FIXXR is a macOS endpoint lifecycle intelligence platform. It answers four questions about every app on your Mac: how it got here, what it touches, how it updates, and how to remove it completely. This is the story of why it exists, what it stands on, and how it earns your trust.
Somewhere between 60 and 70 percent of the applications on a typical Mac update outside the App Store. There is no unified way to know what is installed, whether it is current, where it came from, or how to remove it cleanly. The tools that tried to solve this are gone.
Sparkle feeds, vendor websites, embedded auto-updaters, Homebrew Cask. Each with its own mechanism, none with a shared view.
No native macOS tool tells you when an app updated, from where, or whether the signing identity changed between versions.
When MacUpdater's backend went dark in January 2026, hundreds of apps lost their only managed update channel.
The space is fragmented. Each tool covered a slice. None covered the full lifecycle.
FIXXR models each app as a node in a lifecycle graph. The graph answers the questions that macOS does not surface natively, and that no single existing tool covers end to end.
Provenance tracking. Where was the binary downloaded from? Which CDN? Was it installed via Homebrew, drag-and-drop, or a PKG installer? Is the signing identity consistent with what was there before?
Filesystem footprint mapping. Which directories does it own? What launch agents, preference panes, kernel extensions, or helper tools did it install beyond the .app bundle?
COMING SOONOrchestrates Homebrew Cask, Sparkle, the Mac App Store, and native auto-updaters. Maxx routes each app to the right mechanism automatically, with TeamID verification before every install.
Clean Remove reads PKG receipts, discovers scattered files, and removes everything the app left behind. Not just the .app bundle -- the launch agents, the caches, the preference files.
FIXXR exists because decades of open-source and platform work came before it. These are the projects and standards that make the lifecycle graph possible. Respect where it is due.
The update framework that thousands of macOS apps use to ship new versions. FIXXR reads Sparkle's appcast feeds to discover what is available.
sparkle-project.orgThe local database engine. Every provenance record, every audit trail event, every app observation is stored in WAL-mode SQLite on your machine.
sqlite.orgFIXXR's CLI is pure Python standard library. No pip, no venv, no dependency chain. Runs on the Python 3 that ships with Xcode Command Line Tools.
python.orgThe menu bar dashboard that gives Maxx a face. Native macOS interface, built with SwiftUI and AppKit, signed with a Developer ID certificate.
developer.apple.com/swiftuiWorkers host the community catalog API. D1 stores the shared dataset. Pages serves this website. Edge-first infrastructure, no origin servers.
cloudflare.comApple scans every FIXXR release for malware before it reaches your Mac. Notarization plus Developer ID signing is the baseline trust gate.
developer.apple.comKeyless code signing for the supply chain. FIXXR uses Sigstore-compatible attestations to prove build provenance without managing long-lived keys.
sigstore.devTheir Internet Access Policy model inspired FIXXR's privacy approach: declare exactly what data you collect, and be auditable against that declaration.
obdev.at/iapTrust is not a toggle. It is a chain of verifiable claims, each independently auditable. Here is the full chain, from your machine to the community catalog and back.
Everything FIXXR knows lives in a SQLite database on your machine at
~/.fixxr/fixxr.db.
Your full inventory, all provenance events, all audit logs. Nothing is stored
remotely unless you explicitly opt in.
If you opt in to the community catalog, only 8 fields ever leave your machine: bundle_id, app_name, latest_version, download_url, sha256, feed_url, homepage_url, update_mechanism. Enforced at the adapter layer in code, not policy.
OPT-IN ONLYEvery FIXXR release is signed with an Apple Developer ID certificate. macOS Gatekeeper verifies the signature before the app is allowed to run. The TeamID is consistent across all releases.
VERIFIABLEBefore distribution, every build is submitted to Apple's notarization service, which scans for malware and verifies the Developer ID. The notarization ticket is stapled to the DMG.
APPLE VERIFIEDCI builds produce cryptographic attestations via GitHub's artifact attestation feature. You can verify that the binary you downloaded was produced by the CI pipeline in the public repository, not by a compromised developer machine.
VERIFIABLEEach release ships with a machine-readable inventory of every dependency. Since the Python CLI uses only stdlib, the SBOM is short. But it exists, and you can audit it.
PUBLISHEDThe repository includes a SECURITY.md with clear instructions for reporting vulnerabilities. Response commitment, scope, and a PGP key for encrypted disclosure.
PUBLISHEDFIXXR is a community utility, not a business. The value is the shared catalog. If the project grows, it becomes a Verein -- a Swiss non-profit association -- governed by its members, not by investors.
No analytics. No tracking pixels. No crash reporters phoning home. Your usage patterns stay on your machine.
No advertising. No affiliate links. No user profiling. The software does not monetize your attention or data.
No premium tier. No time-limited trial. No feature gates. Every capability is available to every user.
The Verein model. If FIXXR grows beyond a single maintainer, governance moves to a Verein -- a Swiss non-profit association. Open membership, transparent accounts, democratic decision-making. The protocol and the catalog belong to the community. The software stays MIT-licensed. Infrastructure costs are funded by voluntary membership dues, not by extracting value from users.
The workshop charges no admission. The tools are free. The catalog is shared. If you tend the library, the library tends you back.