chio-http-core 0.1.0

Protocol-agnostic HTTP security types for the Chio kernel
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

//! Shared HTTP substrate response types.

use chio_kernel::SignedExecutionNonce;
use serde::{Deserialize, Serialize};

use crate::{GuardEvidence, HttpReceipt, Verdict};

/// Response body for sidecar HTTP request evaluation.
///
/// On an `Allow` verdict from a kernel configured with
/// `ExecutionNonceConfig`, the response carries a short-lived signed nonce
/// that the client MUST re-present before executing the tool call. The
/// field is `None` on `Deny`/`Cancel`/`Incomplete` and on deployments
/// without a nonce config, preserving wire-level backward compatibility.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct EvaluateResponse {
    pub verdict: Verdict,
    pub receipt: HttpReceipt,
    #[serde(default)]
    pub evidence: Vec<GuardEvidence>,
    /// Optional signed execution nonce. Present only when the kernel
    /// issues one (allow verdict + strict/opt-in nonce mode). See
    /// `docs/protocols/STRUCTURAL-SECURITY-FIXES.md` section 1.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub execution_nonce: Option<SignedExecutionNonce>,
}

/// Response body for receipt verification.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct VerifyReceiptResponse {
    pub valid: bool,
}

/// Sidecar health states.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
#[serde(rename_all = "snake_case")]
pub enum SidecarStatus {
    Healthy,
    Degraded,
    Unhealthy,
}

/// Response body for sidecar health checks.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct HealthResponse {
    pub status: SidecarStatus,
    pub version: String,
}