Expand description
Dynamic credential generator — produces short-lived auth tokens at call time.
Generators run where secrets live: on the proxy server in proxy mode, on the local machine in local mode. Signing keys never enter the sandbox.
Two generator types:
command: runs an external command, captures stdoutscript: writes an inline script to a temp file, runs via interpreter
Results are cached per (provider, agent_sub) with configurable TTL.
Structs§
- Auth
Cache - TTL-based credential cache, keyed by (provider_name, agent_sub).
- GenContext
- Context for expanding
${VAR}placeholders in generator args/env. - Generated
Credential - Result of running a generator — primary token + optional extra injections.
Enums§
Functions§
- generate
- Generate a credential by running the provider’s auth_generator.