npm - @nostrbox/cli - Versions diffs - 1.7.0 → 1.7.1 - Mend

@nostrbox/cli 1.7.0 → 1.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md +122 -38
package/dist/commands/bip39keys/bip39keys.js +7 -30
package/dist/commands/bip39keys/bip39keys.js.map +1 -1
package/dist/commands/bip39zodiac/bip39zodiac.js +560 -136
package/dist/commands/bip39zodiac/bip39zodiac.js.map +1 -1
package/dist/utils/cliHelpers.d.ts +36 -0
package/dist/utils/cliHelpers.d.ts.map +1 -0
package/dist/utils/cliHelpers.js +112 -0
package/dist/utils/cliHelpers.js.map +1 -0
package/package.json +2 -2

package/dist/commands/bip39zodiac/bip39zodiac.js CHANGED Viewed

@@ -39,10 +39,88 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 const core_1 = require("@nostrbox/core");
+const crypto_1 = require("crypto");
 const argParser_js_1 = require("../../utils/argParser.js");
+const cliHelpers_js_1 = require("../../utils/cliHelpers.js");
 const tabtab = __importStar(require("tabtab"));
 // Valid zodiac signs (converted to lowercase for CLI compatibility)
 const VALID_ZODIAC_SIGNS = core_1.ZODIAC_SIGNS.map((sign) => sign.toLowerCase());
+/**
+ * Derives encryption password from user-memorable parameters
+ *
+ * @param color - Color selection (blue, green, purple, etc.)
+ * @param birthday - Birthday day number (1-31)
+ * @param zodiacSign - Zodiac sign (Aries, Taurus, etc.)
+ * @param operation - Operation type (add or subtract)
+ * @returns Derived password string with format:
+ *          - ADD: UPPERCASE_COLOR + "+" + birthday + "+" + lowercase_zodiac (e.g., "BLUE+17+aries")
+ *          - SUBTRACT: lowercase_color + "-" + birthday + "-" + UPPERCASE_ZODIAC (e.g., "blue-17-ARIES")
+ */
+function deriveMemoryKeys(color, birthday, zodiacSign, operation) {
+    if (operation === 'add') {
+        return `${color.toUpperCase()}+${birthday}+${zodiacSign.toLowerCase()}`;
+    }
+    else {
+        return `${color.toLowerCase()}-${birthday}-${zodiacSign.toUpperCase()}`;
+    }
+}
+/**
+ * Generates random Base64 string of specified length
+ */
+function generateRandomBase64(length) {
+    const bytesNeeded = Math.ceil((length * 3) / 4);
+    const randomBytesBuffer = (0, crypto_1.randomBytes)(bytesNeeded);
+    const base64String = randomBytesBuffer.toString('base64');
+    return base64String.substring(0, length);
+}
+/**
+ * Splits an encrypted zodiac password into two parts based on birthday and color
+ *
+ * @param encryptedPassword - The encrypted zodiac password
+ * @param birthday - Birthday value (1-31)
+ * @param colorValue - Color value (1-7)
+ * @returns Two parts of same length as original, each containing partial original data
+ */
+function splitZodiacPassword(encryptedPassword, birthday, colorValue) {
+    const length = encryptedPassword.length;
+    const splitPoint = birthday + colorValue;
+    if (splitPoint >= length) {
+        throw new Error(`Split point (${splitPoint}) must be less than password length (${length})`);
+    }
+    // Part 1: First splitPoint chars from original + random garbage for rest
+    const part1Original = encryptedPassword.substring(0, splitPoint);
+    const part1Random = generateRandomBase64(length - splitPoint);
+    const part1 = part1Original + part1Random;
+    // Part 2: Random garbage for first splitPoint chars + remaining original chars
+    const part2Random = generateRandomBase64(splitPoint);
+    const part2Original = encryptedPassword.substring(splitPoint);
+    const part2 = part2Random + part2Original;
+    return {
+        part1,
+        part2,
+        splitPoint
+    };
+}
+/**
+ * Combines two split parts to recover the original encrypted zodiac password
+ *
+ * @param part1 - First split part
+ * @param part2 - Second split part
+ * @param birthday - Birthday value (1-31)
+ * @param colorValue - Color value (1-7)
+ * @returns Original encrypted zodiac password
+ */
+function combineZodiacPassword(part1, part2, birthday, colorValue) {
+    const splitPoint = birthday + colorValue;
+    if (part1.length !== part2.length) {
+        throw new Error(`Split parts must have same length (part1: ${part1.length}, part2: ${part2.length})`);
+    }
+    // Extract first splitPoint chars from part1
+    const firstPart = part1.substring(0, splitPoint);
+    // Extract remaining chars from part2
+    const secondPart = part2.substring(splitPoint);
+    return firstPart + secondPart;
+}
 // Color values mapping
 const COLOR_VALUES = {
     blue: 1,
@@ -54,6 +132,86 @@ const COLOR_VALUES = {
     brown: 7
 };
 const VALID_COLORS = Object.keys(COLOR_VALUES);
+/**
+ * Generates export JSON with encrypted split parts and all chain addresses
+ * Derives public addresses from the seed phrase for Bitcoin, Ethereum, Solana, TRON, and Nostr
+ */
+function generateExportData(seedPhrase, splitPart1, splitPart2, passphrase = '') {
+    const mnemonic = seedPhrase.join(' ');
+    // Derive Bitcoin native (bc1q...) address
+    const bitcoinResult = (0, core_1.deriveKeyFromMnemonic)({
+        mnemonic,
+        chain: 'bitcoin',
+        format: 'native',
+        passphrase,
+        accountIndex: 0,
+        changeIndex: 0,
+        addressIndex: 0
+    });
+    // Derive Nostr public key (npub1...)
