From 37c7b7e7435d9f5c7880cfe5837679920f80cee9 Mon Sep 17 00:00:00 2001 From: Tw93 Date: Sun, 14 Dec 2025 08:53:19 +0800 Subject: [PATCH 1/4] feat: Add AI agent documentation, expand critical application protection for AI/LLM tools, and enhance user cache cleaning safety --- .gitignore | 3 +++ CLAUDE.md | 1 - GEMINI.md | 1 - bin/clean.sh | 2 +- lib/clean/user.sh | 4 +++- lib/core/app_protection.sh | 26 ++++++++++++++++++++++++++ mole | 2 +- 7 files changed, 34 insertions(+), 5 deletions(-) delete mode 120000 CLAUDE.md delete mode 120000 GEMINI.md diff --git a/.gitignore b/.gitignore index d87d753..84b6dc2 100644 --- a/.gitignore +++ b/.gitignore @@ -41,6 +41,9 @@ temp/ # AI Assistant Instructions .claude/ +.gemini/ +CLAUDE.md +GEMINI.md .cursorrules # Go build artifacts (development) diff --git a/CLAUDE.md b/CLAUDE.md deleted file mode 120000 index ac534a3..0000000 --- a/CLAUDE.md +++ /dev/null @@ -1 +0,0 @@ -AGENT.md \ No newline at end of file diff --git a/GEMINI.md b/GEMINI.md deleted file mode 120000 index ac534a3..0000000 --- a/GEMINI.md +++ /dev/null @@ -1 +0,0 @@ -AGENT.md \ No newline at end of file diff --git a/bin/clean.sh b/bin/clean.sh index 0b91307..0cf8974 100755 --- a/bin/clean.sh +++ b/bin/clean.sh @@ -223,7 +223,7 @@ safe_clean() { # Hard-coded protection for critical apps (cannot be disabled by user) case "$path" in - *clash* | *Clash* | *surge* | *Surge* | *mihomo* | *openvpn* | *OpenVPN* | *verge* | *Verge* | *shadowsocks* | *Shadowsocks* | *v2ray* | *V2Ray* | *sing-box* | *tailscale* | *nordvpn* | *NordVPN* | *expressvpn* | *ExpressVPN* | *protonvpn* | *ProtonVPN* | *mullvad* | *Mullvad* | *hiddify* | *Hiddify* | *loon* | *Loon*) + *clash* | *Clash* | *surge* | *Surge* | *mihomo* | *openvpn* | *OpenVPN* | *verge* | *Verge* | *shadowsocks* | *Shadowsocks* | *v2ray* | *V2Ray* | *sing-box* | *tailscale* | *nordvpn* | *NordVPN* | *expressvpn* | *ExpressVPN* | *protonvpn* | *ProtonVPN* | *mullvad* | *Mullvad* | *hiddify* | *Hiddify* | *loon* | *Loon* | *Cursor* | *cursor* | *Claude* | *claude* | *ChatGPT* | *chatgpt* | *Ollama* | *ollama* | *lmstudio* | *Chatbox* | *Gemini* | *gemini* | *Perplexity* | *perplexity* | *Windsurf* | *windsurf* | *Poe* | *poe* | *DiffusionBee* | *diffusionbee* | *DrawThings* | *drawthings*) skip=true ((skipped_count++)) ;; diff --git a/lib/clean/user.sh b/lib/clean/user.sh index d6a7bdc..53b9fdd 100644 --- a/lib/clean/user.sh +++ b/lib/clean/user.sh @@ -137,7 +137,9 @@ clean_sandboxed_app_caches() { # Clean contents safely # We know this is a user cache path, so rm -rf is acceptable here # provided we keep the Cache directory itself - rm -rf "${cache_dir:?}"/* 2> /dev/null || true + for item in "${cache_dir:?}"/*; do + safe_remove "$item" true || true + done fi fi fi diff --git a/lib/core/app_protection.sh b/lib/core/app_protection.sh index 73fc500..75d4d4a 100755 --- a/lib/core/app_protection.sh +++ b/lib/core/app_protection.sh @@ -109,6 +109,32 @@ readonly DATA_PROTECTED_BUNDLES=( "abnerworks.Typora" # Typora (Markdown editor) "com.uranusjr.macdown" # MacDown + # ============================================================================ + # AI & LLM Tools + # ============================================================================ + "com.todesktop.*" # Cursor (often uses generic todesktop ID) + "Cursor" # Cursor App Support + "com.anthropic.claude*" # Claude + "Claude" # Claude App Support + "com.openai.chat*" # ChatGPT + "ChatGPT" # ChatGPT App Support + "com.ollama.ollama" # Ollama + "Ollama" # Ollama App Support + "com.lmstudio.lmstudio" # LM Studio + "LM Studio" # LM Studio App Support + "co.supertool.chatbox" # Chatbox + "page.jan.jan" # Jan + "com.huggingface.huggingchat" # HuggingChat + "Gemini" # Gemini + "com.perplexity.Perplexity" # Perplexity + "com.drawthings.DrawThings" # Draw Things + "com.divamgupta.diffusionbee" # DiffusionBee + "com.exafunction.windsurf" # Windsurf + "com.quora.poe.electron" # Poe + "chat.openai.com.*" # OpenAI web wrappers + + + # ============================================================================ # Development Tools - Database Clients # ============================================================================ diff --git a/mole b/mole index 51cd0f4..0d2ca4b 100755 --- a/mole +++ b/mole @@ -22,7 +22,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "$SCRIPT_DIR/lib/core/common.sh" # Version info -VERSION="1.12.24" +VERSION="1.12.25" MOLE_TAGLINE="can dig deep to clean your Mac." # Check if Touch ID is already configured From 5a60a675a0ba4d120595046dbf5a512944ee8808 Mon Sep 17 00:00:00 2001 From: Tw93 Date: Sun, 14 Dec 2025 00:53:52 +0000 Subject: [PATCH 2/4] chore: auto format code --- lib/core/app_protection.sh | 38 ++++++++++++++++++-------------------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/lib/core/app_protection.sh b/lib/core/app_protection.sh index 75d4d4a..4d4cc9f 100755 --- a/lib/core/app_protection.sh +++ b/lib/core/app_protection.sh @@ -112,28 +112,26 @@ readonly DATA_PROTECTED_BUNDLES=( # ============================================================================ # AI & LLM Tools # ============================================================================ - "com.todesktop.*" # Cursor (often uses generic todesktop ID) - "Cursor" # Cursor App Support - "com.anthropic.claude*" # Claude - "Claude" # Claude App Support - "com.openai.chat*" # ChatGPT - "ChatGPT" # ChatGPT App Support - "com.ollama.ollama" # Ollama - "Ollama" # Ollama App Support - "com.lmstudio.lmstudio" # LM Studio - "LM Studio" # LM Studio App Support - "co.supertool.chatbox" # Chatbox - "page.jan.jan" # Jan + "com.todesktop.*" # Cursor (often uses generic todesktop ID) + "Cursor" # Cursor App Support + "com.anthropic.claude*" # Claude + "Claude" # Claude App Support + "com.openai.chat*" # ChatGPT + "ChatGPT" # ChatGPT App Support + "com.ollama.ollama" # Ollama + "Ollama" # Ollama App Support + "com.lmstudio.lmstudio" # LM Studio + "LM Studio" # LM Studio App Support + "co.supertool.chatbox" # Chatbox + "page.jan.jan" # Jan "com.huggingface.huggingchat" # HuggingChat - "Gemini" # Gemini - "com.perplexity.Perplexity" # Perplexity - "com.drawthings.DrawThings" # Draw Things + "Gemini" # Gemini + "com.perplexity.Perplexity" # Perplexity + "com.drawthings.DrawThings" # Draw Things "com.divamgupta.diffusionbee" # DiffusionBee - "com.exafunction.windsurf" # Windsurf - "com.quora.poe.electron" # Poe - "chat.openai.com.*" # OpenAI web wrappers - - + "com.exafunction.windsurf" # Windsurf + "com.quora.poe.electron" # Poe + "chat.openai.com.*" # OpenAI web wrappers # ============================================================================ # Development Tools - Database Clients From 8c0b64aac6f99c145ea5d6abdd72350439237386 Mon Sep 17 00:00:00 2001 From: Tw93 Date: Sun, 14 Dec 2025 00:54:26 +0000 Subject: [PATCH 3/4] chore: update binaries for V1.12.25 --- bin/analyze-go | Bin 7298178 -> 7298178 bytes bin/status-go | Bin 7422050 -> 7422050 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/bin/analyze-go b/bin/analyze-go index 7d605d3cc0c10a9655d9c48191e6027521b4b78a..8e1e7e3fb227677c7cef95b4d82429022bbfbe31 100755 GIT binary patch delta 1247 zcmcK2TWm`K90u?(Gn-qP&AJ-h+~(4q)1IE4b2gWrcI|4HcHP>wIz~@-&U%?nm0}{Q zi*zC+Bhnxv5)njXi_3{1gh<>H67k|1w-^x;YDJJ}m7()NFvlK1dT;m@?zz~&AZj%MvvE8I3yAja1VIujQ#+exRfS#r4vnb!BDi;X`_QdtKhbI!;X?1 z^{+i!)ynRKI+ailgW-??BOnt-LKcjIY{-GpFb2lLI2aEKm;e(Y7bZa-w(v+6dP>i1u7?IIabepW5t!m9G{qx01w4Y&F(l3cLOEKjP$LUB3w|q7f(|Iq0}bVJVvs3Vp*WYkmKk5O_~Xr$7mddstyjv& zs@cG(rbtbkX4>NpQ|CsKS?e)-H~72+%e8Tlj;=bss##neZ3;8xVvJZNcIbTmHBOt| z?B%N*bWNDo65hJnYCG+Y_$>9trIxsZcDj5ie*+5~R6r#xfQ7IK7J~tJFoFrHzzi0s z1}iLq8mNUjs0SO^p+WXHIKDsqd%IDh(fe;>(50+QBQ${%T+j?|@W4{=LJKT|<@?0|Ty>juPuF#06d8ygP4IJ1v3F+qWIa-`tm( M{Xo82+j&Lt8$Nu&dlvT==zO}A-Kxr>gP=hebYtE>?}KW^VQv&$#HTb^Q2MVTF=yr4W3p)=kZ@{PY5wwtyB(~AvP^8Yz2=8K4DoiAT9U|N7J|e{>m%Be~ zwlPw?NN0R=YS5VXZPJ)Z8dt$;$bdDl7S=%~tcMRk2Oq*mumL`Xji853kOi9|8@9kF zkOR4p2l-mkXgIqrn|3tzxKumcbKL4ZoA z0tZxs2sKa(bx;pZXn;m=X|k(nW%j?n8z-85|E~;GO0+hE8$95J7H9}uLjV*_w5s-+_YpUR?m`f{AOvBEKsWSge7bjDwVP&|NZaM8R}y}@eJ7M$ zxo99y|2&l+zcG`l`4XA73!24m?5o}uA_doRx~GjjLBt;hNN(&K?&#>(9p^I6%G#iK+aH$Sna{n(R- z!tyG|_2QS0&e?}`-yAQvq7@ZKlP2Te~e%NQ; Oy;OKYyImK(secO-M8;JB diff --git a/bin/status-go b/bin/status-go index 0fdccdeeba03e43256600190a2067ba5eaf35ec7..8637d8974ccbc074b5607ba98fb33d0455d2904c 100755 GIT binary patch delta 1177 zcmcK2TS!v@90qXATh7W^mfA{>Q`4q%=j`lwb~G>3IX5r!vYVQzb7z~^c0*mOhglCp zf*vxod@BfjkSHRKy;W$6P)J4~5`hri9(vJ-FsToE>7l2g_y9t2z{Xi_%Kd#WuN) z4K)PKR)^L)tkBqWZn>55FpZXxp+R4j&lB=12FY%JjZ!}5b<|#>NqcWipUE#35x*wK ziS%n>A`&K|-~dEJ48%el#KS>I01+g@Avg?2APK~f3`gM@q`+}F0jZD%>2OjA6Ot=Y zDJqg=Xo{25tb^@koveyxctI?cEXL>m{o-7VgH@|Zhs(*RX||ZOGzPW!a)=*1p+J}tVHU&ow z6;qxOXMc;lu~)CGHnzI?h$E4M5-5dpPzL2t0hOSEDyRl6)PN3ZK@SF~gL-IyMleDX zG(!ut3XVk65B}f1dcCHX|38HYrT}KJfE8@e2JO%R=b;lWKo@jF57?m>9KeGUT;LYQ zgMD!;`;qp~a5we+kxl&o48jl$!$t52n|kkZgs9A%H6~9?l9yZ4ug}g~mRIk-&M3M~ z>JmoR>$i*MONAF}-e)QzFDH<-Hc;;JjWM6T delta 1177 zcmcK2J4_P+7zc0xc^0JzC>6y6d=#*>ch|eNpaKQ@ghDOQ7L?bug;MCX7+wuSkzk!1 zWFTQMfkonAa60i3hzc56AW;(1#1J%wXu_t3IOsodad0vr-}hU->7OtEo$yNB4lJm% z#R*ec3#q-DAIqEDdHXA&)koyx#Jhyp&KoJVh4FEGsNbqmw)?#v+AKHIsupc6Z4K4d z@phe+GV+5~d8J*~Eo)|YrmktQ&ll7N`Otv8i|X?B^G2_qu4f!AH9DgrP?euT{F)jk zBokpG5+-6G7UJMA#6tokLJ}lH3Wy*Tj=)h!12Lq-G01>S$b#c=0=lK4FN{YygqUeQpl@N{Wr_5IteLj{tONypf?U2!zyVWuz_9}E{0 pHD4!=W^`=SbGH^33$3CjhK`#bDrB>Y^m|?=_2bwBK}!aSwBHHBn_d6_ From 125546545ef679fb2042fb199c13e533449eea68 Mon Sep 17 00:00:00 2001 From: Tw93 Date: Sun, 14 Dec 2025 08:57:27 +0800 Subject: [PATCH 4/4] docs: Update security audit report to reflect V1.12.25, including AI/LLM data protection and refined safety constraints. --- SECURITY_AUDIT.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/SECURITY_AUDIT.md b/SECURITY_AUDIT.md index 6a92c38..83b4b4b 100644 --- a/SECURITY_AUDIT.md +++ b/SECURITY_AUDIT.md @@ -1,8 +1,8 @@ # Mole Security Audit Report -**Date:** December 12, 2025 +**Date:** December 14, 2025 -**Audited Version:** Current `main` branch +**Audited Version:** Current `main` branch (V1.12.25) **Status:** Passed @@ -53,7 +53,7 @@ Mole's "Smart Uninstall" and orphan detection (`lib/clean/apps.sh`) are intentio - **Active Uninstallation Heuristics** When a user explicitly selects an app for uninstallation, Mole employs advanced heuristics to find scattered remnants (e.g., "Visual Studio Code" -> `~/.vscode`, `~/Library/Application Support/VisualStudioCode`). - **Sanitized Name Matching**: We search for app name variations to catch non-standard folder naming. - - **Safety Constraints**: Fuzzy matching and sanitized name searches are **strictly disabled** for app names shorter than 4 characters to prevent false positives. + - **Safety Constraints**: Fuzzy matching and sanitized name searches are **strictly disabled** for app names shorter than 3 characters to prevent false positives. - **System Scope**: Mole scans specific system-level directories (`/Library/LaunchAgents`, etc.) for related components. - **System Integrity Protection (SIP) Awareness** @@ -65,6 +65,12 @@ Mole's "Smart Uninstall" and orphan detection (`lib/clean/apps.sh`) are intentio - **VPN & Proxy Protection** Mole includes a comprehensive protection layer for VPN and Proxy applications (e.g., Shadowsocks, V2Ray, Tailscale). It protects both their application bundles and data directories from automated cleanup to prevent network configuration loss. +- **AI & LLM Data Protection (New in v1.12.25)** + Mole now explicitly protects data for AI tools (Cursor, Claude, ChatGPT, Ollama, LM Studio, etc.). Both the automated cleaning logic (`bin/clean.sh`) and orphan detection (`lib/core/app_protection.sh`) exclude these applications to prevent loss of: + - Local LLM models (which can be gigabytes in size). + - Authentication tokens and session states. + - Chat history and local configurations. + ## 4. Atomic Operations & Crash Safety We anticipate that scripts can be interrupted (e.g., power loss, `Ctrl+C`).