Skip to main content

Module common

squib_api::schemas

Module common 

Source
Expand description

Boundary newtypes shared across endpoint schemas.

Per 70-security.md § 4, every domain primitive that crosses the HTTP boundary is wrapped in a newtype with private fields and a fallible constructor. Validation runs once in try_from; every downstream use is provably safe by construction.

Per 10-data-model.md § 2.3:

  • identifier regex allowlist: ^[A-Za-z0-9_]{1,64}$
  • default string cap 256 bytes (not chars; multi-byte exhaustion is an attack)
  • path cap 1024 bytes (Darwin PATH_MAX)
  • UDS path cap 103 bytes (Darwin sun_path minus the NUL terminator)
  • per-class collection caps calibrated against the 32-slot virtio-MMIO budget

Structs§

DriveId
Validated drive_id. Regex ^[A-Za-z0-9_]{1,64}$.
IfaceId
Validated iface_id. Regex ^[A-Za-z0-9_]{1,64}$.
InstanceId
Validated microVM instance ID (--id / InstanceInfo.id). Regex ^[A-Za-z0-9_]{1,64}$; empty rejected.
MacAddr
Validated 48-bit MAC address. Accepts the canonical aa:bb:cc:dd:ee:ff shape (lowercase or uppercase), rejects anything else.
MemSizeMib
Validated memory size in MiB. The upper bound is host-RAM-dependent and validated at the controller against BackendCapabilities; the type-level constraint is mem_size_mib >= 1.
SafePath
Validated host-filesystem path (path_on_host, kernel_image_path, etc.).
UdsPath
Validated UDS path (api_sock, vsock.uds_path, mem_backend.backend_path).
VsockId
Validated vsock ID (the upstream vsock_id field). Regex ^[A-Za-z0-9_]{1,64}$.

Constants§

DEFAULT_STRING_CAP
Default per-string byte cap for fields without an explicit override.
MAX_DRIVES
Maximum number of /drives rows in a single configuration.
MAX_NICS
Maximum number of /network-interfaces rows in a single configuration.
MAX_PMEM
Maximum number of /pmem rows in a single configuration.
MAX_VCPU_COUNT
Maximum vCPU count, matching upstream MAX_SUPPORTED_VCPUS and D19.
MAX_VIRTIO_MEM
Maximum number of virtio-mem instances in a single configuration.
PATH_MAX
Path-shaped string cap (Darwin PATH_MAX).
UDS_PATH_MAX
Unix-domain-socket path cap (Darwin sun_path size minus the NUL terminator).

Functions§

check_string_cap
Length-cap any free-form string field to DEFAULT_STRING_CAP bytes (256), unless a per-field override is documented in the field’s spec entry.