rwn64 1.0.0

package/dist/lib/clip.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.copyToClipboard = copyToClipboard;
+exports.clipAvailable = clipAvailable;
+const child_process_1 = require("child_process");
+const env_1 = require("./env");
+function _cmd() {
+    if (env_1.env.isMacOS)
+        return "pbcopy";
+    if (env_1.env.isTermux) {
+        try {
+            (0, child_process_1.execSync)("which termux-clipboard-set", { stdio: "ignore" });
+            return "termux-clipboard-set";
+        }
+        catch { }
+        return null;
+    }
+    for (const [bin, cmd] of [["xclip", "xclip -selection clipboard"], ["xsel", "xsel --clipboard --input"], ["wl-copy", "wl-copy"]]) {
+        try {
+            (0, child_process_1.execSync)(`which ${bin}`, { stdio: "ignore" });
+            return cmd;
+        }
+        catch { }
+    }
+    return null;
+}
+function copyToClipboard(text) {
+    const cmd = _cmd();
+    if (!cmd)
+        return false;
+    try {
+        (0, child_process_1.execSync)(cmd, { input: text, stdio: ["pipe", "ignore", "ignore"] });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function clipAvailable() { return _cmd() !== null; }

package/dist/lib/crypto.d.ts

@@ -0,0 +1,24 @@
+export declare const TOKEN_PREFIX = "rwn64:v2:";
+export declare const VERSION = "v2";
+export interface EncryptOptions {
+    expiresMs?: number;
+}
+export declare function encrypt(plaintext: string, password: string, opts?: EncryptOptions): string;
+export interface DecryptResult {
+    plaintext: string;
+    expiresAt?: Date;
+    tokenVersion: number;
+}
+export declare function decrypt(token: string, password: string): DecryptResult;
+export declare function verify(token: string, password: string): boolean;
+export declare function hmacFingerprint(input: string, secret: string): string;
+export declare function inspectToken(token: string): {
+    version: string;
+    saltHex: string;
+    nonceHex: string;
+    payloadBytes: number;
+    prefix: string;
+    algo: string;
+};
+export declare function generatePassword(bytes?: number): string;
+export declare function parseExpiry(raw: string): number;

package/dist/lib/crypto.js

@@ -0,0 +1,134 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VERSION = exports.TOKEN_PREFIX = void 0;
+exports.encrypt = encrypt;
+exports.decrypt = decrypt;
+exports.verify = verify;
+exports.hmacFingerprint = hmacFingerprint;
+exports.inspectToken = inspectToken;
+exports.generatePassword = generatePassword;
+exports.parseExpiry = parseExpiry;
+const crypto_1 = require("crypto");
+const _PFX_V1 = "rwn64:v1:";
+const _PFX_V2 = "rwn64:v2:";
+const _ALG_V1 = "aes-256-gcm";
+const _ALG_V2 = "chacha20-poly1305";
+const _SL = 16;
+const _NL = 12;
+const _TL = 16;
+const _KL = 32;
+const _SCRYPT = { N: 16384, r: 8, p: 1 };
+exports.TOKEN_PREFIX = _PFX_V2;
+exports.VERSION = "v2";
+function _kdf(pass, salt) {
+    const buf = Buffer.from(pass, "utf8");
+    const key = (0, crypto_1.scryptSync)(buf, salt, _KL, _SCRYPT);
+    buf.fill(0);
+    return key;
+}
+function _encExp(ms) {
+    const b = Buffer.allocUnsafe(8);
+    b.writeUInt32BE(Math.floor(ms / 0x100000000), 0);
+    b.writeUInt32BE(ms >>> 0, 4);
+    return b;
+}
+function _decExp(b) {
+    return b.readUInt32BE(0) * 0x100000000 + b.readUInt32BE(4);
+}
+function encrypt(plaintext, password, opts = {}) {
+    const salt = (0, crypto_1.randomBytes)(_SL);
+    const nonce = (0, crypto_1.randomBytes)(_NL);
+    const key = _kdf(password, salt);
+    const hasx = opts.expiresMs !== undefined;
+    const meta = Buffer.alloc(1);
+    meta[0] = hasx ? 1 : 0;
+    const inner = Buffer.concat([meta, hasx ? _encExp(opts.expiresMs) : Buffer.alloc(0), Buffer.from(plaintext, "utf8")]);
+    const ciph = (0, crypto_1.createCipheriv)(_ALG_V2, key, nonce, { authTagLength: _TL });
+    const body = Buffer.concat([ciph.update(inner), ciph.final()]);
+    const tag = ciph.getAuthTag();
+    return _PFX_V2 + Buffer.concat([salt, nonce, tag, body]).toString("base64url");
+}
+function decrypt(token, password) {
+    let pfx;
+    let alg;
+    let ver;
+    if (token.startsWith(_PFX_V2)) {
+        pfx = _PFX_V2;
+        alg = _ALG_V2;
+        ver = 2;
+    }
+    else if (token.startsWith(_PFX_V1)) {
+        pfx = _PFX_V1;
+        alg = _ALG_V1;
+        ver = 1;
+    }
+    else
+        throw Object.assign(new Error("invalid token format"), { code: "ERR_FORMAT" });
+    const payload = Buffer.from(token.slice(pfx.length), "base64url");
+    if (payload.length < _SL + _NL + _TL + 2)
+        throw Object.assign(new Error("token is too short or malformed"), { code: "ERR_MALFORMED" });
+    const salt = payload.subarray(0, _SL);
+    const nonce = payload.subarray(_SL, _SL + _NL);
+    const tag = payload.subarray(_SL + _NL, _SL + _NL + _TL);
+    const body = payload.subarray(_SL + _NL + _TL);
+    const key = _kdf(password, salt);
+    const dc = (0, crypto_1.createDecipheriv)(alg, key, nonce, ver === 2 ? { authTagLength: _TL } : undefined);
+    dc.setAuthTag(tag);
+    let inner;
+    try {
+        inner = Buffer.concat([dc.update(body), dc.final()]);
+    }
+    catch {
+        throw Object.assign(new Error("wrong password or corrupted token"), { code: "ERR_AUTH" });
+    }
+    const hasx = inner[0] === 1;
+    if (hasx) {
+        const expMs = _decExp(inner.subarray(1, 9));
+        const expDate = new Date(expMs);
+        if (Date.now() > expMs)
+            throw Object.assign(new Error(`token expired at ${expDate.toISOString()}`), { code: "ERR_EXPIRED", expiredAt: expDate });
+        return { plaintext: inner.subarray(9).toString("utf8"), expiresAt: expDate, tokenVersion: ver };
+    }
+    return { plaintext: inner.subarray(1).toString("utf8"), tokenVersion: ver };
+}
+function verify(token, password) {
+    try {
+        decrypt(token, password);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function hmacFingerprint(input, secret) {
+    return (0, crypto_1.createHmac)("sha256", secret).update(input).digest("hex").slice(0, 16);
+}
+function inspectToken(token) {
+    let pfx;
+    let algo;
+    let ver;
+    if (token.startsWith(_PFX_V2)) {
+        pfx = _PFX_V2;
+        algo = "ChaCha20-Poly1305";
+        ver = 2;
+    }
+    else if (token.startsWith(_PFX_V1)) {
+        pfx = _PFX_V1;
+        algo = "AES-256-GCM";
+        ver = 1;
+    }
+    else
+        throw Object.assign(new Error("invalid token format"), { code: "ERR_FORMAT" });
+    const payload = Buffer.from(token.slice(pfx.length), "base64url");
+    if (payload.length < _SL + _NL + _TL + 2)
+        throw Object.assign(new Error("token is too short or malformed"), { code: "ERR_MALFORMED" });
+    return { version: `v${ver}`, prefix: pfx, algo, saltHex: payload.subarray(0, _SL).toString("hex"), nonceHex: payload.subarray(_SL, _SL + _NL).toString("hex"), payloadBytes: payload.length };
+}
+function generatePassword(bytes = 24) { return (0, crypto_1.randomBytes)(bytes).toString("base64url"); }
+function parseExpiry(raw) {
+    const m = raw.match(/^(\d+)(s|m|h|d)$/);
+    if (!m)
+        throw new Error(`invalid expiry format: "${raw}" — use 30s, 5m, 2h, 7d`);
+    const u = { s: 1000, m: 60000, h: 3600000, d: 86400000 };
+    return Date.now() + parseInt(m[1], 10) * u[m[2]];
+}

package/dist/lib/env.d.ts

@@ -0,0 +1,13 @@
+export type Env = "termux" | "linux" | "macos" | "unknown";
+export interface EnvInfo {
+    type: Env;
+    isTermux: boolean;
+    isLinux: boolean;
+    isMacOS: boolean;
+    hasTTY: boolean;
+    hasRawMode: boolean;
+    hasColor: boolean;
+    cols: number;
+    rows: number;
+}
+export declare const env: EnvInfo;

package/dist/lib/env.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.env = void 0;
+function _detect() {
+    if (process.env.TERMUX_VERSION !== undefined ||
+        (process.env.PREFIX ?? "").includes("com.termux") ||
+        (process.env.HOME ?? "").includes("com.termux"))
+        return "termux";
+    if (process.platform === "darwin")
+        return "macos";
+    if (process.platform === "linux")
+        return "linux";
+    return "unknown";
+}
+function _cols() {
+    try {
+        return process.stdout.columns || 80;
+    }
+    catch {
+        return 80;
+    }
+}
+function _rows() {
+    try {
+        return process.stdout.rows || 24;
+    }
+    catch {
+        return 24;
+    }
+}
+const _type = _detect();
+exports.env = {
+    type: _type,
+    isTermux: _type === "termux",
+    isLinux: _type === "linux",
+    isMacOS: _type === "macos",
+    hasTTY: !!process.stdin.isTTY,
+    hasRawMode: typeof process.stdin.setRawMode === "function",
+    hasColor: process.env.NO_COLOR === undefined && !!process.stderr.isTTY,
+    cols: _cols(),
+    rows: _rows(),
+};

package/dist/lib/errors.d.ts

@@ -0,0 +1 @@
+export declare function installErrorHandler(): void;

package/dist/lib/errors.js

@@ -0,0 +1,61 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.installErrorHandler = installErrorHandler;
+const _nc = !process.stderr.isTTY || process.env.NO_COLOR !== undefined;
+const _e = _nc ? "" : "\x1b[31m";
+const _c = _nc ? "" : "\x1b[36m";
+const _d = _nc ? "" : "\x1b[2m";
+const _r = _nc ? "" : "\x1b[0m";
+const _DEFS = [
+    { match: (m) => m.includes("rwn64:") && (m.includes("$") || m.includes("expanded")),
+        message: "token contains unescaped shell characters",
+        fix: "use single quotes:  rwn64 denc 'rwn64:v2:...' -sw password", exit: 2 },
+    { match: (m, c) => c === "EACCES" || m.includes("permission denied"),
+        message: "permission denied",
+        fix: "check file permissions", exit: 2 },
+    { match: (m, c) => c === "ENOMEM" || m.includes("out of memory") || m.includes("heap"),
+        message: "out of memory",
+        fix: "input may be too large. try: NODE_OPTIONS=--max-old-space-size=512 rwn64 ...", exit: 2 },
+    { match: (m) => m.includes("scrypt") || m.includes("memory limit exceeded"),
+        message: "scrypt memory limit exceeded",
+        fix: "device may have limited memory. try a shorter input or restart Termux", exit: 2 },
+    { match: (m, c) => c === "MODULE_NOT_FOUND" || m.includes("cannot find module"),
+        message: "internal module not found",
+        fix: "reinstall rwn64:  npm install -g rwn64", exit: 1 },
+    { match: (m, c) => c === "ERR_INVALID_ARG_TYPE" || c === "ERR_INVALID_ARG_VALUE" || m.includes("invalid argument"),
+        message: "invalid argument",
+        fix: "run  rwn64 -h  to see correct usage", exit: 1 },
+    { match: (m, c) => c === "ENOENT" || m.includes("no such file"),
+        message: "file not found",
+        fix: "check that the file path is correct", exit: 2 },
+];
+function _fmt(msg, fix) {
+    return `\n${_e}error${_r}  ${msg}\n${_d}fix${_r}    ${_c}${fix}${_r}\n`;
+}
+function _handle(err) {
+    const msg = (err.message ?? "").toLowerCase();
+    const code = err.code ?? "";
+    for (const d of _DEFS) {
+        if (d.match(msg, code)) {
+            process.stderr.write(_fmt(d.message, d.fix));
+            process.exit(d.exit);
+        }
+    }
+    return false;
+}
+function _unknown(msg) {
+    process.stderr.write(`\n${_e}error${_r}  unexpected error\n${_d}fix${_r}    ${_c}run  rwn64 -h  for usage${_r}\n${_d}      ${msg}${_r}\n`);
+    process.exit(1);
+}
+function installErrorHandler() {
+    process.on("uncaughtException", (err) => { if (!_handle(err))
+        _unknown(err.message ?? String(err)); });
+    process.on("unhandledRejection", (reason) => {
+        const err = reason instanceof Error ? reason : new Error(String(reason));
+        if (!_handle(err))
+            _unknown(err.message);
+    });
+    process.on("warning", () => { });
+    const _orig = process.emit.bind(process);
+    process.emit = (ev, ...a) => ev === "warning" ? false : _orig(ev, ...a);
+}

package/dist/lib/history.d.ts

@@ -0,0 +1,9 @@
+interface _Entry {
+    ts: number;
+    cmd: string;
+    fp: string;
+}
+export declare function recordHistory(cmd: string, token: string): void;
+export declare function getHistory(): _Entry[];
+export declare function clearHistory(): void;
+export {};

package/dist/lib/history.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.recordHistory = recordHistory;
+exports.getHistory = getHistory;
+exports.clearHistory = clearHistory;
+const fs_1 = require("fs");
+const path_1 = require("path");
+const os_1 = require("os");
+const crypto_1 = require("crypto");
+const _FILE = (0, path_1.join)((0, os_1.tmpdir)(), ".rwn64_history");
+function _load() {
+    if (!(0, fs_1.existsSync)(_FILE))
+        return [];
+    try {
+        return JSON.parse((0, fs_1.readFileSync)(_FILE, "utf8"));
+    }
+    catch {
+        return [];
+    }
+}
+function _save(e) {
+    try {
+        (0, fs_1.writeFileSync)(_FILE, JSON.stringify(e), "utf8");
+    }
+    catch { }
+}
+function recordHistory(cmd, token) {
+    const e = _load();
+    e.push({ ts: Date.now(), cmd, fp: (0, crypto_1.createHash)("sha256").update(token).digest("hex").slice(0, 8) });
+    if (e.length > 50)
+        e.splice(0, e.length - 50);
+    _save(e);
+}
+function getHistory() { return _load(); }
+function clearHistory() { _save([]); }

package/dist/lib/password.d.ts

@@ -0,0 +1,2 @@
+export declare function resolvePassword(raw: string): string;
+export declare function describePasswordSource(raw: string): string;

package/dist/lib/password.js

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolvePassword = resolvePassword;
+exports.describePasswordSource = describePasswordSource;
+const fs_1 = require("fs");
+function resolvePassword(raw) {
+    if (raw.startsWith("@")) {
+        const path = raw.slice(1).trim();
+        try {
+            return (0, fs_1.readFileSync)(path, "utf8").trim();
+        }
+        catch {
+            throw Object.assign(new Error(`cannot read password file: ${path}`), { code: "ERR_PWFILE" });
+        }
+    }
+    if (raw.startsWith("env:")) {
+        const name = raw.slice(4).trim();
+        const val = process.env[name];
+        if (!val)
+            throw Object.assign(new Error(`env variable not set: ${name}`), { code: "ERR_PWENV" });
+        return val;
+    }
+    return raw;
+}
+function describePasswordSource(raw) {
+    if (raw.startsWith("@"))
+        return `file(${raw.slice(1)})`;
+    if (raw.startsWith("env:"))
+        return `env(${raw.slice(4)})`;
+    return "inline";
+}

package/dist/lib/rc.d.ts

@@ -0,0 +1,7 @@
+export interface XH32RC {
+    password?: string;
+    bytes?: number;
+    maxSize?: number;
+    clip?: boolean;
+}
+export declare function loadRC(): XH32RC;

package/dist/lib/rc.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadRC = loadRC;
+const fs_1 = require("fs");
+const path_1 = require("path");
+const os_1 = require("os");
+const _DEFAULTS = { bytes: 24, maxSize: 20, clip: false };
+const _RC_FILE = ".rwn64rc";
+function _parse(raw) {
+    const out = {};
+    for (const line of raw.split("\n")) {
+        const t = line.trim();
+        if (!t || t.startsWith("#"))
+            continue;
+        const eq = t.indexOf("=");
+        if (eq === -1)
+            continue;
+        const k = t.slice(0, eq).trim();
+        const v = t.slice(eq + 1).trim();
+        if (k === "password")
+            out.password = v;
+        if (k === "bytes")
+            out.bytes = parseInt(v, 10);
+        if (k === "maxSize")
+            out.maxSize = parseInt(v, 10);
+        if (k === "clip")
+            out.clip = v === "true";
+    }
+    return out;
+}
+function _load(path) {
+    if (!(0, fs_1.existsSync)(path))
+        return null;
+    try {
+        return _parse((0, fs_1.readFileSync)(path, "utf8"));
+    }
+    catch {
+        return null;
+    }
+}
+function loadRC() {
+    const local = _load((0, path_1.resolve)(process.cwd(), _RC_FILE));
+    const global = _load((0, path_1.join)((0, os_1.homedir)(), _RC_FILE));
+    return { ..._DEFAULTS, ...global, ...local };
+}

package/dist/lib/ui.d.ts

@@ -0,0 +1,17 @@
+export declare const VERSION = "1.0.0";
+export declare const PKG = "rwn64";
+export declare const BIN = "rwn64";
+export declare function data(s: string): void;
+export declare function err(msg: string, code?: number): never;
+export declare function warn(msg: string): void;
+export interface BoxRow {
+    label: string;
+    value: string;
+    valueColor?: string;
+}
+export declare function box(rows: BoxRow[]): void;
+export declare function token(t: string): void;
+export declare function ms(elapsed: number): void;
+export declare function section(title: string): void;
+export declare function usage(): void;
+export declare function row(label: string, value: string, color?: string): void;

package/dist/lib/ui.js

@@ -0,0 +1,128 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BIN = exports.PKG = exports.VERSION = void 0;
+exports.data = data;
+exports.err = err;
+exports.warn = warn;
+exports.box = box;
+exports.token = token;
+exports.ms = ms;
+exports.section = section;
+exports.usage = usage;
+exports.row = row;
+const env_1 = require("./env");
+const _NC = !env_1.env.hasColor;
+const _c = _NC ? {
+    r: "", d: "", b: "", g: "", y: "", c: "", e: "", w: "", dim: "", hi: ""
+} : {
+    r: "\x1b[0m",
+    d: "\x1b[2m",
+    b: "\x1b[1m",
+    g: "\x1b[32m",
+    y: "\x1b[33m",
+    c: "\x1b[36m",
+    e: "\x1b[31m",
+    w: "\x1b[37m",
+    dim: "\x1b[38;5;245m",
+    hi: "\x1b[38;5;252m",
+};
+exports.VERSION = "1.0.0";
+exports.PKG = "rwn64";
+exports.BIN = "rwn64";
+const _BOX = { tl: "┌", tr: "┐", bl: "└", br: "┘", h: "─", v: "│" };
+function _ui(s) { process.stderr.write(s); }
+function data(s) { process.stdout.write(s + "\n"); }
+function err(msg, code = 1) {
+    _ui(`\n${_c.e}error${_c.r}  ${msg}\n`);
+    process.exit(code);
+}
+function warn(msg) {
+    _ui(`${_c.y}warn${_c.r}   ${msg}\n`);
+}
+function _visLen(s) {
+    return s.replace(/\x1b\[[0-9;]*m/g, "").length;
+}
+function _boxLine(inner, width) {
+    const pad = Math.max(0, width - _visLen(inner) - 2);
+    return `${_c.dim}${_BOX.v}${_c.r} ${inner}${" ".repeat(pad)} ${_c.dim}${_BOX.v}${_c.r}\n`;
+}
+function _hline(width, l, r) {
+    return `${_c.dim}${l}${_BOX.h.repeat(width - 2)}${r}${_c.r}\n`;
+}
+function box(rows) {
+    const lw = Math.max(...rows.map((r) => r.label.length));
+    const lines = rows.map((r) => {
+        const pad = " ".repeat(lw - r.label.length + 1);
+        const vc = r.valueColor ?? _c.hi;
+        return `${_c.dim}${r.label}${_c.r}${pad}${vc}${r.value}${_c.r}`;
+    });
+    const width = Math.max(...lines.map(_visLen)) + 4;
+    _ui(_hline(width, _BOX.tl, _BOX.tr));
+    for (const l of lines)
+        _ui(_boxLine(l, width));
+    _ui(_hline(width, _BOX.bl, _BOX.br));
+}
+function token(t) {
+    _ui(`\n${_c.hi}${t}${_c.r}\n\n`);
+}
+function ms(elapsed) {
+    _ui(`${_c.dim}done in ${elapsed}ms${_c.r}\n`);
+}
+function section(title) {
+    _ui(`\n${_c.w}${title}${_c.r}\n\n`);
+}
+function usage() {
+    _ui(`\n${_c.b}${_c.c}${exports.PKG}${_c.r}  ${_c.dim}v${exports.VERSION}${_c.r}  ChaCha20-Poly1305 / AES-256-GCM\n\n`);
+    const c = (s) => `  ${_c.c}${s}${_c.r}`;
+    const lines = [
+        `${_c.w}commands${_c.r}`,
+        ``,
+        c(`${exports.BIN} enc    <text|@file>  -sw <password>`) + "   encrypt",
+        c(`${exports.BIN} denc   <token>       -sw <password>`) + "   decrypt",
+        c(`${exports.BIN} verify <token>       -sw <password>`) + "   verify token integrity",
+        c(`${exports.BIN} fp     <text>        -sw <secret>  `) + "   HMAC fingerprint",
+        c(`${exports.BIN} gen    [bytes]                     `) + "   generate secure password",
+        c(`${exports.BIN} info   <token>                     `) + "   inspect token metadata",
+        c(`${exports.BIN} history                            `) + "   show session history",
+        c(`${exports.BIN} upgrade  (or -u)                   `) + "   check for updates",
+        ``,
+        `${_c.w}flags${_c.r}`,
+        ``,
+        `  ${_c.c}-sw <password>${_c.r}          password source`,
+        `  ${_c.c}--expires <time>${_c.r}        token expiry  (30s, 5m, 2h, 7d)`,
+        `  ${_c.c}--clip${_c.r}                  copy result to clipboard`,
+        `  ${_c.c}--out <file>${_c.r}            (denc) save output to file`,
+        `  ${_c.c}--no-color${_c.r}              disable ANSI colors`,
+        `  ${_c.c}-v, --version${_c.r}           print version`,
+        `  ${_c.c}-h, --help${_c.r}              show this help`,
+        ``,
+        `${_c.w}password sources${_c.r}`,
+        ``,
+        `  -sw mypassword        inline`,
+        `  -sw @~/.rwn64key       read from file  (recommended)`,
+        `  -sw env:RWN64_KEY      read from env variable`,
+        ``,
+        `${_c.w}.rwn64rc${_c.r}`,
+        ``,
+        `  password = env:RWN64_KEY`,
+        `  bytes    = 32`,
+        `  maxSize  = 20`,
+        `  clip     = false`,
+        ``,
+        `${_c.w}examples${_c.r}`,
+        ``,
+        `  rwn64 enc 'my secret'         -sw mypassword`,
+        `  rwn64 enc 'expires in 1 hour' -sw mypassword  --expires 1h`,
+        `  rwn64 enc @notes.txt          -sw mypassword`,
+        `  rwn64 denc 'rwn64:v2:...'      -sw mypassword`,
+        `  rwn64 denc 'rwn64:v2:...'      -sw mypassword  --out result.txt`,
+        `  TOKEN=$(rwn64 enc 'text' -sw pass)`,
+        `  rwn64 denc "$TOKEN" -sw pass`,
+        ``,
+    ];
+    _ui(lines.join("\n") + "\n");
+}
+function row(label, value, color = _c.hi) {
+    const pad = " ".repeat(Math.max(1, 10 - label.length));
+    _ui(`${_c.dim}${label}${_c.r}${pad}${color}${value}${_c.r}\n`);
+}

package/package.json

@@ -0,0 +1,31 @@
+{
+  "name": "rwn64",
+  "version": "1.0.0",
+  "description": "ChaCha20-Poly1305 token encryption CLI and library",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "rwn64": "dist/cli.js"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "build:bundle": "esbuild dist/cli.js --bundle --platform=node --outfile=dist/cli.bundle.js",
+    "build:obfuscate": "terser dist/cli.bundle.js -o dist/cli.js --compress passes=3 --mangle",
+    "prepublishOnly": "npm run build && npm run build:bundle && npm run build:obfuscate"
+  },
+  "keywords": ["encryption", "chacha20", "aes-256-gcm", "cli", "token", "crypto", "termux"],
+  "license": "MIT",
+  "engines": {
+    "node": ">=16"
+  },
+  "devDependencies": {
+    "@types/node": "^20.11.0",
+    "esbuild": "^0.27.3",
+    "terser": "^5.46.0",
+    "typescript": "^5.3.3"
+  }
+}