wip: feat: Migrated version command to zig.

BREAKING CHANGE: Dir is now derived from Path rather than stored in the
DB. Your DB will need to be updated.

.envrc

@@ -1 +1,3 @@
 use flake
+
+export PATH=".:./deps/zig:./deps/zls:$PATH"

.gitignore

@@ -1,10 +1,16 @@
 # dev env
 .direnv
 
+# dependencies
+deps
+vendor
+
 # docs
 man 
 
 # build artifacts
+.zig-cache
 builds
 envr
+envr-go
 result

CHANGELOG.md

@@ -1,5 +1,43 @@
 # Changelog
 
+## [0.2.1](https://github.com/sbrow/envr/compare/v0.2.0...v0.2.1) (2026-01-12)
+
+
+### Bug Fixes
+
+* Added `add` as an alias for backup. ([cf363ab](https://github.com/sbrow/envr/commit/cf363abc4d8cec208d23c6acedbb7e0dd6900332))
+
+## [0.2.0](https://github.com/sbrow/envr/compare/v0.1.1...v0.2.0) (2025-11-10)
+
+
+### ⚠ BREAKING CHANGES
+
+* Dir is now derived from Path rather than stored in the DB. Your DB will need to be updated.
+* **scan:** The config value `scan.Exclude` is now a list rather than a string.
+* **check:** Renamed the `check` command to `deps`.
+* The config value `scan.Include` is now a list rather than a string.
+
+### Features
+
+* Added new `check` command. ([cbd74f3](https://github.com/sbrow/envr/commit/cbd74f387e2e330b2557d07dd82ba05cc91300ac))
+* **config:** The default config now filters out more junk. ([15be62b](https://github.com/sbrow/envr/commit/15be62b5a2a5a735b90b074497d645c5a2cfced8))
+* **init:** Added a `--force` flag for overwriting an existing config. ([169653d](https://github.com/sbrow/envr/commit/169653d7566f63730fb9da80a18330a566223be9))
+* Multiple scan includes are now supported. ([4273fa5](https://github.com/sbrow/envr/commit/4273fa58956d8736271a0af66202dca481126fe4))
+* **scan:** Added support for multiple exports. ([f43705c](https://github.com/sbrow/envr/commit/f43705cd53c6d87aef1f69df4e474441f25c1dc7))
+* **sync:** envr can now detect if directories have moved. ([4db0a4d](https://github.com/sbrow/envr/commit/4db0a4d33d2b6a79d13b36a8e8631f895e8fef8d))
+* **sync:** Now checks files for mismatched hashes before replacing. ([8074f7a](https://github.com/sbrow/envr/commit/8074f7ae6dfa54e931a198257f3f8e6d0cfe353a))
+
+
+### Bug Fixes
+
+* **check:** `fd` now correctly gets marked as found. ([17ce49c](https://github.com/sbrow/envr/commit/17ce49cd2d33942282c6f54ce819ac25978f6b7c))
+
+
+### Code Refactoring
+
+* **check:** Renamed the `check` command to `deps`. ([c9c34ce](https://github.com/sbrow/envr/commit/c9c34ce771653da214635f1df1fef1f23265c552))
+* Dir is no longer stored in the database. ([0fef74a](https://github.com/sbrow/envr/commit/0fef74a9bba0fbf3c34b66c2095955e6eee7047b))
+
 ## [0.1.1](https://github.com/sbrow/envr/compare/v0.1.0...v0.1.1) (2025-11-05)
 
 

README.md

@@ -19,10 +19,11 @@ be run on a cron.
 - 🔍 **Smart Scanning**: Automatically discover and import `.env` files in your
 home directory.
 - ✨ **Interactive CLI**: User-friendly prompts for file selection and management.
+- 🗂️ **Rename Detection**: Automatically finds and updates renamed/moved
+repositories.
 
 ## TODOS
-
-- [ ] 🗂️ **Rename Detection**: Automatically handle renamed repositories.
+- [x] Rename Detection: automatically update moved files.
 - [ ] Allow use of keys from `ssh-agent`
 - [x] Allow configuration of ssh key.
 - [x] Allow multiple ssh keys.

WINDOWS.md

@@ -0,0 +1,92 @@
+# Windows Compatibility Guide
+
+This document outlines Windows compatibility issues and solutions for the envr project.
+
+## Critical Issues
+
+### 1. Path Handling Bug (MUST FIX)
+
+**File:** `app/env_file.go:209`
+
+**Issue:** Uses `path.Join` instead of `filepath.Join`, which won't work correctly on Windows due to different path separators.
+
+**Current code:**
+```go
+f.Path = path.Join(newDir, path.Base(f.Path))
+```
+
+**Fixed code:**
+```go
+f.Path = filepath.Join(newDir, filepath.Base(f.Path))
+```
+
+## External Dependencies
+
+The application relies on external tools that need to be installed separately on Windows:
+
+### Required Tools
+
+1. **fd** - Fast file finder
+   - Install via: `winget install sharkdp.fd` or `choco install fd`
+   - Alternative: `scoop install fd`
+
+2. **git** - Version control system
+   - Install via: `winget install Git.Git` or download from git-scm.com
+   - Usually already available on most development machines
+
+## Minor Compatibility Notes
+
+### File Permissions
+- Unix file permissions (`0755`, `0644`) are used throughout the codebase
+- These are safely ignored on Windows - no changes needed
+
+### Editor Configuration
+**File:** `cmd/edit_config.go:20-24`
+
+**Issue:** Relies on `$EDITOR` environment variable which is less common on Windows.
+
+**Current behavior:** Fails if `$EDITOR` is not set
+
+**Recommended improvement:** Add fallback detection for Windows editors:
+```go
+editor := os.Getenv("EDITOR")
+if editor == "" {
+    if runtime.GOOS == "windows" {
+        editor = "notepad.exe"  // or "code.exe" for VS Code
+    } else {
+        fmt.Println("Error: $EDITOR environment variable is not set")
+        return
+    }
+}
+```
+
+## Installation Instructions for Windows
+
+1. Install required dependencies:
+   ```powershell
+   winget install sharkdp.fd
+   winget install Git.Git
+   ```
+
+2. Fix the path handling bug in `app/env_file.go:209`
+
+3. Build and run as normal:
+   ```powershell
+   go build
+   .\envr.exe init
+   ```
+
+## Testing on Windows
+
+After applying the critical path fix, the core functionality should work correctly on Windows. The application has been designed with cross-platform compatibility in mind, using:
+
+- `filepath` package for path operations (mostly)
+- `os.UserHomeDir()` for home directory detection
+- Standard Go file operations
+
+## Summary
+
+- **1 critical bug** must be fixed for Windows compatibility
+- **2 external tools** need to be installed
+- **1 minor enhancement** recommended for better Windows UX
+- Overall architecture is Windows-compatible

app/config.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
+	"path"
 	"path/filepath"
 	"strings"
 
