{
  "module": "mail_intake.credentials.store",
  "content": {
    "path": "mail_intake.credentials.store",
    "docstring": "Credential persistence abstractions for Mail Intake.\n\n---\n\n## Summary\n\nThis module defines the generic persistence contract used to store and\nretrieve authentication credentials across Mail Intake components.\n\nThe ``CredentialStore`` abstraction establishes a strict separation\nbetween credential *lifecycle management* and credential *storage*.\nAuthentication providers are responsible for acquiring, validating,\nrefreshing, and revoking credentials, while concrete store\nimplementations are responsible solely for persistence concerns.\n\nBy remaining agnostic to credential structure, serialization format,\nand storage backend, this module enables multiple persistence\nstrategies—such as local files, in-memory caches, distributed stores,\nor secrets managers—without coupling authentication logic to any\nspecific storage mechanism.",
    "objects": {
      "ABC": {
        "name": "ABC",
        "kind": "alias",
        "path": "mail_intake.credentials.store.ABC",
        "signature": "<bound method Alias.signature of Alias('ABC', 'abc.ABC')>",
        "docstring": null
      },
      "abstractmethod": {
        "name": "abstractmethod",
        "kind": "alias",
        "path": "mail_intake.credentials.store.abstractmethod",
        "signature": "<bound method Alias.signature of Alias('abstractmethod', 'abc.abstractmethod')>",
        "docstring": null
      },
      "Generic": {
        "name": "Generic",
        "kind": "alias",
        "path": "mail_intake.credentials.store.Generic",
        "signature": "<bound method Alias.signature of Alias('Generic', 'typing.Generic')>",
        "docstring": null
      },
      "Optional": {
        "name": "Optional",
        "kind": "alias",
        "path": "mail_intake.credentials.store.Optional",
        "signature": "<bound method Alias.signature of Alias('Optional', 'typing.Optional')>",
        "docstring": null
      },
      "TypeVar": {
        "name": "TypeVar",
        "kind": "alias",
        "path": "mail_intake.credentials.store.TypeVar",
        "signature": "<bound method Alias.signature of Alias('TypeVar', 'typing.TypeVar')>",
        "docstring": null
      },
      "T": {
        "name": "T",
        "kind": "attribute",
        "path": "mail_intake.credentials.store.T",
        "signature": null,
        "docstring": null
      },
      "CredentialStore": {
        "name": "CredentialStore",
        "kind": "class",
        "path": "mail_intake.credentials.store.CredentialStore",
        "signature": "<bound method Class.signature of Class('CredentialStore', 31, 102)>",
        "docstring": "Abstract base class defining a generic persistence interface for\nauthentication credentials.\n\nNotes:\n    **Responsibilities:**\n\n        - Provide persistent storage separating life-cycle management from storage mechanics\n        - Keep implementation focused only on persistence\n        \n    **Constraints:**\n    \n        - The store is intentionally agnostic to:\n            - The concrete credential type being stored\n            - The serialization format used to persist credentials\n            - The underlying storage backend or durability guarantees",
        "members": {
          "load": {
            "name": "load",
            "kind": "function",
            "path": "mail_intake.credentials.store.CredentialStore.load",
            "signature": "<bound method Function.signature of Function('load', 50, 65)>",
            "docstring": "Load previously persisted credentials.\n\nReturns:\n    Optional[T]:\n        An instance of type ``T`` if credentials are available and\n        loadable; otherwise ``None``.\n\nNotes:\n    **Guarantees:**\n\n        - Implementations should return ``None`` when no credentials are present or when stored credentials cannot be successfully decoded or deserialized\n        - The store must not attempt to validate, refresh, or otherwise interpret the returned credentials"
          },
          "save": {
            "name": "save",
            "kind": "function",
            "path": "mail_intake.credentials.store.CredentialStore.save",
            "signature": "<bound method Function.signature of Function('save', 67, 86)>",
            "docstring": "Persist credentials to the underlying storage backend.\n\nArgs:\n    credentials (T):\n        The credential object to persist.\n\nNotes:\n    **Lifecycle:**\n\n        - This method is invoked when credentials are newly obtained or have been refreshed and are known to be valid at the time of persistence\n\n    **Responsibilities:**\n\n        - Ensuring durability appropriate to the deployment context\n        - Applying encryption or access controls where required\n        - Overwriting any previously stored credentials"
          },
          "clear": {
            "name": "clear",
            "kind": "function",
            "path": "mail_intake.credentials.store.CredentialStore.clear",
            "signature": "<bound method Function.signature of Function('clear', 88, 102)>",
            "docstring": "Remove any persisted credentials from the store.\n\nNotes:\n    **Lifecycle:**\n\n        - This method is called when credentials are known to be invalid, revoked, corrupted, or otherwise unusable\n        - Must ensure that no stale authentication material remains accessible\n\n    **Guarantees:**\n\n        - Implementations should treat this operation as idempotent"
          }
        }
      }
    }
  }
}