Expand description
F2 — guest-declared capability surface and the subset validator the host runs before accepting in-VM telemetry.
Companion to [validator]’s ADG-validated DeclaredAuthority (the
evidence form). This submodule ships declared::DeclaredAuthoritySurface
(the surface form, three plain fields) plus
declared::validate_declared_authority_surface, the subset check the
supervisor runs before accepting any guest declaration. See the module
docs in declared for the evidence-vs-surface split.
Guest-declared capability surface (F2 surface form).
§Why this exists alongside crate::authority::DeclaredAuthority
The B2-1 / F2-lattice landing in [crate::authority::validator] introduced
crate::authority::DeclaredAuthority — a fully ADG-validated typed
authority that wraps an crate::authority::AuthorityDerivation whose
rule-class set is the mono-class {GuestAgentDeclaration}. That type is the
evidence form: the validated record of how a guest declaration was
derived, attached to a CloudEvent, audited for §9 non-inflation.
This module ships the surface form: the plain capability surface the
in-VM guest agent CLAIMS it will use (egress rules, secret refs, DNS
queries), independent of any ADG bookkeeping. The host receives this
surface over the per-cell vsock channel ahead of (or alongside) telemetry
and validates declared ⊆ authorized before accepting any guest-side
evidence. The check is the F2 admission gate for in-VM telemetry per
ADR-0006:
a workload cannot launder authority by declaring more than the host
authorized.
Conceptually:
| Form | Type | Role |
|---|---|---|
| Evidence (ADG-bound) | crate::authority::DeclaredAuthority | One emission’s validated derivation; carries AuthorityDerivation |
| Surface (plain) | DeclaredAuthoritySurface | The set of capabilities the guest claims it will exercise; subset-checked against [AuthorityCapability] |
The two are not interchangeable and there is no From/Into between
them. The surface form is naming-disambiguated as
DeclaredAuthoritySurface because the unqualified name DeclaredAuthority
is already taken by the ADG variant (and that name’s public-API contract
is fixed by B2-1).
§Doctrine
- D9 (mechanical separation): the surface form is a plain struct with
no derivation, no superset trait link to host-side typed authorities, no
conversion to/from
crate::authority::DeclaredAuthority. Cross-witness composites (host + guest evidence for the same observed action) travel via two separately-typed emissions, not via a fused surface. - D11 (no I/O in
cellos-core):validate_declared_authority_surfaceis pure — plain values in,Resultout.
Structs§
- Declared
Authority Surface - Capability surface declared by the in-VM guest agent.
Functions§
- validate_
declared_ authority_ surface - Validate that a guest-declared capability surface is a subset of the
host-authorized
AuthorityCapability.