devclean
devclean is a safety-first Rust CLI and native SwiftUI macOS menu bar app for auditing and removing rebuildable development artifacts. Learning Mode measures local growth, surfaces unknown cache-like directories as review-only observations, and can promote an exact path only through a scanner-owned rule approved by the user. Structured local diagnostics and opt-in, privacy-filtered Sentry monitoring keep failures visible.
Safety by construction
- Scan read-only and classify candidates using filesystem evidence.
- Block candidates containing Git-tracked files by default.
- Show an exact, size-sorted cleanup plan.
- Require confirmation unless
--yesis explicit. - Revalidate containment, category, type, and Git state immediately before deletion.
- Atomically rename each candidate into a same-filesystem quarantine before recursive removal.
- Never pass
--volumesto Docker cleanup. - Keep Learning Mode observations separate from cleanup authority.
Quick start
# Audit generated artifacts older than one week and at least 500 MiB
# Save a privacy-safe HTML audit
# Observe active artifacts and unknown cache-like project directories
# Watch roots read-only and notify when reclaimable artifacts exceed the threshold
# Browse candidates in a read-only terminal UI; Enter only prints a clean command
# Preview the exact cleanup plan without confirmation or filesystem changes
# Conservative cleanup: target, node_modules, framework caches, Python caches/environments
# Keep selected artifacts restorable for seven days (space is released on purge)
# Permanently delete one exact hold immediately
# Restore one exact hold through the clean UX shorthand
# Reclaim only enough to reach 100 GiB free
# Build cache only; volumes are untouched
# Broader Docker cleanup requires a distinct flag; still never volumes
# Install a platform-native timer after previewing it
# Inspect aggregate local history (candidate paths are never stored)
Run devclean doctor to inspect roots, config search paths, tools, and active safety guarantees.
What it cleans
| Category | Default clean | Opt-in | Evidence |
|---|---|---|---|
Cargo target |
Yes | — | Exact name plus Cargo build markers |
node_modules |
Yes | — | Exact dependency-directory name |
| Framework cache | Yes | — | Known names such as .next and .svelte-kit |
| Python bytecode/test cache | Yes | — | __pycache__, or .tox/.nox beside a direct Python project marker |
| Python virtual environment | Yes | — | .venv/venv directly beside pyproject.toml, requirements, or another dependency manifest |
| Build/test output | No | --all |
Recognized manifest plus exact generated name |
| Gradle/CMake/Zig output | No | --all |
Direct build manifest plus build, .zig-cache, zig-cache, or zig-out |
| Ambiguous cache-like output | Never | --learning observes only |
Project marker plus names such as dist, out, .cache, or coverage |
| Package/tool cache | No | --global-caches |
Exact platform-aware allowlist |
| Model/runtime cache | No | --expensive-caches |
Separate allowlist because redownload cost is high |
| Docker build cache | No | --docker |
docker builder prune, never volumes |
| Docker system data | No | --docker-system |
Stopped containers, unused images/networks/cache; never volumes |
Ambiguous dist, out, and coverage directories can appear as Learning Mode review-only observations but never enter a cleanup plan. Archives, user data, databases, VCS metadata, and Docker volumes remain protected.
Filters and selection
--older-than 30d: require the newest observed file to be old enough.--min-size 1GiB: ignore small candidates.--exclude 'vendor/**': skip matching absolute, root-relative, or basename paths.--select: choose candidate numbers and ranges interactively.--only-path PATH: clean exact paths emitted by a previous JSON scan; every path must pass a fresh scan or the operation aborts.--target-free 100GiB: select only enough largest candidates to reach a free-space target on the first root filesystem.--allow-tracked: explicit escape hatch for vendored/generated content committed to Git.--learning: measure active known artifacts independently of age filters and surface large unknown cache-like directories as review-only.--approve-review-path PATH: approve an exact observation only when it still matches a scanner-owned rule: SwiftPM.buildbesidePackage.swift,DerivedDatabeside an Xcode project,.gradlebeside a Gradle script, orPodsbeside bothPodfileandPodfile.lock.--quarantine-for 7d: retain selected artifacts in adjacent safety holds; this delays disk reclamation until purge.--dry-run: render the fully filtered clean plan and optional HTML report, then exit without confirmation, Docker invocation, quarantine, or deletion.--undo ID: restore one exact safety hold; shorthand forquarantine restore ID.
Configuration
devclean loads the first existing file from ./.devclean.toml, ./devclean.toml, or the platform config directory. Pass --config PATH to select one explicitly. CLI values override config values. devclean init creates a reviewed starter file; devclean config fetch <git-url-or-path> clones a shared policy and validates it before replacing the local file.
[]
= ["/Users/me/Dev"]
= ["vendor/**", "archive/**"]
= "14d"
= "100MiB"
= 24
[]
= true
= false
[]
= "5GiB"
= "1h"
[[]]
= "turbo-cache"
= "framework-cache"
= [".turbo"]
= ["package.json"]
= "rebuildable Turbo cache"
Custom rules remain evidence-based: names are exact, every marker must be a direct sibling, path traversal is rejected, and the rule is revalidated immediately before cleanup. See devclean.example.toml.
Reports and automation
HTML and JSON can contain private absolute paths unless --redact-paths is used. JSONL emits safe candidates, review-only observations, Learning Mode observations, then a summary event.
Generate shell integrations without extra packages:
Scheduled cleanup uses launchd on macOS, a systemd user timer on Linux, and Task Scheduler on Windows. Installation requires both --yes and an explicit profile; use --dry-run to inspect generated paths and commands first. Cleanup results are appended as JSONL under the platform log directory.
Installation
GitHub release
Download the archive for your platform from the latest release, verify SHA256SUMS, then verify build provenance:
Cargo
The crates.io package is named devclean-cli; the installed executable is devclean.
Homebrew
# Command-line tool
# Native macOS menu bar app
The Cask installs and opens DevCleaner.app after installation. On its first launch, the app registers itself with macOS Launch at Login; this can be disabled at any time in DevCleaner Settings or System Settings > General > Login Items.
Native macOS menu bar app
The SwiftUI app scans at launch and every six hours, displays growth history, separates safe and review-only observations, exposes approve/revoke controls for scanner-owned rules, accepts Always select / Never clean feedback, and offers both a restorable safety hold and a separately confirmed Delete Now path for immediate reclamation. Settings can restore or permanently delete one exact hold. The app registers with macOS Launch at Login by default, keeps structured local logs, bundles the same Rust helper used by the CLI, and never deletes files from Swift.
Local source builds are ad-hoc signed unless CODE_SIGN_IDENTITY is provided. Published menu bar archives are Developer ID signed, notarized by Apple, stapled, and Gatekeeper-verified. See apps/macos.
VS Code extension
The source extension in editors/vscode shows reclaimable workspace bytes in the status bar, opens a privacy-explicit HTML report, and keeps preview separate from cleanup. Cleanup always requires a modal confirmation and invokes devclean directly without a shell.
Build from source
The minimum supported Rust version is 1.85.
Codex skill
The companion skill lives at skills/dev-disk-cleaner:
It standardizes audit, authorization, narrow cleanup, HTML evidence, regeneration diagnosis, and post-clean verification.
Development
See architecture, safety model, observability, privacy, performance, distribution, and contributing.
Community and security
- Ask usage questions in GitHub Discussions.
- Report bugs through GitHub Issues.
- Report vulnerabilities privately according to SECURITY.md.
- Participation is governed by CODE_OF_CONDUCT.md.
License
Released under the MIT License.