- linux_configuration/tests: update script paths after periodic_background/
reorganisation (hosts_file_monitor, makepkg_capped, music_parallelism,
shutdown_timer_monitor, usage_monitoring_installer_efficiency)
- test_i3blocks_efficiency.sh: remove checks for HEARTBEAT_INTERVAL_S and
WARP_POLL_INTERVAL_S constants that no longer exist
- test_pacman_wrapper_security.sh: remove tests 20-21 (builtin time helpers /
external date calls) that are no longer applicable; update path
- generate_hosts_file.sh: add sed unblock rules for delio.com.pl and
loverslab.com to stay consistent with install.sh whitelist
- steam_backlog_enforcer/scanning.py: remove unplayable_reason arg from
logger.info call (too many format args); drop matching test assertion
- steam_backlog_enforcer/tests/test_protondb.py: add
test_unplayable_reason_no_trending_tier to restore 100% branch coverage
on protondb.py line 97 (was previously covered indirectly)
- Screen locker: disable VT switching (Ctrl+Alt+Fn) via setxkbmap
srvrkeys:none on startup; restore on close (production mode only).
Gracefully skips if setxkbmap is not installed (shutil.which).
Tests: 7 new tests, 100% branch coverage maintained.
- Midnight shutdown: restore real schedule values (Mon-Wed 21:00,
Thu-Sun 22:00, morning end 05:00); re-enable the three commented-out
leniency checks in check_schedule_protection(); self-lock script with
chattr +i at end of enable_midnight_shutdown().
- Hosts install: add UNBLOCK_STATE_FILE tracking for whitelisted domains;
check_unblock_entries_protection() blocks installation if the unblock
list grows; save state after install; self-lock install.sh and
generate_hosts_file.sh with chattr +i.
- Move all linux_configuration scripts into two semantic categories:
- single_use/: scripts run once manually (fresh install, fixes, setup)
- periodic_background/: scripts run by systemd timers or daemons
- Preserve existing subdirectory structure within each category
- Fix lib/common.sh source paths for new directory depths
- Fix CONFIG_DIR depth in setup_periodic_system.sh and check_and_enable_services.sh
- Update all references in tests, fresh-install/main.sh, nix modules, and docs
- Fix check_polling_antipatterns.sh false positives (||, regex |, case patterns, jq strings)
- Fix pre-existing mypy exclusion path and type annotations for moved tools/ directory
- Rewrite check_polling_antipatterns.sh using awk (no bash regex loops); add require_serial: true
- meta/.pre-commit-config.yaml: move pytest-coverage hook to pre-commit stage
- scripts/pytest_changed_packages.py: single batched pytest -n auto invocation
with one --cov flag per affected python_pkg subpackage, wrapped in
systemd-run --user --scope -p MemoryMax=4G -p MemorySwapMax=0 when available
- python_pkg/steam_backlog_enforcer/tests/conftest.py: new autouse
_no_real_sleep fixture patches time.sleep across game_install /
library_hider / steam_api / _enforce_loop. Removes 3x 15s real sleeps
in TestFinalizeCompletion that fired through _ensure_steam_running
steam_backlog_enforcer test wall time: 33.97s -> 5.61s (xdist, no-cov)
5-package batched run: 732 tests in 1.37s @ 668% CPU
Coverage stays at 100% on all affected packages.
Evidence: docs/superpowers/evidence/pre-commit-pytest-batch-2026-05-14.json
All hooks without an explicit stage are now commit-only. Pre-push
surface shrinks to pytest-coverage (scoped) and prettier (scoped+
isolated). Force-pushing already-audited history no longer re-scans the
divergent file diff with codespell/shellcheck/secrets/etc.
Heaviest hooks now run on tiny per-commit staged diffs instead of the
full force-push diff. After the recent filter-repo history rewrite,
origin/main shares no ancestor with local main, so pre-push was feeding
mypy/pylint/bandit ~every .py file in the repo, OOM-killing inside the
4 GiB cgroup. Per-commit cost: ~5-10 s on Python edits. Pre-push now
only runs pytest-coverage (scoped) and prettier (scoped+isolated).
Wrap pre-push prettier --check in a 1 GiB systemd-run scope so its Node
heap is independent of the outer 4 GiB pre-push cgroup, which has
already accumulated page-cache footprint from pytest/mypy/pylint/bandit
by the time prettier runs. Falls back to direct invocation when
systemd-run is unavailable.
Expand prettier exclude to skip vendored agent-skills mirrors,
big superpowers plan/spec docs, and the linux_configuration jscpd
report. Cuts the pre-push file count 143 -> 75, keeping Node heap
well under the 4 GB systemd-run MemoryMax that wraps pre-push.
_affected_packages() now ignores subpackages whose tests/ dir doesn't
exist on disk and stops returning None for stray root-level files left
over from rewritten history. Pre-push pytest scope is bounded to the
6 packages with real test suites instead of every diverged path.
- Move pyproject.toml, .pre-commit-config.yaml, requirements.txt, run.sh,
lint_python.sh, .fvmrc into meta/ with root symlinks preserving tool
auto-discovery.
- Combine requirements.txt + requirements-dev.txt into meta/requirements.txt
(single sorted source of truth).
- Remove setup.sh, .binary-allowlist, C/ (no native code remains),
python_pkg/{split,pdfCentered,geo_data}, scripts/check_c_cpp_build_files.sh.
- Drop clang-format/cppcheck/flawfinder/check-c-cpp-build-files hooks and
archived path excludes from pre-commit config.
- Add .secret-patterns to .gitignore and untrack it (sensitive content;
full history purge is a follow-up step).
- Move 7 loose top-level Markdown reports under docs/cleanup-2026-05/.
- Relocate batch3_bloatware_uninstall.sh into phone_focus_mode/ where its
ADB/phone wiring belongs.
- Delete tracked out.json (empty puzzle_solver fixture).
- Remove untracked clutter (mp4/wav/lcov/log/txt) from the working tree.
Adds 1410710, 10500, 813780, 489830 to PROTECTED_APP_IDS so the enforcer
will not uninstall them. Existing tests patch the set, so test outcomes
are unaffected.
- music_parallelism.sh + thesis_work_tracker.sh: tighter state-output and
error paths; expanded regression tests.
- hosts-file-monitor.sh + shutdown-timer-monitor.sh: harden against partial
failures, matching new test branches.
- i3blocks persist_common.sh helper improved (consumed by activitywatch /
warp status blocks).
- setup_midnight_shutdown.sh + thesis_work_status.sh: state parsing tuned.
- pacman_blocked_keywords.txt: drop one obsolete entry.
- New test_thesis_work_status.sh regression script.
All six bash regression tests pass.
Adds a sick-day exemption flow with debt tracking so workout enforcement
can be skipped on declared sick days while preserving phone-verification
and shutdown invariants.
- New _sick_tracker module persists sick_history.json (days, debt, commitments).
- New _sick_dialog integrates declaration into the lock UI flow.
- _ui_flows.py and screen_lock.py consult tracker before enforcing workouts.
- gitignore sick_history.json (runtime state, like sick_day_state.json).
- 304 tests pass; 100% branch coverage on every screen_locker file.
- music_parallelism.sh: restore batched-pgrep/xdotool optimization that exists
in /usr/local/bin/ but had been lost from the repo, plus bump intervals
(FAST 0.5s->2s, IDLE 3s->10s) to further cut fork rate
- organize_downloads.sh: replace per-file tr fork with bash 4 ${var,,}
parameter expansion, replace per-log-line $(date) fork with printf %()T builtin
Follow-up to fork-storm fixes after observing 122 CPU-hours of date calls
in a 90-minute window (root cause was nvidia-pmon-logger.sh, fixed separately).
The Magisk app's Modules tab "Disable" / "Remove" buttons work by
creating marker files (disable, remove) in /data/adb/modules/hosts/.
Tapping Disable in the app on next boot would skip the module's
magic-mount of /system/etc/hosts, silently disabling all hosts-file
blocking.
Defense in depth:
1. deploy.sh chattr +i's the module dir + its hosts file so the
Magisk app cannot create disable/remove markers (kernel returns
EPERM). The +i attribute survives reboot.
2. hosts_enforcer.sh adds protect_magisk_module(): every poll cycle
(and on startup) scans for disable/remove/update markers, deletes
them, logs TAMPER, and re-asserts +i on the dir. Safety net in
case the lock is bypassed.
3. sync_magisk_module() now drops +i briefly before its cp and
re-locks via protect_magisk_module() so workout-state hosts
swaps still work.
4. deploy.sh detects the previously-silent failure mode of the
module being enabled on disk but not yet magic-mounted (no
/system/etc/hosts) and aborts with a clear reboot-required
message instead of producing a deploy that does nothing.
5. focus_ctl.sh hosts-status now prints the lock state and warns
about any present markers.
Verified end-to-end on BL9000EEA0000102:
- Pre-reboot: chattr +i set, touch /data/adb/modules/hosts/disable
returns Operation not permitted.
- Post-reboot: /system/etc/hosts magic-mounted (178303 lines, sha
matches canonical), lock survives reboot, ping youtube.com -> 127.0.0.1.
- Tamper test: chattr -i + touch disable -> enforcer logs
'TAMPER: removed Magisk module marker' within 15s and re-locks.
Documented intentional override path inline (focus_ctl.sh hosts-stop;
chattr -i; touch disable).
Resource-usage report showed ~29 cores of average load coming from i3blocks
helper scripts forking awk/tr/grep/bc/sensors/nvidia-smi every tick. Rewrite
all five hot-path scripts to eliminate forks:
- volume.sh: persist mode, blocks on 'pactl subscribe' event stream.
No polling, no sleep, no fork per tick.
- gpu_monitor.sh: persist mode, single long-lived 'nvidia-smi --loop=5'
feeds a bash 'while read' loop. Falls back to /sys for amdgpu.
- battery_status.sh: reads /sys/class/power_supply/BAT*/ directly.
Zero forks; replaces 'acpi | awk' pipeline.
- cpu_monitor.sh: reads /proc/loadavg and k10temp/coretemp /sys/class/hwmon.
Zero forks; replaces 'sensors | awk | tr' + bc arithmetic.
- motherboard_temp.sh: reads nct*/it*/f71* Super-I/O hwmon node directly.
Zero forks.
Configure volume + gpu_monitor with interval=persist so i3blocks keeps
one long-lived producer each instead of forking per tick.
Also add:
- kill_stale_recorders.sh -- kill stray ffmpeg x11grab / dotnet-trace /
dotnet-monitor processes left running after sessions.
- monitors.slice -- resource-capped user slice (CPUQuota=50%,
MemoryMax=512M, MemorySwapMax=0 for zram safety, TasksMax=256) to
bound future monitoring regressions.
- efficient-polling-scripts SKILL -- rules for writing status-bar and
polling scripts without forks; fork-pipeline to bash-builtin translation
table; verification checklist.
Verified live: strace -c on cpu_monitor.sh shows 1 execve / 0 clones;
persist producers (pactl subscribe, nvidia-smi --loop) show 0 CPU ticks
over a 3s idle sample. Per-invocation timing 1.6-1.9 ms (was 30-80 ms).
- New companion Android app (com.kuhy.focusstatus) under
phone_focus_mode/focus_status_app/ with a pure-Java, Gradle-less
command-line build pipeline (build.sh). Shows an ongoing
notification titled 'Focus: HOME / AWAY / DAEMON DOWN' with
distance, GPS, disabled-app count, last check, daemon checkmarks,
and a 'Re-check now' action button.
- focus_daemon.sh: write_status_snapshot() + sleep_with_recheck()
for JSON status + early-wake on trigger file. init() chmods
STATE_DIR 777 so the app can drop the trigger file.
- config.sh: new STATUS_FILE / RECHECK_TRIGGER; WHITELIST expanded
with com.kuhy.focusstatus and 11 more user-requested apps
(podcini X, mpv, bible/openbible, pkp/portalpasazera, orange,
runnerup, splitbills/splitwise, xiaomi smarthome).
- focus_ctl.sh: new 'recheck' + 'notif-status' subcommands.
- deploy.sh: new step [7/7] builds APK, installs, grants
POST_NOTIFICATIONS, pre-approves Magisk SU policy, launches
foreground service.
- .gitignore: exclude focus_status_app/build symlink + debug.keystore.
End-to-end verified on device: notification live with real values;
Re-check button triggers a daemon location check within ~1s.
Documents the machine-freeze root cause (zram + cgroup without MemorySwapMax=0),
the run_capped() pattern in .git/hooks/, the 2GB nested cgroup per pytest package,
and the COVERAGE_FILE isolation fix for pytest-cov SQLite corruption.
Each package subprocess now writes to its own tmpfile via COVERAGE_FILE env.
This prevents sequential subprocess runs from stomping on the .coverage SQLite
DB that the prior run left behind, which caused INTERNALERROR when pytest-cov
tried to combine() parallel data files with incompatible schemas.
Parallel cgroup subprocesses racing on the same .coverage SQLite DB caused
INTERNALERROR (no such table: meta/arc) when combining coverage data files.
Delete all .coverage* files before each package run to prevent corruption.