Skip to main content

Module credential_envelope

plexus_core::plexus

Module credential_envelope 

Source
Expand description

Dispatch-time credential interception (AUTHZ-CRED-CORE-2).

This module contains the plexus-core half of the dispatch-time credential interception described in AUTHZ-CRED-CORE-2. The other half lives in plexus-auth-core:

  • Credential<T>::Serialize emits the sentinel {"$credential": "<id>"} inline AND captures the inner value into a thread-local sidecar when a DispatchCaptureGuard is active on the current thread.
  • DispatchCaptureGuard::install is the (currently pub(crate)) setter for that thread-local.

plexus-core’s responsibility is, at every dispatch-time serialization point that produces a wire stream item:

  1. Install a fresh dispatch sidecar before serializing.
  2. Serialize the body — credentials within emit sentinels inline and register their values in the sidecar.
  3. Drain the sidecar and attach the captured entries to the wire envelope as a _credentials field.
  4. Apply cookie projection: for entries whose AttachmentSite::Cookie { name } matches the active transport’s cookie-capable surface, drop the value field from the sidecar entry and record a Set-Cookie projection hint that the transport layer reads.

See plans/AUTHZ/AUTHZ-CRED-CORE-2.md for the full required-behavior table and plans/AUTHZ/AUTHZ-CRED-CORE-2-RUN-NOTES.md for the capture-side blocker.

Structs§

CookieProjectionHint
Out-of-band projection hint emitted alongside a stream item whose payload contained a cookie-shaped credential. The transport layer reads these hints and turns each one into a Set-Cookie: <name>=<value>; HttpOnly; Secure; SameSite=None; Path=/; Max-Age=<seconds> header on the response.

Enums§

CookieProjector
Per-transport policy for which AttachmentSite::Cookie credentials should be projected into Set-Cookie headers and removed from the JSON sidecar’s value field.

Functions§

check_returns_schema_for_credentials_collision
Inspect a serialized JSON value’s top-level keys and emit a schema-build warning if any of them are _credentials. Used by the schema constructors (PluginSchema::leaf, ::hub) to surface AUTHZ-CRED-CORE-2 acceptance criterion #8 at build time.
format_set_cookie_header
Compute the Set-Cookie header string for a single projection hint.
warn_on_credentials_field_collision
Schema-build warning emitted when a method’s return-type schema declares a top-level field named _credentials. The framework reserves that name for the credential sidecar (AUTHZ-CRED-CORE-2 §“Wire envelope shape”). When a backend has such a field, the framework’s projection shadows it.