@@ -18,6 +19,7 @@ type Config struct {
 	ScanConfig scanConfig   `json:"scan"`
 }
 
+// Used by age to encrypt and decrypt the database.
 type SshKeyPair struct {
 	Private string `json:"private"` // Path to the private key file
 	Public  string `json:"public"`  // Path to the public key file
@@ -26,8 +28,7 @@ type SshKeyPair struct {
 type scanConfig struct {
 	// TODO: Support multiple matchers
 	Matcher string   `json:"matcher"`
-	// TODO: Support multiple excludes
-	Exclude string   `json:"exclude"`
+	Exclude []string `json:"exclude"`
 	Include []string `json:"include"`
 }
 
@@ -48,7 +49,12 @@ func NewConfig(privateKeyPaths []string) Config {
 		Keys: keys,
 		ScanConfig: scanConfig{
 			Matcher: "\\.env",
-			Exclude: "*.envrc",
+			Exclude: []string{
+				"*\\.envrc",
+				"\\.local/",
+				"node_modules",
+				"vendor",
+			},
 			Include: []string{"~"},
 		},
 	}
@@ -109,6 +115,25 @@ func (c *Config) Save() error {
 	return os.WriteFile(configPath, data, 0644)
 }
 
+// buildFdArgs builds the fd command arguments with multiple exclude patterns
+func (c Config) buildFdArgs(searchPath string, includeIgnored bool) []string {
+	args := []string{"-a", c.ScanConfig.Matcher}
+
+	// Add exclude patterns
+	for _, exclude := range c.ScanConfig.Exclude {
+		args = append(args, "-E", exclude)
+	}
+
+	if includeIgnored {
+		args = append(args, "-HI")
+	} else {
+		args = append(args, "-H")
+	}
+
+	args = append(args, searchPath)
+	return args
+}
+
 // Use fd to find all ignored .env files that match the config's parameters
 func (c Config) scan() (paths []string, err error) {
 	searchPaths, err := c.searchPaths()
@@ -119,7 +144,7 @@ func (c Config) scan() (paths []string, err error) {
 	for _, searchPath := range searchPaths {
 		// Find all files (including ignored ones)
 		fmt.Printf("Searching for all files in \"%s\"...\n", searchPath)
-		allCmd := exec.Command("fd", "-a", c.ScanConfig.Matcher, "-E", c.ScanConfig.Exclude, "-HI", searchPath)
+		allCmd := exec.Command("fd", c.buildFdArgs(searchPath, true)...)
 		allOutput, err := allCmd.Output()
 		if err != nil {
 			return paths, err
@@ -132,7 +157,7 @@ func (c Config) scan() (paths []string, err error) {
 
 		// Find unignored files
 		fmt.Printf("Search for unignored fies in \"%s\"...\n", searchPath)
-		unignoredCmd := exec.Command("fd", "-a", c.ScanConfig.Matcher, "-E", c.ScanConfig.Exclude, "-H", searchPath)
+		unignoredCmd := exec.Command("fd", c.buildFdArgs(searchPath, false)...)
 		unignoredOutput, err := unignoredCmd.Output()
 		if err != nil {
 			return []string{}, err
@@ -184,8 +209,7 @@ func (c Config) searchPaths() (paths []string, err error) {
 	return paths, nil
 }
 
-// TODO: Should this be private?
-func (s SshKeyPair) Identity() (age.Identity, error) {
+func (s SshKeyPair) identity() (age.Identity, error) {
 	sshKey, err := os.ReadFile(s.Private)
 	if err != nil {
 		return nil, fmt.Errorf("failed to read SSH key: %w", err)
@@ -199,8 +223,7 @@ func (s SshKeyPair) Identity() (age.Identity, error) {
 	return id, nil
 }
 
-// TODO: Should this be private?
-func (s SshKeyPair) Recipient() (age.Recipient, error) {
+func (s SshKeyPair) recipient() (age.Recipient, error) {
 	sshKey, err := os.ReadFile(s.Public)
 	if err != nil {
 		return nil, fmt.Errorf("failed to read SSH key: %w", err)
@@ -213,3 +236,32 @@ func (s SshKeyPair) Recipient() (age.Recipient, error) {
 
 	return id, nil
 }
+
+// Use fd to find all git roots in the config's search paths
+func (c Config) findGitRoots() (paths []string, err error) {
+	searchPaths, err := c.searchPaths()
+	if err != nil {
+		return []string{}, err
+	}
+
+	for _, searchPath := range searchPaths {
+		allCmd := exec.Command("fd", "-H", "-t", "d", "^\\.git$", searchPath)
+		allOutput, err := allCmd.Output()
+		if err != nil {
+			return paths, err
+		}
+
+		allFiles := strings.Split(strings.TrimSpace(string(allOutput)), "\n")
+		if len(allFiles) == 1 && allFiles[0] == "" {
+			allFiles = []string{}
+		}
+
+		for i, file := range allFiles {
+			allFiles[i] = path.Dir(path.Clean(file))
+		}
+
+		paths = append(paths, allFiles...)
+	}
+
+	return paths, nil
+}

app/db.go

@@ -1,5 +1,6 @@
 package app
 
+// TODO: app/db.go should be reviewed.
 import (
 	"database/sql"
 	"encoding/json"
@@ -13,19 +14,12 @@ import (
 	_ "modernc.org/sqlite"
 )
 
