Skip to content

Releases: Dicklesworthstone/storage_ballast_helper

v0.4.33 — safe /root build-artifact reclaim backstop

Choose a tag to compare

@Dicklesworthstone Dicklesworthstone released this 02 Jul 21:11

What's new in v0.4.33

Safe /root build-artifact reclaim backstop

sbh can now reclaim regenerable build junk that lands in /root on workers — a stale 241 GB /root/cass-ft-target cargo target filled a worker's disk and sbh couldn't touch it, because /root was a hard is_system_path veto and the artifact-basename predicate had no *-target/*_target suffix rule. This adds a narrow, safety-gated backstop:

  • Detectionis_obvious_build_artifact_basename now matches a -target/_target suffix (non-empty prefix required); the V2 opaque classifier promotes such dirs to reclaimable candidates.
  • Scoped veto liftis_system_path lifts the /root veto only for a candidate whose own basename is an obvious build artifact; never /root itself, and everything else under /root stays vetoed.
  • Hard protection retained — absolute sacred guards for /root/.ssh, /root/.gnupg, /root/.rustup, /root/.config, /root/.local (independent of $HOME), plus surgical .cargo (config/credentials protected; registry/git caches stay reclaimable). Toolchains, credentials, config, and source remain hard-protected by is_system_path + the sacred catalog + the source/git/looks-like-source vetoes — all stacking on top.

Opt-in per worker: add /root to [scanner] root_paths for the backstop to take effect. Prevention (steering build artifacts into /data/tmp) remains the primary defense; this is defense-in-depth.

Tests

Full suite green (1363 lib) including safety assertions: is_system_path FALSE for /root/cass-ft-target, TRUE for /root/.ssh/.rustup/.cargo; sacred overlaps fire for creds/toolchains; /home/*/projects protection preserved.


Built per dsr conventions: linux (x86_64-unknown-linux-gnu) on ts1, Developer-ID-signed darwin (aarch64-apple-darwin) on the build mac.

v0.4.32 — reclaim Go GOCACHE/GOMODCACHE caches; default to v2 scanner engine

Choose a tag to compare

@Dicklesworthstone Dicklesworthstone released this 30 Jun 22:23

What's new in v0.4.32

Reclaim Go build/module caches (GOCACHE / GOMODCACHE)

sbh now detects and reclaims Go toolchain caches, which previously accumulated unbounded (tens of GB) in /data/tmp on busy workers. Three gaps are fixed:

  • Detection — Go caches live under arbitrary names that no name pattern matched. sbh now identifies them structurally (GOCACHE: trim.txt + hex shard dirs; GOMODCACHE: cache/download/) as a new GoCache artifact category, scored as a single opaque candidate (no descent into 100k-file trees). Validated against real Go caches on the fleet.
  • Read-only removal — Go marks every GOMODCACHE module directory 0555, which defeats a plain recursive remove (no write bit on the parent to drop its entries). A new permission-defeating removal path (chmod-descend, symlink-safe) is gated strictly to read-only regenerable caches (Go caches + cargo registry/home); every other artifact keeps the conservative remover, where a read-only directory stays a natural brake.
  • Source-veto carve-out — every cached Go module legitimately ships a go.mod, which used to trip the source-code safety veto. Positively-identified Go caches are now exempt (the structural identity cannot be produced by a real source tree).

Active/in-progress caches remain protected by the existing age and open-file vetoes — only idle/stale caches are reclaimed.

Default scanner engine is now v2 (opaque pruning)

The structural detection above lives in the v2 opaque-pruning traversal, so the default engine flips from v1 to v2. v2 reuses v1's scoring / guardrail / deletion safety surfaces and is what the production fleet already runs (SBH_SCANNER_ENGINE=v2). Pin engine = "v1" under [scanner] to keep the legacy full-descent walker.

Tests

Full suite green (1353 lib unit tests + all integration binaries), including new coverage for structural detection, the source-veto carve-out, and force-removal of a read-only 0555 tree.


