e744336385
C-6: ConnectorRuntime enforces capability_mask per operation.
READ-only ACs cannot invoke MUTATE operations (wipe, lock, retire).
C-7: AC validated against database (exists, active, not expired)
before connector invocation.
C-9: Delegated AC capability bounded by delegator's capability.
C-10: Command counter uses atomic SQL increment with limit check.
M-23: expire_stale() uses same atomic SQL pattern.
H-1: Sensitive credential fields hidden from repr/logs via repr=False.
H-2: Stub backend requires ALLOW_STUB_CREDENTIALS=true to activate.
H-3: Kerberos backend raises CredentialResolutionError instead of
returning stub ticket.
H-4: Chronicle INTENT emitted before execution, RESULT after.
H-5: device_id validated as UUID before Graph API URL interpolation.
H-8: ConnectorRuntime enforces governance for all connector invocations.
Signed-off-by: Tyler King <tking@guildhouse.dev>
75 lines
1.9 KiB
Python
75 lines
1.9 KiB
Python
from __future__ import annotations
|
|
|
|
import http
|
|
import logging
|
|
from typing import TYPE_CHECKING, Any, NewType, Sequence
|
|
|
|
|
|
__all__ = [
|
|
"Data",
|
|
"LoggerLike",
|
|
"StatusLike",
|
|
"Origin",
|
|
"Subprotocol",
|
|
"ExtensionName",
|
|
"ExtensionParameter",
|
|
]
|
|
|
|
|
|
# Public types used in the signature of public APIs
|
|
|
|
Data = str | bytes
|
|
"""Types supported in a WebSocket message:
|
|
:class:`str` for a Text_ frame, :class:`bytes` for a Binary_ frame.
|
|
|
|
.. _Text: https://datatracker.ietf.org/doc/html/rfc6455#section-5.6
|
|
.. _Binary : https://datatracker.ietf.org/doc/html/rfc6455#section-5.6
|
|
|
|
"""
|
|
|
|
BytesLike = bytes | bytearray | memoryview
|
|
"""Types accepted where :class:`bytes` is expected."""
|
|
|
|
DataLike = str | bytes | bytearray | memoryview
|
|
"""Types accepted where :class:`Data` is expected."""
|
|
|
|
if TYPE_CHECKING:
|
|
LoggerLike = logging.Logger | logging.LoggerAdapter[Any]
|
|
"""Types accepted where a :class:`~logging.Logger` is expected."""
|
|
else: # remove this branch when dropping support for Python < 3.11
|
|
LoggerLike = logging.Logger | logging.LoggerAdapter
|
|
"""Types accepted where a :class:`~logging.Logger` is expected."""
|
|
|
|
|
|
StatusLike = http.HTTPStatus | int
|
|
"""
|
|
Types accepted where an :class:`~http.HTTPStatus` is expected."""
|
|
|
|
|
|
Origin = NewType("Origin", str)
|
|
"""Value of a ``Origin`` header."""
|
|
|
|
|
|
Subprotocol = NewType("Subprotocol", str)
|
|
"""Subprotocol in a ``Sec-WebSocket-Protocol`` header."""
|
|
|
|
|
|
ExtensionName = NewType("ExtensionName", str)
|
|
"""Name of a WebSocket extension."""
|
|
|
|
ExtensionParameter = tuple[str, str | None]
|
|
"""Parameter of a WebSocket extension."""
|
|
|
|
|
|
# Private types
|
|
|
|
ExtensionHeader = tuple[ExtensionName, Sequence[ExtensionParameter]]
|
|
"""Extension in a ``Sec-WebSocket-Extensions`` header."""
|
|
|
|
|
|
ConnectionOption = NewType("ConnectionOption", str)
|
|
"""Connection option in a ``Connection`` header."""
|
|
|
|
|
|
UpgradeProtocol = NewType("UpgradeProtocol", str)
|
|
"""Upgrade protocol in an ``Upgrade`` header."""
|