1use serde::{Deserialize, Serialize};
2
3#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
7pub struct DeploymentPlanV1 {
8 pub schema_version: u32,
9 pub plan_id: String,
10 pub deployment_identity: DeploymentIdentityV1,
11 pub trust_domain: TrustDomainV1,
12 pub fleet_template: String,
13 pub runtime_variant: String,
14 pub authority_profile: AuthorityProfileV1,
15 pub role_artifacts: Vec<RoleArtifactV1>,
16 pub expected_canisters: Vec<ExpectedCanisterV1>,
17 pub expected_pool: Vec<ExpectedPoolCanisterV1>,
18 pub expected_verifier_readiness: VerifierReadinessExpectationV1,
19 pub unresolved_assumptions: Vec<DeploymentAssumptionV1>,
20}
21
22#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
26pub struct DeploymentInventoryV1 {
27 pub schema_version: u32,
28 pub inventory_id: String,
29 pub observed_at: String,
30 pub observed_identity: Option<DeploymentIdentityV1>,
31 pub local_config: LocalDeploymentConfigV1,
32 pub observed_canisters: Vec<ObservedCanisterV1>,
33 pub observed_pool: Vec<ObservedPoolCanisterV1>,
34 pub observed_artifacts: Vec<ObservedArtifactV1>,
35 pub observed_verifier_readiness: VerifierReadinessObservationV1,
36 pub unresolved_observations: Vec<DeploymentObservationGapV1>,
37}
38
39#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
43pub struct DeploymentReceiptV1 {
44 pub schema_version: u32,
45 pub operation_id: String,
46 pub plan_id: String,
47 pub execution_context: Option<DeploymentExecutionContextV1>,
48 pub operation_status: DeploymentExecutionStatusV1,
49 pub started_at: String,
50 pub finished_at: Option<String>,
51 pub operator_principal: Option<String>,
52 pub root_principal: Option<String>,
53 pub previous_observed_deployment_epoch: Option<u64>,
54 pub phase_receipts: Vec<PhaseReceiptV1>,
55 pub role_phase_receipts: Vec<RolePhaseReceiptV1>,
56 pub final_inventory_id: Option<String>,
57 pub command_result: DeploymentCommandResultV1,
58}
59
60#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
64pub struct DeploymentExecutionContextV1 {
65 pub workspace_root: Option<String>,
66 pub icp_root: Option<String>,
67 pub artifact_roots: Vec<String>,
68 pub backend: DeploymentExecutorBackendV1,
69 pub backend_capabilities: Vec<DeploymentExecutorCapabilityV1>,
70}
71
72#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
76pub struct DeploymentExecutionPreflightV1 {
77 pub schema_version: u32,
78 pub plan_id: String,
79 pub safety_report_id: String,
80 pub authority_plan_id: String,
81 pub backend: DeploymentExecutorBackendV1,
82 pub status: DeploymentExecutionPreflightStatusV1,
83 pub planned_phases: Vec<String>,
84 pub required_capabilities: Vec<DeploymentExecutorCapabilityV1>,
85 pub missing_capabilities: Vec<DeploymentExecutorCapabilityV1>,
86 pub blockers: Vec<SafetyFindingV1>,
87}
88
89#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
93pub enum DeploymentExecutionPreflightStatusV1 {
94 Ready,
95 Blocked,
96}
97
98#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
102pub enum DeploymentExecutorBackendV1 {
103 CurrentCli,
104 PocketIc,
105 DirectAgent,
106 Other { name: String },
107}
108
109#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
113pub enum DeploymentExecutorCapabilityV1 {
114 CreateCanister,
115 CanisterStatus,
116 UpdateSettings,
117 InstallCode,
118 Call,
119 Query,
120 StageArtifact,
121}
122
123#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
127pub enum ArtifactTransportV1 {
128 LocalCli,
129 WasmStore,
130 DirectAgent,
131}
132
133#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
137pub struct StagingReceiptV1 {
138 pub schema_version: u32,
139 pub role: String,
140 pub artifact_identity: String,
141 pub transport: ArtifactTransportV1,
142 pub wasm_store_locator: Option<String>,
143 pub prepared_chunk_hashes: Vec<String>,
144 pub published_chunk_count: usize,
145 pub verified_postcondition: VerifiedPostconditionV1,
146}
147
148#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
152pub struct RoleArtifactSourceV1 {
153 pub role: String,
154 pub kind: RoleArtifactSourceKindV1,
155 pub locator: Option<String>,
156 pub previous_receipt_kind: Option<PreviousArtifactReceiptKindV1>,
157 pub previous_receipt_lineage_digest: Option<String>,
158 pub expected_wasm_sha256: Option<String>,
159 pub expected_wasm_gz_sha256: Option<String>,
160 pub expected_candid_sha256: Option<String>,
161 pub expected_canonical_embedded_config_sha256: Option<String>,
162}
163
164#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
