mirrors/Mole
1
0
Fork 0
mirror of https://github.com/tw93/Mole.git synced 2026-02-04 15:39:42 +00:00
Code Activity

Merge branch 'dev' into network_graph

Browse Source
This commit is contained in:
Tw93
2026-01-16 14:39:09 +08:00
committed by GitHub
parent 205f3adbd2 1b725555e5
commit d26d24f4e3
16 changed files with 586 additions and 421 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
CONTRIBUTORS.svg
View File

File diff suppressed because one or more lines are too long
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 320 KiB

After

Width:  |  Height:  |  Size: 325 KiB

8
SECURITY_AUDIT.md
View File

@@ -93,9 +93,14 @@ Even with `sudo`, these paths are **unconditionally blocked**:
/bin, /sbin, /usr # Core binaries
/etc, /var # System configuration
/Library/Extensions # Kernel extensions
/private # System-private directories
```
**Exception:** `/System/Library/Caches/com.apple.coresymbolicationd/data` (safe, rebuildable cache).
**Exceptions:**
- `/System/Library/Caches/com.apple.coresymbolicationd/data` (safe, rebuildable cache)
- `/private/tmp`, `/private/var/tmp`, `/private/var/log`, `/private/var/folders`
- `/private/var/db/diagnostics`, `/private/var/db/DiagnosticPipeline`, `/private/var/db/powerlog`, `/private/var/db/reportmemoryexception`
**Code:** `lib/core/file_ops.sh:60-78`
@@ -161,6 +166,7 @@ For user-selected app removal:
- **Safety Limit:** 3-char minimum (prevents "Go" matching "Google")
- **Disabled:** Fuzzy matching and wildcard expansion for short names.
- **User Confirmation:** Required before deletion.
- **Receipt Scans:** BOM-derived files are restricted to app-specific prefixes (e.g., `/Applications`, `/Library/Application Support`). Shared directories like `/Library/Frameworks` are **excluded** to prevent collateral damage.
**Code:** `lib/clean/apps.sh:uninstall_app()`

64
lib/clean/user.sh
View File

@@ -5,9 +5,7 @@ clean_user_essentials() {
start_section_spinner "Scanning caches..."
safe_clean ~/Library/Caches/* "User app cache"
stop_section_spinner
start_section_spinner "Scanning empty items..."
clean_empty_library_items
stop_section_spinner
safe_clean ~/Library/Logs/* "User app logs"
if is_path_whitelisted "$HOME/.Trash"; then
note_activity
@@ -17,66 +15,6 @@ clean_user_essentials() {
fi
}
clean_empty_library_items() {
if [[ ! -d "$HOME/Library" ]]; then
return 0
fi
# 1. Clean top-level empty directories and files in Library
local -a empty_dirs=()
while IFS= read -r -d '' dir; do
[[ -d "$dir" ]] && empty_dirs+=("$dir")
done < <(find "$HOME/Library" -mindepth 1 -maxdepth 1 -type d -empty -print0 2> /dev/null)
if [[ ${#empty_dirs[@]} -gt 0 ]]; then
safe_clean "${empty_dirs[@]}" "Empty Library folders"
fi
# 2. Clean empty subdirectories in Application Support and other key locations
# Iteratively remove empty directories until no more are found
local -a key_locations=(
"$HOME/Library/Application Support"
"$HOME/Library/Caches"
)
for location in "${key_locations[@]}"; do
[[ -d "$location" ]] || continue
# Limit passes to keep cleanup fast; 3 iterations handle most nested scenarios.
local max_iterations=3
local iteration=0
while [[ $iteration -lt $max_iterations ]]; do
local -a nested_empty_dirs=()
# Find empty directories
while IFS= read -r -d '' dir; do
# Skip if whitelisted
if is_path_whitelisted "$dir"; then
continue
fi
# Skip protected system components
local dir_name=$(basename "$dir")
if is_critical_system_component "$dir_name"; then
continue
fi
[[ -d "$dir" ]] && nested_empty_dirs+=("$dir")
done < <(find "$location" -mindepth 1 -type d -empty -print0 2> /dev/null)
# If no empty dirs found, we're done with this location
if [[ ${#nested_empty_dirs[@]} -eq 0 ]]; then
break
fi
local location_name=$(basename "$location")
safe_clean "${nested_empty_dirs[@]}" "Empty $location_name subdirs"
((iteration++))
done
done
# Empty file cleanup is skipped to avoid removing app sentinel files.
}
# Remove old Google Chrome versions while keeping Current.
clean_chrome_old_versions() {
local -a app_paths=(

54
lib/core/app_protection.sh
View File

@@ -12,6 +12,11 @@ readonly MOLE_APP_PROTECTION_LOADED=1
_MOLE_CORE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
[[ -z "${MOLE_BASE_LOADED:-}" ]] && source "$_MOLE_CORE_DIR/base.sh"
# Declare WHITELIST_PATTERNS if not already set (used by is_path_whitelisted)
if ! declare -p WHITELIST_PATTERNS &> /dev/null; then
declare -a WHITELIST_PATTERNS=()
fi
# Application Management
# Critical system components protected from uninstallation
@@ -872,12 +877,24 @@ find_app_system_files() {
done < <(command find /private/var/db/receipts -maxdepth 1 \( -name "*$bundle_id*" \) -print0 2> /dev/null)
fi
local receipt_files=""
receipt_files=$(find_app_receipt_files "$bundle_id")
local combined_files=""
if [[ ${#system_files[@]} -gt 0 ]]; then
printf '%s\n' "${system_files[@]}"
combined_files=$(printf '%s\n' "${system_files[@]}")
fi
# Find files from receipts (Deep Scan)
find_app_receipt_files "$bundle_id"
if [[ -n "$receipt_files" ]]; then
if [[ -n "$combined_files" ]]; then
combined_files+=$'\n'
fi
combined_files+="$receipt_files"
fi
if [[ -n "$combined_files" ]]; then
printf '%s\n' "$combined_files" | sort -u
fi
}
# Locate files using installation receipts (BOM)
@@ -923,44 +940,37 @@ find_app_receipt_files() {
# ------------------------------------------------------------------------
local is_safe=false
# Whitelisted prefixes
# Whitelisted prefixes (exclude /Users, /usr, /opt)
case "$clean_path" in
/Applications/*) is_safe=true ;;
/Users/*) is_safe=true ;;
/usr/local/*) is_safe=true ;;
/opt/*) is_safe=true ;;
/Library/*)
# Filter sub-paths in /Library to avoid system damage
# Allow safely: Application Support, Caches, Logs, Preferences
case "$clean_path" in
/Library/Application\ Support/*) is_safe=true ;;
/Library/Caches/*) is_safe=true ;;
/Library/Logs/*) is_safe=true ;;
/Library/Preferences/*) is_safe=true ;;
/Library/PrivilegedHelperTools/*) is_safe=true ;;
/Library/LaunchAgents/*) is_safe=true ;;
/Library/LaunchDaemons/*) is_safe=true ;;
/Library/Internet\ Plug-Ins/*) is_safe=true ;;
/Library/Audio/Plug-Ins/*) is_safe=true ;;
/Library/Extensions/*) is_safe=false ;; # Default unsafe
/Library/PrivilegedHelperTools/*) is_safe=true ;;
/Library/Extensions/*) is_safe=false ;;
*) is_safe=false ;;
esac
;;
esac
# Hard blocks
case "$clean_path" in
/System/* | /usr/bin/* | /usr/lib/* | /bin/* | /sbin/*) is_safe=false ;;
/System/* | /usr/bin/* | /usr/lib/* | /bin/* | /sbin/* | /private/*) is_safe=false ;;
esac
if [[ "$is_safe" == "true" && -e "$clean_path" ]]; then
# If lsbom lists /Applications, skip to avoid system damage.
# Extra check: path must be deep enough?
# If path is just "/Applications", skip.
if [[ "$clean_path" == "/Applications" || "$clean_path" == "/Library" || "$clean_path" == "/usr/local" ]]; then
# Skip top-level directories
if [[ "$clean_path" == "/Applications" || "$clean_path" == "/Library" ]]; then
continue
fi
if declare -f should_protect_path > /dev/null 2>&1; then
if should_protect_path "$clean_path"; then
continue
fi
fi
receipt_files+=("$clean_path")
fi

74
lib/core/common.sh
View File

@@ -99,59 +99,6 @@ update_via_homebrew() {
rm -f "$HOME/.cache/mole/version_check" "$HOME/.cache/mole/update_message" 2> /dev/null || true
}
# Get Homebrew cask name for an application bundle
get_brew_cask_name() {
local app_path="$1"
[[ -z "$app_path" || ! -d "$app_path" ]] && return 1
# Check if brew command exists
command -v brew > /dev/null 2>&1 || return 1
local app_bundle_name
app_bundle_name=$(basename "$app_path")
# 1. Search in Homebrew Caskroom for the app bundle (most reliable for name mismatches)
# Checks /opt/homebrew (Apple Silicon) and /usr/local (Intel)
# Note: Modern Homebrew uses symlinks in Caskroom, not directories
local cask_match
for room in "/opt/homebrew/Caskroom" "/usr/local/Caskroom"; do
[[ -d "$room" ]] || continue
# Path is room/token/version/App.app (can be directory or symlink)
cask_match=$(find "$room" -maxdepth 3 -name "$app_bundle_name" 2> /dev/null | head -1 || echo "")
if [[ -n "$cask_match" ]]; then
local relative="${cask_match#"$room"/}"
echo "${relative%%/*}"
return 0
fi
done
# 2. Check for symlink from Caskroom
if [[ -L "$app_path" ]]; then
local target
target=$(readlink "$app_path")
for room in "/opt/homebrew/Caskroom" "/usr/local/Caskroom"; do
if [[ "$target" == "$room/"* ]]; then
local relative="${target#"$room"/}"
echo "${relative%%/*}"
return 0
fi
done
fi
# 3. Fallback: Direct list check (handles some cases where app is moved)
local app_name_only="${app_bundle_name%.app}"
local cask_name
cask_name=$(brew list --cask 2> /dev/null | grep -Fx "$(echo "$app_name_only" | LC_ALL=C tr '[:upper:]' '[:lower:]')" || echo "")
if [[ -n "$cask_name" ]]; then
if brew info --cask "$cask_name" 2> /dev/null | grep -q "$app_path"; then
echo "$cask_name"
return 0
fi
fi
return 1
}
# Remove applications from Dock
remove_apps_from_dock() {
if [[ $# -eq 0 ]]; then
@@ -172,15 +119,28 @@ remove_apps_from_dock() {
local plist="$HOME/Library/Preferences/com.apple.dock.plist"
[[ -f "$plist" ]] || return 0
command -v PlistBuddy > /dev/null 2>&1 || return 0
# PlistBuddy is at /usr/libexec/PlistBuddy on macOS
[[ -x /usr/libexec/PlistBuddy ]] || return 0
local changed=false
for target in "${targets[@]}"; do
local app_path="$target"
# Normalize path for comparison - realpath might fail if app is already deleted
# Normalize path for comparison - use original path if app already deleted
local full_path
full_path=$(cd "$(dirname "$app_path")" 2> /dev/null && pwd || echo "")
[[ -n "$full_path" ]] && full_path="$full_path/$(basename "$app_path")"
if full_path=$(cd "$(dirname "$app_path")" 2> /dev/null && pwd); then
full_path="$full_path/$(basename "$app_path")"
else
# App already deleted - use the original path as-is
# Remove ~/ prefix and expand to full path if needed
if [[ "$app_path" == ~/* ]]; then
full_path="$HOME/${app_path#~/}"
elif [[ "$app_path" != /* ]]; then
# Relative path - skip this entry
continue
else
full_path="$app_path"
fi
fi
# URL-encode the path for matching against Dock URLs (spaces -> %20)
local encoded_path="${full_path// /%20}"

38
lib/core/file_ops.sh
View File

@@ -66,14 +66,50 @@ validate_path_for_deletion() {
;;
esac
# Allow known safe paths under /private
case "$path" in
/private/tmp | /private/tmp/* | \
/private/var/tmp | /private/var/tmp/* | \
/private/var/log | /private/var/log/* | \
/private/var/folders | /private/var/folders/* | \
/private/var/db/diagnostics | /private/var/db/diagnostics/* | \
/private/var/db/DiagnosticPipeline | /private/var/db/DiagnosticPipeline/* | \
/private/var/db/powerlog | /private/var/db/powerlog/* | \
/private/var/db/reportmemoryexception | /private/var/db/reportmemoryexception/*)
return 0
;;
esac
# Check path isn't critical system directory
case "$path" in
/ | /bin | /sbin | /usr | /usr/bin | /usr/sbin | /etc | /var | /System | /System/* | /Library/Extensions)
/ | /bin | /bin/* | /sbin | /sbin/* | /usr | /usr/bin | /usr/bin/* | /usr/sbin | /usr/sbin/* | /usr/lib | /usr/lib/* | /System | /System/* | /Library/Extensions)
log_error "Path validation failed: critical system directory: $path"
return 1
;;
/private)
log_error "Path validation failed: critical system directory: $path"
return 1
;;
/etc | /etc/* | /private/etc | /private/etc/*)
log_error "Path validation failed: /etc contains critical system files: $path"
return 1
;;
/var | /var/db | /var/db/* | /private/var | /private/var/db | /private/var/db/*)
log_error "Path validation failed: /var/db contains system databases: $path"
return 1
;;
esac
# Check if path is protected (keychains, system settings, etc)
if declare -f should_protect_path > /dev/null 2>&1; then
if should_protect_path "$path"; then
if [[ "${MO_DEBUG:-0}" == "1" ]]; then
log_warning "Path validation: protected path skipped: $path"
fi
return 1
fi
fi
return 0
}

6
lib/core/sudo.sh
View File

@@ -66,11 +66,11 @@ _request_password() {
printf "${PURPLE}${ICON_ARROW}${NC} Password: " > "$tty_path"
# Disable terminal echo to hide password input
stty -echo -icanon min 1 time 0 < "$tty_path" 2> /dev/null || true
# Disable terminal echo to hide password input (keep canonical mode for reliable input)
stty -echo < "$tty_path" 2> /dev/null || true
IFS= read -r password < "$tty_path" || password=""
# Restore terminal echo immediately
stty echo icanon < "$tty_path" 2> /dev/null || true
stty echo < "$tty_path" 2> /dev/null || true
printf "\n" > "$tty_path"

38
lib/core/ui.sh
View File

@@ -170,7 +170,43 @@ read_key() {
case "$key" in
$'\n' | $'\r') echo "ENTER" ;;
$'\x7f' | $'\x08') echo "DELETE" ;;
$'\x1b') echo "QUIT" ;;
$'\x1b')
# Check if this is an escape sequence (arrow keys) or ESC key
if IFS= read -r -s -n 1 -t 0.1 rest 2> /dev/null; then
if [[ "$rest" == "[" ]]; then
if IFS= read -r -s -n 1 -t 0.1 rest2 2> /dev/null; then
case "$rest2" in
"A") echo "UP" ;;
"B") echo "DOWN" ;;
"C") echo "RIGHT" ;;
"D") echo "LEFT" ;;
"3")
IFS= read -r -s -n 1 -t 0.1 rest3 2> /dev/null
[[ "$rest3" == "~" ]] && echo "DELETE" || echo "OTHER"
;;
*) echo "OTHER" ;;
esac
else echo "QUIT"; fi
elif [[ "$rest" == "O" ]]; then
if IFS= read -r -s -n 1 -t 0.1 rest2 2> /dev/null; then
case "$rest2" in
"A") echo "UP" ;;
"B") echo "DOWN" ;;
"C") echo "RIGHT" ;;
"D") echo "LEFT" ;;
*) echo "OTHER" ;;
esac
else echo "OTHER"; fi
else
# Not an escape sequence, it's ESC key
echo "QUIT"
fi
else
# No following characters, it's ESC key
echo "QUIT"
fi
;;
' ') echo "SPACE" ;; # Allow space in filter mode for selection
[[:print:]]) echo "CHAR:$key" ;;
*) echo "OTHER" ;;
esac

2
lib/manage/whitelist.sh
View File

@@ -122,7 +122,7 @@ uv Python package cache|$HOME/.cache/uv/*|package_manager
R renv global cache (virtual environments)|$HOME/Library/Caches/org.R-project.R/R/renv/*|package_manager
Homebrew downloaded packages|$HOME/Library/Caches/Homebrew/*|package_manager
Yarn package manager cache|$HOME/.cache/yarn/*|package_manager
pnpm package store|$HOME/.pnpm-store/*|package_manager
pnpm package store|$HOME/Library/pnpm/store/*|package_manager
Composer PHP dependencies cache|$HOME/.composer/cache/*|package_manager
RubyGems cache|$HOME/.gem/cache/*|package_manager
Conda packages cache|$HOME/.conda/pkgs/*|package_manager

94
lib/ui/menu_paginated.sh
View File

@@ -201,7 +201,6 @@ paginated_multi_select() {
export MOLE_MENU_SORT_MODE="$sort_mode"
export MOLE_MENU_SORT_REVERSE="$sort_reverse"
restore_terminal
unset MOLE_READ_KEY_FORCE_CHAR
}
# Interrupt handler
@@ -595,7 +594,6 @@ paginated_multi_select() {
"QUIT")
if [[ "$filter_mode" == "true" ]]; then
filter_mode="false"
unset MOLE_READ_KEY_FORCE_CHAR
filter_query=""
applied_query=""
top_index=0
@@ -764,7 +762,9 @@ paginated_multi_select() {
if [[ "$filter_mode" == "true" ]]; then
local ch="${key#CHAR:}"
filter_query+="$ch"
rebuild_view
need_full_redraw=true
continue
elif [[ "$has_metadata" == "true" ]]; then
# Cycle sort mode (only if metadata available)
case "$sort_mode" in
@@ -789,7 +789,6 @@ paginated_multi_select() {
else
# Enter filter mode
filter_mode="true"
export MOLE_READ_KEY_FORCE_CHAR=1
filter_query=""
top_index=0
cursor_pos=0
@@ -815,6 +814,9 @@ paginated_multi_select() {
fi
else
filter_query+="j"
rebuild_view
need_full_redraw=true
continue
fi
;;
"CHAR:k")
@@ -829,17 +831,66 @@ paginated_multi_select() {
fi
else
filter_query+="k"
rebuild_view
need_full_redraw=true
continue
fi
;;
"TOUCHID")
if [[ "$filter_mode" == "true" ]]; then
filter_query+="t"
rebuild_view
need_full_redraw=true
continue
fi
;;
"RIGHT")
if [[ "$filter_mode" == "true" ]]; then
filter_query+="l"
rebuild_view
need_full_redraw=true
continue
fi
;;
"LEFT")
if [[ "$filter_mode" == "true" ]]; then
filter_query+="h"
rebuild_view
need_full_redraw=true
continue
fi
;;
"MORE")
if [[ "$filter_mode" == "true" ]]; then
filter_query+="m"
rebuild_view
need_full_redraw=true
continue
fi
;;
"UPDATE")
if [[ "$filter_mode" == "true" ]]; then
filter_query+="u"
rebuild_view
need_full_redraw=true
continue
fi
;;
"CHAR:f" | "CHAR:F")
if [[ "$filter_mode" == "true" ]]; then
filter_query+="${key#CHAR:}"
rebuild_view
need_full_redraw=true
continue
fi
# F is currently unbound in normal mode to avoid conflict with Refresh (R)
;;
"CHAR:r" | "CHAR:R")
if [[ "$filter_mode" == "true" ]]; then
filter_query+="${key#CHAR:}"
rebuild_view
need_full_redraw=true
continue
else
# Trigger Refresh signal (Unified with Analyze)
cleanup
@@ -849,6 +900,9 @@ paginated_multi_select() {
"CHAR:o" | "CHAR:O")
if [[ "$filter_mode" == "true" ]]; then
filter_query+="${key#CHAR:}"
rebuild_view
need_full_redraw=true
continue
elif [[ "$has_metadata" == "true" ]]; then
# O toggles reverse order (Unified Sort Order)
if [[ "$sort_reverse" == "true" ]]; then
@@ -864,13 +918,10 @@ paginated_multi_select() {
# Backspace filter
if [[ "$filter_mode" == "true" && -n "$filter_query" ]]; then
filter_query="${filter_query%?}"
# Fast footer-only update in filter mode (avoid full redraw)
local filter_status="${filter_query:-_}"
local footer_row=$((items_per_page + 4))
printf "\033[%d;1H\033[2K" "$footer_row" >&2
local sep=" ${GRAY}|${NC} "
printf "%s" "${GRAY}Search: ${filter_status}${NC}${sep}${GRAY}Delete${NC}${sep}${GRAY}Enter Confirm${NC}${sep}${GRAY}ESC Cancel${NC}" >&2
printf "\033[%d;1H\033[2K" "$((footer_row + 1))" >&2
# Rebuild view to apply filter in real-time
rebuild_view
# Trigger redraw and continue to avoid drain_pending_input
need_full_redraw=true
continue
fi
;;
@@ -880,13 +931,10 @@ paginated_multi_select() {
# avoid accidental leading spaces
if [[ -n "$filter_query" || "$ch" != " " ]]; then
filter_query+="$ch"
# Fast footer-only update in filter mode (avoid full redraw)
local filter_status="${filter_query:-_}"
local footer_row=$((items_per_page + 4))
printf "\033[%d;1H\033[2K" "$footer_row" >&2
local sep=" ${GRAY}|${NC} "
printf "%s" "${GRAY}Search: ${filter_status}${NC}${sep}${GRAY}Delete${NC}${sep}${GRAY}Enter Confirm${NC}${sep}${GRAY}ESC Cancel${NC}" >&2
printf "\033[%d;1H\033[2K" "$((footer_row + 1))" >&2
# Rebuild view to apply filter in real-time
rebuild_view
# Trigger redraw and continue to avoid drain_pending_input
need_full_redraw=true
continue
fi
fi
@@ -895,17 +943,9 @@ paginated_multi_select() {
if [[ "$filter_mode" == "true" ]]; then
applied_query="$filter_query"
filter_mode="false"
unset MOLE_READ_KEY_FORCE_CHAR
top_index=0
cursor_pos=0
searching="true"
draw_menu # paint "searching..."
drain_pending_input # drop any extra keypresses (e.g., double-Enter)
# Preserve cursor/top_index so navigation during search is respected
rebuild_view
searching="false"
draw_menu
continue
# Fall through to confirmation logic
fi
# In normal mode: smart Enter behavior
# 1. Check if any items are already selected

107
lib/uninstall/batch.sh
View File

@@ -3,9 +3,12 @@
set -euo pipefail
# Ensure common.sh is loaded.
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
[[ -z "${MOLE_COMMON_LOADED:-}" ]] && source "$SCRIPT_DIR/lib/core/common.sh"
# Load Homebrew cask support (provides get_brew_cask_name, brew_uninstall_cask)
[[ -f "$SCRIPT_DIR/lib/uninstall/brew.sh" ]] && source "$SCRIPT_DIR/lib/uninstall/brew.sh"
# Batch uninstall with a single confirmation.
# User data detection patterns (prompt user to backup if found).
@@ -101,7 +104,11 @@ remove_login_item() {
# Remove from Login Items using index-based deletion (handles broken items)
if [[ -n "$clean_name" ]]; then
osascript <<- EOF 2> /dev/null || true
# Escape double quotes and backslashes for AppleScript
local escaped_name="${clean_name//\\/\\\\}"
escaped_name="${escaped_name//\"/\\\"}"
osascript <<- EOF > /dev/null 2>&1 || true
tell application "System Events"
try
set itemCount to count of login items
@@ -109,7 +116,7 @@ remove_login_item() {
repeat with i from itemCount to 1 by -1
try
set itemName to name of login item i
if itemName is "$clean_name" then
if itemName is "$escaped_name" then
delete login item i
end if
end try
@@ -129,17 +136,21 @@ remove_file_list() {
while IFS= read -r file; do
[[ -n "$file" && -e "$file" ]] || continue
if ! validate_path_for_deletion "$file"; then
continue
fi
if [[ -L "$file" ]]; then
if [[ "$use_sudo" == "true" ]]; then
sudo rm "$file" 2> /dev/null && ((count++)) || true
sudo rm "$file" 2> /dev/null && ((++count)) || true
else
rm "$file" 2> /dev/null && ((count++)) || true
rm "$file" 2> /dev/null && ((++count)) || true
fi
else
if [[ "$use_sudo" == "true" ]]; then
safe_sudo_remove "$file" && ((count++)) || true
safe_sudo_remove "$file" && ((++count)) || true
else
safe_remove "$file" true && ((count++)) || true
safe_remove "$file" true && ((++count)) || true
fi
fi
done <<< "$file_list"
@@ -178,29 +189,15 @@ batch_uninstall_applications() {
running_apps+=("$app_name")
fi
# Check if it's a Homebrew cask
# Check if it's a Homebrew cask (deterministic: resolved path in Caskroom)
local cask_name=""
cask_name=$(get_brew_cask_name "$app_path" || echo "")
local is_brew_cask="false"
[[ -n "$cask_name" ]] && is_brew_cask="true"
# For Homebrew casks, skip detailed file scanning since brew handles it
if [[ "$is_brew_cask" == "true" ]]; then
local app_size_kb=$(get_path_size_kb "$app_path")
local total_kb=$app_size_kb
((total_estimated_size += total_kb))
# Homebrew may need sudo for system-wide installations
local needs_sudo=false
if [[ "$app_path" == "/Applications/"* ]]; then
needs_sudo=true
sudo_apps+=("$app_name")
fi
# Store minimal details for Homebrew apps
app_details+=("$app_name|$app_path|$bundle_id|$total_kb|||false|$needs_sudo|$is_brew_cask|$cask_name")
else
# For non-Homebrew apps, do full file scanning
# Full file scanning for ALL apps (including Homebrew casks)
# brew uninstall --cask does NOT remove user data (caches, prefs, app support)
# Mole's value is cleaning those up, so we must scan for them
local needs_sudo=false
local app_owner=$(get_file_owner "$app_path")
local current_user=$(whoami)
@@ -243,7 +240,6 @@ batch_uninstall_applications() {
local encoded_system_files
encoded_system_files=$(printf '%s' "$system_files" | base64 | tr -d '\n')
app_details+=("$app_name|$app_path|$bundle_id|$total_kb|$encoded_files|$encoded_system_files|$has_sensitive_data|$needs_sudo|$is_brew_cask|$cask_name")
fi
done
if [[ -t 1 ]]; then stop_inline_spinner; fi
@@ -276,9 +272,7 @@ batch_uninstall_applications() {
[[ "$is_brew_cask" == "true" ]] && brew_tag=" ${CYAN}[Brew]${NC}"
echo -e "${BLUE}${ICON_CONFIRM}${NC} ${app_name}${brew_tag} ${GRAY}(${app_size_display})${NC}"
# For Homebrew apps, [Brew] tag is enough indication
# For non-Homebrew apps, show detailed file list
if [[ "$is_brew_cask" != "true" ]]; then
# Show detailed file list for ALL apps (brew casks leave user data behind)
local related_files=$(decode_file_list "$encoded_files" "$app_name")
local system_files=$(decode_file_list "$encoded_system_files" "$app_name")
@@ -312,7 +306,6 @@ batch_uninstall_applications() {
if [[ $total_hidden -gt 0 ]]; then
echo -e " ${GRAY} ... and ${total_hidden} more files${NC}"
