git-userhub 3.0.10 → 3.1.1

package/README.md

@@ -127,7 +127,7 @@ remove <name>               Delete an identity
 edit <name> <email>         Update email
 bind <name>                 Link an SSH key
 pubkey                      Show public key of active identity
-passphrase                  Change passphrase for active identity
+passphrase                  Add, change, or remove (--remove) passphrase for active identity
 rekey <name>                Rotate SSH key
 fix-remote                  Convert HTTPS remotes to SSH
 session start [--ttl <d>]   Load SSH key into ssh-agent

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "git-userhub",
-  "version": "3.0.10",
+  "version": "3.1.1",
   "description": "Switch Git accounts in one command. No config editing. No SSH key chaos.",
   "bin": {
     "git-user": "bin/git-user.js"

package/scripts/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Divyo Argha
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/scripts/README.md

@@ -0,0 +1,524 @@
+<div align="center">
+  <br />
+  <img src="img/git-user-logo-clean.png" alt="git-user" width="120" height="120" style="border-radius:26px" />
+  <!-- <br /><br /> -->
+  <h1>git-user</h1>
+
+  <p>
+    <strong>One command to rule all your Git identities.</strong><br />
+    Stop committing as the wrong person. Stop juggling SSH keys. Stop editing config files.
+  </p>
+
+  <p>
+    <a href="https://github.com/divyo-argha/git-user/releases"><img src="https://img.shields.io/github/v/release/divyo-argha/git-user?style=flat&color=00FFAA&label=latest" alt="Latest Release" /></a>
+    <a href="https://github.com/divyo-argha/git-user/releases"><img src="https://img.shields.io/github/downloads/divyo-argha/git-user/total?style=flat&color=00FFAA&label=gh%20downloads" alt="GitHub Downloads" /></a>
+    <a href="https://www.npmjs.com/package/git-userhub"><img src="https://img.shields.io/npm/v/git-userhub?style=flat&color=CB3837&logo=npm&logoColor=white&label=npm" alt="npm" /></a>
+    <a href="https://www.npmjs.com/package/git-userhub"><img src="https://img.shields.io/npm/dt/git-userhub?style=flat&color=CB3837&logo=npm&logoColor=white&label=total%20downloads" alt="total downloads" /></a>
+    <a href="https://github.com/divyo-argha/git-user"><img src="https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/divyo-argha/git-user/main/badges/total-downloads.json&style=flat" alt="Combined Downloads" /></a>
+    <a href="https://pkg.go.dev/github.com/divyo-argha/git-user"><img src="https://img.shields.io/badge/Go-1.21+-00ADD8?style=flat&logo=go&logoColor=white" alt="Go" /></a>
+    <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-22c55e?style=flat" alt="MIT" /></a>
+  </p>
+
+  <p>
+    <a href="#-the-problem">The Problem</a> ·
+    <a href="#-install">Install</a> ·
+    <a href="#-quick-start">Quick Start</a> ·
+    <a href="#-why-git-user">Why git-user</a> ·
+    <a href="#-features">Features</a> ·
+    <a href="#-commands">Commands</a> ·
+    <a href="#-security">Security</a> ·
+    <a href="#-contributing">Contributing</a>
+  </p>
+
+  <br />
+
+  <img src="https://img.shields.io/badge/GitHub-supported-181717?style=flat&logo=github&logoColor=white" alt="GitHub" />
+  <img src="https://img.shields.io/badge/GitLab-supported-FC6D26?style=flat&logo=gitlab&logoColor=white" alt="GitLab" />
+  <img src="https://img.shields.io/badge/Bitbucket-supported-0052CC?style=flat&logo=bitbucket&logoColor=white" alt="Bitbucket" />
+  <img src="https://img.shields.io/badge/macOS-supported-000000?style=flat&logo=apple&logoColor=white" alt="macOS" />
+  <img src="https://img.shields.io/badge/Linux-supported-FCC624?style=flat&logo=linux&logoColor=black" alt="Linux" />
+  <img src="https://img.shields.io/badge/Windows-supported-0078D4?style=flat&logo=windows&logoColor=white" alt="Windows" />
+
+  <br /><br />
+
+</div>
+
+---
+
+## 😤 The Problem
+
+You're a developer with multiple lives — work, personal, freelance, open source. Each one has its own Git account, its own SSH key, its own email.
