npm - autho - Versions diffs - 0.0.12 → 0.0.13 - Mend

autho 0.0.12 → 0.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/build/bin.js +2277 -2190
package/package.json +14 -14

package/build/bin.js CHANGED Viewed

@@ -23161,7 +23161,7 @@ var require_bl = __commonJS({
 var require_ora = __commonJS({
   "node_modules/.pnpm/ora@5.4.1/node_modules/ora/index.js"(exports2, module2) {
     "use strict";
-    var readline3 = require("readline");
+    var readline2 = require("readline");
     var chalk2 = require_source();
     var cliCursor3 = require_cli_cursor();
     var cliSpinners = require_cli_spinners();
@@ -23214,7 +23214,7 @@ var require_ora = __commonJS({
         if (process.platform === "win32") {
           return;
         }
-        this.rl = readline3.createInterface({
+        this.rl = readline2.createInterface({
           input: process.stdin,
           output: this.mutedStream
         });
@@ -57229,2371 +57229,2412 @@ var inquirer = {
 };
 var inquirer_default = inquirer;
-// packages/cli/utils.js
-var prompt2 = inquirer_default.prompt;
-var ask = async ({ name = "", message = "", type = "input" }) => {
-  const answers = await inquirer_default.prompt([
-    {
-      name,
-      message,
-      type
+// node_modules/.pnpm/otpauth@9.2.3/node_modules/otpauth/dist/otpauth.node.mjs
+var crypto = __toESM(require("node:crypto"), 1);
+var uintToBuf = (num) => {
+  const buf = new ArrayBuffer(8);
+  const arr = new Uint8Array(buf);
+  let acc = num;
+  for (let i = 7; i >= 0; i--) {
+    if (acc === 0)
+      break;
+    arr[i] = acc & 255;
+    acc -= arr[i];
+    acc /= 256;
+  }
+  return buf;
+};
+var jsSHA = void 0;
+var globalScope = (() => {
+  if (typeof globalThis === "object")
+    return globalThis;
+  else {
+    Object.defineProperty(Object.prototype, "__GLOBALTHIS__", {
+      get() {
+        return this;
+      },
+      configurable: true
+    });
+    try {
+      if (typeof __GLOBALTHIS__ !== "undefined")
+        return __GLOBALTHIS__;
+    } finally {
+      delete Object.prototype.__GLOBALTHIS__;
     }
-  ]);
-  return answers[name];
+  }
+  if (typeof self !== "undefined")
+    return self;
+  else if (typeof window !== "undefined")
+    return window;
+  else if (typeof global !== "undefined")
+    return global;
+  return void 0;
+})();
+var OPENSSL_JSSHA_ALGO_MAP = {
+  SHA1: "SHA-1",
+  SHA224: "SHA-224",
+  SHA256: "SHA-256",
+  SHA384: "SHA-384",
+  SHA512: "SHA-512",
+  "SHA3-224": "SHA3-224",
+  "SHA3-256": "SHA3-256",
+  "SHA3-384": "SHA3-384",
+  "SHA3-512": "SHA3-512"
 };
-// packages/models/Secret.js
-var import_joi = __toESM(require_lib6(), 1);
-var import_node_crypto = require("node:crypto");
-var createSecretSchema = import_joi.default.object({
-  id: import_joi.default.string().default((0, import_node_crypto.randomUUID)()),
-  protected: import_joi.default.boolean().default(false),
-  name: import_joi.default.string().required(),
-  type: import_joi.default.string().required().valid("otp", "password", "note"),
-  value: import_joi.default.string().required(),
-  typeOptions: import_joi.default.object().default({}),
-  createdAt: import_joi.default.date().default(/* @__PURE__ */ new Date())
-});
-// packages/sdk/cipher.js
-var import_crypto = __toESM(require("crypto"), 1);
-var import_fs = __toESM(require("fs"), 1);
-var import_path = __toESM(require("path"), 1);
-var import_zlib = __toESM(require("zlib"), 1);
-// packages/shared/config.js
-var import_dotenv = __toESM(require_main2(), 1);
-import_dotenv.default.config();
-var config_default = {
-  masterPasswordHash: process.env.AUTHO_MASTER_PASSWORD_HASH,
-  masterPassword: process.env.AUTHO_MASTER_PASSWORD,
-  randomSize: process.env.AUTHO_RANDOM_SIZE || 16,
-  encryptionALgo: process.env.AUTHO_ENCRYPTION_ALGO || "aes-256-gcm",
-  hashAlgo: process.env.AUTHO_HASH_ALGO || "sha256",
-  dataFolder: process.env.AUTHO_DATA_FOLDER,
-  name: process.env.AUTHO_COLLECTION_NAME || "default"
+var hmacDigest = (algorithm, key, message) => {
+  if (crypto?.createHmac) {
+    const hmac = crypto.createHmac(algorithm, globalScope.Buffer.from(key));
+    hmac.update(globalScope.Buffer.from(message));
+    return hmac.digest().buffer;
+  } else {
+    const variant = OPENSSL_JSSHA_ALGO_MAP[algorithm.toUpperCase()];
+    if (typeof variant === "undefined") {
+      throw new TypeError("Unknown hash function");
+    }
+    const hmac = new jsSHA(variant, "ARRAYBUFFER");
+    hmac.setHMACKey(key, "ARRAYBUFFER");
+    hmac.update(message);
+    return hmac.getHMAC("ARRAYBUFFER");
+  }
 };
-// packages/sdk/cipher.js
-var Cipher = class _Cipher {
-  static hash(text, algorithm = config_default.hashAlgo, encoding = "hex") {
-    const hash = import_crypto.default.createHash(algorithm);
-    hash.update(text);
-    return hash.digest(encoding);
+var ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
+var base32ToBuf = (str) => {
+  let end = str.length;
+  while (str[end - 1] === "=")
+    --end;
+  const cstr = (end < str.length ? str.substring(0, end) : str).toUpperCase();
+  const buf = new ArrayBuffer(cstr.length * 5 / 8 | 0);
+  const arr = new Uint8Array(buf);
+  let bits = 0;
+  let value = 0;
+  let index = 0;
+  for (let i = 0; i < cstr.length; i++) {
+    const idx = ALPHABET.indexOf(cstr[i]);
+    if (idx === -1)
+      throw new TypeError(`Invalid character found: ${cstr[i]}`);
+    value = value << 5 | idx;
+    bits += 5;
+    if (bits >= 8) {
+      bits -= 8;
+      arr[index++] = value >>> bits;
+    }
   }
-  static random(size = config_default.randomSize) {
-    const rnd = import_crypto.default.randomBytes(size);
-    return rnd;
+  return buf;
+};
+var base32FromBuf = (buf) => {
+  const arr = new Uint8Array(buf);
+  let bits = 0;
+  let value = 0;
+  let str = "";
+  for (let i = 0; i < arr.length; i++) {
+    value = value << 8 | arr[i];
+    bits += 8;
+    while (bits >= 5) {
+      str += ALPHABET[value >>> bits - 5 & 31];
+      bits -= 5;
+    }
   }
-  static randomString(encoding = "hex") {
-    const rnd = _Cipher.random().toString(encoding);
-    return rnd;
+  if (bits > 0) {
+    str += ALPHABET[value << 5 - bits & 31];
   }
-  static sign(text) {
-    const hash = _Cipher.hash(text);
-    const signature = `${hash.substring(0, 10)}:${hash.substring(hash.length - 10)}`;
-    return signature;
+  return str;
+};
+var hexToBuf = (str) => {
+  const buf = new ArrayBuffer(str.length / 2);
+  const arr = new Uint8Array(buf);
+  for (let i = 0; i < str.length; i += 2) {
+    arr[i / 2] = parseInt(str.substring(i, i + 2), 16);
   }
-  static verify(text, signature) {
-    const expectedSignature = _Cipher.sign(text);
-    return expectedSignature === signature;
+  return buf;
+};
+var hexFromBuf = (buf) => {
+  const arr = new Uint8Array(buf);
+  let str = "";
+  for (let i = 0; i < arr.length; i++) {
+    const hex = arr[i].toString(16);
+    if (hex.length === 1)
+      str += "0";
+    str += hex;
   }
-  static encrypt({
-    value,
-    encryptionKey,
-    algorithm = config_default.encryptionALgo,
-    encoding = "hex"
-  }) {
-    const publicKey = _Cipher.randomString();
-    let cipher = import_crypto.default.createCipheriv(
-      algorithm,
-      Buffer.from(encryptionKey, encoding),
-      Buffer.from(publicKey, encoding),
-      { authTagLength: 16 }
-    );
-    let encrypted = cipher.update(value);
-    encrypted = Buffer.concat([encrypted, cipher.final()]);
-    encrypted = encrypted.toString(encoding);
-    const authTag = cipher.getAuthTag().toString(encoding);
-    return {
-      publicKey,
-      encrypted,
-      algorithm,
-      signature: _Cipher.sign(value),
-      encoding,
-      authTag,
-      provider: "crypto",
-      platform: "autho"
-    };
+  return str.toUpperCase();
+};
+var latin1ToBuf = (str) => {
+  const buf = new ArrayBuffer(str.length);
+  const arr = new Uint8Array(buf);
+  for (let i = 0; i < str.length; i++) {
+    arr[i] = str.charCodeAt(i) & 255;
   }
-  static decrypt({
-    value,
-    publicKey,
-    encryptionKey,
-    signature = false,
-    algorithm = config_default.encryptionALgo,
-    authTag,
-    encoding = "hex"
-  }) {
-    value = Buffer.from(value, encoding);
-    let decipher = import_crypto.default.createDecipheriv(
-      algorithm,
-      Buffer.from(encryptionKey, encoding),
-      Buffer.from(publicKey, encoding),
-      { authTagLength: 16 }
-    );
-    if (authTag) {
-      decipher.setAuthTag(Buffer.from(authTag, encoding));
-    }
-    let decrypted = decipher.update(value);
-    decrypted = Buffer.concat([decrypted, decipher.final()]);
-    decrypted = decrypted.toString();
-    if (signature && !_Cipher.verify(decrypted, signature)) {
-      throw new Error("Invalid signature");
-    }
-    return decrypted;
+  return buf;
+};
+var latin1FromBuf = (buf) => {
+  const arr = new Uint8Array(buf);
+  let str = "";
+  for (let i = 0; i < arr.length; i++) {
+    str += String.fromCharCode(arr[i]);
   }
-  static canDecrypt(options) {
-    return options.platform === "autho";
+  return str;
+};
+var ENCODER = globalScope.TextEncoder ? new globalScope.TextEncoder("utf-8") : null;
+var DECODER = globalScope.TextDecoder ? new globalScope.TextDecoder("utf-8") : null;
+var utf8ToBuf = (str) => {
+  if (!ENCODER) {
+    throw new Error("Encoding API not available");
   }
-  static encryptFile(inputFilePath, outputFilePath, encryptionKey) {
-    const inputBuffer = import_fs.default.readFileSync(inputFilePath);
-    const params = {
-      value: inputBuffer,
-      encryptionKey
-    };
-    const encryptedData = _Cipher.encrypt(params);
-    import_fs.default.writeFileSync(
-      outputFilePath,
-      Buffer.from(JSON.stringify(encryptedData)).toString("base64")
-    );
+  return ENCODER.encode(str).buffer;
+};
+var utf8FromBuf = (buf) => {
+  if (!DECODER) {
+    throw new Error("Encoding API not available");
   }
-  static decryptFile(inputFilePath, outputFilePath, encryptionKey) {
-    const inputFileContent = import_fs.default.readFileSync(inputFilePath);
-    const decoded = Buffer.from(
-      inputFileContent.toString("utf-8"),
-      "base64"
-    ).toString("utf-8");
-    const encryptedData = JSON.parse(decoded);
-    if (!_Cipher.canDecrypt(encryptedData)) {
-      throw new Error("Invalid file");
+  return DECODER.decode(buf);
+};
+var randomBytes2 = (size) => {
+  if (crypto?.randomBytes) {
+    return crypto.randomBytes(size).buffer;
+  } else {
+    if (!globalScope.crypto?.getRandomValues) {
+      throw new Error("Cryptography API not available");
     }
-    const params = {
-      ...encryptedData,
-      value: encryptedData.encrypted,
-      encryptionKey
-    };
-    const decryptedData = _Cipher.decrypt(params);
-    import_fs.default.writeFileSync(outputFilePath, decryptedData);
+    return globalScope.crypto.getRandomValues(new Uint8Array(size)).buffer;
   }
-  static encryptFolder({ inputFolderPath, outputFilePath, encryptionKey, algorithm = config_default.encryptionALgo, encoding = "hex" }) {
-    const outputStream = import_fs.default.createWriteStream(outputFilePath);
-    const gzip = import_zlib.default.createGzip();
-    gzip.pipe(outputStream);
-    const baseFolder = import_path.default.basename(inputFolderPath);
-    function traverseFolder(folderPath) {
-      const items = import_fs.default.readdirSync(folderPath);
-      for (const item of items) {
-        const itemPath = import_path.default.join(baseFolder, import_path.default.relative(inputFolderPath, import_path.default.join(folderPath, item)));
-        if (import_fs.default.statSync(itemPath).isDirectory()) {
-          traverseFolder(itemPath);
-        } else {
-          const fileContent = import_fs.default.readFileSync(itemPath);
-          const params = {
-            value: fileContent,
-            encryptionKey,
-            algorithm,
-            encoding
-          };
-          const encryptedData = _Cipher.encrypt(params);
-          const encrypted = encryptedData.encrypted;
-          delete encryptedData.encrypted;
-          const encryptionMeta = Buffer.from(JSON.stringify(encryptedData)).toString("base64");
-          gzip.write(`${itemPath}
----
-${encrypted}
----
-${encryptionMeta}
-:::
-`);
-        }
-      }
-    }
-    traverseFolder(inputFolderPath);
-    gzip.end();
-    return new Promise((resolve, reject) => {
-      outputStream.on("finish", resolve);
-      outputStream.on("error", reject);
-    });
+};
+var Secret = class _Secret {
+  /**
+   * Creates a secret key object.
+   * @param {Object} [config] Configuration options.
+   * @param {ArrayBuffer} [config.buffer=randomBytes] Secret key.
+   * @param {number} [config.size=20] Number of random bytes to generate, ignored if 'buffer' is provided.
+   */
+  constructor({
+    buffer,
+    size = 20
+  } = {}) {
+    this.buffer = typeof buffer === "undefined" ? randomBytes2(size) : buffer;
   }
-  static decryptFolder({ inputFilePath, outputFolderPath, encryptionKey }) {
-    const inputStream = import_fs.default.createReadStream(inputFilePath);
-    const gunzip = import_zlib.default.createGunzip();
-    inputStream.pipe(gunzip);
-    let buff = "";
-    const compileFile = (data) => {
-      buff += data;
-      if (buff.includes(":::")) {
-        const [file, next] = buff.split("\n:::\n");
-        let [filePath, encrypted, encryptionMeta] = file.split("\n---\n");
-        filePath = import_path.default.join(outputFolderPath, filePath);
-        try {
-          import_fs.default.mkdirSync(import_path.default.dirname(filePath), { recursive: true });
-        } catch (error) {
-        }
-        const decoded = Buffer.from(
-          encryptionMeta,
-          "base64"
-        ).toString("utf-8");
-        const metaData = JSON.parse(decoded);
-        const params = {
-          ...metaData,
-          value: encrypted,
-          encryptionKey
-        };
-        const decryptedData = _Cipher.decrypt(params);
-        import_fs.default.writeFileSync(filePath, decryptedData);
-        buff = next;
-      }
-    };
-    gunzip.on("data", (data) => {
-      compileFile(data.toString("utf8"));
-    });
-    return new Promise((resolve, reject) => {
-      gunzip.on("end", resolve);
-      gunzip.on("error", reject);
+  /**
+   * Converts a Latin-1 string to a Secret object.
+   * @param {string} str Latin-1 string.
+   * @returns {Secret} Secret object.
+   */
+  static fromLatin1(str) {
+    return new _Secret({
+      buffer: latin1ToBuf(str)
     });
   }
-};
-// packages/sdk/secrets.js
-var Secrets = class {
-  constructor(db) {
-    this.db = db;
+  /**
+   * Converts an UTF-8 string to a Secret object.
+   * @param {string} str UTF-8 string.
+   * @returns {Secret} Secret object.
+   */
+  static fromUTF8(str) {
+    return new _Secret({
+      buffer: utf8ToBuf(str)
+    });
   }
-  get secrets() {
-    return this.db.get("secrets", []);
+  /**
+   * Converts a base32 string to a Secret object.
+   * @param {string} str Base32 string.
+   * @returns {Secret} Secret object.
+   */
+  static fromBase32(str) {
+    return new _Secret({
+      buffer: base32ToBuf(str)
+    });
   }
-  set secrets(value) {
-    this.db.set("secrets", value);
+  /**
+   * Converts a hexadecimal string to a Secret object.
+   * @param {string} str Hexadecimal string.
+   * @returns {Secret} Secret object.
+   */
+  static fromHex(str) {
+    return new _Secret({
+      buffer: hexToBuf(str)
+    });
   }
-  async get(id) {
-    return this.secrets.find((secret) => secret.id == id);
+  /**
+   * Latin-1 string representation of secret key.
+   * @type {string}
+   */
+  get latin1() {
+    Object.defineProperty(this, "latin1", {
+      enumerable: true,
+      value: latin1FromBuf(this.buffer)
+    });
+    return this.latin1;
   }
-  async add(secret, encryptionKey) {
-    const { value, error } = createSecretSchema.validate(secret);
-    if (error) {
-      throw new Error(error);
-    }
-    const { encrypted, ...encryption } = Cipher.encrypt({
-      ...value,
-      encryptionKey
+  /**
+   * UTF-8 string representation of secret key.
+   * @type {string}
+   */
+  get utf8() {
+    Object.defineProperty(this, "utf8", {
+      enumerable: true,
+      value: utf8FromBuf(this.buffer)
     });
-    this.secrets = [
-      ...this.secrets,
-      { ...value, ...encryption, value: encrypted }
-    ];
+    return this.utf8;
   }
-  async remove(id) {
-    this.secrets = this.secrets.filter((secret) => secret.id != id);
+  /**
+   * Base32 string representation of secret key.
+   * @type {string}
+   */
+  get base32() {
+    Object.defineProperty(this, "base32", {
+      enumerable: true,
+      value: base32FromBuf(this.buffer)
+    });
+    return this.base32;
   }
-  async clear() {
-    this.secrets = [];
+  /**
+   * Hexadecimal string representation of secret key.
