AshAge.DataLayer.Verifiers.ValidateSensitive (AshAge v1.0.0)

Copy Markdown View Source

Raises a Spark.Error.DslError at compile verification when the age do sensitive [...] end classification cannot hold (Spark surfaces verifier errors as compiler diagnostics — build-blocking under --warnings-as-errors):

  • R1 — every listed name is a declared attribute. A typo would silently protect nothing.
  • R2 — every sensitive attribute is binary-storage-typed (Ash.Type.storage_type == :binary: app-side-encrypted bytes, $age64$ round-trip) or listed in skip (never written to the graph).
  • R3 — the multitenancy discriminator is not sensitive. It is a plaintext selector by design: Ash core injects it as a plaintext filter/force-set, and ash_age holds no key material to encrypt it.
  • R4 — an edge properties key naming a sensitive attribute requires every same-named DECLARED action argument to be binary-storage-typed; otherwise the classified datum flows onto edges as plaintext through a same-named plaintext argument. (AshAge.Changes.CreateEdge enforces the runtime half for undeclared/injected arguments.)

The verifier checks a TYPE SHAPE, not encryption: a :binary attribute holding plaintext bytes passes. Encrypting is the host app's obligation — ash_age cannot verify ciphertext.