v0.5.0

v0.5.0

Added

• Tool Annotations: Tools now expose MCP-standard behavior hints (readOnlyHint, destructiveHint, idempotentHint, openWorldHint) that clients use to determine when to prompt users for permission
  • eval-elisp: destructive, non-idempotent, open-world
  • get-diagnostics: read-only, idempotent, closed-world

Changed

• Security model improvements:
  • Dangerous functions blocklist is now always enforced, even when Emacs-side prompting is disabled
  • Clear error messages when blocked functions are called, explaining how to allow them
  • mcp-server-security-prompt-for-permissions now defaults to nil (block dangerous ops silently instead of prompting)
• JSON boolean convention: Standardized on :false for JSON false values (:json-false is now banned)

Fixed

• JSON serialization of tool annotations now correctly outputs boolean false instead of the string ":json-false"

Documentation

• Added JSON Boolean Values convention to CLAUDE.md (:json-false is banned, use :false)
• Added version bumping instructions
• Updated security model documentation to reflect two-layer permission system

Full Changelog: v0.4.0...v0.5.0

v0.4.0

What's Changed

• refactor(tools): Modularize tool system with self-registering plugins by @rhblind in #6
• Redesigned tool registration
• New tool get-diagnostics that allows the LLM to read flycheck/flymake diagnostics directly
• Code cleanup

Full Changelog: v0.3.0...v0.4.0