envseal 0.3.9

Write-only secret vault with process-level access control — post-agent secret management
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13

//! Invariant: non-shell, non-interpreter binaries produce no warning.
#[test]
fn shell_warning_none_for_safe_binary() {
    // Safe binaries like "wrangler", "npm", "cargo" should produce
    // no shell warning. We verify the assumption.
    let safe = ["wrangler", "npm", "cargo", "docker", "kubectl"];
    for name in &safe {
        assert!(
            !["bash", "sh", "zsh", "fish", "dash", "python", "node"].contains(name),
            "Fix: {name} is not a shell interpreter"
        );
    }
}