payloads

package module
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 21, 2026 License: MIT Imports: 4 Imported by: 0

Documentation

Overview

Package payloads provides primitives to interact with the openapi HTTP API.

Code generated by github.com/oapi-codegen/oapi-codegen/v2 version v2.7.0 DO NOT EDIT.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ApprovalAttestationV1 

type ApprovalAttestationV1 struct {
	// Bytes RFC 4648 standard base64 with `=` padding for the `approval-attestation/v1` bytes embedded into the Longfellow proof witness.
	Bytes []byte `json:"bytes"`

	// Signature RFC 4648 standard base64 with `=` padding for the raw 64-byte P-256 `r || s` signature over `SHA256(bytes)`.
	Signature []byte `json:"signature"`

	// Version Canonical approval attestation format version.
	Version ApprovalAttestationV1Version `json:"version"`
}

ApprovalAttestationV1 Service-issued approval attestation embedded into the Longfellow proof witness.

type ApprovalAttestationV1Version 

type ApprovalAttestationV1Version string

ApprovalAttestationV1Version Canonical approval attestation format version. 

const (
	ApprovalAttestationv1 ApprovalAttestationV1Version = "approval-attestation/v1"
)

Defines values for ApprovalAttestationV1Version.

func (ApprovalAttestationV1Version) Valid 

func (e ApprovalAttestationV1Version) Valid() bool

Valid indicates whether the value is a known member of the ApprovalAttestationV1Version enum.

type ApprovalAttestedKeyProof 

type ApprovalAttestedKeyProof struct {
	// Attestation Service-issued approval attestation embedded into the Longfellow proof witness.
	Attestation ApprovalAttestationV1 `json:"attestation"`

	// Challenge Canonical Longfellow / attested-key-zk approval challenge. Producer sends this inside the request payload; the approver binds it into the approval proof returned in the response payload.
	Challenge ApprovalChallenge `json:"challenge"`

	// Proof RFC 4648 standard base64 with `=` padding for the Longfellow approval proof bytes.
	Proof []byte `json:"proof"`

	// Statement Public Longfellow statement bound into the zero-knowledge proof.
	Statement ApprovalProofStatement `json:"statement"`

	// Version Canonical approval proof format version.
	Version ApprovalAttestedKeyProofVersion `json:"version"`
}

ApprovalAttestedKeyProof Canonical Longfellow approval proof carried inside encrypted approval responses.

type ApprovalAttestedKeyProofVersion 

type ApprovalAttestedKeyProofVersion string

ApprovalAttestedKeyProofVersion Canonical approval proof format version. 

const (
	ApprovalAttestedKeyProofv1 ApprovalAttestedKeyProofVersion = "approval-attested-key-proof/v1"
)

Defines values for ApprovalAttestedKeyProofVersion.

func (ApprovalAttestedKeyProofVersion) Valid 

func (e ApprovalAttestedKeyProofVersion) Valid() bool

Valid indicates whether the value is a known member of the ApprovalAttestedKeyProofVersion enum.

type ApprovalChallenge 

type ApprovalChallenge struct {
	// Nonce Opaque nonce bound into the approval challenge and proof statement.
	Nonce string `json:"nonce"`

	// PlaintextHash SHA-256 digest of the approved plaintext, formatted as `sha256:<hex>`.
	PlaintextHash string `json:"plaintext_hash"`

	// RequestId Relay request id that scopes the approval proof.
	RequestId string `json:"request_id"`

	// Version Canonical approval challenge format version.
	Version ApprovalChallengeVersion `json:"version"`
}

ApprovalChallenge Canonical Longfellow / attested-key-zk approval challenge. Producer sends this inside the request payload; the approver binds it into the approval proof returned in the response payload.

type ApprovalChallengeVersion 

type ApprovalChallengeVersion string

ApprovalChallengeVersion Canonical approval challenge format version. 

const (
	ApprovalChallengev1 ApprovalChallengeVersion = "approval-challenge/v1"
)

Defines values for ApprovalChallengeVersion.

func (ApprovalChallengeVersion) Valid 

func (e ApprovalChallengeVersion) Valid() bool

Valid indicates whether the value is a known member of the ApprovalChallengeVersion enum.

type ApprovalProofStatement 

type ApprovalProofStatement struct {
	// AppIdHashHex Lowercase hex-encoded SHA-256 hash of the mobile app identifier.
	AppIdHashHex string `json:"app_id_hash_hex"`

	// ApprovalHashHex Lowercase hex-encoded SHA-256 hash of the canonical approval challenge JSON.
	ApprovalHashHex string `json:"approval_hash_hex"`

	// AudienceHashHex Lowercase hex-encoded SHA-256 hash of the verifier audience string.
	AudienceHashHex string `json:"audience_hash_hex"`

	// ChallengeNonceHex Lowercase hex-encoded SHA-256 hash of `ApprovalChallenge.nonce`.
	ChallengeNonceHex string `json:"challenge_nonce_hex"`

	// IssuerPublicKeyHex Lowercase hex-encoded compressed P-256 issuer public key (66 hex chars, 33 bytes: `0x02`/`0x03` || X).
	IssuerPublicKeyHex string `json:"issuer_public_key_hex"`

	// Now Unix timestamp in seconds embedded into the approval proof statement.
	Now int64 `json:"now"`

	// PolicyVersion Policy version embedded into the approval proof statement.
	PolicyVersion int32 `json:"policy_version"`
}

ApprovalProofStatement Public Longfellow statement bound into the zero-knowledge proof.

type ApprovalUiBadgeBlock added in v0.5.0 

type ApprovalUiBadgeBlock struct {
	// Icon Optional lookup name into the approver's curated icon set. MUST NOT be a URL or file path; renderers ignore unknown names.
	Icon *string `json:"icon,omitempty"`

	// Provenance Trust origin of a block's content. Renderers MAY group or badge blocks by provenance so the approver can tell requester-asserted content from device-derived content. `requester` is content the relying party / CLI asserted, `relay` is content the relay added, `device` is content the approving device derived locally, and `backend` is content a first-party NaughtBot backend asserted.
	Provenance ApprovalUiProvenance `json:"provenance"`

	// Text Badge label.
	Text string `json:"text"`

	// Tone Visual tone of the badge. The renderer maps this to a fixed colour treatment.
	Tone *ApprovalUiBadgeBlockTone `json:"tone,omitempty"`

	// Type Block discriminator (`badge`).
	Type ApprovalUiBadgeBlockType `json:"type"`
}

ApprovalUiBadgeBlock A small inline pill / tag used to label a status or category.

type ApprovalUiBadgeBlockTone added in v0.5.0 

type ApprovalUiBadgeBlockTone string

ApprovalUiBadgeBlockTone Visual tone of the badge. The renderer maps this to a fixed colour treatment. 

const (
	ApprovalUiBadgeBlockToneDanger  ApprovalUiBadgeBlockTone = "danger"
	ApprovalUiBadgeBlockToneInfo    ApprovalUiBadgeBlockTone = "info"
	ApprovalUiBadgeBlockToneNeutral ApprovalUiBadgeBlockTone = "neutral"
	ApprovalUiBadgeBlockToneSuccess ApprovalUiBadgeBlockTone = "success"
	ApprovalUiBadgeBlockToneWarning ApprovalUiBadgeBlockTone = "warning"
)

Defines values for ApprovalUiBadgeBlockTone.

func (ApprovalUiBadgeBlockTone) Valid added in v0.5.0 

func (e ApprovalUiBadgeBlockTone) Valid() bool

Valid indicates whether the value is a known member of the ApprovalUiBadgeBlockTone enum.

type ApprovalUiBadgeBlockType added in v0.5.0 

type ApprovalUiBadgeBlockType string

ApprovalUiBadgeBlockType Block discriminator (`badge`). 

const (
	Badge ApprovalUiBadgeBlockType = "badge"
)

Defines values for ApprovalUiBadgeBlockType.

func (ApprovalUiBadgeBlockType) Valid added in v0.5.0 

func (e ApprovalUiBadgeBlockType) Valid() bool

Valid indicates whether the value is a known member of the ApprovalUiBadgeBlockType enum.

type ApprovalUiBlock added in v0.5.0 

type ApprovalUiBlock struct {
	// contains filtered or unexported fields
}

ApprovalUiBlock One content block in an `ApprovalUiV1.blocks` list. Discriminated on `type`. Renderers MUST skip blocks whose `type` is not recognised rather than rejecting the whole payload.

func (ApprovalUiBlock) AsApprovalUiBadgeBlock added in v0.5.0 

func (t ApprovalUiBlock) AsApprovalUiBadgeBlock() (ApprovalUiBadgeBlock, error)

AsApprovalUiBadgeBlock returns the union data inside the ApprovalUiBlock as a ApprovalUiBadgeBlock

func (ApprovalUiBlock) AsApprovalUiCalloutBlock added in v0.5.0 

func (t ApprovalUiBlock) AsApprovalUiCalloutBlock() (ApprovalUiCalloutBlock, error)

AsApprovalUiCalloutBlock returns the union data inside the ApprovalUiBlock as a ApprovalUiCalloutBlock

func (ApprovalUiBlock) AsApprovalUiDividerBlock added in v0.5.0 

func (t ApprovalUiBlock) AsApprovalUiDividerBlock() (ApprovalUiDividerBlock, error)

AsApprovalUiDividerBlock returns the union data inside the ApprovalUiBlock as a ApprovalUiDividerBlock

func (ApprovalUiBlock) AsApprovalUiHeadingBlock added in v0.5.0 

func (t ApprovalUiBlock) AsApprovalUiHeadingBlock() (ApprovalUiHeadingBlock, error)

AsApprovalUiHeadingBlock returns the union data inside the ApprovalUiBlock as a ApprovalUiHeadingBlock

func (ApprovalUiBlock) AsApprovalUiImageBlock added in v0.5.0 

func (t ApprovalUiBlock) AsApprovalUiImageBlock() (ApprovalUiImageBlock, error)

AsApprovalUiImageBlock returns the union data inside the ApprovalUiBlock as a ApprovalUiImageBlock

func (ApprovalUiBlock) AsApprovalUiKeyValuesBlock added in v0.5.0 

func (t ApprovalUiBlock) AsApprovalUiKeyValuesBlock() (ApprovalUiKeyValuesBlock, error)

AsApprovalUiKeyValuesBlock returns the union data inside the ApprovalUiBlock as a ApprovalUiKeyValuesBlock

func (ApprovalUiBlock) AsApprovalUiSignedDataBlock added in v0.5.0 

func (t ApprovalUiBlock) AsApprovalUiSignedDataBlock() (ApprovalUiSignedDataBlock, error)

AsApprovalUiSignedDataBlock returns the union data inside the ApprovalUiBlock as a ApprovalUiSignedDataBlock

func (ApprovalUiBlock) AsApprovalUiTextBlock added in v0.5.0 

func (t ApprovalUiBlock) AsApprovalUiTextBlock() (ApprovalUiTextBlock, error)

AsApprovalUiTextBlock returns the union data inside the ApprovalUiBlock as a ApprovalUiTextBlock

func (ApprovalUiBlock) Discriminator added in v0.5.0 

func (t ApprovalUiBlock) Discriminator() (string, error)

func (*ApprovalUiBlock) FromApprovalUiBadgeBlock added in v0.5.0 

func (t *ApprovalUiBlock) FromApprovalUiBadgeBlock(v ApprovalUiBadgeBlock) error

FromApprovalUiBadgeBlock overwrites any union data inside the ApprovalUiBlock as the provided ApprovalUiBadgeBlock

func (*ApprovalUiBlock) FromApprovalUiCalloutBlock added in v0.5.0 

func (t *ApprovalUiBlock) FromApprovalUiCalloutBlock(v ApprovalUiCalloutBlock) error

FromApprovalUiCalloutBlock overwrites any union data inside the ApprovalUiBlock as the provided ApprovalUiCalloutBlock

func (*ApprovalUiBlock) FromApprovalUiDividerBlock added in v0.5.0 

func (t *ApprovalUiBlock) FromApprovalUiDividerBlock(v ApprovalUiDividerBlock) error

FromApprovalUiDividerBlock overwrites any union data inside the ApprovalUiBlock as the provided ApprovalUiDividerBlock

func (*ApprovalUiBlock) FromApprovalUiHeadingBlock added in v0.5.0 

func (t *ApprovalUiBlock) FromApprovalUiHeadingBlock(v ApprovalUiHeadingBlock) error

FromApprovalUiHeadingBlock overwrites any union data inside the ApprovalUiBlock as the provided ApprovalUiHeadingBlock

func (*ApprovalUiBlock) FromApprovalUiImageBlock added in v0.5.0 

func (t *ApprovalUiBlock) FromApprovalUiImageBlock(v ApprovalUiImageBlock) error

FromApprovalUiImageBlock overwrites any union data inside the ApprovalUiBlock as the provided ApprovalUiImageBlock

func (*ApprovalUiBlock) FromApprovalUiKeyValuesBlock added in v0.5.0 

func (t *ApprovalUiBlock) FromApprovalUiKeyValuesBlock(v ApprovalUiKeyValuesBlock) error

FromApprovalUiKeyValuesBlock overwrites any union data inside the ApprovalUiBlock as the provided ApprovalUiKeyValuesBlock

func (*ApprovalUiBlock) FromApprovalUiSignedDataBlock added in v0.5.0 

func (t *ApprovalUiBlock) FromApprovalUiSignedDataBlock(v ApprovalUiSignedDataBlock) error

FromApprovalUiSignedDataBlock overwrites any union data inside the ApprovalUiBlock as the provided ApprovalUiSignedDataBlock

func (*ApprovalUiBlock) FromApprovalUiTextBlock added in v0.5.0 

func (t *ApprovalUiBlock) FromApprovalUiTextBlock(v ApprovalUiTextBlock) error

FromApprovalUiTextBlock overwrites any union data inside the ApprovalUiBlock as the provided ApprovalUiTextBlock

func (ApprovalUiBlock) MarshalJSON added in v0.5.0 

func (t ApprovalUiBlock) MarshalJSON() ([]byte, error)

func (*ApprovalUiBlock) MergeApprovalUiBadgeBlock added in v0.5.0 

func (t *ApprovalUiBlock) MergeApprovalUiBadgeBlock(v ApprovalUiBadgeBlock) error

MergeApprovalUiBadgeBlock performs a merge with any union data inside the ApprovalUiBlock, using the provided ApprovalUiBadgeBlock

func (*ApprovalUiBlock) MergeApprovalUiCalloutBlock added in v0.5.0 

func (t *ApprovalUiBlock) MergeApprovalUiCalloutBlock(v ApprovalUiCalloutBlock) error

MergeApprovalUiCalloutBlock performs a merge with any union data inside the ApprovalUiBlock, using the provided ApprovalUiCalloutBlock

func (*ApprovalUiBlock) MergeApprovalUiDividerBlock added in v0.5.0 

func (t *ApprovalUiBlock) MergeApprovalUiDividerBlock(v ApprovalUiDividerBlock) error

MergeApprovalUiDividerBlock performs a merge with any union data inside the ApprovalUiBlock, using the provided ApprovalUiDividerBlock

func (*ApprovalUiBlock) MergeApprovalUiHeadingBlock added in v0.5.0 

func (t *ApprovalUiBlock) MergeApprovalUiHeadingBlock(v ApprovalUiHeadingBlock) error

MergeApprovalUiHeadingBlock performs a merge with any union data inside the ApprovalUiBlock, using the provided ApprovalUiHeadingBlock

func (*ApprovalUiBlock) MergeApprovalUiImageBlock added in v0.5.0 

func (t *ApprovalUiBlock) MergeApprovalUiImageBlock(v ApprovalUiImageBlock) error

MergeApprovalUiImageBlock performs a merge with any union data inside the ApprovalUiBlock, using the provided ApprovalUiImageBlock

func (*ApprovalUiBlock) MergeApprovalUiKeyValuesBlock added in v0.5.0 

func (t *ApprovalUiBlock) MergeApprovalUiKeyValuesBlock(v ApprovalUiKeyValuesBlock) error

MergeApprovalUiKeyValuesBlock performs a merge with any union data inside the ApprovalUiBlock, using the provided ApprovalUiKeyValuesBlock

func (*ApprovalUiBlock) MergeApprovalUiSignedDataBlock added in v0.5.0 

func (t *ApprovalUiBlock) MergeApprovalUiSignedDataBlock(v ApprovalUiSignedDataBlock) error

MergeApprovalUiSignedDataBlock performs a merge with any union data inside the ApprovalUiBlock, using the provided ApprovalUiSignedDataBlock

func (*ApprovalUiBlock) MergeApprovalUiTextBlock added in v0.5.0 

func (t *ApprovalUiBlock) MergeApprovalUiTextBlock(v ApprovalUiTextBlock) error

MergeApprovalUiTextBlock performs a merge with any union data inside the ApprovalUiBlock, using the provided ApprovalUiTextBlock

func (*ApprovalUiBlock) UnmarshalJSON added in v0.5.0 

func (t *ApprovalUiBlock) UnmarshalJSON(b []byte) error

func (ApprovalUiBlock) ValueByDiscriminator added in v0.5.0 

func (t ApprovalUiBlock) ValueByDiscriminator() (interface{}, error)

type ApprovalUiCalloutBlock added in v0.5.0 

type ApprovalUiCalloutBlock struct {
	// Provenance Trust origin of a block's content. Renderers MAY group or badge blocks by provenance so the approver can tell requester-asserted content from device-derived content. `requester` is content the relying party / CLI asserted, `relay` is content the relay added, `device` is content the approving device derived locally, and `backend` is content a first-party NaughtBot backend asserted.
	Provenance ApprovalUiProvenance `json:"provenance"`

	// Severity Visual severity of the callout. The renderer maps this to a fixed colour treatment; it carries no executable meaning.
	Severity ApprovalUiCalloutBlockSeverity `json:"severity"`

	// Text Callout body text. Rendered as plain text.
	Text string `json:"text"`

	// Title Optional callout title.
	Title *string `json:"title,omitempty"`

	// Type Block discriminator (`callout`).
	Type ApprovalUiCalloutBlockType `json:"type"`
}

ApprovalUiCalloutBlock A highlighted callout box used to draw attention to a single message, e.g. a warning about the request.

type ApprovalUiCalloutBlockSeverity added in v0.5.0 

type ApprovalUiCalloutBlockSeverity string

ApprovalUiCalloutBlockSeverity Visual severity of the callout. The renderer maps this to a fixed colour treatment; it carries no executable meaning. 

const (
	ApprovalUiCalloutBlockSeverityDanger  ApprovalUiCalloutBlockSeverity = "danger"
	ApprovalUiCalloutBlockSeverityInfo    ApprovalUiCalloutBlockSeverity = "info"
	ApprovalUiCalloutBlockSeveritySuccess ApprovalUiCalloutBlockSeverity = "success"
	ApprovalUiCalloutBlockSeverityWarning ApprovalUiCalloutBlockSeverity = "warning"
)

Defines values for ApprovalUiCalloutBlockSeverity.

func (ApprovalUiCalloutBlockSeverity) Valid added in v0.5.0 

func (e ApprovalUiCalloutBlockSeverity) Valid() bool

Valid indicates whether the value is a known member of the ApprovalUiCalloutBlockSeverity enum.

type ApprovalUiCalloutBlockType added in v0.5.0 

type ApprovalUiCalloutBlockType string

ApprovalUiCalloutBlockType Block discriminator (`callout`). 

const (
	Callout ApprovalUiCalloutBlockType = "callout"
)

Defines values for ApprovalUiCalloutBlockType.

func (ApprovalUiCalloutBlockType) Valid added in v0.5.0 

func (e ApprovalUiCalloutBlockType) Valid() bool

Valid indicates whether the value is a known member of the ApprovalUiCalloutBlockType enum.

type ApprovalUiDividerBlock added in v0.5.0 

type ApprovalUiDividerBlock struct {
	// Provenance Trust origin of a block's content. Renderers MAY group or badge blocks by provenance so the approver can tell requester-asserted content from device-derived content. `requester` is content the relying party / CLI asserted, `relay` is content the relay added, `device` is content the approving device derived locally, and `backend` is content a first-party NaughtBot backend asserted.
	Provenance ApprovalUiProvenance `json:"provenance"`

	// Type Block discriminator (`divider`).
	Type ApprovalUiDividerBlockType `json:"type"`
}

ApprovalUiDividerBlock A horizontal rule used to visually separate groups of blocks.

type ApprovalUiDividerBlockType added in v0.5.0 

type ApprovalUiDividerBlockType string

ApprovalUiDividerBlockType Block discriminator (`divider`). 

const (
	Divider ApprovalUiDividerBlockType = "divider"
)

Defines values for ApprovalUiDividerBlockType.

func (ApprovalUiDividerBlockType) Valid added in v0.5.0 

func (e ApprovalUiDividerBlockType) Valid() bool

Valid indicates whether the value is a known member of the ApprovalUiDividerBlockType enum.

type ApprovalUiHeadingBlock added in v0.5.0 

type ApprovalUiHeadingBlock struct {
	// Icon Optional lookup name into the approver's curated icon set. MUST NOT be a URL or file path; renderers ignore unknown names.
	Icon *string `json:"icon,omitempty"`

	// Level Visual weight of the heading (`1` strongest). Not a document outline level; renderers map it to a font size only.
	Level *ApprovalUiHeadingBlockLevel `json:"level,omitempty"`

	// Provenance Trust origin of a block's content. Renderers MAY group or badge blocks by provenance so the approver can tell requester-asserted content from device-derived content. `requester` is content the relying party / CLI asserted, `relay` is content the relay added, `device` is content the approving device derived locally, and `backend` is content a first-party NaughtBot backend asserted.
	Provenance ApprovalUiProvenance `json:"provenance"`

	// Text Heading text.
	Text string `json:"text"`

	// Type Block discriminator (`heading`).
	Type ApprovalUiHeadingBlockType `json:"type"`
}

ApprovalUiHeadingBlock A short heading rendered as a section title. `level` is visual weight only and carries no document-outline semantics.

type ApprovalUiHeadingBlockLevel added in v0.5.0 

type ApprovalUiHeadingBlockLevel int

ApprovalUiHeadingBlockLevel Visual weight of the heading (`1` strongest). Not a document outline level; renderers map it to a font size only. 

const (
	ApprovalUiHeadingBlockLevelN1 ApprovalUiHeadingBlockLevel = 1
	ApprovalUiHeadingBlockLevelN2 ApprovalUiHeadingBlockLevel = 2
)

Defines values for ApprovalUiHeadingBlockLevel.

func (ApprovalUiHeadingBlockLevel) Valid added in v0.5.0 

func (e ApprovalUiHeadingBlockLevel) Valid() bool

Valid indicates whether the value is a known member of the ApprovalUiHeadingBlockLevel enum.

type ApprovalUiHeadingBlockType added in v0.5.0 

type ApprovalUiHeadingBlockType string

ApprovalUiHeadingBlockType Block discriminator (`heading`). 

const (
	Heading ApprovalUiHeadingBlockType = "heading"
)

Defines values for ApprovalUiHeadingBlockType.

func (ApprovalUiHeadingBlockType) Valid added in v0.5.0 

func (e ApprovalUiHeadingBlockType) Valid() bool

Valid indicates whether the value is a known member of the ApprovalUiHeadingBlockType enum.

type ApprovalUiImageBlock added in v0.5.0 

type ApprovalUiImageBlock struct {
	// AltText Optional accessibility description of the image.
	AltText *string `json:"alt_text,omitempty"`

	// Data RFC 4648 standard base64 with `=` padding for the raw image bytes. Embedded inline only; never a URL or file path.
	Data []byte `json:"data"`

	// Format Pixel format of the embedded image bytes.
	Format ApprovalUiImageBlockFormat `json:"format"`

	// MaxHeightPoints Maximum rendered height in layout points. The renderer scales the image down to fit and never scales it up past its native size.
	MaxHeightPoints *int `json:"max_height_points,omitempty"`

	// Provenance Trust origin of a block's content. Renderers MAY group or badge blocks by provenance so the approver can tell requester-asserted content from device-derived content. `requester` is content the relying party / CLI asserted, `relay` is content the relay added, `device` is content the approving device derived locally, and `backend` is content a first-party NaughtBot backend asserted.
	Provenance ApprovalUiProvenance `json:"provenance"`

	// Type Block discriminator (`image`).
	Type ApprovalUiImageBlockType `json:"type"`
}

ApprovalUiImageBlock An embedded raster image rendered inline. The image bytes are carried in `data`; the schema never references an external URL or file path so the approver never makes a network request to render the screen. Deferred: the schema is published now, but the mobile renderer adds image support in a later phase. Renderers that do not yet support images MUST skip this block per the `ApprovalUiBlock` skip-unknown rule.

type ApprovalUiImageBlockFormat added in v0.5.0 

type ApprovalUiImageBlockFormat string

ApprovalUiImageBlockFormat Pixel format of the embedded image bytes. 

const (
	Png ApprovalUiImageBlockFormat = "png"
)

Defines values for ApprovalUiImageBlockFormat.

func (ApprovalUiImageBlockFormat) Valid added in v0.5.0 

func (e ApprovalUiImageBlockFormat) Valid() bool

Valid indicates whether the value is a known member of the ApprovalUiImageBlockFormat enum.

type ApprovalUiImageBlockType added in v0.5.0 

type ApprovalUiImageBlockType string

ApprovalUiImageBlockType Block discriminator (`image`). 

const (
	Image ApprovalUiImageBlockType = "image"
)

Defines values for ApprovalUiImageBlockType.

func (ApprovalUiImageBlockType) Valid added in v0.5.0 

func (e ApprovalUiImageBlockType) Valid() bool

Valid indicates whether the value is a known member of the ApprovalUiImageBlockType enum.

type ApprovalUiKeyValueRow added in v0.5.0 

type ApprovalUiKeyValueRow struct {
	// Expandable Value may be collapsed by default and expanded on demand.
	Expandable *bool `json:"expandable,omitempty"`

	// Icon Optional lookup name into the approver's curated icon set. MUST NOT be a URL or file path; renderers ignore unknown names.
	Icon *string `json:"icon,omitempty"`

	// Label Short row label.
	Label string `json:"label"`

	// Monospace Render the value in a monospace font.
	Monospace *bool `json:"monospace,omitempty"`

	// Multiline Render the value across multiple lines.
	Multiline *bool `json:"multiline,omitempty"`

