diff --git a/.gitignore b/.gitignore index 574c7c8..2c2eb10 100644 --- a/.gitignore +++ b/.gitignore @@ -47,6 +47,7 @@ tests/tmp-* .kiro/ CLAUDE.md GEMINI.md +ANTIGRAVITY.md .cursorrules # Go build artifacts (development) diff --git a/AGENTS.md b/AGENTS.md index 490036c..2e19f28 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -35,12 +35,14 @@ Before any operation: - Validate syntax before suggesting changes: `bash -n ` - Use `gh` CLI for all GitHub operations (issues, PRs, releases, etc.) - Never commit code unless explicitly requested by user +- Review and update `SECURITY_AUDIT.md` when modifying `clean` or `optimize` logic --- ## Quick Reference ### Build Commands + ```bash # Build Go binaries for current platform make build @@ -54,6 +56,7 @@ make clean ``` ### Test Commands + ```bash # Run full test suite (recommended before commits) ./scripts/test.sh @@ -79,6 +82,7 @@ shellcheck --rcfile .shellcheckrc lib/**/*.sh bin/**/*.sh ``` ### Development Commands + ```bash # Test cleanup in dry-run mode MO_DRY_RUN=1 ./mole clean @@ -108,11 +112,17 @@ mole/ # Main CLI entrypoint (menu + routing) │ ├── purge.sh # Aggressive cleanup mode │ ├── touchid.sh # Touch ID sudo enabler │ ├── analyze.sh # Disk usage explorer wrapper -│ └── status.sh # System health dashboard wrapper +│ ├── status.sh # System health dashboard wrapper +│ ├── installer.sh # Core installation logic +│ └── completion.sh # Shell completion support ├── lib/ # Reusable shell logic │ ├── core/ # base.sh, log.sh, sudo.sh, ui.sh -│ ├── clean/ # Cleanup modules (user, apps, dev, caches, system) -│ └── ui/ # Confirmation dialogs, progress bars +│ ├── clean/ # Cleanup modules (user, apps, brew, system...) +│ ├── optimize/ # Optimization modules +│ ├── check/ # Health check modules +│ ├── manage/ # Management utilities +│ ├── ui/ # UI components (balloons, spinners) +│ └── uninstall/ # Uninstallation logic ├── cmd/ # Go applications │ ├── analyze/ # Disk analysis tool │ └── status/ # Real-time monitoring @@ -130,6 +140,7 @@ mole/ # Main CLI entrypoint (menu + routing) - Tests → `tests/.bats` ### Language Stack + - **Shell (Bash 3.2)**: Core cleanup and system operations (`lib/`, `bin/`) - **Go**: Performance-critical tools (`cmd/analyze/`, `cmd/status/`) - **BATS**: Integration testing (`tests/`) @@ -139,6 +150,7 @@ mole/ # Main CLI entrypoint (menu + routing) ## Code Style Guidelines ### Shell Scripts + - **Indentation**: 4 spaces (configured in .editorconfig) - **Variables**: `lowercase_with_underscores` - **Functions**: `verb_noun` format (e.g., `clean_caches`, `get_size`) @@ -149,12 +161,14 @@ mole/ # Main CLI entrypoint (menu + routing) - **Error handling**: Use `set -euo pipefail` at top of files ### Go Code + - **Formatting**: Follow standard Go conventions (`gofmt`, `go vet`) - **Package docs**: Add package-level documentation for exported functions - **Error handling**: Never ignore errors, always handle them explicitly - **Build tags**: Use `//go:build darwin` for macOS-specific code ### Comments + - **Language**: English only - **Focus**: Explain "why" not "what" (code should be self-documenting) - **Safety**: Document safety boundaries explicitly @@ -165,12 +179,14 @@ mole/ # Main CLI entrypoint (menu + routing) ## Key Helper Functions ### Safety Helpers (lib/core/base.sh) + - `safe_rm `: Safe deletion with validation - `safe_find_delete `: Protected find+delete - `is_protected `: Check if path is system-protected - `is_whitelisted `: Check user whitelist ### Logging (lib/core/log.sh) + - `log_info `: Informational messages - `log_success `: Success notifications - `log_warn `: Warnings @@ -178,6 +194,7 @@ mole/ # Main CLI entrypoint (menu + routing) - `debug `: Debug output (requires MO_DEBUG=1) ### UI Helpers (lib/core/ui.sh) + - `confirm `: Yes/no confirmation - `show_progress `: Progress display @@ -186,6 +203,7 @@ mole/ # Main CLI entrypoint (menu + routing) ## Testing Strategy ### Test Types + 1. **Syntax Validation**: `bash -n ` - catches basic errors 2. **Unit Tests**: BATS tests for individual functions 3. **Integration Tests**: Full command execution with BATS @@ -193,6 +211,7 @@ mole/ # Main CLI entrypoint (menu + routing) 5. **Go Tests**: `go test -v ./cmd/...