Skip to main content

kovra_wrapper/
error.rs

1//! Wrapper errors. No variant ever carries a secret value (I12).
2
3use kovra_core::CoreError;
4use thiserror::Error;
5
6/// Errors produced while resolving and launching a child process.
7#[derive(Debug, Error)]
8pub enum WrapperError {
9    /// A core operation failed (resolution, vault I/O, crypto). Carries no
10    /// secret material (I12).
11    #[error(transparent)]
12    Core(#[from] CoreError),
13
14    /// The target command is not on the executor allowlist, so it is ineligible
15    /// to receive `high`/`prod` injection (I15). Carries the program path only,
16    /// never a value.
17    #[error("`{program}` is not on the executor allowlist; high/prod injection refused (I15)")]
18    NotAllowlisted {
19        /// The rejected program path (an address, never a value).
20        program: String,
21    },
22
23    /// The attended confirmation was explicitly denied; injection is refused.
24    #[error("confirmation denied; high/prod injection refused")]
25    ConfirmationDenied,
26
27    /// No confirmation arrived within the timeout; the broker fails safe to
28    /// denial (§8), so injection is refused.
29    #[error("confirmation timed out; high/prod injection refused")]
30    ConfirmationTimedOut,
31
32    /// The child process could not be launched. Carries an OS context string
33    /// only, never a value.
34    #[error("failed to launch child process: {0}")]
35    Spawn(String),
36}