes,read_pane, andsearch_pane.
What changed
Rosetta agent status surface
- Added the new
src-app/src/app/rosetta.rssurface and wired it into the main render tree. - Rosetta derives rows from existing Paneflow truth: workspace
agent_sessions, Agents-mode thread status, surface ids, waiting timestamps, last results, and short-lived recent events. - The compact card appears top-center in supported modes and stays hidden when there is nothing active or recent to report.
- The expanded panel groups and prioritizes rows into needs-input, failed, stalled, running, and recent sections.
- Waiting rows are sorted by the oldest wait first, so the next human intervention is easy to spot.
- Finished and error transitions are retained briefly as volatile recent history, capped and time-bounded so short-lived state changes are not missed.
- Passive running-only rows stay quiet by default, with an optional setting for users who want Rosetta to show running summaries.
- Rosetta is mode-gated to CLI and Agents mode for this release. Diff/Review surfaces stay uncluttered until there is a dedicated product decision for them.
Navigation and handoff
- Rosetta rows can focus the original workspace, pane tab, or Agents thread when a valid target exists.
- If a target disappears before activation, Rosetta reports an unavailable target instead of focusing the wrong pane.
- Keyboard handling covers expanded-panel navigation with arrow keys, Enter, and Esc without leaking input into the terminal behind the card.
- The title-bar bell now reflects Rosetta availability: disabled, unavailable in the current mode, open, or ready to open.
- Mode switches and Settings screens close or gate the Rosetta surface so stale focus state does not linger.
Security and trust boundary
- Agent-provided text in Rosetta is treated as untrusted data: plain text only, capped, sanitized, and visually separated from Paneflow controls.
- Freeform agent messages cannot create approval buttons. Direct approval affordances are reserved for future typed internal events with complete metadata.
- Existing Attention Queue, sidebar status, and native OS notifications remain independent; disabling Rosetta does not disable the rest of the agent-status system.
Notifications settings
- Added a dedicated Notifications settings section.
- Moved Rosetta toggles out of the AI Agent page and into the Notifications page.
- Added a Native OS notifications toggle backed by
agent_panel.notify_when_agent_waiting, preserving siblingagent_panelsettings during writes. - Added
rosetta_enabledandrosetta_show_passiveconfig/schema support with tolerant defaults for invalid config values. - Added the disabled bell icon used by the title bar when Rosetta is turned off.
- On Windows, Paneflow now writes a dedicated notification icon file from the embedded asset and registers it as the toast AppUserModelId icon.
MCP manifests
- Added JSON tool manifests under
mcps/paneflow/tools/. - Manifest coverage now describes the read-only pane tools exposed by the bridge:
list_panes,read_pane, andsearch_pane. - The manifest descriptions carry the untrusted-terminal-output warning so downstream agent tooling treats pane output as data to analyze, not instructions to obey.
Project and QA material
- Added the Rosetta PRD and story status file under
tasks/. - Added
docs/rosetta-qa-runbook.mdwith automated gates and manual scenarios for CLI mode, Agents mode, keyboard behavior, narrow windows, closed targets, untrusted text, settings, and mode gating.
Release metadata
- Bumped the workspace version from
0.6.10to0.7.0. - Updated
Cargo.lockworkspace package versions. - Added the Debian changelog stanza for
0.7.0-1.
Upgrade notes
- Rosetta is enabled by default for urgent states after upgrade.
- Passive running-agent summaries are off by default. Enable "Show running agents" in Settings -> Notifications if you want Rosetta visible for running-only agent activity.
- Native OS notifications remain available and configurable separately from Rosetta.
- If Paneflow is open during upgrade, restart it after installation so the new settings and title-bar Rosetta controls initialize cleanly.
- Windows users can upgrade normally with
paneflow-0.7.0-x86_64-pc-windows-msvc.msi.
Downloads
- Windows x64:
paneflow-0.7.0-x86_64-pc-windows-msvc.msi - macOS Apple Silicon:
paneflow-0.7.0-aarch64-apple-darwin.dmg - Linux x86_64: AppImage,
.deb,.rpm, andtar.gz - Linux aarch64: AppImage,
.deb,.rpm, andtar.gz - Checksums and Minisign signatures are attached for release assets.
Validation
- Local:
cargo fmt --check - Local:
cargo check --workspace - Local:
cargo test --workspace - Local:
cargo clippy --workspace -- -D warnings - Release workflow: https://github.com/ArthurDEV44/paneflow/actions/runs/28327456640
- Published release assets: 32
Commits
8c4e3c1feat(app): add Rosetta agent status surfacea77f8c0feat(app): add notification controls487445ffeat(mcp): add pane tool manifestsf40942fchore(release): bump version to v0.7.0
Full changelog: v0.6.10...v0.7.0
v0.6.10
Highlights
- Windows in-app updates now use a detached relay that survives the main PaneFlow process exit and reopens the app after the MSI transaction finishes.
- Release publishing is now blocked by every real release validation gate: all Linux distro smokes, the Windows MSI smoke, and the Linux auto-update E2E.
- The release workflow now validates the Windows MSI installer end to end before publishing: signed MSI integrity, silent install/uninstall, installed
paneflow --version, and the--msi-relaypath. - The auto-update E2E no longer waits for an already-published GitHub Release. It signs the NEW tarball inside the E2E job, so the test remains a true pre-publish release gate.
What changed
Windows updater
- Spawned the copied MSI relay as a detached non-elevated process so it keeps running after PaneFlow exits.
- Moved UAC elevation to the relay's
msiexecinvocation for Program Files installs, then waits for the elevated installer process to finish and captures its exit code. - Relaunches PaneFlow after
msiexeccompletes, including success, user-cancel, and installer-failure paths, so users are not left with a closed app and no feedback. - Always removes the staged MSI after the relay attempts installation.
- Added relay diagnostics for spawn, argument-parse failures,
msiexeclaunch/wait status, and relaunch attempts. - Made relay argument parsing resilient when host launchers inject flags before
--msi-relay. - Added regression coverage for shifted relay args, relay parse logging, quoted MSI paths, and relaunch-after-exit behavior.
Release validation
- Added
smoke-test-windows-msionwindows-2022. - The Windows smoke downloads the signed Windows MSI artifact, verifies its
.sha256sidecar, verifies Authenticode status, installs the MSI silently, checksC:\Program Files\PaneFlow\paneflow.exe --version, exercises--msi-relayon a copied relay binary, verifies relay logs, confirms the staged MSI copy is removed, then uninstalls. - Added the Windows MSI smoke, Debian smoke, openSUSE smoke, Arch smoke, and
auto-update-e2etoPublish GitHub Releaseneeds, so any failed smoke now prevents publication. - Changed
auto-update-e2eto sign its NEW tarball before publish using the release minisign key. This keeps the updater test as a pre-publish gate without waiting on release assets that do not exist yet. - Removed the previous publish-ordering deadlock where auto-update E2E waited for a signature from a release that was itself waiting on the E2E gate.
Release metadata
- Bumped the workspace version from
0.6.9to0.6.10. - Updated
Cargo.lockworkspace package versions. - Added the Debian changelog stanza for
0.6.10-1.
Upgrade notes
- Windows users who previously saw PaneFlow close during update without coming back should install
0.6.10from the MSI once. - After
0.6.10, future in-app MSI updates should close PaneFlow, run the installer through the relay, and relaunch the installed app. - If Windows still shows UAC, accept the prompt for
paneflow-app; the relay waits formsiexecto finish before trying to relaunch. - Release
v0.6.10intentionally includes release-pipeline hardening. This makes future releases fail earlier and more visibly instead of publishing with a red smoke test.
Downloads
- Windows x64:
paneflow-0.6.10-x86_64-pc-windows-msvc.msi - macOS Apple Silicon:
paneflow-0.6.10-aarch64-apple-darwin.dmg - Linux x86_64: AppImage,
.deb,.rpm, andtar.gz - Linux aarch64: AppImage,
.deb,.rpm, andtar.gz - Checksums and Minisign signatures are attached for release assets.
Validation
- Local:
cargo check --workspace - Local:
cargo fmt --check - Local targeted:
cargo test -p paneflow-app relay -- --nocapture - Workflow syntax:
git diff --check -- .github/workflows/release.yml - Workflow syntax: YAML parse via Prettier
- Release workflow: https://github.com/ArthurDEV44/paneflow/actions/runs/28300166219
- Release gates: 4/4 build matrix jobs green
- Release gates: Ubuntu, Fedora, Debian, openSUSE, Arch smoke tests green
- Release gates: Windows MSI install + relay smoke green
- Release gates: Linux x86_64 auto-update E2E green
- Published release assets: 32
Commits
70d9ffffix(update): harden Windows MSI relay restart09d2a39ci(release): harden release smoke gatesfce0976chore(release): bump version to v0.6.10a73a33cci(release): sign auto-update smoke before publish
Full changelog: v0.6.9...v0.6.10
v0.6.9
Highlights
- Windows agent hooks now use a native
commandWindowscommand, so Codex and compatible agents no longer route Paneflow hooks through bash or WSL on Windows. - This removes the repeated
SessionStart,PreToolUse, andPostToolUsehook exited with code 1failures seen on Windows machines without a WSL distribution. - Paneflow still writes the portable
commandfield as the cross-platform fallback and ownership marker, so cleanup and stale-hook detection keep working across Codex, Claude-compatible runners, Grok, and other supported agent panes.
What changed
Windows hooks
- Added a Windows-native hook command for Paneflow-managed matcher-group handlers.
- The Windows override invokes
paneflow-ai-hook.exethroughcmd.exe /D /C, avoiding any dependency on bash, Git Bash, or WSL for supported runners. - Kept the existing
commandentry for cross-platform fallback behavior and for recognizing Paneflow-managed hooks during self-healing cleanup. - Extended the Windows Codex hook regression coverage to assert that generated handlers include
commandWindowsand preserve the hook event argument. - Adjusted the handler construction so Clippy stays clean on Windows, Linux, and macOS targets.
Release metadata
- Bumped the workspace version from
0.6.8to0.6.9. - Added the Debian changelog stanza for
0.6.9-1.
Upgrade notes
- Existing running agent sessions keep the hook configuration they were launched with. After upgrading, restart Paneflow and start a fresh agent session.
- Windows users installing through the MSI can upgrade normally with
paneflow-0.6.9-x86_64-pc-windows-msvc.msi. - If an older in-app update path is still stuck from a previous version, install the
0.6.9MSI manually once.
Downloads
- Windows x64:
paneflow-0.6.9-x86_64-pc-windows-msvc.msi - macOS Apple Silicon:
paneflow-0.6.9-aarch64-apple-darwin.dmg - Linux x86_64: AppImage,
.deb,.rpm, andtar.gz - Linux aarch64: AppImage,
.deb,.rpm, andtar.gz - Checksums and Minisign signatures are attached for release assets.
Validation
- Local:
cargo check --workspace - Local:
cargo fmt --check - Local:
cargo clippy --workspace -- -D warnings - Local:
cargo test --workspace - Local targeted regression:
cargo test -p paneflow-shim - Release workflow: https://github.com/ArthurDEV44/paneflow/actions/runs/28294955232
- Published release assets: 32
Commits
b1edb31fix(shim): route Windows hooks through native command6d274d3chore(release): bump version to v0.6.9d8b1d2dfix(shim): satisfy cross-platform hook clippy
Full changelog: v0.6.8...v0.6.9