Maxx the Marmot — FIXXR's craftsman, sentry, and curator
macOS endpoint lifecycle intelligence

your software,
tended.

Maxx keeps every app on your Mac current, verified, and auditable.
Where competitors stop at detection, Maxx acts.

Download the App or
$ curl -sSL https://fixxr.org/install.sh | bash copy
macOS 13+ · Apple Silicon & Intel · Signed & notarized · No dependencies
535+ apps catalogued
4 update mechanisms
100% local-first
MIT open source

MacUpdater retired.
Nothing replaced it.

MacUpdater's backend went dark. 238 apps lost their update path overnight. Homebrew covers some. The App Store covers others. The rest drift — quietly accumulating security debt — until a CVE shows up and you realise you've been running a vulnerable version for four months.

  • ⚠️

    Unmanaged apps drift

    Apps outside Homebrew or the MAS have no automatic update path. They fall behind silently.

  • 🔴

    Supply chain risk is invisible

    You can't tell if a "Chrome update" is actually Chrome. TeamID verification closes that gap.

  • 📦

    No audit trail

    When did that app update? From where? What changed? Without provenance, you're guessing.

fixxr — endpoint status
$ fixxr report
--- Maxx's Endpoint Security Report ---
Total tracked apps: 247
Outdated apps: 23
CVE exposure: 3 app(s) with known CVEs
Mean days outdated: 18.4
Pending safety review: 0
Top 5 riskiest:
[high | 47d] Firefox: 118.0 → 130.0
[medium | 23d] draw.io: 23.1.0 → 24.7.8
[medium | 15d] Docker: 4.32.0 → 4.34.3
[low | 8d] Disk Drill: 5.4.0 → 5.5.0
[low | 3d] CleanMyMac: 5.0.0 → 5.0.5

Honest visibility.
Not omniscience.

One protocol story — classify, query what he can verify, mark what he cannot, then act with provenance. No four equal cards shouting the same mood.

  1. Classify Each app’s update mechanism: Homebrew Cask, Mac App Store, Sparkle, or vendor self-update.
  2. Query what he can verify Cask metadata, mas, Sparkle feeds, and vendor probes where they exist.
  3. Mark not checked When no independent latest exists — never pretend the app is current.
  4. Act with provenance TeamID, SHA256, CDN consistency, optional AI safety gate — then record the trail locally.
fixxr list — honest status
$ fixxr list --risk
✓ Homebrew · current · verified
✓ Sparkle · current · seal
→ Firefox · outdated · 12d
? Teams · not checked · self-managed
Honest visibility. Not complete omniscience.

Five commands.
Honest visibility.

Maxx routes each app to the best available mechanism automatically. Homebrew Cask, MAS, Sparkle, native triggers — all unified under one protocol.

  • 1

    Discover updates across all mechanisms

    Maxx classifies each app and queries the sources he can verify. Where a lane has no independent version check, he marks it not checked — not current.

    fixxr scan
  • 2

    Rank by actual risk, not version delta

    Days outdated × security tier. A browser 47 days behind ranks above a utility that just hit a minor version.

    fixxr list --risk
  • 3

    Update — with the safety gatekeeper active

    AI assessment runs before every rights elevation. Suspicious installs queue for your review. Everything else completes automatically.

    fixxr update
  • 4

    Inspect any install's full provenance chain

    Where did this binary come from? What CDN? Was the TeamID consistent? SHA256 consensus from the community catalog?

    fixxr provenance
  • 5

    See your endpoint's security posture

    Total apps tracked, outdated count, CVE exposure, mean days outdated, pending safety reviews — in a single report.

    fixxr report
fixxr — update session
$ fixxr update
Maxx is rolling up his sleeves...
Polishing draw.io up to v29.6.6...
CDN: objects.githubusercontent.com ✓
TeamID: UZEUFB4N53 ✓ (matches installed)
AI assessment: HIGH confidence
SHA256: a3f1b29c... ✓
✓ draw.io updated. (brew cask)
Polishing Firefox up to v149.0...
CDN: download.cdn.mozilla.net ✓
TeamID: BPDYD23G75 ✓ (matches installed)
✓ Firefox updated. (native trigger)
⚠ SomeApp: CDN not in trusted list.
Queued for review — run `fixxr review`
Updated 2 apps (1 via cask, 1 via native).
1 queued for safety review.

Provenance, made visible.

Not a checkmark. An actual stamp — the visual payoff for the whole provenance system. When Maxx earns it, he puts his mark on the work.

  • TeamID chain unbroken. The new binary's signing identity matches the installed app. Same developer, verifiably.

  • SHA256 matches community consensus. Other FIXXR users saw the same binary. Or self-verified on first download and cached locally.

  • CDN domain consistent. Mozilla doesn't suddenly update from a domain in Russia. Google doesn't deliver Chrome from a sketchy CDN. Drift is caught.

The library is in order. Every tool verified and in its place.

verified

Same app. Depth unlocked.

Visibility → hygiene → provenance → intelligence. One product; depth is optional, not forced.

01

Visibility

What’s installed and outdated.

fixxr scan · list
02

Hygiene

Install via the right mechanism.

fixxr update
03

Provenance

TeamID, SHA256, Green Seal.

fixxr provenance
04

Intelligence

CVE, risk rank, safety gate.

fixxr cve · report

Every observation
benefits everyone.

The FIXXR community catalog is an open dataset of verified app provenance. Every participant makes the catalog smarter for everyone who follows.

Community catalog

Open provenance data: download URLs, TeamIDs, SHA256, update mechanisms. Opt-in push — only whitelisted fields leave your machine.

Maxx

Help Maxx learn

For apps without automation, run fixxr watch "App" while you update manually. Your observation can become the next person’s automation.


Community stewardship.
Local-first privacy.

The FIXXR Verein

A Swiss non-profit association model for long-term stewardship of the protocol and catalog — open membership, transparent operations, MIT-licensed software.

Read about the Verein →

Privacy

Full inventory and provenance stay on your Mac. Only explicit opt-in fields can leave. Run fixxr privacy --audit anytime.

Privacy policy →

Two ways in.
The workshop is open.

Maxx

Download the app

Menu bar app + CLI in one package.
Drag to Applications. No terminal required.
Maxx starts scanning immediately.

Download DMG

Signed and notarized. macOS 13+. No dependencies.

v0.15.0 · current release · notarized by Apple
sha256: 86409ad703e2ed5b594ff71a1cafe87cc3999a1b16d340b56a57ed21791bfd25
Verify locally: shasum -a 256 FIXXR-*.dmg
$_

Install via terminal

For developers and IT teams.
CLI-only setup with optional Homebrew integration.

$ curl -sSL https://fixxr.org/install.sh | bash copy

macOS 13 Ventura or later · Apple Silicon and Intel supported · No dependencies required for the app
Homebrew integration available as an optional enhancement after install

Read the about page first if you prefer to review before running install scripts. The installer source is at fixxr.org/install.sh and in the GitHub repo.

After install, Maxx suggests:

$ fixxr # meet Maxx
$ fixxr scan # discover updates
$ fixxr list --risk # ranked by exposure
$ fixxr setup # grant narrow sudo (one-time)
$ fixxr update # install with AI safety check
$ fixxr report # endpoint security posture