envseal 0.3.11

Write-only secret vault with process-level access control — post-agent secret management
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215

//! Process-spawning operations: inject, run, pipe, supervised exec.
//!
//! Anything that takes a `command: &[String]` and spawns a child
//! lives here. Sandboxing helpers (`parse_sandbox_profile`,
//! `sandbox_summary`) cluster with this code because they parameterize
//! the same execution surface.
//!
//! Re-exported from [`super`] so existing call sites resolve unchanged.

use std::path::Path;

use crate::error::Error;
use crate::vault::Vault;

/// Parse a sandbox-profile name into a [`crate::sandbox::SandboxTier`].
///
/// Accepts `None` (treated as `"standard"` / [`crate::sandbox::SandboxTier::None`]),
/// `"standard"`, `"hardened"`, `"lockdown"`. Any other value is an error.
///
/// # Errors
///
/// Returns [`Error::CryptoFailure`] when the profile name is unrecognized.
pub fn parse_sandbox_profile(profile: Option<&str>) -> Result<crate::sandbox::SandboxTier, Error> {
    let name = profile.unwrap_or("standard");
    crate::sandbox::SandboxTier::parse(name).map_err(|bad| {
        Error::CryptoFailure(format!(
            "invalid sandbox profile '{bad}' (expected: standard|hardened|lockdown)"
        ))
    })
}

/// Stable, user-readable summary of a [`crate::sandbox::SandboxTier`].
///
/// Used by CLI/MCP/desktop to show what isolation a supervised run will
/// apply. Returns `"none"` / `"hardened"` / `"lockdown"` — matching the
/// serialized name on disk.
#[must_use]
pub fn sandbox_summary(tier: crate::sandbox::SandboxTier) -> &'static str {
    tier.as_str()
}

/// Run `command` with the given secret injected as `env_var`, under
/// supervised execution (real-time leak detection + optional sandbox tier).
///
/// Opens the default vault, invokes the supervisor, returns its result.
/// The CLI/MCP layer is responsible for printing whatever dataflow report
/// makes sense for the consumer (or calling [`print_dataflow_report`] if
/// it wants the built-in stderr layout).
///
/// # Errors
///
/// Returns vault-open or supervisor errors as-is.
pub fn supervised_execute(
    secret_name: &str,
    env_var: &str,
    command: &[String],
    tier: crate::sandbox::SandboxTier,
) -> Result<crate::supervisor::SupervisedResult, Error> {
    let vault = Vault::open_default()?;
    crate::supervisor::supervised_execute(&vault, secret_name, env_var, command, tier)
}

/// Render the supervisor's dataflow report to stderr.
///
/// Re-exported so CLI command files can keep their imports limited to
/// `envseal::ops::*`.
pub fn print_dataflow_report(result: &crate::supervisor::SupervisedResult, secret_name: &str) {
    crate::supervisor::print_dataflow_report(result, secret_name);
}

/// Inject a single secret into a child command (default vault, exec mode).
///
/// # Errors
/// See [`crate::inject::execute`].
pub fn inject(secret_name: &str, env_var: &str, command: &[String]) -> Result<(), Error> {
    let vault = Vault::open_default()?;
    let request = crate::inject::InjectRequest {
        secret_name,
        env_var,
        command,
    };
    crate::inject::execute(&vault, &request)
}

/// Inject several secrets into a single child command (default vault).
///
/// # Errors
/// See [`crate::inject::execute_multi`].
pub fn inject_multi(mappings: &[(&str, &str)], command: &[String]) -> Result<(), Error> {
    let vault = Vault::open_default()?;
    crate::inject::execute_multi(&vault, mappings, command)
}

/// Read a `.envseal` file and inject all of its mappings into `command`.
///
/// # Errors
/// Returns parse / IO errors from `envseal_file::parse_envseal_file` plus
/// whatever [`inject_multi`] returns.
pub fn inject_file(file_path: &Path, command: &[String]) -> Result<(), Error> {
    let mappings = crate::envseal_file::parse_envseal_file(file_path)?;
    if mappings.is_empty() {
        return Err(Error::CryptoFailure(format!(
            "no mappings found in {}",
            file_path.display()
        )));
    }
    let mapping_refs: Vec<(&str, &str)> = mappings
        .iter()
        .map(|m| (m.secret_name.as_str(), m.env_var.as_str()))
        .collect();
    inject_multi(&mapping_refs, command)
}

/// `(env_var, secret_name)` pair surfaced by [`discover_envseal_mappings`].
///
/// Re-exported so CLI/MCP/desktop callers don't have to import
/// `envseal::file::EnvMapping` directly.
#[derive(Debug, Clone)]
pub struct EnvsealMapping {
    /// Environment variable name (e.g. `DATABASE_URL`).
    pub env_var: String,
    /// Vault secret name (e.g. `database-url`).
    pub secret_name: String,
}

/// Discover the `.envseal` mappings that apply to `cwd`.
///
/// Walks up from `cwd` looking for a project `.envseal`, then merges with
/// `~/.envseal` (project overrides global on env-var collisions). Returns
/// `Ok(None)` when neither file exists.
///
/// # Errors
/// Returns parse / IO errors from the underlying parser.
pub fn discover_envseal_mappings(cwd: &Path) -> Result<Option<Vec<EnvsealMapping>>, Error> {
    Ok(
        crate::envseal_file::discover_and_load(cwd)?.map(|mappings| {
            mappings
                .into_iter()
                .map(|m| EnvsealMapping {
                    env_var: m.env_var,
                    secret_name: m.secret_name,
                })
                .collect()
        }),
    )
}

/// Discover-and-inject: find the `.envseal` mappings for `cwd` and inject
/// all of them into `command`. Returns the number of mappings injected.
///
/// # Errors
/// Returns `Error::SecretNotFound` when no `.envseal` mapping file is
/// reachable from `cwd` or it has zero mappings — these are config
/// problems, not crypto failures, so they previously surfaced under
/// the wrong category. Any inject-side errors propagate verbatim.
pub fn run_with_envseal(cwd: &Path, command: &[String]) -> Result<usize, Error> {
    let Some(mappings) = discover_envseal_mappings(cwd)? else {
        return Err(Error::SecretNotFound(
            ".envseal file (run `envseal init` to scaffold one, or use \
             `envseal inject` / `envseal inject-file` explicitly)"
                .to_string(),
        ));
    };
    if mappings.is_empty() {
        return Err(Error::SecretNotFound(
            ".envseal file has no mappings".to_string(),
        ));
    }
    let count = mappings.len();
    let refs: Vec<(&str, &str)> = mappings
        .iter()
        .map(|m| (m.secret_name.as_str(), m.env_var.as_str()))
        .collect();
    inject_multi(&refs, command)?;
    Ok(count)
}

/// Pipe-mode injection.
///
/// Thin re-export of [`crate::execution::pipe::pipe`] — delegates the
/// security work to the shared `prepare_execution` path.
///
/// # Errors
/// See [`crate::execution::pipe::pipe`].
pub fn pipe(secret_name: &str, command: &[String]) -> Result<(), Error> {
    crate::execution::pipe::pipe(secret_name, command)
}

/// Pipe-mode injection with optional stdio isolation for transport safety.
///
/// Thin re-export of [`crate::execution::pipe::pipe_with_stdio_isolation`].
///
/// # Errors
/// See [`crate::execution::pipe::pipe_with_stdio_isolation`].
pub fn pipe_with_stdio_isolation(
    secret_name: &str,
    command: &[String],
    isolate_stdio: bool,
) -> Result<(), Error> {
    crate::execution::pipe::pipe_with_stdio_isolation(secret_name, command, isolate_stdio)
}

/// Pipe-mode injection that returns the child's exit code on
/// success. Audit M10: lets MCP `pipe` surface the real exit code
/// rather than hardcoding 0.
///
/// # Errors
/// See [`crate::execution::pipe::pipe_with_stdio_isolation_capture`].
pub fn pipe_with_stdio_isolation_capture(
    secret_name: &str,
    command: &[String],
    isolate_stdio: bool,
) -> Result<i32, Error> {
    crate::execution::pipe::pipe_with_stdio_isolation_capture(secret_name, command, isolate_stdio)
}