akm-cli 0.7.4 → 0.8.0-rc.10

package/dist/setup/steps.js

@@ -1,18 +1,6 @@
-/**
- * Composable runner abstraction for `akm setup`.
- *
- * The interactive wizard in `setup.ts` historically ran a fixed series of
- * step functions (`stepStashDir`, `stepOllama`, `stepLlm`, ...) inline.
- * This module formalizes that pattern so steps can be:
- *   - reused by `akm init` (non-interactive preset, see Finding 31),
- *   - tested in isolation by passing a stub `SetupContext`, and
- *   - extended by plugins without touching the wizard call site.
- *
- * Steps mutate state through `SetupContext.apply()`, which accumulates a
- * delta on top of the original config. `stepLlm` reading the embedding
- * endpoint that `stepSemanticSearch` produced is the canonical example of
- * why mutable accumulation is preferred over immutable returns.
- */
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
 /**
  * Build a fresh `SetupContext` over a starting config. The returned context
  * applies deltas in-place onto an internal accumulator and exposes the

package/dist/sources/include.js

@@ -1,3 +1,6 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
 import fs from "node:fs";
 import path from "node:path";
 import { isWithin } from "../core/common";

package/dist/sources/provider-factory.js

@@ -1,14 +1,7 @@
-/**
- * Source provider factory map.
- *
- * Maps source kind identifiers (e.g. "filesystem", "git", "website", "npm")
- * to factory functions that build {@link SourceProvider} instances from a
- * {@link SourceConfigEntry}.
- *
- * Distinct from the registry-discovery factory (`registry/factory.ts`).
- * Both share `create-provider-registry.ts` for the underlying string→factory
- * map.
- */
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+import { getSources } from "../core/config";
 import { createProviderRegistry } from "../registry/create-provider-registry";
 // ── Factory map ─────────────────────────────────────────────────────────────
 const registry = createProviderRegistry();
@@ -24,7 +17,7 @@ export function resolveSourceProviderFactory(type) {
  */
 export function resolveSourceProviders(config) {
     const providers = [];
-    for (const entry of config.sources ?? config.stashes ?? []) {
+    for (const entry of getSources(config)) {
         if (entry.enabled === false)
             continue;
         const factory = registry.resolve(entry.type);

package/dist/sources/provider.js

@@ -1,21 +1,4 @@
-/**
- * SourceProvider — minimal v1 interface (spec §2.1).
- *
- * A SourceProvider gets files into a directory. The indexer walks `path()`
- * and reads files from disk. Search and show go through the indexer, not
- * through provider methods.
- *
- * Three required members + one optional:
- *   - name      configured source name
- *   - kind      "filesystem" | "git" | "website" | "npm"
- *   - init(ctx) called once after construction
- *   - path()    the directory the indexer walks (stable for instance lifetime)
- *   - sync?()   refresh the directory from upstream (no-op for filesystem)
- *
- * All other writing/reading concerns live outside this interface:
- *   - Writes:    src/core/write-source.ts (Phase 5)
- *   - Reads:     src/indexer.ts (Phase 4)
- *   - Install:   src/sources/providers/sync-from-ref.ts (install-time helpers,
- *                separate from configured-source plumbing)
- */
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
 export {};

