@tuskydp/cli 0.1.0

package/dist/src/commands/decrypt.js

@@ -0,0 +1,224 @@
+/**
+ * `tusky decrypt` — Decrypt a file downloaded from Walrus.
+ *
+ * Works in two modes:
+ *   1. With --export <manifest.json> — reads wrappedKey/iv from the export
+ *      manifest, derives master key from passphrase + salt. Fully offline.
+ *   2. Without --export — fetches encryption params from the Tusky API and
+ *      looks up the file metadata by ID. Requires API access.
+ *
+ * In both modes, the passphrase is resolved from:
+ *   --passphrase flag > TUSKYDP_PASSWORD env var > interactive prompt
+ */
+import { readFileSync, writeFileSync, existsSync } from 'fs';
+import { resolve, basename } from 'path';
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import { getApiUrl, getApiKey } from '../config.js';
+import { createSDKClient } from '../sdk.js';
+import { createSpinner } from '../lib/progress.js';
+import { loadMasterKey } from '../lib/keyring.js';
+import { deriveMasterKey, verifyPassphrase, unwrapMasterKey, decryptBuffer, } from '../crypto.js';
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+/**
+ * Resolve the master key. Priority:
+ *   1. Session keyring (~/.tusky/session.enc)
+ *   2. Passphrase derivation (requires API or --salt/--encrypted-master-key)
+ */
+async function resolveMasterKey(options) {
+    // Try session keyring first
+    const sessionKey = loadMasterKey();
+    if (sessionKey)
+        return sessionKey;
+    // Need passphrase
+    let passphrase = options.passphrase ?? process.env.TUSKYDP_PASSWORD;
+    if (!passphrase) {
+        const answers = await inquirer.prompt([{
+                type: 'password',
+                name: 'passphrase',
+                message: 'Enter encryption passphrase:',
+                mask: '*',
+            }]);
+        passphrase = answers.passphrase;
+    }
+    if (!options.salt) {
+        throw new Error('Cannot derive master key: salt is required. Use --export with an export manifest, or ensure the Tusky API is accessible.');
+    }
+    const salt = Buffer.from(options.salt, 'base64');
+    const wrappingKey = deriveMasterKey(passphrase, salt);
+    // Verify if we have a verifier
+    if (options.verifier) {
+        const verifierBuf = Buffer.from(options.verifier, 'base64');
+        if (!verifyPassphrase(wrappingKey, verifierBuf)) {
+            throw new Error('Invalid passphrase.');
+        }
+    }
+    // Unwrap master key if account has one
+    if (options.encryptedMasterKey) {
+        return unwrapMasterKey(Buffer.from(options.encryptedMasterKey, 'base64'), wrappingKey);
+    }
+    // Legacy: wrapping key IS the master key
+    return wrappingKey;
+}
+// ---------------------------------------------------------------------------
+// Command registration
+// ---------------------------------------------------------------------------
+export function registerDecryptCommand(program) {
+    program
+        .command('decrypt <encrypted-file>')
+        .description('Decrypt a file downloaded from Walrus using your encryption passphrase')
+        .option('-o, --output <path>', 'Output path for decrypted file')
+        .option('--file-id <id>', 'Tusky file ID (to look up wrappedKey/iv from API)')
+        .option('--export <path>', 'Path to tusky-export.json manifest (for offline decryption)')
+        .option('--passphrase <passphrase>', 'Encryption passphrase (also reads TUSKYDP_PASSWORD env var)')
+        .option('--wrapped-key <key>', 'Per-file wrapped key (base64, from export manifest)')
+        .option('--iv <iv>', 'Per-file encryption IV (base64, from export manifest)')
+        .option('--checksum <sha256>', 'Expected plaintext SHA-256 checksum (hex)')
+        .action(async (encryptedFile, options) => {
+        const spinner = createSpinner('Preparing decryption...');
+        spinner.start();
+        try {
+            // Resolve the encrypted file
+            const inputPath = resolve(encryptedFile);
+            if (!existsSync(inputPath)) {
+                spinner.fail(`File not found: ${inputPath}`);
+                return;
+            }
+            let wrappedKey;
+            let iv;
+            let checksum = options.checksum;
+            let fileName = basename(inputPath).replace(/\.enc$/, '');
+            let encryptionParams = {};
+            // ── Mode 1: Export manifest ──────────────────────────────────
+            if (options.export) {
+                spinner.text = 'Reading export manifest...';
+                const manifestPath = resolve(options.export);
+                if (!existsSync(manifestPath)) {
+                    spinner.fail(`Export manifest not found: ${manifestPath}`);
+                    return;
+                }
+                const manifest = JSON.parse(readFileSync(manifestPath, 'utf-8'));
+                let exportedFile;
+                if (options.fileId) {
+                    exportedFile = manifest.files.find((f) => f.fileId === options.fileId);
+                }
+                else {
+                    // Try to match by filename
+                    const inputBase = basename(inputPath);
+                    exportedFile = manifest.files.find((f) => f.name === inputBase || f.name === fileName);
+                    if (!exportedFile && manifest.files.length === 1) {
+                        exportedFile = manifest.files[0];
+                    }
+                }
+                if (!exportedFile) {
+                    spinner.fail(options.fileId
+                        ? `File ID ${options.fileId} not found in export manifest.`
+                        : `Could not match "${basename(inputPath)}" to a file in the export manifest. Use --file-id to specify.`);
+                    return;
+                }
+                if (!exportedFile.encrypted) {
+                    spinner.fail(`File "${exportedFile.name}" is not encrypted (public vault). No decryption needed.`);
+                    return;
+                }
+                if (!exportedFile.wrappedKey || !exportedFile.encryptionIv) {
+                    spinner.fail(`File "${exportedFile.name}" is missing encryption metadata in the export.`);
+                    return;
+                }
+                wrappedKey = exportedFile.wrappedKey;
+                iv = exportedFile.encryptionIv;
+                checksum = checksum ?? exportedFile.plaintextChecksumSha256 ?? undefined;
+                fileName = exportedFile.name;
+                // Read account-level encryption params from manifest
+                if (manifest.encryption) {
+                    encryptionParams = {
+                        salt: manifest.encryption.salt ?? undefined,
+                        verifier: manifest.encryption.verifier ?? undefined,
+                        encryptedMasterKey: manifest.encryption.encryptedMasterKey ?? undefined,
+                    };
+                }
+                // ── Mode 2: Direct flags ─────────────────────────────────────
+            }
+            else if (options.wrappedKey && options.iv) {
+                wrappedKey = options.wrappedKey;
+                iv = options.iv;
+                // ── Mode 3: Fetch from API ───────────────────────────────────
+            }
+            else if (options.fileId) {
+                spinner.text = 'Fetching file metadata from API...';
+                const apiUrl = getApiUrl(program.opts().apiUrl);
+                const apiKey = getApiKey(program.opts().apiKey);
+                const sdk = createSDKClient(apiUrl, apiKey);
+                const file = await sdk.files.get(options.fileId);
+                if (!file.encrypted) {
+                    spinner.fail('This file is not encrypted. No decryption needed.');
+                    return;
+                }
+                if (!file.wrappedKey || !file.encryptionIv) {
+                    spinner.fail('File is missing encryption metadata.');
+                    return;
+                }
+                wrappedKey = file.wrappedKey;
+                iv = file.encryptionIv;
+                checksum = checksum ?? file.plaintextChecksumSha256 ?? undefined;
+                fileName = file.name;
+                // Also fetch encryption params for master key derivation
+                const params = await sdk.account.getEncryptionParams();
+                encryptionParams = {
+                    salt: params.salt ?? undefined,
+                    verifier: params.verifier ?? undefined,
+                    encryptedMasterKey: params.encryptedMasterKey ?? undefined,
+                };
+            }
+            else {
+                spinner.fail('Need encryption metadata. Use one of:\n' +
+                    '  --export <manifest.json>          (offline, from tusky export)\n' +
+                    '  --file-id <id>                    (online, fetches from API)\n' +
+                    '  --wrapped-key <key> --iv <iv>     (manual, base64 values)');
+                return;
+            }
+            // If we don't have encryption params yet, try API
+            if (!encryptionParams.salt) {
+                try {
+                    const apiUrl = getApiUrl(program.opts().apiUrl);
+                    const apiKey = getApiKey(program.opts().apiKey);
+                    const sdk = createSDKClient(apiUrl, apiKey);
+                    const params = await sdk.account.getEncryptionParams();
+                    encryptionParams = {
+                        salt: params.salt ?? undefined,
+                        verifier: params.verifier ?? undefined,
+                        encryptedMasterKey: params.encryptedMasterKey ?? undefined,
+                    };
+                }
+                catch {
+                    // API unavailable — that's ok if we have a session key
+                }
+            }
+            // Resolve master key
+            spinner.text = 'Deriving encryption key...';
+            const masterKey = await resolveMasterKey({
+                passphrase: options.passphrase,
+                ...encryptionParams,
+            });
+            // Read and decrypt
+            spinner.text = 'Decrypting...';
+            const ciphertext = readFileSync(inputPath);
+            const plaintext = decryptBuffer(ciphertext, wrappedKey, iv, masterKey, checksum);
+            // Write output
+            const outputPath = options.output ? resolve(options.output) : resolve(fileName);
+            writeFileSync(outputPath, plaintext);
+            spinner.succeed(`Decrypted -> ${outputPath} (${plaintext.length} bytes)`);
+            if (checksum) {
+                console.log(chalk.dim('  Integrity check passed (SHA-256)'));
+            }
+        }
+        catch (err) {
+            spinner.fail(`Decryption failed: ${err.message}`);
+            if (err.message.includes('Unsupported state') || err.message.includes('auth tag')) {
+                console.log(chalk.dim('  This usually means the passphrase is incorrect or the file is corrupted.'));
+            }
+        }
+    });
+}
+//# sourceMappingURL=decrypt.js.map

package/dist/src/commands/decrypt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decrypt.js","sourceRoot":"","sources":["../../../src/commands/decrypt.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AACzC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,QAAQ,MAAM,UAAU,CAAC;AAChC,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,eAAe,EACf,aAAa,GACd,MAAM,cAAc,CAAC;AAGtB,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E;;;;GAIG;AACH,KAAK,UAAU,gBAAgB,CAAC,OAK/B;IACC,4BAA4B;IAC5B,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAElC,kBAAkB;IAClB,IAAI,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IACpE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACrC,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,YAAY;gBAClB,OAAO,EAAE,8BAA8B;gBACvC,IAAI,EAAE,GAAG;aACV,CAAC,CAAC,CAAC;QACJ,UAAU,GAAG,OAAO,CAAC,UAAoB,CAAC;IAC5C,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,0HAA0H,CAAC,CAAC;IAC9I,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,eAAe,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IAEtD,+BAA+B;IAC/B,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC5D,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC;QAC/B,OAAO,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,QAAQ,CAAC,EAAE,WAAW,CAAC,CAAC;IACzF,CAAC;IAED,yCAAyC;IACzC,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E,MAAM,UAAU,sBAAsB,CAAC,OAAgB;IACrD,OAAO;SACJ,OAAO,CAAC,0BAA0B,CAAC;SACnC,WAAW,CAAC,wEAAwE,CAAC;SACrF,MAAM,CAAC,qBAAqB,EAAE,gCAAgC,CAAC;SAC/D,MAAM,CAAC,gBAAgB,EAAE,mDAAmD,CAAC;SAC7E,MAAM,CAAC,iBAAiB,EAAE,6DAA6D,CAAC;SACxF,MAAM,CAAC,2BAA2B,EAAE,6DAA6D,CAAC;SAClG,MAAM,CAAC,qBAAqB,EAAE,qDAAqD,CAAC;SACpF,MAAM,CAAC,WAAW,EAAE,uDAAuD,CAAC;SAC5E,MAAM,CAAC,qBAAqB,EAAE,2CAA2C,CAAC;SAC1E,MAAM,CAAC,KAAK,EAAE,aAAqB,EAAE,OAQrC,EAAE,EAAE;QACH,MAAM,OAAO,GAAG,aAAa,CAAC,yBAAyB,CAAC,CAAC;QACzD,OAAO,CAAC,KAAK,EAAE,CAAC;QAEhB,IAAI,CAAC;YACH,6BAA6B;YAC7B,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;YACzC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC3B,OAAO,CAAC,IAAI,CAAC,mBAAmB,SAAS,EAAE,CAAC,CAAC;gBAC7C,OAAO;YACT,CAAC;YAED,IAAI,UAAkB,CAAC;YACvB,IAAI,EAAU,CAAC;YACf,IAAI,QAAQ,GAAuB,OAAO,CAAC,QAAQ,CAAC;YACpD,IAAI,QAAQ,GAAW,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACjE,IAAI,gBAAgB,GAAsE,EAAE,CAAC;YAE7F,gEAAgE;YAChE,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBACnB,OAAO,CAAC,IAAI,GAAG,4BAA4B,CAAC;gBAC5C,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBAC7C,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;oBAC9B,OAAO,CAAC,IAAI,CAAC,8BAA8B,YAAY,EAAE,CAAC,CAAC;oBAC3D,OAAO;gBACT,CAAC;gBAED,MAAM,QAAQ,GAAmB,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;gBACjF,IAAI,YAAsC,CAAC;gBAE3C,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;oBACnB,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;gBACzE,CAAC;qBAAM,CAAC;oBACN,2BAA2B;oBAC3B,MAAM,SAAS,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;oBACtC,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACvC,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,CAC5C,CAAC;oBAEF,IAAI,CAAC,YAAY,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBACjD,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBACnC,CAAC;gBACH,CAAC;gBAED,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,OAAO,CAAC,IAAI,CACV,OAAO,CAAC,MAAM;wBACZ,CAAC,CAAC,WAAW,OAAO,CAAC,MAAM,gCAAgC;wBAC3D,CAAC,CAAC,oBAAoB,QAAQ,CAAC,SAAS,CAAC,+DAA+D,CAC3G,CAAC;oBACF,OAAO;gBACT,CAAC;gBAED,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;oBAC5B,OAAO,CAAC,IAAI,CAAC,SAAS,YAAY,CAAC,IAAI,0DAA0D,CAAC,CAAC;oBACnG,OAAO;gBACT,CAAC;gBAED,IAAI,CAAC,YAAY,CAAC,UAAU,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,CAAC;oBAC3D,OAAO,CAAC,IAAI,CAAC,SAAS,YAAY,CAAC,IAAI,iDAAiD,CAAC,CAAC;oBAC1F,OAAO;gBACT,CAAC;gBAED,UAAU,GAAG,YAAY,CAAC,UAAU,CAAC;gBACrC,EAAE,GAAG,YAAY,CAAC,YAAY,CAAC;gBAC/B,QAAQ,GAAG,QAAQ,IAAI,YAAY,CAAC,uBAAuB,IAAI,SAAS,CAAC;gBACzE,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC;gBAE7B,qDAAqD;gBACrD,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;oBACxB,gBAAgB,GAAG;wBACjB,IAAI,EAAE,QAAQ,CAAC,UAAU,CAAC,IAAI,IAAI,SAAS;wBAC3C,QAAQ,EAAE,QAAQ,CAAC,UAAU,CAAC,QAAQ,IAAI,SAAS;wBACnD,kBAAkB,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,IAAI,SAAS;qBACxE,CAAC;gBACJ,CAAC;gBAEH,gEAAgE;YAChE,CAAC;iBAAM,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;gBAC5C,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;gBAChC,EAAE,GAAG,OAAO,CAAC,EAAE,CAAC;gBAElB,gEAAgE;YAChE,CAAC;iBAAM,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBAC1B,OAAO,CAAC,IAAI,GAAG,oCAAoC,CAAC;gBACpD,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC;gBAChD,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC;gBAChD,MAAM,GAAG,GAAG,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;gBAE5C,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBACjD,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;oBACpB,OAAO,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;oBAClE,OAAO;gBACT,CAAC;gBACD,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;oBAC3C,OAAO,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;oBACrD,OAAO;gBACT,CAAC;gBAED,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;gBAC7B,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC;gBACvB,QAAQ,GAAG,QAAQ,IAAI,IAAI,CAAC,uBAAuB,IAAI,SAAS,CAAC;gBACjE,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC;gBAErB,yDAAyD;gBACzD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC;gBACvD,gBAAgB,GAAG;oBACjB,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,SAAS;oBAC9B,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,SAAS;oBACtC,kBAAkB,EAAE,MAAM,CAAC,kBAAkB,IAAI,SAAS;iBAC3D,CAAC;YAEJ,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CACV,yCAAyC;oBACzC,oEAAoE;oBACpE,kEAAkE;oBAClE,6DAA6D,CAC9D,CAAC;gBACF,OAAO;YACT,CAAC;YAED,kDAAkD;YAClD,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;gBAC3B,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC;oBAChD,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC;oBAChD,MAAM,GAAG,GAAG,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;oBAC5C,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC;oBACvD,gBAAgB,GAAG;wBACjB,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,SAAS;wBAC9B,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,SAAS;wBACtC,kBAAkB,EAAE,MAAM,CAAC,kBAAkB,IAAI,SAAS;qBAC3D,CAAC;gBACJ,CAAC;gBAAC,MAAM,CAAC;oBACP,uDAAuD;gBACzD,CAAC;YACH,CAAC;YAED,qBAAqB;YACrB,OAAO,CAAC,IAAI,GAAG,4BAA4B,CAAC;YAC5C,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC;gBACvC,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,GAAG,gBAAgB;aACpB,CAAC,CAAC;YAEH,mBAAmB;YACnB,OAAO,CAAC,IAAI,GAAG,eAAe,CAAC;YAC/B,MAAM,UAAU,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;YAC3C,MAAM,SAAS,GAAG,aAAa,CAAC,UAAU,EAAE,UAAU,EAAE,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEjF,eAAe;YACf,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAChF,aAAa,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;YAErC,OAAO,CAAC,OAAO,CAAC,gBAAgB,UAAU,KAAK,SAAS,CAAC,MAAM,SAAS,CAAC,CAAC;YAE1E,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,sBAAsB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAClD,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBAClF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,4EAA4E,CAAC,CAAC,CAAC;YACvG,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/src/commands/download.d.ts

@@ -0,0 +1,5 @@
+import type { Command } from 'commander';
+export declare function downloadCommand(fileId: string, options: {
+    output?: string;
+}, program: Command): Promise<void>;
+//# sourceMappingURL=download.d.ts.map

package/dist/src/commands/download.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"download.d.ts","sourceRoot":"","sources":["../../../src/commands/download.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAWzC,wBAAsB,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE;IAC7D,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,EAAE,OAAO,EAAE,OAAO,iBAoElB"}

package/dist/src/commands/download.js

@@ -0,0 +1,67 @@
+import { writeFileSync } from 'fs';
+import { join } from 'path';
+import { getApiUrl, getApiKey } from '../config.js';
+import { createSDKClient } from '../sdk.js';
+import { formatBytes } from '../lib/output.js';
+import { createSpinner } from '../lib/progress.js';
+import { decryptBuffer } from '../crypto.js';
+import { loadMasterKey } from '../lib/keyring.js';
+export async function downloadCommand(fileId, options, program) {
+    const apiUrl = getApiUrl(program.opts().apiUrl);
+    const apiKey = getApiKey(program.opts().apiKey);
+    const sdk = createSDKClient(apiUrl, apiKey);
+    const spinner = createSpinner('Fetching file info...');
+    spinner.start();
+    try {
+        // Get download URL and encryption metadata
+        let dlResponse = await sdk.files.getDownloadUrl(fileId);
+        let { downloadUrl, status, encryption } = dlResponse;
+        if (status === 'rehydrating') {
+            spinner.text = 'File is being retrieved from Walrus. Polling...';
+            for (let i = 0; i < 30; i++) {
+                await new Promise(r => setTimeout(r, 2000));
+                const check = await sdk.files.getDownloadUrl(fileId);
+                if (check.status === 'ready') {
+                    downloadUrl = check.downloadUrl;
+                    encryption = check.encryption;
+                    status = 'ready';
+                    break;
+                }
+            }
+            if (status !== 'ready') {
+                spinner.fail('File rehydration timed out. Try again later.');
+                return;
+            }
+        }
+        if (!downloadUrl) {
+            spinner.fail('No download URL available.');
+            return;
+        }
+        // Download
+        spinner.text = 'Downloading...';
+        const response = await fetch(downloadUrl);
+        if (!response.ok)
+            throw new Error(`Download failed: ${response.status}`);
+        const arrayBuf = await response.arrayBuffer();
+        let fileBuffer = Buffer.from(new Uint8Array(arrayBuf));
+        // Decrypt if needed
+        if (encryption?.encrypted) {
+            spinner.text = 'Decrypting...';
+            const masterKey = loadMasterKey();
+            if (!masterKey) {
+                spinner.fail('Encryption session not unlocked. Run: tusky encryption unlock');
+                return;
+            }
+            fileBuffer = decryptBuffer(fileBuffer, encryption.wrappedKey, encryption.iv, masterKey, encryption.plaintextChecksumSha256 ?? undefined);
+        }
+        // Write to disk — use getStatus to get filename
+        const fileInfo = await sdk.files.getStatus(fileId);
+        const outputPath = options.output || join(process.cwd(), fileInfo.name);
+        writeFileSync(outputPath, fileBuffer);
+        spinner.succeed(`Downloaded -> ${outputPath} (${formatBytes(fileBuffer.length)})`);
+    }
+    catch (err) {
+        spinner.fail(`Download failed: ${err.message}`);
+    }
+}
+//# sourceMappingURL=download.js.map

package/dist/src/commands/download.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"download.js","sourceRoot":"","sources":["../../../src/commands/download.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AACnC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAElD,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,MAAc,EAAE,OAErD,EAAE,OAAgB;IACjB,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,GAAG,GAAG,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5C,MAAM,OAAO,GAAG,aAAa,CAAC,uBAAuB,CAAC,CAAC;IACvD,OAAO,CAAC,KAAK,EAAE,CAAC;IAEhB,IAAI,CAAC;QACH,2CAA2C;QAC3C,IAAI,UAAU,GAAG,MAAM,GAAG,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QACxD,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;QAErD,IAAI,MAAM,KAAK,aAAa,EAAE,CAAC;YAC7B,OAAO,CAAC,IAAI,GAAG,iDAAiD,CAAC;YACjE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC5B,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;gBAC5C,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;gBACrD,IAAI,KAAK,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;oBAC7B,WAAW,GAAG,KAAK,CAAC,WAAW,CAAC;oBAChC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC;oBAC9B,MAAM,GAAG,OAAO,CAAC;oBACjB,MAAM;gBACR,CAAC;YACH,CAAC;YACD,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;gBACvB,OAAO,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;gBAC7D,OAAO;YACT,CAAC;QACH,CAAC;QAED,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;YAC3C,OAAO;QACT,CAAC;QAED,WAAW;QACX,OAAO,CAAC,IAAI,GAAG,gBAAgB,CAAC;QAChC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,CAAC;QAC1C,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC9C,IAAI,UAAU,GAAW,MAAM,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE/D,oBAAoB;QACpB,IAAI,UAAU,EAAE,SAAS,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,GAAG,eAAe,CAAC;YAC/B,MAAM,SAAS,GAAG,aAAa,EAAE,CAAC;YAClC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;gBAC9E,OAAO;YACT,CAAC;YACD,UAAU,GAAG,aAAa,CACxB,UAAU,EACV,UAAU,CAAC,UAAW,EACtB,UAAU,CAAC,EAAG,EACd,SAAS,EACT,UAAU,CAAC,uBAAuB,IAAI,SAAS,CAChD,CAAC;QACJ,CAAC;QAED,gDAAgD;QAChD,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACnD,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;QACxE,aAAa,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAEtC,OAAO,CAAC,OAAO,CAAC,iBAAiB,UAAU,KAAK,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACrF,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CAAC,oBAAoB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;IAClD,CAAC;AACH,CAAC"}

package/dist/src/commands/encryption.d.ts

@@ -0,0 +1,3 @@
+import type { Command } from 'commander';
+export declare function registerEncryptionCommands(program: Command): void;
+//# sourceMappingURL=encryption.d.ts.map

package/dist/src/commands/encryption.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../../src/commands/encryption.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAgBzC,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,OAAO,QAgS1D"}

package/dist/src/commands/encryption.js

@@ -0,0 +1,254 @@
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import { getSDKClientFromParent } from '../sdk.js';
+import { deriveMasterKey, computeVerifier, verifyPassphrase, generateSalt, generateMasterKey, generateRecoveryKey, wrapMasterKey, unwrapMasterKey, } from '../crypto.js';
+import { storeMasterKey, loadMasterKey } from '../lib/keyring.js';
+export function registerEncryptionCommands(program) {
+    const encryption = program.command('encryption').description('Manage E2E encryption');
+    encryption.command('setup')
+        .description('Set encryption passphrase (first time only)')
+        .action(async () => {
+        const sdk = getSDKClientFromParent(encryption);
+        // Check if already set up
+        const { setupComplete } = await sdk.account.getEncryptionParams();
+        if (setupComplete) {
+            console.log(chalk.yellow('Encryption is already set up.'));
+            console.log(chalk.dim('Use: tusky encryption change-passphrase'));
+            return;
+        }
+        // Get passphrase
+        const answers = await inquirer.prompt([
+            {
+                type: 'password',
+                name: 'passphrase',
+                message: 'Enter encryption passphrase:',
+                mask: '*',
+                validate: (input) => input.length >= 8 || 'Passphrase must be at least 8 characters',
+            },
+            {
+                type: 'password',
+                name: 'confirm',
+                message: 'Confirm passphrase:',
+                mask: '*',
+            },
+        ]);
+        if (answers.passphrase !== answers.confirm) {
+            console.error(chalk.red('Passphrases do not match.'));
+            return;
+        }
+        // Generate random master key and derive wrapping key from passphrase
+        const masterKey = generateMasterKey();
+        const salt = generateSalt();
+        const wrappingKey = deriveMasterKey(answers.passphrase, salt);
+        const verifier = computeVerifier(wrappingKey);
+        // Wrap master key with wrapping key (for passphrase unlock)
+        const encryptedMasterKey = wrapMasterKey(masterKey, wrappingKey);
+        // Wrap master key with recovery key (for recovery flow)
+        const recoveryKeyRaw = generateRecoveryKey();
+        const wrappedMasterKeyBackup = wrapMasterKey(masterKey, recoveryKeyRaw);
+        const recoveryKeyBase64 = recoveryKeyRaw.toString('base64');
+        // Send to server
+        await sdk.account.setupEncryption({
+            salt: salt.toString('base64'),
+            verifier: verifier.toString('base64'),
+            encryptedMasterKey: encryptedMasterKey.toString('base64'),
+            wrappedMasterKeyBackup: wrappedMasterKeyBackup.toString('base64'),
+        });
+        // Store master key in session
+        storeMasterKey(masterKey);
+        // Display recovery key
+        console.log('');
+        console.log(chalk.yellow.bold('SAVE YOUR RECOVERY KEY — it will not be shown again:'));
+        console.log('');
+        console.log(chalk.bold(`  ${recoveryKeyBase64}`));
+        console.log('');
+        const confirmSaved = await inquirer.prompt([{
+                type: 'confirm',
+                name: 'saved',
+                message: 'Have you saved your recovery key?',
+                default: false,
+            }]);
+        if (!confirmSaved.saved) {
+            console.log(chalk.yellow('Please save your recovery key before continuing!'));
+            console.log(chalk.bold(`  ${recoveryKeyBase64}`));
+        }
+        console.log(chalk.green('Encryption configured successfully.'));
+    });
+    encryption.command('unlock')
+        .description('Unlock encryption for this session')
+        .option('--passphrase <passphrase>', 'Passphrase (non-interactive; also reads TUSKYDP_PASSWORD env var)')
+        .action(async (options) => {
+        const sdk = getSDKClientFromParent(encryption);
+        const { setupComplete, salt, verifier, encryptedMasterKey } = await sdk.account.getEncryptionParams();
+        if (!setupComplete) {
+            console.error(chalk.red('Encryption not set up. Run: tusky encryption setup'));
+            return;
+        }
+        // Resolve passphrase: flag > env var > interactive prompt
+        let passphrase = options.passphrase ?? process.env.TUSKYDP_PASSWORD;
+        if (!passphrase) {
+            const answers = await inquirer.prompt([{
+                    type: 'password',
+                    name: 'passphrase',
+                    message: 'Enter encryption passphrase:',
+                    mask: '*',
+                }]);
+            passphrase = answers.passphrase;
+        }
+        const saltBuffer = Buffer.from(salt, 'base64');
+        const verifierBuffer = Buffer.from(verifier, 'base64');
+        const wrappingKey = deriveMasterKey(passphrase, saltBuffer);
+        if (!verifyPassphrase(wrappingKey, verifierBuffer)) {
+            console.error(chalk.red('Invalid passphrase.'));
+            process.exit(1);
+        }
+        // Unwrap the real master key (or fall back to legacy where wrapping key = master key)
+        let masterKey;
+        if (encryptedMasterKey) {
+            masterKey = unwrapMasterKey(Buffer.from(encryptedMasterKey, 'base64'), wrappingKey);
+        }
+        else {
+            masterKey = wrappingKey;
+        }
+        storeMasterKey(masterKey);
+        console.log(chalk.green('Encryption session unlocked.'));
+    });
+    encryption.command('status')
+        .description('Show encryption status')
+        .action(async () => {
+        const sdk = getSDKClientFromParent(encryption);
+        const { setupComplete } = await sdk.account.getEncryptionParams();
+        const sessionActive = loadMasterKey() !== null;
+        console.log(`Encryption setup:   ${setupComplete ? chalk.green('Complete') : chalk.yellow('Not set up')}`);
+        console.log(`Session unlocked:   ${sessionActive ? chalk.green('Yes') : chalk.yellow('No')}`);
+    });
+    encryption.command('change-passphrase')
+        .description('Change encryption passphrase')
+        .action(async () => {
+        const sdk = getSDKClientFromParent(encryption);
+        const { setupComplete, salt, verifier, encryptedMasterKey } = await sdk.account.getEncryptionParams();
+        if (!setupComplete) {
+            console.error(chalk.red('Encryption not set up. Run: tusky encryption setup'));
+            return;
+        }
+        const answers = await inquirer.prompt([
+            {
+                type: 'password',
+                name: 'currentPassphrase',
+                message: 'Enter current passphrase:',
+                mask: '*',
+            },
+            {
+                type: 'password',
+                name: 'newPassphrase',
+                message: 'Enter new passphrase:',
+                mask: '*',
+                validate: (input) => input.length >= 8 || 'Passphrase must be at least 8 characters',
+            },
+            {
+                type: 'password',
+                name: 'confirmNew',
+                message: 'Confirm new passphrase:',
+                mask: '*',
+            },
+        ]);
+        if (answers.newPassphrase !== answers.confirmNew) {
+            console.error(chalk.red('New passphrases do not match.'));
+            return;
+        }
+        // Verify current passphrase
+        const currentSalt = Buffer.from(salt, 'base64');
+        const currentVerifier = Buffer.from(verifier, 'base64');
+        const currentWrappingKey = deriveMasterKey(answers.currentPassphrase, currentSalt);
+        if (!verifyPassphrase(currentWrappingKey, currentVerifier)) {
+            console.error(chalk.red('Invalid current passphrase.'));
+            return;
+        }
+        // Unwrap the real master key (or use wrapping key as legacy fallback)
+        let masterKey;
+        if (encryptedMasterKey) {
+            masterKey = unwrapMasterKey(Buffer.from(encryptedMasterKey, 'base64'), currentWrappingKey);
+        }
+        else {
+            masterKey = currentWrappingKey;
+        }
+        // Derive new wrapping key, re-wrap master key
+        const newSalt = generateSalt();
+        const newWrappingKey = deriveMasterKey(answers.newPassphrase, newSalt);
+        const newVerifier = computeVerifier(newWrappingKey);
+        const newEncryptedMasterKey = wrapMasterKey(masterKey, newWrappingKey);
+        // Generate new recovery key and wrap master key with it
+        const newRecoveryKey = generateRecoveryKey();
+        const newWrappedBackup = wrapMasterKey(masterKey, newRecoveryKey);
+        await sdk.account.resetEncryption({
+            salt: newSalt.toString('base64'),
+            verifier: newVerifier.toString('base64'),
+            encryptedMasterKey: newEncryptedMasterKey.toString('base64'),
+            wrappedMasterKeyBackup: newWrappedBackup.toString('base64'),
+        });
+        storeMasterKey(masterKey);
+        console.log(chalk.yellow.bold('NEW RECOVERY KEY (save it!):'));
+        console.log(chalk.bold(`  ${newRecoveryKey.toString('base64')}`));
+        console.log(chalk.green('Passphrase changed successfully.'));
+    });
+    encryption.command('recover')
+        .description('Recover master key with recovery key')
+        .action(async () => {
+        const sdk = getSDKClientFromParent(encryption);
+        const answers = await inquirer.prompt([
+            {
+                type: 'input',
+                name: 'recoveryKey',
+                message: 'Enter your recovery key (base64):',
+            },
+            {
+                type: 'password',
+                name: 'newPassphrase',
+                message: 'Enter new passphrase:',
+                mask: '*',
+                validate: (input) => input.length >= 8 || 'Passphrase must be at least 8 characters',
+            },
+            {
+                type: 'password',
+                name: 'confirmNew',
+                message: 'Confirm new passphrase:',
+                mask: '*',
+            },
+        ]);
+        if (answers.newPassphrase !== answers.confirmNew) {
+            console.error(chalk.red('Passphrases do not match.'));
+            return;
+        }
+        // Get wrapped master key backup from server
+        const { wrappedMasterKeyBackup } = await sdk.account.getRecoveryData();
+        const wrappedData = Buffer.from(wrappedMasterKeyBackup, 'base64');
+        const recoveryKeyRaw = Buffer.from(answers.recoveryKey, 'base64');
+        let masterKey;
+        try {
+            masterKey = unwrapMasterKey(wrappedData, recoveryKeyRaw);
+        }
+        catch {
+            console.error(chalk.red('Invalid recovery key.'));
+            return;
+        }
+        // Derive new wrapping key from new passphrase, wrap the RECOVERED master key
+        const newSalt = generateSalt();
+        const newWrappingKey = deriveMasterKey(answers.newPassphrase, newSalt);
+        const newVerifier = computeVerifier(newWrappingKey);
+        const newEncryptedMasterKey = wrapMasterKey(masterKey, newWrappingKey);
+        // Generate new recovery key and wrap master key with it
+        const newRecoveryKey = generateRecoveryKey();
+        const newWrappedBackup = wrapMasterKey(masterKey, newRecoveryKey);
+        await sdk.account.resetEncryption({
+            salt: newSalt.toString('base64'),
+            verifier: newVerifier.toString('base64'),
+            encryptedMasterKey: newEncryptedMasterKey.toString('base64'),
+            wrappedMasterKeyBackup: newWrappedBackup.toString('base64'),
+        });
+        storeMasterKey(masterKey);
+        console.log(chalk.yellow.bold('NEW RECOVERY KEY (save it!):'));
+        console.log(chalk.bold(`  ${newRecoveryKey.toString('base64')}`));
+        console.log(chalk.green('Recovery successful. Passphrase reset.'));
+    });
+}
+//# sourceMappingURL=encryption.js.map

package/dist/src/commands/encryption.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.js","sourceRoot":"","sources":["../../../src/commands/encryption.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,QAAQ,MAAM,UAAU,CAAC;AAChC,OAAO,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EACL,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,YAAY,EACZ,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,eAAe,GAChB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,cAAc,EAAE,aAAa,EAAgB,MAAM,mBAAmB,CAAC;AAEhF,MAAM,UAAU,0BAA0B,CAAC,OAAgB;IACzD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,WAAW,CAAC,uBAAuB,CAAC,CAAC;IAEtF,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC;SACxB,WAAW,CAAC,6CAA6C,CAAC;SAC1D,MAAM,CAAC,KAAK,IAAI,EAAE;QACjB,MAAM,GAAG,GAAG,sBAAsB,CAAC,UAAU,CAAC,CAAC;QAE/C,0BAA0B;QAC1B,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC;QAClE,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,+BAA+B,CAAC,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC,CAAC;YAClE,OAAO;QACT,CAAC;QAED,iBAAiB;QACjB,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;YACpC;gBACE,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,YAAY;gBAClB,OAAO,EAAE,8BAA8B;gBACvC,IAAI,EAAE,GAAG;gBACT,QAAQ,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,IAAI,0CAA0C;aAC7F;YACD;gBACE,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,qBAAqB;gBAC9B,IAAI,EAAE,GAAG;aACV;SACF,CAAC,CAAC;QAEH,IAAI,OAAO,CAAC,UAAU,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC;YAC3C,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC,CAAC;YACtD,OAAO;QACT,CAAC;QAED,qEAAqE;QACrE,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;QAC5B,MAAM,WAAW,GAAG,eAAe,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAC9D,MAAM,QAAQ,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;QAE9C,4DAA4D;QAC5D,MAAM,kBAAkB,GAAG,aAAa,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAEjE,wDAAwD;QACxD,MAAM,cAAc,GAAG,mBAAmB,EAAE,CAAC;QAC7C,MAAM,sBAAsB,GAAG,aAAa,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QACxE,MAAM,iBAAiB,GAAG,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAE5D,iBAAiB;QACjB,MAAM,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC;YAChC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC7B,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACrC,kBAAkB,EAAE,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACzD,sBAAsB,EAAE,sBAAsB,CAAC,QAAQ,CAAC,QAAQ,CAAC;SAClE,CAAC,CAAC;QAEH,8BAA8B;QAC9B,cAAc,CAAC,SAAS,CAAC,CAAC;QAE1B,uBAAuB;QACvB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC,CAAC;QACvF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,iBAAiB,EAAE,CAAC,CAAC,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;gBAC1C,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,OAAO;gBACb,OAAO,EAAE,mCAAmC;gBAC5C,OAAO,EAAE,KAAK;aACf,CAAC,CAAC,CAAC;QAEJ,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,kDAAkD,CAAC,CAAC,CAAC;YAC9E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,iBAAiB,EAAE,CAAC,CAAC,CAAC;QACpD,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEL,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC;SACzB,WAAW,CAAC,oCAAoC,CAAC;SACjD,MAAM,CAAC,2BAA2B,EAAE,mEAAmE,CAAC;SACxG,MAAM,CAAC,KAAK,EAAE,OAAgC,EAAE,EAAE;QACjD,MAAM,GAAG,GAAG,sBAAsB,CAAC,UAAU,CAAC,CAAC;QAE/C,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC;QACtG,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC,CAAC;YAC/E,OAAO;QACT,CAAC;QAED,0DAA0D;QAC1D,IAAI,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;QACpE,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,CAAC;oBACrC,IAAI,EAAE,UAAU;oBAChB,IAAI,EAAE,YAAY;oBAClB,OAAO,EAAE,8BAA8B;oBACvC,IAAI,EAAE,GAAG;iBACV,CAAC,CAAC,CAAC;YACJ,UAAU,GAAG,OAAO,CAAC,UAAoB,CAAC;QAC5C,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAK,EAAE,QAAQ,CAAC,CAAC;QAChD,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,QAAS,EAAE,QAAQ,CAAC,CAAC;QACxD,MAAM,WAAW,GAAG,eAAe,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAE5D,IAAI,CAAC,gBAAgB,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,CAAC;YACnD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC;YAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,sFAAsF;QACtF,IAAI,SAAiB,CAAC;QACtB,IAAI,kBAAkB,EAAE,CAAC;YACvB,SAAS,GAAG,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,QAAQ,CAAC,EAAE,WAAW,CAAC,CAAC;QACtF,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,WAAW,CAAC;QAC1B,CAAC;QAED,cAAc,CAAC,SAAS,CAAC,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEL,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC;SACzB,WAAW,CAAC,wBAAwB,CAAC;SACrC,MAAM,CAAC,KAAK,IAAI,EAAE;QACjB,MAAM,GAAG,GAAG,sBAAsB,CAAC,UAAU,CAAC,CAAC;QAC/C,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC;QAClE,MAAM,aAAa,GAAG,aAAa,EAAE,KAAK,IAAI,CAAC;QAE/C,OAAO,CAAC,GAAG,CAAC,uBAAuB,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QAC3G,OAAO,CAAC,GAAG,CAAC,uBAAuB,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAChG,CAAC,CAAC,CAAC;IAEL,UAAU,CAAC,OAAO,CAAC,mBAAmB,CAAC;SACpC,WAAW,CAAC,8BAA8B,CAAC;SAC3C,MAAM,CAAC,KAAK,IAAI,EAAE;QACjB,MAAM,GAAG,GAAG,sBAAsB,CAAC,UAAU,CAAC,CAAC;QAE/C,MAAM,EAAE,aAAa,EAAE,IAAI,EAAE,QAAQ,EAAE,kBAAkB,EAAE,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC;QACtG,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC,CAAC;YAC/E,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;YACpC;gBACE,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,mBAAmB;gBACzB,OAAO,EAAE,2BAA2B;gBACpC,IAAI,EAAE,GAAG;aACV;YACD;gBACE,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,eAAe;gBACrB,OAAO,EAAE,uBAAuB;gBAChC,IAAI,EAAE,GAAG;gBACT,QAAQ,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,IAAI,0CAA0C;aAC7F;YACD;gBACE,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,YAAY;gBAClB,OAAO,EAAE,yBAAyB;gBAClC,IAAI,EAAE,GAAG;aACV;SACF,CAAC,CAAC;QAEH,IAAI,OAAO,CAAC,aAAa,KAAK,OAAO,CAAC,UAAU,EAAE,CAAC;YACjD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC,CAAC;YAC1D,OAAO;QACT,CAAC;QAED,4BAA4B;QAC5B,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAK,EAAE,QAAQ,CAAC,CAAC;QACjD,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,QAAS,EAAE,QAAQ,CAAC,CAAC;QACzD,MAAM,kBAAkB,GAAG,eAAe,CAAC,OAAO,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;QAEnF,IAAI,CAAC,gBAAgB,CAAC,kBAAkB,EAAE,eAAe,CAAC,EAAE,CAAC;YAC3D,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC,CAAC;YACxD,OAAO;QACT,CAAC;QAED,sEAAsE;QACtE,IAAI,SAAiB,CAAC;QACtB,IAAI,kBAAkB,EAAE,CAAC;YACvB,SAAS,GAAG,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,QAAQ,CAAC,EAAE,kBAAkB,CAAC,CAAC;QAC7F,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,kBAAkB,CAAC;QACjC,CAAC;QAED,8CAA8C;QAC9C,MAAM,OAAO,GAAG,YAAY,EAAE,CAAC;QAC/B,MAAM,cAAc,GAAG,eAAe,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACvE,MAAM,WAAW,GAAG,eAAe,CAAC,cAAc,CAAC,CAAC;QACpD,MAAM,qBAAqB,GAAG,aAAa,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QAEvE,wDAAwD;QACxD,MAAM,cAAc,GAAG,mBAAmB,EAAE,CAAC;QAC7C,MAAM,gBAAgB,GAAG,aAAa,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QAElE,MAAM,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC;YAChC,IAAI,EAAE,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAChC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACxC,kBAAkB,EAAE,qBAAqB,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC5D,sBAAsB,EAAE,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC;SAC5D,CAAC,CAAC;QAEH,cAAc,CAAC,SAAS,CAAC,CAAC;QAE1B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;QAClE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEL,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC;SAC1B,WAAW,CAAC,sCAAsC,CAAC;SACnD,MAAM,CAAC,KAAK,IAAI,EAAE;QACjB,MAAM,GAAG,GAAG,sBAAsB,CAAC,UAAU,CAAC,CAAC;QAE/C,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;YACpC;gBACE,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,aAAa;gBACnB,OAAO,EAAE,mCAAmC;aAC7C;YACD;gBACE,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,eAAe;gBACrB,OAAO,EAAE,uBAAuB;gBAChC,IAAI,EAAE,GAAG;gBACT,QAAQ,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,IAAI,0CAA0C;aAC7F;YACD;gBACE,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,YAAY;gBAClB,OAAO,EAAE,yBAAyB;gBAClC,IAAI,EAAE,GAAG;aACV;SACF,CAAC,CAAC;QAEH,IAAI,OAAO,CAAC,aAAa,KAAK,OAAO,CAAC,UAAU,EAAE,CAAC;YACjD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC,CAAC;YACtD,OAAO;QACT,CAAC;QAED,4CAA4C;QAC5C,MAAM,EAAE,sBAAsB,EAAE,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;QACvE,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,sBAAuB,EAAE,QAAQ,CAAC,CAAC;QACnE,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;QAElE,IAAI,SAAiB,CAAC;QACtB,IAAI,CAAC;YACH,SAAS,GAAG,eAAe,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;QAC3D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC,CAAC;YAClD,OAAO;QACT,CAAC;QAED,6EAA6E;QAC7E,MAAM,OAAO,GAAG,YAAY,EAAE,CAAC;QAC/B,MAAM,cAAc,GAAG,eAAe,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACvE,MAAM,WAAW,GAAG,eAAe,CAAC,cAAc,CAAC,CAAC;QACpD,MAAM,qBAAqB,GAAG,aAAa,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QAEvE,wDAAwD;QACxD,MAAM,cAAc,GAAG,mBAAmB,EAAE,CAAC;QAC7C,MAAM,gBAAgB,GAAG,aAAa,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QAElE,MAAM,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC;YAChC,IAAI,EAAE,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAChC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACxC,kBAAkB,EAAE,qBAAqB,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC5D,sBAAsB,EAAE,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC;SAC5D,CAAC,CAAC;QAEH,cAAc,CAAC,SAAS,CAAC,CAAC;QAE1B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;QAClE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;AACP,CAAC"}