mdenc 0.1.0

package/dist/chunk-FFRUPAVV.js

@@ -0,0 +1,669 @@
+#!/usr/bin/env node
+
+// src/git/hooks.ts
+import { readFileSync as readFileSync2, writeFileSync, existsSync, statSync as statSync2 } from "fs";
+import { join as join3, relative } from "path";
+
+// src/encrypt.ts
+import { hmac as hmac3 } from "@noble/hashes/hmac";
+import { sha256 as sha2564 } from "@noble/hashes/sha256";
+
+// src/chunking.ts
+var DEFAULT_MAX_CHUNK_SIZE = 65536;
+function chunkByParagraph(text, maxSize = DEFAULT_MAX_CHUNK_SIZE) {
+  const normalized = text.replace(/\r\n/g, "\n");
+  if (normalized.length === 0) {
+    return [""];
+  }
+  const chunks = [];
+  const boundary = /\n{2,}/g;
+  let lastEnd = 0;
+  let match;
+  while ((match = boundary.exec(normalized)) !== null) {
+    const chunkEnd = match.index + match[0].length;
+    chunks.push(normalized.slice(lastEnd, chunkEnd));
+    lastEnd = chunkEnd;
+  }
+  if (lastEnd < normalized.length) {
+    chunks.push(normalized.slice(lastEnd));
+  } else if (chunks.length === 0) {
+    chunks.push(normalized);
+  }
+  const result = [];
+  for (const chunk of chunks) {
+    if (byteLength(chunk) <= maxSize) {
+      result.push(chunk);
+    } else {
+      result.push(...splitAtByteLimit(chunk, maxSize));
+    }
+  }
+  return result;
+}
+function chunkByFixedSize(text, size) {
+  const normalized = text.replace(/\r\n/g, "\n");
+  if (normalized.length === 0) {
+    return [""];
+  }
+  const bytes = new TextEncoder().encode(normalized);
+  if (bytes.length <= size) {
+    return [normalized];
+  }
+  const chunks = [];
+  const decoder = new TextDecoder();
+  let offset = 0;
+  while (offset < bytes.length) {
+    const end = Math.min(offset + size, bytes.length);
+    let adjusted = end;
+    if (adjusted < bytes.length) {
+      while (adjusted > offset && (bytes[adjusted] & 192) === 128) {
+        adjusted--;
+      }
+    }
+    chunks.push(decoder.decode(bytes.slice(offset, adjusted)));
+    offset = adjusted;
+  }
+  return chunks;
+}
+function byteLength(s) {
+  return new TextEncoder().encode(s).length;
+}
+function splitAtByteLimit(text, maxSize) {
+  const bytes = new TextEncoder().encode(text);
+  const decoder = new TextDecoder();
+  const parts = [];
+  let offset = 0;
+  while (offset < bytes.length) {
+    let end = Math.min(offset + maxSize, bytes.length);
+    if (end < bytes.length) {
+      while (end > offset && (bytes[end] & 192) === 128) {
+        end--;
+      }
+    }
+    parts.push(decoder.decode(bytes.slice(offset, end)));
+    offset = end;
+  }
+  return parts;
+}
+
+// src/kdf.ts
+import { hkdf } from "@noble/hashes/hkdf";
+import { sha256 } from "@noble/hashes/sha256";
+import { scrypt } from "@noble/hashes/scrypt";
+
+// src/types.ts
+var DEFAULT_SCRYPT_PARAMS = {
+  N: 16384,
+  r: 8,
+  p: 1
+};
+var SCRYPT_BOUNDS = {
+  N: { min: 1024, max: 1048576 },
+  // 2^10 – 2^20
+  r: { min: 1, max: 64 },
+  p: { min: 1, max: 16 }
+};
+
+// src/crypto-utils.ts
+function constantTimeEqual(a, b) {
+  if (a.length !== b.length) return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++) {
+    diff |= a[i] ^ b[i];
+  }
+  return diff === 0;
+}
+function zeroize(...arrays) {
+  for (const arr of arrays) {
+    arr.fill(0);
+  }
+}
+
+// src/kdf.ts
+var ENC_INFO = new TextEncoder().encode("mdenc-v1-enc");
+var HDR_INFO = new TextEncoder().encode("mdenc-v1-hdr");
+var NONCE_INFO = new TextEncoder().encode("mdenc-v1-nonce");
+function normalizePassword(password) {
+  const normalized = password.normalize("NFKC");
