npm - autho - Versions diffs - 0.0.11 → 0.0.13 - Mend

autho 0.0.11 → 0.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/build/bin.js +2286 -2181
package/package.json +14 -14

package/build/bin.js CHANGED Viewed

@@ -57229,2370 +57229,2412 @@ var inquirer = {
 };
 var inquirer_default = inquirer;
-// packages/cli/utils.js
-var prompt2 = inquirer_default.prompt;
-var ask = async ({ name = "", message = "", type = "input" }) => {
-  const answers = await inquirer_default.prompt([
-    {
-      name,
-      message,
-      type
+// node_modules/.pnpm/otpauth@9.2.3/node_modules/otpauth/dist/otpauth.node.mjs
+var crypto = __toESM(require("node:crypto"), 1);
+var uintToBuf = (num) => {
+  const buf = new ArrayBuffer(8);
+  const arr = new Uint8Array(buf);
+  let acc = num;
+  for (let i = 7; i >= 0; i--) {
+    if (acc === 0)
+      break;
+    arr[i] = acc & 255;
+    acc -= arr[i];
+    acc /= 256;
+  }
+  return buf;
+};
+var jsSHA = void 0;
+var globalScope = (() => {
+  if (typeof globalThis === "object")
+    return globalThis;
+  else {
+    Object.defineProperty(Object.prototype, "__GLOBALTHIS__", {
+      get() {
+        return this;
+      },
+      configurable: true
+    });
+    try {
+      if (typeof __GLOBALTHIS__ !== "undefined")
+        return __GLOBALTHIS__;
+    } finally {
+      delete Object.prototype.__GLOBALTHIS__;
     }
-  ]);
-  return answers[name];
+  }
+  if (typeof self !== "undefined")
+    return self;
+  else if (typeof window !== "undefined")
+    return window;
+  else if (typeof global !== "undefined")
+    return global;
+  return void 0;
+})();
+var OPENSSL_JSSHA_ALGO_MAP = {
+  SHA1: "SHA-1",
+  SHA224: "SHA-224",
+  SHA256: "SHA-256",
+  SHA384: "SHA-384",
+  SHA512: "SHA-512",
+  "SHA3-224": "SHA3-224",
+  "SHA3-256": "SHA3-256",
+  "SHA3-384": "SHA3-384",
+  "SHA3-512": "SHA3-512"
 };
-// packages/models/Secret.js
-var import_joi = __toESM(require_lib6(), 1);
-var import_node_crypto = require("node:crypto");
-var createSecretSchema = import_joi.default.object({
-  id: import_joi.default.string().default((0, import_node_crypto.randomUUID)()),
-  protected: import_joi.default.boolean().default(false),
-  name: import_joi.default.string().required(),
-  type: import_joi.default.string().required().valid("otp", "password", "note"),
-  value: import_joi.default.string().required(),
-  typeOptions: import_joi.default.object().default({}),
-  createdAt: import_joi.default.date().default(/* @__PURE__ */ new Date())
-});
-// packages/sdk/cipher.js
-var import_crypto = __toESM(require("crypto"), 1);
-var import_fs = __toESM(require("fs"), 1);
-var import_path = __toESM(require("path"), 1);
-var import_zlib = __toESM(require("zlib"), 1);
-// packages/shared/config.js
-var import_dotenv = __toESM(require_main2(), 1);
-import_dotenv.default.config();
-var config_default = {
-  masterPasswordHash: process.env.AUTHO_MASTER_PASSWORD_HASH,
-  masterPassword: process.env.AUTHO_MASTER_PASSWORD,
-  randomSize: process.env.AUTHO_RANDOM_SIZE || 16,
-  encryptionALgo: process.env.AUTHO_ENCRYPTION_ALGO || "aes-256-gcm",
-  hashAlgo: process.env.AUTHO_HASH_ALGO || "sha256",
-  dataFolder: process.env.AUTHO_DATA_FOLDER,
-  name: process.env.AUTHO_COLLECTION_NAME || "default"
+var hmacDigest = (algorithm, key, message) => {
+  if (crypto?.createHmac) {
+    const hmac = crypto.createHmac(algorithm, globalScope.Buffer.from(key));
+    hmac.update(globalScope.Buffer.from(message));
+    return hmac.digest().buffer;
+  } else {
+    const variant = OPENSSL_JSSHA_ALGO_MAP[algorithm.toUpperCase()];
+    if (typeof variant === "undefined") {
+      throw new TypeError("Unknown hash function");
+    }
+    const hmac = new jsSHA(variant, "ARRAYBUFFER");
+    hmac.setHMACKey(key, "ARRAYBUFFER");
+    hmac.update(message);
+    return hmac.getHMAC("ARRAYBUFFER");
+  }
 };
-// packages/sdk/cipher.js
-var Cipher = class _Cipher {
-  static hash(text, algorithm = config_default.hashAlgo, encoding = "hex") {
-    const hash = import_crypto.default.createHash(algorithm);
-    hash.update(text);
-    return hash.digest(encoding);
+var ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
+var base32ToBuf = (str) => {
+  let end = str.length;
+  while (str[end - 1] === "=")
+    --end;
+  const cstr = (end < str.length ? str.substring(0, end) : str).toUpperCase();
+  const buf = new ArrayBuffer(cstr.length * 5 / 8 | 0);
+  const arr = new Uint8Array(buf);
+  let bits = 0;
+  let value = 0;
+  let index = 0;
+  for (let i = 0; i < cstr.length; i++) {
+    const idx = ALPHABET.indexOf(cstr[i]);
+    if (idx === -1)
+      throw new TypeError(`Invalid character found: ${cstr[i]}`);
+    value = value << 5 | idx;
+    bits += 5;
+    if (bits >= 8) {
+      bits -= 8;
+      arr[index++] = value >>> bits;
+    }
   }
-  static random(size = config_default.randomSize) {
-    const rnd = import_crypto.default.randomBytes(size);
-    return rnd;
+  return buf;
+};
+var base32FromBuf = (buf) => {
+  const arr = new Uint8Array(buf);
+  let bits = 0;
+  let value = 0;
+  let str = "";
+  for (let i = 0; i < arr.length; i++) {
+    value = value << 8 | arr[i];
+    bits += 8;
+    while (bits >= 5) {
+      str += ALPHABET[value >>> bits - 5 & 31];
+      bits -= 5;
+    }
   }
-  static randomString(encoding = "hex") {
-    const rnd = _Cipher.random().toString(encoding);
-    return rnd;
+  if (bits > 0) {
+    str += ALPHABET[value << 5 - bits & 31];
   }
-  static sign(text) {
-    const hash = _Cipher.hash(text);
-    const signature = `${hash.substring(0, 10)}:${hash.substring(hash.length - 10)}`;
-    return signature;
+  return str;
+};
+var hexToBuf = (str) => {
+  const buf = new ArrayBuffer(str.length / 2);
+  const arr = new Uint8Array(buf);
+  for (let i = 0; i < str.length; i += 2) {
+    arr[i / 2] = parseInt(str.substring(i, i + 2), 16);
   }
-  static verify(text, signature) {
-    const expectedSignature = _Cipher.sign(text);
-    return expectedSignature === signature;
+  return buf;
+};
+var hexFromBuf = (buf) => {
+  const arr = new Uint8Array(buf);
+  let str = "";
+  for (let i = 0; i < arr.length; i++) {
+    const hex = arr[i].toString(16);
+    if (hex.length === 1)
+      str += "0";
+    str += hex;
   }
-  static encrypt({
-    value,
-    encryptionKey,
-    algorithm = config_default.encryptionALgo,
-    encoding = "hex"
-  }) {
-    const publicKey = _Cipher.randomString();
-    let cipher = import_crypto.default.createCipheriv(
-      algorithm,
-      Buffer.from(encryptionKey, encoding),
-      Buffer.from(publicKey, encoding),
-      { authTagLength: 16 }
-    );
-    let encrypted = cipher.update(value);
-    encrypted = Buffer.concat([encrypted, cipher.final()]);
-    encrypted = encrypted.toString(encoding);
-    const authTag = cipher.getAuthTag().toString(encoding);
-    return {
-      publicKey,
-      encrypted,
-      algorithm,
-      signature: _Cipher.sign(value),
-      encoding,
-      authTag,
-      provider: "crypto",
-      platform: "autho"
-    };
+  return str.toUpperCase();
+};
+var latin1ToBuf = (str) => {
+  const buf = new ArrayBuffer(str.length);
+  const arr = new Uint8Array(buf);
+  for (let i = 0; i < str.length; i++) {
+    arr[i] = str.charCodeAt(i) & 255;
   }
-  static decrypt({
-    value,
-    publicKey,
-    encryptionKey,
-    signature = false,
-    algorithm = config_default.encryptionALgo,
-    authTag,
-    encoding = "hex"
-  }) {
-    value = Buffer.from(value, encoding);
-    let decipher = import_crypto.default.createDecipheriv(
-      algorithm,
-      Buffer.from(encryptionKey, encoding),
-      Buffer.from(publicKey, encoding),
-      { authTagLength: 16 }
-    );
-    if (authTag) {
-      decipher.setAuthTag(Buffer.from(authTag, encoding));
-    }
-    let decrypted = decipher.update(value);
-    decrypted = Buffer.concat([decrypted, decipher.final()]);
-    decrypted = decrypted.toString();
-    if (signature && !_Cipher.verify(decrypted, signature)) {
-      throw new Error("Invalid signature");
-    }
-    return decrypted;
+  return buf;
+};
+var latin1FromBuf = (buf) => {
+  const arr = new Uint8Array(buf);
+  let str = "";
+  for (let i = 0; i < arr.length; i++) {
+    str += String.fromCharCode(arr[i]);
   }
-  static canDecrypt(options) {
-    return options.platform === "autho";
+  return str;
+};
+var ENCODER = globalScope.TextEncoder ? new globalScope.TextEncoder("utf-8") : null;
+var DECODER = globalScope.TextDecoder ? new globalScope.TextDecoder("utf-8") : null;
+var utf8ToBuf = (str) => {
+  if (!ENCODER) {
+    throw new Error("Encoding API not available");
   }
-  static encryptFile(inputFilePath, outputFilePath, encryptionKey) {
-    const inputBuffer = import_fs.default.readFileSync(inputFilePath);
-    const params = {
-      value: inputBuffer,
-      encryptionKey
-    };
-    const encryptedData = _Cipher.encrypt(params);
-    import_fs.default.writeFileSync(
-      outputFilePath,
-      Buffer.from(JSON.stringify(encryptedData)).toString("base64")
-    );
+  return ENCODER.encode(str).buffer;
+};
+var utf8FromBuf = (buf) => {
+  if (!DECODER) {
+    throw new Error("Encoding API not available");
   }
-  static decryptFile(inputFilePath, outputFilePath, encryptionKey) {
-    const inputFileContent = import_fs.default.readFileSync(inputFilePath);
-    const decoded = Buffer.from(
-      inputFileContent.toString("utf-8"),
-      "base64"
-    ).toString("utf-8");
-    const encryptedData = JSON.parse(decoded);
-    if (!_Cipher.canDecrypt(encryptedData)) {
-      throw new Error("Invalid file");
+  return DECODER.decode(buf);
+};
+var randomBytes2 = (size) => {
+  if (crypto?.randomBytes) {
+    return crypto.randomBytes(size).buffer;
+  } else {
+    if (!globalScope.crypto?.getRandomValues) {
+      throw new Error("Cryptography API not available");
     }
-    const params = {
-      ...encryptedData,
-      value: encryptedData.encrypted,
-      encryptionKey
-    };
-    const decryptedData = _Cipher.decrypt(params);
-    import_fs.default.writeFileSync(outputFilePath, decryptedData);
+    return globalScope.crypto.getRandomValues(new Uint8Array(size)).buffer;
   }
-  static encryptFolder({ inputFolderPath, outputFilePath, encryptionKey, algorithm = config_default.encryptionALgo, encoding = "hex" }) {
-    const outputStream = import_fs.default.createWriteStream(outputFilePath);
-    const gzip = import_zlib.default.createGzip();
-    gzip.pipe(outputStream);
-    const baseFolder = import_path.default.basename(inputFolderPath);
-    function traverseFolder(folderPath) {
-      const items = import_fs.default.readdirSync(folderPath);
-      for (const item of items) {
-        const itemPath = import_path.default.join(baseFolder, import_path.default.relative(inputFolderPath, import_path.default.join(folderPath, item)));
-        if (import_fs.default.statSync(itemPath).isDirectory()) {
-          traverseFolder(itemPath);
-        } else {
-          const fileContent = import_fs.default.readFileSync(itemPath);
-          const params = {
-            value: fileContent,
-            encryptionKey,
-            algorithm,
-            encoding
-          };
-          const encryptedData = _Cipher.encrypt(params);
-          const encrypted = encryptedData.encrypted;
-          delete encryptedData.encrypted;
-          const encryptionMeta = Buffer.from(JSON.stringify(encryptedData)).toString("base64");
-          gzip.write(`${itemPath}
----
-${encrypted}
----
-${encryptionMeta}
-:::
-`);
-        }
-      }
-    }
-    traverseFolder(inputFolderPath);
-    gzip.end();
-    return new Promise((resolve, reject) => {
-      outputStream.on("finish", resolve);
-      outputStream.on("error", reject);
-    });
+};
+var Secret = class _Secret {
+  /**
+   * Creates a secret key object.
+   * @param {Object} [config] Configuration options.
+   * @param {ArrayBuffer} [config.buffer=randomBytes] Secret key.
+   * @param {number} [config.size=20] Number of random bytes to generate, ignored if 'buffer' is provided.
+   */
+  constructor({
+    buffer,
+    size = 20
+  } = {}) {
+    this.buffer = typeof buffer === "undefined" ? randomBytes2(size) : buffer;
   }
-  static decryptFolder({ inputFilePath, outputFolderPath, encryptionKey }) {
-    const inputStream = import_fs.default.createReadStream(inputFilePath);
-    const gunzip = import_zlib.default.createGunzip();
-    inputStream.pipe(gunzip);
-    let buff = "";
-    const compileFile = (data) => {
-      buff += data;
-      if (buff.includes(":::")) {
-        const [file, next] = buff.split("\n:::\n");
-        let [filePath, encrypted, encryptionMeta] = file.split("\n---\n");
-        filePath = import_path.default.join(outputFolderPath, filePath);
-        try {
-          import_fs.default.mkdirSync(import_path.default.dirname(filePath), { recursive: true });
-        } catch (error) {
-        }
-        const decoded = Buffer.from(
-          encryptionMeta,
-          "base64"
-        ).toString("utf-8");
-        const metaData = JSON.parse(decoded);
-        const params = {
-          ...metaData,
-          value: encrypted,
-          encryptionKey
-        };
-        const decryptedData = _Cipher.decrypt(params);
-        import_fs.default.writeFileSync(filePath, decryptedData);
-        buff = next;
-      }
-    };
-    gunzip.on("data", (data) => {
-      compileFile(data.toString("utf8"));
-    });
-    return new Promise((resolve, reject) => {
-      gunzip.on("end", resolve);
-      gunzip.on("error", reject);
+  /**
+   * Converts a Latin-1 string to a Secret object.
+   * @param {string} str Latin-1 string.
+   * @returns {Secret} Secret object.
+   */
+  static fromLatin1(str) {
+    return new _Secret({
+      buffer: latin1ToBuf(str)
     });
   }
-};
-// packages/sdk/secrets.js
-var Secrets = class {
-  constructor(db) {
-    this.db = db;
+  /**
+   * Converts an UTF-8 string to a Secret object.
+   * @param {string} str UTF-8 string.
+   * @returns {Secret} Secret object.
+   */
+  static fromUTF8(str) {
+    return new _Secret({
+      buffer: utf8ToBuf(str)
+    });
   }
-  get secrets() {
-    return this.db.get("secrets", []);
+  /**
+   * Converts a base32 string to a Secret object.
+   * @param {string} str Base32 string.
+   * @returns {Secret} Secret object.
+   */
+  static fromBase32(str) {
+    return new _Secret({
+      buffer: base32ToBuf(str)
+    });
   }
-  set secrets(value) {
-    this.db.set("secrets", value);
+  /**
+   * Converts a hexadecimal string to a Secret object.
+   * @param {string} str Hexadecimal string.
+   * @returns {Secret} Secret object.
+   */
+  static fromHex(str) {
+    return new _Secret({
+      buffer: hexToBuf(str)
+    });
   }
-  async get(id) {
-    return this.secrets.find((secret) => secret.id == id);
+  /**
+   * Latin-1 string representation of secret key.
+   * @type {string}
+   */
+  get latin1() {
+    Object.defineProperty(this, "latin1", {
+      enumerable: true,
+      value: latin1FromBuf(this.buffer)
+    });
+    return this.latin1;
   }
-  async add(secret, encryptionKey) {
-    const { value, error } = createSecretSchema.validate(secret);
-    if (error) {
-      throw new Error(error);
-    }
-    const { encrypted, ...encryption } = Cipher.encrypt({
-      ...value,
-      encryptionKey
+  /**
+   * UTF-8 string representation of secret key.
+   * @type {string}
+   */
+  get utf8() {
+    Object.defineProperty(this, "utf8", {
+      enumerable: true,
+      value: utf8FromBuf(this.buffer)
     });
-    this.secrets = [
-      ...this.secrets,
-      { ...value, ...encryption, value: encrypted }
-    ];
+    return this.utf8;
   }
-  async remove(id) {
-    this.secrets = this.secrets.filter((secret) => secret.id != id);
+  /**
+   * Base32 string representation of secret key.
+   * @type {string}
+   */
+  get base32() {
+    Object.defineProperty(this, "base32", {
+      enumerable: true,
+      value: base32FromBuf(this.buffer)
+    });
+    return this.base32;
   }
-  async clear() {
-    this.secrets = [];
+  /**
+   * Hexadecimal string representation of secret key.
+   * @type {string}
+   */
+  get hex() {
+    Object.defineProperty(this, "hex", {
+      enumerable: true,
+      value: hexFromBuf(this.buffer)
+    });
+    return this.hex;
   }
 };
-// node_modules/.pnpm/conf@12.0.0/node_modules/conf/dist/source/index.js
-var import_node_util2 = require("node:util");
-var import_node_process7 = __toESM(require("node:process"), 1);
-var import_node_fs2 = __toESM(require("node:fs"), 1);
-var import_node_path4 = __toESM(require("node:path"), 1);
-var import_node_crypto2 = __toESM(require("node:crypto"), 1);
-var import_node_assert2 = __toESM(require("node:assert"), 1);
-// node_modules/.pnpm/dot-prop@8.0.2/node_modules/dot-prop/index.js
-var isObject = (value) => {
-  const type = typeof value;
-  return value !== null && (type === "object" || type === "function");
+var timingSafeEqual2 = (a, b) => {
+  if (crypto?.timingSafeEqual) {
+    return crypto.timingSafeEqual(globalScope.Buffer.from(a), globalScope.Buffer.from(b));
+  } else {
+    if (a.length !== b.length) {
+      throw new TypeError("Input strings must have the same length");
+    }
+    let i = -1;
+    let out = 0;
+    while (++i < a.length) {
+      out |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    }
+    return out === 0;
+  }
 };
-var disallowedKeys = /* @__PURE__ */ new Set([
-  "__proto__",
-  "prototype",
-  "constructor"
-]);
-var digits = new Set("0123456789");
-function getPathSegments(path5) {
-  const parts = [];
-  let currentSegment = "";
-  let currentPart = "start";
-  let isIgnoring = false;
-  for (const character of path5) {
-    switch (character) {
-      case "\\": {
-        if (currentPart === "index") {
-          throw new Error("Invalid character in an index");
-        }
-        if (currentPart === "indexEnd") {
-          throw new Error("Invalid character after an index");
-        }
-        if (isIgnoring) {
-          currentSegment += character;
-        }
-        currentPart = "property";
-        isIgnoring = !isIgnoring;
-        break;
-      }
-      case ".": {
-        if (currentPart === "index") {
-          throw new Error("Invalid character in an index");
-        }
-        if (currentPart === "indexEnd") {
-          currentPart = "property";
-          break;
-        }
-        if (isIgnoring) {
-          isIgnoring = false;
-          currentSegment += character;
-          break;
-        }
-        if (disallowedKeys.has(currentSegment)) {
-          return [];
-        }
-        parts.push(currentSegment);
-        currentSegment = "";
-        currentPart = "property";
-        break;
-      }
-      case "[": {
-        if (currentPart === "index") {
-          throw new Error("Invalid character in an index");
-        }
-        if (currentPart === "indexEnd") {
-          currentPart = "index";
-          break;
-        }
-        if (isIgnoring) {
-          isIgnoring = false;
-          currentSegment += character;
-          break;
-        }
-        if (currentPart === "property") {
-          if (disallowedKeys.has(currentSegment)) {
-            return [];
-          }
-          parts.push(currentSegment);
-          currentSegment = "";
-        }
-        currentPart = "index";
-        break;
-      }
-      case "]": {
-        if (currentPart === "index") {
-          parts.push(Number.parseInt(currentSegment, 10));
-          currentSegment = "";
-          currentPart = "indexEnd";
-          break;
-        }
-        if (currentPart === "indexEnd") {
-          throw new Error("Invalid character after an index");
-        }
-      }
-      default: {
-        if (currentPart === "index" && !digits.has(character)) {
-          throw new Error("Invalid character in an index");
-        }
-        if (currentPart === "indexEnd") {
-          throw new Error("Invalid character after an index");
-        }
-        if (currentPart === "start") {
-          currentPart = "property";
-        }
-        if (isIgnoring) {
-          isIgnoring = false;
-          currentSegment += "\\";
-        }
-        currentSegment += character;
-      }
-    }
+var HOTP = class _HOTP {
+  /**
+   * Default configuration.
+   * @type {{
+   *   issuer: string,
+   *   label: string,
+   *   issuerInLabel: boolean,
+   *   algorithm: string,
+   *   digits: number,
+   *   counter: number
+   *   window: number
+   * }}
+   */
+  static get defaults() {
+    return {
+      issuer: "",
+      label: "OTPAuth",
+      issuerInLabel: true,
+      algorithm: "SHA1",
+      digits: 6,
+      counter: 0,
+      window: 1
+    };
   }
-  if (isIgnoring) {
-    currentSegment += "\\";
+  /**
+   * Creates an HOTP object.
+   * @param {Object} [config] Configuration options.
+   * @param {string} [config.issuer=''] Account provider.
+   * @param {string} [config.label='OTPAuth'] Account label.
+   * @param {boolean} [config.issuerInLabel=true] Include issuer prefix in label.
+   * @param {Secret|string} [config.secret=Secret] Secret key.
+   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
+   * @param {number} [config.digits=6] Token length.
+   * @param {number} [config.counter=0] Initial counter value.
+   */
+  constructor({
+    issuer = _HOTP.defaults.issuer,
+    label = _HOTP.defaults.label,
+    issuerInLabel = _HOTP.defaults.issuerInLabel,
+    secret = new Secret(),
+    algorithm = _HOTP.defaults.algorithm,
+    digits: digits2 = _HOTP.defaults.digits,
+    counter = _HOTP.defaults.counter
+  } = {}) {
+    this.issuer = issuer;
+    this.label = label;
+    this.issuerInLabel = issuerInLabel;
+    this.secret = typeof secret === "string" ? Secret.fromBase32(secret) : secret;
+    this.algorithm = algorithm.toUpperCase();
+    this.digits = digits2;
+    this.counter = counter;
   }
-  switch (currentPart) {
-    case "property": {
-      if (disallowedKeys.has(currentSegment)) {
-        return [];
+  /**
+   * Generates an HOTP token.
+   * @param {Object} config Configuration options.
+   * @param {Secret} config.secret Secret key.
+   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
+   * @param {number} [config.digits=6] Token length.
+   * @param {number} [config.counter=0] Counter value.
+   * @returns {string} Token.
+   */
+  static generate({
+    secret,
+    algorithm = _HOTP.defaults.algorithm,
+    digits: digits2 = _HOTP.defaults.digits,
+    counter = _HOTP.defaults.counter
+  }) {
+    const digest = new Uint8Array(hmacDigest(algorithm, secret.buffer, uintToBuf(counter)));
+    const offset = digest[digest.byteLength - 1] & 15;
+    const otp = ((digest[offset] & 127) << 24 | (digest[offset + 1] & 255) << 16 | (digest[offset + 2] & 255) << 8 | digest[offset + 3] & 255) % 10 ** digits2;
+    return otp.toString().padStart(digits2, "0");
+  }
+  /**
+   * Generates an HOTP token.
+   * @param {Object} [config] Configuration options.
+   * @param {number} [config.counter=this.counter++] Counter value.
+   * @returns {string} Token.
+   */
+  generate({
+    counter = this.counter++
+  } = {}) {
+    return _HOTP.generate({
+      secret: this.secret,
+      algorithm: this.algorithm,
+      digits: this.digits,
+      counter
+    });
+  }
+  /**
+   * Validates an HOTP token.
+   * @param {Object} config Configuration options.
+   * @param {string} config.token Token value.
+   * @param {Secret} config.secret Secret key.
+   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
+   * @param {number} config.digits Token length.
+   * @param {number} [config.counter=0] Counter value.
+   * @param {number} [config.window=1] Window of counter values to test.
+   * @returns {number|null} Token delta or null if it is not found in the search window, in which case it should be considered invalid.
+   */
+  static validate({
+    token,
+    secret,
+    algorithm,
+    digits: digits2,
+    counter = _HOTP.defaults.counter,
+    window: window2 = _HOTP.defaults.window
+  }) {
+    if (token.length !== digits2)
+      return null;
+    let delta = null;
+    for (let i = counter - window2; i <= counter + window2; ++i) {
+      const generatedToken = _HOTP.generate({
+        secret,
+        algorithm,
+        digits: digits2,
+        counter: i
+      });
+      if (timingSafeEqual2(token, generatedToken)) {
+        delta = i - counter;
       }
-      parts.push(currentSegment);
-      break;
-    }
-    case "index": {
-      throw new Error("Index was not closed");
-    }
-    case "start": {
-      parts.push("");
-      break;
     }
+    return delta;
   }
-  return parts;
-}
-function isStringIndex(object, key) {
-  if (typeof key !== "number" && Array.isArray(object)) {
-    const index = Number.parseInt(key, 10);
-    return Number.isInteger(index) && object[index] === object[key];
+  /**
+   * Validates an HOTP token.
+   * @param {Object} config Configuration options.
+   * @param {string} config.token Token value.
+   * @param {number} [config.counter=this.counter] Counter value.
+   * @param {number} [config.window=1] Window of counter values to test.
+   * @returns {number|null} Token delta or null if it is not found in the search window, in which case it should be considered invalid.
+   */
+  validate({
+    token,
+    counter = this.counter,
+    window: window2
+  }) {
+    return _HOTP.validate({
+      token,
+      secret: this.secret,
+      algorithm: this.algorithm,
+      digits: this.digits,
+      counter,
+      window: window2
+    });
   }
-  return false;
-}
-function assertNotStringIndex(object, key) {
-  if (isStringIndex(object, key)) {
-    throw new Error("Cannot use string index");
+  /**
+   * Returns a Google Authenticator key URI.
+   * @returns {string} URI.
+   */
+  toString() {
+    const e = encodeURIComponent;
+    return `otpauth://hotp/${this.issuer.length > 0 ? this.issuerInLabel ? `${e(this.issuer)}:${e(this.label)}?issuer=${e(this.issuer)}&` : `${e(this.label)}?issuer=${e(this.issuer)}&` : `${e(this.label)}?`}secret=${e(this.secret.base32)}&algorithm=${e(this.algorithm)}&digits=${e(this.digits)}&counter=${e(this.counter)}`;
   }
-}
-function getProperty(object, path5, value) {
-  if (!isObject(object) || typeof path5 !== "string") {
-    return value === void 0 ? object : value;
+};
+var TOTP = class _TOTP {
+  /**
+   * Default configuration.
+   * @type {{
+   *   issuer: string,
+   *   label: string,
+   *   issuerInLabel: boolean,
+   *   algorithm: string,
+   *   digits: number,
+   *   period: number
+   *   window: number
+   * }}
+   */
+  static get defaults() {
+    return {
+      issuer: "",
+      label: "OTPAuth",
+      issuerInLabel: true,
+      algorithm: "SHA1",
+      digits: 6,
+      period: 30,
+      window: 1
+    };
   }
-  const pathArray = getPathSegments(path5);
-  if (pathArray.length === 0) {
-    return value;
+  /**
+   * Creates a TOTP object.
+   * @param {Object} [config] Configuration options.
+   * @param {string} [config.issuer=''] Account provider.
+   * @param {string} [config.label='OTPAuth'] Account label.
+   * @param {boolean} [config.issuerInLabel=true] Include issuer prefix in label.
+   * @param {Secret|string} [config.secret=Secret] Secret key.
+   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
+   * @param {number} [config.digits=6] Token length.
+   * @param {number} [config.period=30] Token time-step duration.
+   */
+  constructor({
+    issuer = _TOTP.defaults.issuer,
+    label = _TOTP.defaults.label,
+    issuerInLabel = _TOTP.defaults.issuerInLabel,
+    secret = new Secret(),
+    algorithm = _TOTP.defaults.algorithm,
+    digits: digits2 = _TOTP.defaults.digits,
+    period = _TOTP.defaults.period
+  } = {}) {
+    this.issuer = issuer;
+    this.label = label;
+    this.issuerInLabel = issuerInLabel;
+    this.secret = typeof secret === "string" ? Secret.fromBase32(secret) : secret;
+    this.algorithm = algorithm.toUpperCase();
+    this.digits = digits2;
+    this.period = period;
   }
-  for (let index = 0; index < pathArray.length; index++) {
-    const key = pathArray[index];
-    if (isStringIndex(object, key)) {
-      object = index === pathArray.length - 1 ? void 0 : null;
-    } else {
-      object = object[key];
-    }
-    if (object === void 0 || object === null) {
-      if (index !== pathArray.length - 1) {
-        return value;
-      }
-      break;
-    }
+  /**
+   * Generates a TOTP token.
+   * @param {Object} config Configuration options.
+   * @param {Secret} config.secret Secret key.
+   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
+   * @param {number} [config.digits=6] Token length.
+   * @param {number} [config.period=30] Token time-step duration.
+   * @param {number} [config.timestamp=Date.now] Timestamp value in milliseconds.
+   * @returns {string} Token.
+   */
+  static generate({
+    secret,
+    algorithm,
+    digits: digits2,
+    period = _TOTP.defaults.period,
+    timestamp = Date.now()
+  }) {
+    return HOTP.generate({
+      secret,
+      algorithm,
+      digits: digits2,
+      counter: Math.floor(timestamp / 1e3 / period)
+    });
   }
-  return object === void 0 ? value : object;
-}
-function setProperty(object, path5, value) {
-  if (!isObject(object) || typeof path5 !== "string") {
-    return object;
+  /**
+   * Generates a TOTP token.
+   * @param {Object} [config] Configuration options.
+   * @param {number} [config.timestamp=Date.now] Timestamp value in milliseconds.
+   * @returns {string} Token.
+   */
+  generate({
+    timestamp = Date.now()
+  } = {}) {
+    return _TOTP.generate({
+      secret: this.secret,
+      algorithm: this.algorithm,
+      digits: this.digits,
+      period: this.period,
+      timestamp
+    });
   }
-  const root = object;
-  const pathArray = getPathSegments(path5);
-  for (let index = 0; index < pathArray.length; index++) {
-    const key = pathArray[index];
-    assertNotStringIndex(object, key);
-    if (index === pathArray.length - 1) {
-      object[key] = value;
-    } else if (!isObject(object[key])) {
-      object[key] = typeof pathArray[index + 1] === "number" ? [] : {};
-    }
-    object = object[key];
+  /**
+   * Validates a TOTP token.
+   * @param {Object} config Configuration options.
+   * @param {string} config.token Token value.
+   * @param {Secret} config.secret Secret key.
+   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
+   * @param {number} config.digits Token length.
+   * @param {number} [config.period=30] Token time-step duration.
+   * @param {number} [config.timestamp=Date.now] Timestamp value in milliseconds.
+   * @param {number} [config.window=1] Window of counter values to test.
+   * @returns {number|null} Token delta or null if it is not found in the search window, in which case it should be considered invalid.
+   */
+  static validate({
+    token,
+    secret,
+    algorithm,
+    digits: digits2,
+    period = _TOTP.defaults.period,
+    timestamp = Date.now(),
+    window: window2
+  }) {
+    return HOTP.validate({
+      token,
+      secret,
+      algorithm,
+      digits: digits2,
+      counter: Math.floor(timestamp / 1e3 / period),
+      window: window2
+    });
   }
-  return root;
-}
-function deleteProperty(object, path5) {
-  if (!isObject(object) || typeof path5 !== "string") {
-    return false;
+  /**
+   * Validates a TOTP token.
+   * @param {Object} config Configuration options.
+   * @param {string} config.token Token value.
+   * @param {number} [config.timestamp=Date.now] Timestamp value in milliseconds.
+   * @param {number} [config.window=1] Window of counter values to test.
+   * @returns {number|null} Token delta or null if it is not found in the search window, in which case it should be considered invalid.
+   */
+  validate({
+    token,
+    timestamp,
+    window: window2
+  }) {
+    return _TOTP.validate({
+      token,
+      secret: this.secret,
+      algorithm: this.algorithm,
+      digits: this.digits,
+      period: this.period,
+      timestamp,
+      window: window2
+    });
   }
-  const pathArray = getPathSegments(path5);
-  for (let index = 0; index < pathArray.length; index++) {
-    const key = pathArray[index];
-    assertNotStringIndex(object, key);
-    if (index === pathArray.length - 1) {
-      delete object[key];
-      return true;
-    }
-    object = object[key];
-    if (!isObject(object)) {
-      return false;
-    }
+  /**
+   * Returns a Google Authenticator key URI.
+   * @returns {string} URI.
+   */
+  toString() {
+    const e = encodeURIComponent;
+    return `otpauth://totp/${this.issuer.length > 0 ? this.issuerInLabel ? `${e(this.issuer)}:${e(this.label)}?issuer=${e(this.issuer)}&` : `${e(this.label)}?issuer=${e(this.issuer)}&` : `${e(this.label)}?`}secret=${e(this.secret.base32)}&algorithm=${e(this.algorithm)}&digits=${e(this.digits)}&period=${e(this.period)}`;
   }
-}
-function hasProperty(object, path5) {
-  if (!isObject(object) || typeof path5 !== "string") {
-    return false;
+};
+// packages/sdk/otp.js
+var OTP = class {
+  constructor(secret) {
+    const options = {
+      issuer: "Autho",
+      label: secret.name,
+      algorithm: "SHA1",
+      digits: 6,
+      period: 30,
+      secret: secret.value
+    };
+    this.totp = new TOTP(options);
   }
-  const pathArray = getPathSegments(path5);
-  if (pathArray.length === 0) {
-    return false;
+  generate() {
+    return this.totp.generate();
   }
-  for (const key of pathArray) {
-    if (!isObject(object) || !(key in object) || isStringIndex(object, key)) {
-      return false;
-    }
-    object = object[key];
+  validate(token, window2 = 1) {
+    return this.totp.validate({ token, window: window2 });
   }
-  return true;
-}
+};
-// node_modules/.pnpm/env-paths@3.0.0/node_modules/env-paths/index.js
-var import_node_path = __toESM(require("node:path"), 1);
-var import_node_os2 = __toESM(require("node:os"), 1);
-var import_node_process2 = __toESM(require("node:process"), 1);
-var homedir = import_node_os2.default.homedir();
-var tmpdir = import_node_os2.default.tmpdir();
-var { env: env2 } = import_node_process2.default;
-var macos = (name) => {
-  const library = import_node_path.default.join(homedir, "Library");
-  return {
-    data: import_node_path.default.join(library, "Application Support", name),
-    config: import_node_path.default.join(library, "Preferences", name),
-    cache: import_node_path.default.join(library, "Caches", name),
-    log: import_node_path.default.join(library, "Logs", name),
-    temp: import_node_path.default.join(tmpdir, name)
-  };
-};
-var windows = (name) => {
-  const appData = env2.APPDATA || import_node_path.default.join(homedir, "AppData", "Roaming");
-  const localAppData = env2.LOCALAPPDATA || import_node_path.default.join(homedir, "AppData", "Local");
-  return {
-    // Data/config/cache/log are invented by me as Windows isn't opinionated about this
-    data: import_node_path.default.join(localAppData, name, "Data"),
-    config: import_node_path.default.join(appData, name, "Config"),
-    cache: import_node_path.default.join(localAppData, name, "Cache"),
-    log: import_node_path.default.join(localAppData, name, "Log"),
-    temp: import_node_path.default.join(tmpdir, name)
-  };
+// packages/cli/utils.js
+var prompt2 = inquirer_default.prompt;
+var ask = async ({ name = "", message = "", type = "input" }) => {
+  const answers = await inquirer_default.prompt([
+    {
+      name,
+      message,
+      type
+    }
+  ]);
+  return answers[name];
 };
-var linux = (name) => {
-  const username = import_node_path.default.basename(homedir);
-  return {
-    data: import_node_path.default.join(env2.XDG_DATA_HOME || import_node_path.default.join(homedir, ".local", "share"), name),
-    config: import_node_path.default.join(env2.XDG_CONFIG_HOME || import_node_path.default.join(homedir, ".config"), name),
-    cache: import_node_path.default.join(env2.XDG_CACHE_HOME || import_node_path.default.join(homedir, ".cache"), name),
-    // https://wiki.debian.org/XDGBaseDirectorySpecification#state
-    log: import_node_path.default.join(env2.XDG_STATE_HOME || import_node_path.default.join(homedir, ".local", "state"), name),
-    temp: import_node_path.default.join(tmpdir, username, name)
-  };
+var generateOTP = (secret) => {
+  const otp = new OTP(secret);
+  console.log("OTP code:", otp.generate());
 };
-function envPaths(name, { suffix = "nodejs" } = {}) {
-  if (typeof name !== "string") {
-    throw new TypeError(`Expected a string, got ${typeof name}`);
-  }
-  if (suffix) {
-    name += `-${suffix}`;
-  }
-  if (import_node_process2.default.platform === "darwin") {
-    return macos(name);
-  }
-  if (import_node_process2.default.platform === "win32") {
-    return windows(name);
-  }
-  return linux(name);
-}
-// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/index.js
-var import_node_path3 = __toESM(require("node:path"), 1);
+// packages/models/Secret.js
+var import_joi = __toESM(require_lib6(), 1);
+var import_node_crypto = require("node:crypto");
+var createSecretSchema = import_joi.default.object({
+  id: import_joi.default.string().default((0, import_node_crypto.randomUUID)()),
+  protected: import_joi.default.boolean().default(false),
+  name: import_joi.default.string().required(),
+  type: import_joi.default.string().required().valid("otp", "password", "note"),
+  value: import_joi.default.string().required(),
+  typeOptions: import_joi.default.object().default({}),
+  createdAt: import_joi.default.date().default(/* @__PURE__ */ new Date())
+});
-// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/index.js
-var import_node_fs = __toESM(require("node:fs"), 1);
-var import_node_util = require("node:util");
+// packages/sdk/cipher.js
+var import_crypto = __toESM(require("crypto"), 1);
+var import_fs = __toESM(require("fs"), 1);
+var import_path = __toESM(require("path"), 1);
+var import_zlib = __toESM(require("zlib"), 1);
-// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/attemptify.js
-var attemptifyAsync = (fn, onError) => {
-  return function attemptified(...args) {
-    return fn.apply(void 0, args).catch(onError);
-  };
-};
-var attemptifySync = (fn, onError) => {
-  return function attemptified(...args) {
-    try {
-      return fn.apply(void 0, args);
-    } catch (error) {
-      return onError(error);
-    }
-  };
+// packages/shared/config.js
+var import_dotenv = __toESM(require_main2(), 1);
+import_dotenv.default.config();
+var config_default = {
+  masterPasswordHash: process.env.AUTHO_MASTER_PASSWORD_HASH,
+  masterPassword: process.env.AUTHO_MASTER_PASSWORD,
+  randomSize: process.env.AUTHO_RANDOM_SIZE || 16,
+  encryptionALgo: process.env.AUTHO_ENCRYPTION_ALGO || "aes-256-gcm",
+  hashAlgo: process.env.AUTHO_HASH_ALGO || "sha256",
+  dataFolder: process.env.AUTHO_DATA_FOLDER,
+  name: process.env.AUTHO_COLLECTION_NAME || "default"
 };
-// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/constants.js
-var import_node_process3 = __toESM(require("node:process"), 1);
-var IS_USER_ROOT = import_node_process3.default.getuid ? !import_node_process3.default.getuid() : false;
-var LIMIT_FILES_DESCRIPTORS = 1e4;
-var NOOP = () => void 0;
-// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/handlers.js
-var Handlers = {
-  /* API */
-  isChangeErrorOk: (error) => {
-    if (!Handlers.isNodeError(error))
-      return false;
-    const { code } = error;
-    if (code === "ENOSYS")
-      return true;
-    if (!IS_USER_ROOT && (code === "EINVAL" || code === "EPERM"))
-      return true;
-    return false;
-  },
-  isNodeError: (error) => {
-    return error instanceof Error;
-  },
-  isRetriableError: (error) => {
-    if (!Handlers.isNodeError(error))
-      return false;
-    const { code } = error;
-    if (code === "EMFILE" || code === "ENFILE" || code === "EAGAIN" || code === "EBUSY" || code === "EACCESS" || code === "EACCES" || code === "EACCS" || code === "EPERM")
-      return true;
-    return false;
-  },
-  onChangeError: (error) => {
-    if (!Handlers.isNodeError(error))
-      throw error;
-    if (Handlers.isChangeErrorOk(error))
-      return;
-    throw error;
+// packages/sdk/cipher.js
+var Cipher = class _Cipher {
+  static hash(text, algorithm = config_default.hashAlgo, encoding = "hex") {
+    const hash = import_crypto.default.createHash(algorithm);
+    hash.update(text);
+    return hash.digest(encoding);
   }
-};
-var handlers_default = Handlers;
-// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/retryify_queue.js
-var RetryfyQueue = class {
-  constructor() {
-    this.interval = 25;
-    this.intervalId = void 0;
-    this.limit = LIMIT_FILES_DESCRIPTORS;
-    this.queueActive = /* @__PURE__ */ new Set();
-    this.queueWaiting = /* @__PURE__ */ new Set();
-    this.init = () => {
-      if (this.intervalId)
-        return;
-      this.intervalId = setInterval(this.tick, this.interval);
-    };
-    this.reset = () => {
-      if (!this.intervalId)
-        return;
-      clearInterval(this.intervalId);
-      delete this.intervalId;
-    };
-    this.add = (fn) => {
-      this.queueWaiting.add(fn);
-      if (this.queueActive.size < this.limit / 2) {
-        this.tick();
-      } else {
-        this.init();
-      }
-    };
-    this.remove = (fn) => {
-      this.queueWaiting.delete(fn);
-      this.queueActive.delete(fn);
-    };
-    this.schedule = () => {
-      return new Promise((resolve) => {
-        const cleanup = () => this.remove(resolver);
-        const resolver = () => resolve(cleanup);
-        this.add(resolver);
-      });
-    };
-    this.tick = () => {
-      if (this.queueActive.size >= this.limit)
-        return;
-      if (!this.queueWaiting.size)
-        return this.reset();
-      for (const fn of this.queueWaiting) {
-        if (this.queueActive.size >= this.limit)
-          break;
-        this.queueWaiting.delete(fn);
-        this.queueActive.add(fn);
-        fn();
-      }
+  static random(size = config_default.randomSize) {
+    const rnd = import_crypto.default.randomBytes(size);
+    return rnd;
+  }
+  static randomString(encoding = "hex") {
+    const rnd = _Cipher.random().toString(encoding);
+    return rnd;
+  }
+  static sign(text) {
+    const hash = _Cipher.hash(text);
+    const signature = `${hash.substring(0, 10)}:${hash.substring(hash.length - 10)}`;
+    return signature;
+  }
+  static verify(text, signature) {
+    const expectedSignature = _Cipher.sign(text);
+    return expectedSignature === signature;
+  }
+  static encrypt({
+    value,
+    encryptionKey,
+    algorithm = config_default.encryptionALgo,
+    encoding = "hex"
+  }) {
+    const publicKey = _Cipher.randomString();
+    let cipher = import_crypto.default.createCipheriv(
+      algorithm,
+      Buffer.from(encryptionKey, encoding),
+      Buffer.from(publicKey, encoding),
+      { authTagLength: 16 }
+    );
+    let encrypted = cipher.update(value);
+    encrypted = Buffer.concat([encrypted, cipher.final()]);
+    encrypted = encrypted.toString(encoding);
+    const authTag = cipher.getAuthTag().toString(encoding);
+    return {
+      publicKey,
+      encrypted,
+      algorithm,
+      signature: _Cipher.sign(value),
+      encoding,
+      authTag,
+      provider: "crypto",
+      platform: "autho"
     };
   }
-};
-var retryify_queue_default = new RetryfyQueue();
-// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/retryify.js
-var retryifyAsync = (fn, isRetriableError) => {
-  return function retrified(timestamp) {
-    return function attempt(...args) {
-      return retryify_queue_default.schedule().then((cleanup) => {
-        const onResolve = (result) => {
-          cleanup();
-          return result;
-        };
-        const onReject = (error) => {
-          cleanup();
-          if (Date.now() >= timestamp)
-            throw error;
-          if (isRetriableError(error)) {
-            const delay = Math.round(100 * Math.random());
-            const delayPromise = new Promise((resolve) => setTimeout(resolve, delay));
-            return delayPromise.then(() => attempt.apply(void 0, args));
-          }
-          throw error;
-        };
-        return fn.apply(void 0, args).then(onResolve, onReject);
-      });
+  static decrypt({
+    value,
+    publicKey,
+    encryptionKey,
+    signature = false,
+    algorithm = config_default.encryptionALgo,
+    authTag,
+    encoding = "hex"
+  }) {
+    value = Buffer.from(value, encoding);
+    let decipher = import_crypto.default.createDecipheriv(
+      algorithm,
+      Buffer.from(encryptionKey, encoding),
+      Buffer.from(publicKey, encoding),
+      { authTagLength: 16 }
+    );
+    if (authTag) {
+      decipher.setAuthTag(Buffer.from(authTag, encoding));
+    }
+    let decrypted = decipher.update(value);
+    decrypted = Buffer.concat([decrypted, decipher.final()]);
+    decrypted = decrypted.toString();
+    if (signature && !_Cipher.verify(decrypted, signature)) {
+      throw new Error("Invalid signature");
+    }
+    return decrypted;
+  }
+  static canDecrypt(options) {
+    return options.platform === "autho";
+  }
+  static encryptFile(inputFilePath, outputFilePath, encryptionKey) {
+    const inputBuffer = import_fs.default.readFileSync(inputFilePath);
+    const params = {
+      value: inputBuffer,
+      encryptionKey
     };
-  };
-};
-var retryifySync = (fn, isRetriableError) => {
-  return function retrified(timestamp) {
-    return function attempt(...args) {
-      try {
-        return fn.apply(void 0, args);
-      } catch (error) {
-        if (Date.now() > timestamp)
-          throw error;
-        if (isRetriableError(error))
-          return attempt.apply(void 0, args);
-        throw error;
+    const encryptedData = _Cipher.encrypt(params);
+    import_fs.default.writeFileSync(
+      outputFilePath,
+      Buffer.from(JSON.stringify(encryptedData)).toString("base64")
+    );
+  }
+  static decryptFile(inputFilePath, outputFilePath, encryptionKey) {
+    const inputFileContent = import_fs.default.readFileSync(inputFilePath);
+    const decoded = Buffer.from(
+      inputFileContent.toString("utf-8"),
+      "base64"
+    ).toString("utf-8");
+    const encryptedData = JSON.parse(decoded);
+    if (!_Cipher.canDecrypt(encryptedData)) {
+      throw new Error("Invalid file");
+    }
+    const params = {
+      ...encryptedData,
+      value: encryptedData.encrypted,
+      encryptionKey
+    };
+    const decryptedData = _Cipher.decrypt(params);
+    import_fs.default.writeFileSync(outputFilePath, decryptedData);
+  }
+  static encryptFolder({ inputFolderPath, outputFilePath, encryptionKey, algorithm = config_default.encryptionALgo, encoding = "hex" }) {
+    const outputStream = import_fs.default.createWriteStream(outputFilePath);
+    const gzip = import_zlib.default.createGzip();
+    gzip.pipe(outputStream);
+    const baseFolder = import_path.default.basename(inputFolderPath);
+    function traverseFolder(folderPath) {
+      const items = import_fs.default.readdirSync(folderPath);
+      for (const item of items) {
+        const itemPath = import_path.default.join(baseFolder, import_path.default.relative(inputFolderPath, import_path.default.join(folderPath, item)));
+        if (import_fs.default.statSync(itemPath).isDirectory()) {
+          traverseFolder(itemPath);
+        } else {
+          const fileContent = import_fs.default.readFileSync(itemPath);
+          const params = {
+            value: fileContent,
+            encryptionKey,
+            algorithm,
+            encoding
+          };
+          const encryptedData = _Cipher.encrypt(params);
+          const encrypted = encryptedData.encrypted;
+          delete encryptedData.encrypted;
+          const encryptionMeta = Buffer.from(JSON.stringify(encryptedData)).toString("base64");
+          gzip.write(`${itemPath}
+---
+${encrypted}
+---
+${encryptionMeta}
+:::
+`);
+        }
+      }
+    }
+    traverseFolder(inputFolderPath);
+    gzip.end();
+    return new Promise((resolve, reject) => {
+      outputStream.on("finish", resolve);
+      outputStream.on("error", reject);
+    });
+  }
+  static decryptFolder({ inputFilePath, outputFolderPath, encryptionKey }) {
+    const inputStream = import_fs.default.createReadStream(inputFilePath);
+    const gunzip = import_zlib.default.createGunzip();
+    inputStream.pipe(gunzip);
+    let buff = "";
+    const compileFile = (data) => {
+      buff += data;
+      if (buff.includes(":::")) {
+        const [file, next] = buff.split("\n:::\n");
+        let [filePath, encrypted, encryptionMeta] = file.split("\n---\n");
+        filePath = import_path.default.join(outputFolderPath, filePath);
+        try {
+          import_fs.default.mkdirSync(import_path.default.dirname(filePath), { recursive: true });
+        } catch (error) {
+        }
+        const decoded = Buffer.from(
+          encryptionMeta,
+          "base64"
+        ).toString("utf-8");
+        const metaData = JSON.parse(decoded);
+        const params = {
+          ...metaData,
+          value: encrypted,
+          encryptionKey
+        };
+        const decryptedData = _Cipher.decrypt(params);
+        import_fs.default.writeFileSync(filePath, decryptedData);
+        buff = next;
       }
     };
-  };
+    gunzip.on("data", (data) => {
+      compileFile(data.toString("utf8"));
+    });
+    return new Promise((resolve, reject) => {
+      gunzip.on("end", resolve);
+      gunzip.on("error", reject);
+    });
+  }
 };
-// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/index.js
-var FS = {
-  attempt: {
-    /* ASYNC */
-    chmod: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.chmod), handlers_default.onChangeError),
-    chown: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.chown), handlers_default.onChangeError),
-    close: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.close), NOOP),
-    fsync: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.fsync), NOOP),
-    mkdir: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.mkdir), NOOP),
-    realpath: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.realpath), NOOP),
-    stat: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.stat), NOOP),
-    unlink: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.unlink), NOOP),
-    /* SYNC */
-    chmodSync: attemptifySync(import_node_fs.default.chmodSync, handlers_default.onChangeError),
-    chownSync: attemptifySync(import_node_fs.default.chownSync, handlers_default.onChangeError),
-    closeSync: attemptifySync(import_node_fs.default.closeSync, NOOP),
-    existsSync: attemptifySync(import_node_fs.default.existsSync, NOOP),
-    fsyncSync: attemptifySync(import_node_fs.default.fsync, NOOP),
-    mkdirSync: attemptifySync(import_node_fs.default.mkdirSync, NOOP),
-    realpathSync: attemptifySync(import_node_fs.default.realpathSync, NOOP),
-    statSync: attemptifySync(import_node_fs.default.statSync, NOOP),
-    unlinkSync: attemptifySync(import_node_fs.default.unlinkSync, NOOP)
-  },
-  retry: {
-    /* ASYNC */
-    close: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.close), handlers_default.isRetriableError),
-    fsync: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.fsync), handlers_default.isRetriableError),
-    open: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.open), handlers_default.isRetriableError),
-    readFile: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.readFile), handlers_default.isRetriableError),
-    rename: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.rename), handlers_default.isRetriableError),
-    stat: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.stat), handlers_default.isRetriableError),
-    write: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.write), handlers_default.isRetriableError),
-    writeFile: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.writeFile), handlers_default.isRetriableError),
-    /* SYNC */
-    closeSync: retryifySync(import_node_fs.default.closeSync, handlers_default.isRetriableError),
-    fsyncSync: retryifySync(import_node_fs.default.fsyncSync, handlers_default.isRetriableError),
-    openSync: retryifySync(import_node_fs.default.openSync, handlers_default.isRetriableError),
-    readFileSync: retryifySync(import_node_fs.default.readFileSync, handlers_default.isRetriableError),
-    renameSync: retryifySync(import_node_fs.default.renameSync, handlers_default.isRetriableError),
-    statSync: retryifySync(import_node_fs.default.statSync, handlers_default.isRetriableError),
-    writeSync: retryifySync(import_node_fs.default.writeSync, handlers_default.isRetriableError),
-    writeFileSync: retryifySync(import_node_fs.default.writeFileSync, handlers_default.isRetriableError)
+// packages/sdk/secrets.js
+var Secrets = class {
+  constructor(db) {
+    this.db = db;
+  }
+  get secrets() {
+    return this.db.get("secrets", []);
+  }
+  set secrets(value) {
+    this.db.set("secrets", value);
+  }
+  async get(id) {
+    return this.secrets.find((secret) => secret.id == id);
+  }
+  async add(secret, encryptionKey) {
+    const { value, error } = createSecretSchema.validate(secret);
+    if (error) {
+      throw new Error(error);
+    }
+    const { encrypted, ...encryption } = Cipher.encrypt({
+      ...value,
+      encryptionKey
+    });
+    const newSecret = { ...value, ...encryption, value: encrypted };
+    this.secrets = [
+      ...this.secrets,
+      newSecret
+    ];
+    return newSecret;
+  }
+  async remove(id) {
+    this.secrets = this.secrets.filter((secret) => secret.id != id);
+  }
+  async clear() {
+    this.secrets = [];
   }
 };
-var dist_default = FS;
-// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/constants.js
-var import_node_os3 = __toESM(require("node:os"), 1);
-var import_node_process4 = __toESM(require("node:process"), 1);
-var DEFAULT_ENCODING = "utf8";
-var DEFAULT_FILE_MODE = 438;
-var DEFAULT_FOLDER_MODE = 511;
-var DEFAULT_WRITE_OPTIONS = {};
-var DEFAULT_USER_UID = import_node_os3.default.userInfo().uid;
-var DEFAULT_USER_GID = import_node_os3.default.userInfo().gid;
-var DEFAULT_TIMEOUT_SYNC = 1e3;
-var IS_POSIX = !!import_node_process4.default.getuid;
-var IS_USER_ROOT2 = import_node_process4.default.getuid ? !import_node_process4.default.getuid() : false;
-var LIMIT_BASENAME_LENGTH = 128;
+// node_modules/.pnpm/conf@12.0.0/node_modules/conf/dist/source/index.js
+var import_node_util2 = require("node:util");
+var import_node_process7 = __toESM(require("node:process"), 1);
+var import_node_fs2 = __toESM(require("node:fs"), 1);
+var import_node_path4 = __toESM(require("node:path"), 1);
+var import_node_crypto2 = __toESM(require("node:crypto"), 1);
+var import_node_assert2 = __toESM(require("node:assert"), 1);
-// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/utils/lang.js
-var isException = (value) => {
-  return value instanceof Error && "code" in value;
+// node_modules/.pnpm/dot-prop@8.0.2/node_modules/dot-prop/index.js
+var isObject = (value) => {
+  const type = typeof value;
+  return value !== null && (type === "object" || type === "function");
 };
-var isString = (value) => {
-  return typeof value === "string";
-};
-var isUndefined = (value) => {
-  return value === void 0;
-};
-// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/utils/temp.js
-var import_node_path2 = __toESM(require("node:path"), 1);
-// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/interceptor.js
-var import_node_process6 = __toESM(require("node:process"), 1);
-// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/constants.js
-var import_node_process5 = __toESM(require("node:process"), 1);
-var IS_LINUX = import_node_process5.default.platform === "linux";
-var IS_WINDOWS = import_node_process5.default.platform === "win32";
-// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/signals.js
-var Signals = ["SIGABRT", "SIGALRM", "SIGHUP", "SIGINT", "SIGTERM"];
-if (!IS_WINDOWS) {
-  Signals.push("SIGVTALRM", "SIGXCPU", "SIGXFSZ", "SIGUSR2", "SIGTRAP", "SIGSYS", "SIGQUIT", "SIGIOT");
-}
-if (IS_LINUX) {
-  Signals.push("SIGIO", "SIGPOLL", "SIGPWR", "SIGSTKFLT", "SIGUNUSED");
-}
-var signals_default = Signals;
-// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/interceptor.js
-var Interceptor = class {
-  /* CONSTRUCTOR */
-  constructor() {
-    this.callbacks = /* @__PURE__ */ new Set();
-    this.exited = false;
-    this.exit = (signal) => {
-      if (this.exited)
-        return;
-      this.exited = true;
-      for (const callback of this.callbacks) {
-        callback();
+var disallowedKeys = /* @__PURE__ */ new Set([
+  "__proto__",
+  "prototype",
+  "constructor"
+]);
+var digits = new Set("0123456789");
+function getPathSegments(path5) {
+  const parts = [];
+  let currentSegment = "";
+  let currentPart = "start";
+  let isIgnoring = false;
+  for (const character of path5) {
+    switch (character) {
+      case "\\": {
+        if (currentPart === "index") {
+          throw new Error("Invalid character in an index");
+        }
+        if (currentPart === "indexEnd") {
+          throw new Error("Invalid character after an index");
+        }
+        if (isIgnoring) {
+          currentSegment += character;
+        }
+        currentPart = "property";
+        isIgnoring = !isIgnoring;
+        break;
       }
-      if (signal) {
-        if (IS_WINDOWS && (signal !== "SIGINT" && signal !== "SIGTERM" && signal !== "SIGKILL")) {
-          import_node_process6.default.kill(import_node_process6.default.pid, "SIGTERM");
-        } else {
-          import_node_process6.default.kill(import_node_process6.default.pid, signal);
+      case ".": {
+        if (currentPart === "index") {
+          throw new Error("Invalid character in an index");
+        }
+        if (currentPart === "indexEnd") {
+          currentPart = "property";
+          break;
+        }
+        if (isIgnoring) {
+          isIgnoring = false;
+          currentSegment += character;
+          break;
+        }
+        if (disallowedKeys.has(currentSegment)) {
+          return [];
         }
+        parts.push(currentSegment);
+        currentSegment = "";
+        currentPart = "property";
+        break;
       }
-    };
-    this.hook = () => {
-      import_node_process6.default.once("exit", () => this.exit());
-      for (const signal of signals_default) {
-        import_node_process6.default.once(signal, () => this.exit(signal));
+      case "[": {
+        if (currentPart === "index") {
+          throw new Error("Invalid character in an index");
+        }
+        if (currentPart === "indexEnd") {
+          currentPart = "index";
+          break;
+        }
+        if (isIgnoring) {
+          isIgnoring = false;
+          currentSegment += character;
+          break;
+        }
+        if (currentPart === "property") {
+          if (disallowedKeys.has(currentSegment)) {
+            return [];
+          }
+          parts.push(currentSegment);
+          currentSegment = "";
+        }
+        currentPart = "index";
+        break;
       }
-    };
-    this.register = (callback) => {
-      this.callbacks.add(callback);
-      return () => {
-        this.callbacks.delete(callback);
-      };
-    };
-    this.hook();
-  }
-};
-var interceptor_default = new Interceptor();
-// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/index.js
-var whenExit = interceptor_default.register;
-var node_default = whenExit;
-// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/utils/temp.js
-var Temp = {
-  /* VARIABLES */
-  store: {},
-  /* API */
-  create: (filePath) => {
-    const randomness = `000000${Math.floor(Math.random() * 16777215).toString(16)}`.slice(-6);
-    const timestamp = Date.now().toString().slice(-10);
-    const prefix = "tmp-";
-    const suffix = `.${prefix}${timestamp}${randomness}`;
-    const tempPath = `${filePath}${suffix}`;
-    return tempPath;
-  },
-  get: (filePath, creator, purge = true) => {
-    const tempPath = Temp.truncate(creator(filePath));
-    if (tempPath in Temp.store)
-      return Temp.get(filePath, creator, purge);
-    Temp.store[tempPath] = purge;
-    const disposer = () => delete Temp.store[tempPath];
-    return [tempPath, disposer];
-  },
-  purge: (filePath) => {
-    if (!Temp.store[filePath])
-      return;
-    delete Temp.store[filePath];
-    dist_default.attempt.unlink(filePath);
-  },
-  purgeSync: (filePath) => {
-    if (!Temp.store[filePath])
-      return;
-    delete Temp.store[filePath];
-    dist_default.attempt.unlinkSync(filePath);
-  },
-  purgeSyncAll: () => {
-    for (const filePath in Temp.store) {
-      Temp.purgeSync(filePath);
-    }
-  },
-  truncate: (filePath) => {
-    const basename2 = import_node_path2.default.basename(filePath);
-    if (basename2.length <= LIMIT_BASENAME_LENGTH)
-      return filePath;
-    const truncable = /^(\.?)(.*?)((?:\.[^.]+)?(?:\.tmp-\d{10}[a-f0-9]{6})?)$/.exec(basename2);
-    if (!truncable)
-      return filePath;
-    const truncationLength = basename2.length - LIMIT_BASENAME_LENGTH;
-    return `${filePath.slice(0, -basename2.length)}${truncable[1]}${truncable[2].slice(0, -truncationLength)}${truncable[3]}`;
-  }
-};
-node_default(Temp.purgeSyncAll);
-var temp_default = Temp;
-// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/index.js
-function writeFileSync(filePath, data, options = DEFAULT_WRITE_OPTIONS) {
-  if (isString(options))
-    return writeFileSync(filePath, data, { encoding: options });
-  const timeout = Date.now() + ((options.timeout ?? DEFAULT_TIMEOUT_SYNC) || -1);
-  let tempDisposer = null;
-  let tempPath = null;
-  let fd = null;
-  try {
-    const filePathReal = dist_default.attempt.realpathSync(filePath);
-    const filePathExists = !!filePathReal;
-    filePath = filePathReal || filePath;
-    [tempPath, tempDisposer] = temp_default.get(filePath, options.tmpCreate || temp_default.create, !(options.tmpPurge === false));
-    const useStatChown = IS_POSIX && isUndefined(options.chown);
-    const useStatMode = isUndefined(options.mode);
-    if (filePathExists && (useStatChown || useStatMode)) {
-      const stats = dist_default.attempt.statSync(filePath);
-      if (stats) {
-        options = { ...options };
-        if (useStatChown) {
-          options.chown = { uid: stats.uid, gid: stats.gid };
+      case "]": {
+        if (currentPart === "index") {
+          parts.push(Number.parseInt(currentSegment, 10));
+          currentSegment = "";
+          currentPart = "indexEnd";
+          break;
         }
-        if (useStatMode) {
-          options.mode = stats.mode;
+        if (currentPart === "indexEnd") {
+          throw new Error("Invalid character after an index");
+        }
+      }
+      default: {
+        if (currentPart === "index" && !digits.has(character)) {
+          throw new Error("Invalid character in an index");
+        }
+        if (currentPart === "indexEnd") {
+          throw new Error("Invalid character after an index");
         }
+        if (currentPart === "start") {
+          currentPart = "property";
+        }
+        if (isIgnoring) {
+          isIgnoring = false;
+          currentSegment += "\\";
+        }
+        currentSegment += character;
       }
     }
-    if (!filePathExists) {
-      const parentPath = import_node_path3.default.dirname(filePath);
-      dist_default.attempt.mkdirSync(parentPath, {
-        mode: DEFAULT_FOLDER_MODE,
-        recursive: true
-      });
+  }
+  if (isIgnoring) {
+    currentSegment += "\\";
+  }
+  switch (currentPart) {
+    case "property": {
+      if (disallowedKeys.has(currentSegment)) {
+        return [];
+      }
+      parts.push(currentSegment);
+      break;
     }
-    fd = dist_default.retry.openSync(timeout)(tempPath, "w", options.mode || DEFAULT_FILE_MODE);
-    if (options.tmpCreated) {
-      options.tmpCreated(tempPath);
+    case "index": {
+      throw new Error("Index was not closed");
     }
-    if (isString(data)) {
-      dist_default.retry.writeSync(timeout)(fd, data, 0, options.encoding || DEFAULT_ENCODING);
-    } else if (!isUndefined(data)) {
-      dist_default.retry.writeSync(timeout)(fd, data, 0, data.length, 0);
-    }
-    if (options.fsync !== false) {
-      if (options.fsyncWait !== false) {
-        dist_default.retry.fsyncSync(timeout)(fd);
-      } else {
-        dist_default.attempt.fsync(fd);
-      }
-    }
-    dist_default.retry.closeSync(timeout)(fd);
-    fd = null;
-    if (options.chown && (options.chown.uid !== DEFAULT_USER_UID || options.chown.gid !== DEFAULT_USER_GID)) {
-      dist_default.attempt.chownSync(tempPath, options.chown.uid, options.chown.gid);
-    }
-    if (options.mode && options.mode !== DEFAULT_FILE_MODE) {
-      dist_default.attempt.chmodSync(tempPath, options.mode);
-    }
-    try {
-      dist_default.retry.renameSync(timeout)(tempPath, filePath);
-    } catch (error) {
-      if (!isException(error))
-        throw error;
-      if (error.code !== "ENAMETOOLONG")
-        throw error;
-      dist_default.retry.renameSync(timeout)(tempPath, temp_default.truncate(filePath));
+    case "start": {
+      parts.push("");
+      break;
     }
-    tempDisposer();
-    tempPath = null;
-  } finally {
-    if (fd)
-      dist_default.attempt.closeSync(fd);
-    if (tempPath)
-      temp_default.purge(tempPath);
   }
+  return parts;
 }
-// node_modules/.pnpm/conf@12.0.0/node_modules/conf/dist/source/index.js
-var import_ajv = __toESM(require_ajv(), 1);
-var import_ajv_formats = __toESM(require_dist(), 1);
-// node_modules/.pnpm/mimic-fn@4.0.0/node_modules/mimic-fn/index.js
-var copyProperty = (to, from3, property, ignoreNonConfigurable) => {
-  if (property === "length" || property === "prototype") {
-    return;
-  }
-  if (property === "arguments" || property === "caller") {
-    return;
-  }
-  const toDescriptor = Object.getOwnPropertyDescriptor(to, property);
-  const fromDescriptor = Object.getOwnPropertyDescriptor(from3, property);
-  if (!canCopyProperty(toDescriptor, fromDescriptor) && ignoreNonConfigurable) {
-    return;
-  }
-  Object.defineProperty(to, property, fromDescriptor);
-};
-var canCopyProperty = function(toDescriptor, fromDescriptor) {
-  return toDescriptor === void 0 || toDescriptor.configurable || toDescriptor.writable === fromDescriptor.writable && toDescriptor.enumerable === fromDescriptor.enumerable && toDescriptor.configurable === fromDescriptor.configurable && (toDescriptor.writable || toDescriptor.value === fromDescriptor.value);
-};
-var changePrototype = (to, from3) => {
-  const fromPrototype = Object.getPrototypeOf(from3);
-  if (fromPrototype === Object.getPrototypeOf(to)) {
-    return;
+function isStringIndex(object, key) {
+  if (typeof key !== "number" && Array.isArray(object)) {
+    const index = Number.parseInt(key, 10);
+    return Number.isInteger(index) && object[index] === object[key];
   }
-  Object.setPrototypeOf(to, fromPrototype);
-};
-var wrappedToString = (withName, fromBody) => `/* Wrapped ${withName}*/
-${fromBody}`;
-var toStringDescriptor = Object.getOwnPropertyDescriptor(Function.prototype, "toString");
-var toStringName = Object.getOwnPropertyDescriptor(Function.prototype.toString, "name");
-var changeToString = (to, from3, name) => {
-  const withName = name === "" ? "" : `with ${name.trim()}() `;
-  const newToString = wrappedToString.bind(null, withName, from3.toString());
-  Object.defineProperty(newToString, "name", toStringName);
-  Object.defineProperty(to, "toString", { ...toStringDescriptor, value: newToString });
-};
-function mimicFunction(to, from3, { ignoreNonConfigurable = false } = {}) {
-  const { name } = to;
-  for (const property of Reflect.ownKeys(from3)) {
-    copyProperty(to, from3, property, ignoreNonConfigurable);
+  return false;
+}
+function assertNotStringIndex(object, key) {
+  if (isStringIndex(object, key)) {
+    throw new Error("Cannot use string index");
   }
-  changePrototype(to, from3);
-  changeToString(to, from3, name);
-  return to;
 }
-// node_modules/.pnpm/debounce-fn@5.1.2/node_modules/debounce-fn/index.js
-var debounceFn = (inputFunction, options = {}) => {
-  if (typeof inputFunction !== "function") {
-    throw new TypeError(`Expected the first argument to be a function, got \`${typeof inputFunction}\``);
+function getProperty(object, path5, value) {
+  if (!isObject(object) || typeof path5 !== "string") {
+    return value === void 0 ? object : value;
   }
-  const {
-    wait = 0,
-    maxWait = Number.POSITIVE_INFINITY,
-    before = false,
-    after = true
-  } = options;
-  if (!before && !after) {
-    throw new Error("Both `before` and `after` are false, function wouldn't be called.");
+  const pathArray = getPathSegments(path5);
+  if (pathArray.length === 0) {
+    return value;
   }
-  let timeout;
-  let maxTimeout;
-  let result;
-  const debouncedFunction = function(...arguments_) {
-    const context = this;
-    const later = () => {
-      timeout = void 0;
-      if (maxTimeout) {
-        clearTimeout(maxTimeout);
-        maxTimeout = void 0;
-      }
-      if (after) {
-        result = inputFunction.apply(context, arguments_);
-      }
-    };
-    const maxLater = () => {
-      maxTimeout = void 0;
-      if (timeout) {
-        clearTimeout(timeout);
-        timeout = void 0;
-      }
-      if (after) {
-        result = inputFunction.apply(context, arguments_);
+  for (let index = 0; index < pathArray.length; index++) {
+    const key = pathArray[index];
+    if (isStringIndex(object, key)) {
+      object = index === pathArray.length - 1 ? void 0 : null;
+    } else {
+      object = object[key];
+    }
+    if (object === void 0 || object === null) {
+      if (index !== pathArray.length - 1) {
+        return value;
       }
-    };
-    const shouldCallNow = before && !timeout;
-    clearTimeout(timeout);
-    timeout = setTimeout(later, wait);
-    if (maxWait > 0 && maxWait !== Number.POSITIVE_INFINITY && !maxTimeout) {
-      maxTimeout = setTimeout(maxLater, maxWait);
+      break;
     }
-    if (shouldCallNow) {
-      result = inputFunction.apply(context, arguments_);
+  }
+  return object === void 0 ? value : object;
+}
+function setProperty(object, path5, value) {
+  if (!isObject(object) || typeof path5 !== "string") {
+    return object;
+  }
+  const root = object;
+  const pathArray = getPathSegments(path5);
+  for (let index = 0; index < pathArray.length; index++) {
+    const key = pathArray[index];
+    assertNotStringIndex(object, key);
+    if (index === pathArray.length - 1) {
+      object[key] = value;
+    } else if (!isObject(object[key])) {
+      object[key] = typeof pathArray[index + 1] === "number" ? [] : {};
     }
-    return result;
-  };
-  mimicFunction(debouncedFunction, inputFunction);
-  debouncedFunction.cancel = () => {
-    if (timeout) {
-      clearTimeout(timeout);
-      timeout = void 0;
+    object = object[key];
+  }
+  return root;
+}
+function deleteProperty(object, path5) {
+  if (!isObject(object) || typeof path5 !== "string") {
+    return false;
+  }
+  const pathArray = getPathSegments(path5);
+  for (let index = 0; index < pathArray.length; index++) {
+    const key = pathArray[index];
+    assertNotStringIndex(object, key);
+    if (index === pathArray.length - 1) {
+      delete object[key];
+      return true;
     }
-    if (maxTimeout) {
-      clearTimeout(maxTimeout);
-      maxTimeout = void 0;
+    object = object[key];
+    if (!isObject(object)) {
+      return false;
     }
-  };
-  return debouncedFunction;
-};
-var debounce_fn_default = debounceFn;
-// node_modules/.pnpm/conf@12.0.0/node_modules/conf/dist/source/index.js
-var import_semver = __toESM(require_semver2(), 1);
-// node_modules/.pnpm/uint8array-extras@0.3.0/node_modules/uint8array-extras/index.js
-var objectToString = Object.prototype.toString;
-function isUint8Array(value) {
-  return value && objectToString.call(value) === "[object Uint8Array]";
-}
-function assertUint8Array(value) {
-  if (!isUint8Array(value)) {
-    throw new TypeError(`Expected \`Uint8Array\`, got \`${typeof value}\``);
   }
 }
-function concatUint8Arrays(arrays, totalLength) {
-  if (arrays.length === 0) {
-    return new Uint8Array(0);
+function hasProperty(object, path5) {
+  if (!isObject(object) || typeof path5 !== "string") {
+    return false;
   }
-  totalLength ??= arrays.reduce((accumulator, currentValue) => accumulator + currentValue.length, 0);
-  const returnValue = new Uint8Array(totalLength);
-  let offset = 0;
-  for (const array of arrays) {
-    assertUint8Array(array);
-    returnValue.set(array, offset);
-    offset += array.length;
+  const pathArray = getPathSegments(path5);
+  if (pathArray.length === 0) {
+    return false;
   }
-  return returnValue;
-}
-function uint8ArrayToString(array) {
-  assertUint8Array(array);
-  return new globalThis.TextDecoder().decode(array);
-}
-function assertString(value) {
-  if (typeof value !== "string") {
-    throw new TypeError(`Expected \`string\`, got \`${typeof value}\``);
+  for (const key of pathArray) {
+    if (!isObject(object) || !(key in object) || isStringIndex(object, key)) {
+      return false;
+    }
+    object = object[key];
   }
+  return true;
 }
-function stringToUint8Array(string) {
-  assertString(string);
-  return new globalThis.TextEncoder().encode(string);
-}
-var byteToHexLookupTable = Array.from({ length: 256 }, (_3, index) => index.toString(16).padStart(2, "0"));
-// node_modules/.pnpm/conf@12.0.0/node_modules/conf/dist/source/index.js
-var Ajv = import_ajv.default.default;
-var ajvFormats = import_ajv_formats.default.default;
-var encryptionAlgorithm = "aes-256-cbc";
-var createPlainObject = () => /* @__PURE__ */ Object.create(null);
-var isExist = (data) => data !== void 0 && data !== null;
-var checkValueType = (key, value) => {
-  const nonJsonTypes = /* @__PURE__ */ new Set([
-    "undefined",
-    "symbol",
-    "function"
-  ]);
-  const type = typeof value;
-  if (nonJsonTypes.has(type)) {
-    throw new TypeError(`Setting a value of type \`${type}\` for key \`${key}\` is not allowed as it's not supported by JSON`);
+// node_modules/.pnpm/env-paths@3.0.0/node_modules/env-paths/index.js
+var import_node_path = __toESM(require("node:path"), 1);
+var import_node_os2 = __toESM(require("node:os"), 1);
+var import_node_process2 = __toESM(require("node:process"), 1);
+var homedir = import_node_os2.default.homedir();
+var tmpdir = import_node_os2.default.tmpdir();
+var { env: env2 } = import_node_process2.default;
+var macos = (name) => {
+  const library = import_node_path.default.join(homedir, "Library");
+  return {
+    data: import_node_path.default.join(library, "Application Support", name),
+    config: import_node_path.default.join(library, "Preferences", name),
+    cache: import_node_path.default.join(library, "Caches", name),
+    log: import_node_path.default.join(library, "Logs", name),
+    temp: import_node_path.default.join(tmpdir, name)
+  };
+};
+var windows = (name) => {
+  const appData = env2.APPDATA || import_node_path.default.join(homedir, "AppData", "Roaming");
+  const localAppData = env2.LOCALAPPDATA || import_node_path.default.join(homedir, "AppData", "Local");
+  return {
+    // Data/config/cache/log are invented by me as Windows isn't opinionated about this
+    data: import_node_path.default.join(localAppData, name, "Data"),
+    config: import_node_path.default.join(appData, name, "Config"),
+    cache: import_node_path.default.join(localAppData, name, "Cache"),
+    log: import_node_path.default.join(localAppData, name, "Log"),
+    temp: import_node_path.default.join(tmpdir, name)
+  };
+};
+var linux = (name) => {
+  const username = import_node_path.default.basename(homedir);
+  return {
+    data: import_node_path.default.join(env2.XDG_DATA_HOME || import_node_path.default.join(homedir, ".local", "share"), name),
+    config: import_node_path.default.join(env2.XDG_CONFIG_HOME || import_node_path.default.join(homedir, ".config"), name),
+    cache: import_node_path.default.join(env2.XDG_CACHE_HOME || import_node_path.default.join(homedir, ".cache"), name),
+    // https://wiki.debian.org/XDGBaseDirectorySpecification#state
+    log: import_node_path.default.join(env2.XDG_STATE_HOME || import_node_path.default.join(homedir, ".local", "state"), name),
+    temp: import_node_path.default.join(tmpdir, username, name)
+  };
+};
+function envPaths(name, { suffix = "nodejs" } = {}) {
+  if (typeof name !== "string") {
+    throw new TypeError(`Expected a string, got ${typeof name}`);
+  }
+  if (suffix) {
+    name += `-${suffix}`;
+  }
+  if (import_node_process2.default.platform === "darwin") {
+    return macos(name);
+  }
+  if (import_node_process2.default.platform === "win32") {
+    return windows(name);
   }
+  return linux(name);
+}
+// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/index.js
+var import_node_path3 = __toESM(require("node:path"), 1);
+// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/index.js
+var import_node_fs = __toESM(require("node:fs"), 1);
+var import_node_util = require("node:util");
+// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/attemptify.js
+var attemptifyAsync = (fn, onError) => {
+  return function attemptified(...args) {
+    return fn.apply(void 0, args).catch(onError);
+  };
 };
-var INTERNAL_KEY = "__internal__";
-var MIGRATION_KEY = `${INTERNAL_KEY}.migrations.version`;
-var Conf = class {
-  path;
-  events;
-  #validator;
-  #encryptionKey;
-  #options;
-  #defaultValues = {};
-  constructor(partialOptions = {}) {
-    const options = {
-      configName: "config",
-      fileExtension: "json",
-      projectSuffix: "nodejs",
-      clearInvalidConfig: false,
-      accessPropertiesByDotNotation: true,
-      configFileMode: 438,
-      ...partialOptions
-    };
-    if (!options.cwd) {
-      if (!options.projectName) {
-        throw new Error("Please specify the `projectName` option.");
-      }
-      options.cwd = envPaths(options.projectName, { suffix: options.projectSuffix }).config;
-    }
-    this.#options = options;
-    if (options.schema) {
-      if (typeof options.schema !== "object") {
-        throw new TypeError("The `schema` option must be an object.");
-      }
-      const ajv = new Ajv({
-        allErrors: true,
-        useDefaults: true
-      });
-      ajvFormats(ajv);
-      const schema = {
-        type: "object",
-        properties: options.schema
-      };
-      this.#validator = ajv.compile(schema);
-      for (const [key, value] of Object.entries(options.schema)) {
-        if (value?.default) {
-          this.#defaultValues[key] = value.default;
-        }
-      }
-    }
-    if (options.defaults) {
-      this.#defaultValues = {
-        ...this.#defaultValues,
-        ...options.defaults
-      };
-    }
-    if (options.serialize) {
-      this._serialize = options.serialize;
-    }
-    if (options.deserialize) {
-      this._deserialize = options.deserialize;
-    }
-    this.events = new EventTarget();
-    this.#encryptionKey = options.encryptionKey;
-    const fileExtension = options.fileExtension ? `.${options.fileExtension}` : "";
-    this.path = import_node_path4.default.resolve(options.cwd, `${options.configName ?? "config"}${fileExtension}`);
-    const fileStore = this.store;
-    const store = Object.assign(createPlainObject(), options.defaults, fileStore);
-    this._validate(store);
+var attemptifySync = (fn, onError) => {
+  return function attemptified(...args) {
     try {
-      import_node_assert2.default.deepEqual(fileStore, store);
-    } catch {
-      this.store = store;
-    }
-    if (options.watch) {
-      this._watch();
-    }
-    if (options.migrations) {
-      if (!options.projectVersion) {
-        throw new Error("Please specify the `projectVersion` option.");
-      }
-      this._migrate(options.migrations, options.projectVersion, options.beforeEachMigration);
-    }
-  }
-  get(key, defaultValue) {
-    if (this.#options.accessPropertiesByDotNotation) {
-      return this._get(key, defaultValue);
+      return fn.apply(void 0, args);
+    } catch (error) {
+      return onError(error);
     }
-    const { store } = this;
-    return key in store ? store[key] : defaultValue;
+  };
+};
+// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/constants.js
+var import_node_process3 = __toESM(require("node:process"), 1);
+var IS_USER_ROOT = import_node_process3.default.getuid ? !import_node_process3.default.getuid() : false;
+var LIMIT_FILES_DESCRIPTORS = 1e4;
+var NOOP = () => void 0;
+// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/handlers.js
+var Handlers = {
+  /* API */
+  isChangeErrorOk: (error) => {
+    if (!Handlers.isNodeError(error))
+      return false;
+    const { code } = error;
+    if (code === "ENOSYS")
+      return true;
+    if (!IS_USER_ROOT && (code === "EINVAL" || code === "EPERM"))
+      return true;
+    return false;
+  },
+  isNodeError: (error) => {
+    return error instanceof Error;
+  },
+  isRetriableError: (error) => {
+    if (!Handlers.isNodeError(error))
+      return false;
+    const { code } = error;
+    if (code === "EMFILE" || code === "ENFILE" || code === "EAGAIN" || code === "EBUSY" || code === "EACCESS" || code === "EACCES" || code === "EACCS" || code === "EPERM")
+      return true;
+    return false;
+  },
+  onChangeError: (error) => {
+    if (!Handlers.isNodeError(error))
+      throw error;
+    if (Handlers.isChangeErrorOk(error))
+      return;
+    throw error;
   }
-  set(key, value) {
-    if (typeof key !== "string" && typeof key !== "object") {
-      throw new TypeError(`Expected \`key\` to be of type \`string\` or \`object\`, got ${typeof key}`);
-    }
-    if (typeof key !== "object" && value === void 0) {
-      throw new TypeError("Use `delete()` to clear values");
-    }
-    if (this._containsReservedKey(key)) {
-      throw new TypeError(`Please don't use the ${INTERNAL_KEY} key, as it's used to manage this module internal operations.`);
-    }
-    const { store } = this;
-    const set2 = (key2, value2) => {
-      checkValueType(key2, value2);
-      if (this.#options.accessPropertiesByDotNotation) {
-        setProperty(store, key2, value2);
+};
+var handlers_default = Handlers;
+// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/retryify_queue.js
+var RetryfyQueue = class {
+  constructor() {
+    this.interval = 25;
+    this.intervalId = void 0;
+    this.limit = LIMIT_FILES_DESCRIPTORS;
+    this.queueActive = /* @__PURE__ */ new Set();
+    this.queueWaiting = /* @__PURE__ */ new Set();
+    this.init = () => {
+      if (this.intervalId)
+        return;
+      this.intervalId = setInterval(this.tick, this.interval);
+    };
+    this.reset = () => {
+      if (!this.intervalId)
+        return;
+      clearInterval(this.intervalId);
+      delete this.intervalId;
+    };
+    this.add = (fn) => {
+      this.queueWaiting.add(fn);
+      if (this.queueActive.size < this.limit / 2) {
+        this.tick();
       } else {
-        store[key2] = value2;
+        this.init();
       }
     };
-    if (typeof key === "object") {
-      const object = key;
-      for (const [key2, value2] of Object.entries(object)) {
-        set2(key2, value2);
+    this.remove = (fn) => {
+      this.queueWaiting.delete(fn);
+      this.queueActive.delete(fn);
+    };
+    this.schedule = () => {
+      return new Promise((resolve) => {
+        const cleanup = () => this.remove(resolver);
+        const resolver = () => resolve(cleanup);
+        this.add(resolver);
+      });
+    };
+    this.tick = () => {
+      if (this.queueActive.size >= this.limit)
+        return;
+      if (!this.queueWaiting.size)
+        return this.reset();
+      for (const fn of this.queueWaiting) {
+        if (this.queueActive.size >= this.limit)
+          break;
+        this.queueWaiting.delete(fn);
+        this.queueActive.add(fn);
+        fn();
       }
-    } else {
-      set2(key, value);
-    }
-    this.store = store;
-  }
-  /**
-      Check if an item exists.
