tf-types 0.1.6

Core semantic types, traits, and schemas powering the TrustForge protocol.
Documentation
// GENERATED by `tf-schema codegen --target rust` — DO NOT EDIT BY HAND.

#![allow(unused_imports, non_camel_case_types, non_snake_case, clippy::all)]

use serde::{Deserialize, Serialize};
use super::*;

/// Declarative policy definition referenced by TF-0004. Backend-agnostic (Cedar, Rego, custom, native, none).
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct Policy {
    /// Version of the policy manifest schema itself.
    pub policy_version: Policy_PolicyVersion,
    /// Trust domain this policy applies within.
    pub trust_domain: TrustDomain,
    /// Policy engine that interprets this manifest.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub engine_hint: Option<Policy_EngineHint>,
    /// Policy rules evaluated top-to-bottom until a match yields a decision.
    pub rules: Vec<Rule>,
    /// Explicit denials that override grants regardless of rule order.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub negative_capabilities: Option<Vec<NegativeCapability>>,
    /// Default quorum settings when a rule requests quorum approval without specifying one.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub quorum_defaults: Option<Policy_QuorumDefaults>,
    /// When live sessions must re-check this policy during execution.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub continuous_reevaluation: Option<Policy_ContinuousReevaluation>,
}

/// When live sessions must re-check this policy during execution.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct Policy_ContinuousReevaluation {
    /// Events that force a re-evaluation of in-flight authorizations.
    pub triggers: Vec<String>,
}

/// Policy engine that interprets this manifest.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum Policy_EngineHint {
    #[serde(rename = "cedar")]
    Cedar,
    #[serde(rename = "rego")]
    Rego,
    #[serde(rename = "custom")]
    Custom,
    #[serde(rename = "native")]
    Native,
    #[serde(rename = "none")]
    None,
}

/// Version of the policy manifest schema itself.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum Policy_PolicyVersion {
    #[serde(rename = "1")]
    V1,
}

/// Default quorum settings when a rule requests quorum approval without specifying one.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct Policy_QuorumDefaults {
    /// Minimum number of approvers required.
    pub min_approvers: i64,
    /// Eligible approvers.
    pub of: Vec<ActorId>,
}

/// A single policy rule.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct Rule {
    /// Rule identifier, used in proofs and audit logs.
    pub id: String,
    /// Decision produced when the rule matches.
    pub effect: Rule_Effect,
    /// Exact action this rule applies to.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub action: Option<ActionName>,
    /// Regex (ECMAScript) matched against action names when an exact action is not set.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub action_pattern: Option<String>,
    /// Regex matched against the subject actor URI.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub subject_pattern: Option<String>,
    /// Glob patterns matched against the action target.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub target_patterns: Option<Vec<String>>,
    /// Rule applies only to actions whose risk is at or below this class.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub risk_at_most: Option<RiskClass>,
    /// Minimum proof level demanded when this rule applies.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub proof_required: Option<ProofLevel>,
    /// Approval requirement demanded when this rule applies.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub approval: Option<ApprovalRequirement>,
    /// Additional constraints attached by this rule.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub constraints: Option<Vec<Constraint>>,
    /// Human-readable reason emitted in the decision.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub reason: Option<String>,
}

/// Decision produced when the rule matches.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum Rule_Effect {
    #[serde(rename = "allow")]
    Allow,
    #[serde(rename = "deny")]
    Deny,
    #[serde(rename = "escalate")]
    Escalate,
    #[serde(rename = "log_only")]
    LogOnly,
}