npm - contribute-now - Versions diffs - 0.7.0-dev.3b89c66 → 0.7.0-dev.45c1376 - Mend

contribute-now 0.7.0-dev.3b89c66 → 0.7.0-dev.45c1376

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +1649 -128
package/package.json +3 -1

package/dist/index.js CHANGED Viewed

@@ -1298,6 +1298,579 @@ var init_formatter = __esm(() => {
   init_message_formatter();
 });
+// node_modules/@wgtechlabs/secrets-engine/dist/index.js
+var exports_dist = {};
+__export(exports_dist, {
+  SecurityError: () => SecurityError,
+  SecretsEngineError: () => SecretsEngineError,
+  SecretsEngine: () => SecretsEngine,
+  KeyNotFoundError: () => KeyNotFoundError,
+  IntegrityError: () => IntegrityError,
+  InitializationError: () => InitializationError,
+  DecryptionError: () => DecryptionError
+});
+import { readdir, rm, unlink } from "fs/promises";
+import { join as join3 } from "path";
+import {
+  createCipheriv,
+  createDecipheriv,
+  createHash,
+  createHmac,
+  randomBytes,
+  scryptSync
+} from "crypto";
+import { readFile as readFile2 } from "fs/promises";
+import { chmod, mkdir, readFile, stat, writeFile } from "fs/promises";
+import { homedir, hostname, networkInterfaces, userInfo } from "os";
+import { join as join4 } from "path";
+import { Database } from "bun:sqlite";
+import { readFile as readFile3 } from "fs/promises";
+import { join as join22 } from "path";
+function deriveMasterKey(machineId, keyfile, salt) {
+  const password = Buffer.concat([Buffer.from(machineId, "utf-8"), keyfile]);
+  return scryptSync(password, salt, CONSTANTS.KEY_LENGTH, {
+    N: CONSTANTS.SCRYPT_N,
+    r: CONSTANTS.SCRYPT_R,
+    p: CONSTANTS.SCRYPT_P,
+    maxmem: 256 * CONSTANTS.SCRYPT_N * CONSTANTS.SCRYPT_R
+  });
+}
+function encrypt(masterKey, plaintext) {
+  const iv = randomBytes(CONSTANTS.IV_LENGTH);
+  const cipher = createCipheriv("aes-256-gcm", masterKey, iv);
+  const encrypted = Buffer.concat([cipher.update(plaintext, "utf-8"), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+  return {
+    iv,
+    ciphertext: Buffer.concat([encrypted, authTag])
+  };
+}
+function decrypt(masterKey, iv, ciphertext, keyHash) {
+  if (ciphertext.length < CONSTANTS.AUTH_TAG_LENGTH) {
+    throw new DecryptionError("Ciphertext too short to contain auth tag", keyHash);
+  }
+  const authTag = ciphertext.subarray(ciphertext.length - CONSTANTS.AUTH_TAG_LENGTH);
+  const encrypted = ciphertext.subarray(0, ciphertext.length - CONSTANTS.AUTH_TAG_LENGTH);
+  try {
+    const decipher = createDecipheriv("aes-256-gcm", masterKey, iv);
+    decipher.setAuthTag(authTag);
+    return Buffer.concat([decipher.update(encrypted), decipher.final()]).toString("utf-8");
+  } catch (error) {
+    throw new DecryptionError(error instanceof Error ? error.message : "Unknown decryption error", keyHash);
+  }
+}
+function hmac(masterKey, data) {
+  return createHmac("sha256", masterKey).update(data).digest("hex");
+}
+function sha256(data) {
+  return createHash("sha256").update(data).digest();
+}
+function generateSalt() {
+  return randomBytes(CONSTANTS.SALT_LENGTH);
+}
+function matchGlob(pattern, key) {
+  const regexStr = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, "[^.]*");
+  const regex2 = new RegExp(`^${regexStr}$`);
+  return regex2.test(key);
+}
+function filterKeys(keys, pattern) {
+  return keys.filter((key) => matchGlob(pattern, key));
+}
+function resolveStoragePath(options) {
+  if (options?.path) {
+    return options.path;
+  }
+  if (options?.location === "xdg") {
+    return resolveXdgPath();
+  }
+  if (process.platform !== "win32" && process.env.XDG_CONFIG_HOME) {
+    return join4(process.env.XDG_CONFIG_HOME, "secrets-engine");
+  }
+  return join4(homedir(), CONSTANTS.DIR_NAME);
+}
+function resolveXdgPath() {
+  if (process.platform === "win32") {
+    const appData = process.env.APPDATA;
+    if (!appData) {
+      throw new InitializationError("APPDATA environment variable is not set");
+    }
+    return join4(appData, "secrets-engine");
+  }
+  const xdgConfig = process.env.XDG_CONFIG_HOME ?? join4(homedir(), ".config");
+  return join4(xdgConfig, "secrets-engine");
+}
+async function ensureDirectory(dirPath) {
+  try {
+    await mkdir(dirPath, { recursive: true, mode: EXPECTED_MODES.directory });
+  } catch (error) {
+    throw new InitializationError(`Cannot create storage directory at "${dirPath}"`, error);
+  }
+  if (process.platform !== "win32") {
+    await verifyPermission(dirPath, EXPECTED_MODES.directory, "directory");
+  }
+}
+async function verifyPermission(filePath, expectedMode, label) {
+  if (process.platform === "win32") {
+    return;
+  }
+  const fileStat = await stat(filePath);
+  const actualMode = fileStat.mode & 511;
+  if (actualMode !== expectedMode) {
+    throw new SecurityError(`Insecure ${label} permissions`, formatOctal(expectedMode), formatOctal(actualMode), filePath);
+  }
+}
+function formatOctal(mode) {
+  return `0o${mode.toString(8).padStart(3, "0")}`;
+}
+function getMachineIdentity() {
+  const host = hostname();
+  const mac = getPrimaryMac();
+  const user = userInfo().username;
+  return `${host}:${mac}:${user}`;
+}
+function getPrimaryMac() {
+  const interfaces = networkInterfaces();
+  for (const entries of Object.values(interfaces)) {
+    if (!entries)
+      continue;
+    for (const entry of entries) {
+      if (!entry.internal && entry.mac && entry.mac !== "00:00:00:00:00:00") {
+        return entry.mac;
+      }
+    }
+  }
+  return "no-mac-available";
+}
+async function ensureKeyfile(dirPath) {
+  const keyfilePath = join4(dirPath, CONSTANTS.KEYFILE_NAME);
+  try {
+    if (process.platform !== "win32") {
+      await verifyPermission(keyfilePath, EXPECTED_MODES.keyfile, "keyfile");
+    }
+    return await readFile(keyfilePath);
+  } catch (error) {
+    if (isFileNotFoundError(error)) {
+      return await createKeyfile(keyfilePath);
+    }
+    throw error;
+  }
+}
+async function createKeyfile(keyfilePath) {
+  const { randomBytes: randomBytes2 } = await import("crypto");
+  const keyfileData = randomBytes2(CONSTANTS.KEYFILE_LENGTH);
+  await writeFile(keyfilePath, keyfileData, { mode: EXPECTED_MODES.keyfile });
+  if (process.platform !== "win32") {
+    await chmod(keyfilePath, EXPECTED_MODES.keyfile);
+  }
+  return keyfileData;
+}
+async function readMetaFile(dirPath) {
+  const metaPath = join4(dirPath, CONSTANTS.META_NAME);
+  try {
+    return await readFile(metaPath, "utf-8");
+  } catch (error) {
+    if (isFileNotFoundError(error)) {
+      return null;
+    }
+    throw error;
+  }
+}
+async function writeMetaFile(dirPath, content) {
+  const metaPath = join4(dirPath, CONSTANTS.META_NAME);
+  await writeFile(metaPath, content, { mode: EXPECTED_MODES.meta });
+  if (process.platform !== "win32") {
+    await chmod(metaPath, EXPECTED_MODES.meta);
+  }
+}
+function isFileNotFoundError(error) {
+  return error instanceof Error && "code" in error && error.code === "ENOENT";
+}
+async function computeIntegrityHmac(masterKey, dbFilePath, checkpointFn) {
+  if (checkpointFn) {
+    try {
+      checkpointFn();
+    } catch (err) {
+      const originalMessage = err instanceof Error ? err.message : String(err);
+      throw new IntegrityError(`Integrity checkpoint failed: ${originalMessage}`);
+    }
+  }
+  const dbBytes = Buffer.from(await readFile2(dbFilePath));
+  const dbHash = sha256(dbBytes);
+  return hmac(masterKey, dbHash);
+}
+async function verifyIntegrity(masterKey, dbFilePath, dirPath, checkpointFn) {
+  const metaRaw = await readMetaFile(dirPath);
+  if (!metaRaw) {
+    throw new IntegrityError("Metadata file (meta.json) is missing");
+  }
+  let meta;
+  try {
+    meta = JSON.parse(metaRaw);
+  } catch {
+    throw new IntegrityError("Metadata file (meta.json) is corrupted");
+  }
+  if (meta.version !== CONSTANTS.STORE_VERSION) {
+    throw new IntegrityError(`Unsupported store version: expected "${CONSTANTS.STORE_VERSION}", got "${meta.version}"`);
+  }
+  const computedHmac = await computeIntegrityHmac(masterKey, dbFilePath, checkpointFn);
+  if (computedHmac !== meta.integrity) {
+    throw new IntegrityError;
+  }
+  return meta;
+}
+async function updateIntegrity(masterKey, dbFilePath, dirPath, salt, checkpointFn) {
+  const integrity = await computeIntegrityHmac(masterKey, dbFilePath, checkpointFn);
+  const meta = {
+    version: CONSTANTS.STORE_VERSION,
+    salt,
