Release v5.0.10-afb9006 · craigjbass/clearancekit

Highlights

Security: signing-key ACL was permissive (GHSA-w254-hxm5-3hgh). The System Keychain ECDSA private key used to sign the on-disk policy database shipped without an opfilter-only ACL — any local-root process could use it to sign forged policy. Root cause: kSecAttrAccess on SecItemAdd(kSecValueRef:) is silently ignored for kSecClassKey items in the legacy System Keychain. Fixed by creating and persisting the key in a single SecKeyCreateRandomKey call with kSecAttrIsPermanent, kSecAttrAccess, and kSecUseKeychain together. Existing installs auto-migrate via a capture-rotate-resign flow inside Database.init; no policy data is lost.
Security: replay protection via epoch ratchet (GHSA-9hx3-5wp9-2qqg). Each signed table now carries a monotonically increasing epoch in its signed payload, mirrored in a System Keychain generic-password entry with an opfilter-only ACL. An older legitimately-signed snapshot substituted during the opfilter-update window or via offline tampering is now detected as .suspect on next load.

App Tamper Protection toggle in the App Protections panel. Touch ID-gated kill switch for the built-in bundle-write protection, persisted in the signed feature_flags table.
Advanced mode toggle at the top of the sidebar. When off (the default), only Events, App Protections, and Setup are visible. Flipping it on reveals Tamper Events, Processes, Process Tree, Metrics, Policy, Jail, Allowlist, Bundle Updaters, MCP Agents, and the Export panels. Persisted in the signed feature-flag store.
Event list now shows process UID next to PID; timestamps include a short date for events not recorded today (useful after Load History).
com.apple.installd allowed as a built-in bundle-write trustee (uid 0 only). Hard-coded bundle allows are now defined declaratively in BuiltInBundleAllows.swift.
Drifted preset signatures backported for Mail, Contacts, Messages, Discord, and Chrome based on observed real-world configurations.
MCP menu-bar indicator: pulsing red dot on the shield while the MCP server is running. Enabling MCP now requires Touch ID.
MCP reliability: server stays alive on broken socket and completes the handshake correctly.

Signature-issue dialog reachability: NSData.self was missing from the NSXPC allowed-classes list for signatureIssueDetected, so NSSecureCoding silently rejected the inner data fields and the entire IPC call was dropped. The suspect-signature dialog had never actually fired in production. Now correctly registered, so the dialog surfaces on every relevant connection event.
Signature-issue dialog timing: previously pushed only once inside addGUIClient during registerClient, which raced with NSXPC connection setup on reconnect. Replaced with an explicit fetchPendingSignatureIssue pull immediately after every successful registerClient — the dialog now appears reliably on first launch, on every reconnect, and after every opfilter restart.
ACL migration data preservation: the new capture-rotate-resign flow inside Database.init keeps user rules, allowlist, ancestor allowlist, jail rules, bundle updater signatures, and feature flags across the upgrade.

On first launch of this build, opfilter runs a one-time signing-key re-key migration. Policy data is preserved automatically.
If you previously installed v5.0.10 beta 5780b84 or b4b91e5 and saw your policy configuration disappear, the affected tables were silently discarded by those earlier builds — jail rules, ancestor allowlist, bundle updater signatures, and feature flags will need to be re-added manually. User rules and the global allowlist may also have been lost depending on whether a save was triggered after the broken upgrade.