createBotWithPassphrase
Strict / airgapped strictness only. Companion to createBot. Without it, strict-mode orgs can't create bots — the standard createBot mutation fails with ErrPassphraseLocked because Bot's secure_config encrypt hook has no cached KEK and strict mode forbids session-style caching.
Same mechanism as createBotRunnerWithPassphrase: derive an ephemeral KEK from the passphrase, inject on ctx, run the standard CreateBot resolver under the scoped ctx. Cleanup zeros the KEK on return. Audit: secrets.passphrase.encrypt_with_action, resourceType="Bot".
createBotWithPassphrase(
input: CreateBotInput!
passphrase: String!
): Bot!
Arguments
createBotWithPassphrase.input ● CreateBotInput! non-null input
Same shape as CreateBotInput on the regular mutation.
createBotWithPassphrase.passphrase ● String! non-null scalar
Plaintext passphrase. Never logged. Zeroed after the operation.