+
+And every few weeks, this happens:
+
+```
+# You just pushed 3 commits to your client's repo.
+# Then you check the author.
+
+Author: you@personal.com   ← 💀 wrong account. again.
+
+# Or your work email leaked onto your public GitHub profile.
+# Or your client can see your personal email in their repo history.
+```
+
+You've tried everything:
+
+| Attempt | Result |
+|---------|--------|
+| Editing `~/.gitconfig` manually | You forget. Every time. |
+| Per-repo `.git/config` overrides | Works until you clone a new repo |
+| Multiple terminal profiles | Still mix them up |
+| SSH config `Host` aliases | Breaks half your existing remotes |
+| Remembering which key goes where | Not a real solution |
+
+**git-user is the permanent fix.** Register your identities once. Switch with one command. Everything — git config, SSH key, remote verification — updates automatically in under a second.
+
+---
+
+## 📦 Install
+
+<table>
+<tr>
+<td width="33%" valign="top">
+
+### One-line
+```bash
+curl -sSfL https://raw.githubusercontent.com/divyo-argha/git-user/main/install.sh | bash
+```
+Restart your terminal. PATH is configured automatically.
+
+</td>
+<td width="33%" valign="top">
+
+### npm
+```bash
+npm install -g git-userhub
+```
+> Published as `git-userhub` on npm.
+> After install, the command is `git-user`.
+
+</td>
+<td width="33%" valign="top">
+
+### Go
+```bash
+go install github.com/divyo-argha/git-user@latest
+```
+
+### Self-update
+```bash
+git-user --update
+```
+
+</td>
+</tr>
+</table>
+
+**Requirements:** ![Git](https://img.shields.io/badge/Git-required-F05032?style=flat&logo=git&logoColor=white) · ssh-keygen (optional, for SSH key generation)
+
+---
+
+## ⚡ Quick Start
+
+Two minutes to set up. One second to switch forever after.
+
+```bash
+# Step 1 — register your identities (guided, interactive)
+git-user register   # → name: work,     email: you@company.com
+git-user register   # → name: personal, email: you@gmail.com
+git-user register   # → name: client-a, email: you@client.com
+
+# Step 2 — switch
+git-user switch work
+
+# Step 3 — push. that's it.
+git push   # ← commits as you@company.com ✓
+```
+
+```bash
+# Create and switch in one command
+git-user switch -c freelance me@freelance.com
+
+# Always know who you are
+git-user current
+```
+
+---
+
+## 🏆 Why git-user?
+
+There are other tools that try to solve this. Here's how git-user is different:
+
+| Feature | git-user | direnv / per-dir config | SSH `Host` aliases | Manual `~/.gitconfig` |
+|---------|:--------:|:----------------------:|:------------------:|:---------------------:|
+| One command to switch everything | ✅ | ❌ | ❌ | ❌ |
+| SSH key managed automatically | ✅ | ❌ | ⚠️ partial | ❌ |
+| Works across all repos, not just one | ✅ | ❌ | ✅ | ✅ |
+| SSH connection verified on switch | ✅ | ❌ | ❌ | ❌ |
+| Clean logout/sign-out to void state | ✅ | ❌ | ❌ | ❌ |
+| Encrypted export/import | ✅ | ❌ | ❌ | ❌ |
+| Pre-commit identity guard | ✅ | ❌ | ❌ | ❌ |
+| Security audit built-in | ✅ | ❌ | ❌ | ❌ |
+| Interactive TUI | ✅ | ❌ | ❌ | ❌ |
+| Shell completions | ✅ | ❌ | ❌ | ❌ |
+| Zero config files to edit manually | ✅ | ❌ | ❌ | ❌ |
+
+> **The key difference:** git-user manages the *whole identity* — name, email, SSH key, and passphrase protection — as a single atomic unit. Other approaches only solve part of the problem, leaving you to manually wire the rest.
