protocol

package
v0.8.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 30, 2026 License: MIT Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source
const (
	SoftwareAgentSignaturePrefix   = "software-agent:"
	SoftwareRouterSignaturePrefix  = "software-router:"
	CredentialProofSignaturePrefix = "credential-hmac-sha256:"
)
View Source
const (
	MaxProductCaptureTimeoutSeconds = 300
	MaxProductCaptureHTMLBytes      = 10 << 20
	MaxProductCaptureImageCount     = 32
)
View Source
const MaxRuntimeResultPreviewBytes = 16 * 1024
View Source
const NetworkAuditMaxLabels = 32
View Source
const NetworkAuditProtocolVersion = Version
View Source
const NetworkAuditRefKeyEpoch = "network-audit-ref-v1"
View Source
const Version = "compute.v1alpha1"

Variables

View Source
var ErrRedundancyTierNotEnabledV1 = errors.New("redundancy tier is not enabled in v1")

Functions

func CanonicalHash

func CanonicalHash(value any) string

func CredentialEdgeSignature

func CredentialEdgeSignature(receipt EdgeRequestReceipt, tokenProofKey string) string

func CredentialProofSignature

func CredentialProofSignature(receipt ProofReceipt, tokenProofKey string) string

func CredentialServiceSignature

func CredentialServiceSignature(receipt ServiceReceipt, tokenProofKey string) string

func DecodeStrict added in v0.4.0

func DecodeStrict(r io.Reader, v any) error

func ExecutionTierSupportsResourceLimits

func ExecutionTierSupportsResourceLimits(tier ExecutionSecurityTier) bool

func ExecutorCapabilitiesHaveResourceConstrainedMatch

func ExecutorCapabilitiesHaveResourceConstrainedMatch(req PlacementRequirements, caps ExecutorCapabilities) bool

func ExecutorCapabilitiesHaveSupportedMatch

func ExecutorCapabilitiesHaveSupportedMatch(req PlacementRequirements, caps PlacementRequirementCapabilities) bool

func ExecutorMatchesPlacementRequirements

func ExecutorMatchesPlacementRequirements(executor ExecutorRef, req PlacementRequirements) bool

func HardwareCapabilitiesSatisfyPlacementRequirements

func HardwareCapabilitiesSatisfyPlacementRequirements(req PlacementRequirements, caps HardwarePlacementCapabilities) bool

func NetworkAuditDescriptorDigest added in v0.2.0

func NetworkAuditDescriptorDigest() string

func NetworkAuditDescriptorSet added in v0.2.0

func NetworkAuditDescriptorSet() *descriptorpb.FileDescriptorSet

func PlacementRequiresVerifiedHardwareAttestation

func PlacementRequiresVerifiedHardwareAttestation(req PlacementRequirements) bool

func ProjectNetworkAuditDestination added in v0.2.0

func ProjectNetworkAuditDestination(raw string) (NetworkAuditDestination, []NetworkAuditValidationIssue)

func ProjectNetworkAuditID added in v0.2.0

func ProjectNetworkAuditID(components ...string) (string, error)

func ProjectNetworkAuditLifecycle added in v0.2.0

func ProjectNetworkAuditLifecycle(leaseID, event string) (NetworkAuditDestination, []NetworkAuditValidationIssue)

func ProjectNetworkAuditProvider added in v0.2.0

func ProjectNetworkAuditProvider(providerID, pluginName, pluginVersion, contractID, contractVersion, descriptorDigest string) (NetworkAuditProviderEvidence, []NetworkAuditValidationIssue)

func ProviderPluginRequiresUpstreamClientConformance

func ProviderPluginRequiresUpstreamClientConformance(pluginID string) bool

func RequiredHardwareClass

func RequiredHardwareClass(req PlacementRequirements) string

func ResourceLimitsRequireResourceConstrainedExecutor

func ResourceLimitsRequireResourceConstrainedExecutor(limits ResourceLimits) bool

func SoftwareAgentProofSignature

func SoftwareAgentProofSignature(receipt ProofReceipt) string

func SoftwareAgentServiceSignature

func SoftwareAgentServiceSignature(receipt ServiceReceipt) string

func SoftwareRouterEdgeSignature

func SoftwareRouterEdgeSignature(receipt EdgeRequestReceipt) string

func TokenProofKey

func TokenProofKey(token string) string

func UnmarshalNetworkAuditRecordProtoStrict added in v0.2.0

func UnmarshalNetworkAuditRecordProtoStrict(data []byte) (*pb.NetworkAuditRecord, error)

func ValidateAttestedProofBinding

func ValidateAttestedProofBinding(binding AttestedProofBinding) error

func ValidateAttestedServiceBinding

func ValidateAttestedServiceBinding(binding AttestedServiceBinding) error

func ValidateControlSessionRequest added in v0.7.1

func ValidateControlSessionRequest(r *pb.ControlSessionRequest) error

ValidateControlSessionRequest validates the wire fields of a ControlSessionRequest. Both SessionId and Action are required.

func ValidatePlacementRequirementsAgainstCapabilities

func ValidatePlacementRequirementsAgainstCapabilities(req PlacementRequirements, caps PlacementRequirementCapabilities) error

func ValidateProofPolicy

func ValidateProofPolicy(proofTier ProofTier, policy ProofPolicy) error

func ValidateProviderCapabilities added in v0.7.1

func ValidateProviderCapabilities(c *pb.ProviderCapabilities) error

ValidateProviderCapabilities validates the wire fields of a ProviderCapabilities. ProviderId is required; ExecutorProviders must contain at least one entry.

func ValidateResourceLimitsAgainstCapacity

func ValidateResourceLimitsAgainstCapacity(limits ResourceLimits, capacity ResourceCapacity) error

func ValidateRunRequest added in v0.7.1

func ValidateRunRequest(r *pb.RunRequest) error

ValidateRunRequest validates the wire fields of a RunRequest. Input and Env are optional; ExecutorProvider is required.

func ValidateRuntimeResultPreview

func ValidateRuntimeResultPreview(preview map[string]any) error

func ValidateSessionEvent added in v0.7.1

func ValidateSessionEvent(e *pb.SessionEvent) error

ValidateSessionEvent validates the wire fields of a SessionEvent. EventType is required. Evidence is unsigned at this layer and host-signed later; no crypto validation is performed here.

func ValidateStartSessionRequest added in v0.7.1

func ValidateStartSessionRequest(r *pb.StartSessionRequest) error

ValidateStartSessionRequest validates the wire fields of a StartSessionRequest. Input and Env are optional; ExecutorProvider is required.

func VerifyCredentialEdgeSignature

func VerifyCredentialEdgeSignature(receipt EdgeRequestReceipt, tokenProofKey string) bool

func VerifyCredentialProofSignature

func VerifyCredentialProofSignature(receipt ProofReceipt, tokenProofKey string) bool

func VerifyCredentialServiceSignature

func VerifyCredentialServiceSignature(receipt ServiceReceipt, tokenProofKey string) bool

func VerifyManifest added in v0.8.0

func VerifyManifest(m StreamManifest, issuedNonces []LivenessNonce, reflectWindow time.Duration) error

VerifyManifest performs content verification of a StreamManifest:

  1. Segments must be present and Index values strictly increasing (monotonic).
  2. Each LivenessNonce in the manifest must match an entry in issuedNonces by Nonce value; ReflectedInSeq must reference an existing segment index; the estimated reflection time (manifest.StartedAt + cumulative DurationMS through the referenced segment) must be within reflectWindow of IssuedAt. Note: liveness-nonce *presence* enforcement (ensuring every issued nonce actually appears in the manifest) is the host layer's responsibility; issuedNonces here is treated as a lookup registry, not an exhaustive list.
  3. Each DeliveryReceipt must cover exactly one segment (SeqStart == SeqEnd); range receipts (SeqStart != SeqEnd) are not supported in v1 and cause an error. Single-segment receipts must have a SHA256 equal to that segment's.
  4. Segment Index continuity: a gap is permitted only if a Discontinuity marker whose PrevSeq/ResumeSeq bracket it exists; an unmarked gap is an error.

All discovered problems are collected and returned via errors.Join.

Types

type AccessPolicy

type AccessPolicy struct {
	ProviderUsageVisibility AccessVisibility `json:"provider_usage_visibility,omitempty"`
	WorkloadVisibility      AccessVisibility `json:"workload_visibility,omitempty"`
	ArtifactVisibility      AccessVisibility `json:"artifact_visibility,omitempty"`
}

func (AccessPolicy) Validate

func (p AccessPolicy) Validate() error

type AccessVisibility

type AccessVisibility string
const (
	AccessVisibilityPrivate AccessVisibility = "private"
	AccessVisibilityNetwork AccessVisibility = "network"
	AccessVisibilityPublic  AccessVisibility = "public"
)

type AttestationDecision

type AttestationDecision struct {
	Provider             string            `json:"provider,omitempty"`
	VerifierID           string            `json:"verifier_id,omitempty"`
	DecisionID           string            `json:"decision_id,omitempty"`
	HardwareClass        string            `json:"hardware_class,omitempty"`
	ExecutorImageDigest  string            `json:"executor_image_digest,omitempty"`
	ExecutorRootFSDigest string            `json:"executor_rootfs_digest,omitempty"`
	PolicyID             string            `json:"policy_id,omitempty"`
	Nonce                string            `json:"nonce,omitempty"`
	IssuedAt             time.Time         `json:"issued_at,omitzero"`
	ExpiresAt            time.Time         `json:"expires_at,omitzero"`
	SignatureVerified    bool              `json:"signature_verified,omitempty"`
	ConfidentialGPU      bool              `json:"confidential_gpu,omitempty"`
	Signature            SignatureEnvelope `json:"signature,omitzero"`
}

func (AttestationDecision) BindingDigest

func (a AttestationDecision) BindingDigest() string

type AttestedProofBinding

type AttestedProofBinding struct {
	Executor              ExecutorRef    `json:"executor"`
	PolicyID              string         `json:"policy_id"`
	TaskID                string         `json:"task_id"`
	TaskHash              string         `json:"task_hash"`
	InputHash             string         `json:"input_hash"`
	DependencyClosureHash string         `json:"dependency_closure_hash"`
	WorkerID              string         `json:"worker_id"`
	PoolID                string         `json:"pool_id"`
	StartedAt             time.Time      `json:"started_at"`
	FinishedAt            time.Time      `json:"finished_at"`
	Verifier              VerifierResult `json:"verifier"`
}

type AttestedServiceBinding

type AttestedServiceBinding struct {
	Executor       ExecutorRef    `json:"executor"`
	PolicyID       string         `json:"policy_id"`
	TaskID         string         `json:"task_id"`
	DeploymentHash string         `json:"deployment_hash"`
	WorkerID       string         `json:"worker_id"`
	PoolID         string         `json:"pool_id"`
	StartedAt      time.Time      `json:"started_at"`
	FinishedAt     time.Time      `json:"finished_at"`
	Verifier       VerifierResult `json:"verifier"`
}

type Capabilities added in v0.4.0

type Capabilities struct {
	MachineID         string                  `json:"machine_id,omitempty"`
	OS                string                  `json:"os,omitempty"`
	Arch              string                  `json:"arch,omitempty"`
	CPUModel          string                  `json:"cpu_model,omitempty"`
	CPUCount          int                     `json:"cpu_count,omitempty"`
	MemoryBytes       int64                   `json:"memory_bytes,omitempty"`
	DiskBytes         int64                   `json:"disk_bytes,omitempty"`
	BandwidthMbps     int64                   `json:"bandwidth_mbps,omitempty"`
	IngressCapable    bool                    `json:"ingress_capable,omitempty"`
	GPU               []GPU                   `json:"gpu,omitempty"`
	ExecutorProviders []string                `json:"executor_providers,omitempty"`
	Executors         []ExecutorRef           `json:"executors,omitempty"`
	WorkloadKinds     []string                `json:"workload_kinds,omitempty"`
	ExecutionTiers    []ExecutionSecurityTier `json:"execution_tiers,omitempty"`
	ProofTiers        []ProofTier             `json:"proof_tiers,omitempty"`
	NetworkModes      []NetworkMode           `json:"network_modes,omitempty"`
	CapabilityTags    []string                `json:"capability_tags,omitempty"`
	CapabilityReports []CapabilityReport      `json:"capability_reports,omitempty"`
	HardwareSecurity  Security                `json:"hardware_security,omitzero"`
}

type CapabilityReport added in v0.4.0

type CapabilityReport struct {
	Provider    string                 `json:"provider"`
	Backend     string                 `json:"backend,omitempty"`
	Status      CapabilityReportStatus `json:"status"`
	Reason      string                 `json:"reason,omitempty"`
	Constraints []string               `json:"constraints,omitempty"`
}

type CapabilityReportStatus added in v0.4.0

type CapabilityReportStatus string
const (
	CapabilitySupported   CapabilityReportStatus = "supported"
	CapabilityDegraded    CapabilityReportStatus = "degraded"
	CapabilityUnsupported CapabilityReportStatus = "unsupported"
)

type Client added in v0.4.0

type Client struct {
	// contains filtered or unexported fields
}

func NewClient added in v0.4.0

func NewClient(config ClientConfig) (*Client, error)

func (*Client) FindProof added in v0.4.0

func (c *Client) FindProof(ctx context.Context, taskID string) (ProofReceipt, bool, error)

func (*Client) ListProofs added in v0.4.0

func (c *Client) ListProofs(ctx context.Context) ([]ProofReceipt, error)

func (*Client) ListTasks added in v0.4.0

func (c *Client) ListTasks(ctx context.Context) (TaskList, error)

func (*Client) SubmitTask added in v0.4.0

func (c *Client) SubmitTask(ctx context.Context, task Task) (Task, error)

func (*Client) TaskSnapshot added in v0.4.0

func (c *Client) TaskSnapshot(ctx context.Context, id string) (Task, bool, []TaskStall, error)

type ClientConfig added in v0.4.0

type ClientConfig struct {
	ServerURL  string
	Token      string
	HTTPClient *http.Client
	Timeout    time.Duration
}

type CommandWorkload added in v0.3.1

type CommandWorkload struct {
	Args                []string                `json:"args"`
	WorkingDirectory    string                  `json:"working_directory,omitempty"`
	Env                 []EnvRef                `json:"env,omitempty"`
	ArtifactRefs        []string                `json:"artifact_refs,omitempty"`
	ArtifactAllowlist   []string                `json:"artifact_allowlist,omitempty"`
	ConfidentialPayload *ConfidentialPayloadRef `json:"confidential_payload,omitempty"`
}

func (CommandWorkload) Validate added in v0.3.1

func (w CommandWorkload) Validate() error

type ConfidentialPayloadRef added in v0.3.1

type ConfidentialPayloadRef struct {
	CiphertextRef  string `json:"ciphertext_ref"`
	CiphertextHash string `json:"ciphertext_hash"`
	KeyRefHash     string `json:"key_ref_hash"`
	Algorithm      string `json:"algorithm"`
	KBSPolicyID    string `json:"kbs_policy_id"`
}

func (ConfidentialPayloadRef) Validate added in v0.3.1

func (r ConfidentialPayloadRef) Validate() error

type ContainerBuildWorkload added in v0.3.1

type ContainerBuildWorkload struct {
	ContextDirectory string   `json:"context_directory"`
	Dockerfile       string   `json:"dockerfile,omitempty"`
	Tags             []string `json:"tags,omitempty"`
	PushTargetRef    string   `json:"push_target_ref,omitempty"`
	PullTargetRef    string   `json:"pull_target_ref,omitempty"`
	Env              []EnvRef `json:"env,omitempty"`
}

func (ContainerBuildWorkload) Validate added in v0.3.1

func (w ContainerBuildWorkload) Validate() error

type ContainerRuntimeScope added in v0.8.0

type ContainerRuntimeScope struct {
	Args []string `json:"args,omitempty"`
}

type ContainerRuntimeTool

type ContainerRuntimeTool string
const (
	ContainerRuntimePodman         ContainerRuntimeTool = "podman"
	ContainerRuntimeDocker         ContainerRuntimeTool = "docker"
	ContainerRuntimeNerdctl        ContainerRuntimeTool = "nerdctl"
	ContainerRuntimeAppleContainer ContainerRuntimeTool = "apple-container"
)

type ContentInputRef added in v0.8.3

type ContentInputRef struct {
	Name        string `json:"name"`
	Ref         string `json:"ref"`
	TargetPath  string `json:"target_path"`
	SHA256      string `json:"sha256,omitempty"`
	ContentType string `json:"content_type,omitempty"`
	SizeBytes   int64  `json:"size_bytes,omitempty"`
	ProviderID  string `json:"provider_id,omitempty"`
}

func (ContentInputRef) Validate added in v0.8.3

func (r ContentInputRef) Validate() error

type ContributionAuthority

type ContributionAuthority string
const (
	ContributionAuthorityWFCompute ContributionAuthority = "wfcompute"
	ContributionAuthorityUpstream  ContributionAuthority = "upstream"
)

type ContributionPolicy

type ContributionPolicy struct {
	ValidationAuthority ContributionAuthority `json:"validation_authority,omitempty"`
	CreditAuthority     ContributionAuthority `json:"credit_authority,omitempty"`
	MonetaryPayouts     bool                  `json:"monetary_payouts,omitempty"`
}

func (ContributionPolicy) ValidateForRewardPolicy

func (p ContributionPolicy) ValidateForRewardPolicy(rewardPolicy string, target SettlementTarget) error

type CryptoRewardCustodyMode

type CryptoRewardCustodyMode string
const CryptoRewardCustodyTreasuryThenDistribute CryptoRewardCustodyMode = "treasury_then_distribute"

type CryptoRewardDistributionMode

type CryptoRewardDistributionMode string
const CryptoRewardDistributionContributionShare CryptoRewardDistributionMode = "contribution_share"

type CryptoRewardParticipantWalletSource

type CryptoRewardParticipantWalletSource string
const CryptoRewardParticipantAccountWallet CryptoRewardParticipantWalletSource = "account_wallet"

type CryptoRewardRoutingPolicy

type CryptoRewardRoutingPolicy struct {
	Network                 string                              `json:"network,omitempty"`
	TreasuryAccountID       string                              `json:"treasury_account_id,omitempty"`
	TreasuryWalletRef       string                              `json:"treasury_wallet_ref,omitempty"`
	CustodyMode             CryptoRewardCustodyMode             `json:"custody_mode,omitempty"`
	DistributionMode        CryptoRewardDistributionMode        `json:"distribution_mode,omitempty"`
	ParticipantWalletSource CryptoRewardParticipantWalletSource `json:"participant_wallet_source,omitempty"`
	ManagementFeeBps        int                                 `json:"management_fee_bps,omitempty"`
}

func (CryptoRewardRoutingPolicy) Validate

type DeliveryConsumerKind added in v0.8.0

type DeliveryConsumerKind string

DeliveryConsumerKind distinguishes the type of consumer receiving segments.

const (
	// ConsumerViewer is an end-viewer consuming the stream.
	ConsumerViewer DeliveryConsumerKind = "viewer"
	// ConsumerEdgeRelay is an edge relay re-distributing the stream.
	ConsumerEdgeRelay DeliveryConsumerKind = "edge-relay"
)

type DeliveryReceipt added in v0.8.0

type DeliveryReceipt struct {
	ConsumerID string               `json:"consumer_id"`
	Kind       DeliveryConsumerKind `json:"kind"`
	SeqStart   int                  `json:"seq_start"`
	SeqEnd     int                  `json:"seq_end"`
	Bytes      int64                `json:"bytes"`
	// SHA256 is the hash of the delivered segment range; for single-segment
	// receipts (SeqStart == SeqEnd) it must equal the segment's SHA256.
	SHA256 string `json:"sha256"`
	// Sig is an opaque signature over this receipt; verification of the
	// cryptographic signature itself is wired by the host layer.
	Sig []byte `json:"sig,omitempty"`
}

DeliveryReceipt records that a consumer received a segment range. For cross-checking, SHA256 must equal the SHA256 of the referenced segment when the receipt covers exactly one segment (SeqStart == SeqEnd).

type Discontinuity added in v0.8.0

type Discontinuity struct {
	At        time.Time `json:"at"`
	Reason    string    `json:"reason"`
	PrevSeq   int       `json:"prev_seq"`
	ResumeSeq int       `json:"resume_seq"`
	Sig       []byte    `json:"sig,omitempty"`
}

Discontinuity marks an intentional gap in segment continuity (e.g. network drop). A gap between PrevSeq and ResumeSeq is considered covered if a Discontinuity with matching PrevSeq and ResumeSeq exists in the manifest. Sig is an opaque signature over this marker; verification of the cryptographic signature itself is wired by the host layer.

type EdgeRequestReceipt

type EdgeRequestReceipt struct {
	ProtocolVersion     string         `json:"protocol_version,omitempty"`
	ID                  string         `json:"id"`
	OrgID               string         `json:"org_id"`
	PoolID              string         `json:"pool_id"`
	ProductID           string         `json:"product_id"`
	Hostname            string         `json:"hostname"`
	RouteTarget         string         `json:"route_target"`
	ServiceLeaseID      string         `json:"service_lease_id,omitempty"`
	TaskID              string         `json:"task_id,omitempty"`
	WorkerID            string         `json:"worker_id,omitempty"`
	ContentRef          string         `json:"content_ref,omitempty"`
	RequestID           string         `json:"request_id"`
	TraceID             string         `json:"trace_id"`
	Method              string         `json:"method"`
	RequestClass        string         `json:"request_class"`
	RequestHash         string         `json:"request_hash"`
	ResponseHash        string         `json:"response_hash"`
	RequestBytes        int64          `json:"request_bytes,omitempty"`
	ResponseBytes       int64          `json:"response_bytes,omitempty"`
	StartedAt           time.Time      `json:"started_at"`
	FinishedAt          time.Time      `json:"finished_at"`
	ResourceUsage       ResourceUsage  `json:"resource_usage"`
	ServiceReceiptIDs   []string       `json:"service_receipt_ids,omitempty"`
	IngressEvidenceID   string         `json:"ingress_evidence_id,omitempty"`
	IngressEvidenceHash string         `json:"ingress_evidence_hash,omitempty"`
	Verifier            VerifierResult `json:"verifier"`
	RouterSignature     string         `json:"router_signature"`
}

func (EdgeRequestReceipt) Validate

func (r EdgeRequestReceipt) Validate() error

type EnvRef added in v0.3.1

type EnvRef struct {
	Name      string `json:"name"`
	ValueRef  string `json:"value_ref,omitempty"`
	SecretRef string `json:"secret_ref,omitempty"`
}

func (EnvRef) Validate added in v0.3.1

func (r EnvRef) Validate() error

type ExecutionSecurityTier

type ExecutionSecurityTier string
const (
	ExecutionTrustedNative      ExecutionSecurityTier = "trusted-native"
	ExecutionHardenedContainer  ExecutionSecurityTier = "hardened-container"
	ExecutionSandboxedContainer ExecutionSecurityTier = "sandboxed-container"
	ExecutionMicroVM            ExecutionSecurityTier = "microvm"
	ExecutionConfidentialCPU    ExecutionSecurityTier = "confidential-cpu"
	ExecutionConfidentialGPU    ExecutionSecurityTier = "confidential-gpu"
	ExecutionWASMCapability     ExecutionSecurityTier = "wasm-capability"
)

type ExecutorCapabilities

type ExecutorCapabilities struct {
	Executors      []ExecutorRef           `json:"executors,omitempty"`
	ExecutionTiers []ExecutionSecurityTier `json:"execution_tiers,omitempty"`
}

type ExecutorRef

type ExecutorRef struct {
	Provider              string                `json:"provider"`
	Version               string                `json:"version"`
	ExecutionSecurityTier ExecutionSecurityTier `json:"execution_security_tier,omitempty"`
	ProofTier             ProofTier             `json:"proof_tier,omitempty"`
	ImageDigest           string                `json:"image_digest,omitempty"`
	RootFSDigest          string                `json:"rootfs_digest,omitempty"`
}

func RuntimeBackendReportsSupportedExecutors added in v0.5.0

func RuntimeBackendReportsSupportedExecutors(reports []RuntimeBackendReport) []ExecutorRef

func (ExecutorRef) RequiresAttestation

func (e ExecutorRef) RequiresAttestation() bool

func (ExecutorRef) ValidateForProof

func (e ExecutorRef) ValidateForProof() error

type ForwardableArtifactRef added in v0.8.0

type ForwardableArtifactRef struct {
	Handle           string `json:"handle"`
	Digest           string `json:"digest"`
	ContentType      string `json:"content_type"`
	TransferTokenRef string `json:"transfer_token_ref"`
}

func (ForwardableArtifactRef) Validate added in v0.8.0

func (r ForwardableArtifactRef) Validate() error

type GPU added in v0.4.0

type GPU struct {
	Vendor      string `json:"vendor,omitempty"`
	Name        string `json:"name,omitempty"`
	MemoryBytes int64  `json:"memory_bytes,omitempty"`
}

type HardwareAttestation

type HardwareAttestation struct {
	Class      string    `json:"class"`
	Provider   string    `json:"provider"`
	VerifierID string    `json:"verifier_id"`
	KeyID      string    `json:"key_id"`
	Verified   bool      `json:"verified"`
	ExpiresAt  time.Time `json:"expires_at,omitzero"`
}

type HardwarePlacementCapabilities

type HardwarePlacementCapabilities struct {
	GPUCount int                          `json:"gpu_count,omitempty"`
	Security HardwareSecurityCapabilities `json:"security,omitzero"`
	Now      time.Time                    `json:"now,omitzero"`
}

type HardwareSecurityCapabilities

type HardwareSecurityCapabilities struct {
	TEE                  []string              `json:"tee,omitempty"`
	HardwareClasses      []string              `json:"hardware_classes,omitempty"`
	HardwareAttestations []HardwareAttestation `json:"hardware_attestations,omitempty"`
}

type HealthCheck added in v0.3.3

type HealthCheck struct {
	Kind            string   `json:"kind"`
	Path            string   `json:"path,omitempty"`
	Command         []string `json:"command,omitempty"`
	IntervalSeconds int      `json:"interval_seconds,omitempty"`
	TimeoutSeconds  int      `json:"timeout_seconds,omitempty"`
}

func (HealthCheck) IsZero added in v0.3.3

func (h HealthCheck) IsZero() bool

func (HealthCheck) Validate added in v0.3.3

func (h HealthCheck) Validate() error

type IngressPolicy added in v0.3.3

type IngressPolicy struct {
	Mode         string   `json:"mode"`
	AllowedCIDRs []string `json:"allowed_cidrs,omitempty"`
	AuthRequired bool     `json:"auth_required"`
}

func (IngressPolicy) Validate added in v0.3.3

func (p IngressPolicy) Validate() error

type KeyReleaseDecision

type KeyReleaseDecision struct {
	Provider              string            `json:"provider,omitempty"`
	DecisionID            string            `json:"decision_id,omitempty"`
	AttestationDecisionID string            `json:"attestation_decision_id,omitempty"`
	AttestationDigest     string            `json:"attestation_digest,omitempty"`
	AttestationProvider   string            `json:"attestation_provider,omitempty"`
	AttestationVerifierID string            `json:"attestation_verifier_id,omitempty"`
	AttestationKeyID      string            `json:"attestation_key_id,omitempty"`
	PolicyID              string            `json:"policy_id,omitempty"`
	TaskID                string            `json:"task_id,omitempty"`
	TaskHash              string            `json:"task_hash,omitempty"`
	InputHash             string            `json:"input_hash,omitempty"`
	DependencyClosureHash string            `json:"dependency_closure_hash,omitempty"`
	WorkerID              string            `json:"worker_id,omitempty"`
	PoolID                string            `json:"pool_id,omitempty"`
	KeyRefHash            string            `json:"key_ref_hash,omitempty"`
	Released              bool              `json:"released,omitempty"`
	ExpiresAt             time.Time         `json:"expires_at,omitzero"`
	Signature             SignatureEnvelope `json:"signature,omitzero"`
}

type Lease added in v0.4.0

type Lease struct {
	ID                 string            `json:"id"`
	TaskID             string            `json:"task_id"`
	WorkerID           string            `json:"worker_id"`
	PoolID             string            `json:"pool_id"`
	Executor           ExecutorRef       `json:"executor"`
	CapabilitySnapshot Capabilities      `json:"capability_snapshot"`
	AllowedPushTargets []string          `json:"allowed_push_targets,omitempty"`
	AllowedPullTargets []string          `json:"allowed_pull_targets,omitempty"`
	NetworkPolicy      NetworkPolicy     `json:"network_policy,omitzero"`
	P2PSessionPolicy   *P2PSessionPolicy `json:"p2p_session_policy,omitempty"`
	ResiduePolicy      ResiduePolicy     `json:"residue_policy,omitzero"`
	LeasedAt           time.Time         `json:"leased_at"`
	ExpiresAt          time.Time         `json:"expires_at"`
}

func (Lease) Validate added in v0.4.0

func (l Lease) Validate() error

type LivenessNonce added in v0.8.0

type LivenessNonce struct {
	Nonce          string    `json:"nonce"`
	IssuedAt       time.Time `json:"issued_at"`
	ReflectedInSeq int       `json:"reflected_in_seq"`
}

LivenessNonce is issued by the host and must appear in the manifest within a reflection window, proving the stream is live and not a replay.

type ManagedRuntimeBundleDescriptor added in v0.6.0

type ManagedRuntimeBundleDescriptor struct {
	ProtocolVersion    string                          `json:"protocol_version,omitempty"`
	BundleID           string                          `json:"bundle_id"`
	Family             RuntimeBackendFamily            `json:"family"`
	Tool               ContainerRuntimeTool            `json:"tool,omitempty"`
	Version            string                          `json:"version"`
	OS                 string                          `json:"os"`
	Arch               string                          `json:"arch"`
	ArtifactName       string                          `json:"artifact_name"`
	ArtifactDigest     string                          `json:"artifact_digest"`
	ChecksumName       string                          `json:"checksum_name"`
	ChecksumDigest     string                          `json:"checksum_digest"`
	SignatureName      string                          `json:"signature_name"`
	SignatureDigest    string                          `json:"signature_digest"`
	SignatureIssuer    string                          `json:"signature_issuer"`
	SignatureKeyID     string                          `json:"signature_key_id"`
	TrustRootDigest    string                          `json:"trust_root_digest"`
	SignatureSubject   ManagedRuntimeSignatureSubject  `json:"signature_subject"`
	ValidUntil         time.Time                       `json:"valid_until,omitzero"`
	UpdatePolicy       ManagedRuntimeUpdatePolicy      `json:"update_policy"`
	CVEPolicy          ManagedRuntimeCVEPolicy         `json:"cve_policy"`
	ScopedStore        ManagedRuntimeScopedStorePolicy `json:"scoped_store"`
	SupportedTargets   []ManagedRuntimeTarget          `json:"supported_targets"`
	ConformanceProfile string                          `json:"conformance_profile"`
	InstallBurden      RuntimeInstallBurden            `json:"install_burden"`
}

func (ManagedRuntimeBundleDescriptor) Validate added in v0.6.0

func (ManagedRuntimeBundleDescriptor) ValidateAt added in v0.6.0

func (d ManagedRuntimeBundleDescriptor) ValidateAt(now time.Time) error

type ManagedRuntimeCVEPolicy added in v0.6.0

type ManagedRuntimeCVEPolicy struct {
	PolicyDigest     string   `json:"policy_digest"`
	BlockedVersions  []string `json:"blocked_versions,omitempty"`
	RevokedKeyIDs    []string `json:"revoked_key_ids,omitempty"`
	UpdatedByVersion string   `json:"updated_by_version"`
}

func (ManagedRuntimeCVEPolicy) Validate added in v0.6.0

func (p ManagedRuntimeCVEPolicy) Validate() []error

type ManagedRuntimeScopedStorePolicy added in v0.6.0

type ManagedRuntimeScopedStorePolicy struct {
	Required                      bool   `json:"required"`
	NamespaceStrategy             string `json:"namespace_strategy"`
	StoreStrategy                 string `json:"store_strategy"`
	PolicyDigest                  string `json:"policy_digest"`
	CleanupRequired               bool   `json:"cleanup_required"`
	HostGlobalVisibilityForbidden bool   `json:"host_global_visibility_forbidden"`
}

func (ManagedRuntimeScopedStorePolicy) Validate added in v0.6.0

func (p ManagedRuntimeScopedStorePolicy) Validate() []error

type ManagedRuntimeSignatureSubject added in v0.6.0

type ManagedRuntimeSignatureSubject struct {
	ArtifactDigest          string               `json:"artifact_digest"`
	RuntimeFamily           RuntimeBackendFamily `json:"runtime_family"`
	OS                      string               `json:"os"`
	Arch                    string               `json:"arch"`
	Version                 string               `json:"version"`
	Channel                 string               `json:"channel"`
	ConformanceProfile      string               `json:"conformance_profile"`
	ScopedStorePolicyDigest string               `json:"scoped_store_policy_digest"`
}

type ManagedRuntimeTarget added in v0.6.0

type ManagedRuntimeTarget struct {
	OS   string `json:"os"`
	Arch string `json:"arch"`
}

type ManagedRuntimeUpdatePolicy added in v0.6.0

type ManagedRuntimeUpdatePolicy struct {
	Channel             string   `json:"channel"`
	MinSupportedVersion string   `json:"min_supported_version"`
	BlockedVersions     []string `json:"blocked_versions,omitempty"`
}

func (ManagedRuntimeUpdatePolicy) Validate added in v0.6.0

func (p ManagedRuntimeUpdatePolicy) Validate() []error

type MarketplaceAbuseCase added in v0.7.0

type MarketplaceAbuseCase struct {
	ProtocolVersion string                        `json:"protocol_version,omitempty"`
	ID              string                        `json:"id"`
	OrgID           string                        `json:"org_id"`
	ProductID       string                        `json:"product_id,omitempty"`
	SubjectKind     MarketplaceAbuseSubjectKind   `json:"subject_kind"`
	SubjectID       string                        `json:"subject_id"`
	Severity        MarketplaceAbuseSeverity      `json:"severity"`
	Status          MarketplaceAbuseStatus        `json:"status"`
	Reason          string                        `json:"reason"`
	EvidenceRefs    []MarketplaceAbuseEvidenceRef `json:"evidence_refs,omitempty"`
	TaskID          string                        `json:"task_id,omitempty"`
	ProofID         string                        `json:"proof_id,omitempty"`
	RouteRef        string                        `json:"route_ref,omitempty"`
	CreatedAt       time.Time                     `json:"created_at,omitempty"`
	UpdatedAt       time.Time                     `json:"updated_at,omitempty"`
	ResolvedAt      time.Time                     `json:"resolved_at,omitempty"`
}

func (MarketplaceAbuseCase) Validate added in v0.7.0

func (c MarketplaceAbuseCase) Validate() error

type MarketplaceAbuseEvidenceRef added in v0.7.0

type MarketplaceAbuseEvidenceRef struct {
	Ref    string `json:"ref"`
	Digest string `json:"digest,omitempty"`
	Note   string `json:"note,omitempty"`
}

func (MarketplaceAbuseEvidenceRef) Validate added in v0.7.0

func (r MarketplaceAbuseEvidenceRef) Validate() error

type MarketplaceAbuseSeverity added in v0.7.0

type MarketplaceAbuseSeverity string
const (
	MarketplaceAbuseSeverityLow      MarketplaceAbuseSeverity = "low"
	MarketplaceAbuseSeverityMedium   MarketplaceAbuseSeverity = "medium"
	MarketplaceAbuseSeverityHigh     MarketplaceAbuseSeverity = "high"
	MarketplaceAbuseSeverityCritical MarketplaceAbuseSeverity = "critical"
)

type MarketplaceAbuseStatus added in v0.7.0

type MarketplaceAbuseStatus string
const (
	MarketplaceAbuseStatusOpen      MarketplaceAbuseStatus = "open"
	MarketplaceAbuseStatusInReview  MarketplaceAbuseStatus = "in_review"
	MarketplaceAbuseStatusActioned  MarketplaceAbuseStatus = "actioned"
	MarketplaceAbuseStatusDismissed MarketplaceAbuseStatus = "dismissed"
	MarketplaceAbuseStatusResolved  MarketplaceAbuseStatus = "resolved"
)

type MarketplaceAbuseSubjectKind added in v0.7.0

type MarketplaceAbuseSubjectKind string
const (
	MarketplaceAbuseSubjectProduct   MarketplaceAbuseSubjectKind = "product"
	MarketplaceAbuseSubjectRequestor MarketplaceAbuseSubjectKind = "requestor"
	MarketplaceAbuseSubjectProvider  MarketplaceAbuseSubjectKind = "provider"
	MarketplaceAbuseSubjectRouter    MarketplaceAbuseSubjectKind = "router"
	MarketplaceAbuseSubjectVerifier  MarketplaceAbuseSubjectKind = "verifier"
)

type MarketplaceOperationsPolicy added in v0.7.0

type MarketplaceOperationsPolicy struct {
	ProtocolVersion      string    `json:"protocol_version,omitempty"`
	ID                   string    `json:"id,omitempty"`
	Enabled              bool      `json:"enabled"`
	Version              int       `json:"version,omitempty"`
	TermsVersion         string    `json:"terms_version,omitempty"`
	RewardPolicyVersion  string    `json:"reward_policy_version,omitempty"`
	DisputeWindowHours   int       `json:"dispute_window_hours,omitempty"`
	AbuseContact         string    `json:"abuse_contact,omitempty"`
	PayoutProvider       string    `json:"payout_provider,omitempty"`
	ActivePayoutKeyID    string    `json:"active_payout_key_id,omitempty"`
	PreviousPayoutKeyIDs []string  `json:"previous_payout_key_ids,omitempty"`
	CreatedAt            time.Time `json:"created_at,omitempty"`
	UpdatedAt            time.Time `json:"updated_at,omitempty"`
}

func (MarketplaceOperationsPolicy) Validate added in v0.7.0

func (p MarketplaceOperationsPolicy) Validate() error

type MarketplaceOperatorPolicy added in v0.7.0

type MarketplaceOperatorPolicy struct {
	ProtocolVersion         string    `json:"protocol_version,omitempty"`
	ID                      string    `json:"id,omitempty"`
	Enabled                 bool      `json:"enabled"`
	Version                 int       `json:"version,omitempty"`
	OperatorID              string    `json:"operator_id,omitempty"`
	AllowedOrgIDs           []string  `json:"allowed_org_ids,omitempty"`
	AllowedProductIDs       []string  `json:"allowed_product_ids,omitempty"`
	TrustedFederationKeyIDs []string  `json:"trusted_federation_key_ids,omitempty"`
	CreatedAt               time.Time `json:"created_at,omitempty"`
	UpdatedAt               time.Time `json:"updated_at,omitempty"`
}

func (MarketplaceOperatorPolicy) Validate added in v0.7.0

func (p MarketplaceOperatorPolicy) Validate() error

type MarketplacePayoutKeyRotationRequest added in v0.7.0

type MarketplacePayoutKeyRotationRequest struct {
	ProtocolVersion       string `json:"protocol_version,omitempty"`
	NewPayoutKeyID        string `json:"new_payout_key_id"`
	RequireCurrentVersion int    `json:"require_current_version,omitempty"`
	Reason                string `json:"reason,omitempty"`
}

func (MarketplacePayoutKeyRotationRequest) Validate added in v0.7.0

type MarketplaceSuspension added in v0.7.0

type MarketplaceSuspension struct {
	ProtocolVersion string           `json:"protocol_version,omitempty"`
	ID              string           `json:"id"`
	OrgID           string           `json:"org_id"`
	Scope           SuspensionScope  `json:"scope"`
	SubjectID       string           `json:"subject_id"`
	ProductID       string           `json:"product_id,omitempty"`
	Reason          string           `json:"reason"`
	Status          SuspensionStatus `json:"status"`
	CreatedAt       time.Time        `json:"created_at,omitempty"`
	LiftedAt        time.Time        `json:"lifted_at,omitempty"`
}

func (MarketplaceSuspension) Validate added in v0.7.0

func (s MarketplaceSuspension) Validate() error

type MarketplaceTrustRootRotationRequest added in v0.7.0

type MarketplaceTrustRootRotationRequest struct {
	ProtocolVersion               string   `json:"protocol_version,omitempty"`
	AddTrustedFederationKeyIDs    []string `json:"add_trusted_federation_key_ids,omitempty"`
	RemoveTrustedFederationKeyIDs []string `json:"remove_trusted_federation_key_ids,omitempty"`
	RequireCurrentVersion         int      `json:"require_current_version,omitempty"`
	Reason                        string   `json:"reason,omitempty"`
}

func (MarketplaceTrustRootRotationRequest) Validate added in v0.7.0

type MediaTransformSpec added in v0.8.0

type MediaTransformSpec struct {
	Scale         string      `json:"scale,omitempty"`
	Crop          string      `json:"crop,omitempty"`
	Pan           string      `json:"pan,omitempty"`
	FPS           int         `json:"fps,omitempty"`
	Codec         string      `json:"codec,omitempty"`
	Container     string      `json:"container,omitempty"`
	BitrateKbps   int         `json:"bitrate_kbps,omitempty"`
	Transpose     string      `json:"transpose,omitempty"`
	RotateDegrees int         `json:"rotate_degrees,omitempty"`
	Renditions    []Rendition `json:"renditions,omitempty"`
}

MediaTransformSpec defines a media-transform workload.

func (MediaTransformSpec) Validate added in v0.8.0

func (m MediaTransformSpec) Validate() error

Validate returns an error if the MediaTransformSpec is not well-formed.

type NetworkAuditDestination added in v0.2.0

type NetworkAuditDestination struct {
	Kind  NetworkAuditDestinationKind `json:"kind"`
	Value string                      `json:"value"`
}

func NewNetworkAuditLifecycleDestination added in v0.2.0

func NewNetworkAuditLifecycleDestination(leaseID, event string) (NetworkAuditDestination, error)

type NetworkAuditDestinationKind added in v0.2.0

type NetworkAuditDestinationKind string
const (
	NetworkAuditDestinationEndpoint  NetworkAuditDestinationKind = "endpoint"
	NetworkAuditDestinationSHA256    NetworkAuditDestinationKind = "sha256"
	NetworkAuditDestinationArtifact  NetworkAuditDestinationKind = "artifact"
	NetworkAuditDestinationLifecycle NetworkAuditDestinationKind = "network-lifecycle"
)

type NetworkAuditProviderEvidence added in v0.2.0

type NetworkAuditProviderEvidence struct {
	ProviderID       string `json:"provider_id,omitempty"`
	PluginName       string `json:"plugin_name,omitempty"`
	PluginVersion    string `json:"plugin_version,omitempty"`
	ContractID       string `json:"contract_id,omitempty"`
	ContractVersion  string `json:"contract_version,omitempty"`
	DescriptorDigest string `json:"descriptor_digest,omitempty"`
}

type NetworkAuditRecord added in v0.2.0

type NetworkAuditRecord struct {
	ProtocolVersion string                       `json:"protocol_version"`
	RecordID        string                       `json:"record_id"`
	TaskID          string                       `json:"task_id,omitempty"`
	LeaseID         string                       `json:"lease_id,omitempty"`
	WorkerID        string                       `json:"worker_id,omitempty"`
	Provider        NetworkAuditProviderEvidence `json:"provider,omitempty"`
	Destination     NetworkAuditDestination      `json:"destination"`
	ResourceUsage   ResourceUsage                `json:"resource_usage,omitempty"`
	Labels          map[string]string            `json:"labels,omitempty"`
	StartedAt       time.Time                    `json:"started_at,omitempty"`
	FinishedAt      time.Time                    `json:"finished_at,omitempty"`
	ObservedAt      time.Time                    `json:"observed_at,omitempty"`
}

func NetworkAuditRecordFromProto added in v0.2.0

func NetworkAuditRecordFromProto(message *pb.NetworkAuditRecord) (NetworkAuditRecord, error)

func (NetworkAuditRecord) ToProto added in v0.2.0

func (NetworkAuditRecord) Validate added in v0.2.0

func (r NetworkAuditRecord) Validate() error

func (NetworkAuditRecord) ValidateNetworkAudit added in v0.2.0

func (r NetworkAuditRecord) ValidateNetworkAudit() []NetworkAuditValidationIssue

type NetworkAuditRefOptions added in v0.2.0

type NetworkAuditRefOptions struct {
	Stability NetworkAuditRefStability
	Timestamp time.Time
}

type NetworkAuditRefProjection added in v0.2.0

type NetworkAuditRefProjection struct {
	Ref       string                   `json:"ref"`
	Epoch     string                   `json:"epoch"`
	Stability NetworkAuditRefStability `json:"stability"`
	Timestamp string                   `json:"timestamp"`
}

type NetworkAuditRefProjector added in v0.2.0

type NetworkAuditRefProjector struct {
	// contains filtered or unexported fields
}

func NewNetworkAuditRefProjector added in v0.2.0

func NewNetworkAuditRefProjector(key []byte) (NetworkAuditRefProjector, error)

func (NetworkAuditRefProjector) Project added in v0.2.0

type NetworkAuditRefStability added in v0.2.0

type NetworkAuditRefStability string
const (
	NetworkAuditRefStable    NetworkAuditRefStability = "stable"
	NetworkAuditRefEphemeral NetworkAuditRefStability = "ephemeral"
)

type NetworkAuditValidationCode added in v0.2.0

type NetworkAuditValidationCode string
const (
	NetworkAuditValidationProtocolVersionInvalid NetworkAuditValidationCode = "protocol_version_invalid"
	NetworkAuditValidationRecordIDRequired       NetworkAuditValidationCode = "record_id_required"
	NetworkAuditValidationDestinationRequired    NetworkAuditValidationCode = "destination_required"
	NetworkAuditValidationDestinationInvalid     NetworkAuditValidationCode = "destination_invalid"
	NetworkAuditValidationResourceUsageInvalid   NetworkAuditValidationCode = "resource_usage_invalid"
	NetworkAuditValidationLabelInvalid           NetworkAuditValidationCode = "label_invalid"
	NetworkAuditValidationLabelCountExceeded     NetworkAuditValidationCode = "label_count_exceeded"
	NetworkAuditValidationTimeRangeInvalid       NetworkAuditValidationCode = "time_range_invalid"
	NetworkAuditValidationProviderInvalid        NetworkAuditValidationCode = "provider_invalid"
)

type NetworkAuditValidationError added in v0.2.0

type NetworkAuditValidationError struct {
	Issues []NetworkAuditValidationIssue
}

func (NetworkAuditValidationError) Error added in v0.2.0

type NetworkAuditValidationIssue added in v0.2.0

type NetworkAuditValidationIssue struct {
	Code    NetworkAuditValidationCode `json:"code"`
	Field   string                     `json:"field"`
	Message string                     `json:"message"`
}

func ClassifyLegacyNetworkAuditRecord added in v0.2.0

func ClassifyLegacyNetworkAuditRecord(record map[string]any) []NetworkAuditValidationIssue

func ProjectNetworkAuditLabels added in v0.2.0

func ProjectNetworkAuditLabels(labels map[string]string) (map[string]string, []NetworkAuditValidationIssue)

type NetworkBinding added in v0.8.0

type NetworkBinding struct {
	Mode            NetworkMode `json:"mode,omitempty"`
	SandboxNetwork  string      `json:"sandbox_network,omitempty"`
	Captive         bool        `json:"captive,omitempty"`
	GatewayEndpoint string      `json:"gateway_endpoint,omitempty"`
	ProxyURL        string      `json:"proxy_url,omitempty"`
}

type NetworkDestination added in v0.4.0

type NetworkDestination struct {
	Protocol   string `json:"protocol,omitempty"`
	Host       string `json:"host,omitempty"`
	Port       int    `json:"port,omitempty"`
	ContentRef string `json:"content_ref,omitempty"`
}

func (NetworkDestination) Validate added in v0.4.0

func (d NetworkDestination) Validate() error

type NetworkMode

type NetworkMode string
const (
	NetworkModeDirect  NetworkMode = "direct"
	NetworkModeRelay   NetworkMode = "relay"
	NetworkModeTailnet NetworkMode = "tailnet"
	NetworkModeTor     NetworkMode = "tor"
	NetworkModeP2P     NetworkMode = "p2p"
	NetworkModeOffline NetworkMode = "offline"
)

type NetworkOperatingMode

type NetworkOperatingMode string
const (
	NetworkModeBatch        NetworkOperatingMode = "batch"
	NetworkModeWarmService  NetworkOperatingMode = "warm-service"
	NetworkModeNodeService  NetworkOperatingMode = "node-service"
	NetworkModeInferenceAPI NetworkOperatingMode = "inference-api"
)

type NetworkPolicy added in v0.4.0

type NetworkPolicy struct {
	Mode                NetworkMode          `json:"mode,omitempty"`
	AllowedDestinations []NetworkDestination `json:"allowed_destinations,omitempty"`
	IngressHostnames    []string             `json:"ingress_hostnames,omitempty"`
	AllowIngress        bool                 `json:"allow_ingress,omitempty"`
	AuditDestinations   bool                 `json:"audit_destinations,omitempty"`
}

func (NetworkPolicy) Validate added in v0.4.0

func (p NetworkPolicy) Validate() error

type NetworkProduct

type NetworkProduct struct {
	ProtocolVersion      string                    `json:"protocol_version"`
	ID                   string                    `json:"id"`
	DisplayName          string                    `json:"display_name,omitempty"`
	Purpose              string                    `json:"purpose,omitempty"`
	OperatingMode        NetworkOperatingMode      `json:"operating_mode"`
	OrgID                string                    `json:"org_id"`
	PoolID               string                    `json:"pool_id"`
	WorkloadKinds        []string                  `json:"workload_kinds"`
	SecurityFloor        PlacementRequirements     `json:"security_floor"`
	ProofPolicy          ProofPolicy               `json:"proof_policy,omitzero"`
	SessionPolicy        SessionPolicy             `json:"session_policy,omitzero"`
	ProviderConfig       ProviderConfig            `json:"provider_config,omitzero"`
	NetworkModes         []NetworkMode             `json:"network_modes"`
	PlacementConstraints PlacementConstraints      `json:"placement_constraints,omitzero"`
	RewardPolicy         string                    `json:"reward_policy"`
	AbusePolicy          string                    `json:"abuse_policy"`
	SettlementAccountID  string                    `json:"settlement_account_id,omitempty"`
	SettlementTarget     SettlementTarget          `json:"settlement_target,omitzero"`
	CryptoRewardRouting  CryptoRewardRoutingPolicy `json:"crypto_reward_routing,omitzero"`
	ContributionPolicy   ContributionPolicy        `json:"contribution_policy,omitzero"`
	AccessPolicy         AccessPolicy              `json:"access_policy,omitzero"`
	ResiduePolicy        ResiduePolicy             `json:"residue_policy,omitzero"`
	AdmissionMode        string                    `json:"admission_mode,omitempty"`
	AllowPublic          bool                      `json:"allow_public,omitempty"`
	CreatedAt            time.Time                 `json:"created_at,omitempty"`
}

func (NetworkProduct) Validate

func (p NetworkProduct) Validate() error

type NodeServiceWorkload added in v0.3.3

type NodeServiceWorkload struct {
	ImageRef        string      `json:"image_ref"`
	ComponentRef    string      `json:"component_ref,omitempty"`
	ComponentDigest string      `json:"component_digest,omitempty"`
	Chain           string      `json:"chain"`
	Network         string      `json:"network"`
	DataDirRef      string      `json:"data_dir_ref"`
	RPCSecretRef    string      `json:"rpc_secret_ref"`
	PeerPolicy      PeerPolicy  `json:"peer_policy"`
	ArtifactRefs    []string    `json:"artifact_refs,omitempty"`
	Command         []string    `json:"command,omitempty"`
	HealthCheck     HealthCheck `json:"health_check,omitzero"`
	Env             []EnvRef    `json:"env,omitempty"`
}

func (NodeServiceWorkload) Validate added in v0.3.3

func (w NodeServiceWorkload) Validate() error

type P2PSessionLimits added in v0.4.0

type P2PSessionLimits struct {
	MaxPeers           int   `json:"max_peers"`
	MaxBytesPerPeer    int64 `json:"max_bytes_per_peer,omitempty"`
	MaxSessionBytes    int64 `json:"max_session_bytes,omitempty"`
	MaxDurationSeconds int   `json:"max_duration_seconds,omitempty"`
}

func (P2PSessionLimits) Validate added in v0.4.0

func (l P2PSessionLimits) Validate() error

type P2PSessionMode added in v0.4.0

type P2PSessionMode string
const (
	P2PSessionModeRelay   P2PSessionMode = "relay"
	P2PSessionModeStream  P2PSessionMode = "p2p_stream"
	P2PSessionModeContent P2PSessionMode = "p2p_content"
)

type P2PSessionPeer added in v0.4.0

type P2PSessionPeer struct {
	ID             string `json:"id"`
	Role           string `json:"role"`
	Alias          string `json:"alias,omitempty"`
	ContentURL     string `json:"content_url,omitempty"`
	IdentitySHA256 string `json:"identity_sha256,omitempty"`
}

func (P2PSessionPeer) Validate added in v0.4.0

func (p P2PSessionPeer) Validate() error

type P2PSessionPolicy added in v0.4.0

type P2PSessionPolicy struct {
	ProtocolVersion        string               `json:"protocol_version,omitempty"`
	SessionID              string               `json:"session_id"`
	ProductID              string               `json:"product_id"`
	OrgID                  string               `json:"org_id"`
	NetworkID              string               `json:"network_id"`
	OperatorID             string               `json:"operator_id"`
	PolicyVersion          string               `json:"policy_version"`
	IssuedAt               time.Time            `json:"issued_at"`
	NotBefore              time.Time            `json:"not_before"`
	ExpiresAt              time.Time            `json:"expires_at"`
	SessionGeneration      int                  `json:"session_generation"`
	EventID                string               `json:"event_id"`
	Nonce                  string               `json:"nonce"`
	Mode                   P2PSessionMode       `json:"mode"`
	Peers                  []P2PSessionPeer     `json:"peers"`
	AllowedProtocols       []string             `json:"allowed_protocols"`
	ContentRefs            []string             `json:"content_refs,omitempty"`
	RouteRefs              []string             `json:"route_refs,omitempty"`
	AllowedDestinations    []NetworkDestination `json:"allowed_destinations,omitempty"`
	IngressHostnames       []string             `json:"ingress_hostnames,omitempty"`
	Limits                 P2PSessionLimits     `json:"limits"`
	ProofPolicy            string               `json:"proof_policy,omitempty"`
	RewardPolicyRef        string               `json:"reward_policy_ref,omitempty"`
	RevocationFeedID       string               `json:"revocation_feed_id"`
	RevocationFreshUntil   time.Time            `json:"revocation_fresh_until"`
	KillDirectiveRefs      []string             `json:"kill_directive_refs,omitempty"`
	PreviousGenerationHash string               `json:"previous_generation_hash,omitempty"`
	PolicyHash             string               `json:"policy_hash"`
	Signature              SignatureEnvelope    `json:"signature"`
}

func (P2PSessionPolicy) SigningPayload added in v0.4.0

func (p P2PSessionPolicy) SigningPayload() P2PSessionPolicy

func (P2PSessionPolicy) Validate added in v0.4.0

func (p P2PSessionPolicy) Validate(now time.Time) error

type PeerPolicy added in v0.3.3

type PeerPolicy struct {
	Mode            string   `json:"mode"`
	AllowedPeers    []string `json:"allowed_peers,omitempty"`
	EgressAllowlist []string `json:"egress_allowlist,omitempty"`
}

func (PeerPolicy) Validate added in v0.3.3

func (p PeerPolicy) Validate() error

type PlacementCapabilities

type PlacementCapabilities struct {
	DiskBytes      int64    `json:"disk_bytes,omitempty"`
	MemoryBytes    int64    `json:"memory_bytes,omitempty"`
	BandwidthMbps  int64    `json:"bandwidth_mbps,omitempty"`
	IngressCapable bool     `json:"ingress_capable,omitempty"`
	CapabilityTags []string `json:"capability_tags,omitempty"`
}

type PlacementConstraints

type PlacementConstraints struct {
	Chain                string          `json:"chain,omitempty"`
	Role                 string          `json:"role,omitempty"`
	MinDiskBytes         int64           `json:"min_disk_bytes,omitempty"`
	MinMemoryBytes       int64           `json:"min_memory_bytes,omitempty"`
	MinBandwidthMbps     int64           `json:"min_bandwidth_mbps,omitempty"`
	RequiresIngress      bool            `json:"requires_ingress,omitempty"`
	RequiredCapabilities []string        `json:"required_capabilities,omitempty"`
	WalletRef            string          `json:"wallet_ref,omitempty"`
	StorageGuidance      StorageGuidance `json:"storage_guidance,omitzero"`
}

func (PlacementConstraints) IsZero

func (c PlacementConstraints) IsZero() bool

func (PlacementConstraints) Validate

func (c PlacementConstraints) Validate(required bool, target SettlementTarget) error

type PlacementNetworkPolicy

type PlacementNetworkPolicy struct {
	AllowIngress bool `json:"allow_ingress,omitempty"`
}

type PlacementRequirementCapabilities

type PlacementRequirementCapabilities struct {
	CapabilityTags    []string                   `json:"capability_tags,omitempty"`
	ExecutorProviders []string                   `json:"executor_providers,omitempty"`
	ExecutionTiers    []ExecutionSecurityTier    `json:"execution_tiers,omitempty"`
	ProofTiers        []ProofTier                `json:"proof_tiers,omitempty"`
	CapabilityReports []ProviderCapabilityReport `json:"capability_reports,omitempty"`
	Executors         []ExecutorRef              `json:"executors,omitempty"`
}

type PlacementRequirements

type PlacementRequirements struct {
	ExecutorProvider      string                `json:"executor_provider,omitempty"`
	ExecutionSecurityTier ExecutionSecurityTier `json:"execution_security_tier,omitempty"`
	ProofTier             ProofTier             `json:"proof_tier,omitempty"`
	HardwareClass         string                `json:"hardware_class,omitempty"`
	RequiredCapabilities  []string              `json:"required_capabilities,omitempty"`
}

type ProductCaptureMode added in v0.3.2

type ProductCaptureMode string
const (
	ProductCaptureModeBrowser  ProductCaptureMode = "browser"
	ProductCaptureModeMetadata ProductCaptureMode = "metadata"
)

type ProductCaptureWorkload added in v0.3.2

type ProductCaptureWorkload struct {
	URL            string             `json:"url"`
	AllowedHosts   []string           `json:"allowed_hosts"`
	CaptureMode    ProductCaptureMode `json:"capture_mode,omitempty"`
	TimeoutSeconds int                `json:"timeout_seconds,omitempty"`
	MaxHTMLBytes   int64              `json:"max_html_bytes,omitempty"`
	MaxImageCount  int                `json:"max_image_count,omitempty"`
	MetadataOnly   bool               `json:"metadata_only,omitempty"`
}

func (ProductCaptureWorkload) Validate added in v0.3.2

func (w ProductCaptureWorkload) Validate() error

type ProofList added in v0.4.0

type ProofList struct {
	Proofs []ProofReceipt `json:"proofs"`
}

type ProofPolicy

type ProofPolicy struct {
	Quorum      int `json:"quorum,omitempty"`
	MaxAttempts int `json:"max_attempts,omitempty"`
}

type ProofReceipt

type ProofReceipt struct {
	ID                    string         `json:"id"`
	OrgID                 string         `json:"org_id"`
	TaskID                string         `json:"task_id"`
	TaskHash              string         `json:"task_hash"`
	InputHash             string         `json:"input_hash"`
	DependencyClosureHash string         `json:"dependency_closure_hash"`
	Executor              ExecutorRef    `json:"executor"`
	WorkerID              string         `json:"worker_id"`
	PoolID                string         `json:"pool_id"`
	PolicyID              string         `json:"policy_id"`
	StartedAt             time.Time      `json:"started_at"`
	FinishedAt            time.Time      `json:"finished_at"`
	ExitCode              int            `json:"exit_code,omitempty"`
	ResourceUsage         ResourceUsage  `json:"resource_usage"`
	ArtifactHash          string         `json:"artifact_hash"`
	ResultPreview         map[string]any `json:"result_preview,omitempty"`
	Verifier              VerifierResult `json:"verifier"`
	AgentSignature        string         `json:"agent_signature"`
}

