Module cluster 

Cluster join / membership wire DTOs.

Lifted from zlayer-api::handlers::cluster so the CLI, the manager UI, and any other client can describe these requests/responses without depending on zlayer-api. The handler itself stays in zlayer-api.

Structs

CaCert

“CA certificate” minted by the cluster CA at every rotation of the active signing key.

ClusterJoinClaims

Claims carried inside a signed cluster join token.

ClusterJoinRequest

Request body for POST /api/v1/cluster/join.

ClusterJoinResponse

Response body for POST /api/v1/cluster/join.

ClusterNodeSummary

Summary of a cluster node for listing.

ClusterPeer

Summary of an existing cluster peer returned in join response.

GossipPeerSummary

Snapshot of one gossip-pool peer, returned by GET /api/v1/cluster/gossip/peers.

ImportTrustBundleRequest

Request body for POST /api/v1/cluster/trust-imports.

ImportTrustBundleResponse

Response body for POST /api/v1/cluster/trust-imports.

JwtStatusResponse

Response body for GET /api/v1/cluster/jwt-status.

RevocationEntry

One entry in the cluster-wide token revocation list.

RevocationListResponse

Response body for GET /api/v1/cluster/revocations.

RevokeTokenRequest

Request body for POST /api/v1/cluster/revoke-token.

RevokeTokenResponse

Response body for POST /api/v1/cluster/revoke-token.

RotateSigningKeyRequest

Request body for POST /api/v1/cluster/rotate-signing-key.

RotateSigningKeyResponse

Response body for POST /api/v1/cluster/rotate-signing-key.

SetJwtAlgorithmRequest

Request body for POST /api/v1/cluster/jwt-algorithm.

SignedClusterJoinToken

Envelope around ClusterJoinClaims carrying the Ed25519 signature.

SigningPubkeyEntry

Per-key entry returned by GET /api/v1/cluster/signing-pubkeys.

SigningPubkeyResponse

Response body for GET /api/v1/cluster/signing-pubkey.

SigningPubkeysResponse

Response body for GET /api/v1/cluster/signing-pubkeys.

TrustBundle

Public trust bundle for a cluster, distributable out-of-band so other clusters can import it and accept this cluster’s tokens.

TrustedBundleEntry

One entry in the trusted-bundle listing.

TrustedBundlesResponse

Response body for GET /api/v1/cluster/trust-bundles.

WorkerSummary

Summary of a worker-tier worker node, returned by GET /api/v1/cluster/workers.

Enums

JwtAlgorithm

The JWT algorithm policy a cluster enforces for join tokens.

Constants

CA_CERT_FORMAT_VERSION

Current CaCert::v value the issuer emits.

SIGNED_TOKEN_V_WAVE3

Current envelope version Wave-3 mints. Re-export so mint and verify stay in lockstep without a stringly-typed constant elsewhere.

SIGNED_TOKEN_V_WAVE9

Wave 9 envelope version: extends Wave 3 with an optional ca_chain so a foreign-issued token can carry the CA-signed binding that proves its kid was issued by the cluster identified in ca_chain.cluster_domain. v=1 tokens still parse — ca_chain is just absent in their JSON.

TRUST_BUNDLE_FORMAT_VERSION

Current TrustBundle::v value.

Functions

default_api_port

default_mode