anyterm 0.1.0

package/dist/index.js

@@ -0,0 +1,3484 @@
+#!/usr/bin/env node
+#!/usr/bin/env node
+import {
+  DEFAULT_SERVER_URL,
+  config,
+  deleteSecret,
+  deleteServerConfig,
+  getActiveServer,
+  getConfig,
+  getMachineId,
+  getMachineName,
+  getSecret,
+  migrateConfigIfNeeded,
+  normalizeServerUrl,
+  setActiveServer,
+  setMachineName,
+  setSecret,
+  setServerConfig
+} from "./chunk-QLH3UIZ5.js";
+
+// src/index.ts
+import { Command as Command7 } from "commander";
+
+// src/commands/login.ts
+import { Command } from "commander";
+import { createInterface } from "readline/promises";
+import { stdin, stdout } from "process";
+
+// ../../node_modules/.pnpm/@noble+hashes@2.0.1/node_modules/@noble/hashes/_u64.js
+var U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);
+var _32n = /* @__PURE__ */ BigInt(32);
+function fromBig(n, le = false) {
+  if (le)
+    return { h: Number(n & U32_MASK64), l: Number(n >> _32n & U32_MASK64) };
+  return { h: Number(n >> _32n & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 };
+}
+var rotrSH = (h, l, s) => h >>> s | l << 32 - s;
+var rotrSL = (h, l, s) => h << 32 - s | l >>> s;
+var rotrBH = (h, l, s) => h << 64 - s | l >>> s - 32;
+var rotrBL = (h, l, s) => h >>> s - 32 | l << 64 - s;
+var rotr32H = (_h, l) => l;
+var rotr32L = (h, _l) => h;
+function add(Ah, Al, Bh, Bl) {
+  const l = (Al >>> 0) + (Bl >>> 0);
+  return { h: Ah + Bh + (l / 2 ** 32 | 0) | 0, l: l | 0 };
+}
+var add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0);
+var add3H = (low, Ah, Bh, Ch) => Ah + Bh + Ch + (low / 2 ** 32 | 0) | 0;
+
+// ../../node_modules/.pnpm/@noble+hashes@2.0.1/node_modules/@noble/hashes/utils.js
+function isBytes(a) {
+  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+}
+function anumber(n, title = "") {
+  if (!Number.isSafeInteger(n) || n < 0) {
+    const prefix = title && `"${title}" `;
+    throw new Error(`${prefix}expected integer >= 0, got ${n}`);
+  }
+}
+function abytes(value, length, title = "") {
+  const bytes = isBytes(value);
+  const len = value?.length;
+  const needsLen = length !== void 0;
+  if (!bytes || needsLen && len !== length) {
+    const prefix = title && `"${title}" `;
+    const ofLen = needsLen ? ` of length ${length}` : "";
+    const got = bytes ? `length=${len}` : `type=${typeof value}`;
+    throw new Error(prefix + "expected Uint8Array" + ofLen + ", got " + got);
+  }
+  return value;
+}
+function aexists(instance, checkFinished = true) {
+  if (instance.destroyed)
+    throw new Error("Hash instance has been destroyed");
+  if (checkFinished && instance.finished)
+    throw new Error("Hash#digest() has already been called");
+}
+function aoutput(out, instance) {
+  abytes(out, void 0, "digestInto() output");
+  const min = instance.outputLen;
+  if (out.length < min) {
+    throw new Error('"digestInto() output" expected to be of length >=' + min);
+  }
+}
+function u8(arr) {
+  return new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);
+}
+function u32(arr) {
+  return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
+}
+function clean(...arrays) {
+  for (let i = 0; i < arrays.length; i++) {
+    arrays[i].fill(0);
+  }
+}
+var isLE = /* @__PURE__ */ (() => new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68)();
+function byteSwap(word) {
+  return word << 24 & 4278190080 | word << 8 & 16711680 | word >>> 8 & 65280 | word >>> 24 & 255;
+}
+var swap8IfBE = isLE ? (n) => n : (n) => byteSwap(n);
+function byteSwap32(arr) {
+  for (let i = 0; i < arr.length; i++) {
+    arr[i] = byteSwap(arr[i]);
+  }
+  return arr;
+}
+var swap32IfBE = isLE ? (u) => u : byteSwap32;
+var hasHexBuiltin = /* @__PURE__ */ (() => (
+  // @ts-ignore
+  typeof Uint8Array.from([]).toHex === "function" && typeof Uint8Array.fromHex === "function"
+))();
+var hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, "0"));
+function bytesToHex(bytes) {
+  abytes(bytes);
+  if (hasHexBuiltin)
+    return bytes.toHex();
+  let hex = "";
+  for (let i = 0; i < bytes.length; i++) {
+    hex += hexes[bytes[i]];
+  }
+  return hex;
+}
+var asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
+function asciiToBase16(ch) {
+  if (ch >= asciis._0 && ch <= asciis._9)
+    return ch - asciis._0;
+  if (ch >= asciis.A && ch <= asciis.F)
+    return ch - (asciis.A - 10);
+  if (ch >= asciis.a && ch <= asciis.f)
+    return ch - (asciis.a - 10);
+  return;
+}
+function hexToBytes(hex) {
+  if (typeof hex !== "string")
+    throw new Error("hex string expected, got " + typeof hex);
+  if (hasHexBuiltin)
+    return Uint8Array.fromHex(hex);
+  const hl = hex.length;
+  const al = hl / 2;
+  if (hl % 2)
+    throw new Error("hex string expected, got unpadded hex of length " + hl);
+  const array = new Uint8Array(al);
+  for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
+    const n1 = asciiToBase16(hex.charCodeAt(hi));
+    const n2 = asciiToBase16(hex.charCodeAt(hi + 1));
+    if (n1 === void 0 || n2 === void 0) {
+      const char = hex[hi] + hex[hi + 1];
+      throw new Error('hex string expected, got non-hex character "' + char + '" at index ' + hi);
+    }
+    array[ai] = n1 * 16 + n2;
+  }
+  return array;
+}
+function utf8ToBytes(str) {
+  if (typeof str !== "string")
+    throw new Error("string expected");
+  return new Uint8Array(new TextEncoder().encode(str));
+}
+function kdfInputToBytes(data, errorTitle = "") {
+  if (typeof data === "string")
+    return utf8ToBytes(data);
+  return abytes(data, void 0, errorTitle);
+}
+function createHasher(hashCons, info = {}) {
+  const hashC = (msg, opts) => hashCons(opts).update(msg).digest();
+  const tmp = hashCons(void 0);
+  hashC.outputLen = tmp.outputLen;
+  hashC.blockLen = tmp.blockLen;
+  hashC.create = (opts) => hashCons(opts);
+  Object.assign(hashC, info);
+  return Object.freeze(hashC);
+}
+function randomBytes(bytesLength = 32) {
+  const cr = typeof globalThis === "object" ? globalThis.crypto : null;
+  if (typeof cr?.getRandomValues !== "function")
+    throw new Error("crypto.getRandomValues must be defined");
+  return cr.getRandomValues(new Uint8Array(bytesLength));
+}
+
+// ../../node_modules/.pnpm/@noble+hashes@2.0.1/node_modules/@noble/hashes/_blake.js
+var BSIGMA = /* @__PURE__ */ Uint8Array.from([
+  0,
+  1,
+  2,
+  3,
+  4,
+  5,
+  6,
+  7,
+  8,
+  9,
+  10,
+  11,
+  12,
+  13,
+  14,
+  15,
+  14,
+  10,
+  4,
+  8,
+  9,
+  15,
+  13,
+  6,
+  1,
+  12,
+  0,
+  2,
+  11,
+  7,
+  5,
+  3,
+  11,
+  8,
+  12,
+  0,
+  5,
+  2,
+  15,
+  13,
+  10,
+  14,
+  3,
+  6,
+  7,
+  1,
+  9,
+  4,
+  7,
+  9,
+  3,
+  1,
+  13,
+  12,
+  11,
+  14,
+  2,
+  6,
+  5,
+  10,
+  4,
+  0,
+  15,
+  8,
+  9,
+  0,
+  5,
+  7,
+  2,
+  4,
+  10,
+  15,
+  14,
+  1,
+  11,
+  12,
+  6,
+  8,
+  3,
+  13,
+  2,
+  12,
+  6,
+  10,
+  0,
+  11,
+  8,
+  3,
+  4,
+  13,
+  7,
+  5,
+  15,
+  14,
+  1,
+  9,
+  12,
+  5,
+  1,
+  15,
+  14,
+  13,
+  4,
+  10,
+  0,
+  7,
+  6,
+  3,
+  9,
+  2,
+  8,
+  11,
+  13,
+  11,
+  7,
+  14,
+  12,
+  1,
+  3,
+  9,
+  5,
+  0,
+  15,
+  4,
+  8,
+  6,
+  2,
+  10,
+  6,
+  15,
+  14,
+  9,
+  11,
+  3,
+  0,
+  8,
+  12,
+  2,
+  13,
+  7,
+  1,
+  4,
+  10,
+  5,
+  10,
+  2,
+  8,
+  4,
+  7,
+  6,
+  1,
+  5,
+  15,
+  11,
+  9,
+  14,
+  3,
+  12,
+  13,
+  0,
+  0,
+  1,
+  2,
+  3,
+  4,
+  5,
+  6,
+  7,
+  8,
+  9,
+  10,
+  11,
+  12,
+  13,
+  14,
+  15,
+  14,
+  10,
+  4,
+  8,
+  9,
+  15,
+  13,
+  6,
+  1,
+  12,
+  0,
+  2,
+  11,
+  7,
+  5,
+  3,
+  // Blake1, unused in others
+  11,
+  8,
+  12,
+  0,
+  5,
+  2,
+  15,
+  13,
+  10,
+  14,
+  3,
+  6,
+  7,
+  1,
+  9,
+  4,
+  7,
+  9,
+  3,
+  1,
+  13,
+  12,
+  11,
+  14,
+  2,
+  6,
+  5,
+  10,
+  4,
+  0,
+  15,
+  8,
+  9,
+  0,
+  5,
+  7,
+  2,
+  4,
+  10,
+  15,
+  14,
+  1,
+  11,
+  12,
+  6,
+  8,
+  3,
+  13,
+  2,
+  12,
+  6,
+  10,
+  0,
+  11,
+  8,
+  3,
+  4,
+  13,
+  7,
+  5,
+  15,
+  14,
+  1,
+  9
+]);
+
+// ../../node_modules/.pnpm/@noble+hashes@2.0.1/node_modules/@noble/hashes/blake2.js
+var B2B_IV = /* @__PURE__ */ Uint32Array.from([
+  4089235720,
+  1779033703,
+  2227873595,
+  3144134277,
+  4271175723,
+  1013904242,
+  1595750129,
+  2773480762,
+  2917565137,
+  1359893119,
+  725511199,
+  2600822924,
+  4215389547,
+  528734635,
+  327033209,
+  1541459225
+]);
+var BBUF = /* @__PURE__ */ new Uint32Array(32);
+function G1b(a, b, c, d, msg, x) {
+  const Xl = msg[x], Xh = msg[x + 1];
+  let Al = BBUF[2 * a], Ah = BBUF[2 * a + 1];
+  let Bl = BBUF[2 * b], Bh = BBUF[2 * b + 1];
+  let Cl = BBUF[2 * c], Ch = BBUF[2 * c + 1];
+  let Dl = BBUF[2 * d], Dh = BBUF[2 * d + 1];
+  let ll = add3L(Al, Bl, Xl);
+  Ah = add3H(ll, Ah, Bh, Xh);
+  Al = ll | 0;
+  ({ Dh, Dl } = { Dh: Dh ^ Ah, Dl: Dl ^ Al });
+  ({ Dh, Dl } = { Dh: rotr32H(Dh, Dl), Dl: rotr32L(Dh, Dl) });
+  ({ h: Ch, l: Cl } = add(Ch, Cl, Dh, Dl));
+  ({ Bh, Bl } = { Bh: Bh ^ Ch, Bl: Bl ^ Cl });
+  ({ Bh, Bl } = { Bh: rotrSH(Bh, Bl, 24), Bl: rotrSL(Bh, Bl, 24) });
+  BBUF[2 * a] = Al, BBUF[2 * a + 1] = Ah;
+  BBUF[2 * b] = Bl, BBUF[2 * b + 1] = Bh;
+  BBUF[2 * c] = Cl, BBUF[2 * c + 1] = Ch;
+  BBUF[2 * d] = Dl, BBUF[2 * d + 1] = Dh;
+}
+function G2b(a, b, c, d, msg, x) {
+  const Xl = msg[x], Xh = msg[x + 1];
+  let Al = BBUF[2 * a], Ah = BBUF[2 * a + 1];
+  let Bl = BBUF[2 * b], Bh = BBUF[2 * b + 1];
+  let Cl = BBUF[2 * c], Ch = BBUF[2 * c + 1];
+  let Dl = BBUF[2 * d], Dh = BBUF[2 * d + 1];
+  let ll = add3L(Al, Bl, Xl);
+  Ah = add3H(ll, Ah, Bh, Xh);
+  Al = ll | 0;
+  ({ Dh, Dl } = { Dh: Dh ^ Ah, Dl: Dl ^ Al });
+  ({ Dh, Dl } = { Dh: rotrSH(Dh, Dl, 16), Dl: rotrSL(Dh, Dl, 16) });
+  ({ h: Ch, l: Cl } = add(Ch, Cl, Dh, Dl));
+  ({ Bh, Bl } = { Bh: Bh ^ Ch, Bl: Bl ^ Cl });
+  ({ Bh, Bl } = { Bh: rotrBH(Bh, Bl, 63), Bl: rotrBL(Bh, Bl, 63) });
+  BBUF[2 * a] = Al, BBUF[2 * a + 1] = Ah;
+  BBUF[2 * b] = Bl, BBUF[2 * b + 1] = Bh;
+  BBUF[2 * c] = Cl, BBUF[2 * c + 1] = Ch;
+  BBUF[2 * d] = Dl, BBUF[2 * d + 1] = Dh;
+}
+function checkBlake2Opts(outputLen, opts = {}, keyLen, saltLen, persLen) {
+  anumber(keyLen);
+  if (outputLen < 0 || outputLen > keyLen)
+    throw new Error("outputLen bigger than keyLen");
+  const { key, salt, personalization } = opts;
+  if (key !== void 0 && (key.length < 1 || key.length > keyLen))
+    throw new Error('"key" expected to be undefined or of length=1..' + keyLen);
+  if (salt !== void 0)
+    abytes(salt, saltLen, "salt");
+  if (personalization !== void 0)
+    abytes(personalization, persLen, "personalization");
+}
+var _BLAKE2 = class {
+  buffer;
+  buffer32;
+  finished = false;
+  destroyed = false;
+  length = 0;
+  pos = 0;
+  blockLen;
+  outputLen;
+  constructor(blockLen, outputLen) {
+    anumber(blockLen);
+    anumber(outputLen);
+    this.blockLen = blockLen;
+    this.outputLen = outputLen;
+    this.buffer = new Uint8Array(blockLen);
+    this.buffer32 = u32(this.buffer);
+  }
+  update(data) {
+    aexists(this);
+    abytes(data);
+    const { blockLen, buffer, buffer32 } = this;
+    const len = data.length;
+    const offset = data.byteOffset;
+    const buf = data.buffer;
+    for (let pos = 0; pos < len; ) {
+      if (this.pos === blockLen) {
+        swap32IfBE(buffer32);
+        this.compress(buffer32, 0, false);
+        swap32IfBE(buffer32);
+        this.pos = 0;
+      }
+      const take = Math.min(blockLen - this.pos, len - pos);
+      const dataOffset = offset + pos;
+      if (take === blockLen && !(dataOffset % 4) && pos + take < len) {
+        const data32 = new Uint32Array(buf, dataOffset, Math.floor((len - pos) / 4));
+        swap32IfBE(data32);
+        for (let pos32 = 0; pos + blockLen < len; pos32 += buffer32.length, pos += blockLen) {
+          this.length += blockLen;
+          this.compress(data32, pos32, false);
+        }
+        swap32IfBE(data32);
+        continue;
+      }
+      buffer.set(data.subarray(pos, pos + take), this.pos);
+      this.pos += take;
+      this.length += take;
+      pos += take;
+    }
+    return this;
+  }
+  digestInto(out) {
+    aexists(this);
+    aoutput(out, this);
+    const { pos, buffer32 } = this;
+    this.finished = true;
+    clean(this.buffer.subarray(pos));
+    swap32IfBE(buffer32);
+    this.compress(buffer32, 0, true);
+    swap32IfBE(buffer32);
+    const out32 = u32(out);
+    this.get().forEach((v, i) => out32[i] = swap8IfBE(v));
+  }
+  digest() {
+    const { buffer, outputLen } = this;
+    this.digestInto(buffer);
+    const res = buffer.slice(0, outputLen);
+    this.destroy();
+    return res;
+  }
+  _cloneInto(to) {
+    const { buffer, length, finished, destroyed, outputLen, pos } = this;
+    to ||= new this.constructor({ dkLen: outputLen });
+    to.set(...this.get());
+    to.buffer.set(buffer);
+    to.destroyed = destroyed;
+    to.finished = finished;
+    to.length = length;
+    to.pos = pos;
+    to.outputLen = outputLen;
+    return to;
+  }
+  clone() {
+    return this._cloneInto();
+  }
+};
+var _BLAKE2b = class extends _BLAKE2 {
+  // Same as SHA-512, but LE
+  v0l = B2B_IV[0] | 0;
+  v0h = B2B_IV[1] | 0;
+  v1l = B2B_IV[2] | 0;
+  v1h = B2B_IV[3] | 0;
+  v2l = B2B_IV[4] | 0;
+  v2h = B2B_IV[5] | 0;
+  v3l = B2B_IV[6] | 0;
+  v3h = B2B_IV[7] | 0;
+  v4l = B2B_IV[8] | 0;
+  v4h = B2B_IV[9] | 0;
+  v5l = B2B_IV[10] | 0;
+  v5h = B2B_IV[11] | 0;
+  v6l = B2B_IV[12] | 0;
+  v6h = B2B_IV[13] | 0;
+  v7l = B2B_IV[14] | 0;
+  v7h = B2B_IV[15] | 0;
+  constructor(opts = {}) {
+    const olen = opts.dkLen === void 0 ? 64 : opts.dkLen;
+    super(128, olen);
+    checkBlake2Opts(olen, opts, 64, 16, 16);
+    let { key, personalization, salt } = opts;
+    let keyLength = 0;
+    if (key !== void 0) {
+      abytes(key, void 0, "key");
+      keyLength = key.length;
+    }
+    this.v0l ^= this.outputLen | keyLength << 8 | 1 << 16 | 1 << 24;
+    if (salt !== void 0) {
+      abytes(salt, void 0, "salt");
+      const slt = u32(salt);
+      this.v4l ^= swap8IfBE(slt[0]);
+      this.v4h ^= swap8IfBE(slt[1]);
+      this.v5l ^= swap8IfBE(slt[2]);
+      this.v5h ^= swap8IfBE(slt[3]);
+    }
+    if (personalization !== void 0) {
+      abytes(personalization, void 0, "personalization");
+      const pers = u32(personalization);
+      this.v6l ^= swap8IfBE(pers[0]);
+      this.v6h ^= swap8IfBE(pers[1]);
+      this.v7l ^= swap8IfBE(pers[2]);
+      this.v7h ^= swap8IfBE(pers[3]);
+    }
+    if (key !== void 0) {
+      const tmp = new Uint8Array(this.blockLen);
+      tmp.set(key);
+      this.update(tmp);
+    }
+  }
+  // prettier-ignore
+  get() {
+    let { v0l, v0h, v1l, v1h, v2l, v2h, v3l, v3h, v4l, v4h, v5l, v5h, v6l, v6h, v7l, v7h } = this;
+    return [v0l, v0h, v1l, v1h, v2l, v2h, v3l, v3h, v4l, v4h, v5l, v5h, v6l, v6h, v7l, v7h];
+  }
+  // prettier-ignore
+  set(v0l, v0h, v1l, v1h, v2l, v2h, v3l, v3h, v4l, v4h, v5l, v5h, v6l, v6h, v7l, v7h) {
+    this.v0l = v0l | 0;
+    this.v0h = v0h | 0;
+    this.v1l = v1l | 0;
+    this.v1h = v1h | 0;
+    this.v2l = v2l | 0;
+    this.v2h = v2h | 0;
+    this.v3l = v3l | 0;
+    this.v3h = v3h | 0;
+    this.v4l = v4l | 0;
+    this.v4h = v4h | 0;
+    this.v5l = v5l | 0;
+    this.v5h = v5h | 0;
+    this.v6l = v6l | 0;
+    this.v6h = v6h | 0;
+    this.v7l = v7l | 0;
+    this.v7h = v7h | 0;
+  }
+  compress(msg, offset, isLast) {
+    this.get().forEach((v, i) => BBUF[i] = v);
+    BBUF.set(B2B_IV, 16);
+    let { h, l } = fromBig(BigInt(this.length));
+    BBUF[24] = B2B_IV[8] ^ l;
+    BBUF[25] = B2B_IV[9] ^ h;
+    if (isLast) {
+      BBUF[28] = ~BBUF[28];
+      BBUF[29] = ~BBUF[29];
+    }
+    let j = 0;
+    const s = BSIGMA;
+    for (let i = 0; i < 12; i++) {
+      G1b(0, 4, 8, 12, msg, offset + 2 * s[j++]);
+      G2b(0, 4, 8, 12, msg, offset + 2 * s[j++]);
+      G1b(1, 5, 9, 13, msg, offset + 2 * s[j++]);
+      G2b(1, 5, 9, 13, msg, offset + 2 * s[j++]);
+      G1b(2, 6, 10, 14, msg, offset + 2 * s[j++]);
+      G2b(2, 6, 10, 14, msg, offset + 2 * s[j++]);
+      G1b(3, 7, 11, 15, msg, offset + 2 * s[j++]);
+      G2b(3, 7, 11, 15, msg, offset + 2 * s[j++]);
+      G1b(0, 5, 10, 15, msg, offset + 2 * s[j++]);
+      G2b(0, 5, 10, 15, msg, offset + 2 * s[j++]);
+      G1b(1, 6, 11, 12, msg, offset + 2 * s[j++]);
+      G2b(1, 6, 11, 12, msg, offset + 2 * s[j++]);
+      G1b(2, 7, 8, 13, msg, offset + 2 * s[j++]);
+      G2b(2, 7, 8, 13, msg, offset + 2 * s[j++]);
+      G1b(3, 4, 9, 14, msg, offset + 2 * s[j++]);
+      G2b(3, 4, 9, 14, msg, offset + 2 * s[j++]);
+    }
+    this.v0l ^= BBUF[0] ^ BBUF[16];
+    this.v0h ^= BBUF[1] ^ BBUF[17];
+    this.v1l ^= BBUF[2] ^ BBUF[18];
+    this.v1h ^= BBUF[3] ^ BBUF[19];
+    this.v2l ^= BBUF[4] ^ BBUF[20];
+    this.v2h ^= BBUF[5] ^ BBUF[21];
+    this.v3l ^= BBUF[6] ^ BBUF[22];
+    this.v3h ^= BBUF[7] ^ BBUF[23];
+    this.v4l ^= BBUF[8] ^ BBUF[24];
+    this.v4h ^= BBUF[9] ^ BBUF[25];
+    this.v5l ^= BBUF[10] ^ BBUF[26];
+    this.v5h ^= BBUF[11] ^ BBUF[27];
+    this.v6l ^= BBUF[12] ^ BBUF[28];
+    this.v6h ^= BBUF[13] ^ BBUF[29];
+    this.v7l ^= BBUF[14] ^ BBUF[30];
+    this.v7h ^= BBUF[15] ^ BBUF[31];
+    clean(BBUF);
+  }
+  destroy() {
+    this.destroyed = true;
+    clean(this.buffer32);
+    this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+  }
+};
+var blake2b = /* @__PURE__ */ createHasher((opts) => new _BLAKE2b(opts));
+
+// ../../node_modules/.pnpm/@noble+hashes@2.0.1/node_modules/@noble/hashes/argon2.js
+var AT = { Argond2d: 0, Argon2i: 1, Argon2id: 2 };
+var ARGON2_SYNC_POINTS = 4;
+var abytesOrZero = (buf, errorTitle = "") => {
+  if (buf === void 0)
+    return Uint8Array.of();
+  return kdfInputToBytes(buf, errorTitle);
+};
+function mul(a, b) {
+  const aL = a & 65535;
+  const aH = a >>> 16;
+  const bL = b & 65535;
+  const bH = b >>> 16;
+  const ll = Math.imul(aL, bL);
+  const hl = Math.imul(aH, bL);
+  const lh = Math.imul(aL, bH);
+  const hh = Math.imul(aH, bH);
+  const carry = (ll >>> 16) + (hl & 65535) + lh;
+  const high = hh + (hl >>> 16) + (carry >>> 16) | 0;
+  const low = carry << 16 | ll & 65535;
+  return { h: high, l: low };
+}
+function mul2(a, b) {
+  const { h, l } = mul(a, b);
+  return { h: (h << 1 | l >>> 31) & 4294967295, l: l << 1 & 4294967295 };
+}
+function blamka(Ah, Al, Bh, Bl) {
+  const { h: Ch, l: Cl } = mul2(Al, Bl);
+  const Rll = add3L(Al, Bl, Cl);
+  return { h: add3H(Rll, Ah, Bh, Ch), l: Rll | 0 };
+}
+var A2_BUF = new Uint32Array(256);
+function G(a, b, c, d) {
+  let Al = A2_BUF[2 * a], Ah = A2_BUF[2 * a + 1];
+  let Bl = A2_BUF[2 * b], Bh = A2_BUF[2 * b + 1];
+  let Cl = A2_BUF[2 * c], Ch = A2_BUF[2 * c + 1];
+  let Dl = A2_BUF[2 * d], Dh = A2_BUF[2 * d + 1];
+  ({ h: Ah, l: Al } = blamka(Ah, Al, Bh, Bl));
+  ({ Dh, Dl } = { Dh: Dh ^ Ah, Dl: Dl ^ Al });
+  ({ Dh, Dl } = { Dh: rotr32H(Dh, Dl), Dl: rotr32L(Dh, Dl) });
+  ({ h: Ch, l: Cl } = blamka(Ch, Cl, Dh, Dl));
+  ({ Bh, Bl } = { Bh: Bh ^ Ch, Bl: Bl ^ Cl });
+  ({ Bh, Bl } = { Bh: rotrSH(Bh, Bl, 24), Bl: rotrSL(Bh, Bl, 24) });
+  ({ h: Ah, l: Al } = blamka(Ah, Al, Bh, Bl));
+  ({ Dh, Dl } = { Dh: Dh ^ Ah, Dl: Dl ^ Al });
+  ({ Dh, Dl } = { Dh: rotrSH(Dh, Dl, 16), Dl: rotrSL(Dh, Dl, 16) });
+  ({ h: Ch, l: Cl } = blamka(Ch, Cl, Dh, Dl));
+  ({ Bh, Bl } = { Bh: Bh ^ Ch, Bl: Bl ^ Cl });
+  ({ Bh, Bl } = { Bh: rotrBH(Bh, Bl, 63), Bl: rotrBL(Bh, Bl, 63) });
+  A2_BUF[2 * a] = Al, A2_BUF[2 * a + 1] = Ah;
+  A2_BUF[2 * b] = Bl, A2_BUF[2 * b + 1] = Bh;
+  A2_BUF[2 * c] = Cl, A2_BUF[2 * c + 1] = Ch;
+  A2_BUF[2 * d] = Dl, A2_BUF[2 * d + 1] = Dh;
+}
+function P(v00, v01, v02, v03, v04, v05, v06, v07, v08, v09, v10, v11, v12, v13, v14, v15) {
+  G(v00, v04, v08, v12);
+  G(v01, v05, v09, v13);
+  G(v02, v06, v10, v14);
+  G(v03, v07, v11, v15);
+  G(v00, v05, v10, v15);
+  G(v01, v06, v11, v12);
+  G(v02, v07, v08, v13);
+  G(v03, v04, v09, v14);
+}
+function block(x, xPos, yPos, outPos, needXor) {
+  for (let i = 0; i < 256; i++)
+    A2_BUF[i] = x[xPos + i] ^ x[yPos + i];
+  for (let i = 0; i < 128; i += 16) {
+    P(i, i + 1, i + 2, i + 3, i + 4, i + 5, i + 6, i + 7, i + 8, i + 9, i + 10, i + 11, i + 12, i + 13, i + 14, i + 15);
+  }
+  for (let i = 0; i < 16; i += 2) {
+    P(i, i + 1, i + 16, i + 17, i + 32, i + 33, i + 48, i + 49, i + 64, i + 65, i + 80, i + 81, i + 96, i + 97, i + 112, i + 113);
+  }
+  if (needXor)
+    for (let i = 0; i < 256; i++)
+      x[outPos + i] ^= A2_BUF[i] ^ x[xPos + i] ^ x[yPos + i];
+  else
+    for (let i = 0; i < 256; i++)
+      x[outPos + i] = A2_BUF[i] ^ x[xPos + i] ^ x[yPos + i];
+  clean(A2_BUF);
+}
+function Hp(A, dkLen) {
+  const A8 = u8(A);
+  const T = new Uint32Array(1);
+  const T8 = u8(T);
+  T[0] = dkLen;
+  if (dkLen <= 64)
+    return blake2b.create({ dkLen }).update(T8).update(A8).digest();
+  const out = new Uint8Array(dkLen);
+  let V = blake2b.create({}).update(T8).update(A8).digest();
+  let pos = 0;
+  out.set(V.subarray(0, 32));
+  pos += 32;
+  for (; dkLen - pos > 64; pos += 32) {
+    const Vh = blake2b.create({}).update(V);
+    Vh.digestInto(V);
+    Vh.destroy();
+    out.set(V.subarray(0, 32), pos);
+  }
+  out.set(blake2b(V, { dkLen: dkLen - pos }), pos);
+  clean(V, T);
+  return u32(out);
+}
+function indexAlpha(r, s, laneLen, segmentLen, index, randL, sameLane = false) {
+  let area;
+  if (r === 0) {
+    if (s === 0)
+      area = index - 1;
+    else if (sameLane)
+      area = s * segmentLen + index - 1;
+    else
+      area = s * segmentLen + (index == 0 ? -1 : 0);
+  } else if (sameLane)
+    area = laneLen - segmentLen + index - 1;
+  else
+    area = laneLen - segmentLen + (index == 0 ? -1 : 0);
+  const startPos = r !== 0 && s !== ARGON2_SYNC_POINTS - 1 ? (s + 1) * segmentLen : 0;
+  const rel = area - 1 - mul(area, mul(randL, randL).h).h;
+  return (startPos + rel) % laneLen;
+}
+var maxUint32 = Math.pow(2, 32);
+function isU32(num) {
+  return Number.isSafeInteger(num) && num >= 0 && num < maxUint32;
+}
+function argon2Opts(opts) {
+  const merged = {
+    version: 19,
+    dkLen: 32,
+    maxmem: maxUint32 - 1,
+    asyncTick: 10
+  };
+  for (let [k, v] of Object.entries(opts))
+    if (v !== void 0)
+      merged[k] = v;
+  const { dkLen, p, m, t, version, onProgress, asyncTick } = merged;
+  if (!isU32(dkLen) || dkLen < 4)
+    throw new Error('"dkLen" must be 4..');
+  if (!isU32(p) || p < 1 || p >= Math.pow(2, 24))
+    throw new Error('"p" must be 1..2^24');
+  if (!isU32(m))
+    throw new Error('"m" must be 0..2^32');
+  if (!isU32(t) || t < 1)
+    throw new Error('"t" (iterations) must be 1..2^32');
+  if (onProgress !== void 0 && typeof onProgress !== "function")
+    throw new Error('"progressCb" must be a function');
+  anumber(asyncTick, "asyncTick");
+  if (!isU32(m) || m < 8 * p)
+    throw new Error('"m" (memory) must be at least 8*p bytes');
+  if (version !== 16 && version !== 19)
+    throw new Error('"version" must be 0x10 or 0x13, got ' + version);
+  return merged;
+}
+function argon2Init(password, salt, type, opts) {
+  password = kdfInputToBytes(password, "password");
+  salt = kdfInputToBytes(salt, "salt");
+  if (!isU32(password.length))
+    throw new Error('"password" must be less of length 1..4Gb');
+  if (!isU32(salt.length) || salt.length < 8)
+    throw new Error('"salt" must be of length 8..4Gb');
+  if (!Object.values(AT).includes(type))
+    throw new Error('"type" was invalid');
+  let { p, dkLen, m, t, version, key, personalization, maxmem, onProgress, asyncTick } = argon2Opts(opts);
+  key = abytesOrZero(key, "key");
+  personalization = abytesOrZero(personalization, "personalization");
+  const h = blake2b.create();
+  const BUF = new Uint32Array(1);
+  const BUF8 = u8(BUF);
+  for (let item of [p, dkLen, m, t, version, type]) {
+    BUF[0] = item;
+    h.update(BUF8);
+  }
+  for (let i of [password, salt, key, personalization]) {
+    BUF[0] = i.length;
+    h.update(BUF8).update(i);
+  }
+  const H0 = new Uint32Array(18);
+  const H0_8 = u8(H0);
+  h.digestInto(H0_8);
+  const lanes = p;
+  const mP = 4 * p * Math.floor(m / (ARGON2_SYNC_POINTS * p));
+  const laneLen = Math.floor(mP / p);
+  const segmentLen = Math.floor(laneLen / ARGON2_SYNC_POINTS);
+  const memUsed = mP * 256;
+  if (!isU32(maxmem) || memUsed > maxmem)
+    throw new Error('"maxmem" expected <2**32, got: maxmem=' + maxmem + ", memused=" + memUsed);
+  const B = new Uint32Array(memUsed);
+  for (let l = 0; l < p; l++) {
+    const i = 256 * laneLen * l;
+    H0[17] = l;
+    H0[16] = 0;
+    B.set(Hp(H0, 1024), i);
+    H0[16] = 1;
+    B.set(Hp(H0, 1024), i + 256);
+  }
+  let perBlock = () => {
+  };
+  if (onProgress) {
+    const totalBlock = t * ARGON2_SYNC_POINTS * p * segmentLen;
+    const callbackPer = Math.max(Math.floor(totalBlock / 1e4), 1);
+    let blockCnt = 0;
+    perBlock = () => {
+      blockCnt++;
+      if (onProgress && (!(blockCnt % callbackPer) || blockCnt === totalBlock))
+        onProgress(blockCnt / totalBlock);
+    };
+  }
+  clean(BUF, H0);
+  return { type, mP, p, t, version, B, laneLen, lanes, segmentLen, dkLen, perBlock, asyncTick };
+}
+function argon2Output(B, p, laneLen, dkLen) {
+  const B_final = new Uint32Array(256);
+  for (let l = 0; l < p; l++)
+    for (let j = 0; j < 256; j++)
+      B_final[j] ^= B[256 * (laneLen * l + laneLen - 1) + j];
+  const res = u8(Hp(B_final, dkLen));
+  clean(B_final);
+  return res;
+}
+function processBlock(B, address, l, r, s, index, laneLen, segmentLen, lanes, offset, prev, dataIndependent, needXor) {
+  if (offset % laneLen)
+    prev = offset - 1;
+  let randL, randH;
+  if (dataIndependent) {
+    let i128 = index % 128;
+    if (i128 === 0) {
+      address[256 + 12]++;
+      block(address, 256, 2 * 256, 0, false);
+      block(address, 0, 2 * 256, 0, false);
+    }
+    randL = address[2 * i128];
+    randH = address[2 * i128 + 1];
+  } else {
+    const T = 256 * prev;
+    randL = B[T];
+    randH = B[T + 1];
+  }
+  const refLane = r === 0 && s === 0 ? l : randH % lanes;
+  const refPos = indexAlpha(r, s, laneLen, segmentLen, index, randL, refLane == l);
+  const refBlock = laneLen * refLane + refPos;
+  block(B, 256 * prev, 256 * refBlock, offset * 256, needXor);
+}
+function argon2(type, password, salt, opts) {
+  const { mP, p, t, version, B, laneLen, lanes, segmentLen, dkLen, perBlock } = argon2Init(password, salt, type, opts);
+  const address = new Uint32Array(3 * 256);
+  address[256 + 6] = mP;
+  address[256 + 8] = t;
+  address[256 + 10] = type;
+  for (let r = 0; r < t; r++) {
+    const needXor = r !== 0 && version === 19;
+    address[256 + 0] = r;
+    for (let s = 0; s < ARGON2_SYNC_POINTS; s++) {
+      address[256 + 4] = s;
+      const dataIndependent = type == AT.Argon2i || type == AT.Argon2id && r === 0 && s < 2;
+      for (let l = 0; l < p; l++) {
+        address[256 + 2] = l;
+        address[256 + 12] = 0;
+        let startPos = 0;
+        if (r === 0 && s === 0) {
+          startPos = 2;
+          if (dataIndependent) {
+            address[256 + 12]++;
+            block(address, 256, 2 * 256, 0, false);
+            block(address, 0, 2 * 256, 0, false);
+          }
+        }
+        let offset = l * laneLen + s * segmentLen + startPos;
+        let prev = offset % laneLen ? offset - 1 : offset + laneLen - 1;
+        for (let index = startPos; index < segmentLen; index++, offset++, prev++) {
+          perBlock();
+          processBlock(B, address, l, r, s, index, laneLen, segmentLen, lanes, offset, prev, dataIndependent, needXor);
+        }
+      }
+    }
+  }
+  clean(address);
+  return argon2Output(B, p, laneLen, dkLen);
+}
+var argon2id = (password, salt, opts) => argon2(AT.Argon2id, password, salt, opts);
+
+// ../../node_modules/.pnpm/@noble+curves@2.0.1/node_modules/@noble/curves/utils.js
+var _0n = /* @__PURE__ */ BigInt(0);
+function abignumber(n) {
+  if (typeof n === "bigint") {
+    if (!isPosBig(n))
+      throw new Error("positive bigint expected, got " + n);
+  } else
+    anumber(n);
+  return n;
+}
+function hexToNumber(hex) {
+  if (typeof hex !== "string")
+    throw new Error("hex string expected, got " + typeof hex);
+  return hex === "" ? _0n : BigInt("0x" + hex);
+}
+function bytesToNumberLE(bytes) {
+  return hexToNumber(bytesToHex(copyBytes(abytes(bytes)).reverse()));
+}
+function numberToBytesBE(n, len) {
+  anumber(len);
+  n = abignumber(n);
+  const res = hexToBytes(n.toString(16).padStart(len * 2, "0"));
+  if (res.length !== len)
+    throw new Error("number too large");
+  return res;
+}
+function numberToBytesLE(n, len) {
+  return numberToBytesBE(n, len).reverse();
+}
+function copyBytes(bytes) {
+  return Uint8Array.from(bytes);
+}
+var isPosBig = (n) => typeof n === "bigint" && _0n <= n;
+function inRange(n, min, max) {
+  return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max;
+}
+function aInRange(title, n, min, max) {
+  if (!inRange(n, min, max))
+    throw new Error("expected valid " + title + ": " + min + " <= n < " + max + ", got " + n);
+}
+function validateObject(object, fields = {}, optFields = {}) {
+  if (!object || typeof object !== "object")
+    throw new Error("expected valid options object");
+  function checkField(fieldName, expectedType, isOpt) {
+    const val = object[fieldName];
+    if (isOpt && val === void 0)
+      return;
+    const current = typeof val;
+    if (current !== expectedType || val === null)
+      throw new Error(`param "${fieldName}" is invalid: expected ${expectedType}, got ${current}`);
+  }
+  const iter = (f, isOpt) => Object.entries(f).forEach(([k, v]) => checkField(k, v, isOpt));
+  iter(fields, false);
+  iter(optFields, true);
+}
+
+// ../../node_modules/.pnpm/@noble+curves@2.0.1/node_modules/@noble/curves/abstract/modular.js
+var _0n2 = /* @__PURE__ */ BigInt(0);
+function mod(a, b) {
+  const result = a % b;
+  return result >= _0n2 ? result : b + result;
+}
+function pow2(x, power, modulo) {
+  let res = x;
+  while (power-- > _0n2) {
+    res *= res;
+    res %= modulo;
+  }
+  return res;
+}
+
+// ../../node_modules/.pnpm/@noble+curves@2.0.1/node_modules/@noble/curves/abstract/curve.js
+function createKeygen(randomSecretKey, getPublicKey) {
+  return function keygen(seed) {
+    const secretKey = randomSecretKey(seed);
+    return { secretKey, publicKey: getPublicKey(secretKey) };
+  };
+}
+
+// ../../node_modules/.pnpm/@noble+curves@2.0.1/node_modules/@noble/curves/abstract/montgomery.js
+var _0n3 = BigInt(0);
+var _1n = BigInt(1);
+var _2n = BigInt(2);
+function validateOpts(curve) {
+  validateObject(curve, {
+    adjustScalarBytes: "function",
+    powPminus2: "function"
+  });
+  return Object.freeze({ ...curve });
+}
+function montgomery(curveDef) {
+  const CURVE = validateOpts(curveDef);
+  const { P: P2, type, adjustScalarBytes: adjustScalarBytes2, powPminus2, randomBytes: rand } = CURVE;
+  const is25519 = type === "x25519";
+  if (!is25519 && type !== "x448")
+    throw new Error("invalid type");
+  const randomBytes_ = rand || randomBytes;
+  const montgomeryBits = is25519 ? 255 : 448;
+  const fieldLen = is25519 ? 32 : 56;
+  const Gu = is25519 ? BigInt(9) : BigInt(5);
+  const a24 = is25519 ? BigInt(121665) : BigInt(39081);
+  const minScalar = is25519 ? _2n ** BigInt(254) : _2n ** BigInt(447);
+  const maxAdded = is25519 ? BigInt(8) * _2n ** BigInt(251) - _1n : BigInt(4) * _2n ** BigInt(445) - _1n;
+  const maxScalar = minScalar + maxAdded + _1n;
+  const modP = (n) => mod(n, P2);
+  const GuBytes = encodeU(Gu);
+  function encodeU(u) {
+    return numberToBytesLE(modP(u), fieldLen);
+  }
+  function decodeU(u) {
+    const _u = copyBytes(abytes(u, fieldLen, "uCoordinate"));
+    if (is25519)
+      _u[31] &= 127;
+    return modP(bytesToNumberLE(_u));
+  }
+  function decodeScalar(scalar) {
+    return bytesToNumberLE(adjustScalarBytes2(copyBytes(abytes(scalar, fieldLen, "scalar"))));
+  }
+  function scalarMult(scalar, u) {
+    const pu = montgomeryLadder(decodeU(u), decodeScalar(scalar));
+    if (pu === _0n3)
+      throw new Error("invalid private or public key received");
+    return encodeU(pu);
+  }
+  function scalarMultBase(scalar) {
+    return scalarMult(scalar, GuBytes);
+  }
+  const getPublicKey = scalarMultBase;
+  const getSharedSecret = scalarMult;
+  function cswap(swap, x_2, x_3) {
+    const dummy = modP(swap * (x_2 - x_3));
+    x_2 = modP(x_2 - dummy);
+    x_3 = modP(x_3 + dummy);
+    return { x_2, x_3 };
+  }
+  function montgomeryLadder(u, scalar) {
+    aInRange("u", u, _0n3, P2);
+    aInRange("scalar", scalar, minScalar, maxScalar);
+    const k = scalar;
+    const x_1 = u;
+    let x_2 = _1n;
+    let z_2 = _0n3;
+    let x_3 = u;
+    let z_3 = _1n;
+    let swap = _0n3;
+    for (let t = BigInt(montgomeryBits - 1); t >= _0n3; t--) {
+      const k_t = k >> t & _1n;
+      swap ^= k_t;
+      ({ x_2, x_3 } = cswap(swap, x_2, x_3));
+      ({ x_2: z_2, x_3: z_3 } = cswap(swap, z_2, z_3));
+      swap = k_t;
+      const A = x_2 + z_2;
+      const AA = modP(A * A);
+      const B = x_2 - z_2;
+      const BB = modP(B * B);
+      const E = AA - BB;
+      const C = x_3 + z_3;
+      const D = x_3 - z_3;
+      const DA = modP(D * A);
+      const CB = modP(C * B);
+      const dacb = DA + CB;
+      const da_cb = DA - CB;
+      x_3 = modP(dacb * dacb);
+      z_3 = modP(x_1 * modP(da_cb * da_cb));
+      x_2 = modP(AA * BB);
+      z_2 = modP(E * (AA + modP(a24 * E)));
+    }
+    ({ x_2, x_3 } = cswap(swap, x_2, x_3));
+    ({ x_2: z_2, x_3: z_3 } = cswap(swap, z_2, z_3));
+    const z2 = powPminus2(z_2);
+    return modP(x_2 * z2);
+  }
+  const lengths = {
+    secretKey: fieldLen,
+    publicKey: fieldLen,
+    seed: fieldLen
+  };
+  const randomSecretKey = (seed = randomBytes_(fieldLen)) => {
+    abytes(seed, lengths.seed, "seed");
+    return seed;
+  };
+  const utils = { randomSecretKey };
+  return Object.freeze({
+    keygen: createKeygen(randomSecretKey, getPublicKey),
+    getSharedSecret,
+    getPublicKey,
+    scalarMult,
+    scalarMultBase,
+    utils,
+    GuBytes: GuBytes.slice(),
+    lengths
+  });
+}
+
+// ../../node_modules/.pnpm/@noble+curves@2.0.1/node_modules/@noble/curves/ed25519.js
+var _1n2 = BigInt(1);
+var _2n2 = BigInt(2);
+var _3n = /* @__PURE__ */ BigInt(3);
+var _5n = BigInt(5);
+var _8n = BigInt(8);
+var ed25519_CURVE_p = BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed");
+function ed25519_pow_2_252_3(x) {
+  const _10n = BigInt(10), _20n = BigInt(20), _40n = BigInt(40), _80n = BigInt(80);
+  const P2 = ed25519_CURVE_p;
+  const x2 = x * x % P2;
+  const b2 = x2 * x % P2;
+  const b4 = pow2(b2, _2n2, P2) * b2 % P2;
+  const b5 = pow2(b4, _1n2, P2) * x % P2;
+  const b10 = pow2(b5, _5n, P2) * b5 % P2;
+  const b20 = pow2(b10, _10n, P2) * b10 % P2;
+  const b40 = pow2(b20, _20n, P2) * b20 % P2;
+  const b80 = pow2(b40, _40n, P2) * b40 % P2;
+  const b160 = pow2(b80, _80n, P2) * b80 % P2;
+  const b240 = pow2(b160, _80n, P2) * b80 % P2;
+  const b250 = pow2(b240, _10n, P2) * b10 % P2;
+  const pow_p_5_8 = pow2(b250, _2n2, P2) * x % P2;
+  return { pow_p_5_8, b2 };
+}
+function adjustScalarBytes(bytes) {
+  bytes[0] &= 248;
+  bytes[31] &= 127;
+  bytes[31] |= 64;
+  return bytes;
+}
+var x25519 = /* @__PURE__ */ (() => {
+  const P2 = ed25519_CURVE_p;
+  return montgomery({
+    P: P2,
+    type: "x25519",
+    powPminus2: (x) => {
+      const { pow_p_5_8, b2 } = ed25519_pow_2_252_3(x);
+      return mod(pow2(pow_p_5_8, _3n, P2) * b2, P2);
+    },
+    adjustScalarBytes
+  });
+})();
+
+// ../../node_modules/.pnpm/@noble+ciphers@2.1.1/node_modules/@noble/ciphers/utils.js
+function isBytes2(a) {
+  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+}
+function abool(b) {
+  if (typeof b !== "boolean")
+    throw new Error(`boolean expected, not ${b}`);
+}
+function anumber2(n) {
+  if (!Number.isSafeInteger(n) || n < 0)
+    throw new Error("positive integer expected, got " + n);
+}
+function abytes2(value, length, title = "") {
+  const bytes = isBytes2(value);
+  const len = value?.length;
+  const needsLen = length !== void 0;
+  if (!bytes || needsLen && len !== length) {
+    const prefix = title && `"${title}" `;
+    const ofLen = needsLen ? ` of length ${length}` : "";
+    const got = bytes ? `length=${len}` : `type=${typeof value}`;
+    throw new Error(prefix + "expected Uint8Array" + ofLen + ", got " + got);
+  }
+  return value;
+}
+function aexists2(instance, checkFinished = true) {
+  if (instance.destroyed)
+    throw new Error("Hash instance has been destroyed");
+  if (checkFinished && instance.finished)
+    throw new Error("Hash#digest() has already been called");
+}
+function aoutput2(out, instance) {
+  abytes2(out, void 0, "output");
+  const min = instance.outputLen;
+  if (out.length < min) {
+    throw new Error("digestInto() expects output buffer of length at least " + min);
+  }
+}
+function u322(arr) {
+  return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
+}
+function clean2(...arrays) {
+  for (let i = 0; i < arrays.length; i++) {
+    arrays[i].fill(0);
+  }
+}
+function createView(arr) {
+  return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
+}
+var isLE2 = /* @__PURE__ */ (() => new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68)();
+function checkOpts(defaults, opts) {
+  if (opts == null || typeof opts !== "object")
+    throw new Error("options must be defined");
+  const merged = Object.assign(defaults, opts);
+  return merged;
+}
+function equalBytes(a, b) {
+  if (a.length !== b.length)
+    return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++)
+    diff |= a[i] ^ b[i];
+  return diff === 0;
+}
+var wrapCipher = /* @__NO_SIDE_EFFECTS__ */ (params, constructor) => {
+  function wrappedCipher(key, ...args) {
+    abytes2(key, void 0, "key");
+    if (!isLE2)
+      throw new Error("Non little-endian hardware is not yet supported");
+    if (params.nonceLength !== void 0) {
+      const nonce = args[0];
+      abytes2(nonce, params.varSizeNonce ? void 0 : params.nonceLength, "nonce");
+    }
+    const tagl = params.tagLength;
+    if (tagl && args[1] !== void 0)
+      abytes2(args[1], void 0, "AAD");
+    const cipher = constructor(key, ...args);
+    const checkOutput = (fnLength, output) => {
+      if (output !== void 0) {
+        if (fnLength !== 2)
+          throw new Error("cipher output not supported");
+        abytes2(output, void 0, "output");
+      }
+    };
+    let called = false;
+    const wrCipher = {
+      encrypt(data, output) {
+        if (called)
+          throw new Error("cannot encrypt() twice with same key + nonce");
+        called = true;
+        abytes2(data);
+        checkOutput(cipher.encrypt.length, output);
+        return cipher.encrypt(data, output);
+      },
+      decrypt(data, output) {
+        abytes2(data);
+        if (tagl && data.length < tagl)
+          throw new Error('"ciphertext" expected length bigger than tagLength=' + tagl);
+        checkOutput(cipher.decrypt.length, output);
+        return cipher.decrypt(data, output);
+      }
+    };
+    return wrCipher;
+  }
+  Object.assign(wrappedCipher, params);
+  return wrappedCipher;
+};
+function getOutput(expectedLength, out, onlyAligned = true) {
+  if (out === void 0)
+    return new Uint8Array(expectedLength);
+  if (out.length !== expectedLength)
+    throw new Error('"output" expected Uint8Array of length ' + expectedLength + ", got: " + out.length);
+  if (onlyAligned && !isAligned32(out))
+    throw new Error("invalid output, must be aligned");
+  return out;
+}
+function u64Lengths(dataLength, aadLength, isLE3) {
+  abool(isLE3);
+  const num = new Uint8Array(16);
+  const view = createView(num);
+  view.setBigUint64(0, BigInt(aadLength), isLE3);
+  view.setBigUint64(8, BigInt(dataLength), isLE3);
+  return num;
+}
+function isAligned32(bytes) {
+  return bytes.byteOffset % 4 === 0;
+}
+function copyBytes2(bytes) {
+  return Uint8Array.from(bytes);
+}
+function randomBytes2(bytesLength = 32) {
+  const cr = typeof globalThis === "object" ? globalThis.crypto : null;
+  if (typeof cr?.getRandomValues !== "function")
+    throw new Error("crypto.getRandomValues must be defined");
+  return cr.getRandomValues(new Uint8Array(bytesLength));
+}
+
+// ../../node_modules/.pnpm/@noble+ciphers@2.1.1/node_modules/@noble/ciphers/_arx.js
+var encodeStr = (str) => Uint8Array.from(str.split(""), (c) => c.charCodeAt(0));
+var sigma16 = encodeStr("expand 16-byte k");
+var sigma32 = encodeStr("expand 32-byte k");
+var sigma16_32 = u322(sigma16);
+var sigma32_32 = u322(sigma32);
+function rotl(a, b) {
+  return a << b | a >>> 32 - b;
+}
+function isAligned322(b) {
+  return b.byteOffset % 4 === 0;
+}
+var BLOCK_LEN = 64;
+var BLOCK_LEN32 = 16;
+var MAX_COUNTER = 2 ** 32 - 1;
+var U32_EMPTY = Uint32Array.of();
+function runCipher(core, sigma, key, nonce, data, output, counter, rounds) {
+  const len = data.length;
+  const block2 = new Uint8Array(BLOCK_LEN);
+  const b32 = u322(block2);
+  const isAligned = isAligned322(data) && isAligned322(output);
+  const d32 = isAligned ? u322(data) : U32_EMPTY;
+  const o32 = isAligned ? u322(output) : U32_EMPTY;
+  for (let pos = 0; pos < len; counter++) {
+    core(sigma, key, nonce, b32, counter, rounds);
+    if (counter >= MAX_COUNTER)
+      throw new Error("arx: counter overflow");
+    const take = Math.min(BLOCK_LEN, len - pos);
+    if (isAligned && take === BLOCK_LEN) {
+      const pos32 = pos / 4;
+      if (pos % 4 !== 0)
+        throw new Error("arx: invalid block position");
+      for (let j = 0, posj; j < BLOCK_LEN32; j++) {
+        posj = pos32 + j;
+        o32[posj] = d32[posj] ^ b32[j];
+      }
+      pos += BLOCK_LEN;
+      continue;
+    }
+    for (let j = 0, posj; j < take; j++) {
+      posj = pos + j;
+      output[posj] = data[posj] ^ block2[j];
+    }
+    pos += take;
+  }
+}
+function createCipher(core, opts) {
+  const { allowShortKeys, extendNonceFn, counterLength, counterRight, rounds } = checkOpts({ allowShortKeys: false, counterLength: 8, counterRight: false, rounds: 20 }, opts);
+  if (typeof core !== "function")
+    throw new Error("core must be a function");
+  anumber2(counterLength);
+  anumber2(rounds);
+  abool(counterRight);
+  abool(allowShortKeys);
+  return (key, nonce, data, output, counter = 0) => {
+    abytes2(key, void 0, "key");
+    abytes2(nonce, void 0, "nonce");
+    abytes2(data, void 0, "data");
+    const len = data.length;
+    if (output === void 0)
+      output = new Uint8Array(len);
+    abytes2(output, void 0, "output");
+    anumber2(counter);
+    if (counter < 0 || counter >= MAX_COUNTER)
+      throw new Error("arx: counter overflow");
+    if (output.length < len)
+      throw new Error(`arx: output (${output.length}) is shorter than data (${len})`);
+    const toClean = [];
+    let l = key.length;
+    let k;
+    let sigma;
+    if (l === 32) {
+      toClean.push(k = copyBytes2(key));
+      sigma = sigma32_32;
+    } else if (l === 16 && allowShortKeys) {
+      k = new Uint8Array(32);
+      k.set(key);
+      k.set(key, 16);
+      sigma = sigma16_32;
+      toClean.push(k);
+    } else {
+      abytes2(key, 32, "arx key");
+      throw new Error("invalid key size");
+    }
+    if (!isAligned322(nonce))
+      toClean.push(nonce = copyBytes2(nonce));
+    const k32 = u322(k);
+    if (extendNonceFn) {
+      if (nonce.length !== 24)
+        throw new Error(`arx: extended nonce must be 24 bytes`);
+      extendNonceFn(sigma, k32, u322(nonce.subarray(0, 16)), k32);
+      nonce = nonce.subarray(16);
+    }
+    const nonceNcLen = 16 - counterLength;
+    if (nonceNcLen !== nonce.length)
+      throw new Error(`arx: nonce must be ${nonceNcLen} or 16 bytes`);
+    if (nonceNcLen !== 12) {
+      const nc = new Uint8Array(12);
+      nc.set(nonce, counterRight ? 0 : 12 - nonce.length);
+      nonce = nc;
+      toClean.push(nonce);
+    }
+    const n32 = u322(nonce);
+    runCipher(core, sigma, k32, n32, data, output, counter, rounds);
+    clean2(...toClean);
+    return output;
+  };
+}
+
+// ../../node_modules/.pnpm/@noble+ciphers@2.1.1/node_modules/@noble/ciphers/_poly1305.js
+function u8to16(a, i) {
+  return a[i++] & 255 | (a[i++] & 255) << 8;
+}
+var Poly1305 = class {
+  blockLen = 16;
+  outputLen = 16;
+  buffer = new Uint8Array(16);
+  r = new Uint16Array(10);
+  // Allocating 1 array with .subarray() here is slower than 3
+  h = new Uint16Array(10);
+  pad = new Uint16Array(8);
+  pos = 0;
+  finished = false;
+  // Can be speed-up using BigUint64Array, at the cost of complexity
+  constructor(key) {
+    key = copyBytes2(abytes2(key, 32, "key"));
+    const t0 = u8to16(key, 0);
+    const t1 = u8to16(key, 2);
+    const t2 = u8to16(key, 4);
+    const t3 = u8to16(key, 6);
+    const t4 = u8to16(key, 8);
+    const t5 = u8to16(key, 10);
+    const t6 = u8to16(key, 12);
+    const t7 = u8to16(key, 14);
+    this.r[0] = t0 & 8191;
+    this.r[1] = (t0 >>> 13 | t1 << 3) & 8191;
+    this.r[2] = (t1 >>> 10 | t2 << 6) & 7939;
+    this.r[3] = (t2 >>> 7 | t3 << 9) & 8191;
+    this.r[4] = (t3 >>> 4 | t4 << 12) & 255;
+    this.r[5] = t4 >>> 1 & 8190;
+    this.r[6] = (t4 >>> 14 | t5 << 2) & 8191;
+    this.r[7] = (t5 >>> 11 | t6 << 5) & 8065;
+    this.r[8] = (t6 >>> 8 | t7 << 8) & 8191;
+    this.r[9] = t7 >>> 5 & 127;
+    for (let i = 0; i < 8; i++)
+      this.pad[i] = u8to16(key, 16 + 2 * i);
+  }
+  process(data, offset, isLast = false) {
+    const hibit = isLast ? 0 : 1 << 11;
+    const { h, r } = this;
+    const r0 = r[0];
+    const r1 = r[1];
+    const r2 = r[2];
+    const r3 = r[3];
+    const r4 = r[4];
+    const r5 = r[5];
+    const r6 = r[6];
+    const r7 = r[7];
+    const r8 = r[8];
+    const r9 = r[9];
+    const t0 = u8to16(data, offset + 0);
+    const t1 = u8to16(data, offset + 2);
+    const t2 = u8to16(data, offset + 4);
+    const t3 = u8to16(data, offset + 6);
+    const t4 = u8to16(data, offset + 8);
+    const t5 = u8to16(data, offset + 10);
+    const t6 = u8to16(data, offset + 12);
+    const t7 = u8to16(data, offset + 14);
+    let h0 = h[0] + (t0 & 8191);
+    let h1 = h[1] + ((t0 >>> 13 | t1 << 3) & 8191);
+    let h2 = h[2] + ((t1 >>> 10 | t2 << 6) & 8191);
+    let h3 = h[3] + ((t2 >>> 7 | t3 << 9) & 8191);
+    let h4 = h[4] + ((t3 >>> 4 | t4 << 12) & 8191);
+    let h5 = h[5] + (t4 >>> 1 & 8191);
+    let h6 = h[6] + ((t4 >>> 14 | t5 << 2) & 8191);
+    let h7 = h[7] + ((t5 >>> 11 | t6 << 5) & 8191);
+    let h8 = h[8] + ((t6 >>> 8 | t7 << 8) & 8191);
+    let h9 = h[9] + (t7 >>> 5 | hibit);
+    let c = 0;
+    let d0 = c + h0 * r0 + h1 * (5 * r9) + h2 * (5 * r8) + h3 * (5 * r7) + h4 * (5 * r6);
+    c = d0 >>> 13;
+    d0 &= 8191;
+    d0 += h5 * (5 * r5) + h6 * (5 * r4) + h7 * (5 * r3) + h8 * (5 * r2) + h9 * (5 * r1);
+    c += d0 >>> 13;
+    d0 &= 8191;
+    let d1 = c + h0 * r1 + h1 * r0 + h2 * (5 * r9) + h3 * (5 * r8) + h4 * (5 * r7);
+    c = d1 >>> 13;
+    d1 &= 8191;
+    d1 += h5 * (5 * r6) + h6 * (5 * r5) + h7 * (5 * r4) + h8 * (5 * r3) + h9 * (5 * r2);
+    c += d1 >>> 13;
+    d1 &= 8191;
+    let d2 = c + h0 * r2 + h1 * r1 + h2 * r0 + h3 * (5 * r9) + h4 * (5 * r8);
+    c = d2 >>> 13;
+    d2 &= 8191;
+    d2 += h5 * (5 * r7) + h6 * (5 * r6) + h7 * (5 * r5) + h8 * (5 * r4) + h9 * (5 * r3);
+    c += d2 >>> 13;
+    d2 &= 8191;
+    let d3 = c + h0 * r3 + h1 * r2 + h2 * r1 + h3 * r0 + h4 * (5 * r9);
+    c = d3 >>> 13;
+    d3 &= 8191;
+    d3 += h5 * (5 * r8) + h6 * (5 * r7) + h7 * (5 * r6) + h8 * (5 * r5) + h9 * (5 * r4);
+    c += d3 >>> 13;
+    d3 &= 8191;
+    let d4 = c + h0 * r4 + h1 * r3 + h2 * r2 + h3 * r1 + h4 * r0;
+    c = d4 >>> 13;
+    d4 &= 8191;
+    d4 += h5 * (5 * r9) + h6 * (5 * r8) + h7 * (5 * r7) + h8 * (5 * r6) + h9 * (5 * r5);
+    c += d4 >>> 13;
+    d4 &= 8191;
+    let d5 = c + h0 * r5 + h1 * r4 + h2 * r3 + h3 * r2 + h4 * r1;
+    c = d5 >>> 13;
+    d5 &= 8191;
+    d5 += h5 * r0 + h6 * (5 * r9) + h7 * (5 * r8) + h8 * (5 * r7) + h9 * (5 * r6);
+    c += d5 >>> 13;
+    d5 &= 8191;
+    let d6 = c + h0 * r6 + h1 * r5 + h2 * r4 + h3 * r3 + h4 * r2;
+    c = d6 >>> 13;
+    d6 &= 8191;
+    d6 += h5 * r1 + h6 * r0 + h7 * (5 * r9) + h8 * (5 * r8) + h9 * (5 * r7);
+    c += d6 >>> 13;
+    d6 &= 8191;
+    let d7 = c + h0 * r7 + h1 * r6 + h2 * r5 + h3 * r4 + h4 * r3;
+    c = d7 >>> 13;
+    d7 &= 8191;
+    d7 += h5 * r2 + h6 * r1 + h7 * r0 + h8 * (5 * r9) + h9 * (5 * r8);
+    c += d7 >>> 13;
+    d7 &= 8191;
+    let d8 = c + h0 * r8 + h1 * r7 + h2 * r6 + h3 * r5 + h4 * r4;
+    c = d8 >>> 13;
+    d8 &= 8191;
+    d8 += h5 * r3 + h6 * r2 + h7 * r1 + h8 * r0 + h9 * (5 * r9);
+    c += d8 >>> 13;
+    d8 &= 8191;
+    let d9 = c + h0 * r9 + h1 * r8 + h2 * r7 + h3 * r6 + h4 * r5;
+    c = d9 >>> 13;
+    d9 &= 8191;
+    d9 += h5 * r4 + h6 * r3 + h7 * r2 + h8 * r1 + h9 * r0;
+    c += d9 >>> 13;
+    d9 &= 8191;
+    c = (c << 2) + c | 0;
+    c = c + d0 | 0;
+    d0 = c & 8191;
+    c = c >>> 13;
+    d1 += c;
+    h[0] = d0;
+    h[1] = d1;
+    h[2] = d2;
+    h[3] = d3;
+    h[4] = d4;
+    h[5] = d5;
+    h[6] = d6;
+    h[7] = d7;
+    h[8] = d8;
+    h[9] = d9;
+  }
+  finalize() {
+    const { h, pad } = this;
+    const g = new Uint16Array(10);
+    let c = h[1] >>> 13;
+    h[1] &= 8191;
+    for (let i = 2; i < 10; i++) {
+      h[i] += c;
+      c = h[i] >>> 13;
+      h[i] &= 8191;
+    }
+    h[0] += c * 5;
+    c = h[0] >>> 13;
+    h[0] &= 8191;
+    h[1] += c;
+    c = h[1] >>> 13;
+    h[1] &= 8191;
+    h[2] += c;
+    g[0] = h[0] + 5;
+    c = g[0] >>> 13;
+    g[0] &= 8191;
+    for (let i = 1; i < 10; i++) {
+      g[i] = h[i] + c;
+      c = g[i] >>> 13;
+      g[i] &= 8191;
+    }
+    g[9] -= 1 << 13;
+    let mask = (c ^ 1) - 1;
+    for (let i = 0; i < 10; i++)
+      g[i] &= mask;
+    mask = ~mask;
+    for (let i = 0; i < 10; i++)
+      h[i] = h[i] & mask | g[i];
+    h[0] = (h[0] | h[1] << 13) & 65535;
+    h[1] = (h[1] >>> 3 | h[2] << 10) & 65535;
+    h[2] = (h[2] >>> 6 | h[3] << 7) & 65535;
+    h[3] = (h[3] >>> 9 | h[4] << 4) & 65535;
+    h[4] = (h[4] >>> 12 | h[5] << 1 | h[6] << 14) & 65535;
+    h[5] = (h[6] >>> 2 | h[7] << 11) & 65535;
+    h[6] = (h[7] >>> 5 | h[8] << 8) & 65535;
+    h[7] = (h[8] >>> 8 | h[9] << 5) & 65535;
+    let f = h[0] + pad[0];
+    h[0] = f & 65535;
+    for (let i = 1; i < 8; i++) {
+      f = (h[i] + pad[i] | 0) + (f >>> 16) | 0;
+      h[i] = f & 65535;
+    }
+    clean2(g);
+  }
+  update(data) {
+    aexists2(this);
+    abytes2(data);
+    data = copyBytes2(data);
+    const { buffer, blockLen } = this;
+    const len = data.length;
+    for (let pos = 0; pos < len; ) {
+      const take = Math.min(blockLen - this.pos, len - pos);
+      if (take === blockLen) {
+        for (; blockLen <= len - pos; pos += blockLen)
+          this.process(data, pos);
+        continue;
+      }
+      buffer.set(data.subarray(pos, pos + take), this.pos);
+      this.pos += take;
+      pos += take;
+      if (this.pos === blockLen) {
+        this.process(buffer, 0, false);
+        this.pos = 0;
+      }
+    }
+    return this;
+  }
+  destroy() {
+    clean2(this.h, this.r, this.buffer, this.pad);
+  }
+  digestInto(out) {
+    aexists2(this);
+    aoutput2(out, this);
+    this.finished = true;
+    const { buffer, h } = this;
+    let { pos } = this;
+    if (pos) {
+      buffer[pos++] = 1;
+      for (; pos < 16; pos++)
+        buffer[pos] = 0;
+      this.process(buffer, 0, true);
+    }
+    this.finalize();
+    let opos = 0;
+    for (let i = 0; i < 8; i++) {
+      out[opos++] = h[i] >>> 0;
+      out[opos++] = h[i] >>> 8;
+    }
+    return out;
+  }
+  digest() {
+    const { buffer, outputLen } = this;
+    this.digestInto(buffer);
+    const res = buffer.slice(0, outputLen);
+    this.destroy();
+    return res;
+  }
+};
+function wrapConstructorWithKey(hashCons) {
+  const hashC = (msg, key) => hashCons(key).update(msg).digest();
+  const tmp = hashCons(new Uint8Array(32));
+  hashC.outputLen = tmp.outputLen;
+  hashC.blockLen = tmp.blockLen;
+  hashC.create = (key) => hashCons(key);
+  return hashC;
+}
+var poly1305 = /* @__PURE__ */ (() => wrapConstructorWithKey((key) => new Poly1305(key)))();
+
+// ../../node_modules/.pnpm/@noble+ciphers@2.1.1/node_modules/@noble/ciphers/chacha.js
+function chachaCore(s, k, n, out, cnt, rounds = 20) {
+  let y00 = s[0], y01 = s[1], y02 = s[2], y03 = s[3], y04 = k[0], y05 = k[1], y06 = k[2], y07 = k[3], y08 = k[4], y09 = k[5], y10 = k[6], y11 = k[7], y12 = cnt, y13 = n[0], y14 = n[1], y15 = n[2];
+  let x00 = y00, x01 = y01, x02 = y02, x03 = y03, x04 = y04, x05 = y05, x06 = y06, x07 = y07, x08 = y08, x09 = y09, x10 = y10, x11 = y11, x12 = y12, x13 = y13, x14 = y14, x15 = y15;
+  for (let r = 0; r < rounds; r += 2) {
+    x00 = x00 + x04 | 0;
+    x12 = rotl(x12 ^ x00, 16);
+    x08 = x08 + x12 | 0;
+    x04 = rotl(x04 ^ x08, 12);
+    x00 = x00 + x04 | 0;
+    x12 = rotl(x12 ^ x00, 8);
+    x08 = x08 + x12 | 0;
+    x04 = rotl(x04 ^ x08, 7);
+    x01 = x01 + x05 | 0;
+    x13 = rotl(x13 ^ x01, 16);
+    x09 = x09 + x13 | 0;
+    x05 = rotl(x05 ^ x09, 12);
+    x01 = x01 + x05 | 0;
+    x13 = rotl(x13 ^ x01, 8);
+    x09 = x09 + x13 | 0;
+    x05 = rotl(x05 ^ x09, 7);
+    x02 = x02 + x06 | 0;
+    x14 = rotl(x14 ^ x02, 16);
+    x10 = x10 + x14 | 0;
+    x06 = rotl(x06 ^ x10, 12);
+    x02 = x02 + x06 | 0;
+    x14 = rotl(x14 ^ x02, 8);
+    x10 = x10 + x14 | 0;
+    x06 = rotl(x06 ^ x10, 7);
+    x03 = x03 + x07 | 0;
+    x15 = rotl(x15 ^ x03, 16);
+    x11 = x11 + x15 | 0;
+    x07 = rotl(x07 ^ x11, 12);
+    x03 = x03 + x07 | 0;
+    x15 = rotl(x15 ^ x03, 8);
+    x11 = x11 + x15 | 0;
+    x07 = rotl(x07 ^ x11, 7);
+    x00 = x00 + x05 | 0;
+    x15 = rotl(x15 ^ x00, 16);
+    x10 = x10 + x15 | 0;
+    x05 = rotl(x05 ^ x10, 12);
+    x00 = x00 + x05 | 0;
+    x15 = rotl(x15 ^ x00, 8);
+    x10 = x10 + x15 | 0;
+    x05 = rotl(x05 ^ x10, 7);
+    x01 = x01 + x06 | 0;
+    x12 = rotl(x12 ^ x01, 16);
+    x11 = x11 + x12 | 0;
+    x06 = rotl(x06 ^ x11, 12);
+    x01 = x01 + x06 | 0;
+    x12 = rotl(x12 ^ x01, 8);
+    x11 = x11 + x12 | 0;
+    x06 = rotl(x06 ^ x11, 7);
+    x02 = x02 + x07 | 0;
+    x13 = rotl(x13 ^ x02, 16);
+    x08 = x08 + x13 | 0;
+    x07 = rotl(x07 ^ x08, 12);
+    x02 = x02 + x07 | 0;
+    x13 = rotl(x13 ^ x02, 8);
+    x08 = x08 + x13 | 0;
+    x07 = rotl(x07 ^ x08, 7);
+    x03 = x03 + x04 | 0;
+    x14 = rotl(x14 ^ x03, 16);
+    x09 = x09 + x14 | 0;
+    x04 = rotl(x04 ^ x09, 12);
+    x03 = x03 + x04 | 0;
+    x14 = rotl(x14 ^ x03, 8);
+    x09 = x09 + x14 | 0;
+    x04 = rotl(x04 ^ x09, 7);
+  }
+  let oi = 0;
+  out[oi++] = y00 + x00 | 0;
+  out[oi++] = y01 + x01 | 0;
+  out[oi++] = y02 + x02 | 0;
+  out[oi++] = y03 + x03 | 0;
+  out[oi++] = y04 + x04 | 0;
+  out[oi++] = y05 + x05 | 0;
+  out[oi++] = y06 + x06 | 0;
+  out[oi++] = y07 + x07 | 0;
+  out[oi++] = y08 + x08 | 0;
+  out[oi++] = y09 + x09 | 0;
+  out[oi++] = y10 + x10 | 0;
+  out[oi++] = y11 + x11 | 0;
+  out[oi++] = y12 + x12 | 0;
+  out[oi++] = y13 + x13 | 0;
+  out[oi++] = y14 + x14 | 0;
+  out[oi++] = y15 + x15 | 0;
+}
+function hchacha(s, k, i, out) {
+  let x00 = s[0], x01 = s[1], x02 = s[2], x03 = s[3], x04 = k[0], x05 = k[1], x06 = k[2], x07 = k[3], x08 = k[4], x09 = k[5], x10 = k[6], x11 = k[7], x12 = i[0], x13 = i[1], x14 = i[2], x15 = i[3];
+  for (let r = 0; r < 20; r += 2) {
+    x00 = x00 + x04 | 0;
+    x12 = rotl(x12 ^ x00, 16);
+    x08 = x08 + x12 | 0;
+    x04 = rotl(x04 ^ x08, 12);
+    x00 = x00 + x04 | 0;
+    x12 = rotl(x12 ^ x00, 8);
+    x08 = x08 + x12 | 0;
+    x04 = rotl(x04 ^ x08, 7);
+    x01 = x01 + x05 | 0;
+    x13 = rotl(x13 ^ x01, 16);
+    x09 = x09 + x13 | 0;
+    x05 = rotl(x05 ^ x09, 12);
+    x01 = x01 + x05 | 0;
+    x13 = rotl(x13 ^ x01, 8);
+    x09 = x09 + x13 | 0;
+    x05 = rotl(x05 ^ x09, 7);
+    x02 = x02 + x06 | 0;
+    x14 = rotl(x14 ^ x02, 16);
+    x10 = x10 + x14 | 0;
+    x06 = rotl(x06 ^ x10, 12);
+    x02 = x02 + x06 | 0;
+    x14 = rotl(x14 ^ x02, 8);
+    x10 = x10 + x14 | 0;
+    x06 = rotl(x06 ^ x10, 7);
+    x03 = x03 + x07 | 0;
+    x15 = rotl(x15 ^ x03, 16);
+    x11 = x11 + x15 | 0;
+    x07 = rotl(x07 ^ x11, 12);
+    x03 = x03 + x07 | 0;
+    x15 = rotl(x15 ^ x03, 8);
+    x11 = x11 + x15 | 0;
+    x07 = rotl(x07 ^ x11, 7);
+    x00 = x00 + x05 | 0;
+    x15 = rotl(x15 ^ x00, 16);
+    x10 = x10 + x15 | 0;
+    x05 = rotl(x05 ^ x10, 12);
+    x00 = x00 + x05 | 0;
+    x15 = rotl(x15 ^ x00, 8);
+    x10 = x10 + x15 | 0;
+    x05 = rotl(x05 ^ x10, 7);
+    x01 = x01 + x06 | 0;
+    x12 = rotl(x12 ^ x01, 16);
+    x11 = x11 + x12 | 0;
+    x06 = rotl(x06 ^ x11, 12);
+    x01 = x01 + x06 | 0;
+    x12 = rotl(x12 ^ x01, 8);
+    x11 = x11 + x12 | 0;
+    x06 = rotl(x06 ^ x11, 7);
+    x02 = x02 + x07 | 0;
+    x13 = rotl(x13 ^ x02, 16);
+    x08 = x08 + x13 | 0;
+    x07 = rotl(x07 ^ x08, 12);
+    x02 = x02 + x07 | 0;
+    x13 = rotl(x13 ^ x02, 8);
+    x08 = x08 + x13 | 0;
+    x07 = rotl(x07 ^ x08, 7);
+    x03 = x03 + x04 | 0;
+    x14 = rotl(x14 ^ x03, 16);
+    x09 = x09 + x14 | 0;
+    x04 = rotl(x04 ^ x09, 12);
+    x03 = x03 + x04 | 0;
+    x14 = rotl(x14 ^ x03, 8);
+    x09 = x09 + x14 | 0;
+    x04 = rotl(x04 ^ x09, 7);
+  }
+  let oi = 0;
+  out[oi++] = x00;
+  out[oi++] = x01;
+  out[oi++] = x02;
+  out[oi++] = x03;
+  out[oi++] = x12;
+  out[oi++] = x13;
+  out[oi++] = x14;
+  out[oi++] = x15;
+}
+var chacha20 = /* @__PURE__ */ createCipher(chachaCore, {
+  counterRight: false,
+  counterLength: 4,
+  allowShortKeys: false
+});
+var xchacha20 = /* @__PURE__ */ createCipher(chachaCore, {
+  counterRight: false,
+  counterLength: 8,
+  extendNonceFn: hchacha,
+  allowShortKeys: false
+});
+var ZEROS16 = /* @__PURE__ */ new Uint8Array(16);
+var updatePadded = (h, msg) => {
+  h.update(msg);
+  const leftover = msg.length % 16;
+  if (leftover)
+    h.update(ZEROS16.subarray(leftover));
+};
+var ZEROS32 = /* @__PURE__ */ new Uint8Array(32);
+function computeTag(fn, key, nonce, ciphertext, AAD) {
+  if (AAD !== void 0)
+    abytes2(AAD, void 0, "AAD");
+  const authKey = fn(key, nonce, ZEROS32);
+  const lengths = u64Lengths(ciphertext.length, AAD ? AAD.length : 0, true);
+  const h = poly1305.create(authKey);
+  if (AAD)
+    updatePadded(h, AAD);
+  updatePadded(h, ciphertext);
+  h.update(lengths);
+  const res = h.digest();
+  clean2(authKey, lengths);
+  return res;
+}
+var _poly1305_aead = (xorStream) => (key, nonce, AAD) => {
+  const tagLength = 16;
+  return {
+    encrypt(plaintext, output) {
+      const plength = plaintext.length;
+      output = getOutput(plength + tagLength, output, false);
+      output.set(plaintext);
+      const oPlain = output.subarray(0, -tagLength);
+      xorStream(key, nonce, oPlain, oPlain, 1);
+      const tag = computeTag(xorStream, key, nonce, oPlain, AAD);
+      output.set(tag, plength);
+      clean2(tag);
+      return output;
+    },
+    decrypt(ciphertext, output) {
+      output = getOutput(ciphertext.length - tagLength, output, false);
+      const data = ciphertext.subarray(0, -tagLength);
+      const passedTag = ciphertext.subarray(-tagLength);
+      const tag = computeTag(xorStream, key, nonce, data, AAD);
+      if (!equalBytes(passedTag, tag))
+        throw new Error("invalid tag");
+      output.set(ciphertext.subarray(0, -tagLength));
+      xorStream(key, nonce, output, output, 1);
+      clean2(tag);
+      return output;
+    }
+  };
+};
+var chacha20poly1305 = /* @__PURE__ */ wrapCipher({ blockSize: 64, nonceLength: 12, tagLength: 16 }, _poly1305_aead(chacha20));
+var xchacha20poly1305 = /* @__PURE__ */ wrapCipher({ blockSize: 64, nonceLength: 24, tagLength: 16 }, _poly1305_aead(xchacha20));
+
+// ../utils/dist/chunk-36F4CWBM.js
+function deriveKeysFromPassword(password, salt) {
+  const keySalt = salt ?? randomBytes2(16);
+  const masterKey = argon2id(new TextEncoder().encode(password), keySalt, {
+    t: 3,
+    m: 65536,
+    p: 1,
+    dkLen: 32
+  });
+  return { masterKey, salt: keySalt };
+}
+function decryptPrivateKey(packed, masterKey) {
+  const nonce = packed.slice(0, 24);
+  const ciphertext = packed.slice(24);
+  const cipher = xchacha20poly1305(masterKey, nonce);
+  return cipher.decrypt(ciphertext);
+}
+function generateSessionKey() {
+  return randomBytes2(32);
+}
+function encryptSessionKey(sessionKey, recipientPublicKey) {
+  const ephemeralPrivateKey = x25519.utils.randomSecretKey();
+  const ephemeralPublicKey = x25519.getPublicKey(ephemeralPrivateKey);
+  const sharedSecret = x25519.getSharedSecret(
+    ephemeralPrivateKey,
+    recipientPublicKey
+  );
+  const encryptionKey = blake2b(sharedSecret, { dkLen: 32 });
+  const nonceInput = new Uint8Array(
+    ephemeralPublicKey.length + recipientPublicKey.length
+  );
+  nonceInput.set(ephemeralPublicKey, 0);
+  nonceInput.set(recipientPublicKey, ephemeralPublicKey.length);
+  const nonce = blake2b(nonceInput, { dkLen: 24 });
+  const cipher = xchacha20poly1305(encryptionKey, nonce);
+  const ciphertext = cipher.encrypt(sessionKey);
+  const packed = new Uint8Array(
+    ephemeralPublicKey.length + ciphertext.length
+  );
+  packed.set(ephemeralPublicKey, 0);
+  packed.set(ciphertext, ephemeralPublicKey.length);
+  return packed;
+}
+function encryptChunk(plaintext, sessionKey) {
+  const nonce = randomBytes2(24);
+  const cipher = xchacha20poly1305(sessionKey, nonce);
+  const ciphertext = cipher.encrypt(plaintext);
+  const packed = new Uint8Array(nonce.length + ciphertext.length);
+  packed.set(nonce, 0);
+  packed.set(ciphertext, nonce.length);
+  return packed;
+}
+function decryptChunk(packed, sessionKey) {
+  const nonce = packed.slice(0, 24);
+  const ciphertext = packed.slice(24);
+  const cipher = xchacha20poly1305(sessionKey, nonce);
+  return cipher.decrypt(ciphertext);
+}
+function openMessage(packed, publicKey, privateKey) {
+  const ephemeralPublicKey = packed.slice(0, 32);
+  const nonce = packed.slice(32, 56);
+  const ciphertext = packed.slice(56);
+  const sharedSecret = x25519.getSharedSecret(privateKey, ephemeralPublicKey);
+  const encryptionKey = blake2b(sharedSecret, { dkLen: 32 });
+  const cipher = xchacha20poly1305(encryptionKey, nonce);
+  return cipher.decrypt(ciphertext);
+}
+function toBase64(data) {
+  if (typeof Buffer !== "undefined") {
+    return Buffer.from(data).toString("base64");
+  }
+  let binary = "";
+  for (let i = 0; i < data.length; i++) {
+    binary += String.fromCharCode(data[i]);
+  }
+  return btoa(binary);
+}
+var BASE64_RE = /^[A-Za-z0-9+/]*={0,2}$/;
+function fromBase64(b64) {
+  if (typeof b64 !== "string") {
+    throw new Error("Invalid base64: non-string input");
+  }
+  if (b64.length === 0) {
+    return new Uint8Array(0);
+  }
+  if (!BASE64_RE.test(b64)) {
+    throw new Error("Invalid base64: contains illegal characters");
+  }
+  if (typeof Buffer !== "undefined") {
+    return new Uint8Array(Buffer.from(b64, "base64"));
+  }
+  const binary = atob(b64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+
+// src/graphql.ts
+var GraphQLError = class extends Error {
+  constructor(message, errors) {
+    super(message);
+    this.errors = errors;
+    this.name = "GraphQLError";
+  }
+};
+async function gql(serverUrl, authToken, query, variables) {
+  const res = await fetch(`${serverUrl}/api/graphql`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${authToken}`
+    },
+    body: JSON.stringify({ query, variables })
+  });
+  const json = await res.json();
+  if (json.errors?.length) {
+    throw new GraphQLError(json.errors[0].message, json.errors);
+  }
+  return json.data;
+}
+
+// src/shared/auth.ts
+async function readPassword(prompt) {
+  return new Promise((resolve) => {
+    process.stdout.write(prompt);
+    const buf = [];
+    if (process.stdin.isTTY) {
+      process.stdin.setRawMode(true);
+    }
+    process.stdin.resume();
+    process.stdin.setEncoding("utf8");
+    const onData = (ch) => {
+      if (ch === "\n" || ch === "\r" || ch === "") {
+        if (process.stdin.isTTY) process.stdin.setRawMode(false);
+        process.stdin.pause();
+        process.stdin.removeListener("data", onData);
+        process.stdout.write("\n");
+        resolve(Buffer.concat(buf).toString("utf8"));
+      } else if (ch === "") {
+        if (process.stdin.isTTY) process.stdin.setRawMode(false);
+        process.exit(130);
+      } else if (ch === "\x7F" || ch === "\b") {
+        buf.pop();
+      } else {
+        buf.push(Buffer.from(ch, "utf8"));
+      }
+    };
+    process.stdin.on("data", onData);
+  });
+}
+async function decryptPrivateKeyFromConfig(cfg) {
+  if (cfg.masterKey) {
+    try {
+      const mk = fromBase64(cfg.masterKey);
+      return await decryptPrivateKey(fromBase64(cfg.encryptedPrivateKey), mk);
+    } catch {
+      console.error("Cached master key is invalid. Please run: anyterm login");
+      process.exit(1);
+    }
+  }
+  const password = await readPassword("Password (to unlock keys): ");
+  try {
+    const salt = fromBase64(cfg.keySalt);
+    const { masterKey } = await deriveKeysFromPassword(password, salt);
+    return await decryptPrivateKey(
+      fromBase64(cfg.encryptedPrivateKey),
+      masterKey
+    );
+  } catch {
+    console.error("Incorrect password.");
+    process.exit(1);
+  }
+}
+
+// src/commands/login.ts
+var loginCommand = new Command("login").description("Authenticate with anyterm server").option("-s, --server <url>", "Server URL (default: anyterm.dev)").action(async (opts) => {
+  const rl = createInterface({ input: stdin, output: stdout });
+  try {
+    const serverUrl = normalizeServerUrl(
+      opts.server || DEFAULT_SERVER_URL
+    );
+    if (opts.server && opts.server !== DEFAULT_SERVER_URL) {
+      console.log(`\x1B[33mConnecting to self-hosted server: ${serverUrl}\x1B[0m`);
+      console.log(`\x1B[33mNote: For the official cloud service, use: anyterm login\x1B[0m
+`);
+    }
+    const email = await rl.question("Email: ");
+    rl.close();
+    const password = await readPassword("Password: ");
+    console.log("Signing in...");
+    const res = await fetch(`${serverUrl}/api/auth/sign-in/email`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Origin: serverUrl
+      },
+      body: JSON.stringify({ email, password })
+    });
+    if (!res.ok) {
+      console.error("Login failed:", res.statusText);
+      process.exit(1);
+    }
+    const data = await res.json();
+    const token = data.session?.token ?? data.token;
+    const userId = data.user?.id;
+    if (!token || !userId) {
+      console.error("Login failed: invalid response");
+      process.exit(1);
+    }
+    const keysData = await gql(serverUrl, token, `query { userKeys { publicKey encryptedPrivateKey keySalt } }`);
+    if (!keysData.userKeys?.keySalt) {
+      console.error("Failed to fetch encryption keys");
+      process.exit(1);
+    }
+    const salt = fromBase64(keysData.userKeys.keySalt);
+    const { masterKey } = await deriveKeysFromPassword(password, salt);
+    const encPk = fromBase64(keysData.userKeys.encryptedPrivateKey);
+    await decryptPrivateKey(encPk, masterKey);
+    let wsUrl = serverUrl.replace(/^http/, "ws");
+    try {
+      const configRes = await fetch(`${serverUrl}/api/config`);
+      if (configRes.ok) {
+        const configData = await configRes.json();
+        if (configData.wsUrl) wsUrl = configData.wsUrl;
+      }
+    } catch {
+    }
+    await setSecret("authToken", token, serverUrl);
+    await setSecret("masterKey", toBase64(masterKey), serverUrl);
+    setServerConfig(serverUrl, {
+      wsUrl,
+      userId,
+      publicKey: keysData.userKeys.publicKey,
+      encryptedPrivateKey: keysData.userKeys.encryptedPrivateKey,
+      keySalt: keysData.userKeys.keySalt
+    });
+    setActiveServer(serverUrl);
+    try {
+      const orgsRes = await fetch(
+        `${serverUrl}/api/auth/organization/list`,
+        {
+          headers: {
+            Authorization: `Bearer ${token}`
+          }
+        }
+      );
+      if (orgsRes.ok) {
+        const orgsData = await orgsRes.json();
+        const orgs = orgsData ?? [];
+        const personalOrg = orgs.find((o) => {
+          const org = o;
+          return org.slug === userId;
+        });
+        if (personalOrg) {
+          await fetch(`${serverUrl}/api/auth/organization/set-active`, {
+            method: "POST",
+            headers: {
+              "Content-Type": "application/json",
+              Authorization: `Bearer ${token}`
+            },
+            body: JSON.stringify({ organizationId: personalOrg.id })
+          });
+        }
+      }
+    } catch {
+    }
+    console.log("Logged in successfully. Credentials stored in system keychain.");
+  } catch (err) {
+    console.error("Login failed:", err instanceof Error ? err.message : String(err));
+    process.exit(1);
+  } finally {
+    rl.close();
+  }
+});
+
+// src/commands/logout.ts
+import { Command as Command2 } from "commander";
+var logoutCommand = new Command2("logout").description("Clear saved credentials").action(async () => {
+  await migrateConfigIfNeeded();
+  const serverUrl = getActiveServer();
+  const authToken = serverUrl ? await getSecret("authToken", serverUrl) : null;
+  if (serverUrl && authToken) {
+    try {
+      await fetch(`${serverUrl}/api/auth/sign-out`, {
+        method: "POST",
+        headers: { Authorization: `Bearer ${authToken}` }
+      });
+    } catch {
+    }
+  }
+  if (serverUrl) {
+    await deleteSecret("authToken", serverUrl);
+    await deleteSecret("masterKey", serverUrl);
+    deleteServerConfig(serverUrl);
+    const store = config.store;
+    delete store["activeServer"];
+    config.store = store;
+  }
+  console.log("Logged out. Credentials cleared.");
+});
+
+// src/commands/run.ts
+import { Command as Command3 } from "commander";
+import * as os from "os";
+import WebSocket2 from "ws";
+
+// ../utils/dist/chunk-2ACXBPZM.js
+var MAX_HTTP_TUNNEL_PAYLOAD = 2 * 1024 * 1024;
+var FRAME_MAGIC = new Uint8Array([86, 67]);
+var FRAME_VERSION = 1;
+var MAX_CHUNK_SIZE = 64 * 1024;
+var PTY_BATCH_INTERVAL_MS = 100;
+
+// ../utils/dist/chunk-VO4VOY2N.js
+var FrameType = /* @__PURE__ */ ((FrameType2) => {
+  FrameType2[FrameType2["SUBSCRIBE"] = 1] = "SUBSCRIBE";
+  FrameType2[FrameType2["UNSUBSCRIBE"] = 2] = "UNSUBSCRIBE";
+  FrameType2[FrameType2["ENCRYPTED_CHUNK"] = 3] = "ENCRYPTED_CHUNK";
+  FrameType2[FrameType2["ENCRYPTED_INPUT"] = 4] = "ENCRYPTED_INPUT";
+  FrameType2[FrameType2["EVENT"] = 5] = "EVENT";
+  FrameType2[FrameType2["RESIZE"] = 6] = "RESIZE";
+  FrameType2[FrameType2["PING"] = 7] = "PING";
+  FrameType2[FrameType2["PONG"] = 8] = "PONG";
+  FrameType2[FrameType2["ERROR"] = 9] = "ERROR";
+  FrameType2[FrameType2["SESSION_ENDED"] = 10] = "SESSION_ENDED";
+  FrameType2[FrameType2["HTTP_REQUEST"] = 11] = "HTTP_REQUEST";
+  FrameType2[FrameType2["HTTP_RESPONSE"] = 12] = "HTTP_RESPONSE";
+  FrameType2[FrameType2["CLI_CONNECTED"] = 13] = "CLI_CONNECTED";
+  FrameType2[FrameType2["CLI_DISCONNECTED"] = 14] = "CLI_DISCONNECTED";
+  FrameType2[FrameType2["SNAPSHOT"] = 15] = "SNAPSHOT";
+  FrameType2[FrameType2["SPAWN_REQUEST"] = 16] = "SPAWN_REQUEST";
+  FrameType2[FrameType2["SPAWN_RESPONSE"] = 17] = "SPAWN_RESPONSE";
+  FrameType2[FrameType2["HANDSHAKE_OK"] = 18] = "HANDSHAKE_OK";
+  return FrameType2;
+})(FrameType || {});
+var encoder = new TextEncoder();
+var decoder = new TextDecoder();
+var SESSION_ID_RE = /^[A-Za-z0-9_-]*$/;
+function encodeFrame(frame) {
+  const sessionIdBytes = encoder.encode(frame.sessionId);
+  const totalLen = 2 + 1 + 1 + 4 + sessionIdBytes.length + 4 + frame.payload.length;
+  const buf = new Uint8Array(totalLen);
+  const view = new DataView(buf.buffer);
+  let offset = 0;
+  buf[offset++] = FRAME_MAGIC[0];
+  buf[offset++] = FRAME_MAGIC[1];
+  buf[offset++] = FRAME_VERSION;
+  buf[offset++] = frame.type;
+  view.setUint32(offset, sessionIdBytes.length, false);
+  offset += 4;
+  buf.set(sessionIdBytes, offset);
+  offset += sessionIdBytes.length;
+  view.setUint32(offset, frame.payload.length, false);
+  offset += 4;
+  buf.set(frame.payload, offset);
+  return buf;
+}
+function decodeFrame(data) {
+  if (data.byteLength < 12) {
+    throw new Error("Frame too short");
+  }
+  const view = new DataView(
+    data.buffer,
+    data.byteOffset,
+    data.byteLength
+  );
+  let offset = 0;
+  if (data[offset] !== FRAME_MAGIC[0] || data[offset + 1] !== FRAME_MAGIC[1]) {
+    throw new Error("Invalid frame magic");
+  }
+  offset += 2;
+  const version = data[offset++];
+  const type = data[offset++];
+  const sessionIdLen = view.getUint32(offset, false);
+  if (sessionIdLen > 256) {
+    throw new Error("sessionId too long");
+  }
+  offset += 4;
+  if (offset + sessionIdLen + 4 > data.byteLength) {
+    throw new Error("Frame truncated: sessionId extends beyond buffer");
+  }
+  const sessionId = decoder.decode(data.slice(offset, offset + sessionIdLen));
+  if (sessionId.length > 0 && !SESSION_ID_RE.test(sessionId)) {
+    throw new Error("Invalid sessionId: must be alphanumeric");
+  }
+  offset += sessionIdLen;
+  const payloadLen = view.getUint32(offset, false);
+  offset += 4;
+  if (offset + payloadLen > data.byteLength) {
+    throw new Error("Frame truncated: payload extends beyond buffer");
+  }
+  const payload = data.slice(offset, offset + payloadLen);
+  return { version, type, sessionId, payload };
+}
+var EMPTY_PAYLOAD = new Uint8Array(0);
+function createSubscribeFrame(sessionId) {
+  return encodeFrame({
+    version: FRAME_VERSION,
+    type: 1,
+    sessionId,
+    payload: EMPTY_PAYLOAD
+  });
+}
+function createUnsubscribeFrame(sessionId) {
+  return encodeFrame({
+    version: FRAME_VERSION,
+    type: 2,
+    sessionId,
+    payload: EMPTY_PAYLOAD
+  });
+}
+function createEncryptedChunkFrame(sessionId, payload) {
+  return encodeFrame({
+    version: FRAME_VERSION,
+    type: 3,
+    sessionId,
+    payload
+  });
+}
+var MAX_COLS = 1e3;
+var MAX_ROWS = 500;
+function createResizeFrame(sessionId, cols, rows) {
+  const clampedCols = Math.max(1, Math.min(cols, MAX_COLS));
+  const clampedRows = Math.max(1, Math.min(rows, MAX_ROWS));
+  const payload = new Uint8Array(8);
+  const view = new DataView(payload.buffer);
+  view.setUint32(0, clampedCols, false);
+  view.setUint32(4, clampedRows, false);
+  return encodeFrame({
+    version: FRAME_VERSION,
+    type: 6,
+    sessionId,
+    payload
+  });
+}
+function createPongFrame() {
+  return encodeFrame({
+    version: FRAME_VERSION,
+    type: 8,
+    sessionId: "",
+    payload: EMPTY_PAYLOAD
+  });
+}
+function createSessionEndedFrame(sessionId) {
+  return encodeFrame({
+    version: FRAME_VERSION,
+    type: 10,
+    sessionId,
+    payload: EMPTY_PAYLOAD
+  });
+}
+function createHttpResponseFrame(sessionId, payload) {
+  return encodeFrame({
+    version: FRAME_VERSION,
+    type: 12,
+    sessionId,
+    payload
+  });
+}
+function createSnapshotFrame(sessionId, payload) {
+  return encodeFrame({
+    version: FRAME_VERSION,
+    type: 15,
+    sessionId,
+    payload
+  });
+}
+function createSpawnResponseFrame(payload) {
+  return encodeFrame({
+    version: FRAME_VERSION,
+    type: 17,
+    sessionId: "",
+    payload
+  });
+}
+
+// ../utils/dist/chunk-U6HI2VN7.js
+function detectAgentType(command) {
+  const cmd = command.toLowerCase();
+  const agents = [
+    ["claude", "claude-code"],
+    ["cursor", "cursor"],
+    ["codex", "codex"],
+    ["copilot", "copilot"],
+    ["aider", "aider"],
+    ["devin", "devin"],
+    ["cline", "cline"],
+    ["continue", "continue"]
+  ];
+  for (const [pattern, type] of agents) {
+    if (cmd.includes(pattern)) return type;
+  }
+  return null;
+}
+
+// src/shared/terminal.ts
+var CLEAR_PATTERNS = ["\x1B[2J", "\x1B[3J", "\x1Bc"];
+function containsClear(data) {
+  return CLEAR_PATTERNS.some((p) => data.includes(p));
+}
+var SNAPSHOT_CHUNK_THRESHOLD = 100;
+var SNAPSHOT_INTERVAL_MS = 6e4;
+var SAFE_ENV_KEYS = /* @__PURE__ */ new Set([
+  "PATH",
+  "HOME",
+  "USER",
+  "LOGNAME",
+  "SHELL",
+  "TERM",
+  "TERM_PROGRAM",
+  "LANG",
+  "LC_ALL",
+  "LC_CTYPE",
+  "EDITOR",
+  "VISUAL",
+  "PAGER",
+  "COLORTERM",
+  "TMPDIR",
+  "XDG_RUNTIME_DIR",
+  "XDG_CONFIG_HOME",
+  "XDG_DATA_HOME",
+  "XDG_CACHE_HOME"
+]);
+function getSafeEnv() {
+  const env = {};
+  for (const key of SAFE_ENV_KEYS) {
+    if (process.env[key]) {
+      env[key] = process.env[key];
+    }
+  }
+  env.TERM = env.TERM || "xterm-256color";
+  return env;
+}
+async function loadHeadlessTerminal() {
+  try {
+    const headlessMod = await import("@xterm/headless");
+    const serializeMod = await import("@xterm/addon-serialize");
+    const Terminal = headlessMod.Terminal ?? headlessMod.default?.Terminal;
+    const SerializeAddon = serializeMod.SerializeAddon ?? serializeMod.default?.SerializeAddon;
+    if (Terminal && SerializeAddon) {
+      return { Terminal, SerializeAddon };
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+// src/shared/http-proxy.ts
+import * as http from "http";
+
+// src/shared/constants.ts
+var INITIAL_RECONNECT_DELAY = 1e3;
+var MAX_RECONNECT_DELAY = 3e4;
+var HTTP_PROXY_TIMEOUT = 25e3;
+var SNAPSHOT_DEBOUNCE = 500;
+var RESIZE_DB_DEBOUNCE = 500;
+var WS_CLOSE_TIMEOUT = 500;
+var MAX_COMMAND_LENGTH = 4096;
+
+// src/shared/http-proxy.ts
+async function proxyLocalHttp(req) {
+  try {
+    return await tryProxy(req, "localhost");
+  } catch {
+    try {
+      return await tryProxy(req, "127.0.0.1");
+    } catch (err) {
+      const isTimeout = err instanceof Error && err.message === "timeout";
+      return {
+        reqId: req.reqId,
+        status: isTimeout ? 504 : 502,
+        headers: { "content-type": "text/plain" },
+        body: Buffer.from(
+          isTimeout ? "Gateway Timeout" : "Bad Gateway \u2014 connection refused on localhost:" + req.port
+        ).toString("base64")
+      };
+    }
+  }
+}
+function tryProxy(req, hostname) {
+  return new Promise((resolve, reject) => {
+    const body = req.body ? Buffer.from(req.body, "base64") : void 0;
+    const pathAndQuery = req.path;
+    const options = {
+      hostname,
+      port: req.port,
+      path: pathAndQuery,
+      method: req.method,
+      headers: req.headers,
+      timeout: HTTP_PROXY_TIMEOUT
+    };
+    const proxyReq = http.request(options, (proxyRes) => {
+      const chunks = [];
+      proxyRes.on("data", (chunk) => chunks.push(chunk));
+      proxyRes.on("end", () => {
+        const bodyBuf = Buffer.concat(chunks);
+        const headers = {};
+        for (const [key, value] of Object.entries(proxyRes.headers)) {
+          if (typeof value === "string") headers[key] = value;
+          else if (Array.isArray(value)) headers[key] = value.join(", ");
+        }
+        resolve({
+          reqId: req.reqId,
+          status: proxyRes.statusCode ?? 502,
+          headers,
+          body: bodyBuf.length > 0 ? bodyBuf.toString("base64") : void 0
+        });
+      });
+    });
+    proxyReq.on("error", (err) => {
+      reject(err);
+    });
+    proxyReq.on("timeout", () => {
+      proxyReq.destroy();
+      reject(new Error("timeout"));
+    });
+    if (body) proxyReq.write(body);
+    proxyReq.end();
+  });
+}
+
+// src/shared/pty-session.ts
+import WebSocket from "ws";
+function createPtySessionState(init) {
+  return {
+    ...init,
+    chunksSinceSnapshot: 0,
+    snapshotInFlight: false,
+    periodicSnapshotTimer: null,
+    snapshotTimer: null,
+    ptyBuffer: "",
+    ptyBatchTimer: null,
+    hasClearInBatch: false
+  };
+}
+function createPtySessionManager(getWs) {
+  async function createAndSendSnapshot(session) {
+    if (!session.headless || !session.serializer) return false;
+    if (session.snapshotInFlight) return false;
+    const ws = getWs();
+    if (!ws || ws.readyState !== WebSocket.OPEN) return false;
+    session.snapshotInFlight = true;
+    try {
+      const serialized = session.serializer.serialize();
+      const encoded = new TextEncoder().encode(serialized);
+      const packed = await encryptChunk(encoded, session.sessionKey);
+      ws.send(createSnapshotFrame(session.id, packed));
+      session.chunksSinceSnapshot = 0;
+      return true;
+    } catch {
+      return false;
+    } finally {
+      session.snapshotInFlight = false;
+    }
+  }
+  function resetPeriodicSnapshotTimer(session) {
+    if (session.periodicSnapshotTimer) clearTimeout(session.periodicSnapshotTimer);
+    if (!session.headless || !session.serializer) return;
+    session.periodicSnapshotTimer = setTimeout(async () => {
+      if (session.chunksSinceSnapshot > 0) {
+        await createAndSendSnapshot(session);
+      }
+      resetPeriodicSnapshotTimer(session);
+    }, SNAPSHOT_INTERVAL_MS);
+  }
+  async function flushPtyBuffer(session) {
+    if (!session.ptyBuffer) return;
+    const batch = session.ptyBuffer;
+    const hadClear = session.hasClearInBatch;
+    session.ptyBuffer = "";
+    session.hasClearInBatch = false;
+    session.ptyBatchTimer = null;
+    if (session.headless) session.headless.write(batch);
+    const encoded = new TextEncoder().encode(batch);
+    const packed = await encryptChunk(encoded, session.sessionKey);
+    const frame = createEncryptedChunkFrame(session.id, packed);
+    const ws = getWs();
+    if (ws?.readyState === WebSocket.OPEN) {
+      ws.send(frame);
+    }
+    session.chunksSinceSnapshot++;
+    if (session.headless && session.serializer && hadClear) {
+      if (session.snapshotTimer) clearTimeout(session.snapshotTimer);
+      session.snapshotTimer = setTimeout(async () => {
+        session.snapshotTimer = null;
+        await createAndSendSnapshot(session);
+        resetPeriodicSnapshotTimer(session);
+      }, SNAPSHOT_DEBOUNCE);
+    }
+    if (session.headless && session.serializer && session.chunksSinceSnapshot >= SNAPSHOT_CHUNK_THRESHOLD && !session.snapshotTimer) {
+      await createAndSendSnapshot(session);
+      resetPeriodicSnapshotTimer(session);
+    }
+  }
+  function setupPtyOutput(session, opts) {
+    session.ptyProcess.onData((data) => {
+      if (opts?.onData) opts.onData(data);
+      session.ptyBuffer += data;
+      if (containsClear(data)) session.hasClearInBatch = true;
+      if (Buffer.byteLength(session.ptyBuffer) >= MAX_CHUNK_SIZE) {
+        if (session.ptyBatchTimer) {
+          clearTimeout(session.ptyBatchTimer);
+          session.ptyBatchTimer = null;
+        }
+        flushPtyBuffer(session);
+        return;
+      }
+      if (!session.ptyBatchTimer) {
+        session.ptyBatchTimer = setTimeout(() => flushPtyBuffer(session), PTY_BATCH_INTERVAL_MS);
+      }
+    });
+  }
+  async function cleanupPtySession(session, opts) {
+    if (session.ptyBatchTimer) clearTimeout(session.ptyBatchTimer);
+    await flushPtyBuffer(session);
+    if (session.snapshotTimer) clearTimeout(session.snapshotTimer);
+    if (session.periodicSnapshotTimer) clearTimeout(session.periodicSnapshotTimer);
+    await createAndSendSnapshot(session);
+    try {
+      await gql(opts.serverUrl, opts.authToken, `
+        mutation ($input: UpdateSessionInput!) {
+          updateSession(input: $input) { id }
+        }
+      `, {
+        input: {
+          id: session.id,
+          status: "stopped",
+          endedAt: (/* @__PURE__ */ new Date()).toISOString()
+        }
+      });
+    } catch {
+    }
+  }
+  return {
+    createAndSendSnapshot,
+    resetPeriodicSnapshotTimer,
+    flushPtyBuffer,
+    setupPtyOutput,
+    cleanupPtySession
+  };
+}
+
+// src/commands/run.ts
+function resolveRunArgs(commandArgs, opts, platform3 = os.platform(), shell = process.env.SHELL) {
+  const defaultShell = platform3 === "win32" ? "powershell.exe" : shell || "/bin/bash";
+  const isInteractiveShell = commandArgs.length === 0;
+  const command = commandArgs.join(" ") || defaultShell;
+  const name = opts.name || (isInteractiveShell ? "shell" : command.split(" ")[0]);
+  return { isInteractiveShell, command, name, defaultShell };
+}
+function parseForwardedPorts(raw) {
+  if (!raw) return [];
+  const ports = [];
+  for (const p of raw.split(",")) {
+    const port = parseInt(p.trim(), 10);
+    if (isNaN(port) || port < 1 || port > 65535) {
+      return { error: `Invalid port: ${p.trim()}` };
+    }
+    ports.push(port);
+  }
+  return ports;
+}
+var runCommand = new Command3("run").description("Run a command and stream to server (no command = interactive shell)").argument("[command...]", "Command to run (defaults to your shell)").option("-n, --name <name>", "Session name").option("--forward <ports>", "Forward local ports (comma-separated, e.g. 3000,8080)").action(async (commandArgs, opts) => {
+  const cfg = await getConfig();
+  const { serverUrl, wsUrl, authToken, publicKey, encryptedPrivateKey, keySalt } = cfg;
+  const { isInteractiveShell, command, name, defaultShell } = resolveRunArgs(commandArgs, opts);
+  if (command.length > MAX_COMMAND_LENGTH) {
+    console.error(`Command too long (${command.length} chars, max ${MAX_COMMAND_LENGTH})`);
+    process.exit(1);
+  }
+  const parsedPorts = parseForwardedPorts(opts.forward);
+  if ("error" in parsedPorts) {
+    console.error(parsedPorts.error);
+    process.exit(1);
+  }
+  const forwardedPortsList = parsedPorts;
+  const forwardedPorts = forwardedPortsList.length > 0 ? forwardedPortsList.join(",") : void 0;
+  const privateKey = await decryptPrivateKeyFromConfig(cfg);
+  const pty = await import("node-pty");
+  let orgKeysData = null;
+  try {
+    orgKeysData = await gql(serverUrl, authToken, `
+        query { orgKeys { orgPublicKey isPersonalOrg } }
+      `);
+  } catch {
+  }
+  const sealingKey = orgKeysData?.orgKeys?.orgPublicKey ?? publicKey;
+  const sessionKey = await generateSessionKey();
+  const pubKey = fromBase64(sealingKey);
+  const encryptedSessionKey = await encryptSessionKey(sessionKey, pubKey);
+  let createData;
+  try {
+    createData = await gql(serverUrl, authToken, `
+        mutation ($input: CreateSessionInput!) {
+          createSession(input: $input) { id }
+        }
+      `, {
+      input: {
+        name,
+        command,
+        encryptedSessionKey: toBase64(encryptedSessionKey),
+        cols: process.stdout.columns || 80,
+        rows: process.stdout.rows || 24,
+        agentType: detectAgentType(command),
+        machineId: getMachineId(),
+        machineName: getMachineName(),
+        ...forwardedPorts ? { forwardedPorts } : {}
+      }
+    });
+  } catch (err) {
+    console.error("Failed to create session:", err instanceof Error ? err.message : String(err));
+    process.exit(1);
+  }
+  const sessionId = createData.createSession.id;
+  console.log(`Session: ${sessionId}`);
+  console.log(`Web: ${serverUrl}/s/${sessionId}`);
+  if (isInteractiveShell) {
+    console.log(`Mode: interactive shell (${command})`);
+  }
+  if (forwardedPorts) {
+    for (const port of forwardedPortsList) {
+      console.log(`Tunnel: ${serverUrl}/tunnel/${sessionId}/${port}/`);
+    }
+  }
+  console.log();
+  const shell = defaultShell;
+  const args = isInteractiveShell ? [] : ["-c", command];
+  const ptyProcess = pty.spawn(shell, args, {
+    name: "xterm-256color",
+    cols: process.stdout.columns || 80,
+    rows: process.stdout.rows || 24,
+    cwd: process.cwd(),
+    env: getSafeEnv()
+  });
+  let headless = null;
+  let serializer = null;
+  const headlessClasses = await loadHeadlessTerminal();
+  if (headlessClasses) {
+    headless = new headlessClasses.Terminal({
+      cols: process.stdout.columns || 80,
+      rows: process.stdout.rows || 24
+    });
+    serializer = new headlessClasses.SerializeAddon();
+    headless.loadAddon(serializer);
+  }
+  let ws = null;
+  let wsClosing = false;
+  let handshakeCompleted = false;
+  const session = createPtySessionState({
+    id: sessionId,
+    sessionKey,
+    ptyProcess,
+    headless,
+    serializer,
+    forwardedPorts: forwardedPortsList
+  });
+  const ptyManager = createPtySessionManager(() => ws);
+  const wsConnUrl = `${wsUrl}/ws`;
+  let reconnectDelay = INITIAL_RECONNECT_DELAY;
+  function connectWS() {
+    const socket = new WebSocket2(wsConnUrl);
+    ws = socket;
+    handshakeCompleted = false;
+    socket.on("open", () => {
+      reconnectDelay = INITIAL_RECONNECT_DELAY;
+      socket.send(JSON.stringify({
+        version: FRAME_VERSION,
+        token: authToken,
+        source: "cli"
+      }));
+    });
+    socket.on("close", (code, reason) => {
+      if (wsClosing) return;
+      if (code === 4001) {
+        console.error("\x1B[31mUnauthorized. Please run: anyterm login\x1B[0m");
+        ptyProcess.kill();
+        return;
+      }
+      if (code === 4010) {
+        console.error(`\x1B[31m${reason.toString() || "Protocol version mismatch. Please update your CLI: npm update -g anyterm"}\x1B[0m`);
+        ptyProcess.kill();
+        return;
+      }
+      setTimeout(() => {
+        if (!wsClosing) connectWS();
+      }, reconnectDelay);
+      reconnectDelay = Math.min(reconnectDelay * 2, MAX_RECONNECT_DELAY);
+    });
+    socket.on("error", () => {
+    });
+    setupWsHandlers(socket);
+  }
+  connectWS();
+  function setupWsHandlers(socket) {
+    socket.on("message", async (raw) => {
+      try {
+        const frame = decodeFrame(new Uint8Array(raw));
+        if (!handshakeCompleted) {
+          if (frame.type === FrameType.HANDSHAKE_OK) {
+            handshakeCompleted = true;
+            socket.send(createSubscribeFrame(sessionId));
+            ptyManager.resetPeriodicSnapshotTimer(session);
+            return;
+          }
+          if (frame.type === FrameType.ERROR) {
+            const msg = new TextDecoder().decode(frame.payload);
+            try {
+              const err = JSON.parse(msg);
+              console.error(`\x1B[31m${err.message || msg}\x1B[0m`);
+            } catch {
+              console.error(`\x1B[31m${msg}\x1B[0m`);
+            }
+            return;
+          }
+          return;
+        }
+        if (frame.type === FrameType.PING) {
+          socket.send(createPongFrame());
+        } else if (frame.type === FrameType.ENCRYPTED_INPUT) {
+          const plaintext = await decryptChunk(frame.payload, sessionKey);
+          const text = new TextDecoder().decode(plaintext);
+          ptyProcess.write(text);
+        } else if (frame.type === FrameType.HTTP_REQUEST && forwardedPorts) {
+          const json = new TextDecoder().decode(frame.payload);
+          const req = JSON.parse(json);
+          if (!forwardedPortsList.includes(req.port)) return;
+          const response = await proxyLocalHttp(req);
+          const responsePayload = new TextEncoder().encode(JSON.stringify(response));
+          const responseFrame = createHttpResponseFrame(sessionId, responsePayload);
+          if (socket.readyState === WebSocket2.OPEN) {
+            socket.send(responseFrame);
+          }
+        } else if (frame.type === FrameType.SESSION_ENDED) {
+          console.log("\n\x1B[33mSession ended remotely.\x1B[0m");
+          ptyProcess.kill();
+        }
+      } catch (err) {
+        console.error("[WS] Frame handling error:", err instanceof Error ? err.message : String(err));
+        if (process.env.DEBUG) {
+          console.debug(err);
+        }
+      }
+    });
+  }
+  ptyManager.setupPtyOutput(session, {
+    onData: (data) => process.stdout.write(data)
+  });
+  ptyProcess.onExit(async ({ exitCode }) => {
+    wsClosing = true;
+    await ptyManager.cleanupPtySession(session, { serverUrl, authToken });
+    if (ws && ws.readyState === WebSocket2.OPEN) {
+      ws.close();
+      await new Promise((resolve) => {
+        ws.once("close", resolve);
+        setTimeout(resolve, WS_CLOSE_TIMEOUT);
+      });
+    }
+    process.exit(exitCode);
+  });
+  let resizeDbTimer = null;
+  process.stdout.on("resize", () => {
+    const cols = process.stdout.columns;
+    const rows = process.stdout.rows;
+    ptyProcess.resize(cols, rows);
+    if (session.headless) session.headless.resize(cols, rows);
+    if (ws?.readyState === WebSocket2.OPEN) {
+      ws.send(createResizeFrame(sessionId, cols, rows));
+    }
+    if (resizeDbTimer) clearTimeout(resizeDbTimer);
+    resizeDbTimer = setTimeout(async () => {
+      try {
+        await gql(serverUrl, authToken, `
+            mutation ($input: UpdateSessionInput!) {
+              updateSession(input: $input) { id }
+            }
+          `, { input: { id: sessionId, cols, rows } });
+      } catch {
+      }
+    }, RESIZE_DB_DEBOUNCE);
+  });
+  if (process.stdin.isTTY) {
+    process.stdin.setRawMode(true);
+  }
+  process.stdin.resume();
+  process.stdin.on("data", (data) => {
+    ptyProcess.write(data.toString());
+  });
+  const cleanup = () => {
+    if (process.stdin.isTTY) {
+      try {
+        process.stdin.setRawMode(false);
+      } catch {
+      }
+    }
+    if (session.periodicSnapshotTimer) clearTimeout(session.periodicSnapshotTimer);
+    ptyProcess.kill();
+    sessionKey.fill(0);
+    privateKey.fill(0);
+  };
+  process.on("SIGINT", cleanup);
+  process.on("SIGTERM", cleanup);
+  process.on("SIGHUP", cleanup);
+});
+
+// src/commands/list.ts
+import { Command as Command4 } from "commander";
+var ANSI_RE = /\x1b\[[0-9;]*m/g;
+var STATUS_COL_WIDTH = 18;
+function formatStatus(status) {
+  return status === "running" ? "\x1B[32m\u25CF\x1B[0m running" : status === "disconnected" ? "\x1B[33m\u25CF\x1B[0m disconnected" : "\u25CB stopped";
+}
+function formatRow(s) {
+  const status = formatStatus(s.status);
+  const visibleLen = status.replace(ANSI_RE, "").length;
+  const paddedStatus = status + " ".repeat(Math.max(0, STATUS_COL_WIDTH - visibleLen));
+  return s.id.padEnd(15) + s.name.slice(0, 22).padEnd(25) + paddedStatus + s.command.slice(0, 30);
+}
+var listCommand = new Command4("list").alias("ls").description("List terminal sessions").action(async () => {
+  const { serverUrl, authToken } = await getConfig();
+  let sessions;
+  try {
+    const data = await gql(serverUrl, authToken, `
+        query { sessions { id name status command } }
+      `);
+    sessions = data.sessions;
+  } catch {
+    console.error("Failed to fetch sessions");
+    process.exit(1);
+  }
+  if (sessions.length === 0) {
+    console.log("No sessions.");
+    return;
+  }
+  console.log(
+    "\n" + "ID".padEnd(15) + "NAME".padEnd(25) + "STATUS".padEnd(STATUS_COL_WIDTH) + "COMMAND"
+  );
+  console.log("-".repeat(70));
+  for (const s of sessions) {
+    console.log(formatRow(s));
+  }
+  console.log();
+});
+
+// src/commands/daemon.ts
+import { Command as Command5 } from "commander";
+import * as os2 from "os";
+import WebSocket3 from "ws";
+var MAX_ACTIVE_SESSIONS = 20;
+function parseSpawnForwardedPorts(raw) {
+  if (!Array.isArray(raw)) return [];
+  return raw.map(Number).filter((p) => Number.isInteger(p) && p >= 1 && p <= 65535);
+}
+function extractCommandName(command) {
+  const cmdBase = command.split(" ")[0];
+  return cmdBase.split("/").pop() || cmdBase;
+}
+function deriveSessionName(spawnName, command) {
+  const cmdName = extractCommandName(command);
+  return spawnName || cmdName.slice(0, 256);
+}
+function parseAllowedCommands(raw) {
+  if (!raw) return null;
+  const patterns = raw.split(",").map((s) => s.trim()).filter(Boolean);
+  return patterns.length > 0 ? patterns : null;
+}
+function isCommandAllowed(command, allowedPatterns) {
+  if (!allowedPatterns) return true;
+  return allowedPatterns.some((pattern) => command.includes(pattern));
+}
+var daemonCommand = new Command5("daemon").description("Run background daemon for web-initiated terminals").option("-d, --debug", "Enable debug logging").option("-n, --name <name>", "Display name for this machine (defaults to hostname)").option("--allow <patterns>", "Restrict spawnable commands (comma-separated patterns, e.g. claude,npm,node)").action(async (opts) => {
+  const debug = opts.debug || !!process.env.DEBUG;
+  const log = (...args) => console.log("[daemon]", ...args);
+  const dbg = debug ? (...args) => console.debug("[daemon]", ...args) : () => {
+  };
+  const allowedCommands = parseAllowedCommands(opts.allow);
+  if (allowedCommands) {
+    log(`Command allowlist: ${allowedCommands.join(", ")}`);
+  }
+  const machineId = getMachineId();
+  if (opts.name) {
+    setMachineName(opts.name);
+  }
+  const machineName = opts.name || getMachineName();
+  log(`Machine: ${machineName} (${machineId})`);
+  const cfg = await getConfig();
+  const { serverUrl, wsUrl, authToken, publicKey, encryptedPrivateKey, keySalt } = cfg;
+  const privateKey = await decryptPrivateKeyFromConfig(cfg);
+  const pubKey = fromBase64(publicKey);
+  const headlessClasses = await loadHeadlessTerminal();
+  if (!headlessClasses) {
+    log("Headless terminal unavailable \u2014 snapshots disabled");
+  }
+  const pty = await import("node-pty");
+  const activeSessions = /* @__PURE__ */ new Map();
+  let ws = null;
+  let shuttingDown = false;
+  const ptyManager = createPtySessionManager(() => ws);
+  const wsConnUrl = `${wsUrl}/ws`;
+  let reconnectDelay = INITIAL_RECONNECT_DELAY;
+  let handshakeCompleted = false;
+  function connectWS() {
+    const socket = new WebSocket3(wsConnUrl);
+    ws = socket;
+    handshakeCompleted = false;
+    socket.on("open", () => {
+      reconnectDelay = INITIAL_RECONNECT_DELAY;
+      socket.send(JSON.stringify({
+        version: FRAME_VERSION,
+        token: authToken,
+        source: "daemon",
+        machineId,
+        machineName
+      }));
+    });
+    socket.on("close", (code, reason) => {
+      if (shuttingDown) return;
+      if (code === 4001) {
+        console.error("[daemon] Unauthorized. Run: anyterm login");
+        process.exit(1);
+      }
+      if (code === 4002) {
+        console.error("[daemon] Server rejected connection: missing machine ID.");
+        process.exit(1);
+      }
+      if (code === 4003) {
+        console.error(
+          "[daemon] Another daemon with the same machine ID is already connected.\n         Stop the other daemon first, or run on a different machine."
+        );
+        process.exit(1);
+      }
+      if (code === 4010) {
+        console.error("[daemon] Protocol version mismatch. Please update your CLI: npm update -g anyterm");
+        process.exit(1);
+      }
+      log(`Disconnected (code ${code}), reconnecting in ${reconnectDelay}ms...`);
+      setTimeout(() => {
+        if (!shuttingDown) connectWS();
+      }, reconnectDelay);
+      reconnectDelay = Math.min(reconnectDelay * 2, MAX_RECONNECT_DELAY);
+    });
+    socket.on("error", () => {
+    });
+    setupWsHandlers(socket);
+  }
+  async function spawnSession(request2, socket) {
+    const { requestId, command, name, forwardedPorts: fwdPorts } = request2;
+    const cols = process.stdout.columns || 80;
+    const rows = process.stdout.rows || 24;
+    dbg(`Spawn request: ${command} (${cols}x${rows})`);
+    if (activeSessions.size >= MAX_ACTIVE_SESSIONS) {
+      log(`Rejected spawn: active session limit reached (${MAX_ACTIVE_SESSIONS})`);
+      const response = { requestId, error: `Daemon session limit reached (max ${MAX_ACTIVE_SESSIONS})` };
+      const responsePayload = new TextEncoder().encode(JSON.stringify(response));
+      socket.send(createSpawnResponseFrame(responsePayload));
+      return;
+    }
+    try {
+      const sessionKey = await generateSessionKey();
+      const encryptedSessionKey = await encryptSessionKey(sessionKey, pubKey);
+      const createData = await gql(
+        serverUrl,
+        authToken,
+        `
+            mutation ($input: CreateSessionInput!) {
+              createSession(input: $input) { id }
+            }
+          `,
+        {
+          input: {
+            name,
+            command,
+            encryptedSessionKey: toBase64(encryptedSessionKey),
+            cols,
+            rows,
+            agentType: detectAgentType(command),
+            machineId,
+            machineName,
+            ...fwdPorts && fwdPorts.length > 0 ? { forwardedPorts: fwdPorts.join(",") } : {}
+          }
+        }
+      );
+      const sessionId = createData.createSession.id;
+      log(`Spawned session ${sessionId}: ${command}`);
+      socket.send(createSubscribeFrame(sessionId));
+      let headless = null;
+      let serializer = null;
+      if (headlessClasses) {
+        headless = new headlessClasses.Terminal({ cols, rows });
+        serializer = new headlessClasses.SerializeAddon();
+        headless.loadAddon(serializer);
+      }
+      const shell = os2.platform() === "win32" ? "powershell.exe" : process.env.SHELL || "/bin/bash";
+      const args = command !== shell ? ["-c", command] : [];
+      const ptyProcess = pty.spawn(shell, args, {
+        name: "xterm-256color",
+        cols,
+        rows,
+        cwd: process.env.HOME || process.cwd(),
+        env: getSafeEnv()
+      });
+      const session = createPtySessionState({
+        id: sessionId,
+        sessionKey,
+        ptyProcess,
+        headless,
+        serializer,
+        forwardedPorts: fwdPorts ?? []
+      });
+      activeSessions.set(sessionId, session);
+      ptyManager.resetPeriodicSnapshotTimer(session);
+      ptyManager.setupPtyOutput(session);
+      ptyProcess.onExit(async ({ exitCode }) => {
+        log(`Session ${sessionId} ended (exit ${exitCode})`);
+        await ptyManager.cleanupPtySession(session, { serverUrl, authToken });
+        if (ws?.readyState === WebSocket3.OPEN) {
+          ws.send(createSessionEndedFrame(sessionId));
+          ws.send(createUnsubscribeFrame(sessionId));
+        }
+        activeSessions.delete(sessionId);
+      });
+      const response = { requestId, sessionId };
+      const responsePayload = new TextEncoder().encode(JSON.stringify(response));
+      socket.send(createSpawnResponseFrame(responsePayload));
+    } catch (err) {
+      const errorMsg = err instanceof Error ? err.message : "Unknown error";
+      log(`Spawn failed: ${errorMsg}`);
+      const response = { requestId, error: errorMsg };
+      const responsePayload = new TextEncoder().encode(JSON.stringify(response));
+      socket.send(createSpawnResponseFrame(responsePayload));
+    }
+  }
+  function setupWsHandlers(socket) {
+    socket.on("message", async (raw) => {
+      try {
+        const frame = decodeFrame(new Uint8Array(raw));
+        if (!handshakeCompleted) {
+          if (frame.type === FrameType.HANDSHAKE_OK) {
+            handshakeCompleted = true;
+            log("Connected to server");
+            for (const [sessionId] of activeSessions) {
+              socket.send(createSubscribeFrame(sessionId));
+            }
+            return;
+          }
+          if (frame.type === FrameType.ERROR) {
+            const msg = new TextDecoder().decode(frame.payload);
+            try {
+              const err = JSON.parse(msg);
+              console.error(`[daemon] ${err.message || msg}`);
+            } catch {
+              console.error(`[daemon] ${msg}`);
+            }
+            return;
+          }
+          return;
+        }
+        switch (frame.type) {
+          case FrameType.PING: {
+            socket.send(createPongFrame());
+            break;
+          }
+          case FrameType.SPAWN_REQUEST: {
+            const json = new TextDecoder().decode(frame.payload);
+            const outer = JSON.parse(json);
+            const sealed = fromBase64(outer.encryptedPayload);
+            const decrypted = openMessage(sealed, pubKey, privateKey);
+            const inner = JSON.parse(new TextDecoder().decode(decrypted));
+            const defaultShell = os2.platform() === "win32" ? "powershell.exe" : process.env.SHELL || "/bin/bash";
+            const rawCommand = typeof inner.command === "string" ? inner.command.trim() : "";
+            const command = rawCommand || defaultShell;
+            const spawnName = typeof inner.name === "string" ? inner.name.trim() : "";
+            if (command.length > MAX_COMMAND_LENGTH) {
+              const response = { requestId: outer.requestId, error: "Invalid command" };
+              socket.send(createSpawnResponseFrame(new TextEncoder().encode(JSON.stringify(response))));
+              break;
+            }
+            if (!isCommandAllowed(command, allowedCommands)) {
+              log(`Rejected spawn: "${command}" not in allowlist`);
+              const response = { requestId: outer.requestId, error: "Command not in allowlist" };
+              socket.send(createSpawnResponseFrame(new TextEncoder().encode(JSON.stringify(response))));
+              break;
+            }
+            const forwardedPorts = parseSpawnForwardedPorts(inner.forwardedPorts);
+            const request2 = {
+              requestId: outer.requestId,
+              command,
+              name: deriveSessionName(spawnName, command),
+              forwardedPorts
+            };
+            await spawnSession(request2, socket);
+            break;
+          }
+          case FrameType.ENCRYPTED_INPUT: {
+            const session = activeSessions.get(frame.sessionId);
+            if (!session) break;
+            const plaintext = await decryptChunk(frame.payload, session.sessionKey);
+            const text = new TextDecoder().decode(plaintext);
+            session.ptyProcess.write(text);
+            break;
+          }
+          case FrameType.HTTP_REQUEST: {
+            const session = activeSessions.get(frame.sessionId);
+            if (!session) break;
+            const json = new TextDecoder().decode(frame.payload);
+            const req = JSON.parse(json);
+            if (!session.forwardedPorts.includes(req.port)) break;
+            const response = await proxyLocalHttp(req);
+            const responsePayload = new TextEncoder().encode(JSON.stringify(response));
+            const responseFrame = createHttpResponseFrame(frame.sessionId, responsePayload);
+            if (socket.readyState === WebSocket3.OPEN) {
+              socket.send(responseFrame);
+            }
+            break;
+          }
+          case FrameType.SESSION_ENDED: {
+            const session = activeSessions.get(frame.sessionId);
+            if (session) {
+              log(`Session ${frame.sessionId} ended remotely`);
+              session.ptyProcess.kill();
+            }
+            break;
+          }
+        }
+      } catch (err) {
+        console.error("[daemon] Frame handling error:", err instanceof Error ? err.message : String(err));
+        if (debug) {
+          console.debug(err);
+        }
+      }
+    });
+  }
+  connectWS();
+  log("Daemon started, waiting for spawn requests...");
+  log(`Ctrl+C to stop`);
+  async function shutdown() {
+    if (shuttingDown) return;
+    shuttingDown = true;
+    log("Shutting down...");
+    const shutdownPromises = [];
+    for (const [, session] of activeSessions) {
+      shutdownPromises.push(
+        (async () => {
+          await ptyManager.cleanupPtySession(session, { serverUrl, authToken });
+          session.ptyProcess.kill();
+        })()
+      );
+    }
+    await Promise.allSettled(shutdownPromises);
+    privateKey.fill(0);
+    for (const [, session] of activeSessions) {
+      session.sessionKey.fill(0);
+    }
+    if (ws && ws.readyState === WebSocket3.OPEN) {
+      ws.close();
+      await new Promise((resolve) => {
+        ws.once("close", resolve);
+        setTimeout(resolve, WS_CLOSE_TIMEOUT);
+      });
+    }
+    process.exit(0);
+  }
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+  process.on("SIGHUP", shutdown);
+});
+
+// src/commands/org.ts
+import { Command as Command6 } from "commander";
+import { createInterface as createInterface2 } from "readline/promises";
+import { stdin as stdin2, stdout as stdout2 } from "process";
+function isPersonalOrg(slug, userId) {
+  return slug === userId;
+}
+function orgBadge(slug, userId) {
+  return isPersonalOrg(slug, userId) ? " (Personal)" : "";
+}
+function validateSwitchIndex(answer, orgCount) {
+  const idx = parseInt(answer, 10) - 1;
+  if (isNaN(idx) || idx < 0 || idx >= orgCount) return null;
+  return idx;
+}
+var orgCommand = new Command6("org").description("Manage organizations");
+orgCommand.command("list").description("List your organizations").action(async () => {
+  const { serverUrl, authToken, userId } = await getConfig();
+  const res = await fetch(
+    `${serverUrl}/api/auth/organization/list`,
+    {
+      headers: { Authorization: `Bearer ${authToken}` }
+    }
+  );
+  if (!res.ok) {
+    console.error("Failed to list organizations:", res.statusText);
+    process.exit(1);
+  }
+  const orgs = await res.json();
+  if (!orgs || orgs.length === 0) {
+    console.log("No organizations found.");
+    return;
+  }
+  console.log("\nOrganizations:\n");
+  for (const org of orgs) {
+    const badge = orgBadge(org.slug, userId);
+    console.log(`  ${org.name}${badge}`);
+    console.log(`    Slug: ${org.slug}`);
+    console.log(`    ID:   ${org.id}`);
+    console.log();
+  }
+});
+orgCommand.command("current").description("Show currently active organization").action(async () => {
+  const { serverUrl, authToken, userId } = await getConfig();
+  const res = await fetch(
+    `${serverUrl}/api/auth/organization/get-active-organization`,
+    {
+      headers: { Authorization: `Bearer ${authToken}` }
+    }
+  );
+  if (!res.ok) {
+    console.error("Failed to get active organization:", res.statusText);
+    process.exit(1);
+  }
+  const org = await res.json();
+  if (!org) {
+    console.log("No active organization. Run: anyterm org switch");
+    return;
+  }
+  console.log(`Active: ${org.name}${orgBadge(org.slug, userId)}`);
+  console.log(`  Slug: ${org.slug}`);
+  console.log(`  ID:   ${org.id}`);
+});
+orgCommand.command("switch").description("Switch active organization").action(async () => {
+  const { serverUrl, authToken, userId } = await getConfig();
+  const res = await fetch(
+    `${serverUrl}/api/auth/organization/list`,
+    {
+      headers: { Authorization: `Bearer ${authToken}` }
+    }
+  );
+  if (!res.ok) {
+    console.error("Failed to list organizations:", res.statusText);
+    process.exit(1);
+  }
+  const orgs = await res.json();
+  if (!orgs || orgs.length === 0) {
+    console.log("No organizations found.");
+    return;
+  }
+  console.log("\nSelect an organization:\n");
+  for (let i = 0; i < orgs.length; i++) {
+    const org = orgs[i];
+    console.log(`  [${i + 1}] ${org.name}${orgBadge(org.slug, userId)}`);
+  }
+  console.log();
+  const rl = createInterface2({ input: stdin2, output: stdout2 });
+  try {
+    const answer = await rl.question("Enter number: ");
+    const idx = validateSwitchIndex(answer, orgs.length);
+    if (idx === null) {
+      console.error("Invalid selection");
+      process.exit(1);
+    }
+    const selected = orgs[idx];
+    const setRes = await fetch(
+      `${serverUrl}/api/auth/organization/set-active`,
+      {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${authToken}`
+        },
+        body: JSON.stringify({ organizationId: selected.id })
+      }
+    );
+    if (!setRes.ok) {
+      console.error("Failed to switch organization:", setRes.statusText);
+      process.exit(1);
+    }
+    console.log(`Switched to: ${selected.name}`);
+  } finally {
+    rl.close();
+  }
+});
+
+// src/index.ts
+var program = new Command7().name("anyterm").description("E2E encrypted remote terminal streaming").version("0.1.0");
+program.addCommand(loginCommand);
+program.addCommand(logoutCommand);
+program.addCommand(runCommand);
+program.addCommand(listCommand);
+program.addCommand(daemonCommand);
+program.addCommand(orgCommand);
+program.parse();
+/*! Bundled license information:
+
+@noble/hashes/utils.js:
+  (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+
+@noble/curves/utils.js:
+@noble/curves/abstract/modular.js:
+@noble/curves/abstract/curve.js:
+@noble/curves/abstract/montgomery.js:
+@noble/curves/ed25519.js:
+  (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+
+@noble/ciphers/utils.js:
+  (*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) *)
+*/