This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
enroll/cache.py
HarvestCache (frozen dataclass)
Purpose: a small wrapper around a directory path representing a locally stored harvest bundle.
Field:
dir: Path: the bundle directory.
Property:
state_json -> Path: returns dir / "state.json".
Lifecycle / where it’s used:
Created by new_harvest_cache_dir(hint=...) when the CLI wants a safe default output location (especially for SOPS encrypted outputs).
It’s a "typed return value" so callers don’t pass raw strings around.
Security behavior around it:
new_harvest_cache_dir() builds a directory under ~/.local/cache/enroll/harvest (or $XDG_CACHE_HOME/enroll/harvest).
Uses mkdtemp() to avoid predictable paths and forces 0700 permissions (best-effort).