biscuit/schema.proto

syntax = "proto2";

package biscuit.format.schema;

message Biscuit {
  optional uint32 rootKeyId = 1;
  required SignedBlock authority = 2;
  repeated SignedBlock blocks = 3;
  required Proof proof = 4;
}

message SignedBlock {
  required bytes block = 1;
  required PublicKey nextKey = 2;
  required bytes signature = 3;
  optional ExternalSignature externalSignature = 4;
}

message ExternalSignature {
  required bytes signature = 1;
  required PublicKey publicKey = 2;
}

message PublicKey {
  required Algorithm algorithm = 1;

  enum Algorithm {
    Ed25519 = 0;
  }

  required bytes key = 2;
}


message Proof {
  oneof Content {
    bytes nextSecret = 1;
    bytes finalSignature = 2;
  }
}

message Block {
  repeated string symbols = 1;
  optional string context = 2;
  optional uint32 version = 3;
  repeated FactV2 facts_v2 = 4;
  repeated RuleV2 rules_v2 = 5;
  repeated CheckV2 checks_v2 = 6;
  repeated Scope scope = 7;
  repeated PublicKey publicKeys = 8;
}

message Scope {
  enum ScopeType {
    Authority = 0;
    Previous  = 1;
  }

  oneof Content {
    ScopeType scopeType = 1;
    int64 publicKey = 2;
  }
}

message FactV2 {
  required PredicateV2 predicate = 1;
}

message RuleV2 {
  required PredicateV2 head = 1;
  repeated PredicateV2 body = 2;
  repeated ExpressionV2 expressions = 3;
  repeated Scope scope = 4;
}

message CheckV2 {
  repeated RuleV2 queries = 1;
  optional Kind kind = 2;

  enum Kind {
    One = 0;
    All = 1;
  }
}

message PredicateV2 {
  required uint64 name = 1;
  repeated TermV2 terms = 2;
}

message TermV2 {
  oneof Content {
    uint32 variable = 1;
    int64 integer = 2;
    uint64 string = 3;
    uint64 date = 4;
    bytes bytes = 5;
    bool bool = 6;
    TermSet set = 7;
  }
}

message TermSet {
  repeated TermV2 set = 1;
}

message ExpressionV2 {
  repeated Op ops = 1;
}

message Op {
  oneof Content {
    TermV2 value = 1;
    OpUnary unary = 2;
    OpBinary Binary = 3;
  }
}

message OpUnary {
  enum Kind {
    Negate = 0;
    Parens = 1;
    Length = 2;
  }

  required Kind kind = 1;
}

message OpBinary {
  enum Kind {
    LessThan = 0;
    GreaterThan = 1;
    LessOrEqual = 2;
    GreaterOrEqual = 3;
    Equal = 4;
    Contains = 5;
    Prefix = 6;
    Suffix = 7;
    Regex = 8;
    Add = 9;
    Sub = 10;
    Mul = 11;
    Div = 12;
    And = 13;
    Or = 14;
    Intersection = 15;
    Union = 16;
    BitwiseAnd = 17;
    BitwiseOr = 18;
    BitwiseXor = 19;
    NotEqual = 20;
  }

  required Kind kind = 1;
}

message Policy {
  enum Kind {
    Allow = 0;
    Deny = 1;
  }

  repeated RuleV2 queries = 1;
  required Kind kind = 2;
}

message AuthorizerPolicies {
  repeated string symbols = 1;
  optional uint32 version = 2;
  repeated FactV2 facts = 3;
  repeated RuleV2 rules = 4;
  repeated CheckV2 checks = 5;
  repeated Policy policies = 6;
}

message ThirdPartyBlockRequest {
  required PublicKey previousKey = 1;
  repeated PublicKey publicKeys = 2;
}

message ThirdPartyBlockContents {
  required bytes payload = 1;
  required ExternalSignature externalSignature = 2;
}

message AuthorizerSnapshot {
  required RunLimits limits = 1;
  required uint64 executionTime = 2;
  required AuthorizerWorld world = 3;
}

message RunLimits {
  required uint64 maxFacts = 1;
  required uint64 maxIterations = 2;
  required uint64 maxTime = 3;
}

message AuthorizerWorld {
  optional uint32 version = 1;
  repeated string symbols = 2;
  repeated PublicKey publicKeys = 3;
  repeated SnapshotBlock blocks = 4;
  required SnapshotBlock authorizerBlock = 5;
  repeated Policy authorizerPolicies = 6;
  repeated GeneratedFacts generatedFacts = 7;
  required uint64 iterations = 8;
}

message Origin {
  oneof Content {
    Empty authorizer = 1;
    uint32 origin = 2;
  }
}

message Empty {}

message GeneratedFacts {
  repeated Origin origins = 1;
  repeated FactV2 facts = 2;
}

message SnapshotBlock {
  optional string context = 1;
  optional uint32 version = 2;
  repeated FactV2 facts_v2 = 3;
  repeated RuleV2 rules_v2 = 4;
  repeated CheckV2 checks_v2 = 5;
  repeated Scope scope = 6;
  optional PublicKey externalKey = 7;
}