biscuit/schema.proto

syntax = "proto2";

package biscuit.format.schema;

message Biscuit {
  optional uint32 rootKeyId = 1;
  required SignedBlock authority = 2;
  repeated SignedBlock blocks = 3;
  required Proof proof = 4;
}

message SignedBlock {
  required bytes block = 1;
  required bytes nextKey = 2;
  required bytes signature = 3;
}

message Proof {
  oneof Content {
    bytes nextSecret = 1;
    bytes finalSignature = 2;
  }
}

message Block {
  repeated string symbols = 1;
  optional string context = 2;
  optional uint32 version = 3;
  repeated FactV2 facts_v2 = 4;
  repeated RuleV2 rules_v2 = 5;
  repeated CheckV2 checks_v2 = 6;
}

message FactV2 {
  required PredicateV2 predicate = 1;
}

message RuleV2 {
  required PredicateV2 head = 1;
  repeated PredicateV2 body = 2;
  repeated ExpressionV2 expressions = 3;
}

message CheckV2 {
  repeated RuleV2 queries = 1;
}

message PredicateV2 {
  required uint64 name = 1;
  repeated IDV2 ids = 2;
}

message IDV2 {
  oneof Content {
    uint32 variable = 1;
    int64 integer = 2;
    uint64 string = 3;
    uint64 date = 4;
    bytes bytes = 5;
    bool bool = 6;
    IDSet set = 7;
  }
}

message IDSet {
  repeated IDV2 set = 1;
}

message ConstraintV2 {
  required uint32 id = 1;

  oneof Constraint {
    IntConstraintV2 int = 2;
    StringConstraintV2 string = 3;
    DateConstraintV2 date = 4;
    BytesConstraintV2 bytes = 5;
  }
}

message IntConstraintV2 {
  oneof Constraint {
    int64 less_than = 1;
    int64 greater_than = 2;
    int64 less_or_equal = 3;
    int64 greater_or_equal = 4;
    int64 equal = 5;
    IntSet in_set = 6;
    IntSet not_in_set = 7;
  }
}

message IntSet {
  repeated int64 set = 7 [packed=true];
}

message StringConstraintV2 {
  oneof Constraint {
    string prefix = 1;
    string suffix = 2;
    string equal = 3;
    StringSet in_set = 4;
    StringSet not_in_set = 5;
    string regex = 6;
  }
}

message StringSet {
  repeated uint64 set = 1 [packed=true];
}

message DateConstraintV2 {
  oneof Constraint {
    uint64 before = 1;
    uint64 after = 2;
  }
}

message BytesConstraintV2 {
  oneof Constraint {
    bytes equal = 1;
    BytesSet in_set = 2;
    BytesSet not_in_set = 3;
  }
}

message BytesSet {
  repeated bytes set = 1;
}

message ExpressionV2 {
  repeated Op ops = 1;
}

message Op {
  oneof Content {
    IDV2 value = 1;
    OpUnary unary = 2;
    OpBinary Binary = 3;
  }
}

message OpUnary {
  enum Kind {
    Negate = 0;
    Parens = 1;
    Length = 2;
  }

  required Kind kind = 1;
}

message OpBinary {
  enum Kind {
    LessThan = 0;
    GreaterThan = 1;
    LessOrEqual = 2;
    GreaterOrEqual = 3;
    Equal = 4;
    Contains = 5;
    Prefix = 6;
    Suffix = 7;
    Regex = 8;
    Add = 9;
    Sub = 10;
    Mul = 11;
    Div = 12;
    And = 13;
    Or = 14;
    Intersection = 15;
    Union = 16;
  }

  required Kind kind = 1;
}

message Policy {
  enum Kind {
    Allow = 0;
    Deny = 1;
  }

  repeated RuleV2 queries = 1;
  required Kind kind = 2;
}

message VerifierPolicies {
  repeated string symbols = 1;
  optional uint32 version = 2;
  repeated FactV2 facts = 3;
  repeated RuleV2 rules = 4;
  repeated CheckV2 checks = 5;
  repeated Policy policies = 6;
}
move to protobuf 2019-04-01 18:41:20 +03:00			`syntax = "proto2";`

			`package biscuit.format.schema;`

			`message Biscuit {`
new cryptographic scheme 2021-09-03 00:04:46 +03:00			`optional uint32 rootKeyId = 1;`
			`required SignedBlock authority = 2;`
			`repeated SignedBlock blocks = 3;`
			`required Proof proof = 4;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`

new cryptographic scheme 2021-09-03 00:04:46 +03:00			`message SignedBlock {`
			`required bytes block = 1;`
			`required bytes nextKey = 2;`
move to protobuf 2019-04-01 18:41:20 +03:00			`required bytes signature = 3;`
			`}`

new cryptographic scheme 2021-09-03 00:04:46 +03:00			`message Proof {`
			`oneof Content {`
			`bytes nextSecret = 1;`
			`bytes finalSignature = 2;`
			`}`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`

