@omnidev-ai/core 0.10.0 → 0.11.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@omnidev-ai/core",
-  "version": "0.10.0",
+  "version": "0.11.0",
   "type": "module",
   "license": "MIT",
   "repository": {

package/src/capability/loader.ts

@@ -1,7 +1,6 @@
 import { existsSync, readdirSync } from "node:fs";
 import { readFile } from "node:fs/promises";
 import { join } from "node:path";
-import { validateEnv } from "../config/env";
 import { parseCapabilityConfig } from "../config/parser";
 import { loadCapabilityHooks } from "../hooks/loader.js";
 import type {
@@ -339,25 +338,14 @@ function convertCommandExports(commandExports: unknown[], capabilityId: string):
 
 /**
  * Loads a complete capability including config, skills, rules, docs, and exports.
- * Validates environment requirements before loading.
- *
  * @param capabilityPath - Path to the capability directory
- * @param env - Environment variables to validate against
  * @returns Fully loaded capability
- * @throws Error if validation fails or loading errors occur
+ * @throws Error if loading errors occur
  */
-export async function loadCapability(
-	capabilityPath: string,
-	env: Record<string, string>,
-): Promise<LoadedCapability> {
+export async function loadCapability(capabilityPath: string): Promise<LoadedCapability> {
 	const config = await loadCapabilityConfig(capabilityPath);
 	const id = config.capability.id;
 
-	// Validate environment
-	if (config.env) {
-		validateEnv(config.env, env, id);
-	}
-
 	// Load content - programmatic takes precedence
 	const exports = await importCapabilityExports(capabilityPath);
 

package/src/capability/registry.ts

@@ -1,5 +1,4 @@
 import { getEnabledCapabilities } from "../config/capabilities";
-import { loadEnvironment } from "../config/env";
 import { mergeHooksConfigs } from "../hooks/merger.js";
 import type { HooksConfig, CapabilityHooks, Doc, LoadedCapability, Rule, Skill } from "../types";
 import { discoverCapabilities, loadCapability } from "./loader";
@@ -27,7 +26,6 @@ export interface CapabilityRegistry {
  * @returns Capability registry with helper functions
  */
 export async function buildCapabilityRegistry(): Promise<CapabilityRegistry> {
-	const env = await loadEnvironment();
 	const enabledIds = await getEnabledCapabilities();
 
 	const capabilityPaths = await discoverCapabilities();
@@ -35,7 +33,7 @@ export async function buildCapabilityRegistry(): Promise<CapabilityRegistry> {
 
 	for (const path of capabilityPaths) {
 		try {
-			const cap = await loadCapability(path, env);
+			const cap = await loadCapability(path);
 
 			// Only add if enabled
 			if (enabledIds.includes(cap.id)) {

package/src/config/capabilities.ts

@@ -8,7 +8,7 @@ import { getActiveProfile, resolveEnabledCapabilities } from "./profiles.js";
  */
 export async function getEnabledCapabilities(): Promise<string[]> {
 	const config = await loadConfig();
-	const activeProfile = (await getActiveProfile()) ?? config.active_profile ?? "default";
+	const activeProfile = (await getActiveProfile()) ?? "default";
 	return resolveEnabledCapabilities(config, activeProfile);
 }
 
@@ -19,7 +19,7 @@ export async function getEnabledCapabilities(): Promise<string[]> {
 export async function enableCapability(capabilityId: string): Promise<void> {
 	// Use loadBaseConfig to avoid writing local overrides to omni.toml
 	const config = await loadBaseConfig();
-	const activeProfile = (await getActiveProfile()) ?? config.active_profile ?? "default";
+	const activeProfile = (await getActiveProfile()) ?? "default";
 
 	if (!config.profiles) {
 		config.profiles = {};
@@ -42,7 +42,7 @@ export async function enableCapability(capabilityId: string): Promise<void> {
 export async function disableCapability(capabilityId: string): Promise<void> {
 	// Use loadBaseConfig to avoid writing local overrides to omni.toml
 	const config = await loadBaseConfig();
-	const activeProfile = (await getActiveProfile()) ?? config.active_profile ?? "default";
+	const activeProfile = (await getActiveProfile()) ?? "default";
 
 	if (!config.profiles?.[activeProfile]) {
 		return; // Nothing to disable

package/src/config/config.ts

@@ -15,9 +15,6 @@ const LOCAL_CONFIG = "omni.local.toml";
 function mergeConfigs(base: OmniConfig, override: OmniConfig): OmniConfig {
 	const merged: OmniConfig = { ...base, ...override };
 
-	// Deep merge env
-	merged.env = { ...base.env, ...override.env };
-
 	// Deep merge profiles
 	merged.profiles = { ...base.profiles };
 	for (const [name, profile] of Object.entries(override.profiles || {})) {
@@ -84,26 +81,6 @@ export async function writeConfig(config: OmniConfig): Promise<void> {
 function generateConfigToml(config: OmniConfig): string {
 	const lines: string[] = [];
 
-	lines.push("# =============================================================================");
-	lines.push("# OmniDev Configuration");
-	lines.push("# =============================================================================");
-	lines.push("# This file defines your project's capabilities, profiles, and settings.");
-	lines.push("#");
-	lines.push("# Files:");
-	lines.push("#   • omni.toml - Main config (commit to share with team)");
-	lines.push("#   • omni.local.toml - Local overrides (add to .gitignore)");
-	lines.push("#   • omni.lock.toml - Version lock file (commit for reproducibility)");
-	lines.push("#");
-	lines.push("# Quick start:");
-	lines.push("#   1. Add capability sources to [capabilities.sources]");
-	lines.push("#   2. Reference them in your profiles");
-	lines.push("#   3. Run: omnidev sync");
-	lines.push("#   4. Switch profiles: omnidev profile use <name>");
-	lines.push("");
-
-	// Note: active_profile is stored in .omni/state/active-profile, not in config.toml
-	// We still read it from config.toml for backwards compatibility, but don't write it here
-
 	// Providers
 	if (config.providers?.enabled && config.providers.enabled.length > 0) {
 		lines.push("# AI providers to enable (claude, codex, or both)");
@@ -112,28 +89,6 @@ function generateConfigToml(config: OmniConfig): string {
 		lines.push("");
 	}
 
-	// Environment variables
-	lines.push("# =============================================================================");
-	lines.push("# Environment Variables");
-	lines.push("# =============================================================================");
-	lines.push("# Global environment variables available to all capabilities.");
-	// biome-ignore lint/suspicious/noTemplateCurlyInString: Example of env var syntax
-	lines.push("# Use ${VAR_NAME} syntax to reference shell environment variables.");
-	lines.push("#");
-	if (config.env && Object.keys(config.env).length > 0) {
-		lines.push("[env]");
-		for (const [key, value] of Object.entries(config.env)) {
-			lines.push(`${key} = "${value}"`);
-		}
-	} else {
-		lines.push("# [env]");
-		// biome-ignore lint/suspicious/noTemplateCurlyInString: Example of env var syntax
-		lines.push('# DATABASE_URL = "${DATABASE_URL}"');
-		// biome-ignore lint/suspicious/noTemplateCurlyInString: Example of env var syntax
-		lines.push('# API_KEY = "${MY_API_KEY}"');
-	}
-	lines.push("");
-
 	// Capability sources
 	lines.push("# =============================================================================");
 	lines.push("# Capability Sources");
@@ -198,6 +153,24 @@ function generateConfigToml(config: OmniConfig): string {
 	}
 	lines.push("");
 
+	// Always enabled capabilities (under [capabilities] section)
+	lines.push("# =============================================================================");
+	lines.push("# Always Enabled Capabilities");
+	lines.push("# =============================================================================");
+	lines.push("# Capabilities that load in ALL profiles, regardless of profile config.");
+	lines.push("# Useful for essential tools needed everywhere.");
+	lines.push("#");
+	const alwaysEnabled = config.capabilities?.always_enabled;
+	if (alwaysEnabled && alwaysEnabled.length > 0) {
+		const caps = alwaysEnabled.map((c) => `"${c}"`).join(", ");
+		lines.push(`[capabilities]`);
+		lines.push(`always_enabled = [${caps}]`);
+	} else {
+		lines.push("# [capabilities]");
+		lines.push('# always_enabled = ["git-tools", "linting"]');
+	}
+	lines.push("");
+
 	// MCP servers
 	lines.push("# =============================================================================");
 	lines.push("# MCP Servers");
@@ -235,12 +208,10 @@ function generateConfigToml(config: OmniConfig): string {
 				lines.push(`url = "${mcpConfig.url}"`);
 			}
 
-			// Environment variables (sub-table)
+			// Environment variables (inline table)
 			if (mcpConfig.env && Object.keys(mcpConfig.env).length > 0) {
-				lines.push(`[mcps.${name}.env]`);
-				for (const [key, value] of Object.entries(mcpConfig.env)) {
-					lines.push(`${key} = "${value}"`);
-				}
+				const entries = Object.entries(mcpConfig.env).map(([key, value]) => `${key} = "${value}"`);
+				lines.push(`env = { ${entries.join(", ")} }`);
 			}
 
 			// Headers (sub-table)
@@ -263,27 +234,11 @@ function generateConfigToml(config: OmniConfig): string {
 		lines.push('# command = "node"');
 		lines.push('# args = ["./servers/database.js"]');
 		lines.push('# cwd = "./mcp-servers"');
-		lines.push("# [mcps.database.env]");
 		// biome-ignore lint/suspicious/noTemplateCurlyInString: Example of env var syntax
-		lines.push('# DB_URL = "${DATABASE_URL}"');
+		lines.push('# env = { DB_URL = "${DATABASE_URL}" }');
 		lines.push("");
 	}
 
-	// Always enabled capabilities
-	lines.push("# =============================================================================");
-	lines.push("# Always Enabled Capabilities");
-	lines.push("# =============================================================================");
-	lines.push("# Capabilities that load in ALL profiles, regardless of profile config.");
-	lines.push("# Useful for essential tools needed everywhere.");
-	lines.push("#");
-	if (config.always_enabled_capabilities && config.always_enabled_capabilities.length > 0) {
-		const caps = config.always_enabled_capabilities.map((c) => `"${c}"`).join(", ");
-		lines.push(`always_enabled_capabilities = [${caps}]`);
-	} else {
-		lines.push('# always_enabled_capabilities = ["git-tools", "linting"]');
-	}
-	lines.push("");
-
 	// Profiles
 	lines.push("# =============================================================================");
 	lines.push("# Profiles");

package/src/config/index.ts

@@ -1,5 +1,4 @@
 export * from "./capabilities";
-export * from "./env";
 export * from "./config";
 export * from "./parser";
 export * from "./profiles";

package/src/config/profiles.ts

@@ -3,20 +3,11 @@ import type { OmniConfig, ProfileConfig } from "../types/index.js";
 import { loadConfig, writeConfig } from "./config.js";
 
 /**
- * Gets the name of the currently active profile.
- * Reads from state file first, falls back to config.toml for backwards compatibility.
+ * Gets the name of the currently active profile from the state file.
  * Returns null if no profile is set.
  */
 export async function getActiveProfile(): Promise<string | null> {
-	// First check state file (new location)
-	const stateProfile = await readActiveProfileState();
-	if (stateProfile) {
-		return stateProfile;
-	}
-
-	// Fall back to config.toml for backwards compatibility
-	const config = await loadConfig();
-	return config.active_profile ?? null;
+	return await readActiveProfileState();
 }
 
 /**
@@ -38,13 +29,11 @@ export function resolveEnabledCapabilities(
 	config: OmniConfig,
 	profileName: string | null,
 ): string[] {
-	// Determine which profile to use
-	const profile = profileName
-		? config.profiles?.[profileName]
-		: config.profiles?.[config.active_profile ?? "default"];
+	// Use the default profile if no profile name is specified
+	const profile = profileName ? config.profiles?.[profileName] : config.profiles?.["default"];
 
 	const profileCapabilities = profile?.capabilities ?? [];
-	const alwaysEnabled = config.always_enabled_capabilities ?? [];
+	const alwaysEnabled = config.capabilities?.always_enabled ?? [];
 	const groups = config.capabilities?.groups ?? {};
 
 	// Expand group references (group:name -> constituent capabilities)

package/src/config/toml-patcher.ts

@@ -150,12 +150,10 @@ function formatMcpConfig(name: string, config: McpConfig): string[] {
 		lines.push(`url = "${config.url}"`);
 	}
 
-	// Environment variables
+	// Environment variables (inline table)
 	if (config.env && Object.keys(config.env).length > 0) {
-		lines.push(`[mcps.${name}.env]`);
-		for (const [key, value] of Object.entries(config.env)) {
-			lines.push(`${key} = "${value}"`);
-		}
+		const entries = Object.entries(config.env).map(([key, value]) => `${key} = "${value}"`);
+		lines.push(`env = { ${entries.join(", ")} }`);
 	}
 
 	// Headers

package/src/sync.ts

@@ -266,45 +266,24 @@ export async function syncAgentConfiguration(options?: SyncOptions): Promise<Syn
 }
 
 /**
- * Generate instructions.md content from rules and docs.
+ * Generate instructions.md content from rules.
  */
-function generateInstructionsContent(rules: SyncBundle["rules"], docs: SyncBundle["docs"]): string {
-	if (rules.length === 0 && docs.length === 0) {
-		return `## Capabilities
-
-No capabilities enabled yet. Run \`omnidev capability enable <name>\` to enable capabilities.`;
+function generateInstructionsContent(
+	rules: SyncBundle["rules"],
+	_docs: SyncBundle["docs"],
+): string {
+	if (rules.length === 0) {
+		return "";
 	}
 
-	let content = `## Capabilities
-
-`;
-
-	// Add documentation section if there are docs
-	if (docs.length > 0) {
-		content += `### Documentation
+	let content = `## Rules
 
 `;
-		for (const doc of docs) {
-			content += `#### ${doc.name} (from ${doc.capabilityId})
 
-${doc.content}
+	for (const rule of rules) {
+		content += `${rule.content}
 
 `;
-		}
-	}
-
-	// Add rules section if there are rules
-	if (rules.length > 0) {
-		content += `### Rules
-
-`;
-		for (const rule of rules) {
-			content += `#### ${rule.name} (from ${rule.capabilityId})
-
-${rule.content}
-
-`;
-		}
 	}
 
 	return content.trim();

package/src/templates/capability.ts

@@ -71,35 +71,15 @@ TODO: Add example usage
 
 /**
  * Generate a rule markdown template file.
+ * Rules should start with a ### header and contain guidelines for AI agents.
  */
 export function generateRuleTemplate(ruleName: string): string {
-	return `# ${formatDisplayName(ruleName)}
+	return `### ${formatDisplayName(ruleName)}
 
 <!-- Rules are guidelines that the AI agent should follow when working in this project -->
+<!-- Each rule should start with a ### header -->
 
-## Overview
-
-TODO: Describe what this rule enforces or guides.
-
-## Guidelines
-
-- TODO: Add specific guidelines the AI should follow
-- Be specific and actionable
-- Include examples where helpful
-
-## Examples
-
-### Good
-
-\`\`\`
-TODO: Add example of correct behavior
-\`\`\`
-
-### Bad
-
-\`\`\`
-TODO: Add example of incorrect behavior
-\`\`\`
+TODO: Add specific guidelines the AI should follow. Be specific and actionable.
 `;
 }
 

package/src/templates/claude.ts

@@ -6,9 +6,5 @@ export function generateClaudeTemplate(): string {
 	return `# Project Instructions
 
 <!-- Add your project-specific instructions here -->
-
-## OmniDev
-
-<!-- This section is populated during sync with capability rules and docs -->
 `;
 }

package/src/types/index.ts

@@ -48,12 +48,6 @@ export interface CapabilityExports {
 	gitignore?: string[];
 }
 
-export interface EnvDeclaration {
-	required?: boolean;
-	secret?: boolean;
-	default?: string;
-}
-
 export interface SyncConfig {
 	on_sync?: string;
 }
@@ -65,7 +59,6 @@ export interface CliConfig {
 export interface CapabilityConfig {
 	capability: CapabilityMetadata;
 	exports?: CapabilityExports;
-	env?: Record<string, EnvDeclaration | Record<string, never>>;
 	mcp?: McpConfig;
 	sync?: SyncConfig;
 	cli?: CliConfig;
@@ -84,7 +77,7 @@ export interface McpToolSchema {
  *
  * - **stdio**: Local process using stdin/stdout (default)
  *   - Requires: command
- *   - Optional: args, env, cwd
+ *   - Optional: args, cwd
  *
  * - **http**: Remote HTTP server (recommended for remote servers)
  *   - Requires: url
@@ -258,6 +251,8 @@ export interface CapabilitiesConfig {
 	sources?: Record<string, CapabilitySourceConfig>;
 	/** Capability groups: group name -> array of capability IDs */
 	groups?: Record<string, string[]>;
+	/** Capabilities that load in ALL profiles, regardless of profile config */
+	always_enabled?: string[];
 }
 
 // Config Types
@@ -266,15 +261,11 @@ export interface ProfileConfig {
 }
 
 export interface OmniConfig {
-	project?: string;
-	active_profile?: string;
-	always_enabled_capabilities?: string[];
-	env?: Record<string, string>;
 	profiles?: Record<string, ProfileConfig>;
 	providers?: {
 		enabled?: Provider[];
 	};
-	/** Capabilities configuration (enable/disable, sources) */
+	/** Capabilities configuration (enable/disable, sources, always_enabled) */
 	capabilities?: CapabilitiesConfig;
 	/** MCP server definitions that auto-generate capabilities */
 	mcps?: Record<string, McpConfig>;

package/src/capability/AGENTS.md

@@ -1,58 +0,0 @@
-# PROJECT KNOWLEDGE BASE
-
-**Generated:** 2026-01-12
-**Commit:** (not specified)
-**Branch:** (not specified)
-
-## OVERVIEW
-Core capability loading system: discovers capabilities from .omni/capabilities/ & capabilities/, validates TOML configs, loads TypeScript exports (skills/rules/docs/commands/subagents), and builds runtime registry.
-
-## WHERE TO LOOK
-| Task | Location | Notes |
-|------|----------|-------|
-| Capability discovery | loader.ts | Scans .omni/capabilities/ & capabilities/ for capability.toml |
-| Load TOML config | loader.ts | Validates required fields, checks reserved names |
-| Dynamic imports | loader.ts | Imports index.ts exports, handles missing deps gracefully |
-| Registry build | registry.ts | Filters by enabled caps, aggregates all content types |
-| Skills loading | skills.ts | Parses SKILL.md with YAML frontmatter |
-| Rules loading | rules.ts | Loads *.md from rules/ directory |
-| Docs loading | docs.ts | Loads definition.md + docs/*.md |
-| Commands loading | commands.ts | Parses COMMAND.md with YAML frontmatter |
-| Subagents loading | subagents.ts | Parses SUBAGENT.md, supports tools/skills/models |
-| Remote sources | sources.ts | Git clone/fetch, wrap external repos, lock file mgmt |
-
-## CONVENTIONS
-
-**Capability Structure:**
-- Must have capability.toml in root
-- Optional: index.ts (exports: skills/rules/docs/commands/subagents/gitignore)
-- Optional directories: skills/, rules/, docs/, commands/, subagents/
-- Optional types.d.ts (for LLM type hints)
-
-**YAML Frontmatter Format:**
-- Skills/Commands: name, description (required)
-- Subagents: name, description + optional tools/disallowedTools/model/permissionMode/skills
-- Supports kebab-case keys (converted to camelCase)
-
-**Content Loading Priority:**
-- Programmatic exports (index.ts) take precedence over file-based content
-- Loader converts both old and new export formats automatically
-
-**Reserved Names:**
-- Node builtins (fs, path, http, crypto, os, etc.)
-- Common libs (react, vue, lodash, axios, express, typescript)
-- Prevents import conflicts with capability modules
-
-**Remote Capability Sources:**
-- Shorthand: "github:user/repo#ref"
-- Lock file: .omni/capabilities.lock.toml (tracks versions/commits)
-- Wrap mode: discovers skills/agents/commands in repo without capability.toml
-- Version: from package.json if available, else short commit hash
-
-## ANTI-PATTERNS (THIS MODULE)
-
-- **NEVER** use reserved capability names (fs, path, react, typescript, etc.)
-- **NEVER** commit capabilities.lock.toml modifications - auto-generated
-- **NEVER** skip YAML frontmatter validation - name/description required
-- **NEVER** modify generated capability.toml in wrapped repos
-- **NEVER** assume index.ts exists - loader returns empty object if missing

package/src/config/AGENTS.md

@@ -1,46 +0,0 @@
-# CONFIGURATION SUBSYSTEM
-
-**Generated:** 2026-01-12T10:36:46
-**Commit:** (not specified)
-**Branch:** (not specified)
-
-## OVERVIEW
-Configuration loading and parsing system using TOML format with profile-based capability management.
-
-## WHERE TO LOOK
-| Task | Location | Notes |
-|------|----------|-------|
-| Config merge logic | loader.ts | Merges config.toml + config.local.toml |
-| Environment loading | env.ts | Loads .omni/.env, validates declarations |
-| TOML parsing | parser.ts | Uses smol-toml, validates capability.toml |
-| Provider selection | provider.ts | Loads provider.toml, parses CLI flags |
-| Profile management | profiles.ts | Active profile tracking, resolves capabilities |
-| Capability enable/disable | capabilities.ts | Updates profiles + gitignore patterns |
-
-## CONVENTIONS
-
-**Config File Locations:**
-- `.omni/config.toml` - main config (project name, default profile, profiles)
-- `.omni/config.local.toml` - local overrides (gitignored)
-- `.omni/provider.toml` - provider selection (claude/codex/both)
-- `.omni/.env` - secrets, always gitignored
-
-**Profile-Based Capability Management:**
-- Profiles define capability sets in `[profiles.name].capabilities`
-- `active_profile` in config.toml selects current profile
-- `always_enabled_capabilities` list merged with profile capabilities
-- Use `enableCapability()` / `disableCapability()` to update active profile
-
-**Environment Variable Handling:**
-- capability.toml `[env]` section declares requirements
-- `required = true` → must be present or default
-- `secret = true` → masked in logs/error messages
-- `default = "value"` → optional with fallback
-
-## ANTI-PATTERNS (THIS SUBSYSTEM)
-
-- **NEVER** edit config.toml directly for capability changes - use enableCapability()/disableCapability()
-- **NEVER** commit .omni/.env or config.local.toml - both gitignored
-- **NEVER** parse TOML manually - use parseOmniConfig() / parseCapabilityConfig()
-- **NEVER** ignore validateEnv() errors - required env vars block capability load
-- **NEVER** assume process.env is complete - merge with .omni/.env via loadEnvironment()

package/src/config/env.ts

@@ -1,97 +0,0 @@
-import { existsSync } from "node:fs";
-import { readFile } from "node:fs/promises";
-import type { EnvDeclaration } from "../types";
-
-const ENV_FILE = ".omni/.env";
-
-/**
- * Load environment variables from .omni/.env file and merge with process.env.
- * Process environment variables take precedence over file values.
- *
- * @returns Merged environment variables
- */
-export async function loadEnvironment(): Promise<Record<string, string>> {
-	const env: Record<string, string> = {};
-
-	// Load from .omni/.env
-	if (existsSync(ENV_FILE)) {
-		const content = await readFile(ENV_FILE, "utf-8");
-		for (const line of content.split("\n")) {
-			const trimmed = line.trim();
-			// Skip empty lines and comments
-			if (trimmed && !trimmed.startsWith("#")) {
-				const eqIndex = trimmed.indexOf("=");
-				if (eqIndex > 0) {
-					const key = trimmed.slice(0, eqIndex).trim();
-					const value = trimmed.slice(eqIndex + 1).trim();
-					// Remove quotes if present
-					const unquotedValue =
-						(value.startsWith('"') && value.endsWith('"')) ||
-						(value.startsWith("'") && value.endsWith("'"))
-							? value.slice(1, -1)
-							: value;
-					env[key] = unquotedValue;
-				}
-			}
-		}
-	}
-
-	// Process env takes precedence - filter out undefined values
-	const processEnv: Record<string, string> = {};
-	for (const [key, value] of Object.entries(process.env)) {
-		if (value !== undefined) {
-			processEnv[key] = value;
-		}
-	}
-
-	return { ...env, ...processEnv };
-}
-
-/**
- * Validate that all required environment variables are present.
- * Checks declarations from capability config and throws descriptive errors for missing vars.
- *
- * @param declarations - Environment variable declarations from capability.toml
- * @param env - Loaded environment variables
- * @param capabilityId - ID of the capability being validated
- * @throws Error if required environment variables are missing
- */
-export function validateEnv(
-	declarations: Record<string, EnvDeclaration | Record<string, never>>,
-	env: Record<string, string | undefined>,
-	capabilityId: string,
-): void {
-	const missing: string[] = [];
-
-	for (const [key, decl] of Object.entries(declarations)) {
-		const declaration = decl as EnvDeclaration;
-		const value = env[key] ?? declaration.default;
-
-		if (declaration.required && !value) {
-			missing.push(key);
-		}
-	}
-
-	if (missing.length > 0) {
-		throw new Error(
-			`Missing required environment variable${missing.length > 1 ? "s" : ""} for capability "${capabilityId}": ${missing.join(", ")}. ` +
-				`Set ${missing.length > 1 ? "them" : "it"} in .omni/.env or as environment variable${missing.length > 1 ? "s" : ""}.`,
-		);
-	}
-}
-
-/**
- * Check if an environment variable should be treated as a secret.
- * Secrets should be masked in logs and error messages.
- *
- * @param key - Environment variable name
- * @param declarations - Environment variable declarations from capability.toml
- * @returns true if the variable is marked as secret
- */
-export function isSecretEnvVar(
-	key: string,
-	declarations: Record<string, EnvDeclaration | Record<string, never>>,
-): boolean {
-	const decl = declarations[key] as EnvDeclaration | undefined;
-	return decl?.secret === true;
-}