1use serde::{Deserialize, Serialize};
2
3#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
7pub struct DeploymentPlanV1 {
8 pub schema_version: u32,
9 pub plan_id: String,
10 pub deployment_identity: DeploymentIdentityV1,
11 pub trust_domain: TrustDomainV1,
12 pub fleet_template: String,
13 pub runtime_variant: String,
14 pub authority_profile: AuthorityProfileV1,
15 pub role_artifacts: Vec<RoleArtifactV1>,
16 pub expected_canisters: Vec<ExpectedCanisterV1>,
17 pub expected_pool: Vec<ExpectedPoolCanisterV1>,
18 pub expected_verifier_readiness: VerifierReadinessExpectationV1,
19 pub unresolved_assumptions: Vec<DeploymentAssumptionV1>,
20}
21
22#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
26pub struct DeploymentInventoryV1 {
27 pub schema_version: u32,
28 pub inventory_id: String,
29 pub observed_at: String,
30 pub observed_identity: Option<DeploymentIdentityV1>,
31 pub observed_root: Option<DeploymentRootObservationV1>,
32 pub local_config: LocalDeploymentConfigV1,
33 pub observed_canisters: Vec<ObservedCanisterV1>,
34 pub observed_pool: Vec<ObservedPoolCanisterV1>,
35 pub observed_artifacts: Vec<ObservedArtifactV1>,
36 pub observed_verifier_readiness: VerifierReadinessObservationV1,
37 pub unresolved_observations: Vec<DeploymentObservationGapV1>,
38}
39
40#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
44pub struct DeploymentRootObservationV1 {
45 pub deployment_name: String,
46 pub network: String,
47 pub fleet_template: String,
48 pub root_principal: String,
49 pub observed_canister_id: String,
50 pub observation_source: DeploymentRootObservationSourceV1,
51 pub control_class: CanisterControlClassV1,
52 pub controllers: Vec<String>,
53 pub module_hash: Option<String>,
54 pub status: Option<String>,
55 pub role_assignment_source: Option<String>,
56}
57
58#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
62pub enum DeploymentRootObservationSourceV1 {
63 IcpCanisterStatus,
64 LocalDeploymentState,
65}
66
67#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
71pub struct DeploymentReceiptV1 {
72 pub schema_version: u32,
73 pub operation_id: String,
74 pub plan_id: String,
75 pub execution_context: Option<DeploymentExecutionContextV1>,
76 pub operation_status: DeploymentExecutionStatusV1,
77 pub started_at: String,
78 pub finished_at: Option<String>,
79 pub operator_principal: Option<String>,
80 pub root_principal: Option<String>,
81 pub previous_observed_deployment_epoch: Option<u64>,
82 pub phase_receipts: Vec<PhaseReceiptV1>,
83 pub role_phase_receipts: Vec<RolePhaseReceiptV1>,
84 pub final_inventory_id: Option<String>,
85 pub command_result: DeploymentCommandResultV1,
86}
87
88#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
92pub struct DeploymentExecutionContextV1 {
93 pub workspace_root: Option<String>,
94 pub icp_root: Option<String>,
95 pub artifact_roots: Vec<String>,
96 pub backend: DeploymentExecutorBackendV1,
97 pub backend_capabilities: Vec<DeploymentExecutorCapabilityV1>,
98}
99
100#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
104pub struct DeploymentExecutionPreflightV1 {
105 pub schema_version: u32,
106 pub plan_id: String,
107 pub safety_report_id: String,
108 pub authority_plan_id: String,
109 pub backend: DeploymentExecutorBackendV1,
110 pub status: DeploymentExecutionPreflightStatusV1,
111 pub planned_phases: Vec<String>,
112 pub required_capabilities: Vec<DeploymentExecutorCapabilityV1>,
113 pub missing_capabilities: Vec<DeploymentExecutorCapabilityV1>,
114 pub blockers: Vec<SafetyFindingV1>,
115}
116
117#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
121pub enum DeploymentExecutionPreflightStatusV1 {
122 Ready,
123 Blocked,
124}
125
126#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
130pub enum DeploymentExecutorBackendV1 {
131 CurrentCli,
132 PocketIc,
133 DirectAgent,
134 Other { name: String },
135}
136
137#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
141pub enum DeploymentExecutorCapabilityV1 {
142 CreateCanister,
143 CanisterStatus,
144 UpdateSettings,
145 InstallCode,
146 Call,
147 Query,
148 StageArtifact,
149}
150
151#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
155pub enum ArtifactTransportV1 {
156 LocalCli,
157 WasmStore,
158 DirectAgent,
159}
160
161#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
165pub struct StagingReceiptV1 {
166 pub schema_version: u32,
167 pub role: String,
168 pub artifact_identity: String,
169 pub transport: ArtifactTransportV1,
170 pub wasm_store_locator: Option<String>,
171 pub prepared_chunk_hashes: Vec<String>,
172 pub published_chunk_count: usize,
173 pub verified_postcondition: VerifiedPostconditionV1,
174}
175
176#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
180pub struct RoleArtifactSourceV1 {
181 pub role: String,
182 pub kind: RoleArtifactSourceKindV1,
183 pub locator: Option<String>,
184 pub previous_receipt_kind: Option<PreviousArtifactReceiptKindV1>,
185 pub previous_receipt_lineage_digest: Option<String>,
186 pub expected_wasm_sha256: Option<String>,
187 pub expected_wasm_gz_sha256: Option<String>,
188 pub expected_candid_sha256: Option<String>,
189 pub expected_canonical_embedded_config_sha256: Option<String>,
190}
191
192#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
196pub struct RolePromotionInputV1 {
197 pub role: String,
198 pub promotion_level: PromotionArtifactLevelV1,
199 pub source: RoleArtifactSourceV1,
200 pub require_byte_identical_wasm: bool,
201 pub require_target_embedded_config: bool,
202 pub target_store_has_artifact: Option<bool>,
203}
204
205#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
209pub struct RolePromotionPolicyV1 {
210 pub role: String,
211 pub allowed_promotion_levels: Vec<PromotionArtifactLevelV1>,
212 pub requirements: Vec<PromotionPolicyRequirementV1>,
213}
214
215#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
219pub enum PromotionPolicyRequirementV1 {
220 SameSourceRevision,
221 SameCargoFeatures,
222 TargetConfigDigest,
223 ByteIdenticalWasm,
224 SealedBytes,
225}
226
227#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
231pub enum PromotionPolicyClaimV1 {
232 ByteIdenticalWasm,
233 TargetConfigDigest,
234}
235
236#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
240pub struct PromotionPolicyCheckV1 {
241 pub schema_version: u32,
242 pub check_id: String,
243 pub promotion_policy_check_digest: String,
244 pub status: PromotionReadinessStatusV1,
245 pub roles: Vec<RolePromotionPolicyDecisionV1>,
246 pub blockers: Vec<SafetyFindingV1>,
247}
248
249#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
253pub struct RolePromotionPolicyDecisionV1 {
254 pub role: String,
255 pub requested_promotion_level: PromotionArtifactLevelV1,
256 pub allowed_promotion_levels: Vec<PromotionArtifactLevelV1>,
257 pub requirements: Vec<PromotionPolicyRequirementV1>,
258 pub claims: Vec<PromotionPolicyClaimV1>,
259 pub level_allowed: bool,
260 pub policy_satisfied: bool,
261}
262
263#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
267pub enum PromotionArtifactLevelV1 {
268 SealedWasm,
269 SourceBuild,
270}
271
272#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
276pub struct BuildRecipeIdentityV1 {
277 pub recipe_id: String,
278 pub source_kind: RoleArtifactSourceKindV1,
279 pub source_revision: String,
280 pub source_tree_clean: bool,
281 pub package_or_role_selector: String,
282 pub cargo_profile: String,
283 pub cargo_features_digest: String,
284 pub cargo_lock_digest: String,
285 pub rust_toolchain: String,
286 pub builder_version: String,
287 pub target_triple: String,
288 pub linker_identity: String,
289 pub deterministic_build_mode: String,
290 pub wasm_opt_version: String,
291 pub compression_identity: String,
292}
293
294#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
298pub struct BuildMaterializationInputV1 {
299 pub materialization_input_id: String,
300 pub build_recipe_id: String,
301 pub canonical_embedded_config_sha256: String,
302 pub network: String,
303 pub root_trust_anchor: String,
304 pub runtime_variant: String,
305}
306
307#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
311pub struct BuildMaterializationResultV1 {
312 pub materialization_result_id: String,
313 pub build_recipe_id: String,
314 pub materialization_input_digest: String,
315 pub wasm_sha256: String,
316 pub wasm_gz_sha256: String,
317 pub installed_module_hash: String,
318 pub candid_sha256: String,
319}
320
321#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
325pub struct BuildMaterializationEvidenceV1 {
326 pub schema_version: u32,
327 pub evidence_id: String,
328 pub materialization_evidence_digest: String,
329 pub recipe: BuildRecipeIdentityV1,
330 pub materialization_input: BuildMaterializationInputV1,
331 pub materialization_result: BuildMaterializationResultV1,
332 pub computed_materialization_input_digest: String,
333 pub recipe_id_matches_input: bool,
334 pub recipe_id_matches_result: bool,
335 pub materialization_input_digest_matches_result: bool,
336}
337
338#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
342pub struct PromotionMaterializationIdentityReportV1 {
343 pub schema_version: u32,
344 pub report_id: String,
345 pub materialization_identity_report_digest: String,
346 pub status: PromotionReadinessStatusV1,
347 pub roles: Vec<RolePromotionMaterializationIdentityV1>,
348 pub output_groups: Vec<PromotionMaterializationOutputGroupV1>,
349 pub blockers: Vec<SafetyFindingV1>,
350}
351
352#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
356pub struct RolePromotionMaterializationIdentityV1 {
357 pub role: String,
358 pub evidence_id: String,
359 pub materialization_evidence_digest: String,
360 pub recipe_id: String,
361 pub materialization_input_id: String,
362 pub materialization_result_id: String,
363 pub materialization_input_digest: String,
364 pub canonical_embedded_config_sha256: String,
365 pub network: String,
366 pub root_trust_anchor: String,
367 pub runtime_variant: String,
368 pub wasm_sha256: String,
369 pub wasm_gz_sha256: String,
370 pub installed_module_hash: String,
371 pub candid_sha256: String,
372}
373
374#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
378pub struct PromotionMaterializationOutputGroupV1 {
379 pub output_identity_key: String,
380 pub roles: Vec<String>,
381 pub wasm_sha256: String,
382 pub wasm_gz_sha256: String,
383 pub installed_module_hash: String,
384 pub candid_sha256: String,
385}
386
387#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
391pub struct PromotionArtifactIdentityReportV1 {
392 pub schema_version: u32,
393 pub report_id: String,
394 pub artifact_identity_report_digest: String,
395 pub status: PromotionReadinessStatusV1,
396 pub summary: PromotionArtifactIdentitySummaryV1,
397 pub roles: Vec<RolePromotionArtifactIdentityV1>,
398 pub identity_groups: Vec<PromotionArtifactIdentityGroupV1>,
399 pub blockers: Vec<SafetyFindingV1>,
400}
401
402#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
406pub struct PromotionArtifactIdentitySummaryV1 {
407 pub role_count: usize,
408 pub identity_group_count: usize,
409 pub shared_identity_group_count: usize,
410 pub digest_pinned_role_count: usize,
411 pub source_build_role_count: usize,
412 pub deferred_identity_role_count: usize,
413}
414
415#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
419pub struct PromotionWasmStoreIdentityReportV1 {
420 pub schema_version: u32,
421 pub report_id: String,
422 pub wasm_store_identity_report_digest: String,
423 pub status: PromotionReadinessStatusV1,
424 pub roles: Vec<RolePromotionWasmStoreIdentityV1>,
425 pub blockers: Vec<SafetyFindingV1>,
426}
427
428#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
432pub struct RolePromotionWasmStoreIdentityV1 {
433 pub role: String,
434 pub artifact_identity: String,
435 pub transport: ArtifactTransportV1,
436 pub wasm_store_locator: Option<String>,
437 pub prepared_chunk_hashes: Vec<String>,
438 pub published_chunk_count: usize,
439 pub verified_postcondition: VerifiedPostconditionV1,
440}
441
442#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
446pub struct PromotionWasmStoreCatalogEntryV1 {
447 pub locator: String,
448 pub artifact_identity: String,
449 pub published_chunk_count: usize,
450}
451
452#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
456pub struct PromotionWasmStoreCatalogVerificationV1 {
457 pub schema_version: u32,
458 pub verification_id: String,
459 pub wasm_store_catalog_verification_digest: String,
460 pub wasm_store_identity_report_id: String,
461 pub status: PromotionReadinessStatusV1,
462 pub roles: Vec<RolePromotionWasmStoreCatalogVerificationV1>,
463 pub blockers: Vec<SafetyFindingV1>,
464}
465
466#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
470pub struct RolePromotionWasmStoreCatalogVerificationV1 {
471 pub role: String,
472 pub wasm_store_locator: String,
473 pub expected_artifact_identity: String,
474 pub observed_artifact_identity: Option<String>,
475 pub expected_published_chunk_count: usize,
476 pub observed_published_chunk_count: Option<usize>,
477 pub catalog_entry_present: bool,
478 pub catalog_matches: bool,
479 pub catalog_observation_digest: String,
480}
481
482#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
486pub struct PromotionArtifactIdentityGroupV1 {
487 pub identity_key: String,
488 pub identity_kind: PromotionArtifactIdentityKindV1,
489 pub roles: Vec<String>,
490 pub source_kinds: Vec<RoleArtifactSourceKindV1>,
491 pub source_locators: Vec<String>,
492 pub digest_pinned: bool,
493 pub wasm_sha256: Option<String>,
494 pub wasm_gz_sha256: Option<String>,
495 pub candid_sha256: Option<String>,
496 pub canonical_embedded_config_sha256: Option<String>,
497}
498
499#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
503pub struct RolePromotionArtifactIdentityV1 {
504 pub role: String,
505 pub promotion_level: PromotionArtifactLevelV1,
506 pub source_kind: RoleArtifactSourceKindV1,
507 pub source_locator: Option<String>,
508 pub identity_kind: PromotionArtifactIdentityKindV1,
509 pub digest_pinned: bool,
510 pub wasm_sha256: Option<String>,
511 pub wasm_gz_sha256: Option<String>,
512 pub candid_sha256: Option<String>,
513 pub canonical_embedded_config_sha256: Option<String>,
514}
515
516#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
520pub enum PromotionArtifactIdentityKindV1 {
521 SealedWasm,
522 SealedCompressedWasm,
523 SealedWasmAndCompressedWasm,
524 SourceBuild,
525 Deferred,
526}
527
528#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
532pub struct PromotionReadinessV1 {
533 pub schema_version: u32,
534 pub readiness_id: String,
535 pub promotion_readiness_digest: String,
536 pub target_plan_id: String,
537 pub status: PromotionReadinessStatusV1,
538 pub roles: Vec<RolePromotionReadinessV1>,
539 pub blockers: Vec<SafetyFindingV1>,
540 pub warnings: Vec<SafetyFindingV1>,
541}
542
543#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
547pub struct PromotionPlanTransformV1 {
548 pub schema_version: u32,
549 pub transform_id: String,
550 pub target_plan_id: String,
551 pub promoted_plan_id: String,
552 pub promotion_plan_lineage_digest: String,
553 pub promoted_plan: DeploymentPlanV1,
554 pub roles: Vec<RolePromotionPlanTransformV1>,
555}
556
557#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
561pub struct ArtifactPromotionPlanV1 {
562 pub schema_version: u32,
563 pub plan_id: String,
564 pub artifact_promotion_plan_digest: String,
565 pub generated_at: String,
566 pub status: PromotionReadinessStatusV1,
567 pub target_plan_id: String,
568 pub promoted_plan_id: String,
569 pub promotion_plan_lineage_digest: String,
570 pub readiness: PromotionReadinessV1,
571 pub artifact_identity_report: PromotionArtifactIdentityReportV1,
572 pub transform: PromotionPlanTransformV1,
573 pub target_execution_lineage: Option<PromotionTargetExecutionLineageV1>,
574 pub blockers: Vec<SafetyFindingV1>,
575}
576
577#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
581pub struct ArtifactPromotionProvenanceReportV1 {
582 pub schema_version: u32,
583 pub report_id: String,
584 pub status: PromotionReadinessStatusV1,
585 pub artifact_promotion_plan_id: String,
586 pub artifact_promotion_plan_digest: String,
