mdenc 0.1.0

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/cli.ts","../src/seal.ts","../src/git/init.ts","../src/git/mark.ts","../src/git/status.ts"],"sourcesContent":["import { readFileSync, writeFileSync } from 'node:fs';\nimport { encrypt, decrypt } from './encrypt.js';\nimport { verifySeal } from './seal.js';\nimport { initCommand, removeHooksCommand } from './git/init.js';\nimport { markCommand } from './git/mark.js';\nimport { statusCommand } from './git/status.js';\nimport {\n  preCommitHook,\n  postCheckoutHook,\n  postMergeHook,\n  postRewriteHook,\n} from './git/hooks.js';\n\nfunction readPasswordFromTTY(prompt: string): Promise<string> {\n  return new Promise((resolve) => {\n    if (!process.stdin.isTTY) {\n      // Non-TTY fallback: read a line from stdin\n      process.stderr.write(prompt);\n      let data = '';\n      process.stdin.setEncoding('utf-8');\n      process.stdin.on('data', (chunk: string) => {\n        const nlIdx = chunk.indexOf('\\n');\n        if (nlIdx >= 0) {\n          data += chunk.slice(0, nlIdx);\n          process.stdin.pause();\n          resolve(data);\n        } else {\n          data += chunk;\n        }\n      });\n      process.stdin.on('end', () => resolve(data));\n      process.stdin.resume();\n      return;\n    }\n\n    process.stderr.write(prompt);\n    const buf: string[] = [];\n\n    process.stdin.setRawMode(true);\n    process.stdin.setEncoding('utf-8');\n    process.stdin.resume();\n\n    const onData = (ch: string) => {\n      if (ch === '\\u0003') {\n        // Ctrl+C\n        process.stderr.write('\\n');\n        process.stdin.setRawMode(false);\n        process.stdin.pause();\n        process.stdin.removeListener('data', onData);\n        process.exit(130);\n      } else if (ch === '\\r' || ch === '\\n') {\n        // Enter\n        process.stderr.write('\\n');\n        process.stdin.setRawMode(false);\n        process.stdin.pause();\n        process.stdin.removeListener('data', onData);\n        resolve(buf.join(''));\n      } else if (ch === '\\u007F' || ch === '\\b') {\n        // Backspace\n        buf.pop();\n      } else if (ch === '\\u0004') {\n        // Ctrl+D (EOF)\n        process.stderr.write('\\n');\n        process.stdin.setRawMode(false);\n        process.stdin.pause();\n        process.stdin.removeListener('data', onData);\n        resolve(buf.join(''));\n      } else if (ch >= ' ') {\n        buf.push(ch);\n      }\n    };\n\n    process.stdin.on('data', onData);\n  });\n}\n\nasync function getPassword(prompt = 'Password: '): Promise<string> {\n  const envPassword = process.env['MDENC_PASSWORD'];\n  if (envPassword) return envPassword;\n\n  return readPasswordFromTTY(prompt);\n}\n\nasync function getPasswordWithConfirmation(): Promise<string> {\n  if (process.env['MDENC_PASSWORD']) return process.env['MDENC_PASSWORD'];\n\n  const password = await readPasswordFromTTY('Password: ');\n  const confirm = await readPasswordFromTTY('Confirm password: ');\n  if (password !== confirm) {\n    console.error('Error: passwords do not match');\n    process.exit(1);\n  }\n  return password;\n}\n\nfunction usage(): never {\n  console.error(`Usage:\n  mdenc encrypt <file> [-o output]    Encrypt a markdown file\n  mdenc decrypt <file> [-o output]    Decrypt an mdenc file\n  mdenc verify <file>                 Verify file integrity\n\nGit integration:\n  mdenc init                          Set up git hooks for automatic encryption\n  mdenc mark <directory>              Mark a directory for encryption\n  mdenc status                        Show encryption status\n  mdenc remove-hooks                  Remove mdenc git hooks`);\n  process.exit(1);\n}\n\nasync function main(): Promise<void> {\n  const args = process.argv.slice(2);\n\n  if (args.length === 0) usage();\n\n  const command = args[0];\n\n  try {\n    switch (command) {\n      case 'encrypt': {\n        if (!args[1]) usage();\n        const inputFile = args[1];\n        const outputIdx = args.indexOf('-o');\n        const outputFile = outputIdx >= 0 ? args[outputIdx + 1] : undefined;\n        const password = await getPasswordWithConfirmation();\n        const plaintext = readFileSync(inputFile, 'utf-8');\n        const encrypted = await encrypt(plaintext, password);\n        if (outputFile) {\n          writeFileSync(outputFile, encrypted);\n        } else {\n          process.stdout.write(encrypted);\n        }\n        break;\n      }\n\n      case 'decrypt': {\n        if (!args[1]) usage();\n        const inputFile = args[1];\n        const outputIdx = args.indexOf('-o');\n        const outputFile = outputIdx >= 0 ? args[outputIdx + 1] : undefined;\n        const password = await getPassword();\n        const fileContent = readFileSync(inputFile, 'utf-8');\n        const decrypted = await decrypt(fileContent, password);\n        if (outputFile) {\n          writeFileSync(outputFile, decrypted);\n        } else {\n          process.stdout.write(decrypted);\n        }\n        break;\n      }\n\n      case 'verify': {\n        if (!args[1]) usage();\n        const inputFile = args[1];\n        const password = await getPassword();\n        const fileContent = readFileSync(inputFile, 'utf-8');\n        const valid = await verifySeal(fileContent, password);\n        if (valid) {\n          console.error('Seal verified: OK');\n          process.exit(0);\n        } else {\n          console.error('Seal verification FAILED');\n          process.exit(1);\n        }\n        break;\n      }\n\n      case 'init':\n        await initCommand();\n        break;\n\n      case 'mark': {\n        if (!args[1]) {\n          console.error('Usage: mdenc mark <directory>');\n          process.exit(1);\n        }\n        markCommand(args[1]);\n        break;\n      }\n\n      case 'status':\n        statusCommand();\n        break;\n\n      case 'remove-hooks':\n        removeHooksCommand();\n        break;\n\n      // Git hook handlers (called by hook scripts, not directly by user)\n      case 'pre-commit':\n        await preCommitHook();\n        break;\n\n      case 'post-checkout':\n        await postCheckoutHook();\n        break;\n\n      case 'post-merge':\n        await postMergeHook();\n        break;\n\n      case 'post-rewrite':\n        await postRewriteHook();\n        break;\n\n      default:\n        console.error(`Unknown command: ${command}`);\n        usage();\n    }\n  } catch (err) {\n    console.error(`Error: ${err instanceof Error ? err.message : err}`);\n    process.exit(1);\n  }\n}\n\nmain();\n","import { hmac } from '@noble/hashes/hmac';\nimport { sha256 } from '@noble/hashes/sha256';\nimport { deriveMasterKey, deriveKeys } from './kdf.js';\nimport {\n  parseHeader,\n  verifyHeader,\n  fromBase64,\n} from './header.js';\nimport { constantTimeEqual, zeroize } from './crypto-utils.js';\n\nexport async function verifySeal(\n  fileContent: string,\n  password: string,\n): Promise<boolean> {\n  const lines = fileContent.split('\\n');\n  if (lines.length > 0 && lines[lines.length - 1] === '') lines.pop();\n  if (lines.length < 3) throw new Error('Invalid mdenc file: too few lines');\n\n  const headerLine = lines[0];\n  const header = parseHeader(headerLine);\n\n  // Parse header auth\n  const authLine = lines[1];\n  const authMatch = authLine.match(/^hdrauth_b64=([A-Za-z0-9+/=]+)$/);\n  if (!authMatch) throw new Error('Invalid mdenc file: missing hdrauth_b64 line');\n  const headerHmac = fromBase64(authMatch[1]);\n\n  // Derive keys\n  const masterKey = deriveMasterKey(password, header.salt, header.scrypt);\n  const { headerKey, nonceKey } = deriveKeys(masterKey);\n\n  try {\n    // Verify header\n    if (!verifyHeader(headerKey, headerLine, headerHmac)) {\n      throw new Error('Header authentication failed');\n    }\n\n    // Find seal line\n    const chunkAndSealLines = lines.slice(2);\n    const sealIndex = chunkAndSealLines.findIndex(l => l.startsWith('seal_b64='));\n    if (sealIndex < 0) {\n      throw new Error('File is not sealed: no seal_b64 line found');\n    }\n\n    const chunkLines = chunkAndSealLines.slice(0, sealIndex);\n    const sealMatch = chunkAndSealLines[sealIndex].match(/^seal_b64=([A-Za-z0-9+/=]+)$/);\n    if (!sealMatch) throw new Error('Invalid seal line');\n    const storedHmac = fromBase64(sealMatch[1]);\n\n    // Verify seal HMAC (covers header + auth + chunk lines)\n    const sealInput = headerLine + '\\n' + authLine + '\\n' + chunkLines.join('\\n');\n    const sealData = new TextEncoder().encode(sealInput);\n    const computed = hmac(sha256, headerKey, sealData);\n\n    return constantTimeEqual(computed, storedHmac);\n  } finally {\n    zeroize(masterKey, headerKey, nonceKey);\n  }\n}\n","import { readFileSync, writeFileSync, existsSync, chmodSync, unlinkSync } from 'node:fs';\nimport { join } from 'node:path';\nimport { findGitRoot, getHooksDir } from './utils.js';\n\nconst MARKER = '# mdenc-hook-marker';\n\nconst HOOK_NAMES = [\n  'pre-commit',\n  'post-checkout',\n  'post-merge',\n  'post-rewrite',\n] as const;\n\nfunction hookBlock(hookName: string): string {\n  return `\n${MARKER}\nif command -v mdenc >/dev/null 2>&1; then\n  mdenc ${hookName}\nelif [ -x \"./node_modules/.bin/mdenc\" ]; then\n  ./node_modules/.bin/mdenc ${hookName}\nelse\n  echo \"mdenc: not found, skipping ${hookName} hook\" >&2\nfi`;\n}\n\nfunction newHookScript(hookName: string): string {\n  return `#!/bin/sh${hookBlock(hookName)}\n`;\n}\n\nfunction isBinary(content: string): boolean {\n  return content.slice(0, 512).includes('\\0');\n}\n\nfunction hasShellShebang(content: string): boolean {\n  const firstLine = content.split('\\n')[0];\n  return /^#!.*\\b(sh|bash|zsh|dash)\\b/.test(firstLine);\n}\n\nfunction looksLikeFrameworkHook(content: string): boolean {\n  // Detect husky-style hooks that source/exec another script as their main logic\n  const lines = content.split('\\n').filter(l => l.trim() && !l.startsWith('#'));\n  if (lines.length <= 2) {\n    // Very short hook that sources or execs something else\n    return lines.some(l => /^\\.\\s+\"/.test(l.trim()) || /^exec\\s+/.test(l.trim()));\n  }\n  return false;\n}\n\nfunction printManualInstructions(hookName: string): void {\n  process.stderr.write(\n    `mdenc: ${hookName} hook exists but has an unrecognized format.\\n` +\n      `       Add the following to your hook manually:\\n\\n` +\n      `  ${MARKER}\\n` +\n      `  if command -v mdenc >/dev/null 2>&1; then\\n` +\n      `    mdenc ${hookName}\\n` +\n      `  elif [ -x \"./node_modules/.bin/mdenc\" ]; then\\n` +\n      `    ./node_modules/.bin/mdenc ${hookName}\\n` +\n      `  fi\\n\\n`,\n  );\n}\n\nexport async function initCommand(): Promise<void> {\n  const repoRoot = findGitRoot();\n  const hooksDir = getHooksDir();\n\n  for (const hookName of HOOK_NAMES) {\n    const hookPath = join(hooksDir, hookName);\n\n    if (!existsSync(hookPath)) {\n      writeFileSync(hookPath, newHookScript(hookName));\n      chmodSync(hookPath, 0o755);\n      console.log(`Installed ${hookName} hook`);\n      continue;\n    }\n\n    const content = readFileSync(hookPath, 'utf-8');\n\n    if (content.includes(MARKER)) {\n      console.log(`${hookName} hook already installed (skipped)`);\n      continue;\n    }\n\n    // Safety checks\n    if (isBinary(content)) {\n      process.stderr.write(\n        `mdenc: ${hookName} hook appears to be a binary file. Skipping.\\n`,\n      );\n      printManualInstructions(hookName);\n      continue;\n    }\n\n    if (!hasShellShebang(content)) {\n      process.stderr.write(\n        `mdenc: ${hookName} hook has no shell shebang. Skipping.\\n`,\n      );\n      printManualInstructions(hookName);\n      continue;\n    }\n\n    if (looksLikeFrameworkHook(content)) {\n      process.stderr.write(\n        `mdenc: ${hookName} hook appears to be managed by a framework. Skipping.\\n`,\n      );\n      printManualInstructions(hookName);\n      continue;\n    }\n\n    // Safe to append\n    writeFileSync(hookPath, content.trimEnd() + '\\n' + hookBlock(hookName) + '\\n');\n    chmodSync(hookPath, 0o755);\n    console.log(`Appended mdenc to existing ${hookName} hook`);\n  }\n\n  // Add .mdenc-password to root .gitignore\n  const gitignorePath = join(repoRoot, '.gitignore');\n  const entry = '.mdenc-password';\n\n  if (existsSync(gitignorePath)) {\n    const content = readFileSync(gitignorePath, 'utf-8');\n    const lines = content.split('\\n').map(l => l.trim());\n    if (!lines.includes(entry)) {\n      writeFileSync(gitignorePath, content.trimEnd() + '\\n' + entry + '\\n');\n      console.log('Added .mdenc-password to .gitignore');\n    } else {\n      console.log('.mdenc-password already in .gitignore (skipped)');\n    }\n  } else {\n    writeFileSync(gitignorePath, entry + '\\n');\n    console.log('Created .gitignore with .mdenc-password');\n  }\n\n  // Decrypt existing .mdenc files\n  const { decryptAll } = await import('./hooks.js');\n  const count = await decryptAll();\n  if (count > 0) {\n    console.log(`Decrypted ${count} existing file(s)`);\n  }\n\n  console.log('mdenc git integration initialized.');\n}\n\nexport function removeHooksCommand(): void {\n  const hooksDir = getHooksDir();\n  let removedCount = 0;\n\n  for (const hookName of HOOK_NAMES) {\n    const hookPath = join(hooksDir, hookName);\n\n    if (!existsSync(hookPath)) continue;\n\n    const content = readFileSync(hookPath, 'utf-8');\n    if (!content.includes(MARKER)) {\n      console.log(`${hookName}: no mdenc block found (skipped)`);\n      continue;\n    }\n\n    // Remove the mdenc block: from the marker line through the matching fi\n    const lines = content.split('\\n');\n    const filtered: string[] = [];\n    let inBlock = false;\n\n    for (const line of lines) {\n      if (line.trim() === MARKER) {\n        inBlock = true;\n        continue;\n      }\n      if (inBlock) {\n        if (line.trim() === 'fi') {\n          inBlock = false;\n          continue;\n        }\n        continue;\n      }\n      filtered.push(line);\n    }\n\n    const result = filtered.join('\\n');\n    const isEmpty = result.split('\\n').every(l => l.trim() === '' || l.startsWith('#!'));\n\n    if (isEmpty) {\n      unlinkSync(hookPath);\n      console.log(`Removed ${hookName} hook (was mdenc-only)`);\n    } else {\n      writeFileSync(hookPath, result);\n      console.log(`Removed mdenc block from ${hookName} hook`);\n    }\n\n    removedCount++;\n  }\n\n  if (removedCount === 0) {\n    console.log('No mdenc hooks found to remove.');\n  } else {\n    console.log('mdenc hooks removed.');\n  }\n}\n","import { existsSync, readFileSync, writeFileSync } from 'node:fs';\nimport { join, relative, resolve } from 'node:path';\nimport {\n  findGitRoot,\n  getMdFilesInDir,\n  gitAdd,\n  gitRmCached,\n  isFileTracked,\n} from './utils.js';\n\nconst MARKER_FILE = '.mdenc.conf';\nconst MARKER_CONTENT = '# mdenc: .md files in this directory are automatically encrypted\\n';\nconst GITIGNORE_PATTERN = '*.md';\n\nexport function markCommand(dirArg: string): void {\n  const repoRoot = findGitRoot();\n  const dir = resolve(dirArg);\n\n  if (!existsSync(dir)) {\n    console.error(`Error: directory \"${dirArg}\" does not exist`);\n    process.exit(1);\n  }\n\n  const rel = relative(repoRoot, dir);\n  if (rel.startsWith('..')) {\n    console.error(`Error: directory \"${dirArg}\" is outside the git repository`);\n    process.exit(1);\n  }\n\n  const relDir = rel || '.';\n\n  // Create .mdenc.conf\n  const confPath = join(dir, MARKER_FILE);\n  if (!existsSync(confPath)) {\n    writeFileSync(confPath, MARKER_CONTENT);\n    console.log(`Created ${relDir}/${MARKER_FILE}`);\n  } else {\n    console.log(`${relDir}/${MARKER_FILE} already exists (skipped)`);\n  }\n\n  // Create/update .gitignore\n  const gitignorePath = join(dir, '.gitignore');\n  if (existsSync(gitignorePath)) {\n    const content = readFileSync(gitignorePath, 'utf-8');\n    const lines = content.split('\\n').map(l => l.trim());\n    if (!lines.includes(GITIGNORE_PATTERN)) {\n      writeFileSync(gitignorePath, content.trimEnd() + '\\n' + GITIGNORE_PATTERN + '\\n');\n      console.log(`Updated ${relDir}/.gitignore (added ${GITIGNORE_PATTERN})`);\n    } else {\n      console.log(`${relDir}/.gitignore already has ${GITIGNORE_PATTERN} (skipped)`);\n    }\n  } else {\n    writeFileSync(gitignorePath, GITIGNORE_PATTERN + '\\n');\n    console.log(`Created ${relDir}/.gitignore with ${GITIGNORE_PATTERN}`);\n  }\n\n  // Untrack any currently-tracked .md files\n  const mdFiles = getMdFilesInDir(dir);\n  const trackedMd: string[] = [];\n  for (const f of mdFiles) {\n    const relPath = relative(repoRoot, join(dir, f));\n    if (isFileTracked(repoRoot, relPath)) {\n      trackedMd.push(relPath);\n    }\n  }\n\n  if (trackedMd.length > 0) {\n    gitRmCached(repoRoot, trackedMd);\n    for (const f of trackedMd) {\n      console.log(`Untracked ${f} from git (still exists locally)`);\n    }\n  }\n\n  // Stage .mdenc.conf and .gitignore\n  const toStage = [\n    relative(repoRoot, confPath),\n    relative(repoRoot, gitignorePath),\n  ];\n  gitAdd(repoRoot, toStage);\n\n  console.log(`Marked ${relDir}/ for mdenc encryption`);\n}\n","import { existsSync, readFileSync, statSync } from 'node:fs';\nimport { join, relative } from 'node:path';\nimport { resolvePassword } from './password.js';\nimport {\n  findGitRoot,\n  findMarkedDirs,\n  getHooksDir,\n  getMdFilesInDir,\n  getMdencFilesInDir,\n} from './utils.js';\n\nconst HOOK_NAMES = ['pre-commit', 'post-checkout', 'post-merge', 'post-rewrite'];\nconst MARKER = '# mdenc-hook-marker';\n\nexport function statusCommand(): void {\n  const repoRoot = findGitRoot();\n  const password = resolvePassword(repoRoot);\n  const markedDirs = findMarkedDirs(repoRoot);\n\n  if (markedDirs.length === 0) {\n    console.log('No directories marked for mdenc encryption.');\n    console.log('Use \"mdenc mark <directory>\" to designate a directory.');\n  } else {\n    console.log('Marked directories:\\n');\n\n    for (const dir of markedDirs) {\n      const relDir = relative(repoRoot, dir) || '.';\n      console.log(`  ${relDir}/`);\n\n      const mdFiles = getMdFilesInDir(dir);\n      const mdencFiles = getMdencFilesInDir(dir);\n\n      const mdBases = new Set(mdFiles.map(f => f.replace(/\\.md$/, '')));\n      const mdencBases = new Set(mdencFiles.map(f => f.replace(/\\.mdenc$/, '')));\n\n      // Paired files (both .md and .mdenc exist)\n      for (const base of mdBases) {\n        if (mdencBases.has(base)) {\n          const mdPath = join(dir, `${base}.md`);\n          const mdencPath = join(dir, `${base}.mdenc`);\n          const mdMtime = statSync(mdPath).mtimeMs;\n          const mdencMtime = statSync(mdencPath).mtimeMs;\n\n          if (mdMtime > mdencMtime) {\n            console.log(`    ${base}.md  [needs re-encryption]`);\n          } else {\n            console.log(`    ${base}.md  [up to date]`);\n          }\n        } else {\n          console.log(`    ${base}.md  [not yet encrypted]`);\n        }\n      }\n\n      // Orphaned .mdenc files (no corresponding .md)\n      for (const base of mdencBases) {\n        if (!mdBases.has(base)) {\n          console.log(`    ${base}.mdenc  [needs decryption]`);\n        }\n      }\n\n      // Check .gitignore health\n      const gitignorePath = join(dir, '.gitignore');\n      if (!existsSync(gitignorePath)) {\n        console.log(`    WARNING: no .gitignore in this directory`);\n      } else {\n        const content = readFileSync(gitignorePath, 'utf-8');\n        if (!content.split('\\n').some(l => l.trim() === '*.md')) {\n          console.log(`    WARNING: .gitignore missing *.md pattern`);\n        }\n      }\n\n      console.log();\n    }\n  }\n\n  // Password status\n  if (!password) {\n    console.log('Password: NOT AVAILABLE');\n    console.log('  Set MDENC_PASSWORD env var or create .mdenc-password file');\n  } else {\n    console.log('Password: available');\n  }\n\n  // Hook