Update skill docs and resources

2026-02-23 16:16:58 +08:00
parent c1cfacaf76
commit 72d879e609
15 changed files with 1430 additions and 89 deletions
--- a/macos-cleaner/references/cleanup_targets.md
+++ b/macos-cleaner/references/cleanup_targets.md
@@ -165,74 +165,87 @@ rm -rf ~/Library/Logs/*

 ### Docker

+**ABSOLUTE RULE**: NEVER use any `prune` command (`docker image prune`, `docker volume prune`, `docker system prune`, `docker container prune`). Always delete by specifying exact object IDs or names.
+
 #### Images

 **What it is**: Container images (base OS + application layers)

-**Safety**: 🟢 **Safe to delete unused images**
+**Safety**: 🟡 **Requires per-image verification**

-**Check first**:
+**Analysis**:
 ```bash
-docker images
+# List all images sorted by size
+docker images --format "table {{.ID}}\t{{.Repository}}:{{.Tag}}\t{{.Size}}\t{{.CreatedSince}}" | sort -k3 -h -r
+
+# Identify dangling images
+docker images -f "dangling=true" --format "{{.ID}}\t{{.Size}}\t{{.CreatedSince}}"
+
+# For EACH image, verify no container references it
+docker ps -a --filter "ancestor=<IMAGE_ID>" --format "{{.Names}}\t{{.Status}}"
 ```

-**Cleanup**:
+**Cleanup** (only after per-image verification):
 ```bash
-docker image prune -a  # Remove all unused images
+# Remove specific images by ID
+docker rmi a02c40cc28df 555434521374 f471137cd508
 ```

 #### Containers

 **What it is**: Running or stopped container instances

-**Safety**: 🟢 **Safe to delete stopped containers**
+**Safety**: 🟡 **Stopped containers may be restarted -- verify with user**

-**Check first**:
+**Analysis**:
 ```bash
-docker ps -a
+docker ps -a --format "table {{.Names}}\t{{.Image}}\t{{.Status}}\t{{.Size}}"
 ```

-**Cleanup**:
+**Cleanup** (only after user confirms each container/project):
 ```bash
-docker container prune  # Remove stopped containers
+# Remove specific containers by name
+docker rm container-name-1 container-name-2
 ```

 #### Volumes

 **What it is**: Persistent data storage for containers

-**Safety**: 🔴 **CAUTION - May contain important data**
+**Safety**: 🔴 **CAUTION - May contain databases, user uploads, and irreplaceable data**

-**Check first**:
+**Analysis**:
 ```bash
+# List all volumes
 docker volume ls
-docker volume inspect <volume_name>
+
+# Check which container uses each volume
+docker ps -a --filter "volume=<VOLUME_NAME>" --format "{{.Names}}\t{{.Status}}"
+
+# CRITICAL: For database volumes (mysql, postgres, redis in name), inspect contents
+docker run --rm -v <VOLUME_NAME>:/data alpine ls -la /data
+docker run --rm -v <VOLUME_NAME>:/data alpine du -sh /data/*
 ```

-**Cleanup** (only if certain):
+**Cleanup** (only after per-volume confirmation, database volumes require content inspection):
 ```bash
-docker volume prune  # Remove unused volumes
+# Remove specific volumes by name
+docker volume rm project-mysql-data project-redis-data
 ```

 #### Build Cache

 **What it is**: Intermediate build layers

-**Safety**: 🟢 **Safe to delete**
+**Safety**: 🟢 **Safe to delete** (rebuilds just take longer)
+
+**Note**: `docker builder prune` is the ONE exception to the prune prohibition -- build cache contains only intermediate layers, never user data.

