Environment-Scoped Typed Asset Store
Flows need centrally-managed config values that differ by environment
(dev/staging/prod) and carry a type — the orchestrator “Assets / lockers”
pillar. The secret vault covers secrets only and config-sync moves whole blobs;
neither offers a typed, per-environment named lookup. AssetStore fills that:
values are stored under an environment, read back with type coercion, and
credential assets hold a reference (a secret name) that resolve()
turns into the real value through an injected resolver — so the secret never
lands in a plain get or an executor record.
JSON-backed (or in-memory); pure standard library; imports no PySide6.
Headless API
from je_auto_control import AssetStore, active_environment
store = AssetStore("assets.json")
store.set("max_retries", 3, asset_type="int", environment="prod")
store.set("api_base", "https://prod.example.com", environment="prod")
store.set("db_password", "vault_db_pw", asset_type="credential") # value = a ref
store.get("max_retries", environment="prod").value # -> 3 (typed)
store.get("api_base", environment="staging").value # -> falls back to default
store.get("db_password").value # -> "vault_db_pw" (reference, safe)
# resolve a credential through an injected secret resolver (Python-only):
store = AssetStore("assets.json", secret_resolver=secret_manager.get)
store.resolve("db_password") # -> the real secret
Types are text / int / bool / credential; get coerces to the
declared type and falls back to the default environment unless disabled.
active_environment() reads JE_AUTOCONTROL_ENV. list / delete round
out the store.
Executor commands
Command |
Effect |
|---|---|
|
Store a typed, environment-scoped asset. |
|
Read an asset (credential stays a reference). |
|
List |
Credential resolution is intentionally Python-API-only (so secrets never
enter run records). The same lifecycle operations are exposed as MCP tools
(ac_set_asset / ac_get_asset / ac_list_assets) and as Script Builder
commands under Data.