1use serde::{Deserialize, Serialize};
2
3#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
7pub struct DeploymentPlanV1 {
8 pub schema_version: u32,
9 pub plan_id: String,
10 pub deployment_identity: DeploymentIdentityV1,
11 pub trust_domain: TrustDomainV1,
12 pub fleet_template: String,
13 pub runtime_variant: String,
14 pub authority_profile: AuthorityProfileV1,
15 pub role_artifacts: Vec<RoleArtifactV1>,
16 pub expected_canisters: Vec<ExpectedCanisterV1>,
17 pub expected_pool: Vec<ExpectedPoolCanisterV1>,
18 pub expected_verifier_readiness: VerifierReadinessExpectationV1,
19 pub unresolved_assumptions: Vec<DeploymentAssumptionV1>,
20}
21
22#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
26pub struct DeploymentInventoryV1 {
27 pub schema_version: u32,
28 pub inventory_id: String,
29 pub observed_at: String,
30 pub observed_identity: Option<DeploymentIdentityV1>,
31 pub local_config: LocalDeploymentConfigV1,
32 pub observed_canisters: Vec<ObservedCanisterV1>,
33 pub observed_pool: Vec<ObservedPoolCanisterV1>,
34 pub observed_artifacts: Vec<ObservedArtifactV1>,
35 pub observed_verifier_readiness: VerifierReadinessObservationV1,
36 pub unresolved_observations: Vec<DeploymentObservationGapV1>,
37}
38
39#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
43pub struct DeploymentReceiptV1 {
44 pub schema_version: u32,
45 pub operation_id: String,
46 pub plan_id: String,
47 pub execution_context: Option<DeploymentExecutionContextV1>,
48 pub operation_status: DeploymentExecutionStatusV1,
49 pub started_at: String,
50 pub finished_at: Option<String>,
51 pub operator_principal: Option<String>,
52 pub root_principal: Option<String>,
53 pub previous_observed_deployment_epoch: Option<u64>,
54 pub phase_receipts: Vec<PhaseReceiptV1>,
55 pub role_phase_receipts: Vec<RolePhaseReceiptV1>,
56 pub final_inventory_id: Option<String>,
57 pub command_result: DeploymentCommandResultV1,
58}
59
60#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
64pub struct DeploymentExecutionContextV1 {
65 pub workspace_root: Option<String>,
66 pub icp_root: Option<String>,
67 pub artifact_roots: Vec<String>,
68 pub backend: DeploymentExecutorBackendV1,
69 pub backend_capabilities: Vec<DeploymentExecutorCapabilityV1>,
70}
71
72#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
76pub struct DeploymentExecutionPreflightV1 {
77 pub schema_version: u32,
78 pub plan_id: String,
79 pub safety_report_id: String,
80 pub authority_plan_id: String,
81 pub backend: DeploymentExecutorBackendV1,
82 pub status: DeploymentExecutionPreflightStatusV1,
83 pub planned_phases: Vec<String>,
84 pub required_capabilities: Vec<DeploymentExecutorCapabilityV1>,
85 pub missing_capabilities: Vec<DeploymentExecutorCapabilityV1>,
86 pub blockers: Vec<SafetyFindingV1>,
87}
88
89#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
93pub enum DeploymentExecutionPreflightStatusV1 {
94 Ready,
95 Blocked,
96}
97
98#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
102pub enum DeploymentExecutorBackendV1 {
103 CurrentCli,
104 PocketIc,
105 DirectAgent,
106 Other { name: String },
107}
108
109#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
113pub enum DeploymentExecutorCapabilityV1 {
114 CreateCanister,
115 CanisterStatus,
116 UpdateSettings,
117 InstallCode,
118 Call,
119 Query,
120 StageArtifact,
121}
122
123#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
127pub enum ArtifactTransportV1 {
128 LocalCli,
129 WasmStore,
130 DirectAgent,
131}
132
133#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
137pub struct StagingReceiptV1 {
138 pub schema_version: u32,
139 pub role: String,
140 pub artifact_identity: String,
141 pub transport: ArtifactTransportV1,
142 pub wasm_store_locator: Option<String>,
143 pub prepared_chunk_hashes: Vec<String>,
144 pub published_chunk_count: usize,
145 pub verified_postcondition: VerifiedPostconditionV1,
146}
147
148#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
152pub struct RoleArtifactSourceV1 {
153 pub role: String,
154 pub kind: RoleArtifactSourceKindV1,
155 pub locator: Option<String>,
156 pub previous_receipt_kind: Option<PreviousArtifactReceiptKindV1>,
157 pub previous_receipt_lineage_digest: Option<String>,
158 pub expected_wasm_sha256: Option<String>,
159 pub expected_wasm_gz_sha256: Option<String>,
160 pub expected_candid_sha256: Option<String>,
161 pub expected_canonical_embedded_config_sha256: Option<String>,
162}
163
164#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
168pub struct RolePromotionInputV1 {
169 pub role: String,
170 pub promotion_level: PromotionArtifactLevelV1,
171 pub source: RoleArtifactSourceV1,
172 pub require_byte_identical_wasm: bool,
173 pub require_target_embedded_config: bool,
174 pub target_store_has_artifact: Option<bool>,
175}
176
177#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
181pub struct RolePromotionPolicyV1 {
182 pub role: String,
183 pub allowed_promotion_levels: Vec<PromotionArtifactLevelV1>,
184 pub requirements: Vec<PromotionPolicyRequirementV1>,
185}
186
187#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
191pub enum PromotionPolicyRequirementV1 {
192 SameSourceRevision,
193 SameCargoFeatures,
194 TargetConfigDigest,
195 ByteIdenticalWasm,
196 SealedBytes,
197}
198
199#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
203pub enum PromotionPolicyClaimV1 {
204 ByteIdenticalWasm,
205 TargetConfigDigest,
206}
207
208#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
212pub struct PromotionPolicyCheckV1 {
213 pub schema_version: u32,
214 pub check_id: String,
215 pub promotion_policy_check_digest: String,
216 pub status: PromotionReadinessStatusV1,
217 pub roles: Vec<RolePromotionPolicyDecisionV1>,
218 pub blockers: Vec<SafetyFindingV1>,
219}
220
221#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
225pub struct RolePromotionPolicyDecisionV1 {
226 pub role: String,
227 pub requested_promotion_level: PromotionArtifactLevelV1,
228 pub allowed_promotion_levels: Vec<PromotionArtifactLevelV1>,
229 pub requirements: Vec<PromotionPolicyRequirementV1>,
230 pub claims: Vec<PromotionPolicyClaimV1>,
231 pub level_allowed: bool,
232 pub policy_satisfied: bool,
233}
234
235#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
239pub enum PromotionArtifactLevelV1 {
240 SealedWasm,
241 SourceBuild,
242}
243
244#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
248pub struct BuildRecipeIdentityV1 {
249 pub recipe_id: String,
250 pub source_kind: RoleArtifactSourceKindV1,
251 pub source_revision: String,
252 pub source_tree_clean: bool,
253 pub package_or_role_selector: String,
254 pub cargo_profile: String,
255 pub cargo_features_digest: String,
256 pub cargo_lock_digest: String,
257 pub rust_toolchain: String,
258 pub builder_version: String,
259 pub target_triple: String,
260 pub linker_identity: String,
261 pub deterministic_build_mode: String,
262 pub wasm_opt_version: String,
263 pub compression_identity: String,
264}
265
266#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
270pub struct BuildMaterializationInputV1 {
271 pub materialization_input_id: String,
272 pub build_recipe_id: String,
273 pub canonical_embedded_config_sha256: String,
274 pub network: String,
275 pub root_trust_anchor: String,
276 pub runtime_variant: String,
277}
278
279#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
283pub struct BuildMaterializationResultV1 {
284 pub materialization_result_id: String,
285 pub build_recipe_id: String,
286 pub materialization_input_digest: String,
287 pub wasm_sha256: String,
288 pub wasm_gz_sha256: String,
289 pub installed_module_hash: String,
290 pub candid_sha256: String,
291}
292
293#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
297pub struct BuildMaterializationEvidenceV1 {
298 pub schema_version: u32,
299 pub evidence_id: String,
300 pub materialization_evidence_digest: String,
301 pub recipe: BuildRecipeIdentityV1,
302 pub materialization_input: BuildMaterializationInputV1,
303 pub materialization_result: BuildMaterializationResultV1,
304 pub computed_materialization_input_digest: String,
305 pub recipe_id_matches_input: bool,
306 pub recipe_id_matches_result: bool,
307 pub materialization_input_digest_matches_result: bool,
308}
309
310#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
314pub struct PromotionMaterializationIdentityReportV1 {
315 pub schema_version: u32,
316 pub report_id: String,
317 pub materialization_identity_report_digest: String,
318 pub status: PromotionReadinessStatusV1,
319 pub roles: Vec<RolePromotionMaterializationIdentityV1>,
320 pub output_groups: Vec<PromotionMaterializationOutputGroupV1>,
321 pub blockers: Vec<SafetyFindingV1>,
322}
323
324#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
328pub struct RolePromotionMaterializationIdentityV1 {
329 pub role: String,
330 pub evidence_id: String,
331 pub materialization_evidence_digest: String,
332 pub recipe_id: String,
333 pub materialization_input_id: String,
334 pub materialization_result_id: String,
335 pub materialization_input_digest: String,
336 pub canonical_embedded_config_sha256: String,
337 pub network: String,
338 pub root_trust_anchor: String,
339 pub runtime_variant: String,
340 pub wasm_sha256: String,
341 pub wasm_gz_sha256: String,
342 pub installed_module_hash: String,
343 pub candid_sha256: String,
344}
345
346#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
350pub struct PromotionMaterializationOutputGroupV1 {
351 pub output_identity_key: String,
352 pub roles: Vec<String>,
353 pub wasm_sha256: String,
354 pub wasm_gz_sha256: String,
355 pub installed_module_hash: String,
356 pub candid_sha256: String,
357}
358
359#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
363pub struct PromotionArtifactIdentityReportV1 {
364 pub schema_version: u32,
365 pub report_id: String,
366 pub artifact_identity_report_digest: String,
367 pub status: PromotionReadinessStatusV1,
368 pub summary: PromotionArtifactIdentitySummaryV1,
369 pub roles: Vec<RolePromotionArtifactIdentityV1>,
370 pub identity_groups: Vec<PromotionArtifactIdentityGroupV1>,
371 pub blockers: Vec<SafetyFindingV1>,
372}
373
374#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
378pub struct PromotionArtifactIdentitySummaryV1 {
379 pub role_count: usize,
380 pub identity_group_count: usize,
381 pub shared_identity_group_count: usize,
382 pub digest_pinned_role_count: usize,
383 pub source_build_role_count: usize,
384 pub deferred_identity_role_count: usize,
385}
386
387#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
391pub struct PromotionWasmStoreIdentityReportV1 {
392 pub schema_version: u32,
393 pub report_id: String,
394 pub wasm_store_identity_report_digest: String,
395 pub status: PromotionReadinessStatusV1,
396 pub roles: Vec<RolePromotionWasmStoreIdentityV1>,
397 pub blockers: Vec<SafetyFindingV1>,
398}
399
400#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
404pub struct RolePromotionWasmStoreIdentityV1 {
405 pub role: String,
406 pub artifact_identity: String,
407 pub transport: ArtifactTransportV1,
408 pub wasm_store_locator: Option<String>,
409 pub prepared_chunk_hashes: Vec<String>,
410 pub published_chunk_count: usize,
411 pub verified_postcondition: VerifiedPostconditionV1,
412}
413
414#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
418pub struct PromotionWasmStoreCatalogEntryV1 {
419 pub locator: String,
420 pub artifact_identity: String,
421 pub published_chunk_count: usize,
422}
423
424#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
428pub struct PromotionWasmStoreCatalogVerificationV1 {
429 pub schema_version: u32,
430 pub verification_id: String,
431 pub wasm_store_catalog_verification_digest: String,
432 pub wasm_store_identity_report_id: String,
433 pub status: PromotionReadinessStatusV1,
434 pub roles: Vec<RolePromotionWasmStoreCatalogVerificationV1>,
435 pub blockers: Vec<SafetyFindingV1>,
436}
437
438#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
442pub struct RolePromotionWasmStoreCatalogVerificationV1 {
443 pub role: String,
444 pub wasm_store_locator: String,
445 pub expected_artifact_identity: String,
446 pub observed_artifact_identity: Option<String>,
447 pub expected_published_chunk_count: usize,
448 pub observed_published_chunk_count: Option<usize>,
449 pub catalog_entry_present: bool,
450 pub catalog_matches: bool,
451 pub catalog_observation_digest: String,
452}
453
454#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
458pub struct PromotionArtifactIdentityGroupV1 {
459 pub identity_key: String,
460 pub identity_kind: PromotionArtifactIdentityKindV1,
461 pub roles: Vec<String>,
462 pub source_kinds: Vec<RoleArtifactSourceKindV1>,
463 pub source_locators: Vec<String>,
464 pub digest_pinned: bool,
465 pub wasm_sha256: Option<String>,
466 pub wasm_gz_sha256: Option<String>,
467 pub candid_sha256: Option<String>,
468 pub canonical_embedded_config_sha256: Option<String>,
469}
470
471#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
475pub struct RolePromotionArtifactIdentityV1 {
476 pub role: String,
477 pub promotion_level: PromotionArtifactLevelV1,
478 pub source_kind: RoleArtifactSourceKindV1,
479 pub source_locator: Option<String>,
480 pub identity_kind: PromotionArtifactIdentityKindV1,
481 pub digest_pinned: bool,
482 pub wasm_sha256: Option<String>,
483 pub wasm_gz_sha256: Option<String>,
484 pub candid_sha256: Option<String>,
485 pub canonical_embedded_config_sha256: Option<String>,
486}
487
488#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
492pub enum PromotionArtifactIdentityKindV1 {
493 SealedWasm,
494 SealedCompressedWasm,
495 SealedWasmAndCompressedWasm,
496 SourceBuild,
497 Deferred,
498}
499
500#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
504pub struct PromotionReadinessV1 {
505 pub schema_version: u32,
506 pub readiness_id: String,
507 pub promotion_readiness_digest: String,
508 pub target_plan_id: String,
509 pub status: PromotionReadinessStatusV1,
510 pub roles: Vec<RolePromotionReadinessV1>,
511 pub blockers: Vec<SafetyFindingV1>,
512 pub warnings: Vec<SafetyFindingV1>,
513}
514
515#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
519pub struct PromotionPlanTransformV1 {
520 pub schema_version: u32,
521 pub transform_id: String,
522 pub target_plan_id: String,
523 pub promoted_plan_id: String,
524 pub promotion_plan_lineage_digest: String,
525 pub promoted_plan: DeploymentPlanV1,
526 pub roles: Vec<RolePromotionPlanTransformV1>,
527}
528
529#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
533pub struct ArtifactPromotionPlanV1 {
534 pub schema_version: u32,
535 pub plan_id: String,
536 pub artifact_promotion_plan_digest: String,
537 pub generated_at: String,
538 pub status: PromotionReadinessStatusV1,
539 pub target_plan_id: String,
540 pub promoted_plan_id: String,
541 pub promotion_plan_lineage_digest: String,
542 pub readiness: PromotionReadinessV1,
543 pub artifact_identity_report: PromotionArtifactIdentityReportV1,
544 pub transform: PromotionPlanTransformV1,
545 pub target_execution_lineage: Option<PromotionTargetExecutionLineageV1>,
546 pub blockers: Vec<SafetyFindingV1>,
547}
548
549#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
553pub struct ArtifactPromotionProvenanceReportV1 {
554 pub schema_version: u32,
555 pub report_id: String,
556 pub status: PromotionReadinessStatusV1,
557 pub artifact_promotion_plan_id: String,
558 pub artifact_promotion_plan_digest: String,
559 pub target_plan_id: String,
560 pub promoted_plan_id: String,
561 pub promotion_plan_lineage_digest: String,
562 pub provenance_report_digest: String,
563 pub readiness_id: String,
564 pub artifact_identity_report_id: String,
565 pub transform_id: String,
566 pub target_execution_lineage_id: Option<String>,
567 pub wasm_store_identity_report_id: Option<String>,
568 pub wasm_store_identity_report_digest: Option<String>,
569 pub wasm_store_catalog_verification_id: Option<String>,
570 pub wasm_store_catalog_verification_digest: Option<String>,
571 pub materialization_identity_report_id: Option<String>,
572 pub materialization_identity_report_digest: Option<String>,
573 pub execution_attempted: bool,
574 pub roles: Vec<RolePromotionProvenanceV1>,
575 pub blockers: Vec<SafetyFindingV1>,
576}
577
578#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
582pub struct ArtifactPromotionExecutionReceiptV1 {
583 pub schema_version: u32,
584 pub receipt_id: String,
585 pub execution_receipt_digest: String,
586 pub artifact_promotion_plan_id: String,
587 pub artifact_promotion_plan_digest: String,
588 pub provenance_report_id: String,
589 pub provenance_report_digest: String,
590 pub provenance_status: PromotionReadinessStatusV1,
591 pub promoted_plan_id: String,
592 pub promotion_plan_lineage_digest: String,
593 pub operation_id: String,
594 pub operation_status: DeploymentExecutionStatusV1,
595 pub command_result: DeploymentCommandResultV1,
596 pub started_at: String,
597 pub finished_at: Option<String>,
598 pub deployment_receipt: DeploymentReceiptV1,
599 pub roles: Vec<RolePromotionExecutionReceiptV1>,
600}
601
602#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
606pub struct RolePromotionExecutionReceiptV1 {
607 pub role: String,
608 pub promotion_level: PromotionArtifactLevelV1,
609 pub materialization_evidence_id: Option<String>,
610 pub materialization_evidence_digest: Option<String>,
611 pub wasm_store_locator: Option<String>,
612 pub wasm_store_catalog_observation_digest: Option<String>,
613 pub role_phase_result: Option<RolePhaseResultV1>,
614 pub artifact_digest: Option<String>,
615 pub observed_module_hash_after: Option<String>,
616 pub canonical_embedded_config_sha256: Option<String>,
617}
618
619#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
623pub struct RolePromotionProvenanceV1 {
624 pub role: String,
625 pub promotion_level: PromotionArtifactLevelV1,
626 pub source_kind: RoleArtifactSourceKindV1,
627 pub artifact_identity_changed: bool,
628 pub embedded_config_changed: bool,
629 pub target_materialization_preserved: bool,
630 pub materialization_evidence_id: Option<String>,
631 pub materialization_evidence_digest: Option<String>,
632 pub wasm_store_locator: Option<String>,
633 pub wasm_store_catalog_observation_digest: Option<String>,
634}
635
636#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
640pub struct PromotionPlanTransformEvidenceV1 {
641 pub schema_version: u32,
642 pub evidence_id: String,
643 pub promotion_plan_transform_evidence_digest: String,
644 pub generated_at: String,
645 pub transform: PromotionPlanTransformV1,
646}
647
648#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
652pub struct PromotionTargetExecutionLineageV1 {
653 pub schema_version: u32,
654 pub lineage_id: String,
655 pub generated_at: String,
656 pub target_execution_lineage_digest: String,
657 pub transform: PromotionPlanTransformV1,
658 pub execution_preflight: DeploymentExecutionPreflightV1,
659 pub execution_attempted: bool,
660}
661
662#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
666pub struct RolePromotionPlanTransformV1 {
667 pub role: String,
668 pub promotion_level: PromotionArtifactLevelV1,
669 pub source_kind: RoleArtifactSourceKindV1,
670 pub source_locator: Option<String>,
671 pub artifact_source_before: ArtifactSourceV1,
672 pub artifact_source_after: ArtifactSourceV1,
673 pub wasm_sha256_before: Option<String>,
674 pub wasm_sha256_after: Option<String>,
675 pub wasm_gz_sha256_before: Option<String>,
676 pub wasm_gz_sha256_after: Option<String>,
677 pub candid_sha256_before: Option<String>,
678 pub candid_sha256_after: Option<String>,
679 pub canonical_embedded_config_sha256_before: Option<String>,
680 pub canonical_embedded_config_sha256_after: Option<String>,
681 pub artifact_identity_changed: bool,
682 pub embedded_config_changed: bool,
683 pub target_materialization_preserved: bool,
684 pub source_build_materialization: Option<RolePromotionMaterializationLinkV1>,
685}
686
687#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
691pub struct RolePromotionMaterializationLinkV1 {
692 pub role: String,
693 pub evidence_id: String,
694 pub materialization_evidence_digest: String,
695 pub recipe_id: String,
696 pub materialization_input_id: String,
697 pub materialization_result_id: String,
698 pub materialization_input_digest: String,
699 pub wasm_sha256: String,
700 pub wasm_gz_sha256: String,
701 pub installed_module_hash: String,
702 pub candid_sha256: String,
703}
704
705#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
709pub enum PromotionReadinessStatusV1 {
710 Ready,
711 Blocked,
712}
713
714#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
718pub struct RolePromotionReadinessV1 {
719 pub role: String,
720 pub promotion_level: PromotionArtifactLevelV1,
721 pub source_kind: RoleArtifactSourceKindV1,
722 pub source_locator: Option<String>,
723 pub source_wasm_sha256: Option<String>,
724 pub source_wasm_gz_sha256: Option<String>,
725 pub target_wasm_sha256: Option<String>,
726 pub target_wasm_gz_sha256: Option<String>,
727 pub source_canonical_embedded_config_sha256: Option<String>,
728 pub target_canonical_embedded_config_sha256: Option<String>,
729 pub byte_identical_wasm: Option<bool>,
730 pub embedded_config_identical: Option<bool>,
731 pub target_store_has_artifact: Option<bool>,
732 pub restage_required: bool,
733}
734
735#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
739pub enum RoleArtifactSourceKindV1 {
740 WorkspacePackage,
741 PublishedPackage,
742 LocalWasm,
743 LocalWasmGz,
744 PreviousReceiptArtifact,
745 CanonicalWasmStoreDefault,
746}
747
748#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
752pub enum PreviousArtifactReceiptKindV1 {
753 DeploymentReceipt,
754 StagingReceipt,
755}
756
757#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
761pub struct AuthorityReceiptV1 {
762 pub schema_version: u32,
763 pub operation_id: String,
764 pub check_id: Option<String>,
765 pub reconciliation_plan_id: String,
766 pub authority_report_id: String,
767 pub inventory_id: String,
768 pub authority_profile_hash: Option<String>,
769 pub operation_status: DeploymentExecutionStatusV1,
770 pub started_at: String,
771 pub finished_at: Option<String>,
772 pub attempted_actions: Vec<AuthorityAttemptedActionV1>,
773 pub verified_controller_observations: Vec<AuthorityControllerObservationV1>,
774 pub hard_failures: Vec<SafetyFindingV1>,
775 pub unresolved_observation_gaps: Vec<DeploymentObservationGapV1>,
776 pub unresolved_external_actions: Vec<AuthorityExternalActionV1>,
777 pub command_result: DeploymentCommandResultV1,
778}
779
780#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
784pub struct AuthorityDryRunEvidenceV1 {
785 pub schema_version: u32,
786 pub evidence_id: String,
787 pub check_id: String,
788 pub generated_at: String,
789 pub reconciliation_plan: AuthorityReconciliationPlanV1,
790 pub authority_report: AuthorityReportV1,
791 pub authority_receipt: AuthorityReceiptV1,
792}
793
794#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
798pub struct AuthorityAttemptedActionV1 {
799 pub subject: String,
800 pub canister_id: Option<String>,
801 pub role: Option<String>,
802 pub action: AuthorityActionV1,
803 pub result: RolePhaseResultV1,
804 pub error: Option<String>,
805}
806
807#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
811pub struct AuthorityControllerObservationV1 {
812 pub subject: String,
813 pub canister_id: Option<String>,
814 pub role: Option<String>,
815 pub state: AuthorityReconciliationStateV1,
816 pub action: AuthorityActionV1,
817 pub observed_controllers: Vec<String>,
818 pub desired_controllers: Vec<String>,
819 pub controller_delta: AuthorityControllerDeltaV1,
820}
821
822#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
826pub struct RoleArtifactManifestV1 {
827 pub schema_version: u32,
828 pub manifest_id: String,
829 pub network: String,
830 pub artifact_root: Option<String>,
831 pub role_artifacts: Vec<RoleArtifactV1>,
832 pub unresolved_artifacts: Vec<DeploymentObservationGapV1>,
833}
834
835#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
839pub struct DeploymentDiffV1 {
840 pub schema_version: u32,
841 pub plan_identity: DeploymentIdentityV1,
842 pub observed_identity: Option<DeploymentIdentityV1>,
843 pub artifact_diff: Vec<DiffItemV1>,
844 pub controller_diff: Vec<DiffItemV1>,
845 pub pool_diff: Vec<DiffItemV1>,
846 pub embedded_config_diff: Vec<DiffItemV1>,
847 pub module_hash_diff: Vec<DiffItemV1>,
848 pub verifier_readiness_diff: Vec<DiffItemV1>,
849 pub resume_safety: ResumeSafetyV1,
850 pub hard_failures: Vec<SafetyFindingV1>,
851 pub warnings: Vec<SafetyFindingV1>,
852 pub resumable_phases: Vec<String>,
853}
854
855#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
859pub struct SafetyReportV1 {
860 pub schema_version: u32,
861 pub report_id: String,
862 pub diff_id: Option<String>,
863 pub status: SafetyStatusV1,
864 pub summary: String,
865 pub hard_failures: Vec<SafetyFindingV1>,
866 pub warnings: Vec<SafetyFindingV1>,
867 pub next_actions: Vec<String>,
868}
869
870#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
874pub struct DeploymentCheckV1 {
875 pub schema_version: u32,
876 pub check_id: String,
877 pub plan: DeploymentPlanV1,
878 pub inventory: DeploymentInventoryV1,
879 pub diff: DeploymentDiffV1,
880 pub report: SafetyReportV1,
881}
882
883#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
887pub struct LifecycleAuthorityReportV1 {
888 pub schema_version: u32,
889 pub report_id: String,
890 pub report_digest: String,
891 pub check_id: String,
892 pub plan_id: String,
893 pub inventory_id: String,
894 pub authorities: Vec<LifecycleAuthorityV1>,
895 pub external_action_required_count: usize,
896 pub blocked_count: usize,
897}
898
899#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
903pub struct LifecycleAuthorityV1 {
904 pub subject: String,
905 pub canister_id: Option<String>,
906 pub role: Option<String>,
907 pub control_class: CanisterControlClassV1,
908 pub lifecycle_mode: LifecycleModeV1,
909 pub observed_controllers: Vec<String>,
910 pub expected_deployment_controllers: Vec<String>,
911 pub external_controllers: Vec<String>,
912 pub required_controllers: Vec<String>,
913 pub consent_requirements: Vec<ConsentRequirementV1>,
914 pub allowed_upgrade_modes: Vec<LifecycleUpgradeModeV1>,
915 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
916 pub external_action_required: bool,
917 pub blocked: bool,
918 pub blockers: Vec<String>,
919 pub warnings: Vec<String>,
920 pub reason: String,
921}
922
923#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
927pub enum LifecycleModeV1 {
928 DirectDeploymentAuthority,
929 ProposalRequired,
930 DelegatedInstallRequired,
931 ExternalCompletionOnly,
932 VerifyOnly,
933 MustNotTouch,
934 UnknownUnsafeBlocked,
935}
936
937#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
941pub enum LifecycleUpgradeModeV1 {
942 DirectByDeploymentAuthority,
943 ExternalProposal,
944 ExternalExecution,
945 VerifyExternalCompletion,
946 ObserveOnly,
947 Blocked,
948}
949
950#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
954pub enum LifecycleVerificationRequirementV1 {
955 LiveInventory,
956 ControllerObservation,
957 ModuleHash,
958 CanonicalEmbeddedConfig,
959 ProtectedCallReadiness,
960}
961
962#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
966pub struct ConsentRequirementV1 {
967 pub consent_subject_kind: ConsentSubjectKindV1,
968 pub required_principals: Vec<String>,
969 pub required_controller_set_digest: Option<String>,
970 pub consent_channel_kind: ConsentChannelKindV1,
971 pub required_action: ExternalUpgradeAuthorizationModeV1,
972}
973
974#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
978pub enum ConsentSubjectKindV1 {
979 UserPrincipal,
980 ProjectHub,
981 GovernanceCanister,
982 CustomerController,
983 DelegatedInstallCanister,
984 MultisigAuthority,
985 UnknownExternalController,
986}
987
988#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
992pub enum ConsentChannelKindV1 {
993 OutOfBand,
994 GeneratedCommand,
995 DelegatedInstall,
996 GovernanceProposal,
997 ApplicationSpecific,
998}
999
1000#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1004pub struct ExternalLifecyclePlanV1 {
1005 pub schema_version: u32,
1006 pub lifecycle_plan_id: String,
1007 pub lifecycle_plan_digest: String,
1008 pub lifecycle_authority_report_id: String,
1009 pub deployment_plan_id: String,
1010 pub deployment_plan_digest: String,
1011 pub inventory_id: String,
1012 pub lifecycle_authority_rows: Vec<LifecycleAuthorityV1>,
1013 pub directly_executable_role_upgrades: Vec<ExternalLifecycleRoleUpgradeV1>,
1014 pub proposed_external_role_upgrades: Vec<ExternalLifecycleRoleUpgradeV1>,
1015 pub blocked_role_upgrades: Vec<ExternalLifecycleRoleUpgradeV1>,
1016 pub dependency_blockers: Vec<String>,
1017 pub protected_call_implications: Vec<String>,
1018 pub residual_exposure: Vec<String>,
1019 pub status: ExternalLifecyclePlanStatusV1,
1020}
1021
1022#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1026pub struct ExternalLifecycleRoleUpgradeV1 {
1027 pub subject: String,
1028 pub canister_id: Option<String>,
1029 pub role: Option<String>,
1030 pub control_class: CanisterControlClassV1,
1031 pub lifecycle_mode: LifecycleModeV1,
1032 pub required_external_action: Option<String>,
1033 pub blockers: Vec<String>,
1034 pub warnings: Vec<String>,
1035}
1036
1037#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1041pub enum ExternalLifecyclePlanStatusV1 {
1042 Ready,
1043 PendingExternalAction,
1044 Blocked,
1045}
1046
1047#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1051pub struct ExternalUpgradeProposalReportV1 {
1052 pub schema_version: u32,
1053 pub report_id: String,
1054 pub report_digest: String,
1055 pub lifecycle_plan_id: String,
1056 pub lifecycle_plan_digest: String,
1057 pub deployment_plan_id: String,
1058 pub deployment_plan_digest: String,
1059 pub inventory_id: String,
1060 pub proposals: Vec<ExternalUpgradeProposalV1>,
1061 pub blocked_subjects: Vec<String>,
1062}
1063
1064#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1068pub struct ExternalLifecyclePendingReportV1 {
1069 pub schema_version: u32,
1070 pub report_id: String,
1071 pub report_digest: String,
1072 pub lifecycle_plan_id: String,
1073 pub lifecycle_plan_digest: String,
1074 pub proposal_report_id: String,
1075 pub proposal_report_digest: String,
1076 pub deployment_plan_id: String,
1077 pub deployment_plan_digest: String,
1078 pub inventory_id: String,
1079 pub direct_upgrade_count: usize,
1080 pub pending_external_count: usize,
1081 pub blocked_count: usize,
1082 pub pending_external_actions: Vec<ExternalLifecyclePendingActionV1>,
1083 pub blocked_subjects: Vec<String>,
1084 pub residual_exposure: Vec<String>,
1085 pub status: ExternalLifecyclePlanStatusV1,
1086}
1087
1088#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1092pub struct ExternalLifecycleCheckV1 {
1093 pub schema_version: u32,
1094 pub check_id: String,
1095 pub check_digest: String,
1096 pub lifecycle_plan_id: String,
1097 pub lifecycle_plan_digest: String,
1098 pub proposal_report_id: String,
1099 pub proposal_report_digest: String,
1100 pub pending_report_id: String,
1101 pub pending_report_digest: String,
1102 pub deployment_plan_id: String,
1103 pub deployment_plan_digest: String,
1104 pub inventory_id: String,
1105 pub status: ExternalLifecyclePlanStatusV1,
1106 pub direct_upgrade_count: usize,
1107 pub pending_external_count: usize,
1108 pub blocked_count: usize,
1109 pub residual_exposure_count: usize,
1110 pub summary: String,
1111 pub next_actions: Vec<String>,
1112}
1113
1114#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1118pub struct ExternalLifecycleHandoffV1 {
1119 pub schema_version: u32,
1120 pub handoff_id: String,
1121 pub handoff_digest: String,
1122 pub lifecycle_check_id: String,
1123 pub lifecycle_check_digest: String,
1124 pub pending_report_id: String,
1125 pub pending_report_digest: String,
1126 pub proposal_report_id: String,
1127 pub proposal_report_digest: String,
1128 pub deployment_plan_id: String,
1129 pub deployment_plan_digest: String,
1130 pub inventory_id: String,
1131 pub status: ExternalLifecyclePlanStatusV1,
1132 pub handoff_actions: Vec<ExternalLifecycleHandoffActionV1>,
1133 pub blocked_subjects: Vec<String>,
1134 pub residual_exposure: Vec<String>,
1135 pub operator_summary: String,
1136}
1137
1138#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1142pub struct ExternalLifecycleHandoffActionV1 {
1143 pub subject: String,
1144 pub proposal_id: String,
1145 pub proposal_digest: String,
1146 pub canister_id: Option<String>,
1147 pub role: Option<String>,
1148 pub control_class: CanisterControlClassV1,
1149 pub lifecycle_mode: LifecycleModeV1,
1150 pub required_external_action: String,
1151 pub consent_channel_kind: ConsentChannelKindV1,
1152 pub consent_subject_kind: ConsentSubjectKindV1,
1153 pub required_principals: Vec<String>,
1154 pub current_module_hash: Option<String>,
1155 pub target_installed_module_hash: Option<String>,
1156 pub target_canonical_embedded_config_sha256: Option<String>,
1157 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
1158 pub operator_instructions: Vec<String>,
1159}
1160
1161#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1165pub struct ExternalLifecyclePendingActionV1 {
1166 pub subject: String,
1167 pub proposal_id: String,
1168 pub proposal_digest: String,
1169 pub canister_id: Option<String>,
1170 pub role: Option<String>,
1171 pub control_class: CanisterControlClassV1,
1172 pub lifecycle_mode: LifecycleModeV1,
1173 pub required_external_action: String,
1174 pub consent_requirements: Vec<ConsentRequirementV1>,
1175 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
1176}
1177
1178#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1182pub struct CriticalExternalFixReportV1 {
1183 pub schema_version: u32,
1184 pub report_id: String,
1185 pub report_digest: String,
1186 pub fix_id: String,
1187 pub severity: String,
1188 pub lifecycle_plan_id: String,
1189 pub lifecycle_plan_digest: String,
1190 pub pending_report_id: String,
1191 pub pending_report_digest: String,
1192 pub deployment_plan_id: String,
1193 pub deployment_plan_digest: String,
1194 pub inventory_id: String,
1195 pub affected_roles: Vec<String>,
1196 pub affected_canisters: Vec<String>,
1197 pub directly_patchable_roles: Vec<String>,
1198 pub externally_blocked_roles: Vec<String>,
1199 pub dependency_blocked_roles: Vec<String>,
1200 pub required_external_actions: Vec<String>,
1201 pub protected_call_implications: Vec<String>,
1202 pub residual_exposure: Vec<String>,
1203 pub operator_next_steps: Vec<String>,
1204}
1205
1206#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1210pub struct ExternalUpgradeProposalV1 {
1211 pub proposal_id: String,
1212 pub proposal_digest: String,
1213 pub deployment_plan_id: String,
1214 pub deployment_plan_digest: String,
1215 pub lifecycle_plan_id: String,
1216 pub lifecycle_plan_digest: String,
1217 pub promotion_plan_id: Option<String>,
1218 pub promotion_plan_digest: Option<String>,
1219 pub promotion_provenance_id: Option<String>,
1220 pub promotion_provenance_digest: Option<String>,
1221 pub subject: String,
1222 pub canister_id: Option<String>,
1223 pub role: Option<String>,
1224 pub control_class: CanisterControlClassV1,
1225 pub lifecycle_mode: LifecycleModeV1,
1226 pub observed_before_digest: String,
1227 pub current_module_hash: Option<String>,
1228 pub current_canonical_embedded_config_sha256: Option<String>,
1229 pub target_wasm_sha256: Option<String>,
1230 pub target_wasm_gz_sha256: Option<String>,
1231 pub target_installed_module_hash: Option<String>,
1232 pub target_role_artifact_identity: Option<String>,
1233 pub target_canonical_embedded_config_sha256: Option<String>,
1234 pub root_trust_anchor: Option<String>,
1235 pub authority_profile_hash: Option<String>,
1236 pub required_external_action: String,
1237 pub consent_requirements: Vec<ConsentRequirementV1>,
1238 pub allowed_authorization_modes: Vec<ExternalUpgradeAuthorizationModeV1>,
1239 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
1240 pub expires_at: Option<String>,
1241 pub supersedes_proposal_id: Option<String>,
1242}
1243
1244#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1248pub enum ExternalUpgradeAuthorizationModeV1 {
1249 ConsentForDirectInstall,
1250 DelegatedInstallAuthority,
1251 ExternalControllerExecution,
1252 ObserveAndVerifyOnly,
1253}
1254
1255#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1259pub struct ExternalUpgradeReceiptV1 {
1260 pub schema_version: u32,
1261 pub receipt_id: String,
1262 pub proposal_id: String,
1263 pub proposal_digest: String,
1264 pub subject: String,
1265 pub canister_id: Option<String>,
1266 pub role: Option<String>,
1267 pub consent_state: ExternalUpgradeConsentStateV1,
1268 pub reported_by: Option<String>,
1269 pub observed_before_module_hash: Option<String>,
1270 pub observed_after_module_hash: Option<String>,
1271 pub observed_after_canonical_embedded_config_sha256: Option<String>,
1272 pub verification_result: ExternalUpgradeVerificationResultV1,
1273 pub verification_notes: Vec<String>,
1274 pub receipt_digest: String,
1275}
1276
1277#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1281pub struct ExternalUpgradeConsentEvidenceV1 {
1282 pub schema_version: u32,
1283 pub evidence_id: String,
1284 pub evidence_digest: String,
1285 pub proposal_id: String,
1286 pub proposal_digest: String,
1287 pub receipt_id: String,
1288 pub receipt_digest: String,
1289 pub subject: String,
1290 pub canister_id: Option<String>,
1291 pub role: Option<String>,
1292 pub consent_state: ExternalUpgradeConsentStateV1,
1293 pub reported_by: Option<String>,
1294 pub consent_requirements: Vec<ConsentRequirementV1>,
1295 pub allowed_authorization_modes: Vec<ExternalUpgradeAuthorizationModeV1>,
1296 pub status_summary: String,
1297}
1298
1299#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1303pub struct ExternalUpgradeConsentEvidenceRequest {
1304 pub evidence_id: String,
1305 pub proposal: ExternalUpgradeProposalV1,
1306 pub receipt: ExternalUpgradeReceiptV1,
1307}
1308
1309#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1313pub struct ExternalUpgradeVerificationReportV1 {
1314 pub schema_version: u32,
1315 pub report_id: String,
1316 pub report_digest: String,
1317 pub proposal_id: String,
1318 pub proposal_digest: String,
1319 pub receipt_id: String,
1320 pub receipt_digest: String,
1321 pub subject: String,
1322 pub canister_id: Option<String>,
1323 pub role: Option<String>,
1324 pub verification_result: ExternalUpgradeVerificationResultV1,
1325 pub verification_notes: Vec<String>,
1326 pub live_inventory_required: bool,
1327 pub status_summary: String,
1328}
1329
1330#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1334pub struct ExternalUpgradeVerificationReportRequest {
1335 pub report_id: String,
1336 pub proposal: ExternalUpgradeProposalV1,
1337 pub receipt: ExternalUpgradeReceiptV1,
1338}
1339
1340#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1344pub struct ExternalUpgradeVerificationPolicyV1 {
1345 pub schema_version: u32,
1346 pub policy_id: String,
1347 pub policy_digest: String,
1348 pub proposal_id: String,
1349 pub proposal_digest: String,
1350 pub subject: String,
1351 pub canister_id: Option<String>,
1352 pub role: Option<String>,
1353 pub required_verification: Vec<LifecycleVerificationRequirementV1>,
1354 pub verification_requirements: Vec<ExternalUpgradeVerificationPolicyRequirementV1>,
1355 pub max_observation_age_seconds: Option<u64>,
1356 pub status_summary: String,
1357}
1358
1359#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1363pub struct ExternalUpgradeVerificationPolicyRequirementV1 {
1364 pub requirement: LifecycleVerificationRequirementV1,
1365 pub status: ExternalUpgradeVerificationRequirementStatusV1,
1366 pub expected_value: Option<String>,
1367}
1368
1369#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1373pub enum ExternalUpgradeVerificationRequirementStatusV1 {
1374 Required,
1375 NotRequired,
1376}
1377
1378#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1382pub struct ExternalUpgradeVerificationPolicyRequest {
1383 pub policy_id: String,
1384 pub proposal: ExternalUpgradeProposalV1,
1385}
1386
1387#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1391pub enum ExternalUpgradeConsentStateV1 {
1392 Pending,
1393 Refused,
1394 Delegated,
1395 ExecutedExternally,
1396}
1397
1398#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1402pub enum ExternalUpgradeVerificationResultV1 {
1403 Pending,
1404 Refused,
1405 Verified,
1406 Mismatch,
1407}
1408
1409#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1413pub struct AuthorityReconciliationPlanV1 {
1414 pub schema_version: u32,
1415 pub plan_id: String,
1416 pub inventory_id: String,
1417 pub authority_profile_hash: Option<String>,
1418 pub canister_actions: Vec<CanisterAuthorityActionV1>,
1419 pub automatic_actions: Vec<AuthorityAutomaticActionV1>,
1420 pub hard_failures: Vec<SafetyFindingV1>,
1421 pub external_actions_required: Vec<AuthorityExternalActionV1>,
1422}
1423
1424#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1428pub struct AuthorityAutomaticActionV1 {
1429 pub subject: String,
1430 pub canister_id: String,
1431 pub role: Option<String>,
1432 pub action: AuthorityActionV1,
1433 pub observed_controllers: Vec<String>,
1434 pub desired_controllers: Vec<String>,
1435 pub controller_delta: AuthorityControllerDeltaV1,
1436 pub reason: String,
1437}
1438
1439#[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)]
1443pub struct AuthorityControllerDeltaV1 {
1444 pub add_controllers: Vec<String>,
1445 pub remove_controllers: Vec<String>,
1446}
1447
1448#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1452pub struct AuthorityReportV1 {
1453 pub schema_version: u32,
1454 pub report_id: String,
1455 pub check_id: Option<String>,
1456 pub reconciliation_plan_id: String,
1457 pub inventory_id: String,
1458 pub authority_profile_hash: Option<String>,
1459 pub status: SafetyStatusV1,
1460 pub summary: String,
1461 pub counts: AuthorityReportCountsV1,
1462 pub apply_readiness: AuthorityApplyReadinessV1,
1463 pub action_counts: Vec<AuthorityActionCountV1>,
1464 pub control_class_counts: Vec<AuthorityControlClassCountV1>,
1465 pub observation_gaps: Vec<DeploymentObservationGapV1>,
1466 pub automatic_actions: Vec<AuthorityAutomaticActionV1>,
1467 pub hard_failures: Vec<SafetyFindingV1>,
1468 pub external_actions_required: Vec<AuthorityExternalActionV1>,
1469 pub next_actions: Vec<String>,
1470}
1471
1472#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1476pub struct AuthorityApplyReadinessV1 {
1477 pub can_apply_automatically: bool,
1478 pub automatic_action_count: usize,
1479 pub blockers: Vec<AuthorityApplyBlockerV1>,
1480}
1481
1482#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1486pub enum AuthorityApplyBlockerV1 {
1487 UnsafeBlocked,
1488 HardFailures,
1489 ObservationGaps,
1490 ExternalActions,
1491}
1492
1493#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1497pub struct AuthorityActionCountV1 {
1498 pub action: AuthorityActionV1,
1499 pub count: usize,
1500}
1501
1502#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1506pub struct AuthorityControlClassCountV1 {
1507 pub control_class: CanisterControlClassV1,
1508 pub count: usize,
1509}
1510
1511#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1515pub struct AuthorityReportCountsV1 {
1516 pub already_correct: usize,
1517 pub can_apply_automatically: usize,
1518 pub requires_external_action: usize,
1519 pub unsafe_blocked: usize,
1520 pub unknown: usize,
1521 pub hard_failures: usize,
1522}
1523
1524#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1528pub struct CanisterAuthorityActionV1 {
1529 pub canister_id: Option<String>,
1530 pub role: Option<String>,
1531 pub control_classification: CanisterControlClassV1,
1532 pub observed_controllers: Vec<String>,
1533 pub desired_controllers: Vec<String>,
1534 pub controller_delta: AuthorityControllerDeltaV1,
1535 pub action: AuthorityActionV1,
1536 pub state: AuthorityReconciliationStateV1,
1537 pub can_apply: bool,
1538 pub reason: String,
1539}
1540
1541#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1545pub struct AuthorityExternalActionV1 {
1546 pub subject: String,
1547 pub canister_id: Option<String>,
1548 pub role: Option<String>,
1549 pub control_classification: CanisterControlClassV1,
1550 pub state: AuthorityReconciliationStateV1,
1551 pub action: AuthorityActionV1,
1552 pub observed_controllers: Vec<String>,
1553 pub desired_controllers: Vec<String>,
1554 pub controller_delta: AuthorityControllerDeltaV1,
1555 pub reason: String,
1556}
1557
1558#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1562pub enum AuthorityActionV1 {
1563 None,
1564 AddControllers,
1565 RemoveControllers,
1566 ReplaceControllerSet,
1567 RequiresExternalController,
1568 RequiresDestructiveImportConfirmation,
1569 ObserveOnly,
1570 AdoptPlanAvailable,
1571 BlockedByPolicy,
1572 UnknownObservation,
1573}
1574
1575#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1579pub enum AuthorityReconciliationStateV1 {
1580 AlreadyCorrect,
1581 CanApplyAutomatically,
1582 RequiresExternalAction,
1583 UnsafeBlocked,
1584 Unknown,
1585}
1586
1587#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1591pub struct DeploymentIdentityV1 {
1592 pub deployment_name: String,
1593 pub network: String,
1594 pub root_principal: Option<String>,
1595 pub authority_profile_hash: Option<String>,
1596 pub role_topology_hash: Option<String>,
1597 pub deployment_manifest_digest: Option<String>,
1598 pub canonical_runtime_config_digest: Option<String>,
1599 pub role_embedded_config_set_digest: Option<String>,
1600 pub artifact_set_digest: Option<String>,
1601 pub pool_identity_set_digest: Option<String>,
1602 pub canic_version: Option<String>,
1603 pub ic_memory_version: Option<String>,
1604}
1605
1606#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1610pub struct TrustDomainV1 {
1611 pub root_trust_anchor: Option<String>,
1612 pub migration_from: Option<String>,
1613}
1614
1615#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1619pub struct AuthorityProfileV1 {
1620 pub profile_id: String,
1621 pub expected_controllers: Vec<String>,
1622 pub staging_controllers: Vec<String>,
1623 pub emergency_controllers: Vec<String>,
1624}
1625
1626#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1630pub struct RoleArtifactV1 {
1631 pub role: String,
1632 pub source: ArtifactSourceV1,
1633 pub build_profile: String,
1634 pub wasm_path: Option<String>,
1635 pub wasm_gz_path: Option<String>,
1636 pub wasm_gz_size_bytes: Option<u64>,
1637 pub wasm_sha256: Option<String>,
1638 pub wasm_gz_sha256: Option<String>,
1639 pub wasm_gz_sha256_source: Option<ArtifactDigestSourceV1>,
1640 pub observed_wasm_gz_file_sha256: Option<String>,
1641 pub observed_wasm_gz_file_sha256_source: Option<ArtifactDigestSourceV1>,
1642 pub installed_module_hash: Option<String>,
1643 pub candid_path: Option<String>,
1644 pub candid_sha256: Option<String>,
1645 pub raw_config_sha256: Option<String>,
1646 pub canonical_embedded_config_sha256: Option<String>,
1647 pub embedded_topology_sha256: Option<String>,
1648 pub builder_version: Option<String>,
1649 pub rust_toolchain: Option<String>,
1650 pub package_version: Option<String>,
1651}
1652
1653#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1657pub enum ArtifactDigestSourceV1 {
1658 ReleaseSetManifest,
1659 ObservedFileDigest,
1660 InstalledModuleHash,
1661}
1662
1663#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1667pub enum ArtifactSourceV1 {
1668 LocalBuild,
1669 ReleaseSet,
1670 WasmStore,
1671 External,
1672 Unknown,
1673}
1674
1675#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1679pub struct ExpectedCanisterV1 {
1680 pub role: String,
1681 pub canister_id: Option<String>,
1682 pub control_class: CanisterControlClassV1,
1683}
1684
1685#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1689pub struct ObservedCanisterV1 {
1690 pub canister_id: String,
1691 pub role: Option<String>,
1692 pub control_class: CanisterControlClassV1,
1693 pub controllers: Vec<String>,
1694 pub module_hash: Option<String>,
1695 pub status: Option<String>,
1696 pub root_trust_anchor: Option<String>,
1697 pub canonical_embedded_config_digest: Option<String>,
1698 pub role_assignment_source: Option<String>,
1699}
1700
1701#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1705pub enum CanisterControlClassV1 {
1706 DeploymentControlled,
1707 CanicManagedPool,
1708 ExternallyImported,
1709 JointlyControlled,
1710 UserControlled,
1711 UnknownUnsafe,
1712}
1713
1714#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1718pub struct ExpectedPoolCanisterV1 {
1719 pub pool: String,
1720 pub canister_id: Option<String>,
1721 pub role: Option<String>,
1722}
1723
1724#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1728pub struct ObservedPoolCanisterV1 {
1729 pub pool: String,
1730 pub canister_id: String,
1731 pub role: Option<String>,
1732 pub control_class: CanisterControlClassV1,
1733}
1734
1735#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1739pub struct LocalDeploymentConfigV1 {
1740 pub config_path: Option<String>,
1741 pub raw_config_sha256: Option<String>,
1742 pub canonical_embedded_config_sha256: Option<String>,
1743}
1744
1745#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1749pub struct ObservedArtifactV1 {
1750 pub role: String,
1751 pub artifact_path: String,
1752 pub file_sha256: Option<String>,
1753 pub file_sha256_source: Option<ArtifactDigestSourceV1>,
1754 pub payload_sha256: Option<String>,
1755 pub payload_size_bytes: Option<u64>,
1756 pub source: ArtifactSourceV1,
1757}
1758
1759#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1763pub struct VerifierReadinessExpectationV1 {
1764 pub required: bool,
1765 pub expected_role_epochs: Vec<RoleEpochExpectationV1>,
1766}
1767
1768#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1772pub struct VerifierReadinessObservationV1 {
1773 pub status: ObservationStatusV1,
1774 pub role_epochs: Vec<RoleEpochObservationV1>,
1775}
1776
1777#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1781pub struct RoleEpochExpectationV1 {
1782 pub role: String,
1783 pub minimum_epoch: u64,
1784}
1785
1786#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1790pub struct RoleEpochObservationV1 {
1791 pub role: String,
1792 pub observed_epoch: Option<u64>,
1793 pub status: ObservationStatusV1,
1794}
1795
1796#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1800pub struct DeploymentAssumptionV1 {
1801 pub key: String,
1802 pub description: String,
1803}
1804
1805#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1809pub struct DeploymentObservationGapV1 {
1810 pub key: String,
1811 pub description: String,
1812}
1813
1814#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1818pub struct PhaseReceiptV1 {
1819 pub phase: String,
1820 pub started_at: String,
1821 pub finished_at: Option<String>,
1822 pub attempted_action: String,
1823 pub verified_postcondition: VerifiedPostconditionV1,
1824}
1825
1826#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1830pub struct VerifiedPostconditionV1 {
1831 pub status: ObservationStatusV1,
1832 pub evidence: Vec<String>,
1833}
1834
1835#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1839pub enum DeploymentExecutionStatusV1 {
1840 NotStarted,
1841 InProgress,
1842 FailedBeforeMutation,
1843 PartiallyApplied,
1844 FailedAfterMutation,
1845 Complete,
1846}
1847
1848#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1852pub enum DeploymentCommandResultV1 {
1853 NotFinished,
1854 Succeeded,
1855 Failed { code: String, message: String },
1856}
1857
1858#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1862pub struct RolePhaseReceiptV1 {
1863 pub role: String,
1864 pub phase: String,
1865 pub result: RolePhaseResultV1,
1866 pub previous_module_hash: Option<String>,
1867 pub target_module_hash: Option<String>,
1868 pub observed_module_hash_after: Option<String>,
1869 pub artifact_digest: Option<String>,
1870 pub canonical_embedded_config_sha256: Option<String>,
1871 pub error: Option<String>,
1872}
1873
1874#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1878pub enum RolePhaseResultV1 {
1879 Applied,
1880 Failed,
1881 Skipped,
1882 NotAttempted,
1883 VerifiedAlreadyApplied,
1884}
1885
1886#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1890pub struct DiffItemV1 {
1891 pub category: String,
1892 pub subject: String,
1893 pub expected: Option<String>,
1894 pub observed: Option<String>,
1895 pub severity: SafetySeverityV1,
1896}
1897
1898#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1902pub struct ResumeSafetyV1 {
1903 pub status: SafetyStatusV1,
1904 pub reasons: Vec<String>,
1905}
1906
1907#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1911pub struct SafetyFindingV1 {
1912 pub code: String,
1913 pub message: String,
1914 pub severity: SafetySeverityV1,
1915 pub subject: Option<String>,
1916}
1917
1918#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1922pub enum SafetyStatusV1 {
1923 NotEvaluated,
1924 Safe,
1925 Warning,
1926 Blocked,
1927}
1928
1929#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1933pub enum SafetySeverityV1 {
1934 Info,
1935 Warning,
1936 HardFailure,
1937}
1938
1939#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1943pub enum ObservationStatusV1 {
1944 NotObserved,
1945 Observed,
1946 Missing,
1947 Inconclusive,
1948}