//! Generated by `trust-tasks-codegen` — do not edit by hand.
//!
//! Spec slug: `device/wipe`. Version: `0.1`.
#[allow(unused_imports)]
use serde::{Deserialize, Serialize};
/// Error types.
pub mod error {
/// Error from a `TryFrom` or `FromStr` implementation.
pub struct ConversionError(::std::borrow::Cow<'static, str>);
impl ::std::error::Error for ConversionError {}
impl ::std::fmt::Display for ConversionError {
fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> Result<(), ::std::fmt::Error> {
::std::fmt::Display::fmt(&self.0, f)
}
}
impl ::std::fmt::Debug for ConversionError {
fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> Result<(), ::std::fmt::Error> {
::std::fmt::Debug::fmt(&self.0, f)
}
}
impl From<&'static str> for ConversionError {
fn from(value: &'static str) -> Self {
Self(value.into())
}
}
impl From<String> for ConversionError {
fn from(value: String) -> Self {
Self(value.into())
}
}
}
///Vendor-namespaced extension object per SPEC.md §4.5.1. Each immediate key MUST be a reverse-DNS namespace; structure under each namespace is opaque to the framework.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "title": "Ext",
/// "description": "Vendor-namespaced extension object per SPEC.md §4.5.1. Each immediate key MUST be a reverse-DNS namespace; structure under each namespace is opaque to the framework.",
/// "type": "object",
/// "minProperties": 1,
/// "additionalProperties": true,
/// "propertyNames": {
/// "pattern": "^[a-z][a-z0-9-]*(\\.[a-z0-9-]+)+$"
/// }
///}
/// ```
/// </details>
#[derive(::serde::Deserialize, ::serde::Serialize, Clone, Debug)]
#[serde(transparent)]
pub struct Ext(pub ::std::collections::HashMap<ExtKey, ::serde_json::Value>);
impl ::std::ops::Deref for Ext {
type Target = ::std::collections::HashMap<ExtKey, ::serde_json::Value>;
fn deref(&self) -> &::std::collections::HashMap<ExtKey, ::serde_json::Value> {
&self.0
}
}
impl ::std::convert::From<Ext> for ::std::collections::HashMap<ExtKey, ::serde_json::Value> {
fn from(value: Ext) -> Self {
value.0
}
}
impl ::std::convert::From<&Ext> for Ext {
fn from(value: &Ext) -> Self {
value.clone()
}
}
impl ::std::convert::From<::std::collections::HashMap<ExtKey, ::serde_json::Value>> for Ext {
fn from(value: ::std::collections::HashMap<ExtKey, ::serde_json::Value>) -> Self {
Self(value)
}
}
///`ExtKey`
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "type": "string",
/// "pattern": "^[a-z][a-z0-9-]*(\\.[a-z0-9-]+)+$"
///}
/// ```
/// </details>
#[derive(::serde::Serialize, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[serde(transparent)]
pub struct ExtKey(::std::string::String);
impl ::std::ops::Deref for ExtKey {
type Target = ::std::string::String;
fn deref(&self) -> &::std::string::String {
&self.0
}
}
impl ::std::convert::From<ExtKey> for ::std::string::String {
fn from(value: ExtKey) -> Self {
value.0
}
}
impl ::std::convert::From<&ExtKey> for ExtKey {
fn from(value: &ExtKey) -> Self {
value.clone()
}
}
impl ::std::str::FromStr for ExtKey {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
static PATTERN: ::std::sync::LazyLock<::regress::Regex> =
::std::sync::LazyLock::new(|| {
::regress::Regex::new("^[a-z][a-z0-9-]*(\\.[a-z0-9-]+)+$").unwrap()
});
if PATTERN.find(value).is_none() {
return Err("doesn't match pattern \"^[a-z][a-z0-9-]*(\\.[a-z0-9-]+)+$\"".into());
}
Ok(Self(value.to_string()))
}
}
impl ::std::convert::TryFrom<&str> for ExtKey {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for ExtKey {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for ExtKey {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl<'de> ::serde::Deserialize<'de> for ExtKey {
fn deserialize<D>(deserializer: D) -> ::std::result::Result<Self, D::Error>
where
D: ::serde::Deserializer<'de>,
{
::std::string::String::deserialize(deserializer)?