status\n  const hooksDir = getHooksDir();\n  const missing: string[] = [];\n  for (const name of HOOK_NAMES) {\n    const hookPath = join(hooksDir, name);\n    if (!existsSync(hookPath)) {\n      missing.push(name);\n    } else {\n      const content = readFileSync(hookPath, 'utf-8');\n      if (!content.includes(MARKER)) {\n        missing.push(name);\n      }\n    }\n  }\n\n  if (missing.length > 0) {\n    console.log(`Hooks: MISSING (${missing.join(', ')})`);\n    console.log('  Run \"mdenc init\" to install hooks');\n  } else {\n    console.log('Hooks: all installed');\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,SAAS,gBAAAA,eAAc,iBAAAC,sBAAqB;;;ACA5C,SAAS,YAAY;AACrB,SAAS,cAAc;AASvB,eAAsB,WACpB,aACA,UACkB;AAClB,QAAM,QAAQ,YAAY,MAAM,IAAI;AACpC,MAAI,MAAM,SAAS,KAAK,MAAM,MAAM,SAAS,CAAC,MAAM,GAAI,OAAM,IAAI;AAClE,MAAI,MAAM,SAAS,EAAG,OAAM,IAAI,MAAM,mCAAmC;AAEzE,QAAM,aAAa,MAAM,CAAC;AAC1B,QAAM,SAAS,YAAY,UAAU;AAGrC,QAAM,WAAW,MAAM,CAAC;AACxB,QAAM,YAAY,SAAS,MAAM,iCAAiC;AAClE,MAAI,CAAC,UAAW,OAAM,IAAI,MAAM,8CAA8C;AAC9E,QAAM,aAAa,WAAW,UAAU,CAAC,CAAC;AAG1C,QAAM,YAAY,gBAAgB,UAAU,OAAO,MAAM,OAAO,MAAM;AACtE,QAAM,EAAE,WAAW,SAAS,IAAI,WAAW,SAAS;AAEpD,MAAI;AAEF,QAAI,CAAC,aAAa,WAAW,YAAY,UAAU,GAAG;AACpD,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAChD;AAGA,UAAM,oBAAoB,MAAM,MAAM,CAAC;AACvC,UAAM,YAAY,kBAAkB,UAAU,OAAK,EAAE,WAAW,WAAW,CAAC;AAC5E,QAAI,YAAY,GAAG;AACjB,YAAM,IAAI,MAAM,4CAA4C;AAAA,IAC9D;AAEA,UAAM,aAAa,kBAAkB,MAAM,GAAG,SAAS;AACvD,UAAM,YAAY,kBAAkB,SAAS,EAAE,MAAM,8BAA8B;AACnF,QAAI,CAAC,UAAW,OAAM,IAAI,MAAM,mBAAmB;AACnD,UAAM,aAAa,WAAW,UAAU,CAAC,CAAC;AAG1C,UAAM,YAAY,aAAa,OAAO,WAAW,OAAO,WAAW,KAAK,IAAI;AAC5E,UAAM,WAAW,IAAI,YAAY,EAAE,OAAO,SAAS;AACnD,UAAM,WAAW,KAAK,QAAQ,WAAW,QAAQ;AAEjD,WAAO,kBAAkB,UAAU,UAAU;AAAA,EAC/C,UAAE;AACA,YAAQ,WAAW,WAAW,QAAQ;AAAA,EACxC;AACF;;;AC1DA,SAAS,cAAc,eAAe,YAAY,WAAW,kBAAkB;AAC/E,SAAS,YAAY;AAGrB,IAAM,SAAS;AAEf,IAAM,aAAa;AAAA,EACjB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,SAAS,UAAU,UAA0B;AAC3C,SAAO;AAAA,EACP,MAAM;AAAA;AAAA,UAEE,QAAQ;AAAA;AAAA,8BAEY,QAAQ;AAAA;AAAA,qCAED,QAAQ;AAAA;AAE7C;AAEA,SAAS,cAAc,UAA0B;AAC/C,SAAO,YAAY,UAAU,QAAQ,CAAC;AAAA;AAExC;AAEA,SAAS,SAAS,SAA0B;AAC1C,SAAO,QAAQ,MAAM,GAAG,GAAG,EAAE,SAAS,IAAI;AAC5C;AAEA,SAAS,gBAAgB,SAA0B;AACjD,QAAM,YAAY,QAAQ,MAAM,IAAI,EAAE,CAAC;AACvC,SAAO,8BAA8B,KAAK,SAAS;AACrD;AAEA,SAAS,uBAAuB,SAA0B;AAExD,QAAM,QAAQ,QAAQ,MAAM,IAAI,EAAE,OAAO,OAAK,EAAE,KAAK,KAAK,CAAC,EAAE,WAAW,GAAG,CAAC;AAC5E,MAAI,MAAM,UAAU,GAAG;AAErB,WAAO,MAAM,KAAK,OAAK,UAAU,KAAK,EAAE,KAAK,CAAC,KAAK,WAAW,KAAK,EAAE,KAAK,CAAC,CAAC;AAAA,EAC9E;AACA,SAAO;AACT;AAEA,SAAS,wBAAwB,UAAwB;AACvD,UAAQ,OAAO;AAAA,IACb,UAAU,QAAQ;AAAA;AAAA;AAAA,IAEX,MAAM;AAAA;AAAA,YAEE,QAAQ;AAAA;AAAA,gCAEY,QAAQ;AAAA;AAAA;AAAA;AAAA,EAE7C;AACF;AAEA,eAAsB,cAA6B;AACjD,QAAM,WAAW,YAAY;AAC7B,QAAM,WAAW,YAAY;AAE7B,aAAW,YAAY,YAAY;AACjC,UAAM,WAAW,KAAK,UAAU,QAAQ;AAExC,QAAI,CAAC,WAAW,QAAQ,GAAG;AACzB,oBAAc,UAAU,cAAc,QAAQ,CAAC;AAC/C,gBAAU,UAAU,GAAK;AACzB,cAAQ,IAAI,aAAa,QAAQ,OAAO;AACxC;AAAA,IACF;AAEA,UAAM,UAAU,aAAa,UAAU,OAAO;AAE9C,QAAI,QAAQ,SAAS,MAAM,GAAG;AAC5B,cAAQ,IAAI,GAAG,QAAQ,mCAAmC;AAC1D;AAAA,IACF;AAGA,QAAI,SAAS,OAAO,GAAG;AACrB,cAAQ,OAAO;AAAA,QACb,UAAU,QAAQ;AAAA;AAAA,MACpB;AACA,8BAAwB,QAAQ;AAChC;AAAA,IACF;AAEA,QAAI,CAAC,gBAAgB,OAAO,GAAG;AAC7B,cAAQ,OAAO;AAAA,QACb,UAAU,QAAQ;AAAA;AAAA,MACpB;AACA,8BAAwB,QAAQ;AAChC;AAAA,IACF;AAEA,QAAI,uBAAuB,OAAO,GAAG;AACnC,cAAQ,OAAO;AAAA,QACb,UAAU,QAAQ;AAAA;AAAA,MACpB;AACA,8BAAwB,QAAQ;AAChC;AAAA,IACF;AAGA,kBAAc,UAAU,QAAQ,QAAQ,IAAI,OAAO,UAAU,QAAQ,IAAI,IAAI;AAC7E,cAAU,UAAU,GAAK;AACzB,YAAQ,IAAI,8BAA8B,QAAQ,OAAO;AAAA,EAC3D;AAGA,QAAM,gBAAgB,KAAK,UAAU,YAAY;AACjD,QAAM,QAAQ;AAEd,MAAI,WAAW,aAAa,GAAG;AAC7B,UAAM,UAAU,aAAa,eAAe,OAAO;AACnD,UAAM,QAAQ,QAAQ,MAAM,IAAI,EAAE,IAAI,OAAK,EAAE,KAAK,CAAC;AACnD,QAAI,CAAC,MAAM,SAAS,KAAK,GAAG;AAC1B,oBAAc,eAAe,QAAQ,QAAQ,IAAI,OAAO,QAAQ,IAAI;AACpE,cAAQ,IAAI,qCAAqC;AAAA,IACnD,OAAO;AACL,cAAQ,IAAI,iDAAiD;AAAA,IAC/D;AAAA,EACF,OAAO;AACL,kBAAc,eAAe,QAAQ,IAAI;AACzC,YAAQ,IAAI,yCAAyC;AAAA,EACvD;AAGA,QAAM,EAAE,WAAW,IAAI,MAAM,OAAO,qBAAY;AAChD,QAAM,QAAQ,MAAM,WAAW;AAC/B,MAAI,QAAQ,GAAG;AACb,YAAQ,IAAI,aAAa,KAAK,mBAAmB;AAAA,EACnD;AAEA,UAAQ,IAAI,oCAAoC;AAClD;AAEO,SAAS,qBAA2B;AACzC,QAAM,WAAW,YAAY;AAC7B,MAAI,eAAe;AAEnB,aAAW,YAAY,YAAY;AACjC,UAAM,WAAW,KAAK,UAAU,QAAQ;AAExC,QAAI,CAAC,WAAW,QAAQ,EAAG;AAE3B,UAAM,UAAU,aAAa,UAAU,OAAO;AAC9C,QAAI,CAAC,QAAQ,SAAS,MAAM,GAAG;AAC7B,cAAQ,IAAI,GAAG,QAAQ,kCAAkC;AACzD;AAAA,IACF;AAGA,UAAM,QAAQ,QAAQ,MAAM,IAAI;AAChC,UAAM,WAAqB,CAAC;AAC5B,QAAI,UAAU;AAEd,eAAW,QAAQ,OAAO;AACxB,UAAI,KAAK,KAAK,MAAM,QAAQ;AAC1B,kBAAU;AACV;AAAA,MACF;AACA,UAAI,SAAS;AACX,YAAI,KAAK,KAAK,MAAM,MAAM;AACxB,oBAAU;AACV;AAAA,QACF;AACA;AAAA,MACF;AACA,eAAS,KAAK,IAAI;AAAA,IACpB;AAEA,UAAM,SAAS,SAAS,KAAK,IAAI;AACjC,UAAM,UAAU,OAAO,MAAM,IAAI,EAAE,MAAM,OAAK,EAAE,KAAK,MAAM,MAAM,EAAE,WAAW,IAAI,CAAC;AAEnF,QAAI,SAAS;AACX,iBAAW,QAAQ;AACnB,cAAQ,IAAI,WAAW,QAAQ,wBAAwB;AAAA,IACzD,OAAO;AACL,oBAAc,UAAU,MAAM;AAC9B,cAAQ,IAAI,4BAA4B,QAAQ,OAAO;AAAA,IACzD;AAEA;AAAA,EACF;AAEA,MAAI,iBAAiB,GAAG;AACtB,YAAQ,IAAI,iCAAiC;AAAA,EAC/C,OAAO;AACL,YAAQ,IAAI,sBAAsB;AAAA,EACpC;AACF;;;ACpMA,SAAS,cAAAC,aAAY,gBAAAC,eAAc,iBAAAC,sBAAqB;AACxD,SAAS,QAAAC,OAAM,UAAU,eAAe;AASxC,IAAM,cAAc;AACpB,IAAM,iBAAiB;AACvB,IAAM,oBAAoB;AAEnB,SAAS,YAAY,QAAsB;AAChD,QAAM,WAAW,YAAY;AAC7B,QAAM,MAAM,QAAQ,MAAM;AAE1B,MAAI,CAACC,YAAW,GAAG,GAAG;AACpB,YAAQ,MAAM,qBAAqB,MAAM,kBAAkB;AAC3D,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,QAAM,MAAM,SAAS,UAAU,GAAG;AAClC,MAAI,IAAI,WAAW,IAAI,GAAG;AACxB,YAAQ,MAAM,qBAAqB,MAAM,iCAAiC;AAC1E,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,QAAM,SAAS,OAAO;AAGtB,QAAM,WAAWC,MAAK,KAAK,WAAW;AACtC,MAAI,CAACD,YAAW,QAAQ,GAAG;AACzB,IAAAE,eAAc,UAAU,cAAc;AACtC,YAAQ,IAAI,WAAW,MAAM,IAAI,WAAW,EAAE;AAAA,EAChD,OAAO;AACL,YAAQ,IAAI,GAAG,MAAM,IAAI,WAAW,2BAA2B;AAAA,EACjE;AAGA,QAAM,gBAAgBD,MAAK,KAAK,YAAY;AAC5C,MAAID,YAAW,aAAa,GAAG;AAC7B,UAAM,UAAUG,cAAa,eAAe,OAAO;AACnD,UAAM,QAAQ,QAAQ,MAAM,IAAI,EAAE,IAAI,OAAK,EAAE,KAAK,CAAC;AACnD,QAAI,CAAC,MAAM,SAAS,iBAAiB,GAAG;AACtC,MAAAD,eAAc,eAAe,QAAQ,QAAQ,IAAI,OAAO,oBAAoB,IAAI;AAChF,cAAQ,IAAI,WAAW,MAAM,sBAAsB,iBAAiB,GAAG;AAAA,IACzE,OAAO;AACL,cAAQ,IAAI,GAAG,MAAM,2BAA2B,iBAAiB,YAAY;AAAA,IAC/E;AAAA,EACF,OAAO;AACL,IAAAA,eAAc,eAAe,oBAAoB,IAAI;AACrD,YAAQ,IAAI,WAAW,MAAM,oBAAoB,iBAAiB,EAAE;AAAA,EACtE;AAGA,QAAM,UAAU,gBAAgB,GAAG;AACnC,QAAM,YAAsB,CAAC;AAC7B,aAAW,KAAK,SAAS;AACvB,UAAM,UAAU,SAAS,UAAUD,MAAK,KAAK,CAAC,CAAC;AAC/C,QAAI,cAAc,UAAU,OAAO,GAAG;AACpC,gBAAU,KAAK,OAAO;AAAA,IACxB;AAAA,EACF;AAEA,MAAI,UAAU,SAAS,GAAG;AACxB,gBAAY,UAAU,SAAS;AAC/B,eAAW,KAAK,WAAW;AACzB,cAAQ,IAAI,aAAa,CAAC,kCAAkC;AAAA,IAC9D;AAAA,EACF;AAGA,QAAM,UAAU;AAAA,IACd,SAAS,UAAU,QAAQ;AAAA,IAC3B,SAAS,UAAU,aAAa;AAAA,EAClC;AACA,SAAO,UAAU,OAAO;AAExB,UAAQ,IAAI,UAAU,MAAM,wBAAwB;AACtD;;;ACjFA,SAAS,cAAAG,aAAY,gBAAAC,eAAc,gBAAgB;AACnD,SAAS,QAAAC,OAAM,YAAAC,iBAAgB;AAU/B,IAAMC,cAAa,CAAC,cAAc,iBAAiB,cAAc,cAAc;AAC/E,IAAMC,UAAS;AAER,SAAS,gBAAsB;AACpC,QAAM,WAAW,YAAY;AAC7B,QAAM,WAAW,gBAAgB,QAAQ;AACzC,QAAM,aAAa,eAAe,QAAQ;AAE1C,MAAI,WAAW,WAAW,GAAG;AAC3B,YAAQ,IAAI,6CAA6C;AACzD,YAAQ,IAAI,wDAAwD;AAAA,EACtE,OAAO;AACL,YAAQ,IAAI,uBAAuB;AAEnC,eAAW,OAAO,YAAY;AAC5B,YAAM,SAASC,UAAS,UAAU,GAAG,KAAK;AAC1C,cAAQ,IAAI,KAAK,MAAM,GAAG;AAE1B,YAAM,UAAU,gBAAgB,GAAG;AACnC,YAAM,aAAa,mBAAmB,GAAG;AAEzC,YAAM,UAAU,IAAI,IAAI,QAAQ,IAAI,OAAK,EAAE,QAAQ,SAAS,EAAE,CAAC,CAAC;AAChE,YAAM,aAAa,IAAI,IAAI,WAAW,IAAI,OAAK,EAAE,QAAQ,YAAY,EAAE,CAAC,CAAC;AAGzE,iBAAW,QAAQ,SAAS;AAC1B,YAAI,WAAW,IAAI,IAAI,GAAG;AACxB,gBAAM,SAASC,MAAK,KAAK,GAAG,IAAI,KAAK;AACrC,gBAAM,YAAYA,MAAK,KAAK,GAAG,IAAI,QAAQ;AAC3C,gBAAM,UAAU,SAAS,MAAM,EAAE;AACjC,gBAAM,aAAa,SAAS,SAAS,EAAE;AAEvC,cAAI,UAAU,YAAY;AACxB,oBAAQ,IAAI,OAAO,IAAI,4BAA4B;AAAA,UACrD,OAAO;AACL,oBAAQ,IAAI,OAAO,IAAI,mBAAmB;AAAA,UAC5C;AAAA,QACF,OAAO;AACL,kBAAQ,IAAI,OAAO,IAAI,0BAA0B;AAAA,QACnD;AAAA,MACF;AAGA,iBAAW,QAAQ,YAAY;AAC7B,YAAI,CAAC,QAAQ,IAAI,IAAI,GAAG;AACtB,kBAAQ,IAAI,OAAO,IAAI,4BAA4B;AAAA,QACrD;AAAA,MACF;AAGA,YAAM,gBAAgBA,MAAK,KAAK,YAAY;AAC5C,UAAI,CAACC,YAAW,aAAa,GAAG;AAC9B,gBAAQ,IAAI,8CAA8C;AAAA,MAC5D,OAAO;AACL,cAAM,UAAUC,cAAa,eAAe,OAAO;AACnD,YAAI,CAAC,QAAQ,MAAM,IAAI,EAAE,KAAK,OAAK,EAAE,KAAK,MAAM,MAAM,GAAG;AACvD,kBAAQ,IAAI,8CAA8C;AAAA,QAC5D;AAAA,MACF;AAEA,cAAQ,IAAI;AAAA,IACd;AAAA,EACF;AAGA,MAAI,CAAC,UAAU;AACb,YAAQ,IAAI,yBAAyB;AACrC,YAAQ,IAAI,6DAA6D;AAAA,EAC3E,OAAO;AACL,YAAQ,IAAI,qBAAqB;AAAA,EACnC;AAGA,QAAM,WAAW,YAAY;AAC7B,QAAM,UAAoB,CAAC;AAC3B,aAAW,QAAQL,aAAY;AAC7B,UAAM,WAAWG,MAAK,UAAU,IAAI;AACpC,QAAI,CAACC,YAAW,QAAQ,GAAG;AACzB,cAAQ,KAAK,IAAI;AAAA,IACnB,OAAO;AACL,YAAM,UAAUC,cAAa,UAAU,OAAO;AAC9C,UAAI,CAAC,QAAQ,SAASJ,OAAM,GAAG;AAC7B,gBAAQ,KAAK,IAAI;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AAEA,MAAI,QAAQ,SAAS,GAAG;AACtB,YAAQ,IAAI,mBAAmB,QAAQ,KAAK,IAAI,CAAC,GAAG;AACpD,YAAQ,IAAI,qCAAqC;AAAA,EACnD,OAAO;AACL,YAAQ,IAAI,sBAAsB;AAAA,EACpC;AACF;;;AJ3FA,SAAS,oBAAoB,QAAiC;AAC5D,SAAO,IAAI,QAAQ,CAACK,aAAY;AAC9B,QAAI,CAAC,QAAQ,MAAM,OAAO;AAExB,cAAQ,OAAO,MAAM,MAAM;AAC3B,UAAI,OAAO;AACX,cAAQ,MAAM,YAAY,OAAO;AACjC,cAAQ,MAAM,GAAG,QAAQ,CAAC,UAAkB;AAC1C,cAAM,QAAQ,MAAM,QAAQ,IAAI;AAChC,YAAI,SAAS,GAAG;AACd,kBAAQ,MAAM,MAAM,GAAG,KAAK;AAC5B,kBAAQ,MAAM,MAAM;AACpB,UAAAA,SAAQ,IAAI;AAAA,QACd,OAAO;AACL,kBAAQ;AAAA,QACV;AAAA,MACF,CAAC;AACD,cAAQ,MAAM,GAAG,OAAO,MAAMA,SAAQ,IAAI,CAAC;AAC3C,cAAQ,MAAM,OAAO;AACrB;AAAA,IACF;AAEA,YAAQ,OAAO,MAAM,MAAM;AAC3B,UAAM,MAAgB,CAAC;AAEvB,YAAQ,MAAM,WAAW,IAAI;AAC7B,YAAQ,MAAM,YAAY,OAAO;AACjC,YAAQ,MAAM,OAAO;AAErB,UAAM,SAAS,CAAC,OAAe;AAC7B,UAAI,OAAO,KAAU;AAEnB,gBAAQ,OAAO,MAAM,IAAI;AACzB,gBAAQ,MAAM,WAAW,KAAK;AAC9B,gBAAQ,MAAM,MAAM;AACpB,gBAAQ,MAAM,eAAe,QAAQ,MAAM;AAC3C,gBAAQ,KAAK,GAAG;AAAA,MAClB,WAAW,OAAO,QAAQ,OAAO,MAAM;AAErC,gBAAQ,OAAO,MAAM,IAAI;AACzB,gBAAQ,MAAM,WAAW,KAAK;AAC9B,gBAAQ,MAAM,MAAM;AACpB,gBAAQ,MAAM,eAAe,QAAQ,MAAM;AAC3C,QAAAA,SAAQ,IAAI,KAAK,EAAE,CAAC;AAAA,MACtB,WAAW,OAAO,UAAY,OAAO,MAAM;AAEzC,YAAI,IAAI;AAAA,MACV,WAAW,OAAO,KAAU;AAE1B,gBAAQ,OAAO,MAAM,IAAI;AACzB,gBAAQ,MAAM,WAAW,KAAK;AAC9B,gBAAQ,MAAM,MAAM;AACpB,gBAAQ,MAAM,eAAe,QAAQ,MAAM;AAC3C,QAAAA,SAAQ,IAAI,KAAK,EAAE,CAAC;AAAA,MACtB,WAAW,MAAM,KAAK;AACpB,YAAI,KAAK,EAAE;AAAA,MACb;AAAA,IACF;AAEA,YAAQ,MAAM,GAAG,QAAQ,MAAM;AAAA,EACjC,CAAC;AACH;AAEA,eAAe,YAAY,SAAS,cAA+B;AACjE,QAAM,cAAc,QAAQ,IAAI,gBAAgB;AAChD,MAAI,YAAa,QAAO;AAExB,SAAO,oBAAoB,MAAM;AACnC;AAEA,eAAe,8BAA+C;AAC5D,MAAI,QAAQ,IAAI,gBAAgB,EAAG,QAAO,QAAQ,IAAI,gBAAgB;AAEtE,QAAM,WAAW,MAAM,oBAAoB,YAAY;AACvD,QAAM,UAAU,MAAM,oBAAoB,oBAAoB;AAC9D,MAAI,aAAa,SAAS;AACxB,YAAQ,MAAM,+BAA+B;AAC7C,YAAQ,KAAK,CAAC;AAAA,EAChB;AACA,SAAO;AACT;AAEA,SAAS,QAAe;AACtB,UAAQ,MAAM;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,6DAS6C;AAC3D,UAAQ,KAAK,CAAC;AAChB;AAEA,eAAe,OAAsB;AACnC,QAAM,OAAO,QAAQ,KAAK,MAAM,CAAC;AAEjC,MAAI,KAAK,WAAW,EAAG,OAAM;AAE7B,QAAM,UAAU,KAAK,CAAC;AAEtB,MAAI;AACF,YAAQ,SAAS;AAAA,MACf,KAAK,WAAW;AACd,YAAI,CAAC,KAAK,CAAC,EAAG,OAAM;AACpB,cAAM,YAAY,KAAK,CAAC;AACxB,cAAM,YAAY,KAAK,QAAQ,IAAI;AACnC,cAAM,aAAa,aAAa,IAAI,KAAK,YAAY,CAAC,IAAI;AAC1D,cAAM,WAAW,MAAM,4BAA4B;AACnD,cAAM,YAAYC,cAAa,WAAW,OAAO;AACjD,cAAM,YAAY,MAAM,QAAQ,WAAW,QAAQ;AACnD,YAAI,YAAY;AACd,UAAAC,eAAc,YAAY,SAAS;AAAA,QACrC,OAAO;AACL,kBAAQ,OAAO,MAAM,SAAS;AAAA,QAChC;AACA;AAAA,MACF;AAAA,MAEA,KAAK,WAAW;AACd,YAAI,CAAC,KAAK,CAAC,EAAG,OAAM;AACpB,cAAM,YAAY,KAAK,CAAC;AACxB,cAAM,YAAY,KAAK,QAAQ,IAAI;AACnC,cAAM,aAAa,aAAa,IAAI,KAAK,YAAY,CAAC,IAAI;AAC1D,cAAM,WAAW,MAAM,YAAY;AACnC,cAAM,cAAcD,cAAa,WAAW,OAAO;AACnD,cAAM,YAAY,MAAM,QAAQ,aAAa,QAAQ;AACrD,YAAI,YAAY;AACd,UAAAC,eAAc,YAAY,SAAS;AAAA,QACrC,OAAO;AACL,kBAAQ,OAAO,MAAM,SAAS;AAAA,QAChC;AACA;AAAA,MACF;AAAA,MAEA,KAAK,UAAU;AACb,YAAI,CAAC,KAAK,CAAC,EAAG,OAAM;AACpB,cAAM,YAAY,KAAK,CAAC;AACxB,cAAM,WAAW,MAAM,YAAY;AACnC,cAAM,cAAcD,cAAa,WAAW,OAAO;AACnD,cAAM,QAAQ,MAAM,WAAW,aAAa,QAAQ;AACpD,YAAI,OAAO;AACT,kBAAQ,MAAM,mBAAmB;AACjC,kBAAQ,KAAK,CAAC;AAAA,QAChB,OAAO;AACL,kBAAQ,MAAM,0BAA0B;AACxC,kBAAQ,KAAK,CAAC;AAAA,QAChB;AACA;AAAA,MACF;AAAA,MAEA,KAAK;AACH,cAAM,YAAY;AAClB;AAAA,MAEF,KAAK,QAAQ;AACX,YAAI,CAAC,KAAK,CAAC,GAAG;AACZ,kBAAQ,MAAM,+BAA+B;AAC7C,kBAAQ,KAAK,CAAC;AAAA,QAChB;AACA,oBAAY,KAAK,CAAC,CAAC;AACnB;AAAA,MACF;AAAA,MAEA,KAAK;AACH,sBAAc;AACd;AAAA,MAEF,KAAK;AACH,2BAAmB;AACnB;AAAA;AAAA,MAGF,KAAK;AACH,cAAM,cAAc;AACpB;AAAA,MAEF,KAAK;AACH,cAAM,iBAAiB;AACvB;AAAA,MAEF,KAAK;AACH,cAAM,cAAc;AACpB;AAAA,MAEF,KAAK;AACH,cAAM,gBAAgB;AACtB;AAAA,MAEF;AACE,gBAAQ,MAAM,oBAAoB,OAAO,EAAE;AAC3C,cAAM;AAAA,IACV;AAAA,EACF,SAAS,KAAK;AACZ,YAAQ,MAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,GAAG,EAAE;AAClE,YAAQ,KAAK,CAAC;AAAA,EAChB;AACF;AAEA,KAAK;","names":["readFileSync","writeFileSync","existsSync","readFileSync","writeFileSync","join","existsSync","join","writeFileSync","readFileSync","existsSync","readFileSync","join","relative","HOOK_NAMES","MARKER","relative","join","existsSync","readFileSync","resolve","readFileSync","writeFileSync"]}

package/dist/hooks-ZO2DIE5U.js

@@ -0,0 +1,16 @@
+#!/usr/bin/env node
+import {
+  decryptAll,
+  postCheckoutHook,
+  postMergeHook,
+  postRewriteHook,
+  preCommitHook
+} from "./chunk-FFRUPAVV.js";
+export {
+  decryptAll,
+  postCheckoutHook,
+  postMergeHook,
+  postRewriteHook,
+  preCommitHook
+};
+//# sourceMappingURL=hooks-ZO2DIE5U.js.map

package/dist/hooks-ZO2DIE5U.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/index.cjs

@@ -0,0 +1,455 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  ChunkingStrategy: () => ChunkingStrategy,
+  DEFAULT_SCRYPT_PARAMS: () => DEFAULT_SCRYPT_PARAMS,
+  decrypt: () => decrypt,
+  encrypt: () => encrypt,
+  verifySeal: () => verifySeal
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/types.ts
+var DEFAULT_SCRYPT_PARAMS = {
+  N: 16384,
+  r: 8,
+  p: 1
+};
+var SCRYPT_BOUNDS = {
+  N: { min: 1024, max: 1048576 },
+  // 2^10 – 2^20
+  r: { min: 1, max: 64 },
+  p: { min: 1, max: 16 }
+};
+var ChunkingStrategy = /* @__PURE__ */ ((ChunkingStrategy2) => {
+  ChunkingStrategy2["Paragraph"] = "paragraph";
+  ChunkingStrategy2["FixedSize"] = "fixed-size";
+  return ChunkingStrategy2;
+})(ChunkingStrategy || {});
+
+// src/encrypt.ts
+var import_hmac3 = require("@noble/hashes/hmac");
+var import_sha2564 = require("@noble/hashes/sha256");
+
+// src/chunking.ts
+var DEFAULT_MAX_CHUNK_SIZE = 65536;
+function chunkByParagraph(text, maxSize = DEFAULT_MAX_CHUNK_SIZE) {
+  const normalized = text.replace(/\r\n/g, "\n");
+  if (normalized.length === 0) {
+    return [""];
+  }
+  const chunks = [];
+  const boundary = /\n{2,}/g;
+  let lastEnd = 0;
+  let match;
+  while ((match = boundary.exec(normalized)) !== null) {
+    const chunkEnd = match.index + match[0].length;
+    chunks.push(normalized.slice(lastEnd, chunkEnd));
+    lastEnd = chunkEnd;
+  }
+  if (lastEnd < normalized.length) {
+    chunks.push(normalized.slice(lastEnd));
+  } else if (chunks.length === 0) {
+    chunks.push(normalized);
+  }
+  const result = [];
+  for (const chunk of chunks) {
+    if (byteLength(chunk) <= maxSize) {
+      result.push(chunk);
+    } else {
+      result.push(...splitAtByteLimit(chunk, maxSize));
+    }
+  }
+  return result;
+}
+function chunkByFixedSize(text, size) {
+  const normalized = text.replace(/\r\n/g, "\n");
+  if (normalized.length === 0) {
+    return [""];
+  }
+  const bytes = new TextEncoder().encode(normalized);
+  if (bytes.length <= size) {
+    return [normalized];
+  }
+  const chunks = [];
+  const decoder = new TextDecoder();
+  let offset = 0;
+  while (offset < bytes.length) {
+    const end = Math.min(offset + size, bytes.length);
+    let adjusted = end;
+    if (adjusted < bytes.length) {
+      while (adjusted > offset && (bytes[adjusted] & 192) === 128) {
+        adjusted--;
+      }
+    }
+    chunks.push(decoder.decode(bytes.slice(offset, adjusted)));
+    offset = adjusted;
+  }
+  return chunks;
+}
+function byteLength(s) {
+  return new TextEncoder().encode(s).length;
+}
+function splitAtByteLimit(text, maxSize) {
+  const bytes = new TextEncoder().encode(text);
+  const decoder = new TextDecoder();
+  const parts = [];
+  let offset = 0;
+  while (offset < bytes.length) {
+    let end = Math.min(offset + maxSize, bytes.length);
+    if (end < bytes.length) {
+      while (end > offset && (bytes[end] & 192) === 128) {
+        end--;
+      }
+    }
+    parts.push(decoder.decode(bytes.slice(offset, end)));
+    offset = end;
+  }
+  return parts;
+}
+
+// src/kdf.ts
+var import_hkdf = require("@noble/hashes/hkdf");
+var import_sha256 = require("@noble/hashes/sha256");
+var import_scrypt = require("@noble/hashes/scrypt");
+
+// src/crypto-utils.ts
+function constantTimeEqual(a, b) {
+  if (a.length !== b.length) return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++) {
+    diff |= a[i] ^ b[i];
+  }
+  return diff === 0;
+}
+function zeroize(...arrays) {
+  for (const arr of arrays) {
+    arr.fill(0);
+  }
+}
+
+// src/kdf.ts
+var ENC_INFO = new TextEncoder().encode("mdenc-v1-enc");
+var HDR_INFO = new TextEncoder().encode("mdenc-v1-hdr");
+var NONCE_INFO = new TextEncoder().encode("mdenc-v1-nonce");
+function normalizePassword(password) {
+  const normalized = password.normalize("NFKC");
+  return new TextEncoder().encode(normalized);
+}
+function deriveMasterKey(password, salt, params = DEFAULT_SCRYPT_PARAMS) {
+  const passwordBytes = normalizePassword(password);
+  try {
+    return (0, import_scrypt.scrypt)(passwordBytes, salt, {
+      N: params.N,
+      r: params.r,
+      p: params.p,
+      dkLen: 32
+    });
+  } finally {
+    zeroize(passwordBytes);
+  }
+}
+function deriveKeys(masterKey) {
+  const encKey = (0, import_hkdf.hkdf)(import_sha256.sha256, masterKey, void 0, ENC_INFO, 32);
+  const headerKey = (0, import_hkdf.hkdf)(import_sha256.sha256, masterKey, void 0, HDR_INFO, 32);
+  const nonceKey = (0, import_hkdf.hkdf)(import_sha256.sha256, masterKey, void 0, NONCE_INFO, 32);
+  return { encKey, headerKey, nonceKey };
+}
+
+// src/aead.ts
+var import_chacha = require("@noble/ciphers/chacha");
+var import_hmac = require("@noble/hashes/hmac");
+var import_sha2562 = require("@noble/hashes/sha256");
+var NONCE_LENGTH = 24;
+function buildAAD(fileId) {
+  const fileIdHex = bytesToHex(fileId);
+  const aadString = `mdenc:v1
+${fileIdHex}`;
+  return new TextEncoder().encode(aadString);
+}
+function deriveNonce(nonceKey, plaintext) {
+  const full = (0, import_hmac.hmac)(import_sha2562.sha256, nonceKey, plaintext);
+  return full.slice(0, NONCE_LENGTH);
+}
+function encryptChunk(encKey, nonceKey, plaintext, fileId) {
+  const nonce = deriveNonce(nonceKey, plaintext);
+  const aad = buildAAD(fileId);
+  const cipher = (0, import_chacha.xchacha20poly1305)(encKey, nonce, aad);
+  const ciphertext = cipher.encrypt(plaintext);
+  const result = new Uint8Array(NONCE_LENGTH + ciphertext.length);
+  result.set(nonce, 0);
+  result.set(ciphertext, NONCE_LENGTH);
+  return result;
+}
+function decryptChunk(encKey, payload, fileId) {
+  if (payload.length < NONCE_LENGTH + 16) {
+    throw new Error("Chunk payload too short");
+  }
+  const nonce = payload.slice(0, NONCE_LENGTH);
+  const ciphertext = payload.slice(NONCE_LENGTH);
+  const aad = buildAAD(fileId);
+  const cipher = (0, import_chacha.xchacha20poly1305)(encKey, nonce, aad);
+  try {
+    return cipher.decrypt(ciphertext);
+  } catch {
+    throw new Error("Chunk authentication failed");
+  }
+}
+function bytesToHex(bytes) {
+  let hex = "";
+  for (let i = 0; i < bytes.length; i++) {
+    hex += bytes[i].toString(16).padStart(2, "0");
+  }
+  return hex;
+}
+
+// src/header.ts
+var import_hmac2 = require("@noble/hashes/hmac");
+var import_sha2563 = require("@noble/hashes/sha256");
+var import_webcrypto = require("@noble/ciphers/webcrypto");
+function generateSalt() {
+  return (0, import_webcrypto.randomBytes)(16);
+}
+function generateFileId() {
+  return (0, import_webcrypto.randomBytes)(16);
+}
+function serializeHeader(header) {
+  const saltB64 = toBase64(header.salt);
+  const fileIdB64 = toBase64(header.fileId);
+  const { N, r, p } = header.scrypt;
+  return `mdenc:v1 salt_b64=${saltB64} file_id_b64=${fileIdB64} scrypt=N=${N},r=${r},p=${p}`;
+}
+function parseHeader(line) {
+  if (!line.startsWith("mdenc:v1 ")) {
+    throw new Error("Invalid header: missing mdenc:v1 prefix");
+  }
+  const saltMatch = line.match(/salt_b64=([A-Za-z0-9+/=]+)/);
+  if (!saltMatch) throw new Error("Invalid header: missing salt_b64");
+  const salt = fromBase64(saltMatch[1]);
+  if (salt.length !== 16) throw new Error("Invalid header: salt must be 16 bytes");
+  const fileIdMatch = line.match(/file_id_b64=([A-Za-z0-9+/=]+)/);
+  if (!fileIdMatch) throw new Error("Invalid header: missing file_id_b64");
+  const fileId = fromBase64(fileIdMatch[1]);
+  if (fileId.length !== 16) throw new Error("Invalid header: file_id must be 16 bytes");
+  const scryptMatch = line.match(/scrypt=N=(\d+),r=(\d+),p=(\d+)/);
+  if (!scryptMatch) throw new Error("Invalid header: missing scrypt parameters");
+  const scryptParams = {
+    N: parseInt(scryptMatch[1], 10),
+    r: parseInt(scryptMatch[2], 10),
+    p: parseInt(scryptMatch[3], 10)
+  };
+  validateScryptParams(scryptParams);
+  return { version: "v1", salt, fileId, scrypt: scryptParams };
+}
+function validateScryptParams(params) {
+  const { N, r, p } = SCRYPT_BOUNDS;
+  if (params.N < N.min || params.N > N.max) {
+    throw new Error(`Invalid scrypt N: ${params.N} (must be ${N.min}\u2013${N.max})`);
+  }
+  if (params.r < r.min || params.r > r.max) {
+    throw new Error(`Invalid scrypt r: ${params.r} (must be ${r.min}\u2013${r.max})`);
+  }
+  if (params.p < p.min || params.p > p.max) {
+    throw new Error(`Invalid scrypt p: ${params.p} (must be ${p.min}\u2013${p.max})`);
+  }
+}
+function authenticateHeader(headerKey, headerLine) {
+  const headerBytes = new TextEncoder().encode(headerLine);
+  return (0, import_hmac2.hmac)(import_sha2563.sha256, headerKey, headerBytes);
+}
+function verifyHeader(headerKey, headerLine, hmacBytes) {
+  const computed = authenticateHeader(headerKey, headerLine);
+  return constantTimeEqual(computed, hmacBytes);
+}
+function toBase64(bytes) {
+  return Buffer.from(bytes).toString("base64");
+}
+function fromBase64(b64) {
+  return new Uint8Array(Buffer.from(b64, "base64"));
+}
+
+// src/encrypt.ts
+async function encrypt(plaintext, password, options) {
+  const chunking = options?.chunking ?? "paragraph" /* Paragraph */;
+  const maxChunkSize = options?.maxChunkSize ?? 65536;
+  const scryptParams = options?.scrypt ?? DEFAULT_SCRYPT_PARAMS;
+  let chunks;
+  if (chunking === "fixed-size" /* FixedSize */) {
+    const fixedSize = options?.fixedChunkSize ?? 4096;
+    chunks = chunkByFixedSize(plaintext, fixedSize);
+  } else {
+    chunks = chunkByParagraph(plaintext, maxChunkSize);
+  }
+  let salt;
+  let fileId;
+  let masterKey;
+  const prev = options?.previousFile ? parsePreviousFileHeader(options.previousFile, password) : void 0;
+  if (prev) {
+    salt = prev.salt;
+    fileId = prev.fileId;
+    masterKey = prev.masterKey;
+  } else {
+    salt = generateSalt();
+    fileId = generateFileId();
+    masterKey = deriveMasterKey(password, salt, scryptParams);
+  }
+  const { encKey, headerKey, nonceKey } = deriveKeys(masterKey);
+  try {
+    const header = { version: "v1", salt, fileId, scrypt: scryptParams };
+    const headerLine = serializeHeader(header);
+    const headerHmac = authenticateHeader(headerKey, headerLine);
+    const headerAuthLine = `hdrauth_b64=${toBase64(headerHmac)}`;
+    const chunkLines = [];
+    for (const chunkText of chunks) {
+      const chunkBytes = new TextEncoder().encode(chunkText);
+      const payload = encryptChunk(encKey, nonceKey, chunkBytes, fileId);
+      chunkLines.push(toBase64(payload));
+    }
+    const sealInput = headerLine + "\n" + headerAuthLine + "\n" + chunkLines.join("\n");
+    const sealData = new TextEncoder().encode(sealInput);
+    const sealHmac = (0, import_hmac3.hmac)(import_sha2564.sha256, headerKey, sealData);
+    const sealLine = `seal_b64=${toBase64(sealHmac)}`;
+    return [headerLine, headerAuthLine, ...chunkLines, sealLine, ""].join("\n");
+  } finally {
+    zeroize(masterKey, encKey, headerKey, nonceKey);
+  }
+}
+async function decrypt(fileContent, password) {
+  const lines = fileContent.split("\n");
+  if (lines.length > 0 && lines[lines.length - 1] === "") {
+    lines.pop();
+  }
+  if (lines.length < 3) {
+    throw new Error("Invalid mdenc file: too few lines");
+  }
+  const headerLine = lines[0];
+  const header = parseHeader(headerLine);
+  const authLine = lines[1];
+  const authMatch = authLine.match(/^hdrauth_b64=([A-Za-z0-9+/=]+)$/);
+  if (!authMatch) {
+    throw new Error("Invalid mdenc file: missing hdrauth_b64 line");
+  }
+  const headerHmac = fromBase64(authMatch[1]);
+  const masterKey = deriveMasterKey(password, header.salt, header.scrypt);
+  const { encKey, headerKey, nonceKey } = deriveKeys(masterKey);
+  try {
+    if (!verifyHeader(headerKey, headerLine, headerHmac)) {
+      throw new Error("Header authentication failed (wrong password or tampered header)");
+    }
+    const remaining = lines.slice(2);
+    const sealIndex = remaining.findIndex((l) => l.startsWith("seal_b64="));
+    if (sealIndex < 0) {
+      throw new Error("Invalid mdenc file: missing seal");
+    }
+    const chunkLines = remaining.slice(0, sealIndex);
+    if (chunkLines.length === 0) {
+      throw new Error("Invalid mdenc file: no chunk lines");
+    }
+    const sealMatch = remaining[sealIndex].match(/^seal_b64=([A-Za-z0-9+/=]+)$/);
+    if (!sealMatch) throw new Error("Invalid mdenc file: malformed seal line");
+    const storedSealHmac = fromBase64(sealMatch[1]);
+    const sealInput = headerLine + "\n" + authLine + "\n" + chunkLines.join("\n");
+    const sealData = new TextEncoder().encode(sealInput);
+    const computedSealHmac = (0, import_hmac3.hmac)(import_sha2564.sha256, headerKey, sealData);
+    if (!constantTimeEqual(computedSealHmac, storedSealHmac)) {
+      throw new Error("Seal verification failed (file tampered or chunks reordered)");
+    }
+    const plaintextParts = [];
+    for (const line of chunkLines) {
+      const payload = fromBase64(line);
+      const decrypted = decryptChunk(encKey, payload, header.fileId);
+      plaintextParts.push(new TextDecoder().decode(decrypted));
+    }
+    return plaintextParts.join("");
+  } finally {
+    zeroize(masterKey, encKey, headerKey, nonceKey);
+  }
+}
+function parsePreviousFileHeader(fileContent, password) {
+  try {
+    const lines = fileContent.split("\n");
+    if (lines.length > 0 && lines[lines.length - 1] === "") lines.pop();
+    if (lines.length < 3) return void 0;
+    const headerLine = lines[0];
+    const header = parseHeader(headerLine);
+    const authLine = lines[1];
+    const authMatch = authLine.match(/^hdrauth_b64=([A-Za-z0-9+/=]+)$/);
+    if (!authMatch) return void 0;
+    const headerHmac = fromBase64(authMatch[1]);
+    const masterKey = deriveMasterKey(password, header.salt, header.scrypt);
+    const { headerKey } = deriveKeys(masterKey);
+    if (!verifyHeader(headerKey, headerLine, headerHmac)) {
+      zeroize(masterKey, headerKey);
+      return void 0;
+    }
+    zeroize(headerKey);
+    return { salt: header.salt, fileId: header.fileId, masterKey };
+  } catch {
+    return void 0;
+  }
+}
+
+// src/seal.ts
+var import_hmac4 = require("@noble/hashes/hmac");
+var import_sha2565 = require("@noble/hashes/sha256");
+async function verifySeal(fileContent, password) {
+  const lines = fileContent.split("\n");
+  if (lines.length > 0 && lines[lines.length - 1] === "") lines.pop();
+  if (lines.length < 3) throw new Error("Invalid mdenc file: too few lines");
+  const headerLine = lines[0];
+  const header = parseHeader(headerLine);
+  const authLine = lines[1];
+  const authMatch = authLine.match(/^hdrauth_b64=([A-Za-z0-9+/=]+)$/);
+  if (!authMatch) throw new Error("Invalid mdenc file: missing hdrauth_b64 line");
+  const headerHmac = fromBase64(authMatch[1]);
+  const masterKey = deriveMasterKey(password, header.salt, header.scrypt);
+  const { headerKey, nonceKey } = deriveKeys(masterKey);
+  try {
+    if (!verifyHeader(headerKey, headerLine, headerHmac)) {
+      throw new Error("Header authentication failed");
+    }
+    const chunkAndSealLines = lines.slice(2);
+    const sealIndex = chunkAndSealLines.findIndex((l) => l.startsWith("seal_b64="));
+    if (sealIndex < 0) {
+      throw new Error("File is not sealed: no seal_b64 line found");
+    }
+    const chunkLines = chunkAndSealLines.slice(0, sealIndex);
+    const sealMatch = chunkAndSealLines[sealIndex].match(/^seal_b64=([A-Za-z0-9+/=]+)$/);
+    if (!sealMatch) throw new Error("Invalid seal line");
+    const storedHmac = fromBase64(sealMatch[1]);
+    const sealInput = headerLine + "\n" + authLine + "\n" + chunkLines.join("\n");
+    const sealData = new TextEncoder().encode(sealInput);
+    const computed = (0, import_hmac4.hmac)(import_sha2565.sha256, headerKey, sealData);
+    return constantTimeEqual(computed, storedHmac);
+  } finally {
+    zeroize(masterKey, headerKey, nonceKey);
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ChunkingStrategy,
+  DEFAULT_SCRYPT_PARAMS,
+  decrypt,
+  encrypt,
+  verifySeal
+});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts","../src/types.ts","../src/encrypt.ts","../src/chunking.ts","../src/kdf.ts","../src/crypto-utils.ts","../src/aead.ts","../src/header.ts","../src/seal.ts"],"sourcesContent":["export type {\n  ScryptParams,\n  MdencHeader,\n  MdencChunk,\n  MdencFile,\n  EncryptOptions,\n  DecryptOptions,\n} from './types.js';\nexport { DEFAULT_SCRYPT_PARAMS, ChunkingStrategy } from './types.js';\nexport { encrypt, decrypt } from './encrypt.js';\nexport { verifySeal } from './seal.js';\n","export interface ScryptParams {\n  N: number;  // CPU/memory cost (default 16384 = 2^14, ~16 MiB with r=8)\n  r: number;  // block size (default 8)\n  p: number;  // parallelism (default 1)\n}\n\nexport const DEFAULT_SCRYPT_PARAMS: ScryptParams = {\n  N: 16384,\n  r: 8,\n  p: 1,\n};\n\nexport const SCRYPT_BOUNDS = {\n  N: { min: 1024, max: 1048576 },       // 2^10 – 2^20\n  r: { min: 1, max: 64 },\n  p: { min: 1, max: 16 },\n} as const;\n\nexport interface MdencHeader {\n  version: 'v1';\n  salt: Uint8Array;        // 16 bytes\n  fileId: Uint8Array;      // 16 bytes\n  scrypt: ScryptParams;\n}\n\nexport interface MdencChunk {\n  payload: Uint8Array;     // nonce || ciphertext || tag\n}\n\nexport interface MdencFile {\n  header: MdencHeader;\n  headerLine: string;\n  headerHmac: Uint8Array;\n  chunks: MdencChunk[];\n  sealHmac: Uint8Array;    // file-level HMAC\n}\n\nexport enum ChunkingStrategy {\n  Paragraph = 'paragraph',\n  FixedSize = 'fixed-size',\n}\n\nexport interface EncryptOptions {\n  chunking?: ChunkingStrategy;\n  maxChunkSize?: number;      // bytes, default 65536 (64 KiB)\n  fixedChunkSize?: number;    // bytes, for fixed-size chunking\n  scrypt?: ScryptParams;\n  previousFile?: string;      // previous encrypted file content for ciphertext reuse\n}\n\nexport interface DecryptOptions {\n  // Reserved for future options\n}\n","import { hmac } from '@noble/hashes/hmac';\nimport { sha256 } from '@noble/hashes/sha256';\nimport { chunkByParagraph, chunkByFixedSize } from './chunking.js';\nimport { deriveMasterKey, deriveKeys } from './kdf.js';\nimport { encryptChunk, decryptChunk } from './aead.js';\nimport {\n  serializeHeader,\n  parseHeader,\n  authenticateHeader,\n  verifyHeader,\n  generateSalt,\n  generateFileId,\n  toBase64,\n  fromBase64,\n} from './header.js';\nimport { ChunkingStrategy, DEFAULT_SCRYPT_PARAMS } from './types.js';\nimport type { EncryptOptions, MdencHeader } from './types.js';\nimport { constantTimeEqual, zeroize } from './crypto-utils.js';\n\nexport async function encrypt(\n  plaintext: string,\n  password: string,\n  options?: EncryptOptions,\n): Promise<string> {\n  const chunking = options?.chunking ?? ChunkingStrategy.Paragraph;\n  const maxChunkSize = options?.maxChunkSize ?? 65536;\n  const scryptParams = options?.scrypt ?? DEFAULT_SCRYPT_PARAMS;\n\n  // Chunk the plaintext\n  let chunks: string[];\n  if (chunking === ChunkingStrategy.FixedSize) {\n    const fixedSize = options?.fixedChunkSize ?? 4096;\n    chunks = chunkByFixedSize(plaintext, fixedSize);\n  } else {\n    chunks = chunkByParagraph(plaintext, maxChunkSize);\n  }\n\n  // If previousFile provided, extract salt/fileId/keys from its header to avoid\n  // deriving the same master key twice (same password + same salt).\n  let salt: Uint8Array;\n  let fileId: Uint8Array;\n  let masterKey: Uint8Array;\n\n  const prev = options?.previousFile\n    ? parsePreviousFileHeader(options.previousFile, password)\n    : undefined;\n\n  if (prev) {\n    salt = prev.salt;\n    fileId = prev.fileId;\n    masterKey = prev.masterKey;\n  } else {\n    salt = generateSalt();\n    fileId = generateFileId();\n    masterKey = deriveMasterKey(password, salt, scryptParams);\n  }\n\n  const { encKey, headerKey, nonceKey } = deriveKeys(masterKey);\n\n  try {\n    // Build header\n    const header: MdencHeader = { version: 'v1', salt, fileId, scrypt: scryptParams };\n    const headerLine = serializeHeader(header);\n    const headerHmac = authenticateHeader(headerKey, headerLine);\n    const headerAuthLine = `hdrauth_b64=${toBase64(headerHmac)}`;\n\n    // Encrypt chunks — deterministic encryption handles reuse automatically\n    const chunkLines: string[] = [];\n    for (const chunkText of chunks) {\n      const chunkBytes = new TextEncoder().encode(chunkText);\n      const payload = encryptChunk(encKey, nonceKey, chunkBytes, fileId);\n      chunkLines.push(toBase64(payload));\n    }\n\n    // Compute seal HMAC over header + auth + chunk lines\n    const sealInput = headerLine + '\\n' + headerAuthLine + '\\n' + chunkLines.join('\\n');\n    const sealData = new TextEncoder().encode(sealInput);\n    const sealHmac = hmac(sha256, headerKey, sealData);\n    const sealLine = `seal_b64=${toBase64(sealHmac)}`;\n\n    return [headerLine, headerAuthLine, ...chunkLines, sealLine, ''].join('\\n');\n  } finally {\n    zeroize(masterKey, encKey, headerKey, nonceKey);\n  }\n}\n\nexport async function decrypt(\n  fileContent: string,\n  password: string,\n): Promise<string> {\n  const lines = fileContent.split('\\n');\n\n  // Remove trailing empty line if present\n  if (lines.length > 0 && lines[lines.length - 1] === '') {\n    lines.pop();\n  }\n\n  if (lines.length < 3) {\n    throw new Error('Invalid mdenc file: too few lines');\n  }\n\n  // Parse header\n  const headerLine = lines[0];\n  const header = parseHeader(headerLine);\n\n  // Parse header auth\n  const authLine = lines[1];\n  const authMatch = authLine.match(/^hdrauth_b64=([A-Za-z0-9+/=]+)$/);\n  if (!authMatch) {\n    throw new Error('Invalid mdenc file: missing hdrauth_b64 line');\n  }\n  const headerHmac = fromBase64(authMatch[1]);\n\n  // Derive keys\n  const masterKey = deriveMasterKey(password, header.salt, header.scrypt);\n  const { encKey, headerKey, nonceKey } = deriveKeys(masterKey);\n\n  try {\n    // Verify header HMAC\n    if (!verifyHeader(headerKey, headerLine, headerHmac)) {\n      throw new Error('Header authentication failed (wrong password or tampered header)');\n    }\n\n    // Collect chunk lines and seal line\n    const remaining = lines.slice(2);\n    const sealIndex = remaining.findIndex(l => l.startsWith('seal_b64='));\n    if (sealIndex < 0) {\n      throw new Error('Invalid mdenc file: missing seal');\n    }\n\n    const chunkLines = remaining.slice(0, sealIndex);\n    if (chunkLines.length === 0) {\n      throw new Error('Invalid mdenc file: no chunk lines');\n    }\n\n    // Verify seal HMAC\n    const sealMatch = remaining[sealIndex].match(/^seal_b64=([A-Za-z0-9+/=]+)$/);\n    if (!sealMatch) throw new Error('Invalid mdenc file: malformed seal line');\n    const storedSealHmac = fromBase64(sealMatch[1]);\n\n    const sealInput = headerLine + '\\n' + authLine + '\\n' + chunkLines.join('\\n');\n    const sealData = new TextEncoder().encode(sealInput);\n    const computedSealHmac = hmac(sha256, headerKey, sealData);\n    if (!constantTimeEqual(computedSealHmac, storedSealHmac)) {\n      throw new Error('Seal verification failed (file tampered or chunks reordered)');\n    }\n\n    // Decrypt chunks\n    const plaintextParts: string[] = [];\n    for (const line of chunkLines) {\n      const payload = fromBase64(line);\n      const decrypted = decryptChunk(encKey, payload, header.fileId);\n      plaintextParts.push(new TextDecoder().decode(decrypted));\n    }\n\n    return plaintextParts.join('');\n  } finally {\n    zeroize(masterKey, encKey, headerKey, nonceKey);\n  }\n}\n\nfunction parsePreviousFileHeader(\n  fileContent: string,\n  password: string,\n): { salt: Uint8Array; fileId: Uint8Array; masterKey: Uint8Array } | undefined {\n  try {\n    const lines = fileContent.split('\\n');\n    if (lines.length > 0 && lines[lines.length - 1] === '') lines.pop();\n    if (lines.length < 3) return undefined;\n\n    const headerLine = lines[0];\n    const header = parseHeader(headerLine);\n\n    // Parse and verify header HMAC before trusting\n    const authLine = lines[1];\n    const authMatch = authLine.match(/^hdrauth_b64=([A-Za-z0-9+/=]+)$/);\n    if (!authMatch) return undefined;\n    const headerHmac = fromBase64(authMatch[1]);\n\n    const masterKey = deriveMasterKey(password, header.salt, header.scrypt);\n    const { headerKey } = deriveKeys(masterKey);\n\n    if (!verifyHeader(headerKey, headerLine, headerHmac)) {\n      zeroize(masterKey, headerKey);\n      return undefined;\n    }\n\n    zeroize(headerKey);\n    // Return masterKey for reuse — same password + same salt produces the same key,\n    // so the caller can skip a redundant scrypt derivation.\n    return { salt: header.salt, fileId: header.fileId, masterKey };\n  } catch {\n    return undefined;\n  }\n}\n","const DEFAULT_MAX_CHUNK_SIZE = 65536; // 64 KiB\n\nexport function chunkByParagraph(text: string, maxSize = DEFAULT_MAX_CHUNK_SIZE): string[] {\n  // Normalize line endings\n  const normalized = text.replace(/\\r\\n/g, '\\n');\n\n  if (normalized.length === 0) {\n    return [''];\n  }\n\n  // Split on runs of 2+ newlines, attaching each boundary to the preceding chunk\n  const chunks: string[] = [];\n  const boundary = /\\n{2,}/g;\n  let lastEnd = 0;\n  let match: RegExpExecArray | null;\n\n  while ((match = boundary.exec(normalized)) !== null) {\n    // Content up to and including the boundary goes to the preceding chunk\n    const chunkEnd = match.index + match[0].length;\n    chunks.push(normalized.slice(lastEnd, chunkEnd));\n    lastEnd = chunkEnd;\n  }\n\n  // Remaining content after the last boundary (or the entire string if no boundary)\n  if (lastEnd < normalized.length) {\n    chunks.push(normalized.slice(lastEnd));\n  } else if (chunks.length === 0) {\n    // No boundaries found and nothing remaining — shouldn't happen since we checked length > 0\n    chunks.push(normalized);\n  }\n\n  // Split any oversized chunks at byte boundaries\n  const result: string[] = [];\n  for (const chunk of chunks) {\n    if (byteLength(chunk) <= maxSize) {\n      result.push(chunk);\n    } else {\n      result.push(...splitAtByteLimit(chunk, maxSize));\n    }\n  }\n\n  return result;\n}\n\nexport function chunkByFixedSize(text: string, size: number): string[] {\n  const normalized = text.replace(/\\r\\n/g, '\\n');\n\n  if (normalized.length === 0) {\n    return [''];\n  }\n\n  const bytes = new TextEncoder().encode(normalized);\n  if (bytes.length <= size) {\n    return [normalized];\n  }\n\n  const chunks: string[] = [];\n  const decoder = new TextDecoder();\n  let offset = 0;\n  while (offset < bytes.length) {\n    const end = Math.min(offset + size, bytes.length);\n    // Avoid splitting in the middle of a multi-byte UTF-8 character\n    let adjusted = end;\n    if (adjusted < bytes.length) {\n      while (adjusted > offset && (bytes[adjusted] & 0xc0) === 0x80) {\n        adjusted--;\n      }\n    }\n    chunks.push(decoder.decode(bytes.slice(offset, adjusted)));\n    offset = adjusted;\n  }\n\n  return chunks;\n}\n\nfunction byteLength(s: string): number {\n  return new TextEncoder().encode(s).length;\n}\n\nfunction splitAtByteLimit(text: string, maxSize: number): string[] {\n  const bytes = new TextEncoder().encode(text);\n  const decoder = new TextDecoder();\n  const parts: string[] = [];\n  let offset = 0;\n  while (offset < bytes.length) {\n    let end = Math.min(offset + maxSize, bytes.length);\n    // Avoid splitting multi-byte characters\n    if (end < bytes.length) {\n      while (end > offset && (bytes[end] & 0xc0) === 0x80) {\n        end--;\n      }\n    }\n    parts.push(decoder.decode(bytes.slice(offset, end)));\n    offset = end;\n  }\n  return parts;\n}\n","import { hkdf } from '@noble/hashes/hkdf';\nimport { sha256 } from '@noble/hashes/sha256';\nimport { scrypt } from '@noble/hashes/scrypt';\nimport type { ScryptParams } from './types.js';\nimport { DEFAULT_SCRYPT_PARAMS } from './types.js';\nimport { zeroize } from './crypto-utils.js';\n\nconst ENC_INFO = new TextEncoder().encode('mdenc-v1-enc');\nconst HDR_INFO = new TextEncoder().encode('mdenc-v1-hdr');\nconst NONCE_INFO = new TextEncoder().encode('mdenc-v1-nonce');\n\nexport function normalizePassword(password: string): Uint8Array {\n  const normalized = password.normalize('NFKC');\n  return new TextEncoder().encode(normalized);\n}\n\nexport function deriveMasterKey(\n  password: string,\n  salt: Uint8Array,\n  params: ScryptParams = DEFAULT_SCRYPT_PARAMS,\n): Uint8Array {\n  const passwordBytes = normalizePassword(password);\n  try {\n    return scrypt(passwordBytes, salt, {\n      N: params.N,\n      r: params.r,\n      p: params.p,\n      dkLen: 32,\n    });\n  } finally {\n    zeroize(passwordBytes);\n  }\n}\n\nexport function deriveKeys(masterKey: Uint8Array): { encKey: Uint8Array; headerKey: Uint8Array; nonceKey: Uint8Array } {\n  const encKey = hkdf(sha256, masterKey, undefined, ENC_INFO, 32);\n  const headerKey = hkdf(sha256, masterKey, undefined, HDR_INFO, 32);\n  const nonceKey = hkdf(sha256, masterKey, undefined, NONCE_INFO, 32);\n  return { encKey, headerKey, nonceKey };\n}\n","export function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {\n  if (a.length !== b.length) return false;\n  let diff = 0;\n  for (let i = 0; i < a.length; i++) {\n    diff |= a[i] ^ b[i];\n  }\n  return diff === 0;\n}\n\nexport function zeroize(...arrays: Uint8Array[]): void {\n  for (const arr of arrays) {\n    arr.fill(0);\n  }\n}\n","import { xchacha20poly1305 } from '@noble/ciphers/chacha';\nimport { hmac } from '@noble/hashes/hmac';\nimport { sha256 } from '@noble/hashes/sha256';\n\nconst NONCE_LENGTH = 24;\n\nexport function buildAAD(fileId: Uint8Array): Uint8Array {\n  const fileIdHex = bytesToHex(fileId);\n  const aadString = `mdenc:v1\\n${fileIdHex}`;\n  return new TextEncoder().encode(aadString);\n}\n\nexport function deriveNonce(nonceKey: Uint8Array, plaintext: Uint8Array): Uint8Array {\n  const full = hmac(sha256, nonceKey, plaintext);\n  return full.slice(0, NONCE_LENGTH);\n}\n\nexport function encryptChunk(\n  encKey: Uint8Array,\n  nonceKey: Uint8Array,\n  plaintext: Uint8Array,\n  fileId: Uint8Array,\n): Uint8Array {\n  const nonce = deriveNonce(nonceKey, plaintext);\n  const aad = buildAAD(fileId);\n  const cipher = xchacha20poly1305(encKey, nonce, aad);\n  const ciphertext = cipher.encrypt(plaintext);\n  // Output: nonce || ciphertext || tag (tag is appended by noble)\n  const result = new Uint8Array(NONCE_LENGTH + ciphertext.length);\n  result.set(nonce, 0);\n  result.set(ciphertext, NONCE_LENGTH);\n  return result;\n}\n\nexport function decryptChunk(\n  encKey: Uint8Array,\n  payload: Uint8Array,\n  fileId: Uint8Array,\n): Uint8Array {\n  if (payload.length < NONCE_LENGTH + 16) {\n    throw new Error('Chunk payload too short');\n  }\n  const nonce = payload.slice(0, NONCE_LENGTH);\n  const ciphertext = payload.slice(NONCE_LENGTH);\n  const aad = buildAAD(fileId);\n  const cipher = xchacha20poly1305(encKey, nonce, aad);\n  try {\n    return cipher.decrypt(ciphertext);\n  } catch {\n    throw new Error('Chunk authentication failed');\n  }\n}\n\nfunction bytesToHex(bytes: Uint8Array): string {\n  let hex = '';\n  for (let i = 0; i < bytes.length; i++) {\n    hex += bytes[i].toString(16).padStart(2, '0');\n  }\n  return hex;\n}\n","import { hmac } from '@noble/hashes/hmac';\nimport { sha256 } from '@noble/hashes/sha256';\nimport { randomBytes } from '@noble/ciphers/webcrypto';\nimport type { MdencHeader, ScryptParams } from './types.js';\nimport { SCRYPT_BOUNDS } from './types.js';\nimport { constantTimeEqual } from './crypto-utils.js';\n\nexport function generateSalt(): Uint8Array {\n  return randomBytes(16);\n}\n\nexport function generateFileId(): Uint8Array {\n  return randomBytes(16);\n}\n\nexport function serializeHeader(header: MdencHeader): string {\n  const saltB64 = toBase64(header.salt);\n  const fileIdB64 = toBase64(header.fileId);\n  const { N, r, p } = header.scrypt;\n  return `mdenc:v1 salt_b64=${saltB64} file_id_b64=${fileIdB64} scrypt=N=${N},r=${r},p=${p}`;\n}\n\nexport function parseHeader(line: string): MdencHeader {\n  if (!line.startsWith('mdenc:v1 ')) {\n    throw new Error('Invalid header: missing mdenc:v1 prefix');\n  }\n\n  const saltMatch = line.match(/salt_b64=([A-Za-z0-9+/=]+)/);\n  if (!saltMatch) throw new Error('Invalid header: missing salt_b64');\n  const salt = fromBase64(saltMatch[1]);\n  if (salt.length !== 16) throw new Error('Invalid header: salt must be 16 bytes');\n\n  const fileIdMatch = line.match(/file_id_b64=([A-Za-z0-9+/=]+)/);\n  if (!fileIdMatch) throw new Error('Invalid header: missing file_id_b64');\n  const fileId = fromBase64(fileIdMatch[1]);\n  if (fileId.length !== 16) throw new Error('Invalid header: file_id must be 16 bytes');\n\n  const scryptMatch = line.match(/scrypt=N=(\\d+),r=(\\d+),p=(\\d+)/);\n  if (!scryptMatch) throw new Error('Invalid header: missing scrypt parameters');\n  const scryptParams: ScryptParams = {\n    N: parseInt(scryptMatch[1], 10),\n    r: parseInt(scryptMatch[2], 10),\n    p: parseInt(scryptMatch[3], 10),\n  };\n\n  validateScryptParams(scryptParams);\n\n  return { version: 'v1', salt, fileId, scrypt: scryptParams };\n}\n\nexport function validateScryptParams(params: ScryptParams): void {\n  const { N, r, p } = SCRYPT_BOUNDS;\n  if (params.N < N.min || params.N > N.max) {\n    throw new Error(`Invalid scrypt N: ${params.N} (must be ${N.min}–${N.max})`);\n  }\n  if (params.r < r.min || params.r > r.max) {\n    throw new Error(`Invalid scrypt r: ${params.r} (must be ${r.min}–${r.max})`);\n  }\n  if (params.p < p.min || params.p > p.max) {\n    throw new Error(`Invalid scrypt p: ${params.p} (must be ${p.min}–${p.max})`);\n  }\n}\n\nexport function authenticateHeader(headerKey: Uint8Array, headerLine: string): Uint8Array {\n  const headerBytes = new TextEncoder().encode(headerLine);\n  return hmac(sha256, headerKey, headerBytes);\n}\n\nexport function verifyHeader(\n  headerKey: Uint8Array,\n  headerLine: string,\n  hmacBytes: Uint8Array,\n): boolean {\n  const computed = authenticateHeader(headerKey, headerLine);\n  return constantTimeEqual(computed, hmacBytes);\n}\n\nexport function toBase64(bytes: Uint8Array): string {\n  return Buffer.from(bytes).toString('base64');\n}\n\nexport function fromBase64(b64: string): Uint8Array {\n  return new Uint8Array(Buffer.from(b64, 'base64'));\n}\n","import { hmac } from '@noble/hashes/hmac';\nimport { sha256 } from '@noble/hashes/sha256';\nimport { deriveMasterKey, deriveKeys } from './kdf.js';\nimport {\n  parseHeader,\n  verifyHeader,\n  fromBase64,\n} from './header.js';\nimport { constantTimeEqual, zeroize } from './crypto-utils.js';\n\nexport async function verifySeal(\n  fileContent: string,\n  password: string,\n): Promise<boolean> {\n  const lines = fileContent.split('\\n');\n  if (lines.length > 0 && lines[lines.length - 1] === '') lines.pop();\n  if (lines.length < 3) throw new Error('Invalid mdenc file: too few lines');\n\n  const headerLine = lines[0];\n  const header = parseHeader(headerLine);\n\n  // Parse header auth\n  const authLine = lines[1];\n  const authMatch = authLine.match(/^hdrauth_b64=([A-Za-z0-9+/=]+)$/);\n  if (!authMatch) throw new Error('Invalid mdenc file: missing hdrauth_b64 line');\n  const headerHmac = fromBase64(authMatch[1]);\n\n  // Derive keys\n  const masterKey = deriveMasterKey(password, header.salt, header.scrypt);\n  const { headerKey, nonceKey } = deriveKeys(masterKey);\n\n  try {\n    // Verify header\n    if (!verifyHeader(headerKey, headerLine, headerHmac)) {\n      throw new Error('Header authentication failed');\n    }\n\n    // Find seal line\n    const chunkAndSealLines = lines.slice(2);\n    const sealIndex = chunkAndSealLines.findIndex(l => l.startsWith('seal_b64='));\n    if (sealIndex < 0) {\n      throw new Error('File is not sealed: no seal_b64 line found');\n    }\n\n    const chunkLines = chunkAndSealLines.slice(0, sealIndex);\n    const sealMatch = chunkAndSealLines[sealIndex].match(/^seal_b64=([A-Za-z0-9+/=]+)$/);\n    if (!sealMatch) throw new Error('Invalid seal line');\n    const storedHmac = fromBase64(sealMatch[1]);\n\n    // Verify seal HMAC (covers header + auth + chunk lines)\n    const sealInput = headerLine + '\\n' + authLine + '\\n' + chunkLines.join('\\n');\n    const sealData = new TextEncoder().encode(sealInput);\n    const computed = hmac(sha256, headerKey, sealData);\n\n    return constantTimeEqual(computed, storedHmac);\n  } finally {\n    zeroize(masterKey, headerKey, nonceKey);\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACMO,IAAM,wBAAsC;AAAA,EACjD,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AACL;AAEO,IAAM,gBAAgB;AAAA,EAC3B,GAAG,EAAE,KAAK,MAAM,KAAK,QAAQ;AAAA;AAAA,EAC7B,GAAG,EAAE,KAAK,GAAG,KAAK,GAAG;AAAA,EACrB,GAAG,EAAE,KAAK,GAAG,KAAK,GAAG;AACvB;AAqBO,IAAK,mBAAL,kBAAKA,sBAAL;AACL,EAAAA,kBAAA,eAAY;AACZ,EAAAA,kBAAA,eAAY;AAFF,SAAAA;AAAA,GAAA;;;ACrCZ,IAAAC,eAAqB;AACrB,IAAAC,iBAAuB;;;ACDvB,IAAM,yBAAyB;AAExB,SAAS,iBAAiB,MAAc,UAAU,wBAAkC;AAEzF,QAAM,aAAa,KAAK,QAAQ,SAAS,IAAI;AAE7C,MAAI,WAAW,WAAW,GAAG;AAC3B,WAAO,CAAC,EAAE;AAAA,EACZ;AAGA,QAAM,SAAmB,CAAC;AAC1B,QAAM,WAAW;AACjB,MAAI,UAAU;AACd,MAAI;AAEJ,UAAQ,QAAQ,SAAS,KAAK,UAAU,OAAO,MAAM;AAEnD,UAAM,WAAW,MAAM,QAAQ,MAAM,CAAC,EAAE;AACxC,WAAO,KAAK,WAAW,MAAM,SAAS,QAAQ,CAAC;AAC/C,cAAU;AAAA,EACZ;AAGA,MAAI,UAAU,WAAW,QAAQ;AAC/B,WAAO,KAAK,WAAW,MAAM,OAAO,CAAC;AAAA,EACvC,WAAW,OAAO,WAAW,GAAG;AAE9B,WAAO,KAAK,UAAU;AAAA,EACxB;AAGA,QAAM,SAAmB,CAAC;AAC1B,aAAW,SAAS,QAAQ;AAC1B,QAAI,WAAW,KAAK,KAAK,SAAS;AAChC,aAAO,KAAK,KAAK;AAAA,IACnB,OAAO;AACL,aAAO,KAAK,GAAG,iBAAiB,OAAO,OAAO,CAAC;AAAA,IACjD;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,iBAAiB,MAAc,MAAwB;AACrE,QAAM,aAAa,KAAK,QAAQ,SAAS,IAAI;AAE7C,MAAI,WAAW,WAAW,GAAG;AAC3B,WAAO,CAAC,EAAE;AAAA,EACZ;AAEA,QAAM,QAAQ,IAAI,YAAY,EAAE,OAAO,UAAU;AACjD,MAAI,MAAM,UAAU,MAAM;AACxB,WAAO,CAAC,UAAU;AAAA,EACpB;AAEA,QAAM,SAAmB,CAAC;AAC1B,QAAM,UAAU,IAAI,YAAY;AAChC,MAAI,SAAS;AACb,SAAO,SAAS,MAAM,QAAQ;AAC5B,UAAM,MAAM,KAAK,IAAI,SAAS,MAAM,MAAM,MAAM;AAEhD,QAAI,WAAW;AACf,QAAI,WAAW,MAAM,QAAQ;AAC3B,aAAO,WAAW,WAAW,MAAM,QAAQ,IAAI,SAAU,KAAM;AAC7D;AAAA,MACF;AAAA,IACF;AACA,WAAO,KAAK,QAAQ,OAAO,MAAM,MAAM,QAAQ,QAAQ,CAAC,CAAC;AACzD,aAAS;AAAA,EACX;AAEA,SAAO;AACT;AAEA,SAAS,WAAW,GAAmB;AACrC,SAAO,IAAI,YAAY,EAAE,OAAO,CAAC,EAAE;AACrC;AAEA,SAAS,iBAAiB,MAAc,SAA2B;AACjE,QAAM,QAAQ,IAAI,YAAY,EAAE,OAAO,IAAI;AAC3C,QAAM,UAAU,IAAI,YAAY;AAChC,QAAM,QAAkB,CAAC;AACzB,MAAI,SAAS;AACb,SAAO,SAAS,MAAM,QAAQ;AAC5B,QAAI,MAAM,KAAK,IAAI,SAAS,SAAS,MAAM,MAAM;AAEjD,QAAI,MAAM,MAAM,QAAQ;AACtB,aAAO,MAAM,WAAW,MAAM,GAAG,IAAI,SAAU,KAAM;AACnD;AAAA,MACF;AAAA,IACF;AACA,UAAM,KAAK,QAAQ,OAAO,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC;AACnD,aAAS;AAAA,EACX;AACA,SAAO;AACT;;;AChGA,kBAAqB;AACrB,oBAAuB;AACvB,oBAAuB;;;ACFhB,SAAS,kBAAkB,GAAe,GAAwB;AACvE,MAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,MAAI,OAAO;AACX,WAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,KAAK;AACjC,YAAQ,EAAE,CAAC,IAAI,EAAE,CAAC;AAAA,EACpB;AACA,SAAO,SAAS;AAClB;AAEO,SAAS,WAAW,QAA4B;AACrD,aAAW,OAAO,QAAQ;AACxB,QAAI,KAAK,CAAC;AAAA,EACZ;AACF;;;ADNA,IAAM,WAAW,IAAI,YAAY,EAAE,OAAO,cAAc;AACxD,IAAM,WAAW,IAAI,YAAY,EAAE,OAAO,cAAc;AACxD,IAAM,aAAa,IAAI,YAAY,EAAE,OAAO,gBAAgB;AAErD,SAAS,kBAAkB,UAA8B;AAC9D,QAAM,aAAa,SAAS,UAAU,MAAM;AAC5C,SAAO,IAAI,YAAY,EAAE,OAAO,UAAU;AAC5C;AAEO,SAAS,gBACd,UACA,MACA,SAAuB,uBACX;AACZ,QAAM,gBAAgB,kBAAkB,QAAQ;AAChD,MAAI;AACF,eAAO,sBAAO,eAAe,MAAM;AAAA,MACjC,GAAG,OAAO;AAAA,MACV,GAAG,OAAO;AAAA,MACV,GAAG,OAAO;AAAA,MACV,OAAO;AAAA,IACT,CAAC;AAAA,EACH,UAAE;AACA,YAAQ,aAAa;AAAA,EACvB;AACF;AAEO,SAAS,WAAW,WAA4F;AACrH,QAAM,aAAS,kBAAK,sBAAQ,WAAW,QAAW,UAAU,EAAE;AAC9D,QAAM,gBAAY,kBAAK,sBAAQ,WAAW,QAAW,UAAU,EAAE;AACjE,QAAM,eAAW,kBAAK,sBAAQ,WAAW,QAAW,YAAY,EAAE;AAClE,SAAO,EAAE,QAAQ,WAAW,SAAS;AACvC;;;AEvCA,oBAAkC;AAClC,kBAAqB;AACrB,IAAAC,iBAAuB;AAEvB,IAAM,eAAe;AAEd,SAAS,SAAS,QAAgC;AACvD,QAAM,YAAY,WAAW,MAAM;AACnC,QAAM,YAAY;AAAA,EAAa,SAAS;AACxC,SAAO,IAAI,YAAY,EAAE,OAAO,SAAS;AAC3C;AAEO,SAAS,YAAY,UAAsB,WAAmC;AACnF,QAAM,WAAO,kBAAK,uBAAQ,UAAU,SAAS;AAC7C,SAAO,KAAK,MAAM,GAAG,YAAY;AACnC;AAEO,SAAS,aACd,QACA,UACA,WACA,QACY;AACZ,QAAM,QAAQ,YAAY,UAAU,SAAS;AAC7C,QAAM,MAAM,SAAS,MAAM;AAC3B,QAAM,aAAS,iCAAkB,QAAQ,OAAO,GAAG;AACnD,QAAM,aAAa,OAAO,QAAQ,SAAS;AAE3C,QAAM,SAAS,IAAI,WAAW,eAAe,WAAW,MAAM;AAC9D,SAAO,IAAI,OAAO,CAAC;AACnB,SAAO,IAAI,YAAY,YAAY;AACnC,SAAO;AACT;AAEO,SAAS,aACd,QACA,SACA,QACY;AACZ,MAAI,QAAQ,SAAS,eAAe,IAAI;AACtC,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AACA,QAAM,QAAQ,QAAQ,MAAM,GAAG,YAAY;AAC3C,QAAM,aAAa,QAAQ,MAAM,YAAY;AAC7C,QAAM,MAAM,SAAS,MAAM;AAC3B,QAAM,aAAS,iCAAkB,QAAQ,OAAO,GAAG;AACnD,MAAI;AACF,WAAO,OAAO,QAAQ,UAAU;AAAA,EAClC,QAAQ;AACN,UAAM,IAAI,MAAM,6BAA6B;AAAA,EAC/C;AACF;AAEA,SAAS,WAAW,OAA2B;AAC7C,MAAI,MAAM;AACV,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,WAAO,MAAM,CAAC,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AAAA,EAC9C;AACA,SAAO;AACT;;;AC3DA,IAAAC,eAAqB;AACrB,IAAAC,iBAAuB;AACvB,uBAA4B;AAKrB,SAAS,eAA2B;AACzC,aAAO,8BAAY,EAAE;AACvB;AAEO,SAAS,iBAA6B;AAC3C,aAAO,8BAAY,EAAE;AACvB;AAEO,SAAS,gBAAgB,QAA6B;AAC3D,QAAM,UAAU,SAAS,OAAO,IAAI;AACpC,QAAM,YAAY,SAAS,OAAO,MAAM;AACxC,QAAM,EAAE,GAAG,GAAG,EAAE,IAAI,OAAO;AAC3B,SAAO,qBAAqB,OAAO,gBAAgB,SAAS,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC;AAC1F;AAEO,SAAS,YAAY,MAA2B;AACrD,MAAI,CAAC,KAAK,WAAW,WAAW,GAAG;AACjC,UAAM,IAAI,MAAM,yCAAyC;AAAA,EAC3D;AAEA,QAAM,YAAY,KAAK,MAAM,4BAA4B;AACzD,MAAI,CAAC,UAAW,OAAM,IAAI,MAAM,kCAAkC;AAClE,QAAM,OAAO,WAAW,UAAU,CAAC,CAAC;AACpC,MAAI,KAAK,WAAW,GAAI,OAAM,IAAI,MAAM,uCAAuC;AAE/E,QAAM,cAAc,KAAK,MAAM,+BAA+B;AAC9D,MAAI,CAAC,YAAa,OAAM,IAAI,MAAM,qCAAqC;AACvE,QAAM,SAAS,WAAW,YAAY,CAAC,CAAC;AACxC,MAAI,OAAO,WAAW,GAAI,OAAM,IAAI,MAAM,0CAA0C;AAEpF,QAAM,cAAc,KAAK,MAAM,gCAAgC;AAC/D,MAAI,CAAC,YAAa,OAAM,IAAI,MAAM,2CAA2C;AAC7E,QAAM,eAA6B;AAAA,IACjC,GAAG,SAAS,YAAY,CAAC,GAAG,EAAE;AAAA,IAC9B,GAAG,SAAS,YAAY,CAAC,GAAG,EAAE;AAAA,IAC9B,GAAG,SAAS,YAAY,CAAC,GAAG,EAAE;AAAA,EAChC;AAEA,uBAAqB,YAAY;AAEjC,SAAO,EAAE,SAAS,MAAM,MAAM,QAAQ,QAAQ,aAAa;AAC7D;AAEO,SAAS,qBAAqB,QAA4B;AAC/D,QAAM,EAAE,GAAG,GAAG,EAAE,IAAI;AACpB,MAAI,OAAO,IAAI,EAAE,OAAO,OAAO,IAAI,EAAE,KAAK;AACxC,UAAM,IAAI,MAAM,qBAAqB,OAAO,CAAC,aAAa,EAAE,GAAG,SAAI,EAAE,GAAG,GAAG;AAAA,EAC7E;AACA,MAAI,OAAO,IAAI,EAAE,OAAO,OAAO,IAAI,EAAE,KAAK;AACxC,UAAM,IAAI,MAAM,qBAAqB,OAAO,CAAC,aAAa,EAAE,GAAG,SAAI,EAAE,GAAG,GAAG;AAAA,EAC7E;AACA,MAAI,OAAO,IAAI,EAAE,OAAO,OAAO,IAAI,EAAE,KAAK;AACxC,UAAM,IAAI,MAAM,qBAAqB,OAAO,CAAC,aAAa,EAAE,GAAG,SAAI,EAAE,GAAG,GAAG;AAAA,EAC7E;AACF;AAEO,SAAS,mBAAmB,WAAuB,YAAgC;AACxF,QAAM,cAAc,IAAI,YAAY,EAAE,OAAO,UAAU;AACvD,aAAO,mBAAK,uBAAQ,WAAW,WAAW;AAC5C;AAEO,SAAS,aACd,WACA,YACA,WACS;AACT,QAAM,WAAW,mBAAmB,WAAW,UAAU;AACzD,SAAO,kBAAkB,UAAU,SAAS;AAC9C;AAEO,SAAS,SAAS,OAA2B;AAClD,SAAO,OAAO,KAAK,KAAK,EAAE,SAAS,QAAQ;AAC7C;AAEO,SAAS,WAAW,KAAyB;AAClD,SAAO,IAAI,WAAW,OAAO,KAAK,KAAK,QAAQ,CAAC;AAClD;;;ALhEA,eAAsB,QACpB,WACA,UACA,SACiB;AACjB,QAAM,WAAW,SAAS;AAC1B,QAAM,eAAe,SAAS,gBAAgB;AAC9C,QAAM,eAAe,SAAS,UAAU;AAGxC,MAAI;AACJ,MAAI,2CAAyC;AAC3C,UAAM,YAAY,SAAS,kBAAkB;AAC7C,aAAS,iBAAiB,WAAW,SAAS;AAAA,EAChD,OAAO;AACL,aAAS,iBAAiB,WAAW,YAAY;AAAA,EACnD;AAIA,MAAI;AACJ,MAAI;AACJ,MAAI;AAEJ,QAAM,OAAO,SAAS,eAClB,wBAAwB,QAAQ,cAAc,QAAQ,IACtD;AAEJ,MAAI,MAAM;AACR,WAAO,KAAK;AACZ,aAAS,KAAK;AACd,gBAAY,KAAK;AAAA,EACnB,OAAO;AACL,WAAO,aAAa;AACpB,aAAS,eAAe;AACxB,gBAAY,gBAAgB,UAAU,MAAM,YAAY;AAAA,EAC1D;AAEA,QAAM,EAAE,QAAQ,WAAW,SAAS,IAAI,WAAW,SAAS;AAE5D,MAAI;AAEF,UAAM,SAAsB,EAAE,SAAS,MAAM,MAAM,QAAQ,QAAQ,aAAa;AAChF,UAAM,aAAa,gBAAgB,MAAM;AACzC,UAAM,aAAa,mBAAmB,WAAW,UAAU;AAC3D,UAAM,iBAAiB,eAAe,SAAS,UAAU,CAAC;AAG1D,UAAM,aAAuB,CAAC;AAC9B,eAAW,aAAa,QAAQ;AAC9B,YAAM,aAAa,IAAI,YAAY,EAAE,OAAO,SAAS;AACrD,YAAM,UAAU,aAAa,QAAQ,UAAU,YAAY,MAAM;AACjE,iBAAW,KAAK,SAAS,OAAO,CAAC;AAAA,IACnC;AAGA,UAAM,YAAY,aAAa,OAAO,iBAAiB,OAAO,WAAW,KAAK,IAAI;AAClF,UAAM,WAAW,IAAI,YAAY,EAAE,OAAO,SAAS;AACnD,UAAM,eAAW,mBAAK,uBAAQ,WAAW,QAAQ;AACjD,UAAM,WAAW,YAAY,SAAS,QAAQ,CAAC;AAE/C,WAAO,CAAC,YAAY,gBAAgB,GAAG,YAAY,UAAU,EAAE,EAAE,KAAK,IAAI;AAAA,EAC5E,UAAE;AACA,YAAQ,WAAW,QAAQ,WAAW,QAAQ;AAAA,EAChD;AACF;AAEA,eAAsB,QACpB,aACA,UACiB;AACjB,QAAM,QAAQ,YAAY,MAAM,IAAI;AAGpC,MAAI,MAAM,SAAS,KAAK,MAAM,MAAM,SAAS,CAAC,MAAM,IAAI;AACtD,UAAM,IAAI;AAAA,EACZ;AAEA,MAAI,MAAM,SAAS,GAAG;AACpB,UAAM,IAAI,MAAM,mCAAmC;AAAA,EACrD;AAGA,QAAM,aAAa,MAAM,CAAC;AAC1B,QAAM,SAAS,YAAY,UAAU;AAGrC,QAAM,WAAW,MAAM,CAAC;AACxB,QAAM,YAAY,SAAS,MAAM,iCAAiC;AAClE,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,MAAM,8CAA8C;AAAA,EAChE;AACA,QAAM,aAAa,WAAW,UAAU,CAAC,CAAC;AAG1C,QAAM,YAAY,gBAAgB,UAAU,OAAO,MAAM,OAAO,MAAM;AACtE,QAAM,EAAE,QAAQ,WAAW,SAAS,IAAI,WAAW,SAAS;AAE5D,MAAI;AAEF,QAAI,CAAC,aAAa,WAAW,YAAY,UAAU,GAAG;AACpD,YAAM,IAAI,MAAM,kEAAkE;AAAA,IACpF;AAGA,UAAM,YAAY,MAAM,MAAM,CAAC;AAC/B,UAAM,YAAY,UAAU,UAAU,OAAK,EAAE,WAAW,WAAW,CAAC;AACpE,QAAI,YAAY,GAAG;AACjB,YAAM,IAAI,MAAM,kCAAkC;AAAA,IACpD;AAEA,UAAM,aAAa,UAAU,MAAM,GAAG,SAAS;AAC/C,QAAI,WAAW,WAAW,GAAG;AAC3B,YAAM,IAAI,MAAM,oCAAoC;AAAA,IACtD;AAGA,UAAM,YAAY,UAAU,SAAS,EAAE,MAAM,8BAA8B;AAC3E,QAAI,CAAC,UAAW,OAAM,IAAI,MAAM,yCAAyC;AACzE,UAAM,iBAAiB,WAAW,UAAU,CAAC,CAAC;AAE9C,UAAM,YAAY,aAAa,OAAO,WAAW,OAAO,WAAW,KAAK,IAAI;AAC5E,UAAM,WAAW,IAAI,YAAY,EAAE,OAAO,SAAS;AACnD,UAAM,uBAAmB,mBAAK,uBAAQ,WAAW,QAAQ;AACzD,QAAI,CAAC,kBAAkB,kBAAkB,cAAc,GAAG;AACxD,YAAM,IAAI,MAAM,8DAA8D;AAAA,IAChF;AAGA,UAAM,iBAA2B,CAAC;AAClC,eAAW,QAAQ,YAAY;AAC7B,YAAM,UAAU,WAAW,IAAI;AAC/B,YAAM,YAAY,aAAa,QAAQ,SAAS,OAAO,MAAM;AAC7D,qBAAe,KAAK,IAAI,YAAY,EAAE,OAAO,SAAS,CAAC;AAAA,IACzD;AAEA,WAAO,eAAe,KAAK,EAAE;AAAA,EAC/B,UAAE;AACA,YAAQ,WAAW,QAAQ,WAAW,QAAQ;AAAA,EAChD;AACF;AAEA,SAAS,wBACP,aACA,UAC6E;AAC7E,MAAI;AACF,UAAM,QAAQ,YAAY,MAAM,IAAI;AACpC,QAAI,MAAM,SAAS,KAAK,MAAM,MAAM,SAAS,CAAC,MAAM,GAAI,OAAM,IAAI;AAClE,QAAI,MAAM,SAAS,EAAG,QAAO;AAE7B,UAAM,aAAa,MAAM,CAAC;AAC1B,UAAM,SAAS,YAAY,UAAU;AAGrC,UAAM,WAAW,MAAM,CAAC;AACxB,UAAM,YAAY,SAAS,MAAM,iCAAiC;AAClE,QAAI,CAAC,UAAW,QAAO;AACvB,UAAM,aAAa,WAAW,UAAU,CAAC,CAAC;AAE1C,UAAM,YAAY,gBAAgB,UAAU,OAAO,MAAM,OAAO,MAAM;AACtE,UAAM,EAAE,UAAU,IAAI,WAAW,SAAS;AAE1C,QAAI,CAAC,aAAa,WAAW,YAAY,UAAU,GAAG;AACpD,cAAQ,WAAW,SAAS;AAC5B,aAAO;AAAA,IACT;AAEA,YAAQ,SAAS;AAGjB,WAAO,EAAE,MAAM,OAAO,MAAM,QAAQ,OAAO,QAAQ,UAAU;AAAA,EAC/D,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;AMlMA,IAAAC,eAAqB;AACrB,IAAAC,iBAAuB;AASvB,eAAsB,WACpB,aACA,UACkB;AAClB,QAAM,QAAQ,YAAY,MAAM,IAAI;AACpC,MAAI,MAAM,SAAS,KAAK,MAAM,MAAM,SAAS,CAAC,MAAM,GAAI,OAAM,IAAI;AAClE,MAAI,MAAM,SAAS,EAAG,OAAM,IAAI,MAAM,mCAAmC;AAEzE,QAAM,aAAa,MAAM,CAAC;AAC1B,QAAM,SAAS,YAAY,UAAU;AAGrC,QAAM,WAAW,MAAM,CAAC;AACxB,QAAM,YAAY,SAAS,MAAM,iCAAiC;AAClE,MAAI,CAAC,UAAW,OAAM,IAAI,MAAM,8CAA8C;AAC9E,QAAM,aAAa,WAAW,UAAU,CAAC,CAAC;AAG1C,QAAM,YAAY,gBAAgB,UAAU,OAAO,MAAM,OAAO,MAAM;AACtE,QAAM,EAAE,WAAW,SAAS,IAAI,WAAW,SAAS;AAEpD,MAAI;AAEF,QAAI,CAAC,aAAa,WAAW,YAAY,UAAU,GAAG;AACpD,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAChD;AAGA,UAAM,oBAAoB,MAAM,MAAM,CAAC;AACvC,UAAM,YAAY,kBAAkB,UAAU,OAAK,EAAE,WAAW,WAAW,CAAC;AAC5E,QAAI,YAAY,GAAG;AACjB,YAAM,IAAI,MAAM,4CAA4C;AAAA,IAC9D;AAEA,UAAM,aAAa,kBAAkB,MAAM,GAAG,SAAS;AACvD,UAAM,YAAY,kBAAkB,SAAS,EAAE,MAAM,8BAA8B;AACnF,QAAI,CAAC,UAAW,OAAM,IAAI,MAAM,mBAAmB;AACnD,UAAM,aAAa,WAAW,UAAU,CAAC,CAAC;AAG1C,UAAM,YAAY,aAAa,OAAO,WAAW,OAAO,WAAW,KAAK,IAAI;AAC5E,UAAM,WAAW,IAAI,YAAY,EAAE,OAAO,SAAS;AACnD,UAAM,eAAW,mBAAK,uBAAQ,WAAW,QAAQ;AAEjD,WAAO,kBAAkB,UAAU,UAAU;AAAA,EAC/C,UAAE;AACA,YAAQ,WAAW,WAAW,QAAQ;AAAA,EACxC;AACF;","names":["ChunkingStrategy","import_hmac","import_sha256","import_sha256","import_hmac","import_sha256","import_hmac","import_sha256"]}