docs(disk-cleanup): clarify cron output-root protection is exact-match

Review follow-up: the _is_protected_cron_path docstring listed output/ next
to jobs.json/.tick.lock as 'the directory itself', which is slightly
ambiguous. Spell out that the match is EXACT-path only and must not be
'simplified' into a blanket cron/output/* guard (children stay cleanable) —
prevents a future editor from re-introducing the wholesale-delete bug this
fix closes.
This commit is contained in:
kshitijk4poor 2026-07-01 15:34:54 +05:30 committed by kshitij
parent d173e8c3a7
commit ede5c09f3b

View file

@ -166,11 +166,13 @@ def _is_protected_cron_path(p: Path) -> bool:
"""Return True if *p* is a cron control-plane file/directory that must
never be deleted.
This only matches the directory itself, known control-plane files
(``jobs.json``, ``.tick.lock``), and the ``output/`` root directory.
It does NOT blanket-protect files under ``cron/output/`` because those
run artifacts are disposable, but deleting the output root itself is too
broad and can erase every job's retained run history at once.
This matches, by EXACT path only, the ``cron/`` directory itself, known
control-plane files (``jobs.json``, ``.tick.lock``), and the ``output/``
root directory. It does NOT (and must not be "simplified" to) blanket-match
everything under ``cron/output/`` those run artifacts are disposable and
are cleaned by retention policy; only the ``output/`` root itself is
protected, because deleting it wholesale erases every job's retained run
history at once.
"""
# Lazily build the set once per process so HERMES_HOME is resolved
# exactly once.