plushie/renderer_env

Build a safe environment for the renderer Port child process.

Erlang ports inherit the parent process environment by default, which can leak sensitive variables (API keys, tokens, database URLs). This module builds the canonical plushie whitelist and actively unsets everything else via {Name, false} in the port :env option.

The whitelist matches the canonical list shared across every host SDK: exact entries for display/rendering/locale/accessibility/font vars, prefix entries for families (LC_, MESA_, …), and explicit Plushie-owned toggles that the renderer needs.

Types

EnvEntry

</>

An environment variable entry: either set to a value or explicitly unset.

pub type EnvEntry {
  Set(key: String, value: String)
  Unset(key: String)
}

Constructors

```
Set(key: String, value: String)
```
```
Unset(key: String)
```

EnvOpts

</>

Options for building the renderer environment.

pub type EnvOpts {
  EnvOpts(
    rust_log: option.Option(String),
    extra: dict.Dict(String, String),
  )
}

Constructors

```
EnvOpts(
  rust_log: option.Option(String),
  extra: dict.Dict(String, String),
)
```
Arguments

rust_log

Override RUST_LOG level (default: “error”).

extra

Extra environment variables to include.

Values

build

</>

pub fn build(opts: EnvOpts) -> List(EnvEntry)

Build an environment entry list for the renderer port.

Whitelisted variables are set; all other current env vars are explicitly unset so they don’t leak to the child process.

default_opts

</>

pub fn default_opts() -> EnvOpts

Default environment options.

is_allowed

</>

pub fn is_allowed(key: String) -> Bool

Returns True if key is on the canonical whitelist.

to_port_env

</>

pub fn to_port_env(entries: List(EnvEntry)) -> dynamic.Dynamic

Convert env entries to Erlang port format for the :env option. Set entries become {Charlist, Charlist}, Unset entries become {Charlist, false}.

Constructors

Constructors

Arguments