Expand description
Shared registry-document mutation helpers.
Centralizes the list + edit + serialize + set transaction that
secretenv-cli and secretenv-mcp previously duplicated when
applying alias insert / remove operations to a registry’s
primary source. Per v0.16 Phase 7 architecture C-2 + code-review
Medium: extracted in v0.16.2 (Phase 1b D.2b) so both consumers
share the same writer.
§What this crate is — and what it isn’t
This crate centralizes the transaction body: the list-current-map → mutate-map → serialize → write-back chain that’s identical between CLI and MCP.
It does NOT centralize:
- Registry-source selection — CLI honors
SECRETENV_REGISTRYenv var + accepts URI-form selections; MCP intentionally rejects URI-form and only accepts named registries ([registries.<name>]). Each caller keeps its ownpick_*_sourcehelper. - Target-URI validation — exposed here as
validate_target_uribut called by each caller before committing to the transaction (the CLI’s user-facing error text + the MCP’s structuredWriteFailedoutcome want different framing). - Idempotency policy —
AliasChange::Removecarries arequiredflag: CLI’sregistry unsetbails when the alias is absent (required: true); MCP’sdelete_aliastreats an absent alias as success (required: false).
§SEC-INV-02 compliance
This crate depends on secretenv-core with the default-features
set (no opt-in to value-access) — the registry-document write
path takes a serialized &str (an alias→URI map, NOT a
Secret<T> value). Backend::set(uri, &str) is the
value-free trait method per SEC-INV-02; passing it a registry
document is the structurally-safe call.
Enums§
- Alias
Change - Describes the change to apply to one registry document.
Functions§
- apply_
change - Apply
changeto the registry document atsource_uri. - validate_
target_ uri - Validate that
target_uriis a legal alias destination: