Releases: ugurkocde/TenuVault-TUI
Release list
v1.5.0
TenuVault TUI v1.5.0
This release focuses on making backups, comparisons, restores, and tenant-to-tenant sync safer under cancellation, filesystem failures, Graph throttling, and incomplete source data. It also adds an official PowerShell Gallery distribution for Windows administrators.
Highlights
Install from the PowerShell Gallery
Windows administrators can now install TenuVault directly from PowerShell:
Install-Module TenuVault-TUI -Scope CurrentUser
tenuvault --versionThe module bundles the Windows binary and is versioned from the release tag. The release pipeline verifies the downloaded binary against checksums.txt, validates the module manifest, and publishes the module only after the main release job succeeds.
More durable backups and configuration writes
- Policy files, metadata, checksums, group mappings, logs, and application configuration are now written atomically. Readers will no longer observe partially written JSON if the process or machine stops during a write.
- Atomic replacement works across Unix, macOS, and Windows.
- Backup directories now include nanosecond precision and collision suffixes, preventing concurrent runs from writing into the same folder.
metadata.jsonis written last and acts as the completed-backup marker. Interrupted directories are hidden from backup browsing while remaining eligible for retention cleanup.- Cancelled backups preserve everything already written, record partial checksums, and finish with an explicit
Cancelledstatus. - Filesystem failures that were previously easy to miss—such as sidecar, log, category, policy, or retention-removal errors—are now reported to the CLI or TUI.
Safer Microsoft Graph behavior
- Graph throttling now honors both numeric and HTTP-date
Retry-Aftervalues and uses jittered exponential backoff. - Read-only GET requests retry transient 500/502/503/504 failures. Ambiguous 5xx responses for create/update requests are not retried, avoiding accidental duplicate policies when Graph may already have applied the write.
- Response-body read failures are surfaced without turning a successfully completed write into a false failure because of a late body-close error.
- Administrative Template restores validate captured definition IDs before creating anything.
- If applying Administrative Template settings fails after the base policy is created, TenuVault attempts a bounded, cancellation-independent rollback. If rollback also fails, the result includes the created policy ID for manual cleanup.
- Missing nested Administrative Template presentation values and failed assignment enrichment are now marked as partial content rather than silently appearing complete.
Stronger restore and tenant-sync safeguards
- Sync and restore remain create-only: existing tenant objects are never overwritten.
- Backup-to-tenant sync without a prefix now fails closed when the source tenant is the target tenant or the backup does not identify its source tenant.
- Shared App Protection backup folders are correctly filtered by platform, so selecting iOS, Android, or Windows does not unintentionally include the other platforms.
- Duplicate category keys are de-duplicated, unknown category keys are rejected, and unreadable backup/category directories produce actionable errors.
- Conditional Access policies are still created disabled, and assignments are not copied.
- Partial-content warnings now propagate through restore results, sync results, the TUI, and exported reports.
More reliable comparisons and integrity verification
- Comparisons correctly handle categories that exist in only one of the two backups.
- A category that disappears during an active comparison is treated as an I/O failure rather than being misreported as policy removal.
- Policy read and JSON-normalization failures are returned instead of being converted into false drift.
- Diff results are sorted deterministically by category, policy name, and change type for stable CLI and export output.
- Checksum verification now rejects paths outside the backup directory and unsupported checksum algorithms.
- Verification distinguishes missing files from files that exist but cannot be read, and continues to detect modified, missing, and untracked policy files.
TUI and CLI usability improvements
- Long lists and policy views adapt to terminal height, with corrected scrolling bounds and page/home/end navigation where appropriate.
- Backup, restore, and sync screens now explain empty selections instead of appearing to ignore the action.
- Verification and comparison operations show active loading states and prevent duplicate starts.
- Stale asynchronous comparison results can no longer replace a newer comparison or hijack navigation.
- Authentication and error screens return to the originating workflow more consistently, including the add-tenant flow.
- Connection and settings persistence errors are visible instead of being silently discarded.
- Removing the final live tenant returns to the tenant screen safely, and removed sync source/target indexes cannot be accidentally re-pointed to another tenant.
- Unknown CLI commands now return a usage error rather than launching the interactive TUI.
- Headless commands respond to
Ctrl+CandSIGTERM; a cancelled backup exits with code130.
Upgrade and compatibility notes
- No configuration migration is required.
- Existing backup folders using the older second-precision naming format remain supported. New backups use nanosecond precision and may include a numeric collision suffix.
- Directories without
metadata.jsonare treated as incomplete and are not shown as restorable backups. - Automation that cancels
tenuvault backupshould now expect exit code130instead of success. - Backup-to-tenant sync with an empty prefix now requires metadata that identifies the source tenant. Use
--prefixwhen working with an older or externally produced backup that lacks a tenant ID.
Validation
The release was validated with formatting checks, go vet, golangci-lint, race-enabled tests, Linux/macOS/Windows cross-builds, PowerShell Script Analyzer, module manifest validation, signed and notarized macOS packaging, and release checksum verification.
Downloads
Release assets include Windows ZIP archives, Linux tarballs plus DEB/RPM packages, an Apple Silicon macOS archive, and signed/notarized Apple Silicon DMG and PKG installers. Verify downloads with the attached checksums.txt.
For implementation traceability, see PR #3 and the commits included between v1.4.0 and v1.5.0.
v1.4.0
v1.3.0
Changelog
- c8d9240 Add / search filter to long list screens
- 74f7e7e Add HTTP client tests and wire golangci-lint into CI
- 96b725b Document / filter, backup cancel, and compare in the README
- 40e8542 Fix CI lint: use golangci-lint v2 action with a Go 1.26-built release
- bbf5488 Harden Graph client, fix TUI state bugs, add cancel and compare
- 40d44f2 Merge pull request #1: Harden restore/sync, surface swallowed errors, and expand test + lint coverage
- 416e3f4 Parallelize per-item policy fetches in backup
- 92ee261 Record v1.3.0 integration notes
- 6262c9c Remove dead code and fix stale comments
- 8922040 Set up Cursor Cloud dev environment (AGENTS.md) (#2)
- 2b1f74e Surface partial-content warnings when restoring/syncing
- 205b85b Surface previously-swallowed errors
v1.2.1
Changelog
- d3246ad Use UgurLabs.TenuVault as the winget package identifier
v1.2.0
v1.1.0
v1.0.0
Changelog
- e59809b Add TenuVault terminal UI for Intune backup and restore
- 01d9449 Add graph.API interface and engine integration tests
- a432483 Add headless subcommands, CI, and macOS-signed release pipeline
- b6d80a7 Add in-app tenant removal and isolate config in tests
- 24f6987 Add mouse support, status line, scroll indicators, and a stale-load guard
- 6779036 Add tenant-to-tenant policy sync
- 1d0d263 Create README.MD
- fe161ed Enable restore for scope tags and enrollment configurations
- d5cfbe5 Expand to 28 Intune policy types and surface backup failures
- 1b3426d Fix tenant connections showing as not connected
- c14254b Remove apps (mobileApps) policy type
- 3217a97 Request explicit delegated Graph scopes at sign-in
- a6fcf89 Support restore for all policy types (multi-part creates)
- 83e87c4 Use beta for all Graph calls; replace device code with app-reg sign-in form