tf-types 0.1.8

Core semantic types, traits, and schemas powering the TrustForge protocol.
Documentation
// GENERATED by `tf-schema codegen --target rust` — DO NOT EDIT BY HAND.

#![allow(unused_imports, non_camel_case_types, non_snake_case, clippy::all)]

use serde::{Deserialize, Serialize};
use super::*;

/// Single action declaration.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct Action {
    pub name: ActionName,
    pub risk: RiskClass,
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub proof: Option<ProofLevel>,
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub approval: Option<ApprovalRequirement>,
    /// Human-readable purpose of the action.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub description: Option<String>,
    /// Glob patterns or @target-set references the action may target.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub allow_targets: Option<Vec<String>>,
    /// Glob patterns or @target-set references the action must not target.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub deny_targets: Option<Vec<String>>,
    /// Glob patterns matching caller actor URIs that MAY invoke this action. Empty / omitted means 'every authenticated actor is allowed' (subject to deny_actors and other guard rules). The matcher checks both the cryptographic actor URI (tf:actor:process:key/<thumbprint>) and the self-claimed peer_hint URI when present.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub allow_actors: Option<Vec<String>>,
    /// Glob patterns matching caller actor URIs that MUST NOT invoke this action. Overrides allow_actors. The matcher checks both the cryptographic actor URI and the self-claimed peer_hint URI.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub deny_actors: Option<Vec<String>>,
    /// Inline JSON Schema describing the parameters this action accepts.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub parameters: Option<serde_json::Value>,
    /// Hint that this action can be inverted by its counterpart.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub reversible: Option<bool>,
    /// Structured danger categories; AI agents MUST escalate on destructive / irreversible / financial / security-sensitive tags.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub danger_tags: Option<Vec<DangerTag>>,
    /// Named gates that must hold before this action may run.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub pre_conditions: Option<Vec<String>>,
    /// If reversible is false, a note on how the action can be undone out-of-band (e.g. via VCS).
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub reversal_note: Option<String>,
}

/// Declarative contract that makes a TrustForge-enabled codebase legible and safe for AI agents. See TF-0006.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct AgentContract {
    /// Version of the agent-contract schema itself.
    pub contract_version: AgentContract_ContractVersion,
    /// TrustForge spec revision this contract conforms to.
    pub spec_version: String,
    /// Project identifier used in logs and contract references.
    pub project: String,
    /// The TrustForge trust domain this project belongs to.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub trust_domain: Option<TrustDomain>,
    /// Pointers to companion manifests.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub references: Option<AgentContract_References>,
    /// Named glob lists, reusable in action rules.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub target_sets: Option<std::collections::BTreeMap<String, Vec<String>>>,
    /// Declared actions this project allows agents to perform.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub actions: Option<Vec<Action>>,
    /// Actions this project forbids outright.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub forbidden: Option<Vec<Forbidden>>,
    /// Connections to MCP tools, ProofRPC services, and test commands.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub integrations: Option<AgentContract_Integrations>,
    /// Profiles this project claims.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub conformance: Option<AgentContract_Conformance>,
}

/// Profiles this project claims.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct AgentContract_Conformance {
    /// Claimed conformance profiles.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub profiles: Option<Vec<String>>,
}

/// Version of the agent-contract schema itself.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum AgentContract_ContractVersion {
    #[serde(rename = "1")]
    V1,
}

/// Connections to MCP tools, ProofRPC services, and test commands.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct AgentContract_Integrations {
    /// MCP tool integration descriptors.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub mcp_tools: Option<Vec<serde_json::Value>>,
    /// ProofRPC service integration descriptors.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub proofrpc_services: Option<Vec<serde_json::Value>>,
    /// Shell commands that exercise the project's tests.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub test_commands: Option<Vec<String>>,
}

/// Pointers to companion manifests.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct AgentContract_References {
    /// Path to the project's threat-model manifest.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub threat_model: Option<String>,
    /// Policy backend in use by this project.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub policy_engine: Option<serde_json::Value>,
    /// Standard actions library identifier, e.g. tf-actions-std@1.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub actions_library: Option<String>,
}

/// Forbidden action entry.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct Forbidden {
    pub action: ActionName,
    /// Why this action is forbidden.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub reason: Option<String>,
}