akm-cli 0.7.4 → 0.8.0-rc1

package/dist/core/config.js

@@ -2,9 +2,9 @@ import { createHash } from "node:crypto";
 import fs from "node:fs";
 import path from "node:path";
 import { parseAgentConfig } from "../integrations/agent/config";
-import { filterNonEmptyStrings } from "./common";
+import { asNonEmptyString, filterNonEmptyStrings, writeFileAtomic } from "./common";
 import { ConfigError } from "./errors";
-import { getConfigDir as _getConfigDir, getConfigPath as _getConfigPath, getCacheDir } from "./paths";
+import { getCacheDir, getConfigPath } from "./paths";
 import { warn } from "./warn";
 // ── Defaults ────────────────────────────────────────────────────────────────
 export const DEFAULT_CONFIG = {
@@ -19,19 +19,53 @@ export const DEFAULT_CONFIG = {
     },
 };
 // ── Paths ───────────────────────────────────────────────────────────────────
-export function getConfigDir(env, platform) {
-    return _getConfigDir(env, platform);
+// ── Private helpers ─────────────────────────────────────────────────────────
+/**
+ * Returns `value` if it is a finite positive integer; otherwise `undefined`.
+ * Used to validate numeric config fields like `dimension`, `contextLength`,
+ * `timeoutMs`, `maxTokens`, and `ollamaOptions.num_ctx`.
+ */
+function parsePositiveInteger(_fieldPath, value) {
+    if (typeof value !== "number" || !Number.isFinite(value) || !Number.isInteger(value) || value <= 0) {
+        return undefined;
+    }
+    return value;
+}
+function parseNonNegativeNumber(value) {
+    if (typeof value !== "number" || !Number.isFinite(value) || value < 0)
+        return undefined;
+    return value;
 }
-export function getConfigPath() {
-    return _getConfigPath();
+/**
+ * Returns `value` if it is a string present in `allowed`; otherwise `undefined`.
+ */
+function isOneOf(value, allowed) {
+    return typeof value === "string" && allowed.includes(value);
+}
+/**
+ * Validates that `url` starts with `http://` or `https://`. Returns `url` on
+ * success and warns+returns `undefined` on failure. `fieldName` is used only
+ * in the warning message.
+ */
+function isValidHttpUrl(url, fieldName) {
+    if (typeof url !== "string" || !url)
+        return undefined;
+    if (!url.startsWith("http://") && !url.startsWith("https://")) {
+        warn(`[akm] Ignoring ${fieldName}: endpoint must start with http:// or https://, got "${url}"`);
+        return undefined;
+    }
+    return url;
+}
+function clearAllCaches() {
+    cachedConfig = undefined;
+    cachedUserConfig = undefined;
 }
 // ── Load / Save / Update ────────────────────────────────────────────────────
 const PROJECT_CONFIG_RELATIVE_PATH = path.join(".akm", "config.json");
 let cachedConfig;
 let cachedUserConfig;
 export function resetConfigCache() {
-    cachedConfig = undefined;
-    cachedUserConfig = undefined;
+    clearAllCaches();
 }
 function hashString(text) {
     // Simple, fast non-cryptographic hash (FNV-1a 32-bit) — sufficient to detect
@@ -85,6 +119,17 @@ export function loadUserConfig() {
     };
     return finalConfig;
 }
+export function getSources(config) {
+    return config.sources ?? [];
+}
+export function getEffectiveRegistries(config) {
+    return config.registries ?? DEFAULT_CONFIG.registries ?? [];
+}
+export function requireLlmConfig(config) {
+    if (!config.llm)
+        throw new ConfigError("LLM is not configured. Run `akm config set llm` to configure one.", "LLM_NOT_CONFIGURED");
+    return config.llm;
+}
 export function loadConfig() {
     const configPaths = getEffectiveConfigPaths();
     const signature = getConfigSignature(configPaths);
@@ -103,8 +148,7 @@ export function loadConfig() {
     return finalConfig;
 }
 export function saveConfig(config) {
-    cachedConfig = undefined;
-    cachedUserConfig = undefined;
+    clearAllCaches();
     const configPath = getConfigPath();
     const dir = path.dirname(configPath);
     fs.mkdirSync(dir, { recursive: true });
@@ -143,31 +187,7 @@ function sanitizeConfigForWrite(config) {
 }
 export function updateConfig(partial) {
     const current = loadUserConfig();
-    // Shallow-merge for top-level scalar fields; deep-merge known object-type config keys.
