tf-types 0.1.6

Core semantic types, traits, and schemas powering the TrustForge protocol.
Documentation
// GENERATED by `tf-schema codegen --target rust` — DO NOT EDIT BY HAND.

#![allow(unused_imports, non_camel_case_types, non_snake_case, clippy::all)]

use serde::{Deserialize, Serialize};
use super::*;

/// Dotted lowercase action identifier, e.g. file.write, shell.exec.
pub type ActionName = String;

/// Universal actor URI: tf:actor:<type>:<path>. See TF-0002.
pub type ActorId = String;

/// Canonical actor types from TF-0002.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum ActorType {
    #[serde(rename = "human")]
    Human,
    #[serde(rename = "agent")]
    Agent,
    #[serde(rename = "device")]
    Device,
    #[serde(rename = "service")]
    Service,
    #[serde(rename = "site")]
    Site,
    #[serde(rename = "organization")]
    Organization,
    #[serde(rename = "relay")]
    Relay,
    #[serde(rename = "plugin")]
    Plugin,
    #[serde(rename = "process")]
    Process,
    #[serde(rename = "tool")]
    Tool,
    #[serde(rename = "model-provider")]
    ModelProvider,
    #[serde(rename = "policy-engine")]
    PolicyEngine,
    #[serde(rename = "proof-anchor")]
    ProofAnchor,
    #[serde(rename = "emergency-authority")]
    EmergencyAuthority,
}

/// Signature or KEM algorithm identifier, e.g. ed25519, ml-dsa-65, p256.
pub type AlgorithmId = String;

/// Default approval requirement modes.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum ApprovalRequirement {
    #[serde(rename = "none")]
    None,
    #[serde(rename = "conditional")]
    Conditional,
    #[serde(rename = "required")]
    Required,
    #[serde(rename = "quorum")]
    Quorum,
}

/// Capability grant shape (TF-0004).
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct Capability {
    pub name: ActionName,
    pub risk: RiskClass,
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub proof_required: Option<ProofLevel>,
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub approval: Option<ApprovalRequirement>,
    /// Constraints that must all hold for the capability to apply.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub constraints: Option<Vec<Constraint>>,
    /// If true, consumed after one invocation.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub single_use: Option<bool>,
    /// If true, subject may delegate this capability.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub delegable: Option<bool>,
    /// If false, revocation is ineffective.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub revocable: Option<bool>,
    /// If true, usable without live authority checks.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub offline_valid: Option<bool>,
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub expires_at: Option<Timestamp>,
}

/// Capability/grant constraint, discriminated by `kind`.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
#[serde(tag = "kind")]
pub enum Constraint {
    #[serde(rename = "time_window")]
    TimeWindow {
        #[serde(skip_serializing_if = "Option::is_none", default)]
        from: Option<Timestamp>,
        until: Timestamp,
    },
    #[serde(rename = "target")]
    Target {
        patterns: Vec<String>,
    },
    #[serde(rename = "quantity")]
    Quantity {
        max: i64,
        #[serde(skip_serializing_if = "Option::is_none", default)]
        unit: Option<String>,
    },
    #[serde(rename = "rate")]
    Rate {
        max_per_window: i64,
        window_seconds: i64,
    },
    #[serde(rename = "session")]
    Session {
        session_id: String,
    },
    #[serde(rename = "approval")]
    Approval {
        approval: ApprovalRequirement,
    },
    #[serde(rename = "quorum")]
    Quorum {
        quorum: i64,
        of: Vec<ActorId>,
    },
    #[serde(rename = "device_binding")]
    DeviceBinding {
        device_actor: ActorId,
    },
}

/// Structured danger categories used by agent-contract and dangerous-actions. AI agents must escalate on destructive / irreversible / financial / security-sensitive tags regardless of the declared approval mode.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum DangerTag {
    #[serde(rename = "financial")]
    Financial,
    #[serde(rename = "destructive")]
    Destructive,
    #[serde(rename = "irreversible")]
    Irreversible,
    #[serde(rename = "security-sensitive")]
    SecuritySensitive,
    #[serde(rename = "privacy")]
    Privacy,
    #[serde(rename = "external-network")]
    ExternalNetwork,
    #[serde(rename = "legal-exposure")]
    LegalExposure,
    #[serde(rename = "high-compute")]
    HighCompute,
}

/// One step in a delegation chain (TF-0004).
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct DelegationLink {
    pub delegator: ActorId,
    pub delegate: ActorId,
    /// Capabilities being delegated at this step.
    pub capabilities: Vec<Capability>,
    /// Additional constraints imposed at this step.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub constraints: Option<Vec<Constraint>>,
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub expires_at: Option<Timestamp>,
    /// Redelegation rules for this step.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub redelegation: Option<DelegationLink_Redelegation>,
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub proof_ref: Option<HashRef>,
}

/// Redelegation rules for this step.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct DelegationLink_Redelegation {
    /// If true, delegate may redelegate onward.
    pub allowed: bool,
    /// Maximum further delegation depth.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub max_depth: Option<i64>,
}

/// Enforcement levels (see DECISIONS.md).
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum EnforcementLevel {
    #[serde(rename = "E0")]
    E0,
    #[serde(rename = "E1")]
    E1,
    #[serde(rename = "E2")]
    E2,
    #[serde(rename = "E3")]
    E3,
    #[serde(rename = "E4")]
    E4,
    #[serde(rename = "E5")]
    E5,
}

/// Algorithm-prefixed lowercase-hex hash.
pub type HashRef = String;

/// Actor instance URI: tf:instance:<type>:<path>/<instance-path>.
pub type InstanceId = String;

/// Explicit denial; overrides overlapping grants.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct NegativeCapability {
    pub name: ActionName,
    /// Optional target pattern the denial applies to.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub target: Option<String>,
    /// Human-readable denial reason.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub reason: Option<String>,
    /// Grant IDs this negative capability explicitly overrides.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub overrides: Option<Vec<String>>,
}

/// Proof levels from TF-0005.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum ProofLevel {
    #[serde(rename = "L0")]
    L0,
    #[serde(rename = "L1")]
    L1,
    #[serde(rename = "L2")]
    L2,
    #[serde(rename = "L3")]
    L3,
    #[serde(rename = "L4")]
    L4,
    #[serde(rename = "L5")]
    L5,
}

/// Risk classes from TF-0004.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum RiskClass {
    #[serde(rename = "R0")]
    R0,
    #[serde(rename = "R1")]
    R1,
    #[serde(rename = "R2")]
    R2,
    #[serde(rename = "R3")]
    R3,
    #[serde(rename = "R4")]
    R4,
    #[serde(rename = "R5")]
    R5,
}

/// Opaque signature envelope. No crypto performed in the foundation phase.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct SignatureEnvelope {
    pub algorithm: AlgorithmId,
    pub signer: ActorId,
    /// Base64-encoded signature bytes. Not verified in the foundation phase.
    pub signature: String,
    /// Optional hash used before signing, e.g. sha256.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub hash_alg: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub alt_algorithm: Option<AlgorithmId>,
    /// Optional second signature for hybrid post-quantum signing.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub alt_signature: Option<String>,
}

/// RFC 3339 timestamp with required timezone.
pub type Timestamp = String;

/// Trust-domain identifier. DNS-like (e.g. example.com), or local-scoped (e.g. local/home).
pub type TrustDomain = String;

/// Trust levels from TF-0002.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum TrustLevel {
    #[serde(rename = "T0")]
    T0,
    #[serde(rename = "T1")]
    T1,
    #[serde(rename = "T2")]
    T2,
    #[serde(rename = "T3")]
    T3,
    #[serde(rename = "T4")]
    T4,
    #[serde(rename = "T5")]
    T5,
    #[serde(rename = "T6")]
    T6,
    #[serde(rename = "T7")]
    T7,
}