Skip to content
Sec-Gemini

Changelog

3.4.0

Section titled “3.4.0”

Added

Section titled “Added”
  • CLI: dfir subcommand -- Added dfir subcommand with --sqlite and --chronicle options to automatically spin up logs MCP servers on dynamically allocated private ports in a background subprocess.
  • CLI: Non-interactive options -- Added support for --skill and --mcp flags in non-interactive CLI mode.
  • CLI/TUI: --meta flag -- Support passing arbitrary metadata options to sessions via the --meta flag.
  • TUI: Error metrics buttons -- Added "Save Output" and "Save Trace" buttons on error messages in TUI.
  • SDK: Connect RPC 2.1 upgrade -- Upgraded RPC connections to support cursor streaming and caching.
  • SDK: Skill resource unification -- Unified local and remote skill access, parsing frontmatter YAML and exposing skills as standard resources.
  • MCP: Modular environment and network workstation tools -- Split the monolithic workstation tools into separate environment and network MCP servers.
  • MCP: Log pagination -- Added pagination and ordering parameters to the describe_available_logs tool.
  • BYOT: Concurrency and response chunking -- Refactored the BYOT client to execute jobs concurrently and chunk large responses.
  • BYOT: Observability and control enhancements -- Added informative runner outputs, data masking, graceful Ctrl+C shutdown, and listing of connected BYOT clients and their tools in the Web UI.
  • BYOT: Tunnel proxy support -- Added tunnel proxy configurations and strict TCP reachability validation.

Changed

Section titled “Changed”
  • SDK: Standardized host override environment variables -- Standardized environment variables for host overrides to SEC_GEMINI_API_HOST and SEC_GEMINI_BYOT_HUB_HOST.
  • SDK: Smarter session listing -- Optimized session queries with a default 6-hour time window and a limit of 100 sessions.
  • CLI: Switched message streaming mode -- Changed CLI message streaming to improve output reliability and real-time visibility.
  • BYOT: Standalone package deprecation -- Deprecated the legacy standalone sec-gemini-byot package, centralizing the BYOT client in the main SDK package.

Fixed

Section titled “Fixed”
  • SDK: Enforced API key headers for file upload -- Modified Python SDK to pass sec-gemini-api-key header metadata on UploadFile gRPC calls.
  • SDK: Expired auth keys reporting -- Improved error messages for expired keys across SDK and CLI components.
  • SDK: Session expiration handling -- Raise SessionNotFoundError and terminate message streaming when session expires.
  • CLI/TUI: Config precedence -- Resolved precedence issues between config files, CLI args, and environment variables when loading API keys.
  • CLI: TUI startup error handling -- Print TUI startup errors directly to console instead of exiting silently.
  • CLI: --mcp flag behavior -- Only override session MCPs when the --mcp option is explicitly provided.
  • TUI: Layout and text clipping -- Fixed clipping, rendering order, and text wrapping issues on message feeds.
  • TUI: Stream loop resiliency -- Fixed streaming recovery after stream_read_error and session creation race conditions.
  • TUI: Deferred/lazy session creation -- Fixed rendering and state bugs during deferred session creation.
  • BYOT: Resource leaks and event loop blocking -- Fixed BYOT background task leaks, keepalive ping intervals, and event loop blocks on reconnection.
  • BYOT: Connection hangs -- Resolved connection hangs in tool fetcher.
  • MCP: SecOps backend bugfix -- Fixed an issue in the SecOps MCP server where calling log search functions raised a "cannot pickle '_thread.RLock' object" error.
  • Moved DFIR tools to BYOT binary -- Fixed an issue where Sec-Gemini-MCP tools were being loaded for DFIR workflows.

3.3.0

Section titled “3.3.0”

Added

Section titled “Added”
  • CLI: --version flag -- Added --version flag to the main sec-gemini command to print the version from pyproject.toml.

-- CLI: -p / --prompt option -- Run Sec-Gemini in non-interactive mode.

-- CLI: --output option -- Useful to write the results to a file when in non-interactive mode.

  • TUI: skills panel in right sidebar -- Loaded skills now appear in a dedicated "skills" section in the right panel (between tasks and top tools), showing skill name, origin (sec-gemini/byot), and description. Skills no longer clutter the chat feed.

  • BYOT: --skill CLI flag -- Added support for loading local skill files (.md) in the standalone BYOT CLI. Skills are exposed as MCP resources, allowing the cloud agent to discover and use them. Mirroring existing Backend.start_byot functionality.

  • TUI: renamed sec-gemini2 to sec-gemini -- The main CLI and terminal UI are now accessible via the shorter sec-gemini command.

  • TUI: add fast mode -- Add the ability to select "fast mode" at session creation time in the TUI, which makes SecGemini use a faster harness.

  • BYOT: integrated into sec-gemini package -- The Bring Your Own Tool client is now part of the core SDK and available via sec-gemini-byot.

  • Server: proper SKILL_LOADED messages -- Improved display of loaded skills in the message stream, reducing clutter.

  • MCP: list_session_mcp_servers now includes skills -- The response was previously missing the skills array from MCP server info.

Changed

Section titled “Changed”
  • CLI: extracted from TUI -- Moved cli.py and commands/ directory from sec_gemini/tui2 to a new sec_gemini/cli package. The main entry point sec-gemini now points to sec_gemini.cli.cli:cli.
  • CLI: cleaner --mode handling -- Updated --mode to use click.Choice(["dfir"]) with None default, mapping to "" internally for cleaner help output.
  • CLI: updated help text -- Removed "TUI v2" from the main help description to reflect that it is now the main CLI.

Removed

Section titled “Removed”
  • CLI: stub subcommands -- Removed model and sessions subcommands as they were stubs.
  • CLI: --skills alias -- Removed --skills alias, leaving only --skill.

