chore: Remove all `pub`s

They will not be marked by rustc/cargo as unused, and as atuin doesn't
expose an API all of them _should_ be `pub(crate)`

7 files changed, 136 insertions, 136 deletions

diff --git a/crates/turtle/src/atuin_common/api.rs b/crates/turtle/src/atuin_common/api.rs
index 1a9f348c..2f909676 100644
--- a/crates/turtle/src/atuin_common/api.rs
+++ b/crates/turtle/src/atuin_common/api.rs
@@ -5,140 +5,140 @@ use std::sync::LazyLock;
 use time::OffsetDateTime;
 
 // the usage of X- has been deprecated for quite along time, it turns out
-pub static ATUIN_HEADER_VERSION: &str = "Atuin-Version";
-pub static ATUIN_CARGO_VERSION: &str = env!("CARGO_PKG_VERSION");
+pub(crate) static ATUIN_HEADER_VERSION: &str = "Atuin-Version";
+pub(crate) static ATUIN_CARGO_VERSION: &str = env!("CARGO_PKG_VERSION");
 
-pub static ATUIN_VERSION: LazyLock<Version> =
+pub(crate) static ATUIN_VERSION: LazyLock<Version> =
     LazyLock::new(|| Version::parse(ATUIN_CARGO_VERSION).expect("failed to parse self semver"));
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct UserResponse {
-    pub username: String,
+pub(crate) struct UserResponse {
+    pub(crate) username: String,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct RegisterRequest {
-    pub email: String,
-    pub username: String,
-    pub password: String,
+pub(crate) struct RegisterRequest {
+    pub(crate) email: String,
+    pub(crate) username: String,
+    pub(crate) password: String,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct RegisterResponse {
-    pub session: String,
+pub(crate) struct RegisterResponse {
+    pub(crate) session: String,
     /// Auth type: "hub" for Hub API tokens, "cli" for legacy CLI session tokens.
     /// Old servers that don't return this field will deserialize as None.
     #[serde(default)]
-    pub auth: Option<String>,
+    pub(crate) auth: Option<String>,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct DeleteUserResponse {}
+pub(crate) struct DeleteUserResponse {}
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct ChangePasswordRequest {
-    pub current_password: String,
-    pub new_password: String,
+pub(crate) struct ChangePasswordRequest {
+    pub(crate) current_password: String,
+    pub(crate) new_password: String,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct ChangePasswordResponse {}
+pub(crate) struct ChangePasswordResponse {}
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct LoginRequest {
-    pub username: String,
-    pub password: String,
+pub(crate) struct LoginRequest {
+    pub(crate) username: String,
+    pub(crate) password: String,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct LoginResponse {
-    pub session: String,
+pub(crate) struct LoginResponse {
+    pub(crate) session: String,
     /// Auth type: "hub" for Hub API tokens, "cli" for legacy CLI session tokens.
     /// Old servers that don't return this field will deserialize as None.
     #[serde(default)]
-    pub auth: Option<String>,
+    pub(crate) auth: Option<String>,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct AddHistoryRequest {
-    pub id: String,
+pub(crate) struct AddHistoryRequest {
+    pub(crate) id: String,
     #[serde(with = "time::serde::rfc3339")]
-    pub timestamp: OffsetDateTime,
-    pub data: String,
-    pub hostname: String,
+    pub(crate) timestamp: OffsetDateTime,
+    pub(crate) data: String,
+    pub(crate) hostname: String,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct CountResponse {
-    pub count: i64,
+pub(crate) struct CountResponse {
+    pub(crate) count: i64,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct SyncHistoryRequest {
+pub(crate) struct SyncHistoryRequest {
     #[serde(with = "time::serde::rfc3339")]
-    pub sync_ts: OffsetDateTime,
+    pub(crate) sync_ts: OffsetDateTime,
     #[serde(with = "time::serde::rfc3339")]
-    pub history_ts: OffsetDateTime,
-    pub host: String,
+    pub(crate) history_ts: OffsetDateTime,
+    pub(crate) host: String,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct SyncHistoryResponse {
-    pub history: Vec<String>,
+pub(crate) struct SyncHistoryResponse {
+    pub(crate) history: Vec<String>,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct ErrorResponse<'a> {
-    pub reason: Cow<'a, str>,
+pub(crate) struct ErrorResponse<'a> {
+    pub(crate) reason: Cow<'a, str>,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct IndexResponse {
-    pub homage: String,
-    pub version: String,
+pub(crate) struct IndexResponse {
+    pub(crate) homage: String,
+    pub(crate) version: String,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct StatusResponse {
-    pub count: i64,
-    pub username: String,
-    pub deleted: Vec<String>,
+pub(crate) struct StatusResponse {
+    pub(crate) count: i64,
+    pub(crate) username: String,
+    pub(crate) deleted: Vec<String>,
 
     // These could/should also go on the index of the server
     // However, we do not request the server index as a part of normal sync
     // I'd rather slightly increase the size of this response, than add an extra HTTP request
-    pub page_size: i64, // max page size supported by the server
-    pub version: String,
+    pub(crate) page_size: i64, // max page size supported by the server
+    pub(crate) version: String,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct DeleteHistoryRequest {
-    pub client_id: String,
+pub(crate) struct DeleteHistoryRequest {
+    pub(crate) client_id: String,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct MessageResponse {
-    pub message: String,
+pub(crate) struct MessageResponse {
+    pub(crate) message: String,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct MeResponse {
-    pub username: String,
+pub(crate) struct MeResponse {
+    pub(crate) username: String,
 }
 
 // Hub CLI authentication types
 
 /// Response from POST /auth/cli/code - generates a code for CLI auth
 #[derive(Debug, Serialize, Deserialize)]
-pub struct CliCodeResponse {
-    pub code: String,
+pub(crate) struct CliCodeResponse {
+    pub(crate) code: String,
 }
 
 /// Response from GET /auth/cli/verify?code=<code> - polls for authorization
 #[derive(Debug, Serialize, Deserialize)]
-pub struct CliVerifyResponse {
+pub(crate) struct CliVerifyResponse {
     /// Session token, present only when authorization is complete
-    pub token: Option<String>,
-    pub success: Option<bool>,
-    pub error: Option<String>,
+    pub(crate) token: Option<String>,
+    pub(crate) success: Option<bool>,
+    pub(crate) error: Option<String>,
 }
diff --git a/crates/turtle/src/atuin_common/calendar.rs b/crates/turtle/src/atuin_common/calendar.rs
index d3b1d921..befe8c2e 100644
--- a/crates/turtle/src/atuin_common/calendar.rs
+++ b/crates/turtle/src/atuin_common/calendar.rs
@@ -1,16 +1,16 @@
 // Calendar data
 use serde::{Serialize, Deserialize};
 
-pub enum TimePeriod {
+pub(crate) enum TimePeriod {
     YEAR,
     MONTH,
     DAY,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct TimePeriodInfo {
-    pub count: u64,
+pub(crate) struct TimePeriodInfo {
+    pub(crate) count: u64,
 
     // TODO: Use this for merkle tree magic
-    pub hash: String,
+    pub(crate) hash: String,
 }
diff --git a/crates/turtle/src/atuin_common/mod.rs b/crates/turtle/src/atuin_common/mod.rs
index d886520d..635c9fc3 100644
--- a/crates/turtle/src/atuin_common/mod.rs
+++ b/crates/turtle/src/atuin_common/mod.rs
@@ -14,7 +14,7 @@ macro_rules! new_uuid {
             serde::Deserialize,
         )]
         #[serde(transparent)]
-        pub struct $name(pub Uuid);
+        pub(crate) struct $name(pub(crate) Uuid);
 
         impl<DB: sqlx::Database> sqlx::Type<DB> for $name
         where
@@ -51,8 +51,8 @@ macro_rules! new_uuid {
     };
 }
 
-pub mod api;
-pub mod record;
-pub mod shell;
-pub mod tls;
-pub mod utils;
+pub(crate) mod api;
+pub(crate) mod record;
+pub(crate) mod shell;
+pub(crate) mod tls;
+pub(crate) mod utils;
diff --git a/crates/turtle/src/atuin_common/record.rs b/crates/turtle/src/atuin_common/record.rs
index 05c29338..9db9cf98 100644
--- a/crates/turtle/src/atuin_common/record.rs
+++ b/crates/turtle/src/atuin_common/record.rs
@@ -6,30 +6,30 @@ use typed_builder::TypedBuilder;
 use uuid::Uuid;
 
 #[derive(Clone, Debug, PartialEq)]
-pub struct DecryptedData(pub Vec<u8>);
+pub(crate) struct DecryptedData(pub(crate) Vec<u8>);
 
 #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
-pub struct EncryptedData {
-    pub data: String,
-    pub content_encryption_key: String,
+pub(crate) struct EncryptedData {
+    pub(crate) data: String,
+    pub(crate) content_encryption_key: String,
 }
 
 #[derive(Debug, PartialEq, PartialOrd, Ord, Eq)]
-pub struct Diff {
-    pub host: HostId,
-    pub tag: String,
-    pub local: Option<RecordIdx>,
-    pub remote: Option<RecordIdx>,
+pub(crate) struct Diff {
+    pub(crate) host: HostId,
+    pub(crate) tag: String,
+    pub(crate) local: Option<RecordIdx>,
+    pub(crate) remote: Option<RecordIdx>,
 }
 
 #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)]
-pub struct Host {
-    pub id: HostId,
-    pub name: String,
+pub(crate) struct Host {
+    pub(crate) id: HostId,
+    pub(crate) name: String,
 }
 
 impl Host {
-    pub fn new(id: HostId) -> Self {
+    pub(crate) fn new(id: HostId) -> Self {
         Host {
             id,
             name: String::new(),
@@ -40,51 +40,51 @@ impl Host {
 new_uuid!(RecordId);
 new_uuid!(HostId);
 
-pub type RecordIdx = u64;
+pub(crate) type RecordIdx = u64;
 
 /// A single record stored inside of our local database
 #[derive(Debug, Clone, PartialEq, Serialize, Deserialize, TypedBuilder)]
-pub struct Record<Data> {
+pub(crate) struct Record<Data> {
     /// a unique ID
     #[builder(default = RecordId(crate::atuin_common::utils::uuid_v7()))]
-    pub id: RecordId,
+    pub(crate) id: RecordId,
 
     /// The integer record ID. This is only unique per (host, tag).
-    pub idx: RecordIdx,
+    pub(crate) idx: RecordIdx,
 
     /// The unique ID of the host.
     // TODO(ellie): Optimize the storage here. We use a bunch of IDs, and currently store
     // as strings. I would rather avoid normalization, so store as UUID binary instead of
     // encoding to a string and wasting much more storage.
-    pub host: Host,
+    pub(crate) host: Host,
 
     /// The creation time in nanoseconds since unix epoch
     #[builder(default = time::OffsetDateTime::now_utc().unix_timestamp_nanos() as u64)]
-    pub timestamp: u64,
+    pub(crate) timestamp: u64,
 
     /// The version the data in the entry conforms to
     // However we want to track versions for this tag, eg v2
-    pub version: String,
+    pub(crate) version: String,
 
     /// The type of data we are storing here. Eg, "history"
-    pub tag: String,
+    pub(crate) tag: String,
 
     /// Some data. This can be anything you wish to store. Use the tag field to know how to handle it.
-    pub data: Data,
+    pub(crate) data: Data,
 }
 
 /// Extra data from the record that should be encoded in the data
 #[derive(Debug, Copy, Clone)]
-pub struct AdditionalData<'a> {
-    pub id: &'a RecordId,
-    pub idx: &'a u64,
-    pub version: &'a str,
-    pub tag: &'a str,
-    pub host: &'a HostId,
+pub(crate) struct AdditionalData<'a> {
+    pub(crate) id: &'a RecordId,
+    pub(crate) idx: &'a u64,
+    pub(crate) version: &'a str,
+    pub(crate) tag: &'a str,
+    pub(crate) host: &'a HostId,
 }
 
 impl<Data> Record<Data> {
-    pub fn append(&self, data: Vec<u8>) -> Record<DecryptedData> {
+    pub(crate) fn append(&self, data: Vec<u8>) -> Record<DecryptedData> {
         Record::builder()
             .host(self.host.clone())
             .version(self.version.clone())
@@ -98,9 +98,9 @@ impl<Data> Record<Data> {
 /// An index representing the current state of the record stores
 /// This can be both remote, or local, and compared in either direction
 #[derive(Debug, Serialize, Deserialize)]
-pub struct RecordStatus {
+pub(crate) struct RecordStatus {
     // A map of host -> tag -> max(idx)
-    pub hosts: HashMap<HostId, HashMap<String, RecordIdx>>,
+    pub(crate) hosts: HashMap<HostId, HashMap<String, RecordIdx>>,
 }
 
 impl Default for RecordStatus {
@@ -118,22 +118,22 @@ impl Extend<(HostId, String, RecordIdx)> for RecordStatus {
 }
 
 impl RecordStatus {
-    pub fn new() -> RecordStatus {
+    pub(crate) fn new() -> RecordStatus {
         RecordStatus {
             hosts: HashMap::new(),
         }
     }
 
     /// Insert a new tail record into the store
-    pub fn set(&mut self, tail: Record<DecryptedData>) {
+    pub(crate) fn set(&mut self, tail: Record<DecryptedData>) {
         self.set_raw(tail.host.id, tail.tag, tail.idx)
     }
 
-    pub fn set_raw(&mut self, host: HostId, tag: String, tail_id: RecordIdx) {
+    pub(crate) fn set_raw(&mut self, host: HostId, tag: String, tail_id: RecordIdx) {
         self.hosts.entry(host).or_default().insert(tag, tail_id);
     }
 
-    pub fn get(&self, host: HostId, tag: String) -> Option<RecordIdx> {
+    pub(crate) fn get(&self, host: HostId, tag: String) -> Option<RecordIdx> {
         self.hosts.get(&host).and_then(|v| v.get(&tag)).cloned()
     }
 
@@ -144,7 +144,7 @@ impl RecordStatus {
     /// then we need to do some downloading. If it is smaller, then we need to do some uploading
     /// Note that we cannot upload if we are not the owner of the record store - hosts can only
     /// write to their own store.
-    pub fn diff(&self, other: &Self) -> Vec<Diff> {
+    pub(crate) fn diff(&self, other: &Self) -> Vec<Diff> {
         let mut ret = Vec::new();
 
         // First, we check if other has everything that self has
@@ -199,7 +199,7 @@ impl RecordStatus {
     }
 }
 
-pub trait Encryption {
+pub(crate) trait Encryption {
     fn re_encrypt(
         data: EncryptedData,
         ad: AdditionalData,
@@ -214,7 +214,7 @@ pub trait Encryption {
 }
 
 impl Record<DecryptedData> {
-    pub fn encrypt<E: Encryption>(self, key: &[u8; 32]) -> Record<EncryptedData> {
+    pub(crate) fn encrypt<E: Encryption>(self, key: &[u8; 32]) -> Record<EncryptedData> {
         let ad = AdditionalData {
             id: &self.id,
             version: &self.version,
@@ -235,7 +235,7 @@ impl Record<DecryptedData> {
 }
 
 impl Record<EncryptedData> {
-    pub fn decrypt<E: Encryption>(self, key: &[u8; 32]) -> Result<Record<DecryptedData>> {
+    pub(crate) fn decrypt<E: Encryption>(self, key: &[u8; 32]) -> Result<Record<DecryptedData>> {
         let ad = AdditionalData {
             id: &self.id,
             version: &self.version,
@@ -254,7 +254,7 @@ impl Record<EncryptedData> {
         })
     }
 
-    pub fn re_encrypt<E: Encryption>(
+    pub(crate) fn re_encrypt<E: Encryption>(
         self,
         old_key: &[u8; 32],
         new_key: &[u8; 32],
diff --git a/crates/turtle/src/atuin_common/shell.rs b/crates/turtle/src/atuin_common/shell.rs
index 7f9a7b8f..dbd9b982 100644
--- a/crates/turtle/src/atuin_common/shell.rs
+++ b/crates/turtle/src/atuin_common/shell.rs
@@ -5,7 +5,7 @@ use sysinfo::{Process, System, get_current_pid};
 use thiserror::Error;
 
 #[derive(PartialEq)]
-pub enum Shell {
+pub(crate) enum Shell {
     Sh,
     Bash,
     Fish,
@@ -36,7 +36,7 @@ impl std::fmt::Display for Shell {
 }
 
 #[derive(Debug, Error, Serialize)]
-pub enum ShellError {
+pub(crate) enum ShellError {
     #[error("shell not supported")]
     NotSupported,
 
@@ -45,7 +45,7 @@ pub enum ShellError {
 }
 
 impl Shell {
-    pub fn current() -> Shell {
+    pub(crate) fn current() -> Shell {
         let sys = System::new_all();
 
         let process = sys
@@ -62,13 +62,13 @@ impl Shell {
         Shell::from_string(shell.to_string())
     }
 
-    pub fn from_env() -> Shell {
+    pub(crate) fn from_env() -> Shell {
         std::env::var("ATUIN_SHELL").map_or(Shell::Unknown, |shell| {
             Shell::from_string(shell.trim().to_lowercase())
         })
     }
 
-    pub fn config_file(&self) -> Option<std::path::PathBuf> {
+    pub(crate) fn config_file(&self) -> Option<std::path::PathBuf> {
         let mut path = if let Some(base) = directories::BaseDirs::new() {
             base.home_dir().to_owned()
         } else {
@@ -90,7 +90,7 @@ impl Shell {
     /// Best-effort attempt to determine the default shell
     /// This implementation will be different across different platforms
     /// Caller should ensure to handle Shell::Unknown correctly
-    pub fn default_shell() -> Result<Shell, ShellError> {
+    pub(crate) fn default_shell() -> Result<Shell, ShellError> {
         let sys = System::name().unwrap_or("".to_string()).to_lowercase();
 
         // TODO: Support Linux
@@ -118,7 +118,7 @@ impl Shell {
         ))
     }
 
-    pub fn from_string(name: String) -> Shell {
+    pub(crate) fn from_string(name: String) -> Shell {
         match name.as_str() {
             "bash" => Shell::Bash,
             "fish" => Shell::Fish,
@@ -135,11 +135,11 @@ impl Shell {
     /// Returns true if the shell is posix-like
     /// Note that while fish is not posix compliant, it behaves well enough for our current
     /// featureset that this does not matter.
-    pub fn is_posixish(&self) -> bool {
+    pub(crate) fn is_posixish(&self) -> bool {
         matches!(self, Shell::Bash | Shell::Fish | Shell::Zsh)
     }
 
-    pub fn run_interactive<I, S>(&self, args: I) -> Result<String, ShellError>
+    pub(crate) fn run_interactive<I, S>(&self, args: I) -> Result<String, ShellError>
     where
         I: IntoIterator<Item = S>,
         S: AsRef<OsStr>,
@@ -162,7 +162,7 @@ impl Shell {
     }
 }
 
-pub fn shell_name(parent: Option<&Process>) -> String {
+pub(crate) fn shell_name(parent: Option<&Process>) -> String {
     let sys = System::new_all();
 
     let parent = if let Some(parent) = parent {
diff --git a/crates/turtle/src/atuin_common/tls.rs b/crates/turtle/src/atuin_common/tls.rs
index e8c840e0..3736f878 100644
--- a/crates/turtle/src/atuin_common/tls.rs
+++ b/crates/turtle/src/atuin_common/tls.rs
@@ -6,7 +6,7 @@ static INIT: Once = Once::new();
 ///
 /// Must be called before creating any reqwest clients. Safe to call
 /// multiple times — only the first call installs the provider.
-pub fn ensure_crypto_provider() {
+pub(crate) fn ensure_crypto_provider() {
     INIT.call_once(|| {
         rustls::crypto::ring::default_provider()
             .install_default()
diff --git a/crates/turtle/src/atuin_common/utils.rs b/crates/turtle/src/atuin_common/utils.rs
index d7382fb2..81eb1178 100644
--- a/crates/turtle/src/atuin_common/utils.rs
+++ b/crates/turtle/src/atuin_common/utils.rs
@@ -9,7 +9,7 @@ use getrandom::getrandom;
 use uuid::Uuid;
 
 /// Generate N random bytes, using a cryptographically secure source
-pub fn crypto_random_bytes<const N: usize>() -> [u8; N] {
+pub(crate) fn crypto_random_bytes<const N: usize>() -> [u8; N] {
     // rand say they are in principle safe for crypto purposes, but that it is perhaps a better
     // idea to use getrandom for things such as passwords.
     let mut ret = [0u8; N];
@@ -20,7 +20,7 @@ pub fn crypto_random_bytes<const N: usize>() -> [u8; N] {
 }
 
 /// Generate N random bytes using a cryptographically secure source, return encoded as a string
-pub fn crypto_random_string<const N: usize>() -> String {
+pub(crate) fn crypto_random_string<const N: usize>() -> String {
     let bytes = crypto_random_bytes::<N>();
 
     // We only use this to create a random string, and won't be reversing it to find the original
@@ -28,15 +28,15 @@ pub fn crypto_random_string<const N: usize>() -> String {
     BASE64_URL_SAFE_NO_PAD.encode(bytes)
 }
 
-pub fn uuid_v7() -> Uuid {
+pub(crate) fn uuid_v7() -> Uuid {
     Uuid::now_v7()
 }
 
-pub fn uuid_v4() -> String {
+pub(crate) fn uuid_v4() -> String {
     Uuid::new_v4().as_simple().to_string()
 }
 
-pub fn has_git_dir(path: &str) -> bool {
+pub(crate) fn has_git_dir(path: &str) -> bool {
     let mut gitdir = PathBuf::from(path);
     gitdir.push(".git");
 
@@ -78,7 +78,7 @@ fn resolve_git_worktree(path: &Path) -> Option<PathBuf> {
 // detect if any parent dir has a git repo in it
 // I really don't want to bring in libgit for something simple like this
 // If we start to do anything more advanced, then perhaps
-pub fn in_git_repo(path: &str) -> Option<PathBuf> {
+pub(crate) fn in_git_repo(path: &str) -> Option<PathBuf> {
     let mut gitdir = PathBuf::from(path);
 
     while gitdir.parent().is_some() && !has_git_dir(gitdir.to_str().unwrap()) {
@@ -101,34 +101,34 @@ pub fn in_git_repo(path: &str) -> Option<PathBuf> {
 // I don't want to use ProjectDirs, it puts config in awkward places on
 // mac. Data too. Seems to be more intended for GUI apps.
 
-pub fn home_dir() -> PathBuf {
+pub(crate) fn home_dir() -> PathBuf {
     directories::BaseDirs::new()
         .map(|d| d.home_dir().to_path_buf())
         .expect("could not determine home directory")
 }
 
-pub fn config_dir() -> PathBuf {
+pub(crate) fn config_dir() -> PathBuf {
     let config_dir =
         std::env::var("XDG_CONFIG_HOME").map_or_else(|_| home_dir().join(".config"), PathBuf::from);
     config_dir.join("atuin")
 }
 
-pub fn data_dir() -> PathBuf {
+pub(crate) fn data_dir() -> PathBuf {
     let data_dir = std::env::var("XDG_DATA_HOME")
         .map_or_else(|_| home_dir().join(".local").join("share"), PathBuf::from);
 
     data_dir.join("atuin")
 }
 
-pub fn runtime_dir() -> PathBuf {
+pub(crate) fn runtime_dir() -> PathBuf {
     std::env::var("XDG_RUNTIME_DIR").map_or_else(|_| data_dir(), PathBuf::from)
 }
 
-pub fn logs_dir() -> PathBuf {
+pub(crate) fn logs_dir() -> PathBuf {
     home_dir().join(".atuin").join("logs")
 }
 
-pub fn dotfiles_cache_dir() -> PathBuf {
+pub(crate) fn dotfiles_cache_dir() -> PathBuf {
     // In most cases, this will be  ~/.local/share/atuin/dotfiles/cache
     let data_dir = std::env::var("XDG_DATA_HOME")
         .map_or_else(|_| home_dir().join(".local").join("share"), PathBuf::from);
@@ -136,7 +136,7 @@ pub fn dotfiles_cache_dir() -> PathBuf {
     data_dir.join("atuin").join("dotfiles").join("cache")
 }
 
-pub fn get_current_dir() -> String {
+pub(crate) fn get_current_dir() -> String {
     // Prefer PWD environment variable over cwd if available to better support symbolic links
     match env::var("PWD") {
         Ok(v) => v,
@@ -147,7 +147,7 @@ pub fn get_current_dir() -> String {
     }
 }
 
-pub fn broken_symlink<P: Into<PathBuf>>(path: P) -> bool {
+pub(crate) fn broken_symlink<P: Into<PathBuf>>(path: P) -> bool {
     let path = path.into();
     path.is_symlink() && !path.exists()
 }
@@ -158,7 +158,7 @@ pub fn broken_symlink<P: Into<PathBuf>>(path: P) -> bool {
 /// Intended to help prevent control characters being printed and interpreted by the terminal when
 /// printing history as well as to ensure the commands that appear in the interactive search
 /// reflect the actual command run rather than just the printable characters.
-pub trait Escapable: AsRef<str> {
+pub(crate) trait Escapable: AsRef<str> {
     fn escape_control(&self) -> Cow<'_, str> {
         if !self.as_ref().contains(|c: char| c.is_ascii_control()) {
             self.as_ref().into()
@@ -182,7 +182,7 @@ pub trait Escapable: AsRef<str> {
     }
 }
 
-pub fn unquote(s: &str) -> Result<String> {
+pub(crate) fn unquote(s: &str) -> Result<String> {
     if s.chars().count() < 2 {
         return Err(eyre!("not enough chars"));
     }