package main

// SSHCredentialComposer implements the SPIRE CredentialComposer plugin interface.
//
// This is a merged plugin that handles both SSH certificate generation and
// Shellstream extension injection. In SPIRE's model, CredentialComposer plugins
// can modify credentials during the minting pipeline.
//
// The plugin:
//   - Creates an SSH user certificate with the SPIFFE ID as the primary principal
//   - Embeds Shellstream @guildhouse.dev extensions carrying governance metadata
//   - Signs the certificate using the SSH CA key (from KeyManager)
//   - Returns the certificate as part of the composed credential bundle
//
// This was originally designed as two separate plugins (ssh-svid-handler and
// shellstream-composer) but merged because both are CredentialComposer plugins
// performing conceptually one operation.
type SSHCredentialComposer struct {
	// TODO: add fields
	// - sshcert.Builder for certificate construction
	// - governance.Client for fetching current governance state
	// - config for trust domain, default TTL, etc.
}