refactor: prepare the backend for cross-platform function

deps(deps): bump the frontend-dependencies group across 1 directory with 12 updates

.github/workflows/dependabot-automerge.yml

@@ -0,0 +1,60 @@
+name: Dependabot Automerge
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+
+permissions:
+  pull-requests: write
+  contents: write
+  checks: read
+
+jobs:
+  security-scan:
+    name: Security Vulnerability Scan
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@e69cc6c86b31f1e7e23935bbe7031b50e51082de" # v2.0.2
+    with:
+      scan-args: |-
+        -r
+        --skip-git
+        --lockfile=pnpm-lock.yaml
+        --lockfile=src-tauri/Cargo.lock
+        --lockfile=nodecar/pnpm-lock.yaml
+        ./
+    permissions:
+      security-events: write
+      contents: read
+      actions: read
+
+  lint-js:
+    name: Lint JavaScript/TypeScript
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    uses: ./.github/workflows/lint-js.yml
+    secrets: inherit
+
+  lint-rust:
+    name: Lint Rust
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    uses: ./.github/workflows/lint-rs.yml
+    secrets: inherit
+
+  dependabot-automerge:
+    name: Dependabot Automerge
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    needs: [security-scan, lint-js, lint-rust]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Auto-merge minor and patch updates
+        uses: ridedott/merge-me-action@v2
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PRESET: DEPENDABOT_MINOR
+          MERGE_METHOD: SQUASH
+    timeout-minutes: 10

.github/workflows/lint-rs.yml

@@ -14,9 +14,8 @@ on:
       - "src/**"
       - "nodecar/**"
       - "package.json"
-      - "package-lock.json"
-      - "yarn.lock"
       - "pnpm-lock.yaml"
+      - "yarn.lock"
       - "README.md"
       - ".github/workflows/lint-js.yml"
       - ".github/workflows/osv.yml"
@@ -68,7 +67,7 @@ jobs:
       - name: Install nodecar dependencies
         working-directory: ./nodecar
         run: |
-          pnpm install --ignore-workspace --frozen-lockfile
+          pnpm install --frozen-lockfile
 
       - name: Build nodecar binary
         shell: bash

.github/workflows/osv.yml

@@ -21,11 +21,10 @@ on:
     paths:
       - "package.json"
       - "pnpm-lock.yaml"
-      - "package-lock.json"
       - "src-tauri/Cargo.toml"
       - "src-tauri/Cargo.lock"
       - "nodecar/package.json"
-      - "nodecar/package-lock.json"
+      - "nodecar/pnpm-lock.yaml"
       - ".github/workflows/osv.yml"
   merge_group:
     branches: ["main"]
@@ -37,43 +36,39 @@ on:
     paths:
       - "package.json"
       - "pnpm-lock.yaml"
-      - "package-lock.json"
       - "src-tauri/Cargo.toml"
       - "src-tauri/Cargo.lock"
       - "nodecar/package.json"
-      - "nodecar/package-lock.json"
+      - "nodecar/pnpm-lock.yaml"
 
 permissions:
-  # Require writing security events to upload SARIF file to security tab
   security-events: write
-  # Read commit contents
   contents: read
+  actions: read
 
 jobs:
   scan-scheduled:
     name: Scheduled Security Scan
     if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@e69cc6c86b31f1e7e23935bbe7031b50e51082de" # v2.0.2
     with:
       scan-args: |-
         -r
         --skip-git
-        --lockfile=package-lock.json
         --lockfile=pnpm-lock.yaml
         --lockfile=src-tauri/Cargo.lock
-        --lockfile=nodecar/package-lock.json
+        --lockfile=nodecar/pnpm-lock.yaml
         ./
 
   scan-pr:
     name: PR Security Scan
     if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@e69cc6c86b31f1e7e23935bbe7031b50e51082de" # v2.0.2
     with:
       scan-args: |-
         -r
         --skip-git
-        --lockfile=package-lock.json
         --lockfile=pnpm-lock.yaml
         --lockfile=src-tauri/Cargo.lock
-        --lockfile=nodecar/package-lock.json
+        --lockfile=nodecar/pnpm-lock.yaml
         ./