-// CloseMode determines whether or not the in-memory DB should be saved to disk
-// before closing the connection.
-type CloseMode int
-
-const (
-	ReadOnly CloseMode = iota
-	Write
-)
-
 type Db struct {
 	db       *sql.DB
 	cfg      Config
 	features *AvailableFeatures
+	// If true, the database will be saved to disk before closing
+	changed bool
 }
 
 func Open() (*Db, error) {
@@ -37,7 +31,7 @@ func Open() (*Db, error) {
 	if _, err := os.Stat("/home/spencer/.envr/data.age"); err != nil {
 		// Create a new DB
 		db, err := newDb()
-		return &Db{db, *cfg, nil}, err
+		return &Db{db, *cfg, nil, true}, err
 	} else {
 		// Open the existing DB
 		tmpFile, err := os.CreateTemp("", "envr-*.db")
@@ -59,7 +53,7 @@ func Open() (*Db, error) {
 
 		restoreDB(tmpFile.Name(), memDb)
 
-		return &Db{memDb, *cfg, nil}, nil
+		return &Db{memDb, *cfg, nil, false}, nil
 	}
 }
 
@@ -72,7 +66,6 @@ func newDb() (*sql.DB, error) {
 	} else {
 		_, err := db.Exec(`create table envr_env_files (
       path text primary key not null
-    , dir text not null
     , remotes text -- JSON
     , sha256 text not null
     , contents text not null
@@ -108,7 +101,7 @@ func decryptDb(tmpFilePath string, keys []SshKeyPair) error {
 	identities := make([]age.Identity, 0, len(keys))
 
 	for _, key := range keys {
-		id, err := key.Identity()
+		id, err := key.identity()
 
 		if err != nil {
 			return err
@@ -150,7 +143,7 @@ func restoreDB(path string, destDB *sql.DB) error {
 
 // Returns all the EnvFiles present in the database.
 func (db *Db) List() (results []EnvFile, err error) {
-	rows, err := db.db.Query("select * from envr_env_files")
+	rows, err := db.db.Query("select path, remotes, sha256, contents from envr_env_files")
 
 	if err != nil {
 		return nil, err
@@ -159,14 +152,18 @@ func (db *Db) List() (results []EnvFile, err error) {
 
 	for rows.Next() {
 		var envFile EnvFile
-		var remotesJSON string
-
-		err := rows.Scan(&envFile.Path, &envFile.Dir, &remotesJSON, &envFile.Sha256, &envFile.contents)
+		var remotesJson []byte
+		err := rows.Scan(&envFile.Path, &remotesJson, &envFile.Sha256, &envFile.contents)
 		if err != nil {
 			return nil, err
 		}
 
-		// TODO: unmarshal remotesJSON into envFile.remotes
+		// Populate Dir from Path
+		envFile.Dir = filepath.Dir(envFile.Path)
+
+		if err := json.Unmarshal(remotesJson, &envFile.Remotes); err != nil {
+			return nil, err
+		}
 
 		results = append(results, envFile)
 	}
@@ -178,10 +175,10 @@ func (db *Db) List() (results []EnvFile, err error) {
 	return results, nil
 }
 
-func (db *Db) Close(mode CloseMode) error {
+func (db *Db) Close() error {
 	defer db.db.Close()
 
-	if mode == Write {
+	if db.changed {
 		// Create tmp file
 		tmpFile, err := os.CreateTemp("", "envr-*.db")
 		if err != nil {
@@ -197,6 +194,8 @@ func (db *Db) Close(mode CloseMode) error {
 		if err := encryptDb(tmpFile.Name(), db.cfg.Keys); err != nil {
 			return err
 		}
+
+		db.changed = false
 	}
 
 	return nil
@@ -242,7 +241,7 @@ func encryptDb(tmpFilePath string, keys []SshKeyPair) error {
 
 	recipients := make([]age.Recipient, 0, len(keys))
 	for _, key := range keys {
-		recipient, err := key.Recipient()
+		recipient, err := key.recipient()
 
 		if err != nil {
 			return err
@@ -278,14 +277,16 @@ func (db *Db) Insert(file EnvFile) error {
 
 	// Insert into database
 	_, err = db.db.Exec(`
-		INSERT OR REPLACE INTO envr_env_files (path, dir, remotes, sha256, contents)
-		VALUES (?, ?, ?, ?, ?)
-	`, file.Path, file.Dir, string(remotesJSON), file.Sha256, file.contents)
+		INSERT OR REPLACE INTO envr_env_files (path, remotes, sha256, contents)
+		VALUES (?, ?, ?, ?)
+	`, file.Path, string(remotesJSON), file.Sha256, file.contents)
 
 	if err != nil {
 		return fmt.Errorf("failed to insert env file: %w", err)
 	}
 
+	db.changed = true
+
 	return nil
 }
 
@@ -293,12 +294,15 @@ func (db *Db) Insert(file EnvFile) error {
 func (db *Db) Fetch(path string) (envFile EnvFile, err error) {
 	var remotesJSON string
 
-	row := db.db.QueryRow("SELECT path, dir, remotes, sha256, contents FROM envr_env_files WHERE path = ?", path)
-	err = row.Scan(&envFile.Path, &envFile.Dir, &remotesJSON, &envFile.Sha256, &envFile.contents)
+	row := db.db.QueryRow("SELECT path, remotes, sha256, contents FROM envr_env_files WHERE path = ?", path)
+	err = row.Scan(&envFile.Path, &remotesJSON, &envFile.Sha256, &envFile.contents)
 	if err != nil {
 		return EnvFile{}, fmt.Errorf("failed to fetch env file: %w", err)
 	}
 
+	// Populate Dir from Path
+	envFile.Dir = filepath.Dir(envFile.Path)
+
 	if err = json.Unmarshal([]byte(remotesJSON), &envFile.Remotes); err != nil {
 		return EnvFile{}, fmt.Errorf("failed to unmarshal remotes: %w", err)
 	}
@@ -322,6 +326,8 @@ func (db *Db) Delete(path string) error {
 		return fmt.Errorf("no file found with path: %s", path)
 	}
 
