Follow-up from #89 (Scoped credentials for outgoing HTTP).
The .NET SDK has no FFI surface for register_credential yet (Python is done). A faithful binding must:
- Marshal a C# delegate across the C-ABI as the resolver callback.
- Keep a GC root on the
Func<string> for the sandbox's lifetime.
- Map any .NET exception thrown from the delegate back to Rust as the redacted
Err(String) — without letting the exception message ride across the boundary.
A constrained first cut (FFI accepting only a static token, mapped onto CredentialEntry::with_static_resolver) is feasible in isolation, but was deliberately deferred so the .NET surface can be designed around the callback shape from day one rather than a static-only stub that would later need a breaking rename.
Follow-up from #89 (Scoped credentials for outgoing HTTP).
The .NET SDK has no FFI surface for
register_credentialyet (Python is done). A faithful binding must:Func<string>for the sandbox's lifetime.Err(String)— without letting the exception message ride across the boundary.A constrained first cut (FFI accepting only a static token, mapped onto
CredentialEntry::with_static_resolver) is feasible in isolation, but was deliberately deferred so the .NET surface can be designed around the callback shape from day one rather than a static-only stub that would later need a breaking rename.