168pub struct RolePromotionInputV1 {
169 pub role: String,
170 pub promotion_level: PromotionArtifactLevelV1,
171 pub source: RoleArtifactSourceV1,
172 pub require_byte_identical_wasm: bool,
173 pub require_target_embedded_config: bool,
174 pub target_store_has_artifact: Option<bool>,
175}
176
177#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
181pub struct RolePromotionPolicyV1 {
182 pub role: String,
183 pub allowed_promotion_levels: Vec<PromotionArtifactLevelV1>,
184 pub requirements: Vec<PromotionPolicyRequirementV1>,
185}
186
187#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
191pub enum PromotionPolicyRequirementV1 {
192 SameSourceRevision,
193 SameCargoFeatures,
194 TargetConfigDigest,
195 ByteIdenticalWasm,
196 SealedBytes,
197}
198
199#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
203pub enum PromotionPolicyClaimV1 {
204 ByteIdenticalWasm,
205 TargetConfigDigest,
206}
207
208#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
212pub struct PromotionPolicyCheckV1 {
213 pub schema_version: u32,
214 pub check_id: String,
215 pub status: PromotionReadinessStatusV1,
216 pub roles: Vec<RolePromotionPolicyDecisionV1>,
217 pub blockers: Vec<SafetyFindingV1>,
218}
219
220#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
224pub struct RolePromotionPolicyDecisionV1 {
225 pub role: String,
226 pub requested_promotion_level: PromotionArtifactLevelV1,
227 pub allowed_promotion_levels: Vec<PromotionArtifactLevelV1>,
228 pub requirements: Vec<PromotionPolicyRequirementV1>,
229 pub claims: Vec<PromotionPolicyClaimV1>,
230 pub level_allowed: bool,
231 pub policy_satisfied: bool,
232}
233
234#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
238pub enum PromotionArtifactLevelV1 {
239 SealedWasm,
240 SourceBuild,
241}
242
243#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
247pub struct BuildRecipeIdentityV1 {
248 pub recipe_id: String,
249 pub source_kind: RoleArtifactSourceKindV1,
250 pub source_revision: String,
251 pub source_tree_clean: bool,
252 pub package_or_role_selector: String,
253 pub cargo_profile: String,
254 pub cargo_features_digest: String,
255 pub cargo_lock_digest: String,
256 pub rust_toolchain: String,
257 pub builder_version: String,
258 pub target_triple: String,
259 pub linker_identity: String,
260 pub deterministic_build_mode: String,
261 pub wasm_opt_version: String,
262 pub compression_identity: String,
263}
264
265#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
269pub struct BuildMaterializationInputV1 {
270 pub materialization_input_id: String,
271 pub build_recipe_id: String,
272 pub canonical_embedded_config_sha256: String,
273 pub network: String,
274 pub root_trust_anchor: String,
275 pub runtime_variant: String,
276}
277
278#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
282pub struct BuildMaterializationResultV1 {
283 pub materialization_result_id: String,
284 pub build_recipe_id: String,
285 pub materialization_input_digest: String,
286 pub wasm_sha256: String,
287 pub wasm_gz_sha256: String,
288 pub installed_module_hash: String,
289 pub candid_sha256: String,
290}
291
292#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
296pub struct BuildMaterializationEvidenceV1 {
297 pub schema_version: u32,
298 pub evidence_id: String,
299 pub recipe: BuildRecipeIdentityV1,
300 pub materialization_input: BuildMaterializationInputV1,
301 pub materialization_result: BuildMaterializationResultV1,
302 pub computed_materialization_input_digest: String,
303 pub recipe_id_matches_input: bool,
304 pub recipe_id_matches_result: bool,
305 pub materialization_input_digest_matches_result: bool,
306}
307
308#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
312pub struct PromotionMaterializationIdentityReportV1 {
313 pub schema_version: u32,
314 pub report_id: String,
315 pub status: PromotionReadinessStatusV1,
316 pub roles: Vec<RolePromotionMaterializationIdentityV1>,
317 pub output_groups: Vec<PromotionMaterializationOutputGroupV1>,
318 pub blockers: Vec<SafetyFindingV1>,
319}
320
321#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
325pub struct RolePromotionMaterializationIdentityV1 {
326 pub role: String,
327 pub evidence_id: String,
328 pub recipe_id: String,
329 pub materialization_input_id: String,
330 pub materialization_result_id: String,
331 pub materialization_input_digest: String,
332 pub canonical_embedded_config_sha256: String,
333 pub network: String,
334 pub root_trust_anchor: String,
335 pub runtime_variant: String,
336 pub wasm_sha256: String,
337 pub wasm_gz_sha256: String,
338 pub installed_module_hash: String,
339 pub candid_sha256: String,
340}
341
342#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
346pub struct PromotionMaterializationOutputGroupV1 {
347 pub output_identity_key: String,
348 pub roles: Vec<String>,
349 pub wasm_sha256: String,
350 pub wasm_gz_sha256: String,
351 pub installed_module_hash: String,
352 pub candid_sha256: String,
353}
354
355#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
359pub struct PromotionArtifactIdentityReportV1 {
360 pub schema_version: u32,
361 pub report_id: String,
362 pub status: PromotionReadinessStatusV1,
363 pub summary: PromotionArtifactIdentitySummaryV1,
364 pub roles: Vec<RolePromotionArtifactIdentityV1>,
365 pub identity_groups: Vec<PromotionArtifactIdentityGroupV1>,
366 pub blockers: Vec<SafetyFindingV1>,
367}
368
369#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
373pub struct PromotionArtifactIdentitySummaryV1 {
374 pub role_count: usize,
375 pub identity_group_count: usize,
376 pub shared_identity_group_count: usize,
377 pub digest_pinned_role_count: usize,
378 pub source_build_role_count: usize,
379 pub deferred_identity_role_count: usize,
380}
381
382#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
386pub struct PromotionWasmStoreIdentityReportV1 {
387 pub schema_version: u32,
388 pub report_id: String,
389 pub status: PromotionReadinessStatusV1,
390 pub roles: Vec<RolePromotionWasmStoreIdentityV1>,
391 pub blockers: Vec<SafetyFindingV1>,
392}
393
394#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
398pub struct RolePromotionWasmStoreIdentityV1 {
399 pub role: String,
400 pub artifact_identity: String,
401 pub transport: ArtifactTransportV1,
402 pub wasm_store_locator: Option<String>,
403 pub prepared_chunk_hashes: Vec<String>,
404 pub published_chunk_count: usize,
405 pub verified_postcondition: VerifiedPostconditionV1,
406}
407
408#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
412pub struct PromotionArtifactIdentityGroupV1 {
413 pub identity_key: String,
414 pub identity_kind: PromotionArtifactIdentityKindV1,
415 pub roles: Vec<String>,
416 pub source_kinds: Vec<RoleArtifactSourceKindV1>,
417 pub source_locators: Vec<String>,
418 pub digest_pinned: bool,
419 pub wasm_sha256: Option<String>,
420 pub wasm_gz_sha256: Option<String>,
421 pub candid_sha256: Option<String>,
422 pub canonical_embedded_config_sha256: Option<String>,
423}
424
425#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
429pub struct RolePromotionArtifactIdentityV1 {
430 pub role: String,
431 pub promotion_level: PromotionArtifactLevelV1,
432 pub source_kind: RoleArtifactSourceKindV1,
433 pub source_locator: Option<String>,
434 pub identity_kind: PromotionArtifactIdentityKindV1,
435 pub digest_pinned: bool,
436 pub wasm_sha256: Option<String>,
437 pub wasm_gz_sha256: Option<String>,
438 pub candid_sha256: Option<String>,
439 pub canonical_embedded_config_sha256: Option<String>,
440}
441
442#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
446pub enum PromotionArtifactIdentityKindV1 {
447 SealedWasm,
448 SealedCompressedWasm,
449 SealedWasmAndCompressedWasm,
450 SourceBuild,
451 Deferred,
452}
453
454#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
458pub struct PromotionReadinessV1 {
459 pub schema_version: u32,
460 pub readiness_id: String,
461 pub target_plan_id: String,
462 pub status: PromotionReadinessStatusV1,
463 pub roles: Vec<RolePromotionReadinessV1>,
464 pub blockers: Vec<SafetyFindingV1>,
465 pub warnings: Vec<SafetyFindingV1>,
466}
467
468#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
472pub struct PromotionPlanTransformV1 {
473 pub schema_version: u32,
474 pub transform_id: String,
475 pub target_plan_id: String,
476 pub promoted_plan_id: String,
477 pub promotion_plan_lineage_digest: String,
478 pub promoted_plan: DeploymentPlanV1,
479 pub roles: Vec<RolePromotionPlanTransformV1>,
480}
481
482#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
486pub struct ArtifactPromotionPlanV1 {
487 pub schema_version: u32,
488 pub plan_id: String,
489 pub generated_at: String,
490 pub status: PromotionReadinessStatusV1,
491 pub target_plan_id: String,
492 pub promoted_plan_id: String,
493 pub promotion_plan_lineage_digest: String,
494 pub readiness: PromotionReadinessV1,
495 pub artifact_identity_report: PromotionArtifactIdentityReportV1,
