tf-types 0.1.8

Core semantic types, traits, and schemas powering the TrustForge protocol.
Documentation
// GENERATED by `tf-schema codegen --target rust` — DO NOT EDIT BY HAND.

#![allow(unused_imports, non_camel_case_types, non_snake_case, clippy::all)]

use serde::{Deserialize, Serialize};
use super::*;

/// Configuration file for a running tf-daemon instance (.tf/daemon.yaml).
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct DaemonConfig {
    /// Version of the daemon-config schema itself.
    pub daemon_version: DaemonConfig_DaemonVersion,
    /// Actor URI the daemon presents during the session handshake.
    pub self_actor: ActorId,
    /// Transport bind settings for the daemon.
    pub listen: DaemonConfig_Listen,
    /// On-disk vault location.
    pub vault: DaemonConfig_Vault,
    /// Path to the agent-contract YAML this daemon enforces.
    pub contract_path: String,
    /// Path to the .tflog file the daemon appends to.
    pub proof_log_path: String,
    /// v1 local HTTP endpoint exposure. TCP listeners require bearer auth; Unix-domain sockets are local-decision sockets guarded by filesystem/group/peer trust.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub http: Option<DaemonConfig_Http>,
    /// Approval-queue tuning.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub approval_queue: Option<DaemonConfig_ApprovalQueue>,
    /// Conformance profile this daemon claims at startup. The runtime FeatureGate refuses to boot when the profile's MUST entries are not all satisfied.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub profile: Option<String>,
    /// Default EnforcementLevel for the daemon's AgentGuard. See DECISIONS.md "Progressive enforcement".
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub enforcement_level: Option<EnforcementLevel>,
    /// Local admin HTTP endpoint. Disabled when omitted.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub admin: Option<DaemonConfig_Admin>,
}

/// Local admin HTTP endpoint. Disabled when omitted.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct DaemonConfig_Admin {
    /// When true, the daemon serves /admin/* HTTP routes alongside the WebSocket session listener.
    pub enabled: bool,
    /// Environment variable holding the bearer token for admin requests. Default TF_ADMIN_TOKEN.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub token_env: Option<String>,
    /// Path of the JSON revocation list the admin endpoint appends to.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub revocation_path: Option<String>,
    /// Expected Host header and listener bind for admin routes. Defaults to 127.0.0.1.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub bind: Option<String>,
    /// Maximum accepted JSON body size for admin and v1 routes. Defaults to 65536.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub max_body_bytes: Option<i64>,
}

/// Approval-queue tuning.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct DaemonConfig_ApprovalQueue {
    /// Maximum pending approval requests before new ones are rejected.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub max_pending: Option<i64>,
    /// How long to wait for an approval response before defaulting to deny.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub default_timeout_seconds: Option<i64>,
}

/// Version of the daemon-config schema itself.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum DaemonConfig_DaemonVersion {
    #[serde(rename = "1")]
    V1,
}

/// v1 local HTTP endpoint exposure. TCP listeners require bearer auth; Unix-domain sockets are local-decision sockets guarded by filesystem/group/peer trust.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct DaemonConfig_Http {
    /// TCP exposure for /v1/* endpoints. This surface is bearer-token protected.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub tcp: Option<serde_json::Value>,
    /// Unix-domain socket exposure for local decision callers. /v1/decide uses local-peer trust; privileged routes stay bearer-gated.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub unix: Option<serde_json::Value>,
}

/// Transport bind settings for the daemon.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct DaemonConfig_Listen {
    /// Carrier kind. websocket: drive session over Bun.serve. tcp: drive session over raw Bun.listen. tls: drive session over raw Bun.listen with TLS termination.
    pub kind: String,
    /// Bind host for the WebSocket listener.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub bind: Option<String>,
    /// Port for the WebSocket listener. 0 asks the OS to pick one.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub port: Option<i64>,
}

/// On-disk vault location.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct DaemonConfig_Vault {
    /// Path to the passphrase-encrypted vault file.
    pub path: String,
}