	// Sensitive Value is sensitive; the renderer MAY mask it until revealed.
	Sensitive *bool `json:"sensitive,omitempty"`

	// Value Row value. Rendered as plain text; no markup is interpreted.
	Value string `json:"value"`
}

ApprovalUiKeyValueRow A single label/value row inside an `ApprovalUiKeyValuesBlock`.

type ApprovalUiKeyValuesBlock added in v0.5.0 

type ApprovalUiKeyValuesBlock struct {
	// Provenance Trust origin of a block's content. Renderers MAY group or badge blocks by provenance so the approver can tell requester-asserted content from device-derived content. `requester` is content the relying party / CLI asserted, `relay` is content the relay added, `device` is content the approving device derived locally, and `backend` is content a first-party NaughtBot backend asserted.
	Provenance ApprovalUiProvenance `json:"provenance"`

	// Rows Ordered label/value rows.
	Rows []ApprovalUiKeyValueRow `json:"rows"`

	// Title Optional title rendered above the rows.
	Title *string `json:"title,omitempty"`

	// Type Block discriminator (`key_values`).
	Type ApprovalUiKeyValuesBlockType `json:"type"`
}

ApprovalUiKeyValuesBlock A labelled table of label/value rows, e.g. request metadata the approver should review before approving.

type ApprovalUiKeyValuesBlockType added in v0.5.0 

type ApprovalUiKeyValuesBlockType string

ApprovalUiKeyValuesBlockType Block discriminator (`key_values`). 

const (
	KeyValues ApprovalUiKeyValuesBlockType = "key_values"
)

Defines values for ApprovalUiKeyValuesBlockType.

func (ApprovalUiKeyValuesBlockType) Valid added in v0.5.0 

func (e ApprovalUiKeyValuesBlockType) Valid() bool

Valid indicates whether the value is a known member of the ApprovalUiKeyValuesBlockType enum.

type ApprovalUiProvenance added in v0.5.0 

type ApprovalUiProvenance string

ApprovalUiProvenance Trust origin of a block's content. Renderers MAY group or badge blocks by provenance so the approver can tell requester-asserted content from device-derived content. `requester` is content the relying party / CLI asserted, `relay` is content the relay added, `device` is content the approving device derived locally, and `backend` is content a first-party NaughtBot backend asserted. 

const (
	ApprovalUiProvenanceBackend   ApprovalUiProvenance = "backend"
	ApprovalUiProvenanceDevice    ApprovalUiProvenance = "device"
	ApprovalUiProvenanceRelay     ApprovalUiProvenance = "relay"
	ApprovalUiProvenanceRequester ApprovalUiProvenance = "requester"
)

Defines values for ApprovalUiProvenance.

func (ApprovalUiProvenance) Valid added in v0.5.0 

func (e ApprovalUiProvenance) Valid() bool

Valid indicates whether the value is a known member of the ApprovalUiProvenance enum.

type ApprovalUiSignedDataBlock added in v0.5.0 

type ApprovalUiSignedDataBlock struct {
	// AvailableEncodings Encodings the renderer MAY offer the approver to switch between. When present it SHOULD include `encoding`.
	AvailableEncodings *[]ApprovalUiSignedDataEncoding `json:"available_encodings,omitempty"`

	// Caption Optional caption rendered below the signed-data presentation.
	Caption *string `json:"caption,omitempty"`

	// Encoding How the signed bytes are rendered for review. `hex` and `base64` render the raw bytes, `utf8` decodes them as text, and `sha256` renders the lowercase hex SHA-256 digest of the bytes.
	Encoding ApprovalUiSignedDataEncoding `json:"encoding"`

	// Label Label rendered above the signed-data presentation.
	Label *string `json:"label,omitempty"`

	// Provenance Always `device`: the displayed bytes are derived locally from the request preimage, never asserted by the requester. Constrained to the single `device` value in-schema (rather than the shared `ApprovalUiProvenance` enum) so a requester cannot mislabel the trust origin of signed bytes.
	Provenance ApprovalUiSignedDataBlockProvenance `json:"provenance"`

	// Type Block discriminator (`signed_data`).
	Type ApprovalUiSignedDataBlockType `json:"type"`
}

ApprovalUiSignedDataBlock A read-only presentation of the exact bytes the approver is about to sign. This block carries NO content field of its own: the renderer derives the displayed bytes from the request payload's own preimage field (e.g. `signed_payload` / `raw_data`) and renders them in the selected `encoding`. This keeps the signed bytes single-sourced — a requester cannot show the approver one thing here and sign another. Because the content is device-derived, `provenance` MUST be `device`.

type ApprovalUiSignedDataBlockProvenance added in v0.5.0 

type ApprovalUiSignedDataBlockProvenance string

ApprovalUiSignedDataBlockProvenance Always `device`: the displayed bytes are derived locally from the request preimage, never asserted by the requester. Constrained to the single `device` value in-schema (rather than the shared `ApprovalUiProvenance` enum) so a requester cannot mislabel the trust origin of signed bytes. 

const (
	ApprovalUiSignedDataBlockProvenanceDevice ApprovalUiSignedDataBlockProvenance = "device"
)

Defines values for ApprovalUiSignedDataBlockProvenance.

func (ApprovalUiSignedDataBlockProvenance) Valid added in v0.5.0 

func (e ApprovalUiSignedDataBlockProvenance) Valid() bool

Valid indicates whether the value is a known member of the ApprovalUiSignedDataBlockProvenance enum.

type ApprovalUiSignedDataBlockType added in v0.5.0 

type ApprovalUiSignedDataBlockType string

ApprovalUiSignedDataBlockType Block discriminator (`signed_data`). 

const (
	SignedData ApprovalUiSignedDataBlockType = "signed_data"
)

Defines values for ApprovalUiSignedDataBlockType.

func (ApprovalUiSignedDataBlockType) Valid added in v0.5.0 

func (e ApprovalUiSignedDataBlockType) Valid() bool

Valid indicates whether the value is a known member of the ApprovalUiSignedDataBlockType enum.

type ApprovalUiSignedDataEncoding added in v0.5.0 

type ApprovalUiSignedDataEncoding string

ApprovalUiSignedDataEncoding How the signed bytes are rendered for review. `hex` and `base64` render the raw bytes, `utf8` decodes them as text, and `sha256` renders the lowercase hex SHA-256 digest of the bytes. 

const (
	Base64 ApprovalUiSignedDataEncoding = "base64"
	Hex    ApprovalUiSignedDataEncoding = "hex"
	Sha256 ApprovalUiSignedDataEncoding = "sha256"
	Utf8   ApprovalUiSignedDataEncoding = "utf8"
)

Defines values for ApprovalUiSignedDataEncoding.

func (ApprovalUiSignedDataEncoding) Valid added in v0.5.0 

func (e ApprovalUiSignedDataEncoding) Valid() bool

Valid indicates whether the value is a known member of the ApprovalUiSignedDataEncoding enum.

type ApprovalUiTextBlock added in v0.5.0 

type ApprovalUiTextBlock struct {
	// Expandable Body text may be collapsed by default and expanded on demand.
	Expandable *bool `json:"expandable,omitempty"`

	// Monospace Render the body text in a monospace font.
	Monospace *bool `json:"monospace,omitempty"`

	// Provenance Trust origin of a block's content. Renderers MAY group or badge blocks by provenance so the approver can tell requester-asserted content from device-derived content. `requester` is content the relying party / CLI asserted, `relay` is content the relay added, `device` is content the approving device derived locally, and `backend` is content a first-party NaughtBot backend asserted.
	Provenance ApprovalUiProvenance `json:"provenance"`

	// Style Visual emphasis. `secondary` renders as de-emphasised supporting text.
	Style *ApprovalUiTextBlockStyle `json:"style,omitempty"`

	// Syntax Optional code-grammar hint (e.g. `bash`, `go`, `javascript`) for future syntax highlighting. Renderers store and ignore it for now. Named `syntax` rather than `language` to avoid the programming-vs-human-language ambiguity. Not a URL or file path.
	Syntax *string `json:"syntax,omitempty"`

	// Text Body text. Rendered as plain text; no markup is interpreted.
	Text string `json:"text"`

	// Type Block discriminator (`text`).
	Type ApprovalUiTextBlockType `json:"type"`
}

ApprovalUiTextBlock A paragraph of plain, non-interactive body text.

type ApprovalUiTextBlockStyle added in v0.5.0 

type ApprovalUiTextBlockStyle string

ApprovalUiTextBlockStyle Visual emphasis. `secondary` renders as de-emphasised supporting text. 

const (
	Normal    ApprovalUiTextBlockStyle = "normal"
	Secondary ApprovalUiTextBlockStyle = "secondary"
)

Defines values for ApprovalUiTextBlockStyle.

func (ApprovalUiTextBlockStyle) Valid added in v0.5.0 

func (e ApprovalUiTextBlockStyle) Valid() bool

Valid indicates whether the value is a known member of the ApprovalUiTextBlockStyle enum.

type ApprovalUiTextBlockType added in v0.5.0 

type ApprovalUiTextBlockType string

ApprovalUiTextBlockType Block discriminator (`text`). 

const (
	Text ApprovalUiTextBlockType = "text"
)

Defines values for ApprovalUiTextBlockType.

func (ApprovalUiTextBlockType) Valid added in v0.5.0 

func (e ApprovalUiTextBlockType) Valid() bool

Valid indicates whether the value is a known member of the ApprovalUiTextBlockType enum.

type ApprovalUiV1 added in v0.5.0 

type ApprovalUiV1 struct {
	// Blocks Ordered list of content blocks. An empty list is valid and renders as no requester-supplied content.
	Blocks []ApprovalUiBlock `json:"blocks"`

	// Schema Canonical declarative approval-UI format version. Renderers reject unknown values.
	Schema ApprovalUiV1Schema `json:"schema"`
}

ApprovalUiV1 Declarative approval-UI container. `blocks` is a flat, ordered list rendered top to bottom. The approver renders this content above its own mandatory security chrome and signing controls; nothing here can suppress, reorder, or replace that chrome. Renderers MUST skip (not reject) any block whose `type` is not recognised so that newer producers stay forward-compatible with older approvers. Producers populate this on a best-effort basis; approvers MUST still render a safe default screen when it is absent or empty.

type ApprovalUiV1Schema added in v0.5.0 

type ApprovalUiV1Schema string

ApprovalUiV1Schema Canonical declarative approval-UI format version. Renderers reject unknown values. 

const (
	ApprovalUiv1 ApprovalUiV1Schema = "approval-ui/v1"
)

Defines values for ApprovalUiV1Schema.

func (ApprovalUiV1Schema) Valid added in v0.5.0 

func (e ApprovalUiV1Schema) Valid() bool

Valid indicates whether the value is a known member of the ApprovalUiV1Schema enum.

type AttestationSecurityType 

type AttestationSecurityType string

AttestationSecurityType Combined platform and security level for attestation. 

const (
	AndroidStrongbox AttestationSecurityType = "android_strongbox"
	AndroidTee       AttestationSecurityType = "android_tee"
	IosSecureEnclave AttestationSecurityType = "ios_secure_enclave"
	PlayIntegrity    AttestationSecurityType = "play_integrity"
	Software         AttestationSecurityType = "software"
)

Defines values for AttestationSecurityType.

func (AttestationSecurityType) Valid 

func (e AttestationSecurityType) Valid() bool

Valid indicates whether the value is a known member of the AttestationSecurityType enum.

type CanonicalPublicKeyHex added in v0.10.0 

type CanonicalPublicKeyHex = string

CanonicalPublicKeyHex Lowercase hex of the canonical public-key bytes. The exact layout is described by the sibling `PublicKeyAlgorithm` / `PublicKeyFormat` fields: a `sec1_compressed` P-256 key is 66 hex chars with a `02`/`03` prefix; a `raw_32` Ed25519 or X25519 key is 64 hex chars. The relaxed `^(02|03)?[0-9a-f]{64}$` pattern accepts both lengths; receivers MUST additionally reject any value whose length and prefix do not match the declared `algorithm` and `public_key_format`. Hex — never OpenAPI `format: byte` — is the canonical transport for key material; `format: byte` is reserved for opaque bytes (signatures, proofs, ciphertexts, wrapped keys, packet blobs).

type DisplayField 

type DisplayField struct {
	// Expandable Field can be expanded to show additional content.
	Expandable *bool `json:"expandable,omitempty"`

	// Icon Optional SF Symbol or Material icon name.
	Icon *string `json:"icon,omitempty"`

	// Label Short label for the field.
	Label string `json:"label"`

	// Monospace Render the value in a monospace font.
	Monospace *bool `json:"monospace,omitempty"`

	// Multiline Render the value across multiple lines.
	Multiline *bool `json:"multiline,omitempty"`

	// Sensitive Value contains sensitive information; UI may mask it.
	Sensitive *bool `json:"sensitive,omitempty"`

	// Value Value to display.
	Value string `json:"value"`
}

DisplayField A single label/value row rendered on the approval surface. Superseded by the declarative `ApprovalUiV1` schema in `approval_ui.yaml` (`ApprovalUiKeyValueRow` is the direct replacement). Retained only for producers that have not yet migrated to the `ui` field; scheduled for removal in a follow-up once every producer and approver sends and renders `ApprovalUiV1`.

type DisplaySchema 

type DisplaySchema struct {
	Fields []DisplayField `json:"fields"`

	// HistoryTitle Shorter title for the history list view.
	HistoryTitle *string `json:"history_title,omitempty"`

	// Icon Optional icon name.
	Icon *string `json:"icon,omitempty"`

	// Subtitle Subtitle with additional context.
	Subtitle *string `json:"subtitle,omitempty"`

	// Title Main title for the approval screen.
	Title string `json:"title"`
}

DisplaySchema Optional approval-UI metadata. Producers populate this on a best-effort basis; approvers MUST render the wire payload regardless of presence. Superseded by the declarative `ApprovalUiV1` schema in `approval_ui.yaml`, exposed as the `ui` field on every request payload. Retained only for producers that have not yet migrated; scheduled for removal in a follow-up once every producer and approver sends and renders `ApprovalUiV1`.

type KeyInventoryAgeMetadataV1 added in v0.10.0 

type KeyInventoryAgeMetadataV1 struct {
	// AgeFingerprint Short display fingerprint for the age key. Display only — not a cryptographic identifier; the canonical identity is `public_key_hex`.
	AgeFingerprint *string `json:"age_fingerprint,omitempty"`

	// AgeRecipient Canonical age recipient string. It is the Bech32 encoding (per the age spec, lowercase, with the standard age Bech32 checksum) of the 32 raw X25519 public-key bytes — the same bytes as `public_key_hex` — under the human-readable prefix `age1nb`. Producers MUST emit the recipient with this exact prefix and Bech32 checksum; the CLI MUST reject a recipient that does not Bech32-decode to the entry's `public_key_hex` bytes. (The legacy CLI shipped two divergent helpers — a Go Bech32 encoder and a Swift `age1ackagent` + raw-hex concatenation; neither is the contract here. This schema field and the cross-language vectors are authoritative.)
	AgeRecipient *string `json:"age_recipient,omitempty"`
}

KeyInventoryAgeMetadataV1 Derived age export metadata for an inventory entry whose `purpose` is `age`. The underlying key is an X25519 key (`algorithm: x25519`, `public_key_format: raw_32`).

type KeyInventoryGpgMetadataV1 added in v0.10.0 

type KeyInventoryGpgMetadataV1 struct {
	// ArmoredPublicKey ASCII-armored OpenPGP public key block (`-----BEGIN PGP PUBLIC KEY BLOCK-----` … `-----END …-----`), including the primary key, user id, self-certification signature, and — when present — the encryption subkey and its binding signature.
	ArmoredPublicKey *string `json:"armored_public_key,omitempty"`

	// EncryptionFingerprintHex Uppercase hex of the 20-byte OpenPGP V4 fingerprint of the ECDH encryption subkey (40 hex chars).
	EncryptionFingerprintHex *string `json:"encryption_fingerprint_hex,omitempty"`

	// EncryptionKeyId Uppercase hex of the 8-byte OpenPGP key id of the ECDH encryption subkey (16 hex chars).
	EncryptionKeyId *string `json:"encryption_key_id,omitempty"`

	// EncryptionPublicKeyHex Lowercase hex of the ECDH encryption subkey public key, SEC1 compressed P-256 (66 hex chars). Present only when the GPG key has an encryption subkey.
	EncryptionPublicKeyHex *string `json:"encryption_public_key_hex,omitempty"`

	// FingerprintHex Uppercase hex of the 20-byte OpenPGP V4 primary-key fingerprint (40 hex chars), no spaces.
	FingerprintHex *string `json:"fingerprint_hex,omitempty"`

	// FormattedFingerprint Display-formatted primary-key fingerprint: the 40 hex chars in uppercase, grouped into ten 4-character blocks separated by single spaces. Display only — `fingerprint_hex` is canonical.
	FormattedFingerprint *string `json:"formatted_fingerprint,omitempty"`

	// KeyId Uppercase hex of the 8-byte OpenPGP key id (16 hex chars), the low 64 bits of `fingerprint_hex`.
	KeyId *string `json:"key_id,omitempty"`

	// SubkeySignature RFC 4648 standard base64 with `=` padding for the raw OpenPGP subkey binding signature packet bytes, when an encryption subkey is present.
	SubkeySignature *[]byte `json:"subkey_signature,omitempty"`

	// UserIdSignature RFC 4648 standard base64 with `=` padding for the raw OpenPGP self-certification (user-id) signature packet bytes.
	UserIdSignature *[]byte `json:"user_id_signature,omitempty"`
}

KeyInventoryGpgMetadataV1 Derived GPG export metadata for an inventory entry whose `purpose` is `gpg`. The primary-key fingerprint is the OpenPGP V4 fingerprint (`SHA1` over the V4 public-key packet) and depends on `key_creation_timestamp`, so that field MUST be present on GPG entries. `armored_public_key` lets the CLI import the key into system GPG without rebuilding the packet stream.

type KeyInventoryPkcs11MetadataV1 added in v0.10.0 

type KeyInventoryPkcs11MetadataV1 struct {
	// CanDerive Whether the key's PKCS#11 object exposes the `CKA_DERIVE` capability (ECDH key-agreement keys).
	CanDerive *bool `json:"can_derive,omitempty"`

	// CanSign Whether the key's PKCS#11 object exposes the `CKA_SIGN` / `CKA_VERIFY` capability (signing keys).
	CanSign *bool `json:"can_sign,omitempty"`

	// CkaEcParamsHex Lowercase hex of the DER-encoded `CKA_EC_PARAMS` attribute (the named-curve OID, e.g. `prime256v1` for P-256).
	CkaEcParamsHex *string `json:"cka_ec_params_hex,omitempty"`

	// CkaEcPointHex Lowercase hex of the DER-encoded `CKA_EC_POINT` attribute (an ASN.1 `OCTET STRING` wrapping the EC point). This is the same public key as `public_key_hex`, re-encoded for the PKCS#11 attribute; receivers MUST treat `public_key_hex` as canonical if the two ever disagree.
	CkaEcPointHex *string `json:"cka_ec_point_hex,omitempty"`

	// CkaIdHex Lowercase hex of the `CKA_ID` attribute bytes used to correlate the public object with its private counterpart.
	CkaIdHex *string `json:"cka_id_hex,omitempty"`

	// CkaKeyType PKCS#11 `CKA_KEY_TYPE` name for the key. `CKK_EC` for P-256 keys; `CKK_EC_EDWARDS` for Ed25519 keys.
	CkaKeyType *string `json:"cka_key_type,omitempty"`

	// CkaLabel UTF-8 `CKA_LABEL` attribute string for the public object.
	CkaLabel *string `json:"cka_label,omitempty"`
}

KeyInventoryPkcs11MetadataV1 Derived PKCS#11 public-object metadata for an inventory entry whose `purpose` is `pkcs11`. These are the attributes a PKCS#11 provider needs to expose the public key as a `CKO_PUBLIC_KEY` object deterministically. The canonical identity of the key remains `public_key_hex`; `cka_ec_point_hex` is the DER-wrapped restatement of the same key for the `CKA_EC_POINT` attribute.

type KeyInventorySshMetadataV1 added in v0.10.0 

type KeyInventorySshMetadataV1 struct {
	// Application SSH application string baked into the public-key blob. Defaults to `ssh:` when the credential was enrolled with the default application.
	Application *string `json:"application,omitempty"`

	// AuthorizedKey Single-line OpenSSH authorized-keys / `.pub` representation: `<ssh_key_type> <base64(blob)> <comment>`. The blob is the SSH wire encoding of the public key (uncompressed EC point for `ecdsa_p256`) plus the application string.
	AuthorizedKey *string `json:"authorized_key,omitempty"`

	// SshFingerprint OpenSSH public-key fingerprint as `SHA256:<base64-no-padding>` of `SHA256(public-key-blob)`. The base64 uses the standard alphabet with trailing `=` padding stripped.
	SshFingerprint *string `json:"ssh_fingerprint,omitempty"`

	// SshKeyType OpenSSH security-key type string. `sk-ecdsa-sha2-nistp256@openssh.com` for `ecdsa_p256` keys; `sk-ssh-ed25519@openssh.com` for `ed25519` keys.
	SshKeyType *string `json:"ssh_key_type,omitempty"`

	// SshSkFlags Per-credential SSH-SK flags byte (UP=0x01, UV=0x04) the credential was enrolled with. The CLI persists this and uses it as the request `flags` input on later `ssh_auth` / `ssh_sign` calls.
	SshSkFlags *int `json:"ssh_sk_flags,omitempty"`
}

KeyInventorySshMetadataV1 Derived SSH export metadata for an inventory entry whose `purpose` is `ssh`. Every field is reproducible from `public_key_hex`, `algorithm`, the SSH SK key type, and the application string, so the CLI MAY recompute and cross-check it; the approver SHOULD still populate it so the CLI can write the `.pub` file without re-deriving.

type KeyMetadataAttestation 

type KeyMetadataAttestation struct {
	// Assertion RFC 4648 standard base64 with `=` padding for the App Attest assertion or software signature.
	Assertion []byte `json:"assertion"`

	// AttestationObject RFC 4648 standard base64 with `=` padding for the Apple CBOR attestation object used by hardware attestation.
	AttestationObject *[]byte `json:"attestation_object,omitempty"`

	// AttestationPublicKeyHex Lowercase hex-encoded attestation key public key (66 hex chars for P-256 33-byte compressed key).
	AttestationPublicKeyHex *string `json:"attestation_public_key_hex,omitempty"`

	// AttestationTimestamp Unix timestamp in milliseconds.
	AttestationTimestamp int64 `json:"attestation_timestamp"`

	// AttestationType Combined platform and security level for attestation.
	AttestationType AttestationSecurityType `json:"attestation_type"`

	// Challenge RFC 4648 standard base64 with `=` padding for `SHA256(id || public_key || created_at || device_auth_public_key)`.
	Challenge []byte `json:"challenge"`

	// PublicKeyHex Lowercase hex-encoded public key being attested (66 hex chars for P-256 33-byte compressed key, or 64 hex chars for Ed25519 32-byte key).
	PublicKeyHex string `json:"public_key_hex"`
}

KeyMetadataAttestation Attestation proof that a key was created on attested device hardware.

type KeyPurpose 

type KeyPurpose string

KeyPurpose Purpose of an enrolled key. PKCS#11 protocol keys are dedicated, single-purpose keys and MUST be enrolled with the `pkcs11` purpose rather than reusing the device auth/encryption keys. 

const (
	Age    KeyPurpose = "age"
	Gpg    KeyPurpose = "gpg"
	Pkcs11 KeyPurpose = "pkcs11"
	Ssh    KeyPurpose = "ssh"
)

Defines values for KeyPurpose.

func (KeyPurpose) Valid 

func (e KeyPurpose) Valid() bool

Valid indicates whether the value is a known member of the KeyPurpose enum.

type MailboxAgeUnwrapRequestPayloadV1 

type MailboxAgeUnwrapRequestPayloadV1 struct {
	// ApprovalChallenge Canonical Longfellow / attested-key-zk approval challenge. Producer sends this inside the request payload; the approver binds it into the approval proof returned in the response payload.
	ApprovalChallenge *ApprovalChallenge `json:"approval_challenge,omitempty"`

	// Display Optional approval-UI metadata. Producers populate this on a best-effort basis; approvers MUST render the wire payload regardless of presence.
	// Superseded by the declarative `ApprovalUiV1` schema in `approval_ui.yaml`, exposed as the `ui` field on every request payload. Retained only for producers that have not yet migrated; scheduled for removal in a follow-up once every producer and approver sends and renders `ApprovalUiV1`.
	Display *DisplaySchema `json:"display,omitempty"`

	// EphemeralPublicHex Lowercase hex-encoded sender's ephemeral X25519 public key (64 hex chars for the 32-byte key).
	EphemeralPublicHex string `json:"ephemeral_public_hex"`

	// RecipientPublicHex Lowercase hex-encoded recipient's X25519 public key (64 hex chars for the 32-byte key).
	RecipientPublicHex string `json:"recipient_public_hex"`

	// SourceInfo Optional context about the requesting system. Producers populate this on a best-effort basis; approvers MUST NOT make security decisions on unauthenticated source metadata.
	SourceInfo *SourceInfo `json:"source_info,omitempty"`

	// Ui Declarative approval-UI container. `blocks` is a flat, ordered list rendered top to bottom. The approver renders this content above its own mandatory security chrome and signing controls; nothing here can suppress, reorder, or replace that chrome. Renderers MUST skip (not reject) any block whose `type` is not recognised so that newer producers stay forward-compatible with older approvers. Producers populate this on a best-effort basis; approvers MUST still render a safe default screen when it is absent or empty.
	Ui *ApprovalUiV1 `json:"ui,omitempty"`

	// WrappedFileKey RFC 4648 standard base64 with `=` padding for the wrapped file key for decryption.
	WrappedFileKey []byte `json:"wrapped_file_key"`
}

MailboxAgeUnwrapRequestPayloadV1 Request payload for the `age_unwrap` envelope type. The approver unwraps an age `X25519` recipient stanza using the on-device X25519 key matching `recipient_public_hex`.

type MailboxAgeUnwrapResponseFailureV1 

type MailboxAgeUnwrapResponseFailureV1 struct {
	// ErrorCode Numeric error code returned in `*ResponsePayloadV1.error_code` when an approval flow fails. `1=rejected`, `2=timeout`, `3=key_not_found`, `4=invalid_payload`, `5=attestation_failed`, `6=internal_error`.
	ErrorCode SigningErrorCode `json:"error_code"`

	// ErrorMessage Human-readable error message.
	ErrorMessage *string `json:"error_message,omitempty"`
}

MailboxAgeUnwrapResponseFailureV1 Failure branch of `MailboxAgeUnwrapResponsePayloadV1`.

type MailboxAgeUnwrapResponsePayloadV1 

type MailboxAgeUnwrapResponsePayloadV1 struct {
	// contains filtered or unexported fields
}

MailboxAgeUnwrapResponsePayloadV1 Response payload for the `age_unwrap` envelope type. Discriminated as a success / failure pair.

func (MailboxAgeUnwrapResponsePayloadV1) AsMailboxAgeUnwrapResponseFailureV1 

func (t MailboxAgeUnwrapResponsePayloadV1) AsMailboxAgeUnwrapResponseFailureV1() (MailboxAgeUnwrapResponseFailureV1, error)

AsMailboxAgeUnwrapResponseFailureV1 returns the union data inside the MailboxAgeUnwrapResponsePayloadV1 as a MailboxAgeUnwrapResponseFailureV1

func (MailboxAgeUnwrapResponsePayloadV1) AsMailboxAgeUnwrapResponseSuccessV1 

func (t MailboxAgeUnwrapResponsePayloadV1) AsMailboxAgeUnwrapResponseSuccessV1() (MailboxAgeUnwrapResponseSuccessV1, error)

AsMailboxAgeUnwrapResponseSuccessV1 returns the union data inside the MailboxAgeUnwrapResponsePayloadV1 as a MailboxAgeUnwrapResponseSuccessV1

func (*MailboxAgeUnwrapResponsePayloadV1) FromMailboxAgeUnwrapResponseFailureV1 

func (t *MailboxAgeUnwrapResponsePayloadV1) FromMailboxAgeUnwrapResponseFailureV1(v MailboxAgeUnwrapResponseFailureV1) error

FromMailboxAgeUnwrapResponseFailureV1 overwrites any union data inside the MailboxAgeUnwrapResponsePayloadV1 as the provided MailboxAgeUnwrapResponseFailureV1

func (*MailboxAgeUnwrapResponsePayloadV1) FromMailboxAgeUnwrapResponseSuccessV1 

func (t *MailboxAgeUnwrapResponsePayloadV1) FromMailboxAgeUnwrapResponseSuccessV1(v MailboxAgeUnwrapResponseSuccessV1) error

FromMailboxAgeUnwrapResponseSuccessV1 overwrites any union data inside the MailboxAgeUnwrapResponsePayloadV1 as the provided MailboxAgeUnwrapResponseSuccessV1

func (MailboxAgeUnwrapResponsePayloadV1) MarshalJSON 

func (t MailboxAgeUnwrapResponsePayloadV1) MarshalJSON() ([]byte, error)

func (*MailboxAgeUnwrapResponsePayloadV1) MergeMailboxAgeUnwrapResponseFailureV1 

func (t *MailboxAgeUnwrapResponsePayloadV1) MergeMailboxAgeUnwrapResponseFailureV1(v MailboxAgeUnwrapResponseFailureV1) error

MergeMailboxAgeUnwrapResponseFailureV1 performs a merge with any union data inside the MailboxAgeUnwrapResponsePayloadV1, using the provided MailboxAgeUnwrapResponseFailureV1

func (*MailboxAgeUnwrapResponsePayloadV1) MergeMailboxAgeUnwrapResponseSuccessV1 

func (t *MailboxAgeUnwrapResponsePayloadV1) MergeMailboxAgeUnwrapResponseSuccessV1(v MailboxAgeUnwrapResponseSuccessV1) error

MergeMailboxAgeUnwrapResponseSuccessV1 performs a merge with any union data inside the MailboxAgeUnwrapResponsePayloadV1, using the provided MailboxAgeUnwrapResponseSuccessV1

func (*MailboxAgeUnwrapResponsePayloadV1) UnmarshalJSON 

func (t *MailboxAgeUnwrapResponsePayloadV1) UnmarshalJSON(b []byte) error

type MailboxAgeUnwrapResponseSuccessV1 

type MailboxAgeUnwrapResponseSuccessV1 struct {
	// ApprovalProof Canonical Longfellow approval proof carried inside encrypted approval responses.
	ApprovalProof *ApprovalAttestedKeyProof `json:"approval_proof,omitempty"`

	// FileKey RFC 4648 standard base64 with `=` padding for the unwrapped age file key.
	FileKey []byte `json:"file_key"`
}

MailboxAgeUnwrapResponseSuccessV1 Success branch of `MailboxAgeUnwrapResponsePayloadV1`.

type MailboxBrowserApprovalBindingFormat added in v0.3.0 

type MailboxBrowserApprovalBindingFormat string

MailboxBrowserApprovalBindingFormat Canonical byte format signed by the mobile approval key. 

const (
	BrowserApprovalDecisionBindingv1Json MailboxBrowserApprovalBindingFormat = "browser-approval-decision-binding/v1+json"
)

Defines values for MailboxBrowserApprovalBindingFormat.

func (MailboxBrowserApprovalBindingFormat) Valid added in v0.3.0 

func (e MailboxBrowserApprovalBindingFormat) Valid() bool

Valid indicates whether the value is a known member of the MailboxBrowserApprovalBindingFormat enum.

type MailboxBrowserApprovalDecision added in v0.3.0 

type MailboxBrowserApprovalDecision string

MailboxBrowserApprovalDecision Mobile user's signed approval decision. 

const (
	MailboxBrowserApprovalDecisionApproved MailboxBrowserApprovalDecision = "approved"
	MailboxBrowserApprovalDecisionDenied   MailboxBrowserApprovalDecision = "denied"
)

Defines values for MailboxBrowserApprovalDecision.

func (MailboxBrowserApprovalDecision) Valid added in v0.3.0 

func (e MailboxBrowserApprovalDecision) Valid() bool

Valid indicates whether the value is a known member of the MailboxBrowserApprovalDecision enum.

type MailboxBrowserApprovalDecisionBindingV1 added in v0.3.0 

type MailboxBrowserApprovalDecisionBindingV1 struct {
	// ApprovalId Approval id copied from the request payload.
	ApprovalId string `json:"approval_id"`

	// BrowserPublicKeyAlgorithm Browser public key algorithm copied from the request payload.
	BrowserPublicKeyAlgorithm string `json:"browser_public_key_algorithm"`

	// BrowserPublicKeyThumbprint Browser public key thumbprint copied from the request payload.
	BrowserPublicKeyThumbprint string `json:"browser_public_key_thumbprint"`

	// DecidedAt RFC 3339 UTC timestamp of the mobile decision.
	DecidedAt string `json:"decided_at"`

	// Decision Mobile user's signed approval decision.
	Decision MailboxBrowserApprovalDecision `json:"decision"`

	// ExpiresAt Request expiry copied from the request payload.
	ExpiresAt string `json:"expires_at"`

	// Nonce Nonce copied from the request payload.
	Nonce string `json:"nonce"`

	// PairingTranscriptHash SHA-256 hash of the service-mobile pairing transcript.
	PairingTranscriptHash string `json:"pairing_transcript_hash"`

	// RequestEnvelopeId Envelope id of the browser approval request being answered.
	RequestEnvelopeId openapi_types.UUID `json:"request_envelope_id"`

	// RequestEnvelopeIssuedAt Envelope `issued_at` timestamp of the request being answered.
	RequestEnvelopeIssuedAt string `json:"request_envelope_issued_at"`

	// RequestEnvelopeType Envelope type of the request being answered.
	RequestEnvelopeType MailboxBrowserApprovalDecisionBindingV1RequestEnvelopeType `json:"request_envelope_type"`

	// RequestedCapability Requested capability copied from the request payload.
	RequestedCapability string `json:"requested_capability"`

	// RequesterClientId Requester client id copied from the request payload.
	RequesterClientId string `json:"requester_client_id"`

	// RequesterOrigin Requester origin copied from the request payload.
	RequesterOrigin string `json:"requester_origin"`

	// ServiceMobilePairingId Stable id for the service-mobile E2EE mailbox pairing.
	ServiceMobilePairingId string `json:"service_mobile_pairing_id"`

	// Version Canonical decision binding schema version.
	Version MailboxBrowserApprovalDecisionBindingV1Version `json:"version"`
}

MailboxBrowserApprovalDecisionBindingV1 Canonical JSON object whose UTF-8 bytes are signed by the mobile approval key. Producers encode these fields in lexicographic property order with no insignificant whitespace and place the resulting bytes in `MailboxBrowserApprovalResponsePayloadV1.approval_binding_bytes`.

type MailboxBrowserApprovalDecisionBindingV1RequestEnvelopeType added in v0.3.0 

type MailboxBrowserApprovalDecisionBindingV1RequestEnvelopeType string

MailboxBrowserApprovalDecisionBindingV1RequestEnvelopeType Envelope type of the request being answered. 

const (
	MailboxBrowserApprovalDecisionBindingV1RequestEnvelopeTypeBrowserApprovalRequest MailboxBrowserApprovalDecisionBindingV1RequestEnvelopeType = "browser_approval_request"
)

Defines values for MailboxBrowserApprovalDecisionBindingV1RequestEnvelopeType.

func (MailboxBrowserApprovalDecisionBindingV1RequestEnvelopeType) Valid added in v0.3.0 

func (e MailboxBrowserApprovalDecisionBindingV1RequestEnvelopeType) Valid() bool

Valid indicates whether the value is a known member of the MailboxBrowserApprovalDecisionBindingV1RequestEnvelopeType enum.

type MailboxBrowserApprovalDecisionBindingV1Version added in v0.3.0 

type MailboxBrowserApprovalDecisionBindingV1Version string

MailboxBrowserApprovalDecisionBindingV1Version Canonical decision binding schema version. 

const (
	BrowserApprovalDecisionBindingv1 MailboxBrowserApprovalDecisionBindingV1Version = "browser-approval-decision-binding/v1"
)

Defines values for MailboxBrowserApprovalDecisionBindingV1Version.

func (MailboxBrowserApprovalDecisionBindingV1Version) Valid added in v0.3.0 

func (e MailboxBrowserApprovalDecisionBindingV1Version) Valid() bool

Valid indicates whether the value is a known member of the MailboxBrowserApprovalDecisionBindingV1Version enum.

type MailboxBrowserApprovalRequestPayloadV1 added in v0.3.0 

type MailboxBrowserApprovalRequestPayloadV1 struct {
	// ApprovalChallenge Canonical Longfellow / attested-key-zk approval challenge. Producer sends this inside the request payload; the approver binds it into the approval proof returned in the response payload.
	ApprovalChallenge ApprovalChallenge `json:"approval_challenge"`

	// ApprovalId Opaque service-scoped approval id.
	ApprovalId string `json:"approval_id"`

	// BrowserDisplayName Human-readable browser/device label shown to the mobile user.
	BrowserDisplayName string `json:"browser_display_name"`

	// BrowserPlatform Best-effort browser platform hint shown to the mobile user.
	BrowserPlatform string `json:"browser_platform"`

	// BrowserPublicKeyAlgorithm Browser public key algorithm identifier, e.g. `ES256` or `Ed25519`.
	BrowserPublicKeyAlgorithm string `json:"browser_public_key_algorithm"`

	// BrowserPublicKeyThumbprint Thumbprint of the browser public key being approved. Producers SHOULD use `sha256:<base64url-no-padding>` for JWK thumbprints.
	BrowserPublicKeyThumbprint string `json:"browser_public_key_thumbprint"`

	// BrowserUserAgent Optional user-agent hint for display and diagnostics.
	BrowserUserAgent *string `json:"browser_user_agent,omitempty"`

	// ExpiresAt RFC 3339 UTC timestamp after which the request is invalid.
	ExpiresAt string `json:"expires_at"`

	// IssuedAt RFC 3339 UTC timestamp with canonical `Z` suffix.
	IssuedAt string `json:"issued_at"`

	// Nonce Opaque nonce bound into the mobile-signed decision.
	Nonce string `json:"nonce"`

	// RequestedCapability Generic capability requested by the service.
	RequestedCapability string `json:"requested_capability"`

	// RequesterClientId Service/requester client id that created the approval request.
	RequesterClientId string `json:"requester_client_id"`

	// RequesterDisplayName Human-readable requester name shown to the mobile user.
	RequesterDisplayName string `json:"requester_display_name"`

	// RequesterOrigin Origin of the requester that will receive/use the browser credential.
	RequesterOrigin string `json:"requester_origin"`

	// Ui Declarative approval-UI container. `blocks` is a flat, ordered list rendered top to bottom. The approver renders this content above its own mandatory security chrome and signing controls; nothing here can suppress, reorder, or replace that chrome. Renderers MUST skip (not reject) any block whose `type` is not recognised so that newer producers stay forward-compatible with older approvers. Producers populate this on a best-effort basis; approvers MUST still render a safe default screen when it is absent or empty.
	Ui *ApprovalUiV1 `json:"ui,omitempty"`
}

MailboxBrowserApprovalRequestPayloadV1 Request payload for the `browser_approval_request` envelope type. A service requester sends this to the paired mobile device when a browser key needs approval for a generic capability.

type MailboxBrowserApprovalResponsePayloadV1 added in v0.3.0 

type MailboxBrowserApprovalResponsePayloadV1 struct {
	// ApprovalBindingBytes RFC 4648 standard base64 with `=` padding for the canonical `MailboxBrowserApprovalDecisionBindingV1` UTF-8 JSON bytes.
	ApprovalBindingBytes []byte `json:"approval_binding_bytes"`

	// ApprovalBindingFormat Canonical byte format signed by the mobile approval key.
	ApprovalBindingFormat MailboxBrowserApprovalBindingFormat `json:"approval_binding_format"`

	// ApprovalId Approval id copied from the request payload.
	ApprovalId string `json:"approval_id"`

	// ApprovalProof Canonical Longfellow approval proof carried inside encrypted approval responses.
	ApprovalProof ApprovalAttestedKeyProof `json:"approval_proof"`

	// DecidedAt RFC 3339 UTC timestamp of the mobile decision.
	DecidedAt string `json:"decided_at"`

	// Decision Mobile user's signed approval decision.
	Decision MailboxBrowserApprovalDecision `json:"decision"`

	// RequestEnvelopeId Envelope id of the browser approval request being answered.
	RequestEnvelopeId openapi_types.UUID `json:"request_envelope_id"`

	// Status Response lifecycle status. The signed `decision` carries the approval outcome.
	Status MailboxBrowserApprovalResponseStatus `json:"status"`
}

MailboxBrowserApprovalResponsePayloadV1 Response payload for the `browser_approval_response` envelope type. The response carries the mobile decision plus the exact canonical bytes and attested-key-zk proof over `MailboxBrowserApprovalDecisionBindingV1`.

type MailboxBrowserApprovalResponseStatus added in v0.3.0 

type MailboxBrowserApprovalResponseStatus string

MailboxBrowserApprovalResponseStatus Response lifecycle status. The signed `decision` carries the approval outcome. 

const (
	MailboxBrowserApprovalResponseStatusDecided MailboxBrowserApprovalResponseStatus = "decided"
)

Defines values for MailboxBrowserApprovalResponseStatus.

func (MailboxBrowserApprovalResponseStatus) Valid added in v0.3.0 

func (e MailboxBrowserApprovalResponseStatus) Valid() bool

Valid indicates whether the value is a known member of the MailboxBrowserApprovalResponseStatus enum.

type MailboxCaptchaRequestPayloadV1 added in v0.7.0 

type MailboxCaptchaRequestPayloadV1 struct {
	// Action Relying-party action label.
	Action string `json:"action"`

	// ChallengeId Captcha challenge id.
	ChallengeId string `json:"challenge_id"`

	// ExpiresAt Captcha request expiry as a Unix timestamp in seconds.
	ExpiresAt int64 `json:"expires_at"`

	// ServiceOrigin Captcha service origin that created the request.
	ServiceOrigin string `json:"service_origin"`

	// SiteOrigin Relying-party site origin validated by the captcha service. The approval binding copies this exact string without normalization.
	SiteOrigin string `json:"site_origin"`

	// Sitekey Public sitekey enrolled for `site_origin`.
	Sitekey string `json:"sitekey"`
}

MailboxCaptchaRequestPayloadV1 Payload for the `captcha_request` envelope type sent by the captcha service to mobile.

type MailboxCaptchaResponsePayloadV1 added in v0.7.0 

type MailboxCaptchaResponsePayloadV1 struct {
	// Action Relying-party action label copied from the request payload.
	Action string `json:"action"`

	// AppIdHash Base64url without padding for the 32-byte mobile app id hash in the AKZK statement.
	AppIdHash string `json:"app_id_hash"`

	// ApprovalBinding RFC 4648 standard base64 with `=` padding for deterministic CBOR `NaughtBotApprovalBindingV1` bytes using profile `application/cbor; profile=naughtbot-captcha-approval-binding-v1`. The proof statement signs `SHA256(approval_binding bytes)`.
	ApprovalBinding []byte `json:"approval_binding"`

	// ApprovedAt RFC 3339 UTC timestamp when mobile approved the challenge.
	ApprovedAt string `json:"approved_at"`

	// ChallengeId Captcha challenge id copied from the request payload.
	ChallengeId string `json:"challenge_id"`

	// ExpiresAt Captcha request expiry copied from the request payload as a Unix timestamp in seconds.
	ExpiresAt int64 `json:"expires_at"`

	// IssuerPublicKeyX Base64url without padding for the 32-byte issuer public key X coordinate in the AKZK statement.
	IssuerPublicKeyX string `json:"issuer_public_key_x"`

	// IssuerPublicKeyY Base64url without padding for the 32-byte issuer public key Y coordinate in the AKZK statement.
	IssuerPublicKeyY string `json:"issuer_public_key_y"`

	// PolicyVersion Base64url without padding for the 4-byte policy version in the AKZK statement.
	PolicyVersion string `json:"policy_version"`

	// Proof RFC 4648 standard base64 with `=` padding for the attested-key-zk proof bytes.
	Proof []byte `json:"proof"`

	// ProofTimestamp Base64url without padding for the 8-byte proof timestamp in the AKZK statement.
	ProofTimestamp string `json:"proof_timestamp"`

	// ProofType Attested-key-zk approval proof type.
	ProofType MailboxCaptchaResponsePayloadV1ProofType `json:"proof_type"`

	// RequestEnvelopeId Source `captcha_request` envelope id.
	RequestEnvelopeId openapi_types.UUID `json:"request_envelope_id"`

	// ServiceOrigin Captcha service origin copied from the request payload.
	ServiceOrigin string `json:"service_origin"`

	// SiteOrigin Relying-party site origin copied byte-for-byte from the request payload.
	SiteOrigin string `json:"site_origin"`

	// Sitekey Public sitekey copied from the request payload.
	Sitekey string `json:"sitekey"`
}

MailboxCaptchaResponsePayloadV1 Payload for the `captcha_response` envelope type sent by mobile to the captcha service.

type MailboxCaptchaResponsePayloadV1ProofType added in v0.7.0 

type MailboxCaptchaResponsePayloadV1ProofType string

MailboxCaptchaResponsePayloadV1ProofType Attested-key-zk approval proof type. 

const (
	ApprovalProofV1 MailboxCaptchaResponsePayloadV1ProofType = "approval_proof_v1"
)

Defines values for MailboxCaptchaResponsePayloadV1ProofType.

func (MailboxCaptchaResponsePayloadV1ProofType) Valid added in v0.7.0 

func (e MailboxCaptchaResponsePayloadV1ProofType) Valid() bool

Valid indicates whether the value is a known member of the MailboxCaptchaResponsePayloadV1ProofType enum.

type MailboxEnrollRequestPayloadV1 

type MailboxEnrollRequestPayloadV1 struct {
	// Algorithm Key algorithm to use. Approver MUST reject unknown algorithms.
	Algorithm *string `json:"algorithm,omitempty"`

	// ApprovalChallenge Canonical Longfellow / attested-key-zk approval challenge. Producer sends this inside the request payload; the approver binds it into the approval proof returned in the response payload.
	ApprovalChallenge *ApprovalChallenge `json:"approval_challenge,omitempty"`

	// Display Optional approval-UI metadata. Producers populate this on a best-effort basis; approvers MUST render the wire payload regardless of presence.
	// Superseded by the declarative `ApprovalUiV1` schema in `approval_ui.yaml`, exposed as the `ui` field on every request payload. Retained only for producers that have not yet migrated; scheduled for removal in a follow-up once every producer and approver sends and renders `ApprovalUiV1`.
	Display *DisplaySchema `json:"display,omitempty"`

	// IncludeCertification Include a self-certification signature for GPG export. Ignored for non-GPG purposes.
	IncludeCertification *bool `json:"include_certification,omitempty"`

	// Label Human-readable label for the new key.
	Label *string `json:"label,omitempty"`

	// Purpose Purpose of an enrolled key. PKCS#11 protocol keys are dedicated, single-purpose keys and MUST be enrolled with the `pkcs11` purpose rather than reusing the device auth/encryption keys.
	Purpose KeyPurpose `json:"purpose"`

	// SourceInfo Optional context about the requesting system. Producers populate this on a best-effort basis; approvers MUST NOT make security decisions on unauthenticated source metadata.
	SourceInfo *SourceInfo `json:"source_info,omitempty"`

	// Ui Declarative approval-UI container. `blocks` is a flat, ordered list rendered top to bottom. The approver renders this content above its own mandatory security chrome and signing controls; nothing here can suppress, reorder, or replace that chrome. Renderers MUST skip (not reject) any block whose `type` is not recognised so that newer producers stay forward-compatible with older approvers. Producers populate this on a best-effort basis; approvers MUST still render a safe default screen when it is absent or empty.
	Ui *ApprovalUiV1 `json:"ui,omitempty"`
}

MailboxEnrollRequestPayloadV1 Request payload for the `enroll` envelope type. The approver creates a new key for the requested `purpose` and returns its public material.

type MailboxEnrollResponseApprovedV1 

type MailboxEnrollResponseApprovedV1 struct {
	// Algorithm Key algorithm used.
	Algorithm string `json:"algorithm"`

	// ApprovalProof Canonical Longfellow approval proof carried inside encrypted approval responses.
	ApprovalProof *ApprovalAttestedKeyProof `json:"approval_proof,omitempty"`

	// Attestation Attestation proof that a key was created on attested device hardware.
	Attestation *KeyMetadataAttestation `json:"attestation,omitempty"`

	// DeviceKeyId Device-side key identifier (e.g. iOS Secure Enclave handle) the requester can use to refer to the new key in subsequent requests.
	DeviceKeyId string `json:"device_key_id"`

	// EncryptionFingerprint 40-character hex fingerprint of the ECDH encryption subkey.
	EncryptionFingerprint *string `json:"encryption_fingerprint,omitempty"`

	// EncryptionPublicKeyHex Lowercase hex-encoded ECDH encryption subkey public key (66 hex chars for P-256 33-byte compressed key).
	EncryptionPublicKeyHex *string `json:"encryption_public_key_hex,omitempty"`

	// Fingerprint GPG fingerprint for GPG keys (40 hex chars).
	Fingerprint *string `json:"fingerprint,omitempty"`

	// Id New key identifier. UUID for GPG keys; format defined by the algorithm for other purposes.
	Id string `json:"id"`

	// KeyCreationTimestamp Unix timestamp (seconds) when the key was created.
	KeyCreationTimestamp *int64 `json:"key_creation_timestamp,omitempty"`

	// PublicKeyHex Lowercase hex-encoded public key. 66 hex chars for P-256 33-byte compressed key, or 64 hex chars for Ed25519 32-byte key.
	PublicKeyHex string `json:"public_key_hex"`

	// SshSkFlags Per-credential SSH-SK flags byte the approver baked into a newly enrolled SSH security-key credential. **MUST be present when `purpose` is the SSH signing purpose; absent for all other key purposes.** (The schema cannot express that conditional requirement directly because `MailboxEnrollResponseApprovedV1` is a single monolithic shape with per-type-optional fields like `fingerprint` / `encryption_public_key_hex`; requesters MUST reject SSH-purpose approved responses that omit this field.) The requester MUST persist this byte alongside the credential public key and use it as the request `flags` input on every subsequent `ssh_auth` / `ssh_sign` call. The approver echoes the actual per-signature assertion flags byte back in the success response (see `MailboxSshAuthResponseSuccessV1.flags`); that asserted byte (which MAY differ from this enrollment flags byte when, e.g., the SK could not deliver user verification) is what the requester MUST embed into the OpenSSH SK signature preimage `SHA256(application) || flags || counter || SHA256(data)`. Bit `0x01` is "user presence required" and `0x04` is "user verification required" per the OpenSSH SK protocol.
	SshSkFlags *int `json:"ssh_sk_flags,omitempty"`

	// Status Enrollment outcome discriminator (`approved`).
	Status MailboxEnrollResponseApprovedV1Status `json:"status"`

	// SubkeySignature RFC 4648 standard base64 with `=` padding for the GPG subkey binding signature.
	SubkeySignature *[]byte `json:"subkey_signature,omitempty"`

	// UserIdSignature RFC 4648 standard base64 with `=` padding for the GPG self-certification signature.
	UserIdSignature *[]byte `json:"user_id_signature,omitempty"`
}

MailboxEnrollResponseApprovedV1 Approved branch of `MailboxEnrollResponsePayloadV1`. Carries the freshly minted public key material so the requester can refer to the new key in subsequent signing / decryption requests.

type MailboxEnrollResponseApprovedV1Status 

type MailboxEnrollResponseApprovedV1Status string

MailboxEnrollResponseApprovedV1Status Enrollment outcome discriminator (`approved`). 

const (
	MailboxEnrollResponseApprovedV1StatusApproved MailboxEnrollResponseApprovedV1Status = "approved"
)

Defines values for MailboxEnrollResponseApprovedV1Status.

func (MailboxEnrollResponseApprovedV1Status) Valid 

func (e MailboxEnrollResponseApprovedV1Status) Valid() bool

Valid indicates whether the value is a known member of the MailboxEnrollResponseApprovedV1Status enum.

type MailboxEnrollResponsePayloadV1 

type MailboxEnrollResponsePayloadV1 struct {
	// contains filtered or unexported fields
}