 **Cleanup**:
 ```bash
 docker builder prune -a
 ```

-#### All-in-one cleanup
-
-⚠️ **WARNING**: This removes ALL unused Docker resources including volumes!
-
-```bash
-docker system prune -a --volumes
-```
-
 ### node_modules

 **What it is**: Installed npm packages for Node.js projects
--- a/macos-cleaner/references/mole_integration.md
+++ b/macos-cleaner/references/mole_integration.md
@@ -228,22 +228,7 @@ tmux capture-pane -t mole -p
 - Next Xcode build takes 30 minutes instead of 30 seconds
 - AI project fails because models need redownload

-**Items that should usually be KEPT:**
-| Item | Why Keep It |
-|------|-------------|
-| Xcode DerivedData | Saves 10-30 min per rebuild |
-| npm _cacache | Avoids re-downloading all packages |
-| ~/.cache/uv | Python package cache |
-| Playwright browsers | Avoids 2GB+ redownload |
-| iOS DeviceSupport | Needed for device debugging |
-| Docker stopped containers | May restart anytime |
-
-**Items that are truly safe to delete:**
-| Item | Why Safe |
-|------|----------|
-| Trash | User already deleted |
-| Homebrew old versions | Replaced by newer |
-| npm _npx | Temporary executions |
+See SKILL.md sections "Anti-Patterns: What NOT to Delete" and "What IS Safe to Delete" for the full tables of items to keep vs items safe to remove.

 ### 1. Never Execute Dangerous Commands Automatically

--- a/macos-cleaner/references/safety_rules.md
+++ b/macos-cleaner/references/safety_rules.md
@@ -39,7 +39,41 @@ Ask user to verify instead.

 Before deleting >10 GB, recommend Time Machine backup.

-### Rule 5: Use Trash When Possible
+### Rule 5: Docker Prune Prohibition
+
+**NEVER use any Docker prune command.** This includes:
+- `docker image prune` / `docker image prune -a`
+- `docker container prune`
+- `docker volume prune` / `docker volume prune -f`
+- `docker system prune` / `docker system prune -a --volumes`
+
+**Why**: Prune commands operate on categories, not specific objects. They can silently destroy database volumes, user uploads, and container state that the user intended to keep. A user who loses their MySQL data because of a prune command will never trust this tool again.
+
+**Correct approach**: Always specify exact object IDs or names:
+```bash
+# Images: delete by specific ID
+docker rmi a02c40cc28df 555434521374
+
+# Containers: delete by specific name
+docker rm container-name-1 container-name-2
+
+# Volumes: delete by specific name
+docker volume rm project-mysql-data project-redis-data
+```
+
+### Rule 6: Double-Check Verification Protocol
+
+Before deleting ANY Docker object, perform independent cross-verification. This applies to images, volumes, and containers.
+
+**Key requirements**:
+- For images: verify no container (running or stopped) references the image
+- For volumes: verify no container mounts the volume
+- For database volumes (name contains mysql, postgres, redis, mongo, mariadb): MANDATORY content inspection with a temporary container
+- Even if Docker reports a volume as "dangling", the data inside may be valuable
+
+See **SKILL.md Step 4** for the complete verification commands and database volume inspection workflow.
+
+### Rule 7: Use Trash When Possible

 Prefer moving to Trash over permanent deletion:

@@ -143,23 +177,30 @@ Please run this command manually:
 - User should be aware of system-wide impact
 - Audit trail (user types password)

-### Docker Volumes
+### Docker Objects (Images, Containers, Volumes)

-**Action**: Always list volumes before cleanup
+**Action**: List every object individually. Use precision deletion only (see Rule 5 and Rule 6).

-**Example**:
+**NEVER use prune commands.** Always specify exact IDs/names.
+
+**Example for volumes**:
 ```
-⚠️ Docker cleanup may remove important data.
+Docker volumes found:
+  postgres_data    (1.2 GB)  - Contains PostgreSQL database
+  redis_data       (500 MB)  - Contains Redis cache data
+  app_uploads      (3 GB)    - Contains user-uploaded files

-Current volumes:
-  postgres_data    (1.2 GB)  - May contain database
-  redis_data       (500 MB)  - May contain cache
-  app_uploads      (3 GB)    - May contain user files
+Database volumes inspected with temporary container:
+  postgres_data: 8 databases, 45 tables, last modified 2 days ago
+  redis_data: 12 MB dump.rdb

-Review each volume:
-  docker volume inspect <volume_name>
+Confirm EACH volume individually:
+  Delete postgres_data? [y/N]:
+  Delete redis_data? [y/N]:
+  Delete app_uploads? [y/N]:

-Proceed with cleanup? [y/N]:
+Deletion commands (after confirmation):
+  docker volume rm postgres_data redis_data
 ```

 ### Application Preferences