refactor: Gave db its own allocator.

ci: Fixed release-please.
fix: Fixed memory leaks in the db.
2026-06-27 10:38:33 -04:00 · 2026-06-18 13:10:13 -04:00 · 2026-06-18 10:43:47 -04:00 · 2026-06-18 10:35:21 -04:00 · 2026-06-18 08:18:09 -04:00 · 2026-06-18 08:08:46 -04:00
14 changed files with 589 additions and 594 deletions
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -2,8 +2,6 @@ on:
  push:
    branches:
      - main
-      - dev
-      - odin

 permissions:
  contents: write
--- a/README.md
+++ b/README.md
@@ -12,14 +12,13 @@ the tool [of your choosing](#backup-options).

 ## Features

- 🔐 **Encrypted Storage**: All `.env` files are encrypted using your ssh key and
-[libsodium](https://github.com/jedisct1/libsodium) encryption.
- 🔄 **Automatic Sync**: Update the database with one command, which can easily
+- **Encrypted Storage**: All `.env` files are encrypted using your ssh key and
+[libsodium](https://github.com/jedisct1/libsodium). 
+- **Automatic Sync**: Update the database with one command, which can easily
 be run on a cron.
- 🔍 **Smart Scanning**: Automatically discover and import `.env` files in your
+- **Smart Scanning**: Automatically discover and import `.env` files in your
 home directory.
- ✨ **Interactive CLI**: User-friendly prompts for file selection and management.
- 🗂️ **Rename Detection**: Automatically finds and updates renamed/moved
+- **Rename Detection**: Automatically find and updates renamed/moved
 repositories.

 ## TODOS
@@ -28,14 +27,11 @@ repositories.
 - [x] Allow configuration of ssh key.
 - [x] Allow multiple ssh keys.

-## Prerequisites
-
- An SSH key pair (for encryption/decryption)
- The following binaries:
-   - [fd](https://github.com/sharkdp/fd)
-
 ## Installation

+You will need an SSH key pair for encryption and decryption. You can generate one
+with `ssh-keygen -t ed25519`. It will be saved to `~/.ssh/id_ed25519`.
+
 ### With Odin

 If you already have `odin` installed:
@@ -95,7 +91,12 @@ The configuration file is created during initialization:
  ],
  "scan": {
    "matcher": "\\.env",
-    "exclude": "*.envrc",
+    "exclude": [
+      "*\\.envrc",
+      "\\.local/",
+      "node_modules",
+      "vendor"       
+    ],
    "include": "~"
  }
 }
--- a/TODOS.md
+++ b/TODOS.md
@@ -2,11 +2,13 @@

 1. Consider giving db its own allocator

-2. **db.odin:324-327** — Map iteration (`remote_set`) is non-deterministic. Same file can produce different JSON on each backup, causing spurious DB diffs. Sort remotes before storing.
+27. Commands are still leaking.

-3. **db.odin:135, 250** — String interpolation into SQL (`VACUUM INTO '%s'`, `ATTACH DATABASE '%s'`). Currently safe because input is controlled, but fragile.
+2. Generate md and man pages again.

-4. **features.odin:30-41** — `find_binary` uses `strings.join` instead of `filepath.join`, uses `os.stat` instead of checking executability, hardcodes `:` as PATH separator (wrong on Windows).
+3. **db.odin:324-327** — Map iteration (`remote_set`) is non-deterministic. Same file can produce different JSON on each backup, causing spurious DB diffs. Sort remotes before storing.
+
+4. Make sure official path separators are used when appropriate, rather than '/'.

 5. **cmd_restore.odin:20-30 & cmd_remove.odin:19-29** — Identical path-resolution block copy-pasted. `is_abs` guard is redundant since `filepath.abs` is a no-op on absolute paths. Extract a helper.

@@ -18,7 +20,7 @@

 11. **db.odin:352-353** — `hex.encode` error ignored. `string(hex_bytes)` aliases the byte slice.

-12. **cmd_sync.odin:80, cmd_list.odin:33, cmd_deps.odin:9** — `make([]string, 2)` for table rows never freed. Leaks per row. Defer to memory pass.
+12. **cmd_sync.odin:80, cmd_list.odin:33** — `make([]string, 2)` for table rows never freed. Leaks per row. Defer to memory pass.

 13. **cmd_list.odin** — Non-TTY branch builds `ListEntry` structs and marshals JSON separately. Now that `render_json_rows` (issue 1) accepts an `io.Writer` and uses `json.marshal`, unify both branches to use it. Note: will change JSON keys from `"directory"/"path"` to `"Directory"/"Path"`.

@@ -38,7 +40,11 @@

 23. procedures should be ordered by use, main at the top, then in the order they are called from main.

-24. [x] Remove git dependency.
+24. Shell completion
+
+25. Bring back windows support / cross-compilation.
+
+26. Test all cmds / terminal branches.

 ## Double-check AI output

@@ -47,7 +53,6 @@
 - [x] cmd_backup.odin
 - [x] cmd_check.odin
 - [ ] cmd_check_test.odin
- [x] cmd_deps.odin
 - [ ] cmd_edit_config.odin
 - [x] cmd_init.odin
 - [x] cmd_list.odin
@@ -66,8 +71,6 @@
 - [ ] db.odin
 - [ ] db_integration_test.odin
 - [ ] db_test.odin
- [x] features.odin
- [x] features_test.odin
 - [x] main.odin
 - [x] prompt.odin
 - [ ] scan.odin
--- a/WINDOWS.md
+++ b/WINDOWS.md
@@ -1,87 +0,0 @@
-# Windows Compatibility Guide
-
-This document outlines Windows compatibility issues and solutions for the envr project.
-
-## Critical Issues
-
-### 1. Path Handling Bug (MUST FIX)
-
-**File:** `app/env_file.go:209`
-
-**Issue:** Uses `path.Join` instead of `filepath.Join`, which won't work correctly on Windows due to different path separators.
-
-**Current code:**
-```go
-f.Path = path.Join(newDir, path.Base(f.Path))
-```
-
-**Fixed code:**
-```go
-f.Path = filepath.Join(newDir, filepath.Base(f.Path))
-```
-
-## External Dependencies
-
-The application relies on external tools that need to be installed separately on Windows:
-
-### Required Tools
-
-1. **fd** - Fast file finder
-   - Install via: `winget install sharkdp.fd` or `choco install fd`
-   - Alternative: `scoop install fd`
-
-## Minor Compatibility Notes
-
-### File Permissions
- Unix file permissions (`0755`, `0644`) are used throughout the codebase
- These are safely ignored on Windows - no changes needed
-
-### Editor Configuration
-**File:** `cmd/edit_config.go:20-24`
-
-**Issue:** Relies on `$EDITOR` environment variable which is less common on Windows.
-
-**Current behavior:** Fails if `$EDITOR` is not set
-
-**Recommended improvement:** Add fallback detection for Windows editors:
-```go
-editor := os.Getenv("EDITOR")
-if editor == "" {
-    if runtime.GOOS == "windows" {
-        editor = "notepad.exe"  // or "code.exe" for VS Code
-    } else {
-        fmt.Println("Error: $EDITOR environment variable is not set")
-        return
-    }
-}
-```
-
-## Installation Instructions for Windows
-
-1. Install required dependencies:
-   ```powershell
-   winget install sharkdp.fd
-   ```
-
-2. Fix the path handling bug in `app/env_file.go:209`
-
-3. Build and run as normal:
-   ```powershell
-   go build
-   .\envr.exe init
-   ```
-
-## Testing on Windows
-
-After applying the critical path fix, the core functionality should work correctly on Windows. The application has been designed with cross-platform compatibility in mind, using:
-
- `filepath` package for path operations (mostly)
- `os.UserHomeDir()` for home directory detection
- Standard Go file operations
-
-## Summary
-
- **1 critical bug** must be fixed for Windows compatibility
- **2 external tools** need to be installed
- **1 minor enhancement** recommended for better Windows UX
- Overall architecture is Windows-compatible
--- a/cli.odin
+++ b/cli.odin
@@ -54,20 +54,12 @@ key somewhere, otherwise your data could be lost forever.`,
 	},
 }