Artifacts built per dsr conventions: linux (x86_64-unknown-linux-gnu) on ts1, signed darwin (aarch64-apple-darwin) on the build mac. Verify with SHA256SUMS.

sbh v0.4.30 — empty-pass cooldown keys on reclaim progress (hot-loop fix)

Choose a tag to compare

@Dicklesworthstone Dicklesworthstone released this 18 Jun 20:58

Fixes the scanner hot-loop that survived v0.4.29's B6 cooldown on disks parked below the green free-space threshold whose candidates are all protected (sacred *.sqlite-wal/.git/.beads markers in /data/tmp fixtures). The empty-pass cooldown now arms on no reclaim progress (zero candidates dispatched for deletion), not zero candidates surfaced, plus exponential backoff (90s → … → 2880s, cap 32×) for sustained no-progress passes. Red/Critical pressure still bypasses the cooldown; the deletion path and all protection logic are untouched.

Verified live on ts2: daemon CPU ~100 → ~1.5 ticks/s; backoff log lines firing (… 427 candidates, 0 dispatched; backing off … ≥180s). 7/7 cooldown unit tests pass.

See PR #13 and the CHANGELOG for full detail. This release is the empty-pass fix only — it does not include the in-flight writeback work.

Assets

  • Linux x86_64: sbh-v0.4.30-x86_64-unknown-linux-gnu.tar.xz
  • macOS arm64 (signed, Developer ID AU8V2Z6NKY): sbh-v0.4.30-aarch64-apple-darwin.tar.xz

v0.4.29

Choose a tag to compare

@Dicklesworthstone Dicklesworthstone released this 13 Jun 00:07

Release 0.4.29

v0.4.28

Choose a tag to compare

@github-actions github-actions released this 08 Jun 18:42

What's Changed

  • fix(scanner): bound sacred-marker sub-walk, device-affinity gate, empty-pass cooldown by @Dicklesworthstone in #11

New Contributors

Full Changelog: v0.4.27...v0.4.28

v0.4.27

Choose a tag to compare

@github-actions github-actions released this 27 May 17:26

Full Changelog: v0.4.26...v0.4.27

v0.4.25

Choose a tag to compare

@github-actions github-actions released this 23 May 04:20

Full Changelog: v0.4.24...v0.4.25

v0.4.24

Choose a tag to compare

@Dicklesworthstone Dicklesworthstone released this 17 May 01:22

Manual fleet release of linux-x86_64 only — Mac/aarch64-linux artifacts to follow when GitHub Actions runners clear.

Changes since v0.4.22

  • log_truncation: plumb real free_pct + harden file open (19d8814)
  • release(v0.4.23): truncate-in-place for active append-only logs (508fe4c)
  • ci(release): validate tarball arch matches matrix target (b15e1e0) — guards against the v0.4.23 incident where a Mach-O ARM64 binary was mislabeled as linux-x86_64
  • release(v0.4.24): drop stale Not Complete audit assertion (65cd5c5)
  • test(log_truncator): gate non-utf8-filename test to Linux (5854496) — APFS rejects non-UTF-8 byte sequences in filenames

Why this is a partial release

GitHub Actions macOS runners were saturated (15+ hour queue), so the full signed/notarized release pipeline could not complete in time to clear the fleet self-update lockup that v0.4.23s broken artifacts caused. Linux-x86_64 was built manually on trj from tag v0.4.24 (commit 5854496) and uploaded under both versioned and legacy unversioned naming conventions for self-updater compatibility.

The full CI matrix (linux-aarch64, darwin-x86_64, darwin-aarch64 — signed + notarized + Homebrew tap update) should be re-run via the same v0.4.24 tag once runner availability returns.

Artifacts

  • `sbh-v0.4.24-x86_64-unknown-linux-gnu.tar.xz` — versioned
  • `sbh-x86_64-unknown-linux-gnu.tar.xz` — legacy unversioned (pre-v0.4.8 self-updaters)
  • both `.sha256` sidecars

v0.4.23

Choose a tag to compare

@Dicklesworthstone Dicklesworthstone released this 14 May 05:49

Release 0.4.23

v0.4.22

Choose a tag to compare

@github-actions github-actions released this 12 May 07:53

Full Changelog: v0.4.21...v0.4.22