pub async fn bucket_inspect(
profile_id: ProfileId,
bucket: String,
store: State<'_, ProfileStoreHandle>,
pool: State<'_, S3ClientPoolHandle>,
capability_cache: State<'_, CapabilityHandle>,
) -> Result<BucketInspectorReport, AppError>Expand description
Inspect a bucket and return an aggregated BucketInspectorReport.
Each section in the report carries one of:
{ kind: "value", value: T }— successful fetch.{ kind: "denied", iamAction }— IAM permission denied.{ kind: "unsupported", reason }— provider does not implement the API.{ kind: "deferred", reason }— intentionally absent in v1.
bucket_policy is always Deferred { reason: "Deferred from v1" } per the
v1 non-goals in the proposal.
All AccessDenied outcomes are automatically recorded into the
CapabilityCache so future UI renders show disabled reasons without re-
querying.