MailboxEnrollResponsePayloadV1 Response payload for the `enroll` envelope type. Discriminated on `status`: `approved` requires the full key material set; `rejected` requires `error_code`.

func (MailboxEnrollResponsePayloadV1) AsMailboxEnrollResponseApprovedV1 

func (t MailboxEnrollResponsePayloadV1) AsMailboxEnrollResponseApprovedV1() (MailboxEnrollResponseApprovedV1, error)

AsMailboxEnrollResponseApprovedV1 returns the union data inside the MailboxEnrollResponsePayloadV1 as a MailboxEnrollResponseApprovedV1

func (MailboxEnrollResponsePayloadV1) AsMailboxEnrollResponseRejectedV1 

func (t MailboxEnrollResponsePayloadV1) AsMailboxEnrollResponseRejectedV1() (MailboxEnrollResponseRejectedV1, error)

AsMailboxEnrollResponseRejectedV1 returns the union data inside the MailboxEnrollResponsePayloadV1 as a MailboxEnrollResponseRejectedV1

func (MailboxEnrollResponsePayloadV1) Discriminator 

func (t MailboxEnrollResponsePayloadV1) Discriminator() (string, error)

func (*MailboxEnrollResponsePayloadV1) FromMailboxEnrollResponseApprovedV1 

func (t *MailboxEnrollResponsePayloadV1) FromMailboxEnrollResponseApprovedV1(v MailboxEnrollResponseApprovedV1) error

FromMailboxEnrollResponseApprovedV1 overwrites any union data inside the MailboxEnrollResponsePayloadV1 as the provided MailboxEnrollResponseApprovedV1

func (*MailboxEnrollResponsePayloadV1) FromMailboxEnrollResponseRejectedV1 

func (t *MailboxEnrollResponsePayloadV1) FromMailboxEnrollResponseRejectedV1(v MailboxEnrollResponseRejectedV1) error

FromMailboxEnrollResponseRejectedV1 overwrites any union data inside the MailboxEnrollResponsePayloadV1 as the provided MailboxEnrollResponseRejectedV1

func (MailboxEnrollResponsePayloadV1) MarshalJSON 

func (t MailboxEnrollResponsePayloadV1) MarshalJSON() ([]byte, error)

func (*MailboxEnrollResponsePayloadV1) MergeMailboxEnrollResponseApprovedV1 

func (t *MailboxEnrollResponsePayloadV1) MergeMailboxEnrollResponseApprovedV1(v MailboxEnrollResponseApprovedV1) error

MergeMailboxEnrollResponseApprovedV1 performs a merge with any union data inside the MailboxEnrollResponsePayloadV1, using the provided MailboxEnrollResponseApprovedV1

func (*MailboxEnrollResponsePayloadV1) MergeMailboxEnrollResponseRejectedV1 

func (t *MailboxEnrollResponsePayloadV1) MergeMailboxEnrollResponseRejectedV1(v MailboxEnrollResponseRejectedV1) error

MergeMailboxEnrollResponseRejectedV1 performs a merge with any union data inside the MailboxEnrollResponsePayloadV1, using the provided MailboxEnrollResponseRejectedV1

func (*MailboxEnrollResponsePayloadV1) UnmarshalJSON 

func (t *MailboxEnrollResponsePayloadV1) UnmarshalJSON(b []byte) error

func (MailboxEnrollResponsePayloadV1) ValueByDiscriminator 

func (t MailboxEnrollResponsePayloadV1) ValueByDiscriminator() (interface{}, error)

type MailboxEnrollResponseRejectedV1 

type MailboxEnrollResponseRejectedV1 struct {
	// ErrorCode Numeric error code returned in `*ResponsePayloadV1.error_code` when an approval flow fails. `1=rejected`, `2=timeout`, `3=key_not_found`, `4=invalid_payload`, `5=attestation_failed`, `6=internal_error`.
	ErrorCode SigningErrorCode `json:"error_code"`

	// ErrorMessage Human-readable error message.
	ErrorMessage *string `json:"error_message,omitempty"`

	// Status Enrollment outcome discriminator (`rejected`).
	Status MailboxEnrollResponseRejectedV1Status `json:"status"`
}

MailboxEnrollResponseRejectedV1 Rejected branch of `MailboxEnrollResponsePayloadV1`. Carries the signing error code (and optional human-readable message).

type MailboxEnrollResponseRejectedV1Status 

type MailboxEnrollResponseRejectedV1Status string

MailboxEnrollResponseRejectedV1Status Enrollment outcome discriminator (`rejected`). 

const (
	Rejected MailboxEnrollResponseRejectedV1Status = "rejected"
)

Defines values for MailboxEnrollResponseRejectedV1Status.

func (MailboxEnrollResponseRejectedV1Status) Valid 

func (e MailboxEnrollResponseRejectedV1Status) Valid() bool

Valid indicates whether the value is a known member of the MailboxEnrollResponseRejectedV1Status enum.

type MailboxEnvelopeType 

type MailboxEnvelopeType string

MailboxEnvelopeType Registered set of envelope `type` discriminators. Receivers may decode the envelope successfully but log+drop on unknown values. Adding a new type requires adding it here and shipping the matching payload schema under `payloads/<surface>.yaml`. 

const (
	MailboxEnvelopeTypeAgeUnwrap               MailboxEnvelopeType = "age_unwrap"
	MailboxEnvelopeTypeBrowserApprovalRequest  MailboxEnvelopeType = "browser_approval_request"
	MailboxEnvelopeTypeBrowserApprovalResponse MailboxEnvelopeType = "browser_approval_response"
	MailboxEnvelopeTypeCaptchaRequest          MailboxEnvelopeType = "captcha_request"
	MailboxEnvelopeTypeCaptchaResponse         MailboxEnvelopeType = "captcha_response"
	MailboxEnvelopeTypeEnroll                  MailboxEnvelopeType = "enroll"
	MailboxEnvelopeTypeFirstPartyRequest       MailboxEnvelopeType = "first_party_request"
	MailboxEnvelopeTypeFirstPartyResponse      MailboxEnvelopeType = "first_party_response"
	MailboxEnvelopeTypeGpgDecrypt              MailboxEnvelopeType = "gpg_decrypt"
	MailboxEnvelopeTypeGpgSign                 MailboxEnvelopeType = "gpg_sign"
	MailboxEnvelopeTypeKeyInventoryRequest     MailboxEnvelopeType = "key_inventory_request"
	MailboxEnvelopeTypeKeyInventoryResponse    MailboxEnvelopeType = "key_inventory_response"
	MailboxEnvelopeTypeLinkApproval            MailboxEnvelopeType = "link_approval"
	MailboxEnvelopeTypeLinkRejection           MailboxEnvelopeType = "link_rejection"
	MailboxEnvelopeTypeLinkRequest             MailboxEnvelopeType = "link_request"
	MailboxEnvelopeTypePkcs11Derive            MailboxEnvelopeType = "pkcs11_derive"
	MailboxEnvelopeTypePkcs11Sign              MailboxEnvelopeType = "pkcs11_sign"
	MailboxEnvelopeTypeSigningRequest          MailboxEnvelopeType = "signing_request"
	MailboxEnvelopeTypeSigningResponse         MailboxEnvelopeType = "signing_response"
	MailboxEnvelopeTypeSshAuth                 MailboxEnvelopeType = "ssh_auth"
	MailboxEnvelopeTypeSshSign                 MailboxEnvelopeType = "ssh_sign"
)

Defines values for MailboxEnvelopeType.

func (MailboxEnvelopeType) Valid 

func (e MailboxEnvelopeType) Valid() bool

Valid indicates whether the value is a known member of the MailboxEnvelopeType enum.

type MailboxEnvelopeV1 

type MailboxEnvelopeV1 struct {
	// Id Canonical lower-case RFC 4122 UUID string for idempotency / dedup on the receiver.
	Id openapi_types.UUID `json:"id"`

	// IssuedAt RFC 3339 UTC timestamp with the canonical `Z` suffix. Senders SHOULD emit fractional seconds (`2026-05-03T05:00:00.123Z`); receivers MUST also accept the plain second-precision form (`2026-05-03T05:00:00Z`). Times outside UTC and timestamps lacking the `T` delimiter are rejected.
	IssuedAt string `json:"issued_at"`

	// Payload Type-specific payload, MUST be a JSON object (`{...}`); scalar / array / string roots are not valid envelopes. The internal schema is validated by the per-`type` handler defined under `payloads/`, not by the envelope codec.
	Payload json.RawMessage `json:"payload"`

	// Type Registered type discriminator. Receivers SHOULD validate against the `MailboxEnvelopeType` registry enum at runtime; unknown values MUST be logged and dropped without rejecting the envelope.
	Type string `json:"type"`

	// V Envelope version. Receivers reject unknown versions.
	V MailboxEnvelopeV1V `json:"v"`
}

MailboxEnvelopeV1 Typed plaintext envelope for NaughtBot mailbox payloads. Receivers dispatch on `type`. The schema is documentary — the auth/mailbox backend never sees the envelope (it is inside HPKE plaintext) and no 

endpoint accepts it directly. Per-type decode rules live in the
payload schemas under `openapi/payloads/`.

type MailboxEnvelopeV1V 

type MailboxEnvelopeV1V int

MailboxEnvelopeV1V Envelope version. Receivers reject unknown versions. 

const (
	MailboxEnvelopeV1VN1 MailboxEnvelopeV1V = 1
)

Defines values for MailboxEnvelopeV1V.

func (MailboxEnvelopeV1V) Valid 

func (e MailboxEnvelopeV1V) Valid() bool

Valid indicates whether the value is a known member of the MailboxEnvelopeV1V enum.

type MailboxFirstPartyApprovalBindingFormat added in v0.4.0 

type MailboxFirstPartyApprovalBindingFormat string

MailboxFirstPartyApprovalBindingFormat Canonical byte format signed by the approving device key. 

const (
	FirstPartyPrivilegedActionDecisionBindingv1Json MailboxFirstPartyApprovalBindingFormat = "first-party-privileged-action-decision-binding/v1+json"
)

Defines values for MailboxFirstPartyApprovalBindingFormat.

func (MailboxFirstPartyApprovalBindingFormat) Valid added in v0.4.0 

func (e MailboxFirstPartyApprovalBindingFormat) Valid() bool

Valid indicates whether the value is a known member of the MailboxFirstPartyApprovalBindingFormat enum.

type MailboxFirstPartyApprovalDecision added in v0.4.0 

type MailboxFirstPartyApprovalDecision string

MailboxFirstPartyApprovalDecision Mobile user's signed decision for a first-party request. 

const (
	Approved MailboxFirstPartyApprovalDecision = "approved"
	Denied   MailboxFirstPartyApprovalDecision = "denied"
)

Defines values for MailboxFirstPartyApprovalDecision.

func (MailboxFirstPartyApprovalDecision) Valid added in v0.4.0 

func (e MailboxFirstPartyApprovalDecision) Valid() bool

Valid indicates whether the value is a known member of the MailboxFirstPartyApprovalDecision enum.

type MailboxFirstPartyDeviceRevokeOtherActionV1 added in v0.4.0 

type MailboxFirstPartyDeviceRevokeOtherActionV1 struct {
	// ActionType Discriminator for this privileged action payload.
	ActionType MailboxFirstPartyDeviceRevokeOtherActionV1ActionType `json:"action_type"`

	// RevokePairings Whether approval cascades revocation to pairings involving the target device.
	RevokePairings bool `json:"revoke_pairings"`

	// RevokeRefreshTokens Whether approval revokes refresh-token families bound to the target device.
	RevokeRefreshTokens bool `json:"revoke_refresh_tokens"`

	// TargetDeviceCreatedAt RFC 3339 UTC creation timestamp for the target device.
	TargetDeviceCreatedAt string `json:"target_device_created_at"`

	// TargetDeviceId Device id that will be revoked.
	TargetDeviceId openapi_types.UUID `json:"target_device_id"`

	// TargetDeviceName Optional human-readable device name shown to the user.
	TargetDeviceName *string `json:"target_device_name,omitempty"`

	// TargetDeviceType Registered platform type for the target device.
	TargetDeviceType MailboxFirstPartyDeviceRevokeOtherActionV1TargetDeviceType `json:"target_device_type"`
}

MailboxFirstPartyDeviceRevokeOtherActionV1 Canonical action details for `device.revoke_other`. Approval authorizes revoking another active device on the same user account.

type MailboxFirstPartyDeviceRevokeOtherActionV1ActionType added in v0.4.0 

type MailboxFirstPartyDeviceRevokeOtherActionV1ActionType string

MailboxFirstPartyDeviceRevokeOtherActionV1ActionType Discriminator for this privileged action payload. 

const (
	MailboxFirstPartyDeviceRevokeOtherActionV1ActionTypeDeviceRevokeOther MailboxFirstPartyDeviceRevokeOtherActionV1ActionType = "device.revoke_other"
)

Defines values for MailboxFirstPartyDeviceRevokeOtherActionV1ActionType.

func (MailboxFirstPartyDeviceRevokeOtherActionV1ActionType) Valid added in v0.4.0 

func (e MailboxFirstPartyDeviceRevokeOtherActionV1ActionType) Valid() bool

Valid indicates whether the value is a known member of the MailboxFirstPartyDeviceRevokeOtherActionV1ActionType enum.

type MailboxFirstPartyDeviceRevokeOtherActionV1TargetDeviceType added in v0.4.0 

type MailboxFirstPartyDeviceRevokeOtherActionV1TargetDeviceType string

MailboxFirstPartyDeviceRevokeOtherActionV1TargetDeviceType Registered platform type for the target device. 

const (
	Android MailboxFirstPartyDeviceRevokeOtherActionV1TargetDeviceType = "android"
	Ios     MailboxFirstPartyDeviceRevokeOtherActionV1TargetDeviceType = "ios"
)

Defines values for MailboxFirstPartyDeviceRevokeOtherActionV1TargetDeviceType.

func (MailboxFirstPartyDeviceRevokeOtherActionV1TargetDeviceType) Valid added in v0.4.0 

func (e MailboxFirstPartyDeviceRevokeOtherActionV1TargetDeviceType) Valid() bool

Valid indicates whether the value is a known member of the MailboxFirstPartyDeviceRevokeOtherActionV1TargetDeviceType enum.

type MailboxFirstPartyPrivilegedAction added in v0.4.0 

type MailboxFirstPartyPrivilegedAction struct {
	// contains filtered or unexported fields
}

MailboxFirstPartyPrivilegedAction Typed canonical privileged action details shown on mobile.

func (MailboxFirstPartyPrivilegedAction) AsMailboxFirstPartyDeviceRevokeOtherActionV1 added in v0.4.0 

func (t MailboxFirstPartyPrivilegedAction) AsMailboxFirstPartyDeviceRevokeOtherActionV1() (MailboxFirstPartyDeviceRevokeOtherActionV1, error)

AsMailboxFirstPartyDeviceRevokeOtherActionV1 returns the union data inside the MailboxFirstPartyPrivilegedAction as a MailboxFirstPartyDeviceRevokeOtherActionV1

func (MailboxFirstPartyPrivilegedAction) AsMailboxFirstPartyRelyingPartyRegisterActionV1 added in v0.4.0 

func (t MailboxFirstPartyPrivilegedAction) AsMailboxFirstPartyRelyingPartyRegisterActionV1() (MailboxFirstPartyRelyingPartyRegisterActionV1, error)

AsMailboxFirstPartyRelyingPartyRegisterActionV1 returns the union data inside the MailboxFirstPartyPrivilegedAction as a MailboxFirstPartyRelyingPartyRegisterActionV1

func (MailboxFirstPartyPrivilegedAction) AsMailboxFirstPartyRelyingPartyRotateSecretActionV1 added in v0.4.0 

func (t MailboxFirstPartyPrivilegedAction) AsMailboxFirstPartyRelyingPartyRotateSecretActionV1() (MailboxFirstPartyRelyingPartyRotateSecretActionV1, error)

AsMailboxFirstPartyRelyingPartyRotateSecretActionV1 returns the union data inside the MailboxFirstPartyPrivilegedAction as a MailboxFirstPartyRelyingPartyRotateSecretActionV1

func (*MailboxFirstPartyPrivilegedAction) FromMailboxFirstPartyDeviceRevokeOtherActionV1 added in v0.4.0 

func (t *MailboxFirstPartyPrivilegedAction) FromMailboxFirstPartyDeviceRevokeOtherActionV1(v MailboxFirstPartyDeviceRevokeOtherActionV1) error

FromMailboxFirstPartyDeviceRevokeOtherActionV1 overwrites any union data inside the MailboxFirstPartyPrivilegedAction as the provided MailboxFirstPartyDeviceRevokeOtherActionV1

func (*MailboxFirstPartyPrivilegedAction) FromMailboxFirstPartyRelyingPartyRegisterActionV1 added in v0.4.0 

func (t *MailboxFirstPartyPrivilegedAction) FromMailboxFirstPartyRelyingPartyRegisterActionV1(v MailboxFirstPartyRelyingPartyRegisterActionV1) error

FromMailboxFirstPartyRelyingPartyRegisterActionV1 overwrites any union data inside the MailboxFirstPartyPrivilegedAction as the provided MailboxFirstPartyRelyingPartyRegisterActionV1

func (*MailboxFirstPartyPrivilegedAction) FromMailboxFirstPartyRelyingPartyRotateSecretActionV1 added in v0.4.0 

func (t *MailboxFirstPartyPrivilegedAction) FromMailboxFirstPartyRelyingPartyRotateSecretActionV1(v MailboxFirstPartyRelyingPartyRotateSecretActionV1) error

FromMailboxFirstPartyRelyingPartyRotateSecretActionV1 overwrites any union data inside the MailboxFirstPartyPrivilegedAction as the provided MailboxFirstPartyRelyingPartyRotateSecretActionV1

func (MailboxFirstPartyPrivilegedAction) MarshalJSON added in v0.4.0 

func (t MailboxFirstPartyPrivilegedAction) MarshalJSON() ([]byte, error)

func (*MailboxFirstPartyPrivilegedAction) MergeMailboxFirstPartyDeviceRevokeOtherActionV1 added in v0.4.0 

func (t *MailboxFirstPartyPrivilegedAction) MergeMailboxFirstPartyDeviceRevokeOtherActionV1(v MailboxFirstPartyDeviceRevokeOtherActionV1) error

MergeMailboxFirstPartyDeviceRevokeOtherActionV1 performs a merge with any union data inside the MailboxFirstPartyPrivilegedAction, using the provided MailboxFirstPartyDeviceRevokeOtherActionV1

func (*MailboxFirstPartyPrivilegedAction) MergeMailboxFirstPartyRelyingPartyRegisterActionV1 added in v0.4.0 

func (t *MailboxFirstPartyPrivilegedAction) MergeMailboxFirstPartyRelyingPartyRegisterActionV1(v MailboxFirstPartyRelyingPartyRegisterActionV1) error

MergeMailboxFirstPartyRelyingPartyRegisterActionV1 performs a merge with any union data inside the MailboxFirstPartyPrivilegedAction, using the provided MailboxFirstPartyRelyingPartyRegisterActionV1

func (*MailboxFirstPartyPrivilegedAction) MergeMailboxFirstPartyRelyingPartyRotateSecretActionV1 added in v0.4.0 

func (t *MailboxFirstPartyPrivilegedAction) MergeMailboxFirstPartyRelyingPartyRotateSecretActionV1(v MailboxFirstPartyRelyingPartyRotateSecretActionV1) error

MergeMailboxFirstPartyRelyingPartyRotateSecretActionV1 performs a merge with any union data inside the MailboxFirstPartyPrivilegedAction, using the provided MailboxFirstPartyRelyingPartyRotateSecretActionV1

func (*MailboxFirstPartyPrivilegedAction) UnmarshalJSON added in v0.4.0 

func (t *MailboxFirstPartyPrivilegedAction) UnmarshalJSON(b []byte) error

type MailboxFirstPartyPrivilegedActionDecisionBindingV1 added in v0.4.0 

type MailboxFirstPartyPrivilegedActionDecisionBindingV1 struct {
	// ActionType Privileged server-side action that requires mobile approval.
	ActionType MailboxFirstPartyPrivilegedActionType `json:"action_type"`

	// ApprovingDeviceId Device id whose signing key created `approval_signature`.
	ApprovingDeviceId openapi_types.UUID `json:"approving_device_id"`

	// ApprovingDeviceSigningKeyJkt Base64url SHA-256 thumbprint of the approving device signing key.
	ApprovingDeviceSigningKeyJkt string `json:"approving_device_signing_key_jkt"`

	// CanonicalActionHash Hash copied from the request payload.
	CanonicalActionHash string `json:"canonical_action_hash"`

	// DecidedAt RFC 3339 UTC timestamp of the mobile decision.
	DecidedAt string `json:"decided_at"`

	// Decision Mobile user's signed decision for a first-party request.
	Decision MailboxFirstPartyApprovalDecision `json:"decision"`

	// ExpiresAt Request expiry copied from the request payload.
	ExpiresAt string `json:"expires_at"`

	// IntentId Privileged-action intent id copied from the request payload.
	IntentId string `json:"intent_id"`

	// Nonce Nonce copied from the request payload.
	Nonce string `json:"nonce"`

	// RequestEnvelopeId Envelope id of the first-party request being answered.
	RequestEnvelopeId openapi_types.UUID `json:"request_envelope_id"`

	// RequestEnvelopeIssuedAt Envelope `issued_at` timestamp of the request being answered.
	RequestEnvelopeIssuedAt string `json:"request_envelope_issued_at"`

	// RequestEnvelopeType Envelope type of the request being answered.
	RequestEnvelopeType MailboxFirstPartyPrivilegedActionDecisionBindingV1RequestEnvelopeType `json:"request_envelope_type"`

	// RequestId First-party request id copied from the request payload.
	RequestId string `json:"request_id"`

	// Version Canonical decision binding schema version.
	Version MailboxFirstPartyPrivilegedActionDecisionBindingV1Version `json:"version"`
}

MailboxFirstPartyPrivilegedActionDecisionBindingV1 Canonical JSON object whose UTF-8 bytes are signed by the approving device key. Producers encode these fields in lexicographic property order with no insignificant whitespace and place the resulting bytes in `MailboxFirstPartyResponsePayloadV1.approval_binding_bytes`.

type MailboxFirstPartyPrivilegedActionDecisionBindingV1RequestEnvelopeType added in v0.4.0 

type MailboxFirstPartyPrivilegedActionDecisionBindingV1RequestEnvelopeType string

MailboxFirstPartyPrivilegedActionDecisionBindingV1RequestEnvelopeType Envelope type of the request being answered. 

const (
	FirstPartyRequest MailboxFirstPartyPrivilegedActionDecisionBindingV1RequestEnvelopeType = "first_party_request"
)

Defines values for MailboxFirstPartyPrivilegedActionDecisionBindingV1RequestEnvelopeType.

func (MailboxFirstPartyPrivilegedActionDecisionBindingV1RequestEnvelopeType) Valid added in v0.4.0 

func (e MailboxFirstPartyPrivilegedActionDecisionBindingV1RequestEnvelopeType) Valid() bool

Valid indicates whether the value is a known member of the MailboxFirstPartyPrivilegedActionDecisionBindingV1RequestEnvelopeType enum.

type MailboxFirstPartyPrivilegedActionDecisionBindingV1Version added in v0.4.0 

type MailboxFirstPartyPrivilegedActionDecisionBindingV1Version string

MailboxFirstPartyPrivilegedActionDecisionBindingV1Version Canonical decision binding schema version. 

const (
	FirstPartyPrivilegedActionDecisionBindingv1 MailboxFirstPartyPrivilegedActionDecisionBindingV1Version = "first-party-privileged-action-decision-binding/v1"
)

Defines values for MailboxFirstPartyPrivilegedActionDecisionBindingV1Version.

func (MailboxFirstPartyPrivilegedActionDecisionBindingV1Version) Valid added in v0.4.0 

func (e MailboxFirstPartyPrivilegedActionDecisionBindingV1Version) Valid() bool

Valid indicates whether the value is a known member of the MailboxFirstPartyPrivilegedActionDecisionBindingV1Version enum.

type MailboxFirstPartyPrivilegedActionRequestV1 added in v0.4.0 

type MailboxFirstPartyPrivilegedActionRequestV1 struct {
	// Action Typed canonical privileged action details shown on mobile.
	Action MailboxFirstPartyPrivilegedAction `json:"action"`

	// ActionType Privileged server-side action that requires mobile approval.
	ActionType MailboxFirstPartyPrivilegedActionType `json:"action_type"`

	// CanonicalActionBytes RFC 4648 standard base64 with `=` padding for the canonical privileged action JSON bytes.
	CanonicalActionBytes []byte `json:"canonical_action_bytes"`

	// CanonicalActionHash SHA-256 hash of `canonical_action_bytes` after base64 decoding.
	CanonicalActionHash string `json:"canonical_action_hash"`

	// CreatedAt RFC 3339 UTC timestamp when auth created the privileged-action intent.
	CreatedAt string `json:"created_at"`

	// InitiatingClientId OAuth client id for the console flow that initiated the intent.
	InitiatingClientId string `json:"initiating_client_id"`

	// InitiatingDpopJkt Base64url SHA-256 thumbprint of the initiating browser DPoP key.
	InitiatingDpopJkt string `json:"initiating_dpop_jkt"`

	// IntentId Opaque privileged-action intent id.
	IntentId string `json:"intent_id"`
}

MailboxFirstPartyPrivilegedActionRequestV1 Privileged console action approval request. `canonical_action_bytes` are the UTF-8 JSON bytes of the typed `action` object encoded with lexicographic property order and no insignificant whitespace; the hash pins the exact action details auth will execute after approval.

type MailboxFirstPartyPrivilegedActionType added in v0.4.0 

type MailboxFirstPartyPrivilegedActionType string

MailboxFirstPartyPrivilegedActionType Privileged server-side action that requires mobile approval. 

const (
	MailboxFirstPartyPrivilegedActionTypeDeviceRevokeOther        MailboxFirstPartyPrivilegedActionType = "device.revoke_other"
	MailboxFirstPartyPrivilegedActionTypeRelyingPartyRegister     MailboxFirstPartyPrivilegedActionType = "relying_party.register"
	MailboxFirstPartyPrivilegedActionTypeRelyingPartyRotateSecret MailboxFirstPartyPrivilegedActionType = "relying_party.rotate_secret"
)

Defines values for MailboxFirstPartyPrivilegedActionType.

