nono-proxy 0.64.0

Network filtering proxy for the nono sandbox
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

//! Proxy startup diagnostics (credential load and OAuth exchange failures).

use serde::{Deserialize, Serialize};

/// Severity of a proxy diagnostic.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum ProxyDiagnosticSeverity {
    Info,
    Warning,
    Error,
}

/// Stable diagnostic code for proxy credential and route issues.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
#[non_exhaustive]
pub enum ProxyDiagnosticCode {
    CredentialNotFound,
    CredentialUnavailable,
    OAuthClientIdUnavailable,
    OAuthClientSecretUnavailable,
    OAuthTokenExchangeFailed,
}

impl ProxyDiagnosticCode {
    /// Stable snake_case label matching JSON serialization.
    #[must_use]
    pub fn as_str(self) -> &'static str {
        match self {
            Self::CredentialNotFound => "credential_not_found",
            Self::CredentialUnavailable => "credential_unavailable",
            Self::OAuthClientIdUnavailable => "oauth_client_id_unavailable",
            Self::OAuthClientSecretUnavailable => "oauth_client_secret_unavailable",
            Self::OAuthTokenExchangeFailed => "oauth_token_exchange_failed",
        }
    }
}

/// One proxy startup diagnostic.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct ProxyDiagnostic {
    pub code: ProxyDiagnosticCode,
    pub severity: ProxyDiagnosticSeverity,
    pub route_prefix: String,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub credential_ref: Option<String>,
    pub message: String,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub hint: Option<String>,
}

impl ProxyDiagnostic {
    #[must_use]
    pub fn warning(
        code: ProxyDiagnosticCode,
        route_prefix: impl Into<String>,
        message: impl Into<String>,
    ) -> Self {
        Self {
            code,
            severity: ProxyDiagnosticSeverity::Warning,
            route_prefix: route_prefix.into(),
            credential_ref: None,
            message: message.into(),
            hint: None,
        }
    }

    #[must_use]
    pub fn with_credential_ref(mut self, credential_ref: impl Into<String>) -> Self {
        self.credential_ref = Some(credential_ref.into());
        self
    }

    #[must_use]
    pub fn with_hint(mut self, hint: impl Into<String>) -> Self {
        self.hint = Some(hint.into());
        self
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn proxy_diagnostic_serializes_stable_code() {
        let diagnostic = ProxyDiagnostic::warning(
            ProxyDiagnosticCode::CredentialNotFound,
            "openai",
            "Credential not found",
        )
        .with_credential_ref("op://vault/item/secret");
        let json = serde_json::to_string(&diagnostic).expect("json");
        assert!(json.contains("\"credential_not_found\""));
        assert!(json.contains("\"openai\""));
    }
}