2d11090d1a
Encrypted per-app secrets, reachable from scripts as
secrets::{get,set,delete,list}(name) and managed from the dashboard
Secrets tab. Values are AES-256-GCM-sealed with the process master key
(picloud_shared::crypto) before they touch Postgres; the repo only ever
sees ciphertext + nonce. JSON round-trip preserves Rhai types.
- migration 0023_secrets.sql (PRIMARY KEY (app_id, name)).
- SecretsService trait (picloud-shared) + SecretsServiceImpl + repo
(manager-core), wired into the Services bundle and Rhai engine.
- Capability::AppSecretsRead/Write (→ script:read / script:write); no
new Scope variants (seven-scope commitment).
- Admin API GET/POST/DELETE /apps/{id}/secrets (list returns names +
updated_at, never values).
- build_app now takes a MasterKey, sourced from PICLOUD_SECRET_KEY in
main.rs; test callers pass a fixed test key.
- 64 KB value cap (PICLOUD_SECRET_MAX_VALUE_BYTES); no ServiceEvent
emission (secret writes don't fire triggers, by design).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
48 lines
1.7 KiB
Rust
48 lines
1.7 KiB
Rust
//! SDK plumbing — types and the per-call registration entry point.
|
|
//!
|
|
//! `executor-core` is responsible for building the per-invocation Rhai
|
|
//! engine and wiring stateful services into it. v1.1.0 ships the
|
|
//! shapes (`Services` bundle, `SdkCallCx`, `register_all` entry point)
|
|
//! but no actual services — subsequent v1.1.x PRs (KV in v1.1.1,
|
|
//! docs in v1.1.2, …) extend `register_all` rather than re-threading
|
|
//! plumbing through `engine.rs`.
|
|
//!
|
|
//! Bridge functions (`json_to_dynamic` / `dynamic_to_json`) also live
|
|
//! here so service modules can convert values without `engine.rs`
|
|
//! being the only home for the conversion logic.
|
|
|
|
pub mod bridge;
|
|
pub mod cx;
|
|
pub mod dead_letters;
|
|
pub mod docs;
|
|
pub mod files;
|
|
pub mod http;
|
|
pub mod kv;
|
|
pub mod pubsub;
|
|
pub mod secrets;
|
|
pub mod stdlib;
|
|
|
|
pub use bridge::{dynamic_to_json, json_to_dynamic};
|
|
pub use cx::SdkCallCx;
|
|
|
|
use std::sync::Arc;
|
|
|
|
use picloud_shared::Services;
|
|
use rhai::Engine as RhaiEngine;
|
|
|
|
/// Single hook every v1.1.x stateful service registers into. Called
|
|
/// once per invocation, just after `build_engine` constructs the
|
|
/// sandboxed Rhai engine and just before script compilation.
|
|
///
|
|
/// v1.1.1 wires the first stateful service (KV). Subsequent PRs add a
|
|
/// single `<service>::register(...)` line per service.
|
|
pub fn register_all(engine: &mut RhaiEngine, services: &Services, cx: Arc<SdkCallCx>) {
|
|
kv::register(engine, services, cx.clone());
|
|
docs::register(engine, services, cx.clone());
|
|
dead_letters::register(engine, services, cx.clone());
|
|
http::register(engine, services, cx.clone());
|
|
files::register(engine, services, cx.clone());
|
|
pubsub::register(engine, services, cx.clone());
|
|
secrets::register(engine, services, cx);
|
|
}
|