func (MailboxFirstPartyPrivilegedActionType) Valid added in v0.4.0 

func (e MailboxFirstPartyPrivilegedActionType) Valid() bool

Valid indicates whether the value is a known member of the MailboxFirstPartyPrivilegedActionType enum.

type MailboxFirstPartyRelyingPartyRegisterActionV1 added in v0.4.0 

type MailboxFirstPartyRelyingPartyRegisterActionV1 struct {
	// ActionType Discriminator for this privileged action payload.
	ActionType MailboxFirstPartyRelyingPartyRegisterActionV1ActionType `json:"action_type"`

	// ClientSecretReturnedOnce Whether approval returns a one-time plaintext client secret to the initiating console flow.
	ClientSecretReturnedOnce bool `json:"client_secret_returned_once"`

	// ConfidentialClientAudience OAuth resource audience requested for confidential client credentials.
	ConfidentialClientAudience string `json:"confidential_client_audience"`

	// ConfidentialClientScopes Requested scopes for the confidential backend client.
	ConfidentialClientScopes []string `json:"confidential_client_scopes"`

	// DisplayName Human-readable relying-party label shown to the user.
	DisplayName string `json:"display_name"`

	// Origin Browser origin that will host the public relying-party client.
	Origin string `json:"origin"`

	// PublicClientScopes Requested scopes for the public browser Sign in client.
	PublicClientScopes []string `json:"public_client_scopes"`

	// RedirectUris Exact browser callback URIs for the public authorization-code client.
	RedirectUris []string `json:"redirect_uris"`
}

MailboxFirstPartyRelyingPartyRegisterActionV1 Canonical action details for `relying_party.register`. Mobile displays these exact fields before approving creation of the relying party and its paired public/confidential clients.

type MailboxFirstPartyRelyingPartyRegisterActionV1ActionType added in v0.4.0 

type MailboxFirstPartyRelyingPartyRegisterActionV1ActionType string

MailboxFirstPartyRelyingPartyRegisterActionV1ActionType Discriminator for this privileged action payload. 

const (
	RelyingPartyRegister MailboxFirstPartyRelyingPartyRegisterActionV1ActionType = "relying_party.register"
)

Defines values for MailboxFirstPartyRelyingPartyRegisterActionV1ActionType.

func (MailboxFirstPartyRelyingPartyRegisterActionV1ActionType) Valid added in v0.4.0 

func (e MailboxFirstPartyRelyingPartyRegisterActionV1ActionType) Valid() bool

Valid indicates whether the value is a known member of the MailboxFirstPartyRelyingPartyRegisterActionV1ActionType enum.

type MailboxFirstPartyRelyingPartyRotateSecretActionV1 added in v0.4.0 

type MailboxFirstPartyRelyingPartyRotateSecretActionV1 struct {
	// ActionType Discriminator for this privileged action payload.
	ActionType MailboxFirstPartyRelyingPartyRotateSecretActionV1ActionType `json:"action_type"`

	// ClientSecretReturnedOnce Whether approval returns a one-time plaintext client secret to the initiating console flow.
	ClientSecretReturnedOnce bool `json:"client_secret_returned_once"`

	// ConfidentialClientId Confidential backend client id whose secret will rotate.
	ConfidentialClientId string `json:"confidential_client_id"`

	// DisplayName Human-readable relying-party label shown to the user.
	DisplayName string `json:"display_name"`

	// Origin Browser origin attached to the relying party.
	Origin string `json:"origin"`

	// RelyingPartyId Relying-party record id whose confidential secret will rotate.
	RelyingPartyId string `json:"relying_party_id"`
}

MailboxFirstPartyRelyingPartyRotateSecretActionV1 Canonical action details for `relying_party.rotate_secret`. Approval authorizes replacing the confidential client's stored secret hash and returning the new secret once to the initiating console flow.

type MailboxFirstPartyRelyingPartyRotateSecretActionV1ActionType added in v0.4.0 

type MailboxFirstPartyRelyingPartyRotateSecretActionV1ActionType string

MailboxFirstPartyRelyingPartyRotateSecretActionV1ActionType Discriminator for this privileged action payload. 

const (
	RelyingPartyRotateSecret MailboxFirstPartyRelyingPartyRotateSecretActionV1ActionType = "relying_party.rotate_secret"
)

Defines values for MailboxFirstPartyRelyingPartyRotateSecretActionV1ActionType.

func (MailboxFirstPartyRelyingPartyRotateSecretActionV1ActionType) Valid added in v0.4.0 

func (e MailboxFirstPartyRelyingPartyRotateSecretActionV1ActionType) Valid() bool

Valid indicates whether the value is a known member of the MailboxFirstPartyRelyingPartyRotateSecretActionV1ActionType enum.

type MailboxFirstPartyRequestKind added in v0.4.0 

type MailboxFirstPartyRequestKind string

MailboxFirstPartyRequestKind First-party request category delivered to a user's devices. 

const (
	PrivilegedActionApproval MailboxFirstPartyRequestKind = "privileged_action_approval"
)

Defines values for MailboxFirstPartyRequestKind.

func (MailboxFirstPartyRequestKind) Valid added in v0.4.0 

func (e MailboxFirstPartyRequestKind) Valid() bool

Valid indicates whether the value is a known member of the MailboxFirstPartyRequestKind enum.

type MailboxFirstPartyRequestPayloadV1 added in v0.4.0 

type MailboxFirstPartyRequestPayloadV1 struct {
	// ExpiresAt RFC 3339 UTC timestamp after which the request is invalid.
	ExpiresAt string `json:"expires_at"`

	// IssuedAt RFC 3339 UTC timestamp with canonical `Z` suffix.
	IssuedAt string `json:"issued_at"`

	// Nonce Opaque nonce bound into the mobile-signed decision.
	Nonce string `json:"nonce"`

	// PrivilegedAction Privileged console action approval request. `canonical_action_bytes` are the UTF-8 JSON bytes of the typed `action` object encoded with lexicographic property order and no insignificant whitespace; the hash pins the exact action details auth will execute after approval.
	PrivilegedAction MailboxFirstPartyPrivilegedActionRequestV1 `json:"privileged_action"`

	// RequestId Opaque auth/mailbox-scoped first-party request id.
	RequestId string `json:"request_id"`

	// RequestKind First-party request category delivered to a user's devices.
	RequestKind MailboxFirstPartyRequestKind `json:"request_kind"`

	// Ui Declarative approval-UI container. `blocks` is a flat, ordered list rendered top to bottom. The approver renders this content above its own mandatory security chrome and signing controls; nothing here can suppress, reorder, or replace that chrome. Renderers MUST skip (not reject) any block whose `type` is not recognised so that newer producers stay forward-compatible with older approvers. Producers populate this on a best-effort basis; approvers MUST still render a safe default screen when it is absent or empty.
	Ui *ApprovalUiV1 `json:"ui,omitempty"`
}

MailboxFirstPartyRequestPayloadV1 Request payload for the `first_party_request` envelope type.

type MailboxFirstPartyResponsePayloadV1 added in v0.4.0 

type MailboxFirstPartyResponsePayloadV1 struct {
	// ApprovalBindingBytes RFC 4648 standard base64 with `=` padding for the canonical `MailboxFirstPartyPrivilegedActionDecisionBindingV1` UTF-8 JSON bytes.
	ApprovalBindingBytes []byte `json:"approval_binding_bytes"`

	// ApprovalBindingFormat Canonical byte format signed by the approving device key.
	ApprovalBindingFormat MailboxFirstPartyApprovalBindingFormat `json:"approval_binding_format"`

	// ApprovalSignature RFC 4648 standard base64 with `=` padding for the raw signature over `approval_binding_bytes` after base64 decoding.
	ApprovalSignature []byte `json:"approval_signature"`

	// ApprovalSignatureAlgorithm Device signing-key algorithm identifier.
	ApprovalSignatureAlgorithm string `json:"approval_signature_algorithm"`

	// ApprovingDeviceId Device id whose signing key created `approval_signature`.
	ApprovingDeviceId openapi_types.UUID `json:"approving_device_id"`

	// ApprovingDeviceSigningKeyJkt Base64url SHA-256 thumbprint of the approving device signing key.
	ApprovingDeviceSigningKeyJkt string `json:"approving_device_signing_key_jkt"`

	// DecidedAt RFC 3339 UTC timestamp of the mobile decision.
	DecidedAt string `json:"decided_at"`

	// Decision Mobile user's signed decision for a first-party request.
	Decision MailboxFirstPartyApprovalDecision `json:"decision"`

	// IntentId Privileged-action intent id copied from the request payload.
	IntentId string `json:"intent_id"`

	// RequestEnvelopeId Envelope id of the first-party request being answered.
	RequestEnvelopeId openapi_types.UUID `json:"request_envelope_id"`

	// RequestId First-party request id copied from the request payload.
	RequestId string `json:"request_id"`

	// Status Response lifecycle status. The signed `decision` carries the approval outcome.
	Status MailboxFirstPartyResponseStatus `json:"status"`
}

MailboxFirstPartyResponsePayloadV1 Response payload for the `first_party_response` envelope type. The response carries the mobile decision, the exact canonical bytes signed by the approving device, and the raw device signature over those bytes.

type MailboxFirstPartyResponseStatus added in v0.4.0 

type MailboxFirstPartyResponseStatus string

MailboxFirstPartyResponseStatus Response lifecycle status. The signed `decision` carries the approval outcome. 

const (
	MailboxFirstPartyResponseStatusDecided MailboxFirstPartyResponseStatus = "decided"
)

Defines values for MailboxFirstPartyResponseStatus.

func (MailboxFirstPartyResponseStatus) Valid added in v0.4.0 

func (e MailboxFirstPartyResponseStatus) Valid() bool

Valid indicates whether the value is a known member of the MailboxFirstPartyResponseStatus enum.

type MailboxGpgDecryptRequestPayloadV1 

type MailboxGpgDecryptRequestPayloadV1 struct {
	// ApprovalChallenge Canonical Longfellow / attested-key-zk approval challenge. Producer sends this inside the request payload; the approver binds it into the approval proof returned in the response payload.
	ApprovalChallenge *ApprovalChallenge `json:"approval_challenge,omitempty"`

	// DeviceKeyId Hex-encoded public key selecting which on-device GPG encryption subkey the approver should use for ECDH. The mailbox/poll path requires this because the envelope does not otherwise carry a key identifier.
	DeviceKeyId string `json:"device_key_id"`

	// Display Optional approval-UI metadata. Producers populate this on a best-effort basis; approvers MUST render the wire payload regardless of presence.
	// Superseded by the declarative `ApprovalUiV1` schema in `approval_ui.yaml`, exposed as the `ui` field on every request payload. Retained only for producers that have not yet migrated; scheduled for removal in a follow-up once every producer and approver sends and renders `ApprovalUiV1`.
	Display *DisplaySchema `json:"display,omitempty"`

	// EncryptedData RFC 4648 standard base64 with `=` padding for the encrypted data to decrypt.
	EncryptedData []byte `json:"encrypted_data"`

	// Pkesk OpenPGP Public Key Encrypted Session Key packet data.
	Pkesk PkeskData `json:"pkesk"`

	// SourceInfo Optional context about the requesting system. Producers populate this on a best-effort basis; approvers MUST NOT make security decisions on unauthenticated source metadata.
	SourceInfo *SourceInfo `json:"source_info,omitempty"`

	// Ui Declarative approval-UI container. `blocks` is a flat, ordered list rendered top to bottom. The approver renders this content above its own mandatory security chrome and signing controls; nothing here can suppress, reorder, or replace that chrome. Renderers MUST skip (not reject) any block whose `type` is not recognised so that newer producers stay forward-compatible with older approvers. Producers populate this on a best-effort basis; approvers MUST still render a safe default screen when it is absent or empty.
	Ui *ApprovalUiV1 `json:"ui,omitempty"`
}

MailboxGpgDecryptRequestPayloadV1 Request payload for the `gpg_decrypt` envelope type. The approver unwraps the OpenPGP Public Key Encrypted Session Key packet using the encryption subkey selected by `device_key_id`.

type MailboxGpgDecryptResponseFailureV1 

type MailboxGpgDecryptResponseFailureV1 struct {
	// ErrorCode Numeric error code returned in `*ResponsePayloadV1.error_code` when an approval flow fails. `1=rejected`, `2=timeout`, `3=key_not_found`, `4=invalid_payload`, `5=attestation_failed`, `6=internal_error`.
	ErrorCode SigningErrorCode `json:"error_code"`

	// ErrorMessage Human-readable error message.
	ErrorMessage *string `json:"error_message,omitempty"`
}

MailboxGpgDecryptResponseFailureV1 Failure branch of `MailboxGpgDecryptResponsePayloadV1`.

type MailboxGpgDecryptResponsePayloadV1 

type MailboxGpgDecryptResponsePayloadV1 struct {
	// contains filtered or unexported fields
}

MailboxGpgDecryptResponsePayloadV1 Response payload for the `gpg_decrypt` envelope type. Discriminated as a success / failure pair. The success branch carries both `session_key` and `algorithm`; the failure branch carries `error_code`.

func (MailboxGpgDecryptResponsePayloadV1) AsMailboxGpgDecryptResponseFailureV1 

func (t MailboxGpgDecryptResponsePayloadV1) AsMailboxGpgDecryptResponseFailureV1() (MailboxGpgDecryptResponseFailureV1, error)

AsMailboxGpgDecryptResponseFailureV1 returns the union data inside the MailboxGpgDecryptResponsePayloadV1 as a MailboxGpgDecryptResponseFailureV1

func (MailboxGpgDecryptResponsePayloadV1) AsMailboxGpgDecryptResponseSuccessV1 

func (t MailboxGpgDecryptResponsePayloadV1) AsMailboxGpgDecryptResponseSuccessV1() (MailboxGpgDecryptResponseSuccessV1, error)

AsMailboxGpgDecryptResponseSuccessV1 returns the union data inside the MailboxGpgDecryptResponsePayloadV1 as a MailboxGpgDecryptResponseSuccessV1

func (*MailboxGpgDecryptResponsePayloadV1) FromMailboxGpgDecryptResponseFailureV1 

func (t *MailboxGpgDecryptResponsePayloadV1) FromMailboxGpgDecryptResponseFailureV1(v MailboxGpgDecryptResponseFailureV1) error

FromMailboxGpgDecryptResponseFailureV1 overwrites any union data inside the MailboxGpgDecryptResponsePayloadV1 as the provided MailboxGpgDecryptResponseFailureV1

func (*MailboxGpgDecryptResponsePayloadV1) FromMailboxGpgDecryptResponseSuccessV1 

func (t *MailboxGpgDecryptResponsePayloadV1) FromMailboxGpgDecryptResponseSuccessV1(v MailboxGpgDecryptResponseSuccessV1) error

FromMailboxGpgDecryptResponseSuccessV1 overwrites any union data inside the MailboxGpgDecryptResponsePayloadV1 as the provided MailboxGpgDecryptResponseSuccessV1

func (MailboxGpgDecryptResponsePayloadV1) MarshalJSON 

func (t MailboxGpgDecryptResponsePayloadV1) MarshalJSON() ([]byte, error)

func (*MailboxGpgDecryptResponsePayloadV1) MergeMailboxGpgDecryptResponseFailureV1 

func (t *MailboxGpgDecryptResponsePayloadV1) MergeMailboxGpgDecryptResponseFailureV1(v MailboxGpgDecryptResponseFailureV1) error

MergeMailboxGpgDecryptResponseFailureV1 performs a merge with any union data inside the MailboxGpgDecryptResponsePayloadV1, using the provided MailboxGpgDecryptResponseFailureV1

func (*MailboxGpgDecryptResponsePayloadV1) MergeMailboxGpgDecryptResponseSuccessV1 

func (t *MailboxGpgDecryptResponsePayloadV1) MergeMailboxGpgDecryptResponseSuccessV1(v MailboxGpgDecryptResponseSuccessV1) error

MergeMailboxGpgDecryptResponseSuccessV1 performs a merge with any union data inside the MailboxGpgDecryptResponsePayloadV1, using the provided MailboxGpgDecryptResponseSuccessV1

func (*MailboxGpgDecryptResponsePayloadV1) UnmarshalJSON 

func (t *MailboxGpgDecryptResponsePayloadV1) UnmarshalJSON(b []byte) error

type MailboxGpgDecryptResponseSuccessV1 

type MailboxGpgDecryptResponseSuccessV1 struct {
	// Algorithm OpenPGP symmetric algorithm id (RFC 4880 §9.2).
	Algorithm int32 `json:"algorithm"`

	// ApprovalProof Canonical Longfellow approval proof carried inside encrypted approval responses.
	ApprovalProof *ApprovalAttestedKeyProof `json:"approval_proof,omitempty"`

	// SessionKey RFC 4648 standard base64 with `=` padding for the unwrapped session key.
	SessionKey []byte `json:"session_key"`
}

MailboxGpgDecryptResponseSuccessV1 Success branch of `MailboxGpgDecryptResponsePayloadV1`.

type MailboxGpgSignRequestPayloadV1 

type MailboxGpgSignRequestPayloadV1 struct {
	// ApprovalChallenge Canonical Longfellow / attested-key-zk approval challenge. Producer sends this inside the request payload; the approver binds it into the approval proof returned in the response payload.
	ApprovalChallenge *ApprovalChallenge `json:"approval_challenge,omitempty"`

	// DeviceKeyId Hex-encoded public key selecting which on-device GPG primary key the approver should use for signing. The mailbox/poll path requires this because the envelope does not otherwise carry a key identifier.
	DeviceKeyId string `json:"device_key_id"`

	// Display Optional approval-UI metadata. Producers populate this on a best-effort basis; approvers MUST render the wire payload regardless of presence.
	// Superseded by the declarative `ApprovalUiV1` schema in `approval_ui.yaml`, exposed as the `ui` field on every request payload. Retained only for producers that have not yet migrated; scheduled for removal in a follow-up once every producer and approver sends and renders `ApprovalUiV1`.
	Display *DisplaySchema `json:"display,omitempty"`

	// RawData RFC 4648 standard base64 with `=` padding for the raw data to sign (preimage). The approver builds the OpenPGP hash input from this preimage and signs the resulting digest.
	RawData []byte `json:"raw_data"`

	// SourceInfo Optional context about the requesting system. Producers populate this on a best-effort basis; approvers MUST NOT make security decisions on unauthenticated source metadata.
	SourceInfo *SourceInfo `json:"source_info,omitempty"`

	// Ui Declarative approval-UI container. `blocks` is a flat, ordered list rendered top to bottom. The approver renders this content above its own mandatory security chrome and signing controls; nothing here can suppress, reorder, or replace that chrome. Renderers MUST skip (not reject) any block whose `type` is not recognised so that newer producers stay forward-compatible with older approvers. Producers populate this on a best-effort basis; approvers MUST still render a safe default screen when it is absent or empty.
	Ui *ApprovalUiV1 `json:"ui,omitempty"`
}

MailboxGpgSignRequestPayloadV1 Request payload for the `gpg_sign` envelope type. The approver builds the OpenPGP hash input from `raw_data` and signs the resulting digest with the primary GPG signing key selected by `device_key_id`.

type MailboxGpgSignResponseFailureV1 

type MailboxGpgSignResponseFailureV1 struct {
	// ErrorCode Numeric error code returned in `*ResponsePayloadV1.error_code` when an approval flow fails. `1=rejected`, `2=timeout`, `3=key_not_found`, `4=invalid_payload`, `5=attestation_failed`, `6=internal_error`.
	ErrorCode SigningErrorCode `json:"error_code"`

	// ErrorMessage Human-readable error message.
	ErrorMessage *string `json:"error_message,omitempty"`
}

MailboxGpgSignResponseFailureV1 Failure branch of `MailboxGpgSignResponsePayloadV1`.

type MailboxGpgSignResponsePayloadV1 

type MailboxGpgSignResponsePayloadV1 struct {
	// contains filtered or unexported fields
}

MailboxGpgSignResponsePayloadV1 Response payload for the `gpg_sign` envelope type. Discriminated as a success / failure pair.

func (MailboxGpgSignResponsePayloadV1) AsMailboxGpgSignResponseFailureV1 

func (t MailboxGpgSignResponsePayloadV1) AsMailboxGpgSignResponseFailureV1() (MailboxGpgSignResponseFailureV1, error)

AsMailboxGpgSignResponseFailureV1 returns the union data inside the MailboxGpgSignResponsePayloadV1 as a MailboxGpgSignResponseFailureV1

func (MailboxGpgSignResponsePayloadV1) AsMailboxGpgSignResponseSuccessV1 

func (t MailboxGpgSignResponsePayloadV1) AsMailboxGpgSignResponseSuccessV1() (MailboxGpgSignResponseSuccessV1, error)

AsMailboxGpgSignResponseSuccessV1 returns the union data inside the MailboxGpgSignResponsePayloadV1 as a MailboxGpgSignResponseSuccessV1

func (*MailboxGpgSignResponsePayloadV1) FromMailboxGpgSignResponseFailureV1 

func (t *MailboxGpgSignResponsePayloadV1) FromMailboxGpgSignResponseFailureV1(v MailboxGpgSignResponseFailureV1) error

FromMailboxGpgSignResponseFailureV1 overwrites any union data inside the MailboxGpgSignResponsePayloadV1 as the provided MailboxGpgSignResponseFailureV1

func (*MailboxGpgSignResponsePayloadV1) FromMailboxGpgSignResponseSuccessV1 

func (t *MailboxGpgSignResponsePayloadV1) FromMailboxGpgSignResponseSuccessV1(v MailboxGpgSignResponseSuccessV1) error

FromMailboxGpgSignResponseSuccessV1 overwrites any union data inside the MailboxGpgSignResponsePayloadV1 as the provided MailboxGpgSignResponseSuccessV1

func (MailboxGpgSignResponsePayloadV1) MarshalJSON 

func (t MailboxGpgSignResponsePayloadV1) MarshalJSON() ([]byte, error)

func (*MailboxGpgSignResponsePayloadV1) MergeMailboxGpgSignResponseFailureV1 

func (t *MailboxGpgSignResponsePayloadV1) MergeMailboxGpgSignResponseFailureV1(v MailboxGpgSignResponseFailureV1) error

MergeMailboxGpgSignResponseFailureV1 performs a merge with any union data inside the MailboxGpgSignResponsePayloadV1, using the provided MailboxGpgSignResponseFailureV1

func (*MailboxGpgSignResponsePayloadV1) MergeMailboxGpgSignResponseSuccessV1 

func (t *MailboxGpgSignResponsePayloadV1) MergeMailboxGpgSignResponseSuccessV1(v MailboxGpgSignResponseSuccessV1) error

MergeMailboxGpgSignResponseSuccessV1 performs a merge with any union data inside the MailboxGpgSignResponsePayloadV1, using the provided MailboxGpgSignResponseSuccessV1

func (*MailboxGpgSignResponsePayloadV1) UnmarshalJSON 

func (t *MailboxGpgSignResponsePayloadV1) UnmarshalJSON(b []byte) error

type MailboxGpgSignResponseSuccessV1 

type MailboxGpgSignResponseSuccessV1 struct {
	// ApprovalProof Canonical Longfellow approval proof carried inside encrypted approval responses.
	ApprovalProof *ApprovalAttestedKeyProof `json:"approval_proof,omitempty"`

	// ArmoredSignature ASCII-armored OpenPGP signature.
	ArmoredSignature string `json:"armored_signature"`
}

MailboxGpgSignResponseSuccessV1 Success branch of `MailboxGpgSignResponsePayloadV1`.

type MailboxKeyInventoryApprovalBindingFormat added in v0.10.0 

type MailboxKeyInventoryApprovalBindingFormat string

MailboxKeyInventoryApprovalBindingFormat Canonical byte format of the `MailboxKeyInventoryApprovalBindingV1` carried by a `key_inventory_response`. The `+json` suffix marks the binding as the UTF-8 JSON encoding of `MailboxKeyInventoryApprovalBindingV1` with lexicographically ordered properties and no insignificant whitespace. These bytes are the proof input the `approval_proof` statement commits to (the statement signs `SHA256(approval_binding bytes)`); they are never a signature input. 

const (
	KeyInventoryApprovalBindingv1Json MailboxKeyInventoryApprovalBindingFormat = "key-inventory-approval-binding/v1+json"
)

Defines values for MailboxKeyInventoryApprovalBindingFormat.

func (MailboxKeyInventoryApprovalBindingFormat) Valid added in v0.10.0 

func (e MailboxKeyInventoryApprovalBindingFormat) Valid() bool

Valid indicates whether the value is a known member of the MailboxKeyInventoryApprovalBindingFormat enum.

type MailboxKeyInventoryApprovalBindingV1 added in v0.10.0 

type MailboxKeyInventoryApprovalBindingV1 struct {
	// ApprovingDeviceId Opaque identifier of the device that approved this request, for display and audit. It is NOT key material — no device signing-key identity travels on the wire. The cryptographic binding of the approval to an attested device is carried solely by `MailboxKeyInventoryResponseSharedV1.approval_proof`.
	ApprovingDeviceId openapi_types.UUID `json:"approving_device_id"`

	// KeyListDigest `sha256:<hex>` digest committing to the full shared key list, including canonical key material and protocol export metadata. See the schema description for the exact canonicalization. An approved response with no keys (the device holds none for the requested purposes) commits to the digest of the empty JSON array `[]`, `sha256:4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945`.
	KeyListDigest string `json:"key_list_digest"`

	// RequestEnvelopeId Envelope id of the `key_inventory_request` being answered. Copied from `MailboxEnvelopeV1.id` of the request.
	RequestEnvelopeId openapi_types.UUID `json:"request_envelope_id"`

	// RequestEnvelopeIssuedAt `MailboxEnvelopeV1.issued_at` of the request being answered, preserved as the literal RFC 3339 UTC string.
	RequestEnvelopeIssuedAt string `json:"request_envelope_issued_at"`

	// RequestEnvelopeType Envelope type of the request being answered.
	RequestEnvelopeType MailboxKeyInventoryApprovalBindingV1RequestEnvelopeType `json:"request_envelope_type"`

	// RequestedPurposes Exact `purposes` set copied from the request payload. Pins which purposes the mobile user agreed to share so the CLI can reject a response whose scope drifted from the request.
	RequestedPurposes []KeyPurpose `json:"requested_purposes"`

	// RequesterSourceInfo Optional context about the requesting system. Producers populate this on a best-effort basis; approvers MUST NOT make security decisions on unauthenticated source metadata.
	RequesterSourceInfo *SourceInfo `json:"requester_source_info,omitempty"`

	// RespondedAt RFC 3339 UTC timestamp when mobile produced the response.
	RespondedAt string `json:"responded_at"`

	// ResponseStatus Response outcome committed by this binding. Always `shared`: this binding only exists on the shared response branch.
	ResponseStatus MailboxKeyInventoryApprovalBindingV1ResponseStatus `json:"response_status"`

	// Version Canonical approval binding schema version.
	Version MailboxKeyInventoryApprovalBindingV1Version `json:"version"`
}

MailboxKeyInventoryApprovalBindingV1 Canonical JSON object whose UTF-8 bytes are the input to the attested-key-zk `approval_proof` for a shared key-inventory response. Producers encode these fields with lexicographically ordered properties and no insignificant whitespace and place the resulting bytes in `MailboxKeyInventoryResponseSharedV1.approval_binding_bytes`. Integrity mechanism: `MailboxKeyInventoryResponseSharedV1.approval_proof` is an attested-key-zk proof whose statement signs `SHA256(approval_binding bytes)` — exactly as the `captcha` flow signs `SHA256(NaughtBotApprovalBindingV1 bytes)`. The proof verifies that the approval decision (this exact request, answered `shared`, returning this exact key list) was made by an attested NaughtBot install, WITHOUT revealing the device signing key. The device approval signing key is never transmitted and never named here: it is seen only by the core auth service, which uses it to issue the ZK attestation credential. There is no signature over these bytes. `key_list_digest` commits to the full shared key list — canonical key material AND every protocol export field the CLI persists or displays — so the mobile user cannot approve one set of keys while the CLI stores a different exported representation. It is `sha256:<hex>` where `<hex>` is the lowercase hex SHA-256 of the UTF-8 JSON array `MailboxKeyInventoryResponseSharedV1.keys` encoded in the same canonical form (each `MailboxKeyInventoryEntryV1` object with lexicographically ordered properties, omitted optional fields absent, no insignificant whitespace). Recomputing the digest over the delivered `keys` array MUST reproduce this value.

type MailboxKeyInventoryApprovalBindingV1RequestEnvelopeType added in v0.10.0 

type MailboxKeyInventoryApprovalBindingV1RequestEnvelopeType string

MailboxKeyInventoryApprovalBindingV1RequestEnvelopeType Envelope type of the request being answered. 

const (
	KeyInventoryRequest MailboxKeyInventoryApprovalBindingV1RequestEnvelopeType = "key_inventory_request"
)

Defines values for MailboxKeyInventoryApprovalBindingV1RequestEnvelopeType.

func (MailboxKeyInventoryApprovalBindingV1RequestEnvelopeType) Valid added in v0.10.0 

func (e MailboxKeyInventoryApprovalBindingV1RequestEnvelopeType) Valid() bool

Valid indicates whether the value is a known member of the MailboxKeyInventoryApprovalBindingV1RequestEnvelopeType enum.

type MailboxKeyInventoryApprovalBindingV1ResponseStatus added in v0.10.0 

type MailboxKeyInventoryApprovalBindingV1ResponseStatus string

MailboxKeyInventoryApprovalBindingV1ResponseStatus Response outcome committed by this binding. Always `shared`: this binding only exists on the shared response branch. 

const (
	Shared MailboxKeyInventoryApprovalBindingV1ResponseStatus = "shared"
)

Defines values for MailboxKeyInventoryApprovalBindingV1ResponseStatus.

func (MailboxKeyInventoryApprovalBindingV1ResponseStatus) Valid added in v0.10.0 

func (e MailboxKeyInventoryApprovalBindingV1ResponseStatus) Valid() bool

Valid indicates whether the value is a known member of the MailboxKeyInventoryApprovalBindingV1ResponseStatus enum.

type MailboxKeyInventoryApprovalBindingV1Version added in v0.10.0 

type MailboxKeyInventoryApprovalBindingV1Version string

MailboxKeyInventoryApprovalBindingV1Version Canonical approval binding schema version. 

const (
	KeyInventoryApprovalBindingv1 MailboxKeyInventoryApprovalBindingV1Version = "key-inventory-approval-binding/v1"
)

Defines values for MailboxKeyInventoryApprovalBindingV1Version.

func (MailboxKeyInventoryApprovalBindingV1Version) Valid added in v0.10.0 

func (e MailboxKeyInventoryApprovalBindingV1Version) Valid() bool

Valid indicates whether the value is a known member of the MailboxKeyInventoryApprovalBindingV1Version enum.

type MailboxKeyInventoryEntryV1 added in v0.10.0 

type MailboxKeyInventoryEntryV1 struct {
	// Age Derived age export metadata for an inventory entry whose `purpose` is `age`. The underlying key is an X25519 key (`algorithm: x25519`, `public_key_format: raw_32`).
	Age *KeyInventoryAgeMetadataV1 `json:"age,omitempty"`

	// Algorithm Closed set of public-key algorithms whose canonical byte layout is pinned by this contract. `ecdsa_p256` is a NIST P-256 (secp256r1) key, `ed25519` is an Edwards-curve Ed25519 signing key, and `x25519` is a Curve25519 Diffie-Hellman key. This enum is deliberately closed: receivers MUST reject any algorithm not listed here rather than guessing a byte layout.
	// This DIVERGES from `MailboxEnrollResponseApprovedV1.algorithm`, which is an open free-form string (the `enroll` flow predates the closed canonical-transport contract and stays permissive for forward compatibility). Schemas that need a verifiable canonical public key — notably the `key_inventory` surface — MUST use this closed enum so the producer and the approver cannot disagree on how to interpret `public_key_hex`. New algorithms (e.g. `rsa`) are added here only when there is a concrete implementation that needs them.
	Algorithm PublicKeyAlgorithm `json:"algorithm"`

	// Attestation Attestation proof that a key was created on attested device hardware.
	Attestation *KeyMetadataAttestation `json:"attestation,omitempty"`

	// DeviceKeyId Device-side key handle (e.g. iOS Secure Enclave handle) the CLI passes back as `device_key_id` on subsequent `ssh_*`, `gpg_*`, `age_unwrap`, or `pkcs11_*` requests.
	DeviceKeyId string `json:"device_key_id"`

	// Gpg Derived GPG export metadata for an inventory entry whose `purpose` is `gpg`. The primary-key fingerprint is the OpenPGP V4 fingerprint (`SHA1` over the V4 public-key packet) and depends on `key_creation_timestamp`, so that field MUST be present on GPG entries. `armored_public_key` lets the CLI import the key into system GPG without rebuilding the packet stream.
	Gpg *KeyInventoryGpgMetadataV1 `json:"gpg,omitempty"`

	// Id Stable inventory identifier for this key. UUID for GPG keys; algorithm- or provider-defined for other purposes. The CLI uses this to refer to the key in later signing/decryption requests.
	Id string `json:"id"`

	// KeyCreationTimestamp Unix timestamp in seconds when the key was created on the device. Required input for GPG V4 fingerprint reproduction; optional for other purposes.
	KeyCreationTimestamp *int64 `json:"key_creation_timestamp,omitempty"`

	// Label Human-readable label for the key shown to the user.
	Label *string `json:"label,omitempty"`

	// Pkcs11 Derived PKCS#11 public-object metadata for an inventory entry whose `purpose` is `pkcs11`. These are the attributes a PKCS#11 provider needs to expose the public key as a `CKO_PUBLIC_KEY` object deterministically. The canonical identity of the key remains `public_key_hex`; `cka_ec_point_hex` is the DER-wrapped restatement of the same key for the `CKA_EC_POINT` attribute.
	Pkcs11 *KeyInventoryPkcs11MetadataV1 `json:"pkcs11,omitempty"`

	// PublicKeyFormat Closed set of byte layouts a `public_key_hex` value can carry. `sec1_compressed` is the SEC1 compressed-point encoding for P-256 (33 bytes: a `0x02`/`0x03` parity prefix followed by the 32-byte X coordinate). `raw_32` is a bare 32-byte public key, used for Ed25519 signing keys and X25519 Diffie-Hellman keys.
	// The format MUST be consistent with `PublicKeyAlgorithm`: `ecdsa_p256` pairs with `sec1_compressed`; `ed25519` and `x25519` pair with `raw_32`. Receivers MUST reject any other pairing. A `spki_der` layout is intentionally NOT defined yet — add it only when a future PKCS#11 RSA or generic public key actually needs it.
	PublicKeyFormat PublicKeyFormat `json:"public_key_format"`

	// PublicKeyHex Lowercase hex of the canonical public-key bytes for this key. The byte layout MUST match `algorithm` + `public_key_format`: `ecdsa_p256` + `sec1_compressed` is 66 hex chars (`02`/`03` prefix); `ed25519` / `x25519` + `raw_32` is 64 hex chars. Receivers MUST reject a value whose length/prefix is inconsistent with the declared `algorithm` and `public_key_format`.
	PublicKeyHex string `json:"public_key_hex"`

	// Purpose Purpose of an enrolled key. PKCS#11 protocol keys are dedicated, single-purpose keys and MUST be enrolled with the `pkcs11` purpose rather than reusing the device auth/encryption keys.
	Purpose KeyPurpose `json:"purpose"`

	// Ssh Derived SSH export metadata for an inventory entry whose `purpose` is `ssh`. Every field is reproducible from `public_key_hex`, `algorithm`, the SSH SK key type, and the application string, so the CLI MAY recompute and cross-check it; the approver SHOULD still populate it so the CLI can write the `.pub` file without re-deriving.
	Ssh *KeyInventorySshMetadataV1 `json:"ssh,omitempty"`
}

MailboxKeyInventoryEntryV1 One public key in a shared inventory response. The canonical identity of the key is the triple (`algorithm`, `public_key_format`, `public_key_hex`); every protocol-specific field below is derived export/display metadata, never the identity of the key. This entry DIVERGES from `MailboxEnrollResponseApprovedV1`: that schema carries `algorithm` as a free-form open string and accepts both 64- and 66-hex public keys under a single relaxed pattern. This entry instead pins `algorithm` and `public_key_format` to the closed `PublicKeyAlgorithm` / `PublicKeyFormat` enums in `common.yaml` so the CLI and mobile cannot disagree on how to interpret `public_key_hex`. Receivers MUST reject an entry whose `public_key_hex` length/prefix is inconsistent with `algorithm` + `public_key_format` (a `sec1_compressed` `ecdsa_p256` key is 66 hex chars with a `02`/`03` prefix; a `raw_32` `ed25519`/`x25519` key is 64 hex chars). Canonical key material is always lowercase hex. OpenAPI `format: byte` is used only for opaque byte blobs (GPG signature/armor packet bytes), never for key material.

type MailboxKeyInventoryRequestPayloadV1 added in v0.10.0 

type MailboxKeyInventoryRequestPayloadV1 struct {
	// ApprovalChallenge Canonical Longfellow / attested-key-zk approval challenge. Producer sends this inside the request payload; the approver binds it into the approval proof returned in the response payload.
	ApprovalChallenge *ApprovalChallenge `json:"approval_challenge,omitempty"`

	// Display Optional approval-UI metadata. Producers populate this on a best-effort basis; approvers MUST render the wire payload regardless of presence.
	// Superseded by the declarative `ApprovalUiV1` schema in `approval_ui.yaml`, exposed as the `ui` field on every request payload. Retained only for producers that have not yet migrated; scheduled for removal in a follow-up once every producer and approver sends and renders `ApprovalUiV1`.
	Display *DisplaySchema `json:"display,omitempty"`

	// Purposes Non-empty, unique set of key purposes the requester wants the inventory for. Any subset of `ssh`, `gpg`, `age`, and `pkcs11` is valid. The approver MUST only return keys whose `purpose` is in this set, and MUST commit the exact requested set into `MailboxKeyInventoryApprovalBindingV1.requested_purposes`.
	Purposes []KeyPurpose `json:"purposes"`

	// SourceInfo Optional context about the requesting system. Producers populate this on a best-effort basis; approvers MUST NOT make security decisions on unauthenticated source metadata.
	SourceInfo *SourceInfo `json:"source_info,omitempty"`

	// Ui Declarative approval-UI container. `blocks` is a flat, ordered list rendered top to bottom. The approver renders this content above its own mandatory security chrome and signing controls; nothing here can suppress, reorder, or replace that chrome. Renderers MUST skip (not reject) any block whose `type` is not recognised so that newer producers stay forward-compatible with older approvers. Producers populate this on a best-effort basis; approvers MUST still render a safe default screen when it is absent or empty.
	Ui *ApprovalUiV1 `json:"ui,omitempty"`
}

MailboxKeyInventoryRequestPayloadV1 Request payload for the `key_inventory_request` envelope type. The paired CLI sends this to the mobile device to ask for the public-key inventory covering one or more `purposes`. The approver returns a `MailboxKeyInventoryResponsePayloadV1`.

type MailboxKeyInventoryResponsePayloadV1 added in v0.10.0 

type MailboxKeyInventoryResponsePayloadV1 struct {
	// contains filtered or unexported fields
}

MailboxKeyInventoryResponsePayloadV1 Response payload for the `key_inventory_response` envelope type. Discriminated on `status`: `shared` carries the approved key list, approval binding, and attested-key-zk approval proof; `rejected` carries only an error code. Go generator caveat (see repo `AGENTS.md`): the generated `AsMailboxKeyInventoryResponseSharedV1()` helper is permissive and will not error on a `rejected`-shaped JSON. Routing call-sites MUST inspect the union with `Discriminator()` before treating the result as `shared`.

func (MailboxKeyInventoryResponsePayloadV1) AsMailboxKeyInventoryResponseRejectedV1 added in v0.10.0 

func (t MailboxKeyInventoryResponsePayloadV1) AsMailboxKeyInventoryResponseRejectedV1() (MailboxKeyInventoryResponseRejectedV1, error)

AsMailboxKeyInventoryResponseRejectedV1 returns the union data inside the MailboxKeyInventoryResponsePayloadV1 as a MailboxKeyInventoryResponseRejectedV1

func (MailboxKeyInventoryResponsePayloadV1) AsMailboxKeyInventoryResponseSharedV1 added in v0.10.0 

func (t MailboxKeyInventoryResponsePayloadV1) AsMailboxKeyInventoryResponseSharedV1() (MailboxKeyInventoryResponseSharedV1, error)

AsMailboxKeyInventoryResponseSharedV1 returns the union data inside the MailboxKeyInventoryResponsePayloadV1 as a MailboxKeyInventoryResponseSharedV1

func (MailboxKeyInventoryResponsePayloadV1) Discriminator added in v0.10.0 

func (t MailboxKeyInventoryResponsePayloadV1) Discriminator() (string, error)

func (*MailboxKeyInventoryResponsePayloadV1) FromMailboxKeyInventoryResponseRejectedV1 added in v0.10.0 

func (t *MailboxKeyInventoryResponsePayloadV1) FromMailboxKeyInventoryResponseRejectedV1(v MailboxKeyInventoryResponseRejectedV1) error

FromMailboxKeyInventoryResponseRejectedV1 overwrites any union data inside the MailboxKeyInventoryResponsePayloadV1 as the provided MailboxKeyInventoryResponseRejectedV1

func (*MailboxKeyInventoryResponsePayloadV1) FromMailboxKeyInventoryResponseSharedV1 added in v0.10.0 

func (t *MailboxKeyInventoryResponsePayloadV1) FromMailboxKeyInventoryResponseSharedV1(v MailboxKeyInventoryResponseSharedV1) error

FromMailboxKeyInventoryResponseSharedV1 overwrites any union data inside the MailboxKeyInventoryResponsePayloadV1 as the provided MailboxKeyInventoryResponseSharedV1

func (MailboxKeyInventoryResponsePayloadV1) MarshalJSON added in v0.10.0 

func (t MailboxKeyInventoryResponsePayloadV1) MarshalJSON() ([]byte, error)

func (*MailboxKeyInventoryResponsePayloadV1) MergeMailboxKeyInventoryResponseRejectedV1 added in v0.10.0 

func (t *MailboxKeyInventoryResponsePayloadV1) MergeMailboxKeyInventoryResponseRejectedV1(v MailboxKeyInventoryResponseRejectedV1) error

MergeMailboxKeyInventoryResponseRejectedV1 performs a merge with any union data inside the MailboxKeyInventoryResponsePayloadV1, using the provided MailboxKeyInventoryResponseRejectedV1

func (*MailboxKeyInventoryResponsePayloadV1) MergeMailboxKeyInventoryResponseSharedV1 added in v0.10.0 

func (t *MailboxKeyInventoryResponsePayloadV1) MergeMailboxKeyInventoryResponseSharedV1(v MailboxKeyInventoryResponseSharedV1) error

MergeMailboxKeyInventoryResponseSharedV1 performs a merge with any union data inside the MailboxKeyInventoryResponsePayloadV1, using the provided MailboxKeyInventoryResponseSharedV1

func (*MailboxKeyInventoryResponsePayloadV1) UnmarshalJSON added in v0.10.0 

func (t *MailboxKeyInventoryResponsePayloadV1) UnmarshalJSON(b []byte) error

func (MailboxKeyInventoryResponsePayloadV1) ValueByDiscriminator added in v0.10.0 

func (t MailboxKeyInventoryResponsePayloadV1) ValueByDiscriminator() (interface{}, error)

type MailboxKeyInventoryResponseRejectedV1 added in v0.10.0 

type MailboxKeyInventoryResponseRejectedV1 struct {
	// ErrorCode Numeric error code returned in `*ResponsePayloadV1.error_code` when an approval flow fails. `1=rejected`, `2=timeout`, `3=key_not_found`, `4=invalid_payload`, `5=attestation_failed`, `6=internal_error`.
	ErrorCode SigningErrorCode `json:"error_code"`

	// ErrorMessage Human-readable error message.
	ErrorMessage *string `json:"error_message,omitempty"`

	// RequestEnvelopeId Envelope id of the `key_inventory_request` being answered.
	RequestEnvelopeId openapi_types.UUID `json:"request_envelope_id"`

	// Status Outcome discriminator (`rejected`).
	Status MailboxKeyInventoryResponseRejectedV1Status `json:"status"`
}

MailboxKeyInventoryResponseRejectedV1 `rejected` branch of `MailboxKeyInventoryResponsePayloadV1`. The request was declined by the user or could not be satisfied. Carries the signing error code and an optional human-readable message; it never carries key material or an approval binding.

type MailboxKeyInventoryResponseRejectedV1Status added in v0.10.0 

type MailboxKeyInventoryResponseRejectedV1Status string

MailboxKeyInventoryResponseRejectedV1Status Outcome discriminator (`rejected`). 

const (
	KeyInventoryResponseStatusRejected MailboxKeyInventoryResponseRejectedV1Status = "rejected"
)

Defines values for MailboxKeyInventoryResponseRejectedV1Status.

func (MailboxKeyInventoryResponseRejectedV1Status) Valid added in v0.10.0 

func (e MailboxKeyInventoryResponseRejectedV1Status) Valid() bool

Valid indicates whether the value is a known member of the MailboxKeyInventoryResponseRejectedV1Status enum.

type MailboxKeyInventoryResponseSharedV1 added in v0.10.0 

type MailboxKeyInventoryResponseSharedV1 struct {
	// ApprovalBinding Canonical JSON object whose UTF-8 bytes are the input to the attested-key-zk `approval_proof` for a shared key-inventory response. Producers encode these fields with lexicographically ordered properties and no insignificant whitespace and place the resulting bytes in `MailboxKeyInventoryResponseSharedV1.approval_binding_bytes`.
	// Integrity mechanism: `MailboxKeyInventoryResponseSharedV1.approval_proof` is an attested-key-zk proof whose statement signs `SHA256(approval_binding bytes)` — exactly as the `captcha` flow signs `SHA256(NaughtBotApprovalBindingV1 bytes)`. The proof verifies that the approval decision (this exact request, answered `shared`, returning this exact key list) was made by an attested NaughtBot install, WITHOUT revealing the device signing key. The device approval signing key is never transmitted and never named here: it is seen only by the core auth service, which uses it to issue the ZK attestation credential. There is no signature over these bytes.
	// `key_list_digest` commits to the full shared key list — canonical key material AND every protocol export field the CLI persists or displays — so the mobile user cannot approve one set of keys while the CLI stores a different exported representation. It is `sha256:<hex>` where `<hex>` is the lowercase hex SHA-256 of the UTF-8 JSON array `MailboxKeyInventoryResponseSharedV1.keys` encoded in the same canonical form (each `MailboxKeyInventoryEntryV1` object with lexicographically ordered properties, omitted optional fields absent, no insignificant whitespace). Recomputing the digest over the delivered `keys` array MUST reproduce this value.
	ApprovalBinding MailboxKeyInventoryApprovalBindingV1 `json:"approval_binding"`

	// ApprovalBindingBytes RFC 4648 standard base64 with `=` padding for the canonical `MailboxKeyInventoryApprovalBindingV1` UTF-8 JSON bytes. These are the proof input: `approval_proof.statement.approval_hash_hex` is `SHA256` of these bytes (after base64 decoding). They are never a signature input.
	ApprovalBindingBytes []byte `json:"approval_binding_bytes"`

	// ApprovalBindingFormat Canonical byte format of the `MailboxKeyInventoryApprovalBindingV1` carried by a `key_inventory_response`. The `+json` suffix marks the binding as the UTF-8 JSON encoding of `MailboxKeyInventoryApprovalBindingV1` with lexicographically ordered properties and no insignificant whitespace. These bytes are the proof input the `approval_proof` statement commits to (the statement signs `SHA256(approval_binding bytes)`); they are never a signature input.
	ApprovalBindingFormat MailboxKeyInventoryApprovalBindingFormat `json:"approval_binding_format"`

	// ApprovalProof Canonical Longfellow approval proof carried inside encrypted approval responses.
	ApprovalProof ApprovalAttestedKeyProof `json:"approval_proof"`

	// Keys Approved public-key inventory. MAY be empty when the device holds no keys for the requested purposes. Every entry's `purpose` MUST be in the request's `purposes` set.
	Keys []MailboxKeyInventoryEntryV1 `json:"keys"`

	// RequestEnvelopeId Envelope id of the `key_inventory_request` being answered. MUST equal `approval_binding.request_envelope_id`.
	RequestEnvelopeId openapi_types.UUID `json:"request_envelope_id"`

	// Status Outcome discriminator (`shared`).
	Status MailboxKeyInventoryResponseSharedV1Status `json:"status"`
}

MailboxKeyInventoryResponseSharedV1 `shared` branch of `MailboxKeyInventoryResponsePayloadV1`. The mobile user approved the request; this branch carries the approved key list plus the attested-key-zk proof the CLI uses to verify it. Integrity is carried entirely by `approval_proof`. The device approval signing key is NEVER transmitted: no signing-key identity and no raw signature appears on the wire. Verification is by the `attested-key-zk` proof alone, which verifies the approval WITHOUT revealing the device signing key — exactly as the `captcha` flow does. Verification rule the CLI MUST apply:

  1. Recompute `key_list_digest` over `keys` exactly as `MailboxKeyInventoryApprovalBindingV1.key_list_digest` documents and confirm it matches `approval_binding.key_list_digest`.
  2. Re-encode `approval_binding` to its canonical JSON bytes (see `MailboxKeyInventoryApprovalBindingV1`) and confirm those bytes equal `approval_binding_bytes` after base64-decoding.
  3. Verify `approval_proof` (attested-key-zk) over `SHA256(approval_binding bytes)`: confirm `approval_proof.statement.approval_hash_hex` is the lowercase hex SHA-256 of the canonical `approval_binding` bytes, then verify the zero-knowledge proof against current issuer keys. Because the binding commits to the request id/type, requested purposes, response status, requester source info, response timestamp, and `key_list_digest`, a valid proof binds this exact request and key list to an attested NaughtBot install that approved it.

