github Lexus2016/claude-code-studio v5.25.3
v5.25.3 — SSH Server Picker, Crash-Proof Storage, MCP Hardening
on GitHub

latest releases: v5.49.1, v5.49.0, v5.48.3...
one month ago

What's New in v5.25.3

SSH Server Picker — Type # to Attach

Type # in the chat input and a popup shows your configured SSH servers with instant search. Pick a host — it attaches as a chip, and Claude knows to run commands on that machine. No sidebar clicking, no context switching — just # and go.

Crash-Proof Storage

Auth data (data/auth.json, data/sessions-auth.json) is now written atomically — write to temp file, then rename. If the process crashes mid-write, you never end up with a corrupted file. Internal metadata is stripped before persisting.

MCP Protocol Hardening

All three built-in MCP servers (ask_user, notify_user, set_ui_state) received protocol-level improvements:

  • Initialization guardtools/list and tools/call are rejected before initialize completes
  • stdin buffer overflow protection — 10 MB limit prevents runaway memory on malformed input
  • Internal MCP tools are now hidden from the UI tool cards (no visual clutter)
  • Tool names use the correct mcp__<server>__<tool> format in allowedTools

Smarter Skill Selection

Auto-classified skills now merge into your existing selection instead of replacing it. If you manually pick security and the classifier adds api-designer, you get both — not just what the classifier chose.

Security Fixes

  • XSS prevention — image type attribute is now escaped in history render
  • CSS.escape for task IDs in chain progress card selectors — prevents selector injection
  • Download filename sanitization — special characters stripped to prevent path traversal
  • Auth path normalization — trailing slashes no longer bypass auth middleware
  • UI state validationmode, model, and agent values are validated before applying

Stability & Quality

  • AbortController GC leak fix — abort listeners properly removed on process close/error
  • Buffer overflow handling — complete lines are processed before discarding oversized buffer
  • Duplicate session ID preventiononSessionId fires only once per run
  • Paragraph breaks — proper spacing between text blocks separated by tool calls
  • Larger image preview — expanded from 320×260 to up to 900×700px
  • Markdown table fix — inline header splitting no longer corrupts lines starting with |
  • Null safety — context tokens and Telegram duration handle missing data gracefully

Install / Update: 

npx github:Lexus2016/claude-code-studio@latest
Check out latest releases or
releases around Lexus2016/claude-code-studio v5.25.3

Don't miss a new claude-code-studio release

NewReleases is sending notifications on new releases.

Get notifications