//! Developer-migration tooling — make switching to envseal cheaper
//! than continuing to paste secrets.
//!
//! # Submodules
//!
//! - [`preexec`] — Detect API keys in a shell command line. Powers
//! the `envseal __preexec` internal mode invoked by the bash/zsh/
//! fish shell hooks.
//! - [`shell_hooks`] — The bash `DEBUG`-trap, zsh `preexec`, and fish
//! `fish_preexec` hook scripts plus the install/uninstall logic that
//! wires them into the user's shell rc files idempotently.
//! - [`history`] — Scan `~/.bash_history`, `~/.zsh_history`,
//! `~/.local/share/fish/fish_history` for secrets the developer has
//! already typed at least once. Used by `envseal init --from-history`.
//!
//! These three together cover three points in the developer's
//! workflow where secrets enter the system: the moment of typing
//! (preexec), one-time backfill (history), and bulk migration from
//! `.env` files (existing `envseal import`).