			`message Block {`
start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`repeated string symbols = 1;`
			`optional string context = 2;`
			`optional uint32 version = 3;`
			`repeated FactV2 facts_v2 = 4;`
			`repeated RuleV2 rules_v2 = 5;`
			`repeated CheckV2 checks_v2 = 6;`
duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`}`

start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`message FactV2 {`
			`required PredicateV2 predicate = 1;`
duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`}`

start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`message RuleV2 {`
			`required PredicateV2 head = 1;`
			`repeated PredicateV2 body = 2;`
			`repeated ExpressionV2 expressions = 3;`
duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`}`

start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`message CheckV2 {`
			`repeated RuleV2 queries = 1;`
duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`}`

start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`message PredicateV2 {`
duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`required uint64 name = 1;`
start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`repeated IDV2 ids = 2;`
duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`}`
move to protobuf 2019-04-01 18:41:20 +03:00
start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`message IDV2 {`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`oneof Content {`
remove the symbol type symbols were a kind of strings with less available operations and some specific optimizations: they store in index into a symbol table carried by the token, to reduce size by avoiding repetitions. They were too confusing for users, and now that #authority and #ambient are gone, we can remove them completely. The symbol table was useful though, so now the symbol table is used for all predicate names and strings 2021-09-06 22:54:32 +03:00			`uint32 variable = 1;`
			`int64 integer = 2;`
			`uint64 string = 3;`
			`uint64 date = 4;`
			`bytes bytes = 5;`
			`bool bool = 6;`
			`IDSet set = 7;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`
			`}`

add the set type 2021-01-08 18:42:36 +03:00			`message IDSet {`
start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`repeated IDV2 set = 1;`
add the set type 2021-01-08 18:42:36 +03:00			`}`

start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`message ConstraintV2 {`
move to protobuf 2019-04-01 18:41:20 +03:00			`required uint32 id = 1;`

use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`oneof Constraint {`
start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`IntConstraintV2 int = 2;`
			`StringConstraintV2 string = 3;`
			`DateConstraintV2 date = 4;`
remove the symbol type symbols were a kind of strings with less available operations and some specific optimizations: they store in index into a symbol table carried by the token, to reduce size by avoiding repetitions. They were too confusing for users, and now that #authority and #ambient are gone, we can remove them completely. The symbol table was useful though, so now the symbol table is used for all predicate names and strings 2021-09-06 22:54:32 +03:00			`BytesConstraintV2 bytes = 5;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`
			`}`

start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`message IntConstraintV2 {`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`oneof Constraint {`
			`int64 less_than = 1;`
			`int64 greater_than = 2;`
			`int64 less_or_equal = 3;`
			`int64 greater_or_equal = 4;`
			`int64 equal = 5;`
			`IntSet in_set = 6;`
			`IntSet not_in_set = 7;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`}`
move to protobuf 2019-04-01 18:41:20 +03:00
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`message IntSet {`
			`repeated int64 set = 7 [packed=true];`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`

start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`message StringConstraintV2 {`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`oneof Constraint {`
			`string prefix = 1;`
			`string suffix = 2;`
			`string equal = 3;`
			`StringSet in_set = 4;`
			`StringSet not_in_set = 5;`
			`string regex = 6;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`}`
move to protobuf 2019-04-01 18:41:20 +03:00
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`message StringSet {`
remove the symbol type symbols were a kind of strings with less available operations and some specific optimizations: they store in index into a symbol table carried by the token, to reduce size by avoiding repetitions. They were too confusing for users, and now that #authority and #ambient are gone, we can remove them completely. The symbol table was useful though, so now the symbol table is used for all predicate names and strings 2021-09-06 22:54:32 +03:00			`repeated uint64 set = 1 [packed=true];`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`

start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`message DateConstraintV2 {`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`oneof Constraint {`
			`uint64 before = 1;`
			`uint64 after = 2;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`
			`}`