+    const nostrResult = (0, core_1.deriveKeyFromMnemonic)({
+        mnemonic,
+        chain: 'nostr',
+        format: 'bech32',
+        passphrase,
+        accountIndex: 0,
+        changeIndex: 0,
+        addressIndex: 0
+    });
+    // Derive Ethereum address (0x...)
+    const ethereumResult = (0, core_1.deriveKeyFromMnemonic)({
+        mnemonic,
+        chain: 'ethereum',
+        format: 'native',
+        passphrase,
+        accountIndex: 0,
+        changeIndex: 0,
+        addressIndex: 0
+    });
+    // Derive Solana address
+    const solanaResult = (0, core_1.deriveKeyFromMnemonic)({
+        mnemonic,
+        chain: 'solana',
+        format: 'native',
+        passphrase,
+        accountIndex: 0
+    });
+    // Derive TRON address (T...)
+    const tronResult = (0, core_1.deriveKeyFromMnemonic)({
+        mnemonic,
+        chain: 'tron',
+        format: 'native',
+        passphrase,
+        accountIndex: 0,
+        changeIndex: 0,
+        addressIndex: 0
+    });
+    // Validate that all addresses were derived successfully
+    if (!bitcoinResult.address) {
+        throw new Error('Failed to derive Bitcoin address');
+    }
+    if (!nostrResult.publicKey) {
+        throw new Error('Failed to derive Nostr public key');
+    }
+    if (!ethereumResult.address) {
+        throw new Error('Failed to derive Ethereum address');
+    }
+    if (!solanaResult.address) {
+        throw new Error('Failed to derive Solana address');
+    }
+    if (!tronResult.address) {
+        throw new Error('Failed to derive TRON address');
+    }
+    return {
+        encZodiacPwdSplit1: splitPart1,
+        encZodiacPwdSplit2: splitPart2,
+        nostr: nostrResult.publicKey,
+        bitcoin: bitcoinResult.address,
+        ethereum: ethereumResult.address,
+        solana: solanaResult.address,
+        tron: tronResult.address
+    };
+}
 // Constants for format detection and validation
 const BASE58_PATTERN = /^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/;
 const MAX_ZODIAC_PASSWORD_LENGTH = 30;
@@ -116,15 +274,47 @@ function createParser() {
             },
             {
                 name: 'load',
+                type: 'flag',
+                description: 'Modifier flag: when used, data input flags expect file paths instead of direct values'
+            },
+            // Old import methods (for backward compatibility)
+            {
+                name: 'codes',
+                type: 'string',
+                description: 'Secret codes: provide numbers directly, or file path if --load is used'
+            },
+            {
+                name: 'zodiacPwd',
                 type: 'string',
-                description: 'Load from file (seed phrase or numbers depending on --restore flag)'
+                description: 'Plain zodiac password: provide Base58 directly, or file path if --load is used'
+            },
+            {
+                name: 'encZodiacPwd',
+                type: 'string',
+                description: 'Encrypted zodiac password: provide string directly, or file path if --load is used'
+            },
+            {
+                name: 'encZodiacPwdSplit',
+                type: 'string',
+                description: 'Encrypted split parts: provide comma-separated directly, or file path if --load is used'
+            },
+            // Encryption options
+            {
+                name: 'passphrase',
+                type: 'string',
+                description: 'Custom user password for encryption/decryption (overrides auto-derived memory keys)'
             },
             // Output format options
             {
                 name: 'zodiac-password',
                 alias: 'p',
                 type: 'flag',
-                description: 'Output/input zodiac password (Base58) instead of 12 numbers'
+                description: 'Output/input zodiac password (Base58, always encrypted and split) instead of 12 numbers'
+            },
+            {
+                name: 'export',
+                type: 'string',
+                description: 'Export JSON with encrypted split parts and public addresses to specified file'
             },
             // File options
             {
@@ -151,7 +341,9 @@ async function setupCompletion(env) {
         '--seed',
         '--restore',
         '--load',
+        '--passphrase',
         '--zodiac-password',
+        '--export',
         '--save'
     ];
     const commandCompletions = ['install', 'uninstall'];
@@ -166,70 +358,56 @@ async function setupCompletion(env) {
         }
     }
     // Special case for operation values
-    if (env.line && env.line.includes('--operation=')) {
-        const operationPart = current.replace('--operation=', '');
-        const matches = ['add', 'subtract'].filter((op) => op.startsWith(operationPart));
-        return tabtab.log(matches);
+    const operationMatches = (0, cliHelpers_js_1.handleOptionValueCompletion)(env.line || '', current, 'operation', ['add', 'subtract']);
+    if (operationMatches) {
+        return tabtab.log(operationMatches);
     }
     // Special case for zodiac values
-    if (env.line && env.line.includes('--zodiac=')) {
-        const zodiacPart = current.replace('--zodiac=', '');
