Releases: Dicklesworthstone/storage_ballast_helper
Release list
v0.4.33 — safe /root build-artifact reclaim backstop
What's new in v0.4.33
Safe /root build-artifact reclaim backstop
sbh can now reclaim regenerable build junk that lands in /root on workers — a stale 241 GB /root/cass-ft-target cargo target filled a worker's disk and sbh couldn't touch it, because /root was a hard is_system_path veto and the artifact-basename predicate had no *-target/*_target suffix rule. This adds a narrow, safety-gated backstop:
- Detection —
is_obvious_build_artifact_basenamenow matches a-target/_targetsuffix (non-empty prefix required); the V2 opaque classifier promotes such dirs to reclaimable candidates. - Scoped veto lift —
is_system_pathlifts the/rootveto only for a candidate whose own basename is an obvious build artifact; never/rootitself, and everything else under/rootstays vetoed. - Hard protection retained — absolute sacred guards for
/root/.ssh,/root/.gnupg,/root/.rustup,/root/.config,/root/.local(independent of$HOME), plus surgical.cargo(config/credentials protected; registry/git caches stay reclaimable). Toolchains, credentials, config, and source remain hard-protected byis_system_path+ the sacred catalog + the source/git/looks-like-source vetoes — all stacking on top.
Opt-in per worker: add /root to [scanner] root_paths for the backstop to take effect. Prevention (steering build artifacts into /data/tmp) remains the primary defense; this is defense-in-depth.
Tests
Full suite green (1363 lib) including safety assertions: is_system_path FALSE for /root/cass-ft-target, TRUE for /root/.ssh/.rustup/.cargo; sacred overlaps fire for creds/toolchains; /home/*/projects protection preserved.
Built per dsr conventions: linux (x86_64-unknown-linux-gnu) on ts1, Developer-ID-signed darwin (aarch64-apple-darwin) on the build mac.
v0.4.32 — reclaim Go GOCACHE/GOMODCACHE caches; default to v2 scanner engine
What's new in v0.4.32
Reclaim Go build/module caches (GOCACHE / GOMODCACHE)
sbh now detects and reclaims Go toolchain caches, which previously accumulated unbounded (tens of GB) in /data/tmp on busy workers. Three gaps are fixed:
- Detection — Go caches live under arbitrary names that no name pattern matched. sbh now identifies them structurally (GOCACHE:
trim.txt+ hex shard dirs; GOMODCACHE:cache/download/) as a newGoCacheartifact category, scored as a single opaque candidate (no descent into 100k-file trees). Validated against real Go caches on the fleet. - Read-only removal — Go marks every GOMODCACHE module directory
0555, which defeats a plain recursive remove (no write bit on the parent to drop its entries). A new permission-defeating removal path (chmod-descend, symlink-safe) is gated strictly to read-only regenerable caches (Go caches + cargo registry/home); every other artifact keeps the conservative remover, where a read-only directory stays a natural brake. - Source-veto carve-out — every cached Go module legitimately ships a
go.mod, which used to trip the source-code safety veto. Positively-identified Go caches are now exempt (the structural identity cannot be produced by a real source tree).
Active/in-progress caches remain protected by the existing age and open-file vetoes — only idle/stale caches are reclaimed.
Default scanner engine is now v2 (opaque pruning)
The structural detection above lives in the v2 opaque-pruning traversal, so the default engine flips from v1 to v2. v2 reuses v1's scoring / guardrail / deletion safety surfaces and is what the production fleet already runs (SBH_SCANNER_ENGINE=v2). Pin engine = "v1" under [scanner] to keep the legacy full-descent walker.
Tests
Full suite green (1353 lib unit tests + all integration binaries), including new coverage for structural detection, the source-veto carve-out, and force-removal of a read-only 0555 tree.
Artifacts built per dsr conventions: linux (x86_64-unknown-linux-gnu) on ts1, signed darwin (aarch64-apple-darwin) on the build mac. Verify with SHA256SUMS.
sbh v0.4.30 — empty-pass cooldown keys on reclaim progress (hot-loop fix)
Fixes the scanner hot-loop that survived v0.4.29's B6 cooldown on disks parked below the green free-space threshold whose candidates are all protected (sacred *.sqlite-wal/.git/.beads markers in /data/tmp fixtures). The empty-pass cooldown now arms on no reclaim progress (zero candidates dispatched for deletion), not zero candidates surfaced, plus exponential backoff (90s → … → 2880s, cap 32×) for sustained no-progress passes. Red/Critical pressure still bypasses the cooldown; the deletion path and all protection logic are untouched.
Verified live on ts2: daemon CPU ~100 → ~1.5 ticks/s; backoff log lines firing (… 427 candidates, 0 dispatched; backing off … ≥180s). 7/7 cooldown unit tests pass.
See PR #13 and the CHANGELOG for full detail. This release is the empty-pass fix only — it does not include the in-flight writeback work.
Assets
- Linux x86_64:
sbh-v0.4.30-x86_64-unknown-linux-gnu.tar.xz - macOS arm64 (signed, Developer ID
AU8V2Z6NKY):sbh-v0.4.30-aarch64-apple-darwin.tar.xz
v0.4.29
v0.4.28
What's Changed
- fix(scanner): bound sacred-marker sub-walk, device-affinity gate, empty-pass cooldown by @Dicklesworthstone in #11
New Contributors
- @Dicklesworthstone made their first contribution in #11
Full Changelog: v0.4.27...v0.4.28
v0.4.27
v0.4.25
v0.4.24
Manual fleet release of linux-x86_64 only — Mac/aarch64-linux artifacts to follow when GitHub Actions runners clear.
Changes since v0.4.22
- log_truncation: plumb real free_pct + harden file open (19d8814)
- release(v0.4.23): truncate-in-place for active append-only logs (508fe4c)
- ci(release): validate tarball arch matches matrix target (b15e1e0) — guards against the v0.4.23 incident where a Mach-O ARM64 binary was mislabeled as linux-x86_64
- release(v0.4.24): drop stale Not Complete audit assertion (65cd5c5)
- test(log_truncator): gate non-utf8-filename test to Linux (5854496) — APFS rejects non-UTF-8 byte sequences in filenames
Why this is a partial release
GitHub Actions macOS runners were saturated (15+ hour queue), so the full signed/notarized release pipeline could not complete in time to clear the fleet self-update lockup that v0.4.23s broken artifacts caused. Linux-x86_64 was built manually on trj from tag v0.4.24 (commit 5854496) and uploaded under both versioned and legacy unversioned naming conventions for self-updater compatibility.
The full CI matrix (linux-aarch64, darwin-x86_64, darwin-aarch64 — signed + notarized + Homebrew tap update) should be re-run via the same v0.4.24 tag once runner availability returns.
Artifacts
- `sbh-v0.4.24-x86_64-unknown-linux-gnu.tar.xz` — versioned
- `sbh-x86_64-unknown-linux-gnu.tar.xz` — legacy unversioned (pre-v0.4.8 self-updaters)
- both `.sha256` sidecars