1#![allow(unused_imports, non_camel_case_types, non_snake_case, clippy::all)]
4
5use serde::{Deserialize, Serialize};
6use super::*;
7
8pub type ActionName = String;
10
11pub type ActorId = String;
13
14#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
16pub enum ActorType {
17 #[serde(rename = "human")]
18 Human,
19 #[serde(rename = "agent")]
20 Agent,
21 #[serde(rename = "device")]
22 Device,
23 #[serde(rename = "service")]
24 Service,
25 #[serde(rename = "site")]
26 Site,
27 #[serde(rename = "organization")]
28 Organization,
29 #[serde(rename = "relay")]
30 Relay,
31 #[serde(rename = "plugin")]
32 Plugin,
33 #[serde(rename = "process")]
34 Process,
35 #[serde(rename = "tool")]
36 Tool,
37 #[serde(rename = "model-provider")]
38 ModelProvider,
39 #[serde(rename = "policy-engine")]
40 PolicyEngine,
41 #[serde(rename = "proof-anchor")]
42 ProofAnchor,
43 #[serde(rename = "emergency-authority")]
44 EmergencyAuthority,
45}
46
47pub type AlgorithmId = String;
49
50#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
52pub enum ApprovalRequirement {
53 #[serde(rename = "none")]
54 None,
55 #[serde(rename = "conditional")]
56 Conditional,
57 #[serde(rename = "required")]
58 Required,
59 #[serde(rename = "quorum")]
60 Quorum,
61}
62
63#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
65pub struct Capability {
66 pub name: ActionName,
67 pub risk: RiskClass,
68 #[serde(skip_serializing_if = "Option::is_none", default)]
69 pub proof_required: Option<ProofLevel>,
70 #[serde(skip_serializing_if = "Option::is_none", default)]
71 pub approval: Option<ApprovalRequirement>,
72 #[serde(skip_serializing_if = "Option::is_none", default)]
74 pub constraints: Option<Vec<Constraint>>,
75 #[serde(skip_serializing_if = "Option::is_none", default)]
77 pub single_use: Option<bool>,
78 #[serde(skip_serializing_if = "Option::is_none", default)]
80 pub delegable: Option<bool>,
81 #[serde(skip_serializing_if = "Option::is_none", default)]
83 pub revocable: Option<bool>,
84 #[serde(skip_serializing_if = "Option::is_none", default)]
86 pub offline_valid: Option<bool>,
87 #[serde(skip_serializing_if = "Option::is_none", default)]
88 pub expires_at: Option<Timestamp>,
89}
90
91#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
93#[serde(tag = "kind")]
94pub enum Constraint {
95 #[serde(rename = "time_window")]
96 TimeWindow {
97 #[serde(skip_serializing_if = "Option::is_none", default)]
98 from: Option<Timestamp>,
99 until: Timestamp,
100 },
101 #[serde(rename = "target")]
102 Target {
103 patterns: Vec<String>,
104 },
105 #[serde(rename = "quantity")]
106 Quantity {
107 max: i64,
108 #[serde(skip_serializing_if = "Option::is_none", default)]
109 unit: Option<String>,
110 },
111 #[serde(rename = "rate")]
112 Rate {
113 max_per_window: i64,
114 window_seconds: i64,
115 },
116 #[serde(rename = "session")]
117 Session {
118 session_id: String,
119 },
120 #[serde(rename = "approval")]
121 Approval {
122 approval: ApprovalRequirement,
123 },
124 #[serde(rename = "quorum")]
125 Quorum {
126 quorum: i64,
127 of: Vec<ActorId>,
128 },
129 #[serde(rename = "device_binding")]
130 DeviceBinding {
131 device_actor: ActorId,
132 },
133}
134
135#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
137pub enum DangerTag {
138 #[serde(rename = "financial")]
139 Financial,
140 #[serde(rename = "destructive")]
141 Destructive,
142 #[serde(rename = "irreversible")]
143 Irreversible,
144 #[serde(rename = "security-sensitive")]
145 SecuritySensitive,
146 #[serde(rename = "privacy")]
147 Privacy,
148 #[serde(rename = "external-network")]
149 ExternalNetwork,
150 #[serde(rename = "legal-exposure")]
151 LegalExposure,
152 #[serde(rename = "high-compute")]
153 HighCompute,
154}
155
156#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
158pub struct DelegationLink {
159 pub delegator: ActorId,
160 pub delegate: ActorId,
161 pub capabilities: Vec<Capability>,
163 #[serde(skip_serializing_if = "Option::is_none", default)]
165 pub constraints: Option<Vec<Constraint>>,
166 #[serde(skip_serializing_if = "Option::is_none", default)]
167 pub expires_at: Option<Timestamp>,
168 #[serde(skip_serializing_if = "Option::is_none", default)]
170 pub redelegation: Option<DelegationLink_Redelegation>,
171 #[serde(skip_serializing_if = "Option::is_none", default)]
172 pub proof_ref: Option<HashRef>,
173}
174
175#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
177pub struct DelegationLink_Redelegation {
178 pub allowed: bool,
180 #[serde(skip_serializing_if = "Option::is_none", default)]
182 pub max_depth: Option<i64>,
183}
184
185#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
187pub enum EnforcementLevel {
188 #[serde(rename = "E0")]
189 E0,
190 #[serde(rename = "E1")]
191 E1,
192 #[serde(rename = "E2")]
193 E2,
194 #[serde(rename = "E3")]
195 E3,
196 #[serde(rename = "E4")]
197 E4,
198 #[serde(rename = "E5")]
199 E5,
200}
201
202pub type HashRef = String;
204
205pub type InstanceId = String;
207
208#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
210pub struct NegativeCapability {
211 pub name: ActionName,
212 #[serde(skip_serializing_if = "Option::is_none", default)]
214 pub target: Option<String>,
215 #[serde(skip_serializing_if = "Option::is_none", default)]
217 pub reason: Option<String>,
218 #[serde(skip_serializing_if = "Option::is_none", default)]
220 pub overrides: Option<Vec<String>>,
221}
222
223#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
225pub enum ProofLevel {
226 #[serde(rename = "L0")]
227 L0,
228 #[serde(rename = "L1")]
229 L1,
230 #[serde(rename = "L2")]
231 L2,
232 #[serde(rename = "L3")]
233 L3,
234 #[serde(rename = "L4")]
235 L4,
236 #[serde(rename = "L5")]
237 L5,
238}
239
240#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
242pub enum RiskClass {
243 #[serde(rename = "R0")]
244 R0,
245 #[serde(rename = "R1")]
246 R1,
247 #[serde(rename = "R2")]
248 R2,
249 #[serde(rename = "R3")]
250 R3,
251 #[serde(rename = "R4")]
252 R4,
253 #[serde(rename = "R5")]
254 R5,
255}
256
257#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
259pub struct SignatureEnvelope {
260 pub algorithm: AlgorithmId,
261 pub signer: ActorId,
262 pub signature: String,
264 #[serde(skip_serializing_if = "Option::is_none", default)]
266 pub hash_alg: Option<String>,
267 #[serde(skip_serializing_if = "Option::is_none", default)]
268 pub alt_algorithm: Option<AlgorithmId>,
269 #[serde(skip_serializing_if = "Option::is_none", default)]
271 pub alt_signature: Option<String>,
272}
273
274pub type Timestamp = String;
276
277pub type TrustDomain = String;
279
280#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
282pub enum TrustLevel {
283 #[serde(rename = "T0")]
284 T0,
285 #[serde(rename = "T1")]
286 T1,
287 #[serde(rename = "T2")]
288 T2,
289 #[serde(rename = "T3")]
290 T3,
291 #[serde(rename = "T4")]
292 T4,
293 #[serde(rename = "T5")]
294 T5,
295 #[serde(rename = "T6")]
296 T6,
297 #[serde(rename = "T7")]
298 T7,
299}