akm-cli 0.8.7 → 0.8.14

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "akm-cli",
-  "version": "0.8.7",
+  "version": "0.8.14",
   "type": "module",
   "description": "akm (Agent Knowledge Management) — A package manager for AI agent skills, commands, tools, and knowledge. Works with Claude Code, OpenCode, Cursor, and any AI coding assistant.",
   "keywords": [
@@ -50,13 +50,16 @@
     "akm-migrate-storage": "dist/scripts/migrate-storage.js"
   },
   "scripts": {
-    "preinstall": "node -e \"var ua=process.env.npm_config_user_agent||'';if(process.versions.bun||ua.startsWith('bun/')||process.env.BUN_INSTALL){process.exit(0)}console.error('\\n  ERROR: akm-cli 0.8 requires the Bun runtime (https://bun.sh) or the prebuilt binary.\\n  Running under Node.js is not supported in this release.\\n  Install options:\\n    1. Bun:    curl -fsSL https://bun.sh/install | bash  &&  bun install -g akm-cli\\n    2. Binary: curl -fsSL https://github.com/itlackey/akm/releases/latest/download/install.sh | bash\\n  Cross-runtime support is planned for 0.9.0.\\n');process.exit(1)\"",
-    "build": "rm -rf dist && bun run tsc --project ./tsconfig.build.json && bun scripts/copy-assets.ts",
+    "preinstall": "node -e \"var ua=process.env.npm_config_user_agent||'';var major=parseInt((process.versions.node||'0').split('.')[0],10);if(process.versions.bun||ua.startsWith('bun/')||process.env.BUN_INSTALL||major>=20){process.exit(0)}console.error('\\n  ERROR: akm-cli requires the Bun runtime (https://bun.sh), Node.js >= 20, or the prebuilt binary.\\n  Install options:\\n    1. Bun:    curl -fsSL https://bun.sh/install | bash  &&  bun install -g akm-cli\\n    2. Binary: curl -fsSL https://github.com/itlackey/akm/releases/latest/download/install.sh | bash\\n');process.exit(1)\"",
+    "build": "rm -rf dist && bun run tsc --project ./tsconfig.build.json && bun scripts/copy-assets.ts && bun scripts/fix-esm-extensions.ts",
     "check": "bun run lint && bunx tsc --noEmit && bun run test:unit && bun run test:integration",
+    "check:fast": "bun run lint && bunx tsc --noEmit && bun run test:unit",
     "check:changed": "bun test tests/output-baseline.test.ts tests/integration/e2e.test.ts tests/stash-search.test.ts && bun run lint && bunx tsc --noEmit",
-    "test": "bun test --parallel=12 --timeout=30000 ./tests --path-ignore-patterns=tests/integration",
-    "test:unit": "bun test --parallel=12 --timeout=30000 ./tests --path-ignore-patterns=tests/integration",
-    "test:integration": "bun test --parallel=12 --timeout=30000 ./tests/integration ./tests/commands ./tests/workflows",
+    "test": "bun test --parallel=${TEST_PARALLEL:-12} --timeout=30000 ./tests --path-ignore-patterns=tests/integration",
+    "test:unit": "bun test --parallel=${TEST_PARALLEL:-12} --timeout=30000 ./tests --path-ignore-patterns=tests/integration",
+    "test:integration": "bun test --parallel=${TEST_PARALLEL:-12} --timeout=30000 ./tests/integration ./tests/commands ./tests/workflows",
+    "test:node-smoke": "bun scripts/node-smoke.ts",
+    "test:node-compat": "AKM_NODE_COMPAT_TESTS=1 bun test --timeout=120000 tests/integration/node-compat.test.ts",
     "test:sharded": "bun test ./tests --shard=1/4 & bun test ./tests --shard=2/4 & bun test ./tests --shard=3/4 & bun test ./tests --shard=4/4 & wait",
     "test:time": "bun scripts/test-timing-report.ts",
     "lint:isolation": "bun scripts/lint-tests-isolation.ts",
@@ -64,7 +67,8 @@
     "lint:devto-posts:fix": "bun scripts/lint-devto-posts.ts --fix",
     "publish:devto": "npx -y @sinedied/devto-cli push \"docs/posts/**/*.md\" --token \"$DEVTO_TOKEN\" --repo \"$GITHUB_REPOSITORY\" --branch \"${GITHUB_REF_NAME:-main}\" --reconcile",
     "release:check": "./tests/release-check.sh",
-    "lint": "bunx biome check src/ tests/ && bun scripts/lint-tests-isolation.ts && bun scripts/lint-license-headers.ts",
+    "lint": "bunx biome check src/ tests/ && bun scripts/lint-tests-isolation.ts && bun scripts/lint-license-headers.ts && bun scripts/lint-runtime-boundary.ts",