+    integrity
+  };
+  await writeMetaFile(dirPath, JSON.stringify(meta, null, 2));
+}
+class SecretStore {
+  db;
+  constructor(db) {
+    this.db = db;
+  }
+  static open(dirPath) {
+    const dbPath = join22(dirPath, CONSTANTS.DB_NAME);
+    try {
+      const db = new Database(dbPath, { create: true });
+      db.exec("PRAGMA journal_mode = WAL;");
+      db.exec("PRAGMA foreign_keys = ON;");
+      db.exec("PRAGMA busy_timeout = 5000;");
+      db.exec(CREATE_SECRETS_TABLE);
+      db.exec(CREATE_META_TABLE);
+      return new SecretStore(db);
+    } catch (error) {
+      throw new InitializationError(`Cannot open database at "${dbPath}"`, error);
+    }
+  }
+  upsert(entry) {
+    const now = Math.floor(Date.now() / 1000);
+    const stmt = this.db.prepare(`
+      INSERT INTO secrets (key_hash, key_enc, iv, cipher, created, updated)
+      VALUES ($key_hash, $key_enc, $iv, $cipher, $created, $updated)
+      ON CONFLICT(key_hash) DO UPDATE SET
+        key_enc = excluded.key_enc,
+        iv      = excluded.iv,
+        cipher  = excluded.cipher,
+        updated = excluded.updated
+    `);
+    stmt.run({
+      $key_hash: entry.key_hash,
+      $key_enc: entry.key_enc,
+      $iv: entry.iv,
+      $cipher: entry.cipher,
+      $created: now,
+      $updated: now
+    });
+  }
+  findByHash(keyHash) {
+    const stmt = this.db.prepare("SELECT key_hash, key_enc, iv, cipher, created, updated FROM secrets WHERE key_hash = ?");
+    const row = stmt.get(keyHash);
+    return row ?? null;
+  }
+  findAll() {
+    const stmt = this.db.prepare("SELECT key_hash, key_enc, iv, cipher, created, updated FROM secrets");
+    return stmt.all();
+  }
+  deleteByHash(keyHash) {
+    const stmt = this.db.prepare("DELETE FROM secrets WHERE key_hash = ?");
+    const result = stmt.run(keyHash);
+    return result.changes > 0;
+  }
+  deleteAll() {
+    this.db.exec("DELETE FROM secrets");
+  }
+  count() {
+    const stmt = this.db.prepare("SELECT COUNT(*) as count FROM secrets");
+    const row = stmt.get();
+    return row.count;
+  }
+  async readRawBytes() {
+    return Buffer.from(await readFile3(this.db.filename));
+  }
+  get filePath() {
+    return this.db.filename;
+  }
+  checkpoint() {
+    this.db.exec("PRAGMA wal_checkpoint(TRUNCATE);");
+  }
+  close() {
+    this.db.close();
+  }
+}
+class SecretsEngine {
+  masterKey;
+  store;
+  dirPath;
+  salt;
+  keyIndex = new Map;
+  closed = false;
+  constructor(masterKey, store, dirPath, salt) {
+    this.masterKey = masterKey;
+    this.store = store;
+    this.dirPath = dirPath;
+    this.salt = salt;
+  }
+  static async open(options) {
+    const dirPath = resolveStoragePath(options);
+    await ensureDirectory(dirPath);
+    const keyfile = await ensureKeyfile(dirPath);
+    const { salt, isNewStore } = await resolveSalt(dirPath);
+    const machineId = getMachineIdentity();
+    const masterKey = deriveMasterKey(machineId, keyfile, Buffer.from(salt, "hex"));
+    const store = SecretStore.open(dirPath);
+    try {
+      if (!isNewStore) {
+        await verifyIntegrity(masterKey, store.filePath, dirPath, () => store.checkpoint());
+      }
+      const engine = new SecretsEngine(masterKey, store, dirPath, salt);
+      engine.buildKeyIndex();
+      if (isNewStore) {
+        await updateIntegrity(masterKey, store.filePath, dirPath, salt, () => store.checkpoint());
+      }
+      return engine;
+    } catch (error) {
+      try {
+        store.close();
+      } catch {}
+      throw error;
+    }
+  }
+  async get(key) {
+    this.ensureOpen();
+    const keyHash = this.hashKey(key);
+    const entry = this.store.findByHash(keyHash);
+    if (!entry) {
+      return null;
+    }
+    return decrypt(this.masterKey, Buffer.from(entry.iv), Buffer.from(entry.cipher), keyHash);
+  }
+  async getOrThrow(key) {
+    const value = await this.get(key);
+    if (value === null) {
+      throw new KeyNotFoundError(key);
+    }
+    return value;
+  }
+  async set(key, value) {
+    this.ensureOpen();
+    const keyHash = this.hashKey(key);
+    const encryptedKey = encrypt(this.masterKey, key);
+    const encryptedValue = encrypt(this.masterKey, value);
+    const keyEncPacked = Buffer.concat([encryptedKey.iv, encryptedKey.ciphertext]);
+    this.store.upsert({
+      key_hash: keyHash,
+      key_enc: keyEncPacked,
+      iv: encryptedValue.iv,
+      cipher: encryptedValue.ciphertext
+    });
+    this.keyIndex.set(keyHash, key);
+    await updateIntegrity(this.masterKey, this.store.filePath, this.dirPath, this.salt, () => this.store.checkpoint());
+  }
+  async has(key) {
+    this.ensureOpen();
+    return this.keyIndex.has(this.hashKey(key));
+  }
+  async delete(key) {
+    this.ensureOpen();
+    const keyHash = this.hashKey(key);
+    const deleted = this.store.deleteByHash(keyHash);
+    if (deleted) {
+      this.keyIndex.delete(keyHash);
+      await updateIntegrity(this.masterKey, this.store.filePath, this.dirPath, this.salt, () => this.store.checkpoint());
+    }
+    return deleted;
+  }
+  async keys(pattern) {
+    this.ensureOpen();
+    const allKeys = Array.from(this.keyIndex.values());
+    if (!pattern) {
+      return allKeys.sort();
+    }
+    return filterKeys(allKeys, pattern).sort();
+  }
+  async destroy() {
+    this.ensureOpen();
+    this.store.checkpoint();
+    this.store.close();
+    this.keyIndex.clear();
+    this.closed = true;
+    await new Promise((resolve3) => setTimeout(resolve3, 150));
+    await removeDirectoryContents(this.dirPath);
+  }
+  async close() {
+    if (!this.closed) {
+      try {
+        this.store.checkpoint();
+        await updateIntegrity(this.masterKey, this.store.filePath, this.dirPath, this.salt);
+      } finally {
+        this.store.close();
+        this.keyIndex.clear();
+        this.closed = true;
+      }
+    }
+  }
+  get size() {
+    this.ensureOpen();
+    return this.keyIndex.size;
+  }
+  get storagePath() {
+    return this.dirPath;
+  }
+  buildKeyIndex() {
+    const entries = this.store.findAll();
+    for (const entry of entries) {
+      try {
+        const keyEncBuf = Buffer.from(entry.key_enc);
+        const keyIv = keyEncBuf.subarray(0, 12);
+        const keyCipher = keyEncBuf.subarray(12);
+        const keyName = decrypt(this.masterKey, keyIv, keyCipher, entry.key_hash);
+        this.keyIndex.set(entry.key_hash, keyName);
+      } catch (error) {
+        if (error instanceof DecryptionError) {
+          console.warn(`[secrets-engine] Skipping corrupted entry: ${entry.key_hash.slice(0, 16)}…`);
+          continue;
+        }
+        throw error;
+      }
+    }
+  }
+  hashKey(key) {
+    return hmac(this.masterKey, key);
+  }
+  ensureOpen() {
+    if (this.closed) {
+      throw new Error("SecretsEngine instance is closed");
+    }
+  }
+}
+async function resolveSalt(dirPath) {
+  const metaRaw = await readMetaFile(dirPath);
+  if (metaRaw) {
+    try {
+      const meta = JSON.parse(metaRaw);
+      if (meta.salt) {
+        return { salt: meta.salt, isNewStore: false };
+      }
+    } catch {}
+  }
+  const salt = generateSalt().toString("hex");
+  return { salt, isNewStore: true };
+}
+async function removeDirectoryContents(dirPath) {
+  const maxRetries = 5;
+  const retryDelay = 200;
+  for (let attempt = 0;attempt < maxRetries; attempt++) {
+    try {
+      const entries = await readdir(dirPath, { withFileTypes: true });
+      for (const entry of entries) {
+        const fullPath = join3(dirPath, entry.name);
+        if (entry.isDirectory()) {
+          await rm(fullPath, { recursive: true, force: true });
+        } else {
+          await unlink(fullPath);
+        }
+      }
+      await rm(dirPath, { force: true, recursive: true });
+      return;
+    } catch (error) {
+      const isRetryable = error instanceof Error && "code" in error && (error.code === "EBUSY" || error.code === "EPERM");
+      if (!isRetryable || attempt === maxRetries - 1) {
+        throw error;
+      }
+      await new Promise((resolve3) => setTimeout(resolve3, retryDelay * (attempt + 1)));
+    }
+  }
+}
+var SecretsEngineError, SecurityError, IntegrityError, KeyNotFoundError, DecryptionError, InitializationError, CONSTANTS, EXPECTED_MODES, CREATE_SECRETS_TABLE = `
+  CREATE TABLE IF NOT EXISTS secrets (
+    key_hash  TEXT PRIMARY KEY,
+    key_enc   BLOB NOT NULL,
+    iv        BLOB NOT NULL,
+    cipher    BLOB NOT NULL,
+    created   INTEGER NOT NULL,
+    updated   INTEGER NOT NULL
+  ) STRICT;
+`, CREATE_META_TABLE = `
+  CREATE TABLE IF NOT EXISTS meta (
+    key   TEXT PRIMARY KEY,
+    value TEXT NOT NULL
+  ) STRICT;
+`;
+var init_dist = __esm(() => {
+  SecretsEngineError = class SecretsEngineError extends Error {
+    constructor(message, options) {
+      super(message, options);
+      this.name = this.constructor.name;
+    }
+  };
+  SecurityError = class SecurityError extends SecretsEngineError {
+    expectedPermission;
+    actualPermission;
+    path;
+    code = "SECURITY_ERROR";
+    constructor(message, expectedPermission, actualPermission, path2) {
+      super(`${message} — expected ${expectedPermission}, got ${actualPermission} on "${path2}"`);
+      this.expectedPermission = expectedPermission;
+      this.actualPermission = actualPermission;
+      this.path = path2;
+    }
+  };
+  IntegrityError = class IntegrityError extends SecretsEngineError {
+    code = "INTEGRITY_ERROR";
+    constructor(message = "Database integrity check failed — possible tampering detected") {
+      super(message);
+    }
+  };
+  KeyNotFoundError = class KeyNotFoundError extends SecretsEngineError {
+    code = "KEY_NOT_FOUND";
+    constructor(key) {
+      super(`Key not found: "${key}"`);
+    }
+  };
+  DecryptionError = class DecryptionError extends SecretsEngineError {
+    keyHash;
+    code = "DECRYPTION_ERROR";
+    constructor(message, keyHash) {
+      const detail = keyHash ? ` (entry: ${keyHash.slice(0, 16)}…)` : "";
+      super(`Decryption failed${detail}: ${message}`);
+      this.keyHash = keyHash;
+    }
+  };
+  InitializationError = class InitializationError extends SecretsEngineError {
+    code = "INITIALIZATION_ERROR";
+    constructor(message, cause) {
+      super(`Initialization failed: ${message}`, { cause });
+    }
+  };
+  CONSTANTS = {
+    IV_LENGTH: 12,
+    AUTH_TAG_LENGTH: 16,
+    KEY_LENGTH: 32,
+    SCRYPT_N: 131072,
+    SCRYPT_R: 8,
+    SCRYPT_P: 1,
+    KEYFILE_LENGTH: 32,
+    SALT_LENGTH: 32,
+    STORE_VERSION: "1",
+    DIR_NAME: ".secrets-engine",
+    KEYFILE_NAME: ".keyfile",
+    DB_NAME: "store.db",
+    META_NAME: "meta.json"
+  };
+  EXPECTED_MODES = {
+    directory: 448,
+    database: 384,
+    keyfile: 256,
+    meta: 384
+  };
+});
 // node_modules/sisteransi/src/index.js
 var require_src = __commonJS((exports, module) => {
   var ESC = "\x1B";
@@ -4857,7 +5430,7 @@ var init_session = __esm(() => {
 import { spawn } from "node:child_process";
 import { existsSync as existsSync4 } from "node:fs";
 import { Socket } from "node:net";
-import { dirname as dirname4, join as join4 } from "node:path";
+import { dirname as dirname5, join as join8 } from "node:path";
 import { fileURLToPath } from "node:url";
 function isZodSchema(value) {
   return value != null && typeof value === "object" && "toJSONSchema" in value && typeof value.toJSONSchema === "function";
@@ -4879,7 +5452,7 @@ function getNodeExecPath() {
 function getBundledCliPath() {
   const sdkUrl = import.meta.resolve("@github/copilot/sdk");
   const sdkPath = fileURLToPath(sdkUrl);
-  return join4(dirname4(dirname4(sdkPath)), "index.js");
+  return join8(dirname5(dirname5(sdkPath)), "index.js");
 }
 class CopilotClient {
@@ -5631,14 +6204,14 @@ var approveAll = () => ({ kind: "approved" });
 var init_types2 = () => {};
 // node_modules/@github/copilot-sdk/dist/index.js
-var exports_dist2 = {};
-__export(exports_dist2, {
+var exports_dist3 = {};
+__export(exports_dist3, {
   defineTool: () => defineTool,
   approveAll: () => approveAll,
   CopilotSession: () => CopilotSession,
   CopilotClient: () => CopilotClient
 });
-var init_dist = __esm(() => {
+var init_dist2 = __esm(() => {
   init_client();
   init_session();
   init_types2();
@@ -8826,21 +9399,991 @@ var LogEngine = {
 var import_picocolors = __toESM(require_picocolors(), 1);
 // src/utils/state.ts
-import { existsSync as existsSync3, mkdirSync as mkdirSync3, readFileSync as readFileSync3, statSync as statSync3, writeFileSync as writeFileSync3 } from "node:fs";
-import { dirname as dirname3, join as join3, resolve as resolve3 } from "node:path";
+import { existsSync as existsSync3, readFileSync as readFileSync3, statSync as statSync3 } from "node:fs";
+import { dirname as dirname4, join as join7, resolve as resolve3 } from "node:path";
+// node_modules/@wgtechlabs/config-engine/dist/chunk-gs6j6hrj.js
+import { createRequire as createRequire2 } from "node:module";
+var __require2 = /* @__PURE__ */ createRequire2(import.meta.url);
+function createZodValidator(schema) {
+  return {
+    validate(data) {
+      const result = schema.safeParse(data);
+      if (result.success) {
+        return { success: true, data: result.data };
+      }
+      return {
+        success: false,
+        errors: formatZodErrors(result.error)
+      };
+    }
+  };
+}
+function formatZodErrors(error) {
+  return error.issues.map((issue) => {
+    const path2 = issue.path.length > 0 ? `\`${issue.path.join(".")}\` ` : "";
+    return `${path2}${issue.message}`;
+  });
+}
+function resolveValidator(options) {
+  if (options.validator)
+    return options.validator;
+  if (options.schema)
+    return createZodValidator(options.schema);
+  return;
+}
+// node_modules/@wgtechlabs/config-engine/dist/index.js
+import { mkdirSync as mkdirSync3 } from "node:fs";
+import { dirname as dirname3 } from "node:path";
+import { watch } from "node:fs";
+import { homedir as homedir2, platform as platform2 } from "node:os";
+import { join as join6 } from "node:path";
+class ConfigCache {
+  #store;
+  #strategy;
+  #data = new Map;
+  #dirty = new Set;
+  #deleted = new Set;
+  #flushScheduled = false;
+  #flushPromise = null;
+  constructor(store, strategy = "batched") {
+    this.#store = store;
+    this.#strategy = strategy;
+  }
+  load(initial) {
+    this.#data.clear();
+    this.#dirty.clear();
+    this.#deleted.clear();
+    const stored = initial ?? this.#store.getAll();
+    for (const [key, value] of Object.entries(stored)) {
+      this.#data.set(key, value);
+    }
+  }
+  get(key) {
+    return this.#data.get(key);
+  }
+  has(key) {
+    return this.#data.has(key);
+  }
+  get size() {
+    return this.#data.size;
+  }
+  getAll() {
+    const obj = Object.create(null);
+    for (const [key, value] of this.#data) {
+      obj[key] = value;
+    }
+    return obj;
+  }
+  entries() {
+    return this.#data.entries();
+  }
+  set(key, value) {
+    this.#data.set(key, value);
+    this.#dirty.add(key);
+    this.#deleted.delete(key);
+    this.#scheduleFlush();
+  }
+  setMany(entries) {
+    for (const [key, value] of entries) {
+      this.#data.set(key, value);
+      this.#dirty.add(key);
+      this.#deleted.delete(key);
+    }
+    this.#scheduleFlush();
+  }
+  delete(key) {
+    const existed = this.#data.delete(key);
+    if (existed) {
+      this.#dirty.delete(key);
+      this.#deleted.add(key);
+      this.#scheduleFlush();
+    }
+    return existed;
+  }
+  clear() {
+    for (const key of this.#data.keys()) {
+      this.#deleted.add(key);
+    }
+    this.#data.clear();
+    this.#dirty.clear();
+    this.#scheduleFlush();
+  }
+  replaceAll(data) {
+    for (const key of this.#data.keys()) {
+      if (!(key in data)) {
+        this.#deleted.add(key);
+      }
+    }
+    this.#data.clear();
+    this.#dirty.clear();
+    for (const [key, value] of Object.entries(data)) {
+      this.#data.set(key, value);
+      this.#dirty.add(key);
+      this.#deleted.delete(key);
+    }
+    this.#scheduleFlush();
+  }
+  #scheduleFlush() {
+    if (this.#strategy === "manual")
+      return;
+    if (this.#strategy === "immediate") {
+      this.flushSync();
+      return;
+    }
+    if (!this.#flushScheduled) {
+      this.#flushScheduled = true;
+      this.#flushPromise = Promise.resolve().then(() => {
+        this.flushSync();
+        this.#flushScheduled = false;
+        this.#flushPromise = null;
+      });
+    }
+  }
+  flushSync() {
+    if (this.#dirty.size === 0 && this.#deleted.size === 0)
+      return;
+    this.#store.transaction(() => {
+      if (this.#dirty.size > 0) {
+        const entries = [];
+        for (const key of this.#dirty) {
+          entries.push([key, this.#data.get(key)]);
+        }
