MLX Code v6.1.0 — Security Hardening & Code Quality Audit

What's New in v6.1.0

Security Hardening & Code Quality Audit

31 findings resolved across CRITICAL, HIGH, MEDIUM, LOW, and INFO severities.

Critical Fixes:

• API Keys to Keychain: All AI backend API keys migrated from UserDefaults to macOS Keychain with automatic migration on first launch

High Fixes:

• Command Validator Hardened: NSRegularExpression word-boundary matching prevents bypass via substrings
• Python Import Validator: Regex-based validation with comment filtering
• Model Hash Verification: SHA256 verification using CryptoKit
• Buffered I/O: 4096-byte chunk reading replaces byte-by-byte daemon communication
• Task Cancellation: while !Task.isCancelled for clean shutdown
• Portable Paths: Bundle-relative paths replace hardcoded file paths
• Secure Logging: SecureLogger replaces all print() statements

Medium Fixes:

• Unicode search with localizedCaseInsensitiveContains()
• O(n) context management replacing O(n²) insert-at-zero
• 1MB file content cap, multi-version Python path lookup
• Serial queues for thread-safe MLX service operations
• Permission checks for script execution

Low/Info Fixes:

• Force unwrap elimination, NSString cast → URL API
• Named constants for context budget ratios
• Clear Conversations confirmation dialog
• Deprecated unused ContentView with @available attribute

Install

Download the DMG below, open it, and drag MLX Code to Applications.

Requirements: macOS 14.0+, Apple Silicon (M1/M2/M3/M4), 8GB RAM minimum