-      @param key - The key of the item to check.
-      */
-  has(key) {
-    if (this.#options.accessPropertiesByDotNotation) {
-      return hasProperty(this.store, key);
-    }
-    return key in this.store;
+    };
   }
-  /**
-      Reset items to their default values, as defined by the `defaults` or `schema` option.
-      @see `clear()` to reset all items.
-      @param keys - The keys of the items to reset.
-      */
-  reset(...keys) {
-    for (const key of keys) {
-      if (isExist(this.#defaultValues[key])) {
-        this.set(key, this.#defaultValues[key]);
+};
+var retryify_queue_default = new RetryfyQueue();
+// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/retryify.js
+var retryifyAsync = (fn, isRetriableError) => {
+  return function retrified(timestamp) {
+    return function attempt(...args) {
+      return retryify_queue_default.schedule().then((cleanup) => {
+        const onResolve = (result) => {
+          cleanup();
+          return result;
+        };
+        const onReject = (error) => {
+          cleanup();
+          if (Date.now() >= timestamp)
+            throw error;
+          if (isRetriableError(error)) {
+            const delay = Math.round(100 * Math.random());
+            const delayPromise = new Promise((resolve) => setTimeout(resolve, delay));
+            return delayPromise.then(() => attempt.apply(void 0, args));
+          }
+          throw error;
+        };
+        return fn.apply(void 0, args).then(onResolve, onReject);
+      });
+    };
+  };
+};
+var retryifySync = (fn, isRetriableError) => {
+  return function retrified(timestamp) {
+    return function attempt(...args) {
+      try {
+        return fn.apply(void 0, args);
+      } catch (error) {
+        if (Date.now() > timestamp)
+          throw error;
+        if (isRetriableError(error))
+          return attempt.apply(void 0, args);
+        throw error;
       }
-    }
-  }
-  delete(key) {
-    const { store } = this;
-    if (this.#options.accessPropertiesByDotNotation) {
-      deleteProperty(store, key);
-    } else {
-      delete store[key];
-    }
-    this.store = store;
-  }
-  /**
-      Delete all items.
-      This resets known items to their default values, if defined by the `defaults` or `schema` option.
-      */
-  clear() {
-    this.store = createPlainObject();
-    for (const key of Object.keys(this.#defaultValues)) {
-      this.reset(key);
-    }
-  }
-  /**
-      Watches the given `key`, calling `callback` on any changes.
-      @param key - The key wo watch.
-      @param callback - A callback function that is called on any changes. When a `key` is first set `oldValue` will be `undefined`, and when a key is deleted `newValue` will be `undefined`.
-      @returns A function, that when called, will unsubscribe.
-      */
-  onDidChange(key, callback) {
-    if (typeof key !== "string") {
-      throw new TypeError(`Expected \`key\` to be of type \`string\`, got ${typeof key}`);
-    }
-    if (typeof callback !== "function") {
-      throw new TypeError(`Expected \`callback\` to be of type \`function\`, got ${typeof callback}`);
-    }
-    return this._handleChange(() => this.get(key), callback);
-  }
-  /**
-      Watches the whole config object, calling `callback` on any changes.
-      @param callback - A callback function that is called on any changes. When a `key` is first set `oldValue` will be `undefined`, and when a key is deleted `newValue` will be `undefined`.
-      @returns A function, that when called, will unsubscribe.
-      */
-  onDidAnyChange(callback) {
-    if (typeof callback !== "function") {
-      throw new TypeError(`Expected \`callback\` to be of type \`function\`, got ${typeof callback}`);
-    }
-    return this._handleChange(() => this.store, callback);
-  }
-  get size() {
-    return Object.keys(this.store).length;
+    };
+  };
+};
+// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/index.js
+var FS = {
+  attempt: {
+    /* ASYNC */
+    chmod: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.chmod), handlers_default.onChangeError),
+    chown: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.chown), handlers_default.onChangeError),
+    close: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.close), NOOP),
+    fsync: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.fsync), NOOP),
+    mkdir: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.mkdir), NOOP),
+    realpath: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.realpath), NOOP),
+    stat: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.stat), NOOP),
+    unlink: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.unlink), NOOP),
+    /* SYNC */
+    chmodSync: attemptifySync(import_node_fs.default.chmodSync, handlers_default.onChangeError),
+    chownSync: attemptifySync(import_node_fs.default.chownSync, handlers_default.onChangeError),
+    closeSync: attemptifySync(import_node_fs.default.closeSync, NOOP),
+    existsSync: attemptifySync(import_node_fs.default.existsSync, NOOP),
+    fsyncSync: attemptifySync(import_node_fs.default.fsync, NOOP),
+    mkdirSync: attemptifySync(import_node_fs.default.mkdirSync, NOOP),
+    realpathSync: attemptifySync(import_node_fs.default.realpathSync, NOOP),
+    statSync: attemptifySync(import_node_fs.default.statSync, NOOP),
+    unlinkSync: attemptifySync(import_node_fs.default.unlinkSync, NOOP)
+  },
+  retry: {
+    /* ASYNC */
+    close: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.close), handlers_default.isRetriableError),
+    fsync: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.fsync), handlers_default.isRetriableError),
+    open: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.open), handlers_default.isRetriableError),
+    readFile: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.readFile), handlers_default.isRetriableError),
+    rename: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.rename), handlers_default.isRetriableError),
+    stat: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.stat), handlers_default.isRetriableError),
+    write: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.write), handlers_default.isRetriableError),
+    writeFile: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.writeFile), handlers_default.isRetriableError),
+    /* SYNC */
+    closeSync: retryifySync(import_node_fs.default.closeSync, handlers_default.isRetriableError),
+    fsyncSync: retryifySync(import_node_fs.default.fsyncSync, handlers_default.isRetriableError),
+    openSync: retryifySync(import_node_fs.default.openSync, handlers_default.isRetriableError),
+    readFileSync: retryifySync(import_node_fs.default.readFileSync, handlers_default.isRetriableError),
+    renameSync: retryifySync(import_node_fs.default.renameSync, handlers_default.isRetriableError),
+    statSync: retryifySync(import_node_fs.default.statSync, handlers_default.isRetriableError),
+    writeSync: retryifySync(import_node_fs.default.writeSync, handlers_default.isRetriableError),
+    writeFileSync: retryifySync(import_node_fs.default.writeFileSync, handlers_default.isRetriableError)
   }
-  get store() {
-    try {
-      const data = import_node_fs2.default.readFileSync(this.path, this.#encryptionKey ? null : "utf8");
-      const dataString = this._encryptData(data);
-      const deserializedData = this._deserialize(dataString);
-      this._validate(deserializedData);
-      return Object.assign(createPlainObject(), deserializedData);
-    } catch (error) {
-      if (error?.code === "ENOENT") {
-        this._ensureDirectory();
-        return createPlainObject();
+};
+var dist_default = FS;
+// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/constants.js
+var import_node_os3 = __toESM(require("node:os"), 1);
+var import_node_process4 = __toESM(require("node:process"), 1);
+var DEFAULT_ENCODING = "utf8";
+var DEFAULT_FILE_MODE = 438;
+var DEFAULT_FOLDER_MODE = 511;
+var DEFAULT_WRITE_OPTIONS = {};
+var DEFAULT_USER_UID = import_node_os3.default.userInfo().uid;
+var DEFAULT_USER_GID = import_node_os3.default.userInfo().gid;
+var DEFAULT_TIMEOUT_SYNC = 1e3;
+var IS_POSIX = !!import_node_process4.default.getuid;
+var IS_USER_ROOT2 = import_node_process4.default.getuid ? !import_node_process4.default.getuid() : false;
+var LIMIT_BASENAME_LENGTH = 128;
+// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/utils/lang.js
+var isException = (value) => {
+  return value instanceof Error && "code" in value;
+};
+var isString = (value) => {
+  return typeof value === "string";
+};
+var isUndefined = (value) => {
+  return value === void 0;
+};
+// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/utils/temp.js
+var import_node_path2 = __toESM(require("node:path"), 1);
+// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/interceptor.js
+var import_node_process6 = __toESM(require("node:process"), 1);
+// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/constants.js
+var import_node_process5 = __toESM(require("node:process"), 1);
+var IS_LINUX = import_node_process5.default.platform === "linux";
+var IS_WINDOWS = import_node_process5.default.platform === "win32";
+// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/signals.js
+var Signals = ["SIGABRT", "SIGALRM", "SIGHUP", "SIGINT", "SIGTERM"];
+if (!IS_WINDOWS) {
+  Signals.push("SIGVTALRM", "SIGXCPU", "SIGXFSZ", "SIGUSR2", "SIGTRAP", "SIGSYS", "SIGQUIT", "SIGIOT");
+}
+if (IS_LINUX) {
+  Signals.push("SIGIO", "SIGPOLL", "SIGPWR", "SIGSTKFLT", "SIGUNUSED");
+}
+var signals_default = Signals;
+// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/interceptor.js
+var Interceptor = class {
+  /* CONSTRUCTOR */
+  constructor() {
+    this.callbacks = /* @__PURE__ */ new Set();
+    this.exited = false;
+    this.exit = (signal) => {
+      if (this.exited)
+        return;
+      this.exited = true;
+      for (const callback of this.callbacks) {
+        callback();
       }
-      if (this.#options.clearInvalidConfig && error.name === "SyntaxError") {
-        return createPlainObject();
+      if (signal) {
+        if (IS_WINDOWS && (signal !== "SIGINT" && signal !== "SIGTERM" && signal !== "SIGKILL")) {
+          import_node_process6.default.kill(import_node_process6.default.pid, "SIGTERM");
+        } else {
+          import_node_process6.default.kill(import_node_process6.default.pid, signal);
+        }
       }
-      throw error;
-    }
-  }
-  set store(value) {
-    this._ensureDirectory();
-    this._validate(value);
-    this._write(value);
-    this.events.dispatchEvent(new Event("change"));
-  }
-  *[Symbol.iterator]() {
-    for (const [key, value] of Object.entries(this.store)) {
-      yield [key, value];
-    }
-  }
-  _encryptData(data) {
-    if (!this.#encryptionKey) {
-      return typeof data === "string" ? data : uint8ArrayToString(data);
-    }
-    try {
-      const initializationVector = data.slice(0, 16);
-      const password = import_node_crypto2.default.pbkdf2Sync(this.#encryptionKey, initializationVector.toString(), 1e4, 32, "sha512");
-      const decipher = import_node_crypto2.default.createDecipheriv(encryptionAlgorithm, password, initializationVector);
-      const slice = data.slice(17);
-      const dataUpdate = typeof slice === "string" ? stringToUint8Array(slice) : slice;
-      return uint8ArrayToString(concatUint8Arrays([decipher.update(dataUpdate), decipher.final()]));
-    } catch {
-    }
-    return data.toString();
-  }
-  _handleChange(getter, callback) {
-    let currentValue = getter();
-    const onChange = () => {
-      const oldValue = currentValue;
-      const newValue = getter();
-      if ((0, import_node_util2.isDeepStrictEqual)(newValue, oldValue)) {
-        return;
+    };
+    this.hook = () => {
+      import_node_process6.default.once("exit", () => this.exit());
+      for (const signal of signals_default) {
+        import_node_process6.default.once(signal, () => this.exit(signal));
       }
-      currentValue = newValue;
-      callback.call(this, newValue, oldValue);
     };
-    this.events.addEventListener("change", onChange);
-    return () => {
-      this.events.removeEventListener("change", onChange);
+    this.register = (callback) => {
+      this.callbacks.add(callback);
+      return () => {
+        this.callbacks.delete(callback);
+      };
     };
+    this.hook();
   }
-  _deserialize = (value) => JSON.parse(value);
-  _serialize = (value) => JSON.stringify(value, void 0, "	");
-  _validate(data) {
-    if (!this.#validator) {
+};
+var interceptor_default = new Interceptor();
+// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/index.js
+var whenExit = interceptor_default.register;
+var node_default = whenExit;
+// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/utils/temp.js
+var Temp = {
+  /* VARIABLES */
+  store: {},
+  /* API */
+  create: (filePath) => {
+    const randomness = `000000${Math.floor(Math.random() * 16777215).toString(16)}`.slice(-6);
+    const timestamp = Date.now().toString().slice(-10);
+    const prefix = "tmp-";
+    const suffix = `.${prefix}${timestamp}${randomness}`;
+    const tempPath = `${filePath}${suffix}`;
+    return tempPath;
+  },
+  get: (filePath, creator, purge = true) => {
+    const tempPath = Temp.truncate(creator(filePath));
+    if (tempPath in Temp.store)
+      return Temp.get(filePath, creator, purge);
+    Temp.store[tempPath] = purge;
+    const disposer = () => delete Temp.store[tempPath];
+    return [tempPath, disposer];
+  },
+  purge: (filePath) => {
+    if (!Temp.store[filePath])
       return;
-    }
-    const valid = this.#validator(data);
-    if (valid || !this.#validator.errors) {
+    delete Temp.store[filePath];
+    dist_default.attempt.unlink(filePath);
+  },
+  purgeSync: (filePath) => {
+    if (!Temp.store[filePath])
       return;
+    delete Temp.store[filePath];
+    dist_default.attempt.unlinkSync(filePath);
+  },
+  purgeSyncAll: () => {
+    for (const filePath in Temp.store) {
+      Temp.purgeSync(filePath);
     }
-    const errors = this.#validator.errors.map(({ instancePath, message = "" }) => `\`${instancePath.slice(1)}\` ${message}`);
-    throw new Error("Config schema violation: " + errors.join("; "));
-  }
-  _ensureDirectory() {
-    import_node_fs2.default.mkdirSync(import_node_path4.default.dirname(this.path), { recursive: true });
+  },
+  truncate: (filePath) => {
+    const basename2 = import_node_path2.default.basename(filePath);
+    if (basename2.length <= LIMIT_BASENAME_LENGTH)
+      return filePath;
+    const truncable = /^(\.?)(.*?)((?:\.[^.]+)?(?:\.tmp-\d{10}[a-f0-9]{6})?)$/.exec(basename2);
+    if (!truncable)
+      return filePath;
+    const truncationLength = basename2.length - LIMIT_BASENAME_LENGTH;
+    return `${filePath.slice(0, -basename2.length)}${truncable[1]}${truncable[2].slice(0, -truncationLength)}${truncable[3]}`;
   }
-  _write(value) {
-    let data = this._serialize(value);
-    if (this.#encryptionKey) {
-      const initializationVector = import_node_crypto2.default.randomBytes(16);
-      const password = import_node_crypto2.default.pbkdf2Sync(this.#encryptionKey, initializationVector.toString(), 1e4, 32, "sha512");
-      const cipher = import_node_crypto2.default.createCipheriv(encryptionAlgorithm, password, initializationVector);
-      data = concatUint8Arrays([initializationVector, stringToUint8Array(":"), cipher.update(stringToUint8Array(data)), cipher.final()]);
-    }
-    if (import_node_process7.default.env.SNAP) {
-      import_node_fs2.default.writeFileSync(this.path, data, { mode: this.#options.configFileMode });
-    } else {
-      try {
-        writeFileSync(this.path, data, { mode: this.#options.configFileMode });
-      } catch (error) {
-        if (error?.code === "EXDEV") {
-          import_node_fs2.default.writeFileSync(this.path, data, { mode: this.#options.configFileMode });
-          return;
+};
+node_default(Temp.purgeSyncAll);
+var temp_default = Temp;
+// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/index.js
+function writeFileSync(filePath, data, options = DEFAULT_WRITE_OPTIONS) {
+  if (isString(options))
+    return writeFileSync(filePath, data, { encoding: options });
+  const timeout = Date.now() + ((options.timeout ?? DEFAULT_TIMEOUT_SYNC) || -1);
+  let tempDisposer = null;
+  let tempPath = null;
+  let fd = null;
+  try {
+    const filePathReal = dist_default.attempt.realpathSync(filePath);
+    const filePathExists = !!filePathReal;
+    filePath = filePathReal || filePath;
+    [tempPath, tempDisposer] = temp_default.get(filePath, options.tmpCreate || temp_default.create, !(options.tmpPurge === false));
+    const useStatChown = IS_POSIX && isUndefined(options.chown);
+    const useStatMode = isUndefined(options.mode);
+    if (filePathExists && (useStatChown || useStatMode)) {
+      const stats = dist_default.attempt.statSync(filePath);
+      if (stats) {
+        options = { ...options };
+        if (useStatChown) {
+          options.chown = { uid: stats.uid, gid: stats.gid };
         }
-        throw error;
-      }
-    }
-  }
-  _watch() {
-    this._ensureDirectory();
-    if (!import_node_fs2.default.existsSync(this.path)) {
-      this._write(createPlainObject());
-    }
-    if (import_node_process7.default.platform === "win32") {
-      import_node_fs2.default.watch(this.path, { persistent: false }, debounce_fn_default(() => {
-        this.events.dispatchEvent(new Event("change"));
-      }, { wait: 100 }));
-    } else {
-      import_node_fs2.default.watchFile(this.path, { persistent: false }, debounce_fn_default(() => {
-        this.events.dispatchEvent(new Event("change"));
-      }, { wait: 5e3 }));
-    }
-  }
-  _migrate(migrations, versionToMigrate, beforeEachMigration) {
-    let previousMigratedVersion = this._get(MIGRATION_KEY, "0.0.0");
-    const newerVersions = Object.keys(migrations).filter((candidateVersion) => this._shouldPerformMigration(candidateVersion, previousMigratedVersion, versionToMigrate));
-    let storeBackup = { ...this.store };
-    for (const version of newerVersions) {
-      try {
-        if (beforeEachMigration) {
-          beforeEachMigration(this, {
-            fromVersion: previousMigratedVersion,
-            toVersion: version,
-            finalVersion: versionToMigrate,
-            versions: newerVersions
-          });
+        if (useStatMode) {
+          options.mode = stats.mode;
         }
-        const migration = migrations[version];
-        migration?.(this);
-        this._set(MIGRATION_KEY, version);
-        previousMigratedVersion = version;
-        storeBackup = { ...this.store };
-      } catch (error) {
-        this.store = storeBackup;
-        throw new Error(`Something went wrong during the migration! Changes applied to the store until this failed migration will be restored. ${error}`);
       }
     }
-    if (this._isVersionInRangeFormat(previousMigratedVersion) || !import_semver.default.eq(previousMigratedVersion, versionToMigrate)) {
-      this._set(MIGRATION_KEY, versionToMigrate);
+    if (!filePathExists) {
+      const parentPath = import_node_path3.default.dirname(filePath);
+      dist_default.attempt.mkdirSync(parentPath, {
+        mode: DEFAULT_FOLDER_MODE,
+        recursive: true
+      });
     }
-  }
-  _containsReservedKey(key) {
-    if (typeof key === "object") {
-      const firsKey = Object.keys(key)[0];
-      if (firsKey === INTERNAL_KEY) {
-        return true;
-      }
+    fd = dist_default.retry.openSync(timeout)(tempPath, "w", options.mode || DEFAULT_FILE_MODE);
+    if (options.tmpCreated) {
+      options.tmpCreated(tempPath);
     }
-    if (typeof key !== "string") {
-      return false;
+    if (isString(data)) {
+      dist_default.retry.writeSync(timeout)(fd, data, 0, options.encoding || DEFAULT_ENCODING);
+    } else if (!isUndefined(data)) {
+      dist_default.retry.writeSync(timeout)(fd, data, 0, data.length, 0);
     }
-    if (this.#options.accessPropertiesByDotNotation) {
-      if (key.startsWith(`${INTERNAL_KEY}.`)) {
-        return true;
+    if (options.fsync !== false) {
+      if (options.fsyncWait !== false) {
+        dist_default.retry.fsyncSync(timeout)(fd);
+      } else {
+        dist_default.attempt.fsync(fd);
       }
-      return false;
     }
-    return false;
-  }
-  _isVersionInRangeFormat(version) {
-    return import_semver.default.clean(version) === null;
-  }
-  _shouldPerformMigration(candidateVersion, previousMigratedVersion, versionToMigrate) {
-    if (this._isVersionInRangeFormat(candidateVersion)) {
-      if (previousMigratedVersion !== "0.0.0" && import_semver.default.satisfies(previousMigratedVersion, candidateVersion)) {
-        return false;
-      }
-      return import_semver.default.satisfies(versionToMigrate, candidateVersion);
+    dist_default.retry.closeSync(timeout)(fd);
+    fd = null;