-        const matches = VALID_ZODIAC_SIGNS.filter((sign) => sign.startsWith(zodiacPart));
-        return tabtab.log(matches);
+    const zodiacMatches = (0, cliHelpers_js_1.handleOptionValueCompletion)(env.line || '', current, 'zodiac', VALID_ZODIAC_SIGNS);
+    if (zodiacMatches) {
+        return tabtab.log(zodiacMatches);
     }
     // Special case for color values
-    if (env.line && env.line.includes('--color=')) {
-        const colorPart = current.replace('--color=', '');
-        const matches = VALID_COLORS.filter((color) => color.startsWith(colorPart));
-        return tabtab.log(matches);
+    const colorMatches = (0, cliHelpers_js_1.handleOptionValueCompletion)(env.line || '', current, 'color', VALID_COLORS);
+    if (colorMatches) {
+        return tabtab.log(colorMatches);
     }
     // Filter flag names based on current input
     const matches = flagCompletions.filter((comp) => comp.startsWith(current));
     return tabtab.log(matches);
 }
-async function installCompletion() {
-    try {
-        await tabtab.install({
-            name: 'bip39zodiac',
-            completer: 'bip39zodiac'
-        });
-        console.log('✅ Shell completion installed successfully!');
-        console.log('📝 You may need to restart your shell or run: source ~/.bashrc (or equivalent)');
-    }
-    catch (error) {
-        console.error('❌ Failed to install completion:', error instanceof Error ? error.message : String(error));
-        process.exit(1);
-    }
-}
-async function uninstallCompletion() {
-    try {
-        await tabtab.uninstall({
-            name: 'bip39zodiac'
-        });
-        console.log('✅ Shell completion uninstalled successfully!');
-    }
-    catch (error) {
-        console.error('❌ Failed to uninstall completion:', error instanceof Error ? error.message : String(error));
-        process.exit(1);
-    }
-}
+// Create shared completion installer and uninstaller using utility functions
+const installCompletion = (0, cliHelpers_js_1.createCompletionInstaller)('bip39zodiac');
+const uninstallCompletion = (0, cliHelpers_js_1.createCompletionUninstaller)('bip39zodiac');
 function showHelp() {
     console.log(`
 🌌 Seed Phrase CLI Tool - BIP39 Zodiac Operations
 USAGE:
-  bip39zodiac [INPUT_METHOD] [OPTIONS] [CONVERSION_FLAGS]
+  # Generation
+  bip39zodiac [GENERATION_INPUT] [CONVERSION_FLAGS] [OPTIONS]
+  # Restoration
+  bip39zodiac [RESTORE_INPUT] --restore [CONVERSION_FLAGS] [OPTIONS]
+  # Commands
   bip39zodiac <install|uninstall>
-INPUT METHODS (choose one):
+GENERATION INPUT METHODS (choose one):
   --new, -n                   Generate new random 12-word seed phrase
-  --seed "content"            Transform seed phrase or restore from codes
-  --load <file>               Load from file (seed phrase or codes)
+  --seed "12 words"           Transform existing seed phrase (12 words directly)
+  --seed <file>               ... or file path when used with --load flag
-OPTIONS:
-  --restore                   Restore mode (reverses the transformation)
-  --zodiac-password, -p       Output/input zodiac password (Base58) instead of 12 numbers
-  --save <file>               Save results to file
+RESTORE INPUT METHODS (choose one, use with --restore):
+  --codes "numbers"                          Secret codes: provide numbers directly
+  --codes <file>                             ... or file path when used with --load flag
+  --zodiacPwd "base58"                       Plain zodiac password: provide Base58 directly
+  --zodiacPwd <file>                         ... or file path when used with --load flag
+  --encZodiacPwd "encrypted"                 Encrypted password: provide string directly
+  --encZodiacPwd <file>                      ... or file path when used with --load flag
+  --encZodiacPwdSplit "p1,p2"                Split parts: provide comma-separated directly
+  --encZodiacPwdSplit <file>                 ... or file path when used with --load flag (2 lines or 1 line with comma)
+  --load                                     Modifier flag: makes above flags expect file paths
 CONVERSION FLAGS (all required):
   --operation, -o <add|subtract>  Operation type (mandatory):
@@ -241,6 +419,18 @@ CONVERSION FLAGS (all required):
   --color, -c <color>         Color for additional offset (mandatory):
     blue(1), green(2), purple(3), orange(4), yellow(5), pink(6), brown(7)
+ENCRYPTION OPTIONS:
+  --passphrase <password>     Custom user password for encryption/decryption
+                              (overrides auto-derived memory keys)
+                              Requirements: min 8 chars, letters + numbers + special char,
+                              no common weak passwords (e.g., "password", "123456")
+OUTPUT OPTIONS:
+  --zodiac-password, -p       Output zodiac password (Base58) format
+  --export <file>             Export JSON with encrypted split parts and public addresses
+                              to specified file (Bitcoin, Ethereum, Solana, TRON, Nostr)
+  --save <file>               Save results to file
 COMMANDS:
   install                     Install shell completion for this command
   uninstall                   Uninstall shell completion for this command
@@ -265,30 +455,49 @@ ZODIAC SIGNS & ALGORITHMS:
     Not your own birthday and zodiac for maximum security.
