Skip to content

feat(exec): add secret=True to mark target outputs as in-memory-only#136

Open
raphaelvigee wants to merge 3 commits into
masterfrom
worktree-bridge-cse_01PC3hJJRnZJbH82m6fikG8h
Open

feat(exec): add secret=True to mark target outputs as in-memory-only#136
raphaelvigee wants to merge 3 commits into
masterfrom
worktree-bridge-cse_01PC3hJJRnZJbH82m6fikG8h

Conversation

@raphaelvigee

Copy link
Copy Markdown
Member

What

Adds a secret = True attribute to exec targets. A secret target:

  • has all outputs marked secret;
  • is forced uncached — setting a caching cache value alongside secret is an error (not a silent override); cache = False is fine;
  • has its outputs never written to disk — they are held in memory only. Materializing them into a consuming target's sandbox is still fine.

How

  • exec spec (spec.rs): new secret bool attribute. parse() rejects secret + an explicit caching cache, otherwise forces the target uncached via CacheConfig::secret().
  • CacheConfig (driver.rs + proto + ABI convert.rs): gains a secret flag, threaded TargetSpec → TargetDef.
  • engine: secret outputs route to a new mem-only local_cache_secret store backed by a DenyDurable fallthrough, so a secret can never spill to disk; the execute path treats a secret target as uncached (use_tmp_cache).

Tests

  • plugin-exec: secret forces uncached; secret + cache=False ok; secret + explicit cache=True errors; default not secret.
  • engine: secret outputs stay in the in-memory store, are readable, and never reach the durable on-disk cache.

🤖 Generated with Claude Code

raphaelvigee and others added 3 commits June 28, 2026 00:54
A target with `secret = True` has all its outputs marked secret: the
target is forced uncached and its outputs are never written to disk,
held in memory only (materializing into a consuming target's sandbox is
still fine). Setting a caching `cache` value alongside `secret` is an
error rather than a silent override.

- exec spec: new `secret` bool attribute; parse rejects secret + explicit
  caching `cache`, otherwise forces the target uncached.
- CacheConfig gains a `secret` flag (proto + ABI), threaded into TargetDef.
- engine: secret outputs route to a new mem-only `local_cache_secret`
  store backed by a deny-durable, so they never spill to disk; a secret
  target is treated as uncached on the execute path.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Drop the magic that silently forced a `secret` target uncached. A secret
target now must declare `cache = False` itself; secret with caching on
(including the default) errors. `secret` no longer leaks into the
engine's uncached/unique-key decisions — it only selects the in-memory
secret store, while the uncached behavior comes from `cache = False`.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Move the "secret target must be uncached" check out of the exec driver
and into the engine's get_def_inner, via validate_secret_cache, so the
contract is enforced uniformly for every driver. The exec driver now
just threads the `secret` flag into CacheConfig; the engine errors if a
secret target has caching enabled (the author must set cache=False).

Drops the now-unused CacheConfig::secret() helper.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant