animedex.auth.keyring_store

OS-keyring implementation of TokenStore.

Per plans/02 §7 this is the production token store: tokens live in the OS keyring (Secret Service on Linux, Keychain on macOS, Credential Locker on Windows) so a stolen dotfile cannot exfiltrate credentials. Enumeration (keys()) is the one operation the keyring package does not expose uniformly; we keep an in-process companion set populated as set() and delete() are called, so keys() returns what this process has registered. CLI callers that need the full host-wide list use the OS keyring viewer.

Tests never touch the real keyring; the module pulls _keyring through an indirection so a fake module can be swapped in.

KeyringTokenStore

class animedex.auth.keyring_store.KeyringTokenStore(*, service: str = 'animedex')[source]

Bases: object

A TokenStore backed by the OS keyring.

Parameters:: service (str) – Keyring service namespace under which entries live; defaults to "animedex". Test code overrides this so production keyring entries stay untouched.

__init__(*, service: str = 'animedex') → None[source]

set(backend: str, token: str) → None[source]

get(backend: str) → str | None[source]

delete(backend: str) → None[source]

keys() → Iterable[str][source]

selftest

animedex.auth.keyring_store.selftest() → bool[source]

Smoke-test the keyring store at the import level only.

Per plans/02 §7 and plans/04 §2 this selftest must not touch the real OS keyring: a CI environment may have no backend available, and writing a real entry from the diagnostic would be a side effect users do not expect.

The function therefore only verifies that the keyring package imports and exposes the three call sites the store relies on. The behaviour itself is exercised in unit tests via a faked module.

Returns:: True on success.
Return type:: bool