chore(odin): release 0.3.0

feat: All encryption/decryption now happens in-memory.
Release-as: v0.3.0
2026-06-28 02:58:33 -04:00 · 2026-06-16 11:39:29 -04:00 · 2026-06-16 11:38:20 -04:00 · 2026-06-16 11:36:05 -04:00 · 2026-06-16 11:36:05 -04:00 · 2026-06-16 11:36:05 -04:00
33 changed files with 1256 additions and 704 deletions
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -25,3 +25,4 @@ jobs:
          # this is a built-in strategy in release-please, see "Action Inputs"
          # for more options
          release-type: simple
          target-branch: ${{ github.ref_name }}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,23 @@
 # Changelog
 ## [0.3.0](https://github.com/sbrow/envr/compare/v0.2.1...v0.3.0) (2026-06-16)
 ### ⚠ BREAKING CHANGES
 * The encryption format of databases has changed. Age encryption is no longer supported, and no automatic migration path was implemented.
 ### Features
 * All encryption/decryption now happens in-memory. ([fe2b256](https://github.com/sbrow/envr/commit/fe2b256bd61eaf551d53faf3893b473a64a94667))
 * Config can be loaded from any path with `--config-file (-c)` flag. ([4a26ee8](https://github.com/sbrow/envr/commit/4a26ee814591e6aab0eb99d2359d51b31011edfe))
 * Switched from age to libsodium. ([23b8c2d](https://github.com/sbrow/envr/commit/23b8c2dc671a23cf76cf6746b33806ded9381486))
 ### Performance Improvements
 * Improved writer performance. ([365e914](https://github.com/sbrow/envr/commit/365e9149b1a738ac9119bb5f74dc7e047ecfed5b))
 ## [0.2.1](https://github.com/sbrow/envr/compare/v0.2.0...v0.2.1) (2026-01-12)
--- a/TEST_PLAN.md
+++ b/TEST_PLAN.md
@@ -2,101 +2,61 @@
 ## Current State
- 63 tests, all passing (added 3 `render_table` tests)
+- 104 tests, all passing
- Strong coverage: crypto (100%), ssh (80%), scan, features
+- Strong coverage: crypto, ssh, db CRUD + env_file + update_dir, config save/load + paths, scan, features, cant_scan, parse_args, `-c`/`--config-file` flag
 - `render_table` now takes `io.Writer` (Tier 1 item 1 done)
 - Misleading test files: `cmd_check_test`, `cmd_list_test`, `cmd_nushell_completion_test` don't test their namesake procs
- Biggest gap: `db.odin` (15/21 procs untested), all `cmd_*` handlers untested, `parse_args` untested
+- Biggest remaining gap: all `cmd_*` handlers untested
-## Tier 1 — Easy wins (pure functions, minimal setup)
+## Command handler tests
-### 1. `render_table` (table.odin)
+Stdout will be captured by redirecting `os.stdout` to a pipe.
 - Follow existing `render_json_rows` test pattern
 - Test cases: normal data (verify box-drawing chars, column alignment), empty rows, wide unicode, single column
 - Assert against `strings.Builder` output
-### 2. `parse_args` (cli.odin) — BLOCKED: needs refactor
+### `cmd_version` (cmd_version.odin)
 - Reads `os.args` directly and calls `print_usage()`/`print_command_help()` as side effects
 - Cannot test without either accepting `[]string` param or extracting output
 - Minimal refactor: `parse_args(args: []string)` — caller passes `os.args`, tests pass synthetic slices
 - Return values (`ok`, `cmd.name`, `cmd.flags`, `cmd.bool_set`) are the interesting part to assert
 - Test cases: bare command, `--flag value`, `-f value`, positional args, `--help`/`-h`, unknown command, no args, mixed flags + positionals
 ### 3. `is_encrypted_key` (ssh.odin)
 - Test cases: encrypted key (returns true), unencrypted key (returns false), RSA key, malformed key
 - Fills last gap in ssh.odin
 ## Tier 2 — High value, medium effort (fixtures exist)
 ### 4. `db.odin` CRUD layer
 Largest gap in the project. Infrastructure already in `db_integration_test.odin` (`fixture_key`, `fixture_db_path`, in-memory DB setup).
 Procs to test:
 - `db_open` / `db_close` — open in-memory DB, verify handle valid
 - `db_insert` — insert a row, verify it persists
 - `db_fetch` — fetch existing row, fetch missing row (returns false)
 - `db_delete` — delete existing row (returns true), delete missing row (returns false)
 - `db_list` — list multiple rows, empty DB
 - `db_vacuum_to_file` — vacuum to temp file, verify file exists and is non-empty
 Test pattern: create in-memory DB via `db_open`, insert fixture rows, query and assert, `defer db_close`.
 ### 5. `load_config` / `save_config` (config.odin)
 - `save_config`: write a `Config` to temp dir, verify file exists and contents are valid JSON
 - `load_config`: read back a config written by `save_config`, round-trip assert
 - `load_config` error case: missing file returns error
 - Need a temp dir fixture (pattern exists in `scan_test.odin`)
 ## Tier 3 — Command handlers (need DB + filesystem fixtures)
 ### 6. `cmd_version` (cmd_version.odin)
 - Test default output (prints VERSION)
 - Test `--long`/`-l` flag output
 - Capture stdout, assert content
-### 7. `cmd_list` (cmd_list.odin)
+### `cmd_list` (cmd_list.odin)
 - Test TTY path: fixture DB with rows, capture table output
 - Test non-TTY path: capture JSON output, unmarshal and verify keys/values
 - Test empty DB: verify clean output (empty table or `[]`)
-### 8. `cmd_backup` (cmd_backup.odin)
+### `cmd_backup` (cmd_backup.odin)
 - Test successful backup: valid path, verify `db_insert` called
 - Test missing file: verify error message
 - Test duplicate backup: verify rejection or update behavior
-### 9. `cmd_remove` (cmd_remove.odin)
+### `cmd_remove` (cmd_remove.odin)
 - Test successful removal: existing entry, verify `db_delete` called
 - Test removal of non-existent entry: verify error or no-op
-### 10. `cmd_restore` (cmd_restore.odin)
+### `cmd_restore` (cmd_restore.odin)
 - Test successful restore: entry exists in DB, verify file written to correct path
 - Test restore of missing entry: verify error
 - Test directory creation: restore to path with missing parent dirs
-## Tier 4 — Hard to test (interactive / external deps)
+## Hard to test (interactive / external deps)
-### 11. `cmd_deps` (cmd_deps.odin)
+### `cmd_deps` (cmd_deps.odin)
 - Needs `git` and/or `fd` in PATH
 - Test TTY and non-TTY paths
 - Skip if dependencies not available (with `#assert` like TODO 28 suggests)
-### 12. `cmd_scan` (cmd_scan.odin)
+### `cmd_scan` (cmd_scan.odin)
 - Needs `fd` installed
 - Test with fixture git repo containing `.env` files
 - Test `find_unbacked` integration (already partially tested in `cmd_check_test.odin`)
 - Non-TTY JSON output path
-### 13. `cmd_edit_config` (cmd_edit_config.odin)
+### `cmd_edit_config` (cmd_edit_config.odin)
 - Needs refactoring: extract `$EDITOR` parsing into testable helper (TODO 12)
 - Test multi-word editor values (`"code -w"`)
 - Test missing `$EDITOR`
-### 14. `cmd_init` (cmd_init.odin)
+### `cmd_init` (cmd_init.odin)
 - Interactive prompt makes this hard
 - Needs refactoring: extract SSH key discovery and config generation into testable procs
 - Test `--force` flag behavior
-### 15. `prompt.odin`
+### `prompt.odin`
 - Needs refactoring to be testable
 - `render_options` could be tested if it accepted an `io.Writer`
 - `read_key` could be tested with a pipe/redirect instead of raw stdin
@@ -104,7 +64,7 @@ Test pattern: create in-memory DB via `db_open`, insert fixture rows, query and
 ## Notes
 - All command handler tests will need stdout capture. Consider extracting a helper or using `io.Writer` injection.
 - DB integration tests should use in-memory SQLite (`:memory:`) where possible.
 - Temp dir fixtures should follow the pattern in `scan_test.odin`.
 - External dependency tests (`fd`, `git`) should use `#assert` to ensure the dependency is present rather than silently skipping (TODO 28).
 - Tests that manipulate the `HOME` env var must use a mutex to prevent races with parallel test execution.
--- a/TODOS.md
+++ b/TODOS.md
@@ -1,89 +1,66 @@
-# TODO
+# TODOs
 Note: These todos can wait until all the subcommands have been ported.
-## HIGH
+1. Consider giving db its own allocator
-2. **db.odin:380-383, 405, 446** — `sqlite.bind_text` return values overwritten but never checked. A failed bind means `sqlite.step` operates on unbound params.
+2. **db.odin:324-327** — Map iteration (`remote_set`) is non-deterministic. Same file can produce different JSON on each backup, causing spurious DB diffs. Sort remotes before storing.
-3. **config.odin:52-54** — `os.user_home_dir` error silently ignored. If it fails, `home` is `""` and all paths become relative (`".envr"` instead of `"~/.envr"`).
+3. **db.odin:135, 250** — String interpolation into SQL (`VACUUM INTO '%s'`, `ATTACH DATABASE '%s'`). Currently safe because input is controlled, but fragile.
-## MEDIUM
+4. **features.odin:30-41** — `find_binary` uses `strings.join` instead of `filepath.join`, uses `os.stat` instead of checking executability, hardcodes `:` as PATH separator (wrong on Windows).
-4. **db.odin:29-35** — `make_temp_path` never calls `strings.builder_destroy`. Leaks builder buffer every call.
+5. **cmd_restore.odin:20-30 & cmd_remove.odin:19-29** — Identical path-resolution block copy-pasted. `is_abs` guard is redundant since `filepath.abs` is a no-op on absolute paths. Extract a helper.
-5. **db.odin:324-327** — Map iteration (`remote_set`) is non-deterministic. Same file can produce different JSON on each backup, causing spurious DB diffs. Sort remotes before storing.
+6. **cmd_restore.odin:44** — `os.mkdir_all` error silently discarded. Subsequent write failure will be confusing.
-6. **db.odin:470-473** — `string_to_cstring` allocates via `strings.clone_to_cstring` and never frees. Called dozens of times across db operations.
+8. **config.odin:178** — `search_paths` silently ignores `os.user_home_dir` error. If home is empty, `~` isn't expanded. Same class of bug as issue 3.
-7. **db.odin:470, 462** — Both `string_to_cstring` and `cstring_to_string` ignore allocation errors. A nil cstring gets passed to SQLite (UB).
+10. **db.odin:115** — `json.unmarshal_string` error not checked. Malformed JSON silently produces empty/partial data.
-8. **db.odin:135, 250** — String interpolation into SQL (`VACUUM INTO '%s'`, `ATTACH DATABASE '%s'`). Currently safe because input is controlled, but fragile.
+11. **db.odin:352-353** — `hex.encode` error ignored. `string(hex_bytes)` aliases the byte slice.
-9. **features.odin:30-41** — `find_binary` uses `strings.join` instead of `filepath.join`, uses `os.stat` instead of checking executability, hardcodes `:` as PATH separator (wrong on Windows).
+12. **cmd_sync.odin:80, cmd_list.odin:33, cmd_deps.odin:9** — `make([]string, 2)` for table rows never freed. Leaks per row. Defer to memory pass.
-10. **cmd_restore.odin:20-30 & cmd_remove.odin:19-29** — Identical path-resolution block copy-pasted. `is_abs` guard is redundant since `filepath.abs` is a no-op on absolute paths. Extract a helper.
+13. **cmd_list.odin** — Non-TTY branch builds `ListEntry` structs and marshals JSON separately. Now that `render_json_rows` (issue 1) accepts an `io.Writer` and uses `json.marshal`, unify both branches to use it. Note: will change JSON keys from `"directory"/"path"` to `"Directory"/"Path"`.
-11. **cmd_restore.odin:44** — `os.mkdir_all` error silently discarded. Subsequent write failure will be confusing.
+14. Check for prealloc opportunities. i.e. `make([dynamic]string)` -> `make([dynamic]string, 5)`.
-12. **cmd_edit_config.odin:27** — `$EDITOR` used as single binary name. Breaks for multi-word values like `"code -w"`. Needs `strings.fields()`.
+15. Add a text filter to the multi_select.
-33. **config.odin:178** — `search_paths` silently ignores `os.user_home_dir` error. If home is empty, `~` isn't expanded. Same class of bug as issue 3.
+16. Create backup / fallback fd.
-35. **prompt.odin:124** — `make([dynamic]bool, len(options))` creates N zero-initialized elements. Works because `false` is the default, but same footgun as original issue 1. Should be `make([dynamic]bool, 0, len(options))`.
+17. Add tests for untested commands.
-39. Lots of memory leaks to fix.
+18. 2 scan tests silently skip when fd isn't installed, tests pass without actually testing anything. These should use #assert to be sure that fd is in path.
-## LOW
+19. Try to do all encryption / decryption in memory - only read / write encrypted data to disk.
-15. **db.odin:115** — `json.unmarshal_string` error not checked. Malformed JSON silently produces empty/partial data.
+20. add --format -f flag to commands that draw tables.
-16. **db.odin:352-353** — `hex.encode` error ignored. `string(hex_bytes)` aliases the byte slice.
+21. Replace `testing.expect` calls with `testing.expect_value` calls where appropriate.
-18. **config.odin:51-60** — `envr_dir` recomputes home dir on every call. Could cache.
+22. Change struct field names from PascalCase to snake_case.
-37. **cmd_sync.odin:80, cmd_list.odin:33, cmd_deps.odin:9** — `make([]string, 2)` for table rows never freed. Leaks per row. Defer to memory pass.
+23. procedures should be ordered by use, main at the top, then in the order they are called from main.
 ## REFACTOR
 20. **cmd_list.odin** — Non-TTY branch builds `ListEntry` structs and marshals JSON separately. Now that `render_json_rows` (issue 1) accepts an `io.Writer` and uses `json.marshal`, unify both branches to use it. Note: will change JSON keys from `"directory"/"path"` to `"Directory"/"Path"`.
 21. Check for prealloc opportunities. i.e. `make([dynamic]string)` -> `make([dynamic]string, 5)`.
 23. Add a text filter to the multi_select.
 24. Create backup / fallback fd.
 25. Add tests for untested commands.
 26. Add a global --config -c flag to use an alternate config.
 27. version --long Odin only prints version; Go also prints commit hash and build date
 28. 2 scan tests silently skip	Low	When fd isn't installed, tests pass without actually testing anything. These should use #assert to be sure that fd is in path.
 38. Try to do all encryption / decryption in memory - only read / write encrypted data to disk.
 40. use a buffered writer where possible (mem.DEFAULT_PAGE_SIZE)
 ## Double-check AI output
 - [ ] cli.odin
 - [ ] cli_test.odin
- [ ] cmd_backup.odin
+- [x] cmd_backup.odin
- [ ] cmd_check.odin
+- [x] cmd_check.odin
 - [ ] cmd_check_test.odin
- [ ] cmd_deps.odin
+- [x] cmd_deps.odin
 - [ ] cmd_edit_config.odin
- [ ] cmd_init.odin
+- [x] cmd_init.odin
- [ ] cmd_list.odin
+- [x] cmd_list.odin
 - [ ] cmd_list_test.odin
- [ ] cmd_nushell_completion.odin
+- [x] cmd_nushell_completion.odin
- [ ] cmd_nushell_completion_test.odin
+- [x] cmd_nushell_completion_test.odin
- [ ] cmd_remove.odin
+- [x] cmd_remove.odin
- [ ] cmd_restore.odin
+- [x] cmd_restore.odin
- [ ] cmd_scan.odin
+- [x] cmd_scan.odin
- [ ] cmd_sync.odin
+- [x] cmd_sync.odin
 - [x] cmd_version.odin
 - [ ] config.odin
 - [ ] config_test.odin
@@ -92,10 +69,10 @@ Note: These todos can wait until all the subcommands have been ported.
 - [ ] db.odin
 - [ ] db_integration_test.odin
 - [ ] db_test.odin
- [ ] features.odin
+- [x] features.odin
- [ ] features_test.odin
+- [x] features_test.odin
- [ ] main.odin
+- [x] main.odin
- [ ] prompt.odin
+- [x] prompt.odin
 - [ ] scan.odin
 - [ ] scan_test.odin
 - [ ] sodium.odin
--- a/cli.odin
+++ b/cli.odin
@@ -3,15 +3,18 @@ package main
 import "core:bufio"
 import "core:fmt"
 import "core:io"
 import "core:mem"
 import "core:os"
 import "core:strings"
 Command :: struct {
-	name:     string,
+	name:        string,
-	args:     [dynamic]string,
+	args:        [dynamic]string,
-	flags:    map[string]string,
+	flags:       map[string]string,
-	bool_set: map[string]bool,
+	bool_set:    map[string]bool,
 	config_path: string,
 	out_buf:     ^bufio.Writer,
 	out:         io.Writer,
 	err:         io.Writer,
 }
 CommandInfo :: struct {
@@ -27,7 +30,10 @@ COMMANDS := []CommandInfo {
 		"init",
 		"envr init",
 		"Set up envr",
-		"The init command generates your initial config and saves it to\n~/.envr/config in JSON format.\n\nDuring setup, you will be prompted to select one or more ssh keys with which to\nencrypt your databse. **Make 100% sure** that you have **a remote copy** of this\nkey somewhere, otherwise your data could be lost forever.",
+		`The init command generates your initial config and saves it to
 ~/.envr/config in JSON format.\n\nDuring setup, you will be prompted to select one or more ssh keys with which to
 encrypt your databse. **Make 100% sure** that you have **a remote copy** of this
 key somewhere, otherwise your data could be lost forever.`,
 		{},
 	},
 	{"scan", "envr scan", "Find and select .env files for backup", "", {}},
@@ -55,11 +61,27 @@ COMMANDS := []CommandInfo {
 	},
 }
-parse_args :: proc() -> (cmd: Command, ok: bool) {
+delete_command :: proc(cmd: ^Command) {
-	args := os.args
+	delete(cmd.args)
 	delete(cmd.flags)
 	delete(cmd.bool_set)
 	bufio.writer_destroy(cmd.out_buf)
 	free(cmd.out_buf)
 }
 // Caller is responsible for calling delete_command(cmd).
 // FIXME: Works in kinda a wonky and awkward way.
 parse_args :: proc(args: []string, out: io.Stream, err: io.Stream) -> (cmd: Command, ok: bool) {
 	{
 		cmd.out_buf = new(bufio.Writer)
 		bufio.writer_init(cmd.out_buf, out)
 		cmd.out = bufio.writer_to_writer(cmd.out_buf)
 		cmd.err = err
 	}
 	if len(args) < 2 || args[1] == "--help" || args[1] == "-h" {
-		print_usage()
+		write_usage(cmd.out)
-		return Command{}, false
+		return cmd, false
 	}
 	cmd.name = args[1]
@@ -95,9 +117,21 @@ parse_args :: proc() -> (cmd: Command, ok: bool) {
 		}
 	}
 	if val, ok := cmd.flags["config-file"]; ok {
 		cmd.config_path = val
 	} else if val, ok := cmd.flags["c"]; ok {
 		cmd.config_path = val
 	} else {
 		// FIXME: Handle err
 		// TODO: Is this right?
 		home, _ := os.user_home_dir(context.temp_allocator)
 		// TODO: should we copy out of the temp_allocator?
 		cmd.config_path = default_config_path(home, context.temp_allocator)
 	}
 	if has_flag(&cmd, "help") {
-		print_command_help(cmd.name)
+		print_command_help(&cmd)
-		return Command{}, false
+		return cmd, false
 	}
 	return cmd, true
@@ -147,24 +181,24 @@ write_command_help :: proc(name: string, w: io.Writer) -> bool {
 		fmt.wprintf(w, "\n%s\n", info.long, flush = false)
 	}
-	fmt.wprintf(w, "\nFlags:\n  -h, --help   help for %s\n", info.name, flush = false)
+	fmt.wprintf(
 		w,
 		"\nFlags:\n  -h, --help   help for %s\n  -c, --config-file <path>   config file (default \"~/.envr/config.json\")\n",
 		info.name,
 		flush = false,
 	)
 	return true
 }
-print_command_help :: proc(name: string) {
+print_command_help :: proc(cmd: ^Command) {
-	bw: bufio.Writer
+	ok := write_command_help(cmd.name, cmd.out)
 	bufio.writer_init(&bw, io.to_writer(os.to_writer(os.stdout)), mem.DEFAULT_PAGE_SIZE)
 	defer bufio.writer_destroy(&bw)
 	w := bufio.writer_to_writer(&bw)
 	ok := write_command_help(name, w)
 	if !ok {
-		fmt.printf("Unknown command: %s\n", name)
+		fmt.wprintf(cmd.err, "Unknown command: %s\n", cmd.name)
-		print_usage()
+		write_usage(cmd.out)
 	}
 	bufio.writer_flush(&bw)
 }
 // TODO: command args should be shown in usage.
 write_usage :: proc(w: io.Writer) {
 	fmt.wprintf(
 		w,
@@ -228,6 +262,7 @@ Available Commands:
 		`
 Flags:
  -h, --help   help for envr
  -c, --config-file <path>   config file (default "~/.envr/config.json")
 Use "envr [command] --help" for more information about a command.
 `,
@@ -235,13 +270,3 @@ Use "envr [command] --help" for more information about a command.
 	)
 }
 // TODO: Look at usages,might want to pass a writer
 print_usage :: proc() {
 	bw: bufio.Writer
 	bufio.writer_init(&bw, io.to_writer(os.to_writer(os.stdout)), mem.DEFAULT_PAGE_SIZE)
 	defer bufio.writer_destroy(&bw)
 	defer bufio.writer_flush(&bw)
 	write_usage(bufio.writer_to_writer(&bw))
 }
--- a/cli_test.odin
+++ b/cli_test.odin
@@ -2,6 +2,7 @@
 package main
 import "core:bufio"
 import "core:fmt"
 import "core:strings"
 import "core:testing"
@@ -189,3 +190,181 @@ test_has_flag_empty_command :: proc(t: ^testing.T) {
 }
 test_parse_args :: proc(
 	args: []string,
 ) -> (
 	cmd: Command,
 	ok: bool,
 	out_text: string,
 	err_text: string,
 ) {
 	out_b: strings.Builder
 	strings.builder_init(&out_b)
 	defer strings.builder_destroy(&out_b)
 	err_b: strings.Builder
 	strings.builder_init(&err_b)
 	defer strings.builder_destroy(&err_b)
 	cmd, ok = parse_args(args, strings.to_stream(&out_b), strings.to_stream(&err_b))
 	if ok {
 		bufio.writer_flush(cmd.out_buf)
 		out_text = strings.to_string(out_b)
 		err_text = strings.to_string(err_b)
 	}
 	return
 }
@(test)
 test_parse_args_bare_command :: proc(t: ^testing.T) {
 	cmd, ok, _, _ := test_parse_args([]string{"envr", "list"})
 	testing.expect(t, ok, "should succeed")
 	if !ok do return
 	defer delete_command(&cmd)
 	testing.expect_value(t, cmd.name, "list")
 	testing.expect_value(t, len(cmd.args), 0)
 	testing.expect_value(t, len(cmd.flags), 0)
 	testing.expect_value(t, len(cmd.bool_set), 0)
 }
@(test)
 test_parse_args_positional :: proc(t: ^testing.T) {
 	cmd, ok, _, _ := test_parse_args([]string{"envr", "backup", "/project/.env"})
 	defer delete_command(&cmd)
 	testing.expect(t, ok, "should succeed")
 	testing.expect(t, cmd.name == "backup")
 	testing.expect(t, len(cmd.args) == 1)
 	testing.expect(t, cmd.args[0] == "/project/.env")
 }
@(test)
 test_parse_args_long_flag_with_value :: proc(t: ^testing.T) {
 	cmd, ok, _, _ := test_parse_args([]string{"envr", "sync", "--config", "x.json"})
 	testing.expect(t, ok, "should succeed")
 	if !ok do return
 	defer delete_command(&cmd)
 	testing.expect(t, cmd.flags["config"] == "x.json")
 }
@(test)
 test_parse_args_short_flag_with_value :: proc(t: ^testing.T) {
 	cmd, ok, _, _ := test_parse_args([]string{"envr", "sync", "-c", "x.json"})
 	testing.expect(t, ok, "should succeed")
 	if !ok do return
 	defer delete_command(&cmd)
 	testing.expect(t, cmd.flags["c"] == "x.json")
 }
@(test)
 test_parse_args_long_bool_flag :: proc(t: ^testing.T) {
 	cmd, ok, _, _ := test_parse_args([]string{"envr", "init", "--force"})
 	testing.expect(t, ok, "should succeed")
 	if !ok do return
 	defer delete_command(&cmd)
 	testing.expect(t, cmd.bool_set["force"] == true)
 }
@(test)
 test_parse_args_short_bool_flag :: proc(t: ^testing.T) {
 	cmd, ok, _, _ := test_parse_args([]string{"envr", "version", "-l"})
 	testing.expect(t, ok, "should succeed")
 	if !ok do return
 	defer delete_command(&cmd)
 	testing.expect(t, cmd.bool_set["l"] == true)
 }
@(test)
 test_parse_args_multiple_positionals :: proc(t: ^testing.T) {
 	cmd, ok, _, _ := test_parse_args([]string{"envr", "backup", "a", "b"})
 	testing.expect(t, ok, "should succeed")
 	if !ok do return
 	defer delete_command(&cmd)
 	testing.expect(t, len(cmd.args) == 2)
 	testing.expect(t, cmd.args[0] == "a")
 	testing.expect(t, cmd.args[1] == "b")
 }
@(test)
 test_parse_args_mixed_flags_and_positionals :: proc(t: ^testing.T) {
 	cmd, ok, _, _ := test_parse_args([]string{"envr", "backup", "/project/.env", "--force"})
 	testing.expect(t, ok, "should succeed")
 	if !ok do return
 	defer delete_command(&cmd)
 	testing.expect(t, cmd.bool_set["force"] == true)
 	testing.expect(t, len(cmd.args) == 1)
 	testing.expect(t, cmd.args[0] == "/project/.env")
 }
@(test)
 test_parse_args_no_args :: proc(t: ^testing.T) {
 	cmd, ok, _, _ := test_parse_args([]string{"envr"})
 	defer delete_command(&cmd)
 	testing.expect(t, !ok, "no args should return false")
 }
@(test)
 test_parse_args_flag_then_positional_then_flag :: proc(t: ^testing.T) {
 	cmd, ok, _, _ := test_parse_args([]string{"envr", "backup", "a.env", "--force", "--verbose"})
 	defer delete_command(&cmd)
 	testing.expect(t, ok, "should succeed")
 	testing.expect(t, cmd.bool_set["force"] == true)
 	testing.expect(t, cmd.bool_set["verbose"] == true)
 	testing.expect(t, len(cmd.args) == 1)
 	testing.expect(t, cmd.args[0] == "a.env")
 }
@(test)
 test_parse_args_config_file_long_flag :: proc(t: ^testing.T) {
 	cmd, ok, _, _ := test_parse_args(
 		[]string{"envr", "list", "--config-file", "/custom/config.json"},
 	)
 	testing.expect(t, ok, "should succeed")
 	if !ok do return
 	defer delete_command(&cmd)
 	testing.expect(
 		t,
 		cmd.config_path == "/custom/config.json",
 		"config_path should be set from --config-file",
 	)
 }
@(test)
 test_parse_args_config_file_short_flag :: proc(t: ^testing.T) {
 	cmd, ok, _, _ := test_parse_args([]string{"envr", "list", "-c", "/custom/config.json"})
 	testing.expect(t, ok, "should succeed")
 	if !ok do return
 	defer delete_command(&cmd)
 	testing.expect(
 		t,
 		cmd.config_path == "/custom/config.json",
 		"config_path should be set from -c",
 	)
 }
@(test)
 test_parse_args_config_file_defaults :: proc(t: ^testing.T) {
 	cmd, ok, _, _ := test_parse_args([]string{"envr", "list"})
 	testing.expect(t, ok, "should succeed")
 	if !ok do return
 	defer delete_command(&cmd)
 	testing.expect(t, len(cmd.config_path) > 0, "config_path should default to non-empty path")
 	testing.expect(
 		t,
 		strings.contains(cmd.config_path, ".envr"),
 		"default config_path should contain .envr dir, got %s",
 	)
 }
--- a/cmd_backup.odin
+++ b/cmd_backup.odin
@@ -5,34 +5,31 @@ import "core:strings"
 cmd_backup :: proc(cmd: ^Command) {
 	if len(cmd.args) != 1 {
-		print_command_help("backup")
+		print_command_help(cmd)
 		return
 	}
 	path := cmd.args[0]
 	if len(strings.trim_space(path)) == 0 {
-		fmt.println("Error: No path provided")
+		fmt.wprintln(cmd.err, "Error: No path provided", flush = false)
 		return
 	}
 	file, ok := new_env_file(path)
 	if !ok {
 		// TODO: log a message
 		return
 	}
-	db, db_ok := db_open()
+	db, db_ok := db_open(cmd.config_path)
 	if !db_ok {
 		// TODO: log a message
 		return
 	}
 	defer db_close(&db)
 	if !db_insert(&db, file) {
 		// TODO: log a message
 		return
 	}
-	fmt.printf("Saved %s into the database\n", path)
+	fmt.wprintf(cmd.out, "Saved %s into the database\n", path, flush = false)
 }
--- a/cmd_check.odin
+++ b/cmd_check.odin
@@ -11,9 +11,9 @@ cmd_check :: proc(cmd: ^Command) {
 	if len(cmd.args) > 0 {
 		check_path = cmd.args[0]
 	} else {
-		cwd, cwd_err := os.get_working_directory(context.allocator)
+		cwd, cwd_err := os.get_working_directory(context.temp_allocator)
 		if cwd_err != nil {
-			fmt.printf("Error getting current directory: %v\n", cwd_err)
+			fmt.wprintf(cmd.err, "Error getting current directory: %v\n", cwd_err, flush = false)
 			return
 		}
 		check_path = cwd
@@ -25,13 +25,13 @@ cmd_check :: proc(cmd: ^Command) {
 	} else {
 		resolved, abs_err := filepath.abs(check_path)
 		if abs_err != nil {
-			fmt.printf("Error getting absolute path: %v\n", abs_err)
+			fmt.wprintf(cmd.err, "Error getting absolute path: %v\n", abs_err, flush = false)
 			return
 		}
 		abs_path = resolved
 	}
-	db, db_ok := db_open()
+	db, db_ok := db_open(cmd.config_path)
 	if !db_ok {
 		return
 	}
@@ -43,15 +43,17 @@ cmd_check :: proc(cmd: ^Command) {
 	if is_dir {
 		if cant_scan(feats) {
-			fmt.println(
+			fmt.wprintln(
 				cmd.err,
 				"Error: please install fd to use the check command (https://github.com/sharkdp/fd)",
 				flush = false,
 			)
 			return
 		}
 		scanned, scan_ok := scan_path(abs_path, db.cfg)
 		if !scan_ok {
-			fmt.println("Error scanning directory for .env files")
+			fmt.wprintln(cmd.err, "Error scanning directory for .env files", flush = false)
 			return
 		}
 		files_in_path = scanned
@@ -68,16 +70,15 @@ cmd_check :: proc(cmd: ^Command) {
 	if len(not_backed) == 0 {
 		if len(files_in_path) == 0 {
-			fmt.println("No .env files found in the specified directory.")
+			fmt.wprintln(cmd.out, "No .env files found in the specified directory.", flush = false)
 		} else {
-			fmt.println("✓ All .env files in the directory are backed up.")
+			fmt.wprintln(cmd.out, "✓ All .env files in the directory are backed up.", flush = false)
 		}
 	} else {
-		fmt.printf("Found %d .env file(s) that are not backed up:\n", len(not_backed))
+		fmt.wprintf(cmd.out, "Found %d .env file(s) that are not backed up:\n", len(not_backed), flush = false)
 		for file in not_backed {
-			fmt.printf("  %s\n", file)
+			fmt.wprintf(cmd.out, "  %s\n", file, flush = false)
 		}
-		fmt.println("\nRun 'envr sync' to back up these files.")
+		fmt.wprintln(cmd.out, "\nRun 'envr sync' to back up these files.", flush = false)
 	}
 }
--- a/cmd_deps.odin
+++ b/cmd_deps.odin
@@ -1,10 +1,10 @@
 package main
 import "core:fmt"
 import "core:io"
 import "core:os"
 import "core:terminal"
 // TODO: Improve table rendering
 cmd_deps :: proc(cmd: ^Command) {
 	feats := check_features()
@@ -24,12 +24,10 @@ cmd_deps :: proc(cmd: ^Command) {
 	}
 	if terminal.is_terminal(os.stdout) {
-		w := io.to_writer(os.to_writer(os.stdout))
+		render_table(cmd.out, headers, rows[:])
 		render_table(w, headers, rows[:])
 	} else {
-		w := io.to_writer(os.to_writer(os.stdout))
+		render_json_rows(cmd.out, headers, rows[:])
-		render_json_rows(w, headers, rows[:])
+		fmt.wprint(cmd.out, "\n", flush = false)
 		io.write_string(w, "\n")
 	}
 }
--- a/cmd_edit_config.odin
+++ b/cmd_edit_config.odin
@@ -2,24 +2,24 @@ package main
 import "core:fmt"
 import "core:os"
 import "core:path/filepath"
 cmd_edit_config :: proc(cmd: ^Command) {
 	editor := os.get_env("EDITOR", context.allocator)
 	if len(editor) == 0 {
-		fmt.println("Error: $EDITOR environment variable is not set")
+		fmt.wprintln(cmd.err, "Error: $EDITOR environment variable is not set", flush = false)
 		return
 	}
-	config_path, join_err := filepath.join([]string{envr_dir(), "config.json"})
+	config_path := cmd.config_path
 	if join_err != nil {
 		fmt.printf("Error building config path: %v\n", join_err)
 		return
 	}
 	_, stat_err := os.stat(config_path, context.allocator)
 	if stat_err != nil {
-		fmt.printf("Config file does not exist at %s. Run 'envr init' first.\n", config_path)
+		fmt.wprintf(
 			cmd.err,
 			"Config file does not exist at %s. Run 'envr init' first.\n",
 			config_path,
 			flush = false,
 		)
 		return
 	}
@@ -33,13 +33,13 @@ cmd_edit_config :: proc(cmd: ^Command) {
 	p, start_err := os.process_start(desc)
 	if start_err != nil {
-		fmt.printf("Error running editor: %v\n", start_err)
+		fmt.wprintf(cmd.err, "Error running editor: %v\n", start_err, flush = false)
 		return
 	}
 	state, wait_err := os.process_wait(p)
 	if wait_err != nil {
-		fmt.printf("Error waiting for editor: %v\n", wait_err)
+		fmt.wprintf(cmd.err, "Error waiting for editor: %v\n", wait_err, flush = false)
 		return
 	}
 	if state.exit_code != 0 {
--- a/cmd_init.odin
+++ b/cmd_init.odin
@@ -5,10 +5,16 @@ import "core:fmt"
 cmd_init :: proc(cmd: ^Command) {
 	force := has_flag(cmd, "force") || has_flag(cmd, "f")
-	_, cfg_exists := load_config()
+	fmt.wprintln(cmd.out, cmd.config_path, flush = false)
 	_, cfg_exists := load_config(cmd.config_path)
 	if cfg_exists && !force {
-		fmt.println("You have already initialized envr.")
+		fmt.wprintln(
-		fmt.println("Run again with the --force flag if you want to reinitialize.")
+			cmd.out,
 			`You have already initialized envr.
 Run again with the --force flag if you want to reinitialize.`,
 			flush = false,
 		)
 		return
 	}
@@ -18,14 +24,15 @@ cmd_init :: proc(cmd: ^Command) {
 	}
 	if len(keys) == 0 {
-		fmt.println("No ssh-ed25519 keys found in ~/.ssh")
+		fmt.wprintln(cmd.err, `No ssh-ed25519 keys found in ~/.ssh
-		fmt.println("Generate one with: ssh-keygen -t ed25519")
+Generate one with: ssh-keygen -t ed25519`, flush = false)
 		return
 	}
 	selected, result := multi_select("Select SSH private keys:", keys[:])
 	defer delete(selected)
 	if result == .Cancel {
-		fmt.println("\x1b[2mCancelled.\x1b[0m")
+		fmt.wprintln(cmd.out, "\x1b[2mCancelled.\x1b[0m", flush = false)
 		return
 	}
@@ -37,18 +44,19 @@ cmd_init :: proc(cmd: ^Command) {
 	}
 	if len(selected_paths) == 0 {
-		fmt.println("No SSH keys selected - Config not created")
+		fmt.wprintln(cmd.err, "No SSH keys selected - Config not created", flush = false)
 		return
 	}
-	cfg := new_config(selected_paths[:])
+	cfg := new_config(selected_paths[:], cmd.config_path)
 	if !save_config(cfg, force = force) {
 		return
 	}
-	fmt.printf(
+	fmt.wprintf(
 		cmd.out,
 		"Config initialized with %d SSH key(s). You are ready to use envr.\n",
 		len(selected_paths),
 		flush = false,
 	)
 }
--- a/cmd_list.odin
+++ b/cmd_list.odin
@@ -2,7 +2,6 @@ package main
 import "core:encoding/json"
 import "core:fmt"
 import "core:io"
 import "core:os"
 import "core:path/filepath"
 import "core:strings"
@@ -13,8 +12,10 @@ ListEntry :: struct {
 	Path:      string `json:"path"`,
 }
 // TODO: Support --format flag
 // TODO: Improve table rendering
 cmd_list :: proc(cmd: ^Command) {
-	db, db_ok := db_open()
+	db, db_ok := db_open(cmd.config_path)
 	if !db_ok {
 		return
 	}
@@ -39,9 +40,9 @@ cmd_list :: proc(cmd: ^Command) {
 			append(&table_rows, row_slice)
 		}
-		w := io.to_writer(os.to_writer(os.stdout))
+		render_table(cmd.out, headers, table_rows[:])
 		render_table(w, headers, table_rows[:])
 	} else {
 		// TODO: Should we instead print full entries here?
 		entries: [dynamic]ListEntry
 		for row in rows {
 			filename := filepath.base(row.Path)
@@ -54,12 +55,12 @@ cmd_list :: proc(cmd: ^Command) {
 			)
 		}
-		data, marshal_err := json.marshal(entries[:])
+		data, marshal_err := json.marshal(entries[:], allocator = context.temp_allocator)
 		if marshal_err != nil {
-			fmt.printf("Error marshaling JSON: %v\n", marshal_err)
+			fmt.wprintf(cmd.err, "Error marshaling JSON: %v\n", marshal_err, flush = false)
 			return
 		}
-		fmt.println(string(data))
+		fmt.wprintln(cmd.out, string(data), flush = false)
 	}
 }
--- a/cmd_nushell_completion.odin
+++ b/cmd_nushell_completion.odin
@@ -5,5 +5,6 @@ import "core:fmt"
 COMPLETION_SCRIPT: string : string(#load("mod.nu"))
 cmd_nushell_completion :: proc(cmd: ^Command) {
-	fmt.print(COMPLETION_SCRIPT)
+	fmt.wprint(cmd.out, COMPLETION_SCRIPT, flush = false)
 }
--- a/cmd_remove.odin
+++ b/cmd_remove.odin
@@ -5,38 +5,40 @@ import "core:path/filepath"
 import "core:strings"
 cmd_remove :: proc(cmd: ^Command) {
-    if len(cmd.args) != 1 {
+	if len(cmd.args) != 1 {
-		print_command_help("remove")
+		print_command_help(cmd)
-        return
+		return
-    }
+	}
-    path := cmd.args[0]
+	path := cmd.args[0]
-    if len(strings.trim_space(path)) == 0 {
+	if len(strings.trim_space(path)) == 0 {
-        fmt.println("Error: No path provided")
+		fmt.wprintln(cmd.err, "Error: No path provided", flush = false)
-        return
+		return
-    }
+	}
-    abs_path: string
+	// TODO: Is this the best way to do it?
-    if filepath.is_abs(path) {
+	abs_path: string
-        abs_path = path
+	if filepath.is_abs(path) {
-    } else {
+		abs_path = path
-        resolved, abs_err := filepath.abs(path)
+	} else {
-        if abs_err != nil {
+		resolved, abs_err := filepath.abs(path)
-            fmt.printf("Error getting absolute path: %v\n", abs_err)
+		if abs_err != nil {
-            return
+			fmt.wprintf(cmd.err, "Error getting absolute path: %v\n", abs_err, flush = false)
-        }
+			return
-        abs_path = resolved
+		}
-    }
+		abs_path = resolved
 	}
-    db, db_ok := db_open()
+	db, db_ok := db_open(cmd.config_path)
-    if !db_ok {
+	if !db_ok {
-        return
+		return
-    }
+	}
-    defer db_close(&db)
+	defer db_close(&db)
-    if !db_delete(&db, abs_path) {
+	if !db_delete(&db, abs_path) {
-        return
+		return
-    }
+	}
-    fmt.printf("Removed %s from the database\n", abs_path)
+	fmt.wprintf(cmd.out, "Removed %s from the database\n", abs_path, flush = false)
 }
--- a/cmd_restore.odin
+++ b/cmd_restore.odin
@@ -6,48 +6,50 @@ import "core:path/filepath"
 import "core:strings"
 cmd_restore :: proc(cmd: ^Command) {
-    if len(cmd.args) != 1 {
+	if len(cmd.args) != 1 {
-		print_command_help("restore")
+		print_command_help(cmd)
-        return
+		return
-    }
+	}
-    path := cmd.args[0]
+	path := cmd.args[0]
-    if len(strings.trim_space(path)) == 0 {
+	if len(strings.trim_space(path)) == 0 {
-        fmt.println("Error: No path provided")
+		fmt.wprintln(cmd.err, "Error: No path provided", flush = false)
-        return
+		return
-    }
+	}
-    abs_path: string
+	// TODO: Is this the right way to handle this?
-    if filepath.is_abs(path) {
+	abs_path: string
-        abs_path = path
+	if filepath.is_abs(path) {
-    } else {
+		abs_path = path
-        resolved, abs_err := filepath.abs(path)
+	} else {
-        if abs_err != nil {
+		resolved, abs_err := filepath.abs(path)
-            fmt.printf("Error getting absolute path: %v\n", abs_err)
+		if abs_err != nil {
-            return
+			fmt.wprintf(cmd.err, "Error getting absolute path: %v\n", abs_err, flush = false)
-        }
+			return
-        abs_path = resolved
+		}
-    }
+		abs_path = resolved
 	}
-    db, db_ok := db_open()
+	db, db_ok := db_open(cmd.config_path)
-    if !db_ok {
+	if !db_ok {
-        return
+		return
-    }
+	}
-    defer db_close(&db)
+	defer db_close(&db)
-    file, fetch_ok := db_fetch(&db, abs_path)
+	file, fetch_ok := db_fetch(&db, abs_path)
-    if !fetch_ok {
+	if !fetch_ok {
-        return
+		return
-    }
+	}
-    dir := filepath.dir(file.Path)
+	dir := filepath.dir(file.Path)
-    os.mkdir_all(dir)
+	os.mkdir_all(dir)
-    write_err := os.write_entire_file(file.Path, file.contents)
+	write_err := os.write_entire_file(file.Path, file.contents)
-    if write_err != nil {
+	if write_err != nil {
-        fmt.printf("Error writing file: %v\n", write_err)
+		fmt.wprintf(cmd.err, "Error writing file: %v\n", write_err, flush = false)
-        return
+		return
-    }
+	}
-    fmt.printf("Restored %s\n", file.Path)
+	fmt.wprintf(cmd.out, "Restored %s\n", file.Path, flush = false)
 }
--- a/cmd_scan.odin
+++ b/cmd_scan.odin
@@ -8,13 +8,15 @@ import "core:terminal"
 cmd_scan :: proc(cmd: ^Command) {
 	feats := check_features()
 	if cant_scan(feats) {
-		fmt.println(
+		fmt.wprintln(
 			cmd.err,
 			"Error: please install fd to use the scan command (https://github.com/sharkdp/fd)",
 			flush = false,
 		)
 		return
 	}
-	db, db_ok := db_open()
+	db, db_ok := db_open(cmd.config_path)
 	if !db_ok {
 		return
 	}
@@ -22,7 +24,11 @@ cmd_scan :: proc(cmd: ^Command) {
 	search_dirs := search_paths(db.cfg)
 	if len(search_dirs) == 0 {
-		fmt.println("No search paths configured. Please run `envr init` or edit your config.")
+		fmt.wprintln(
 			cmd.err,
 			"No search paths configured. Please run `envr init -f` or edit your config.",
 			flush = false,
 		)
 		return
 	}
@@ -31,7 +37,7 @@ cmd_scan :: proc(cmd: ^Command) {
 	for dir in search_dirs {
 		found, scan_ok := scan_path(dir, db.cfg)
 		if !scan_ok {
-			fmt.printf("Error scanning %s\n", dir)
+			fmt.wprintf(cmd.err, "Error scanning %s\n", dir, flush = false)
 			continue
 		}
 		for f in found {
@@ -47,23 +53,29 @@ cmd_scan :: proc(cmd: ^Command) {
 	files := find_unbacked(all_files[:], db_files[:])
 	if len(files) == 0 {
-		fmt.println("No .env files found to add.")
+		fmt.wprintln(cmd.out, "No .env files found to add.", flush = false)
 		return
 	}
 	if !terminal.is_terminal(os.stdout) {
 		output, marshal_err := json.marshal(files[:])
 		if marshal_err != nil {
-			fmt.printf("Error marshaling files to JSON: %v\n", marshal_err)
+			fmt.wprintf(
 				cmd.err,
 				"Error marshaling files to JSON: %v\n",
 				marshal_err,
 				flush = false,
 			)
 			return
 		}
-		fmt.println(string(output))
+		fmt.wprintln(cmd.out, string(output), flush = false)
 		return
 	}
 	selected, result := multi_select("Select .env files to backup:", files[:])
 	defer delete(selected)
 	if result == .Cancel {
-		fmt.println("\x1b[2mCancelled.\x1b[0m")
+		fmt.wprintln(cmd.out, "\x1b[2mCancelled.\x1b[0m", flush = false)
 		return
 	}
@@ -74,20 +86,25 @@ cmd_scan :: proc(cmd: ^Command) {
 		}
 		env_file, ok := new_env_file(files[i])
 		if !ok {
-			fmt.printf("Error reading %s\n", files[i])
+			fmt.wprintf(cmd.err, "Error reading %s\n", files[i], flush = false)
 			continue
 		}
 		if !db_insert(&db, env_file) {
-			fmt.printf("Error adding %s\n", files[i])
+			fmt.wprintf(cmd.err, "Error adding %s\n", files[i], flush = false)
 			continue
 		}
 		added_count += 1
 	}
 	if added_count > 0 {
-		fmt.printf("\x1b[1;32mSuccessfully added %d file(s) to backup.\x1b[0m\n", added_count)
+		fmt.wprintf(
 			cmd.out,
 			"\x1b[1;32mSuccessfully added %d file(s) to backup.\x1b[0m\n",
 			added_count,
 			flush = false,
 		)
 	} else {
-		fmt.println("\x1b[2mNo files were added.\x1b[0m")
+		fmt.wprintln(cmd.out, "\x1b[2mNo files were added.\x1b[0m", flush = false)
 	}
 }
--- a/cmd_sync.odin
+++ b/cmd_sync.odin
@@ -2,7 +2,6 @@ package main
 import "core:encoding/json"
 import "core:fmt"
 import "core:io"
 import "core:os"
 import "core:strings"
 import "core:terminal"
@@ -13,8 +12,9 @@ SyncEntry :: struct {
 }
 // TODO: Check for quiet failures.
