1use serde::{Deserialize, Serialize};
2
3#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
7pub struct DeploymentPlanV1 {
8 pub schema_version: u32,
9 pub plan_id: String,
10 pub deployment_identity: DeploymentIdentityV1,
11 pub trust_domain: TrustDomainV1,
12 pub fleet_template: String,
13 pub runtime_variant: String,
14 pub authority_profile: AuthorityProfileV1,
15 pub role_artifacts: Vec<RoleArtifactV1>,
16 pub expected_canisters: Vec<ExpectedCanisterV1>,
17 pub expected_pool: Vec<ExpectedPoolCanisterV1>,
18 pub expected_verifier_readiness: VerifierReadinessExpectationV1,
19 pub unresolved_assumptions: Vec<DeploymentAssumptionV1>,
20}
21
22#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
26pub struct DeploymentInventoryV1 {
27 pub schema_version: u32,
28 pub inventory_id: String,
29 pub observed_at: String,
30 pub observed_identity: Option<DeploymentIdentityV1>,
31 pub local_config: LocalDeploymentConfigV1,
32 pub observed_canisters: Vec<ObservedCanisterV1>,
33 pub observed_pool: Vec<ObservedPoolCanisterV1>,
34 pub observed_artifacts: Vec<ObservedArtifactV1>,
35 pub observed_verifier_readiness: VerifierReadinessObservationV1,
36 pub unresolved_observations: Vec<DeploymentObservationGapV1>,
37}
38
39#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
43pub struct DeploymentReceiptV1 {
44 pub schema_version: u32,
45 pub operation_id: String,
46 pub plan_id: String,
47 pub execution_context: Option<DeploymentExecutionContextV1>,
48 pub operation_status: DeploymentExecutionStatusV1,
49 pub started_at: String,
50 pub finished_at: Option<String>,
51 pub operator_principal: Option<String>,
52 pub root_principal: Option<String>,
53 pub previous_observed_deployment_epoch: Option<u64>,
54 pub phase_receipts: Vec<PhaseReceiptV1>,
55 pub role_phase_receipts: Vec<RolePhaseReceiptV1>,
56 pub final_inventory_id: Option<String>,
57 pub command_result: DeploymentCommandResultV1,
58}
59
60#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
64pub struct DeploymentExecutionContextV1 {
65 pub workspace_root: Option<String>,
66 pub icp_root: Option<String>,
67 pub artifact_roots: Vec<String>,
68 pub backend: DeploymentExecutorBackendV1,
69 pub backend_capabilities: Vec<DeploymentExecutorCapabilityV1>,
70}
71
72#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
76pub struct DeploymentExecutionPreflightV1 {
77 pub schema_version: u32,
78 pub plan_id: String,
79 pub safety_report_id: String,
80 pub authority_plan_id: String,
81 pub backend: DeploymentExecutorBackendV1,
82 pub status: DeploymentExecutionPreflightStatusV1,
83 pub planned_phases: Vec<String>,
84 pub required_capabilities: Vec<DeploymentExecutorCapabilityV1>,
85 pub missing_capabilities: Vec<DeploymentExecutorCapabilityV1>,
86 pub blockers: Vec<SafetyFindingV1>,
87}
88
89#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
93pub enum DeploymentExecutionPreflightStatusV1 {
94 Ready,
95 Blocked,
96}
97
98#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
102pub enum DeploymentExecutorBackendV1 {
103 CurrentCli,
104 PocketIc,
105 DirectAgent,
106 Other { name: String },
107}
108
109#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
113pub enum DeploymentExecutorCapabilityV1 {
114 CreateCanister,
115 CanisterStatus,
116 UpdateSettings,
117 InstallCode,
118 Call,
119 Query,
120 StageArtifact,
121}
122
123#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
127pub enum ArtifactTransportV1 {
128 LocalCli,
129 WasmStore,
130 DirectAgent,
131}
132
133#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
137pub struct StagingReceiptV1 {
138 pub schema_version: u32,
139 pub role: String,
140 pub artifact_identity: String,
141 pub transport: ArtifactTransportV1,
142 pub wasm_store_locator: Option<String>,
143 pub prepared_chunk_hashes: Vec<String>,
144 pub published_chunk_count: usize,
145 pub verified_postcondition: VerifiedPostconditionV1,
146}
147
148#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
152pub struct RoleArtifactSourceV1 {
153 pub role: String,
154 pub kind: RoleArtifactSourceKindV1,
155 pub locator: Option<String>,
156 pub previous_receipt_kind: Option<PreviousArtifactReceiptKindV1>,
157 pub previous_receipt_lineage_digest: Option<String>,
158 pub expected_wasm_sha256: Option<String>,
159 pub expected_wasm_gz_sha256: Option<String>,
160 pub expected_candid_sha256: Option<String>,
161 pub expected_canonical_embedded_config_sha256: Option<String>,
162}
163
164#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
168pub struct RolePromotionInputV1 {
169 pub role: String,
170 pub promotion_level: PromotionArtifactLevelV1,
171 pub source: RoleArtifactSourceV1,
172 pub require_byte_identical_wasm: bool,
173 pub require_target_embedded_config: bool,
174 pub target_store_has_artifact: Option<bool>,
175}
176
177#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
181pub struct RolePromotionPolicyV1 {
182 pub role: String,
183 pub allowed_promotion_levels: Vec<PromotionArtifactLevelV1>,
184 pub requirements: Vec<PromotionPolicyRequirementV1>,
185}
186
187#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
191pub enum PromotionPolicyRequirementV1 {
192 SameSourceRevision,
193 SameCargoFeatures,
194 TargetConfigDigest,
195 ByteIdenticalWasm,
196 SealedBytes,
197}
198
199#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
203pub enum PromotionPolicyClaimV1 {
204 ByteIdenticalWasm,
205 TargetConfigDigest,
206}
207
208#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
212pub struct PromotionPolicyCheckV1 {
213 pub schema_version: u32,
214 pub check_id: String,
215 pub promotion_policy_check_digest: String,
216 pub status: PromotionReadinessStatusV1,
217 pub roles: Vec<RolePromotionPolicyDecisionV1>,
218 pub blockers: Vec<SafetyFindingV1>,
219}
220
221#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
225pub struct RolePromotionPolicyDecisionV1 {
226 pub role: String,
227 pub requested_promotion_level: PromotionArtifactLevelV1,
228 pub allowed_promotion_levels: Vec<PromotionArtifactLevelV1>,
229 pub requirements: Vec<PromotionPolicyRequirementV1>,
230 pub claims: Vec<PromotionPolicyClaimV1>,
231 pub level_allowed: bool,
232 pub policy_satisfied: bool,
233}
234
235#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
239pub enum PromotionArtifactLevelV1 {
240 SealedWasm,
241 SourceBuild,
242}
243
244#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
248pub struct BuildRecipeIdentityV1 {
249 pub recipe_id: String,
250 pub source_kind: RoleArtifactSourceKindV1,
251 pub source_revision: String,
252 pub source_tree_clean: bool,
253 pub package_or_role_selector: String,
254 pub cargo_profile: String,
255 pub cargo_features_digest: String,
256 pub cargo_lock_digest: String,
257 pub rust_toolchain: String,
258 pub builder_version: String,
259 pub target_triple: String,
260 pub linker_identity: String,
261 pub deterministic_build_mode: String,
262 pub wasm_opt_version: String,
263 pub compression_identity: String,
264}
265
266#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
270pub struct BuildMaterializationInputV1 {
271 pub materialization_input_id: String,
272 pub build_recipe_id: String,
273 pub canonical_embedded_config_sha256: String,
274 pub network: String,
275 pub root_trust_anchor: String,
276 pub runtime_variant: String,
277}
278
279#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
283pub struct BuildMaterializationResultV1 {
284 pub materialization_result_id: String,
285 pub build_recipe_id: String,
286 pub materialization_input_digest: String,
287 pub wasm_sha256: String,
288 pub wasm_gz_sha256: String,
289 pub installed_module_hash: String,
290 pub candid_sha256: String,
291}
292
293#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
297pub struct BuildMaterializationEvidenceV1 {
298 pub schema_version: u32,
299 pub evidence_id: String,
300 pub materialization_evidence_digest: String,
301 pub recipe: BuildRecipeIdentityV1,
302 pub materialization_input: BuildMaterializationInputV1,
303 pub materialization_result: BuildMaterializationResultV1,
304 pub computed_materialization_input_digest: String,
305 pub recipe_id_matches_input: bool,
306 pub recipe_id_matches_result: bool,
307 pub materialization_input_digest_matches_result: bool,
308}
309
310#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
314pub struct PromotionMaterializationIdentityReportV1 {
315 pub schema_version: u32,
316 pub report_id: String,
317 pub materialization_identity_report_digest: String,
318 pub status: PromotionReadinessStatusV1,
319 pub roles: Vec<RolePromotionMaterializationIdentityV1>,
320 pub output_groups: Vec<PromotionMaterializationOutputGroupV1>,
321 pub blockers: Vec<SafetyFindingV1>,
322}
323
324#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
328pub struct RolePromotionMaterializationIdentityV1 {
329 pub role: String,
330 pub evidence_id: String,
331 pub materialization_evidence_digest: String,
332 pub recipe_id: String,
333 pub materialization_input_id: String,
334 pub materialization_result_id: String,
335 pub materialization_input_digest: String,
336 pub canonical_embedded_config_sha256: String,
337 pub network: String,
338 pub root_trust_anchor: String,
339 pub runtime_variant: String,
340 pub wasm_sha256: String,
341 pub wasm_gz_sha256: String,
342 pub installed_module_hash: String,
343 pub candid_sha256: String,
344}
345
346#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
350pub struct PromotionMaterializationOutputGroupV1 {
351 pub output_identity_key: String,
352 pub roles: Vec<String>,
353 pub wasm_sha256: String,
354 pub wasm_gz_sha256: String,
355 pub installed_module_hash: String,
356 pub candid_sha256: String,
357}
358
359#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
363pub struct PromotionArtifactIdentityReportV1 {
364 pub schema_version: u32,
365 pub report_id: String,
366 pub artifact_identity_report_digest: String,
367 pub status: PromotionReadinessStatusV1,
368 pub summary: PromotionArtifactIdentitySummaryV1,
369 pub roles: Vec<RolePromotionArtifactIdentityV1>,
370 pub identity_groups: Vec<PromotionArtifactIdentityGroupV1>,
371 pub blockers: Vec<SafetyFindingV1>,
372}
373
374#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
378pub struct PromotionArtifactIdentitySummaryV1 {
379 pub role_count: usize,
380 pub identity_group_count: usize,
381 pub shared_identity_group_count: usize,
382 pub digest_pinned_role_count: usize,
383 pub source_build_role_count: usize,
384 pub deferred_identity_role_count: usize,
385}
386
387#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
391pub struct PromotionWasmStoreIdentityReportV1 {
392 pub schema_version: u32,
393 pub report_id: String,
394 pub wasm_store_identity_report_digest: String,
395 pub status: PromotionReadinessStatusV1,
396 pub roles: Vec<RolePromotionWasmStoreIdentityV1>,
397 pub blockers: Vec<SafetyFindingV1>,
398}
399
400#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
404pub struct RolePromotionWasmStoreIdentityV1 {
405 pub role: String,
406 pub artifact_identity: String,
407 pub transport: ArtifactTransportV1,
408 pub wasm_store_locator: Option<String>,
409 pub prepared_chunk_hashes: Vec<String>,
410 pub published_chunk_count: usize,
411 pub verified_postcondition: VerifiedPostconditionV1,
412}
413
414#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
418pub struct PromotionWasmStoreCatalogEntryV1 {
419 pub locator: String,
420 pub artifact_identity: String,
421 pub published_chunk_count: usize,
422}
423
424#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
428pub struct PromotionWasmStoreCatalogVerificationV1 {
429 pub schema_version: u32,
430 pub verification_id: String,
431 pub wasm_store_catalog_verification_digest: String,
432 pub wasm_store_identity_report_id: String,
433 pub status: PromotionReadinessStatusV1,
434 pub roles: Vec<RolePromotionWasmStoreCatalogVerificationV1>,
435 pub blockers: Vec<SafetyFindingV1>,
436}
437
438#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
442pub struct RolePromotionWasmStoreCatalogVerificationV1 {
443 pub role: String,
444 pub wasm_store_locator: String,
445 pub expected_artifact_identity: String,
446 pub observed_artifact_identity: Option<String>,
447 pub expected_published_chunk_count: usize,
448 pub observed_published_chunk_count: Option<usize>,
449 pub catalog_entry_present: bool,
450 pub catalog_matches: bool,
451 pub catalog_observation_digest: String,
452}
453
454#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
458pub struct PromotionArtifactIdentityGroupV1 {
459 pub identity_key: String,
460 pub identity_kind: PromotionArtifactIdentityKindV1,
461 pub roles: Vec<String>,
462 pub source_kinds: Vec<RoleArtifactSourceKindV1>,
463 pub source_locators: Vec<String>,
464 pub digest_pinned: bool,
465 pub wasm_sha256: Option<String>,
466 pub wasm_gz_sha256: Option<String>,
467 pub candid_sha256: Option<String>,
468 pub canonical_embedded_config_sha256: Option<String>,
469}
470
471#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
475pub struct RolePromotionArtifactIdentityV1 {
476 pub role: String,
477 pub promotion_level: PromotionArtifactLevelV1,
478 pub source_kind: RoleArtifactSourceKindV1,
479 pub source_locator: Option<String>,
480 pub identity_kind: PromotionArtifactIdentityKindV1,
481 pub digest_pinned: bool,
482 pub wasm_sha256: Option<String>,
483 pub wasm_gz_sha256: Option<String>,
484 pub candid_sha256: Option<String>,
485 pub canonical_embedded_config_sha256: Option<String>,
486}
487
488#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
492pub enum PromotionArtifactIdentityKindV1 {
493 SealedWasm,
494 SealedCompressedWasm,
495 SealedWasmAndCompressedWasm,
496 SourceBuild,
497 Deferred,
498}
499
500#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
504pub struct PromotionReadinessV1 {
505 pub schema_version: u32,
506 pub readiness_id: String,
507 pub promotion_readiness_digest: String,
508 pub target_plan_id: String,
509 pub status: PromotionReadinessStatusV1,
510 pub roles: Vec<RolePromotionReadinessV1>,
511 pub blockers: Vec<SafetyFindingV1>,
512 pub warnings: Vec<SafetyFindingV1>,
513}
514
515#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
519pub struct PromotionPlanTransformV1 {
520 pub schema_version: u32,
521 pub transform_id: String,
522 pub target_plan_id: String,
523 pub promoted_plan_id: String,
524 pub promotion_plan_lineage_digest: String,
525 pub promoted_plan: DeploymentPlanV1,
526 pub roles: Vec<RolePromotionPlanTransformV1>,
527}
528
529#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
533pub struct ArtifactPromotionPlanV1 {
534 pub schema_version: u32,
535 pub plan_id: String,
536 pub artifact_promotion_plan_digest: String,
537 pub generated_at: String,
538 pub status: PromotionReadinessStatusV1,
539 pub target_plan_id: String,
540 pub promoted_plan_id: String,
541 pub promotion_plan_lineage_digest: String,
542 pub readiness: PromotionReadinessV1,
543 pub artifact_identity_report: PromotionArtifactIdentityReportV1,
544 pub transform: PromotionPlanTransformV1,
545 pub target_execution_lineage: Option<PromotionTargetExecutionLineageV1>,
546 pub blockers: Vec<SafetyFindingV1>,
547}
548
549#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
553pub struct ArtifactPromotionProvenanceReportV1 {
554 pub schema_version: u32,
555 pub report_id: String,
556 pub status: PromotionReadinessStatusV1,
557 pub artifact_promotion_plan_id: String,
558 pub artifact_promotion_plan_digest: String,
559 pub target_plan_id: String,
560 pub promoted_plan_id: String,
561 pub promotion_plan_lineage_digest: String,
562 pub provenance_report_digest: String,
563 pub readiness_id: String,
564 pub artifact_identity_report_id: String,
565 pub transform_id: String,
566 pub target_execution_lineage_id: Option<String>,
567 pub wasm_store_identity_report_id: Option<String>,
568 pub wasm_store_identity_report_digest: Option<String>,
569 pub wasm_store_catalog_verification_id: Option<String>,
570 pub wasm_store_catalog_verification_digest: Option<String>,
571 pub materialization_identity_report_id: Option<String>,
572 pub materialization_identity_report_digest: Option<String>,
573 pub execution_attempted: bool,
574 pub roles: Vec<RolePromotionProvenanceV1>,
575 pub blockers: Vec<SafetyFindingV1>,
576}
577
578#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
582pub struct ArtifactPromotionExecutionReceiptV1 {
583 pub schema_version: u32,
584 pub receipt_id: String,
585 pub execution_receipt_digest: String,
586 pub artifact_promotion_plan_id: String,
587 pub artifact_promotion_plan_digest: String,
588 pub provenance_report_id: String,
589 pub provenance_report_digest: String,
590 pub provenance_status: PromotionReadinessStatusV1,
591 pub promoted_plan_id: String,
592 pub promotion_plan_lineage_digest: String,
593 pub operation_id: String,
594 pub operation_status: DeploymentExecutionStatusV1,
595 pub command_result: DeploymentCommandResultV1,
596 pub started_at: String,
597 pub finished_at: Option<String>,
598 pub deployment_receipt: DeploymentReceiptV1,
599 pub roles: Vec<RolePromotionExecutionReceiptV1>,
600}
601
602#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
606pub struct RolePromotionExecutionReceiptV1 {
607 pub role: String,
608 pub promotion_level: PromotionArtifactLevelV1,
609 pub materialization_evidence_id: Option<String>,
610 pub materialization_evidence_digest: Option<String>,
611 pub wasm_store_locator: Option<String>,
612 pub wasm_store_catalog_observation_digest: Option<String>,
613 pub role_phase_result: Option<RolePhaseResultV1>,
614 pub artifact_digest: Option<String>,
615 pub observed_module_hash_after: Option<String>,
616 pub canonical_embedded_config_sha256: Option<String>,
617}
618
619#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
623pub struct RolePromotionProvenanceV1 {
624 pub role: String,
625 pub promotion_level: PromotionArtifactLevelV1,
626 pub source_kind: RoleArtifactSourceKindV1,
627 pub artifact_identity_changed: bool,
628 pub embedded_config_changed: bool,
629 pub target_materialization_preserved: bool,
630 pub materialization_evidence_id: Option<String>,
631 pub materialization_evidence_digest: Option<String>,
632 pub wasm_store_locator: Option<String>,
633 pub wasm_store_catalog_observation_digest: Option<String>,
634}
635
636#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
640pub struct PromotionPlanTransformEvidenceV1 {
641 pub schema_version: u32,
642 pub evidence_id: String,
643 pub promotion_plan_transform_evidence_digest: String,
644 pub generated_at: String,
645 pub transform: PromotionPlanTransformV1,
646}
647
648#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
652pub struct PromotionTargetExecutionLineageV1 {
653 pub schema_version: u32,
654 pub lineage_id: String,
655 pub generated_at: String,
656 pub target_execution_lineage_digest: String,
657 pub transform: PromotionPlanTransformV1,
658 pub execution_preflight: DeploymentExecutionPreflightV1,
659 pub execution_attempted: bool,
660}
661
662#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
666pub struct RolePromotionPlanTransformV1 {
667 pub role: String,
668 pub promotion_level: PromotionArtifactLevelV1,
669 pub source_kind: RoleArtifactSourceKindV1,
670 pub source_locator: Option<String>,
671 pub artifact_source_before: ArtifactSourceV1,
672 pub artifact_source_after: ArtifactSourceV1,
673 pub wasm_sha256_before: Option<String>,
674 pub wasm_sha256_after: Option<String>,
675 pub wasm_gz_sha256_before: Option<String>,
676 pub wasm_gz_sha256_after: Option<String>,
677 pub candid_sha256_before: Option<String>,
678 pub candid_sha256_after: Option<String>,
679 pub canonical_embedded_config_sha256_before: Option<String>,
680 pub canonical_embedded_config_sha256_after: Option<String>,
681 pub artifact_identity_changed: bool,
682 pub embedded_config_changed: bool,
683 pub target_materialization_preserved: bool,
684 pub source_build_materialization: Option<RolePromotionMaterializationLinkV1>,
685}
686
687#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
691pub struct RolePromotionMaterializationLinkV1 {
692 pub role: String,
693 pub evidence_id: String,
694 pub materialization_evidence_digest: String,
695 pub recipe_id: String,
696 pub materialization_input_id: String,
697 pub materialization_result_id: String,
698 pub materialization_input_digest: String,
699 pub wasm_sha256: String,
700 pub wasm_gz_sha256: String,
701 pub installed_module_hash: String,
702 pub candid_sha256: String,
703}
704
705#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
709pub enum PromotionReadinessStatusV1 {
710 Ready,
711 Blocked,
712}
713
714#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
718pub struct RolePromotionReadinessV1 {
719 pub role: String,
720 pub promotion_level: PromotionArtifactLevelV1,
721 pub source_kind: RoleArtifactSourceKindV1,
722 pub source_locator: Option<String>,
723 pub source_wasm_sha256: Option<String>,
724 pub source_wasm_gz_sha256: Option<String>,
725 pub target_wasm_sha256: Option<String>,
726 pub target_wasm_gz_sha256: Option<String>,
727 pub source_canonical_embedded_config_sha256: Option<String>,
728 pub target_canonical_embedded_config_sha256: Option<String>,
729 pub byte_identical_wasm: Option<bool>,
730 pub embedded_config_identical: Option<bool>,
731 pub target_store_has_artifact: Option<bool>,