start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`message BytesConstraintV2 {`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`oneof Constraint {`
			`bytes equal = 1;`
			`BytesSet in_set = 2;`
			`BytesSet not_in_set = 3;`
Add the byte array type this will be useful to transport arbitrary data in the token without encoding it in base 64 2020-09-11 17:45:46 +03:00			`}`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`}`
Add the byte array type this will be useful to transport arbitrary data in the token without encoding it in base 64 2020-09-11 17:45:46 +03:00
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`message BytesSet {`
			`repeated bytes set = 1;`
Add the byte array type this will be useful to transport arbitrary data in the token without encoding it in base 64 2020-09-11 17:45:46 +03:00			`}`
replace constraints with expressions Expressions are a superset of constraints, they can support multiple variables, and other operations like additions 2021-01-22 18:00:19 +03:00
start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`message ExpressionV2 {`
replace constraints with expressions Expressions are a superset of constraints, they can support multiple variables, and other operations like additions 2021-01-22 18:00:19 +03:00			`repeated Op ops = 1;`
			`}`

			`message Op {`
			`oneof Content {`
start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`IDV2 value = 1;`
replace constraints with expressions Expressions are a superset of constraints, they can support multiple variables, and other operations like additions 2021-01-22 18:00:19 +03:00			`OpUnary unary = 2;`
			`OpBinary Binary = 3;`
			`}`
			`}`

			`message OpUnary {`
			`enum Kind {`
			`Negate = 0;`
support parenthesis in expressions it needs to be suported in the bytecode, to let us print the expressions properly 2021-01-26 12:52:39 +03:00			`Parens = 1;`
missing schema update 2021-02-26 19:55:27 +03:00			`Length = 2;`
replace constraints with expressions Expressions are a superset of constraints, they can support multiple variables, and other operations like additions 2021-01-22 18:00:19 +03:00			`}`

			`required Kind kind = 1;`
			`}`

			`message OpBinary {`
			`enum Kind {`
			`LessThan = 0;`
			`GreaterThan = 1;`
			`LessOrEqual = 2;`
			`GreaterOrEqual = 3;`
			`Equal = 4;`
method syntax for set and string expressions this commit introduces a method-like syntax for these operations: - .starts_with() - .ends_with() - .matches() - .contains() (replacing the In operation) There is no satisfying name to replace the "not in" operation, so it is replaced by a "contains" and negation, like this: "!set.contains($var)". The NotIn operation is removed from the V1 schema 2021-01-26 16:41:15 +03:00			`Contains = 5;`
			`Prefix = 6;`
			`Suffix = 7;`
			`Regex = 8;`
			`Add = 9;`
			`Sub = 10;`
			`Mul = 11;`
			`Div = 12;`
			`And = 13;`
			`Or = 14;`
missing schema update 2021-02-26 19:55:27 +03:00			`Intersection = 15;`
			`Union = 16;`
replace constraints with expressions Expressions are a superset of constraints, they can support multiple variables, and other operations like additions 2021-01-22 18:00:19 +03:00			`}`

			`required Kind kind = 1;`
			`}`
add a format to transport verifier state there are two use cases for this: - quickly loading verifier policies from a serialized state instead of manually adding datalog elements one by one through the verifier API. The policies could even be written in a different system then published to running instances dynamically - save the state of a verifier, including ambient data, facts, rules and checks coming from a token, to later load it into another verifier and inspect it 2021-03-04 16:21:06 +03:00
			`message Policy {`
			`enum Kind {`
			`Allow = 0;`
			`Deny = 1;`
			`}`

start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`repeated RuleV2 queries = 1;`
add a format to transport verifier state there are two use cases for this: - quickly loading verifier policies from a serialized state instead of manually adding datalog elements one by one through the verifier API. The policies could even be written in a different system then published to running instances dynamically - save the state of a verifier, including ambient data, facts, rules and checks coming from a token, to later load it into another verifier and inspect it 2021-03-04 16:21:06 +03:00			`required Kind kind = 2;`
			`}`

			`message VerifierPolicies {`
			`repeated string symbols = 1;`
			`optional uint32 version = 2;`
start updating the schema for v2 - remove v0 compatibility - convert v1 to v2 - remove the index from blocks (now the cryptographisc design guarantees the order 2021-09-03 22:58:14 +03:00			`repeated FactV2 facts = 3;`
			`repeated RuleV2 rules = 4;`
			`repeated CheckV2 checks = 5;`
add a format to transport verifier state there are two use cases for this: - quickly loading verifier policies from a serialized state instead of manually adding datalog elements one by one through the verifier API. The policies could even be written in a different system then published to running instances dynamically - save the state of a verifier, including ambient data, facts, rules and checks coming from a token, to later load it into another verifier and inspect it 2021-03-04 16:21:06 +03:00			`repeated Policy policies = 6;`
			`}`