587 pub target_plan_id: String,
588 pub promoted_plan_id: String,
589 pub promotion_plan_lineage_digest: String,
590 pub provenance_report_digest: String,
591 pub readiness_id: String,
592 pub artifact_identity_report_id: String,
593 pub transform_id: String,
594 pub target_execution_lineage_id: Option<String>,
595 pub wasm_store_identity_report_id: Option<String>,
596 pub wasm_store_identity_report_digest: Option<String>,
597 pub wasm_store_catalog_verification_id: Option<String>,
598 pub wasm_store_catalog_verification_digest: Option<String>,
599 pub materialization_identity_report_id: Option<String>,
600 pub materialization_identity_report_digest: Option<String>,
601 pub execution_attempted: bool,
602 pub roles: Vec<RolePromotionProvenanceV1>,
603 pub blockers: Vec<SafetyFindingV1>,
604}
605
606#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
610pub struct ArtifactPromotionExecutionReceiptV1 {
611 pub schema_version: u32,
612 pub receipt_id: String,
613 pub execution_receipt_digest: String,
614 pub artifact_promotion_plan_id: String,
615 pub artifact_promotion_plan_digest: String,
616 pub provenance_report_id: String,
617 pub provenance_report_digest: String,
618 pub provenance_status: PromotionReadinessStatusV1,
619 pub promoted_plan_id: String,
620 pub promotion_plan_lineage_digest: String,
621 pub operation_id: String,
622 pub operation_status: DeploymentExecutionStatusV1,
623 pub command_result: DeploymentCommandResultV1,
624 pub started_at: String,
625 pub finished_at: Option<String>,
626 pub deployment_receipt: DeploymentReceiptV1,
627 pub roles: Vec<RolePromotionExecutionReceiptV1>,
628}
629
630#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
634pub struct RolePromotionExecutionReceiptV1 {
635 pub role: String,
636 pub promotion_level: PromotionArtifactLevelV1,
637 pub materialization_evidence_id: Option<String>,
638 pub materialization_evidence_digest: Option<String>,
639 pub wasm_store_locator: Option<String>,
640 pub wasm_store_catalog_observation_digest: Option<String>,
641 pub role_phase_result: Option<RolePhaseResultV1>,
642 pub artifact_digest: Option<String>,
643 pub observed_module_hash_after: Option<String>,
644 pub canonical_embedded_config_sha256: Option<String>,
645}
646
647#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
651pub struct RolePromotionProvenanceV1 {
652 pub role: String,
653 pub promotion_level: PromotionArtifactLevelV1,
654 pub source_kind: RoleArtifactSourceKindV1,
655 pub artifact_identity_changed: bool,
656 pub embedded_config_changed: bool,
657 pub target_materialization_preserved: bool,
658 pub materialization_evidence_id: Option<String>,
659 pub materialization_evidence_digest: Option<String>,
660 pub wasm_store_locator: Option<String>,
661 pub wasm_store_catalog_observation_digest: Option<String>,
662}
663
664#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
668pub struct PromotionPlanTransformEvidenceV1 {
669 pub schema_version: u32,
670 pub evidence_id: String,
671 pub promotion_plan_transform_evidence_digest: String,
672 pub generated_at: String,
673 pub transform: PromotionPlanTransformV1,
674}
675
676#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
680pub struct PromotionTargetExecutionLineageV1 {
681 pub schema_version: u32,
682 pub lineage_id: String,
683 pub generated_at: String,
684 pub target_execution_lineage_digest: String,
685 pub transform: PromotionPlanTransformV1,
686 pub execution_preflight: DeploymentExecutionPreflightV1,
687 pub execution_attempted: bool,
688}
689
690#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
694pub struct RolePromotionPlanTransformV1 {
695 pub role: String,
696 pub promotion_level: PromotionArtifactLevelV1,
697 pub source_kind: RoleArtifactSourceKindV1,
698 pub source_locator: Option<String>,
699 pub artifact_source_before: ArtifactSourceV1,
700 pub artifact_source_after: ArtifactSourceV1,
701 pub wasm_sha256_before: Option<String>,
702 pub wasm_sha256_after: Option<String>,
703 pub wasm_gz_sha256_before: Option<String>,
704 pub wasm_gz_sha256_after: Option<String>,
705 pub candid_sha256_before: Option<String>,
706 pub candid_sha256_after: Option<String>,
707 pub canonical_embedded_config_sha256_before: Option<String>,
708 pub canonical_embedded_config_sha256_after: Option<String>,
709 pub artifact_identity_changed: bool,
710 pub embedded_config_changed: bool,
711 pub target_materialization_preserved: bool,
712 pub source_build_materialization: Option<RolePromotionMaterializationLinkV1>,
713}
714
715#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
719pub struct RolePromotionMaterializationLinkV1 {
720 pub role: String,
721 pub evidence_id: String,
722 pub materialization_evidence_digest: String,
723 pub recipe_id: String,
724 pub materialization_input_id: String,
725 pub materialization_result_id: String,
726 pub materialization_input_digest: String,
727 pub wasm_sha256: String,
728 pub wasm_gz_sha256: String,
729 pub installed_module_hash: String,
730 pub candid_sha256: String,
731}
732
733#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
737pub enum PromotionReadinessStatusV1 {
738 Ready,
739 Blocked,
740}
741
742#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
746pub struct RolePromotionReadinessV1 {
747 pub role: String,
748 pub promotion_level: PromotionArtifactLevelV1,
749 pub source_kind: RoleArtifactSourceKindV1,
750 pub source_locator: Option<String>,
751 pub source_wasm_sha256: Option<String>,
752 pub source_wasm_gz_sha256: Option<String>,
753 pub target_wasm_sha256: Option<String>,
754 pub target_wasm_gz_sha256: Option<String>,
755 pub source_canonical_embedded_config_sha256: Option<String>,
756 pub target_canonical_embedded_config_sha256: Option<String>,
757 pub byte_identical_wasm: Option<bool>,
758 pub embedded_config_identical: Option<bool>,
759 pub target_store_has_artifact: Option<bool>,
760 pub restage_required: bool,
761}
762
763#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
767pub enum RoleArtifactSourceKindV1 {
768 WorkspacePackage,
769 PublishedPackage,
770 LocalWasm,
771 LocalWasmGz,
772 PreviousReceiptArtifact,
773 CanonicalWasmStoreDefault,
774}
775
776#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
780pub enum PreviousArtifactReceiptKindV1 {
781 DeploymentReceipt,
782 StagingReceipt,
783}
784
785#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
789pub struct AuthorityReceiptV1 {
790 pub schema_version: u32,
791 pub operation_id: String,
792 pub check_id: Option<String>,
793 pub reconciliation_plan_id: String,
794 pub authority_report_id: String,
795 pub inventory_id: String,
796 pub authority_profile_hash: Option<String>,
797 pub operation_status: DeploymentExecutionStatusV1,
798 pub started_at: String,
799 pub finished_at: Option<String>,
800 pub attempted_actions: Vec<AuthorityAttemptedActionV1>,
801 pub verified_controller_observations: Vec<AuthorityControllerObservationV1>,
802 pub hard_failures: Vec<SafetyFindingV1>,
803 pub unresolved_observation_gaps: Vec<DeploymentObservationGapV1>,
804 pub unresolved_external_actions: Vec<AuthorityExternalActionV1>,
805 pub command_result: DeploymentCommandResultV1,
806}
807
808#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
812pub struct AuthorityDryRunEvidenceV1 {
813 pub schema_version: u32,
814 pub evidence_id: String,
815 pub check_id: String,
816 pub generated_at: String,
817 pub reconciliation_plan: AuthorityReconciliationPlanV1,
818 pub authority_report: AuthorityReportV1,
819 pub authority_receipt: AuthorityReceiptV1,
820}
821
822#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
826pub struct AuthorityAttemptedActionV1 {
827 pub subject: String,
828 pub canister_id: Option<String>,
829 pub role: Option<String>,
830 pub action: AuthorityActionV1,
831 pub result: RolePhaseResultV1,
832 pub error: Option<String>,
833}
834
835#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
839pub struct AuthorityControllerObservationV1 {
840 pub subject: String,
841 pub canister_id: Option<String>,
842 pub role: Option<String>,
843 pub state: AuthorityReconciliationStateV1,
