busya/ss-tools
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(027): stabilize shared acceptance gates and compatibility collateral

Browse Source
This commit is contained in:
busya
2026-03-17 11:07:49 +03:00
parent 023bacde39
commit 18bdde0a81
19 changed files with 749 additions and 552 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
backend/src/services/llm_provider.py
View File

@@ -23,14 +23,25 @@ MASKED_API_KEY_PLACEHOLDER = "********"
# @PURPOSE: Load and validate the Fernet key used for secret encryption.
# @PRE: ENCRYPTION_KEY environment variable must be set to a valid Fernet key.
# @POST: Returns validated key bytes ready for Fernet initialization.
# @RELATION: DEPENDS_ON -> backend.src.core.logger
# @SIDE_EFFECT: Emits belief-state logs for missing or invalid encryption configuration.
# @INVARIANT: Encryption initialization never falls back to a hardcoded secret.
def _require_fernet_key() -> bytes:
raw_key = os.getenv("ENCRYPTION_KEY", "").strip()
if not raw_key:
raise RuntimeError("ENCRYPTION_KEY must be set to a valid Fernet key")
with belief_scope("_require_fernet_key"):
raw_key = os.getenv("ENCRYPTION_KEY", "").strip()
if not raw_key:
logger.explore("Missing ENCRYPTION_KEY blocks EncryptionManager initialization")
raise RuntimeError("ENCRYPTION_KEY must be set")
key = raw_key.encode()
Fernet(key)
return key
key = raw_key.encode()
try:
Fernet(key)
except Exception as exc:
logger.explore("Invalid ENCRYPTION_KEY blocks EncryptionManager initialization")
raise RuntimeError("ENCRYPTION_KEY must be a valid Fernet key") from exc
logger.reflect("Validated ENCRYPTION_KEY for EncryptionManager initialization")
return key
# [/DEF:_require_fernet_key:Function]
# [DEF:EncryptionManager:Class]