crypto-guardian-cli 1.0.0

package/.npmrc

@@ -0,0 +1,2 @@
+@jherostudio:registry=https://npm.pkg.github.com
+//npm.pkg.github.com/:_authToken=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

package/README.md

@@ -0,0 +1,87 @@
+# Crypto Guardian CLI 🛡️
+
+A lightweight, secure, and interactive Command Line Interface (CLI) tool designed for cryptographic operations. Built natively in TypeScript and Node.js, it leverages hardware-backed cryptography to generate high-entropy military-grade passwords and securely encrypt sensitive data using advanced encryption standards.
+
+Developed under the engineering standards of **Jhero Studio**.
+
+---
+
+## ⚡ Features
+
+* **Military-Grade Password Generation:** Generates cryptographically secure random passwords using hardware entropy (`node:crypto`).
+* **Shannon Entropy Calculation:** Real-time mathematical evaluation of password strength ($E = L \cdot \log_2(R)$) to classify security levels up to `MILITAR` status (>80 bits).
+* **Advanced Data Encryption (AES-256-GCM):** Industry-standard symmetric encryption to secure `.env` files, API keys, or raw text blocks.
+* **Authenticated Decryption:** Utilizes Galois/Counter Mode (GCM) authentication tags to prevent data tampering or unauthorized modifications.
+* **Interactive Cyberpunk UI:** A clean, zero-dependency interactive console menu driven by the native Node.js `readline` module.
+
+---
+
+## 📂 Project Architecture
+
+```text
+crypto-guardian-cli/
+├── src/
+│   ├── index.ts          # Main interactive CLI menu loop
+│   ├── entropy.ts        # Password generation & Shannon entropy logic
+│   ├── cipher.ts         # AES-256-GCM encryption & decryption modules
+│   └── ui.ts             # Console aesthetics and color handling
+├── package.json          # Dependencies & project scripts
+├── tsconfig.json         # TypeScript compiler configuration
+└── README.md             # Project documentation
+
+---
+
+🛠️ TECHNICAL STACK & SECURITY IMPLEMENTATION
+
+- Runtime & Language: Node.js v23+ & TypeScript.
+- Development Engine: tsx for high-performance, real-time TypeScript execution.
+- Cryptographic Core: Native node:crypto using secure pseudo-random number generators (CSPRNG) via hardware.
+- Key Derivation: scryptSync with a unique dynamic salt per session to mitigate rainbow table attacks.
+- Commit Verification: 100% of the codebase is cryptographically signed with trusted GPG keys (Verified status).
+
+---
+
+🚀 GETTING STARTED
+
+Prerequisites
+Ensure you have Node.js installed on your machine (v23 or higher recommended).
+
+Installation
+1.  Clone repository 
+    ```bash
+git clone https://github.com/Jherostudio/crypto-guardian-cli.git
+cd crypto-guardian-cli
+```
+2.  Install dependencies
+
+```bash
+npm install
+```
+
+3.  Run the application
+
+```bash
+npx tsx src/index.ts
+```
+---
+
+🕹️ USAGE SHOWCASE
+
+1. Generating a Secure Key
+Choose option 1, enter your desired length (e.g., 16), and the system will output your password along with its calculated mathematical resistance:
+
+Plaintext
+✅ Generada: L9jMKP$<#PHmQ@{$
+📊 Entropía: 104.87 bits [MILITAR]
+
+2. Encrypting Sensitive Data
+
+Choose option 2, paste your data (such as raw database credentials), and establish a master phrase. The output is a secure payload structure containing salt:iv:authTag:cipherText:
+
+Plaintext
+47e188f79133dbe...61f2aa3f58f8800cd3932a1242
+
+---
+
+📄 LICENSE
+This project is open-source and available under the MIT License.

