namespace StellaOps.Cryptography;
///
/// Well-known hash purpose identifiers for compliance-aware cryptographic operations.
/// Components should request hashing by PURPOSE, not by algorithm.
/// The platform resolves the correct algorithm based on the active compliance profile.
///
public static class HashPurpose
{
///
/// Graph content-addressing (richgraph-v1).
/// Default: BLAKE3-256 (world), SHA-256 (fips), GOST3411-2012-256 (gost), SM3 (sm).
///
public const string Graph = "graph";
///
/// Symbol identification (SymbolID, CodeID).
/// Default: SHA-256 (world/fips/kcmvp/eidas), GOST3411-2012-256 (gost), SM3 (sm).
///
public const string Symbol = "symbol";
///
/// Content/file hashing for integrity verification.
/// Default: SHA-256 (world/fips/kcmvp/eidas), GOST3411-2012-256 (gost), SM3 (sm).
///
public const string Content = "content";
///
/// Merkle tree node hashing.
/// Default: SHA-256 (world/fips/kcmvp/eidas), GOST3411-2012-256 (gost), SM3 (sm).
///
public const string Merkle = "merkle";
///
/// DSSE payload digest for attestations.
/// Default: SHA-256 (world/fips/kcmvp/eidas), GOST3411-2012-256 (gost), SM3 (sm).
///
public const string Attestation = "attestation";
///
/// External interoperability (third-party tools like cosign, rekor).
/// Always SHA-256, regardless of compliance profile.
/// Every use of this purpose MUST be documented with justification.
///
public const string Interop = "interop";
///
/// Password/secret derivation.
/// Default: Argon2id (world/gost/sm/kcmvp/eidas), PBKDF2-SHA256 (fips).
///
public const string Secret = "secret";
///
/// All known hash purposes for validation.
///
public static readonly IReadOnlyList All = new[]
{
Graph,
Symbol,
Content,
Merkle,
Attestation,
Interop,
Secret
};
///
/// Validates whether the given purpose is known.
///
/// The purpose to validate.
/// True if the purpose is known; otherwise, false.
public static bool IsKnown(string? purpose)
=> !string.IsNullOrWhiteSpace(purpose) && All.Contains(purpose);
}