e744336385
C-6: ConnectorRuntime enforces capability_mask per operation.
READ-only ACs cannot invoke MUTATE operations (wipe, lock, retire).
C-7: AC validated against database (exists, active, not expired)
before connector invocation.
C-9: Delegated AC capability bounded by delegator's capability.
C-10: Command counter uses atomic SQL increment with limit check.
M-23: expire_stale() uses same atomic SQL pattern.
H-1: Sensitive credential fields hidden from repr/logs via repr=False.
H-2: Stub backend requires ALLOW_STUB_CREDENTIALS=true to activate.
H-3: Kerberos backend raises CredentialResolutionError instead of
returning stub ticket.
H-4: Chronicle INTENT emitted before execution, RESULT after.
H-5: device_id validated as UUID before Graph API URL interpolation.
H-8: ConnectorRuntime enforces governance for all connector invocations.
Signed-off-by: Tyler King <tking@guildhouse.dev>
23 lines
458 B
Cython
23 lines
458 B
Cython
# flake8: noqa
|
|
|
|
|
|
cdef inline add_flowcontrol_defaults(high, low, int kb):
|
|
cdef int h, l
|
|
if high is None:
|
|
if low is None:
|
|
h = kb * 1024
|
|
else:
|
|
l = low
|
|
h = 4 * l
|
|
else:
|
|
h = high
|
|
if low is None:
|
|
l = h // 4
|
|
else:
|
|
l = low
|
|
|
|
if not h >= l >= 0:
|
|
raise ValueError('high (%r) must be >= low (%r) must be >= 0' %
|
|
(h, l))
|
|
|
|
return h, l
|