-    const merged = { ...current, ...partial };
-    // Deep-merge output — partial update should not wipe sibling keys
-    if (current.output && partial.output && partial.output !== current.output) {
-        merged.output = { ...current.output, ...partial.output };
-    }
-    // Deep-merge embedding — only when both sides are objects and partial does not intend to clear
-    if (current.embedding && partial.embedding && partial.embedding !== current.embedding) {
-        merged.embedding = { ...current.embedding, ...partial.embedding };
-    }
-    // Deep-merge llm — same pattern
-    if (current.llm && partial.llm && partial.llm !== current.llm) {
-        merged.llm = { ...current.llm, ...partial.llm };
-    }
-    // Deep-merge index per-pass entries so partial updates don't wipe siblings.
-    if (current.index && partial.index && partial.index !== current.index) {
-        const mergedIndex = { ...current.index };
-        for (const [passName, passOverride] of Object.entries(partial.index)) {
-            mergedIndex[passName] = { ...(mergedIndex[passName] ?? {}), ...passOverride };
-        }
-        merged.index = mergedIndex;
-    }
-    if (current.security && partial.security && partial.security !== current.security) {
-        merged.security = mergeSecurityConfig(current.security, partial.security);
-    }
+    const merged = mergeLoadedConfig(current, partial);
     saveConfig(merged);
     return merged;
 }
@@ -179,11 +199,8 @@ export function updateConfig(partial) {
  * combining multiple config sources so project config files only override what
  * they set.
  */
-function pickKnownKeys(raw) {
+function parseConfigLayer(raw) {
     const config = {};
-    if (Array.isArray(raw.stashes)) {
-        throw new ConfigError("The legacy `stashes[]` config key is no longer supported; rename it to `sources[]`.", "INVALID_CONFIG_FILE", `Edit ${_getConfigPath()} and replace \`stashes\` with \`sources\`.`);
-    }
     if (typeof raw.stashDir === "string" && raw.stashDir.trim()) {
         config.stashDir = raw.stashDir.trim();
     }
@@ -191,7 +208,7 @@ function pickKnownKeys(raw) {
     if (typeof raw.semanticSearchMode === "boolean") {
         config.semanticSearchMode = raw.semanticSearchMode ? "auto" : "off";
     }
-    else if (raw.semanticSearchMode === "off" || raw.semanticSearchMode === "auto") {
+    else if (isOneOf(raw.semanticSearchMode, ["off", "auto"])) {
         config.semanticSearchMode = raw.semanticSearchMode;
     }
     const embedding = parseEmbeddingConfig(raw.embedding);
@@ -209,9 +226,12 @@ function pickKnownKeys(raw) {
     const registries = parseRegistriesConfig(raw.registries);
     if (registries)
         config.registries = registries;
-    if (raw.stashInheritance === "replace" || raw.stashInheritance === "merge") {
+    if (isOneOf(raw.stashInheritance, ["replace", "merge"])) {
         config.stashInheritance = raw.stashInheritance;
     }
+    if (Array.isArray(raw.stashes)) {
+        throw new ConfigError("The legacy `stashes[]` config key is no longer supported. Rename it to `sources`.", "INVALID_CONFIG_FILE");
+    }
     const sources = parseSourcesConfig(raw.sources);
     if (sources) {