3.2.0

Section titled “3.2.0”

Added

Section titled “Added”

  • Centralized logging module -- Moved sec_gemini/tui2/logging.py to sec_gemini/logging.py so all components (TUI, MCP server, BYOT CLI) share the same structured JSON logging infrastructure. Fixed _KwargsAdapter to store structured fields safely, avoiding LogRecord attribute collisions (e.g. name=).

  • BYOT: setup_byot_logging() -- New convenience function for the standalone BYOT CLI. Writes rotating JSON to ~/.config/sec-gemini/logs/byot.log plus colored console output via Rich. Added --verbose CLI flag.

  • BYOT: dedicated log file -- MCP server now writes BYOT logs to a separate byot.log via a namespace handler on secgemini.byot, in addition to mcp.log via the root logger.

  • MCP: BYOT observability tools -- Added 3 new Layer 1 tools: get_byot_status (state, tools, hub URL, uptime, errors), list_byot_tools (focused tool listing), reload_byot (stop + restart with refreshed config). Added 2 debug tools: byot_log and byot_log_grep for inspecting BYOT logs.

  • MCP: mcp_reload sends ToolListChangedNotification -- After re-registering tools, the client is notified so it re-fetches the tool list. New tools appear immediately without a server reconnect.

  • MCP: mcp_reload covers BYOT and tools modules -- Added sec_gemini.byot.* and sec_gemini.tools.* to the reload list so BYOT code changes take effect without restarting the MCP server.

  • BYOT: structured logging -- Converted byot/service.py and byot/client.py to use get_logger() with structured kwargs (tool_count=, hub_url=, job_id=) instead of %s formatting.

  • BYOT: better auth error reporting -- Hub registration rejection now logs registration_rejected with hub URL and key prefix, and raises a more descriptive error message.

  • MCP: TUI lifecycle tools -- Added tui_start, tui_stop, tui_status debug tools that launch/manage the TUI as a headless subprocess. Enables autonomous TUI debugging from Claude Code without manual terminal setup.

  • TUI: debug socket server -- New DebugServer in tui2/debug_server.py exposes a Unix domain socket (~/.config/sec-gemini/debug.sock) when --debug is passed. Accepts JSON commands for screen inspection, widget queries, clicks, keypresses, and state dumps.

  • TUI: --debug and --headless CLI flags -- sec-gemini run --debug starts the debug socket server; --headless runs without a terminal for MCP-managed sessions.

  • sec_gemini/backoff.py -- ExponentialBackoff utility with full jitter for use in reconnection and retry logic.

  • 30 new unit tests covering dispatch routing, error handling, reconnection backoff, retry behavior, and session state management.

Fixed

Section titled “Fixed”

  • TUI: stream loop stops after terminal state -- The message stream loop no longer re-subscribes every 30s after a session reaches COMPLETED, FAILED, CANCELED, or MAX_ATTEMPTS_EXCEEDED. Previously this caused the server to replay the entire message history indefinitely. The session VM now tracks status changes via a callback and sets COMPLETED on AGENT_IS_DONE receipt.

  • BYOT: idempotent start -- start_byot() returns current tools when BYOT is already running instead of raising an error. Fixes the "BYOT already created" toast when creating a second session.

  • BYOT: hot-reload resilience -- MCP status tools (get_byot_status, list_byot_tools) access raw service attributes to survive Pydantic class identity mismatches after mcp_reload(). ByotService.status() also converts tools to dicts before constructing ByotStatus.

  • Sessions: sorted newest-first -- list_sessions() now returns sessions sorted by created_at descending in both the Backend and MCP tool layer.

  • MCP: mcp_reload now re-registers tools -- Previously only reloaded modules without updating the registered tool closures. Now calls register_all_tools() and register_debug_tools() after reload so code changes take effect without restarting the MCP server.

  • MCP: TUI inspection tools use IPC -- tui_screenshot, tui_get_screen, tui_query, tui_click, tui_type, tui_press, tui_get_state now communicate via the debug Unix socket instead of requiring an in-process app reference that was never set in standalone mode.

  • MCP: stale debug socket cleanup -- tui_stop and MCP lifespan shutdown now remove the debug socket file to prevent stale socket issues.

  • Session: get() reuses cached sessions -- ClientSessions.get() now returns the existing tracked session instead of always creating a fresh one, which was clobbering accumulated state (status, name, created_at).

  • Session: server-assigned names applied from stream -- Added Session.handle_streamed_message() to pick up MESSAGE_TYPE_SESSION_NAME from server. SessionMessages now holds a reference to its parent Session and calls the handler before yielding messages.

  • Session: state reconciliation after reconnection -- Added reconnect callback mechanism to RpcClient. ClientSessions registers _reconcile_state at bind time, calling list() after reconnection to resync all session state from the server.

  • Connection: improved message routing reliability -- Message routing now uses strict request ID matching, ensuring reliable delivery and preventing misrouting or silent drops.

  • Connection: exponential backoff on reconnection -- Replaced fixed 0.2s/1.0s reconnection delays with exponential backoff using full jitter (base=0.5s, max=30s, multiplier=2x). Prevents connection storms and server-side rate limiting during network instability.

  • Session: log warning on invalid status -- update_from_event now logs a warning when it receives an unrecognized status string, instead of silently swallowing the ValueError.

  • Session: handle name and created_at from events -- update_from_event now updates _name and _created_at when those fields are present in the event dict.

  • ClientSessions: handle session_not_found -- _handle_server_message now handles session_not_found events by removing stale sessions from the local cache and logging a warning.

  • ClientSessions: log unknown session state changes -- State change events for sessions not in the local registry now emit a debug log instead of being silently ignored.