package/dist/sources/providers/filesystem.js

@@ -1,3 +1,6 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
 import { resolveStashDir } from "../../core/common";
 import { ConfigError } from "../../core/errors";
 import { registerSourceProvider } from "../provider-factory";
@@ -8,28 +11,21 @@ import { registerSourceProvider } from "../provider-factory";
  * just `{ name, kind, init, path }`. No `sync()` — content is the user's
  * own directory, never refreshed by akm.
  */
-class FilesystemSourceProvider {
-    kind = "filesystem";
-    name;
-    #stashDir;
-    constructor(entry) {
-        if (entry.type !== "filesystem") {
-            throw new ConfigError(`FilesystemSourceProvider invoked with type="${entry.type}"`);
-        }
-        this.#stashDir = entry.path ?? resolveStashDir();
-        if (!this.#stashDir) {
-            throw new ConfigError("filesystem source requires a `path`");
-        }
-        this.name = entry.name ?? this.#stashDir;
+registerSourceProvider("filesystem", (entry) => {
+    if (entry.type !== "filesystem") {
+        throw new ConfigError(`filesystem source invoked with type="${entry.type}"`);
     }
-    async init(_ctx) {
-        // Filesystem sources resolve their path eagerly in the constructor;
-        // init has nothing to do beyond letting the registry know we're ready.
+    const stashDir = entry.path ?? resolveStashDir();
+    if (!stashDir) {
+        throw new ConfigError("filesystem source requires a `path`");
     }
-    path() {
-        return this.#stashDir;
-    }
-}
-// ── Self-register ───────────────────────────────────────────────────────────
-registerSourceProvider("filesystem", (config) => new FilesystemSourceProvider(config));
-export { FilesystemSourceProvider };
+    const name = entry.name ?? stashDir;
+    return {
+        kind: "filesystem",
+        name,
+        async init(_ctx) { },
+        path() {
+            return stashDir;
+        },
+    };
+});

package/dist/sources/providers/git.js

@@ -1,10 +1,13 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
 import { spawnSync } from "node:child_process";
 import { createHash, randomBytes } from "node:crypto";
 import fs from "node:fs";
 import path from "node:path";
 import { TYPE_DIRS } from "../../core/asset-spec";
 import { resolveStashDir } from "../../core/common";
-import { loadConfig } from "../../core/config";
+import { getSources, loadConfig } from "../../core/config";
 import { ConfigError, UsageError } from "../../core/errors";
 import { getRegistryCacheDir, getRegistryIndexCacheDir } from "../../core/paths";
 import { sanitizeCommitMessage } from "../../core/write-source";
@@ -15,7 +18,13 @@ import { applyAkmIncludeConfig, buildInstallCacheDir, copyDirectoryContents, det
 const CACHE_TTL_MS = 12 * 60 * 60 * 1000;
 /** Maximum stale age allowed when refresh fails (7 days). */
 const CACHE_STALE_MS = 7 * 24 * 60 * 60 * 1000;
-const GIT_STASH_TYPES = new Set(["git"]);
+function runGit(args, options) {
+    return spawnSync("git", args, {
+        encoding: "utf8",
+        ...options,
+        env: { ...process.env, ...options?.env, GIT_TERMINAL_PROMPT: "0" },
+    });
+}
 /**
  * Git source provider — clones (and re-pulls) a remote repo into a local
  * cache directory. Implements the v1 {@link SourceProvider} interface (spec
@@ -219,10 +228,9 @@ async function doSyncGit(parsed, options) {
             cloneArgs.push("--branch", parsed.requestedRef);
         }
         cloneArgs.push(parsed.url, cloneDir);
-        const cloneResult = spawnSync("git", cloneArgs, { encoding: "utf8", timeout: 120_000 });
+        const cloneResult = runGit(cloneArgs, { timeout: 120_000 });
         if (cloneResult.status !== 0) {
-            const err = cloneResult.stderr?.trim() || cloneResult.error?.message || "unknown error";
-            throw new Error(`Failed to clone ${parsed.url}: ${err}`);
+            throw new Error(classifyCloneFailure(parsed.url, cloneResult.stderr, cloneResult.error));
         }
         // Copy contents to extracted dir without .git
         fs.mkdirSync(extractedDir, { recursive: true });
@@ -267,12 +275,11 @@ export function cloneRepo(cloneUrl, ref, destDir, writable = false) {
     if (ref)
         args.push("--branch", ref);
     args.push(cloneUrl, tmpDir);
-    const result = spawnSync("git", args, { encoding: "utf8", timeout: 120_000 });
+    const result = runGit(args, { timeout: 120_000 });
     if (result.status !== 0) {
         // Clean up the (possibly partial) temp dir but leave destDir untouched.
         fs.rmSync(tmpDir, { recursive: true, force: true });
-        const err = result.stderr?.trim() || result.error?.message || "unknown error";
-        throw new Error(`Failed to clone ${cloneUrl}: ${err}`);
+        throw new Error(classifyCloneFailure(cloneUrl, result.stderr, result.error));
     }
     try {
         if (!writable) {
@@ -293,8 +300,7 @@ export function cloneRepo(cloneUrl, ref, destDir, writable = false) {
     }
 }
 function pullRepo(repoDir) {
-    const result = spawnSync("git", ["-C", repoDir, "pull", "--ff-only"], {
-        encoding: "utf8",
+    const result = runGit(["-C", repoDir, "pull", "--ff-only"], {
         timeout: 120_000,
     });
     if (result.status !== 0) {
@@ -395,7 +401,10 @@ function parseGitRepoUrl(rawUrl) {
  * When `name` is omitted the primary stash directory is used.
  * When `message` is omitted a timestamp is used.
  */
-export function saveGitStash(name, message, writableOverride) {
+export function saveGitStash(name, message, writableOverride, options) {
+    // `push: false` (from `akm sync --no-push`) commits but never pushes, even
+    // when the stash is writable with a remote configured.
+    const allowPush = options?.push !== false;
     const timestamp = new Date().toISOString().replace("T", " ").slice(0, 19);
     // Sanitize the user-supplied message: strip CR/LF/NUL, collapse whitespace,
     // clamp length. An attacker can otherwise pass `--message "subject\n\n\
@@ -407,10 +416,10 @@ export function saveGitStash(name, message, writableOverride) {
     let writable = false;
     if (name) {
         const config = loadConfig();
-        const stash = (config.sources ?? config.stashes ?? []).find((s) => s.name === name || s.url === name);
+        const stash = findGitStashByTarget(getSources(config), name);
         if (!stash)
             throw new UsageError(`No git stash found with name "${name}"`);
-        if (!GIT_STASH_TYPES.has(stash.type)) {
+        if (stash.type !== "git") {
             throw new UsageError(`Stash "${name}" is not a git stash (type: ${stash.type})`);
         }
         if (!stash.url)
@@ -431,33 +440,59 @@ export function saveGitStash(name, message, writableOverride) {
         return { committed: false, pushed: false, skipped: true, reason: "not a git repository", output: "" };
     }
     // Nothing to commit?
-    const statusResult = spawnSync("git", ["-C", repoDir, "status", "--porcelain"], { encoding: "utf8" });
+    const statusResult = runGit(["-C", repoDir, "status", "--porcelain"]);
     if (statusResult.error || statusResult.status !== 0) {
         throw new Error(`git status failed: ${statusResult.error?.message || statusResult.stderr?.trim() || "unknown error"}`);
     }
     if (!statusResult.stdout.trim()) {
         return { committed: false, pushed: false, skipped: false, output: "nothing to commit, working tree clean" };
     }
+    // Safety check (#476): when the stash dir is shared with a non-akm project
+    // (stash root == project repo root), `git add -A` would stage every dirty
+    // file in the user's working tree and push their unrelated WIP to the
+    // stash's remote. Refuse if any dirty path is outside the known akm-
+    // managed subtrees (TYPE_DIRS + `.akm/` state).
+    const nonAkmDirty = collectNonAkmDirtyPaths(statusResult.stdout);
+    if (nonAkmDirty.length > 0) {
+        const sample = nonAkmDirty.slice(0, 10);
+        const more = nonAkmDirty.length > sample.length ? `\n  ...and ${nonAkmDirty.length - sample.length} more` : "";
+        throw new Error(`refusing to push: stash repo at ${repoDir} has uncommitted non-akm changes:\n` +
+            sample.map((p) => `  ${p}`).join("\n") +
+            more +
+            `\nCommit or stash these manually before running an akm push. ` +
+            `Akm-managed paths are: ${Object.values(TYPE_DIRS).join(", ")}, .akm/`);
+    }
     // Stage and commit — supply fallback identity so fresh environments without
     // user.name/user.email configured can always commit to the default stash.
-    const addResult = spawnSync("git", ["-C", repoDir, "add", "-A"], { encoding: "utf8" });
+    // `add -A` is safe here because nonAkmDirty was just verified empty.
+    const addResult = runGit(["-C", repoDir, "add", "-A"]);
     if (addResult.status !== 0) {
         throw new Error(`git add failed: ${addResult.stderr?.trim() || "unknown error"}`);
     }
-    const commitResult = spawnSync("git", ["-C", repoDir, "-c", "user.name=akm", "-c", "user.email=akm@local", "commit", "-m", commitMessage], { encoding: "utf8" });
+    const commitResult = runGit([
+        "-C",
+        repoDir,
+        "-c",
+        "user.name=akm",
+        "-c",
+        "user.email=akm@local",
+        "commit",
+        "-m",
+        commitMessage,
+    ]);
     if (commitResult.status !== 0) {
         throw new Error(`git commit failed: ${commitResult.stderr?.trim() || "unknown error"}`);
     }
     // Push only when there is a remote AND the stash is marked writable
-    const remoteResult = spawnSync("git", ["-C", repoDir, "remote"], { encoding: "utf8" });
+    const remoteResult = runGit(["-C", repoDir, "remote"]);
     if (remoteResult.status !== 0) {
         throw new Error(`git remote failed: ${remoteResult.stderr?.trim() || "unknown error"}`);
     }
     const hasRemote = remoteResult.stdout.trim().length > 0;
-    if (!hasRemote || !writable) {
+    if (!hasRemote || !writable || !allowPush) {
         return { committed: true, pushed: false, skipped: false, output: commitResult.stdout.trim() };
     }
-    const pushResult = spawnSync("git", ["-C", repoDir, "push"], { encoding: "utf8", timeout: 120_000 });
+    const pushResult = runGit(["-C", repoDir, "push"], { timeout: 120_000 });
     if (pushResult.status !== 0) {
         throw new Error(`git push failed: ${pushResult.stderr?.trim() || "unknown error"}`);
     }
@@ -468,5 +503,129 @@ export function saveGitStash(name, message, writableOverride) {
         output: (commitResult.stdout + pushResult.stdout).trim() || "changes committed and pushed",
     };
 }
+function findGitStashByTarget(stashes, target) {
+    return stashes.find((stash) => matchesGitStashTarget(stash, target));
+}
+function matchesGitStashTarget(stash, target) {
+    if (stash.type !== "git")
+        return false;
+    if (stash.name === target || stash.url === target)
+        return true;
+    if (!stash.url)
+        return false;
+    try {
+        const repo = parseGitRepoUrl(stash.url);
+        if (repo.canonicalUrl === target)
+            return true;
+        return buildGithubTargetAliases(repo.canonicalUrl).has(target);
+    }
+    catch {
+        return false;
+    }
+}
+function buildGithubTargetAliases(canonicalUrl) {
+    try {
+        const parsed = new URL(canonicalUrl);
+        if (parsed.hostname !== "github.com")
+            return new Set();
+        const segments = parsed.pathname.split("/").filter(Boolean);
+        if (segments.length < 2)
+            return new Set();
+        const owner = segments[0];
+        const repo = segments[1];
+        const aliases = new Set([`${owner}/${repo}`, `github:${owner}/${repo}`]);
+        if (segments[2] === "tree" && segments.length >= 4) {
+            const ref = segments.slice(3).join("/");
+            aliases.add(`${owner}/${repo}#${ref}`);
+            aliases.add(`github:${owner}/${repo}#${ref}`);
+        }
+        return aliases;
+    }
+    catch {
+        return new Set();
+    }
+}
+// ── Clone-failure classification (#487) ─────────────────────────────────────
+/**
+ * Translate git's stderr into an actionable message. Without this, a user
+ * who passes a nonexistent or private repo to `akm add` sees:
+ *
+ *   "could not read Username for 'https://github.com': No such device or
+ *    address"
+ *
+ * That is git falling through to its auth-prompt path — the actual cause
+ * is "repo doesn't exist (or is private)". We classify the common patterns
+ * and emit a message that names the cause and the fix.
+ */
+export function classifyCloneFailure(url, stderr, spawnError) {
+    const raw = (stderr ?? "").trim();
+    const spawnMsg = spawnError?.message ?? "";
+    // `git` binary not on PATH.
+    if (spawnError?.code === "ENOENT") {
+        return `Failed to clone ${url}: 'git' is not installed or not on PATH. Install git, then re-run.`;
+    }
+    // Auth-prompt fall-through (the headline #487 case).
+    if (/could not read Username|terminal prompts disabled|Authentication failed|fatal: Authentication/i.test(raw)) {
+        return (`Failed to clone ${url}: repository not found or private. ` +
+            `If the repository is public, double-check the URL and try again. ` +
+            `If it is private, set GH_TOKEN (or configure a git credential helper) before re-running.`);
+    }
+    // 404-style messages from git http.
+    if (/repository '.*' not found|HTTP 404|fatal: remote error|not found:|Not Found/i.test(raw)) {
+        return (`Failed to clone ${url}: repository not found. ` +
+            `Check the URL — for GitHub, the form is 'owner/repo' or 'github:owner/repo'.`);
+    }
+    // SSH connection issues.
+    if (/Permission denied \(publickey\)|kex_exchange_identification|Connection refused|Connection timed out/i.test(raw)) {
+        return (`Failed to clone ${url}: network or SSH failure. ` +
+            `Check connectivity, your SSH agent, and the remote host's availability.`);
+    }
+    // Branch / ref-specific failures.
+    if (/Remote branch .* not found in upstream origin|couldn't find remote ref/i.test(raw)) {
+        return (`Failed to clone ${url}: the requested branch/tag does not exist on the remote. ` +
+            `Verify the ref name and re-run.`);
+    }
+    const detail = raw || spawnMsg || "unknown error";
+    return `Failed to clone ${url}: ${detail}`;
+}
+// ── Stash-safety helpers (#476) ──────────────────────────────────────────────
+/**
+ * Inspect `git status --porcelain` output and return every dirty path that is
+ * NOT inside an akm-managed subtree. Used by `runUpstreamPush` to refuse
+ * pushing unrelated WIP when a writable stash shares its root with a project
+ * repo.
+ *
+ * Porcelain v1 format: `XY <path>` or `XY <orig> -> <new>` for renames. We
+ * key off the post-rename path (or the only path) — that is the working-tree
+ * file at risk of being staged by `git add -A`.
+ */
+function collectNonAkmDirtyPaths(porcelainOutput) {
+    const akmDirs = new Set(Object.values(TYPE_DIRS));
+    const result = [];
+    for (const rawLine of porcelainOutput.split("\n")) {
+        const line = rawLine.replace(/\r$/, "");
+        if (line.length === 0)
+            continue;
+        // Skip the 2-char status code + 1 space.
+        let p = line.length > 3 ? line.slice(3) : "";
+        // Renames / copies: `from -> to`. Stage decision applies to `to`.
+        const arrow = p.lastIndexOf(" -> ");
+        if (arrow !== -1) {
+            p = p.slice(arrow + 4);
+        }
+        // Strip surrounding quotes for paths with special chars.
+        if (p.startsWith('"') && p.endsWith('"') && p.length >= 2) {
+            p = p.slice(1, -1);
+        }
+        if (!p)
+            continue;
+        const segments = p.split("/");
+        const top = segments[0];
+        if (top === ".akm" || akmDirs.has(top))
+            continue;
+        result.push(p);
+    }
+    return result;
+}
 // ── Exports ─────────────────────────────────────────────────────────────────
-export { ensureGitMirror, GitSourceProvider, getCachePaths, parseGitRepoUrl };
+export { collectNonAkmDirtyPaths, ensureGitMirror, GitSourceProvider, getCachePaths, parseGitRepoUrl };

package/dist/sources/providers/index.js

@@ -1,3 +1,6 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
 /**
  * Centralized source provider registration.
  *

package/dist/sources/providers/install-types.js

@@ -1,14 +1,4 @@
-/**
- * Install-time types used by `syncFromRef` and the legacy install pipeline.
- *
- * Distinct from the v1 {@link SourceProvider} interface (which only deals
- * with "configured sources" — entries already resolved into a directory).
- * These types describe the resolution+lockfile step that runs when
- * `akm add <install-ref>` materialises an upstream artifact into a local
- * cache directory.
- *
- * They live here, outside `provider.ts`, so the v1 SourceProvider
- * interface stays minimal (`{ name, kind, init, path, sync? }`) per the
- * architecture spec §2.1.
- */
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
 export {};

package/dist/sources/providers/npm.js

@@ -1,3 +1,6 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
 /**
  * Npm-source stash provider.
  *
@@ -5,10 +8,6 @@
  * integrity, extracts it securely (via `extractTarGzSecure`), detects the
  * stash root inside the package, and applies any nested `.akm-include`
  * configuration. Cache hits short-circuit the fetch.
- *
- * Audit is intentionally NOT performed here — `akmAdd` calls
- * `auditInstallCandidate` after `sync()` so the policy decision lives at
- * the orchestrator layer where the `--trust` flag is known.
  */
 import fs from "node:fs";
 import path from "node:path";

package/dist/sources/providers/provider-utils.js

@@ -1,3 +1,6 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
 import { createHash } from "node:crypto";
 import fs from "node:fs";
 import path from "node:path";

package/dist/sources/providers/sync-from-ref.js

@@ -1,14 +1,6 @@
-/**
- * Unified install-ref dispatcher.
- *
- * Replaces the historical `installRegistryRef()` entry point. Given an
- * unparsed install ref, this resolves the right syncable provider and
- * invokes its `sync()` method.
- *
- * Audit is intentionally NOT performed here; callers (`akmAdd`,
- * `akmUpdate`) decide whether to run `auditInstallCandidate` on the
- * synced `contentDir` because they own the `--trust` flag.
- */
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
 import { UsageError } from "../../core/errors";
 import { parseRegistryRef } from "../../registry/resolve";
 import { detectStashRoot } from "./provider-utils";

package/dist/sources/providers/tar-utils.js

@@ -1,3 +1,6 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
 /**
  * Tar archive extraction and integrity verification utilities.
  *

package/dist/sources/providers/website.js

@@ -1,27 +1,23 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
 import { registerSourceProvider } from "../provider-factory";
 import { ensureWebsiteMirror, getWebsiteCachePaths, validateWebsiteUrl } from "../website-ingest";
 /**
  * Website source provider — thin adapter over the shared website ingest module.
  */
-class WebsiteSourceProvider {
-    kind = "website";
-    name;
-    #config;
-    #url;
-    constructor(config) {
-        this.#config = config;
-        this.name = config.name ?? "website";
-        this.#url = validateWebsiteUrl(config.url ?? "");
-    }
-    async init(_ctx) {
-        // URL validation already happens in the constructor; nothing else to do.
-    }
-    path() {
-        return getWebsiteCachePaths(this.#url).stashDir;
-    }
-    async sync() {
-        await ensureWebsiteMirror(this.#config, { requireStashDir: true });
-    }
-}
-registerSourceProvider("website", (config) => new WebsiteSourceProvider(config));
-export { WebsiteSourceProvider };
+registerSourceProvider("website", (config) => {
+    const url = validateWebsiteUrl(config.url ?? "");
+    const name = config.name ?? "website";
+    return {
+        kind: "website",
+        name,
+        async init(_ctx) { },
+        path() {
+            return getWebsiteCachePaths(url).stashDir;
+        },
+        async sync() {
+            await ensureWebsiteMirror(config, { requireStashDir: true });
+        },
+    };
+});

package/dist/sources/resolve.js

@@ -1,3 +1,6 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
 import fs from "node:fs";
 import path from "node:path";
 import { deriveCanonicalAssetNameFromStashRoot, isRelevantAssetFile, resolveAssetPathFromName, TYPE_DIRS, } from "../core/asset-spec";

package/dist/sources/types.js

@@ -1 +1,4 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
 export {};

package/dist/sources/website-ingest.js

@@ -1,3 +1,6 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
 import { createHash } from "node:crypto";
 import fs from "node:fs";
 import path from "node:path";
@@ -167,6 +170,10 @@ async function crawlWebsite(startUrl, options) {
     return pages;
 }
 async function fetchWebsitePage(pageUrl) {
+    const parsedUrl = new URL(pageUrl);
+    if (parsedUrl.hostname.endsWith(".invalid")) {
+        throw new Error(`Refusing to fetch reserved invalid hostname: ${parsedUrl.hostname}`);
+    }
     const response = await fetchWithRetry(pageUrl, {
         headers: {
             Accept: "text/html, text/markdown, text/plain;q=0.9, application/xhtml+xml;q=0.8",