.parse()
.map_err(|e: self::error::ConversionError| {
<D::Error as ::serde::de::Error>::custom(e.to_string())
})
}
}
///The maintainer issues a wipe to a Companion or Service. The target is expected to destroy its local cache and (depending on scope) its device-local key material. The action is best-effort — a compromised device may silently drop the wipe — so the maintainer additionally revokes ACL access and rotates the device's cache-key derivation root, so that defence in depth means a non-compliant device is still neutralised.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "$id": "https://trusttasks.org/spec/device/wipe/0.1",
/// "title": "Payload",
/// "description": "The maintainer issues a wipe to a Companion or Service. The target is expected to destroy its local cache and (depending on scope) its device-local key material. The action is best-effort — a compromised device may silently drop the wipe — so the maintainer additionally revokes ACL access and rotates the device's cache-key derivation root, so that defence in depth means a non-compliant device is still neutralised.",
/// "type": "object",
/// "required": [
/// "deviceId",
/// "reason",
/// "scope"
/// ],
/// "properties": {
/// "deviceId": {
/// "type": "string",
/// "minLength": 1
/// },
/// "ext": {
/// "$ref": "#/definitions/Ext"
/// },
/// "issuedAt": {
/// "description": "Wipe-issuance timestamp; identical to the document's `issuedAt`, repeated here so the body is self-contained for offline-queued delivery.",
/// "type": "string",
/// "format": "date-time"
/// },
/// "reason": {
/// "description": "Human-readable reason. Required (not optional) because every wipe is consequential and the audit log must capture intent.",
/// "type": "string",
/// "maxLength": 256,
/// "minLength": 1
/// },
/// "scope": {
/// "description": "How aggressively the target should wipe:\n- `cache` — discard the encrypted vault cache; consumer can re-sync with valid creds.\n- `cache-and-keys` — discard cache + device-local key material; consumer must re-onboard.\n- `full` — `cache-and-keys` + clear all extension/app storage + revoke OS credential-provider registration where APIs permit.",
/// "type": "string",
/// "enum": [
/// "cache",
/// "cache-and-keys",
/// "full"
/// ]
/// }
/// },
/// "additionalProperties": false
///}
/// ```
/// </details>
#[derive(::serde::Deserialize, ::serde::Serialize, Clone, Debug)]
#[serde(deny_unknown_fields)]
pub struct Payload {
#[serde(rename = "deviceId")]
pub device_id: PayloadDeviceId,
#[serde(default, skip_serializing_if = "::std::option::Option::is_none")]
pub ext: ::std::option::Option<Ext>,
///Wipe-issuance timestamp; identical to the document's `issuedAt`, repeated here so the body is self-contained for offline-queued delivery.
#[serde(
rename = "issuedAt",
default,
skip_serializing_if = "::std::option::Option::is_none"
)]
pub issued_at: ::std::option::Option<::chrono::DateTime<::chrono::offset::Utc>>,
///Human-readable reason. Required (not optional) because every wipe is consequential and the audit log must capture intent.
pub reason: PayloadReason,
/**How aggressively the target should wipe:
- `cache` — discard the encrypted vault cache; consumer can re-sync with valid creds.
- `cache-and-keys` — discard cache + device-local key material; consumer must re-onboard.
- `full` — `cache-and-keys` + clear all extension/app storage + revoke OS credential-provider registration where APIs permit.*/
pub scope: PayloadScope,
}
impl ::std::convert::From<&Payload> for Payload {
fn from(value: &Payload) -> Self {
value.clone()
}
}
///`PayloadDeviceId`
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "type": "string",
/// "minLength": 1
///}
/// ```
/// </details>
#[derive(::serde::Serialize, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[serde(transparent)]
pub struct PayloadDeviceId(::std::string::String);
impl ::std::ops::Deref for PayloadDeviceId {
type Target = ::std::string::String;
fn deref(&self) -> &::std::string::String {
&self.0
}
}
impl ::std::convert::From<PayloadDeviceId> for ::std::string::String {
fn from(value: PayloadDeviceId) -> Self {
value.0
}
}
impl ::std::convert::From<&PayloadDeviceId> for PayloadDeviceId {
fn from(value: &PayloadDeviceId) -> Self {
value.clone()
}
}
impl ::std::str::FromStr for PayloadDeviceId {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
if value.chars().count() < 1usize {
return Err("shorter than 1 characters".into());
}
Ok(Self(value.to_string()))
}
}
impl ::std::convert::TryFrom<&str> for PayloadDeviceId {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for PayloadDeviceId {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for PayloadDeviceId {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl<'de> ::serde::Deserialize<'de> for PayloadDeviceId {
fn deserialize<D>(deserializer: D) -> ::std::result::Result<Self, D::Error>
where
D: ::serde::Deserializer<'de>,
{
::std::string::String::deserialize(deserializer)?
.parse()
.map_err(|e: self::error::ConversionError| {
<D::Error as ::serde::de::Error>::custom(e.to_string())
})
}
}
///Human-readable reason. Required (not optional) because every wipe is consequential and the audit log must capture intent.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "description": "Human-readable reason. Required (not optional) because every wipe is consequential and the audit log must capture intent.",
/// "type": "string",
/// "maxLength": 256,
/// "minLength": 1
///}
/// ```
/// </details>
#[derive(::serde::Serialize, Clone, Debug, Eq, Hash, Ord, PartialEq, PartialOrd)]
#[serde(transparent)]
pub struct PayloadReason(::std::string::String);
impl ::std::ops::Deref for PayloadReason {
type Target = ::std::string::String;
fn deref(&self) -> &::std::string::String {
&self.0
}
}
impl ::std::convert::From<PayloadReason> for ::std::string::String {
fn from(value: PayloadReason) -> Self {
value.0
}
}
impl ::std::convert::From<&PayloadReason> for PayloadReason {
fn from(value: &PayloadReason) -> Self {
value.clone()
}
}
impl ::std::str::FromStr for PayloadReason {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
if value.chars().count() > 256usize {
return Err("longer than 256 characters".into());
}
if value.chars().count() < 1usize {
return Err("shorter than 1 characters".into());
}
Ok(Self(value.to_string()))
}
}
impl ::std::convert::TryFrom<&str> for PayloadReason {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for PayloadReason {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for PayloadReason {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl<'de> ::serde::Deserialize<'de> for PayloadReason {
fn deserialize<D>(deserializer: D) -> ::std::result::Result<Self, D::Error>
where
D: ::serde::Deserializer<'de>,
{
::std::string::String::deserialize(deserializer)?
.parse()
.map_err(|e: self::error::ConversionError| {
<D::Error as ::serde::de::Error>::custom(e.to_string())
})
}
}
/**How aggressively the target should wipe:
- `cache` — discard the encrypted vault cache; consumer can re-sync with valid creds.
- `cache-and-keys` — discard cache + device-local key material; consumer must re-onboard.
- `full` — `cache-and-keys` + clear all extension/app storage + revoke OS credential-provider registration where APIs permit.*/
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "description": "How aggressively the target should wipe:\n- `cache` — discard the encrypted vault cache; consumer can re-sync with valid creds.\n- `cache-and-keys` — discard cache + device-local key material; consumer must re-onboard.\n- `full` — `cache-and-keys` + clear all extension/app storage + revoke OS credential-provider registration where APIs permit.",
/// "type": "string",
/// "enum": [
/// "cache",
/// "cache-and-keys",
/// "full"
/// ]
///}
/// ```
/// </details>
#[derive(
::serde::Deserialize,
::serde::Serialize,
Clone,
Copy,
Debug,
Eq,
Hash,
Ord,
PartialEq,
PartialOrd,
)]
pub enum PayloadScope {
#[serde(rename = "cache")]
Cache,
#[serde(rename = "cache-and-keys")]
CacheAndKeys,
#[serde(rename = "full")]
Full,
}
impl ::std::convert::From<&Self> for PayloadScope {
fn from(value: &PayloadScope) -> Self {
value.clone()
}
}
impl ::std::fmt::Display for PayloadScope {
fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result {
match *self {
Self::Cache => f.write_str("cache"),
Self::CacheAndKeys => f.write_str("cache-and-keys"),
Self::Full => f.write_str("full"),
}
}
}
impl ::std::str::FromStr for PayloadScope {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
match value {
"cache" => Ok(Self::Cache),
"cache-and-keys" => Ok(Self::CacheAndKeys),
"full" => Ok(Self::Full),
_ => Err("invalid value".into()),
}
}
}
impl ::std::convert::TryFrom<&str> for PayloadScope {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for PayloadScope {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for PayloadScope {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
///Acknowledgement from the target device. Sent only when the target executes the wipe; absent if the target was offline or compromised. The maintainer treats the absence of a response as 'not confirmed' but considers the device neutralised because of the server-side defence-in-depth.
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "title": "Response",
/// "description": "Acknowledgement from the target device. Sent only when the target executes the wipe; absent if the target was offline or compromised. The maintainer treats the absence of a response as 'not confirmed' but considers the device neutralised because of the server-side defence-in-depth.",
/// "type": "object",
/// "required": [
/// "completedAt",
/// "deviceId",
/// "scope"
/// ],
/// "properties": {
/// "completedAt": {
/// "type": "string",
/// "format": "date-time"
/// },
/// "deviceId": {
/// "type": "string"
/// },
/// "diagnostics": {
/// "type": "object",
/// "properties": {
/// "cacheBytesWiped": {
/// "type": "integer",
/// "minimum": 0.0
/// },
/// "keysWiped": {
/// "type": "integer",
/// "minimum": 0.0
/// },
/// "osHooksInvoked": {
/// "description": "OS-level revocation hooks the target managed to invoke (e.g. \"navigator.credentials.preventSilentAccess\", \"ASCredentialIdentityStore.removeAllCredentialIdentities\").",
/// "type": "array",
/// "items": {
/// "type": "string"
/// }
/// },
/// "partialReasons": {
/// "description": "Free-form reasons why the wipe was partial (e.g. \"os-keychain-unavailable\", \"extension-storage-quota-exceeded\").",
/// "type": "array",
/// "items": {
/// "type": "string"
/// }
/// }
/// },
/// "additionalProperties": false
/// },
/// "ext": {
/// "$ref": "#/definitions/Ext"
/// },
/// "scope": {
/// "type": "string",
/// "enum": [
/// "cache",
/// "cache-and-keys",
/// "full"
/// ]
/// }
/// },
/// "additionalProperties": false,
/// "$anchor": "response"
///}
/// ```
/// </details>
#[derive(::serde::Deserialize, ::serde::Serialize, Clone, Debug)]
#[serde(deny_unknown_fields)]
pub struct Response {
#[serde(rename = "completedAt")]
pub completed_at: ::chrono::DateTime<::chrono::offset::Utc>,
#[serde(rename = "deviceId")]
pub device_id: ::std::string::String,
#[serde(default, skip_serializing_if = "::std::option::Option::is_none")]
pub diagnostics: ::std::option::Option<ResponseDiagnostics>,
#[serde(default, skip_serializing_if = "::std::option::Option::is_none")]
pub ext: ::std::option::Option<Ext>,
pub scope: ResponseScope,
}
impl ::std::convert::From<&Response> for Response {
fn from(value: &Response) -> Self {
value.clone()
}
}
///`ResponseDiagnostics`
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "type": "object",
/// "properties": {
/// "cacheBytesWiped": {
/// "type": "integer",
/// "minimum": 0.0
/// },
/// "keysWiped": {
/// "type": "integer",
/// "minimum": 0.0
/// },
/// "osHooksInvoked": {
/// "description": "OS-level revocation hooks the target managed to invoke (e.g. \"navigator.credentials.preventSilentAccess\", \"ASCredentialIdentityStore.removeAllCredentialIdentities\").",
/// "type": "array",
/// "items": {
/// "type": "string"
/// }
/// },
/// "partialReasons": {
/// "description": "Free-form reasons why the wipe was partial (e.g. \"os-keychain-unavailable\", \"extension-storage-quota-exceeded\").",
/// "type": "array",
/// "items": {
/// "type": "string"
/// }
/// }
/// },
/// "additionalProperties": false
///}
/// ```
/// </details>
#[derive(::serde::Deserialize, ::serde::Serialize, Clone, Debug)]
#[serde(deny_unknown_fields)]
pub struct ResponseDiagnostics {
#[serde(
rename = "cacheBytesWiped",
default,
skip_serializing_if = "::std::option::Option::is_none"
)]
pub cache_bytes_wiped: ::std::option::Option<u64>,
#[serde(
rename = "keysWiped",
default,
skip_serializing_if = "::std::option::Option::is_none"
)]
pub keys_wiped: ::std::option::Option<u64>,
///OS-level revocation hooks the target managed to invoke (e.g. "navigator.credentials.preventSilentAccess", "ASCredentialIdentityStore.removeAllCredentialIdentities").
#[serde(
rename = "osHooksInvoked",
default,
skip_serializing_if = "::std::vec::Vec::is_empty"
)]
pub os_hooks_invoked: ::std::vec::Vec<::std::string::String>,
///Free-form reasons why the wipe was partial (e.g. "os-keychain-unavailable", "extension-storage-quota-exceeded").
#[serde(
rename = "partialReasons",
default,
skip_serializing_if = "::std::vec::Vec::is_empty"
)]
pub partial_reasons: ::std::vec::Vec<::std::string::String>,
}
impl ::std::convert::From<&ResponseDiagnostics> for ResponseDiagnostics {
fn from(value: &ResponseDiagnostics) -> Self {
value.clone()
}
}
impl ::std::default::Default for ResponseDiagnostics {
fn default() -> Self {
Self {
cache_bytes_wiped: Default::default(),
keys_wiped: Default::default(),
os_hooks_invoked: Default::default(),
partial_reasons: Default::default(),
}
}
}
///`ResponseScope`
///
/// <details><summary>JSON schema</summary>
///
/// ```json
///{
/// "type": "string",
/// "enum": [
/// "cache",
/// "cache-and-keys",
/// "full"
/// ]
///}
/// ```
/// </details>
#[derive(
::serde::Deserialize,
::serde::Serialize,
Clone,
Copy,
Debug,
Eq,
Hash,
Ord,
PartialEq,
PartialOrd,
)]
pub enum ResponseScope {
#[serde(rename = "cache")]
Cache,
#[serde(rename = "cache-and-keys")]
CacheAndKeys,
#[serde(rename = "full")]
Full,
}
impl ::std::convert::From<&Self> for ResponseScope {
fn from(value: &ResponseScope) -> Self {
value.clone()
}
}
impl ::std::fmt::Display for ResponseScope {
fn fmt(&self, f: &mut ::std::fmt::Formatter<'_>) -> ::std::fmt::Result {
match *self {
Self::Cache => f.write_str("cache"),
Self::CacheAndKeys => f.write_str("cache-and-keys"),
Self::Full => f.write_str("full"),
}
}
}
impl ::std::str::FromStr for ResponseScope {
type Err = self::error::ConversionError;
fn from_str(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
match value {
"cache" => Ok(Self::Cache),
"cache-and-keys" => Ok(Self::CacheAndKeys),
"full" => Ok(Self::Full),
_ => Err("invalid value".into()),
}
}
}
impl ::std::convert::TryFrom<&str> for ResponseScope {
type Error = self::error::ConversionError;
fn try_from(value: &str) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<&::std::string::String> for ResponseScope {
type Error = self::error::ConversionError;
fn try_from(
value: &::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl ::std::convert::TryFrom<::std::string::String> for ResponseScope {
type Error = self::error::ConversionError;
fn try_from(
value: ::std::string::String,
) -> ::std::result::Result<Self, self::error::ConversionError> {
value.parse()
}
}
impl crate::Payload for Payload {
const TYPE_URI: &'static str = "https://trusttasks.org/spec/device/wipe/0.1";
const IS_PROOF_REQUIRED: bool = true;
}
impl crate::Payload for Response {
const TYPE_URI: &'static str = "https://trusttasks.org/spec/device/wipe/0.1#response";
const IS_PROOF_REQUIRED: bool = true;
}
#[cfg(feature = "validate")]
impl crate::validate::ValidatedPayload for Payload {
const SCHEMA_JSON: &'static str = "{\n \"$defs\": {\n \"Ext\": {\n \"additionalProperties\": true,\n \"description\": \"Vendor-namespaced extension object per SPEC.md §4.5.1. Each immediate key MUST be a reverse-DNS namespace; structure under each namespace is opaque to the framework.\",\n \"minProperties\": 1,\n \"propertyNames\": {\n \"pattern\": \"^[a-z][a-z0-9-]*(\\\\.[a-z0-9-]+)+$\"\n },\n \"title\": \"Ext\",\n \"type\": \"object\"\n },\n \"Response\": {\n \"$anchor\": \"response\",\n \"additionalProperties\": false,\n \"description\": \"Acknowledgement from the target device. Sent only when the target executes the wipe; absent if the target was offline or compromised. The maintainer treats the absence of a response as 'not confirmed' but considers the device neutralised because of the server-side defence-in-depth.\",\n \"properties\": {\n \"completedAt\": {\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"deviceId\": {\n \"type\": \"string\"\n },\n \"diagnostics\": {\n \"additionalProperties\": false,\n \"properties\": {\n \"cacheBytesWiped\": {\n \"minimum\": 0,\n \"type\": \"integer\"\n },\n \"keysWiped\": {\n \"minimum\": 0,\n \"type\": \"integer\"\n },\n \"osHooksInvoked\": {\n \"description\": \"OS-level revocation hooks the target managed to invoke (e.g. \\\"navigator.credentials.preventSilentAccess\\\", \\\"ASCredentialIdentityStore.removeAllCredentialIdentities\\\").\",\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n },\n \"partialReasons\": {\n \"description\": \"Free-form reasons why the wipe was partial (e.g. \\\"os-keychain-unavailable\\\", \\\"extension-storage-quota-exceeded\\\").\",\n \"items\": {\n \"type\": \"string\"\n },\n \"type\": \"array\"\n }\n },\n \"type\": \"object\"\n },\n \"ext\": {\n \"$ref\": \"#/$defs/Ext\"\n },\n \"scope\": {\n \"enum\": [\n \"cache\",\n \"cache-and-keys\",\n \"full\"\n ],\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"deviceId\",\n \"scope\",\n \"completedAt\"\n ],\n \"title\": \"Device Wipe — response payload\",\n \"type\": \"object\"\n }\n },\n \"$id\": \"https://trusttasks.org/spec/device/wipe/0.1\",\n \"$schema\": \"https://json-schema.org/draft/2020-12/schema\",\n \"additionalProperties\": false,\n \"description\": \"The maintainer issues a wipe to a Companion or Service. The target is expected to destroy its local cache and (depending on scope) its device-local key material. The action is best-effort — a compromised device may silently drop the wipe — so the maintainer additionally revokes ACL access and rotates the device's cache-key derivation root, so that defence in depth means a non-compliant device is still neutralised.\",\n \"properties\": {\n \"deviceId\": {\n \"minLength\": 1,\n \"type\": \"string\"\n },\n \"ext\": {\n \"$ref\": \"#/$defs/Ext\"\n },\n \"issuedAt\": {\n \"description\": \"Wipe-issuance timestamp; identical to the document's `issuedAt`, repeated here so the body is self-contained for offline-queued delivery.\",\n \"format\": \"date-time\",\n \"type\": \"string\"\n },\n \"reason\": {\n \"description\": \"Human-readable reason. Required (not optional) because every wipe is consequential and the audit log must capture intent.\",\n \"maxLength\": 256,\n \"minLength\": 1,\n \"type\": \"string\"\n },\n \"scope\": {\n \"description\": \"How aggressively the target should wipe:\\n- `cache` — discard the encrypted vault cache; consumer can re-sync with valid creds.\\n- `cache-and-keys` — discard cache + device-local key material; consumer must re-onboard.\\n- `full` — `cache-and-keys` + clear all extension/app storage + revoke OS credential-provider registration where APIs permit.\",\n \"enum\": [\n \"cache\",\n \"cache-and-keys\",\n \"full\"\n ],\n \"type\": \"string\"\n }\n },\n \"required\": [\n \"deviceId\",\n \"scope\",\n \"reason\"\n ],\n \"title\": \"Device Wipe — payload\",\n \"type\": \"object\"\n}\n";
}