refactor: convert mac-optimizer from raw skill to proper plugin
Restructured 92-mac-optimizer from a CLAUDE.md-based skill into a full Claude Code plugin with .claude-plugin/plugin.json, 6 slash commands (/mac-doctor, /mac-packages, /mac-environment, /mac-security, /mac-cleanup, /mac-resources), and auto-trigger SKILL.md. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,74 @@
|
||||
# Cleanup Targets Reference
|
||||
|
||||
## Risk Ratings
|
||||
|
||||
| Risk | Meaning |
|
||||
|---|---|
|
||||
| Safe | Can be deleted without consequence; regenerated automatically |
|
||||
| Moderate | Review before deleting; may lose useful data |
|
||||
| Risky | May break applications; requires careful inspection |
|
||||
| Info only | Report size but do not offer deletion |
|
||||
|
||||
## Target Details
|
||||
|
||||
### User Logs (Safe)
|
||||
- **Path**: `~/Library/Logs/`
|
||||
- **Cleanup target**: `user-logs`
|
||||
- **Notes**: Application crash reports and debug logs. Regenerated as needed.
|
||||
|
||||
### System Logs (Moderate, requires sudo)
|
||||
- **Path**: `/var/log/`
|
||||
- **Cleanup target**: not available via cleanup_execute.sh (requires sudo)
|
||||
- **Notes**: System-level logs. Only clean old/rotated files. Active logs should not be deleted.
|
||||
|
||||
### User Caches (Safe, per-app)
|
||||
- **Path**: `~/Library/Caches/`
|
||||
- **Cleanup target**: `user-caches`
|
||||
- **Notes**: App caches regenerated on next use. Some apps may need to re-download data. Browser caches can be large.
|
||||
|
||||
### Homebrew Cache (Safe)
|
||||
- **Path**: `$(brew --cache)` (typically `~/Library/Caches/Homebrew/`)
|
||||
- **Cleanup target**: `brew-cache`
|
||||
- **Notes**: Downloaded bottles and source archives. `brew cleanup` handles this properly.
|
||||
|
||||
### npm Cache (Safe)
|
||||
- **Path**: `~/.npm/_cacache/`
|
||||
- **Cleanup target**: `npm-cache`
|
||||
- **Notes**: Package download cache. `npm cache clean --force` is the proper way to clear.
|
||||
|
||||
### pip Cache (Safe)
|
||||
- **Path**: `~/Library/Caches/pip/`
|
||||
- **Cleanup target**: `pip-cache`
|
||||
- **Notes**: Downloaded wheel/sdist cache. `pip cache purge` is the proper way to clear.
|
||||
|
||||
### Xcode DerivedData (Safe)
|
||||
- **Path**: `~/Library/Developer/Xcode/DerivedData/`
|
||||
- **Cleanup target**: `xcode-derived`
|
||||
- **Notes**: Build artifacts and indexes. Rebuilt on next Xcode build. Can grow very large.
|
||||
|
||||
### Xcode Archives (Moderate)
|
||||
- **Path**: `~/Library/Developer/Xcode/Archives/`
|
||||
- **Cleanup target**: `xcode-archives`
|
||||
- **Notes**: App Store submission archives. May be needed for symbolication of crash reports. Review before deleting.
|
||||
|
||||
### iOS DeviceSupport (Safe)
|
||||
- **Path**: `~/Library/Developer/Xcode/iOS DeviceSupport/`
|
||||
- **Cleanup target**: `ios-support`
|
||||
- **Notes**: Debug symbols for connected iOS devices. Re-downloaded when device connects again.
|
||||
|
||||
### Docker (Moderate)
|
||||
- **Cleanup target**: `docker`
|
||||
- **Notes**: Uses `docker system prune -f`. Removes stopped containers, unused networks, dangling images. Does NOT remove named volumes. Never delete Docker's filesystem directly.
|
||||
|
||||
### Trash (Safe)
|
||||
- **Path**: `~/.Trash/`
|
||||
- **Cleanup target**: `trash`
|
||||
- **Notes**: Items in Trash. User has already "deleted" these.
|
||||
|
||||
### Old Downloads (Info only)
|
||||
- **Path**: `~/Downloads/` (files >90 days old)
|
||||
- **Notes**: Report only. User should review manually. Never auto-delete downloads.
|
||||
|
||||
### Application Support Remnants (Risky)
|
||||
- **Path**: `~/Library/Application Support/` orphaned directories
|
||||
- **Notes**: Report only. Directories from uninstalled apps. Difficult to determine automatically which are truly orphaned. Manual review required.
|
||||
@@ -0,0 +1,52 @@
|
||||
# Package Manager Reference
|
||||
|
||||
## Homebrew
|
||||
|
||||
### Update workflow
|
||||
```bash
|
||||
brew update # Update Homebrew itself and formulae list
|
||||
brew outdated # List outdated formulae
|
||||
brew outdated --cask # List outdated casks
|
||||
brew upgrade # Upgrade all outdated formulae
|
||||
brew upgrade <name> # Upgrade specific formula
|
||||
brew upgrade --cask # Upgrade all casks
|
||||
brew cleanup --prune=0 # Remove all cached downloads
|
||||
brew autoremove # Remove orphaned dependencies
|
||||
brew doctor # Diagnose issues
|
||||
```
|
||||
|
||||
### Safety notes
|
||||
- `brew upgrade` is generally safe but can break projects pinned to specific versions
|
||||
- Always check `brew doctor` warnings — some are cosmetic, some indicate real issues
|
||||
- `brew autoremove` only removes packages not depended on by anything
|
||||
|
||||
## npm / nvm
|
||||
|
||||
### Update workflow
|
||||
```bash
|
||||
nvm ls # List installed Node versions
|
||||
nvm install --lts # Install latest LTS
|
||||
npm outdated -g # Check global packages
|
||||
npm update -g # Update all global packages
|
||||
npm cache clean --force # Clear npm cache
|
||||
```
|
||||
|
||||
### Safety notes
|
||||
- Global npm packages are version-independent from project dependencies
|
||||
- Updating global packages won't affect project-level node_modules
|
||||
|
||||
## Python / pyenv
|
||||
|
||||
### Update workflow
|
||||
```bash
|
||||
pyenv versions # List installed versions
|
||||
pyenv install --list # Available versions
|
||||
pip list --outdated # Outdated packages in current env
|
||||
pip install --upgrade <pkg> # Upgrade specific package
|
||||
pip cache purge # Clear pip cache
|
||||
```
|
||||
|
||||
### Safety notes
|
||||
- Only audit pyenv-managed environments (not system Python)
|
||||
- pip upgrades can break dependency chains — suggest `--dry-run` first
|
||||
- Virtual environments in project directories are not scanned (out of scope v1)
|
||||
@@ -0,0 +1,53 @@
|
||||
# Security Checks Reference
|
||||
|
||||
## SIP (System Integrity Protection)
|
||||
- **Check**: `csrutil status`
|
||||
- **Expected**: "System Integrity Protection status: enabled."
|
||||
- **Remediation**: Reboot to Recovery Mode (Cmd+R), open Terminal, run `csrutil enable`
|
||||
- **Severity**: Critical if disabled
|
||||
|
||||
## Gatekeeper
|
||||
- **Check**: `spctl --status`
|
||||
- **Expected**: "assessments enabled"
|
||||
- **Remediation**: `sudo spctl --master-enable`
|
||||
- **Severity**: Critical if disabled
|
||||
|
||||
## Firewall
|
||||
- **Check**: `/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate`
|
||||
- **Fallback**: `defaults read /Library/Preferences/com.apple.alf globalstate` (0=off, 1=on, 2=essential)
|
||||
- **Remediation**: System Settings > Network > Firewall > Turn On
|
||||
- **Severity**: Critical if disabled
|
||||
|
||||
## FileVault
|
||||
- **Check**: `fdesetup status`
|
||||
- **Expected**: "FileVault is On."
|
||||
- **Remediation**: System Settings > Privacy & Security > FileVault > Turn On
|
||||
- **Severity**: Critical if disabled (disk not encrypted)
|
||||
|
||||
## Open Ports
|
||||
- **Check**: `lsof -iTCP -sTCP:LISTEN -nP`
|
||||
- **Review**: unexpected services listening on all interfaces (0.0.0.0 or *)
|
||||
- **Severity**: Info (review needed, not automatically bad)
|
||||
|
||||
## SSH Configuration
|
||||
- **Check**: `/etc/ssh/sshd_config`
|
||||
- **Flags**: `PasswordAuthentication yes`, `PermitRootLogin yes`
|
||||
- **Remediation**: Set to `no` and restart sshd
|
||||
- **Severity**: Warning
|
||||
|
||||
## Remote Services
|
||||
- **Remote Login**: `systemsetup -getremotelogin`
|
||||
- **Remote Management**: `defaults read /Library/Preferences/com.apple.RemoteManagement ARD_AllLocalUsers`
|
||||
- **Remediation**: Disable in System Settings > General > Sharing
|
||||
- **Severity**: Info/Warning depending on context
|
||||
|
||||
## Software Updates
|
||||
- **Check**: `softwareupdate -l` (can be slow, 30s timeout)
|
||||
- **Remediation**: System Settings > General > Software Update
|
||||
- **Severity**: Warning if updates available
|
||||
|
||||
## Screen Lock
|
||||
- **Check**: `defaults -currentHost read com.apple.screensaver idleTime`
|
||||
- **Check**: `defaults read com.apple.screensaver askForPassword`
|
||||
- **Remediation**: System Settings > Lock Screen
|
||||
- **Severity**: Warning if password not required
|
||||
Reference in New Issue
Block a user