cipher-kit 2.1.3 → 3.0.0

package/dist/chunk-X6MX4NDE.js

@@ -0,0 +1,478 @@
+import { __export, $ok, $err, $fmtError, $fmtResultErr, $validateSecretKeyBase, $validateCreateSecretKeyOptions, $isStr, $isPlainObj, CIPHER_ENCODING, GCM_IV_LENGTH, matchEncryptedPattern, GCM_TAG_BYTES, $stringifyObj, $parseToObj, DIGEST_ALGORITHMS, $validateHashPasswordOptions, $validateVerifyPasswordOptions, ENCODING } from './chunk-IY6XGUYO.js';
+import nodeCrypto3 from 'crypto';
+import { Buffer as Buffer$1 } from 'buffer';
+
+// src/node/kit.ts
+var kit_exports = {};
+__export(kit_exports, {
+  convertBytesToStr: () => convertBytesToStr,
+  convertEncoding: () => convertEncoding,
+  convertStrToBytes: () => convertStrToBytes,
+  createSecretKey: () => createSecretKey,
+  decrypt: () => decrypt,
+  decryptObj: () => decryptObj,
+  encrypt: () => encrypt,
+  encryptObj: () => encryptObj,
+  generateUuid: () => generateUuid,
+  hash: () => hash,
+  hashPassword: () => hashPassword,
+  isNodeSecretKey: () => isNodeSecretKey,
+  tryConvertBytesToStr: () => tryConvertBytesToStr,
+  tryConvertEncoding: () => tryConvertEncoding,
+  tryConvertStrToBytes: () => tryConvertStrToBytes,
+  tryCreateSecretKey: () => tryCreateSecretKey,
+  tryDecrypt: () => tryDecrypt,
+  tryDecryptObj: () => tryDecryptObj,
+  tryEncrypt: () => tryEncrypt,
+  tryEncryptObj: () => tryEncryptObj,
+  tryGenerateUuid: () => tryGenerateUuid,
+  tryHash: () => tryHash,
+  tryHashPassword: () => tryHashPassword,
+  tryVerifyPassword: () => tryVerifyPassword,
+  verifyPassword: () => verifyPassword
+});
+function $convertStrToBytes(data, inputEncoding = "utf8") {
+  if (typeof data !== "string") {
+    return $err({
+      message: "node strToBytes: Data must be a string",
+      description: `Expected a string value, received ${typeof data}`
+    });
+  }
+  if (!ENCODING.includes(inputEncoding)) {
+    return $err({
+      message: `node strToBytes: Unsupported encoding: ${inputEncoding}`,
+      description: "Use base64, base64url, hex, utf8, or latin1"
+    });
+  }
+  if (inputEncoding === "hex") {
+    const clean = /^0x/i.test(data) ? data.slice(2) : data;
+    if (clean.length % 2 !== 0 || !/^[0-9a-fA-F]*$/.test(clean)) {
+      return $err({
+        message: "node strToBytes: Invalid hex string",
+        description: "Hex string contains non-hex characters or has odd length"
+      });
+    }
+    return $ok({ result: Buffer$1.from(clean, "hex") });
+  }
+  if (inputEncoding === "base64") {
+    if (!/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}={2}|[A-Za-z0-9+/]{3}=)?$/.test(data)) {
+      return $err({
+        message: "node strToBytes: Invalid base64 string",
+        description: "Base64 string contains invalid characters or has incorrect padding"
+      });
+    }
+  }
+  if (inputEncoding === "base64url") {
+    if (!/^[A-Za-z0-9_-]*={0,2}$/.test(data) || data.replace(/=+$/, "").length % 4 === 1) {
+      return $err({
+        message: "node strToBytes: Invalid base64url string",
+        description: "Base64url string contains invalid characters or has incorrect length"
+      });
+    }
+  }
+  try {
+    return $ok({ result: Buffer$1.from(data, inputEncoding) });
+  } catch (error) {
+    return $err({ message: "node strToBytes: Failed to convert data", description: $fmtError(error) });
+  }
+}
+function $convertBytesToStr(data, outputEncoding = "utf8") {
+  if (!(data instanceof Buffer$1)) {
+    return $err({
+      message: "node bytesToStr: Data must be a Buffer",
+      description: "Received a non-Buffer value"
+    });
+  }
+  if (!ENCODING.includes(outputEncoding)) {
+    return $err({
+      message: `node bytesToStr: Unsupported encoding: ${outputEncoding}`,
+      description: "Use base64, base64url, hex, utf8, or latin1"
+    });
+  }
+  try {
+    return $ok(data.toString(outputEncoding));
+  } catch (error) {
+    return $err({ message: "node bytesToStr: Failed to convert data", description: $fmtError(error) });
+  }
+}
+function $convertEncoding(data, from, to) {
+  if (!$isStr(data)) {
+    return $err({
+      message: "node convertEncoding: Data must be a non-empty string",
+      description: "Received empty or non-string value"
+    });
+  }
+  if (!ENCODING.includes(from) || !ENCODING.includes(to)) {
+    return $err({
+      message: `node convertEncoding: Unsupported encoding: from ${from} to ${to}`,
+      description: "Use base64, base64url, hex, utf8, or latin1"
+    });
+  }
+  const bytes = $convertStrToBytes(data, from);
+  if (bytes.error) return $err(bytes.error);
+  const str = $convertBytesToStr(bytes.result, to);
+  if (str.error) return $err(str.error);
+  return $ok(str.result);
+}
+function $isNodeSecretKey(x) {
+  const base = $validateSecretKeyBase(x, "node");
+  if (!base) return null;
+  if (!(base.obj.key instanceof nodeCrypto3.KeyObject) || typeof base.obj.key.symmetricKeySize === "number" && base.obj.key.symmetricKeySize !== base.algorithm.keyBytes) {
+    return null;
+  }
+  return x;
+}
+function $createSecretKey(secret, options) {
+  const validated = $validateCreateSecretKeyOptions(secret, options, "node");
+  if (validated.error) return $err(validated.error);
+  const { algorithm, digest, salt, info, encryptAlgo, digestAlgo } = validated;
+  try {
+    const derivedKey = Buffer.from(
+      nodeCrypto3.hkdfSync(
+        digestAlgo.node,
+        secret.normalize("NFKC"),
+        salt.normalize("NFKC"),
+        info.normalize("NFKC"),
+        encryptAlgo.keyBytes
+      )
+    );
+    try {
+      const key = nodeCrypto3.createSecretKey(derivedKey);
+      const secretKey = Object.freeze({
+        platform: "node",
+        digest,
+        algorithm,
+        key,
+        injected: encryptAlgo
+      });
+      return $ok({ result: secretKey });
+    } finally {
+      derivedKey.fill(0);
+    }
+  } catch (error) {
+    return $err({ message: "node createSecretKey: Failed to derive key", description: $fmtError(error) });
+  }
+}
+
+// src/node/node-encrypt.ts
+function $encrypt(data, secretKey, options) {
+  if (!$isStr(data)) {
+    return $err({
+      message: "node encrypt: Data must be a non-empty string",
+      description: "Received empty or non-string value"
+    });
+  }
+  if (!$isPlainObj(options)) {
+    return $err({
+      message: "node encrypt: Options must be a plain object",
+      description: 'Pass an object like { outputEncoding: "base64url" }'
+    });
+  }
+  const outputEncoding = options.outputEncoding ?? "base64url";
+  if (!CIPHER_ENCODING.includes(outputEncoding)) {
+    return $err({
+      message: `node encrypt: Unsupported output encoding: ${outputEncoding}`,
+      description: "Use base64, base64url, or hex"
+    });
+  }
+  const injectedKey = $isNodeSecretKey(secretKey);
+  if (!injectedKey) {
+    return $err({
+      message: "node encrypt: Invalid secret key",
+      description: "Expected a NodeSecretKey created by nodeKit.createSecretKey()"
+    });
+  }
+  const { result, error } = $convertStrToBytes(data, "utf8");
+  if (error) return $err(error);
+  try {
+    const iv = nodeCrypto3.randomBytes(GCM_IV_LENGTH);
+    const cipher = nodeCrypto3.createCipheriv(injectedKey.injected.node, injectedKey.key, iv);
+    const encrypted = Buffer$1.concat([cipher.update(result), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    const ivStr = $convertBytesToStr(iv, outputEncoding);
+    const cipherStr = $convertBytesToStr(encrypted, outputEncoding);
+    const tagStr = $convertBytesToStr(tag, outputEncoding);
+    if (ivStr.error || cipherStr.error || tagStr.error) {
+      return $err({
+        message: "node encrypt: Failed to encode output",
+        description: `Conversion error: ${$fmtResultErr(ivStr.error || cipherStr.error || tagStr.error)}`
+      });
+    }
+    return $ok(`${ivStr.result}.${cipherStr.result}.${tagStr.result}.`);
+  } catch (error2) {
+    return $err({ message: "node encrypt: Failed to encrypt data", description: $fmtError(error2) });
+  } finally {
+    result.fill(0);
+  }
+}
+function $decrypt(encrypted, secretKey, options) {
+  if (!matchEncryptedPattern(encrypted)) {
+    return $err({
+      message: "node decrypt: Invalid encrypted data format",
+      description: 'Encrypted data must be in the format "iv.cipher.tag."'
+    });
+  }
+  if (!$isPlainObj(options)) {
+    return $err({
+      message: "node decrypt: Options must be a plain object",
+      description: 'Pass an object like { inputEncoding: "base64url" }'
+    });
+  }
+  const inputEncoding = options.inputEncoding ?? "base64url";
+  if (!CIPHER_ENCODING.includes(inputEncoding)) {
+    return $err({
+      message: `node decrypt: Unsupported input encoding: ${inputEncoding}`,
+      description: "Use base64, base64url, or hex"
+    });
+  }
+  const [iv, cipher, tag] = encrypted.split(".", 4);
+  const injectedKey = $isNodeSecretKey(secretKey);
+  if (!injectedKey) {
+    return $err({
+      message: "node decrypt: Invalid secret key",
+      description: "Expected a NodeSecretKey created by nodeKit.createSecretKey()"
+    });
+  }
+  const ivBytes = $convertStrToBytes(iv, inputEncoding);
+  const cipherBytes = $convertStrToBytes(cipher, inputEncoding);
+  const tagBytes = $convertStrToBytes(tag, inputEncoding);
+  if (ivBytes.error || cipherBytes.error || tagBytes.error) {
+    return $err({
+      message: "node decrypt: Failed to decode input",
+      description: `Conversion error: ${$fmtResultErr(ivBytes.error || cipherBytes.error || tagBytes.error)}`
+    });
+  }
+  if (ivBytes.result.byteLength !== GCM_IV_LENGTH) {
+    return $err({
+      message: "node decrypt: Invalid IV length",
+      description: `Expected ${GCM_IV_LENGTH} bytes, got ${ivBytes.result.byteLength}`
+    });
+  }
+  if (tagBytes.result.byteLength !== GCM_TAG_BYTES) {
+    return $err({
+      message: "node decrypt: Invalid auth tag length",
+      description: `Expected ${GCM_TAG_BYTES} bytes, got ${tagBytes.result.byteLength}`
+    });
+  }
+  let decrypted;
+  try {
+    const decipher = nodeCrypto3.createDecipheriv(injectedKey.injected.node, injectedKey.key, ivBytes.result);
+    decipher.setAuthTag(tagBytes.result);
+    decrypted = Buffer$1.concat([decipher.update(cipherBytes.result), decipher.final()]);
+    return $convertBytesToStr(decrypted, "utf8");
+  } catch (error) {
+    return $err({ message: "node decrypt: Failed to decrypt data", description: $fmtError(error) });
+  } finally {
+    decrypted?.fill(0);
+  }
+}
+function $encryptObj(data, secretKey, options) {
+  const { result, error } = $stringifyObj(data);
+  if (error) return $err(error);
+  return $encrypt(result, secretKey, options);
+}
+function $decryptObj(encrypted, secretKey, options) {
+  const { result, error } = $decrypt(encrypted, secretKey, options);
+  if (error) return $err(error);
+  return $parseToObj(result);
+}
+function $hash(data, options = {}) {
+  if (!$isStr(data)) {
+    return $err({
+      message: "node hash: Data must be a non-empty string",
+      description: "Received empty or non-string value"
+    });
+  }
+  if (!$isPlainObj(options)) {
+    return $err({
+      message: "node hash: Options must be a plain object",
+      description: 'Pass an object like { digest: "sha256" }'
+    });
+  }
+  const outputEncoding = options.outputEncoding ?? "base64url";
+  if (!CIPHER_ENCODING.includes(outputEncoding)) {
+    return $err({
+      message: `node hash: Unsupported output encoding: ${outputEncoding}`,
+      description: "Use base64, base64url, or hex"
+    });
+  }
+  const digest = options.digest ?? "sha256";
+  if (!(digest in DIGEST_ALGORITHMS)) {
+    return $err({
+      message: `node hash: Unsupported digest: ${digest}`,
+      description: `Supported digests are: ${Object.keys(DIGEST_ALGORITHMS).join(", ")}`
+    });
+  }
+  const digestAlgo = DIGEST_ALGORITHMS[digest];
+  const { result, error } = $convertStrToBytes(data, "utf8");
+  if (error) return $err(error);
+  try {
+    const hashed = nodeCrypto3.createHash(digestAlgo.node).update(result).digest();
+    return $convertBytesToStr(hashed, outputEncoding);
+  } catch (error2) {
+    return $err({ message: "node hash: Failed to hash data", description: $fmtError(error2) });
+  }
+}
+function $hashPassword(password, options) {
+  const validated = $validateHashPasswordOptions(password, options, "node");
+  if (validated.error) return $err(validated.error);
+  const { digestAlgo, outputEncoding, saltLength, iterations, keyLength } = validated;
+  const salt = nodeCrypto3.randomBytes(saltLength);
+  const hash2 = nodeCrypto3.pbkdf2Sync(password.normalize("NFKC"), salt, iterations, keyLength, digestAlgo.node);
+  try {
+    const saltStr = $convertBytesToStr(salt, outputEncoding);
+    if (saltStr.error) return $err(saltStr.error);
+    const hashStr = $convertBytesToStr(hash2, outputEncoding);
+    if (hashStr.error) return $err(hashStr.error);
+    return $ok({ result: hashStr.result, salt: saltStr.result });
+  } catch (error) {
+    return $err({ message: "node hashPassword: Failed to hash password", description: $fmtError(error) });
+  } finally {
+    salt.fill(0);
+    hash2.fill(0);
+  }
+}
+function $verifyPassword(password, hashedPassword, salt, options) {
+  const validated = $validateVerifyPasswordOptions(password, hashedPassword, salt, options, "node");
+  if (validated.error) return $err(validated.error);
+  const { digestAlgo, inputEncoding, iterations, keyLength } = validated;
+  const saltBytes = $convertStrToBytes(salt, inputEncoding);
+  if (saltBytes.error) return $err(saltBytes.error);
+  const hashedPasswordBytes = $convertStrToBytes(hashedPassword, inputEncoding);
+  if (hashedPasswordBytes.error) return $err(hashedPasswordBytes.error);
+  if (hashedPasswordBytes.result.byteLength !== keyLength) return $ok(false);
+  try {
+    const derived = nodeCrypto3.pbkdf2Sync(
+      password.normalize("NFKC"),
+      saltBytes.result,
+      iterations,
+      keyLength,
+      digestAlgo.node
+    );
+    const expected = hashedPasswordBytes.result;
+    const left = Buffer$1.alloc(keyLength);
+    const right = Buffer$1.alloc(keyLength);
+    derived.copy(left);
+    expected.copy(right);
+    try {
+      const matches = nodeCrypto3.timingSafeEqual(left, right);
+      return $ok(matches);
+    } finally {
+      left.fill(0);
+      right.fill(0);
+      derived.fill(0);
+    }
+  } catch (error) {
+    return $err({ message: "node verifyPassword: Verification failed", description: $fmtError(error) });
+  } finally {
+    saltBytes.result.fill(0);
+    hashedPasswordBytes.result.fill(0);
+  }
+}
+
+// src/node/kit.ts
+function isNodeSecretKey(x) {
+  return $isNodeSecretKey(x) !== null;
+}
+function tryGenerateUuid() {
+  try {
+    return $ok(nodeCrypto3.randomUUID());
+  } catch (error) {
+    return $err({ message: "node generateUuid: Failed to generate UUID", description: $fmtError(error) });
+  }
+}
+function generateUuid() {
+  return nodeCrypto3.randomUUID();
+}
+function tryCreateSecretKey(secret, options = {}) {
+  return $createSecretKey(secret, options);
+}
+function createSecretKey(secret, options = {}) {
+  const { result, error } = $createSecretKey(secret, options);
+  if (error) throw new Error($fmtResultErr(error));
+  return result;
+}
+function tryEncrypt(data, secretKey, options = {}) {
+  return $encrypt(data, secretKey, options);
+}
+function encrypt(data, secretKey, options = {}) {
+  const { result, error } = $encrypt(data, secretKey, options);
+  if (error) throw new Error($fmtResultErr(error));
+  return result;
+}
+function tryDecrypt(encrypted, secretKey, options = {}) {
+  return $decrypt(encrypted, secretKey, options);
+}
+function decrypt(encrypted, secretKey, options = {}) {
+  const { result, error } = $decrypt(encrypted, secretKey, options);
+  if (error) throw new Error($fmtResultErr(error));
+  return result;
+}
+function tryEncryptObj(obj, secretKey, options = {}) {
+  return $encryptObj(obj, secretKey, options);
+}
+function encryptObj(obj, secretKey, options = {}) {
+  const { result, error } = $encryptObj(obj, secretKey, options);
+  if (error) throw new Error($fmtResultErr(error));
+  return result;
+}
+function tryDecryptObj(encrypted, secretKey, options = {}) {
+  return $decryptObj(encrypted, secretKey, options);
+}
+function decryptObj(encrypted, secretKey, options = {}) {
+  const { result, error } = $decryptObj(encrypted, secretKey, options);
+  if (error) throw new Error($fmtResultErr(error));
+  return result;
+}
+function tryHash(data, options = {}) {
+  return $hash(data, options);
+}
+function hash(data, options = {}) {
+  const { result, error } = $hash(data, options);
+  if (error) throw new Error($fmtResultErr(error));
+  return result;
+}
+function tryHashPassword(password, options = {}) {
+  return $hashPassword(password, options);
+}
+function hashPassword(password, options = {}) {
+  const { result, salt, error } = $hashPassword(password, options);
+  if (error) throw new Error($fmtResultErr(error));
+  return { result, salt };
+}
+function tryVerifyPassword(password, hashedPassword, salt, options = {}) {
+  return $verifyPassword(password, hashedPassword, salt, options);
+}
+function verifyPassword(password, hashedPassword, salt, options = {}) {
+  const { result, error } = $verifyPassword(password, hashedPassword, salt, options);
+  if (error) throw new Error($fmtResultErr(error));
+  return result;
+}
+function tryConvertStrToBytes(data, inputEncoding = "utf8") {
+  return $convertStrToBytes(data, inputEncoding);
+}
+function convertStrToBytes(data, inputEncoding = "utf8") {
+  const { result, error } = $convertStrToBytes(data, inputEncoding);
+  if (error) throw new Error($fmtResultErr(error));
+  return result;
+}
+function tryConvertBytesToStr(data, outputEncoding = "utf8") {
+  return $convertBytesToStr(data, outputEncoding);
+}
+function convertBytesToStr(data, outputEncoding = "utf8") {
+  const { result, error } = $convertBytesToStr(data, outputEncoding);
+  if (error) throw new Error($fmtResultErr(error));
+  return result;
+}
+function tryConvertEncoding(data, from, to) {
+  return $convertEncoding(data, from, to);
+}
+function convertEncoding(data, from, to) {
+  const { result, error } = $convertEncoding(data, from, to);
+  if (error) throw new Error($fmtResultErr(error));
+  return result;
+}
+
+export { convertBytesToStr, convertEncoding, convertStrToBytes, createSecretKey, decrypt, decryptObj, encrypt, encryptObj, generateUuid, hash, hashPassword, isNodeSecretKey, kit_exports, tryConvertBytesToStr, tryConvertEncoding, tryConvertStrToBytes, tryCreateSecretKey, tryDecrypt, tryDecryptObj, tryEncrypt, tryEncryptObj, tryGenerateUuid, tryHash, tryHashPassword, tryVerifyPassword, verifyPassword };
+//# sourceMappingURL=chunk-X6MX4NDE.js.map
+//# sourceMappingURL=chunk-X6MX4NDE.js.map

package/dist/chunk-X6MX4NDE.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/node/kit.ts","../src/node/node-encode.ts","../src/node/node-secret-key.ts","../src/node/node-encrypt.ts","../src/node/node-hash.ts"],"names":["Buffer","nodeCrypto","error","hash"],"mappings":";;;;;AAAA,IAAA,WAAA,GAAA;AAAA,QAAA,CAAA,WAAA,EAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,eAAA,EAAA,MAAA,eAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,eAAA,EAAA,MAAA,eAAA;AAAA,EAAA,OAAA,EAAA,MAAA,OAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,OAAA,EAAA,MAAA,OAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,IAAA,EAAA,MAAA,IAAA;AAAA,EAAA,YAAA,EAAA,MAAA,YAAA;AAAA,EAAA,eAAA,EAAA,MAAA,eAAA;AAAA,EAAA,oBAAA,EAAA,MAAA,oBAAA;AAAA,EAAA,kBAAA,EAAA,MAAA,kBAAA;AAAA,EAAA,oBAAA,EAAA,MAAA,oBAAA;AAAA,EAAA,kBAAA,EAAA,MAAA,kBAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,UAAA,EAAA,MAAA,UAAA;AAAA,EAAA,aAAA,EAAA,MAAA,aAAA;AAAA,EAAA,eAAA,EAAA,MAAA,eAAA;AAAA,EAAA,OAAA,EAAA,MAAA,OAAA;AAAA,EAAA,eAAA,EAAA,MAAA,eAAA;AAAA,EAAA,iBAAA,EAAA,MAAA,iBAAA;AAAA,EAAA,cAAA,EAAA,MAAA;AAAA,CAAA,CAAA;ACKO,SAAS,kBAAA,CAAmB,IAAA,EAAc,aAAA,GAA0B,MAAA,EAAoC;AAC7G,EAAA,IAAI,OAAO,SAAS,QAAA,EAAU;AAC5B,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,wCAAA;AAAA,MACT,WAAA,EAAa,CAAA,kCAAA,EAAqC,OAAO,IAAI,CAAA;AAAA,KAC9D,CAAA;AAAA,EACH;AACA,EAAA,IAAI,CAAC,QAAA,CAAS,QAAA,CAAS,aAAa,CAAA,EAAG;AACrC,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,0CAA0C,aAAa,CAAA,CAAA;AAAA,MAChE,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AACA,EAAA,IAAI,kBAAkB,KAAA,EAAO;AAC3B,IAAA,MAAM,KAAA,GAAQ,OAAO,IAAA,CAAK,IAAI,IAAI,IAAA,CAAK,KAAA,CAAM,CAAC,CAAA,GAAI,IAAA;AAClD,IAAA,IAAI,KAAA,CAAM,SAAS,CAAA,KAAM,CAAA,IAAK,CAAC,gBAAA,CAAiB,IAAA,CAAK,KAAK,CAAA,EAAG;AAC3D,MAAA,OAAO,IAAA,CAAK;AAAA,QACV,OAAA,EAAS,qCAAA;AAAA,QACT,WAAA,EAAa;AAAA,OACd,CAAA;AAAA,IACH;AACA,IAAA,OAAO,GAAA,CAAI,EAAE,MAAA,EAAQA,QAAAA,CAAO,KAAK,KAAA,EAAO,KAAK,GAAG,CAAA;AAAA,EAClD;AACA,EAAA,IAAI,kBAAkB,QAAA,EAAU;AAC9B,IAAA,IAAI,CAAC,oEAAA,CAAqE,IAAA,CAAK,IAAI,CAAA,EAAG;AACpF,MAAA,OAAO,IAAA,CAAK;AAAA,QACV,OAAA,EAAS,wCAAA;AAAA,QACT,WAAA,EAAa;AAAA,OACd,CAAA;AAAA,IACH;AAAA,EACF;AACA,EAAA,IAAI,kBAAkB,WAAA,EAAa;AACjC,IAAA,IAAI,CAAC,wBAAA,CAAyB,IAAA,CAAK,IAAI,CAAA,IAAK,IAAA,CAAK,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA,CAAE,MAAA,GAAS,CAAA,KAAM,CAAA,EAAG;AACpF,MAAA,OAAO,IAAA,CAAK;AAAA,QACV,OAAA,EAAS,2CAAA;AAAA,QACT,WAAA,EAAa;AAAA,OACd,CAAA;AAAA,IACH;AAAA,EACF;AACA,EAAA,IAAI;AACF,IAAA,OAAO,GAAA,CAAI,EAAE,MAAA,EAAQA,QAAAA,CAAO,KAAK,IAAA,EAAM,aAAa,GAAG,CAAA;AAAA,EACzD,SAAS,KAAA,EAAO;AACd,IAAA,OAAO,IAAA,CAAK,EAAE,OAAA,EAAS,yCAAA,EAA2C,aAAa,SAAA,CAAU,KAAK,GAAG,CAAA;AAAA,EACnG;AACF;AAEO,SAAS,kBAAA,CAAmB,IAAA,EAAc,cAAA,GAA2B,MAAA,EAAwB;AAClG,EAAA,IAAI,EAAE,gBAAgBA,QAAAA,CAAAA,EAAS;AAC7B,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,wCAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AACA,EAAA,IAAI,CAAC,QAAA,CAAS,QAAA,CAAS,cAAc,CAAA,EAAG;AACtC,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,0CAA0C,cAAc,CAAA,CAAA;AAAA,MACjE,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AACA,EAAA,IAAI;AACF,IAAA,OAAO,GAAA,CAAI,IAAA,CAAK,QAAA,CAAS,cAAc,CAAC,CAAA;AAAA,EAC1C,SAAS,KAAA,EAAO;AACd,IAAA,OAAO,IAAA,CAAK,EAAE,OAAA,EAAS,yCAAA,EAA2C,aAAa,SAAA,CAAU,KAAK,GAAG,CAAA;AAAA,EACnG;AACF;AAEO,SAAS,gBAAA,CAAiB,IAAA,EAAc,IAAA,EAAgB,EAAA,EAA8B;AAC3F,EAAA,IAAI,CAAC,MAAA,CAAO,IAAI,CAAA,EAAG;AACjB,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,uDAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,CAAC,SAAS,QAAA,CAAS,IAAI,KAAK,CAAC,QAAA,CAAS,QAAA,CAAS,EAAE,CAAA,EAAG;AACtD,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,CAAA,iDAAA,EAAoD,IAAI,CAAA,IAAA,EAAO,EAAE,CAAA,CAAA;AAAA,MAC1E,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,KAAA,GAAQ,kBAAA,CAAmB,IAAA,EAAM,IAAI,CAAA;AAC3C,EAAA,IAAI,KAAA,CAAM,KAAA,EAAO,OAAO,IAAA,CAAK,MAAM,KAAK,CAAA;AAExC,EAAA,MAAM,GAAA,GAAM,kBAAA,CAAmB,KAAA,CAAM,MAAA,EAAQ,EAAE,CAAA;AAC/C,EAAA,IAAI,GAAA,CAAI,KAAA,EAAO,OAAO,IAAA,CAAK,IAAI,KAAK,CAAA;AAEpC,EAAA,OAAO,GAAA,CAAI,IAAI,MAAM,CAAA;AACvB;AC7EO,SAAS,iBAAiB,CAAA,EAAkC;AACjE,EAAA,MAAM,IAAA,GAAO,sBAAA,CAAuB,CAAA,EAAG,MAAM,CAAA;AAC7C,EAAA,IAAI,CAAC,MAAM,OAAO,IAAA;AAElB,EAAA,IACE,EAAE,IAAA,CAAK,GAAA,CAAI,eAAeC,WAAA,CAAW,SAAA,CAAA,IACpC,OAAO,IAAA,CAAK,GAAA,CAAI,GAAA,CAAI,gBAAA,KAAqB,YAAY,IAAA,CAAK,GAAA,CAAI,IAAI,gBAAA,KAAqB,IAAA,CAAK,UAAU,QAAA,EACvG;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,CAAA;AACT;AAEO,SAAS,gBAAA,CAAiB,QAAgB,OAAA,EAAoE;AACnH,EAAA,MAAM,SAAA,GAAY,+BAAA,CAAgC,MAAA,EAAQ,OAAA,EAAS,MAAM,CAAA;AACzE,EAAA,IAAI,SAAA,CAAU,KAAA,EAAO,OAAO,IAAA,CAAK,UAAU,KAAK,CAAA;AAEhD,EAAA,MAAM,EAAE,SAAA,EAAW,MAAA,EAAQ,MAAM,IAAA,EAAM,WAAA,EAAa,YAAW,GAAI,SAAA;AAEnE,EAAA,IAAI;AACF,IAAA,MAAM,aAAa,MAAA,CAAO,IAAA;AAAA,MACxBA,WAAA,CAAW,QAAA;AAAA,QACT,UAAA,CAAW,IAAA;AAAA,QACX,MAAA,CAAO,UAAU,MAAM,CAAA;AAAA,QACvB,IAAA,CAAK,UAAU,MAAM,CAAA;AAAA,QACrB,IAAA,CAAK,UAAU,MAAM,CAAA;AAAA,QACrB,WAAA,CAAY;AAAA;AACd,KACF;AACA,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAMA,WAAA,CAAW,eAAA,CAAgB,UAAU,CAAA;AACjD,MAAA,MAAM,SAAA,GAAY,OAAO,MAAA,CAAO;AAAA,QAC9B,QAAA,EAAU,MAAA;AAAA,QACV,MAAA;AAAA,QACA,SAAA;AAAA,QACA,GAAA;AAAA,QACA,QAAA,EAAU;AAAA,OACX,CAAA;AAED,MAAA,OAAO,GAAA,CAAI,EAAE,MAAA,EAAQ,SAAA,EAAW,CAAA;AAAA,IAClC,CAAA,SAAE;AACA,MAAA,UAAA,CAAW,KAAK,CAAC,CAAA;AAAA,IACnB;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,OAAO,IAAA,CAAK,EAAE,OAAA,EAAS,4CAAA,EAA8C,aAAa,SAAA,CAAU,KAAK,GAAG,CAAA;AAAA,EACtG;AACF;;;AC3CO,SAAS,QAAA,CAAS,IAAA,EAAc,SAAA,EAA0B,OAAA,EAAyC;AACxG,EAAA,IAAI,CAAC,MAAA,CAAO,IAAI,CAAA,EAAG;AACjB,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,+CAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,CAAC,WAAA,CAA4B,OAAO,CAAA,EAAG;AACzC,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,8CAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,cAAA,GAAiB,QAAQ,cAAA,IAAkB,WAAA;AACjD,EAAA,IAAI,CAAC,eAAA,CAAgB,QAAA,CAAS,cAAc,CAAA,EAAG;AAC7C,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,8CAA8C,cAAc,CAAA,CAAA;AAAA,MACrE,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,WAAA,GAAc,iBAAiB,SAAS,CAAA;AAC9C,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,kCAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAM,GAAI,kBAAA,CAAmB,MAAM,MAAM,CAAA;AACzD,EAAA,IAAI,KAAA,EAAO,OAAO,IAAA,CAAK,KAAK,CAAA;AAE5B,EAAA,IAAI;AACF,IAAA,MAAM,EAAA,GAAKA,WAAAA,CAAW,WAAA,CAAY,aAAa,CAAA;AAC/C,IAAA,MAAM,MAAA,GAASA,YAAW,cAAA,CAAe,WAAA,CAAY,SAAS,IAAA,EAAM,WAAA,CAAY,KAAK,EAAE,CAAA;AACvF,IAAA,MAAM,SAAA,GAAYD,QAAAA,CAAO,MAAA,CAAO,CAAC,MAAA,CAAO,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,CAAO,KAAA,EAAO,CAAC,CAAA;AACvE,IAAA,MAAM,GAAA,GAAM,OAAO,UAAA,EAAW;AAE9B,IAAA,MAAM,KAAA,GAAQ,kBAAA,CAAmB,EAAA,EAAI,cAAc,CAAA;AACnD,IAAA,MAAM,SAAA,GAAY,kBAAA,CAAmB,SAAA,EAAW,cAAc,CAAA;AAC9D,IAAA,MAAM,MAAA,GAAS,kBAAA,CAAmB,GAAA,EAAK,cAAc,CAAA;AAErD,IAAA,IAAI,KAAA,CAAM,KAAA,IAAS,SAAA,CAAU,KAAA,IAAS,OAAO,KAAA,EAAO;AAClD,MAAA,OAAO,IAAA,CAAK;AAAA,QACV,OAAA,EAAS,uCAAA;AAAA,QACT,WAAA,EAAa,qBAAqB,aAAA,CAAc,KAAA,CAAM,SAAS,SAAA,CAAU,KAAA,IAAS,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,OAChG,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,GAAA,CAAI,CAAA,EAAG,KAAA,CAAM,MAAM,CAAA,CAAA,EAAI,UAAU,MAAM,CAAA,CAAA,EAAI,MAAA,CAAO,MAAM,CAAA,CAAA,CAAG,CAAA;AAAA,EACpE,SAASE,MAAAA,EAAO;AACd,IAAA,OAAO,IAAA,CAAK,EAAE,OAAA,EAAS,sCAAA,EAAwC,aAAa,SAAA,CAAUA,MAAK,GAAG,CAAA;AAAA,EAChG,CAAA,SAAE;AACA,IAAA,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,EACf;AACF;AAEO,SAAS,QAAA,CAAS,SAAA,EAAmB,SAAA,EAA0B,OAAA,EAAyC;AAC7G,EAAA,IAAI,CAAC,qBAAA,CAAsB,SAAS,CAAA,EAAG;AACrC,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,6CAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,CAAC,WAAA,CAA4B,OAAO,CAAA,EAAG;AACzC,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,8CAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,aAAA,GAAgB,QAAQ,aAAA,IAAiB,WAAA;AAC/C,EAAA,IAAI,CAAC,eAAA,CAAgB,QAAA,CAAS,aAAa,CAAA,EAAG;AAC5C,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,6CAA6C,aAAa,CAAA,CAAA;AAAA,MACnE,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,CAAC,IAAI,MAAA,EAAQ,GAAG,IAAI,SAAA,CAAU,KAAA,CAAM,KAAK,CAAC,CAAA;AAEhD,EAAA,MAAM,WAAA,GAAc,iBAAiB,SAAS,CAAA;AAC9C,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,kCAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,OAAA,GAAU,kBAAA,CAAmB,EAAA,EAAI,aAAa,CAAA;AACpD,EAAA,MAAM,WAAA,GAAc,kBAAA,CAAmB,MAAA,EAAQ,aAAa,CAAA;AAC5D,EAAA,MAAM,QAAA,GAAW,kBAAA,CAAmB,GAAA,EAAK,aAAa,CAAA;AAEtD,EAAA,IAAI,OAAA,CAAQ,KAAA,IAAS,WAAA,CAAY,KAAA,IAAS,SAAS,KAAA,EAAO;AACxD,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,sCAAA;AAAA,MACT,WAAA,EAAa,qBAAqB,aAAA,CAAc,OAAA,CAAQ,SAAS,WAAA,CAAY,KAAA,IAAS,QAAA,CAAS,KAAK,CAAC,CAAA;AAAA,KACtG,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,OAAA,CAAQ,MAAA,CAAO,UAAA,KAAe,aAAA,EAAe;AAC/C,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,iCAAA;AAAA,MACT,aAAa,CAAA,SAAA,EAAY,aAAa,CAAA,YAAA,EAAe,OAAA,CAAQ,OAAO,UAAU,CAAA;AAAA,KAC/E,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,QAAA,CAAS,MAAA,CAAO,UAAA,KAAe,aAAA,EAAe;AAChD,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,uCAAA;AAAA,MACT,aAAa,CAAA,SAAA,EAAY,aAAa,CAAA,YAAA,EAAe,QAAA,CAAS,OAAO,UAAU,CAAA;AAAA,KAChF,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,SAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAWD,YAAW,gBAAA,CAAiB,WAAA,CAAY,SAAS,IAAA,EAAM,WAAA,CAAY,GAAA,EAAK,OAAA,CAAQ,MAAM,CAAA;AACvG,IAAA,QAAA,CAAS,UAAA,CAAW,SAAS,MAAM,CAAA;AACnC,IAAA,SAAA,GAAYD,QAAAA,CAAO,MAAA,CAAO,CAAC,QAAA,CAAS,MAAA,CAAO,WAAA,CAAY,MAAM,CAAA,EAAG,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AAEjF,IAAA,OAAO,kBAAA,CAAmB,WAAW,MAAM,CAAA;AAAA,EAC7C,SAAS,KAAA,EAAO;AACd,IAAA,OAAO,IAAA,CAAK,EAAE,OAAA,EAAS,sCAAA,EAAwC,aAAa,SAAA,CAAU,KAAK,GAAG,CAAA;AAAA,EAChG,CAAA,SAAE;AACA,IAAA,SAAA,EAAW,KAAK,CAAC,CAAA;AAAA,EACnB;AACF;AAEO,SAAS,WAAA,CACd,IAAA,EACA,SAAA,EACA,OAAA,EACgB;AAChB,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAM,GAAI,cAAc,IAAI,CAAA;AAC5C,EAAA,IAAI,KAAA,EAAO,OAAO,IAAA,CAAK,KAAK,CAAA;AAC5B,EAAA,OAAO,QAAA,CAAS,MAAA,EAAQ,SAAA,EAAW,OAAO,CAAA;AAC5C;AAEO,SAAS,WAAA,CACd,SAAA,EACA,SAAA,EACA,OAAA,EACuB;AACvB,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,KAAU,QAAA,CAAS,SAAA,EAAW,WAAW,OAAO,CAAA;AAChE,EAAA,IAAI,KAAA,EAAO,OAAO,IAAA,CAAK,KAAK,CAAA;AAC5B,EAAA,OAAO,YAAe,MAAM,CAAA;AAC9B;AChKO,SAAS,KAAA,CAAM,IAAA,EAAc,OAAA,GAAuB,EAAC,EAAmB;AAC7E,EAAA,IAAI,CAAC,MAAA,CAAO,IAAI,CAAA,EAAG;AACjB,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,4CAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,IAAI,CAAC,WAAA,CAAyB,OAAO,CAAA,EAAG;AACtC,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,2CAAA;AAAA,MACT,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,cAAA,GAAiB,QAAQ,cAAA,IAAkB,WAAA;AACjD,EAAA,IAAI,CAAC,eAAA,CAAgB,QAAA,CAAS,cAAc,CAAA,EAAG;AAC7C,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,2CAA2C,cAAc,CAAA,CAAA;AAAA,MAClE,WAAA,EAAa;AAAA,KACd,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,MAAA,GAAS,QAAQ,MAAA,IAAU,QAAA;AACjC,EAAA,IAAI,EAAE,UAAU,iBAAA,CAAA,EAAoB;AAClC,IAAA,OAAO,IAAA,CAAK;AAAA,MACV,OAAA,EAAS,kCAAkC,MAAM,CAAA,CAAA;AAAA,MACjD,WAAA,EAAa,0BAA0B,MAAA,CAAO,IAAA,CAAK,iBAAiB,CAAA,CAAE,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,KACjF,CAAA;AAAA,EACH;AACA,EAAA,MAAM,UAAA,GAAa,kBAAkB,MAAM,CAAA;AAE3C,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAM,GAAI,kBAAA,CAAmB,MAAM,MAAM,CAAA;AACzD,EAAA,IAAI,KAAA,EAAO,OAAO,IAAA,CAAK,KAAK,CAAA;AAE5B,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAASC,YAAW,UAAA,CAAW,UAAA,CAAW,IAAI,CAAA,CAAE,MAAA,CAAO,MAAM,CAAA,CAAE,MAAA,EAAO;AAC5E,IAAA,OAAO,kBAAA,CAAmB,QAAQ,cAAc,CAAA;AAAA,EAClD,SAASC,MAAAA,EAAO;AACd,IAAA,OAAO,IAAA,CAAK,EAAE,OAAA,EAAS,gCAAA,EAAkC,aAAa,SAAA,CAAUA,MAAK,GAAG,CAAA;AAAA,EAC1F;AACF;AAEO,SAAS,aAAA,CACd,UACA,OAAA,EAC0C;AAC1C,EAAA,MAAM,SAAA,GAAY,4BAAA,CAA6B,QAAA,EAAU,OAAA,EAAS,MAAM,CAAA;AACxE,EAAA,IAAI,SAAA,CAAU,KAAA,EAAO,OAAO,IAAA,CAAK,UAAU,KAAK,CAAA;AAEhD,EAAA,MAAM,EAAE,UAAA,EAAY,cAAA,EAAgB,UAAA,EAAY,UAAA,EAAY,WAAU,GAAI,SAAA;AAE1E,EAAA,MAAM,IAAA,GAAOD,WAAAA,CAAW,WAAA,CAAY,UAAU,CAAA;AAC9C,EAAA,MAAME,KAAAA,GAAOF,WAAAA,CAAW,UAAA,CAAW,QAAA,CAAS,SAAA,CAAU,MAAM,CAAA,EAAG,IAAA,EAAM,UAAA,EAAY,SAAA,EAAW,UAAA,CAAW,IAAI,CAAA;AAE3G,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,GAAU,kBAAA,CAAmB,IAAA,EAAM,cAAc,CAAA;AACvD,IAAA,IAAI,OAAA,CAAQ,KAAA,EAAO,OAAO,IAAA,CAAK,QAAQ,KAAK,CAAA;AAE5C,IAAA,MAAM,OAAA,GAAU,kBAAA,CAAmBE,KAAAA,EAAM,cAAc,CAAA;AACvD,IAAA,IAAI,OAAA,CAAQ,KAAA,EAAO,OAAO,IAAA,CAAK,QAAQ,KAAK,CAAA;AAE5C,IAAA,OAAO,GAAA,CAAI,EAAE,MAAA,EAAQ,OAAA,CAAQ,QAAQ,IAAA,EAAM,OAAA,CAAQ,QAAQ,CAAA;AAAA,EAC7D,SAAS,KAAA,EAAO;AACd,IAAA,OAAO,IAAA,CAAK,EAAE,OAAA,EAAS,4CAAA,EAA8C,aAAa,SAAA,CAAU,KAAK,GAAG,CAAA;AAAA,EACtG,CAAA,SAAE;AACA,IAAA,IAAA,CAAK,KAAK,CAAC,CAAA;AACX,IAAAA,KAAAA,CAAK,KAAK,CAAC,CAAA;AAAA,EACb;AACF;AAEO,SAAS,eAAA,CACd,QAAA,EACA,cAAA,EACA,IAAA,EACA,OAAA,EACiB;AACjB,EAAA,MAAM,YAAY,8BAAA,CAA+B,QAAA,EAAU,cAAA,EAAgB,IAAA,EAAM,SAAS,MAAM,CAAA;AAChG,EAAA,IAAI,SAAA,CAAU,KAAA,EAAO,OAAO,IAAA,CAAK,UAAU,KAAK,CAAA;AAEhD,EAAA,MAAM,EAAE,UAAA,EAAY,aAAA,EAAe,UAAA,EAAY,WAAU,GAAI,SAAA;AAE7D,EAAA,MAAM,SAAA,GAAY,kBAAA,CAAmB,IAAA,EAAM,aAAa,CAAA;AACxD,EAAA,IAAI,SAAA,CAAU,KAAA,EAAO,OAAO,IAAA,CAAK,UAAU,KAAK,CAAA;AAEhD,EAAA,MAAM,mBAAA,GAAsB,kBAAA,CAAmB,cAAA,EAAgB,aAAa,CAAA;AAC5E,EAAA,IAAI,mBAAA,CAAoB,KAAA,EAAO,OAAO,IAAA,CAAK,oBAAoB,KAAK,CAAA;AAEpE,EAAA,IAAI,oBAAoB,MAAA,CAAO,UAAA,KAAe,SAAA,EAAW,OAAO,IAAI,KAAK,CAAA;AAEzE,EAAA,IAAI;AACF,IAAA,MAAM,UAAUF,WAAAA,CAAW,UAAA;AAAA,MACzB,QAAA,CAAS,UAAU,MAAM,CAAA;AAAA,MACzB,SAAA,CAAU,MAAA;AAAA,MACV,UAAA;AAAA,MACA,SAAA;AAAA,MACA,UAAA,CAAW;AAAA,KACb;AAEA,IAAA,MAAM,WAAW,mBAAA,CAAoB,MAAA;AAErC,IAAA,MAAM,IAAA,GAAOD,QAAAA,CAAO,KAAA,CAAM,SAAS,CAAA;AACnC,IAAA,MAAM,KAAA,GAAQA,QAAAA,CAAO,KAAA,CAAM,SAAS,CAAA;AACpC,IAAA,OAAA,CAAQ,KAAK,IAAI,CAAA;AACjB,IAAA,QAAA,CAAS,KAAK,KAAK,CAAA;AAEnB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAUC,WAAAA,CAAW,eAAA,CAAgB,IAAA,EAAM,KAAK,CAAA;AACtD,MAAA,OAAO,IAAI,OAAO,CAAA;AAAA,IACpB,CAAA,SAAE;AACA,MAAA,IAAA,CAAK,KAAK,CAAC,CAAA;AACX,MAAA,KAAA,CAAM,KAAK,CAAC,CAAA;AACZ,MAAA,OAAA,CAAQ,KAAK,CAAC,CAAA;AAAA,IAChB;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,OAAO,IAAA,CAAK,EAAE,OAAA,EAAS,0CAAA,EAA4C,aAAa,SAAA,CAAU,KAAK,GAAG,CAAA;AAAA,EACpG,CAAA,SAAE;AACA,IAAA,SAAA,CAAU,MAAA,CAAO,KAAK,CAAC,CAAA;AACvB,IAAA,mBAAA,CAAoB,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,EACnC;AACF;;;AJnGO,SAAS,gBAAgB,CAAA,EAAgC;AAC9D,EAAA,OAAO,gBAAA,CAAiB,CAAC,CAAA,KAAM,IAAA;AACjC;AAQO,SAAS,eAAA,GAAkC;AAChD,EAAA,IAAI;AACF,IAAA,OAAO,GAAA,CAAIA,WAAAA,CAAW,UAAA,EAAY,CAAA;AAAA,EACpC,SAAS,KAAA,EAAO;AACd,IAAA,OAAO,IAAA,CAAK,EAAE,OAAA,EAAS,4CAAA,EAA8C,aAAa,SAAA,CAAU,KAAK,GAAG,CAAA;AAAA,EACtG;AACF;AAeO,SAAS,YAAA,GAAuB;AACrC,EAAA,OAAOA,YAAW,UAAA,EAAW;AAC/B;AAQO,SAAS,kBAAA,CACd,MAAA,EACA,OAAA,GAAkC,EAAC,EACA;AACnC,EAAA,OAAO,gBAAA,CAAiB,QAAQ,OAAO,CAAA;AACzC;AAoBO,SAAS,eAAA,CAAgB,MAAA,EAAgB,OAAA,GAAkC,EAAC,EAAkB;AACnG,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAM,GAAI,gBAAA,CAAiB,QAAQ,OAAO,CAAA;AAC1D,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAM,aAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQO,SAAS,UAAA,CAAW,IAAA,EAAc,SAAA,EAA0B,OAAA,GAA0B,EAAC,EAAmB;AAC/G,EAAA,OAAO,QAAA,CAAS,IAAA,EAAM,SAAA,EAAW,OAAO,CAAA;AAC1C;AAwBO,SAAS,OAAA,CAAQ,IAAA,EAAc,SAAA,EAA0B,OAAA,GAA0B,EAAC,EAAW;AACpG,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,KAAU,QAAA,CAAS,IAAA,EAAM,WAAW,OAAO,CAAA;AAC3D,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAM,aAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQO,SAAS,UAAA,CAAW,SAAA,EAAmB,SAAA,EAA0B,OAAA,GAA0B,EAAC,EAAmB;AACpH,EAAA,OAAO,QAAA,CAAS,SAAA,EAAW,SAAA,EAAW,OAAO,CAAA;AAC/C;AAwBO,SAAS,OAAA,CAAQ,SAAA,EAAmB,SAAA,EAA0B,OAAA,GAA0B,EAAC,EAAW;AACzG,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,KAAU,QAAA,CAAS,SAAA,EAAW,WAAW,OAAO,CAAA;AAChE,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAM,aAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQO,SAAS,aAAA,CACd,GAAA,EACA,SAAA,EACA,OAAA,GAA0B,EAAC,EACX;AAChB,EAAA,OAAO,WAAA,CAAY,GAAA,EAAK,SAAA,EAAW,OAAO,CAAA;AAC5C;AAuBO,SAAS,UAAA,CACd,GAAA,EACA,SAAA,EACA,OAAA,GAA0B,EAAC,EACnB;AACR,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,KAAU,WAAA,CAAY,GAAA,EAAK,WAAW,OAAO,CAAA;AAC7D,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAM,aAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQO,SAAS,aAAA,CACd,SAAA,EACA,SAAA,EACA,OAAA,GAA0B,EAAC,EACJ;AACvB,EAAA,OAAO,WAAA,CAAe,SAAA,EAAW,SAAA,EAAW,OAAO,CAAA;AACrD;AAuBO,SAAS,UAAA,CACd,SAAA,EACA,SAAA,EACA,OAAA,GAA0B,EAAC,EACxB;AACH,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,KAAU,WAAA,CAAe,SAAA,EAAW,WAAW,OAAO,CAAA;AACtE,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAM,aAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQO,SAAS,OAAA,CAAQ,IAAA,EAAc,OAAA,GAAuB,EAAC,EAAmB;AAC/E,EAAA,OAAO,KAAA,CAAM,MAAM,OAAO,CAAA;AAC5B;AAiBO,SAAS,IAAA,CAAK,IAAA,EAAc,OAAA,GAAuB,EAAC,EAAW;AACpE,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAM,GAAI,KAAA,CAAM,MAAM,OAAO,CAAA;AAC7C,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAM,aAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQO,SAAS,eAAA,CACd,QAAA,EACA,OAAA,GAA+B,EAAC,EACU;AAC1C,EAAA,OAAO,aAAA,CAAc,UAAU,OAAO,CAAA;AACxC;AAwBO,SAAS,YAAA,CAAa,QAAA,EAAkB,OAAA,GAA+B,EAAC,EAAqC;AAClH,EAAA,MAAM,EAAE,MAAA,EAAQ,IAAA,EAAM,OAAM,GAAI,aAAA,CAAc,UAAU,OAAO,CAAA;AAC/D,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAM,aAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,EAAE,QAAQ,IAAA,EAAK;AACxB;AAQO,SAAS,kBACd,QAAA,EACA,cAAA,EACA,IAAA,EACA,OAAA,GAAiC,EAAC,EACjB;AACjB,EAAA,OAAO,eAAA,CAAgB,QAAA,EAAU,cAAA,EAAgB,IAAA,EAAM,OAAO,CAAA;AAChE;AA8BO,SAAS,eACd,QAAA,EACA,cAAA,EACA,IAAA,EACA,OAAA,GAAiC,EAAC,EACzB;AACT,EAAA,MAAM,EAAE,QAAQ,KAAA,EAAM,GAAI,gBAAgB,QAAA,EAAU,cAAA,EAAgB,MAAM,OAAO,CAAA;AACjF,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAM,aAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQO,SAAS,oBAAA,CAAqB,IAAA,EAAc,aAAA,GAA0B,MAAA,EAAoC;AAC/G,EAAA,OAAO,kBAAA,CAAmB,MAAM,aAAa,CAAA;AAC/C;AAiBO,SAAS,iBAAA,CAAkB,IAAA,EAAc,aAAA,GAA0B,MAAA,EAAgB;AACxF,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAM,GAAI,kBAAA,CAAmB,MAAM,aAAa,CAAA;AAChE,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAM,aAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQO,SAAS,oBAAA,CAAqB,IAAA,EAAc,cAAA,GAA2B,MAAA,EAAwB;AACpG,EAAA,OAAO,kBAAA,CAAmB,MAAM,cAAc,CAAA;AAChD;AAkBO,SAAS,iBAAA,CAAkB,IAAA,EAAc,cAAA,GAA2B,MAAA,EAAgB;AACzF,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAM,GAAI,kBAAA,CAAmB,MAAM,cAAc,CAAA;AACjE,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAM,aAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT;AAQO,SAAS,kBAAA,CAAmB,IAAA,EAAc,IAAA,EAAgB,EAAA,EAA8B;AAC7F,EAAA,OAAO,gBAAA,CAAiB,IAAA,EAAM,IAAA,EAAM,EAAE,CAAA;AACxC;AAkBO,SAAS,eAAA,CAAgB,IAAA,EAAc,IAAA,EAAgB,EAAA,EAAsB;AAClF,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,KAAU,gBAAA,CAAiB,IAAA,EAAM,MAAM,EAAE,CAAA;AACzD,EAAA,IAAI,OAAO,MAAM,IAAI,KAAA,CAAM,aAAA,CAAc,KAAK,CAAC,CAAA;AAC/C,EAAA,OAAO,MAAA;AACT","file":"chunk-X6MX4NDE.js","sourcesContent":["import type { Buffer } from \"node:buffer\";\nimport nodeCrypto from \"node:crypto\";\nimport { $err, $fmtError, $fmtResultErr, $ok, type Result } from \"@internal/helpers\";\nimport type {\n  CreateSecretKeyOptions,\n  DecryptOptions,\n  Encoding,\n  EncryptOptions,\n  HashOptions,\n  HashPasswordOptions,\n  VerifyPasswordOptions,\n} from \"~/helpers/types.js\";\nimport { $convertBytesToStr, $convertEncoding, $convertStrToBytes } from \"./node-encode.js\";\nimport { $decrypt, $decryptObj, $encrypt, $encryptObj } from \"./node-encrypt.js\";\nimport { $hash, $hashPassword, $verifyPassword } from \"./node-hash.js\";\nimport { $createSecretKey, $isNodeSecretKey, type NodeSecretKey } from \"./node-secret-key.js\";\n\n/**\n * Checks whether a value is a `NodeSecretKey` for the Node.js platform.\n *\n * @param x - The value to check.\n * @returns `true` if `x` is a `NodeSecretKey`.\n *\n * @example\n * ```ts\n * isNodeSecretKey(nodeKey); // true\n * isNodeSecretKey({});      // false\n * ```\n */\nexport function isNodeSecretKey(x: unknown): x is NodeSecretKey {\n  return $isNodeSecretKey(x) !== null;\n}\n\n/**\n * Generates a UUID (v4) (non-throwing).\n *\n * @returns `Result<string>` with the UUID or error.\n * @see {@link generateUuid} For full parameter/behavior docs.\n */\nexport function tryGenerateUuid(): Result<string> {\n  try {\n    return $ok(nodeCrypto.randomUUID());\n  } catch (error) {\n    return $err({ message: \"node generateUuid: Failed to generate UUID\", description: $fmtError(error) });\n  }\n}\n\n/**\n * Generates a cryptographically random UUID (v4).\n *\n * @returns A UUID string.\n * @throws {Error} If UUID generation fails.\n *\n * @example\n * ```ts\n * const uuid = generateUuid();\n * ```\n *\n * @see {@link tryGenerateUuid} Non-throwing variant returning `Result<string>`.\n */\nexport function generateUuid(): string {\n  return nodeCrypto.randomUUID();\n}\n\n/**\n * Derives a `NodeSecretKey` from a high-entropy secret (non-throwing).\n *\n * @returns `Result<{ result: NodeSecretKey }>` with the derived key or error.\n * @see {@link createSecretKey} For full parameter/behavior docs.\n */\nexport function tryCreateSecretKey(\n  secret: string,\n  options: CreateSecretKeyOptions = {},\n): Result<{ result: NodeSecretKey }> {\n  return $createSecretKey(secret, options);\n}\n\n/**\n * Derives a `NodeSecretKey` from a high-entropy secret for encryption/decryption.\n *\n * @remarks\n * Uses HKDF to derive a symmetric key from the input string.\n *\n * @param secret - High-entropy secret (min 8 chars). For human-chosen passwords, use {@link hashPassword} instead.\n * @param options - Key derivation options.\n * @returns The derived `NodeSecretKey`.\n * @throws {Error} If key derivation fails.\n *\n * @example\n * ```ts\n * const secretKey = createSecretKey(\"my-32-char-high-entropy-secret!!\");\n * ```\n *\n * @see {@link tryCreateSecretKey} Non-throwing variant returning `Result`.\n */\nexport function createSecretKey(secret: string, options: CreateSecretKeyOptions = {}): NodeSecretKey {\n  const { result, error } = $createSecretKey(secret, options);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Encrypts a UTF-8 string (non-throwing).\n *\n * @returns `Result<string>` with the ciphertext or error.\n * @see {@link encrypt} For full parameter/behavior docs.\n */\nexport function tryEncrypt(data: string, secretKey: NodeSecretKey, options: EncryptOptions = {}): Result<string> {\n  return $encrypt(data, secretKey, options);\n}\n\n/**\n * Encrypts a UTF-8 string using the provided `NodeSecretKey`.\n *\n * @remarks\n * Output format: `\"iv.cipher.tag.\"` (three dot-separated base64url segments plus trailing dot).\n * Cross-platform compatible — data encrypted on Node can be decrypted on Web and vice versa.\n * AES-GCM uses random 96-bit IVs. Rotate keys before ~2^32 encryptions with the same key to avoid nonce collision.\n *\n * @param data - UTF-8 string to encrypt. Must be a non-empty string (whitespace-only strings are rejected).\n * @param secretKey - The `NodeSecretKey` used for encryption.\n * @param options - Encryption options.\n * @returns The encrypted string.\n * @throws {Error} If the input or key is invalid, or encryption fails.\n *\n * @example\n * ```ts\n * const secretKey = createSecretKey(\"my-secret\");\n * const encrypted = encrypt(\"Hello, World!\", secretKey);\n * ```\n *\n * @see {@link tryEncrypt} Non-throwing variant returning `Result<string>`.\n */\nexport function encrypt(data: string, secretKey: NodeSecretKey, options: EncryptOptions = {}): string {\n  const { result, error } = $encrypt(data, secretKey, options);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Decrypts a ciphertext string (non-throwing).\n *\n * @returns `Result<string>` with the plaintext or error.\n * @see {@link decrypt} For full parameter/behavior docs.\n */\nexport function tryDecrypt(encrypted: string, secretKey: NodeSecretKey, options: DecryptOptions = {}): Result<string> {\n  return $decrypt(encrypted, secretKey, options);\n}\n\n/**\n * Decrypts a ciphertext string using the provided `NodeSecretKey`.\n *\n * @remarks\n * Expects input in the format `\"iv.cipher.tag.\"`.\n * Cross-platform compatible — data encrypted on Web can be decrypted on Node and vice versa.\n *\n * @param encrypted - The encrypted string to decrypt.\n * @param secretKey - The `NodeSecretKey` used for decryption.\n * @param options - Decryption options.\n * @returns The decrypted UTF-8 string.\n * @throws {Error} If the input or key is invalid, or decryption fails.\n *\n * @example\n * ```ts\n * const secretKey = createSecretKey(\"my-secret\");\n * const encrypted = encrypt(\"Hello, World!\", secretKey);\n * const decrypted = decrypt(encrypted, secretKey); // \"Hello, World!\"\n * ```\n *\n * @see {@link tryDecrypt} Non-throwing variant returning `Result<string>`.\n */\nexport function decrypt(encrypted: string, secretKey: NodeSecretKey, options: DecryptOptions = {}): string {\n  const { result, error } = $decrypt(encrypted, secretKey, options);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Encrypts a plain object (non-throwing).\n *\n * @returns `Result<string>` with the ciphertext or error.