v0.0.17-alpha

Main App Changes

Added: New projects now remember the last folder you chose, so you don't have to re-select it every time. - User Requested Feature

Compliance Editor Changes

Fixed: Rule/Project sync now explains why it may have failed, allowing users to manually correct the issue.

Fixed: The sync was failing because the mSCP repo cache contains symlinks (e.g. baselines -> config/default/baselines) that were being treated as regular files during copy, conflicting with existing directories in the project.

Fixed: Auto-save baseline before running mSCP Audit, Documentation, or Build to prevent failures when the baseline file is missing.

Added: a "Project" menu to the Compliance Builder Hub with options to open a different project or duplicate the current one. - User Requested Feature

Build Hub Changes

No changes this release.

Audit Builder Hub Changes

Added: "Review Before Running" warning prompt to mSCP Audit to match MACE Audit behavior.

Fixed: Consolidated the audit engine selection and options into a single sheet instead of prompting twice.

Security: Session helper will now remove properly on a per session if the mSCP window is closed early.

Added: XLSX export support aligned with the mSCP output format, containing complete audit details and additional contextual information. - User Requested Feature

Documentation Builder Hub Changes

Fixed: Organization Defined Values ($ODV) are now replaced with their actual values in all documentation outputs (PDF, HTML, XLSX)

Added: You can now export your compliance baseline as a formatted Excel spreadsheet from the MACE Documentation Builder. Columns are controlled by your toggle selections, with auto-filters and frozen headers included. - User Requested Feature

Rule Builder Hub Changes

No changes this release

Feedback Needed

We'd love your help testing features to make sure everything works as expected.

If you run into any issues or have suggestions, please open an issue at github.com/mace-app/mace.

Known Issues

• mSCP Engines: I expect issues with the mSCP engines since they rely on the mSCP 2.0 Python scripts, which don't have everything fully mapped out yet.

• mSCP Engines: Custom rules are not currently supported.

• UI font sizing: May vary depending on your system's accessibility, display, or font settings. A fix requires reworking fonts across every screen, so this is on hold for now.

• (Sequoia & Below): Glass/blur effects don't look quite right on older macOS versions. Adjusting visuals to work well without these effects will take time.

• Console logging: May not capture all events. Logging is being improved incrementally as features are updated.

v0.0.16-alpha

Main App Changes

• Fixed: Cleaned up various unneeded code and files on the backend. As I build, I sometimes realize I can combine efforts and eliminate duplicate or unnecessary code. It's my first app… I'm learning!

• Fixed: Fixed multiple caching issues and adjusted caching to increase speed overall. More noticeable on weaker or older machines.

• Added: mSCP project files will now be updated during the update rule process. It lists which files have changed with the ability to view the file locally or view the commit changes from mSCP. This is in preparation for mSCP engine support. Keep in mind, the first time you do this with an existing project, it may show many files since I was only updating the rules and not the full project in past updates.

• Fixed: Added a list of files to avoid during rule or project updates.

• Fixed: The mSCP 2.0 baseline file is now saved in the correct location and reflects the proper information without needing to generate a baseline. It creates this file anytime it saves or when a new project is created.

• Added: Added a workflow to automatically generate the baseline file if it's missing when opening an existing project. This should cover existing projects.

• Fixed: Adjusted the author output for the baseline file to generate the proper author list from mSCP. The DISA author will appear on DISA STIG compliance baselines and so on. Also fixed how it handles the stored author list to create a proper author list in the file.

• Added: Added standalone Python support to run the mSCP Python scripts for the mSCP engine.

• Added: The Python environment and dependencies are built under ~/Library/Application Support/MACE/python_env. This keeps everything in an isolated environment for security and is designed to check for changes in the mSCP project and rerun the requirements when changes are detected.

• Added: Ruby dependencies are built under ~/Library/Application Support/MACE/ruby_gems. This keeps everything in an isolated location for security and is designed to check for changes in the mSCP project and rerun the requirements when changes are detected.

• Added: Settings now offers the ability to clear both the Ruby and Python environments.

Compliance Editor Changes

No changes this release.

Build Hub Changes

• Added: Added mSCP Build engine, which uses the mSCP 2.0 Python script from the project to generate build files. Supports flags -p, -P, -s, -G, and -d, along with the ability to add custom flags. As mSCP 2.0 progresses, more output options will be added.

Audit Builder Hub Changes

• Added: Added mSCP Audit engine, which uses the mSCP 2.0 Python and compliance script from the project to generate audit files. Includes the ability to add custom flags to the compliance script. As mSCP 2.0 progresses, more output options will be added.

Documentation Builder Hub Changes

• Added: Added mSCP Docs engine, which uses the mSCP 2.0 Python script from the project to generate documentation files. Supports flags -m and -x, along with the ability to add custom flags. As mSCP 2.0 progresses, more output options will be added.

Rule Builder Hub Changes

No changes this release
...

v0.0.15-alpha

Main App Changes

No changes this release.

Compliance Editor Changes

• Fixed: When clicking "Check for Rule Updates" when the rules were up to date, it would still offer to update rules then prompt and say MACE is up to date. This was all false information as the rules were up to date already. It will now
  properly tell you the rules are up to date.

• Fixed: When mSCP cache is missing, it now assumes the project is newer than the MACE bundle. The MACE bundle is now only used for offline/new project. After a lot of testing it was better to always lean towards mSCP instead of assuming
  rules are up to date in the MACE bundle.

• Added: When rules have an update, it will now list which rules that are apart of your compliance that have changed, what rules are being updated/removed, and the ability to look at the mSCP rule commit, the rule locally, and the full mSCP
  commit history. Allowing users to fully see the rule changes. - User Requested Feature

• Added: For disabled rules you can now add a rule justification that will be used in the documentation output. This will allow you to explain why a rule was disabled. - User Requested Feature

Audit Builder Hub Changes

No changes this release.

Documentation Builder Hub Changes

• Added: The ability to sort rules by A-Z within sections for PDF & HTML. - User Requested Feature

• Added: The ability to show disabled rules in the documentation output and/or with a disabled rule justification. - User Requested Feature

• Added: A divider line to the PDF output for the title area of each rule.

Rule Builder Hub Changes

No changes this release.

Builder Hub Changes

• Added: A custom name field for each output that isn't generic. - User Requested Feature
• Added: More readme file information so users have more guidance.
• Fixed: Renamed all of the outputs so they are simpler to understand for newer users.
• Fixed: Build Complete now shows the correct number of scripts and profiles created. ...

v0.0.14-alpha

Main App Changes

No changes this release

Compliance Editor Changes

No changes this release

Audit Builder Hub Changes

• Changed: The header now displays the Compliance Framework and Version instead of the benchmark name. This prevents text from being cut off when benchmark names are too long.

Documentation Builder Hub Changes

No changes this release

Rule Builder Hub Changes

No changes this release

Build Hub Changes

• Fixed: Updated compliance script descriptions to clearly indicate whether they include audit, remediation, or both.
• Fixed: Clarified the Audit Mobileconfig description to be more user-friendly.
• Fixed: Added MACE version info to the README and output shell scripts to help with troubleshooting.
• Added: Jamf Pro Export — upload directly to your Jamf Pro server without leaving MACE.
  • Upload profiles, scripts, extension attributes, and audit preferences
  • Supports both Username/Password and API Client authentication
  • Automatically creates categories and detects duplicates
  • Shows real-time upload progress with status for each item
• Added: Placeholders for additional MDM integrations (Kandji, Mosyle, Intune, Workspace ONE). These are planned but require test environments to develop — reach out if you can help!

Feedback Needed

We'd love your help testing these features to make sure everything works as expected:

• Jamf Pro Export — Does authentication work smoothly? Are uploads completing correctly?
• Compliance Scripts — Are audit and remediation scripts running properly on your systems?
• Configuration Profiles — Do the generated mobileconfigs install and apply settings correctly?
• Extension Attributes — Are they reporting accurate compliance data in Jamf?

If you run into any issues or have suggestions, please open an issue at github.com/mace-app/mace.

Known Issues

• UI font sizing may vary depending on your system's accessibility, display, or font settings. A fix requires reworking fonts across every screen, so this is on hold for now.
• (Sequoia & Below) Glass/blur effects don't look quite right on older macOS versions. Adjusting visuals to work well without these effects will take time.
• Console logging may not capture all events. Logging is being improved incrementally as features are updated.

v0.0.13-alpha

Main App Changes

• Added: JCE File Import — Import Jamf Compliance Editor (.jce) files to quickly create new projects with auto-detected platform, version, and compliance settings
• Added: Audit Helper Auto-Update — Version checking detects outdated helpers and prompts for update. After one admin authentication, future helper updates happen automatically
• Added: Options in Settings to remove the Update Helper and Audit Helper
• Fixed: Standard User Update Support — Standard users can now install updates by providing admin credentials. Choose to install an update helper for automatic future updates, or enter admin credentials each time
• Fixed: Login Items Display — Audit Helper now displays as "MACE" in System Settings → Login Items instead of the developer name. Requires a one-time helper update, triggered automatically when running an audit
• Improved: Main menu "Guide" button renamed to "Website" and Help menu documentation link now points to getmace.com
• Improved: Redesigned main menu visuals with fixed window size
• Security: Privileged helpers are limited to their intended functions to minimize attack surface and only install when needed

Compliance Editor Changes

No changes this release

Audit Builder Hub Changes

No changes this release

Documentation Builder Hub Changes

No changes this release

Rule Builder Hub Changes

• Fixed: Tag Layout — Tags now display horizontally instead of vertically for improved readability

Build Hub Changes

• Added: Jamf Pro JSON Schema for exemption management — Build now generates org.{baseline}.audit.jamf_schema.json which provides a visual UI in Jamf Pro for managing rule exemptions. Upload via Application & Custom Settings > Custom Schema to get toggle switches and reason fields instead of editing raw XML
• Added: README.txt — Build now generates both README.md (markdown) and README.txt (plain text) for universal readability
• Added: Export to MDM button (coming soon) — Direct export to supported MDM solutions including Jamf Pro, Kandji, Mosyle, Intune, and Workspace ONE. Currently disabled while API functions are being developed
• Fixed: Compliance scripts no longer hang in zsh when running --check or --cfc modes. Previously, scripts would freeze after "Starting compliance scan" due to a shell compatibility issue with file truncation
• Fixed: Intune extension attribute changed from JSON to plain text format (Non-Compliant (X) - Failed Rules: rule1, rule2) for compatibility with Intune Custom Attributes
• Fixed: MDM setup instructions corrected for all platforms (Jamf, Kandji, Mosyle, Intune, Workspace ONE) to match current admin console navigation paths
• Fixed: Compiler warning in compliance script builder (developer-side only)
• Improved: READMEs now include getmace.com and mSCP links, and only display author/organization fields when they contain values
• Improved: README clarity — Reorganized build output documentation into categories (MDM Deployment, Exemption Management, MDM Reporting, Documentation) with clear descriptions of what each file does

Known Issues

• UI font size may look different on your system based on accessibility/display/font settings. To fix it requires a complete rework of the font on every page. Currently on hold as this is a large lift to correct and test.
• (Sequoia & Below) UI refinements for glass effects don't translate perfectly to older macOS versions. Reworking visuals to support non-glass styling across all development stages will take time.
• Console logging may not capture all events — logging is being updated incrementally as features are reworked.

v0.0.12-alpha

Main App Changes

No changes this release

Compliance Editor Changes

No changes this release

Audit Builder Hub Changes

No changes this release

Documentation Builder Hub Changes

No changes this release

Rule Builder Hub Changes

No changes this release

Build Hub Changes

Critical Fix - This update addresses mobileconfig generation issues that could result in incomplete or malformed configuration profiles. Pushing this release immediately to prevent broken workflows. It's alpha—wouldn't expect anything less than two updates in one day! 😄

