docs: update CHANGELOG and ROADMAP after research-driven implementation pass (13 items shipped)

Author: SysAdminDoc

CHANGELOG.md

@@ -23,6 +23,21 @@ All notable changes to DeepPurge will be documented in this file.
 ### Dependencies
 - New: `Microsoft.Toolkit.Uwp.Notifications 7.1.3` — Windows 10/11 toast notifications.
 
+### Research-driven additions (competitive analysis pass)
+- **Leftover signature database** — embedded JSON database with 50 application profiles (Chrome, Firefox, Adobe, Steam, etc.) for known leftover paths. Signature-matched leftovers are flagged as Safe confidence before heuristic matching runs.
+- **Administrator Protection (SMAA) readiness** — `UserIdentity` helper resolves the real interactive user's SID and LocalAppData even when running under Windows 11 SMAA elevation. InstalledProgramScanner and DataPaths use the real user's paths.
+- **SafetyGuard path-traversal hardening** — paths containing `..` segments are rejected before normalization. 5 new test cases for traversal patterns.
+- **Backup file validation** — `BackupManager` now validates registry backup content (non-empty, starts with `Windows Registry Editor Version 5.00`). Truncated backups log a warning instead of silently passing.
+- **True disk footprint** — `InstalledProgram.ActualSizeBytes` computed by walking InstallLocation + AppData + ProgramData paths in parallel. Falls back to registry's EstimatedSizeKB.
+- **Hash caching for duplicate finder** — persistent JSON cache keyed by (path, size, mtime). Second scans of the same directories are near-instant.
+- **Configurable uninstall timeout** — default increased from 10 to 30 minutes. Settable via `UninstallEngine.UninstallerTimeout` and CLI `--timeout` flag.
+- **Winget JSON output** — `PackageManagerScanner` tries `winget list --output json` first, falls back to fixed-width table parsing for older winget versions.
+- **Orphaned Package Cache scanner** — `JunkFilesCleaner` scans `C:\ProgramData\Package Cache\` and flags entries whose parent product is no longer installed.
+- **USB device history cleaner** — new trace category in `EvidenceRemover` for USBSTOR registry entries and SetupAPI logs.
+- **Free space wipe** — `SecureDelete.WipeFreeSpaceAsync()` fills unallocated disk space with random data. Auto-detects SSD vs HDD via WMI MediaType.
+- **Recently-installed highlighting** — programs installed in the last 7 days get an accent-colored left border in the Programs DataGrid.
+- **IconExtractor WPF decoupling** — moved from Core to App. `InstalledProgram.Icon` changed to `object?`. Core.csproj no longer has `UseWPF=true`.
+
 ### Fixed
 - `deeppurgecli doctor` now includes suggested fixes for actionable warning/failure paths, including missing system tools, inaccessible registry/shell roots, and unwritable data folders.
 

ROADMAP.md

@@ -5,45 +5,8 @@ Blocked items live in `Roadmap_Blocked.md`.
 
 ## Research-Driven Additions
 
-### P0 — Trust, reliability, safety
-
-- [ ] P0 — **Leftover signature database**
-  Why: Uninstalr 2026 benchmark shows most tools find <65% of leftovers. A curated JSON database of known leftover paths per application is the single highest-ROI accuracy improvement.
-  Evidence: Uninstalr benchmark (BCU 61.3%, Revo Pro 63.1%); Revo's commercial "Logs Database" is their key differentiator; BCU issue #913.
-  Touches: `Core/Registry/RegistryLeftoverScanner.cs`, `Core/FileSystem/FileLeftoverScanner.cs`, new `Core/Data/LeftoverSignatures.json`
-  Acceptance: Leftover scanner consults signature DB before heuristic matching. Ship with signatures for top 50 commonly-installed programs.
-  Complexity: M
-
-- [ ] P0 — **Administrator Protection (SMAA) readiness**
-  Why: Windows 11 SMAA elevation maps HKCU to a system-managed account, not the real user. InstalledProgramScanner reads HKCU and will return wrong results. DataPaths resolves %LocalAppData% to the SMAA profile.
-  Evidence: Microsoft developer blog (May 2025); temporarily disabled in retail but will re-enable.
-  Touches: `Core/Registry/InstalledProgramScanner.cs`, `Core/App/DataPaths.cs`, `Core/Startup/AutorunScanner.cs`, `Core/Privacy/EvidenceRemover.cs`
-  Acceptance: When running elevated with SMAA active, program list and user data paths resolve to the real user, not the SMAA account. Detect via `WindowsIdentity` token comparison.
-  Complexity: M
-
-- [ ] P0 — **SafetyGuard path-traversal hardening**
-  Why: `IsPathSafeToDelete()` normalizes via `Path.GetFullPath()` but doesn't reject `..` segments before normalization. Junction-point edge cases could bypass protection.
-  Evidence: Code review of `Core/Safety/SafetyGuard.cs`; defensive coding best practice.
-  Touches: `Core/Safety/SafetyGuard.cs`
-  Acceptance: Paths containing `..` are rejected before normalization. Add test cases for junction-point traversal patterns.
-  Complexity: S
-
-- [ ] P0 — **Backup file validation**
-  Why: `BackupManager.BackupRegistryKey()` only checks reg.exe exit code, not that the .reg file is non-empty and parseable. A truncated backup silently passes.
-  Evidence: Code review of `Core/Safety/BackupManager.cs`.
-  Touches: `Core/Safety/BackupManager.cs`
-  Acceptance: After export, verify file exists, size > 0, and first line matches `Windows Registry Editor Version 5.00`. Log warning on validation failure.
-  Complexity: S
-
 ### P1 — High value, competitive differentiation
 
