1use serde::{Deserialize, Serialize};
2
3#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
7pub struct DeploymentPlanV1 {
8 pub schema_version: u32,
9 pub plan_id: String,
10 pub deployment_identity: DeploymentIdentityV1,
11 pub trust_domain: TrustDomainV1,
12 pub fleet_template: String,
13 pub runtime_variant: String,
14 pub authority_profile: AuthorityProfileV1,
15 pub role_artifacts: Vec<RoleArtifactV1>,
16 pub expected_canisters: Vec<ExpectedCanisterV1>,
17 pub expected_pool: Vec<ExpectedPoolCanisterV1>,
18 pub expected_verifier_readiness: VerifierReadinessExpectationV1,
19 pub unresolved_assumptions: Vec<DeploymentAssumptionV1>,
20}
21
22#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
26pub struct DeploymentInventoryV1 {
27 pub schema_version: u32,
28 pub inventory_id: String,
29 pub observed_at: String,
30 pub observed_identity: Option<DeploymentIdentityV1>,
31 pub observed_root: Option<DeploymentRootObservationV1>,
32 pub local_config: LocalDeploymentConfigV1,
33 pub observed_canisters: Vec<ObservedCanisterV1>,
34 pub observed_pool: Vec<ObservedPoolCanisterV1>,
35 pub observed_artifacts: Vec<ObservedArtifactV1>,
36 pub observed_verifier_readiness: VerifierReadinessObservationV1,
37 pub unresolved_observations: Vec<DeploymentObservationGapV1>,
38}
39
40#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
44pub struct DeploymentRootObservationV1 {
45 pub deployment_name: String,
46 pub network: String,
47 pub fleet_template: String,
48 pub root_principal: String,
49 pub observed_canister_id: String,
50 pub observation_source: DeploymentRootObservationSourceV1,
51 pub control_class: CanisterControlClassV1,
52 pub controllers: Vec<String>,
53 pub module_hash: Option<String>,
54 pub status: Option<String>,
55 pub role_assignment_source: Option<String>,
56}
57
58#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
62pub enum DeploymentRootObservationSourceV1 {
63 IcpCanisterStatus,
64 LocalDeploymentState,
65}
66
67#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
71pub struct DeploymentReceiptV1 {
72 pub schema_version: u32,
73 pub operation_id: String,
74 pub plan_id: String,
75 pub execution_context: Option<DeploymentExecutionContextV1>,
76 pub operation_status: DeploymentExecutionStatusV1,
77 pub started_at: String,
78 pub finished_at: Option<String>,
79 pub operator_principal: Option<String>,
80 pub root_principal: Option<String>,
81 pub previous_observed_deployment_epoch: Option<u64>,
82 pub phase_receipts: Vec<PhaseReceiptV1>,
83 pub role_phase_receipts: Vec<RolePhaseReceiptV1>,
84 pub final_inventory_id: Option<String>,
85 pub command_result: DeploymentCommandResultV1,
86}
87
88#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
92pub struct DeploymentExecutionContextV1 {
93 pub workspace_root: Option<String>,
94 pub icp_root: Option<String>,
95 pub artifact_roots: Vec<String>,
96 pub backend: DeploymentExecutorBackendV1,
97 pub backend_capabilities: Vec<DeploymentExecutorCapabilityV1>,
98}
99
100#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
104pub struct DeploymentExecutionPreflightV1 {
105 pub schema_version: u32,
106 pub plan_id: String,
107 pub safety_report_id: String,
108 pub authority_plan_id: String,
109 pub backend: DeploymentExecutorBackendV1,
110 pub status: DeploymentExecutionPreflightStatusV1,
111 pub planned_phases: Vec<String>,
112 pub required_capabilities: Vec<DeploymentExecutorCapabilityV1>,
113 pub missing_capabilities: Vec<DeploymentExecutorCapabilityV1>,
114 pub blockers: Vec<SafetyFindingV1>,
115}
116
117#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
121pub enum DeploymentExecutionPreflightStatusV1 {
122 Ready,
123 Blocked,
124}
125
126#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
130pub enum DeploymentExecutorBackendV1 {
131 CurrentCli,
132 PocketIc,
133 DirectAgent,
134 Other { name: String },
135}
136
137#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
141pub enum DeploymentExecutorCapabilityV1 {
142 CreateCanister,
143 CanisterStatus,
144 UpdateSettings,
145 InstallCode,
146 Call,
147 Query,
148 StageArtifact,
149}
150
151#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
155pub enum ArtifactTransportV1 {
156 LocalCli,
157 WasmStore,
158 DirectAgent,
159}
160
161#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
165pub struct StagingReceiptV1 {
166 pub schema_version: u32,
167 pub role: String,
168 pub artifact_identity: String,
169 pub transport: ArtifactTransportV1,
170 pub wasm_store_locator: Option<String>,
171 pub prepared_chunk_hashes: Vec<String>,
172 pub published_chunk_count: usize,
173 pub verified_postcondition: VerifiedPostconditionV1,
174}
175
176#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
180pub struct RoleArtifactSourceV1 {
181 pub role: String,
182 pub kind: RoleArtifactSourceKindV1,
183 pub locator: Option<String>,
184 pub previous_receipt_kind: Option<PreviousArtifactReceiptKindV1>,
185 pub previous_receipt_lineage_digest: Option<String>,
186 pub expected_wasm_sha256: Option<String>,
187 pub expected_wasm_gz_sha256: Option<String>,
188 pub expected_candid_sha256: Option<String>,
189 pub expected_canonical_embedded_config_sha256: Option<String>,
190}
191
192#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
196pub struct RolePromotionInputV1 {
197 pub role: String,
198 pub promotion_level: PromotionArtifactLevelV1,
199 pub source: RoleArtifactSourceV1,
200 pub require_byte_identical_wasm: bool,
201 pub require_target_embedded_config: bool,
202 pub target_store_has_artifact: Option<bool>,
203}
204
205#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
209pub struct RolePromotionPolicyV1 {
210 pub role: String,
211 pub allowed_promotion_levels: Vec<PromotionArtifactLevelV1>,
212 pub requirements: Vec<PromotionPolicyRequirementV1>,
213}
214
215#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
219pub enum PromotionPolicyRequirementV1 {
220 SameSourceRevision,
221 SameCargoFeatures,
222 TargetConfigDigest,
223 ByteIdenticalWasm,
224 SealedBytes,
225}
226
227#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
231pub enum PromotionPolicyClaimV1 {
232 ByteIdenticalWasm,
233 TargetConfigDigest,
234}
235
236#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
240pub struct PromotionPolicyCheckV1 {
241 pub schema_version: u32,
242 pub check_id: String,
243 pub promotion_policy_check_digest: String,
244 pub status: PromotionReadinessStatusV1,
245 pub roles: Vec<RolePromotionPolicyDecisionV1>,
246 pub blockers: Vec<SafetyFindingV1>,
247}
248
249#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
253pub struct RolePromotionPolicyDecisionV1 {
254 pub role: String,
255 pub requested_promotion_level: PromotionArtifactLevelV1,
256 pub allowed_promotion_levels: Vec<PromotionArtifactLevelV1>,
257 pub requirements: Vec<PromotionPolicyRequirementV1>,
258 pub claims: Vec<PromotionPolicyClaimV1>,
259 pub level_allowed: bool,
260 pub policy_satisfied: bool,
261}
262
263#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
267pub enum PromotionArtifactLevelV1 {
268 SealedWasm,
269 SourceBuild,
270}
271
272#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
276pub struct BuildRecipeIdentityV1 {
277 pub recipe_id: String,
278 pub source_kind: RoleArtifactSourceKindV1,
279 pub source_revision: String,
280 pub source_tree_clean: bool,
281 pub package_or_role_selector: String,
282 pub cargo_profile: String,
283 pub cargo_features_digest: String,
284 pub cargo_lock_digest: String,
285 pub rust_toolchain: String,
286 pub builder_version: String,
287 pub target_triple: String,
288 pub linker_identity: String,
289 pub deterministic_build_mode: String,
290 pub wasm_opt_version: String,
291 pub compression_identity: String,
292}
293
294#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
298pub struct BuildMaterializationInputV1 {
299 pub materialization_input_id: String,
300 pub build_recipe_id: String,
301 pub canonical_embedded_config_sha256: String,
302 pub network: String,
303 pub root_trust_anchor: String,
304 pub runtime_variant: String,
305}
306
307#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
311pub struct BuildMaterializationResultV1 {
312 pub materialization_result_id: String,
313 pub build_recipe_id: String,
314 pub materialization_input_digest: String,
315 pub wasm_sha256: String,
316 pub wasm_gz_sha256: String,
317 pub installed_module_hash: String,
318 pub candid_sha256: String,
319}
320
321#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
325pub struct BuildMaterializationEvidenceV1 {
326 pub schema_version: u32,
327 pub evidence_id: String,
328 pub materialization_evidence_digest: String,
329 pub recipe: BuildRecipeIdentityV1,
330 pub materialization_input: BuildMaterializationInputV1,
331 pub materialization_result: BuildMaterializationResultV1,
332 pub computed_materialization_input_digest: String,
333 pub recipe_id_matches_input: bool,
334 pub recipe_id_matches_result: bool,
335 pub materialization_input_digest_matches_result: bool,
336}
337
338#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
342pub struct PromotionMaterializationIdentityReportV1 {
343 pub schema_version: u32,
344 pub report_id: String,
345 pub materialization_identity_report_digest: String,
346 pub status: PromotionReadinessStatusV1,
347 pub roles: Vec<RolePromotionMaterializationIdentityV1>,
348 pub output_groups: Vec<PromotionMaterializationOutputGroupV1>,
349 pub blockers: Vec<SafetyFindingV1>,
350}
351
352#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
356pub struct RolePromotionMaterializationIdentityV1 {
357 pub role: String,
358 pub evidence_id: String,
359 pub materialization_evidence_digest: String,
360 pub recipe_id: String,
361 pub materialization_input_id: String,
362 pub materialization_result_id: String,
363 pub materialization_input_digest: String,
364 pub canonical_embedded_config_sha256: String,
365 pub network: String,
366 pub root_trust_anchor: String,
367 pub runtime_variant: String,
368 pub wasm_sha256: String,
369 pub wasm_gz_sha256: String,
370 pub installed_module_hash: String,
371 pub candid_sha256: String,
372}
373
374#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
378pub struct PromotionMaterializationOutputGroupV1 {
379 pub output_identity_key: String,
380 pub roles: Vec<String>,
381 pub wasm_sha256: String,
382 pub wasm_gz_sha256: String,
383 pub installed_module_hash: String,
384 pub candid_sha256: String,
385}
386
387#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
391pub struct PromotionArtifactIdentityReportV1 {
392 pub schema_version: u32,
393 pub report_id: String,
394 pub artifact_identity_report_digest: String,
395 pub status: PromotionReadinessStatusV1,
396 pub summary: PromotionArtifactIdentitySummaryV1,
397 pub roles: Vec<RolePromotionArtifactIdentityV1>,
398 pub identity_groups: Vec<PromotionArtifactIdentityGroupV1>,
399 pub blockers: Vec<SafetyFindingV1>,
400}
401
402#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
406pub struct PromotionArtifactIdentitySummaryV1 {
407 pub role_count: usize,
408 pub identity_group_count: usize,
409 pub shared_identity_group_count: usize,
410 pub digest_pinned_role_count: usize,
411 pub source_build_role_count: usize,
412 pub deferred_identity_role_count: usize,
413}
414
415#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
419pub struct PromotionWasmStoreIdentityReportV1 {
420 pub schema_version: u32,
421 pub report_id: String,
422 pub wasm_store_identity_report_digest: String,
423 pub status: PromotionReadinessStatusV1,
424 pub roles: Vec<RolePromotionWasmStoreIdentityV1>,
425 pub blockers: Vec<SafetyFindingV1>,
426}
427
428#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
432pub struct RolePromotionWasmStoreIdentityV1 {
433 pub role: String,
434 pub artifact_identity: String,
435 pub transport: ArtifactTransportV1,
436 pub wasm_store_locator: Option<String>,
437 pub prepared_chunk_hashes: Vec<String>,
438 pub published_chunk_count: usize,
439 pub verified_postcondition: VerifiedPostconditionV1,
440}
441
442#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
446pub struct PromotionWasmStoreCatalogEntryV1 {
447 pub locator: String,
448 pub artifact_identity: String,
449 pub published_chunk_count: usize,
450}
451
452#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
456pub struct PromotionWasmStoreCatalogVerificationV1 {
457 pub schema_version: u32,
458 pub verification_id: String,
459 pub wasm_store_catalog_verification_digest: String,
460 pub wasm_store_identity_report_id: String,
461 pub status: PromotionReadinessStatusV1,
462 pub roles: Vec<RolePromotionWasmStoreCatalogVerificationV1>,
463 pub blockers: Vec<SafetyFindingV1>,
464}
465
466#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
470pub struct RolePromotionWasmStoreCatalogVerificationV1 {
471 pub role: String,
472 pub wasm_store_locator: String,
473 pub expected_artifact_identity: String,
474 pub observed_artifact_identity: Option<String>,
475 pub expected_published_chunk_count: usize,
476 pub observed_published_chunk_count: Option<usize>,
477 pub catalog_entry_present: bool,
478 pub catalog_matches: bool,
479 pub catalog_observation_digest: String,
480}
481
482#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
486pub struct PromotionArtifactIdentityGroupV1 {
487 pub identity_key: String,
488 pub identity_kind: PromotionArtifactIdentityKindV1,
489 pub roles: Vec<String>,
490 pub source_kinds: Vec<RoleArtifactSourceKindV1>,
491 pub source_locators: Vec<String>,
492 pub digest_pinned: bool,
493 pub wasm_sha256: Option<String>,
494 pub wasm_gz_sha256: Option<String>,
495 pub candid_sha256: Option<String>,
496 pub canonical_embedded_config_sha256: Option<String>,
497}
498
499#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
503pub struct RolePromotionArtifactIdentityV1 {
504 pub role: String,
505 pub promotion_level: PromotionArtifactLevelV1,
506 pub source_kind: RoleArtifactSourceKindV1,
507 pub source_locator: Option<String>,
508 pub identity_kind: PromotionArtifactIdentityKindV1,
509 pub digest_pinned: bool,
510 pub wasm_sha256: Option<String>,
511 pub wasm_gz_sha256: Option<String>,
512 pub candid_sha256: Option<String>,
513 pub canonical_embedded_config_sha256: Option<String>,
514}
515
516#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
520pub enum PromotionArtifactIdentityKindV1 {
521 SealedWasm,
522 SealedCompressedWasm,
523 SealedWasmAndCompressedWasm,
524 SourceBuild,
525 Deferred,
526}
527
528#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
532pub struct PromotionReadinessV1 {
533 pub schema_version: u32,
534 pub readiness_id: String,
535 pub promotion_readiness_digest: String,
536 pub target_plan_id: String,
537 pub status: PromotionReadinessStatusV1,
538 pub roles: Vec<RolePromotionReadinessV1>,
539 pub blockers: Vec<SafetyFindingV1>,
540 pub warnings: Vec<SafetyFindingV1>,
541}
542
543#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
547pub struct PromotionPlanTransformV1 {
548 pub schema_version: u32,
549 pub transform_id: String,
550 pub target_plan_id: String,
551 pub promoted_plan_id: String,
552 pub promotion_plan_lineage_digest: String,
553 pub promoted_plan: DeploymentPlanV1,
554 pub roles: Vec<RolePromotionPlanTransformV1>,
555}
556
557#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
561pub struct ArtifactPromotionPlanV1 {
562 pub schema_version: u32,
563 pub plan_id: String,
564 pub artifact_promotion_plan_digest: String,
565 pub generated_at: String,
566 pub status: PromotionReadinessStatusV1,
567 pub target_plan_id: String,
568 pub promoted_plan_id: String,
569 pub promotion_plan_lineage_digest: String,
570 pub readiness: PromotionReadinessV1,
571 pub artifact_identity_report: PromotionArtifactIdentityReportV1,
572 pub transform: PromotionPlanTransformV1,
573 pub target_execution_lineage: Option<PromotionTargetExecutionLineageV1>,
574 pub blockers: Vec<SafetyFindingV1>,
575}
576
577#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
581pub struct ArtifactPromotionProvenanceReportV1 {
582 pub schema_version: u32,
583 pub report_id: String,
584 pub status: PromotionReadinessStatusV1,
585 pub artifact_promotion_plan_id: String,
586 pub artifact_promotion_plan_digest: String,
587 pub target_plan_id: String,
588 pub promoted_plan_id: String,
589 pub promotion_plan_lineage_digest: String,
590 pub provenance_report_digest: String,
591 pub readiness_id: String,
592 pub artifact_identity_report_id: String,
593 pub transform_id: String,
594 pub target_execution_lineage_id: Option<String>,
595 pub wasm_store_identity_report_id: Option<String>,
596 pub wasm_store_identity_report_digest: Option<String>,
597 pub wasm_store_catalog_verification_id: Option<String>,
598 pub wasm_store_catalog_verification_digest: Option<String>,
599 pub materialization_identity_report_id: Option<String>,
600 pub materialization_identity_report_digest: Option<String>,
601 pub execution_attempted: bool,
602 pub roles: Vec<RolePromotionProvenanceV1>,
603 pub blockers: Vec<SafetyFindingV1>,
604}
605
606#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
610pub struct ArtifactPromotionExecutionReceiptV1 {
611 pub schema_version: u32,
612 pub receipt_id: String,
613 pub execution_receipt_digest: String,
614 pub artifact_promotion_plan_id: String,
615 pub artifact_promotion_plan_digest: String,
616 pub provenance_report_id: String,
617 pub provenance_report_digest: String,
618 pub provenance_status: PromotionReadinessStatusV1,
619 pub promoted_plan_id: String,
620 pub promotion_plan_lineage_digest: String,
621 pub operation_id: String,
622 pub operation_status: DeploymentExecutionStatusV1,
623 pub command_result: DeploymentCommandResultV1,
624 pub started_at: String,
625 pub finished_at: Option<String>,
626 pub deployment_receipt: DeploymentReceiptV1,
627 pub roles: Vec<RolePromotionExecutionReceiptV1>,
628}
629
630#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
634pub struct RolePromotionExecutionReceiptV1 {
635 pub role: String,
636 pub promotion_level: PromotionArtifactLevelV1,
637 pub materialization_evidence_id: Option<String>,
638 pub materialization_evidence_digest: Option<String>,
639 pub wasm_store_locator: Option<String>,
640 pub wasm_store_catalog_observation_digest: Option<String>,
641 pub role_phase_result: Option<RolePhaseResultV1>,
642 pub artifact_digest: Option<String>,
643 pub observed_module_hash_after: Option<String>,
644 pub canonical_embedded_config_sha256: Option<String>,
645}
646
647#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
651pub struct RolePromotionProvenanceV1 {
652 pub role: String,
653 pub promotion_level: PromotionArtifactLevelV1,
654 pub source_kind: RoleArtifactSourceKindV1,
655 pub artifact_identity_changed: bool,
656 pub embedded_config_changed: bool,
657 pub target_materialization_preserved: bool,
658 pub materialization_evidence_id: Option<String>,
659 pub materialization_evidence_digest: Option<String>,
660 pub wasm_store_locator: Option<String>,
661 pub wasm_store_catalog_observation_digest: Option<String>,
662}
663
664#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
668pub struct PromotionPlanTransformEvidenceV1 {
669 pub schema_version: u32,
670 pub evidence_id: String,
671 pub promotion_plan_transform_evidence_digest: String,
672 pub generated_at: String,
673 pub transform: PromotionPlanTransformV1,
674}
675
676#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
680pub struct PromotionTargetExecutionLineageV1 {
681 pub schema_version: u32,
682 pub lineage_id: String,
683 pub generated_at: String,
684 pub target_execution_lineage_digest: String,
685 pub transform: PromotionPlanTransformV1,
686 pub execution_preflight: DeploymentExecutionPreflightV1,
687 pub execution_attempted: bool,
688}
689
690#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
694pub struct RolePromotionPlanTransformV1 {
695 pub role: String,
696 pub promotion_level: PromotionArtifactLevelV1,
697 pub source_kind: RoleArtifactSourceKindV1,
698 pub source_locator: Option<String>,
699 pub artifact_source_before: ArtifactSourceV1,
700 pub artifact_source_after: ArtifactSourceV1,
701 pub wasm_sha256_before: Option<String>,
702 pub wasm_sha256_after: Option<String>,
703 pub wasm_gz_sha256_before: Option<String>,
704 pub wasm_gz_sha256_after: Option<String>,
705 pub candid_sha256_before: Option<String>,
706 pub candid_sha256_after: Option<String>,
707 pub canonical_embedded_config_sha256_before: Option<String>,
708 pub canonical_embedded_config_sha256_after: Option<String>,
709 pub artifact_identity_changed: bool,
710 pub embedded_config_changed: bool,
711 pub target_materialization_preserved: bool,
712 pub source_build_materialization: Option<RolePromotionMaterializationLinkV1>,
713}
714
715#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
719pub struct RolePromotionMaterializationLinkV1 {
720 pub role: String,
721 pub evidence_id: String,
722 pub materialization_evidence_digest: String,
723 pub recipe_id: String,
724 pub materialization_input_id: String,
725 pub materialization_result_id: String,
726 pub materialization_input_digest: String,
727 pub wasm_sha256: String,
728 pub wasm_gz_sha256: String,
729 pub installed_module_hash: String,
730 pub candid_sha256: String,
731}
732
733#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
737pub enum PromotionReadinessStatusV1 {
738 Ready,
739 Blocked,
740}
741
742#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
746pub struct RolePromotionReadinessV1 {
747 pub role: String,
748 pub promotion_level: PromotionArtifactLevelV1,
749 pub source_kind: RoleArtifactSourceKindV1,
750 pub source_locator: Option<String>,
751 pub source_wasm_sha256: Option<String>,
752 pub source_wasm_gz_sha256: Option<String>,
753 pub target_wasm_sha256: Option<String>,
754 pub target_wasm_gz_sha256: Option<String>,
755 pub source_canonical_embedded_config_sha256: Option<String>,
756 pub target_canonical_embedded_config_sha256: Option<String>,
757 pub byte_identical_wasm: Option<bool>,
758 pub embedded_config_identical: Option<bool>,
759 pub target_store_has_artifact: Option<bool>,
760 pub restage_required: bool,
761}
762
763#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
767pub enum RoleArtifactSourceKindV1 {
768 WorkspacePackage,
769 PublishedPackage,
770 LocalWasm,
771 LocalWasmGz,
772 PreviousReceiptArtifact,
773 CanonicalWasmStoreDefault,
774}
775
776#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
780pub enum PreviousArtifactReceiptKindV1 {
781 DeploymentReceipt,
782 StagingReceipt,
783}
784
785#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
789pub struct AuthorityReceiptV1 {
790 pub schema_version: u32,
791 pub operation_id: String,
792 pub check_id: Option<String>,
793 pub reconciliation_plan_id: String,
794 pub authority_report_id: String,
795 pub inventory_id: String,
796 pub authority_profile_hash: Option<String>,
797 pub operation_status: DeploymentExecutionStatusV1,
798 pub started_at: String,
799 pub finished_at: Option<String>,
800 pub attempted_actions: Vec<AuthorityAttemptedActionV1>,
801 pub verified_controller_observations: Vec<AuthorityControllerObservationV1>,
802 pub hard_failures: Vec<SafetyFindingV1>,
803 pub unresolved_observation_gaps: Vec<DeploymentObservationGapV1>,
804 pub unresolved_external_actions: Vec<AuthorityExternalActionV1>,
805 pub command_result: DeploymentCommandResultV1,
806}
807
808#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
812pub struct AuthorityDryRunEvidenceV1 {
813 pub schema_version: u32,
814 pub evidence_id: String,
815 pub check_id: String,
816 pub generated_at: String,
817 pub reconciliation_plan: AuthorityReconciliationPlanV1,
