Expand description
Per-agent credential management for channel plugins (WhatsApp,
Telegram, Google). Exposes CredentialHandle, per-channel stores,
and an AgentCredentialResolver that binds an agent id to the
account it is allowed to use for outbound traffic.
Boot-time gauntlet validates filesystem paths, permissions, and
cross-store consistency, accumulating every error in one pass so
operators can fix the full YAML in a single edit.
Re-exports§
pub use breaker::BreakerRegistry;pub use breaker::BreakerState;pub use generic_store::validate_all_stores;pub use generic_store::GenericCredentialStore;pub use generic_store::TypedStoreAdapter;pub use wire::build_credentials;pub use wire::load_google_auth;pub use wire::print_report;pub use wire::CredentialsBundle;pub use error::BuildError;pub use error::CredentialError;pub use error::ResolveError;pub use handle::AgentId;pub use handle::Channel;pub use handle::CredentialHandle;pub use handle::Fingerprint;pub use resolver::AgentCredentialResolver;pub use resolver::AgentCredentialsInput;pub use resolver::CredentialStores;pub use resolver::StrictLevel;pub use store::CredentialStore;pub use store::ValidationReport;pub use email::load_email_secrets;pub use email::EmailAccount;pub use email::EmailAuth;pub use email::EmailCredentialStore;
Modules§
- audit
- Audit log helpers. Every outbound publish that crosses a channel
boundary should emit through
audit_outboundso thecredentials.audittarget is a single append-only trail. - breaker
- Per-(channel, instance) circuit breaker registry.
CredentialStoreimpl for IMAP/SMTP email accounts.- error
- gauntlet
- Boot-time validators. Every function is pure / filesystem-bound
and returns accumulated
BuildErrors instead of failing fast — the caller collects errors from every check and reports them in one pass so operators fix their YAML in a single edit. - generic_
store - Phase 93.6 — dyn-safe credential store keyed by plugin id.
CredentialStoreimpl for Google OAuth accounts. One account per agent (agent_idis 1:1 for V1). Holds paths to the three files the gmail-poller already uses (client_id_path,client_secret_path,token_path), plus scopes.- handle
- resolver
- Agent → credential resolver. Produced by
AgentCredentialResolver::buildafter the boot-time gauntlet validates every invariant listed inproyecto/docs/credentials.md. - store
- telegram
CredentialStoreimpl for Telegram bots. One instance = one bot token. The token material is held in-memory as aStringso the plugin can attach it to every HTTP call without hitting the filesystem per request; the gauntlet is responsible for enforcing 0o600 on the source file before the token ever reaches this store.- telemetry
- Prometheus metrics for the credential layer. Kept self-contained
in this crate so the wiring (main.rs) only has to concatenate
render_prometheusoutput with the existingnexo-coretelemetry body. CredentialStoreimpl for WhatsApp session-based accounts.- wire
- Wire layer — turns
AppConfig+google-auth.yamlinto the credential stores and resolver the runtime needs. Kept in this crate (notnexo-config) so the config crate stays a pure data shape and never pullstokio/dashmap.