e744336385
C-6: ConnectorRuntime enforces capability_mask per operation.
READ-only ACs cannot invoke MUTATE operations (wipe, lock, retire).
C-7: AC validated against database (exists, active, not expired)
before connector invocation.
C-9: Delegated AC capability bounded by delegator's capability.
C-10: Command counter uses atomic SQL increment with limit check.
M-23: expire_stale() uses same atomic SQL pattern.
H-1: Sensitive credential fields hidden from repr/logs via repr=False.
H-2: Stub backend requires ALLOW_STUB_CREDENTIALS=true to activate.
H-3: Kerberos backend raises CredentialResolutionError instead of
returning stub ticket.
H-4: Chronicle INTENT emitted before execution, RESULT after.
H-5: device_id validated as UUID before Graph API URL interpolation.
H-8: ConnectorRuntime enforces governance for all connector invocations.
Signed-off-by: Tyler King <tking@guildhouse.dev>
80 lines
2.3 KiB
Cython
80 lines
2.3 KiB
Cython
cdef class UVProcess(UVHandle):
|
|
cdef:
|
|
object _returncode
|
|
object _pid
|
|
|
|
object _errpipe_read
|
|
object _errpipe_write
|
|
object _preexec_fn
|
|
bint _restore_signals
|
|
|
|
list _fds_to_close
|
|
|
|
# Attributes used to compose uv_process_options_t:
|
|
uv.uv_process_options_t options
|
|
uv.uv_stdio_container_t[3] iocnt
|
|
list __env
|
|
char **uv_opt_env
|
|
list __args
|
|
char **uv_opt_args
|
|
char *uv_opt_file
|
|
bytes __cwd
|
|
|
|
cdef _close_process_handle(self)
|
|
|
|
cdef _init(self, Loop loop, list args, dict env, cwd,
|
|
start_new_session,
|
|
_stdin, _stdout, _stderr, pass_fds,
|
|
debug_flags, preexec_fn, restore_signals)
|
|
|
|
cdef _after_fork(self)
|
|
|
|
cdef char** __to_cstring_array(self, list arr)
|
|
cdef _init_args(self, list args)
|
|
cdef _init_env(self, dict env)
|
|
cdef _init_files(self, _stdin, _stdout, _stderr)
|
|
cdef _init_options(self, list args, dict env, cwd, start_new_session,
|
|
_stdin, _stdout, _stderr, bint force_fork)
|
|
|
|
cdef _close_after_spawn(self, int fd)
|
|
|
|
cdef _on_exit(self, int64_t exit_status, int term_signal)
|
|
cdef _kill(self, int signum)
|
|
|
|
|
|
cdef class UVProcessTransport(UVProcess):
|
|
cdef:
|
|
list _exit_waiters
|
|
list _init_futs
|
|
bint _stdio_ready
|
|
list _pending_calls
|
|
object _protocol
|
|
bint _finished
|
|
|
|
WriteUnixTransport _stdin
|
|
ReadUnixTransport _stdout
|
|
ReadUnixTransport _stderr
|
|
|
|
object stdin_proto
|
|
object stdout_proto
|
|
object stderr_proto
|
|
|
|
cdef _file_redirect_stdio(self, int fd)
|
|
cdef _file_devnull(self)
|
|
cdef _file_inpipe(self)
|
|
cdef _file_outpipe(self)
|
|
|
|
cdef _check_proc(self)
|
|
cdef _pipe_connection_lost(self, int fd, exc)
|
|
cdef _pipe_data_received(self, int fd, data)
|
|
|
|
cdef _call_connection_made(self, waiter)
|
|
cdef _try_finish(self)
|
|
|
|
@staticmethod
|
|
cdef UVProcessTransport new(Loop loop, protocol, args, env, cwd,
|
|
start_new_session,
|
|
_stdin, _stdout, _stderr, pass_fds,
|
|
waiter,
|
|
debug_flags,
|
|
preexec_fn, restore_signals)
|