Update quarantine-manager extension

[nurkamol]

Description

Update to the existing Quarantine Manager extension.

This implements a community feature request from the original submission (#25892): support for checking apps and folders, not just single files. macOS app bundles in particular can contain many internal quarantined files that a top-level check would miss.

What's new

• Directory scanning in both commands. Selecting a folder or .app now scans its contents for quarantined files:
  • Apps (.app) are scanned recursively (bundles are self-contained), surfacing every internal quarantined file plus the bundle's own flag.
  • Plain folders are scanned one level deep (immediate contents only) so large directories like Downloads stay responsive.
• Check Quarantine Status lists each quarantined item found inside an app/folder; you can drill into any of them for details.
• Remove Quarantine shows an aggregate summary and clears com.apple.quarantine from a whole bundle/folder at once via xattr -dr, after a confirmation showing how many items are affected. A recursive "Remove All Attributes" (xattr -cr) is also available.
• Fix: raw binary attributes (e.g. com.apple.macl, com.apple.provenance) are now displayed as hex instead of unreadable control characters.

Directory scanning batches xattr calls and uses spawnSync/execFileSync with array arguments (no shell-string interpolation of paths), consistent with the existing hardening.

Resolves the request in #25892.

Screencast

Tested locally via npm run dev and a distribution build (npm run build) in Raycast:

• Check Quarantine Status on an .app → recursive list of internal quarantined files (and the bundle's own flag).
• Check Quarantine Status on ~/Downloads → immediate quarantined children only.
• Remove Quarantine on an app/folder → count-confirmation, then recursive clear; re-scan shows clean.
• Single-file behavior unchanged; binary attributes render as hex.

Checklist

• I read the extension guidelines
• I read the documentation about publishing
• I ran npm run build and tested this distribution build in Raycast
• I checked that files in the assets folder are used by the extension itself
• I checked that assets used by the README are placed outside of the metadata folder

[raycastbot]

Thank you for the update! 🎉

We're currently experiencing a high volume of incoming requests. As a result, the initial review may take up to 15 business days.

[greptile-apps]

Greptile Summary

This PR extends the Quarantine Manager extension to support directory and .app bundle inputs in both commands, addressing a community feature request from the original submission.

• Directory scanning: .app bundles are scanned recursively via xattr -r; plain folders are scanned one level deep using chunked spawnSync calls with a sentinel argument to guarantee prefixed output even for single-child directories.
• Check Quarantine Status: renders a searchable list of every quarantined item found inside an app or folder, with drill-down detail views per entry.
• Remove Quarantine: shows an aggregate count confirmation before calling the already-recursive removeQuarantine (xattr -dr) or the newly recursive removeAllAttributes (xattr -cr); binary attributes (e.g. com.apple.macl) are now displayed as hex instead of raw control characters.

Confidence Score: 5/5

The change is safe to merge; the only finding is a minor changelog date format issue.

The directory scanning logic is well-structured: the shallow path chunks children to stay under ARG_MAX and appends a sentinel to force prefixed xattr output, while the recursive path delegates entirely to xattr -r. The removal handlers correctly reuse the existing xattr -dr path and the new xattr -cr path behind confirmation dialogs. No logic errors or security issues were found in the changed code.

No files require special attention beyond the CHANGELOG placeholder fix.

Important Files Changed

Filename	Overview
extensions/quarantine-manager/src/utils.ts	Adds isDirectory, looksBinary, scanDirectory, readQuarantineValue, and collectQuarantinedPaths; extends removeAllAttributes with an optional recursive flag. Shallow scan correctly chunks children and appends a sentinel to force prefixed xattr output; recursive scan uses a single xattr -r call with generous timeout and buffer limits.
extensions/quarantine-manager/src/check-quarantine.tsx	Adds ready-dir state that renders a searchable list of quarantined items found inside an app or folder; single-file path is unchanged. Logic, branching, and UI all look correct.
extensions/quarantine-manager/src/remove-quarantine.tsx	Adds ready-dir state with confirmation-gated recursive quarantine removal and recursive remove-all-attributes; delegates to the already-recursive removeQuarantine (xattr -dr) and the new removeAllAttributes(path, true) call. Confirmation dialogs accurately describe the operation.
extensions/quarantine-manager/CHANGELOG.md	New update entry uses a hardcoded date (2026-06-08) instead of the required {PR_MERGE_DATE} placeholder.
extensions/quarantine-manager/README.md	Documents the new app/folder scanning behaviour, adds install button, and updates the tips section. No issues.

Prompt To Fix All With AI

Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
extensions/quarantine-manager/CHANGELOG.md:3
The update entry uses a hardcoded date (`2026-06-08`) instead of the `{PR_MERGE_DATE}` placeholder. Raycast's convention is for the merge date to be populated automatically at release time — a hardcoded date bypasses that mechanism and may be incorrect if the PR merges on a different day.

```suggestion
## [Scan apps and folders] - {PR_MERGE_DATE}
```

_{Reviews (3): Last reviewed commit: "Update CHANGELOG.md" | Re-trigger Greptile}

[nurkamol]

Thanks for the review @greptile-apps — addressed in the latest commit:

• Issue 1 (single-child false "clean") — fixed. The shallow scan now appends the directory itself as a sentinel argument so xattr always has ≥2 path args and emits the <path>: <attr> prefixed format, even when a folder has exactly one child. Verified a lone quarantined child is now detected.
• Issue 2 (ARG_MAX on large folders) — fixed. Children are processed in chunks of 256 rather than passed in a single xattr invocation. Verified on a 300-file folder.
• Issue 3 (action title case) — kept as (recursive). The @raycast/prefer-title-case rule in @raycast/eslint-config warns on (Recursive) and auto-fixes it to lowercase, so ray lint is only clean with the lowercase form. Confirmation-dialog titles and headings still use Title Case (Recursive).

[greptile-apps]

All three fixes look good:

1. Single-child sentinel — appending dirPath to every batch is a clean solution. collectQuarantinedPaths already filters it out via excludePath, so it won't accidentally surface the directory twice even when it carries its own quarantine flag.

2. ARG_MAX chunking — chunk size of 256 is reasonable. Paths that are ~200 chars each would sum to ~51 KB per batch, well under the macOS ARG_MAX limit.

3. Action title case — fair point. If @raycast/prefer-title-case specifically auto-fixes (Recursive) → (recursive), the linter is the authoritative source here. Keeping it lowercase to satisfy ray lint is the right call.

LGTM — the core correctness bugs are resolved and the ESLint constraint is a legitimate override.

Tip: You can customize Greptile's behavior for this repo with .greptile/rules.md and .greptile/config.json.

[nurkamol]

@0xdhrv thank you for reviewing and approving the original submission (#25892)! This is a follow-up update to the same extension, adding the app/folder quarantine scanning that was requested there. If you have a moment, would you mind taking a look? All CI checks pass and the Greptile review feedback has been addressed. No rush at all — much appreciated. 🙏

[0xdhrv]

Looks good to me, approved ✅

[github-actions]

Published to the Raycast Store:
https://raycast.com/nurkamol/quarantine-manager

[raycastbot]

🎉 🎉 🎉

We've rewarded your Raycast account with some credits. You will soon be able to exchange them for some swag.