There is no signature-verification step. A response that fails any step MUST be treated as not approved.

type MailboxKeyInventoryResponseSharedV1Status added in v0.10.0 

type MailboxKeyInventoryResponseSharedV1Status string

MailboxKeyInventoryResponseSharedV1Status Outcome discriminator (`shared`). 

const (
	KeyInventoryResponseStatusShared MailboxKeyInventoryResponseSharedV1Status = "shared"
)

Defines values for MailboxKeyInventoryResponseSharedV1Status.

func (MailboxKeyInventoryResponseSharedV1Status) Valid added in v0.10.0 

func (e MailboxKeyInventoryResponseSharedV1Status) Valid() bool

Valid indicates whether the value is a known member of the MailboxKeyInventoryResponseSharedV1Status enum.

type MailboxLinkApprovalPayloadV1 added in v0.7.0 

type MailboxLinkApprovalPayloadV1 struct {
	// ApprovalSignature Base64url ECDSA P-256 signature made by the approving device signing key over the canonical byte string `request_id || request_id_signature`.
	ApprovalSignature string `json:"approval_signature"`

	// ApproverSigningPubkeyId Public-key identifier for the approving signing key. The auth service uses the device recorded at `/link/check`; this field is retained for requester-side bookkeeping and diagnostics.
	ApproverSigningPubkeyId string `json:"approver_signing_pubkey_id"`

	// RequestId Device-link request id copied from the originating `link_request`.
	RequestId openapi_types.UUID `json:"request_id"`
}

MailboxLinkApprovalPayloadV1 Payload for the `link_approval` envelope type sent by the existing device to the new device.

type MailboxLinkRejectionPayloadV1 added in v0.7.0 

type MailboxLinkRejectionPayloadV1 struct {
	// Reason Optional short user-facing hint. Receivers treat it as best-effort UI context, never as an authorization signal.
	Reason *string `json:"reason,omitempty"`

	// RequestId Device-link request id copied from the originating `link_request`.
	RequestId openapi_types.UUID `json:"request_id"`
}

MailboxLinkRejectionPayloadV1 Payload for the `link_rejection` envelope type sent by the existing device to the new device.

type MailboxLinkRequestPayloadV1 added in v0.7.0 

type MailboxLinkRequestPayloadV1 struct {
	// RequestId Server-issued device-link request id from `POST /link/start`.
	RequestId openapi_types.UUID `json:"request_id"`

	// RequestIdSignature Base64url ECDSA P-256 signature covering the UTF-8 bytes of `request_id`, made by the requesting device signing key. Consumers accept either raw `r || s` or ASN.1 DER signature bytes after decoding.
	RequestIdSignature string `json:"request_id_signature"`
}

MailboxLinkRequestPayloadV1 Payload for the `link_request` envelope type sent by the new device to an existing device.

type MailboxPkcs11DeriveRequestPayloadV1 

type MailboxPkcs11DeriveRequestPayloadV1 struct {
	// ApprovalChallenge Canonical Longfellow / attested-key-zk approval challenge. Producer sends this inside the request payload; the approver binds it into the approval proof returned in the response payload.
	ApprovalChallenge *ApprovalChallenge `json:"approval_challenge,omitempty"`

	// DeviceKeyId Hex-encoded public key selecting which on-device key the approver should use for ECDH.
	DeviceKeyId string `json:"device_key_id"`

	// Display Optional approval-UI metadata. Producers populate this on a best-effort basis; approvers MUST render the wire payload regardless of presence.
	// Superseded by the declarative `ApprovalUiV1` schema in `approval_ui.yaml`, exposed as the `ui` field on every request payload. Retained only for producers that have not yet migrated; scheduled for removal in a follow-up once every producer and approver sends and renders `ApprovalUiV1`.
	Display *DisplaySchema `json:"display,omitempty"`

	// Kdf Optional key derivation parameters applied to the ECDH shared secret.
	Kdf *Pkcs11DeriveKdfParams `json:"kdf,omitempty"`

	// PeerPublicHex Lowercase hex-encoded peer public key for ECDH (66 hex chars for P-256 33-byte compressed key).
	PeerPublicHex string `json:"peer_public_hex"`

	// SourceInfo Optional context about the requesting system. Producers populate this on a best-effort basis; approvers MUST NOT make security decisions on unauthenticated source metadata.
	SourceInfo *SourceInfo `json:"source_info,omitempty"`

	// Ui Declarative approval-UI container. `blocks` is a flat, ordered list rendered top to bottom. The approver renders this content above its own mandatory security chrome and signing controls; nothing here can suppress, reorder, or replace that chrome. Renderers MUST skip (not reject) any block whose `type` is not recognised so that newer producers stay forward-compatible with older approvers. Producers populate this on a best-effort basis; approvers MUST still render a safe default screen when it is absent or empty.
	Ui *ApprovalUiV1 `json:"ui,omitempty"`
}

MailboxPkcs11DeriveRequestPayloadV1 Request payload for the `pkcs11_derive` envelope type. The approver runs ECDH between the on-device private key selected by `device_key_id` and the peer public key, optionally feeding the shared secret through a KDF.

type MailboxPkcs11DeriveResponseFailureV1 

type MailboxPkcs11DeriveResponseFailureV1 struct {
	// ErrorCode Numeric error code returned in `*ResponsePayloadV1.error_code` when an approval flow fails. `1=rejected`, `2=timeout`, `3=key_not_found`, `4=invalid_payload`, `5=attestation_failed`, `6=internal_error`.
	ErrorCode SigningErrorCode `json:"error_code"`

	// ErrorMessage Human-readable error message.
	ErrorMessage *string `json:"error_message,omitempty"`
}

MailboxPkcs11DeriveResponseFailureV1 Failure branch of `MailboxPkcs11DeriveResponsePayloadV1`.

type MailboxPkcs11DeriveResponsePayloadV1 

type MailboxPkcs11DeriveResponsePayloadV1 struct {
	// contains filtered or unexported fields
}

MailboxPkcs11DeriveResponsePayloadV1 Response payload for the `pkcs11_derive` envelope type. Discriminated as a success / failure pair.

func (MailboxPkcs11DeriveResponsePayloadV1) AsMailboxPkcs11DeriveResponseFailureV1 

func (t MailboxPkcs11DeriveResponsePayloadV1) AsMailboxPkcs11DeriveResponseFailureV1() (MailboxPkcs11DeriveResponseFailureV1, error)

AsMailboxPkcs11DeriveResponseFailureV1 returns the union data inside the MailboxPkcs11DeriveResponsePayloadV1 as a MailboxPkcs11DeriveResponseFailureV1

func (MailboxPkcs11DeriveResponsePayloadV1) AsMailboxPkcs11DeriveResponseSuccessV1 

func (t MailboxPkcs11DeriveResponsePayloadV1) AsMailboxPkcs11DeriveResponseSuccessV1() (MailboxPkcs11DeriveResponseSuccessV1, error)

AsMailboxPkcs11DeriveResponseSuccessV1 returns the union data inside the MailboxPkcs11DeriveResponsePayloadV1 as a MailboxPkcs11DeriveResponseSuccessV1

func (*MailboxPkcs11DeriveResponsePayloadV1) FromMailboxPkcs11DeriveResponseFailureV1 

func (t *MailboxPkcs11DeriveResponsePayloadV1) FromMailboxPkcs11DeriveResponseFailureV1(v MailboxPkcs11DeriveResponseFailureV1) error

FromMailboxPkcs11DeriveResponseFailureV1 overwrites any union data inside the MailboxPkcs11DeriveResponsePayloadV1 as the provided MailboxPkcs11DeriveResponseFailureV1

func (*MailboxPkcs11DeriveResponsePayloadV1) FromMailboxPkcs11DeriveResponseSuccessV1 

func (t *MailboxPkcs11DeriveResponsePayloadV1) FromMailboxPkcs11DeriveResponseSuccessV1(v MailboxPkcs11DeriveResponseSuccessV1) error

FromMailboxPkcs11DeriveResponseSuccessV1 overwrites any union data inside the MailboxPkcs11DeriveResponsePayloadV1 as the provided MailboxPkcs11DeriveResponseSuccessV1

func (MailboxPkcs11DeriveResponsePayloadV1) MarshalJSON 

func (t MailboxPkcs11DeriveResponsePayloadV1) MarshalJSON() ([]byte, error)

func (*MailboxPkcs11DeriveResponsePayloadV1) MergeMailboxPkcs11DeriveResponseFailureV1 

func (t *MailboxPkcs11DeriveResponsePayloadV1) MergeMailboxPkcs11DeriveResponseFailureV1(v MailboxPkcs11DeriveResponseFailureV1) error

MergeMailboxPkcs11DeriveResponseFailureV1 performs a merge with any union data inside the MailboxPkcs11DeriveResponsePayloadV1, using the provided MailboxPkcs11DeriveResponseFailureV1

func (*MailboxPkcs11DeriveResponsePayloadV1) MergeMailboxPkcs11DeriveResponseSuccessV1 

func (t *MailboxPkcs11DeriveResponsePayloadV1) MergeMailboxPkcs11DeriveResponseSuccessV1(v MailboxPkcs11DeriveResponseSuccessV1) error

MergeMailboxPkcs11DeriveResponseSuccessV1 performs a merge with any union data inside the MailboxPkcs11DeriveResponsePayloadV1, using the provided MailboxPkcs11DeriveResponseSuccessV1

func (*MailboxPkcs11DeriveResponsePayloadV1) UnmarshalJSON 

func (t *MailboxPkcs11DeriveResponsePayloadV1) UnmarshalJSON(b []byte) error

type MailboxPkcs11DeriveResponseSuccessV1 

type MailboxPkcs11DeriveResponseSuccessV1 struct {
	// ApprovalProof Canonical Longfellow approval proof carried inside encrypted approval responses.
	ApprovalProof *ApprovalAttestedKeyProof `json:"approval_proof,omitempty"`

	// SharedSecret RFC 4648 standard base64 with `=` padding for the derived shared secret (post-KDF if `kdf` was supplied, otherwise raw ECDH X output).
	SharedSecret []byte `json:"shared_secret"`
}

MailboxPkcs11DeriveResponseSuccessV1 Success branch of `MailboxPkcs11DeriveResponsePayloadV1`.

type MailboxPkcs11SignRequestPayloadV1 

type MailboxPkcs11SignRequestPayloadV1 struct {
	// ApprovalChallenge Canonical Longfellow / attested-key-zk approval challenge. Producer sends this inside the request payload; the approver binds it into the approval proof returned in the response payload.
	ApprovalChallenge *ApprovalChallenge `json:"approval_challenge,omitempty"`

	// DeviceKeyId Hex-encoded public key selecting which on-device key the approver should use for signing.
	DeviceKeyId string `json:"device_key_id"`

	// Display Optional approval-UI metadata. Producers populate this on a best-effort basis; approvers MUST render the wire payload regardless of presence.
	// Superseded by the declarative `ApprovalUiV1` schema in `approval_ui.yaml`, exposed as the `ui` field on every request payload. Retained only for producers that have not yet migrated; scheduled for removal in a follow-up once every producer and approver sends and renders `ApprovalUiV1`.
	Display *DisplaySchema `json:"display,omitempty"`

	// RawData RFC 4648 standard base64 with `=` padding for the raw data to sign (preimage). The approver computes the SHA-256 digest and signs it.
	RawData []byte `json:"raw_data"`

	// SourceInfo Optional context about the requesting system. Producers populate this on a best-effort basis; approvers MUST NOT make security decisions on unauthenticated source metadata.
	SourceInfo *SourceInfo `json:"source_info,omitempty"`

	// Ui Declarative approval-UI container. `blocks` is a flat, ordered list rendered top to bottom. The approver renders this content above its own mandatory security chrome and signing controls; nothing here can suppress, reorder, or replace that chrome. Renderers MUST skip (not reject) any block whose `type` is not recognised so that newer producers stay forward-compatible with older approvers. Producers populate this on a best-effort basis; approvers MUST still render a safe default screen when it is absent or empty.
	Ui *ApprovalUiV1 `json:"ui,omitempty"`
}

MailboxPkcs11SignRequestPayloadV1 Request payload for the `pkcs11_sign` envelope type. The approver computes the SHA-256 digest of `raw_data` and signs it with the on-device key selected by `device_key_id`.

type MailboxPkcs11SignResponseFailureV1 

type MailboxPkcs11SignResponseFailureV1 struct {
	// ErrorCode Numeric error code returned in `*ResponsePayloadV1.error_code` when an approval flow fails. `1=rejected`, `2=timeout`, `3=key_not_found`, `4=invalid_payload`, `5=attestation_failed`, `6=internal_error`.
	ErrorCode SigningErrorCode `json:"error_code"`

	// ErrorMessage Human-readable error message.
	ErrorMessage *string `json:"error_message,omitempty"`
}

MailboxPkcs11SignResponseFailureV1 Failure branch of `MailboxPkcs11SignResponsePayloadV1`.

type MailboxPkcs11SignResponsePayloadV1 

type MailboxPkcs11SignResponsePayloadV1 struct {
	// contains filtered or unexported fields
}

MailboxPkcs11SignResponsePayloadV1 Response payload for the `pkcs11_sign` envelope type. Discriminated as a success / failure pair.

func (MailboxPkcs11SignResponsePayloadV1) AsMailboxPkcs11SignResponseFailureV1 

func (t MailboxPkcs11SignResponsePayloadV1) AsMailboxPkcs11SignResponseFailureV1() (MailboxPkcs11SignResponseFailureV1, error)

AsMailboxPkcs11SignResponseFailureV1 returns the union data inside the MailboxPkcs11SignResponsePayloadV1 as a MailboxPkcs11SignResponseFailureV1

func (MailboxPkcs11SignResponsePayloadV1) AsMailboxPkcs11SignResponseSuccessV1 

func (t MailboxPkcs11SignResponsePayloadV1) AsMailboxPkcs11SignResponseSuccessV1() (MailboxPkcs11SignResponseSuccessV1, error)

AsMailboxPkcs11SignResponseSuccessV1 returns the union data inside the MailboxPkcs11SignResponsePayloadV1 as a MailboxPkcs11SignResponseSuccessV1

func (*MailboxPkcs11SignResponsePayloadV1) FromMailboxPkcs11SignResponseFailureV1 

func (t *MailboxPkcs11SignResponsePayloadV1) FromMailboxPkcs11SignResponseFailureV1(v MailboxPkcs11SignResponseFailureV1) error

FromMailboxPkcs11SignResponseFailureV1 overwrites any union data inside the MailboxPkcs11SignResponsePayloadV1 as the provided MailboxPkcs11SignResponseFailureV1

func (*MailboxPkcs11SignResponsePayloadV1) FromMailboxPkcs11SignResponseSuccessV1 

func (t *MailboxPkcs11SignResponsePayloadV1) FromMailboxPkcs11SignResponseSuccessV1(v MailboxPkcs11SignResponseSuccessV1) error

FromMailboxPkcs11SignResponseSuccessV1 overwrites any union data inside the MailboxPkcs11SignResponsePayloadV1 as the provided MailboxPkcs11SignResponseSuccessV1

func (MailboxPkcs11SignResponsePayloadV1) MarshalJSON 

func (t MailboxPkcs11SignResponsePayloadV1) MarshalJSON() ([]byte, error)

func (*MailboxPkcs11SignResponsePayloadV1) MergeMailboxPkcs11SignResponseFailureV1 

func (t *MailboxPkcs11SignResponsePayloadV1) MergeMailboxPkcs11SignResponseFailureV1(v MailboxPkcs11SignResponseFailureV1) error

MergeMailboxPkcs11SignResponseFailureV1 performs a merge with any union data inside the MailboxPkcs11SignResponsePayloadV1, using the provided MailboxPkcs11SignResponseFailureV1

func (*MailboxPkcs11SignResponsePayloadV1) MergeMailboxPkcs11SignResponseSuccessV1 

func (t *MailboxPkcs11SignResponsePayloadV1) MergeMailboxPkcs11SignResponseSuccessV1(v MailboxPkcs11SignResponseSuccessV1) error

MergeMailboxPkcs11SignResponseSuccessV1 performs a merge with any union data inside the MailboxPkcs11SignResponsePayloadV1, using the provided MailboxPkcs11SignResponseSuccessV1

func (*MailboxPkcs11SignResponsePayloadV1) UnmarshalJSON 

func (t *MailboxPkcs11SignResponsePayloadV1) UnmarshalJSON(b []byte) error

type MailboxPkcs11SignResponseSuccessV1 

type MailboxPkcs11SignResponseSuccessV1 struct {
	// ApprovalProof Canonical Longfellow approval proof carried inside encrypted approval responses.
	ApprovalProof *ApprovalAttestedKeyProof `json:"approval_proof,omitempty"`

	// Signature RFC 4648 standard base64 with `=` padding for the raw signature bytes (no PKCS#1 framing).
	Signature []byte `json:"signature"`
}

MailboxPkcs11SignResponseSuccessV1 Success branch of `MailboxPkcs11SignResponsePayloadV1`.

type MailboxSigningRequestPayloadV1 added in v0.5.0 

type MailboxSigningRequestPayloadV1 struct {
	// ApprovalChallenge Canonical Longfellow / attested-key-zk approval challenge. Producer sends this inside the request payload; the approver binds it into the approval proof returned in the response payload.
	ApprovalChallenge *ApprovalChallenge `json:"approval_challenge,omitempty"`

	// DeviceKeyId Device-side key identifier (e.g. iOS Secure Enclave handle) used to select among enrolled signing keys on the approver.
	DeviceKeyId string `json:"device_key_id"`

	// DigestPrehashed When true, `signed_payload` is already the digest to sign and the approver MUST NOT hash it again. Only meaningful for algorithms that sign a digest (e.g. `ecdsa-p256-sha256`).
	DigestPrehashed *bool `json:"digest_prehashed,omitempty"`

	// PurposeLabel Optional short human-readable label describing what the signature is for. Display only; not bound into the signature.
	PurposeLabel *string `json:"purpose_label,omitempty"`

	// SignedPayload RFC 4648 standard base64 with `=` padding for the exact preimage bytes the approver signs. The decoded payload is capped at 1 MiB (1048576 bytes); `maxLength` is the matching base64-string ceiling.
	SignedPayload []byte `json:"signed_payload"`

	// SigningAlgorithm Signature algorithm the approver MUST use. `ecdsa-p256-sha256` signs the SHA-256 digest of `signed_payload`.
	SigningAlgorithm MailboxSigningRequestPayloadV1SigningAlgorithm `json:"signing_algorithm"`

	// SourceInfo Optional context about the requesting system. Producers populate this on a best-effort basis; approvers MUST NOT make security decisions on unauthenticated source metadata.
	SourceInfo *SourceInfo `json:"source_info,omitempty"`

	// Ui Declarative approval-UI container. `blocks` is a flat, ordered list rendered top to bottom. The approver renders this content above its own mandatory security chrome and signing controls; nothing here can suppress, reorder, or replace that chrome. Renderers MUST skip (not reject) any block whose `type` is not recognised so that newer producers stay forward-compatible with older approvers. Producers populate this on a best-effort basis; approvers MUST still render a safe default screen when it is absent or empty.
	Ui *ApprovalUiV1 `json:"ui,omitempty"`
}

MailboxSigningRequestPayloadV1 Request payload for the `signing_request` envelope type. The approver signs `signed_payload` exactly as supplied with the on-device key selected by `device_key_id`; there is no protocol-specific preimage wrapping. When `approval_challenge` is present its `plaintext_hash` MUST equal `sha256:<lowercase hex of signed_payload after base64 decoding>` so the approval proof is bound to the exact signed bytes.

type MailboxSigningRequestPayloadV1SigningAlgorithm added in v0.5.0 

type MailboxSigningRequestPayloadV1SigningAlgorithm string

MailboxSigningRequestPayloadV1SigningAlgorithm Signature algorithm the approver MUST use. `ecdsa-p256-sha256` signs the SHA-256 digest of `signed_payload`. 

const (
	MailboxSigningRequestPayloadV1SigningAlgorithmEcdsaP256Sha256 MailboxSigningRequestPayloadV1SigningAlgorithm = "ecdsa-p256-sha256"
)

Defines values for MailboxSigningRequestPayloadV1SigningAlgorithm.

func (MailboxSigningRequestPayloadV1SigningAlgorithm) Valid added in v0.5.0 

func (e MailboxSigningRequestPayloadV1SigningAlgorithm) Valid() bool

Valid indicates whether the value is a known member of the MailboxSigningRequestPayloadV1SigningAlgorithm enum.

type MailboxSigningResponseFailedV1 added in v0.5.0 

type MailboxSigningResponseFailedV1 struct {
	// ErrorCode Numeric error code returned in `*ResponsePayloadV1.error_code` when an approval flow fails. `1=rejected`, `2=timeout`, `3=key_not_found`, `4=invalid_payload`, `5=attestation_failed`, `6=internal_error`.
	ErrorCode SigningErrorCode `json:"error_code"`

	// ErrorMessage Human-readable error message.
	ErrorMessage *string `json:"error_message,omitempty"`

	// Result Signing outcome discriminator (`failed`).
	Result MailboxSigningResponseFailedV1Result `json:"result"`
}

MailboxSigningResponseFailedV1 Failed branch of `MailboxSigningResponsePayloadV1`. Carries the signing error code and an optional human-readable message.

type MailboxSigningResponseFailedV1Result added in v0.5.0 

type MailboxSigningResponseFailedV1Result string

MailboxSigningResponseFailedV1Result Signing outcome discriminator (`failed`). 

const (
	Failed MailboxSigningResponseFailedV1Result = "failed"
)

Defines values for MailboxSigningResponseFailedV1Result.

func (MailboxSigningResponseFailedV1Result) Valid added in v0.5.0 

func (e MailboxSigningResponseFailedV1Result) Valid() bool

Valid indicates whether the value is a known member of the MailboxSigningResponseFailedV1Result enum.

type MailboxSigningResponsePayloadV1 added in v0.5.0 

type MailboxSigningResponsePayloadV1 struct {
	// contains filtered or unexported fields
}

MailboxSigningResponsePayloadV1 Response payload for the `signing_response` envelope type. Discriminated on `result`: `signed` carries the signature; `failed` carries a signing error code.

func (MailboxSigningResponsePayloadV1) AsMailboxSigningResponseFailedV1 added in v0.5.0 

func (t MailboxSigningResponsePayloadV1) AsMailboxSigningResponseFailedV1() (MailboxSigningResponseFailedV1, error)

AsMailboxSigningResponseFailedV1 returns the union data inside the MailboxSigningResponsePayloadV1 as a MailboxSigningResponseFailedV1

func (MailboxSigningResponsePayloadV1) AsMailboxSigningResponseSignedV1 added in v0.5.0 

func (t MailboxSigningResponsePayloadV1) AsMailboxSigningResponseSignedV1() (MailboxSigningResponseSignedV1, error)

AsMailboxSigningResponseSignedV1 returns the union data inside the MailboxSigningResponsePayloadV1 as a MailboxSigningResponseSignedV1

func (MailboxSigningResponsePayloadV1) Discriminator added in v0.5.0 

func (t MailboxSigningResponsePayloadV1) Discriminator() (string, error)

func (*MailboxSigningResponsePayloadV1) FromMailboxSigningResponseFailedV1 added in v0.5.0 

func (t *MailboxSigningResponsePayloadV1) FromMailboxSigningResponseFailedV1(v MailboxSigningResponseFailedV1) error

FromMailboxSigningResponseFailedV1 overwrites any union data inside the MailboxSigningResponsePayloadV1 as the provided MailboxSigningResponseFailedV1

func (*MailboxSigningResponsePayloadV1) FromMailboxSigningResponseSignedV1 added in v0.5.0 

func (t *MailboxSigningResponsePayloadV1) FromMailboxSigningResponseSignedV1(v MailboxSigningResponseSignedV1) error

FromMailboxSigningResponseSignedV1 overwrites any union data inside the MailboxSigningResponsePayloadV1 as the provided MailboxSigningResponseSignedV1

func (MailboxSigningResponsePayloadV1) MarshalJSON added in v0.5.0 

func (t MailboxSigningResponsePayloadV1) MarshalJSON() ([]byte, error)

func (*MailboxSigningResponsePayloadV1) MergeMailboxSigningResponseFailedV1 added in v0.5.0 

func (t *MailboxSigningResponsePayloadV1) MergeMailboxSigningResponseFailedV1(v MailboxSigningResponseFailedV1) error

MergeMailboxSigningResponseFailedV1 performs a merge with any union data inside the MailboxSigningResponsePayloadV1, using the provided MailboxSigningResponseFailedV1

func (*MailboxSigningResponsePayloadV1) MergeMailboxSigningResponseSignedV1 added in v0.5.0 

func (t *MailboxSigningResponsePayloadV1) MergeMailboxSigningResponseSignedV1(v MailboxSigningResponseSignedV1) error

MergeMailboxSigningResponseSignedV1 performs a merge with any union data inside the MailboxSigningResponsePayloadV1, using the provided MailboxSigningResponseSignedV1

func (*MailboxSigningResponsePayloadV1) UnmarshalJSON added in v0.5.0 

func (t *MailboxSigningResponsePayloadV1) UnmarshalJSON(b []byte) error

func (MailboxSigningResponsePayloadV1) ValueByDiscriminator added in v0.5.0 

func (t MailboxSigningResponsePayloadV1) ValueByDiscriminator() (interface{}, error)

type MailboxSigningResponseSignedV1 added in v0.5.0 

type MailboxSigningResponseSignedV1 struct {
	// ApprovalProof Canonical Longfellow approval proof carried inside encrypted approval responses.
	ApprovalProof *ApprovalAttestedKeyProof `json:"approval_proof,omitempty"`

	// PublicKeyHex Optional lowercase hex-encoded public key the signature verifies against (66 hex chars for a P-256 33-byte compressed key).
	PublicKeyHex *string `json:"public_key_hex,omitempty"`

	// Result Signing outcome discriminator (`signed`).
	Result MailboxSigningResponseSignedV1Result `json:"result"`

	// Signature RFC 4648 standard base64 with `=` padding for the raw signature bytes (no protocol framing).
	Signature []byte `json:"signature"`

	// SigningAlgorithm Signature algorithm the approver used. Echoes the request `signing_algorithm`.
	SigningAlgorithm MailboxSigningResponseSignedV1SigningAlgorithm `json:"signing_algorithm"`
}

MailboxSigningResponseSignedV1 Signed branch of `MailboxSigningResponsePayloadV1`. Carries the raw signature over the request `signed_payload` and echoes the algorithm the approver actually used.

type MailboxSigningResponseSignedV1Result added in v0.5.0 

type MailboxSigningResponseSignedV1Result string

MailboxSigningResponseSignedV1Result Signing outcome discriminator (`signed`). 

const (
	Signed MailboxSigningResponseSignedV1Result = "signed"
)

Defines values for MailboxSigningResponseSignedV1Result.

func (MailboxSigningResponseSignedV1Result) Valid added in v0.5.0 

func (e MailboxSigningResponseSignedV1Result) Valid() bool

Valid indicates whether the value is a known member of the MailboxSigningResponseSignedV1Result enum.

type MailboxSigningResponseSignedV1SigningAlgorithm added in v0.5.0 

type MailboxSigningResponseSignedV1SigningAlgorithm string

MailboxSigningResponseSignedV1SigningAlgorithm Signature algorithm the approver used. Echoes the request `signing_algorithm`. 

const (
	MailboxSigningResponseSignedV1SigningAlgorithmEcdsaP256Sha256 MailboxSigningResponseSignedV1SigningAlgorithm = "ecdsa-p256-sha256"
)

Defines values for MailboxSigningResponseSignedV1SigningAlgorithm.

func (MailboxSigningResponseSignedV1SigningAlgorithm) Valid added in v0.5.0 

func (e MailboxSigningResponseSignedV1SigningAlgorithm) Valid() bool

Valid indicates whether the value is a known member of the MailboxSigningResponseSignedV1SigningAlgorithm enum.

type MailboxSshAuthRequestPayloadV1 

type MailboxSshAuthRequestPayloadV1 struct {
	// Application SSH application identifier (e.g. `ssh:`).
	Application *string `json:"application,omitempty"`

	// ApprovalChallenge Canonical Longfellow / attested-key-zk approval challenge. Producer sends this inside the request payload; the approver binds it into the approval proof returned in the response payload.
	ApprovalChallenge *ApprovalChallenge `json:"approval_challenge,omitempty"`

	// DeviceKeyId Device-side key identifier (e.g. iOS Secure Enclave handle) used to select among enrolled signing keys on the approver.
	DeviceKeyId string `json:"device_key_id"`

	// Display Optional approval-UI metadata. Producers populate this on a best-effort basis; approvers MUST render the wire payload regardless of presence.
	// Superseded by the declarative `ApprovalUiV1` schema in `approval_ui.yaml`, exposed as the `ui` field on every request payload. Retained only for producers that have not yet migrated; scheduled for removal in a follow-up once every producer and approver sends and renders `ApprovalUiV1`.
	Display *DisplaySchema `json:"display,omitempty"`

	// Flags SSH SK flags bitmask. Default `0x01` requires user presence.
	Flags *int32 `json:"flags,omitempty"`

	// KeyId Identifier of the key to sign with.
	KeyId *string `json:"key_id,omitempty"`

	// RawData RFC 4648 standard base64 with `=` padding for the raw SSH challenge preimage. The approver builds the canonical SSH signature input from this preimage.
	RawData []byte `json:"raw_data"`

	// SourceInfo Optional context about the requesting system. Producers populate this on a best-effort basis; approvers MUST NOT make security decisions on unauthenticated source metadata.
	SourceInfo *SourceInfo `json:"source_info,omitempty"`

	// Ui Declarative approval-UI container. `blocks` is a flat, ordered list rendered top to bottom. The approver renders this content above its own mandatory security chrome and signing controls; nothing here can suppress, reorder, or replace that chrome. Renderers MUST skip (not reject) any block whose `type` is not recognised so that newer producers stay forward-compatible with older approvers. Producers populate this on a best-effort basis; approvers MUST still render a safe default screen when it is absent or empty.
	Ui *ApprovalUiV1 `json:"ui,omitempty"`
}

MailboxSshAuthRequestPayloadV1 Request payload for the `ssh_auth` envelope type. The approver signs an SSH user-authentication challenge constructed from `raw_data`, using the on-device key selected by `device_key_id`.

type MailboxSshAuthResponseFailureV1 

type MailboxSshAuthResponseFailureV1 struct {
	// ErrorCode Numeric error code returned in `*ResponsePayloadV1.error_code` when an approval flow fails. `1=rejected`, `2=timeout`, `3=key_not_found`, `4=invalid_payload`, `5=attestation_failed`, `6=internal_error`.
	ErrorCode SigningErrorCode `json:"error_code"`

	// ErrorMessage Human-readable error message.
	ErrorMessage *string `json:"error_message,omitempty"`
}

MailboxSshAuthResponseFailureV1 Failure branch of `MailboxSshAuthResponsePayloadV1`.

type MailboxSshAuthResponsePayloadV1 

type MailboxSshAuthResponsePayloadV1 struct {
	// contains filtered or unexported fields
}

MailboxSshAuthResponsePayloadV1 Response payload for the `ssh_auth` envelope type. Discriminated as a success / failure pair. Decoders pick `MailboxSshAuthResponseSuccessV1` if `signature` is present and `MailboxSshAuthResponseFailureV1` if `error_code` is present.

func (MailboxSshAuthResponsePayloadV1) AsMailboxSshAuthResponseFailureV1 

func (t MailboxSshAuthResponsePayloadV1) AsMailboxSshAuthResponseFailureV1() (MailboxSshAuthResponseFailureV1, error)

AsMailboxSshAuthResponseFailureV1 returns the union data inside the MailboxSshAuthResponsePayloadV1 as a MailboxSshAuthResponseFailureV1

func (MailboxSshAuthResponsePayloadV1) AsMailboxSshAuthResponseSuccessV1 

func (t MailboxSshAuthResponsePayloadV1) AsMailboxSshAuthResponseSuccessV1() (MailboxSshAuthResponseSuccessV1, error)

AsMailboxSshAuthResponseSuccessV1 returns the union data inside the MailboxSshAuthResponsePayloadV1 as a MailboxSshAuthResponseSuccessV1

func (*MailboxSshAuthResponsePayloadV1) FromMailboxSshAuthResponseFailureV1 

func (t *MailboxSshAuthResponsePayloadV1) FromMailboxSshAuthResponseFailureV1(v MailboxSshAuthResponseFailureV1) error

FromMailboxSshAuthResponseFailureV1 overwrites any union data inside the MailboxSshAuthResponsePayloadV1 as the provided MailboxSshAuthResponseFailureV1

func (*MailboxSshAuthResponsePayloadV1) FromMailboxSshAuthResponseSuccessV1 

func (t *MailboxSshAuthResponsePayloadV1) FromMailboxSshAuthResponseSuccessV1(v MailboxSshAuthResponseSuccessV1) error

FromMailboxSshAuthResponseSuccessV1 overwrites any union data inside the MailboxSshAuthResponsePayloadV1 as the provided MailboxSshAuthResponseSuccessV1

func (MailboxSshAuthResponsePayloadV1) MarshalJSON 

func (t MailboxSshAuthResponsePayloadV1) MarshalJSON() ([]byte, error)

func (*MailboxSshAuthResponsePayloadV1) MergeMailboxSshAuthResponseFailureV1 

func (t *MailboxSshAuthResponsePayloadV1) MergeMailboxSshAuthResponseFailureV1(v MailboxSshAuthResponseFailureV1) error

MergeMailboxSshAuthResponseFailureV1 performs a merge with any union data inside the MailboxSshAuthResponsePayloadV1, using the provided MailboxSshAuthResponseFailureV1

func (*MailboxSshAuthResponsePayloadV1) MergeMailboxSshAuthResponseSuccessV1 

func (t *MailboxSshAuthResponsePayloadV1) MergeMailboxSshAuthResponseSuccessV1(v MailboxSshAuthResponseSuccessV1) error

MergeMailboxSshAuthResponseSuccessV1 performs a merge with any union data inside the MailboxSshAuthResponsePayloadV1, using the provided MailboxSshAuthResponseSuccessV1

func (*MailboxSshAuthResponsePayloadV1) UnmarshalJSON 

func (t *MailboxSshAuthResponsePayloadV1) UnmarshalJSON(b []byte) error

type MailboxSshAuthResponseSuccessV1 

type MailboxSshAuthResponseSuccessV1 struct {
	// ApprovalProof Canonical Longfellow approval proof carried inside encrypted approval responses.
	ApprovalProof *ApprovalAttestedKeyProof `json:"approval_proof,omitempty"`

	// Counter Monotonic counter (u32) the signer's secure element returned for this SK signing operation. Receivers MUST embed this in the OpenSSH SK signature preimage at the position between `flags` and `SHA256(data)` as a 4-byte big-endian unsigned integer. Successive signatures from the same key handle MUST have strictly increasing counter values. The schema declares `format: int64` so 32-bit Go targets can still represent the full u32 range without overflow.
	Counter int64 `json:"counter"`

	// Flags Per-signature SK assertion flags byte the signer's secure element actually asserted with. Approvers MUST either (a) assert with at least the bits the request `flags` byte asked for (UP=0x01, UV=0x04) and return the resulting byte here, or (b) return a `MailboxSshAuthResponseFailureV1` / `MailboxSshSignResponseFailureV1` with the appropriate signing error code. Approvers MUST NOT return a success response whose asserted flags byte clears bits the requester set; that would silently downgrade the security posture (e.g. UV-required → UP-only) below what the request agreed to. Receivers MUST embed this asserted byte at the `flags` position of the OpenSSH SK signature preimage; verification fails if the request `flags` byte is used instead. Receivers SHOULD additionally verify that every bit set in the request `flags` byte is also set here as belt-and-suspenders defence against a misbehaving approver.
	Flags int `json:"flags"`

	// Signature RFC 4648 standard base64 with `=` padding for the raw SSH signature blob (no SSH-wire framing).
	Signature []byte `json:"signature"`
}

MailboxSshAuthResponseSuccessV1 Success branch of `MailboxSshAuthResponsePayloadV1`. Carries the raw SSH signature plus the per-signature SK assertion flags byte and monotonic counter the signer's secure element returned for this signing operation; all three are required so the requester can rebuild the OpenSSH SK signature preimage (`SHA256(application) || flags || counter || SHA256(data)`) and verify against the enrolled credential public key.

type MailboxSshSignRequestPayloadV1 

type MailboxSshSignRequestPayloadV1 struct {
	// Application SSH application identifier (e.g. `ssh:`).
	Application *string `json:"application,omitempty"`

	// ApprovalChallenge Canonical Longfellow / attested-key-zk approval challenge. Producer sends this inside the request payload; the approver binds it into the approval proof returned in the response payload.
	ApprovalChallenge *ApprovalChallenge `json:"approval_challenge,omitempty"`

	// DeviceKeyId Device-side key identifier (e.g. iOS Secure Enclave handle) used to select among enrolled signing keys on the approver.
	DeviceKeyId string `json:"device_key_id"`

	// Display Optional approval-UI metadata. Producers populate this on a best-effort basis; approvers MUST render the wire payload regardless of presence.
	// Superseded by the declarative `ApprovalUiV1` schema in `approval_ui.yaml`, exposed as the `ui` field on every request payload. Retained only for producers that have not yet migrated; scheduled for removal in a follow-up once every producer and approver sends and renders `ApprovalUiV1`.
	Display *DisplaySchema `json:"display,omitempty"`

	// Flags SSH SK flags bitmask. Default `0x01` requires user presence.
	Flags *int32 `json:"flags,omitempty"`

	// KeyId Identifier of the key to sign with.
	KeyId *string `json:"key_id,omitempty"`

	// RawData RFC 4648 standard base64 with `=` padding for the raw data to sign (preimage). The approver builds the canonical SSH signature input from this preimage.
	RawData []byte `json:"raw_data"`

	// SourceInfo Optional context about the requesting system. Producers populate this on a best-effort basis; approvers MUST NOT make security decisions on unauthenticated source metadata.
	SourceInfo *SourceInfo `json:"source_info,omitempty"`

	// Ui Declarative approval-UI container. `blocks` is a flat, ordered list rendered top to bottom. The approver renders this content above its own mandatory security chrome and signing controls; nothing here can suppress, reorder, or replace that chrome. Renderers MUST skip (not reject) any block whose `type` is not recognised so that newer producers stay forward-compatible with older approvers. Producers populate this on a best-effort basis; approvers MUST still render a safe default screen when it is absent or empty.
	Ui *ApprovalUiV1 `json:"ui,omitempty"`
}

MailboxSshSignRequestPayloadV1 Request payload for the `ssh_sign` envelope type. The approver signs an SSH signature input derived from `raw_data` (e.g. `git commit -S` SSH signing), using the on-device key selected by `device_key_id`.

type MailboxSshSignResponseFailureV1 

type MailboxSshSignResponseFailureV1 struct {
	// ErrorCode Numeric error code returned in `*ResponsePayloadV1.error_code` when an approval flow fails. `1=rejected`, `2=timeout`, `3=key_not_found`, `4=invalid_payload`, `5=attestation_failed`, `6=internal_error`.
	ErrorCode SigningErrorCode `json:"error_code"`

	// ErrorMessage Human-readable error message.
	ErrorMessage *string `json:"error_message,omitempty"`
}

MailboxSshSignResponseFailureV1 Failure branch of `MailboxSshSignResponsePayloadV1`.

type MailboxSshSignResponsePayloadV1 

type MailboxSshSignResponsePayloadV1 struct {
	// contains filtered or unexported fields
}

MailboxSshSignResponsePayloadV1 Response payload for the `ssh_sign` envelope type. Discriminated as a success / failure pair.

func (MailboxSshSignResponsePayloadV1) AsMailboxSshSignResponseFailureV1 

func (t MailboxSshSignResponsePayloadV1) AsMailboxSshSignResponseFailureV1() (MailboxSshSignResponseFailureV1, error)

AsMailboxSshSignResponseFailureV1 returns the union data inside the MailboxSshSignResponsePayloadV1 as a MailboxSshSignResponseFailureV1

func (MailboxSshSignResponsePayloadV1) AsMailboxSshSignResponseSuccessV1 

func (t MailboxSshSignResponsePayloadV1) AsMailboxSshSignResponseSuccessV1() (MailboxSshSignResponseSuccessV1, error)

AsMailboxSshSignResponseSuccessV1 returns the union data inside the MailboxSshSignResponsePayloadV1 as a MailboxSshSignResponseSuccessV1

func (*MailboxSshSignResponsePayloadV1) FromMailboxSshSignResponseFailureV1 

func (t *MailboxSshSignResponsePayloadV1) FromMailboxSshSignResponseFailureV1(v MailboxSshSignResponseFailureV1) error

FromMailboxSshSignResponseFailureV1 overwrites any union data inside the MailboxSshSignResponsePayloadV1 as the provided MailboxSshSignResponseFailureV1

func (*MailboxSshSignResponsePayloadV1) FromMailboxSshSignResponseSuccessV1 

func (t *MailboxSshSignResponsePayloadV1) FromMailboxSshSignResponseSuccessV1(v MailboxSshSignResponseSuccessV1) error

FromMailboxSshSignResponseSuccessV1 overwrites any union data inside the MailboxSshSignResponsePayloadV1 as the provided MailboxSshSignResponseSuccessV1

func (MailboxSshSignResponsePayloadV1) MarshalJSON 

func (t MailboxSshSignResponsePayloadV1) MarshalJSON() ([]byte, error)

func (*MailboxSshSignResponsePayloadV1) MergeMailboxSshSignResponseFailureV1 

func (t *MailboxSshSignResponsePayloadV1) MergeMailboxSshSignResponseFailureV1(v MailboxSshSignResponseFailureV1) error

MergeMailboxSshSignResponseFailureV1 performs a merge with any union data inside the MailboxSshSignResponsePayloadV1, using the provided MailboxSshSignResponseFailureV1

func (*MailboxSshSignResponsePayloadV1) MergeMailboxSshSignResponseSuccessV1 

func (t *MailboxSshSignResponsePayloadV1) MergeMailboxSshSignResponseSuccessV1(v MailboxSshSignResponseSuccessV1) error

MergeMailboxSshSignResponseSuccessV1 performs a merge with any union data inside the MailboxSshSignResponsePayloadV1, using the provided MailboxSshSignResponseSuccessV1

func (*MailboxSshSignResponsePayloadV1) UnmarshalJSON 

func (t *MailboxSshSignResponsePayloadV1) UnmarshalJSON(b []byte) error

type MailboxSshSignResponseSuccessV1 

type MailboxSshSignResponseSuccessV1 struct {
	// ApprovalProof Canonical Longfellow approval proof carried inside encrypted approval responses.
	ApprovalProof *ApprovalAttestedKeyProof `json:"approval_proof,omitempty"`

	// Counter Monotonic counter (u32) the signer's secure element returned for this SK signing operation. Receivers MUST embed this in the OpenSSH SK signature preimage at the position between `flags` and `SHA256(data)` as a 4-byte big-endian unsigned integer. Successive signatures from the same key handle MUST have strictly increasing counter values. The schema declares `format: int64` so 32-bit Go targets can still represent the full u32 range without overflow.
	Counter int64 `json:"counter"`

	// Flags Per-signature SK assertion flags byte the signer's secure element actually asserted with. Approvers MUST either (a) assert with at least the bits the request `flags` byte asked for (UP=0x01, UV=0x04) and return the resulting byte here, or (b) return a `MailboxSshAuthResponseFailureV1` / `MailboxSshSignResponseFailureV1` with the appropriate signing error code. Approvers MUST NOT return a success response whose asserted flags byte clears bits the requester set; that would silently downgrade the security posture (e.g. UV-required → UP-only) below what the request agreed to. Receivers MUST embed this asserted byte at the `flags` position of the OpenSSH SK signature preimage; verification fails if the request `flags` byte is used instead. Receivers SHOULD additionally verify that every bit set in the request `flags` byte is also set here as belt-and-suspenders defence against a misbehaving approver.
	Flags int `json:"flags"`

	// Signature RFC 4648 standard base64 with `=` padding for the raw SSH signature blob (no SSH-wire framing).
	Signature []byte `json:"signature"`
}

MailboxSshSignResponseSuccessV1 Success branch of `MailboxSshSignResponsePayloadV1`. Carries the raw SSH signature plus the per-signature SK assertion flags byte and monotonic counter the signer's secure element returned for this signing operation; all three are required so the requester can rebuild the OpenSSH SK signature preimage (`SHA256(application) || flags || counter || SHA256(data)`) and verify against the enrolled credential public key.

type NaughtBotApprovalBindingPayloadV1 added in v0.7.0 

type NaughtBotApprovalBindingPayloadV1 struct {
	// Action Action copied from `MailboxCaptchaRequestPayloadV1.action`.
	Action string `json:"action"`

	// ChallengeId Challenge id copied from `MailboxCaptchaRequestPayloadV1.challenge_id`.
	ChallengeId string `json:"challenge_id"`

	// ExpiresAt Expiry copied from `MailboxCaptchaRequestPayloadV1.expires_at`.
	ExpiresAt int64 `json:"expires_at"`

	// ServiceOrigin Captcha service origin copied from `MailboxCaptchaRequestPayloadV1.service_origin`.
	ServiceOrigin string `json:"service_origin"`

	// SiteOrigin Relying-party site origin copied from `MailboxCaptchaRequestPayloadV1.site_origin`.
	SiteOrigin string `json:"site_origin"`

	// Sitekey Public sitekey copied from `MailboxCaptchaRequestPayloadV1.sitekey`.
	Sitekey string `json:"sitekey"`
}

NaughtBotApprovalBindingPayloadV1 Captcha request payload projection included in deterministic approval-binding CBOR.

type NaughtBotApprovalBindingV1 added in v0.7.0 

type NaughtBotApprovalBindingV1 struct {
	// EnvelopeId Source `MailboxEnvelopeV1.id` as a canonical lower-case RFC 4122 UUID string.
	EnvelopeId openapi_types.UUID `json:"envelope_id"`

	// EnvelopeType Source `MailboxEnvelopeV1.type`; only captcha requests are signed.
	EnvelopeType NaughtBotApprovalBindingV1EnvelopeType `json:"envelope_type"`

	// EnvelopeV Source `MailboxEnvelopeV1.v`; only version `1` is valid.
	EnvelopeV NaughtBotApprovalBindingV1EnvelopeV `json:"envelope_v"`

	// IssuedAt Source `MailboxEnvelopeV1.issued_at`, preserved as a string.
	IssuedAt string `json:"issued_at"`

	// Payload Captcha request payload projection included in deterministic approval-binding CBOR.
	Payload NaughtBotApprovalBindingPayloadV1 `json:"payload"`
}

NaughtBotApprovalBindingV1 Deterministic CBOR projection mobile signs for captcha approval proofs. Encode with RFC 8949 core deterministic CBOR and profile `application/cbor; profile=naughtbot-captcha-approval-binding-v1`; verifiers hash the exact CBOR bytes as `approval_hash = SHA256(binding bytes)`. Do not hash raw JSON or a service-specific JSON canonicalization.

type NaughtBotApprovalBindingV1EnvelopeType added in v0.7.0 

type NaughtBotApprovalBindingV1EnvelopeType string

NaughtBotApprovalBindingV1EnvelopeType Source `MailboxEnvelopeV1.type`; only captcha requests are signed. 

const (
	CaptchaRequest NaughtBotApprovalBindingV1EnvelopeType = "captcha_request"
)

Defines values for NaughtBotApprovalBindingV1EnvelopeType.

func (NaughtBotApprovalBindingV1EnvelopeType) Valid added in v0.7.0 

func (e NaughtBotApprovalBindingV1EnvelopeType) Valid() bool

Valid indicates whether the value is a known member of the NaughtBotApprovalBindingV1EnvelopeType enum.

type NaughtBotApprovalBindingV1EnvelopeV added in v0.7.0 

type NaughtBotApprovalBindingV1EnvelopeV int

NaughtBotApprovalBindingV1EnvelopeV Source `MailboxEnvelopeV1.v`; only version `1` is valid. 

const (
	NaughtBotApprovalBindingV1EnvelopeVersion1 NaughtBotApprovalBindingV1EnvelopeV = 1
)

Defines values for NaughtBotApprovalBindingV1EnvelopeV.

func (NaughtBotApprovalBindingV1EnvelopeV) Valid added in v0.7.0 

func (e NaughtBotApprovalBindingV1EnvelopeV) Valid() bool

Valid indicates whether the value is a known member of the NaughtBotApprovalBindingV1EnvelopeV enum.

type Pkcs11DeriveKdfParams 

type Pkcs11DeriveKdfParams struct {
	// Algorithm KDF algorithm name. Approvers MUST reject unknown algorithms.
	Algorithm string `json:"algorithm"`

	// Info RFC 4648 standard base64 with `=` padding for the optional KDF `info` parameter.
	Info *[]byte `json:"info,omitempty"`

	// KeyLength Desired output key length in bytes.
	KeyLength *int32 `json:"key_length,omitempty"`
}

Pkcs11DeriveKdfParams Optional key derivation parameters applied to the ECDH shared secret.

type PkeskData 

type PkeskData struct {
	// Algorithm OpenPGP public key algorithm (RFC 4880 §9.1). `18` is ECDH.
	Algorithm int32 `json:"algorithm"`

	// EphemeralPoint RFC 4648 standard base64 with `=` padding for the ephemeral ECDH public point (33 bytes compressed).
	EphemeralPoint []byte `json:"ephemeral_point"`

	// KeyId RFC 4648 standard base64 with `=` padding for the 8-byte recipient key id.
	KeyId []byte `json:"key_id"`

	// Version PKESK packet version (typically 3).
	Version int32 `json:"version"`

	// WrappedKey RFC 4648 standard base64 with `=` padding for the AES-wrapped session key.
	WrappedKey []byte `json:"wrapped_key"`
}

PkeskData OpenPGP Public Key Encrypted Session Key packet data.

type ProcessEntry 

type ProcessEntry struct {
	// Command Command line of the process.
	Command string `json:"command"`

	// Pid Process id.
	Pid int32 `json:"pid"`

	// Username Username running the process.
	Username string `json:"username"`
}

ProcessEntry Entry in a process ancestry chain.

type PublicKeyAlgorithm added in v0.10.0 

type PublicKeyAlgorithm string

PublicKeyAlgorithm Closed set of public-key algorithms whose canonical byte layout is pinned by this contract. `ecdsa_p256` is a NIST P-256 (secp256r1) key, `ed25519` is an Edwards-curve Ed25519 signing key, and `x25519` is a Curve25519 Diffie-Hellman key. This enum is deliberately closed: receivers MUST reject any algorithm not listed here rather than guessing a byte layout. This DIVERGES from `MailboxEnrollResponseApprovedV1.algorithm`, which is an open free-form string (the `enroll` flow predates the closed canonical-transport contract and stays permissive for forward compatibility). Schemas that need a verifiable canonical public key — notably the `key_inventory` surface — MUST use this closed enum so the producer and the approver cannot disagree on how to interpret `public_key_hex`. New algorithms (e.g. `rsa`) are added here only when there is a concrete implementation that needs them. 

const (
	EcdsaP256 PublicKeyAlgorithm = "ecdsa_p256"
	Ed25519   PublicKeyAlgorithm = "ed25519"
	X25519    PublicKeyAlgorithm = "x25519"
)

Defines values for PublicKeyAlgorithm.

func (PublicKeyAlgorithm) Valid added in v0.10.0 

func (e PublicKeyAlgorithm) Valid() bool

Valid indicates whether the value is a known member of the PublicKeyAlgorithm enum.

type PublicKeyFormat added in v0.10.0 

type PublicKeyFormat string

PublicKeyFormat Closed set of byte layouts a `public_key_hex` value can carry. `sec1_compressed` is the SEC1 compressed-point encoding for P-256 (33 bytes: a `0x02`/`0x03` parity prefix followed by the 32-byte X coordinate). `raw_32` is a bare 32-byte public key, used for Ed25519 signing keys and X25519 Diffie-Hellman keys. The format MUST be consistent with `PublicKeyAlgorithm`: `ecdsa_p256` pairs with `sec1_compressed`; `ed25519` and `x25519` pair with `raw_32`. Receivers MUST reject any other pairing. A `spki_der` layout is intentionally NOT defined yet — add it only when a future PKCS#11 RSA or generic public key actually needs it. 

const (
	Raw32          PublicKeyFormat = "raw_32"
	Sec1Compressed PublicKeyFormat = "sec1_compressed"
)

Defines values for PublicKeyFormat.

func (PublicKeyFormat) Valid added in v0.10.0 

func (e PublicKeyFormat) Valid() bool

Valid indicates whether the value is a known member of the PublicKeyFormat enum.

type Raw32PublicKeyHex added in v0.10.0 

type Raw32PublicKeyHex = string

Raw32PublicKeyHex Lowercase hex of a bare 32-byte public key: exactly 64 hex chars. Use this with `PublicKeyAlgorithm.ed25519` or `PublicKeyAlgorithm.x25519` and `PublicKeyFormat.raw_32`. Receivers MUST reject values whose length does not match.

type Sec1CompressedPublicKeyHex added in v0.10.0 

type Sec1CompressedPublicKeyHex = string

Sec1CompressedPublicKeyHex Lowercase hex of a SEC1 compressed P-256 public key: 66 hex chars (33 bytes) whose first byte is the `0x02` or `0x03` parity prefix followed by the 32-byte X coordinate. Use this with `PublicKeyAlgorithm.ecdsa_p256` / `PublicKeyFormat.sec1_compressed`. Receivers MUST reject values whose length or prefix does not match.

type SigningErrorCode 

type SigningErrorCode int

SigningErrorCode Numeric error code returned in `*ResponsePayloadV1.error_code` when an approval flow fails. `1=rejected`, `2=timeout`, `3=key_not_found`, `4=invalid_payload`, `5=attestation_failed`, `6=internal_error`. 

const (
	N1 SigningErrorCode = 1
	N2 SigningErrorCode = 2
	N3 SigningErrorCode = 3
	N4 SigningErrorCode = 4
	N5 SigningErrorCode = 5
	N6 SigningErrorCode = 6
)

Defines values for SigningErrorCode.

func (SigningErrorCode) Valid 

func (e SigningErrorCode) Valid() bool

Valid indicates whether the value is a known member of the SigningErrorCode enum.

type SourceInfo 

type SourceInfo struct {
	// Command Command line of the current process.
	Command *string `json:"command,omitempty"`

	// Hostname Source machine hostname.
	Hostname *string `json:"hostname,omitempty"`

	// LocalIp Local/private IP address.
	LocalIp *string `json:"local_ip,omitempty"`

	// ProcessChain Full process tree from the current process up to init.
	ProcessChain *[]ProcessEntry `json:"process_chain,omitempty"`

	// Username User running the requesting process.
	Username *string `json:"username,omitempty"`
}

SourceInfo Optional context about the requesting system. Producers populate this on a best-effort basis; approvers MUST NOT make security decisions on unauthenticated source metadata.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.