` ### Test Environment Variables + - `MO_DRY_RUN=1`: Preview changes without execution - `MO_DEBUG=1`: Enable detailed debug logging - `BATS_FORMATTER=pretty`: Use pretty output for BATS (default) @@ -203,6 +222,7 @@ mole/ # Main CLI entrypoint (menu + routing) ## Common Development Tasks ### Adding New Cleanup Module + 1. Create `lib/clean/new_module.sh` 2. Implement cleanup logic using `safe_*` helpers 3. Source it in `bin/clean.sh` @@ -211,6 +231,7 @@ mole/ # Main CLI entrypoint (menu + routing) 6. Test with `MO_DRY_RUN=1` first ### Modifying Go Tools + 1. Navigate to `cmd//` 2. Make changes to Go files 3. Test with `go run .` or `make build && ./bin/-go` @@ -218,6 +239,7 @@ mole/ # Main CLI entrypoint (menu + routing) 5. Check integration: `./mole ` ### Debugging Issues + 1. Enable debug mode: `MO_DEBUG=1 ./mole clean` 2. Check logs for error messages 3. Verify sudo permissions: `sudo -n true` or `./mole touchid` @@ -229,15 +251,18 @@ mole/ # Main CLI entrypoint (menu + routing) ## Linting and Quality ### Shell Script Linting + - **Tool**: shellcheck with custom `.shellcheckrc` - **Disabled rules**: SC2155, SC2034, SC2059, SC1091, SC2038 - **Command**: `shellcheck --rcfile .shellcheckrc lib/**/*.sh bin/**/*.sh` ### Go Code Quality + - **Tools**: `go vet`, `go fmt`, `go test` - **Command**: `go vet ./cmd/... && go test ./cmd/...` ### CI/CD Pipeline + - **Triggers**: Push/PR to main, dev branches - **Platforms**: macOS 14, macOS 15 - **Tools**: bats-core, shellcheck, Go 1.24.6 @@ -248,12 +273,14 @@ mole/ # Main CLI entrypoint (menu + routing) ## File Organization Patterns ### Shell Modules + - Entry scripts in `bin/` should be thin wrappers - Reusable logic goes in `lib/` - Core utilities in `lib/core/` - Feature-specific modules in `lib/clean/`, `lib/ui/`, etc. ### Go Packages + - Each tool in its own `cmd//` directory - Main entry point in `main.go` - Use standard Go project layout @@ -266,6 +293,7 @@ mole/ # Main CLI entrypoint (menu + routing) ### Use gh CLI for All GitHub Work **Preferred Commands**: + ```bash # Issues gh issue view 123 # View issue details @@ -286,6 +314,7 @@ gh api repos/owner/repo/issues # Raw API access ``` **NEVER use raw git commands for GitHub operations** when `gh` is available: + - ❌ `git log --oneline origin/main..HEAD` → ✅ `gh pr view` - ❌ `git remote get-url origin` → ✅ `gh repo view` - ❌ Manual GitHub API curl commands → ✅ `gh api` @@ -293,12 +322,14 @@ gh api repos/owner/repo/issues # Raw API access ## Error Handling Patterns ### Shell Scripts + - Use `set -euo pipefail` for strict error handling - Check command exit codes: `if command; then ...` - Provide meaningful error messages with `log_error` - Use cleanup traps for temporary resources ### Go Code + - Never ignore errors: `if err != nil { return err }` - Use structured error messages - Handle context cancellation appropriately @@ -309,12 +340,14 @@ gh api repos/owner/repo/issues # Raw API access ## Performance Considerations ### Shell Optimization + - Use built-in shell operations over external commands - Prefer `find -delete` over `-exec rm` - Minimize subprocess creation - Use appropriate timeout mechanisms ### Go Optimization + - Use concurrency for I/O-bound operations - Implement proper caching for expensive operations - Profile memory usage in scanning operations @@ -325,12 +358,14 @@ gh api repos/owner/repo/issues # Raw API access ## Security Best Practices ### Path Validation + - Always validate user-provided paths - Check against protection lists before operations - Use absolute paths to prevent directory traversal - Implement proper sandboxing for destructive operations ### Permission Management + - Request sudo only when necessary - Use `sudo -n true` to check sudo availability - Implement proper Touch ID integration @@ -371,4 +406,4 @@ gh api repos/owner/repo/issues # Raw API access --- -**Remember**: When in doubt, err on the side of safety. It's better to clean less than to risk user data. \ No newline at end of file +**Remember**: When in doubt, err on the side of safety. It's better to clean less than to risk user data.