tf-types 0.1.6

Core semantic types, traits, and schemas powering the TrustForge protocol.
Documentation
// GENERATED by `tf-schema codegen --target rust` — DO NOT EDIT BY HAND.

#![allow(unused_imports, non_camel_case_types, non_snake_case, clippy::all)]

use serde::{Deserialize, Serialize};
use super::*;

/// Structured result emitted by a TrustForge PolicyEngine. Captures the decision, the rule that produced it, the constraints attached, and enough provenance to be replayed in audits and verified after the fact (TF-0004, DECISIONS.md "AI-readable manifests").
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct PolicyDecision {
    /// Version of the policy-decision schema itself.
    pub decision_version: PolicyDecision_DecisionVersion,
    /// Which engine produced this decision.
    pub policy_engine: PolicyDecision_PolicyEngine,
    /// Free-form version label so audits can replay the same engine build.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub engine_version: Option<String>,
    pub trust_domain: TrustDomain,
    /// Actor URI the policy was evaluated against.
    pub subject: ActorId,
    /// Optional actor instance URI captured in the decision.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub instance: Option<InstanceId>,
    /// Action name being authorized.
    pub action: ActionName,
    /// Target the action operates on (file path, record id, URL, ...).
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub target: Option<String>,
    /// Effect produced by the policy engine.
    pub decision: PolicyDecision_Decision,
    /// Identifier of the rule that produced the decision.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub rule_id: Option<String>,
    /// Human-readable explanation of the decision.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub reason: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub approval: Option<ApprovalRequirement>,
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub proof_required: Option<ProofLevel>,
    /// Constraints the rule attached to this decision.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub constraints_applied: Option<Vec<Constraint>>,
    /// Negative capabilities considered while reaching the decision (for audit).
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub negative_capabilities_consulted: Option<Vec<NegativeCapability>>,
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub enforcement_level: Option<EnforcementLevel>,
    pub evaluated_at: Timestamp,
    /// Hash of the policy manifest that was evaluated. Lets auditors replay the decision against the exact manifest.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub policy_manifest_hash: Option<HashRef>,
    /// Free-form evaluation-time context (session id, posture flags, quorum approver count, etc.).
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub context: Option<serde_json::Value>,
}

/// Effect produced by the policy engine.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum PolicyDecision_Decision {
    #[serde(rename = "allow")]
    Allow,
    #[serde(rename = "deny")]
    Deny,
    #[serde(rename = "escalate")]
    Escalate,
    #[serde(rename = "approval-required")]
    ApprovalRequired,
    #[serde(rename = "log-only")]
    LogOnly,
}

/// Version of the policy-decision schema itself.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum PolicyDecision_DecisionVersion {
    #[serde(rename = "1")]
    V1,
}

/// Which engine produced this decision.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum PolicyDecision_PolicyEngine {
    #[serde(rename = "cedar")]
    Cedar,
    #[serde(rename = "rego")]
    Rego,
    #[serde(rename = "custom")]
    Custom,
    #[serde(rename = "native")]
    Native,
    #[serde(rename = "none")]
    None,
}