Whitelist capability optimization

bin/clean.sh

@@ -32,18 +32,9 @@ readonly PROTECTED_SW_DOMAINS=(
     "photopea.com"
     "pixlr.com"
 )
-readonly FINDER_METADATA_SENTINEL="FINDER_METADATA"
+
-# Default whitelist patterns (preselected, user can disable)
+# Whitelist patterns (loaded from common.sh)
-declare -a DEFAULT_WHITELIST_PATTERNS=(
+# FINDER_METADATA_SENTINEL and DEFAULT_WHITELIST_PATTERNS defined in lib/common.sh
-    "$HOME/Library/Caches/ms-playwright*"
-    "$HOME/.cache/huggingface*"
-    "$HOME/.m2/repository/*"
-    "$HOME/.ollama/models/*"
-    "$HOME/Library/Caches/com.nssurge.surge-mac/*"
-    "$HOME/Library/Application Support/com.nssurge.surge-mac/*"
-    "$HOME/Library/Caches/org.R-project.R/R/renv/*"
-    "$FINDER_METADATA_SENTINEL"
-)
 declare -a WHITELIST_PATTERNS=()
 WHITELIST_WARNINGS=()
 
@@ -66,6 +57,8 @@ if [[ -f "$HOME/.config/mole/whitelist" ]]; then
             continue
         fi
 
+        # Skip validation for special sentinel values
+        if [[ "$line" != "$FINDER_METADATA_SENTINEL" ]]; then
             # Path validation with support for spaces and wildcards
             # Allow: letters, numbers, /, _, ., -, @, spaces, and * anywhere in path
             if [[ ! "$line" =~ ^[a-zA-Z0-9/_.@\ *-]+$ ]]; then
@@ -78,6 +71,7 @@ if [[ -f "$HOME/.config/mole/whitelist" ]]; then
                 WHITELIST_WARNINGS+=("Must be absolute path: $line")
                 continue
             fi
+        fi
 
         # Reject paths with consecutive slashes (e.g., //)
         if [[ "$line" =~ // ]]; then
@@ -525,12 +519,35 @@ perform_cleanup() {
     check_tcc_permissions
 
     # Show whitelist info if patterns are active
-    local active_count=${#WHITELIST_PATTERNS[@]}
+    if [[ ${#WHITELIST_PATTERNS[@]} -gt 0 ]]; then
-    if [[ $active_count -gt 2 ]]; then
+        # Count predefined vs custom patterns
-        local custom_count=$((active_count - 2))
+        local predefined_count=0
-        echo -e "${BLUE}${ICON_SUCCESS}${NC} Whitelist: $custom_count custom + 2 core patterns active"
+        local custom_count=0
-    elif [[ $active_count -eq 2 ]]; then
+
-        echo -e "${BLUE}${ICON_SUCCESS}${NC} Whitelist: 2 core patterns active"
+        for pattern in "${WHITELIST_PATTERNS[@]}"; do
+            local is_predefined=false
+            for default in "${DEFAULT_WHITELIST_PATTERNS[@]}"; do
+                if [[ "$pattern" == "$default" ]]; then
+                    is_predefined=true
+                    break
+                fi
+            done
+
+            if [[ "$is_predefined" == "true" ]]; then
+                ((predefined_count++))
+            else
+                ((custom_count++))
+            fi
+        done
+
+        # Display whitelist status
+        if [[ $custom_count -gt 0 && $predefined_count -gt 0 ]]; then
+            echo -e "${BLUE}${ICON_SUCCESS}${NC} Whitelist: $predefined_count core + $custom_count custom patterns active"
+        elif [[ $custom_count -gt 0 ]]; then
+            echo -e "${BLUE}${ICON_SUCCESS}${NC} Whitelist: $custom_count custom patterns active"
+        elif [[ $predefined_count -gt 0 ]]; then
+            echo -e "${BLUE}${ICON_SUCCESS}${NC} Whitelist: $predefined_count core patterns active"
+        fi
     fi
 
     # Initialize counters

lib/common.sh

@@ -45,6 +45,19 @@ readonly MOLE_CRASH_REPORT_AGE_DAYS=30   # Crash report retention
 readonly MOLE_SAVED_STATE_AGE_DAYS=7     # App saved state retention
 readonly MOLE_TM_BACKUP_SAFE_HOURS=48    # Time Machine failed backup safety window
 
+# Whitelist configuration
+readonly FINDER_METADATA_SENTINEL="FINDER_METADATA"
+declare -a DEFAULT_WHITELIST_PATTERNS=(
+    "$HOME/Library/Caches/ms-playwright*"
+    "$HOME/.cache/huggingface*"
+    "$HOME/.m2/repository/*"
+    "$HOME/.ollama/models/*"
+    "$HOME/Library/Caches/com.nssurge.surge-mac/*"
+    "$HOME/Library/Application Support/com.nssurge.surge-mac/*"
+    "$HOME/Library/Caches/org.R-project.R/R/renv/*"
+    "$FINDER_METADATA_SENTINEL"
+)
+
 # Get spinner characters (overridable via MO_SPINNER_CHARS)
 mo_spinner_chars() {
     local chars="${MO_SPINNER_CHARS:-|/-\\}"

lib/whitelist_manager.sh

@@ -12,17 +12,9 @@ source "$SCRIPT_DIR/menu_simple.sh"
 # Config file path
 WHITELIST_CONFIG="$HOME/.config/mole/whitelist"
 
-# Default whitelist patterns (preselected on first run)
+# Default whitelist patterns defined in lib/common.sh:
-declare -a DEFAULT_WHITELIST_PATTERNS=(
+# - DEFAULT_WHITELIST_PATTERNS
-    "$HOME/Library/Caches/ms-playwright*"
+# - FINDER_METADATA_SENTINEL
-    "$HOME/.cache/huggingface*"
-    "$HOME/.m2/repository/*"
-    "$HOME/.ollama/models/*"
-    "$HOME/Library/Caches/com.nssurge.surge-mac/*"
-    "$HOME/Library/Application Support/com.nssurge.surge-mac/*"
-    "$HOME/Library/Caches/org.R-project.R/R/renv/*"
-    "FINDER_METADATA"
-)
 
 # Save whitelist patterns to config
 save_whitelist_patterns() {
@@ -131,8 +123,9 @@ Podman container cache|$HOME/.local/share/containers/cache/*|container_cache
 Font cache|$HOME/Library/Caches/com.apple.FontRegistry/*|system_cache
 Spotlight metadata cache|$HOME/Library/Caches/com.apple.spotlight/*|system_cache
 CloudKit cache|$HOME/Library/Caches/CloudKit/*|system_cache
-Finder metadata (.DS_Store)|FINDER_METADATA|system_cache
 EOF
+    # Add FINDER_METADATA with constant reference
+    echo "Finder metadata (.DS_Store)|$FINDER_METADATA_SENTINEL|system_cache"
 }
 
 patterns_equivalent() {
@@ -222,6 +215,23 @@ manage_whitelist_categories() {
         ((index++))
     done < <(get_all_cache_items)
 
+    # Identify custom patterns (not in predefined list)
+    local -a custom_patterns=()
+    if [[ ${#CURRENT_WHITELIST_PATTERNS[@]} -gt 0 ]]; then
+        for current_pattern in "${CURRENT_WHITELIST_PATTERNS[@]}"; do
+            local is_predefined=false
+            for predefined_pattern in "${cache_patterns[@]}"; do
+                if patterns_equivalent "$current_pattern" "$predefined_pattern"; then
+                    is_predefined=true
+                    break
+                fi
+            done
+            if [[ "$is_predefined" == "false" ]]; then
+                custom_patterns+=("$current_pattern")
+            fi
+        done
+    fi
+
     # Prioritize already-selected items to appear first
     local -a selected_cache_items=()
     local -a selected_cache_patterns=()
@@ -293,16 +303,34 @@ manage_whitelist_categories() {
         done
     fi
 
-    # Save to whitelist config (bash 3.2 + set -u safe)
+    # Merge custom patterns with selected patterns
+    local -a all_patterns=()
     if [[ ${#selected_patterns[@]} -gt 0 ]]; then
-        save_whitelist_patterns "${selected_patterns[@]}"
+        all_patterns=("${selected_patterns[@]}")
+    fi
+    if [[ ${#custom_patterns[@]} -gt 0 ]]; then
+        for custom_pattern in "${custom_patterns[@]}"; do
+            all_patterns+=("$custom_pattern")
+        done
+    fi
+
+    # Save to whitelist config (bash 3.2 + set -u safe)
+    if [[ ${#all_patterns[@]} -gt 0 ]]; then
+        save_whitelist_patterns "${all_patterns[@]}"
     else
         save_whitelist_patterns
     fi
 
-    print_summary_block "success" \
+    local total_protected=$((${#selected_patterns[@]} + ${#custom_patterns[@]}))
-        "Protected ${#selected_patterns[@]} cache(s)" \
+    local -a summary_lines=()
-        "Saved to ${WHITELIST_CONFIG}"
+    if [[ ${#custom_patterns[@]} -gt 0 ]]; then
+        summary_lines+=("Protected ${#selected_patterns[@]} predefined + ${#custom_patterns[@]} custom patterns")
+    else
+        summary_lines+=("Protected ${total_protected} cache(s)")
+    fi
+    summary_lines+=("Saved to ${WHITELIST_CONFIG}")
+
+    print_summary_block "success" "${summary_lines[@]}"
     printf '\n'
 }