@ibgib/core-gib 0.1.43 → 0.1.44

package/dist/keystone/kdf/kdf-constants.d.mts

@@ -0,0 +1,25 @@
+/**
+ * KDF Strategy Constants
+ *
+ * Defines available key derivation function strategies.
+ */
+export declare const KDF_STRATEGY_RECURSIVE_SALT_WRAP = "recursive-salt-wrap";
+export type KdfStrategy = typeof KDF_STRATEGY_RECURSIVE_SALT_WRAP;
+/**
+ * Available KDF strategies for deriving keys from master secrets.
+ *
+ * - `recursive-salt-wrap`: Hash(salt + current + salt) ^ rounds
+ *   Used by KeystoneStrategy_HashRevealV1 for pool secret derivation
+ */
+export declare const KdfStrategy: {
+    /**
+     * Recursive salt wrap strategy: Hash(salt + current + salt) ^ rounds
+     *
+     * This is the primary strategy used by keystones for deriving pool secrets
+     * from master secrets with configurable rounds for key stretching.
+     */
+    recursive_salt_wrap: "recursive-salt-wrap";
+};
+export declare const KDF_STRATEGY_VALID_VALUES: "recursive-salt-wrap"[];
+export declare function isValidKdfStrategy(strategy: string): strategy is KdfStrategy;
+//# sourceMappingURL=kdf-constants.d.mts.map

package/dist/keystone/kdf/kdf-constants.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"kdf-constants.d.mts","sourceRoot":"","sources":["../../../src/keystone/kdf/kdf-constants.mts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,eAAO,MAAM,gCAAgC,wBAAwB,CAAC;AACtE,MAAM,MAAM,WAAW,GACjB,OAAO,gCAAgC,CACxC;AAEL;;;;;GAKG;AACH,eAAO,MAAM,WAAW;IACpB;;;;;OAKG;;CAEmC,CAAC;AAE3C,eAAO,MAAM,yBAAyB,yBAA6B,CAAC;AAEpE,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,QAAQ,IAAI,WAAW,CAE5E"}

package/dist/keystone/kdf/kdf-constants.mjs

@@ -0,0 +1,28 @@
+/**
+ * KDF Strategy Constants
+ *
+ * Defines available key derivation function strategies.
+ */
+// #region KdfStrategy
+export const KDF_STRATEGY_RECURSIVE_SALT_WRAP = 'recursive-salt-wrap';
+/**
+ * Available KDF strategies for deriving keys from master secrets.
+ *
+ * - `recursive-salt-wrap`: Hash(salt + current + salt) ^ rounds
+ *   Used by KeystoneStrategy_HashRevealV1 for pool secret derivation
+ */
+export const KdfStrategy = {
+    /**
+     * Recursive salt wrap strategy: Hash(salt + current + salt) ^ rounds
+     *
+     * This is the primary strategy used by keystones for deriving pool secrets
+     * from master secrets with configurable rounds for key stretching.
+     */
+    recursive_salt_wrap: KDF_STRATEGY_RECURSIVE_SALT_WRAP,
+};
+export const KDF_STRATEGY_VALID_VALUES = Object.values(KdfStrategy);
+export function isValidKdfStrategy(strategy) {
+    return KDF_STRATEGY_VALID_VALUES.includes(strategy);
+}
+// #endregion KdfStrategy
+//# sourceMappingURL=kdf-constants.mjs.map

package/dist/keystone/kdf/kdf-constants.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"kdf-constants.mjs","sourceRoot":"","sources":["../../../src/keystone/kdf/kdf-constants.mts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,sBAAsB;AACtB,MAAM,CAAC,MAAM,gCAAgC,GAAG,qBAAqB,CAAC;AAKtE;;;;;GAKG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACvB;;;;;OAKG;IACH,mBAAmB,EAAE,gCAAgC;CACf,CAAC;AAE3C,MAAM,CAAC,MAAM,yBAAyB,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;AAEpE,MAAM,UAAU,kBAAkB,CAAC,QAAgB;IAC/C,OAAO,yBAAyB,CAAC,QAAQ,CAAC,QAAuB,CAAC,CAAC;AACvE,CAAC;AACD,yBAAyB"}

package/dist/keystone/kdf/kdf-helpers.d.mts

@@ -0,0 +1,45 @@
+import { HashAlgorithm } from '@ibgib/helper-gib/dist/helpers/utils-helper.mjs';
+import { DeriveKeyParams } from './kdf-types.mjs';
+/**
+ * Derive a key from a master secret using the specified KDF strategy
+ *
+ * This is the main dispatch function for all KDF operations. It routes to the
+ * appropriate strategy implementation based on `kdfOpts.strategy`.
+ *
+ * @param params - Derivation parameters including master secret and KDF options
+ * @returns Derived key
+ *
+ * @example
+ * ```typescript
+ * const derivedKey = await deriveKey({
+ *     masterSecret: 'my-strong-password',
+ *     kdfOpts: {
+ *         strategy: KdfStrategy.recursiveSaltWrap,
+ *         salt: 'pool-identifier',
+ *         rounds: 10000,
+ *         algorithm: 'SHA-256'
+ *     }
+ * });
+ * ```
+ */
+export declare function deriveKey({ masterSecret, kdfOpts }: DeriveKeyParams): Promise<string>;
+/**
+ * Recursive Salt Wrap KDF Strategy
+ *
+ * Derives a key by recursively applying: Hash(salt + current + salt) for N rounds
+ *
+ * This is the strategy used by KeystoneStrategy_HashRevealV1 for deriving pool secrets.
+ *
+ * @param masterSecret - The initial secret/password to derive from
+ * @param salt - Salt value to wrap around the secret
+ * @param rounds - Number of hash iterations (key stretching)
+ * @param algorithm - Hash algorithm to use (default: SHA-256)
+ * @returns Derived key
+ */
+export declare function kdf_recursiveSaltWrap({ masterSecret, salt, rounds, algorithm, }: {
+    masterSecret: string;
+    salt: string;
+    rounds: number;
+    algorithm?: HashAlgorithm;
+}): Promise<string>;
+//# sourceMappingURL=kdf-helpers.d.mts.map

package/dist/keystone/kdf/kdf-helpers.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"kdf-helpers.d.mts","sourceRoot":"","sources":["../../../src/keystone/kdf/kdf-helpers.mts"],"names":[],"mappings":"AAAA,OAAO,EAAyB,aAAa,EAAE,MAAM,iDAAiD,CAAC;AAIvG,OAAO,EAAE,eAAe,EAAgC,MAAM,iBAAiB,CAAC;AAIhF;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,SAAS,CAAC,EAC5B,YAAY,EACZ,OAAO,EACV,EAAE,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,CAyBnC;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,qBAAqB,CAAC,EACxC,YAAY,EACZ,IAAI,EACJ,MAAM,EACN,SAAiC,GACpC,EAAE;IACC,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,aAAa,CAAC;CAC7B,GAAG,OAAO,CAAC,MAAM,CAAC,CAqBlB"}

package/dist/keystone/kdf/kdf-helpers.mjs

@@ -0,0 +1,94 @@
+import { extractErrorMsg, hash, HashAlgorithm } from '@ibgib/helper-gib/dist/helpers/utils-helper.mjs';
+import { GLOBAL_LOG_A_LOT } from '../../core-constants.mjs';
+import { KDF_STRATEGY_VALID_VALUES, KdfStrategy } from './kdf-constants.mjs';
+const logalot = GLOBAL_LOG_A_LOT;
+/**
+ * Derive a key from a master secret using the specified KDF strategy
+ *
+ * This is the main dispatch function for all KDF operations. It routes to the
+ * appropriate strategy implementation based on `kdfOpts.strategy`.
+ *
+ * @param params - Derivation parameters including master secret and KDF options
+ * @returns Derived key
+ *
+ * @example
+ * ```typescript
+ * const derivedKey = await deriveKey({
+ *     masterSecret: 'my-strong-password',
+ *     kdfOpts: {
+ *         strategy: KdfStrategy.recursiveSaltWrap,
+ *         salt: 'pool-identifier',
+ *         rounds: 10000,
+ *         algorithm: 'SHA-256'
+ *     }
+ * });
+ * ```
+ */
+export async function deriveKey({ masterSecret, kdfOpts }) {
+    const lc = `[${deriveKey.name}]`;
+    try {
+        if (logalot) {
+            console.log(`${lc} starting... (I: 268e87ec311874ee6822bf459c5a5426)`);
+        }
+        const strategy = kdfOpts.strategy;
+        switch (strategy) {
+            case KdfStrategy['recursive-salt-wrap']:
+                return await kdf_recursiveSaltWrap({
+                    masterSecret,
+                    salt: kdfOpts.salt,
+                    rounds: kdfOpts.rounds,
+                    algorithm: kdfOpts.algorithm
+                });
+            default:
+                throw new Error(`Unknown KDF strategy: ${strategy}. valid values: ${KDF_STRATEGY_VALID_VALUES.join(', ')} (E: a1b2c3d4e5f6g7h8i9j0)`);
+        }
+    }
+    catch (error) {
+        console.error(`${lc} ${extractErrorMsg(error)}`);
+        throw error;
+    }
+    finally {
+        if (logalot) {
+            console.log(`${lc} complete.`);
+        }
+    }
+}
+/**
+ * Recursive Salt Wrap KDF Strategy
+ *
+ * Derives a key by recursively applying: Hash(salt + current + salt) for N rounds
+ *
+ * This is the strategy used by KeystoneStrategy_HashRevealV1 for deriving pool secrets.
+ *
+ * @param masterSecret - The initial secret/password to derive from
+ * @param salt - Salt value to wrap around the secret
+ * @param rounds - Number of hash iterations (key stretching)
+ * @param algorithm - Hash algorithm to use (default: SHA-256)
+ * @returns Derived key
+ */
+export async function kdf_recursiveSaltWrap({ masterSecret, salt, rounds, algorithm = HashAlgorithm.sha_256, }) {
+    const lc = `[${kdf_recursiveSaltWrap.name}]`;
+    try {
+        if (logalot) {
+            console.log(`${lc} starting... (I: 850868e50aba82ff28c77da8169e4c26)`);
+        }
+        let current = masterSecret;
+        for (let i = 0; i < rounds; i++) {
+            current = await hash({
+                s: `${salt}${current}${salt}`,
+                algorithm
+            });
+        }
+        return current;
+    }
+    catch (error) {
+        console.error(`${lc} ${extractErrorMsg(error)}`);
+        throw error;
+    }
+    finally {
+        if (logalot) {
+            console.log(`${lc} complete.`);
+        }
+    }
+}
+//# sourceMappingURL=kdf-helpers.mjs.map

package/dist/keystone/kdf/kdf-helpers.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"kdf-helpers.mjs","sourceRoot":"","sources":["../../../src/keystone/kdf/kdf-helpers.mts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,iDAAiD,CAAC;AAEvG,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAoC,yBAAyB,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAG/G,MAAM,OAAO,GAAG,gBAAgB,CAAC;AAEjC;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,EAC5B,YAAY,EACZ,OAAO,EACO;IACd,MAAM,EAAE,GAAG,IAAI,SAAS,CAAC,IAAI,GAAG,CAAC;IACjC,IAAI,CAAC;QACD,IAAI,OAAO,EAAE,CAAC;YAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,oDAAoD,CAAC,CAAC;QAAC,CAAC;QAExF,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAElC,QAAQ,QAAQ,EAAE,CAAC;YACf,KAAK,WAAW,CAAC,qBAAqB,CAAC;gBACnC,OAAO,MAAM,qBAAqB,CAAC;oBAC/B,YAAY;oBACZ,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,SAAS,EAAE,OAAO,CAAC,SAAS;iBAC/B,CAAC,CAAC;YACP;gBACI,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,mBAAmB,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QAC9I,CAAC;IAEL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACjD,MAAM,KAAK,CAAC;IAChB,CAAC;YAAS,CAAC;QACP,IAAI,OAAO,EAAE,CAAC;YAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAAC,CAAC;IACpD,CAAC;AACL,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,EACxC,YAAY,EACZ,IAAI,EACJ,MAAM,EACN,SAAS,GAAG,aAAa,CAAC,OAAO,GAMpC;IACG,MAAM,EAAE,GAAG,IAAI,qBAAqB,CAAC,IAAI,GAAG,CAAC;IAC7C,IAAI,CAAC;QACD,IAAI,OAAO,EAAE,CAAC;YAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,oDAAoD,CAAC,CAAC;QAAC,CAAC;QAExF,IAAI,OAAO,GAAG,YAAY,CAAC;QAE3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9B,OAAO,GAAG,MAAM,IAAI,CAAC;gBACjB,CAAC,EAAE,GAAG,IAAI,GAAG,OAAO,GAAG,IAAI,EAAE;gBAC7B,SAAS;aACZ,CAAC,CAAC;QACP,CAAC;QAED,OAAO,OAAO,CAAC;IACnB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACjD,MAAM,KAAK,CAAC;IAChB,CAAC;YAAS,CAAC;QACP,IAAI,OAAO,EAAE,CAAC;YAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAAC,CAAC;IACpD,CAAC;AACL,CAAC"}

package/dist/keystone/kdf/kdf-types.d.mts

@@ -0,0 +1,49 @@
+import { HashAlgorithm } from '@ibgib/helper-gib/dist/helpers/utils-helper.mjs';
+import { KdfStrategy } from './kdf-constants.mjs';
+/**
+ * Base options for all KDF strategies
+ */
+export interface KdfOptionsBase {
+    /**
+     * Name of the KDF strategy to use
+     */
+    strategy: KdfStrategy;
+}
+/**
+ * Options for recursive-salt-wrap KDF strategy
+ *
+ * Derives key by recursively applying: Hash(salt + current + salt) for N rounds
+ */
+export interface KdfOptions_RecursiveSaltWrap extends KdfOptionsBase {
+    strategy: typeof import('./kdf-constants.mjs').KDF_STRATEGY_RECURSIVE_SALT_WRAP;
+    /**
+     * Salt value to wrap around the secret during each iteration
+     */
+    salt: string;
+    /**
+     * Number of hash iterations for key stretching
+     */
+    rounds: number;
+    /**
+     * Hash algorithm to use (default: SHA-256)
+     */
+    algorithm?: HashAlgorithm;
+}
+/**
+ * Union of all KDF option types
+ */
+export type KdfOptions = KdfOptions_RecursiveSaltWrap;
+/**
+ * Parameters for deriving a key using KDF
+ */
+export interface DeriveKeyParams {
+    /**
+     * The initial secret/password to derive from
+     */
+    masterSecret: string;
+    /**
+     * KDF options specifying strategy and strategy-specific parameters
+     */
+    kdfOpts: KdfOptions;
+}
+//# sourceMappingURL=kdf-types.d.mts.map

package/dist/keystone/kdf/kdf-types.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"kdf-types.d.mts","sourceRoot":"","sources":["../../../src/keystone/kdf/kdf-types.mts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,iDAAiD,CAAC;AAChF,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAElD;;GAEG;AACH,MAAM,WAAW,cAAc;IAC3B;;OAEG;IACH,QAAQ,EAAE,WAAW,CAAC;CACzB;AAED;;;;GAIG;AACH,MAAM,WAAW,4BAA6B,SAAQ,cAAc;IAChE,QAAQ,EAAE,cAAc,qBAAqB,EAAE,gCAAgC,CAAC;IAEhF;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,SAAS,CAAC,EAAE,aAAa,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,MAAM,UAAU,GAChB,4BAA4B,CAC7B;AAEL;;GAEG;AACH,MAAM,WAAW,eAAe;IAC5B;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,OAAO,EAAE,UAAU,CAAC;CACvB"}

package/dist/keystone/kdf/kdf-types.mjs

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=kdf-types.mjs.map

package/dist/keystone/kdf/kdf-types.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"kdf-types.mjs","sourceRoot":"","sources":["../../../src/keystone/kdf/kdf-types.mts"],"names":[],"mappings":""}

package/dist/keystone/keystone-config-builder.d.mts

@@ -1,3 +1,4 @@
+import { HashAlgorithm } from '@ibgib/helper-gib/dist/helpers/utils-helper.mjs';
 import { KeystonePoolConfig, KeystonePoolConfig_HashV1, KeystonePoolBehavior, KeystoneReplenishStrategy, KeystonePoolConfigBase } from './keystone-types.mjs';
 /**
  * Abstract Base Builder.
@@ -6,15 +7,20 @@ import { KeystonePoolConfig, KeystonePoolConfig_HashV1, KeystonePoolBehavior, Ke
  * @template TConfig The concrete config type being built.
  */
 export declare abstract class KeystoneConfigBuilderBase<TConfig extends KeystonePoolConfigBase> {
-    protected _salt: string;
-    protected _size: number;
-    protected _replenish: KeystoneReplenishStrategy;
-    protected _seq: number;
-    protected _rand: number;
+    protected _id: string | undefined;
+    protected _salt: string | undefined;
+    protected _size: number | undefined;
+    protected _replenish: KeystoneReplenishStrategy | undefined;
+    protected _seq: number | undefined;
+    protected _rand: number | undefined;
     protected _verbs: string[];
-    protected _targetBinding: number;
+    protected _targetBinding: number | undefined;
     /**
-     * Sets the unique salt/ID for this pool.
+     * Sets the unique id for this pool.
+     */
+    withId(id: string): this;
+    /**
+     * Sets the unique salt for this pool.
      */
     withSalt(salt: string): this;
     /**
@@ -39,7 +45,10 @@ export declare abstract class KeystoneConfigBuilderBase<TConfig extends Keystone
     /**
      * Configures the pool to use Hybrid (Both FIFO and Random) selection.
      */
-    withHybrid(seqCount: number, randCount: number): this;
+    withHybrid({ seqCount, randCount }: {
+        seqCount: number;
+        randCount: number;
+    }): this;
     /**
      * Sets the replenishment strategy.
      */
@@ -54,24 +63,68 @@ export declare abstract class KeystoneConfigBuilderBase<TConfig extends Keystone
      * @param verbs List of verb addresses (e.g. 'revoke^gib')
      */
     forVerbs(verbs: string[]): this;
-    protected buildBase(): KeystonePoolConfigBase;
     abstract build(): TConfig;
 }
 /**
  * Concrete Builder for Hash-Reveal V1 Strategy.
  */
 export declare class KeystoneConfigBuilder_HashV1 extends KeystoneConfigBuilderBase<KeystonePoolConfig_HashV1> {
+    protected lc: string;
     private _algo;
     private _rounds;
     /**
      * Sets the hashing strength.
      */
-    withHash(algo: 'SHA-256' | 'SHA-512', rounds?: number): this;
+    withHash({ algo, rounds }: {
+        algo: HashAlgorithm;
+        rounds: number;
+    }): this;
     build(): KeystonePoolConfig_HashV1;
 }
 export declare class KeystoneConfig {
     static hash(): KeystoneConfigBuilder_HashV1;
 }
-export declare function createStandardPoolConfig(salt?: string): KeystonePoolConfig;
-export declare function createRevocationPoolConfig(salt?: string): KeystonePoolConfig;
+interface KeystoneConfigFactoryOptions_Standard {
+    /**
+     * id for pool that this config pertains to
+     */
+    id: string;
+    /**
+     * should be a unique string
+     */
+    salt: string;
+    /**
+     * number of challenges in the pool
+     * @see {@link KeystonePoolConfig}
+     */
+    size?: number;
+    /**
+     * number of sequential challenges required for solution per action
+     */
+    sequential?: number;
+    /**
+     * number of random challenges required for solution per action
+     */
+    random?: number;
+    /**
+     * number of target binding characters required for solution per action
+     * @see {@link KeystonePoolBehavior.targetBindingChars}
+     */
+    targetBinding?: number;
+    /**
+     * @see {@link KeystonePoolBehavior.replenish}
+     */
+    replenishStrategy?: KeystoneReplenishStrategy;
+    /**
+     * verbs for the pool
+     */
+    verbs?: string[];
+    hashAlgorithm?: HashAlgorithm;
+    hashRounds?: number;
+}
+export declare function createStandardPoolConfig(opts: KeystoneConfigFactoryOptions_Standard): KeystonePoolConfig;
+export declare function createHighSecurityPoolConfig(opts: KeystoneConfigFactoryOptions_Standard): KeystonePoolConfig;
+export declare function createManagePoolConfig(opts: KeystoneConfigFactoryOptions_Standard): KeystonePoolConfig;
+export declare function createRevocationPoolConfig(opts: KeystoneConfigFactoryOptions_Standard): KeystonePoolConfig;
+export {};
 //# sourceMappingURL=keystone-config-builder.d.mts.map

package/dist/keystone/keystone-config-builder.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"keystone-config-builder.d.mts","sourceRoot":"","sources":["../../src/keystone/keystone-config-builder.mts"],"names":[],"mappings":"AAAA,OAAO,EACH,kBAAkB,EAClB,yBAAyB,EACzB,oBAAoB,EACpB,yBAAyB,EACzB,sBAAsB,EACzB,MAAM,sBAAsB,CAAC;AAG9B;;;;;GAKG;AACH,8BAAsB,yBAAyB,CAAC,OAAO,SAAS,sBAAsB;IAClF,SAAS,CAAC,KAAK,EAAE,MAAM,CAAa;IACpC,SAAS,CAAC,KAAK,EAAE,MAAM,CAAO;IAC9B,SAAS,CAAC,UAAU,EAAE,yBAAyB,CAAY;IAC3D,SAAS,CAAC,IAAI,EAAE,MAAM,CAAK;IAC3B,SAAS,CAAC,KAAK,EAAE,MAAM,CAAK;IAC5B,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,CAAM;IAChC,SAAS,CAAC,cAAc,EAAE,MAAM,CAAK;IAGrC;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAK5B;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAK5B;;;MAGE;IACF,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAKtC;;;OAGG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAM7B;;;OAGG;IACH,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAM/B;;OAEG;IACH,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAMrD;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,yBAAyB,GAAG,IAAI;IAKhE;;;OAGG;IACH,SAAS,CAAC,aAAa,IAAI,oBAAoB;IAU/C;;;OAGG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAK/B,SAAS,CAAC,SAAS,IAAI,sBAAsB;IAS7C,QAAQ,CAAC,KAAK,IAAI,OAAO;CAC5B;AAED;;GAEG;AACH,qBAAa,4BAA6B,SAAQ,yBAAyB,CAAC,yBAAyB,CAAC;IAClG,OAAO,CAAC,KAAK,CAAoC;IACjD,OAAO,CAAC,OAAO,CAAa;IAE5B;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,SAAS,GAAG,SAAS,EAAE,MAAM,GAAE,MAAU,GAAG,IAAI;IAM/D,KAAK,IAAI,yBAAyB;CAWrC;AAMD,qBAAa,cAAc;IACvB,MAAM,CAAC,IAAI,IAAI,4BAA4B;CAM9C;AAMD,wBAAgB,wBAAwB,CAAC,IAAI,GAAE,MAAwB,GAAG,kBAAkB,CAO3F;AAED,wBAAgB,0BAA0B,CAAC,IAAI,GAAE,MAAuB,GAAG,kBAAkB,CAS5F"}
+{"version":3,"file":"keystone-config-builder.d.mts","sourceRoot":"","sources":["../../src/keystone/keystone-config-builder.mts"],"names":[],"mappings":"AAAA,OAAO,EAAmB,aAAa,EAAE,MAAM,iDAAiD,CAAC;AAGjG,OAAO,EACH,kBAAkB,EAAE,yBAAyB,EAAE,oBAAoB,EACnE,yBAAyB,EAAE,sBAAsB,EACpD,MAAM,sBAAsB,CAAC;AAK9B;;;;;GAKG;AACH,8BAAsB,yBAAyB,CAAC,OAAO,SAAS,sBAAsB;IAClF,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,CAAC;IAClC,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,CAAC;IACpC,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,CAAC;IACpC,SAAS,CAAC,UAAU,EAAE,yBAAyB,GAAG,SAAS,CAAC;IAC5D,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,CAAC;IACnC,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,CAAC;IACpC,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,CAAM;IAChC,SAAS,CAAC,cAAc,EAAE,MAAM,GAAG,SAAS,CAAC;IAE7C;;OAEG;IACH,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IAKxB;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAK5B;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAK5B;;;MAGE;IACF,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAKtC;;;OAGG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAM7B;;;OAGG;IACH,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAM/B;;OAEG;IACH,UAAU,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI;IAMlF;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,yBAAyB,GAAG,IAAI;IAKhE;;;OAGG;IACH,SAAS,CAAC,aAAa,IAAI,oBAAoB;IAe/C;;;OAGG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAc/B,QAAQ,CAAC,KAAK,IAAI,OAAO;CAC5B;AAED;;GAEG;AACH,qBAAa,4BAA6B,SAAQ,yBAAyB,CAAC,yBAAyB,CAAC;IAClG,SAAS,CAAC,EAAE,EAAE,MAAM,CAAuC;IAC3D,OAAO,CAAC,KAAK,CAA4B;IACzC,OAAO,CAAC,OAAO,CAAqB;IAEpC;;OAEG;IACH,QAAQ,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE;QAAE,IAAI,EAAE,aAAa,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI;IAgBzE,KAAK,IAAI,yBAAyB;CA4BrC;AAMD,qBAAa,cAAc;IACvB,MAAM,CAAC,IAAI,IAAI,4BAA4B;CAM9C;AAMD,UAAU,qCAAqC;IAC3C;;OAEG;IACH,EAAE,EAAE,MAAM,CAAC;IACX;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IACb;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;OAEG;IACH,iBAAiB,CAAC,EAAE,yBAAyB,CAAC;IAC9C;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,qCAAqC,GAAG,kBAAkB,CAqBxG;AAED,wBAAgB,4BAA4B,CAAC,IAAI,EAAE,qCAAqC,GAAG,kBAAkB,CAqB5G;AAED,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,qCAAqC,GAAG,kBAAkB,CAKtG;AAED,wBAAgB,0BAA0B,CAAC,IAAI,EAAE,qCAAqC,GAAG,kBAAkB,CAM1G"}

package/dist/keystone/keystone-config-builder.mjs

@@ -1,5 +1,8 @@
-import { KeystoneReplenishStrategy } from './keystone-types.mjs';
-import { POOL_ID_DEFAULT, POOL_ID_REVOKE, KEYSTONE_VERB_REVOKE } from './keystone-constants.mjs';
+import { extractErrorMsg } from '@ibgib/helper-gib/dist/helpers/utils-helper.mjs';
+import { GLOBAL_LOG_A_LOT } from '../core-constants.mjs';
+import { KeystoneReplenishStrategy, KeystoneChallengeType, } from './keystone-types.mjs';
+import { KEYSTONE_CONFIG_DEFAULT_SIZE, KEYSTONE_CONFIG_DEFAULT_BINDING, KEYSTONE_CONFIG_DEFAULT_REPLENISH_STRATEGY, KEYSTONE_CONFIG_DEFAULT_SEQUENTIAL, KEYSTONE_CONFIG_DEFAULT_RANDOM, KEYSTONE_CONFIG_DEFAULT_SIZE_HIGHSECURITY, KEYSTONE_CONFIG_DEFAULT_SEQUENTIAL_HIGHSECURITY, KEYSTONE_CONFIG_DEFAULT_RANDOM_HIGHSECURITY, KEYSTONE_CONFIG_DEFAULT_BINDING_HIGHSECURITY, KEYSTONE_CONFIG_DEFAULT_REPLENISH_STRATEGY_HIGHSECURITY, KeystoneVerb, KEYSTONE_CONFIG_DEFAULT_HASH_ALGORITHM, KEYSTONE_CONFIG_DEFAULT_HASH_ROUNDS, KEYSTONE_CONFIG_DEFAULT_HASH_ALGORITHM_HIGHSECURITY, KEYSTONE_CONFIG_DEFAULT_HASH_ROUNDS_HIGHSECURITY } from './keystone-constants.mjs';
+const logalot = GLOBAL_LOG_A_LOT;
 /**
  * Abstract Base Builder.
  * Handles configuration common to ALL strategies (Salt, Size, Replenishment, Selection).
@@ -7,15 +10,23 @@ import { POOL_ID_DEFAULT, POOL_ID_REVOKE, KEYSTONE_VERB_REVOKE } from './keyston
  * @template TConfig The concrete config type being built.
  */
 export class KeystoneConfigBuilderBase {
-    _salt = 'default';
-    _size = 100;
-    _replenish = 'top-up';
-    _seq = 0;
-    _rand = 0;
+    _id;
+    _salt;
+    _size;
+    _replenish;
+    _seq;
+    _rand;
     _verbs = [];
-    _targetBinding = 0; // Default 0
+    _targetBinding;
     /**
-     * Sets the unique salt/ID for this pool.
+     * Sets the unique id for this pool.
+     */
+    withId(id) {
+        this._id = id;
+        return this;
+    }
+    /**
+     * Sets the unique salt for this pool.
      */
     withSalt(salt) {
         this._salt = salt;
@@ -57,7 +68,7 @@ export class KeystoneConfigBuilderBase {
     /**
      * Configures the pool to use Hybrid (Both FIFO and Random) selection.
      */
-    withHybrid(seqCount, randCount) {
+    withHybrid({ seqCount, randCount }) {
         this._seq = seqCount;
         this._rand = randCount;
         return this;
@@ -74,6 +85,21 @@ export class KeystoneConfigBuilderBase {
      * Helper for subclasses.
      */
     buildBehavior() {
+        if (this._size === undefined) {
+            throw new Error(`size required (E: 68320865d9adb8477836485b20b08826)`);
+        }
+        if (this._replenish === undefined) {
+            throw new Error(`replenish strategy required (E: 9f8798d1a568763a282e53c89185b826)`);
+        }
+        if (this._seq === undefined) {
+            throw new Error(`sequential required (E: e0da08a24e9790d0a8c1a9322f8eb826)`);
+        }
+        if (this._rand === undefined) {
+            throw new Error(`selectRandomly required (E: 7721d84d1a8b7d020d0ab33c3f811426)`);
+        }
+        if (this._targetBinding === undefined) {
+            throw new Error(`targetBinding required (E: 9add64d7e8e8cba01d901727a8e9b826)`);
+        }
         return {
             size: this._size,
             replenish: this._replenish,
@@ -90,39 +116,75 @@ export class KeystoneConfigBuilderBase {
         this._verbs = verbs;
         return this;
     }
-    buildBase() {
-        // Helper to keep the concrete build() clean
-        return {
-            type: 'hash-reveal-v1', // This is overridden by concrete/interface usually, but needed for base shape
-            salt: this._salt,
-            allowedVerbs: this._verbs
-        };
-    }
 }
 /**
  * Concrete Builder for Hash-Reveal V1 Strategy.
  */
 export class KeystoneConfigBuilder_HashV1 extends KeystoneConfigBuilderBase {
-    _algo = 'SHA-256';
-    _rounds = 1;
+    lc = `[${KeystoneConfigBuilder_HashV1}]`;
+    _algo;
+    _rounds;
     /**
      * Sets the hashing strength.
      */
-    withHash(algo, rounds = 1) {
-        this._algo = algo;
-        this._rounds = rounds;
-        return this;
+    withHash({ algo, rounds }) {
+        const lc = `${this.lc}[${this.withHash.name}]`;
+        try {
+            if (logalot) {
+                console.log(`${lc} starting... (I: 15d1b3bd2e98bba33fc6c78228755826)`);
+            }
+            this._algo = algo;
+            this._rounds = rounds;
+            return this;
+        }
+        catch (error) {
+            console.error(`${lc} ${extractErrorMsg(error)}`);
+            throw error;
+        }
+        finally {
+            if (logalot) {
+                console.log(`${lc} complete.`);
+            }
+        }
     }
     build() {
-        return {
-            id: this._salt, // Using salt as the unique ID for the pool config
-            type: 'hash-reveal-v1',
-            salt: this._salt,
-            allowedVerbs: this._verbs, // <--- Mapped here
-            behavior: this.buildBehavior(),
-            algo: this._algo,
-            rounds: this._rounds,
-        };
+        const lc = `${this.lc}[${this.build.name}]`;
+        try {
+            if (logalot) {
+                console.log(`${lc} starting... (I: 5df568c63c4993bb98df0a319ee16826)`);
+            }
+            if (!this._id) {
+                throw new Error(`id required (E: b50d082adf38bcbf463552f80d2c3226)`);
+            }
+            if (!this._salt) {
+                throw new Error(`salt required (E: b0f1926657b8d7d3a88fb9385ead5826)`);
+            }
+            if (!this._algo) {
+                throw new Error(`algorithm required (E: cff228f9898fd6383ef752088dae6826)`);
+            }
+            if (this._rounds === undefined) {
+                throw new Error(`rounds required (E: eb72580f3b014cda18cba3e399683c26)`);
+            }
+            const result = {
+                id: this._id,
+                type: KeystoneChallengeType.hash_reveal_v1,
+                salt: this._salt,
+                allowedVerbs: this._verbs,
+                behavior: this.buildBehavior(),
+                algo: this._algo,
+                rounds: this._rounds,
+            };
+            return result;
+        }
+        catch (error) {
+            console.error(`${lc} ${extractErrorMsg(error)}`);
+            throw error;
+        }
+        finally {
+            if (logalot) {
+                console.log(`${lc} complete.`);
+            }
+        }
     }
 }
 // ===========================================================================
@@ -133,25 +195,55 @@ export class KeystoneConfig {
         return new KeystoneConfigBuilder_HashV1();
     }
 }
-// ===========================================================================
-// FACTORY FUNCTIONS (Presets)
-// ===========================================================================
-export function createStandardPoolConfig(salt = POOL_ID_DEFAULT) {
+export function createStandardPoolConfig(opts) {
+    let { salt, id, size, sequential, random, targetBinding, replenishStrategy, verbs, hashAlgorithm, hashRounds, } = opts;
     return KeystoneConfig.hash()
+        .withId(id)
         .withSalt(salt)
-        .withSize(100)
-        .withHybrid(2, 2)
-        .withReplenishStrategy('top-up')
+        .withSize(size ?? KEYSTONE_CONFIG_DEFAULT_SIZE)
+        .withHybrid({
+        seqCount: sequential ?? KEYSTONE_CONFIG_DEFAULT_SEQUENTIAL,
+        randCount: random ?? KEYSTONE_CONFIG_DEFAULT_RANDOM,
+    })
+        .withTargetBinding(targetBinding ?? KEYSTONE_CONFIG_DEFAULT_BINDING)
+        .withReplenishStrategy(replenishStrategy ?? KEYSTONE_CONFIG_DEFAULT_REPLENISH_STRATEGY)
+        .withHash({
+        algo: hashAlgorithm ?? KEYSTONE_CONFIG_DEFAULT_HASH_ALGORITHM,
+        rounds: hashRounds ?? KEYSTONE_CONFIG_DEFAULT_HASH_ROUNDS
+    })
+        .forVerbs(verbs ?? [])
         .build();
 }
-export function createRevocationPoolConfig(salt = POOL_ID_REVOKE) {
+export function createHighSecurityPoolConfig(opts) {
+    let { salt, id, size, sequential, random, targetBinding, replenishStrategy, verbs, hashAlgorithm, hashRounds, } = opts;
     return KeystoneConfig.hash()
+        .withId(id)
         .withSalt(salt)
-        .withHash('SHA-256', 10)
-        .withSize(500)
-        .withHybrid(10, 10)
-        .withReplenishStrategy(KeystoneReplenishStrategy.scorchedEarth)
-        .forVerbs([KEYSTONE_VERB_REVOKE])
+        .withSize(size ?? KEYSTONE_CONFIG_DEFAULT_SIZE_HIGHSECURITY)
+        .withHybrid({
+        seqCount: sequential ?? KEYSTONE_CONFIG_DEFAULT_SEQUENTIAL_HIGHSECURITY,
+        randCount: random ?? KEYSTONE_CONFIG_DEFAULT_RANDOM_HIGHSECURITY,
+    })
+        .withTargetBinding(targetBinding ?? KEYSTONE_CONFIG_DEFAULT_BINDING_HIGHSECURITY)
+        .withReplenishStrategy(replenishStrategy ?? KEYSTONE_CONFIG_DEFAULT_REPLENISH_STRATEGY_HIGHSECURITY)
+        .withHash({
+        algo: hashAlgorithm ?? KEYSTONE_CONFIG_DEFAULT_HASH_ALGORITHM_HIGHSECURITY,
+        rounds: hashRounds ?? KEYSTONE_CONFIG_DEFAULT_HASH_ROUNDS_HIGHSECURITY
+    })
+        .forVerbs(verbs ?? [])
         .build();
 }
+export function createManagePoolConfig(opts) {
+    return createHighSecurityPoolConfig({
+        ...opts,
+        verbs: [KeystoneVerb.MANAGE],
+    });
+}
+export function createRevocationPoolConfig(opts) {
+    return createHighSecurityPoolConfig({
+        ...opts,
+        verbs: [KeystoneVerb.REVOKE],
+        replenishStrategy: KeystoneReplenishStrategy.deleteAll,
+    });
+}
 //# sourceMappingURL=keystone-config-builder.mjs.map