Full-repo audit pass following feature completion (#14). The code came out clean overall; this release closes the cross-platform parity gaps the audit found, tunes three presets, and adds an automated test suite + CI.
Fixed
- Windows: profile-prefs leak repair now scrubs Beta / Nightly / Dev channels, not just Stable — the registry policy applies to every channel, so the leaked Shields exceptions land in all of them.
- Windows: importing a cross-platform config with
DnsMode: secure+DnsTemplatesno longer drops the resolver template; the template field also enables forsecure. - Linux / macOS: Flatpak Brave's profile (
~/.var/app/com.brave.Browser/config) is now covered by detection and prefs repair. (Verified: the Flathub manifest grantshost-etcaccess specifically to read/etc/brave/policies, so managed policies already worked under Flatpak.) - CLI: exit codes accumulate across
--reset/--import/--export, so an earlier failure is never masked by a later success. - macOS:
--resetand persistence-mode switches also remove the staged/tmp/slimbrave-neo-policy.mobileconfig. - Exports written under
sudoare handed back to the invoking user instead of being left root-owned. - Windows: launching the app no longer creates the HKLM policy key — it's created at Apply time; DNS dropdown order now matches the Linux/macOS TUIs.
- Dead-code cleanup in the Linux TUI (
ROW_CHANNEL) and a deadexceptaroundexpanduserin both Python scripts.
Changed — presets
- Balanced Privacy / Maximum Privacy:
ForceGoogleSafeSearchremoved — it's a content filter, not a privacy measure. It remains in Strict Parental Controls. - Maximum Privacy: DNS is now left unmanaged instead of force-disabling DoH. Plain DNS exposes every query to the ISP in cleartext; the README now explains the DoH-provider vs ISP trade-off so you can choose deliberately. Re-import the preset (or adjust the DNS row) if you relied on the old behavior.
- Performance Focused: now also disables P3A analytics and the daily stats ping (zero performance cost).
Added
- Test suite: 56 pytest cases exercising the pure policy logic of both Python scripts — policy building, import/export round-trips (including multi-value keys and the legacy array format), BOM-aware JSON reading,
--policy-filepath validation incl. symlink escapes, prefs-leak repair, and a preset ↔ feature-definition consistency check. - CI: GitHub Actions running pytest + ruff (Linux) and PSScriptAnalyzer (
SlimBrave.ps1) on every push and PR. - The user-facing scripts remain stdlib-only; test/lint tooling exists only in CI.
As always: source-only release — no binaries, no installers. Verify you're downloading from github.com/ChaoticSi1ence/SlimBrave-Neo (see SECURITY.md).
🤖 Generated with Claude Code