+    if (options.chown && (options.chown.uid !== DEFAULT_USER_UID || options.chown.gid !== DEFAULT_USER_GID)) {
+      dist_default.attempt.chownSync(tempPath, options.chown.uid, options.chown.gid);
     }
-    if (import_semver.default.lte(candidateVersion, previousMigratedVersion)) {
-      return false;
+    if (options.mode && options.mode !== DEFAULT_FILE_MODE) {
+      dist_default.attempt.chmodSync(tempPath, options.mode);
     }
-    if (import_semver.default.gt(candidateVersion, versionToMigrate)) {
-      return false;
+    try {
+      dist_default.retry.renameSync(timeout)(tempPath, filePath);
+    } catch (error) {
+      if (!isException(error))
+        throw error;
+      if (error.code !== "ENAMETOOLONG")
+        throw error;
+      dist_default.retry.renameSync(timeout)(tempPath, temp_default.truncate(filePath));
     }
-    return true;
-  }
-  _get(key, defaultValue) {
-    return getProperty(this.store, key, defaultValue);
-  }
-  _set(key, value) {
-    const { store } = this;
-    setProperty(store, key, value);
-    this.store = store;
+    tempDisposer();
+    tempPath = null;
+  } finally {
+    if (fd)
+      dist_default.attempt.closeSync(fd);
+    if (tempPath)
+      temp_default.purge(tempPath);
   }
-};
+}
-// packages/sdk/db.js
-var projectName = "autho";
-var DB = class {
-  constructor({ encryptionKey, name = "default", dataFolder }) {
-    this.encryptionKey = encryptionKey;
-    this.client = new Conf({
-      projectName,
-      encryptionKey,
-      configName: name,
-      cwd: dataFolder,
-      projectSuffix: ""
-    });
-  }
-  get(key, defaultValue) {
-    return this.client.get(key, defaultValue);
-  }
-  set(key, value) {
-    this.client.set(key, value);
-  }
-  clear() {
-    this.client.clear();
+// node_modules/.pnpm/conf@12.0.0/node_modules/conf/dist/source/index.js
+var import_ajv = __toESM(require_ajv(), 1);
+var import_ajv_formats = __toESM(require_dist(), 1);
+// node_modules/.pnpm/mimic-fn@4.0.0/node_modules/mimic-fn/index.js
+var copyProperty = (to, from3, property, ignoreNonConfigurable) => {
+  if (property === "length" || property === "prototype") {
+    return;
   }
-  store() {
-    return this.client.store;
+  if (property === "arguments" || property === "caller") {
+    return;
   }
-  path() {
-    return this.client.path;
+  const toDescriptor = Object.getOwnPropertyDescriptor(to, property);
+  const fromDescriptor = Object.getOwnPropertyDescriptor(from3, property);
+  if (!canCopyProperty(toDescriptor, fromDescriptor) && ignoreNonConfigurable) {
+    return;
   }
+  Object.defineProperty(to, property, fromDescriptor);
 };
-// packages/cli/app.js
-var App = class {
-  constructor(options = {}) {
-    this.encryptionKey = options.encryptionKey || config_default.masterPasswordHash;
-    this.dataFolder = options.dataFolder || config_default.dataFolder;
-    this.name = options.name || "default";
-    this.db = new DB({
-      encryptionKey: this.encryptionKey,
-      dataFolder: this.dataFolder,
-      name: this.name
-    });
-    this.secrets = new Secrets(this.db);
-  }
-  static async masterKey(masterPassword, masterPasswordHash) {
-    masterPassword = masterPassword || config_default.masterPassword;
-    if (masterPasswordHash) {
-      return masterPasswordHash;
-    } else if (!masterPassword) {
-      masterPassword = await ask({
-        name: "masterPassword",
-        message: "Password:",
-        type: "password",
-        required: true
-      });
-    }
-    masterPasswordHash = Cipher.hash(masterPassword);
-    return masterPasswordHash;
-  }
+var canCopyProperty = function(toDescriptor, fromDescriptor) {
+  return toDescriptor === void 0 || toDescriptor.configurable || toDescriptor.writable === fromDescriptor.writable && toDescriptor.enumerable === fromDescriptor.enumerable && toDescriptor.configurable === fromDescriptor.configurable && (toDescriptor.writable || toDescriptor.value === fromDescriptor.value);
 };
-// packages/cli/wizards/getEncryptionKey.js
-var wizard = async (confirm = false) => {
-  const questions = [
-    {
-      name: "password",
-      message: "password:",
-      type: "password",
-      required: true
-    }
-  ];
-  if (confirm) {
-    questions.push({
-      name: "confirmPassword",
-      message: "confirm password:",
-      type: "password",
-      required: true
-    });
-  }
-  const input = await prompt2(questions);
-  if (input.confirmPassword && input.password !== input.confirmPassword) {
-    throw new Error("Passwords do not match");
+var changePrototype = (to, from3) => {
+  const fromPrototype = Object.getPrototypeOf(from3);
+  if (fromPrototype === Object.getPrototypeOf(to)) {
+    return;
   }
-  return Cipher.hash(input.password);
+  Object.setPrototypeOf(to, fromPrototype);
 };
-var getEncryptionKey_default = wizard;
+var wrappedToString = (withName, fromBody) => `/* Wrapped ${withName}*/
+${fromBody}`;
+var toStringDescriptor = Object.getOwnPropertyDescriptor(Function.prototype, "toString");
+var toStringName = Object.getOwnPropertyDescriptor(Function.prototype.toString, "name");
+var changeToString = (to, from3, name) => {
+  const withName = name === "" ? "" : `with ${name.trim()}() `;
+  const newToString = wrappedToString.bind(null, withName, from3.toString());
+  Object.defineProperty(newToString, "name", toStringName);
+  Object.defineProperty(to, "toString", { ...toStringDescriptor, value: newToString });
+};
+function mimicFunction(to, from3, { ignoreNonConfigurable = false } = {}) {
+  const { name } = to;
+  for (const property of Reflect.ownKeys(from3)) {
+    copyProperty(to, from3, property, ignoreNonConfigurable);
+  }
+  changePrototype(to, from3);
+  changeToString(to, from3, name);
+  return to;
+}
-// packages/cli/wizards/createSecret.js
-var wizard2 = async (app) => {
-  const secrets = app.secrets;
-  const info = await prompt2([
-    {
-      name: "name",
-      message: "name:",
-      type: "input",
-      required: true
-    },
-    {
-      name: "type",
-      message: "type:",
-      type: "list",
-      default: "password",
-      choices: [
-        { name: "Password", value: "password" },
-        { name: "OTP", value: "otp" },
-        { name: "Note", value: "note" }
-      ],
-      required: true
-    },
-    {
-      name: "protected",
-      message: "protected:",
-      type: "confirm",
-      default: false,
-      required: true
-    }
-  ]);
-  let newSecret = { typeOptions: {} };
-  let encryptionKey = app.db.encryptionKey;
-  if (info.protected) {
-    encryptionKey = await getEncryptionKey_default(true);
+// node_modules/.pnpm/debounce-fn@5.1.2/node_modules/debounce-fn/index.js
+var debounceFn = (inputFunction, options = {}) => {
+  if (typeof inputFunction !== "function") {
+    throw new TypeError(`Expected the first argument to be a function, got \`${typeof inputFunction}\``);
   }
-  switch (info.type) {
-    case "password":
-      {
-        const password = await prompt2([
-          {
-            name: "url",
-            message: "url:",
-            type: "input",
-            required: false
-          },
-          {
-            name: "username",
-            message: "username:",
-            type: "input",
-            required: true
-          },
-          {
-            name: "value",
-            message: "password:",
-            type: "password",
-            required: true
-          }
-        ]);
-        newSecret = {
-          ...info,
-          value: password.value,
-          typeOptions: {
-            username: password.username,
-            url: password.url
-          }
-        };
+  const {
+    wait = 0,
+    maxWait = Number.POSITIVE_INFINITY,
+    before = false,
+    after = true
+  } = options;
+  if (!before && !after) {
+    throw new Error("Both `before` and `after` are false, function wouldn't be called.");
+  }
+  let timeout;
+  let maxTimeout;
+  let result;
+  const debouncedFunction = function(...arguments_) {
+    const context = this;
+    const later = () => {
+      timeout = void 0;
+      if (maxTimeout) {
+        clearTimeout(maxTimeout);
+        maxTimeout = void 0;
       }
-      break;
-    case "note":
-      {
-        const note = await prompt2([
-          {
-            name: "value",
-            message: "note:",
-            type: "password",
-            required: true
-          }
-        ]);
-        newSecret = {
-          ...info,
-          value: note.value,
-          typeOptions: {}
-        };
+      if (after) {
+        result = inputFunction.apply(context, arguments_);
       }
-      break;
-    case "otp":
-      {
-        const otp = await prompt2([
-          {
-            name: "username",
-            message: "username:",
-            type: "input",
-            required: true
-          },
-          {
-            name: "value",
-            message: "value:",
-            type: "password",
-            required: true
-          }
-        ]);
-        newSecret = {
-          ...info,
-          value: otp.value,
-          typeOptions: {
-            username: otp.username
-          }
-        };
+    };
+    const maxLater = () => {
+      maxTimeout = void 0;
+      if (timeout) {
+        clearTimeout(timeout);
+        timeout = void 0;
       }
-      break;
-  }
-  await secrets.add(newSecret, encryptionKey);
+      if (after) {
+        result = inputFunction.apply(context, arguments_);
+      }
+    };
+    const shouldCallNow = before && !timeout;
+    clearTimeout(timeout);
+    timeout = setTimeout(later, wait);
+    if (maxWait > 0 && maxWait !== Number.POSITIVE_INFINITY && !maxTimeout) {
+      maxTimeout = setTimeout(maxLater, maxWait);
+    }
+    if (shouldCallNow) {
+      result = inputFunction.apply(context, arguments_);
+    }
+    return result;
+  };
+  mimicFunction(debouncedFunction, inputFunction);
+  debouncedFunction.cancel = () => {
+    if (timeout) {
+      clearTimeout(timeout);
+      timeout = void 0;
+    }
+    if (maxTimeout) {
+      clearTimeout(maxTimeout);
+      maxTimeout = void 0;
+    }
+  };
+  return debouncedFunction;
 };
-var createSecret_default = wizard2;
+var debounce_fn_default = debounceFn;
-// packages/cli/wizards/getSecret.js
-var wizard3 = async (app) => {
-  const existingSecrets = app.db.get("secrets", []);
-  if (existingSecrets.length === 0) {
-    throw new Error("No secrets found");
+// node_modules/.pnpm/conf@12.0.0/node_modules/conf/dist/source/index.js
+var import_semver = __toESM(require_semver2(), 1);
+// node_modules/.pnpm/uint8array-extras@0.3.0/node_modules/uint8array-extras/index.js
+var objectToString = Object.prototype.toString;
+function isUint8Array(value) {
+  return value && objectToString.call(value) === "[object Uint8Array]";
+}
+function assertUint8Array(value) {
+  if (!isUint8Array(value)) {
+    throw new TypeError(`Expected \`Uint8Array\`, got \`${typeof value}\``);
   }
-  const choices = existingSecrets.map((secret2) => ({
-    value: secret2.id,
-    name: `${secret2.name} (${secret2.typeOptions.username || secret2.id})`
-  }));
-  const { id: secretId } = await prompt2({
-    name: "id",
-    message: "Secrets:",
-    type: "list",
-    choices,
-    required: true
-  });
-  const secret = await app.secrets.get(secretId);
-  if (!secret) {
-    throw new Error("Secret not found");
+}
+function concatUint8Arrays(arrays, totalLength) {
+  if (arrays.length === 0) {
+    return new Uint8Array(0);
   }
-  return secret;
-};
-var getSecret_default = wizard3;
+  totalLength ??= arrays.reduce((accumulator, currentValue) => accumulator + currentValue.length, 0);
+  const returnValue = new Uint8Array(totalLength);
+  let offset = 0;
+  for (const array of arrays) {
+    assertUint8Array(array);
+    returnValue.set(array, offset);
+    offset += array.length;
+  }
+  return returnValue;
+}
+function uint8ArrayToString(array) {
+  assertUint8Array(array);
+  return new globalThis.TextDecoder().decode(array);
+}
+function assertString(value) {
+  if (typeof value !== "string") {
+    throw new TypeError(`Expected \`string\`, got \`${typeof value}\``);
+  }
+}
+function stringToUint8Array(string) {
+  assertString(string);
+  return new globalThis.TextEncoder().encode(string);
+}
+var byteToHexLookupTable = Array.from({ length: 256 }, (_3, index) => index.toString(16).padStart(2, "0"));
-// node_modules/.pnpm/otpauth@9.2.3/node_modules/otpauth/dist/otpauth.node.mjs
-var crypto3 = __toESM(require("node:crypto"), 1);
-var uintToBuf = (num) => {
-  const buf = new ArrayBuffer(8);
-  const arr = new Uint8Array(buf);
-  let acc = num;
-  for (let i = 7; i >= 0; i--) {
-    if (acc === 0)
-      break;
-    arr[i] = acc & 255;
-    acc -= arr[i];
-    acc /= 256;
+// node_modules/.pnpm/conf@12.0.0/node_modules/conf/dist/source/index.js
+var Ajv = import_ajv.default.default;
+var ajvFormats = import_ajv_formats.default.default;
+var encryptionAlgorithm = "aes-256-cbc";
+var createPlainObject = () => /* @__PURE__ */ Object.create(null);
+var isExist = (data) => data !== void 0 && data !== null;
+var checkValueType = (key, value) => {
+  const nonJsonTypes = /* @__PURE__ */ new Set([
+    "undefined",
+    "symbol",
+    "function"
+  ]);
+  const type = typeof value;
+  if (nonJsonTypes.has(type)) {
+    throw new TypeError(`Setting a value of type \`${type}\` for key \`${key}\` is not allowed as it's not supported by JSON`);
   }
-  return buf;
 };
-var jsSHA = void 0;
-var globalScope = (() => {
-  if (typeof globalThis === "object")
-    return globalThis;
-  else {
-    Object.defineProperty(Object.prototype, "__GLOBALTHIS__", {
-      get() {
-        return this;
-      },
-      configurable: true
-    });
-    try {
-      if (typeof __GLOBALTHIS__ !== "undefined")
-        return __GLOBALTHIS__;
-    } finally {
-      delete Object.prototype.__GLOBALTHIS__;
+var INTERNAL_KEY = "__internal__";
+var MIGRATION_KEY = `${INTERNAL_KEY}.migrations.version`;
+var Conf = class {
+  path;
+  events;
+  #validator;
+  #encryptionKey;
+  #options;
+  #defaultValues = {};
+  constructor(partialOptions = {}) {
+    const options = {
+      configName: "config",
+      fileExtension: "json",
+      projectSuffix: "nodejs",
+      clearInvalidConfig: false,
+      accessPropertiesByDotNotation: true,
+      configFileMode: 438,
+      ...partialOptions
+    };
+    if (!options.cwd) {
+      if (!options.projectName) {
+        throw new Error("Please specify the `projectName` option.");
+      }
+      options.cwd = envPaths(options.projectName, { suffix: options.projectSuffix }).config;
     }
-  }
-  if (typeof self !== "undefined")
-    return self;
-  else if (typeof window !== "undefined")
-    return window;
-  else if (typeof global !== "undefined")
-    return global;
-  return void 0;
-})();
-var OPENSSL_JSSHA_ALGO_MAP = {
-  SHA1: "SHA-1",
-  SHA224: "SHA-224",
-  SHA256: "SHA-256",
-  SHA384: "SHA-384",
-  SHA512: "SHA-512",
-  "SHA3-224": "SHA3-224",
-  "SHA3-256": "SHA3-256",
-  "SHA3-384": "SHA3-384",
-  "SHA3-512": "SHA3-512"
-};
-var hmacDigest = (algorithm, key, message) => {
-  if (crypto3?.createHmac) {
-    const hmac = crypto3.createHmac(algorithm, globalScope.Buffer.from(key));
-    hmac.update(globalScope.Buffer.from(message));
-    return hmac.digest().buffer;
-  } else {
-    const variant = OPENSSL_JSSHA_ALGO_MAP[algorithm.toUpperCase()];
-    if (typeof variant === "undefined") {
-      throw new TypeError("Unknown hash function");
+    this.#options = options;
+    if (options.schema) {
+      if (typeof options.schema !== "object") {
+        throw new TypeError("The `schema` option must be an object.");
+      }
+      const ajv = new Ajv({
+        allErrors: true,
+        useDefaults: true
+      });
+      ajvFormats(ajv);
+      const schema = {
+        type: "object",
+        properties: options.schema
+      };
+      this.#validator = ajv.compile(schema);
+      for (const [key, value] of Object.entries(options.schema)) {
+        if (value?.default) {
+          this.#defaultValues[key] = value.default;
+        }
+      }
+    }
+    if (options.defaults) {
+      this.#defaultValues = {
+        ...this.#defaultValues,
+        ...options.defaults
+      };
+    }
+    if (options.serialize) {
+      this._serialize = options.serialize;
+    }
+    if (options.deserialize) {
+      this._deserialize = options.deserialize;
+    }
+    this.events = new EventTarget();
+    this.#encryptionKey = options.encryptionKey;
+    const fileExtension = options.fileExtension ? `.${options.fileExtension}` : "";
+    this.path = import_node_path4.default.resolve(options.cwd, `${options.configName ?? "config"}${fileExtension}`);
+    const fileStore = this.store;
+    const store = Object.assign(createPlainObject(), options.defaults, fileStore);
+    this._validate(store);
+    try {
+      import_node_assert2.default.deepEqual(fileStore, store);
+    } catch {
+      this.store = store;
     }
-    const hmac = new jsSHA(variant, "ARRAYBUFFER");
-    hmac.setHMACKey(key, "ARRAYBUFFER");
-    hmac.update(message);
-    return hmac.getHMAC("ARRAYBUFFER");
-  }
-};
-var ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
-var base32ToBuf = (str) => {
-  let end = str.length;
-  while (str[end - 1] === "=")
-    --end;
-  const cstr = (end < str.length ? str.substring(0, end) : str).toUpperCase();
-  const buf = new ArrayBuffer(cstr.length * 5 / 8 | 0);
-  const arr = new Uint8Array(buf);
-  let bits = 0;
-  let value = 0;
-  let index = 0;
-  for (let i = 0; i < cstr.length; i++) {
-    const idx = ALPHABET.indexOf(cstr[i]);
-    if (idx === -1)
-      throw new TypeError(`Invalid character found: ${cstr[i]}`);
-    value = value << 5 | idx;
-    bits += 5;
-    if (bits >= 8) {
-      bits -= 8;
-      arr[index++] = value >>> bits;
+    if (options.watch) {
+      this._watch();
     }
-  }
-  return buf;
-};
-var base32FromBuf = (buf) => {
-  const arr = new Uint8Array(buf);
-  let bits = 0;
-  let value = 0;
-  let str = "";
-  for (let i = 0; i < arr.length; i++) {
-    value = value << 8 | arr[i];
-    bits += 8;
-    while (bits >= 5) {
-      str += ALPHABET[value >>> bits - 5 & 31];
-      bits -= 5;
+    if (options.migrations) {
+      if (!options.projectVersion) {
+        throw new Error("Please specify the `projectVersion` option.");
+      }
+      this._migrate(options.migrations, options.projectVersion, options.beforeEachMigration);
     }
   }
-  if (bits > 0) {
-    str += ALPHABET[value << 5 - bits & 31];
-  }
-  return str;
-};
-var hexToBuf = (str) => {
-  const buf = new ArrayBuffer(str.length / 2);
-  const arr = new Uint8Array(buf);
-  for (let i = 0; i < str.length; i += 2) {
-    arr[i / 2] = parseInt(str.substring(i, i + 2), 16);
-  }
-  return buf;
-};
-var hexFromBuf = (buf) => {
-  const arr = new Uint8Array(buf);
-  let str = "";
-  for (let i = 0; i < arr.length; i++) {
-    const hex = arr[i].toString(16);
-    if (hex.length === 1)
-      str += "0";
-    str += hex;
-  }
-  return str.toUpperCase();
-};
-var latin1ToBuf = (str) => {
-  const buf = new ArrayBuffer(str.length);
-  const arr = new Uint8Array(buf);
-  for (let i = 0; i < str.length; i++) {
-    arr[i] = str.charCodeAt(i) & 255;
+  get(key, defaultValue) {
+    if (this.#options.accessPropertiesByDotNotation) {
+      return this._get(key, defaultValue);
+    }
+    const { store } = this;
+    return key in store ? store[key] : defaultValue;
   }
-  return buf;
-};
-var latin1FromBuf = (buf) => {
-  const arr = new Uint8Array(buf);
-  let str = "";
-  for (let i = 0; i < arr.length; i++) {
-    str += String.fromCharCode(arr[i]);
+  set(key, value) {
+    if (typeof key !== "string" && typeof key !== "object") {
+      throw new TypeError(`Expected \`key\` to be of type \`string\` or \`object\`, got ${typeof key}`);
+    }
+    if (typeof key !== "object" && value === void 0) {
+      throw new TypeError("Use `delete()` to clear values");
+    }
+    if (this._containsReservedKey(key)) {
+      throw new TypeError(`Please don't use the ${INTERNAL_KEY} key, as it's used to manage this module internal operations.`);
+    }
+    const { store } = this;
+    const set2 = (key2, value2) => {
+      checkValueType(key2, value2);
+      if (this.#options.accessPropertiesByDotNotation) {
+        setProperty(store, key2, value2);
+      } else {
+        store[key2] = value2;
+      }
+    };
+    if (typeof key === "object") {
+      const object = key;
+      for (const [key2, value2] of Object.entries(object)) {
+        set2(key2, value2);
+      }
+    } else {
+      set2(key, value);
+    }
+    this.store = store;
   }
-  return str;
-};
-var ENCODER = globalScope.TextEncoder ? new globalScope.TextEncoder("utf-8") : null;
-var DECODER = globalScope.TextDecoder ? new globalScope.TextDecoder("utf-8") : null;
-var utf8ToBuf = (str) => {
-  if (!ENCODER) {
-    throw new Error("Encoding API not available");
+  /**
+      Check if an item exists.
+      @param key - The key of the item to check.
+      */
+  has(key) {
+    if (this.#options.accessPropertiesByDotNotation) {
+      return hasProperty(this.store, key);
+    }
+    return key in this.store;
   }
-  return ENCODER.encode(str).buffer;
-};
-var utf8FromBuf = (buf) => {
-  if (!DECODER) {
-    throw new Error("Encoding API not available");
+  /**
+      Reset items to their default values, as defined by the `defaults` or `schema` option.
+      @see `clear()` to reset all items.
+      @param keys - The keys of the items to reset.
+      */
+  reset(...keys) {
+    for (const key of keys) {
+      if (isExist(this.#defaultValues[key])) {
+        this.set(key, this.#defaultValues[key]);
+      }
+    }
   }
-  return DECODER.decode(buf);
-};
-var randomBytes2 = (size) => {
-  if (crypto3?.randomBytes) {
-    return crypto3.randomBytes(size).buffer;
-  } else {
-    if (!globalScope.crypto?.getRandomValues) {
-      throw new Error("Cryptography API not available");
+  delete(key) {
+    const { store } = this;
+    if (this.#options.accessPropertiesByDotNotation) {
+      deleteProperty(store, key);
+    } else {
+      delete store[key];
     }
-    return globalScope.crypto.getRandomValues(new Uint8Array(size)).buffer;
+    this.store = store;
   }
-};
-var Secret = class _Secret {
   /**
-   * Creates a secret key object.
-   * @param {Object} [config] Configuration options.
-   * @param {ArrayBuffer} [config.buffer=randomBytes] Secret key.
-   * @param {number} [config.size=20] Number of random bytes to generate, ignored if 'buffer' is provided.
-   */
-  constructor({
-    buffer,
-    size = 20
-  } = {}) {
-    this.buffer = typeof buffer === "undefined" ? randomBytes2(size) : buffer;
+      Delete all items.
+      This resets known items to their default values, if defined by the `defaults` or `schema` option.
+      */
+  clear() {
+    this.store = createPlainObject();
+    for (const key of Object.keys(this.#defaultValues)) {
+      this.reset(key);
+    }
   }
   /**
-   * Converts a Latin-1 string to a Secret object.
-   * @param {string} str Latin-1 string.
-   * @returns {Secret} Secret object.
-   */
-  static fromLatin1(str) {
-    return new _Secret({
-      buffer: latin1ToBuf(str)
-    });
+      Watches the given `key`, calling `callback` on any changes.
+      @param key - The key wo watch.
+      @param callback - A callback function that is called on any changes. When a `key` is first set `oldValue` will be `undefined`, and when a key is deleted `newValue` will be `undefined`.
+      @returns A function, that when called, will unsubscribe.
+      */
+  onDidChange(key, callback) {
+    if (typeof key !== "string") {
+      throw new TypeError(`Expected \`key\` to be of type \`string\`, got ${typeof key}`);
+    }
+    if (typeof callback !== "function") {
+      throw new TypeError(`Expected \`callback\` to be of type \`function\`, got ${typeof callback}`);
+    }
+    return this._handleChange(() => this.get(key), callback);
   }
   /**
-   * Converts an UTF-8 string to a Secret object.
-   * @param {string} str UTF-8 string.
-   * @returns {Secret} Secret object.
-   */
-  static fromUTF8(str) {
-    return new _Secret({
-      buffer: utf8ToBuf(str)
-    });
+      Watches the whole config object, calling `callback` on any changes.
+      @param callback - A callback function that is called on any changes. When a `key` is first set `oldValue` will be `undefined`, and when a key is deleted `newValue` will be `undefined`.
+      @returns A function, that when called, will unsubscribe.
+      */
+  onDidAnyChange(callback) {
+    if (typeof callback !== "function") {
+      throw new TypeError(`Expected \`callback\` to be of type \`function\`, got ${typeof callback}`);
+    }
+    return this._handleChange(() => this.store, callback);
   }
-  /**
-   * Converts a base32 string to a Secret object.
-   * @param {string} str Base32 string.
-   * @returns {Secret} Secret object.
-   */
-  static fromBase32(str) {
-    return new _Secret({
-      buffer: base32ToBuf(str)
-    });
+  get size() {
+    return Object.keys(this.store).length;
+  }
+  get store() {
+    try {
+      const data = import_node_fs2.default.readFileSync(this.path, this.#encryptionKey ? null : "utf8");
+      const dataString = this._encryptData(data);
+      const deserializedData = this._deserialize(dataString);
+      this._validate(deserializedData);
+      return Object.assign(createPlainObject(), deserializedData);
+    } catch (error) {
+      if (error?.code === "ENOENT") {
+        this._ensureDirectory();
+        return createPlainObject();
+      }
+      if (this.#options.clearInvalidConfig && error.name === "SyntaxError") {
+        return createPlainObject();
+      }
+      throw error;
+    }
   }
-  /**
-   * Converts a hexadecimal string to a Secret object.
-   * @param {string} str Hexadecimal string.
-   * @returns {Secret} Secret object.
-   */
-  static fromHex(str) {
-    return new _Secret({
-      buffer: hexToBuf(str)
-    });
+  set store(value) {
+    this._ensureDirectory();
+    this._validate(value);
+    this._write(value);
+    this.events.dispatchEvent(new Event("change"));
   }
-  /**
-   * Latin-1 string representation of secret key.
-   * @type {string}
-   */
-  get latin1() {
-    Object.defineProperty(this, "latin1", {
-      enumerable: true,
-      value: latin1FromBuf(this.buffer)
-    });
-    return this.latin1;
+  *[Symbol.iterator]() {
+    for (const [key, value] of Object.entries(this.store)) {
+      yield [key, value];
+    }
   }
-  /**
-   * UTF-8 string representation of secret key.
-   * @type {string}
-   */
-  get utf8() {
-    Object.defineProperty(this, "utf8", {
-      enumerable: true,
-      value: utf8FromBuf(this.buffer)
-    });
-    return this.utf8;
+  _encryptData(data) {
+    if (!this.#encryptionKey) {
+      return typeof data === "string" ? data : uint8ArrayToString(data);
+    }
+    try {
+      const initializationVector = data.slice(0, 16);
+      const password = import_node_crypto2.default.pbkdf2Sync(this.#encryptionKey, initializationVector.toString(), 1e4, 32, "sha512");
+      const decipher = import_node_crypto2.default.createDecipheriv(encryptionAlgorithm, password, initializationVector);
+      const slice = data.slice(17);
+      const dataUpdate = typeof slice === "string" ? stringToUint8Array(slice) : slice;
+      return uint8ArrayToString(concatUint8Arrays([decipher.update(dataUpdate), decipher.final()]));
+    } catch {
+    }
+    return data.toString();
   }
-  /**
-   * Base32 string representation of secret key.
-   * @type {string}
-   */
-  get base32() {
-    Object.defineProperty(this, "base32", {
-      enumerable: true,
-      value: base32FromBuf(this.buffer)
-    });
-    return this.base32;
+  _handleChange(getter, callback) {
+    let currentValue = getter();
+    const onChange = () => {
+      const oldValue = currentValue;
+      const newValue = getter();
+      if ((0, import_node_util2.isDeepStrictEqual)(newValue, oldValue)) {
+        return;
+      }
+      currentValue = newValue;
+      callback.call(this, newValue, oldValue);
+    };
+    this.events.addEventListener("change", onChange);
+    return () => {
+      this.events.removeEventListener("change", onChange);
+    };
   }
-  /**
-   * Hexadecimal string representation of secret key.
-   * @type {string}
-   */
-  get hex() {
-    Object.defineProperty(this, "hex", {
-      enumerable: true,
-      value: hexFromBuf(this.buffer)
-    });
-    return this.hex;
+  _deserialize = (value) => JSON.parse(value);
+  _serialize = (value) => JSON.stringify(value, void 0, "	");
+  _validate(data) {
+    if (!this.#validator) {
+      return;
+    }
+    const valid = this.#validator(data);
+    if (valid || !this.#validator.errors) {
+      return;
+    }
+    const errors = this.#validator.errors.map(({ instancePath, message = "" }) => `\`${instancePath.slice(1)}\` ${message}`);
+    throw new Error("Config schema violation: " + errors.join("; "));
   }
-};
-var timingSafeEqual2 = (a, b) => {
-  if (crypto3?.timingSafeEqual) {
-    return crypto3.timingSafeEqual(globalScope.Buffer.from(a), globalScope.Buffer.from(b));
-  } else {
-    if (a.length !== b.length) {
-      throw new TypeError("Input strings must have the same length");
+  _ensureDirectory() {
+    import_node_fs2.default.mkdirSync(import_node_path4.default.dirname(this.path), { recursive: true });
+  }
+  _write(value) {
+    let data = this._serialize(value);
+    if (this.#encryptionKey) {
+      const initializationVector = import_node_crypto2.default.randomBytes(16);
+      const password = import_node_crypto2.default.pbkdf2Sync(this.#encryptionKey, initializationVector.toString(), 1e4, 32, "sha512");
+      const cipher = import_node_crypto2.default.createCipheriv(encryptionAlgorithm, password, initializationVector);
+      data = concatUint8Arrays([initializationVector, stringToUint8Array(":"), cipher.update(stringToUint8Array(data)), cipher.final()]);
     }
-    let i = -1;
-    let out = 0;
-    while (++i < a.length) {
-      out |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    if (import_node_process7.default.env.SNAP) {
+      import_node_fs2.default.writeFileSync(this.path, data, { mode: this.#options.configFileMode });
+    } else {
+      try {
+        writeFileSync(this.path, data, { mode: this.#options.configFileMode });
+      } catch (error) {
+        if (error?.code === "EXDEV") {
+          import_node_fs2.default.writeFileSync(this.path, data, { mode: this.#options.configFileMode });
+          return;
+        }
+        throw error;
+      }
     }
-    return out === 0;
   }
-};
-var HOTP = class _HOTP {
-  /**
-   * Default configuration.
-   * @type {{
-   *   issuer: string,
-   *   label: string,
-   *   issuerInLabel: boolean,
-   *   algorithm: string,
-   *   digits: number,
-   *   counter: number
-   *   window: number
-   * }}
-   */
-  static get defaults() {
-    return {
-      issuer: "",
-      label: "OTPAuth",
-      issuerInLabel: true,
-      algorithm: "SHA1",
-      digits: 6,
-      counter: 0,
-      window: 1
-    };
+  _watch() {
+    this._ensureDirectory();
+    if (!import_node_fs2.default.existsSync(this.path)) {
+      this._write(createPlainObject());
+    }
+    if (import_node_process7.default.platform === "win32") {
+      import_node_fs2.default.watch(this.path, { persistent: false }, debounce_fn_default(() => {
+        this.events.dispatchEvent(new Event("change"));
+      }, { wait: 100 }));
+    } else {
+      import_node_fs2.default.watchFile(this.path, { persistent: false }, debounce_fn_default(() => {
+        this.events.dispatchEvent(new Event("change"));
+      }, { wait: 5e3 }));
+    }
   }
-  /**
-   * Creates an HOTP object.
-   * @param {Object} [config] Configuration options.
-   * @param {string} [config.issuer=''] Account provider.
-   * @param {string} [config.label='OTPAuth'] Account label.
-   * @param {boolean} [config.issuerInLabel=true] Include issuer prefix in label.
-   * @param {Secret|string} [config.secret=Secret] Secret key.
-   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
-   * @param {number} [config.digits=6] Token length.
-   * @param {number} [config.counter=0] Initial counter value.
-   */
-  constructor({
-    issuer = _HOTP.defaults.issuer,
-    label = _HOTP.defaults.label,
-    issuerInLabel = _HOTP.defaults.issuerInLabel,
-    secret = new Secret(),
-    algorithm = _HOTP.defaults.algorithm,
-    digits: digits2 = _HOTP.defaults.digits,
-    counter = _HOTP.defaults.counter
-  } = {}) {
-    this.issuer = issuer;
-    this.label = label;
-    this.issuerInLabel = issuerInLabel;
-    this.secret = typeof secret === "string" ? Secret.fromBase32(secret) : secret;
-    this.algorithm = algorithm.toUpperCase();
-    this.digits = digits2;
-    this.counter = counter;
+  _migrate(migrations, versionToMigrate, beforeEachMigration) {
+    let previousMigratedVersion = this._get(MIGRATION_KEY, "0.0.0");
+    const newerVersions = Object.keys(migrations).filter((candidateVersion) => this._shouldPerformMigration(candidateVersion, previousMigratedVersion, versionToMigrate));
+    let storeBackup = { ...this.store };
+    for (const version of newerVersions) {
+      try {
+        if (beforeEachMigration) {
+          beforeEachMigration(this, {
+            fromVersion: previousMigratedVersion,
+            toVersion: version,
+            finalVersion: versionToMigrate,
+            versions: newerVersions
+          });
+        }
+        const migration = migrations[version];
+        migration?.(this);
+        this._set(MIGRATION_KEY, version);
+        previousMigratedVersion = version;
+        storeBackup = { ...this.store };
+      } catch (error) {
+        this.store = storeBackup;
+        throw new Error(`Something went wrong during the migration! Changes applied to the store until this failed migration will be restored. ${error}`);
+      }
+    }
+    if (this._isVersionInRangeFormat(previousMigratedVersion) || !import_semver.default.eq(previousMigratedVersion, versionToMigrate)) {
+      this._set(MIGRATION_KEY, versionToMigrate);
+    }
   }
-  /**
-   * Generates an HOTP token.
-   * @param {Object} config Configuration options.
-   * @param {Secret} config.secret Secret key.
-   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
-   * @param {number} [config.digits=6] Token length.
-   * @param {number} [config.counter=0] Counter value.
-   * @returns {string} Token.
-   */
-  static generate({
-    secret,
-    algorithm = _HOTP.defaults.algorithm,
-    digits: digits2 = _HOTP.defaults.digits,
-    counter = _HOTP.defaults.counter
-  }) {
-    const digest = new Uint8Array(hmacDigest(algorithm, secret.buffer, uintToBuf(counter)));
-    const offset = digest[digest.byteLength - 1] & 15;
-    const otp = ((digest[offset] & 127) << 24 | (digest[offset + 1] & 255) << 16 | (digest[offset + 2] & 255) << 8 | digest[offset + 3] & 255) % 10 ** digits2;
-    return otp.toString().padStart(digits2, "0");
+  _containsReservedKey(key) {
+    if (typeof key === "object") {
+      const firsKey = Object.keys(key)[0];
+      if (firsKey === INTERNAL_KEY) {
+        return true;
+      }
+    }
+    if (typeof key !== "string") {
+      return false;
+    }
+    if (this.#options.accessPropertiesByDotNotation) {
+      if (key.startsWith(`${INTERNAL_KEY}.`)) {
+        return true;
+      }
+      return false;
+    }
+    return false;
   }
-  /**
-   * Generates an HOTP token.
-   * @param {Object} [config] Configuration options.
-   * @param {number} [config.counter=this.counter++] Counter value.
-   * @returns {string} Token.
-   */
-  generate({
-    counter = this.counter++
-  } = {}) {
-    return _HOTP.generate({
-      secret: this.secret,
-      algorithm: this.algorithm,
-      digits: this.digits,
-      counter
-    });
+  _isVersionInRangeFormat(version) {
+    return import_semver.default.clean(version) === null;
   }
-  /**
-   * Validates an HOTP token.
-   * @param {Object} config Configuration options.
-   * @param {string} config.token Token value.
-   * @param {Secret} config.secret Secret key.
-   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
-   * @param {number} config.digits Token length.
-   * @param {number} [config.counter=0] Counter value.
-   * @param {number} [config.window=1] Window of counter values to test.
-   * @returns {number|null} Token delta or null if it is not found in the search window, in which case it should be considered invalid.
-   */
-  static validate({
-    token,
-    secret,
-    algorithm,
-    digits: digits2,
-    counter = _HOTP.defaults.counter,
-    window: window2 = _HOTP.defaults.window
-  }) {
-    if (token.length !== digits2)
-      return null;
-    let delta = null;
-    for (let i = counter - window2; i <= counter + window2; ++i) {
-      const generatedToken = _HOTP.generate({
-        secret,
-        algorithm,
-        digits: digits2,
-        counter: i
-      });
-      if (timingSafeEqual2(token, generatedToken)) {
-        delta = i - counter;
+  _shouldPerformMigration(candidateVersion, previousMigratedVersion, versionToMigrate) {
+    if (this._isVersionInRangeFormat(candidateVersion)) {
+      if (previousMigratedVersion !== "0.0.0" && import_semver.default.satisfies(previousMigratedVersion, candidateVersion)) {
+        return false;
       }
+      return import_semver.default.satisfies(versionToMigrate, candidateVersion);
     }
-    return delta;
+    if (import_semver.default.lte(candidateVersion, previousMigratedVersion)) {
+      return false;
+    }
+    if (import_semver.default.gt(candidateVersion, versionToMigrate)) {
+      return false;
+    }
+    return true;
   }
-  /**
-   * Validates an HOTP token.
-   * @param {Object} config Configuration options.
-   * @param {string} config.token Token value.
-   * @param {number} [config.counter=this.counter] Counter value.
-   * @param {number} [config.window=1] Window of counter values to test.
-   * @returns {number|null} Token delta or null if it is not found in the search window, in which case it should be considered invalid.
-   */
-  validate({
-    token,
-    counter = this.counter,
-    window: window2
-  }) {
-    return _HOTP.validate({
-      token,
-      secret: this.secret,
-      algorithm: this.algorithm,
-      digits: this.digits,
-      counter,
-      window: window2
-    });
+  _get(key, defaultValue) {
+    return getProperty(this.store, key, defaultValue);
   }
-  /**
-   * Returns a Google Authenticator key URI.
-   * @returns {string} URI.
-   */
-  toString() {
-    const e = encodeURIComponent;
-    return `otpauth://hotp/${this.issuer.length > 0 ? this.issuerInLabel ? `${e(this.issuer)}:${e(this.label)}?issuer=${e(this.issuer)}&` : `${e(this.label)}?issuer=${e(this.issuer)}&` : `${e(this.label)}?`}secret=${e(this.secret.base32)}&algorithm=${e(this.algorithm)}&digits=${e(this.digits)}&counter=${e(this.counter)}`;
+  _set(key, value) {
+    const { store } = this;
+    setProperty(store, key, value);
+    this.store = store;
   }
 };
-var TOTP = class _TOTP {
-  /**
-   * Default configuration.
-   * @type {{
-   *   issuer: string,
-   *   label: string,
-   *   issuerInLabel: boolean,
-   *   algorithm: string,
-   *   digits: number,
-   *   period: number
-   *   window: number
-   * }}
-   */
-  static get defaults() {
-    return {
-      issuer: "",
-      label: "OTPAuth",
-      issuerInLabel: true,
-      algorithm: "SHA1",
-      digits: 6,
-      period: 30,
-      window: 1
-    };
+// packages/sdk/db.js
+var projectName = "autho";
+var DB = class {
+  constructor({ encryptionKey, name = "default", dataFolder }) {
+    this.encryptionKey = encryptionKey;
+    this.client = new Conf({
+      projectName,
+      encryptionKey,
+      configName: name,
+      cwd: dataFolder,
+      projectSuffix: ""
+    });
   }
-  /**
-   * Creates a TOTP object.
-   * @param {Object} [config] Configuration options.
-   * @param {string} [config.issuer=''] Account provider.
-   * @param {string} [config.label='OTPAuth'] Account label.
-   * @param {boolean} [config.issuerInLabel=true] Include issuer prefix in label.
-   * @param {Secret|string} [config.secret=Secret] Secret key.
-   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
-   * @param {number} [config.digits=6] Token length.
-   * @param {number} [config.period=30] Token time-step duration.
-   */
-  constructor({
-    issuer = _TOTP.defaults.issuer,
-    label = _TOTP.defaults.label,
-    issuerInLabel = _TOTP.defaults.issuerInLabel,
-    secret = new Secret(),
-    algorithm = _TOTP.defaults.algorithm,
-    digits: digits2 = _TOTP.defaults.digits,
-    period = _TOTP.defaults.period
-  } = {}) {
-    this.issuer = issuer;
-    this.label = label;
-    this.issuerInLabel = issuerInLabel;
-    this.secret = typeof secret === "string" ? Secret.fromBase32(secret) : secret;
-    this.algorithm = algorithm.toUpperCase();
-    this.digits = digits2;
-    this.period = period;
+  get(key, defaultValue) {
+    return this.client.get(key, defaultValue);
   }
-  /**
-   * Generates a TOTP token.
-   * @param {Object} config Configuration options.
-   * @param {Secret} config.secret Secret key.
-   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
-   * @param {number} [config.digits=6] Token length.
-   * @param {number} [config.period=30] Token time-step duration.
-   * @param {number} [config.timestamp=Date.now] Timestamp value in milliseconds.
-   * @returns {string} Token.
-   */
-  static generate({
-    secret,
-    algorithm,
-    digits: digits2,
-    period = _TOTP.defaults.period,
-    timestamp = Date.now()
-  }) {
-    return HOTP.generate({
-      secret,
-      algorithm,
-      digits: digits2,
-      counter: Math.floor(timestamp / 1e3 / period)
-    });
+  set(key, value) {
+    this.client.set(key, value);
   }
-  /**
-   * Generates a TOTP token.
-   * @param {Object} [config] Configuration options.
-   * @param {number} [config.timestamp=Date.now] Timestamp value in milliseconds.
-   * @returns {string} Token.
-   */
-  generate({
-    timestamp = Date.now()
-  } = {}) {
-    return _TOTP.generate({
-      secret: this.secret,
-      algorithm: this.algorithm,
-      digits: this.digits,
-      period: this.period,
-      timestamp
-    });
+  clear() {
+    this.client.clear();
   }
-  /**
-   * Validates a TOTP token.
-   * @param {Object} config Configuration options.
-   * @param {string} config.token Token value.
-   * @param {Secret} config.secret Secret key.
-   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
-   * @param {number} config.digits Token length.
-   * @param {number} [config.period=30] Token time-step duration.
-   * @param {number} [config.timestamp=Date.now] Timestamp value in milliseconds.
-   * @param {number} [config.window=1] Window of counter values to test.
-   * @returns {number|null} Token delta or null if it is not found in the search window, in which case it should be considered invalid.
-   */
-  static validate({
-    token,
-    secret,
-    algorithm,
-    digits: digits2,
-    period = _TOTP.defaults.period,
-    timestamp = Date.now(),
-    window: window2
-  }) {
-    return HOTP.validate({
-      token,
-      secret,
-      algorithm,
-      digits: digits2,
-      counter: Math.floor(timestamp / 1e3 / period),
-      window: window2
+  store() {
+    return this.client.store;
+  }
+  path() {
+    return this.client.path;
+  }
+};
+// packages/cli/app.js
+var App = class {
+  constructor(options = {}) {
+    this.encryptionKey = options.encryptionKey || config_default.masterPasswordHash;
+    this.dataFolder = options.dataFolder || config_default.dataFolder;
+    this.name = options.name || config_default.name;
+    this.db = new DB({
+      encryptionKey: this.encryptionKey,
+      dataFolder: this.dataFolder,
+      name: this.name
     });
+    this.secrets = new Secrets(this.db);
+  }
+  static async masterKey(masterPassword, masterPasswordHash) {
+    masterPassword = masterPassword || config_default.masterPassword;
+    masterPasswordHash = masterPasswordHash || config_default.masterPasswordHash;
+    if (masterPasswordHash) {
+      return masterPasswordHash;
+    } else if (!masterPassword) {
+      masterPassword = await ask({
+        name: "masterPassword",
+        message: "Password:",
+        type: "password",
+        required: true
+      });
+    }
+    masterPasswordHash = Cipher.hash(masterPassword);
+    return masterPasswordHash;
   }
-  /**
-   * Validates a TOTP token.
-   * @param {Object} config Configuration options.
-   * @param {string} config.token Token value.
-   * @param {number} [config.timestamp=Date.now] Timestamp value in milliseconds.
-   * @param {number} [config.window=1] Window of counter values to test.
-   * @returns {number|null} Token delta or null if it is not found in the search window, in which case it should be considered invalid.
-   */
-  validate({
-    token,
-    timestamp,
-    window: window2
-  }) {
-    return _TOTP.validate({
-      token,
-      secret: this.secret,
-      algorithm: this.algorithm,
-      digits: this.digits,
-      period: this.period,
-      timestamp,
-      window: window2
+};
+// packages/cli/wizards/getEncryptionKey.js
+var wizard = async (confirm = false) => {
+  const questions = [
+    {
+      name: "password",
+      message: "password:",
+      type: "password",
+      required: true
+    }
+  ];
+  if (confirm) {
+    questions.push({
+      name: "confirmPassword",
+      message: "confirm password:",
+      type: "password",
+      required: true
     });
   }
-  /**
-   * Returns a Google Authenticator key URI.
-   * @returns {string} URI.
-   */
-  toString() {
-    const e = encodeURIComponent;
-    return `otpauth://totp/${this.issuer.length > 0 ? this.issuerInLabel ? `${e(this.issuer)}:${e(this.label)}?issuer=${e(this.issuer)}&` : `${e(this.label)}?issuer=${e(this.issuer)}&` : `${e(this.label)}?`}secret=${e(this.secret.base32)}&algorithm=${e(this.algorithm)}&digits=${e(this.digits)}&period=${e(this.period)}`;
+  const input = await prompt2(questions);
+  if (input.confirmPassword && input.password !== input.confirmPassword) {
+    throw new Error("Passwords do not match");
   }
+  return Cipher.hash(input.password);
 };
+var getEncryptionKey_default = wizard;
-// packages/sdk/otp.js
-var OTP = class {
-  constructor(secret) {
-    const options = {
-      issuer: "Autho",
-      label: secret.name,
-      algorithm: "SHA1",
-      digits: 6,
-      period: 30,
-      secret: secret.value
-    };
-    this.totp = new TOTP(options);
+// packages/cli/wizards/createSecret.js
+var wizard2 = async (app) => {
+  const secrets = app.secrets;
+  const info = await prompt2([
+    {
+      name: "name",
+      message: "name:",
+      type: "input",
+      required: true
+    },
+    {
+      name: "type",
+      message: "type:",
+      type: "list",
+      default: "password",
+      choices: [
+        { name: "Password", value: "password" },
+        { name: "OTP", value: "otp" },
+        { name: "Note", value: "note" }
+      ],
+      required: true
+    },
+    {
+      name: "protected",
+      message: "protected:",
+      type: "confirm",
+      default: false,
+      required: true
+    }
+  ]);
+  let newSecret = { typeOptions: {} };
+  let encryptionKey = app.db.encryptionKey;
+  if (info.protected) {
+    encryptionKey = await getEncryptionKey_default(true);
   }
-  generate() {
-    return this.totp.generate();
+  switch (info.type) {
+    case "password":
+      {
+        const password = await prompt2([
+          {
+            name: "url",
+            message: "url:",
+            type: "input",
+            required: false
+          },
+          {
+            name: "username",
+            message: "username:",
+            type: "input",
+            required: true
+          },
+          {
+            name: "value",
+            message: "password:",
+            type: "password",
+            required: true
+          }
+        ]);
+        newSecret = {
+          ...info,
+          value: password.value,
+          typeOptions: {
+            username: password.username,
+            url: password.url
+          }
+        };
+      }
+      break;
+    case "note":
+      {
+        const note = await prompt2([
+          {
+            name: "value",
+            message: "note:",
+            type: "password",
+            required: true
+          }
+        ]);
+        newSecret = {
+          ...info,
+          value: note.value,
+          typeOptions: {}
+        };
+      }
+      break;
+    case "otp":
+      {
+        const otp = await prompt2([
+          {
+            name: "username",
+            message: "username:",
+            type: "input",
+            required: true
+          },
+          {
+            name: "value",
+            message: "value:",
+            type: "password",
+            required: true
+          }
+        ]);
+        const test = await prompt2([
+          {
+            name: "validate",
+            message: "validate:",
+            type: "confirm",
+            default: false,
+            required: true
+          }
+        ]);
+        if (test.validate) {
+          generateOTP({
+            name: info.name,
+            value: otp.value
+          });
+          while (1) {
+            const valid = await prompt2([
+              {
+                name: "try",
+                message: "try again?",
+                type: "confirm",
+                default: false,
+                required: true
+              }
+            ]);
+            if (!valid.try) {
+              break;
+            } else {
+              generateOTP({
+                name: info.name,
+                value: otp.value
+              });
+            }
+          }
+        }
+        newSecret = {
+          ...info,
+          value: otp.value,
+          typeOptions: {
+            username: otp.username
+          }
+        };
+      }
+      break;
   }
-  validate(token, window2 = 1) {
-    return this.totp.validate({ token, window: window2 });
+  const created = await secrets.add(newSecret, encryptionKey);
+  console.log("Secret created:", created.id);
+};
+var createSecret_default = wizard2;
+// packages/cli/wizards/getSecret.js
+var wizard3 = async (app) => {
+  const existingSecrets = app.db.get("secrets", []);
+  if (existingSecrets.length === 0) {
+    throw new Error("No secrets found");
+  }
+  const choices = existingSecrets.map((secret2) => ({
+    value: secret2.id,
+    name: `${secret2.name} ${secret2.typeOptions.username ? `(${secret2.typeOptions.username}) ` : ""}(${secret2.id})`
+  }));
+  const { id: secretId } = await prompt2({
+    name: "id",
+    message: "Secrets:",
+    type: "list",
+    choices,
+    required: true
+  });
+  const secret = await app.secrets.get(secretId);
+  if (!secret) {
+    throw new Error("Secret not found");
   }
+  return secret;
 };
+var getSecret_default = wizard3;
 // packages/shared/logger.js
 var import_baloga = __toESM(require_baloga(), 1);
@@ -59620,18 +59662,41 @@ var basename = (filePath) => {
   const folderName = import_path2.default.basename(normalizedPath);
   return folderName;
 };
-program2.name("autho").description("Secrets manager").version("0.0.1").option("-p, --password <password>", "Master password").option("-ph, --passwordHash <passwordHash>", "Master password hash").option("-n, --name <name>", "Collection name", "default").option(
-  "-data, --dataFolder <folderPath>",
+function printLine(text) {
+  process.stdout.write("\x1B[2K\x1B[1G");
+  process.stdout.write(text);
+}
+var countDown = async (textStart, textEnd, seconds) => {
+  return new Promise((resolve) => {
+    const interval = setInterval(() => {
+      printLine(textStart + seconds + "s");
+      seconds--;
+      if (seconds < 0) {
+        printLine(textEnd);
+        process.stdout.write("\n");
+        clearInterval(interval);
+        resolve();
+      }
+    }, 1e3);
+  });
+};
+var initApp = async (args, opts) => {
+  const { password, passwordHash } = { ...opts, ...args };
+  args.encryptionKey = await App.masterKey(
+    password,
+    passwordHash
+  );
+  const app = new App(args);
+  return app;
+};
+program2.name("autho").description("Secrets manager").version("0.0.11").option("-p, --password <password>", "Master password").option("-ph, --passwordHash <passwordHash>", "Master password hash").option("-n, --name <name>", "Collection name").option(
+  "--dataFolder <folderPath>",
   "Folder path to store secrets db",
   getAuthoAbsolutePath
 ).action(async (args) => {
   try {
-    logger2.debug("args:", args);
-    args.encryptionKey = await App.masterKey(
-      args.password,
-      args.passwordHash
-    );
-    const app = new App(args);
+    logger2.debug("input:", args);
+    const app = await initApp(args, program2.opts());
     logger2.debug(`Reading data from:`, app.db.path());
     let choices = [
       { value: "create", name: "Create new secret" },
@@ -59666,12 +59731,12 @@ program2.name("autho").description("Secrets manager").version("0.0.1").option("-
               break;
             case "otp":
               {
-                const otp = new OTP(readSecret);
-                console.log("OTP code:", otp.generate());
-                setTimeout(() => {
-                  console.log("Expired");
-                  process.exit(0);
-                }, 3e4);
+                generateOTP(readSecret);
+                await countDown(
+                  "Expired in: ",
+                  "The code is not longer valid, please generate new code.",
+                  30
+                );
               }
               break;
           }
@@ -59682,7 +59747,6 @@ program2.name("autho").description("Secrets manager").version("0.0.1").option("-
           const deleteSecret = await getSecret_default(app);
           await app.secrets.remove(deleteSecret.id);
           console.log("Removed");
-          process.exit(0);
         }
         break;
       default:
@@ -59694,9 +59758,50 @@ program2.name("autho").description("Secrets manager").version("0.0.1").option("-
     console.log(error.stack);
     process.exit(1);
   }
+  process.exit(0);
+});
+program2.command("secret").description("Secret operations").option("--action <action>", "Secret action (create/list/read/delete)", "create").option("--id <id>", "Secret id").option("--decrypt", "Decrypt secret", false).action(async (args) => {
+  try {
+    logger2.debug(`input:`, args);
+    const { id, decrypt, action } = args;
+    const app = await initApp(args, program2.opts());
+    logger2.debug(`Reading data from:`, app.db.path());
+    switch (action) {
+      case "read": {
+        const selected = await app.secrets.get(id);
+        if (!selected) {
+          throw new Error("No secret found");
+        }
+        if (decrypt) {
+          selected.value = Cipher.decrypt({
+            ...selected,
+            encryptionKey: app.encryptionKey
+          });
+        }
+        console.log(selected);
+        break;
+      }
+      case "delete":
+        await app.secrets.remove(id);
+        break;
+      case "create":
+        await createSecret_default(app);
+        break;
+      case "list":
+        console.dir(app.secrets.secrets);
+        break;
+      default:
+        throw new Error("Unknown action:", action);
+    }
+  } catch (error) {
+    logger2.error("Something went wrong, Error: ", error.message);
+    console.log(error.stack);
+    process.exit(1);
+  }
+  process.exit(0);
 });
 program2.command("file").description("Encrypt/Decrypt file").option("-f, --filePath <filePath>", "File path").option("-en, --encrypt", "Encrypt file", false).option("-de, --decrypt", "Decrypt file", false).option("--override", "Override original file", false).action(async (args) => {
-  logger2.debug(`file:`, args);
+  logger2.debug(`input:`, args);
   const { encrypt, decrypt, override } = args;
   let { filePath } = args;
   filePath = toAbsolutePath(filePath);
@@ -59721,7 +59826,7 @@ program2.command("file").description("Encrypt/Decrypt file").option("-f, --fileP
 });
 program2.command("files").description("Encrypt/Decrypt file").option("--input <inputPath>", "Folder path").option("--output <outputPath>", "Folder path", process.cwd()).option("-en, --encrypt", "Encrypt folder", false).option("-de, --decrypt", "Decrypt folder", false).action(async (args) => {
   try {
-    logger2.debug(`files:`, args);
+    logger2.debug(`input:`, args);
     const { encrypt, decrypt } = args;
     let { input, output } = args;
     input = toAbsolutePath(input);
@@ -59755,7 +59860,7 @@ program2.command("files").description("Encrypt/Decrypt file").option("--input <i
   }
   process.exit(0);
 });
-program2.parse();
+program2.parse(process.argv);
 /*! Bundled license information:
 safe-buffer/index.js: