Module profiles

Expand description

Profile management.

Profiles represent credential configurations for S3-compatible providers.

§Architecture

Dedup key: (source, display_name). Manual profiles always win.

ProfileSource is open for new variants (Sso, WebIdentity, …) without touching existing arms.
Profile is the backend record; ProfileSummary / ProfileDetail are the IPC views. Adding an IPC field only touches the view type.
Secrets never touch Profile — keychain absorbs them at creation time.

aws_config: AWS credentials and config file parser.
compat_flags: Provider compatibility flags.
keychain: OS keychain integration with encrypted-file fallback.
validation: Profile validation — sts:GetCallerIdentity for AWS, list_buckets probe for compat providers.

BackendBox 🔒: Thin wrapper so Box<dyn KeychainBackend + Send + Sync> can be stored inside Arc<Mutex<dyn KeychainBackend + ...>>.
KeychainHandle: Arc<dyn KeychainBackend + Send + Sync> wrapped as Tauri managed state.
PersistedStore 🔒: On-disk format for profiles.json. Only manual profiles are persisted; AWS-discovered and env profiles are re-read from their sources on every list() call.
Profile: Full profile record stored in memory.
ProfileDetail: Full IPC view returned by profile_get.
ProfileStore: Aggregate profile store.
ProfileStoreHandle: Newtype around Arc<Mutex<ProfileStore>> used as Tauri managed state.
ProfileSummary: Lightweight IPC view returned by profiles_list.
ProfileUpdatePatch: Allowed fields for profile_update. Only name and compat flags are editable after creation; source, id, and credential material are immutable.

discover_aws_profiles_sync 🔒: Discover AWS profiles from the real ~/.aws/* files synchronously.