1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
// GENERATED by `tf-schema codegen --target rust` — DO NOT EDIT BY HAND.
#![allow(unused_imports, non_camel_case_types, non_snake_case, clippy::all)]
use serde::{Deserialize, Serialize};
use super::*;
/// An AI agent's typed request to acquire authority for a specific action, target, and duration. The daemon validates the request, runs the policy engine, optionally collects approvals, and replies with a PermissionGrant or a denial. See TF-0006 "dynamic permission negotiation".
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub struct PermissionRequest {
/// Version of the permission-request schema itself.
pub request_version: PermissionRequest_RequestVersion,
/// Stable identifier for this request; copied into the matching PermissionGrant.
pub id: String,
/// Agent actor making the request.
pub agent: ActorId,
/// Specific running instance of the agent.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub instance: Option<InstanceId>,
/// Human principal the agent is acting on behalf of.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub human: Option<ActorId>,
/// Provider-prefixed model identifier (e.g. anthropic:claude-opus-4-7).
#[serde(skip_serializing_if = "Option::is_none", default)]
pub model: Option<String>,
/// Tool the agent intends to invoke once the permission is granted.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub tool: Option<String>,
/// Dotted action name being requested.
pub action: ActionName,
/// Target the action will operate on (file path, record id, URL, ...).
#[serde(skip_serializing_if = "Option::is_none", default)]
pub target: Option<String>,
/// Agent's self-declared risk class for the action.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub risk: Option<RiskClass>,
/// Danger tags the agent already knows apply.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub danger_tags: Option<Vec<DangerTag>>,
/// Maximum lifetime the agent is asking for; the daemon may cap it.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub duration_seconds: Option<i64>,
/// Human-readable rationale visible to approvers.
pub reason: String,
/// Highest proof level the agent can produce if challenged.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub proof_level_offered: Option<ProofLevel>,
/// When the request was created.
pub requested_at: Timestamp,
/// Free-form context the daemon and approvers can use.
#[serde(skip_serializing_if = "Option::is_none", default)]
pub context: Option<serde_json::Value>,
}
/// Version of the permission-request schema itself.
#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
pub enum PermissionRequest_RequestVersion {
#[serde(rename = "1")]
V1,
}