• Fixed mobileconfig PayloadType to properly expand shorthand notation (.GlobalPreferences → com.apple.GlobalPreferences) and preserve full domain in filenames
• Fixed array merging so settings like SkipSetupItems and DisabledSystemSettings from multiple rules combine instead of overwriting

Known Issues

• Auto-update from standard user account can break the app due to a race condition. Requires workflow rework and possibly a privileged helper to resolve.
• (Sequoia & Below) Authorization prompt displays developer name "Cody Keats" instead of the app name. This is a macOS limitation resolved in Tahoe; changing it requires a new certificate and will remain as-is.
• (Sequoia & Below) UI refinements for glass effects don't translate perfectly to older macOS versions. Reworking visuals to support non-glass styling across all development stages will take time.
• Console logging may not capture all events — logging is being updated incrementally as features are reworked.

v0.0.11-alpha

Main App

• Multiple Authors Support — Added ability to add multiple authors via the Author Documentation dialog. Use the + button to add authors individually; names display as comma-separated throughout all exports (scripts, profiles, PDFs, HTML, etc.) [User Requested]

Compliance Editor

• Fixed ODV values now saving to the correct compliance-specific field (e.g., STIG values update the STIG field, not Recommended)
• Fixed ODV number values being incorrectly saved as text
• Compliance Values under ODV now always displays original baseline values for reference

Audit Builder Hub

• Fixed ODV values not being applied during audits for rules with custom text substitution (e.g., SSH policy banner)

Build Hub

• Added MACE website and GitHub links to generated script headers for attribution
• Fixed unquoted $CURRENT_USER variable in compliance scripts to prevent errors when no user is logged in or username contains spaces
• Added --reset-ssh flag for resetting SSH configuration to macOS defaults (15.2+) before applying fixes — supports flag combinations or setting RESET_SSH_BEFORE_FIX="true" in the script

Documentation Builder Hub

• No changes this release

Rule Builder Hub

• No changes this release

Known Issues

• (Sequoia & Below) Authorization prompt displays developer name "Cody Keats" instead of the app name. This is a macOS limitation resolved in Tahoe; changing it requires a new certificate and will remain as-is.
• (Sequoia & Below) UI glass effects don't translate perfectly to older macOS versions. Visual refinements for non-glass styling are ongoing.
• Console logging may not capture all events — logging is being updated incrementally as features are reworked.

v0.0.10-alpha

Main App Changes

• Centralized all platform definitions, version mappings, compliance frameworks, section aliases, and rule metadata into ComplianceDatabase.swift
  • Refactored 18 files to use this as a single source of truth
  • Added support for direct project refactoring to download the latest rules (baselines to come soon)
• Expanded logging across the app to better capture failure states
• Updated Recent Projects to display friendly compliance names instead of raw IDs
  • Example: “DISA STIG” instead of disa_stig

Automatic Rule Updates (mSCP Integration)

• Direct GitHub sync
  • MACE now fetches the latest rules directly from the official usnistgov/macos_security repository (dev_2.0 branch)
• Background downloads
  • Rules are downloaded automatically in the background on app launch
• Smart caching
  • Rules are cached locally in
    ~/Library/Application Support/MACE/RepoCache/
  • Re-downloads only occur when GitHub reports newer commits
• New project behavior
  • When creating a new project, MACE will prefer cached mSCP rules over the bundled app rules
  • Ensures new projects start with the most up-to-date rules available
• Project comparison
  • When opening a project, MACE compares project rules against the latest mSCP rules
  • Prompts users to update when differences are detected
• Offline support
  • Falls back to cached mSCP rules or bundled app rules when offline
  • Ensures rules are always available
• Fallback behavior
  • If the mSCP cache is unavailable (offline, download failed, or cleared), MACE uses the rules bundled with the app
• New Settings options
  • Clear Downloaded Rules — Forces a fresh download from GitHub
  • Open Data Folder — Opens MACE settings and cache in Finder
  • Auto-Download mSCP Rules — Toggle background downloads on app launch

Compliance Editor Changes

• Fixed Custom section not appearing in the sidebar when custom rules exist
• Added View on GitHub option to the rule menu
  • Opens the original rule directly in the mSCP repository

Audit Builder Hub Changes

No changes

Documentation Builder Hub Changes

No changes

Rule Builder Hub Changes

No changes

Build Hub Changes

• Improved Build Hub section visibility in light mode by adding subtle backgrounds and borders to card containers.

Known Issues

• (Sequoia & Below) Authorization prompts display the developer name “Cody Keats” instead of the app name
  • This is a macOS limitation resolved in Tahoe
  • Fixing this would require issuing a new certificate and will remain as-is for now
• (Sequoia & Below) Glass-style UI effects do not translate perfectly to older macOS versions
  • Supporting non-glass visuals across all development stages will require additional rework
• Console logging may not capture all events
  • Logging coverage is being expanded incrementally as features are refactored

v0.0.9-alpha

Main App Changes

• Added Holiday Logo toggle in Settings → Appearance, allowing users to opt out of seasonal themes to respect diverse beliefs and cultural preferences
• Renamed Display Settings to Remember Settings — all settings throughout the app are now remembered by default with an option to disable
• Added Auto Save toggle in Settings — enables manual save control for temporary adjustments (custom rule edits still save immediately) [User Requested]
• Added Clear Cache option in Settings to remove all cached files
• Added Reset to Default option to restore all views and settings to their original state
• Migrated all settings to a unified plist-based configuration system
• Fixed GitHub update checker to properly parse and compare semantic versions with -alpha/-beta suffixes

Compliance Editor

No changes

Audit Builder Hub

• Fixed session-only helper now properly uninstalls when quitting the app, not just when closing the audit window

Documentation Builder Hub

No changes

Rule Builder Hub

No changes

Known Issues

• (Sequoia & Below) Authorization prompt displays developer name "Cody Keats" instead of the app name. This is a macOS limitation resolved in Tahoe; changing it requires a new certificate and will remain as-is.
• (Sequoia & Below) UI refinements for glass effects don't translate perfectly to older macOS versions. Reworking visuals to support non-glass styling across all development stages will take time.
• Console logging may not capture all events — logging is being updated incrementally as features are reworked.

v0.0.8-alpha

Main App Changes

• Added GitHub-based Auto-Update System to streamline application updates

  • Checks for updates automatically on app launch
  • Manual check available via menu bar (MACE > Check for Updates...)
  • Supports Alpha, Beta, and Stable release channels (configurable in Settings)
  • Default channel is Alpha until official stable/beta releases
  • Allows switching between channels with automatic update detection
  • Supports both upgrades and downgrades when changing release channels
  • Automatic updates keep users on the bleeding edge with less manual effort

  Installation Context Handling:

  • User-installed (e.g., ~/Applications) — Updates install automatically without prompts
  • Admin-installed (e.g., /Applications with root ownership) — Prompts for administrator password via secure AppleScript dialog
  • MDM-deployed — A script will be provided in the future to keep the app up to date for MDM-deployed workflows

  Security Measures:

  • Code Signature Verification — Validates the downloaded app using codesign --verify --deep --strict
  • Team ID Verification — Ensures updates are signed by the same developer (prevents supply chain attacks)
  • Apple Notarization Check — Verifies Apple has scanned the app for malware via spctl
  • HTTPS Only — All downloads fetched securely from GitHub Releases
  • No HTTP Caching — Fresh network requests prevent stale/tampered cached responses

Compliance Editor Changes

No changes

Audit Builder Hub Changes

Security Measures:

• Added a confirmation dialog before running audit checks
  • Warns users that shell scripts from rule files (including custom rules) will be executed
• Added a privileged helper to run audit checks as root
  • Required for certain security rules that need access to protected system settings
• Users can choose how the privileged helper is handled:
  • This Session Only — Helper is removed when the audit is closed
  • Keep Installed — Helper remains installed and avoids future prompts
  • Both options require an administrator password

Documentation Builder Hub Changes

No changes

Rule Builder Hub Changes

No changes