+   * @type {string}
+   */
+  get hex() {
+    Object.defineProperty(this, "hex", {
+      enumerable: true,
+      value: hexFromBuf(this.buffer)
+    });
+    return this.hex;
   }
 };
-// node_modules/.pnpm/conf@12.0.0/node_modules/conf/dist/source/index.js
-var import_node_util2 = require("node:util");
-var import_node_process7 = __toESM(require("node:process"), 1);
-var import_node_fs2 = __toESM(require("node:fs"), 1);
-var import_node_path4 = __toESM(require("node:path"), 1);
-var import_node_crypto2 = __toESM(require("node:crypto"), 1);
-var import_node_assert2 = __toESM(require("node:assert"), 1);
-// node_modules/.pnpm/dot-prop@8.0.2/node_modules/dot-prop/index.js
-var isObject = (value) => {
-  const type = typeof value;
-  return value !== null && (type === "object" || type === "function");
+var timingSafeEqual2 = (a, b) => {
+  if (crypto?.timingSafeEqual) {
+    return crypto.timingSafeEqual(globalScope.Buffer.from(a), globalScope.Buffer.from(b));
+  } else {
+    if (a.length !== b.length) {
+      throw new TypeError("Input strings must have the same length");
+    }
+    let i = -1;
+    let out = 0;
+    while (++i < a.length) {
+      out |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    }
+    return out === 0;
+  }
 };
-var disallowedKeys = /* @__PURE__ */ new Set([
-  "__proto__",
-  "prototype",
-  "constructor"
-]);
-var digits = new Set("0123456789");
-function getPathSegments(path5) {
-  const parts = [];
-  let currentSegment = "";
-  let currentPart = "start";
-  let isIgnoring = false;
-  for (const character of path5) {
-    switch (character) {
-      case "\\": {
-        if (currentPart === "index") {
-          throw new Error("Invalid character in an index");
-        }
-        if (currentPart === "indexEnd") {
-          throw new Error("Invalid character after an index");
-        }
-        if (isIgnoring) {
-          currentSegment += character;
-        }
-        currentPart = "property";
-        isIgnoring = !isIgnoring;
-        break;
-      }
-      case ".": {
-        if (currentPart === "index") {
-          throw new Error("Invalid character in an index");
-        }
-        if (currentPart === "indexEnd") {
-          currentPart = "property";
-          break;
-        }
-        if (isIgnoring) {
-          isIgnoring = false;
-          currentSegment += character;
-          break;
-        }
-        if (disallowedKeys.has(currentSegment)) {
-          return [];
-        }
-        parts.push(currentSegment);
-        currentSegment = "";
-        currentPart = "property";
-        break;
-      }
-      case "[": {
-        if (currentPart === "index") {
-          throw new Error("Invalid character in an index");
-        }
-        if (currentPart === "indexEnd") {
-          currentPart = "index";
-          break;
-        }
-        if (isIgnoring) {
-          isIgnoring = false;
-          currentSegment += character;
-          break;
-        }
-        if (currentPart === "property") {
-          if (disallowedKeys.has(currentSegment)) {
-            return [];
-          }
-          parts.push(currentSegment);
-          currentSegment = "";
-        }
-        currentPart = "index";
-        break;
-      }
-      case "]": {
-        if (currentPart === "index") {
-          parts.push(Number.parseInt(currentSegment, 10));
-          currentSegment = "";
-          currentPart = "indexEnd";
-          break;
-        }
-        if (currentPart === "indexEnd") {
-          throw new Error("Invalid character after an index");
-        }
-      }
-      default: {
-        if (currentPart === "index" && !digits.has(character)) {
-          throw new Error("Invalid character in an index");
-        }
-        if (currentPart === "indexEnd") {
-          throw new Error("Invalid character after an index");
-        }
-        if (currentPart === "start") {
-          currentPart = "property";
-        }
-        if (isIgnoring) {
-          isIgnoring = false;
-          currentSegment += "\\";
-        }
-        currentSegment += character;
-      }
-    }
-  }
-  if (isIgnoring) {
-    currentSegment += "\\";
-  }
-  switch (currentPart) {
-    case "property": {
-      if (disallowedKeys.has(currentSegment)) {
-        return [];
-      }
-      parts.push(currentSegment);
-      break;
-    }
-    case "index": {
-      throw new Error("Index was not closed");
-    }
-    case "start": {
-      parts.push("");
-      break;
-    }
-  }
-  return parts;
-}
-function isStringIndex(object, key) {
-  if (typeof key !== "number" && Array.isArray(object)) {
-    const index = Number.parseInt(key, 10);
-    return Number.isInteger(index) && object[index] === object[key];
+var HOTP = class _HOTP {
+  /**
+   * Default configuration.
+   * @type {{
+   *   issuer: string,
+   *   label: string,
+   *   issuerInLabel: boolean,
+   *   algorithm: string,
+   *   digits: number,
+   *   counter: number
+   *   window: number
+   * }}
+   */
+  static get defaults() {
+    return {
+      issuer: "",
+      label: "OTPAuth",
+      issuerInLabel: true,
+      algorithm: "SHA1",
+      digits: 6,
+      counter: 0,
+      window: 1
+    };
   }
-  return false;
-}
-function assertNotStringIndex(object, key) {
-  if (isStringIndex(object, key)) {
-    throw new Error("Cannot use string index");
+  /**
+   * Creates an HOTP object.
+   * @param {Object} [config] Configuration options.
+   * @param {string} [config.issuer=''] Account provider.
+   * @param {string} [config.label='OTPAuth'] Account label.
+   * @param {boolean} [config.issuerInLabel=true] Include issuer prefix in label.
+   * @param {Secret|string} [config.secret=Secret] Secret key.
+   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
+   * @param {number} [config.digits=6] Token length.
+   * @param {number} [config.counter=0] Initial counter value.
+   */
+  constructor({
+    issuer = _HOTP.defaults.issuer,
+    label = _HOTP.defaults.label,
+    issuerInLabel = _HOTP.defaults.issuerInLabel,
+    secret = new Secret(),
+    algorithm = _HOTP.defaults.algorithm,
+    digits: digits2 = _HOTP.defaults.digits,
+    counter = _HOTP.defaults.counter
+  } = {}) {
+    this.issuer = issuer;
+    this.label = label;
+    this.issuerInLabel = issuerInLabel;
+    this.secret = typeof secret === "string" ? Secret.fromBase32(secret) : secret;
+    this.algorithm = algorithm.toUpperCase();
+    this.digits = digits2;
+    this.counter = counter;
   }
-}
-function getProperty(object, path5, value) {
-  if (!isObject(object) || typeof path5 !== "string") {
-    return value === void 0 ? object : value;
+  /**
+   * Generates an HOTP token.
+   * @param {Object} config Configuration options.
+   * @param {Secret} config.secret Secret key.
+   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
+   * @param {number} [config.digits=6] Token length.
+   * @param {number} [config.counter=0] Counter value.
+   * @returns {string} Token.
+   */
+  static generate({
+    secret,
+    algorithm = _HOTP.defaults.algorithm,
+    digits: digits2 = _HOTP.defaults.digits,
+    counter = _HOTP.defaults.counter
+  }) {
+    const digest = new Uint8Array(hmacDigest(algorithm, secret.buffer, uintToBuf(counter)));
+    const offset = digest[digest.byteLength - 1] & 15;
+    const otp = ((digest[offset] & 127) << 24 | (digest[offset + 1] & 255) << 16 | (digest[offset + 2] & 255) << 8 | digest[offset + 3] & 255) % 10 ** digits2;
+    return otp.toString().padStart(digits2, "0");
   }
-  const pathArray = getPathSegments(path5);
-  if (pathArray.length === 0) {
-    return value;
+  /**
+   * Generates an HOTP token.
+   * @param {Object} [config] Configuration options.
+   * @param {number} [config.counter=this.counter++] Counter value.
+   * @returns {string} Token.
+   */
+  generate({
+    counter = this.counter++
+  } = {}) {
+    return _HOTP.generate({
+      secret: this.secret,
+      algorithm: this.algorithm,
+      digits: this.digits,
+      counter
+    });
   }
-  for (let index = 0; index < pathArray.length; index++) {
-    const key = pathArray[index];
-    if (isStringIndex(object, key)) {
-      object = index === pathArray.length - 1 ? void 0 : null;
-    } else {
-      object = object[key];
-    }
-    if (object === void 0 || object === null) {
-      if (index !== pathArray.length - 1) {
-        return value;
+  /**
+   * Validates an HOTP token.
+   * @param {Object} config Configuration options.
+   * @param {string} config.token Token value.
+   * @param {Secret} config.secret Secret key.
+   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
+   * @param {number} config.digits Token length.
+   * @param {number} [config.counter=0] Counter value.
+   * @param {number} [config.window=1] Window of counter values to test.
+   * @returns {number|null} Token delta or null if it is not found in the search window, in which case it should be considered invalid.
+   */
+  static validate({
+    token,
+    secret,
+    algorithm,
+    digits: digits2,
+    counter = _HOTP.defaults.counter,
+    window: window2 = _HOTP.defaults.window
+  }) {
+    if (token.length !== digits2)
+      return null;
+    let delta = null;
+    for (let i = counter - window2; i <= counter + window2; ++i) {
+      const generatedToken = _HOTP.generate({
+        secret,
+        algorithm,
+        digits: digits2,
+        counter: i
+      });
+      if (timingSafeEqual2(token, generatedToken)) {
+        delta = i - counter;
       }
-      break;
-    }
-  }
-  return object === void 0 ? value : object;
-}
-function setProperty(object, path5, value) {
-  if (!isObject(object) || typeof path5 !== "string") {
-    return object;
-  }
-  const root = object;
-  const pathArray = getPathSegments(path5);
-  for (let index = 0; index < pathArray.length; index++) {
-    const key = pathArray[index];
-    assertNotStringIndex(object, key);
-    if (index === pathArray.length - 1) {
-      object[key] = value;
-    } else if (!isObject(object[key])) {
-      object[key] = typeof pathArray[index + 1] === "number" ? [] : {};
-    }
-    object = object[key];
-  }
-  return root;
-}
-function deleteProperty(object, path5) {
-  if (!isObject(object) || typeof path5 !== "string") {
-    return false;
-  }
-  const pathArray = getPathSegments(path5);
-  for (let index = 0; index < pathArray.length; index++) {
-    const key = pathArray[index];
-    assertNotStringIndex(object, key);
-    if (index === pathArray.length - 1) {
-      delete object[key];
-      return true;
-    }
-    object = object[key];
-    if (!isObject(object)) {
-      return false;
     }
+    return delta;
   }
-}
-function hasProperty(object, path5) {
-  if (!isObject(object) || typeof path5 !== "string") {
-    return false;
-  }
-  const pathArray = getPathSegments(path5);
-  if (pathArray.length === 0) {
-    return false;
+  /**
+   * Validates an HOTP token.
+   * @param {Object} config Configuration options.
+   * @param {string} config.token Token value.
+   * @param {number} [config.counter=this.counter] Counter value.
+   * @param {number} [config.window=1] Window of counter values to test.
+   * @returns {number|null} Token delta or null if it is not found in the search window, in which case it should be considered invalid.
+   */
+  validate({
+    token,
+    counter = this.counter,
+    window: window2
+  }) {
+    return _HOTP.validate({
+      token,
+      secret: this.secret,
+      algorithm: this.algorithm,
+      digits: this.digits,
+      counter,
+      window: window2
+    });
   }
-  for (const key of pathArray) {
-    if (!isObject(object) || !(key in object) || isStringIndex(object, key)) {
-      return false;
-    }
-    object = object[key];
+  /**
+   * Returns a Google Authenticator key URI.
+   * @returns {string} URI.
+   */
+  toString() {
+    const e = encodeURIComponent;
+    return `otpauth://hotp/${this.issuer.length > 0 ? this.issuerInLabel ? `${e(this.issuer)}:${e(this.label)}?issuer=${e(this.issuer)}&` : `${e(this.label)}?issuer=${e(this.issuer)}&` : `${e(this.label)}?`}secret=${e(this.secret.base32)}&algorithm=${e(this.algorithm)}&digits=${e(this.digits)}&counter=${e(this.counter)}`;
   }
-  return true;
-}
-// node_modules/.pnpm/env-paths@3.0.0/node_modules/env-paths/index.js
-var import_node_path = __toESM(require("node:path"), 1);
-var import_node_os2 = __toESM(require("node:os"), 1);
-var import_node_process2 = __toESM(require("node:process"), 1);
-var homedir = import_node_os2.default.homedir();
-var tmpdir = import_node_os2.default.tmpdir();
-var { env: env2 } = import_node_process2.default;
-var macos = (name) => {
-  const library = import_node_path.default.join(homedir, "Library");
-  return {
-    data: import_node_path.default.join(library, "Application Support", name),
-    config: import_node_path.default.join(library, "Preferences", name),
-    cache: import_node_path.default.join(library, "Caches", name),
-    log: import_node_path.default.join(library, "Logs", name),
-    temp: import_node_path.default.join(tmpdir, name)
-  };
-};
-var windows = (name) => {
-  const appData = env2.APPDATA || import_node_path.default.join(homedir, "AppData", "Roaming");
-  const localAppData = env2.LOCALAPPDATA || import_node_path.default.join(homedir, "AppData", "Local");
-  return {
-    // Data/config/cache/log are invented by me as Windows isn't opinionated about this
-    data: import_node_path.default.join(localAppData, name, "Data"),
-    config: import_node_path.default.join(appData, name, "Config"),
-    cache: import_node_path.default.join(localAppData, name, "Cache"),
-    log: import_node_path.default.join(localAppData, name, "Log"),
-    temp: import_node_path.default.join(tmpdir, name)
-  };
-};
-var linux = (name) => {
-  const username = import_node_path.default.basename(homedir);
-  return {
-    data: import_node_path.default.join(env2.XDG_DATA_HOME || import_node_path.default.join(homedir, ".local", "share"), name),
-    config: import_node_path.default.join(env2.XDG_CONFIG_HOME || import_node_path.default.join(homedir, ".config"), name),
-    cache: import_node_path.default.join(env2.XDG_CACHE_HOME || import_node_path.default.join(homedir, ".cache"), name),
-    // https://wiki.debian.org/XDGBaseDirectorySpecification#state
-    log: import_node_path.default.join(env2.XDG_STATE_HOME || import_node_path.default.join(homedir, ".local", "state"), name),
-    temp: import_node_path.default.join(tmpdir, username, name)
-  };
 };
-function envPaths(name, { suffix = "nodejs" } = {}) {
-  if (typeof name !== "string") {
-    throw new TypeError(`Expected a string, got ${typeof name}`);
-  }
-  if (suffix) {
-    name += `-${suffix}`;
-  }
-  if (import_node_process2.default.platform === "darwin") {
-    return macos(name);
+var TOTP = class _TOTP {
+  /**
+   * Default configuration.
+   * @type {{
+   *   issuer: string,
+   *   label: string,
+   *   issuerInLabel: boolean,
+   *   algorithm: string,
+   *   digits: number,
+   *   period: number
+   *   window: number
+   * }}
+   */
+  static get defaults() {
+    return {
+      issuer: "",
+      label: "OTPAuth",
+      issuerInLabel: true,
+      algorithm: "SHA1",
+      digits: 6,
+      period: 30,
+      window: 1
+    };
   }
-  if (import_node_process2.default.platform === "win32") {
-    return windows(name);
+  /**
+   * Creates a TOTP object.
+   * @param {Object} [config] Configuration options.
+   * @param {string} [config.issuer=''] Account provider.
+   * @param {string} [config.label='OTPAuth'] Account label.
+   * @param {boolean} [config.issuerInLabel=true] Include issuer prefix in label.
+   * @param {Secret|string} [config.secret=Secret] Secret key.
+   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
+   * @param {number} [config.digits=6] Token length.
+   * @param {number} [config.period=30] Token time-step duration.
+   */
+  constructor({
+    issuer = _TOTP.defaults.issuer,
+    label = _TOTP.defaults.label,
+    issuerInLabel = _TOTP.defaults.issuerInLabel,
+    secret = new Secret(),
+    algorithm = _TOTP.defaults.algorithm,
+    digits: digits2 = _TOTP.defaults.digits,
+    period = _TOTP.defaults.period
+  } = {}) {
+    this.issuer = issuer;
+    this.label = label;
+    this.issuerInLabel = issuerInLabel;
+    this.secret = typeof secret === "string" ? Secret.fromBase32(secret) : secret;
+    this.algorithm = algorithm.toUpperCase();
+    this.digits = digits2;
+    this.period = period;
   }
-  return linux(name);
-}
-// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/index.js
-var import_node_path3 = __toESM(require("node:path"), 1);
-// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/index.js
-var import_node_fs = __toESM(require("node:fs"), 1);
-var import_node_util = require("node:util");
-// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/attemptify.js
-var attemptifyAsync = (fn, onError) => {
-  return function attemptified(...args) {
-    return fn.apply(void 0, args).catch(onError);
-  };
-};
-var attemptifySync = (fn, onError) => {
-  return function attemptified(...args) {
-    try {
-      return fn.apply(void 0, args);
-    } catch (error) {
-      return onError(error);
-    }
-  };
-};
-// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/constants.js
-var import_node_process3 = __toESM(require("node:process"), 1);
-var IS_USER_ROOT = import_node_process3.default.getuid ? !import_node_process3.default.getuid() : false;
-var LIMIT_FILES_DESCRIPTORS = 1e4;
-var NOOP = () => void 0;
-// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/handlers.js
-var Handlers = {
-  /* API */
-  isChangeErrorOk: (error) => {
-    if (!Handlers.isNodeError(error))
-      return false;
-    const { code } = error;
-    if (code === "ENOSYS")
-      return true;
-    if (!IS_USER_ROOT && (code === "EINVAL" || code === "EPERM"))
-      return true;
-    return false;
-  },
-  isNodeError: (error) => {
-    return error instanceof Error;
-  },
-  isRetriableError: (error) => {
-    if (!Handlers.isNodeError(error))
-      return false;
-    const { code } = error;
-    if (code === "EMFILE" || code === "ENFILE" || code === "EAGAIN" || code === "EBUSY" || code === "EACCESS" || code === "EACCES" || code === "EACCS" || code === "EPERM")
-      return true;
-    return false;
-  },
-  onChangeError: (error) => {
-    if (!Handlers.isNodeError(error))
-      throw error;
-    if (Handlers.isChangeErrorOk(error))
-      return;
-    throw error;
+  /**
+   * Generates a TOTP token.
+   * @param {Object} config Configuration options.
+   * @param {Secret} config.secret Secret key.
+   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
+   * @param {number} [config.digits=6] Token length.
+   * @param {number} [config.period=30] Token time-step duration.
+   * @param {number} [config.timestamp=Date.now] Timestamp value in milliseconds.
+   * @returns {string} Token.
+   */
+  static generate({
+    secret,
+    algorithm,
+    digits: digits2,
+    period = _TOTP.defaults.period,
+    timestamp = Date.now()
+  }) {
+    return HOTP.generate({
+      secret,
+      algorithm,
+      digits: digits2,
+      counter: Math.floor(timestamp / 1e3 / period)
+    });
   }
-};
-var handlers_default = Handlers;
-// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/retryify_queue.js
-var RetryfyQueue = class {
-  constructor() {
-    this.interval = 25;
-    this.intervalId = void 0;
-    this.limit = LIMIT_FILES_DESCRIPTORS;
-    this.queueActive = /* @__PURE__ */ new Set();
-    this.queueWaiting = /* @__PURE__ */ new Set();
-    this.init = () => {
-      if (this.intervalId)
-        return;
-      this.intervalId = setInterval(this.tick, this.interval);
-    };
-    this.reset = () => {
-      if (!this.intervalId)
-        return;
-      clearInterval(this.intervalId);
-      delete this.intervalId;
-    };
-    this.add = (fn) => {
-      this.queueWaiting.add(fn);
-      if (this.queueActive.size < this.limit / 2) {
-        this.tick();
-      } else {
-        this.init();
-      }
-    };
-    this.remove = (fn) => {
-      this.queueWaiting.delete(fn);
-      this.queueActive.delete(fn);
-    };
-    this.schedule = () => {
-      return new Promise((resolve) => {
-        const cleanup = () => this.remove(resolver);
-        const resolver = () => resolve(cleanup);
-        this.add(resolver);
-      });
-    };
-    this.tick = () => {
-      if (this.queueActive.size >= this.limit)
-        return;
-      if (!this.queueWaiting.size)
-        return this.reset();
-      for (const fn of this.queueWaiting) {
-        if (this.queueActive.size >= this.limit)
-          break;
-        this.queueWaiting.delete(fn);
-        this.queueActive.add(fn);
-        fn();
-      }
-    };
+  /**
+   * Generates a TOTP token.
+   * @param {Object} [config] Configuration options.
+   * @param {number} [config.timestamp=Date.now] Timestamp value in milliseconds.
+   * @returns {string} Token.
+   */
+  generate({
+    timestamp = Date.now()
+  } = {}) {
+    return _TOTP.generate({
+      secret: this.secret,
+      algorithm: this.algorithm,
+      digits: this.digits,
+      period: this.period,
+      timestamp
+    });
   }
-};
-var retryify_queue_default = new RetryfyQueue();
-// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/retryify.js
-var retryifyAsync = (fn, isRetriableError) => {
-  return function retrified(timestamp) {
-    return function attempt(...args) {
-      return retryify_queue_default.schedule().then((cleanup) => {
-        const onResolve = (result) => {
-          cleanup();
-          return result;
-        };
-        const onReject = (error) => {
-          cleanup();
-          if (Date.now() >= timestamp)
-            throw error;
-          if (isRetriableError(error)) {
-            const delay = Math.round(100 * Math.random());
-            const delayPromise = new Promise((resolve) => setTimeout(resolve, delay));
-            return delayPromise.then(() => attempt.apply(void 0, args));
-          }
-          throw error;
-        };
-        return fn.apply(void 0, args).then(onResolve, onReject);
-      });
-    };
-  };
-};
-var retryifySync = (fn, isRetriableError) => {
-  return function retrified(timestamp) {
-    return function attempt(...args) {
-      try {
-        return fn.apply(void 0, args);
-      } catch (error) {
-        if (Date.now() > timestamp)
-          throw error;
-        if (isRetriableError(error))
-          return attempt.apply(void 0, args);
-        throw error;
-      }
-    };
-  };
-};
-// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/index.js
-var FS = {
-  attempt: {
-    /* ASYNC */
-    chmod: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.chmod), handlers_default.onChangeError),
-    chown: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.chown), handlers_default.onChangeError),
-    close: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.close), NOOP),
-    fsync: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.fsync), NOOP),
-    mkdir: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.mkdir), NOOP),
-    realpath: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.realpath), NOOP),
-    stat: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.stat), NOOP),
-    unlink: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.unlink), NOOP),
-    /* SYNC */
-    chmodSync: attemptifySync(import_node_fs.default.chmodSync, handlers_default.onChangeError),
-    chownSync: attemptifySync(import_node_fs.default.chownSync, handlers_default.onChangeError),
-    closeSync: attemptifySync(import_node_fs.default.closeSync, NOOP),
-    existsSync: attemptifySync(import_node_fs.default.existsSync, NOOP),
-    fsyncSync: attemptifySync(import_node_fs.default.fsync, NOOP),
-    mkdirSync: attemptifySync(import_node_fs.default.mkdirSync, NOOP),
-    realpathSync: attemptifySync(import_node_fs.default.realpathSync, NOOP),
-    statSync: attemptifySync(import_node_fs.default.statSync, NOOP),
-    unlinkSync: attemptifySync(import_node_fs.default.unlinkSync, NOOP)
-  },
-  retry: {
-    /* ASYNC */
-    close: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.close), handlers_default.isRetriableError),
-    fsync: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.fsync), handlers_default.isRetriableError),
-    open: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.open), handlers_default.isRetriableError),
-    readFile: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.readFile), handlers_default.isRetriableError),
-    rename: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.rename), handlers_default.isRetriableError),
-    stat: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.stat), handlers_default.isRetriableError),
-    write: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.write), handlers_default.isRetriableError),
-    writeFile: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.writeFile), handlers_default.isRetriableError),
-    /* SYNC */
-    closeSync: retryifySync(import_node_fs.default.closeSync, handlers_default.isRetriableError),
-    fsyncSync: retryifySync(import_node_fs.default.fsyncSync, handlers_default.isRetriableError),
-    openSync: retryifySync(import_node_fs.default.openSync, handlers_default.isRetriableError),
-    readFileSync: retryifySync(import_node_fs.default.readFileSync, handlers_default.isRetriableError),
-    renameSync: retryifySync(import_node_fs.default.renameSync, handlers_default.isRetriableError),
-    statSync: retryifySync(import_node_fs.default.statSync, handlers_default.isRetriableError),
-    writeSync: retryifySync(import_node_fs.default.writeSync, handlers_default.isRetriableError),
-    writeFileSync: retryifySync(import_node_fs.default.writeFileSync, handlers_default.isRetriableError)
+  /**
+   * Validates a TOTP token.
+   * @param {Object} config Configuration options.
+   * @param {string} config.token Token value.
+   * @param {Secret} config.secret Secret key.
+   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
+   * @param {number} config.digits Token length.
+   * @param {number} [config.period=30] Token time-step duration.
+   * @param {number} [config.timestamp=Date.now] Timestamp value in milliseconds.
+   * @param {number} [config.window=1] Window of counter values to test.
+   * @returns {number|null} Token delta or null if it is not found in the search window, in which case it should be considered invalid.
+   */
+  static validate({
+    token,
+    secret,
+    algorithm,
+    digits: digits2,
+    period = _TOTP.defaults.period,
+    timestamp = Date.now(),
+    window: window2
+  }) {
+    return HOTP.validate({
+      token,
+      secret,
+      algorithm,
+      digits: digits2,
+      counter: Math.floor(timestamp / 1e3 / period),
+      window: window2
+    });
   }
-};
-var dist_default = FS;
-// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/constants.js
-var import_node_os3 = __toESM(require("node:os"), 1);
-var import_node_process4 = __toESM(require("node:process"), 1);
-var DEFAULT_ENCODING = "utf8";
-var DEFAULT_FILE_MODE = 438;
-var DEFAULT_FOLDER_MODE = 511;
-var DEFAULT_WRITE_OPTIONS = {};
-var DEFAULT_USER_UID = import_node_os3.default.userInfo().uid;
-var DEFAULT_USER_GID = import_node_os3.default.userInfo().gid;
-var DEFAULT_TIMEOUT_SYNC = 1e3;
-var IS_POSIX = !!import_node_process4.default.getuid;
-var IS_USER_ROOT2 = import_node_process4.default.getuid ? !import_node_process4.default.getuid() : false;
-var LIMIT_BASENAME_LENGTH = 128;
-// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/utils/lang.js
-var isException = (value) => {
-  return value instanceof Error && "code" in value;
-};
-var isString = (value) => {
-  return typeof value === "string";
-};
-var isUndefined = (value) => {
-  return value === void 0;
-};
-// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/utils/temp.js
-var import_node_path2 = __toESM(require("node:path"), 1);
-// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/interceptor.js
-var import_node_process6 = __toESM(require("node:process"), 1);
-// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/constants.js
-var import_node_process5 = __toESM(require("node:process"), 1);
-var IS_LINUX = import_node_process5.default.platform === "linux";
-var IS_WINDOWS = import_node_process5.default.platform === "win32";
-// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/signals.js
-var Signals = ["SIGABRT", "SIGALRM", "SIGHUP", "SIGINT", "SIGTERM"];
-if (!IS_WINDOWS) {
-  Signals.push("SIGVTALRM", "SIGXCPU", "SIGXFSZ", "SIGUSR2", "SIGTRAP", "SIGSYS", "SIGQUIT", "SIGIOT");
-}
-if (IS_LINUX) {
-  Signals.push("SIGIO", "SIGPOLL", "SIGPWR", "SIGSTKFLT", "SIGUNUSED");
-}
-var signals_default = Signals;
+  /**
+   * Validates a TOTP token.
+   * @param {Object} config Configuration options.
+   * @param {string} config.token Token value.
+   * @param {number} [config.timestamp=Date.now] Timestamp value in milliseconds.
+   * @param {number} [config.window=1] Window of counter values to test.
+   * @returns {number|null} Token delta or null if it is not found in the search window, in which case it should be considered invalid.
+   */
+  validate({
+    token,
+    timestamp,
+    window: window2
+  }) {
+    return _TOTP.validate({
+      token,
+      secret: this.secret,
+      algorithm: this.algorithm,
+      digits: this.digits,
+      period: this.period,
+      timestamp,
+      window: window2
+    });
+  }
+  /**
+   * Returns a Google Authenticator key URI.
+   * @returns {string} URI.
+   */
+  toString() {
+    const e = encodeURIComponent;
+    return `otpauth://totp/${this.issuer.length > 0 ? this.issuerInLabel ? `${e(this.issuer)}:${e(this.label)}?issuer=${e(this.issuer)}&` : `${e(this.label)}?issuer=${e(this.issuer)}&` : `${e(this.label)}?`}secret=${e(this.secret.base32)}&algorithm=${e(this.algorithm)}&digits=${e(this.digits)}&period=${e(this.period)}`;
+  }
+};
-// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/interceptor.js
-var Interceptor = class {
-  /* CONSTRUCTOR */
-  constructor() {
-    this.callbacks = /* @__PURE__ */ new Set();
-    this.exited = false;
-    this.exit = (signal) => {
-      if (this.exited)
-        return;
-      this.exited = true;
-      for (const callback of this.callbacks) {
-        callback();
-      }
-      if (signal) {
-        if (IS_WINDOWS && (signal !== "SIGINT" && signal !== "SIGTERM" && signal !== "SIGKILL")) {
-          import_node_process6.default.kill(import_node_process6.default.pid, "SIGTERM");
-        } else {
-          import_node_process6.default.kill(import_node_process6.default.pid, signal);
-        }
-      }
-    };
-    this.hook = () => {
-      import_node_process6.default.once("exit", () => this.exit());
-      for (const signal of signals_default) {
-        import_node_process6.default.once(signal, () => this.exit(signal));
-      }
-    };
-    this.register = (callback) => {
-      this.callbacks.add(callback);
-      return () => {
-        this.callbacks.delete(callback);
-      };
+// packages/sdk/otp.js
+var OTP = class {
+  constructor(secret) {
+    const options = {
+      issuer: "Autho",
+      label: secret.name,
+      algorithm: "SHA1",
+      digits: 6,
+      period: 30,
+      secret: secret.value
     };
-    this.hook();
+    this.totp = new TOTP(options);
+  }
+  generate() {
+    return this.totp.generate();
+  }
+  validate(token, window2 = 1) {
+    return this.totp.validate({ token, window: window2 });
   }
 };
-var interceptor_default = new Interceptor();
-// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/index.js
-var whenExit = interceptor_default.register;
-var node_default = whenExit;
-// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/utils/temp.js
-var Temp = {
-  /* VARIABLES */
-  store: {},
-  /* API */
-  create: (filePath) => {
-    const randomness = `000000${Math.floor(Math.random() * 16777215).toString(16)}`.slice(-6);
-    const timestamp = Date.now().toString().slice(-10);
-    const prefix = "tmp-";
-    const suffix = `.${prefix}${timestamp}${randomness}`;
-    const tempPath = `${filePath}${suffix}`;
-    return tempPath;
-  },
-  get: (filePath, creator, purge = true) => {
-    const tempPath = Temp.truncate(creator(filePath));
-    if (tempPath in Temp.store)
-      return Temp.get(filePath, creator, purge);
-    Temp.store[tempPath] = purge;
-    const disposer = () => delete Temp.store[tempPath];
-    return [tempPath, disposer];
-  },
-  purge: (filePath) => {
-    if (!Temp.store[filePath])
-      return;
-    delete Temp.store[filePath];
-    dist_default.attempt.unlink(filePath);
-  },
-  purgeSync: (filePath) => {
-    if (!Temp.store[filePath])
-      return;
-    delete Temp.store[filePath];
-    dist_default.attempt.unlinkSync(filePath);
-  },
-  purgeSyncAll: () => {
-    for (const filePath in Temp.store) {
-      Temp.purgeSync(filePath);
+// packages/cli/utils.js
+var prompt2 = inquirer_default.prompt;
+var ask = async ({ name = "", message = "", type = "input" }) => {
+  const answers = await inquirer_default.prompt([
+    {
+      name,
+      message,
+      type
     }
-  },
-  truncate: (filePath) => {
-    const basename2 = import_node_path2.default.basename(filePath);
-    if (basename2.length <= LIMIT_BASENAME_LENGTH)
-      return filePath;
-    const truncable = /^(\.?)(.*?)((?:\.[^.]+)?(?:\.tmp-\d{10}[a-f0-9]{6})?)$/.exec(basename2);
-    if (!truncable)
-      return filePath;
-    const truncationLength = basename2.length - LIMIT_BASENAME_LENGTH;
-    return `${filePath.slice(0, -basename2.length)}${truncable[1]}${truncable[2].slice(0, -truncationLength)}${truncable[3]}`;
-  }
+  ]);
+  return answers[name];
+};
+var generateOTP = (secret) => {
+  const otp = new OTP(secret);
+  console.log("OTP code:", otp.generate());
 };
-node_default(Temp.purgeSyncAll);
-var temp_default = Temp;
-// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/index.js
-function writeFileSync(filePath, data, options = DEFAULT_WRITE_OPTIONS) {
-  if (isString(options))
-    return writeFileSync(filePath, data, { encoding: options });
-  const timeout = Date.now() + ((options.timeout ?? DEFAULT_TIMEOUT_SYNC) || -1);
-  let tempDisposer = null;
-  let tempPath = null;
-  let fd = null;
-  try {
-    const filePathReal = dist_default.attempt.realpathSync(filePath);
-    const filePathExists = !!filePathReal;
-    filePath = filePathReal || filePath;
-    [tempPath, tempDisposer] = temp_default.get(filePath, options.tmpCreate || temp_default.create, !(options.tmpPurge === false));
-    const useStatChown = IS_POSIX && isUndefined(options.chown);
-    const useStatMode = isUndefined(options.mode);
-    if (filePathExists && (useStatChown || useStatMode)) {
-      const stats = dist_default.attempt.statSync(filePath);
-      if (stats) {
-        options = { ...options };
-        if (useStatChown) {
-          options.chown = { uid: stats.uid, gid: stats.gid };
-        }
-        if (useStatMode) {
-          options.mode = stats.mode;
-        }
-      }
-    }
-    if (!filePathExists) {
-      const parentPath = import_node_path3.default.dirname(filePath);
-      dist_default.attempt.mkdirSync(parentPath, {
-        mode: DEFAULT_FOLDER_MODE,
-        recursive: true
-      });
-    }
-    fd = dist_default.retry.openSync(timeout)(tempPath, "w", options.mode || DEFAULT_FILE_MODE);
-    if (options.tmpCreated) {
-      options.tmpCreated(tempPath);
-    }
-    if (isString(data)) {
-      dist_default.retry.writeSync(timeout)(fd, data, 0, options.encoding || DEFAULT_ENCODING);
-    } else if (!isUndefined(data)) {
-      dist_default.retry.writeSync(timeout)(fd, data, 0, data.length, 0);
-    }
-    if (options.fsync !== false) {
-      if (options.fsyncWait !== false) {
-        dist_default.retry.fsyncSync(timeout)(fd);
-      } else {
-        dist_default.attempt.fsync(fd);
-      }
-    }
-    dist_default.retry.closeSync(timeout)(fd);
-    fd = null;
-    if (options.chown && (options.chown.uid !== DEFAULT_USER_UID || options.chown.gid !== DEFAULT_USER_GID)) {
-      dist_default.attempt.chownSync(tempPath, options.chown.uid, options.chown.gid);
-    }
-    if (options.mode && options.mode !== DEFAULT_FILE_MODE) {
-      dist_default.attempt.chmodSync(tempPath, options.mode);
-    }
-    try {
-      dist_default.retry.renameSync(timeout)(tempPath, filePath);
-    } catch (error) {
-      if (!isException(error))
-        throw error;
-      if (error.code !== "ENAMETOOLONG")
-        throw error;
-      dist_default.retry.renameSync(timeout)(tempPath, temp_default.truncate(filePath));
-    }
-    tempDisposer();
-    tempPath = null;
-  } finally {
-    if (fd)
-      dist_default.attempt.closeSync(fd);
-    if (tempPath)
-      temp_default.purge(tempPath);
-  }
-}
+// packages/models/Secret.js
+var import_joi = __toESM(require_lib6(), 1);
+var import_node_crypto = require("node:crypto");
+var createSecretSchema = import_joi.default.object({
+  id: import_joi.default.string().default((0, import_node_crypto.randomUUID)()),
+  protected: import_joi.default.boolean().default(false),
+  name: import_joi.default.string().required(),
+  type: import_joi.default.string().required().valid("otp", "password", "note"),
+  value: import_joi.default.string().required(),
+  typeOptions: import_joi.default.object().default({}),
+  createdAt: import_joi.default.date().default(/* @__PURE__ */ new Date())
+});
-// node_modules/.pnpm/conf@12.0.0/node_modules/conf/dist/source/index.js
-var import_ajv = __toESM(require_ajv(), 1);
-var import_ajv_formats = __toESM(require_dist(), 1);
+// packages/sdk/cipher.js
+var import_crypto = __toESM(require("crypto"), 1);
+var import_fs = __toESM(require("fs"), 1);
+var import_path = __toESM(require("path"), 1);
+var import_zlib = __toESM(require("zlib"), 1);
-// node_modules/.pnpm/mimic-fn@4.0.0/node_modules/mimic-fn/index.js
-var copyProperty = (to, from3, property, ignoreNonConfigurable) => {
-  if (property === "length" || property === "prototype") {
-    return;
+// packages/shared/config.js
+var import_dotenv = __toESM(require_main2(), 1);
+import_dotenv.default.config();
+var config_default = {
+  masterPasswordHash: process.env.AUTHO_MASTER_PASSWORD_HASH,
+  masterPassword: process.env.AUTHO_MASTER_PASSWORD,
+  randomSize: process.env.AUTHO_RANDOM_SIZE || 16,
+  encryptionALgo: process.env.AUTHO_ENCRYPTION_ALGO || "aes-256-gcm",
+  hashAlgo: process.env.AUTHO_HASH_ALGO || "sha256",
+  dataFolder: process.env.AUTHO_DATA_FOLDER,
+  name: process.env.AUTHO_COLLECTION_NAME || "default"
+};
+// packages/sdk/cipher.js
+var Cipher = class _Cipher {
+  static hash(text, algorithm = config_default.hashAlgo, encoding = "hex") {
+    const hash = import_crypto.default.createHash(algorithm);
+    hash.update(text);
+    return hash.digest(encoding);
   }
-  if (property === "arguments" || property === "caller") {
-    return;
+  static random(size = config_default.randomSize) {
+    const rnd = import_crypto.default.randomBytes(size);
+    return rnd;
   }
-  const toDescriptor = Object.getOwnPropertyDescriptor(to, property);
-  const fromDescriptor = Object.getOwnPropertyDescriptor(from3, property);
-  if (!canCopyProperty(toDescriptor, fromDescriptor) && ignoreNonConfigurable) {
-    return;
+  static randomString(encoding = "hex") {
+    const rnd = _Cipher.random().toString(encoding);
+    return rnd;
   }
-  Object.defineProperty(to, property, fromDescriptor);
-};
-var canCopyProperty = function(toDescriptor, fromDescriptor) {
-  return toDescriptor === void 0 || toDescriptor.configurable || toDescriptor.writable === fromDescriptor.writable && toDescriptor.enumerable === fromDescriptor.enumerable && toDescriptor.configurable === fromDescriptor.configurable && (toDescriptor.writable || toDescriptor.value === fromDescriptor.value);
-};
-var changePrototype = (to, from3) => {
-  const fromPrototype = Object.getPrototypeOf(from3);
-  if (fromPrototype === Object.getPrototypeOf(to)) {
-    return;
+  static sign(text) {
+    const hash = _Cipher.hash(text);
+    const signature = `${hash.substring(0, 10)}:${hash.substring(hash.length - 10)}`;
+    return signature;
   }
-  Object.setPrototypeOf(to, fromPrototype);
-};
-var wrappedToString = (withName, fromBody) => `/* Wrapped ${withName}*/
-${fromBody}`;
-var toStringDescriptor = Object.getOwnPropertyDescriptor(Function.prototype, "toString");
-var toStringName = Object.getOwnPropertyDescriptor(Function.prototype.toString, "name");
-var changeToString = (to, from3, name) => {
-  const withName = name === "" ? "" : `with ${name.trim()}() `;
-  const newToString = wrappedToString.bind(null, withName, from3.toString());
-  Object.defineProperty(newToString, "name", toStringName);
-  Object.defineProperty(to, "toString", { ...toStringDescriptor, value: newToString });
-};
-function mimicFunction(to, from3, { ignoreNonConfigurable = false } = {}) {
-  const { name } = to;
-  for (const property of Reflect.ownKeys(from3)) {
-    copyProperty(to, from3, property, ignoreNonConfigurable);
+  static verify(text, signature) {
+    const expectedSignature = _Cipher.sign(text);
+    return expectedSignature === signature;
   }
-  changePrototype(to, from3);
-  changeToString(to, from3, name);
-  return to;
-}
-// node_modules/.pnpm/debounce-fn@5.1.2/node_modules/debounce-fn/index.js
-var debounceFn = (inputFunction, options = {}) => {
-  if (typeof inputFunction !== "function") {
-    throw new TypeError(`Expected the first argument to be a function, got \`${typeof inputFunction}\``);
+  static encrypt({
+    value,
+    encryptionKey,
+    algorithm = config_default.encryptionALgo,
+    encoding = "hex"
+  }) {
+    const publicKey = _Cipher.randomString();
+    let cipher = import_crypto.default.createCipheriv(
+      algorithm,
+      Buffer.from(encryptionKey, encoding),
+      Buffer.from(publicKey, encoding),
+      { authTagLength: 16 }
+    );
+    let encrypted = cipher.update(value);
+    encrypted = Buffer.concat([encrypted, cipher.final()]);
+    encrypted = encrypted.toString(encoding);
+    const authTag = cipher.getAuthTag().toString(encoding);
+    return {
+      publicKey,
+      encrypted,
+      algorithm,
+      signature: _Cipher.sign(value),
+      encoding,
+      authTag,
+      provider: "crypto",
+      platform: "autho"
+    };
   }
-  const {
-    wait = 0,
-    maxWait = Number.POSITIVE_INFINITY,
-    before = false,
-    after = true
-  } = options;
-  if (!before && !after) {
-    throw new Error("Both `before` and `after` are false, function wouldn't be called.");
+  static decrypt({
+    value,
+    publicKey,
+    encryptionKey,
+    signature = false,
+    algorithm = config_default.encryptionALgo,
+    authTag,
+    encoding = "hex"
+  }) {
+    value = Buffer.from(value, encoding);
+    let decipher = import_crypto.default.createDecipheriv(
+      algorithm,
+      Buffer.from(encryptionKey, encoding),
+      Buffer.from(publicKey, encoding),
+      { authTagLength: 16 }
+    );
+    if (authTag) {
+      decipher.setAuthTag(Buffer.from(authTag, encoding));
+    }
+    let decrypted = decipher.update(value);
+    decrypted = Buffer.concat([decrypted, decipher.final()]);
+    decrypted = decrypted.toString();
+    if (signature && !_Cipher.verify(decrypted, signature)) {
+      throw new Error("Invalid signature");
+    }
+    return decrypted;
   }
-  let timeout;
-  let maxTimeout;
-  let result;
-  const debouncedFunction = function(...arguments_) {
-    const context = this;
-    const later = () => {
-      timeout = void 0;
-      if (maxTimeout) {
-        clearTimeout(maxTimeout);
-        maxTimeout = void 0;
-      }
-      if (after) {
-        result = inputFunction.apply(context, arguments_);
-      }
+  static canDecrypt(options) {
+    return options.platform === "autho";
+  }
+  static encryptFile(inputFilePath, outputFilePath, encryptionKey) {
+    const inputBuffer = import_fs.default.readFileSync(inputFilePath);
+    const params = {
+      value: inputBuffer,
+      encryptionKey
     };
-    const maxLater = () => {
-      maxTimeout = void 0;
-      if (timeout) {
-        clearTimeout(timeout);
-        timeout = void 0;
+    const encryptedData = _Cipher.encrypt(params);
+    import_fs.default.writeFileSync(
+      outputFilePath,
+      Buffer.from(JSON.stringify(encryptedData)).toString("base64")
+    );
+  }
+  static decryptFile(inputFilePath, outputFilePath, encryptionKey) {
+    const inputFileContent = import_fs.default.readFileSync(inputFilePath);
+    const decoded = Buffer.from(
+      inputFileContent.toString("utf-8"),
+      "base64"
+    ).toString("utf-8");
+    const encryptedData = JSON.parse(decoded);
+    if (!_Cipher.canDecrypt(encryptedData)) {
+      throw new Error("Invalid file");
+    }
+    const params = {
+      ...encryptedData,
+      value: encryptedData.encrypted,
+      encryptionKey
+    };
+    const decryptedData = _Cipher.decrypt(params);
+    import_fs.default.writeFileSync(outputFilePath, decryptedData);
+  }
+  static encryptFolder({ inputFolderPath, outputFilePath, encryptionKey, algorithm = config_default.encryptionALgo, encoding = "hex" }) {
+    const outputStream = import_fs.default.createWriteStream(outputFilePath);
+    const gzip = import_zlib.default.createGzip();
+    gzip.pipe(outputStream);
+    const baseFolder = import_path.default.basename(inputFolderPath);
+    function traverseFolder(folderPath) {
+      const items = import_fs.default.readdirSync(folderPath);
+      for (const item of items) {
+        const itemPath = import_path.default.join(baseFolder, import_path.default.relative(inputFolderPath, import_path.default.join(folderPath, item)));
+        if (import_fs.default.statSync(itemPath).isDirectory()) {
+          traverseFolder(itemPath);
+        } else {
+          const fileContent = import_fs.default.readFileSync(itemPath);
+          const params = {
+            value: fileContent,
+            encryptionKey,
+            algorithm,
+            encoding
+          };
+          const encryptedData = _Cipher.encrypt(params);
+          const encrypted = encryptedData.encrypted;
+          delete encryptedData.encrypted;
+          const encryptionMeta = Buffer.from(JSON.stringify(encryptedData)).toString("base64");
+          gzip.write(`${itemPath}
+---
+${encrypted}
+---
+${encryptionMeta}
+:::
+`);
+        }
       }
-      if (after) {
-        result = inputFunction.apply(context, arguments_);
+    }
+    traverseFolder(inputFolderPath);
+    gzip.end();
+    return new Promise((resolve, reject) => {
+      outputStream.on("finish", resolve);
+      outputStream.on("error", reject);
+    });
+  }
+  static decryptFolder({ inputFilePath, outputFolderPath, encryptionKey }) {
+    const inputStream = import_fs.default.createReadStream(inputFilePath);
+    const gunzip = import_zlib.default.createGunzip();
+    inputStream.pipe(gunzip);
+    let buff = "";
+    const compileFile = (data) => {
+      buff += data;
+      if (buff.includes(":::")) {
+        const [file, next] = buff.split("\n:::\n");
+        let [filePath, encrypted, encryptionMeta] = file.split("\n---\n");
+        filePath = import_path.default.join(outputFolderPath, filePath);
+        try {
+          import_fs.default.mkdirSync(import_path.default.dirname(filePath), { recursive: true });
+        } catch (error) {
+        }
+        const decoded = Buffer.from(
+          encryptionMeta,
+          "base64"
+        ).toString("utf-8");
+        const metaData = JSON.parse(decoded);
+        const params = {
+          ...metaData,
+          value: encrypted,
+          encryptionKey
+        };
+        const decryptedData = _Cipher.decrypt(params);
+        import_fs.default.writeFileSync(filePath, decryptedData);
+        buff = next;
       }
     };
-    const shouldCallNow = before && !timeout;
-    clearTimeout(timeout);
-    timeout = setTimeout(later, wait);
-    if (maxWait > 0 && maxWait !== Number.POSITIVE_INFINITY && !maxTimeout) {
-      maxTimeout = setTimeout(maxLater, maxWait);
-    }
-    if (shouldCallNow) {
-      result = inputFunction.apply(context, arguments_);
-    }
-    return result;
-  };
-  mimicFunction(debouncedFunction, inputFunction);
-  debouncedFunction.cancel = () => {
-    if (timeout) {
-      clearTimeout(timeout);
-      timeout = void 0;
-    }
-    if (maxTimeout) {
-      clearTimeout(maxTimeout);
-      maxTimeout = void 0;
-    }
-  };
-  return debouncedFunction;
+    gunzip.on("data", (data) => {
+      compileFile(data.toString("utf8"));
+    });
+    return new Promise((resolve, reject) => {
+      gunzip.on("end", resolve);
+      gunzip.on("error", reject);
+    });
+  }
 };
-var debounce_fn_default = debounceFn;
-// node_modules/.pnpm/conf@12.0.0/node_modules/conf/dist/source/index.js
-var import_semver = __toESM(require_semver2(), 1);
-// node_modules/.pnpm/uint8array-extras@0.3.0/node_modules/uint8array-extras/index.js
-var objectToString = Object.prototype.toString;
-function isUint8Array(value) {
-  return value && objectToString.call(value) === "[object Uint8Array]";
-}
-function assertUint8Array(value) {
-  if (!isUint8Array(value)) {
-    throw new TypeError(`Expected \`Uint8Array\`, got \`${typeof value}\``);
+// packages/sdk/secrets.js
+var Secrets = class {
+  constructor(db) {
+    this.db = db;
   }
-}
-function concatUint8Arrays(arrays, totalLength) {
-  if (arrays.length === 0) {
-    return new Uint8Array(0);
+  get secrets() {
+    return this.db.get("secrets", []);
   }
-  totalLength ??= arrays.reduce((accumulator, currentValue) => accumulator + currentValue.length, 0);
-  const returnValue = new Uint8Array(totalLength);
-  let offset = 0;
-  for (const array of arrays) {
-    assertUint8Array(array);
-    returnValue.set(array, offset);
-    offset += array.length;
+  set secrets(value) {
+    this.db.set("secrets", value);
   }
-  return returnValue;
-}
-function uint8ArrayToString(array) {
-  assertUint8Array(array);
-  return new globalThis.TextDecoder().decode(array);
-}
-function assertString(value) {
-  if (typeof value !== "string") {
-    throw new TypeError(`Expected \`string\`, got \`${typeof value}\``);
+  async get(id) {
+    return this.secrets.find((secret) => secret.id == id);
   }
-}
-function stringToUint8Array(string) {
-  assertString(string);
-  return new globalThis.TextEncoder().encode(string);
-}
-var byteToHexLookupTable = Array.from({ length: 256 }, (_3, index) => index.toString(16).padStart(2, "0"));
+  async add(secret, encryptionKey) {
+    const { value, error } = createSecretSchema.validate(secret);
+    if (error) {
+      throw new Error(error);
+    }
+    const { encrypted, ...encryption } = Cipher.encrypt({
+      ...value,
+      encryptionKey
+    });
+    const newSecret = { ...value, ...encryption, value: encrypted };
+    this.secrets = [
+      ...this.secrets,
+      newSecret
+    ];
+    return newSecret;
+  }
+  async remove(id) {
+    this.secrets = this.secrets.filter((secret) => secret.id != id);
+  }
+  async clear() {
+    this.secrets = [];
+  }
+};
 // node_modules/.pnpm/conf@12.0.0/node_modules/conf/dist/source/index.js
-var Ajv = import_ajv.default.default;
-var ajvFormats = import_ajv_formats.default.default;
-var encryptionAlgorithm = "aes-256-cbc";
-var createPlainObject = () => /* @__PURE__ */ Object.create(null);
-var isExist = (data) => data !== void 0 && data !== null;
-var checkValueType = (key, value) => {
-  const nonJsonTypes = /* @__PURE__ */ new Set([
-    "undefined",
-    "symbol",
-    "function"
-  ]);
+var import_node_util2 = require("node:util");
+var import_node_process7 = __toESM(require("node:process"), 1);
+var import_node_fs2 = __toESM(require("node:fs"), 1);
+var import_node_path4 = __toESM(require("node:path"), 1);
+var import_node_crypto2 = __toESM(require("node:crypto"), 1);
+var import_node_assert2 = __toESM(require("node:assert"), 1);
+// node_modules/.pnpm/dot-prop@8.0.2/node_modules/dot-prop/index.js
+var isObject = (value) => {
   const type = typeof value;
-  if (nonJsonTypes.has(type)) {
-    throw new TypeError(`Setting a value of type \`${type}\` for key \`${key}\` is not allowed as it's not supported by JSON`);
-  }
+  return value !== null && (type === "object" || type === "function");
 };
-var INTERNAL_KEY = "__internal__";
-var MIGRATION_KEY = `${INTERNAL_KEY}.migrations.version`;
-var Conf = class {
-  path;
-  events;
-  #validator;
-  #encryptionKey;
-  #options;
-  #defaultValues = {};
-  constructor(partialOptions = {}) {
-    const options = {
-      configName: "config",
-      fileExtension: "json",
-      projectSuffix: "nodejs",
-      clearInvalidConfig: false,
-      accessPropertiesByDotNotation: true,
-      configFileMode: 438,
-      ...partialOptions
-    };
-    if (!options.cwd) {
-      if (!options.projectName) {
-        throw new Error("Please specify the `projectName` option.");
+var disallowedKeys = /* @__PURE__ */ new Set([
+  "__proto__",
+  "prototype",
+  "constructor"
+]);
+var digits = new Set("0123456789");
+function getPathSegments(path5) {
+  const parts = [];
+  let currentSegment = "";
+  let currentPart = "start";
+  let isIgnoring = false;
+  for (const character of path5) {
+    switch (character) {
+      case "\\": {
+        if (currentPart === "index") {
+          throw new Error("Invalid character in an index");
+        }
+        if (currentPart === "indexEnd") {
+          throw new Error("Invalid character after an index");
+        }
+        if (isIgnoring) {
+          currentSegment += character;
+        }
+        currentPart = "property";
+        isIgnoring = !isIgnoring;
+        break;
       }
-      options.cwd = envPaths(options.projectName, { suffix: options.projectSuffix }).config;
-    }
-    this.#options = options;
-    if (options.schema) {
-      if (typeof options.schema !== "object") {
-        throw new TypeError("The `schema` option must be an object.");
+      case ".": {
+        if (currentPart === "index") {
+          throw new Error("Invalid character in an index");
+        }
+        if (currentPart === "indexEnd") {
+          currentPart = "property";
+          break;
+        }
+        if (isIgnoring) {
+          isIgnoring = false;
+          currentSegment += character;
+          break;
+        }
+        if (disallowedKeys.has(currentSegment)) {
+          return [];
+        }
+        parts.push(currentSegment);
+        currentSegment = "";
+        currentPart = "property";
+        break;
       }
-      const ajv = new Ajv({
-        allErrors: true,
-        useDefaults: true
-      });
-      ajvFormats(ajv);
-      const schema = {
-        type: "object",
-        properties: options.schema
-      };
-      this.#validator = ajv.compile(schema);
-      for (const [key, value] of Object.entries(options.schema)) {
-        if (value?.default) {
-          this.#defaultValues[key] = value.default;
+      case "[": {
+        if (currentPart === "index") {
+          throw new Error("Invalid character in an index");
+        }
+        if (currentPart === "indexEnd") {
+          currentPart = "index";
+          break;
         }
+        if (isIgnoring) {
+          isIgnoring = false;
+          currentSegment += character;
+          break;
+        }
+        if (currentPart === "property") {
+          if (disallowedKeys.has(currentSegment)) {
+            return [];
+          }
+          parts.push(currentSegment);
+          currentSegment = "";
+        }
+        currentPart = "index";
+        break;
       }
-    }
-    if (options.defaults) {
-      this.#defaultValues = {
-        ...this.#defaultValues,
-        ...options.defaults
-      };
-    }
-    if (options.serialize) {
-      this._serialize = options.serialize;
-    }
-    if (options.deserialize) {
-      this._deserialize = options.deserialize;
-    }
-    this.events = new EventTarget();
-    this.#encryptionKey = options.encryptionKey;
-    const fileExtension = options.fileExtension ? `.${options.fileExtension}` : "";
-    this.path = import_node_path4.default.resolve(options.cwd, `${options.configName ?? "config"}${fileExtension}`);
-    const fileStore = this.store;
-    const store = Object.assign(createPlainObject(), options.defaults, fileStore);
-    this._validate(store);
-    try {
-      import_node_assert2.default.deepEqual(fileStore, store);
-    } catch {
-      this.store = store;
-    }
-    if (options.watch) {
-      this._watch();
-    }
-    if (options.migrations) {
-      if (!options.projectVersion) {
-        throw new Error("Please specify the `projectVersion` option.");
+      case "]": {
+        if (currentPart === "index") {
+          parts.push(Number.parseInt(currentSegment, 10));
+          currentSegment = "";
+          currentPart = "indexEnd";
+          break;
+        }
+        if (currentPart === "indexEnd") {
+          throw new Error("Invalid character after an index");
+        }
+      }
+      default: {
+        if (currentPart === "index" && !digits.has(character)) {
+          throw new Error("Invalid character in an index");
+        }
+        if (currentPart === "indexEnd") {
+          throw new Error("Invalid character after an index");
+        }
+        if (currentPart === "start") {
+          currentPart = "property";
+        }
+        if (isIgnoring) {
+          isIgnoring = false;
+          currentSegment += "\\";
+        }
+        currentSegment += character;
       }
-      this._migrate(options.migrations, options.projectVersion, options.beforeEachMigration);
     }
   }
-  get(key, defaultValue) {
-    if (this.#options.accessPropertiesByDotNotation) {
-      return this._get(key, defaultValue);
-    }
-    const { store } = this;
-    return key in store ? store[key] : defaultValue;
+  if (isIgnoring) {
+    currentSegment += "\\";
   }
-  set(key, value) {
-    if (typeof key !== "string" && typeof key !== "object") {
-      throw new TypeError(`Expected \`key\` to be of type \`string\` or \`object\`, got ${typeof key}`);
-    }
-    if (typeof key !== "object" && value === void 0) {
-      throw new TypeError("Use `delete()` to clear values");
+  switch (currentPart) {
+    case "property": {
+      if (disallowedKeys.has(currentSegment)) {
+        return [];
+      }
+      parts.push(currentSegment);
+      break;
     }
-    if (this._containsReservedKey(key)) {
-      throw new TypeError(`Please don't use the ${INTERNAL_KEY} key, as it's used to manage this module internal operations.`);
+    case "index": {
+      throw new Error("Index was not closed");
     }
-    const { store } = this;
-    const set2 = (key2, value2) => {
-      checkValueType(key2, value2);
-      if (this.#options.accessPropertiesByDotNotation) {
-        setProperty(store, key2, value2);
-      } else {
-        store[key2] = value2;
-      }
-    };
-    if (typeof key === "object") {
-      const object = key;
-      for (const [key2, value2] of Object.entries(object)) {
-        set2(key2, value2);
-      }
-    } else {
-      set2(key, value);
+    case "start": {
+      parts.push("");
+      break;
     }
-    this.store = store;
   }
-  /**
-      Check if an item exists.
-      @param key - The key of the item to check.
-      */
-  has(key) {
-    if (this.#options.accessPropertiesByDotNotation) {
-      return hasProperty(this.store, key);
-    }
-    return key in this.store;
+  return parts;
+}
+function isStringIndex(object, key) {
+  if (typeof key !== "number" && Array.isArray(object)) {
+    const index = Number.parseInt(key, 10);
+    return Number.isInteger(index) && object[index] === object[key];
   }
-  /**
-      Reset items to their default values, as defined by the `defaults` or `schema` option.
-      @see `clear()` to reset all items.
-      @param keys - The keys of the items to reset.
-      */
-  reset(...keys) {
-    for (const key of keys) {
-      if (isExist(this.#defaultValues[key])) {
-        this.set(key, this.#defaultValues[key]);
-      }
-    }
+  return false;
+}
+function assertNotStringIndex(object, key) {
+  if (isStringIndex(object, key)) {
+    throw new Error("Cannot use string index");
   }
-  delete(key) {
-    const { store } = this;
-    if (this.#options.accessPropertiesByDotNotation) {
-      deleteProperty(store, key);
+}
+function getProperty(object, path5, value) {
+  if (!isObject(object) || typeof path5 !== "string") {
+    return value === void 0 ? object : value;
+  }
+  const pathArray = getPathSegments(path5);
+  if (pathArray.length === 0) {
+    return value;
+  }
+  for (let index = 0; index < pathArray.length; index++) {
+    const key = pathArray[index];
+    if (isStringIndex(object, key)) {
+      object = index === pathArray.length - 1 ? void 0 : null;
     } else {
-      delete store[key];
+      object = object[key];
+    }
+    if (object === void 0 || object === null) {
+      if (index !== pathArray.length - 1) {
+        return value;
+      }
+      break;
     }
-    this.store = store;
   }
-  /**
-      Delete all items.
-      This resets known items to their default values, if defined by the `defaults` or `schema` option.
-      */
-  clear() {
-    this.store = createPlainObject();
-    for (const key of Object.keys(this.#defaultValues)) {
-      this.reset(key);
+  return object === void 0 ? value : object;
+}
+function setProperty(object, path5, value) {
+  if (!isObject(object) || typeof path5 !== "string") {
+    return object;
+  }
+  const root = object;
+  const pathArray = getPathSegments(path5);
+  for (let index = 0; index < pathArray.length; index++) {
+    const key = pathArray[index];
+    assertNotStringIndex(object, key);
+    if (index === pathArray.length - 1) {
+      object[key] = value;
+    } else if (!isObject(object[key])) {
+      object[key] = typeof pathArray[index + 1] === "number" ? [] : {};
     }
+    object = object[key];
   }
-  /**
-      Watches the given `key`, calling `callback` on any changes.
-      @param key - The key wo watch.
-      @param callback - A callback function that is called on any changes. When a `key` is first set `oldValue` will be `undefined`, and when a key is deleted `newValue` will be `undefined`.
-      @returns A function, that when called, will unsubscribe.
-      */
-  onDidChange(key, callback) {
-    if (typeof key !== "string") {
-      throw new TypeError(`Expected \`key\` to be of type \`string\`, got ${typeof key}`);
+  return root;
+}
+function deleteProperty(object, path5) {
+  if (!isObject(object) || typeof path5 !== "string") {
+    return false;
+  }
+  const pathArray = getPathSegments(path5);
+  for (let index = 0; index < pathArray.length; index++) {
+    const key = pathArray[index];
+    assertNotStringIndex(object, key);
+    if (index === pathArray.length - 1) {
+      delete object[key];
+      return true;
     }
-    if (typeof callback !== "function") {
-      throw new TypeError(`Expected \`callback\` to be of type \`function\`, got ${typeof callback}`);
+    object = object[key];
+    if (!isObject(object)) {
+      return false;
     }
-    return this._handleChange(() => this.get(key), callback);
   }
-  /**
-      Watches the whole config object, calling `callback` on any changes.
-      @param callback - A callback function that is called on any changes. When a `key` is first set `oldValue` will be `undefined`, and when a key is deleted `newValue` will be `undefined`.
-      @returns A function, that when called, will unsubscribe.
-      */
-  onDidAnyChange(callback) {
-    if (typeof callback !== "function") {
-      throw new TypeError(`Expected \`callback\` to be of type \`function\`, got ${typeof callback}`);
-    }
-    return this._handleChange(() => this.store, callback);
+}
+function hasProperty(object, path5) {
+  if (!isObject(object) || typeof path5 !== "string") {
+    return false;
   }
-  get size() {
-    return Object.keys(this.store).length;
+  const pathArray = getPathSegments(path5);
+  if (pathArray.length === 0) {
+    return false;
   }
-  get store() {
-    try {
-      const data = import_node_fs2.default.readFileSync(this.path, this.#encryptionKey ? null : "utf8");
-      const dataString = this._encryptData(data);
-      const deserializedData = this._deserialize(dataString);
-      this._validate(deserializedData);
-      return Object.assign(createPlainObject(), deserializedData);
-    } catch (error) {
-      if (error?.code === "ENOENT") {
-        this._ensureDirectory();
-        return createPlainObject();
-      }
-      if (this.#options.clearInvalidConfig && error.name === "SyntaxError") {
-        return createPlainObject();
-      }
-      throw error;
+  for (const key of pathArray) {
+    if (!isObject(object) || !(key in object) || isStringIndex(object, key)) {
+      return false;
     }
+    object = object[key];
+  }
+  return true;
+}
+// node_modules/.pnpm/env-paths@3.0.0/node_modules/env-paths/index.js
+var import_node_path = __toESM(require("node:path"), 1);
+var import_node_os2 = __toESM(require("node:os"), 1);
+var import_node_process2 = __toESM(require("node:process"), 1);
+var homedir = import_node_os2.default.homedir();
+var tmpdir = import_node_os2.default.tmpdir();
+var { env: env2 } = import_node_process2.default;
+var macos = (name) => {
+  const library = import_node_path.default.join(homedir, "Library");
+  return {
+    data: import_node_path.default.join(library, "Application Support", name),
+    config: import_node_path.default.join(library, "Preferences", name),
+    cache: import_node_path.default.join(library, "Caches", name),
+    log: import_node_path.default.join(library, "Logs", name),
+    temp: import_node_path.default.join(tmpdir, name)
+  };
+};
+var windows = (name) => {
+  const appData = env2.APPDATA || import_node_path.default.join(homedir, "AppData", "Roaming");
+  const localAppData = env2.LOCALAPPDATA || import_node_path.default.join(homedir, "AppData", "Local");
+  return {
+    // Data/config/cache/log are invented by me as Windows isn't opinionated about this
+    data: import_node_path.default.join(localAppData, name, "Data"),
+    config: import_node_path.default.join(appData, name, "Config"),
+    cache: import_node_path.default.join(localAppData, name, "Cache"),
+    log: import_node_path.default.join(localAppData, name, "Log"),
+    temp: import_node_path.default.join(tmpdir, name)
+  };
+};
+var linux = (name) => {
+  const username = import_node_path.default.basename(homedir);
+  return {
+    data: import_node_path.default.join(env2.XDG_DATA_HOME || import_node_path.default.join(homedir, ".local", "share"), name),
+    config: import_node_path.default.join(env2.XDG_CONFIG_HOME || import_node_path.default.join(homedir, ".config"), name),
+    cache: import_node_path.default.join(env2.XDG_CACHE_HOME || import_node_path.default.join(homedir, ".cache"), name),
+    // https://wiki.debian.org/XDGBaseDirectorySpecification#state
+    log: import_node_path.default.join(env2.XDG_STATE_HOME || import_node_path.default.join(homedir, ".local", "state"), name),
+    temp: import_node_path.default.join(tmpdir, username, name)
+  };
+};
+function envPaths(name, { suffix = "nodejs" } = {}) {
+  if (typeof name !== "string") {
+    throw new TypeError(`Expected a string, got ${typeof name}`);
+  }
+  if (suffix) {
+    name += `-${suffix}`;
   }
-  set store(value) {
-    this._ensureDirectory();
-    this._validate(value);
-    this._write(value);
-    this.events.dispatchEvent(new Event("change"));
+  if (import_node_process2.default.platform === "darwin") {
+    return macos(name);
   }
-  *[Symbol.iterator]() {
-    for (const [key, value] of Object.entries(this.store)) {
-      yield [key, value];
-    }
+  if (import_node_process2.default.platform === "win32") {
+    return windows(name);
   }
-  _encryptData(data) {
-    if (!this.#encryptionKey) {
-      return typeof data === "string" ? data : uint8ArrayToString(data);
-    }
+  return linux(name);
+}
+// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/index.js
+var import_node_path3 = __toESM(require("node:path"), 1);
+// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/index.js
+var import_node_fs = __toESM(require("node:fs"), 1);
+var import_node_util = require("node:util");
+// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/attemptify.js
+var attemptifyAsync = (fn, onError) => {
+  return function attemptified(...args) {
+    return fn.apply(void 0, args).catch(onError);
+  };
+};
+var attemptifySync = (fn, onError) => {
+  return function attemptified(...args) {
     try {
-      const initializationVector = data.slice(0, 16);
-      const password = import_node_crypto2.default.pbkdf2Sync(this.#encryptionKey, initializationVector.toString(), 1e4, 32, "sha512");
-      const decipher = import_node_crypto2.default.createDecipheriv(encryptionAlgorithm, password, initializationVector);
-      const slice = data.slice(17);
-      const dataUpdate = typeof slice === "string" ? stringToUint8Array(slice) : slice;
-      return uint8ArrayToString(concatUint8Arrays([decipher.update(dataUpdate), decipher.final()]));
-    } catch {
+      return fn.apply(void 0, args);
+    } catch (error) {
+      return onError(error);
     }
-    return data.toString();
+  };
+};
+// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/constants.js
+var import_node_process3 = __toESM(require("node:process"), 1);
+var IS_USER_ROOT = import_node_process3.default.getuid ? !import_node_process3.default.getuid() : false;
+var LIMIT_FILES_DESCRIPTORS = 1e4;
+var NOOP = () => void 0;
+// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/handlers.js
+var Handlers = {
+  /* API */
+  isChangeErrorOk: (error) => {
+    if (!Handlers.isNodeError(error))
+      return false;
+    const { code } = error;
+    if (code === "ENOSYS")
+      return true;
+    if (!IS_USER_ROOT && (code === "EINVAL" || code === "EPERM"))
+      return true;
+    return false;
+  },
+  isNodeError: (error) => {
+    return error instanceof Error;
+  },
+  isRetriableError: (error) => {
+    if (!Handlers.isNodeError(error))
+      return false;
+    const { code } = error;
+    if (code === "EMFILE" || code === "ENFILE" || code === "EAGAIN" || code === "EBUSY" || code === "EACCESS" || code === "EACCES" || code === "EACCS" || code === "EPERM")
+      return true;
+    return false;
+  },
+  onChangeError: (error) => {
+    if (!Handlers.isNodeError(error))
+      throw error;
+    if (Handlers.isChangeErrorOk(error))
+      return;
+    throw error;
   }
-  _handleChange(getter, callback) {
-    let currentValue = getter();
-    const onChange = () => {
-      const oldValue = currentValue;
-      const newValue = getter();
-      if ((0, import_node_util2.isDeepStrictEqual)(newValue, oldValue)) {
+};
+var handlers_default = Handlers;
+// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/retryify_queue.js
+var RetryfyQueue = class {
+  constructor() {
+    this.interval = 25;
+    this.intervalId = void 0;
+    this.limit = LIMIT_FILES_DESCRIPTORS;
+    this.queueActive = /* @__PURE__ */ new Set();
+    this.queueWaiting = /* @__PURE__ */ new Set();
+    this.init = () => {
+      if (this.intervalId)
+        return;
+      this.intervalId = setInterval(this.tick, this.interval);
+    };
+    this.reset = () => {
+      if (!this.intervalId)
         return;
+      clearInterval(this.intervalId);
+      delete this.intervalId;
+    };
+    this.add = (fn) => {
+      this.queueWaiting.add(fn);
+      if (this.queueActive.size < this.limit / 2) {
+        this.tick();
+      } else {
+        this.init();
       }
-      currentValue = newValue;
-      callback.call(this, newValue, oldValue);
     };
-    this.events.addEventListener("change", onChange);
-    return () => {
-      this.events.removeEventListener("change", onChange);
+    this.remove = (fn) => {
+      this.queueWaiting.delete(fn);
+      this.queueActive.delete(fn);
+    };
+    this.schedule = () => {
+      return new Promise((resolve) => {
+        const cleanup = () => this.remove(resolver);
+        const resolver = () => resolve(cleanup);
+        this.add(resolver);
+      });
+    };
+    this.tick = () => {
+      if (this.queueActive.size >= this.limit)
+        return;
+      if (!this.queueWaiting.size)
+        return this.reset();
+      for (const fn of this.queueWaiting) {
+        if (this.queueActive.size >= this.limit)
+          break;
+        this.queueWaiting.delete(fn);
+        this.queueActive.add(fn);
+        fn();
+      }
     };
   }
-  _deserialize = (value) => JSON.parse(value);
-  _serialize = (value) => JSON.stringify(value, void 0, "	");
-  _validate(data) {
-    if (!this.#validator) {
-      return;
-    }
-    const valid = this.#validator(data);
-    if (valid || !this.#validator.errors) {
-      return;
-    }
-    const errors = this.#validator.errors.map(({ instancePath, message = "" }) => `\`${instancePath.slice(1)}\` ${message}`);
-    throw new Error("Config schema violation: " + errors.join("; "));
-  }
-  _ensureDirectory() {
-    import_node_fs2.default.mkdirSync(import_node_path4.default.dirname(this.path), { recursive: true });
-  }
-  _write(value) {
-    let data = this._serialize(value);
-    if (this.#encryptionKey) {
-      const initializationVector = import_node_crypto2.default.randomBytes(16);
-      const password = import_node_crypto2.default.pbkdf2Sync(this.#encryptionKey, initializationVector.toString(), 1e4, 32, "sha512");
-      const cipher = import_node_crypto2.default.createCipheriv(encryptionAlgorithm, password, initializationVector);
-      data = concatUint8Arrays([initializationVector, stringToUint8Array(":"), cipher.update(stringToUint8Array(data)), cipher.final()]);
-    }
-    if (import_node_process7.default.env.SNAP) {
-      import_node_fs2.default.writeFileSync(this.path, data, { mode: this.#options.configFileMode });
-    } else {
+};
+var retryify_queue_default = new RetryfyQueue();
+// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/retryify.js
+var retryifyAsync = (fn, isRetriableError) => {
+  return function retrified(timestamp) {
+    return function attempt(...args) {
+      return retryify_queue_default.schedule().then((cleanup) => {
+        const onResolve = (result) => {
+          cleanup();
+          return result;
+        };
+        const onReject = (error) => {
+          cleanup();
+          if (Date.now() >= timestamp)
+            throw error;
+          if (isRetriableError(error)) {
+            const delay = Math.round(100 * Math.random());
+            const delayPromise = new Promise((resolve) => setTimeout(resolve, delay));
+            return delayPromise.then(() => attempt.apply(void 0, args));
+          }
+          throw error;
+        };
+        return fn.apply(void 0, args).then(onResolve, onReject);
+      });
+    };
+  };
+};
+var retryifySync = (fn, isRetriableError) => {
+  return function retrified(timestamp) {
+    return function attempt(...args) {
       try {
-        writeFileSync(this.path, data, { mode: this.#options.configFileMode });
+        return fn.apply(void 0, args);
       } catch (error) {
-        if (error?.code === "EXDEV") {
-          import_node_fs2.default.writeFileSync(this.path, data, { mode: this.#options.configFileMode });
-          return;
-        }
+        if (Date.now() > timestamp)
+          throw error;
+        if (isRetriableError(error))
+          return attempt.apply(void 0, args);
         throw error;
       }
-    }
-  }
-  _watch() {
-    this._ensureDirectory();
-    if (!import_node_fs2.default.existsSync(this.path)) {
-      this._write(createPlainObject());
-    }
-    if (import_node_process7.default.platform === "win32") {
-      import_node_fs2.default.watch(this.path, { persistent: false }, debounce_fn_default(() => {
-        this.events.dispatchEvent(new Event("change"));
-      }, { wait: 100 }));
-    } else {
-      import_node_fs2.default.watchFile(this.path, { persistent: false }, debounce_fn_default(() => {
-        this.events.dispatchEvent(new Event("change"));
-      }, { wait: 5e3 }));
-    }
+    };
+  };
+};
+// node_modules/.pnpm/stubborn-fs@1.2.5/node_modules/stubborn-fs/dist/index.js
+var FS = {
+  attempt: {
+    /* ASYNC */
+    chmod: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.chmod), handlers_default.onChangeError),
+    chown: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.chown), handlers_default.onChangeError),
+    close: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.close), NOOP),
+    fsync: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.fsync), NOOP),
+    mkdir: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.mkdir), NOOP),
+    realpath: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.realpath), NOOP),
+    stat: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.stat), NOOP),
+    unlink: attemptifyAsync((0, import_node_util.promisify)(import_node_fs.default.unlink), NOOP),
+    /* SYNC */
+    chmodSync: attemptifySync(import_node_fs.default.chmodSync, handlers_default.onChangeError),
+    chownSync: attemptifySync(import_node_fs.default.chownSync, handlers_default.onChangeError),
+    closeSync: attemptifySync(import_node_fs.default.closeSync, NOOP),
+    existsSync: attemptifySync(import_node_fs.default.existsSync, NOOP),
+    fsyncSync: attemptifySync(import_node_fs.default.fsync, NOOP),
+    mkdirSync: attemptifySync(import_node_fs.default.mkdirSync, NOOP),
+    realpathSync: attemptifySync(import_node_fs.default.realpathSync, NOOP),
+    statSync: attemptifySync(import_node_fs.default.statSync, NOOP),
+    unlinkSync: attemptifySync(import_node_fs.default.unlinkSync, NOOP)
+  },
+  retry: {
+    /* ASYNC */
+    close: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.close), handlers_default.isRetriableError),
+    fsync: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.fsync), handlers_default.isRetriableError),
+    open: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.open), handlers_default.isRetriableError),
+    readFile: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.readFile), handlers_default.isRetriableError),
+    rename: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.rename), handlers_default.isRetriableError),
+    stat: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.stat), handlers_default.isRetriableError),
+    write: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.write), handlers_default.isRetriableError),
+    writeFile: retryifyAsync((0, import_node_util.promisify)(import_node_fs.default.writeFile), handlers_default.isRetriableError),
+    /* SYNC */
+    closeSync: retryifySync(import_node_fs.default.closeSync, handlers_default.isRetriableError),
+    fsyncSync: retryifySync(import_node_fs.default.fsyncSync, handlers_default.isRetriableError),
+    openSync: retryifySync(import_node_fs.default.openSync, handlers_default.isRetriableError),
+    readFileSync: retryifySync(import_node_fs.default.readFileSync, handlers_default.isRetriableError),
+    renameSync: retryifySync(import_node_fs.default.renameSync, handlers_default.isRetriableError),
+    statSync: retryifySync(import_node_fs.default.statSync, handlers_default.isRetriableError),
+    writeSync: retryifySync(import_node_fs.default.writeSync, handlers_default.isRetriableError),
+    writeFileSync: retryifySync(import_node_fs.default.writeFileSync, handlers_default.isRetriableError)
   }
-  _migrate(migrations, versionToMigrate, beforeEachMigration) {
-    let previousMigratedVersion = this._get(MIGRATION_KEY, "0.0.0");
-    const newerVersions = Object.keys(migrations).filter((candidateVersion) => this._shouldPerformMigration(candidateVersion, previousMigratedVersion, versionToMigrate));
-    let storeBackup = { ...this.store };
-    for (const version of newerVersions) {
-      try {
-        if (beforeEachMigration) {
-          beforeEachMigration(this, {
-            fromVersion: previousMigratedVersion,
-            toVersion: version,
-            finalVersion: versionToMigrate,
-            versions: newerVersions
-          });
+};
+var dist_default = FS;
+// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/constants.js
+var import_node_os3 = __toESM(require("node:os"), 1);
+var import_node_process4 = __toESM(require("node:process"), 1);
+var DEFAULT_ENCODING = "utf8";
+var DEFAULT_FILE_MODE = 438;
+var DEFAULT_FOLDER_MODE = 511;
+var DEFAULT_WRITE_OPTIONS = {};
+var DEFAULT_USER_UID = import_node_os3.default.userInfo().uid;
+var DEFAULT_USER_GID = import_node_os3.default.userInfo().gid;
+var DEFAULT_TIMEOUT_SYNC = 1e3;
+var IS_POSIX = !!import_node_process4.default.getuid;
+var IS_USER_ROOT2 = import_node_process4.default.getuid ? !import_node_process4.default.getuid() : false;
+var LIMIT_BASENAME_LENGTH = 128;
+// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/utils/lang.js
+var isException = (value) => {
+  return value instanceof Error && "code" in value;
+};
+var isString = (value) => {
+  return typeof value === "string";
+};
+var isUndefined = (value) => {
+  return value === void 0;
+};
+// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/utils/temp.js
+var import_node_path2 = __toESM(require("node:path"), 1);
+// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/interceptor.js
+var import_node_process6 = __toESM(require("node:process"), 1);
+// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/constants.js
+var import_node_process5 = __toESM(require("node:process"), 1);
+var IS_LINUX = import_node_process5.default.platform === "linux";
+var IS_WINDOWS = import_node_process5.default.platform === "win32";
+// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/signals.js
+var Signals = ["SIGABRT", "SIGALRM", "SIGHUP", "SIGINT", "SIGTERM"];
+if (!IS_WINDOWS) {
+  Signals.push("SIGVTALRM", "SIGXCPU", "SIGXFSZ", "SIGUSR2", "SIGTRAP", "SIGSYS", "SIGQUIT", "SIGIOT");
+}
+if (IS_LINUX) {
+  Signals.push("SIGIO", "SIGPOLL", "SIGPWR", "SIGSTKFLT", "SIGUNUSED");
+}
+var signals_default = Signals;
+// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/interceptor.js
+var Interceptor = class {
+  /* CONSTRUCTOR */
+  constructor() {
+    this.callbacks = /* @__PURE__ */ new Set();
+    this.exited = false;
+    this.exit = (signal) => {
+      if (this.exited)
+        return;
+      this.exited = true;
+      for (const callback of this.callbacks) {
+        callback();
+      }
+      if (signal) {
+        if (IS_WINDOWS && (signal !== "SIGINT" && signal !== "SIGTERM" && signal !== "SIGKILL")) {
+          import_node_process6.default.kill(import_node_process6.default.pid, "SIGTERM");
+        } else {
+          import_node_process6.default.kill(import_node_process6.default.pid, signal);
         }
-        const migration = migrations[version];
-        migration?.(this);
-        this._set(MIGRATION_KEY, version);
-        previousMigratedVersion = version;
-        storeBackup = { ...this.store };
-      } catch (error) {
-        this.store = storeBackup;
-        throw new Error(`Something went wrong during the migration! Changes applied to the store until this failed migration will be restored. ${error}`);
       }
+    };
+    this.hook = () => {
+      import_node_process6.default.once("exit", () => this.exit());
+      for (const signal of signals_default) {
+        import_node_process6.default.once(signal, () => this.exit(signal));
+      }
+    };
+    this.register = (callback) => {
+      this.callbacks.add(callback);
+      return () => {
+        this.callbacks.delete(callback);
+      };
+    };
+    this.hook();
+  }
+};
+var interceptor_default = new Interceptor();
+// node_modules/.pnpm/when-exit@2.1.2/node_modules/when-exit/dist/node/index.js
+var whenExit = interceptor_default.register;
+var node_default = whenExit;
+// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/utils/temp.js
+var Temp = {
+  /* VARIABLES */
+  store: {},
+  /* API */
+  create: (filePath) => {
+    const randomness = `000000${Math.floor(Math.random() * 16777215).toString(16)}`.slice(-6);
+    const timestamp = Date.now().toString().slice(-10);
+    const prefix = "tmp-";
+    const suffix = `.${prefix}${timestamp}${randomness}`;
+    const tempPath = `${filePath}${suffix}`;
+    return tempPath;
+  },
+  get: (filePath, creator, purge = true) => {
+    const tempPath = Temp.truncate(creator(filePath));
+    if (tempPath in Temp.store)
+      return Temp.get(filePath, creator, purge);
+    Temp.store[tempPath] = purge;
+    const disposer = () => delete Temp.store[tempPath];
+    return [tempPath, disposer];
+  },
+  purge: (filePath) => {
+    if (!Temp.store[filePath])
+      return;
+    delete Temp.store[filePath];
+    dist_default.attempt.unlink(filePath);
+  },
+  purgeSync: (filePath) => {
+    if (!Temp.store[filePath])
+      return;
+    delete Temp.store[filePath];
+    dist_default.attempt.unlinkSync(filePath);
+  },
+  purgeSyncAll: () => {
+    for (const filePath in Temp.store) {
+      Temp.purgeSync(filePath);
     }
-    if (this._isVersionInRangeFormat(previousMigratedVersion) || !import_semver.default.eq(previousMigratedVersion, versionToMigrate)) {
-      this._set(MIGRATION_KEY, versionToMigrate);
-    }
+  },
+  truncate: (filePath) => {
+    const basename2 = import_node_path2.default.basename(filePath);
+    if (basename2.length <= LIMIT_BASENAME_LENGTH)
+      return filePath;
+    const truncable = /^(\.?)(.*?)((?:\.[^.]+)?(?:\.tmp-\d{10}[a-f0-9]{6})?)$/.exec(basename2);
+    if (!truncable)
+      return filePath;
+    const truncationLength = basename2.length - LIMIT_BASENAME_LENGTH;
+    return `${filePath.slice(0, -basename2.length)}${truncable[1]}${truncable[2].slice(0, -truncationLength)}${truncable[3]}`;
   }
-  _containsReservedKey(key) {
-    if (typeof key === "object") {
-      const firsKey = Object.keys(key)[0];
-      if (firsKey === INTERNAL_KEY) {
-        return true;
+};
+node_default(Temp.purgeSyncAll);
+var temp_default = Temp;
+// node_modules/.pnpm/atomically@2.0.3/node_modules/atomically/dist/index.js
+function writeFileSync(filePath, data, options = DEFAULT_WRITE_OPTIONS) {
+  if (isString(options))
+    return writeFileSync(filePath, data, { encoding: options });
+  const timeout = Date.now() + ((options.timeout ?? DEFAULT_TIMEOUT_SYNC) || -1);
+  let tempDisposer = null;
+  let tempPath = null;
+  let fd = null;
+  try {
+    const filePathReal = dist_default.attempt.realpathSync(filePath);
+    const filePathExists = !!filePathReal;
+    filePath = filePathReal || filePath;
+    [tempPath, tempDisposer] = temp_default.get(filePath, options.tmpCreate || temp_default.create, !(options.tmpPurge === false));
+    const useStatChown = IS_POSIX && isUndefined(options.chown);
+    const useStatMode = isUndefined(options.mode);
+    if (filePathExists && (useStatChown || useStatMode)) {
+      const stats = dist_default.attempt.statSync(filePath);
+      if (stats) {
+        options = { ...options };
+        if (useStatChown) {
+          options.chown = { uid: stats.uid, gid: stats.gid };
+        }
+        if (useStatMode) {
+          options.mode = stats.mode;
+        }
       }
     }
-    if (typeof key !== "string") {
-      return false;
+    if (!filePathExists) {
+      const parentPath = import_node_path3.default.dirname(filePath);
+      dist_default.attempt.mkdirSync(parentPath, {
+        mode: DEFAULT_FOLDER_MODE,
+        recursive: true
+      });
     }
-    if (this.#options.accessPropertiesByDotNotation) {
-      if (key.startsWith(`${INTERNAL_KEY}.`)) {
-        return true;
-      }
-      return false;
+    fd = dist_default.retry.openSync(timeout)(tempPath, "w", options.mode || DEFAULT_FILE_MODE);
+    if (options.tmpCreated) {
+      options.tmpCreated(tempPath);
     }
-    return false;
-  }
-  _isVersionInRangeFormat(version) {
-    return import_semver.default.clean(version) === null;
-  }
-  _shouldPerformMigration(candidateVersion, previousMigratedVersion, versionToMigrate) {
-    if (this._isVersionInRangeFormat(candidateVersion)) {
-      if (previousMigratedVersion !== "0.0.0" && import_semver.default.satisfies(previousMigratedVersion, candidateVersion)) {
-        return false;
+    if (isString(data)) {
+      dist_default.retry.writeSync(timeout)(fd, data, 0, options.encoding || DEFAULT_ENCODING);
+    } else if (!isUndefined(data)) {
+      dist_default.retry.writeSync(timeout)(fd, data, 0, data.length, 0);
+    }
+    if (options.fsync !== false) {
+      if (options.fsyncWait !== false) {
+        dist_default.retry.fsyncSync(timeout)(fd);
+      } else {
+        dist_default.attempt.fsync(fd);
       }
-      return import_semver.default.satisfies(versionToMigrate, candidateVersion);
     }
-    if (import_semver.default.lte(candidateVersion, previousMigratedVersion)) {
-      return false;
+    dist_default.retry.closeSync(timeout)(fd);
+    fd = null;
+    if (options.chown && (options.chown.uid !== DEFAULT_USER_UID || options.chown.gid !== DEFAULT_USER_GID)) {
+      dist_default.attempt.chownSync(tempPath, options.chown.uid, options.chown.gid);
     }
-    if (import_semver.default.gt(candidateVersion, versionToMigrate)) {
-      return false;
+    if (options.mode && options.mode !== DEFAULT_FILE_MODE) {
+      dist_default.attempt.chmodSync(tempPath, options.mode);
     }
-    return true;
-  }
-  _get(key, defaultValue) {
-    return getProperty(this.store, key, defaultValue);
-  }
-  _set(key, value) {
-    const { store } = this;
-    setProperty(store, key, value);
-    this.store = store;
+    try {
+      dist_default.retry.renameSync(timeout)(tempPath, filePath);
+    } catch (error) {
+      if (!isException(error))
+        throw error;
+      if (error.code !== "ENAMETOOLONG")
+        throw error;
+      dist_default.retry.renameSync(timeout)(tempPath, temp_default.truncate(filePath));
+    }
+    tempDisposer();
+    tempPath = null;
+  } finally {
+    if (fd)
+      dist_default.attempt.closeSync(fd);
+    if (tempPath)
+      temp_default.purge(tempPath);
   }
-};
+}
-// packages/sdk/db.js
-var projectName = "autho";
-var DB = class {
-  constructor({ encryptionKey, name = "default", dataFolder }) {
-    this.encryptionKey = encryptionKey;
-    this.client = new Conf({
-      projectName,
-      encryptionKey,
-      configName: name,
-      cwd: dataFolder,
-      projectSuffix: ""
-    });
-  }
-  get(key, defaultValue) {
-    return this.client.get(key, defaultValue);
-  }
-  set(key, value) {
-    this.client.set(key, value);
-  }
-  clear() {
-    this.client.clear();
+// node_modules/.pnpm/conf@12.0.0/node_modules/conf/dist/source/index.js
+var import_ajv = __toESM(require_ajv(), 1);
+var import_ajv_formats = __toESM(require_dist(), 1);
+// node_modules/.pnpm/mimic-fn@4.0.0/node_modules/mimic-fn/index.js
+var copyProperty = (to, from3, property, ignoreNonConfigurable) => {
+  if (property === "length" || property === "prototype") {
+    return;
   }
-  store() {
-    return this.client.store;
+  if (property === "arguments" || property === "caller") {
+    return;
   }
-  path() {
-    return this.client.path;
+  const toDescriptor = Object.getOwnPropertyDescriptor(to, property);
+  const fromDescriptor = Object.getOwnPropertyDescriptor(from3, property);
+  if (!canCopyProperty(toDescriptor, fromDescriptor) && ignoreNonConfigurable) {
+    return;
   }
+  Object.defineProperty(to, property, fromDescriptor);
 };
-// packages/cli/app.js
-var App = class {
-  constructor(options = {}) {
-    this.encryptionKey = options.encryptionKey || config_default.masterPasswordHash;
-    this.dataFolder = options.dataFolder || config_default.dataFolder;
-    this.name = options.name || config_default.name;
-    this.db = new DB({
-      encryptionKey: this.encryptionKey,
-      dataFolder: this.dataFolder,
-      name: this.name
-    });
-    this.secrets = new Secrets(this.db);
-  }
-  static async masterKey(masterPassword, masterPasswordHash) {
-    masterPassword = masterPassword || config_default.masterPassword;
-    masterPasswordHash = masterPasswordHash || config_default.masterPasswordHash;
-    if (masterPasswordHash) {
-      return masterPasswordHash;
-    } else if (!masterPassword) {
-      masterPassword = await ask({
-        name: "masterPassword",
-        message: "Password:",
-        type: "password",
-        required: true
-      });
-    }
-    masterPasswordHash = Cipher.hash(masterPassword);
-    return masterPasswordHash;
-  }
+var canCopyProperty = function(toDescriptor, fromDescriptor) {
+  return toDescriptor === void 0 || toDescriptor.configurable || toDescriptor.writable === fromDescriptor.writable && toDescriptor.enumerable === fromDescriptor.enumerable && toDescriptor.configurable === fromDescriptor.configurable && (toDescriptor.writable || toDescriptor.value === fromDescriptor.value);
 };
-// packages/cli/wizards/getEncryptionKey.js
-var wizard = async (confirm = false) => {
-  const questions = [
-    {
-      name: "password",
-      message: "password:",
-      type: "password",
-      required: true
-    }
-  ];
-  if (confirm) {
-    questions.push({
-      name: "confirmPassword",
-      message: "confirm password:",
-      type: "password",
-      required: true
-    });
-  }
-  const input = await prompt2(questions);
-  if (input.confirmPassword && input.password !== input.confirmPassword) {
-    throw new Error("Passwords do not match");
+var changePrototype = (to, from3) => {
+  const fromPrototype = Object.getPrototypeOf(from3);
+  if (fromPrototype === Object.getPrototypeOf(to)) {
+    return;
   }
-  return Cipher.hash(input.password);
+  Object.setPrototypeOf(to, fromPrototype);
 };
-var getEncryptionKey_default = wizard;
+var wrappedToString = (withName, fromBody) => `/* Wrapped ${withName}*/
+${fromBody}`;
+var toStringDescriptor = Object.getOwnPropertyDescriptor(Function.prototype, "toString");
+var toStringName = Object.getOwnPropertyDescriptor(Function.prototype.toString, "name");
+var changeToString = (to, from3, name) => {
+  const withName = name === "" ? "" : `with ${name.trim()}() `;
+  const newToString = wrappedToString.bind(null, withName, from3.toString());
+  Object.defineProperty(newToString, "name", toStringName);
+  Object.defineProperty(to, "toString", { ...toStringDescriptor, value: newToString });
+};
+function mimicFunction(to, from3, { ignoreNonConfigurable = false } = {}) {
+  const { name } = to;
+  for (const property of Reflect.ownKeys(from3)) {
+    copyProperty(to, from3, property, ignoreNonConfigurable);
+  }
+  changePrototype(to, from3);
+  changeToString(to, from3, name);
+  return to;
+}
-// packages/cli/wizards/createSecret.js
-var wizard2 = async (app) => {
-  const secrets = app.secrets;
-  const info = await prompt2([
-    {
-      name: "name",
-      message: "name:",
-      type: "input",
-      required: true
-    },
-    {
-      name: "type",
-      message: "type:",
-      type: "list",
-      default: "password",
-      choices: [
-        { name: "Password", value: "password" },
-        { name: "OTP", value: "otp" },
-        { name: "Note", value: "note" }
-      ],
-      required: true
-    },
-    {
-      name: "protected",
-      message: "protected:",
-      type: "confirm",
-      default: false,
-      required: true
-    }
-  ]);
-  let newSecret = { typeOptions: {} };
-  let encryptionKey = app.db.encryptionKey;
-  if (info.protected) {
-    encryptionKey = await getEncryptionKey_default(true);
+// node_modules/.pnpm/debounce-fn@5.1.2/node_modules/debounce-fn/index.js
+var debounceFn = (inputFunction, options = {}) => {
+  if (typeof inputFunction !== "function") {
+    throw new TypeError(`Expected the first argument to be a function, got \`${typeof inputFunction}\``);
   }
-  switch (info.type) {
-    case "password":
-      {
-        const password = await prompt2([
-          {
-            name: "url",
-            message: "url:",
-            type: "input",
-            required: false
-          },
-          {
-            name: "username",
-            message: "username:",
-            type: "input",
-            required: true
-          },
-          {
-            name: "value",
-            message: "password:",
-            type: "password",
-            required: true
-          }
-        ]);
-        newSecret = {
-          ...info,
-          value: password.value,
-          typeOptions: {
-            username: password.username,
-            url: password.url
-          }
-        };
+  const {
+    wait = 0,
+    maxWait = Number.POSITIVE_INFINITY,
+    before = false,
+    after = true
+  } = options;
+  if (!before && !after) {
+    throw new Error("Both `before` and `after` are false, function wouldn't be called.");
+  }
+  let timeout;
+  let maxTimeout;
+  let result;
+  const debouncedFunction = function(...arguments_) {
+    const context = this;
+    const later = () => {
+      timeout = void 0;
+      if (maxTimeout) {
+        clearTimeout(maxTimeout);
+        maxTimeout = void 0;
       }
-      break;
-    case "note":
-      {
-        const note = await prompt2([
-          {
-            name: "value",
-            message: "note:",
-            type: "password",
-            required: true
-          }
-        ]);
-        newSecret = {
-          ...info,
-          value: note.value,
-          typeOptions: {}
-        };
+      if (after) {
+        result = inputFunction.apply(context, arguments_);
       }
-      break;
-    case "otp":
-      {
-        const otp = await prompt2([
-          {
-            name: "username",
-            message: "username:",
-            type: "input",
-            required: true
-          },
-          {
-            name: "value",
-            message: "value:",
-            type: "password",
-            required: true
-          }
-        ]);
-        newSecret = {
-          ...info,
-          value: otp.value,
-          typeOptions: {
-            username: otp.username
-          }
-        };
+    };
+    const maxLater = () => {
+      maxTimeout = void 0;
+      if (timeout) {
+        clearTimeout(timeout);
+        timeout = void 0;
       }
-      break;
-  }
-  await secrets.add(newSecret, encryptionKey);
+      if (after) {
+        result = inputFunction.apply(context, arguments_);
+      }
+    };
+    const shouldCallNow = before && !timeout;
+    clearTimeout(timeout);
+    timeout = setTimeout(later, wait);
+    if (maxWait > 0 && maxWait !== Number.POSITIVE_INFINITY && !maxTimeout) {
+      maxTimeout = setTimeout(maxLater, maxWait);
+    }
+    if (shouldCallNow) {
+      result = inputFunction.apply(context, arguments_);
+    }
+    return result;
+  };
+  mimicFunction(debouncedFunction, inputFunction);
+  debouncedFunction.cancel = () => {
+    if (timeout) {
+      clearTimeout(timeout);
+      timeout = void 0;
+    }
+    if (maxTimeout) {
+      clearTimeout(maxTimeout);
+      maxTimeout = void 0;
+    }
+  };
+  return debouncedFunction;
 };
-var createSecret_default = wizard2;
+var debounce_fn_default = debounceFn;
-// packages/cli/wizards/getSecret.js
-var wizard3 = async (app) => {
-  const existingSecrets = app.db.get("secrets", []);
-  if (existingSecrets.length === 0) {
-    throw new Error("No secrets found");
+// node_modules/.pnpm/conf@12.0.0/node_modules/conf/dist/source/index.js
+var import_semver = __toESM(require_semver2(), 1);
+// node_modules/.pnpm/uint8array-extras@0.3.0/node_modules/uint8array-extras/index.js
+var objectToString = Object.prototype.toString;
+function isUint8Array(value) {
+  return value && objectToString.call(value) === "[object Uint8Array]";
+}
+function assertUint8Array(value) {
+  if (!isUint8Array(value)) {
+    throw new TypeError(`Expected \`Uint8Array\`, got \`${typeof value}\``);
   }
-  const choices = existingSecrets.map((secret2) => ({
-    value: secret2.id,
-    name: `${secret2.name} (${secret2.typeOptions.username || secret2.id})`
-  }));
-  const { id: secretId } = await prompt2({
-    name: "id",
-    message: "Secrets:",
-    type: "list",
-    choices,
-    required: true
-  });
-  const secret = await app.secrets.get(secretId);
-  if (!secret) {
-    throw new Error("Secret not found");
+}
+function concatUint8Arrays(arrays, totalLength) {
+  if (arrays.length === 0) {
+    return new Uint8Array(0);
   }
-  return secret;
-};
-var getSecret_default = wizard3;
+  totalLength ??= arrays.reduce((accumulator, currentValue) => accumulator + currentValue.length, 0);
+  const returnValue = new Uint8Array(totalLength);
+  let offset = 0;
+  for (const array of arrays) {
+    assertUint8Array(array);
+    returnValue.set(array, offset);
+    offset += array.length;
+  }
+  return returnValue;
+}
+function uint8ArrayToString(array) {
+  assertUint8Array(array);
+  return new globalThis.TextDecoder().decode(array);
+}
+function assertString(value) {
+  if (typeof value !== "string") {
+    throw new TypeError(`Expected \`string\`, got \`${typeof value}\``);
+  }
+}
+function stringToUint8Array(string) {
+  assertString(string);
+  return new globalThis.TextEncoder().encode(string);
+}
+var byteToHexLookupTable = Array.from({ length: 256 }, (_3, index) => index.toString(16).padStart(2, "0"));
-// node_modules/.pnpm/otpauth@9.2.3/node_modules/otpauth/dist/otpauth.node.mjs
-var crypto3 = __toESM(require("node:crypto"), 1);
-var uintToBuf = (num) => {
-  const buf = new ArrayBuffer(8);
-  const arr = new Uint8Array(buf);
-  let acc = num;
-  for (let i = 7; i >= 0; i--) {
-    if (acc === 0)
-      break;
-    arr[i] = acc & 255;
-    acc -= arr[i];
-    acc /= 256;
+// node_modules/.pnpm/conf@12.0.0/node_modules/conf/dist/source/index.js
+var Ajv = import_ajv.default.default;
+var ajvFormats = import_ajv_formats.default.default;
+var encryptionAlgorithm = "aes-256-cbc";
+var createPlainObject = () => /* @__PURE__ */ Object.create(null);
+var isExist = (data) => data !== void 0 && data !== null;
+var checkValueType = (key, value) => {
+  const nonJsonTypes = /* @__PURE__ */ new Set([
+    "undefined",
+    "symbol",
+    "function"
+  ]);
+  const type = typeof value;
+  if (nonJsonTypes.has(type)) {
+    throw new TypeError(`Setting a value of type \`${type}\` for key \`${key}\` is not allowed as it's not supported by JSON`);
   }
-  return buf;
 };
-var jsSHA = void 0;
-var globalScope = (() => {
-  if (typeof globalThis === "object")
-    return globalThis;
-  else {
-    Object.defineProperty(Object.prototype, "__GLOBALTHIS__", {
-      get() {
-        return this;
-      },
-      configurable: true
-    });
-    try {
-      if (typeof __GLOBALTHIS__ !== "undefined")
-        return __GLOBALTHIS__;
-    } finally {
-      delete Object.prototype.__GLOBALTHIS__;
+var INTERNAL_KEY = "__internal__";
+var MIGRATION_KEY = `${INTERNAL_KEY}.migrations.version`;
+var Conf = class {
+  path;
+  events;
+  #validator;
+  #encryptionKey;
+  #options;
+  #defaultValues = {};
+  constructor(partialOptions = {}) {
+    const options = {
+      configName: "config",
+      fileExtension: "json",
+      projectSuffix: "nodejs",
+      clearInvalidConfig: false,
+      accessPropertiesByDotNotation: true,
+      configFileMode: 438,
+      ...partialOptions
+    };
+    if (!options.cwd) {
+      if (!options.projectName) {
+        throw new Error("Please specify the `projectName` option.");
+      }
+      options.cwd = envPaths(options.projectName, { suffix: options.projectSuffix }).config;
     }
-  }
-  if (typeof self !== "undefined")
-    return self;
-  else if (typeof window !== "undefined")
-    return window;
-  else if (typeof global !== "undefined")
-    return global;
-  return void 0;
-})();
-var OPENSSL_JSSHA_ALGO_MAP = {
-  SHA1: "SHA-1",
-  SHA224: "SHA-224",
-  SHA256: "SHA-256",
-  SHA384: "SHA-384",
-  SHA512: "SHA-512",
-  "SHA3-224": "SHA3-224",
-  "SHA3-256": "SHA3-256",
-  "SHA3-384": "SHA3-384",
-  "SHA3-512": "SHA3-512"
-};
-var hmacDigest = (algorithm, key, message) => {
-  if (crypto3?.createHmac) {
-    const hmac = crypto3.createHmac(algorithm, globalScope.Buffer.from(key));
-    hmac.update(globalScope.Buffer.from(message));
-    return hmac.digest().buffer;
-  } else {
-    const variant = OPENSSL_JSSHA_ALGO_MAP[algorithm.toUpperCase()];
-    if (typeof variant === "undefined") {
-      throw new TypeError("Unknown hash function");
+    this.#options = options;
+    if (options.schema) {
+      if (typeof options.schema !== "object") {
+        throw new TypeError("The `schema` option must be an object.");
+      }
+      const ajv = new Ajv({
+        allErrors: true,
+        useDefaults: true
+      });
+      ajvFormats(ajv);
+      const schema = {
+        type: "object",
+        properties: options.schema
+      };
+      this.#validator = ajv.compile(schema);
+      for (const [key, value] of Object.entries(options.schema)) {
+        if (value?.default) {
+          this.#defaultValues[key] = value.default;
+        }
+      }
+    }
+    if (options.defaults) {
+      this.#defaultValues = {
+        ...this.#defaultValues,
+        ...options.defaults
+      };
+    }
+    if (options.serialize) {
+      this._serialize = options.serialize;
+    }
+    if (options.deserialize) {
+      this._deserialize = options.deserialize;
+    }
+    this.events = new EventTarget();
+    this.#encryptionKey = options.encryptionKey;
+    const fileExtension = options.fileExtension ? `.${options.fileExtension}` : "";
+    this.path = import_node_path4.default.resolve(options.cwd, `${options.configName ?? "config"}${fileExtension}`);
+    const fileStore = this.store;
+    const store = Object.assign(createPlainObject(), options.defaults, fileStore);
+    this._validate(store);
+    try {
+      import_node_assert2.default.deepEqual(fileStore, store);
+    } catch {
+      this.store = store;
     }
-    const hmac = new jsSHA(variant, "ARRAYBUFFER");
-    hmac.setHMACKey(key, "ARRAYBUFFER");
-    hmac.update(message);
-    return hmac.getHMAC("ARRAYBUFFER");
-  }
-};
-var ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
-var base32ToBuf = (str) => {
-  let end = str.length;
-  while (str[end - 1] === "=")
-    --end;
-  const cstr = (end < str.length ? str.substring(0, end) : str).toUpperCase();
-  const buf = new ArrayBuffer(cstr.length * 5 / 8 | 0);
-  const arr = new Uint8Array(buf);
-  let bits = 0;
-  let value = 0;
-  let index = 0;
-  for (let i = 0; i < cstr.length; i++) {
-    const idx = ALPHABET.indexOf(cstr[i]);
-    if (idx === -1)
-      throw new TypeError(`Invalid character found: ${cstr[i]}`);
-    value = value << 5 | idx;
-    bits += 5;
-    if (bits >= 8) {
-      bits -= 8;
-      arr[index++] = value >>> bits;
+    if (options.watch) {
+      this._watch();
     }
-  }
-  return buf;
-};
-var base32FromBuf = (buf) => {
-  const arr = new Uint8Array(buf);
-  let bits = 0;
-  let value = 0;
-  let str = "";
-  for (let i = 0; i < arr.length; i++) {
-    value = value << 8 | arr[i];
-    bits += 8;
-    while (bits >= 5) {
-      str += ALPHABET[value >>> bits - 5 & 31];
-      bits -= 5;
+    if (options.migrations) {
+      if (!options.projectVersion) {
+        throw new Error("Please specify the `projectVersion` option.");
+      }
+      this._migrate(options.migrations, options.projectVersion, options.beforeEachMigration);
     }
   }
-  if (bits > 0) {
-    str += ALPHABET[value << 5 - bits & 31];
-  }
-  return str;
-};
-var hexToBuf = (str) => {
-  const buf = new ArrayBuffer(str.length / 2);
-  const arr = new Uint8Array(buf);
-  for (let i = 0; i < str.length; i += 2) {
-    arr[i / 2] = parseInt(str.substring(i, i + 2), 16);
-  }
-  return buf;
-};
-var hexFromBuf = (buf) => {
-  const arr = new Uint8Array(buf);
-  let str = "";
-  for (let i = 0; i < arr.length; i++) {
-    const hex = arr[i].toString(16);
-    if (hex.length === 1)
-      str += "0";
-    str += hex;
-  }
-  return str.toUpperCase();
-};
-var latin1ToBuf = (str) => {
-  const buf = new ArrayBuffer(str.length);
-  const arr = new Uint8Array(buf);
-  for (let i = 0; i < str.length; i++) {
-    arr[i] = str.charCodeAt(i) & 255;
-  }
-  return buf;
-};
-var latin1FromBuf = (buf) => {
-  const arr = new Uint8Array(buf);
-  let str = "";
-  for (let i = 0; i < arr.length; i++) {
-    str += String.fromCharCode(arr[i]);
-  }
-  return str;
-};
-var ENCODER = globalScope.TextEncoder ? new globalScope.TextEncoder("utf-8") : null;
-var DECODER = globalScope.TextDecoder ? new globalScope.TextDecoder("utf-8") : null;
-var utf8ToBuf = (str) => {
-  if (!ENCODER) {
-    throw new Error("Encoding API not available");
-  }
-  return ENCODER.encode(str).buffer;
-};
-var utf8FromBuf = (buf) => {
-  if (!DECODER) {
-    throw new Error("Encoding API not available");
+  get(key, defaultValue) {
+    if (this.#options.accessPropertiesByDotNotation) {
+      return this._get(key, defaultValue);
+    }
+    const { store } = this;
+    return key in store ? store[key] : defaultValue;
   }
-  return DECODER.decode(buf);
-};
-var randomBytes2 = (size) => {
-  if (crypto3?.randomBytes) {
-    return crypto3.randomBytes(size).buffer;
-  } else {
-    if (!globalScope.crypto?.getRandomValues) {
-      throw new Error("Cryptography API not available");
+  set(key, value) {
+    if (typeof key !== "string" && typeof key !== "object") {
+      throw new TypeError(`Expected \`key\` to be of type \`string\` or \`object\`, got ${typeof key}`);
     }
-    return globalScope.crypto.getRandomValues(new Uint8Array(size)).buffer;
+    if (typeof key !== "object" && value === void 0) {
+      throw new TypeError("Use `delete()` to clear values");
+    }
+    if (this._containsReservedKey(key)) {
+      throw new TypeError(`Please don't use the ${INTERNAL_KEY} key, as it's used to manage this module internal operations.`);
+    }
+    const { store } = this;
+    const set2 = (key2, value2) => {
+      checkValueType(key2, value2);
+      if (this.#options.accessPropertiesByDotNotation) {
+        setProperty(store, key2, value2);
+      } else {
+        store[key2] = value2;
+      }
+    };
+    if (typeof key === "object") {
+      const object = key;
+      for (const [key2, value2] of Object.entries(object)) {
+        set2(key2, value2);
+      }
+    } else {
+      set2(key, value);
+    }
+    this.store = store;
   }
-};
-var Secret = class _Secret {
   /**
-   * Creates a secret key object.