844 pub action: AuthorityActionV1,
845 pub observed_controllers: Vec<String>,
846 pub desired_controllers: Vec<String>,
847 pub controller_delta: AuthorityControllerDeltaV1,
848}
849
850#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
854pub struct RoleArtifactManifestV1 {
855 pub schema_version: u32,
856 pub manifest_id: String,
857 pub network: String,
858 pub artifact_root: Option<String>,
859 pub role_artifacts: Vec<RoleArtifactV1>,
860 pub unresolved_artifacts: Vec<DeploymentObservationGapV1>,
861}
862
863#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
867pub struct DeploymentDiffV1 {
868 pub schema_version: u32,
869 pub plan_identity: DeploymentIdentityV1,
870 pub observed_identity: Option<DeploymentIdentityV1>,
871 pub artifact_diff: Vec<DiffItemV1>,
872 pub controller_diff: Vec<DiffItemV1>,
873 pub pool_diff: Vec<DiffItemV1>,
874 pub embedded_config_diff: Vec<DiffItemV1>,
875 pub module_hash_diff: Vec<DiffItemV1>,
876 pub verifier_readiness_diff: Vec<DiffItemV1>,
877 pub resume_safety: ResumeSafetyV1,
878 pub hard_failures: Vec<SafetyFindingV1>,
879 pub warnings: Vec<SafetyFindingV1>,
880 pub resumable_phases: Vec<String>,
881}
882
883#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
887pub struct SafetyReportV1 {
888 pub schema_version: u32,
889 pub report_id: String,
890 pub diff_id: Option<String>,
891 pub status: SafetyStatusV1,
892 pub summary: String,
893 pub hard_failures: Vec<SafetyFindingV1>,
894 pub warnings: Vec<SafetyFindingV1>,
895 pub next_actions: Vec<String>,
896}
897
898#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
902pub struct DeploymentCheckV1 {
903 pub schema_version: u32,
904 pub check_id: String,
905 pub plan: DeploymentPlanV1,
906 pub inventory: DeploymentInventoryV1,
907 pub diff: DeploymentDiffV1,
908 pub report: SafetyReportV1,
909}
910
911#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
915pub struct DeploymentRootVerificationRequestV1 {
916 pub report_id: String,
917 pub requested_at: String,
918 pub deployment_name: String,
919 pub network: String,
920 pub expected_fleet_template: String,
921 pub expected_root_principal: String,
922 pub current_root_verification: DeploymentRootVerificationStateV1,
923 pub source: DeploymentRootVerificationSourceV1,
924 pub deployment_check: DeploymentCheckV1,
925}
926
927#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
931pub struct DeploymentRootVerificationReportV1 {
932 pub schema_version: u32,
933 pub report_id: String,
934 pub report_digest: String,
935 pub requested_at: String,
936 pub evidence_status: DeploymentRootVerificationEvidenceStatusV1,
937 pub state_transition: DeploymentRootVerificationStateTransitionV1,
938 pub deployment_name: String,
939 pub network: String,
940 pub expected_fleet_template: String,
941 pub expected_root_principal: String,
942 pub observed_deployment_name: Option<String>,
943 pub observed_network: Option<String>,
944 pub observed_fleet_template: Option<String>,
945 pub observed_root_principal: Option<String>,
946 pub observed_root_canister_id: Option<String>,
947 pub observed_root_observation_source: Option<DeploymentRootObservationSourceV1>,
948 pub source: DeploymentRootVerificationSourceV1,
949 pub source_check_id: String,
950 pub source_check_digest: String,
951 pub source_deployment_plan_id: String,
952 pub source_deployment_plan_digest: String,
953 pub source_inventory_id: String,
954 pub source_inventory_digest: String,
955 pub current_root_verification: DeploymentRootVerificationStateV1,
956 pub identity_checks: Vec<DeploymentRootVerificationCheckV1>,
957 pub evidence_checks: Vec<DeploymentRootVerificationCheckV1>,
958 pub blockers: Vec<SafetyFindingV1>,
959 pub warnings: Vec<SafetyFindingV1>,
960 pub recommended_next_actions: Vec<String>,
961}
962
963#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
967pub struct DeploymentRootVerificationReceiptV1 {
968 pub schema_version: u32,
969 pub receipt_id: String,
970 pub receipt_digest: String,
971 pub deployment_name: String,
972 pub network: String,
973 pub fleet_template: String,
974 pub root_principal: String,
975 pub previous_root_verification: DeploymentRootVerificationStateV1,
976 pub new_root_verification: DeploymentRootVerificationStateV1,
977 pub state_transition: DeploymentRootVerificationStateTransitionV1,
978 pub source_report_id: String,
979 pub source_report_digest: String,
980 pub source_report_requested_at: String,
981 pub source_report_source: DeploymentRootVerificationSourceV1,
982 pub source_report_evidence_status: DeploymentRootVerificationEvidenceStatusV1,
983 pub source_report_current_root_verification: DeploymentRootVerificationStateV1,
984 pub source_report_state_transition: DeploymentRootVerificationStateTransitionV1,
985 pub source_root_observation_source: DeploymentRootObservationSourceV1,
986 pub source_observed_root_canister_id: String,
987 pub source_check_id: String,
988 pub source_check_digest: String,
989 pub source_deployment_plan_id: String,
990 pub source_deployment_plan_digest: String,
991 pub source_inventory_id: String,
992 pub source_inventory_digest: String,
993 pub verified_at_unix_secs: u64,
994 pub local_state_path: String,
995 pub local_state_digest_before: String,
996 pub local_state_digest_after: String,
997 pub warnings: Vec<SafetyFindingV1>,
998}
999
1000#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1004pub struct DeploymentRootVerificationCheckV1 {
1005 pub name: String,
1006 pub expected: Option<String>,
1007 pub observed: Option<String>,
1008 pub satisfied: bool,
1009}
1010
1011#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1015pub enum DeploymentRootVerificationSourceV1 {
1016 DeploymentTruthCheck,
1017}
1018
1019#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1023pub enum DeploymentRootVerificationEvidenceStatusV1 {
1024 EvidenceSatisfied,
1025 VerificationFailed,
1026 NotApplicable,
1027}
1028
1029#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1033pub enum DeploymentRootVerificationStateTransitionV1 {
1034 NotAttempted,
1035 WouldPromoteNotVerifiedToVerified,
1036 PromotedNotVerifiedToVerified,
1037 NoStateChange,
1038 Blocked,
1039}
1040
1041#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1045pub enum DeploymentRootVerificationStateV1 {
1046 NotVerified,
1047 Verified,
1048}
1049
1050#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1054pub struct DeploymentComparisonReportV1 {
1055 pub schema_version: u32,
1056 pub report_id: String,
1057 pub report_digest: String,
1058 pub compared_at: String,
1059 pub left: DeploymentComparisonTargetV1,
1060 pub right: DeploymentComparisonTargetV1,
1061 pub status: SafetyStatusV1,
1062 pub identity_diff: Vec<DeploymentComparisonDiffV1>,
1063 pub artifact_diff: Vec<DeploymentComparisonDiffV1>,
1064 pub module_hash_diff: Vec<DeploymentComparisonDiffV1>,
1065 pub embedded_config_diff: Vec<DeploymentComparisonDiffV1>,
1066 pub authority_diff: Vec<DeploymentComparisonDiffV1>,
1067 pub pool_diff: Vec<DeploymentComparisonDiffV1>,
1068 pub verifier_readiness_diff: Vec<DeploymentComparisonDiffV1>,
1069 pub external_lifecycle_diff: Vec<DeploymentComparisonDiffV1>,
1070 pub hard_failures: Vec<SafetyFindingV1>,
1071 pub warnings: Vec<SafetyFindingV1>,
1072 pub next_actions: Vec<String>,
1073}
1074
1075#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1079pub struct DeploymentComparisonTargetV1 {
1080 pub label: String,
1081 pub check_id: String,
1082 pub check_digest: String,
1083 pub plan_id: String,
1084 pub plan_digest: String,
1085 pub inventory_id: String,
1086 pub inventory_digest: String,
1087 pub deployment_identity: DeploymentIdentityV1,
1088}
1089
1090#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1094pub struct DeploymentComparisonDiffV1 {
1095 pub category: DeploymentComparisonCategoryV1,
1096 pub subject: String,
1097 pub left: Option<String>,
1098 pub right: Option<String>,
1099 pub severity: SafetySeverityV1,
1100 pub message: String,
1101}
1102
1103#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1107pub enum DeploymentComparisonCategoryV1 {
1108 Identity,
1109 TrustDomain,
