oxi-ai 0.25.8

Unified LLM API — multi-provider streaming interface for AI coding assistants
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128

//! Wrapper type to prevent accidental exposure of sensitive data (e.g., API keys).
//!
//! `Secret<T>` masks values in `Debug` and `Display` implementations.
//! The actual value is only accessible via [`expose()`](Secret::expose).

use std::fmt;

/// A wrapper for sensitive data such as API keys.
///
/// # Examples
/// ```ignore
/// let key = Secret::new("sk-ant-1234567890abcdef".to_string());
/// println!("{key:?}");   // Secret([REDACTED])
/// println!("{key}");     // sk-an...cdef
/// let header = format!("Bearer {}", key.expose());
/// ```
#[derive(Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub struct Secret<T> {
    inner: T,
}

impl<T> Secret<T> {
    /// Wraps a sensitive value.
    pub fn new(value: T) -> Self {
        Self { inner: value }
    }

    /// Access the underlying value. Use only in essential logic such as HTTP header generation.
    pub fn expose(&self) -> &T {
        &self.inner
    }

    /// Extract the value by transferring ownership.
    pub fn expose_owned(self) -> T {
        self.inner
    }

    /// Transform the inner value.
    pub fn map<U>(self, f: impl FnOnce(T) -> U) -> Secret<U> {
        Secret::new(f(self.inner))
    }
}

impl<T> fmt::Debug for Secret<T> {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.write_str("Secret([REDACTED])")
    }
}

impl fmt::Display for Secret<String> {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        let s = &self.inner;
        if s.len() > 8 {
            write!(f, "{}...{}", &s[..4], &s[s.len() - 4..])
        } else {
            f.write_str("[REDACTED]")
        }
    }
}

impl serde::Serialize for Secret<String> {
    fn serialize<S: serde::Serializer>(&self, s: S) -> Result<S::Ok, S::Error> {
        // Don't serialize the actual secret value
        s.serialize_str("[REDACTED]")
    }
}

impl<'de> serde::Deserialize<'de> for Secret<String> {
    fn deserialize<D: serde::Deserializer<'de>>(d: D) -> Result<Self, D::Error> {
        Ok(Self::new(String::deserialize(d)?))
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn debug_masks_value() {
        let s = Secret::new("sk-ant-12345678".to_string());
        assert_eq!(format!("{s:?}"), "Secret([REDACTED])");
    }

    #[test]
    fn display_short_value_redacted() {
        let s = Secret::new("short".to_string());
        assert_eq!(format!("{s}"), "[REDACTED]");
    }

    #[test]
    fn display_long_value_partial() {
        let s = Secret::new("sk-ant-12345678".to_string());
        assert_eq!(format!("{s}"), "sk-a...5678");
    }

    #[test]
    fn expose_returns_inner() {
        let s = Secret::new("secret-key".to_string());
        assert_eq!(s.expose(), "secret-key");
    }

    #[test]
    fn expose_owned_consumes() {
        let s = Secret::new("my-key".to_string());
        let inner = s.expose_owned();
        assert_eq!(inner, "my-key");
    }

    #[test]
    fn map_transforms() {
        let s = Secret::new("key".to_string());
        let mapped = s.map(|v| v.len());
        assert_eq!(*mapped.expose(), 3);
    }

    #[test]
    fn serde_roundtrip() {
        let s = Secret::new("sk-test-123".to_string());
        let json = serde_json::to_string(&s).unwrap();
        // Serialize should mask the value
        assert!(json.contains("[REDACTED]"));
        assert!(!json.contains("sk-test-123"));
        // Deserialize still works (from non-redacted JSON)
        let input_json = r#""sk-test-123""#;
        let back: Secret<String> = serde_json::from_str(input_json).unwrap();
        assert_eq!(back.expose(), "sk-test-123");
    }
}