kovra-core 0.9.0

Core of kovra — local secrets manager for development: vault, sensitivity policy, providers, and the security invariants.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130

//! Time behind a trait (CLAUDE.md rule 4: the clock is a trait).
//!
//! L3 is the first layer that observes time — audit timestamps (§11) and
//! confirmation deadlines (§8). Both go through [`Clock`] so core logic is
//! tested deterministically with [`MockClock`]; production uses [`SystemClock`].

use std::time::{Duration, SystemTime, UNIX_EPOCH};

/// A source of wall-clock time. Returns both a monotonic-ish epoch instant (for
/// deadline math) and an RFC-3339 rendering (for audit records).
pub trait Clock: Send + Sync {
    /// Seconds since the Unix epoch (UTC).
    fn unix_secs(&self) -> u64;

    /// The current time as an RFC-3339 / ISO-8601 UTC string, e.g.
    /// `2026-05-30T22:18:30Z`. Default impl derives it from [`Clock::unix_secs`].
    fn now_rfc3339(&self) -> String {
        format_rfc3339_utc(self.unix_secs())
    }
}

/// Real system clock.
#[derive(Debug, Default, Clone, Copy)]
pub struct SystemClock;

impl Clock for SystemClock {
    fn unix_secs(&self) -> u64 {
        SystemTime::now()
            .duration_since(UNIX_EPOCH)
            .unwrap_or(Duration::ZERO)
            .as_secs()
    }
}

/// Deterministic, advanceable clock for tests.
#[derive(Debug)]
pub struct MockClock {
    secs: std::sync::atomic::AtomicU64,
}

impl MockClock {
    /// A mock clock fixed at `secs` since the epoch.
    pub fn at(secs: u64) -> Self {
        Self {
            secs: std::sync::atomic::AtomicU64::new(secs),
        }
    }

    /// Advance the mock clock by `secs` seconds (simulating elapsed time).
    pub fn advance(&self, secs: u64) {
        self.secs
            .fetch_add(secs, std::sync::atomic::Ordering::SeqCst);
    }
}

impl Default for MockClock {
    fn default() -> Self {
        // A fixed, recognizable instant: 2026-05-30T00:00:00Z.
        Self::at(1_780_099_200)
    }
}

impl Clock for MockClock {
    fn unix_secs(&self) -> u64 {
        self.secs.load(std::sync::atomic::Ordering::SeqCst)
    }
}

/// Format a Unix-seconds instant as an RFC-3339 UTC string (`...Z`), using the
/// civil-from-days algorithm — no external date dependency.
fn format_rfc3339_utc(unix_secs: u64) -> String {
    let days = (unix_secs / 86_400) as i64;
    let secs_of_day = unix_secs % 86_400;
    let (hour, min, sec) = (
        secs_of_day / 3600,
        (secs_of_day % 3600) / 60,
        secs_of_day % 60,
    );

    // Howard Hinnant's civil_from_days (epoch = 1970-01-01).
    let z = days + 719_468;
    let era = if z >= 0 { z } else { z - 146_096 } / 146_097;
    let doe = (z - era * 146_097) as u64; // [0, 146096]
    let yoe = (doe - doe / 1460 + doe / 36_524 - doe / 146_096) / 365; // [0, 399]
    let year = yoe as i64 + era * 400;
    let doy = doe - (365 * yoe + yoe / 4 - yoe / 100); // [0, 365]
    let mp = (5 * doy + 2) / 153; // [0, 11]
    let day = doy - (153 * mp + 2) / 5 + 1; // [1, 31]
    let month = if mp < 10 { mp + 3 } else { mp - 9 }; // [1, 12]
    let year = if month <= 2 { year + 1 } else { year };

    format!("{year:04}-{month:02}-{day:02}T{hour:02}:{min:02}:{sec:02}Z")
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn mock_clock_is_fixed_then_advances() {
        let c = MockClock::at(1000);
        assert_eq!(c.unix_secs(), 1000);
        c.advance(50);
        assert_eq!(c.unix_secs(), 1050);
    }

    #[test]
    fn rfc3339_formats_known_instants() {
        // 0 → epoch.
        assert_eq!(format_rfc3339_utc(0), "1970-01-01T00:00:00Z");
        // A known instant: 2026-05-30T00:00:00Z.
        assert_eq!(format_rfc3339_utc(1_780_099_200), "2026-05-30T00:00:00Z");
        // With time-of-day.
        assert_eq!(
            format_rfc3339_utc(1_780_099_200 + 3661),
            "2026-05-30T01:01:01Z"
        );
    }

    #[test]
    fn mock_default_clock_renders_expected_date() {
        assert_eq!(MockClock::default().now_rfc3339(), "2026-05-30T00:00:00Z");
    }

    #[test]
    fn system_clock_is_after_2020() {
        // Sanity: real clock returns a plausible recent instant.
        assert!(SystemClock.unix_secs() > 1_577_836_800); // 2020-01-01
    }
}