+        this.#store.setMany(entries);
+      }
+      for (const key of this.#deleted) {
+        this.#store.deleteOne(key);
+      }
+      this.#store.touchLastWrite();
+    });
+    this.#dirty.clear();
+    this.#deleted.clear();
+  }
+  async flush() {
+    if (this.#flushPromise) {
+      await this.#flushPromise;
+    } else if (this.#dirty.size > 0 || this.#deleted.size > 0) {
+      this.flushSync();
+    }
+  }
+  reload() {
+    this.#dirty.clear();
+    this.#deleted.clear();
+    this.load();
+  }
+}
+function getByPath(obj, path2) {
+  if (typeof obj !== "object" || obj === null)
+    return;
+  const keys = path2.split(".");
+  let current = obj;
+  for (const key of keys) {
+    if (typeof current !== "object" || current === null)
+      return;
+    current = current[key];
+  }
+  return current;
+}
+function setByPath(obj, path2, value) {
+  const keys = path2.split(".");
+  if (keys.length === 0)
+    return obj;
+  const result = { ...obj };
+  let current = result;
+  for (let i2 = 0;i2 < keys.length - 1; i2++) {
+    const key = keys[i2];
+    if (typeof current[key] !== "object" || current[key] === null) {
+      current[key] = {};
+    } else {
+      current[key] = { ...current[key] };
+    }
+    current = current[key];
+  }
+  const lastKey = keys[keys.length - 1];
+  current[lastKey] = value;
+  return result;
+}
+function hasByPath(obj, path2) {
+  if (typeof obj !== "object" || obj === null)
+    return false;
+  const keys = path2.split(".");
+  let current = obj;
+  for (let i2 = 0;i2 < keys.length; i2++) {
+    if (typeof current !== "object" || current === null)
+      return false;
+    const key = keys[i2];
+    if (!Object.prototype.hasOwnProperty.call(current, key))
+      return false;
+    current = current[key];
+  }
+  return true;
+}
+function deleteByPath(obj, path2) {
+  const keys = path2.split(".");
+  if (keys.length === 0)
+    return obj;
+  const result = { ...obj };
+  let current = result;
+  for (let i2 = 0;i2 < keys.length - 1; i2++) {
+    const key = keys[i2];
+    if (typeof current[key] !== "object" || current[key] === null) {
+      return obj;
+    }
+    current[key] = { ...current[key] };
+    current = current[key];
+  }
+  const lastKey = keys[keys.length - 1];
+  delete current[lastKey];
+  return result;
+}
+class SecretsEngineEncryptor {
+  #keyName;
+  #derivedKey = null;
+  #secrets = null;
+  constructor(keyName) {
+    this.#keyName = keyName;
+  }
+  async init() {
+    let SecretsEngine2;
+    try {
+      const mod = await Promise.resolve().then(() => (init_dist(), exports_dist));
+      SecretsEngine2 = mod.SecretsEngine ?? mod.default?.SecretsEngine ?? mod;
+    } catch {
+      throw new Error('Encryption requires "@wgtechlabs/secrets-engine" as a peer dependency. Install it with: bun add @wgtechlabs/secrets-engine');
+    }
+    this.#secrets = await SecretsEngine2.open();
+    const hasKey = await this.#secrets.has(this.#keyName);
+    if (!hasKey) {
+      const keyBytes = crypto.getRandomValues(new Uint8Array(32));
+      const keyHex2 = Array.from(keyBytes).map((b2) => b2.toString(16).padStart(2, "0")).join("");
+      await this.#secrets.set(this.#keyName, keyHex2);
+    }
+    const keyHex = await this.#secrets.get(this.#keyName);
+    const keyBuffer = hexToUint8Array(keyHex);
+    this.#derivedKey = await crypto.subtle.importKey("raw", keyBuffer.buffer, { name: "AES-GCM" }, false, ["encrypt", "decrypt"]);
+  }
+  async encrypt(plaintext) {
+    if (!this.#derivedKey)
+      throw new Error("Encryptor not initialized. Call init() first.");
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const encoded = new TextEncoder().encode(plaintext);
+    const cipherBuffer = await crypto.subtle.encrypt({ name: "AES-GCM", iv: iv.buffer }, this.#derivedKey, encoded);
+    const ivB64 = uint8ArrayToBase64(iv);
+    const cipherB64 = uint8ArrayToBase64(new Uint8Array(cipherBuffer));
+    return `${ivB64}:${cipherB64}`;
+  }
+  async decrypt(ciphertext) {
+    if (!this.#derivedKey)
+      throw new Error("Encryptor not initialized. Call init() first.");
+    const [ivB64, cipherB64] = ciphertext.split(":");
+    if (!ivB64 || !cipherB64)
+      throw new Error("Invalid encrypted data format.");
+    const iv = base64ToUint8Array(ivB64);
+    const cipherBuffer = base64ToUint8Array(cipherB64);
+    const plainBuffer = await crypto.subtle.decrypt({ name: "AES-GCM", iv: iv.buffer }, this.#derivedKey, cipherBuffer.buffer);
+    return new TextDecoder().decode(plainBuffer);
+  }
+  async close() {
+    if (this.#secrets) {
+      this.#secrets.close();
+      this.#secrets = null;
+    }
+  }
+}
+function hexToUint8Array(hex) {
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i2 = 0;i2 < hex.length; i2 += 2) {
+    bytes[i2 / 2] = Number.parseInt(hex.substring(i2, i2 + 2), 16);
+  }
+  return bytes;
+}
+function uint8ArrayToBase64(bytes) {
+  if (typeof Buffer !== "undefined") {
+    return Buffer.from(bytes).toString("base64");
+  }
+  let binary = "";
+  for (const byte of bytes) {
+    binary += String.fromCharCode(byte);
+  }
+  return btoa(binary);
+}
+function base64ToUint8Array(b64) {
+  if (typeof Buffer !== "undefined") {
+    return new Uint8Array(Buffer.from(b64, "base64"));
+  }
+  const binary = atob(b64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i2 = 0;i2 < binary.length; i2++) {
+    bytes[i2] = binary.charCodeAt(i2);
+  }
+  return bytes;
+}
+async function resolveEncryptor(encryptionKey) {
+  if (!encryptionKey)
+    return;
+  if (typeof encryptionKey === "string") {
+    const enc = new SecretsEngineEncryptor(encryptionKey);
+    await enc.init();
+    return enc;
+  }
+  return encryptionKey;
+}
+var META_KEY = "schema_version";
+var INITIAL_VERSION = "0.0.0";
+async function runMigrations(options) {
+  const { store, migrations, projectVersion, beforeEachMigration, afterEachMigration } = options;
+  if (migrations.length === 0)
+    return;
+  const currentVersion = store.getMeta(META_KEY) ?? INITIAL_VERSION;
+  const versions = migrations.map((m2) => m2.version);
+  const finalVersion = projectVersion;
+  const pending = migrations.filter((m2) => compareVersions(m2.version, currentVersion) > 0);
+  if (pending.length === 0) {
+    store.setMeta(META_KEY, projectVersion);
+    return;
+  }
+  pending.sort((a2, b2) => compareVersions(a2.version, b2.version));
+  const ctx = createMigrationContext(store);
+  const snapshot = store.getAll();
+  const snapshotVersion = currentVersion;
+  try {
+    for (const migration of pending) {
+      const hookCtx = {
+        fromVersion: currentVersion,
+        toVersion: migration.version,
+        finalVersion,
+        versions
+      };
+      if (beforeEachMigration) {
+        await beforeEachMigration(hookCtx);
+      }
+      await migration.up(ctx);
+      if (afterEachMigration) {
+        await afterEachMigration(hookCtx);
+      }
+    }
+    store.setMeta(META_KEY, projectVersion);
+    store.touchLastWrite();
+  } catch (error) {
+    store.transaction(() => {
+      store.deleteAll();
+      const entries = Object.entries(snapshot);
+      if (entries.length > 0) {
+        store.setMany(entries);
+      }
+      store.setMeta(META_KEY, snapshotVersion);
+    });
+    throw new Error(`Migration to version "${pending.find(() => true)?.version}" failed. All changes have been rolled back. Original error: ${error instanceof Error ? error.message : String(error)}`);
+  }
+}
+function createMigrationContext(store) {
+  return {
+    get(key) {
+      return store.getOne(key);
+    },
+    set(key, value) {
+      store.setOne(key, value);
+    },
+    has(key) {
+      return store.has(key);
+    },
+    delete(key) {
+      return store.deleteOne(key);
+    }
+  };
+}
+function compareVersions(a2, b2) {
+  const partsA = a2.split(".").map(Number);
+  const partsB = b2.split(".").map(Number);
+  for (let i2 = 0;i2 < 3; i2++) {
+    const va = partsA[i2] ?? 0;
+    const vb = partsB[i2] ?? 0;
+    if (va !== vb)
+      return va - vb;
+  }
+  return 0;
+}
+function resolveConfigDir(projectName) {
+  const home = homedir2();
+  const os2 = platform2();
+  switch (os2) {
+    case "darwin":
+      return join6(home, "Library", "Preferences", projectName);
+    case "win32":
+      return join6(process.env.APPDATA ?? join6(home, "AppData", "Roaming"), projectName);
+    default:
+      return join6(process.env.XDG_CONFIG_HOME ?? join6(home, ".config"), projectName);
+  }
+}
+function resolveConfigPath(options) {
+  const dir = options.cwd ?? resolveConfigDir(options.projectName);
+  const name = options.configName ?? "config";
+  return join6(dir, `${name}.db`);
+}
+function isBun() {
+  return typeof globalThis.Bun !== "undefined";
+}
+function openDatabase(filepath) {
+  if (isBun()) {
+    return openBunDatabase(filepath);
+  }
+  return openNodeDatabase(filepath);
+}
+function openBunDatabase(filepath) {
+  const { Database: Database2 } = __require2("bun:sqlite");
+  const db = new Database2(filepath);
+  db.exec("PRAGMA journal_mode = WAL;");
+  db.exec("PRAGMA busy_timeout = 5000;");
+  return {
+    prepare(sql) {
+      const stmt = db.prepare(sql);
+      return {
+        run(...params) {
+          stmt.run(...params);
+        },
+        get(...params) {
+          return stmt.get(...params);
+        },
+        all(...params) {
+          return stmt.all(...params);
+        }
+      };
+    },
+    exec(sql) {
+      db.exec(sql);
+    },
+    close() {
+      db.close();
+    },
+    transaction(fn) {
+      return db.transaction(fn);
+    }
+  };
+}
+function openNodeDatabase(filepath) {
+  let BetterSqlite3;
+  try {
+    BetterSqlite3 = __require2("better-sqlite3");
+  } catch {
+    throw new Error('config-engine requires "better-sqlite3" as a peer dependency when running on Node.js. Install it with: npm install better-sqlite3');
+  }
+  const db = new BetterSqlite3(filepath);
+  db.pragma("journal_mode = WAL");
+  db.pragma("busy_timeout = 5000");
+  return {
+    prepare(sql) {
+      const stmt = db.prepare(sql);
+      return {
+        run(...params) {
+          stmt.run(...params);
+        },
+        get(...params) {
+          return stmt.get(...params);
+        },
+        all(...params) {
+          return stmt.all(...params);
+        }
+      };
+    },
+    exec(sql) {
+      db.exec(sql);
+    },
+    close() {
+      db.close();
+    },
+    transaction(fn) {
+      return db.transaction(fn);
+    }
+  };
+}
+class ConfigStore {
+  #db;
+  constructor(db) {
+    this.#db = db;
+    this.#initialize();
+  }
+  #initialize() {
+    this.#db.exec(`
+			CREATE TABLE IF NOT EXISTS config (
+				key   TEXT PRIMARY KEY,
+				value TEXT NOT NULL
+			);
+		`);
+    this.#db.exec(`
+			CREATE TABLE IF NOT EXISTS _meta (
+				key   TEXT PRIMARY KEY,
+				value TEXT NOT NULL
+			);
+		`);
+  }
+  getAll() {
+    const rows = this.#db.prepare("SELECT key, value FROM config").all();
+    const result = Object.create(null);
+    for (const row of rows) {
+      result[row.key] = JSON.parse(row.value);
+    }
+    return result;
+  }
+  getOne(key) {
+    const row = this.#db.prepare("SELECT value FROM config WHERE key = ?").get(key);
+    return row ? JSON.parse(row.value) : undefined;
+  }
+  setOne(key, value) {
+    this.#db.prepare("INSERT OR REPLACE INTO config (key, value) VALUES (?, ?)").run(key, JSON.stringify(value));
+  }
+  setMany(entries) {
+    const stmt = this.#db.prepare("INSERT OR REPLACE INTO config (key, value) VALUES (?, ?)");
+    const runTransaction = this.#db.transaction(() => {
+      for (const [key, value] of entries) {
+        stmt.run(key, JSON.stringify(value));
+      }
+    });
+    runTransaction();
+  }
+  deleteOne(key) {
+    const before = this.count();
+    this.#db.prepare("DELETE FROM config WHERE key = ?").run(key);
+    return this.count() < before;
+  }
+  deleteAll() {
+    this.#db.exec("DELETE FROM config;");
+  }
+  has(key) {
+    const row = this.#db.prepare("SELECT 1 FROM config WHERE key = ? LIMIT 1").get(key);
+    return row !== undefined && row !== null;
+  }
+  count() {
+    const row = this.#db.prepare("SELECT COUNT(*) as cnt FROM config").get();
+    return row.cnt;
+  }
+  getMeta(key) {
+    const row = this.#db.prepare("SELECT value FROM _meta WHERE key = ?").get(key);
+    return row?.value;
+  }
+  setMeta(key, value) {
+    this.#db.prepare("INSERT OR REPLACE INTO _meta (key, value) VALUES (?, ?)").run(key, value);
+  }
+  hasMeta(key) {
+    const row = this.#db.prepare("SELECT 1 FROM _meta WHERE key = ? LIMIT 1").get(key);
+    return row !== undefined && row !== null;
+  }
+  transaction(fn) {
+    const wrapped = this.#db.transaction(fn);
+    return wrapped();
+  }
+  touchLastWrite() {
+    this.setMeta("last_write", Date.now().toString());
+  }
+  getLastWrite() {
+    const val = this.getMeta("last_write");
+    return val ? Number(val) : 0;
+  }
+  close() {
+    this.#db.close();
+  }
+}
+class ConfigEngineError extends Error {
+  name = "ConfigEngineError";
+}
+class ValidationError extends ConfigEngineError {
+  name = "ValidationError";
+  errors;
+  constructor(errors) {
+    super(`Config validation failed:
+  - ${errors.join(`
+  - `)}`);
+    this.errors = errors;
+  }
+}
+class ConfigEngine {
+  #store;
+  #cache;
+  #validator;
+  #encryptor;
+  #defaults;
+  #dotNotation;
+  #filePath;
+  #listeners = new Map;
+  #anyListeners = new Set;
+  #watcher = null;
+  #lastKnownWrite = 0;
+  #closed = false;
+  constructor(store, cache, options) {
+    this.#store = store;
+    this.#cache = cache;
+    this.#validator = options.validator;
+    this.#encryptor = options.encryptor;
+    this.#defaults = options.defaults;
+    this.#dotNotation = options.dotNotation;
+    this.#filePath = options.filePath;
+    this.#lastKnownWrite = store.getLastWrite();
+    if (options.watch) {
+      this.#startWatching();
+    }
+  }
+  static async open(options) {
+    const {
+      projectName,
+      projectVersion,
+      cwd,
+      configName,
+      defaults = {},
+      encryptionKey,
+      migrations,
+      beforeEachMigration,
+      afterEachMigration,
+      flushStrategy = "batched",
+      accessPropertiesByDotNotation = true,
+      watch: enableWatch = false,
+      clearInvalidConfig = false
+    } = options;
+    const filePath = resolveConfigPath({ projectName, cwd, configName });
+    mkdirSync3(dirname3(filePath), { recursive: true });
+    const db = openDatabase(filePath);
+    const store = new ConfigStore(db);
+    const encryptor = await resolveEncryptor(encryptionKey);
+    const validator = resolveValidator(options);
+    let storedData;
+    try {
+      storedData = store.getAll();
+      if (encryptor) {
+        storedData = await decryptStore(storedData, encryptor);
+      }
+    } catch (error) {
+      if (clearInvalidConfig) {
+        store.deleteAll();
+        storedData = {};
+      } else {
+        store.close();
+        throw new ConfigEngineError(`Failed to load config: ${error instanceof Error ? error.message : String(error)}`);
+      }
+    }
+    const merged = { ...defaults, ...storedData };
+    if (validator) {
+      const result = validator.validate(merged);
+      if (!result.success) {
+        if (clearInvalidConfig) {
+          store.deleteAll();
+          const freshData = { ...defaults };
+          const freshResult = validator.validate(freshData);
+          if (!freshResult.success) {
+            store.close();
+            throw new ValidationError(freshResult.errors);
+          }
+          const entries = Object.entries(freshData);
+          if (encryptor) {
+            const encrypted = await encryptStore(freshData, encryptor);
+            store.setMany(Object.entries(encrypted));
+          } else {
+            store.setMany(entries);
+          }
+          store.touchLastWrite();
+          const cache2 = new ConfigCache(store, flushStrategy);
+          cache2.load(freshData);
+          return new ConfigEngine(store, cache2, {
+            validator,
+            encryptor,
+            defaults,
+            dotNotation: accessPropertiesByDotNotation,
+            filePath,
+            watch: enableWatch
+          });
+        }
+        store.close();
+        throw new ValidationError(result.errors);
+      }
+    }
+    const hasNewDefaults = Object.keys(defaults).some((key) => !(key in storedData));
+    if (hasNewDefaults) {
+      if (encryptor) {
+        const encrypted = await encryptStore(merged, encryptor);
+        store.setMany(Object.entries(encrypted));
+      } else {
+        store.setMany(Object.entries(merged));
+      }
+      store.touchLastWrite();
+    }
+    if (migrations && migrations.length > 0) {
+      if (!projectVersion) {