-- [ ] P1 — **True disk footprint per program**
-  Why: Registry `EstimatedSizeKB` is often wildly inaccurate (Adobe showing 20GB for a 3GB install). Users need real numbers.
-  Evidence: Microsoft Q&A; HN discussion on per-program disk usage; BCU doesn't address this either.
-  Touches: `Core/Models/InstalledProgram.cs`, `Core/Registry/InstalledProgramScanner.cs`
-  Acceptance: New `ActualSizeBytes` property computed by walking InstallLocation + AppData + ProgramData paths. Falls back to EstimatedSizeKB when paths are unavailable. Displayed in GUI as a separate column.
-  Complexity: M
-
 - [ ] P1 — **Orphaned artifact scanner (services, tasks, firewall rules, PATH)**
   Why: Uninstalled programs leave orphaned services, scheduled tasks, firewall rules, and PATH entries. No OSS tool covers all four systematically.
   Evidence: Community reports of orphaned scheduled tasks ("task image is corrupt"); BCU #890 (shell extension detection gap); forum complaints about orphaned update-checker services.
@@ -65,13 +28,6 @@ Blocked items live in `Roadmap_Blocked.md`.
   Acceptance: All `[DllImport]` declarations replaced by CsWin32-generated equivalents. NativeMethods.txt lists each API. Build clean with no hand-rolled structs.
   Complexity: L
 
-- [ ] P1 — **Hash caching for duplicate finder**
-  Why: Full-profile duplicate scans are expensive. Czkawka caches file hashes to disk with (path, size, mtime) for invalidation — second scans are near-instant.
-  Evidence: Czkawka architecture (31.5k stars); most-upvoted feature pattern in disk-analysis tools.
-  Touches: `Core/FileSystem/DuplicateFinder.cs`, `Core/App/DataPaths.cs` (cache directory)
-  Acceptance: Hash cache persisted as JSON in DataPaths. Cache hit when path+size+mtime match. Second scan of same directory completes in <5% of first scan time.
-  Complexity: S
-
 - [ ] P1 — **Velopack auto-updater**
   Why: Current UpdateChecker only detects updates — user must manually download. Velopack provides delta auto-updates from GitHub Releases with PerMachine install mode.
   Evidence: Velopack 1.2.0 docs; DriverStoreExplorer ships self-update with SHA256 verification.
@@ -102,57 +58,15 @@ Blocked items live in `Roadmap_Blocked.md`.
   Acceptance: Verify tests for MainViewModel state transitions, GridExporter CSV/JSON output, ProgramExporter formats. Snapshot diffs caught in CI.
   Complexity: S
 
-- [ ] P2 — **Winget JSON output migration**
-  Why: `ParseWingetTable()` relies on fixed-width column detection which breaks silently on format changes. Winget 1.8+ supports `--output json`.
-  Evidence: Code review of `Core/Packages/PackageManagerScanner.cs`; winget CLI docs.
-  Touches: `Core/Packages/PackageManagerScanner.cs`
-  Acceptance: Use `winget list --output json` when available (probe version first). Fall back to table parsing for older winget. Add test with sample JSON output.
-  Complexity: S
-
-- [ ] P2 — **Configurable uninstall timeout**
-  Why: 10-minute hardcoded timeout fails for Visual Studio, Oracle, and enterprise MSIs.
-  Evidence: Code review of `Core/Uninstall/UninstallEngine.cs`; enterprise installer behavior.
-  Touches: `Core/Uninstall/UninstallEngine.cs`, `Core/Safety/DeleteOptions.cs` or settings
-  Acceptance: Default timeout 30 minutes. Configurable per-program via settings or CLI flag (`--timeout`).
-  Complexity: S
-
 - [ ] P2 — **System Slimming module**
   Why: Wise's unique curated checklist of removable Windows components (wallpapers, sample media, IME packs, help files) with per-item sizes.
   Evidence: Wise Program Uninstaller feature; Sophia-Script implements similar tweaks.
   Touches: New `Core/Cleaning/SystemSlimmer.cs`, `App/ViewModels/MainViewModel.Extensions.cs`, `App/Views/MainWindow.xaml`
   Acceptance: New sidebar panel with checkboxes for ~15 removable Windows components. Each shows current size. Delete through SafetyGuard with dry-run support.
   Complexity: S
 
-- [ ] P2 — **Package Cache cleaner**
-  Why: `C:\ProgramData\Package Cache\` accumulates GBs of orphaned installer caches for uninstalled products.
-  Evidence: BCU issue #877; user complaints about Package Cache consuming disk.
-  Touches: `Core/FileSystem/JunkFilesCleaner.cs`
-  Acceptance: JunkFilesCleaner scans Package Cache for entries whose parent product is uninstalled (cross-reference with installed programs). Show reclaimable size.
-  Complexity: S
-
-- [ ] P2 — **Free space wipe**
-  Why: PrivaZer's key feature. Single-pass or multi-pass overwrite of unallocated disk space to prevent forensic recovery of deleted files.
-  Evidence: PrivaZer feature page; CCleaner Drive Wiper (1/3/7/35 passes).
-  Touches: `Core/Safety/SecureDelete.cs`
-  Acceptance: New `WipeFreeSpace(string drivePath)` method. Auto-detects SSD (uses TRIM discard) vs HDD (fills free space with random data then deletes). Progress reporting via IProgress.
-  Complexity: M
-
-- [ ] P2 — **USB device history cleaner**
-  Why: USBSTOR registry keys, SetupAPI logs, and device manager traces persist indefinitely. Privacy-conscious users want these cleared.
-  Evidence: PrivaZer feature; 100+ trace types in PrivaZer vs ~30 in DeepPurge's EvidenceRemover.
-  Touches: `Core/Privacy/EvidenceRemover.cs`
-  Acceptance: New trace category for USB history. Cleans HKLM\SYSTEM\CurrentControlSet\Enum\USBSTOR, SetupAPI.dev.log, MountedDevices entries. SafetyGuard validated.
-  Complexity: S
-
 ### P3 — Polish, differentiation
 
-- [ ] P3 — **Recently-modified program highlighting**
-  Why: Geek Uninstaller's visual cue for newly installed/modified programs. Helps users spot new installs.
-  Evidence: Geek Uninstaller UX; date-based row styling.
-  Touches: `App/Views/MainWindow.xaml` (DataGrid row style trigger)
-  Acceptance: Programs installed/modified within the last 7 days get a subtle accent-colored left border or background tint.
-  Complexity: S
-
 - [ ] P3 — **Health dashboard**
   Why: CCleaner/IObit pattern. Aggregate system hygiene score across Leftovers, Privacy, Disk Space, Startup Impact. One-click remediation entry point.
   Evidence: CCleaner Health Check; IObit Software Health (7-point analysis).
@@ -174,13 +88,6 @@ Blocked items live in `Roadmap_Blocked.md`.
   Acceptance: Steam (libraryfolders.vdf), Epic (LauncherInstalled.dat), GOG (Galaxy DB) apps appear in the unified programs list with platform badges.
   Complexity: M
 
-- [ ] P3 — **IconExtractor WPF decoupling**
-  Why: Core references WPF solely for IconExtractor's `ImageSource` return type. Prevents non-WPF consumers from using Core.
-  Evidence: ARCHITECTURE.md notes this as a known coupling; code review confirms single WPF dependency point.
-  Touches: `Core/Icons/IconExtractor.cs`, `App/ViewModels/MainViewModel.cs`
-  Acceptance: IconExtractor returns `byte[]` (PNG). App layer converts to `BitmapImage`. Core.csproj drops `UseWPF=true`.
-  Complexity: S
-
 ## Ideas / not committed
 
 Things worth considering but not on a timeline: