Documentation
¶
Index ¶
- Constants
- Variables
- func CanonicalHash(value any) string
- func CredentialEdgeSignature(receipt EdgeRequestReceipt, tokenProofKey string) string
- func CredentialProofSignature(receipt ProofReceipt, tokenProofKey string) string
- func CredentialServiceSignature(receipt ServiceReceipt, tokenProofKey string) string
- func DecodeStrict(r io.Reader, v any) error
- func ExecutionTierSupportsResourceLimits(tier ExecutionSecurityTier) bool
- func ExecutorCapabilitiesHaveResourceConstrainedMatch(req PlacementRequirements, caps ExecutorCapabilities) bool
- func ExecutorCapabilitiesHaveSupportedMatch(req PlacementRequirements, caps PlacementRequirementCapabilities) bool
- func ExecutorMatchesPlacementRequirements(executor ExecutorRef, req PlacementRequirements) bool
- func HardwareCapabilitiesSatisfyPlacementRequirements(req PlacementRequirements, caps HardwarePlacementCapabilities) bool
- func NetworkAuditDescriptorDigest() string
- func NetworkAuditDescriptorSet() *descriptorpb.FileDescriptorSet
- func PlacementConstraintsSatisfiedBy(c PlacementConstraints, caps PlacementCapabilities, ...) error
- func PlacementRequiresVerifiedHardwareAttestation(req PlacementRequirements) bool
- func ProjectNetworkAuditDestination(raw string) (NetworkAuditDestination, []NetworkAuditValidationIssue)
- func ProjectNetworkAuditID(components ...string) (string, error)
- func ProjectNetworkAuditLifecycle(leaseID, event string) (NetworkAuditDestination, []NetworkAuditValidationIssue)
- func ProjectNetworkAuditProvider(providerID, pluginName, pluginVersion, contractID, contractVersion, ... string) (NetworkAuditProviderEvidence, []NetworkAuditValidationIssue)
- func ProviderPluginRequiresUpstreamClientConformance(pluginID string) bool
- func RequiredHardwareClass(req PlacementRequirements) string
- func ResourceLimitsRequireResourceConstrainedExecutor(limits ResourceLimits) bool
- func SoftwareAgentProofSignature(receipt ProofReceipt) string
- func SoftwareAgentServiceSignature(receipt ServiceReceipt) string
- func SoftwareRouterEdgeSignature(receipt EdgeRequestReceipt) string
- func TokenProofKey(token string) string
- func UnmarshalNetworkAuditRecordProtoStrict(data []byte) (*pb.NetworkAuditRecord, error)
- func ValidateAttestedProofBinding(binding AttestedProofBinding) error
- func ValidateAttestedServiceBinding(binding AttestedServiceBinding) error
- func ValidateControlSessionRequest(r *pb.ControlSessionRequest) error
- func ValidatePlacementRequirementsAgainstCapabilities(req PlacementRequirements, caps PlacementRequirementCapabilities) error
- func ValidateProofPolicy(proofTier ProofTier, policy ProofPolicy) error
- func ValidateProviderCapabilities(c *pb.ProviderCapabilities) error
- func ValidateResourceLimitsAgainstCapacity(limits ResourceLimits, capacity ResourceCapacity) error
- func ValidateRunRequest(r *pb.RunRequest) error
- func ValidateRuntimeResultPreview(preview map[string]any) error
- func ValidateSessionEvent(e *pb.SessionEvent) error
- func ValidateStartSessionRequest(r *pb.StartSessionRequest) error
- func VerifyCredentialEdgeSignature(receipt EdgeRequestReceipt, tokenProofKey string) bool
- func VerifyCredentialProofSignature(receipt ProofReceipt, tokenProofKey string) bool
- func VerifyCredentialServiceSignature(receipt ServiceReceipt, tokenProofKey string) bool
- func VerifyManifest(m StreamManifest, issuedNonces []LivenessNonce, reflectWindow time.Duration) error
- type AccessPolicy
- type AccessVisibility
- type AttestationDecision
- type AttestedProofBinding
- type AttestedServiceBinding
- type Capabilities
- type CapabilityReport
- type CapabilityReportStatus
- type Client
- func (c *Client) FindProof(ctx context.Context, taskID string) (ProofReceipt, bool, error)
- func (c *Client) ListProofs(ctx context.Context) ([]ProofReceipt, error)
- func (c *Client) ListTasks(ctx context.Context) (TaskList, error)
- func (c *Client) SubmitTask(ctx context.Context, task Task) (Task, error)
- func (c *Client) TaskSnapshot(ctx context.Context, id string) (Task, bool, []TaskStall, error)
- type ClientConfig
- type CommandWorkload
- type ConfidentialPayloadRef
- type ContainerBuildWorkload
- type ContainerRuntimeScope
- type ContainerRuntimeTool
- type ContentInputRef
- type ContributionAuthority
- type ContributionPolicy
- type CryptoRewardCustodyMode
- type CryptoRewardDistributionMode
- type CryptoRewardParticipantWalletSource
- type CryptoRewardRoutingPolicy
- type DeliveryConsumerKind
- type DeliveryReceipt
- type Discontinuity
- type EdgeRequestReceipt
- type EnvRef
- type ExecutionSecurityTier
- type ExecutorCapabilities
- type ExecutorRef
- type ForwardableArtifactRef
- type GPU
- type HardwareAttestation
- type HardwarePlacementCapabilities
- type HardwareSecurityCapabilities
- type HealthCheck
- type IngressPolicy
- type KeyReleaseDecision
- type Lease
- type LivenessNonce
- type ManagedRuntimeBundleDescriptor
- type ManagedRuntimeCVEPolicy
- type ManagedRuntimeScopedStorePolicy
- type ManagedRuntimeSignatureSubject
- type ManagedRuntimeTarget
- type ManagedRuntimeUpdatePolicy
- type MarketplaceAbuseCase
- type MarketplaceAbuseEvidenceRef
- type MarketplaceAbuseSeverity
- type MarketplaceAbuseStatus
- type MarketplaceAbuseSubjectKind
- type MarketplaceOperationsPolicy
- type MarketplaceOperatorPolicy
- type MarketplacePayoutKeyRotationRequest
- type MarketplaceSuspension
- type MarketplaceTrustRootRotationRequest
- type MediaTransformSpec
- type NetworkAuditDestination
- type NetworkAuditDestinationKind
- type NetworkAuditProviderEvidence
- type NetworkAuditRecord
- type NetworkAuditRefOptions
- type NetworkAuditRefProjection
- type NetworkAuditRefProjector
- type NetworkAuditRefStability
- type NetworkAuditValidationCode
- type NetworkAuditValidationError
- type NetworkAuditValidationIssue
- type NetworkBinding
- type NetworkDestination
- type NetworkMode
- type NetworkOperatingMode
- type NetworkPolicy
- type NetworkProduct
- type NodeServiceWorkload
- type P2PSessionLimits
- type P2PSessionMode
- type P2PSessionPeer
- type P2PSessionPolicy
- type PeerPolicy
- type PlacementCapabilities
- type PlacementConstraints
- type PlacementNetworkPolicy
- type PlacementRequirementCapabilities
- type PlacementRequirements
- type ProductCaptureMode
- type ProductCaptureWorkload
- type ProofList
- type ProofPolicy
- type ProofReceipt
- type ProofTier
- type ProviderArtifactDelivery
- type ProviderArtifactDeliveryAction
- type ProviderArtifactDeliveryArtifact
- type ProviderArtifactDeliveryStatus
- type ProviderArtifactDeliveryStatusUpdate
- type ProviderArtifactReturnSpec
- type ProviderArtifactSpec
- type ProviderCapabilityReport
- type ProviderCapabilityStatus
- type ProviderConfig
- type ProviderConformanceEvidence
- type ProviderContract
- func (c *ProviderContract) ApplyProviderConformanceEvidence(evidence ProviderConformanceEvidence) error
- func (c ProviderContract) Matches(config ProviderConfig) bool
- func (c ProviderContract) SupportsOperation(operation string) bool
- func (c ProviderContract) SupportsProduct(product NetworkProduct) error
- func (c ProviderContract) Validate() error
- type ProviderOperation
- type ProviderRuntimeContract
- type ProviderRuntimeContractOptions
- type ProviderRuntimeProfile
- type ProviderUpstreamClientRequirement
- type ProviderUpstreamImagePolicy
- type ProviderWorkload
- type ReceiptVerificationOptions
- type RedundancyPolicy
- type RedundancyTier
- type Rendition
- type ReputationEvent
- type ReputationEventType
- type ReputationSubjectKind
- type ReputationSummary
- type ResidueMode
- type ResiduePolicy
- type ResiduePolicyValidation
- type ResourceCapacity
- type ResourceLimits
- type ResourceUsage
- type RuntimeAdapterContract
- type RuntimeAdapterKind
- type RuntimeBackendEvidence
- type RuntimeBackendFamily
- type RuntimeBackendReport
- type RuntimeBackendStatus
- type RuntimeDescriptor
- type RuntimeExecutionRequest
- type RuntimeExecutionResult
- type RuntimeInstallBurden
- type RuntimeIsolationMode
- type RuntimePermission
- type RuntimeProfile
- type RuntimeServiceResult
- type RuntimeWorkspacePolicy
- type SLOEvidence
- type SampledFrame
- type SandboxMount
- type Security
- type Segment
- type SegmentProvenance
- type ServiceIngressEvidence
- type ServiceIngressTerminalStatus
- type ServicePort
- type ServiceProvider
- type ServiceReceipt
- type ServiceRunRequest
- type ServiceSession
- type ServiceSessionProvider
- type ServiceStatusEvidence
- type ServiceStatusProbe
- type ServiceWorkload
- type SessionPolicy
- type SettlementHold
- type SettlementHoldStatus
- type SettlementPayoutRequest
- type SettlementTarget
- type SettlementTargetKind
- type SignatureEnvelope
- type SigningCapability
- type StatusError
- type StorageGuidance
- type StreamDestination
- type StreamHandle
- type StreamInputRef
- type StreamManifest
- type StreamReceipt
- type StreamSpec
- type SuspensionScope
- type SuspensionStatus
- type Task
- type TaskList
- type TaskResponse
- type TaskStall
- type TaskStatus
- type UpstreamClientConformance
- type VerificationStatus
- type VerifierResult
- type ViewerEgressConfig
- type WASMRuntimeContract
- type WASMWorkload
- type WorkloadFileRef
- type WorkloadKind
- type WorkloadSpec
Constants ¶
const ( SoftwareAgentSignaturePrefix = "software-agent:" SoftwareRouterSignaturePrefix = "software-router:" CredentialProofSignaturePrefix = "credential-hmac-sha256:" )
const ( MaxProductCaptureTimeoutSeconds = 300 MaxProductCaptureHTMLBytes = 10 << 20 MaxProductCaptureImageCount = 32 )
const MaxRuntimeResultPreviewBytes = 16 * 1024
const NetworkAuditMaxLabels = 32
const NetworkAuditProtocolVersion = Version
const NetworkAuditRefKeyEpoch = "network-audit-ref-v1"
const Version = "compute.v1alpha1"
Variables ¶
var ErrRedundancyTierNotEnabledV1 = errors.New("redundancy tier is not enabled in v1")
Functions ¶
func CanonicalHash ¶
func CredentialEdgeSignature ¶
func CredentialEdgeSignature(receipt EdgeRequestReceipt, tokenProofKey string) string
func CredentialProofSignature ¶
func CredentialProofSignature(receipt ProofReceipt, tokenProofKey string) string
func CredentialServiceSignature ¶
func CredentialServiceSignature(receipt ServiceReceipt, tokenProofKey string) string
func ExecutionTierSupportsResourceLimits ¶
func ExecutionTierSupportsResourceLimits(tier ExecutionSecurityTier) bool
func ExecutorCapabilitiesHaveResourceConstrainedMatch ¶
func ExecutorCapabilitiesHaveResourceConstrainedMatch(req PlacementRequirements, caps ExecutorCapabilities) bool
func ExecutorCapabilitiesHaveSupportedMatch ¶
func ExecutorCapabilitiesHaveSupportedMatch(req PlacementRequirements, caps PlacementRequirementCapabilities) bool
func ExecutorMatchesPlacementRequirements ¶
func ExecutorMatchesPlacementRequirements(executor ExecutorRef, req PlacementRequirements) bool
func HardwareCapabilitiesSatisfyPlacementRequirements ¶
func HardwareCapabilitiesSatisfyPlacementRequirements(req PlacementRequirements, caps HardwarePlacementCapabilities) bool
func NetworkAuditDescriptorDigest ¶ added in v0.2.0
func NetworkAuditDescriptorDigest() string
func NetworkAuditDescriptorSet ¶ added in v0.2.0
func NetworkAuditDescriptorSet() *descriptorpb.FileDescriptorSet
func PlacementConstraintsSatisfiedBy ¶
func PlacementConstraintsSatisfiedBy(c PlacementConstraints, caps PlacementCapabilities, task PlacementNetworkPolicy) error
func PlacementRequiresVerifiedHardwareAttestation ¶
func PlacementRequiresVerifiedHardwareAttestation(req PlacementRequirements) bool
func ProjectNetworkAuditDestination ¶ added in v0.2.0
func ProjectNetworkAuditDestination(raw string) (NetworkAuditDestination, []NetworkAuditValidationIssue)
func ProjectNetworkAuditID ¶ added in v0.2.0
func ProjectNetworkAuditLifecycle ¶ added in v0.2.0
func ProjectNetworkAuditLifecycle(leaseID, event string) (NetworkAuditDestination, []NetworkAuditValidationIssue)
func ProjectNetworkAuditProvider ¶ added in v0.2.0
func ProjectNetworkAuditProvider(providerID, pluginName, pluginVersion, contractID, contractVersion, descriptorDigest string) (NetworkAuditProviderEvidence, []NetworkAuditValidationIssue)
func RequiredHardwareClass ¶
func RequiredHardwareClass(req PlacementRequirements) string
func ResourceLimitsRequireResourceConstrainedExecutor ¶
func ResourceLimitsRequireResourceConstrainedExecutor(limits ResourceLimits) bool
func SoftwareAgentProofSignature ¶
func SoftwareAgentProofSignature(receipt ProofReceipt) string
func SoftwareAgentServiceSignature ¶
func SoftwareAgentServiceSignature(receipt ServiceReceipt) string
func SoftwareRouterEdgeSignature ¶
func SoftwareRouterEdgeSignature(receipt EdgeRequestReceipt) string
func TokenProofKey ¶
func UnmarshalNetworkAuditRecordProtoStrict ¶ added in v0.2.0
func UnmarshalNetworkAuditRecordProtoStrict(data []byte) (*pb.NetworkAuditRecord, error)
func ValidateAttestedProofBinding ¶
func ValidateAttestedProofBinding(binding AttestedProofBinding) error
func ValidateAttestedServiceBinding ¶
func ValidateAttestedServiceBinding(binding AttestedServiceBinding) error
func ValidateControlSessionRequest ¶ added in v0.7.1
func ValidateControlSessionRequest(r *pb.ControlSessionRequest) error
ValidateControlSessionRequest validates the wire fields of a ControlSessionRequest. Both SessionId and Action are required.
func ValidatePlacementRequirementsAgainstCapabilities ¶
func ValidatePlacementRequirementsAgainstCapabilities(req PlacementRequirements, caps PlacementRequirementCapabilities) error
func ValidateProofPolicy ¶
func ValidateProofPolicy(proofTier ProofTier, policy ProofPolicy) error
func ValidateProviderCapabilities ¶ added in v0.7.1
func ValidateProviderCapabilities(c *pb.ProviderCapabilities) error
ValidateProviderCapabilities validates the wire fields of a ProviderCapabilities. ProviderId is required; ExecutorProviders must contain at least one entry.
func ValidateResourceLimitsAgainstCapacity ¶
func ValidateResourceLimitsAgainstCapacity(limits ResourceLimits, capacity ResourceCapacity) error
func ValidateRunRequest ¶ added in v0.7.1
func ValidateRunRequest(r *pb.RunRequest) error
ValidateRunRequest validates the wire fields of a RunRequest. Input and Env are optional; ExecutorProvider is required.
func ValidateSessionEvent ¶ added in v0.7.1
func ValidateSessionEvent(e *pb.SessionEvent) error
ValidateSessionEvent validates the wire fields of a SessionEvent. EventType is required. Evidence is unsigned at this layer and host-signed later; no crypto validation is performed here.
func ValidateStartSessionRequest ¶ added in v0.7.1
func ValidateStartSessionRequest(r *pb.StartSessionRequest) error
ValidateStartSessionRequest validates the wire fields of a StartSessionRequest. Input and Env are optional; ExecutorProvider is required.
func VerifyCredentialEdgeSignature ¶
func VerifyCredentialEdgeSignature(receipt EdgeRequestReceipt, tokenProofKey string) bool
func VerifyCredentialProofSignature ¶
func VerifyCredentialProofSignature(receipt ProofReceipt, tokenProofKey string) bool
func VerifyCredentialServiceSignature ¶
func VerifyCredentialServiceSignature(receipt ServiceReceipt, tokenProofKey string) bool
func VerifyManifest ¶ added in v0.8.0
func VerifyManifest(m StreamManifest, issuedNonces []LivenessNonce, reflectWindow time.Duration) error
VerifyManifest performs content verification of a StreamManifest:
- Segments must be present and Index values strictly increasing (monotonic).
- Each LivenessNonce in the manifest must match an entry in issuedNonces by Nonce value; ReflectedInSeq must reference an existing segment index; the estimated reflection time (manifest.StartedAt + cumulative DurationMS through the referenced segment) must be within reflectWindow of IssuedAt. Note: liveness-nonce *presence* enforcement (ensuring every issued nonce actually appears in the manifest) is the host layer's responsibility; issuedNonces here is treated as a lookup registry, not an exhaustive list.
- Each DeliveryReceipt must cover exactly one segment (SeqStart == SeqEnd); range receipts (SeqStart != SeqEnd) are not supported in v1 and cause an error. Single-segment receipts must have a SHA256 equal to that segment's.
- Segment Index continuity: a gap is permitted only if a Discontinuity marker whose PrevSeq/ResumeSeq bracket it exists; an unmarked gap is an error.
All discovered problems are collected and returned via errors.Join.
Types ¶
type AccessPolicy ¶
type AccessPolicy struct {
ProviderUsageVisibility AccessVisibility `json:"provider_usage_visibility,omitempty"`
WorkloadVisibility AccessVisibility `json:"workload_visibility,omitempty"`
ArtifactVisibility AccessVisibility `json:"artifact_visibility,omitempty"`
}
func (AccessPolicy) Validate ¶
func (p AccessPolicy) Validate() error
type AccessVisibility ¶
type AccessVisibility string
const ( AccessVisibilityPrivate AccessVisibility = "private" AccessVisibilityNetwork AccessVisibility = "network" AccessVisibilityPublic AccessVisibility = "public" )
type AttestationDecision ¶
type AttestationDecision struct {
Provider string `json:"provider,omitempty"`
VerifierID string `json:"verifier_id,omitempty"`
DecisionID string `json:"decision_id,omitempty"`
HardwareClass string `json:"hardware_class,omitempty"`
ExecutorImageDigest string `json:"executor_image_digest,omitempty"`
ExecutorRootFSDigest string `json:"executor_rootfs_digest,omitempty"`
PolicyID string `json:"policy_id,omitempty"`
Nonce string `json:"nonce,omitempty"`
IssuedAt time.Time `json:"issued_at,omitzero"`
ExpiresAt time.Time `json:"expires_at,omitzero"`
SignatureVerified bool `json:"signature_verified,omitempty"`
ConfidentialGPU bool `json:"confidential_gpu,omitempty"`
Signature SignatureEnvelope `json:"signature,omitzero"`
}
func (AttestationDecision) BindingDigest ¶
func (a AttestationDecision) BindingDigest() string
type AttestedProofBinding ¶
type AttestedProofBinding struct {
Executor ExecutorRef `json:"executor"`
PolicyID string `json:"policy_id"`
TaskID string `json:"task_id"`
TaskHash string `json:"task_hash"`
InputHash string `json:"input_hash"`
DependencyClosureHash string `json:"dependency_closure_hash"`
WorkerID string `json:"worker_id"`
PoolID string `json:"pool_id"`
StartedAt time.Time `json:"started_at"`
FinishedAt time.Time `json:"finished_at"`
Verifier VerifierResult `json:"verifier"`
}
type AttestedServiceBinding ¶
type AttestedServiceBinding struct {
Executor ExecutorRef `json:"executor"`
PolicyID string `json:"policy_id"`
TaskID string `json:"task_id"`
DeploymentHash string `json:"deployment_hash"`
WorkerID string `json:"worker_id"`
PoolID string `json:"pool_id"`
StartedAt time.Time `json:"started_at"`
FinishedAt time.Time `json:"finished_at"`
Verifier VerifierResult `json:"verifier"`
}
type Capabilities ¶ added in v0.4.0
type Capabilities struct {
MachineID string `json:"machine_id,omitempty"`
OS string `json:"os,omitempty"`
Arch string `json:"arch,omitempty"`
CPUModel string `json:"cpu_model,omitempty"`
CPUCount int `json:"cpu_count,omitempty"`
MemoryBytes int64 `json:"memory_bytes,omitempty"`
DiskBytes int64 `json:"disk_bytes,omitempty"`
BandwidthMbps int64 `json:"bandwidth_mbps,omitempty"`
IngressCapable bool `json:"ingress_capable,omitempty"`
GPU []GPU `json:"gpu,omitempty"`
ExecutorProviders []string `json:"executor_providers,omitempty"`
Executors []ExecutorRef `json:"executors,omitempty"`
WorkloadKinds []string `json:"workload_kinds,omitempty"`
ExecutionTiers []ExecutionSecurityTier `json:"execution_tiers,omitempty"`
ProofTiers []ProofTier `json:"proof_tiers,omitempty"`
NetworkModes []NetworkMode `json:"network_modes,omitempty"`
CapabilityTags []string `json:"capability_tags,omitempty"`
CapabilityReports []CapabilityReport `json:"capability_reports,omitempty"`
HardwareSecurity Security `json:"hardware_security,omitzero"`
}
type CapabilityReport ¶ added in v0.4.0
type CapabilityReport struct {
Provider string `json:"provider"`
Backend string `json:"backend,omitempty"`
Status CapabilityReportStatus `json:"status"`
Reason string `json:"reason,omitempty"`
Constraints []string `json:"constraints,omitempty"`
}
type CapabilityReportStatus ¶ added in v0.4.0
type CapabilityReportStatus string
const ( CapabilitySupported CapabilityReportStatus = "supported" CapabilityDegraded CapabilityReportStatus = "degraded" CapabilityUnsupported CapabilityReportStatus = "unsupported" )
type Client ¶ added in v0.4.0
type Client struct {
// contains filtered or unexported fields
}
func NewClient ¶ added in v0.4.0
func NewClient(config ClientConfig) (*Client, error)
func (*Client) ListProofs ¶ added in v0.4.0
func (c *Client) ListProofs(ctx context.Context) ([]ProofReceipt, error)
func (*Client) SubmitTask ¶ added in v0.4.0
type ClientConfig ¶ added in v0.4.0
type CommandWorkload ¶ added in v0.3.1
type CommandWorkload struct {
Args []string `json:"args"`
WorkingDirectory string `json:"working_directory,omitempty"`
Env []EnvRef `json:"env,omitempty"`
ArtifactRefs []string `json:"artifact_refs,omitempty"`
ArtifactAllowlist []string `json:"artifact_allowlist,omitempty"`
ConfidentialPayload *ConfidentialPayloadRef `json:"confidential_payload,omitempty"`
}
func (CommandWorkload) Validate ¶ added in v0.3.1
func (w CommandWorkload) Validate() error
type ConfidentialPayloadRef ¶ added in v0.3.1
type ConfidentialPayloadRef struct {
CiphertextRef string `json:"ciphertext_ref"`
CiphertextHash string `json:"ciphertext_hash"`
KeyRefHash string `json:"key_ref_hash"`
Algorithm string `json:"algorithm"`
KBSPolicyID string `json:"kbs_policy_id"`
}
func (ConfidentialPayloadRef) Validate ¶ added in v0.3.1
func (r ConfidentialPayloadRef) Validate() error
type ContainerBuildWorkload ¶ added in v0.3.1
type ContainerBuildWorkload struct {
ContextDirectory string `json:"context_directory"`
Dockerfile string `json:"dockerfile,omitempty"`
Tags []string `json:"tags,omitempty"`
PushTargetRef string `json:"push_target_ref,omitempty"`
PullTargetRef string `json:"pull_target_ref,omitempty"`
Env []EnvRef `json:"env,omitempty"`
}
func (ContainerBuildWorkload) Validate ¶ added in v0.3.1
func (w ContainerBuildWorkload) Validate() error
type ContainerRuntimeScope ¶ added in v0.8.0
type ContainerRuntimeScope struct {
Args []string `json:"args,omitempty"`
}
type ContainerRuntimeTool ¶
type ContainerRuntimeTool string
const ( ContainerRuntimePodman ContainerRuntimeTool = "podman" ContainerRuntimeDocker ContainerRuntimeTool = "docker" ContainerRuntimeNerdctl ContainerRuntimeTool = "nerdctl" ContainerRuntimeAppleContainer ContainerRuntimeTool = "apple-container" )
type ContentInputRef ¶ added in v0.8.3
type ContentInputRef struct {
Name string `json:"name"`
Ref string `json:"ref"`
TargetPath string `json:"target_path"`
SHA256 string `json:"sha256,omitempty"`
ContentType string `json:"content_type,omitempty"`
SizeBytes int64 `json:"size_bytes,omitempty"`
ProviderID string `json:"provider_id,omitempty"`
}
func (ContentInputRef) Validate ¶ added in v0.8.3
func (r ContentInputRef) Validate() error
type ContributionAuthority ¶
type ContributionAuthority string
const ( ContributionAuthorityWFCompute ContributionAuthority = "wfcompute" ContributionAuthorityUpstream ContributionAuthority = "upstream" )
type ContributionPolicy ¶
type ContributionPolicy struct {
ValidationAuthority ContributionAuthority `json:"validation_authority,omitempty"`
CreditAuthority ContributionAuthority `json:"credit_authority,omitempty"`
MonetaryPayouts bool `json:"monetary_payouts,omitempty"`
}
func (ContributionPolicy) ValidateForRewardPolicy ¶
func (p ContributionPolicy) ValidateForRewardPolicy(rewardPolicy string, target SettlementTarget) error
type CryptoRewardCustodyMode ¶
type CryptoRewardCustodyMode string
const CryptoRewardCustodyTreasuryThenDistribute CryptoRewardCustodyMode = "treasury_then_distribute"
type CryptoRewardParticipantWalletSource ¶
type CryptoRewardParticipantWalletSource string
const CryptoRewardParticipantAccountWallet CryptoRewardParticipantWalletSource = "account_wallet"
type CryptoRewardRoutingPolicy ¶
type CryptoRewardRoutingPolicy struct {
Network string `json:"network,omitempty"`
TreasuryAccountID string `json:"treasury_account_id,omitempty"`
TreasuryWalletRef string `json:"treasury_wallet_ref,omitempty"`
CustodyMode CryptoRewardCustodyMode `json:"custody_mode,omitempty"`
DistributionMode CryptoRewardDistributionMode `json:"distribution_mode,omitempty"`
ParticipantWalletSource CryptoRewardParticipantWalletSource `json:"participant_wallet_source,omitempty"`
ManagementFeeBps int `json:"management_fee_bps,omitempty"`
}
func (CryptoRewardRoutingPolicy) Validate ¶
func (p CryptoRewardRoutingPolicy) Validate(target SettlementTarget) error
type DeliveryConsumerKind ¶ added in v0.8.0
type DeliveryConsumerKind string
DeliveryConsumerKind distinguishes the type of consumer receiving segments.
const ( // ConsumerViewer is an end-viewer consuming the stream. ConsumerViewer DeliveryConsumerKind = "viewer" // ConsumerEdgeRelay is an edge relay re-distributing the stream. ConsumerEdgeRelay DeliveryConsumerKind = "edge-relay" )
type DeliveryReceipt ¶ added in v0.8.0
type DeliveryReceipt struct {
ConsumerID string `json:"consumer_id"`
Kind DeliveryConsumerKind `json:"kind"`
SeqStart int `json:"seq_start"`
SeqEnd int `json:"seq_end"`
Bytes int64 `json:"bytes"`
// SHA256 is the hash of the delivered segment range; for single-segment
// receipts (SeqStart == SeqEnd) it must equal the segment's SHA256.
SHA256 string `json:"sha256"`
// Sig is an opaque signature over this receipt; verification of the
// cryptographic signature itself is wired by the host layer.
