- Remove skip_app_ids from user-editable Config; callers updated
- Split PROTECTED_APP_IDS: only Steam infra/Proton IDs remain; game
IDs moved to a new time-locked exception system
- Add _whitelist.py: 24-hour cooldown on new exceptions, entropy-
checked justification (>= 5 words), append-only audit log,
chattr +i immutability on enforcement-critical config files
- Add is_protected_app() in game_install.py; used everywhere
instead of direct PROTECTED_APP_IDS membership checks
- Add 'add-exception' CLI command (cmd_add_exception in main.py)
- Call promote_pending_exceptions() and lock_enforcement_files()
in each _enforce_loop_iteration
- 590 tests, 100% branch coverage on all steam_backlog_enforcer modules
- Add .worktrees to .gitignore
Adds 1410710, 10500, 813780, 489830 to PROTECTED_APP_IDS so the enforcer
will not uninstall them. Existing tests patch the set, so test outcomes
are unaffected.
The enforce daemon loaded state once at startup and never reloaded it.
When the CLI reassigned a game (e.g. via 'done'), the daemon kept
enforcing the old assignment and deleted the newly assigned game every
3 seconds as 'unauthorized'.
Fix: reload state from disk at the top of each enforce loop iteration
so CLI changes take effect within one cycle.
Also add steam://install protocol handler for interactive installs
(via xdg-open) so Steam determines the correct installdir from its
own metadata, avoiding 'Missing game executable' errors from guessed
directory names in fabricated appmanifests.