 // TODO: Support --format -f flags
 cmd_sync :: proc(cmd: ^Command) {
-	db, db_ok := db_open()
+	db, db_ok := db_open(cmd.config_path)
 	if !db_ok {
 		return
 	}
@@ -26,11 +26,13 @@ cmd_sync :: proc(cmd: ^Command) {
 	}
 	defer delete(files)
 	// TODO: Set sane default size
 	results: [dynamic]SyncEntry
 	defer delete(results)
 	for &file in files {
 		old_path: string
-		old_path, _ = strings.clone(file.Path)
+		old_path, _ = strings.clone(file.Path, context.temp_allocator)
 		result, err_msg := db_sync(&db, &file)
@@ -81,15 +83,14 @@ cmd_sync :: proc(cmd: ^Command) {
 			append(&table_rows, row_slice)
 		}
-		w := io.to_writer(os.to_writer(os.stdout))
+		render_table(cmd.out, headers, table_rows[:])
 		render_table(w, headers, table_rows[:])
 	} else {
 		data, marshal_err := json.marshal(results[:])
 		if marshal_err != nil {
-			fmt.printf("Error marshaling JSON: %v\n", marshal_err)
+			fmt.wprintf(cmd.err, "Error marshaling JSON: %v\n", marshal_err, flush = false)
 			return
 		}
-		fmt.println(string(data))
+		fmt.wprintln(cmd.out, string(data), flush = false)
 	}
 }
--- a/cmd_version.odin
+++ b/cmd_version.odin
@@ -5,6 +5,6 @@ import "core:fmt"
 VERSION :: #load("version.txt", string)
 cmd_version :: proc(cmd: ^Command) {
-	fmt.println(VERSION)
+	fmt.wprintln(cmd.out, VERSION, flush = false)
 }
--- a/config.odin
+++ b/config.odin
@@ -18,52 +18,65 @@ ScanConfig :: struct {
 }
 Config :: struct {
-	Keys:       [dynamic]SshKeyPair `json:"keys"`,
+	Keys:        [dynamic]SshKeyPair `json:"keys"`,
-	ScanConfig: ScanConfig `json:"scan"`,
+	ScanConfig:  ScanConfig `json:"scan"`,
 	config_path: string `json:"-"`,
 }
-load_config :: proc() -> (Config, bool) {
+default_config_path :: proc(home: string, allocator := context.allocator) -> string {
-	home, home_err := os.user_home_dir(context.temp_allocator)
+	path, err := filepath.join([]string{home, ".envr", "config.json"}, allocator)
-	if home_err != nil {
+	if err != nil {
-		fmt.printf("Error getting home dir: %v\n", home_err)
+		panic("Ran out of memory when building config path")
 		return Config{}, false
 	}
 	config_path, join_err := filepath.join([]string{home, ".envr", "config.json"})
 	if join_err != nil {
 		return Config{}, false
 	}
 	return path
 }
 load_config :: proc(config_path: string) -> (Config, bool) {
 	data, read_err := os.read_entire_file_from_path(config_path, context.allocator)
 	if read_err != nil {
 		fmt.println("No config file found. Please run `envr init` to generate one.")
 		return Config{}, false
 	}
 	defer delete(data)
 	cfg: Config
 	// TODO: use json 5
 	err := json.unmarshal(data, &cfg)
 	if err != nil {
 		fmt.printf("Error parsing config: %v\n", err)
 		return Config{}, false
 	}
 	cfg.config_path = config_path
 	return cfg, true
 }
-delete_config :: proc(cfg: Config) {
+delete_config :: proc(cfg: ^Config) {
 	for key in cfg.Keys {
 		delete(key.Private)
 		delete(key.Public)
 	}
 	delete(cfg.Keys)
 	delete(cfg.ScanConfig.Matcher)
 	for exclude in cfg.ScanConfig.Exclude {
 		delete(exclude)
 	}
 	delete(cfg.ScanConfig.Exclude)
 	for include in cfg.ScanConfig.Include {
 		delete(include)
 	}
 	delete(cfg.ScanConfig.Include)
 }
-envr_dir :: proc() -> string {
+envr_dir :: proc(config_path: string) -> string {
-	home, _ := os.user_home_dir(context.allocator)
+	return filepath.dir(config_path)
 	dir, _ := filepath.join([]string{home, ".envr"})
 	return dir
 }
-data_encrypted_path :: proc() -> string {
+data_path :: proc(config_path: string) -> string {
-	dir := envr_dir()
+	path, _ := filepath.join([]string{envr_dir(config_path), "data.envr"})
 	path, _ := filepath.join([]string{dir, "data.envr"})
 	return path
 }
@@ -113,53 +126,50 @@ find_ssh_private_keys :: proc() -> (keys: [dynamic]string, ok: bool) {
 	return
 }
-new_config :: proc(private_key_paths: []string) -> Config {
+// Caller is responsible for calling delete_config()
 new_config :: proc(
 	private_key_paths: []string,
 	cfg_path: string = "~/.envr/config.json",
 ) -> Config {
 	keys := make([dynamic]SshKeyPair, 0, len(private_key_paths))
 	for priv in private_key_paths {
 		// TODO: Is this bad?
-		pub, _ := strings.concatenate([]string{priv, ".pub"}, context.temp_allocator)
+		priv_key := strings.clone(priv)
-		append(&keys, SshKeyPair{Private = priv, Public = pub})
+		pub, _ := strings.concatenate([]string{priv_key, ".pub"})
 		append(&keys, SshKeyPair{Private = priv_key, Public = pub})
 	}
 	exclude := make([dynamic]string, 0, 4)
-	append(&exclude, "*\\.envrc")
+	append(&exclude, strings.clone("*\\.envrc"))
-	append(&exclude, "\\.local/")
+	append(&exclude, strings.clone("\\.local/"))
-	append(&exclude, "node_modules")
+	append(&exclude, strings.clone("node_modules"))
-	append(&exclude, "vendor")
+	append(&exclude, strings.clone("vendor"))
 	include := make([dynamic]string, 0, 1)
-	append(&include, "~")
+	append(&include, strings.clone("~"))
 	scan_cfg := ScanConfig {
-		Matcher = "\\.env",
+		Matcher = strings.clone("\\.env"),
 		Exclude = exclude,
 		Include = include,
 	}
-	return Config{Keys = keys, ScanConfig = scan_cfg}
+	return Config{Keys = keys, ScanConfig = scan_cfg, config_path = cfg_path}
 }
 save_config :: proc(cfg: Config, force: bool = false) -> bool {
-	home, home_err := os.user_home_dir(context.allocator)
+	config_dir := envr_dir(cfg.config_path)
 	if home_err != nil {
 		fmt.printf("Error getting home dir: %v\n", home_err)
 		return false
 	}
 	config_dir, _ := filepath.join([]string{home, ".envr"})
 	if !os.exists(config_dir) {
 		mkdir_err := os.make_directory(config_dir)
 		if mkdir_err != nil {
-			fmt.printf("Error creating ~/.envr directory: %v\n", mkdir_err)
+			fmt.printf("Error creating %s directory: %v\n", config_dir, mkdir_err)
 			return false
 		}
 	}
-	config_path, _ := filepath.join([]string{config_dir, "config.json"})
+	if os.exists(cfg.config_path) && !force {
-
+		info, stat_err := os.stat(cfg.config_path, context.allocator)
 	if os.exists(config_path) && !force {
 		info, stat_err := os.stat(config_path, context.allocator)
 		if stat_err == nil {
 			defer os.file_info_delete(info, context.allocator)
 			if info.size > 0 {
@@ -174,8 +184,9 @@ save_config :: proc(cfg: Config, force: bool = false) -> bool {
 		fmt.printf("Error marshaling config: %v\n", marshal_err)
 		return false
 	}
 	defer delete(data)
-	write_err := os.write_entire_file(config_path, data)
+	write_err := os.write_entire_file(cfg.config_path, data)
 	if write_err != nil {
 		fmt.printf("Error writing config: %v\n", write_err)
 		return false
@@ -185,15 +196,18 @@ save_config :: proc(cfg: Config, force: bool = false) -> bool {
 }
 search_paths :: proc(cfg: Config) -> (paths: [dynamic]string) {
-	home, _ := os.user_home_dir(context.allocator)
+	// TODO: Is this okay?
 	// TODO: handle error
 	home, _ := os.user_home_dir(context.temp_allocator)
 	for include in cfg.ScanConfig.Include {
 		// TODO: Do we need to manually expand ~/ in odin?
 		expanded, _ := strings.replace(include, "~", home, 1)
-		cloned, _ := strings.clone(expanded)
+		if filepath.is_abs(expanded) {
-		if filepath.is_abs(cloned) {
+			append(&paths, expanded)
 			append(&paths, cloned)
 		} else {
-			resolved, err := filepath.abs(cloned)
+			defer delete(expanded)
 			resolved, err := filepath.abs(expanded)
 			if err == nil {
 				append(&paths, resolved)
 			}
--- a/config_test.odin
+++ b/config_test.odin
@@ -1,12 +1,19 @@
 package main
 import "core:fmt"
 import "core:os"
 import "core:path/filepath"
 import "core:strings"
 import "core:sync"
 import "core:testing"
 home_mutex: sync.Mutex
@(test)
 test_new_config_single_key :: proc(t: ^testing.T) {
 	paths := []string{"/home/user/.ssh/id_ed25519"}
 	cfg := new_config(paths)
-	defer delete_config(cfg)
+	defer delete_config(&cfg)
 	testing.expect(t, len(cfg.Keys) == 1, "should have 1 key")
 	testing.expect(t, cfg.Keys[0].Private == "/home/user/.ssh/id_ed25519", "Private path mismatch")
@@ -21,7 +28,7 @@ test_new_config_single_key :: proc(t: ^testing.T) {
 test_new_config_multiple_keys :: proc(t: ^testing.T) {
 	paths := []string{"/home/user/.ssh/id_ed25519", "/home/user/.ssh/id_rsa"}
 	cfg := new_config(paths)
-	defer delete_config(cfg)
+	defer delete_config(&cfg)
 	testing.expect(t, len(cfg.Keys) == 2, "should have 2 keys")
 	testing.expect(t, cfg.Keys[0].Private == "/home/user/.ssh/id_ed25519")
@@ -32,7 +39,7 @@ test_new_config_multiple_keys :: proc(t: ^testing.T) {
 test_new_config_empty_keys :: proc(t: ^testing.T) {
 	paths: []string
 	cfg := new_config(paths)
-	defer delete_config(cfg)
+	defer delete_config(&cfg)
 	testing.expect(t, len(cfg.Keys) == 0, "should have 0 keys")
 }
@@ -41,7 +48,7 @@ test_new_config_empty_keys :: proc(t: ^testing.T) {
 test_new_config_scan_defaults :: proc(t: ^testing.T) {
 	paths := []string{"/home/user/.ssh/id_ed25519"}
 	cfg := new_config(paths)
-	defer delete_config(cfg)
+	defer delete_config(&cfg)
 	testing.expect(t, cfg.ScanConfig.Matcher == "\\.env", "matcher should be \\.env")
 	testing.expect(t, len(cfg.ScanConfig.Exclude) == 4, "should have 4 exclude patterns")
@@ -53,7 +60,7 @@ test_new_config_scan_defaults :: proc(t: ^testing.T) {
 test_new_config_exclude_patterns :: proc(t: ^testing.T) {
 	paths := []string{"/home/user/.ssh/id_ed25519"}
 	cfg := new_config(paths)
-	defer delete_config(cfg)
+	defer delete_config(&cfg)
 	expected := []string{"*\\.envrc", "\\.local/", "node_modules", "vendor"}
 	for i in 0 ..< len(expected) {
@@ -61,3 +68,143 @@ test_new_config_exclude_patterns :: proc(t: ^testing.T) {
 	}
 }
@(test)
 test_save_load_config_roundtrip :: proc(t: ^testing.T) {
 	base := fmt.tprintf("/tmp/envr-test-cfg-rt-%d", os.get_pid())
 	os.mkdir_all(base)
 	defer os.remove_all(base)
 	cfgPath, err := filepath.join([]string{base, "config.json"}, context.temp_allocator)
 	testing.expect(t, err == nil, "cfgPath should build successfully")
 	cfg := new_config([]string{"/home/user/.ssh/id_ed25519"}, cfgPath)
 	defer delete_config(&cfg)
 	testing.expect(t, save_config(cfg, force = true), "save should succeed")
 	loaded, ok := load_config(cfg.config_path)
 	testing.expect(t, ok, "load should succeed")
 	if !ok do return
 	defer delete_config(&loaded)
 	testing.expect(t, len(loaded.Keys) == 1, "should have 1 key")
 	testing.expect(t, loaded.Keys[0].Private == "/home/user/.ssh/id_ed25519")
 	testing.expect(t, loaded.Keys[0].Public == "/home/user/.ssh/id_ed25519.pub")
 	testing.expect(t, loaded.ScanConfig.Matcher == "\\.env")
 	testing.expect(t, len(loaded.ScanConfig.Exclude) == 4)
 	testing.expect(t, len(loaded.ScanConfig.Include) == 1)
 	testing.expect(t, loaded.ScanConfig.Include[0] == "~")
 }
@(test)
 test_load_config_missing :: proc(t: ^testing.T) {
 	_, ok := load_config("/tmp/envr-test-cfg-nonexistent/config.json")
 	testing.expect(t, !ok, "missing config should return false")
 }
@(test)
 test_save_config_no_clobber :: proc(t: ^testing.T) {
 	base := fmt.tprintf("/tmp/envr-test-cfg-noclobber-%d", os.get_pid())
 	os.mkdir_all(base)
 	defer os.remove_all(base)
 	cfgPath, err := filepath.join([]string{base, "config.json"}, context.temp_allocator)
 	testing.expect(t, err == nil, "cfgPath should build successfully")
 	cfg := new_config([]string{"/home/user/.ssh/key1"}, cfgPath)
 	defer delete_config(&cfg)
 	testing.expect(t, save_config(cfg, force = true), "first save should succeed")
 	cfg2 := new_config([]string{"/home/user/.ssh/key2"}, cfgPath)
 	defer delete_config(&cfg2)
 	testing.expect(t, !save_config(cfg2), "second save without force should fail")
 }
@(test)
 test_save_config_force_overwrites :: proc(t: ^testing.T) {
 	base := fmt.tprintf("/tmp/envr-test-cfg-force-%d", os.get_pid())
 	os.mkdir_all(base)
 	defer os.remove_all(base)
 	cfgPath, err := filepath.join([]string{base, "config.json"}, context.temp_allocator)
 	testing.expect(t, err == nil, "cfgPath should build successfully")
 	cfg := new_config([]string{"/home/user/.ssh/key1"}, cfgPath)
 	defer delete_config(&cfg)
 	testing.expect(t, save_config(cfg, force = true), "first save should succeed")
 	cfg2 := new_config([]string{"/home/user/.ssh/key2"}, cfgPath)
 	defer delete_config(&cfg2)
 	testing.expect(t, save_config(cfg2, force = true), "force save should overwrite")
 	loaded, ok := load_config(cfgPath)
 	testing.expect(t, ok, "load should succeed")
 	if !ok do return
 	defer delete_config(&loaded)
 	testing.expect(t, len(loaded.Keys) == 1, "should have 1 key")
 	testing.expect(
 		t,
 		loaded.Keys[0].Private == "/home/user/.ssh/key2",
 		"should be the overwritten key",
 	)
 }
@(test)
 test_envr_dir :: proc(t: ^testing.T) {
 	dir := envr_dir("/tmp/envr-fake-home-envrdir/.envr/config.json")
 	testing.expectf(t, strings.has_suffix(dir, ".envr"), "dir should end with .envr, got %s", dir)
 	testing.expectf(
 		t,
 		strings.contains(dir, "envr-fake-home-envrdir"),
 		"dir should contain home dir, got %s",
 		dir,
 	)
 }
@(test)
 test_data_path :: proc(t: ^testing.T) {
 	p := data_path("/tmp/envr-fake-home-datapath/config.json")
 	defer delete(p)
 	testing.expectf(t, strings.has_suffix(p, "data.envr"), "should end with data.envr, got %s", p)