         config.sources = sources;
@@ -236,35 +256,102 @@ function pickKnownKeys(raw) {
     if (typeof raw.search === "object" && raw.search !== null && !Array.isArray(raw.search)) {
         const searchRaw = raw.search;
         const searchConfig = {};
+        for (const key of Object.keys(searchRaw)) {
+            if (key !== "minScore" && key !== "graphBoost") {
+                warn(`[akm] Ignoring unknown search key "${key}".`);
+            }
+        }
         if (typeof searchRaw.minScore === "number" && Number.isFinite(searchRaw.minScore) && searchRaw.minScore >= 0) {
             searchConfig.minScore = searchRaw.minScore;
         }
+        if (typeof searchRaw.graphBoost === "object" &&
+            searchRaw.graphBoost !== null &&
+            !Array.isArray(searchRaw.graphBoost)) {
+            const graphBoostRaw = searchRaw.graphBoost;
+            const graphBoostConfig = {};
+            for (const key of Object.keys(graphBoostRaw)) {
+                if (key !== "directBoostPerEntity" &&
+                    key !== "directBoostCap" &&
+                    key !== "hopBoostPerEntity" &&
+                    key !== "hopBoostCap" &&
+                    key !== "maxHops" &&
+                    key !== "confidenceMode" &&
+                    key !== "confidenceWeight") {
+                    warn(`[akm] Ignoring unknown search.graphBoost key "${key}".`);
+                }
+            }
+            const directBoostPerEntity = parseNonNegativeNumber(graphBoostRaw.directBoostPerEntity);
+            if (directBoostPerEntity !== undefined)
+                graphBoostConfig.directBoostPerEntity = directBoostPerEntity;
+            const directBoostCap = parseNonNegativeNumber(graphBoostRaw.directBoostCap);
+            if (directBoostCap !== undefined)
+                graphBoostConfig.directBoostCap = directBoostCap;
+            const hopBoostPerEntity = parseNonNegativeNumber(graphBoostRaw.hopBoostPerEntity);
+            if (hopBoostPerEntity !== undefined)
+                graphBoostConfig.hopBoostPerEntity = hopBoostPerEntity;
+            const hopBoostCap = parseNonNegativeNumber(graphBoostRaw.hopBoostCap);
+            if (hopBoostCap !== undefined)
+                graphBoostConfig.hopBoostCap = hopBoostCap;
+            const maxHops = parsePositiveInteger("search.graphBoost.maxHops", graphBoostRaw.maxHops);
+            if (maxHops !== undefined)
+                graphBoostConfig.maxHops = Math.min(maxHops, 3);
+            if (isOneOf(graphBoostRaw.confidenceMode, ["off", "blend", "multiply"])) {
+                graphBoostConfig.confidenceMode = graphBoostRaw.confidenceMode;
+            }
+            const confidenceWeight = parseNonNegativeNumber(graphBoostRaw.confidenceWeight);
+            if (confidenceWeight !== undefined)
+                graphBoostConfig.confidenceWeight = Math.min(confidenceWeight, 1);
+            if (Object.keys(graphBoostConfig).length > 0)
+                searchConfig.graphBoost = graphBoostConfig;
+        }
         if (Object.keys(searchConfig).length > 0)
             config.search = searchConfig;
     }
+    if (typeof raw.feedback === "object" && raw.feedback !== null && !Array.isArray(raw.feedback)) {
+        const feedbackRaw = raw.feedback;
+        const feedbackConfig = {};
+        if (typeof feedbackRaw.requireReason === "boolean") {
+            feedbackConfig.requireReason = feedbackRaw.requireReason;
+        }
+        if (Object.keys(feedbackConfig).length > 0)
+            config.feedback = feedbackConfig;
+    }
+    if (typeof raw.archiveRetentionDays === "number" &&
+        Number.isFinite(raw.archiveRetentionDays) &&
+        raw.archiveRetentionDays >= 0) {
+        config.archiveRetentionDays = raw.archiveRetentionDays;
+    }
     return config;
 }
-function readNormalizedConfig(configPath) {
-    const raw = readConfigObject(configPath);
-    const expanded = raw ? expandEnvVars(raw) : undefined;
-    return expanded ? pickKnownKeys(expanded) : undefined;
-}
-function readNormalizedConfigFromText(text) {
+function parseConfigText(text) {
     const raw = parseConfigObjectFromText(text);
     if (!raw)
         return undefined;
     const expanded = expandEnvVars(raw);
-    return pickKnownKeys(expanded);
+    return parseConfigLayer(expanded);
+}
+function readNormalizedConfig(configPath) {
+    let text;
+    try {
+        text = fs.readFileSync(configPath, "utf8");
+    }
+    catch {
+        return undefined;
+    }
+    return parseConfigText(text);
+}
+function readNormalizedConfigFromText(text) {
+    return parseConfigText(text);
 }
 function parseOutputConfig(value) {
     if (typeof value !== "object" || value === null || Array.isArray(value))
         return undefined;
     const obj = value;
     const output = {};
-    if (obj.format === "json" || obj.format === "yaml" || obj.format === "text") {
+    if (isOneOf(obj.format, ["json", "yaml", "text"])) {
         output.format = obj.format;
     }
-    if (obj.detail === "brief" || obj.detail === "normal" || obj.detail === "full") {
+    if (isOneOf(obj.detail, ["brief", "normal", "full"])) {
         output.detail = obj.detail;
     }
     return Object.keys(output).length > 0 ? output : undefined;
@@ -313,15 +400,6 @@ function expandEnvVars(value, fieldName) {
     }
     return value;
 }
-function readConfigObject(configPath) {
-    try {
-        const text = fs.readFileSync(configPath, "utf8");
-        return parseConfigObjectFromText(text);
-    }
-    catch {
-        return undefined;
-    }
-}
 function parseConfigObjectFromText(text) {
     try {
         const raw = JSON.parse(stripJsonComments(text));
@@ -334,20 +412,7 @@ function parseConfigObjectFromText(text) {
     }
 }
 function writeConfigObject(configPath, config) {
-    const tmpPath = `${configPath}.tmp.${process.pid}.${Math.random().toString(36).slice(2)}`;
-    try {
-        fs.writeFileSync(tmpPath, `${JSON.stringify(config, null, 2)}\n`, "utf8");
-        fs.renameSync(tmpPath, configPath);
-    }
-    catch (err) {
-        try {
-            fs.unlinkSync(tmpPath);
-        }
-        catch {
-            /* ignore cleanup failure */
-        }
-        throw err;
-    }
+    writeFileAtomic(configPath, `${JSON.stringify(config, null, 2)}\n`);
 }
 /**
  * Strip JavaScript-style comments from a JSON string (JSONC support).
@@ -413,8 +478,7 @@ function parseEmbeddingConfig(value) {
         }
         return undefined;
     }
-    if (!obj.endpoint.startsWith("http://") && !obj.endpoint.startsWith("https://")) {
-        warn(`[akm] Ignoring embedding config: endpoint must start with http:// or https://, got "${obj.endpoint}"`);
+    if (!isValidHttpUrl(obj.endpoint, "embedding config")) {
         // Still return localModel-only config if localModel was set
         if (localModel) {
             return { endpoint: "", model: "", localModel };
@@ -437,13 +501,10 @@ function parseEmbeddingConfig(value) {
         result.provider = obj.provider;
     }
     if ("dimension" in obj) {
-        if (typeof obj.dimension !== "number" ||
-            !Number.isFinite(obj.dimension) ||
-            !Number.isInteger(obj.dimension) ||
-            obj.dimension <= 0) {
+        const dim = parsePositiveInteger("embedding.dimension", obj.dimension);
+        if (dim === undefined)
             return undefined;
-        }
-        result.dimension = obj.dimension;
+        result.dimension = dim;
     }
     if (typeof obj.apiKey === "string" && obj.apiKey) {
         result.apiKey = obj.apiKey;
@@ -452,22 +513,17 @@ function parseEmbeddingConfig(value) {
         result.localModel = localModel;
     }
     if ("contextLength" in obj) {
-        if (typeof obj.contextLength !== "number" ||
-            !Number.isFinite(obj.contextLength) ||
-            !Number.isInteger(obj.contextLength) ||
-            obj.contextLength <= 0) {
+        const ctx = parsePositiveInteger("embedding.contextLength", obj.contextLength);
+        if (ctx === undefined)
             return undefined;
-        }
-        result.contextLength = obj.contextLength;
+        result.contextLength = ctx;
     }
     if (typeof obj.ollamaOptions === "object" && obj.ollamaOptions !== null && !Array.isArray(obj.ollamaOptions)) {
         const opts = obj.ollamaOptions;
         const parsed = {};
-        if (typeof opts.num_ctx === "number" &&
-            Number.isFinite(opts.num_ctx) &&
-            Number.isInteger(opts.num_ctx) &&
-            opts.num_ctx > 0) {
-            parsed.num_ctx = opts.num_ctx;
+        const numCtx = parsePositiveInteger("embedding.ollamaOptions.num_ctx", opts.num_ctx);
+        if (numCtx !== undefined) {
+            parsed.num_ctx = numCtx;
         }
         if (Object.keys(parsed).length > 0) {
             result.ollamaOptions = parsed;
@@ -481,10 +537,13 @@ function parseLlmConfig(value) {
     const obj = value;
     if (typeof obj.endpoint !== "string" || !obj.endpoint)
         return undefined;
-    if (!obj.endpoint.startsWith("http://") && !obj.endpoint.startsWith("https://")) {
-        warn(`[akm] Ignoring llm config: endpoint must start with http:// or https://, got "${obj.endpoint}"`);
+    if (!isValidHttpUrl(obj.endpoint, "llm config")) {
         return undefined;
     }
+    if (!obj.endpoint.endsWith("/chat/completions")) {
+        warn(`[akm] llm.endpoint "${obj.endpoint}" does not end in /chat/completions. ` +
+            `Did you mean "${obj.endpoint.replace(/\/+$/, "")}/chat/completions"?`);
+    }
     const model = typeof obj.model === "string" ? obj.model : "";
     const result = {
         endpoint: obj.endpoint,
@@ -496,14 +555,28 @@ function parseLlmConfig(value) {
     if (typeof obj.temperature === "number" && Number.isFinite(obj.temperature)) {
         result.temperature = obj.temperature;
     }
+    if ("timeoutMs" in obj) {
+        const t = parsePositiveInteger("llm.timeoutMs", obj.timeoutMs);
+        if (t === undefined)
+            return undefined;
+        result.timeoutMs = t;
+    }
+    if ("concurrency" in obj) {
+        const c = parsePositiveInteger("llm.concurrency", obj.concurrency);
+        if (c === undefined)
+            return undefined;
+        result.concurrency = c;
+    }
     if ("maxTokens" in obj) {
-        if (typeof obj.maxTokens !== "number" ||
-            !Number.isFinite(obj.maxTokens) ||
