-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathschema.proto
276 lines (234 loc) · 4.79 KB
/
schema.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
syntax = "proto2";
package biscuit.format.schema;
message Biscuit {
optional uint32 rootKeyId = 1;
required SignedBlock authority = 2;
repeated SignedBlock blocks = 3;
required Proof proof = 4;
}
message SignedBlock {
required bytes block = 1;
required PublicKey nextKey = 2;
required bytes signature = 3;
optional ExternalSignature externalSignature = 4;
optional uint32 version = 5;
}
message ExternalSignature {
required bytes signature = 1;
required PublicKey publicKey = 2;
}
message PublicKey {
required Algorithm algorithm = 1;
enum Algorithm {
Ed25519 = 0;
SECP256R1 = 1;
}
required bytes key = 2;
}
message Proof {
oneof Content {
bytes nextSecret = 1;
bytes finalSignature = 2;
}
}
message Block {
repeated string symbols = 1;
optional string context = 2;
optional uint32 version = 3;
repeated FactV2 facts_v2 = 4;
repeated RuleV2 rules_v2 = 5;
repeated CheckV2 checks_v2 = 6;
repeated Scope scope = 7;
repeated PublicKey publicKeys = 8;
}
message Scope {
enum ScopeType {
Authority = 0;
Previous = 1;
}
oneof Content {
ScopeType scopeType = 1;
int64 publicKey = 2;
}
}
message FactV2 {
required PredicateV2 predicate = 1;
}
message RuleV2 {
required PredicateV2 head = 1;
repeated PredicateV2 body = 2;
repeated ExpressionV2 expressions = 3;
repeated Scope scope = 4;
}
message CheckV2 {
repeated RuleV2 queries = 1;
optional Kind kind = 2;
enum Kind {
One = 0;
All = 1;
Reject = 2;
}
}
message PredicateV2 {
required uint64 name = 1;
repeated TermV2 terms = 2;
}
message TermV2 {
oneof Content {
uint32 variable = 1;
int64 integer = 2;
uint64 string = 3;
uint64 date = 4;
bytes bytes = 5;
bool bool = 6;
TermSet set = 7;
Empty null = 8;
Array array = 9;
Map map = 10;
}
}
message TermSet {
repeated TermV2 set = 1;
}
message Array {
repeated TermV2 array = 1;
}
message Map {
repeated MapEntry entries = 1;
}
message MapEntry {
required MapKey key = 1;
required TermV2 value = 2;
}
message MapKey {
oneof Content {
int64 integer = 1;
uint64 string = 2;
}
}
message ExpressionV2 {
repeated Op ops = 1;
}
message Op {
oneof Content {
TermV2 value = 1;
OpUnary unary = 2;
OpBinary Binary = 3;
OpClosure closure = 4;
}
}
message OpUnary {
enum Kind {
Negate = 0;
Parens = 1;
Length = 2;
TypeOf = 3;
Ffi = 4;
}
required Kind kind = 1;
optional uint64 ffiName = 2;
}
message OpBinary {
enum Kind {
LessThan = 0;
GreaterThan = 1;
LessOrEqual = 2;
GreaterOrEqual = 3;
Equal = 4;
Contains = 5;
Prefix = 6;
Suffix = 7;
Regex = 8;
Add = 9;
Sub = 10;
Mul = 11;
Div = 12;
And = 13;
Or = 14;
Intersection = 15;
Union = 16;
BitwiseAnd = 17;
BitwiseOr = 18;
BitwiseXor = 19;
NotEqual = 20;
HeterogeneousEqual = 21;
HeterogeneousNotEqual = 22;
LazyAnd = 23;
LazyOr = 24;
All = 25;
Any = 26;
Get = 27;
Ffi = 28;
}
required Kind kind = 1;
optional uint64 ffiName = 2;
}
message OpClosure {
repeated uint32 params = 1;
repeated Op ops = 2;
}
message Policy {
enum Kind {
Allow = 0;
Deny = 1;
}
repeated RuleV2 queries = 1;
required Kind kind = 2;
}
message AuthorizerPolicies {
repeated string symbols = 1;
optional uint32 version = 2;
repeated FactV2 facts = 3;
repeated RuleV2 rules = 4;
repeated CheckV2 checks = 5;
repeated Policy policies = 6;
}
message ThirdPartyBlockRequest {
optional PublicKey legacyPreviousKey = 1;
repeated PublicKey legacyPublicKeys = 2;
required bytes previousSignature = 3;
}
message ThirdPartyBlockContents {
required bytes payload = 1;
required ExternalSignature externalSignature = 2;
}
message AuthorizerSnapshot {
required RunLimits limits = 1;
required uint64 executionTime = 2;
required AuthorizerWorld world = 3;
}
message RunLimits {
required uint64 maxFacts = 1;
required uint64 maxIterations = 2;
required uint64 maxTime = 3;
}
message AuthorizerWorld {
optional uint32 version = 1;
repeated string symbols = 2;
repeated PublicKey publicKeys = 3;
repeated SnapshotBlock blocks = 4;
required SnapshotBlock authorizerBlock = 5;
repeated Policy authorizerPolicies = 6;
repeated GeneratedFacts generatedFacts = 7;
required uint64 iterations = 8;
}
message Origin {
oneof Content {
Empty authorizer = 1;
uint32 origin = 2;
}
}
message Empty {}
message GeneratedFacts {
repeated Origin origins = 1;
repeated FactV2 facts = 2;
}
message SnapshotBlock {
optional string context = 1;
optional uint32 version = 2;
repeated FactV2 facts_v2 = 3;
repeated RuleV2 rules_v2 = 4;
repeated CheckV2 checks_v2 = 5;
repeated Scope scope = 6;
optional PublicKey externalKey = 7;
}