syntax = "proto2";

package biscuit.format.schema;

message Biscuit {
  optional uint32 rootKeyId = 1;
  required SignedBlock authority = 2;
  repeated SignedBlock blocks = 3;
  required Proof proof = 4;
}

message SignedBlock {
  required bytes block = 1;
  required bytes nextKey = 2;
  required bytes signature = 3;
}

message Proof {
  oneof Content {
    bytes nextSecret = 1;
    bytes finalSignature = 2;
  }
}

message Block {
  repeated string symbols = 1;
  optional string context = 2;
  optional uint32 version = 3;
  repeated FactV2 facts_v2 = 4;
  repeated RuleV2 rules_v2 = 5;
  repeated CheckV2 checks_v2 = 6;
}

message FactV2 {
  required PredicateV2 predicate = 1;
}

message RuleV2 {
  required PredicateV2 head = 1;
  repeated PredicateV2 body = 2;
  repeated ExpressionV2 expressions = 3;
}

message CheckV2 {
  repeated RuleV2 queries = 1;
}

message PredicateV2 {
  required uint64 name = 1;
  repeated IDV2 ids = 2;
}

message IDV2 {
  oneof Content {
    uint32 variable = 1;
    int64 integer = 2;
    uint64 string = 3;
    uint64 date = 4;
    bytes bytes = 5;
    bool bool = 6;
    IDSet set = 7;
  }
}

message IDSet {
  repeated IDV2 set = 1;
}

message ConstraintV2 {
  required uint32 id = 1;

  oneof Constraint {
    IntConstraintV2 int = 2;
    StringConstraintV2 string = 3;
    DateConstraintV2 date = 4;
    BytesConstraintV2 bytes = 5;
  }
}

message IntConstraintV2 {
  oneof Constraint {
    int64 less_than = 1;
    int64 greater_than = 2;
    int64 less_or_equal = 3;
    int64 greater_or_equal = 4;
    int64 equal = 5;
    IntSet in_set = 6;
    IntSet not_in_set = 7;
  }
}

message IntSet {
  repeated int64 set = 7 [packed=true];
}

message StringConstraintV2 {
  oneof Constraint {
    string prefix = 1;
    string suffix = 2;
    string equal = 3;
    StringSet in_set = 4;
    StringSet not_in_set = 5;
    string regex = 6;
  }
}

message StringSet {
  repeated uint64 set = 1 [packed=true];
}

message DateConstraintV2 {
  oneof Constraint {
    uint64 before = 1;
    uint64 after = 2;
  }
}

message BytesConstraintV2 {
  oneof Constraint {
    bytes equal = 1;
    BytesSet in_set = 2;
    BytesSet not_in_set = 3;
  }
}

message BytesSet {
  repeated bytes set = 1;
}

message ExpressionV2 {
  repeated Op ops = 1;
}

message Op {
  oneof Content {
    IDV2 value = 1;
    OpUnary unary = 2;
    OpBinary Binary = 3;
  }
}

message OpUnary {
  enum Kind {
    Negate = 0;
    Parens = 1;
    Length = 2;
  }

  required Kind kind = 1;
}

message OpBinary {
  enum Kind {
    LessThan = 0;
    GreaterThan = 1;
    LessOrEqual = 2;
    GreaterOrEqual = 3;
    Equal = 4;
    Contains = 5;
    Prefix = 6;
    Suffix = 7;
    Regex = 8;
    Add = 9;
    Sub = 10;
    Mul = 11;
    Div = 12;
    And = 13;
    Or = 14;
    Intersection = 15;
    Union = 16;
  }

  required Kind kind = 1;
}

message Policy {
  enum Kind {
    Allow = 0;
    Deny = 1;
  }

  repeated RuleV2 queries = 1;
  required Kind kind = 2;
}

message VerifierPolicies {
  repeated string symbols = 1;
  optional uint32 version = 2;
  repeated FactV2 facts = 3;
  repeated RuleV2 rules = 4;
  repeated CheckV2 checks = 5;
  repeated Policy policies = 6;
}