496 pub transform: PromotionPlanTransformV1,
497 pub target_execution_lineage: Option<PromotionTargetExecutionLineageV1>,
498 pub blockers: Vec<SafetyFindingV1>,
499}
500
501#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
505pub struct ArtifactPromotionProvenanceReportV1 {
506 pub schema_version: u32,
507 pub report_id: String,
508 pub status: PromotionReadinessStatusV1,
509 pub artifact_promotion_plan_id: String,
510 pub target_plan_id: String,
511 pub promoted_plan_id: String,
512 pub promotion_plan_lineage_digest: String,
513 pub readiness_id: String,
514 pub artifact_identity_report_id: String,
515 pub transform_id: String,
516 pub target_execution_lineage_id: Option<String>,
517 pub wasm_store_identity_report_id: Option<String>,
518 pub materialization_identity_report_id: Option<String>,
519 pub execution_attempted: bool,
520 pub roles: Vec<RolePromotionProvenanceV1>,
521 pub blockers: Vec<SafetyFindingV1>,
522}
523
524#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
528pub struct ArtifactPromotionExecutionReceiptV1 {
529 pub schema_version: u32,
530 pub receipt_id: String,
531 pub artifact_promotion_plan_id: String,
532 pub provenance_report_id: String,
533 pub provenance_status: PromotionReadinessStatusV1,
534 pub promoted_plan_id: String,
535 pub promotion_plan_lineage_digest: String,
536 pub operation_id: String,
537 pub operation_status: DeploymentExecutionStatusV1,
538 pub command_result: DeploymentCommandResultV1,
539 pub started_at: String,
540 pub finished_at: Option<String>,
541 pub deployment_receipt: DeploymentReceiptV1,
542 pub roles: Vec<RolePromotionExecutionReceiptV1>,
543}
544
545#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
549pub struct RolePromotionExecutionReceiptV1 {
550 pub role: String,
551 pub promotion_level: PromotionArtifactLevelV1,
552 pub materialization_evidence_id: Option<String>,
553 pub wasm_store_locator: Option<String>,
554 pub role_phase_result: Option<RolePhaseResultV1>,
555 pub artifact_digest: Option<String>,
556 pub observed_module_hash_after: Option<String>,
557 pub canonical_embedded_config_sha256: Option<String>,
558}
559
560#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
564pub struct RolePromotionProvenanceV1 {
565 pub role: String,
566 pub promotion_level: PromotionArtifactLevelV1,
567 pub source_kind: RoleArtifactSourceKindV1,
568 pub artifact_identity_changed: bool,
569 pub embedded_config_changed: bool,
570 pub target_materialization_preserved: bool,
571 pub materialization_evidence_id: Option<String>,
572 pub wasm_store_locator: Option<String>,
573}
574
575#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
579pub struct PromotionPlanTransformEvidenceV1 {
580 pub schema_version: u32,
581 pub evidence_id: String,
582 pub generated_at: String,
583 pub transform: PromotionPlanTransformV1,
584}
585
586#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
590pub struct PromotionTargetExecutionLineageV1 {
591 pub schema_version: u32,
592 pub lineage_id: String,
593 pub generated_at: String,
594 pub target_execution_lineage_digest: String,
595 pub transform: PromotionPlanTransformV1,
596 pub execution_preflight: DeploymentExecutionPreflightV1,
597 pub execution_attempted: bool,
598}
599
600#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
604pub struct RolePromotionPlanTransformV1 {
605 pub role: String,
606 pub promotion_level: PromotionArtifactLevelV1,
607 pub source_kind: RoleArtifactSourceKindV1,
608 pub source_locator: Option<String>,
609 pub artifact_source_before: ArtifactSourceV1,
610 pub artifact_source_after: ArtifactSourceV1,
611 pub wasm_sha256_before: Option<String>,
612 pub wasm_sha256_after: Option<String>,
613 pub wasm_gz_sha256_before: Option<String>,
614 pub wasm_gz_sha256_after: Option<String>,
615 pub candid_sha256_before: Option<String>,
616 pub candid_sha256_after: Option<String>,
617 pub canonical_embedded_config_sha256_before: Option<String>,
618 pub canonical_embedded_config_sha256_after: Option<String>,
619 pub artifact_identity_changed: bool,
620 pub embedded_config_changed: bool,
621 pub target_materialization_preserved: bool,
622 pub source_build_materialization: Option<RolePromotionMaterializationLinkV1>,
623}
624
625#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
629pub struct RolePromotionMaterializationLinkV1 {
630 pub role: String,
631 pub evidence_id: String,
632 pub recipe_id: String,
633 pub materialization_input_id: String,
634 pub materialization_result_id: String,
635 pub materialization_input_digest: String,
636 pub wasm_sha256: String,
637 pub wasm_gz_sha256: String,
638 pub installed_module_hash: String,
639 pub candid_sha256: String,
640}
641
642#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
646pub enum PromotionReadinessStatusV1 {
647 Ready,
648 Blocked,
649}
650
651#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
655pub struct RolePromotionReadinessV1 {
656 pub role: String,
657 pub promotion_level: PromotionArtifactLevelV1,
658 pub source_kind: RoleArtifactSourceKindV1,
659 pub source_locator: Option<String>,
660 pub source_wasm_sha256: Option<String>,
661 pub source_wasm_gz_sha256: Option<String>,
662 pub target_wasm_sha256: Option<String>,
663 pub target_wasm_gz_sha256: Option<String>,
664 pub source_canonical_embedded_config_sha256: Option<String>,
665 pub target_canonical_embedded_config_sha256: Option<String>,
666 pub byte_identical_wasm: Option<bool>,
667 pub embedded_config_identical: Option<bool>,
668 pub target_store_has_artifact: Option<bool>,
669 pub restage_required: bool,
670}
671
672#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
676pub enum RoleArtifactSourceKindV1 {
677 WorkspacePackage,
678 PublishedPackage,
679 LocalWasm,
680 LocalWasmGz,
681 PreviousReceiptArtifact,
682 CanonicalWasmStoreDefault,
683}
684
685#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
689pub enum PreviousArtifactReceiptKindV1 {
690 DeploymentReceipt,
691 StagingReceipt,
692}
693
694#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
698pub struct AuthorityReceiptV1 {
699 pub schema_version: u32,
700 pub operation_id: String,
701 pub check_id: Option<String>,
702 pub reconciliation_plan_id: String,
703 pub authority_report_id: String,
704 pub inventory_id: String,
705 pub authority_profile_hash: Option<String>,
706 pub operation_status: DeploymentExecutionStatusV1,
707 pub started_at: String,
708 pub finished_at: Option<String>,
709 pub attempted_actions: Vec<AuthorityAttemptedActionV1>,
710 pub verified_controller_observations: Vec<AuthorityControllerObservationV1>,
711 pub hard_failures: Vec<SafetyFindingV1>,
712 pub unresolved_observation_gaps: Vec<DeploymentObservationGapV1>,
713 pub unresolved_external_actions: Vec<AuthorityExternalActionV1>,
714 pub command_result: DeploymentCommandResultV1,
715}
716
717#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
721pub struct AuthorityDryRunEvidenceV1 {
722 pub schema_version: u32,
723 pub evidence_id: String,
724 pub check_id: String,
725 pub generated_at: String,
726 pub reconciliation_plan: AuthorityReconciliationPlanV1,
727 pub authority_report: AuthorityReportV1,
728 pub authority_receipt: AuthorityReceiptV1,
729}
730
731#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
735pub struct AuthorityAttemptedActionV1 {
736 pub subject: String,
737 pub canister_id: Option<String>,
738 pub role: Option<String>,
739 pub action: AuthorityActionV1,
740 pub result: RolePhaseResultV1,
741 pub error: Option<String>,
742}
743
744#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
748pub struct AuthorityControllerObservationV1 {
749 pub subject: String,
750 pub canister_id: Option<String>,
751 pub role: Option<String>,
752 pub state: AuthorityReconciliationStateV1,
753 pub action: AuthorityActionV1,
754 pub observed_controllers: Vec<String>,
755 pub desired_controllers: Vec<String>,
756 pub controller_delta: AuthorityControllerDeltaV1,
757}
758
759#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
763pub struct RoleArtifactManifestV1 {
764 pub schema_version: u32,
765 pub manifest_id: String,
766 pub network: String,
767 pub artifact_root: Option<String>,
768 pub role_artifacts: Vec<RoleArtifactV1>,
769 pub unresolved_artifacts: Vec<DeploymentObservationGapV1>,
770}
771
772#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
776pub struct DeploymentDiffV1 {
777 pub schema_version: u32,
778 pub plan_identity: DeploymentIdentityV1,
779 pub observed_identity: Option<DeploymentIdentityV1>,
780 pub artifact_diff: Vec<DiffItemV1>,
781 pub controller_diff: Vec<DiffItemV1>,
782 pub pool_diff: Vec<DiffItemV1>,
783 pub embedded_config_diff: Vec<DiffItemV1>,
784 pub module_hash_diff: Vec<DiffItemV1>,
785 pub verifier_readiness_diff: Vec<DiffItemV1>,
786 pub resume_safety: ResumeSafetyV1,
787 pub hard_failures: Vec<SafetyFindingV1>,
788 pub warnings: Vec<SafetyFindingV1>,
789 pub resumable_phases: Vec<String>,
790}
791
792#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
796pub struct SafetyReportV1 {
797 pub schema_version: u32,
798 pub report_id: String,
799 pub diff_id: Option<String>,
800 pub status: SafetyStatusV1,
801 pub summary: String,
802 pub hard_failures: Vec<SafetyFindingV1>,
803 pub warnings: Vec<SafetyFindingV1>,
804 pub next_actions: Vec<String>,
805}
806
807#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
811pub struct DeploymentCheckV1 {
812 pub schema_version: u32,
813 pub check_id: String,
814 pub plan: DeploymentPlanV1,
815 pub inventory: DeploymentInventoryV1,
816 pub diff: DeploymentDiffV1,
817 pub report: SafetyReportV1,
818}
819
820#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
824pub struct AuthorityReconciliationPlanV1 {
825 pub schema_version: u32,
826 pub plan_id: String,
827 pub inventory_id: String,
828 pub authority_profile_hash: Option<String>,
829 pub canister_actions: Vec<CanisterAuthorityActionV1>,
830 pub automatic_actions: Vec<AuthorityAutomaticActionV1>,
831 pub hard_failures: Vec<SafetyFindingV1>,
832 pub external_actions_required: Vec<AuthorityExternalActionV1>,
833}
834
835#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
839pub struct AuthorityAutomaticActionV1 {
840 pub subject: String,
841 pub canister_id: String,
842 pub role: Option<String>,
843 pub action: AuthorityActionV1,
844 pub observed_controllers: Vec<String>,
845 pub desired_controllers: Vec<String>,
846 pub controller_delta: AuthorityControllerDeltaV1,
847 pub reason: String,
848}
849
850#[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)]
854pub struct AuthorityControllerDeltaV1 {
855 pub add_controllers: Vec<String>,
856 pub remove_controllers: Vec<String>,
857}
858
859#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
863pub struct AuthorityReportV1 {
864 pub schema_version: u32,
865 pub report_id: String,
866 pub check_id: Option<String>,
867 pub reconciliation_plan_id: String,
868 pub inventory_id: String,
869 pub authority_profile_hash: Option<String>,
870 pub status: SafetyStatusV1,
871 pub summary: String,
872 pub counts: AuthorityReportCountsV1,
873 pub apply_readiness: AuthorityApplyReadinessV1,
874 pub action_counts: Vec<AuthorityActionCountV1>,
875 pub control_class_counts: Vec<AuthorityControlClassCountV1>,
876 pub observation_gaps: Vec<DeploymentObservationGapV1>,
877 pub automatic_actions: Vec<AuthorityAutomaticActionV1>,
878 pub hard_failures: Vec<SafetyFindingV1>,
879 pub external_actions_required: Vec<AuthorityExternalActionV1>,
880 pub next_actions: Vec<String>,
881}
882
883#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
887pub struct AuthorityApplyReadinessV1 {
888 pub can_apply_automatically: bool,
889 pub automatic_action_count: usize,
890 pub blockers: Vec<AuthorityApplyBlockerV1>,
891}
892
893#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
897pub enum AuthorityApplyBlockerV1 {
898 UnsafeBlocked,
899 HardFailures,
900 ObservationGaps,
901 ExternalActions,
902}
903
904#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
908pub struct AuthorityActionCountV1 {
909 pub action: AuthorityActionV1,
910 pub count: usize,
911}
912
913#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
917pub struct AuthorityControlClassCountV1 {
918 pub control_class: CanisterControlClassV1,
919 pub count: usize,
920}
921
922#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
926pub struct AuthorityReportCountsV1 {
927 pub already_correct: usize,
928 pub can_apply_automatically: usize,
929 pub requires_external_action: usize,
930 pub unsafe_blocked: usize,
931 pub unknown: usize,
932 pub hard_failures: usize,
933}
934
935#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
939pub struct CanisterAuthorityActionV1 {
940 pub canister_id: Option<String>,
941 pub role: Option<String>,
942 pub control_classification: CanisterControlClassV1,
943 pub observed_controllers: Vec<String>,
944 pub desired_controllers: Vec<String>,
945 pub controller_delta: AuthorityControllerDeltaV1,
946 pub action: AuthorityActionV1,
947 pub state: AuthorityReconciliationStateV1,
948 pub can_apply: bool,
949 pub reason: String,
950}
951
952#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
956pub struct AuthorityExternalActionV1 {
957 pub subject: String,
958 pub canister_id: Option<String>,
959 pub role: Option<String>,
960 pub control_classification: CanisterControlClassV1,
961 pub state: AuthorityReconciliationStateV1,
962 pub action: AuthorityActionV1,
963 pub observed_controllers: Vec<String>,