.github/workflows/pr-checks.yml

@@ -7,10 +7,9 @@ on:
     branches: ["main"]
 
 permissions:
-  # Required for OSV scanner to upload SARIF file to security tab
   security-events: write
-  # Read commit contents
   contents: read
+  actions: read
 
 jobs:
   lint-js:
@@ -26,7 +25,7 @@ jobs:
   security-scan:
     name: Security Vulnerability Scan
     if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
-    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78" # v1.7.1
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@e69cc6c86b31f1e7e23935bbe7031b50e51082de" # v2.0.2
     with:
       scan-args: |-
         -r

.github/workflows/release.yml

@@ -11,6 +11,22 @@ env:
   STABLE_RELEASE: "true"
 
 jobs:
+  security-scan:
+    name: Security Vulnerability Scan
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@e69cc6c86b31f1e7e23935bbe7031b50e51082de" # v2.0.2
+    with:
+      scan-args: |-
+        -r
+        --skip-git
+        --lockfile=pnpm-lock.yaml
+        --lockfile=src-tauri/Cargo.lock
+        --lockfile=nodecar/pnpm-lock.yaml
+        ./
+    permissions:
+      security-events: write
+      contents: read
+      actions: read
+
   lint-js:
     name: Lint JavaScript/TypeScript
     uses: ./.github/workflows/lint-js.yml
@@ -22,7 +38,7 @@ jobs:
     secrets: inherit
 
   release:
-    needs: [lint-js, lint-rust]
+    needs: [security-scan, lint-js, lint-rust]
     permissions:
       contents: write
     strategy:
@@ -101,7 +117,7 @@ jobs:
       - name: Install nodecar dependencies
         working-directory: ./nodecar
         run: |
-          pnpm install --ignore-workspace --frozen-lockfile
+          pnpm install --frozen-lockfile
 
       - name: Build nodecar sidecar
         shell: bash

.github/workflows/rolling-release.yml

@@ -10,6 +10,22 @@ env:
   TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
 
 jobs:
+  security-scan:
+    name: Security Vulnerability Scan
+    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@e69cc6c86b31f1e7e23935bbe7031b50e51082de" # v2.0.2
+    with:
+      scan-args: |-
+        -r
+        --skip-git
+        --lockfile=pnpm-lock.yaml
+        --lockfile=src-tauri/Cargo.lock
+        --lockfile=nodecar/pnpm-lock.yaml
+        ./
+    permissions:
+      security-events: write
+      contents: read
+      actions: read
+
   lint-js:
     name: Lint JavaScript/TypeScript
     uses: ./.github/workflows/lint-js.yml
@@ -21,7 +37,7 @@ jobs:
     secrets: inherit
 
   rolling-release:
-    needs: [lint-js, lint-rust]
+    needs: [security-scan, lint-js, lint-rust]
     permissions:
       contents: write
     strategy:
@@ -69,7 +85,7 @@ jobs:
       - name: Install nodecar dependencies
         working-directory: ./nodecar
         run: |
-          pnpm install --ignore-workspace --frozen-lockfile
+          pnpm install --frozen-lockfile
 
       - name: Build nodecar sidecar
         shell: bash

.gitignore

@@ -5,6 +5,10 @@
 /.pnp
 .pnp.js
 
+# npm/yarn lock files (project uses pnpm only)
+**/package-lock.json
+**/yarn.lock
+
 # testing
 /coverage
 

.vscode/settings.json

@@ -3,6 +3,7 @@
     "applescript",
     "autoconfig",
     "autologin",
+    "biomejs",
     "cdylib",
     "CFURL",
     "checkin",
@@ -11,6 +12,7 @@
     "donutbrowser",
     "dtolnay",
     "elif",
+    "esbuild",
     "gifs",
     "launchservices",
     "mountpoint",
@@ -24,6 +26,7 @@
     "reqwest",
     "rlib",
     "rustc",
+    "SARIF",
     "serde",
     "shadcn",
     "signon",
@@ -38,6 +41,7 @@
     "Torbrowser",
     "turbopack",
     "unlisten",
+    "unrs",
     "wiremock",
     "xattr",
     "zhom"

CONTRIBUTING.md

@@ -50,7 +50,7 @@ After having the above dependencies installed, proceed through the following ste
 
    ```bash
    cd nodecar
-   pnpm install --ignore-workspace --frozen-lockfile
+   pnpm install --frozen-lockfile
    cd ..
    ```
 

SECURITY.md

@@ -0,0 +1,40 @@
+# Security Policy
+
+## Reporting Security Issues
+
+Thanks for helping make Donut Browser safe for everyone! ❤️
+
+We take the security of Donut Browser seriously. If you believe you have found a security vulnerability in Donut Browser, please report it to us through coordinated disclosure.
+
+**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
+
+Instead, please send an email to **contact at donutbrowser dot com** with the subject line "Security Vulnerability Report".
+
+Please include as much of the information listed below as you can to help us better understand and resolve the issue:
+
+- The type of issue (e.g., buffer overflow, injection attack, privilege escalation, or cross-site scripting)
+- Full paths of source file(s) related to the manifestation of the issue
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if possible)
+- Impact of the issue, including how an attacker might exploit the issue
+- Your assessment of the severity level
+
+This information will help us triage your report more quickly.
+
+## What to Expect
+
+- **Response Time**: We will acknowledge receipt of your vulnerability report within 72 hours.
+- **Investigation**: We will investigate the issue and provide you with updates on our progress.
+- **Resolution**: We aim to resolve critical security issues as fast as possible, but no longer than in 30 days after the initial report.
+- **Disclosure**: We will coordinate with you on the timing of any public disclosure.
+
+## Contact
+
+For urgent security matters, please contact us at **contact at donutbrowser dot com**.
+
+For general questions about this security policy, you can also reach out through:
+
+- [GitHub Issues](https://github.com/zhom/donutbrowser/issues) (for non-security questions only)
+- [GitHub Discussions](https://github.com/zhom/donutbrowser/discussions)

nodecar/package.json

@@ -18,15 +18,15 @@
   "keywords": [],
   "author": "",
   "license": "AGPL-3.0",
-  "packageManager": "pnpm@10.6.1",
+  "packageManager": "pnpm@10.11.1+sha512.e519b9f7639869dc8d5c3c5dfef73b3f091094b0a006d7317353c72b124e80e1afd429732e28705ad6bfa1ee879c1fce46c128ccebd3192101f43dd67c667912",
   "dependencies": {
-    "@types/node": "^22.15.17",
-    "@yao-pkg/pkg": "^6.4.1",
-    "commander": "^13.1.0",
+    "@types/node": "^22.15.29",
+    "@yao-pkg/pkg": "^6.5.1",
+    "commander": "^14.0.0",
     "dotenv": "^16.5.0",
     "get-port": "^7.1.0",
     "nodemon": "^3.1.10",
-    "proxy-chain": "^2.5.8",
+    "proxy-chain": "^2.5.9",
     "ts-node": "^10.9.2",
     "typescript": "^5.8.3"
   }

nodecar/src/index.ts

@@ -48,8 +48,8 @@ program
             ignoreProxyCertificate: options.ignoreCertificate,
           });
           console.log(JSON.stringify(config));
-        } catch (error: any) {
-          console.error(`Failed to start proxy: ${error.message}`);
+        } catch (error: unknown) {
+          console.error(`Failed to start proxy: ${JSON.stringify(error)}`);
         }
       } else if (action === "stop") {
         if (options.id) {

nodecar/src/proxy-runner.ts

@@ -1,5 +1,5 @@
-import { spawn } from "child_process";
-import path from "path";
+import { spawn } from "node:child_process";
+import path from "node:path";
 import getPort from "get-port";
 import {
   type ProxyConfig,

nodecar/src/proxy-storage.ts

@@ -1,6 +1,6 @@
-import fs from "fs";
-import path from "path";
-import os from "os";
+import fs from "node:fs";
+import path from "node:path";
+import os from "node:os";
 
 // Define the proxy configuration type
 export interface ProxyConfig {

package.json

@@ -42,31 +42,31 @@
     "react": "^19.1.0",
     "react-dom": "^19.1.0",
     "react-icons": "^5.5.0",
-    "sonner": "^2.0.3",
+    "sonner": "^2.0.5",
     "tailwind-merge": "^3.3.0"
   },
   "devDependencies": {
     "@biomejs/biome": "1.9.4",
     "@eslint/eslintrc": "^3.3.1",
-    "@eslint/js": "^9.27.0",
-    "@next/eslint-plugin-next": "^15.3.2",
-    "@tailwindcss/postcss": "^4.1.7",
+    "@eslint/js": "^9.28.0",
+    "@next/eslint-plugin-next": "^15.3.3",
+    "@tailwindcss/postcss": "^4.1.8",
     "@tauri-apps/cli": "^2.5.0",
-    "@types/node": "^22.15.21",
-    "@types/react": "^19.1.5",
+    "@types/node": "^22.15.29",
+    "@types/react": "^19.1.6",
     "@types/react-dom": "^19.1.5",
-    "@typescript-eslint/eslint-plugin": "^8.32.1",
-    "@typescript-eslint/parser": "^8.32.1",
-    "@vitejs/plugin-react": "^4.5.0",
-    "eslint": "^9.27.0",
-    "eslint-config-next": "^15.3.2",
+    "@typescript-eslint/eslint-plugin": "^8.33.1",
+    "@typescript-eslint/parser": "^8.33.1",
+    "@vitejs/plugin-react": "^4.5.1",
+    "eslint": "^9.28.0",
+    "eslint-config-next": "^15.3.3",
     "eslint-plugin-react-hooks": "^5.2.0",
     "husky": "^9.1.7",
     "lint-staged": "^16.1.0",
-    "tailwindcss": "^4.1.7",
-    "tw-animate-css": "^1.3.0",
+    "tailwindcss": "^4.1.8",
+    "tw-animate-css": "^1.3.3",
     "typescript": "~5.8.3",
-    "typescript-eslint": "^8.32.1"
+    "typescript-eslint": "^8.33.1"
   },
   "packageManager": "pnpm@10.11.0+sha512.6540583f41cc5f628eb3d9773ecee802f4f9ef9923cc45b69890fb47991d4b092964694ec3a4f738a420c918a333062c8b925d312f42e4f0c263eb603551f977",
   "lint-staged": {

pnpm-workspace.yaml

@@ -1,5 +1,9 @@
+packages:
+  - "nodecar"
+
 onlyBuiltDependencies:
-  - '@biomejs/biome'
-  - '@tailwindcss/oxide'
+  - "@biomejs/biome"
+  - "@tailwindcss/oxide"
   - esbuild
   - sharp
+  - unrs-resolver

src-tauri/Cargo.lock

@@ -458,9 +458,9 @@ dependencies = [
 
 [[package]]
 name = "camino"
-version = "1.1.9"
+version = "1.1.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b96ec4966b5813e2c0507c1f86115c8c5abaadc3980879c3424042a02fd1ad3"
+checksum = "0da45bc31171d8d6960122e222a67740df867c1dd53b4d51caa297084c185cab"
 dependencies = [
  "serde",
 ]
@@ -3395,9 +3395,9 @@ checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
 
 [[package]]
 name = "reqwest"
-version = "0.12.18"
+version = "0.12.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e98ff6b0dbbe4d5a37318f433d4fc82babd21631f194d370409ceb2e40b2f0b5"
+checksum = "a2f8e5513d63f2e5b386eb5106dc67eaf3f84e95258e210489136b8b92ad6119"
 dependencies = [
  "base64 0.22.1",
  "bytes",
@@ -4731,9 +4731,9 @@ dependencies = [
 
 [[package]]
 name = "tower-http"
-version = "0.6.4"
+version = "0.6.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0fdb0c213ca27a9f57ab69ddb290fd80d970922355b83ae380b395d3986b8a2e"
+checksum = "5cc2d9e086a412a451384326f521c8123a99a466b329941a9403696bff9b0da2"
 dependencies = [
  "bitflags 2.9.1",
  "bytes",

src-tauri/src/browser_version_service.rs

@@ -239,7 +239,7 @@ impl BrowserVersionService {
             } else {
               BrowserVersionInfo {
                 version: version.clone(),
-                is_prerelease: version.contains("alpha") || version.contains("beta"),
+                is_prerelease: false, // Zen Browser releases are usually stable
                 date: "".to_string(),
               }
             }
@@ -356,60 +356,148 @@ impl BrowserVersionService {
     version: &str,
   ) -> Result<DownloadInfo, Box<dyn std::error::Error + Send + Sync>> {
     match browser {
-            "firefox" => Ok(DownloadInfo {
-                url: format!("https://download.mozilla.org/?product=firefox-{version}&os=osx&lang=en-US"),
-                filename: format!("firefox-{version}.dmg"),
-                is_archive: true,
-            }),
-            "firefox-developer" => Ok(DownloadInfo {
-                url: format!("https://download.mozilla.org/?product=devedition-{version}&os=osx&lang=en-US"),
-                filename: format!("firefox-developer-{version}.dmg"),
-                is_archive: true,
-            }),
-            "mullvad-browser" => Ok(DownloadInfo {
-                url: format!(
-                    "https://github.com/mullvad/mullvad-browser/releases/download/{version}/mullvad-browser-macos-{version}.dmg"
-                ),
-                filename: format!("mullvad-browser-{version}.dmg"),
-                is_archive: true,
-            }),
-            "zen" => Ok(DownloadInfo {
-                url: format!(
-                    "https://github.com/zen-browser/desktop/releases/download/{version}/zen.macos-universal.dmg"
-                ),
-                filename: format!("zen-{version}.dmg"),
-                is_archive: true,
-            }),
-            "brave" => {
-                // For Brave, we use a placeholder URL since we need to resolve the actual asset URL dynamically
-                // The actual URL will be resolved in the download service using the GitHub API
-                Ok(DownloadInfo {
-                    url: format!(
-                        "https://github.com/brave/brave-browser/releases/download/{version}/Brave-Browser-universal.dmg"
-                    ),
-                    filename: format!("brave-{version}.dmg"),
-                    is_archive: true,
-                })
-            }
-            "chromium" => {
-                let arch = if cfg!(target_arch = "aarch64") { "Mac_Arm" } else { "Mac" };
-                Ok(DownloadInfo {
-                    url: format!(
-                        "https://commondatastorage.googleapis.com/chromium-browser-snapshots/{arch}/{version}/chrome-mac.zip"
-                    ),
-                    filename: format!("chromium-{version}.zip"),
-                    is_archive: true,
-                })
-            }
-            "tor-browser" => Ok(DownloadInfo {
-                url: format!(
-                    "https://archive.torproject.org/tor-package-archive/torbrowser/{version}/tor-browser-macos-{version}.dmg"
-                ),
-                filename: format!("tor-browser-{version}.dmg"),
-                is_archive: true,
-            }),
-            _ => Err(format!("Unsupported browser: {browser}").into()),
-        }
+      "firefox" => {
+        #[cfg(target_os = "macos")]
+        return Ok(DownloadInfo {
+          url: format!("https://download.mozilla.org/?product=firefox-{version}&os=osx&lang=en-US"),
+          filename: format!("firefox-{version}.dmg"),
+          is_archive: true,
+        });
+
+        #[cfg(target_os = "windows")]
+        return Ok(DownloadInfo {
+          url: format!("https://download.mozilla.org/?product=firefox-{version}&os=win64&lang=en-US"),
+          filename: format!("firefox-{version}.exe"),
+          is_archive: false,
+        });
+
+        #[cfg(target_os = "linux")]
+        return Ok(DownloadInfo {
+          url: format!("https://download.mozilla.org/?product=firefox-{version}&os=linux64&lang=en-US"),
+          filename: format!("firefox-{version}.tar.bz2"),
+          is_archive: true,
+        });
+
+        #[cfg(not(any(target_os = "macos", target_os = "windows", target_os = "linux")))]
+        return Err("Unsupported platform for Firefox".into());
+      }
+      "firefox-developer" => {
+        #[cfg(target_os = "macos")]
+        return Ok(DownloadInfo {
+          url: format!("https://download.mozilla.org/?product=devedition-{version}&os=osx&lang=en-US"),
+          filename: format!("firefox-developer-{version}.dmg"),
+          is_archive: true,
+        });
+
+        #[cfg(target_os = "windows")]
+        return Ok(DownloadInfo {
+          url: format!("https://download.mozilla.org/?product=devedition-{version}&os=win64&lang=en-US"),
+          filename: format!("firefox-developer-{version}.exe"),
+          is_archive: false,
+        });
+
+        #[cfg(target_os = "linux")]
+        return Ok(DownloadInfo {
+          url: format!("https://download.mozilla.org/?product=devedition-{version}&os=linux64&lang=en-US"),
+          filename: format!("firefox-developer-{version}.tar.bz2"),
+          is_archive: true,
+        });
+
+        #[cfg(not(any(target_os = "macos", target_os = "windows", target_os = "linux")))]
+        return Err("Unsupported platform for Firefox Developer".into());
+      }
+      "mullvad-browser" => {
+        #[cfg(target_os = "macos")]
+        return Ok(DownloadInfo {
+          url: format!(
+            "https://github.com/mullvad/mullvad-browser/releases/download/{version}/mullvad-browser-macos-{version}.dmg"
+          ),
+          filename: format!("mullvad-browser-{version}.dmg"),
+          is_archive: true,
+        });
+
+        #[cfg(target_os = "windows")]
+        return Ok(DownloadInfo {
+          url: format!(
+            "https://github.com/mullvad/mullvad-browser/releases/download/{version}/mullvad-browser-windows-{version}.exe"
+          ),
+          filename: format!("mullvad-browser-{version}.exe"),
+          is_archive: false,
+        });
+
+        #[cfg(target_os = "linux")]
+        return Ok(DownloadInfo {
+          url: format!(
+            "https://github.com/mullvad/mullvad-browser/releases/download/{version}/mullvad-browser-linux-{version}.tar.xz"
+          ),
+          filename: format!("mullvad-browser-{version}.tar.xz"),
+          is_archive: true,
+        });
+
+        #[cfg(not(any(target_os = "macos", target_os = "windows", target_os = "linux")))]
+        return Err("Unsupported platform for Mullvad Browser".into());
+      }
+      "zen" => {
+        #[cfg(target_os = "macos")]
+        return Ok(DownloadInfo {
+          url: format!(
+            "https://github.com/zen-browser/desktop/releases/download/{version}/zen.macos-universal.dmg"
+          ),
+          filename: format!("zen-{version}.dmg"),
+          is_archive: true,
+        });
+
+        #[cfg(target_os = "windows")]
+        return Ok(DownloadInfo {
+          url: format!(
+            "https://github.com/zen-browser/desktop/releases/download/{version}/zen.win.x64.zip"
+          ),
+          filename: format!("zen-{version}.zip"),
+          is_archive: true,
+        });
+
+        #[cfg(target_os = "linux")]
+        return Ok(DownloadInfo {
+          url: format!(
+            "https://github.com/zen-browser/desktop/releases/download/{version}/zen.linux-x86_64.AppImage"
+          ),
+          filename: format!("zen-{version}.AppImage"),
+          is_archive: false,
+        });
+
+        #[cfg(not(any(target_os = "macos", target_os = "windows", target_os = "linux")))]
+        return Err("Unsupported platform for Zen Browser".into());
+      }
+      "brave" => {
+        // For Brave, we use a placeholder URL since we need to resolve the actual asset URL dynamically
+        // The actual URL will be resolved in the download service using the GitHub API
+        Ok(DownloadInfo {
+          url: format!(
+            "https://github.com/brave/brave-browser/releases/download/{version}/Brave-Browser-universal.dmg"
+          ),
+          filename: format!("brave-{version}.dmg"),
+          is_archive: true,
+        })
+      }
+      "chromium" => {
+        let arch = if cfg!(target_arch = "aarch64") { "Mac_Arm" } else { "Mac" };
+        Ok(DownloadInfo {
+          url: format!(
+            "https://commondatastorage.googleapis.com/chromium-browser-snapshots/{arch}/{version}/chrome-mac.zip"
+          ),
+          filename: format!("chromium-{version}.zip"),
+          is_archive: true,
+        })
+      }
+      "tor-browser" => Ok(DownloadInfo {
+        url: format!(
+          "https://archive.torproject.org/tor-package-archive/torbrowser/{version}/tor-browser-macos-{version}.dmg"
+        ),
+        filename: format!("tor-browser-{version}.dmg"),
+        is_archive: true,
+      }),
+      _ => Err(format!("Unsupported browser: {browser}").into()),
+    }
   }
 
   // Private helper methods for each browser type