TypeDialog/examples/08-encryption/credentials.ncl

{
  name = "user_credentials",
  description = "User credentials with encryption support",
  display_mode = "complete",
  elements = [
    # Non-sensitive fields (will be output as plaintext)
    { type = "text", name = "username", prompt = "Username", required = true, sensitive = false },
    { type = "text", name = "email", prompt = "Email address", required = true, sensitive = false },
    { type = "text", name = "company", prompt = "Company (optional)", required = false, sensitive = false },

    # Sensitive fields - Auto-detected (FieldType::Password = sensitive by default)
    { type = "password", name = "password", prompt = "Password", required = true },
    { type = "password", name = "confirm_password", prompt = "Confirm password", required = true },

    # Sensitive fields - Explicit (sensitive = true)
    { type = "text", name = "api_token", prompt = "API Token", required = false, sensitive = true, encryption_backend = "age" },
    { type = "editor", name = "ssh_key", prompt = "SSH Private Key (multiline)", required = false, sensitive = true },
    { type = "text", name = "database_url", prompt = "Database Connection String", required = false, sensitive = true },
    { type = "text", name = "vault_token", prompt = "Vault Token (encrypted with SOPS)", required = false, sensitive = true, encryption_backend = "sops" },
    { type = "text", name = "kms_key_id", prompt = "AWS KMS Key ID (encrypted with AWS KMS)", required = false, sensitive = true, encryption_backend = "awskms", encryption_config = { key_id = "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012", region = "us-east-1" } },

    # Non-sensitive field (explicit override)
    { type = "password", name = "demo_password", prompt = "Demo password (shown in plaintext)", required = false, sensitive = false },
  ],
}
feat(forms): migrate all form definitions and configs to Nickel (.ncl) Replace all TOML form definitions in examples/ and config/ with type-checked Nickel equivalents. Update cli_loader to prefer .ncl (via nickel export) over .toml in config search order. TOML support retained as fallback — no breaking change. - El loader usa nickel export --format json + serde_json como puente — evita reimplementar un parser Nickel en Rust y aprovecha el binario ya existente. - El orden de búsqueda .ncl > .toml permite migración incremental: cualquier config vieja sigue funcionando sin tocarla. - Los contratos Nickel (\| default, \| String) en los configs sustituyen la validación que antes era implícita en el parsing TOML — el error llega antes (en nickel export) con mensajes más descriptivos. 2026-03-08 23:20:50 +00:00			`{`
			`name = "user_credentials",`
			`description = "User credentials with encryption support",`
			`display_mode = "complete",`
			`elements = [`
			`# Non-sensitive fields (will be output as plaintext)`
			`{ type = "text", name = "username", prompt = "Username", required = true, sensitive = false },`
			`{ type = "text", name = "email", prompt = "Email address", required = true, sensitive = false },`
			`{ type = "text", name = "company", prompt = "Company (optional)", required = false, sensitive = false },`

			`# Sensitive fields - Auto-detected (FieldType::Password = sensitive by default)`
			`{ type = "password", name = "password", prompt = "Password", required = true },`
			`{ type = "password", name = "confirm_password", prompt = "Confirm password", required = true },`

			`# Sensitive fields - Explicit (sensitive = true)`
			`{ type = "text", name = "api_token", prompt = "API Token", required = false, sensitive = true, encryption_backend = "age" },`
			`{ type = "editor", name = "ssh_key", prompt = "SSH Private Key (multiline)", required = false, sensitive = true },`
			`{ type = "text", name = "database_url", prompt = "Database Connection String", required = false, sensitive = true },`
			`{ type = "text", name = "vault_token", prompt = "Vault Token (encrypted with SOPS)", required = false, sensitive = true, encryption_backend = "sops" },`
			`{ type = "text", name = "kms_key_id", prompt = "AWS KMS Key ID (encrypted with AWS KMS)", required = false, sensitive = true, encryption_backend = "awskms", encryption_config = { key_id = "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012", region = "us-east-1" } },`

			`# Non-sensitive field (explicit override)`
			`{ type = "password", name = "demo_password", prompt = "Demo password (shown in plaintext)", required = false, sensitive = false },`
			`],`
			`}`