feat: tab completion, command cleanup, presign --key, fork rework

[designcode]

Summary

• Tab-complete commands (REPL + custom + just-bash built-ins), bucket names, mount points, and filesystem paths inside the virtual FS.
• New src/commands/args.ts helper with argError / sdkError / parseFlags — used by all custom commands so error formatting is consistent and unknown options / missing values are rejected up front.
• Tighten parsers for presign, snapshot, fork: reject unknown flags / extra positionals, validate --expires, forbid conflicting flags, distinguish missing source vs missing name.
• Print No snapshots. / No forks. (instead of silent output) when listings are empty.
• Merge forks into fork --list.
• presign --key <accessKeyId> — wins over config.accessKeyId; required when logged in via login (no access key in session). Passed via GetPresignedUrlOptions.accessKeyId.
• snapshot [<bucket>] and fork [<source-bucket>] — bucket positional is now optional; falls back to the cwd's mounted bucket.
• fork reshape: <fork-name> positional becomes --name <fork-name> flag. New shape:

  fork [<source>] --name <name> [--snapshot V]   # create
  fork [<source>] --list                         # list
  

• Fix: disable just-bash v3's default defenseInDepth. It was blocking the Tigris/AWS SDK's process.env reads inside TigrisAdapter, so ls inside a mounted bucket threw a SecurityViolationError.
• .gitignore: ignore .claude/ so local Claude Code session files don't trip the pre-commit biome hook.

161 tests, all passing.

Test plan

• ls works inside a mounted bucket (was failing on feat/auto-complete before the defense-in-depth fix).
• Tab completion: type a partial command (pres<TAB>, gr<TAB>), a partial bucket (mount my<TAB>), and a partial path (ls /work<TAB>).
• presign /file.txt works after configure; errors with a usage message after login until you pass --key tid_xxx.
• Inside a mounted bucket: snapshot, snapshot --list, fork --name newbucket, fork --list all work without naming the bucket.
• Outside a mount: same commands error with (cwd not in a mounted bucket).

🤖 Generated with Claude Code

---

Note

Medium Risk
Medium risk due to upgrading core deps (just-bash, @tigrisdata/storage) and disabling just-bash defenseInDepth, which changes runtime sandboxing behavior and could affect execution/security expectations.

Overview
REPL UX: Adds async tab-completion via ReplSession.complete() and new repl/complete.ts, completing command names (REPL + custom + just-bash), bucket names, mount points, and virtual-FS paths.

Command cleanup: Introduces commands/args.ts (parseFlags, argError, sdkError) and refactors presign, snapshot, and fork to reject unknown flags/extra positionals, validate values, and format errors consistently. presign now supports --key (required for OAuth sessions) and passes accessKeyId to getPresignedUrl; snapshot/fork can omit the bucket/source and fall back to the cwd mount, and empty listings now print No snapshots. / No forks..

Fork rework: Removes the separate forks command and replaces listing with fork --list; creation now uses fork [<source>] --name <fork> [--snapshot …] and uses SDK listForks.

Runtime/tooling: Disables just-bash defenseInDepth in TigrisShell to avoid SDK process.env blocking, bumps multiple deps (notably just-bash v3, @tigrisdata/storage), and updates ignores/lint config to exclude .claude/. Tests are expanded substantially to cover new parsing and completion behavior.

^{Reviewed by Cursor Bugbot for commit 8eb642a. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

🎉 This PR is included in version 0.7.0 🎉

The release is available on:

• GitHub release
• npm package (@latest dist-tag)

Your semantic-release bot 📦🚀