v0.35.0

Install seer-cli 0.35.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/TheZacillac/seer/releases/download/v0.35.0/seer-cli-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/TheZacillac/seer/releases/download/v0.35.0/seer-cli-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

brew install TheZacillac/tap/seer-cli

Download seer-cli 0.35.0

File	Platform	Checksum
seer-cli-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
seer-cli-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
seer-cli-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
seer-cli-aarch64-unknown-linux-gnu.tar.xz	ARM64 Linux	checksum
seer-cli-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum

v0.34.0

Install seer-cli 0.34.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/TheZacillac/seer/releases/download/v0.34.0/seer-cli-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/TheZacillac/seer/releases/download/v0.34.0/seer-cli-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

brew install TheZacillac/tap/seer-cli

Download seer-cli 0.34.0

File	Platform	Checksum
seer-cli-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
seer-cli-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
seer-cli-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
seer-cli-aarch64-unknown-linux-gnu.tar.xz	ARM64 Linux	checksum
seer-cli-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum

v0.33.0

Highlights

• 17 verified bug fixes across the smart-lookup path, TUI, and API — in-flight coalescing hang, multi-byte WHOIS truncation panic, referral line-jump, XFF rate-limit bypass, and more (#26)
• MCP over Streamable HTTP at POST /mcp (same tool registry as stdio, behind the API-key middleware) + seer generate-key (#11)
• Prebuilt CLI binaries for 5 platforms with shell/PowerShell installers — this release page! (#30)
• Python distribution renamed to domain-seer (import seer unchanged); seer-api now depends on it (#34)
• Python suites run in CI (#27) and deterministic protocol tests cover WHOIS referrals/timeouts, RDAP 404/429/fallback, and formatter snapshots (#28)
• Docs/CLAUDE.md synced; deliberate retry boundaries documented (#14, #29, #31)

Install seer-cli 0.33.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/TheZacillac/seer/releases/download/v0.33.0/seer-cli-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/TheZacillac/seer/releases/download/v0.33.0/seer-cli-installer.ps1 | iex"

Install prebuilt binaries via Homebrew

brew install TheZacillac/tap/seer-cli

Download seer-cli 0.33.0

File	Platform	Checksum
seer-cli-aarch64-apple-darwin.tar.xz	Apple Silicon macOS	checksum
seer-cli-x86_64-apple-darwin.tar.xz	Intel macOS	checksum
seer-cli-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
seer-cli-aarch64-unknown-linux-gnu.tar.xz	ARM64 Linux	checksum
seer-cli-x86_64-unknown-linux-gnu.tar.xz	x64 Linux	checksum

v0.32.0

v0.32.0 — TUI POWER lenses now work

This release makes the interactive seer tui POWER-group lenses (introduced as a work-in-progress in v0.31.0) actually functional. Interactive testing surfaced that several panes never rendered and others lacked their inputs; this fixes the lot.

Fixed

• Render path (root cause): Diff, Bulk, and Follow panes never rendered in the live TUI — main_pane only dispatched lens renderers on a Loaded state, but these pane-driven lenses never fetch, so they were stuck on the generic "press / to look up" hint. They now render from pane state in every state.
• History: the TUI never recorded lookups (only the CLI did). It now records each lookup to ~/.seer/history.json, always re-reads on entry, and loads even with no target domain.

Added / improved

• Diff: always-visible A ⇄ B input bar with a live-typed buffer — e edits domain B, ↵ (re)runs the comparison.
• Bulk: type or paste your own domain list (space/comma/newline-separated, capped at 50); the hardcoded sample presets were removed. d edit · o op · r run · f file · e export CSV.
• Follow: the live DNS-monitor pane now displays (gauge + change log).
• Bracketed paste enabled so multi-line domain lists paste cleanly into the Diff/Bulk fields and the command line.

No seer-core API changes and no breaking changes — all engine logic already existed.

Install

cargo install seer-cli   # 0.32.0

Note: the rest of Seer (WHOIS/RDAP/DNS/SSL/status/propagation, CLI, REPL, API, MCP) is unchanged and stable; this release is TUI-focused.

v0.31.0 — Interactive TUI (work in progress)

🔮 New: seer tui — a full-screen interactive terminal UI

⚠️ The TUI is a work in progress. It's new and verified by tests/CI but not yet battle-tested in real interactive use — expect rough edges. The rest of Seer (CLI, library, REST API, MCP server) is stable and unchanged. Feedback and bug reports very welcome.

Launch with seer tui [domain] for a Catppuccin-Frappé, keyboard-first domain-intelligence cockpit. All 16 lenses are wired to live seer-core data, grouped:

• LOOKUP — Overview · WHOIS · RDAP (Domain / IP / ASN) · Reverse DNS · Availability · TLD Info
• DNS — Records (+ custom nameserver) · DNSSEC · Compare (two resolvers) · Propagation · Follow (live monitor)
• SECURITY — SSL / Cert · Status · Subdomains
• POWER — Diff · Bulk (streaming + CSV export) · Watchlist · History

Keyboard-first: j/k move · 1–9 jump · Tab nav⇄pane · [ ] sub-tabs · r raw output (json/yaml/markdown) · y copy (OSC52) · / look up · : command · ? help · :q quit. Plus in-pane switchers/fields and a : command bar (:rdap <domain|ip|AS####>, :diff <a> <b>, :compare <domain> <nsA> <nsB>, :reverse <ip>, :tld <.tld>).

Notes: Bulk uses a file-path field + built-in sample lists (a TUI has no native file dialog); clipboard copy uses OSC52, so it depends on terminal support (kitty / WezTerm / iTerm2 / tmux-configured).

Also in this release

• seer-core: check_watchlist is now Send/spawn-compatible (internal change enabling concurrent use from the TUI; behavior-preserving).
• CI: fixed the Security Audit job's token permissions on push to main.

Install / upgrade

cargo install seer-cli      # or: cargo install seer-cli --force

Full changelog: v0.30.0...v0.31.0

v0.30.0

Correctness + security release: fixes the zac.email / RDAP-only-TLD bug and lands all 8 high-severity findings from a full code review.

⚠️ Breaking changes

• DNSSEC status vocabulary (DnssecReport.status): secure/insecure → signed/unsigned. The check verifies DS↔DNSKEY digest consistency only (no RRSIG/signature validation), so the verdict no longer implies cryptographic authentication. Consumers keying on the old strings must update. (partial/misconfigured unchanged.)
• Error sanitization: API/MCP/Python error messages now collapse transport/network errors to category-only strings (no upstream hostnames/URLs/paths/raw system errors leak). Full detail is still logged internally via Display.

Fixed — registered domains on RDAP-only TLDs (#17)

seer lookup for domains on registries without port-43 WHOIS (Identity Digital: .email, .life, .ninja, …) returned nothing when RDAP was throttled or grace-truncated. It now reports REGISTERED from the DNS-delegation signal (method: dns_present) instead of an empty result.

Security & correctness (#18)

• SSRF: unified the reserved-IP blocklist on a single source of truth and added missing ranges (0.0.0.0/8, class-E 240/4, NAT64/6to4/IPv4-compatible/documentation); RDAP no longer follows redirects (IP-pin bypass); WHOIS connects to validated IPs (DNS-rebinding TOCTOU).
• DoS: fixed a remotely-triggerable panic in the WHOIS status parser (Unicode-lowercasing slice underflow).
• Injection: MdSafe now escapes the Markdown table delimiter |.
• Availability: a WHOIS response carrying registration data is never reported "available".
• CLI: --format json is honored on error paths (structured {"error": ...}).
• Plus owner-only (0600) history/watchlist files, UTF-8-lossy WHOIS decode, char-width header rules, and bounded follow iterations.

Still open

~14 lower-priority review findings (Rust refactors + the seer-api Python layer) remain for a follow-up.

🤖 Generated with Claude Code

v0.29.2

Availability detection now correctly identifies unregistered domains across far more registries, and RDAP rate‑limiting no longer breaks lookups.

Fixes

• RDAP 404 is authoritative "available" — fixes registries that block port‑43 WHOIS but publish RDAP (e.g. SWITCH .ch). The 404 signal is shared via crate::rdap::rdap_error_is_404.
• DNS NXDOMAIN safety net — when RDAP fails for a non‑404 reason (429, bootstrap miss) and WHOIS is thin/blocked, an apex with no DNS presence is reported as likely‑available (method: dns_nxdomain, medium confidence). Applied in both avail (probes WHOIS + DNS concurrently) and smart lookup.
• Broader WHOIS "not found" matching — whitespace‑normalized so tab‑delimited Status:\tAVAILABLE (.be) matches, plus hkirc "has not been registered" (.hk/.香港) and audited ccTLD phrasings: KazNIC .kz/.қаз, TWNIC .tw, CONAC .政务/.公益, .ls, .africa, and a generic "object not found".
• Bounded RDAP 429 backoff + Retry‑After — a real rate limit (e.g. the shared Identity Digital RDAP host hit by a bulk sweep) now backs off and clears, honoring Retry-After but capped (5s, 3 attempts) so a sticky limit falls through to the WHOIS/DNS fallback fast instead of hanging.

Registered domains are never flipped to available (the RDAP‑200 veto and concrete‑WHOIS‑data checks are preserved). A cross‑TLD audit confirmed the RDAP‑404 + DNS‑net combo generalizes across the whole TLD space.

Full diff: #15

v0.29.1

Maintenance release: a propagation determinism fix and a large internal refactor of the output formatters. No public API or wire-format changes.

Fixes

• Deterministic propagation consensus. Consensus selection (build_nameserver_consensus and analyze_results) previously resolved ties on HashMap iteration order, so an even split between two value sets could flip which servers were reported as inconsistent from run to run. Ties now break toward the lexicographically smallest value set, making output stable for identical input.

Internal

• Output formatters decomposed. The single-file human.rs (3843 lines) and markdown.rs (2054 lines) monoliths are split into output/human/ and output/markdown/ submodules — one file per concern (whois, rdap, dns, propagation, lookup, status, domain_info, diff) — mirroring the dns/propagation/ layout. Each mod.rs keeps the shared helpers and a thin impl OutputFormatter that delegates to per-submodule inherent methods. Behavior is identical; every resulting file is under 1k lines.

v0.29.0

Structural cleanup of the DNS propagation module: the 1k-line propagation.rs is split into the canonical seer module-folder layout, and NS-record-specific propagation data is consolidated behind a single Option<NameserverDetails> instead of leaking across three top-level fields and one per-ServerResult field.

Breaking changes

PropagationResult JSON shape changes for /propagation/* endpoints and the equivalent MCP / Python results. Three NS-only fields are replaced by one optional nameserver_details object; ServerResult no longer carries nameserver_ips.

Before (NS lookup)	After (NS lookup)
resolved_ips: { "ns1.example.com.": ["1.2.3.4"] }	nameserver_details.consensus: { "ns1.example.com.": ["1.2.3.4"] }
nameserver_inconsistencies: [ ... ]	nameserver_details.inconsistencies: [ ... ]
results[i].nameserver_ips: { ... }	nameserver_details.per_vantage[<server_ip>]: { ... }

Non-NS lookups omit nameserver_details from the serialized form entirely (was three empty collections on the wire).

What changed

• seer-core/src/dns/propagation.rs → propagation/{types,checker,analysis,servers}.rs: the 1096-line file is split into the canonical seer module layout used by whois/, rdap/, and dns/dnssec.rs. Largest resulting file is 411 lines.
• seer-core/src/dns/propagation/types.rs: new NameserverDetails { consensus, per_vantage, inconsistencies } struct holds all NS-specific propagation data behind a single optional field. ServerResult is now a pure generic shape.
• seer-core/src/dns/propagation/checker.rs: resolve_nameserver_details(&[ServerResult]) -> Option<NameserverDetails> is a pure transformation — no more &mut [ServerResult] borrow. query_server no longer initializes empty NS-only state on every result.
• seer-core/src/dns/propagation/analysis.rs: analyze_results returns an AnalysisOutcome struct (was a 4-tuple). build_nameserver_consensus / build_nameserver_inconsistencies take the per-vantage map as an explicit argument instead of reading from ServerResult.
• seer-core/src/output/grouping.rs (new): shared render_grouped helper consolidates the "group items by key, collapse subheader when one group" template that was duplicated across both human.rs and markdown.rs propagation sections.
• seer-core/src/output/{human,markdown}.rs: hoist let ns_details = result.nameserver_details.as_ref() once and use it for both the inconsistency block and the per-vantage IP lookup in the per-region results.

Health

cargo test --workspace: 467 unit tests + 18 doc-tests + 2 lib tests pass. cargo clippy --workspace -- -D warnings clean. cargo fmt --check clean. CI green on Format, Clippy, Check, Security Audit, and Test (ubuntu/macos/windows).

v0.27.0

Tag propagation consensus and inconsistencies with their record type (breaking change to the result shape).

Breaking changes

PropagationResult.consensus_values and PropagationResult.inconsistencies on /propagation/* and the equivalent MCP tool changed shape. API/MCP clients must update their deserialization.

• consensus_values was Vec<String> (e.g. ["1.2.3.4"]). It is now Vec<ConsensusValue> where each entry is {"type": "A", "value": "1.2.3.4"} so consumers no longer have to cross-reference record_type to know what kind of record a value represents.
• inconsistencies was Vec<String> of pre-formatted lines ("Quad9 (9.9.9.9): 5.6.7.8 vs consensus: 1.2.3.4"). It is now Vec<Inconsistency> where each entry is {"type": "A", "server_name": "Quad9", "server_ip": "9.9.9.9", "values": ["5.6.7.8"], "consensus": ["1.2.3.4"]}. The Display impl reproduces the old format (now [A]-tagged) for human-readable logs.

What changed

• seer-core/src/dns/propagation.rs: new ConsensusValue and Inconsistency structs (both Serialize/Deserialize/Display); analyze_results builds structured records and stops emitting synthetic "No servers responded" inconsistencies (that state is already represented by servers_responding == 0 and unreachable_servers).
• seer-core/src/output/human.rs: consensus values and inconsistencies are grouped by record type with the per-type subheader collapsed when only one type is present (the common case today). Three new tests lock in single-type, multi-type, and typed-inconsistency rendering.
• seer-core/src/output/markdown.rs: same grouping treatment so the human and markdown formatters tell the same story.

Health

458 unit tests pass; cargo clippy --workspace -- -D warnings and cargo fmt --all -- --check clean; CI green across Format, Clippy, Check, Security Audit, and Test on ubuntu/macos/windows.