+    "lint:runtime-boundary": "bun scripts/lint-runtime-boundary.ts",
     "lint:tests-isolation": "bun scripts/lint-tests-isolation.ts",
     "lint:fix": "bunx biome check --write src/ tests/",
     "format": "bunx biome format --write src/ tests/",
@@ -76,22 +80,27 @@
   },
   "devDependencies": {
     "@biomejs/biome": "^2.4.14",
+    "@types/better-sqlite3": "^7.6.11",
     "@types/node": "^22.19.17",
+    "@types/semver": "^7.5.8",
     "bun-types": "^1.3.13",
     "typescript": "^5.9.3"
   },
   "optionalDependencies": {
     "@huggingface/transformers": "^4.2.0",
+    "better-sqlite3": "^11.8.0",
     "sqlite-vec": "^0.1.9"
   },
   "engines": {
-    "bun": ">=1.0.0"
+    "bun": ">=1.0.0",
+    "node": ">=20.0.0"
   },
   "dependencies": {
     "@clack/prompts": "^1.3.0",
     "@opencode-ai/sdk": "1.2.20",
     "citty": "^0.2.2",
     "dotenv": "^17.4.2",
+    "semver": "^7.6.0",
     "yaml": "^2.8.4",
     "zod": "^3.23.0",
     "zod-to-json-schema": "^3.23.0"

package/dist/commands/add-cli.js

@@ -1,279 +0,0 @@
-// This Source Code Form is subject to the terms of the Mozilla Public
-// License, v. 2.0. If a copy of the MPL was not distributed with this
-// file, You can obtain one at https://mozilla.org/MPL/2.0/.
-import fs from "node:fs";
-import path from "node:path";
-import * as p from "@clack/prompts";
-import { defineCommand } from "citty";
-import { output, runWithJsonErrors } from "../cli/shared";
-import { UsageError } from "../core/errors";
-import { appendEvent } from "../core/events";
-import { warn } from "../core/warn";
-import { getHyphenatedBoolean } from "../output/context";
-import { akmRemove } from "./installed-stashes";
-import { akmAdd } from "./source-add";
-import { addStash } from "./source-manage";
-// ── Shared website-options helper (also used by wikiRegisterCommand) ──────────
-export function buildWebsiteOptions(args) {
-    const websiteOptions = {};
-    if (typeof args["max-pages"] === "string" && args["max-pages"].length > 0)
-        websiteOptions.maxPages = args["max-pages"];
-    if (typeof args["max-depth"] === "string" && args["max-depth"].length > 0)
-        websiteOptions.maxDepth = args["max-depth"];
-    return websiteOptions;
-}
-// ── HTTP safety check ─────────────────────────────────────────────────────────
-export function shouldWarnOnPlainHttp(ref) {
-    if (!ref.startsWith("http://"))
-        return false;
-    try {
-        const hostname = new URL(ref).hostname.toLowerCase();
-        return (hostname !== "localhost" &&
-            hostname !== "127.0.0.1" &&
-            hostname !== "0.0.0.0" &&
-            hostname !== "::1" &&
-            hostname !== "[::1]" &&
-            !hostname.endsWith(".localhost"));
-    }
-    catch {
-        return true;
-    }
-}
-// ── Command definition ────────────────────────────────────────────────────────
-export const addCommand = defineCommand({
-    meta: {
-        name: "add",
-        description: "Add a source (local directory, website, npm package, GitHub repo, git URL, or remote provider)",
-    },
-    args: {
-        ref: {
-            type: "positional",
-            description: "Path, URL, or registry ref (website URL, npm package, owner/repo, git URL, or local directory)",
-            required: true,
-        },
-        provider: { type: "string", description: "Provider type (e.g. website, npm). Required for URL sources." },
-        options: { type: "string", description: 'Provider options as JSON (e.g. \'{"apiKey":"key"}\').' },
-        name: { type: "string", description: "Human-friendly name for the source" },
-        writable: {
-            type: "boolean",
-            description: "Mark a git stash as writable so changes can be pushed back",
-            default: false,
-        },
-        type: {
-            type: "string",
-            description: "Override asset type for all files in this stash (currently supports: wiki)",
-        },
-        "max-pages": { type: "string", description: "Maximum pages to crawl for website sources (default: 50)" },
