ctx-sync 1.0.0

package/dist/commands/init.js

@@ -0,0 +1,272 @@
+/**
+ * `ctx-sync init` command.
+ *
+ * Handles first-time setup (key generation, Git repo init, remote config)
+ * and `--restore` flow (key restoration, repo clone, state decryption).
+ *
+ * @module commands/init
+ */
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { VERSION, SYNC_DIR, CONFIG_DIR, STATE_FILES } from '@ctx-sync/shared';
+import { generateKey } from '../core/encryption.js';
+import { decryptState } from '../core/encryption.js';
+import { saveKey, loadKey } from '../core/key-store.js';
+import { initRepo, addRemote, commitState } from '../core/git-sync.js';
+import { validateRemoteUrl } from '../core/transport.js';
+import { withErrorHandler } from '../utils/errors.js';
+/**
+ * Get the config directory path.
+ * Uses CTX_SYNC_HOME env var for testing, otherwise ~/.config/ctx-sync.
+ */
+export function getConfigDir() {
+    const home = process.env['CTX_SYNC_HOME'] ?? os.homedir();
+    return path.join(home, '.config', CONFIG_DIR);
+}
+/**
+ * Get the sync directory path.
+ * Uses CTX_SYNC_HOME env var for testing, otherwise ~/.context-sync.
+ */
+export function getSyncDir() {
+    const home = process.env['CTX_SYNC_HOME'] ?? os.homedir();
+    return path.join(home, SYNC_DIR);
+}
+/**
+ * Create the initial manifest.json in the sync directory.
+ *
+ * The manifest is the only plaintext file in the sync repo.
+ * It contains only version and timestamps — no sensitive data.
+ */
+export function createManifest(syncDir) {
+    const now = new Date().toISOString();
+    const manifest = {
+        version: VERSION,
+        lastSync: now,
+        files: {},
+    };
+    fs.writeFileSync(path.join(syncDir, STATE_FILES.MANIFEST), JSON.stringify(manifest, null, 2));
+    return manifest;
+}
+/**
+ * Execute the fresh init flow.
+ *
+ * 1. Generate Age key pair.
+ * 2. Save private key to config dir (0o600).
+ * 3. Display public key.
+ * 4. Handle backup (skip in --no-interactive).
+ * 5. Prompt for Git remote URL (or use --remote).
+ * 6. Validate remote URL.
+ * 7. Initialize sync Git repo.
+ * 8. Add remote.
+ * 9. Create manifest.json.
+ * 10. Commit and push.
+ */
+export async function executeInit(options) {
+    const configDir = getConfigDir();
+    const syncDir = getSyncDir();
+    // 1. Generate key pair
+    const { publicKey, privateKey } = await generateKey();
+    // 2. Save private key
+    saveKey(configDir, privateKey);
+    // 3-4. Display key info (handled by CLI output in registerInitCommand)
+    // 5-6. Remote URL
+    let remoteUrl;
+    if (options.remote) {
+        validateRemoteUrl(options.remote);
+        remoteUrl = options.remote;
+    }
+    // 7. Init sync repo
+    await initRepo(syncDir);
+    // 8. Add remote if provided
+    if (remoteUrl) {
+        await addRemote(syncDir, remoteUrl);
+    }
+    // 9. Create manifest
+    createManifest(syncDir);
+    // 10. Commit
+    await commitState(syncDir, [STATE_FILES.MANIFEST], 'chore: initialize context sync');
+    return {
+        publicKey,
+        configDir,
+        syncDir,
+        remoteUrl,
+        manifestCreated: true,
+    };
+}
+/**
+ * Execute the restore flow.
+ *
+ * 1. Accept private key (from --stdin or prompt).
+ * 2. Save key with 0o600 permissions.
+ * 3. Prompt for Git remote URL (or use --remote).
+ * 4. Validate remote URL.
+ * 5. Clone the sync repo to ~/.context-sync/.
+ * 6. Decrypt manifest, list found projects.
+ * 7. Print summary.
