1use serde::{Deserialize, Serialize};
2
3#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
7pub struct DeploymentPlanV1 {
8 pub schema_version: u32,
9 pub plan_id: String,
10 pub deployment_identity: DeploymentIdentityV1,
11 pub trust_domain: TrustDomainV1,
12 pub fleet_template: String,
13 pub runtime_variant: String,
14 pub authority_profile: AuthorityProfileV1,
15 pub role_artifacts: Vec<RoleArtifactV1>,
16 pub expected_canisters: Vec<ExpectedCanisterV1>,
17 pub expected_pool: Vec<ExpectedPoolCanisterV1>,
18 pub expected_verifier_readiness: VerifierReadinessExpectationV1,
19 pub unresolved_assumptions: Vec<DeploymentAssumptionV1>,
20}
21
22#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
26pub struct DeploymentInventoryV1 {
27 pub schema_version: u32,
28 pub inventory_id: String,
29 pub observed_at: String,
30 pub observed_identity: Option<DeploymentIdentityV1>,
31 pub local_config: LocalDeploymentConfigV1,
32 pub observed_canisters: Vec<ObservedCanisterV1>,
33 pub observed_pool: Vec<ObservedPoolCanisterV1>,
34 pub observed_artifacts: Vec<ObservedArtifactV1>,
35 pub observed_verifier_readiness: VerifierReadinessObservationV1,
36 pub unresolved_observations: Vec<DeploymentObservationGapV1>,
37}
38
39#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
43pub struct DeploymentReceiptV1 {
44 pub schema_version: u32,
45 pub operation_id: String,
46 pub plan_id: String,
47 pub execution_context: Option<DeploymentExecutionContextV1>,
48 pub operation_status: DeploymentExecutionStatusV1,
49 pub started_at: String,
50 pub finished_at: Option<String>,
51 pub operator_principal: Option<String>,
52 pub root_principal: Option<String>,
53 pub previous_observed_deployment_epoch: Option<u64>,
54 pub phase_receipts: Vec<PhaseReceiptV1>,
55 pub role_phase_receipts: Vec<RolePhaseReceiptV1>,
56 pub final_inventory_id: Option<String>,
57 pub command_result: DeploymentCommandResultV1,
58}
59
60#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
64pub struct DeploymentExecutionContextV1 {
65 pub workspace_root: Option<String>,
66 pub icp_root: Option<String>,
67 pub artifact_roots: Vec<String>,
68 pub backend: DeploymentExecutorBackendV1,
69 pub backend_capabilities: Vec<DeploymentExecutorCapabilityV1>,
70}
71
72#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
76pub struct DeploymentExecutionPreflightV1 {
77 pub schema_version: u32,
78 pub plan_id: String,
79 pub safety_report_id: String,
80 pub authority_plan_id: String,
81 pub backend: DeploymentExecutorBackendV1,
82 pub status: DeploymentExecutionPreflightStatusV1,
83 pub planned_phases: Vec<String>,
84 pub required_capabilities: Vec<DeploymentExecutorCapabilityV1>,
85 pub missing_capabilities: Vec<DeploymentExecutorCapabilityV1>,
86 pub blockers: Vec<SafetyFindingV1>,
87}
88
89#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
93pub enum DeploymentExecutionPreflightStatusV1 {
94 Ready,
95 Blocked,
96}
97
98#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
102pub enum DeploymentExecutorBackendV1 {
103 CurrentCli,
104 PocketIc,
105 DirectAgent,
106 Other { name: String },
107}
108
109#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
113pub enum DeploymentExecutorCapabilityV1 {
114 CreateCanister,
115 CanisterStatus,
116 UpdateSettings,
117 InstallCode,
118 Call,
119 Query,
120 StageArtifact,
121}
122
123#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
127pub enum ArtifactTransportV1 {
128 LocalCli,
129 WasmStore,
130 DirectAgent,
131}
132
133#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
137pub struct StagingReceiptV1 {
138 pub schema_version: u32,
139 pub role: String,
140 pub artifact_identity: String,
141 pub transport: ArtifactTransportV1,
142 pub wasm_store_locator: Option<String>,
143 pub prepared_chunk_hashes: Vec<String>,
144 pub published_chunk_count: usize,
145 pub verified_postcondition: VerifiedPostconditionV1,
146}
147
148#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
152pub struct RoleArtifactSourceV1 {
153 pub role: String,
154 pub kind: RoleArtifactSourceKindV1,
155 pub locator: Option<String>,
156 pub previous_receipt_kind: Option<PreviousArtifactReceiptKindV1>,
157 pub previous_receipt_lineage_digest: Option<String>,
158 pub expected_wasm_sha256: Option<String>,
159 pub expected_wasm_gz_sha256: Option<String>,
160 pub expected_candid_sha256: Option<String>,
161 pub expected_canonical_embedded_config_sha256: Option<String>,
162}
163
164#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
168pub struct RolePromotionInputV1 {
169 pub role: String,
170 pub promotion_level: PromotionArtifactLevelV1,
171 pub source: RoleArtifactSourceV1,
172 pub require_byte_identical_wasm: bool,
173 pub require_target_embedded_config: bool,
174 pub target_store_has_artifact: Option<bool>,
175}
176
177#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
181pub struct RolePromotionPolicyV1 {
182 pub role: String,
183 pub allowed_promotion_levels: Vec<PromotionArtifactLevelV1>,
184 pub requirements: Vec<PromotionPolicyRequirementV1>,
185}
186
187#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
191pub enum PromotionPolicyRequirementV1 {
192 SameSourceRevision,
193 SameCargoFeatures,
194 TargetConfigDigest,
195 ByteIdenticalWasm,
196 SealedBytes,
197}
198
199#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
203pub enum PromotionPolicyClaimV1 {
204 ByteIdenticalWasm,
205 TargetConfigDigest,
206}
207
208#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
212pub struct PromotionPolicyCheckV1 {
213 pub schema_version: u32,
214 pub check_id: String,
215 pub promotion_policy_check_digest: String,
216 pub status: PromotionReadinessStatusV1,
217 pub roles: Vec<RolePromotionPolicyDecisionV1>,
218 pub blockers: Vec<SafetyFindingV1>,
219}
220
221#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
225pub struct RolePromotionPolicyDecisionV1 {
226 pub role: String,
227 pub requested_promotion_level: PromotionArtifactLevelV1,
228 pub allowed_promotion_levels: Vec<PromotionArtifactLevelV1>,
229 pub requirements: Vec<PromotionPolicyRequirementV1>,
230 pub claims: Vec<PromotionPolicyClaimV1>,
231 pub level_allowed: bool,
232 pub policy_satisfied: bool,
233}
234
235#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
239pub enum PromotionArtifactLevelV1 {
240 SealedWasm,
241 SourceBuild,
242}
243
244#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
248pub struct BuildRecipeIdentityV1 {
249 pub recipe_id: String,
250 pub source_kind: RoleArtifactSourceKindV1,
251 pub source_revision: String,
252 pub source_tree_clean: bool,
253 pub package_or_role_selector: String,
254 pub cargo_profile: String,
255 pub cargo_features_digest: String,
256 pub cargo_lock_digest: String,
257 pub rust_toolchain: String,
258 pub builder_version: String,
259 pub target_triple: String,
260 pub linker_identity: String,
261 pub deterministic_build_mode: String,
262 pub wasm_opt_version: String,
263 pub compression_identity: String,
264}
265
266#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
270pub struct BuildMaterializationInputV1 {
271 pub materialization_input_id: String,
272 pub build_recipe_id: String,
273 pub canonical_embedded_config_sha256: String,
274 pub network: String,
275 pub root_trust_anchor: String,
276 pub runtime_variant: String,
277}
278
279#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
283pub struct BuildMaterializationResultV1 {
284 pub materialization_result_id: String,