-        "max-depth": { type: "string", description: "Maximum crawl depth for website sources (default: 3)" },
-        "allow-insecure": {
-            type: "boolean",
-            description: "Allow a plain HTTP source URL and skip confirmation for dangerous vault keys (e.g. LD_PRELOAD, PATH). Use only after explicitly reviewing the stash.",
-            default: false,
-        },
-    },
-    async run({ args }) {
-        await runWithJsonErrors(async () => {
-            const ref = args.ref.trim();
-            const allowInsecure = getHyphenatedBoolean(args, "allow-insecure");
-            const allowDangerousKeys = allowInsecure;
-            // URL with --provider → stash source (remote or git provider)
-            if (args.provider) {
-                if (shouldWarnOnPlainHttp(ref)) {
-                    if (!allowInsecure) {
-                        throw new UsageError("Source URL uses plain HTTP (not HTTPS). An on-path attacker could substitute a malicious payload. " +
-                            "Use https:// or pass --allow-insecure if you have explicitly accepted the risk.", "INVALID_FLAG_VALUE", "Re-run with `--allow-insecure` only after confirming the URL is trusted.");
-                    }
-                    warn("Warning: source URL uses plain HTTP (not HTTPS). --allow-insecure was set; an on-path attacker could substitute a malicious payload.");
-                }
-                let parsedOptions;
-                if (args.options) {
-                    try {
-                        const parsed = JSON.parse(args.options);
-                        if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
-                            throw new UsageError("--options must be a JSON object");
-                        }
-                        parsedOptions = parsed;
-                    }
-                    catch (err) {
-                        if (err instanceof UsageError)
-                            throw err;
-                        throw new UsageError("--options must be valid JSON");
-                    }
-                }
-                const result = addStash({
-                    target: ref,
-                    name: args.name,
-                    providerType: args.provider,
-                    options: parsedOptions,
-                    writable: args.writable,
-                });
-                appendEvent({
-                    eventType: "add",
-                    metadata: { target: ref, provider: args.provider, name: args.name ?? null, writable: args.writable === true },
-                });
-                output("add", result);
-                return;
-            }
-            if (shouldWarnOnPlainHttp(ref)) {
-                if (!allowInsecure) {
-                    throw new UsageError("Source URL uses plain HTTP (not HTTPS). An on-path attacker could substitute a malicious payload. " +
-                        "Use https:// or pass --allow-insecure if you have explicitly accepted the risk.", "INVALID_FLAG_VALUE", "Re-run with `--allow-insecure` only after confirming the URL is trusted.");
-                }
-                warn("Warning: source URL uses plain HTTP (not HTTPS). --allow-insecure was set; an on-path attacker could substitute a malicious payload.");
-            }
-            const websiteOptions = buildWebsiteOptions(args);
-            if (args.type === "wiki") {
-                const { registerWikiSource } = await import("./source-add");
-                const result = await registerWikiSource({
-                    ref,
-                    name: args.name,
-                    options: Object.keys(websiteOptions).length > 0 ? websiteOptions : undefined,
-                    writable: args.writable,
-                });
-                appendEvent({
-                    eventType: "add",
-                    metadata: { target: ref, type: "wiki", name: args.name ?? null, writable: args.writable === true },
-                });
-                output("add", result);
-                return;
-            }
-            const result = await akmAdd({
-                ref,
-                name: args.name,
-                overrideType: args.type,
-                options: Object.keys(websiteOptions).length > 0 ? websiteOptions : undefined,
-                writable: args.writable,
-            });
-            appendEvent({
-                eventType: "add",
-                metadata: {
-                    target: ref,
-                    name: args.name ?? null,
-                    overrideType: args.type ?? null,
-                    writable: args.writable === true,
-                },
-            });
-            // ── Post-install vault key audit ────────────────────────────────────────
-            // Resolve the stash root from the install result and scan any vault files
-            // for dangerous env var keys.  When findings are present the install is
-            // gated: TTY → interactive confirmation prompt; non-TTY without
-            // --allow-insecure → hard failure (exit 1).  Pass
-            // --allow-insecure to skip the prompt non-interactively.
-            try {
-                const installedStashRoot = result.installed?.stashRoot ??
-                    (result.sourceAdded && "stashRoot" in result.sourceAdded ? result.sourceAdded.stashRoot : undefined);
-                if (installedStashRoot) {
-                    const { checkVaultForDangerousKeys } = await import("./lint/env-key-rules.js");
-                    // Collect all dangerous-key findings across every env file (env/, and
-                    // the deprecated vaults/) in the freshly-installed stash.
-                    const allFindings = [];
-                    for (const [subdir, prefix] of [
-                        ["env", "env"],
-                        ["vaults", "vault"],
-                    ]) {
-                        const dir = path.join(installedStashRoot, subdir);
-                        if (!fs.existsSync(dir))
-                            continue;
-                        const envFiles = fs.readdirSync(dir).filter((f) => f.endsWith(".env"));
-                        for (const envFile of envFiles) {
-                            const envPath = path.join(dir, envFile);
-                            const baseName = path.basename(envFile, ".env");
-                            const vaultRef = baseName === "" ? `${prefix}:default` : `${prefix}:${baseName}`;
-                            const relPath = path.join(subdir, envFile);
-                            const findings = checkVaultForDangerousKeys(envPath, relPath, vaultRef);
-                            for (const finding of findings) {
-                                // Extract the key name from the detail string for the summary line.
-                                const keyMatch = finding.detail.match(/Env key `([^`]+)`/);
-                                const keyName = keyMatch ? keyMatch[1] : finding.file;
-                                allFindings.push({ vaultRef, keyName, relPath });
-                            }
-                        }
-                    }
-                    if (allFindings.length > 0) {
-                        if (allowDangerousKeys) {
-                            // Operator has explicitly accepted the risk — warn and continue.
-                            for (const f of allFindings) {
-                                warn(`[dangerous-vault-key] ${f.relPath}: key \`${f.keyName}\` in ${f.vaultRef} can hijack process execution via \`akm vault run\`. Proceeding because --allow-insecure was set.`);
-                            }
-                        }
-                        else if (process.stdin.isTTY) {
-                            // Interactive path: show findings and ask the user to confirm.
-                            // Guard on stdin (not stdout) because p.confirm() reads from stdin;
-                            // stdout may be a TTY while stdin is piped, which would cause a hang.
