pmetal-core 0.3.6

Core types, traits, and configuration for PMetal LLM fine-tuning
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151

//! Secure handling of sensitive data like API tokens and credentials.
//!
//! This module wraps the [`secrecy`] crate to provide types that prevent
//! accidental exposure of secrets in logs, error messages, and debug output.
//! Secrets are zeroized on drop via the `zeroize` crate (transitive dep).

use std::fmt;

use secrecy::ExposeSecret;

/// A string type that redacts its content in Debug and Display implementations.
///
/// Backed by [`secrecy::SecretBox<str>`], which zeroizes the inner string on drop.
/// The underlying value can only be accessed explicitly via
/// [`expose_secret`][SecretString::expose_secret].
///
/// # Example
///
/// ```
/// use pmetal_core::SecretString;
///
/// let token = SecretString::new("sk-secret-key-12345");
///
/// // Debug output shows [REDACTED], not the actual secret
/// assert_eq!(format!("{:?}", token), "SecretString([REDACTED])");
///
/// // Display also shows [REDACTED]
/// assert_eq!(format!("{}", token), "[REDACTED]");
///
/// // Access the secret explicitly when needed
/// assert_eq!(token.expose_secret(), "sk-secret-key-12345");
/// ```
pub struct SecretString {
    inner: secrecy::SecretString,
}

impl Clone for SecretString {
    fn clone(&self) -> Self {
        Self::new(self.expose_secret())
    }
}

impl Default for SecretString {
    fn default() -> Self {
        Self::new("")
    }
}

impl SecretString {
    /// Create a new `SecretString` from a string value.
    pub fn new(secret: impl Into<String>) -> Self {
        let s: String = secret.into();
        Self {
            inner: secrecy::SecretBox::new(s.into_boxed_str()),
        }
    }

    /// Create a `SecretString` from an optional string.
    ///
    /// Returns `None` if the input is `None`.
    pub fn from_option(secret: Option<impl Into<String>>) -> Option<Self> {
        secret.map(|s| Self::new(s))
    }

    /// Expose the secret value.
    ///
    /// This is the only way to access the actual secret content.
    /// Use sparingly and ensure the exposed value is not logged or displayed.
    #[inline]
    pub fn expose_secret(&self) -> &str {
        self.inner.expose_secret()
    }

    /// Check if the secret is empty.
    pub fn is_empty(&self) -> bool {
        self.inner.expose_secret().is_empty()
    }

    /// Get the length of the secret.
    pub fn len(&self) -> usize {
        self.inner.expose_secret().len()
    }
}

impl fmt::Debug for SecretString {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "SecretString([REDACTED])")
    }
}

impl fmt::Display for SecretString {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "[REDACTED]")
    }
}

impl From<String> for SecretString {
    fn from(s: String) -> Self {
        Self::new(s)
    }
}

impl From<&str> for SecretString {
    fn from(s: &str) -> Self {
        Self::new(s)
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_secret_string_debug_redacts() {
        let secret = SecretString::new("my-secret-token");
        assert_eq!(format!("{:?}", secret), "SecretString([REDACTED])");
    }

    #[test]
    fn test_secret_string_display_redacts() {
        let secret = SecretString::new("my-secret-token");
        assert_eq!(format!("{}", secret), "[REDACTED]");
    }

    #[test]
    fn test_secret_string_expose() {
        let secret = SecretString::new("my-secret-token");
        assert_eq!(secret.expose_secret(), "my-secret-token");
    }

    #[test]
    fn test_secret_string_from_option() {
        let some_secret = SecretString::from_option(Some("token"));
        assert!(some_secret.is_some());
        assert_eq!(some_secret.unwrap().expose_secret(), "token");

        let no_secret: Option<SecretString> = SecretString::from_option(None::<String>);
        assert!(no_secret.is_none());
    }

    #[test]
    fn test_secret_string_len() {
        let secret = SecretString::new("12345");
        assert_eq!(secret.len(), 5);
        assert!(!secret.is_empty());

        let empty = SecretString::default();
        assert_eq!(empty.len(), 0);
        assert!(empty.is_empty());
    }
}