Skip to content

cue.fs

Filesystem helpers — secure directory/file creation.

secure_dir 

secure_dir(path: Path) -> None

Create directory with owner-only permissions (0o700 on POSIX), and opt the directory out of OS search indexers (Spotlight / Windows Search) as defense-in-depth for privacy-pause purges.

secure_file 

secure_file(path: Path) -> None

Restrict file to owner-only read/write (0o600 on POSIX).

write_text_atomic 

write_text_atomic(path: Path, text: str) -> None

Atomic replace via temp + os.replace. Temp file inherits owner-only permissions before the rename so a reader never sees world-readable bytes.

write_json_atomic 

write_json_atomic(path: Path, data: Any) -> None

Atomic write of a JSON payload. Ensures parent dir is secured first.

mark_not_indexed 

mark_not_indexed(path: Path) -> None

Opt a directory out of OS search indexers — best-effort.

macOS: create .metadata_never_index inside the directory. Spotlight skips the dir and every descendant (the tag is stable across OS versions and documented in Apple's Spotlight metadata docs).

Windows: set FILE_ATTRIBUTE_NOT_CONTENT_INDEXED on the directory via SetFileAttributesW. Windows Search then skips the directory's content.

Silently no-op on failure — this is defense-in-depth against purged plaintext leaking through search indexes, not a hard privacy requirement.