Swahili · physician / healer

The honest macOS optimizer.

A CleanMyMac-class utility that wins on honesty, safety, and measurable speed. No scareware, no fake "GB freed", no resident background hog. A Rust core does the throughput work; a Tauri shell renders it.

v0.1.4 Rust core Tauri v2 shell 110 tests macOS 13+ · Apple Silicon + Intel
Principles

Safety > honesty > performance > features

The cleanup logic is the easy 20%. The discipline around it (safety invariants, benchmark gates, honest UX) is the product.

01

Safety-first

Scanning is read-only behind a denylist guard. Reclaim is the only mutating path: it writes an undo manifest before touching anything and trashes rather than deletes.

02

Honest

Reports measured freed bytes, never estimates. No inflated counts, no marketing. When a metric needs root we say "unavailable" rather than fake it.

03

Measurable

Criterion benchmarks with a >5% regression gate. Property tests and golden-image tests defend the safety invariants on every merge.

What it does

One scan, full review, nothing removed until you choose

Smart Scan

Streaming scan across caches, temp, logs, and large old files. A live radar loader with per-category chips. Review every item first.

Duplicates

Whole-home blake3 funnel: size group → head hash → full hash. Pick which copies go.

Uninstaller

Remove apps and trace their leftover support files; disk-wide orphan scan for apps already gone.

Developer / CLI

Homebrew analysis + safe cleanup. brew cleanup/autoremove previews; every formula sized with install date. Removal is delegated to brew itself.

Disk & Memory

Treemap of what's eating space; live CPU/memory graphs, force-quit, Rosetta flagging.

Security

Adware and rogue-profile heuristics with a locked quarantine vault. It never deletes and never fakes a verdict.

Architecture

One language, end to end

All logic is Rust; the view layer is the web platform. The Tauri backend depends on the core crates by path and exposes them as commands. There is no FFI bridge (ADR-0003 superseded the original Swift + C-ABI design).

flowchart LR subgraph UI["app/src · web UI"] A["sidebar · scan flow
review · treemap"] end subgraph BE["app/src-tauri · Rust"] B["#[tauri::command]s"] S["system.rs
macOS facts"] end subgraph CORE["core/ · crates"] E["engine + scanners
(in-process)"] end A -- "invoke / Channel
(serde, no FFI)" --> B B -- "path dependency" --> E S --- B
Frontend ⇄ Rust backend ⇄ core crates. Streaming results use a Tauri Channel; commands run off the main thread.
The only mutating path

Reclaim, with an undo written first

Every selected item is re-validated against the denylist and tier rules. Protected paths are skipped per item (recorded, never touched) while everything safe is reclaimed. Freed bytes are measured, not estimated.

flowchart TD A["Selected CleanupItems"] --> B{"Per item:
denylist + tier check"} B -- "protected" --> K["Skip · record as
'left untouched'"] B -- "non-Safe destructive" --> X["Fail fast
(UI never produces this)"] B -- "ok" --> C["Write undo manifest
to disk"] C --> D["Trash / Delete / Truncate
· measure before & after"] D --> E["Report: measured bytes,
per-item failures listed honestly"] K --> E
The denylist invariant, that no returned path escapes the allowed roots, is property-tested against a deliberately malicious scanner.
Streaming scan

Concurrent scanners, live results

A scan spawns one thread per scanner; every item streams through the denylist guard into a single sink and out over a Tauri Channel, so the UI fills in as discovery happens.

sequenceDiagram participant UI as Web UI participant CMD as tauri::command (worker thread) participant ENG as smart_scan participant SC as scanners (1 thread each) UI->>CMD: invoke("scan", Channel) CMD->>ENG: spawn → smart_scan ENG->>SC: one thread per scanner loop each item found SC->>ENG: emit(CleanupItem) ENG->>ENG: denylist guard (drop + count if denied) ENG-->>UI: Channel → row appears live (radar + chips) end SC->>ENG: done / error per scanner ENG-->>UI: summary → per-scanner truth
Cancel any time. Tokens fire at directory boundaries; commands run off the main thread so the UI never freezes.
Duplicates

A three-stage funnel

Hashing every file is wasteful. Tabibu groups by size, then hashes only a head sample, then does a full blake3 hash on the survivors. Each stage shrinks the candidate set.

flowchart LR A["All files"] --> B["Stage 1
group by size"] B --> C["Stage 2
head-sample hash"] C --> D["Stage 3
full blake3 hash"] D --> E["Confirmed
duplicate sets"]
Only files that collide at every stage are confirmed duplicates. The newest copy is kept by default.
core/crates

The Rust workspace

tabibu-engine

Traits, SafetyTier, denylist, undo manifest, scan orchestration.

the safety backbone

tabibu-walk

Parallel filesystem traversal and size tree.

rayon

tabibu-dupes

Three-stage blake3 duplicate funnel.

size → head → full

tabibu-junk

Cache / temp / log / trash / large-old scanners.

rayon-parallel sizing

tabibu-uninstall

Remnants, orphans, unused apps, stale binaries.

artifact tracing

tabibu-brew

Homebrew analysis + safe cleanup; delegates removal to brew.

reads on-disk receipts

tabibu-malware

Adware / rogue-profile heuristics + quarantine vault.

never deletes

tabibu-monitor

sysinfo system + per-process sampling; Rosetta detection.

honest RSS budget

tabibu-telemetry

Opt-in, content-free deselection signal.

no PII, no paths
Quick start

Build & test

Prerequisites: Rust (rustup) and Node + npm (for the Tauri CLI only). The frontend is static, with no bundler and no build step.

# run the app with hot reload (compiles the Rust backend + core)
cd app && npm install && npm run dev

# bundle the .app + DMG
cd app && npx tauri build

# the core test suite (110 tests: unit, property, golden-image)
cd core && cargo test --workspace
cargo clippy --workspace --all-targets -- -D warnings
cargo fmt --check

Safety

Property tests + golden-image reclaim (snapshot → reclaim → assert exactly the intended files changed).

Lint

clippy::all denied; pedantic advisory (its lint set drifts between toolchains).

CI

fmt · clippy · test · cargo-deny · bench-smoke · app build, all on macOS runners.

Honest status

Current limitations

Documentation

Dig deeper

Per-crate guides and decision records. These pages are generated from the Markdown in docs/ and rendered into this same design on publish.