0.2.2: Error Logic, New APIs, EngineController, Example

Error Logic
- Implemented custom errors for encryption / key derivation / header logic
- CLI  and plugin now returns only the error no stacktrace
- 5 custom error classes

Verbosity:
- Up to 4 verbosity levels for cli and browser
- logging in browser and console based on level

CLI
- decode command to show difficulty, version, salt lenght and value via input file or with stdin
-input validation

Decrypting
- now tries to use a different version engine when set and available based on header data

Added Browser example in `/examples/index.html`

Made `utils/bytes.ts` browser compatible

Removed unnecessary wasm files

Updated README.md

Author: mqxym

README.md

@@ -1,40 +1,40 @@
 # @mqxym/cryptit
 
-Modern, cross-platform AES-GCM + Argon2-id encryption for files **and** text.
+Modern, cross‑platform **AES‑GCM 256 + Argon2‑id** encryption for both **files** *and* **text**.
 
-* **Node 18+ / Bun 1+** – uses the native `argon2` addon & WebCrypto
-* **Browser (evergreen)** – loads the tiny `argon2-browser` WASM module
-* **CLI** – stream-encrypt large files without loading them in memory
-* **TypeScript-first**, tree-shakable, ESM & CommonJS builds.
+* **Node 18 / Bun 1** – native `argon2` addon + WebCrypto
+* **Browser (evergreen)** – tiny WASM build of `argon2-browser`
+* **CLI** – stream encryption & decryption, zero memory bloat
+* **TypeScript‑first**, tree‑shakable, ESM & CJS builds
+* **Format‑agnostic decryption** – one instance reads any registered version
 
 ---
 
 ## Install
 
 ```bash
-# with Bun (recommended)
+# Bun (recommended)
 bun add @mqxym/cryptit
 
-# …or with npm / pnpm
-npm i @mqxym/cryptit
+# npm / pnpm
+yarn add @mqxym/cryptit           # or npm i / pnpm add
 ```
 
 ---
 
-## Quick start (Node / Bun)
+## Quick start – Node / Bun
 
 ```ts
 import { createCryptit } from "@mqxym/cryptit";
 
 const crypt = createCryptit({ difficulty: "middle" });
-const passphrase = "correct horse battery staple";
+const pass  = "correct horse battery staple";
 
-const cipherB64 = await crypt.encryptText("hello world", passphrase);
-const plainTxt  = await crypt.decryptText(cipherB64, passphrase);
-console.log(plainTxt); // → "hello world"
+const b64 = await crypt.encryptText("hello", pass);
+console.log(await crypt.decryptText(b64, pass)); // → "hello"
 ```
 
-### Encrypt / decrypt a file (streaming)
+### Streaming files
 
 ```ts
 import { createCryptit } from "@mqxym/cryptit";
@@ -43,134 +43,124 @@ import { createReadStream, createWriteStream } from "node:fs";
 const crypt = createCryptit();
 const pass  = "hunter2";
 
-const rs = createReadStream("movie.mkv");
-const ws = createWriteStream("movie.enc");
-
-await rs
+// encrypt → movie.enc
+await createReadStream("movie.mkv")
   .pipeThrough(await crypt.createEncryptionStream(pass))
-  .pipeTo(ws);
-
-// ——— later ———
-const drs = createReadStream("movie.enc");
-const dws = createWriteStream("movie.mkv");
+  .pipeTo(createWriteStream("movie.enc"));
 
-await drs
+// decrypt back
+await createReadStream("movie.enc")
   .pipeThrough(await crypt.createDecryptionStream(pass))
-  .pipeTo(dws);
+  .pipeTo(createWriteStream("movie.mkv"));
 ```
 
 ---
 
 ## Browser usage
 
-### Bundle with Vite / Webpack / esbuild
-
-```ts
-// app.ts
-import { createCryptit } from "@mqxym/cryptit/browser";
-
-const crypt = createCryptit({ saltStrength: "high" });
-
-input.addEventListener("change", async (e) => {
-  const file  = (e.target as HTMLInputElement).files![0];
-  const blob  = await crypt.encryptFile(file, "mypw");
-  downloadBlob(blob, file.name + ".enc");
-});
-```
+```html
+<!-- app.ts / app.js -->
+<script type="module">
+  import { createCryptit } from "@mqxym/cryptit/browser";
 
-> The `argon2-browser` WASM file is fetched lazily.
-> Host it yourself:
->
-> ```ts
-> import * as a2 from "argon2-browser";
-> a2.wasmURL = "/static/argon2.wasm";
-> ```
+  // IMPORTANT: host argon2.wasm at /dist/argon2.wasm (relative to final HTML)
 
-### Script-tag fallback
+  const crypt = createCryptit({ saltStrength: "high", verbose: 2 });
 
-```html
-<script src="https://unpkg.com/@mqxym/cryptit/dist/browser.min.js"></script>
-<script>
-  const crypt = Cryptit.createCryptit();
-  crypt.encryptText("hi", "pw").then(console.log);
+  async function enc() {
+    const cipher = await crypt.encryptText("hello", "pw");
+    console.log(cipher);
+  }
+  enc();
 </script>
 ```
 
----
+*Use with a bundler or simply via `<script type="module">`.*
 
-## CLI
+---
 
-```bash
-# one-off use
-bunx @mqxym/cryptit encrypt notes.txt -o notes.enc -p "pw"
+## API highlights
 
-# or install globally
-bun add -g @mqxym/cryptit          # -> `cryptit` in $PATH
+```ts
+const c = createCryptit({ verbose: 1 });
 
-# encrypt file
-cat photo.jpg | cryptit encrypt - -p hunter2 > photo.enc
+// convenience 🔒/🔓
+await c.encryptText("txt", pass);
+await c.decryptText(b64,  pass);
 
-# decrypt
-cryptit decrypt photo.enc -p hunter2 -o photo.jpg
+// runtime tweaks
+c.setDifficulty("high");
+c.setVersion(2);           // choose another registered format
+c.setSaltLength(32);
 
-# encrypt text
-echo "secret" | cryptit encrypt-text -p pw
+// helpers
+Cryptit.isEncrypted(blobOrB64);          // ↦ boolean
+Cryptit.headerDecode(blobOrB64);         // ↦ meta {version, salt, …}
 ```
 
-| Flag                       | Default  | Notes                                 |
-| -------------------------- | -------- | ------------------------------------- |
-| `-p, --pass`               | *prompt* | passphrase (hidden prompt if omitted) |
-| `-d, --difficulty`         | middle   | Argon2 preset: `low / middle / high`  |
-| `-s, --salt-strength`      | high     | `low` (8 B) or `high` (16 B) salt     |
-| `-c, --chunk-size <bytes>` | 524288   | size of plaintext blocks              |
-| `-v, -vv, …`               | 0        | increase verbosity                    |
+Verbose levels:
 
-Exit codes: **0** ok · **10** auth failure · **11** invalid header · **≥20** other error
+| Level | Emits                         |
+| ----- | ----------------------------- |
+| 0     | errors only                   |
+| 1     | +start/finish notices         |
+| 2     | +timings, key‑derivation info |
+| 3     | +salt / version / KDF details |
+| 4     | wire‑level debug              |
 
 ---
 
-## API surface
+## CLI (`cryptit`)
 
-```ts
-createCryptit(cfg?: EncryptionConfig) → Cryptit
+```bash
+# encrypt file → .enc | decrypt back
+encrypt: cryptit encrypt  <in> [-o out] [options]
+decrypt: cryptit decrypt  <in> [-o out] [options]
 
-interface EncryptionConfig {
-  difficulty?: "low" | "middle" | "high"
-  saltStrength?: "low" | "high"
-  chunkSize?: number               // default 512 KiB
-}
+encrypt text  : echo "secret" | cryptit encrypt-text  -p pw
+decrypt text  : echo "…b64…" | cryptit decrypt-text -p pw
 
-class Cryptit {
-  encryptText(plain, pass): Promise<string>
-  decryptText(b64, pass): Promise<string>
+# inspect header (no decryption)
+cryptit decode movie.enc
+cat movie.enc | cryptit decode
+```
 
-  encryptFile(file: Blob, pass): Promise<Blob>
-  decryptFile(file: Blob, pass): Promise<Blob>
+### Common flags
 
-  createEncryptionStream(pass): Promise<TransformStream>
-  createDecryptionStream(pass): Promise<TransformStream>
-}
-```
+| Flag                      | Default | Description          |
+| ------------------------- | ------- | -------------------- |
+| `-p, --pass <pw>`         | prompt  | passphrase           |
+| `-d, --difficulty <l>`    | middle  | Argon2 preset        |
+| `-s, --salt-strength <l>` | high    | 8 B vs 16 B salt     |
+| `-c, --chunk-size <n>`    | 524 288 | plaintext block size |
+| `-v, --verbose`           |  0 … 4  | repeat to increase   |
+
+Exit codes: **0** success · **1** any failure (invalid header, auth, I/O …)
+
+---
+
+## Versioned format
+
+* Header: `0x01 | infoByte | salt`
+* Decryptors pick the engine by the header’s version ⇒ **one CLI handles all registered versions**.
 
 ---
 
-## Building from source
+## Build from source
 
 ```bash
 git clone https://github.com/mqxym/cryptit
 cd cryptit
-bun install
-bun run build           # emits dist/ + native CLI binary
-bun test                # Bun test runner with coverage
+bun install && bun run build && bun test
 ```
 
 ---
 
-## Security notes
+## Security
 
-* AES-GCM 256 with 12-byte IV, 128-bit tag
-* Argon2-id defaults: `middle` = `t=3`, `memory=64 MiB`
-* Keys derived & held in-memory only; secrets zeroed where possible
+* AES‑GCM 256 / 12‑byte IV / 128‑bit tag
+* Argon2‑id presets (low / middle / high)
+* Salts generated per‑ciphertext; never reused
 
 ---
 

bun.build.js

@@ -1,5 +1,5 @@
 import { $ } from "bun";
-import { resolve } from "node:path";
+import { resolve, join, dirname } from 'node:path';
 
 const outdir = "dist";
 
@@ -16,6 +16,7 @@ await runBuild(
   entryNode,
   "--minify",
   "--format=esm",
+  "--external:argon2-browser",
   "--target=node",
   `--asset-naming=cryptit.index.[ext]`,
   "--sourcemap=external",
@@ -28,28 +29,17 @@ await runBuild(
   "--format=cjs",
   "--target=node",
   "--sourcemap=external",
+  "--external:argon2-browser",
   `--asset-naming=cryptit.index.[ext]`,
   `--outdir=${resolve(outdir, "cryptit.index.cjs")}`
 );
 
-await runBuild(
-  entryBrowser,
-  "--minify",
-  "--target=browser",
-  "--format=esm",
-  "--sourcemap=external",
-  "--external:commander",
-  "--external:argon2",
-  "--scope-hoist",
-  `--asset-naming=cryptit.browser.min.[ext]`,
-  `--outdir=${resolve(outdir, "cryptit.browser.min.js")}`
-);
-
 await runBuild(
   entryCLI,
   "--minify",
   "--format=cjs",
   "--target=node",
+  "--external:argon2-browser",
   "--sourcemap=external",
   `--outdir=${resolve(outdir, "cryptit.cli.cjs")}`,
   `--asset-naming=cryptit.cli.[ext]`
@@ -60,6 +50,7 @@ await runBuild(
   "--minify",
   "--format=esm",
   "--target=node",
+  "--external:argon2-browser",
   "--sourcemap=external",
   `--outdir=${resolve(outdir, "cryptit.cli.mjs")}`,
   `--asset-naming=cryptit.cli.[ext]`
@@ -68,9 +59,42 @@ await runBuild(
 await runBuild(
   entryCLI,
   "--compile",
+  "--external:argon2-browser",
   `--outfile=${resolve(outdir, "bin", "cryptit")}`
 );
 
+await runBuild(
+  [entryBrowser],
+  "--minify",
+  "--target=browser",
+  "--format=esm",
+  "--sourcemap=external",
+  "--external:commander",
+  "--external:buffer",                      
+  "--external:process",
+  `--asset-naming=cryptit.browser.min.[ext]`,
+  `--outdir=${resolve(outdir, "cryptit.browser.min.js")}`
+);
+
 async function runBuild(entryFile, ...flags) {
   await $`bun build ${entryFile} ${flags}`;
 }
+
+import { copyFileSync } from 'node:fs';
+
+const outDir = resolve(__dirname, 'dist', 'cryptit.browser.min.js');
+
+const srcWasm = join(outDir, 'cryptit.browser.min.wasm');
+const dstWasm = join(outDir, 'argon2.wasm');
+const dstWasm2 = join('examples', 'dist', 'argon2.wasm')
+
+copyFileSync(srcWasm, dstWasm);
+copyFileSync(srcWasm, dstWasm2);
+
+await $`rm -rf ${join(outDir, 'cryptit.browser.min.wasm')}`;
+await $`rm -rf ${join(outdir, 'cryptit.cli.cjs', 'cryptit.cli.wasm')}`;
+await $`rm -rf ${join(outdir, 'cryptit.cli.mjs', 'cryptit.cli.wasm')}`;
+await $`rm -rf ${join(outdir, 'cryptit.index.mjs', 'cryptit.index.wasm')}`;
+await $`rm -rf ${join(outdir, 'cryptit.index.cjs', 'cryptit.index.wasm')}`;
+
+