module_registry/
types.rs

1//! Type definitions for module registry
2
3use serde::{Deserialize, Serialize};
4use std::any::Any;
5use std::collections::HashMap;
6use anyhow::Result;
7
8use crate::constants::*;
9
10/// Base trait that all modules must implement
11pub trait Module: Send + Sync {
12    /// Get the module's unique name
13    fn name(&self) -> &str;
14
15    /// Get the module type (e.g., "processor", "provider", "plugin")
16    fn module_type(&self) -> &str;
17}
18
19/// Module signature for cryptographic verification
20#[derive(Debug, Clone, Serialize, Deserialize)]
21pub struct ModuleSignature {
22    /// SHA-256 hash of the module code
23    pub code_hash: String,
24    /// Digital signature of the code hash
25    pub signature: String,
26    /// Public key used for verification
27    pub public_key: String,
28    /// Timestamp when signed
29    pub timestamp: u64,
30    /// Signature algorithm used
31    pub algorithm: String,
32}
33
34/// Module permissions for sandboxing
35#[derive(Debug, Clone, Serialize, Deserialize)]
36pub struct ModulePermissions {
37    /// Can access filesystem
38    pub filesystem_access: bool,
39    /// Can make network calls
40    pub network_access: bool,
41    /// Can spawn processes
42    pub process_spawn: bool,
43    /// Can access environment variables
44    pub env_access: bool,
45    /// Can access system resources
46    pub system_access: bool,
47    /// Maximum memory usage in MB
48    pub memory_limit_mb: u64,
49    /// Maximum CPU usage percentage
50    pub cpu_limit_percent: u8,
51    /// Maximum execution time in seconds
52    pub timeout_seconds: u64,
53}
54
55impl Default for ModulePermissions {
56    fn default() -> Self {
57        Self {
58            filesystem_access: false,
59            network_access: false,
60            process_spawn: false,
61            env_access: false,
62            system_access: false,
63            memory_limit_mb: DEFAULT_MEMORY_LIMIT_MB,
64            cpu_limit_percent: DEFAULT_CPU_LIMIT_PERCENT,
65            timeout_seconds: DEFAULT_TIMEOUT_SECONDS,
66        }
67    }
68}
69
70/// Code review status for modules
71#[derive(Debug, Clone, Serialize, Deserialize)]
72pub enum CodeReviewStatus {
73    /// Not reviewed yet
74    Pending,
75    /// Under review
76    InProgress,
77    /// Approved by reviewer
78    Approved { reviewer: String, timestamp: u64 },
79    /// Rejected by reviewer
80    Rejected { reviewer: String, reason: String, timestamp: u64 },
81}
82
83/// Supply chain verification data
84#[derive(Debug, Clone, Serialize, Deserialize)]
85pub struct SupplyChainInfo {
86    /// Source repository URL
87    pub source_url: String,
88    /// Commit hash
89    pub commit_hash: String,
90    /// Build timestamp
91    pub build_timestamp: u64,
92    /// Dependencies with versions
93    pub dependencies: HashMap<String, String>,
94    /// Build environment info
95    pub build_environment: String,
96    /// Verifier signature
97    pub verifier_signature: Option<String>,
98}
99
100/// Sandbox configuration for module isolation
101#[derive(Debug, Clone, Serialize, Deserialize)]
102pub struct SandboxConfig {
103    /// Enable sandboxing
104    pub enabled: bool,
105    /// Isolate from host filesystem
106    pub filesystem_isolation: bool,
107    /// Isolate network access
108    pub network_isolation: bool,
109    /// Isolate process environment
110    pub process_isolation: bool,
111    /// Read-only filesystem
112    pub read_only_fs: bool,
113    /// Allowed file paths (if not read-only)
114    pub allowed_paths: Vec<String>,
115    /// Denied file paths
116    pub denied_paths: Vec<String>,
117}
118
119impl Default for SandboxConfig {
120    fn default() -> Self {
121        Self {
122            enabled: true,
123            filesystem_isolation: true,
124            network_isolation: true,
125            process_isolation: true,
126            read_only_fs: true,
127            allowed_paths: Vec::new(),
128            denied_paths: DEFAULT_DENIED_PATHS.iter().map(|s| s.to_string()).collect(),
129        }
130    }
131}
132
133/// Module metadata for registration with security features
134#[derive(Debug, Clone)]
135pub struct ModuleMetadata {
136    pub name: String,
137    pub module_type: String,
138    pub instantiate_fn_name: String,
139    pub module_path: String,
140    pub struct_name: String,
141    /// Cryptographic signature
142    pub signature: Option<ModuleSignature>,
143    /// Module permissions
144    pub permissions: ModulePermissions,
145    /// Code review status
146    pub review_status: CodeReviewStatus,
147    /// Supply chain information
148    pub supply_chain: Option<SupplyChainInfo>,
149    /// Security sandbox configuration
150    pub sandbox_config: SandboxConfig,
151}
152
153/// Security report for a module
154#[derive(Debug, Clone, Serialize, Deserialize)]
155pub struct SecurityReport {
156    pub name: String,
157    pub has_signature: bool,
158    pub signature_verified: bool,
159    pub is_approved: bool,
160    pub has_supply_chain: bool,
161    pub supply_chain_verified: bool,
162    pub permissions: ModulePermissions,
163    pub sandbox_enabled: bool,
164}
165
166/// Factory function type for module instantiation
167/// Returns Box<dyn Any + Send + Sync> so it can work with any trait object
168pub type ModuleFactory = fn() -> Result<Box<dyn Any + Send + Sync>, anyhow::Error>;
169
170/// Registration entry for inventory collection
171pub struct ModuleRegistration {
172    pub name: &'static str,
173    pub module_type: &'static str,
174    pub instantiate_fn_name: &'static str,
175    pub module_path: &'static str,
176    pub struct_name: &'static str,
177    pub factory: ModuleFactory,
178}
179
180impl ModuleMetadata {
181    /// Create a new module metadata
182    pub fn new(
183        name: String,
184        module_type: String,
185        instantiate_fn_name: String,
186        module_path: String,
187        struct_name: String,
188    ) -> Self {
189        Self {
190            name,
191            module_type,
192            instantiate_fn_name,
193            module_path,
194            struct_name,
195            signature: None,
196            permissions: ModulePermissions::default(),
197            review_status: CodeReviewStatus::Pending,
198            supply_chain: None,
199            sandbox_config: SandboxConfig::default(),
200        }
201    }
202
203    /// Create a secure module metadata
204    pub fn secure(
205        name: String,
206        module_type: String,
207        instantiate_fn_name: String,
208        module_path: String,
209        struct_name: String,
210        signature: Option<ModuleSignature>,
211        permissions: ModulePermissions,
212        supply_chain: Option<SupplyChainInfo>,
213    ) -> Self {
214        Self {
215            name,
216            module_type,
217            instantiate_fn_name,
218            module_path,
219            struct_name,
220            signature,
221            permissions,
222            review_status: CodeReviewStatus::Pending,
223            supply_chain,
224            sandbox_config: SandboxConfig::default(),
225        }
226    }
227
228    /// Check if the module has valid signature
229    pub fn has_valid_signature(&self) -> bool {
230        self.signature.is_some()
231    }
232
233    /// Check if the module is approved
234    pub fn is_approved(&self) -> bool {
235        matches!(self.review_status, CodeReviewStatus::Approved { .. })
236    }
237
238    /// Check if the module has supply chain info
239    pub fn has_supply_chain(&self) -> bool {
240        self.supply_chain.is_some()
241    }
242
243    /// Get a summary of the module metadata
244    pub fn summary(&self) -> String {
245        format!(
246            "Module: {} (type: {}) - signature: {}, approved: {}, supply_chain: {}, sandbox: {}",
247            self.name,
248            self.module_type,
249            self.has_valid_signature(),
250            self.is_approved(),
251            self.has_supply_chain(),
252            self.sandbox_config.enabled
253        )
254    }
255}
module_registry/types.rs

module_registry/
types.rs
