Changelog

CLI and server release history — GitHub Releases

v1.2.0 Latest
April 2026
Open-source self-hosted release. MIT license. Docker Compose deployment. Monorepo consolidation. tunnl.sh becomes a static product site.
  • New: Docker Compose deployment for the server stack (tunnl-server + PostgreSQL + Caddy)
  • New: .env.example with all configuration documented
  • New: Self-hosted install guide at tunnl.sh/docs/install.html
  • New: GHCR Docker image: ghcr.io/sqoia-dev/tunnl-server
  • Changed: All development consolidated into a single monorepo at github.com/sqoia-dev/tunnl. Server at cmd/server/, CLI at cmd/tunnl/, protocol at internal/protocol/. Old repos (tunnl.sh-server, tunnl.sh-cli, tunnl.sh-protocol) are archived.
  • Changed: MIT license applied to both server and CLI
  • Changed: tunnl.sh domain now serves a static product site (previously the Go API only)
  • Changed: tunnl login --server <url> required on first login (previously defaulted to tunnl.sh hosted service)
v1.1.0
March 2, 2026
MCP server for AI coding agents: connect Claude Code, Cursor, and Copilot Agent Mode directly to your tunnels.
  • New: tunnl mcp — starts a Model Context Protocol server for AI coding agents
  • 8 MCP tools: list_tunnels, get_tunnel, list_requests, get_request_detail, replay_request, get_replay_diff, export_curl, get_tunnel_stats
  • New: stdio transport — reads credentials from ~/.tunnl/config.json or TUNNL_TOKEN env var
  • Works with: Claude Desktop, Claude Code, and Cursor out of the box
v1.0.4
March 1, 2026
Bug fixes for HTTP/2 fallback and self-updater.
  • Fixed: HTTP/2 requests that fall back to HTTP/1.1 now correctly reset the request body before retry
  • Fixed: tunnl update download capped at 50 MB to prevent corrupted or malicious oversized binaries
v1.0.3
February 28, 2026
Security fixes for TLS verification and self-updater reliability.
  • Security (P0): Removed InsecureSkipVerify from the WebSocket dialer — tunnels now always verify the server certificate
  • Security (P0): Removed InsecureSkipVerify from the auto-updater — update downloads now verify TLS certificates
  • Fixed: Data race on reconnect flag resolved using atomic.Bool — eliminates a potential crash under concurrent reconnect pressure
  • Fixed: tunnl update now executes the downloaded binary to verify it runs before replacing the current binary
v1.0.2
February 28, 2026
Bug fix for tunnl inspect detail pane.
  • Fixed: Detail pane now correctly updates when selecting a request with Enter, arrow keys, or j/k navigation
v1.0.1
February 28, 2026
Bug fixes for tunnl inspect TUI.
  • Fixed: tunnl inspect now correctly loads and displays request details when pressing Enter (wire format mismatch with server API)
  • Fixed: Replay (r) now works and shows confirmation in the status bar
  • Fixed: Export (e) no longer errors when no request is selected
v1.0.0
February 28, 2026
First major release with secure tunnels, request inspector, webhook replay, HTTP/2 and streaming support, and cross-platform binaries.
  • Secure tunnels — expose any local port to the internet via tunnl --port 3000
  • Auto-reconnect — exponential backoff on connection drops
  • Cross-platform — single static binary for Linux (x86_64, ARM64), macOS (Intel, Apple Silicon), Windows (x86_64)
  • Request inspector — every request logged with full headers, body, and response in PostgreSQL
  • TUI inspectortunnl inspect launches an interactive split-pane terminal UI with live updates, filtering, and curl export
  • Webhook replay — replay any captured request with one click from dashboard or TUI
  • HTTP/2 tunneling — multiplexed HTTP/2 requests work through the tunnel
  • HTTP streaming — SSE, chunked transfer, large responses stream in real time with per-chunk ACK back-pressure
  • WebSocket passthrough — WebSocket connections to the tunnel subdomain are proxied to localhost
  • Multi-tunnel config — define all tunnels in ~/.tunnl/tunnels.yml and launch with tunnl start
  • API keys — create persistent tk_ tokens for CI/CD and automation
  • Background servicetunnl service install runs as a systemd service on Linux
  • Self-updatingtunnl update checks and updates in place with SHA256 verification
  • Device flow authtunnl login --device for headless and remote environments (RFC 8628)
  • Known issue: macOS binaries are unsigned pending Apple notarization