 	testing.expectf(t, strings.contains(p, ".envr"), "should contain .envr dir, got %s", p)
 }
@(test)
 test_search_paths_expands_tilde :: proc(t: ^testing.T) {
 	sync.mutex_lock(&home_mutex)
 	defer sync.mutex_unlock(&home_mutex)
 	old_home := os.get_env("HOME", context.temp_allocator)
 	defer {
 		if old_home != "" {
 			os.set_env("HOME", old_home)
 		}
 	}
 	os.set_env("HOME", "/tmp/envr-fake-home-search")
 	cfg := Config {
 		ScanConfig = ScanConfig{Include = make([dynamic]string, 0, 1)},
 	}
 	defer delete(cfg.ScanConfig.Include)
 	append(&cfg.ScanConfig.Include, "~")
 	paths := search_paths(cfg)
 	defer delete(paths)
 	for path in paths {
 		defer delete(path)
 	}
 	testing.expect(t, len(paths) == 1, "should have 1 path")
 	if len(paths) > 0 {
 		testing.expectf(
 			t,
 			strings.contains(paths[0], "envr-fake-home-search"),
 			"should expand ~ to home, got %s",
 			paths[0],
 		)
 		testing.expect(t, !strings.contains(paths[0], "~"), "should not contain literal ~")
 	}
 }
--- a/crypto_test.odin
+++ b/crypto_test.odin
@@ -25,7 +25,11 @@ test_encrypt_decrypt_roundtrip :: proc(t: ^testing.T) {
 	testing.expect(t, dec_ok, "decryption should succeed")
 	defer delete(decrypted)
-	testing.expect(t, len(decrypted) == len(original), fmt.tprintf("expected %d bytes, got %d", len(original), len(decrypted)))
+	testing.expect(
 		t,
 		len(decrypted) == len(original),
 		fmt.tprintf("expected %d bytes, got %d", len(original), len(decrypted)),
 	)
 	for i in 0 ..< len(original) {
 		testing.expect(t, decrypted[i] == original[i], fmt.tprintf("byte mismatch at index %d", i))
 	}
@@ -50,8 +54,16 @@ test_encrypt_decrypt_multi_recipient :: proc(t: ^testing.T) {
 	defer delete(decrypted2)
 	for i in 0 ..< len(original) {
-		testing.expect(t, decrypted1[i] == original[i], fmt.tprintf("key1: byte mismatch at %d", i))
+		testing.expect(
-		testing.expect(t, decrypted2[i] == original[i], fmt.tprintf("key2: byte mismatch at %d", i))
+			t,
 			decrypted1[i] == original[i],
 			fmt.tprintf("key1: byte mismatch at %d", i),
 		)
 		testing.expect(
 			t,
 			decrypted2[i] == original[i],
 			fmt.tprintf("key2: byte mismatch at %d", i),
 		)
 	}
 }
@@ -85,6 +97,25 @@ test_encrypt_empty_plaintext :: proc(t: ^testing.T) {
 	testing.expect(t, len(decrypted) == 0, "decrypted empty data should be empty")
 }
@(test)
 test_recipient_can_decrypt_senders_data :: proc(t: ^testing.T) {
 	key1 := make_test_key_pair("test_ed25519")
 	key2 := make_test_key_pair("test_ed25519_second")
 	original := []u8{10, 20, 30, 40, 50}
 	encrypted, enc_ok := encrypt(original, []SshKeyPair{key1, key2})
 	testing.expect(t, enc_ok, "encryption with 2 keys should succeed")
 	defer delete(encrypted)
 	decrypted, dec_ok := decrypt(encrypted, []SshKeyPair{key2})
 	testing.expect(t, dec_ok, "second recipient should decrypt without the sender key present")
 	defer delete(decrypted)
 	for i in 0 ..< len(original) {
 		testing.expect(t, decrypted[i] == original[i], fmt.tprintf("byte mismatch at %d", i))
 	}
 }
@(test)
 test_ciphertext_has_magic :: proc(t: ^testing.T) {
 	key := make_test_key_pair("test_ed25519")
@@ -100,3 +131,4 @@ test_ciphertext_has_magic :: proc(t: ^testing.T) {
 	testing.expect(t, encrypted[2] == u8('V'), "magic byte 2")
 	testing.expect(t, encrypted[3] == u8('R'), "magic byte 3")
 }
--- a/db.odin
+++ b/db.odin
@@ -27,6 +27,7 @@ SyncDirection :: enum {
 }
 Db :: struct {
 	// Pointer to the sqlite db
 	db:      ^rawptr,
 	cfg:     Config,
 	changed: bool,
@@ -40,21 +41,32 @@ EnvFile :: struct {
 	contents: string,
 }
 delete_envfile :: proc(f: ^EnvFile) {
 	delete(f.Path)
 	for &remote in f.Remotes {
 		delete(remote)
 	}
 	delete(f.Remotes)
 	delete(f.Sha256)
 	delete(f.contents)
 }
 make_temp_path :: proc() -> string {
 	ts := time.time_to_unix(time.now())
 	b: strings.Builder
 	strings.builder_init(&b)
 	defer strings.builder_destroy(&b)
 	fmt.sbprintf(&b, "/tmp/envr-%d-%d.db", os.get_pid(), ts)
 	return strings.to_string(b)
 }
-db_open :: proc() -> (Db, bool) {
+db_open :: proc(cfg_path: string) -> (Db, bool) {
-	cfg, ok := load_config()
+	cfg, ok := load_config(cfg_path)
 	if !ok {
 		return Db{}, false
 	}
-	data_path := data_encrypted_path()
+	data_path := data_path(cfg.config_path)
 	_, stat_err := os.stat(data_path, context.allocator)
 	db: ^rawptr
@@ -64,8 +76,8 @@ db_open :: proc() -> (Db, bool) {
 		return Db{}, false
 	}
-	create_sql := "CREATE TABLE IF NOT EXISTS envr_env_files (path TEXT PRIMARY KEY NOT NULL, remotes TEXT, sha256 TEXT NOT NULL, contents TEXT NOT NULL)"
+	create_sql: cstring = "CREATE TABLE IF NOT EXISTS envr_env_files (path TEXT PRIMARY KEY NOT NULL, remotes TEXT, sha256 TEXT NOT NULL, contents TEXT NOT NULL)"
-	rc = sqlite.db_exec(db, string_to_cstring(create_sql), nil, nil, nil)
+	rc = sqlite.db_exec(db, create_sql, nil, nil, nil)
 	if rc != sqlite.OK {
 		fmt.printf("Error creating table: %s\n", sqlite.db_errmsg(db))
 		sqlite.db_close(db)
@@ -83,56 +95,66 @@ db_open :: proc() -> (Db, bool) {
 }
 db_close :: proc(d: ^Db) {
 	defer sqlite.db_close(d.db)
 	if d.changed {
-		tmp_path := make_temp_path()
+		rc := sqlite.db_exec(d.db, "VACUUM", nil, nil, nil)
-
+		if rc != sqlite.OK {
-		if !db_vacuum_to_file(d.db, tmp_path) {
+			fmt.printf("Error vacuuming database: %s\n", sqlite.db_errmsg(d.db))
 			os.remove(tmp_path)
 			sqlite.db_close(d.db)
 			return
 		}
-		sqlite_data, read_err := os.read_entire_file_from_path(tmp_path, context.allocator)
+		sz: i64
-		os.remove(tmp_path)
+		data := sqlite.serialize(d.db, "main", &sz, 0)
-		if read_err != nil {
+		if data == nil {
-			fmt.printf("Error reading vacuumed database: %v\n", read_err)
+			fmt.println("Error: failed to serialize database")
 			sqlite.db_close(d.db)
 			return
 		}
 		defer sqlite.free(data)
 		sqlite_data := data[:sz]
 		encrypted, enc_ok := encrypt(sqlite_data, d.cfg.Keys[:])
 		delete(sqlite_data)
 		if !enc_ok {
 			fmt.println("Error: encryption failed")
 			sqlite.db_close(d.db)
 			return
 		}
-		data_path := data_encrypted_path()
+		data_path := data_path(d.cfg.config_path)
-		envr_d := envr_dir()
+		envr_d := envr_dir(d.cfg.config_path)
 		os.mkdir_all(envr_d)
 		write_err := os.write_entire_file(data_path, encrypted)
 		delete(encrypted)
 		if write_err != nil {
 			fmt.printf("Error writing encrypted database: %v\n", write_err)
 			sqlite.db_close(d.db)
 			return
 		}
 		d.changed = false
 	}
 	sqlite.db_close(d.db)
 }
-db_list :: proc(d: ^Db) -> (results: [dynamic]EnvFile, ok: bool) {
+// Caller is responsible for calling:
-	sql := "SELECT path, remotes, sha256, contents FROM envr_env_files"
+// ```odin
 // delete(results)
 // for &result in results {
 // 	delete(&result)
 // }
 // ```
 db_list :: proc(d: ^Db, allocator := context.allocator) -> (results: [dynamic]EnvFile, ok: bool) {
 	stmt: ^rawptr
-	rc := sqlite.prepare_v2(d.db, string_to_cstring(sql), -1, &stmt, nil)
+	rc := sqlite.prepare_v2(
 		d.db,
 		"SELECT path, remotes, sha256, contents FROM envr_env_files",
 		-1,
 		&stmt,
 		nil,
 	)
 	if rc != sqlite.OK {
 		fmt.printf("Error preparing query: %s\n", sqlite.db_errmsg(d.db))
 		return
 	}
 	defer sqlite.finalize(stmt)
 	for {
 		rc = sqlite.step(stmt)
@@ -141,19 +163,15 @@ db_list :: proc(d: ^Db) -> (results: [dynamic]EnvFile, ok: bool) {
 		}
 		if rc != sqlite.ROW {
 			fmt.printf("Error stepping query: %s\n", sqlite.db_errmsg(d.db))
 			sqlite.finalize(stmt)
 			return
 		}
-		path := cstring_to_string(sqlite.column_text(stmt, 0))
+		remotes_json := string(sqlite.column_text(stmt, 1))
-		remotes_json := cstring_to_string(sqlite.column_text(stmt, 1))
+		remotes: [dynamic]string = ---
 		sha := cstring_to_string(sqlite.column_text(stmt, 2))
 		contents := cstring_to_string(sqlite.column_text(stmt, 3))
 		remotes: [dynamic]string
 		if len(remotes_json) > 0 {
-			json.unmarshal_string(remotes_json, &remotes)
+			json.unmarshal_string(remotes_json, &remotes, allocator = allocator)
 		}
 		path := clone_cstring(sqlite.column_text(stmt, 0), allocator)
 		append(
 			&results,
@@ -161,33 +179,22 @@ db_list :: proc(d: ^Db) -> (results: [dynamic]EnvFile, ok: bool) {
 				Path = path,
 				Dir = filepath.dir(path),
 				Remotes = remotes,
-				Sha256 = sha,
+				Sha256 = clone_cstring(sqlite.column_text(stmt, 2), allocator),
-				contents = contents,
+				contents = clone_cstring(sqlite.column_text(stmt, 3), allocator),
 			},
 		)
 	}
 	sqlite.finalize(stmt)
 	ok = true
 	return
 }
 db_vacuum_to_file :: proc(db: ^rawptr, path: string) -> bool {
 	b: strings.Builder
 	strings.builder_init(&b)
 	fmt.sbprintf(&b, "VACUUM INTO '%s'", path)
 	sql := strings.to_string(b)
 	rc := sqlite.db_exec(db, string_to_cstring(sql), nil, nil, nil)
 	if rc != sqlite.OK {
 		fmt.printf("Error vacuuming database: %s\n", sqlite.db_errmsg(db))
 		return false
 	}
 	return true
 }
 db_restore_from_encrypted :: proc(db: ^rawptr, cfg: Config) -> bool {
-	data_path := data_encrypted_path()
+	encrypted_data, read_err := os.read_entire_file_from_path(
-	encrypted_data, read_err := os.read_entire_file_from_path(data_path, context.temp_allocator)
+		data_path(cfg.config_path),
 		context.allocator,
 	)
 	defer delete(encrypted_data)
 	if read_err != nil {
 		fmt.printf("Error reading encrypted database: %v\n", read_err)
 		return false
@@ -200,56 +207,39 @@ db_restore_from_encrypted :: proc(db: ^rawptr, cfg: Config) -> bool {
 	}
 	defer delete(plaintext)
-	tmp_path := make_temp_path()
+	n := i64(len(plaintext))
-	write_err := os.write_entire_file(tmp_path, plaintext)
+	buf := sqlite.malloc64(n)
-	if write_err != nil {
+	if buf == nil {
-		fmt.printf("Error writing temp database: %v\n", write_err)
+		fmt.println("Error: failed to allocate buffer for deserialization")
 		return false
 	}
-	defer os.remove(tmp_path)
+	copy(buf[:len(plaintext)], plaintext)
-	if !db_attach_and_copy(db, tmp_path) {
+	rc := sqlite.deserialize(
-		return false
+		db,
-	}
+		"main",
-
+		buf,
-	return true
+		n,
-}
+		n,
-
+		sqlite.DESERIALIZE_FREEONCLOSE | sqlite.DESERIALIZE_RESIZEABLE,
 db_attach_and_copy :: proc(mem_db: ^rawptr, src_path: string) -> bool {
 	b: strings.Builder
 	strings.builder_init(&b)
 	fmt.sbprintf(&b, "ATTACH DATABASE '%s' AS source", src_path)
 	attach_sql := strings.to_string(b)
 	rc := sqlite.db_exec(mem_db, string_to_cstring(attach_sql), nil, nil, nil)
 	if rc != sqlite.OK {
 		fmt.printf("Error attaching database: %s\n", sqlite.db_errmsg(mem_db))
 		return false
 	}
 	rc = sqlite.db_exec(
 		mem_db,
 		"INSERT INTO main.envr_env_files SELECT * FROM source.envr_env_files",
 		nil,
 		nil,
 		nil,
 	)
 	if rc != sqlite.OK {
-		fmt.printf("Error copying data: %s\n", sqlite.db_errmsg(mem_db))
+		sqlite.free(buf)
-		sqlite.db_exec(mem_db, "DETACH DATABASE source", nil, nil, nil)
+		fmt.printf("Error deserializing database: %s\n", sqlite.db_errmsg(db))
 		return false
 	}
 	sqlite.db_exec(mem_db, "DETACH DATABASE source", nil, nil, nil)
 	return true
 }
 get_git_remotes :: proc(dir: string) -> [dynamic]string {
 	remotes: [dynamic]string
 	remote_set: map[string]bool
 	b: strings.Builder
 	strings.builder_init(&b)
 	defer strings.builder_destroy(&b)
 	fmt.sbprintf(&b, "%s-git-remotes", make_temp_path())
 	tmp_path := strings.to_string(b)
 	tmp_file, tmp_err := os.open(tmp_path, os.O_CREATE | os.O_WRONLY | os.O_TRUNC)
@@ -279,13 +269,13 @@ get_git_remotes :: proc(dir: string) -> [dynamic]string {
 	}
 	data, read_err := os.read_entire_file_from_path(tmp_path, context.allocator)
 	defer delete(data)
 	os.remove(tmp_path)
 	if read_err != nil {
 		return remotes
 	}
-	output_str := string(data)
+	lines := strings.split(string(data), "\n")
 	lines := strings.split(output_str, "\n")
 	for &line in lines {
 		line = strings.trim_space(line)
@@ -312,27 +302,27 @@ new_env_file :: proc(path: string) -> (EnvFile, bool) {
 		fmt.printf("Error getting absolute path: %v\n", abs_err)
 		return EnvFile{}, false
 	}
 	cloned_path, _ := strings.clone(abs_path)
-	dir := filepath.dir(cloned_path)
+	dir := filepath.dir(abs_path)
 	remotes := get_git_remotes(dir)
-	data, read_err := os.read_entire_file_from_path(cloned_path, context.allocator)
+	data, read_err := os.read_entire_file_from_path(abs_path, context.allocator)
 	defer delete(data)
 	if read_err != nil {
-		fmt.printf("Error reading file %s: %v\n", cloned_path, read_err)
+		fmt.printf("Error reading file %s: %v\n", abs_path, read_err)
 		return EnvFile{}, false
 	}
-	digest := hash.hash_bytes(hash.Algorithm.SHA256, data)
+	digest := hash.hash_bytes(hash.Algorithm.SHA256, data, context.temp_allocator)
 	// TODO: Handle error
 	hex_bytes, _ := hex.encode(digest)
 	sha_str := string(hex_bytes)
 	return EnvFile {
-			Path = cloned_path,
+			Path = abs_path,
 			Dir = dir,
 			Remotes = remotes,
-			Sha256 = sha_str,
+			Sha256 = string(hex_bytes),
 			contents = string(data),
 		},
 		true
@@ -344,20 +334,51 @@ db_insert :: proc(d: ^Db, file: EnvFile) -> bool {
 		fmt.printf("Error marshaling remotes: %v\n", marshal_err)
 		return false
 	}
 	defer delete(remotes_json)
-	sql := "INSERT OR REPLACE INTO envr_env_files (path, remotes, sha256, contents) VALUES (?, ?, ?, ?)"
+	sql: cstring =
 		"INSERT OR REPLACE INTO " +
 		"envr_env_files (path, remotes, sha256, contents) VALUES (?, ?, ?, ?)"
 	stmt: ^rawptr
-	rc := sqlite.prepare_v2(d.db, string_to_cstring(sql), -1, &stmt, nil)
+	rc := sqlite.prepare_v2(d.db, sql, -1, &stmt, nil)
 	if rc != sqlite.OK {
 		fmt.printf("Error preparing insert: %s\n", sqlite.db_errmsg(d.db))
 		return false
 	}
 	defer sqlite.finalize(stmt)
-	rc = sqlite.bind_text(stmt, 1, string_to_cstring(file.Path), -1, nil)
+	// TODO: deal with elsewhere?
-	rc = sqlite.bind_text(stmt, 2, string_to_cstring(string(remotes_json)), -1, nil)
+	cpath := to_cstring(file.Path)
-	rc = sqlite.bind_text(stmt, 3, string_to_cstring(file.Sha256), -1, nil)
+	defer delete(cpath)
-	rc = sqlite.bind_text(stmt, 4, string_to_cstring(file.contents), -1, nil)
+	rc = sqlite.bind_text(stmt, 1, cpath, -1, nil)
 	if rc != sqlite.OK {
 		fmt.printf("Error binding path: %s\n", sqlite.db_errmsg(d.db))
 		return false
 	}
 	cremotes := to_cstring(string(remotes_json))
 	defer delete(cremotes)
 	rc = sqlite.bind_text(stmt, 2, cremotes, -1, nil)
 	if rc != sqlite.OK {
 		fmt.printf("Error binding remotes: %s\n", sqlite.db_errmsg(d.db))
 		return false
 	}
 	csha := to_cstring(file.Sha256)
 	defer delete(csha)
 	rc = sqlite.bind_text(stmt, 3, csha, -1, nil)
 	if rc != sqlite.OK {
 		fmt.printf("Error binding sha256: %s\n", sqlite.db_errmsg(d.db))
 		return false
 	}
 	ccontents := to_cstring(file.contents)
 	defer delete(ccontents)
 	rc = sqlite.bind_text(stmt, 4, ccontents, -1, nil)
 	if rc != sqlite.OK {
 		fmt.printf("Error binding contents: %s\n", sqlite.db_errmsg(d.db))
 		return false
 	}
 	rc = sqlite.step(stmt)
 	if rc != sqlite.DONE {
@@ -369,17 +390,23 @@ db_insert :: proc(d: ^Db, file: EnvFile) -> bool {
 	return true
 }
-db_fetch :: proc(d: ^Db, path: string) -> (EnvFile, bool) {
+db_fetch :: proc(d: ^Db, path: string, allocator := context.allocator) -> (EnvFile, bool) {
-	sql := "SELECT path, remotes, sha256, contents FROM envr_env_files WHERE path = ?"
+	sql: cstring = "SELECT path, remotes, sha256, contents FROM envr_env_files WHERE path = ?"
 	stmt: ^rawptr
-	rc := sqlite.prepare_v2(d.db, string_to_cstring(sql), -1, &stmt, nil)
+	rc := sqlite.prepare_v2(d.db, sql, -1, &stmt, nil)
 	if rc != sqlite.OK {
 		fmt.printf("Error preparing fetch: %s\n", sqlite.db_errmsg(d.db))
 		return EnvFile{}, false
 	}
 	defer sqlite.finalize(stmt)
-	rc = sqlite.bind_text(stmt, 1, string_to_cstring(path), -1, nil)
+	cpath := to_cstring(path, allocator)
 	defer delete(cpath, allocator)
 	rc = sqlite.bind_text(stmt, 1, cpath, -1, nil)
 	if rc != sqlite.OK {
 		fmt.printf("Error binding path: %s\n", sqlite.db_errmsg(d.db))
 		return EnvFile{}, false
 	}
 	rc = sqlite.step(stmt)
 	if rc == sqlite.DONE {
 		fmt.printf("No file found with path: %s\n", path)
@@ -390,38 +417,41 @@ db_fetch :: proc(d: ^Db, path: string) -> (EnvFile, bool) {
 		return EnvFile{}, false
 	}
-	file_path := cstring_to_string(sqlite.column_text(stmt, 0))
+	remotes_json := string(sqlite.column_text(stmt, 1))
-	remotes_json := cstring_to_string(sqlite.column_text(stmt, 1))
+	remotes: [dynamic]string = ---
 	sha := cstring_to_string(sqlite.column_text(stmt, 2))
 	contents := cstring_to_string(sqlite.column_text(stmt, 3))
 	remotes: [dynamic]string
 	if len(remotes_json) > 0 {
-		json.unmarshal_string(remotes_json, &remotes)
+		json.unmarshal_string(remotes_json, &remotes, allocator = allocator)
 	}
-	cloned_path, _ := strings.clone(file_path)
+	file_path := clone_cstring(sqlite.column_text(stmt, 0))
 	return EnvFile {
-			Path = cloned_path,
+			Path = file_path,
-			Dir = filepath.dir(cloned_path),
+			Dir = filepath.dir(file_path),
 			Remotes = remotes,
-			Sha256 = sha,
+			Sha256 = clone_cstring(sqlite.column_text(stmt, 2), allocator),
-			contents = contents,
+			contents = clone_cstring(sqlite.column_text(stmt, 3), allocator),
 		},
 		true
 }
 db_delete :: proc(d: ^Db, path: string) -> bool {
-	sql := "DELETE FROM envr_env_files WHERE path = ?"
+	sql: cstring = "DELETE FROM envr_env_files WHERE path = ?"
 	stmt: ^rawptr
-	rc := sqlite.prepare_v2(d.db, string_to_cstring(sql), -1, &stmt, nil)
+	rc := sqlite.prepare_v2(d.db, sql, -1, &stmt, nil)
 	if rc != sqlite.OK {
 		fmt.printf("Error preparing delete: %s\n", sqlite.db_errmsg(d.db))
 		return false
 	}
 	defer sqlite.finalize(stmt)
-	rc = sqlite.bind_text(stmt, 1, string_to_cstring(path), -1, nil)
+	cpath := to_cstring(path)
 	defer delete(cpath)
 	rc = sqlite.bind_text(stmt, 1, cpath, -1, nil)
 	if rc != sqlite.OK {
 		fmt.printf("Error binding path: %s\n", sqlite.db_errmsg(d.db))
 		return false
 	}
 	rc = sqlite.step(stmt)
 	if rc != sqlite.DONE {
 		fmt.printf("Error deleting: %s\n", sqlite.db_errmsg(d.db))
@@ -437,19 +467,31 @@ db_delete :: proc(d: ^Db, path: string) -> bool {
 	return true
 }
-cstring_to_string :: proc(cs: cstring) -> string {
+to_cstring :: proc {
-	if cs == nil {
+	string_to_cstring,
-		return ""
+	strings.to_cstring,
 	}
 	s, _ := strings.clone_from_cstring(cs)
 	return s
 }
-string_to_cstring :: proc(s: string) -> cstring {
+string_to_cstring :: proc(s: string, allocator := context.allocator) -> cstring {
-	cs, _ := strings.clone_to_cstring(s)
+	cs, err := strings.clone_to_cstring(s, allocator)
 	if err != nil {
 		fmt.printf("Failed to convert string to cstring: %v\n", err)
 		panic("Allocation Exception")
 	}
 	return cs
 }
 clone_cstring :: proc(c: cstring, allocator := context.allocator) -> string {
 	str, err := strings.clone_from_cstring(c, allocator)
 	if err != nil {
 		fmt.printf("Failed to convert string to cstring: %v\n", err)
 		delete(str)
 		panic("Allocation Exception")
 	}
 	return str
 }
 db_update_required :: proc(status: SyncFlag) -> bool {
 	return .BackedUp in status || .DirUpdated in status
 }
@@ -496,20 +538,11 @@ find_moved_dirs :: proc(d: ^Db, f: ^EnvFile) -> ([dynamic]string, bool) {
 	return moved, true
 }
-env_file_backup :: proc(f: ^EnvFile) -> bool {
+db_sync :: proc(d: ^Db, f: ^EnvFile) -> (SyncFlag, string) {
-	data, read_err := os.read_entire_file_from_path(f.Path, context.allocator)
+	return env_file_sync(f, .TrustFilesystem, d)
 	if read_err != nil {
 		fmt.printf("Error reading file %s: %v\n", f.Path, read_err)
 		return false
 	}
 	f.contents = string(data)
 	digest := hash.hash_bytes(hash.Algorithm.SHA256, data)
 	hex_bytes, _ := hex.encode(digest)
 	f.Sha256 = string(hex_bytes)
 	return true
 }
 // If SyncFlag is .BackedUp, Caller is responsible for calling delete on f.contents and f.Sha256
 env_file_sync :: proc(f: ^EnvFile, dir: SyncDirection, d: ^Db) -> (SyncFlag, string) {
 	result: SyncFlag = {}
@@ -555,6 +588,7 @@ env_file_sync :: proc(f: ^EnvFile, dir: SyncDirection, d: ^Db) -> (SyncFlag, str
 	}
 	digest := hash.hash_bytes(hash.Algorithm.SHA256, data)
 	// TODO: Handle error
 	hex_bytes, _ := hex.encode(digest)
 	current_sha := string(hex_bytes)
@@ -580,7 +614,24 @@ env_file_sync :: proc(f: ^EnvFile, dir: SyncDirection, d: ^Db) -> (SyncFlag, str
 	return result, ""
 }
-db_sync :: proc(d: ^Db, f: ^EnvFile) -> (SyncFlag, string) {
+// Loads the contents of the the file at f.Path into f.contents
-	return env_file_sync(f, .TrustFilesystem, d)
+//
 // Caller is responsible for calling delete on f.contents and f.Sha256
 env_file_backup :: proc(f: ^EnvFile) -> bool {
 	data, read_err := os.read_entire_file_from_path(f.Path, context.allocator)
 	if read_err != nil {
 		fmt.printf("Error reading file %s: %v\n", f.Path, read_err)
 		return false
 	}
 	f.contents = string(data)
 	digest := hash.hash_bytes(hash.Algorithm.SHA256, data, context.temp_allocator)
 	hex_bytes, alloc_err := hex.encode(digest)
 	if alloc_err != nil {
 		fmt.printf("Error generating hash for file %s: %v\n", f.Path, alloc_err)
 		return false
 	}
 	f.Sha256 = string(hex_bytes)
 	return true
 }
--- a/db_integration_test.odin
+++ b/db_integration_test.odin
@@ -136,7 +136,7 @@ test_encrypt_write_read_decrypt :: proc(t: ^testing.T) {
 }
@(test)
-test_decrypt_then_attach_sqlite :: proc(t: ^testing.T) {
+test_decrypt_then_deserialize_sqlite :: proc(t: ^testing.T) {
 	cfg := fixture_config()
 	defer {
 		delete(cfg.Keys)
@@ -164,14 +164,6 @@ test_decrypt_then_attach_sqlite :: proc(t: ^testing.T) {
 	}
 	defer delete(plaintext)
 	tmp_db_path := fmt.tprintf("/tmp/envr-test-attach-%d.db", os.get_pid())
 	write_err := os.write_entire_file(tmp_db_path, plaintext)
 	testing.expectf(t, write_err == nil, "failed to write temp db: %v", write_err)
 	if write_err != nil {
 		return
 	}
 	defer os.remove(tmp_db_path)
 	mem_db: ^rawptr
 	rc := sqlite.db_open(":memory:", &mem_db)
 	testing.expectf(t, rc == sqlite.OK, "failed to open in-memory db")
@@ -180,16 +172,29 @@ test_decrypt_then_attach_sqlite :: proc(t: ^testing.T) {
 	}
 	defer sqlite.db_close(mem_db)
-	create_sql := "CREATE TABLE IF NOT EXISTS envr_env_files (path TEXT PRIMARY KEY NOT NULL, remotes TEXT, sha256 TEXT NOT NULL, contents TEXT NOT NULL)"
+	n := i64(len(plaintext))
-	rc = sqlite.db_exec(mem_db, string_to_cstring(create_sql), nil, nil, nil)
+	buf := sqlite.malloc64(n)
-	testing.expect(t, rc == sqlite.OK, "failed to create table")
+	testing.expect(t, buf != nil, "malloc64 should succeed")
 	if buf == nil do return
 	copy(buf[:len(plaintext)], plaintext)
-	attach_ok := db_attach_and_copy(mem_db, tmp_db_path)
+	rc = sqlite.deserialize(
-	testing.expect(t, attach_ok, "failed to attach and copy")
+		mem_db,
 		"main",
 		buf,
 		n,
 		n,
 		sqlite.DESERIALIZE_FREEONCLOSE | sqlite.DESERIALIZE_RESIZEABLE,
 	)
 	testing.expect(t, rc == sqlite.OK, "deserialize should succeed")
 	if rc != sqlite.OK {
 		sqlite.free(buf)
 		return
 	}
-	sql := "SELECT path FROM envr_env_files"
+	sql: cstring = "SELECT path FROM envr_env_files"
 	stmt: ^rawptr
-	rc = sqlite.prepare_v2(mem_db, string_to_cstring(sql), -1, &stmt, nil)
+	rc = sqlite.prepare_v2(mem_db, sql, -1, &stmt, nil)
 	testing.expect(t, rc == sqlite.OK, "prepare failed")
 	if rc != sqlite.OK {
 		return
@@ -199,7 +204,7 @@ test_decrypt_then_attach_sqlite :: proc(t: ^testing.T) {
 	rc = sqlite.step(stmt)
 	testing.expect(t, rc == sqlite.ROW, "expected at least one row")
 	if rc == sqlite.ROW {
-		path := cstring_to_string(sqlite.column_text(stmt, 0))
+		path := string(sqlite.column_text(stmt, 0))
 		testing.expect(t, len(path) > 0, "path should not be empty")
 	}
 }
@@ -207,9 +212,7 @@ test_decrypt_then_attach_sqlite :: proc(t: ^testing.T) {
@(test)
 test_full_db_cycle :: proc(t: ^testing.T) {
 	cfg := fixture_config()
-	defer {
+	defer delete(cfg.Keys)
 		delete(cfg.Keys)
 	}
 	db_path := fixture_db_path()
 	original_data, read_err := os.read_entire_file_from_path(db_path, context.allocator)
@@ -230,6 +233,7 @@ test_full_db_cycle :: proc(t: ^testing.T) {
 	os.mkdir_all(envr_dir_path)
 	data_path, _ := filepath.join([]string{envr_dir_path, "data.envr"})
 	defer delete(data_path)
 	write_err := os.write_entire_file(data_path, encrypted)
 	testing.expectf(t, write_err == nil, "failed to write data.envr: %v", write_err)
 	if write_err != nil {
--- a/db_test.odin
+++ b/db_test.odin
@@ -2,6 +2,8 @@ package main
