pub const AGENT_KEY_ENV: &str = "NEWT_AGENT_KEY";Expand description
Environment variable a Newt host sets when spawning a provider plugin to
hand the plugin a base64-encoded JSON CertChain (an attenuated
AgentKey) for this dispatch.
Phase 1c transport (issue #35). The host minted this child cert by
calling AgentKey::delegate on its own parent key — so the chain is
signed end-to-end, attenuation is structurally enforced, and the plugin
can verify the chain locally without a separate trust anchor (the chain
roots at the user’s UserPublic, which is embedded in the leaf cert).
Plugins that don’t read this env var run with whatever ambient authority they had before phase 1c — that’s a deliberate back-compat behavior for older plugins. Plugins built against phase 1c or later SHOULD read this and use it as the source of truth for every tool dispatch they make.
Why env var (and not a CompleteRequest field)?
- Simpler — no protocol-version bump required, older plugins ignore it.
- Per-process — the cert is attached to the plugin’s lifetime, not to any individual call.
- Phase 1d can swap env-var transport for a stdin handshake without changing the wire JSON shape (just stop reading env, start reading stdin). The wire format (base64’d CertChain JSON) is stable.
Caveat: env vars on Unix are visible to other processes running as
the same uid (via /proc/$PID/environ). For 35c this is acceptable
because the plugin and host run with the same authority anyway — the
adversary model is a confused plugin, not a same-uid attacker reading
/proc. Phase 1d hardens this by moving the handshake to stdin.