\n * @see {@link encryptObj} For full parameter/behavior docs.\n */\nexport function tryEncryptObj<T extends object = Record<string, unknown>>(\n  obj: T,\n  secretKey: NodeSecretKey,\n  options: EncryptOptions = {},\n): Result<string> {\n  return $encryptObj(obj, secretKey, options);\n}\n\n/**\n * Encrypts a plain object using the provided `NodeSecretKey`.\n *\n * @remarks\n * Only plain objects (POJOs) are accepted; class instances, Maps, Sets, etc. are rejected.\n * Output format: `\"iv.cipher.tag.\"`.\n *\n * @param obj - Plain object to encrypt.\n * @param secretKey - The `NodeSecretKey` used for encryption.\n * @param options - Encryption options.\n * @returns The encrypted string.\n * @throws {Error} If the input or key is invalid, or encryption fails.\n *\n * @example\n * ```ts\n * const secretKey = createSecretKey(\"my-secret\");\n * const encrypted = encryptObj({ a: 1 }, secretKey);\n * ```\n *\n * @see {@link tryEncryptObj} Non-throwing variant returning `Result<string>`.\n */\nexport function encryptObj<T extends object = Record<string, unknown>>(\n  obj: T,\n  secretKey: NodeSecretKey,\n  options: EncryptOptions = {},\n): string {\n  const { result, error } = $encryptObj(obj, secretKey, options);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Decrypts an encrypted JSON string into a plain object (non-throwing).\n *\n * @returns `Result<{ result: T }>` with the object or error.\n * @see {@link decryptObj} For full parameter/behavior docs.\n */\nexport function tryDecryptObj<T extends object = Record<string, unknown>>(\n  encrypted: string,\n  secretKey: NodeSecretKey,\n  options: DecryptOptions = {},\n): Result<{ result: T }> {\n  return $decryptObj<T>(encrypted, secretKey, options);\n}\n\n/**\n * Decrypts an encrypted JSON string into a plain object.\n *\n * @remarks\n * Expects input in the format `\"iv.cipher.tag.\"`.\n *\n * @param encrypted - The encrypted string.\n * @param secretKey - The `NodeSecretKey` used for decryption.\n * @param options - Decryption options.\n * @returns The decrypted object.\n * @throws {Error} If decryption or JSON parsing fails.\n *\n * @example\n * ```ts\n * const secretKey = createSecretKey(\"my-secret\");\n * const encrypted = encryptObj({ a: 1 }, secretKey);\n * const obj = decryptObj<{ a: number }>(encrypted, secretKey); // obj.a === 1\n * ```\n *\n * @see {@link tryDecryptObj} Non-throwing variant returning `Result`.\n */\nexport function decryptObj<T extends object = Record<string, unknown>>(\n  encrypted: string,\n  secretKey: NodeSecretKey,\n  options: DecryptOptions = {},\n): T {\n  const { result, error } = $decryptObj<T>(encrypted, secretKey, options);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Hashes a UTF-8 string (non-throwing).\n *\n * @returns `Result<string>` with the hash or error.\n * @see {@link hash} For full parameter/behavior docs.\n */\nexport function tryHash(data: string, options: HashOptions = {}): Result<string> {\n  return $hash(data, options);\n}\n\n/**\n * Hashes a UTF-8 string using the specified digest algorithm.\n *\n * @param data - The input string to hash.\n * @param options - Hash options.\n * @returns The hashed string.\n * @throws {Error} If input is invalid or hashing fails.\n *\n * @example\n * ```ts\n * const hashed = hash(\"my data\");\n * ```\n *\n * @see {@link tryHash} Non-throwing variant returning `Result<string>`.\n */\nexport function hash(data: string, options: HashOptions = {}): string {\n  const { result, error } = $hash(data, options);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Hashes a password using PBKDF2 (non-throwing).\n *\n * @returns `Result<{ result: string; salt: string }>` with the hash/salt or error.\n * @see {@link hashPassword} For full parameter/behavior docs.\n */\nexport function tryHashPassword(\n  password: string,\n  options: HashPasswordOptions = {},\n): Result<{ result: string; salt: string }> {\n  return $hashPassword(password, options);\n}\n\n/**\n * Hashes a password using PBKDF2.\n *\n * @remarks\n * Defaults: `sha512`, 320 000 iterations, 64-byte key, 16-byte random salt.\n *\n * **Performance note:** Uses synchronous `pbkdf2Sync` which blocks the event loop\n * (~100-300 ms at default iterations). For server-side use under load, prefer the\n * Web Crypto API (async) via `webKit.hashPassword` instead.\n *\n * @param password - The password to hash.\n * @param options - Password hashing options.\n * @returns `{ result, salt }` for storage.\n * @throws {Error} If inputs are invalid or hashing fails.\n *\n * @example\n * ```ts\n * const { result, salt } = hashPassword(\"my-password\");\n * ```\n *\n * @see {@link tryHashPassword} Non-throwing variant returning `Result`.\n */\nexport function hashPassword(password: string, options: HashPasswordOptions = {}): { result: string; salt: string } {\n  const { result, salt, error } = $hashPassword(password, options);\n  if (error) throw new Error($fmtResultErr(error));\n  return { result, salt };\n}\n\n/**\n * Verifies a password against a stored PBKDF2 hash (non-throwing).\n *\n * @returns `Result<boolean>` — `true` if the password matches, `false` if not, or an error for invalid inputs/options.\n * @see {@link verifyPassword} For full parameter/behavior docs.\n */\nexport function tryVerifyPassword(\n  password: string,\n  hashedPassword: string,\n  salt: string,\n  options: VerifyPasswordOptions = {},\n): Result<boolean> {\n  return $verifyPassword(password, hashedPassword, salt, options);\n}\n\n/**\n * Verifies a password against a stored PBKDF2 hash.\n *\n * @remarks\n * Re-derives the key with the same parameters and compares in constant time to prevent timing attacks.\n * Throws for invalid inputs/options (bad encoding, wrong parameters, non-decodable salt/hash).\n * Returns `false` for password mismatch or length-mismatched hash.\n *\n * **Performance note:** Uses synchronous `pbkdf2Sync` which blocks the event loop\n * (~100-300 ms at default iterations). For server-side use under load, prefer the\n * Web Crypto API (async) via `webKit.verifyPassword` instead.\n *\n * @param password - The plain password to verify.\n * @param hashedPassword - The stored hash (encoded).\n * @param salt - The stored salt (encoded).\n * @param options - Verification options (must match the parameters used to hash).\n * @returns `true` if the password matches, otherwise `false`.\n * @throws {Error} If verification input/options are invalid.\n *\n * @example\n * ```ts\n * const { result, salt } = hashPassword(\"my-password\");\n * verifyPassword(\"my-password\", result, salt);    // true\n * verifyPassword(\"wrong-password\", result, salt); // false\n * ```\n *\n * @see {@link tryVerifyPassword} Non-throwing variant returning `Result<boolean>`.\n */\nexport function verifyPassword(\n  password: string,\n  hashedPassword: string,\n  salt: string,\n  options: VerifyPasswordOptions = {},\n): boolean {\n  const { result, error } = $verifyPassword(password, hashedPassword, salt, options);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Converts a string to a `Buffer` (non-throwing).\n *\n * @returns `Result<{ result: Buffer }>` with the buffer or error.\n * @see {@link convertStrToBytes} For full parameter/behavior docs.\n */\nexport function tryConvertStrToBytes(data: string, inputEncoding: Encoding = \"utf8\"): Result<{ result: Buffer }> {\n  return $convertStrToBytes(data, inputEncoding);\n}\n\n/**\n * Converts a string to a Node.js `Buffer` using the specified encoding.\n *\n * @param data - The input string to convert.\n * @param inputEncoding - Source encoding (default: `'utf8'`).\n * @returns A `Buffer` containing the bytes.\n * @throws {Error} If input is invalid or conversion fails.\n *\n * @example\n * ```ts\n * const bytes = convertStrToBytes(\"Hello\", \"utf8\");\n * ```\n *\n * @see {@link tryConvertStrToBytes} Non-throwing variant returning `Result`.\n */\nexport function convertStrToBytes(data: string, inputEncoding: Encoding = \"utf8\"): Buffer {\n  const { result, error } = $convertStrToBytes(data, inputEncoding);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Converts a `Buffer` to a string (non-throwing).\n *\n * @returns `Result<string>` with the encoded string or error.\n * @see {@link convertBytesToStr} For full parameter/behavior docs.\n */\nexport function tryConvertBytesToStr(data: Buffer, outputEncoding: Encoding = \"utf8\"): Result<string> {\n  return $convertBytesToStr(data, outputEncoding);\n}\n\n/**\n * Converts a Node.js `Buffer` to a string using the specified encoding.\n *\n * @param data - The `Buffer` to convert.\n * @param outputEncoding - Target encoding (default: `'utf8'`).\n * @returns The encoded string.\n * @throws {Error} If input is invalid or conversion fails.\n *\n * @example\n * ```ts\n * const bytes = convertStrToBytes(\"Hello\", \"utf8\");\n * const str = convertBytesToStr(bytes, \"utf8\"); // \"Hello\"\n * ```\n *\n * @see {@link tryConvertBytesToStr} Non-throwing variant returning `Result<string>`.\n */\nexport function convertBytesToStr(data: Buffer, outputEncoding: Encoding = \"utf8\"): string {\n  const { result, error } = $convertBytesToStr(data, outputEncoding);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n\n/**\n * Converts text between encodings (non-throwing).\n *\n * @returns `Result<string>` with the re-encoded string or error.\n * @see {@link convertEncoding} For full parameter/behavior docs.\n */\nexport function tryConvertEncoding(data: string, from: Encoding, to: Encoding): Result<string> {\n  return $convertEncoding(data, from, to);\n}\n\n/**\n * Converts text between encodings.\n *\n * @param data - The input string.\n * @param from - Current encoding of `data`.\n * @param to - Target encoding.\n * @returns The re-encoded string.\n * @throws {Error} If encodings are invalid or conversion fails.\n *\n * @example\n * ```ts\n * const encoded = convertEncoding(\"Hello\", \"utf8\", \"base64url\");\n * ```\n *\n * @see {@link tryConvertEncoding} Non-throwing variant returning `Result<string>`.\n */\nexport function convertEncoding(data: string, from: Encoding, to: Encoding): string {\n  const { result, error } = $convertEncoding(data, from, to);\n  if (error) throw new Error($fmtResultErr(error));\n  return result;\n}\n","import { Buffer } from \"node:buffer\";\nimport { $err, $fmtError, $isStr, $ok, type Result } from \"@internal/helpers\";\nimport { ENCODING } from \"~/helpers/consts.js\";\nimport type { Encoding } from \"~/helpers/types.js\";\n\nexport function $convertStrToBytes(data: string, inputEncoding: Encoding = \"utf8\"): Result<{ result: Buffer }> {\n  if (typeof data !== \"string\") {\n    return $err({\n      message: \"node strToBytes: Data must be a string\",\n      description: `Expected a string value, received ${typeof data}`,\n    });\n  }\n  if (!ENCODING.includes(inputEncoding)) {\n    return $err({\n      message: `node strToBytes: Unsupported encoding: ${inputEncoding}`,\n      description: \"Use base64, base64url, hex, utf8, or latin1\",\n    });\n  }\n  if (inputEncoding === \"hex\") {\n    const clean = /^0x/i.test(data) ? data.slice(2) : data;\n    if (clean.length % 2 !== 0 || !/^[0-9a-fA-F]*$/.test(clean)) {\n      return $err({\n        message: \"node strToBytes: Invalid hex string\",\n        description: \"Hex string contains non-hex characters or has odd length\",\n      });\n    }\n    return $ok({ result: Buffer.from(clean, \"hex\") });\n  }\n  if (inputEncoding === \"base64\") {\n    if (!/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}={2}|[A-Za-z0-9+/]{3}=)?$/.test(data)) {\n      return $err({\n        message: \"node strToBytes: Invalid base64 string\",\n        description: \"Base64 string contains invalid characters or has incorrect padding\",\n      });\n    }\n  }\n  if (inputEncoding === \"base64url\") {\n    if (!/^[A-Za-z0-9_-]*={0,2}$/.test(data) || data.replace(/=+$/, \"\").length % 4 === 1) {\n      return $err({\n        message: \"node strToBytes: Invalid base64url string\",\n        description: \"Base64url string contains invalid characters or has incorrect length\",\n      });\n    }\n  }\n  try {\n    return $ok({ result: Buffer.from(data, inputEncoding) });\n  } catch (error) {\n    return $err({ message: \"node strToBytes: Failed to convert data\", description: $fmtError(error) });\n  }\n}\n\nexport function $convertBytesToStr(data: Buffer, outputEncoding: Encoding = \"utf8\"): Result<string> {\n  if (!(data instanceof Buffer)) {\n    return $err({\n      message: \"node bytesToStr: Data must be a Buffer\",\n      description: \"Received a non-Buffer value\",\n    });\n  }\n  if (!ENCODING.includes(outputEncoding)) {\n    return $err({\n      message: `node bytesToStr: Unsupported encoding: ${outputEncoding}`,\n      description: \"Use base64, base64url, hex, utf8, or latin1\",\n    });\n  }\n  try {\n    return $ok(data.toString(outputEncoding));\n  } catch (error) {\n    return $err({ message: \"node bytesToStr: Failed to convert data\", description: $fmtError(error) });\n  }\n}\n\nexport function $convertEncoding(data: string, from: Encoding, to: Encoding): Result<string> {\n  if (!$isStr(data)) {\n    return $err({\n      message: \"node convertEncoding: Data must be a non-empty string\",\n      description: \"Received empty or non-string value\",\n    });\n  }\n\n  if (!ENCODING.includes(from) || !ENCODING.includes(to)) {\n    return $err({\n      message: `node convertEncoding: Unsupported encoding: from ${from} to ${to}`,\n      description: \"Use base64, base64url, hex, utf8, or latin1\",\n    });\n  }\n\n  const bytes = $convertStrToBytes(data, from);\n  if (bytes.error) return $err(bytes.error);\n\n  const str = $convertBytesToStr(bytes.result, to);\n  if (str.error) return $err(str.error);\n\n  return $ok(str.result);\n}\n","import nodeCrypto from \"node:crypto\";\nimport { $err, $fmtError, $ok, type Result } from \"@internal/helpers\";\nimport type { CreateSecretKeyOptions } from \"~/export.js\";\nimport type { DIGEST_ALGORITHMS, ENCRYPTION_ALGORITHMS } from \"~/helpers/consts.js\";\nimport { $validateCreateSecretKeyOptions, $validateSecretKeyBase } from \"~/helpers/validate.js\";\n\ndeclare const __brand: unique symbol;\n\nexport type NodeSecretKey = {\n  readonly platform: \"node\";\n  readonly digest: keyof typeof DIGEST_ALGORITHMS;\n  readonly algorithm: keyof typeof ENCRYPTION_ALGORITHMS;\n  readonly key: nodeCrypto.KeyObject;\n  readonly injected: (typeof ENCRYPTION_ALGORITHMS)[keyof typeof ENCRYPTION_ALGORITHMS];\n} & { readonly [__brand]: \"secretKey-node\" };\n\nexport function $isNodeSecretKey(x: unknown): NodeSecretKey | null {\n  const base = $validateSecretKeyBase(x, \"node\");\n  if (!base) return null;\n\n  if (\n    !(base.obj.key instanceof nodeCrypto.KeyObject) ||\n    (typeof base.obj.key.symmetricKeySize === \"number\" && base.obj.key.symmetricKeySize !== base.algorithm.keyBytes)\n  ) {\n    return null;\n  }\n  return x as NodeSecretKey;\n}\n\nexport function $createSecretKey(secret: string, options: CreateSecretKeyOptions): Result<{ result: NodeSecretKey }> {\n  const validated = $validateCreateSecretKeyOptions(secret, options, \"node\");\n  if (validated.error) return $err(validated.error);\n\n  const { algorithm, digest, salt, info, encryptAlgo, digestAlgo } = validated;\n\n  try {\n    const derivedKey = Buffer.from(\n      nodeCrypto.hkdfSync(\n        digestAlgo.node,\n        secret.normalize(\"NFKC\"),\n        salt.normalize(\"NFKC\"),\n        info.normalize(\"NFKC\"),\n        encryptAlgo.keyBytes,\n      ),\n    );\n    try {\n      const key = nodeCrypto.createSecretKey(derivedKey);\n      const secretKey = Object.freeze({\n        platform: \"node\",\n        digest,\n        algorithm,\n        key,\n        injected: encryptAlgo,\n      }) as NodeSecretKey;\n\n      return $ok({ result: secretKey });\n    } finally {\n      derivedKey.fill(0);\n    }\n  } catch (error) {\n    return $err({ message: \"node createSecretKey: Failed to derive key\", description: $fmtError(error) });\n  }\n}\n","import { Buffer } from \"node:buffer\";\nimport nodeCrypto from \"node:crypto\";\nimport {\n  $err,\n  $fmtError,\n  $fmtResultErr,\n  $isPlainObj,\n  $isStr,\n  $ok,\n  $parseToObj,\n  $stringifyObj,\n  type Result,\n} from \"@internal/helpers\";\nimport { CIPHER_ENCODING, GCM_IV_LENGTH, GCM_TAG_BYTES } from \"~/helpers/consts.js\";\nimport type { DecryptOptions, EncryptOptions } from \"~/helpers/types.js\";\nimport { matchEncryptedPattern } from \"~/helpers/validate.js\";\nimport { $convertBytesToStr, $convertStrToBytes } from \"./node-encode.js\";\nimport { $isNodeSecretKey, type NodeSecretKey } from \"./node-secret-key.js\";\n\nexport function $encrypt(data: string, secretKey: NodeSecretKey, options: EncryptOptions): Result<string> {\n  if (!$isStr(data)) {\n    return $err({\n      message: \"node encrypt: Data must be a non-empty string\",\n      description: \"Received empty or non-string value\",\n    });\n  }\n\n  if (!