1use serde::{Deserialize, Serialize};
2
3#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
7pub struct DeploymentPlanV1 {
8 pub schema_version: u32,
9 pub plan_id: String,
10 pub deployment_identity: DeploymentIdentityV1,
11 pub trust_domain: TrustDomainV1,
12 pub fleet_template: String,
13 pub runtime_variant: String,
14 pub authority_profile: AuthorityProfileV1,
15 pub role_artifacts: Vec<RoleArtifactV1>,
16 pub expected_canisters: Vec<ExpectedCanisterV1>,
17 pub expected_pool: Vec<ExpectedPoolCanisterV1>,
18 pub expected_verifier_readiness: VerifierReadinessExpectationV1,
19 pub unresolved_assumptions: Vec<DeploymentAssumptionV1>,
20}
21
22#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
26pub struct DeploymentInventoryV1 {
27 pub schema_version: u32,
28 pub inventory_id: String,
29 pub observed_at: String,
30 pub observed_identity: Option<DeploymentIdentityV1>,
31 pub local_config: LocalDeploymentConfigV1,
32 pub observed_canisters: Vec<ObservedCanisterV1>,
33 pub observed_pool: Vec<ObservedPoolCanisterV1>,
34 pub observed_artifacts: Vec<ObservedArtifactV1>,
35 pub observed_verifier_readiness: VerifierReadinessObservationV1,
36 pub unresolved_observations: Vec<DeploymentObservationGapV1>,
37}
38
39#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
43pub struct DeploymentReceiptV1 {
44 pub schema_version: u32,
45 pub operation_id: String,
46 pub plan_id: String,
47 pub execution_context: Option<DeploymentExecutionContextV1>,
48 pub operation_status: DeploymentExecutionStatusV1,
49 pub started_at: String,
50 pub finished_at: Option<String>,
51 pub operator_principal: Option<String>,
52 pub root_principal: Option<String>,
53 pub previous_observed_deployment_epoch: Option<u64>,
54 pub phase_receipts: Vec<PhaseReceiptV1>,
55 pub role_phase_receipts: Vec<RolePhaseReceiptV1>,
56 pub final_inventory_id: Option<String>,
57 pub command_result: DeploymentCommandResultV1,
58}
59
60#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
64pub struct DeploymentExecutionContextV1 {
65 pub workspace_root: Option<String>,
66 pub icp_root: Option<String>,
67 pub artifact_roots: Vec<String>,
68 pub backend: DeploymentExecutorBackendV1,
69 pub backend_capabilities: Vec<DeploymentExecutorCapabilityV1>,
70}
71
72#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
76pub struct DeploymentExecutionPreflightV1 {
77 pub schema_version: u32,
78 pub plan_id: String,
79 pub safety_report_id: String,
80 pub authority_plan_id: String,
81 pub backend: DeploymentExecutorBackendV1,
82 pub status: DeploymentExecutionPreflightStatusV1,
83 pub planned_phases: Vec<String>,
84 pub required_capabilities: Vec<DeploymentExecutorCapabilityV1>,
85 pub missing_capabilities: Vec<DeploymentExecutorCapabilityV1>,
86 pub blockers: Vec<SafetyFindingV1>,
87}
88
89#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
93pub enum DeploymentExecutionPreflightStatusV1 {
94 Ready,
95 Blocked,
96}
97
98#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
102pub enum DeploymentExecutorBackendV1 {
103 CurrentCli,
104 PocketIc,
105 DirectAgent,
106 Other { name: String },
107}
108
109#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
113pub enum DeploymentExecutorCapabilityV1 {
114 CreateCanister,
115 CanisterStatus,
116 UpdateSettings,
117 InstallCode,
118 Call,
119 Query,
120 StageArtifact,
121}
122
123#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
127pub enum ArtifactTransportV1 {
128 LocalCli,
129 WasmStore,
130 DirectAgent,
131}
132
133#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
137pub struct StagingReceiptV1 {
138 pub schema_version: u32,
139 pub role: String,
140 pub artifact_identity: String,
141 pub transport: ArtifactTransportV1,
142 pub wasm_store_locator: Option<String>,
143 pub prepared_chunk_hashes: Vec<String>,
144 pub published_chunk_count: usize,
145 pub verified_postcondition: VerifiedPostconditionV1,
146}
147
148#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
152pub struct RoleArtifactSourceV1 {
153 pub role: String,
154 pub kind: RoleArtifactSourceKindV1,
155 pub locator: Option<String>,
156 pub previous_receipt_kind: Option<PreviousArtifactReceiptKindV1>,
157 pub previous_receipt_lineage_digest: Option<String>,
158 pub expected_wasm_sha256: Option<String>,
159 pub expected_wasm_gz_sha256: Option<String>,
160 pub expected_candid_sha256: Option<String>,
161 pub expected_canonical_embedded_config_sha256: Option<String>,
162}
163
164#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
168pub struct RolePromotionInputV1 {
169 pub role: String,
170 pub promotion_level: PromotionArtifactLevelV1,
171 pub source: RoleArtifactSourceV1,
172 pub require_byte_identical_wasm: bool,
173 pub require_target_embedded_config: bool,
174 pub target_store_has_artifact: Option<bool>,
175}
176
177#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
181pub struct RolePromotionPolicyV1 {
182 pub role: String,
183 pub allowed_promotion_levels: Vec<PromotionArtifactLevelV1>,
184 pub requirements: Vec<PromotionPolicyRequirementV1>,
185}
186
187#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
191pub enum PromotionPolicyRequirementV1 {
192 SameSourceRevision,
193 SameCargoFeatures,
194 TargetConfigDigest,
195 ByteIdenticalWasm,
196 SealedBytes,
197}
198
199#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
203pub enum PromotionPolicyClaimV1 {
204 ByteIdenticalWasm,
205 TargetConfigDigest,
206}
207
208#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
212pub struct PromotionPolicyCheckV1 {
213 pub schema_version: u32,
214 pub check_id: String,
215 pub status: PromotionReadinessStatusV1,
216 pub roles: Vec<RolePromotionPolicyDecisionV1>,
217 pub blockers: Vec<SafetyFindingV1>,
218}
219
220#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
224pub struct RolePromotionPolicyDecisionV1 {
225 pub role: String,
226 pub requested_promotion_level: PromotionArtifactLevelV1,
227 pub allowed_promotion_levels: Vec<PromotionArtifactLevelV1>,
228 pub requirements: Vec<PromotionPolicyRequirementV1>,
229 pub claims: Vec<PromotionPolicyClaimV1>,
230 pub level_allowed: bool,
231 pub policy_satisfied: bool,
232}
233
234#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
238pub enum PromotionArtifactLevelV1 {
239 SealedWasm,
240 SourceBuild,
241}
242
243#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
247pub struct BuildRecipeIdentityV1 {
248 pub recipe_id: String,
249 pub source_kind: RoleArtifactSourceKindV1,
250 pub source_revision: String,
251 pub source_tree_clean: bool,
252 pub package_or_role_selector: String,
253 pub cargo_profile: String,
254 pub cargo_features_digest: String,
255 pub cargo_lock_digest: String,
256 pub rust_toolchain: String,
257 pub builder_version: String,
258 pub target_triple: String,
259 pub linker_identity: String,
260 pub deterministic_build_mode: String,
261 pub wasm_opt_version: String,
262 pub compression_identity: String,
263}
264
265#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
269pub struct BuildMaterializationInputV1 {
270 pub materialization_input_id: String,
271 pub build_recipe_id: String,
272 pub canonical_embedded_config_sha256: String,
273 pub network: String,
274 pub root_trust_anchor: String,
275 pub runtime_variant: String,
276}
277
278#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
282pub struct BuildMaterializationResultV1 {
283 pub materialization_result_id: String,
284 pub build_recipe_id: String,
285 pub materialization_input_digest: String,
286 pub wasm_sha256: String,
287 pub wasm_gz_sha256: String,
288 pub installed_module_hash: String,
289 pub candid_sha256: String,
290}
291
292#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
296pub struct BuildMaterializationEvidenceV1 {
297 pub schema_version: u32,
298 pub evidence_id: String,
299 pub recipe: BuildRecipeIdentityV1,
300 pub materialization_input: BuildMaterializationInputV1,
301 pub materialization_result: BuildMaterializationResultV1,
302 pub computed_materialization_input_digest: String,
303 pub recipe_id_matches_input: bool,
304 pub recipe_id_matches_result: bool,
305 pub materialization_input_digest_matches_result: bool,
306}
307
308#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
312pub struct PromotionMaterializationIdentityReportV1 {
313 pub schema_version: u32,
314 pub report_id: String,
315 pub status: PromotionReadinessStatusV1,
316 pub roles: Vec<RolePromotionMaterializationIdentityV1>,
317 pub output_groups: Vec<PromotionMaterializationOutputGroupV1>,
318 pub blockers: Vec<SafetyFindingV1>,
319}
320
321#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
325pub struct RolePromotionMaterializationIdentityV1 {
326 pub role: String,
327 pub evidence_id: String,
328 pub recipe_id: String,
329 pub materialization_input_id: String,
330 pub materialization_result_id: String,
331 pub materialization_input_digest: String,
332 pub canonical_embedded_config_sha256: String,
333 pub network: String,
334 pub root_trust_anchor: String,
335 pub runtime_variant: String,
336 pub wasm_sha256: String,
337 pub wasm_gz_sha256: String,
338 pub installed_module_hash: String,
339 pub candid_sha256: String,
340}
341
342#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
346pub struct PromotionMaterializationOutputGroupV1 {
347 pub output_identity_key: String,
348 pub roles: Vec<String>,
349 pub wasm_sha256: String,
350 pub wasm_gz_sha256: String,
351 pub installed_module_hash: String,
352 pub candid_sha256: String,
353}
354
355#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
359pub struct PromotionArtifactIdentityReportV1 {
360 pub schema_version: u32,
361 pub report_id: String,
362 pub status: PromotionReadinessStatusV1,
363 pub roles: Vec<RolePromotionArtifactIdentityV1>,
364 pub identity_groups: Vec<PromotionArtifactIdentityGroupV1>,
365 pub blockers: Vec<SafetyFindingV1>,
366}
367
368#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
372pub struct PromotionWasmStoreIdentityReportV1 {
373 pub schema_version: u32,
374 pub report_id: String,
375 pub status: PromotionReadinessStatusV1,
376 pub roles: Vec<RolePromotionWasmStoreIdentityV1>,
377 pub blockers: Vec<SafetyFindingV1>,
378}
379
380#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
384pub struct RolePromotionWasmStoreIdentityV1 {
385 pub role: String,
386 pub artifact_identity: String,
387 pub transport: ArtifactTransportV1,
388 pub wasm_store_locator: Option<String>,
389 pub prepared_chunk_hashes: Vec<String>,
390 pub published_chunk_count: usize,
391 pub verified_postcondition: VerifiedPostconditionV1,
392}
393
394#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
398pub struct PromotionArtifactIdentityGroupV1 {
399 pub identity_key: String,
400 pub identity_kind: PromotionArtifactIdentityKindV1,
401 pub roles: Vec<String>,
402 pub source_kinds: Vec<RoleArtifactSourceKindV1>,
403 pub source_locators: Vec<String>,
404 pub digest_pinned: bool,
405 pub wasm_sha256: Option<String>,
406 pub wasm_gz_sha256: Option<String>,
407 pub candid_sha256: Option<String>,
408 pub canonical_embedded_config_sha256: Option<String>,
409}
410
411#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
415pub struct RolePromotionArtifactIdentityV1 {
416 pub role: String,
417 pub promotion_level: PromotionArtifactLevelV1,
418 pub source_kind: RoleArtifactSourceKindV1,
419 pub source_locator: Option<String>,
420 pub identity_kind: PromotionArtifactIdentityKindV1,
421 pub digest_pinned: bool,
422 pub wasm_sha256: Option<String>,
423 pub wasm_gz_sha256: Option<String>,
424 pub candid_sha256: Option<String>,
425 pub canonical_embedded_config_sha256: Option<String>,
426}
427
428#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
432pub enum PromotionArtifactIdentityKindV1 {
433 SealedWasm,
434 SealedCompressedWasm,
435 SealedWasmAndCompressedWasm,
436 SourceBuild,
437 Deferred,
438}
439
440#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
444pub struct PromotionReadinessV1 {
445 pub schema_version: u32,
446 pub readiness_id: String,
447 pub target_plan_id: String,
448 pub status: PromotionReadinessStatusV1,
449 pub roles: Vec<RolePromotionReadinessV1>,
450 pub blockers: Vec<SafetyFindingV1>,
451 pub warnings: Vec<SafetyFindingV1>,
452}
453
454#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
458pub struct PromotionPlanTransformV1 {
459 pub schema_version: u32,
460 pub transform_id: String,
461 pub target_plan_id: String,
462 pub promoted_plan_id: String,
463 pub promotion_plan_lineage_digest: String,
464 pub promoted_plan: DeploymentPlanV1,
465 pub roles: Vec<RolePromotionPlanTransformV1>,
466}
467
468#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
472pub struct ArtifactPromotionPlanV1 {
473 pub schema_version: u32,
474 pub plan_id: String,
475 pub generated_at: String,
476 pub status: PromotionReadinessStatusV1,
477 pub target_plan_id: String,
478 pub promoted_plan_id: String,
479 pub promotion_plan_lineage_digest: String,
480 pub readiness: PromotionReadinessV1,
481 pub artifact_identity_report: PromotionArtifactIdentityReportV1,
482 pub transform: PromotionPlanTransformV1,
483 pub target_execution_lineage: Option<PromotionTargetExecutionLineageV1>,
484 pub blockers: Vec<SafetyFindingV1>,
485}
486
487#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
491pub struct ArtifactPromotionProvenanceReportV1 {
492 pub schema_version: u32,
493 pub report_id: String,
494 pub status: PromotionReadinessStatusV1,
495 pub artifact_promotion_plan_id: String,
496 pub target_plan_id: String,
497 pub promoted_plan_id: String,
498 pub promotion_plan_lineage_digest: String,
499 pub readiness_id: String,
500 pub artifact_identity_report_id: String,
501 pub transform_id: String,
502 pub target_execution_lineage_id: Option<String>,
503 pub wasm_store_identity_report_id: Option<String>,
504 pub materialization_identity_report_id: Option<String>,
505 pub execution_attempted: bool,
506 pub roles: Vec<RolePromotionProvenanceV1>,
507 pub blockers: Vec<SafetyFindingV1>,
508}
509
510#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
514pub struct RolePromotionProvenanceV1 {
515 pub role: String,
516 pub promotion_level: PromotionArtifactLevelV1,
517 pub source_kind: RoleArtifactSourceKindV1,
518 pub artifact_identity_changed: bool,
519 pub embedded_config_changed: bool,
520 pub target_materialization_preserved: bool,
521 pub materialization_evidence_id: Option<String>,
522 pub wasm_store_locator: Option<String>,
523}
524
525#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
529pub struct PromotionPlanTransformEvidenceV1 {
530 pub schema_version: u32,
531 pub evidence_id: String,
532 pub generated_at: String,
533 pub transform: PromotionPlanTransformV1,
534}
535
536#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
540pub struct PromotionTargetExecutionLineageV1 {
541 pub schema_version: u32,
542 pub lineage_id: String,
543 pub generated_at: String,
544 pub target_execution_lineage_digest: String,
545 pub transform: PromotionPlanTransformV1,
546 pub execution_preflight: DeploymentExecutionPreflightV1,
547 pub execution_attempted: bool,
548}
549
550#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
554pub struct RolePromotionPlanTransformV1 {
555 pub role: String,
556 pub promotion_level: PromotionArtifactLevelV1,
557 pub source_kind: RoleArtifactSourceKindV1,
558 pub source_locator: Option<String>,
559 pub artifact_source_before: ArtifactSourceV1,
560 pub artifact_source_after: ArtifactSourceV1,
561 pub wasm_sha256_before: Option<String>,
562 pub wasm_sha256_after: Option<String>,
563 pub wasm_gz_sha256_before: Option<String>,
564 pub wasm_gz_sha256_after: Option<String>,
565 pub candid_sha256_before: Option<String>,
566 pub candid_sha256_after: Option<String>,
567 pub canonical_embedded_config_sha256_before: Option<String>,
568 pub canonical_embedded_config_sha256_after: Option<String>,
569 pub artifact_identity_changed: bool,
570 pub embedded_config_changed: bool,
571 pub target_materialization_preserved: bool,
572 pub source_build_materialization: Option<RolePromotionMaterializationLinkV1>,
573}
574
575#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
579pub struct RolePromotionMaterializationLinkV1 {
580 pub role: String,
581 pub evidence_id: String,
582 pub recipe_id: String,
583 pub materialization_input_id: String,
584 pub materialization_result_id: String,
585 pub materialization_input_digest: String,
586 pub wasm_sha256: String,
587 pub wasm_gz_sha256: String,
588 pub installed_module_hash: String,
589 pub candid_sha256: String,
590}
591
592#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
596pub enum PromotionReadinessStatusV1 {
597 Ready,
598 Blocked,
599}
600
601#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
605pub struct RolePromotionReadinessV1 {
606 pub role: String,
607 pub promotion_level: PromotionArtifactLevelV1,
608 pub source_kind: RoleArtifactSourceKindV1,
609 pub source_locator: Option<String>,
610 pub source_wasm_sha256: Option<String>,
611 pub source_wasm_gz_sha256: Option<String>,
612 pub target_wasm_sha256: Option<String>,
613 pub target_wasm_gz_sha256: Option<String>,
614 pub source_canonical_embedded_config_sha256: Option<String>,
615 pub target_canonical_embedded_config_sha256: Option<String>,
616 pub byte_identical_wasm: Option<bool>,
617 pub embedded_config_identical: Option<bool>,
618 pub target_store_has_artifact: Option<bool>,
619 pub restage_required: bool,
620}
621
622#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
626pub enum RoleArtifactSourceKindV1 {
627 WorkspacePackage,
628 PublishedPackage,
629 LocalWasm,
630 LocalWasmGz,
631 PreviousReceiptArtifact,
632 CanonicalWasmStoreDefault,
633}
634
635#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
639pub enum PreviousArtifactReceiptKindV1 {
640 DeploymentReceipt,
641 StagingReceipt,
642}
643
644#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
648pub struct AuthorityReceiptV1 {
649 pub schema_version: u32,
650 pub operation_id: String,
651 pub check_id: Option<String>,
652 pub reconciliation_plan_id: String,
653 pub authority_report_id: String,
654 pub inventory_id: String,
655 pub authority_profile_hash: Option<String>,
656 pub operation_status: DeploymentExecutionStatusV1,
657 pub started_at: String,
658 pub finished_at: Option<String>,
659 pub attempted_actions: Vec<AuthorityAttemptedActionV1>,
660 pub verified_controller_observations: Vec<AuthorityControllerObservationV1>,
661 pub hard_failures: Vec<SafetyFindingV1>,
662 pub unresolved_observation_gaps: Vec<DeploymentObservationGapV1>,
663 pub unresolved_external_actions: Vec<AuthorityExternalActionV1>,
664 pub command_result: DeploymentCommandResultV1,
665}
666
667#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
671pub struct AuthorityDryRunEvidenceV1 {
672 pub schema_version: u32,
673 pub evidence_id: String,
674 pub check_id: String,
675 pub generated_at: String,
676 pub reconciliation_plan: AuthorityReconciliationPlanV1,
677 pub authority_report: AuthorityReportV1,
678 pub authority_receipt: AuthorityReceiptV1,
679}
680
681#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
685pub struct AuthorityAttemptedActionV1 {
686 pub subject: String,
687 pub canister_id: Option<String>,
688 pub role: Option<String>,
689 pub action: AuthorityActionV1,
690 pub result: RolePhaseResultV1,
691 pub error: Option<String>,
692}
693
694#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
698pub struct AuthorityControllerObservationV1 {
699 pub subject: String,
700 pub canister_id: Option<String>,
701 pub role: Option<String>,
702 pub state: AuthorityReconciliationStateV1,
703 pub action: AuthorityActionV1,
704 pub observed_controllers: Vec<String>,
705 pub desired_controllers: Vec<String>,
706 pub controller_delta: AuthorityControllerDeltaV1,
707}
708
709#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
713pub struct RoleArtifactManifestV1 {
714 pub schema_version: u32,
715 pub manifest_id: String,
716 pub network: String,
717 pub artifact_root: Option<String>,
718 pub role_artifacts: Vec<RoleArtifactV1>,
719 pub unresolved_artifacts: Vec<DeploymentObservationGapV1>,
720}
721
722#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
726pub struct DeploymentDiffV1 {
727 pub schema_version: u32,
728 pub plan_identity: DeploymentIdentityV1,
729 pub observed_identity: Option<DeploymentIdentityV1>,
730 pub artifact_diff: Vec<DiffItemV1>,
731 pub controller_diff: Vec<DiffItemV1>,
732 pub pool_diff: Vec<DiffItemV1>,
733 pub embedded_config_diff: Vec<DiffItemV1>,
734 pub module_hash_diff: Vec<DiffItemV1>,
735 pub verifier_readiness_diff: Vec<DiffItemV1>,
736 pub resume_safety: ResumeSafetyV1,
737 pub hard_failures: Vec<SafetyFindingV1>,
738 pub warnings: Vec<SafetyFindingV1>,
739 pub resumable_phases: Vec<String>,
740}
741
742#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
746pub struct SafetyReportV1 {
747 pub schema_version: u32,
748 pub report_id: String,
749 pub diff_id: Option<String>,
750 pub status: SafetyStatusV1,
751 pub summary: String,
752 pub hard_failures: Vec<SafetyFindingV1>,
753 pub warnings: Vec<SafetyFindingV1>,
754 pub next_actions: Vec<String>,
755}
756
757#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
761pub struct DeploymentCheckV1 {
762 pub schema_version: u32,
763 pub check_id: String,
764 pub plan: DeploymentPlanV1,
765 pub inventory: DeploymentInventoryV1,
766 pub diff: DeploymentDiffV1,
767 pub report: SafetyReportV1,
768}
769
770#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
774pub struct AuthorityReconciliationPlanV1 {
775 pub schema_version: u32,
776 pub plan_id: String,
777 pub inventory_id: String,
778 pub authority_profile_hash: Option<String>,
779 pub canister_actions: Vec<CanisterAuthorityActionV1>,
780 pub automatic_actions: Vec<AuthorityAutomaticActionV1>,
781 pub hard_failures: Vec<SafetyFindingV1>,
782 pub external_actions_required: Vec<AuthorityExternalActionV1>,
783}
784
785#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
789pub struct AuthorityAutomaticActionV1 {
790 pub subject: String,
791 pub canister_id: String,
792 pub role: Option<String>,
793 pub action: AuthorityActionV1,
794 pub observed_controllers: Vec<String>,
795 pub desired_controllers: Vec<String>,
796 pub controller_delta: AuthorityControllerDeltaV1,
797 pub reason: String,
798}
799
800#[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)]
804pub struct AuthorityControllerDeltaV1 {
805 pub add_controllers: Vec<String>,
806 pub remove_controllers: Vec<String>,
807}
808
809#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
813pub struct AuthorityReportV1 {
814 pub schema_version: u32,
815 pub report_id: String,
816 pub check_id: Option<String>,
817 pub reconciliation_plan_id: String,
818 pub inventory_id: String,
819 pub authority_profile_hash: Option<String>,
820 pub status: SafetyStatusV1,
821 pub summary: String,
822 pub counts: AuthorityReportCountsV1,
823 pub apply_readiness: AuthorityApplyReadinessV1,
824 pub action_counts: Vec<AuthorityActionCountV1>,
825 pub control_class_counts: Vec<AuthorityControlClassCountV1>,
826 pub observation_gaps: Vec<DeploymentObservationGapV1>,
827 pub automatic_actions: Vec<AuthorityAutomaticActionV1>,
828 pub hard_failures: Vec<SafetyFindingV1>,
829 pub external_actions_required: Vec<AuthorityExternalActionV1>,
830 pub next_actions: Vec<String>,
831}
832
833#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
837pub struct AuthorityApplyReadinessV1 {
838 pub can_apply_automatically: bool,
839 pub automatic_action_count: usize,
840 pub blockers: Vec<AuthorityApplyBlockerV1>,
841}
842
843#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
847pub enum AuthorityApplyBlockerV1 {
848 UnsafeBlocked,
849 HardFailures,
850 ObservationGaps,
851 ExternalActions,
852}
853
854#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
858pub struct AuthorityActionCountV1 {
859 pub action: AuthorityActionV1,
860 pub count: usize,
861}
862
863#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
867pub struct AuthorityControlClassCountV1 {
868 pub control_class: CanisterControlClassV1,
869 pub count: usize,
870}
871
872#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
876pub struct AuthorityReportCountsV1 {
877 pub already_correct: usize,
878 pub can_apply_automatically: usize,
879 pub requires_external_action: usize,
880 pub unsafe_blocked: usize,
881 pub unknown: usize,
882 pub hard_failures: usize,
883}
884
885#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
889pub struct CanisterAuthorityActionV1 {
890 pub canister_id: Option<String>,
891 pub role: Option<String>,
892 pub control_classification: CanisterControlClassV1,
893 pub observed_controllers: Vec<String>,
894 pub desired_controllers: Vec<String>,
895 pub controller_delta: AuthorityControllerDeltaV1,
896 pub action: AuthorityActionV1,
897 pub state: AuthorityReconciliationStateV1,
898 pub can_apply: bool,
899 pub reason: String,
900}
901
902#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
906pub struct AuthorityExternalActionV1 {
907 pub subject: String,
908 pub canister_id: Option<String>,
909 pub role: Option<String>,
910 pub control_classification: CanisterControlClassV1,
911 pub state: AuthorityReconciliationStateV1,
912 pub action: AuthorityActionV1,
913 pub observed_controllers: Vec<String>,
914 pub desired_controllers: Vec<String>,
915 pub controller_delta: AuthorityControllerDeltaV1,
916 pub reason: String,
917}
918
919#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
923pub enum AuthorityActionV1 {
924 None,
925 AddControllers,
926 RemoveControllers,
927 ReplaceControllerSet,
928 RequiresExternalController,
929 RequiresDestructiveImportConfirmation,
930 ObserveOnly,
931 AdoptPlanAvailable,
932 BlockedByPolicy,
933 UnknownObservation,
934}
935
936#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
940pub enum AuthorityReconciliationStateV1 {
941 AlreadyCorrect,
942 CanApplyAutomatically,
943 RequiresExternalAction,
944 UnsafeBlocked,
945 Unknown,
946}
947
948#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
952pub struct DeploymentIdentityV1 {
953 pub deployment_name: String,
954 pub network: String,
955 pub root_principal: Option<String>,
956 pub authority_profile_hash: Option<String>,
957 pub role_topology_hash: Option<String>,
958 pub deployment_manifest_digest: Option<String>,
959 pub canonical_runtime_config_digest: Option<String>,
960 pub role_embedded_config_set_digest: Option<String>,
961 pub artifact_set_digest: Option<String>,
962 pub pool_identity_set_digest: Option<String>,
963 pub canic_version: Option<String>,
964 pub ic_memory_version: Option<String>,
965}
966
967#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
971pub struct TrustDomainV1 {
972 pub root_trust_anchor: Option<String>,
973 pub migration_from: Option<String>,
974}
975
976#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
980pub struct AuthorityProfileV1 {
981 pub profile_id: String,
982 pub expected_controllers: Vec<String>,
983 pub staging_controllers: Vec<String>,
984 pub emergency_controllers: Vec<String>,
985}
986
987#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
991pub struct RoleArtifactV1 {
992 pub role: String,
993 pub source: ArtifactSourceV1,
994 pub build_profile: String,
995 pub wasm_path: Option<String>,
996 pub wasm_gz_path: Option<String>,
997 pub wasm_gz_size_bytes: Option<u64>,
998 pub wasm_sha256: Option<String>,
999 pub wasm_gz_sha256: Option<String>,
1000 pub wasm_gz_sha256_source: Option<ArtifactDigestSourceV1>,
1001 pub observed_wasm_gz_file_sha256: Option<String>,
1002 pub observed_wasm_gz_file_sha256_source: Option<ArtifactDigestSourceV1>,
1003 pub installed_module_hash: Option<String>,
1004 pub candid_path: Option<String>,
1005 pub candid_sha256: Option<String>,
1006 pub raw_config_sha256: Option<String>,
1007 pub canonical_embedded_config_sha256: Option<String>,
1008 pub embedded_topology_sha256: Option<String>,
1009 pub builder_version: Option<String>,
1010 pub rust_toolchain: Option<String>,
1011 pub package_version: Option<String>,
1012}
1013
1014#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1018pub enum ArtifactDigestSourceV1 {
1019 ReleaseSetManifest,
1020 ObservedFileDigest,
1021 InstalledModuleHash,
1022}
1023
1024#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1028pub enum ArtifactSourceV1 {
1029 LocalBuild,
1030 ReleaseSet,
1031 WasmStore,
1032 External,
1033 Unknown,
1034}
1035
1036#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1040pub struct ExpectedCanisterV1 {
1041 pub role: String,
1042 pub canister_id: Option<String>,
1043 pub control_class: CanisterControlClassV1,
1044}
1045
1046#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1050pub struct ObservedCanisterV1 {
1051 pub canister_id: String,
1052 pub role: Option<String>,
1053 pub control_class: CanisterControlClassV1,
1054 pub controllers: Vec<String>,
1055 pub module_hash: Option<String>,
1056 pub status: Option<String>,
1057 pub root_trust_anchor: Option<String>,
1058 pub canonical_embedded_config_digest: Option<String>,
1059 pub role_assignment_source: Option<String>,
1060}
1061
1062#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1066pub enum CanisterControlClassV1 {
1067 DeploymentControlled,
1068 CanicManagedPool,
1069 ExternallyImported,
1070 JointlyControlled,
1071 UserControlled,
1072 UnknownUnsafe,
1073}
1074
1075#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1079pub struct ExpectedPoolCanisterV1 {
1080 pub pool: String,
1081 pub canister_id: Option<String>,
1082 pub role: Option<String>,
1083}
1084
1085#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1089pub struct ObservedPoolCanisterV1 {
1090 pub pool: String,
1091 pub canister_id: String,
1092 pub role: Option<String>,
1093 pub control_class: CanisterControlClassV1,
1094}
1095
1096#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1100pub struct LocalDeploymentConfigV1 {
1101 pub config_path: Option<String>,
1102 pub raw_config_sha256: Option<String>,
1103 pub canonical_embedded_config_sha256: Option<String>,
1104}
1105
1106#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1110pub struct ObservedArtifactV1 {
1111 pub role: String,
1112 pub artifact_path: String,
1113 pub file_sha256: Option<String>,
1114 pub file_sha256_source: Option<ArtifactDigestSourceV1>,
1115 pub payload_sha256: Option<String>,
1116 pub payload_size_bytes: Option<u64>,
1117 pub source: ArtifactSourceV1,
1118}
1119
1120#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1124pub struct VerifierReadinessExpectationV1 {
1125 pub required: bool,
1126 pub expected_role_epochs: Vec<RoleEpochExpectationV1>,
1127}
1128
1129#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1133pub struct VerifierReadinessObservationV1 {
1134 pub status: ObservationStatusV1,
1135 pub role_epochs: Vec<RoleEpochObservationV1>,
1136}
1137
1138#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1142pub struct RoleEpochExpectationV1 {
1143 pub role: String,
1144 pub minimum_epoch: u64,
1145}
1146
1147#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1151pub struct RoleEpochObservationV1 {
1152 pub role: String,
1153 pub observed_epoch: Option<u64>,
1154 pub status: ObservationStatusV1,
1155}
1156
1157#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1161pub struct DeploymentAssumptionV1 {
1162 pub key: String,
1163 pub description: String,
1164}
1165
1166#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1170pub struct DeploymentObservationGapV1 {
1171 pub key: String,
1172 pub description: String,
1173}
1174
1175#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1179pub struct PhaseReceiptV1 {
1180 pub phase: String,
1181 pub started_at: String,
1182 pub finished_at: Option<String>,
1183 pub attempted_action: String,
1184 pub verified_postcondition: VerifiedPostconditionV1,
1185}
1186
1187#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1191pub struct VerifiedPostconditionV1 {
1192 pub status: ObservationStatusV1,
1193 pub evidence: Vec<String>,
1194}
1195
1196#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1200pub enum DeploymentExecutionStatusV1 {
1201 NotStarted,
1202 InProgress,
1203 FailedBeforeMutation,
1204 PartiallyApplied,
1205 FailedAfterMutation,
1206 Complete,
1207}
1208
1209#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1213pub enum DeploymentCommandResultV1 {
1214 NotFinished,
1215 Succeeded,
1216 Failed { code: String, message: String },
1217}
1218
1219#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1223pub struct RolePhaseReceiptV1 {
1224 pub role: String,
1225 pub phase: String,
1226 pub result: RolePhaseResultV1,
1227 pub previous_module_hash: Option<String>,
1228 pub target_module_hash: Option<String>,
1229 pub observed_module_hash_after: Option<String>,
1230 pub artifact_digest: Option<String>,
1231 pub canonical_embedded_config_sha256: Option<String>,
1232 pub error: Option<String>,
1233}
1234
1235#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1239pub enum RolePhaseResultV1 {
1240 Applied,
1241 Failed,
1242 Skipped,
1243 NotAttempted,
1244 VerifiedAlreadyApplied,
1245}
1246
1247#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1251pub struct DiffItemV1 {
1252 pub category: String,
1253 pub subject: String,
1254 pub expected: Option<String>,
1255 pub observed: Option<String>,
1256 pub severity: SafetySeverityV1,
1257}
1258
1259#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1263pub struct ResumeSafetyV1 {
1264 pub status: SafetyStatusV1,
1265 pub reasons: Vec<String>,
1266}
1267
1268#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1272pub struct SafetyFindingV1 {
1273 pub code: String,
1274 pub message: String,
1275 pub severity: SafetySeverityV1,
1276 pub subject: Option<String>,
1277}
1278
1279#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1283pub enum SafetyStatusV1 {
1284 NotEvaluated,
1285 Safe,
1286 Warning,
1287 Blocked,
1288}
1289
1290#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1294pub enum SafetySeverityV1 {
1295 Info,
1296 Warning,
1297 HardFailure,
1298}
1299
1300#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1304pub enum ObservationStatusV1 {
1305 NotObserved,
1306 Observed,
1307 Missing,
1308 Inconclusive,
1309}