 EXAMPLES:
+  # GENERATION
   # Generate new seed phrase and transform it
   bip39zodiac --new --operation=add --birthday=17 --zodiac=aries --color=blue
-  # Transform existing seed phrase into codes and save
-  bip39zodiac --seed "abandon ability able..." --operation=subtract --birthday=25 --zodiac=leo --color=green --save codes.txt
+  # Transform existing seed phrase and save
+  bip39zodiac --seed "abandon ability able..." --save codes.txt --operation=subtract --birthday=25 --zodiac=leo --color=green
+  # Load seed phrase from file and save with zodiac password format
+  bip39zodiac --load --seed seedphrase.txt --zodiac-password --save password.txt --operation=add --birthday=10 --zodiac=virgo --color=orange
-  # Transform to zodiac password (compact Base58 format)
-  bip39zodiac --seed "abandon ability able..." --operation=add --birthday=10 --zodiac=virgo --color=purple --zodiac-password
+  # Generate with custom passphrase instead of memory keys
+  bip39zodiac --new --passphrase "MySecretPassword.123" --operation=add --birthday=17 --zodiac=aries --color=blue
-  # Load seed phrase from file and output zodiac password
-  bip39zodiac --load seedphrase.txt --operation=add --birthday=10 --zodiac=virgo --color=orange --zodiac-password --save password.txt
+  # Export JSON with encrypted split parts and all chain addresses to file
+  bip39zodiac --new --export export.json --operation=add --birthday=17 --zodiac=aries --color=blue
-  # Restore original from codes (same parameters, auto-reverses) and save
-  bip39zodiac --seed "1234 567 890..." --restore --operation=add --birthday=17 --zodiac=aries --color=blue --save restored.txt
+  # RESTORATION
+  # Restore from secret codes
+  bip39zodiac --restore --codes "22 23 24 25 26 27 28 29 30 19 20 21" --operation=add --birthday=17 --zodiac=aries --color=blue
-  # Restore from zodiac password
-  bip39zodiac --seed "AoWJhqGkNxEe2D" --restore --zodiac-password --operation=subtract --birthday=25 --zodiac=leo --color=yellow
+  # Restore from secret codes loaded from file
+  bip39zodiac --restore --load --codes codes.txt --operation=add --birthday=17 --zodiac=aries --color=blue
-  # Load zodiac password from file to restore
-  bip39zodiac --load password.txt --restore --zodiac-password --operation=add --birthday=10 --zodiac=virgo --color=pink
+  # Restore from plain zodiac password
+  bip39zodiac --restore --zodiacPwd "1P1Q1R1S1T1U1V1W1X1L1M1N" --operation=subtract --birthday=25 --zodiac=leo --color=yellow
-  # Full workflow: transform to zodiac password and save, then restore
-  bip39zodiac --seed "abandon ability able..." --operation=add --birthday=15 --zodiac=gemini --color=brown --zodiac-password --save secret.txt
-  bip39zodiac --load secret.txt --restore --zodiac-password --operation=add --birthday=15 --zodiac=gemini --color=brown
+  # Restore from encrypted zodiac password (single string)
+  bip39zodiac --restore --encZodiacPwd "s2ubbiTDzq..." --operation=add --birthday=10 --zodiac=virgo --color=pink
+  # Restore from encrypted split parts
+  bip39zodiac --restore --encZodiacPwdSplit "part1...,part2..." --operation=add --birthday=15 --zodiac=gemini --color=brown
+  # Load codes from file and restore (--load makes --codes expect file path)
+  bip39zodiac --restore --load --codes codes.txt --operation=add --birthday=17 --zodiac=aries --color=blue
+  # Load encrypted split from file (2 lines or 1 line with comma)
+  bip39zodiac --restore --load --encZodiacPwdSplit password.txt --operation=add --birthday=10 --zodiac=virgo --color=orange
+  # Restore with custom passphrase
+  bip39zodiac --restore --encZodiacPwdSplit "part1...,part2..." --passphrase "MySecretPassword.123" --operation=add --birthday=15 --zodiac=gemini --color=brown
+  # INSTALL COMPLETION
+  bip39zodiac install
 `);
 }
 /**
@@ -326,20 +535,51 @@ function validateCoreFlags(args) {
 }
 /**
  * Validates that exactly one input method is specified and required combinations are met
- * Ensures restore mode has proper input and only one of new/seed/load is used
+ * For generation: use --new or --seed (seed phrase)
+ * For restore: use --codes, --zodiacPwd, --encZodiacPwd, or --encZodiacPwdSplit (optionally with --load)
  */
 function validateUseCase(args) {
-    // --restore requires either --seed or --load for input
-    if (args.restore && !args.seed && !args.load) {
-        throw new Error('--restore requires either --seed or --load to provide the numbers');
+    // For restore mode
+    if (args.restore) {
+        // --seed cannot be used with --restore
+        if (args.seed) {
+            throw new Error('--seed is only for seed phrases during generation. For restore, use --codes, --zodiacPwd, --encZodiacPwd, or --encZodiacPwdSplit');
+        }
+        if (args.new) {
+            throw new Error('--new cannot be used with --restore');
+        }
+        // Must have one of the restore input methods
+        if (!args.codes &&
+            !args.zodiacPwd &&
+            !args.encZodiacPwd &&
+            !args.encZodiacPwdSplit) {
+            throw new Error('--restore requires one of: --codes, --zodiacPwd, --encZodiacPwd, or --encZodiacPwdSplit (optionally with --load <file>)');
+        }
+    }
+    else {
+        // For generation mode, cannot use restore-specific flags
+        if (args.codes ||
+            args.zodiacPwd ||
+            args.encZodiacPwd ||
+            args.encZodiacPwdSplit) {
+            throw new Error('Restore input methods (--codes, --zodiacPwd, --encZodiacPwd, --encZodiacPwdSplit) require --restore flag');
+        }
     }
