refactor: optimize dev clean checks and update security audit

Author: tw93

SECURITY_AUDIT.md

@@ -145,6 +145,14 @@ The analyzer (`mo analyze`) uses a distinct security model:
 
 **Code:** `lib/clean/apps.sh:orphan_detection()`
 
+#### New Language Ecosystem Support (v1.19.1+)
+
+Added support for Elixir, Haskell, OCaml, and Editors (VS Code, Zed) with strict safety checks:
+
+- **Existence Checks:** Cleanup logic only runs if the tool is installed (directory exists).
+- **Safe Targets:** Only volatile caches are cleaned (e.g., `~/.hex/cache`).
+- **Protected Paths:** Critical directories like `~/.mix/archives` (installed tools) and `~/.stack/programs` (installed compilers) are explicitly **excluded**.
+
 #### Active Uninstallation Heuristics
 
 For user-selected app removal:

lib/clean/dev.sh

@@ -257,24 +257,34 @@ clean_sqlite_temp_files() {
 }
 # Elixir/Erlang ecosystem.
 clean_dev_elixir() {
-# safe_clean ~/.mix/archives/* "Mix cache"
-    safe_clean ~/.hex/cache/* "Hex cache"
+    if [[ -d ~/.mix ]] || [[ -d ~/.hex ]]; then
+        # safe_clean ~/.mix/archives/* "Mix cache"
+        safe_clean ~/.hex/cache/* "Hex cache"
+    fi
 }
 # Haskell ecosystem.
 clean_dev_haskell() {
-    safe_clean ~/.cabal/packages/* "Cabal install cache"
-# safe_clean ~/.stack/programs/* "Stack cache"
+    if [[ -d ~/.cabal ]] || [[ -d ~/.stack ]]; then
+        safe_clean ~/.cabal/packages/* "Cabal install cache"
+        # safe_clean ~/.stack/programs/* "Stack cache"
+    fi
 }
 # OCaml ecosystem.
 clean_dev_ocaml() {
-    safe_clean ~/.opam/download-cache/* "Opam cache"
+    if [[ -d ~/.opam ]]; then
+        safe_clean ~/.opam/download-cache/* "Opam cache"
+    fi
 }
 # Editor caches.
 clean_dev_editors() {
-    safe_clean ~/Library/Caches/com.microsoft.VSCode/Cache/* "VS Code cached data"
-    safe_clean ~/Library/Application\ Support/Code/CachedData/* "VS Code cached data"
-# safe_clean ~/Library/Application\ Support/Code/User/workspaceStorage/* "VS Code workspace storage"
-    safe_clean ~/Library/Caches/Zed/* "Zed cache"
+    if [[ -d ~/Library/Caches/com.microsoft.VSCode ]] || [[ -d ~/Library/Application\ Support/Code ]]; then
+        safe_clean ~/Library/Caches/com.microsoft.VSCode/Cache/* "VS Code cached data"
+        safe_clean ~/Library/Application\ Support/Code/CachedData/* "VS Code cached data"
+        # safe_clean ~/Library/Application\ Support/Code/User/workspaceStorage/* "VS Code workspace storage"
+    fi
+    if [[ -d ~/Library/Caches/Zed ]]; then
+        safe_clean ~/Library/Caches/Zed/* "Zed cache"
+    fi
 }
 # Main developer tools cleanup sequence.
 clean_developer_tools() {

tests/dev_extended.bats

@@ -21,6 +21,7 @@ teardown_file() {
 }
 
 @test "clean_dev_elixir cleans mix and hex caches" {
+    mkdir -p "$HOME/.mix" "$HOME/.hex"
     run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" bash --noprofile --norc <<'EOF'
 set -euo pipefail
 source "$PROJECT_ROOT/lib/core/common.sh"
@@ -35,6 +36,7 @@ EOF
 }
 
 @test "clean_dev_haskell cleans cabal install and stack caches" {
+    mkdir -p "$HOME/.cabal" "$HOME/.stack"
     run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" bash --noprofile --norc <<'EOF'
 set -euo pipefail
 source "$PROJECT_ROOT/lib/core/common.sh"
@@ -49,6 +51,7 @@ EOF
 }
 
 @test "clean_dev_ocaml cleans opam cache" {
+    mkdir -p "$HOME/.opam"
     run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" bash --noprofile --norc <<'EOF'
 set -euo pipefail
 source "$PROJECT_ROOT/lib/core/common.sh"
@@ -62,6 +65,7 @@ EOF
 }
 
 @test "clean_dev_editors cleans VS Code and Zed caches" {
+    mkdir -p "$HOME/Library/Caches/com.microsoft.VSCode" "$HOME/Library/Application Support/Code" "$HOME/Library/Caches/Zed"
     run env HOME="$HOME" PROJECT_ROOT="$PROJECT_ROOT" bash --noprofile --norc <<'EOF'
 set -euo pipefail
 source "$PROJECT_ROOT/lib/core/common.sh"