Expand description
Code policy (RFC-003 §3, §11.1).
CodePolicy is a validated security object, not loose configuration. Its
constructors reject impossible or risky shapes. Short codes below the secure
minimum require an explicit opt-in constructor so the weaker choice is
visible in code review (NFR-2).
Structs§
- Code
Policy - Validated policy governing code generation and validation.
Constants§
- DEFAULT_
MAX_ RAW_ LEN - The maximum accepted raw (pre-normalization) input length. Bounds work done on hostile input before a lookup.
- SECURE_
MIN_ HUMAN_ LENGTH - The secure minimum human-entered code length codlet enforces by default. 8 symbols over the 31-symbol alphabet is ~39.6 bits (RFC-003 §11.3).
- SHORT_
COMPAT_ LENGTH - Minimum accepted short-code length for the explicit compat opt-in (6 symbols, ~29.7 bits).