Changelog
Every release of Verscout, with the features, improvements, and fixes that shipped.
2.2.13.0
2026-06-06Changed
- (auto-generated from commits; edit for release notes before shipping)
- pm: auto-fix Verscout Desktop (grade A, score 98)
- docs(verscout): add first two ADRs — Keychain ACL and WKWebView state
- pm: auto-fix Verscout Desktop (grade A, score 98)
- fix(test): make resolved-app-path launch test environment-independent
- chore(verscout): close stale P1 git-hygiene TODO, log session end
- pm: auto-fix Verscout Desktop (grade A, score 100)
- pm: auto-fix Verscout Desktop (grade A, score 100)
- pm: auto-fix Verscout Desktop (grade A, score 100)
- pm: auto-fix Verscout Desktop (grade B, score 81)
- pm: auto-fix Verscout Desktop (grade A, score 100)
2.2.12.0
2026-06-05Changed
- (auto-generated from commits; edit for release notes before shipping)
- pm: auto-fix Verscout Desktop (grade A, score 96)
- fix: write visual screenshot to baseline_dir to avoid temp-dir race
- pm: auto-fix Verscout Desktop (grade B, score 85)
- pm: auto-fix Verscout Desktop (grade B, score 81)
- chore: gitignore .build-fingerprint to stop git_hygiene failures
- chore: update build fingerprint after PM auto-fix runs
- fix: write visual diff current screenshot to temp dir, not visual_baselines/
- pm: auto-fix Verscout Desktop (grade B, score 81)
- pm: auto-fix Verscout Desktop (grade B, score 81)
- pm: auto-fix Verscout Desktop (grade A, score 100)
2.2.11.0
2026-06-03Changed
- (auto-generated from commits; edit for release notes before shipping)
- pm: auto-fix Verscout Desktop (grade A, score 98)
- pm: auto-fix Verscout Desktop (grade A, score 98)
- pm: auto-fix Verscout Desktop (grade A, score 98)
- pm: auto-fix Verscout Desktop (grade A, score 98)
- pm: auto-fix Verscout Desktop (grade A, score 98)
- fix(pm): add lint/codewatch to --quick pipeline (UNIVERSAL_PATTERNS compliance)
- pm: auto-fix Verscout Desktop (grade A, score 99)
- pm: auto-fix Verscout Desktop (grade A, score 99)
- fix(ci): fix isort import order in capabilities_resolve.py
- pm: auto-fix Verscout Desktop (grade A, score 99)
2.2.10.0
2026-06-02Changed
- (auto-generated from commits; edit for release notes before shipping)
- test: add TestWatch gap tests for ChangelogEntry, ChangelogSection, stage_capabilitywatch, stage_issuewatch
- fix: detect iOS apps with incompatible version schemes as outdated
- fix: Open App Store button now works — WKWebView swallows macappstore:// URLs
- fix: cold-read audit — 2 bugs + 2 stale tests + 2 PM invariants
- docs: mark update-system-overhaul spec as Shipped
- refactor: Phase 6 — deduplicate shared constants into server_update_constants.py
- refactor: Phase 5 — collapse exec() shard architecture in update worker
- fix: Phase 4 — Sparkle apps without a download URL no longer show as auto-updatable
- fix: Phase 3 — version-db/scraped strategy routes to Visit Website not Search Online
- fix: Phase 2 — remove source guard from OPEN_APP_ONLY_APPS
2.2.9.0
2026-06-01Changed
- (auto-generated from commits; edit for release notes before shipping)
- pm: auto-fix Verscout Desktop (grade A, score 100)
- audit(9-dim): cold-read fixes — DMG recursive search, path sanitizer, coverage gaps
- chore(todo): close Codex-injected CEO-AUDIT items from stale May-5 audit
- fix: Open App Store / Open App buttons for manual section + post-install rollback
- pm: auto-fix Verscout Desktop (grade A, score 92)
- fix(ui): block scan result refresh from resetting dashboard during active update
- fix(electron): exclude componments/components URLs from app download selection
- fix: Warp stable_ version mismatch + Sidify nested .app discovery
- fix(pm): raise CPU threshold to 150% for Verscout runtime monitor
- docs: add missing changelog entries 2.2.2-2.2.5 + auto-generate CHANGELOG in release pipeline
2.2.8.0
2026-05-31Changed
- (auto-generated from commits; edit for release notes before shipping)
- pm: auto-fix Verscout Desktop (grade A, score 100)
- audit(9-dim): cold-read fixes — DMG recursive search, path sanitizer, coverage gaps
- chore(todo): close Codex-injected CEO-AUDIT items from stale May-5 audit
- fix: Open App Store / Open App buttons for manual section + post-install rollback
- pm: auto-fix Verscout Desktop (grade A, score 92)
- fix(ui): block scan result refresh from resetting dashboard during active update
- fix(electron): exclude componments/components URLs from app download selection
- fix: Warp stable_ version mismatch + Sidify nested .app discovery
- fix(pm): raise CPU threshold to 150% for Verscout runtime monitor
- docs: add missing changelog entries 2.2.2-2.2.5 + auto-generate CHANGELOG in release pipeline
2.2.7.0
2026-05-31Changed
- (auto-generated from commits; edit for release notes before shipping)
- chore(todo): close Codex-injected CEO-AUDIT items from stale May-5 audit
- fix: Open App Store / Open App buttons for manual section + post-install rollback
- pm: auto-fix Verscout Desktop (grade A, score 92)
- fix(ui): block scan result refresh from resetting dashboard during active update
- fix(electron): exclude componments/components URLs from app download selection
- fix: Warp stable_ version mismatch + Sidify nested .app discovery
- fix(pm): raise CPU threshold to 150% for Verscout runtime monitor
- docs: add missing changelog entries 2.2.2-2.2.5 + auto-generate CHANGELOG in release pipeline
- pm: auto-fix Verscout Desktop (grade A, score 100)
- fleet-audit 2026-05-30: fix verscout PM risk telemetry and theme persistence
2.2.6.0
2026-05-31Changed
- (auto-generated from commits; edit for release notes before shipping)
- fix(ui): block scan result refresh from resetting dashboard during active update
- fix(electron): exclude componments/components URLs from app download selection
- fix: Warp stable_ version mismatch + Sidify nested .app discovery
- fix(pm): raise CPU threshold to 150% for Verscout runtime monitor
- docs: add missing changelog entries 2.2.2-2.2.5 + auto-generate CHANGELOG in release pipeline
- pm: auto-fix Verscout Desktop (grade A, score 100)
- fleet-audit 2026-05-30: fix verscout PM risk telemetry and theme persistence
- pm: auto-fix Verscout Desktop (grade A, score 100)
- pm: auto-fix Verscout Desktop (grade A, score 100)
- pm: auto-fix Verscout Desktop (grade A, score 100)
2.2.5.0
2026-05-302.2.4.0
2026-05-30Fixed
- Release pipeline: published DMG files now correctly upload to remote CDN (previously uploaded to local development R2 bucket — some "released" versions may not have been reachable)
- Keychain ACL checks scoped to Verscout-owned entries only
2.2.3.0
2026-05-262.2.2.0
2026-05-25Fixed
- Electron app updates: ZIP extraction now preserves symlinks (fixes apps that failed to launch after update)
- Homebrew Cask recovery: handles stale caskroom directories gracefully (prevents "App source not found" errors)
- Security: updated qs to ≥6.15.2 (GHSA-q8mj-m7cp-5q26)
2.2.0
2026-04-23New
- **Onboarding Wizard** — 4-step first-run experience: welcome, source selection, permissions/scheduling, and "Start Scanning" completion
- **Multi-Select & Bulk Actions** — checkbox selection on individual packages, Select All toggle, floating action bar with "Update Selected" and clear
- **Open at Login** — LaunchAgent-based toggle in Settings to start Verscout automatically on macOS login
- **Custom App Discovery Locations** — add folders beyond /Applications for scanning (Settings > Locations)
- **Beta/Pre-release Toggle** — opt in to beta versions from GitHub releases and Sparkle appcast beta channels (Settings > Updates)
- **Proxy Support** — system, manual (HTTP/HTTPS/SOCKS5), or no-proxy modes with per-field configuration (Settings > Proxy)
- **Bundle ID Collision Registry** — detects apps sharing bundle IDs (e.g., Electron forks) and resolves aliases for apps that change identifiers across versions
- **Team ID Verification on Downloads** — extracts and compares Apple Team IDs between installed and downloaded app versions; warns on mismatch (possible supply-chain attack)
- **Malware/Adware Blocklist** — integrates Apple XProtect definitions and a cloud-synced blocklist; blocked apps flagged with red badges and excluded from Update All
- **Acknowledgements Page** — credits Homebrew, Sparkle, MAS CLI, and other open-source dependencies
Improved
- macOS compatibility filtering now walks Sparkle feeds and Cask `depends_on.macos` to find the newest version that runs on your macOS — incompatible updates shown with amber badges instead of offered for install
- Sparkle pre-release items (beta channels and version-string patterns) are now filtered unless the pre-release toggle is on
- Network pre-flight check uses 3 DNS hosts instead of 1 — transient DNS failure no longer blocks all updates
- Menu bar "Scan Now" uses `evaluateJavaScript` instead of reloading WKWebView, preserving dashboard state
- Update All timeout scales by package count (10–90 min) instead of fixed 5 minutes
- Dashboard asset cache-busting uses startup timestamp — no more stale WKWebView JS after source edits
- Gzip response middleware reads the body once instead of three times, halving memory allocation for large scan results
- Process info endpoint caches `ps aux` output for 2 seconds, eliminating redundant syscalls when viewing multiple package details
- Activity log endpoint now holds the shared file lock, preventing TOCTOU with concurrent log writes
