Module walk 

Non-elevated folder-walk scanner for scope mode (ADR-0024).

The privileged path streams the whole $MFT (scan_volume); this one walks only the roots the user can read, with no admin and no raw volume handle. It builds the same VolumeIndex the $MFT scanner does, so the query layer and the worker are untouched — the only differences are the record key (a synthetic path hash, walk_id) and the change source (the Phase 2 WatcherJournalSource instead of the USN journal).

Layout trick (no index-format change): each configured root is pushed as a detached top-level entry whose name is its absolute base path; the synthetic VolumeIndex::ROOT (slot 0) carries an empty name that append_parent_path skips. So a root’s children reconstruct as C:\Users\me\Documents\sub\file.txt with no special path code.

Memory safety: enumeration is pure safe std::fs — on Windows read_dir caches each WIN32_FIND_DATAW, so DirEntry::metadata() serves size/mtime/attributes from that cache with no extra syscall and no unsafe.

Structs

Pending 🔒

One directory queued for enumeration: its on-disk path plus the data its children need — the parent’s folded path (to extend, not re-fold) and the parent’s record (the children’s parent_frn).

Constants

ATTR_DIRECTORY 🔒

ATTR_HIDDEN 🔒

ATTR_REPARSE_POINT 🔒

ATTR_SYSTEM 🔒

MAX_DEPTH 🔒

Depth cap, kept under append_parent_path’s 128-deep chain buffer so a pathological tree can never produce a truncated path silently.

SCOPE_ROOT_RECORD 🔒

The synthetic record of VolumeIndex::ROOT (slot 0). Roots attach here; the value 0 is reserved (a real path colliding with it is a ~2⁻⁴⁸ event that only shadows slot 0, which carries no name).

Functions

walk_scan

Walk roots (absolute base paths), pruning any subtree whose folded path matches an entry in excludes (ADR-0025), and build a queryable VolumeIndex.