Safe File Deletion

Safe File Deletion

1. Call requestfilepermission with operation: "delete"

Category: development Source: MemTensor/MemOS

Safe File Deletion

What Is This

The "Safe File Deletion" skill is a security and user-experience enhancement for the Happycapy Skills platform. Specifically, it enforces a strict rule: before any file deletion operation is performed by an application or script, explicit user permission must be requested and granted. This skill acts as a mandatory checkpoint, activating whenever an operation that would remove files from disk is about to occur. It covers a wide range of deletion commands and APIs, including but not limited to rm, rm -rf, unlink, fs.rm, and fs.rmdir. The primary mechanism is the request_file_permission call with the operation: "delete" parameter, ensuring the user is aware of and approves the deletion action.

Why Use It

Accidental or unauthorized file deletions are a common source of data loss, which can be both disruptive and costly. Developers and end-users may unintentionally delete important files, either through scripts, command-line operations, or programmatic APIs. By enforcing an explicit permission step, the Safe File Deletion skill:

  • Prevents Accidental Deletion: Requires user confirmation before files are removed, reducing the risk of mistakes.
  • Improves Security: Blocks malicious or unintended scripts from deleting files without the user's knowledge.
  • Ensures Transparency: Every delete operation is surfaced to the user, with a clear warning and a choice to allow or deny the action.
  • Standardizes Deletion Flow: Provides a uniform approach to deletion, regardless of the tool or language being used.

This skill is especially critical in environments where scripts or automated tools have access to sensitive or critical user data, ensuring that no destructive operation happens without explicit, aware consent.

How to Use It

Step 1: Request Permission

Before initiating any deletion operation, you must call request_file_permission with the operation: "delete" parameter. This applies to all APIs, scripts, or command-line tools.

For a single file:

{
  "operation": "delete",
  "filePath": "/path/to/file.txt"
}

For multiple files:

Instead of sending multiple permission requests, batch all files into a single request using the filePaths array.

{
  "operation": "delete",
  "filePaths": ["/path/to/file1.txt", "/path/to/file2.txt"]
}

Step 2: Wait for the User's Response

After making the permission request, your application must wait for a response. The response will indicate whether the user has allowed or denied the deletion.

Step 3: Proceed Only If Allowed

If the response is "allowed", you may proceed with the file deletion. If the response is "denied", your application should not delete the files under any circumstances. Instead, acknowledge the user's choice and halt the deletion flow.

Step 4: Never Circumvent the Process

It is explicitly prohibited to bypass or work around the permission step. This includes:

  • Emptying file contents instead of deleting the file
  • Moving files to hidden, temporary, or other locations as a substitute for deletion
  • Using obscure or indirect commands to remove files

The expectation is that every file deletion is transparent and user-approved.

When to Use It

You must enforce this skill in all circumstances where files or directories are being deleted, regardless of the context or the triggering action. This includes:

  • Command-line deletions (rm, rm -rf)
  • Programmatic deletions in scripts (unlink, fs.rm, fs.rmdir)
  • GUI or desktop applications that remove files
  • Automated or batch deletion tools

Whenever a deletion may impact user data, the Safe File Deletion skill must be applied without exception.

Examples of Applicable Operations

  • Deleting a single file through a script:
    const response = await request_file_permission({
  operation: "delete",
  filePath: "/path/to/important.txt"
});
if (response === "allowed") {
  fs.unlinkSync("/path/to/important.txt");
}
  • Deleting multiple files in bulk:
    const files = ["/path/to/file1.txt", "/path/to/file2.txt"];
const response = await request_file_permission({
  operation: "delete",
  filePaths: files
});
if (response === "allowed") {
  files.forEach(f => fs.unlinkSync(f));
}

Important Notes

  • No Workarounds: You must never attempt to avoid user approval by emptying, hiding, or moving files instead of deleting them. All such evasions are strictly against the rules.
  • Batch Requests: For multiple deletions, always use the filePaths array in a single permission request rather than issuing multiple requests.
  • User Experience: The user will always see a prominent warning when deletion is attempted. The action must not proceed until permission is explicitly granted.
  • Universal Application: This skill is required for all tools, scripts, and applications, regardless of language or interface.
  • Denial Handling: If the user denies the permission, your application must respect that decision and not attempt the operation again without a new explicit request.

By adhering to the Safe File Deletion skill, you protect user data integrity, prevent accidental loss, and maintain a secure and transparent experience for all users.