-            !Number.isInteger(obj.maxTokens) ||
-            obj.maxTokens <= 0) {
+        const m = parsePositiveInteger("llm.maxTokens", obj.maxTokens);
+        if (m === undefined)
             return undefined;
-        }
-        result.maxTokens = obj.maxTokens;
+        result.maxTokens = m;
+    }
+    if ("contextLength" in obj) {
+        const ctx = parsePositiveInteger("llm.contextLength", obj.contextLength);
+        if (ctx !== undefined)
+            result.contextLength = ctx;
     }
     if (typeof obj.apiKey === "string" && obj.apiKey) {
         result.apiKey = obj.apiKey;
@@ -521,6 +594,9 @@ function parseLlmConfig(value) {
         if (Object.keys(features).length > 0)
             result.features = features;
     }
+    if (typeof obj.judgeModel === "string" && obj.judgeModel.trim()) {
+        result.judgeModel = obj.judgeModel.trim();
+    }
     if (typeof obj.extraParams === "object" && obj.extraParams !== null && !Array.isArray(obj.extraParams)) {
         result.extraParams = obj.extraParams;
     }
@@ -538,6 +614,9 @@ const LOCKED_LLM_FEATURE_KEYS = new Set([
     "feedback_distillation",
     "memory_inference",
     "graph_extraction",
+    "memory_consolidation",
+    "lesson_quality_gate",
+    "metadata_enhance",
 ]);
 function parseLlmFeatures(raw) {
     const out = {};
@@ -550,22 +629,8 @@ function parseLlmFeatures(raw) {
             warn(`[akm] Ignoring llm.features.${key}: expected boolean, got ${typeof value}.`);
             continue;
         }
-        switch (key) {
-            case "memory_inference":
-                out.memory_inference = value;
-                break;
-            case "graph_extraction":
-                out.graph_extraction = value;
-                break;
-            case "curate_rerank":
-                out.curate_rerank = value;
-                break;
-            case "feedback_distillation":
-                out.feedback_distillation = value;
-                break;
-            // No default: LOCKED_LLM_FEATURE_KEYS is the source of truth for which
-            // keys are accepted. Adding a new locked key requires an arm here AND a
-            // field on LlmFeatureFlags above.
+        if (LOCKED_LLM_FEATURE_KEYS.has(key)) {
+            out[key] = value;
         }
     }
     return out;
@@ -586,6 +651,17 @@ const PROVIDER_CONFIG_KEYS = new Set([
     "maxTokens",
     "capabilities",
 ]);
+const GRAPH_EXTRACTION_INCLUDE_TYPES_ALLOWED = new Set([
+    "memory",
+    "knowledge",
+    "skill",
+    "command",
+    "agent",
+    "workflow",
+    "lesson",
+    "task",
+    "wiki",
+]);
 /**
  * Parse the `index` config block. Each entry is a pass name → small object
  * `{ llm?: boolean }`. Anything richer (a parallel provider config, unknown
@@ -611,8 +687,11 @@ function parseIndexConfig(value) {
                 throw new ConfigError(`Duplicate LLM provider configuration: \`index.${passName}.${key}\` is not allowed. ` +
                     "Configure provider/model/endpoint under top-level `llm` only; per-pass entries support `{ llm: false }` opt-out.", "INVALID_CONFIG_FILE", 'Move provider settings to the top-level "llm" block, then set `index.<pass>.llm = false` to opt a single pass out.');
             }
-            if (key !== "llm") {
-                throw new ConfigError(`Unknown key \`index.${passName}.${key}\`. Per-pass entries only support \`llm\` (boolean opt-out).`, "INVALID_CONFIG_FILE");
+            if (key !== "llm" &&
+                key !== "graphExtractionBatchSize" &&
+                key !== "graphExtractionIncludeTypes" &&
+                key !== "memoryInferenceBatchSize") {
+                throw new ConfigError(`Unknown key \`index.${passName}.${key}\`. Per-pass entries support \`llm\` (boolean opt-out), \`graphExtractionBatchSize\`, \`graphExtractionIncludeTypes\`, and \`memoryInferenceBatchSize\`.`, "INVALID_CONFIG_FILE");
             }
         }
         const passConfig = {};
@@ -623,6 +702,28 @@ function parseIndexConfig(value) {
             }