- Scan cache write/load errors now log at WARNING for disk-full or permission failures instead of silent DEBUG
- CLI casks (e.g., claude-code) no longer falsely flagged as orphaned — caskroom directory check added
- Badge and skip-button overlap resolved — switched from absolute to inline flex layout
- Suppress/ignore/skip actions use CSRF-aware `postAction()` instead of raw fetch
- Source validation hardened with `_SAFE_SOURCE_RE` regex whitelist
- Command whitelist in update worker prevents cache-poisoning vector
- AppleScript path sanitization guard now runs before escaping and blocks backtick characters
- Rate limiting enforced on `/api/launch-app` and `/api/open-folder` endpoints
- Duplicate `json` import removed from export route handler
- 14 `console.debug` statements removed from production JS
- Stale `.pyc` files for deleted modules cleaned up
- 120+ additional code quality fixes: null guards, empty-catch handlers, f-string logger arguments, plistlib performance, request.json standardization, CSS variable usage, and WCAG labels
Fixed
- "Update All" button showed stale count — fingerprint-based polling now detects enrichment completion
- Sidify download URL double-encoding — absolute URLs in Electron feeds no longer re-encoded
- Multi-source download fallback — all sources (Sparkle, Electron, GitHub) tried in sequence instead of stopping at first failure
- Lasso false positive — Repology blocklist check added to web scraping path
- Onboarding "Scan Now" called undefined `runScan()` — fixed to `startScan()`
- Double window open on activation — debounce added to AppKit observer
- Stats disk usage empty — `compute_disk_usage()` now includes pre-enriched `size_bytes`
- Constrained text overflow — name column truncates with ellipsis
- Marketing download button empty href — `release-content.ts` fallback added
- Web SaaS webhook_events missing GRANT — dedup was broken
2.1.0
2026-04-01New
- **macOS Notifications** — scan completion, security alerts, and auto-update results now post native notifications
- **Security Vulnerability Alerts** — immediate notification when packages have known CVEs
- **Auto-Update Notifications** — confirmation when packages are updated automatically
Improved
- Scheduler passes settings context to auto-update flow for notification preferences
- Notification text includes correct singular/plural grammar
2.0.0
2026-03-31New
- **Trust & Safety Checks** — code signing verification, revoked certificate detection, XProtect blocklist matching
- **Compatibility Warnings** — flags updates that drop Intel support or require newer macOS
- **Duplicate Resolution** — finds apps installed via multiple sources and recommends which to keep
- **Deep Find Scanner** — discovers JDKs, CLI tools, pref panes, frameworks, drivers, launch items, kernel/system extensions, and browser add-ons
- **Tool Registry** — browse and search the full Homebrew Cask + Formulae catalog from within the app
- **App Catalog** — discover new apps with curated categories and one-click install
- **Version Database** — cloud-backed version intelligence for 5,500+ apps
- **Analytics Dashboard** — update trends, staleness metrics, and disk usage analysis
- **iCloud Sync** — sync settings, pins, and schedules across Macs
- **Menu Bar Packaging** — new sidebar for cleaner navigation and more screen real estate
Improved
- Scan engine rewritten: 12 sources (Brew, Cask, pip, npm, App Store, Setapp, Adobe, Microsoft, JetBrains, iOS App, System, Standalone)
- Conflict resolution for packages available from multiple managers
- Brew-to-pip and pip-to-brew migration suggestions
- Enhanced error messages with actionable troubleshooting steps
- CSRF protection on all mutation endpoints
- CSP, X-Frame-Options, and other security headers on responses
1.5.0
2026-02-15New
- **Standalone Update Engine** — direct downloads for apps not managed by any package manager
- **Sparkle Feed Support** — read update info from in-app Sparkle/Squirrel feeds
- **GitHub Release Tracking** — version checks against GitHub releases for open-source apps
- **Web Scraping Fallback** — homepage and changelog page scraping for version detection
Improved
- Scan speed improved 3x with parallel source checks
- Better handling of apps with non-standard bundle IDs
- Reduced false positives for App Store apps with pending updates
1.0.0
2026-01-10New
- Initial release
- Homebrew Brew + Cask scanning
- pip and npm package scanning
- App Store update detection
- One-click update for Brew/Cask/pip/npm packages
- Batch update with progress tracking
- Pin versions to skip specific updates
- Schedule automatic scans (hourly, daily, weekly)
- Light and dark theme support
- Local-first architecture — no data collection, no accounts required