     // Check that we have at least one input method
-    const inputs = [args.new, args.seed, args.load].filter(Boolean);
+    const inputs = [
+        args.new,
+        args.seed,
+        args.codes,
+        args.zodiacPwd,
+        args.encZodiacPwd,
+        args.encZodiacPwdSplit
+    ].filter(Boolean);
     if (inputs.length === 0) {
-        throw new Error('Input required: exactly one of --new, --seed, or --load must be specified');
+        throw new Error('Input required: for generation use --new or --seed; for restore use --codes, --zodiacPwd, --encZodiacPwd, or --encZodiacPwdSplit');
     }
+    // Only one data input method allowed (--load is separate as it's just the file path)
     if (inputs.length > 1) {
-        throw new Error('Input conflict: only one of --new, --seed, or --load can be used');
+        throw new Error('Input conflict: only one data input method can be used at a time');
     }
 }
 /**
@@ -356,29 +596,33 @@ function getSeedPhrase(args) {
         return (0, core_1.generateSecureSeedPhrase)(12, 128);
     }
     if (args.seed) {
-        console.log('📥 Processing existing seed phrase...');
-        const words = args.seed
-            .split(' ')
-            .map((word) => word.trim())
-            .filter((word) => word.length > 0);
-        (0, core_1.validateBip39Words)(words);
-        return words;
-    }
-    if (args.load) {
-        console.log(`📂 Loading from file: ${args.load}`);
-        try {
-            const fileContent = (0, core_1.loadArrayFromFile)(args.load);
-            // fileContent is always string[], join and split to handle both formats
-            const content = fileContent
-                .join(' ')
-                .split(/\s+/)
-                .filter((item) => item.length > 0);
-            console.log('📥 Loading seed phrase for transformation');
-            (0, core_1.validateBip39Words)(content);
-            return content;
+        if (args.load) {
+            // When --load is present, args.seed contains the file path
+            console.log(`📂 Loading seed phrase from file: ${args.seed}`);
+            try {
+                const fileContent = (0, core_1.loadArrayFromFile)(args.seed);
+                // fileContent is always string[], join and split to handle both formats
+                const content = fileContent
+                    .join(' ')
+                    .split(/\s+/)
+                    .filter((item) => item.length > 0);
+                console.log('📥 Processing seed phrase for transformation');
+                (0, core_1.validateBip39Words)(content);
+                return content;
+            }
+            catch (error) {
+                throw new Error(`Failed to load file '${args.seed}': ${error instanceof Error ? error.message : String(error)}`);
+            }
         }
-        catch (error) {
-            throw new Error(`Failed to load file '${args.load}': ${error instanceof Error ? error.message : String(error)}`);
+        else {
+            // Direct input as string
+            console.log('📥 Processing existing seed phrase...');
+            const words = args.seed
+                .split(' ')
+                .map((word) => word.trim())
+                .filter((word) => word.length > 0);
+            (0, core_1.validateBip39Words)(words);
+            return words;
         }
     }
     throw new Error('No valid use case specified');
@@ -462,23 +706,21 @@ function parseSecretInput(input, useZodiacPassword, source) {
  * Displays a formatted table showing the complete transformation process
  * Shows original words through each transformation step to final shuffled codes
  */
-function displayTable(originalWords, mappedNumbers, birthdayOffsetNumbers, colorOffsetNumbers, shuffledNumbers, base58Values, zodiacSign) {
+function displayTable(originalWords, mappedNumbers, offsetNumbers, shuffledNumbers, base58Values, zodiacSign) {
     console.log('\n📊 SEED PHRASE TRANSFORMATION TABLE');
-    console.log('====================================');
-    console.log(`Original Words | Mapped Numbers | Birthday Offset | Color Offset | ${zodiacSign} Shuffled | Base58`);
-    console.log('---------------|----------------|-----------------|--------------|-----------------|-------');
+    console.log('================================================================');
+    console.log(`#    | Original Words   | Mapped | Offset | ${zodiacSign} Shuffled | Base58`);
+    console.log('-----|------------------|--------|--------|----------------|--------');
     for (let i = 0; i < originalWords.length; i++) {
-        const word = originalWords[i].padEnd(13);
-        const mapped = String(mappedNumbers[i]).padEnd(15);
-        const birthdayOffset = String(birthdayOffsetNumbers[i]).padEnd(16);
-        const colorOffset = String(colorOffsetNumbers[i]).padEnd(13);
-        const shuffled = String(shuffledNumbers[i]).padEnd(15);
-        const base58 = base58Values[i].padEnd(2);
-        console.log(`${String(i + 1).padStart(2)}. ${word}  ${mapped}  ${birthdayOffset}  ${colorOffset}  ${shuffled}  ${base58}`);
-    }
-    console.log('---------------|----------------|-----------------|--------------|-----------------|-------');
-    console.log(`Final secret codes: ${shuffledNumbers.join(' ')}`);
-    console.log(`Original seed phrase: ${originalWords.join(' ')}`);
+        const num = String(i + 1).padStart(4);
+        const word = originalWords[i].padEnd(16);
+        const mapped = String(mappedNumbers[i]).padStart(6);
+        const offset = String(offsetNumbers[i]).padStart(6);
+        const shuffled = String(shuffledNumbers[i]).padStart(14);
+        const base58 = base58Values[i].padStart(6);
+        console.log(`${num} | ${word}  ${mapped}  ${offset}  ${shuffled}  ${base58}`);
+    }
+    console.log('-----|------------------|--------|--------|----------------|--------');
 }
 /**
  * Main entry point for the BIP39 Zodiac CLI
@@ -519,19 +761,128 @@ async function main() {
             const colorValue = COLOR_VALUES[args.color];
             const isAdd = args.operation === 'add';
             let secretCodes;
-            if (args.seed) {
-                const input = args.seed.trim();
-                secretCodes = parseSecretInput(input, args['zodiac-password'] || false, '');
+            let inputString = '';
+            // Handle old import methods
+            if (args.codes) {
+                // --codes: Secret codes (numbers from string or file)
+                console.log('📥 Processing secret codes...');
+                if (args.load) {
+                    // When --load is present, args.codes contains the file path
+                    console.log(`📂 Loading from file: ${args.codes}`);
+                    const fileContent = (0, core_1.loadArrayFromFile)(args.codes);
+                    inputString = fileContent.join(' ').trim();
+                    secretCodes = parseNumbers(inputString);
+                }
+                else {
+                    // Direct input as string
+                    secretCodes = parseNumbers(args.codes);
+                }
+                (0, core_1.validateBip39Indices)(secretCodes);
+            }
+            else if (args.zodiacPwd) {
+                // --zodiacPwd: Plain unencrypted zodiac password (from string or file)
+                console.log('📥 Processing plain zodiac password...');
+                let passwordInput;
+                if (args.load) {
+                    // When --load is present, args.zodiacPwd contains the file path
+                    console.log(`📂 Loading from file: ${args.zodiacPwd}`);
+                    passwordInput = (0, core_1.loadArrayFromFile)(args.zodiacPwd).join('').trim();
+                }
+                else {
+                    // Direct input as string
+                    passwordInput = args.zodiacPwd;
+                }
+                secretCodes = (0, core_1.decodePassword)(passwordInput);
+            }
+            else if (args.encZodiacPwd) {
+                // --encZodiacPwd: Single encrypted password (from string or file)
+                console.log('📥 Processing encrypted zodiac password...');
+                let encryptedInput;
+                if (args.load) {
+                    // When --load is present, args.encZodiacPwd contains the file path
+                    console.log(`📂 Loading from file: ${args.encZodiacPwd}`);
+                    encryptedInput = (0, core_1.loadArrayFromFile)(args.encZodiacPwd).join('').trim();
+                }
+                else {
+                    // Direct input as string
+                    encryptedInput = args.encZodiacPwd;
+                }
+                // Use custom passphrase if provided, otherwise derive from memory keys
+                const memoryKeys = args.passphrase
+                    ? args.passphrase
+                    : deriveMemoryKeys(args.color, birthday, zodiacSign, args.operation);
+                if (args.passphrase) {
+                    console.log(`   Using custom passphrase`);
+                }
+                else {
+                    console.log(`   Memory keys: ${memoryKeys} (${args.operation} operation)`);
+                }
+                const decryptionResult = (0, core_1.decryptString)(encryptedInput, memoryKeys);
+                const decryptedPassword = decryptionResult.decrypted;
+                console.log(`✅ Decryption successful!`);
+                console.log(`🔓 Decrypted zodiac password: ${decryptedPassword}`);
+                secretCodes = (0, core_1.decodePassword)(decryptedPassword);
             }
-            else if (args.load) {
-                const fileContent = (0, core_1.loadArrayFromFile)(args.load);
-                const content = fileContent.join(' ').trim();
-                secretCodes = parseSecretInput(content, args['zodiac-password'] || false, 'file');
+            else if (args.encZodiacPwdSplit) {
+                // --encZodiacPwdSplit: Comma-separated split parts or from file (2 lines)
+                console.log('📥 Processing encrypted zodiac password (split parts)...');
+                let part1;
+                let part2;
+                if (args.load) {
+                    // When --load is present, args.encZodiacPwdSplit contains the file path
+                    console.log(`📂 Loading from file: ${args.encZodiacPwdSplit}`);
+                    const fileContent = (0, core_1.loadArrayFromFile)(args.encZodiacPwdSplit);
+                    if (fileContent.length === 2) {
+                        // Two lines: each line is a part
+                        part1 = fileContent[0].trim();
+                        part2 = fileContent[1].trim();
+                    }
+                    else if (fileContent.length === 1 && fileContent[0].includes(',')) {
+                        // One line with comma: split by comma
+                        const parts = fileContent[0].split(',').map((p) => p.trim());
+                        if (parts.length !== 2) {
+                            throw new Error(`Expected 2 comma-separated parts, got ${parts.length}`);
+                        }
+                        ;
+                        [part1, part2] = parts;
+                    }
+                    else {
+                        throw new Error(`Expected file to contain either 2 lines or 1 line with comma-separated parts, got ${fileContent.length} line(s)`);
+                    }
+                }
+                else {
+                    // Direct input as comma-separated string
+                    const parts = args.encZodiacPwdSplit.split(',').map((p) => p.trim());
+                    if (parts.length !== 2) {
+                        throw new Error(`Expected 2 comma-separated parts, got ${parts.length}`);
+                    }
+                    ;
+                    [part1, part2] = parts;
+                }
+                console.log(`🔀 Combining split parts...`);
+                console.log(`   Split point: ${birthday} + ${colorValue} = ${birthday + colorValue}`);
+                const combinedPassword = combineZodiacPassword(part1, part2, birthday, colorValue);
+                console.log(`✅ Parts combined successfully!`);
+                // Use custom passphrase if provided, otherwise derive from memory keys
+                const memoryKeys = args.passphrase
+                    ? args.passphrase
+                    : deriveMemoryKeys(args.color, birthday, zodiacSign, args.operation);
+                console.log(`\n🔓 Decrypting zodiac password...`);
+                if (args.passphrase) {
+                    console.log(`   Using custom passphrase`);
+                }
+                else {
+                    console.log(`   Memory keys: ${memoryKeys} (${args.operation} operation)`);
+                }
+                const decryptionResult = (0, core_1.decryptString)(combinedPassword, memoryKeys);
+                const decryptedPassword = decryptionResult.decrypted;
+                console.log(`✅ Decryption successful!`);
+                console.log(`🔓 Decrypted zodiac password: ${decryptedPassword}`);
+                secretCodes = (0, core_1.decodePassword)(decryptedPassword);
             }
             else {
-                throw new Error('No secret codes provided for restoration');
+                throw new Error('No restore input method specified. Use --codes, --zodiacPwd, --encZodiacPwd, or --encZodiacPwdSplit');
             }
-            (0, core_1.validateBip39Indices)(secretCodes);
             console.log(`📥 Input secret codes: ${secretCodes.join(' ')}`);
             // Reverse the process: unshuffle → remove color offset → remove birthday offset → get original words
             console.log(`🔄 Unshuffling with ${zodiacSign}...`);
@@ -602,42 +953,115 @@ async function main() {
         const shuffledNumbers = shuffleResult.shuffled;
         console.log(`📝 Step 4: Shuffle with ${zodiacSign}`);
         // Generate zodiac password and get individual Base58 values
-        let zodiacPassword;
+        let unencryptedZodiacPassword;
         let base58Values;
         try {
             const passwordResult = (0, core_1.encodePassword)(shuffledNumbers);
-            zodiacPassword = passwordResult.password;
+            unencryptedZodiacPassword = passwordResult.password;
             base58Values = passwordResult.individual;
         }
         catch (error) {
             throw new Error(`Failed to generate zodiac password: ${error instanceof Error ? error.message : String(error)}`);
         }
-        // Display the 6-column table with Base58 values
-        displayTable(originalWords, mappedNumbers, birthdayOffsetNumbers, colorOffsetNumbers, shuffledNumbers, base58Values, zodiacSign);
-        // Display zodiac password section
-        console.log('\n🔐 ZODIAC PASSWORD');
-        console.log('==================');
+        // Encrypt zodiac password (ALWAYS)
+        let zodiacPassword;
+        let splitResult;
+        let memoryKeys;
+        try {
+            // Use custom passphrase if provided, otherwise derive from memory keys
+            if (args.passphrase) {
+                memoryKeys = args.passphrase;
+                console.log(`\n🔒 Encrypting zodiac password...`);
+                console.log(`   Using custom passphrase`);
+            }
+            else {
+                memoryKeys = deriveMemoryKeys(args.color, birthday, zodiacSign, args.operation);
+                console.log(`\n🔒 Encrypting zodiac password...`);
+                console.log(`   Memory keys: ${memoryKeys} (${args.operation} operation)`);
+            }
+            const encryptionResult = (0, core_1.encryptString)(unencryptedZodiacPassword, memoryKeys);
+            zodiacPassword = encryptionResult.encrypted;
+            console.log(`✅ Encryption complete!`);
+            // Split the encrypted password using birthday + color
+            console.log(`\n🔀 Splitting encrypted password at position ${birthday} + ${colorValue} = ${birthday + colorValue}...`);
+            splitResult = splitZodiacPassword(zodiacPassword, birthday, colorValue);
+            console.log(`✅ Split complete!`);
+        }
+        catch (error) {
+            throw new Error(`Failed to encrypt zodiac password: ${error instanceof Error ? error.message : String(error)}`);
+        }
+        // Handle export mode - output JSON and exit
+        if (args.export) {
+            console.log('\n📦 Generating export data...');
+            const bip39Passphrase = args.passphrase || '';
+            const exportData = generateExportData(originalWords, splitResult.part1, splitResult.part2, bip39Passphrase);
+            const jsonOutput = JSON.stringify(exportData, null, 2);
+            try {
+                (0, core_1.saveArrayToFile)([jsonOutput], args.export);
+                console.log(`✅ Export data saved to: ${args.export}`);
+            }
+            catch (error) {
+                console.error(`⚠️ Failed to save to file '${args.export}': ${error instanceof Error ? error.message : String(error)}`);
+            }
+            return;
+        }
+        // Display the transformation table
+        displayTable(originalWords, mappedNumbers, colorOffsetNumbers, // Combined offset (birthday + color applied)
+        shuffledNumbers, base58Values, zodiacSign);
+        // Display inline format below table
+        console.log('\nOriginal Words:');
+        console.log(originalWords.join(' '));
+        console.log('\nMapped Numbers:');
+        console.log(mappedNumbers.join(' '));
+        console.log('\nOffset Applied:');
+        console.log(colorOffsetNumbers.join(' '));
+        console.log(`\n${zodiacSign} Shuffled:`);
+        console.log(shuffledNumbers.join(' '));
+        console.log('\nBase58:');
+        console.log(base58Values.join(' '));
+        // Display password information
+        console.log('\nZodiac Password:');
+        console.log(unencryptedZodiacPassword);
+        console.log('\nEncrypted Zodiac Password:');
         console.log(zodiacPassword);
-        console.log('\n✅ TRANSFORMATION COMPLETE!');
+        console.log('\nEncrypted Zodiac Password (Split Parts):');
+        console.log(`💡 Each part contains a portion of the encrypted password padded with random data`);
+        console.log(`   Both parts are required to reconstruct the original encrypted password`);
+        console.log(`Part 1: ${splitResult.part1}`);
+        console.log(`Part 2: ${splitResult.part2}`);
+        console.log(`Split point: ${birthday} + ${colorValue} = ${birthday + colorValue}`);
+        const passphraseFlag = args.passphrase
+            ? ` --passphrase "${args.passphrase}"`
+            : '';
         if (args['zodiac-password']) {
-            console.log(`🔐 Zodiac Password: ${zodiacPassword}`);
-            console.log(`📊 Secret codes: ${shuffledNumbers.join(' ')} (for reference)`);
-            console.log(`🔄 To restore, use: bip39zodiac --seed "${zodiacPassword}" --restore --zodiac-password --operation=${args.operation} --birthday=${birthday} --zodiac=${args.zodiac} --color=${args.color}`);
+            console.log(`\n🔄 To restore, use: bip39zodiac --encZodiacPwdSplit "${splitResult.part1},${splitResult.part2}" --restore --operation=${args.operation} --birthday=${birthday} --zodiac=${args.zodiac} --color=${args.color}${passphraseFlag}`);
+            if (args.passphrase) {
+                console.log(`\n💡 Using custom passphrase for encryption`);
+            }
+            else {
+                console.log(`\n💡 Memory keys: ${memoryKeys} (${args.operation} operation - auto-derived from your parameters)`);
+            }
         }
         else {
-            console.log(`🔐 Use these secret codes: ${shuffledNumbers.join(' ')}`);
-            console.log(`🔑 Zodiac Password: ${zodiacPassword} (compact format)`);
-            console.log(`🔄 To restore, use: bip39zodiac --seed "${shuffledNumbers.join(' ')}" --restore --operation=${args.operation} --birthday=${birthday} --zodiac=${args.zodiac} --color=${args.color}`);
-            console.log(`🔄 Or with zodiac password: bip39zodiac --seed "${zodiacPassword}" --restore --zodiac-password --operation=${args.operation} --birthday=${birthday} --zodiac=${args.zodiac} --color=${args.color}`);
+            console.log(`\n🔄 To restore with codes: bip39zodiac --codes "${shuffledNumbers.join(' ')}" --restore --operation=${args.operation} --birthday=${birthday} --zodiac=${args.zodiac} --color=${args.color}`);
+            console.log(`\n🔄 To restore with zodiac password: bip39zodiac --zodiacPwd "${unencryptedZodiacPassword}" --restore --operation=${args.operation} --birthday=${birthday} --zodiac=${args.zodiac} --color=${args.color}`);
+            console.log(`\n🔄 To restore with encrypted split: bip39zodiac --encZodiacPwdSplit "${splitResult.part1},${splitResult.part2}" --restore --operation=${args.operation} --birthday=${birthday} --zodiac=${args.zodiac} --color=${args.color}${passphraseFlag}`);
         }
         // Save to file if --save option provided
         if (args.save) {
             try {
-                const contentToSave = args['zodiac-password']
-                    ? zodiacPassword
-                    : shuffledNumbers.join(' ');
-                (0, core_1.saveArrayToFile)([contentToSave], args.save);
-                console.log(`💾 Results saved to: ${args.save}`);
+                if (args['zodiac-password']) {
+                    // Save both split parts (part1 on first line, part2 on second line)
+                    (0, core_1.saveArrayToFile)([splitResult.part1, splitResult.part2], args.save);
+                    console.log(`💾 Split parts saved to: ${args.save}`);
+                    console.log(`   Part 1: Line 1`);
+                    console.log(`   Part 2: Line 2`);
+                }
+                else {
+                    // Save numeric codes
+                    (0, core_1.saveArrayToFile)([shuffledNumbers.join(' ')], args.save);
+                    console.log(`💾 Results saved to: ${args.save}`);
+                }
             }
             catch (error) {
                 console.error(`⚠️ Failed to save to file '${args.save}': ${error instanceof Error ? error.message : String(error)}`);