285 pub build_recipe_id: String,
286 pub materialization_input_digest: String,
287 pub wasm_sha256: String,
288 pub wasm_gz_sha256: String,
289 pub installed_module_hash: String,
290 pub candid_sha256: String,
291}
292
293#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
297pub struct BuildMaterializationEvidenceV1 {
298 pub schema_version: u32,
299 pub evidence_id: String,
300 pub materialization_evidence_digest: String,
301 pub recipe: BuildRecipeIdentityV1,
302 pub materialization_input: BuildMaterializationInputV1,
303 pub materialization_result: BuildMaterializationResultV1,
304 pub computed_materialization_input_digest: String,
305 pub recipe_id_matches_input: bool,
306 pub recipe_id_matches_result: bool,
307 pub materialization_input_digest_matches_result: bool,
308}
309
310#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
314pub struct PromotionMaterializationIdentityReportV1 {
315 pub schema_version: u32,
316 pub report_id: String,
317 pub materialization_identity_report_digest: String,
318 pub status: PromotionReadinessStatusV1,
319 pub roles: Vec<RolePromotionMaterializationIdentityV1>,
320 pub output_groups: Vec<PromotionMaterializationOutputGroupV1>,
321 pub blockers: Vec<SafetyFindingV1>,
322}
323
324#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
328pub struct RolePromotionMaterializationIdentityV1 {
329 pub role: String,
330 pub evidence_id: String,
331 pub materialization_evidence_digest: String,
332 pub recipe_id: String,
333 pub materialization_input_id: String,
334 pub materialization_result_id: String,
335 pub materialization_input_digest: String,
336 pub canonical_embedded_config_sha256: String,
337 pub network: String,
338 pub root_trust_anchor: String,
339 pub runtime_variant: String,
340 pub wasm_sha256: String,
341 pub wasm_gz_sha256: String,
342 pub installed_module_hash: String,
343 pub candid_sha256: String,
344}
345
346#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
350pub struct PromotionMaterializationOutputGroupV1 {
351 pub output_identity_key: String,
352 pub roles: Vec<String>,
353 pub wasm_sha256: String,
354 pub wasm_gz_sha256: String,
355 pub installed_module_hash: String,
356 pub candid_sha256: String,
357}
358
359#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
363pub struct PromotionArtifactIdentityReportV1 {
364 pub schema_version: u32,
365 pub report_id: String,
366 pub artifact_identity_report_digest: String,
367 pub status: PromotionReadinessStatusV1,
368 pub summary: PromotionArtifactIdentitySummaryV1,
369 pub roles: Vec<RolePromotionArtifactIdentityV1>,
370 pub identity_groups: Vec<PromotionArtifactIdentityGroupV1>,
371 pub blockers: Vec<SafetyFindingV1>,
372}
373
374#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
378pub struct PromotionArtifactIdentitySummaryV1 {
379 pub role_count: usize,
380 pub identity_group_count: usize,
381 pub shared_identity_group_count: usize,
382 pub digest_pinned_role_count: usize,
383 pub source_build_role_count: usize,
384 pub deferred_identity_role_count: usize,
385}
386
387#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
391pub struct PromotionWasmStoreIdentityReportV1 {
392 pub schema_version: u32,
393 pub report_id: String,
394 pub wasm_store_identity_report_digest: String,
395 pub status: PromotionReadinessStatusV1,
396 pub roles: Vec<RolePromotionWasmStoreIdentityV1>,
397 pub blockers: Vec<SafetyFindingV1>,
398}
399
400#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
404pub struct RolePromotionWasmStoreIdentityV1 {
405 pub role: String,
406 pub artifact_identity: String,
407 pub transport: ArtifactTransportV1,
408 pub wasm_store_locator: Option<String>,
409 pub prepared_chunk_hashes: Vec<String>,
410 pub published_chunk_count: usize,
411 pub verified_postcondition: VerifiedPostconditionV1,
412}
413
414#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
418pub struct PromotionWasmStoreCatalogEntryV1 {
419 pub locator: String,
420 pub artifact_identity: String,
421 pub published_chunk_count: usize,
422}
423
424#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
428pub struct PromotionWasmStoreCatalogVerificationV1 {
429 pub schema_version: u32,
430 pub verification_id: String,
431 pub wasm_store_catalog_verification_digest: String,
432 pub wasm_store_identity_report_id: String,
433 pub status: PromotionReadinessStatusV1,
434 pub roles: Vec<RolePromotionWasmStoreCatalogVerificationV1>,
435 pub blockers: Vec<SafetyFindingV1>,
436}
437
438#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
442pub struct RolePromotionWasmStoreCatalogVerificationV1 {
443 pub role: String,
444 pub wasm_store_locator: String,
445 pub expected_artifact_identity: String,
446 pub observed_artifact_identity: Option<String>,
447 pub expected_published_chunk_count: usize,
448 pub observed_published_chunk_count: Option<usize>,
449 pub catalog_entry_present: bool,
450 pub catalog_matches: bool,
451 pub catalog_observation_digest: String,
452}
453
454#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
458pub struct PromotionArtifactIdentityGroupV1 {
459 pub identity_key: String,
460 pub identity_kind: PromotionArtifactIdentityKindV1,
461 pub roles: Vec<String>,
462 pub source_kinds: Vec<RoleArtifactSourceKindV1>,
463 pub source_locators: Vec<String>,
464 pub digest_pinned: bool,
465 pub wasm_sha256: Option<String>,
466 pub wasm_gz_sha256: Option<String>,
467 pub candid_sha256: Option<String>,
468 pub canonical_embedded_config_sha256: Option<String>,
469}
470
471#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
475pub struct RolePromotionArtifactIdentityV1 {
476 pub role: String,
477 pub promotion_level: PromotionArtifactLevelV1,
478 pub source_kind: RoleArtifactSourceKindV1,
479 pub source_locator: Option<String>,
480 pub identity_kind: PromotionArtifactIdentityKindV1,
481 pub digest_pinned: bool,
482 pub wasm_sha256: Option<String>,
483 pub wasm_gz_sha256: Option<String>,
484 pub candid_sha256: Option<String>,
485 pub canonical_embedded_config_sha256: Option<String>,
486}
487
488#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
492pub enum PromotionArtifactIdentityKindV1 {
493 SealedWasm,
494 SealedCompressedWasm,
495 SealedWasmAndCompressedWasm,
496 SourceBuild,
497 Deferred,
498}
499
500#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
504pub struct PromotionReadinessV1 {
505 pub schema_version: u32,
506 pub readiness_id: String,
507 pub promotion_readiness_digest: String,
508 pub target_plan_id: String,
509 pub status: PromotionReadinessStatusV1,
510 pub roles: Vec<RolePromotionReadinessV1>,
511 pub blockers: Vec<SafetyFindingV1>,
512 pub warnings: Vec<SafetyFindingV1>,
513}
514
515#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
519pub struct PromotionPlanTransformV1 {
520 pub schema_version: u32,
521 pub transform_id: String,
522 pub target_plan_id: String,
523 pub promoted_plan_id: String,
524 pub promotion_plan_lineage_digest: String,
525 pub promoted_plan: DeploymentPlanV1,
526 pub roles: Vec<RolePromotionPlanTransformV1>,
527}
528
529#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
533pub struct ArtifactPromotionPlanV1 {
534 pub schema_version: u32,
535 pub plan_id: String,
536 pub artifact_promotion_plan_digest: String,
537 pub generated_at: String,
538 pub status: PromotionReadinessStatusV1,
539 pub target_plan_id: String,
540 pub promoted_plan_id: String,
541 pub promotion_plan_lineage_digest: String,
542 pub readiness: PromotionReadinessV1,
543 pub artifact_identity_report: PromotionArtifactIdentityReportV1,
544 pub transform: PromotionPlanTransformV1,
545 pub target_execution_lineage: Option<PromotionTargetExecutionLineageV1>,
546 pub blockers: Vec<SafetyFindingV1>,
547}
548
549#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
553pub struct ArtifactPromotionProvenanceReportV1 {
554 pub schema_version: u32,
555 pub report_id: String,
556 pub status: PromotionReadinessStatusV1,
557 pub artifact_promotion_plan_id: String,
558 pub artifact_promotion_plan_digest: String,
559 pub target_plan_id: String,
560 pub promoted_plan_id: String,
561 pub promotion_plan_lineage_digest: String,
562 pub provenance_report_digest: String,
563 pub readiness_id: String,
564 pub artifact_identity_report_id: String,
565 pub transform_id: String,
566 pub target_execution_lineage_id: Option<String>,
567 pub wasm_store_identity_report_id: Option<String>,
568 pub wasm_store_identity_report_digest: Option<String>,
569 pub wasm_store_catalog_verification_id: Option<String>,
570 pub wasm_store_catalog_verification_digest: Option<String>,
571 pub materialization_identity_report_id: Option<String>,
572 pub materialization_identity_report_digest: Option<String>,
573 pub execution_attempted: bool,
574 pub roles: Vec<RolePromotionProvenanceV1>,
575 pub blockers: Vec<SafetyFindingV1>,
576}
577
578#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
582pub struct ArtifactPromotionExecutionReceiptV1 {
583 pub schema_version: u32,
584 pub receipt_id: String,
585 pub execution_receipt_digest: String,
586 pub artifact_promotion_plan_id: String,
587 pub artifact_promotion_plan_digest: String,
588 pub provenance_report_id: String,
589 pub provenance_report_digest: String,
590 pub provenance_status: PromotionReadinessStatusV1,
591 pub promoted_plan_id: String,
592 pub promotion_plan_lineage_digest: String,
593 pub operation_id: String,
594 pub operation_status: DeploymentExecutionStatusV1,
595 pub command_result: DeploymentCommandResultV1,
596 pub started_at: String,
597 pub finished_at: Option<String>,
598 pub deployment_receipt: DeploymentReceiptV1,
599 pub roles: Vec<RolePromotionExecutionReceiptV1>,
600}
601
602#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
606pub struct RolePromotionExecutionReceiptV1 {
607 pub role: String,
608 pub promotion_level: PromotionArtifactLevelV1,
609 pub materialization_evidence_id: Option<String>,
610 pub materialization_evidence_digest: Option<String>,
611 pub wasm_store_locator: Option<String>,
612 pub wasm_store_catalog_observation_digest: Option<String>,
613 pub role_phase_result: Option<RolePhaseResultV1>,
614 pub artifact_digest: Option<String>,
615 pub observed_module_hash_after: Option<String>,
616 pub canonical_embedded_config_sha256: Option<String>,
617}
618
619#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
623pub struct RolePromotionProvenanceV1 {
624 pub role: String,
625 pub promotion_level: PromotionArtifactLevelV1,
626 pub source_kind: RoleArtifactSourceKindV1,
627 pub artifact_identity_changed: bool,
628 pub embedded_config_changed: bool,
629 pub target_materialization_preserved: bool,
630 pub materialization_evidence_id: Option<String>,
631 pub materialization_evidence_digest: Option<String>,
632 pub wasm_store_locator: Option<String>,
633 pub wasm_store_catalog_observation_digest: Option<String>,
634}
635
636#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
640pub struct PromotionPlanTransformEvidenceV1 {
641 pub schema_version: u32,
642 pub evidence_id: String,
643 pub promotion_plan_transform_evidence_digest: String,
644 pub generated_at: String,
645 pub transform: PromotionPlanTransformV1,
646}
647
648#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
652pub struct PromotionTargetExecutionLineageV1 {
653 pub schema_version: u32,
654 pub lineage_id: String,
655 pub generated_at: String,
656 pub target_execution_lineage_digest: String,
657 pub transform: PromotionPlanTransformV1,
658 pub execution_preflight: DeploymentExecutionPreflightV1,
659 pub execution_attempted: bool,
660}
661
662#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
666pub struct RolePromotionPlanTransformV1 {
667 pub role: String,
668 pub promotion_level: PromotionArtifactLevelV1,
669 pub source_kind: RoleArtifactSourceKindV1,
670 pub source_locator: Option<String>,
671 pub artifact_source_before: ArtifactSourceV1,
672 pub artifact_source_after: ArtifactSourceV1,
673 pub wasm_sha256_before: Option<String>,
674 pub wasm_sha256_after: Option<String>,
675 pub wasm_gz_sha256_before: Option<String>,
676 pub wasm_gz_sha256_after: Option<String>,
677 pub candid_sha256_before: Option<String>,
678 pub candid_sha256_after: Option<String>,
679 pub canonical_embedded_config_sha256_before: Option<String>,
680 pub canonical_embedded_config_sha256_after: Option<String>,
681 pub artifact_identity_changed: bool,
682 pub embedded_config_changed: bool,
683 pub target_materialization_preserved: bool,
684 pub source_build_materialization: Option<RolePromotionMaterializationLinkV1>,
685}
686
687#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
691pub struct RolePromotionMaterializationLinkV1 {
692 pub role: String,
693 pub evidence_id: String,
694 pub materialization_evidence_digest: String,
695 pub recipe_id: String,
696 pub materialization_input_id: String,
697 pub materialization_result_id: String,
698 pub materialization_input_digest: String,
699 pub wasm_sha256: String,
700 pub wasm_gz_sha256: String,
701 pub installed_module_hash: String,
702 pub candid_sha256: String,
703}
704
705#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
709pub enum PromotionReadinessStatusV1 {
710 Ready,
711 Blocked,
712}
713
714#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
718pub struct RolePromotionReadinessV1 {
719 pub role: String,
720 pub promotion_level: PromotionArtifactLevelV1,
721 pub source_kind: RoleArtifactSourceKindV1,
722 pub source_locator: Option<String>,
723 pub source_wasm_sha256: Option<String>,
724 pub source_wasm_gz_sha256: Option<String>,
725 pub target_wasm_sha256: Option<String>,
726 pub target_wasm_gz_sha256: Option<String>,
727 pub source_canonical_embedded_config_sha256: Option<String>,
728 pub target_canonical_embedded_config_sha256: Option<String>,
729 pub byte_identical_wasm: Option<bool>,
730 pub embedded_config_identical: Option<bool>,
731 pub target_store_has_artifact: Option<bool>,
732 pub restage_required: bool,
733}
734
735#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
739pub enum RoleArtifactSourceKindV1 {
740 WorkspacePackage,
741 PublishedPackage,
742 LocalWasm,
743 LocalWasmGz,
744 PreviousReceiptArtifact,
745 CanonicalWasmStoreDefault,
746}
747
748#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
752pub enum PreviousArtifactReceiptKindV1 {
753 DeploymentReceipt,
754 StagingReceipt,
755}
756
757#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
761pub struct AuthorityReceiptV1 {
762 pub schema_version: u32,
763 pub operation_id: String,
764 pub check_id: Option<String>,
765 pub reconciliation_plan_id: String,
766 pub authority_report_id: String,
767 pub inventory_id: String,
768 pub authority_profile_hash: Option<String>,
769 pub operation_status: DeploymentExecutionStatusV1,
770 pub started_at: String,
771 pub finished_at: Option<String>,
772 pub attempted_actions: Vec<AuthorityAttemptedActionV1>,
773 pub verified_controller_observations: Vec<AuthorityControllerObservationV1>,
774 pub hard_failures: Vec<SafetyFindingV1>,
775 pub unresolved_observation_gaps: Vec<DeploymentObservationGapV1>,
776 pub unresolved_external_actions: Vec<AuthorityExternalActionV1>,
777 pub command_result: DeploymentCommandResultV1,
778}
779
780#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
784pub struct AuthorityDryRunEvidenceV1 {
785 pub schema_version: u32,
786 pub evidence_id: String,
787 pub check_id: String,
788 pub generated_at: String,
789 pub reconciliation_plan: AuthorityReconciliationPlanV1,
790 pub authority_report: AuthorityReportV1,
791 pub authority_receipt: AuthorityReceiptV1,
792}
793
794#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
798pub struct AuthorityAttemptedActionV1 {
799 pub subject: String,
800 pub canister_id: Option<String>,
801 pub role: Option<String>,
802 pub action: AuthorityActionV1,
803 pub result: RolePhaseResultV1,
804 pub error: Option<String>,
805}
806
807#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
811pub struct AuthorityControllerObservationV1 {
812 pub subject: String,
813 pub canister_id: Option<String>,
814 pub role: Option<String>,
815 pub state: AuthorityReconciliationStateV1,
816 pub action: AuthorityActionV1,
817 pub observed_controllers: Vec<String>,
818 pub desired_controllers: Vec<String>,
819 pub controller_delta: AuthorityControllerDeltaV1,
820}
821
822#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
826pub struct RoleArtifactManifestV1 {
827 pub schema_version: u32,
828 pub manifest_id: String,
829 pub network: String,
830 pub artifact_root: Option<String>,
831 pub role_artifacts: Vec<RoleArtifactV1>,
832 pub unresolved_artifacts: Vec<DeploymentObservationGapV1>,
833}
834
835#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
839pub struct DeploymentDiffV1 {
840 pub schema_version: u32,
841 pub plan_identity: DeploymentIdentityV1,
842 pub observed_identity: Option<DeploymentIdentityV1>,
843 pub artifact_diff: Vec<DiffItemV1>,
844 pub controller_diff: Vec<DiffItemV1>,
845 pub pool_diff: Vec<DiffItemV1>,
846 pub embedded_config_diff: Vec<DiffItemV1>,
847 pub module_hash_diff: Vec<DiffItemV1>,
848 pub verifier_readiness_diff: Vec<DiffItemV1>,
849 pub resume_safety: ResumeSafetyV1,
850 pub hard_failures: Vec<SafetyFindingV1>,
851 pub warnings: Vec<SafetyFindingV1>,
852 pub resumable_phases: Vec<String>,
853}
854
855#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
859pub struct SafetyReportV1 {
860 pub schema_version: u32,
861 pub report_id: String,
862 pub diff_id: Option<String>,
863 pub status: SafetyStatusV1,
864 pub summary: String,
865 pub hard_failures: Vec<SafetyFindingV1>,
866 pub warnings: Vec<SafetyFindingV1>,
867 pub next_actions: Vec<String>,
868}
869
870#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
874pub struct DeploymentCheckV1 {
875 pub schema_version: u32,
876 pub check_id: String,
877 pub plan: DeploymentPlanV1,
878 pub inventory: DeploymentInventoryV1,
879 pub diff: DeploymentDiffV1,
880 pub report: SafetyReportV1,
881}
882
883#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
887pub struct DeploymentComparisonReportV1 {
888 pub schema_version: u32,
889 pub report_id: String,
890 pub report_digest: String,
891 pub compared_at: String,
892 pub left: DeploymentComparisonTargetV1,
893 pub right: DeploymentComparisonTargetV1,
894 pub status: SafetyStatusV1,
895 pub identity_diff: Vec<DeploymentComparisonDiffV1>,
896 pub artifact_diff: Vec<DeploymentComparisonDiffV1>,
897 pub module_hash_diff: Vec<DeploymentComparisonDiffV1>,
898 pub embedded_config_diff: Vec<DeploymentComparisonDiffV1>,
899 pub authority_diff: Vec<DeploymentComparisonDiffV1>,
900 pub pool_diff: Vec<DeploymentComparisonDiffV1>,
901 pub verifier_readiness_diff: Vec<DeploymentComparisonDiffV1>,
902 pub external_lifecycle_diff: Vec<DeploymentComparisonDiffV1>,
903 pub hard_failures: Vec<SafetyFindingV1>,
904 pub warnings: Vec<SafetyFindingV1>,
905 pub next_actions: Vec<String>,
906}
907
908#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
912pub struct DeploymentComparisonTargetV1 {
913 pub label: String,
914 pub check_id: String,
915 pub check_digest: String,
916 pub plan_id: String,
917 pub plan_digest: String,
918 pub inventory_id: String,
919 pub inventory_digest: String,
920 pub deployment_identity: DeploymentIdentityV1,
921}
922
923#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
927pub struct DeploymentComparisonDiffV1 {
928 pub category: DeploymentComparisonCategoryV1,
929 pub subject: String,
930 pub left: Option<String>,
931 pub right: Option<String>,
932 pub severity: SafetySeverityV1,
933 pub message: String,
934}
935
936#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
940pub enum DeploymentComparisonCategoryV1 {
941 Identity,
942 TrustDomain,
943 Artifact,
944 ModuleHash,
945 EmbeddedConfig,
946 Authority,
947 Pool,
948 VerifierReadiness,
949 ExternalLifecycle,
950}
951
952#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
956pub struct LifecycleAuthorityReportV1 {
957 pub schema_version: u32,
958 pub report_id: String,
959 pub report_digest: String,
960 pub check_id: String,
961 pub plan_id: String,
962 pub inventory_id: String,
963 pub authorities: Vec<LifecycleAuthorityV1>,
964 pub external_action_required_count: usize,
965 pub blocked_count: usize,
966}
967
968#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
972pub struct LifecycleAuthorityV1 {
973 pub subject: String,
974 pub canister_id: Option<String>,
975 pub role: Option<String>,
976 pub control_class: CanisterControlClassV1,
977 pub lifecycle_mode: LifecycleModeV1,
978 pub observed_controllers: Vec<String>,
979 pub expected_deployment_controllers: Vec<String>,
980 pub external_controllers: Vec<String>,
981 pub required_controllers: Vec<String>,
982 pub consent_requirements: Vec<ConsentRequirementV1>,
983 pub allowed_upgrade_modes: Vec<LifecycleUpgradeModeV1>,
984 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
985 pub external_action_required: bool,
986 pub blocked: bool,
987 pub blockers: Vec<String>,
988 pub warnings: Vec<String>,
989 pub reason: String,
990}
991
992#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
996pub enum LifecycleModeV1 {
997 DirectDeploymentAuthority,
998 ProposalRequired,
999 DelegatedInstallRequired,
1000 ExternalCompletionOnly,
1001 VerifyOnly,
1002 MustNotTouch,
1003 UnknownUnsafeBlocked,
1004}
1005
1006#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1010pub enum LifecycleUpgradeModeV1 {
1011 DirectByDeploymentAuthority,
1012 ExternalProposal,
1013 ExternalExecution,
1014 VerifyExternalCompletion,
1015 ObserveOnly,
1016 Blocked,
1017}
1018
1019#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1023pub enum LifecycleVerificationRequirementV1 {
1024 LiveInventory,
1025 ControllerObservation,
1026 ModuleHash,
1027 CanonicalEmbeddedConfig,
1028 ProtectedCallReadiness,
1029}
1030
1031#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1035pub struct ConsentRequirementV1 {
1036 pub consent_subject_kind: ConsentSubjectKindV1,
1037 pub required_principals: Vec<String>,
1038 pub required_controller_set_digest: Option<String>,
1039 pub consent_channel_kind: ConsentChannelKindV1,
1040 pub required_action: ExternalUpgradeAuthorizationModeV1,
1041}
1042
1043#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1047pub enum ConsentSubjectKindV1 {
1048 UserPrincipal,
1049 ProjectHub,
1050 GovernanceCanister,
1051 CustomerController,
1052 DelegatedInstallCanister,
1053 MultisigAuthority,
1054 UnknownExternalController,
1055}
1056
1057#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1061pub enum ConsentChannelKindV1 {
1062 OutOfBand,
1063 GeneratedCommand,
1064 DelegatedInstall,
1065 GovernanceProposal,
1066 ApplicationSpecific,
1067}
1068
1069#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1073pub struct ExternalLifecyclePlanV1 {
1074 pub schema_version: u32,
1075 pub lifecycle_plan_id: String,
1076 pub lifecycle_plan_digest: String,
1077 pub lifecycle_authority_report_id: String,
1078 pub deployment_plan_id: String,
1079 pub deployment_plan_digest: String,
1080 pub inventory_id: String,
1081 pub lifecycle_authority_rows: Vec<LifecycleAuthorityV1>,
1082 pub directly_executable_role_upgrades: Vec<ExternalLifecycleRoleUpgradeV1>,
1083 pub proposed_external_role_upgrades: Vec<ExternalLifecycleRoleUpgradeV1>,
1084 pub blocked_role_upgrades: Vec<ExternalLifecycleRoleUpgradeV1>,
1085 pub dependency_blockers: Vec<String>,
1086 pub protected_call_implications: Vec<String>,
1087 pub residual_exposure: Vec<String>,
1088 pub status: ExternalLifecyclePlanStatusV1,
1089}
1090
1091#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1095pub struct ExternalLifecycleRoleUpgradeV1 {
1096 pub subject: String,
1097 pub canister_id: Option<String>,
1098 pub role: Option<String>,
1099 pub control_class: CanisterControlClassV1,
1100 pub lifecycle_mode: LifecycleModeV1,
1101 pub required_external_action: Option<String>,
1102 pub blockers: Vec<String>,
1103 pub warnings: Vec<String>,
1104}
1105
1106#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1110pub enum ExternalLifecyclePlanStatusV1 {
1111 Ready,
1112 PendingExternalAction,
1113 Blocked,
1114}
1115
1116#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1120pub struct ExternalUpgradeProposalReportV1 {
1121 pub schema_version: u32,
1122 pub report_id: String,
1123 pub report_digest: String,
1124 pub lifecycle_plan_id: String,
1125 pub lifecycle_plan_digest: String,
1126 pub deployment_plan_id: String,
1127 pub deployment_plan_digest: String,
1128 pub inventory_id: String,
1129 pub proposals: Vec<ExternalUpgradeProposalV1>,
1130 pub blocked_subjects: Vec<String>,
1131}
1132
1133#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1137pub struct ExternalLifecyclePendingReportV1 {
1138 pub schema_version: u32,
1139 pub report_id: String,
1140 pub report_digest: String,
1141 pub lifecycle_plan_id: String,
1142 pub lifecycle_plan_digest: String,
1143 pub proposal_report_id: String,
1144 pub proposal_report_digest: String,
1145 pub deployment_plan_id: String,
1146 pub deployment_plan_digest: String,
1147 pub inventory_id: String,
1148 pub direct_upgrade_count: usize,
1149 pub pending_external_count: usize,
1150 pub blocked_count: usize,
1151 pub pending_external_actions: Vec<ExternalLifecyclePendingActionV1>,
1152 pub blocked_subjects: Vec<String>,
1153 pub residual_exposure: Vec<String>,
1154 pub status: ExternalLifecyclePlanStatusV1,
1155}
1156
1157#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1161pub struct ExternalLifecycleCheckV1 {
1162 pub schema_version: u32,
1163 pub check_id: String,
1164 pub check_digest: String,
1165 pub lifecycle_plan_id: String,
1166 pub lifecycle_plan_digest: String,
1167 pub proposal_report_id: String,
1168 pub proposal_report_digest: String,
1169 pub pending_report_id: String,
1170 pub pending_report_digest: String,
1171 pub deployment_plan_id: String,
1172 pub deployment_plan_digest: String,
1173 pub inventory_id: String,
1174 pub status: ExternalLifecyclePlanStatusV1,
1175 pub direct_upgrade_count: usize,
1176 pub pending_external_count: usize,
1177 pub blocked_count: usize,
1178 pub residual_exposure_count: usize,
1179 pub summary: String,
1180 pub next_actions: Vec<String>,
1181}
1182
1183#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1187pub struct ExternalLifecycleHandoffV1 {
1188 pub schema_version: u32,
1189 pub handoff_id: String,
1190 pub handoff_digest: String,
1191 pub lifecycle_check_id: String,
1192 pub lifecycle_check_digest: String,
1193 pub pending_report_id: String,
1194 pub pending_report_digest: String,
1195 pub proposal_report_id: String,
1196 pub proposal_report_digest: String,
1197 pub deployment_plan_id: String,
1198 pub deployment_plan_digest: String,
1199 pub inventory_id: String,
1200 pub status: ExternalLifecyclePlanStatusV1,
1201 pub handoff_actions: Vec<ExternalLifecycleHandoffActionV1>,
1202 pub blocked_subjects: Vec<String>,
1203 pub residual_exposure: Vec<String>,
1204 pub operator_summary: String,
1205}
1206
1207#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1211pub struct ExternalLifecycleHandoffActionV1 {
1212 pub subject: String,
1213 pub proposal_id: String,
1214 pub proposal_digest: String,
1215 pub canister_id: Option<String>,
1216 pub role: Option<String>,
1217 pub control_class: CanisterControlClassV1,
1218 pub lifecycle_mode: LifecycleModeV1,
1219 pub required_external_action: String,
1220 pub consent_channel_kind: ConsentChannelKindV1,
1221 pub consent_subject_kind: ConsentSubjectKindV1,
1222 pub required_principals: Vec<String>,
1223 pub current_module_hash: Option<String>,
1224 pub target_installed_module_hash: Option<String>,
1225 pub target_canonical_embedded_config_sha256: Option<String>,
1226 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
1227 pub operator_instructions: Vec<String>,
1228}
1229
1230#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1234pub struct ExternalLifecyclePendingActionV1 {
1235 pub subject: String,
1236 pub proposal_id: String,
1237 pub proposal_digest: String,
1238 pub canister_id: Option<String>,
1239 pub role: Option<String>,
1240 pub control_class: CanisterControlClassV1,
1241 pub lifecycle_mode: LifecycleModeV1,
1242 pub required_external_action: String,
1243 pub consent_requirements: Vec<ConsentRequirementV1>,
1244 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
1245}
1246
1247#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1251pub struct CriticalExternalFixReportV1 {
1252 pub schema_version: u32,
1253 pub report_id: String,
1254 pub report_digest: String,
1255 pub fix_id: String,
1256 pub severity: String,
1257 pub lifecycle_plan_id: String,
1258 pub lifecycle_plan_digest: String,
1259 pub pending_report_id: String,
1260 pub pending_report_digest: String,
1261 pub deployment_plan_id: String,
1262 pub deployment_plan_digest: String,
1263 pub inventory_id: String,
1264 pub affected_roles: Vec<String>,
1265 pub affected_canisters: Vec<String>,
1266 pub directly_patchable_roles: Vec<String>,
1267 pub externally_blocked_roles: Vec<String>,
1268 pub dependency_blocked_roles: Vec<String>,
1269 pub required_external_actions: Vec<String>,
1270 pub protected_call_implications: Vec<String>,
1271 pub residual_exposure: Vec<String>,
1272 pub operator_next_steps: Vec<String>,
1273}
1274
1275#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1279pub struct ExternalUpgradeProposalV1 {
1280 pub proposal_id: String,
1281 pub proposal_digest: String,
1282 pub deployment_plan_id: String,
1283 pub deployment_plan_digest: String,
1284 pub lifecycle_plan_id: String,
1285 pub lifecycle_plan_digest: String,
1286 pub promotion_plan_id: Option<String>,
1287 pub promotion_plan_digest: Option<String>,
1288 pub promotion_provenance_id: Option<String>,
1289 pub promotion_provenance_digest: Option<String>,
1290 pub subject: String,
1291 pub canister_id: Option<String>,
1292 pub role: Option<String>,
1293 pub control_class: CanisterControlClassV1,
1294 pub lifecycle_mode: LifecycleModeV1,
1295 pub observed_before_digest: String,
1296 pub current_module_hash: Option<String>,
1297 pub current_canonical_embedded_config_sha256: Option<String>,
1298 pub target_wasm_sha256: Option<String>,
1299 pub target_wasm_gz_sha256: Option<String>,
1300 pub target_installed_module_hash: Option<String>,
1301 pub target_role_artifact_identity: Option<String>,
1302 pub target_canonical_embedded_config_sha256: Option<String>,
1303 pub root_trust_anchor: Option<String>,
1304 pub authority_profile_hash: Option<String>,
1305 pub required_external_action: String,
1306 pub consent_requirements: Vec<ConsentRequirementV1>,
1307 pub allowed_authorization_modes: Vec<ExternalUpgradeAuthorizationModeV1>,
1308 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
1309 pub expires_at: Option<String>,
1310 pub supersedes_proposal_id: Option<String>,
1311}
1312
1313#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1317pub enum ExternalUpgradeAuthorizationModeV1 {
1318 ConsentForDirectInstall,
1319 DelegatedInstallAuthority,
1320 ExternalControllerExecution,
1321 ObserveAndVerifyOnly,
1322}
1323
1324#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1328pub struct ExternalUpgradeReceiptV1 {
1329 pub schema_version: u32,
1330 pub receipt_id: String,
1331 pub proposal_id: String,
1332 pub proposal_digest: String,
1333 pub subject: String,
1334 pub canister_id: Option<String>,
1335 pub role: Option<String>,
1336 pub consent_state: ExternalUpgradeConsentStateV1,
1337 pub reported_by: Option<String>,
1338 pub observed_before_module_hash: Option<String>,
1339 pub observed_after_module_hash: Option<String>,
1340 pub observed_after_canonical_embedded_config_sha256: Option<String>,
1341 pub verification_result: ExternalUpgradeVerificationResultV1,
1342 pub verification_notes: Vec<String>,
1343 pub receipt_digest: String,
1344}
1345
1346#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1350pub struct ExternalUpgradeConsentEvidenceV1 {
1351 pub schema_version: u32,
1352 pub evidence_id: String,
1353 pub evidence_digest: String,
1354 pub proposal_id: String,
1355 pub proposal_digest: String,
1356 pub receipt_id: String,
1357 pub receipt_digest: String,
1358 pub subject: String,
1359 pub canister_id: Option<String>,
1360 pub role: Option<String>,
1361 pub consent_state: ExternalUpgradeConsentStateV1,
1362 pub reported_by: Option<String>,
1363 pub consent_requirements: Vec<ConsentRequirementV1>,
1364 pub allowed_authorization_modes: Vec<ExternalUpgradeAuthorizationModeV1>,
1365 pub status_summary: String,
1366}
1367
1368#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1372pub struct ExternalUpgradeConsentEvidenceRequest {
1373 pub evidence_id: String,
1374 pub proposal: ExternalUpgradeProposalV1,
1375 pub receipt: ExternalUpgradeReceiptV1,
1376}
1377
1378#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1382pub struct ExternalUpgradeVerificationReportV1 {
1383 pub schema_version: u32,
1384 pub report_id: String,
1385 pub report_digest: String,
1386 pub proposal_id: String,
1387 pub proposal_digest: String,
1388 pub receipt_id: String,
1389 pub receipt_digest: String,
1390 pub subject: String,
1391 pub canister_id: Option<String>,
1392 pub role: Option<String>,
1393 pub verification_result: ExternalUpgradeVerificationResultV1,
1394 pub verification_notes: Vec<String>,
1395 pub live_inventory_required: bool,
1396 pub status_summary: String,
1397}
1398
1399#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1403pub struct ExternalUpgradeVerificationReportRequest {
1404 pub report_id: String,
1405 pub proposal: ExternalUpgradeProposalV1,
1406 pub receipt: ExternalUpgradeReceiptV1,
1407}
1408
1409#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1413pub struct ExternalUpgradeVerificationPolicyV1 {
1414 pub schema_version: u32,
1415 pub policy_id: String,
1416 pub policy_digest: String,
1417 pub proposal_id: String,
1418 pub proposal_digest: String,
1419 pub deployment_plan_id: String,
1420 pub deployment_plan_digest: String,
1421 pub subject: String,
1422 pub canister_id: Option<String>,
1423 pub role: Option<String>,
1424 pub required_verification: Vec<LifecycleVerificationRequirementV1>,
1425 pub verification_requirements: Vec<ExternalUpgradeVerificationPolicyRequirementV1>,
1426 pub max_observation_age_seconds: Option<u64>,
1427 pub status_summary: String,
1428}
1429
1430#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1434pub struct ExternalUpgradeVerificationPolicyRequirementV1 {
1435 pub requirement: LifecycleVerificationRequirementV1,
1436 pub status: ExternalUpgradeVerificationRequirementStatusV1,
1437 pub expected_value: Option<String>,
1438}
1439
1440#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1444pub enum ExternalUpgradeVerificationRequirementStatusV1 {
1445 Required,
1446 NotRequired,
1447}
1448
1449#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1453pub struct ExternalUpgradeVerificationPolicyRequest {
1454 pub policy_id: String,
1455 pub proposal: ExternalUpgradeProposalV1,
1456}
1457
1458#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1462pub struct ExternalUpgradeVerificationObservationV1 {
1463 pub source: ExternalVerificationObservationSourceV1,
1464 pub deployment_check_id: Option<String>,
1465 pub deployment_check_digest: Option<String>,
1466 pub inventory_id: Option<String>,
1467 pub observed_at: Option<String>,
1468 pub live_inventory_observed: bool,
1469 pub controller_observation_present: bool,
1470 pub observed_control_class: Option<CanisterControlClassV1>,
1471 pub observed_module_hash: Option<String>,
1472 pub observed_canonical_embedded_config_sha256: Option<String>,
1473 pub protected_call_ready: Option<bool>,
1474}
1475
1476#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1480pub enum ExternalVerificationObservationSourceV1 {
1481 SuppliedObservation,
1482 DeploymentTruthInventory,
1483}
1484
1485#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1489pub struct ExternalUpgradeVerificationCheckV1 {
1490 pub schema_version: u32,
1491 pub check_id: String,
1492 pub check_digest: String,
1493 pub policy_id: String,
1494 pub policy_digest: String,
1495 pub proposal_id: String,
1496 pub proposal_digest: String,
1497 pub subject: String,
1498 pub canister_id: Option<String>,
1499 pub role: Option<String>,
1500 pub observation: ExternalUpgradeVerificationObservationV1,
1501 pub requirement_results: Vec<ExternalUpgradeVerificationCheckRequirementV1>,
1502 pub verification_result: ExternalUpgradeVerificationResultV1,
1503 pub status_summary: String,
1504}
1505
1506#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1510pub struct ExternalUpgradeVerificationCheckRequirementV1 {
1511 pub requirement: LifecycleVerificationRequirementV1,
1512 pub status: ExternalUpgradeVerificationRequirementStatusV1,
1513 pub expected_value: Option<String>,
1514 pub observed_value: Option<String>,
1515 pub satisfied: Option<bool>,
1516}
1517
1518#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1522pub struct ExternalUpgradeVerificationCheckRequest {
1523 pub check_id: String,
1524 pub policy: ExternalUpgradeVerificationPolicyV1,
1525 pub observation: Option<ExternalUpgradeVerificationObservationV1>,
1526 pub deployment_check: Option<DeploymentCheckV1>,
1527}
1528
1529#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1533pub struct ExternalUpgradeCompletionReportV1 {
1534 pub schema_version: u32,
1535 pub report_id: String,
1536 pub report_digest: String,
1537 pub proposal_id: String,
1538 pub proposal_digest: String,
1539 pub consent_evidence_id: String,
1540 pub consent_evidence_digest: String,
1541 pub verification_check_id: String,
1542 pub verification_check_digest: String,
1543 pub subject: String,
1544 pub canister_id: Option<String>,
1545 pub role: Option<String>,
1546 pub consent_state: ExternalUpgradeConsentStateV1,
1547 pub verification_result: ExternalUpgradeVerificationResultV1,
1548 pub verification_observation_source: ExternalVerificationObservationSourceV1,
1549 pub completion_status: ExternalUpgradeCompletionStatusV1,
1550 pub blockers: Vec<String>,
1551 pub next_actions: Vec<String>,
1552 pub status_summary: String,
1553}
1554
1555#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1559pub enum ExternalUpgradeCompletionStatusV1 {
1560 AwaitingConsent,
1561 ConsentRefused,
1562 SuppliedEvidenceConsistent,
1563 AwaitingVerification,
1564 VerifiedComplete,
1565 VerificationFailed,
1566}
1567
1568#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1572pub struct ExternalUpgradeCompletionReportRequest {
1573 pub report_id: String,
1574 pub proposal: ExternalUpgradeProposalV1,
1575 pub consent_evidence: ExternalUpgradeConsentEvidenceV1,
1576 pub verification_check: ExternalUpgradeVerificationCheckV1,
1577}
1578
1579#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1583pub enum ExternalUpgradeConsentStateV1 {
1584 Pending,
1585 Refused,
1586 Delegated,
1587 ExecutedExternally,
1588}
1589
1590#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1594pub enum ExternalUpgradeVerificationResultV1 {
1595 Pending,
1596 Refused,
1597 Verified,
1598 Mismatch,
1599}
1600
1601#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1605pub struct AuthorityReconciliationPlanV1 {
1606 pub schema_version: u32,
1607 pub plan_id: String,
1608 pub inventory_id: String,
1609 pub authority_profile_hash: Option<String>,
1610 pub canister_actions: Vec<CanisterAuthorityActionV1>,
1611 pub automatic_actions: Vec<AuthorityAutomaticActionV1>,
1612 pub hard_failures: Vec<SafetyFindingV1>,
1613 pub external_actions_required: Vec<AuthorityExternalActionV1>,
1614}
1615
1616#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1620pub struct AuthorityAutomaticActionV1 {
1621 pub subject: String,
1622 pub canister_id: String,
1623 pub role: Option<String>,
1624 pub action: AuthorityActionV1,
1625 pub observed_controllers: Vec<String>,
1626 pub desired_controllers: Vec<String>,
1627 pub controller_delta: AuthorityControllerDeltaV1,
1628 pub reason: String,
1629}
1630
1631#[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)]
1635pub struct AuthorityControllerDeltaV1 {
1636 pub add_controllers: Vec<String>,
1637 pub remove_controllers: Vec<String>,
1638}
1639
1640#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1644pub struct AuthorityReportV1 {
1645 pub schema_version: u32,
1646 pub report_id: String,
1647 pub check_id: Option<String>,
1648 pub reconciliation_plan_id: String,
1649 pub inventory_id: String,
1650 pub authority_profile_hash: Option<String>,
1651 pub status: SafetyStatusV1,
1652 pub summary: String,
1653 pub counts: AuthorityReportCountsV1,
1654 pub apply_readiness: AuthorityApplyReadinessV1,
1655 pub action_counts: Vec<AuthorityActionCountV1>,
1656 pub control_class_counts: Vec<AuthorityControlClassCountV1>,
1657 pub observation_gaps: Vec<DeploymentObservationGapV1>,
1658 pub automatic_actions: Vec<AuthorityAutomaticActionV1>,
1659 pub hard_failures: Vec<SafetyFindingV1>,
1660 pub external_actions_required: Vec<AuthorityExternalActionV1>,
1661 pub next_actions: Vec<String>,
1662}
1663
1664#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1668pub struct AuthorityApplyReadinessV1 {
1669 pub can_apply_automatically: bool,
1670 pub automatic_action_count: usize,
1671 pub blockers: Vec<AuthorityApplyBlockerV1>,
1672}
1673
1674#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1678pub enum AuthorityApplyBlockerV1 {
1679 UnsafeBlocked,
1680 HardFailures,
1681 ObservationGaps,
1682 ExternalActions,
1683}
1684
1685#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1689pub struct AuthorityActionCountV1 {
1690 pub action: AuthorityActionV1,
1691 pub count: usize,
1692}
1693
1694#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1698pub struct AuthorityControlClassCountV1 {
1699 pub control_class: CanisterControlClassV1,
1700 pub count: usize,
1701}
1702
1703#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1707pub struct AuthorityReportCountsV1 {
1708 pub already_correct: usize,
1709 pub can_apply_automatically: usize,
1710 pub requires_external_action: usize,
1711 pub unsafe_blocked: usize,
1712 pub unknown: usize,
1713 pub hard_failures: usize,
1714}
1715
1716#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1720pub struct CanisterAuthorityActionV1 {
1721 pub canister_id: Option<String>,
1722 pub role: Option<String>,
1723 pub control_classification: CanisterControlClassV1,
1724 pub observed_controllers: Vec<String>,
1725 pub desired_controllers: Vec<String>,
1726 pub controller_delta: AuthorityControllerDeltaV1,
1727 pub action: AuthorityActionV1,
1728 pub state: AuthorityReconciliationStateV1,
1729 pub can_apply: bool,
1730 pub reason: String,
1731}
1732
1733#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1737pub struct AuthorityExternalActionV1 {
1738 pub subject: String,
1739 pub canister_id: Option<String>,
1740 pub role: Option<String>,
1741 pub control_classification: CanisterControlClassV1,
1742 pub state: AuthorityReconciliationStateV1,
1743 pub action: AuthorityActionV1,
1744 pub observed_controllers: Vec<String>,
1745 pub desired_controllers: Vec<String>,
1746 pub controller_delta: AuthorityControllerDeltaV1,
1747 pub reason: String,
1748}
1749
1750#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1754pub enum AuthorityActionV1 {
1755 None,
1756 AddControllers,
1757 RemoveControllers,
1758 ReplaceControllerSet,
1759 RequiresExternalController,
1760 RequiresDestructiveImportConfirmation,
1761 ObserveOnly,
1762 AdoptPlanAvailable,
1763 BlockedByPolicy,
1764 UnknownObservation,
1765}
1766
1767#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1771pub enum AuthorityReconciliationStateV1 {
1772 AlreadyCorrect,
1773 CanApplyAutomatically,
1774 RequiresExternalAction,
1775 UnsafeBlocked,
1776 Unknown,
1777}
1778
1779#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1783pub struct DeploymentIdentityV1 {
1784 pub deployment_name: String,
1785 pub network: String,
1786 pub root_principal: Option<String>,
1787 pub authority_profile_hash: Option<String>,
1788 pub role_topology_hash: Option<String>,
1789 pub deployment_manifest_digest: Option<String>,
1790 pub canonical_runtime_config_digest: Option<String>,
1791 pub role_embedded_config_set_digest: Option<String>,
1792 pub artifact_set_digest: Option<String>,
1793 pub pool_identity_set_digest: Option<String>,
1794 pub canic_version: Option<String>,
1795 pub ic_memory_version: Option<String>,
1796}
1797
1798#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1802pub struct TrustDomainV1 {
1803 pub root_trust_anchor: Option<String>,
1804 pub migration_from: Option<String>,
1805}
1806
1807#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1811pub struct AuthorityProfileV1 {
1812 pub profile_id: String,
1813 pub expected_controllers: Vec<String>,
1814 pub staging_controllers: Vec<String>,
1815 pub emergency_controllers: Vec<String>,
1816}
1817
1818#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1822pub struct RoleArtifactV1 {
1823 pub role: String,
1824 pub source: ArtifactSourceV1,
1825 pub build_profile: String,
1826 pub wasm_path: Option<String>,
1827 pub wasm_gz_path: Option<String>,
1828 pub wasm_gz_size_bytes: Option<u64>,
1829 pub wasm_sha256: Option<String>,
1830 pub wasm_gz_sha256: Option<String>,
1831 pub wasm_gz_sha256_source: Option<ArtifactDigestSourceV1>,
1832 pub observed_wasm_gz_file_sha256: Option<String>,
1833 pub observed_wasm_gz_file_sha256_source: Option<ArtifactDigestSourceV1>,
1834 pub installed_module_hash: Option<String>,
1835 pub candid_path: Option<String>,
1836 pub candid_sha256: Option<String>,
1837 pub raw_config_sha256: Option<String>,
1838 pub canonical_embedded_config_sha256: Option<String>,
1839 pub embedded_topology_sha256: Option<String>,
1840 pub builder_version: Option<String>,
1841 pub rust_toolchain: Option<String>,
1842 pub package_version: Option<String>,
1843}
1844
1845#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1849pub enum ArtifactDigestSourceV1 {
1850 ReleaseSetManifest,
1851 ObservedFileDigest,
1852 InstalledModuleHash,
1853}
1854
1855#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1859pub enum ArtifactSourceV1 {
1860 LocalBuild,
1861 ReleaseSet,
1862 WasmStore,
1863 External,
1864 Unknown,
1865}
1866
1867#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1871pub struct ExpectedCanisterV1 {
1872 pub role: String,
1873 pub canister_id: Option<String>,
1874 pub control_class: CanisterControlClassV1,
1875}
1876
1877#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1881pub struct ObservedCanisterV1 {
1882 pub canister_id: String,
1883 pub role: Option<String>,
1884 pub control_class: CanisterControlClassV1,
1885 pub controllers: Vec<String>,
1886 pub module_hash: Option<String>,
1887 pub status: Option<String>,
1888 pub root_trust_anchor: Option<String>,
1889 pub canonical_embedded_config_digest: Option<String>,
1890 pub role_assignment_source: Option<String>,
1891}
1892
1893#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1897pub enum CanisterControlClassV1 {
1898 DeploymentControlled,
1899 CanicManagedPool,
1900 ExternallyImported,
1901 JointlyControlled,
1902 UserControlled,
1903 UnknownUnsafe,
1904}
1905
1906#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1910pub struct ExpectedPoolCanisterV1 {
1911 pub pool: String,
1912 pub canister_id: Option<String>,
1913 pub role: Option<String>,
1914}
1915
1916#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1920pub struct ObservedPoolCanisterV1 {
1921 pub pool: String,
1922 pub canister_id: String,
1923 pub role: Option<String>,
1924 pub control_class: CanisterControlClassV1,
1925}
1926
1927#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1931pub struct LocalDeploymentConfigV1 {
1932 pub config_path: Option<String>,
1933 pub raw_config_sha256: Option<String>,
1934 pub canonical_embedded_config_sha256: Option<String>,
1935}
1936
1937#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1941pub struct ObservedArtifactV1 {
1942 pub role: String,
1943 pub artifact_path: String,
1944 pub file_sha256: Option<String>,
1945 pub file_sha256_source: Option<ArtifactDigestSourceV1>,
1946 pub payload_sha256: Option<String>,
1947 pub payload_size_bytes: Option<u64>,
1948 pub source: ArtifactSourceV1,
1949}
1950
1951#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1955pub struct VerifierReadinessExpectationV1 {
1956 pub required: bool,
1957 pub expected_role_epochs: Vec<RoleEpochExpectationV1>,
1958}
1959
1960#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1964pub struct VerifierReadinessObservationV1 {
1965 pub status: ObservationStatusV1,
1966 pub role_epochs: Vec<RoleEpochObservationV1>,
1967}
1968
1969#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1973pub struct RoleEpochExpectationV1 {
1974 pub role: String,
1975 pub minimum_epoch: u64,
1976}
1977
1978#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1982pub struct RoleEpochObservationV1 {
1983 pub role: String,
1984 pub observed_epoch: Option<u64>,
1985 pub status: ObservationStatusV1,
1986}
1987
1988#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1992pub struct DeploymentAssumptionV1 {
1993 pub key: String,
1994 pub description: String,
1995}
1996
1997#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2001pub struct DeploymentObservationGapV1 {
2002 pub key: String,
2003 pub description: String,
2004}
2005
2006#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2010pub struct PhaseReceiptV1 {
2011 pub phase: String,
2012 pub started_at: String,
2013 pub finished_at: Option<String>,
2014 pub attempted_action: String,
2015 pub verified_postcondition: VerifiedPostconditionV1,
2016}
2017
2018#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2022pub struct VerifiedPostconditionV1 {
2023 pub status: ObservationStatusV1,
2024 pub evidence: Vec<String>,
2025}
2026
2027#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2031pub enum DeploymentExecutionStatusV1 {
2032 NotStarted,
2033 InProgress,
2034 FailedBeforeMutation,
2035 PartiallyApplied,
2036 FailedAfterMutation,
2037 Complete,
2038}
2039
2040#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2044pub enum DeploymentCommandResultV1 {
2045 NotFinished,
2046 Succeeded,
2047 Failed { code: String, message: String },
2048}
2049
2050#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2054pub struct RolePhaseReceiptV1 {
2055 pub role: String,
2056 pub phase: String,
2057 pub result: RolePhaseResultV1,
2058 pub previous_module_hash: Option<String>,
2059 pub target_module_hash: Option<String>,
2060 pub observed_module_hash_after: Option<String>,
2061 pub artifact_digest: Option<String>,
2062 pub canonical_embedded_config_sha256: Option<String>,
2063 pub error: Option<String>,
2064}
2065
2066#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2070pub enum RolePhaseResultV1 {
2071 Applied,
2072 Failed,
2073 Skipped,
2074 NotAttempted,
2075 VerifiedAlreadyApplied,
2076}
2077
2078#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2082pub struct DiffItemV1 {
2083 pub category: String,
2084 pub subject: String,
2085 pub expected: Option<String>,
2086 pub observed: Option<String>,
2087 pub severity: SafetySeverityV1,
2088}
2089
2090#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2094pub struct ResumeSafetyV1 {
2095 pub status: SafetyStatusV1,
2096 pub reasons: Vec<String>,
2097}
2098
2099#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2103pub struct SafetyFindingV1 {
2104 pub code: String,
2105 pub message: String,
2106 pub severity: SafetySeverityV1,
2107 pub subject: Option<String>,
2108}
2109
2110#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2114pub enum SafetyStatusV1 {
2115 NotEvaluated,
2116 Safe,
2117 Warning,
2118 Blocked,
2119}
2120
2121#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2125pub enum SafetySeverityV1 {
2126 Info,
2127 Warning,
2128 HardFailure,
2129}
2130
2131#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2135pub enum ObservationStatusV1 {
2136 NotObserved,
2137 Observed,
2138 Missing,
2139 Inconclusive,
2140}