732 pub restage_required: bool,
733}
734
735#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
739pub enum RoleArtifactSourceKindV1 {
740 WorkspacePackage,
741 PublishedPackage,
742 LocalWasm,
743 LocalWasmGz,
744 PreviousReceiptArtifact,
745 CanonicalWasmStoreDefault,
746}
747
748#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
752pub enum PreviousArtifactReceiptKindV1 {
753 DeploymentReceipt,
754 StagingReceipt,
755}
756
757#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
761pub struct AuthorityReceiptV1 {
762 pub schema_version: u32,
763 pub operation_id: String,
764 pub check_id: Option<String>,
765 pub reconciliation_plan_id: String,
766 pub authority_report_id: String,
767 pub inventory_id: String,
768 pub authority_profile_hash: Option<String>,
769 pub operation_status: DeploymentExecutionStatusV1,
770 pub started_at: String,
771 pub finished_at: Option<String>,
772 pub attempted_actions: Vec<AuthorityAttemptedActionV1>,
773 pub verified_controller_observations: Vec<AuthorityControllerObservationV1>,
774 pub hard_failures: Vec<SafetyFindingV1>,
775 pub unresolved_observation_gaps: Vec<DeploymentObservationGapV1>,
776 pub unresolved_external_actions: Vec<AuthorityExternalActionV1>,
777 pub command_result: DeploymentCommandResultV1,
778}
779
780#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
784pub struct AuthorityDryRunEvidenceV1 {
785 pub schema_version: u32,
786 pub evidence_id: String,
787 pub check_id: String,
788 pub generated_at: String,
789 pub reconciliation_plan: AuthorityReconciliationPlanV1,
790 pub authority_report: AuthorityReportV1,
791 pub authority_receipt: AuthorityReceiptV1,
792}
793
794#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
798pub struct AuthorityAttemptedActionV1 {
799 pub subject: String,
800 pub canister_id: Option<String>,
801 pub role: Option<String>,
802 pub action: AuthorityActionV1,
803 pub result: RolePhaseResultV1,
804 pub error: Option<String>,
805}
806
807#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
811pub struct AuthorityControllerObservationV1 {
812 pub subject: String,
813 pub canister_id: Option<String>,
814 pub role: Option<String>,
815 pub state: AuthorityReconciliationStateV1,
816 pub action: AuthorityActionV1,
817 pub observed_controllers: Vec<String>,
818 pub desired_controllers: Vec<String>,
819 pub controller_delta: AuthorityControllerDeltaV1,
820}
821
822#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
826pub struct RoleArtifactManifestV1 {
827 pub schema_version: u32,
828 pub manifest_id: String,
829 pub network: String,
830 pub artifact_root: Option<String>,
831 pub role_artifacts: Vec<RoleArtifactV1>,
832 pub unresolved_artifacts: Vec<DeploymentObservationGapV1>,
833}
834
835#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
839pub struct DeploymentDiffV1 {
840 pub schema_version: u32,
841 pub plan_identity: DeploymentIdentityV1,
842 pub observed_identity: Option<DeploymentIdentityV1>,
843 pub artifact_diff: Vec<DiffItemV1>,
844 pub controller_diff: Vec<DiffItemV1>,
845 pub pool_diff: Vec<DiffItemV1>,
846 pub embedded_config_diff: Vec<DiffItemV1>,
847 pub module_hash_diff: Vec<DiffItemV1>,
848 pub verifier_readiness_diff: Vec<DiffItemV1>,
849 pub resume_safety: ResumeSafetyV1,
850 pub hard_failures: Vec<SafetyFindingV1>,
851 pub warnings: Vec<SafetyFindingV1>,
852 pub resumable_phases: Vec<String>,
853}
854
855#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
859pub struct SafetyReportV1 {
860 pub schema_version: u32,
861 pub report_id: String,
862 pub diff_id: Option<String>,
863 pub status: SafetyStatusV1,
864 pub summary: String,
865 pub hard_failures: Vec<SafetyFindingV1>,
866 pub warnings: Vec<SafetyFindingV1>,
867 pub next_actions: Vec<String>,
868}
869
870#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
874pub struct DeploymentCheckV1 {
875 pub schema_version: u32,
876 pub check_id: String,
877 pub plan: DeploymentPlanV1,
878 pub inventory: DeploymentInventoryV1,
879 pub diff: DeploymentDiffV1,
880 pub report: SafetyReportV1,
881}
882
883#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
887pub struct LifecycleAuthorityReportV1 {
888 pub schema_version: u32,
889 pub report_id: String,
890 pub report_digest: String,
891 pub check_id: String,
892 pub plan_id: String,
893 pub inventory_id: String,
894 pub authorities: Vec<LifecycleAuthorityV1>,
895 pub external_action_required_count: usize,
896 pub blocked_count: usize,
897}
898
899#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
903pub struct LifecycleAuthorityV1 {
904 pub subject: String,
905 pub canister_id: Option<String>,
906 pub role: Option<String>,
907 pub control_class: CanisterControlClassV1,
908 pub lifecycle_mode: LifecycleModeV1,
909 pub observed_controllers: Vec<String>,
910 pub expected_deployment_controllers: Vec<String>,
911 pub external_controllers: Vec<String>,
912 pub required_controllers: Vec<String>,
913 pub consent_requirements: Vec<ConsentRequirementV1>,
914 pub allowed_upgrade_modes: Vec<LifecycleUpgradeModeV1>,
915 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
916 pub external_action_required: bool,
917 pub blocked: bool,
918 pub blockers: Vec<String>,
919 pub warnings: Vec<String>,
920 pub reason: String,
921}
922
923#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
927pub enum LifecycleModeV1 {
928 DirectDeploymentAuthority,
929 ProposalRequired,
930 DelegatedInstallRequired,
931 ExternalCompletionOnly,
932 VerifyOnly,
933 MustNotTouch,
934 UnknownUnsafeBlocked,
935}
936
937#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
941pub enum LifecycleUpgradeModeV1 {
942 DirectByDeploymentAuthority,
943 ExternalProposal,
944 ExternalExecution,
945 VerifyExternalCompletion,
946 ObserveOnly,
947 Blocked,
948}
949
950#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
954pub enum LifecycleVerificationRequirementV1 {
955 LiveInventory,
956 ControllerObservation,
957 ModuleHash,
958 CanonicalEmbeddedConfig,
959 ProtectedCallReadiness,
960}
961
962#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
966pub struct ConsentRequirementV1 {
967 pub consent_subject_kind: ConsentSubjectKindV1,
968 pub required_principals: Vec<String>,
969 pub required_controller_set_digest: Option<String>,
970 pub consent_channel_kind: ConsentChannelKindV1,
971 pub required_action: ExternalUpgradeAuthorizationModeV1,
972}
973
974#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
978pub enum ConsentSubjectKindV1 {
979 UserPrincipal,
980 ProjectHub,
981 GovernanceCanister,
982 CustomerController,
983 DelegatedInstallCanister,
984 MultisigAuthority,
985 UnknownExternalController,
986}
987
988#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
992pub enum ConsentChannelKindV1 {
993 OutOfBand,
994 GeneratedCommand,
995 DelegatedInstall,
996 GovernanceProposal,
997 ApplicationSpecific,
998}
999
1000#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1004pub struct ExternalLifecyclePlanV1 {
1005 pub schema_version: u32,
1006 pub lifecycle_plan_id: String,
1007 pub lifecycle_plan_digest: String,
1008 pub lifecycle_authority_report_id: String,
1009 pub deployment_plan_id: String,
1010 pub deployment_plan_digest: String,
1011 pub inventory_id: String,
1012 pub lifecycle_authority_rows: Vec<LifecycleAuthorityV1>,
1013 pub directly_executable_role_upgrades: Vec<ExternalLifecycleRoleUpgradeV1>,
1014 pub proposed_external_role_upgrades: Vec<ExternalLifecycleRoleUpgradeV1>,
1015 pub blocked_role_upgrades: Vec<ExternalLifecycleRoleUpgradeV1>,
1016 pub dependency_blockers: Vec<String>,
1017 pub protected_call_implications: Vec<String>,
1018 pub residual_exposure: Vec<String>,
1019 pub status: ExternalLifecyclePlanStatusV1,
1020}
1021
1022#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1026pub struct ExternalLifecycleRoleUpgradeV1 {
1027 pub subject: String,
1028 pub canister_id: Option<String>,
1029 pub role: Option<String>,
1030 pub control_class: CanisterControlClassV1,
1031 pub lifecycle_mode: LifecycleModeV1,
1032 pub required_external_action: Option<String>,
1033 pub blockers: Vec<String>,
1034 pub warnings: Vec<String>,
1035}
1036
1037#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1041pub enum ExternalLifecyclePlanStatusV1 {
1042 Ready,
1043 PendingExternalAction,
1044 Blocked,
1045}
1046
1047#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1051pub struct ExternalUpgradeProposalReportV1 {
1052 pub schema_version: u32,
1053 pub report_id: String,
1054 pub report_digest: String,
1055 pub lifecycle_plan_id: String,
1056 pub lifecycle_plan_digest: String,
1057 pub deployment_plan_id: String,
1058 pub deployment_plan_digest: String,
1059 pub inventory_id: String,
1060 pub proposals: Vec<ExternalUpgradeProposalV1>,
1061 pub blocked_subjects: Vec<String>,
1062}
1063
1064#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1068pub struct ExternalLifecyclePendingReportV1 {
1069 pub schema_version: u32,
1070 pub report_id: String,
1071 pub report_digest: String,
1072 pub lifecycle_plan_id: String,
1073 pub lifecycle_plan_digest: String,
1074 pub proposal_report_id: String,
1075 pub proposal_report_digest: String,
1076 pub deployment_plan_id: String,
1077 pub deployment_plan_digest: String,
1078 pub inventory_id: String,
1079 pub direct_upgrade_count: usize,
1080 pub pending_external_count: usize,
1081 pub blocked_count: usize,
1082 pub pending_external_actions: Vec<ExternalLifecyclePendingActionV1>,
1083 pub blocked_subjects: Vec<String>,
1084 pub residual_exposure: Vec<String>,
1085 pub status: ExternalLifecyclePlanStatusV1,
1086}
1087
1088#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1092pub struct ExternalLifecycleCheckV1 {
1093 pub schema_version: u32,
1094 pub check_id: String,
1095 pub check_digest: String,
1096 pub lifecycle_plan_id: String,
1097 pub lifecycle_plan_digest: String,
1098 pub proposal_report_id: String,
1099 pub proposal_report_digest: String,
1100 pub pending_report_id: String,
1101 pub pending_report_digest: String,
1102 pub deployment_plan_id: String,
1103 pub deployment_plan_digest: String,
1104 pub inventory_id: String,
1105 pub status: ExternalLifecyclePlanStatusV1,
1106 pub direct_upgrade_count: usize,
1107 pub pending_external_count: usize,
1108 pub blocked_count: usize,
1109 pub residual_exposure_count: usize,
1110 pub summary: String,
1111 pub next_actions: Vec<String>,
1112}
1113
1114#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1118pub struct ExternalLifecycleHandoffV1 {
1119 pub schema_version: u32,
1120 pub handoff_id: String,
1121 pub handoff_digest: String,
1122 pub lifecycle_check_id: String,
1123 pub lifecycle_check_digest: String,
1124 pub pending_report_id: String,
1125 pub pending_report_digest: String,
1126 pub proposal_report_id: String,
1127 pub proposal_report_digest: String,
1128 pub deployment_plan_id: String,
1129 pub deployment_plan_digest: String,
1130 pub inventory_id: String,
1131 pub status: ExternalLifecyclePlanStatusV1,
1132 pub handoff_actions: Vec<ExternalLifecycleHandoffActionV1>,
1133 pub blocked_subjects: Vec<String>,
1134 pub residual_exposure: Vec<String>,
1135 pub operator_summary: String,
1136}
1137
1138#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1142pub struct ExternalLifecycleHandoffActionV1 {
1143 pub subject: String,
1144 pub proposal_id: String,
1145 pub proposal_digest: String,
1146 pub canister_id: Option<String>,
1147 pub role: Option<String>,
1148 pub control_class: CanisterControlClassV1,
1149 pub lifecycle_mode: LifecycleModeV1,
1150 pub required_external_action: String,
1151 pub consent_channel_kind: ConsentChannelKindV1,
1152 pub consent_subject_kind: ConsentSubjectKindV1,
1153 pub required_principals: Vec<String>,
1154 pub current_module_hash: Option<String>,
1155 pub target_installed_module_hash: Option<String>,
1156 pub target_canonical_embedded_config_sha256: Option<String>,
1157 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
1158 pub operator_instructions: Vec<String>,
1159}
1160
1161#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1165pub struct ExternalLifecyclePendingActionV1 {
1166 pub subject: String,
1167 pub proposal_id: String,
1168 pub proposal_digest: String,
1169 pub canister_id: Option<String>,
1170 pub role: Option<String>,
1171 pub control_class: CanisterControlClassV1,
1172 pub lifecycle_mode: LifecycleModeV1,
1173 pub required_external_action: String,
1174 pub consent_requirements: Vec<ConsentRequirementV1>,
1175 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
1176}
1177
1178#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1182pub struct CriticalExternalFixReportV1 {
1183 pub schema_version: u32,
1184 pub report_id: String,
1185 pub report_digest: String,
1186 pub fix_id: String,
1187 pub severity: String,
1188 pub lifecycle_plan_id: String,
1189 pub lifecycle_plan_digest: String,
1190 pub pending_report_id: String,
1191 pub pending_report_digest: String,
1192 pub deployment_plan_id: String,
1193 pub deployment_plan_digest: String,
1194 pub inventory_id: String,
1195 pub affected_roles: Vec<String>,
1196 pub affected_canisters: Vec<String>,
1197 pub directly_patchable_roles: Vec<String>,
1198 pub externally_blocked_roles: Vec<String>,
1199 pub dependency_blocked_roles: Vec<String>,
1200 pub required_external_actions: Vec<String>,
1201 pub protected_call_implications: Vec<String>,
1202 pub residual_exposure: Vec<String>,
1203 pub operator_next_steps: Vec<String>,
1204}
1205
1206#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1210pub struct ExternalUpgradeProposalV1 {
1211 pub proposal_id: String,
1212 pub proposal_digest: String,
1213 pub deployment_plan_id: String,
1214 pub deployment_plan_digest: String,
1215 pub lifecycle_plan_id: String,
1216 pub lifecycle_plan_digest: String,
1217 pub promotion_plan_id: Option<String>,
1218 pub promotion_plan_digest: Option<String>,
1219 pub promotion_provenance_id: Option<String>,
1220 pub promotion_provenance_digest: Option<String>,
1221 pub subject: String,
1222 pub canister_id: Option<String>,
1223 pub role: Option<String>,
1224 pub control_class: CanisterControlClassV1,
1225 pub lifecycle_mode: LifecycleModeV1,
1226 pub observed_before_digest: String,
1227 pub current_module_hash: Option<String>,
1228 pub current_canonical_embedded_config_sha256: Option<String>,
1229 pub target_wasm_sha256: Option<String>,
1230 pub target_wasm_gz_sha256: Option<String>,
1231 pub target_installed_module_hash: Option<String>,
1232 pub target_role_artifact_identity: Option<String>,
1233 pub target_canonical_embedded_config_sha256: Option<String>,
1234 pub root_trust_anchor: Option<String>,
1235 pub authority_profile_hash: Option<String>,
1236 pub required_external_action: String,
1237 pub consent_requirements: Vec<ConsentRequirementV1>,
1238 pub allowed_authorization_modes: Vec<ExternalUpgradeAuthorizationModeV1>,
1239 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
1240 pub expires_at: Option<String>,
1241 pub supersedes_proposal_id: Option<String>,
1242}
1243
1244#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1248pub enum ExternalUpgradeAuthorizationModeV1 {
1249 ConsentForDirectInstall,
1250 DelegatedInstallAuthority,
1251 ExternalControllerExecution,
1252 ObserveAndVerifyOnly,
1253}
1254
1255#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1259pub struct ExternalUpgradeReceiptV1 {
1260 pub schema_version: u32,
1261 pub receipt_id: String,
1262 pub proposal_id: String,
1263 pub proposal_digest: String,
1264 pub subject: String,
1265 pub canister_id: Option<String>,
1266 pub role: Option<String>,
1267 pub consent_state: ExternalUpgradeConsentStateV1,
1268 pub reported_by: Option<String>,
1269 pub observed_before_module_hash: Option<String>,
1270 pub observed_after_module_hash: Option<String>,
1271 pub observed_after_canonical_embedded_config_sha256: Option<String>,
1272 pub verification_result: ExternalUpgradeVerificationResultV1,
1273 pub verification_notes: Vec<String>,
1274 pub receipt_digest: String,
1275}
1276
1277#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1281pub struct ExternalUpgradeConsentEvidenceV1 {
1282 pub schema_version: u32,
1283 pub evidence_id: String,
1284 pub evidence_digest: String,
1285 pub proposal_id: String,
1286 pub proposal_digest: String,
1287 pub receipt_id: String,
1288 pub receipt_digest: String,
1289 pub subject: String,
1290 pub canister_id: Option<String>,
1291 pub role: Option<String>,
1292 pub consent_state: ExternalUpgradeConsentStateV1,
1293 pub reported_by: Option<String>,
1294 pub consent_requirements: Vec<ConsentRequirementV1>,
1295 pub allowed_authorization_modes: Vec<ExternalUpgradeAuthorizationModeV1>,
1296 pub status_summary: String,
1297}
1298
1299#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1303pub struct ExternalUpgradeConsentEvidenceRequest {
1304 pub evidence_id: String,
1305 pub proposal: ExternalUpgradeProposalV1,
1306 pub receipt: ExternalUpgradeReceiptV1,
1307}
1308
1309#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1313pub struct ExternalUpgradeVerificationReportV1 {
1314 pub schema_version: u32,
1315 pub report_id: String,
1316 pub report_digest: String,
1317 pub proposal_id: String,
1318 pub proposal_digest: String,
1319 pub receipt_id: String,
1320 pub receipt_digest: String,
1321 pub subject: String,
1322 pub canister_id: Option<String>,
1323 pub role: Option<String>,
1324 pub verification_result: ExternalUpgradeVerificationResultV1,
1325 pub verification_notes: Vec<String>,
1326 pub live_inventory_required: bool,
1327 pub status_summary: String,
1328}
1329
1330#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1334pub struct ExternalUpgradeVerificationReportRequest {
1335 pub report_id: String,
1336 pub proposal: ExternalUpgradeProposalV1,
1337 pub receipt: ExternalUpgradeReceiptV1,
1338}
1339
1340#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1344pub struct ExternalUpgradeVerificationPolicyV1 {
1345 pub schema_version: u32,
1346 pub policy_id: String,
1347 pub policy_digest: String,
1348 pub proposal_id: String,
1349 pub proposal_digest: String,
1350 pub subject: String,
1351 pub canister_id: Option<String>,
1352 pub role: Option<String>,
1353 pub required_verification: Vec<LifecycleVerificationRequirementV1>,
1354 pub verification_requirements: Vec<ExternalUpgradeVerificationPolicyRequirementV1>,
1355 pub max_observation_age_seconds: Option<u64>,
1356 pub status_summary: String,
1357}
1358
1359#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1363pub struct ExternalUpgradeVerificationPolicyRequirementV1 {
1364 pub requirement: LifecycleVerificationRequirementV1,
1365 pub status: ExternalUpgradeVerificationRequirementStatusV1,
1366 pub expected_value: Option<String>,
1367}
1368
1369#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1373pub enum ExternalUpgradeVerificationRequirementStatusV1 {
1374 Required,
1375 NotRequired,
1376}
1377
1378#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1382pub struct ExternalUpgradeVerificationPolicyRequest {
1383 pub policy_id: String,
1384 pub proposal: ExternalUpgradeProposalV1,
1385}
1386
1387#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1391pub struct ExternalUpgradeVerificationObservationV1 {
1392 pub inventory_id: Option<String>,
1393 pub observed_at: Option<String>,
1394 pub live_inventory_observed: bool,
1395 pub controller_observation_present: bool,
1396 pub observed_module_hash: Option<String>,
1397 pub observed_canonical_embedded_config_sha256: Option<String>,
1398 pub protected_call_ready: Option<bool>,
1399}
1400
1401#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1405pub struct ExternalUpgradeVerificationCheckV1 {
1406 pub schema_version: u32,
1407 pub check_id: String,
1408 pub check_digest: String,
1409 pub policy_id: String,
1410 pub policy_digest: String,
1411 pub proposal_id: String,
1412 pub proposal_digest: String,
1413 pub subject: String,
1414 pub canister_id: Option<String>,
1415 pub role: Option<String>,
1416 pub observation: ExternalUpgradeVerificationObservationV1,
1417 pub requirement_results: Vec<ExternalUpgradeVerificationCheckRequirementV1>,
1418 pub verification_result: ExternalUpgradeVerificationResultV1,
1419 pub status_summary: String,
1420}
1421
1422#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1426pub struct ExternalUpgradeVerificationCheckRequirementV1 {
1427 pub requirement: LifecycleVerificationRequirementV1,
1428 pub status: ExternalUpgradeVerificationRequirementStatusV1,
1429 pub expected_value: Option<String>,
1430 pub observed_value: Option<String>,
1431 pub satisfied: Option<bool>,
1432}
1433
1434#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1438pub struct ExternalUpgradeVerificationCheckRequest {
1439 pub check_id: String,
1440 pub policy: ExternalUpgradeVerificationPolicyV1,
1441 pub observation: ExternalUpgradeVerificationObservationV1,
1442}
1443
1444#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1448pub struct ExternalUpgradeCompletionReportV1 {
1449 pub schema_version: u32,
1450 pub report_id: String,
1451 pub report_digest: String,
1452 pub proposal_id: String,
1453 pub proposal_digest: String,
1454 pub consent_evidence_id: String,
1455 pub consent_evidence_digest: String,
1456 pub verification_check_id: String,
1457 pub verification_check_digest: String,
1458 pub subject: String,
1459 pub canister_id: Option<String>,
1460 pub role: Option<String>,
1461 pub consent_state: ExternalUpgradeConsentStateV1,
1462 pub verification_result: ExternalUpgradeVerificationResultV1,
1463 pub completion_status: ExternalUpgradeCompletionStatusV1,
1464 pub blockers: Vec<String>,
1465 pub next_actions: Vec<String>,
1466 pub status_summary: String,
1467}
1468
1469#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1473pub enum ExternalUpgradeCompletionStatusV1 {
1474 AwaitingConsent,
1475 ConsentRefused,
1476 AwaitingVerification,
1477 VerifiedComplete,
1478 VerificationFailed,
1479}
1480
1481#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1485pub struct ExternalUpgradeCompletionReportRequest {
1486 pub report_id: String,
1487 pub proposal: ExternalUpgradeProposalV1,
1488 pub consent_evidence: ExternalUpgradeConsentEvidenceV1,
1489 pub verification_check: ExternalUpgradeVerificationCheckV1,
1490}
1491
1492#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1496pub enum ExternalUpgradeConsentStateV1 {
1497 Pending,
1498 Refused,
1499 Delegated,
1500 ExecutedExternally,
1501}
1502
1503#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1507pub enum ExternalUpgradeVerificationResultV1 {
1508 Pending,
1509 Refused,
1510 Verified,
1511 Mismatch,
1512}
1513
1514#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1518pub struct AuthorityReconciliationPlanV1 {
1519 pub schema_version: u32,
1520 pub plan_id: String,
1521 pub inventory_id: String,
1522 pub authority_profile_hash: Option<String>,
1523 pub canister_actions: Vec<CanisterAuthorityActionV1>,
1524 pub automatic_actions: Vec<AuthorityAutomaticActionV1>,
1525 pub hard_failures: Vec<SafetyFindingV1>,
1526 pub external_actions_required: Vec<AuthorityExternalActionV1>,
1527}
1528
1529#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1533pub struct AuthorityAutomaticActionV1 {
1534 pub subject: String,
1535 pub canister_id: String,
1536 pub role: Option<String>,
1537 pub action: AuthorityActionV1,
1538 pub observed_controllers: Vec<String>,
1539 pub desired_controllers: Vec<String>,
1540 pub controller_delta: AuthorityControllerDeltaV1,
1541 pub reason: String,
1542}
1543
1544#[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)]
1548pub struct AuthorityControllerDeltaV1 {
1549 pub add_controllers: Vec<String>,
1550 pub remove_controllers: Vec<String>,
1551}
1552
1553#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1557pub struct AuthorityReportV1 {
1558 pub schema_version: u32,
1559 pub report_id: String,
1560 pub check_id: Option<String>,
1561 pub reconciliation_plan_id: String,
1562 pub inventory_id: String,
1563 pub authority_profile_hash: Option<String>,
1564 pub status: SafetyStatusV1,
1565 pub summary: String,
1566 pub counts: AuthorityReportCountsV1,
1567 pub apply_readiness: AuthorityApplyReadinessV1,
1568 pub action_counts: Vec<AuthorityActionCountV1>,
1569 pub control_class_counts: Vec<AuthorityControlClassCountV1>,
1570 pub observation_gaps: Vec<DeploymentObservationGapV1>,
1571 pub automatic_actions: Vec<AuthorityAutomaticActionV1>,
1572 pub hard_failures: Vec<SafetyFindingV1>,
1573 pub external_actions_required: Vec<AuthorityExternalActionV1>,
1574 pub next_actions: Vec<String>,
1575}
1576
1577#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1581pub struct AuthorityApplyReadinessV1 {
1582 pub can_apply_automatically: bool,
1583 pub automatic_action_count: usize,
1584 pub blockers: Vec<AuthorityApplyBlockerV1>,
1585}
1586
1587#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1591pub enum AuthorityApplyBlockerV1 {
1592 UnsafeBlocked,
1593 HardFailures,
1594 ObservationGaps,
1595 ExternalActions,
1596}
1597
1598#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1602pub struct AuthorityActionCountV1 {
1603 pub action: AuthorityActionV1,
1604 pub count: usize,
1605}
1606
1607#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1611pub struct AuthorityControlClassCountV1 {
1612 pub control_class: CanisterControlClassV1,
1613 pub count: usize,
1614}
1615
1616#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1620pub struct AuthorityReportCountsV1 {
1621 pub already_correct: usize,
1622 pub can_apply_automatically: usize,
1623 pub requires_external_action: usize,
1624 pub unsafe_blocked: usize,
1625 pub unknown: usize,
1626 pub hard_failures: usize,
1627}
1628
1629#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1633pub struct CanisterAuthorityActionV1 {
1634 pub canister_id: Option<String>,
1635 pub role: Option<String>,
1636 pub control_classification: CanisterControlClassV1,
1637 pub observed_controllers: Vec<String>,
1638 pub desired_controllers: Vec<String>,
1639 pub controller_delta: AuthorityControllerDeltaV1,
1640 pub action: AuthorityActionV1,
1641 pub state: AuthorityReconciliationStateV1,
1642 pub can_apply: bool,
1643 pub reason: String,
1644}
1645
1646#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1650pub struct AuthorityExternalActionV1 {
1651 pub subject: String,
1652 pub canister_id: Option<String>,
1653 pub role: Option<String>,
1654 pub control_classification: CanisterControlClassV1,
1655 pub state: AuthorityReconciliationStateV1,
1656 pub action: AuthorityActionV1,
1657 pub observed_controllers: Vec<String>,
1658 pub desired_controllers: Vec<String>,
1659 pub controller_delta: AuthorityControllerDeltaV1,
1660 pub reason: String,
1661}
1662
1663#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1667pub enum AuthorityActionV1 {
1668 None,
1669 AddControllers,
1670 RemoveControllers,
1671 ReplaceControllerSet,
1672 RequiresExternalController,
1673 RequiresDestructiveImportConfirmation,
1674 ObserveOnly,
1675 AdoptPlanAvailable,
1676 BlockedByPolicy,
1677 UnknownObservation,
1678}
1679
1680#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1684pub enum AuthorityReconciliationStateV1 {
1685 AlreadyCorrect,
1686 CanApplyAutomatically,
1687 RequiresExternalAction,
1688 UnsafeBlocked,
1689 Unknown,
1690}
1691
1692#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1696pub struct DeploymentIdentityV1 {
1697 pub deployment_name: String,
1698 pub network: String,
1699 pub root_principal: Option<String>,
1700 pub authority_profile_hash: Option<String>,
1701 pub role_topology_hash: Option<String>,
1702 pub deployment_manifest_digest: Option<String>,
1703 pub canonical_runtime_config_digest: Option<String>,
1704 pub role_embedded_config_set_digest: Option<String>,
1705 pub artifact_set_digest: Option<String>,
1706 pub pool_identity_set_digest: Option<String>,
1707 pub canic_version: Option<String>,
1708 pub ic_memory_version: Option<String>,
1709}
1710
1711#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1715pub struct TrustDomainV1 {
1716 pub root_trust_anchor: Option<String>,
1717 pub migration_from: Option<String>,
1718}
1719
1720#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1724pub struct AuthorityProfileV1 {
1725 pub profile_id: String,
1726 pub expected_controllers: Vec<String>,
1727 pub staging_controllers: Vec<String>,
1728 pub emergency_controllers: Vec<String>,
1729}
1730
1731#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1735pub struct RoleArtifactV1 {
1736 pub role: String,
1737 pub source: ArtifactSourceV1,
1738 pub build_profile: String,
1739 pub wasm_path: Option<String>,
1740 pub wasm_gz_path: Option<String>,
1741 pub wasm_gz_size_bytes: Option<u64>,
1742 pub wasm_sha256: Option<String>,
1743 pub wasm_gz_sha256: Option<String>,
1744 pub wasm_gz_sha256_source: Option<ArtifactDigestSourceV1>,
1745 pub observed_wasm_gz_file_sha256: Option<String>,
1746 pub observed_wasm_gz_file_sha256_source: Option<ArtifactDigestSourceV1>,
1747 pub installed_module_hash: Option<String>,
1748 pub candid_path: Option<String>,
1749 pub candid_sha256: Option<String>,
1750 pub raw_config_sha256: Option<String>,
1751 pub canonical_embedded_config_sha256: Option<String>,
1752 pub embedded_topology_sha256: Option<String>,
1753 pub builder_version: Option<String>,
1754 pub rust_toolchain: Option<String>,
1755 pub package_version: Option<String>,
1756}
1757
1758#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1762pub enum ArtifactDigestSourceV1 {
1763 ReleaseSetManifest,
1764 ObservedFileDigest,
1765 InstalledModuleHash,
1766}
1767
1768#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1772pub enum ArtifactSourceV1 {
1773 LocalBuild,
1774 ReleaseSet,
1775 WasmStore,
1776 External,
1777 Unknown,
1778}
1779
1780#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1784pub struct ExpectedCanisterV1 {
1785 pub role: String,
1786 pub canister_id: Option<String>,
1787 pub control_class: CanisterControlClassV1,
1788}
1789
1790#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1794pub struct ObservedCanisterV1 {
1795 pub canister_id: String,
1796 pub role: Option<String>,
1797 pub control_class: CanisterControlClassV1,
1798 pub controllers: Vec<String>,
1799 pub module_hash: Option<String>,
1800 pub status: Option<String>,
1801 pub root_trust_anchor: Option<String>,
1802 pub canonical_embedded_config_digest: Option<String>,
1803 pub role_assignment_source: Option<String>,
1804}
1805
1806#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1810pub enum CanisterControlClassV1 {
1811 DeploymentControlled,
1812 CanicManagedPool,
1813 ExternallyImported,
1814 JointlyControlled,
1815 UserControlled,
1816 UnknownUnsafe,
1817}
1818
1819#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1823pub struct ExpectedPoolCanisterV1 {
1824 pub pool: String,
1825 pub canister_id: Option<String>,
1826 pub role: Option<String>,
1827}
1828
1829#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1833pub struct ObservedPoolCanisterV1 {
1834 pub pool: String,
1835 pub canister_id: String,
1836 pub role: Option<String>,
1837 pub control_class: CanisterControlClassV1,
1838}
1839
1840#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1844pub struct LocalDeploymentConfigV1 {
1845 pub config_path: Option<String>,
1846 pub raw_config_sha256: Option<String>,
1847 pub canonical_embedded_config_sha256: Option<String>,
1848}
1849
1850#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1854pub struct ObservedArtifactV1 {
1855 pub role: String,
1856 pub artifact_path: String,
1857 pub file_sha256: Option<String>,
1858 pub file_sha256_source: Option<ArtifactDigestSourceV1>,
1859 pub payload_sha256: Option<String>,
1860 pub payload_size_bytes: Option<u64>,
1861 pub source: ArtifactSourceV1,
1862}
1863
1864#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1868pub struct VerifierReadinessExpectationV1 {
1869 pub required: bool,
1870 pub expected_role_epochs: Vec<RoleEpochExpectationV1>,
1871}
1872
1873#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1877pub struct VerifierReadinessObservationV1 {
1878 pub status: ObservationStatusV1,
1879 pub role_epochs: Vec<RoleEpochObservationV1>,
1880}
1881
1882#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1886pub struct RoleEpochExpectationV1 {
1887 pub role: String,
1888 pub minimum_epoch: u64,
1889}
1890
1891#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1895pub struct RoleEpochObservationV1 {
1896 pub role: String,
1897 pub observed_epoch: Option<u64>,
1898 pub status: ObservationStatusV1,
1899}
1900
1901#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1905pub struct DeploymentAssumptionV1 {
1906 pub key: String,
1907 pub description: String,
1908}
1909
1910#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1914pub struct DeploymentObservationGapV1 {
1915 pub key: String,
1916 pub description: String,
1917}
1918
1919#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1923pub struct PhaseReceiptV1 {
1924 pub phase: String,
1925 pub started_at: String,
1926 pub finished_at: Option<String>,
1927 pub attempted_action: String,
1928 pub verified_postcondition: VerifiedPostconditionV1,
1929}
1930
1931#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1935pub struct VerifiedPostconditionV1 {
1936 pub status: ObservationStatusV1,
1937 pub evidence: Vec<String>,
1938}
1939
1940#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1944pub enum DeploymentExecutionStatusV1 {
1945 NotStarted,
1946 InProgress,
1947 FailedBeforeMutation,
1948 PartiallyApplied,
1949 FailedAfterMutation,
1950 Complete,
1951}
1952
1953#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1957pub enum DeploymentCommandResultV1 {
1958 NotFinished,
1959 Succeeded,
1960 Failed { code: String, message: String },
1961}
1962
1963#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1967pub struct RolePhaseReceiptV1 {
1968 pub role: String,
1969 pub phase: String,
1970 pub result: RolePhaseResultV1,
1971 pub previous_module_hash: Option<String>,
1972 pub target_module_hash: Option<String>,
1973 pub observed_module_hash_after: Option<String>,
1974 pub artifact_digest: Option<String>,
1975 pub canonical_embedded_config_sha256: Option<String>,
1976 pub error: Option<String>,
1977}
1978
1979#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1983pub enum RolePhaseResultV1 {
1984 Applied,
1985 Failed,
1986 Skipped,
1987 NotAttempted,
1988 VerifiedAlreadyApplied,
1989}
1990
1991#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1995pub struct DiffItemV1 {
1996 pub category: String,
1997 pub subject: String,
1998 pub expected: Option<String>,
1999 pub observed: Option<String>,
2000 pub severity: SafetySeverityV1,
2001}
2002
2003#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2007pub struct ResumeSafetyV1 {
2008 pub status: SafetyStatusV1,
2009 pub reasons: Vec<String>,
2010}
2011
2012#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2016pub struct SafetyFindingV1 {
2017 pub code: String,
2018 pub message: String,
2019 pub severity: SafetySeverityV1,
2020 pub subject: Option<String>,
2021}
2022
2023#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2027pub enum SafetyStatusV1 {
2028 NotEvaluated,
2029 Safe,
2030 Warning,
2031 Blocked,
2032}
2033
2034#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2038pub enum SafetySeverityV1 {
2039 Info,
2040 Warning,
2041 HardFailure,
2042}
2043
2044#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2048pub enum ObservationStatusV1 {
2049 NotObserved,
2050 Observed,
2051 Missing,
2052 Inconclusive,
2053}