1110 Artifact,
1111 ModuleHash,
1112 EmbeddedConfig,
1113 Authority,
1114 Pool,
1115 VerifierReadiness,
1116 ExternalLifecycle,
1117}
1118
1119#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1123pub struct LifecycleAuthorityReportV1 {
1124 pub schema_version: u32,
1125 pub report_id: String,
1126 pub report_digest: String,
1127 pub check_id: String,
1128 pub plan_id: String,
1129 pub inventory_id: String,
1130 pub authorities: Vec<LifecycleAuthorityV1>,
1131 pub external_action_required_count: usize,
1132 pub blocked_count: usize,
1133}
1134
1135#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1139pub struct LifecycleAuthorityV1 {
1140 pub subject: String,
1141 pub canister_id: Option<String>,
1142 pub role: Option<String>,
1143 pub control_class: CanisterControlClassV1,
1144 pub lifecycle_mode: LifecycleModeV1,
1145 pub observed_controllers: Vec<String>,
1146 pub expected_deployment_controllers: Vec<String>,
1147 pub external_controllers: Vec<String>,
1148 pub required_controllers: Vec<String>,
1149 pub consent_requirements: Vec<ConsentRequirementV1>,
1150 pub allowed_upgrade_modes: Vec<LifecycleUpgradeModeV1>,
1151 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
1152 pub external_action_required: bool,
1153 pub blocked: bool,
1154 pub blockers: Vec<String>,
1155 pub warnings: Vec<String>,
1156 pub reason: String,
1157}
1158
1159#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1163pub enum LifecycleModeV1 {
1164 DirectDeploymentAuthority,
1165 ProposalRequired,
1166 DelegatedInstallRequired,
1167 ExternalCompletionOnly,
1168 VerifyOnly,
1169 MustNotTouch,
1170 UnknownUnsafeBlocked,
1171}
1172
1173#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1177pub enum LifecycleUpgradeModeV1 {
1178 DirectByDeploymentAuthority,
1179 ExternalProposal,
1180 ExternalExecution,
1181 VerifyExternalCompletion,
1182 ObserveOnly,
1183 Blocked,
1184}
1185
1186#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1190pub enum LifecycleVerificationRequirementV1 {
1191 LiveInventory,
1192 ControllerObservation,
1193 ModuleHash,
1194 CanonicalEmbeddedConfig,
1195 ProtectedCallReadiness,
1196}
1197
1198#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1202pub struct ConsentRequirementV1 {
1203 pub consent_subject_kind: ConsentSubjectKindV1,
1204 pub required_principals: Vec<String>,
1205 pub required_controller_set_digest: Option<String>,
1206 pub consent_channel_kind: ConsentChannelKindV1,
1207 pub required_action: ExternalUpgradeAuthorizationModeV1,
1208}
1209
1210#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1214pub enum ConsentSubjectKindV1 {
1215 UserPrincipal,
1216 ProjectHub,
1217 GovernanceCanister,
1218 CustomerController,
1219 DelegatedInstallCanister,
1220 MultisigAuthority,
1221 UnknownExternalController,
1222}
1223
1224#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1228pub enum ConsentChannelKindV1 {
1229 OutOfBand,
1230 GeneratedCommand,
1231 DelegatedInstall,
1232 GovernanceProposal,
1233 ApplicationSpecific,
1234}
1235
1236#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1240pub struct ExternalLifecyclePlanV1 {
1241 pub schema_version: u32,
1242 pub lifecycle_plan_id: String,
1243 pub lifecycle_plan_digest: String,
1244 pub lifecycle_authority_report_id: String,
1245 pub deployment_plan_id: String,
1246 pub deployment_plan_digest: String,
1247 pub inventory_id: String,
1248 pub lifecycle_authority_rows: Vec<LifecycleAuthorityV1>,
1249 pub directly_executable_role_upgrades: Vec<ExternalLifecycleRoleUpgradeV1>,
1250 pub proposed_external_role_upgrades: Vec<ExternalLifecycleRoleUpgradeV1>,
1251 pub blocked_role_upgrades: Vec<ExternalLifecycleRoleUpgradeV1>,
1252 pub dependency_blockers: Vec<String>,
1253 pub protected_call_implications: Vec<String>,
1254 pub residual_exposure: Vec<String>,
1255 pub status: ExternalLifecyclePlanStatusV1,
1256}
1257
1258#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1262pub struct ExternalLifecycleRoleUpgradeV1 {
1263 pub subject: String,
1264 pub canister_id: Option<String>,
1265 pub role: Option<String>,
1266 pub control_class: CanisterControlClassV1,
1267 pub lifecycle_mode: LifecycleModeV1,
1268 pub required_external_action: Option<String>,
1269 pub blockers: Vec<String>,
1270 pub warnings: Vec<String>,
1271}
1272
1273#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1277pub enum ExternalLifecyclePlanStatusV1 {
1278 Ready,
1279 PendingExternalAction,
1280 Blocked,
1281}
1282
1283#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1287pub struct ExternalUpgradeProposalReportV1 {
1288 pub schema_version: u32,
1289 pub report_id: String,
1290 pub report_digest: String,
1291 pub lifecycle_plan_id: String,
1292 pub lifecycle_plan_digest: String,
1293 pub deployment_plan_id: String,
1294 pub deployment_plan_digest: String,
1295 pub inventory_id: String,
1296 pub proposals: Vec<ExternalUpgradeProposalV1>,
1297 pub blocked_subjects: Vec<String>,
1298}
1299
1300#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1304pub struct ExternalLifecyclePendingReportV1 {
1305 pub schema_version: u32,
1306 pub report_id: String,
1307 pub report_digest: String,
1308 pub lifecycle_plan_id: String,
1309 pub lifecycle_plan_digest: String,
1310 pub proposal_report_id: String,
1311 pub proposal_report_digest: String,
1312 pub deployment_plan_id: String,
1313 pub deployment_plan_digest: String,
1314 pub inventory_id: String,
1315 pub direct_upgrade_count: usize,
1316 pub pending_external_count: usize,
1317 pub blocked_count: usize,
1318 pub pending_external_actions: Vec<ExternalLifecyclePendingActionV1>,
1319 pub blocked_subjects: Vec<String>,
1320 pub residual_exposure: Vec<String>,
1321 pub status: ExternalLifecyclePlanStatusV1,
1322}
1323
1324#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1328pub struct ExternalLifecycleCheckV1 {
1329 pub schema_version: u32,
1330 pub check_id: String,
1331 pub check_digest: String,
1332 pub lifecycle_plan_id: String,
1333 pub lifecycle_plan_digest: String,
1334 pub proposal_report_id: String,
1335 pub proposal_report_digest: String,
1336 pub pending_report_id: String,
1337 pub pending_report_digest: String,
1338 pub deployment_plan_id: String,
1339 pub deployment_plan_digest: String,
1340 pub inventory_id: String,
1341 pub status: ExternalLifecyclePlanStatusV1,
1342 pub direct_upgrade_count: usize,
1343 pub pending_external_count: usize,
1344 pub blocked_count: usize,
1345 pub residual_exposure_count: usize,
1346 pub summary: String,
1347 pub next_actions: Vec<String>,
1348}
1349
1350#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1354pub struct ExternalLifecycleHandoffV1 {
1355 pub schema_version: u32,
1356 pub handoff_id: String,
1357 pub handoff_digest: String,
1358 pub lifecycle_check_id: String,
1359 pub lifecycle_check_digest: String,
1360 pub pending_report_id: String,
1361 pub pending_report_digest: String,
1362 pub proposal_report_id: String,
1363 pub proposal_report_digest: String,
1364 pub deployment_plan_id: String,
1365 pub deployment_plan_digest: String,
1366 pub inventory_id: String,
1367 pub status: ExternalLifecyclePlanStatusV1,
1368 pub handoff_actions: Vec<ExternalLifecycleHandoffActionV1>,
1369 pub blocked_subjects: Vec<String>,
1370 pub residual_exposure: Vec<String>,
1371 pub operator_summary: String,
1372}
1373
1374#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1378pub struct ExternalLifecycleHandoffActionV1 {
1379 pub subject: String,
1380 pub proposal_id: String,
1381 pub proposal_digest: String,
1382 pub canister_id: Option<String>,
1383 pub role: Option<String>,
1384 pub control_class: CanisterControlClassV1,
1385 pub lifecycle_mode: LifecycleModeV1,
1386 pub required_external_action: String,
1387 pub consent_channel_kind: ConsentChannelKindV1,
1388 pub consent_subject_kind: ConsentSubjectKindV1,
1389 pub required_principals: Vec<String>,
1390 pub current_module_hash: Option<String>,
1391 pub target_installed_module_hash: Option<String>,
1392 pub target_canonical_embedded_config_sha256: Option<String>,
1393 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
1394 pub operator_instructions: Vec<String>,
1395}
1396
1397#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1401pub struct ExternalLifecyclePendingActionV1 {
1402 pub subject: String,
1403 pub proposal_id: String,
1404 pub proposal_digest: String,
1405 pub canister_id: Option<String>,
1406 pub role: Option<String>,
1407 pub control_class: CanisterControlClassV1,
1408 pub lifecycle_mode: LifecycleModeV1,
1409 pub required_external_action: String,
1410 pub consent_requirements: Vec<ConsentRequirementV1>,
1411 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
1412}
1413
1414#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1418pub struct CriticalExternalFixReportV1 {
1419 pub schema_version: u32,
1420 pub report_id: String,
1421 pub report_digest: String,
1422 pub fix_id: String,
1423 pub severity: String,
1424 pub lifecycle_plan_id: String,
1425 pub lifecycle_plan_digest: String,
1426 pub pending_report_id: String,
1427 pub pending_report_digest: String,
1428 pub deployment_plan_id: String,
1429 pub deployment_plan_digest: String,
1430 pub inventory_id: String,
1431 pub affected_roles: Vec<String>,
1432 pub affected_canisters: Vec<String>,
1433 pub directly_patchable_roles: Vec<String>,
1434 pub externally_blocked_roles: Vec<String>,
1435 pub dependency_blocked_roles: Vec<String>,
1436 pub required_external_actions: Vec<String>,
1437 pub protected_call_implications: Vec<String>,
1438 pub residual_exposure: Vec<String>,
1439 pub operator_next_steps: Vec<String>,
1440}
1441
1442#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1446pub struct ExternalUpgradeProposalV1 {
1447 pub proposal_id: String,
1448 pub proposal_digest: String,
1449 pub deployment_plan_id: String,
1450 pub deployment_plan_digest: String,
1451 pub lifecycle_plan_id: String,
1452 pub lifecycle_plan_digest: String,
1453 pub promotion_plan_id: Option<String>,
1454 pub promotion_plan_digest: Option<String>,
1455 pub promotion_provenance_id: Option<String>,
1456 pub promotion_provenance_digest: Option<String>,
1457 pub subject: String,
1458 pub canister_id: Option<String>,
1459 pub role: Option<String>,
1460 pub control_class: CanisterControlClassV1,
1461 pub lifecycle_mode: LifecycleModeV1,
1462 pub observed_before_digest: String,
1463 pub current_module_hash: Option<String>,
1464 pub current_canonical_embedded_config_sha256: Option<String>,
1465 pub target_wasm_sha256: Option<String>,
1466 pub target_wasm_gz_sha256: Option<String>,
1467 pub target_installed_module_hash: Option<String>,
1468 pub target_role_artifact_identity: Option<String>,
1469 pub target_canonical_embedded_config_sha256: Option<String>,
1470 pub root_trust_anchor: Option<String>,
1471 pub authority_profile_hash: Option<String>,
1472 pub required_external_action: String,
1473 pub consent_requirements: Vec<ConsentRequirementV1>,
1474 pub allowed_authorization_modes: Vec<ExternalUpgradeAuthorizationModeV1>,
1475 pub verification_requirements: Vec<LifecycleVerificationRequirementV1>,
1476 pub expires_at: Option<String>,
1477 pub supersedes_proposal_id: Option<String>,
1478}
1479
1480#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1484pub enum ExternalUpgradeAuthorizationModeV1 {
1485 ConsentForDirectInstall,
1486 DelegatedInstallAuthority,
1487 ExternalControllerExecution,
1488 ObserveAndVerifyOnly,
1489}
1490
1491#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1495pub struct ExternalUpgradeReceiptV1 {
1496 pub schema_version: u32,
1497 pub receipt_id: String,
1498 pub proposal_id: String,
1499 pub proposal_digest: String,
1500 pub subject: String,
1501 pub canister_id: Option<String>,
1502 pub role: Option<String>,
1503 pub consent_state: ExternalUpgradeConsentStateV1,
1504 pub reported_by: Option<String>,
1505 pub observed_before_module_hash: Option<String>,
1506 pub observed_after_module_hash: Option<String>,
1507 pub observed_after_canonical_embedded_config_sha256: Option<String>,
1508 pub verification_result: ExternalUpgradeVerificationResultV1,
1509 pub verification_notes: Vec<String>,
1510 pub receipt_digest: String,
1511}
1512
1513#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1517pub struct ExternalUpgradeConsentEvidenceV1 {
1518 pub schema_version: u32,
1519 pub evidence_id: String,
1520 pub evidence_digest: String,
1521 pub proposal_id: String,
1522 pub proposal_digest: String,
1523 pub receipt_id: String,
1524 pub receipt_digest: String,
1525 pub subject: String,
1526 pub canister_id: Option<String>,
1527 pub role: Option<String>,
1528 pub consent_state: ExternalUpgradeConsentStateV1,
1529 pub reported_by: Option<String>,
1530 pub consent_requirements: Vec<ConsentRequirementV1>,
1531 pub allowed_authorization_modes: Vec<ExternalUpgradeAuthorizationModeV1>,
1532 pub status_summary: String,
1533}
1534
1535#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1539pub struct ExternalUpgradeConsentEvidenceRequest {
1540 pub evidence_id: String,
1541 pub proposal: ExternalUpgradeProposalV1,
1542 pub receipt: ExternalUpgradeReceiptV1,
1543}
1544
1545#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1549pub struct ExternalUpgradeVerificationReportV1 {
1550 pub schema_version: u32,
1551 pub report_id: String,
1552 pub report_digest: String,
1553 pub proposal_id: String,
1554 pub proposal_digest: String,
1555 pub receipt_id: String,
1556 pub receipt_digest: String,
1557 pub subject: String,
1558 pub canister_id: Option<String>,
1559 pub role: Option<String>,
1560 pub verification_result: ExternalUpgradeVerificationResultV1,
1561 pub verification_notes: Vec<String>,
1562 pub live_inventory_required: bool,
1563 pub status_summary: String,
1564}
1565
1566#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1570pub struct ExternalUpgradeVerificationReportRequest {
1571 pub report_id: String,
1572 pub proposal: ExternalUpgradeProposalV1,
1573 pub receipt: ExternalUpgradeReceiptV1,
1574}
1575
1576#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1580pub struct ExternalUpgradeVerificationPolicyV1 {
1581 pub schema_version: u32,
1582 pub policy_id: String,
1583 pub policy_digest: String,
1584 pub proposal_id: String,
1585 pub proposal_digest: String,
1586 pub deployment_plan_id: String,
1587 pub deployment_plan_digest: String,
1588 pub subject: String,
1589 pub canister_id: Option<String>,
1590 pub role: Option<String>,
1591 pub required_verification: Vec<LifecycleVerificationRequirementV1>,
1592 pub verification_requirements: Vec<ExternalUpgradeVerificationPolicyRequirementV1>,
1593 pub max_observation_age_seconds: Option<u64>,
1594 pub status_summary: String,
1595}
1596
1597#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1601pub struct ExternalUpgradeVerificationPolicyRequirementV1 {
1602 pub requirement: LifecycleVerificationRequirementV1,
1603 pub status: ExternalUpgradeVerificationRequirementStatusV1,
1604 pub expected_value: Option<String>,
1605}
1606
1607#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1611pub enum ExternalUpgradeVerificationRequirementStatusV1 {
1612 Required,
1613 NotRequired,
1614}
1615
1616#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1620pub struct ExternalUpgradeVerificationPolicyRequest {
1621 pub policy_id: String,
1622 pub proposal: ExternalUpgradeProposalV1,
1623}
1624
1625#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1629pub struct ExternalUpgradeVerificationObservationV1 {
1630 pub source: ExternalVerificationObservationSourceV1,
1631 pub deployment_check_id: Option<String>,
1632 pub deployment_check_digest: Option<String>,
1633 pub inventory_id: Option<String>,
1634 pub observed_at: Option<String>,
1635 pub live_inventory_observed: bool,
1636 pub controller_observation_present: bool,
1637 pub observed_control_class: Option<CanisterControlClassV1>,
1638 pub observed_module_hash: Option<String>,
1639 pub observed_canonical_embedded_config_sha256: Option<String>,
1640 pub protected_call_ready: Option<bool>,
1641}
1642
1643#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1647pub enum ExternalVerificationObservationSourceV1 {
1648 SuppliedObservation,
1649 DeploymentTruthInventory,
1650}
1651