+
+---
+
+## ✨ Features
+
+<table>
+<tr>
+<td width="50%" valign="top">
+
+### 🔑 Identity Management
+- Register unlimited identities — name, email, SSH key
+- Switch in one command, git config updates instantly
+- `switch -c <name>` — create and switch in one step
+- Edit email without re-registering
+- Remove identities safely, with active-identity guard
+
+</td>
+<td width="50%" valign="top">
+
+### 🔐 SSH Key Handling
+- Auto-generate ed25519 keys per identity
+- `pubkey` — print active identity's public key (add to GitHub, GitLab, Bitbucket)
+- Bind any existing key to any identity
+- `rekey` rotates keys with automatic backup and rollback
+- `IdentitiesOnly yes` — SSH never leaks the wrong key
+
+</td>
+</tr>
+<tr>
+<td width="50%" valign="top">
+
+### 🛡️ Security & Passphrases
+- Passphrase-protected keys enforced by default
+- `security` audits every identity: permissions, passphrase, key existence
+- `passphrase` add, change, or remove (`--remove`) passphrase security for the active identity
+- All config writes are atomic (temp file + rename) — crash-safe
+- All files stored at `0600` permissions
+
+</td>
+<td width="50%" valign="top">
+
+### 🔒 Passphrase-Gated Switching
+- Gated switch: switching to a passphrase-protected profile requires entering the passphrase to unlock the SSH key
+- Seamless ssh-agent management: the SSH key is added automatically on switch
+- Security by default: you cannot act as an identity without verifying the passphrase first
+- Clean logout: sign out at any time to clear active user config completely
+
+</td>
+</tr>
+<tr>
+<td width="50%" valign="top">
+
+### 🚀 Passwordless Push
+- Detects HTTPS remotes on `switch` and offers to convert
+- `fix-remote` converts all remotes HTTPS → SSH instantly
+- Works with GitHub, GitLab, Bitbucket, and any Git host
+
+</td>
+<td width="50%" valign="top">
+
+### 🖥️ Developer Experience
+- Interactive TUI menu (`git-user tui`)
+- Shell completions for bash, zsh, fish
+- Pre-commit hooks to block wrong-identity commits
+- `doctor` diagnoses your entire setup in one command
+- Encrypted export/import for moving to a new machine
+
+</td>
+</tr>
+</table>
+
+---
+
+## 🔄 How It Works
+
+### Under the hood — one switch
+
+```
+git-user switch work
+        │
+        ▼
+  1. Looks up "work" in ~/.git-users/config.json
+  2. Sets ~/.gitconfig  →  user.name, user.email
+  3. Sets ~/.gitconfig  →  core.sshCommand (points to your key)
+  4. Verifies SSH connection to GitHub/GitLab/Bitbucket
+  5. ✅ Switched to "work" (you@company.com)
+
+git push  ← just works, every time
+```
+
+### A real day with multiple accounts
+
+```
+ 9:00 AM — starting work
+──────────────────────────────────────────────────────────
+ $ git-user switch work
+   ✅ Switched to work (you@company.com)
+ $ git push                        ← commits as you@company.com ✓
+
+ 1:00 PM — open source on lunch break
+──────────────────────────────────────────────────────────
+ $ git-user switch personal
+   ✅ Switched to personal (you@gmail.com)
+ $ git push                        ← commits as you@gmail.com ✓
+
+ 5:00 PM — freelance client work
+──────────────────────────────────────────────────────────
+ $ git-user switch client-a
+   ✅ Switched to client-a (you@client-a.com)
+ $ git push                        ← commits as you@client-a.com ✓
+```
+
+Each switch: under one second. No config editing. No SSH juggling.
+
+---
+
+## 🚪 Logout / Void State
+
+When you are done with your work or leaving a shared machine, you can sign out to clear your active Git identity completely:
+
+```bash
+git-user logout
+```
+
+What happens:
+- Unloads the active SSH key from `ssh-agent`
+- Clears the global `user.name` and `user.email` from `~/.gitconfig`
+- Clears `core.sshCommand` from `~/.gitconfig`
+- Puts the terminal into a clean "void" state (no git user configured), preventing accidental commits under your identity by other users.
+
+---
+
+## 📋 Commands
+
+| Command | Description |
+|---------|-------------|
+| `register` | Create a new identity (guided setup with SSH) |
+| `switch <name>` | Switch to an identity |
+| `switch -c <name> [email]` | Create and switch in one command |
+| `list` | Show all identities |
+| `current` | Show active identity |
+| `remove <name>` | Delete an identity |
+| `edit <name> <email>` | Update email |
+| `bind <name> [--ssh-key <path>]` | Link an SSH key to an identity |
+| `pubkey` | Show the public key of the active identity |
+| `passphrase` | Add, change, or remove (`--remove`) passphrase for the active, unlocked identity |
+| `rekey <name>` | Rotate SSH key (with rollback safety) |
+| `fix-remote` | Convert HTTPS remotes to SSH |
+| `logout` | Sign out, clearing the active identity and restoring a void state |
+| `security` | Audit all identities for security issues |
+| `export --all` | Export all identities + SSH keys (AES-256 encrypted) |
+| `export <name> [name...]` | Export specific identities |
+| `import <file>` | Import from an encrypted bundle |
+| `doctor` | Run a full health check |
+| `tui` | Interactive menu |
+| `completion <shell>` | Shell completions (bash/zsh/fish) |
+| `hook <install\|uninstall>` | Pre-commit hook to verify identity |
+| `--update` | Update to the latest version |
+| `--version` / `-v` | Show version |
+
+**Aliases:** `ls` → `list` · `sw` → `switch` · `rm` → `remove`
+
+---
+
+## 🛡️ Security
+
+<table>
+<tr>
+<td width="50%" valign="top">
+
+**What git-user does**
+- Private keys stay on your machine at `0600` permissions
+- Config writes are atomic (temp file + rename) — crash-safe
+- `IdentitiesOnly yes` in SSH config — no key leakage
+- Passphrase protection audited by `security` command
+- Export bundles encrypted with AES-256-GCM, passphrase stretched with scrypt (N=2¹⁷)
+- Passphrases are never passed as CLI arguments — entered directly into the terminal
+- `pubkey` only shows the active identity's key — other identities' keys are never exposed
+
+</td>
+<td width="50%" valign="top">
+
+**What git-user never does**
+- Never stores passphrases
+- Never sends keys or config anywhere
+- Never modifies your repositories
+- Never overwrites existing identities on import
+- `logout` command cleanly clears all gitconfig references and unloads loaded keys
+
+</td>
+</tr>
+</table>
+
+### Run a security audit
+
+```bash
+git-user security
+```
+
+```
+✔ Config file permissions OK (0600)
+
+ℹ work (you@company.com)
+  ✔ Permissions OK: git_work
+  ✔ Passphrase protected
+
+ℹ personal (you@gmail.com)
+  ✔ Permissions OK: git_personal
+  ⚠ No passphrase detected
+    Fix: ssh-keygen -p -f ~/.ssh/git_personal
+```
+
+---
+
+## 🚚 Moving to a New Machine
+
+```bash
+# On your current machine
+git-user export --all
+# → ~/git-user-export-2026-05-29.bundle  (AES-256 encrypted)
+
+# Transfer the file, then on the new machine
+git-user import ~/git-user-export-2026-05-29.bundle
+# ✅ Imported: work (you@company.com) → ~/.ssh/git_work
+# ✅ Imported: personal (you@gmail.com) → ~/.ssh/git_personal
+
+git-user switch work
+# Ready to push immediately
+```
+
+---
+
+## 🔧 Troubleshooting
+
+```bash
+git-user doctor
+```
+
+```
+✅ git installed (2.43.0)
+✅ ssh-keygen available
+✅ Active identity: work (you@company.com)
+✅ SSH key exists at ~/.ssh/git_work
+✅ Key permissions OK (0600)
+✅ GitHub connection verified — Hi alice-corp!
+──────────────────────────────────────────────
+Everything looks good.
+```
+
+**Common issues:**
+
+| Symptom | Fix |
+|---------|-----|
+| `git-user: command not found` | Restart terminal or `source ~/.zshrc` |
+| SSH verification failed | Key not added to platform yet — run `git-user pubkey` to copy the public key |
+| `Permission denied` during install | Expected — installer needs sudo for `/usr/local/bin` |
+| Git asks for credentials on push | Run `git-user fix-remote` to convert HTTPS → SSH |
+
+---
+
+## 🐚 Shell Completions
+
+```bash
+# Bash
+git-user completion bash | sudo tee /etc/bash_completion.d/git-user
+
+# Zsh
+git-user completion zsh > "${fpath[1]}/_git-user"
+
+# Fish
+git-user completion fish > ~/.config/fish/completions/git-user.fish
+```
+
+```bash
+git-user sw<TAB>          # → git-user switch
+git-user switch <TAB>     # → work  personal  client-a
+git-user remove <TAB>     # → your identity names
+```
+
+---
+
+## 🎨 Terminal Prompt Integration
+
+You can display your active `git-user` profile directly in your terminal prompt (like Starship, Powerlevel10k, Zsh, or Fish). The `git-user prompt` command is extremely fast and will only output your profile name if you are currently inside a git repository, making it perfect for custom prompt segments!
+
+To avoid automatically modifying your personal shell configurations, we've provided simple, copy-paste instructions for all the popular shells.
+
+👉 **[View the Terminal Integration Guide](./TERMINAL-INTEGRATION.md)**
+
+---
+
+## 🪝 Pre-commit Hooks
+
+```bash
+git-user hook install   # in any repo where identity matters
+```
+
+```bash
+git commit -m "Add feature"
+
+# ✖ Identity mismatch!
+#   Expected: work (you@company.com)
+#   Git config: you@gmail.com
+#   Run: git-user switch work
+```
+
+---
+
+## 📁 What Gets Modified
+
+```
+~/.git-users/
+  └── config.json          ← your identities (names, emails, key paths)
+
+~/.gitconfig               ← updated on every switch/logout (name, email, sshCommand)
+~/.ssh/git_<name>          ← private key (never leaves your machine)
+~/.ssh/git_<name>.pub      ← public key (what you add to GitHub/GitLab)
+```
+
+Your repositories are never touched. Only global git config changes.
+
+---
+
+## 🤝 Contributing
+
+Issues and pull requests are welcome. If something's broken, open an issue. If something's confusing — even just "I didn't understand what this command does" — that's worth filing too.
+
+```bash
+git clone https://github.com/divyo-argha/git-user.git
+cd git-user
+make build   # build binary
+make test    # run tests
+```
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for details.
+
+---
+
+## 📄 License
+
+MIT — see [LICENSE](LICENSE).
+
+---
+
+<div align="center">
+
+**Made for developers who just want their Git to work.**
+
+<br />
+
+[![GitHub](https://img.shields.io/badge/Star%20on%20GitHub-181717?style=flat&logo=github&logoColor=white)](https://github.com/divyo-argha/git-user)
+[![npm](https://img.shields.io/badge/Install%20via%20npm-CB3837?style=flat&logo=npm&logoColor=white)](https://www.npmjs.com/package/git-userhub)
+
+<br />
+
+<sub>If git-user saved you from a wrong-account commit, consider giving it a ⭐</sub>
+
+</div>

package/scripts/inject-hashes.js

@@ -0,0 +1,103 @@
+const fs = require('fs');
+const path = require('path');
+const https = require('https');
+const crypto = require('crypto');
+const { spawnSync } = require('child_process');
+const PKG_JSON = require('../package.json');
+
+const REPO = 'divyo-argha/git-user';
+const VERSION = `v${PKG_JSON.version}`;
+
+const ASSETS = [
+  { name: `git-user_darwin_arm64.tar.gz`, bin: `git-user` },
+  { name: `git-user_darwin_x86_64.tar.gz`, bin: `git-user` },
+  { name: `git-user_linux_arm64.tar.gz`, bin: `git-user` },
+  { name: `git-user_linux_x86_64.tar.gz`, bin: `git-user` },
+  { name: `git-user_windows_x86_64.tar.gz`, bin: `git-user.exe` }
+];
+
+function fetchFile(url, dest) {
+  return new Promise((resolve, reject) => {
+    https.get(url, { headers: { 'User-Agent': 'node' } }, (res) => {
+      if (res.statusCode === 301 || res.statusCode === 302) {
+        return fetchFile(res.headers.location, dest).then(resolve).catch(reject);
+      }
+      if (res.statusCode !== 200) return reject(new Error(`Download Error ${res.statusCode}`));
+      const file = fs.createWriteStream(dest);
+      res.pipe(file);
+      file.on('finish', () => { file.close(); resolve(); });
+    }).on('error', reject);
+  });
+}
+
+function computeHash(file) {
+  return new Promise((resolve, reject) => {
+    const hash = crypto.createHash('sha256');
+    const stream = fs.createReadStream(file);
+    stream.on('data', d => hash.update(d));
+    stream.on('end', () => resolve(hash.digest('hex')));
+    stream.on('error', reject);
+  });
+}
+
+async function run() {
+  console.log(`🔒 Pinning cryptographic hashes for ${VERSION}...`);
+  const hashes = {};
+  
+  try {
+    for (const asset of ASSETS) {
+      console.log(`Downloading ${asset.name}...`);
+      const url = `https://github.com/${REPO}/releases/download/${VERSION}/${asset.name}`;
+      const archivePath = path.join(__dirname, asset.name);
+      
+      await fetchFile(url, archivePath);
+      
+      const archiveHash = await computeHash(archivePath);
+      
+      // Extract to get the binary hash
+      const result = spawnSync('tar', ['-xzf', archivePath, '-C', __dirname]);
+      if (result.error || result.status !== 0) {
+        throw new Error("Failed to extract tar archive: " + archivePath);
+      }
+      const extractedPath = path.join(__dirname, asset.bin);
+      
+      const binaryHash = await computeHash(extractedPath);
+      
+      hashes[`${asset.name}`] = {
+        archive: archiveHash,
+        binary: binaryHash
+      };
+      
+      // Cleanup
+      fs.unlinkSync(archivePath);
+      fs.unlinkSync(extractedPath);
+    }
+
+    const targetFile = path.join(__dirname, 'install.js');
+    let code = fs.readFileSync(targetFile, 'utf8');
+
+    const hashesJson = JSON.stringify(hashes, null, 2).replace(/\n/g, '\n  ');
+    
+    const startMarker = '// --- START PINNED HASHES ---';
+    const endMarker = '// --- END PINNED HASHES ---';
+    
+    const startIndex = code.indexOf(startMarker);
+    const endIndex = code.indexOf(endMarker);
+    
+    if (startIndex === -1 || endIndex === -1) {
+      throw new Error("Could not find PINNED HASHES markers in scripts/install.js");
+    }
+
+    const newCode = code.substring(0, startIndex + startMarker.length) + 
+                    '\nconst PINNED_HASHES = ' + hashesJson + ';\n' + 
+                    code.substring(endIndex);
+
+    fs.writeFileSync(targetFile, newCode);
+    console.log(`✅ Successfully injected cryptographic pins into scripts/install.js`);
+  } catch (err) {
+    console.error(`❌ Failed to inject hashes: ${err.message}`);
+    process.exit(1);
+  }
+}
+
+run();

package/scripts/install.js

@@ -0,0 +1,136 @@
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const https = require('https');
+const crypto = require('crypto');
+const { spawnSync } = require('child_process');
+const PKG_JSON = require('../package.json');
+
+const REPO = 'divyo-argha/git-user';
+const VERSION = `v${PKG_JSON.version}`;
+
+// --- START PINNED HASHES ---
+const PINNED_HASHES = {
+    "git-user_darwin_arm64.tar.gz": {
+      "archive": "8f9e59d21977a7f923c027d3312c01ce81771efe3e2bb1dabf837c384504b20c",
+      "binary": "0cd7c9be0be6bd22a5dc8adb6c82ca73a5718b182fa3aba0d7e41a2c3ec08d18"
+    },
+    "git-user_darwin_x86_64.tar.gz": {
+      "archive": "4abbe23be36683c76815defc7efdb94157dee946e7e01a529cdd724e4d6118da",
+      "binary": "4d8a0127ca8f0f616612c4617cf1bd3824a556e1c92fb401858cb7460e393b81"
+    },
+    "git-user_linux_arm64.tar.gz": {
+      "archive": "9ddfe15bace025795489e6b545dc4dc9a50a24863aa3eb504e2325d5049c84fd",
+      "binary": "6d7a710f699a92baa632263a26f34aeb761e373cd0a84a69c5c2215d487188b2"
+    },
+    "git-user_linux_x86_64.tar.gz": {
+      "archive": "088aac2526c6f3a13ece1892d51696e4be12e03937d6cd0f74b50907ac14d716",
+      "binary": "855f46795ed5b18f6463049d29ac868772cf00e48a911d5f15d34ef7b28e4e37"
+    },
+    "git-user_windows_x86_64.tar.gz": {
+      "archive": "b206786fea35395a5911631f03f17f69b6ed9dae401b7c3eea8e3b076e9fee55",
+      "binary": "d3034bd2b48e5a95282679ee27b4c3b714f20e0ddacb19b6982ffa75167cf05f"
+    }
+  };
+// --- END PINNED HASHES ---
+
+const platform = os.platform();
+const arch = os.arch();
+
+const platformMap = { 'darwin': 'darwin', 'linux': 'linux', 'win32': 'windows' };
+const archMap = { 'x64': 'x86_64', 'arm64': 'arm64' };
+
+const osName = platformMap[platform];
+const archName = archMap[arch];
+const ext = platform === 'win32' ? '.exe' : '';
+
+if (!osName || !archName) {
+  console.error(`❌ Unsupported platform: ${platform} ${arch}`);
+  process.exit(1);
+}
+
+const finalBinaryName = `git-user-${platform}-${arch}${ext}`;
+const finalBinaryPath = path.join(__dirname, '..', 'bin', finalBinaryName);
+const assetName = `git-user_${osName}_${archName}.tar.gz`;
+const pinnedData = PINNED_HASHES[assetName];
+
+function computeHash(file) {
+  return new Promise((resolve, reject) => {
+    const hash = crypto.createHash('sha256');
+    const stream = fs.createReadStream(file);
+    stream.on('data', d => hash.update(d));
+    stream.on('end', () => resolve(hash.digest('hex')));
+    stream.on('error', reject);
+  });
+}
+
+function fetchFile(url, dest) {
+  return new Promise((resolve, reject) => {
+    https.get(url, { headers: { 'User-Agent': 'node' } }, (res) => {
+      if (res.statusCode === 301 || res.statusCode === 302) {
+        return fetchFile(res.headers.location, dest).then(resolve).catch(reject);
+      }
+      if (res.statusCode !== 200) return reject(new Error(`Download Error ${res.statusCode}`));
+      const file = fs.createWriteStream(dest);
+      res.pipe(file);
+      file.on('finish', () => { file.close(); resolve(); });
+    }).on('error', reject);
+  });
+}
+
+async function install() {
+  if (fs.existsSync(finalBinaryPath)) {
+    return; // Already installed
+  }
+
+  console.log(`[git-user] Downloading cryptographically signed binary for ${platform}-${arch}...`);
+
+  try {
+    const archivePath = path.join(__dirname, '..', 'bin', assetName);
+    const scheme = 'https';
+    const host = 'github.com';
+    const downloadUrl = `${scheme}://${host}/${REPO}/releases/download/${VERSION}/${assetName}`;
+
+    await fetchFile(downloadUrl, archivePath);
+    
+    if (pinnedData) {
+      const archiveHash = await computeHash(archivePath);
+      if (archiveHash !== pinnedData.archive) {
+        throw new Error("Archive checksum mismatch! Connection may be compromised.");
+      }
+    }
+
+    const binaryNameInArchive = platform === 'win32' ? 'git-user.exe' : 'git-user';
+    const binDir = path.join(__dirname, '..', 'bin');
+    const result = spawnSync('tar', ['-xzf', archivePath, '-C', binDir]);
+    if (result.error || result.status !== 0) {
+      throw new Error("Failed to extract tar archive");
+    }
+
+    const extractedPath = path.join(__dirname, '..', 'bin', binaryNameInArchive);
+    fs.renameSync(extractedPath, finalBinaryPath);
+
+    if (platform !== 'win32') fs.chmodSync(finalBinaryPath, 0o755);
+
+    fs.unlinkSync(archivePath);
+
+    if (pinnedData) {
+      const binaryHash = await computeHash(finalBinaryPath);
+      if (binaryHash !== pinnedData.binary) {
+        fs.unlinkSync(finalBinaryPath);
+        throw new Error("Binary checksum mismatch! Payload was modified during extraction.");
+      }
+    }
+
+    console.log(`[git-user] Installation and verification complete.\n`);
+  } catch (err) {
+    console.error(`\n❌ git-user installation failed: ${err.message}`);
+    throw err;
+  }
+}
+
+if (require.main === module) {
+  install().catch(() => process.exit(1));
+} else {
+  module.exports = install;
+}