declare function zip<A, B>(a: A[], b: B[]): [A, B][];
declare function or<T>(...sets: Set<T>[]): Set<T>;
declare function and<T>(...sets: Set<T>[]): Set<T>;
declare function product(...sets: Set<string>[]): Set<string>;
declare const DATE: Record<string, number>;
declare function formatDuration(dur: number): string;
/** Character classes used by password masks. */
export declare const alphabet: Record<string, Set<string>>;
/** Low-level password mask helpers. */
export declare const utils: {
    zip: typeof zip;
    or: typeof or;
    and: typeof and;
    product: typeof product;
    cardinalityBits: typeof cardinalityBits;
    formatDuration: typeof formatDuration;
    DATE: typeof DATE;
};
/**
 * Check if password is correct for rules in design rationale.
 * @param pwd - Candidate password string.
 * @returns Whether the password satisfies the built-in strength rules.
 * @example
 * Validate that a candidate password covers the required character classes.
 * ```ts
 * import { checkPassword } from 'micro-key-producer/password.js';
 * checkPassword('Aa1!aaaa');
 * ```
 */
export declare function checkPassword(pwd: string): boolean;
declare function cardinalityBits(cardinality: bigint): number;
/** Estimated password guessing effort. */
export type PassEstimate = {
    /** Human-readable strength label derived from the estimated search space. */
    score: string;
    /** Time-to-guess estimates for a few attacker models. */
    guesses: {
        /** Online attack with strict throttling such as account lockouts. */
        online_throttling: string;
        /** Online attack without meaningful throttling. */
        online: string;
        /** Slow offline attack. */
        slow: string;
        /** Fast offline attack. */
        fast: string;
    };
    /** Approximate hardware cost of exhaustive attacks against several KDF targets. */
    costs: {
        /** Estimated attack cost against LUKS-style targets. */
        luks: number;
        /** Estimated attack cost against FileVault 2. */
        filevault2: number;
        /** Estimated attack cost against macOS PBKDF2-SHA512. */
        macos: number;
        /** Estimated attack cost against PBKDF2-HMAC-SHA256. */
        pbkdf2: number;
    };
};
type ApplyResult = {
    password: string;
    entropyLeft: bigint;
};
declare class Mask {
    private chars;
    private sets;
    private lengths;
    readonly cardinality: bigint;
    readonly entropy: number;
    readonly length: number;
    constructor(mask: string);
    apply(entropy: Uint8Array): ApplyResult;
    inverse({ password, entropyLeft }: ApplyResult): Uint8Array;
    estimate(): PassEstimate;
}
/**
 * Compiles a password mask into an object that can apply or invert entropy.
 * @param mask - Password mask expression.
 * @returns Compiled password mask.
 * @example
 * Compile a password mask into an object that can apply or invert entropy.
 * ```ts
 * import { mask } from 'micro-key-producer/password.js';
 * mask('cv1').apply(new Uint8Array(8)).password;
 * ```
 */
export declare const mask: (mask: string) => Mask;
/** Public shape of a compiled password mask. */
export type MaskType = {
    [K in keyof Mask]: Mask[K];
};
/**
 * Secure password mask, iOS keychain format.
 * @example
 * Generate an iOS-style password from random bytes.
 * ```ts
 * import { secureMask } from 'micro-key-producer/password.js';
 * import { randomBytes } from '@noble/hashes/utils.js';
 * const seed = randomBytes(32);
 * const pass = secureMask.apply(seed).password;
 * ```
 */
export declare const secureMask: MaskType;
export {};
//# sourceMappingURL=password.d.ts.map