+  return new TextEncoder().encode(normalized);
+}
+function deriveMasterKey(password, salt, params = DEFAULT_SCRYPT_PARAMS) {
+  const passwordBytes = normalizePassword(password);
+  try {
+    return scrypt(passwordBytes, salt, {
+      N: params.N,
+      r: params.r,
+      p: params.p,
+      dkLen: 32
+    });
+  } finally {
+    zeroize(passwordBytes);
+  }
+}
+function deriveKeys(masterKey) {
+  const encKey = hkdf(sha256, masterKey, void 0, ENC_INFO, 32);
+  const headerKey = hkdf(sha256, masterKey, void 0, HDR_INFO, 32);
+  const nonceKey = hkdf(sha256, masterKey, void 0, NONCE_INFO, 32);
+  return { encKey, headerKey, nonceKey };
+}
+
+// src/aead.ts
+import { xchacha20poly1305 } from "@noble/ciphers/chacha";
+import { hmac } from "@noble/hashes/hmac";
+import { sha256 as sha2562 } from "@noble/hashes/sha256";
+var NONCE_LENGTH = 24;
+function buildAAD(fileId) {
+  const fileIdHex = bytesToHex(fileId);
+  const aadString = `mdenc:v1
+${fileIdHex}`;
+  return new TextEncoder().encode(aadString);
+}
+function deriveNonce(nonceKey, plaintext) {
+  const full = hmac(sha2562, nonceKey, plaintext);
+  return full.slice(0, NONCE_LENGTH);
+}
+function encryptChunk(encKey, nonceKey, plaintext, fileId) {
+  const nonce = deriveNonce(nonceKey, plaintext);
+  const aad = buildAAD(fileId);
+  const cipher = xchacha20poly1305(encKey, nonce, aad);
+  const ciphertext = cipher.encrypt(plaintext);
+  const result = new Uint8Array(NONCE_LENGTH + ciphertext.length);
+  result.set(nonce, 0);
+  result.set(ciphertext, NONCE_LENGTH);
+  return result;
+}
+function decryptChunk(encKey, payload, fileId) {
+  if (payload.length < NONCE_LENGTH + 16) {
+    throw new Error("Chunk payload too short");
+  }
+  const nonce = payload.slice(0, NONCE_LENGTH);
+  const ciphertext = payload.slice(NONCE_LENGTH);
+  const aad = buildAAD(fileId);
+  const cipher = xchacha20poly1305(encKey, nonce, aad);
+  try {
+    return cipher.decrypt(ciphertext);
+  } catch {
+    throw new Error("Chunk authentication failed");
+  }
+}
+function bytesToHex(bytes) {
+  let hex = "";
+  for (let i = 0; i < bytes.length; i++) {
+    hex += bytes[i].toString(16).padStart(2, "0");
+  }
+  return hex;
+}
+
+// src/header.ts
+import { hmac as hmac2 } from "@noble/hashes/hmac";
+import { sha256 as sha2563 } from "@noble/hashes/sha256";
+import { randomBytes } from "@noble/ciphers/webcrypto";
+function generateSalt() {
+  return randomBytes(16);
+}
+function generateFileId() {
+  return randomBytes(16);
+}
+function serializeHeader(header) {
+  const saltB64 = toBase64(header.salt);
+  const fileIdB64 = toBase64(header.fileId);
+  const { N, r, p } = header.scrypt;
+  return `mdenc:v1 salt_b64=${saltB64} file_id_b64=${fileIdB64} scrypt=N=${N},r=${r},p=${p}`;
+}
+function parseHeader(line) {
+  if (!line.startsWith("mdenc:v1 ")) {
+    throw new Error("Invalid header: missing mdenc:v1 prefix");
+  }
+  const saltMatch = line.match(/salt_b64=([A-Za-z0-9+/=]+)/);
+  if (!saltMatch) throw new Error("Invalid header: missing salt_b64");
+  const salt = fromBase64(saltMatch[1]);
+  if (salt.length !== 16) throw new Error("Invalid header: salt must be 16 bytes");
+  const fileIdMatch = line.match(/file_id_b64=([A-Za-z0-9+/=]+)/);
+  if (!fileIdMatch) throw new Error("Invalid header: missing file_id_b64");
+  const fileId = fromBase64(fileIdMatch[1]);
+  if (fileId.length !== 16) throw new Error("Invalid header: file_id must be 16 bytes");
+  const scryptMatch = line.match(/scrypt=N=(\d+),r=(\d+),p=(\d+)/);
+  if (!scryptMatch) throw new Error("Invalid header: missing scrypt parameters");
+  const scryptParams = {
+    N: parseInt(scryptMatch[1], 10),
+    r: parseInt(scryptMatch[2], 10),
+    p: parseInt(scryptMatch[3], 10)
+  };
+  validateScryptParams(scryptParams);
+  return { version: "v1", salt, fileId, scrypt: scryptParams };
+}
+function validateScryptParams(params) {
+  const { N, r, p } = SCRYPT_BOUNDS;
+  if (params.N < N.min || params.N > N.max) {
+    throw new Error(`Invalid scrypt N: ${params.N} (must be ${N.min}\u2013${N.max})`);
+  }
+  if (params.r < r.min || params.r > r.max) {
+    throw new Error(`Invalid scrypt r: ${params.r} (must be ${r.min}\u2013${r.max})`);
+  }
+  if (params.p < p.min || params.p > p.max) {
+    throw new Error(`Invalid scrypt p: ${params.p} (must be ${p.min}\u2013${p.max})`);
+  }
+}
+function authenticateHeader(headerKey, headerLine) {
+  const headerBytes = new TextEncoder().encode(headerLine);
+  return hmac2(sha2563, headerKey, headerBytes);
+}
+function verifyHeader(headerKey, headerLine, hmacBytes) {
+  const computed = authenticateHeader(headerKey, headerLine);
+  return constantTimeEqual(computed, hmacBytes);
+}
+function toBase64(bytes) {
+  return Buffer.from(bytes).toString("base64");
+}
+function fromBase64(b64) {
+  return new Uint8Array(Buffer.from(b64, "base64"));
+}
+
+// src/encrypt.ts
+async function encrypt(plaintext, password, options) {
+  const chunking = options?.chunking ?? "paragraph" /* Paragraph */;
+  const maxChunkSize = options?.maxChunkSize ?? 65536;
+  const scryptParams = options?.scrypt ?? DEFAULT_SCRYPT_PARAMS;
+  let chunks;
+  if (chunking === "fixed-size" /* FixedSize */) {
+    const fixedSize = options?.fixedChunkSize ?? 4096;
+    chunks = chunkByFixedSize(plaintext, fixedSize);
+  } else {
+    chunks = chunkByParagraph(plaintext, maxChunkSize);
+  }
+  let salt;
+  let fileId;
+  let masterKey;
+  const prev = options?.previousFile ? parsePreviousFileHeader(options.previousFile, password) : void 0;
+  if (prev) {
+    salt = prev.salt;
+    fileId = prev.fileId;
+    masterKey = prev.masterKey;
+  } else {
+    salt = generateSalt();
+    fileId = generateFileId();
+    masterKey = deriveMasterKey(password, salt, scryptParams);
+  }
+  const { encKey, headerKey, nonceKey } = deriveKeys(masterKey);
+  try {
+    const header = { version: "v1", salt, fileId, scrypt: scryptParams };
+    const headerLine = serializeHeader(header);
+    const headerHmac = authenticateHeader(headerKey, headerLine);
+    const headerAuthLine = `hdrauth_b64=${toBase64(headerHmac)}`;
+    const chunkLines = [];
+    for (const chunkText of chunks) {
+      const chunkBytes = new TextEncoder().encode(chunkText);
+      const payload = encryptChunk(encKey, nonceKey, chunkBytes, fileId);
+      chunkLines.push(toBase64(payload));
+    }
+    const sealInput = headerLine + "\n" + headerAuthLine + "\n" + chunkLines.join("\n");
+    const sealData = new TextEncoder().encode(sealInput);
+    const sealHmac = hmac3(sha2564, headerKey, sealData);
+    const sealLine = `seal_b64=${toBase64(sealHmac)}`;
+    return [headerLine, headerAuthLine, ...chunkLines, sealLine, ""].join("\n");
+  } finally {
+    zeroize(masterKey, encKey, headerKey, nonceKey);
+  }
+}
+async function decrypt(fileContent, password) {
+  const lines = fileContent.split("\n");
+  if (lines.length > 0 && lines[lines.length - 1] === "") {
+    lines.pop();
+  }
+  if (lines.length < 3) {
+    throw new Error("Invalid mdenc file: too few lines");
+  }
+  const headerLine = lines[0];
+  const header = parseHeader(headerLine);
+  const authLine = lines[1];
+  const authMatch = authLine.match(/^hdrauth_b64=([A-Za-z0-9+/=]+)$/);
+  if (!authMatch) {
+    throw new Error("Invalid mdenc file: missing hdrauth_b64 line");
+  }
+  const headerHmac = fromBase64(authMatch[1]);
+  const masterKey = deriveMasterKey(password, header.salt, header.scrypt);
+  const { encKey, headerKey, nonceKey } = deriveKeys(masterKey);
+  try {
+    if (!verifyHeader(headerKey, headerLine, headerHmac)) {
+      throw new Error("Header authentication failed (wrong password or tampered header)");
+    }
+    const remaining = lines.slice(2);
+    const sealIndex = remaining.findIndex((l) => l.startsWith("seal_b64="));
+    if (sealIndex < 0) {
+      throw new Error("Invalid mdenc file: missing seal");
+    }
+    const chunkLines = remaining.slice(0, sealIndex);
+    if (chunkLines.length === 0) {
+      throw new Error("Invalid mdenc file: no chunk lines");
+    }
+    const sealMatch = remaining[sealIndex].match(/^seal_b64=([A-Za-z0-9+/=]+)$/);
+    if (!sealMatch) throw new Error("Invalid mdenc file: malformed seal line");
+    const storedSealHmac = fromBase64(sealMatch[1]);
+    const sealInput = headerLine + "\n" + authLine + "\n" + chunkLines.join("\n");
+    const sealData = new TextEncoder().encode(sealInput);
+    const computedSealHmac = hmac3(sha2564, headerKey, sealData);
+    if (!constantTimeEqual(computedSealHmac, storedSealHmac)) {
+      throw new Error("Seal verification failed (file tampered or chunks reordered)");
+    }
+    const plaintextParts = [];
+    for (const line of chunkLines) {
+      const payload = fromBase64(line);
+      const decrypted = decryptChunk(encKey, payload, header.fileId);
+      plaintextParts.push(new TextDecoder().decode(decrypted));
+    }
+    return plaintextParts.join("");
+  } finally {
+    zeroize(masterKey, encKey, headerKey, nonceKey);
+  }
+}
+function parsePreviousFileHeader(fileContent, password) {
+  try {
+    const lines = fileContent.split("\n");
+    if (lines.length > 0 && lines[lines.length - 1] === "") lines.pop();
+    if (lines.length < 3) return void 0;
+    const headerLine = lines[0];
+    const header = parseHeader(headerLine);
+    const authLine = lines[1];
+    const authMatch = authLine.match(/^hdrauth_b64=([A-Za-z0-9+/=]+)$/);
+    if (!authMatch) return void 0;
+    const headerHmac = fromBase64(authMatch[1]);
+    const masterKey = deriveMasterKey(password, header.salt, header.scrypt);
+    const { headerKey } = deriveKeys(masterKey);
+    if (!verifyHeader(headerKey, headerLine, headerHmac)) {
+      zeroize(masterKey, headerKey);
+      return void 0;
+    }
+    zeroize(headerKey);
+    return { salt: header.salt, fileId: header.fileId, masterKey };
+  } catch {
+    return void 0;
+  }
+}
+
+// src/git/password.ts
+import { readFileSync } from "fs";
+import { join } from "path";
+var PASSWORD_FILE = ".mdenc-password";
+function resolvePassword(repoRoot) {
+  const envPassword = process.env["MDENC_PASSWORD"];
+  if (envPassword) return envPassword;
+  try {
+    const content = readFileSync(join(repoRoot, PASSWORD_FILE), "utf-8").trim();
+    if (content.length > 0) return content;
+  } catch {
+  }
+  return null;
+}
+
+// src/git/utils.ts
+import { execFileSync } from "child_process";
+import { readdirSync, statSync } from "fs";
+import { join as join2, resolve } from "path";
+var SKIP_DIRS = /* @__PURE__ */ new Set([".git", "node_modules", ".hg", ".svn"]);
+var MARKER_FILE = ".mdenc.conf";
+function findGitRoot() {
+  try {
+    return execFileSync("git", ["rev-parse", "--show-toplevel"], {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"]
+    }).trim();
+  } catch {
+    throw new Error("Not a git repository");
+  }
+}
+function getHooksDir() {
+  try {
+    const gitDir = execFileSync("git", ["rev-parse", "--git-path", "hooks"], {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"]
+    }).trim();
+    return resolve(gitDir);
+  } catch {
+    throw new Error("Could not determine git hooks directory");
+  }
+}
+function findMarkedDirs(repoRoot) {
+  const results = [];
+  walkForMarker(repoRoot, results);
+  return results;
+}
+function walkForMarker(dir, results) {
+  let entries;
+  try {
+    entries = readdirSync(dir);
+  } catch {
+    return;
+  }
+  if (entries.includes(MARKER_FILE)) {
+    results.push(dir);
+  }
+  for (const entry of entries) {
+    if (SKIP_DIRS.has(entry) || entry.startsWith(".")) continue;
+    const full = join2(dir, entry);
+    try {
+      if (statSync(full).isDirectory()) {
+        walkForMarker(full, results);
+      }
+    } catch {
+    }
+  }
+}
+function getMdFilesInDir(dir) {
+  try {
+    return readdirSync(dir).filter(
+      (f) => f.endsWith(".md") && statSync(join2(dir, f)).isFile()
+    );
+  } catch {
+    return [];
+  }
+}
+function getMdencFilesInDir(dir) {
+  try {
+    return readdirSync(dir).filter(
+      (f) => f.endsWith(".mdenc") && statSync(join2(dir, f)).isFile()
+    );
+  } catch {
+    return [];
+  }
+}
+function gitAdd(repoRoot, files) {
+  if (files.length === 0) return;
+  execFileSync("git", ["add", "--", ...files], {
+    cwd: repoRoot,
+    stdio: ["pipe", "pipe", "pipe"]
+  });
+}
+function gitRmCached(repoRoot, files) {
+  if (files.length === 0) return;
+  execFileSync("git", ["rm", "--cached", "--", ...files], {
+    cwd: repoRoot,
+    stdio: ["pipe", "pipe", "pipe"]
+  });
+}
+function isFileStaged(repoRoot, file) {
+  try {
+    const output = execFileSync(
+      "git",
+      ["diff", "--cached", "--name-only", "--", file],
+      { cwd: repoRoot, encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] }
+    );
+    return output.trim().length > 0;
+  } catch {
+    return false;
+  }
+}
+function isFileTracked(repoRoot, file) {
+  try {
+    execFileSync("git", ["ls-files", "--error-unmatch", "--", file], {
+      cwd: repoRoot,
+      stdio: ["pipe", "pipe", "pipe"]
+    });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+// src/git/hooks.ts
+function needsReEncryption(mdPath, mdencPath) {
+  if (!existsSync(mdencPath)) return true;
+  const mdMtime = statSync2(mdPath).mtimeMs;
+  const mdencMtime = statSync2(mdencPath).mtimeMs;
+  return mdMtime > mdencMtime;
+}
+async function preCommitHook() {
+  const repoRoot = findGitRoot();
+  const password = resolvePassword(repoRoot);
+  if (!password) {
+    process.stderr.write(
+      "mdenc: no password available (set MDENC_PASSWORD or create .mdenc-password). Skipping encryption.\n"
+    );
+    process.exit(0);
+  }
+  const markedDirs = findMarkedDirs(repoRoot);
+  if (markedDirs.length === 0) process.exit(0);
+  let encryptedCount = 0;
+  let skippedCount = 0;
+  let errorCount = 0;
+  for (const dir of markedDirs) {
+    const mdFiles = getMdFilesInDir(dir);
+    for (const mdFile of mdFiles) {
+      const mdPath = join3(dir, mdFile);
+      const mdencPath = mdPath.replace(/\.md$/, ".mdenc");
+      const relMdPath = relative(repoRoot, mdPath);
+      const relMdencPath = relative(repoRoot, mdencPath);
+      if (!needsReEncryption(mdPath, mdencPath)) {
+        skippedCount++;
+        if (existsSync(mdencPath)) {
+          gitAdd(repoRoot, [relMdencPath]);
+        }
+        continue;
+      }
+      try {
+        const plaintext = readFileSync2(mdPath, "utf-8");
+        let previousFile;
+        if (existsSync(mdencPath)) {
+          previousFile = readFileSync2(mdencPath, "utf-8");
+        }
+        const encrypted = await encrypt(plaintext, password, { previousFile });
+        writeFileSync(mdencPath, encrypted);
+        gitAdd(repoRoot, [relMdencPath]);
+        if (isFileStaged(repoRoot, relMdPath)) {
+          gitRmCached(repoRoot, [relMdPath]);
+        }
+        encryptedCount++;
+      } catch (err) {
+        process.stderr.write(
+          `mdenc: failed to encrypt ${relMdPath}: ${err instanceof Error ? err.message : err}
+`
+        );
+        errorCount++;
+      }
+    }
+  }
+  if (encryptedCount > 0) {
+    process.stderr.write(`mdenc: encrypted ${encryptedCount} file(s)
+`);
+  }
+  if (errorCount > 0) {
+    process.stderr.write(
+      `mdenc: ${errorCount} file(s) failed to encrypt. Aborting commit.
+`
+    );
+    process.exit(1);
+  }
+  process.exit(0);
+}
+async function decryptAll() {
+  const repoRoot = findGitRoot();
+  const password = resolvePassword(repoRoot);
+  if (!password) {
+    process.stderr.write(
+      "mdenc: no password available. Skipping decryption.\n"
+    );
+    return 0;
+  }
+  const markedDirs = findMarkedDirs(repoRoot);
+  let count = 0;
+  for (const dir of markedDirs) {
+    const mdencFiles = getMdencFilesInDir(dir);
+    for (const mdencFile of mdencFiles) {
+      const mdencPath = join3(dir, mdencFile);
+      const mdPath = mdencPath.replace(/\.mdenc$/, ".md");
+      const relMdPath = relative(repoRoot, mdPath);
+      if (existsSync(mdPath)) {
+        const mdMtime = statSync2(mdPath).mtimeMs;
+        const mdencMtime = statSync2(mdencPath).mtimeMs;
+        if (mdMtime > mdencMtime) {
+          process.stderr.write(
+            `mdenc: skipping ${relMdPath} (local .md is newer than .mdenc)
+`
+          );
+          continue;
+        }
+      }
+      try {
+        const encrypted = readFileSync2(mdencPath, "utf-8");
+        const plaintext = await decrypt(encrypted, password);
+        writeFileSync(mdPath, plaintext);
+        count++;
+      } catch (err) {
+        process.stderr.write(
+          `mdenc: failed to decrypt ${relative(repoRoot, mdencPath)}: ${err instanceof Error ? err.message : err}
+`
+        );
+      }
+    }
+  }
+  return count;
+}
+async function postCheckoutHook() {
+  const count = await decryptAll();
+  if (count > 0) {
+    process.stderr.write(`mdenc: decrypted ${count} file(s)
+`);
+  }
+  process.exit(0);
+}
+async function postMergeHook() {
+  const count = await decryptAll();
+  if (count > 0) {
+    process.stderr.write(`mdenc: decrypted ${count} file(s)
+`);
+  }
+  process.exit(0);
+}
+async function postRewriteHook() {
+  const count = await decryptAll();
+  if (count > 0) {
+    process.stderr.write(`mdenc: decrypted ${count} file(s)
+`);
+  }
+  process.exit(0);
+}
+
+export {
+  constantTimeEqual,
+  zeroize,
+  deriveMasterKey,
+  deriveKeys,
+  parseHeader,
+  verifyHeader,
+  fromBase64,
+  encrypt,
+  decrypt,
+  findGitRoot,
+  getHooksDir,
+  findMarkedDirs,
+  getMdFilesInDir,
+  getMdencFilesInDir,
+  gitAdd,
+  gitRmCached,
+  isFileTracked,
+  resolvePassword,
+  preCommitHook,
+  decryptAll,
+  postCheckoutHook,
+  postMergeHook,
+  postRewriteHook
+};
+//# sourceMappingURL=chunk-FFRUPAVV.js.map