-                            const stashLabel = ref;
-                            const groupedByVault = new Map();
-                            for (const f of allFindings) {
-                                const existing = groupedByVault.get(f.vaultRef) ?? [];
-                                existing.push(f.keyName);
-                                groupedByVault.set(f.vaultRef, existing);
-                            }
-                            for (const [vaultRef, keys] of groupedByVault) {
-                                warn(`[warn] Vault "${vaultRef}" in stash "${stashLabel}" contains potentially dangerous keys:`);
-                                for (const key of keys) {
-                                    warn(`  - ${key}: can hijack process execution via \`akm vault run\``);
-                                }
-                            }
-                            const confirmed = await p.confirm({
-                                message: "Install anyway?",
-                                initialValue: false,
-                            });
-                            if (p.isCancel(confirmed) || confirmed !== true) {
-                                // Roll back the install before aborting.
-                                // Use the canonical installed id (most reliably resolved by akmRemove) rather
-                                // than the raw user-supplied ref which may not match after URL normalisation.
-                                const rollbackTarget = result.installed?.id ?? result.sourceAdded?.stashRoot ?? ref;
-                                let rollbackWarning;
-                                try {
-                                    await akmRemove({ target: rollbackTarget });
-                                }
-                                catch (_rollbackErr) {
-                                    rollbackWarning =
-                                        `Rollback failed — stash may still be installed at ${installedStashRoot}. ` +
-                                            `Remove it manually with: akm remove ${rollbackTarget}`;
-                                }
-                                console.error(JSON.stringify({
-                                    ok: false,
-                                    error: "Install aborted: stash contains dangerous vault keys. Remove the keys or re-run with --allow-insecure to bypass.",
-                                    code: "DANGEROUS_VAULT_KEY",
-                                    ...(rollbackWarning ? { rollbackWarning } : {}),
-                                }, null, 2));
-                                process.exit(1);
-                            }
-                        }
-                        else {
-                            // Non-interactive path without bypass flag: fail hard.
-                            // Roll back the install before exiting.
-                            // Use the canonical installed id (most reliably resolved by akmRemove) rather
-                            // than the raw user-supplied ref which may not match after URL normalisation.
-                            const rollbackTarget = result.installed?.id ?? result.sourceAdded?.stashRoot ?? ref;
-                            let rollbackWarning;
-                            try {
-                                await akmRemove({ target: rollbackTarget });
-                            }
-                            catch (_rollbackErr) {
-                                rollbackWarning =
-                                    `Rollback failed — stash may still be installed at ${installedStashRoot}. ` +
-                                        `Remove it manually with: akm remove ${rollbackTarget}`;
-                            }
-                            const keyList = allFindings.map((f) => `  - ${f.keyName} (${f.vaultRef})`).join("\n");
-                            console.error(JSON.stringify({
-                                ok: false,
-                                error: `Install blocked: stash "${ref}" contains dangerous vault keys that can hijack process execution via \`akm vault run\`:\n${keyList}\nRe-run with --allow-insecure to bypass this check after reviewing the vault.`,
-                                code: "DANGEROUS_VAULT_KEY",
-                                ...(rollbackWarning ? { rollbackWarning } : {}),
-                            }, null, 2));
-                            process.exit(1);
-                        }
-                    }
-                }
-            }
-            catch (auditErr) {
-                // Only swallow errors that are NOT our intentional process.exit calls.
-                if (auditErr instanceof Error && auditErr.message === "process.exit called")
-                    throw auditErr;
-                // Vault key audit is best-effort; never fail the install on unexpected audit errors.
-            }
-            output("add", result);
-        });
-    },
-});

package/dist/commands/env.js

@@ -1,213 +0,0 @@
-// This Source Code Form is subject to the terms of the Mozilla Public
-// License, v. 2.0. If a copy of the MPL was not distributed with this
-// file, You can obtain one at https://mozilla.org/MPL/2.0/.
-/**
- * Environment asset type (`env`) — whole `.env` file storage.
- *
- * An `env` asset holds a GROUP of related CONFIGURATION for an app or service
- * (URLs, feature flags, and any credentials it needs) in a single `.env` file,
- * sourced/injected wholesale. Values may or may not be sensitive — akm protects
- * them all the same. For a single sensitive value used on its own for
- * authentication (a token, key, or cert), use the `secret` type instead.
