v5.0.8-05b0a45

What's new

Allow event streaming

Allow events are now opt-in over XPC to reduce CPU usage. The events screen subscribes only while visible; other clients no longer receive allow-event traffic, cutting serialization and IPC overhead. Subscribers get a newest-first backfill of buffered allow events on subscribe so the UI populates immediately. Deny events continue to reach all GUI clients. If opfilter restarts while the events screen is visible, the client re-subscribes automatically on reconnect.

Window and dock behaviour

Closing the main window (red traffic light) now hides it cleanly and removes the dock icon. Reopening from the menu bar restores the window and brings the dock icon back. Previously the window closed but the dock icon could linger inconsistently.

Bundle protection — ancestry trust

BundleProtectionEvaluator now performs ancestry trust checks before allowing bundle updates, with wildcard-aware matching in BundleUpdaterSignature. com.apple.MobileInstallationHelperService is trusted as an App Store installer.

Internal

• Refactor: ancestor updater predicate extracted; magic path string removed.

Commits

• 05b0a45 re-subscribe to allow event stream on reconnect when events screen active
• 72a60be intercept window close to hide and toggle dock icon visibility
• 95a2350 wire client-side allow event stream calls
• dd55191 expose allow-event stream via XPC protocol and wire server
• 345e25e beginAllowStream returns allow-only backfill newest-first
• 23e4c8a filter allow events to subscribed clients only in broadcast()
• b8a6d34 add allow-stream subscription state to EventBroadcaster
• c17e090 trust com.apple.MobileInstallationHelperService as app store installer
• a404e56 extract ancestor updater predicate and remove magic path string
• 3071b7b add ancestry trust checks to BundleProtectionEvaluator
• c00bbc6 add wildcard-aware matches() to BundleUpdaterSignature