1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
// GENERATED by `tf-schema codegen --target rust` — DO NOT EDIT BY HAND.
#![allow(unused_imports, non_camel_case_types, non_snake_case, clippy::all)]
use serde::{Deserialize, Serialize};
use super::*;
/// Configuration file for a running tf-daemon instance (.tf/daemon.yaml).
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct DaemonConfig {
/// Version of the daemon-config schema itself.
pub daemon_version: DaemonConfig_DaemonVersion,
/// Actor URI the daemon presents during the session handshake.
pub self_actor: ActorId,
/// Transport bind settings for the daemon.
pub listen: DaemonConfig_Listen,
/// On-disk vault location.
pub vault: DaemonConfig_Vault,
/// Path to the agent-contract YAML this daemon enforces.
pub contract_path: String,
/// Path to the .tflog file the daemon appends to.
pub proof_log_path: String,
/// v1 local HTTP endpoint exposure. TCP listeners require bearer auth; Unix-domain sockets are local-decision sockets guarded by filesystem/group/peer trust.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub http: Option<DaemonConfig_Http>,
/// Approval-queue tuning.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub approval_queue: Option<DaemonConfig_ApprovalQueue>,
/// Conformance profile this daemon claims at startup. The runtime FeatureGate refuses to boot when the profile's MUST entries are not all satisfied.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub profile: Option<String>,
/// Default EnforcementLevel for the daemon's AgentGuard. See DECISIONS.md "Progressive enforcement".
#[serde(skip_serializing_if = "Option::is_none", default)]
pub enforcement_level: Option<EnforcementLevel>,
/// Local admin HTTP endpoint. Disabled when omitted.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub admin: Option<DaemonConfig_Admin>,
}
/// Local admin HTTP endpoint. Disabled when omitted.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct DaemonConfig_Admin {
/// When true, the daemon serves /admin/* HTTP routes alongside the WebSocket session listener.
pub enabled: bool,
/// Environment variable holding the bearer token for admin requests. Default TF_ADMIN_TOKEN.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub token_env: Option<String>,
/// Path of the JSON revocation list the admin endpoint appends to.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub revocation_path: Option<String>,
/// Expected Host header and listener bind for admin routes. Defaults to 127.0.0.1.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub bind: Option<String>,
/// Maximum accepted JSON body size for admin and v1 routes. Defaults to 65536.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub max_body_bytes: Option<i64>,
}
/// Approval-queue tuning.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct DaemonConfig_ApprovalQueue {
/// Maximum pending approval requests before new ones are rejected.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub max_pending: Option<i64>,
/// How long to wait for an approval response before defaulting to deny.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub default_timeout_seconds: Option<i64>,
}
/// Version of the daemon-config schema itself.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum DaemonConfig_DaemonVersion {
#[serde(rename = "1")]
V1,
}
/// v1 local HTTP endpoint exposure. TCP listeners require bearer auth; Unix-domain sockets are local-decision sockets guarded by filesystem/group/peer trust.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct DaemonConfig_Http {
/// TCP exposure for /v1/* endpoints. This surface is bearer-token protected.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub tcp: Option<serde_json::Value>,
/// Unix-domain socket exposure for local decision callers. /v1/decide uses local-peer trust; privileged routes stay bearer-gated.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub unix: Option<serde_json::Value>,
}
/// Transport bind settings for the daemon.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct DaemonConfig_Listen {
/// Carrier kind. websocket: drive session over Bun.serve. tcp: drive session over raw Bun.listen. tls: drive session over raw Bun.listen with TLS termination.
pub kind: String,
/// Bind host for the WebSocket listener.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub bind: Option<String>,
/// Port for the WebSocket listener. 0 asks the OS to pick one.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub port: Option<i64>,
}
/// On-disk vault location.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct DaemonConfig_Vault {
/// Path to the passphrase-encrypted vault file.
pub path: String,
}