Release v0.4.0

Released: 2026-01-06

This release adds the droidmind-client CLI for server introspection, introduces shared intent functionality, significantly strengthens shell command security validation, and upgrades the MCP SDK to version 1.25.0.

🌟 Highlights

✨ DroidMind Client CLI

New droidmind-client command-line tool for introspecting running DroidMind servers. The list-tools subcommand queries available MCP tools from an SSE server and outputs JSON, supporting sse://, sses://, http://, and https:// URL schemes. Useful for verifying server connectivity and discovering tool capabilities.

🔒️ Hardened Shell Command Security

Complete refactor of assess_command_risk() and validate_shell_command() in droidmind/security.py to properly parse chained commands (&&, ;, ||, |). Previously, chained segments were not validated individually, allowing dangerous commands like echo ok && rm -rf / to pass. Now each segment is validated, and rm is added to the disallowed commands list. Added restricted support for uiautomator dump with path validation.

🚀 Intent Support Across Tools

New shared start_intent() helper in droidmind/tools/intents.py enables starting activities with extras from both android-app and android-ui tools. The android-app tool gains a START_INTENT action with support for intent extras, while android-ui now delegates to the shared implementation for consistent behavior.

⬆️ MCP SDK Upgrade to 1.25.0

Upgraded mcp[cli] from 1.8.1 to 1.25.0, bringing compatibility improvements and new features. Python is now constrained to >=3.13,<3.14 due to transitive dependency requirements (PyO3/pydantic-core). The FastMCP initialization now uses the instructions parameter, and stdio_server import moved to module level.

🔧 App Management Improvements

• Enhanced list_packages — New parameters include_app_name (human-friendly labels via dumpsys), include_apk_path toggle, and max_packages limit with pagination notes for large package lists
• START_INTENT action — Start activities with explicit package, activity, and optional extras dictionary via android-app tool
• Shared device helper — New droidmind/tools/common.py with get_connected_device() for consistent device connection handling across tools

🔒️ Security Enhancements

• Chained command validation — validate_shell_command() now parses &&, ;, ||, and | operators and validates each segment independently
• rm blocked — Added rm to DISALLOWED_SHELL_COMMANDS to prevent accidental or malicious file deletion
• uiautomator restrictions — Only uiautomator dump is allowed, with output paths restricted to /sdcard/ or /data/local/tmp/ and no path traversal (..)
• New security tests — Added tests/test_security.py covering chained command detection, uiautomator restrictions, and risk assessment edge cases

Release v0.3.1

DroidMind 0.3.1 is a major release that significantly enhances the project's architecture, user experience, and feature set. This release includes a comprehensive documentation framework, unified tool interfaces, improved error handling, and enhanced security features. The project now offers a more maintainable codebase with better organization and consistent API design.

✨ Highlights

📝 Comprehensive Documentation

Added extensive MkDocs-based documentation with detailed user guides, reference materials, and examples to make DroidMind more accessible to new users.

♻️ Unified Tool Interfaces

Refactored all tool modules into consistent, action-based interfaces that provide a more intuitive and maintainable API for developers and AI assistants.

🔒️ Enhanced Security Framework

Implemented a robust security system with risk categorization, command sanitization, and path protection to ensure safe device operations.

🐳 Docker Support

Added containerized deployment with multi-stage builds for smaller image size and flexible transport mode support.

✨ New Features

• Added comprehensive MkDocs documentation framework with detailed user guides and reference materials
• Added Docker support for containerized deployment with multi-stage build for smaller image size
• Implemented advanced diagnostic tools for bug reports and heap dumps
• Added UI automation tools for device interaction (tap, swipe, input_text, press_key, start_intent)
• Added comprehensive security framework with risk categorization and command sanitization
• Added file logging capabilities with automatic directory creation
• Added 'monkey' command to allowed shell commands list for UI/application stress testing (#4)
• Added 8 new diagnostic prompts for device analysis and troubleshooting

♻️ Refactoring

• Refactored all tool modules (app, device, UI, log, diagnostics, file) into unified operations with action parameters
• Moved app manifest functionality from resources to app_management package
• Moved logging functionality from resources to tools package
• Moved device info code from resources to tools package
• Refactored screenshot capture with improved file handling and random filenames
• Refactored bug report handling for better code organization with dedicated helper methods
• Migrated from mypy to pyright for type checking with better starlette type support

🔧 Improvements

• Enhanced CI/CD workflow with improved structure, documentation build, and Docker image publishing
• Added development scripts for project maintenance (lint.py and release.py)
• Updated dependencies to latest versions for better compatibility and features
• Added project branding with new logo and enhanced visual identity
• Changed default port from 6463 to 4256 (h.a.l.o) for better consistency (#3)
• Standardized Android tool naming to android- prefix for consistency

🐛 Bug Fixes

• Fixed release workflow issues and simplified the release process
• Fixed serial decoding in device queries for better TCP/IP device handling
• Improved screenshot security with temporary hidden filenames and timestamps
• Enhanced error handling and output management across the ADB stack

📝 Documentation

• Added online documentation badge to README for better discoverability
• Added comprehensive source code documentation with full type annotations
• Updated app management documentation with new app info tools

🔧 Upgrade Notes

• Tool naming has been standardized with android- prefix (e.g., android-app, android-ui, android-diag)
• Default server port has changed from 6463 to 4256
• Type checking now uses pyright instead of mypy

📊 Metrics

• Total Commits: 81
• Files Changed: 422
• Insertions: 45254
• Deletions: 31525

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Full Changelog: https://github.com/hyperb1iss/droidmind/commits/v0.3.1