fi
fi
done
# Confirmation before requesting sudo.
@@ -370,6 +363,7 @@ batch_uninstall_applications() {
# Perform uninstallations with per-app progress feedback
local success_count=0 failed_count=0
local brew_apps_removed=0 # Track successful brew uninstalls for autoremove tip
local -a failed_items=()
local -a success_items=()
local current_index=0
@@ -394,6 +388,8 @@ batch_uninstall_applications() {
# Stop Launch Agents/Daemons before removal.
local has_system_files="false"
[[ -n "$system_files" ]] && has_system_files="true"
stop_launch_services "$bundle_id" "$has_system_files"
# Remove from Login Items
@@ -404,24 +400,16 @@ batch_uninstall_applications() {
fi
# Remove the application only if not running.
local used_brew_successfully=false
if [[ -z "$reason" ]]; then
if [[ "$is_brew_cask" == "true" && -n "$cask_name" ]]; then
# Stop spinner before brew output
if [[ -t 1 ]]; then
stop_inline_spinner
fi
# Use brew uninstall --cask - show output directly
local brew_failed=false
if ! run_with_timeout 120 brew uninstall --cask "$cask_name" 2>&1; then
brew_failed=true
log_warning "brew uninstall failed for $app_name, falling back to manual cleanup"
fi
if [[ "$brew_failed" == "true" ]]; then
# Fallback to manual cleanup
[[ -z "$related_files" ]] && related_files=$(find_app_files "$bundle_id" "$app_name")
[[ -z "$system_files" ]] && system_files=$(find_app_system_files "$bundle_id" "$app_name")
[[ -t 1 ]] && stop_inline_spinner
# Use brew_uninstall_cask helper (handles env vars, timeout, verification)
if brew_uninstall_cask "$cask_name" "$app_path"; then
used_brew_successfully=true
else
# Fallback to manual removal if brew fails
if [[ "$needs_sudo" == true ]]; then
safe_sudo_remove "$app_path" || reason="remove failed"
else
@@ -446,7 +434,13 @@ batch_uninstall_applications() {
# Remove related files if app removal succeeded.
if [[ -z "$reason" ]]; then
remove_file_list "$related_files" "false" > /dev/null
# If brew successfully uninstalled the cask, avoid deleting
# system-level files Mole discovered. Brew manages its own
# receipts/symlinks and we don't want to fight it.
if [[ "$used_brew_successfully" != "true" ]]; then
remove_file_list "$system_files" "true" > /dev/null
fi
# Clean up macOS defaults (preference domains).
if [[ -n "$bundle_id" && "$bundle_id" != "unknown" ]]; then
@@ -472,6 +466,7 @@ batch_uninstall_applications() {
((total_size_freed += total_kb))
((success_count++))
[[ "$used_brew_successfully" == "true" ]] && ((brew_apps_removed++))
((files_cleaned++))
((total_items++))
success_items+=("$app_name")
@@ -577,6 +572,28 @@ batch_uninstall_applications() {
print_summary_block "$title" "${summary_details[@]}"
printf '\n'
# Auto-run brew autoremove if Homebrew casks were uninstalled
if [[ $brew_apps_removed -gt 0 ]]; then
# Show spinner while checking for orphaned dependencies
if [[ -t 1 ]]; then
start_inline_spinner "Checking brew dependencies..."
fi
local autoremove_output removed_count
autoremove_output=$(HOMEBREW_NO_ENV_HINTS=1 brew autoremove 2> /dev/null) || true
removed_count=$(printf '%s\n' "$autoremove_output" | grep -c "^Uninstalling" || true)
removed_count=${removed_count:-0}
if [[ -t 1 ]]; then
stop_inline_spinner
fi
if [[ $removed_count -gt 0 ]]; then
echo -e "${GREEN}${ICON_SUCCESS}${NC} Cleaned $removed_count orphaned brew dependencies"
echo ""
fi
fi
# Clean up Dock entries for uninstalled apps.
if [[ $success_count -gt 0 ]]; then
local -a removed_paths=()

210
lib/uninstall/brew.sh Normal file
View File

@@ -0,0 +1,210 @@
#!/bin/bash
# Mole - Homebrew Cask Uninstallation Support
# Detects Homebrew-managed casks via Caskroom linkage and uninstalls them via brew
set -euo pipefail
# Prevent multiple sourcing
if [[ -n "${MOLE_BREW_UNINSTALL_LOADED:-}" ]]; then
return 0
fi
readonly MOLE_BREW_UNINSTALL_LOADED=1
# Resolve a path to its absolute real path (follows symlinks)
# Args: $1 - path to resolve
# Returns: Absolute resolved path, or empty string on failure
resolve_path() {
local p="$1"
[[ -e "$p" ]] || return 1
# macOS 12.3+ and Linux have realpath
if realpath "$p" 2> /dev/null; then
return 0
fi
# Fallback: use cd -P to resolve directory, then append basename
local dir base
dir=$(cd -P "$(dirname "$p")" 2> /dev/null && pwd) || return 1
base=$(basename "$p")
echo "$dir/$base"
}
# Check if Homebrew is installed and accessible
# Returns: 0 if brew is available, 1 otherwise
is_homebrew_available() {
command -v brew > /dev/null 2>&1
}
# Extract cask token from a Caskroom path
# Args: $1 - path (must be inside Caskroom)
# Prints: cask token to stdout
# Returns: 0 if valid token extracted, 1 otherwise
_extract_cask_token_from_path() {
local path="$1"
# Check if path is inside Caskroom
case "$path" in
/opt/homebrew/Caskroom/* | /usr/local/Caskroom/*) ;;
*) return 1 ;;
esac
# Extract token from path: /opt/homebrew/Caskroom/<token>/<version>/...
local token
token="${path#*/Caskroom/}" # Remove everything up to and including Caskroom/
token="${token%%/*}" # Take only the first path component
# Validate token looks like a valid cask name (lowercase alphanumeric with hyphens)
if [[ -n "$token" && "$token" =~ ^[a-z0-9][a-z0-9-]*$ ]]; then
echo "$token"
return 0
fi
return 1
}
# Stage 1: Deterministic detection via fully resolved path
# Fast, no false positives - follows all symlinks
_detect_cask_via_resolved_path() {
local app_path="$1"
local resolved
if resolved=$(resolve_path "$app_path") && [[ -n "$resolved" ]]; then
_extract_cask_token_from_path "$resolved" && return 0
fi
return 1
}
# Stage 2: Search Caskroom by app bundle name using find
# Catches apps where the .app in /Applications doesn't link to Caskroom
# Only succeeds if exactly one cask matches (avoids wrong uninstall)
_detect_cask_via_caskroom_search() {
local app_bundle_name="$1"
[[ -z "$app_bundle_name" ]] && return 1
local -a tokens=()
local room match token
for room in "/opt/homebrew/Caskroom" "/usr/local/Caskroom"; do
[[ -d "$room" ]] || continue
while IFS= read -r match; do
[[ -n "$match" ]] || continue
token=$(_extract_cask_token_from_path "$match" 2> /dev/null) || continue
[[ -n "$token" ]] && tokens+=("$token")
done < <(find "$room" -maxdepth 3 -name "$app_bundle_name" 2> /dev/null)
done
# Need at least one token
((${#tokens[@]} > 0)) || return 1
# Deduplicate and check count
local -a uniq
IFS=$'\n' read -r -d '' -a uniq < <(printf '%s\n' "${tokens[@]}" | sort -u && printf '\0') || true
# Only succeed if exactly one unique token found and it's installed
if ((${#uniq[@]} == 1)) && [[ -n "${uniq[0]}" ]]; then
HOMEBREW_NO_ENV_HINTS=1 brew list --cask 2> /dev/null | grep -qxF "${uniq[0]}" || return 1
echo "${uniq[0]}"
return 0
fi
return 1
}
# Stage 3: Check if app_path is a direct symlink to Caskroom
_detect_cask_via_symlink_check() {
local app_path="$1"
[[ -L "$app_path" ]] || return 1
local target
target=$(readlink "$app_path" 2> /dev/null) || return 1
_extract_cask_token_from_path "$target"
}
# Stage 4: Query brew list --cask and verify with brew info (slowest fallback)
_detect_cask_via_brew_list() {
local app_path="$1"
local app_bundle_name="$2"
local app_name_lower
app_name_lower=$(echo "${app_bundle_name%.app}" | LC_ALL=C tr '[:upper:]' '[:lower:]')
local cask_name
cask_name=$(HOMEBREW_NO_ENV_HINTS=1 brew list --cask 2> /dev/null | grep -Fix "$app_name_lower") || return 1
# Verify this cask actually owns this app path
HOMEBREW_NO_ENV_HINTS=1 brew info --cask "$cask_name" 2> /dev/null | grep -qF "$app_path" || return 1
echo "$cask_name"
}
# Get Homebrew cask name for an app
# Uses multi-stage detection (fast to slow, deterministic to heuristic):
# 1. Resolve symlinks fully, check if path is in Caskroom (fast, deterministic)
# 2. Search Caskroom by app bundle name using find
# 3. Check if app is a direct symlink to Caskroom
# 4. Query brew list --cask and verify with brew info (slowest)
#
# Args: $1 - app_path
# Prints: cask token to stdout if brew-managed
# Returns: 0 if Homebrew-managed, 1 otherwise
get_brew_cask_name() {
local app_path="$1"
[[ -z "$app_path" || ! -e "$app_path" ]] && return 1
is_homebrew_available || return 1
local app_bundle_name
app_bundle_name=$(basename "$app_path")
# Try each detection method in order (fast to slow)
_detect_cask_via_resolved_path "$app_path" && return 0
_detect_cask_via_caskroom_search "$app_bundle_name" && return 0
_detect_cask_via_symlink_check "$app_path" && return 0
_detect_cask_via_brew_list "$app_path" "$app_bundle_name" && return 0
return 1
}
# Uninstall a Homebrew cask and verify removal
# Args: $1 - cask_name, $2 - app_path (optional, for verification)
# Returns: 0 on success, 1 on failure
brew_uninstall_cask() {
local cask_name="$1"
local app_path="${2:-}"
is_homebrew_available || return 1
[[ -z "$cask_name" ]] && return 1
debug_log "Attempting brew uninstall --cask $cask_name"
# Run uninstall with timeout (suppress hints/auto-update)
debug_log "Attempting brew uninstall --cask $cask_name"
# Ensure we have sudo access if needed, to prevent brew from hanging on password prompt
# Many brew casks need sudo to uninstall
if ! sudo -n true 2> /dev/null; then
# If we don't have sudo, try to get it (visibly)
sudo -v
fi
local uninstall_ok=false
# Run directly without output capture to allow user interaction/visibility
# This avoids silence/hangs when brew asks for passwords or confirmation
if HOMEBREW_NO_ENV_HINTS=1 HOMEBREW_NO_AUTO_UPDATE=1 NONINTERACTIVE=1 \
brew uninstall --cask "$cask_name"; then
uninstall_ok=true
else
debug_log "brew uninstall failed with exit code $?"
fi
# Verify removal
local cask_gone=true app_gone=true
HOMEBREW_NO_ENV_HINTS=1 brew list --cask 2> /dev/null | grep -qxF "$cask_name" && cask_gone=false
[[ -n "$app_path" && -e "$app_path" ]] && app_gone=false
# Success: uninstall worked and both are gone, or already uninstalled
if $cask_gone && $app_gone; then
debug_log "Successfully uninstalled cask '$cask_name'"
return 0
fi
debug_log "brew uninstall failed: cask_gone=$cask_gone app_gone=$app_gone"
return 1
}

2
tests/brew_uninstall.bats
View File

@@ -31,6 +31,7 @@ setup() {
run bash <<EOF
source "$PROJECT_ROOT/lib/core/common.sh"
source "$PROJECT_ROOT/lib/uninstall/brew.sh"
# Override the function to use our test Caskroom
get_brew_cask_name() {
@@ -62,6 +63,7 @@ EOF
result=$(bash <<EOF
source "$PROJECT_ROOT/lib/core/common.sh"
source "$PROJECT_ROOT/lib/uninstall/brew.sh"
# Mock brew to return nothing for this
brew() { return 1; }
export -f brew

1
tests/clean_apps.bats
View File

@@ -114,3 +114,4 @@ EOF
[ "$status" -eq 0 ]
[[ "$output" == "ok" ]]
}

87
tests/clean_core.bats
View File

@@ -264,91 +264,4 @@ EOF
[[ "$output" == *"Time Machine backup in progress, skipping cleanup"* ]]
}
@test "clean_empty_library_items removes nested empty directories in Application Support" {
# Create nested empty directory structure
mkdir -p "$HOME/Library/Application Support/UninstalledApp1/SubDir/DeepDir"
mkdir -p "$HOME/Library/Application Support/UninstalledApp2/Cache"
mkdir -p "$HOME/Library/Application Support/ActiveApp/Data"
mkdir -p "$HOME/Library/Caches/EmptyCache/SubCache"
# Create a file in ActiveApp to make it non-empty
touch "$HOME/Library/Application Support/ActiveApp/Data/config.json"
# Create top-level empty directory in Library
mkdir -p "$HOME/Library/EmptyTopLevel"
run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" bash --noprofile --norc << 'EOF'
set -euo pipefail
source "$PROJECT_ROOT/lib/core/common.sh"
source "$PROJECT_ROOT/lib/clean/user.sh"
# Mock dependencies
is_path_whitelisted() { return 1; }
is_critical_system_component() { return 1; }
bytes_to_human() { echo "$1"; }
note_activity() { :; }
safe_clean() {
# Actually remove the directories for testing
for path in "$@"; do
if [ "$path" != "${@: -1}" ]; then # Skip the description (last arg)
rm -rf "$path" 2>/dev/null || true
fi
done
}
clean_empty_library_items
EOF
[ "$status" -eq 0 ]
# Empty nested dirs should be removed
[ ! -d "$HOME/Library/Application Support/UninstalledApp1" ]
[ ! -d "$HOME/Library/Application Support/UninstalledApp2" ]
[ ! -d "$HOME/Library/Caches/EmptyCache" ]
[ ! -d "$HOME/Library/EmptyTopLevel" ]
# Non-empty directory should remain
[ -d "$HOME/Library/Application Support/ActiveApp" ]
[ -f "$HOME/Library/Application Support/ActiveApp/Data/config.json" ]
}
@test "clean_empty_library_items respects whitelist for empty directories" {
mkdir -p "$HOME/Library/Application Support/ProtectedEmptyApp"
mkdir -p "$HOME/Library/Application Support/UnprotectedEmptyApp"
mkdir -p "$HOME/.config/mole"
run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" bash --noprofile --norc << 'EOF'
set -euo pipefail
source "$PROJECT_ROOT/lib/core/common.sh"
source "$PROJECT_ROOT/lib/clean/user.sh"
# Mock dependencies
is_critical_system_component() { return 1; }
bytes_to_human() { echo "$1"; }
note_activity() { :; }
# Mock whitelist to protect ProtectedEmptyApp
is_path_whitelisted() {
[[ "$1" == *"ProtectedEmptyApp"* ]]
}
safe_clean() {
# Actually remove the directories for testing
for path in "$@"; do
if [ "$path" != "${@: -1}" ]; then # Skip the description (last arg)
rm -rf "$path" 2>/dev/null || true
fi
done
}
clean_empty_library_items
EOF
[ "$status" -eq 0 ]
# Whitelisted directory should remain even if empty
[ -d "$HOME/Library/Application Support/ProtectedEmptyApp" ]
# Non-whitelisted directory should be removed
[ ! -d "$HOME/Library/Application Support/UnprotectedEmptyApp" ]
}

15
tests/clean_user_core.bats
View File

@@ -103,22 +103,7 @@ EOF
[ "$status" -eq 0 ]
}
@test "clean_empty_library_items only cleans empty dirs" {
run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" /bin/bash --noprofile --norc <<'EOF'
set -euo pipefail
source "$PROJECT_ROOT/lib/core/common.sh"
source "$PROJECT_ROOT/lib/clean/user.sh"
safe_clean() { echo "$2"; }
WHITELIST_PATTERNS=()
mkdir -p "$HOME/Library/EmptyDir"
touch "$HOME/Library/empty.txt"
clean_empty_library_items
EOF
[ "$status" -eq 0 ]
[[ "$output" == *"Empty Library folders"* ]]
[[ "$output" != *"Empty Library files"* ]]
}
@test "clean_browsers calls expected cache paths" {
run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" bash --noprofile --norc <<'EOF'