+	db.changed = true
+
 	return nil
 }
 
@@ -381,3 +387,35 @@ func (db *Db) CanScan() error {
 		return nil
 	}
 }
+
+// If true, [Db.Insert] should be called on the [EnvFile] that generated
+// the given result
+func (db Db) UpdateRequired(status EnvFileSyncResult) bool {
+	return status&(BackedUp|DirUpdated) != 0
+}
+
+func (db *Db) Sync(file *EnvFile) (result EnvFileSyncResult, err error) {
+	// TODO: This results in findMovedDirs being called multiple times.
+	return file.sync(TrustFilesystem, db)
+}
+
+// Looks for git directories that share one or more git remotes with
+// the given file.
+func (db Db) findMovedDirs(file *EnvFile) (movedDirs []string, err error) {
+	if err = db.Features().validateFeatures(Fd, Git); err != nil {
+		return movedDirs, err
+	}
+
+	gitRoots, err := db.cfg.findGitRoots()
+	if err != nil {
+		return movedDirs, err
+	} else {
+		for _, dir := range gitRoots {
+			if file.sharesRemote(getGitRemotes(dir)) {
+				movedDirs = append(movedDirs, dir)
+			}
+		}
+
+		return movedDirs, nil
+	}
+}

app/env_file.go

@@ -2,15 +2,19 @@ package app
 
 import (
 	"crypto/sha256"
+	"errors"
 	"fmt"
 	"os"
 	"os/exec"
+	"path"
 	"path/filepath"
 	"strings"
 )
 
 type EnvFile struct {
+	// TODO: Should use FileName in the struct and derive from the path.
 	Path string
+	// Dir is derived from Path, and is not stored in the database.
 	Dir      string
 	Remotes  []string // []string
 	Sha256   string
@@ -21,16 +25,30 @@ type EnvFile struct {
 type EnvFileSyncResult int
 
 const (
-	// The struct has been updated from the filesystem
-	// and should be updated in the database.
-	Updated EnvFileSyncResult = iota
-	// The filesystem has been restored to match the struct
-	// no further action is required.
-	Restored
-	Error
 	// The filesystem contents matches the struct
 	// no further action is required.
-	Noop
+	Noop EnvFileSyncResult = 0
+	// The directory changed, but the file contents matched.
+	// The database must be updated.
+	DirUpdated EnvFileSyncResult = 1
+	// The filesystem has been restored to match the struct
+	// no further action is required.
+	Restored EnvFileSyncResult = 1 << 1
+	// The filesystem has been restored to match the struct.
+	// The directory changed, so the database must be updated
+	RestoredAndDirUpdated EnvFileSyncResult = Restored | DirUpdated
+	// The struct has been updated from the filesystem
+	// and should be updated in the database.
+	BackedUp EnvFileSyncResult = 1 << 2
+	Error    EnvFileSyncResult = 1 << 3
+)
+
+// Determines the source of truth when calling [EnvFile.Sync] or [EnvFile.Restore]
+type syncDirection int
+
+const (
+	TrustDatabase syncDirection = iota
+	TrustFilesystem
 )
 
 func NewEnvFile(path string) EnvFile {
@@ -95,62 +113,119 @@ func getGitRemotes(dir string) []string {
 	return remotes
 }
 
-// Install the file into the file system
-func (file EnvFile) Restore() error {
-	// TODO: Handle restores more cleanly
-	// Ensure the directory exists
-	if _, err := os.Stat(file.Dir); err != nil {
-		return fmt.Errorf("directory missing")
+// Reconcile the state of the database with the state of the filesystem, using
+// dir to determine which side to use a the source of truth.
+func (f *EnvFile) sync(dir syncDirection, db *Db) (result EnvFileSyncResult, err error) {
+	if result != Noop {
+		panic("Invalid state")
 	}
 
-	// Check if file already exists
-	if _, err := os.Stat(file.Path); err == nil {
-		return fmt.Errorf("file already exists: %s", file.Path)
+	if _, err := os.Stat(f.Dir); err != nil {
+		// Directory doesn't exist
+
+		var movedDirs []string
+
+		if db != nil {
+			movedDirs, err = db.findMovedDirs(f)
+		}
+		if err != nil {
+			return Error, err
+		} else {
+			switch len(movedDirs) {
+			case 0:
+				return Error, fmt.Errorf("directory missing")
+			case 1:
+				f.updateDir(movedDirs[0])
+				result |= DirUpdated
+			default:
+				return Error, fmt.Errorf("multiple directories found")
+			}
+		}
 	}
 
-	// Write the contents to the file
-	if err := os.WriteFile(file.Path, []byte(file.contents), 0644); err != nil {
-		return fmt.Errorf("failed to write file: %w", err)
+	if _, err := os.Stat(f.Path); err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			if err := os.WriteFile(f.Path, []byte(f.contents), 0644); err != nil {
+				return Error, fmt.Errorf("failed to write file: %w", err)
 			}
 
-	return nil
+			return result | Restored, nil
+		} else {
+			return Error, err
+		}
+	} else {
+		// File exists, check its hash
+		contents, err := os.ReadFile(f.Path)
+		if err != nil {
+			return Error, fmt.Errorf("failed to read file for SHA comparison: %w", err)
+		}
+
+		hash := sha256.Sum256(contents)
+		currentSha := fmt.Sprintf("%x", hash)
+
+		// Compare the hashes
+		if currentSha == f.Sha256 {
+			// No op, or DirUpdated
+			return result, nil
+		} else {
+			switch dir {
+			case TrustDatabase:
+				if err := os.WriteFile(f.Path, []byte(f.contents), 0644); err != nil {
+					return Error, fmt.Errorf("failed to write file: %w", err)
+				}
+
+				return result | Restored, nil
+			case TrustFilesystem:
+				// Overwrite the database
+				if err = f.Backup(); err != nil {
+					return Error, err
+				} else {
+					return BackedUp, nil
+				}
+			default:
+				panic("unknown sync direction")
+			}
+		}
+	}
+}
+
+func (f *EnvFile) sharesRemote(remotes []string) bool {
+	rMap := make(map[string]bool)
+	for _, remote := range f.Remotes {
+		rMap[remote] = true
+	}
+
+	for _, remote := range remotes {
+		if rMap[remote] {
+			return true
+		}
+	}
+
+	return false
+}
+
+func (f *EnvFile) updateDir(newDir string) {
+	f.Dir = newDir
+	f.Path = path.Join(newDir, path.Base(f.Path))
+	f.Remotes = getGitRemotes(newDir)
 }
 