-   * @param {Object} [config] Configuration options.
-   * @param {ArrayBuffer} [config.buffer=randomBytes] Secret key.
-   * @param {number} [config.size=20] Number of random bytes to generate, ignored if 'buffer' is provided.
-   */
-  constructor({
-    buffer,
-    size = 20
-  } = {}) {
-    this.buffer = typeof buffer === "undefined" ? randomBytes2(size) : buffer;
+      Check if an item exists.
+      @param key - The key of the item to check.
+      */
+  has(key) {
+    if (this.#options.accessPropertiesByDotNotation) {
+      return hasProperty(this.store, key);
+    }
+    return key in this.store;
   }
   /**
-   * Converts a Latin-1 string to a Secret object.
-   * @param {string} str Latin-1 string.
-   * @returns {Secret} Secret object.
-   */
-  static fromLatin1(str) {
-    return new _Secret({
-      buffer: latin1ToBuf(str)
-    });
+      Reset items to their default values, as defined by the `defaults` or `schema` option.
+      @see `clear()` to reset all items.
+      @param keys - The keys of the items to reset.
+      */
+  reset(...keys) {
+    for (const key of keys) {
+      if (isExist(this.#defaultValues[key])) {
+        this.set(key, this.#defaultValues[key]);
+      }
+    }
   }
-  /**
-   * Converts an UTF-8 string to a Secret object.
-   * @param {string} str UTF-8 string.
-   * @returns {Secret} Secret object.
-   */
-  static fromUTF8(str) {
-    return new _Secret({
-      buffer: utf8ToBuf(str)
-    });
+  delete(key) {
+    const { store } = this;
+    if (this.#options.accessPropertiesByDotNotation) {
+      deleteProperty(store, key);
+    } else {
+      delete store[key];
+    }
+    this.store = store;
   }
   /**
-   * Converts a base32 string to a Secret object.
-   * @param {string} str Base32 string.
-   * @returns {Secret} Secret object.
-   */
-  static fromBase32(str) {
-    return new _Secret({
-      buffer: base32ToBuf(str)
-    });
+      Delete all items.
+      This resets known items to their default values, if defined by the `defaults` or `schema` option.
+      */
+  clear() {
+    this.store = createPlainObject();
+    for (const key of Object.keys(this.#defaultValues)) {
+      this.reset(key);
+    }
   }
   /**
-   * Converts a hexadecimal string to a Secret object.
-   * @param {string} str Hexadecimal string.
-   * @returns {Secret} Secret object.
-   */
-  static fromHex(str) {
-    return new _Secret({
-      buffer: hexToBuf(str)
-    });
+      Watches the given `key`, calling `callback` on any changes.
+      @param key - The key wo watch.
+      @param callback - A callback function that is called on any changes. When a `key` is first set `oldValue` will be `undefined`, and when a key is deleted `newValue` will be `undefined`.
+      @returns A function, that when called, will unsubscribe.
+      */
+  onDidChange(key, callback) {
+    if (typeof key !== "string") {
+      throw new TypeError(`Expected \`key\` to be of type \`string\`, got ${typeof key}`);
+    }
+    if (typeof callback !== "function") {
+      throw new TypeError(`Expected \`callback\` to be of type \`function\`, got ${typeof callback}`);
+    }
+    return this._handleChange(() => this.get(key), callback);
   }
   /**
-   * Latin-1 string representation of secret key.
-   * @type {string}
-   */
-  get latin1() {
-    Object.defineProperty(this, "latin1", {
-      enumerable: true,
-      value: latin1FromBuf(this.buffer)
-    });
-    return this.latin1;
+      Watches the whole config object, calling `callback` on any changes.
+      @param callback - A callback function that is called on any changes. When a `key` is first set `oldValue` will be `undefined`, and when a key is deleted `newValue` will be `undefined`.
+      @returns A function, that when called, will unsubscribe.
+      */
+  onDidAnyChange(callback) {
+    if (typeof callback !== "function") {
+      throw new TypeError(`Expected \`callback\` to be of type \`function\`, got ${typeof callback}`);
+    }
+    return this._handleChange(() => this.store, callback);
   }
-  /**
-   * UTF-8 string representation of secret key.
-   * @type {string}
-   */
-  get utf8() {
-    Object.defineProperty(this, "utf8", {
-      enumerable: true,
-      value: utf8FromBuf(this.buffer)
-    });
-    return this.utf8;
+  get size() {
+    return Object.keys(this.store).length;
   }
-  /**
-   * Base32 string representation of secret key.
-   * @type {string}
-   */
-  get base32() {
-    Object.defineProperty(this, "base32", {
-      enumerable: true,
-      value: base32FromBuf(this.buffer)
-    });
-    return this.base32;
+  get store() {
+    try {
+      const data = import_node_fs2.default.readFileSync(this.path, this.#encryptionKey ? null : "utf8");
+      const dataString = this._encryptData(data);
+      const deserializedData = this._deserialize(dataString);
+      this._validate(deserializedData);
+      return Object.assign(createPlainObject(), deserializedData);
+    } catch (error) {
+      if (error?.code === "ENOENT") {
+        this._ensureDirectory();
+        return createPlainObject();
+      }
+      if (this.#options.clearInvalidConfig && error.name === "SyntaxError") {
+        return createPlainObject();
+      }
+      throw error;
+    }
   }
-  /**
-   * Hexadecimal string representation of secret key.
-   * @type {string}
-   */
-  get hex() {
-    Object.defineProperty(this, "hex", {
-      enumerable: true,
-      value: hexFromBuf(this.buffer)
-    });
-    return this.hex;
+  set store(value) {
+    this._ensureDirectory();
+    this._validate(value);
+    this._write(value);
+    this.events.dispatchEvent(new Event("change"));
   }
-};
-var timingSafeEqual2 = (a, b) => {
-  if (crypto3?.timingSafeEqual) {
-    return crypto3.timingSafeEqual(globalScope.Buffer.from(a), globalScope.Buffer.from(b));
-  } else {
-    if (a.length !== b.length) {
-      throw new TypeError("Input strings must have the same length");
+  *[Symbol.iterator]() {
+    for (const [key, value] of Object.entries(this.store)) {
+      yield [key, value];
     }
-    let i = -1;
-    let out = 0;
-    while (++i < a.length) {
-      out |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  _encryptData(data) {
+    if (!this.#encryptionKey) {
+      return typeof data === "string" ? data : uint8ArrayToString(data);
     }
-    return out === 0;
+    try {
+      const initializationVector = data.slice(0, 16);
+      const password = import_node_crypto2.default.pbkdf2Sync(this.#encryptionKey, initializationVector.toString(), 1e4, 32, "sha512");
+      const decipher = import_node_crypto2.default.createDecipheriv(encryptionAlgorithm, password, initializationVector);
+      const slice = data.slice(17);
+      const dataUpdate = typeof slice === "string" ? stringToUint8Array(slice) : slice;
+      return uint8ArrayToString(concatUint8Arrays([decipher.update(dataUpdate), decipher.final()]));
+    } catch {
+    }
+    return data.toString();
   }
-};
-var HOTP = class _HOTP {
-  /**
-   * Default configuration.
-   * @type {{
-   *   issuer: string,
-   *   label: string,
-   *   issuerInLabel: boolean,
-   *   algorithm: string,
-   *   digits: number,
-   *   counter: number
-   *   window: number
-   * }}
-   */
-  static get defaults() {
-    return {
-      issuer: "",
-      label: "OTPAuth",
-      issuerInLabel: true,
-      algorithm: "SHA1",
-      digits: 6,
-      counter: 0,
-      window: 1
+  _handleChange(getter, callback) {
+    let currentValue = getter();
+    const onChange = () => {
+      const oldValue = currentValue;
+      const newValue = getter();
+      if ((0, import_node_util2.isDeepStrictEqual)(newValue, oldValue)) {
+        return;
+      }
+      currentValue = newValue;
+      callback.call(this, newValue, oldValue);
+    };
+    this.events.addEventListener("change", onChange);
+    return () => {
+      this.events.removeEventListener("change", onChange);
     };
   }
-  /**
-   * Creates an HOTP object.
-   * @param {Object} [config] Configuration options.
-   * @param {string} [config.issuer=''] Account provider.
-   * @param {string} [config.label='OTPAuth'] Account label.
-   * @param {boolean} [config.issuerInLabel=true] Include issuer prefix in label.
-   * @param {Secret|string} [config.secret=Secret] Secret key.
-   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
-   * @param {number} [config.digits=6] Token length.
-   * @param {number} [config.counter=0] Initial counter value.
-   */
-  constructor({
-    issuer = _HOTP.defaults.issuer,
-    label = _HOTP.defaults.label,
-    issuerInLabel = _HOTP.defaults.issuerInLabel,
-    secret = new Secret(),
-    algorithm = _HOTP.defaults.algorithm,
-    digits: digits2 = _HOTP.defaults.digits,
-    counter = _HOTP.defaults.counter
-  } = {}) {
-    this.issuer = issuer;
-    this.label = label;
-    this.issuerInLabel = issuerInLabel;
-    this.secret = typeof secret === "string" ? Secret.fromBase32(secret) : secret;
-    this.algorithm = algorithm.toUpperCase();
-    this.digits = digits2;
-    this.counter = counter;
+  _deserialize = (value) => JSON.parse(value);
+  _serialize = (value) => JSON.stringify(value, void 0, "	");
+  _validate(data) {
+    if (!this.#validator) {
+      return;
+    }
+    const valid = this.#validator(data);
+    if (valid || !this.#validator.errors) {
+      return;
+    }
+    const errors = this.#validator.errors.map(({ instancePath, message = "" }) => `\`${instancePath.slice(1)}\` ${message}`);
+    throw new Error("Config schema violation: " + errors.join("; "));
   }
-  /**
-   * Generates an HOTP token.
-   * @param {Object} config Configuration options.
-   * @param {Secret} config.secret Secret key.
-   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
-   * @param {number} [config.digits=6] Token length.
-   * @param {number} [config.counter=0] Counter value.
-   * @returns {string} Token.
-   */
-  static generate({
-    secret,
-    algorithm = _HOTP.defaults.algorithm,
-    digits: digits2 = _HOTP.defaults.digits,
-    counter = _HOTP.defaults.counter
-  }) {
-    const digest = new Uint8Array(hmacDigest(algorithm, secret.buffer, uintToBuf(counter)));
-    const offset = digest[digest.byteLength - 1] & 15;
-    const otp = ((digest[offset] & 127) << 24 | (digest[offset + 1] & 255) << 16 | (digest[offset + 2] & 255) << 8 | digest[offset + 3] & 255) % 10 ** digits2;
-    return otp.toString().padStart(digits2, "0");
+  _ensureDirectory() {
+    import_node_fs2.default.mkdirSync(import_node_path4.default.dirname(this.path), { recursive: true });
+  }
+  _write(value) {
+    let data = this._serialize(value);
+    if (this.#encryptionKey) {
+      const initializationVector = import_node_crypto2.default.randomBytes(16);
+      const password = import_node_crypto2.default.pbkdf2Sync(this.#encryptionKey, initializationVector.toString(), 1e4, 32, "sha512");
+      const cipher = import_node_crypto2.default.createCipheriv(encryptionAlgorithm, password, initializationVector);
+      data = concatUint8Arrays([initializationVector, stringToUint8Array(":"), cipher.update(stringToUint8Array(data)), cipher.final()]);
+    }
+    if (import_node_process7.default.env.SNAP) {
+      import_node_fs2.default.writeFileSync(this.path, data, { mode: this.#options.configFileMode });
+    } else {
+      try {
+        writeFileSync(this.path, data, { mode: this.#options.configFileMode });
+      } catch (error) {
+        if (error?.code === "EXDEV") {
+          import_node_fs2.default.writeFileSync(this.path, data, { mode: this.#options.configFileMode });
+          return;
+        }
+        throw error;
+      }
+    }
+  }
+  _watch() {
+    this._ensureDirectory();
+    if (!import_node_fs2.default.existsSync(this.path)) {
+      this._write(createPlainObject());
+    }
+    if (import_node_process7.default.platform === "win32") {
+      import_node_fs2.default.watch(this.path, { persistent: false }, debounce_fn_default(() => {
+        this.events.dispatchEvent(new Event("change"));
+      }, { wait: 100 }));
+    } else {
+      import_node_fs2.default.watchFile(this.path, { persistent: false }, debounce_fn_default(() => {
+        this.events.dispatchEvent(new Event("change"));
+      }, { wait: 5e3 }));
+    }
+  }
+  _migrate(migrations, versionToMigrate, beforeEachMigration) {
+    let previousMigratedVersion = this._get(MIGRATION_KEY, "0.0.0");
+    const newerVersions = Object.keys(migrations).filter((candidateVersion) => this._shouldPerformMigration(candidateVersion, previousMigratedVersion, versionToMigrate));
+    let storeBackup = { ...this.store };
+    for (const version of newerVersions) {
+      try {
+        if (beforeEachMigration) {
+          beforeEachMigration(this, {
+            fromVersion: previousMigratedVersion,
+            toVersion: version,
+            finalVersion: versionToMigrate,
+            versions: newerVersions
+          });
+        }
+        const migration = migrations[version];
+        migration?.(this);
+        this._set(MIGRATION_KEY, version);
+        previousMigratedVersion = version;
+        storeBackup = { ...this.store };
+      } catch (error) {
+        this.store = storeBackup;
+        throw new Error(`Something went wrong during the migration! Changes applied to the store until this failed migration will be restored. ${error}`);
+      }
+    }
+    if (this._isVersionInRangeFormat(previousMigratedVersion) || !import_semver.default.eq(previousMigratedVersion, versionToMigrate)) {
+      this._set(MIGRATION_KEY, versionToMigrate);
+    }
+  }
+  _containsReservedKey(key) {
+    if (typeof key === "object") {
+      const firsKey = Object.keys(key)[0];
+      if (firsKey === INTERNAL_KEY) {
+        return true;
+      }
+    }
+    if (typeof key !== "string") {
+      return false;
+    }
+    if (this.#options.accessPropertiesByDotNotation) {
+      if (key.startsWith(`${INTERNAL_KEY}.`)) {
+        return true;
+      }
+      return false;
+    }
+    return false;
   }
-  /**
-   * Generates an HOTP token.
-   * @param {Object} [config] Configuration options.
-   * @param {number} [config.counter=this.counter++] Counter value.
-   * @returns {string} Token.
-   */
-  generate({
-    counter = this.counter++
-  } = {}) {
-    return _HOTP.generate({
-      secret: this.secret,
-      algorithm: this.algorithm,
-      digits: this.digits,
-      counter
-    });
+  _isVersionInRangeFormat(version) {
+    return import_semver.default.clean(version) === null;
   }
-  /**
-   * Validates an HOTP token.