package/package.json

@@ -0,0 +1,18 @@
+{
+  "name": "crypto-guardian-cli",
+  "version": "1.0.0",
+  "main": "index.js",
+  "type": "module",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "description": "",
+  "devDependencies": {
+    "@types/node": "^25.8.0",
+    "tsx": "^4.22.1",
+    "typescript": "^6.0.3"
+  }
+}

package/src/cipher.d.ts

@@ -0,0 +1,9 @@
+/**
+ * 1. Encriptar texto plano usando una frase maestra
+ */
+export declare function encrypt(text: string, secretPhrase: string): string;
+/**
+ * 2. Desencriptar el bloque asegurando la integridad
+ */
+export declare function decrypt(cipherText: string, secretPhrase: string): string;
+//# sourceMappingURL=cipher.d.ts.map

package/src/cipher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cipher.d.ts","sourceRoot":"","sources":["cipher.ts"],"names":[],"mappings":"AAOA;;GAEG;AACH,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,MAAM,CAkBlE;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,MAAM,CAqBxE"}

package/src/cipher.js

@@ -0,0 +1,42 @@
+import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'node:crypto';
+// Configuración del algoritmo estándar de la industria (AES-256 en modo GCM)
+const ALGORITHM = 'aes-256-gcm';
+const IV_LENGTH = 12; // Vector de inicialización para GCM
+const SALT_LENGTH = 16;
+/**
+ * 1. Encriptar texto plano usando una frase maestra
+ */
+export function encrypt(text, secretPhrase) {
+    // Generar un salt y un IV aleatorios por cada encriptación para máxima seguridad
+    const salt = randomBytes(SALT_LENGTH);
+    const iv = randomBytes(IV_LENGTH);
+    // Derivar una llave segura de 32 bytes (256 bits) a partir de la frase del usuario
+    const key = scryptSync(secretPhrase, salt, 32);
+    const cipher = createCipheriv(ALGORITHM, key, iv);
+    let encrypted = cipher.update(text, 'utf8', 'hex');
+    encrypted += cipher.final('hex');
+    // Obtener el tag de autenticación (GCM asegura que el contenido no sea manipulado)
+    const authTag = cipher.getAuthTag().toString('hex');
+    // Empaquetar todo en una sola cadena para fácil almacenamiento
+    return `${salt.toString('hex')}:${iv.toString('hex')}:${authTag}:${encrypted}`;
+}
+/**
+ * 2. Desencriptar el bloque asegurando la integridad
+ */
+export function decrypt(cipherText, secretPhrase) {
+    const [saltHex, ivHex, authTagHex, encryptedHex] = cipherText.split(':');
+    if (!saltHex || !ivHex || !authTagHex || !encryptedHex) {
+        throw new Error('El formato del texto cifrado es inválido.');
+    }
+    const salt = Buffer.from(saltHex, 'hex');
+    const iv = Buffer.from(ivHex, 'hex');
+    const authTag = Buffer.from(authTagHex, 'hex');
+    // Derivar exactamente la misma llave usando la frase maestra y el salt original
+    const key = scryptSync(secretPhrase, salt, 32);
+    const decipher = createDecipheriv(ALGORITHM, key, iv);
+    decipher.setAuthTag(authTag);
+    let decrypted = decipher.update(encryptedHex, 'hex', 'utf8');
+    decrypted += decipher.final('utf8');
+    return decrypted;
+}
+//# sourceMappingURL=cipher.js.map

package/src/cipher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cipher.js","sourceRoot":"","sources":["cipher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAExF,6EAA6E;AAC7E,MAAM,SAAS,GAAG,aAAa,CAAC;AAChC,MAAM,SAAS,GAAG,EAAE,CAAC,CAAC,oCAAoC;AAC1D,MAAM,WAAW,GAAG,EAAE,CAAC;AAEvB;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,IAAY,EAAE,YAAoB;IACtD,iFAAiF;IACjF,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IACtC,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IAElC,mFAAmF;IACnF,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAE/C,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IAElD,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACnD,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAEjC,mFAAmF;IACnF,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAEpD,+DAA+D;IAC/D,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,IAAI,SAAS,EAAE,CAAC;AACnF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,UAAkB,EAAE,YAAoB;IAC5D,MAAM,CAAC,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEzE,IAAI,CAAC,OAAO,IAAI,CAAC,KAAK,IAAI,CAAC,UAAU,IAAI,CAAC,YAAY,EAAE,CAAC;QACrD,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IACjE,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACzC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACrC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAE/C,gFAAgF;IAChF,MAAM,GAAG,GAAG,UAAU,CAAC,YAAY,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAE/C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACtD,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE7B,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,YAAY,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC7D,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEpC,OAAO,SAAS,CAAC;AACrB,CAAC"}

package/src/cipher.ts

@@ -0,0 +1,55 @@
+import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'node:crypto';
+
+// Configuración del algoritmo estándar de la industria (AES-256 en modo GCM)
+const ALGORITHM = 'aes-256-gcm';
+const IV_LENGTH = 12; // Vector de inicialización para GCM
+const SALT_LENGTH = 16;
+
+/**
+ * 1. Encriptar texto plano usando una frase maestra
+ */
+export function encrypt(text: string, secretPhrase: string): string {
+    // Generar un salt y un IV aleatorios por cada encriptación para máxima seguridad
+    const salt = randomBytes(SALT_LENGTH);
+    const iv = randomBytes(IV_LENGTH);
+
+    // Derivar una llave segura de 32 bytes (256 bits) a partir de la frase del usuario
+    const key = scryptSync(secretPhrase, salt, 32);
+
+    const cipher = createCipheriv(ALGORITHM, key, iv);
+
+    let encrypted = cipher.update(text, 'utf8', 'hex');
+    encrypted += cipher.final('hex');
+
+    // Obtener el tag de autenticación (GCM asegura que el contenido no sea manipulado)
+    const authTag = cipher.getAuthTag().toString('hex');
+
+    // Empaquetar todo en una sola cadena para fácil almacenamiento
+    return `${salt.toString('hex')}:${iv.toString('hex')}:${authTag}:${encrypted}`;
+}
+
+/**
+ * 2. Desencriptar el bloque asegurando la integridad
+ */
+export function decrypt(cipherText: string, secretPhrase: string): string {
+    const [saltHex, ivHex, authTagHex, encryptedHex] = cipherText.split(':');
+
+    if (!saltHex || !ivHex || !authTagHex || !encryptedHex) {
+        throw new Error('El formato del texto cifrado es inválido.');
+    }
+
+    const salt = Buffer.from(saltHex, 'hex');
+    const iv = Buffer.from(ivHex, 'hex');
+    const authTag = Buffer.from(authTagHex, 'hex');
+
+    // Derivar exactamente la misma llave usando la frase maestra y el salt original
+    const key = scryptSync(secretPhrase, salt, 32);
+
+    const decipher = createDecipheriv(ALGORITHM, key, iv);
+    decipher.setAuthTag(authTag);
+
+    let decrypted = decipher.update(encryptedHex, 'hex', 'utf8');
+    decrypted += decipher.final('utf8');
+
+    return decrypted;
+}

package/src/entropy.d.ts

@@ -0,0 +1,9 @@
+interface PasswordResult {
+    password: string;
+    entropy: number;
+    level: 'DEBIL' | 'MEDIA' | 'FUERTE' | 'MILITAR';
+}
+export declare function calculateEntropy(password: string): number;
+export declare function generateSecurePassword(length?: number): PasswordResult;
+export {};
+//# sourceMappingURL=entropy.d.ts.map

package/src/entropy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entropy.d.ts","sourceRoot":"","sources":["entropy.ts"],"names":[],"mappings":"AAEA,UAAU,cAAc;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,OAAO,GAAG,OAAO,GAAG,QAAQ,GAAG,SAAS,CAAC;CACnD;AAGD,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAWzD;AAWD,wBAAgB,sBAAsB,CAAC,MAAM,GAAE,MAAW,GAAG,cAAc,CAsC1E"}

package/src/entropy.js

@@ -0,0 +1,62 @@
+import { randomInt } from 'node:crypto';
+// 1. Calcular la entropía matemática real
+export function calculateEntropy(password) {
+    let poolSize = 0;
+    if (/[a-z]/.test(password))
+        poolSize += 26;
+    if (/[A-Z]/.test(password))
+        poolSize += 26;
+    if (/[0-9]/.test(password))
+        poolSize += 10;
+    if (/[^a-zA-Z0-9]/.test(password))
+        poolSize += 32; // Símbolos especiales
+    if (poolSize === 0 || password.length === 0)
+        return 0;
+    // Fórmula: L * log2(R)
+    return parseFloat((password.length * Math.log2(poolSize)).toFixed(2));
+}
+// 2. Determinar el nivel de seguridad basado en los bits de entropía
+function getSecurityLevel(entropy) {
+    if (entropy < 40)
+        return 'DEBIL';
+    if (entropy < 60)
+        return 'MEDIA';
+    if (entropy < 80)
+        return 'FUERTE';
+    return 'MILITAR';
+}
+// 3. Generador criptográficamente seguro usando hardware (crypto nativo)
+export function generateSecurePassword(length = 16) {
+    const chars = {
+        upper: 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',
+        lower: 'abcdefghijklmnopqrstuvwxyz',
+        digits: '0123456789',
+        symbols: '!@#$%^&*()_+-=[]{}|;:,.<>?'
+    };
+    const allChars = chars.upper + chars.lower + chars.digits + chars.symbols;
+    const passwordChars = [];
+    // Asegurar que al menos tenga uno de cada tipo para evitar debilidad
+    passwordChars.push(chars.upper[randomInt(chars.upper.length)]);
+    passwordChars.push(chars.lower[randomInt(chars.lower.length)]);
+    passwordChars.push(chars.digits[randomInt(chars.digits.length)]);
+    passwordChars.push(chars.symbols[randomInt(chars.symbols.length)]);
+    // Llenar el resto de la longitud de forma aleatoria segura
+    for (let i = passwordChars.length; i < length; i++) {
+        passwordChars.push(allChars[randomInt(allChars.length)]);
+    }
+    // Mezclar los caracteres para romper el orden del inicio (Fisher-Yates)
+    for (let i = passwordChars.length - 1; i > 0; i--) {
+        const j = randomInt(i + 1);
+        const temp = passwordChars[i];
+        passwordChars[i] = passwordChars[j];
+        passwordChars[j] = temp;
+    }
+    const password = passwordChars.join('');
+    const entropy = calculateEntropy(password);
+    return {
+        password,
+        entropy,
+        level: getSecurityLevel(entropy)
+    };
+}
+//# sourceMappingURL=entropy.js.map

package/src/entropy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"entropy.js","sourceRoot":"","sources":["entropy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAQxC,0CAA0C;AAC1C,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC7C,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,QAAQ,IAAI,EAAE,CAAC;IAC3C,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,QAAQ,IAAI,EAAE,CAAC;IAC3C,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,QAAQ,IAAI,EAAE,CAAC;IAC3C,IAAI,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,QAAQ,IAAI,EAAE,CAAC,CAAC,sBAAsB;IAEzE,IAAI,QAAQ,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IAEtD,uBAAuB;IACvB,OAAO,UAAU,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1E,CAAC;AAED,qEAAqE;AACrE,SAAS,gBAAgB,CAAC,OAAe;IACrC,IAAI,OAAO,GAAG,EAAE;QAAE,OAAO,OAAO,CAAC;IACjC,IAAI,OAAO,GAAG,EAAE;QAAE,OAAO,OAAO,CAAC;IACjC,IAAI,OAAO,GAAG,EAAE;QAAE,OAAO,QAAQ,CAAC;IAClC,OAAO,SAAS,CAAC;AACrB,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,sBAAsB,CAAC,SAAiB,EAAE;IACtD,MAAM,KAAK,GAAG;QACV,KAAK,EAAE,4BAA4B;QACnC,KAAK,EAAE,4BAA4B;QACnC,MAAM,EAAE,YAAY;QACpB,OAAO,EAAE,4BAA4B;KACxC,CAAC;IAEF,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC;IAC1E,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,qEAAqE;IACrE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAE,CAAC,CAAC;IAChE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAE,CAAC,CAAC;IAChE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAE,CAAC,CAAC;IAClE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAE,CAAC,CAAC;IAEpE,2DAA2D;IAC3D,KAAK,IAAI,CAAC,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACjD,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAE,CAAC,CAAC;IAC9D,CAAC;IAED,wEAAwE;IACxE,KAAK,IAAI,CAAC,GAAG,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAChD,MAAM,CAAC,GAAG,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,IAAI,GAAG,aAAa,CAAC,CAAC,CAAE,CAAC;QAC/B,aAAa,CAAC,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,CAAE,CAAC;QACrC,aAAa,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IAC5B,CAAC;IAED,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAE3C,OAAO;QACH,QAAQ;QACR,OAAO;QACP,KAAK,EAAE,gBAAgB,CAAC,OAAO,CAAC;KACnC,CAAC;AACN,CAAC"}

package/src/entropy.ts

@@ -0,0 +1,70 @@
+import { randomInt } from 'node:crypto';
+
+interface PasswordResult {
+    password: string;
+    entropy: number;
+    level: 'DEBIL' | 'MEDIA' | 'FUERTE' | 'MILITAR';
+}
+
+// 1. Calcular la entropía matemática real
+export function calculateEntropy(password: string): number {
+    let poolSize = 0;
+    if (/[a-z]/.test(password)) poolSize += 26;
+    if (/[A-Z]/.test(password)) poolSize += 26;
+    if (/[0-9]/.test(password)) poolSize += 10;
+    if (/[^a-zA-Z0-9]/.test(password)) poolSize += 32; // Símbolos especiales
+
+    if (poolSize === 0 || password.length === 0) return 0;
+
+    // Fórmula: L * log2(R)
+    return parseFloat((password.length * Math.log2(poolSize)).toFixed(2));
+}
+
+// 2. Determinar el nivel de seguridad basado en los bits de entropía
+function getSecurityLevel(entropy: number): 'DEBIL' | 'MEDIA' | 'FUERTE' | 'MILITAR' {
+    if (entropy < 40) return 'DEBIL';
+    if (entropy < 60) return 'MEDIA';
+    if (entropy < 80) return 'FUERTE';
+    return 'MILITAR';
+}
+
+// 3. Generador criptográficamente seguro usando hardware (crypto nativo)
+export function generateSecurePassword(length: number = 16): PasswordResult {
+    const chars = {
+        upper: 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',
+        lower: 'abcdefghijklmnopqrstuvwxyz',
+        digits: '0123456789',
+        symbols: '!@#$%^&*()_+-=[]{}|;:,.<>?'
+    };
+
+    const allChars = chars.upper + chars.lower + chars.digits + chars.symbols;
+    const passwordChars: string[] = [];
+
+    // Asegurar que al menos tenga uno de cada tipo para evitar debilidad
+    passwordChars.push(chars.upper[randomInt(chars.upper.length)]!);
+    passwordChars.push(chars.lower[randomInt(chars.lower.length)]!);
+    passwordChars.push(chars.digits[randomInt(chars.digits.length)]!);
+    passwordChars.push(chars.symbols[randomInt(chars.symbols.length)]!);
+
+    // Llenar el resto de la longitud de forma aleatoria segura
+    for (let i = passwordChars.length; i < length; i++) {
+        passwordChars.push(allChars[randomInt(allChars.length)]!);
+    }
+
+    // Mezclar los caracteres para romper el orden del inicio (Fisher-Yates)
+    for (let i = passwordChars.length - 1; i > 0; i--) {
+        const j = randomInt(i + 1);
+        const temp = passwordChars[i]!;
+        passwordChars[i] = passwordChars[j]!;
+        passwordChars[j] = temp;
+    }
+
+    const password = passwordChars.join('');
+    const entropy = calculateEntropy(password);
+
+    return {
+        password,
+        entropy,
+        level: getSecurityLevel(entropy)
+    };
+}

package/src/index.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=index.d.ts.map

package/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["index.ts"],"names":[],"mappings":""}

package/src/index.js

@@ -0,0 +1,65 @@
+import { createInterface } from 'node:readline';
+import { generateSecurePassword } from './entropy.js';
+import { encrypt, decrypt } from './cipher.js';
+const rl = createInterface({
+    input: process.stdin,
+    output: process.stdout
+});
+function showMenu() {
+    console.log('\n==================================================');
+    console.log('       🛡️  GUARDIÁN CRIPTOGRÁFICO v1.0  🛡️');
+    console.log('==================================================');
+    console.log('1. Generar Contraseña Militar (Cálculo de Entropía)');
+    console.log('2. Encriptar Credenciales o Texto (AES-256-GCM)');
+    console.log('3. Desencriptar Bloque Seguro');
+    console.log('4. Salir del Sistema');
+    console.log('==================================================');
+    rl.question('⚡ Selecciona una operación [1-4]: ', (choice) => {
+        switch (choice.trim()) {
+            case '1':
+                rl.question('\n🔑 Longitud deseada (Enter para 16): ', (len) => {
+                    const length = len ? parseInt(len) : 16;
+                    const res = generateSecurePassword(length);
+                    console.log(`\n✅ Generada: \x1b[32m${res.password}\x1b[0m`);
+                    console.log(`📊 Entropía: ${res.entropy} bits [${res.level}]`);
+                    showMenu();
+                });
+                break;
+            case '2':
+                rl.question('\n📝 Introduce el texto secreto o .env: ', (text) => {
+                    rl.question('🔐 Introduce la frase maestra de cifrado: ', (phrase) => {
+                        const encrypted = encrypt(text, phrase);
+                        console.log('\n📦 \x1b[33mBloque Cifrado Seguro:\x1b[0m');
+                        console.log(`\x1b[36m${encrypted}\x1b[0m`);
+                        showMenu();
+                    });
+                });
+                break;
+            case '3':
+                rl.question('\n📦 Pega el bloque cifrado (salt:iv:tag:text): ', (cipherText) => {
+                    rl.question('🔐 Introduce la frase maestra para descifrar: ', (phrase) => {
+                        try {
+                            const decrypted = decrypt(cipherText.trim(), phrase);
+                            console.log(`\n✨ \x1b[32mTexto Recuperado Exitosamente:\x1b[0m\n${decrypted}`);
+                        }
+                        catch (err) {
+                            console.log('\n❌ \x1b[31mError:\x1b[0m Llave incorrecta o bloque manipulado.');
+                        }
+                        showMenu();
+                    });
+                });
+                break;
+            case '4':
+                console.log('\n🔒 Cerrando búnker. Conexión segura terminada.');
+                rl.close();
+                break;
+            default:
+                console.log('\n❌ Opción no válida.');
+                showMenu();
+                break;
+        }
+    });
+}
+// Iniciar la CLI
+showMenu();
+//# sourceMappingURL=index.js.map

package/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAE/C,MAAM,EAAE,GAAG,eAAe,CAAC;IACvB,KAAK,EAAE,OAAO,CAAC,KAAK;IACpB,MAAM,EAAE,OAAO,CAAC,MAAM;CACzB,CAAC,CAAC;AAEH,SAAS,QAAQ;IACb,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IACpC,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;IAElE,EAAE,CAAC,QAAQ,CAAC,oCAAoC,EAAE,CAAC,MAAM,EAAE,EAAE;QACzD,QAAQ,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;YACpB,KAAK,GAAG;gBACJ,EAAE,CAAC,QAAQ,CAAC,yCAAyC,EAAE,CAAC,GAAG,EAAE,EAAE;oBAC3D,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBACxC,MAAM,GAAG,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;oBAC3C,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,CAAC,QAAQ,SAAS,CAAC,CAAC;oBAC5D,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,CAAC,OAAO,UAAU,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC;oBAC/D,QAAQ,EAAE,CAAC;gBACf,CAAC,CAAC,CAAC;gBACH,MAAM;YAEV,KAAK,GAAG;gBACJ,EAAE,CAAC,QAAQ,CAAC,0CAA0C,EAAE,CAAC,IAAI,EAAE,EAAE;oBAC7D,EAAE,CAAC,QAAQ,CAAC,4CAA4C,EAAE,CAAC,MAAM,EAAE,EAAE;wBACjE,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;wBACxC,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;wBAC1D,OAAO,CAAC,GAAG,CAAC,WAAW,SAAS,SAAS,CAAC,CAAC;wBAC3C,QAAQ,EAAE,CAAC;oBACf,CAAC,CAAC,CAAC;gBACP,CAAC,CAAC,CAAC;gBACH,MAAM;YAEV,KAAK,GAAG;gBACJ,EAAE,CAAC,QAAQ,CAAC,kDAAkD,EAAE,CAAC,UAAU,EAAE,EAAE;oBAC3E,EAAE,CAAC,QAAQ,CAAC,gDAAgD,EAAE,CAAC,MAAM,EAAE,EAAE;wBACrE,IAAI,CAAC;4BACD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,MAAM,CAAC,CAAC;4BACrD,OAAO,CAAC,GAAG,CAAC,sDAAsD,SAAS,EAAE,CAAC,CAAC;wBACnF,CAAC;wBAAC,OAAO,GAAG,EAAE,CAAC;4BACX,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;wBACnF,CAAC;wBACD,QAAQ,EAAE,CAAC;oBACf,CAAC,CAAC,CAAC;gBACP,CAAC,CAAC,CAAC;gBACH,MAAM;YAEV,KAAK,GAAG;gBACJ,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;gBAChE,EAAE,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM;YAEV;gBACI,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;gBACrC,QAAQ,EAAE,CAAC;gBACX,MAAM;QACd,CAAC;IACL,CAAC,CAAC,CAAC;AACP,CAAC;AAED,iBAAiB;AACjB,QAAQ,EAAE,CAAC"}

package/src/index.ts

@@ -0,0 +1,71 @@
+import { createInterface } from 'node:readline';
+import { generateSecurePassword } from './entropy.js';
+import { encrypt, decrypt } from './cipher.js';
+
+const rl = createInterface({
+    input: process.stdin,
+    output: process.stdout
+});
+
+function showMenu() {
+    console.log('\n==================================================');
+    console.log('       🛡️  GUARDIÁN CRIPTOGRÁFICO v1.0  🛡️');
+    console.log('==================================================');
+    console.log('1. Generar Contraseña Militar (Cálculo de Entropía)');
+    console.log('2. Encriptar Credenciales o Texto (AES-256-GCM)');
+    console.log('3. Desencriptar Bloque Seguro');
+    console.log('4. Salir del Sistema');
+    console.log('==================================================');
+
+    rl.question('⚡ Selecciona una operación [1-4]: ', (choice) => {
+        switch (choice.trim()) {
+            case '1':
+                rl.question('\n🔑 Longitud deseada (Enter para 16): ', (len) => {
+                    const length = len ? parseInt(len) : 16;
+                    const res = generateSecurePassword(length);
+                    console.log(`\n✅ Generada: \x1b[32m${res.password}\x1b[0m`);
+                    console.log(`📊 Entropía: ${res.entropy} bits [${res.level}]`);
+                    showMenu();
+                });
+                break;
+
+            case '2':
+                rl.question('\n📝 Introduce el texto secreto o .env: ', (text) => {
+                    rl.question('🔐 Introduce la frase maestra de cifrado: ', (phrase) => {
+                        const encrypted = encrypt(text, phrase);
+                        console.log('\n📦 \x1b[33mBloque Cifrado Seguro:\x1b[0m');
+                        console.log(`\x1b[36m${encrypted}\x1b[0m`);
+                        showMenu();
+                    });
+                });
+                break;
+
+            case '3':
+                rl.question('\n📦 Pega el bloque cifrado (salt:iv:tag:text): ', (cipherText) => {
+                    rl.question('🔐 Introduce la frase maestra para descifrar: ', (phrase) => {
+                        try {
+                            const decrypted = decrypt(cipherText.trim(), phrase);
+                            console.log(`\n✨ \x1b[32mTexto Recuperado Exitosamente:\x1b[0m\n${decrypted}`);
+                        } catch (err) {
+                            console.log('\n❌ \x1b[31mError:\x1b[0m Llave incorrecta o bloque manipulado.');
+                        }
+                        showMenu();
+                    });
+                });
+                break;
+
+            case '4':
+                console.log('\n🔒 Cerrando búnker. Conexión segura terminada.');
+                rl.close();
+                break;
+
+            default:
+                console.log('\n❌ Opción no válida.');
+                showMenu();
+                break;
+        }
+    });
+}
+
+// Iniciar la CLI
+showMenu();

package/tsconfig.json

@@ -0,0 +1,44 @@
+{
+  // Visit https://aka.ms/tsconfig to read more about this file
+  "compilerOptions": {
+    // File Layout
+    // "rootDir": "./src",
+    // "outDir": "./dist",
+
+    // Environment Settings
+    // See also https://aka.ms/tsconfig/module
+    "module": "nodenext",
+    "target": "esnext",
+    "types": ["node"],
+    // For nodejs:
+    // "lib": ["esnext"],
+    // "types": ["node"],
+    // and npm install -D @types/node
+
+    // Other Outputs
+    "sourceMap": true,
+    "declaration": true,
+    "declarationMap": true,
+
+    // Stricter Typechecking Options
+    "noUncheckedIndexedAccess": true,
+    "exactOptionalPropertyTypes": true,
+
+    // Style Options
+    // "noImplicitReturns": true,
+    // "noImplicitOverride": true,
+    // "noUnusedLocals": true,
+    // "noUnusedParameters": true,
+    // "noFallthroughCasesInSwitch": true,
+    // "noPropertyAccessFromIndexSignature": true,
+
+    // Recommended Options
+    "strict": true,
+    "jsx": "react-jsx",
+    "verbatimModuleSyntax": true,
+    "isolatedModules": true,
+    "noUncheckedSideEffectImports": true,
+    "moduleDetection": "force",
+    "skipLibCheck": true,
+  }
+}