1652#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1656pub struct ExternalUpgradeVerificationCheckV1 {
1657 pub schema_version: u32,
1658 pub check_id: String,
1659 pub check_digest: String,
1660 pub policy_id: String,
1661 pub policy_digest: String,
1662 pub proposal_id: String,
1663 pub proposal_digest: String,
1664 pub subject: String,
1665 pub canister_id: Option<String>,
1666 pub role: Option<String>,
1667 pub observation: ExternalUpgradeVerificationObservationV1,
1668 pub requirement_results: Vec<ExternalUpgradeVerificationCheckRequirementV1>,
1669 pub verification_result: ExternalUpgradeVerificationResultV1,
1670 pub status_summary: String,
1671}
1672
1673#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1677pub struct ExternalUpgradeVerificationCheckRequirementV1 {
1678 pub requirement: LifecycleVerificationRequirementV1,
1679 pub status: ExternalUpgradeVerificationRequirementStatusV1,
1680 pub expected_value: Option<String>,
1681 pub observed_value: Option<String>,
1682 pub satisfied: Option<bool>,
1683}
1684
1685#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1689pub struct ExternalUpgradeVerificationCheckRequest {
1690 pub check_id: String,
1691 pub policy: ExternalUpgradeVerificationPolicyV1,
1692 pub observation: Option<ExternalUpgradeVerificationObservationV1>,
1693 pub deployment_check: Option<DeploymentCheckV1>,
1694}
1695
1696#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1700pub struct ExternalUpgradeCompletionReportV1 {
1701 pub schema_version: u32,
1702 pub report_id: String,
1703 pub report_digest: String,
1704 pub proposal_id: String,
1705 pub proposal_digest: String,
1706 pub consent_evidence_id: String,
1707 pub consent_evidence_digest: String,
1708 pub verification_check_id: String,
1709 pub verification_check_digest: String,
1710 pub subject: String,
1711 pub canister_id: Option<String>,
1712 pub role: Option<String>,
1713 pub consent_state: ExternalUpgradeConsentStateV1,
1714 pub verification_result: ExternalUpgradeVerificationResultV1,
1715 pub verification_observation_source: ExternalVerificationObservationSourceV1,
1716 pub completion_status: ExternalUpgradeCompletionStatusV1,
1717 pub blockers: Vec<String>,
1718 pub next_actions: Vec<String>,
1719 pub status_summary: String,
1720}
1721
1722#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1726pub enum ExternalUpgradeCompletionStatusV1 {
1727 AwaitingConsent,
1728 ConsentRefused,
1729 SuppliedEvidenceConsistent,
1730 AwaitingVerification,
1731 VerifiedComplete,
1732 VerificationFailed,
1733}
1734
1735#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1739pub struct ExternalUpgradeCompletionReportRequest {
1740 pub report_id: String,
1741 pub proposal: ExternalUpgradeProposalV1,
1742 pub consent_evidence: ExternalUpgradeConsentEvidenceV1,
1743 pub verification_check: ExternalUpgradeVerificationCheckV1,
1744}
1745
1746#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1750pub enum ExternalUpgradeConsentStateV1 {
1751 Pending,
1752 Refused,
1753 Delegated,
1754 ExecutedExternally,
1755}
1756
1757#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
1761pub enum ExternalUpgradeVerificationResultV1 {
1762 Pending,
1763 Refused,
1764 Verified,
1765 Mismatch,
1766}
1767
1768#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1772pub struct AuthorityReconciliationPlanV1 {
1773 pub schema_version: u32,
1774 pub plan_id: String,
1775 pub inventory_id: String,
1776 pub authority_profile_hash: Option<String>,
1777 pub canister_actions: Vec<CanisterAuthorityActionV1>,
1778 pub automatic_actions: Vec<AuthorityAutomaticActionV1>,
1779 pub hard_failures: Vec<SafetyFindingV1>,
1780 pub external_actions_required: Vec<AuthorityExternalActionV1>,
1781}
1782
1783#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1787pub struct AuthorityAutomaticActionV1 {
1788 pub subject: String,
1789 pub canister_id: String,
1790 pub role: Option<String>,
1791 pub action: AuthorityActionV1,
1792 pub observed_controllers: Vec<String>,
1793 pub desired_controllers: Vec<String>,
1794 pub controller_delta: AuthorityControllerDeltaV1,
1795 pub reason: String,
1796}
1797
1798#[derive(Clone, Debug, Default, Deserialize, Eq, PartialEq, Serialize)]
1802pub struct AuthorityControllerDeltaV1 {
1803 pub add_controllers: Vec<String>,
1804 pub remove_controllers: Vec<String>,
1805}
1806
1807#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1811pub struct AuthorityReportV1 {
1812 pub schema_version: u32,
1813 pub report_id: String,
1814 pub check_id: Option<String>,
1815 pub reconciliation_plan_id: String,
1816 pub inventory_id: String,
1817 pub authority_profile_hash: Option<String>,
1818 pub status: SafetyStatusV1,
1819 pub summary: String,
1820 pub counts: AuthorityReportCountsV1,
1821 pub apply_readiness: AuthorityApplyReadinessV1,
1822 pub action_counts: Vec<AuthorityActionCountV1>,
1823 pub control_class_counts: Vec<AuthorityControlClassCountV1>,
1824 pub observation_gaps: Vec<DeploymentObservationGapV1>,
1825 pub automatic_actions: Vec<AuthorityAutomaticActionV1>,
1826 pub hard_failures: Vec<SafetyFindingV1>,
1827 pub external_actions_required: Vec<AuthorityExternalActionV1>,
1828 pub next_actions: Vec<String>,
1829}
1830
1831#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1835pub struct AuthorityApplyReadinessV1 {
1836 pub can_apply_automatically: bool,
1837 pub automatic_action_count: usize,
1838 pub blockers: Vec<AuthorityApplyBlockerV1>,
1839}
1840
1841#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1845pub enum AuthorityApplyBlockerV1 {
1846 UnsafeBlocked,
1847 HardFailures,
1848 ObservationGaps,
1849 ExternalActions,
1850}
1851
1852#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1856pub struct AuthorityActionCountV1 {
1857 pub action: AuthorityActionV1,
1858 pub count: usize,
1859}
1860
1861#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1865pub struct AuthorityControlClassCountV1 {
1866 pub control_class: CanisterControlClassV1,
1867 pub count: usize,
1868}
1869
1870#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1874pub struct AuthorityReportCountsV1 {
1875 pub already_correct: usize,
1876 pub can_apply_automatically: usize,
1877 pub requires_external_action: usize,
1878 pub unsafe_blocked: usize,
1879 pub unknown: usize,
1880 pub hard_failures: usize,
1881}
1882
1883#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1887pub struct CanisterAuthorityActionV1 {
1888 pub canister_id: Option<String>,
1889 pub role: Option<String>,
1890 pub control_classification: CanisterControlClassV1,
1891 pub observed_controllers: Vec<String>,
1892 pub desired_controllers: Vec<String>,
1893 pub controller_delta: AuthorityControllerDeltaV1,
1894 pub action: AuthorityActionV1,
1895 pub state: AuthorityReconciliationStateV1,
1896 pub can_apply: bool,
1897 pub reason: String,
1898}
1899
1900#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1904pub struct AuthorityExternalActionV1 {
1905 pub subject: String,
1906 pub canister_id: Option<String>,
1907 pub role: Option<String>,
1908 pub control_classification: CanisterControlClassV1,
1909 pub state: AuthorityReconciliationStateV1,
1910 pub action: AuthorityActionV1,
1911 pub observed_controllers: Vec<String>,
1912 pub desired_controllers: Vec<String>,
1913 pub controller_delta: AuthorityControllerDeltaV1,
1914 pub reason: String,
1915}
1916
1917#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1921pub enum AuthorityActionV1 {
1922 None,
1923 AddControllers,
1924 RemoveControllers,
1925 ReplaceControllerSet,
1926 RequiresExternalController,
1927 RequiresDestructiveImportConfirmation,
1928 ObserveOnly,
1929 AdoptPlanAvailable,
1930 BlockedByPolicy,
1931 UnknownObservation,
1932}
1933
1934#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
1938pub enum AuthorityReconciliationStateV1 {
1939 AlreadyCorrect,
1940 CanApplyAutomatically,
1941 RequiresExternalAction,
1942 UnsafeBlocked,
1943 Unknown,
1944}
1945
1946#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1950pub struct DeploymentIdentityV1 {
1951 pub deployment_name: String,
1952 pub network: String,
1953 pub root_principal: Option<String>,
1954 pub authority_profile_hash: Option<String>,
1955 pub role_topology_hash: Option<String>,
1956 pub deployment_manifest_digest: Option<String>,
1957 pub canonical_runtime_config_digest: Option<String>,
1958 pub role_embedded_config_set_digest: Option<String>,
1959 pub artifact_set_digest: Option<String>,
1960 pub pool_identity_set_digest: Option<String>,
1961 pub canic_version: Option<String>,
1962 pub ic_memory_version: Option<String>,
1963}
1964
1965#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1969pub struct TrustDomainV1 {
1970 pub root_trust_anchor: Option<String>,
1971 pub migration_from: Option<String>,
1972}
1973
1974#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1978pub struct AuthorityProfileV1 {
1979 pub profile_id: String,
1980 pub expected_controllers: Vec<String>,
1981 pub staging_controllers: Vec<String>,
1982 pub emergency_controllers: Vec<String>,
1983}
1984
1985#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
1989pub struct RoleArtifactV1 {
1990 pub role: String,
1991 pub source: ArtifactSourceV1,
1992 pub build_profile: String,
1993 pub wasm_path: Option<String>,
1994 pub wasm_gz_path: Option<String>,
1995 pub wasm_gz_size_bytes: Option<u64>,
1996 pub wasm_sha256: Option<String>,
1997 pub wasm_gz_sha256: Option<String>,
1998 pub wasm_gz_sha256_source: Option<ArtifactDigestSourceV1>,
1999 pub observed_wasm_gz_file_sha256: Option<String>,
2000 pub observed_wasm_gz_file_sha256_source: Option<ArtifactDigestSourceV1>,
2001 pub installed_module_hash: Option<String>,
2002 pub candid_path: Option<String>,
2003 pub candid_sha256: Option<String>,
2004 pub raw_config_sha256: Option<String>,
2005 pub canonical_embedded_config_sha256: Option<String>,
2006 pub embedded_topology_sha256: Option<String>,
2007 pub builder_version: Option<String>,
2008 pub rust_toolchain: Option<String>,
2009 pub package_version: Option<String>,
2010}
2011
2012#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2016pub enum ArtifactDigestSourceV1 {
2017 ReleaseSetManifest,
2018 ObservedFileDigest,
2019 InstalledModuleHash,
2020}
2021
2022#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2026pub enum ArtifactSourceV1 {
2027 LocalBuild,
2028 ReleaseSet,
2029 WasmStore,
2030 External,
2031 Unknown,
2032}
2033
2034#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2038pub struct ExpectedCanisterV1 {
2039 pub role: String,
2040 pub canister_id: Option<String>,
2041 pub control_class: CanisterControlClassV1,
2042}
2043
2044#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2048pub struct ObservedCanisterV1 {
2049 pub canister_id: String,
2050 pub role: Option<String>,
2051 pub control_class: CanisterControlClassV1,
2052 pub controllers: Vec<String>,
2053 pub module_hash: Option<String>,
2054 pub status: Option<String>,
2055 pub root_trust_anchor: Option<String>,
2056 pub canonical_embedded_config_digest: Option<String>,
2057 pub role_assignment_source: Option<String>,
2058}
2059
2060#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2064pub enum CanisterControlClassV1 {
2065 DeploymentControlled,
2066 CanicManagedPool,
2067 ExternallyImported,
2068 JointlyControlled,
2069 UserControlled,
2070 UnknownUnsafe,
2071}
2072
2073#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2077pub struct ExpectedPoolCanisterV1 {
2078 pub pool: String,
2079 pub canister_id: Option<String>,
2080 pub role: Option<String>,
2081}
2082
2083#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2087pub struct ObservedPoolCanisterV1 {
2088 pub pool: String,
2089 pub canister_id: String,
2090 pub role: Option<String>,
2091 pub control_class: CanisterControlClassV1,
2092}
2093
2094#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2098pub struct LocalDeploymentConfigV1 {
2099 pub config_path: Option<String>,
2100 pub raw_config_sha256: Option<String>,
2101 pub canonical_embedded_config_sha256: Option<String>,
2102}
2103
2104#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2108pub struct ObservedArtifactV1 {
2109 pub role: String,
2110 pub artifact_path: String,
2111 pub file_sha256: Option<String>,
2112 pub file_sha256_source: Option<ArtifactDigestSourceV1>,
2113 pub payload_sha256: Option<String>,
2114 pub payload_size_bytes: Option<u64>,
2115 pub source: ArtifactSourceV1,
2116}
2117
2118#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2122pub struct VerifierReadinessExpectationV1 {
2123 pub required: bool,
2124 pub expected_role_epochs: Vec<RoleEpochExpectationV1>,
2125}
2126
2127#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2131pub struct VerifierReadinessObservationV1 {
2132 pub status: ObservationStatusV1,
2133 pub role_epochs: Vec<RoleEpochObservationV1>,
2134}
2135
2136#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2140pub struct RoleEpochExpectationV1 {
2141 pub role: String,
2142 pub minimum_epoch: u64,
2143}
2144
2145#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2149pub struct RoleEpochObservationV1 {
2150 pub role: String,
2151 pub observed_epoch: Option<u64>,
2152 pub status: ObservationStatusV1,
2153}
2154
2155#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2159pub struct DeploymentAssumptionV1 {
2160 pub key: String,
2161 pub description: String,
2162}
2163
2164#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2168pub struct DeploymentObservationGapV1 {
2169 pub key: String,
2170 pub description: String,
2171}
2172
2173#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2177pub struct PhaseReceiptV1 {
2178 pub phase: String,
2179 pub started_at: String,
2180 pub finished_at: Option<String>,
2181 pub attempted_action: String,
2182 pub verified_postcondition: VerifiedPostconditionV1,
2183}
2184
2185#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2189pub struct VerifiedPostconditionV1 {
2190 pub status: ObservationStatusV1,
2191 pub evidence: Vec<String>,
2192}
2193
2194#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2198pub enum DeploymentExecutionStatusV1 {
2199 NotStarted,
2200 InProgress,
2201 FailedBeforeMutation,
2202 PartiallyApplied,
2203 FailedAfterMutation,
2204 Complete,
2205}
2206
2207#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2211pub enum DeploymentCommandResultV1 {
2212 NotFinished,
2213 Succeeded,
2214 Failed { code: String, message: String },
2215}
2216
2217#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2221pub struct RolePhaseReceiptV1 {
2222 pub role: String,
2223 pub phase: String,
2224 pub result: RolePhaseResultV1,
2225 pub previous_module_hash: Option<String>,
2226 pub target_module_hash: Option<String>,
2227 pub observed_module_hash_after: Option<String>,
2228 pub artifact_digest: Option<String>,
2229 pub canonical_embedded_config_sha256: Option<String>,
2230 pub error: Option<String>,
2231}
2232
2233#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2237pub enum RolePhaseResultV1 {
2238 Applied,
2239 Failed,
2240 Skipped,
2241 NotAttempted,
2242 VerifiedAlreadyApplied,
2243}
2244
2245#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2249pub struct DiffItemV1 {
2250 pub category: String,
2251 pub subject: String,
2252 pub expected: Option<String>,
2253 pub observed: Option<String>,
2254 pub severity: SafetySeverityV1,
2255}
2256
2257#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2261pub struct ResumeSafetyV1 {
2262 pub status: SafetyStatusV1,
2263 pub reasons: Vec<String>,
2264}
2265
2266#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
2270pub struct SafetyFindingV1 {
2271 pub code: String,
2272 pub message: String,
2273 pub severity: SafetySeverityV1,
2274 pub subject: Option<String>,
2275}
2276
2277#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2281pub enum SafetyStatusV1 {
2282 NotEvaluated,
2283 Safe,
2284 Warning,
2285 Blocked,
2286}
2287
2288#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2292pub enum SafetySeverityV1 {
2293 Info,
2294 Warning,
2295 HardFailure,
2296}
2297
2298#[derive(Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize)]
2302pub enum ObservationStatusV1 {
2303 NotObserved,
2304 Observed,
2305 Missing,
2306 Inconclusive,
2307}