Brew-browser

v0.2.1 Feature

This release adds 2 notable features for engineering teams evaluating rollout.

Published 10d Server & OS Management

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Summary

AI summary

Updates Small things, GitHub auth toast bugs, and https://github.com/msitarzewski/brew-browser/releases/tag/v0.2.0 across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Security	Low	Added .gitleaks.toml allowlist for public OAuth Device Flow client_id, eliminating false‑positive gitleaks detection. Added .gitleaks.toml allowlist for public OAuth Device Flow client_id, eliminating false‑positive gitleaks detection. Source: llm_adapter@2026-05-28 Confidence: high	—
Security	Low	Security audit tools (cargo audit, cargo deny, npm audit, semgrep, gitleaks) report zero vulnerabilities or leaks. Security audit tools (cargo audit, cargo deny, npm audit, semgrep, gitleaks) report zero vulnerabilities or leaks. Source: llm_adapter@2026-05-28 Confidence: high	—
Feature	Low	README and landing page now display real product UI screenshots with theme‑aware rendering. README and landing page now display real product UI screenshots with theme‑aware rendering. Source: llm_adapter@2026-05-28 Confidence: high	—
Feature	Low	Updated build credit to clarify runtime as Claude Code and model version Opus 4.7 [1m]. Updated build credit to clarify runtime as Claude Code and model version Opus 4.7 [1m]. Source: llm_adapter@2026-05-28 Confidence: high	—
Bugfix
Bugfix	Medium	macOS Keychain prompt now lazy; fires only when using GitHub features. macOS Keychain prompt now lazy; fires only when using GitHub features. Source: llm_adapter@2026-05-28 Confidence: high	—
Bugfix	Medium	GitHub auth toast now shows correct username and prevents duplicate toasts. GitHub auth toast now shows correct username and prevents duplicate toasts. Source: llm_adapter@2026-05-28 Confidence: high	—
Bugfix	Medium	Star, Watch, and File‑issue actions now work correctly for authenticated users instead of redirecting to Settings. Star, Watch, and File‑issue actions now work correctly for authenticated users instead of redirecting to Settings. Source: llm_adapter@2026-05-28 Confidence: high	—

Full changelog

brew-browser v0.2.1

Hotfix on top of v0.2.0 — addresses three GitHub-auth issues users hit immediately, plus a few quality-of-life touches.

Fixes

macOS Keychain prompt on every launch

v0.2.0 eagerly probed the Keychain on app start to know whether you were signed in to GitHub. macOS treats a new binary signature as a new app for ACL purposes, so fresh installs of v0.2.0 fired the "brew-browser wants to use your confidential information stored in dev.openbrew.browser" prompt on every launch — even users who'd never touched a GitHub feature.

v0.2.1 makes the Keychain probe lazy: the OS prompt only fires when you actually click Star / Watch / File-issue, or open Settings → GitHub. If you never use a GitHub feature, the Keychain is never touched, and the prompt never fires. When it does fire, it's contextual — you're about to use the token, the prompt is meaningful.

GitHub auth toast bugs

"Signed in as @github user." — the post-sign-in success toast was reading status.username before the username had been fetched. Fixed: status loads before signinState flips to approved.
Stack of duplicate "Signed in to GitHub" toasts — the toast effect re-ran on every status hydration. Fixed: untrack() wrapping in the Svelte 5 effect so it's pinned to one toast per real state transition.

Star / Watch / File-issue worked correctly when authed

v0.2.0 bounced authenticated users to Settings → GitHub instead of running the action. This is the same root cause as the Keychain prompt — fixed in the same patch (lazy probe in requireGithubSignIn).

Small things

Real screenshots — the README and landing page now show actual product UI (Dashboard light/dark + Services). Landing's hero <picture> uses prefers-color-scheme so visitors see the screenshot matching their system theme.
Accurate build credit — "Powered by Anthropic's Claude Opus 4.7 and the Claude Agent SDK" → "Powered by Claude Code in the terminal, running Opus 4.7 [1m]." Claude Code is the runtime (this CLI), Opus 4.7 [1m] is the model.
gitleaks allowlist — added .gitleaks.toml allowlisting the public OAuth Device Flow client_id. Per RFC 8628 §3.1, Device Flow client_ids aren't credentials; the false-positive flag was the only thing gitleaks caught.

Security audit re-run

Full tool battery passed against the v0.2.0/v0.2.1 surface:

| Tool | Result |
|---|---|
| cargo audit | 0 vulnerabilities |
| cargo deny check | advisories ok, bans ok, licenses ok, sources ok |
| npm audit --omit=dev | 0 vulnerabilities |
| semgrep (security-audit + OWASP-10 + Rust + TS, 113 rules, 104 targets) | 0 findings |
| gitleaks | 0 leaks (after allowlist) |

Verdict: READY-FOR-SCRUTINY preserved. Full breakdown in memory-bank/security.md §14.

Install

Download the signed + notarized .dmg below, open, drag to Applications. No Gatekeeper warning. macOS 13 (Ventura) or newer · Apple Silicon.

Full changelog

v0.2.0...v0.2.1

Built with Agency Agents, by the creator of Agency Agents. Powered by Claude Code in the terminal, running Opus 4.7 [1m]. If brew-browser saves you time, sponsor on GitHub ♥.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Brew-browser

Get notified when new releases ship.

About Brew-browser

All releases →

Related context

Related tools

Earlier breaking changes

v0.3.1 Bundle identifier changed from `dev.openbrew.browser` to `com.zerologic.brew-browser`, requiring re‑authorization on upgrade.