diff --git a/SECURITY_AUDIT.md b/SECURITY_AUDIT.md index ed2bf90..e4b4013 100644 --- a/SECURITY_AUDIT.md +++ b/SECURITY_AUDIT.md @@ -145,13 +145,13 @@ The analyzer (`mo analyze`) uses a distinct security model: **Code:** `lib/clean/apps.sh:orphan_detection()` -#### New Language Ecosystem Support (v1.19.1+) +#### Developer Tool Ecosystems (Consolidated) -Added support for Elixir, Haskell, OCaml, and Editors (VS Code, Zed) with strict safety checks: +Support for 20+ languages (Rust, Go, Node, Python, JVM, Mobile, Elixir, Haskell, OCaml, etc.) with strict safety checks: -- **Existence Checks:** Cleanup logic only runs if the tool is installed (directory exists). -- **Safe Targets:** Only volatile caches are cleaned (e.g., `~/.hex/cache`). -- **Protected Paths:** Critical directories like `~/.mix/archives` (installed tools) and `~/.stack/programs` (installed compilers) are explicitly **excluded**. +- **Global Optimization:** The core `safe_clean` function now intelligently checks parent directories before attempting wildcard cleanups, eliminating overhead for missing tools across the entire system. +- **Safe Targets:** Only volatile caches are cleaned (e.g., `~/.cargo/registry/cache`, `~/.gradle/caches`). +- **Protected Paths:** Critical directories like `~/.cargo/bin`, `~/.mix/archives`, `~/.rustup` toolchains, and `~/.stack/programs` are explicitly **excluded**. #### Active Uninstallation Heuristics diff --git a/bin/clean.sh b/bin/clean.sh index 7beac0d..a5146b9 100755 --- a/bin/clean.sh +++ b/bin/clean.sh @@ -322,6 +322,31 @@ safe_clean() { targets=("${@:1:$#-1}") fi + local -a valid_targets=() + for target in "${targets[@]}"; do + # Optimization: If target is a glob literal and parent dir missing, skip it. + if [[ "$target" == *"*"* && ! -e "$target" ]]; then + local base_path="${target%%\**}" + local parent_dir + if [[ "$base_path" == */ ]]; then + parent_dir="${base_path%/}" + else + parent_dir=$(dirname "$base_path") + fi + + if [[ ! -d "$parent_dir" ]]; then + # debug_log "Skipping nonexistent parent: $parent_dir for $target" + continue + fi + fi + valid_targets+=("$target") + done + + targets=("${valid_targets[@]}") + if [[ ${#targets[@]} -eq 0 ]]; then + return 0 + fi + local removed_any=0 local total_size_kb=0 local total_count=0 diff --git a/lib/clean/dev.sh b/lib/clean/dev.sh index fb703a9..f7a237d 100644 --- a/lib/clean/dev.sh +++ b/lib/clean/dev.sh @@ -257,34 +257,24 @@ clean_sqlite_temp_files() { } # Elixir/Erlang ecosystem. clean_dev_elixir() { - if [[ -d ~/.mix ]] || [[ -d ~/.hex ]]; then - # safe_clean ~/.mix/archives/* "Mix cache" - safe_clean ~/.hex/cache/* "Hex cache" - fi + # safe_clean ~/.mix/archives/* "Mix cache" + safe_clean ~/.hex/cache/* "Hex cache" } # Haskell ecosystem. clean_dev_haskell() { - if [[ -d ~/.cabal ]] || [[ -d ~/.stack ]]; then - safe_clean ~/.cabal/packages/* "Cabal install cache" - # safe_clean ~/.stack/programs/* "Stack cache" - fi + safe_clean ~/.cabal/packages/* "Cabal install cache" + # safe_clean ~/.stack/programs/* "Stack cache" } # OCaml ecosystem. clean_dev_ocaml() { - if [[ -d ~/.opam ]]; then - safe_clean ~/.opam/download-cache/* "Opam cache" - fi + safe_clean ~/.opam/download-cache/* "Opam cache" } # Editor caches. clean_dev_editors() { - if [[ -d ~/Library/Caches/com.microsoft.VSCode ]] || [[ -d ~/Library/Application\ Support/Code ]]; then - safe_clean ~/Library/Caches/com.microsoft.VSCode/Cache/* "VS Code cached data" - safe_clean ~/Library/Application\ Support/Code/CachedData/* "VS Code cached data" - # safe_clean ~/Library/Application\ Support/Code/User/workspaceStorage/* "VS Code workspace storage" - fi - if [[ -d ~/Library/Caches/Zed ]]; then - safe_clean ~/Library/Caches/Zed/* "Zed cache" - fi + safe_clean ~/Library/Caches/com.microsoft.VSCode/Cache/* "VS Code cached data" + safe_clean ~/Library/Application\ Support/Code/CachedData/* "VS Code cached data" + # safe_clean ~/Library/Application\ Support/Code/User/workspaceStorage/* "VS Code workspace storage" + safe_clean ~/Library/Caches/Zed/* "Zed cache" } # Main developer tools cleanup sequence. clean_developer_tools() {