Security & integrity remediation + dead-code sweep. No new features. Universal (Apple Silicon + Intel), ad-hoc signed.
Security
- Webhook/ntfy: refuse cross-host / https→http redirects so the bearer token & auth headers can't be exfiltrated by an attacker-controlled 30x; ephemeral session, no cookies.
- Keychain: report set failures, set accessibility.
Integrity
- ASC MHL seal failure now surfaced to the operator (non-fatal warning, footage stays verified) instead of being silently swallowed; warnings/errors now log in release builds.
- Encode-all-before-write to avoid truncated config saves; entitlements DOCTYPE repair.
- Orphan-cleaner TOCTOU fix (register temp name before the file exists).
- Failed-dest repair seals a fresh ASC MHL generation (chain of custody) and honors F_FULLFSYNC on exFAT/USB.
- Removed O(N²) per-file manifest flush (checkpoint + seal only).
- Verify: skip dest re-read for skip-policy files (regression fix).
Cleanup
- Removed CustomCopierSupport; slimmed CustomCopierService and CancellationState (dropped dead cancel/pause surface).
- Memory-safe sibling repair (per-chunk autorelease drain).
⚠️ Ad-hoc signed (not notarized): on first launch, right-click the app → Open to bypass Gatekeeper.