Documentation
¶
Overview ¶
Package stdin is the ONLY place in the source tree allowed to read os.Stdin. Two opt-in surfaces exist:
- JSONInput(path) is the only way command-payload JSON enters the CLI; pass "-" to mean stdin.
- SecretStdin() is the only way credential material enters the CLI via stdin; kept separate so a JSON parser never accidentally eats a secret.
Tests/contract/no_input_no_stdin_test.go and tests/guardrails/stdin_discipline_test.go enforce that no other package directly references os.Stdin.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrEmptySecret = errors.New("stdin: --secret-stdin requested but no input received")
ErrEmptySecret is returned by SecretStdin when stdin yields no bytes — usually because the user forgot to pipe the secret in.
Functions ¶
func IsTerminal ¶
func IsTerminal() bool
IsTerminal reports whether stdin is attached to an interactive terminal. Keep this probe here so command packages do not reach for os.Stdin directly.
func JSONInput ¶
func JSONInput(path string) (io.ReadCloser, error)
JSONInput returns a reader for the command-payload JSON. Path "-" means stdin; any other value is a regular file. The caller is responsible for closing the returned io.ReadCloser.
This is the ONLY function the CLI uses to satisfy a `--json-input <path>` flag. Adding implicit stdin reads anywhere else is forbidden by the guardrail test.
func SecretStdin ¶
SecretStdin reads the entire stdin and returns the trailing-newline- trimmed secret. Used only when --secret-stdin was passed; never invoked implicitly under --no-input or any other flag.
This is the only secret-bearing stdin path.
Types ¶
This section is empty.