kovra_wrapper/lib.rs
1//! `kovra-wrapper` — the `kovra run` engine (spec §5, invariants I7/I15/I16).
2//!
3//! A thin face over `kovra-core`: it resolves an `.env.refs` (L4), applies the
4//! core policy decision for injection (I3/I15), enforces the **executor
5//! allowlist** (I15) and the **attended confirmation** (I3) for `high`/`prod`
6//! values, injects the resolved values into a child process **without ever
7//! touching disk** (I7), and optionally masks injected values in the child's
8//! output (§5.1 margin defense — a net, never a boundary).
9//!
10//! All policy lives in `core`; this crate orchestrates and launches. OS-facing
11//! work (spawning the child) is behind the [`ProcessRunner`] trait so the whole
12//! pipeline is tested with deterministic mocks. The `kovra` CLI (L7) wires this
13//! engine to the `run` subcommand.
14
15pub mod allowlist;
16pub mod caller;
17pub mod error;
18pub mod runner;
19pub mod sanitize;
20pub mod wrapper;
21
22pub use allowlist::Allowlist;
23pub use caller::observe_parent;
24pub use error::WrapperError;
25pub use runner::{Command, MockRunner, Output, ProcessRunner, RecordedRun, SystemRunner};
26pub use sanitize::{MASK, mask_secrets};
27pub use wrapper::Wrapper;