Class: RailsAiContext::Introspectors::CredentialsIntrospector

Inherits:

Object

• Object
• RailsAiContext::Introspectors::CredentialsIntrospector

Defined in:

lib/rails_ai_context/introspectors/credentials_introspector.rb

Overview

Inspects Rails credentials configuration WITHOUT revealing any decrypted value. Returns file presence, master-key source (file vs env), per-environment encrypted files, and top-level key names. Covers RAILS_NERVOUS_SYSTEM.md §30 (Credentials, Secrets, Encrypted files).

Safety contract:

• Values are NEVER returned. Top-level keys are listed only when the credentials decrypt successfully; the values behind each key stay on the user’s machine.

• Master-key contents are NEVER read. Only presence (file exists vs RAILS_MASTER_KEY set) is reported.

Instance Attribute Summary

• #app ⇒ Object readonly

  Returns the value of attribute app.

Instance Method Summary

• #call ⇒ Object
• #initialize(app) ⇒ CredentialsIntrospector constructor

  A new instance of CredentialsIntrospector.

Constructor Details

#initialize(app) ⇒ CredentialsIntrospector

Returns a new instance of CredentialsIntrospector.

# File 'lib/rails_ai_context/introspectors/credentials_introspector.rb', line 20

def initialize(app)
  @app = app
end

Instance Attribute Details

#app ⇒ Object (readonly)

Returns the value of attribute app.

# File 'lib/rails_ai_context/introspectors/credentials_introspector.rb', line 18

def app
  @app
end

Instance Method Details

#call ⇒ Object

# File 'lib/rails_ai_context/introspectors/credentials_introspector.rb', line 24

def call
  {
    default: inspect_default_credentials,
    environments: inspect_environment_credentials,
    master_key_source: detect_master_key_source,
    require_master_key: !!require_master_key_flag,
    encrypted_configs: detect_encrypted_configs
  }
rescue => e
  # Never echo `e.message` into the return hash — exception messages
  # from OS errors (EACCES, ENOENT) or OpenSSL decryption failures
  # can contain absolute paths with the OS username or partial
  # ciphertext. The stderr log is fine because it's debug-gated.
  $stderr.puts "[rails-ai-context] CredentialsIntrospector#call failed: #{e.message}" if ENV["DEBUG"]
  { error: "credentials introspection failed", exception_class: e.class.name }
end