func (ProofReceipt) Validate

func (r ProofReceipt) Validate() error

type ProofTier

type ProofTier string
const (
	ProofReceiptOnly           ProofTier = "receipt-only"
	ProofArtifactHash          ProofTier = "artifact-hash"
	ProofReplicatedQuorum      ProofTier = "replicated-quorum"
	ProofAttestedReceipt       ProofTier = "attested-receipt"
	ProofAttestedQuorum        ProofTier = "attested-quorum"
	ProofZKReplay              ProofTier = "zk-replay"
	ProofStreamSegmentManifest ProofTier = "stream-segment-manifest"
)

type ProviderArtifactDelivery added in v0.3.0

type ProviderArtifactDelivery struct {
	ProtocolVersion string                           `json:"protocol_version,omitempty"`
	ID              string                           `json:"id"`
	OrgID           string                           `json:"org_id"`
	PoolID          string                           `json:"pool_id"`
	ProductID       string                           `json:"product_id,omitempty"`
	TaskID          string                           `json:"task_id"`
	ProofID         string                           `json:"proof_id"`
	WorkerID        string                           `json:"worker_id"`
	ProviderConfig  ProviderConfig                   `json:"provider_config"`
	Operation       string                           `json:"operation"`
	ReturnSpec      ProviderArtifactReturnSpec       `json:"provider_return"`
	Artifact        ProviderArtifactDeliveryArtifact `json:"artifact"`
	Status          ProviderArtifactDeliveryStatus   `json:"status"`
	Attempts        int                              `json:"attempts,omitempty"`
	LastErrorHash   string                           `json:"last_error_hash,omitempty"`
	CreatedAt       time.Time                        `json:"created_at"`
	UpdatedAt       time.Time                        `json:"updated_at"`
}

func (ProviderArtifactDelivery) Validate added in v0.3.0

func (d ProviderArtifactDelivery) Validate() error

type ProviderArtifactDeliveryAction added in v0.3.0

type ProviderArtifactDeliveryAction struct {
	ProtocolVersion string                           `json:"protocol_version,omitempty"`
	DeliveryID      string                           `json:"delivery_id"`
	PluginID        string                           `json:"plugin_id"`
	ProviderID      string                           `json:"provider_id"`
	ContractID      string                           `json:"contract_id"`
	ContractVersion string                           `json:"contract_version,omitempty"`
	StepType        string                           `json:"step_type"`
	Operation       string                           `json:"operation"`
	SubmitEndpoint  string                           `json:"submit_endpoint,omitempty"`
	Artifact        ProviderArtifactDeliveryArtifact `json:"artifact"`
	TaskID          string                           `json:"task_id"`
	ProofID         string                           `json:"proof_id"`
}

type ProviderArtifactDeliveryArtifact added in v0.3.0

type ProviderArtifactDeliveryArtifact struct {
	Name        string    `json:"name"`
	Ref         string    `json:"ref"`
	ContentType string    `json:"content_type,omitempty"`
	SHA256      string    `json:"sha256"`
	SizeBytes   int64     `json:"size_bytes"`
	ExpiresAt   time.Time `json:"expires_at,omitempty"`
}

func (ProviderArtifactDeliveryArtifact) Validate added in v0.3.0

type ProviderArtifactDeliveryStatus added in v0.3.0

type ProviderArtifactDeliveryStatus string
const (
	ProviderArtifactDeliveryPending    ProviderArtifactDeliveryStatus = "pending"
	ProviderArtifactDeliveryDelivered  ProviderArtifactDeliveryStatus = "delivered"
	ProviderArtifactDeliveryFailed     ProviderArtifactDeliveryStatus = "failed"
	ProviderArtifactDeliveryDeadLetter ProviderArtifactDeliveryStatus = "dead_letter"
)

type ProviderArtifactDeliveryStatusUpdate added in v0.3.0

type ProviderArtifactDeliveryStatusUpdate struct {
	ProtocolVersion string                         `json:"protocol_version,omitempty"`
	DeliveryID      string                         `json:"delivery_id"`
	Status          ProviderArtifactDeliveryStatus `json:"status"`
	ProviderRef     string                         `json:"provider_ref,omitempty"`
	ErrorHash       string                         `json:"error_hash,omitempty"`
	ObservedAt      time.Time                      `json:"observed_at,omitempty"`
}

type ProviderArtifactReturnSpec added in v0.3.0

type ProviderArtifactReturnSpec struct {
	StepType        string   `json:"step_type"`
	Contract        string   `json:"contract"`
	ContractVersion string   `json:"contract_version,omitempty"`
	SubmitEndpoint  string   `json:"submit_endpoint,omitempty"`
	RequiredConfig  []string `json:"required_config,omitempty"`
	OutputHandling  []string `json:"output_handling,omitempty"`
}

func (ProviderArtifactReturnSpec) Enabled added in v0.3.0

func (s ProviderArtifactReturnSpec) Enabled() bool

func (ProviderArtifactReturnSpec) Validate added in v0.3.0

func (s ProviderArtifactReturnSpec) Validate() error

type ProviderArtifactSpec

type ProviderArtifactSpec struct {
	Name             string                      `json:"name"`
	Required         bool                        `json:"required,omitempty"`
	ContentType      string                      `json:"content_type,omitempty"`
	MaxBytes         int64                       `json:"max_bytes,omitempty"`
	RetentionSeconds int                         `json:"retention_seconds,omitempty"`
	Forwardable      bool                        `json:"forwardable,omitempty"`
	ProviderReturn   *ProviderArtifactReturnSpec `json:"provider_return,omitempty"`
}

type ProviderCapabilityReport

type ProviderCapabilityReport struct {
	Provider string                   `json:"provider"`
	Status   ProviderCapabilityStatus `json:"status"`
	Reason   string                   `json:"reason,omitempty"`
}

func ProviderCapabilityReportsFromRuntimeBackends added in v0.5.0

func ProviderCapabilityReportsFromRuntimeBackends(reports []RuntimeBackendReport) []ProviderCapabilityReport

type ProviderCapabilityStatus

type ProviderCapabilityStatus string
const (
	ProviderCapabilitySupported   ProviderCapabilityStatus = "supported"
	ProviderCapabilityDegraded    ProviderCapabilityStatus = "degraded"
	ProviderCapabilityUnsupported ProviderCapabilityStatus = "unsupported"
)

type ProviderConfig

type ProviderConfig struct {
	PluginID     string `json:"plugin_id,omitempty"`
	ProviderID   string `json:"provider_id,omitempty"`
	ContractID   string `json:"contract_id,omitempty"`
	Version      string `json:"version,omitempty"`
	ConfigRef    string `json:"config_ref,omitempty"`
	ConfigDigest string `json:"config_digest,omitempty"`
}

func (ProviderConfig) Validate

func (p ProviderConfig) Validate() error

type ProviderConformanceEvidence

type ProviderConformanceEvidence struct {
	ProtocolVersion       string    `json:"protocol_version"`
	ID                    string    `json:"id"`
	PluginID              string    `json:"plugin_id"`
	ProviderID            string    `json:"provider_id"`
	ContractID            string    `json:"contract_id"`
	Version               string    `json:"version"`
	RuntimeProfileID      string    `json:"runtime_profile_id"`
	ConformanceProfile    string    `json:"conformance_profile"`
	UpstreamClientName    string    `json:"upstream_client_name"`
	UpstreamClientVersion string    `json:"upstream_client_version"`
	EvidenceRef           string    `json:"evidence_ref"`
	EvidenceDigest        string    `json:"evidence_digest"`
	ObservedAt            time.Time `json:"observed_at"`
	CreatedAt             time.Time `json:"created_at,omitempty"`
}

func (ProviderConformanceEvidence) Validate

func (e ProviderConformanceEvidence) Validate() error

type ProviderContract

type ProviderContract struct {
	ProtocolVersion        string                  `json:"protocol_version"`
	ID                     string                  `json:"id"`
	PluginID               string                  `json:"plugin_id"`
	ProviderID             string                  `json:"provider_id"`
	ContractID             string                  `json:"contract_id"`
	Version                string                  `json:"version"`
	DisplayName            string                  `json:"display_name,omitempty"`
	OrgID                  string                  `json:"org_id,omitempty"`
	PoolID                 string                  `json:"pool_id,omitempty"`
	AccessPolicy           AccessPolicy            `json:"access_policy,omitzero"`
	ConfigSchemaRef        string                  `json:"config_schema_ref"`
	ConfigSchemaDigest     string                  `json:"config_schema_digest"`
	OperatingModes         []NetworkOperatingMode  `json:"operating_modes"`
	WorkloadKinds          []string                `json:"workload_kinds"`
	ExecutorProviders      []string                `json:"executor_providers"`
	ExecutionSecurityTiers []ExecutionSecurityTier `json:"execution_security_tiers"`
	ProofTiers             []ProofTier             `json:"proof_tiers"`
	NetworkModes           []NetworkMode           `json:"network_modes"`
	Operations             []ProviderOperation     `json:"operations,omitempty"`
	RuntimeContract        ProviderRuntimeContract `json:"runtime_contract"`
	CreatedAt              time.Time               `json:"created_at,omitempty"`
}

func (*ProviderContract) ApplyProviderConformanceEvidence

func (c *ProviderContract) ApplyProviderConformanceEvidence(evidence ProviderConformanceEvidence) error

func (ProviderContract) Matches

func (c ProviderContract) Matches(config ProviderConfig) bool

func (ProviderContract) SupportsOperation

func (c ProviderContract) SupportsOperation(operation string) bool

func (ProviderContract) SupportsProduct

func (c ProviderContract) SupportsProduct(product NetworkProduct) error

func (ProviderContract) Validate

func (c ProviderContract) Validate() error

type ProviderOperation

type ProviderOperation struct {
	ID                 string                 `json:"id"`
	InputSchemaRef     string                 `json:"input_schema_ref"`
	InputSchemaDigest  string                 `json:"input_schema_digest"`
	OutputSchemaRef    string                 `json:"output_schema_ref"`
	OutputSchemaDigest string                 `json:"output_schema_digest"`
	Artifacts          []string               `json:"artifacts,omitempty"`
	ArtifactSpecs      []ProviderArtifactSpec `json:"artifact_specs,omitempty"`
}

func (ProviderOperation) NormalizedArtifactSpecs

func (o ProviderOperation) NormalizedArtifactSpecs() []ProviderArtifactSpec

func (ProviderOperation) Validate

func (o ProviderOperation) Validate() error

type ProviderRuntimeContract

type ProviderRuntimeContract struct {
	Profiles []ProviderRuntimeProfile `json:"profiles"`
}

func DefaultProviderRuntimeContract

func DefaultProviderRuntimeContract(executors []string, tiers []ExecutionSecurityTier, proofs []ProofTier, options ProviderRuntimeContractOptions) ProviderRuntimeContract

func (ProviderRuntimeContract) RuntimeProfileForRequirements

func (c ProviderRuntimeContract) RuntimeProfileForRequirements(req PlacementRequirements) (ProviderRuntimeProfile, bool)

func (ProviderRuntimeContract) SupportsProduct

func (c ProviderRuntimeContract) SupportsProduct(product NetworkProduct) bool

func (ProviderRuntimeContract) Validate

func (c ProviderRuntimeContract) Validate() error

type ProviderRuntimeContractOptions

type ProviderRuntimeContractOptions struct {
	ConformanceProfiles          []string
	UpstreamClientConformance    UpstreamClientConformance
	UpstreamClientEvidenceRef    string
	UpstreamClientEvidenceDigest string
}

type ProviderRuntimeProfile

type ProviderRuntimeProfile struct {
	ID                           string                    `json:"id"`
	RuntimeProfile               RuntimeProfile            `json:"runtime_profile"`
	ExecutorProvider             string                    `json:"executor_provider"`
	ExecutionSecurityTier        ExecutionSecurityTier     `json:"execution_security_tier"`
	ProofTier                    ProofTier                 `json:"proof_tier"`
	AllowedRuntimeTools          []ContainerRuntimeTool    `json:"allowed_runtime_tools,omitempty"`
	ImageDigestRequired          bool                      `json:"image_digest_required"`
	RootFSDigestRequired         bool                      `json:"rootfs_digest_required"`
	AllowedMountRefs             []string                  `json:"allowed_mount_refs,omitempty"`
	WritablePaths                []string                  `json:"writable_paths,omitempty"`
	WritableRootFS               RuntimePermission         `json:"writable_rootfs"`
	Privileged                   RuntimePermission         `json:"privileged"`
	HostNamespaces               RuntimePermission         `json:"host_namespaces"`
	HostSocket                   RuntimePermission         `json:"host_socket"`
	SeccompDisable               RuntimePermission         `json:"seccomp_disable"`
	NoNewPrivilegesDisable       RuntimePermission         `json:"no_new_privileges_disable"`
	AllowedCapabilities          []string                  `json:"allowed_capabilities,omitempty"`
	ConformanceProfiles          []string                  `json:"conformance_profiles,omitempty"`
	UpstreamClientConformance    UpstreamClientConformance `json:"upstream_client_conformance,omitempty"`
	UpstreamClientEvidenceRef    string                    `json:"upstream_client_evidence_ref,omitempty"`
	UpstreamClientEvidenceDigest string                    `json:"upstream_client_evidence_digest,omitempty"`
	HostWorkspaceSupported       bool                      `json:"host_workspace_supported,omitempty"`
	ResiduePolicy                ResiduePolicy             `json:"residue_policy,omitzero"`
	WASM                         WASMRuntimeContract       `json:"wasm,omitzero"`
}

func DefaultProviderRuntimeProfile

func DefaultProviderRuntimeProfile(executorProvider string, tier ExecutionSecurityTier, proof ProofTier) ProviderRuntimeProfile

func (ProviderRuntimeProfile) Validate

func (p ProviderRuntimeProfile) Validate() error

type ProviderUpstreamClientRequirement

type ProviderUpstreamClientRequirement struct {
	ProtocolVersion       string                      `json:"protocol_version"`
	PluginID              string                      `json:"plugin_id"`
	ProviderID            string                      `json:"provider_id"`
	ContractID            string                      `json:"contract_id"`
	Version               string                      `json:"version"`
	RuntimeProfileID      string                      `json:"runtime_profile_id"`
	ConformanceProfile    string                      `json:"conformance_profile"`
	DefaultConformance    UpstreamClientConformance   `json:"default_conformance"`
	RealClientConformance UpstreamClientConformance   `json:"real_client_conformance"`
	UpstreamClientName    string                      `json:"upstream_client_name"`
	VersionProbeCommand   []string                    `json:"version_probe_command,omitempty"`
	ImagePolicy           ProviderUpstreamImagePolicy `json:"image_policy"`
	RequiredEvidence      []string                    `json:"required_evidence,omitempty"`
	Notes                 []string                    `json:"notes,omitempty"`
}

func (ProviderUpstreamClientRequirement) Validate

type ProviderUpstreamImagePolicy

type ProviderUpstreamImagePolicy struct {
	DigestPinnedImageRequired     bool     `json:"digest_pinned_image_required"`
	OperatorSuppliedImageRequired bool     `json:"operator_supplied_image_required,omitempty"`
	RecommendedImageRef           string   `json:"recommended_image_ref,omitempty"`
	KnownImageRefs                []string `json:"known_image_refs,omitempty"`
}

func (ProviderUpstreamImagePolicy) Validate

func (p ProviderUpstreamImagePolicy) Validate() error

type ProviderWorkload added in v0.3.2

type ProviderWorkload struct {
	ProviderConfig  ProviderConfig    `json:"provider_config"`
	Operation       string            `json:"operation"`
	ImageRef        string            `json:"image_ref,omitempty"`
	ComponentRef    string            `json:"component_ref,omitempty"`
	ComponentDigest string            `json:"component_digest,omitempty"`
	ABI             string            `json:"abi,omitempty"`
	Input           json.RawMessage   `json:"input"`
	ArtifactRefs    []string          `json:"artifact_refs,omitempty"`
	ContentInputs   []ContentInputRef `json:"content_inputs,omitempty"`
	StreamInputs    []StreamInputRef  `json:"stream_inputs,omitempty"`
}

func (ProviderWorkload) Validate added in v0.3.2

func (w ProviderWorkload) Validate() error

type ReceiptVerificationOptions

type ReceiptVerificationOptions struct {
	CredentialTokenProofKey string
	AllowSoftwareFallback   bool
	VerifierProvider        string
	VerifierMessage         string
}

type RedundancyPolicy added in v0.8.0

type RedundancyPolicy struct {
	Tier              RedundancyTier `json:"tier"`
	StandbyCount      int            `json:"standby_count,omitempty"`
	CutoverDeadlineMS int            `json:"cutover_deadline_ms,omitempty"`
}

func (RedundancyPolicy) Validate added in v0.8.0

func (p RedundancyPolicy) Validate() error

type RedundancyTier added in v0.8.0

type RedundancyTier string
const (
	RedundancyNone         RedundancyTier = "none"
	RedundancyWarmStandby  RedundancyTier = "warm-standby"
	RedundancyActiveActive RedundancyTier = "active-active"
)

type Rendition added in v0.8.0

type Rendition struct {
	Name        string `json:"name"`
	Scale       string `json:"scale,omitempty"`
	BitrateKbps int    `json:"bitrate_kbps,omitempty"`
}

Rendition describes a single output variant in a transcoding ladder.

type ReputationEvent added in v0.7.0

type ReputationEvent struct {
	ProtocolVersion string                `json:"protocol_version,omitempty"`
	ID              string                `json:"id"`
	OrgID           string                `json:"org_id"`
	SubjectKind     ReputationSubjectKind `json:"subject_kind"`
	SubjectID       string                `json:"subject_id"`
	ProductID       string                `json:"product_id,omitempty"`
	TaskID          string                `json:"task_id,omitempty"`
	ProofID         string                `json:"proof_id,omitempty"`
	Type            ReputationEventType   `json:"type"`
	ScoreDelta      int                   `json:"score_delta"`
	Reason          string                `json:"reason"`
	RecordedAt      time.Time             `json:"recorded_at,omitempty"`
}

func (ReputationEvent) Validate added in v0.7.0

func (e ReputationEvent) Validate() error

type ReputationEventType added in v0.7.0

type ReputationEventType string
const (
	ReputationProofAccepted       ReputationEventType = "proof_accepted"
	ReputationProofRejected       ReputationEventType = "proof_rejected"
	ReputationDisputeWon          ReputationEventType = "dispute_won"
	ReputationDisputeLost         ReputationEventType = "dispute_lost"
	ReputationKillComplied        ReputationEventType = "kill_complied"
	ReputationKillIgnored         ReputationEventType = "kill_ignored"
	ReputationPolicyViolation     ReputationEventType = "policy_violation"
	ReputationManualAdjustment    ReputationEventType = "manual_adjustment"
	ReputationAvailabilityPenalty ReputationEventType = "availability_penalty"
)

type ReputationSubjectKind added in v0.7.0

type ReputationSubjectKind string
const (
	ReputationSubjectProvider  ReputationSubjectKind = "provider"
	ReputationSubjectRequestor ReputationSubjectKind = "requestor"
	ReputationSubjectRouter    ReputationSubjectKind = "router"
	ReputationSubjectVerifier  ReputationSubjectKind = "verifier"
)

type ReputationSummary added in v0.7.0

type ReputationSummary struct {
	OrgID       string                `json:"org_id"`
	SubjectKind ReputationSubjectKind `json:"subject_kind"`
	SubjectID   string                `json:"subject_id"`
	ProductID   string                `json:"product_id,omitempty"`
	Score       int                   `json:"score"`
	EventCount  int                   `json:"event_count"`
}

func (ReputationSummary) Validate added in v0.7.0

func (s ReputationSummary) Validate() error

type ResidueMode

type ResidueMode string
const (
	ResidueModeIsolated      ResidueMode = "isolated"
	ResidueModeNone          ResidueMode = "none"
	ResidueModeProviderBound ResidueMode = "provider-bound"
	ResidueModeWorkerBound   ResidueMode = "worker-bound"
	ResidueModeSessionBound  ResidueMode = "session-bound"
)

type ResiduePolicy

type ResiduePolicy struct {
	Mode                ResidueMode   `json:"mode,omitempty"`
	AllowedModes        []ResidueMode `json:"allowed_modes,omitempty"`
	SessionKey          string        `json:"session_key,omitempty"`
	PolicyHash          string        `json:"policy_hash,omitempty"`
	MaxAgeSeconds       int           `json:"max_age_seconds,omitempty"`
	MaxReuseCount       int           `json:"max_reuse_count,omitempty"`
	WipeOnFailure       bool          `json:"wipe_on_failure,omitempty"`
	ExplicitWorkerBound bool          `json:"explicit_worker_bound,omitempty"`
}

func (ResiduePolicy) IsZero

func (p ResiduePolicy) IsZero() bool

func (ResiduePolicy) UsesReusableWorkspace

func (p ResiduePolicy) UsesReusableWorkspace() bool

func (ResiduePolicy) Validate

type ResiduePolicyValidation

type ResiduePolicyValidation struct {
	NoWorkspaceAllowed         bool
	RequireSessionKey          bool
	RequireExplicitWorkerBound bool
	RequirePolicyHash          bool
}

type ResourceCapacity

type ResourceCapacity struct {
	CPUCount    int   `json:"cpu_count,omitempty"`
	MemoryBytes int64 `json:"memory_bytes,omitempty"`
	DiskBytes   int64 `json:"disk_bytes,omitempty"`
}

type ResourceLimits

type ResourceLimits struct {
	CPUPercent         int   `json:"cpu_percent,omitempty"`
	MemoryBytes        int64 `json:"memory_bytes,omitempty"`
	WorkspaceBytes     int64 `json:"workspace_bytes,omitempty"`
	RuntimeSeconds     int   `json:"runtime_seconds,omitempty"`
	NetworkEgressBytes int64 `json:"network_egress_bytes,omitempty"`
	OutputBytes        int64 `json:"output_bytes,omitempty"`
}

func (ResourceLimits) Validate

func (l ResourceLimits) Validate() error

type ResourceUsage

type ResourceUsage struct {
	CPUMillis      int64  `json:"cpu_millis,omitempty"`
	GPUMillis      int64  `json:"gpu_millis,omitempty"`
	MaxMemoryBytes int64  `json:"max_memory_bytes,omitempty"`
	NetworkRxBytes int64  `json:"network_rx_bytes,omitempty"`
	NetworkTxBytes int64  `json:"network_tx_bytes,omitempty"`
	WorkspaceBytes int64  `json:"workspace_bytes,omitempty"`
	OutputBytes    int64  `json:"output_bytes,omitempty"`
	LimitHit       string `json:"limit_hit,omitempty"`
}

type RuntimeAdapterContract

type RuntimeAdapterContract struct {
	ProtocolVersion     string                 `json:"protocol_version"`
	AdapterID           string                 `json:"adapter_id"`
	Descriptor          RuntimeDescriptor      `json:"descriptor,omitzero"`
	Kinds               []RuntimeAdapterKind   `json:"kinds"`
	WorkloadKinds       []WorkloadKind         `json:"workload_kinds"`
	RuntimeProfiles     []RuntimeProfile       `json:"runtime_profiles,omitempty"`
	WorkspacePolicy     RuntimeWorkspacePolicy `json:"workspace_policy"`
	ConformanceProfiles []string               `json:"conformance_profiles"`
	ResiduePolicy       ResiduePolicy          `json:"residue_policy,omitzero"`
	ProviderConfig      ProviderConfig         `json:"provider_config,omitzero"`
	Metadata            map[string]string      `json:"metadata,omitempty"`
}

func (RuntimeAdapterContract) Supports

func (c RuntimeAdapterContract) Supports(kind WorkloadKind) bool

func (RuntimeAdapterContract) SupportsAdapterKind

func (c RuntimeAdapterContract) SupportsAdapterKind(kind RuntimeAdapterKind) bool

func (RuntimeAdapterContract) Validate

func (c RuntimeAdapterContract) Validate() error

type RuntimeAdapterKind

type RuntimeAdapterKind string
const (
	RuntimeAdapterExecution      RuntimeAdapterKind = "execution"
	RuntimeAdapterServiceRun     RuntimeAdapterKind = "service-run"
	RuntimeAdapterServiceSession RuntimeAdapterKind = "service-session"
)

type RuntimeBackendEvidence added in v0.5.0

type RuntimeBackendEvidence struct {
	Digest    string   `json:"digest,omitempty"`
	Workspace bool     `json:"workspace,omitempty"`
	Network   bool     `json:"network,omitempty"`
	Env       bool     `json:"env,omitempty"`
	Proof     bool     `json:"proof,omitempty"`
	Cleanup   bool     `json:"cleanup,omitempty"`
	Details   []string `json:"details,omitempty"`
}

type RuntimeBackendFamily added in v0.5.0

type RuntimeBackendFamily string
const (
	RuntimeBackendFamilyPodman         RuntimeBackendFamily = "podman"
	RuntimeBackendFamilyDocker         RuntimeBackendFamily = "docker"
	RuntimeBackendFamilyNerdctl        RuntimeBackendFamily = "nerdctl"
	RuntimeBackendFamilyContainerd     RuntimeBackendFamily = "containerd"
	RuntimeBackendFamilyAppleContainer RuntimeBackendFamily = "apple-container"
	RuntimeBackendFamilyHyperV         RuntimeBackendFamily = "hyper-v"
	RuntimeBackendFamilyWSL            RuntimeBackendFamily = "wsl"
	RuntimeBackendFamilyMediaMTX       RuntimeBackendFamily = "mediamtx"
)

type RuntimeBackendReport added in v0.5.0

type RuntimeBackendReport struct {
	ProtocolVersion     string                          `json:"protocol_version,omitempty"`
	BackendID           string                          `json:"backend_id"`
	Family              RuntimeBackendFamily            `json:"family"`
	Tool                ContainerRuntimeTool            `json:"tool,omitempty"`
	Version             string                          `json:"version,omitempty"`
	OS                  string                          `json:"os,omitempty"`
	Arch                string                          `json:"arch,omitempty"`
	Status              RuntimeBackendStatus            `json:"status"`
	Reason              string                          `json:"reason,omitempty"`
	IsolationMode       RuntimeIsolationMode            `json:"isolation_mode"`
	InstallBurden       RuntimeInstallBurden            `json:"install_burden,omitempty"`
	RuntimeProfiles     []RuntimeProfile                `json:"runtime_profiles,omitempty"`
	ExecutorProviders   []string                        `json:"executor_providers,omitempty"`
	Executors           []ExecutorRef                   `json:"executors,omitempty"`
	ConformanceProfiles []string                        `json:"conformance_profiles,omitempty"`
	Evidence            RuntimeBackendEvidence          `json:"evidence,omitzero"`
	Bundle              *ManagedRuntimeBundleDescriptor `json:"bundle,omitempty"`
	GeneratedAt         time.Time                       `json:"generated_at,omitzero"`
	Constraints         []string                        `json:"constraints,omitempty"`
}

func (RuntimeBackendReport) Validate added in v0.5.0

func (r RuntimeBackendReport) Validate() error

func (RuntimeBackendReport) ValidateAt added in v0.6.0

func (r RuntimeBackendReport) ValidateAt(now time.Time) error

type RuntimeBackendStatus added in v0.5.0

type RuntimeBackendStatus string
const (
	RuntimeBackendSupported   RuntimeBackendStatus = "supported"
	RuntimeBackendDegraded    RuntimeBackendStatus = "degraded"
	RuntimeBackendUnsupported RuntimeBackendStatus = "unsupported"
)

type RuntimeDescriptor

type RuntimeDescriptor struct {
	Name                  string                `json:"name"`
	Version               string                `json:"version"`
	ExecutionSecurityTier ExecutionSecurityTier `json:"execution_security_tier,omitempty"`
	ProofTier             ProofTier             `json:"proof_tier,omitempty"`
	ImageDigest           string                `json:"image_digest,omitempty"`
	RootFSDigest          string                `json:"rootfs_digest,omitempty"`
}

func (RuntimeDescriptor) ExecutorRef

func (d RuntimeDescriptor) ExecutorRef(defaultProvider string) ExecutorRef

func (RuntimeDescriptor) Validate

func (d RuntimeDescriptor) Validate() error

type RuntimeExecutionRequest

type RuntimeExecutionRequest struct {
	ProtocolVersion string            `json:"protocol_version"`
	TaskID          string            `json:"task_id"`
	LeaseID         string            `json:"lease_id"`
	WorkloadKind    WorkloadKind      `json:"workload_kind"`
	ProviderConfig  ProviderConfig    `json:"provider_config,omitzero"`
	Operation       string            `json:"operation,omitempty"`
	Input           json.RawMessage   `json:"input,omitempty"`
	Env             map[string]string `json:"env,omitempty"`
	Limits          ResourceLimits    `json:"limits,omitzero"`
}

func (RuntimeExecutionRequest) Validate

func (r RuntimeExecutionRequest) Validate() error

type RuntimeExecutionResult

type RuntimeExecutionResult struct {
	StartedAt     time.Time      `json:"started_at,omitempty"`
	FinishedAt    time.Time      `json:"finished_at,omitempty"`
	ExitCode      int            `json:"exit_code,omitempty"`
	Stdout        []byte         `json:"stdout,omitempty"`
	Stderr        []byte         `json:"stderr,omitempty"`
	ArtifactHash  string         `json:"artifact_hash,omitempty"`
	Artifacts     []string       `json:"artifacts,omitempty"`
	ResultPreview map[string]any `json:"result_preview,omitempty"`
	ResourceUsage ResourceUsage  `json:"resource_usage,omitzero"`
}

func (RuntimeExecutionResult) Validate

func (r RuntimeExecutionResult) Validate() error

type RuntimeInstallBurden added in v0.5.0

type RuntimeInstallBurden string
const (
	RuntimeInstallBundled         RuntimeInstallBurden = "bundled"
	RuntimeInstallSystemInstalled RuntimeInstallBurden = "system-installed"
	RuntimeInstallDesktopManaged  RuntimeInstallBurden = "desktop-managed"
	RuntimeInstallWSLHyperV       RuntimeInstallBurden = "wsl-hyper-v"
	RuntimeInstallUnsupported     RuntimeInstallBurden = "unsupported"
)

type RuntimeIsolationMode added in v0.5.0

type RuntimeIsolationMode string
const (
	RuntimeIsolationSharedKernelContainer RuntimeIsolationMode = "shared-kernel-container"
	RuntimeIsolationUserNamespace         RuntimeIsolationMode = "user-namespace"
	RuntimeIsolationVMBackedContainer     RuntimeIsolationMode = "vm-backed-container"
	RuntimeIsolationMicroVM               RuntimeIsolationMode = "microvm"
	RuntimeIsolationConfidentialRuntime   RuntimeIsolationMode = "confidential-runtime"
)

type RuntimePermission

type RuntimePermission string
const (
	RuntimePermissionForbidden RuntimePermission = "forbidden"
	RuntimePermissionExplicit  RuntimePermission = "explicit"
	RuntimePermissionAllowed   RuntimePermission = "allowed"
)

type RuntimeProfile

type RuntimeProfile string
const (
	RuntimeProfileSandboxedOCI   RuntimeProfile = "sandboxed-oci-v1"
	RuntimeProfileContainerBuild RuntimeProfile = "container-build-v1"
	RuntimeProfileServiceOCI     RuntimeProfile = "service-oci-v1"
	RuntimeProfileWASMComponent  RuntimeProfile = "wasm-component-v1"
	RuntimeProfileBrowserWorker  RuntimeProfile = "browser-worker-wasm-v1"
)

type RuntimeServiceResult

type RuntimeServiceResult struct {
	StartedAt      time.Time             `json:"started_at,omitempty"`
	FinishedAt     time.Time             `json:"finished_at,omitempty"`
	RequestHash    string                `json:"request_hash,omitempty"`
	ResponseHash   string                `json:"response_hash,omitempty"`
	ResourceUsage  ResourceUsage         `json:"resource_usage,omitzero"`
	SLOEvidence    SLOEvidence           `json:"slo_evidence,omitzero"`
	StatusEvidence ServiceStatusEvidence `json:"status_evidence,omitzero"`
}

func (RuntimeServiceResult) Validate

func (r RuntimeServiceResult) Validate() error

type RuntimeWorkspacePolicy

type RuntimeWorkspacePolicy string
const (
	RuntimeWorkspaceUnavailable RuntimeWorkspacePolicy = "unavailable"
	RuntimeWorkspaceOptional    RuntimeWorkspacePolicy = "optional"
	RuntimeWorkspaceRequired    RuntimeWorkspacePolicy = "required"
)

type SLOEvidence

type SLOEvidence struct {
	LatencyMillis int64 `json:"latency_millis,omitempty"`
	StatusCode    int   `json:"status_code,omitempty"`
	DeadlineMS    int64 `json:"deadline_ms,omitempty"`
	Healthy       bool  `json:"healthy,omitempty"`
}

func (SLOEvidence) Validate

func (e SLOEvidence) Validate() error

type SampledFrame added in v0.8.0

type SampledFrame struct {
	PTS    int64  `json:"pts"`
	SHA256 string `json:"sha256"`
}

SampledFrame is a spot-check frame hash used for content authenticity.

type SandboxMount added in v0.8.0

type SandboxMount struct {
	HostPath       string `json:"host_path"`
	ContainerPath  string `json:"container_path"`
	ReadOnly       bool   `json:"read_only,omitempty"`
	RequiredPrefix string `json:"required_prefix,omitempty"`
}

type Security added in v0.4.0

type Security struct {
	TPM                  bool                  `json:"tpm,omitempty"`
	SecureEnclave        bool                  `json:"secure_enclave,omitempty"`
	TEE                  []string              `json:"tee,omitempty"`
	HardwareClasses      []string              `json:"hardware_classes,omitempty"`
	HardwareAttestations []HardwareAttestation `json:"hardware_attestations,omitempty"`
	Signing              []SigningCapability   `json:"signing,omitempty"`
}

type Segment added in v0.8.0

type Segment struct {
	Index      int               `json:"index"`
	DurationMS int64             `json:"duration_ms"`
	Bytes      int64             `json:"bytes"`
	SHA256     string            `json:"sha256"`
	Provenance SegmentProvenance `json:"provenance"`
}

Segment describes a single contiguous segment of a live stream.

type SegmentProvenance added in v0.8.0

type SegmentProvenance string

SegmentProvenance describes how a segment's integrity was established.

const (
	// ProvenanceHostVerified means the host measured and verified the segment.
	ProvenanceHostVerified SegmentProvenance = "host-verified"
	// ProvenanceAttested means the segment hash was provided by the worker and
	// attested rather than independently measured.
	ProvenanceAttested SegmentProvenance = "attested"
)

type ServiceIngressEvidence

type ServiceIngressEvidence struct {
	ID                         string                       `json:"id"`
	OrgID                      string                       `json:"org_id"`
	PoolID                     string                       `json:"pool_id"`
	ProductID                  string                       `json:"product_id"`
	Hostname                   string                       `json:"hostname"`
	RouteTarget                string                       `json:"route_target"`
	ServiceLeaseID             string                       `json:"service_lease_id"`
	TaskID                     string                       `json:"task_id"`
	WorkerID                   string                       `json:"worker_id"`
	LeaseLeasedAt              time.Time                    `json:"lease_leased_at"`
	LeaseRenewBy               time.Time                    `json:"lease_renew_by"`
	SelectedAt                 time.Time                    `json:"selected_at"`
	LastHealthAt               time.Time                    `json:"last_health_at"`
	HealthValidUntil           time.Time                    `json:"health_valid_until"`
	LastHealthResponseHash     string                       `json:"last_health_response_hash"`
	LastHealthSLOEvidenceHash  string                       `json:"last_health_slo_evidence_hash"`
	AuthDecisionHash           string                       `json:"auth_decision_hash"`
	IdempotencyKey             string                       `json:"idempotency_key"`
	RequestMethod              string                       `json:"request_method"`
	RequestPath                string                       `json:"request_path"`
	RequestBodyHash            string                       `json:"request_body_hash"`
	RequestHeaderNames         []string                     `json:"request_header_names,omitempty"`
	HelperImage                string                       `json:"helper_image"`
	HelperScheme               string                       `json:"helper_scheme"`
	HelperHost                 string                       `json:"helper_host"`
	HelperPort                 int                          `json:"helper_port"`
	HelperPortName             string                       `json:"helper_port_name,omitempty"`
	HelperTimeoutMS            int                          `json:"helper_timeout_ms"`
	HelperContainerNetNSTarget string                       `json:"helper_container_netns_target"`
	HelperOutputHash           string                       `json:"helper_output_hash,omitempty"`
	HelperErrorHash            string                       `json:"helper_error_hash,omitempty"`
	FailureClass               string                       `json:"failure_class,omitempty"`
	FailureMessage             string                       `json:"failure_message,omitempty"`
	ResponseStatus             int                          `json:"response_status,omitempty"`
	ResponseHeaderNames        []string                     `json:"response_header_names,omitempty"`
	ResponseHash               string                       `json:"response_hash,omitempty"`
	ResponseBytes              int64                        `json:"response_bytes,omitempty"`
	TerminalStatus             ServiceIngressTerminalStatus `json:"terminal_status"`
	StartedAt                  time.Time                    `json:"started_at"`
	FinishedAt                 time.Time                    `json:"finished_at"`
}

func (ServiceIngressEvidence) Validate

func (e ServiceIngressEvidence) Validate() error

type ServiceIngressTerminalStatus

type ServiceIngressTerminalStatus string
const (
	ServiceIngressTerminalCompleted ServiceIngressTerminalStatus = "completed"
	ServiceIngressTerminalFailed    ServiceIngressTerminalStatus = "failed"
)

type ServicePort added in v0.3.3

type ServicePort struct {
	Name     string `json:"name,omitempty"`
	Port     int    `json:"port"`
	Protocol string `json:"protocol"`
}

func (ServicePort) Validate added in v0.3.3

func (p ServicePort) Validate() error

type ServiceProvider added in v0.8.0

type ServiceProvider interface {
	Name() string
	Descriptor() RuntimeDescriptor
	CanServe(task Task, lease Lease) bool
	RunService(ctx context.Context, req ServiceRunRequest) (RuntimeServiceResult, error)
}

type ServiceReceipt

type ServiceReceipt struct {
	ID             string                `json:"id"`
	OrgID          string                `json:"org_id"`
	TaskID         string                `json:"task_id"`
	ServiceLeaseID string                `json:"service_lease_id"`
	WorkerID       string                `json:"worker_id"`
	PoolID         string                `json:"pool_id"`
	PolicyID       string                `json:"policy_id"`
	Executor       ExecutorRef           `json:"executor"`
	DeploymentHash string                `json:"deployment_hash"`
	RequestID      string                `json:"request_id"`
	TraceID        string                `json:"trace_id"`
	RequestHash    string                `json:"request_hash"`
	ResponseHash   string                `json:"response_hash"`
	StartedAt      time.Time             `json:"started_at"`
	FinishedAt     time.Time             `json:"finished_at"`
	ResourceUsage  ResourceUsage         `json:"resource_usage"`
	ResourceLimits ResourceLimits        `json:"resource_limits,omitzero"`
	SLOEvidence    SLOEvidence           `json:"slo_evidence"`
	StatusEvidence ServiceStatusEvidence `json:"status_evidence,omitzero"`
	Verifier       VerifierResult        `json:"verifier"`
	AgentSignature string                `json:"agent_signature"`
}

func VerifyServiceReceipt

func VerifyServiceReceipt(receipt ServiceReceipt, opts ReceiptVerificationOptions) (ServiceReceipt, error)

func (ServiceReceipt) Validate

func (r ServiceReceipt) Validate() error

type ServiceRunRequest added in v0.8.0

type ServiceRunRequest struct {
	Task            Task                  `json:"task"`
	Lease           Lease                 `json:"lease"`
	Workspace       string                `json:"workspace,omitempty"`
	Env             map[string]string     `json:"env,omitempty"`
	Limits          ResourceLimits        `json:"limits,omitzero"`
	Network         NetworkBinding        `json:"network,omitzero"`
	RuntimeScope    ContainerRuntimeScope `json:"runtime_scope,omitzero"`
	HTTPHelperImage string                `json:"http_helper_image,omitempty"`
	DataMounts      []SandboxMount        `json:"data_mounts,omitempty"`
}

type ServiceSession added in v0.8.0

type ServiceSession interface {
	Health(ctx context.Context) (RuntimeServiceResult, error)
	Stop(ctx context.Context) (RuntimeServiceResult, error)
}

type ServiceSessionProvider added in v0.8.0

type ServiceSessionProvider interface {
	ServiceProvider
	StartServiceSession(ctx context.Context, req ServiceRunRequest) (ServiceSession, error)
}

type ServiceStatusEvidence

type ServiceStatusEvidence struct {
	CommandHash string `json:"command_hash,omitempty"`
	OutputHash  string `json:"output_hash,omitempty"`
	Preview     string `json:"preview,omitempty"`
	Truncated   bool   `json:"truncated,omitempty"`
}

func (ServiceStatusEvidence) Validate

func (e ServiceStatusEvidence) Validate() error

type ServiceStatusProbe added in v0.3.3

type ServiceStatusProbe struct {
	Command         []string `json:"command,omitempty"`
	TimeoutSeconds  int      `json:"timeout_seconds,omitempty"`
	MaxPreviewBytes int      `json:"max_preview_bytes,omitempty"`
}

func (ServiceStatusProbe) Validate added in v0.3.3

func (p ServiceStatusProbe) Validate() error

type ServiceWorkload added in v0.3.3

type ServiceWorkload struct {
	ImageRef        string             `json:"image_ref"`
	ComponentRef    string             `json:"component_ref,omitempty"`
	ComponentDigest string             `json:"component_digest,omitempty"`
	Command         []string           `json:"command,omitempty"`
	Ports           []ServicePort      `json:"ports"`
	HealthCheck     HealthCheck        `json:"health_check"`
	Ingress         IngressPolicy      `json:"ingress"`
	DataDirRef      string             `json:"data_dir_ref,omitempty"`
	DataMountPath   string             `json:"data_mount_path,omitempty"`
	Env             []EnvRef           `json:"env,omitempty"`
	Files           []WorkloadFileRef  `json:"files,omitempty"`
	StatusProbe     ServiceStatusProbe `json:"status_probe,omitzero"`
}

func (ServiceWorkload) Validate added in v0.3.3

func (w ServiceWorkload) Validate() error

type SessionPolicy

type SessionPolicy struct {
	WarmSeconds      int `json:"warm_seconds,omitempty"`
	MinRenewals      int `json:"min_renewals,omitempty"`
	MaxBatchRequests int `json:"max_batch_requests,omitempty"`
}

func (SessionPolicy) ValidateForOperatingMode

func (p SessionPolicy) ValidateForOperatingMode(mode NetworkOperatingMode) error

type SettlementHold added in v0.7.0

type SettlementHold struct {
	ProtocolVersion     string               `json:"protocol_version,omitempty"`
	ID                  string               `json:"id"`
	OrgID               string               `json:"org_id"`
	ProductID           string               `json:"product_id"`
	AccountID           string               `json:"account_id"`
	ContributionEventID string               `json:"contribution_event_id"`
	Reason              string               `json:"reason"`
	Status              SettlementHoldStatus `json:"status"`
	HoldUntil           time.Time            `json:"hold_until,omitempty"`
	CreatedAt           time.Time            `json:"created_at,omitempty"`
	ResolvedAt          time.Time            `json:"resolved_at,omitempty"`
	CorrectionEventID   string               `json:"correction_event_id,omitempty"`
}

func (SettlementHold) Validate added in v0.7.0

func (h SettlementHold) Validate() error

type SettlementHoldStatus added in v0.7.0

type SettlementHoldStatus string
const (
	SettlementHoldPending  SettlementHoldStatus = "pending"
	SettlementHoldReleased SettlementHoldStatus = "released"
	SettlementHoldReversed SettlementHoldStatus = "reversed"
)

type SettlementPayoutRequest added in v0.7.0

type SettlementPayoutRequest struct {
	ProtocolVersion          string            `json:"protocol_version,omitempty"`
	OrgID                    string            `json:"org_id"`
	ProductID                string            `json:"product_id"`
	AccountID                string            `json:"account_id"`
	Provider                 string            `json:"provider"`
	IdempotencyKey           string            `json:"idempotency_key"`
	HoldbackUntil            time.Time         `json:"holdback_until,omitempty"`
	ExternalSettlementRoutes map[string]string `json:"external_settlement_routes,omitempty"`
}

func (SettlementPayoutRequest) Validate added in v0.7.0

func (r SettlementPayoutRequest) Validate() error

type SettlementTarget

type SettlementTarget struct {
	Kind      SettlementTargetKind `json:"kind,omitempty"`
	AccountID string               `json:"account_id,omitempty"`
	Network   string               `json:"network,omitempty"`
	WalletRef string               `json:"wallet_ref,omitempty"`
}

func (SettlementTarget) Validate

func (t SettlementTarget) Validate(settlementAccountID string) error

type SettlementTargetKind

type SettlementTargetKind string
const (
	SettlementTargetPointsLedger        SettlementTargetKind = "points_ledger"
	SettlementTargetPayrollAccount      SettlementTargetKind = "payroll_account"
	SettlementTargetBadgeLedger         SettlementTargetKind = "badge_ledger"
	SettlementTargetFiatTokenTreasury   SettlementTargetKind = "fiat_token_treasury"
	SettlementTargetTreasuryWallet      SettlementTargetKind = "treasury_wallet"
	SettlementTargetParticipantWallet   SettlementTargetKind = "participant_wallet"
	SettlementTargetExternalDestination SettlementTargetKind = "external_destination"
)

type SignatureEnvelope

type SignatureEnvelope struct {
	Algorithm string `json:"algorithm,omitempty"`
	KeyID     string `json:"key_id,omitempty"`
	Value     string `json:"value,omitempty"`
	Verified  bool   `json:"verified,omitempty"`
}

type SigningCapability added in v0.4.0

type SigningCapability struct {
	Provider       string `json:"provider"`
	Algorithm      string `json:"algorithm"`
	KeyID          string `json:"key_id,omitempty"`
	HardwareBacked bool   `json:"hardware_backed,omitempty"`
	Available      bool   `json:"available"`
}

type StatusError added in v0.4.0

type StatusError struct {
	Method     string
	Path       string
	StatusCode int
}

func (StatusError) Error added in v0.4.0

func (e StatusError) Error() string

type StorageGuidance

type StorageGuidance struct {
	Mode                         string `json:"mode,omitempty"`
	MinDiskBytes                 int64  `json:"min_disk_bytes,omitempty"`
	MinDiskDisplay               string `json:"min_disk_display,omitempty"`
	RecommendedDiskBytes         int64  `json:"recommended_disk_bytes,omitempty"`
	RecommendedDiskDisplay       string `json:"recommended_disk_display,omitempty"`
	GrowthMarginBytes            int64  `json:"growth_margin_bytes,omitempty"`
	GrowthMarginDisplay          string `json:"growth_margin_display,omitempty"`
	DurableVolumeRequired        bool   `json:"durable_volume_required,omitempty"`
	PreserveOnUpdate             bool   `json:"preserve_on_update,omitempty"`
	PreserveOnUninstall          bool   `json:"preserve_on_uninstall,omitempty"`
	PruningSupported             bool   `json:"pruning_supported,omitempty"`
	SnapshotVerificationRequired bool   `json:"snapshot_verification_required,omitempty"`
}

func (StorageGuidance) Validate

func (g StorageGuidance) Validate() error

type StreamDestination added in v0.8.0

type StreamDestination struct {
	TargetRef string              `json:"target_ref"`
	Transform *MediaTransformSpec `json:"transform,omitempty"`
	Rendition string              `json:"rendition,omitempty"`
}

StreamDestination describes a single output target for a live stream.

type StreamHandle added in v0.8.0

type StreamHandle struct {
	URL          string   `json:"url"`
	Protocol     string   `json:"protocol"`
	AuthTokenRef string   `json:"auth_token_ref"`
	Codecs       []string `json:"codecs"`
	ExpiresAt    string   `json:"expires_at"`
}

func (StreamHandle) Validate added in v0.8.0

func (h StreamHandle) Validate() error

type StreamInputRef added in v0.8.3

type StreamInputRef struct {
	Name       string       `json:"name"`
	Handle     StreamHandle `json:"handle"`
	ProviderID string       `json:"provider_id,omitempty"`
}

func (StreamInputRef) Validate added in v0.8.3

func (r StreamInputRef) Validate() error

type StreamManifest added in v0.8.0

type StreamManifest struct {
	Seq       int       `json:"seq"`
	StreamID  string    `json:"stream_id"`
	StartedAt time.Time `json:"started_at"`

	LivenessNonces []LivenessNonce `json:"liveness_nonces,omitempty"`
	Segments       []Segment       `json:"segments,omitempty"`
	SampledFrames  []SampledFrame  `json:"sampled_frames,omitempty"`

	DeliveryReceipts []DeliveryReceipt `json:"delivery_receipts,omitempty"`

	// WorkerReportedDeliveredBytes is the advisory byte count as reported by the
	// worker. It is worker-supplied and MUST NOT be used for billing; callers
	// must use VerifiedDeliveredBytes() instead.
	WorkerReportedDeliveredBytes int64 `json:"worker_reported_delivered_bytes,omitempty"`

	// AttestedPushedBytesByDestination is a typed map from destination ref to
	// pushed byte count, as attested by the worker.
	AttestedPushedBytesByDestination map[string]int64 `json:"attested_pushed_bytes_by_destination,omitempty"`

	Discontinuities []Discontinuity `json:"discontinuities,omitempty"`
	DroppedFrames   int64           `json:"dropped_frames,omitempty"`

	// Sig is an opaque signature over this manifest; verification of the
	// cryptographic signature itself is wired by the host layer.
	Sig []byte `json:"sig,omitempty"`
}

StreamManifest is the evidence payload attached to a streaming task receipt. It collects segments, liveness proofs, delivery receipts, and discontinuity markers for a single manifest window (identified by Seq).

Field naming note: WorkerReportedDeliveredBytes carries the advisory byte count as reported by the worker (json: "worker_reported_delivered_bytes"). It is worker-supplied and MUST NOT be used for billing. Use VerifiedDeliveredBytes() for the authoritative cross-checked figure.

func (StreamManifest) VerifiedDeliveredBytes added in v0.8.0

func (m StreamManifest) VerifiedDeliveredBytes() int64

VerifiedDeliveredBytes returns the authoritative cross-checked byte count: the sum of host-verified segment Bytes for delivery receipts that (a) cover exactly one segment (SeqStart == SeqEnd), (b) whose SHA256 matches that segment's SHA256, and (c) whose segment has ProvenanceHostVerified.

The segment's Bytes field (not the receipt's Bytes claim) is credited, so a worker cannot inflate the total by submitting an oversized Bytes value on a receipt whose SHA256 was copied from the public manifest.

This is the canonical figure for billing and SLA calculations. The advisory WorkerReportedDeliveredBytes field on StreamManifest is worker-supplied and MUST NOT be used for billing.

type StreamReceipt added in v0.8.0

type StreamReceipt struct {
	ID             string         `json:"id"`
	OrgID          string         `json:"org_id"`
	TaskID         string         `json:"task_id"`
	ServiceLeaseID string         `json:"service_lease_id,omitempty"`
	WorkerID       string         `json:"worker_id"`
	PoolID         string         `json:"pool_id,omitempty"`
	PolicyID       string         `json:"policy_id,omitempty"`
	Manifest       StreamManifest `json:"manifest"`
	// Sig is an opaque signature over this receipt; real verification is
	// handled by the host layer.
	Sig []byte `json:"sig,omitempty"`
}

StreamReceipt is a periodic signed wrapper carrying a StreamManifest. Identity fields mirror ServiceReceipt conventions.

func (StreamReceipt) Validate added in v0.8.0

func (r StreamReceipt) Validate() error

Validate returns an error if the StreamReceipt is not well-formed.

type StreamSpec added in v0.8.0

type StreamSpec struct {
	IngestProtocols []string            `json:"ingest_protocols"`
	Destinations    []StreamDestination `json:"destinations,omitempty"`
	ViewerEgress    ViewerEgressConfig  `json:"viewer_egress,omitempty"`
	Recording       bool                `json:"recording,omitempty"`
	Redundancy      RedundancyPolicy    `json:"redundancy,omitzero"`
}

StreamSpec defines a live video-stream workload.

func (StreamSpec) Validate added in v0.8.0

func (s StreamSpec) Validate() error

Validate returns an error if the StreamSpec is not well-formed.

type SuspensionScope added in v0.7.0

type SuspensionScope string
const (
	SuspensionProduct   SuspensionScope = "product"
	SuspensionRequestor SuspensionScope = "requestor"
	SuspensionProvider  SuspensionScope = "provider"
)

type SuspensionStatus added in v0.7.0

type SuspensionStatus string
const (
	SuspensionActive SuspensionStatus = "active"
	SuspensionLifted SuspensionStatus = "lifted"
)

type Task added in v0.4.0

type Task struct {
	ProtocolVersion  string                `json:"protocol_version"`
	ID               string                `json:"id"`
	ProductID        string                `json:"product_id,omitempty"`
	OrgID            string                `json:"org_id"`
	PoolID           string                `json:"pool_id"`
	PolicyID         string                `json:"policy_id"`
	Status           TaskStatus            `json:"status,omitempty"`
	Workload         WorkloadSpec          `json:"workload"`
	Requirements     PlacementRequirements `json:"requirements,omitzero"`
	ProofPolicy      ProofPolicy           `json:"proof_policy,omitzero"`
	NetworkPolicy    NetworkPolicy         `json:"network_policy,omitzero"`
	P2PSessionPolicy *P2PSessionPolicy     `json:"p2p_session_policy,omitempty"`
	AccessPolicy     AccessPolicy          `json:"access_policy,omitzero"`
	ResiduePolicy    ResiduePolicy         `json:"residue_policy,omitzero"`
	ResourceLimits   ResourceLimits        `json:"resource_limits,omitzero"`
	InputHash        string                `json:"input_hash"`
	RequestedAt      time.Time             `json:"requested_at"`
	TimeoutSeconds   int                   `json:"timeout_seconds"`
	Labels           map[string]string     `json:"labels,omitempty"`
	Signature        SignatureEnvelope     `json:"signature"`
}

func (Task) Validate added in v0.4.0

func (t Task) Validate() error

type TaskList added in v0.4.0

type TaskList struct {
	Tasks  []Task      `json:"tasks"`
	Stalls []TaskStall `json:"stalls,omitempty"`
}

type TaskResponse added in v0.4.0

type TaskResponse struct {
	Task Task `json:"task"`
}

type TaskStall added in v0.4.0

type TaskStall struct {
	TaskID  string `json:"task_id,omitempty"`
	LeaseID string `json:"lease_id,omitempty"`
	AgentID string `json:"agent_id,omitempty"`
	Reason  string `json:"reason"`
	AgeMS   int64  `json:"age_ms"`
}

type TaskStatus added in v0.4.0

type TaskStatus string
const (
	TaskQueued    TaskStatus = "queued"
	TaskLeased    TaskStatus = "leased"
	TaskRunning   TaskStatus = "running"
	TaskSucceeded TaskStatus = "succeeded"
	TaskFailed    TaskStatus = "failed"
	TaskStalled   TaskStatus = "stalled"
	TaskCanceled  TaskStatus = "canceled"
)

type UpstreamClientConformance

type UpstreamClientConformance string
const (
	UpstreamClientConformanceShapeOnly  UpstreamClientConformance = "shape-only"
	UpstreamClientConformanceRealClient UpstreamClientConformance = "real-client"
)

type VerificationStatus

type VerificationStatus string
const (
	VerificationUnknown    VerificationStatus = ""
	VerificationPending    VerificationStatus = "pending"
	VerificationAccepted   VerificationStatus = "accepted"
	VerificationRejected   VerificationStatus = "rejected"
	VerificationConflicted VerificationStatus = "conflicted"
)

type VerifierResult

type VerifierResult struct {
	Provider    string              `json:"provider"`
	Status      VerificationStatus  `json:"status"`
	Message     string              `json:"message,omitempty"`
	Attestation AttestationDecision `json:"attestation,omitzero"`
	KeyRelease  KeyReleaseDecision  `json:"key_release,omitzero"`
}

type ViewerEgressConfig added in v0.8.0

type ViewerEgressConfig struct {
	HLS  bool `json:"hls,omitempty"`
	WHEP bool `json:"whep,omitempty"`
}

ViewerEgressConfig controls viewer-facing delivery protocols.

type WASMRuntimeContract

type WASMRuntimeContract struct {
	ABI               string            `json:"abi"`
	ComponentRef      string            `json:"component_ref"`
	ComponentDigest   string            `json:"component_digest"`
	Features          []string          `json:"features,omitempty"`
	MaxMemoryBytes    int64             `json:"max_memory_bytes,omitempty"`
	MaxRuntimeSeconds int               `json:"max_runtime_seconds,omitempty"`
	Filesystem        RuntimePermission `json:"filesystem"`
	Network           RuntimePermission `json:"network"`
	NativeHostUpdates RuntimePermission `json:"native_host_updates,omitempty"`
	BrowserWorker     bool              `json:"browser_worker,omitempty"`
}

func (WASMRuntimeContract) Validate

func (w WASMRuntimeContract) Validate(profile RuntimeProfile) error

type WASMWorkload added in v0.3.2

type WASMWorkload struct {
	ComponentRef    string          `json:"component_ref"`
	ComponentDigest string          `json:"component_digest"`
	ABI             string          `json:"abi"`
	Operation       string          `json:"operation"`
	Input           json.RawMessage `json:"input"`
}

func (WASMWorkload) Validate added in v0.3.2

func (w WASMWorkload) Validate() error

type WorkloadFileRef added in v0.3.3

type WorkloadFileRef struct {
	Path      string   `json:"path"`
	ValueRef  string   `json:"value_ref,omitempty"`
	SecretRef string   `json:"secret_ref,omitempty"`
	Template  string   `json:"template,omitempty"`
	Refs      []EnvRef `json:"refs,omitempty"`
	Mode      uint32   `json:"mode,omitempty"`
}

func (WorkloadFileRef) Validate added in v0.3.3

func (r WorkloadFileRef) Validate() error

type WorkloadKind

type WorkloadKind string
const (
	WorkloadCommand            WorkloadKind = "command"
	WorkloadContainerBuild     WorkloadKind = "container-build"
	WorkloadDockerComposeBuild WorkloadKind = "docker-compose-build"
	WorkloadBenchmark          WorkloadKind = "benchmark"
	WorkloadTraining           WorkloadKind = "training"
	WorkloadService            WorkloadKind = "service"
	WorkloadNodeService        WorkloadKind = "node-service"
	WorkloadContentCache       WorkloadKind = "content-cache"
	WorkloadSupervisor         WorkloadKind = "supervisor"
	WorkloadProductCapture     WorkloadKind = "product-capture"
	WorkloadProvider           WorkloadKind = "provider"
	WorkloadWASMComponent      WorkloadKind = "wasm-component"
	WorkloadVideoStream        WorkloadKind = "video-stream"
	WorkloadMediaTransform     WorkloadKind = "media-transform"
)

type WorkloadSpec added in v0.3.3

type WorkloadSpec struct {
	Kind           WorkloadKind                 `json:"kind"`
	Command        *CommandWorkload             `json:"command,omitempty"`
	ContainerBuild *ContainerBuildWorkload      `json:"container_build,omitempty"`
	Service        *ServiceWorkload             `json:"service,omitempty"`
	NodeService    *NodeServiceWorkload         `json:"node_service,omitempty"`
	VideoStream    *StreamSpec                  `json:"video_stream,omitempty"`
	MediaTransform *MediaTransformSpec          `json:"media_transform,omitempty"`
	ProductCapture *ProductCaptureWorkload      `json:"product_capture,omitempty"`
	Provider       *ProviderWorkload            `json:"provider,omitempty"`
	WASM           *WASMWorkload                `json:"wasm,omitempty"`
	Params         map[string]map[string]string `json:"params,omitempty"`
}

func (WorkloadSpec) Validate added in v0.3.3

func (w WorkloadSpec) Validate() error

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL