feat(exec): add secret=True to mark target outputs as in-memory-only#136
Open
raphaelvigee wants to merge 3 commits into
Open
feat(exec): add secret=True to mark target outputs as in-memory-only#136raphaelvigee wants to merge 3 commits into
raphaelvigee wants to merge 3 commits into
Conversation
A target with `secret = True` has all its outputs marked secret: the target is forced uncached and its outputs are never written to disk, held in memory only (materializing into a consuming target's sandbox is still fine). Setting a caching `cache` value alongside `secret` is an error rather than a silent override. - exec spec: new `secret` bool attribute; parse rejects secret + explicit caching `cache`, otherwise forces the target uncached. - CacheConfig gains a `secret` flag (proto + ABI), threaded into TargetDef. - engine: secret outputs route to a new mem-only `local_cache_secret` store backed by a deny-durable, so they never spill to disk; a secret target is treated as uncached on the execute path. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Drop the magic that silently forced a `secret` target uncached. A secret target now must declare `cache = False` itself; secret with caching on (including the default) errors. `secret` no longer leaks into the engine's uncached/unique-key decisions — it only selects the in-memory secret store, while the uncached behavior comes from `cache = False`. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Move the "secret target must be uncached" check out of the exec driver and into the engine's get_def_inner, via validate_secret_cache, so the contract is enforced uniformly for every driver. The exec driver now just threads the `secret` flag into CacheConfig; the engine errors if a secret target has caching enabled (the author must set cache=False). Drops the now-unused CacheConfig::secret() helper. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds a
secret = Trueattribute to exec targets. A secret target:cachevalue alongsidesecretis an error (not a silent override);cache = Falseis fine;How
spec.rs): newsecretbool attribute.parse()rejectssecret+ an explicit cachingcache, otherwise forces the target uncached viaCacheConfig::secret().driver.rs+ proto + ABIconvert.rs): gains asecretflag, threadedTargetSpec → TargetDef.local_cache_secretstore backed by aDenyDurablefallthrough, so a secret can never spill to disk; the execute path treats a secret target as uncached (use_tmp_cache).Tests
plugin-exec: secret forces uncached;secret+cache=Falseok;secret+ explicitcache=Trueerrors; default not secret.engine: secret outputs stay in the in-memory store, are readable, and never reach the durable on-disk cache.🤖 Generated with Claude Code