Use ^:private + defn, instead of defn-

r0man · r0man · commit 8468996e78fb · 2025-10-06T15:54:18.000+02:00
diff --git a/src/eca/secrets.clj b/src/eca/secrets.clj
@@ -25,15 +25,15 @@
                 [(str path ".gpg") path]))
             files)))
 
-(defn- file-exists?
+(defn ^:private file-exists?
   "Checks if a file exists and is readable."
   [^String path]
   (let [file (io/file path)]
     (and (.exists file)
          (.isFile file)
          (.canRead file))))
 
-(defn- validate-permissions
+(defn ^:private validate-permissions
   "Checks if file has secure permissions (Unix only).
    Returns true if secure, false otherwise.
    Logs warning if permissions are too open."
@@ -66,20 +66,20 @@
 ;; Cache for GPG decryption results (5-second TTL)
 (def ^:private gpg-cache (atom {}))
 
-(defn- gpg-cache-key
+(defn ^:private gpg-cache-key
   "Generates cache key for a file path and modification time."
   [^File file]
   (str (.getPath file) ":" (.lastModified file)))
 
-(defn- get-cached-gpg
+(defn ^:private get-cached-gpg
   "Gets cached GPG decryption result if still valid."
   [cache-key]
   (when-let [{:keys [content timestamp]} (@gpg-cache cache-key)]
     (when (< (- (System/currentTimeMillis) timestamp) 5000) ; 5-second TTL
       (logger/debug logger-tag "GPG cache hit for" cache-key)
       content)))
 
-(defn- cache-gpg-result!
+(defn ^:private cache-gpg-result!
   "Caches GPG decryption result with timestamp."
   [cache-key content]
   (swap! gpg-cache assoc cache-key {:content content
@@ -124,7 +124,7 @@
       (logger/warn logger-tag "GPG command failed for" file-path ":" (.getMessage e))
       nil)))
 
-(defn- load-credentials-from-file
+(defn ^:private load-credentials-from-file
   "Loads and parses credentials from a file.
    Returns vector of credential maps or nil on error."
   [^String file-path]
@@ -162,7 +162,7 @@
       (logger/warn logger-tag "Failed to load credentials from" file-path ":" (.getMessage e))
       nil)))
 
-(defn- load-all-credentials
+(defn ^:private load-all-credentials
   "Loads credentials from all available credential files.
    Returns vector of all credential maps from all files, in priority order."
   []
@@ -186,7 +186,7 @@
        :login login-part
        :port port})))
 
-(defn- match-credential
+(defn ^:private match-credential
   "Matches a credential entry against parsed keyRc spec.
    Returns true if the credential matches the spec."
   [credential {:keys [machine login port]}]
diff --git a/src/eca/secrets/authinfo.clj b/src/eca/secrets/authinfo.clj
@@ -4,7 +4,7 @@
 
 (set! *warn-on-reflection* true)
 
-(defn- parse-line
+(defn ^:private parse-line
   "Parses a single authinfo line into a credential map.
    Returns a credential map or nil if line is invalid."
   [line]
diff --git a/src/eca/secrets/netrc.clj b/src/eca/secrets/netrc.clj
@@ -4,7 +4,7 @@
 
 (set! *warn-on-reflection* true)
 
-(defn- parse-entry
+(defn ^:private parse-entry
   "Parses a single netrc entry from multiple lines.
    Returns a credential map or nil if entry is invalid."
   [lines]
diff --git a/test/eca/secrets/authinfo_test.clj b/test/eca/secrets/authinfo_test.clj
@@ -91,7 +91,7 @@
           (.delete temp-file))))))
 
 ;; Helper function for field order independence test
-(defn- write-file-random-order
+(defn ^:private write-file-random-order
   "Write entries with randomized field order to test order-independence"
   [filename entries]
   (let [content (string/join "\n"