 import "core:fmt"
 import "core:os"
 import "core:path/filepath"
 import "core:strings"
 import "core:testing"
 import "sqlite"
@@ -13,8 +15,8 @@ make_test_db :: proc() -> (Db, bool) {
 		return Db{}, false
 	}
-	create_sql := "CREATE TABLE IF NOT EXISTS envr_env_files (path TEXT PRIMARY KEY NOT NULL, remotes TEXT, sha256 TEXT NOT NULL, contents TEXT NOT NULL)"
+	create_sql: cstring = "CREATE TABLE IF NOT EXISTS envr_env_files (path TEXT PRIMARY KEY NOT NULL, remotes TEXT, sha256 TEXT NOT NULL, contents TEXT NOT NULL)"
-	rc = sqlite.db_exec(db, string_to_cstring(create_sql), nil, nil, nil)
+	rc = sqlite.db_exec(db, create_sql, nil, nil, nil)
 	if rc != sqlite.OK {
 		sqlite.db_close(db)
 		return Db{}, false
@@ -25,11 +27,11 @@ make_test_db :: proc() -> (Db, bool) {
 make_test_env_file :: proc(path, sha, contents: string, remotes: []string = {}) -> EnvFile {
 	f := EnvFile {
-		Path = path,
+		Path     = path,
-		Dir = "",
+		Dir      = "",
-		Sha256 = sha,
+		Sha256   = sha,
 		contents = contents,
-		Remotes = make([dynamic]string, 0, len(remotes)),
+		Remotes  = make([dynamic]string, 0, len(remotes)),
 	}
 	for r in remotes {
 		append(&f.Remotes, r)
@@ -44,26 +46,25 @@ test_db_insert_and_fetch :: proc(t: ^testing.T) {
 	if !ok do return
 	defer sqlite.db_close(d.db)
-	f := make_test_env_file(
+	path := "/project/.env"
-		"/project/.env",
+	sha := "abc123"
-		"abc123",
+	contents := "SECRET=value"
-		"SECRET=value",
+
-		[]string{"git@github.com:user/repo.git"},
+	f := make_test_env_file(path, sha, contents, []string{"git@github.com:user/repo.git"})
 	)
 	defer delete(f.Remotes)
 	testing.expect(t, db_insert(&d, f), "insert should succeed")
 	fetched, fetch_ok := db_fetch(&d, "/project/.env")
 	defer delete_envfile(&fetched)
 	testing.expect(t, fetch_ok, "fetch should succeed")
 	if !fetch_ok do return
 	defer delete(fetched.Remotes)
-	testing.expect(t, fetched.Path == "/project/.env", "path mismatch")
+	testing.expect_value(t, fetched.Path, path)
-	testing.expect(t, fetched.Sha256 == "abc123", "sha mismatch")
+	testing.expect_value(t, fetched.Sha256, sha)
-	testing.expect(t, fetched.contents == "SECRET=value", "contents mismatch")
+	testing.expect_value(t, fetched.contents, contents)
-	testing.expect(t, len(fetched.Remotes) == 1, "remotes count mismatch")
+	testing.expect_value(t, len(fetched.Remotes), 1)
-	testing.expect(t, fetched.Remotes[0] == "git@github.com:user/repo.git", "remote mismatch")
+	testing.expect_value(t, fetched.Remotes[0], "git@github.com:user/repo.git")
 }
@(test)
@@ -96,16 +97,19 @@ test_db_insert_or_replace :: proc(t: ^testing.T) {
 	testing.expect(t, list_ok, "list should succeed")
 	if !list_ok do return
 	defer delete(results)
 	for &result in results {
 		defer delete_envfile(&result)
 	}
 	testing.expect(t, len(results) == 1, "should have 1 row, not 2")
 	fetched, fetch_ok := db_fetch(&d, "/project/.env")
 	testing.expect(t, fetch_ok, "fetch should succeed")
 	if !fetch_ok do return
-	defer delete(fetched.Remotes)
+	defer delete_envfile(&fetched)
-	testing.expect(t, fetched.contents == "KEY=new", "contents should be updated")
+	testing.expect_value(t, fetched.contents, "KEY=new")
-	testing.expect(t, fetched.Sha256 == "sha2", "sha should be updated")
+	testing.expect_value(t, fetched.Sha256, "sha2")
 }
@(test)
@@ -143,11 +147,10 @@ test_db_list_multiple :: proc(t: ^testing.T) {
 	defer sqlite.db_close(d.db)
 	f1 := make_test_env_file("/proj1/.env", "sha1", "A=1", []string{"git@github.com:a/repo.git"})
 	f2 := make_test_env_file("/proj2/.env", "sha2", "B=2", []string{"git@github.com:b/repo.git"})
 	f3 := make_test_env_file("/proj3/.env", "sha3", "C=3")
 	defer delete(f1.Remotes)
 	f2 := make_test_env_file("/proj2/.env", "sha2", "B=2", []string{"git@github.com:b/repo.git"})
 	defer delete(f2.Remotes)
-	defer delete(f3.Remotes)
+	f3 := make_test_env_file("/proj3/.env", "sha3", "C=3")
 	db_insert(&d, f1)
 	db_insert(&d, f2)
@@ -157,8 +160,13 @@ test_db_list_multiple :: proc(t: ^testing.T) {
 	testing.expect(t, list_ok, "list should succeed")
 	if !list_ok do return
 	defer delete(results)
 	defer {
 		for &result in results {
 			delete_envfile(&result)
 		}
 	}
-	testing.expect(t, len(results) == 3, "should have 3 rows")
+	testing.expect_value(t, len(results), 3)
 }
@(test)
@@ -207,7 +215,7 @@ test_db_delete_sets_changed :: proc(t: ^testing.T) {
 }
@(test)
-test_db_vacuum_to_file :: proc(t: ^testing.T) {
+test_db_serialize :: proc(t: ^testing.T) {
 	d, ok := make_test_db()
 	testing.expect(t, ok, "failed to create test db")
 	if !ok do return
@@ -217,21 +225,13 @@ test_db_vacuum_to_file :: proc(t: ^testing.T) {
 	defer delete(f.Remotes)
 	db_insert(&d, f)
-	vacuum_path := fmt.tprintf("/tmp/envr-test-vacuum-%d.db", os.get_pid())
+	sz: i64
-	defer os.remove(vacuum_path)
+	data := sqlite.serialize(d.db, "main", &sz, 0)
 	testing.expect(t, data != nil, "serialize should return non-nil")
 	if data == nil do return
 	defer sqlite.free(data)
-	testing.expect(t, db_vacuum_to_file(d.db, vacuum_path), "vacuum should succeed")
+	testing.expect(t, sz > 0, "serialized size should be > 0")
 	_, stat_err := os.stat(vacuum_path, context.allocator)
 	testing.expect(t, stat_err == nil, "vacuumed file should exist")
 	if stat_err != nil do return
 	data, read_err := os.read_entire_file_from_path(vacuum_path, context.allocator)
 	testing.expect(t, read_err == nil, "should read vacuumed file")
 	if read_err != nil do return
 	defer delete(data)
 	testing.expect(t, len(data) > 0, "vacuumed file should be non-empty")
 }
@(test)
@@ -319,3 +319,82 @@ test_shares_remote_both_empty :: proc(t: ^testing.T) {
 	testing.expect(t, !shares_remote(&f, remotes), "both empty should not share")
 }
@(test)
 test_make_temp_path_format :: proc(t: ^testing.T) {
 	p := make_temp_path()
 	testing.expect(t, strings.has_suffix(p, ".db"), "should end with .db")
 	testing.expect(t, strings.contains(p, fmt.tprintf("%d", os.get_pid())), "should contain PID")
 }
@(test)
 test_new_env_file :: proc(t: ^testing.T) {
 	base := fmt.tprintf("/tmp/envr-test-envfile-%d", os.get_pid())
 	os.mkdir_all(base)
 	defer os.remove_all(base)
 	env_path := fmt.tprintf("%s/.env", base)
 	err := os.write_entire_file(env_path, "SECRET=value\n")
 	testing.expect(t, err == nil, ".env file should exists")
 	file, ok := new_env_file(env_path)
 	testing.expect(t, ok, "new_env_file should succeed")
 	if !ok do return
 	defer delete(file.Remotes)
 	defer delete(file.Sha256)
 	defer delete(file.Path)
 	testing.expect(t, filepath.is_abs(file.Path), "path should be absolute")
 	testing.expect(t, strings.has_suffix(file.Path, "/.env"), "path should end with /.env")
 	testing.expect(t, file.contents == "SECRET=value\n", "contents mismatch")
 	testing.expect(t, len(file.Sha256) == 64, "sha256 should be 64 hex chars")
 }
@(test)
 test_new_env_file_missing :: proc(t: ^testing.T) {
 	_, ok := new_env_file("/tmp/envr-nonexistent-envfile/path/.env")
 	testing.expect(t, !ok, "missing file should return false")
 }
@(test)
 test_env_file_backup :: proc(t: ^testing.T) {
 	base := fmt.tprintf("/tmp/envr-test-backup-%d", os.get_pid())
 	os.mkdir_all(base)
 	defer os.remove_all(base)
 	env_path := fmt.tprintf("%s/.env", base)
 	err := os.write_entire_file(env_path, "KEY=12345\n")
 	testing.expect(t, err == nil, ".env file should exist")
 	f := EnvFile {
 		Path = env_path,
 	}
 	defer delete(f.contents)
 	defer delete(f.Sha256)
 	testing.expect(t, env_file_backup(&f), "backup should succeed")
 	testing.expect_value(t, f.contents, "KEY=12345\n")
 	testing.expect_value(t, len(f.Sha256), 64)
 }
@(test)
 test_env_file_backup_missing :: proc(t: ^testing.T) {
 	f := EnvFile {
 		Path = "/tmp/envr-nonexistent-backup/.env",
 	}
 	testing.expect(t, !env_file_backup(&f), "missing file should return false")
 }
@(test)
 test_update_dir :: proc(t: ^testing.T) {
 	f := EnvFile {
 		Path    = "/old/project/.env",
 		Dir     = "/old/project",
 		Remotes = make([dynamic]string, 0),
 	}
 	defer delete_envfile(&f)
 	update_dir(&f, "/new/location")
 	testing.expect_value(t, f.Dir, "/new/location")
 	testing.expect_value(t, f.Path, "/new/location/.env")
 }
--- a/flake.nix
+++ b/flake.nix
@@ -11,11 +11,12 @@
  };
  outputs =
-    inputs@{ flake-parts
+    inputs@{
-    , nixpkgs
+      flake-parts,
-    , nixpkgs-unstable
+      nixpkgs,
-    , self
+      nixpkgs-unstable,
-    , treefmt-nix
+      self,
      treefmt-nix,
    }:
    flake-parts.lib.mkFlake { inherit inputs; } {
      imports = [
@@ -29,7 +30,18 @@
      ];
      perSystem =
-        { pkgs, system, inputs', ... }: {
+        {
          pkgs,
          system,
          inputs',
          ...
        }:
      let
        mysqlite = pkgs.sqlite.overrideAttrs (old: {
                configureFlags = (old.configureFlags or [ ]) ++ [ "--enable-deserialize" ];
              });
      in
        {
          _module.args.pkgs = import nixpkgs {
            inherit system;
            config.allowUnfree = true;
@@ -64,7 +76,7 @@
            buildInputs = [
              pkgs.libsodium
-              pkgs.sqlite
+              mysqlite
            ];
            buildPhase = ''
@@ -87,7 +99,7 @@
              nushell
              libsodium
-              sqlite
+              mysqlite
              unstable.odin
              unstable.ols
--- a/main.odin
+++ b/main.odin
@@ -1,10 +1,14 @@
 package main
 import "core:bufio"
 import "core:fmt"
 import "core:os"
 main :: proc() {
-	cmd, ok := parse_args()
+	defer free_all(context.temp_allocator)
 	cmd, ok := parse_args(os.args, os.to_writer(os.stdout), os.to_writer(os.stderr))
 	defer bufio.writer_flush(cmd.out_buf)
 	if !ok {
 		return
 	}
@@ -35,10 +39,9 @@ main :: proc() {
 	case "nushell-completion":
 		cmd_nushell_completion(&cmd)
 	case:
-		fmt.printf("Unknown command: %s\n", cmd.name)
+		fmt.wprintf(cmd.err, "Unknown command: %s\n", cmd.name)
-		print_usage()
+		write_usage(cmd.out)
 		os.exit(1)
 	}
 }
--- a/main.odin.bak
+++ b/main.odin.bak
@@ -1,44 +0,0 @@
 package main
 import "core:fmt"
 import "core:os"
 main :: proc() {
 	cmd, ok := parse_args()
 	if !ok {
 		return
 	}
 	switch cmd.name {
 	case "init":
 		cmd_init(&cmd)
 	case "version":
 		cmd_version(&cmd)
 	case "deps":
 		cmd_deps(&cmd)
 	case "list":
 		cmd_list(&cmd)
 	case "backup", "add":
 		cmd_backup(&cmd)
 	case "remove":
 		cmd_remove(&cmd)
 	case "restore":
 		cmd_restore(&cmd)
 	case "edit-config":
 		cmd_edit_config(&cmd)
 	case "check":
 		cmd_check(&cmd)
 	case "scan":
 		cmd_scan(&cmd)
 	case "sync":
 		cmd_sync(&cmd)
 	case "nushell-completion":
 		cmd_nushell_completion(&cmd)
 	case:
 		fmt.printf("Unknown command: %s\n", cmd.name)
 		print_usage()
 		os.exit(1)
 	}
 }
--- a/prompt.odin
+++ b/prompt.odin
@@ -3,11 +3,113 @@ package main
 import "core:fmt"
 import "core:sys/posix"
 MultiSelect_Result :: enum {
 	Confirm,
 	Cancel,
 }
 Key :: enum {
 	Up,
 	Down,
 	Space,
 	Enter,
 	Escape,
 	Unknown,
 }
 Raw_State :: struct {
 	original: posix.termios,
 	fd:       posix.FD,
 }
 MAX_VISIBLE :: 7
 // Caller is responsible for deleting the responses.
 multi_select :: proc(
 	prompt: string,
 	options: []string,
 ) -> (
 	selected: [dynamic]bool,
 	result: MultiSelect_Result,
 ) {
 	if len(options) == 0 {
 		return
 	}
 	selected = make([dynamic]bool, 0, len(options))
 	cursor: int = 0
 	scroll_offset: int = 0
 	fmt.printf("\x1b[?25l")
 	visible := render_options(prompt, options, selected[:], cursor, scroll_offset)
 	raw, ok := enable_raw_mode(posix.STDIN_FILENO)
 	if !ok {
 		fmt.printf("\x1b[?25h")
 		return
 	}
 	defer disable_raw_mode(&raw)
 	for {
 		key := read_key()
 		switch key {
 		case .Up:
 			if cursor > 0 {
 				cursor -= 1
 			}
 		case .Down:
 			if cursor < len(options) - 1 {
 				cursor += 1
 			}
 		case .Space:
 			selected[cursor] = !selected[cursor]
 		case .Enter:
 			fmt.printf("\x1b[%dA\x1b[J\x1b[?25h", visible + 1)
 			result = .Confirm
 			return
 		case .Escape:
 			fmt.printf("\x1b[%dA\x1b[J\x1b[?25h", visible + 1)
 			result = .Cancel
 			return
 		case .Unknown:
 		}
 		scroll_offset = max(0, min(cursor - MAX_VISIBLE / 2, len(options) - MAX_VISIBLE))
 		fmt.printf("\x1b[%dA\x1b[0J", visible + 1)
 		visible = render_options(prompt, options, selected[:], cursor, scroll_offset)
 	}
 }
 render_options :: proc(
 	prompt: string,
 	options: []string,
 	selected: []bool,
 	cursor: int,
 	scroll_offset: int,
 ) -> int {
 	fmt.printf("\x1b[1;36m%s\x1b[0m (↑/↓ move, space select, enter confirm)\r\n", prompt)
 	end := scroll_offset + MAX_VISIBLE
 	if end > len(options) {
 		end = len(options)
 	}
 	for i in scroll_offset ..< end {
 		checkbox := " "
 		if selected[i] {
 			checkbox = "x"
 		}
 		if i == cursor {
 			fmt.printf("\x1b[1;32m> \x1b[0m[\x1b[32m%s\x1b[0m] %s\r\n", checkbox, options[i])
 		} else {
 			fmt.printf("  [\x1b[2m%s\x1b[0m] %s\r\n", checkbox, options[i])
 		}
 	}
 	return end - scroll_offset
 }
 enable_raw_mode :: proc(fd: posix.FD) -> (Raw_State, bool) {
 	state: Raw_State
 	state.fd = fd
@@ -35,15 +137,6 @@ disable_raw_mode :: proc(state: ^Raw_State) {
 	posix.tcsetattr(state.fd, .TCSAFLUSH, &state.original)
 }
 Key :: enum {
 	Up,
 	Down,
 	Space,
 	Enter,
 	Escape,
 	Unknown,
 }
 read_key :: proc() -> Key {
 	buf: [3]u8
@@ -106,88 +199,3 @@ read_key :: proc() -> Key {
 	}
 }
 MultiSelect_Result :: enum {
 	Confirm,
 	Cancel,
 }
 MAX_VISIBLE :: 7
 multi_select :: proc(
 	prompt: string,
 	options: []string,
 ) -> (selected: [dynamic]bool, result: MultiSelect_Result) {
 	if len(options) == 0 {
 		return
 	}
 	selected = make([dynamic]bool, len(options))
 	cursor: int = 0
 	scroll_offset: int = 0
 	fmt.printf("\x1b[?25l")
 	visible := render_options(prompt, options, selected[:], cursor, scroll_offset)
 	raw, ok := enable_raw_mode(posix.STDIN_FILENO)
 	if !ok {
 		fmt.printf("\x1b[?25h")
 		return
 	}
 	defer disable_raw_mode(&raw)
 	for {
 		key := read_key()
 		switch key {
 		case .Up:
 			if cursor > 0 {
 				cursor -= 1
 			}
 		case .Down:
 			if cursor < len(options) - 1 {
 				cursor += 1
 			}
 		case .Space:
 			selected[cursor] = !selected[cursor]
 		case .Enter:
 			fmt.printf("\x1b[%dA\x1b[J\x1b[?25h", visible + 1)
 			result = .Confirm
 			return
 		case .Escape:
 			fmt.printf("\x1b[%dA\x1b[J\x1b[?25h", visible + 1)
 			result = .Cancel
 			return
 		case .Unknown:
 		}
 		scroll_offset = max(0, min(cursor - MAX_VISIBLE / 2, len(options) - MAX_VISIBLE))
 		fmt.printf("\x1b[%dA\x1b[0J", visible + 1)
 		visible = render_options(prompt, options, selected[:], cursor, scroll_offset)
 	}
 }
 render_options :: proc(prompt: string, options: []string, selected: []bool, cursor: int, scroll_offset: int) -> int {
 	fmt.printf(
 		"\x1b[1;36m%s\x1b[0m (↑/↓ move, space select, enter confirm)\r\n",
 		prompt,
 	)
 	end := scroll_offset + MAX_VISIBLE
 	if end > len(options) {
 		end = len(options)
 	}
 	for i in scroll_offset..<end {
 		checkbox := " "
 		if selected[i] {
 			checkbox = "x"
 		}
 		if i == cursor {
 			fmt.printf("\x1b[1;32m> \x1b[0m[\x1b[32m%s\x1b[0m] %s\r\n", checkbox, options[i])
 		} else {
 			fmt.printf("  [\x1b[2m%s\x1b[0m] %s\r\n", checkbox, options[i])
 		}
 	}
 	return end - scroll_offset
 }
--- a/scan.odin
+++ b/scan.odin
@@ -69,6 +69,7 @@ run_fd :: proc(args: []string) -> (lines: []string, ok: bool) {
 	tmp_path := next_fd_tmp_path()
 	tmp_file, tmp_err := os.open(tmp_path, os.O_CREATE | os.O_WRONLY | os.O_TRUNC)
 	if tmp_err != nil {
 		// TODO: Log a message here
 		return
 	}
--- a/scan_test.odin
+++ b/scan_test.odin
@@ -3,6 +3,7 @@ package main
 import "core:fmt"
 import "core:os"
 import "core:path/filepath"
 import "core:strings"
 import "core:testing"
@(test)
@@ -85,3 +86,11 @@ test_scan_path_empty_dir :: proc(t: ^testing.T) {
 	testing.expect(t, len(results) == 0, fmt.tprintf("expected 0 results, got %d", len(results)))
 }
@(test)
 test_scan_meets_expectations :: proc(t: ^testing.T) {
 	testing.expect(t, cant_scan({}), "no features should mean can't scan")
 	testing.expect(t, cant_scan({.Git}), "Git alone should mean can't scan")
 	testing.expect(t, !cant_scan({.Fd}), "having Fd should mean can scan")
 	testing.expect(t, !cant_scan({.Fd, .Git}), "both Fd and Git should mean can scan")
 }
--- a/sqlite/sqlite.odin
+++ b/sqlite/sqlite.odin
@@ -8,6 +8,9 @@ OK :: 0
 ROW :: 100
 DONE :: 101
 DESERIALIZE_FREEONCLOSE :: 1
 DESERIALIZE_RESIZEABLE :: 2
 foreign lib {
    @(link_name="sqlite3_open")
    db_open          :: proc(filename: cstring, ppDb: ^^rawptr) -> c.int ---
@@ -31,4 +34,12 @@ foreign lib {
    bind_text        :: proc(stmt: ^rawptr, idx: c.int, val: cstring, n: c.int, destructor: rawptr) -> c.int ---
    @(link_name="sqlite3_changes")
    changes          :: proc(db: ^rawptr) -> c.int ---
    @(link_name="sqlite3_serialize")
    serialize        :: proc(db: ^rawptr, zSchema: cstring, piSize: ^i64, mFlags: u32) -> [^]u8 ---
    @(link_name="sqlite3_deserialize")
    deserialize      :: proc(db: ^rawptr, zSchema: cstring, pData: [^]u8, szDb: i64, szBuf: i64, mFlags: u32) -> c.int ---
    @(link_name="sqlite3_malloc64")
    malloc64         :: proc(n: i64) -> [^]u8 ---
    @(link_name="sqlite3_free")
    free             :: proc(p: rawptr) ---
 }
--- a/table_test.odin
+++ b/table_test.odin
@@ -116,12 +116,22 @@ test_render_table_normal :: proc(t: ^testing.T) {
 	output := strings.to_string(b)
-	testing.expect(t, strings.contains(output, "Name"), "header 'Name' missing from output")
+	expected := `┌──────┬─────────────────────────┐
-	testing.expect(t, strings.contains(output, "Path"), "header 'Path' missing from output")
+│ Name │ Path                    │
-	testing.expect(t, strings.contains(output, "foo"), "cell 'foo' missing from output")
+├──────┼─────────────────────────┤
-	testing.expect(t, strings.contains(output, "/home/user/.env"), "cell '/home/user/.env' missing from output")
+│ foo  │ /home/user/.env         │
-	testing.expect(t, strings.contains(output, "bar"), "cell 'bar' missing from output")
+│ bar  │ /home/user/project/.env │
-	testing.expect(t, strings.contains(output, "/home/user/project/.env"), "cell '/home/user/project/.env' missing")
+└──────┴─────────────────────────┘
 `
 	testing.expect(
 		t,
 		output == expected,
 		fmt.tprintf(
 			"table output mismatch\n--- expected ---\n%s\n--- got ---\n%s\n",
 			expected,
 			output,
 		),
 	)
 }
@(test)
@@ -138,7 +148,20 @@ test_render_table_empty :: proc(t: ^testing.T) {
 	output := strings.to_string(b)
-	testing.expect(t, strings.contains(output, "Name"), "header 'Name' missing from output")
+	expected := `┌──────┐
 │ Name │
 ├──────┤
 └──────┘
 `
 	testing.expect(
 		t,
 		output == expected,
 		fmt.tprintf(
 			"table output mismatch\n--- expected ---\n%s\n--- got ---\n%s\n",
 			expected,
 			output,
 		),
 	)
 }
@(test)
@@ -155,7 +178,21 @@ test_render_table_unicode :: proc(t: ^testing.T) {
 	output := strings.to_string(b)
-	testing.expect(t, strings.contains(output, "Available"), "unicode cell content missing")
+	expected := `┌─────────────┬────────┐
-	testing.expect(t, strings.contains(output, "Missing"), "unicode cell content missing")
+│ Status      │ Detail │
 ├─────────────┼────────┤
 │ ✓ Available │ ok     │
 │ ✗ Missing   │ fail   │
 └─────────────┴────────┘
 `
 	testing.expect(
 		t,
 		output == expected,
 		fmt.tprintf(
 			"table output mismatch\n--- expected ---\n%s\n--- got ---\n%s\n",
 			expected,
 			output,
 		),
 	)
 }
--- a/version.txt
+++ b/version.txt
@@ -1 +1 @@
-0.2.0
+0.3.0
Author	SHA1	Message	Date
Spencer Brower	7df83b064e	chore(odin): release 0.3.0	2026-06-16 11:39:29 -04:00
Spencer Brower	fe2b256bd6	feat: All encryption/decryption now happens in-memory. Release-as: v0.3.0	2026-06-16 11:38:20 -04:00
Spencer Brower	41decd9cdb	ci: Updated release-please.	2026-06-16 11:36:05 -04:00
Spencer Brower	397f45d4d0	chore: Completed todos.	2026-06-16 11:36:05 -04:00
Spencer Brower	73a41830d1	docs: Removed completed TODOs.	2026-06-16 11:36:05 -04:00
Spencer Brower	e17d04c93d	test: Table tests now view full output.	2026-06-16 11:36:05 -04:00
Spencer Brower	4600c81401	test: commands now accept stdout/stderr fields.	2026-06-16 11:36:05 -04:00
Spencer Brower	ec96dff055	chore: Cleaned up code.	2026-06-16 11:36:05 -04:00
Spencer Brower	4a26ee8145	feat: Config can be loaded from any path with `--config-file (-c)` flag.	2026-06-16 11:36:05 -04:00
Spencer Brower	e23ea960d7	test: Added missing tests.	2026-06-16 11:36:04 -04:00
Spencer Brower	3db86f0d2e	refactor: Fixed cli command.	2026-06-16 11:36:04 -04:00
Spencer Brower	567cc8b1e2	tests: Added plan for improving testing.	2026-06-16 11:36:04 -04:00
Spencer Brower	fe3253f274	refactor: Fixed duplicate terminal checks.	2026-06-16 11:36:04 -04:00
spencer	f6ffeeee65	docs: Created table improvement plan.	2026-06-16 11:36:04 -04:00
Spencer Brower	23d5ff5e01	style: Removed unused code.	2026-06-16 11:36:04 -04:00
Spencer Brower	4599b25b1b	refactor: Removed duplicate insert calls.	2026-06-16 11:36:04 -04:00
Spencer Brower	e32f0ea6d2	refactor: Fixed logic bug in db.	2026-06-16 11:36:03 -04:00
Spencer Brower	650c91d51b	ci: Updated release-please.	2026-06-16 11:36:03 -04:00
Spencer Brower	ad3ce748bb	docs: updated README.md	2026-06-16 11:36:03 -04:00
Spencer Brower	930c3d4c5d	ci: Updated github action.	2026-06-16 11:36:03 -04:00
Spencer Brower	b1b0449b7b	refactor: Removed go code.	2026-06-16 11:36:03 -04:00
Spencer Brower	0a74b0dbcc	build: Converted Makefile and flake package.	2026-06-16 11:36:03 -04:00
Spencer Brower	d56f11250c	refactor: removed `is_tty`.	2026-06-16 11:36:03 -04:00
Spencer Brower	23b8c2dc67	feat: Switched from age to libsodium. This means, fewer dependencies, a smaller binary, and more secure data. BREAKING CHANGE: The encryption format of databases has changed. Age encryption is no longer supported, and no automatic migration path was implemented.	2026-06-16 11:34:36 -04:00
Spencer Brower	2f4a7887ea	docs: Updated TODOs.	2026-06-16 10:48:11 -04:00
Spencer Brower	5eee6cd6ea	refactor(odin): Migrated nushell-completion command to go.	2026-06-16 10:48:10 -04:00
Spencer Brower	67f735a654	test: Added tests.	2026-06-16 10:48:10 -04:00
Spencer Brower	7d16dae4f4	refactor: Fixed the rest of the (tested) leaks.	2026-06-16 10:48:10 -04:00
Spencer Brower	365e9149b1	perf: Improved writer performance.	2026-06-16 10:48:10 -04:00
Spencer Brower	1068458f32	refactor: Fixed a number of memory leaks.	2026-06-16 10:48:10 -04:00
Spencer Brower	22a517340a	refactor(odin): Added proper help text to all commands.	2026-06-16 10:48:10 -04:00
Spencer Brower	fcee4ca7b1	refactor: Got rid of go fallback code.	2026-06-16 10:48:10 -04:00
Spencer Brower	dff5235d65	refactor: Fixed memory leaks in `find_binary`.	2026-06-16 10:48:09 -04:00
Spencer Brower	5865315161	refactor(odin): Ported init command.	2026-06-16 10:48:09 -04:00
Spencer Brower	191ba305ef	refactor(odin): Ported scan command.	2026-06-16 10:48:09 -04:00
Spencer Brower	d890c88b6d	refactor(odin): port check command.	2026-06-16 10:48:09 -04:00
Spencer Brower	f8add2ad22	refactor(odin): Fixed AI mistakes.	2026-06-16 10:47:57 -04:00
Spencer Brower	2de7e20f5c	refactor(odin): ported edit-config command.	2026-06-16 10:22:25 -04:00
Spencer Brower	8dd6b17cb9	refactor(odin): Ported restore command.	2026-06-16 10:22:08 -04:00
Spencer Brower	83b940337c	refactor(odin): Ported remove command.	2026-06-16 10:21:46 -04:00
Spencer Brower	83a8caf691	refactor(odin): Added long text and --help flags.	2026-06-16 10:21:24 -04:00
Spencer Brower	1964698e35	refactor(odin): ported backup command.	2026-06-16 10:18:56 -04:00
Spencer Brower	de2186a2e5	refactor(odin): ported list command.	2026-06-16 10:18:21 -04:00
Spencer Brower	cb51a398ad	refactor(odin): ported deps command, added utilities (features, tty, table).	2026-06-16 10:18:05 -04:00
Spencer Brower	e989b88303	refactor: scaffolded odin project with CLI parser, version command, Go fallback	2026-06-16 10:17:12 -04:00