biscuit/schema.proto

syntax = "proto2";

package biscuit.format.schema;

message Biscuit {
  required bytes authority = 1;
  repeated bytes blocks = 2;
  repeated bytes keys = 3;
  required Signature signature = 4;
}

message SealedBiscuit {
  required bytes authority = 1;
  repeated bytes blocks = 2;
  required bytes signature = 3;
}

message Signature {
  repeated bytes parameters = 1;
  required bytes z = 2;
}

message Block {
  required uint32 index = 1;
  repeated string symbols = 2;
  repeated FactV0 facts_v0 = 3;
  repeated RuleV0 rules_v0 = 4;
  repeated CaveatV0 caveats_v0 = 5;
  optional string context = 6;
  optional uint32 version = 7;
  repeated FactV1 facts_v1 = 8;
  repeated RuleV1 rules_v1 = 9;
  repeated CaveatV1 caveats_v1 = 10;
}

message FactV0 {
  required PredicateV0 predicate = 1;
}

message RuleV0 {
  required PredicateV0 head = 1;
  repeated PredicateV0 body = 2;
  repeated ConstraintV0 constraints = 3;
}

message CaveatV0 {
  repeated RuleV0 queries = 1;
}

message PredicateV0 {
  required uint64 name = 1;
  repeated IDV0 ids = 2;
}

message IDV0 {
  enum Kind {
    SYMBOL = 0;
    VARIABLE = 1;
    INTEGER = 2;
    STR = 3;
    DATE = 4;
    BYTES = 5;
  }

  required Kind kind = 1;
  optional uint64 symbol = 2;
  optional uint32 variable = 3;
  optional int64 integer = 4;
  optional string str = 5;
  optional uint64 date = 6;
  optional bytes bytes = 7;
}

message ConstraintV0 {
  required uint32 id = 1;

  enum Kind {
    INT = 0;
    STRING = 1;
    DATE = 2;
    SYMBOL = 3;
    BYTES = 4;
  }

  required Kind kind = 2;

  optional IntConstraintV0 int = 3;
  optional StringConstraintV0 str = 4;
  optional DateConstraintV0 date = 5;
  optional SymbolConstraintV0 symbol = 6;
  optional BytesConstraintV0 bytes = 7;
}

message IntConstraintV0 {
  enum Kind {
    LOWER = 0;
    LARGER = 1;
    LOWER_OR_EQUAL = 2;
    LARGER_OR_EQUAL = 3;
    EQUAL = 4;
    IN = 5;
    NOT_IN = 6;
  }

  required Kind kind = 1;

  optional int64 lower = 2;
  optional int64 larger = 3;
  optional int64 lower_or_equal = 4;
  optional int64 larger_or_equal = 5;
  optional int64 equal = 6;
  repeated int64 in_set = 7 [packed=true];
  repeated int64 not_in_set = 8 [packed=true];
}

message StringConstraintV0 {
  enum Kind {
    PREFIX = 0;
    SUFFIX = 1;
    EQUAL = 2;
    IN = 3;
    NOT_IN = 4;
    REGEX = 5;
  }

  required Kind kind = 1;

  optional string prefix = 2;
  optional string suffix = 3;
  optional string equal = 4;
  repeated string in_set = 5;
  repeated string not_in_set = 6;
  optional string regex = 7;
}

message DateConstraintV0 {
  enum Kind {
    BEFORE = 0;
    AFTER = 1;
  }

  required Kind kind = 1;

  optional uint64 before = 2;
  optional uint64 after = 3;
}

message SymbolConstraintV0 {
  enum Kind {
    IN = 0;
    NOT_IN = 1;
  }

  required Kind kind = 1;

  repeated uint64 in_set = 2;
  repeated uint64 not_in_set = 3;
}

message BytesConstraintV0 {
  enum Kind {
    EQUAL = 0;
    IN = 1;
    NOT_IN = 2;
  }

  required Kind kind = 1;

  optional bytes equal = 2;
  repeated bytes in_set = 3;
  repeated bytes not_in_set = 4;
}

message FactV1 {
  required PredicateV1 predicate = 1;
}

message RuleV1 {
  required PredicateV1 head = 1;
  repeated PredicateV1 body = 2;
  repeated ConstraintV1 constraints = 3;
}

message CaveatV1 {
  repeated RuleV1 queries = 1;
}

message PredicateV1 {
  required uint64 name = 1;
  repeated IDV1 ids = 2;
}

message IDV1 {
  oneof Content {
    uint64 symbol = 1;
    uint32 variable = 2;
    int64 integer = 3;
    string string = 4;
    uint64 date = 5;
    bytes bytes = 6;
    bool bool = 7;
    IDSet set = 8;
  }
}

message IDSet {
  repeated IDV1 set = 1;
}

message ConstraintV1 {
  required uint32 id = 1;

  oneof Constraint {
    IntConstraintV1 int = 2;
    StringConstraintV1 string = 3;
    DateConstraintV1 date = 4;
    SymbolConstraintV1 symbol = 5;
    BytesConstraintV1 bytes = 6;
  }
}

message IntConstraintV1 {
  oneof Constraint {
    int64 less_than = 1;
    int64 greater_than = 2;
    int64 less_or_equal = 3;
    int64 greater_or_equal = 4;
    int64 equal = 5;
    IntSet in_set = 6;
    IntSet not_in_set = 7;
  }
}

message IntSet {
  repeated int64 set = 7 [packed=true];
}

message StringConstraintV1 {
  oneof Constraint {
    string prefix = 1;
    string suffix = 2;
    string equal = 3;
    StringSet in_set = 4;
    StringSet not_in_set = 5;
    string regex = 6;
  }
}

message StringSet {
  repeated string set = 1;
}

message DateConstraintV1 {
  oneof Constraint {
    uint64 before = 1;
    uint64 after = 2;
  }
}

message SymbolConstraintV1 {
  oneof Constraint {
    SymbolSet in_set = 1;
    SymbolSet not_in_set = 2;
  }
}

message SymbolSet {
  repeated uint64 set = 1 [packed=true];
}

message BytesConstraintV1 {
  oneof Constraint {
    bytes equal = 1;
    BytesSet in_set = 2;
    BytesSet not_in_set = 3;
  }
}

message BytesSet {
  repeated bytes set = 1;
}
move to protobuf 2019-04-01 18:41:20 +03:00			`syntax = "proto2";`

			`package biscuit.format.schema;`

			`message Biscuit {`
			`required bytes authority = 1;`
			`repeated bytes blocks = 2;`
			`repeated bytes keys = 3;`
			`required Signature signature = 4;`
			`}`

			`message SealedBiscuit {`
			`required bytes authority = 1;`
			`repeated bytes blocks = 2;`
			`required bytes signature = 3;`
			`}`

			`message Signature {`
update the schema for aggregated gamma signatures the new signatures are smaller 2019-09-04 15:41:22 +03:00			`repeated bytes parameters = 1;`
			`required bytes z = 2;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`

			`message Block {`
			`required uint32 index = 1;`
			`repeated string symbols = 2;`
duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`repeated FactV0 facts_v0 = 3;`
			`repeated RuleV0 rules_v0 = 4;`
			`repeated CaveatV0 caveats_v0 = 5;`
update the schema 2019-11-25 13:04:08 +03:00			`optional string context = 6;`
version field in block format this changes the Protobuf format to add a version field to blocks, set to 0 for now. This change will ship in the 0.9 version of the Rust version. When deserializing a token, we wil check the version field. if not present, we assume the block is at version 0. A token can contain blocks with different versions, so a token generated by an old library can be attenuated by a newer one. If the version is higher than the maximum one for the library, the token will be rejected 2021-01-04 18:16:11 +03:00			`optional uint32 version = 7;`
duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`repeated FactV1 facts_v1 = 8;`
			`repeated RuleV1 rules_v1 = 9;`
			`repeated CaveatV1 caveats_v1 = 10;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`

duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`message FactV0 {`
			`required PredicateV0 predicate = 1;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`

duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`message RuleV0 {`
			`required PredicateV0 head = 1;`
			`repeated PredicateV0 body = 2;`
			`repeated ConstraintV0 constraints = 3;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`

duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`message CaveatV0 {`
			`repeated RuleV0 queries = 1;`
a Caveat can now contain multiple rules This allows us to implement "OR" for caveats: one of the provided rules has to succeed 2020-09-11 17:52:55 +03:00			`}`

duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`message PredicateV0 {`
move to protobuf 2019-04-01 18:41:20 +03:00			`required uint64 name = 1;`
duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`repeated IDV0 ids = 2;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`

duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`message IDV0 {`
			`enum Kind {`
			`SYMBOL = 0;`
			`VARIABLE = 1;`
			`INTEGER = 2;`
			`STR = 3;`
			`DATE = 4;`
			`BYTES = 5;`
			`}`

			`required Kind kind = 1;`
			`optional uint64 symbol = 2;`
			`optional uint32 variable = 3;`
			`optional int64 integer = 4;`
			`optional string str = 5;`
			`optional uint64 date = 6;`
			`optional bytes bytes = 7;`
			`}`

			`message ConstraintV0 {`
			`required uint32 id = 1;`

			`enum Kind {`
			`INT = 0;`
			`STRING = 1;`
			`DATE = 2;`
			`SYMBOL = 3;`
			`BYTES = 4;`
			`}`

			`required Kind kind = 2;`

			`optional IntConstraintV0 int = 3;`
			`optional StringConstraintV0 str = 4;`
			`optional DateConstraintV0 date = 5;`
			`optional SymbolConstraintV0 symbol = 6;`
			`optional BytesConstraintV0 bytes = 7;`
			`}`

			`message IntConstraintV0 {`
			`enum Kind {`
			`LOWER = 0;`
			`LARGER = 1;`
			`LOWER_OR_EQUAL = 2;`
			`LARGER_OR_EQUAL = 3;`
			`EQUAL = 4;`
			`IN = 5;`
			`NOT_IN = 6;`
			`}`

			`required Kind kind = 1;`

			`optional int64 lower = 2;`
			`optional int64 larger = 3;`
			`optional int64 lower_or_equal = 4;`
			`optional int64 larger_or_equal = 5;`
			`optional int64 equal = 6;`
			`repeated int64 in_set = 7 [packed=true];`
			`repeated int64 not_in_set = 8 [packed=true];`
			`}`

			`message StringConstraintV0 {`
			`enum Kind {`
			`PREFIX = 0;`
			`SUFFIX = 1;`
			`EQUAL = 2;`
			`IN = 3;`
			`NOT_IN = 4;`
			`REGEX = 5;`
			`}`

			`required Kind kind = 1;`

			`optional string prefix = 2;`
			`optional string suffix = 3;`
			`optional string equal = 4;`
			`repeated string in_set = 5;`
			`repeated string not_in_set = 6;`
			`optional string regex = 7;`
			`}`

			`message DateConstraintV0 {`
			`enum Kind {`
			`BEFORE = 0;`
			`AFTER = 1;`
			`}`

			`required Kind kind = 1;`

			`optional uint64 before = 2;`
			`optional uint64 after = 3;`
			`}`

			`message SymbolConstraintV0 {`
			`enum Kind {`
			`IN = 0;`
			`NOT_IN = 1;`
			`}`

			`required Kind kind = 1;`

			`repeated uint64 in_set = 2;`
			`repeated uint64 not_in_set = 3;`
			`}`

			`message BytesConstraintV0 {`
			`enum Kind {`
			`EQUAL = 0;`
			`IN = 1;`
			`NOT_IN = 2;`
			`}`

			`required Kind kind = 1;`

			`optional bytes equal = 2;`
			`repeated bytes in_set = 3;`
			`repeated bytes not_in_set = 4;`
			`}`

			`message FactV1 {`
			`required PredicateV1 predicate = 1;`
			`}`

			`message RuleV1 {`
			`required PredicateV1 head = 1;`
			`repeated PredicateV1 body = 2;`
			`repeated ConstraintV1 constraints = 3;`
			`}`

			`message CaveatV1 {`
			`repeated RuleV1 queries = 1;`
			`}`

			`message PredicateV1 {`
			`required uint64 name = 1;`
			`repeated IDV1 ids = 2;`
			`}`
move to protobuf 2019-04-01 18:41:20 +03:00
duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`message IDV1 {`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`oneof Content {`
			`uint64 symbol = 1;`
			`uint32 variable = 2;`
			`int64 integer = 3;`
			`string string = 4;`
			`uint64 date = 5;`
			`bytes bytes = 6;`
add boolean type 2021-01-08 17:30:13 +03:00			`bool bool = 7;`
add the set type 2021-01-08 18:42:36 +03:00			`IDSet set = 8;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`
			`}`

add the set type 2021-01-08 18:42:36 +03:00			`message IDSet {`
			`repeated IDV1 set = 1;`
			`}`

duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`message ConstraintV1 {`
move to protobuf 2019-04-01 18:41:20 +03:00			`required uint32 id = 1;`

use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`oneof Constraint {`
			`IntConstraintV1 int = 2;`
			`StringConstraintV1 string = 3;`
			`DateConstraintV1 date = 4;`
			`SymbolConstraintV1 symbol = 5;`
			`BytesConstraintV1 bytes = 6;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`
			`}`

duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`message IntConstraintV1 {`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`oneof Constraint {`
			`int64 less_than = 1;`
			`int64 greater_than = 2;`
			`int64 less_or_equal = 3;`
			`int64 greater_or_equal = 4;`
			`int64 equal = 5;`
			`IntSet in_set = 6;`
			`IntSet not_in_set = 7;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`}`
move to protobuf 2019-04-01 18:41:20 +03:00
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`message IntSet {`
			`repeated int64 set = 7 [packed=true];`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`

duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`message StringConstraintV1 {`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`oneof Constraint {`
			`string prefix = 1;`
			`string suffix = 2;`
			`string equal = 3;`
			`StringSet in_set = 4;`
			`StringSet not_in_set = 5;`
			`string regex = 6;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`}`
move to protobuf 2019-04-01 18:41:20 +03:00
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`message StringSet {`
			`repeated string set = 1;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`

duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`message DateConstraintV1 {`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`oneof Constraint {`
			`uint64 before = 1;`
			`uint64 after = 2;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`
			`}`

duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`message SymbolConstraintV1 {`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`oneof Constraint {`
			`SymbolSet in_set = 1;`
			`SymbolSet not_in_set = 2;`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`}`
move to protobuf 2019-04-01 18:41:20 +03:00
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`message SymbolSet {`
			`repeated uint64 set = 1 [packed=true];`
move to protobuf 2019-04-01 18:41:20 +03:00			`}`

duplicate messages for v1 currently the messages have the same structure as v0, but they will change significantly 2021-01-05 17:02:44 +03:00			`message BytesConstraintV1 {`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`oneof Constraint {`
			`bytes equal = 1;`
			`BytesSet in_set = 2;`
			`BytesSet not_in_set = 3;`
Add the byte array type this will be useful to transport arbitrary data in the token without encoding it in base 64 2020-09-11 17:45:46 +03:00			`}`
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`}`
Add the byte array type this will be useful to transport arbitrary data in the token without encoding it in base 64 2020-09-11 17:45:46 +03:00
use oneof in the Protobuf schema this simplifies the format, using oneof instead of a 'Kind' enum with optional fields. Additionally, it reduces token size 2021-01-06 13:23:15 +03:00			`message BytesSet {`
			`repeated bytes set = 1;`
Add the byte array type this will be useful to transport arbitrary data in the token without encoding it in base 64 2020-09-11 17:45:46 +03:00			`}`