Documentation
¶
Index ¶
- Constants
- func CanonicalHash(value any) string
- func CredentialEdgeSignature(receipt EdgeRequestReceipt, tokenProofKey string) string
- func CredentialProofSignature(receipt ProofReceipt, tokenProofKey string) string
- func CredentialServiceSignature(receipt ServiceReceipt, tokenProofKey string) string
- func ExecutionTierSupportsResourceLimits(tier ExecutionSecurityTier) bool
- func ExecutorCapabilitiesHaveResourceConstrainedMatch(req PlacementRequirements, caps ExecutorCapabilities) bool
- func ExecutorCapabilitiesHaveSupportedMatch(req PlacementRequirements, caps PlacementRequirementCapabilities) bool
- func ExecutorMatchesPlacementRequirements(executor ExecutorRef, req PlacementRequirements) bool
- func HardwareCapabilitiesSatisfyPlacementRequirements(req PlacementRequirements, caps HardwarePlacementCapabilities) bool
- func NetworkAuditDescriptorDigest() string
- func NetworkAuditDescriptorSet() *descriptorpb.FileDescriptorSet
- func PlacementConstraintsSatisfiedBy(c PlacementConstraints, caps PlacementCapabilities, ...) error
- func PlacementRequiresVerifiedHardwareAttestation(req PlacementRequirements) bool
- func ProjectNetworkAuditDestination(raw string) (NetworkAuditDestination, []NetworkAuditValidationIssue)
- func ProjectNetworkAuditID(components ...string) (string, error)
- func ProjectNetworkAuditLifecycle(leaseID, event string) (NetworkAuditDestination, []NetworkAuditValidationIssue)
- func ProjectNetworkAuditProvider(providerID, pluginName, pluginVersion, contractID, contractVersion, ... string) (NetworkAuditProviderEvidence, []NetworkAuditValidationIssue)
- func ProviderPluginRequiresUpstreamClientConformance(pluginID string) bool
- func RequiredHardwareClass(req PlacementRequirements) string
- func ResourceLimitsRequireResourceConstrainedExecutor(limits ResourceLimits) bool
- func SoftwareAgentProofSignature(receipt ProofReceipt) string
- func SoftwareAgentServiceSignature(receipt ServiceReceipt) string
- func SoftwareRouterEdgeSignature(receipt EdgeRequestReceipt) string
- func TokenProofKey(token string) string
- func UnmarshalNetworkAuditRecordProtoStrict(data []byte) (*pb.NetworkAuditRecord, error)
- func ValidateAttestedProofBinding(binding AttestedProofBinding) error
- func ValidateAttestedServiceBinding(binding AttestedServiceBinding) error
- func ValidatePlacementRequirementsAgainstCapabilities(req PlacementRequirements, caps PlacementRequirementCapabilities) error
- func ValidateProofPolicy(proofTier ProofTier, policy ProofPolicy) error
- func ValidateResourceLimitsAgainstCapacity(limits ResourceLimits, capacity ResourceCapacity) error
- func ValidateRuntimeResultPreview(preview map[string]any) error
- func VerifyCredentialEdgeSignature(receipt EdgeRequestReceipt, tokenProofKey string) bool
- func VerifyCredentialProofSignature(receipt ProofReceipt, tokenProofKey string) bool
- func VerifyCredentialServiceSignature(receipt ServiceReceipt, tokenProofKey string) bool
- type AccessPolicy
- type AccessVisibility
- type AttestationDecision
- type AttestedProofBinding
- type AttestedServiceBinding
- type ContainerRuntimeTool
- type ContributionAuthority
- type ContributionPolicy
- type CryptoRewardCustodyMode
- type CryptoRewardDistributionMode
- type CryptoRewardParticipantWalletSource
- type CryptoRewardRoutingPolicy
- type EdgeRequestReceipt
- type ExecutionSecurityTier
- type ExecutorCapabilities
- type ExecutorRef
- type HardwareAttestation
- type HardwarePlacementCapabilities
- type HardwareSecurityCapabilities
- type KeyReleaseDecision
- type NetworkAuditDestination
- type NetworkAuditDestinationKind
- type NetworkAuditProviderEvidence
- type NetworkAuditRecord
- type NetworkAuditRefOptions
- type NetworkAuditRefProjection
- type NetworkAuditRefProjector
- type NetworkAuditRefStability
- type NetworkAuditValidationCode
- type NetworkAuditValidationError
- type NetworkAuditValidationIssue
- type NetworkMode
- type NetworkOperatingMode
- type NetworkProduct
- type PlacementCapabilities
- type PlacementConstraints
- type PlacementNetworkPolicy
- type PlacementRequirementCapabilities
- type PlacementRequirements
- type ProofPolicy
- type ProofReceipt
- type ProofTier
- type ProviderArtifactSpec
- type ProviderCapabilityReport
- type ProviderCapabilityStatus
- type ProviderConfig
- type ProviderConformanceEvidence
- type ProviderContract
- func (c *ProviderContract) ApplyProviderConformanceEvidence(evidence ProviderConformanceEvidence) error
- func (c ProviderContract) Matches(config ProviderConfig) bool
- func (c ProviderContract) SupportsOperation(operation string) bool
- func (c ProviderContract) SupportsProduct(product NetworkProduct) error
- func (c ProviderContract) Validate() error
- type ProviderOperation
- type ProviderRuntimeContract
- type ProviderRuntimeContractOptions
- type ProviderRuntimeProfile
- type ProviderUpstreamClientRequirement
- type ProviderUpstreamImagePolicy
- type ReceiptVerificationOptions
- type ResidueMode
- type ResiduePolicy
- type ResiduePolicyValidation
- type ResourceCapacity
- type ResourceLimits
- type ResourceUsage
- type RuntimeAdapterContract
- type RuntimeAdapterKind
- type RuntimeDescriptor
- type RuntimeExecutionRequest
- type RuntimeExecutionResult
- type RuntimePermission
- type RuntimeProfile
- type RuntimeServiceResult
- type RuntimeWorkspacePolicy
- type SLOEvidence
- type ServiceIngressEvidence
- type ServiceIngressTerminalStatus
- type ServiceReceipt
- type ServiceStatusEvidence
- type SessionPolicy
- type SettlementTarget
- type SettlementTargetKind
- type SignatureEnvelope
- type StorageGuidance
- type UpstreamClientConformance
- type VerificationStatus
- type VerifierResult
- type WASMRuntimeContract
- type WorkloadKind
Constants ¶
View Source
const ( SoftwareAgentSignaturePrefix = "software-agent:" SoftwareRouterSignaturePrefix = "software-router:" CredentialProofSignaturePrefix = "credential-hmac-sha256:" )
View Source
const MaxRuntimeResultPreviewBytes = 16 * 1024
View Source
const NetworkAuditMaxLabels = 32
View Source
const NetworkAuditProtocolVersion = Version
View Source
const NetworkAuditRefKeyEpoch = "network-audit-ref-v1"
View Source
const Version = "compute.v1alpha1"
Variables ¶
This section is empty.