Sig []byte `json:"sig,omitempty"`
}
DeliveryReceipt records that a consumer received a segment range. For cross-checking, SHA256 must equal the SHA256 of the referenced segment when the receipt covers exactly one segment (SeqStart == SeqEnd).
type Discontinuity ¶ added in v0.8.0
type Discontinuity struct {
At time.Time `json:"at"`
Reason string `json:"reason"`
PrevSeq int `json:"prev_seq"`
ResumeSeq int `json:"resume_seq"`
Sig []byte `json:"sig,omitempty"`
}
Discontinuity marks an intentional gap in segment continuity (e.g. network drop). A gap between PrevSeq and ResumeSeq is considered covered if a Discontinuity with matching PrevSeq and ResumeSeq exists in the manifest. Sig is an opaque signature over this marker; verification of the cryptographic signature itself is wired by the host layer.
type EdgeRequestReceipt ¶
type EdgeRequestReceipt struct {
ProtocolVersion string `json:"protocol_version,omitempty"`
ID string `json:"id"`
OrgID string `json:"org_id"`
PoolID string `json:"pool_id"`
ProductID string `json:"product_id"`
Hostname string `json:"hostname"`
RouteTarget string `json:"route_target"`
ServiceLeaseID string `json:"service_lease_id,omitempty"`
TaskID string `json:"task_id,omitempty"`
WorkerID string `json:"worker_id,omitempty"`
ContentRef string `json:"content_ref,omitempty"`
RequestID string `json:"request_id"`
TraceID string `json:"trace_id"`
Method string `json:"method"`
RequestClass string `json:"request_class"`
RequestHash string `json:"request_hash"`
ResponseHash string `json:"response_hash"`
RequestBytes int64 `json:"request_bytes,omitempty"`
ResponseBytes int64 `json:"response_bytes,omitempty"`
StartedAt time.Time `json:"started_at"`
FinishedAt time.Time `json:"finished_at"`
ResourceUsage ResourceUsage `json:"resource_usage"`
ServiceReceiptIDs []string `json:"service_receipt_ids,omitempty"`
IngressEvidenceID string `json:"ingress_evidence_id,omitempty"`
IngressEvidenceHash string `json:"ingress_evidence_hash,omitempty"`
Verifier VerifierResult `json:"verifier"`
RouterSignature string `json:"router_signature"`
}
func VerifyEdgeRequestReceipt ¶
func VerifyEdgeRequestReceipt(receipt EdgeRequestReceipt, opts ReceiptVerificationOptions) (EdgeRequestReceipt, error)
func (EdgeRequestReceipt) Validate ¶
func (r EdgeRequestReceipt) Validate() error
type EnvRef ¶ added in v0.3.1
type ExecutionSecurityTier ¶
type ExecutionSecurityTier string
const ( ExecutionTrustedNative ExecutionSecurityTier = "trusted-native" ExecutionHardenedContainer ExecutionSecurityTier = "hardened-container" ExecutionSandboxedContainer ExecutionSecurityTier = "sandboxed-container" ExecutionMicroVM ExecutionSecurityTier = "microvm" ExecutionConfidentialCPU ExecutionSecurityTier = "confidential-cpu" ExecutionConfidentialGPU ExecutionSecurityTier = "confidential-gpu" ExecutionWASMCapability ExecutionSecurityTier = "wasm-capability" )
type ExecutorCapabilities ¶
type ExecutorCapabilities struct {
Executors []ExecutorRef `json:"executors,omitempty"`
ExecutionTiers []ExecutionSecurityTier `json:"execution_tiers,omitempty"`
}
type ExecutorRef ¶
type ExecutorRef struct {
Provider string `json:"provider"`
Version string `json:"version"`
ExecutionSecurityTier ExecutionSecurityTier `json:"execution_security_tier,omitempty"`
ProofTier ProofTier `json:"proof_tier,omitempty"`
ImageDigest string `json:"image_digest,omitempty"`
RootFSDigest string `json:"rootfs_digest,omitempty"`
}
func RuntimeBackendReportsSupportedExecutors ¶ added in v0.5.0
func RuntimeBackendReportsSupportedExecutors(reports []RuntimeBackendReport) []ExecutorRef
func (ExecutorRef) RequiresAttestation ¶
func (e ExecutorRef) RequiresAttestation() bool
func (ExecutorRef) ValidateForProof ¶
func (e ExecutorRef) ValidateForProof() error
type ForwardableArtifactRef ¶ added in v0.8.0
type ForwardableArtifactRef struct {
Handle string `json:"handle"`
Digest string `json:"digest"`
ContentType string `json:"content_type"`
TransferTokenRef string `json:"transfer_token_ref"`
}
func (ForwardableArtifactRef) Validate ¶ added in v0.8.0
func (r ForwardableArtifactRef) Validate() error
type HardwareAttestation ¶
type HardwarePlacementCapabilities ¶
type HardwarePlacementCapabilities struct {
GPUCount int `json:"gpu_count,omitempty"`
Security HardwareSecurityCapabilities `json:"security,omitzero"`
Now time.Time `json:"now,omitzero"`
}
type HardwareSecurityCapabilities ¶
type HardwareSecurityCapabilities struct {
TEE []string `json:"tee,omitempty"`
HardwareClasses []string `json:"hardware_classes,omitempty"`
HardwareAttestations []HardwareAttestation `json:"hardware_attestations,omitempty"`
}
type HealthCheck ¶ added in v0.3.3
type HealthCheck struct {
Kind string `json:"kind"`
Path string `json:"path,omitempty"`
Command []string `json:"command,omitempty"`
IntervalSeconds int `json:"interval_seconds,omitempty"`
TimeoutSeconds int `json:"timeout_seconds,omitempty"`
}
func (HealthCheck) IsZero ¶ added in v0.3.3
func (h HealthCheck) IsZero() bool
func (HealthCheck) Validate ¶ added in v0.3.3
func (h HealthCheck) Validate() error
type IngressPolicy ¶ added in v0.3.3
type IngressPolicy struct {
Mode string `json:"mode"`
AllowedCIDRs []string `json:"allowed_cidrs,omitempty"`
AuthRequired bool `json:"auth_required"`
}
func (IngressPolicy) Validate ¶ added in v0.3.3
func (p IngressPolicy) Validate() error
type KeyReleaseDecision ¶
type KeyReleaseDecision struct {
Provider string `json:"provider,omitempty"`
DecisionID string `json:"decision_id,omitempty"`
AttestationDecisionID string `json:"attestation_decision_id,omitempty"`
AttestationDigest string `json:"attestation_digest,omitempty"`
AttestationProvider string `json:"attestation_provider,omitempty"`
AttestationVerifierID string `json:"attestation_verifier_id,omitempty"`
AttestationKeyID string `json:"attestation_key_id,omitempty"`
PolicyID string `json:"policy_id,omitempty"`
TaskID string `json:"task_id,omitempty"`
TaskHash string `json:"task_hash,omitempty"`
InputHash string `json:"input_hash,omitempty"`
DependencyClosureHash string `json:"dependency_closure_hash,omitempty"`
WorkerID string `json:"worker_id,omitempty"`
PoolID string `json:"pool_id,omitempty"`
KeyRefHash string `json:"key_ref_hash,omitempty"`
Released bool `json:"released,omitempty"`
ExpiresAt time.Time `json:"expires_at,omitzero"`
Signature SignatureEnvelope `json:"signature,omitzero"`
}
type Lease ¶ added in v0.4.0
type Lease struct {
ID string `json:"id"`
TaskID string `json:"task_id"`
WorkerID string `json:"worker_id"`
PoolID string `json:"pool_id"`
Executor ExecutorRef `json:"executor"`
CapabilitySnapshot Capabilities `json:"capability_snapshot"`
AllowedPushTargets []string `json:"allowed_push_targets,omitempty"`
AllowedPullTargets []string `json:"allowed_pull_targets,omitempty"`
NetworkPolicy NetworkPolicy `json:"network_policy,omitzero"`
P2PSessionPolicy *P2PSessionPolicy `json:"p2p_session_policy,omitempty"`
ResiduePolicy ResiduePolicy `json:"residue_policy,omitzero"`
LeasedAt time.Time `json:"leased_at"`
ExpiresAt time.Time `json:"expires_at"`
}
type LivenessNonce ¶ added in v0.8.0
type LivenessNonce struct {
Nonce string `json:"nonce"`
IssuedAt time.Time `json:"issued_at"`
ReflectedInSeq int `json:"reflected_in_seq"`
}
LivenessNonce is issued by the host and must appear in the manifest within a reflection window, proving the stream is live and not a replay.
type ManagedRuntimeBundleDescriptor ¶ added in v0.6.0
type ManagedRuntimeBundleDescriptor struct {
ProtocolVersion string `json:"protocol_version,omitempty"`
BundleID string `json:"bundle_id"`
Family RuntimeBackendFamily `json:"family"`
Tool ContainerRuntimeTool `json:"tool,omitempty"`
Version string `json:"version"`
OS string `json:"os"`
Arch string `json:"arch"`
ArtifactName string `json:"artifact_name"`
ArtifactDigest string `json:"artifact_digest"`
ChecksumName string `json:"checksum_name"`
ChecksumDigest string `json:"checksum_digest"`
SignatureName string `json:"signature_name"`
SignatureDigest string `json:"signature_digest"`
SignatureIssuer string `json:"signature_issuer"`
SignatureKeyID string `json:"signature_key_id"`
TrustRootDigest string `json:"trust_root_digest"`
SignatureSubject ManagedRuntimeSignatureSubject `json:"signature_subject"`
ValidUntil time.Time `json:"valid_until,omitzero"`
UpdatePolicy ManagedRuntimeUpdatePolicy `json:"update_policy"`
CVEPolicy ManagedRuntimeCVEPolicy `json:"cve_policy"`
ScopedStore ManagedRuntimeScopedStorePolicy `json:"scoped_store"`
SupportedTargets []ManagedRuntimeTarget `json:"supported_targets"`
ConformanceProfile string `json:"conformance_profile"`
InstallBurden RuntimeInstallBurden `json:"install_burden"`
}
func (ManagedRuntimeBundleDescriptor) Validate ¶ added in v0.6.0
func (d ManagedRuntimeBundleDescriptor) Validate() error
func (ManagedRuntimeBundleDescriptor) ValidateAt ¶ added in v0.6.0
func (d ManagedRuntimeBundleDescriptor) ValidateAt(now time.Time) error
type ManagedRuntimeCVEPolicy ¶ added in v0.6.0
type ManagedRuntimeCVEPolicy struct {
PolicyDigest string `json:"policy_digest"`
BlockedVersions []string `json:"blocked_versions,omitempty"`
RevokedKeyIDs []string `json:"revoked_key_ids,omitempty"`
UpdatedByVersion string `json:"updated_by_version"`
}
func (ManagedRuntimeCVEPolicy) Validate ¶ added in v0.6.0
func (p ManagedRuntimeCVEPolicy) Validate() []error
type ManagedRuntimeScopedStorePolicy ¶ added in v0.6.0
type ManagedRuntimeScopedStorePolicy struct {
Required bool `json:"required"`
NamespaceStrategy string `json:"namespace_strategy"`
StoreStrategy string `json:"store_strategy"`
PolicyDigest string `json:"policy_digest"`
CleanupRequired bool `json:"cleanup_required"`
HostGlobalVisibilityForbidden bool `json:"host_global_visibility_forbidden"`
}
func (ManagedRuntimeScopedStorePolicy) Validate ¶ added in v0.6.0
func (p ManagedRuntimeScopedStorePolicy) Validate() []error
type ManagedRuntimeSignatureSubject ¶ added in v0.6.0
type ManagedRuntimeSignatureSubject struct {
ArtifactDigest string `json:"artifact_digest"`
RuntimeFamily RuntimeBackendFamily `json:"runtime_family"`
OS string `json:"os"`
Arch string `json:"arch"`
Version string `json:"version"`
Channel string `json:"channel"`
ConformanceProfile string `json:"conformance_profile"`
ScopedStorePolicyDigest string `json:"scoped_store_policy_digest"`
}
type ManagedRuntimeTarget ¶ added in v0.6.0
type ManagedRuntimeUpdatePolicy ¶ added in v0.6.0
type ManagedRuntimeUpdatePolicy struct {
Channel string `json:"channel"`
MinSupportedVersion string `json:"min_supported_version"`
BlockedVersions []string `json:"blocked_versions,omitempty"`
}
func (ManagedRuntimeUpdatePolicy) Validate ¶ added in v0.6.0
func (p ManagedRuntimeUpdatePolicy) Validate() []error
type MarketplaceAbuseCase ¶ added in v0.7.0
type MarketplaceAbuseCase struct {
ProtocolVersion string `json:"protocol_version,omitempty"`
ID string `json:"id"`
OrgID string `json:"org_id"`
ProductID string `json:"product_id,omitempty"`
SubjectKind MarketplaceAbuseSubjectKind `json:"subject_kind"`
SubjectID string `json:"subject_id"`
Severity MarketplaceAbuseSeverity `json:"severity"`
Status MarketplaceAbuseStatus `json:"status"`
Reason string `json:"reason"`
EvidenceRefs []MarketplaceAbuseEvidenceRef `json:"evidence_refs,omitempty"`
TaskID string `json:"task_id,omitempty"`
ProofID string `json:"proof_id,omitempty"`
RouteRef string `json:"route_ref,omitempty"`
CreatedAt time.Time `json:"created_at,omitempty"`
UpdatedAt time.Time `json:"updated_at,omitempty"`
ResolvedAt time.Time `json:"resolved_at,omitempty"`
}
func (MarketplaceAbuseCase) Validate ¶ added in v0.7.0
func (c MarketplaceAbuseCase) Validate() error
type MarketplaceAbuseEvidenceRef ¶ added in v0.7.0
type MarketplaceAbuseEvidenceRef struct {
Ref string `json:"ref"`
Digest string `json:"digest,omitempty"`
Note string `json:"note,omitempty"`
}
func (MarketplaceAbuseEvidenceRef) Validate ¶ added in v0.7.0
func (r MarketplaceAbuseEvidenceRef) Validate() error
type MarketplaceAbuseSeverity ¶ added in v0.7.0
type MarketplaceAbuseSeverity string
const ( MarketplaceAbuseSeverityLow MarketplaceAbuseSeverity = "low" MarketplaceAbuseSeverityMedium MarketplaceAbuseSeverity = "medium" MarketplaceAbuseSeverityHigh MarketplaceAbuseSeverity = "high" MarketplaceAbuseSeverityCritical MarketplaceAbuseSeverity = "critical" )
type MarketplaceAbuseStatus ¶ added in v0.7.0
type MarketplaceAbuseStatus string
const ( MarketplaceAbuseStatusOpen MarketplaceAbuseStatus = "open" MarketplaceAbuseStatusInReview MarketplaceAbuseStatus = "in_review" MarketplaceAbuseStatusActioned MarketplaceAbuseStatus = "actioned" MarketplaceAbuseStatusDismissed MarketplaceAbuseStatus = "dismissed" MarketplaceAbuseStatusResolved MarketplaceAbuseStatus = "resolved" )
type MarketplaceAbuseSubjectKind ¶ added in v0.7.0
type MarketplaceAbuseSubjectKind string
const ( MarketplaceAbuseSubjectProduct MarketplaceAbuseSubjectKind = "product" MarketplaceAbuseSubjectRequestor MarketplaceAbuseSubjectKind = "requestor" MarketplaceAbuseSubjectProvider MarketplaceAbuseSubjectKind = "provider" MarketplaceAbuseSubjectRouter MarketplaceAbuseSubjectKind = "router" MarketplaceAbuseSubjectVerifier MarketplaceAbuseSubjectKind = "verifier" )
type MarketplaceOperationsPolicy ¶ added in v0.7.0
type MarketplaceOperationsPolicy struct {
ProtocolVersion string `json:"protocol_version,omitempty"`
ID string `json:"id,omitempty"`
Enabled bool `json:"enabled"`
Version int `json:"version,omitempty"`
TermsVersion string `json:"terms_version,omitempty"`
RewardPolicyVersion string `json:"reward_policy_version,omitempty"`
DisputeWindowHours int `json:"dispute_window_hours,omitempty"`
AbuseContact string `json:"abuse_contact,omitempty"`
PayoutProvider string `json:"payout_provider,omitempty"`
ActivePayoutKeyID string `json:"active_payout_key_id,omitempty"`
PreviousPayoutKeyIDs []string `json:"previous_payout_key_ids,omitempty"`
CreatedAt time.Time `json:"created_at,omitempty"`
UpdatedAt time.Time `json:"updated_at,omitempty"`
}
func (MarketplaceOperationsPolicy) Validate ¶ added in v0.7.0
func (p MarketplaceOperationsPolicy) Validate() error
type MarketplaceOperatorPolicy ¶ added in v0.7.0
type MarketplaceOperatorPolicy struct {
ProtocolVersion string `json:"protocol_version,omitempty"`
ID string `json:"id,omitempty"`
Enabled bool `json:"enabled"`
Version int `json:"version,omitempty"`
OperatorID string `json:"operator_id,omitempty"`
AllowedOrgIDs []string `json:"allowed_org_ids,omitempty"`
AllowedProductIDs []string `json:"allowed_product_ids,omitempty"`
TrustedFederationKeyIDs []string `json:"trusted_federation_key_ids,omitempty"`
CreatedAt time.Time `json:"created_at,omitempty"`
UpdatedAt time.Time `json:"updated_at,omitempty"`
}
func (MarketplaceOperatorPolicy) Validate ¶ added in v0.7.0
func (p MarketplaceOperatorPolicy) Validate() error
type MarketplacePayoutKeyRotationRequest ¶ added in v0.7.0
type MarketplacePayoutKeyRotationRequest struct {
ProtocolVersion string `json:"protocol_version,omitempty"`
NewPayoutKeyID string `json:"new_payout_key_id"`
RequireCurrentVersion int `json:"require_current_version,omitempty"`
Reason string `json:"reason,omitempty"`
}
func (MarketplacePayoutKeyRotationRequest) Validate ¶ added in v0.7.0
func (r MarketplacePayoutKeyRotationRequest) Validate() error
type MarketplaceSuspension ¶ added in v0.7.0
type MarketplaceSuspension struct {
ProtocolVersion string `json:"protocol_version,omitempty"`
ID string `json:"id"`
OrgID string `json:"org_id"`
Scope SuspensionScope `json:"scope"`
SubjectID string `json:"subject_id"`
ProductID string `json:"product_id,omitempty"`
Reason string `json:"reason"`
Status SuspensionStatus `json:"status"`
CreatedAt time.Time `json:"created_at,omitempty"`
LiftedAt time.Time `json:"lifted_at,omitempty"`
}
func (MarketplaceSuspension) Validate ¶ added in v0.7.0
func (s MarketplaceSuspension) Validate() error
type MarketplaceTrustRootRotationRequest ¶ added in v0.7.0
type MarketplaceTrustRootRotationRequest struct {
ProtocolVersion string `json:"protocol_version,omitempty"`
AddTrustedFederationKeyIDs []string `json:"add_trusted_federation_key_ids,omitempty"`
RemoveTrustedFederationKeyIDs []string `json:"remove_trusted_federation_key_ids,omitempty"`
RequireCurrentVersion int `json:"require_current_version,omitempty"`
Reason string `json:"reason,omitempty"`
}
func (MarketplaceTrustRootRotationRequest) Validate ¶ added in v0.7.0
func (r MarketplaceTrustRootRotationRequest) Validate() error
type MediaTransformSpec ¶ added in v0.8.0
type MediaTransformSpec struct {
Scale string `json:"scale,omitempty"`
Crop string `json:"crop,omitempty"`
Pan string `json:"pan,omitempty"`
FPS int `json:"fps,omitempty"`
Codec string `json:"codec,omitempty"`
Container string `json:"container,omitempty"`
BitrateKbps int `json:"bitrate_kbps,omitempty"`
Transpose string `json:"transpose,omitempty"`
RotateDegrees int `json:"rotate_degrees,omitempty"`
Renditions []Rendition `json:"renditions,omitempty"`
}
MediaTransformSpec defines a media-transform workload.