-delete_command :: proc(cmd: ^Command) {
-	delete(cmd.args)
-	delete(cmd.flags)
-	delete(cmd.bool_set)
-	bufio.writer_destroy(cmd.out_buf)
-	free(cmd.out_buf)
-}
-
 // Caller is responsible for calling delete_command(cmd).
 // FIXME: Works in kinda a wonky and awkward way.
 parse_args :: proc(args: []string, out: io.Stream, err: io.Stream) -> (cmd: Command, ok: bool) {
 	{
 		cmd.out_buf = new(bufio.Writer)
-		bufio.writer_init(cmd.out_buf, out)
+		bufio.writer_init(cmd.out_buf, out, allocator = context.allocator)
 		cmd.out = bufio.writer_to_writer(cmd.out_buf)
 		cmd.err = err
 	}
@@ -130,27 +122,12 @@ parse_args :: proc(args: []string, out: io.Stream, err: io.Stream) -> (cmd: Comm
 	return cmd, true
 }

-has_flag :: proc(cmd: ^Command, name: string) -> bool {
-	_, ok := cmd.flags[name]
-	if ok {
-		return true
+print_command_help :: proc(cmd: ^Command) {
+	ok := write_command_help(cmd.name, cmd.out)
+	if !ok {
+		fmt.wprintf(cmd.err, "Unknown command: %s\n", cmd.name)
+		write_usage(cmd.out)
 	}
-	_, ok2 := cmd.bool_set[name]
-	return ok2
-}
-
-find_command :: proc(name: string) -> (CommandInfo, bool) {
-	for c in COMMANDS {
-		if c.name == name {
-			return c, true
-		}
-		for a in c.aliases {
-			if a == name {
-				return c, true
-			}
-		}
-	}
-	return CommandInfo{}, false
 }

 write_command_help :: proc(name: string, w: io.Writer) -> bool {
@@ -183,12 +160,18 @@ write_command_help :: proc(name: string, w: io.Writer) -> bool {
 	return true
 }

-print_command_help :: proc(cmd: ^Command) {
-	ok := write_command_help(cmd.name, cmd.out)
-	if !ok {
-		fmt.wprintf(cmd.err, "Unknown command: %s\n", cmd.name)
-		write_usage(cmd.out)
+find_command :: proc(name: string) -> (CommandInfo, bool) {
+	for c in COMMANDS {
+		if c.name == name {
+			return c, true
+		}
+		for a in c.aliases {
+			if a == name {
+				return c, true
+			}
+		}
 	}
+	return CommandInfo{}, false
 }

 // TODO: command args should be shown in usage.
@@ -263,3 +246,21 @@ Use "envr [command] --help" for more information about a command.
 	)
 }

+has_flag :: proc(cmd: ^Command, name: string) -> bool {
+	_, ok := cmd.flags[name]
+	if ok {
+		return true
+	}
+	_, ok2 := cmd.bool_set[name]
+	return ok2
+}
+
+delete_command :: proc(cmd: ^Command) {
+	bufio.writer_flush(cmd.out_buf)
+	delete(cmd.args)
+	delete(cmd.flags)
+	delete(cmd.bool_set)
+	bufio.writer_destroy(cmd.out_buf)
+	free(cmd.out_buf)
+}
+
--- a/cmd_check.odin
+++ b/cmd_check.odin
@@ -61,13 +61,23 @@ cmd_check :: proc(cmd: ^Command) {
 		if len(files_in_path) == 0 {
 			fmt.wprintln(cmd.out, "No .env files found in the specified directory.", flush = false)
 		} else {
-			fmt.wprintln(cmd.out, "✓ All .env files in the directory are backed up.", flush = false)
+			fmt.wprintln(
+				cmd.out,
+				"✓ All .env files in the directory are backed up.",
+				flush = false,
+			)
 		}
 	} else {
-		fmt.wprintf(cmd.out, "Found %d .env file(s) that are not backed up:\n", len(not_backed), flush = false)
+		fmt.wprintf(
+			cmd.out,
+			"Found %d .env file(s) that are not backed up:\n",
+			len(not_backed),
+			flush = false,
+		)
 		for file in not_backed {
 			fmt.wprintf(cmd.out, "  %s\n", file, flush = false)
 		}
 		fmt.wprintln(cmd.out, "\nRun 'envr sync' to back up these files.", flush = false)
 	}
 }
+
--- a/cmd_list.odin
+++ b/cmd_list.odin
@@ -25,7 +25,6 @@ cmd_list :: proc(cmd: ^Command) {
 	if !list_ok {
 		return
 	}
-	defer delete(rows)

 	if terminal.is_terminal(os.stdout) {
 		headers := []string{"Directory", "Path"}
@@ -34,7 +33,7 @@ cmd_list :: proc(cmd: ^Command) {
 		for row in rows {
 			dir_str := strings.concatenate({row.Dir, "/"}, context.temp_allocator)
 			filename := filepath.base(row.Path)
-			row_slice := make([]string, 2)
+			row_slice := make([]string, 2, context.temp_allocator)
 			row_slice[0] = dir_str
 			row_slice[1] = filename
 			append(&table_rows, row_slice)
--- a/config.odin
+++ b/config.odin
@@ -25,25 +25,16 @@ Config :: struct {
 	config_path: string `json:"-"`,
 }

-default_config_path :: proc(home: string, allocator := context.allocator) -> string {
-	path, err := filepath.join([]string{home, ".envr", "config.json"}, allocator)
-	if err != nil {
-		panic("Ran out of memory when building config path")
-	}
-	return path
-}
-
-load_config :: proc(config_path: string) -> (Config, bool) {
-	data, read_err := os.read_entire_file_from_path(config_path, context.allocator)
+load_config :: proc(config_path: string, allocator := context.allocator) -> (Config, bool) {
+	// TODO: Should we use context.allocator + defer delete()?
+	data, read_err := os.read_entire_file_from_path(config_path, context.temp_allocator)
 	if read_err != nil {
 		fmt.println("No config file found. Please run `envr init` to generate one.")
 		return Config{}, false
 	}
-	defer delete(data)

 	cfg: Config
-	// TODO: use json 5
-	err := json.unmarshal(data, &cfg)
+	err := json.unmarshal(data, &cfg, .JSON5, allocator)
 	if err != nil {
 		fmt.printf("Error parsing config: %v\n", err)
 		return Config{}, false
@@ -53,33 +44,101 @@ load_config :: proc(config_path: string) -> (Config, bool) {
 	return cfg, true
 }

-delete_config :: proc(cfg: ^Config) {
+default_config_path :: proc(home: string, allocator := context.allocator) -> string {
+	path, err := filepath.join([]string{home, ".envr", "config.json"}, allocator)
+	if err != nil {
+		panic("Ran out of memory when building config path")
+	}
+	return path
+}
+
+delete_config :: proc(cfg: ^Config, allocator := context.allocator) {
 	for key in cfg.Keys {
-		delete(key.Private)
-		delete(key.Public)
+		delete(key.Private, allocator)
+		delete(key.Public, allocator)
 	}
 	delete(cfg.Keys)

-	delete(cfg.ScanConfig.Matcher)
+	delete(cfg.ScanConfig.Matcher, allocator)

 	for exclude in cfg.ScanConfig.Exclude {
-		delete(exclude)
+		delete(exclude, allocator)
 	}
 	delete(cfg.ScanConfig.Exclude)

 	for include in cfg.ScanConfig.Include {
-		delete(include)
+		delete(include, allocator)
 	}
 	delete(cfg.ScanConfig.Include)
 }

-envr_dir :: proc(config_path: string) -> string {
-	return filepath.dir(config_path)
+save_config :: proc(cfg: Config, force: bool = false) -> bool {
+	config_dir := envr_dir(cfg.config_path)
+
+	if !os.exists(config_dir) {
+		mkdir_err := os.make_directory(config_dir)
+		if mkdir_err != nil {
+			fmt.printf("Error creating %s directory: %v\n", config_dir, mkdir_err)
+			return false
+		}
+	}
+
+	if os.exists(cfg.config_path) && !force {
+		info, stat_err := os.stat(cfg.config_path, context.allocator)
+		if stat_err == nil {
+			defer os.file_info_delete(info, context.allocator)
+			if info.size > 0 {
+				fmt.println("Config file already exists. Run again with --force to reinitialize.")
+				return false
+			}
+		}
+	}
+
+	data, marshal_err := json.marshal(cfg, {pretty = true, use_spaces = true, spaces = 2})
+	if marshal_err != nil {
+		fmt.printf("Error marshaling config: %v\n", marshal_err)
+		return false
+	}
+	defer delete(data)
+
+	write_err := os.write_entire_file(cfg.config_path, data)
+	if write_err != nil {
+		fmt.printf("Error writing config: %v\n", write_err)
+		return false
+	}
+
+	return true
 }

-data_path :: proc(config_path: string) -> string {
-	path, _ := filepath.join([]string{envr_dir(config_path), "data.envr"})
-	return path
+// Caller is responsible for calling delete_config()
+new_config :: proc(
+	private_key_paths: []string,
+	cfg_path: string = "~/.envr/config.json",
+) -> Config {
+	keys := make([dynamic]SshKeyPair, 0, len(private_key_paths))
+	for priv in private_key_paths {
+		// TODO: Is this bad?
+		priv_key := strings.clone(priv)
+		pub, _ := strings.concatenate([]string{priv_key, ".pub"})
+		append(&keys, SshKeyPair{Private = priv_key, Public = pub})
+	}
+
+	exclude := make([dynamic]string, 0, 4)
+	append(&exclude, strings.clone("*\\.envrc"))
+	append(&exclude, strings.clone("\\.local/"))
+	append(&exclude, strings.clone("node_modules"))
+	append(&exclude, strings.clone("vendor"))
+
+	include := make([dynamic]string, 0, 1)
+	append(&include, strings.clone("~"))
+
+	scan_cfg := ScanConfig {
+		Matcher = strings.clone("\\.env"),
+		Exclude = exclude,
+		Include = include,
+	}
+
+	return Config{Keys = keys, ScanConfig = scan_cfg, config_path = cfg_path}
 }

 find_ssh_private_keys :: proc() -> (keys: [dynamic]string, ok: bool) {
@@ -128,73 +187,11 @@ find_ssh_private_keys :: proc() -> (keys: [dynamic]string, ok: bool) {
 	return
 }

-// Caller is responsible for calling delete_config()
-new_config :: proc(
-	private_key_paths: []string,
-	cfg_path: string = "~/.envr/config.json",
-) -> Config {
-	keys := make([dynamic]SshKeyPair, 0, len(private_key_paths))
-	for priv in private_key_paths {
-		// TODO: Is this bad?
-		priv_key := strings.clone(priv)
-		pub, _ := strings.concatenate([]string{priv_key, ".pub"})
-		append(&keys, SshKeyPair{Private = priv_key, Public = pub})
-	}
-
-	exclude := make([dynamic]string, 0, 4)
-	append(&exclude, strings.clone("*\\.envrc"))
-	append(&exclude, strings.clone("\\.local/"))
-	append(&exclude, strings.clone("node_modules"))
-	append(&exclude, strings.clone("vendor"))
-
-	include := make([dynamic]string, 0, 1)
-	append(&include, strings.clone("~"))
-
-	scan_cfg := ScanConfig {
-		Matcher = strings.clone("\\.env"),
-		Exclude = exclude,
-		Include = include,
-	}
-
-	return Config{Keys = keys, ScanConfig = scan_cfg, config_path = cfg_path}
-}
-
-save_config :: proc(cfg: Config, force: bool = false) -> bool {
-	config_dir := envr_dir(cfg.config_path)
-
-	if !os.exists(config_dir) {
-		mkdir_err := os.make_directory(config_dir)
-		if mkdir_err != nil {
-			fmt.printf("Error creating %s directory: %v\n", config_dir, mkdir_err)
-			return false
-		}
-	}
-
-	if os.exists(cfg.config_path) && !force {
-		info, stat_err := os.stat(cfg.config_path, context.allocator)
-		if stat_err == nil {
-			defer os.file_info_delete(info, context.allocator)
-			if info.size > 0 {
-				fmt.println("Config file already exists. Run again with --force to reinitialize.")
-				return false
-			}
-		}
-	}
-
-	data, marshal_err := json.marshal(cfg, {pretty = true, use_spaces = true, spaces = 2})
-	if marshal_err != nil {
-		fmt.printf("Error marshaling config: %v\n", marshal_err)
-		return false
-	}
-	defer delete(data)
-
-	write_err := os.write_entire_file(cfg.config_path, data)
-	if write_err != nil {
-		fmt.printf("Error writing config: %v\n", write_err)
-		return false
-	}
-
-	return true
+find_git_roots :: proc(cfg: Config) -> (roots: [dynamic]string, ok: bool) {
+	paths := search_paths(cfg)
+	findr.find_repos(paths[:], &roots, os.get_processor_core_count())
+	ok = true
+	return
 }

 search_paths :: proc(cfg: Config) -> (paths: [dynamic]string) {
@@ -218,10 +215,13 @@ search_paths :: proc(cfg: Config) -> (paths: [dynamic]string) {
 	return
 }

-find_git_roots :: proc(cfg: Config) -> (roots: [dynamic]string, ok: bool) {
-	paths := search_paths(cfg)
-	findr.find_repos(paths[:], &roots, os.get_processor_core_count())
-	ok = true
-	return
+envr_dir :: proc(config_path: string) -> string {
+	return filepath.dir(config_path)
+}
+
+// User is responsible for freeing the path
+data_path :: proc(config_path: string, allocator := context.allocator) -> string {
+	path, _ := filepath.join([]string{envr_dir(config_path), "data.envr"}, allocator)
+	return path
 }

--- a/crypto.odin
+++ b/crypto.odin
@@ -2,6 +2,7 @@ package main

 import "core:fmt"
 import "core:mem"
+import "core:os"

 MAGIC :: "ENVR"
 MAGIC_BYTES := [4]u8{u8('E'), u8('N'), u8('V'), u8('R')}
@@ -20,80 +21,19 @@ RecipientEntry :: struct {
 	EncryptedKey: [CRYPTO_SECRETBOX_KEY_BYTES + CRYPTO_BOX_MAC_BYTES]u8,
 }

-sodium_initialized: bool
-
-ensure_sodium :: proc() -> bool {
-	if sodium_initialized {
-		return true
-	}
-	rc := sodium_init()
-	if rc < 0 {
-		fmt.println("Error: libsodium initialization failed")
-		return false
-	}
-	sodium_initialized = true
-	return true
-}
-
 X25519Keypair :: struct {
 	Public:  [CRYPTO_BOX_PUBLICKEY_BYTES]u8,
 	Private: [CRYPTO_BOX_SECRETKEY_BYTES]u8,
 }

-ssh_to_x25519 :: proc(keys: []SshKeyPair) -> (pairs: []X25519Keypair, ok: bool) {
-	if len(keys) == 0 {
-		return
+@(init)
+init_sodium :: proc "contextless" () {
+	if sodium_init() < 0 {
+		os.exit(1)
 	}
-
-	pairs = make([]X25519Keypair, len(keys))
-
-	for i in 0 ..< len(keys) {
-		ssh_kp, parse_ok := parse_ssh_private_key(keys[i].Private)
-		if !parse_ok {
-			fmt.printf("Error: failed to parse SSH private key: %s\n", keys[i].Private)
-			delete(pairs)
-			return
-		}
-
-		ssh_pub, pub_ok := parse_ssh_public_key(keys[i].Public)
-		if !pub_ok {
-			fmt.printf("Error: failed to parse SSH public key: %s\n", keys[i].Public)
-			delete(pairs)
-			return
-		}
-
-		pk_rc := crypto_sign_ed25519_pk_to_curve25519(&pairs[i].Public[0], &ssh_pub[0])
-		if pk_rc != 0 {
-			fmt.println("Error: failed to convert ed25519 public key to curve25519")
-			delete(pairs)
-			return
-		}
-
-		ed25519_sk: [64]u8
-		for j in 0 ..< 32 {
-			ed25519_sk[j] = ssh_kp.Private[j]
-		}
-		for j in 0 ..< 32 {
-			ed25519_sk[32 + j] = ssh_kp.Public[j]
-		}
-
-		sk_rc := crypto_sign_ed25519_sk_to_curve25519(&pairs[i].Private[0], &ed25519_sk[0])
-		if sk_rc != 0 {
-			fmt.println("Error: failed to convert ed25519 private key to curve25519")
-			delete(pairs)
-			return
-		}
-	}
-
-	ok = true
-	return
 }

 encrypt :: proc(plaintext: []u8, keys: []SshKeyPair) -> (ciphertext: []u8, ok: bool) {
-	if !ensure_sodium() {
-		return
-	}
-
 	x25519_pairs, pairs_ok := ssh_to_x25519(keys)
 	if !pairs_ok {
 		return
@@ -193,10 +133,6 @@ encrypt :: proc(plaintext: []u8, keys: []SshKeyPair) -> (ciphertext: []u8, ok: b
 }

 decrypt :: proc(ciphertext: []u8, keys: []SshKeyPair) -> (plaintext: []u8, ok: bool) {
-	if !ensure_sodium() {
-		return
-	}
-
 	if len(ciphertext) < HEADER_SIZE {
 		fmt.println("Error: ciphertext too short (header)")
 		return
@@ -336,3 +272,52 @@ decrypt :: proc(ciphertext: []u8, keys: []SshKeyPair) -> (plaintext: []u8, ok: b
 	return
 }

+ssh_to_x25519 :: proc(keys: []SshKeyPair) -> (pairs: []X25519Keypair, ok: bool) {
+	if len(keys) == 0 {
+		return
+	}
+
+	pairs = make([]X25519Keypair, len(keys))
+
+	for i in 0 ..< len(keys) {
+		ssh_kp, parse_ok := parse_ssh_private_key(keys[i].Private)
+		if !parse_ok {
+			fmt.printf("Error: failed to parse SSH private key: %s\n", keys[i].Private)
+			delete(pairs)
+			return
+		}
+
+		ssh_pub, pub_ok := parse_ssh_public_key(keys[i].Public)
+		if !pub_ok {
+			fmt.printf("Error: failed to parse SSH public key: %s\n", keys[i].Public)
+			delete(pairs)
+			return
+		}
+
+		pk_rc := crypto_sign_ed25519_pk_to_curve25519(&pairs[i].Public[0], &ssh_pub[0])
+		if pk_rc != 0 {
+			fmt.println("Error: failed to convert ed25519 public key to curve25519")
+			delete(pairs)
+			return
+		}
+
+		ed25519_sk: [64]u8
+		for j in 0 ..< 32 {
+			ed25519_sk[j] = ssh_kp.Private[j]
+		}
+		for j in 0 ..< 32 {
+			ed25519_sk[32 + j] = ssh_kp.Public[j]
+		}
+
+		sk_rc := crypto_sign_ed25519_sk_to_curve25519(&pairs[i].Private[0], &ed25519_sk[0])
+		if sk_rc != 0 {
+			fmt.println("Error: failed to convert ed25519 private key to curve25519")
+			delete(pairs)
+			return
+		}
+	}
+
+	ok = true
+	return
+}
+
--- a/db.odin
+++ b/db.odin
@@ -5,6 +5,7 @@ import "core:encoding/hex"
 import "core:encoding/ini"
 import "core:encoding/json"
 import "core:fmt"
+import "core:mem"
 import "core:os"
 import "core:path/filepath"
 import "core:strings"
@@ -31,6 +32,7 @@ Db :: struct {
 	db:      ^rawptr,
 	cfg:     Config,
 	changed: bool,
+	arena:   mem.Dynamic_Arena,
 }

 EnvFile :: struct {
@@ -51,21 +53,40 @@ delete_envfile :: proc(f: ^EnvFile) {
 	delete(f.contents)
 }

-
 db_open :: proc(cfg_path: string) -> (Db, bool) {
-	cfg, ok := load_config(cfg_path)
+	database, ok := db_init()
 	if !ok {
-		return Db{}, false
+		return database, ok
 	}

-	data_path := data_path(cfg.config_path)
-	_, stat_err := os.stat(data_path, context.allocator)
+	database.cfg, ok = load_config(cfg_path, db_allocator(&database))
+	if !ok {
+		return database, ok
+	}

+	// TODO: Use different allocators?
+	data_path := data_path(database.cfg.config_path, context.temp_allocator)
+	if os.exists(data_path) {
+		if ok = db_restore_from_encrypted(&database, data_path); !ok {
+			sqlite.db_close(database.db)
+			return database, ok
+		}
+	} else {
+		// DB was created
+		database.changed = true
+	}
+
+	return database, true
+}
+
+// Creates a database an allocator and fresh, empty table, with zero encryption.
+// In production, you most likely want to use `db_open`.
+db_init :: proc() -> (database: Db, ok: bool) {
 	db: ^rawptr
 	rc := sqlite.db_open(":memory:", &db)
 	if rc != sqlite.OK {
 		fmt.printf("Error opening in-memory database: %s\n", sqlite.db_errmsg(db))
-		return Db{}, false
+		return
 	}

 	create_sql: cstring = "CREATE TABLE IF NOT EXISTS envr_env_files (path TEXT PRIMARY KEY NOT NULL, remotes TEXT, sha256 TEXT NOT NULL, contents TEXT NOT NULL)"
@@ -73,21 +94,71 @@ db_open :: proc(cfg_path: string) -> (Db, bool) {
 	if rc != sqlite.OK {
 		fmt.printf("Error creating table: %s\n", sqlite.db_errmsg(db))
 		sqlite.db_close(db)
-		return Db{}, false
+		return
 	}
+	database.db = db

-	if stat_err == nil {
-		if !db_restore_from_encrypted(db, cfg) {
-			sqlite.db_close(db)
-			return Db{}, false
-		}
-	}
+	mem.dynamic_arena_init(&database.arena)

-	return Db{db = db, cfg = cfg, changed = stat_err != nil}, true
+	return database, true
 }

