namespace StellaOps.Cryptography; ///

/// Configuration options for cryptographic compliance. ///

public sealed class CryptoComplianceOptions { ///

/// The configuration section key for binding. ///

public const string SectionKey = "Crypto:Compliance"; ///

/// Active compliance profile ID. /// Valid values: "world", "fips", "gost", "sm", "kcmvp", "eidas". /// Default: "world". /// Can be overridden by STELLAOPS_CRYPTO_COMPLIANCE_PROFILE environment variable. ///

public string ProfileId { get; set; } = "world"; ///

/// When true, fail on non-compliant algorithm usage. /// Default: true. /// Can be overridden by STELLAOPS_CRYPTO_STRICT_VALIDATION environment variable. ///

public bool StrictValidation { get; set; } = true; ///

/// When StrictValidation=false, emit warning instead of silently proceeding. /// Default: true. ///

public bool WarnOnNonCompliant { get; set; } = true; ///

/// Allow Interop purpose to override profile algorithm with SHA-256. /// Default: true. ///

public bool AllowInteropOverride { get; set; } = true; ///

/// Enable telemetry for all crypto operations. /// Default: true. ///

public bool EnableTelemetry { get; set; } = true; ///

/// Custom purpose-to-algorithm overrides that take precedence over profile defaults. /// Keys are from , values are from . ///

public Dictionary? PurposeOverrides { get; set; } ///

/// Applies environment variable overrides. ///

public void ApplyEnvironmentOverrides() { var profileEnv = Environment.GetEnvironmentVariable("STELLAOPS_CRYPTO_COMPLIANCE_PROFILE"); if (!string.IsNullOrWhiteSpace(profileEnv)) { ProfileId = profileEnv.Trim().ToLowerInvariant(); } var strictEnv = Environment.GetEnvironmentVariable("STELLAOPS_CRYPTO_STRICT_VALIDATION"); if (!string.IsNullOrWhiteSpace(strictEnv) && bool.TryParse(strictEnv, out var strict)) { StrictValidation = strict; } } }