$isPlainObj<EncryptOptions>(options)) {\n    return $err({\n      message: \"node encrypt: Options must be a plain object\",\n      description: 'Pass an object like { outputEncoding: \"base64url\" }',\n    });\n  }\n\n  const outputEncoding = options.outputEncoding ?? \"base64url\";\n  if (!CIPHER_ENCODING.includes(outputEncoding)) {\n    return $err({\n      message: `node encrypt: Unsupported output encoding: ${outputEncoding}`,\n      description: \"Use base64, base64url, or hex\",\n    });\n  }\n\n  const injectedKey = $isNodeSecretKey(secretKey);\n  if (!injectedKey) {\n    return $err({\n      message: \"node encrypt: Invalid secret key\",\n      description: \"Expected a NodeSecretKey created by nodeKit.createSecretKey()\",\n    });\n  }\n\n  const { result, error } = $convertStrToBytes(data, \"utf8\");\n  if (error) return $err(error);\n\n  try {\n    const iv = nodeCrypto.randomBytes(GCM_IV_LENGTH);\n    const cipher = nodeCrypto.createCipheriv(injectedKey.injected.node, injectedKey.key, iv);\n    const encrypted = Buffer.concat([cipher.update(result), cipher.final()]);\n    const tag = cipher.getAuthTag();\n\n    const ivStr = $convertBytesToStr(iv, outputEncoding);\n    const cipherStr = $convertBytesToStr(encrypted, outputEncoding);\n    const tagStr = $convertBytesToStr(tag, outputEncoding);\n\n    if (ivStr.error || cipherStr.error || tagStr.error) {\n      return $err({\n        message: \"node encrypt: Failed to encode output\",\n        description: `Conversion error: ${$fmtResultErr(ivStr.error || cipherStr.error || tagStr.error)}`,\n      });\n    }\n\n    return $ok(`${ivStr.result}.${cipherStr.result}.${tagStr.result}.`);\n  } catch (error) {\n    return $err({ message: \"node encrypt: Failed to encrypt data\", description: $fmtError(error) });\n  } finally {\n    result.fill(0);\n  }\n}\n\nexport function $decrypt(encrypted: string, secretKey: NodeSecretKey, options: DecryptOptions): Result<string> {\n  if (!matchEncryptedPattern(encrypted)) {\n    return $err({\n      message: \"node decrypt: Invalid encrypted data format\",\n      description: 'Encrypted data must be in the format \"iv.cipher.tag.\"',\n    });\n  }\n\n  if (!$isPlainObj<DecryptOptions>(options)) {\n    return $err({\n      message: \"node decrypt: Options must be a plain object\",\n      description: 'Pass an object like { inputEncoding: \"base64url\" }',\n    });\n  }\n\n  const inputEncoding = options.inputEncoding ?? \"base64url\";\n  if (!CIPHER_ENCODING.includes(inputEncoding)) {\n    return $err({\n      message: `node decrypt: Unsupported input encoding: ${inputEncoding}`,\n      description: \"Use base64, base64url, or hex\",\n    });\n  }\n\n  const [iv, cipher, tag] = encrypted.split(\".\", 4) as [string, string, string];\n\n  const injectedKey = $isNodeSecretKey(secretKey);\n  if (!injectedKey) {\n    return $err({\n      message: \"node decrypt: Invalid secret key\",\n      description: \"Expected a NodeSecretKey created by nodeKit.createSecretKey()\",\n    });\n  }\n\n  const ivBytes = $convertStrToBytes(iv, inputEncoding);\n  const cipherBytes = $convertStrToBytes(cipher, inputEncoding);\n  const tagBytes = $convertStrToBytes(tag, inputEncoding);\n\n  if (ivBytes.error || cipherBytes.error || tagBytes.error) {\n    return $err({\n      message: \"node decrypt: Failed to decode input\",\n      description: `Conversion error: ${$fmtResultErr(ivBytes.error || cipherBytes.error || tagBytes.error)}`,\n    });\n  }\n\n  if (ivBytes.result.byteLength !== GCM_IV_LENGTH) {\n    return $err({\n      message: \"node decrypt: Invalid IV length\",\n      description: `Expected ${GCM_IV_LENGTH} bytes, got ${ivBytes.result.byteLength}`,\n    });\n  }\n\n  if (tagBytes.result.byteLength !== GCM_TAG_BYTES) {\n    return $err({\n      message: \"node decrypt: Invalid auth tag length\",\n      description: `Expected ${GCM_TAG_BYTES} bytes, got ${tagBytes.result.byteLength}`,\n    });\n  }\n\n  let decrypted: Buffer | undefined;\n  try {\n    const decipher = nodeCrypto.createDecipheriv(injectedKey.injected.node, injectedKey.key, ivBytes.result);\n    decipher.setAuthTag(tagBytes.result);\n    decrypted = Buffer.concat([decipher.update(cipherBytes.result), decipher.final()]);\n\n    return $convertBytesToStr(decrypted, \"utf8\");\n  } catch (error) {\n    return $err({ message: \"node decrypt: Failed to decrypt data\", description: $fmtError(error) });\n  } finally {\n    decrypted?.fill(0);\n  }\n}\n\nexport function $encryptObj<T extends object = Record<string, unknown>>(\n  data: T,\n  secretKey: NodeSecretKey,\n  options: EncryptOptions,\n): Result<string> {\n  const { result, error } = $stringifyObj(data);\n  if (error) return $err(error);\n  return $encrypt(result, secretKey, options);\n}\n\nexport function $decryptObj<T extends object = Record<string, unknown>>(\n  encrypted: string,\n  secretKey: NodeSecretKey,\n  options: DecryptOptions,\n): Result<{ result: T }> {\n  const { result, error } = $decrypt(encrypted, secretKey, options);\n  if (error) return $err(error);\n  return $parseToObj<T>(result);\n}\n","import { Buffer } from \"node:buffer\";\nimport nodeCrypto from \"node:crypto\";\nimport { $err, $fmtError, $isPlainObj, $isStr, $ok, type Result } from \"@internal/helpers\";\nimport { CIPHER_ENCODING, DIGEST_ALGORITHMS } from \"~/helpers/consts.js\";\nimport type { HashOptions, HashPasswordOptions, VerifyPasswordOptions } from \"~/helpers/types.js\";\nimport { $validateHashPasswordOptions, $validateVerifyPasswordOptions } from \"~/helpers/validate.js\";\nimport { $convertBytesToStr, $convertStrToBytes } from \"./node-encode.js\";\n\nexport function $hash(data: string, options: HashOptions = {}): Result<string> {\n  if (!$isStr(data)) {\n    return $err({\n      message: \"node hash: Data must be a non-empty string\",\n      description: \"Received empty or non-string value\",\n    });\n  }\n\n  if (!$isPlainObj<HashOptions>(options)) {\n    return $err({\n      message: \"node hash: Options must be a plain object\",\n      description: 'Pass an object like { digest: \"sha256\" }',\n    });\n  }\n\n  const outputEncoding = options.outputEncoding ?? \"base64url\";\n  if (!CIPHER_ENCODING.includes(outputEncoding)) {\n    return $err({\n      message: `node hash: Unsupported output encoding: ${outputEncoding}`,\n      description: \"Use base64, base64url, or hex\",\n    });\n  }\n\n  const digest = options.digest ?? \"sha256\";\n  if (!(digest in DIGEST_ALGORITHMS)) {\n    return $err({\n      message: `node hash: Unsupported digest: ${digest}`,\n      description: `Supported digests are: ${Object.keys(DIGEST_ALGORITHMS).join(\", \")}`,\n    });\n  }\n  const digestAlgo = DIGEST_ALGORITHMS[digest];\n\n  const { result, error } = $convertStrToBytes(data, \"utf8\");\n  if (error) return $err(error);\n\n  try {\n    const hashed = nodeCrypto.createHash(digestAlgo.node).update(result).digest();\n    return $convertBytesToStr(hashed, outputEncoding);\n  } catch (error) {\n    return $err({ message: \"node hash: Failed to hash data\", description: $fmtError(error) });\n  }\n}\n\nexport function $hashPassword(\n  password: string,\n  options: HashPasswordOptions,\n): Result<{ result: string; salt: string }> {\n  const validated = $validateHashPasswordOptions(password, options, \"node\");\n  if (validated.error) return $err(validated.error);\n\n  const { digestAlgo, outputEncoding, saltLength, iterations, keyLength } = validated;\n\n  const salt = nodeCrypto.randomBytes(saltLength);\n  const hash = nodeCrypto.pbkdf2Sync(password.normalize(\"NFKC\"), salt, iterations, keyLength, digestAlgo.node);\n\n  try {\n    const saltStr = $convertBytesToStr(salt, outputEncoding);\n    if (saltStr.error) return $err(saltStr.error);\n\n    const hashStr = $convertBytesToStr(hash, outputEncoding);\n    if (hashStr.error) return $err(hashStr.error);\n\n    return $ok({ result: hashStr.result, salt: saltStr.result });\n  } catch (error) {\n    return $err({ message: \"node hashPassword: Failed to hash password\", description: $fmtError(error) });\n  } finally {\n    salt.fill(0);\n    hash.fill(0);\n  }\n}\n\nexport function $verifyPassword(\n  password: string,\n  hashedPassword: string,\n  salt: string,\n  options: VerifyPasswordOptions,\n): Result<boolean> {\n  const validated = $validateVerifyPasswordOptions(password, hashedPassword, salt, options, \"node\");\n  if (validated.error) return $err(validated.error);\n\n  const { digestAlgo, inputEncoding, iterations, keyLength } = validated;\n\n  const saltBytes = $convertStrToBytes(salt, inputEncoding);\n  if (saltBytes.error) return $err(saltBytes.error);\n\n  const hashedPasswordBytes = $convertStrToBytes(hashedPassword, inputEncoding);\n  if (hashedPasswordBytes.error) return $err(hashedPasswordBytes.error);\n\n  if (hashedPasswordBytes.result.byteLength !== keyLength) return $ok(false);\n\n  try {\n    const derived = nodeCrypto.pbkdf2Sync(\n      password.normalize(\"NFKC\"),\n      saltBytes.result,\n      iterations,\n      keyLength,\n      digestAlgo.node,\n    );\n\n    const expected = hashedPasswordBytes.result;\n\n    const left = Buffer.alloc(keyLength);\n    const right = Buffer.alloc(keyLength);\n    derived.copy(left);\n    expected.copy(right);\n\n    try {\n      const matches = nodeCrypto.timingSafeEqual(left, right);\n      return $ok(matches);\n    } finally {\n      left.fill(0);\n      right.fill(0);\n      derived.fill(0);\n    }\n  } catch (error) {\n    return $err({ message: \"node verifyPassword: Verification failed\", description: $fmtError(error) });\n  } finally {\n    saltBytes.result.fill(0);\n    hashedPasswordBytes.result.fill(0);\n  }\n}\n"]}