Functions ¶
func CanonicalHash ¶
func CredentialEdgeSignature ¶
func CredentialEdgeSignature(receipt EdgeRequestReceipt, tokenProofKey string) string
func CredentialProofSignature ¶
func CredentialProofSignature(receipt ProofReceipt, tokenProofKey string) string
func CredentialServiceSignature ¶
func CredentialServiceSignature(receipt ServiceReceipt, tokenProofKey string) string
func ExecutionTierSupportsResourceLimits ¶
func ExecutionTierSupportsResourceLimits(tier ExecutionSecurityTier) bool
func ExecutorCapabilitiesHaveResourceConstrainedMatch ¶
func ExecutorCapabilitiesHaveResourceConstrainedMatch(req PlacementRequirements, caps ExecutorCapabilities) bool
func ExecutorCapabilitiesHaveSupportedMatch ¶
func ExecutorCapabilitiesHaveSupportedMatch(req PlacementRequirements, caps PlacementRequirementCapabilities) bool
func ExecutorMatchesPlacementRequirements ¶
func ExecutorMatchesPlacementRequirements(executor ExecutorRef, req PlacementRequirements) bool
func HardwareCapabilitiesSatisfyPlacementRequirements ¶
func HardwareCapabilitiesSatisfyPlacementRequirements(req PlacementRequirements, caps HardwarePlacementCapabilities) bool
func NetworkAuditDescriptorDigest ¶ added in v0.2.0
func NetworkAuditDescriptorDigest() string
func NetworkAuditDescriptorSet ¶ added in v0.2.0
func NetworkAuditDescriptorSet() *descriptorpb.FileDescriptorSet
func PlacementConstraintsSatisfiedBy ¶
func PlacementConstraintsSatisfiedBy(c PlacementConstraints, caps PlacementCapabilities, task PlacementNetworkPolicy) error
func PlacementRequiresVerifiedHardwareAttestation ¶
func PlacementRequiresVerifiedHardwareAttestation(req PlacementRequirements) bool
func ProjectNetworkAuditDestination ¶ added in v0.2.0
func ProjectNetworkAuditDestination(raw string) (NetworkAuditDestination, []NetworkAuditValidationIssue)
func ProjectNetworkAuditID ¶ added in v0.2.0
func ProjectNetworkAuditLifecycle ¶ added in v0.2.0
func ProjectNetworkAuditLifecycle(leaseID, event string) (NetworkAuditDestination, []NetworkAuditValidationIssue)
func ProjectNetworkAuditProvider ¶ added in v0.2.0
func ProjectNetworkAuditProvider(providerID, pluginName, pluginVersion, contractID, contractVersion, descriptorDigest string) (NetworkAuditProviderEvidence, []NetworkAuditValidationIssue)
func RequiredHardwareClass ¶
func RequiredHardwareClass(req PlacementRequirements) string
func ResourceLimitsRequireResourceConstrainedExecutor ¶
func ResourceLimitsRequireResourceConstrainedExecutor(limits ResourceLimits) bool
func SoftwareAgentProofSignature ¶
func SoftwareAgentProofSignature(receipt ProofReceipt) string
func SoftwareAgentServiceSignature ¶
func SoftwareAgentServiceSignature(receipt ServiceReceipt) string
func SoftwareRouterEdgeSignature ¶
func SoftwareRouterEdgeSignature(receipt EdgeRequestReceipt) string
func TokenProofKey ¶
func UnmarshalNetworkAuditRecordProtoStrict ¶ added in v0.2.0
func UnmarshalNetworkAuditRecordProtoStrict(data []byte) (*pb.NetworkAuditRecord, error)
func ValidateAttestedProofBinding ¶
func ValidateAttestedProofBinding(binding AttestedProofBinding) error
func ValidateAttestedServiceBinding ¶
func ValidateAttestedServiceBinding(binding AttestedServiceBinding) error
func ValidatePlacementRequirementsAgainstCapabilities ¶
func ValidatePlacementRequirementsAgainstCapabilities(req PlacementRequirements, caps PlacementRequirementCapabilities) error
func ValidateProofPolicy ¶
func ValidateProofPolicy(proofTier ProofTier, policy ProofPolicy) error
func ValidateResourceLimitsAgainstCapacity ¶
func ValidateResourceLimitsAgainstCapacity(limits ResourceLimits, capacity ResourceCapacity) error
func VerifyCredentialEdgeSignature ¶
func VerifyCredentialEdgeSignature(receipt EdgeRequestReceipt, tokenProofKey string) bool
func VerifyCredentialProofSignature ¶
func VerifyCredentialProofSignature(receipt ProofReceipt, tokenProofKey string) bool
func VerifyCredentialServiceSignature ¶
func VerifyCredentialServiceSignature(receipt ServiceReceipt, tokenProofKey string) bool
Types ¶
type AccessPolicy ¶
type AccessPolicy struct {
ProviderUsageVisibility AccessVisibility `json:"provider_usage_visibility,omitempty"`
WorkloadVisibility AccessVisibility `json:"workload_visibility,omitempty"`
ArtifactVisibility AccessVisibility `json:"artifact_visibility,omitempty"`
}
func (AccessPolicy) Validate ¶
func (p AccessPolicy) Validate() error
type AccessVisibility ¶
type AccessVisibility string
const ( AccessVisibilityPrivate AccessVisibility = "private" AccessVisibilityNetwork AccessVisibility = "network" AccessVisibilityPublic AccessVisibility = "public" )
type AttestationDecision ¶
type AttestationDecision struct {
Provider string `json:"provider,omitempty"`
VerifierID string `json:"verifier_id,omitempty"`
DecisionID string `json:"decision_id,omitempty"`
HardwareClass string `json:"hardware_class,omitempty"`
ExecutorImageDigest string `json:"executor_image_digest,omitempty"`
ExecutorRootFSDigest string `json:"executor_rootfs_digest,omitempty"`
PolicyID string `json:"policy_id,omitempty"`
Nonce string `json:"nonce,omitempty"`
IssuedAt time.Time `json:"issued_at,omitzero"`
ExpiresAt time.Time `json:"expires_at,omitzero"`
SignatureVerified bool `json:"signature_verified,omitempty"`
ConfidentialGPU bool `json:"confidential_gpu,omitempty"`
Signature SignatureEnvelope `json:"signature,omitzero"`
}
func (AttestationDecision) BindingDigest ¶
func (a AttestationDecision) BindingDigest() string
type AttestedProofBinding ¶
type AttestedProofBinding struct {
Executor ExecutorRef `json:"executor"`
PolicyID string `json:"policy_id"`
TaskID string `json:"task_id"`
TaskHash string `json:"task_hash"`
InputHash string `json:"input_hash"`
DependencyClosureHash string `json:"dependency_closure_hash"`
WorkerID string `json:"worker_id"`
PoolID string `json:"pool_id"`
StartedAt time.Time `json:"started_at"`
FinishedAt time.Time `json:"finished_at"`
Verifier VerifierResult `json:"verifier"`
}
type AttestedServiceBinding ¶
type AttestedServiceBinding struct {
Executor ExecutorRef `json:"executor"`
PolicyID string `json:"policy_id"`
TaskID string `json:"task_id"`
DeploymentHash string `json:"deployment_hash"`
WorkerID string `json:"worker_id"`
PoolID string `json:"pool_id"`
StartedAt time.Time `json:"started_at"`
FinishedAt time.Time `json:"finished_at"`
Verifier VerifierResult `json:"verifier"`
}
type ContainerRuntimeTool ¶
type ContainerRuntimeTool string
const ( ContainerRuntimePodman ContainerRuntimeTool = "podman" ContainerRuntimeDocker ContainerRuntimeTool = "docker" ContainerRuntimeNerdctl ContainerRuntimeTool = "nerdctl" ContainerRuntimeAppleContainer ContainerRuntimeTool = "apple-container" )
