devclean
devclean is a safety-first Rust CLI and native SwiftUI macOS menu bar app for auditing and removing rebuildable development artifacts. It reclaims Rust targets, JavaScript dependencies, framework/build/test caches, selected global caches, and unused Docker data while protecting tracked source, backups, databases, symlinks, mounts, and Docker volumes.
Safety by construction
- Scan read-only and classify candidates using filesystem evidence.
- Block candidates containing Git-tracked files by default.
- Show an exact, size-sorted cleanup plan.
- Require confirmation unless
--yesis explicit. - Revalidate containment, category, type, and Git state immediately before deletion.
- Atomically rename each candidate into a same-filesystem quarantine before recursive removal.
- Never pass
--volumesto Docker cleanup.
Quick start
# Audit generated artifacts older than one week and at least 500 MiB
# Save a privacy-safe HTML audit
# Conservative cleanup: target, node_modules, framework caches
# Reclaim only enough to reach 100 GiB free
# Build cache only; volumes are untouched
# Broader Docker cleanup requires a distinct flag; still never volumes
Run devclean doctor to inspect roots, config search paths, tools, and active safety guarantees.
What it cleans
| Category | Default clean | Opt-in | Evidence |
|---|---|---|---|
Cargo target |
Yes | — | Exact name plus Cargo build markers |
node_modules |
Yes | — | Exact dependency-directory name |
| Framework cache | Yes | — | Known names such as .next and .svelte-kit |
| Build/test output | No | --all |
Recognized manifest plus exact generated name |
| Package/tool cache | No | --global-caches |
Exact platform-aware allowlist |
| Model/runtime cache | No | --expensive-caches |
Separate allowlist because redownload cost is high |
| Docker build cache | No | --docker |
docker builder prune, never volumes |
| Docker system data | No | --docker-system |
Stopped containers, unused images/networks/cache; never volumes |
Ambiguous dist, out, coverage, archives, user data, database paths, VCS metadata, and Docker volumes remain out of scope.
Filters and selection
--older-than 30d: require the newest observed file to be old enough.--min-size 1GiB: ignore small candidates.--exclude 'vendor/**': skip matching absolute, root-relative, or basename paths.--select: choose candidate numbers and ranges interactively.--only-path PATH: clean exact paths emitted by a previous JSON scan; every path must pass a fresh scan or the operation aborts.--target-free 100GiB: select only enough largest candidates to reach a free-space target on the first root filesystem.--allow-tracked: explicit escape hatch for vendored/generated content committed to Git.
Configuration
devclean loads the first existing file from ./devclean.toml or the platform config directory. Pass --config PATH to select one explicitly. CLI values override config values.
[]
= ["/Users/me/Dev"]
= ["vendor/**", "archive/**"]
= "14d"
= "100MiB"
= 24
[]
= true
= false
Reports and automation
HTML and JSON can contain private absolute paths unless --redact-paths is used. JSONL emits one candidate event per line followed by a summary event.
Generate shell integrations without extra packages:
Installation
GitHub release
Download the archive for your platform from the latest release, verify SHA256SUMS, then verify build provenance:
Cargo
The crates.io package is named devclean-cli; the installed executable is devclean.
Homebrew
Native macOS menu bar app
The SwiftUI app displays free space, previews reclaimable artifacts, supports exact per-candidate selection, and asks for destructive confirmation. It bundles the same Rust helper used by the CLI and never deletes files from Swift.
The local build is ad-hoc signed. Public frictionless distribution additionally requires a Developer ID Application certificate and Apple notarization. See apps/macos.
Build from source
The minimum supported Rust version is 1.85.
Codex skill
The companion skill lives at skills/dev-disk-cleaner:
It standardizes audit, authorization, narrow cleanup, HTML evidence, regeneration diagnosis, and post-clean verification.
Development
See architecture, safety model, performance, distribution, and contributing.
Community and security
- Ask usage questions in GitHub Discussions.
- Report bugs through GitHub Issues.
- Report vulnerabilities privately according to SECURITY.md.
- Participation is governed by CODE_OF_CONDUCT.md.
License
Released under the MIT License.