syntax = "proto2"; package biscuit.format.schema; message Biscuit { optional uint32 rootKeyId = 1; required SignedBlock authority = 2; repeated SignedBlock blocks = 3; required Proof proof = 4; } message SignedBlock { required bytes block = 1; required PublicKey nextKey = 2; required bytes signature = 3; optional ExternalSignature externalSignature = 4; } message ExternalSignature { required bytes signature = 1; required PublicKey publicKey = 2; } message PublicKey { required Algorithm algorithm = 1; enum Algorithm { Ed25519 = 0; } required bytes key = 2; } message Proof { oneof Content { bytes nextSecret = 1; bytes finalSignature = 2; } } message Block { repeated string symbols = 1; optional string context = 2; optional uint32 version = 3; repeated FactV2 facts_v2 = 4; repeated RuleV2 rules_v2 = 5; repeated CheckV2 checks_v2 = 6; repeated Scope scope = 7; repeated PublicKey publicKeys = 8; } message Scope { enum ScopeType { Authority = 0; Previous = 1; } oneof Content { ScopeType scopeType = 1; int64 publicKey = 2; } } message FactV2 { required PredicateV2 predicate = 1; } message RuleV2 { required PredicateV2 head = 1; repeated PredicateV2 body = 2; repeated ExpressionV2 expressions = 3; repeated Scope scope = 4; } message CheckV2 { repeated RuleV2 queries = 1; optional Kind kind = 2; enum Kind { One = 0; All = 1; } } message PredicateV2 { required uint64 name = 1; repeated TermV2 terms = 2; } message TermV2 { oneof Content { uint32 variable = 1; int64 integer = 2; uint64 string = 3; uint64 date = 4; bytes bytes = 5; bool bool = 6; TermSet set = 7; } } message TermSet { repeated TermV2 set = 1; } message ExpressionV2 { repeated Op ops = 1; } message Op { oneof Content { TermV2 value = 1; OpUnary unary = 2; OpBinary Binary = 3; } } message OpUnary { enum Kind { Negate = 0; Parens = 1; Length = 2; } required Kind kind = 1; } message OpBinary { enum Kind { LessThan = 0; GreaterThan = 1; LessOrEqual = 2; GreaterOrEqual = 3; Equal = 4; Contains = 5; Prefix = 6; Suffix = 7; Regex = 8; Add = 9; Sub = 10; Mul = 11; Div = 12; And = 13; Or = 14; Intersection = 15; Union = 16; BitwiseAnd = 17; BitwiseOr = 18; BitwiseXor = 19; NotEqual = 20; } required Kind kind = 1; } message Policy { enum Kind { Allow = 0; Deny = 1; } repeated RuleV2 queries = 1; required Kind kind = 2; } message AuthorizerPolicies { repeated string symbols = 1; optional uint32 version = 2; repeated FactV2 facts = 3; repeated RuleV2 rules = 4; repeated CheckV2 checks = 5; repeated Policy policies = 6; } message ThirdPartyBlockRequest { required PublicKey previousKey = 1; repeated PublicKey publicKeys = 2; } message ThirdPartyBlockContents { required bytes payload = 1; required ExternalSignature externalSignature = 2; } message AuthorizerSnapshot { required RunLimits limits = 1; required uint64 executionTime = 2; required AuthorizerWorld world = 3; } message RunLimits { required uint64 maxFacts = 1; required uint64 maxIterations = 2; required uint64 maxTime = 3; } message AuthorizerWorld { optional uint32 version = 1; repeated string symbols = 2; repeated PublicKey publicKeys = 3; repeated SnapshotBlock blocks = 4; required SnapshotBlock authorizerBlock = 5; repeated Policy authorizerPolicies = 6; repeated GeneratedFacts generatedFacts = 7; required uint64 iterations = 8; } message Origin { oneof Content { Empty authorizer = 1; uint32 origin = 2; } } message Empty {} message GeneratedFacts { repeated Origin origins = 1; repeated FactV2 facts = 2; } message SnapshotBlock { optional string context = 1; optional uint32 version = 2; repeated FactV2 facts_v2 = 3; repeated RuleV2 rules_v2 = 4; repeated CheckV2 checks_v2 = 5; repeated Scope scope = 6; optional PublicKey externalKey = 7; }