# disk-guardian Auto-tracks and cleans up ephemeral files created during Hermes Agent sessions — test scripts, temp outputs, cron logs, stale chrome profiles. Scoped strictly to `$HERMES_HOME` and `/tmp/hermes-*`. Originally contributed by [@LVT382009](https://github.com/LVT382009) as a skill in PR #12212. Ported to the plugin system so the behaviour runs automatically via `post_tool_call` and `on_session_end` hooks — the agent never needs to remember to call a tool. ## How it works | Hook | Behaviour | |---|---| | `post_tool_call` | When `write_file` / `terminal` / `patch` creates a file matching `test_*`, `tmp_*`, or `*.test.*` inside `HERMES_HOME`, track it silently as `test` / `temp` / `cron-output`. | | `on_session_end` | If any test files were auto-tracked during this turn, run `quick` cleanup (no prompts). | Deletion rules (same as the original PR): | Category | Threshold | Confirmation | |---|---|---| | `test` | every session end | Never | | `temp` | >7 days since tracked | Never | | `cron-output` | >14 days since tracked | Never | | empty dirs under HERMES_HOME | always | Never | | `research` | >30 days, beyond 10 newest | Always (deep only) | | `chrome-profile` | >14 days since tracked | Always (deep only) | | files >500 MB | never auto | Always (deep only) | ## Slash command ``` /disk-guardian status # breakdown + top-10 largest /disk-guardian dry-run # preview without deleting /disk-guardian quick # run safe cleanup now /disk-guardian deep # quick + list items needing prompt /disk-guardian track # manual tracking /disk-guardian forget # stop tracking ``` ## Safety - `is_safe_path()` rejects anything outside `HERMES_HOME` or `/tmp/hermes-*` - Windows mounts (`/mnt/c` etc.) are rejected - The state directory `$HERMES_HOME/disk-guardian/` is itself excluded - `$HERMES_HOME/logs/`, `memories/`, `sessions/`, `skills/`, `plugins/`, and config files are never tracked - Backup/restore is scoped to `tracked.json` — the plugin never touches agent logs - Atomic writes: `.tmp` → backup → rename