- Move pyproject.toml, .pre-commit-config.yaml, requirements.txt, run.sh,
lint_python.sh, .fvmrc into meta/ with root symlinks preserving tool
auto-discovery.
- Combine requirements.txt + requirements-dev.txt into meta/requirements.txt
(single sorted source of truth).
- Remove setup.sh, .binary-allowlist, C/ (no native code remains),
python_pkg/{split,pdfCentered,geo_data}, scripts/check_c_cpp_build_files.sh.
- Drop clang-format/cppcheck/flawfinder/check-c-cpp-build-files hooks and
archived path excludes from pre-commit config.
- Add .secret-patterns to .gitignore and untrack it (sensitive content;
full history purge is a follow-up step).
- Move 7 loose top-level Markdown reports under docs/cleanup-2026-05/.
- Relocate batch3_bloatware_uninstall.sh into phone_focus_mode/ where its
ADB/phone wiring belongs.
- Delete tracked out.json (empty puzzle_solver fixture).
- Remove untracked clutter (mp4/wav/lcov/log/txt) from the working tree.
Adds 1410710, 10500, 813780, 489830 to PROTECTED_APP_IDS so the enforcer
will not uninstall them. Existing tests patch the set, so test outcomes
are unaffected.
- music_parallelism.sh + thesis_work_tracker.sh: tighter state-output and
error paths; expanded regression tests.
- hosts-file-monitor.sh + shutdown-timer-monitor.sh: harden against partial
failures, matching new test branches.
- i3blocks persist_common.sh helper improved (consumed by activitywatch /
warp status blocks).
- setup_midnight_shutdown.sh + thesis_work_status.sh: state parsing tuned.
- pacman_blocked_keywords.txt: drop one obsolete entry.
- New test_thesis_work_status.sh regression script.
All six bash regression tests pass.
Adds a sick-day exemption flow with debt tracking so workout enforcement
can be skipped on declared sick days while preserving phone-verification
and shutdown invariants.
- New _sick_tracker module persists sick_history.json (days, debt, commitments).
- New _sick_dialog integrates declaration into the lock UI flow.
- _ui_flows.py and screen_lock.py consult tracker before enforcing workouts.
- gitignore sick_history.json (runtime state, like sick_day_state.json).
- 304 tests pass; 100% branch coverage on every screen_locker file.
- music_parallelism.sh: restore batched-pgrep/xdotool optimization that exists
in /usr/local/bin/ but had been lost from the repo, plus bump intervals
(FAST 0.5s->2s, IDLE 3s->10s) to further cut fork rate
- organize_downloads.sh: replace per-file tr fork with bash 4 ${var,,}
parameter expansion, replace per-log-line $(date) fork with printf %()T builtin
Follow-up to fork-storm fixes after observing 122 CPU-hours of date calls
in a 90-minute window (root cause was nvidia-pmon-logger.sh, fixed separately).
The Magisk app's Modules tab "Disable" / "Remove" buttons work by
creating marker files (disable, remove) in /data/adb/modules/hosts/.
Tapping Disable in the app on next boot would skip the module's
magic-mount of /system/etc/hosts, silently disabling all hosts-file
blocking.
Defense in depth:
1. deploy.sh chattr +i's the module dir + its hosts file so the
Magisk app cannot create disable/remove markers (kernel returns
EPERM). The +i attribute survives reboot.
2. hosts_enforcer.sh adds protect_magisk_module(): every poll cycle
(and on startup) scans for disable/remove/update markers, deletes
them, logs TAMPER, and re-asserts +i on the dir. Safety net in
case the lock is bypassed.
3. sync_magisk_module() now drops +i briefly before its cp and
re-locks via protect_magisk_module() so workout-state hosts
swaps still work.
4. deploy.sh detects the previously-silent failure mode of the
module being enabled on disk but not yet magic-mounted (no
/system/etc/hosts) and aborts with a clear reboot-required
message instead of producing a deploy that does nothing.
5. focus_ctl.sh hosts-status now prints the lock state and warns
about any present markers.
Verified end-to-end on BL9000EEA0000102:
- Pre-reboot: chattr +i set, touch /data/adb/modules/hosts/disable
returns Operation not permitted.
- Post-reboot: /system/etc/hosts magic-mounted (178303 lines, sha
matches canonical), lock survives reboot, ping youtube.com -> 127.0.0.1.
- Tamper test: chattr -i + touch disable -> enforcer logs
'TAMPER: removed Magisk module marker' within 15s and re-locks.
Documented intentional override path inline (focus_ctl.sh hosts-stop;
chattr -i; touch disable).
Resource-usage report showed ~29 cores of average load coming from i3blocks
helper scripts forking awk/tr/grep/bc/sensors/nvidia-smi every tick. Rewrite
all five hot-path scripts to eliminate forks:
- volume.sh: persist mode, blocks on 'pactl subscribe' event stream.
No polling, no sleep, no fork per tick.
- gpu_monitor.sh: persist mode, single long-lived 'nvidia-smi --loop=5'
feeds a bash 'while read' loop. Falls back to /sys for amdgpu.
- battery_status.sh: reads /sys/class/power_supply/BAT*/ directly.
Zero forks; replaces 'acpi | awk' pipeline.
- cpu_monitor.sh: reads /proc/loadavg and k10temp/coretemp /sys/class/hwmon.
Zero forks; replaces 'sensors | awk | tr' + bc arithmetic.
- motherboard_temp.sh: reads nct*/it*/f71* Super-I/O hwmon node directly.
Zero forks.
Configure volume + gpu_monitor with interval=persist so i3blocks keeps
one long-lived producer each instead of forking per tick.
Also add:
- kill_stale_recorders.sh -- kill stray ffmpeg x11grab / dotnet-trace /
dotnet-monitor processes left running after sessions.
- monitors.slice -- resource-capped user slice (CPUQuota=50%,
MemoryMax=512M, MemorySwapMax=0 for zram safety, TasksMax=256) to
bound future monitoring regressions.
- efficient-polling-scripts SKILL -- rules for writing status-bar and
polling scripts without forks; fork-pipeline to bash-builtin translation
table; verification checklist.
Verified live: strace -c on cpu_monitor.sh shows 1 execve / 0 clones;
persist producers (pactl subscribe, nvidia-smi --loop) show 0 CPU ticks
over a 3s idle sample. Per-invocation timing 1.6-1.9 ms (was 30-80 ms).
- New companion Android app (com.kuhy.focusstatus) under
phone_focus_mode/focus_status_app/ with a pure-Java, Gradle-less
command-line build pipeline (build.sh). Shows an ongoing
notification titled 'Focus: HOME / AWAY / DAEMON DOWN' with
distance, GPS, disabled-app count, last check, daemon checkmarks,
and a 'Re-check now' action button.
- focus_daemon.sh: write_status_snapshot() + sleep_with_recheck()
for JSON status + early-wake on trigger file. init() chmods
STATE_DIR 777 so the app can drop the trigger file.
- config.sh: new STATUS_FILE / RECHECK_TRIGGER; WHITELIST expanded
with com.kuhy.focusstatus and 11 more user-requested apps
(podcini X, mpv, bible/openbible, pkp/portalpasazera, orange,
runnerup, splitbills/splitwise, xiaomi smarthome).
- focus_ctl.sh: new 'recheck' + 'notif-status' subcommands.
- deploy.sh: new step [7/7] builds APK, installs, grants
POST_NOTIFICATIONS, pre-approves Magisk SU policy, launches
foreground service.
- .gitignore: exclude focus_status_app/build symlink + debug.keystore.
End-to-end verified on device: notification live with real values;
Re-check button triggers a daemon location check within ~1s.
Documents the machine-freeze root cause (zram + cgroup without MemorySwapMax=0),
the run_capped() pattern in .git/hooks/, the 2GB nested cgroup per pytest package,
and the COVERAGE_FILE isolation fix for pytest-cov SQLite corruption.
Each package subprocess now writes to its own tmpfile via COVERAGE_FILE env.
This prevents sequential subprocess runs from stomping on the .coverage SQLite
DB that the prior run left behind, which caused INTERNALERROR when pytest-cov
tried to combine() parallel data files with incompatible schemas.
Parallel cgroup subprocesses racing on the same .coverage SQLite DB caused
INTERNALERROR (no such table: meta/arc) when combining coverage data files.
Delete all .coverage* files before each package run to prevent corruption.
Each pytest package runs in its own systemd-run scope with:
- MemoryMax=2G per package (nested inside the 4GB parent cgroup)
- MemorySwapMax=0 to prevent zram thrashing (the real cause of freezes)
- gc.collect() between packages to free Python heap
- Set oom_score_adj=1000 in git hooks so OOM killer targets
pre-commit first, never crashing the PC
- Cap Node.js heap to 512MB for eslint/prettier/vitest
- Remove broken systemd-run cgroup wrapper (didn't work)
- cppcheck: process files one-at-a-time, --check-level=normal
- pytest: run packages sequentially in separate subprocesses
- Remove --force from cppcheck (exponential memory on #ifdef combos)
systemd-run --scope -p MemoryMax=3G per pytest subprocess so each
package gets its own memory cap, freed completely before the next.
Also use shutil.which + pathlib per ruff rules.
Each python_pkg subpackage now runs in its own pytest subprocess so
memory is freed between packages. Prevents 4GB+ accumulation when
matplotlib, geopandas, pygame, etc. all load in a single process.
- cppcheck: process files one-at-a-time (xargs -n 1) + --check-level=normal
- eslint: cap Node.js heap to 512MB via NODE_OPTIONS
- Set fail_fast: true to avoid stacking memory-heavy hooks
- Remove ulimit -v (ineffective with Linux memory overcommit)
--force checks all preprocessor configurations, causing exponential
memory growth with ~50 C/C++ files. Default max of 12 configs is
sufficient and stays well under 4GB RAM.