- *
- * Unlike the deprecated `vault` type it replaces, akm does NOT manage individual
- * KEY=value entries (no `set`/`unset`/quoting): you edit the `.env` file with
- * your own editor, and akm loads it. The simplification removes the
- * hand-rolled quoting/escaping surface; the safety guarantee moves to the READ
- * path instead (see `buildShellExportScript` + `akm env export`).
- *
- * Invariant: env values must never be written to stdout, returned through the
- * indexer, the `akm show` renderer, or any structured output channel. Key
- * NAMES and start-of-line comments ARE surfaced by design (discoverability) —
- * only values are secret. The supported value-load paths are:
- *
- *   - `akm env run <ref> -- <command>` — values injected into the child
- *     process env (never via a shell), see `injectIntoEnv` / `loadEnv`. This is
- *     the primary path and the only one safe for AI agents (no values ever
- *     reach stdout). For an interactive shell, `akm env run <ref> -- $SHELL`.
- *   - `akm env export <ref> --out <file>` — write parse-then-reserialized safe
- *     `export KEY='value'` lines to a file (mode 0600) for `source`-ing. Values
- *     are re-emitted single-quoted so a raw `.env` containing `X=$(cmd)` cannot
- *     execute on load. `export` never prints values to stdout (would leak into
- *     an agent's context); `path` prints only the file path.
- *
- * Value parsing is delegated to the `dotenv` package — we deliberately do not
- * implement our own quoting/escaping rules for security-sensitive content.
- */
-import fs from "node:fs";
-import path from "node:path";
-import dotenv from "dotenv";
-import { writeFileAtomic } from "../core/common";
-/** Matches a KEY=value assignment line, capturing only the key. */
-const ASSIGN_RE = /^\s*(?:export\s+)?([A-Za-z_][A-Za-z0-9_]*)\s*=/;
-/** Scan lines and return KEY names in file order, without duplicates. */
-function scanKeys(text) {
-    const keys = [];
-    const seen = new Set();
-    for (const line of text.split(/\r?\n/)) {
-        const m = line.match(ASSIGN_RE);
-        if (!m)
-            continue;
-        const key = m[1];
-        if (seen.has(key))
-            continue;
-        seen.add(key);
-        keys.push(key);
-    }
-    return keys;
-}
-/**
- * Scan lines and return start-of-line `#` comments (with the leading `#` and
- * any leading whitespace stripped). Inline/trailing `#` after an assignment is
- * never extracted.
- */
-function scanComments(text) {
-    const comments = [];
-    for (const line of text.split(/\r?\n/)) {
-        const trimmed = line.trimStart();
-        if (trimmed.startsWith("#")) {
-            comments.push(trimmed.slice(1).trimStart());
-        }
-    }
-    return comments;
-}
-/**
- * Read and return ONLY non-secret metadata (keys + start-of-line comments).
- *
- * The function reads the whole file into memory (same as any dotenv parser)
- * but deliberately does not parse values — the LHS-only regex scanners above
- * ensure no value content is retained or returned. The guarantee is that
- * values never leave this function.
- */
-export function listKeys(envPath) {
-    if (!fs.existsSync(envPath))
-        return { keys: [], comments: [] };
-    const text = fs.readFileSync(envPath, "utf8");
-    return { keys: scanKeys(text), comments: scanComments(text) };
-}
-/**
- * Return structured `entries` pairing each key with the nearest preceding
- * comment line (if any). This is an easier-to-consume shape than the parallel
- * `keys[]` + `comments[]` of `listKeys` (QA #35).
- *
- * Values are never included — the same privacy guarantee as `listKeys`.
- */
-export function listEntries(envPath) {
-    if (!fs.existsSync(envPath))
-        return [];
-    const text = fs.readFileSync(envPath, "utf8");
-    const lines = text.split(/\r?\n/);
-    const seen = new Set();
-    const entries = [];
-    let pendingComment;
-    for (const line of lines) {
-        const trimmed = line.trimStart();
-        if (trimmed.startsWith("#")) {
-            // Capture the most recent comment before a key
-            pendingComment = trimmed.slice(1).trimStart() || undefined;
-            continue;
-        }
-        const m = line.match(ASSIGN_RE);
-        if (m) {
-            const key = m[1];
-            if (!seen.has(key)) {
-                seen.add(key);
-                const entry = { key };
-                if (pendingComment)
-                    entry.comment = pendingComment;
-                entries.push(entry);
-            }
-            pendingComment = undefined;
-        }
-        else {
-            // Any non-comment, non-assignment line (including blank lines)
-            // breaks "nearest preceding comment line" association.
-            pendingComment = undefined;
-        }
-    }
-    return entries;
-}
-/**
- * Read all KEY=value pairs from an env file. Intended for programmatic callers
- * that need to inject values into a process environment. Callers MUST NOT write
- * the returned values to stdout or any logged output.
- *
- * Value parsing (quoting, escapes, multi-line, etc.) is delegated to dotenv.
- */
-export function loadEnv(envPath) {
-    if (!fs.existsSync(envPath))
-        return {};
-    const buf = fs.readFileSync(envPath);
-    return dotenv.parse(buf);
-}
-/**
- * Load an env file and assign its values into `target` (defaults to
- * `process.env`). Returns the list of keys that were set so the caller can
- * log/observe without touching values.
- *
- * Existing keys in `target` are overwritten — callers who want to preserve
- * pre-existing environment variables should filter before calling.
- */
-export function injectIntoEnv(envPath, target = process.env) {
-    const env = loadEnv(envPath);
-    for (const [key, value] of Object.entries(env)) {
-        target[key] = value;
-    }
-    return Object.keys(env);
-}
-/**
- * Serialise an env file's values as a POSIX shell script of `export KEY='value'`
- * lines, with single-quote escaping (`'\''`). Every line is an assignment of a
- * literal string — there is no expansion, command substitution, or
- * non-assignment content, so `eval`-ing the output is safe regardless of what
- * the source file contains.
- *
- * This is the trust boundary for shell loading: a raw `.env` may contain
- * `X=$(rm -rf ~)`, which would execute if `source`d directly, but dotenv parses
- * it to the literal string `$(rm -rf ~)` and we re-emit it single-quoted. This
- * backs `akm env export <ref> --out <file>` (file-only; never printed to stdout).
- */
-export function buildShellExportScript(envPath) {
-    const env = loadEnv(envPath);
-    const lines = [];
-    for (const [key, value] of Object.entries(env)) {
-        // Defence in depth: dotenv already validates key shape, but reject any
-        // key we wouldn't be able to export safely.
-        if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(key))
-            continue;
-        const escaped = value.replace(/'/g, "'\\''");
-        lines.push(`export ${key}='${escaped}'`);
-    }
-    return lines.length > 0 ? `${lines.join("\n")}\n` : "";
-}
-/** Create an empty env file (does nothing if it already exists). */
-export function createEnv(envPath) {
-    ensureParentDir(envPath);
-    if (fs.existsSync(envPath))
-        return;
-    writeFileAtomic(envPath, "", 0o600);
-}
-/**
- * Write (create or overwrite) an env file with the given text content,
- * atomically at mode 0600. Used to ingest an existing `.env` file
- * (`env create --from-file` / `--from-stdin`).
- */
-export function writeEnv(envPath, content) {
-    ensureParentDir(envPath);
-    writeFileAtomic(envPath, content, 0o600);
-}
-/** Remove an env file (and its `.sensitive` marker, if present). Returns true if it existed. */
-export function removeEnv(envPath) {
-    if (!fs.existsSync(envPath))
-        return false;
-    fs.rmSync(envPath);
-    const marker = `${envPath}.sensitive`;
-    if (fs.existsSync(marker))
-        fs.rmSync(marker);
-    return true;
-}
-function ensureParentDir(filePath) {
-    const dir = path.dirname(filePath);
-    if (!fs.existsSync(dir))
-        fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
-}