+        store.close();
+        throw new ConfigEngineError('"projectVersion" is required when "migrations" is provided.');
+      }
+      await runMigrations({
+        store,
+        migrations,
+        projectVersion,
+        beforeEachMigration,
+        afterEachMigration
+      });
+    }
+    const cache = new ConfigCache(store, flushStrategy);
+    let finalData;
+    if (encryptor) {
+      finalData = await decryptStore(store.getAll(), encryptor);
+    } else {
+      finalData = store.getAll();
+    }
+    const cacheData = { ...defaults, ...finalData };
+    cache.load(cacheData);
+    return new ConfigEngine(store, cache, {
+      validator,
+      encryptor,
+      defaults,
+      dotNotation: accessPropertiesByDotNotation,
+      filePath,
+      watch: enableWatch
+    });
+  }
+  get(key, defaultValue) {
+    this.#ensureOpen();
+    if (this.#dotNotation && key.includes(".")) {
+      const full = this.#cache.getAll();
+      const value2 = getByPath(full, key);
+      return value2 !== undefined ? value2 : defaultValue;
+    }
+    const value = this.#cache.get(key);
+    return value !== undefined ? value : defaultValue;
+  }
+  has(key) {
+    this.#ensureOpen();
+    if (this.#dotNotation && key.includes(".")) {
+      return hasByPath(this.#cache.getAll(), key);
+    }
+    return this.#cache.has(key);
+  }
+  get store() {
+    this.#ensureOpen();
+    return this.#cache.getAll();
+  }
+  set store(value) {
+    this.#ensureOpen();
+    this.#validateFull(value);
+    const oldStore = this.#cache.getAll();
+    this.#cache.replaceAll(value);
+    this.#notifyAnyChange(value, oldStore);
+  }
+  get size() {
+    this.#ensureOpen();
+    return this.#cache.size;
+  }
+  get path() {
+    return this.#filePath;
+  }
+  set(keyOrObject, value) {
+    this.#ensureOpen();
+    if (typeof keyOrObject === "string") {
+      this.#setKey(keyOrObject, value);
+    } else {
+      const entries = Object.entries(keyOrObject);
+      const oldStore = this.#cache.getAll();
+      for (const [key, val] of entries) {
+        if (this.#dotNotation && key.includes(".")) {
+          const full = this.#cache.getAll();
+          const updated = setByPath(full, key, val);
+          this.#validateFull(updated);
+          this.#cache.replaceAll(updated);
+        } else {
+          this.#cache.set(key, val);
+        }
+      }
+      this.#validateFull(this.#cache.getAll());
+      this.#notifyAnyChange(this.#cache.getAll(), oldStore);
+    }
+  }
+  #setKey(key, value) {
+    const oldStore = this.#cache.getAll();
+    const oldValue = this.get(key);
+    if (this.#dotNotation && key.includes(".")) {
+      const full = this.#cache.getAll();
+      const updated = setByPath(full, key, value);
+      this.#validateFull(updated);
+      this.#cache.replaceAll(updated);
+    } else {
+      const testStore = { ...this.#cache.getAll(), [key]: value };
+      this.#validateFull(testStore);
+      this.#cache.set(key, value);
+    }
+    this.#notifyKeyChange(key, value, oldValue);
+    this.#notifyAnyChange(this.#cache.getAll(), oldStore);
+  }
+  delete(key) {
+    this.#ensureOpen();
+    const oldStore = this.#cache.getAll();
+    const oldValue = this.get(key);
+    if (this.#dotNotation && key.includes(".")) {
+      const full = this.#cache.getAll();
+      const updated = deleteByPath(full, key);
+      this.#cache.replaceAll(updated);
+    } else {
+      this.#cache.delete(key);
+    }
+    this.#notifyKeyChange(key, undefined, oldValue);
+    this.#notifyAnyChange(this.#cache.getAll(), oldStore);
+  }
+  clear() {
+    this.#ensureOpen();
+    const oldStore = this.#cache.getAll();
+    this.#cache.clear();
+    if (this.#defaults && Object.keys(this.#defaults).length > 0) {
+      this.#cache.setMany(Object.entries(this.#defaults));
+    }
+    this.#notifyAnyChange(this.#cache.getAll(), oldStore);
+  }
+  reset(...keys) {
+    this.#ensureOpen();
+    const oldStore = this.#cache.getAll();
+    for (const key of keys) {
+      if (key in this.#defaults) {
+        this.#cache.set(key, this.#defaults[key]);
+      } else {
+        this.#cache.delete(key);
+      }
+    }
+    this.#notifyAnyChange(this.#cache.getAll(), oldStore);
+  }
+  onDidChange(key, callback) {
+    if (!this.#listeners.has(key)) {
+      this.#listeners.set(key, new Set);
+    }
+    const set = this.#listeners.get(key);
+    set.add(callback);
+    return () => {
+      set.delete(callback);
+      if (set.size === 0)
+        this.#listeners.delete(key);
+    };
+  }
+  onDidAnyChange(callback) {
+    this.#anyListeners.add(callback);
+    return () => {
+      this.#anyListeners.delete(callback);
+    };
+  }
+  async flush() {
+    this.#ensureOpen();
+    await this.#cache.flush();
+  }
+  flushSync() {
+    this.#ensureOpen();
+    this.#cache.flushSync();
+  }
+  close() {
+    if (this.#closed)
+      return;
+    this.#stopWatching();
+    this.#cache.flushSync();
+    this.#store.close();
+    this.#closed = true;
+  }
+  *[Symbol.iterator]() {
+    this.#ensureOpen();
+    yield* this.#cache.entries();
+  }
+  #ensureOpen() {
+    if (this.#closed) {
+      throw new ConfigEngineError("This ConfigEngine instance has been closed. Create a new one with ConfigEngine.open().");
+    }
+  }
+  #validateFull(data) {
+    if (!this.#validator)
+      return;
+    const result = this.#validator.validate(data);
+    if (!result.success) {
+      throw new ValidationError(result.errors);
+    }
+  }
+  #notifyKeyChange(key, newValue, oldValue) {
+    if (newValue === oldValue)
+      return;
+    if (typeof newValue === "object" && typeof oldValue === "object" && JSON.stringify(newValue) === JSON.stringify(oldValue)) {
+      return;
+    }
+    const listeners = this.#listeners.get(key);
+    if (listeners) {
+      for (const cb of listeners) {
+        cb(newValue, oldValue);
+      }
+    }
+  }
+  #notifyAnyChange(newStore, oldStore) {
+    if (JSON.stringify(newStore) === JSON.stringify(oldStore))
+      return;
+    for (const cb of this.#anyListeners) {
+      cb(newStore, oldStore);
+    }
+  }
+  #startWatching() {
+    try {
+      this.#watcher = watch(dirname3(this.#filePath), (_event, filename) => {
+        if (!filename)
+          return;
+        const expectedName = this.#filePath.split(/[\\/]/).pop();
+        if (filename !== expectedName)
+          return;
+        const currentWrite = this.#store.getLastWrite();
+        if (currentWrite > this.#lastKnownWrite) {
+          this.#lastKnownWrite = currentWrite;
+          const oldStore = this.#cache.getAll();
+          this.#cache.reload();
+          const newStore = this.#cache.getAll();
+          this.#notifyAnyChange(newStore, oldStore);
+        }
+      });
+      if (this.#watcher && "unref" in this.#watcher) {
+        this.#watcher.unref();
+      }
+    } catch {}
+  }
+  #stopWatching() {
+    if (this.#watcher) {
+      this.#watcher.close();
+      this.#watcher = null;
+    }
+  }
+}
+async function encryptStore(data, encryptor) {
+  const result = {};
+  for (const [key, value] of Object.entries(data)) {
+    result[key] = await encryptor.encrypt(JSON.stringify(value));
+  }
+  return result;
+}
+async function decryptStore(data, encryptor) {
+  const result = {};
+  for (const [key, value] of Object.entries(data)) {
+    if (typeof value === "string") {
+      try {
+        const decrypted = await encryptor.decrypt(value);
+        result[key] = JSON.parse(decrypted);
+      } catch {
+        result[key] = value;
+      }
+    } else {
+      result[key] = value;
+    }
+  }
+  return result;
+}
+// src/utils/state.ts
 var LOCAL_STATE_DIRNAME = "contribute-now";
 var LOCAL_STATE_CONFIG_NAME = "state";
 var LOCAL_STATE_LOCATION_LABEL = `.git/${LOCAL_STATE_DIRNAME}/${LOCAL_STATE_CONFIG_NAME}.db`;
-var DEFAULT_LOCAL_STATE = {
-  guideRotation: {}
-};
+var stateStoreCache = new Map;
 function findRepoRoot2(cwd = process.cwd()) {
   let current = resolve3(cwd);
   while (true) {
-    if (existsSync3(join3(current, ".git"))) {
+    if (existsSync3(join7(current, ".git"))) {
       return current;
     }
-    const parent = dirname3(current);
+    const parent = dirname4(current);
     if (parent === current) {
       return null;
     }
@@ -8852,13 +10395,13 @@ function resolveGitDir2(cwd = process.cwd()) {
   if (!repoRoot) {
