use serde::{Deserialize, Serialize};
use crate::schema::{NonEmptyString, RunxSchema};
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
#[serde(rename_all = "snake_case")]
pub enum AuthorityKind {
ReadOnly,
Constructive,
Destructive,
}
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
#[serde(rename_all = "snake_case")]
pub enum ScopeAdmissionStatus {
Allow,
Deny,
}
#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
pub enum CredentialEnvelopeKind {
#[serde(rename = "runx.credential-envelope.v1")]
V1,
}
#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
pub enum AuthorityProofSchemaVersion {
#[serde(rename = "runx.authority-proof.v1")]
V1,
}
#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
#[serde(rename_all = "snake_case")]
pub enum AuthorityProofCredentialMaterialStatus {
NotRequested,
NotResolved,
Resolved,
Denied,
}
#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
#[serde(rename_all = "snake_case")]
pub enum AuthorityProofApprovalDecisionValue {
Approved,
Denied,
}
#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
pub enum AuthorityProofRedactionStatus {
#[serde(rename = "applied")]
Applied,
}
#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
pub enum AuthorityProofRedactionSecretMaterial {
#[serde(rename = "omitted")]
Omitted,
}
#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
pub enum AuthorityProofRedactionStream {
#[serde(rename = "hashed")]
Hashed,
}
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
#[serde(rename_all = "snake_case", deny_unknown_fields)]
#[runx_schema(spec_id = "https://runx.ai/spec/scope-admission.schema.json")]
pub struct ScopeAdmission {
pub status: ScopeAdmissionStatus,
pub requested_scopes: Vec<NonEmptyString>,
pub granted_scopes: Vec<NonEmptyString>,
#[serde(skip_serializing_if = "Option::is_none")]
pub grant_id: Option<NonEmptyString>,
#[serde(skip_serializing_if = "Option::is_none")]
pub reasons: Option<Vec<NonEmptyString>>,
#[serde(skip_serializing_if = "Option::is_none")]
pub decision_summary: Option<String>,
}
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
#[serde(rename_all = "snake_case", deny_unknown_fields)]
pub struct CredentialGrantReference {
pub grant_id: NonEmptyString,
pub scope_family: NonEmptyString,
pub authority_kind: AuthorityKind,
#[serde(skip_serializing_if = "Option::is_none")]
pub target_repo: Option<NonEmptyString>,
#[serde(skip_serializing_if = "Option::is_none")]
pub target_locator: Option<NonEmptyString>,
}
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
#[serde(rename_all = "snake_case", deny_unknown_fields)]
#[runx_schema(spec_id = "https://runx.ai/spec/credential-envelope.schema.json")]
pub struct CredentialEnvelope {
pub kind: CredentialEnvelopeKind,
pub grant_id: NonEmptyString,
pub provider: NonEmptyString,
pub auth_mode: NonEmptyString,
pub material_kind: NonEmptyString,
pub provider_reference: NonEmptyString,
pub scopes: Vec<NonEmptyString>,
#[serde(skip_serializing_if = "Option::is_none")]
pub grant_reference: Option<CredentialGrantReference>,
pub material_ref: NonEmptyString,
}
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
#[serde(rename_all = "snake_case", deny_unknown_fields)]
pub struct AuthorityProofRequested {
pub connected_auth: bool,
pub scopes: Vec<NonEmptyString>,
pub mutating: bool,
#[serde(skip_serializing_if = "Option::is_none")]
pub scope_family: Option<NonEmptyString>,
#[serde(skip_serializing_if = "Option::is_none")]
pub authority_kind: Option<AuthorityKind>,
#[serde(skip_serializing_if = "Option::is_none")]
pub target_repo: Option<NonEmptyString>,
#[serde(skip_serializing_if = "Option::is_none")]
pub target_locator: Option<NonEmptyString>,
#[serde(skip_serializing_if = "Option::is_none")]
pub sandbox_profile: Option<NonEmptyString>,
}
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
#[serde(rename_all = "snake_case", deny_unknown_fields)]
pub struct AuthorityProofCredentialMaterial {
pub status: AuthorityProofCredentialMaterialStatus,
#[serde(skip_serializing_if = "Option::is_none")]
pub grant_id: Option<NonEmptyString>,
#[serde(skip_serializing_if = "Option::is_none")]
pub provider: Option<NonEmptyString>,
#[serde(skip_serializing_if = "Option::is_none")]
pub provider_reference: Option<NonEmptyString>,
#[serde(skip_serializing_if = "Option::is_none")]
pub scopes: Option<Vec<NonEmptyString>>,
#[serde(skip_serializing_if = "Option::is_none")]
pub scope_family: Option<NonEmptyString>,
#[serde(skip_serializing_if = "Option::is_none")]
pub authority_kind: Option<AuthorityKind>,
#[serde(skip_serializing_if = "Option::is_none")]
pub target_repo: Option<NonEmptyString>,
#[serde(skip_serializing_if = "Option::is_none")]
pub target_locator: Option<NonEmptyString>,
#[serde(skip_serializing_if = "Option::is_none")]
pub grant_reference: Option<CredentialGrantReference>,
#[serde(skip_serializing_if = "Option::is_none")]
pub material_ref_hash: Option<NonEmptyString>,
}
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
#[serde(rename_all = "snake_case", deny_unknown_fields)]
pub struct AuthorityProofSandboxNetwork {
#[serde(skip_serializing_if = "Option::is_none")]
pub declared: Option<bool>,
#[serde(skip_serializing_if = "Option::is_none")]
pub enforcement: Option<NonEmptyString>,
}
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
#[serde(rename_all = "snake_case", deny_unknown_fields)]
pub struct AuthorityProofSandboxFilesystem {
#[serde(skip_serializing_if = "Option::is_none")]
pub enforcement: Option<NonEmptyString>,
#[serde(skip_serializing_if = "Option::is_none")]
pub readonly_paths: Option<bool>,
#[serde(skip_serializing_if = "Option::is_none")]
pub writable_paths_enforced: Option<bool>,
#[serde(skip_serializing_if = "Option::is_none")]
pub private_tmp: Option<bool>,
}
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
#[serde(rename_all = "snake_case", deny_unknown_fields)]
pub struct AuthorityProofSandboxRuntime {
#[serde(skip_serializing_if = "Option::is_none")]
pub enforcer: Option<NonEmptyString>,
#[serde(skip_serializing_if = "Option::is_none")]
pub reason: Option<NonEmptyString>,
}
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
#[serde(rename_all = "snake_case", deny_unknown_fields)]
pub struct AuthorityProofSandbox {
pub profile: NonEmptyString,
#[serde(skip_serializing_if = "Option::is_none")]
pub cwd_policy: Option<NonEmptyString>,
#[serde(skip_serializing_if = "Option::is_none")]
pub require_enforcement: Option<bool>,
#[serde(skip_serializing_if = "Option::is_none")]
pub network: Option<AuthorityProofSandboxNetwork>,
#[serde(skip_serializing_if = "Option::is_none")]
pub filesystem: Option<AuthorityProofSandboxFilesystem>,
#[serde(skip_serializing_if = "Option::is_none")]
pub runtime: Option<AuthorityProofSandboxRuntime>,
#[serde(skip_serializing_if = "Option::is_none")]
pub approval_required: Option<bool>,
#[serde(skip_serializing_if = "Option::is_none")]
pub approval_approved: Option<bool>,
}
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
#[serde(rename_all = "snake_case", deny_unknown_fields)]
pub struct AuthorityProofApprovalDecision {
pub gate_id: NonEmptyString,
pub gate_type: NonEmptyString,
pub decision: AuthorityProofApprovalDecisionValue,
#[serde(skip_serializing_if = "Option::is_none")]
pub reason: Option<NonEmptyString>,
}
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
#[serde(rename_all = "snake_case", deny_unknown_fields)]
pub struct AuthorityProofRedaction {
pub status: AuthorityProofRedactionStatus,
pub secret_material: AuthorityProofRedactionSecretMaterial,
pub stdout: AuthorityProofRedactionStream,
pub stderr: AuthorityProofRedactionStream,
pub metadata_secret_keys: Vec<NonEmptyString>,
}
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, RunxSchema)]
#[serde(rename_all = "snake_case", deny_unknown_fields)]
#[runx_schema(spec_id = "https://runx.ai/spec/authority-proof.schema.json")]
pub struct AuthorityProof {
pub schema_version: AuthorityProofSchemaVersion,
#[serde(skip_serializing_if = "Option::is_none")]
pub run_id: Option<NonEmptyString>,
pub skill_name: NonEmptyString,
pub source_type: NonEmptyString,
pub requested: AuthorityProofRequested,
pub scope_admission: ScopeAdmission,
pub credential_material: AuthorityProofCredentialMaterial,
#[serde(skip_serializing_if = "Option::is_none")]
pub sandbox: Option<AuthorityProofSandbox>,
#[serde(skip_serializing_if = "Option::is_none")]
pub approval_gate: Option<AuthorityProofApprovalDecision>,
pub redaction: AuthorityProofRedaction,
}