github msitarzewski/brew-browser v0.2.1
brew-browser v0.2.1

latest releases: v0.6.0, v0.5.1, v0.5.0...
one month ago

brew-browser v0.2.1

Hotfix on top of v0.2.0 — addresses three GitHub-auth issues users hit immediately, plus a few quality-of-life touches.

Fixes

macOS Keychain prompt on every launch

v0.2.0 eagerly probed the Keychain on app start to know whether you were signed in to GitHub. macOS treats a new binary signature as a new app for ACL purposes, so fresh installs of v0.2.0 fired the "brew-browser wants to use your confidential information stored in dev.openbrew.browser" prompt on every launch — even users who'd never touched a GitHub feature.

v0.2.1 makes the Keychain probe lazy: the OS prompt only fires when you actually click Star / Watch / File-issue, or open Settings → GitHub. If you never use a GitHub feature, the Keychain is never touched, and the prompt never fires. When it does fire, it's contextual — you're about to use the token, the prompt is meaningful.

GitHub auth toast bugs

  • "Signed in as @github user." — the post-sign-in success toast was reading status.username before the username had been fetched. Fixed: status loads before signinState flips to approved.
  • Stack of duplicate "Signed in to GitHub" toasts — the toast effect re-ran on every status hydration. Fixed: untrack() wrapping in the Svelte 5 effect so it's pinned to one toast per real state transition.

Star / Watch / File-issue worked correctly when authed

v0.2.0 bounced authenticated users to Settings → GitHub instead of running the action. This is the same root cause as the Keychain prompt — fixed in the same patch (lazy probe in requireGithubSignIn).

Small things

  • Real screenshots — the README and landing page now show actual product UI (Dashboard light/dark + Services). Landing's hero <picture> uses prefers-color-scheme so visitors see the screenshot matching their system theme.
  • Accurate build credit — "Powered by Anthropic's Claude Opus 4.7 and the Claude Agent SDK" → "Powered by Claude Code in the terminal, running Opus 4.7 [1m]." Claude Code is the runtime (this CLI), Opus 4.7 [1m] is the model.
  • gitleaks allowlist — added .gitleaks.toml allowlisting the public OAuth Device Flow client_id. Per RFC 8628 §3.1, Device Flow client_ids aren't credentials; the false-positive flag was the only thing gitleaks caught.

Security audit re-run

Full tool battery passed against the v0.2.0/v0.2.1 surface:

Tool Result
cargo audit 0 vulnerabilities
cargo deny check advisories ok, bans ok, licenses ok, sources ok
npm audit --omit=dev 0 vulnerabilities
semgrep (security-audit + OWASP-10 + Rust + TS, 113 rules, 104 targets) 0 findings
gitleaks 0 leaks (after allowlist)

Verdict: READY-FOR-SCRUTINY preserved. Full breakdown in memory-bank/security.md §14.

Install

Download the signed + notarized .dmg below, open, drag to Applications. No Gatekeeper warning. macOS 13 (Ventura) or newer · Apple Silicon.

Full changelog

v0.2.0...v0.2.1

Built with Agency Agents, by the creator of Agency Agents. Powered by Claude Code in the terminal, running Opus 4.7 [1m]. If brew-browser saves you time, sponsor on GitHub ♥.

Don't miss a new brew-browser release

NewReleases is sending notifications on new releases.