@2nishantgdraftchecks…feat/encryption-templating-pr2-renderer → feat/encryption-templating-pr1-grammar41 files · +3807 −105updated 2d agoStacked on #10645 (grammar package); followed by #10647 (shadow parity mode). Unwired — no production caller; prod risk none.
The templating layer that PRODUCES credential node trees.
Grammar package (@composio/credential-grammar):
FieldValue = plain|secret|eval). Replicates legacy fillTemplatesInStr semantics except missing fields FAIL CLOSED; any mustache feature beyond plain interpolation fails closed. Eval fields expand lazily: function → fn node, conditional → compile-time literal selectionassembleRefreshRequest now fails closed (refresh_url_mismatch) when the rendered url disagrees with the pinned refresh_urls entry, checked before any decrypttemplate_cases.json + refresh_url_match_cases.json extend the cross-language contractApollo glue (src/lib/connected_accounts/credential_rendering/, UNWIRED):
getAuthorizationDataForActiveConnection and OAuth2.refreshAccessTokenbuildClassifiedContext + encodeRequiredSecret are the one implementation of the classify/eval-inject loopsRenderNotPossible taxonomy (every Err = stay on legacy)Differential tests are the parity contract: rendered output == legacy output byte-for-byte (minus random x-request-id / extra_data) across per-scheme synthetics + pilots; fail-closed fixtures pin intended divergences.
🤖 Generated with Claude Code