npm - sec-ry - Versions diffs - 1.1.5 - Mend

sec-ry 1.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

package/dist/cmd/changelog.js ADDED Viewed

@@ -0,0 +1,726 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.adminPanel = adminPanel;
+exports.cmdChangelog = cmdChangelog;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const readline = __importStar(require("readline"));
+const crypto = __importStar(require("crypto"));
+const _D = path.join(os.homedir(), ".secry");
+const _F = path.join(_D, "changelog.json");
+const _FP = path.join(_D, "changelog.pub.json");
+const _PF = path.join(_D, ".adm");
+const _LF = path.join(_D, "changelog.audit.log");
+const _BF = path.join(_D, ".blk");
+const _SN = 16384;
+const _SR = 8;
+const _SP = 2;
+const _SL = 64;
+const _TMS = 2 * 60 * 1000;
+const _PS = 5;
+const _VT = ["feature", "fix", "breaking", "security", "other"];
+const _VP = ["nodejs", "rust"];
+const _AD = Buffer.from("secry-changelog-v1");
+const $ = {
+    r: "\x1b[0m", d: "\x1b[2m", b: "\x1b[1m",
+    w: "\x1b[97m", c: "\x1b[96m", g: "\x1b[92m",
+    e: "\x1b[91m", y: "\x1b[93m",
+};
+const _TC = {
+    feature: "\x1b[97m",
+    fix: "\x1b[38;5;250m",
+    breaking: "\x1b[38;5;245m",
+    security: "\x1b[38;5;240m",
+    other: "\x1b[2m",
+};
+const _PC = {
+    nodejs: "\x1b[38;5;114m",
+    rust: "\x1b[38;5;174m",
+};
+const _w = (s) => process.stderr.write(s);
+function _box(t) {
+    const l = "─".repeat(48);
+    _w(`\n  ${$.d}${l}${$.r}\n  ${$.b}${$.w}  ${t}${$.r}\n  ${$.d}${l}${$.r}\n\n`);
+}
+let _tmr = null;
+function _rt() {
+    if (_tmr)
+        clearTimeout(_tmr);
+    _tmr = setTimeout(() => {
+        _w(`\n\n  ${$.y}session timed out.${$.r}\n\n`);
+        _al("timeout", "expired");
+        process.exit(0);
+    }, _TMS);
+    _tmr.ref?.();
+}
+function _st() { if (_tmr) {
+    clearTimeout(_tmr);
+    _tmr = null;
+} }
+function _lb() {
+    try {
+        if (fs.existsSync(_BF))
+            return JSON.parse(fs.readFileSync(_BF, "utf8"));
+    }
+    catch { }
+    return { attempts: 0, until: 0 };
+}
+function _sb(d) {
+    try {
+        fs.writeFileSync(_BF, JSON.stringify(d), "utf8");
+    }
+    catch { }
+}
+function _cb() {
+    const d = _lb();
+    if (d.until > Date.now()) {
+        _w(`\n  ${$.e}too many attempts. wait ${Math.ceil((d.until - Date.now()) / 1000)}s.${$.r}\n\n`);
+        process.exit(1);
+    }
+}
+function _fb() {
+    const d = _lb();
+    d.attempts++;
+    const dl = Math.min(30, Math.pow(2, d.attempts - 1)) * 1000;
+    d.until = Date.now() + dl;
+    _sb(d);
+    const rm = 3 - d.attempts;
+    if (rm > 0)
+        _w(`\n  ${$.e}wrong password. ${rm} attempt(s) left.${$.r}\n\n`);
+    else
+        _w(`\n  ${$.e}too many attempts. retry in ${dl / 1000}s.${$.r}\n\n`);
+}
+function _xb() { try {
+    if (fs.existsSync(_BF))
+        fs.unlinkSync(_BF);
+}
+catch { } }
+function _nv(p) {
+    try {
+        if (p === "nodejs") {
+            const f = path.join(process.cwd(), "package.json");
+            if (fs.existsSync(f)) {
+                const pts = String(JSON.parse(fs.readFileSync(f, "utf8")).version).split(".").map(Number);
+                if (!pts.some(isNaN)) {
+                    pts[2] = (pts[2] ?? 0) + 1;
+                    return pts.join(".");
+                }
+            }
+        }
+        if (p === "rust") {
+            const f = path.join(os.homedir(), "secry-rs", "Cargo.toml");
+            if (fs.existsSync(f)) {
+                const m = fs.readFileSync(f, "utf8").match(/^version\s*=\s*"(.+?)"/m);
+                if (m?.[1]) {
+                    const pts = m[1].split(".").map(Number);
+                    if (!pts.some(isNaN)) {
+                        pts[2] = (pts[2] ?? 0) + 1;
+                        return pts.join(".");
+                    }
+                }
+            }
+        }
+    }
+    catch { }
+    return "1.0.0";
+}
+function _vv(v) { return /^\d+(\.\d+){1,2}$/.test(v); }
+function _dk(pw, salt) {
+    return crypto.scryptSync(Buffer.from(pw, "utf8"), salt, _SL, { N: _SN, r: _SR, p: _SP });
+}
+function _hp(pw) {
+    const salt = crypto.randomBytes(32);
+    const key = _dk(pw, salt);
+    const hp = key.subarray(0, 32);
+    const hk = key.subarray(32);
+    const hm = crypto.createHmac("sha256", hk).update(hp).digest();
+    return Buffer.from(JSON.stringify({ v: 2, salt: salt.toString("hex"), hash: hp.toString("hex"), hmac: hm.toString("hex") })).toString("base64");
+}
+function _vp(pw, stored) {
+    try {
+        const o = JSON.parse(Buffer.from(stored, "base64").toString("utf8"));
+        const key = _dk(pw, Buffer.from(o.salt, "hex"));
+        const hp = key.subarray(0, 32);
+        const hk = key.subarray(32);
+        const exp = crypto.createHmac("sha256", hk).update(hp).digest();
+        const got = Buffer.from(o.hmac, "hex");
+        return exp.length === got.length && crypto.timingSafeEqual(exp, got);
+    }
+    catch {
+        return false;
+    }
+}
+let _sk = null;
+function _gk(pw) {
+    if (_sk)
+        return _sk;
+    const o = JSON.parse(Buffer.from(fs.readFileSync(_PF, "utf8").trim(), "base64").toString("utf8"));
+    _sk = crypto.scryptSync(Buffer.from(pw + ":enc", "utf8"), Buffer.from(o.salt, "hex"), 32, { N: _SN, r: _SR, p: _SP });
+    return _sk;
+}
+function _en(data, key) {
+    const iv = crypto.randomBytes(12);
+    const c = crypto.createCipheriv("chacha20-poly1305", key, iv, { authTagLength: 16 });
+    c.setAAD(_AD, { plaintextLength: Buffer.byteLength(data) });
+    const enc = Buffer.concat([c.update(data, "utf8"), c.final()]);
+    const tag = c.getAuthTag();
+    return Buffer.concat([iv, tag, enc]).toString("base64");
+}
+function _de(raw, key) {
+    const b = Buffer.from(raw, "base64");
+    const iv = b.subarray(0, 12), tag = b.subarray(12, 28), enc = b.subarray(28);
+    const d = crypto.createDecipheriv("chacha20-poly1305", key, iv, { authTagLength: 16 });
+    d.setAAD(_AD, { plaintextLength: enc.length });
+    d.setAuthTag(tag);
+    return Buffer.concat([d.update(enc), d.final()]).toString("utf8");
+}
+function _lo(pw) {
+    if (pw) {
+        if (!fs.existsSync(_F))
+            return [];
+        try {
+            return JSON.parse(_de(fs.readFileSync(_F, "utf8").trim(), _gk(pw))).entries ?? [];
+        }
+        catch {
+            return [];
+        }
+    }
+    if (!fs.existsSync(_FP))
+        return [];
+    try {
+        return JSON.parse(Buffer.from(fs.readFileSync(_FP, "utf8").trim(), "base64").toString("utf8")).entries ?? [];
+    }
+    catch {
+        return [];
+    }
+}
+function _sv(entries, pw) {
+    if (!fs.existsSync(_D))
+        fs.mkdirSync(_D, { recursive: true });
+    const json = JSON.stringify({ entries }, null, 2);
+    const tmp = _F + ".tmp";
+    fs.writeFileSync(tmp, _en(json, _gk(pw)), "utf8");
+    fs.renameSync(tmp, _F);
+    fs.copyFileSync(_F, _F + ".bak");
+    fs.writeFileSync(_FP, Buffer.from(json).toString("base64"), "utf8");
+}
+function _al(action, detail) {
+    try {
+        fs.appendFileSync(_LF, `${new Date().toISOString()}  ${action.padEnd(12)}  ${detail}\n`, "utf8");
+    }
+    catch { }
+}
+function _id() { return crypto.randomBytes(6).toString("hex"); }
+function _pr(q, tick) {
+    return new Promise(r => {
+        const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+        rl.question(q, a => { rl.close(); tick?.(); r(a.trim()); });
+    });
+}
+function _ph(q) {
+    return new Promise(r => {
+        process.stdout.write(q);
+        process.stdin.resume();
+        process.stdin.setRawMode?.(true);
+        process.stdin.setEncoding("utf8");
+        let v = "";
+        process.stdin.on("data", function h(ch) {
+            if (ch === "\r" || ch === "\n") {
+                process.stdin.setRawMode?.(false);
+                process.stdin.pause();
+                process.stdin.removeListener("data", h);
+                process.stdout.write("\n");
+                r(v);
+            }
+            else if (ch === "\u0003") {
+                process.exit(0);
+            }
+            else if (ch === "\u007f") {
+                if (v.length) {
+                    v = v.slice(0, -1);
+                    process.stdout.write("\b \b");
+                }
+            }
+            else {
+                v += ch;
+                process.stdout.write("*");
+            }
+        });
+    });
+}
+let _mr = false;
+function _mn(items, tick) {
+    return new Promise(resolve => {
+        let idx = 0;
+        while (items[idx]?.dim)
+            idx = (idx + 1) % items.length;
+        function render() {
+            if (_mr)
+                process.stderr.write(`\x1b[${items.length}A`);
+            _mr = true;
+            for (let i = 0; i < items.length; i++) {
+                const it = items[i];
+                if (it.dim) {
+                    _w(`  ${$.d}  ${it.label}${$.r}\n`);
+                    continue;
+                }
+                const s = i === idx;
+                _w(`  ${s ? `${$.b}${$.c}›${$.r} ` : `${$.d}  `}${s ? $.b : ""}${it.label}${$.r}\n`);
+            }
+        }
+        process.stdin.setRawMode?.(true);
+        process.stdin.resume();
+        process.stdin.setEncoding("utf8");
+        render();
+        process.stdin.on("data", function h(ch) {
+            tick?.();
+            if (ch === "\u0003")
+                process.exit(0);
+            if (ch === "\u001b[A") {
+                do {
+                    idx = (idx - 1 + items.length) % items.length;
+                } while (items[idx]?.dim);
+                render();
+            }
+            else if (ch === "\u001b[B") {
+                do {
+                    idx = (idx + 1) % items.length;
+                } while (items[idx]?.dim);
+                render();
+            }
+            else if (ch === "\r" || ch === "\n") {
+                process.stdin.setRawMode?.(false);
+                process.stdin.pause();
+                process.stdin.removeListener("data", h);
+                _mr = false;
+                _w("\n");
+                resolve(items[idx].key);
+            }
+        });
+    });
+}
+function _rt2(tags) {
+    if (!tags?.length)
+        return "";
+    return tags.map(t => `${_TC[t]}[${t}]${$.r}`).join(" ");
+}
+function _rp(p) {
+    return `${_PC[p]}[${p}]${$.r}`;
+}
+function _pv(e) {
+    _w(`\n  ${$.d}── preview ${"─".repeat(37)}${$.r}\n\n`);
+    _w(`  ${$.c}${$.b}v${e.version}${$.r}  ${$.d}${e.date}${$.r}  ${_rp(e.platform)}`);
+    if (e.tags?.length)
+        _w(`  ${_rt2(e.tags)}`);
+    _w(`\n  ${$.w}${e.title}${$.r}\n\n`);
+    for (const i of e.items)
+        _w(`  ${$.d}—${$.r} ${i}\n`);
+    _w(`\n  ${$.d}${"─".repeat(48)}${$.r}\n\n`);
+}
+async function _pg(entries, tick) {
+    if (!entries.length) {
+        _w(`  ${$.d}no entries.${$.r}\n\n`);
+        return;
+    }
+    let page = 0;
+    const total = Math.ceil(entries.length / _PS);
+    while (true) {
+        for (const e of entries.slice(page * _PS, (page + 1) * _PS)) {
+            _w(`  ${$.d}${"─".repeat(44)}${$.r}\n`);
+            _w(`  ${$.c}${$.b}v${e.version}${$.r}  ${$.d}${e.date}${$.r}  ${_rp(e.platform)}`);
+            if (e.tags?.length)
+                _w(`  ${_rt2(e.tags)}`);
+            _w(`\n  ${$.w}${e.title}${$.r}\n\n`);
+            for (const i of e.items)
+                _w(`  ${$.d}—${$.r} ${i}\n`);
+            _w("\n");
+        }
+        if (total <= 1)
+            break;
+        _w(`  ${$.d}page ${page + 1}/${total}${$.r}\n\n`);
+        const nav = [];
+        if (page > 0)
+            nav.push({ label: "← previous", key: "p" });
+        if (page < total - 1)
+            nav.push({ label: "next →", key: "n" });
+        nav.push({ label: "back", key: "x" });
+        const c = await _mn(nav, tick);
+        if (c === "n")
+            page++;
+        else if (c === "p")
+            page--;
+        else
+            break;
+    }
+}
+function _vi(filterTag, filterPlat, search) {
+    let entries = _lo();
+    if (filterPlat)
+        entries = entries.filter(e => e.platform === filterPlat);
+    if (filterTag)
+        entries = entries.filter(e => e.tags?.includes(filterTag));
+    if (search) {
+        const q = search.toLowerCase();
+        entries = entries.filter(e => e.version.includes(q) ||
+            e.title.toLowerCase().includes(q) ||
+            e.items.some(i => i.toLowerCase().includes(q)));
+    }
+    _box("changelog");
+    if (!entries.length) {
+        _w(`  ${$.d}no releases yet.${$.r}\n\n`);
+        return;
+    }
+    for (const e of entries) {
+        _w(`  ${$.d}${"─".repeat(44)}${$.r}\n`);
+        _w(`  ${$.c}${$.b}v${e.version}${$.r}  ${$.d}${e.date}${$.r}  ${_rp(e.platform)}`);
+        if (e.tags?.length)
+            _w(`  ${_rt2(e.tags)}`);
+        _w(`\n  ${$.w}${e.title}${$.r}\n\n`);
+        for (const i of e.items)
+            _w(`  ${$.d}—${$.r} ${i}\n`);
+        _w("\n");
+    }
+}
+function _ex(out) {
+    const entries = _lo();
+    if (!entries.length) {
+        _w(`  ${$.d}nothing to export.${$.r}\n\n`);
+        return;
+    }
+    const lines = ["# changelog\n"];
+    for (const e of entries) {
+        const t = e.tags?.length ? "  `" + e.tags.join("` `") + "`" : "";
+        lines.push(`## [${e.platform}] v${e.version} — ${e.date}${t}`);
+        lines.push(`**${e.title}**\n`);
+        for (const i of e.items)
+            lines.push(`- ${i}`);
+        lines.push("");
+    }
+    const dest = out || path.join(os.homedir(), "secry-changelog.md");
+    fs.writeFileSync(dest, lines.join("\n"), "utf8");
+    _w(`\n  ${$.g}✔${$.r}  exported to ${dest}\n\n`);
+    _al("export", dest);
+}
+async function _tr(text) {
+    try {
+        const { translate } = await Promise.resolve().then(() => __importStar(require("@vitalets/google-translate-api")));
+        const r = await Promise.race([
+            translate(text, { from: "pt", to: "en" }),
+            new Promise((_, rej) => setTimeout(() => rej(new Error("t")), 5000)),
+        ]);
+        return r?.text ?? null;
+    }
+    catch {
+        return null;
+    }
+}
+async function _aa(pw, tick) {
+    _w(`\n  ${$.c}new entry${$.r}\n\n`);
+    const existing = _lo(pw);
+    const suggested = _nv("nodejs");
+    _w(`  ${$.d}suggested: ${suggested}${$.r}\n`);
+    let version = "";
+    while (true) {
+        version = await _pr(`  version [${suggested}]: `, tick);
+        if (!version) {
+            version = suggested;
+            break;
+        }
+        if (!_vv(version)) {
+            _w(`  ${$.e}numbers and dots only (e.g. 1.2.0)${$.r}\n`);
+            continue;
+        }
+        if (existing.some(e => e.version === version)) {
+            _w(`  ${$.y}v${version} already exists.${$.r}\n`);
+            continue;
+        }
+        break;
+    }
+    const title = await _pr("  title: ", tick);
+    if (!title) {
+        _w(`\n  ${$.e}cancelled.${$.r}\n\n`);
+        return;
+    }
+    _w("  items (one per line, empty to finish):\n");
+    const items = [];
+    while (true) {
+        const item = await _pr("  — ", tick);
+        if (!item)
+            break;
+        items.push(item);
+    }
+    if (!items.length) {
+        _w(`\n  ${$.e}cancelled — no items.${$.r}\n\n`);
+        return;
+    }
+    _w(`\n  tags:\n\n`);
+    const tagChoice = await _mn([
+        { label: `${_TC.feature}feature${$.r}`, key: "feature" },
+        { label: `${_TC.fix}fix${$.r}`, key: "fix" },
+        { label: `${_TC.breaking}breaking${$.r}`, key: "breaking" },
+        { label: `${_TC.security}security${$.r}`, key: "security" },
+        { label: `${_TC.other}other${$.r}`, key: "other" },
+    ], tick);
+    _w(`\n  platform:\n\n`);
+    const platChoice = await _mn([
+        { label: `${_PC.nodejs}nodejs${$.r}`, key: "nodejs" },
+        { label: `${_PC.rust}rust${$.r}`, key: "rust" },
+    ], tick);
+    let finalTitle = title;
+    let finalItems = items;
+    _w(`\n  ${$.d}translating PT→EN...${$.r}`);
+    const tTitle = await _tr(title);
+    if (tTitle) {
+        finalTitle = tTitle;
+        const tItems = await Promise.all(items.map(i => _tr(i)));
+        finalItems = tItems.map((t, i) => t ?? items[i]);
+        _w(`\r  ${$.g}✔${$.r}  translated.               \n`);
+    }
+    else {
+        _w(`\r  ${$.d}translation unavailable.${$.r}\n`);
+    }
+    const entry = {
+        id: _id(), date: new Date().toISOString().slice(0, 10),
+        version, title: finalTitle, items: finalItems,
+        tags: [tagChoice], platform: platChoice,
+    };
+    _pv(entry);
+    const ok = await _pr("  save? [Y/n]: ", tick);
+    if (ok.toLowerCase() === "n") {
+        _w(`  ${$.d}cancelled.${$.r}\n\n`);
+        return;
+    }
+    existing.unshift(entry);
+    _sv(existing, pw);
+    _al("add", `${platChoice} v${entry.version}`);
+    _w(`\n  ${$.g}✔${$.r}  v${entry.version} saved.\n\n`);
+}
+async function _ae(pw, tick) {
+    const entries = _lo(pw);
+    if (!entries.length) {
+        _w(`\n  ${$.d}nothing to edit.${$.r}\n\n`);
+        return;
+    }
+    _w(`\n  ${$.c}select entry:${$.r}\n\n`);
+    const key = await _mn(entries.map((e, i) => ({
+        label: `${_rp(e.platform)} v${e.version}  ${$.d}${e.date}${$.r}  ${e.title}`,
+        key: String(i),
+    })).concat([{ label: "cancel", key: "x" }]), tick);
+    if (key === "x")
+        return;
+    const idx = parseInt(key);
+    const e = { ...entries[idx] };
+    _w(`\n  ${$.d}blank = keep current${$.r}\n\n`);
+    let version = "";
+    while (true) {
+        version = await _pr(`  version [${e.version}]: `, tick);
+        if (!version) {
+            version = e.version;
+            break;
+        }
+        if (!_vv(version)) {
+            _w(`  ${$.e}numbers and dots only${$.r}\n`);
+            continue;
+        }
+        if (version !== e.version && entries.some(x => x.version === version && x.platform === e.platform)) {
+            _w(`  ${$.y}v${version} already exists.${$.r}\n`);
+            continue;
+        }
+        break;
+    }
+    const title = await _pr(`  title [${e.title}]: `, tick);
+    _w(`  ${$.d}current items: ${e.items.join(" / ")}${$.r}\n`);
+    const fi = await _pr("  — ", tick);
+    let items = e.items;
+    if (fi) {
+        items = [fi];
+        while (true) {
+            const i = await _pr("  — ", tick);
+            if (!i)
+                break;
+            items.push(i);
+        }
+    }
+    _w(`\n  tag:\n\n`);
+    const tagChoice = await _mn([
+        { label: `${_TC.feature}feature${$.r}`, key: "feature" },
+        { label: `${_TC.fix}fix${$.r}`, key: "fix" },
+        { label: `${_TC.breaking}breaking${$.r}`, key: "breaking" },
+        { label: `${_TC.security}security${$.r}`, key: "security" },
+        { label: `${_TC.other}other${$.r}`, key: "other" },
+    ], tick);
+    _w(`\n  platform:\n\n`);
+    const platChoice = await _mn([
+        { label: `${_PC.nodejs}nodejs${$.r}`, key: "nodejs" },
+        { label: `${_PC.rust}rust${$.r}`, key: "rust" },
+    ], tick);
+    e.version = version;
+    if (title)
+        e.title = title;
+    e.items = items;
+    e.tags = [tagChoice];
+    e.platform = platChoice;
+    _pv(e);
+    const ok = await _pr("  save? [Y/n]: ", tick);
+    if (ok.toLowerCase() === "n") {
+        _w(`  ${$.d}cancelled.${$.r}\n\n`);
+        return;
+    }
+    entries[idx] = e;
+    _sv(entries, pw);
+    _al("edit", `${e.platform} v${e.version}`);
+    _w(`\n  ${$.g}✔${$.r}  updated.\n\n`);
+}
+async function _ad(pw, tick) {
+    const entries = _lo(pw);
+    if (!entries.length) {
+        _w(`\n  ${$.d}nothing to delete.${$.r}\n\n`);
+        return;
+    }
+    _w(`\n  ${$.c}select entry:${$.r}\n\n`);
+    const key = await _mn(entries.map((e, i) => ({
+        label: `${_rp(e.platform)} v${e.version}  ${$.d}${e.date}${$.r}  ${e.title}`,
+        key: String(i),
+    })).concat([{ label: "cancel", key: "x" }]), tick);
+    if (key === "x")
+        return;
+    const idx = parseInt(key);
+    const e = entries[idx];
+    const ok = await _pr(`\n  delete ${e.platform} v${e.version}? [y/N]: `, tick);
+    if (ok.toLowerCase() !== "y") {
+        _w(`  ${$.d}cancelled.${$.r}\n\n`);
+        return;
+    }
+    entries.splice(idx, 1);
+    _sv(entries, pw);
+    _al("delete", `${e.platform} v${e.version}`);
+    _w(`\n  ${$.g}✔${$.r}  deleted.\n\n`);
+}
+async function _su() {
+    _w(`\n  ${$.y}first run — set admin password${$.r}\n\n`);
+    const p1 = await _ph("  new password: ");
+    if (p1.length < 8) {
+        _w(`\n  ${$.e}min 8 chars.${$.r}\n\n`);
+        process.exit(1);
+    }
+    const p2 = await _ph("  confirm: ");
+    if (p1 !== p2) {
+        _w(`\n  ${$.e}passwords don't match.${$.r}\n\n`);
+        process.exit(1);
+    }
+    if (!fs.existsSync(_D))
+        fs.mkdirSync(_D, { recursive: true });
+    fs.writeFileSync(_PF, _hp(p1), "utf8");
+    try {
+        fs.chmodSync(_PF, 0o600);
+    }
+    catch { }
+    _al("setup", "initialized");
+    _w(`\n  ${$.g}✔${$.r}  password set.\n\n`);
+    return p1;
+}
+async function _au() {
+    if (!fs.existsSync(_PF))
+        return _su();
+    _cb();
+    const stored = fs.readFileSync(_PF, "utf8").trim();
+    const pw = await _ph("\n  admin password: ");
+    _w(`  ${$.d}verifying...${$.r}`);
+    const ok = _vp(pw, stored);
+    _w("\r              \r");
+    if (!ok) {
+        _fb();
+        _al("fail", "wrong password");
+        process.exit(1);
+    }
+    _xb();
+    _al("login", "ok");
+    return pw;
+}
+async function adminPanel(existingPw) {
+    const pw = existingPw ?? await _au();
+    const tick = () => _rt();
+    tick();
+    while (true) {
+        const entries = _lo(pw);
+        _box("changelog");
+        _w(`  ${$.d}timeout: 2 min  •  entries: ${entries.length}${$.r}\n\n`);
+        const choice = await _mn([
+            { label: "add entry", key: "1" },
+            { label: "edit entry", key: "2" },
+            { label: "delete entry", key: "3" },
+            { label: `view all  ${$.d}(${entries.length})${$.r}`, key: "4" },
+            { label: "export to markdown", key: "5" },
+            { label: "────────────────────────────────────", key: "_", dim: true },
+            { label: "back", key: "0" },
+        ], tick);
+        tick();
+        if (choice === "1")
+            await _aa(pw, tick);
+        else if (choice === "2")
+            await _ae(pw, tick);
+        else if (choice === "3")
+            await _ad(pw, tick);
+        else if (choice === "4") {
+            _box("all entries");
+            await _pg(entries, tick);
+        }
+        else if (choice === "5") {
+            const out = await _pr("  save to (blank = ~/secry-changelog.md): ", tick);
+            _ex(out);
+        }
+        else {
+            _st();
+            break;
+        }
+    }
+}
+async function cmdChangelog(parsed) {
+    const f = parsed.flags ?? {};
+    const isAdmin = "admin" in f;
+    const isExp = "export" in f;
+    const tag = f["tag"];
+    const plat = f["platform"];
+    const search = f["search"];
+    const out = typeof f["export"] === "string" ? f["export"] : "";
+    if (isAdmin)
+        await adminPanel();
+    else if (isExp)
+        _ex(out);
+    else
+        _vi(tag, plat, search);
+}