964 pub desired_controllers: Vec<String>,
965 pub controller_delta: AuthorityControllerDeltaV1,
966 pub reason: String,
967}
968
969#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
973pub enum AuthorityActionV1 {
974 None,
975 AddControllers,
976 RemoveControllers,
977 ReplaceControllerSet,
978 RequiresExternalController,
979 RequiresDestructiveImportConfirmation,
980 ObserveOnly,
981 AdoptPlanAvailable,
982 BlockedByPolicy,
983 UnknownObservation,
984}
985
986#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
990pub enum AuthorityReconciliationStateV1 {
991 AlreadyCorrect,
992 CanApplyAutomatically,
993 RequiresExternalAction,
994 UnsafeBlocked,
995 Unknown,
996}
997
998#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1002pub struct DeploymentIdentityV1 {
1003 pub deployment_name: String,
1004 pub network: String,
1005 pub root_principal: Option<String>,
1006 pub authority_profile_hash: Option<String>,
1007 pub role_topology_hash: Option<String>,
1008 pub deployment_manifest_digest: Option<String>,
1009 pub canonical_runtime_config_digest: Option<String>,
1010 pub role_embedded_config_set_digest: Option<String>,
1011 pub artifact_set_digest: Option<String>,
1012 pub pool_identity_set_digest: Option<String>,
1013 pub canic_version: Option<String>,
1014 pub ic_memory_version: Option<String>,
1015}
1016
1017#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1021pub struct TrustDomainV1 {
1022 pub root_trust_anchor: Option<String>,
1023 pub migration_from: Option<String>,
1024}
1025
1026#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1030pub struct AuthorityProfileV1 {
1031 pub profile_id: String,
1032 pub expected_controllers: Vec<String>,
1033 pub staging_controllers: Vec<String>,
1034 pub emergency_controllers: Vec<String>,
1035}
1036
1037#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1041pub struct RoleArtifactV1 {
1042 pub role: String,
1043 pub source: ArtifactSourceV1,
1044 pub build_profile: String,
1045 pub wasm_path: Option<String>,
1046 pub wasm_gz_path: Option<String>,
1047 pub wasm_gz_size_bytes: Option<u64>,
1048 pub wasm_sha256: Option<String>,
1049 pub wasm_gz_sha256: Option<String>,
1050 pub wasm_gz_sha256_source: Option<ArtifactDigestSourceV1>,
1051 pub observed_wasm_gz_file_sha256: Option<String>,
1052 pub observed_wasm_gz_file_sha256_source: Option<ArtifactDigestSourceV1>,
1053 pub installed_module_hash: Option<String>,
1054 pub candid_path: Option<String>,
1055 pub candid_sha256: Option<String>,
1056 pub raw_config_sha256: Option<String>,
1057 pub canonical_embedded_config_sha256: Option<String>,
1058 pub embedded_topology_sha256: Option<String>,
1059 pub builder_version: Option<String>,
1060 pub rust_toolchain: Option<String>,
1061 pub package_version: Option<String>,
1062}
1063
1064#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1068pub enum ArtifactDigestSourceV1 {
1069 ReleaseSetManifest,
1070 ObservedFileDigest,
1071 InstalledModuleHash,
1072}
1073
1074#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1078pub enum ArtifactSourceV1 {
1079 LocalBuild,
1080 ReleaseSet,
1081 WasmStore,
1082 External,
1083 Unknown,
1084}
1085
1086#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1090pub struct ExpectedCanisterV1 {
1091 pub role: String,
1092 pub canister_id: Option<String>,
1093 pub control_class: CanisterControlClassV1,
1094}
1095
1096#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1100pub struct ObservedCanisterV1 {
1101 pub canister_id: String,
1102 pub role: Option<String>,
1103 pub control_class: CanisterControlClassV1,
1104 pub controllers: Vec<String>,
1105 pub module_hash: Option<String>,
1106 pub status: Option<String>,
1107 pub root_trust_anchor: Option<String>,
1108 pub canonical_embedded_config_digest: Option<String>,
1109 pub role_assignment_source: Option<String>,
1110}
1111
1112#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1116pub enum CanisterControlClassV1 {
1117 DeploymentControlled,
1118 CanicManagedPool,
1119 ExternallyImported,
1120 JointlyControlled,
1121 UserControlled,
1122 UnknownUnsafe,
1123}
1124
1125#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1129pub struct ExpectedPoolCanisterV1 {
1130 pub pool: String,
1131 pub canister_id: Option<String>,
1132 pub role: Option<String>,
1133}
1134
1135#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1139pub struct ObservedPoolCanisterV1 {
1140 pub pool: String,
1141 pub canister_id: String,
1142 pub role: Option<String>,
1143 pub control_class: CanisterControlClassV1,
1144}
1145
1146#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1150pub struct LocalDeploymentConfigV1 {
1151 pub config_path: Option<String>,
1152 pub raw_config_sha256: Option<String>,
1153 pub canonical_embedded_config_sha256: Option<String>,
1154}
1155
1156#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1160pub struct ObservedArtifactV1 {
1161 pub role: String,
1162 pub artifact_path: String,
1163 pub file_sha256: Option<String>,
1164 pub file_sha256_source: Option<ArtifactDigestSourceV1>,
1165 pub payload_sha256: Option<String>,
1166 pub payload_size_bytes: Option<u64>,
1167 pub source: ArtifactSourceV1,
1168}
1169
1170#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1174pub struct VerifierReadinessExpectationV1 {
1175 pub required: bool,
1176 pub expected_role_epochs: Vec<RoleEpochExpectationV1>,
1177}
1178
1179#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1183pub struct VerifierReadinessObservationV1 {
1184 pub status: ObservationStatusV1,
1185 pub role_epochs: Vec<RoleEpochObservationV1>,
1186}
1187
1188#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1192pub struct RoleEpochExpectationV1 {
1193 pub role: String,
1194 pub minimum_epoch: u64,
1195}
1196
1197#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1201pub struct RoleEpochObservationV1 {
1202 pub role: String,
1203 pub observed_epoch: Option<u64>,
1204 pub status: ObservationStatusV1,
1205}
1206
1207#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1211pub struct DeploymentAssumptionV1 {
1212 pub key: String,
1213 pub description: String,
1214}
1215
1216#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1220pub struct DeploymentObservationGapV1 {
1221 pub key: String,
1222 pub description: String,
1223}
1224
1225#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1229pub struct PhaseReceiptV1 {
1230 pub phase: String,
1231 pub started_at: String,
1232 pub finished_at: Option<String>,
1233 pub attempted_action: String,
1234 pub verified_postcondition: VerifiedPostconditionV1,
1235}
1236
1237#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1241pub struct VerifiedPostconditionV1 {
1242 pub status: ObservationStatusV1,
1243 pub evidence: Vec<String>,
1244}
1245
1246#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1250pub enum DeploymentExecutionStatusV1 {
1251 NotStarted,
1252 InProgress,
1253 FailedBeforeMutation,
1254 PartiallyApplied,
1255 FailedAfterMutation,
1256 Complete,
1257}
1258
1259#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1263pub enum DeploymentCommandResultV1 {
1264 NotFinished,
1265 Succeeded,
1266 Failed { code: String, message: String },
1267}
1268
1269#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1273pub struct RolePhaseReceiptV1 {
1274 pub role: String,
1275 pub phase: String,
1276 pub result: RolePhaseResultV1,
1277 pub previous_module_hash: Option<String>,
1278 pub target_module_hash: Option<String>,
1279 pub observed_module_hash_after: Option<String>,
1280 pub artifact_digest: Option<String>,
1281 pub canonical_embedded_config_sha256: Option<String>,
1282 pub error: Option<String>,
1283}
1284
1285#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1289pub enum RolePhaseResultV1 {
1290 Applied,
1291 Failed,
1292 Skipped,
1293 NotAttempted,
1294 VerifiedAlreadyApplied,
1295}
1296
1297#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1301pub struct DiffItemV1 {
1302 pub category: String,
1303 pub subject: String,
1304 pub expected: Option<String>,
1305 pub observed: Option<String>,
1306 pub severity: SafetySeverityV1,
1307}
1308
1309#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1313pub struct ResumeSafetyV1 {
1314 pub status: SafetyStatusV1,
1315 pub reasons: Vec<String>,
1316}
1317
1318#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1322pub struct SafetyFindingV1 {
1323 pub code: String,
1324 pub message: String,
1325 pub severity: SafetySeverityV1,
1326 pub subject: Option<String>,
1327}
1328
1329#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1333pub enum SafetyStatusV1 {
1334 NotEvaluated,
1335 Safe,
1336 Warning,
1337 Blocked,
1338}
1339
1340#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1344pub enum SafetySeverityV1 {
1345 Info,
1346 Warning,
1347 HardFailure,
1348}
1349
1350#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1354pub enum ObservationStatusV1 {
1355 NotObserved,
1356 Observed,
1357 Missing,
1358 Inconclusive,
1359}