devclean
devclean is a safety-first Rust CLI and native SwiftUI macOS menu bar app for auditing and removing rebuildable development artifacts. Learning Mode measures local growth, surfaces unknown cache-like directories as review-only observations, and learns per-path feedback without making ambiguous data cleanable. Structured local diagnostics and opt-in, privacy-filtered Sentry monitoring keep failures visible.
Safety by construction
- Scan read-only and classify candidates using filesystem evidence.
- Block candidates containing Git-tracked files by default.
- Show an exact, size-sorted cleanup plan.
- Require confirmation unless
--yesis explicit. - Revalidate containment, category, type, and Git state immediately before deletion.
- Atomically rename each candidate into a same-filesystem quarantine before recursive removal.
- Never pass
--volumesto Docker cleanup. - Keep Learning Mode observations separate from cleanup authority.
Quick start
# Audit generated artifacts older than one week and at least 500 MiB
# Save a privacy-safe HTML audit
# Observe active artifacts and unknown cache-like project directories
# Conservative cleanup: target, node_modules, framework caches
# Keep selected artifacts restorable for seven days (space is released on purge)
# Reclaim only enough to reach 100 GiB free
# Build cache only; volumes are untouched
# Broader Docker cleanup requires a distinct flag; still never volumes
Run devclean doctor to inspect roots, config search paths, tools, and active safety guarantees.
What it cleans
| Category | Default clean | Opt-in | Evidence |
|---|---|---|---|
Cargo target |
Yes | — | Exact name plus Cargo build markers |
node_modules |
Yes | — | Exact dependency-directory name |
| Framework cache | Yes | — | Known names such as .next and .svelte-kit |
| Build/test output | No | --all |
Recognized manifest plus exact generated name |
| Ambiguous cache-like output | Never | --learning observes only |
Project marker plus names such as dist, out, .cache, or coverage |
| Package/tool cache | No | --global-caches |
Exact platform-aware allowlist |
| Model/runtime cache | No | --expensive-caches |
Separate allowlist because redownload cost is high |
| Docker build cache | No | --docker |
docker builder prune, never volumes |
| Docker system data | No | --docker-system |
Stopped containers, unused images/networks/cache; never volumes |
Ambiguous dist, out, and coverage directories can appear as Learning Mode review-only observations but never enter a cleanup plan. Archives, user data, databases, VCS metadata, and Docker volumes remain protected.
Filters and selection
--older-than 30d: require the newest observed file to be old enough.--min-size 1GiB: ignore small candidates.--exclude 'vendor/**': skip matching absolute, root-relative, or basename paths.--select: choose candidate numbers and ranges interactively.--only-path PATH: clean exact paths emitted by a previous JSON scan; every path must pass a fresh scan or the operation aborts.--target-free 100GiB: select only enough largest candidates to reach a free-space target on the first root filesystem.--allow-tracked: explicit escape hatch for vendored/generated content committed to Git.--learning: measure active known artifacts independently of age filters and surface large unknown cache-like directories as review-only.--quarantine-for 7d: retain selected artifacts in adjacent safety holds; this delays disk reclamation until purge.
Configuration
devclean loads the first existing file from ./devclean.toml or the platform config directory. Pass --config PATH to select one explicitly. CLI values override config values.
[]
= ["/Users/me/Dev"]
= ["vendor/**", "archive/**"]
= "14d"
= "100MiB"
= 24
[]
= true
= false
Reports and automation
HTML and JSON can contain private absolute paths unless --redact-paths is used. JSONL emits safe candidates, review-only observations, then a summary event.
Generate shell integrations without extra packages:
Installation
GitHub release
Download the archive for your platform from the latest release, verify SHA256SUMS, then verify build provenance:
Cargo
The crates.io package is named devclean-cli; the installed executable is devclean.
Homebrew
Native macOS menu bar app
The SwiftUI app scans at launch and every six hours, displays growth history, separates safe and review-only observations, accepts Always select / Never clean feedback, manages restorable safety holds, and keeps structured local logs. It bundles the same Rust helper used by the CLI and never deletes files from Swift.
Local source builds are ad-hoc signed unless CODE_SIGN_IDENTITY is provided. Published menu bar archives are Developer ID signed, notarized by Apple, stapled, and Gatekeeper-verified. See apps/macos.
Build from source
The minimum supported Rust version is 1.85.
Codex skill
The companion skill lives at skills/dev-disk-cleaner:
It standardizes audit, authorization, narrow cleanup, HTML evidence, regeneration diagnosis, and post-clean verification.
Development
See architecture, safety model, observability, privacy, performance, distribution, and contributing.
Community and security
- Ask usage questions in GitHub Discussions.
- Report bugs through GitHub Issues.
- Report vulnerabilities privately according to SECURITY.md.
- Participation is governed by CODE_OF_CONDUCT.md.
License
Released under the MIT License.