818 pub authority_report: AuthorityReportV1,
819 pub authority_receipt: AuthorityReceiptV1,
820}
821
822#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
826pub struct AuthorityAttemptedActionV1 {
827 pub subject: String,
828 pub canister_id: Option<String>,
829 pub role: Option<String>,
830 pub action: AuthorityActionV1,
831 pub result: RolePhaseResultV1,
832 pub error: Option<String>,
833}
834
835#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
839pub struct AuthorityControllerObservationV1 {
840 pub subject: String,
841 pub canister_id: Option<String>,
842 pub role: Option<String>,
843 pub state: AuthorityReconciliationStateV1,
844 pub action: AuthorityActionV1,
845 pub observed_controllers: Vec<String>,
846 pub desired_controllers: Vec<String>,
847 pub controller_delta: AuthorityControllerDeltaV1,
848}
849
850#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
854pub struct RoleArtifactManifestV1 {
855 pub schema_version: u32,
856 pub manifest_id: String,
857 pub network: String,
858 pub artifact_root: Option<String>,
859 pub role_artifacts: Vec<RoleArtifactV1>,
860 pub unresolved_artifacts: Vec<DeploymentObservationGapV1>,
861}
862
863#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
867pub struct DeploymentDiffV1 {
868 pub schema_version: u32,
869 pub plan_identity: DeploymentIdentityV1,
870 pub observed_identity: Option<DeploymentIdentityV1>,
871 pub artifact_diff: Vec<DiffItemV1>,
872 pub controller_diff: Vec<DiffItemV1>,
873 pub pool_diff: Vec<DiffItemV1>,
874 pub embedded_config_diff: Vec<DiffItemV1>,
875 pub module_hash_diff: Vec<DiffItemV1>,
876 pub verifier_readiness_diff: Vec<DiffItemV1>,
877 pub resume_safety: ResumeSafetyV1,
878 pub hard_failures: Vec<SafetyFindingV1>,
879 pub warnings: Vec<SafetyFindingV1>,
880 pub resumable_phases: Vec<String>,
881}
882
883#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
887pub struct SafetyReportV1 {
888 pub schema_version: u32,
889 pub report_id: String,
890 pub diff_id: Option<String>,
891 pub status: SafetyStatusV1,
892 pub summary: String,
893 pub hard_failures: Vec<SafetyFindingV1>,
894 pub warnings: Vec<SafetyFindingV1>,
895 pub next_actions: Vec<String>,
896}
897
898#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
902pub struct DeploymentCheckV1 {
903 pub schema_version: u32,
904 pub check_id: String,
905 pub plan: DeploymentPlanV1,
906 pub inventory: DeploymentInventoryV1,
907 pub diff: DeploymentDiffV1,
908 pub report: SafetyReportV1,
909}
910
911#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
915pub struct DeploymentRootVerificationRequestV1 {
916 pub report_id: String,
917 pub requested_at: String,
918 pub deployment_name: String,
919 pub network: String,
920 pub expected_fleet_template: String,
921 pub expected_root_principal: String,
922 pub current_root_verification: DeploymentRootVerificationStateV1,
923 pub source: DeploymentRootVerificationSourceV1,
924 pub deployment_check: DeploymentCheckV1,
925}
926
927#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
931pub struct DeploymentRootVerificationReportV1 {
932 pub schema_version: u32,
933 pub report_id: String,
934 pub report_digest: String,
935 pub requested_at: String,
936 pub evidence_status: DeploymentRootVerificationEvidenceStatusV1,
937 pub state_transition: DeploymentRootVerificationStateTransitionV1,
938 pub deployment_name: String,
939 pub network: String,
940 pub expected_fleet_template: String,
941 pub expected_root_principal: String,
942 pub observed_deployment_name: Option<String>,
943 pub observed_network: Option<String>,
944 pub observed_fleet_template: Option<String>,
945 pub observed_root_principal: Option<String>,
946 pub source: DeploymentRootVerificationSourceV1,
947 pub source_check_id: String,
948 pub source_check_digest: String,
949 pub source_deployment_plan_id: String,
950 pub source_deployment_plan_digest: String,
951 pub source_inventory_id: String,
952 pub source_inventory_digest: String,
953 pub current_root_verification: DeploymentRootVerificationStateV1,
954 pub identity_checks: Vec<DeploymentRootVerificationCheckV1>,
955 pub evidence_checks: Vec<DeploymentRootVerificationCheckV1>,
956 pub blockers: Vec<SafetyFindingV1>,
957 pub warnings: Vec<SafetyFindingV1>,
958 pub recommended_next_actions: Vec<String>,
959}
960
961#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
965pub struct DeploymentRootVerificationCheckV1 {
966 pub name: String,
967 pub expected: Option<String>,
968 pub observed: Option<String>,
969 pub satisfied: bool,
970}
971
972#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
976pub enum DeploymentRootVerificationSourceV1 {
977 DeploymentTruthCheck,
978}
979
980#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
984pub enum DeploymentRootVerificationEvidenceStatusV1 {
985 EvidenceSatisfied,
986 VerificationFailed,
987 NotApplicable,
988}
989
990#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
994pub enum DeploymentRootVerificationStateTransitionV1 {
995 NotAttempted,
996 WouldPromoteNotVerifiedToVerified,
997 PromotedNotVerifiedToVerified,
998 NoStateChange,
999 Blocked,
1000}
1001
1002#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1006pub enum DeploymentRootVerificationStateV1 {
1007 NotVerified,
1008 Verified,
1009}
1010
1011#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1015pub struct DeploymentComparisonReportV1 {
1016 pub schema_version: u32,
1017 pub report_id: String,
1018 pub report_digest: String,
1019 pub compared_at: String,
1020 pub left: DeploymentComparisonTargetV1,
1021 pub right: DeploymentComparisonTargetV1,
1022 pub status: SafetyStatusV1,
1023 pub identity_diff: Vec<DeploymentComparisonDiffV1>,
1024 pub artifact_diff: Vec<DeploymentComparisonDiffV1>,
1025 pub module_hash_diff: Vec<DeploymentComparisonDiffV1>,
1026 pub embedded_config_diff: Vec<DeploymentComparisonDiffV1>,
1027 pub authority_diff: Vec<DeploymentComparisonDiffV1>,
1028 pub pool_diff: Vec<DeploymentComparisonDiffV1>,
1029 pub verifier_readiness_diff: Vec<DeploymentComparisonDiffV1>,
1030 pub external_lifecycle_diff: Vec<DeploymentComparisonDiffV1>,
1031 pub hard_failures: Vec<SafetyFindingV1>,
1032 pub warnings: Vec<SafetyFindingV1>,
1033 pub next_actions: Vec<String>,
1034}
1035
1036#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1040pub struct DeploymentComparisonTargetV1 {
1041 pub label: String,
1042 pub check_id: String,
1043 pub check_digest: String,
1044 pub plan_id: String,
1045 pub plan_digest: String,
1046 pub inventory_id: String,
1047 pub inventory_digest: String,
1048 pub deployment_identity: DeploymentIdentityV1,
1049}
1050
1051#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1055pub struct DeploymentComparisonDiffV1 {
1056 pub category: DeploymentComparisonCategoryV1,
1057 pub subject: String,
1058 pub left: Option<String>,
1059 pub right: Option<String>,
1060 pub severity: SafetySeverityV1,
1061 pub message: String,
1062}
1063
1064#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1068pub enum DeploymentComparisonCategoryV1 {
1069 Identity,
1070 TrustDomain,
1071 Artifact,
1072 ModuleHash,
1073 EmbeddedConfig,
1074 Authority,
1075 Pool,
1076 VerifierReadiness,
1077 ExternalLifecycle,
1078}
1079
1080#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1084pub struct LifecycleAuthorityReportV1 {
1085 pub schema_version: u32,
1086 pub report_id: String,
1087 pub report_digest: String,
1088 pub check_id: String,
1089 pub plan_id: String,
1090 pub inventory_id: String,
1091 pub authorities: Vec<LifecycleAuthorityV1>,
1092 pub external_action_required_count: usize,
1093 pub blocked_count: usize,
1094}
1095
1096#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1100pub struct LifecycleAuthorityV1 {
1101 pub subject: String,
1102 pub canister_id: Option<String>,
1103 pub role: Option<String>,
1104 pub control_class: CanisterControlClassV1,
1105 pub lifecycle_mode: LifecycleModeV1,
1106 pub observed_controllers: Vec<String>,
1107 pub expected_deployment_controllers: Vec<String>,
1108 pub external_controllers: Vec<String>,
1109 pub required_controllers: Vec<String>,
1110 pub consent_requirements: Vec<ConsentRequirementV1>,
1111 pub allowed_upgrade_modes: Vec<LifecycleUpgradeModeV1>,
1112 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
1113 pub external_action_required: bool,
1114 pub blocked: bool,
1115 pub blockers: Vec<String>,
1116 pub warnings: Vec<String>,
1117 pub reason: String,
1118}
1119
1120#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1124pub enum LifecycleModeV1 {
1125 DirectDeploymentAuthority,
1126 ProposalRequired,
1127 DelegatedInstallRequired,
1128 ExternalCompletionOnly,
1129 VerifyOnly,
1130 MustNotTouch,
1131 UnknownUnsafeBlocked,
1132}
1133
1134#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1138pub enum LifecycleUpgradeModeV1 {
1139 DirectByDeploymentAuthority,
1140 ExternalProposal,
1141 ExternalExecution,
1142 VerifyExternalCompletion,
1143 ObserveOnly,
1144 Blocked,
1145}
1146
1147#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1151pub enum LifecycleVerificationRequirementV1 {
1152 LiveInventory,
1153 ControllerObservation,
1154 ModuleHash,
1155 CanonicalEmbeddedConfig,
1156 ProtectedCallReadiness,
1157}
1158
1159#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1163pub struct ConsentRequirementV1 {
1164 pub consent_subject_kind: ConsentSubjectKindV1,
1165 pub required_principals: Vec<String>,
1166 pub required_controller_set_digest: Option<String>,
1167 pub consent_channel_kind: ConsentChannelKindV1,
1168 pub required_action: ExternalUpgradeAuthorizationModeV1,
1169}
1170
1171#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1175pub enum ConsentSubjectKindV1 {
1176 UserPrincipal,
1177 ProjectHub,
1178 GovernanceCanister,
1179 CustomerController,
1180 DelegatedInstallCanister,
1181 MultisigAuthority,
1182 UnknownExternalController,
1183}
1184
1185#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1189pub enum ConsentChannelKindV1 {
1190 OutOfBand,
1191 GeneratedCommand,
1192 DelegatedInstall,
1193 GovernanceProposal,
1194 ApplicationSpecific,
1195}
1196
1197#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1201pub struct ExternalLifecyclePlanV1 {
1202 pub schema_version: u32,
1203 pub lifecycle_plan_id: String,
1204 pub lifecycle_plan_digest: String,
1205 pub lifecycle_authority_report_id: String,
1206 pub deployment_plan_id: String,
1207 pub deployment_plan_digest: String,
1208 pub inventory_id: String,
1209 pub lifecycle_authority_rows: Vec<LifecycleAuthorityV1>,
1210 pub directly_executable_role_upgrades: Vec<ExternalLifecycleRoleUpgradeV1>,
1211 pub proposed_external_role_upgrades: Vec<ExternalLifecycleRoleUpgradeV1>,
1212 pub blocked_role_upgrades: Vec<ExternalLifecycleRoleUpgradeV1>,
1213 pub dependency_blockers: Vec<String>,
1214 pub protected_call_implications: Vec<String>,
1215 pub residual_exposure: Vec<String>,
1216 pub status: ExternalLifecyclePlanStatusV1,
1217}
1218
1219#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1223pub struct ExternalLifecycleRoleUpgradeV1 {
1224 pub subject: String,
1225 pub canister_id: Option<String>,
1226 pub role: Option<String>,
1227 pub control_class: CanisterControlClassV1,
1228 pub lifecycle_mode: LifecycleModeV1,
1229 pub required_external_action: Option<String>,
1230 pub blockers: Vec<String>,
1231 pub warnings: Vec<String>,
1232}
1233
1234#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1238pub enum ExternalLifecyclePlanStatusV1 {
1239 Ready,
1240 PendingExternalAction,
1241 Blocked,
1242}
1243
1244#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1248pub struct ExternalUpgradeProposalReportV1 {
1249 pub schema_version: u32,
1250 pub report_id: String,
1251 pub report_digest: String,
1252 pub lifecycle_plan_id: String,
1253 pub lifecycle_plan_digest: String,
1254 pub deployment_plan_id: String,
1255 pub deployment_plan_digest: String,
1256 pub inventory_id: String,
1257 pub proposals: Vec<ExternalUpgradeProposalV1>,
1258 pub blocked_subjects: Vec<String>,
1259}
1260
1261#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1265pub struct ExternalLifecyclePendingReportV1 {
1266 pub schema_version: u32,
1267 pub report_id: String,
1268 pub report_digest: String,
1269 pub lifecycle_plan_id: String,
1270 pub lifecycle_plan_digest: String,
1271 pub proposal_report_id: String,
1272 pub proposal_report_digest: String,
1273 pub deployment_plan_id: String,
1274 pub deployment_plan_digest: String,
1275 pub inventory_id: String,
1276 pub direct_upgrade_count: usize,
1277 pub pending_external_count: usize,
1278 pub blocked_count: usize,
1279 pub pending_external_actions: Vec<ExternalLifecyclePendingActionV1>,
1280 pub blocked_subjects: Vec<String>,
1281 pub residual_exposure: Vec<String>,
1282 pub status: ExternalLifecyclePlanStatusV1,
1283}
1284
1285#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1289pub struct ExternalLifecycleCheckV1 {
1290 pub schema_version: u32,
1291 pub check_id: String,
1292 pub check_digest: String,
1293 pub lifecycle_plan_id: String,
1294 pub lifecycle_plan_digest: String,
1295 pub proposal_report_id: String,
1296 pub proposal_report_digest: String,
1297 pub pending_report_id: String,
1298 pub pending_report_digest: String,
1299 pub deployment_plan_id: String,
1300 pub deployment_plan_digest: String,
1301 pub inventory_id: String,
1302 pub status: ExternalLifecyclePlanStatusV1,
1303 pub direct_upgrade_count: usize,
1304 pub pending_external_count: usize,
1305 pub blocked_count: usize,
1306 pub residual_exposure_count: usize,
1307 pub summary: String,
1308 pub next_actions: Vec<String>,
1309}
1310
1311#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1315pub struct ExternalLifecycleHandoffV1 {
1316 pub schema_version: u32,
1317 pub handoff_id: String,
1318 pub handoff_digest: String,
1319 pub lifecycle_check_id: String,
1320 pub lifecycle_check_digest: String,
1321 pub pending_report_id: String,
1322 pub pending_report_digest: String,
1323 pub proposal_report_id: String,
1324 pub proposal_report_digest: String,
1325 pub deployment_plan_id: String,
1326 pub deployment_plan_digest: String,
1327 pub inventory_id: String,
1328 pub status: ExternalLifecyclePlanStatusV1,
1329 pub handoff_actions: Vec<ExternalLifecycleHandoffActionV1>,
1330 pub blocked_subjects: Vec<String>,
1331 pub residual_exposure: Vec<String>,
1332 pub operator_summary: String,
1333}
1334
1335#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1339pub struct ExternalLifecycleHandoffActionV1 {
1340 pub subject: String,
1341 pub proposal_id: String,
1342 pub proposal_digest: String,
1343 pub canister_id: Option<String>,
1344 pub role: Option<String>,
1345 pub control_class: CanisterControlClassV1,
1346 pub lifecycle_mode: LifecycleModeV1,
1347 pub required_external_action: String,
1348 pub consent_channel_kind: ConsentChannelKindV1,
1349 pub consent_subject_kind: ConsentSubjectKindV1,
1350 pub required_principals: Vec<String>,
1351 pub current_module_hash: Option<String>,
1352 pub target_installed_module_hash: Option<String>,
1353 pub target_canonical_embedded_config_sha256: Option<String>,
1354 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
1355 pub operator_instructions: Vec<String>,
1356}
1357
1358#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1362pub struct ExternalLifecyclePendingActionV1 {
1363 pub subject: String,
1364 pub proposal_id: String,
1365 pub proposal_digest: String,
1366 pub canister_id: Option<String>,
1367 pub role: Option<String>,
1368 pub control_class: CanisterControlClassV1,
1369 pub lifecycle_mode: LifecycleModeV1,
1370 pub required_external_action: String,
1371 pub consent_requirements: Vec<ConsentRequirementV1>,
1372 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
1373}
1374
1375#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1379pub struct CriticalExternalFixReportV1 {
1380 pub schema_version: u32,
1381 pub report_id: String,
1382 pub report_digest: String,
1383 pub fix_id: String,
1384 pub severity: String,
1385 pub lifecycle_plan_id: String,
1386 pub lifecycle_plan_digest: String,
1387 pub pending_report_id: String,
1388 pub pending_report_digest: String,
1389 pub deployment_plan_id: String,
1390 pub deployment_plan_digest: String,
1391 pub inventory_id: String,
1392 pub affected_roles: Vec<String>,
1393 pub affected_canisters: Vec<String>,
1394 pub directly_patchable_roles: Vec<String>,
1395 pub externally_blocked_roles: Vec<String>,
1396 pub dependency_blocked_roles: Vec<String>,
1397 pub required_external_actions: Vec<String>,
1398 pub protected_call_implications: Vec<String>,
1399 pub residual_exposure: Vec<String>,
1400 pub operator_next_steps: Vec<String>,
1401}
1402
1403#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1407pub struct ExternalUpgradeProposalV1 {
1408 pub proposal_id: String,
1409 pub proposal_digest: String,
1410 pub deployment_plan_id: String,
1411 pub deployment_plan_digest: String,
1412 pub lifecycle_plan_id: String,
1413 pub lifecycle_plan_digest: String,
1414 pub promotion_plan_id: Option<String>,
1415 pub promotion_plan_digest: Option<String>,
1416 pub promotion_provenance_id: Option<String>,
1417 pub promotion_provenance_digest: Option<String>,
1418 pub subject: String,
1419 pub canister_id: Option<String>,
1420 pub role: Option<String>,
1421 pub control_class: CanisterControlClassV1,
1422 pub lifecycle_mode: LifecycleModeV1,
1423 pub observed_before_digest: String,
1424 pub current_module_hash: Option<String>,
1425 pub current_canonical_embedded_config_sha256: Option<String>,
1426 pub target_wasm_sha256: Option<String>,
1427 pub target_wasm_gz_sha256: Option<String>,
1428 pub target_installed_module_hash: Option<String>,
1429 pub target_role_artifact_identity: Option<String>,
1430 pub target_canonical_embedded_config_sha256: Option<String>,
1431 pub root_trust_anchor: Option<String>,
1432 pub authority_profile_hash: Option<String>,
1433 pub required_external_action: String,
1434 pub consent_requirements: Vec<ConsentRequirementV1>,
1435 pub allowed_authorization_modes: Vec<ExternalUpgradeAuthorizationModeV1>,
1436 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
1437 pub expires_at: Option<String>,
1438 pub supersedes_proposal_id: Option<String>,
1439}
1440
1441#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1445pub enum ExternalUpgradeAuthorizationModeV1 {
1446 ConsentForDirectInstall,
1447 DelegatedInstallAuthority,
1448 ExternalControllerExecution,
1449 ObserveAndVerifyOnly,
1450}
1451
1452#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1456pub struct ExternalUpgradeReceiptV1 {
1457 pub schema_version: u32,
1458 pub receipt_id: String,
1459 pub proposal_id: String,
1460 pub proposal_digest: String,
1461 pub subject: String,
1462 pub canister_id: Option<String>,
1463 pub role: Option<String>,
1464 pub consent_state: ExternalUpgradeConsentStateV1,
1465 pub reported_by: Option<String>,
1466 pub observed_before_module_hash: Option<String>,
1467 pub observed_after_module_hash: Option<String>,
1468 pub observed_after_canonical_embedded_config_sha256: Option<String>,
1469 pub verification_result: ExternalUpgradeVerificationResultV1,
1470 pub verification_notes: Vec<String>,
1471 pub receipt_digest: String,
1472}
1473
1474#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1478pub struct ExternalUpgradeConsentEvidenceV1 {
1479 pub schema_version: u32,
1480 pub evidence_id: String,
1481 pub evidence_digest: String,
1482 pub proposal_id: String,
1483 pub proposal_digest: String,
1484 pub receipt_id: String,
1485 pub receipt_digest: String,
1486 pub subject: String,
1487 pub canister_id: Option<String>,
1488 pub role: Option<String>,
1489 pub consent_state: ExternalUpgradeConsentStateV1,
1490 pub reported_by: Option<String>,
1491 pub consent_requirements: Vec<ConsentRequirementV1>,
1492 pub allowed_authorization_modes: Vec<ExternalUpgradeAuthorizationModeV1>,
1493 pub status_summary: String,
1494}
1495
1496#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1500pub struct ExternalUpgradeConsentEvidenceRequest {
1501 pub evidence_id: String,
1502 pub proposal: ExternalUpgradeProposalV1,
1503 pub receipt: ExternalUpgradeReceiptV1,
1504}
1505
1506#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1510pub struct ExternalUpgradeVerificationReportV1 {
1511 pub schema_version: u32,
1512 pub report_id: String,
1513 pub report_digest: String,
1514 pub proposal_id: String,
1515 pub proposal_digest: String,
1516 pub receipt_id: String,
1517 pub receipt_digest: String,
1518 pub subject: String,
1519 pub canister_id: Option<String>,
1520 pub role: Option<String>,
1521 pub verification_result: ExternalUpgradeVerificationResultV1,
1522 pub verification_notes: Vec<String>,
1523 pub live_inventory_required: bool,
1524 pub status_summary: String,
1525}
1526
1527#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1531pub struct ExternalUpgradeVerificationReportRequest {
1532 pub report_id: String,
1533 pub proposal: ExternalUpgradeProposalV1,
1534 pub receipt: ExternalUpgradeReceiptV1,
1535}
1536
1537#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1541pub struct ExternalUpgradeVerificationPolicyV1 {
1542 pub schema_version: u32,
1543 pub policy_id: String,
1544 pub policy_digest: String,
1545 pub proposal_id: String,
1546 pub proposal_digest: String,
1547 pub deployment_plan_id: String,
1548 pub deployment_plan_digest: String,
1549 pub subject: String,
1550 pub canister_id: Option<String>,
1551 pub role: Option<String>,
1552 pub required_verification: Vec<LifecycleVerificationRequirementV1>,
1553 pub verification_requirements: Vec<ExternalUpgradeVerificationPolicyRequirementV1>,
1554 pub max_observation_age_seconds: Option<u64>,
1555 pub status_summary: String,
1556}
1557
1558#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1562pub struct ExternalUpgradeVerificationPolicyRequirementV1 {
1563 pub requirement: LifecycleVerificationRequirementV1,
1564 pub status: ExternalUpgradeVerificationRequirementStatusV1,
1565 pub expected_value: Option<String>,
1566}
1567
1568#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1572pub enum ExternalUpgradeVerificationRequirementStatusV1 {
1573 Required,
1574 NotRequired,
1575}
1576
1577#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1581pub struct ExternalUpgradeVerificationPolicyRequest {
1582 pub policy_id: String,
1583 pub proposal: ExternalUpgradeProposalV1,
1584}
1585
1586#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1590pub struct ExternalUpgradeVerificationObservationV1 {
1591 pub source: ExternalVerificationObservationSourceV1,
1592 pub deployment_check_id: Option<String>,
1593 pub deployment_check_digest: Option<String>,
1594 pub inventory_id: Option<String>,
1595 pub observed_at: Option<String>,
1596 pub live_inventory_observed: bool,
1597 pub controller_observation_present: bool,
1598 pub observed_control_class: Option<CanisterControlClassV1>,
1599 pub observed_module_hash: Option<String>,
1600 pub observed_canonical_embedded_config_sha256: Option<String>,
1601 pub protected_call_ready: Option<bool>,
1602}
1603
1604#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1608pub enum ExternalVerificationObservationSourceV1 {
1609 SuppliedObservation,
1610 DeploymentTruthInventory,
1611}
1612
1613#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1617pub struct ExternalUpgradeVerificationCheckV1 {
1618 pub schema_version: u32,
1619 pub check_id: String,
1620 pub check_digest: String,
1621 pub policy_id: String,
1622 pub policy_digest: String,
1623 pub proposal_id: String,
1624 pub proposal_digest: String,
1625 pub subject: String,
1626 pub canister_id: Option<String>,
1627 pub role: Option<String>,
1628 pub observation: ExternalUpgradeVerificationObservationV1,
1629 pub requirement_results: Vec<ExternalUpgradeVerificationCheckRequirementV1>,
1630 pub verification_result: ExternalUpgradeVerificationResultV1,
1631 pub status_summary: String,
1632}
1633
1634#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1638pub struct ExternalUpgradeVerificationCheckRequirementV1 {
1639 pub requirement: LifecycleVerificationRequirementV1,
1640 pub status: ExternalUpgradeVerificationRequirementStatusV1,
1641 pub expected_value: Option<String>,
1642 pub observed_value: Option<String>,
1643 pub satisfied: Option<bool>,
1644}
1645
1646#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1650pub struct ExternalUpgradeVerificationCheckRequest {
1651 pub check_id: String,
1652 pub policy: ExternalUpgradeVerificationPolicyV1,
1653 pub observation: Option<ExternalUpgradeVerificationObservationV1>,
1654 pub deployment_check: Option<DeploymentCheckV1>,
1655}
1656
1657#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1661pub struct ExternalUpgradeCompletionReportV1 {
1662 pub schema_version: u32,
1663 pub report_id: String,
1664 pub report_digest: String,
1665 pub proposal_id: String,
1666 pub proposal_digest: String,
1667 pub consent_evidence_id: String,
1668 pub consent_evidence_digest: String,
1669 pub verification_check_id: String,
1670 pub verification_check_digest: String,
1671 pub subject: String,
1672 pub canister_id: Option<String>,
1673 pub role: Option<String>,
1674 pub consent_state: ExternalUpgradeConsentStateV1,
1675 pub verification_result: ExternalUpgradeVerificationResultV1,
1676 pub verification_observation_source: ExternalVerificationObservationSourceV1,
1677 pub completion_status: ExternalUpgradeCompletionStatusV1,
1678 pub blockers: Vec<String>,
1679 pub next_actions: Vec<String>,
1680 pub status_summary: String,
1681}
1682
1683#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1687pub enum ExternalUpgradeCompletionStatusV1 {
1688 AwaitingConsent,
1689 ConsentRefused,
1690 SuppliedEvidenceConsistent,
1691 AwaitingVerification,
1692 VerifiedComplete,
1693 VerificationFailed,
1694}
1695
1696#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1700pub struct ExternalUpgradeCompletionReportRequest {
1701 pub report_id: String,
1702 pub proposal: ExternalUpgradeProposalV1,
1703 pub consent_evidence: ExternalUpgradeConsentEvidenceV1,
1704 pub verification_check: ExternalUpgradeVerificationCheckV1,
1705}
1706
1707#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1711pub enum ExternalUpgradeConsentStateV1 {
1712 Pending,
1713 Refused,
1714 Delegated,
1715 ExecutedExternally,
1716}
1717
1718#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1722pub enum ExternalUpgradeVerificationResultV1 {
1723 Pending,
1724 Refused,
1725 Verified,
1726 Mismatch,
1727}
1728
1729#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1733pub struct AuthorityReconciliationPlanV1 {
1734 pub schema_version: u32,
1735 pub plan_id: String,
1736 pub inventory_id: String,
1737 pub authority_profile_hash: Option<String>,
1738 pub canister_actions: Vec<CanisterAuthorityActionV1>,
1739 pub automatic_actions: Vec<AuthorityAutomaticActionV1>,
1740 pub hard_failures: Vec<SafetyFindingV1>,
1741 pub external_actions_required: Vec<AuthorityExternalActionV1>,
1742}
1743
1744#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1748pub struct AuthorityAutomaticActionV1 {
1749 pub subject: String,
1750 pub canister_id: String,
1751 pub role: Option<String>,
1752 pub action: AuthorityActionV1,
1753 pub observed_controllers: Vec<String>,
1754 pub desired_controllers: Vec<String>,
1755 pub controller_delta: AuthorityControllerDeltaV1,
1756 pub reason: String,
1757}
1758
1759#[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)]
1763pub struct AuthorityControllerDeltaV1 {
1764 pub add_controllers: Vec<String>,
1765 pub remove_controllers: Vec<String>,
1766}
1767
1768#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1772pub struct AuthorityReportV1 {
1773 pub schema_version: u32,
1774 pub report_id: String,
1775 pub check_id: Option<String>,
1776 pub reconciliation_plan_id: String,
1777 pub inventory_id: String,
1778 pub authority_profile_hash: Option<String>,
1779 pub status: SafetyStatusV1,
1780 pub summary: String,
1781 pub counts: AuthorityReportCountsV1,
1782 pub apply_readiness: AuthorityApplyReadinessV1,
1783 pub action_counts: Vec<AuthorityActionCountV1>,
1784 pub control_class_counts: Vec<AuthorityControlClassCountV1>,
1785 pub observation_gaps: Vec<DeploymentObservationGapV1>,
1786 pub automatic_actions: Vec<AuthorityAutomaticActionV1>,
1787 pub hard_failures: Vec<SafetyFindingV1>,
1788 pub external_actions_required: Vec<AuthorityExternalActionV1>,
1789 pub next_actions: Vec<String>,
1790}
1791
1792#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1796pub struct AuthorityApplyReadinessV1 {
1797 pub can_apply_automatically: bool,
1798 pub automatic_action_count: usize,
1799 pub blockers: Vec<AuthorityApplyBlockerV1>,
1800}
1801
1802#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1806pub enum AuthorityApplyBlockerV1 {
1807 UnsafeBlocked,
1808 HardFailures,
1809 ObservationGaps,
1810 ExternalActions,
1811}
1812
1813#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1817pub struct AuthorityActionCountV1 {
1818 pub action: AuthorityActionV1,
1819 pub count: usize,
1820}
1821
1822#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1826pub struct AuthorityControlClassCountV1 {
1827 pub control_class: CanisterControlClassV1,
1828 pub count: usize,
1829}
1830
1831#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1835pub struct AuthorityReportCountsV1 {
1836 pub already_correct: usize,
1837 pub can_apply_automatically: usize,
1838 pub requires_external_action: usize,
1839 pub unsafe_blocked: usize,
1840 pub unknown: usize,
1841 pub hard_failures: usize,
1842}
1843
1844#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1848pub struct CanisterAuthorityActionV1 {
1849 pub canister_id: Option<String>,
1850 pub role: Option<String>,
1851 pub control_classification: CanisterControlClassV1,
1852 pub observed_controllers: Vec<String>,
1853 pub desired_controllers: Vec<String>,
1854 pub controller_delta: AuthorityControllerDeltaV1,
1855 pub action: AuthorityActionV1,
1856 pub state: AuthorityReconciliationStateV1,
1857 pub can_apply: bool,
1858 pub reason: String,
1859}
1860
1861#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1865pub struct AuthorityExternalActionV1 {
1866 pub subject: String,
1867 pub canister_id: Option<String>,
1868 pub role: Option<String>,
1869 pub control_classification: CanisterControlClassV1,
1870 pub state: AuthorityReconciliationStateV1,
1871 pub action: AuthorityActionV1,
1872 pub observed_controllers: Vec<String>,
1873 pub desired_controllers: Vec<String>,
1874 pub controller_delta: AuthorityControllerDeltaV1,
1875 pub reason: String,
1876}
1877
1878#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1882pub enum AuthorityActionV1 {
1883 None,
1884 AddControllers,
1885 RemoveControllers,
1886 ReplaceControllerSet,
1887 RequiresExternalController,
1888 RequiresDestructiveImportConfirmation,
1889 ObserveOnly,
1890 AdoptPlanAvailable,
1891 BlockedByPolicy,
1892 UnknownObservation,
1893}
1894
1895#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1899pub enum AuthorityReconciliationStateV1 {
1900 AlreadyCorrect,
1901 CanApplyAutomatically,
1902 RequiresExternalAction,
1903 UnsafeBlocked,
1904 Unknown,
1905}
1906
1907#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1911pub struct DeploymentIdentityV1 {
1912 pub deployment_name: String,
1913 pub network: String,
1914 pub root_principal: Option<String>,
1915 pub authority_profile_hash: Option<String>,
1916 pub role_topology_hash: Option<String>,
1917 pub deployment_manifest_digest: Option<String>,
1918 pub canonical_runtime_config_digest: Option<String>,
1919 pub role_embedded_config_set_digest: Option<String>,
1920 pub artifact_set_digest: Option<String>,
1921 pub pool_identity_set_digest: Option<String>,
1922 pub canic_version: Option<String>,
1923 pub ic_memory_version: Option<String>,
1924}
1925
1926#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1930pub struct TrustDomainV1 {
1931 pub root_trust_anchor: Option<String>,
1932 pub migration_from: Option<String>,
1933}
1934
1935#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1939pub struct AuthorityProfileV1 {
1940 pub profile_id: String,
1941 pub expected_controllers: Vec<String>,
1942 pub staging_controllers: Vec<String>,
1943 pub emergency_controllers: Vec<String>,
1944}
1945
1946#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1950pub struct RoleArtifactV1 {
1951 pub role: String,
1952 pub source: ArtifactSourceV1,
1953 pub build_profile: String,
1954 pub wasm_path: Option<String>,
1955 pub wasm_gz_path: Option<String>,
1956 pub wasm_gz_size_bytes: Option<u64>,
1957 pub wasm_sha256: Option<String>,
1958 pub wasm_gz_sha256: Option<String>,
1959 pub wasm_gz_sha256_source: Option<ArtifactDigestSourceV1>,
1960 pub observed_wasm_gz_file_sha256: Option<String>,
1961 pub observed_wasm_gz_file_sha256_source: Option<ArtifactDigestSourceV1>,
1962 pub installed_module_hash: Option<String>,
1963 pub candid_path: Option<String>,
1964 pub candid_sha256: Option<String>,
1965 pub raw_config_sha256: Option<String>,
1966 pub canonical_embedded_config_sha256: Option<String>,
1967 pub embedded_topology_sha256: Option<String>,
1968 pub builder_version: Option<String>,
1969 pub rust_toolchain: Option<String>,
1970 pub package_version: Option<String>,
1971}
1972
1973#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1977pub enum ArtifactDigestSourceV1 {
1978 ReleaseSetManifest,
1979 ObservedFileDigest,
1980 InstalledModuleHash,
1981}
1982
1983#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1987pub enum ArtifactSourceV1 {
1988 LocalBuild,
1989 ReleaseSet,
1990 WasmStore,
1991 External,
1992 Unknown,
1993}
1994
1995#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1999pub struct ExpectedCanisterV1 {
2000 pub role: String,
2001 pub canister_id: Option<String>,
2002 pub control_class: CanisterControlClassV1,
2003}
2004
2005#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2009pub struct ObservedCanisterV1 {
2010 pub canister_id: String,
2011 pub role: Option<String>,
2012 pub control_class: CanisterControlClassV1,
2013 pub controllers: Vec<String>,
2014 pub module_hash: Option<String>,
2015 pub status: Option<String>,
2016 pub root_trust_anchor: Option<String>,
2017 pub canonical_embedded_config_digest: Option<String>,
2018 pub role_assignment_source: Option<String>,
2019}
2020
2021#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2025pub enum CanisterControlClassV1 {
2026 DeploymentControlled,
2027 CanicManagedPool,
2028 ExternallyImported,
2029 JointlyControlled,
2030 UserControlled,
2031 UnknownUnsafe,
2032}
2033
2034#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2038pub struct ExpectedPoolCanisterV1 {
2039 pub pool: String,
2040 pub canister_id: Option<String>,
2041 pub role: Option<String>,
2042}
2043
2044#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2048pub struct ObservedPoolCanisterV1 {
2049 pub pool: String,
2050 pub canister_id: String,
2051 pub role: Option<String>,
2052 pub control_class: CanisterControlClassV1,
2053}
2054
2055#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2059pub struct LocalDeploymentConfigV1 {
2060 pub config_path: Option<String>,
2061 pub raw_config_sha256: Option<String>,
2062 pub canonical_embedded_config_sha256: Option<String>,
2063}
2064
2065#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2069pub struct ObservedArtifactV1 {
2070 pub role: String,
2071 pub artifact_path: String,
2072 pub file_sha256: Option<String>,
2073 pub file_sha256_source: Option<ArtifactDigestSourceV1>,
2074 pub payload_sha256: Option<String>,
2075 pub payload_size_bytes: Option<u64>,
2076 pub source: ArtifactSourceV1,
2077}
2078
2079#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2083pub struct VerifierReadinessExpectationV1 {
2084 pub required: bool,
2085 pub expected_role_epochs: Vec<RoleEpochExpectationV1>,
2086}
2087
2088#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2092pub struct VerifierReadinessObservationV1 {
2093 pub status: ObservationStatusV1,
2094 pub role_epochs: Vec<RoleEpochObservationV1>,
2095}
2096
2097#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2101pub struct RoleEpochExpectationV1 {
2102 pub role: String,
2103 pub minimum_epoch: u64,
2104}
2105
2106#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2110pub struct RoleEpochObservationV1 {
2111 pub role: String,
2112 pub observed_epoch: Option<u64>,
2113 pub status: ObservationStatusV1,
2114}
2115
2116#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2120pub struct DeploymentAssumptionV1 {
2121 pub key: String,
2122 pub description: String,
2123}
2124
2125#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2129pub struct DeploymentObservationGapV1 {
2130 pub key: String,
2131 pub description: String,
2132}
2133
2134#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2138pub struct PhaseReceiptV1 {
2139 pub phase: String,
2140 pub started_at: String,
2141 pub finished_at: Option<String>,
2142 pub attempted_action: String,
2143 pub verified_postcondition: VerifiedPostconditionV1,
2144}
2145
2146#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2150pub struct VerifiedPostconditionV1 {
2151 pub status: ObservationStatusV1,
2152 pub evidence: Vec<String>,
2153}
2154
2155#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2159pub enum DeploymentExecutionStatusV1 {
2160 NotStarted,
2161 InProgress,
2162 FailedBeforeMutation,
2163 PartiallyApplied,
2164 FailedAfterMutation,
2165 Complete,
2166}
2167
2168#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2172pub enum DeploymentCommandResultV1 {
2173 NotFinished,
2174 Succeeded,
2175 Failed { code: String, message: String },
2176}
2177
2178#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2182pub struct RolePhaseReceiptV1 {
2183 pub role: String,
2184 pub phase: String,
2185 pub result: RolePhaseResultV1,
2186 pub previous_module_hash: Option<String>,
2187 pub target_module_hash: Option<String>,
2188 pub observed_module_hash_after: Option<String>,
2189 pub artifact_digest: Option<String>,
2190 pub canonical_embedded_config_sha256: Option<String>,
2191 pub error: Option<String>,
2192}
2193
2194#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2198pub enum RolePhaseResultV1 {
2199 Applied,
2200 Failed,
2201 Skipped,
2202 NotAttempted,
2203 VerifiedAlreadyApplied,
2204}
2205
2206#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2210pub struct DiffItemV1 {
2211 pub category: String,
2212 pub subject: String,
2213 pub expected: Option<String>,
2214 pub observed: Option<String>,
2215 pub severity: SafetySeverityV1,
2216}
2217
2218#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2222pub struct ResumeSafetyV1 {
2223 pub status: SafetyStatusV1,
2224 pub reasons: Vec<String>,
2225}
2226
2227#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2231pub struct SafetyFindingV1 {
2232 pub code: String,
2233 pub message: String,
2234 pub severity: SafetySeverityV1,
2235 pub subject: Option<String>,
2236}
2237
2238#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2242pub enum SafetyStatusV1 {
2243 NotEvaluated,
2244 Safe,
2245 Warning,
2246 Blocked,
2247}
2248
2249#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2253pub enum SafetySeverityV1 {
2254 Info,
2255 Warning,
2256 HardFailure,
2257}
2258
2259#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2263pub enum ObservationStatusV1 {
2264 NotObserved,
2265 Observed,
2266 Missing,
2267 Inconclusive,
2268}