v2.0.216-dev

Features

Mount Engine

• Replace BFS planner with SAR-aware partition-root resolver — one overlay per resolved partition, aligns mount IDs with partition boundaries to defeat stat-based detection
• Handle >50 overlay layers via staging pyramid — intermediate read-only overlays on /dev prevent kernel layer limit failures (64 on older kernels, 128 on 5.10+)
• Narrow-dir overlay deferral — dirs like lib, lib64, fonts force BFS descent; shallow files fall back to individual bind mounts, preventing overlay from masking GPU drivers and shared libs
• Add mount.exclude_hosts_modules to skip modules containing /system/etc/hosts (prevents global DNS breakage, default: true)
• Add mount.module_blacklist — CSV list of module IDs to exclude from scanning
• Add mount.ext4_image_size_mb — override auto-calculated sparse image size (0 = auto, min 64MB)
• Add mount.restart_framework — stop/start Android framework after mounting for modules that need it
• Pre-mount script execution — run other modules' post-fs-data.sh before mount pipeline in metamodule mode so dynamically created files are visible to the scanner
• Per-module overlay fallback to MagicMount — one bad overlay no longer takes all mounts down
• VFS executor pre-injects directory rules for missing ancestor paths before leaf file rules
• Reflink (FICLONE) copy for f2fs CoW acceleration during overlay staging

Stealth & Anti-Detection

• Migrate prop spoofing from persistent daemon to short-lived CLI calls via resetprop-rs — no persistent mmap handle visible to detection apps
• Stealth property writes — no serial counter bump, no futex wake, no global serial broadcast
• Count-preserving nuke operations for PIF-leaking and custom ROM properties with arena compaction
• Defer all BRENE path hiding to boot-completed, matching real BRENE timing — paths and mounts aren't stable at post-fs-data
• Bridge susfs4ksu multi-value fields: hide_sus_mnts 0/1/2 (off-after-boot), emulate_vold_app_data 0/1/2 (sus_path_loop), skip_legit_mounts, hide_cusrom levels 0-5, sus_open_redirect.txt, kstat JSON
• Remove verified boot hash (ro.boot.vbmeta.digest) spoofing — conflicts with other root modules handling the same property

Module Management

• Auto-skip modules that perform their own mounts — heuristic scan of post-fs-data.sh and service.sh for mount/bind commands prevents double-mount conflicts
• Hot install support for script-only modules via MODULE_HOT_INSTALL_REQUEST="true" — activates without reboot
• Module exclusions UI — checkbox list on Status tab with optimistic update and rollback
• Stop calling other modules' post-fs-data scripts from metamount — trust KSU to handle script orchestration, preventing double-execution of non-idempotent modules

Safety & Recovery

• Unify boot guard into single bootcount with self-disable — one failed boot disables zeromount only, replacing the dual competing shell+Rust system
• Disable SystemUI monitor by default — prevents false-positive recovery lockouts
• Volume-key config preservation on reinstall — stash config on uninstall, 60s prompt to preserve or reset on upgrade
• Atomic module.prop writes via tmp+rename to prevent corruption on OOM kill or watchdog timeout
• Panic hook and mount-error handler surface crash context in KSU/APatch manager description field

WebUI

• Migrate shell execution layer from kernelsu to kernelsu-alt with proper stderr preservation
• Browser locale detection with device-hint fallback via __ZM_LOCALE_CODE__ injected at boot
• Guard module whitelist — protect specific modules from bootloop recovery disabling
• Complete internationalization across 36 locales (391 keys each) — activity log, capabilities, engine options, scenario descriptions all translated
• Mode-positive status display — all 3 mount modes shown as equally functional; no false "Degraded" warnings for non-VFS users
• Warn when MagicMount selected without SUSFS — contextual hint nudging toward OverlayFS
• Module exclusions section — checkbox list to blacklist modules, meta-zeromount locked to prevent self-exclusion
• Collapse Performance and Emoji toggles into collapsible "More" subgroup
• Bootstrap ADB toggles from live Android state on every init, not stale cache
• Drop Orange and Lime from accent color palette
• Polish UI component styles across all tabs

Build & Deploy

• --deploy and --reboot flags for package.sh — push ZIP to device, install via ksud/apd, and reboot in one command
• --release/--debug deploy profile selection

Bug Fixes

• Fix vol-key timeout during install — choose_config 0 blocked indefinitely over ADB since getevent has no stdin; now 60s timeout
• Fix metamount.sh using hardcoded filename instead of iterated $_pfd variable for post-fs-data script paths
• Harden input validation, error propagation, and boot script safety — 19 findings fixed across Rust core, WebUI, and shell scripts (path traversal rejection, shell interpolation sanitization, timeout restoration, stale artifact cleanup)
• Wire overlay executor to partition-root resolver — SAR alias paths (system/vendor/*) now correctly map to the vendor partition overlay
• Fix deploy script calling su -c which doesn't exist on KSU — call ksud/apd binaries directly
• Stage resetprop-rs binary and prop_table.sh in ZIP packaging pipeline
• Add missing install_i18n.sh and install_func.sh to SCRIPTS array — install was failing on device
• Fix SELinux context in overlay mode — copies context from real system path instead of module source on /data
• Clean up skip_mount flags from previous boots — prevents permanent module orphaning on Magisk
• Hijack sweep no longer treats KSU bind mounts as rogue when they fall under ZeroMount-managed paths

Performance

• Eliminate all root shell I/O from WebUI init — service.sh pre-generates zm-init.js at boot containing the webui-init JSON blob, system accent color, and all 36 locale bundles; WebUI loads data synchronously at parse time, cutting 5+ shell round-trips (200-500ms each) on every open

Refactors

• Remove unused notify_module_mounted trait method and all impls — notification handled entirely from shell
• Switch WebUI packaging from npm to pnpm to match lockfile

CI/CD

• Full release pipeline — build all 4 ABIs (debug+release), build WebUI and axon from source, package ZIPs, extract changelog, publish GitHub release with both ZIPs attached
• Switch build triggers to manual dispatch only — no unnecessary CI on every push

Documentation

• Rewrite README body — concise grouped features, orchestration pipeline overview, mount strategy comparison table, dual Telegram links (group + channel)

Dependencies

• Bump resetprop-rs to v0.2.1 — corrupt data hardening, futex wake, per-process prop isolation, persistent property support, protobuf bounds checks
• Upgrade resetprop-rs to v0.4.0 — stealth writes, nuke operations, arena compaction
• Switch resetprop to remote git dependency (no local submodule checkout required)