createBotRunnerWithPassphrase
Strict / airgapped strictness only. Companion to createBotRunner. Without it, strict-mode orgs can't create runners — the standard createBotRunner mutation fails with ErrPassphraseLocked because the BotRunner.config encrypt hook has no cached KEK and strict mode forbids session-style caching.
Same mechanism as createStrategyWithPassphrase: derive an ephemeral KEK from the passphrase, inject on ctx, run the standard CreateBotRunner resolver under the scoped ctx. Cleanup zeros the KEK on return. Audit: secrets.passphrase.encrypt_with_action, resourceType="BotRunner".
createBotRunnerWithPassphrase(
input: CreateBotRunnerInput!
passphrase: String!
): BotRunner!
Arguments
createBotRunnerWithPassphrase.input ● CreateBotRunnerInput! non-null input
Same shape as CreateBotRunnerInput on the regular mutation.
createBotRunnerWithPassphrase.passphrase ● String! non-null scalar
Plaintext passphrase. Never logged. Zeroed after the operation.