From 20a396b33e8db6676e5f813022266e4a28f3dd76 Mon Sep 17 00:00:00 2001 From: Tw93 Date: Wed, 11 Mar 2026 11:25:03 +0800 Subject: [PATCH] chore: add journal/ to gitignore, merge path docs into SECURITY_AUDIT --- .gitignore | 1 + SECURITY_AUDIT.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) diff --git a/.gitignore b/.gitignore index 451942f..b83a872 100644 --- a/.gitignore +++ b/.gitignore @@ -51,6 +51,7 @@ GEMINI.md ANTIGRAVITY.md WARP.md AGENTS.md +journal/ .cursorrules # Go build artifacts (development) diff --git a/SECURITY_AUDIT.md b/SECURITY_AUDIT.md index 8fed2c4..7606abc 100644 --- a/SECURITY_AUDIT.md +++ b/SECURITY_AUDIT.md @@ -80,6 +80,57 @@ Some subpaths under otherwise protected roots are explicitly allowlisted for bou This design keeps cleanup scoped to known-safe maintenance targets instead of broad root-level deletion patterns. +## Path Protection Reference + +### Protected Prefixes (Never Deleted) + +```text +/ +/System +/bin +/sbin +/usr +/etc +/var +/private +/Library/Extensions +``` + +### Whitelist Exceptions (Allowlisted for Cleanup) + +Some subpaths under protected roots are explicitly allowlisted: + +- `/private/tmp` +- `/private/var/tmp` +- `/private/var/log` +- `/private/var/folders` +- `/private/var/db/diagnostics` +- `/private/var/db/DiagnosticPipeline` +- `/private/var/db/powerlog` +- `/private/var/db/reportmemoryexception` + +### Protected Categories + +In addition to path blocking, these categories are protected: + +- Keychains, password managers, credentials +- VPN/proxy tools (Shadowsocks, V2Ray, Clash, Tailscale) +- AI tools (Cursor, Claude, ChatGPT, Ollama) +- Browser history and cookies +- Time Machine data (during active backup) +- `com.apple.*` LaunchAgents/LaunchDaemons +- iCloud-synced `Mobile Documents` + +## Implementation Details + +All deletion routes through `lib/core/file_ops.sh`: + +- `validate_path_for_deletion()` - Empty, relative, traversal checks +- `should_protect_path()` - Prefix and pattern matching +- `safe_remove()`, `safe_find_delete()`, `safe_sudo_remove()` - Guarded operations + +See [`journal/2026-03-11-safe-remove-design.md`](journal/2026-03-11-safe-remove-design.md) for design rationale. + ## Protected Directories and Categories Mole has explicit protected-path and protected-category logic in addition to root-path blocking.