@ibgib/core-gib 0.1.6 → 0.1.9

package/dist/keystone/keystone-config-builder.d.mts

@@ -0,0 +1,77 @@
+import { KeystonePoolConfig, KeystonePoolConfig_HashV1, KeystonePoolBehavior, KeystoneReplenishStrategy, KeystonePoolConfigBase } from './keystone-types.mjs';
+/**
+ * Abstract Base Builder.
+ * Handles configuration common to ALL strategies (Salt, Size, Replenishment, Selection).
+ *
+ * @template TConfig The concrete config type being built.
+ */
+export declare abstract class KeystoneConfigBuilderBase<TConfig extends KeystonePoolConfigBase> {
+    protected _salt: string;
+    protected _size: number;
+    protected _replenish: KeystoneReplenishStrategy;
+    protected _seq: number;
+    protected _rand: number;
+    protected _verbs: string[];
+    protected _targetBinding: number;
+    /**
+     * Sets the unique salt/ID for this pool.
+     */
+    withSalt(salt: string): this;
+    /**
+     * Sets the total number of challenges to maintain in the pool.
+     */
+    withSize(size: number): this;
+    /**
+    * Binds challenge selection to the content address of the target.
+    * @param chars Number of hex characters to match (e.g. 4).
+    */
+    withTargetBinding(chars: number): this;
+    /**
+     * Configures the pool to use strictly Sequential (FIFO) selection.
+     * @param count Number of challenges to consume per sign.
+     */
+    withFIFO(count: number): this;
+    /**
+     * Configures the pool to use strictly Random selection.
+     * @param count Number of challenges to consume per sign.
+     */
+    withRandom(count: number): this;
+    /**
+     * Configures the pool to use Hybrid (Both FIFO and Random) selection.
+     */
+    withHybrid(seqCount: number, randCount: number): this;
+    /**
+     * Sets the replenishment strategy.
+     */
+    withReplenishStrategy(strategy: KeystoneReplenishStrategy): this;
+    /**
+     * Constructs the behavioral config object.
+     * Helper for subclasses.
+     */
+    protected buildBehavior(): KeystonePoolBehavior;
+    /**
+     * Restricts this pool to specific verbs.
+     * @param verbs List of verb addresses (e.g. 'revoke^gib')
+     */
+    forVerbs(verbs: string[]): this;
+    protected buildBase(): KeystonePoolConfigBase;
+    abstract build(): TConfig;
+}
+/**
+ * Concrete Builder for Hash-Reveal V1 Strategy.
+ */
+export declare class KeystoneConfigBuilder_HashV1 extends KeystoneConfigBuilderBase<KeystonePoolConfig_HashV1> {
+    private _algo;
+    private _rounds;
+    /**
+     * Sets the hashing strength.
+     */
+    withHash(algo: 'SHA-256' | 'SHA-512', rounds?: number): this;
+    build(): KeystonePoolConfig_HashV1;
+}
+export declare class KeystoneConfig {
+    static hash(): KeystoneConfigBuilder_HashV1;
+}
+export declare function createStandardPoolConfig(salt?: string): KeystonePoolConfig;
+export declare function createRevocationPoolConfig(salt?: string): KeystonePoolConfig;
+//# sourceMappingURL=keystone-config-builder.d.mts.map

package/dist/keystone/keystone-config-builder.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keystone-config-builder.d.mts","sourceRoot":"","sources":["../../src/keystone/keystone-config-builder.mts"],"names":[],"mappings":"AAAA,OAAO,EACH,kBAAkB,EAClB,yBAAyB,EACzB,oBAAoB,EACpB,yBAAyB,EACzB,sBAAsB,EACzB,MAAM,sBAAsB,CAAC;AAG9B;;;;;GAKG;AACH,8BAAsB,yBAAyB,CAAC,OAAO,SAAS,sBAAsB;IAClF,SAAS,CAAC,KAAK,EAAE,MAAM,CAAa;IACpC,SAAS,CAAC,KAAK,EAAE,MAAM,CAAO;IAC9B,SAAS,CAAC,UAAU,EAAE,yBAAyB,CAAY;IAC3D,SAAS,CAAC,IAAI,EAAE,MAAM,CAAK;IAC3B,SAAS,CAAC,KAAK,EAAE,MAAM,CAAK;IAC5B,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,CAAM;IAChC,SAAS,CAAC,cAAc,EAAE,MAAM,CAAK;IAGrC;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAK5B;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAK5B;;;MAGE;IACF,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAKtC;;;OAGG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAM7B;;;OAGG;IACH,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAM/B;;OAEG;IACH,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAMrD;;OAEG;IACH,qBAAqB,CAAC,QAAQ,EAAE,yBAAyB,GAAG,IAAI;IAKhE;;;OAGG;IACH,SAAS,CAAC,aAAa,IAAI,oBAAoB;IAU/C;;;OAGG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAK/B,SAAS,CAAC,SAAS,IAAI,sBAAsB;IAS7C,QAAQ,CAAC,KAAK,IAAI,OAAO;CAC5B;AAED;;GAEG;AACH,qBAAa,4BAA6B,SAAQ,yBAAyB,CAAC,yBAAyB,CAAC;IAClG,OAAO,CAAC,KAAK,CAAoC;IACjD,OAAO,CAAC,OAAO,CAAa;IAE5B;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,SAAS,GAAG,SAAS,EAAE,MAAM,GAAE,MAAU,GAAG,IAAI;IAM/D,KAAK,IAAI,yBAAyB;CAWrC;AAMD,qBAAa,cAAc;IACvB,MAAM,CAAC,IAAI,IAAI,4BAA4B;CAM9C;AAMD,wBAAgB,wBAAwB,CAAC,IAAI,GAAE,MAAwB,GAAG,kBAAkB,CAO3F;AAED,wBAAgB,0BAA0B,CAAC,IAAI,GAAE,MAAuB,GAAG,kBAAkB,CAS5F"}

package/dist/keystone/keystone-config-builder.mjs

@@ -0,0 +1,157 @@
+import { KeystoneReplenishStrategy } from './keystone-types.mjs';
+import { POOL_ID_DEFAULT, POOL_ID_REVOKE, KEYSTONE_VERB_REVOKE } from './keystone-constants.mjs';
+/**
+ * Abstract Base Builder.
+ * Handles configuration common to ALL strategies (Salt, Size, Replenishment, Selection).
+ *
+ * @template TConfig The concrete config type being built.
+ */
+export class KeystoneConfigBuilderBase {
+    _salt = 'default';
+    _size = 100;
+    _replenish = 'top-up';
+    _seq = 0;
+    _rand = 0;
+    _verbs = [];
+    _targetBinding = 0; // Default 0
+    /**
+     * Sets the unique salt/ID for this pool.
+     */
+    withSalt(salt) {
+        this._salt = salt;
+        return this;
+    }
+    /**
+     * Sets the total number of challenges to maintain in the pool.
+     */
+    withSize(size) {
+        this._size = size;
+        return this;
+    }
+    /**
+    * Binds challenge selection to the content address of the target.
+    * @param chars Number of hex characters to match (e.g. 4).
+    */
+    withTargetBinding(chars) {
+        this._targetBinding = chars;
+        return this;
+    }
+    /**
+     * Configures the pool to use strictly Sequential (FIFO) selection.
+     * @param count Number of challenges to consume per sign.
+     */
+    withFIFO(count) {
+        this._seq = count;
+        this._rand = 0;
+        return this;
+    }
+    /**
+     * Configures the pool to use strictly Random selection.
+     * @param count Number of challenges to consume per sign.
+     */
+    withRandom(count) {
+        this._seq = 0;
+        this._rand = count;
+        return this;
+    }
+    /**
+     * Configures the pool to use Hybrid (Both FIFO and Random) selection.
+     */
+    withHybrid(seqCount, randCount) {
+        this._seq = seqCount;
+        this._rand = randCount;
+        return this;
+    }
+    /**
+     * Sets the replenishment strategy.
+     */
+    withReplenishStrategy(strategy) {
+        this._replenish = strategy;
+        return this;
+    }
+    /**
+     * Constructs the behavioral config object.
+     * Helper for subclasses.
+     */
+    buildBehavior() {
+        return {
+            size: this._size,
+            replenish: this._replenish,
+            selectSequentially: this._seq,
+            selectRandomly: this._rand,
+            targetBindingChars: this._targetBinding,
+        };
+    }
+    /**
+     * Restricts this pool to specific verbs.
+     * @param verbs List of verb addresses (e.g. 'revoke^gib')
+     */
+    forVerbs(verbs) {
+        this._verbs = verbs;
+        return this;
+    }
+    buildBase() {
+        // Helper to keep the concrete build() clean
+        return {
+            type: 'hash-reveal-v1', // This is overridden by concrete/interface usually, but needed for base shape
+            salt: this._salt,
+            allowedVerbs: this._verbs
+        };
+    }
+}
+/**
+ * Concrete Builder for Hash-Reveal V1 Strategy.
+ */
+export class KeystoneConfigBuilder_HashV1 extends KeystoneConfigBuilderBase {
+    _algo = 'SHA-256';
+    _rounds = 1;
+    /**
+     * Sets the hashing strength.
+     */
+    withHash(algo, rounds = 1) {
+        this._algo = algo;
+        this._rounds = rounds;
+        return this;
+    }
+    build() {
+        return {
+            id: this._salt, // Using salt as the unique ID for the pool config
+            type: 'hash-reveal-v1',
+            salt: this._salt,
+            allowedVerbs: this._verbs, // <--- Mapped here
+            behavior: this.buildBehavior(),
+            algo: this._algo,
+            rounds: this._rounds,
+        };
+    }
+}
+// ===========================================================================
+// STATIC ENTRY POINT (Optional Convenience)
+// ===========================================================================
+export class KeystoneConfig {
+    static hash() {
+        return new KeystoneConfigBuilder_HashV1();
+    }
+}
+// ===========================================================================
+// FACTORY FUNCTIONS (Presets)
+// ===========================================================================
+export function createStandardPoolConfig(salt = POOL_ID_DEFAULT) {
+    return KeystoneConfig.hash()
+        .withSalt(salt)
+        .withSize(100)
+        .withHybrid(2, 2)
+        .withReplenishStrategy('top-up')
+        .build();
+}
+export function createRevocationPoolConfig(salt = POOL_ID_REVOKE) {
+    return KeystoneConfig.hash()
+        .withSalt(salt)
+        .withHash('SHA-256', 10)
+        .withSize(500)
+        .withHybrid(10, 10)
+        .withReplenishStrategy(KeystoneReplenishStrategy.scorchedEarth)
+        .forVerbs([KEYSTONE_VERB_REVOKE])
+        .build();
+}
+//# sourceMappingURL=keystone-config-builder.mjs.map

package/dist/keystone/keystone-config-builder.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"keystone-config-builder.mjs","sourceRoot":"","sources":["../../src/keystone/keystone-config-builder.mts"],"names":[],"mappings":"AAAA,OAAO,EAIH,yBAAyB,EAE5B,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAEjG;;;;;GAKG;AACH,MAAM,OAAgB,yBAAyB;IACjC,KAAK,GAAW,SAAS,CAAC;IAC1B,KAAK,GAAW,GAAG,CAAC;IACpB,UAAU,GAA8B,QAAQ,CAAC;IACjD,IAAI,GAAW,CAAC,CAAC;IACjB,KAAK,GAAW,CAAC,CAAC;IAClB,MAAM,GAAa,EAAE,CAAC;IACtB,cAAc,GAAW,CAAC,CAAC,CAAC,YAAY;IAGlD;;OAEG;IACH,QAAQ,CAAC,IAAY;QACjB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,IAAY;QACjB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;;MAGE;IACF,iBAAiB,CAAC,KAAa;QAC3B,IAAI,CAAC,cAAc,GAAG,KAAK,CAAC;QAC5B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;;OAGG;IACH,QAAQ,CAAC,KAAa;QAClB,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC;QAClB,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC;QACf,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,KAAa;QACpB,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC;QACd,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,QAAgB,EAAE,SAAiB;QAC1C,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC;QACvB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,qBAAqB,CAAC,QAAmC;QACrD,IAAI,CAAC,UAAU,GAAG,QAAQ,CAAC;QAC3B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;;OAGG;IACO,aAAa;QACnB,OAAO;YACH,IAAI,EAAE,IAAI,CAAC,KAAK;YAChB,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,kBAAkB,EAAE,IAAI,CAAC,IAAI;YAC7B,cAAc,EAAE,IAAI,CAAC,KAAK;YAC1B,kBAAkB,EAAE,IAAI,CAAC,cAAc;SAC1C,CAAC;IACN,CAAC;IAED;;;OAGG;IACH,QAAQ,CAAC,KAAe;QACpB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,OAAO,IAAI,CAAC;IAChB,CAAC;IAES,SAAS;QACf,4CAA4C;QAC5C,OAAO;YACH,IAAI,EAAE,gBAAgB,EAAE,8EAA8E;YACtG,IAAI,EAAE,IAAI,CAAC,KAAK;YAChB,YAAY,EAAE,IAAI,CAAC,MAAM;SACrB,CAAC;IACb,CAAC;CAGJ;AAED;;GAEG;AACH,MAAM,OAAO,4BAA6B,SAAQ,yBAAoD;IAC1F,KAAK,GAA0B,SAAS,CAAC;IACzC,OAAO,GAAW,CAAC,CAAC;IAE5B;;OAEG;IACH,QAAQ,CAAC,IAA2B,EAAE,SAAiB,CAAC;QACpD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,KAAK;QACD,OAAO;YACH,EAAE,EAAE,IAAI,CAAC,KAAK,EAAE,kDAAkD;YAClE,IAAI,EAAE,gBAAgB;YACtB,IAAI,EAAE,IAAI,CAAC,KAAK;YAChB,YAAY,EAAE,IAAI,CAAC,MAAM,EAAE,mBAAmB;YAC9C,QAAQ,EAAE,IAAI,CAAC,aAAa,EAAE;YAC9B,IAAI,EAAE,IAAI,CAAC,KAAK;YAChB,MAAM,EAAE,IAAI,CAAC,OAAO;SACvB,CAAC;IACN,CAAC;CACJ;AAED,8EAA8E;AAC9E,4CAA4C;AAC5C,8EAA8E;AAE9E,MAAM,OAAO,cAAc;IACvB,MAAM,CAAC,IAAI;QACP,OAAO,IAAI,4BAA4B,EAAE,CAAC;IAC9C,CAAC;CAIJ;AAED,8EAA8E;AAC9E,8BAA8B;AAC9B,8EAA8E;AAE9E,MAAM,UAAU,wBAAwB,CAAC,OAAe,eAAe;IACnE,OAAO,cAAc,CAAC,IAAI,EAAE;SACvB,QAAQ,CAAC,IAAI,CAAC;SACd,QAAQ,CAAC,GAAG,CAAC;SACb,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC;SAChB,qBAAqB,CAAC,QAAQ,CAAC;SAC/B,KAAK,EAAE,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,OAAe,cAAc;IACpE,OAAO,cAAc,CAAC,IAAI,EAAE;SACvB,QAAQ,CAAC,IAAI,CAAC;SACd,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC;SACvB,QAAQ,CAAC,GAAG,CAAC;SACb,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC;SAClB,qBAAqB,CAAC,yBAAyB,CAAC,aAAa,CAAC;SAC9D,QAAQ,CAAC,CAAC,oBAAoB,CAAC,CAAC;SAChC,KAAK,EAAE,CAAC;AACjB,CAAC"}

package/dist/keystone/keystone-config-builder.respec.d.mts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=keystone-config-builder.respec.d.mts.map

package/dist/keystone/keystone-config-builder.respec.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keystone-config-builder.respec.d.mts","sourceRoot":"","sources":["../../src/keystone/keystone-config-builder.respec.mts"],"names":[],"mappings":""}

package/dist/keystone/keystone-config-builder.respec.mjs

@@ -0,0 +1,34 @@
+import { iReckon, respecfullyDear, ifWeMight } from '@ibgib/helper-gib/dist/respec-gib/respec-gib.mjs';
+const maam = `[${import.meta.url}]`, sir = maam;
+import { GLOBAL_LOG_A_LOT } from '../core-constants.mjs';
+import { createRevocationPoolConfig, createStandardPoolConfig } from './keystone-config-builder.mjs';
+import { KEYSTONE_VERB_REVOKE, } from './keystone-constants.mjs';
+const logalot = GLOBAL_LOG_A_LOT;
+await respecfullyDear(sir, 'Config Builders', async () => {
+    await ifWeMight(sir, 'createStandardPoolConfig defaults are correct', async () => {
+        const config = createStandardPoolConfig("test_salt");
+        iReckon(sir, config.salt).willEqual("test_salt");
+        iReckon(sir, config.id).willEqual("test_salt");
+        iReckon(sir, config.type).willEqual("hash-reveal-v1");
+        // Behavior check
+        const b = config.behavior;
+        iReckon(sir, b.size).willEqual(100);
+        iReckon(sir, b.selectSequentially).willEqual(2);
+        iReckon(sir, b.selectRandomly).willEqual(2);
+        iReckon(sir, b.replenish).willEqual("top-up");
+        // Verbs should be empty/undefined (permissive)
+        iReckon(sir, config.allowedVerbs.length).willEqual(0);
+    });
+    await ifWeMight(sir, 'createRevocationPoolConfig defaults are correct', async () => {
+        const config = createRevocationPoolConfig("revoke_salt");
+        iReckon(sir, config.salt).willEqual("revoke_salt");
+        // Behavior check
+        const b = config.behavior;
+        iReckon(sir, b.size).willEqual(500); // Higher security
+        iReckon(sir, b.replenish).willEqual("scorched-earth");
+        // Verbs should be restricted
+        iReckon(sir, config.allowedVerbs).includes(KEYSTONE_VERB_REVOKE);
+        iReckon(sir, config.allowedVerbs.length).willEqual(1);
+    });
+});
+//# sourceMappingURL=keystone-config-builder.respec.mjs.map

package/dist/keystone/keystone-config-builder.respec.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"keystone-config-builder.respec.mjs","sourceRoot":"","sources":["../../src/keystone/keystone-config-builder.respec.mts"],"names":[],"mappings":"AAAA,OAAO,EACU,OAAO,EAAwD,eAAe,EAAE,SAAS,EACzG,MAAM,kDAAkD,CAAC;AAC1D,MAAM,IAAI,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,GAAG,EAAE,GAAG,GAAG,IAAI,CAAC;AAGhD,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD,OAAO,EAAE,0BAA0B,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AACrG,OAAO,EAAE,oBAAoB,GAAG,MAAM,0BAA0B,CAAC;AAEjE,MAAM,OAAO,GAAG,gBAAgB,CAAC;AAGjC,MAAM,eAAe,CAAC,GAAG,EAAE,iBAAiB,EAAE,KAAK,IAAI,EAAE;IAErD,MAAM,SAAS,CAAC,GAAG,EAAE,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7E,MAAM,MAAM,GAAG,wBAAwB,CAAC,WAAW,CAA8B,CAAC;QAElF,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QAEtD,iBAAiB;QACjB,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC;QAC1B,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACpC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,kBAAkB,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QAChD,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QAC5C,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAE9C,+CAA+C;QAC/C,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,MAAM,SAAS,CAAC,GAAG,EAAE,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,MAAM,GAAG,0BAA0B,CAAC,aAAa,CAA8B,CAAC;QAEtF,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAEnD,iBAAiB;QACjB,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC;QAC1B,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,kBAAkB;QACvD,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QAEtD,6BAA6B;QAC7B,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/keystone/keystone-constants.d.mts

@@ -0,0 +1,38 @@
+export declare const KEYSTONE_ATOM = "keystone";
+/**
+ * @see {@link KeystoneVerb.REVOKE}
+ */
+export declare const KEYSTONE_VERB_REVOKE = "revoke";
+/**
+ * @see {@link KeystoneVerb.MANAGE}
+ */
+export declare const KEYSTONE_VERB_MANAGE = "manage";
+export type KeystoneVerb = typeof KEYSTONE_VERB_REVOKE | typeof KEYSTONE_VERB_MANAGE;
+/**
+ * Verbs that describe actions that can be authorized by a Keystone.
+ */
+export declare const KeystoneVerb: {
+    /**
+     * The specific ibGib address for the 'revoke' verb.
+     * Used in Claims to indicate the Keystone should be considered dead.
+     */
+    REVOKE: "revoke";
+    /**
+     * The meta-verb used to authorize structural changes to the Keystone,
+     * specifically adding or removing challenge pools.
+     *
+     * "Root access" to the identity.
+     *
+     * Basically, this is the verb for the "admin" pool.
+     */
+    MANAGE: "manage";
+};
+export declare const KEYSTONE_VERB_VALID_VALUES: ("revoke" | "manage")[];
+export declare function isKeystoneVerb(value: string): value is KeystoneVerb;
+/**
+ * Standard pool IDs can be conventionally named after their primary verb.
+ */
+export declare const POOL_ID_REVOKE = "revoke";
+export declare const POOL_ID_MANAGE = "manage";
+export declare const POOL_ID_DEFAULT = "default";
+//# sourceMappingURL=keystone-constants.d.mts.map

package/dist/keystone/keystone-constants.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keystone-constants.d.mts","sourceRoot":"","sources":["../../src/keystone/keystone-constants.mts"],"names":[],"mappings":"AAAA,eAAO,MAAM,aAAa,aAAa,CAAC;AAGxC;;GAEG;AACH,eAAO,MAAM,oBAAoB,WAAW,CAAC;AAC7C;;GAEG;AACH,eAAO,MAAM,oBAAoB,WAAW,CAAC;AAC7C,MAAM,MAAM,YAAY,GAClB,OAAO,oBAAoB,GAC3B,OAAO,oBAAoB,CAAC;AAElC;;GAEG;AACH,eAAO,MAAM,YAAY;IACrB;;;OAGG;;IAEH;;;;;;;OAOG;;CAEoC,CAAC;AAC5C,eAAO,MAAM,0BAA0B,yBAA8B,CAAC;AACtE,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,KAAK,IAAI,YAAY,CAEnE;AAGD;;GAEG;AACH,eAAO,MAAM,cAAc,WAAuB,CAAC;AACnD,eAAO,MAAM,cAAc,WAAuB,CAAC;AACnD,eAAO,MAAM,eAAe,YAAY,CAAC"}

package/dist/keystone/keystone-constants.mjs

@@ -0,0 +1,41 @@
+export const KEYSTONE_ATOM = "keystone";
+// #region KeystoneVerb enum
+/**
+ * @see {@link KeystoneVerb.REVOKE}
+ */
+export const KEYSTONE_VERB_REVOKE = "revoke";
+/**
+ * @see {@link KeystoneVerb.MANAGE}
+ */
+export const KEYSTONE_VERB_MANAGE = "manage";
+/**
+ * Verbs that describe actions that can be authorized by a Keystone.
+ */
+export const KeystoneVerb = {
+    /**
+     * The specific ibGib address for the 'revoke' verb.
+     * Used in Claims to indicate the Keystone should be considered dead.
+     */
+    REVOKE: KEYSTONE_VERB_REVOKE,
+    /**
+     * The meta-verb used to authorize structural changes to the Keystone,
+     * specifically adding or removing challenge pools.
+     *
+     * "Root access" to the identity.
+     *
+     * Basically, this is the verb for the "admin" pool.
+     */
+    MANAGE: KEYSTONE_VERB_MANAGE,
+};
+export const KEYSTONE_VERB_VALID_VALUES = Object.values(KeystoneVerb);
+export function isKeystoneVerb(value) {
+    return KEYSTONE_VERB_VALID_VALUES.includes(value);
+}
+// #endregion KeystoneVerb enum
+/**
+ * Standard pool IDs can be conventionally named after their primary verb.
+ */
+export const POOL_ID_REVOKE = KEYSTONE_VERB_REVOKE;
+export const POOL_ID_MANAGE = KEYSTONE_VERB_MANAGE;
+export const POOL_ID_DEFAULT = "default";
+//# sourceMappingURL=keystone-constants.mjs.map

package/dist/keystone/keystone-constants.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"keystone-constants.mjs","sourceRoot":"","sources":["../../src/keystone/keystone-constants.mts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,aAAa,GAAG,UAAU,CAAC;AAExC,4BAA4B;AAC5B;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,QAAQ,CAAC;AAC7C;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,QAAQ,CAAC;AAK7C;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IACxB;;;OAGG;IACH,MAAM,EAAE,oBAAoB;IAC5B;;;;;;;OAOG;IACH,MAAM,EAAE,oBAAoB;CACW,CAAC;AAC5C,MAAM,CAAC,MAAM,0BAA0B,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;AACtE,MAAM,UAAU,cAAc,CAAC,KAAa;IACxC,OAAO,0BAA0B,CAAC,QAAQ,CAAC,KAAqB,CAAC,CAAC;AACtE,CAAC;AACD,+BAA+B;AAE/B;;GAEG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,oBAAoB,CAAC;AACnD,MAAM,CAAC,MAAM,cAAc,GAAG,oBAAoB,CAAC;AACnD,MAAM,CAAC,MAAM,eAAe,GAAG,SAAS,CAAC"}

package/dist/keystone/keystone-helpers.d.mts

@@ -0,0 +1,170 @@
+import { Ib } from "@ibgib/ts-gib/dist/types.mjs";
+import { KeystoneData_V1, KeystoneIbGib_V1, KeystoneIbInfo_V1, KeystoneChallengePool, DeterministicResult, KeystoneProof, KeystonePoolConfig, KeystoneClaim } from "./keystone-types.mjs";
+import { MetaspaceService } from "../witness/space/metaspace/metaspace-types.mjs";
+import { IbGibSpaceAny } from "../witness/space/space-base-v1.mjs";
+/**
+ * space-delimited keystone ib containing select keystone metadata.
+ *
+ * NOTE: This must match {@link parseKeystoneIb}
+ * @see {@link KeystoneIbInfo_V1}
+ */
+export declare function getKeystoneIb({ keystoneData, }: {
+    keystoneData: KeystoneData_V1;
+}): Promise<Ib>;
+/**
+ * NOTE: This must match {@link getKeystoneIb}
+ * @see {@link KeystoneIbInfo_V1}
+ */
+export declare function parseKeystoneIb({ ib, }: {
+    ib: Ib;
+}): Promise<KeystoneIbInfo_V1>;
+/**
+ * The Policy Engine.
+ * Calculates exactly which challenges MUST be consumed based on config and demands.
+ * Enforces STRICT DISTINCTNESS (No double-dipping).
+ */
+export declare function getDeterministicRequirements({ pool, requiredChallengeIds, targetAddr }: {
+    pool: KeystoneChallengePool;
+    requiredChallengeIds?: string[];
+    targetAddr?: string;
+}): DeterministicResult;
+/**
+ * Helper to update the Binding Map when adding new Challenge IDs.
+ * Uses "Implicit Bucketing" (ID start char) but can be extended for full coverage.
+ */
+export declare function addToBindingMap(map: {
+    [char: string]: string[];
+}, challengeId: string): void;
+/**
+ * Helper to clean up Binding Map when removing IDs.
+ */
+export declare function removeFromBindingMap(map: {
+    [char: string]: string[];
+}, challengeId: string): void;
+/**
+ * Selects the specific pool to use for an operation based on ID, filter criteria, or verb authorization.
+ *
+ * @returns The matching KeystoneChallengePool
+ * @throws If no pool matches or if multiple pools match but one was expected.
+ */
+export declare function resolveTargetPool({ pools, poolId, poolFilter, verb, }: {
+    pools: KeystoneChallengePool[];
+    /**
+     * Explicit ID of the pool to use.
+     */
+    poolId?: string;
+    /**
+     * Optional predicate to find a pool.
+     * Useful for finding delegates via metadata.
+     */
+    poolFilter?: (pool: KeystoneChallengePool) => boolean;
+    /**
+     * The verb being performed (e.g. 'revoke', 'manage', 'post').
+     * Used for authorization checks and auto-resolution.
+     */
+    verb?: string;
+}): KeystoneChallengePool;
+/**
+ * Calculates the complete list of Challenge IDs to solve for a given operation.
+ * Combines Deterministic requirements (Mandatory/Binding/FIFO) with Stochastic requirements.
+ *
+ * @returns Array of unique challenge IDs.
+ */
+export declare function selectChallengeIds({ pool, targetAddr, requiredChallengeIds, }: {
+    pool: KeystoneChallengePool;
+    /**
+     * The address of the target ibgib (used for binding entropy).
+     */
+    targetAddr?: string;
+    /**
+     * Explicit demands from a verifier.
+     */
+    requiredChallengeIds?: string[];
+}): string[];
+/**
+ * Generates an opaque, collision-resistant ID for a challenge.
+ * atow (2025/12/22) - Hash(Salt + Timestamp + Index)
+ */
+export declare function generateOpaqueChallengeId({ salt, timestamp, index }: {
+    salt: string;
+    timestamp: string;
+    index: number;
+}): Promise<string>;
+/**
+ * Calculates the NEXT state of the Challenge Pools given a specific consumption event.
+ * Handles TopUp, ReplaceAll, Consume, and ScorchedEarth strategies.
+ *
+ * @returns The new array of KeystoneChallengePools (including the modified one).
+ */
+export declare function applyReplenishmentStrategy({ prevPools, targetPoolId, consumedIds, masterSecret, strategy, config, }: {
+    prevPools: KeystoneChallengePool[];
+    targetPoolId: string;
+    consumedIds: string[];
+    masterSecret: string;
+    /**
+     * The instantiated KeystoneStrategy (e.g. HashRevealV1) used to generate new challenges.
+     */
+    strategy: any;
+    config: KeystonePoolConfig;
+}): Promise<KeystoneChallengePool[]>;
+/**
+ * High-level orchestration helper.
+ * 1. Instantiates Strategy.
+ * 2. Derives Secret.
+ * 3. Solves Challenges (Generates Solutions).
+ * 4. Replenishes Pool (Calculates the next state of ALL pools).
+ * 5. Constructs Proof.
+ *
+ * @returns The resulting Proof and the full list of Next Pools.
+ */
+export declare function solveAndReplenish({ targetPoolId, prevPools, masterSecret, challengeIds, claim, requiredChallengeIds, }: {
+    /**
+     * The ID of the pool to use for signing.
+     */
+    targetPoolId: string;
+    /**
+     * The full list of pools from the previous Keystone frame.
+     * Required to reconstruct the full state for the next frame.
+     */
+    prevPools: KeystoneChallengePool[];
+    masterSecret: string;
+    challengeIds: string[];
+    claim: Partial<KeystoneClaim>;
+    requiredChallengeIds?: string[];
+}): Promise<{
+    proof: KeystoneProof;
+    nextPools: KeystoneChallengePool[];
+}>;
+/**
+ * Validates the transition from Prev -> Curr.
+ * Enforces Cryptography AND Behavioral Policy.
+ *
+ * @returns Array of validation error strings. Empty array means Valid.
+ */
+export declare function validateKeystoneTransition({ currentIbGib, prevIbGib, }: {
+    currentIbGib: KeystoneIbGib_V1;
+    prevIbGib: KeystoneIbGib_V1;
+}): Promise<string[]>;
+/**
+ * Helper to verify a single proof against a specific pool.
+ */
+export declare function verifyProofAgainstPool({ proof, pool, errors, }: {
+    proof: KeystoneProof;
+    pool: KeystoneChallengePool;
+    errors: string[];
+}): Promise<void>;
+export declare function evolvePersistAndRegisterKeystone({ prevIbGib, newData, metaspace, space, }: {
+    prevIbGib: KeystoneIbGib_V1;
+    newData: KeystoneData_V1;
+    metaspace: MetaspaceService;
+    space: IbGibSpaceAny;
+}): Promise<KeystoneIbGib_V1>;
+/**
+ * Creates a new keystone ibgib that has no dna and no past.
+ */
+export declare function createKeystoneIbGibImpl({ data, metaspace, space, }: {
+    data: KeystoneData_V1;
+    metaspace: MetaspaceService;
+    space?: IbGibSpaceAny;
+}): Promise<KeystoneIbGib_V1>;
+//# sourceMappingURL=keystone-helpers.d.mts.map

package/dist/keystone/keystone-helpers.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keystone-helpers.d.mts","sourceRoot":"","sources":["../../src/keystone/keystone-helpers.mts"],"names":[],"mappings":"AACA,OAAO,EAAE,EAAE,EAAmB,MAAM,8BAA8B,CAAC;AASnE,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,aAAa,EAAE,kBAAkB,EAAuE,aAAa,EAAoB,MAAM,sBAAsB,CAAC;AACjR,OAAO,EAAE,gBAAgB,EAAE,MAAM,gDAAgD,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,MAAM,oCAAoC,CAAC;AAKnE;;;;;GAKG;AACH,wBAAsB,aAAa,CAAC,EAChC,YAAY,GACf,EAAE;IACC,YAAY,EAAE,eAAe,CAAC;CACjC,GAAG,OAAO,CAAC,EAAE,CAAC,CAkBd;AAED;;;GAGG;AACH,wBAAsB,eAAe,CAAC,EAClC,EAAE,GACL,EAAE;IACC,EAAE,EAAE,EAAE,CAAC;CACV,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAqB7B;AAED;;;;GAIG;AACH,wBAAgB,4BAA4B,CAAC,EACzC,IAAI,EACJ,oBAAoB,EACpB,UAAU,EACb,EAAE;IACC,IAAI,EAAE,qBAAqB,CAAC;IAC5B,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;IAChC,UAAU,CAAC,EAAE,MAAM,CAAC;CACvB,GAAG,mBAAmB,CAwEtB;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAC3B,GAAG,EAAE;IAAE,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CAAE,EACjC,WAAW,EAAE,MAAM,GACpB,IAAI,CAWN;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAChC,GAAG,EAAE;IAAE,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CAAE,EACjC,WAAW,EAAE,MAAM,GACpB,IAAI,CAON;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,EAC9B,KAAK,EACL,MAAM,EACN,UAAU,EACV,IAAI,GACP,EAAE;IACC,KAAK,EAAE,qBAAqB,EAAE,CAAC;IAC/B;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE,qBAAqB,KAAK,OAAO,CAAC;IACtD;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,qBAAqB,CA8CxB;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,EAC/B,IAAI,EACJ,UAAU,EACV,oBAAoB,GACvB,EAAE;IACC,IAAI,EAAE,qBAAqB,CAAC;IAC5B;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;CACnC,GAAG,MAAM,EAAE,CA+BX;AAED;;;GAGG;AACH,wBAAsB,yBAAyB,CAAC,EAC5C,IAAI,EACJ,SAAS,EACT,KAAK,EACR,EAAE;IACC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAA;CAChB,GAAG,OAAO,CAAC,MAAM,CAAC,CAIlB;AAED;;;;;GAKG;AACH,wBAAsB,0BAA0B,CAAC,EAC7C,SAAS,EACT,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,QAAQ,EACR,MAAM,GACT,EAAE;IACC,SAAS,EAAE,qBAAqB,EAAE,CAAC;IACnC,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB;;OAEG;IACH,QAAQ,EAAE,GAAG,CAAC;IACd,MAAM,EAAE,kBAAkB,CAAC;CAC9B,GAAG,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAiEnC;AAED;;;;;;;;;GASG;AACH,wBAAsB,iBAAiB,CAAC,EACpC,YAAY,EACZ,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,KAAK,EACL,oBAAoB,GACvB,EAAE;IACC;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,SAAS,EAAE,qBAAqB,EAAE,CAAC;IACnC,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,KAAK,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAC9B,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;CACnC,GAAG,OAAO,CAAC;IAAE,KAAK,EAAE,aAAa,CAAC;IAAC,SAAS,EAAE,qBAAqB,EAAE,CAAA;CAAE,CAAC,CA0CxE;AAED;;;;;GAKG;AACH,wBAAsB,0BAA0B,CAAC,EAC7C,YAAY,EACZ,SAAS,GACZ,EAAE;IACC,YAAY,EAAE,gBAAgB,CAAC;IAC/B,SAAS,EAAE,gBAAgB,CAAC;CAC/B,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAoDpB;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAAC,EACzC,KAAK,EACL,IAAI,EACJ,MAAM,GACT,EAAE;IACC,KAAK,EAAE,aAAa,CAAC;IACrB,IAAI,EAAE,qBAAqB,CAAC;IAC5B,MAAM,EAAE,MAAM,EAAE,CAAC;CACpB,GAAG,OAAO,CAAC,IAAI,CAAC,CA4DhB;AAED,wBAAsB,gCAAgC,CAAC,EACnD,SAAS,EACT,OAAO,EACP,SAAS,EACT,KAAK,GACR,EAAE;IACC,SAAS,EAAE,gBAAgB,CAAC;IAC5B,OAAO,EAAE,eAAe,CAAA;IACxB,SAAS,EAAE,gBAAgB,CAAC;IAC5B,KAAK,EAAE,aAAa,CAAC;CACxB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAwD5B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAAC,EAC1C,IAAI,EACJ,SAAS,EACT,KAAK,GACR,EAAE;IACC,IAAI,EAAE,eAAe,CAAC;IACtB,SAAS,EAAE,gBAAgB,CAAC;IAC5B,KAAK,CAAC,EAAE,aAAa,CAAC;CACzB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAkD5B"}