             passConfig.llm = llmFlag;
         }
+        if ("graphExtractionBatchSize" in passRaw) {
+            const n = parsePositiveInteger(`index.${passName}.graphExtractionBatchSize`, passRaw.graphExtractionBatchSize);
+            if (n !== undefined)
+                passConfig.graphExtractionBatchSize = n;
+        }
+        if ("graphExtractionIncludeTypes" in passRaw) {
+            const rawTypes = passRaw.graphExtractionIncludeTypes;
+            if (!Array.isArray(rawTypes) || !rawTypes.every((t) => typeof t === "string" && t.trim().length > 0)) {
+                throw new ConfigError(`Invalid \`index.${passName}.graphExtractionIncludeTypes\`: expected a non-empty string array of asset types.`, "INVALID_CONFIG_FILE");
+            }
+            const normalized = rawTypes.map((t) => t.trim().toLowerCase());
+            const invalid = normalized.filter((t) => !GRAPH_EXTRACTION_INCLUDE_TYPES_ALLOWED.has(t));
+            if (invalid.length > 0) {
+                throw new ConfigError(`Invalid \`index.${passName}.graphExtractionIncludeTypes\`: unsupported type(s): ${invalid.join(", ")}.`, "INVALID_CONFIG_FILE");
+            }
+            passConfig.graphExtractionIncludeTypes = normalized;
+        }
+        if ("memoryInferenceBatchSize" in passRaw) {
+            const n = parsePositiveInteger(`index.${passName}.memoryInferenceBatchSize`, passRaw.memoryInferenceBatchSize);
+            if (n !== undefined)
+                passConfig.memoryInferenceBatchSize = n;
+        }
         out[passName] = passConfig;
     }
     return out;
@@ -673,9 +774,6 @@ function parseInstalledStashEntry(value) {
         entry.wikiName = wikiName;
     return entry;
 }
-function asNonEmptyString(value) {
-    return typeof value === "string" && value ? value : undefined;
-}
 /**
  * Validate a legacy lockfile/installed-entry source string.
  *
@@ -728,6 +826,9 @@ function parseInstallAuditConfig(value) {
     if (typeof obj.blockUnlistedRegistries === "boolean")
         config.blockUnlistedRegistries = obj.blockUnlistedRegistries;
     const rawAllowlist = filterNonEmptyStrings(obj.registryAllowlist) ?? filterNonEmptyStrings(obj.registryWhitelist);
+    if (!obj.registryAllowlist && obj.registryWhitelist) {
+        warn("[akm] config: `registryWhitelist` is deprecated; rename it to `registryAllowlist`");
+    }
     if (rawAllowlist) {
         config.registryAllowlist = rawAllowlist;
     }
@@ -773,7 +874,7 @@ function parseSourceConfigEntry(value) {
         return undefined;
     if (type === "openviking") {
         const name = asNonEmptyString(obj.name) ?? "unnamed";
-        throw new ConfigError(`openviking is not supported in akm v1. API-backed sources will return as a\nseparate QuerySource tier post-v1. Remove the source named "${name}" from your config file\nor downgrade to 0.6.x. See docs/migration/v1.md.`, "INVALID_CONFIG_FILE", `Run \`akm remove ${name}\` then re-run, or edit your config file directly at ${_getConfigPath()} to remove the openviking entry.`);
+        throw new ConfigError(`openviking is not supported in akm v1. API-backed sources will return as a\nseparate QuerySource tier post-v1. Remove the source named "${name}" from your config file\nor downgrade to 0.6.x. See docs/migration/v1.md.`, "INVALID_CONFIG_FILE", `Run \`akm remove ${name}\` then re-run, or edit your config file directly at ${getConfigPath()} to remove the openviking entry.`);
     }
     const entry = { type };
     const entryPath = asNonEmptyString(obj.path);
@@ -952,6 +1053,12 @@ function mergeAgentConfig(base, override) {
         }
         merged.profiles = profiles;
     }
+    // Shallow merge per-key: later layer wins per process name (same as profiles).
+    const baseProcesses = base.processes;
+    const overrideProcesses = override.processes;
+    if (baseProcesses || overrideProcesses) {
+        merged.processes = { ...(baseProcesses ?? {}), ...(overrideProcesses ?? {}) };
+    }
     return merged;
 }
 function mergeSecurityConfig(base, override) {