Skip to main content

tf_types/generated/
policy_decision.rs

1// GENERATED by `tf-schema codegen --target rust` — DO NOT EDIT BY HAND.
2
3#![allow(unused_imports, non_camel_case_types, non_snake_case, clippy::all)]
4
5use serde::{Deserialize, Serialize};
6use super::*;
7
8/// Structured result emitted by a TrustForge PolicyEngine. Captures the decision, the rule that produced it, the constraints attached, and enough provenance to be replayed in audits and verified after the fact (TF-0004, DECISIONS.md "AI-readable manifests").
9#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
10pub struct PolicyDecision {
11    /// Version of the policy-decision schema itself.
12    pub decision_version: PolicyDecision_DecisionVersion,
13    /// Which engine produced this decision.
14    pub policy_engine: PolicyDecision_PolicyEngine,
15    /// Free-form version label so audits can replay the same engine build.
16    #[serde(skip_serializing_if = "Option::is_none", default)]
17    pub engine_version: Option<String>,
18    pub trust_domain: TrustDomain,
19    /// Actor URI the policy was evaluated against.
20    pub subject: ActorId,
21    /// Optional actor instance URI captured in the decision.
22    #[serde(skip_serializing_if = "Option::is_none", default)]
23    pub instance: Option<InstanceId>,
24    /// Action name being authorized.
25    pub action: ActionName,
26    /// Target the action operates on (file path, record id, URL, ...).
27    #[serde(skip_serializing_if = "Option::is_none", default)]
28    pub target: Option<String>,
29    /// Effect produced by the policy engine.
30    pub decision: PolicyDecision_Decision,
31    /// Identifier of the rule that produced the decision.
32    #[serde(skip_serializing_if = "Option::is_none", default)]
33    pub rule_id: Option<String>,
34    /// Human-readable explanation of the decision.
35    #[serde(skip_serializing_if = "Option::is_none", default)]
36    pub reason: Option<String>,
37    #[serde(skip_serializing_if = "Option::is_none", default)]
38    pub approval: Option<ApprovalRequirement>,
39    #[serde(skip_serializing_if = "Option::is_none", default)]
40    pub proof_required: Option<ProofLevel>,
41    /// Constraints the rule attached to this decision.
42    #[serde(skip_serializing_if = "Option::is_none", default)]
43    pub constraints_applied: Option<Vec<Constraint>>,
44    /// Negative capabilities considered while reaching the decision (for audit).
45    #[serde(skip_serializing_if = "Option::is_none", default)]
46    pub negative_capabilities_consulted: Option<Vec<NegativeCapability>>,
47    #[serde(skip_serializing_if = "Option::is_none", default)]
48    pub enforcement_level: Option<EnforcementLevel>,
49    pub evaluated_at: Timestamp,
50    /// Hash of the policy manifest that was evaluated. Lets auditors replay the decision against the exact manifest.
51    #[serde(skip_serializing_if = "Option::is_none", default)]
52    pub policy_manifest_hash: Option<HashRef>,
53    /// Free-form evaluation-time context (session id, posture flags, quorum approver count, etc.).
54    #[serde(skip_serializing_if = "Option::is_none", default)]
55    pub context: Option<serde_json::Value>,
56}
57
58/// Effect produced by the policy engine.
59#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
60pub enum PolicyDecision_Decision {
61    #[serde(rename = "allow")]
62    Allow,
63    #[serde(rename = "deny")]
64    Deny,
65    #[serde(rename = "escalate")]
66    Escalate,
67    #[serde(rename = "approval-required")]
68    ApprovalRequired,
69    #[serde(rename = "log-only")]
70    LogOnly,
71}
72
73/// Version of the policy-decision schema itself.
74#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
75pub enum PolicyDecision_DecisionVersion {
76    #[serde(rename = "1")]
77    V1,
78}
79
80/// Which engine produced this decision.
81#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
82pub enum PolicyDecision_PolicyEngine {
83    #[serde(rename = "cedar")]
84    Cedar,
85    #[serde(rename = "rego")]
86    Rego,
87    #[serde(rename = "custom")]
88    Custom,
89    #[serde(rename = "native")]
90    Native,
91    #[serde(rename = "none")]
92    None,
93}