HearthGate 1.7 is live
HearthGate 1.7 is a hardening release for the messy parts of real Mac operations: fresh .hgex exports after key revocation, restore to the same Mac or a new install, privacy-aware logs, pre-auth access notices, sensitive-file hygiene, and clearer operator signals.
A revoked key stays revoked across .hgex restore on the same Mac, and across restore to a new or freshly installed Mac when the backup was taken after the revocation. HearthGate's backup-freshness banner reminds you to export a fresh .hgex after revoking keys, so the revocation rides along.
HearthGate can place an authorized-access notice before SSH authentication and on the macOS login window, so operators can communicate access terms before a session begins.
The logging surface was audited so operational signals stay useful while sensitive values are kept out of broad system logs whenever possible.
Private-key exports, encrypted bundles, backups, and QR files are marked to reduce accidental exposure through Spotlight, Quick Look, backup, and sync surfaces.
Defense in depth
Revoking a key is only meaningful if the next backup carries that decision forward. HearthGate 1.7 treats revocation as state that should be visible, auditable, and included when you export a fresh .hgex after removing access.
When the .hgex was exported after a key was revoked, restoring that backup carries the revoked-key state into the restored policy.
The app surfaces revoked-key state and restore warnings earlier, so an operator sees risky imported material before it becomes a confusing connection failure.
Integrity mismatches on sensitive stores can emit visible system events, reducing the chance that disk-level manipulation remains silent.
Operational examples
Most of the work in 1.7 lives under the surface, but it changes how safe the product feels when real operations get messy.
Use case
Revoke the key, then export a fresh .hgex before restoring on the same Mac, a new Mac, or a freshly installed Mac. The backup-freshness banner exists to make that order hard to miss.
Use case
Private keys, encrypted handoff files, QR images, and backups are still yours to move, but HearthGate marks them to reduce accidental indexing, previews, backup, and sync exposure.
Use case
Important access events, restore warnings, brute-force signals, and integrity failures are easier to find in the operator-facing surface instead of being scattered across broad system logs.
Security notes
HearthGate 1.7 adds security work that maps naturally to common control families and CWE-style failure modes. That makes the release useful for technical review and procurement conversations without claiming a separate compliance certification.
Learn about SILA, the codnamacs security lifecycle frameworkHearthGate 1.7