-   * @param {Object} config Configuration options.
-   * @param {string} config.token Token value.
-   * @param {Secret} config.secret Secret key.
-   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
-   * @param {number} config.digits Token length.
-   * @param {number} [config.counter=0] Counter value.
-   * @param {number} [config.window=1] Window of counter values to test.
-   * @returns {number|null} Token delta or null if it is not found in the search window, in which case it should be considered invalid.
-   */
-  static validate({
-    token,
-    secret,
-    algorithm,
-    digits: digits2,
-    counter = _HOTP.defaults.counter,
-    window: window2 = _HOTP.defaults.window
-  }) {
-    if (token.length !== digits2)
-      return null;
-    let delta = null;
-    for (let i = counter - window2; i <= counter + window2; ++i) {
-      const generatedToken = _HOTP.generate({
-        secret,
-        algorithm,
-        digits: digits2,
-        counter: i
-      });
-      if (timingSafeEqual2(token, generatedToken)) {
-        delta = i - counter;
+  _shouldPerformMigration(candidateVersion, previousMigratedVersion, versionToMigrate) {
+    if (this._isVersionInRangeFormat(candidateVersion)) {
+      if (previousMigratedVersion !== "0.0.0" && import_semver.default.satisfies(previousMigratedVersion, candidateVersion)) {
+        return false;
       }
+      return import_semver.default.satisfies(versionToMigrate, candidateVersion);
     }
-    return delta;
+    if (import_semver.default.lte(candidateVersion, previousMigratedVersion)) {
+      return false;
+    }
+    if (import_semver.default.gt(candidateVersion, versionToMigrate)) {
+      return false;
+    }
+    return true;
   }
-  /**
-   * Validates an HOTP token.
-   * @param {Object} config Configuration options.
-   * @param {string} config.token Token value.
-   * @param {number} [config.counter=this.counter] Counter value.
-   * @param {number} [config.window=1] Window of counter values to test.
-   * @returns {number|null} Token delta or null if it is not found in the search window, in which case it should be considered invalid.
-   */
-  validate({
-    token,
-    counter = this.counter,
-    window: window2
-  }) {
-    return _HOTP.validate({
-      token,
-      secret: this.secret,
-      algorithm: this.algorithm,
-      digits: this.digits,
-      counter,
-      window: window2
-    });
+  _get(key, defaultValue) {
+    return getProperty(this.store, key, defaultValue);
   }
-  /**
-   * Returns a Google Authenticator key URI.
-   * @returns {string} URI.
-   */
-  toString() {
-    const e = encodeURIComponent;
-    return `otpauth://hotp/${this.issuer.length > 0 ? this.issuerInLabel ? `${e(this.issuer)}:${e(this.label)}?issuer=${e(this.issuer)}&` : `${e(this.label)}?issuer=${e(this.issuer)}&` : `${e(this.label)}?`}secret=${e(this.secret.base32)}&algorithm=${e(this.algorithm)}&digits=${e(this.digits)}&counter=${e(this.counter)}`;
+  _set(key, value) {
+    const { store } = this;
+    setProperty(store, key, value);
+    this.store = store;
   }
 };
-var TOTP = class _TOTP {
-  /**
-   * Default configuration.
-   * @type {{
-   *   issuer: string,
-   *   label: string,
-   *   issuerInLabel: boolean,
-   *   algorithm: string,
-   *   digits: number,
-   *   period: number
-   *   window: number
-   * }}
-   */
-  static get defaults() {
-    return {
-      issuer: "",
-      label: "OTPAuth",
-      issuerInLabel: true,
-      algorithm: "SHA1",
-      digits: 6,
-      period: 30,
-      window: 1
-    };
+// packages/sdk/db.js
+var projectName = "autho";
+var DB = class {
+  constructor({ encryptionKey, name = "default", dataFolder }) {
+    this.encryptionKey = encryptionKey;
+    this.client = new Conf({
+      projectName,
+      encryptionKey,
+      configName: name,
+      cwd: dataFolder,
+      projectSuffix: ""
+    });
   }
-  /**
-   * Creates a TOTP object.
-   * @param {Object} [config] Configuration options.
-   * @param {string} [config.issuer=''] Account provider.
-   * @param {string} [config.label='OTPAuth'] Account label.
-   * @param {boolean} [config.issuerInLabel=true] Include issuer prefix in label.
-   * @param {Secret|string} [config.secret=Secret] Secret key.
-   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
-   * @param {number} [config.digits=6] Token length.
-   * @param {number} [config.period=30] Token time-step duration.
-   */
-  constructor({
-    issuer = _TOTP.defaults.issuer,
-    label = _TOTP.defaults.label,
-    issuerInLabel = _TOTP.defaults.issuerInLabel,
-    secret = new Secret(),
-    algorithm = _TOTP.defaults.algorithm,
-    digits: digits2 = _TOTP.defaults.digits,
-    period = _TOTP.defaults.period
-  } = {}) {
-    this.issuer = issuer;
-    this.label = label;
-    this.issuerInLabel = issuerInLabel;
-    this.secret = typeof secret === "string" ? Secret.fromBase32(secret) : secret;
-    this.algorithm = algorithm.toUpperCase();
-    this.digits = digits2;
-    this.period = period;
+  get(key, defaultValue) {
+    return this.client.get(key, defaultValue);
   }
-  /**
-   * Generates a TOTP token.
-   * @param {Object} config Configuration options.
-   * @param {Secret} config.secret Secret key.
-   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
-   * @param {number} [config.digits=6] Token length.
-   * @param {number} [config.period=30] Token time-step duration.
-   * @param {number} [config.timestamp=Date.now] Timestamp value in milliseconds.
-   * @returns {string} Token.
-   */
-  static generate({
-    secret,
-    algorithm,
-    digits: digits2,
-    period = _TOTP.defaults.period,
-    timestamp = Date.now()
-  }) {
-    return HOTP.generate({
-      secret,
-      algorithm,
-      digits: digits2,
-      counter: Math.floor(timestamp / 1e3 / period)
-    });
+  set(key, value) {
+    this.client.set(key, value);
   }
-  /**
-   * Generates a TOTP token.
-   * @param {Object} [config] Configuration options.
-   * @param {number} [config.timestamp=Date.now] Timestamp value in milliseconds.
-   * @returns {string} Token.
-   */
-  generate({
-    timestamp = Date.now()
-  } = {}) {
-    return _TOTP.generate({
-      secret: this.secret,
-      algorithm: this.algorithm,
-      digits: this.digits,
-      period: this.period,
-      timestamp
-    });
+  clear() {
+    this.client.clear();
   }
-  /**
-   * Validates a TOTP token.
-   * @param {Object} config Configuration options.
-   * @param {string} config.token Token value.
-   * @param {Secret} config.secret Secret key.
-   * @param {string} [config.algorithm='SHA1'] HMAC hashing algorithm.
-   * @param {number} config.digits Token length.
-   * @param {number} [config.period=30] Token time-step duration.
-   * @param {number} [config.timestamp=Date.now] Timestamp value in milliseconds.
-   * @param {number} [config.window=1] Window of counter values to test.
-   * @returns {number|null} Token delta or null if it is not found in the search window, in which case it should be considered invalid.
-   */
-  static validate({
-    token,
-    secret,
-    algorithm,
-    digits: digits2,
-    period = _TOTP.defaults.period,
-    timestamp = Date.now(),
-    window: window2
-  }) {
-    return HOTP.validate({
-      token,
-      secret,
-      algorithm,
-      digits: digits2,
-      counter: Math.floor(timestamp / 1e3 / period),
-      window: window2
+  store() {
+    return this.client.store;
+  }
+  path() {
+    return this.client.path;
+  }
+};
+// packages/cli/app.js
+var App = class {
+  constructor(options = {}) {
+    this.encryptionKey = options.encryptionKey || config_default.masterPasswordHash;
+    this.dataFolder = options.dataFolder || config_default.dataFolder;
+    this.name = options.name || config_default.name;
+    this.db = new DB({
+      encryptionKey: this.encryptionKey,
+      dataFolder: this.dataFolder,
+      name: this.name
     });
+    this.secrets = new Secrets(this.db);
   }
-  /**
-   * Validates a TOTP token.
-   * @param {Object} config Configuration options.
-   * @param {string} config.token Token value.
-   * @param {number} [config.timestamp=Date.now] Timestamp value in milliseconds.
-   * @param {number} [config.window=1] Window of counter values to test.
-   * @returns {number|null} Token delta or null if it is not found in the search window, in which case it should be considered invalid.
-   */
-  validate({
-    token,
-    timestamp,
-    window: window2
-  }) {
-    return _TOTP.validate({
-      token,
-      secret: this.secret,
-      algorithm: this.algorithm,
-      digits: this.digits,
-      period: this.period,
-      timestamp,
-      window: window2
+  static async masterKey(masterPassword, masterPasswordHash) {
+    masterPassword = masterPassword || config_default.masterPassword;
+    masterPasswordHash = masterPasswordHash || config_default.masterPasswordHash;
+    if (masterPasswordHash) {
+      return masterPasswordHash;
+    } else if (!masterPassword) {
+      masterPassword = await ask({
+        name: "masterPassword",
+        message: "Password:",
+        type: "password",
+        required: true
+      });
+    }
+    masterPasswordHash = Cipher.hash(masterPassword);
+    return masterPasswordHash;
+  }
+};
+// packages/cli/wizards/getEncryptionKey.js
+var wizard = async (confirm = false) => {
+  const questions = [
+    {
+      name: "password",
+      message: "password:",
+      type: "password",
+      required: true
+    }
+  ];
+  if (confirm) {
+    questions.push({
+      name: "confirmPassword",
+      message: "confirm password:",
+      type: "password",
+      required: true
     });
   }
-  /**
-   * Returns a Google Authenticator key URI.
-   * @returns {string} URI.
-   */
-  toString() {
-    const e = encodeURIComponent;
-    return `otpauth://totp/${this.issuer.length > 0 ? this.issuerInLabel ? `${e(this.issuer)}:${e(this.label)}?issuer=${e(this.issuer)}&` : `${e(this.label)}?issuer=${e(this.issuer)}&` : `${e(this.label)}?`}secret=${e(this.secret.base32)}&algorithm=${e(this.algorithm)}&digits=${e(this.digits)}&period=${e(this.period)}`;
+  const input = await prompt2(questions);
+  if (input.confirmPassword && input.password !== input.confirmPassword) {
+    throw new Error("Passwords do not match");
   }
+  return Cipher.hash(input.password);
 };
+var getEncryptionKey_default = wizard;
-// packages/sdk/otp.js
-var OTP = class {
-  constructor(secret) {
-    const options = {
-      issuer: "Autho",
-      label: secret.name,
-      algorithm: "SHA1",
-      digits: 6,
-      period: 30,
-      secret: secret.value
-    };
-    this.totp = new TOTP(options);
+// packages/cli/wizards/createSecret.js
+var wizard2 = async (app) => {
+  const secrets = app.secrets;
+  const info = await prompt2([
+    {
+      name: "name",
+      message: "name:",
+      type: "input",
+      required: true
+    },
+    {
+      name: "type",
+      message: "type:",
+      type: "list",
+      default: "password",
+      choices: [
+        { name: "Password", value: "password" },
+        { name: "OTP", value: "otp" },
+        { name: "Note", value: "note" }
+      ],
+      required: true
+    },
+    {
+      name: "protected",
+      message: "protected:",
+      type: "confirm",
+      default: false,
+      required: true
+    }
+  ]);
+  let newSecret = { typeOptions: {} };
+  let encryptionKey = app.db.encryptionKey;
+  if (info.protected) {
+    encryptionKey = await getEncryptionKey_default(true);
   }
-  generate() {
-    return this.totp.generate();
+  switch (info.type) {
+    case "password":
+      {
+        const password = await prompt2([
+          {
+            name: "url",
+            message: "url:",
+            type: "input",
+            required: false
+          },
+          {
+            name: "username",
+            message: "username:",
+            type: "input",
+            required: true
+          },
+          {
+            name: "value",
+            message: "password:",
+            type: "password",
+            required: true
+          }
+        ]);
+        newSecret = {
+          ...info,
+          value: password.value,
+          typeOptions: {
+            username: password.username,
+            url: password.url
+          }
+        };
+      }
+      break;
+    case "note":
+      {
+        const note = await prompt2([
+          {
+            name: "value",
+            message: "note:",
+            type: "password",
+            required: true
+          }
+        ]);
+        newSecret = {
+          ...info,
+          value: note.value,
+          typeOptions: {}
+        };
+      }
+      break;
+    case "otp":
+      {
+        const otp = await prompt2([
+          {
+            name: "username",
+            message: "username:",
+            type: "input",
+            required: true
+          },
+          {
+            name: "value",
+            message: "value:",
+            type: "password",
+            required: true
+          }
+        ]);
+        const test = await prompt2([
+          {
+            name: "validate",
+            message: "validate:",
+            type: "confirm",
+            default: false,
+            required: true
+          }
+        ]);
+        if (test.validate) {
+          generateOTP({
+            name: info.name,
+            value: otp.value
+          });
+          while (1) {
+            const valid = await prompt2([
+              {
+                name: "try",
+                message: "try again?",
+                type: "confirm",
+                default: false,
+                required: true
+              }
+            ]);
+            if (!valid.try) {
+              break;
+            } else {
+              generateOTP({
+                name: info.name,
+                value: otp.value
+              });
+            }
+          }
+        }
+        newSecret = {
+          ...info,
+          value: otp.value,
+          typeOptions: {
+            username: otp.username
+          }
+        };
+      }
+      break;
   }
-  validate(token, window2 = 1) {
-    return this.totp.validate({ token, window: window2 });
+  const created = await secrets.add(newSecret, encryptionKey);
+  console.log("Secret created:", created.id);
+};
+var createSecret_default = wizard2;
+// packages/cli/wizards/getSecret.js
+var wizard3 = async (app) => {
+  const existingSecrets = app.db.get("secrets", []);
+  if (existingSecrets.length === 0) {
+    throw new Error("No secrets found");
+  }
+  const choices = existingSecrets.map((secret2) => ({
+    value: secret2.id,
+    name: `${secret2.name} ${secret2.typeOptions.username ? `(${secret2.typeOptions.username}) ` : ""}(${secret2.id})`
+  }));
+  const { id: secretId } = await prompt2({
+    name: "id",
+    message: "Secrets:",
+    type: "list",
+    choices,
+    required: true
+  });
+  const secret = await app.secrets.get(secretId);
+  if (!secret) {
+    throw new Error("Secret not found");
   }
+  return secret;
 };
+var getSecret_default = wizard3;
 // packages/shared/logger.js
 var import_baloga = __toESM(require_baloga(), 1);
@@ -59601,7 +59642,6 @@ var logger = new import_baloga.Logger();
 var Logger = import_baloga.Logger;
 // packages/cli/bin.js
-var import_readline = __toESM(require("readline"), 1);
 var logger2 = new Logger();
 var program2 = new Command();
 var getAuthoAbsolutePath = (path5) => {
@@ -59622,10 +59662,9 @@ var basename = (filePath) => {
   const folderName = import_path2.default.basename(normalizedPath);
   return folderName;
 };
-function printLine(text, cursorTo = 0, moveCursor = 0) {
-  import_readline.default.cursorTo(process.stdout, cursorTo);
-  process.stdout.write(text + " ");
-  import_readline.default.moveCursor(process.stdout, cursorTo, moveCursor);
+function printLine(text) {
+  process.stdout.write("\x1B[2K\x1B[1G");
+  process.stdout.write(text);
 }
 var countDown = async (textStart, textEnd, seconds) => {
   return new Promise((resolve) => {
@@ -59634,24 +59673,30 @@ var countDown = async (textStart, textEnd, seconds) => {
       seconds--;
       if (seconds < 0) {
         printLine(textEnd);
+        process.stdout.write("\n");
         clearInterval(interval);
         resolve();
       }
     }, 1e3);
   });
 };
-program2.name("autho").description("Secrets manager").version("0.0.10").option("-p, --password <password>", "Master password").option("-ph, --passwordHash <passwordHash>", "Master password hash").option("-n, --name <name>", "Collection name").option(
-  "-data, --dataFolder <folderPath>",
+var initApp = async (args, opts) => {
+  const { password, passwordHash } = { ...opts, ...args };
+  args.encryptionKey = await App.masterKey(
+    password,
+    passwordHash
+  );
+  const app = new App(args);
+  return app;
+};
+program2.name("autho").description("Secrets manager").version("0.0.11").option("-p, --password <password>", "Master password").option("-ph, --passwordHash <passwordHash>", "Master password hash").option("-n, --name <name>", "Collection name").option(
+  "--dataFolder <folderPath>",
   "Folder path to store secrets db",
   getAuthoAbsolutePath
 ).action(async (args) => {
   try {
-    logger2.debug("args:", args);
-    args.encryptionKey = await App.masterKey(
-      args.password,
-      args.passwordHash
-    );
-    const app = new App(args);
+    logger2.debug("input:", args);
+    const app = await initApp(args, program2.opts());
     logger2.debug(`Reading data from:`, app.db.path());
     let choices = [
       { value: "create", name: "Create new secret" },
@@ -59686,10 +59731,12 @@ program2.name("autho").description("Secrets manager").version("0.0.10").option("
               break;
             case "otp":
               {
-                const otp = new OTP(readSecret);
-                console.log("OTP code:", otp.generate());
-                await countDown("Expired at: ", "The code is not longer valid, please generate new code.", 30);
-                process.exit(0);
+                generateOTP(readSecret);
+                await countDown(
+                  "Expired in: ",
+                  "The code is not longer valid, please generate new code.",
+                  30
+                );
               }
               break;
           }
@@ -59700,7 +59747,6 @@ program2.name("autho").description("Secrets manager").version("0.0.10").option("
           const deleteSecret = await getSecret_default(app);
           await app.secrets.remove(deleteSecret.id);
           console.log("Removed");
-          process.exit(0);
         }
         break;
       default:
@@ -59712,9 +59758,50 @@ program2.name("autho").description("Secrets manager").version("0.0.10").option("
     console.log(error.stack);
     process.exit(1);
   }
+  process.exit(0);
+});
+program2.command("secret").description("Secret operations").option("--action <action>", "Secret action (create/list/read/delete)", "create").option("--id <id>", "Secret id").option("--decrypt", "Decrypt secret", false).action(async (args) => {
+  try {
+    logger2.debug(`input:`, args);
+    const { id, decrypt, action } = args;
+    const app = await initApp(args, program2.opts());
+    logger2.debug(`Reading data from:`, app.db.path());
+    switch (action) {
+      case "read": {
+        const selected = await app.secrets.get(id);
+        if (!selected) {
+          throw new Error("No secret found");
+        }
+        if (decrypt) {
+          selected.value = Cipher.decrypt({
+            ...selected,
+            encryptionKey: app.encryptionKey
+          });
+        }
+        console.log(selected);
+        break;
+      }
+      case "delete":
+        await app.secrets.remove(id);
+        break;
+      case "create":
+        await createSecret_default(app);
+        break;
+      case "list":
+        console.dir(app.secrets.secrets);
+        break;
+      default:
+        throw new Error("Unknown action:", action);
+    }
+  } catch (error) {
+    logger2.error("Something went wrong, Error: ", error.message);
+    console.log(error.stack);
+    process.exit(1);
+  }
+  process.exit(0);
 });
 program2.command("file").description("Encrypt/Decrypt file").option("-f, --filePath <filePath>", "File path").option("-en, --encrypt", "Encrypt file", false).option("-de, --decrypt", "Decrypt file", false).option("--override", "Override original file", false).action(async (args) => {
-  logger2.debug(`file:`, args);
+  logger2.debug(`input:`, args);
   const { encrypt, decrypt, override } = args;
   let { filePath } = args;
   filePath = toAbsolutePath(filePath);
@@ -59739,7 +59826,7 @@ program2.command("file").description("Encrypt/Decrypt file").option("-f, --fileP
 });
 program2.command("files").description("Encrypt/Decrypt file").option("--input <inputPath>", "Folder path").option("--output <outputPath>", "Folder path", process.cwd()).option("-en, --encrypt", "Encrypt folder", false).option("-de, --decrypt", "Decrypt folder", false).action(async (args) => {
   try {
-    logger2.debug(`files:`, args);
+    logger2.debug(`input:`, args);
     const { encrypt, decrypt } = args;
     let { input, output } = args;
     input = toAbsolutePath(input);
@@ -59773,7 +59860,7 @@ program2.command("files").description("Encrypt/Decrypt file").option("--input <i
   }
   process.exit(0);
 });
-program2.parse();
+program2.parse(process.argv);
 /*! Bundled license information:
 safe-buffer/index.js: