npm - @interop/did-cli - Versions diffs - 0.7.1 → 0.9.0 - Mend

@interop/did-cli 0.7.1 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (93) hide show

package/CHANGELOG.md +130 -0
package/README.md +335 -6
package/dist/commands/did.d.ts.map +1 -1
package/dist/commands/did.js +66 -18
package/dist/commands/did.js.map +1 -1
package/dist/commands/edv.d.ts +63 -0
package/dist/commands/edv.d.ts.map +1 -0
package/dist/commands/edv.js +627 -0
package/dist/commands/edv.js.map +1 -0
package/dist/commands/key.d.ts.map +1 -1
package/dist/commands/key.js +87 -13
package/dist/commands/key.js.map +1 -1
package/dist/commands/was/collection.d.ts +121 -0
package/dist/commands/was/collection.d.ts.map +1 -0
package/dist/commands/was/collection.js +316 -0
package/dist/commands/was/collection.js.map +1 -0
package/dist/commands/was/policy.d.ts +50 -0
package/dist/commands/was/policy.d.ts.map +1 -0
package/dist/commands/was/policy.js +133 -0
package/dist/commands/was/policy.js.map +1 -0
package/dist/commands/was/publish.d.ts +67 -0
package/dist/commands/was/publish.d.ts.map +1 -0
package/dist/commands/was/publish.js +151 -0
package/dist/commands/was/publish.js.map +1 -0
package/dist/commands/was/resource.d.ts +148 -0
package/dist/commands/was/resource.d.ts.map +1 -0
package/dist/commands/was/resource.js +402 -0
package/dist/commands/was/resource.js.map +1 -0
package/dist/commands/was/shared.d.ts +156 -0
package/dist/commands/was/shared.d.ts.map +1 -0
package/dist/commands/was/shared.js +237 -0
package/dist/commands/was/shared.js.map +1 -0
package/dist/commands/was/space.d.ts +196 -0
package/dist/commands/was/space.d.ts.map +1 -0
package/dist/commands/was/space.js +516 -0
package/dist/commands/was/space.js.map +1 -0
package/dist/commands/was/tree.d.ts +44 -0
package/dist/commands/was/tree.d.ts.map +1 -0
package/dist/commands/was/tree.js +135 -0
package/dist/commands/was/tree.js.map +1 -0
package/dist/commands/was.d.ts +29 -496
package/dist/commands/was.d.ts.map +1 -1
package/dist/commands/was.js +84 -1473
package/dist/commands/was.js.map +1 -1
package/dist/commands/zcap.d.ts +22 -2
package/dist/commands/zcap.d.ts.map +1 -1
package/dist/commands/zcap.js +6 -20
package/dist/commands/zcap.js.map +1 -1
package/dist/edv/core.d.ts +60 -0
package/dist/edv/core.d.ts.map +1 -0
package/dist/edv/core.js +75 -0
package/dist/edv/core.js.map +1 -0
package/dist/edv/document.d.ts +25 -0
package/dist/edv/document.d.ts.map +1 -0
package/dist/edv/document.js +19 -0
package/dist/edv/document.js.map +1 -0
package/dist/edv/hmac.d.ts +26 -0
package/dist/edv/hmac.d.ts.map +1 -0
package/dist/edv/hmac.js +67 -0
package/dist/edv/hmac.js.map +1 -0
package/dist/edv/recipients.d.ts +65 -0
package/dist/edv/recipients.d.ts.map +1 -0
package/dist/edv/recipients.js +253 -0
package/dist/edv/recipients.js.map +1 -0
package/dist/edv/stream.d.ts +69 -0
package/dist/edv/stream.d.ts.map +1 -0
package/dist/edv/stream.js +169 -0
package/dist/edv/stream.js.map +1 -0
package/dist/index.js +2 -0
package/dist/index.js.map +1 -1
package/dist/meta.d.ts +1 -0
package/dist/meta.d.ts.map +1 -1
package/dist/meta.js +1 -1
package/dist/meta.js.map +1 -1
package/dist/storage.d.ts +6 -4
package/dist/storage.d.ts.map +1 -1
package/dist/storage.js +6 -5
package/dist/storage.js.map +1 -1
package/dist/was/capability.d.ts +10 -13
package/dist/was/capability.d.ts.map +1 -1
package/dist/was/capability.js +1 -59
package/dist/was/capability.js.map +1 -1
package/dist/was/io.d.ts +14 -0
package/dist/was/io.d.ts.map +1 -1
package/dist/was/io.js +20 -7
package/dist/was/io.js.map +1 -1
package/dist/zcap/delegate.d.ts +2 -2
package/dist/zcap/delegate.js +2 -2
package/dist/zcap/resolve.d.ts +15 -0
package/dist/zcap/resolve.d.ts.map +1 -0
package/dist/zcap/resolve.js +55 -0
package/dist/zcap/resolve.js.map +1 -0
package/package.json +17 -14

package/dist/commands/edv.js ADDED Viewed

@@ -0,0 +1,627 @@
+/**
+ * `edv` command -- encrypt to and decrypt from X25519 recipients using the
+ * EDV / minimal-cipher serialization.
+ *
+ * Public-key (key-agreement) encryption only: recipients are one or more X25519
+ * public keys, given as a raw `publicKeyMultibase`, a wallet key
+ * fingerprint/handle, a DID / DID URL, or a key-document JSON file. Three output
+ * shapes:
+ *  - default -- a single raw JWE (the `jwe` field of an EDV Document), to stdout
+ *    or an `-o` file (convention `*.jwe.json`); Layer 1.
+ *  - `--document` -- a full EDV Document envelope `{ id, sequence, indexed, jwe }`
+ *    (convention `*.edvdoc.json`), encrypting the input as the document
+ *    `content`; Layer 2, Phase 1.
+ *  - `--stream` -- a bundle directory (convention `*.edvdoc/`) whose
+ *    `document.json` carries a `stream: { sequence, chunks }` descriptor and
+ *    whose `chunks/<index>.jwe.json` hold the input encrypted as fixed-size
+ *    chunks; Layer 2, Phase 2.
+ * In `--document`/`--stream` mode, `--index` blinds indexable attributes into
+ * the envelope's `indexed` array with a wallet HMAC key (Layer 2, Phase 3).
+ *
+ * The EDV Document envelope (and its blinded `indexed` array) is assembled and
+ * unwrapped by `@interop/edv-client`'s `EdvClientCore` via `../edv/core.ts`.
+ *
+ * Data goes to stdout, diagnostics to stderr. Exit codes: 0 success, 1
+ * decryption failure (wrong key / not a recipient), 2 input error (no
+ * recipient, unresolvable recipient/key, malformed input).
+ */
+import { stat } from 'node:fs/promises';
+import { Command, InvalidArgumentError } from 'commander';
+import { Cipher } from '@interop/minimal-cipher';
+import { readInputBytes, writeBytesOutput, writeJsonOutput } from '../was/io.js';
+import { runAndExit } from './was/shared.js';
+import { autoSelectKeyAgreementKey, loadKeyAgreementKey, resolveRecipient, resolveRecipientFile } from '../edv/recipients.js';
+import { isEncryptedDocument } from '../edv/document.js';
+import { decryptDocument, encryptDocument } from '../edv/core.js';
+import { resolveHmac } from '../edv/hmac.js';
+import { decryptChunks, encryptToChunks, readDocumentBundle, writeDocumentBundle } from '../edv/stream.js';
+/**
+ * Collect a repeatable option value into an array (commander reducer).
+ *
+ * @param value {string}
+ * @param previous {string[]}
+ * @returns {string[]}
+ */
+function collect(value, previous) {
+    return previous.concat(value);
+}
+/**
+ * Parse and validate the `--chunk-size` option (a positive integer of bytes).
+ *
+ * @param value {string}
+ * @returns {number}
+ */
+function parseChunkSize(value) {
+    const bytes = Number(value);
+    if (!Number.isInteger(bytes) || bytes <= 0) {
+        throw new InvalidArgumentError('--chunk-size must be a positive integer.');
+    }
+    return bytes;
+}
+/**
+ * Decode bytes as UTF-8 JSON. Returns `undefined` (rather than throwing) when
+ * the input is not valid JSON, so callers can emit a context-specific message.
+ *
+ * @param bytes {Uint8Array}
+ * @returns {unknown}
+ */
+function parseJson(bytes) {
+    try {
+        return JSON.parse(new TextDecoder('utf-8', { fatal: true }).decode(bytes));
+    }
+    catch {
+        return undefined;
+    }
+}
+/**
+ * Recover the recipient reference to re-resolve a prior recipient from its
+ * `kid`. An X25519 `did:key` kid (`did:key:z6LS…#z6LS…`) embeds the public key
+ * multibase as its fragment -- resolve that directly, since the DID resolver
+ * does not resolve a `did:key` whose base is an X25519 (`z6LS`) key. Any other
+ * kid (e.g. a `did:web` URL) is left for `resolveRecipient`'s DID path.
+ *
+ * @param kid {string}
+ * @returns {string}
+ */
+function recipientRefFromKid(kid) {
+    const fragment = kid.includes('#') ? kid.slice(kid.indexOf('#') + 1) : '';
+    if (kid.startsWith('did:key:') && fragment.startsWith('z6LS')) {
+        return fragment;
+    }
+    return kid;
+}
+/**
+ * Merge the recipients of an existing document into the freshly resolved keys
+ * for an `--update`, re-resolving each prior recipient from its `kid` and
+ * skipping any already covered. This lets an update add a recipient without
+ * re-specifying the existing ones; the merged set is passed to the core so its
+ * key resolver covers every recipient of the resulting JWE.
+ *
+ * @param options {object}
+ * @param options.keys {KeyAgreementKey[]}   Keys resolved from `--recipient(s)`.
+ * @param options.existing {IEncryptedDocument}   The document being updated.
+ * @returns {Promise<KeyAgreementKey[]>}
+ */
+async function mergeUpdateRecipients({ keys, existing }) {
+    const seen = new Set(keys.map(key => key.id));
+    const merged = [...keys];
+    for (const recipient of existing.jwe.recipients ?? []) {
+        const kid = recipient?.header?.kid;
+        if (!kid || seen.has(kid)) {
+            continue;
+        }
+        merged.push(await resolveRecipient({ ref: recipientRefFromKid(kid) }));
+        seen.add(kid);
+    }
+    return merged;
+}
+/**
+ * True when a path exists and is a directory (an EDV Document bundle).
+ *
+ * @param path {string}
+ * @returns {Promise<boolean>}
+ */
+async function isDirectory(path) {
+    return (await stat(path).catch(() => undefined))?.isDirectory() ?? false;
+}
+/**
+ * Load an existing EDV Document to update, from either a single `.edvdoc.json`
+ * file or a bundle directory (`document.json` inside it). Returns `undefined`
+ * when the source is neither.
+ *
+ * @param options {object}
+ * @param options.path {string}
+ * @returns {Promise<IEncryptedDocument | undefined>}
+ */
+async function loadEnvelope({ path }) {
+    if (await isDirectory(path)) {
+        return (await readDocumentBundle({ dir: path })).document;
+    }
+    const parsed = parseJson(await readInputBytes({ file: path }));
+    return isEncryptedDocument(parsed) ? parsed : undefined;
+}
+/**
+ * Parse a JSON-object command option, throwing a clear error when the value is
+ * not valid JSON or not an object.
+ *
+ * @param options {object}
+ * @param options.value {string}
+ * @param options.label {string}   The option name, for the error message.
+ * @returns {Record<string, unknown>}
+ */
+function parseJsonObjectOption({ value, label }) {
+    let parsed;
+    try {
+        parsed = JSON.parse(value);
+    }
+    catch {
+        throw new Error(`${label} is not valid JSON.`);
+    }
+    if (parsed === null || typeof parsed !== 'object') {
+        throw new Error(`${label} must be a JSON object.`);
+    }
+    return parsed;
+}
+/**
+ * Resolve the encrypt-time context for an envelope (document/stream) write:
+ * parse `--meta`, build the `--index`/`--unique` declarations and resolve the
+ * blinding `--hmac` key when indexing, and -- for `--update` -- load the prior
+ * document for its id/sequence/`indexed` and merge its recipients.
+ *
+ * @param options {object}
+ * @param options.keys {KeyAgreementKey[]}   Keys resolved from `--recipient(s)`.
+ * @param [options.meta] {string}
+ * @param [options.update] {string}
+ * @param options.index {string[]}   Indexable attribute paths.
+ * @param [options.unique] {boolean}   Mark every `--index` attribute unique.
+ * @param [options.hmac] {string}   Blinding-key ref; auto-selected when omitted.
+ * @returns {Promise<EncryptContext>}
+ */
+async function resolveEncryptContext({ keys, meta, update, index, unique, hmac }) {
+    const metaObject = meta !== undefined
+        ? parseJsonObjectOption({ value: meta, label: '--meta' })
+        : undefined;
+    const indexes = index.length > 0
+        ? index.map(attribute => ({ attribute, unique: Boolean(unique) }))
+        : undefined;
+    const hmacKey = indexes ? await resolveHmac({ ref: hmac }) : undefined;
+    if (update === undefined) {
+        return { metaObject, hmac: hmacKey, indexes, encryptKeys: keys };
+    }
+    const existing = await loadEnvelope({ path: update });
+    if (!existing) {
+        throw new Error(`--update target "${update}" is not an EDV Document.`);
+    }
+    return {
+        metaObject,
+        hmac: hmacKey,
+        indexes,
+        base: {
+            id: existing.id,
+            sequence: existing.sequence,
+            indexed: existing.indexed ?? []
+        },
+        encryptKeys: await mergeUpdateRecipients({ keys, existing })
+    };
+}
+/**
+ * Encrypt stdin or a file to one or more X25519 recipients. By default emits a
+ * raw JWE (Layer 1); `--document` wraps the JWE in an EDV Document envelope
+ * `{ id, sequence, indexed, jwe }` (input encrypted as `content`); `--stream`
+ * writes a bundle directory whose chunks hold the input as a chunked stream.
+ *
+ * @param options {object}
+ * @param [options.file] {string}   Input file; stdin when omitted.
+ * @param options.recipient {string[]}   Recipient refs (`--recipient`).
+ * @param options.recipientFile {string[]}   Key-document files.
+ * @param [options.json] {boolean}   Parse input as JSON (`encryptObject`).
+ * @param [options.document] {boolean}   Emit a full EDV Document envelope.
+ * @param [options.stream] {boolean}   Emit a chunked-stream bundle directory.
+ * @param [options.chunkSize] {number}   Bytes per chunk for `--stream`.
+ * @param [options.meta] {string}   JSON `meta` object for the document.
+ * @param options.index {string[]}   Indexable attribute paths (`--index`).
+ * @param [options.unique] {boolean}   Mark every `--index` attribute unique.
+ * @param [options.hmac] {string}   Blinding-key ref for `--index`.
+ * @param [options.update] {string}   Existing document (file or bundle) to
+ *   update: reuse its `id`, increment `sequence`, and merge its recipients.
+ * @param [options.out] {string}   Output file/bundle; stdout when omitted.
+ * @returns {Promise<number>}
+ */
+export async function runEncrypt({ file, recipient, recipientFile, json, document, stream, chunkSize, meta, index, unique, hmac, update, out }) {
+    const envelopeMode = Boolean(document) || Boolean(stream);
+    if (!envelopeMode && (meta !== undefined || update !== undefined)) {
+        console.error('--meta and --update require --document or --stream.');
+        return 2;
+    }
+    if (!envelopeMode && index.length > 0) {
+        console.error('--index requires --document or --stream.');
+        return 2;
+    }
+    if (hmac !== undefined && index.length === 0) {
+        console.error('--hmac requires --index.');
+        return 2;
+    }
+    const keys = [];
+    try {
+        for (const ref of recipient) {
+            keys.push(await resolveRecipient({ ref }));
+        }
+        for (const path of recipientFile) {
+            keys.push(await resolveRecipientFile({ path }));
+        }
+    }
+    catch (err) {
+        console.error(err.message);
+        return 2;
+    }
+    if (keys.length === 0) {
+        console.error('At least one --recipient or --recipient-file is required.');
+        return 2;
+    }
+    const bytes = await readInputBytes({ file });
+    const cipher = new Cipher();
+    if (stream) {
+        return runEncryptStream({
+            bytes,
+            keys,
+            meta,
+            index,
+            unique,
+            hmac,
+            update,
+            chunkSize,
+            out,
+            cipher
+        });
+    }
+    if (document) {
+        return runEncryptDocument({
+            bytes,
+            keys,
+            meta,
+            index,
+            unique,
+            hmac,
+            update,
+            out
+        });
+    }
+    const { recipients, keyResolver } = cipher.createRecipients({ keys });
+    let jwe;
+    if (json) {
+        const obj = parseJson(bytes);
+        if (obj === null || typeof obj !== 'object') {
+            console.error('--json was given but the input is not valid JSON.');
+            return 2;
+        }
+        jwe = await cipher.encryptObject({ obj, recipients, keyResolver });
+    }
+    else {
+        jwe = await cipher.encrypt({ data: bytes, recipients, keyResolver });
+    }
+    await writeJsonOutput({ value: jwe, output: out });
+    return 0;
+}
+/**
+ * The `--document` branch of `runEncrypt`: parse the input as the document's
+ * `content`, attach optional `--meta` and blinded `--index` entries, mint or
+ * carry over the envelope id/sequence, and emit the encrypted envelope.
+ *
+ * @param options {object}
+ * @param options.bytes {Uint8Array}
+ * @param options.keys {KeyAgreementKey[]}
+ * @param [options.meta] {string}
+ * @param options.index {string[]}
+ * @param [options.unique] {boolean}
+ * @param [options.hmac] {string}
+ * @param [options.update] {string}
+ * @param [options.out] {string}
+ * @returns {Promise<number>}
+ */
+async function runEncryptDocument({ bytes, keys, meta, index, unique, hmac, update, out }) {
+    const content = parseJson(bytes);
+    if (content === null || typeof content !== 'object') {
+        console.error('--document requires the input to be a JSON object.');
+        return 2;
+    }
+    let context;
+    try {
+        context = await resolveEncryptContext({
+            keys,
+            meta,
+            update,
+            index,
+            unique,
+            hmac
+        });
+    }
+    catch (err) {
+        console.error(err.message);
+        return 2;
+    }
+    const doc = { content: content };
+    if (context.metaObject) {
+        doc.meta = context.metaObject;
+    }
+    const envelope = await encryptDocument({
+        doc,
+        keys: context.encryptKeys,
+        hmac: context.hmac,
+        indexes: context.indexes,
+        base: context.base
+    });
+    await writeJsonOutput({ value: envelope, output: out });
+    return 0;
+}
+/**
+ * The `--stream` branch of `runEncrypt`: encrypt the input as a chunked stream
+ * and write a bundle directory whose `document.json` carries a
+ * `stream: { sequence, chunks }` descriptor (its `content` is `{}`; the bytes
+ * live in the chunk JWEs). Requires `-o/--out` (the bundle directory).
+ *
+ * @param options {object}
+ * @param options.bytes {Uint8Array}
+ * @param options.keys {KeyAgreementKey[]}
+ * @param [options.meta] {string}
+ * @param options.index {string[]}
+ * @param [options.unique] {boolean}
+ * @param [options.hmac] {string}
+ * @param [options.update] {string}
+ * @param [options.chunkSize] {number}
+ * @param [options.out] {string}
+ * @param options.cipher {Cipher}
+ * @returns {Promise<number>}
+ */
+async function runEncryptStream({ bytes, keys, meta, index, unique, hmac, update, chunkSize, out, cipher }) {
+    if (!out) {
+        console.error('--stream requires -o/--out (the bundle directory to write).');
+        return 2;
+    }
+    let context;
+    try {
+        context = await resolveEncryptContext({
+            keys,
+            meta,
+            update,
+            index,
+            unique,
+            hmac
+        });
+    }
+    catch (err) {
+        console.error(err.message);
+        return 2;
+    }
+    // The chunk `sequence` must equal the document's final sequence; the core
+    // sets a new document to 0 and increments an updated one, so compute the same
+    // value here to stamp the chunks (which are encrypted before the envelope).
+    const sequence = context.base ? context.base.sequence + 1 : 0;
+    // The stream's encrypt transformer mutates its recipients array (it injects
+    // an ephemeral key), so build a recipients set just for the chunks; the core
+    // builds its own for the document jwe.
+    const forChunks = cipher.createRecipients({ keys: context.encryptKeys });
+    const chunks = await encryptToChunks({
+        cipher,
+        data: bytes,
+        recipients: forChunks.recipients,
+        keyResolver: forChunks.keyResolver,
+        chunkSize,
+        sequence
+    });
+    const doc = {
+        content: {},
+        stream: { sequence, chunks: chunks.length }
+    };
+    if (context.metaObject) {
+        doc.meta = context.metaObject;
+    }
+    const envelope = await encryptDocument({
+        doc,
+        keys: context.encryptKeys,
+        hmac: context.hmac,
+        indexes: context.indexes,
+        base: context.base
+    });
+    await writeDocumentBundle({ dir: out, document: envelope, chunks });
+    console.error(`Wrote bundle ${out} (${chunks.length} chunk${chunks.length === 1 ? '' : 's'})`);
+    return 0;
+}
+/**
+ * Decrypt a JWE or EDV Document from stdin or a file with a stored X25519 key.
+ * An EDV Document envelope (`{ id, jwe, … }`) is detected automatically and its
+ * `content` is emitted; `--document` forces that expectation (erroring on a bare
+ * JWE), and a bare JWE is decrypted directly.
+ *
+ * @param options {object}
+ * @param [options.file] {string}   Input `.jwe.json`/`.edvdoc.json` file; stdin
+ *   when omitted.
+ * @param [options.key] {string}   Secret-key ref; auto-selected when omitted.
+ * @param [options.json] {boolean}   Parse plaintext as JSON (`decryptObject`).
+ * @param [options.document] {boolean}   Require an EDV Document envelope.
+ * @param [options.out] {string}   Output plaintext file; stdout when omitted.
+ * @returns {Promise<number>}
+ */
+export async function runDecrypt({ file, key, json, document, out }) {
+    // A bundle directory is a streamed EDV Document; reassemble its chunks.
+    if (file && (await isDirectory(file))) {
+        return runDecryptBundle({ dir: file, key, out });
+    }
+    const bytes = await readInputBytes({ file });
+    const parsed = parseJson(bytes);
+    if (parsed === null || typeof parsed !== 'object') {
+        console.error('The input is not a valid JWE or EDV Document.');
+        return 2;
+    }
+    const envelope = isEncryptedDocument(parsed) ? parsed : undefined;
+    if (document && !envelope) {
+        console.error('--document was given but the input is not an EDV Document.');
+        return 2;
+    }
+    const jwe = (envelope ? envelope.jwe : parsed);
+    let keyAgreementKey;
+    try {
+        keyAgreementKey = await selectKeyAgreementKey({ key, jwe });
+    }
+    catch (err) {
+        console.error(err.message);
+        return 2;
+    }
+    // An EDV Document envelope is unwrapped through the core (its payload is
+    // always the `{ content, meta }` object); a bare JWE honors `--json`.
+    if (envelope) {
+        let payload;
+        try {
+            payload = await decryptDocument({
+                encryptedDoc: envelope,
+                keyAgreementKey
+            });
+        }
+        catch {
+            console.error('Decryption failed: the key does not match any recipient of this ' +
+                'document.');
+            return 1;
+        }
+        reportDocumentSidecars({ payload });
+        await writeJsonOutput({ value: payload.content, output: out });
+        return 0;
+    }
+    const cipher = new Cipher();
+    // A mismatched key throws ("no matching recipient"); a matched key whose
+    // unwrap/decrypt fails returns null. Both are decryption failures, not
+    // crashes, so report either as a clean non-zero exit.
+    let result;
+    try {
+        result = json
+            ? await cipher.decryptObject({ jwe, keyAgreementKey })
+            : await cipher.decrypt({ jwe, keyAgreementKey });
+    }
+    catch {
+        result = null;
+    }
+    if (result === null) {
+        console.error('Decryption failed: the key does not match any recipient of this JWE.');
+        return 1;
+    }
+    if (json) {
+        await writeJsonOutput({ value: result, output: out });
+    }
+    else {
+        await writeBytesOutput({ bytes: result, output: out });
+    }
+    return 0;
+}
+/**
+ * Load the decryption key: the `-k/--key` ref when given, otherwise the stored
+ * key whose id matches a recipient of `jwe`.
+ *
+ * @param options {object}
+ * @param [options.key] {string}
+ * @param options.jwe {IJWE}
+ * @returns {Promise<KeyAgreementKey>}
+ */
+async function selectKeyAgreementKey({ key, jwe }) {
+    return key
+        ? loadKeyAgreementKey({ ref: key })
+        : autoSelectKeyAgreementKey({ jwe });
+}
+/**
+ * Report a decrypted document's `meta` / `stream` on stderr (diagnostics that
+ * accompany the `content` written to stdout).
+ *
+ * @param options {object}
+ * @param options.payload {DocumentPayload}
+ * @returns {void}
+ */
+function reportDocumentSidecars({ payload }) {
+    if (payload.meta !== undefined) {
+        console.error(`meta: ${JSON.stringify(payload.meta)}`);
+    }
+    if (payload.stream !== undefined) {
+        console.error(`stream: ${JSON.stringify(payload.stream)}`);
+    }
+}
+/**
+ * Decrypt a streamed EDV Document bundle directory: decrypt the document jwe for
+ * its `content`/`meta`/`stream` (reported on stderr), then reassemble the chunk
+ * JWEs into the original bytes, written to `-o`/stdout.
+ *
+ * @param options {object}
+ * @param options.dir {string}   The bundle directory.
+ * @param [options.key] {string}
+ * @param [options.out] {string}
+ * @returns {Promise<number>}
+ */
+async function runDecryptBundle({ dir, key, out }) {
+    let document;
+    let chunks;
+    try {
+        ;
+        ({ document, chunks } = await readDocumentBundle({ dir }));
+    }
+    catch (err) {
+        console.error(err.message);
+        return 2;
+    }
+    let keyAgreementKey;
+    try {
+        keyAgreementKey = await selectKeyAgreementKey({ key, jwe: document.jwe });
+    }
+    catch (err) {
+        console.error(err.message);
+        return 2;
+    }
+    const cipher = new Cipher();
+    let bytes;
+    try {
+        const payload = await decryptDocument({
+            encryptedDoc: document,
+            keyAgreementKey
+        });
+        reportDocumentSidecars({ payload });
+        bytes = await decryptChunks({ cipher, chunks, keyAgreementKey });
+    }
+    catch {
+        console.error('Decryption failed: the key does not match any recipient of this bundle.');
+        return 1;
+    }
+    await writeBytesOutput({ bytes, output: out });
+    return 0;
+}
+export function makeEdvCommand() {
+    const edv = new Command('edv').description('Encrypt and decrypt objects and files to X25519 recipients (raw JWE)');
+    edv
+        .command('encrypt [file]')
+        .description('Encrypt stdin or a file to one or more X25519 recipients')
+        .option('-r, --recipient <ref>', 'an X25519 recipient: a publicKeyMultibase, a wallet key ' +
+        'fingerprint/handle, or a DID / DID URL (repeatable)', collect, [])
+        .option('--recipient-file <path>', 'a key-document JSON file holding an X25519 public key (repeatable)', collect, [])
+        .option('--json', 'parse the input as JSON and encrypt it as an object')
+        .option('-d, --document', 'emit a full EDV Document envelope { id, sequence, indexed, jwe }, ' +
+        'encrypting the input as the document content')
+        .option('-s, --stream', 'emit a chunked-stream bundle directory (requires -o); the input is ' +
+        'encrypted as fixed-size chunks')
+        .option('--chunk-size <bytes>', 'bytes per chunk for --stream (default 1 MiB)', parseChunkSize)
+        .option('--meta <json>', 'a JSON meta object to store in the document (requires --document/--stream)')
+        .option('--index <attribute>', 'an indexable attribute path (e.g. content.type) to HMAC-blind into the ' +
+        'document indexed array; requires --document/--stream (repeatable)', collect, [])
+        .option('--unique', 'mark every --index attribute as unique')
+        .option('--hmac <ref>', 'the wallet HMAC key (id or handle) to blind --index attributes with; ' +
+        'auto-selected when the wallet has exactly one')
+        .option('--update <path>', 'an existing EDV Document (file or bundle) to update: reuse its id, ' +
+        'increment its sequence, and merge its recipients')
+        .option('-o, --out <path>', 'write the JWE/EDV Document to a file, or the --stream bundle to a ' +
+        'directory (default: stdout)')
+        .action(async (file, options) => runAndExit(runEncrypt({ file, ...options })));
+    edv
+        .command('decrypt [file]')
+        .description('Decrypt a JWE or EDV Document from stdin or a file with a stored ' +
+        'X25519 key')
+        .option('-k, --key <ref>', 'the X25519 secret key to decrypt with (fingerprint or handle); ' +
+        'auto-selected from the wallet when omitted')
+        .option('--json', 'parse the decrypted plaintext as JSON and pretty-print it')
+        .option('-d, --document', 'require an EDV Document envelope and emit its decrypted content')
+        .option('-o, --out <file>', 'write the plaintext to a file (default: stdout)')
+        .action(async (file, options) => runAndExit(runDecrypt({ file, ...options })));
+    return edv;
+}
+//# sourceMappingURL=edv.js.map

package/dist/commands/edv.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"edv.js","sourceRoot":"","sources":["../../src/commands/edv.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAA;AACvC,OAAO,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA;AACzD,OAAO,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAA;AAOhD,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAChF,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAC5C,OAAO,EACL,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,oBAAoB,EAErB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,mBAAmB,EAAwB,MAAM,oBAAoB,CAAA;AAC9E,OAAO,EACL,eAAe,EACf,eAAe,EAGhB,MAAM,gBAAgB,CAAA;AACvB,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAA;AAC5C,OAAO,EACL,aAAa,EACb,eAAe,EACf,kBAAkB,EAClB,mBAAmB,EACpB,MAAM,kBAAkB,CAAA;AAEzB;;;;;;GAMG;AACH,SAAS,OAAO,CAAC,KAAa,EAAE,QAAkB;IAChD,OAAO,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;AAC/B,CAAC;AAED;;;;;GAKG;AACH,SAAS,cAAc,CAAC,KAAa;IACnC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAA;IAC3B,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;QAC3C,MAAM,IAAI,oBAAoB,CAAC,0CAA0C,CAAC,CAAA;IAC5E,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;;;GAMG;AACH,SAAS,SAAS,CAAC,KAAiB;IAClC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAA;IAC5E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAA;IAClB,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,mBAAmB,CAAC,GAAW;IACtC,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IACzE,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9D,OAAO,QAAQ,CAAA;IACjB,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED;;;;;;;;;;;GAWG;AACH,KAAK,UAAU,qBAAqB,CAAC,EACnC,IAAI,EACJ,QAAQ,EAIT;IACC,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;IAC7C,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,CAAC,CAAA;IACxB,KAAK,MAAM,SAAS,IAAI,QAAQ,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC;QACtD,MAAM,GAAG,GAAG,SAAS,EAAE,MAAM,EAAE,GAAG,CAAA;QAClC,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,SAAQ;QACV,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,MAAM,gBAAgB,CAAC,EAAE,GAAG,EAAE,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;QACtE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IACf,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,WAAW,CAAC,IAAY;IACrC,OAAO,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,KAAK,CAAA;AAC1E,CAAC;AAED;;;;;;;;GAQG;AACH,KAAK,UAAU,YAAY,CAAC,EAC1B,IAAI,EAGL;IACC,IAAI,MAAM,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,MAAM,kBAAkB,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAA;IAC3D,CAAC;IACD,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,cAAc,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;IAC9D,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAA;AACzD,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,qBAAqB,CAAC,EAC7B,KAAK,EACL,KAAK,EAIN;IACC,IAAI,MAAe,CAAA;IACnB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,qBAAqB,CAAC,CAAA;IAChD,CAAC;IACD,IAAI,MAAM,KAAK,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,yBAAyB,CAAC,CAAA;IACpD,CAAC;IACD,OAAO,MAAiC,CAAA;AAC1C,CAAC;AAiBD;;;;;;;;;;;;;;GAcG;AACH,KAAK,UAAU,qBAAqB,CAAC,EACnC,IAAI,EACJ,IAAI,EACJ,MAAM,EACN,KAAK,EACL,MAAM,EACN,IAAI,EAQL;IACC,MAAM,UAAU,GACd,IAAI,KAAK,SAAS;QAChB,CAAC,CAAC,qBAAqB,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;QACzD,CAAC,CAAC,SAAS,CAAA;IACf,MAAM,OAAO,GACX,KAAK,CAAC,MAAM,GAAG,CAAC;QACd,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAClE,CAAC,CAAC,SAAS,CAAA;IACf,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,WAAW,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IAEtE,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,CAAA;IAClE,CAAC;IACD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAA;IACrD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,oBAAoB,MAAM,2BAA2B,CAAC,CAAA;IACxE,CAAC;IACD,OAAO;QACL,UAAU;QACV,IAAI,EAAE,OAAO;QACb,OAAO;QACP,IAAI,EAAE;YACJ,EAAE,EAAE,QAAQ,CAAC,EAAE;YACf,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,EAAE;SAChC;QACD,WAAW,EAAE,MAAM,qBAAqB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;KAC7D,CAAA;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,EAC/B,IAAI,EACJ,SAAS,EACT,aAAa,EACb,IAAI,EACJ,QAAQ,EACR,MAAM,EACN,SAAS,EACT,IAAI,EACJ,KAAK,EACL,MAAM,EACN,IAAI,EACJ,MAAM,EACN,GAAG,EAeJ;IACC,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC,CAAA;IACzD,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,KAAK,SAAS,IAAI,MAAM,KAAK,SAAS,CAAC,EAAE,CAAC;QAClE,OAAO,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAA;QACpE,OAAO,CAAC,CAAA;IACV,CAAC;IACD,IAAI,CAAC,YAAY,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,OAAO,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAA;QACzD,OAAO,CAAC,CAAA;IACV,CAAC;IACD,IAAI,IAAI,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7C,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACzC,OAAO,CAAC,CAAA;IACV,CAAC;IAED,MAAM,IAAI,GAAsB,EAAE,CAAA;IAClC,IAAI,CAAC;QACH,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;YAC5B,IAAI,CAAC,IAAI,CAAC,MAAM,gBAAgB,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;QAC5C,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,CAAC,IAAI,CAAC,MAAM,oBAAoB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;QACjD,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAE,GAAa,CAAC,OAAO,CAAC,CAAA;QACrC,OAAO,CAAC,CAAA;IACV,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,KAAK,CAAC,2DAA2D,CAAC,CAAA;QAC1E,OAAO,CAAC,CAAA;IACV,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,EAAE,IAAI,EAAE,CAAC,CAAA;IAC5C,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAA;IAE3B,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,gBAAgB,CAAC;YACtB,KAAK;YACL,IAAI;YACJ,IAAI;YACJ,KAAK;YACL,MAAM;YACN,IAAI;YACJ,MAAM;YACN,SAAS;YACT,GAAG;YACH,MAAM;SACP,CAAC,CAAA;IACJ,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,kBAAkB,CAAC;YACxB,KAAK;YACL,IAAI;YACJ,IAAI;YACJ,KAAK;YACL,MAAM;YACN,IAAI;YACJ,MAAM;YACN,GAAG;SACJ,CAAC,CAAA;IACJ,CAAC;IAED,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,MAAM,CAAC,gBAAgB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAA;IACrE,IAAI,GAAG,CAAA;IACP,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,CAAA;QAC5B,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5C,OAAO,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAA;YAClE,OAAO,CAAC,CAAA;QACV,CAAC;QACD,GAAG,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC,CAAA;IACpE,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC,CAAA;IACtE,CAAC;IAED,MAAM,eAAe,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAClD,OAAO,CAAC,CAAA;AACV,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,KAAK,UAAU,kBAAkB,CAAC,EAChC,KAAK,EACL,IAAI,EACJ,IAAI,EACJ,KAAK,EACL,MAAM,EACN,IAAI,EACJ,MAAM,EACN,GAAG,EAUJ;IACC,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,CAAA;IAChC,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QACpD,OAAO,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAA;QACnE,OAAO,CAAC,CAAA;IACV,CAAC;IAED,IAAI,OAAO,CAAA;IACX,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,qBAAqB,CAAC;YACpC,IAAI;YACJ,IAAI;YACJ,MAAM;YACN,KAAK;YACL,MAAM;YACN,IAAI;SACL,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAE,GAAa,CAAC,OAAO,CAAC,CAAA;QACrC,OAAO,CAAC,CAAA;IACV,CAAC;IAED,MAAM,GAAG,GAAiB,EAAE,OAAO,EAAE,OAAkC,EAAE,CAAA;IACzE,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QACvB,GAAG,CAAC,IAAI,GAAG,OAAO,CAAC,UAAU,CAAA;IAC/B,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC;QACrC,GAAG;QACH,IAAI,EAAE,OAAO,CAAC,WAAW;QACzB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAC,CAAA;IACF,MAAM,eAAe,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IACvD,OAAO,CAAC,CAAA;AACV,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,KAAK,UAAU,gBAAgB,CAAC,EAC9B,KAAK,EACL,IAAI,EACJ,IAAI,EACJ,KAAK,EACL,MAAM,EACN,IAAI,EACJ,MAAM,EACN,SAAS,EACT,GAAG,EACH,MAAM,EAYP;IACC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAA;QAC5E,OAAO,CAAC,CAAA;IACV,CAAC;IAED,IAAI,OAAO,CAAA;IACX,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,qBAAqB,CAAC;YACpC,IAAI;YACJ,IAAI;YACJ,MAAM;YACN,KAAK;YACL,MAAM;YACN,IAAI;SACL,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAE,GAAa,CAAC,OAAO,CAAC,CAAA;QACrC,OAAO,CAAC,CAAA;IACV,CAAC;IAED,0EAA0E;IAC1E,8EAA8E;IAC9E,4EAA4E;IAC5E,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IAE7D,4EAA4E;IAC5E,6EAA6E;IAC7E,uCAAuC;IACvC,MAAM,SAAS,GAAG,MAAM,CAAC,gBAAgB,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,WAAW,EAAE,CAAC,CAAA;IACxE,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC;QACnC,MAAM;QACN,IAAI,EAAE,KAAK;QACX,UAAU,EAAE,SAAS,CAAC,UAAU;QAChC,WAAW,EAAE,SAAS,CAAC,WAAW;QAClC,SAAS;QACT,QAAQ;KACT,CAAC,CAAA;IAEF,MAAM,GAAG,GAAiB;QACxB,OAAO,EAAE,EAAE;QACX,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE;KAC5C,CAAA;IACD,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QACvB,GAAG,CAAC,IAAI,GAAG,OAAO,CAAC,UAAU,CAAA;IAC/B,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC;QACrC,GAAG;QACH,IAAI,EAAE,OAAO,CAAC,WAAW;QACzB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAC,CAAA;IACF,MAAM,mBAAmB,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;IACnE,OAAO,CAAC,KAAK,CACX,gBAAgB,GAAG,KAAK,MAAM,CAAC,MAAM,SAAS,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CAChF,CAAA;IACD,OAAO,CAAC,CAAA;AACV,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,EAC/B,IAAI,EACJ,GAAG,EACH,IAAI,EACJ,QAAQ,EACR,GAAG,EAOJ;IACC,wEAAwE;IACxE,IAAI,IAAI,IAAI,CAAC,MAAM,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QACtC,OAAO,gBAAgB,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;IAClD,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,EAAE,IAAI,EAAE,CAAC,CAAA;IAC5C,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAA;IAC/B,IAAI,MAAM,KAAK,IAAI,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAClD,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAA;QAC9D,OAAO,CAAC,CAAA;IACV,CAAC;IAED,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAA;IACjE,IAAI,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,4DAA4D,CAAC,CAAA;QAC3E,OAAO,CAAC,CAAA;IACV,CAAC;IACD,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAS,CAAA;IAEtD,IAAI,eAAe,CAAA;IACnB,IAAI,CAAC;QACH,eAAe,GAAG,MAAM,qBAAqB,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;IAC7D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAE,GAAa,CAAC,OAAO,CAAC,CAAA;QACrC,OAAO,CAAC,CAAA;IACV,CAAC;IAED,yEAAyE;IACzE,sEAAsE;IACtE,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,OAAwB,CAAA;QAC5B,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,eAAe,CAAC;gBAC9B,YAAY,EAAE,QAAQ;gBACtB,eAAe;aAChB,CAAC,CAAA;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,KAAK,CACX,kEAAkE;gBAChE,WAAW,CACd,CAAA;YACD,OAAO,CAAC,CAAA;QACV,CAAC;QACD,sBAAsB,CAAC,EAAE,OAAO,EAAE,CAAC,CAAA;QACnC,MAAM,eAAe,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;QAC9D,OAAO,CAAC,CAAA;IACV,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAA;IAC3B,yEAAyE;IACzE,uEAAuE;IACvE,sDAAsD;IACtD,IAAI,MAAkC,CAAA;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI;YACX,CAAC,CAAC,MAAM,MAAM,CAAC,aAAa,CAAC,EAAE,GAAG,EAAE,eAAe,EAAE,CAAC;YACtD,CAAC,CAAC,MAAM,MAAM,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,eAAe,EAAE,CAAC,CAAA;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,GAAG,IAAI,CAAA;IACf,CAAC;IACD,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CACX,sEAAsE,CACvE,CAAA;QACD,OAAO,CAAC,CAAA;IACV,CAAC;IAED,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,eAAe,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,gBAAgB,CAAC,EAAE,KAAK,EAAE,MAAoB,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IACtE,CAAC;IACD,OAAO,CAAC,CAAA;AACV,CAAC;AAED;;;;;;;;GAQG;AACH,KAAK,UAAU,qBAAqB,CAAC,EACnC,GAAG,EACH,GAAG,EAIJ;IACC,OAAO,GAAG;QACR,CAAC,CAAC,mBAAmB,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;QACnC,CAAC,CAAC,yBAAyB,CAAC,EAAE,GAAG,EAAE,CAAC,CAAA;AACxC,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,sBAAsB,CAAC,EAC9B,OAAO,EAGR;IACC,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC/B,OAAO,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IACxD,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QACjC,OAAO,CAAC,KAAK,CAAC,WAAW,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;IAC5D,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,KAAK,UAAU,gBAAgB,CAAC,EAC9B,GAAG,EACH,GAAG,EACH,GAAG,EAKJ;IACC,IAAI,QAAQ,CAAA;IACZ,IAAI,MAAM,CAAA;IACV,IAAI,CAAC;QACH,CAAC;QAAA,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,kBAAkB,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;IAC7D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAE,GAAa,CAAC,OAAO,CAAC,CAAA;QACrC,OAAO,CAAC,CAAA;IACV,CAAC;IAED,IAAI,eAAe,CAAA;IACnB,IAAI,CAAC;QACH,eAAe,GAAG,MAAM,qBAAqB,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAA;IAC3E,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAE,GAAa,CAAC,OAAO,CAAC,CAAA;QACrC,OAAO,CAAC,CAAA;IACV,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAA;IAC3B,IAAI,KAAiB,CAAA;IACrB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC;YACpC,YAAY,EAAE,QAAQ;YACtB,eAAe;SAChB,CAAC,CAAA;QACF,sBAAsB,CAAC,EAAE,OAAO,EAAE,CAAC,CAAA;QACnC,KAAK,GAAG,MAAM,aAAa,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAA;IAClE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CACX,yEAAyE,CAC1E,CAAA;QACD,OAAO,CAAC,CAAA;IACV,CAAC;IAED,MAAM,gBAAgB,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAC9C,OAAO,CAAC,CAAA;AACV,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,MAAM,GAAG,GAAG,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,WAAW,CACxC,sEAAsE,CACvE,CAAA;IAED,GAAG;SACA,OAAO,CAAC,gBAAgB,CAAC;SACzB,WAAW,CAAC,0DAA0D,CAAC;SACvE,MAAM,CACL,uBAAuB,EACvB,0DAA0D;QACxD,qDAAqD,EACvD,OAAO,EACP,EAAE,CACH;SACA,MAAM,CACL,yBAAyB,EACzB,oEAAoE,EACpE,OAAO,EACP,EAAE,CACH;SACA,MAAM,CAAC,QAAQ,EAAE,qDAAqD,CAAC;SACvE,MAAM,CACL,gBAAgB,EAChB,oEAAoE;QAClE,8CAA8C,CACjD;SACA,MAAM,CACL,cAAc,EACd,qEAAqE;QACnE,gCAAgC,CACnC;SACA,MAAM,CACL,sBAAsB,EACtB,8CAA8C,EAC9C,cAAc,CACf;SACA,MAAM,CACL,eAAe,EACf,4EAA4E,CAC7E;SACA,MAAM,CACL,qBAAqB,EACrB,yEAAyE;QACvE,mEAAmE,EACrE,OAAO,EACP,EAAE,CACH;SACA,MAAM,CAAC,UAAU,EAAE,wCAAwC,CAAC;SAC5D,MAAM,CACL,cAAc,EACd,uEAAuE;QACrE,+CAA+C,CAClD;SACA,MAAM,CACL,iBAAiB,EACjB,qEAAqE;QACnE,kDAAkD,CACrD;SACA,MAAM,CACL,kBAAkB,EAClB,oEAAoE;QAClE,6BAA6B,CAChC;SACA,MAAM,CACL,KAAK,EACH,IAAwB,EACxB,OAaC,EACD,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC,CAClD,CAAA;IAEH,GAAG;SACA,OAAO,CAAC,gBAAgB,CAAC;SACzB,WAAW,CACV,mEAAmE;QACjE,YAAY,CACf;SACA,MAAM,CACL,iBAAiB,EACjB,iEAAiE;QAC/D,4CAA4C,CAC/C;SACA,MAAM,CACL,QAAQ,EACR,2DAA2D,CAC5D;SACA,MAAM,CACL,gBAAgB,EAChB,iEAAiE,CAClE;SACA,MAAM,CACL,kBAAkB,EAClB,iDAAiD,CAClD;SACA,MAAM,CACL,KAAK,EACH,IAAwB,EACxB,OAKC,EACD,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC,CAClD,CAAA;IAEH,OAAO,GAAG,CAAA;AACZ,CAAC"}

package/dist/commands/key.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"key.d.ts","sourceRoot":"","sources":["../../src/commands/key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;~~AAmGnC~~,wBAAgB,cAAc,IAAI,OAAO,~~CAkdxC~~"}
1	+ {"version":3,"file":"key.d.ts","sourceRoot":"","sources":["../../src/commands/key.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAqGnC,wBAAgB,cAAc,IAAI,OAAO,CA4iBxC"}