+// TODO: Should allocator live on the db?
+db_allocator :: proc(db: ^Db) -> mem.Allocator {
+	return mem.dynamic_arena_allocator(&db.arena)
+}
+
+// TODO: use db allocator?
+db_restore_from_encrypted :: proc(db: ^Db, data_path: string) -> bool {
+	encrypted_data, read_err := os.read_entire_file_from_path(data_path, context.allocator)
+	defer delete(encrypted_data)
+	if read_err != nil {
+		fmt.printf("Error reading encrypted database: %v\n", read_err)
+		return false
+	}
+
+	// TODO: allow allocator selection?
+	plaintext, dec_ok := decrypt(encrypted_data, db.cfg.Keys[:])
+	if !dec_ok {
+		fmt.println("Error: decryption failed")
+		return false
+	}
+	defer delete(plaintext)
+
+	n := i64(len(plaintext))
+	buf := sqlite.malloc64(n)
+	if buf == nil {
+		fmt.println("Error: failed to allocate buffer for deserialization")
+		return false
+	}
+	copy(buf[:len(plaintext)], plaintext)
+
+	rc := sqlite.deserialize(
+		db.db,
+		"main",
+		buf,
+		n,
+		n,
+		sqlite.DESERIALIZE_FREEONCLOSE | sqlite.DESERIALIZE_RESIZEABLE,
+	)
+	if rc != sqlite.OK {
+		sqlite.free(buf)
+		fmt.printf("Error deserializing database: %s\n", sqlite.db_errmsg(db.db))
+		return false
+	}
+
+	return true
+}
+
+// TODO: Return error enum?
 db_close :: proc(d: ^Db) {
-	defer sqlite.db_close(d.db)
+	allocator := db_allocator(d)
+
+	defer {
+		sqlite.db_close(d.db)
+		delete_config(&d.cfg, allocator)
+		mem.dynamic_arena_destroy(&d.arena)
+	}

 	if d.changed {
 		rc := sqlite.db_exec(d.db, "VACUUM", nil, nil, nil)
@@ -105,13 +176,15 @@ db_close :: proc(d: ^Db) {
 		defer sqlite.free(data)

 		sqlite_data := data[:sz]
+		// TODO: PAss allocator chain
+		// FIXME Warning gets printed in tests.
 		encrypted, enc_ok := encrypt(sqlite_data, d.cfg.Keys[:])
 		if !enc_ok {
 			fmt.println("Error: encryption failed")
 			return
 		}

-		data_path := data_path(d.cfg.config_path)
+		data_path := data_path(d.cfg.config_path, allocator)
 		envr_d := envr_dir(d.cfg.config_path)
 		os.mkdir_all(envr_d)

@@ -126,14 +199,8 @@ db_close :: proc(d: ^Db) {
 	}
 }

-// Caller is responsible for calling:
-// ```odin
-// delete(results)
-// for &result in results {
-// 	delete(&result)
-// }
-// ```
-db_list :: proc(d: ^Db, allocator := context.allocator) -> (results: [dynamic]EnvFile, ok: bool) {
+// Results will be freed when `db_close` is called.
+db_list :: proc(d: ^Db) -> ([]EnvFile, bool) {
 	stmt: ^rawptr
 	rc := sqlite.prepare_v2(
 		d.db,
@@ -144,18 +211,22 @@ db_list :: proc(d: ^Db, allocator := context.allocator) -> (results: [dynamic]En
 	)
 	if rc != sqlite.OK {
 		fmt.printf("Error preparing query: %s\n", sqlite.db_errmsg(d.db))
-		return
+		return []EnvFile{}, false
 	}
 	defer sqlite.finalize(stmt)

+	allocator := db_allocator(d)
+	// TODO: Is 10 a good size?
+	results := make([dynamic]EnvFile, 0, 10, allocator)
+
 	for {
 		rc = sqlite.step(stmt)
 		if rc == sqlite.DONE {
 			break
 		}
-		if rc != sqlite.ROW {
+		#no_bounds_check if rc != sqlite.ROW {
 			fmt.printf("Error stepping query: %s\n", sqlite.db_errmsg(d.db))
-			return
+			return results[:], false
 		}

 		remotes_json := string(sqlite.column_text(stmt, 1))
@@ -177,114 +248,10 @@ db_list :: proc(d: ^Db, allocator := context.allocator) -> (results: [dynamic]En
 		)
 	}

-	ok = true
-	return
-}
-
-db_restore_from_encrypted :: proc(db: ^rawptr, cfg: Config) -> bool {
-	encrypted_data, read_err := os.read_entire_file_from_path(
-		data_path(cfg.config_path),
-		context.allocator,
-	)
-	defer delete(encrypted_data)
-	if read_err != nil {
-		fmt.printf("Error reading encrypted database: %v\n", read_err)
-		return false
-	}
-
-	plaintext, dec_ok := decrypt(encrypted_data, cfg.Keys[:])
-	if !dec_ok {
-		fmt.println("Error: decryption failed")
-		return false
-	}
-	defer delete(plaintext)
-
-	n := i64(len(plaintext))
-	buf := sqlite.malloc64(n)
-	if buf == nil {
-		fmt.println("Error: failed to allocate buffer for deserialization")
-		return false
-	}
-	copy(buf[:len(plaintext)], plaintext)
-
-	rc := sqlite.deserialize(
-		db,
-		"main",
-		buf,
-		n,
-		n,
-		sqlite.DESERIALIZE_FREEONCLOSE | sqlite.DESERIALIZE_RESIZEABLE,
-	)
-	if rc != sqlite.OK {
-		sqlite.free(buf)
-		fmt.printf("Error deserializing database: %s\n", sqlite.db_errmsg(db))
-		return false
-	}
-
-	return true
-}
-
-
-get_git_remotes :: proc(dir: string) -> [dynamic]string {
-	remotes: [dynamic]string
-	remote_set: map[string]bool
-	defer delete(remote_set)
-
-	config_path, _ := filepath.join({dir, ".git", "config"}, context.temp_allocator)
-	m, _, ok := ini.load_map_from_path(config_path, context.allocator)
-	if !ok {
-		return remotes
-	}
-	defer ini.delete_map(m)
-
-	for section_name, section in m {
-		if strings.has_prefix(section_name, "remote ") {
-			if url, ok := section["url"]; ok {
-				remote_set[url] = true
-			}
-		}
-	}
-
-	for remote in remote_set {
-		cloned, _ := strings.clone(remote)
-		append(&remotes, cloned)
-	}
-
-	return remotes
-}
-
-new_env_file :: proc(path: string) -> (EnvFile, bool) {
-	abs_path, abs_err := filepath.abs(path)
-	if abs_err != nil {
-		fmt.printf("Error getting absolute path: %v\n", abs_err)
-		return EnvFile{}, false
-	}
-
-	dir := filepath.dir(abs_path)
-
-	remotes := get_git_remotes(dir)
-
-	data, read_err := os.read_entire_file_from_path(abs_path, context.allocator)
-	defer delete(data)
-	if read_err != nil {
-		fmt.printf("Error reading file %s: %v\n", abs_path, read_err)
-		return EnvFile{}, false
-	}
-
-	digest := hash.hash_bytes(hash.Algorithm.SHA256, data, context.temp_allocator)
-	// TODO: Handle error
-	hex_bytes, _ := hex.encode(digest)
-
-	return EnvFile {
-			Path = abs_path,
-			Dir = dir,
-			Remotes = remotes,
-			Sha256 = string(hex_bytes),
-			contents = string(data),
-		},
-		true
+	#no_bounds_check return results[:], true
 }

+// FIXME: Needs to use the allocator
 db_insert :: proc(d: ^Db, file: EnvFile) -> bool {
 	remotes_json, marshal_err := json.marshal(file.Remotes)
 	if marshal_err != nil {
@@ -347,7 +314,8 @@ db_insert :: proc(d: ^Db, file: EnvFile) -> bool {
 	return true
 }

-db_fetch :: proc(d: ^Db, path: string, allocator := context.allocator) -> (EnvFile, bool) {
+// Result will be freed when `db_close` is called.
+db_fetch :: proc(d: ^Db, path: string) -> (EnvFile, bool) {
 	sql: cstring = "SELECT path, remotes, sha256, contents FROM envr_env_files WHERE path = ?"
 	stmt: ^rawptr
 	rc := sqlite.prepare_v2(d.db, sql, -1, &stmt, nil)
@@ -357,8 +325,8 @@ db_fetch :: proc(d: ^Db, path: string, allocator := context.allocator) -> (EnvFi
 	}
 	defer sqlite.finalize(stmt)

-	cpath := to_cstring(path, allocator)
-	defer delete(cpath, allocator)
+	// TODO: Use standard allocator + delete here?
+	cpath := to_cstring(path, context.temp_allocator)
 	rc = sqlite.bind_text(stmt, 1, cpath, -1, nil)
 	if rc != sqlite.OK {
 		fmt.printf("Error binding path: %s\n", sqlite.db_errmsg(d.db))
@@ -374,13 +342,15 @@ db_fetch :: proc(d: ^Db, path: string, allocator := context.allocator) -> (EnvFi
 		return EnvFile{}, false
 	}