func (MediaTransformSpec) Validate ¶ added in v0.8.0
func (m MediaTransformSpec) Validate() error
Validate returns an error if the MediaTransformSpec is not well-formed.
type NetworkAuditDestination ¶ added in v0.2.0
type NetworkAuditDestination struct {
Kind NetworkAuditDestinationKind `json:"kind"`
Value string `json:"value"`
}
func NewNetworkAuditLifecycleDestination ¶ added in v0.2.0
func NewNetworkAuditLifecycleDestination(leaseID, event string) (NetworkAuditDestination, error)
type NetworkAuditDestinationKind ¶ added in v0.2.0
type NetworkAuditDestinationKind string
const ( NetworkAuditDestinationEndpoint NetworkAuditDestinationKind = "endpoint" NetworkAuditDestinationSHA256 NetworkAuditDestinationKind = "sha256" NetworkAuditDestinationArtifact NetworkAuditDestinationKind = "artifact" NetworkAuditDestinationLifecycle NetworkAuditDestinationKind = "network-lifecycle" )
type NetworkAuditProviderEvidence ¶ added in v0.2.0
type NetworkAuditProviderEvidence struct {
ProviderID string `json:"provider_id,omitempty"`
PluginName string `json:"plugin_name,omitempty"`
PluginVersion string `json:"plugin_version,omitempty"`
ContractID string `json:"contract_id,omitempty"`
ContractVersion string `json:"contract_version,omitempty"`
DescriptorDigest string `json:"descriptor_digest,omitempty"`
}
type NetworkAuditRecord ¶ added in v0.2.0
type NetworkAuditRecord struct {
ProtocolVersion string `json:"protocol_version"`
RecordID string `json:"record_id"`
TaskID string `json:"task_id,omitempty"`
LeaseID string `json:"lease_id,omitempty"`
WorkerID string `json:"worker_id,omitempty"`
Provider NetworkAuditProviderEvidence `json:"provider,omitempty"`
Destination NetworkAuditDestination `json:"destination"`
ResourceUsage ResourceUsage `json:"resource_usage,omitempty"`
Labels map[string]string `json:"labels,omitempty"`
StartedAt time.Time `json:"started_at,omitempty"`
FinishedAt time.Time `json:"finished_at,omitempty"`
ObservedAt time.Time `json:"observed_at,omitempty"`
}
func NetworkAuditRecordFromProto ¶ added in v0.2.0
func NetworkAuditRecordFromProto(message *pb.NetworkAuditRecord) (NetworkAuditRecord, error)
func (NetworkAuditRecord) ToProto ¶ added in v0.2.0
func (r NetworkAuditRecord) ToProto() *pb.NetworkAuditRecord
func (NetworkAuditRecord) Validate ¶ added in v0.2.0
func (r NetworkAuditRecord) Validate() error
func (NetworkAuditRecord) ValidateNetworkAudit ¶ added in v0.2.0
func (r NetworkAuditRecord) ValidateNetworkAudit() []NetworkAuditValidationIssue
type NetworkAuditRefOptions ¶ added in v0.2.0
type NetworkAuditRefOptions struct {
Stability NetworkAuditRefStability
Timestamp time.Time
}
type NetworkAuditRefProjection ¶ added in v0.2.0
type NetworkAuditRefProjection struct {
Ref string `json:"ref"`
Epoch string `json:"epoch"`
Stability NetworkAuditRefStability `json:"stability"`
Timestamp string `json:"timestamp"`
}
type NetworkAuditRefProjector ¶ added in v0.2.0
type NetworkAuditRefProjector struct {
// contains filtered or unexported fields
}
func NewNetworkAuditRefProjector ¶ added in v0.2.0
func NewNetworkAuditRefProjector(key []byte) (NetworkAuditRefProjector, error)
func (NetworkAuditRefProjector) Project ¶ added in v0.2.0
func (p NetworkAuditRefProjector) Project(record NetworkAuditRecord, options NetworkAuditRefOptions) (NetworkAuditRefProjection, error)
type NetworkAuditRefStability ¶ added in v0.2.0
type NetworkAuditRefStability string
const ( NetworkAuditRefStable NetworkAuditRefStability = "stable" NetworkAuditRefEphemeral NetworkAuditRefStability = "ephemeral" )
type NetworkAuditValidationCode ¶ added in v0.2.0
type NetworkAuditValidationCode string
const ( NetworkAuditValidationProtocolVersionInvalid NetworkAuditValidationCode = "protocol_version_invalid" NetworkAuditValidationRecordIDRequired NetworkAuditValidationCode = "record_id_required" NetworkAuditValidationDestinationRequired NetworkAuditValidationCode = "destination_required" NetworkAuditValidationDestinationInvalid NetworkAuditValidationCode = "destination_invalid" NetworkAuditValidationResourceUsageInvalid NetworkAuditValidationCode = "resource_usage_invalid" NetworkAuditValidationLabelInvalid NetworkAuditValidationCode = "label_invalid" NetworkAuditValidationLabelCountExceeded NetworkAuditValidationCode = "label_count_exceeded" NetworkAuditValidationTimeRangeInvalid NetworkAuditValidationCode = "time_range_invalid" NetworkAuditValidationProviderInvalid NetworkAuditValidationCode = "provider_invalid" )
type NetworkAuditValidationError ¶ added in v0.2.0
type NetworkAuditValidationError struct {
Issues []NetworkAuditValidationIssue
}
func (NetworkAuditValidationError) Error ¶ added in v0.2.0
func (e NetworkAuditValidationError) Error() string
type NetworkAuditValidationIssue ¶ added in v0.2.0
type NetworkAuditValidationIssue struct {
Code NetworkAuditValidationCode `json:"code"`
Field string `json:"field"`
Message string `json:"message"`
}
func ClassifyLegacyNetworkAuditRecord ¶ added in v0.2.0
func ClassifyLegacyNetworkAuditRecord(record map[string]any) []NetworkAuditValidationIssue
func ProjectNetworkAuditLabels ¶ added in v0.2.0
func ProjectNetworkAuditLabels(labels map[string]string) (map[string]string, []NetworkAuditValidationIssue)
type NetworkBinding ¶ added in v0.8.0
type NetworkBinding struct {
Mode NetworkMode `json:"mode,omitempty"`
SandboxNetwork string `json:"sandbox_network,omitempty"`
Captive bool `json:"captive,omitempty"`
GatewayEndpoint string `json:"gateway_endpoint,omitempty"`
ProxyURL string `json:"proxy_url,omitempty"`
}
type NetworkDestination ¶ added in v0.4.0
type NetworkDestination struct {
Protocol string `json:"protocol,omitempty"`
Host string `json:"host,omitempty"`
Port int `json:"port,omitempty"`
ContentRef string `json:"content_ref,omitempty"`
}
func (NetworkDestination) Validate ¶ added in v0.4.0
func (d NetworkDestination) Validate() error
type NetworkMode ¶
type NetworkMode string
const ( NetworkModeDirect NetworkMode = "direct" NetworkModeRelay NetworkMode = "relay" NetworkModeTailnet NetworkMode = "tailnet" NetworkModeTor NetworkMode = "tor" NetworkModeP2P NetworkMode = "p2p" NetworkModeOffline NetworkMode = "offline" )
type NetworkOperatingMode ¶
type NetworkOperatingMode string
const ( NetworkModeBatch NetworkOperatingMode = "batch" NetworkModeWarmService NetworkOperatingMode = "warm-service" NetworkModeNodeService NetworkOperatingMode = "node-service" NetworkModeInferenceAPI NetworkOperatingMode = "inference-api" )
type NetworkPolicy ¶ added in v0.4.0
type NetworkPolicy struct {
Mode NetworkMode `json:"mode,omitempty"`
AllowedDestinations []NetworkDestination `json:"allowed_destinations,omitempty"`
IngressHostnames []string `json:"ingress_hostnames,omitempty"`
AllowIngress bool `json:"allow_ingress,omitempty"`
AuditDestinations bool `json:"audit_destinations,omitempty"`
}
func (NetworkPolicy) Validate ¶ added in v0.4.0
func (p NetworkPolicy) Validate() error
type NetworkProduct ¶
type NetworkProduct struct {
ProtocolVersion string `json:"protocol_version"`
ID string `json:"id"`
DisplayName string `json:"display_name,omitempty"`
Purpose string `json:"purpose,omitempty"`
OperatingMode NetworkOperatingMode `json:"operating_mode"`
OrgID string `json:"org_id"`
PoolID string `json:"pool_id"`
WorkloadKinds []string `json:"workload_kinds"`
SecurityFloor PlacementRequirements `json:"security_floor"`
ProofPolicy ProofPolicy `json:"proof_policy,omitzero"`
SessionPolicy SessionPolicy `json:"session_policy,omitzero"`
ProviderConfig ProviderConfig `json:"provider_config,omitzero"`
NetworkModes []NetworkMode `json:"network_modes"`
PlacementConstraints PlacementConstraints `json:"placement_constraints,omitzero"`
RewardPolicy string `json:"reward_policy"`
AbusePolicy string `json:"abuse_policy"`
SettlementAccountID string `json:"settlement_account_id,omitempty"`
SettlementTarget SettlementTarget `json:"settlement_target,omitzero"`
CryptoRewardRouting CryptoRewardRoutingPolicy `json:"crypto_reward_routing,omitzero"`
ContributionPolicy ContributionPolicy `json:"contribution_policy,omitzero"`
AccessPolicy AccessPolicy `json:"access_policy,omitzero"`
ResiduePolicy ResiduePolicy `json:"residue_policy,omitzero"`
AdmissionMode string `json:"admission_mode,omitempty"`
AllowPublic bool `json:"allow_public,omitempty"`
CreatedAt time.Time `json:"created_at,omitempty"`
}
func (NetworkProduct) Validate ¶
func (p NetworkProduct) Validate() error
type NodeServiceWorkload ¶ added in v0.3.3
type NodeServiceWorkload struct {
ImageRef string `json:"image_ref"`
ComponentRef string `json:"component_ref,omitempty"`
ComponentDigest string `json:"component_digest,omitempty"`
Chain string `json:"chain"`
Network string `json:"network"`
DataDirRef string `json:"data_dir_ref"`
RPCSecretRef string `json:"rpc_secret_ref"`
PeerPolicy PeerPolicy `json:"peer_policy"`
ArtifactRefs []string `json:"artifact_refs,omitempty"`
Command []string `json:"command,omitempty"`
HealthCheck HealthCheck `json:"health_check,omitzero"`
Env []EnvRef `json:"env,omitempty"`
}
func (NodeServiceWorkload) Validate ¶ added in v0.3.3
func (w NodeServiceWorkload) Validate() error
type P2PSessionLimits ¶ added in v0.4.0
type P2PSessionLimits struct {
MaxPeers int `json:"max_peers"`
MaxBytesPerPeer int64 `json:"max_bytes_per_peer,omitempty"`
MaxSessionBytes int64 `json:"max_session_bytes,omitempty"`
MaxDurationSeconds int `json:"max_duration_seconds,omitempty"`
}
func (P2PSessionLimits) Validate ¶ added in v0.4.0
func (l P2PSessionLimits) Validate() error
type P2PSessionMode ¶ added in v0.4.0
type P2PSessionMode string
const ( P2PSessionModeRelay P2PSessionMode = "relay" P2PSessionModeStream P2PSessionMode = "p2p_stream" P2PSessionModeContent P2PSessionMode = "p2p_content" )
type P2PSessionPeer ¶ added in v0.4.0
type P2PSessionPeer struct {
ID string `json:"id"`
Role string `json:"role"`
Alias string `json:"alias,omitempty"`
ContentURL string `json:"content_url,omitempty"`
IdentitySHA256 string `json:"identity_sha256,omitempty"`
}
func (P2PSessionPeer) Validate ¶ added in v0.4.0
func (p P2PSessionPeer) Validate() error
type P2PSessionPolicy ¶ added in v0.4.0
type P2PSessionPolicy struct {
ProtocolVersion string `json:"protocol_version,omitempty"`
SessionID string `json:"session_id"`
ProductID string `json:"product_id"`
OrgID string `json:"org_id"`
NetworkID string `json:"network_id"`
OperatorID string `json:"operator_id"`
PolicyVersion string `json:"policy_version"`
IssuedAt time.Time `json:"issued_at"`
NotBefore time.Time `json:"not_before"`
ExpiresAt time.Time `json:"expires_at"`
SessionGeneration int `json:"session_generation"`
EventID string `json:"event_id"`
Nonce string `json:"nonce"`
Mode P2PSessionMode `json:"mode"`
Peers []P2PSessionPeer `json:"peers"`
AllowedProtocols []string `json:"allowed_protocols"`
ContentRefs []string `json:"content_refs,omitempty"`
RouteRefs []string `json:"route_refs,omitempty"`
AllowedDestinations []NetworkDestination `json:"allowed_destinations,omitempty"`
IngressHostnames []string `json:"ingress_hostnames,omitempty"`
Limits P2PSessionLimits `json:"limits"`
ProofPolicy string `json:"proof_policy,omitempty"`
RewardPolicyRef string `json:"reward_policy_ref,omitempty"`
RevocationFeedID string `json:"revocation_feed_id"`
RevocationFreshUntil time.Time `json:"revocation_fresh_until"`
KillDirectiveRefs []string `json:"kill_directive_refs,omitempty"`
PreviousGenerationHash string `json:"previous_generation_hash,omitempty"`
PolicyHash string `json:"policy_hash"`
Signature SignatureEnvelope `json:"signature"`
}
func (P2PSessionPolicy) SigningPayload ¶ added in v0.4.0
func (p P2PSessionPolicy) SigningPayload() P2PSessionPolicy
type PeerPolicy ¶ added in v0.3.3
type PeerPolicy struct {
Mode string `json:"mode"`
AllowedPeers []string `json:"allowed_peers,omitempty"`
EgressAllowlist []string `json:"egress_allowlist,omitempty"`
}
func (PeerPolicy) Validate ¶ added in v0.3.3
func (p PeerPolicy) Validate() error
type PlacementCapabilities ¶
type PlacementCapabilities struct {
DiskBytes int64 `json:"disk_bytes,omitempty"`
MemoryBytes int64 `json:"memory_bytes,omitempty"`
BandwidthMbps int64 `json:"bandwidth_mbps,omitempty"`
IngressCapable bool `json:"ingress_capable,omitempty"`
CapabilityTags []string `json:"capability_tags,omitempty"`
}
type PlacementConstraints ¶
type PlacementConstraints struct {
Chain string `json:"chain,omitempty"`
Role string `json:"role,omitempty"`
MinDiskBytes int64 `json:"min_disk_bytes,omitempty"`
MinMemoryBytes int64 `json:"min_memory_bytes,omitempty"`
MinBandwidthMbps int64 `json:"min_bandwidth_mbps,omitempty"`
RequiresIngress bool `json:"requires_ingress,omitempty"`
RequiredCapabilities []string `json:"required_capabilities,omitempty"`
WalletRef string `json:"wallet_ref,omitempty"`
StorageGuidance StorageGuidance `json:"storage_guidance,omitzero"`
}
func (PlacementConstraints) IsZero ¶
func (c PlacementConstraints) IsZero() bool
func (PlacementConstraints) Validate ¶
func (c PlacementConstraints) Validate(required bool, target SettlementTarget) error
type PlacementNetworkPolicy ¶
type PlacementNetworkPolicy struct {
AllowIngress bool `json:"allow_ingress,omitempty"`
}
type PlacementRequirementCapabilities ¶
type PlacementRequirementCapabilities struct {
CapabilityTags []string `json:"capability_tags,omitempty"`
ExecutorProviders []string `json:"executor_providers,omitempty"`
