greentic-types 0.5.2

Shared primitives for Greentic: TenantCtx, InvocationEnvelope, NodeError, ids.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190

//! Types used by QA setup contracts.
use alloc::{string::String, vec::Vec};

use ciborium::value::Value;
use serde::{Deserialize, Serialize};
use thiserror::Error;

use crate::{cbor::canonical, cbor_bytes::CborBytes, schema_id::SchemaSource};

/// Where the QA specification lives.
#[derive(Clone, Debug, PartialEq, Eq)]
#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
pub enum QaSpecSource {
    /// Inline CBOR specification bytes.
    InlineCbor(CborBytes),
    #[cfg(feature = "json-compat")]
    /// Inline JSON spec for transition/debug tooling.
    InlineJson(String),
    /// Schema hosted at a remote URI.
    RefUri(String),
    /// Schema stored in another pack path.
    RefPackPath(String),
}

/// Example answers submitted by a pack author.
#[derive(Clone, Debug, PartialEq, Eq)]
#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
pub struct ExampleAnswers {
    /// Friendly title for the example answers.
    pub title: String,
    /// Canonical CBOR payload.
    pub answers_cbor: CborBytes,
    /// Optional annotations or hints.
    pub notes: Option<String>,
}

/// Outputs produced by the setup flow.
#[derive(Clone, Debug, PartialEq, Eq)]
#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
pub enum SetupOutput {
    /// Only configuration data is emitted.
    ConfigOnly,
    /// Template-driven scaffold output.
    TemplateScaffold {
        /// Reference to the scaffold template.
        template_ref: String,
        /// Layout/slot description produced by the scaffold.
        output_layout: String,
    },
}

/// QA setup contract (optional convenience wrapper).
#[derive(Clone, Debug, PartialEq, Eq)]
#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
pub struct SetupContract {
    /// Reference to the QA spec.
    pub qa_spec: QaSpecSource,
    /// Optional schema describing answers.
    pub answers_schema: Option<SchemaSource>,
    /// Example answer blobs for documentation.
    pub examples: Vec<ExampleAnswers>,
    /// Declared outputs for the setup run.
    pub outputs: Vec<SetupOutput>,
}

/// Canonical enforcement policy used by `validate_answers`.
#[derive(Clone, Copy, Debug, PartialEq, Eq)]
pub enum CanonicalPolicy {
    /// Skip canonical enforcement.
    Off,
    /// Treat non-canonical CBOR as errors.
    RequireCanonical,
    /// Re-encode answers into canonical form.
    Canonicalize,
}

/// Errors produced during QA answer validation.
#[derive(Debug, Error)]
pub enum ValidateAnswersError {
    /// Failed to decode the answers payload.
    #[error("CBOR decode failed: {0}")]
    Decode(String),
    /// Answers must be represented as a CBOR map/object.
    #[error("answers must be a CBOR map/object")]
    NotMap,
    /// Canonicalization check failed.
    #[error(transparent)]
    Canonical(#[from] canonical::CanonicalError),
}

/// MVP validator that ensures answer CBOR is a map and optionally canonical.
pub fn validate_answers(
    schema: &SchemaSource,
    answers_cbor: &CborBytes,
    policy: CanonicalPolicy,
) -> Result<CborBytes, ValidateAnswersError> {
    let _ = schema;
    let value: Value = ciborium::de::from_reader(answers_cbor.as_slice())
        .map_err(|err| ValidateAnswersError::Decode(err.to_string()))?;

    if !matches!(value, Value::Map(_)) {
        return Err(ValidateAnswersError::NotMap);
    }

    match policy {
        CanonicalPolicy::Off => Ok(answers_cbor.clone()),
        CanonicalPolicy::RequireCanonical => {
            answers_cbor.ensure_canonical()?;
            Ok(answers_cbor.clone())
        }
        CanonicalPolicy::Canonicalize => {
            let canonical_bytes = canonical::canonicalize(answers_cbor.as_slice())?;
            Ok(CborBytes(canonical_bytes))
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use alloc::collections::BTreeMap;

    fn schema_bytes() -> Vec<u8> {
        let mut map = BTreeMap::new();
        map.insert("key", "value");
        match canonical::to_canonical_cbor(&map) {
            Ok(bytes) => bytes,
            Err(err) => panic!("schema canonicalization failed: {err:?}"),
        }
    }

    fn schema_blob() -> CborBytes {
        CborBytes(schema_bytes())
    }

    #[test]
    fn validate_accepts_map_off_policy() {
        let bytes = schema_blob();
        let source = SchemaSource::InlineCbor(bytes.clone());
        let result = match validate_answers(&source, &bytes, CanonicalPolicy::Off) {
            Ok(value) => value,
            Err(err) => panic!("validation failed: {err:?}"),
        };
        assert_eq!(result.as_slice(), bytes.as_slice());
    }

    #[test]
    fn validate_rejects_non_map() {
        let bytes = match canonical::to_canonical_cbor(&"string") {
            Ok(value) => value,
            Err(err) => panic!("canonicalize string failed: {err:?}"),
        };
        let source = SchemaSource::InlineCbor(CborBytes(bytes.clone()));
        assert!(matches!(
            validate_answers(&source, &CborBytes(bytes), CanonicalPolicy::Off),
            Err(ValidateAnswersError::NotMap)
        ));
    }

    #[test]
    fn canonicalize_policy_rewrites_indefinite_map() {
        let indefinite = vec![0xBF, 0x61, b'a', 0x01, 0xFF];
        let source = SchemaSource::InlineCbor(CborBytes::new(indefinite.clone()));
        let canonical_bytes = match validate_answers(
            &source,
            &CborBytes(indefinite),
            CanonicalPolicy::Canonicalize,
        ) {
            Ok(bytes) => bytes,
            Err(err) => panic!("validation failed: {err:?}"),
        };
        if let Err(err) = canonical::ensure_canonical(canonical_bytes.as_slice()) {
            panic!("ensure canonical failed: {err:?}");
        }
    }

    #[test]
    fn require_canonical_rejects_indefinite() {
        let indefinite = vec![0xBF, 0x61, b'a', 0x01, 0xFF];
        let source = SchemaSource::InlineCbor(CborBytes::new(indefinite.clone()));
        assert!(matches!(
            validate_answers(
                &source,
                &CborBytes(indefinite),
                CanonicalPolicy::RequireCanonical
            ),
            Err(ValidateAnswersError::Canonical(_))
        ));
    }
}