+ */
+export async function executeRestore(options) {
+    const configDir = getConfigDir();
+    const syncDir = getSyncDir();
+    // 1-2. Save provided key
+    if (!options.key) {
+        throw new Error('Private key is required for restore.\n' +
+            'Use --stdin to pipe the key, or run without --no-interactive for a prompt.');
+    }
+    // Validate key format
+    const trimmedKey = options.key.trim();
+    if (!trimmedKey.startsWith('AGE-SECRET-KEY-')) {
+        throw new Error('Invalid private key format. Expected key starting with AGE-SECRET-KEY-.\n' +
+            'Check your backup and try again.');
+    }
+    saveKey(configDir, trimmedKey);
+    // 3-4. Remote URL
+    let remoteUrl;
+    if (options.remote) {
+        validateRemoteUrl(options.remote);
+        remoteUrl = options.remote;
+    }
+    // 5. Clone or init repo
+    if (remoteUrl) {
+        // Clone via simple-git
+        const { simpleGit } = await import('simple-git');
+        const git = simpleGit();
+        await git.clone(remoteUrl, syncDir);
+    }
+    else {
+        // Just init locally (no remote to clone from)
+        await initRepo(syncDir);
+    }
+    // 6. Try to decrypt state and list projects
+    let projectCount = 0;
+    const projectNames = [];
+    const stateFile = path.join(syncDir, STATE_FILES.STATE);
+    if (fs.existsSync(stateFile)) {
+        try {
+            const privateKey = loadKey(configDir);
+            const ciphertext = fs.readFileSync(stateFile, 'utf-8');
+            const state = await decryptState(ciphertext, privateKey);
+            if (state.projects && Array.isArray(state.projects)) {
+                projectCount = state.projects.length;
+                for (const project of state.projects) {
+                    if (project.name) {
+                        projectNames.push(project.name);
+                    }
+                }
+            }
+        }
+        catch {
+            // Decryption failed — wrong key or no state yet
+            // This is not fatal for restore setup
+        }
+    }
+    return {
+        configDir,
+        syncDir,
+        remoteUrl,
+        projectCount,
+        projectNames,
+    };
+}
+/**
+ * Read key from stdin (for piped input).
+ */
+export function readKeyFromStdin() {
+    return new Promise((resolve, reject) => {
+        let data = '';
+        if (process.stdin.isTTY) {
+            reject(new Error('No data piped to stdin. Use: echo "AGE-SECRET-KEY-..." | ctx-sync init --restore --stdin'));
+            return;
+        }
+        process.stdin.setEncoding('utf-8');
+        process.stdin.on('data', (chunk) => {
+            data += chunk;
+        });
+        process.stdin.on('end', () => {
+            resolve(data.trim());
+        });
+        process.stdin.on('error', reject);
+    });
+}
+/**
+ * Register the `init` command on the given Commander program.
+ */
+export function registerInitCommand(program) {
+    program
+        .command('init')
+        .description('Initialize ctx-sync (generate keys, set up sync repo)')
+        .option('--restore', 'Restore from backup on a new machine')
+        .option('--no-interactive', 'Skip interactive prompts (use defaults)')
+        .option('--skip-backup', 'Skip key backup prompt (not recommended)')
+        .option('--remote <url>', 'Git remote URL for syncing')
+        .option('--stdin', 'Read private key from stdin (for --restore)')
+        .action(withErrorHandler(async (opts) => {
+        const options = {
+            restore: opts['restore'],
+            noInteractive: opts['interactive'] === false,
+            skipBackup: opts['skipBackup'],
+            remote: opts['remote'],
+            stdin: opts['stdin'],
+        };
+        if (options.restore) {
+            // Restore flow
+            if (options.stdin) {
+                options.key = await readKeyFromStdin();
+            }
+            else if (!options.noInteractive) {
+                // Interactive prompt for key
+                const Enquirer = (await import('enquirer')).default;
+                const enquirer = new Enquirer();
+                const response = await enquirer.prompt({
+                    type: 'password',
+                    name: 'key',
+                    message: 'Paste your private key (AGE-SECRET-KEY-...):',
+                });
+                options.key = response.key;
+            }
+            else {
+                throw new Error('Private key is required for restore.\n' +
+                    'Use --stdin to pipe the key, or run without --no-interactive for a prompt.');
+            }
+            const result = await executeRestore(options);
+            const chalk = (await import('chalk')).default;
+            console.log(chalk.green('✅ Key restored') + ' (permissions set to 600)');
+            console.log(`📂 Sync directory: ${result.syncDir}`);
+            if (result.remoteUrl) {
+                console.log(chalk.green('✅ Remote configured:') + ` ${result.remoteUrl}`);
+            }
+            if (result.projectCount > 0) {
+                console.log(chalk.green(`✅ Found ${result.projectCount} projects:`));
+                for (const name of result.projectNames) {
+                    console.log(`   - ${name}`);
+                }
+            }
+            else {
+                console.log('No existing projects found (sync repo may be empty).');
+            }
+            console.log('\nAll state decrypted! 🎉');
+        }
+        else {
+            // Fresh init flow
+            const result = await executeInit(options);
+            const chalk = (await import('chalk')).default;
+            console.log('\n🔐 Generating encryption key...');
+            console.log(chalk.green('✅ Public key: ') + result.publicKey);
+            console.log(chalk.green('✅ Private key saved to: ') +
+                path.join(result.configDir, 'key.txt'));
+            console.log('   Permissions: 600 (owner read/write only)');
+            if (!options.skipBackup && !options.noInteractive) {
+                console.log(chalk.yellow('\n⚠️  IMPORTANT: Back up your private key NOW!'));
+                console.log('Save it to 1Password, Bitwarden, or another password manager.');
+            }
+            if (result.remoteUrl) {
+                console.log(chalk.green('\n✅ Remote configured:') + ` ${result.remoteUrl}`);
+            }
+            console.log(chalk.green('\n✅ All set!'));
+            console.log('\nNow track your first project:');
+            console.log('  $ cd ~/projects/my-app');
+            console.log('  $ ctx-sync track');
+        }
+    }));
+}
+//# sourceMappingURL=init.js.map

package/dist/commands/init.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE9E,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AA6BtD;;;GAGG;AACH,MAAM,UAAU,YAAY;IAC1B,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;IAC1D,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;AAChD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,UAAU;IACxB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;IAC1D,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AACnC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,OAAe;IAC5C,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAa;QACzB,OAAO,EAAE,OAAO;QAChB,QAAQ,EAAE,GAAG;QACb,KAAK,EAAE,EAAE;KACV,CAAC;IAEF,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAE9F,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,OAAoB;IACpD,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAE7B,uBAAuB;IACvB,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,WAAW,EAAE,CAAC;IAEtD,sBAAsB;IACtB,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAE/B,uEAAuE;IAEvE,kBAAkB;IAClB,IAAI,SAA6B,CAAC;IAClC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,iBAAiB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAClC,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC;IAC7B,CAAC;IAED,oBAAoB;IACpB,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC;IAExB,4BAA4B;IAC5B,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IACtC,CAAC;IAED,qBAAqB;IACrB,cAAc,CAAC,OAAO,CAAC,CAAC;IAExB,aAAa;IACb,MAAM,WAAW,CAAC,OAAO,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,gCAAgC,CAAC,CAAC;IAErF,OAAO;QACL,SAAS;QACT,SAAS;QACT,OAAO;QACP,SAAS;QACT,eAAe,EAAE,IAAI;KACtB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAuC;IAEvC,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAE7B,yBAAyB;IACzB,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,wCAAwC;YACtC,4EAA4E,CAC/E,CAAC;IACJ,CAAC;IAED,sBAAsB;IACtB,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;IACtC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CACb,2EAA2E;YACzE,kCAAkC,CACrC,CAAC;IACJ,CAAC;IAED,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAE/B,kBAAkB;IAClB,IAAI,SAA6B,CAAC;IAClC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,iBAAiB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAClC,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC;IAC7B,CAAC;IAED,wBAAwB;IACxB,IAAI,SAAS,EAAE,CAAC;QACd,uBAAuB;QACvB,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;QACjD,MAAM,GAAG,GAAG,SAAS,EAAE,CAAC;QACxB,MAAM,GAAG,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACtC,CAAC;SAAM,CAAC;QACN,8CAA8C;QAC9C,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC1B,CAAC;IAED,4CAA4C;IAC5C,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC;IACxD,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;YACtC,MAAM,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACvD,MAAM,KAAK,GAAG,MAAM,YAAY,CAC9B,UAAU,EACV,UAAU,CACX,CAAC;YAEF,IAAI,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpD,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACrC,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;oBACrC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;wBACjB,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAClC,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,gDAAgD;YAChD,sCAAsC;QACxC,CAAC;IACH,CAAC;IAED,OAAO;QACL,SAAS;QACT,OAAO;QACP,SAAS;QACT,YAAY;QACZ,YAAY;KACb,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QAEd,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,KAAK,CAAC,0FAA0F,CAAC,CAAC,CAAC;YAC9G,OAAO;QACT,CAAC;QAED,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACnC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACzC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YAC3B,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACvB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAgB;IAClD,OAAO;SACJ,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,uDAAuD,CAAC;SACpE,MAAM,CAAC,WAAW,EAAE,sCAAsC,CAAC;SAC3D,MAAM,CAAC,kBAAkB,EAAE,yCAAyC,CAAC;SACrE,MAAM,CAAC,eAAe,EAAE,0CAA0C,CAAC;SACnE,MAAM,CAAC,gBAAgB,EAAE,4BAA4B,CAAC;SACtD,MAAM,CAAC,SAAS,EAAE,6CAA6C,CAAC;SAChE,MAAM,CAAC,gBAAgB,CAAC,KAAK,EAAE,IAA6B,EAAE,EAAE;QAC/D,MAAM,OAAO,GAAmC;YAC9C,OAAO,EAAE,IAAI,CAAC,SAAS,CAAwB;YAC/C,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK,KAAK;YAC5C,UAAU,EAAE,IAAI,CAAC,YAAY,CAAwB;YACrD,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAuB;YAC5C,KAAK,EAAE,IAAI,CAAC,OAAO,CAAwB;SAC5C,CAAC;QAEF,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAClB,eAAe;YACf,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAClB,OAAO,CAAC,GAAG,GAAG,MAAM,gBAAgB,EAAE,CAAC;YACzC,CAAC;iBAAM,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;gBAClC,6BAA6B;gBAC7B,MAAM,QAAQ,GAAG,CAAC,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC;gBACpD,MAAM,QAAQ,GAAG,IAAI,QAAQ,EAAmB,CAAC;gBACjD,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;oBACrC,IAAI,EAAE,UAAU;oBAChB,IAAI,EAAE,KAAK;oBACX,OAAO,EAAE,8CAA8C;iBACxD,CAAC,CAAC;gBACH,OAAO,CAAC,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC;YAC7B,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,wCAAwC;oBACtC,4EAA4E,CAC/E,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,CAAC;YAE7C,MAAM,KAAK,GAAG,CAAC,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;YAC9C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,gBAAgB,CAAC,GAAG,2BAA2B,CAAC,CAAC;YACzE,OAAO,CAAC,GAAG,CAAC,sBAAsB,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;YAEpD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBACrB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,sBAAsB,CAAC,GAAG,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;YAC5E,CAAC;YAED,IAAI,MAAM,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;gBAC5B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,WAAW,MAAM,CAAC,YAAY,YAAY,CAAC,CAAC,CAAC;gBACrE,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;oBACvC,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;gBAC9B,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;YACtE,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QAC3C,CAAC;aAAM,CAAC;YACN,kBAAkB;YAClB,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,CAAC;YAE1C,MAAM,KAAK,GAAG,CAAC,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;YAC9C,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,gBAAgB,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;YAC9D,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,KAAK,CAAC,0BAA0B,CAAC;gBACrC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,CACzC,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;YAE3D,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;gBAClD,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,MAAM,CAAC,gDAAgD,CAAC,CAC/D,CAAC;gBACF,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;YAC/E,CAAC;YAED,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBACrB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,CAAC,GAAG,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;YAC9E,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC;YACzC,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;YACxC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;QACpC,CAAC;IACL,CAAC,CAAC,CAAC,CAAC;AACR,CAAC"}

package/dist/commands/key.d.ts

@@ -0,0 +1,92 @@
+/**
+ * `ctx-sync key` command group.
+ *
+ * Manages encryption key lifecycle:
+ *   - `key show`   — display public key (NEVER the private key).
+ *   - `key verify`  — check key file and config directory permissions.
+ *   - `key rotate`  — generate new key, re-encrypt all state, rewrite Git history.
+ *   - `key update`  — restore a rotated key from another machine (stdin/prompt).
+ *
+ * **Security:**
+ *   - `key show` never outputs the private key.
+ *   - `key rotate` rewrites Git history so old encrypted blobs are purged.
+ *   - `key update` reads the new private key from stdin, never from CLI args.
+ *
+ * @module commands/key
+ */
+import type { Command } from 'commander';
+/** Result of key show */
+export interface KeyShowResult {
+    publicKey: string;
+}
+/** Result of key verify */
+export interface KeyVerifyResult {
+    valid: boolean;
+    keyFileExists: boolean;
+    keyFilePerms: number | null;
+    configDirPerms: number | null;
+    issues: string[];
+}
+/** Options for key rotate */
+export interface KeyRotateOptions {
+    /** Skip interactive prompts (for testing / non-interactive mode) */
+    noInteractive?: boolean;
+    /** Skip force-push to remote (for testing / local-only setups) */
+    noForcePush?: boolean;
+}
+/** Result of key rotate */
+export interface KeyRotateResult {
+    oldPublicKey: string;
+    newPublicKey: string;
+    filesReEncrypted: string[];
+    gitHistoryRewritten: boolean;
+}
+/** Options for key update */
+export interface KeyUpdateOptions {
+    /** Read key from stdin instead of interactive prompt */
+    stdin?: boolean;
+    /** Override key input for testing */
+    keyInput?: string;
+}
+/** Result of key update */
+export interface KeyUpdateResult {
+    publicKey: string;
+    configDir: string;
+}
+/**
+ * Execute `ctx-sync key show`.
+ *
+ * Loads the private key and derives the public key from it.
+ * NEVER outputs or returns the private key.
+ */
+export declare function executeKeyShow(): Promise<KeyShowResult>;
+/**
+ * Execute `ctx-sync key verify`.
+ *
+ * Checks that the key file and config directory have correct permissions.
+ */
+export declare function executeKeyVerify(): KeyVerifyResult;
+/**
+ * Execute `ctx-sync key rotate`.
+ *
+ * 1. Generate a new key pair.
+ * 2. Decrypt ALL .age files with the old key.
+ * 3. Re-encrypt ALL with the new key.
+ * 4. Save the new private key (0o600).
+ * 5. Rewrite Git history to remove old encrypted blobs.
+ * 6. Optionally force-push to remote.
+ * 7. Return result for display.
+ */
+export declare function executeKeyRotate(_options?: KeyRotateOptions): Promise<KeyRotateResult>;
+/**
+ * Execute `ctx-sync key update`.
+ *
+ * Prompts for (or reads from stdin) a new private key, validates it,
+ * and saves it with correct permissions.
+ */
+export declare function executeKeyUpdate(options?: KeyUpdateOptions): Promise<KeyUpdateResult>;
+/**
+ * Register the `ctx-sync key` command group on the given program.
+ */
+export declare function registerKeyCommand(program: Command): void;
+//# sourceMappingURL=key.d.ts.map

package/dist/commands/key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key.d.ts","sourceRoot":"","sources":["../../src/commands/key.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAmBzC,yBAAyB;AACzB,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,2BAA2B;AAC3B,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,OAAO,CAAC;IACf,aAAa,EAAE,OAAO,CAAC;IACvB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,6BAA6B;AAC7B,MAAM,WAAW,gBAAgB;IAC/B,oEAAoE;IACpE,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,kEAAkE;IAClE,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,2BAA2B;AAC3B,MAAM,WAAW,eAAe;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,EAAE,OAAO,CAAC;CAC9B;AAED,6BAA6B;AAC7B,MAAM,WAAW,gBAAgB;IAC/B,wDAAwD;IACxD,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,qCAAqC;IACrC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,2BAA2B;AAC3B,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAID;;;;;GAKG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC,aAAa,CAAC,CAK7D;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,eAAe,CAGlD;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,gBAAgB,CACpC,QAAQ,GAAE,gBAAqB,GAC9B,OAAO,CAAC,eAAe,CAAC,CAuD1B;AAgDD;;;;;GAKG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,GAAE,gBAAqB,GAC7B,OAAO,CAAC,eAAe,CAAC,CA+B1B;AAuCD;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAwEzD"}

package/dist/commands/key.js

@@ -0,0 +1,274 @@
+/**
+ * `ctx-sync key` command group.
+ *
+ * Manages encryption key lifecycle:
+ *   - `key show`   — display public key (NEVER the private key).
+ *   - `key verify`  — check key file and config directory permissions.
+ *   - `key rotate`  — generate new key, re-encrypt all state, rewrite Git history.
+ *   - `key update`  — restore a rotated key from another machine (stdin/prompt).
+ *
+ * **Security:**
+ *   - `key show` never outputs the private key.
+ *   - `key rotate` rewrites Git history so old encrypted blobs are purged.
+ *   - `key update` reads the new private key from stdin, never from CLI args.
+ *
+ * @module commands/key
+ */
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as readline from 'node:readline';
+import { withErrorHandler } from '../utils/errors.js';
+import { identityToRecipient } from 'age-encryption';
+import { generateKey, decryptState, encryptState } from '../core/encryption.js';
+import { saveKey, loadKey, verifyPermissions, KEY_FILE_PERMS, } from '../core/key-store.js';
+import { listStateFiles, readManifest, writeManifest, } from '../core/state-manager.js';
+import { getConfigDir, getSyncDir } from './init.js';
+// ─── Core Logic ───────────────────────────────────────────────────────────
+/**
+ * Execute `ctx-sync key show`.
+ *
+ * Loads the private key and derives the public key from it.
+ * NEVER outputs or returns the private key.
+ */
+export async function executeKeyShow() {
+    const configDir = getConfigDir();
+    const privateKey = loadKey(configDir);
+    const publicKey = await identityToRecipient(privateKey);
+    return { publicKey };
+}
+/**
+ * Execute `ctx-sync key verify`.
+ *
+ * Checks that the key file and config directory have correct permissions.
+ */
+export function executeKeyVerify() {
+    const configDir = getConfigDir();
+    return verifyPermissions(configDir);
+}
+/**
+ * Execute `ctx-sync key rotate`.
+ *
+ * 1. Generate a new key pair.
+ * 2. Decrypt ALL .age files with the old key.
+ * 3. Re-encrypt ALL with the new key.
+ * 4. Save the new private key (0o600).
+ * 5. Rewrite Git history to remove old encrypted blobs.
+ * 6. Optionally force-push to remote.
+ * 7. Return result for display.
+ */
+export async function executeKeyRotate(_options = {}) {
+    const configDir = getConfigDir();
+    const syncDir = getSyncDir();
+    // 1. Load old key
+    const oldPrivateKey = loadKey(configDir);
+    const oldPublicKey = await identityToRecipient(oldPrivateKey);
+    // 2. Generate new key pair
+    const { publicKey: newPublicKey, privateKey: newPrivateKey } = await generateKey();
+    // 3. Re-encrypt all .age files
+    const ageFiles = listStateFiles(syncDir);
+    const filesReEncrypted = [];
+    for (const filename of ageFiles) {
+        const filePath = path.join(syncDir, filename);
+        const ciphertext = fs.readFileSync(filePath, 'utf-8');
+        if (!ciphertext.trim()) {
+            continue; // Skip empty files
+        }
+        // Decrypt with old key, re-encrypt with new key
+        const plainData = await decryptState(ciphertext, oldPrivateKey);
+        const newCiphertext = await encryptState(plainData, newPublicKey);
+        fs.writeFileSync(filePath, newCiphertext, 'utf-8');
+        filesReEncrypted.push(filename);
+    }
+    // 4. Save the new private key
+    saveKey(configDir, newPrivateKey);
+    // 5. Update manifest
+    const manifest = readManifest(syncDir);
+    if (manifest) {
+        manifest.lastSync = new Date().toISOString();
+        writeManifest(syncDir, manifest);
+    }
+    // 6. Rewrite Git history to remove old encrypted blobs
+    let gitHistoryRewritten = false;
+    const gitDir = path.join(syncDir, '.git');
+    if (fs.existsSync(gitDir)) {
+        gitHistoryRewritten = await rewriteGitHistory(syncDir);
+    }
+    return {
+        oldPublicKey,
+        newPublicKey,
+        filesReEncrypted,
+        gitHistoryRewritten,
+    };
+}
+/**
+ * Rewrite Git history to remove old encrypted blobs.
+ *
+ * Uses `git checkout --orphan` + fresh commit to create a clean history
+ * with only the current (re-encrypted) files. This is safer and more
+ * portable than `git filter-branch`.
+ */
+async function rewriteGitHistory(syncDir) {
+    const { simpleGit } = await import('simple-git');
+    const git = simpleGit(syncDir);
+    try {
+        // Create an orphan branch with only current files
+        const orphanBranch = `_key-rotation-${Date.now()}`;
+        await git.checkout(['--orphan', orphanBranch]);
+        // Stage all current files
+        await git.add('.');
+        // Commit
+        await git.commit('key: rotate — re-encrypted all state with new key');
+        // Delete old main/master branch, rename orphan
+        const branches = await git.branchLocal();
+        const mainBranch = branches.all.find((b) => b === 'main' || b === 'master') ?? 'main';
+        // Only delete the old branch if it's different from our orphan
+        if (branches.all.includes(mainBranch) && mainBranch !== orphanBranch) {
+            await git.branch(['-D', mainBranch]);
+        }
+        await git.branch(['-m', mainBranch]);
+        // Clean up old objects
+        await git.raw(['reflog', 'expire', '--expire=now', '--all']);
+        await git.raw(['gc', '--prune=now', '--aggressive']);
+        return true;
+    }
+    catch {
+        // If history rewrite fails, the rotation still succeeded
+        // (files are re-encrypted), just old history remains
+        return false;
+    }
+}
+/**
+ * Execute `ctx-sync key update`.
+ *
+ * Prompts for (or reads from stdin) a new private key, validates it,
+ * and saves it with correct permissions.
+ */
+export async function executeKeyUpdate(options = {}) {
+    const configDir = getConfigDir();
+    let keyInput;
+    if (options.keyInput !== undefined) {
+        // Direct input (for testing)
+        keyInput = options.keyInput;
+    }
+    else if (options.stdin) {
+        // Read from stdin
+        keyInput = await readKeyFromStdin();
+    }
+    else {
+        // Interactive prompt
+        keyInput = await readKeyFromPrompt();
+    }
+    const trimmedKey = keyInput.trim();
+    // Validate the key looks like an Age private key
+    if (!trimmedKey.startsWith('AGE-SECRET-KEY-')) {
+        throw new Error('Invalid key format. Expected an Age private key starting with AGE-SECRET-KEY-');
+    }
+    // Derive public key to verify it's valid
+    const publicKey = await identityToRecipient(trimmedKey);
+    // Save with secure permissions
+    saveKey(configDir, trimmedKey);
+    return { publicKey, configDir };
+}
+/**
+ * Read a private key from stdin (pipe mode).
+ */
+function readKeyFromStdin() {
+    return new Promise((resolve, reject) => {
+        let data = '';
+        process.stdin.setEncoding('utf-8');
+        process.stdin.on('data', (chunk) => {
+            data += chunk;
+        });
+        process.stdin.on('end', () => resolve(data));
+        process.stdin.on('error', reject);
+    });
+}
+/**
+ * Read a private key from an interactive prompt.
+ */
+function readKeyFromPrompt() {
+    return new Promise((resolve, reject) => {
+        const rl = readline.createInterface({
+            input: process.stdin,
+            output: process.stdout,
+        });
+        rl.question('Paste your private key (AGE-SECRET-KEY-...): ', (answer) => {
+            rl.close();
+            if (!answer) {
+                reject(new Error('No key provided.'));
+            }
+            else {
+                resolve(answer);
+            }
+        });
+    });
+}
+// ─── Commander Registration ───────────────────────────────────────────────
+/**
+ * Register the `ctx-sync key` command group on the given program.
+ */
+export function registerKeyCommand(program) {
+    const keyCmd = program
+        .command('key')
+        .description('Manage encryption keys');
+    // ── key show ──────────────────────────────────────────────────────
+    keyCmd
+        .command('show')
+        .description('Display your public key (never shows private key)')
+        .action(withErrorHandler(async () => {
+        const result = await executeKeyShow();
+        console.log(`Public key: ${result.publicKey}`);
+    }));
+    // ── key verify ────────────────────────────────────────────────────
+    keyCmd
+        .command('verify')
+        .description('Verify key file and config directory permissions')
+        .action(withErrorHandler(async () => {
+        const result = executeKeyVerify();
+        if (result.valid) {
+            console.log('✓ Key verification passed');
+            console.log(`  Key file: permissions ${result.keyFilePerms?.toString(8) ?? 'n/a'}`);
+            console.log(`  Config dir: permissions ${result.configDirPerms?.toString(8) ?? 'n/a'}`);
+        }
+        else {
+            console.error('✗ Key verification failed:');
+            for (const issue of result.issues) {
+                console.error(`  - ${issue}`);
+            }
+            process.exit(1);
+        }
+    }));
+    // ── key rotate ────────────────────────────────────────────────────
+    keyCmd
+        .command('rotate')
+        .description('Rotate encryption key — re-encrypts all state')
+        .option('-n, --no-interactive', 'Skip confirmation prompts')
+        .action(withErrorHandler(async (opts) => {
+        const result = await executeKeyRotate({
+            noInteractive: !opts.interactive,
+        });
+        console.log('✓ Key rotation complete');
+        console.log(`  Old public key: ${result.oldPublicKey}`);
+        console.log(`  New public key: ${result.newPublicKey}`);
+        console.log(`  Files re-encrypted: ${String(result.filesReEncrypted.length)}`);
+        if (result.gitHistoryRewritten) {
+            console.log('  Git history: rewritten (old blobs purged)');
+        }
+        console.log('\n⚠ IMPORTANT: All other machines must run:\n' +
+            '  ctx-sync key update\n' +
+            '  Then paste the new private key.');
+    }));
+    // ── key update ────────────────────────────────────────────────────
+    keyCmd
+        .command('update')
+        .description('Update private key on this machine (after rotation elsewhere)')
+        .option('--stdin', 'Read key from stdin')
+        .action(withErrorHandler(async (opts) => {
+        const result = await executeKeyUpdate({ stdin: opts.stdin });
+        console.log('✓ Key updated');
+        console.log(`  Public key: ${result.publicKey}`);
+        console.log(`  Saved to: ${result.configDir}`);
+        console.log(`  Permissions: ${KEY_FILE_PERMS.toString(8)}`);
+    }));
+}
+//# sourceMappingURL=key.js.map

package/dist/commands/key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key.js","sourceRoot":"","sources":["../../src/commands/key.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,QAAQ,MAAM,eAAe,CAAC;AAE1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAChF,OAAO,EACL,OAAO,EACP,OAAO,EACP,iBAAiB,EACjB,cAAc,GACf,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,cAAc,EACd,YAAY,EACZ,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAgDrD,6EAA6E;AAE7E;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,MAAM,mBAAmB,CAAC,UAAU,CAAC,CAAC;IACxD,OAAO,EAAE,SAAS,EAAE,CAAC;AACvB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,OAAO,iBAAiB,CAAC,SAAS,CAAC,CAAC;AACtC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,WAA6B,EAAE;IAE/B,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAE7B,kBAAkB;IAClB,MAAM,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IACzC,MAAM,YAAY,GAAG,MAAM,mBAAmB,CAAC,aAAa,CAAC,CAAC;IAE9D,2BAA2B;IAC3B,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,GAC1D,MAAM,WAAW,EAAE,CAAC;IAEtB,+BAA+B;IAC/B,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IACzC,MAAM,gBAAgB,GAAa,EAAE,CAAC;IAEtC,KAAK,MAAM,QAAQ,IAAI,QAAQ,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC9C,MAAM,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAEtD,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,CAAC;YACvB,SAAS,CAAC,mBAAmB;QAC/B,CAAC;QAED,gDAAgD;QAChD,MAAM,SAAS,GAAG,MAAM,YAAY,CAAU,UAAU,EAAE,aAAa,CAAC,CAAC;QACzE,MAAM,aAAa,GAAG,MAAM,YAAY,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QAClE,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;QACnD,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAED,8BAA8B;IAC9B,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IAElC,qBAAqB;IACrB,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IACvC,IAAI,QAAQ,EAAE,CAAC;QACb,QAAQ,CAAC,QAAQ,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC7C,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IACnC,CAAC;IAED,uDAAuD;IACvD,IAAI,mBAAmB,GAAG,KAAK,CAAC;IAChC,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAE1C,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1B,mBAAmB,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACzD,CAAC;IAED,OAAO;QACL,YAAY;QACZ,YAAY;QACZ,gBAAgB;QAChB,mBAAmB;KACpB,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,iBAAiB,CAAC,OAAe;IAC9C,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;IACjD,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAE/B,IAAI,CAAC;QACH,kDAAkD;QAClD,MAAM,YAAY,GAAG,iBAAiB,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QACnD,MAAM,GAAG,CAAC,QAAQ,CAAC,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC,CAAC;QAE/C,0BAA0B;QAC1B,MAAM,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEnB,SAAS;QACT,MAAM,GAAG,CAAC,MAAM,CAAC,mDAAmD,CAAC,CAAC;QAEtE,+CAA+C;QAC/C,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,WAAW,EAAE,CAAC;QACzC,MAAM,UAAU,GACd,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,QAAQ,CAAC,IAAI,MAAM,CAAC;QAErE,+DAA+D;QAC/D,IAAI,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,UAAU,KAAK,YAAY,EAAE,CAAC;YACrE,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;QACvC,CAAC;QAED,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;QAErC,uBAAuB;QACvB,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC,CAAC;QAC7D,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,aAAa,EAAE,cAAc,CAAC,CAAC,CAAC;QAErD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,yDAAyD;QACzD,qDAAqD;QACrD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,UAA4B,EAAE;IAE9B,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,IAAI,QAAgB,CAAC;IAErB,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACnC,6BAA6B;QAC7B,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAC9B,CAAC;SAAM,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QACzB,kBAAkB;QAClB,QAAQ,GAAG,MAAM,gBAAgB,EAAE,CAAC;IACtC,CAAC;SAAM,CAAC;QACN,qBAAqB;QACrB,QAAQ,GAAG,MAAM,iBAAiB,EAAE,CAAC;IACvC,CAAC;IAED,MAAM,UAAU,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;IAEnC,iDAAiD;IACjD,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CACb,+EAA+E,CAChF,CAAC;IACJ,CAAC;IAED,yCAAyC;IACzC,MAAM,SAAS,GAAG,MAAM,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAExD,+BAA+B;IAC/B,OAAO,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAE/B,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACnC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACzC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7C,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB;IACxB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC;YAClC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC,CAAC;QACH,EAAE,CAAC,QAAQ,CAAC,+CAA+C,EAAE,CAAC,MAAM,EAAE,EAAE;YACtE,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,CAAC,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC;YACxC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,6EAA6E;AAE7E;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAgB;IACjD,MAAM,MAAM,GAAG,OAAO;SACnB,OAAO,CAAC,KAAK,CAAC;SACd,WAAW,CAAC,wBAAwB,CAAC,CAAC;IAEzC,qEAAqE;IACrE,MAAM;SACH,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,mDAAmD,CAAC;SAChE,MAAM,CAAC,gBAAgB,CAAC,KAAK,IAAI,EAAE;QAClC,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC,CAAC;IAEN,qEAAqE;IACrE,MAAM;SACH,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,kDAAkD,CAAC;SAC/D,MAAM,CAAC,gBAAgB,CAAC,KAAK,IAAI,EAAE;QAClC,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAElC,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;YACzC,OAAO,CAAC,GAAG,CAAC,2BAA2B,MAAM,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC,CAAC;YACpF,OAAO,CAAC,GAAG,CAAC,6BAA6B,MAAM,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC,CAAC;QAC1F,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;YAC5C,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClC,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,EAAE,CAAC,CAAC;YAChC,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC,CAAC;IAEN,qEAAqE;IACrE,MAAM;SACH,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,+CAA+C,CAAC;SAC5D,MAAM,CAAC,sBAAsB,EAAE,2BAA2B,CAAC;SAC3D,MAAM,CAAC,gBAAgB,CAAC,KAAK,EAAE,IAA8B,EAAE,EAAE;QAChE,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC;YACpC,aAAa,EAAE,CAAC,IAAI,CAAC,WAAW;SACjC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,qBAAqB,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CACT,yBAAyB,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAClE,CAAC;QACF,IAAI,MAAM,CAAC,mBAAmB,EAAE,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO,CAAC,GAAG,CACT,+CAA+C;YAC7C,yBAAyB;YACzB,mCAAmC,CACtC,CAAC;IACJ,CAAC,CAAC,CAAC,CAAC;IAEN,qEAAqE;IACrE,MAAM;SACH,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,+DAA+D,CAAC;SAC5E,MAAM,CAAC,SAAS,EAAE,qBAAqB,CAAC;SACxC,MAAM,CAAC,gBAAgB,CAAC,KAAK,EAAE,IAAyB,EAAE,EAAE;QAC3D,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,iBAAiB,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,kBAAkB,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC,CAAC;AACR,CAAC"}