     return null;
   }
-  const dotGitPath = join3(repoRoot, ".git");
+  const dotGitPath = join7(repoRoot, ".git");
   try {
-    const stat = statSync3(dotGitPath);
-    if (stat.isDirectory()) {
+    const stat2 = statSync3(dotGitPath);
+    if (stat2.isDirectory()) {
       return dotGitPath;
     }
-    if (!stat.isFile()) {
+    if (!stat2.isFile()) {
       return null;
     }
     const content = readFileSync3(dotGitPath, "utf-8").trim();
@@ -8876,41 +10419,40 @@ function getLocalStateDir(cwd = process.cwd()) {
   if (!gitDir) {
     return null;
   }
-  return join3(gitDir, LOCAL_STATE_DIRNAME);
+  return join7(gitDir, LOCAL_STATE_DIRNAME);
 }
-function readLocalState(cwd = process.cwd()) {
-  const statePath = getLocalStatePath(cwd);
-  if (!statePath || !existsSync3(statePath)) {
-    return DEFAULT_LOCAL_STATE;
-  }
-  try {
-    const raw = JSON.parse(readFileSync3(statePath, "utf-8"));
-    const guideRotation = raw.guideRotation && typeof raw.guideRotation === "object" ? raw.guideRotation : {};
-    return {
-      guideRotation: Object.fromEntries(Object.entries(guideRotation).filter((entry) => {
-        const [key, value] = entry;
-        return typeof key === "string" && typeof value === "number" && Number.isFinite(value);
-      }))
-    };
-  } catch {
-    return DEFAULT_LOCAL_STATE;
+async function openLocalStateStore(cwd = process.cwd()) {
+  const stateDir = getLocalStateDir(cwd);
+  if (!stateDir) {
+    return null;
   }
+  return ConfigEngine.open({
+    projectName: "contribute-now",
+    cwd: stateDir,
+    configName: LOCAL_STATE_CONFIG_NAME,
+    defaults: {
+      guideRotation: {}
+    },
+    flushStrategy: "immediate"
+  });
 }
-function writeLocalState(state, cwd = process.cwd()) {
+async function getLocalStateStore(cwd = process.cwd()) {
   const statePath = getLocalStatePath(cwd);
-  if (!statePath) {
-    return;
+  const cacheKey = statePath ?? resolve3(cwd);
+  const existing = stateStoreCache.get(cacheKey);
+  if (existing) {
+    return existing;
   }
-  mkdirSync3(dirname3(statePath), { recursive: true });
-  writeFileSync3(statePath, `${JSON.stringify(state, null, 2)}
-`, "utf-8");
+  const storePromise = openLocalStateStore(cwd).catch(() => null);
+  stateStoreCache.set(cacheKey, storePromise);
+  return storePromise;
 }
 function getLocalStatePath(cwd = process.cwd()) {
   const stateDir = getLocalStateDir(cwd);
   if (!stateDir) {
     return null;
   }
-  return join3(stateDir, `${LOCAL_STATE_CONFIG_NAME}.db`);
+  return join7(stateDir, `${LOCAL_STATE_CONFIG_NAME}.db`);
 }
 function getLocalStateLocationLabel(cwd = process.cwd()) {
   return getLocalStatePath(cwd) ? LOCAL_STATE_LOCATION_LABEL : null;
@@ -8920,23 +10462,25 @@ function hasLocalStateStore(cwd = process.cwd()) {
   return !!statePath && existsSync3(statePath);
 }
 async function getGuideRotationIndex(commandKey, cwd = process.cwd()) {
-  const rotationIndex = readLocalState(cwd).guideRotation[commandKey];
+  const store = await getLocalStateStore(cwd);
+  if (!store) {
+    return 0;
+  }
+  const rotationIndex = store.get(`guideRotation.${commandKey}`, 0);
   return typeof rotationIndex === "number" ? rotationIndex : 0;
 }
 async function advanceGuideRotation(commandKey, rotatableCount, cwd = process.cwd()) {
   if (rotatableCount <= 0) {
     return;
   }
-  const state = readLocalState(cwd);
-  const rotationIndex = state.guideRotation[commandKey];
+  const store = await getLocalStateStore(cwd);
+  if (!store) {
+    return;
+  }
+  const rotationIndex = store.get(`guideRotation.${commandKey}`, 0);
   const currentIndex = typeof rotationIndex === "number" ? rotationIndex : 0;
   const nextIndex = (currentIndex + 1) % rotatableCount;
-  writeLocalState({
-    guideRotation: {
-      ...state.guideRotation,
-      [commandKey]: nextIndex
-    }
-  }, cwd);
+  store.set(`guideRotation.${commandKey}`, nextIndex);
 }
 // src/utils/tips.ts
@@ -10612,79 +12156,54 @@ async function multiSelectPrompt(message, choices) {
 }
 // src/utils/copilot.ts
-init_dist();
+init_dist2();
 // src/utils/secrets.ts
-import { chmodSync, existsSync as existsSync5, mkdirSync as mkdirSync4, readFileSync as readFileSync4, rmSync, writeFileSync as writeFileSync4 } from "node:fs";
-import { homedir } from "node:os";
-import { join as join5, resolve as resolve4 } from "node:path";
+init_dist();
+import { existsSync as existsSync5 } from "node:fs";
+import { homedir as homedir3 } from "node:os";
+import { resolve as resolve4 } from "node:path";
 var CONTRIBUTE_NOW_SECRETS_DIRNAME = ".contribute-now";
 var CONTRIBUTE_NOW_SECRETS_STORE_DIRNAME = "secrets";
 var OLLAMA_CLOUD_API_KEY = "ollama.cloud.apiKey";
-function getSecretsStorePath(baseDir = homedir()) {
+var secretsStoreCache = new Map;
+function getSecretsStorePath(baseDir = homedir3()) {
   return resolve4(baseDir, CONTRIBUTE_NOW_SECRETS_DIRNAME, CONTRIBUTE_NOW_SECRETS_STORE_DIRNAME);
 }
-function getSecretsFilePath(baseDir = homedir()) {
-  return join5(getSecretsStorePath(baseDir), "store.json");
-}
-function readSecretsStore(baseDir = homedir()) {
-  const filePath = getSecretsFilePath(baseDir);
-  if (!existsSync5(filePath)) {
-    return null;
+async function getSecretsStore(baseDir = homedir3(), createIfMissing = true) {
+  const storePath = getSecretsStorePath(baseDir);
+  const existing = secretsStoreCache.get(storePath);
+  if (existing) {
+    return existing;
   }
-  try {
-    const parsed = JSON.parse(readFileSync4(filePath, "utf-8"));
-    return typeof parsed === "object" && parsed !== null ? parsed : null;
-  } catch {
+  if (!createIfMissing && !existsSync5(storePath)) {
     return null;
   }
+  const storePromise = SecretsEngine.open({ path: storePath });
+  secretsStoreCache.set(storePath, storePromise);
+  return storePromise;
 }
-function writeSecretsStore(store, baseDir = homedir()) {
-  const storePath = getSecretsStorePath(baseDir);
-  const filePath = getSecretsFilePath(baseDir);
-  mkdirSync4(storePath, { recursive: true, mode: 448 });
-  writeFileSync4(filePath, `${JSON.stringify(store, null, 2)}
-`, {
-    encoding: "utf-8",
-    mode: 384
-  });
-  try {
-    chmodSync(storePath, 448);
-    chmodSync(filePath, 384);
-  } catch {}
-}
-function hasSecretsStore(baseDir = homedir()) {
-  return existsSync5(getSecretsFilePath(baseDir));
+function hasSecretsStore(baseDir = homedir3()) {
+  return existsSync5(getSecretsStorePath(baseDir));
 }
-async function hasOllamaCloudApiKey(baseDir = homedir()) {
-  return typeof readSecretsStore(baseDir)?.[OLLAMA_CLOUD_API_KEY] === "string";
+async function hasOllamaCloudApiKey(baseDir = homedir3()) {
+  const store = await getSecretsStore(baseDir, false);
+  return store ? store.has(OLLAMA_CLOUD_API_KEY) : false;
 }
-async function getOllamaCloudApiKey(baseDir = homedir()) {
-  return readSecretsStore(baseDir)?.[OLLAMA_CLOUD_API_KEY] ?? null;
+async function getOllamaCloudApiKey(baseDir = homedir3()) {
+  const store = await getSecretsStore(baseDir, false);
+  return store ? store.get(OLLAMA_CLOUD_API_KEY) : null;
 }
-async function setOllamaCloudApiKey(value, baseDir = homedir()) {
-  const existingStore = readSecretsStore(baseDir) ?? {};
-  writeSecretsStore({
-    ...existingStore,
-    [OLLAMA_CLOUD_API_KEY]: value
-  }, baseDir);
-}
-async function deleteOllamaCloudApiKey(baseDir = homedir()) {
-  const existingStore = readSecretsStore(baseDir);
-  if (!existingStore || !(OLLAMA_CLOUD_API_KEY in existingStore)) {
-    return false;
+async function setOllamaCloudApiKey(value, baseDir = homedir3()) {
+  const store = await getSecretsStore(baseDir);
+  if (!store) {
+    throw new Error("Secrets store could not be opened");
   }
-  const nextStore = { ...existingStore };
-  delete nextStore[OLLAMA_CLOUD_API_KEY];
-  if (Object.keys(nextStore).length === 0) {
-    try {
-      rmSync(getSecretsFilePath(baseDir), { force: true });
-      rmSync(getSecretsStorePath(baseDir), { recursive: true, force: true });
-    } catch {}
-    return true;
-  }
-  writeSecretsStore(nextStore, baseDir);
-  return true;
+  await store.set(OLLAMA_CLOUD_API_KEY, value);
+}
+async function deleteOllamaCloudApiKey(baseDir = homedir3()) {
+  const store = await getSecretsStore(baseDir, false);
+  return store ? store.delete(OLLAMA_CLOUD_API_KEY) : false;
 }
 // src/utils/copilot.ts
@@ -12670,13 +14189,13 @@ async function promptForConfigEdits(current, hasExistingOllamaApiKey) {
       const modelLookupApiKey = ollamaApiKeyAction === "set" ? ollamaApiKey ?? null : ollamaApiKeyAction === "keep" ? await getOllamaCloudApiKey() : null;
       aiModel = await promptForOllamaCloudModelSelection(modelLookupApiKey, current.aiProvider === "ollama-cloud" ? current.aiModel ?? DEFAULT_OLLAMA_CLOUD_MODEL : DEFAULT_OLLAMA_CLOUD_MODEL);
     } else if (hasExistingOllamaApiKey) {
-      const shouldDeleteStoredKey = await confirmPrompt("Delete the stored Ollama Cloud API key from the local secrets store?");
+      const shouldDeleteStoredKey = await confirmPrompt("Delete the stored Ollama Cloud API key from secrets-engine?");
       if (shouldDeleteStoredKey) {
         ollamaApiKeyAction = "delete";
       }
     }
   } else if (hasExistingOllamaApiKey) {
-    const shouldDeleteStoredKey = await confirmPrompt("AI is disabled. Delete the stored Ollama Cloud API key from the local secrets store?");
+    const shouldDeleteStoredKey = await confirmPrompt("AI is disabled. Delete the stored Ollama Cloud API key from secrets-engine?");
     if (shouldDeleteStoredKey) {
       ollamaApiKeyAction = "delete";
     }
@@ -12703,7 +14222,7 @@ async function promptForConfigEdits(current, hasExistingOllamaApiKey) {
 async function applyOllamaApiKeyEdit(result) {
   if (result.ollamaApiKeyAction === "set" && result.ollamaApiKey) {
     await setOllamaCloudApiKey(result.ollamaApiKey);
-    success("Stored Ollama Cloud API key in the local secrets store.");
+    success("Stored Ollama Cloud API key in secrets-engine.");
     info(`Secrets path: ${import_picocolors10.default.bold(getSecretsStorePath())}`);
     return;
   }
@@ -12826,7 +14345,7 @@ var import_picocolors11 = __toESM(require_picocolors(), 1);
 // package.json
 var package_default = {
   name: "contribute-now",
-  version: "0.7.0-dev.3b89c66",
+  version: "0.7.0-dev.45c1376",
   description: "Developer CLI that automates git workflows — branching, syncing, committing, and PRs — with multi-workflow and commit convention support.",
   type: "module",
   bin: {
@@ -12874,7 +14393,9 @@ var package_default = {
   dependencies: {
     "@clack/prompts": "^1.0.1",
     "@github/copilot-sdk": "^0.1.25",
+    "@wgtechlabs/config-engine": "^0.1.0",
     "@wgtechlabs/log-engine": "^2.3.1",
+    "@wgtechlabs/secrets-engine": "^2.0.0",
     citty: "^0.1.6",
     figlet: "^1.10.0",
     picocolors: "^1.1.1"
@@ -12991,7 +14512,7 @@ async function depsSection() {
     });
   }
   try {
-    await Promise.resolve().then(() => (init_dist(), exports_dist2));
+    await Promise.resolve().then(() => (init_dist2(), exports_dist3));
     checks.push({ label: "Copilot SDK importable", ok: true });
   } catch {
     checks.push({
@@ -13079,7 +14600,7 @@ async function configSection() {
         label: hasApiKey ? "Ollama Cloud API key present" : "Ollama Cloud API key missing",
         ok: true,
         warning: !hasApiKey,
-        detail: hasSecretsStore() ? "stored in the local secrets store" : "run `contrib setup` to save it"
+        detail: hasSecretsStore() ? "stored in secrets-engine" : "run `contrib setup` to save it"
       });
     }
   }
@@ -13273,15 +14794,15 @@ var doctor_default = defineCommand({
 });
 // src/commands/hook.ts
-import { existsSync as existsSync6, mkdirSync as mkdirSync5, readFileSync as readFileSync5, rmSync as rmSync2, writeFileSync as writeFileSync5 } from "node:fs";
-import { join as join6 } from "node:path";
+import { existsSync as existsSync6, mkdirSync as mkdirSync4, readFileSync as readFileSync4, rmSync, writeFileSync as writeFileSync3 } from "node:fs";
+import { join as join9 } from "node:path";
 var import_picocolors12 = __toESM(require_picocolors(), 1);
 var HOOK_MARKER = "# managed by contribute-now";
 function getHooksDir(cwd = process.cwd()) {
-  return join6(cwd, ".git", "hooks");
+  return join9(cwd, ".git", "hooks");
 }
 function getHookPath(cwd = process.cwd()) {
-  return join6(getHooksDir(cwd), "commit-msg");
+  return join9(getHooksDir(cwd), "commit-msg");
 }
 function generateHookScript() {
   return `#!/bin/sh
@@ -13357,7 +14878,7 @@ async function installHook() {
   const hookPath = getHookPath();
   const hooksDir = getHooksDir();
   if (existsSync6(hookPath)) {
-    const existing = readFileSync5(hookPath, "utf-8");
+    const existing = readFileSync4(hookPath, "utf-8");
     if (!existing.includes(HOOK_MARKER)) {
       error("A commit-msg hook already exists and was not installed by contribute-now.");
       warn(`Path: ${hookPath}`);
@@ -13367,9 +14888,9 @@ async function installHook() {
     info("Updating existing contribute-now hook...");
   }
   if (!existsSync6(hooksDir)) {
-    mkdirSync5(hooksDir, { recursive: true });
+    mkdirSync4(hooksDir, { recursive: true });
   }
-  writeFileSync5(hookPath, generateHookScript(), { mode: 493 });
+  writeFileSync3(hookPath, generateHookScript(), { mode: 493 });
   success(`commit-msg hook installed.`);
   info(`Convention: ${import_picocolors12.default.bold(CONVENTION_LABELS[config.commitConvention])}`, "");
   info(`Path: ${import_picocolors12.default.dim(hookPath)}`, "");
@@ -13382,12 +14903,12 @@ async function uninstallHook() {
     info("No commit-msg hook found. Nothing to uninstall.");
     return;
   }
-  const content = readFileSync5(hookPath, "utf-8");
+  const content = readFileSync4(hookPath, "utf-8");
   if (!content.includes(HOOK_MARKER)) {
     error("The commit-msg hook was not installed by contribute-now. Leaving it untouched.");
     process.exit(1);
   }
-  rmSync2(hookPath);
+  rmSync(hookPath);
   success("commit-msg hook removed.");
 }
@@ -14068,7 +15589,7 @@ var setup_default = defineCommand({
     if (enableAI) {
       const providerChoice = await selectPrompt("Which AI provider should this clone use?", [
         "GitHub Copilot — use your existing GitHub/Copilot auth",
-        "Ollama Cloud — use an API key stored in the local secrets store"
+        "Ollama Cloud — use an API key stored with secrets-engine"
       ]);
       aiProvider = providerChoice.startsWith("Ollama Cloud") ? "ollama-cloud" : "copilot";
       if (aiProvider === "ollama-cloud") {
@@ -14080,7 +15601,7 @@ var setup_default = defineCommand({
         aiModel = await promptForOllamaCloudModel(apiKey);
         try {
           await setOllamaCloudApiKey(apiKey);
-          success("Stored Ollama Cloud API key in the local secrets store.");
+          success("Stored Ollama Cloud API key in secrets-engine.");
           info(`Secrets path: ${import_picocolors15.default.bold(getSecretsStorePath())}`);
         } catch (err) {
           const message = err instanceof Error ? err.message : String(err);
@@ -15359,7 +16880,7 @@ var sync_default = defineCommand({
 });
 // src/commands/update.ts
-import { readFileSync as readFileSync6 } from "node:fs";
+import { readFileSync as readFileSync5 } from "node:fs";
 var import_picocolors21 = __toESM(require_picocolors(), 1);
 function hasStaleBranchWorkToPreserve(uniqueCommitsAheadOfBase, hasUncommittedChanges2) {
   return hasUncommittedChanges2 || uniqueCommitsAheadOfBase > 0;
@@ -15563,7 +17084,7 @@ var update_default = defineCommand({
           let conflictDiff = "";
           for (const file of conflictFiles.slice(0, 3)) {
             try {
-              const content = readFileSync6(file, "utf-8");
+              const content = readFileSync5(file, "utf-8");
               if (content.includes("<<<<<<<")) {
                 conflictDiff += `
 --- ${file} ---
@@ -15604,7 +17125,7 @@ ${import_picocolors21.default.bold("\uD83D\uDCA1 AI Conflict Resolution Guidance
 });
 // src/commands/validate.ts
-import { readFileSync as readFileSync7 } from "node:fs";
+import { readFileSync as readFileSync6 } from "node:fs";
 var import_picocolors22 = __toESM(require_picocolors(), 1);
 var validate_default = defineCommand({
   meta: {
@@ -15634,7 +17155,7 @@ var validate_default = defineCommand({
       info('Commit convention is set to "none". All messages are accepted.');
       process.exit(0);
     }
-    const message = args.file ? readFileSync7(args.file, "utf-8").split(/\r?\n/, 1)[0] ?? "" : args.message;
+    const message = args.file ? readFileSync6(args.file, "utf-8").split(/\r?\n/, 1)[0] ?? "" : args.message;
     if (!message) {
       error("No commit message provided. Pass a message or use --file <path>.");
       process.exit(1);