akm-cli 0.1.2 → 0.2.0

package/dist/stash-providers/git.js

@@ -0,0 +1,140 @@
+import { createHash } from "node:crypto";
+import fs from "node:fs";
+import path from "node:path";
+import { fetchWithRetry } from "../common";
+import { ConfigError } from "../errors";
+import { getRegistryIndexCacheDir } from "../paths";
+import { extractTarGzSecure } from "../registry-install";
+import { registerStashProvider } from "../stash-provider-factory";
+import { isExpired, sanitizeString } from "./provider-utils";
+/** Cache TTL before refreshing the mirrored repo (12 hours). */
+const CACHE_TTL_MS = 12 * 60 * 60 * 1000;
+/** Maximum stale age allowed when refresh fails (7 days). */
+const CACHE_STALE_MS = 7 * 24 * 60 * 60 * 1000;
+class GitStashProvider {
+    type = "git";
+    name;
+    constructor(config) {
+        this.name = config.name ?? "git";
+    }
+    /** Content is indexed through the standard FTS5 pipeline. */
+    async search(_options) {
+        return { hits: [] };
+    }
+    /** Content is local files, shown via showLocal. */
+    async show(_ref, _view) {
+        throw new Error("Git provider content is shown via local index");
+    }
+    /** Content is local; no remote show needed. */
+    canShow(_ref) {
+        return false;
+    }
+}
+// ── Self-register ───────────────────────────────────────────────────────────
+registerStashProvider("git", (config) => new GitStashProvider(config));
+registerStashProvider("context-hub", (config) => new GitStashProvider(config));
+registerStashProvider("github", (config) => new GitStashProvider(config));
+// ── Cache management ────────────────────────────────────────────────────────
+function getCachePaths(repoUrl) {
+    const key = createHash("sha256").update(repoUrl).digest("hex").slice(0, 16);
+    const rootDir = path.join(getRegistryIndexCacheDir(), `context-hub-${key}`);
+    return {
+        rootDir,
+        archivePath: path.join(rootDir, "repo.tar.gz"),
+        repoDir: path.join(rootDir, "repo"),
+        indexPath: path.join(rootDir, "index.json"),
+    };
+}
+async function ensureGitMirror(repo, cachePaths, options) {
+    const requireRepoDir = options?.requireRepoDir === true;
+    // Check if cache is fresh
+    let mtime = 0;
+    try {
+        mtime = fs.statSync(cachePaths.indexPath).mtimeMs;
+    }
+    catch {
+        /* no cached index */
+    }
+    if (mtime && !isExpired(mtime, CACHE_TTL_MS) && (!requireRepoDir || hasExtractedRepo(cachePaths.repoDir))) {
+        return;
+    }
+    try {
+        fs.mkdirSync(cachePaths.rootDir, { recursive: true });
+        await downloadArchive(buildTarballUrl(repo), cachePaths.archivePath);
+        extractTarGzSecure(cachePaths.archivePath, cachePaths.repoDir);
+        // Touch index file to track freshness
+        fs.writeFileSync(cachePaths.indexPath, "[]", { encoding: "utf8", mode: 0o600 });
+    }
+    catch (err) {
+        if (mtime && !isExpired(mtime, CACHE_STALE_MS) && (!requireRepoDir || hasExtractedRepo(cachePaths.repoDir))) {
+            return;
+        }
+        throw err;
+    }
+}
+function hasExtractedRepo(repoDir) {
+    try {
+        return fs.statSync(repoDir).isDirectory() && fs.statSync(path.join(repoDir, "content")).isDirectory();
+    }
+    catch {
+        return false;
+    }
+}
+async function downloadArchive(url, destination) {
+    const response = await fetchWithRetry(url, undefined, { timeout: 120_000, retries: 1 });
+    if (!response.ok) {
+        throw new Error(`Failed to download archive (${response.status}) from ${url}`);
+    }
+    const BunRuntime = globalThis.Bun;
+    if (BunRuntime?.write) {
+        await BunRuntime.write(destination, response);
+        return;
+    }
+    const arrayBuffer = await response.arrayBuffer();
+    fs.writeFileSync(destination, Buffer.from(arrayBuffer));
+}
+function buildTarballUrl(repo) {
+    return `https://github.com/${repo.owner}/${repo.repo}/archive/refs/heads/${repo.ref}.tar.gz`;
+}
+function parseGitRepoUrl(rawUrl) {
+    if (!rawUrl) {
+        throw new ConfigError("Git provider requires a GitHub repository URL");
+    }
+    let parsed;
+    try {
+        parsed = new URL(rawUrl);
+    }
+    catch {
+        throw new ConfigError(`Git provider URL is not valid: "${rawUrl}"`);
+    }
+    if (parsed.protocol !== "https:") {
+        throw new ConfigError(`Git provider URL must use https://, got "${parsed.protocol}"`);
+    }
+    if (parsed.hostname !== "github.com") {
+        throw new ConfigError(`Git provider only supports github.com URLs, got "${parsed.hostname}"`);
+    }
+    const segments = parsed.pathname.split("/").filter(Boolean);
+    if (segments.length < 2) {
+        throw new ConfigError(`Git provider URL must point to a GitHub repository, got "${rawUrl}"`);
+    }
+    const owner = sanitizeString(segments[0]);
+    const repo = sanitizeString(segments[1].replace(/\.git$/i, ""));
+    let ref = "main";
+    if (segments[2] === "tree" && segments.length >= 4) {
+        ref = sanitizeString(segments.slice(3).join("/"), 255) || "main";
+    }
+    if (!owner || !repo || !/^[A-Za-z0-9_.-]+$/.test(owner) || !/^[A-Za-z0-9_.-]+$/.test(repo)) {
+        throw new ConfigError(`Unsupported repository URL: "${rawUrl}"`);
+    }
+    if (!ref || ref.includes("..") || !/^[A-Za-z0-9._/-]+$/.test(ref)) {
+        throw new ConfigError(`Unsupported branch/ref in URL: "${rawUrl}"`);
+    }
+    return {
+        owner,
+        repo,
+        ref,
+        canonicalUrl: `https://github.com/${owner}/${repo}/tree/${ref}`,
+    };
+}
+// ── Exports ─────────────────────────────────────────────────────────────────
+export { GitStashProvider, ensureGitMirror, getCachePaths, parseGitRepoUrl };

package/dist/stash-providers/index.js

@@ -6,5 +6,5 @@
  * side-effect imports that were duplicated in stash-search.ts and stash-show.ts.
  */
 import "./filesystem";
-import "./context-hub";
+import "./git";
 import "./openviking";

package/dist/stash-providers/openviking.js

@@ -1,16 +1,11 @@
+import { createHash } from "node:crypto";
 import fs from "node:fs";
 import path from "node:path";
 import { fetchWithRetry } from "../common";
 import { ConfigError, NotFoundError } from "../errors";
 import { getRegistryIndexCacheDir } from "../paths";
 import { registerStashProvider } from "../stash-provider-factory";
-/** Strip terminal control characters from untrusted strings. */
-function sanitizeString(value, maxLength = 255) {
-    if (typeof value !== "string")
-        return "";
-    // biome-ignore lint/suspicious/noControlCharactersInRegex: intentional — strip control chars from untrusted remote data
-    return value.replace(/[\u0000-\u001f\u007f]/g, "").slice(0, maxLength);
-}
+import { isExpired, sanitizeString } from "./provider-utils";
 /** Per-query cache TTL in milliseconds (5 minutes). */
 const QUERY_CACHE_TTL_MS = 5 * 60 * 1000;
 /** Maximum age before query cache is considered stale but still usable (1 hour). */
@@ -70,7 +65,9 @@ class OpenVikingStashProvider {
         }
     }
     async show(ref, _view) {
-        const uri = ref.trim();
+        const trimmed = ref.trim();
+        // Accept both viking:// URIs (legacy/internal) and type:name refs
+        const uri = trimmed.startsWith("viking://") ? trimmed : refToVikingUri(trimmed);
         const baseUrl = this.baseUrl;
         const headers = this.authHeaders;
         const [statResult, contentResult] = await Promise.all([
@@ -78,10 +75,10 @@ class OpenVikingStashProvider {
             fetchOVJson(`${baseUrl}/api/v1/content/read?uri=${encodeURIComponent(uri)}&offset=0&limit=-1`, headers),
         ]);
         if (statResult == null && contentResult == null) {
-            throw new NotFoundError(`Could not fetch remote asset "${uri}". The OpenViking server at ${baseUrl} may be unreachable or the resource does not exist.`);
+            throw new NotFoundError(`Could not fetch remote asset "${trimmed}". The OpenViking server at ${baseUrl} may be unreachable or the resource does not exist.`);
         }
         if (contentResult == null) {
-            throw new NotFoundError(`Content not found for remote asset "${uri}". The server returned metadata but no content.`);
+            throw new NotFoundError(`Content not found for remote asset "${trimmed}". The server returned metadata but no content.`);
         }
         const stat = (typeof statResult === "object" && statResult !== null ? statResult : {});
         const uriPath = uri.replace(/^viking:\/\//, "");
@@ -91,19 +88,20 @@ class OpenVikingStashProvider {
         const assetType = OV_TYPE_MAP[ovType] ?? "knowledge";
         const content = typeof contentResult === "string" ? contentResult : "";
         const description = sanitizeString(stat.abstract, 1000) || undefined;
+        const assetRef = `${assetType}:${name}`;
         return {
             type: assetType,
             name,
-            path: uri,
-            action: `Remote content from OpenViking — ${uri}`,
+            path: assetRef,
+            action: `Remote content from OpenViking — ${assetRef}`,
             content,
             description,
             editable: false,
             origin: "remote",
         };
     }
-    canShow(ref) {
-        return ref.trim().startsWith("viking://");
+    canShow(_ref) {
+        return !!(this.config.url ?? "").trim();
     }
     get baseUrl() {
         return (this.config.url ?? "").replace(/\/+$/, "");
@@ -162,9 +160,8 @@ class OpenVikingStashProvider {
             const name = sanitizeString(entry.name);
             const abstract = sanitizeString(entry.abstract, 1000);
             const type = sanitizeString(entry.type);
-            const uri = sanitizeString(entry.uri, 2048);
             const assetType = OV_TYPE_MAP[type] ?? "knowledge";
-            const ref = uriToVikingRef(uri);
+            const ref = `${assetType}:${name}`;
             return {
                 type: assetType,
                 name,
@@ -180,7 +177,7 @@ class OpenVikingStashProvider {
     }
     queryCachePath(query, limit) {
         const cacheDir = getRegistryIndexCacheDir();
-        const hasher = new Bun.CryptoHasher("md5");
+        const hasher = createHash("md5");
         hasher.update(this.config.url ?? "");
         hasher.update("\0");
         hasher.update(query.trim().toLowerCase());
@@ -225,11 +222,28 @@ class OpenVikingStashProvider {
 // ── Self-register ───────────────────────────────────────────────────────────
 registerStashProvider("openviking", (config) => new OpenVikingStashProvider(config));
 // ── Helpers ─────────────────────────────────────────────────────────────────
-function uriToVikingRef(uri) {
-    if (uri.startsWith("viking://"))
-        return uri;
-    return `viking://${uri.replace(/^\/+/, "")}`;
+/**
+ * Convert a type:name ref to a viking:// URI for the OpenViking API.
+ * Maps the akm asset type back to the OV plural form (e.g. "skill" -> "skills").
+ */
+function refToVikingUri(ref) {
+    const colon = ref.indexOf(":");
+    if (colon <= 0)
+        return `viking://${ref}`;
+    const name = ref.slice(colon + 1);
+    const type = ref.slice(0, colon);
+    const ovDir = AKM_TO_OV_DIR[type] ?? type;
+    return `viking://${ovDir}/${name}`;
 }
+/** Reverse map: akm asset type → OpenViking directory name (plural). */
+const AKM_TO_OV_DIR = {
+    skill: "skills",
+    memory: "memories",
+    knowledge: "resources",
+    agent: "agents",
+    command: "commands",
+    script: "scripts",
+};
 function parseOVSearchResponse(result) {
     if (Array.isArray(result))
         return result.filter(isValidOVEntry);
@@ -311,9 +325,6 @@ function extractNameFromUri(uri) {
     const last = segments[segments.length - 1] ?? "unknown";
     return last.replace(/\.[^.]+$/, "");
 }
-function isExpired(mtimeMs, ttlMs) {
-    return Date.now() - mtimeMs > ttlMs;
-}
 async function fetchOVJson(url, headers) {
     try {
         const response = await fetchWithRetry(url, { headers }, { timeout: 10_000, retries: 1 });
@@ -334,4 +345,4 @@ function inferTypeFromUri(uri) {
     return OV_TYPE_MAP[firstSegment] ?? "knowledge";
 }
 // ── Exports for testing ─────────────────────────────────────────────────────
-export { OpenVikingStashProvider, uriToVikingRef, parseOVSearchResponse };
+export { OpenVikingStashProvider, refToVikingUri, parseOVSearchResponse };

package/dist/stash-providers/provider-utils.js

@@ -0,0 +1,11 @@
+/** Strip terminal control characters from untrusted strings. */
+export function sanitizeString(value, maxLength = 255) {
+    if (typeof value !== "string")
+        return "";
+    // biome-ignore lint/suspicious/noControlCharactersInRegex: intentional — strip control chars from untrusted remote data
+    return value.replace(/[\u0000-\u001f\u007f]/g, "").slice(0, maxLength);
+}
+/** Check whether a cached timestamp has exceeded its TTL. */
+export function isExpired(mtimeMs, ttlMs) {
+    return Date.now() - mtimeMs > ttlMs;
+}

package/dist/stash-search.js

@@ -1,11 +1,13 @@
 import { loadConfig } from "./config";
-import { ACTION_BUILDERS, buildLocalAction, rendererForType, searchLocal, TYPE_TO_RENDERER } from "./local-search";
+import { closeDatabase, openDatabase } from "./db";
+import { searchLocal } from "./local-search";
 import { resolveStashProviders } from "./stash-provider-factory";
 // Eagerly import stash providers to trigger self-registration
 import "./stash-providers/index";
 import { UsageError } from "./errors";
 import { searchRegistry } from "./registry-search";
 import { resolveStashSources } from "./search-source";
+import { insertUsageEvent } from "./usage-events";
 const DEFAULT_LIMIT = 20;
 export async function akmSearch(input) {
     const t0 = Date.now();
@@ -19,7 +21,7 @@ export async function akmSearch(input) {
     if (sources.length === 0) {
         // stashDir: "" is a safe sentinel here — the response carries zero hits
         // and a warning, so no downstream code will try to use the empty path.
-        return {
+        const response = {
             schemaVersion: 1,
             stashDir: "",
             source,
@@ -27,12 +29,16 @@ export async function akmSearch(input) {
             warnings: ["No stashes configured. Run `akm init` to create your working stash."],
             timing: { totalMs: Date.now() - t0 },
         };
+        logSearchEvent(query, response);
+        return response;
     }
     // Primary stash directory — used for DB path lookups and as the default
     // stash root. Safe because the empty-sources case is handled above.
     const stashDir = sources[0].path;
-    // Resolve additional stash providers (e.g. OpenViking) from config
-    const additionalStashProviders = resolveStashProviders(config);
+    // Resolve additional stash providers (e.g. OpenViking) from config.
+    // Exclude filesystem (handled by resolveStashSources) and context-hub/github
+    // (content now indexed through the unified FTS5 pipeline).
+    const additionalStashProviders = resolveStashProviders(config).filter((p) => p.type !== "filesystem" && p.type !== "context-hub" && p.type !== "git");
     const localResult = source === "registry"
         ? undefined
         : await searchLocal({
@@ -43,8 +49,8 @@ export async function akmSearch(input) {
             sources,
             config,
         });
-    // Query additional stash providers (e.g. OpenViking)
-    const additionalStashResults = source === "registry" || additionalStashProviders.length === 0 || !query
+    // Pass original case to providers — FTS5 requires lowercase but remote providers handle case themselves
+    const additionalStashResults = source === "registry" || additionalStashProviders.length === 0
         ? []
         : await Promise.all(additionalStashProviders.map(async (provider) => {
             try {
@@ -65,7 +71,7 @@ export async function akmSearch(input) {
         const allStashHits = mergeStashHits(localResult?.hits ?? [], additionalHits, limit);
         const localWarnings = [...(localResult?.warnings ?? []), ...additionalWarnings];
         const hasResults = allStashHits.length > 0;
-        return {
+        const response = {
             schemaVersion: 1,
             stashDir,
             source,
@@ -74,9 +80,14 @@ export async function akmSearch(input) {
             warnings: localWarnings.length > 0 ? localWarnings : undefined,
             timing: { totalMs: Date.now() - t0, rankMs: localResult?.rankMs, embedMs: localResult?.embedMs },
         };
+        logSearchEvent(query, response);
+        return response;
     }
     const registryHits = (registryResult?.hits ?? []).map((hit) => {
-        const installRef = hit.source === "npm" ? `npm:${hit.ref}` : hit.source === "git" ? `git+${hit.ref}` : `github:${hit.ref}`;
+        // Use the provider-supplied installRef when available (already correctly
+        // prefixed), otherwise derive it from source + ref for backward compat.
+        const installRef = hit.installRef ??
+            (hit.source === "npm" ? `npm:${hit.ref}` : hit.source === "git" ? `git+${hit.ref}` : `github:${hit.ref}`);
         return {
             type: "registry",
             name: hit.title,
@@ -89,76 +100,118 @@ export async function akmSearch(input) {
         };
     });
     if (source === "registry") {
-        const hits = registryHits.slice(0, limit);
-        const hasResults = hits.length > 0;
-        return {
+        const slicedRegistryHits = registryHits.slice(0, limit);
+        const hasResults = slicedRegistryHits.length > 0;
+        const response = {
             schemaVersion: 1,
             stashDir,
             source,
-            hits,
+            hits: [],
+            registryHits: slicedRegistryHits,
             tip: hasResults ? undefined : "No matching registry entries were found.",
             warnings: registryResult?.warnings.length ? registryResult.warnings : undefined,
             timing: { totalMs: Date.now() - t0 },
         };
+        logSearchEvent(query, response);
+        return response;
     }
     // source === "both"
     const allStashHits = mergeStashHits(localResult?.hits ?? [], additionalHits, limit * 2);
-    const mergedHits = mergeSearchHits(allStashHits, registryHits, limit);
     const warnings = [...(localResult?.warnings ?? []), ...additionalWarnings, ...(registryResult?.warnings ?? [])];
-    const hasResults = mergedHits.length > 0;
-    return {
+    const hasResults = allStashHits.length > 0 || registryHits.length > 0;
+    const response = {
         schemaVersion: 1,
         stashDir,
         source,
-        hits: mergedHits,
+        hits: allStashHits.slice(0, limit),
+        registryHits,
         tip: hasResults ? undefined : "No matching stash assets or registry entries were found.",
         warnings: warnings.length ? warnings : undefined,
         timing: { totalMs: Date.now() - t0 },
     };
+    logSearchEvent(query, response);
+    return response;
 }
-// Re-export searchLocal so existing callers (filesystem.ts) still work via this module
-export { searchLocal };
-// ── Type renderer and action builder registration ────────────────────────────
-export function registerTypeRenderer(type, rendererName) {
-    TYPE_TO_RENDERER[type] = rendererName;
+/**
+ * Resolve entry IDs by file_path lookup (exact match, not LIKE).
+ */
+function resolveEntryIds(db, hits) {
+    const results = [];
+    const stmt = db.prepare("SELECT id FROM entries WHERE file_path = ? LIMIT 1");
+    for (const hit of hits) {
+        try {
+            const row = stmt.get(hit.path);
+            if (row)
+                results.push({ entryId: row.id, ref: hit.ref });
+        }
+        catch {
+            /* skip unresolvable */
+        }
+    }
+    return results;
 }
-export function registerActionBuilder(type, builder) {
-    ACTION_BUILDERS[type] = builder;
+/**
+ * Fire-and-forget: log a search event to the usage_events table.
+ * Never blocks the caller; errors are silently ignored.
+ */
+function logSearchEvent(query, response, existingDb) {
+    try {
+        const db = existingDb ?? openDatabase();
+        try {
+            const stashHits = response.hits.filter((h) => h.type !== "registry").slice(0, 50);
+            const resolved = resolveEntryIds(db, stashHits);
+            for (const { entryId, ref } of resolved) {
+                insertUsageEvent(db, {
+                    event_type: "search",
+                    query,
+                    entry_id: entryId,
+                    entry_ref: ref,
+                });
+            }
+            insertUsageEvent(db, {
+                event_type: "search",
+                query,
+                metadata: JSON.stringify({ resultCount: response.hits.length, resolvedCount: resolved.length }),
+            });
+        }
+        finally {
+            if (!existingDb)
+                closeDatabase(db);
+        }
+    }
+    catch {
+        /* fire-and-forget */
+    }
 }
-// Re-export for consumers that were already importing from stash-search
-export { buildLocalAction, rendererForType };
 // ── Helpers ──────────────────────────────────────────────────────────────────
 /**
- * Merge hits from local stash and additional providers using Reciprocal Rank
- * Fusion (RRF). Each list is already internally sorted by relevance. RRF
- * assigns scores based on rank position rather than raw score values, so
- * sources with incompatible score scales (e.g. RRF ~0.01-0.03 vs 0-1 or
- * 0-100) are merged fairly.
+ * Merge local and additional stash hits into a single ranked list.
+ *
+ * Provider hits (e.g. OpenViking) keep their original scores and compete
+ * fairly alongside local hits. Duplicates are resolved in favour of the
+ * local version.
+ *
+ * 1. Build set of local hit keys for dedup.
+ * 2. Filter provider hits that aren't duplicates.
+ * 3. Combine local + non-duplicate provider hits.
+ * 4. Sort by score descending.
+ * 5. Slice to limit.
  */
 export function mergeStashHits(localHits, additionalHits, limit) {
     if (additionalHits.length === 0)
         return localHits.slice(0, limit);
-    const RRF_K = 60;
-    const scoreMap = new Map();
-    const applyRankedList = (hits) => {
-        for (let i = 0; i < hits.length; i++) {
-            const key = hits[i].path ?? hits[i].ref ?? hits[i].name;
-            const rrf = 1 / (RRF_K + i + 1);
-            const existing = scoreMap.get(key);
-            if (existing) {
-                existing.score += rrf;
-            }
-            else {
-                scoreMap.set(key, { hit: hits[i], score: rrf });
-            }
-        }
-    };
-    applyRankedList(localHits);
-    applyRankedList(additionalHits);
-    return [...scoreMap.values()]
-        .sort((a, b) => b.score - a.score)
-        .slice(0, limit)
-        .map((v) => ({ ...v.hit, score: Math.round(v.score * 10000) / 10000 }));
+    // Track local hits by a dedup key (path > ref > name)
+    const localKeys = new Set();
+    for (const h of localHits) {
+        localKeys.add(h.path ?? h.ref ?? h.name);
+    }
+    // Keep non-duplicate provider hits with their original scores
+    const providerOnly = additionalHits.filter((h) => {
+        const key = h.path ?? h.ref ?? h.name;
+        return !localKeys.has(key);
+    });
+    // Combine and sort by score descending
+    return [...localHits, ...providerOnly].sort((a, b) => (b.score ?? 0) - (a.score ?? 0)).slice(0, limit);
 }
 function normalizeLimit(limit) {
     if (typeof limit !== "number" || Number.isNaN(limit) || limit <= 0) {
@@ -177,45 +230,8 @@ export function parseSearchSource(source) {
     throw new UsageError(`Invalid value for --source: ${String(source)}. Expected one of: stash|registry|both`);
 }
 /**
- * Merge stash hits and registry hits using RRF, same rationale as mergeStashHits.
+ * Merge stash hits and registry hits via simple concatenation.
  */
 export function mergeSearchHits(localHits, registryHits, limit) {
-    if (registryHits.length === 0)
-        return localHits.slice(0, limit);
-    if (localHits.length === 0)
-        return registryHits.slice(0, limit);
-    const RRF_K = 60;
-    const scoreMap = new Map();
-    const applyStashList = (hits) => {
-        for (let i = 0; i < hits.length; i++) {
-            const key = hits[i].path ?? hits[i].ref ?? hits[i].name;
-            const rrf = 1 / (RRF_K + i + 1);
-            const existing = scoreMap.get(key);
-            if (existing) {
-                existing.score += rrf;
-            }
-            else {
-                scoreMap.set(key, { hit: hits[i], score: rrf });
-            }
-        }
-    };
-    const applyRegistryList = (hits) => {
-        for (let i = 0; i < hits.length; i++) {
-            const key = `registry:${hits[i].id ?? hits[i].name}`;
-            const rrf = 1 / (RRF_K + i + 1);
-            const existing = scoreMap.get(key);
-            if (existing) {
-                existing.score += rrf;
-            }
-            else {
-                scoreMap.set(key, { hit: hits[i], score: rrf });
-            }
-        }
-    };
-    applyStashList(localHits);
-    applyRegistryList(registryHits);
-    return [...scoreMap.values()]
-        .sort((a, b) => b.score - a.score)
-        .slice(0, limit)
-        .map((v) => ({ ...v.hit, score: Math.round(v.score * 10000) / 10000 }));
+    return [...localHits, ...registryHits].slice(0, limit);
 }