type ContributionAuthority ¶
type ContributionAuthority string
const ( ContributionAuthorityWFCompute ContributionAuthority = "wfcompute" ContributionAuthorityUpstream ContributionAuthority = "upstream" )
type ContributionPolicy ¶
type ContributionPolicy struct {
ValidationAuthority ContributionAuthority `json:"validation_authority,omitempty"`
CreditAuthority ContributionAuthority `json:"credit_authority,omitempty"`
MonetaryPayouts bool `json:"monetary_payouts,omitempty"`
}
func (ContributionPolicy) ValidateForRewardPolicy ¶
func (p ContributionPolicy) ValidateForRewardPolicy(rewardPolicy string, target SettlementTarget) error
type CryptoRewardCustodyMode ¶
type CryptoRewardCustodyMode string
const CryptoRewardCustodyTreasuryThenDistribute CryptoRewardCustodyMode = "treasury_then_distribute"
type CryptoRewardParticipantWalletSource ¶
type CryptoRewardParticipantWalletSource string
const CryptoRewardParticipantAccountWallet CryptoRewardParticipantWalletSource = "account_wallet"
type CryptoRewardRoutingPolicy ¶
type CryptoRewardRoutingPolicy struct {
Network string `json:"network,omitempty"`
TreasuryAccountID string `json:"treasury_account_id,omitempty"`
TreasuryWalletRef string `json:"treasury_wallet_ref,omitempty"`
CustodyMode CryptoRewardCustodyMode `json:"custody_mode,omitempty"`
DistributionMode CryptoRewardDistributionMode `json:"distribution_mode,omitempty"`
ParticipantWalletSource CryptoRewardParticipantWalletSource `json:"participant_wallet_source,omitempty"`
ManagementFeeBps int `json:"management_fee_bps,omitempty"`
}
func (CryptoRewardRoutingPolicy) Validate ¶
func (p CryptoRewardRoutingPolicy) Validate(target SettlementTarget) error
type EdgeRequestReceipt ¶
type EdgeRequestReceipt struct {
ProtocolVersion string `json:"protocol_version,omitempty"`
ID string `json:"id"`
OrgID string `json:"org_id"`
PoolID string `json:"pool_id"`
ProductID string `json:"product_id"`
Hostname string `json:"hostname"`
RouteTarget string `json:"route_target"`
ServiceLeaseID string `json:"service_lease_id,omitempty"`
TaskID string `json:"task_id,omitempty"`
WorkerID string `json:"worker_id,omitempty"`
ContentRef string `json:"content_ref,omitempty"`
RequestID string `json:"request_id"`
TraceID string `json:"trace_id"`
Method string `json:"method"`
RequestClass string `json:"request_class"`
RequestHash string `json:"request_hash"`
ResponseHash string `json:"response_hash"`
RequestBytes int64 `json:"request_bytes,omitempty"`
ResponseBytes int64 `json:"response_bytes,omitempty"`
StartedAt time.Time `json:"started_at"`
FinishedAt time.Time `json:"finished_at"`
ResourceUsage ResourceUsage `json:"resource_usage"`
ServiceReceiptIDs []string `json:"service_receipt_ids,omitempty"`
IngressEvidenceID string `json:"ingress_evidence_id,omitempty"`
IngressEvidenceHash string `json:"ingress_evidence_hash,omitempty"`
Verifier VerifierResult `json:"verifier"`
RouterSignature string `json:"router_signature"`
}
func VerifyEdgeRequestReceipt ¶
func VerifyEdgeRequestReceipt(receipt EdgeRequestReceipt, opts ReceiptVerificationOptions) (EdgeRequestReceipt, error)
func (EdgeRequestReceipt) Validate ¶
func (r EdgeRequestReceipt) Validate() error
type ExecutionSecurityTier ¶
type ExecutionSecurityTier string
const ( ExecutionTrustedNative ExecutionSecurityTier = "trusted-native" ExecutionHardenedContainer ExecutionSecurityTier = "hardened-container" ExecutionSandboxedContainer ExecutionSecurityTier = "sandboxed-container" ExecutionMicroVM ExecutionSecurityTier = "microvm" ExecutionConfidentialCPU ExecutionSecurityTier = "confidential-cpu" ExecutionConfidentialGPU ExecutionSecurityTier = "confidential-gpu" ExecutionWASMCapability ExecutionSecurityTier = "wasm-capability" )
type ExecutorCapabilities ¶
type ExecutorCapabilities struct {
Executors []ExecutorRef `json:"executors,omitempty"`
ExecutionTiers []ExecutionSecurityTier `json:"execution_tiers,omitempty"`
}
type ExecutorRef ¶
type ExecutorRef struct {
Provider string `json:"provider"`
Version string `json:"version"`
ExecutionSecurityTier ExecutionSecurityTier `json:"execution_security_tier,omitempty"`
ProofTier ProofTier `json:"proof_tier,omitempty"`
ImageDigest string `json:"image_digest,omitempty"`
RootFSDigest string `json:"rootfs_digest,omitempty"`
}
func (ExecutorRef) RequiresAttestation ¶
func (e ExecutorRef) RequiresAttestation() bool
func (ExecutorRef) ValidateForProof ¶
func (e ExecutorRef) ValidateForProof() error
type HardwareAttestation ¶
type HardwarePlacementCapabilities ¶
type HardwarePlacementCapabilities struct {
GPUCount int `json:"gpu_count,omitempty"`
Security HardwareSecurityCapabilities `json:"security,omitzero"`
Now time.Time `json:"now,omitzero"`
}
type HardwareSecurityCapabilities ¶
type HardwareSecurityCapabilities struct {
TEE []string `json:"tee,omitempty"`
HardwareClasses []string `json:"hardware_classes,omitempty"`
HardwareAttestations []HardwareAttestation `json:"hardware_attestations,omitempty"`
}
type KeyReleaseDecision ¶
type KeyReleaseDecision struct {
Provider string `json:"provider,omitempty"`
DecisionID string `json:"decision_id,omitempty"`
AttestationDecisionID string `json:"attestation_decision_id,omitempty"`
AttestationDigest string `json:"attestation_digest,omitempty"`
AttestationProvider string `json:"attestation_provider,omitempty"`
AttestationVerifierID string `json:"attestation_verifier_id,omitempty"`
AttestationKeyID string `json:"attestation_key_id,omitempty"`
PolicyID string `json:"policy_id,omitempty"`
TaskID string `json:"task_id,omitempty"`
TaskHash string `json:"task_hash,omitempty"`
InputHash string `json:"input_hash,omitempty"`
DependencyClosureHash string `json:"dependency_closure_hash,omitempty"`
WorkerID string `json:"worker_id,omitempty"`
PoolID string `json:"pool_id,omitempty"`
KeyRefHash string `json:"key_ref_hash,omitempty"`
Released bool `json:"released,omitempty"`
ExpiresAt time.Time `json:"expires_at,omitzero"`
Signature SignatureEnvelope `json:"signature,omitzero"`
}
type NetworkAuditDestination ¶ added in v0.2.0
type NetworkAuditDestination struct {
Kind NetworkAuditDestinationKind `json:"kind"`
Value string `json:"value"`
}
func NewNetworkAuditLifecycleDestination ¶ added in v0.2.0
func NewNetworkAuditLifecycleDestination(leaseID, event string) (NetworkAuditDestination, error)
type NetworkAuditDestinationKind ¶ added in v0.2.0
type NetworkAuditDestinationKind string
const ( NetworkAuditDestinationEndpoint NetworkAuditDestinationKind = "endpoint" NetworkAuditDestinationSHA256 NetworkAuditDestinationKind = "sha256" NetworkAuditDestinationArtifact NetworkAuditDestinationKind = "artifact" NetworkAuditDestinationLifecycle NetworkAuditDestinationKind = "network-lifecycle" )
type NetworkAuditProviderEvidence ¶ added in v0.2.0
type NetworkAuditProviderEvidence struct {
ProviderID string `json:"provider_id,omitempty"`
PluginName string `json:"plugin_name,omitempty"`
PluginVersion string `json:"plugin_version,omitempty"`
ContractID string `json:"contract_id,omitempty"`
ContractVersion string `json:"contract_version,omitempty"`
DescriptorDigest string `json:"descriptor_digest,omitempty"`
}
type NetworkAuditRecord ¶ added in v0.2.0
type NetworkAuditRecord struct {
ProtocolVersion string `json:"protocol_version"`
RecordID string `json:"record_id"`
TaskID string `json:"task_id,omitempty"`
LeaseID string `json:"lease_id,omitempty"`
WorkerID string `json:"worker_id,omitempty"`
Provider NetworkAuditProviderEvidence `json:"provider,omitempty"`
Destination NetworkAuditDestination `json:"destination"`
ResourceUsage ResourceUsage `json:"resource_usage,omitempty"`
Labels map[string]string `json:"labels,omitempty"`
StartedAt time.Time `json:"started_at,omitempty"`
FinishedAt time.Time `json:"finished_at,omitempty"`
ObservedAt time.Time `json:"observed_at,omitempty"`
}
func NetworkAuditRecordFromProto ¶ added in v0.2.0
func NetworkAuditRecordFromProto(message *pb.NetworkAuditRecord) (NetworkAuditRecord, error)
func (NetworkAuditRecord) ToProto ¶ added in v0.2.0
func (r NetworkAuditRecord) ToProto() *pb.NetworkAuditRecord
func (NetworkAuditRecord) Validate ¶ added in v0.2.0
func (r NetworkAuditRecord) Validate() error
func (NetworkAuditRecord) ValidateNetworkAudit ¶ added in v0.2.0
func (r NetworkAuditRecord) ValidateNetworkAudit() []NetworkAuditValidationIssue
type NetworkAuditRefOptions ¶ added in v0.2.0
type NetworkAuditRefOptions struct {
Stability NetworkAuditRefStability
Timestamp time.Time
}
type NetworkAuditRefProjection ¶ added in v0.2.0
type NetworkAuditRefProjection struct {
Ref string `json:"ref"`
Epoch string `json:"epoch"`
Stability NetworkAuditRefStability `json:"stability"`
Timestamp string `json:"timestamp"`
}
type NetworkAuditRefProjector ¶ added in v0.2.0
type NetworkAuditRefProjector struct {
// contains filtered or unexported fields
}
func NewNetworkAuditRefProjector ¶ added in v0.2.0
func NewNetworkAuditRefProjector(key []byte) (NetworkAuditRefProjector, error)
func (NetworkAuditRefProjector) Project ¶ added in v0.2.0
func (p NetworkAuditRefProjector) Project(record NetworkAuditRecord, options NetworkAuditRefOptions) (NetworkAuditRefProjection, error)
type NetworkAuditRefStability ¶ added in v0.2.0
type NetworkAuditRefStability string
const ( NetworkAuditRefStable NetworkAuditRefStability = "stable" NetworkAuditRefEphemeral NetworkAuditRefStability = "ephemeral" )
type NetworkAuditValidationCode ¶ added in v0.2.0
type NetworkAuditValidationCode string
const ( NetworkAuditValidationProtocolVersionInvalid NetworkAuditValidationCode = "protocol_version_invalid" NetworkAuditValidationRecordIDRequired NetworkAuditValidationCode = "record_id_required" NetworkAuditValidationDestinationRequired NetworkAuditValidationCode = "destination_required" NetworkAuditValidationDestinationInvalid NetworkAuditValidationCode = "destination_invalid" NetworkAuditValidationResourceUsageInvalid NetworkAuditValidationCode = "resource_usage_invalid" NetworkAuditValidationLabelInvalid NetworkAuditValidationCode = "label_invalid" NetworkAuditValidationLabelCountExceeded NetworkAuditValidationCode = "label_count_exceeded" NetworkAuditValidationTimeRangeInvalid NetworkAuditValidationCode = "time_range_invalid" NetworkAuditValidationProviderInvalid NetworkAuditValidationCode = "provider_invalid" )
type NetworkAuditValidationError ¶ added in v0.2.0
type NetworkAuditValidationError struct {
Issues []NetworkAuditValidationIssue
}
func (NetworkAuditValidationError) Error ¶ added in v0.2.0
func (e NetworkAuditValidationError) Error() string
type NetworkAuditValidationIssue ¶ added in v0.2.0
type NetworkAuditValidationIssue struct {
Code NetworkAuditValidationCode `json:"code"`
Field string `json:"field"`
Message string `json:"message"`
}
func ClassifyLegacyNetworkAuditRecord ¶ added in v0.2.0
func ClassifyLegacyNetworkAuditRecord(record map[string]any) []NetworkAuditValidationIssue
func ProjectNetworkAuditLabels ¶ added in v0.2.0
func ProjectNetworkAuditLabels(labels map[string]string) (map[string]string, []NetworkAuditValidationIssue)
type NetworkMode ¶
type NetworkMode string
const ( NetworkModeDirect NetworkMode = "direct" NetworkModeRelay NetworkMode = "relay" NetworkModeTailnet NetworkMode = "tailnet" NetworkModeTor NetworkMode = "tor" NetworkModeP2P NetworkMode = "p2p" NetworkModeOffline NetworkMode = "offline" )
type NetworkOperatingMode ¶
type NetworkOperatingMode string
const ( NetworkModeBatch NetworkOperatingMode = "batch" NetworkModeWarmService NetworkOperatingMode = "warm-service" NetworkModeNodeService NetworkOperatingMode = "node-service" NetworkModeInferenceAPI NetworkOperatingMode = "inference-api" )
type NetworkProduct ¶
type NetworkProduct struct {
ProtocolVersion string `json:"protocol_version"`
ID string `json:"id"`
DisplayName string `json:"display_name,omitempty"`
Purpose string `json:"purpose,omitempty"`
OperatingMode NetworkOperatingMode `json:"operating_mode"`
OrgID string `json:"org_id"`
PoolID string `json:"pool_id"`
WorkloadKinds []string `json:"workload_kinds"`
SecurityFloor PlacementRequirements `json:"security_floor"`
ProofPolicy ProofPolicy `json:"proof_policy,omitzero"`
SessionPolicy SessionPolicy `json:"session_policy,omitzero"`
ProviderConfig ProviderConfig `json:"provider_config,omitzero"`
NetworkModes []NetworkMode `json:"network_modes"`
PlacementConstraints PlacementConstraints `json:"placement_constraints,omitzero"`
RewardPolicy string `json:"reward_policy"`
AbusePolicy string `json:"abuse_policy"`
SettlementAccountID string `json:"settlement_account_id,omitempty"`
SettlementTarget SettlementTarget `json:"settlement_target,omitzero"`
CryptoRewardRouting CryptoRewardRoutingPolicy `json:"crypto_reward_routing,omitzero"`
ContributionPolicy ContributionPolicy `json:"contribution_policy,omitzero"`
AccessPolicy AccessPolicy `json:"access_policy,omitzero"`
ResiduePolicy ResiduePolicy `json:"residue_policy,omitzero"`
AdmissionMode string `json:"admission_mode,omitempty"`
AllowPublic bool `json:"allow_public,omitempty"`
CreatedAt time.Time `json:"created_at,omitempty"`
}
func (NetworkProduct) Validate ¶
func (p NetworkProduct) Validate() error
type PlacementCapabilities ¶
type PlacementCapabilities struct {
DiskBytes int64 `json:"disk_bytes,omitempty"`
MemoryBytes int64 `json:"memory_bytes,omitempty"`
BandwidthMbps int64 `json:"bandwidth_mbps,omitempty"`
IngressCapable bool `json:"ingress_capable,omitempty"`
CapabilityTags []string `json:"capability_tags,omitempty"`
}
type PlacementConstraints ¶
type PlacementConstraints struct {
Chain string `json:"chain,omitempty"`
Role string `json:"role,omitempty"`
MinDiskBytes int64 `json:"min_disk_bytes,omitempty"`
MinMemoryBytes int64 `json:"min_memory_bytes,omitempty"`
MinBandwidthMbps int64 `json:"min_bandwidth_mbps,omitempty"`
RequiresIngress bool `json:"requires_ingress,omitempty"`
RequiredCapabilities []string `json:"required_capabilities,omitempty"`
WalletRef string `json:"wallet_ref,omitempty"`
StorageGuidance StorageGuidance `json:"storage_guidance,omitzero"`
}
func (PlacementConstraints) IsZero ¶
func (c PlacementConstraints) IsZero() bool
func (PlacementConstraints) Validate ¶
func (c PlacementConstraints) Validate(required bool, target SettlementTarget) error
type PlacementNetworkPolicy ¶
type PlacementNetworkPolicy struct {
AllowIngress bool `json:"allow_ingress,omitempty"`
}
type PlacementRequirementCapabilities ¶
type PlacementRequirementCapabilities struct {
CapabilityTags []string `json:"capability_tags,omitempty"`
ExecutorProviders []string `json:"executor_providers,omitempty"`
ExecutionTiers []ExecutionSecurityTier `json:"execution_tiers,omitempty"`
ProofTiers []ProofTier `json:"proof_tiers,omitempty"`
CapabilityReports []ProviderCapabilityReport `json:"capability_reports,omitempty"`
Executors []ExecutorRef `json:"executors,omitempty"`
}
type PlacementRequirements ¶
type PlacementRequirements struct {
ExecutorProvider string `json:"executor_provider,omitempty"`
ExecutionSecurityTier ExecutionSecurityTier `json:"execution_security_tier,omitempty"`
ProofTier ProofTier `json:"proof_tier,omitempty"`
HardwareClass string `json:"hardware_class,omitempty"`
RequiredCapabilities []string `json:"required_capabilities,omitempty"`
}
type ProofPolicy ¶
type ProofReceipt ¶
type ProofReceipt struct {
ID string `json:"id"`
OrgID string `json:"org_id"`
TaskID string `json:"task_id"`
TaskHash string `json:"task_hash"`
InputHash string `json:"input_hash"`
DependencyClosureHash string `json:"dependency_closure_hash"`
Executor ExecutorRef `json:"executor"`
WorkerID string `json:"worker_id"`
PoolID string `json:"pool_id"`
PolicyID string `json:"policy_id"`
StartedAt time.Time `json:"started_at"`
FinishedAt time.Time `json:"finished_at"`
ExitCode int `json:"exit_code,omitempty"`
ResourceUsage ResourceUsage `json:"resource_usage"`
ArtifactHash string `json:"artifact_hash"`
ResultPreview map[string]any `json:"result_preview,omitempty"`
Verifier VerifierResult `json:"verifier"`
AgentSignature string `json:"agent_signature"`
}
func (ProofReceipt) Validate ¶
func (r ProofReceipt) Validate() error
type ProviderArtifactSpec ¶
type ProviderArtifactSpec struct {
Name string `json:"name"`
Required bool `json:"required,omitempty"`
ContentType string `json:"content_type,omitempty"`
MaxBytes int64 `json:"max_bytes,omitempty"`
RetentionSeconds int `json:"retention_seconds,omitempty"`
Forwardable bool `json:"forwardable,omitempty"`
}
type ProviderCapabilityReport ¶
type ProviderCapabilityReport struct {
Provider string `json:"provider"`
Status ProviderCapabilityStatus `json:"status"`
Reason string `json:"reason,omitempty"`
}
type ProviderCapabilityStatus ¶
type ProviderCapabilityStatus string
const ( ProviderCapabilitySupported ProviderCapabilityStatus = "supported" ProviderCapabilityDegraded ProviderCapabilityStatus = "degraded" ProviderCapabilityUnsupported ProviderCapabilityStatus = "unsupported" )
type ProviderConfig ¶
type ProviderConfig struct {
PluginID string `json:"plugin_id,omitempty"`
ProviderID string `json:"provider_id,omitempty"`
ContractID string `json:"contract_id,omitempty"`
Version string `json:"version,omitempty"`
ConfigRef string `json:"config_ref,omitempty"`
ConfigDigest string `json:"config_digest,omitempty"`
}
func (ProviderConfig) Validate ¶
func (p ProviderConfig) Validate() error
type ProviderConformanceEvidence ¶
type ProviderConformanceEvidence struct {
ProtocolVersion string `json:"protocol_version"`
ID string `json:"id"`
PluginID string `json:"plugin_id"`
ProviderID string `json:"provider_id"`
ContractID string `json:"contract_id"`
Version string `json:"version"`
RuntimeProfileID string `json:"runtime_profile_id"`
ConformanceProfile string `json:"conformance_profile"`
UpstreamClientName string `json:"upstream_client_name"`
UpstreamClientVersion string `json:"upstream_client_version"`
EvidenceRef string `json:"evidence_ref"`
EvidenceDigest string `json:"evidence_digest"`
ObservedAt time.Time `json:"observed_at"`
CreatedAt time.Time `json:"created_at,omitempty"`
}
func (ProviderConformanceEvidence) Validate ¶
func (e ProviderConformanceEvidence) Validate() error
type ProviderContract ¶
type ProviderContract struct {
ProtocolVersion string `json:"protocol_version"`
ID string `json:"id"`
PluginID string `json:"plugin_id"`
ProviderID string `json:"provider_id"`
ContractID string `json:"contract_id"`
Version string `json:"version"`
DisplayName string `json:"display_name,omitempty"`
OrgID string `json:"org_id,omitempty"`
PoolID string `json:"pool_id,omitempty"`
AccessPolicy AccessPolicy `json:"access_policy,omitzero"`
ConfigSchemaRef string `json:"config_schema_ref"`
ConfigSchemaDigest string `json:"config_schema_digest"`
OperatingModes []NetworkOperatingMode `json:"operating_modes"`
WorkloadKinds []string `json:"workload_kinds"`
ExecutorProviders []string `json:"executor_providers"`
ExecutionSecurityTiers []ExecutionSecurityTier `json:"execution_security_tiers"`
ProofTiers []ProofTier `json:"proof_tiers"`
NetworkModes []NetworkMode `json:"network_modes"`
Operations []ProviderOperation `json:"operations,omitempty"`
RuntimeContract ProviderRuntimeContract `json:"runtime_contract"`
CreatedAt time.Time `json:"created_at,omitempty"`
}
func (*ProviderContract) ApplyProviderConformanceEvidence ¶
func (c *ProviderContract) ApplyProviderConformanceEvidence(evidence ProviderConformanceEvidence) error
func (ProviderContract) Matches ¶
func (c ProviderContract) Matches(config ProviderConfig) bool
func (ProviderContract) SupportsOperation ¶
func (c ProviderContract) SupportsOperation(operation string) bool
func (ProviderContract) SupportsProduct ¶
func (c ProviderContract) SupportsProduct(product NetworkProduct) error
func (ProviderContract) Validate ¶
func (c ProviderContract) Validate() error
type ProviderOperation ¶
type ProviderOperation struct {
ID string `json:"id"`
InputSchemaRef string `json:"input_schema_ref"`
InputSchemaDigest string `json:"input_schema_digest"`
OutputSchemaRef string `json:"output_schema_ref"`
OutputSchemaDigest string `json:"output_schema_digest"`
Artifacts []string `json:"artifacts,omitempty"`
ArtifactSpecs []ProviderArtifactSpec `json:"artifact_specs,omitempty"`
}
func (ProviderOperation) NormalizedArtifactSpecs ¶
func (o ProviderOperation) NormalizedArtifactSpecs() []ProviderArtifactSpec
func (ProviderOperation) Validate ¶
func (o ProviderOperation) Validate() error
type ProviderRuntimeContract ¶
type ProviderRuntimeContract struct {
Profiles []ProviderRuntimeProfile `json:"profiles"`
}
func DefaultProviderRuntimeContract ¶
func DefaultProviderRuntimeContract(executors []string, tiers []ExecutionSecurityTier, proofs []ProofTier, options ProviderRuntimeContractOptions) ProviderRuntimeContract
func (ProviderRuntimeContract) RuntimeProfileForRequirements ¶
func (c ProviderRuntimeContract) RuntimeProfileForRequirements(req PlacementRequirements) (ProviderRuntimeProfile, bool)
func (ProviderRuntimeContract) SupportsProduct ¶
func (c ProviderRuntimeContract) SupportsProduct(product NetworkProduct) bool
func (ProviderRuntimeContract) Validate ¶
func (c ProviderRuntimeContract) Validate() error
type ProviderRuntimeContractOptions ¶
type ProviderRuntimeContractOptions struct {
ConformanceProfiles []string
UpstreamClientConformance UpstreamClientConformance
UpstreamClientEvidenceRef string
UpstreamClientEvidenceDigest string
}
type ProviderRuntimeProfile ¶
type ProviderRuntimeProfile struct {
ID string `json:"id"`
RuntimeProfile RuntimeProfile `json:"runtime_profile"`
ExecutorProvider string `json:"executor_provider"`
ExecutionSecurityTier ExecutionSecurityTier `json:"execution_security_tier"`
ProofTier ProofTier `json:"proof_tier"`
AllowedRuntimeTools []ContainerRuntimeTool `json:"allowed_runtime_tools,omitempty"`
ImageDigestRequired bool `json:"image_digest_required"`
RootFSDigestRequired bool `json:"rootfs_digest_required"`
AllowedMountRefs []string `json:"allowed_mount_refs,omitempty"`
WritablePaths []string `json:"writable_paths,omitempty"`
WritableRootFS RuntimePermission `json:"writable_rootfs"`
Privileged RuntimePermission `json:"privileged"`
HostNamespaces RuntimePermission `json:"host_namespaces"`
HostSocket RuntimePermission `json:"host_socket"`
SeccompDisable RuntimePermission `json:"seccomp_disable"`
NoNewPrivilegesDisable RuntimePermission `json:"no_new_privileges_disable"`
AllowedCapabilities []string `json:"allowed_capabilities,omitempty"`
ConformanceProfiles []string `json:"conformance_profiles,omitempty"`
UpstreamClientConformance UpstreamClientConformance `json:"upstream_client_conformance,omitempty"`
UpstreamClientEvidenceRef string `json:"upstream_client_evidence_ref,omitempty"`
UpstreamClientEvidenceDigest string `json:"upstream_client_evidence_digest,omitempty"`
HostWorkspaceSupported bool `json:"host_workspace_supported,omitempty"`
ResiduePolicy ResiduePolicy `json:"residue_policy,omitzero"`
WASM WASMRuntimeContract `json:"wasm,omitzero"`
}
func DefaultProviderRuntimeProfile ¶
func DefaultProviderRuntimeProfile(executorProvider string, tier ExecutionSecurityTier, proof ProofTier) ProviderRuntimeProfile
func (ProviderRuntimeProfile) Validate ¶
func (p ProviderRuntimeProfile) Validate() error
type ProviderUpstreamClientRequirement ¶
type ProviderUpstreamClientRequirement struct {
ProtocolVersion string `json:"protocol_version"`
PluginID string `json:"plugin_id"`
ProviderID string `json:"provider_id"`
ContractID string `json:"contract_id"`
Version string `json:"version"`
RuntimeProfileID string `json:"runtime_profile_id"`
ConformanceProfile string `json:"conformance_profile"`
DefaultConformance UpstreamClientConformance `json:"default_conformance"`
RealClientConformance UpstreamClientConformance `json:"real_client_conformance"`
UpstreamClientName string `json:"upstream_client_name"`
VersionProbeCommand []string `json:"version_probe_command,omitempty"`
ImagePolicy ProviderUpstreamImagePolicy `json:"image_policy"`
RequiredEvidence []string `json:"required_evidence,omitempty"`
Notes []string `json:"notes,omitempty"`
}
func (ProviderUpstreamClientRequirement) Validate ¶
func (r ProviderUpstreamClientRequirement) Validate() error
type ProviderUpstreamImagePolicy ¶
type ProviderUpstreamImagePolicy struct {
DigestPinnedImageRequired bool `json:"digest_pinned_image_required"`
OperatorSuppliedImageRequired bool `json:"operator_supplied_image_required,omitempty"`
RecommendedImageRef string `json:"recommended_image_ref,omitempty"`
KnownImageRefs []string `json:"known_image_refs,omitempty"`
}
func (ProviderUpstreamImagePolicy) Validate ¶
func (p ProviderUpstreamImagePolicy) Validate() error
type ResidueMode ¶
type ResidueMode string
const ( ResidueModeIsolated ResidueMode = "isolated" ResidueModeNone ResidueMode = "none" ResidueModeProviderBound ResidueMode = "provider-bound" ResidueModeWorkerBound ResidueMode = "worker-bound" ResidueModeSessionBound ResidueMode = "session-bound" )
type ResiduePolicy ¶
type ResiduePolicy struct {
Mode ResidueMode `json:"mode,omitempty"`
AllowedModes []ResidueMode `json:"allowed_modes,omitempty"`
SessionKey string `json:"session_key,omitempty"`
PolicyHash string `json:"policy_hash,omitempty"`
MaxAgeSeconds int `json:"max_age_seconds,omitempty"`
MaxReuseCount int `json:"max_reuse_count,omitempty"`
WipeOnFailure bool `json:"wipe_on_failure,omitempty"`
ExplicitWorkerBound bool `json:"explicit_worker_bound,omitempty"`
}
func (ResiduePolicy) IsZero ¶
func (p ResiduePolicy) IsZero() bool
func (ResiduePolicy) UsesReusableWorkspace ¶
func (p ResiduePolicy) UsesReusableWorkspace() bool
func (ResiduePolicy) Validate ¶
func (p ResiduePolicy) Validate(v ResiduePolicyValidation) error
type ResiduePolicyValidation ¶
type ResourceCapacity ¶
type ResourceLimits ¶
type ResourceLimits struct {
CPUPercent int `json:"cpu_percent,omitempty"`
MemoryBytes int64 `json:"memory_bytes,omitempty"`
WorkspaceBytes int64 `json:"workspace_bytes,omitempty"`
RuntimeSeconds int `json:"runtime_seconds,omitempty"`
NetworkEgressBytes int64 `json:"network_egress_bytes,omitempty"`
OutputBytes int64 `json:"output_bytes,omitempty"`
}
func (ResourceLimits) Validate ¶
func (l ResourceLimits) Validate() error
type ResourceUsage ¶
type ResourceUsage struct {
CPUMillis int64 `json:"cpu_millis,omitempty"`
GPUMillis int64 `json:"gpu_millis,omitempty"`
MaxMemoryBytes int64 `json:"max_memory_bytes,omitempty"`
NetworkRxBytes int64 `json:"network_rx_bytes,omitempty"`
NetworkTxBytes int64 `json:"network_tx_bytes,omitempty"`
WorkspaceBytes int64 `json:"workspace_bytes,omitempty"`
OutputBytes int64 `json:"output_bytes,omitempty"`
LimitHit string `json:"limit_hit,omitempty"`
}
type RuntimeAdapterContract ¶
type RuntimeAdapterContract struct {
ProtocolVersion string `json:"protocol_version"`
AdapterID string `json:"adapter_id"`
Descriptor RuntimeDescriptor `json:"descriptor,omitzero"`
Kinds []RuntimeAdapterKind `json:"kinds"`
WorkloadKinds []WorkloadKind `json:"workload_kinds"`
RuntimeProfiles []RuntimeProfile `json:"runtime_profiles,omitempty"`
WorkspacePolicy RuntimeWorkspacePolicy `json:"workspace_policy"`
ConformanceProfiles []string `json:"conformance_profiles"`
ResiduePolicy ResiduePolicy `json:"residue_policy,omitzero"`
ProviderConfig ProviderConfig `json:"provider_config,omitzero"`
Metadata map[string]string `json:"metadata,omitempty"`
}
func (RuntimeAdapterContract) Supports ¶
func (c RuntimeAdapterContract) Supports(kind WorkloadKind) bool
func (RuntimeAdapterContract) SupportsAdapterKind ¶
func (c RuntimeAdapterContract) SupportsAdapterKind(kind RuntimeAdapterKind) bool
func (RuntimeAdapterContract) Validate ¶
func (c RuntimeAdapterContract) Validate() error
type RuntimeAdapterKind ¶
type RuntimeAdapterKind string
const ( RuntimeAdapterExecution RuntimeAdapterKind = "execution" RuntimeAdapterServiceRun RuntimeAdapterKind = "service-run" RuntimeAdapterServiceSession RuntimeAdapterKind = "service-session" )
type RuntimeDescriptor ¶
type RuntimeDescriptor struct {
Name string `json:"name"`
Version string `json:"version"`
ExecutionSecurityTier ExecutionSecurityTier `json:"execution_security_tier,omitempty"`
ProofTier ProofTier `json:"proof_tier,omitempty"`
ImageDigest string `json:"image_digest,omitempty"`
RootFSDigest string `json:"rootfs_digest,omitempty"`
}
func (RuntimeDescriptor) ExecutorRef ¶
func (d RuntimeDescriptor) ExecutorRef(defaultProvider string) ExecutorRef
func (RuntimeDescriptor) Validate ¶
func (d RuntimeDescriptor) Validate() error
type RuntimeExecutionRequest ¶
type RuntimeExecutionRequest struct {
ProtocolVersion string `json:"protocol_version"`
TaskID string `json:"task_id"`
LeaseID string `json:"lease_id"`
WorkloadKind WorkloadKind `json:"workload_kind"`
ProviderConfig ProviderConfig `json:"provider_config,omitzero"`
Operation string `json:"operation,omitempty"`
Input json.RawMessage `json:"input,omitempty"`
Env map[string]string `json:"env,omitempty"`
Limits ResourceLimits `json:"limits,omitzero"`
}
func (RuntimeExecutionRequest) Validate ¶
func (r RuntimeExecutionRequest) Validate() error
type RuntimeExecutionResult ¶
type RuntimeExecutionResult struct {
StartedAt time.Time `json:"started_at,omitempty"`
FinishedAt time.Time `json:"finished_at,omitempty"`
ExitCode int `json:"exit_code,omitempty"`
Stdout []byte `json:"stdout,omitempty"`
Stderr []byte `json:"stderr,omitempty"`
ArtifactHash string `json:"artifact_hash,omitempty"`
Artifacts []string `json:"artifacts,omitempty"`
ResultPreview map[string]any `json:"result_preview,omitempty"`
ResourceUsage ResourceUsage `json:"resource_usage,omitzero"`
}
func (RuntimeExecutionResult) Validate ¶
func (r RuntimeExecutionResult) Validate() error
type RuntimePermission ¶
type RuntimePermission string
const ( RuntimePermissionForbidden RuntimePermission = "forbidden" RuntimePermissionExplicit RuntimePermission = "explicit" RuntimePermissionAllowed RuntimePermission = "allowed" )
type RuntimeProfile ¶
type RuntimeProfile string
const ( RuntimeProfileSandboxedOCI RuntimeProfile = "sandboxed-oci-v1" RuntimeProfileContainerBuild RuntimeProfile = "container-build-v1" RuntimeProfileServiceOCI RuntimeProfile = "service-oci-v1" RuntimeProfileWASMComponent RuntimeProfile = "wasm-component-v1" RuntimeProfileBrowserWorker RuntimeProfile = "browser-worker-wasm-v1" )
type RuntimeServiceResult ¶
type RuntimeServiceResult struct {
StartedAt time.Time `json:"started_at,omitempty"`
FinishedAt time.Time `json:"finished_at,omitempty"`
RequestHash string `json:"request_hash,omitempty"`
ResponseHash string `json:"response_hash,omitempty"`
ResourceUsage ResourceUsage `json:"resource_usage,omitzero"`
SLOEvidence SLOEvidence `json:"slo_evidence,omitzero"`
StatusEvidence ServiceStatusEvidence `json:"status_evidence,omitzero"`
}
func (RuntimeServiceResult) Validate ¶
func (r RuntimeServiceResult) Validate() error
type RuntimeWorkspacePolicy ¶
type RuntimeWorkspacePolicy string
const ( RuntimeWorkspaceOptional RuntimeWorkspacePolicy = "optional" RuntimeWorkspaceRequired RuntimeWorkspacePolicy = "required" )
type SLOEvidence ¶
type SLOEvidence struct {
LatencyMillis int64 `json:"latency_millis,omitempty"`
StatusCode int `json:"status_code,omitempty"`
DeadlineMS int64 `json:"deadline_ms,omitempty"`
Healthy bool `json:"healthy,omitempty"`
}
func (SLOEvidence) Validate ¶
func (e SLOEvidence) Validate() error
type ServiceIngressEvidence ¶
type ServiceIngressEvidence struct {
ID string `json:"id"`
OrgID string `json:"org_id"`
PoolID string `json:"pool_id"`
ProductID string `json:"product_id"`
Hostname string `json:"hostname"`
RouteTarget string `json:"route_target"`
ServiceLeaseID string `json:"service_lease_id"`
TaskID string `json:"task_id"`
WorkerID string `json:"worker_id"`
LeaseLeasedAt time.Time `json:"lease_leased_at"`
LeaseRenewBy time.Time `json:"lease_renew_by"`
SelectedAt time.Time `json:"selected_at"`
LastHealthAt time.Time `json:"last_health_at"`
HealthValidUntil time.Time `json:"health_valid_until"`
LastHealthResponseHash string `json:"last_health_response_hash"`
LastHealthSLOEvidenceHash string `json:"last_health_slo_evidence_hash"`
AuthDecisionHash string `json:"auth_decision_hash"`
IdempotencyKey string `json:"idempotency_key"`
RequestMethod string `json:"request_method"`
RequestPath string `json:"request_path"`
RequestBodyHash string `json:"request_body_hash"`
RequestHeaderNames []string `json:"request_header_names,omitempty"`
HelperImage string `json:"helper_image"`
HelperScheme string `json:"helper_scheme"`
HelperHost string `json:"helper_host"`
HelperPort int `json:"helper_port"`
HelperPortName string `json:"helper_port_name,omitempty"`
HelperTimeoutMS int `json:"helper_timeout_ms"`
HelperContainerNetNSTarget string `json:"helper_container_netns_target"`
HelperOutputHash string `json:"helper_output_hash,omitempty"`
HelperErrorHash string `json:"helper_error_hash,omitempty"`
FailureClass string `json:"failure_class,omitempty"`
FailureMessage string `json:"failure_message,omitempty"`
ResponseStatus int `json:"response_status,omitempty"`
ResponseHeaderNames []string `json:"response_header_names,omitempty"`
ResponseHash string `json:"response_hash,omitempty"`
ResponseBytes int64 `json:"response_bytes,omitempty"`
TerminalStatus ServiceIngressTerminalStatus `json:"terminal_status"`
StartedAt time.Time `json:"started_at"`
FinishedAt time.Time `json:"finished_at"`
}
func (ServiceIngressEvidence) Validate ¶
func (e ServiceIngressEvidence) Validate() error
type ServiceIngressTerminalStatus ¶
type ServiceIngressTerminalStatus string
const ( ServiceIngressTerminalCompleted ServiceIngressTerminalStatus = "completed" ServiceIngressTerminalFailed ServiceIngressTerminalStatus = "failed" )
type ServiceReceipt ¶
type ServiceReceipt struct {
ID string `json:"id"`
OrgID string `json:"org_id"`
TaskID string `json:"task_id"`
ServiceLeaseID string `json:"service_lease_id"`
WorkerID string `json:"worker_id"`
PoolID string `json:"pool_id"`
PolicyID string `json:"policy_id"`
Executor ExecutorRef `json:"executor"`
DeploymentHash string `json:"deployment_hash"`
RequestID string `json:"request_id"`
TraceID string `json:"trace_id"`
RequestHash string `json:"request_hash"`
ResponseHash string `json:"response_hash"`
StartedAt time.Time `json:"started_at"`
FinishedAt time.Time `json:"finished_at"`
ResourceUsage ResourceUsage `json:"resource_usage"`
ResourceLimits ResourceLimits `json:"resource_limits,omitzero"`
SLOEvidence SLOEvidence `json:"slo_evidence"`
StatusEvidence ServiceStatusEvidence `json:"status_evidence,omitzero"`
Verifier VerifierResult `json:"verifier"`
AgentSignature string `json:"agent_signature"`
}
func VerifyServiceReceipt ¶
func VerifyServiceReceipt(receipt ServiceReceipt, opts ReceiptVerificationOptions) (ServiceReceipt, error)
func (ServiceReceipt) Validate ¶
func (r ServiceReceipt) Validate() error
type ServiceStatusEvidence ¶
type ServiceStatusEvidence struct {
CommandHash string `json:"command_hash,omitempty"`
OutputHash string `json:"output_hash,omitempty"`
Preview string `json:"preview,omitempty"`
Truncated bool `json:"truncated,omitempty"`
}
func (ServiceStatusEvidence) Validate ¶
func (e ServiceStatusEvidence) Validate() error
type SessionPolicy ¶
type SessionPolicy struct {
WarmSeconds int `json:"warm_seconds,omitempty"`
MinRenewals int `json:"min_renewals,omitempty"`
MaxBatchRequests int `json:"max_batch_requests,omitempty"`
}
func (SessionPolicy) ValidateForOperatingMode ¶
func (p SessionPolicy) ValidateForOperatingMode(mode NetworkOperatingMode) error
type SettlementTarget ¶
type SettlementTarget struct {
Kind SettlementTargetKind `json:"kind,omitempty"`
AccountID string `json:"account_id,omitempty"`
Network string `json:"network,omitempty"`
WalletRef string `json:"wallet_ref,omitempty"`
}
func (SettlementTarget) Validate ¶
func (t SettlementTarget) Validate(settlementAccountID string) error
type SettlementTargetKind ¶
type SettlementTargetKind string
const ( SettlementTargetPointsLedger SettlementTargetKind = "points_ledger" SettlementTargetPayrollAccount SettlementTargetKind = "payroll_account" SettlementTargetBadgeLedger SettlementTargetKind = "badge_ledger" SettlementTargetFiatTokenTreasury SettlementTargetKind = "fiat_token_treasury" SettlementTargetTreasuryWallet SettlementTargetKind = "treasury_wallet" SettlementTargetParticipantWallet SettlementTargetKind = "participant_wallet" SettlementTargetExternalDestination SettlementTargetKind = "external_destination" )
type SignatureEnvelope ¶
type StorageGuidance ¶
type StorageGuidance struct {
Mode string `json:"mode,omitempty"`
MinDiskBytes int64 `json:"min_disk_bytes,omitempty"`
MinDiskDisplay string `json:"min_disk_display,omitempty"`
RecommendedDiskBytes int64 `json:"recommended_disk_bytes,omitempty"`
RecommendedDiskDisplay string `json:"recommended_disk_display,omitempty"`
GrowthMarginBytes int64 `json:"growth_margin_bytes,omitempty"`
GrowthMarginDisplay string `json:"growth_margin_display,omitempty"`
DurableVolumeRequired bool `json:"durable_volume_required,omitempty"`
PreserveOnUpdate bool `json:"preserve_on_update,omitempty"`
PreserveOnUninstall bool `json:"preserve_on_uninstall,omitempty"`
PruningSupported bool `json:"pruning_supported,omitempty"`
SnapshotVerificationRequired bool `json:"snapshot_verification_required,omitempty"`
}
func (StorageGuidance) Validate ¶
func (g StorageGuidance) Validate() error
type UpstreamClientConformance ¶
type UpstreamClientConformance string
const ( UpstreamClientConformanceShapeOnly UpstreamClientConformance = "shape-only" UpstreamClientConformanceRealClient UpstreamClientConformance = "real-client" )
type VerificationStatus ¶
type VerificationStatus string
const ( VerificationUnknown VerificationStatus = "" VerificationPending VerificationStatus = "pending" VerificationAccepted VerificationStatus = "accepted" VerificationRejected VerificationStatus = "rejected" VerificationConflicted VerificationStatus = "conflicted" )
type VerifierResult ¶
type VerifierResult struct {
Provider string `json:"provider"`
Status VerificationStatus `json:"status"`
Message string `json:"message,omitempty"`
Attestation AttestationDecision `json:"attestation,omitzero"`
KeyRelease KeyReleaseDecision `json:"key_release,omitzero"`
}
type WASMRuntimeContract ¶
type WASMRuntimeContract struct {
ABI string `json:"abi"`
ComponentRef string `json:"component_ref"`
ComponentDigest string `json:"component_digest"`
Features []string `json:"features,omitempty"`
MaxMemoryBytes int64 `json:"max_memory_bytes,omitempty"`
MaxRuntimeSeconds int `json:"max_runtime_seconds,omitempty"`
Filesystem RuntimePermission `json:"filesystem"`
Network RuntimePermission `json:"network"`
NativeHostUpdates RuntimePermission `json:"native_host_updates,omitempty"`
BrowserWorker bool `json:"browser_worker,omitempty"`
}
func (WASMRuntimeContract) Validate ¶
func (w WASMRuntimeContract) Validate(profile RuntimeProfile) error
type WorkloadKind ¶
type WorkloadKind string
const ( WorkloadCommand WorkloadKind = "command" WorkloadContainerBuild WorkloadKind = "container-build" WorkloadDockerComposeBuild WorkloadKind = "docker-compose-build" WorkloadBenchmark WorkloadKind = "benchmark" WorkloadTraining WorkloadKind = "training" WorkloadService WorkloadKind = "service" WorkloadNodeService WorkloadKind = "node-service" WorkloadContentCache WorkloadKind = "content-cache" WorkloadSupervisor WorkloadKind = "supervisor" WorkloadProductCapture WorkloadKind = "product-capture" WorkloadProvider WorkloadKind = "provider" WorkloadWASMComponent WorkloadKind = "wasm-component" )
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.