tf-types 0.1.8

Core semantic types, traits, and schemas powering the TrustForge protocol.
Documentation
// GENERATED by `tf-schema codegen --target rust` — DO NOT EDIT BY HAND.

#![allow(unused_imports, non_camel_case_types, non_snake_case, clippy::all)]

use serde::{Deserialize, Serialize};
use super::*;

/// Cross-trust-domain attestation: domain A signs a statement asserting that domain B's identity (or a specific actor in B) is recognized within A's trust fabric, optionally bounded by capability scope and time. Used by SPIFFE federated trust bundles, business-partner trust links, and sovereignty federations (TF-0002 "federated" identity mode).
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct FederationAttestation {
    /// Version of the federation-attestation schema.
    pub attestation_version: FederationAttestation_AttestationVersion,
    /// Stable identifier for this attestation; used for revocation lookups.
    pub attestation_id: String,
    /// Domain making the assertion.
    pub issuer_domain: TrustDomain,
    /// Domain being recognized.
    pub subject_domain: TrustDomain,
    /// Optional specific actor inside subject_domain. When omitted the attestation covers the whole domain.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub subject_actor: Option<ActorId>,
    /// Optional list of action names this attestation permits cross-domain. Empty means "recognize identity only" (no implicit authority).
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub scope: Option<Vec<ActionName>>,
    /// Maximum TrustLevel the issuer is willing to extend to subjects under this attestation.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub trust_levels_granted: Option<Vec<TrustLevel>>,
    /// SPIFFE-style trust bundle: the public keys / certificates of subject_domain that issuer_domain accepts. Each entry is either an X.509 PEM, a SPIFFE JWT-SVID JWK, or an opaque ed25519 public key.
    pub trust_bundle: Vec<FederationAttestation_TrustBundle_Item>,
    /// Optional constraints attached to the federation grant (rate limits, target globs, time windows).
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub constraints: Option<Vec<Constraint>>,
    pub issued_at: Timestamp,
    pub valid_until: Timestamp,
    /// Authority within issuer_domain that signed this attestation.
    pub issuer: ActorId,
    pub signature: SignatureEnvelope,
}

/// Version of the federation-attestation schema.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum FederationAttestation_AttestationVersion {
    #[serde(rename = "1")]
    V1,
}

#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct FederationAttestation_TrustBundle_Item {
    /// Format of the bundle entry.
    pub kind: String,
    /// Encoded key material (PEM string, base64 JWK JSON, or base64 raw public key).
    pub value: String,
    /// Optional stable key identifier within the bundle.
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub key_id: Option<String>,
}