 // Try to reconcile the EnvFile with the filesystem.
 //
 // If Updated is returned, [Db.Insert] should be called on file.
 func (file *EnvFile) Sync() (result EnvFileSyncResult, err error) {
-	// Check if the path exists in the file system
-	_, err = os.Stat(file.Path)
-	if err == nil {
-		contents, err := os.ReadFile(file.Path)
-		if err != nil {
-			return Error, fmt.Errorf("failed to read file for SHA comparison: %w", err)
-		}
-
-		// Check if sha matches by reading the current file and calculating its hash
-		hash := sha256.Sum256(contents)
-		currentSha := fmt.Sprintf("%x", hash)
-		if file.Sha256 == currentSha {
-			// Nothing to do
-			return Noop, nil
-		} else {
-			if err = file.Backup(); err != nil {
-				return Error, err
-			} else {
-				return Updated, nil
-			}
-		}
-	} else {
-		if err = file.Restore(); err != nil {
-			return Error, err
-		} else {
-			return Restored, nil
-		}
-	}
+	return file.sync(TrustFilesystem, nil)
 }
 
-// Update the EnvFile using the file system
+// Install the file into the file system. If the file already exists,
+// it will be overwritten.
+func (file EnvFile) Restore() error {
+	_, err := file.sync(TrustDatabase, nil)
+
+	return err
+}
+
+// Update the EnvFile using the file system.
 func (file *EnvFile) Backup() error {
 	// Read the contents of the file
 	contents, err := os.ReadFile(file.Path)

app/features.go

@@ -1,9 +1,20 @@
 package app
 
 import (
+	"fmt"
 	"os/exec"
 )
 
+type MissingFeatureError struct {
+	feature AvailableFeatures
+}
+
+func (m *MissingFeatureError) Error() string {
+	return fmt.Sprintf("Missing \"%s\" feature", m.feature)
+}
+
+// TODO: Features should really be renamed to Binaries
+
 // Represents which binaries are present in $PATH.
 // Used to fail safely when required features are unavailable
 type AvailableFeatures int
@@ -30,3 +41,20 @@ func checkFeatures() (feats AvailableFeatures) {
 
 	return feats
 }
+
+// Returns a MissingFeature error if the given features aren't present.
+func (a AvailableFeatures) validateFeatures(features ...AvailableFeatures) error {
+	var missing AvailableFeatures
+
+	for _, feat := range features {
+		if a&feat == 0 {
+			missing |= feat
+		}
+	}
+
+	if missing == 0 {
+		return nil
+	} else {
+		return &MissingFeatureError{missing}
+	}
+}

build.zig

@@ -0,0 +1,156 @@
+const std = @import("std");
+
+// Although this function looks imperative, it does not perform the build
+// directly and instead it mutates the build graph (`b`) that will be then
+// executed by an external runner. The functions in `std.Build` implement a DSL
+// for defining build steps and express dependencies between them, allowing the
+// build runner to parallelize the build automatically (and the cache system to
+// know when a step doesn't need to be re-run).
+pub fn build(b: *std.Build) void {
+    // Standard target options allow the person running `zig build` to choose
+    // what target to build for. Here we do not override the defaults, which
+    // means any target is allowed, and the default is native. Other options
+    // for restricting supported target set are available.
+    const target = b.standardTargetOptions(.{});
+    // Standard optimization options allow the person running `zig build` to select
+    // between Debug, ReleaseSafe, ReleaseFast, and ReleaseSmall. Here we do not
+    // set a preferred release mode, allowing the user to decide how to optimize.
+    const optimize = b.standardOptimizeOption(.{});
+    // It's also possible to define more custom flags to toggle optional features
+    // of this build script using `b.option()`. All defined flags (including
+    // target and optimize options) will be listed when running `zig build --help`
+    // in this directory.
+
+    // This creates a module, which represents a collection of source files alongside
+    // some compilation options, such as optimization mode and linked system libraries.
+    // Zig modules are the preferred way of making Zig code available to consumers.
+    // addModule defines a module that we intend to make available for importing
+    // to our consumers. We must give it a name because a Zig package can expose
+    // multiple modules and consumers will need to be able to specify which
+    // module they want to access.
+    const mod = b.addModule("envr", .{
+        // The root source file is the "entry point" of this module. Users of
+        // this module will only be able to access public declarations contained
+        // in this file, which means that if you have declarations that you
+        // intend to expose to consumers that were defined in other files part
+        // of this module, you will have to make sure to re-export them from
+        // the root file.
+        .root_source_file = b.path("src/root.zig"),
+        // Later on we'll use this module as the root module of a test executable
+        // which requires us to specify a target.
+        .target = target,
+    });
+
+    // Here we define an executable. An executable needs to have a root module
+    // which needs to expose a `main` function. While we could add a main function
+    // to the module defined above, it's sometimes preferable to split business
+    // logic and the CLI into two separate modules.
+    //
+    // If your goal is to create a Zig library for others to use, consider if
+    // it might benefit from also exposing a CLI tool. A parser library for a
+    // data serialization format could also bundle a CLI syntax checker, for example.
+    //
+    // If instead your goal is to create an executable, consider if users might
+    // be interested in also being able to embed the core functionality of your
+    // program in their own executable in order to avoid the overhead involved in
+    // subprocessing your CLI tool.
+    //
+    // If neither case applies to you, feel free to delete the declaration you
+    // don't need and to put everything under a single module.
+    const exe = b.addExecutable(.{
+        .name = "envr",
+        .root_module = b.createModule(.{
+            // b.createModule defines a new module just like b.addModule but,
+            // unlike b.addModule, it does not expose the module to consumers of
+            // this package, which is why in this case we don't have to give it a name.
+            .root_source_file = b.path("src/main.zig"),
+            // Target and optimization levels must be explicitly wired in when
+            // defining an executable or library (in the root module), and you
+            // can also hardcode a specific target for an executable or library
+            // definition if desireable (e.g. firmware for embedded devices).
+            .target = target,
+            .optimize = optimize,
+            // List of modules available for import in source files part of the
+            // root module.
+            .imports = &.{
+                // Here "envr" is the name you will use in your source code to
+                // import this module (e.g. `@import("envr")`). The name is
+                // repeated because you are allowed to rename your imports, which
+                // can be extremely useful in case of collisions (which can happen
+                // importing modules from different packages).
+                .{ .name = "envr", .module = mod },
+            },
+        }),
+    });
+
+    // This declares intent for the executable to be installed into the
+    // install prefix when running `zig build` (i.e. when executing the default
+    // step). By default the install prefix is `zig-out/` but can be overridden
+    // by passing `--prefix` or `-p`.
+    b.installArtifact(exe);
+
+    // This creates a top level step. Top level steps have a name and can be
+    // invoked by name when running `zig build` (e.g. `zig build run`).
+    // This will evaluate the `run` step rather than the default step.
+    // For a top level step to actually do something, it must depend on other
+    // steps (e.g. a Run step, as we will see in a moment).
+    const run_step = b.step("run", "Run the app");
+
+    // This creates a RunArtifact step in the build graph. A RunArtifact step
+    // invokes an executable compiled by Zig. Steps will only be executed by the
+    // runner if invoked directly by the user (in the case of top level steps)
+    // or if another step depends on it, so it's up to you to define when and
+    // how this Run step will be executed. In our case we want to run it when
+    // the user runs `zig build run`, so we create a dependency link.
+    const run_cmd = b.addRunArtifact(exe);
+    run_step.dependOn(&run_cmd.step);
+
+    // By making the run step depend on the default step, it will be run from the
+    // installation directory rather than directly from within the cache directory.
+    run_cmd.step.dependOn(b.getInstallStep());
+
+    // This allows the user to pass arguments to the application in the build
+    // command itself, like this: `zig build run -- arg1 arg2 etc`
+    if (b.args) |args| {
+        run_cmd.addArgs(args);
+    }
+
+    // Creates an executable that will run `test` blocks from the provided module.
+    // Here `mod` needs to define a target, which is why earlier we made sure to
+    // set the releative field.
+    const mod_tests = b.addTest(.{
+        .root_module = mod,
+    });
+
+    // A run step that will run the test executable.
+    const run_mod_tests = b.addRunArtifact(mod_tests);
+
+    // Creates an executable that will run `test` blocks from the executable's
+    // root module. Note that test executables only test one module at a time,
+    // hence why we have to create two separate ones.
+    const exe_tests = b.addTest(.{
+        .root_module = exe.root_module,
+    });
+
+    // A run step that will run the second test executable.
+    const run_exe_tests = b.addRunArtifact(exe_tests);
+
+    // A top level step for running all tests. dependOn can be called multiple
+    // times and since the two run steps do not depend on one another, this will
+    // make the two of them run in parallel.
+    const test_step = b.step("test", "Run tests");
+    test_step.dependOn(&run_mod_tests.step);
+    test_step.dependOn(&run_exe_tests.step);
+
+    // Just like flags, top level steps are also listed in the `--help` menu.
+    //
+    // The Zig build system is entirely implemented in userland, which means
+    // that it cannot hook into private compiler APIs. All compilation work
+    // orchestrated by the build system will result in other Zig compiler
+    // subcommands being invoked with the right flags defined. You can observe
+    // these invocations when one fails (or you pass a flag to increase
+    // verbosity) to validate assumptions and diagnose problems.
+    //
+    // Lastly, the Zig build system is relatively simple and self-contained,
+    // and reading its source code will allow you to master it.
+}

build.zig.zon

@@ -0,0 +1,81 @@
+.{
+    // This is the default name used by packages depending on this one. For
+    // example, when a user runs `zig fetch --save <url>`, this field is used
+    // as the key in the `dependencies` table. Although the user can choose a
+    // different name, most users will stick with this provided value.
+    //
+    // It is redundant to include "zig" in this name because it is already
+    // within the Zig package namespace.
+    .name = .envr,
+    // This is a [Semantic Version](https://semver.org/).
+    // In a future version of Zig it will be used for package deduplication.
+    .version = "0.0.0",
+    // Together with name, this represents a globally unique package
+    // identifier. This field is generated by the Zig toolchain when the
+    // package is first created, and then *never changes*. This allows
+    // unambiguous detection of one package being an updated version of
+    // another.
+    //
+    // When forking a Zig project, this id should be regenerated (delete the
+    // field and run `zig build`) if the upstream project is still maintained.
+    // Otherwise, the fork is *hostile*, attempting to take control over the
+    // original project's identity. Thus it is recommended to leave the comment
+    // on the following line intact, so that it shows up in code reviews that
+    // modify the field.
+    .fingerprint = 0xa89bf067266a3e10, // Changing this has security and trust implications.
+    // Tracks the earliest Zig version that the package considers to be a
+    // supported use case.
+    .minimum_zig_version = "0.16.0",
+    // This field is optional.
+    // Each dependency must either provide a `url` and `hash`, or a `path`.
+    // `zig build --fetch` can be used to fetch all dependencies of a package, recursively.
+    // Once all dependencies are fetched, `zig build` no longer requires
+    // internet connectivity.
+    .dependencies = .{
+        // See `zig fetch --save <url>` for a command-line interface for adding dependencies.
+        //.example = .{
+        //    // When updating this field to a new URL, be sure to delete the corresponding
+        //    // `hash`, otherwise you are communicating that you expect to find the old hash at
+        //    // the new URL. If the contents of a URL change this will result in a hash mismatch
+        //    // which will prevent zig from using it.
+        //    .url = "https://example.com/foo.tar.gz",
+        //
+        //    // This is computed from the file contents of the directory of files that is
+        //    // obtained after fetching `url` and applying the inclusion rules given by
+        //    // `paths`.
+        //    //
+        //    // This field is the source of truth; packages do not come from a `url`; they
+        //    // come from a `hash`. `url` is just one of many possible mirrors for how to
+        //    // obtain a package matching this `hash`.
+        //    //
+        //    // Uses the [multihash](https://multiformats.io/multihash/) format.
+        //    .hash = "...",
+        //
+        //    // When this is provided, the package is found in a directory relative to the
+        //    // build root. In this case the package's hash is irrelevant and therefore not
+        //    // computed. This field and `url` are mutually exclusive.
+        //    .path = "foo",
+        //
+        //    // When this is set to `true`, a package is declared to be lazily
+        //    // fetched. This makes the dependency only get fetched if it is
+        //    // actually used.
+        //    .lazy = false,
+        //},
+    },
+    // Specifies the set of files and directories that are included in this package.
+    // Only files and directories listed here are included in the `hash` that
+    // is computed for this package. Only files listed here will remain on disk
+    // when using the zig package manager. As a rule of thumb, one should list
+    // files required for compilation plus any license(s).
+    // Paths are relative to the build root. Use the empty string (`""`) to refer to
+    // the build root itself.
+    // A directory listed here means that all files within, recursively, are included.
+    .paths = .{
+        "build.zig",
+        "build.zig.zon",
+        "src",
+        // For example...
+        //"LICENSE",
+        //"README.md",
+    },
+}

cmd/backup.go

@@ -15,6 +15,7 @@ import (
 var backupCmd = &cobra.Command{
 	Use:     "backup <path>",
 	Short:   "Import a .env file into envr",
+	Aliases: []string{"add"},
 	Args:    cobra.ExactArgs(1),
 	// Long: `Long desc`
 	RunE: func(cmd *cobra.Command, args []string) error {
@@ -27,11 +28,11 @@ var backupCmd = &cobra.Command{
 		if err != nil {
 			return err
 		} else {
-			defer db.Close(app.Write)
+			defer db.Close()
 			record := app.NewEnvFile(path)
 
 			if err := db.Insert(record); err != nil {
-				panic(err)
+				return err
 			} else {
 				fmt.Printf("Saved %s into the database", path)
 				return nil

cmd/check.go

@@ -38,7 +38,7 @@ var checkCmd = &cobra.Command{
 		if err != nil {
 			return fmt.Errorf("failed to open database: %w", err)
 		}
-		defer db.Close(app.ReadOnly)
+		defer db.Close()
 
 		// Check if the path is a file or directory
 		info, err := os.Stat(absPath)

cmd/deps.go

@@ -19,7 +19,7 @@ The check command reports on which binaries are available and which are not.`,
 		if err != nil {
 			return err
 		} else {
-			defer db.Close(app.ReadOnly)
+			defer db.Close()
 			features := db.Features()
 
 			table := tablewriter.NewWriter(os.Stdout)

cmd/init.go

@@ -11,10 +11,8 @@ import (
 	"github.com/spf13/cobra"
 )
 
-// TODO: Add --force (-f) flag.
 var initCmd = &cobra.Command{
 	Use:   "init",
-	DisableFlagsInUseLine: true,
 	Short: "Set up envr",
 	Long: `The init command generates your initial config and saves it to
 ~/.envr/config in JSON format.
@@ -23,11 +21,10 @@ During setup, you will be prompted to select one or more ssh keys with which to
 encrypt your databse. **Make 100% sure** that you have **a remote copy** of this
 key somewhere, otherwise your data could be lost forever.`,
 	RunE: func(cmd *cobra.Command, args []string) error {
+		force, _ := cmd.Flags().GetBool("force")
 		config, _ := app.LoadConfig()
 
-		if config != nil {
-			return fmt.Errorf("You have already initialized envr")
-		} else {
+		if config == nil || force {
 			keys, err := selectSSHKeys()
 			if err != nil {
 				return fmt.Errorf("Error selecting SSH keys: %v", err)
@@ -43,13 +40,17 @@ key somewhere, otherwise your data could be lost forever.`,
 			}
 
 			fmt.Printf("Config initialized with %d SSH key(s). You are ready to use envr.\n", len(keys))
-		}
-
 			return nil
+		} else {
+			return fmt.Errorf(`You have already initialized envr.
+Run again with the --force flag if you want to reinitialize.
+`)
+		}
 	},
 }
 
 func init() {
+	initCmd.Flags().BoolP("force", "f", false, "Overwrite an existing config")
 	rootCmd.AddCommand(initCmd)
 }
 

cmd/list.go

@@ -24,7 +24,7 @@ var listCmd = &cobra.Command{
 		if err != nil {
 			return err
 		}
-		defer db.Close(app.ReadOnly)
+		defer db.Close()
 
 		rows, err := db.List()
 		if err != nil {

cmd/remove.go

@@ -25,7 +25,7 @@ var removeCmd = &cobra.Command{
 		if err != nil {
 			return err
 		} else {
-			defer db.Close(app.Write)
+			defer db.Close()
 			if err := db.Delete(path); err != nil {
 				return err
 			} else {

cmd/restore.go

@@ -27,7 +27,7 @@ var restoreCmd = &cobra.Command{
 		if err != nil {
 			return err
 		} else {
-			defer db.Close(app.ReadOnly)
+			defer db.Close()
 			record, err := db.Fetch(path)
 
 			if err != nil {

cmd/scan.go

@@ -57,7 +57,7 @@ var scanCmd = &cobra.Command{
 
 			// Close database with write mode to persist changes
 			if addedCount > 0 {
-				err = db.Close(app.Write)
+				err = db.Close()
 				if err != nil {
 					return fmt.Errorf("Error saving changes: %v\n", err)
 				} else {
@@ -65,7 +65,7 @@ var scanCmd = &cobra.Command{
 					return nil
 				}
 			} else {
-				err = db.Close(app.ReadOnly)
+				err = db.Close()
 				if err != nil {
 					return fmt.Errorf("Error closing database: %v\n", err)
 				}

cmd/sync.go

@@ -10,16 +10,16 @@ import (
 	"github.com/spf13/cobra"
 )
 
-// TODO: Detect when file paths have moved and update accordingly.
 var syncCmd = &cobra.Command{
 	Use:   "sync",
 	Short: "Update or restore your env backups",
 	RunE: func(cmd *cobra.Command, args []string) error {
 		db, err := app.Open()
+
 		if err != nil {
 			return err
 		} else {
-			defer db.Close(app.Write)
+			defer db.Close()
 			files, err := db.List()
 
 			if err != nil {
@@ -33,16 +33,19 @@ var syncCmd = &cobra.Command{
 
 				for _, file := range files {
 					// Syncronize the filesystem with the database.
-					changed, err := file.Sync()
+					oldPath := file.Path
+					changed, err := db.Sync(&file)
 
 					var status string
 					switch changed {
-					case app.Updated:
+					case app.BackedUp:
 						status = "Backed Up"
 						if err := db.Insert(file); err != nil {
 							return err
 						}
 					case app.Restored:
+						fallthrough
+					case app.RestoredAndDirUpdated:
 						status = "Restored"
 					case app.Error:
 						if err == nil {
@@ -51,10 +54,23 @@ var syncCmd = &cobra.Command{
 						status = err.Error()
 					case app.Noop:
 						status = "OK"
+					case app.DirUpdated:
+						status = "Moved"
 					default:
 						panic("Unknown result")
 					}
 
+					if changed&app.DirUpdated == app.DirUpdated {
+						if err := db.Delete(oldPath); err != nil {
+							return err
+						}
+					}
+					if db.UpdateRequired(changed) {
+						if err := db.Insert(file); err != nil {
+							return err
+						}
+					}
+
 					results = append(results, syncResult{
 						Path:   file.Path,
 						Status: status,

docs/cli/envr_init.md

@@ -12,12 +12,13 @@ encrypt your databse. **Make 100% sure** that you have **a remote copy** of this
 key somewhere, otherwise your data could be lost forever.
 
 ```
-envr init
+envr init [flags]
 ```
 
 ### Options
 
 ```
+  -f, --force   Overwrite an existing config
   -h, --help    help for init
 ```
 

flake.lock

@@ -5,11 +5,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1751413152,
-        "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
+        "lastModified": 1768135262,
+        "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
+        "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
         "type": "github"
       },
       "original": {
@@ -20,11 +20,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1761597516,
-        "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=",
+        "lastModified": 1767313136,
+        "narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55",
+        "rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d",
         "type": "github"
       },
       "original": {
@@ -36,11 +36,11 @@
     },
     "nixpkgs-lib": {
       "locked": {
-        "lastModified": 1751159883,
-        "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=",
+        "lastModified": 1765674936,
+        "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab",
+        "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
         "type": "github"
       },
       "original": {
@@ -51,11 +51,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1751949589,
-        "narHash": "sha256-mgFxAPLWw0Kq+C8P3dRrZrOYEQXOtKuYVlo9xvPntt8=",
+        "lastModified": 1768178648,
+        "narHash": "sha256-kz/F6mhESPvU1diB7tOM3nLcBfQe7GU7GQCymRlTi/s=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9b008d60392981ad674e04016d25619281550a9d",
+        "rev": "3fbab70c6e69c87ea2b6e48aa6629da2aa6a23b0",
         "type": "github"
       },
       "original": {
@@ -80,11 +80,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1752055615,
-        "narHash": "sha256-19m7P4O/Aw/6+CzncWMAJu89JaKeMh3aMle1CNQSIwM=",
+        "lastModified": 1768158989,
+        "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9",
+        "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca",
         "type": "github"
       },
       "original": {

flake.nix

@@ -61,7 +61,7 @@
 
           packages.default = pkgs.buildGoModule rec {
             pname = "envr";
-            version = "0.1.1";
+            version = "0.2.0";
             src = ./.;
             # If the build complains, uncomment this line
             # vendorHash = "sha256:0000000000000000000000000000000000000000000000000000";
@@ -100,6 +100,8 @@
                 # Build tools
                 zip
 
+                opencode
+
                 # IDE
                 unstable.helix
                 typescript-language-server

main.go

@@ -2,7 +2,6 @@ package main
 
 import "github.com/sbrow/envr/cmd"
 
-// TODO: `envr check` command that looks in cwd and tells you if it's backed up or not.
 func main() {
 	cmd.Execute()
 }

src/main.zig

@@ -0,0 +1,87 @@
+const std = @import("std");
+const Io = std.Io;
+
+const envr = @import("envr");
+
+const goBinary = "envr-go";
+
+pub fn main(init: std.process.Init) !void {
+    // This is appropriate for anything that lives as long as the process.
+    const arena: std.mem.Allocator = init.arena.allocator();
+
+    const args = try init.minimal.args.toSlice(arena);
+
+    if (std.mem.eql(u8, args[1], "version")) {
+        version(args[1..]);
+    } else {
+        return fallbackToGo(init.io, args, arena);
+    }
+}
+
+fn version(args: []const [:0]const u8) void {
+    // std.debug.print("hello from Zig!\n", .{});
+
+    // for (args[1..]) |arg| {
+    //     std.debug.print("arg: {s}\n", .{arg});
+    // }
+    //
+
+    _ = args;
+
+    std.debug.print("TODO: Implement\n", .{});
+}
+
+fn fallbackToGo(
+    io: Io,
+    args: []const [:0]const u8,
+    arena: std.mem.Allocator,
+) std.process.ReplaceError {
+    // Remap args
+    var childArgs = try std.ArrayList([]const u8).initCapacity(arena, args.len);
+    childArgs.appendAssumeCapacity(goBinary);
+
+    for (args[1..]) |arg| {
+        childArgs.appendAssumeCapacity(arg);
+    }
+
+    return std.process.replace(io, .{ .argv = childArgs.items });
+}
+
+test "simple test" {
+    const gpa = std.testing.allocator;
+    var list: std.ArrayList(i32) = .empty;
+    defer list.deinit(gpa); // Try commenting this out and see if zig detects the memory leak!
+    try list.append(gpa, 42);
+    try std.testing.expectEqual(@as(i32, 42), list.pop());
+}
+
+test "fuzz example" {
+    try std.testing.fuzz({}, testOne, .{});
+}
+
+fn testOne(context: void, smith: *std.testing.Smith) !void {
+    _ = context;
+    // Try passing `--fuzz` to `zig build test` and see if it manages to fail this test case!
+
+    const gpa = std.testing.allocator;
+    var list: std.ArrayList(u8) = .empty;
+    defer list.deinit(gpa);
+    while (!smith.eos()) switch (smith.value(enum { add_data, dup_data })) {
+        .add_data => {
+            const slice = try list.addManyAsSlice(gpa, smith.value(u4));
+            smith.bytes(slice);
+        },
+        .dup_data => {
+            if (list.items.len == 0) continue;
+            if (list.items.len > std.math.maxInt(u32)) return error.SkipZigTest;
+            const len = smith.valueRangeAtMost(u32, 1, @min(32, list.items.len));
+            const off = smith.valueRangeAtMost(u32, 0, @intCast(list.items.len - len));
+            try list.appendSlice(gpa, list.items[off..][0..len]);
+            try std.testing.expectEqualSlices(
+                u8,
+                list.items[off..][0..len],
+                list.items[list.items.len - len ..],
+            );
+        },
+    };
+}

src/root.zig

@@ -0,0 +1,18 @@
+//! By convention, root.zig is the root source file when making a package.
+const std = @import("std");
+const Io = std.Io;
+
+/// This is a documentation comment to explain the `printAnotherMessage` function below.
+///
+/// Accepting an `Io.Writer` instance is a handy way to write reusable code.
+pub fn printAnotherMessage(writer: *Io.Writer) Io.Writer.Error!void {
+    try writer.print("Run `zig build test` to run the tests.\n", .{});
+}
+
+pub fn add(a: i32, b: i32) i32 {
+    return a + b;
+}
+
+test "basic add functionality" {
+    try std.testing.expect(add(3, 7) == 10);
+}