ExecutionTiers []ExecutionSecurityTier `json:"execution_tiers,omitempty"`
ProofTiers []ProofTier `json:"proof_tiers,omitempty"`
CapabilityReports []ProviderCapabilityReport `json:"capability_reports,omitempty"`
Executors []ExecutorRef `json:"executors,omitempty"`
}
type PlacementRequirements ¶
type PlacementRequirements struct {
ExecutorProvider string `json:"executor_provider,omitempty"`
ExecutionSecurityTier ExecutionSecurityTier `json:"execution_security_tier,omitempty"`
ProofTier ProofTier `json:"proof_tier,omitempty"`
HardwareClass string `json:"hardware_class,omitempty"`
RequiredCapabilities []string `json:"required_capabilities,omitempty"`
}
type ProductCaptureMode ¶ added in v0.3.2
type ProductCaptureMode string
const ( ProductCaptureModeBrowser ProductCaptureMode = "browser" ProductCaptureModeMetadata ProductCaptureMode = "metadata" )
type ProductCaptureWorkload ¶ added in v0.3.2
type ProductCaptureWorkload struct {
URL string `json:"url"`
AllowedHosts []string `json:"allowed_hosts"`
CaptureMode ProductCaptureMode `json:"capture_mode,omitempty"`
TimeoutSeconds int `json:"timeout_seconds,omitempty"`
MaxHTMLBytes int64 `json:"max_html_bytes,omitempty"`
MaxImageCount int `json:"max_image_count,omitempty"`
MetadataOnly bool `json:"metadata_only,omitempty"`
}
func (ProductCaptureWorkload) Validate ¶ added in v0.3.2
func (w ProductCaptureWorkload) Validate() error
type ProofList ¶ added in v0.4.0
type ProofList struct {
Proofs []ProofReceipt `json:"proofs"`
}
type ProofPolicy ¶
type ProofReceipt ¶
type ProofReceipt struct {
ID string `json:"id"`
OrgID string `json:"org_id"`
TaskID string `json:"task_id"`
TaskHash string `json:"task_hash"`
InputHash string `json:"input_hash"`
DependencyClosureHash string `json:"dependency_closure_hash"`
Executor ExecutorRef `json:"executor"`
WorkerID string `json:"worker_id"`
PoolID string `json:"pool_id"`
PolicyID string `json:"policy_id"`
StartedAt time.Time `json:"started_at"`
FinishedAt time.Time `json:"finished_at"`
ExitCode int `json:"exit_code,omitempty"`
ResourceUsage ResourceUsage `json:"resource_usage"`
ArtifactHash string `json:"artifact_hash"`
ResultPreview map[string]any `json:"result_preview,omitempty"`
Verifier VerifierResult `json:"verifier"`
AgentSignature string `json:"agent_signature"`
}
func (ProofReceipt) Validate ¶
func (r ProofReceipt) Validate() error
type ProofTier ¶
type ProofTier string
const ( ProofReceiptOnly ProofTier = "receipt-only" ProofArtifactHash ProofTier = "artifact-hash" ProofReplicatedQuorum ProofTier = "replicated-quorum" ProofAttestedReceipt ProofTier = "attested-receipt" ProofAttestedQuorum ProofTier = "attested-quorum" ProofZKReplay ProofTier = "zk-replay" ProofStreamSegmentManifest ProofTier = "stream-segment-manifest" )
type ProviderArtifactDelivery ¶ added in v0.3.0
type ProviderArtifactDelivery struct {
ProtocolVersion string `json:"protocol_version,omitempty"`
ID string `json:"id"`
OrgID string `json:"org_id"`
PoolID string `json:"pool_id"`
ProductID string `json:"product_id,omitempty"`
TaskID string `json:"task_id"`
ProofID string `json:"proof_id"`
WorkerID string `json:"worker_id"`
ProviderConfig ProviderConfig `json:"provider_config"`
Operation string `json:"operation"`
ReturnSpec ProviderArtifactReturnSpec `json:"provider_return"`
Artifact ProviderArtifactDeliveryArtifact `json:"artifact"`
Status ProviderArtifactDeliveryStatus `json:"status"`
Attempts int `json:"attempts,omitempty"`
LastErrorHash string `json:"last_error_hash,omitempty"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
func (ProviderArtifactDelivery) Validate ¶ added in v0.3.0
func (d ProviderArtifactDelivery) Validate() error
type ProviderArtifactDeliveryAction ¶ added in v0.3.0
type ProviderArtifactDeliveryAction struct {
ProtocolVersion string `json:"protocol_version,omitempty"`
DeliveryID string `json:"delivery_id"`
PluginID string `json:"plugin_id"`
ProviderID string `json:"provider_id"`
ContractID string `json:"contract_id"`
ContractVersion string `json:"contract_version,omitempty"`
StepType string `json:"step_type"`
Operation string `json:"operation"`
SubmitEndpoint string `json:"submit_endpoint,omitempty"`
Artifact ProviderArtifactDeliveryArtifact `json:"artifact"`
TaskID string `json:"task_id"`
ProofID string `json:"proof_id"`
}
type ProviderArtifactDeliveryArtifact ¶ added in v0.3.0
type ProviderArtifactDeliveryArtifact struct {
Name string `json:"name"`
Ref string `json:"ref"`
ContentType string `json:"content_type,omitempty"`
SHA256 string `json:"sha256"`
SizeBytes int64 `json:"size_bytes"`
ExpiresAt time.Time `json:"expires_at,omitempty"`
}
func (ProviderArtifactDeliveryArtifact) Validate ¶ added in v0.3.0
func (a ProviderArtifactDeliveryArtifact) Validate() error
type ProviderArtifactDeliveryStatus ¶ added in v0.3.0
type ProviderArtifactDeliveryStatus string
const ( ProviderArtifactDeliveryPending ProviderArtifactDeliveryStatus = "pending" ProviderArtifactDeliveryDelivered ProviderArtifactDeliveryStatus = "delivered" ProviderArtifactDeliveryFailed ProviderArtifactDeliveryStatus = "failed" ProviderArtifactDeliveryDeadLetter ProviderArtifactDeliveryStatus = "dead_letter" )
type ProviderArtifactDeliveryStatusUpdate ¶ added in v0.3.0
type ProviderArtifactDeliveryStatusUpdate struct {
ProtocolVersion string `json:"protocol_version,omitempty"`
DeliveryID string `json:"delivery_id"`
Status ProviderArtifactDeliveryStatus `json:"status"`
ProviderRef string `json:"provider_ref,omitempty"`
ErrorHash string `json:"error_hash,omitempty"`
ObservedAt time.Time `json:"observed_at,omitempty"`
}
type ProviderArtifactReturnSpec ¶ added in v0.3.0
type ProviderArtifactReturnSpec struct {
StepType string `json:"step_type"`
Contract string `json:"contract"`
ContractVersion string `json:"contract_version,omitempty"`
SubmitEndpoint string `json:"submit_endpoint,omitempty"`
RequiredConfig []string `json:"required_config,omitempty"`
OutputHandling []string `json:"output_handling,omitempty"`
}
func (ProviderArtifactReturnSpec) Enabled ¶ added in v0.3.0
func (s ProviderArtifactReturnSpec) Enabled() bool
func (ProviderArtifactReturnSpec) Validate ¶ added in v0.3.0
func (s ProviderArtifactReturnSpec) Validate() error
type ProviderArtifactSpec ¶
type ProviderArtifactSpec struct {
Name string `json:"name"`
Required bool `json:"required,omitempty"`
ContentType string `json:"content_type,omitempty"`
MaxBytes int64 `json:"max_bytes,omitempty"`
RetentionSeconds int `json:"retention_seconds,omitempty"`
Forwardable bool `json:"forwardable,omitempty"`
ProviderReturn *ProviderArtifactReturnSpec `json:"provider_return,omitempty"`
}
type ProviderCapabilityReport ¶
type ProviderCapabilityReport struct {
Provider string `json:"provider"`
Status ProviderCapabilityStatus `json:"status"`
Reason string `json:"reason,omitempty"`
}
func ProviderCapabilityReportsFromRuntimeBackends ¶ added in v0.5.0
func ProviderCapabilityReportsFromRuntimeBackends(reports []RuntimeBackendReport) []ProviderCapabilityReport
type ProviderCapabilityStatus ¶
type ProviderCapabilityStatus string
const ( ProviderCapabilitySupported ProviderCapabilityStatus = "supported" ProviderCapabilityDegraded ProviderCapabilityStatus = "degraded" ProviderCapabilityUnsupported ProviderCapabilityStatus = "unsupported" )
type ProviderConfig ¶
type ProviderConfig struct {
PluginID string `json:"plugin_id,omitempty"`
ProviderID string `json:"provider_id,omitempty"`
ContractID string `json:"contract_id,omitempty"`
Version string `json:"version,omitempty"`
ConfigRef string `json:"config_ref,omitempty"`
ConfigDigest string `json:"config_digest,omitempty"`
}
func (ProviderConfig) Validate ¶
func (p ProviderConfig) Validate() error
type ProviderConformanceEvidence ¶
type ProviderConformanceEvidence struct {
ProtocolVersion string `json:"protocol_version"`
ID string `json:"id"`
PluginID string `json:"plugin_id"`
ProviderID string `json:"provider_id"`
ContractID string `json:"contract_id"`
Version string `json:"version"`
RuntimeProfileID string `json:"runtime_profile_id"`
ConformanceProfile string `json:"conformance_profile"`
UpstreamClientName string `json:"upstream_client_name"`
UpstreamClientVersion string `json:"upstream_client_version"`
EvidenceRef string `json:"evidence_ref"`
EvidenceDigest string `json:"evidence_digest"`
ObservedAt time.Time `json:"observed_at"`
CreatedAt time.Time `json:"created_at,omitempty"`
}
func (ProviderConformanceEvidence) Validate ¶
func (e ProviderConformanceEvidence) Validate() error
type ProviderContract ¶
type ProviderContract struct {
ProtocolVersion string `json:"protocol_version"`
ID string `json:"id"`
PluginID string `json:"plugin_id"`
ProviderID string `json:"provider_id"`
ContractID string `json:"contract_id"`
Version string `json:"version"`
DisplayName string `json:"display_name,omitempty"`
OrgID string `json:"org_id,omitempty"`
PoolID string `json:"pool_id,omitempty"`
AccessPolicy AccessPolicy `json:"access_policy,omitzero"`
ConfigSchemaRef string `json:"config_schema_ref"`
ConfigSchemaDigest string `json:"config_schema_digest"`
OperatingModes []NetworkOperatingMode `json:"operating_modes"`
WorkloadKinds []string `json:"workload_kinds"`
ExecutorProviders []string `json:"executor_providers"`
ExecutionSecurityTiers []ExecutionSecurityTier `json:"execution_security_tiers"`
ProofTiers []ProofTier `json:"proof_tiers"`
NetworkModes []NetworkMode `json:"network_modes"`
Operations []ProviderOperation `json:"operations,omitempty"`
RuntimeContract ProviderRuntimeContract `json:"runtime_contract"`
CreatedAt time.Time `json:"created_at,omitempty"`
}
func (*ProviderContract) ApplyProviderConformanceEvidence ¶
func (c *ProviderContract) ApplyProviderConformanceEvidence(evidence ProviderConformanceEvidence) error
func (ProviderContract) Matches ¶
func (c ProviderContract) Matches(config ProviderConfig) bool
func (ProviderContract) SupportsOperation ¶
func (c ProviderContract) SupportsOperation(operation string) bool
func (ProviderContract) SupportsProduct ¶
func (c ProviderContract) SupportsProduct(product NetworkProduct) error
func (ProviderContract) Validate ¶
func (c ProviderContract) Validate() error
type ProviderOperation ¶
type ProviderOperation struct {
ID string `json:"id"`
InputSchemaRef string `json:"input_schema_ref"`
InputSchemaDigest string `json:"input_schema_digest"`
OutputSchemaRef string `json:"output_schema_ref"`
OutputSchemaDigest string `json:"output_schema_digest"`
Artifacts []string `json:"artifacts,omitempty"`
ArtifactSpecs []ProviderArtifactSpec `json:"artifact_specs,omitempty"`
}
func (ProviderOperation) NormalizedArtifactSpecs ¶
func (o ProviderOperation) NormalizedArtifactSpecs() []ProviderArtifactSpec
func (ProviderOperation) Validate ¶
func (o ProviderOperation) Validate() error
type ProviderRuntimeContract ¶
type ProviderRuntimeContract struct {
Profiles []ProviderRuntimeProfile `json:"profiles"`
}
func DefaultProviderRuntimeContract ¶
func DefaultProviderRuntimeContract(executors []string, tiers []ExecutionSecurityTier, proofs []ProofTier, options ProviderRuntimeContractOptions) ProviderRuntimeContract
func (ProviderRuntimeContract) RuntimeProfileForRequirements ¶
func (c ProviderRuntimeContract) RuntimeProfileForRequirements(req PlacementRequirements) (ProviderRuntimeProfile, bool)
func (ProviderRuntimeContract) SupportsProduct ¶
func (c ProviderRuntimeContract) SupportsProduct(product NetworkProduct) bool
func (ProviderRuntimeContract) Validate ¶
func (c ProviderRuntimeContract) Validate() error
type ProviderRuntimeContractOptions ¶
type ProviderRuntimeContractOptions struct {
ConformanceProfiles []string
UpstreamClientConformance UpstreamClientConformance
UpstreamClientEvidenceRef string
UpstreamClientEvidenceDigest string
}
type ProviderRuntimeProfile ¶
type ProviderRuntimeProfile struct {
ID string `json:"id"`
RuntimeProfile RuntimeProfile `json:"runtime_profile"`
ExecutorProvider string `json:"executor_provider"`
ExecutionSecurityTier ExecutionSecurityTier `json:"execution_security_tier"`
ProofTier ProofTier `json:"proof_tier"`
AllowedRuntimeTools []ContainerRuntimeTool `json:"allowed_runtime_tools,omitempty"`
ImageDigestRequired bool `json:"image_digest_required"`
RootFSDigestRequired bool `json:"rootfs_digest_required"`
AllowedMountRefs []string `json:"allowed_mount_refs,omitempty"`
WritablePaths []string `json:"writable_paths,omitempty"`
WritableRootFS RuntimePermission `json:"writable_rootfs"`
Privileged RuntimePermission `json:"privileged"`
HostNamespaces RuntimePermission `json:"host_namespaces"`
HostSocket RuntimePermission `json:"host_socket"`
SeccompDisable RuntimePermission `json:"seccomp_disable"`
NoNewPrivilegesDisable RuntimePermission `json:"no_new_privileges_disable"`
AllowedCapabilities []string `json:"allowed_capabilities,omitempty"`
ConformanceProfiles []string `json:"conformance_profiles,omitempty"`
UpstreamClientConformance UpstreamClientConformance `json:"upstream_client_conformance,omitempty"`
UpstreamClientEvidenceRef string `json:"upstream_client_evidence_ref,omitempty"`
UpstreamClientEvidenceDigest string `json:"upstream_client_evidence_digest,omitempty"`
HostWorkspaceSupported bool `json:"host_workspace_supported,omitempty"`
ResiduePolicy ResiduePolicy `json:"residue_policy,omitzero"`
WASM WASMRuntimeContract `json:"wasm,omitzero"`
}
func DefaultProviderRuntimeProfile ¶
func DefaultProviderRuntimeProfile(executorProvider string, tier ExecutionSecurityTier, proof ProofTier) ProviderRuntimeProfile
func (ProviderRuntimeProfile) Validate ¶
func (p ProviderRuntimeProfile) Validate() error
type ProviderUpstreamClientRequirement ¶
type ProviderUpstreamClientRequirement struct {
ProtocolVersion string `json:"protocol_version"`
PluginID string `json:"plugin_id"`
ProviderID string `json:"provider_id"`
ContractID string `json:"contract_id"`
Version string `json:"version"`
RuntimeProfileID string `json:"runtime_profile_id"`
ConformanceProfile string `json:"conformance_profile"`
DefaultConformance UpstreamClientConformance `json:"default_conformance"`
RealClientConformance UpstreamClientConformance `json:"real_client_conformance"`
UpstreamClientName string `json:"upstream_client_name"`
VersionProbeCommand []string `json:"version_probe_command,omitempty"`
ImagePolicy ProviderUpstreamImagePolicy `json:"image_policy"`
RequiredEvidence []string `json:"required_evidence,omitempty"`
Notes []string `json:"notes,omitempty"`
}
func (ProviderUpstreamClientRequirement) Validate ¶
func (r ProviderUpstreamClientRequirement) Validate() error
type ProviderUpstreamImagePolicy ¶
type ProviderUpstreamImagePolicy struct {
DigestPinnedImageRequired bool `json:"digest_pinned_image_required"`
OperatorSuppliedImageRequired bool `json:"operator_supplied_image_required,omitempty"`
RecommendedImageRef string `json:"recommended_image_ref,omitempty"`
KnownImageRefs []string `json:"known_image_refs,omitempty"`
}
func (ProviderUpstreamImagePolicy) Validate ¶
func (p ProviderUpstreamImagePolicy) Validate() error
type ProviderWorkload ¶ added in v0.3.2
type ProviderWorkload struct {
ProviderConfig ProviderConfig `json:"provider_config"`
Operation string `json:"operation"`
ImageRef string `json:"image_ref,omitempty"`
ComponentRef string `json:"component_ref,omitempty"`
ComponentDigest string `json:"component_digest,omitempty"`
ABI string `json:"abi,omitempty"`
Input json.RawMessage `json:"input"`
ArtifactRefs []string `json:"artifact_refs,omitempty"`
ContentInputs []ContentInputRef `json:"content_inputs,omitempty"`
StreamInputs []StreamInputRef `json:"stream_inputs,omitempty"`
}
func (ProviderWorkload) Validate ¶ added in v0.3.2
func (w ProviderWorkload) Validate() error
type RedundancyPolicy ¶ added in v0.8.0
type RedundancyPolicy struct {
Tier RedundancyTier `json:"tier"`
StandbyCount int `json:"standby_count,omitempty"`
CutoverDeadlineMS int `json:"cutover_deadline_ms,omitempty"`
}
func (RedundancyPolicy) Validate ¶ added in v0.8.0
func (p RedundancyPolicy) Validate() error
type RedundancyTier ¶ added in v0.8.0
type RedundancyTier string
const ( RedundancyNone RedundancyTier = "none" RedundancyWarmStandby RedundancyTier = "warm-standby" RedundancyActiveActive RedundancyTier = "active-active" )
type Rendition ¶ added in v0.8.0
type Rendition struct {
Name string `json:"name"`
Scale string `json:"scale,omitempty"`
BitrateKbps int `json:"bitrate_kbps,omitempty"`
}
Rendition describes a single output variant in a transcoding ladder.
type ReputationEvent ¶ added in v0.7.0
type ReputationEvent struct {
ProtocolVersion string `json:"protocol_version,omitempty"`
ID string `json:"id"`
OrgID string `json:"org_id"`
SubjectKind ReputationSubjectKind `json:"subject_kind"`
SubjectID string `json:"subject_id"`
ProductID string `json:"product_id,omitempty"`
TaskID string `json:"task_id,omitempty"`
ProofID string `json:"proof_id,omitempty"`
Type ReputationEventType `json:"type"`
ScoreDelta int `json:"score_delta"`
Reason string `json:"reason"`
RecordedAt time.Time `json:"recorded_at,omitempty"`
}
func (ReputationEvent) Validate ¶ added in v0.7.0
func (e ReputationEvent) Validate() error
type ReputationEventType ¶ added in v0.7.0
type ReputationEventType string
const ( ReputationProofAccepted ReputationEventType = "proof_accepted" ReputationProofRejected ReputationEventType = "proof_rejected" ReputationDisputeWon ReputationEventType = "dispute_won" ReputationDisputeLost ReputationEventType = "dispute_lost" ReputationKillComplied ReputationEventType = "kill_complied" ReputationKillIgnored ReputationEventType = "kill_ignored" ReputationPolicyViolation ReputationEventType = "policy_violation" ReputationManualAdjustment ReputationEventType = "manual_adjustment" ReputationAvailabilityPenalty ReputationEventType = "availability_penalty" )
type ReputationSubjectKind ¶ added in v0.7.0
type ReputationSubjectKind string
const ( ReputationSubjectProvider ReputationSubjectKind = "provider" ReputationSubjectRequestor ReputationSubjectKind = "requestor" ReputationSubjectRouter ReputationSubjectKind = "router" ReputationSubjectVerifier ReputationSubjectKind = "verifier" )
type ReputationSummary ¶ added in v0.7.0
type ReputationSummary struct {
OrgID string `json:"org_id"`
SubjectKind ReputationSubjectKind `json:"subject_kind"`
SubjectID string `json:"subject_id"`
ProductID string `json:"product_id,omitempty"`
Score int `json:"score"`
EventCount int `json:"event_count"`
}
func (ReputationSummary) Validate ¶ added in v0.7.0
func (s ReputationSummary) Validate() error
type ResidueMode ¶
type ResidueMode string
const ( ResidueModeIsolated ResidueMode = "isolated" ResidueModeNone ResidueMode = "none" ResidueModeProviderBound ResidueMode = "provider-bound" ResidueModeWorkerBound ResidueMode = "worker-bound" ResidueModeSessionBound ResidueMode = "session-bound" )
type ResiduePolicy ¶
type ResiduePolicy struct {
Mode ResidueMode `json:"mode,omitempty"`
AllowedModes []ResidueMode `json:"allowed_modes,omitempty"`
SessionKey string `json:"session_key,omitempty"`
PolicyHash string `json:"policy_hash,omitempty"`
MaxAgeSeconds int `json:"max_age_seconds,omitempty"`
MaxReuseCount int `json:"max_reuse_count,omitempty"`
WipeOnFailure bool `json:"wipe_on_failure,omitempty"`
ExplicitWorkerBound bool `json:"explicit_worker_bound,omitempty"`
}
func (ResiduePolicy) IsZero ¶
func (p ResiduePolicy) IsZero() bool
func (ResiduePolicy) UsesReusableWorkspace ¶
func (p ResiduePolicy) UsesReusableWorkspace() bool
func (ResiduePolicy) Validate ¶
func (p ResiduePolicy) Validate(v ResiduePolicyValidation) error
type ResiduePolicyValidation ¶
type ResourceCapacity ¶
type ResourceLimits ¶
type ResourceLimits struct {
CPUPercent int `json:"cpu_percent,omitempty"`
MemoryBytes int64 `json:"memory_bytes,omitempty"`
WorkspaceBytes int64 `json:"workspace_bytes,omitempty"`
RuntimeSeconds int `json:"runtime_seconds,omitempty"`
NetworkEgressBytes int64 `json:"network_egress_bytes,omitempty"`
OutputBytes int64 `json:"output_bytes,omitempty"`
}
func (ResourceLimits) Validate ¶
func (l ResourceLimits) Validate() error
type ResourceUsage ¶
type ResourceUsage struct {
CPUMillis int64 `json:"cpu_millis,omitempty"`
GPUMillis int64 `json:"gpu_millis,omitempty"`
MaxMemoryBytes int64 `json:"max_memory_bytes,omitempty"`
NetworkRxBytes int64 `json:"network_rx_bytes,omitempty"`
NetworkTxBytes int64 `json:"network_tx_bytes,omitempty"`
WorkspaceBytes int64 `json:"workspace_bytes,omitempty"`
OutputBytes int64 `json:"output_bytes,omitempty"`
LimitHit string `json:"limit_hit,omitempty"`
}
type RuntimeAdapterContract ¶
type RuntimeAdapterContract struct {
ProtocolVersion string `json:"protocol_version"`
AdapterID string `json:"adapter_id"`
Descriptor RuntimeDescriptor `json:"descriptor,omitzero"`
Kinds []RuntimeAdapterKind `json:"kinds"`
WorkloadKinds []WorkloadKind `json:"workload_kinds"`
RuntimeProfiles []RuntimeProfile `json:"runtime_profiles,omitempty"`
WorkspacePolicy RuntimeWorkspacePolicy `json:"workspace_policy"`
ConformanceProfiles []string `json:"conformance_profiles"`
ResiduePolicy ResiduePolicy `json:"residue_policy,omitzero"`
ProviderConfig ProviderConfig `json:"provider_config,omitzero"`
Metadata map[string]string `json:"metadata,omitempty"`
}
func (RuntimeAdapterContract) Supports ¶
func (c RuntimeAdapterContract) Supports(kind WorkloadKind) bool
func (RuntimeAdapterContract) SupportsAdapterKind ¶
func (c RuntimeAdapterContract) SupportsAdapterKind(kind RuntimeAdapterKind) bool
func (RuntimeAdapterContract) Validate ¶
func (c RuntimeAdapterContract) Validate() error
type RuntimeAdapterKind ¶
type RuntimeAdapterKind string
const ( RuntimeAdapterExecution RuntimeAdapterKind = "execution" RuntimeAdapterServiceRun RuntimeAdapterKind = "service-run" RuntimeAdapterServiceSession RuntimeAdapterKind = "service-session" )
type RuntimeBackendEvidence ¶ added in v0.5.0
type RuntimeBackendEvidence struct {
Digest string `json:"digest,omitempty"`
Workspace bool `json:"workspace,omitempty"`
Network bool `json:"network,omitempty"`
Env bool `json:"env,omitempty"`
Proof bool `json:"proof,omitempty"`
Cleanup bool `json:"cleanup,omitempty"`
Details []string `json:"details,omitempty"`
}
type RuntimeBackendFamily ¶ added in v0.5.0
type RuntimeBackendFamily string
const ( RuntimeBackendFamilyPodman RuntimeBackendFamily = "podman" RuntimeBackendFamilyDocker RuntimeBackendFamily = "docker" RuntimeBackendFamilyNerdctl RuntimeBackendFamily = "nerdctl" RuntimeBackendFamilyContainerd RuntimeBackendFamily = "containerd" RuntimeBackendFamilyAppleContainer RuntimeBackendFamily = "apple-container" RuntimeBackendFamilyHyperV RuntimeBackendFamily = "hyper-v" RuntimeBackendFamilyWSL RuntimeBackendFamily = "wsl" RuntimeBackendFamilyMediaMTX RuntimeBackendFamily = "mediamtx" )
type RuntimeBackendReport ¶ added in v0.5.0
type RuntimeBackendReport struct {
ProtocolVersion string `json:"protocol_version,omitempty"`
BackendID string `json:"backend_id"`
Family RuntimeBackendFamily `json:"family"`
Tool ContainerRuntimeTool `json:"tool,omitempty"`
Version string `json:"version,omitempty"`
OS string `json:"os,omitempty"`
Arch string `json:"arch,omitempty"`
Status RuntimeBackendStatus `json:"status"`
Reason string `json:"reason,omitempty"`
IsolationMode RuntimeIsolationMode `json:"isolation_mode"`
InstallBurden RuntimeInstallBurden `json:"install_burden,omitempty"`
RuntimeProfiles []RuntimeProfile `json:"runtime_profiles,omitempty"`
ExecutorProviders []string `json:"executor_providers,omitempty"`
Executors []ExecutorRef `json:"executors,omitempty"`
ConformanceProfiles []string `json:"conformance_profiles,omitempty"`
Evidence RuntimeBackendEvidence `json:"evidence,omitzero"`
Bundle *ManagedRuntimeBundleDescriptor `json:"bundle,omitempty"`
GeneratedAt time.Time `json:"generated_at,omitzero"`
Constraints []string `json:"constraints,omitempty"`
}
func (RuntimeBackendReport) Validate ¶ added in v0.5.0
func (r RuntimeBackendReport) Validate() error
func (RuntimeBackendReport) ValidateAt ¶ added in v0.6.0
func (r RuntimeBackendReport) ValidateAt(now time.Time) error
type RuntimeBackendStatus ¶ added in v0.5.0
type RuntimeBackendStatus string
const ( RuntimeBackendSupported RuntimeBackendStatus = "supported" RuntimeBackendDegraded RuntimeBackendStatus = "degraded" RuntimeBackendUnsupported RuntimeBackendStatus = "unsupported" )
type RuntimeDescriptor ¶
type RuntimeDescriptor struct {
Name string `json:"name"`
Version string `json:"version"`
ExecutionSecurityTier ExecutionSecurityTier `json:"execution_security_tier,omitempty"`
ProofTier ProofTier `json:"proof_tier,omitempty"`
ImageDigest string `json:"image_digest,omitempty"`
RootFSDigest string `json:"rootfs_digest,omitempty"`
}
func (RuntimeDescriptor) ExecutorRef ¶
func (d RuntimeDescriptor) ExecutorRef(defaultProvider string) ExecutorRef
func (RuntimeDescriptor) Validate ¶
func (d RuntimeDescriptor) Validate() error
type RuntimeExecutionRequest ¶
type RuntimeExecutionRequest struct {
ProtocolVersion string `json:"protocol_version"`
TaskID string `json:"task_id"`
LeaseID string `json:"lease_id"`
WorkloadKind WorkloadKind `json:"workload_kind"`
ProviderConfig ProviderConfig `json:"provider_config,omitzero"`
Operation string `json:"operation,omitempty"`
Input json.RawMessage `json:"input,omitempty"`
Env map[string]string `json:"env,omitempty"`
Limits ResourceLimits `json:"limits,omitzero"`
}
func (RuntimeExecutionRequest) Validate ¶
func (r RuntimeExecutionRequest) Validate() error
type RuntimeExecutionResult ¶
type RuntimeExecutionResult struct {
StartedAt time.Time `json:"started_at,omitempty"`
FinishedAt time.Time `json:"finished_at,omitempty"`
ExitCode int `json:"exit_code,omitempty"`
Stdout []byte `json:"stdout,omitempty"`
Stderr []byte `json:"stderr,omitempty"`
ArtifactHash string `json:"artifact_hash,omitempty"`
Artifacts []string `json:"artifacts,omitempty"`
ResultPreview map[string]any `json:"result_preview,omitempty"`
ResourceUsage ResourceUsage `json:"resource_usage,omitzero"`
}
func (RuntimeExecutionResult) Validate ¶
func (r RuntimeExecutionResult) Validate() error
type RuntimeInstallBurden ¶ added in v0.5.0
type RuntimeInstallBurden string
const ( RuntimeInstallBundled RuntimeInstallBurden = "bundled" RuntimeInstallSystemInstalled RuntimeInstallBurden = "system-installed" RuntimeInstallDesktopManaged RuntimeInstallBurden = "desktop-managed" RuntimeInstallWSLHyperV RuntimeInstallBurden = "wsl-hyper-v" RuntimeInstallUnsupported RuntimeInstallBurden = "unsupported" )
type RuntimeIsolationMode ¶ added in v0.5.0
type RuntimeIsolationMode string
const ( RuntimeIsolationUserNamespace RuntimeIsolationMode = "user-namespace" RuntimeIsolationVMBackedContainer RuntimeIsolationMode = "vm-backed-container" RuntimeIsolationMicroVM RuntimeIsolationMode = "microvm" RuntimeIsolationConfidentialRuntime RuntimeIsolationMode = "confidential-runtime" )
type RuntimePermission ¶
type RuntimePermission string
const ( RuntimePermissionForbidden RuntimePermission = "forbidden" RuntimePermissionExplicit RuntimePermission = "explicit" RuntimePermissionAllowed RuntimePermission = "allowed" )
type RuntimeProfile ¶
type RuntimeProfile string
const ( RuntimeProfileSandboxedOCI RuntimeProfile = "sandboxed-oci-v1" RuntimeProfileContainerBuild RuntimeProfile = "container-build-v1" RuntimeProfileServiceOCI RuntimeProfile = "service-oci-v1" RuntimeProfileWASMComponent RuntimeProfile = "wasm-component-v1" RuntimeProfileBrowserWorker RuntimeProfile = "browser-worker-wasm-v1" )
type RuntimeServiceResult ¶
type RuntimeServiceResult struct {
StartedAt time.Time `json:"started_at,omitempty"`
FinishedAt time.Time `json:"finished_at,omitempty"`
RequestHash string `json:"request_hash,omitempty"`
ResponseHash string `json:"response_hash,omitempty"`
ResourceUsage ResourceUsage `json:"resource_usage,omitzero"`
SLOEvidence SLOEvidence `json:"slo_evidence,omitzero"`
StatusEvidence ServiceStatusEvidence `json:"status_evidence,omitzero"`
}
func (RuntimeServiceResult) Validate ¶
func (r RuntimeServiceResult) Validate() error
type RuntimeWorkspacePolicy ¶
type RuntimeWorkspacePolicy string
const ( RuntimeWorkspaceOptional RuntimeWorkspacePolicy = "optional" RuntimeWorkspaceRequired RuntimeWorkspacePolicy = "required" )
type SLOEvidence ¶
type SLOEvidence struct {
LatencyMillis int64 `json:"latency_millis,omitempty"`
StatusCode int `json:"status_code,omitempty"`
DeadlineMS int64 `json:"deadline_ms,omitempty"`
Healthy bool `json:"healthy,omitempty"`
}
func (SLOEvidence) Validate ¶
func (e SLOEvidence) Validate() error
type SampledFrame ¶ added in v0.8.0
SampledFrame is a spot-check frame hash used for content authenticity.
type SandboxMount ¶ added in v0.8.0
type Security ¶ added in v0.4.0
type Security struct {
TPM bool `json:"tpm,omitempty"`
SecureEnclave bool `json:"secure_enclave,omitempty"`
TEE []string `json:"tee,omitempty"`
HardwareClasses []string `json:"hardware_classes,omitempty"`
HardwareAttestations []HardwareAttestation `json:"hardware_attestations,omitempty"`
Signing []SigningCapability `json:"signing,omitempty"`
}
type Segment ¶ added in v0.8.0
type Segment struct {
Index int `json:"index"`
DurationMS int64 `json:"duration_ms"`
Bytes int64 `json:"bytes"`
SHA256 string `json:"sha256"`
Provenance SegmentProvenance `json:"provenance"`
}
Segment describes a single contiguous segment of a live stream.
type SegmentProvenance ¶ added in v0.8.0
type SegmentProvenance string
SegmentProvenance describes how a segment's integrity was established.
const ( // ProvenanceHostVerified means the host measured and verified the segment. ProvenanceHostVerified SegmentProvenance = "host-verified" // ProvenanceAttested means the segment hash was provided by the worker and // attested rather than independently measured. ProvenanceAttested SegmentProvenance = "attested" )
type ServiceIngressEvidence ¶
type ServiceIngressEvidence struct {
ID string `json:"id"`
OrgID string `json:"org_id"`
PoolID string `json:"pool_id"`
ProductID string `json:"product_id"`
Hostname string `json:"hostname"`
RouteTarget string `json:"route_target"`
ServiceLeaseID string `json:"service_lease_id"`
TaskID string `json:"task_id"`
WorkerID string `json:"worker_id"`
LeaseLeasedAt time.Time `json:"lease_leased_at"`
LeaseRenewBy time.Time `json:"lease_renew_by"`
SelectedAt time.Time `json:"selected_at"`
LastHealthAt time.Time `json:"last_health_at"`
HealthValidUntil time.Time `json:"health_valid_until"`
LastHealthResponseHash string `json:"last_health_response_hash"`
LastHealthSLOEvidenceHash string `json:"last_health_slo_evidence_hash"`
AuthDecisionHash string `json:"auth_decision_hash"`
IdempotencyKey string `json:"idempotency_key"`
RequestMethod string `json:"request_method"`
RequestPath string `json:"request_path"`
RequestBodyHash string `json:"request_body_hash"`
RequestHeaderNames []string `json:"request_header_names,omitempty"`
HelperImage string `json:"helper_image"`
HelperScheme string `json:"helper_scheme"`
HelperHost string `json:"helper_host"`
HelperPort int `json:"helper_port"`
HelperPortName string `json:"helper_port_name,omitempty"`
HelperTimeoutMS int `json:"helper_timeout_ms"`
HelperContainerNetNSTarget string `json:"helper_container_netns_target"`
HelperOutputHash string `json:"helper_output_hash,omitempty"`
HelperErrorHash string `json:"helper_error_hash,omitempty"`
FailureClass string `json:"failure_class,omitempty"`
FailureMessage string `json:"failure_message,omitempty"`
ResponseStatus int `json:"response_status,omitempty"`
ResponseHeaderNames []string `json:"response_header_names,omitempty"`
ResponseHash string `json:"response_hash,omitempty"`
ResponseBytes int64 `json:"response_bytes,omitempty"`
TerminalStatus ServiceIngressTerminalStatus `json:"terminal_status"`
StartedAt time.Time `json:"started_at"`
FinishedAt time.Time `json:"finished_at"`
}
func (ServiceIngressEvidence) Validate ¶
func (e ServiceIngressEvidence) Validate() error
type ServiceIngressTerminalStatus ¶
type ServiceIngressTerminalStatus string
const ( ServiceIngressTerminalCompleted ServiceIngressTerminalStatus = "completed" ServiceIngressTerminalFailed ServiceIngressTerminalStatus = "failed" )
type ServicePort ¶ added in v0.3.3
type ServicePort struct {
Name string `json:"name,omitempty"`
Port int `json:"port"`
Protocol string `json:"protocol"`
}
func (ServicePort) Validate ¶ added in v0.3.3
func (p ServicePort) Validate() error
type ServiceProvider ¶ added in v0.8.0
type ServiceProvider interface {
Name() string
Descriptor() RuntimeDescriptor
CanServe(task Task, lease Lease) bool
RunService(ctx context.Context, req ServiceRunRequest) (RuntimeServiceResult, error)
}
type ServiceReceipt ¶
type ServiceReceipt struct {
ID string `json:"id"`
OrgID string `json:"org_id"`
TaskID string `json:"task_id"`
ServiceLeaseID string `json:"service_lease_id"`
WorkerID string `json:"worker_id"`
PoolID string `json:"pool_id"`
PolicyID string `json:"policy_id"`
Executor ExecutorRef `json:"executor"`
DeploymentHash string `json:"deployment_hash"`
RequestID string `json:"request_id"`
TraceID string `json:"trace_id"`
RequestHash string `json:"request_hash"`
ResponseHash string `json:"response_hash"`
StartedAt time.Time `json:"started_at"`
FinishedAt time.Time `json:"finished_at"`
ResourceUsage ResourceUsage `json:"resource_usage"`
ResourceLimits ResourceLimits `json:"resource_limits,omitzero"`
SLOEvidence SLOEvidence `json:"slo_evidence"`
StatusEvidence ServiceStatusEvidence `json:"status_evidence,omitzero"`
Verifier VerifierResult `json:"verifier"`
AgentSignature string `json:"agent_signature"`
}
func VerifyServiceReceipt ¶
func VerifyServiceReceipt(receipt ServiceReceipt, opts ReceiptVerificationOptions) (ServiceReceipt, error)
func (ServiceReceipt) Validate ¶
func (r ServiceReceipt) Validate() error
type ServiceRunRequest ¶ added in v0.8.0
type ServiceRunRequest struct {
Task Task `json:"task"`
Lease Lease `json:"lease"`
Workspace string `json:"workspace,omitempty"`
Env map[string]string `json:"env,omitempty"`
Limits ResourceLimits `json:"limits,omitzero"`
Network NetworkBinding `json:"network,omitzero"`
RuntimeScope ContainerRuntimeScope `json:"runtime_scope,omitzero"`
HTTPHelperImage string `json:"http_helper_image,omitempty"`
DataMounts []SandboxMount `json:"data_mounts,omitempty"`
}
type ServiceSession ¶ added in v0.8.0
type ServiceSession interface {
Health(ctx context.Context) (RuntimeServiceResult, error)
Stop(ctx context.Context) (RuntimeServiceResult, error)
}
type ServiceSessionProvider ¶ added in v0.8.0
type ServiceSessionProvider interface {
ServiceProvider
StartServiceSession(ctx context.Context, req ServiceRunRequest) (ServiceSession, error)
}
type ServiceStatusEvidence ¶
type ServiceStatusEvidence struct {
CommandHash string `json:"command_hash,omitempty"`
OutputHash string `json:"output_hash,omitempty"`
Preview string `json:"preview,omitempty"`
Truncated bool `json:"truncated,omitempty"`
}
func (ServiceStatusEvidence) Validate ¶
func (e ServiceStatusEvidence) Validate() error
type ServiceStatusProbe ¶ added in v0.3.3
type ServiceStatusProbe struct {
Command []string `json:"command,omitempty"`
TimeoutSeconds int `json:"timeout_seconds,omitempty"`
MaxPreviewBytes int `json:"max_preview_bytes,omitempty"`
}
func (ServiceStatusProbe) Validate ¶ added in v0.3.3
func (p ServiceStatusProbe) Validate() error
type ServiceWorkload ¶ added in v0.3.3
type ServiceWorkload struct {
ImageRef string `json:"image_ref"`
ComponentRef string `json:"component_ref,omitempty"`
ComponentDigest string `json:"component_digest,omitempty"`
Command []string `json:"command,omitempty"`
Ports []ServicePort `json:"ports"`
HealthCheck HealthCheck `json:"health_check"`
Ingress IngressPolicy `json:"ingress"`
DataDirRef string `json:"data_dir_ref,omitempty"`
DataMountPath string `json:"data_mount_path,omitempty"`
Env []EnvRef `json:"env,omitempty"`
Files []WorkloadFileRef `json:"files,omitempty"`
StatusProbe ServiceStatusProbe `json:"status_probe,omitzero"`
}
func (ServiceWorkload) Validate ¶ added in v0.3.3
func (w ServiceWorkload) Validate() error
type SessionPolicy ¶
type SessionPolicy struct {
WarmSeconds int `json:"warm_seconds,omitempty"`
MinRenewals int `json:"min_renewals,omitempty"`
MaxBatchRequests int `json:"max_batch_requests,omitempty"`
}
func (SessionPolicy) ValidateForOperatingMode ¶
func (p SessionPolicy) ValidateForOperatingMode(mode NetworkOperatingMode) error
type SettlementHold ¶ added in v0.7.0
type SettlementHold struct {
ProtocolVersion string `json:"protocol_version,omitempty"`
ID string `json:"id"`
OrgID string `json:"org_id"`
ProductID string `json:"product_id"`
AccountID string `json:"account_id"`
ContributionEventID string `json:"contribution_event_id"`
Reason string `json:"reason"`
Status SettlementHoldStatus `json:"status"`
HoldUntil time.Time `json:"hold_until,omitempty"`
CreatedAt time.Time `json:"created_at,omitempty"`
ResolvedAt time.Time `json:"resolved_at,omitempty"`
CorrectionEventID string `json:"correction_event_id,omitempty"`
}
func (SettlementHold) Validate ¶ added in v0.7.0
func (h SettlementHold) Validate() error
type SettlementHoldStatus ¶ added in v0.7.0
type SettlementHoldStatus string
const ( SettlementHoldPending SettlementHoldStatus = "pending" SettlementHoldReleased SettlementHoldStatus = "released" SettlementHoldReversed SettlementHoldStatus = "reversed" )
type SettlementPayoutRequest ¶ added in v0.7.0
type SettlementPayoutRequest struct {
ProtocolVersion string `json:"protocol_version,omitempty"`
OrgID string `json:"org_id"`
ProductID string `json:"product_id"`
AccountID string `json:"account_id"`
Provider string `json:"provider"`
IdempotencyKey string `json:"idempotency_key"`
HoldbackUntil time.Time `json:"holdback_until,omitempty"`
ExternalSettlementRoutes map[string]string `json:"external_settlement_routes,omitempty"`
}
func (SettlementPayoutRequest) Validate ¶ added in v0.7.0
func (r SettlementPayoutRequest) Validate() error
type SettlementTarget ¶
type SettlementTarget struct {
Kind SettlementTargetKind `json:"kind,omitempty"`
AccountID string `json:"account_id,omitempty"`
Network string `json:"network,omitempty"`
WalletRef string `json:"wallet_ref,omitempty"`
}
func (SettlementTarget) Validate ¶
func (t SettlementTarget) Validate(settlementAccountID string) error
type SettlementTargetKind ¶
type SettlementTargetKind string
const ( SettlementTargetPointsLedger SettlementTargetKind = "points_ledger" SettlementTargetPayrollAccount SettlementTargetKind = "payroll_account" SettlementTargetBadgeLedger SettlementTargetKind = "badge_ledger" SettlementTargetFiatTokenTreasury SettlementTargetKind = "fiat_token_treasury" SettlementTargetTreasuryWallet SettlementTargetKind = "treasury_wallet" SettlementTargetParticipantWallet SettlementTargetKind = "participant_wallet" SettlementTargetExternalDestination SettlementTargetKind = "external_destination" )
type SignatureEnvelope ¶
type SigningCapability ¶ added in v0.4.0
type StatusError ¶ added in v0.4.0
func (StatusError) Error ¶ added in v0.4.0
func (e StatusError) Error() string
type StorageGuidance ¶
type StorageGuidance struct {
Mode string `json:"mode,omitempty"`
MinDiskBytes int64 `json:"min_disk_bytes,omitempty"`
MinDiskDisplay string `json:"min_disk_display,omitempty"`
RecommendedDiskBytes int64 `json:"recommended_disk_bytes,omitempty"`
RecommendedDiskDisplay string `json:"recommended_disk_display,omitempty"`
GrowthMarginBytes int64 `json:"growth_margin_bytes,omitempty"`
GrowthMarginDisplay string `json:"growth_margin_display,omitempty"`
DurableVolumeRequired bool `json:"durable_volume_required,omitempty"`
PreserveOnUpdate bool `json:"preserve_on_update,omitempty"`
PreserveOnUninstall bool `json:"preserve_on_uninstall,omitempty"`
PruningSupported bool `json:"pruning_supported,omitempty"`
SnapshotVerificationRequired bool `json:"snapshot_verification_required,omitempty"`
}
func (StorageGuidance) Validate ¶
func (g StorageGuidance) Validate() error
type StreamDestination ¶ added in v0.8.0
type StreamDestination struct {
TargetRef string `json:"target_ref"`
Transform *MediaTransformSpec `json:"transform,omitempty"`
Rendition string `json:"rendition,omitempty"`
}
StreamDestination describes a single output target for a live stream.
type StreamHandle ¶ added in v0.8.0
type StreamHandle struct {
URL string `json:"url"`
Protocol string `json:"protocol"`
AuthTokenRef string `json:"auth_token_ref"`
Codecs []string `json:"codecs"`
ExpiresAt string `json:"expires_at"`
}
func (StreamHandle) Validate ¶ added in v0.8.0
func (h StreamHandle) Validate() error
type StreamInputRef ¶ added in v0.8.3
type StreamInputRef struct {
Name string `json:"name"`
Handle StreamHandle `json:"handle"`
ProviderID string `json:"provider_id,omitempty"`
}
func (StreamInputRef) Validate ¶ added in v0.8.3
func (r StreamInputRef) Validate() error
type StreamManifest ¶ added in v0.8.0
type StreamManifest struct {
Seq int `json:"seq"`
StreamID string `json:"stream_id"`
StartedAt time.Time `json:"started_at"`
LivenessNonces []LivenessNonce `json:"liveness_nonces,omitempty"`
Segments []Segment `json:"segments,omitempty"`
SampledFrames []SampledFrame `json:"sampled_frames,omitempty"`
DeliveryReceipts []DeliveryReceipt `json:"delivery_receipts,omitempty"`
// WorkerReportedDeliveredBytes is the advisory byte count as reported by the
// worker. It is worker-supplied and MUST NOT be used for billing; callers
// must use VerifiedDeliveredBytes() instead.
WorkerReportedDeliveredBytes int64 `json:"worker_reported_delivered_bytes,omitempty"`
// AttestedPushedBytesByDestination is a typed map from destination ref to
// pushed byte count, as attested by the worker.
AttestedPushedBytesByDestination map[string]int64 `json:"attested_pushed_bytes_by_destination,omitempty"`
Discontinuities []Discontinuity `json:"discontinuities,omitempty"`
DroppedFrames int64 `json:"dropped_frames,omitempty"`
// Sig is an opaque signature over this manifest; verification of the
// cryptographic signature itself is wired by the host layer.
Sig []byte `json:"sig,omitempty"`
}
StreamManifest is the evidence payload attached to a streaming task receipt. It collects segments, liveness proofs, delivery receipts, and discontinuity markers for a single manifest window (identified by Seq).
Field naming note: WorkerReportedDeliveredBytes carries the advisory byte count as reported by the worker (json: "worker_reported_delivered_bytes"). It is worker-supplied and MUST NOT be used for billing. Use VerifiedDeliveredBytes() for the authoritative cross-checked figure.
func (StreamManifest) VerifiedDeliveredBytes ¶ added in v0.8.0
func (m StreamManifest) VerifiedDeliveredBytes() int64
VerifiedDeliveredBytes returns the authoritative cross-checked byte count: the sum of host-verified segment Bytes for delivery receipts that (a) cover exactly one segment (SeqStart == SeqEnd), (b) whose SHA256 matches that segment's SHA256, and (c) whose segment has ProvenanceHostVerified.
The segment's Bytes field (not the receipt's Bytes claim) is credited, so a worker cannot inflate the total by submitting an oversized Bytes value on a receipt whose SHA256 was copied from the public manifest.
This is the canonical figure for billing and SLA calculations. The advisory WorkerReportedDeliveredBytes field on StreamManifest is worker-supplied and MUST NOT be used for billing.
type StreamReceipt ¶ added in v0.8.0
type StreamReceipt struct {
ID string `json:"id"`
OrgID string `json:"org_id"`
TaskID string `json:"task_id"`
ServiceLeaseID string `json:"service_lease_id,omitempty"`
WorkerID string `json:"worker_id"`
PoolID string `json:"pool_id,omitempty"`
PolicyID string `json:"policy_id,omitempty"`
Manifest StreamManifest `json:"manifest"`
// Sig is an opaque signature over this receipt; real verification is
// handled by the host layer.
Sig []byte `json:"sig,omitempty"`
}
StreamReceipt is a periodic signed wrapper carrying a StreamManifest. Identity fields mirror ServiceReceipt conventions.
func (StreamReceipt) Validate ¶ added in v0.8.0
func (r StreamReceipt) Validate() error
Validate returns an error if the StreamReceipt is not well-formed.
type StreamSpec ¶ added in v0.8.0
type StreamSpec struct {
IngestProtocols []string `json:"ingest_protocols"`
Destinations []StreamDestination `json:"destinations,omitempty"`
ViewerEgress ViewerEgressConfig `json:"viewer_egress,omitempty"`
Recording bool `json:"recording,omitempty"`
Redundancy RedundancyPolicy `json:"redundancy,omitzero"`
}
StreamSpec defines a live video-stream workload.
func (StreamSpec) Validate ¶ added in v0.8.0
func (s StreamSpec) Validate() error
Validate returns an error if the StreamSpec is not well-formed.
type SuspensionScope ¶ added in v0.7.0
type SuspensionScope string
const ( SuspensionProduct SuspensionScope = "product" SuspensionRequestor SuspensionScope = "requestor" SuspensionProvider SuspensionScope = "provider" )
type SuspensionStatus ¶ added in v0.7.0
type SuspensionStatus string
const ( SuspensionActive SuspensionStatus = "active" SuspensionLifted SuspensionStatus = "lifted" )
type Task ¶ added in v0.4.0
type Task struct {
ProtocolVersion string `json:"protocol_version"`
ID string `json:"id"`
ProductID string `json:"product_id,omitempty"`
OrgID string `json:"org_id"`
PoolID string `json:"pool_id"`
PolicyID string `json:"policy_id"`
Status TaskStatus `json:"status,omitempty"`
Workload WorkloadSpec `json:"workload"`
Requirements PlacementRequirements `json:"requirements,omitzero"`
ProofPolicy ProofPolicy `json:"proof_policy,omitzero"`
NetworkPolicy NetworkPolicy `json:"network_policy,omitzero"`
P2PSessionPolicy *P2PSessionPolicy `json:"p2p_session_policy,omitempty"`
AccessPolicy AccessPolicy `json:"access_policy,omitzero"`
ResiduePolicy ResiduePolicy `json:"residue_policy,omitzero"`
ResourceLimits ResourceLimits `json:"resource_limits,omitzero"`
InputHash string `json:"input_hash"`
RequestedAt time.Time `json:"requested_at"`
TimeoutSeconds int `json:"timeout_seconds"`
Labels map[string]string `json:"labels,omitempty"`
Signature SignatureEnvelope `json:"signature"`
}
type TaskResponse ¶ added in v0.4.0
type TaskResponse struct {
Task Task `json:"task"`
}
type TaskStatus ¶ added in v0.4.0
type TaskStatus string
const ( TaskQueued TaskStatus = "queued" TaskLeased TaskStatus = "leased" TaskRunning TaskStatus = "running" TaskSucceeded TaskStatus = "succeeded" TaskFailed TaskStatus = "failed" TaskStalled TaskStatus = "stalled" TaskCanceled TaskStatus = "canceled" )
type UpstreamClientConformance ¶
type UpstreamClientConformance string
const ( UpstreamClientConformanceShapeOnly UpstreamClientConformance = "shape-only" UpstreamClientConformanceRealClient UpstreamClientConformance = "real-client" )
type VerificationStatus ¶
type VerificationStatus string
const ( VerificationUnknown VerificationStatus = "" VerificationPending VerificationStatus = "pending" VerificationAccepted VerificationStatus = "accepted" VerificationRejected VerificationStatus = "rejected" VerificationConflicted VerificationStatus = "conflicted" )
type VerifierResult ¶
type VerifierResult struct {
Provider string `json:"provider"`
Status VerificationStatus `json:"status"`
Message string `json:"message,omitempty"`
Attestation AttestationDecision `json:"attestation,omitzero"`
KeyRelease KeyReleaseDecision `json:"key_release,omitzero"`
}
type ViewerEgressConfig ¶ added in v0.8.0
type ViewerEgressConfig struct {
HLS bool `json:"hls,omitempty"`
WHEP bool `json:"whep,omitempty"`
}
ViewerEgressConfig controls viewer-facing delivery protocols.
type WASMRuntimeContract ¶
type WASMRuntimeContract struct {
ABI string `json:"abi"`
ComponentRef string `json:"component_ref"`
ComponentDigest string `json:"component_digest"`
Features []string `json:"features,omitempty"`
MaxMemoryBytes int64 `json:"max_memory_bytes,omitempty"`
MaxRuntimeSeconds int `json:"max_runtime_seconds,omitempty"`
Filesystem RuntimePermission `json:"filesystem"`
Network RuntimePermission `json:"network"`
NativeHostUpdates RuntimePermission `json:"native_host_updates,omitempty"`
BrowserWorker bool `json:"browser_worker,omitempty"`
}
func (WASMRuntimeContract) Validate ¶
func (w WASMRuntimeContract) Validate(profile RuntimeProfile) error
type WASMWorkload ¶ added in v0.3.2
type WASMWorkload struct {
ComponentRef string `json:"component_ref"`
ComponentDigest string `json:"component_digest"`
ABI string `json:"abi"`
Operation string `json:"operation"`
Input json.RawMessage `json:"input"`
}
func (WASMWorkload) Validate ¶ added in v0.3.2
func (w WASMWorkload) Validate() error
type WorkloadFileRef ¶ added in v0.3.3
type WorkloadFileRef struct {
Path string `json:"path"`
ValueRef string `json:"value_ref,omitempty"`
SecretRef string `json:"secret_ref,omitempty"`
Template string `json:"template,omitempty"`
Refs []EnvRef `json:"refs,omitempty"`
Mode uint32 `json:"mode,omitempty"`
}
func (WorkloadFileRef) Validate ¶ added in v0.3.3
func (r WorkloadFileRef) Validate() error
type WorkloadKind ¶
type WorkloadKind string
const ( WorkloadCommand WorkloadKind = "command" WorkloadContainerBuild WorkloadKind = "container-build" WorkloadDockerComposeBuild WorkloadKind = "docker-compose-build" WorkloadBenchmark WorkloadKind = "benchmark" WorkloadTraining WorkloadKind = "training" WorkloadService WorkloadKind = "service" WorkloadNodeService WorkloadKind = "node-service" WorkloadContentCache WorkloadKind = "content-cache" WorkloadSupervisor WorkloadKind = "supervisor" WorkloadProductCapture WorkloadKind = "product-capture" WorkloadProvider WorkloadKind = "provider" WorkloadWASMComponent WorkloadKind = "wasm-component" WorkloadVideoStream WorkloadKind = "video-stream" WorkloadMediaTransform WorkloadKind = "media-transform" )
type WorkloadSpec ¶ added in v0.3.3
type WorkloadSpec struct {
Kind WorkloadKind `json:"kind"`
Command *CommandWorkload `json:"command,omitempty"`
ContainerBuild *ContainerBuildWorkload `json:"container_build,omitempty"`
Service *ServiceWorkload `json:"service,omitempty"`
NodeService *NodeServiceWorkload `json:"node_service,omitempty"`
VideoStream *StreamSpec `json:"video_stream,omitempty"`
MediaTransform *MediaTransformSpec `json:"media_transform,omitempty"`
ProductCapture *ProductCaptureWorkload `json:"product_capture,omitempty"`
Provider *ProviderWorkload `json:"provider,omitempty"`
WASM *WASMWorkload `json:"wasm,omitempty"`
Params map[string]map[string]string `json:"params,omitempty"`
}
func (WorkloadSpec) Validate ¶ added in v0.3.3
func (w WorkloadSpec) Validate() error