+	allocator := db_allocator(d)
+
 	remotes_json := string(sqlite.column_text(stmt, 1))
 	remotes: [dynamic]string = ---
 	if len(remotes_json) > 0 {
 		json.unmarshal_string(remotes_json, &remotes, allocator = allocator)
 	}

-	file_path := clone_cstring(sqlite.column_text(stmt, 0))
+	file_path := clone_cstring(sqlite.column_text(stmt, 0), allocator)

 	return EnvFile {
 			Path = file_path,
@@ -402,6 +372,7 @@ db_delete :: proc(d: ^Db, path: string) -> bool {
 	}
 	defer sqlite.finalize(stmt)

+	// TODO: Use db allocator here?
 	cpath := to_cstring(path)
 	defer delete(cpath)
 	rc = sqlite.bind_text(stmt, 1, cpath, -1, nil)
@@ -424,69 +395,36 @@ db_delete :: proc(d: ^Db, path: string) -> bool {
 	return true
 }

-to_cstring :: proc {
-	string_to_cstring,
-	strings.to_cstring,
-}
-
-string_to_cstring :: proc(s: string, allocator := context.allocator) -> cstring {
-	cs, err := strings.clone_to_cstring(s, allocator)
-	if err != nil {
-		fmt.printf("Failed to convert string to cstring: %v\n", err)
-		panic("Allocation Exception")
-	}
-	return cs
-}
-
-clone_cstring :: proc(c: cstring, allocator := context.allocator) -> string {
-	str, err := strings.clone_from_cstring(c, allocator)
-	if err != nil {
-		fmt.printf("Failed to convert string to cstring: %v\n", err)
-		delete(str)
-		panic("Allocation Exception")
+new_env_file :: proc(path: string) -> (EnvFile, bool) {
+	abs_path, abs_err := filepath.abs(path)
+	if abs_err != nil {
+		fmt.printf("Error getting absolute path: %v\n", abs_err)
+		return EnvFile{}, false
 	}

-	return str
-}
+	dir := filepath.dir(abs_path)

-db_update_required :: proc(status: SyncFlag) -> bool {
-	return .BackedUp in status || .DirUpdated in status
-}
+	remotes := get_git_remotes(dir)

-shares_remote :: proc(f: ^EnvFile, remotes: []string) -> bool {
-	for r1 in f.Remotes {
-		for r2 in remotes {
-			if r1 == r2 {
-				return true
-			}
-		}
-	}
-	return false
-}
-
-update_dir :: proc(f: ^EnvFile, new_dir: string) {
-	f.Dir = new_dir
-	base := filepath.base(f.Path)
-	new_path, _ := strings.concatenate({new_dir, "/", base})
-	f.Path = new_path
-	f.Remotes = get_git_remotes(new_dir)
-}
-
-find_moved_dirs :: proc(d: ^Db, f: ^EnvFile) -> ([dynamic]string, bool) {
-	roots, roots_ok := find_git_roots(d.cfg)
-	if !roots_ok {
-		return {}, false
+	data, read_err := os.read_entire_file_from_path(abs_path, context.allocator)
+	defer delete(data)
+	if read_err != nil {
+		fmt.printf("Error reading file %s: %v\n", abs_path, read_err)
+		return EnvFile{}, false
 	}

-	moved: [dynamic]string
-	for root in roots {
-		remotes := get_git_remotes(root)
-		if shares_remote(f, remotes[:]) {
-			cloned, _ := strings.clone(root)
-			append(&moved, cloned)
-		}
-	}
-	return moved, true
+	digest := hash.hash_bytes(hash.Algorithm.SHA256, data, context.temp_allocator)
+	// TODO: Handle error
+	hex_bytes, _ := hex.encode(digest)
+
+	return EnvFile {
+			Path = abs_path,
+			Dir = dir,
+			Remotes = remotes,
+			Sha256 = string(hex_bytes),
+			contents = string(data),
+		},
+		true
 }

 db_sync :: proc(d: ^Db, f: ^EnvFile) -> (SyncFlag, string) {
@@ -494,6 +432,7 @@ db_sync :: proc(d: ^Db, f: ^EnvFile) -> (SyncFlag, string) {
 }

 // If SyncFlag is .BackedUp, Caller is responsible for calling delete on f.contents and f.Sha256
+// TODO: Should this use the db allocator?
 env_file_sync :: proc(f: ^EnvFile, dir: SyncDirection, d: ^Db) -> (SyncFlag, string) {
 	result: SyncFlag = {}

@@ -565,9 +504,38 @@ env_file_sync :: proc(f: ^EnvFile, dir: SyncDirection, d: ^Db) -> (SyncFlag, str
 	return result, ""
 }

+// TODO: Should this use the db allocator?
+find_moved_dirs :: proc(d: ^Db, f: ^EnvFile) -> ([dynamic]string, bool) {
+	roots, roots_ok := find_git_roots(d.cfg)
+	if !roots_ok {
+		return {}, false
+	}
+
+	moved: [dynamic]string
+	for root in roots {
+		remotes := get_git_remotes(root)
+		if shares_remote(f, remotes[:]) {
+			cloned, _ := strings.clone(root)
+			append(&moved, cloned)
+		}
+	}
+	return moved, true
+}
+
+// TODO: Should this use the db allocator?
+update_dir :: proc(f: ^EnvFile, new_dir: string) {
+	f.Dir = new_dir
+	base := filepath.base(f.Path)
+	new_path, _ := strings.concatenate({new_dir, "/", base})
+	f.Path = new_path
+	f.Remotes = get_git_remotes(new_dir)
+}
+
 // Loads the contents of the the file at f.Path into f.contents
 //
 // Caller is responsible for calling delete on f.contents and f.Sha256
+//
+// TODO: Should this use the db allocator?
 env_file_backup :: proc(f: ^EnvFile) -> bool {
 	data, read_err := os.read_entire_file_from_path(f.Path, context.allocator)
 	if read_err != nil {
@@ -586,3 +554,73 @@ env_file_backup :: proc(f: ^EnvFile) -> bool {
 	return true
 }

+shares_remote :: proc(f: ^EnvFile, remotes: []string) -> bool {
+	for r1 in f.Remotes {
+		for r2 in remotes {
+			if r1 == r2 {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+// TODO: Should this use the db allocator?
+get_git_remotes :: proc(dir: string) -> [dynamic]string {
+	remotes: [dynamic]string
+	remote_set: map[string]bool
+	defer delete(remote_set)
+
+	config_path, _ := filepath.join({dir, ".git", "config"}, context.temp_allocator)
+	m, _, ok := ini.load_map_from_path(config_path, context.allocator)
+	if !ok {
+		return remotes
+	}
+	defer ini.delete_map(m)
+
+	for section_name, section in m {
+		if strings.has_prefix(section_name, "remote ") {
+			if url, ok := section["url"]; ok {
+				remote_set[url] = true
+			}
+		}
+	}
+
+	for remote in remote_set {
+		cloned, _ := strings.clone(remote)
+		append(&remotes, cloned)
+	}
+
+	return remotes
+}
+
+db_update_required :: proc(status: SyncFlag) -> bool {
+	return .BackedUp in status || .DirUpdated in status
+}
+
+to_cstring :: proc {
+	string_to_cstring,
+	strings.to_cstring,
+}
+
+string_to_cstring :: proc(s: string, allocator := context.allocator) -> cstring {
+	cs, err := strings.clone_to_cstring(s, allocator)
+	if err != nil {
+		fmt.printf("Failed to convert string to cstring: %v\n", err)
+		panic("Allocation Exception")
+	}
+	return cs
+}
+
+// Caller is responsible for freeing the result
+clone_cstring :: proc(c: cstring, allocator := context.allocator) -> string {
+	str, err := strings.clone_from_cstring(c, allocator)
+	if err != nil {
+		fmt.printf("Failed to convert string to cstring: %v\n", err)
+		delete(str)
+		panic("Allocation Exception")
+	}
+
+	return str
+}
+
--- a/db_test.odin
+++ b/db_test.odin
@@ -8,23 +8,6 @@ import "core:testing"

 import "sqlite"

-make_test_db :: proc() -> (Db, bool) {
-	db: ^rawptr
-	rc := sqlite.db_open(":memory:", &db)
-	if rc != sqlite.OK {
-		return Db{}, false
-	}
-
-	create_sql: cstring = "CREATE TABLE IF NOT EXISTS envr_env_files (path TEXT PRIMARY KEY NOT NULL, remotes TEXT, sha256 TEXT NOT NULL, contents TEXT NOT NULL)"
-	rc = sqlite.db_exec(db, create_sql, nil, nil, nil)
-	if rc != sqlite.OK {
-		sqlite.db_close(db)
-		return Db{}, false
-	}
-
-	return Db{db = db}, true
-}
-
 make_test_env_file :: proc(path, sha, contents: string, remotes: []string = {}) -> EnvFile {
 	f := EnvFile {
 		Path     = path,
@@ -41,10 +24,10 @@ make_test_env_file :: proc(path, sha, contents: string, remotes: []string = {})

@(test)
 test_db_insert_and_fetch :: proc(t: ^testing.T) {
-	d, ok := make_test_db()
+	d, ok := db_init()
 	testing.expect(t, ok, "failed to create test db")
 	if !ok do return
-	defer sqlite.db_close(d.db)
+	defer db_close(&d)

 	path := "/project/.env"
 	sha := "abc123"
@@ -56,7 +39,7 @@ test_db_insert_and_fetch :: proc(t: ^testing.T) {
 	testing.expect(t, db_insert(&d, f), "insert should succeed")

 	fetched, fetch_ok := db_fetch(&d, "/project/.env")
-	defer delete_envfile(&fetched)
+	// defer delete_envfile(&fetched)
 	testing.expect(t, fetch_ok, "fetch should succeed")
 	if !fetch_ok do return

@@ -69,10 +52,10 @@ test_db_insert_and_fetch :: proc(t: ^testing.T) {

@(test)
 test_db_fetch_missing :: proc(t: ^testing.T) {
-	d, ok := make_test_db()
+	d, ok := db_init()
 	testing.expect(t, ok, "failed to create test db")
 	if !ok do return
-	defer sqlite.db_close(d.db)
+	defer db_close(&d)

 	_, fetch_ok := db_fetch(&d, "/nonexistent/.env")
 	testing.expect(t, !fetch_ok, "fetch missing should return false")
@@ -80,10 +63,9 @@ test_db_fetch_missing :: proc(t: ^testing.T) {

@(test)
 test_db_insert_or_replace :: proc(t: ^testing.T) {
-	d, ok := make_test_db()
+	d, ok := db_init()
+	defer db_close(&d)
 	testing.expect(t, ok, "failed to create test db")
-	if !ok do return
-	defer sqlite.db_close(d.db)

 	f1 := make_test_env_file("/project/.env", "sha1", "KEY=old")
 	defer delete(f1.Remotes)
@@ -95,18 +77,11 @@ test_db_insert_or_replace :: proc(t: ^testing.T) {

 	results, list_ok := db_list(&d)
 	testing.expect(t, list_ok, "list should succeed")
-	if !list_ok do return
-	defer delete(results)
-	for &result in results {
-		defer delete_envfile(&result)
-	}

 	testing.expect(t, len(results) == 1, "should have 1 row, not 2")

 	fetched, fetch_ok := db_fetch(&d, "/project/.env")
 	testing.expect(t, fetch_ok, "fetch should succeed")
-	if !fetch_ok do return
-	defer delete_envfile(&fetched)

 	testing.expect_value(t, fetched.contents, "KEY=new")
 	testing.expect_value(t, fetched.Sha256, "sha2")
@@ -114,10 +89,10 @@ test_db_insert_or_replace :: proc(t: ^testing.T) {

@(test)
 test_db_delete_existing :: proc(t: ^testing.T) {
-	d, ok := make_test_db()
+	d, ok := db_init()
 	testing.expect(t, ok, "failed to create test db")
 	if !ok do return
-	defer sqlite.db_close(d.db)
+	defer db_close(&d)

 	f := make_test_env_file("/project/.env", "sha", "KEY=val")
 	defer delete(f.Remotes)
@@ -131,20 +106,19 @@ test_db_delete_existing :: proc(t: ^testing.T) {

@(test)
 test_db_delete_missing :: proc(t: ^testing.T) {
-	d, ok := make_test_db()
+	d, ok := db_init()
 	testing.expect(t, ok, "failed to create test db")
 	if !ok do return
-	defer sqlite.db_close(d.db)
+	defer db_close(&d)

 	testing.expect(t, !db_delete(&d, "/nonexistent/.env"), "delete missing should return false")
 }

@(test)
 test_db_list_multiple :: proc(t: ^testing.T) {
-	d, ok := make_test_db()
+	d, ok := db_init()
 	testing.expect(t, ok, "failed to create test db")
-	if !ok do return
-	defer sqlite.db_close(d.db)
+	defer db_close(&d)

 	f1 := make_test_env_file("/proj1/.env", "sha1", "A=1", []string{"git@github.com:a/repo.git"})
 	defer delete(f1.Remotes)
@@ -158,36 +132,27 @@ test_db_list_multiple :: proc(t: ^testing.T) {

 	results, list_ok := db_list(&d)
 	testing.expect(t, list_ok, "list should succeed")
-	if !list_ok do return
-	defer delete(results)
-	defer {
-		for &result in results {
-			delete_envfile(&result)
-		}
-	}

 	testing.expect_value(t, len(results), 3)
 }

@(test)
 test_db_list_empty :: proc(t: ^testing.T) {
-	d, ok := make_test_db()
+	d, ok := db_init()
 	testing.expect(t, ok, "failed to create test db")
-	if !ok do return
-	defer sqlite.db_close(d.db)
+	defer db_close(&d)

 	results, list_ok := db_list(&d)
 	testing.expect(t, list_ok, "list should succeed on empty db")
 	testing.expect(t, len(results) == 0, "should have 0 rows")
-	if list_ok do delete(results)
 }

@(test)
 test_db_insert_sets_changed :: proc(t: ^testing.T) {
-	d, ok := make_test_db()
+	d, ok := db_init()
 	testing.expect(t, ok, "failed to create test db")
 	if !ok do return
-	defer sqlite.db_close(d.db)
+	defer db_close(&d)

 	testing.expect(t, !d.changed, "changed should start false")

@@ -200,10 +165,10 @@ test_db_insert_sets_changed :: proc(t: ^testing.T) {

@(test)
 test_db_delete_sets_changed :: proc(t: ^testing.T) {
-	d, ok := make_test_db()
+	d, ok := db_init()
 	testing.expect(t, ok, "failed to create test db")
 	if !ok do return
-	defer sqlite.db_close(d.db)
+	defer db_close(&d)

 	f := make_test_env_file("/project/.env", "sha", "KEY=val")
 	defer delete(f.Remotes)
@@ -216,10 +181,10 @@ test_db_delete_sets_changed :: proc(t: ^testing.T) {

@(test)
 test_db_serialize :: proc(t: ^testing.T) {
-	d, ok := make_test_db()
+	d, ok := db_init()
 	testing.expect(t, ok, "failed to create test db")
 	if !ok do return
-	defer sqlite.db_close(d.db)
+	defer db_close(&d)

 	f := make_test_env_file("/project/.env", "sha", "KEY=val")
 	defer delete(f.Remotes)
@@ -464,7 +429,7 @@ test_update_dir :: proc(t: ^testing.T) {
 		Dir     = "/old/project",
 		Remotes = make([dynamic]string, 0),
 	}
-	defer delete_envfile(&f)
+	defer delete(f.Remotes)

 	update_dir(&f, "/new/location")

@@ -472,3 +437,59 @@ test_update_dir :: proc(t: ^testing.T) {
 	testing.expect_value(t, f.Path, "/new/location/.env")
 }

+@(test)
+test_closing_db_has_no_leaks :: proc(t: ^testing.T) {
+	base := fmt.tprintf("/tmp/envr-test-leak-%d", os.get_pid())
+	os.mkdir_all(base)
+	defer os.remove_all(base)
+
+	cfg_path, err := filepath.join([]string{base, "config.json"}, context.temp_allocator)
+	testing.expect(t, err == nil, "cfgPath should build successfully")
+
+	{
+		cfg := new_config([]string{"fixtures/keys/insecure-test-key"}, cfg_path)
+		testing.expect(t, save_config(cfg, force = true), "save should succeed")
+		delete_config(&cfg)
+	}
+
+	db, ok := db_open(cfg_path)
+	testing.expect(t, ok, "db should open")
+	db_close(&db)
+}
+
+@(test)
+test_open_existing_db_has_no_leaks :: proc(t: ^testing.T) {
+	base := fmt.tprintf("/tmp/envr-test-leak-existing-%d", os.get_pid())
+	os.mkdir_all(base)
+	defer os.remove_all(base)
+
+	cfg_path, err := filepath.join([]string{base, "config.json"}, context.temp_allocator)
+	testing.expect(t, err == nil, "cfgPath should build successfully")
+
+	{
+		cfg := new_config([]string{"fixtures/keys/insecure-test-key"}, cfg_path)
+		testing.expect(t, save_config(cfg, force = true), "save should succeed")
+		delete_config(&cfg)
+	}
+
+	// First open/close creates data.envr on disk
+	db, ok := db_open(cfg_path)
+	testing.expect(t, ok, "db should open")
+	if !ok do return
+	f := make_test_env_file(
+		"/project/.env",
+		"abc123",
+		"SECRET=value",
+		[]string{"git@github.com:user/repo.git"},
+	)
+	defer delete(f.Remotes)
+	testing.expect(t, db_insert(&db, f), "insert should succeed")
+	db_close(&db)
+
+	// Second open exercises db_restore_from_encrypted
+	db2, ok2 := db_open(cfg_path)
+	testing.expect(t, ok2, "db should open existing")
+	if !ok2 do return
+	db_close(&db2)
+}
+
--- a/findr/walker.odin
+++ b/findr/walker.odin
@@ -1,5 +1,6 @@
 package findr

+import "core:bytes"
 import "core:fmt"
 import "core:os"
 import "core:strings"
@@ -54,19 +55,26 @@ Collector_Data :: struct {
 collect_worker :: proc(t: ^thread.Thread) {
 	data := cast(^Collector_Data)t.data
 	for {
-		batch, ok := chan.recv(data.ch)
-		if !ok do break
+		batch := chan.recv(data.ch) or_break
+		defer delete(batch)
+
 		start := 0
-		for i in 0 ..< len(batch) {
-			if batch[i] == '\n' {
-				if i > start {
-					s, _ := strings.clone(string(batch[start:i]))
-					append(data.results, s)
-				}
-				start = i + 1
+		for {
+			remaining: []u8
+			#no_bounds_check {remaining = batch[start:]}
+
+			idx := bytes.index_byte(remaining, '\n')
+			if idx < 0 do break
+
+			i := start + idx
+			if i > start {
+				segment: []u8
+				#no_bounds_check {segment = batch[start:i]}
+				s, _ := strings.clone(string(segment))
+				append(data.results, s)
 			}
+			start = i + 1
 		}
-		delete(batch)
 	}
 }

@@ -447,3 +455,4 @@ join_path :: proc(parent, child: string) -> string {
 	copy(buf[pos:], child)
 	return string(buf)
 }
+
--- a/main.odin
+++ b/main.odin
@@ -1,14 +1,31 @@
 package main

-import "core:bufio"
 import "core:fmt"
+import "core:mem"
 import "core:os"

 main :: proc() {
+	when ODIN_DEBUG {
+		heap_track: mem.Tracking_Allocator
+		mem.tracking_allocator_init(&heap_track, context.allocator)
+		defer mem.tracking_allocator_destroy(&heap_track)
+		defer if len(heap_track.allocation_map) > 0 {
+			for _, leak in heap_track.allocation_map {
+				fmt.eprintf("LEAK: %v leaked %m\n", leak.location, leak.size)
+			}
+		}
+		context.allocator = mem.tracking_allocator(&heap_track)
+
+		temp_track: mem.Tracking_Allocator
+		mem.tracking_allocator_init(&temp_track, context.temp_allocator)
+		defer mem.tracking_allocator_destroy(&temp_track)
+		context.temp_allocator = mem.tracking_allocator(&temp_track)
+	}
+
 	defer free_all(context.temp_allocator)

 	cmd, ok := parse_args(os.args, os.to_writer(os.stdout), os.to_writer(os.stderr))
-	defer bufio.writer_flush(cmd.out_buf)
+	defer delete_command(&cmd) // delete flushes automatically
 	if !ok {
 		return
 	}
--- a/ssh.odin
+++ b/ssh.odin
@@ -12,24 +12,6 @@ Ed25519Keypair :: struct {
 	Private: [32]u8,
 }

-read_wire_string :: proc(data: []u8, offset: ^int) -> (s: string, ok: bool) {
-	if offset^ + 4 > len(data) {
-		return
-	}
-	length := u32(data[offset^]) << 24 | u32(data[offset^ + 1]) << 16 |
-		u32(data[offset^ + 2]) << 8 | u32(data[offset^ + 3])
-	offset^ += 4
-
-	if offset^ + int(length) > len(data) {
-		return
-	}
-
-	s = string(data[offset^ : offset^ + int(length)])
-	offset^ += int(length)
-	ok = true
-	return
-}
-
 parse_ssh_public_key :: proc(pub_path: string) -> (pub: [32]u8, ok: bool) {
 	data, err := os.read_entire_file_from_path(pub_path, context.temp_allocator)
 	if err != nil {
@@ -253,3 +235,21 @@ is_encrypted_key :: proc(priv_path: string) -> bool {

 	return ciphername != "none"
 }
+
+read_wire_string :: proc(data: []u8, offset: ^int) -> (s: string, ok: bool) {
+	if offset^ + 4 > len(data) {
+		return
+	}
+	length := u32(data[offset^]) << 24 | u32(data[offset^ + 1]) << 16 |
+		u32(data[offset^ + 2]) << 8 | u32(data[offset^ + 3])
+	offset^ += 4
+
+	if offset^ + int(length) > len(data) {
+		return
+	}
+
+	s = string(data[offset^ : offset^ + int(length)])
+	offset^ += int(length)
+	ok = true
+	return
+}
Author	SHA1	Message	Date
Spencer Brower	b66e905482	refactor: Gave db its own allocator.	2026-06-18 13:10:13 -04:00
Spencer Brower	8d5e50566b	ci: Fixed release-please.	2026-06-18 10:43:47 -04:00
Spencer Brower	5059572951	fix: Fixed memory leaks in the db.	2026-06-18 10:35:21 -04:00
Spencer Brower	d2b84ac4c6	refactor(crypto): used a proper init procedure.	2026-06-18 08:18:09 -04:00
Spencer Brower	96bc218c46	style: Ordered procedures by usage, with main at the top.	2026-06-18 08:08:46 -04:00
Spencer Brower	3b32e365c9	chore: Updated TODOS.md	2026-06-18 07:45:38 -04:00
Spencer Brower	12574e123b	feat: Removed runtime git dependency. This also allowed us to drop the Features code.	2026-06-18 07:29:44 -04:00