Go API Reference¶
Auto-generated Documentation
This API reference is automatically generated from the Go source code in capiscio-core using gomarkdoc.
Regenerate: ./scripts/generate-docs.sh
agentcard¶
Package agentcard defines the data structures for the A2A Agent Card.
Index¶
- type AgentCapabilities
- type AgentCard
- type AgentExtension
- type AgentInterface
- type AgentProvider
- type AgentSkill
- type SecurityScheme
- type Signature
- type TransportProtocol
type AgentCapabilities¶
AgentCapabilities defines the capabilities supported by the agent.
type AgentCapabilities struct {
Streaming bool `json:"streaming,omitempty"`
PushNotifications bool `json:"pushNotifications,omitempty"`
StateTransitionHistory bool `json:"stateTransitionHistory,omitempty"`
}
type AgentCard¶
AgentCard represents the A2A Agent Card structure based on v0.3.0 specification.
type AgentCard struct {
ProtocolVersion string `json:"protocolVersion"`
Name string `json:"name"`
Description string `json:"description"`
URL string `json:"url"`
PreferredTransport TransportProtocol `json:"preferredTransport,omitempty"`
AdditionalInterfaces []AgentInterface `json:"additionalInterfaces,omitempty"`
Provider *AgentProvider `json:"provider,omitempty"`
IconURL string `json:"iconUrl,omitempty"`
Version string `json:"version"`
DocumentationURL string `json:"documentationUrl,omitempty"`
Capabilities AgentCapabilities `json:"capabilities"`
SecuritySchemes map[string]SecurityScheme `json:"securitySchemes,omitempty"`
Security []map[string][]string `json:"security,omitempty"`
DefaultInputModes []string `json:"defaultInputModes"`
DefaultOutputModes []string `json:"defaultOutputModes"`
Skills []AgentSkill `json:"skills"`
SupportsAuthenticatedExtendedCard bool `json:"supportsAuthenticatedExtendedCard,omitempty"`
Signatures []Signature `json:"signatures,omitempty"`
Extensions []AgentExtension `json:"extensions,omitempty"`
}
type AgentExtension¶
AgentExtension defines an extension supported by the agent.
type AgentExtension struct {
Name string `json:"name"`
Version string `json:"version"`
Description string `json:"description,omitempty"`
}
type AgentInterface¶
AgentInterface defines additional interfaces for the agent.
type AgentInterface struct {
URL string `json:"url"`
Transport TransportProtocol `json:"transport"`
}
type AgentProvider¶
AgentProvider contains information about the agent's provider.
type AgentSkill¶
AgentSkill defines a skill provided by the agent.
type AgentSkill struct {
ID string `json:"id"`
Name string `json:"name"`
Description string `json:"description"`
Tags []string `json:"tags"`
Examples []string `json:"examples,omitempty"`
InputModes []string `json:"inputModes,omitempty"`
OutputModes []string `json:"outputModes,omitempty"`
}
type SecurityScheme¶
SecurityScheme defines the security schemes used by the agent.
type SecurityScheme struct {
Type string `json:"type"`
Scheme string `json:"scheme,omitempty"`
BearerFormat string `json:"bearerFormat,omitempty"`
OpenIDConnectURL string `json:"openIdConnectUrl,omitempty"`
Flows interface{} `json:"flows,omitempty"` // Using interface{} as 'any'
}
type Signature¶
Signature represents a JWS signature on the Agent Card.
type TransportProtocol¶
TransportProtocol defines the supported transport protocols for A2A agents.
Supported Transport Protocols.
const (
TransportJSONRPC TransportProtocol = "JSONRPC"
TransportGRPC TransportProtocol = "GRPC"
TransportHTTPJSON TransportProtocol = "HTTP+JSON"
)
badge¶
Package badge provides badge client functionality for requesting badges from a CA.
Package badge provides functionality for issuing and verifying Trust Badges.
Package badge provides badge client functionality for requesting badges from a CA.
Index¶
- Constants
- Variables
- func GetErrorCode\(err error\) string
- func SignBadge\(claims \*Claims, privateKey crypto.PrivateKey\) \(string, error\)
- type ChallengeResponse
- type Claims
- func \(c \*Claims\) AgentID() string
- func \(c \*Claims\) AssuranceLevel() string
- func \(c \*Claims\) Domain() string
- func \(c \*Claims\) ExpiresAt() time.Time
- func \(c \*Claims\) HasProofOfPossession() bool
- func \(c \*Claims\) IsExpired() bool
- func \(c \*Claims\) IsNotYetValid() bool
- func \(c \*Claims\) IssuedAtTime() time.Time
- func \(c \*Claims\) TrustLevel() string
- type Client
- func NewClient\(caURL, apiKey string\) *Client
- func \(c \*Client\) RequestBadge\(ctx context.Context, opts RequestBadgeOptions\) \(\*RequestBadgeResult, error\)
- type ClientError
- func \(e \*ClientError\) Error() string
- func \(e \*ClientError\) IsAuthError() bool
- func \(e \*ClientError\) IsNotFoundError() bool
- type ConfirmationClaim
- type CredentialSubject
- type DVClient
- func NewDVClient\(caURL string\) *DVClient
- func NewDVClientWithHTTPClient\(caURL string, httpClient \*http.Client\) *DVClient
- func \(c \*DVClient\) CreateOrder\(ctx context.Context, domain, challengeType string, jwk \*jose.JSONWebKey\) \(\*DVOrder, error\)
- func \(c \*DVClient\) FinalizeOrder\(ctx context.Context, orderID string\) \(\*DVGrant, error\)
- func \(c \*DVClient\) GetOrder\(ctx context.Context, orderID string\) \(\*DVOrder, error\)
- type DVGrant
- type DVOrder
- type Error
- func AsError\(err error\) \(\*Error, bool\)
- func NewError\(code, message string\) *Error
- func WrapError\(code, message string, cause error\) *Error
- func \(e \*Error\) Error() string
- func \(e \*Error\) Is\(target error\) bool
- func \(e \*Error\) Unwrap() error
- type Keeper
- func NewKeeper\(config KeeperConfig\) \(\*Keeper, error\)
- func \(k \*Keeper\) CheckAndRenew() error
- func \(k \*Keeper\) Renew() error
- func \(k \*Keeper\) Run\(ctx context.Context\) error
- func \(k \*Keeper\) RunWithEvents\(ctx context.Context, events chan\<\- KeeperEvent\) error
- type KeeperConfig
- type KeeperEvent
- type KeeperEventType
- type KeeperMode
- type PoPClient
- func NewPoPClient\(caURL, apiKey string\) *PoPClient
- func NewPoPClientWithHTTPClient\(caURL, apiKey string, httpClient \*http.Client\) *PoPClient
- func \(c \*PoPClient\) RequestPoPBadge\(ctx context.Context, opts RequestPoPBadgeOptions\) \(\*RequestPoPBadgeResult, error\)
- type PoPProofClaims
- type RenewalResult
- type RequestBadgeOptions
- type RequestBadgeResult
- type RequestPoPBadgeOptions
- type RequestPoPBadgeResult
- type RevocationCache
- type VerifiableCredential
- type Verifier
- func NewVerifier\(reg registry.Registry\) *Verifier
- func \(v \*Verifier\) Verify\(ctx context.Context, token string\) \(\*Claims, error\)
- func \(v \*Verifier\) VerifyWithOptions\(ctx context.Context, token string, opts VerifyOptions\) \(\*VerifyResult, error\)
- type VerifyMode
- type VerifyOptions
- type VerifyResult
Constants¶
Error codes as defined in RFC-002 ยง8.4. These are spec-level error codes, not HTTP status codes.
const (
// ErrCodeMalformed indicates the JWS structure is invalid.
ErrCodeMalformed = "BADGE_MALFORMED"
// ErrCodeSignatureInvalid indicates signature verification failed.
ErrCodeSignatureInvalid = "BADGE_SIGNATURE_INVALID"
// ErrCodeExpired indicates current time >= exp.
ErrCodeExpired = "BADGE_EXPIRED"
// ErrCodeNotYetValid indicates current time < iat.
ErrCodeNotYetValid = "BADGE_NOT_YET_VALID"
// ErrCodeIssuerUntrusted indicates iss is not in the trusted issuer list.
ErrCodeIssuerUntrusted = "BADGE_ISSUER_UNTRUSTED"
// ErrCodeAudienceMismatch indicates the verifier is not in the aud claim.
ErrCodeAudienceMismatch = "BADGE_AUDIENCE_MISMATCH"
// ErrCodeRevoked indicates the badge jti is on the revocation list.
ErrCodeRevoked = "BADGE_REVOKED"
// ErrCodeClaimsInvalid indicates required claims are missing or malformed.
ErrCodeClaimsInvalid = "BADGE_CLAIMS_INVALID"
// ErrCodeAgentDisabled indicates the agent sub is disabled.
ErrCodeAgentDisabled = "BADGE_AGENT_DISABLED"
// ErrCodeRevocationCheckFailed indicates revocation check failed.
// RFC-002 v1.3 ยง7.5: Used when sync fails AND cache stale for levels 2+.
ErrCodeRevocationCheckFailed = "REVOCATION_CHECK_FAILED"
)
const (
// REVOCATION_CACHE_MAX_STALENESS is the default maximum age for cached data.
// RFC-002 v1.3 ยง7.5: 300 seconds (5 minutes) - revocation cache older than
// this is considered stale and triggers fail-closed for levels 2+.
REVOCATION_CACHE_MAX_STALENESS = 5 * time.Minute
// DefaultStaleThreshold is an alias for backward compatibility.
// Deprecated: Use REVOCATION_CACHE_MAX_STALENESS instead.
DefaultStaleThreshold = REVOCATION_CACHE_MAX_STALENESS
// StaleFailClosedMinLevel is the minimum trust level that enforces fail-closed
// on stale data. RFC-002 v1.3 ยง7.5: Levels 2+ MUST fail on stale cache.
StaleFailClosedMinLevel = 2
)
DefaultCAURL is the default CapiscIO Registry URL.
DefaultTTL is the default badge TTL per RFC-002.
Variables¶
Predefined sentinel errors for common cases. Use these with errors.Is() for type-safe error checking.
var (
// ErrMalformed is returned when the JWS structure is invalid.
ErrMalformed = NewError(ErrCodeMalformed, "badge structure is invalid")
// ErrSignatureInvalid is returned when signature verification fails.
ErrSignatureInvalid = NewError(ErrCodeSignatureInvalid, "signature verification failed")
// ErrExpired is returned when the badge has expired.
ErrExpired = NewError(ErrCodeExpired, "badge has expired")
// ErrNotYetValid is returned when the badge is not yet valid (iat in future).
ErrNotYetValid = NewError(ErrCodeNotYetValid, "badge is not yet valid")
// ErrIssuerUntrusted is returned when the issuer is not trusted.
ErrIssuerUntrusted = NewError(ErrCodeIssuerUntrusted, "issuer is not trusted")
// ErrAudienceMismatch is returned when verifier is not in audience.
ErrAudienceMismatch = NewError(ErrCodeAudienceMismatch, "verifier not in badge audience")
// ErrRevoked is returned when the badge has been revoked.
ErrRevoked = NewError(ErrCodeRevoked, "badge has been revoked")
// ErrClaimsInvalid is returned when required claims are missing or malformed.
ErrClaimsInvalid = NewError(ErrCodeClaimsInvalid, "required claims missing or malformed")
// ErrAgentDisabled is returned when the agent has been disabled.
ErrAgentDisabled = NewError(ErrCodeAgentDisabled, "agent has been disabled")
// ErrRevocationCheckFailed is returned when revocation check fails with stale cache.
// RFC-002 v1.3 ยง7.5: Used for fail-closed on stale cache for levels 2+.
ErrRevocationCheckFailed = NewError(ErrCodeRevocationCheckFailed, "revocation check failed")
)
func GetErrorCode¶
GetErrorCode extracts the error code from an Error, or returns empty string.
func SignBadge¶
SignBadge creates a signed JWS token from the given claims using the private key. It defaults to EdDSA \(Ed25519\) signing.
type ChallengeResponse¶
ChallengeResponse represents the server's challenge response.
type ChallengeResponse struct {
ChallengeID string `json:"challenge_id"`
Nonce string `json:"nonce"`
ExpiresAt time.Time `json:"expires_at"`
Aud string `json:"aud"`
HTU string `json:"htu"`
HTM string `json:"htm"`
}
type Claims¶
Claims represents the JWT claims payload for a CapiscIO Trust Badge. See RFC-002: Trust Badge Specification.
type Claims struct {
// JTI is the unique Badge ID (UUID v4). Used for revocation and audit.
JTI string `json:"jti"`
// Issuer is the CA that signed the Badge (e.g., "https://registry.capisc.io").
Issuer string `json:"iss"`
// Subject is the agent's DID. MUST be a valid did:web identifier.
// Format: did:web:registry.capisc.io:agents:<agent-id>
Subject string `json:"sub"`
// Audience is the list of trust domains/services where Badge is valid.
// Optional. If present, verifiers MUST check their identity is included.
Audience []string `json:"aud,omitempty"`
// IssuedAt is the timestamp when the badge was issued (Unix timestamp).
IssuedAt int64 `json:"iat"`
// Expiry is the timestamp when the badge expires (Unix timestamp).
Expiry int64 `json:"exp"`
// NotBefore is the timestamp before which the badge MUST NOT be accepted.
// Optional. Per RFC-002 ยง4.3.1.
NotBefore int64 `json:"nbf,omitempty"`
// IAL is the Identity Assurance Level. REQUIRED per RFC-002 ยง4.3.2.
// "0" = Account-attested (IAL-0), "1" = Proof of Possession (IAL-1).
IAL string `json:"ial"`
// Key is the public key of the subject, embedded for offline verification.
// REQUIRED in production. MAY be omitted in non-production environments.
Key *jose.JSONWebKey `json:"key,omitempty"`
// CNF is the confirmation claim per RFC 7800.
// When present, binds the badge to a specific key holder.
// Used for Proof of Possession (PoP) badges (RFC-002 ยง7.2.2, RFC-003).
CNF *ConfirmationClaim `json:"cnf,omitempty"`
// PoPChallengeID is a reference to the PoP challenge used during issuance.
// Optional. Provides audit trail for PoP-issued badges (RFC-002 ยง4.3.3).
PoPChallengeID string `json:"pop_challenge_id,omitempty"`
// AgentCardHash is the SHA-256 hash of the canonical AgentCard at issuance.
// Optional. Enables verifiers to detect AgentCard drift (RFC-002 ยง4.3.3).
AgentCardHash string `json:"agent_card_hash,omitempty"`
// DIDDocHash is the SHA-256 hash of the DID Document at issuance.
// Optional. Enables verifiers to detect key rotation (RFC-002 ยง4.3.3).
DIDDocHash string `json:"did_doc_hash,omitempty"`
// VC contains the Verifiable Credential data.
VC VerifiableCredential `json:"vc"`
}
func \(\*Claims\) AgentID¶
AgentID extracts the agent ID from the Subject DID. For did:web:registry.capisc.io:agents:my-agent-001, returns "my-agent-001". Returns empty string if the DID format is invalid.
func \(\*Claims\) AssuranceLevel¶
AssuranceLevel returns the identity assurance level of the badge. Per RFC-002 ยง7.2.1: - IAL-0: Account-attested bearer badge - IAL-1: Proof of Possession badge The IAL claim is authoritative; cnf is supporting evidence.
func \(\*Claims\) Domain¶
Domain returns the domain from the VC credential subject.
func \(\*Claims\) ExpiresAt¶
ExpiresAt returns the expiry time as a time.Time.
func \(\*Claims\) HasProofOfPossession¶
HasProofOfPossession returns true if this is a PoP-issued badge.
func \(\*Claims\) IsExpired¶
IsExpired returns true if the badge has expired.
func \(\*Claims\) IsNotYetValid¶
IsNotYetValid returns true if the badge's iat is in the future.
func \(\*Claims\) IssuedAtTime¶
IssuedAtTime returns the issued-at time as a time.Time.
func \(\*Claims\) TrustLevel¶
TrustLevel returns the trust level from the VC credential subject. Returns "1", "2", or "3", or empty string if not set.
type Client¶
Client is an HTTP client for requesting badges from a CA.
func NewClient¶
NewClient creates a new badge client.
func \(\*Client\) RequestBadge¶
func (c *Client) RequestBadge(ctx context.Context, opts RequestBadgeOptions) (*RequestBadgeResult, error)
RequestBadge requests a new badge from the CA.
type ClientError¶
ClientError represents an error from the badge client.
func \(\*ClientError\) Error¶
func \(\*ClientError\) IsAuthError¶
IsAuthError returns true if this is an authentication error.
func \(\*ClientError\) IsNotFoundError¶
IsNotFoundError returns true if the agent was not found.
type ConfirmationClaim¶
ConfirmationClaim represents the cnf claim per RFC 7800. Used to bind a badge to a specific key for Proof of Possession.
type ConfirmationClaim struct {
// KID is the key ID referencing the key in the DID Document.
// This is the primary mechanism for PoP badges.
KID string `json:"kid,omitempty"`
// JWK is the full JWK of the confirmation key (alternative to kid).
JWK *jose.JSONWebKey `json:"jwk,omitempty"`
// JKT is the JWK thumbprint (SHA-256) of the confirmation key.
JKT string `json:"jkt,omitempty"`
}
type CredentialSubject¶
CredentialSubject contains the specific claims.
type CredentialSubject struct {
// Domain is the agent's home domain.
// MUST be validated according to the trust level's requirements.
Domain string `json:"domain,omitempty"`
// Level indicates the trust level: "1" (DV), "2" (OV), or "3" (EV).
Level string `json:"level,omitempty"`
}
type DVClient¶
DVClient is an HTTP client for Domain Validated badge orders \(RFC\-002 v1.2\).
func NewDVClient¶
NewDVClient creates a new DV client with a default HTTP client.
func NewDVClientWithHTTPClient¶
NewDVClientWithHTTPClient creates a new DV client with a custom HTTP client.
func \(\*DVClient\) CreateOrder¶
func (c *DVClient) CreateOrder(ctx context.Context, domain, challengeType string, jwk *jose.JSONWebKey) (*DVOrder, error)
CreateOrder creates a new DV badge order.
func \(\*DVClient\) FinalizeOrder¶
FinalizeOrder finalizes a DV badge order and receives a grant.
func \(\*DVClient\) GetOrder¶
GetOrder gets the status of a DV badge order.
type DVGrant¶
DVGrant represents a DV grant JWT.
type DVOrder¶
DVOrder represents a DV badge order.
type DVOrder struct {
ID string
Domain string
ChallengeType string
ChallengeToken string
Status string
ValidationURL string
DNSRecord string
ExpiresAt time.Time
FinalizedAt *time.Time
}
type Error¶
Error represents a badge verification error with an RFC-002 error code.
type Error struct {
// Code is one of the BADGE_* error codes.
Code string
// Message is a human-readable description.
Message string
// Cause is the underlying error, if any.
Cause error
}
func AsError¶
AsError checks if err is an Error and returns it if so.
func NewError¶
NewError creates a new Error with the given code and message.
func WrapError¶
WrapError creates a new Error that wraps an underlying error.
func \(\*Error\) Error¶
Error implements the error interface.
func \(\*Error\) Is¶
Is checks if the error matches a target error code.
func \(\*Error\) Unwrap¶
Unwrap returns the underlying cause for errors.Is/errors.As.
type Keeper¶
Keeper manages the lifecycle of a Trust Badge file.
func NewKeeper¶
NewKeeper creates a new Keeper. Returns an error if an unsupported mode is specified.
func \(\*Keeper\) CheckAndRenew¶
CheckAndRenew checks if the badge needs renewal and renews it if necessary. This is the legacy method for backward compatibility.
func \(\*Keeper\) Renew¶
Renew generates a new badge and writes it to disk. This is the legacy method for backward compatibility.
func \(\*Keeper\) Run¶
Run starts the keeper loop.
func \(\*Keeper\) RunWithEvents¶
RunWithEvents starts the keeper loop and sends events to the provided channel. The channel is closed when the keeper stops.
type KeeperConfig¶
KeeperConfig holds configuration for the Badge Keeper.
type KeeperConfig struct {
// Mode: self-sign, ca (deprecated), or pop (recommended)
Mode KeeperMode
// Common settings
OutputFile string
Expiry time.Duration
RenewBefore time.Duration
CheckInterval time.Duration
Domain string
TrustLevel string
// Self-sign mode settings
PrivateKey crypto.PrivateKey
Claims Claims
// CA mode settings (IAL-0, deprecated)
CAURL string
APIKey string
AgentID string
// PoP mode settings (IAL-1, recommended)
// AgentDID is the DID of the agent (e.g., did:key:z6Mk...)
AgentDID string
// Audience is the optional audience restrictions for the badge
Audience []string
}
type KeeperEvent¶
KeeperEvent represents an event emitted by the badge keeper.
type KeeperEvent struct {
Type KeeperEventType
BadgeJTI string
Subject string
TrustLevel string
ExpiresAt time.Time
Error string
ErrorCode string
Timestamp time.Time
Token string // The badge token (optional, for renewed events)
}
type KeeperEventType¶
KeeperEventType defines the type of event emitted by the keeper.
const (
// KeeperEventStarted indicates the keeper has started.
KeeperEventStarted KeeperEventType = "started"
// KeeperEventRenewed indicates a badge was renewed.
KeeperEventRenewed KeeperEventType = "renewed"
// KeeperEventError indicates an error occurred.
KeeperEventError KeeperEventType = "error"
// KeeperEventStopped indicates the keeper has stopped.
KeeperEventStopped KeeperEventType = "stopped"
)
type KeeperMode¶
KeeperMode defines the mode of operation for the keeper.
const (
// KeeperModeSelfSign generates self-signed badges locally.
KeeperModeSelfSign KeeperMode = "self-sign"
// KeeperModeCA requests badges from a Certificate Authority (IAL-0, deprecated).
// Deprecated: Use KeeperModePoP for production - IAL-0 lacks cryptographic key binding.
KeeperModeCA KeeperMode = "ca"
// KeeperModePoP requests badges using Proof of Possession (RFC-003 IAL-1).
// This is the recommended mode for production as it provides cryptographic key binding.
KeeperModePoP KeeperMode = "pop"
)
type PoPClient¶
PoPClient is an HTTP client for requesting badges using Proof of Possession \(RFC\-003\). This provides IAL-1 badge issuance with cryptographic key binding.
func NewPoPClient¶
NewPoPClient creates a new PoP badge client with a default HTTP client. The default HTTP client uses a 30-second timeout.
func NewPoPClientWithHTTPClient¶
NewPoPClientWithHTTPClient creates a new PoP badge client with a custom HTTP client. If httpClient is nil, a default client with 30-second timeout is used.
func \(\*PoPClient\) RequestPoPBadge¶
func (c *PoPClient) RequestPoPBadge(ctx context.Context, opts RequestPoPBadgeOptions) (*RequestPoPBadgeResult, error)
RequestPoPBadge requests a badge using the PoP protocol \(RFC\-003 IAL\-1\). This provides cryptographic proof that the requester controls the DID's private key.
type PoPProofClaims¶
PoPProofClaims represents the claims in a PoP proof JWS.
type PoPProofClaims struct {
CID string `json:"cid"` // Challenge ID
Nonce string `json:"nonce"` // Server nonce
Sub string `json:"sub"` // Subject (DID)
Aud string `json:"aud"` // Audience (registry)
HTU string `json:"htu"` // HTTP Target URI
HTM string `json:"htm"` // HTTP Method
IAT int64 `json:"iat"` // Issued at
Exp int64 `json:"exp"` // Expiration
JTI string `json:"jti"` // Proof JTI (unique)
}
type RenewalResult¶
RenewalResult contains details about a renewed badge.
type RenewalResult struct {
JTI string
Subject string
TrustLevel string
ExpiresAt time.Time
Token string
}
type RequestBadgeOptions¶
RequestBadgeOptions contains options for badge request.
type RequestBadgeOptions struct {
AgentID string
Domain string
TTL time.Duration
TrustLevel string
Audience []string
}
type RequestBadgeResult¶
RequestBadgeResult contains the result of a badge request.
type RequestBadgeResult struct {
Token string
JTI string
Subject string
TrustLevel string
ExpiresAt time.Time
}
type RequestPoPBadgeOptions¶
RequestPoPBadgeOptions contains options for PoP badge request.
type RequestPoPBadgeOptions struct {
// AgentDID is the DID of the agent (e.g., did:key:z6Mk... or did:web:...)
AgentDID string
// PrivateKey is the agent's private key for signing the PoP proof
PrivateKey crypto.PrivateKey
// TTL is the requested badge TTL (optional, default 5 min)
TTL time.Duration
// Audience is the optional audience restrictions
Audience []string
}
type RequestPoPBadgeResult¶
RequestPoPBadgeResult contains the result of a PoP badge request.
type RequestPoPBadgeResult struct {
Token string
JTI string
Subject string
TrustLevel string
AssuranceLevel string // "IAL-1" for PoP badges
ExpiresAt time.Time
CNF map[string]interface{} // Confirmation claim with key binding
}
type RevocationCache¶
RevocationCache provides access to cached revocation data.
type RevocationCache interface {
// IsRevoked checks if a badge jti is in the revocation cache.
IsRevoked(jti string) bool
// IsStale returns true if the cache is older than the threshold.
IsStale(threshold time.Duration) bool
}
type VerifiableCredential¶
VerifiableCredential represents the simplified VC object.
type VerifiableCredential struct {
// Type is the JSON-LD type(s) of the credential.
// MUST include "VerifiableCredential" and "AgentIdentity".
Type []string `json:"type"`
// CredentialSubject contains the claims about the subject.
CredentialSubject CredentialSubject `json:"credentialSubject"`
}
type Verifier¶
Verifier validates TrustBadges per RFC-002.
func NewVerifier¶
NewVerifier creates a new Badge Verifier.
func \(\*Verifier\) Verify¶
Verify checks the validity of a TrustBadge JWS token using default options. For more control, use VerifyWithOptions.
func \(\*Verifier\) VerifyWithOptions¶
func (v *Verifier) VerifyWithOptions(ctx context.Context, token string, opts VerifyOptions) (*VerifyResult, error)
VerifyWithOptions performs badge verification with the specified options. Implements RFC-002 ยง8.1 verification flow.
For Level 0 self-signed badges \(did:key issuer\):
- Public key is extracted from the did:key identifier
- Revocation check is skipped \(self\-signed badges not in registry\)
- Agent status check is skipped \(no registry\)
- iss must equal sub \(self\-assertion only\)
type VerifyMode¶
VerifyMode determines how verification is performed.
const (
// VerifyModeOnline performs real-time checks against the registry.
// This includes revocation checks and agent status checks.
VerifyModeOnline VerifyMode = iota
// VerifyModeOffline uses only local trust store and revocation cache.
// Does not make network requests.
VerifyModeOffline
// VerifyModeHybrid uses online checks when available, falls back to cache.
VerifyModeHybrid
)
type VerifyOptions¶
VerifyOptions configures badge verification behavior.
type VerifyOptions struct {
// Mode determines online/offline verification behavior.
Mode VerifyMode
// TrustedIssuers is a list of allowed issuer DIDs (did:web or did:key).
// If empty, all issuers are accepted (not recommended for production).
// For Level 0 self-signed badges, the did:key issuer must be in this list
// or AcceptSelfSigned must be true.
TrustedIssuers []string
// AcceptSelfSigned allows Level 0 self-signed badges (did:key issuer).
// WARNING: Production verifiers SHOULD NOT accept self-signed badges
// unless explicitly required for specific use cases.
// Default: false (reject self-signed badges)
AcceptSelfSigned bool
// Audience is the verifier's identity for audience validation.
// If set and badge has aud claim, verifier must be in audience.
Audience string
// SkipRevocationCheck disables revocation checking (for testing only).
SkipRevocationCheck bool
// SkipAgentStatusCheck disables agent status checking (for testing only).
SkipAgentStatusCheck bool
// RevocationCache provides cached revocations for offline mode.
RevocationCache RevocationCache
// StaleThreshold is the maximum age of cached data before it's considered stale.
// RFC-002 v1.3: For IAL-2+ badges, stale cache causes verification to fail.
// Default: 24 hours if not set.
StaleThreshold time.Duration
// FailOpen allows verification to succeed even when staleness checks fail.
// WARNING: This is NOT recommended for production.
// RFC-002 v1.3 requires fail-closed behavior by default.
// Default: false (fail-closed)
FailOpen bool
// Now overrides the current time (for testing).
Now func() time.Time
}
type VerifyResult¶
VerifyResult contains the result of badge verification.
type VerifyResult struct {
// Claims contains the verified badge claims.
Claims *Claims
// Mode indicates which verification mode was used.
Mode VerifyMode
// Warnings contains non-fatal issues encountered.
Warnings []string
}
crypto¶
Package crypto provides cryptographic utilities for CapiscIO.
Index¶
- func CreateCanonicalJSON\(card \*agentcard.AgentCard\) \(\[\]byte, error\)
- type DefaultJWKSFetcher
- func NewDefaultJWKSFetcher() *DefaultJWKSFetcher
- func \(f \*DefaultJWKSFetcher\) Fetch\(ctx context.Context, url string\) \(\*jose.JSONWebKeySet, error\)
- func \(f \*DefaultJWKSFetcher\) FlushCache()
- func \(f \*DefaultJWKSFetcher\) SetTTL\(ttl time.Duration\)
- type JWKSFetcher
- type SignatureResult
- type SignatureVerificationResult
- type VerificationSummary
- type Verifier
- func NewVerifier() *Verifier
- func NewVerifierWithFetcher\(fetcher JWKSFetcher\) *Verifier
- func \(v \*Verifier\) VerifyAgentCardSignatures\(ctx context.Context, card \*agentcard.AgentCard\) \(\*SignatureVerificationResult, error\)
func CreateCanonicalJSON¶
CreateCanonicalJSON creates a canonical JSON representation of the Agent Card for signature verification. It removes the "signatures" field and ensures keys are sorted \(which encoding/json does by default\).
type DefaultJWKSFetcher¶
DefaultJWKSFetcher is the default implementation of JWKSFetcher.
func NewDefaultJWKSFetcher¶
NewDefaultJWKSFetcher creates a new fetcher with a default HTTP client and 1 hour cache TTL.
func \(\*DefaultJWKSFetcher\) Fetch¶
Fetch retrieves the JWKS from the specified URL, using cache if available.
func \(\*DefaultJWKSFetcher\) FlushCache¶
FlushCache clears all cached JWKS entries.
func \(\*DefaultJWKSFetcher\) SetTTL¶
SetTTL configures the cache time-to-live.
type JWKSFetcher¶
JWKSFetcher handles fetching and caching of JSON Web Key Sets.
type SignatureResult¶
SignatureResult holds the details of a single signature verification.
type SignatureResult struct {
Index int
Valid bool
Algorithm string
KeyID string
Issuer string
JWKSUri string
Error string
}
type SignatureVerificationResult¶
SignatureVerificationResult contains the result of verifying all signatures.
type SignatureVerificationResult struct {
Valid bool
Signatures []SignatureResult
Summary VerificationSummary
}
type VerificationSummary¶
VerificationSummary summarizes the results of all signature verifications.
type Verifier¶
Verifier handles Agent Card signature verification.
func NewVerifier¶
NewVerifier creates a new Verifier with the default JWKS fetcher.
func NewVerifierWithFetcher¶
NewVerifierWithFetcher creates a new Verifier with a custom JWKS fetcher.
func \(\*Verifier\) VerifyAgentCardSignatures¶
func (v *Verifier) VerifyAgentCardSignatures(ctx context.Context, card *agentcard.AgentCard) (*SignatureVerificationResult, error)
VerifyAgentCardSignatures verifies all signatures in an Agent Card.
did¶
Package did provides utilities for parsing and working with DID identifiers. Supports did:web \(RFC\-002 ยง6.1\) and did:key \(RFC\-002 ยง6.6\) methods. See RFC-002: Trust Badge Specification v1.1.
Index¶
- Constants
- Variables
- func NewAgentDID\(domain, agentID string\) string
- func NewCapiscIOAgentDID\(agentID string\) string
- func NewKeyDID\(publicKey \[\]byte\) string
- func PublicKeyFromKeyDID\(didStr string\) \(ed25519.PublicKey, error\)
- type DID
- func Parse\(did string\) \(\*DID, error\)
- func \(d \*DID\) DocumentURL() string
- func \(d \*DID\) GetPublicKey() ed25519.PublicKey
- func \(d \*DID\) IsAgentDID() bool
- func \(d \*DID\) IsKeyDID() bool
- func \(d \*DID\) IsWebDID() bool
- func \(d \*DID\) String() string
Constants¶
Multicodec constants for did:key
const (
// Ed25519MulticodecPrefix is the multicodec prefix for Ed25519 public keys (0xed01)
Ed25519MulticodecPrefix = 0xed01
// Ed25519PublicKeySize is the size of an Ed25519 public key in bytes
Ed25519PublicKeySize = 32
)
DefaultDomain is the default domain for CapiscIO-hosted agents.
Variables¶
Common errors returned by this package.
var (
ErrInvalidDID = errors.New("invalid DID format")
ErrUnsupportedMethod = errors.New("unsupported DID method (only did:web and did:key supported)")
ErrMissingAgentID = errors.New("missing agent ID in DID")
ErrInvalidKeyDID = errors.New("invalid did:key format")
ErrUnsupportedKeyType = errors.New("unsupported key type in did:key (only Ed25519 supported)")
)
func NewAgentDID¶
NewAgentDID constructs a did:web identifier for an agent.
Parameters:
- domain: The domain hosting the agent \(e.g., "registry.capisc.io"\)
- agentID: The unique agent identifier \(e.g., "my\-agent\-001"\)
Returns: did:web:\<domain>:agents:\<agentID>
func NewCapiscIOAgentDID¶
NewCapiscIOAgentDID constructs a did:web for an agent on the CapiscIO registry. Shorthand for NewAgentDID\(DefaultDomain, agentID\).
func NewKeyDID¶
NewKeyDID constructs a did:key identifier from an Ed25519 public key. Format: did
z\<base58btc\(0xed01 || public\_key\)>
Parameters:
- publicKey: Ed25519 public key \(32 bytes\)
Returns: didz6Mk... formatted DID string
func PublicKeyFromKeyDID¶
PublicKeyFromKeyDID extracts the Ed25519 public key from a did:key identifier. Returns the 32-byte public key or an error if the DID is invalid.
type DID¶
DID represents a parsed DID identifier. Supports both did:web and did:key methods.
For did:web: did:web:\<domain>:agents:\<agent-id> For did didz\<base58btc\(multicodec || public\_key\)>
type DID struct {
// Method is the DID method ("web" or "key").
Method string
// Domain is the domain hosting the DID Document (did:web only).
Domain string
// Path segments after the domain (did:web only, e.g., ["agents", "my-agent-001"]).
PathSegments []string
// AgentID is the agent identifier (did:web only, extracted from path).
AgentID string
// PublicKey is the Ed25519 public key (did:key only, 32 bytes).
PublicKey []byte
// Raw is the original DID string.
Raw string
}
func Parse¶
Parse parses a DID identifier into its components. Supports both did:web and did:key methods.
Returns ErrInvalidDID if the format is invalid. Returns ErrUnsupportedMethod if the method is not "web" or "key".
Examples:
- did:web:registry.capisc.io:agents:my-agent-001
- didz6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK
func \(\*DID\) DocumentURL¶
DocumentURL returns the HTTPS URL for the DID Document per did:web spec. did:web:registry.capisc.io:agents:my-agent-001
Returns empty string for did:key \(no remote document\). Uses HTTP when the hostname is "localhost" or "127.0.0.1", HTTPS otherwise.
func \(\*DID\) GetPublicKey¶
GetPublicKey returns the Ed25519 public key for did:key identifiers. Returns nil for did:web identifiers.
func \(\*DID\) IsAgentDID¶
IsAgentDID returns true if the DID follows the CapiscIO agent DID pattern. Pattern: did:web:\<domain>:agents:\<id>
func \(\*DID\) IsKeyDID¶
IsKeyDID returns true if this is a did:key identifier.
func \(\*DID\) IsWebDID¶
IsWebDID returns true if this is a did:web identifier.
func \(\*DID\) String¶
String returns the canonical DID string.
gateway¶
Package gateway provides the HTTP middleware for the CapiscIO Security Sidecar.
Index¶
- func ExtractBadge\(r \*http.Request\) string
- func NewAuthMiddleware\(verifier \*badge.Verifier, next http.Handler\) http.Handler
- func NewPolicyMiddleware\(verifier \*badge.Verifier, config PEPConfig, next http.Handler, callbacks ...PolicyEventCallback\) http.Handler
- type PEPConfig
- type PolicyEvent
- type PolicyEventCallback
func ExtractBadge¶
ExtractBadge retrieves the badge from headers.
func NewAuthMiddleware¶
NewAuthMiddleware creates a middleware that enforces Badge validity. Deprecated: Use NewPolicyMiddleware for RFC-005 PDP integration.
func NewPolicyMiddleware¶
func NewPolicyMiddleware(verifier *badge.Verifier, config PEPConfig, next http.Handler, callbacks ...PolicyEventCallback) http.Handler
NewPolicyMiddleware creates a full PEP middleware \(RFC\-005\). When PEPConfig.PDPClient is nil, operates in badge-only mode \(identical to NewAuthMiddleware\).
type PEPConfig¶
PEPConfig configures the Policy Enforcement Point middleware \(RFC\-005\).
type PEPConfig struct {
PDPClient pip.PDPClient // nil = badge-only mode (skip PDP)
EnforcementMode pip.EnforcementMode // default EMObserve
ObligationReg *pip.ObligationRegistry // nil = no obligation handling
DecisionCache pip.DecisionCache // nil = no caching
BreakGlassKey crypto.PublicKey // nil = break-glass disabled
PEPID string // PEP instance identifier
Workspace string // workspace/tenant identifier
Logger *slog.Logger // nil = slog.Default()
}
type PolicyEvent¶
PolicyEvent captures telemetry for a policy enforcement decision.
type PolicyEvent struct {
Decision string
DecisionID string
Override bool
OverrideJTI string
CacheHit bool
PDPLatencyMs int64
Obligations []string
ErrorCode string
}
type PolicyEventCallback¶
PolicyEventCallback is invoked synchronously after each policy enforcement with the event data. Implementations MUST return quickly and avoid long-running or blocking operations.
mcp¶
Package mcp implements MCP security services for tool authority \(RFC\-006\) and server identity verification \(RFC\-007\).
This package provides:
- Tool access evaluation with trust badge verification
- Evidence emission for audit trails
- Server identity verification with did:web origin binding
Usage as library:
import "github.com/capiscio/capiscio-core/pkg/mcp"
service := mcp.NewService(mcp.Dependencies{...})
result, err := service.EvaluateToolAccess(ctx, req)
The package also provides gRPC service handlers that can be registered with a gRPC server:
Package mcp provides evidence storage implementations for RFC-006.
Index¶
- Constants
- Variables
- func CheckVersionCompatibility\(clientVersion string\) \(bool, string\)
- func CreatePoPRequest() \(\*pop.MCPPoPRequest, error\)
- func CreatePoPResponse\(clientNonce string, privateKey ed25519.PrivateKey, keyID string\) \(\*pop.MCPPoPResponse, error\)
- func ParsePoPFromMeta\(meta map\[string\]interface\{\}\) \(\*pop.MCPPoPRequest, \*pop.MCPPoPResponse\)
- type AuthLevel
- func \(a AuthLevel\) String() string
- type CallerCredential
- func NewAPIKeyCredential\(apiKey string\) CallerCredential
- func NewAnonymousCredential() CallerCredential
- func NewBadgeCredential\(badgeJWS string\) CallerCredential
- func \(c CallerCredential\) GetAuthLevel() AuthLevel
- type Decision
- func \(d Decision\) String() string
- type DenyReason
- func ErrorToDenyReason\(err error\) DenyReason
- func \(r DenyReason\) String() string
- type Dependencies
- type EvaluateConfig
- type EvaluateResult
- type EvaluateToolAccessInput
- type EvidenceRateLimiter
- func NewEvidenceRateLimiter\(window time.Duration, maxPerWindow int\) *EvidenceRateLimiter
- func \(r \*EvidenceRateLimiter\) IsRateLimited\(record EvidenceRecord\) bool
- type EvidenceRecord
- type EvidenceStore
- type EvidenceStoreMode
- type Guard
- func NewGuard\(badgeVerifier \*badge.Verifier, evidenceStore EvidenceStore, opts ...GuardOption\) *Guard
- func \(g \*Guard\) EvaluateToolAccess\(ctx context.Context, toolName string, paramsHash string, serverOrigin string, credential CallerCredential, config \*EvaluateConfig\) \(\*EvaluateResult, error\)
- type GuardOption
- func WithEnforcementMode\(mode pip.EnforcementMode\) GuardOption
- func WithGuardLogger\(logger \*slog.Logger\) GuardOption
- func WithObligationRegistry\(reg \*pip.ObligationRegistry\) GuardOption
- func WithPDPClient\(client pip.PDPClient\) GuardOption
- type HealthInput
- type HealthStatus
- func CheckHealth() *HealthStatus
- type HybridEvidenceStore
- func NewHybridEvidenceStore\(localDir string, registryCfg RegistryEvidenceStoreConfig\) \(\*HybridEvidenceStore, error\)
- func \(s \*HybridEvidenceStore\) Close() error
- func \(s \*HybridEvidenceStore\) Store\(ctx context.Context, record EvidenceRecord\) error
- type LocalEvidenceStore
- func NewLocalEvidenceStore\(dir string\) \(\*LocalEvidenceStore, error\)
- func \(s \*LocalEvidenceStore\) Close() error
- func \(s \*LocalEvidenceStore\) Store\(ctx context.Context, record EvidenceRecord\) error
- type NoOpEvidenceStore
- func \(n \*NoOpEvidenceStore\) Store\(ctx context.Context, record EvidenceRecord\) error
- type ParsedIdentity
- func ParseHTTPHeaders\(headers map\[string\]string\) *ParsedIdentity
- func ParseJSONRPCMeta\(meta map\[string\]interface\{\}\) *ParsedIdentity
- type RegistryEvidenceStore
- func NewRegistryEvidenceStore\(cfg RegistryEvidenceStoreConfig\) *RegistryEvidenceStore
- func \(s \*RegistryEvidenceStore\) Close() error
- func \(s \*RegistryEvidenceStore\) Store\(ctx context.Context, record EvidenceRecord\) error
- type RegistryEvidenceStoreConfig
- type ServerErrorCode
- func ErrorToServerErrorCode\(err error\) ServerErrorCode
- func \(c ServerErrorCode\) String() string
- type ServerIdentityVerifier
- func NewServerIdentityVerifier\(badgeVerifier \*badge.Verifier\) *ServerIdentityVerifier
- func NewServerIdentityVerifierWithConfig\(badgeVerifier \*badge.Verifier, cacheConfig \*pop.CacheConfig\) *ServerIdentityVerifier
- func \(v \*ServerIdentityVerifier\) GetCachedSession\(serverDID string\) \(\*pop.CacheEntry, bool\)
- func \(v \*ServerIdentityVerifier\) InvalidateByTrustLevel\(minLevelStr string\)
- func \(v \*ServerIdentityVerifier\) InvalidateSession\(serverDID string\)
- func \(v \*ServerIdentityVerifier\) VerifyPoP\(ctx context.Context, result \*VerifyResult, popRequest \*pop.MCPPoPRequest, popResponse \*pop.MCPPoPResponse, publicKey ed25519.PublicKey, maxAge time.Duration\) \(\*VerifyResult, error\)
- func \(v \*ServerIdentityVerifier\) VerifyServerIdentity\(ctx context.Context, serverDID string, serverBadgeJWS string, transportOrigin string, config \*VerifyConfig\) \(\*VerifyResult, error\)
- func \(v \*ServerIdentityVerifier\) VerifyWithCache\(ctx context.Context, serverDID string, serverBadgeJWS string, transportOrigin string, popRequest \*pop.MCPPoPRequest, popResponse \*pop.MCPPoPResponse, publicKey ed25519.PublicKey, config \*VerifyConfig\) \(\*VerifyResult, error\)
- type ServerState
- func \(s ServerState\) String() string
- type Service
- func NewService\(deps \*Dependencies\) *Service
- func \(s \*Service\) EvaluateToolAccess\(ctx context.Context, input \*EvaluateToolAccessInput\) \(\*EvaluateResult, error\)
- func \(s \*Service\) Health\(ctx context.Context, input \*HealthInput\) *HealthStatus
- func \(s \*Service\) ParseServerIdentityFromHTTP\(headers map\[string\]string\) *ParsedIdentity
- func \(s \*Service\) ParseServerIdentityFromJSONRPC\(meta map\[string\]interface\{\}\) *ParsedIdentity
- func \(s \*Service\) VerifyServerIdentity\(ctx context.Context, input \*VerifyServerIdentityInput\) \(\*VerifyResult, error\)
- type VerifyConfig
- func DefaultVerifyConfig() *VerifyConfig
- type VerifyResult
- func \(r \*VerifyResult\) GetServerID() string
- func \(r \*VerifyResult\) HasIdentity() bool
- func \(r \*VerifyResult\) IsDeclared() bool
- func \(r \*VerifyResult\) IsVerified() bool
- func \(r \*VerifyResult\) TrustLevel() int
- type VerifyServerIdentityInput
Constants¶
const (
// CoreVersion is the capiscio-core version
CoreVersion = "2.5.0"
// ProtoVersion is the MCP proto schema version
ProtoVersion = "1.0"
// MinMCPVersion is the minimum compatible MCP SDK version (capiscio-mcp)
// The MCP SDK has independent versioning starting from 0.1.0
MinMCPVersion = "0.1.0"
// MinVersion is the minimum compatible client SDK version (legacy capiscio-sdk)
MinVersion = "2.5.0"
// MaxVersionConstraint is the constraint for maximum compatible version
MaxVersionConstraint = "< 3.0.0"
)
Variables¶
Error codes for MCP operations
var (
// ErrBadgeMissing indicates a badge was required but not provided
ErrBadgeMissing = errors.New("badge required but not provided")
// ErrBadgeInvalid indicates the badge is malformed or unverifiable
ErrBadgeInvalid = errors.New("badge is invalid or malformed")
// ErrBadgeExpired indicates the badge has expired
ErrBadgeExpired = errors.New("badge has expired")
// ErrBadgeRevoked indicates the badge has been revoked
ErrBadgeRevoked = errors.New("badge has been revoked")
// ErrTrustInsufficient indicates the trust level is below minimum required
ErrTrustInsufficient = errors.New("trust level insufficient")
// ErrToolNotAllowed indicates the tool is not in the allowed list
ErrToolNotAllowed = errors.New("tool not allowed")
// ErrIssuerUntrusted indicates the badge issuer is not trusted
ErrIssuerUntrusted = errors.New("badge issuer not trusted")
// ErrPolicyDenied indicates policy evaluation failed
ErrPolicyDenied = errors.New("policy denied access")
// ErrDIDInvalid indicates the DID is malformed
ErrDIDInvalid = errors.New("DID is invalid")
// ErrDIDMismatch indicates the badge subject doesn't match disclosed DID
ErrDIDMismatch = errors.New("badge subject does not match disclosed DID")
// ErrOriginMismatch indicates the transport origin doesn't match did:web host
ErrOriginMismatch = errors.New("transport origin does not match DID host")
// ErrPathMismatch indicates the endpoint path doesn't match did:web path
ErrPathMismatch = errors.New("endpoint path does not match DID path")
// ErrAPIKeyInvalid indicates the API key is invalid
ErrAPIKeyInvalid = errors.New("API key is invalid")
)
func CheckVersionCompatibility¶
CheckVersionCompatibility validates client/core version compatibility Returns true if the client version is compatible with this core version
func CreatePoPRequest¶
CreatePoPRequest creates a PoP request for embedding in MCP initialize _meta Clients should call this before initialize and include result in request
func CreatePoPResponse¶
func CreatePoPResponse(clientNonce string, privateKey ed25519.PrivateKey, keyID string) (*pop.MCPPoPResponse, error)
CreatePoPResponse creates a PoP response for embedding in MCP initialize response _meta Servers should call this when receiving a PoP request and include result in response
func ParsePoPFromMeta¶
ParsePoPFromMeta extracts PoP request/response from _meta Returns \(request, response\) where request is from client and response is from server
type AuthLevel¶
AuthLevel represents the authentication level of the caller
func \(AuthLevel\) String¶
String returns the string representation of the auth level
type CallerCredential¶
CallerCredential represents the caller's authentication credential
type CallerCredential struct {
// BadgeJWS is the full badge JWT (if badge auth)
BadgeJWS string
// APIKey is the API key (if API key auth)
APIKey string
// IsAnonymous is true if no credential was provided
IsAnonymous bool
}
func NewAPIKeyCredential¶
NewAPIKeyCredential creates a credential from an API key
func NewAnonymousCredential¶
NewAnonymousCredential creates an anonymous credential
func NewBadgeCredential¶
NewBadgeCredential creates a credential from a badge JWS
func \(CallerCredential\) GetAuthLevel¶
GetAuthLevel returns the authentication level for this credential
type Decision¶
Decision represents the access decision \(allow or deny\)
func \(Decision\) String¶
String returns the string representation of the decision
type DenyReason¶
DenyReason represents the reason for access denial \(RFC\-006 ยง6.4\)
const (
DenyReasonUnspecified DenyReason = iota
DenyReasonBadgeMissing
DenyReasonBadgeInvalid
DenyReasonBadgeExpired
DenyReasonBadgeRevoked
DenyReasonTrustInsufficient
DenyReasonToolNotAllowed
DenyReasonIssuerUntrusted
DenyReasonPolicyDenied
)
func ErrorToDenyReason¶
ErrorToDenyReason converts an error to a DenyReason
func \(DenyReason\) String¶
String returns the RFC-006 ยง10 compliant error code string
type Dependencies¶
Dependencies holds the dependencies for the MCP service
type EvaluateConfig¶
EvaluateConfig holds configuration for tool access evaluation
type EvaluateConfig struct {
// TrustedIssuers is a list of trusted badge issuers
TrustedIssuers []string
// MinTrustLevel is the minimum required trust level (0-4)
MinTrustLevel int
// AcceptLevelZero allows self-signed did:key badges (Trust Level 0)
AcceptLevelZero bool
// AllowedTools is a list of allowed tool patterns (glob patterns)
AllowedTools []string
// PolicyVersion is the version of the policy being applied (RFC-006 ยง7.2)
PolicyVersion string
}
type EvaluateResult¶
EvaluateResult holds the result of tool access evaluation
type EvaluateResult struct {
// Decision is the access decision (allow or deny)
Decision Decision
// DenyReason is the reason for denial (only set if Decision == DecisionDeny)
DenyReason DenyReason
// DenyDetail is a human-readable denial detail
DenyDetail string
// AgentDID is the extracted agent DID
AgentDID string
// BadgeJTI is the badge ID (if present)
BadgeJTI string
// AuthLevel is the authentication level
AuthLevel AuthLevel
// TrustLevel is the verified trust level (0-4)
TrustLevel int
// EvidenceJSON is the RFC-006 ยง7 compliant evidence JSON
EvidenceJSON string
// EvidenceID is the unique evidence record ID
EvidenceID string
// Timestamp is when the evaluation occurred
Timestamp time.Time
// PolicyDecisionID is the PDP decision ID (RFC-005, only set when PDP is configured)
PolicyDecisionID string
// PolicyDecision is the PDP decision string: ALLOW, DENY, or ALLOW_OBSERVE (RFC-005)
PolicyDecision string
}
type EvaluateToolAccessInput¶
EvaluateToolAccessInput represents the input for tool access evaluation
type EvaluateToolAccessInput struct {
ToolName string
ParamsHash string
Origin string
Credential CallerCredential
Config *EvaluateConfig
}
type EvidenceRateLimiter¶
EvidenceRateLimiter prevents repetitive log flooding. It deduplicates evidence by fingerprint \(tool \+ agent \+ decision\).
func NewEvidenceRateLimiter¶
NewEvidenceRateLimiter creates a new rate limiter.
func \(\*EvidenceRateLimiter\) IsRateLimited¶
IsRateLimited checks if an evidence record should be rate-limited.
type EvidenceRecord¶
EvidenceRecord represents an RFC-006 ยง7 compliant evidence record. Field names use dot notation per RFC-006 ยง7.2 JSON schema.
type EvidenceRecord struct {
// EventName MUST be "capiscio.tool_invocation" per RFC-006 ยง7.2
EventName string `json:"event.name"`
// AgentDID is the agent DID or equivalent principal
AgentDID string `json:"capiscio.agent.did"`
// BadgeJTI is the badge identifier, if present
BadgeJTI string `json:"capiscio.badge.jti,omitempty"`
// AuthLevel is "badge", "apikey", or "anonymous"
AuthLevel string `json:"capiscio.auth.level"`
// Target is the tool identifier
Target string `json:"capiscio.target"`
// PolicyVersion is the policy version used
PolicyVersion string `json:"capiscio.policy_version"`
// Decision is "ALLOW" or "DENY"
Decision string `json:"capiscio.decision"`
// ParamsHash is the SHA-256 hash of canonicalized tool parameters (optional)
ParamsHash string `json:"capiscio.tool.params_hash,omitempty"`
// DenyReason is the error code when decision is DENY (optional)
DenyReason string `json:"capiscio.deny_reason,omitempty"`
// Non-RFC fields for internal use
ID string `json:"id"`
Timestamp time.Time `json:"timestamp"`
TrustLevel int `json:"trust_level"`
ServerOrigin string `json:"server_origin,omitempty"`
}
type EvidenceStore¶
EvidenceStore is the interface for storing evidence records
type EvidenceStore interface {
// Store saves an evidence record
Store(ctx context.Context, record EvidenceRecord) error
}
type EvidenceStoreMode¶
EvidenceStoreMode determines the storage backend
const (
// EvidenceStoreModeLocal stores evidence to local files
EvidenceStoreModeLocal EvidenceStoreMode = "local"
// EvidenceStoreModeRegistry streams evidence to registry server
EvidenceStoreModeRegistry EvidenceStoreMode = "registry"
// EvidenceStoreModeHybrid stores locally AND streams to registry
EvidenceStoreModeHybrid EvidenceStoreMode = "hybrid"
)
type Guard¶
Guard implements RFC-006 tool access evaluation with atomic evidence emission.
func NewGuard¶
func NewGuard(badgeVerifier *badge.Verifier, evidenceStore EvidenceStore, opts ...GuardOption) *Guard
NewGuard creates a new Guard instance. Use GuardOption functions to configure PDP integration \(RFC\-005\).
func \(\*Guard\) EvaluateToolAccess¶
func (g *Guard) EvaluateToolAccess(ctx context.Context, toolName string, paramsHash string, serverOrigin string, credential CallerCredential, config *EvaluateConfig) (*EvaluateResult, error)
EvaluateToolAccess evaluates tool access and emits evidence atomically. This implements RFC-006 ยง6.2-6.4.
When a PDPClient is configured \(via WithPDPClient\), the PDP is the authoritative decision source โ inline policy \(trust level \+ allowed tools\) is skipped. When no PDPClient is configured, the inline policy is evaluated as before.
Key design principle: Single operation returns both decision and evidence to avoid partial failures.
type GuardOption¶
GuardOption configures optional Guard behavior.
func WithEnforcementMode¶
WithEnforcementMode sets the enforcement mode.
func WithGuardLogger¶
WithGuardLogger sets the logger for the guard. A nil logger is treated as slog.Default().
func WithObligationRegistry¶
WithObligationRegistry sets the obligation registry for PDP obligations.
func WithPDPClient¶
WithPDPClient enables PDP-based policy evaluation \(RFC\-005\). When set, the PDP replaces inline policy evaluation \(trust level \+ allowed tools\).
type HealthInput¶
HealthInput represents the input for health checks
type HealthStatus¶
HealthStatus represents the health status of the MCP service
type HealthStatus struct {
// Healthy indicates if the service is healthy
Healthy bool
// CoreVersion is the capiscio-core version
CoreVersion string
// ProtoVersion is the proto schema version
ProtoVersion string
// Compatible indicates if the client version is compatible
Compatible bool
}
func CheckHealth¶
CheckHealth performs a health check and returns the status
type HybridEvidenceStore¶
HybridEvidenceStore stores evidence both locally and to registry.
func NewHybridEvidenceStore¶
func NewHybridEvidenceStore(localDir string, registryCfg RegistryEvidenceStoreConfig) (*HybridEvidenceStore, error)
NewHybridEvidenceStore creates a store that writes to both local and registry.
func \(\*HybridEvidenceStore\) Close¶
Close closes both stores.
func \(\*HybridEvidenceStore\) Store¶
Store writes to both local and registry stores.
type LocalEvidenceStore¶
LocalEvidenceStore stores evidence records to local JSON files. Each file is named by date \(YYYY\-MM\-DD.jsonl\) in JSONL format.
func NewLocalEvidenceStore¶
NewLocalEvidenceStore creates a new local evidence store. If dir is empty, uses ~/.capiscio/evidence/
func \(\*LocalEvidenceStore\) Close¶
Close closes the local evidence store.
func \(\*LocalEvidenceStore\) Store¶
Store writes an evidence record to the local file.
type NoOpEvidenceStore¶
NoOpEvidenceStore is a no-op evidence store for testing
func \(\*NoOpEvidenceStore\) Store¶
type ParsedIdentity¶
ParsedIdentity holds parsed server identity information \(RFC\-007 ยง6\)
type ParsedIdentity struct {
// ServerDID is the extracted server DID
ServerDID string
// ServerBadgeJWS is the extracted server Trust Badge (JWS)
ServerBadgeJWS string
}
func ParseHTTPHeaders¶
ParseHTTPHeaders extracts server identity from HTTP headers \(RFC\-007 ยง6.1\) Standard headers: - Capiscio-Server-DID: The server's DID - Capiscio-Server-Badge: The server's Trust Badge \(JWS\)
func ParseJSONRPCMeta¶
ParseJSONRPCMeta extracts server identity from JSON-RPC _meta object \(RFC\-007 ยง6.2\) Standard fields: - capiscio_server_did: The server's DID - capiscio_server_badge: The server's Trust Badge \(JWS\) - capiscio_pop_nonce: Client's PoP challenge \(in request\) - capiscio_pop_signature: Server's PoP response \(in response\)
type RegistryEvidenceStore¶
RegistryEvidenceStore streams evidence to the registry server's events endpoint. It implements batching and rate limiting to avoid overwhelming the server.
func NewRegistryEvidenceStore¶
NewRegistryEvidenceStore creates a new registry streaming evidence store.
func \(\*RegistryEvidenceStore\) Close¶
Close stops the registry evidence store.
func \(\*RegistryEvidenceStore\) Store¶
Store adds an evidence record to the buffer for streaming.
type RegistryEvidenceStoreConfig¶
RegistryEvidenceStoreConfig configures the registry evidence store
type RegistryEvidenceStoreConfig struct {
// Endpoint is the registry events endpoint URL
Endpoint string
// APIKey for authentication
APIKey string
// BatchSize is the number of records to batch before flushing (default: 100)
BatchSize int
// FlushInterval is the max time between flushes (default: 5s)
FlushInterval time.Duration
// RateLimitWindow is the deduplication window (default: 60s)
RateLimitWindow time.Duration
// RateLimitMaxPerWindow is max events per fingerprint per window (default: 10)
RateLimitMaxPerWindow int
}
type ServerErrorCode¶
ServerErrorCode represents server verification error codes \(RFC\-007 ยง8\) These codes align with RFC-006 error conventions for consistency.
const (
ServerErrorNone ServerErrorCode = iota
// SERVER_IDENTITY_MISSING - No server identity disclosed (UNVERIFIED_ORIGIN)
ServerErrorCodeDIDMissing
// SERVER_BADGE_MISSING - DID disclosed but no badge (DECLARED_PRINCIPAL)
ServerErrorCodeBadgeMissing
// SERVER_BADGE_INVALID - Badge signature or expiry verification failed
ServerErrorCodeBadgeInvalid
// SERVER_BADGE_REVOKED - Server badge has been revoked
ServerErrorCodeBadgeRevoked
// SERVER_TRUST_INSUFFICIENT - Trust level below required min_trust_level
ServerErrorCodeTrustInsufficient
// SERVER_DID_MISMATCH - Badge subject does not match disclosed DID
ServerErrorCodeDIDMismatch
// SERVER_ISSUER_UNTRUSTED - Badge issuer not in trusted_issuers
ServerErrorCodeIssuerUntrusted
// SERVER_DOMAIN_MISMATCH - did:web host does not match transport origin
ServerErrorCodeOriginMismatch
// SERVER_PATH_MISMATCH - did:web path does not match MCP endpoint path
ServerErrorCodePathMismatch
// SERVER_DID_RESOLUTION_FAILED - Could not resolve DID document
ServerErrorCodeDIDResolutionFailed
// SERVER_POP_FAILED - Proof of Possession verification failed
ServerErrorCodePoPFailed
// SERVER_POP_EXPIRED - PoP challenge expired
ServerErrorCodePoPExpired
// SERVER_KEY_FETCH_FAILED - Could not fetch server public key
ServerErrorCodeKeyFetchFailed
)
func ErrorToServerErrorCode¶
ErrorToServerErrorCode converts an error to a ServerErrorCode
func \(ServerErrorCode\) String¶
String returns the string representation of the server error code These match the RFC-007 ยง8 error code names
type ServerIdentityVerifier¶
ServerIdentityVerifier implements RFC-007 server identity verification. It uses the same badge.Verifier as agent identity verification for consistency.
Per RFC-007 ยง3: A Server Badge is a Trust Badge \(RFC\-002\) issued for a server DID. This means MCP servers use the SAME identity infrastructure as agents: - Same DID patterns \(did:web:domain:servers:id vs did:web:domain:agents:id\) - Same Trust Badge format - Same verification workflow via badge.Verifier
The verification has two phases: 1. Badge verification: Verify the badge is valid and signed by trusted CA 2. PoP verification: Verify the server controls the DID's private key
RFC-007 PoP is embedded in the MCP handshake \(initialize\), NOT via CA endpoints: - Client sends nonce in initialize request _meta - Server returns signature in initialize response _meta - No dependency on /badge/challenge endpoints
func NewServerIdentityVerifier¶
NewServerIdentityVerifier creates a new server identity verifier. The badgeVerifier is the same verifier used for agent badges - this ensures consistent identity verification across both agents and MCP servers.
func NewServerIdentityVerifierWithConfig¶
func NewServerIdentityVerifierWithConfig(badgeVerifier *badge.Verifier, cacheConfig *pop.CacheConfig) *ServerIdentityVerifier
NewServerIdentityVerifierWithConfig creates a verifier with custom cache config
func \(\*ServerIdentityVerifier\) GetCachedSession¶
GetCachedSession retrieves a previously verified session Use this to avoid re-verifying on every request within a session
func \(\*ServerIdentityVerifier\) InvalidateByTrustLevel¶
InvalidateByTrustLevel removes all sessions below a trust level Use when trust requirements increase minLevelStr should be "0", "1", "2", "3", or "4" per RFC-002 ยง5
func \(\*ServerIdentityVerifier\) InvalidateSession¶
InvalidateSession removes a cached session \(e.g., on disconnect\)
func \(\*ServerIdentityVerifier\) VerifyPoP¶
func (v *ServerIdentityVerifier) VerifyPoP(ctx context.Context, result *VerifyResult, popRequest *pop.MCPPoPRequest, popResponse *pop.MCPPoPResponse, publicKey ed25519.PublicKey, maxAge time.Duration) (*VerifyResult, error)
VerifyPoP verifies a server's Proof of Possession response.
This is called AFTER VerifyServerIdentity succeeds \(returns DECLARED\_PRINCIPAL\). The PoP data comes from the MCP initialize handshake: - Client sent nonce in request _meta \(capiscio\_pop\_nonce\) - Server returned signature in response _meta \(capiscio\_pop\_signature\)
Returns updated result with VERIFIED_PRINCIPAL if PoP succeeds.
func \(\*ServerIdentityVerifier\) VerifyServerIdentity¶
func (v *ServerIdentityVerifier) VerifyServerIdentity(ctx context.Context, serverDID string, serverBadgeJWS string, transportOrigin string, config *VerifyConfig) (*VerifyResult, error)
VerifyServerIdentity implements RFC-007 ยง7.2 server identity verification algorithm.
RFC-007 defines Server Badges as Trust Badges where sub = server DID. This method verifies the server badge using the same badge.Verifier as agents.
The algorithm classifies servers into THREE states: - VERIFIED_PRINCIPAL: DID + badge verified + PoP verified \(full trust\) - DECLARED_PRINCIPAL: DID + badge verified, PoP not performed \(partial trust\) - UNVERIFIED_ORIGIN: Missing DID, missing badge, or verification failed
For VERIFIED_PRINCIPAL, also call VerifyPoP with the PoP data from initialize.
func \(\*ServerIdentityVerifier\) VerifyWithCache¶
func (v *ServerIdentityVerifier) VerifyWithCache(ctx context.Context, serverDID string, serverBadgeJWS string, transportOrigin string, popRequest *pop.MCPPoPRequest, popResponse *pop.MCPPoPResponse, publicKey ed25519.PublicKey, config *VerifyConfig) (*VerifyResult, error)
VerifyWithCache checks cache first, then performs full verification if needed. This is the recommended entry point for verifying server identity.
type ServerState¶
ServerState represents the server classification state \(RFC\-007 ยง5.2\) Three distinct states reflect the verification depth: - VERIFIED_PRINCIPAL: Badge + PoP verified \(full trust\) - DECLARED_PRINCIPAL: Badge verified, PoP not performed \(partial trust\) - UNVERIFIED_ORIGIN: No identity disclosed or verification failed
const (
ServerStateUnspecified ServerState = iota
// ServerStateVerifiedPrincipal indicates full verification:
// - Server DID disclosed
// - Server badge verified by trusted CA
// - PoP verified (server proved key ownership)
ServerStateVerifiedPrincipal
// ServerStateDeclaredPrincipal indicates partial verification:
// - Server DID disclosed
// - Server badge verified by trusted CA
// - PoP NOT performed (key ownership not proven)
ServerStateDeclaredPrincipal
// ServerStateUnverifiedOrigin indicates no verification:
// - No DID disclosed, OR
// - No badge provided, OR
// - Badge verification failed
// Note: This is distinct from Trust Level 0 (self-signed did:key)
ServerStateUnverifiedOrigin
)
func \(ServerState\) String¶
String returns the string representation of the server state
type Service¶
Service implements the MCP service logic Note: gRPC integration requires running `make proto` first to generate pkg/rpc/gen/capiscio/v1/mcp.pb.go and mcp_grpc.pb.go
func NewService¶
NewService creates a new MCP service instance
func \(\*Service\) EvaluateToolAccess¶
func (s *Service) EvaluateToolAccess(ctx context.Context, input *EvaluateToolAccessInput) (*EvaluateResult, error)
EvaluateToolAccess evaluates tool access using RFC-006 ยง6.2-6.4
func \(\*Service\) Health¶
Health performs a health check
func \(\*Service\) ParseServerIdentityFromHTTP¶
ParseServerIdentityFromHTTP parses server identity from HTTP headers
func \(\*Service\) ParseServerIdentityFromJSONRPC¶
ParseServerIdentityFromJSONRPC parses server identity from JSON-RPC _meta
func \(\*Service\) VerifyServerIdentity¶
func (s *Service) VerifyServerIdentity(ctx context.Context, input *VerifyServerIdentityInput) (*VerifyResult, error)
VerifyServerIdentity verifies server identity using RFC-007 ยง7.2
type VerifyConfig¶
VerifyConfig holds configuration for server identity verification
type VerifyConfig struct {
// AllowedDIDMethods is a list of allowed DID methods (e.g., "web", "key")
AllowedDIDMethods []string
// RequireOriginBinding enforces origin binding for did:web
RequireOriginBinding bool
// PoPMaxAge is the maximum age of a PoP nonce (default: 30 seconds)
PoPMaxAge time.Duration
}
func DefaultVerifyConfig¶
DefaultVerifyConfig returns the default verification configuration
type VerifyResult¶
VerifyResult holds the result of server identity verification
type VerifyResult struct {
// State is the server classification state (RFC-007 ยง5.2)
// VERIFIED_PRINCIPAL, DECLARED_PRINCIPAL, or UNVERIFIED_ORIGIN
State ServerState
// ServerID is the confirmed server DID
ServerID string
// TrustLevelStr is the verified trust level from the server badge ("0"-"4")
// Per RFC-002 ยง5, trust levels are strings to avoid falsiness bugs
TrustLevelStr string
// BadgeJTI is the badge identifier for correlation
BadgeJTI string
// BadgeExpiresAt is when the server badge expires
BadgeExpiresAt time.Time
// PoPVerified is true if PoP verification succeeded
PoPVerified bool
// PoPRequired is true if PoP should be performed (badge valid, PoP not done)
PoPRequired bool
// ErrorCode is the error code (only set on failure)
ErrorCode ServerErrorCode
// ErrorDetail is a human-readable error detail
ErrorDetail string
}
func \(\*VerifyResult\) GetServerID¶
GetServerID returns the server's DID
func \(\*VerifyResult\) HasIdentity¶
HasIdentity returns true if any identity was verified \(not UNVERIFIED\_ORIGIN\)
func \(\*VerifyResult\) IsDeclared¶
IsDeclared returns true if the server is partially verified \(DECLARED\_PRINCIPAL\)
func \(\*VerifyResult\) IsVerified¶
IsVerified returns true if the server is fully verified \(VERIFIED\_PRINCIPAL\)
func \(\*VerifyResult\) TrustLevel¶
TrustLevel returns the trust level as an int \(for convenience\) Returns 0 if the trust level string is empty or invalid
type VerifyServerIdentityInput¶
VerifyServerIdentityInput represents the input for server identity verification
type VerifyServerIdentityInput struct {
ServerDID string
ServerBadgeJWS string
Origin string
Config *VerifyConfig
}
pip¶
Index¶
- Constants
- func CacheKeyComponents\(did, badgeJTI, operation, resourceID string, extra ...string\) string
- func ValidDecision\(d string\) bool
- type ActionAttributes
- type BreakGlassScope
- type BreakGlassToken
- func ParseBreakGlassJWS\(compact string, publicKey crypto.PublicKey\) \(\*BreakGlassToken, error\)
- type BreakGlassValidator
- func NewBreakGlassValidator\(publicKey crypto.PublicKey\) *BreakGlassValidator
- func \(v \*BreakGlassValidator\) MatchesScope\(token \*BreakGlassToken, method, route string\) bool
- func \(v \*BreakGlassValidator\) PublicKey() crypto.PublicKey
- func \(v \*BreakGlassValidator\) ValidateToken\(token \*BreakGlassToken\) error
- type ContextAttributes
- type DecisionCache
- type DecisionRequest
- type DecisionResponse
- type EnforcementMode
- func EnforcementModeFromEnv() \(EnforcementMode, error\)
- func ParseEnforcementMode\(s string\) \(EnforcementMode, error\)
- func \(em EnforcementMode\) StricterThan\(other EnforcementMode\) bool
- func \(em EnforcementMode\) String() string
- type EnvironmentAttrs
- type HTTPPDPClient
- func NewHTTPPDPClient\(endpoint string, timeout time.Duration, opts ...HTTPPDPClientOption\) *HTTPPDPClient
- func \(c \*HTTPPDPClient\) Evaluate\(ctx context.Context, req \*DecisionRequest\) \(\*DecisionResponse, error\)
- type HTTPPDPClientOption
- func WithHTTPClient\(hc \*http.Client\) HTTPPDPClientOption
- func WithPEPID\(id string\) HTTPPDPClientOption
- type InMemoryCache
- func NewInMemoryCache\(opts ...InMemoryCacheOption\) *InMemoryCache
- func \(c \*InMemoryCache\) Get\(key string\) \(\*DecisionResponse, bool\)
- func \(c \*InMemoryCache\) Put\(key string, resp \*DecisionResponse, maxTTL time.Duration\)
- type InMemoryCacheOption
- func WithCacheDeny\(enabled bool\) InMemoryCacheOption
- type Obligation
- type ObligationError
- type ObligationHandler
- type ObligationRegistry
- func NewObligationRegistry\(logger \*slog.Logger\) *ObligationRegistry
- func \(r \*ObligationRegistry\) Enforce\(ctx context.Context, mode EnforcementMode, obligations \[\]Obligation\) ObligationResult
- func \(r \*ObligationRegistry\) Register\(handler ObligationHandler\)
- type ObligationResult
- type PDPClient
- type ResourceAttributes
- type SubjectAttributes
Constants¶
Policy telemetry field constants \(RFC\-005 ยง10\). These MUST be emitted on every policy enforcement event.
const (
// TelemetryDecisionID is REQUIRED on every policy enforcement event.
TelemetryDecisionID = "capiscio.policy.decision_id"
// TelemetryDecision is REQUIRED on every policy enforcement event.
// Values: "ALLOW", "DENY", or "ALLOW_OBSERVE"
TelemetryDecision = "capiscio.policy.decision"
// TelemetryOverride indicates break-glass was used.
TelemetryOverride = "capiscio.policy.override"
// TelemetryOverrideJTI is the break-glass token JTI.
TelemetryOverrideJTI = "capiscio.policy.override_jti"
// TelemetryErrorCode is REQUIRED when PDP is unavailable.
TelemetryErrorCode = "capiscio.policy.error_code"
// PolicyEventName is the RECOMMENDED event name.
PolicyEventName = "capiscio.policy_enforced"
// ErrorCodePDPUnavailable indicates PDP could not be reached.
ErrorCodePDPUnavailable = "PDP_UNAVAILABLE"
)
DecisionAllow and DecisionDeny are the only valid PDP response values. ALLOW_OBSERVE is a PEP telemetry value \(ยง7.4\), NOT a PDP response.
const (
DecisionAllow = "ALLOW"
DecisionDeny = "DENY"
DecisionObserve = "ALLOW_OBSERVE" // PEP-only: emitted when EM-OBSERVE falls back on PDP unavailability
)
DefaultPDPTimeout is the recommended PDP query timeout.
PIPVersion is the protocol version identifier. PEPs MUST include this in every request. PEPs MUST reject responses from PDPs that do not recognize the version.
TxnIDHeader is the HTTP header for transaction ID propagation \(RFC\-004\).
func CacheKeyComponents¶
CacheKeyComponents builds a deterministic cache key from PIP request fields. Key includes: subject.did + subject.badge_jti + action.operation + resource.identifier + enforcement_mode.
func ValidDecision¶
ValidDecision returns true if d is a valid PDP response decision value.
type ActionAttributes¶
ActionAttributes identify what is being attempted.
type ActionAttributes struct {
CapabilityClass *string `json:"capability_class"` // null in badge-only mode
Operation string `json:"operation"` // tool name, HTTP method+route, etc.
}
type BreakGlassScope¶
BreakGlassScope defines what the override token permits.
type BreakGlassScope struct {
Methods []string `json:"methods"` // supports "*"
Routes []string `json:"routes"` // supports "*" and prefix matching
}
type BreakGlassToken¶
BreakGlassToken represents a break-glass override token \(RFC\-005 ยง9\). Break-glass tokens bypass PDP authorization \(not authentication\).
type BreakGlassToken struct {
JTI string `json:"jti"`
IAT int64 `json:"iat"`
EXP int64 `json:"exp"`
ISS string `json:"iss"` // root admin issuer, NOT an agent DID
SUB string `json:"sub"` // operator identity
Scope BreakGlassScope `json:"scope"`
Reason string `json:"reason"` // human-readable justification
}
func ParseBreakGlassJWS¶
ParseBreakGlassJWS verifies a compact JWS break-glass token and extracts claims. The publicKey MUST be the dedicated break-glass key, not the CA badge-signing key.
type BreakGlassValidator¶
BreakGlassValidator validates break-glass override tokens.
func NewBreakGlassValidator¶
NewBreakGlassValidator creates a new break-glass validator. publicKey MUST be the dedicated break-glass verification key, NOT the CA key used for badge signing.
func \(\*BreakGlassValidator\) MatchesScope¶
MatchesScope checks if the token's scope covers the given method and route. Scope matching rules \(ยง9.2\): - "*" matches everything - Exact match wins - Routes support prefix matching
func \(\*BreakGlassValidator\) PublicKey¶
PublicKey returns the configured break-glass public key for external use.
func \(\*BreakGlassValidator\) ValidateToken¶
ValidateToken validates a break-glass token's claims \(not signature โ see note\).
In production, the token would arrive as a signed JWS. Signature verification requires the go-jose library which is already a dependency in pkg/badge. This method validates the claims after JWS verification has extracted them.
type ContextAttributes¶
ContextAttributes provide correlation and authority context.
type ContextAttributes struct {
TxnID string `json:"txn_id"`
HopID *string `json:"hop_id"` // OPTIONAL
EnvelopeID *string `json:"envelope_id"` // null in badge-only
DelegationDepth *int `json:"delegation_depth"` // null in badge-only
Constraints json.RawMessage `json:"constraints"` // null in badge-only; see ยง3.1.9
ParentConstraints json.RawMessage `json:"parent_constraints"` // null in badge-only; see ยง3.1.9
EnforcementMode string `json:"enforcement_mode"` // PEP-level config
}
type DecisionCache¶
DecisionCache provides temporal-bounded caching for PDP decisions. RFC-005 ยง6.3: PEPs MUST NOT cache a decision beyond the earliest of: - The ttl value from the PDP response - The governing Envelope's expires_at \(N/A in badge\-only mode\) - The Badge's expiration \(exp claim\)
type DecisionCache interface {
// Get retrieves a cached decision. Returns nil, false on miss or expiry.
Get(key string) (*DecisionResponse, bool)
// Put stores a decision with a maximum TTL.
// The cache MUST NOT serve this entry after maxTTL elapses.
Put(key string, resp *DecisionResponse, maxTTL time.Duration)
}
type DecisionRequest¶
DecisionRequest is the canonical PDP query \(RFC\-005 ยง5.1\).
type DecisionRequest struct {
PIPVersion string `json:"pip_version"`
Subject SubjectAttributes `json:"subject"`
Action ActionAttributes `json:"action"`
Resource ResourceAttributes `json:"resource"`
Context ContextAttributes `json:"context"`
Environment EnvironmentAttrs `json:"environment"`
}
type DecisionResponse¶
DecisionResponse is the canonical PDP response \(RFC\-005 ยง6.1\).
type DecisionResponse struct {
Decision string `json:"decision"` // "ALLOW" or "DENY"
DecisionID string `json:"decision_id"` // globally unique
Obligations []Obligation `json:"obligations"` // may be empty
Reason string `json:"reason,omitempty"` // human-readable
TTL *int `json:"ttl,omitempty"` // cache lifetime seconds
}
type EnforcementMode¶
EnforcementMode represents the PEP enforcement strictness level. RFC-008 ยง10.5 defines the strict total order: EM-OBSERVE \< EM-GUARD \< EM-DELEGATE \< EM-STRICT.
NOTE: The iota integer values are an implementation detail, not a stable API. Comparisons MUST use the enum constants \(EMObserve \< EMStrict\), never numeric literals.
const (
EMObserve EnforcementMode = iota // log only, never block
EMGuard // block on verification failure, log PDP denials
EMDelegate // block on verification + PDP deny, best-effort obligations
EMStrict // block on everything including obligation failures
)
func EnforcementModeFromEnv¶
EnforcementModeFromEnv reads the enforcement mode from the environment variable. Returns EMObserve \(the safe default for rollout\) if the variable is not set. Returns an error if the variable is set but not a valid mode.
func ParseEnforcementMode¶
ParseEnforcementMode parses an RFC enforcement mode string. Returns an error if the string is not a recognized mode.
func \(EnforcementMode\) StricterThan¶
StricterThan returns true if em is stricter than other.
func \(EnforcementMode\) String¶
String returns the RFC string representation of the enforcement mode.
type EnvironmentAttrs¶
EnvironmentAttrs provide PEP context.
type EnvironmentAttrs struct {
Workspace *string `json:"workspace,omitempty"` // OPTIONAL
PEPID *string `json:"pep_id,omitempty"` // OPTIONAL
Time *string `json:"time,omitempty"` // RECOMMENDED, ISO 8601
}
type HTTPPDPClient¶
HTTPPDPClient is the reference implementation of PDPClient for any REST-based PDP.
func NewHTTPPDPClient¶
func NewHTTPPDPClient(endpoint string, timeout time.Duration, opts ...HTTPPDPClientOption) *HTTPPDPClient
NewHTTPPDPClient creates an HTTP-based PDP client. endpoint is the PDP evaluation URL. timeout controls the HTTP client timeout \(use DefaultPDPTimeout if unsure\). If timeout is \<= 0, DefaultPDPTimeout is used to prevent indefinite hangs.
func \(\*HTTPPDPClient\) Evaluate¶
func (c *HTTPPDPClient) Evaluate(ctx context.Context, req *DecisionRequest) (*DecisionResponse, error)
Evaluate sends a PIP decision request to the HTTP PDP and returns the response.
type HTTPPDPClientOption¶
HTTPPDPClientOption configures an HTTPPDPClient.
func WithHTTPClient¶
WithHTTPClient sets a custom HTTP client \(e.g., for custom TLS or timeouts\).
func WithPEPID¶
WithPEPID sets the PEP identifier included in requests.
type InMemoryCache¶
InMemoryCache is a simple in-memory DecisionCache. Suitable for single-instance deployments. For multi-instance, use a shared cache.
func NewInMemoryCache¶
NewInMemoryCache creates a new in-memory decision cache.
func \(\*InMemoryCache\) Get¶
Get retrieves a cached decision if it exists and has not expired. Expired entries are evicted on read to prevent unbounded memory growth.
func \(\*InMemoryCache\) Put¶
Put stores a decision with a bounded TTL. Skips DENY decisions unless cacheDeny is enabled. Skips if maxTTL is zero or negative \(badge already expired\).
type InMemoryCacheOption¶
InMemoryCacheOption configures an InMemoryCache.
func WithCacheDeny¶
WithCacheDeny enables caching of DENY decisions. WARNING: Caching DENY can cause persistent blocks after PDP recovery \("deny storm"\).
type Obligation¶
Obligation is a conditional contract per RFC-005 ยง7.1.
type Obligation struct {
Type string `json:"type"`
Params json.RawMessage `json:"params"` // opaque JSON โ PEP passes to handler without interpretation
}
type ObligationError¶
ObligationError captures a single obligation enforcement failure.
type ObligationHandler¶
ObligationHandler processes a specific type of obligation returned by the PDP.
type ObligationHandler interface {
// Handle attempts to enforce an obligation.
// Returns nil if successful, error if enforcement failed.
Handle(ctx context.Context, obligation Obligation) error
// Supports returns true if this handler recognizes the obligation type.
Supports(obligationType string) bool
}
type ObligationRegistry¶
ObligationRegistry maps obligation types to handlers and enforces the RFC-005 ยง7.2 enforcement mode matrix.
func NewObligationRegistry¶
NewObligationRegistry creates a new obligation registry.
func \(\*ObligationRegistry\) Enforce¶
func (r *ObligationRegistry) Enforce(ctx context.Context, mode EnforcementMode, obligations []Obligation) ObligationResult
Enforce processes obligations according to the enforcement mode matrix.
RFC-005 ยง7.2 matrix:
| Mode | Known Obligation | Unknown Obligation |
|-------------|---------------------------|------------------------|
| EM-OBSERVE | Log, do not enforce | Log, skip |
| EM-GUARD | Log, best-effort, no block| Log, skip |
| EM-DELEGATE | MUST attempt, log failure | Log warning, proceed |
| EM-STRICT | MUST enforce, block fail | MUST DENY |
func \(\*ObligationRegistry\) Register¶
Register adds an obligation handler to the registry. Panics if handler is nil to fail fast at setup time rather than at enforcement time.
type ObligationResult¶
ObligationResult summarizes obligation enforcement for a request.
type ObligationResult struct {
// Proceed is true if the request should continue after obligation processing.
Proceed bool
// Errors contains any obligation enforcement errors (for logging).
Errors []ObligationError
}
type PDPClient¶
PDPClient is the engine-agnostic interface for policy decisions. Implementations exist for OPA, Cedar, and any HTTP-based PDP.
type PDPClient interface {
// Evaluate sends a PIP decision request and returns the response.
// Implementations MUST set a reasonable timeout (RECOMMENDED: 500ms).
// On error (network, timeout, malformed response), return error โ do NOT
// return a synthetic ALLOW or DENY. The PEP handles PDP unavailability
// per enforcement mode (ยง7.4).
Evaluate(ctx context.Context, req *DecisionRequest) (*DecisionResponse, error)
}
type ResourceAttributes¶
ResourceAttributes identify the target.
type SubjectAttributes¶
SubjectAttributes identifies the acting agent.
type SubjectAttributes struct {
DID string `json:"did"` // Badge sub (Claims.Subject)
BadgeJTI string `json:"badge_jti"` // Badge jti (Claims.JTI)
IAL string `json:"ial"` // Badge ial (Claims.IAL)
TrustLevel string `json:"trust_level"` // Badge vc.credentialSubject.level (Claims.TrustLevel())
}
pop¶
Package pop provides shared Proof of Possession cryptographic primitives.
These primitives are used by: - RFC-003: Badge issuance PoP \(agent proves key to CA\) - RFC-007: MCP server identity PoP \(server proves key to client\)
The package extracts common operations to avoid duplication: - Nonce generation - JWS proof signing - Proof verification - DID document key extraction
Package pop provides shared Proof of Possession cryptographic primitives. This file implements session caching for verified PoP results.
Session caching avoids re-verifying on every request within a session. Per team guidance, session definitions: - HTTP: per connection or per TTL window \(configurable\) - MCP stdio: per process lifetime or per initialize session
Cache invalidation occurs on: - Badge expiry - TTL expiry \(configurable, default: sync with badge TTL\) - Explicit invalidation \(key rotation, trust level change\)
Index¶
- Constants
- Variables
- func DecodeJWKPublicKey\(jwk \*JWK\) \(ed25519.PublicKey, error\)
- func DecodeMultibaseKey\(multibase string\) \(ed25519.PublicKey, error\)
- func GenerateNonce\(size int\) \(string, error\)
- func SignNonce\(nonce string, privateKey ed25519.PrivateKey, keyID string\) \(string, error\)
- func VerifyMCPPoPResponse\(request \*MCPPoPRequest, response \*MCPPoPResponse, publicKey ed25519.PublicKey, maxAge time.Duration\) error
- func VerifyResponse\(challenge \*Challenge, response \*Response, publicKey ed25519.PublicKey\) error
- func VerifySignature\(signatureJWS string, expectedNonce string, publicKey ed25519.PublicKey\) error
- type CacheConfig
- func DefaultCacheConfig() *CacheConfig
- type CacheEntry
- type Challenge
- func NewChallenge\(subjectDID string, ttl time.Duration\) \(\*Challenge, error\)
- func \(c \*Challenge\) IsExpired() bool
- func \(c \*Challenge\) MarshalJSON() \(\[\]byte, error\)
- func \(c \*Challenge\) UnmarshalJSON\(data \[\]byte\) error
- type JWK
- func EncodeJWKPublicKey\(publicKey ed25519.PublicKey, keyID string\) *JWK
- type MCPPoPRequest
- func NewMCPPoPRequest() \(\*MCPPoPRequest, error\)
- func ParseMCPPoPRequestFromMeta\(meta map\[string\]interface\{\}\) *MCPPoPRequest
- func \(r \*MCPPoPRequest\) ToMeta() map[string]interface{}
- type MCPPoPResponse
- func CreateMCPPoPResponse\(clientNonce string, privateKey ed25519.PrivateKey, keyID string\) \(\*MCPPoPResponse, error\)
- func ParseMCPPoPResponseFromMeta\(meta map\[string\]interface\{\}\) *MCPPoPResponse
- func \(r \*MCPPoPResponse\) ToMeta() map[string]interface{}
- type Response
- func CreateResponse\(challenge \*Challenge, privateKey ed25519.PrivateKey, keyID string\) \(\*Response, error\)
- type SessionCache
- func NewSessionCache\(config \*CacheConfig\) *SessionCache
- func \(c \*SessionCache\) Clear()
- func \(c \*SessionCache\) Delete\(key string\)
- func \(c \*SessionCache\) Get\(key string\) *CacheEntry
- func \(c \*SessionCache\) InvalidateBySession\(sessionID string\)
- func \(c \*SessionCache\) InvalidateByTrustLevel\(minLevelStr string\)
- func \(c \*SessionCache\) Size() int
- func \(c \*SessionCache\) Store\(key string, entry \*CacheEntry\)
Constants¶
DefaultNonceSize is 32 bytes \(256 bits of entropy\)
Variables¶
var (
ErrNonceGeneration = errors.New("failed to generate nonce")
ErrNonceMismatch = errors.New("nonce does not match")
ErrSignatureInvalid = errors.New("signature verification failed")
ErrChallengeExpired = errors.New("challenge has expired")
ErrInvalidPrivateKey = errors.New("invalid private key")
ErrUnsupportedKeyType = errors.New("unsupported key type")
)
func DecodeJWKPublicKey¶
DecodeJWKPublicKey decodes an Ed25519 public key from JWK format
func DecodeMultibaseKey¶
DecodeMultibaseKey decodes a multibase-encoded public key Supports 'z' \(base58btc\) prefix for Ed25519VerificationKey2020
func GenerateNonce¶
GenerateNonce creates a cryptographically secure random nonce Returns base64url-encoded string \(no padding per RFC\-003 ยง6.2\)
func SignNonce¶
SignNonce signs a nonce with an Ed25519 private key Returns JWS compact serialization
This is used by: - RFC-003: Agent signing PoP proof for CA - RFC-007: MCP server signing nonce for client verification
func VerifyMCPPoPResponse¶
func VerifyMCPPoPResponse(request *MCPPoPRequest, response *MCPPoPResponse, publicKey ed25519.PublicKey, maxAge time.Duration) error
VerifyMCPPoPResponse verifies MCP server's PoP response Used by clients to verify server identity within handshake
func VerifyResponse¶
VerifyResponse verifies a PoP response against a challenge
func VerifySignature¶
VerifySignature verifies a JWS signature over a nonce using an Ed25519 public key
This is used by: - RFC-003: CA verifying agent PoP proof - RFC-007: Client verifying MCP server PoP response
type CacheConfig¶
CacheConfig configures session cache behavior
type CacheConfig struct {
// DefaultTTL is the default cache entry lifetime
// Should generally match badge TTL (default: 5 minutes)
DefaultTTL time.Duration
// MaxEntries limits cache size (0 = unlimited)
MaxEntries int
// CleanupInterval is how often to purge expired entries (0 = no background cleanup)
CleanupInterval time.Duration
}
func DefaultCacheConfig¶
DefaultCacheConfig returns sensible defaults
type CacheEntry¶
CacheEntry represents a cached verification result
type CacheEntry struct {
// SubjectDID is the verified DID
SubjectDID string
// TrustLevelStr from verified badge (string per RFC-002 ยง5)
TrustLevelStr string
// BadgeJTI for correlation
BadgeJTI string
// BadgeExpiresAt is when the badge expires
BadgeExpiresAt time.Time
// VerifiedAt is when PoP was verified
VerifiedAt time.Time
// ExpiresAt is when this cache entry expires
ExpiresAt time.Time
// SessionID for MCP session correlation (optional)
SessionID string
}
type Challenge¶
Challenge represents a PoP challenge \(nonce \+ metadata\) Used by both RFC-003 and RFC-007
type Challenge struct {
// Nonce is the random challenge value (base64url encoded, no padding)
Nonce string `json:"nonce"`
// CreatedAt is when the challenge was created
CreatedAt time.Time `json:"created_at"`
// ExpiresAt is when the challenge expires
ExpiresAt time.Time `json:"expires_at"`
// SubjectDID is the DID being challenged to prove key ownership
SubjectDID string `json:"subject_did"`
}
func NewChallenge¶
NewChallenge creates a PoP challenge with the given TTL
func \(\*Challenge\) IsExpired¶
IsExpired checks if the challenge has expired
func \(\*Challenge\) MarshalJSON¶
MarshalJSON implements json.Marshaler
func \(\*Challenge\) UnmarshalJSON¶
UnmarshalJSON implements json.Unmarshaler
type JWK¶
JWK represents a JSON Web Key \(minimal for Ed25519\)
type JWK struct {
Kty string `json:"kty"`
Crv string `json:"crv"`
X string `json:"x"`
Kid string `json:"kid,omitempty"`
}
func EncodeJWKPublicKey¶
EncodeJWKPublicKey encodes an Ed25519 public key to JWK format
type MCPPoPRequest¶
MCPPoPRequest represents PoP data sent by client in initialize request _meta RFC-007: Embedded in MCP handshake, not separate endpoint
type MCPPoPRequest struct {
// ClientNonce is the challenge nonce for server to sign
ClientNonce string `json:"client_nonce"`
// CreatedAt is when the nonce was generated
CreatedAt time.Time `json:"created_at"`
}
func NewMCPPoPRequest¶
NewMCPPoPRequest creates a PoP request for MCP initialize
func ParseMCPPoPRequestFromMeta¶
ParseMCPPoPRequestFromMeta extracts PoP request from MCP _meta
func \(\*MCPPoPRequest\) ToMeta¶
ToMeta serializes PoP request for MCP _meta
type MCPPoPResponse¶
MCPPoPResponse represents PoP data returned by server in initialize response _meta RFC-007: Server proves key ownership within handshake
type MCPPoPResponse struct {
// NonceSignature is JWS over client_nonce, signed with server's DID key
NonceSignature string `json:"nonce_signature"`
// SignedAt is when the signature was created
SignedAt time.Time `json:"signed_at"`
}
func CreateMCPPoPResponse¶
func CreateMCPPoPResponse(clientNonce string, privateKey ed25519.PrivateKey, keyID string) (*MCPPoPResponse, error)
CreateMCPPoPResponse creates a PoP response for MCP initialize Used by MCP servers to prove key ownership
func ParseMCPPoPResponseFromMeta¶
ParseMCPPoPResponseFromMeta extracts PoP response from MCP _meta
func \(\*MCPPoPResponse\) ToMeta¶
ToMeta serializes PoP response for MCP _meta
type Response¶
Response represents a PoP response \(signature over nonce\)
type Response struct {
// Nonce echoed from challenge
Nonce string `json:"nonce"`
// Signature is JWS compact serialization over nonce
Signature string `json:"signature"`
// SubjectDID is the responder's DID
SubjectDID string `json:"subject_did"`
}
func CreateResponse¶
func CreateResponse(challenge *Challenge, privateKey ed25519.PrivateKey, keyID string) (*Response, error)
CreateResponse creates a complete PoP response by signing the challenge nonce
type SessionCache¶
SessionCache provides thread-safe caching of PoP verification results
func NewSessionCache¶
NewSessionCache creates a new session cache
func \(\*SessionCache\) Clear¶
Clear removes all entries
func \(\*SessionCache\) Delete¶
Delete removes a cached entry
func \(\*SessionCache\) Get¶
Get retrieves a cached entry if valid Returns nil if not found or expired
func \(\*SessionCache\) InvalidateBySession¶
InvalidateBySession removes all entries for a session
func \(\*SessionCache\) InvalidateByTrustLevel¶
InvalidateByTrustLevel removes entries below a trust level Use when trust requirements increase mid-session minLevelStr should be "0", "1", "2", "3", or "4"
func \(\*SessionCache\) Size¶
Size returns the number of cached entries
func \(\*SessionCache\) Store¶
Store caches a verification result Key is typically the server DID
protocol¶
Package protocol defines the interfaces and implementations for communicating with A2A agents.
Index¶
- type Client
- type HTTPClient
- func NewHTTPClient\(url string\) *HTTPClient
- func \(c \*HTTPClient\) Close() error
- func \(c \*HTTPClient\) Ping\(ctx context.Context\) \(time.Duration, error\)
- type JSONRPCClient
- func NewJSONRPCClient\(url string\) *JSONRPCClient
- func \(c \*JSONRPCClient\) Close() error
- func \(c \*JSONRPCClient\) Ping\(ctx context.Context\) \(time.Duration, error\)
type Client¶
Client defines the interface for an A2A protocol client.
type Client interface {
// Ping checks if the agent is reachable and responsive.
// Returns the latency and any error encountered.
Ping(ctx context.Context) (time.Duration, error)
// Close cleans up any resources used by the client.
Close() error
}
type HTTPClient¶
HTTPClient implements the Client interface for HTTP+JSON transport.
func NewHTTPClient¶
NewHTTPClient creates a new HTTPClient.
func \(\*HTTPClient\) Close¶
Close cleans up resources.
func \(\*HTTPClient\) Ping¶
Ping performs a simple GET request to the agent URL to check availability. It attempts to call 'GET /tasks' which is a standard v0.3.0 endpoint.
type JSONRPCClient¶
JSONRPCClient implements the Client interface for JSON-RPC transport over HTTP.
func NewJSONRPCClient¶
NewJSONRPCClient creates a new JSONRPCClient.
func \(\*JSONRPCClient\) Close¶
Close cleans up resources.
func \(\*JSONRPCClient\) Ping¶
Ping sends a standard JSON-RPC request to check availability. It attempts to call 'tasks/list' which is a standard v0.3.0 method. Even if the method returns an empty list or an error \(e.g. auth\), a valid JSON-RPC response indicates the agent is alive.
registry¶
Package registry implements the Trust Registry interface for key retrieval.
Index¶
- Constants
- type AgentStatus
- func \(s \*AgentStatus\) IsActive() bool
- type BadgeStatus
- type CloudRegistry
- func NewCloudRegistry\(url string\) *CloudRegistry
- func \(r \*CloudRegistry\) GetAgentStatus\(ctx context.Context, issuerURL string, agentID string\) \(\*AgentStatus, error\)
- func \(r \*CloudRegistry\) GetBadgeStatus\(ctx context.Context, issuerURL string, jti string\) \(\*BadgeStatus, error\)
- func \(r \*CloudRegistry\) GetPublicKey\(ctx context.Context, issuer string\) \(crypto.PublicKey, error\)
- func \(r \*CloudRegistry\) IsRevoked\(\_ context.Context, \_ string\) \(bool, error\)
- func \(r \*CloudRegistry\) SyncRevocations\(ctx context.Context, issuerURL string, since time.Time\) \(\[\]Revocation, error\)
- type LocalRegistry
- func NewLocalRegistry\(path string\) *LocalRegistry
- func \(r \*LocalRegistry\) GetAgentStatus\(\_ context.Context, \_ string, \_ string\) \(\*AgentStatus, error\)
- func \(r \*LocalRegistry\) GetBadgeStatus\(\_ context.Context, \_ string, \_ string\) \(\*BadgeStatus, error\)
- func \(r \*LocalRegistry\) GetPublicKey\(\_ context.Context, \_ string\) \(crypto.PublicKey, error\)
- func \(r \*LocalRegistry\) IsRevoked\(\_ context.Context, \_ string\) \(bool, error\)
- func \(r \*LocalRegistry\) SyncRevocations\(\_ context.Context, \_ string, \_ time.Time\) \(\[\]Revocation, error\)
- type Registry
- type Revocation
Constants¶
AgentStatusActive is the status for an active agent.
AgentStatusDisabled is the status for a disabled agent.
AgentStatusSuspended is the status for a suspended agent.
type AgentStatus¶
AgentStatus represents the status of an agent.
type AgentStatus struct {
// ID is the agent identifier.
ID string `json:"id"`
// Status is the agent status: "active", "disabled", or "suspended".
Status string `json:"status"`
// DisabledAt is the timestamp when the agent was disabled.
DisabledAt *time.Time `json:"disabledAt,omitempty"`
// Reason is the reason for disabling (if disabled).
Reason string `json:"reason,omitempty"`
}
func \(\*AgentStatus\) IsActive¶
IsActive returns true if the agent status is active.
type BadgeStatus¶
BadgeStatus represents the status of a badge.
type BadgeStatus struct {
// JTI is the badge ID.
JTI string `json:"jti"`
// Subject is the agent DID (sub claim).
Subject string `json:"sub,omitempty"`
// Revoked indicates if the badge has been revoked.
Revoked bool `json:"revoked"`
// Reason is the revocation reason (if revoked).
Reason string `json:"reason,omitempty"`
// RevokedAt is the timestamp when the badge was revoked.
RevokedAt *time.Time `json:"revokedAt,omitempty"`
// ExpiresAt is the badge expiry time.
ExpiresAt *time.Time `json:"expiresAt,omitempty"`
}
type CloudRegistry¶
CloudRegistry implements Registry by fetching keys from a URL.
type CloudRegistry struct {
RegistryURL string
Client *http.Client
// contains filtered or unexported fields
}
func NewCloudRegistry¶
NewCloudRegistry creates a new CloudRegistry.
func \(\*CloudRegistry\) GetAgentStatus¶
func (r *CloudRegistry) GetAgentStatus(ctx context.Context, issuerURL string, agentID string) (*AgentStatus, error)
GetAgentStatus retrieves the status of an agent from the registry. Endpoint: GET {issuerURL}/v1/agents/{agentID}/status
func \(\*CloudRegistry\) GetBadgeStatus¶
func (r *CloudRegistry) GetBadgeStatus(ctx context.Context, issuerURL string, jti string) (*BadgeStatus, error)
GetBadgeStatus retrieves the status of a badge from the registry. Endpoint: GET {issuerURL}/v1/badges/{jti}/status
func \(\*CloudRegistry\) GetPublicKey¶
GetPublicKey fetches the key from the Registry URL. It assumes the URL returns a single JWK for now \(MVP\).
func \(\*CloudRegistry\) IsRevoked¶
IsRevoked checks revocation \(not implemented for MVP\). Deprecated: Use GetBadgeStatus instead.
func \(\*CloudRegistry\) SyncRevocations¶
func (r *CloudRegistry) SyncRevocations(ctx context.Context, issuerURL string, since time.Time) ([]Revocation, error)
SyncRevocations fetches revocations from the registry since the given time. Endpoint: GET {issuerURL}/v1/revocations?since={ISO8601}
type LocalRegistry¶
LocalRegistry implements Registry using a local file.
func NewLocalRegistry¶
NewLocalRegistry creates a new LocalRegistry.
func \(\*LocalRegistry\) GetAgentStatus¶
GetAgentStatus is not supported for local registry. Returns an error indicating online verification is not available.
func \(\*LocalRegistry\) GetBadgeStatus¶
GetBadgeStatus is not supported for local registry. Returns an error indicating online verification is not available.
func \(\*LocalRegistry\) GetPublicKey¶
GetPublicKey reads the key from the local file. It ignores the issuer argument for the MVP \(trusts the local key for all\).
func \(\*LocalRegistry\) IsRevoked¶
IsRevoked checks if the ID is in the local blocklist \(not implemented yet\). Deprecated: Use GetBadgeStatus instead.
func \(\*LocalRegistry\) SyncRevocations¶
func (r *LocalRegistry) SyncRevocations(_ context.Context, _ string, _ time.Time) ([]Revocation, error)
SyncRevocations is not supported for local registry. Returns an error indicating online sync is not available.
type Registry¶
Registry defines the interface for the CapiscIO Trust Registry. It is responsible for resolving trusted public keys for Issuers, checking revocation status, and agent status. See RFC-002: Trust Badge Specification.
type Registry interface {
// GetPublicKey fetches the public key for a given Issuer DID/URI.
// Returns the public key and any error encountered.
GetPublicKey(ctx context.Context, issuerDID string) (crypto.PublicKey, error)
// IsRevoked checks if a specific Badge ID (jti) has been revoked.
// Deprecated: Use GetBadgeStatus for richer information.
IsRevoked(ctx context.Context, badgeID string) (bool, error)
// GetBadgeStatus retrieves the status of a badge by jti.
// Returns BadgeStatus or error if the badge is not found.
GetBadgeStatus(ctx context.Context, issuerURL string, jti string) (*BadgeStatus, error)
// GetAgentStatus retrieves the status of an agent by ID.
// Returns AgentStatus or error if the agent is not found.
GetAgentStatus(ctx context.Context, issuerURL string, agentID string) (*AgentStatus, error)
// SyncRevocations fetches revocations since the given timestamp.
// Used for bulk sync of revocation lists for offline verification.
SyncRevocations(ctx context.Context, issuerURL string, since time.Time) ([]Revocation, error)
}
type Revocation¶
Revocation represents a single badge revocation entry.
type Revocation struct {
// JTI is the revoked badge ID.
JTI string `json:"jti"`
// RevokedAt is when the badge was revoked.
RevokedAt time.Time `json:"revokedAt"`
// Reason is the optional revocation reason.
Reason string `json:"reason,omitempty"`
}
report¶
Package report defines the structures for validation and scoring reports.
Index¶
- type AvailabilityResult
- type ValidationIssue
- type ValidationResult
- func \(r \*ValidationResult\) AddError\(code, message, field string\)
- func \(r \*ValidationResult\) AddWarning\(code, message, field string\)
type AvailabilityResult¶
AvailabilityResult contains the results of availability testing.
type AvailabilityResult struct {
Score float64 `json:"score"`
Tested bool `json:"tested"`
EndpointURL string `json:"endpointUrl,omitempty"`
LatencyMS int64 `json:"latencyMs,omitempty"`
Error string `json:"error,omitempty"`
}
type ValidationIssue¶
ValidationIssue represents a specific problem found during validation.
type ValidationIssue struct {
Code string `json:"code"`
Message string `json:"message"`
Severity string `json:"severity"` // "error", "warning", "info"
Field string `json:"field,omitempty"`
}
type ValidationResult¶
ValidationResult contains the complete results of an Agent Card validation.
type ValidationResult struct {
Success bool `json:"success"`
ComplianceScore float64 `json:"complianceScore"`
TrustScore float64 `json:"trustScore"`
Availability AvailabilityResult `json:"availability"`
Issues []ValidationIssue `json:"issues"`
Signatures *crypto.SignatureVerificationResult `json:"signatures,omitempty"`
}
func \(\*ValidationResult\) AddError¶
AddError adds an error issue to the result.
func \(\*ValidationResult\) AddWarning¶
AddWarning adds a warning issue to the result.
revocation¶
Package revocation provides a local cache for badge revocations. This enables offline and semi-connected verification modes. See RFC-002 ยง7.4 Cache Staleness Guidance.
Index¶
- Constants
- Variables
- func DefaultCacheDir() string
- type Cache
- type FileCache
- func NewFileCache\(path string\) \(\*FileCache, error\)
- func \(c \*FileCache\) Add\(jti string, revokedAt time.Time\) error
- func \(c \*FileCache\) Clear() error
- func \(c \*FileCache\) Count() int
- func \(c \*FileCache\) IsRevoked\(jti string\) bool
- func \(c \*FileCache\) IsStale\(threshold time.Duration\) bool
- func \(c \*FileCache\) LastSynced() time.Time
- func \(c \*FileCache\) Sync\(revocations \[\]Revocation\) error
- type MemoryCache
- func NewMemoryCache() *MemoryCache
- func \(c \*MemoryCache\) Add\(jti string, revokedAt time.Time\) error
- func \(c \*MemoryCache\) Clear() error
- func \(c \*MemoryCache\) IsRevoked\(jti string\) bool
- func \(c \*MemoryCache\) IsStale\(threshold time.Duration\) bool
- func \(c \*MemoryCache\) LastSynced() time.Time
- func \(c \*MemoryCache\) Sync\(revocations \[\]Revocation\) error
- type Revocation
Constants¶
DefaultStaleThreshold is the default time after which cache is considered stale. Per RFC-002 ยง7.4, default is 5 minutes.
Variables¶
Common errors returned by this package.
var (
ErrCacheNotFound = errors.New("revocation cache not found")
ErrCacheCorrupt = errors.New("revocation cache is corrupt")
)
func DefaultCacheDir¶
DefaultCacheDir returns the default revocation cache directory.
type Cache¶
Cache is the interface for a revocation cache.
type Cache interface {
// IsRevoked checks if a badge jti is in the revocation cache.
IsRevoked(jti string) bool
// Add adds a revocation to the cache.
Add(jti string, revokedAt time.Time) error
// Sync updates the cache with new revocations.
Sync(revocations []Revocation) error
// LastSynced returns when the cache was last synced.
LastSynced() time.Time
// IsStale returns true if the cache is older than the threshold.
IsStale(threshold time.Duration) bool
// Clear clears all revocations from the cache.
Clear() error
}
type FileCache¶
FileCache implements Cache using a JSON file.
func NewFileCache¶
NewFileCache creates a new file-based revocation cache. If path is empty, uses default location.
func \(\*FileCache\) Add¶
Add adds a single revocation to the cache.
func \(\*FileCache\) Clear¶
Clear removes all revocations from the cache.
func \(\*FileCache\) Count¶
Count returns the number of revocations in the cache.
func \(\*FileCache\) IsRevoked¶
IsRevoked checks if a badge jti is in the revocation cache.
func \(\*FileCache\) IsStale¶
IsStale returns true if the cache is older than the threshold. Per RFC-002, default threshold is 5 minutes.
func \(\*FileCache\) LastSynced¶
LastSynced returns when the cache was last synced.
func \(\*FileCache\) Sync¶
Sync updates the cache with new revocations from the registry.
type MemoryCache¶
MemoryCache is an in-memory only cache for testing.
func NewMemoryCache¶
NewMemoryCache creates a new in-memory revocation cache.
func \(\*MemoryCache\) Add¶
Add adds a revoked badge to the cache.
func \(\*MemoryCache\) Clear¶
func \(\*MemoryCache\) IsRevoked¶
IsRevoked checks if a badge JTI has been revoked.
func \(\*MemoryCache\) IsStale¶
IsStale returns true if the cache hasn't been synced within the threshold.
func \(\*MemoryCache\) LastSynced¶
LastSynced returns the time of the last cache sync.
func \(\*MemoryCache\) Sync¶
Sync synchronizes the cache with a list of revocations.
type Revocation¶
Revocation represents a single revocation entry.
type Revocation struct {
// JTI is the revoked badge ID.
JTI string `json:"jti"`
// RevokedAt is when the badge was revoked.
RevokedAt time.Time `json:"revokedAt"`
// Reason is the optional revocation reason.
Reason string `json:"reason,omitempty"`
}
scoring¶
Package scoring implements the validation and scoring logic for Agent Cards.
Index¶
- type AvailabilityScorer
- func NewAvailabilityScorer\(timeout time.Duration\) *AvailabilityScorer
- func \(s \*AvailabilityScorer\) Score\(ctx context.Context, card \*agentcard.AgentCard\) report.AvailabilityResult
- type ComplianceConfig
- type ComplianceScorer
- func NewComplianceScorer\(config \*ComplianceConfig\) *ComplianceScorer
- func \(s \*ComplianceScorer\) Score\(card \*agentcard.AgentCard\) \(float64, \[\]report.ValidationIssue\)
- type Engine
- func NewEngine\(config \*EngineConfig\) *Engine
- func \(e \*Engine\) Validate\(ctx context.Context, card \*agentcard.AgentCard, checkAvailability bool\) \(\*report.ValidationResult, error\)
- type EngineConfig
- func DefaultEngineConfig() *EngineConfig
- type TrustScorer
- func NewTrustScorer\(trustedIssuers \[\]string\) *TrustScorer
- func \(s \*TrustScorer\) Score\(sigResult \*crypto.SignatureVerificationResult\) \(float64, \[\]report.ValidationIssue\)
- type URLValidator
- func NewURLValidator\(allowPrivateIPs bool\) *URLValidator
- func \(v \*URLValidator\) Validate\(rawURL string, fieldName string\) []report.ValidationIssue
- type ValidationMode
type AvailabilityScorer¶
AvailabilityScorer evaluates the operational status of the agent.
func NewAvailabilityScorer¶
NewAvailabilityScorer creates a new AvailabilityScorer.
func \(\*AvailabilityScorer\) Score¶
func (s *AvailabilityScorer) Score(ctx context.Context, card *agentcard.AgentCard) report.AvailabilityResult
Score checks the agent's endpoint and calculates an availability score.
type ComplianceConfig¶
ComplianceConfig holds configuration for the ComplianceScorer.
type ComplianceScorer¶
ComplianceScorer evaluates how well the Agent Card adheres to the A2A specification.
func NewComplianceScorer¶
NewComplianceScorer creates a new ComplianceScorer.
func \(\*ComplianceScorer\) Score¶
Score calculates the compliance score \(0\-100\) and identifies issues.
type Engine¶
Engine is the main entry point for scoring and validation.
func NewEngine¶
NewEngine creates a new scoring Engine with the provided configuration. If config is nil, default configuration is used.
func \(\*Engine\) Validate¶
func (e *Engine) Validate(ctx context.Context, card *agentcard.AgentCard, checkAvailability bool) (*report.ValidationResult, error)
Validate performs a full validation of the Agent Card.
type EngineConfig¶
EngineConfig holds configuration for the scoring Engine.
type EngineConfig struct {
// TrustedIssuers is a list of trusted JWKS URIs or Issuer IDs.
// If empty, all valid signatures are considered "trusted" (low security mode).
TrustedIssuers []string
// JWKSCacheTTL is the time-to-live for cached JWKS. Default: 1 hour.
JWKSCacheTTL time.Duration
// HTTPTimeout is the timeout for availability checks. Default: 5 seconds.
HTTPTimeout time.Duration
// Mode determines the validation strictness. Default: ModeProgressive.
Mode ValidationMode
// SkipSignatureVerification disables JWS signature verification.
SkipSignatureVerification bool
// SchemaOnly skips logic and network checks, validating only the JSON structure.
SchemaOnly bool
// RegistryReady enables additional checks required for registry submission.
RegistryReady bool
// AllowPrivateIPs allows URLs to resolve to private IP addresses.
AllowPrivateIPs bool
}
func DefaultEngineConfig¶
DefaultEngineConfig returns a default configuration.
type TrustScorer¶
TrustScorer evaluates the trustworthiness of the Agent Card.
func NewTrustScorer¶
NewTrustScorer creates a new TrustScorer with optional trusted issuers.
func \(\*TrustScorer\) Score¶
func (s *TrustScorer) Score(sigResult *crypto.SignatureVerificationResult) (float64, []report.ValidationIssue)
Score calculates the trust score \(0\-100\) based on signatures and other factors.
type URLValidator¶
URLValidator validates URLs for security and compliance.
func NewURLValidator¶
NewURLValidator creates a new URLValidator.
func \(\*URLValidator\) Validate¶
Validate checks if a URL is valid and secure.
type ValidationMode¶
ValidationMode determines the strictness of the validation.
const (
// ModeProgressive is the default mode. Standard checks, allows some warnings.
ModeProgressive ValidationMode = "progressive"
// ModeStrict fails on ANY warning or error.
ModeStrict ValidationMode = "strict"
)
simpleguard¶
Index¶
- Constants
- Variables
- func Middleware\(guard \*SimpleGuard\) func\(http.Handler\) http.Handler
- func SubjectFromContext\(ctx context.Context\) string
- type Claims
- func ClaimsFromContext\(ctx context.Context\) *Claims
- type Config
- type SimpleGuard
- func New\(cfg Config\) \(\*SimpleGuard, error\)
- func \(g \*SimpleGuard\) SignOutbound\(claims Claims, body \[\]byte\) \(string, error\)
- func \(g \*SimpleGuard\) VerifyInbound\(token string, body \[\]byte\) \(\*Claims, error\)
Constants¶
const (
// DefaultMaxTokenAge is the default token validity window (60 seconds).
// This can be overridden via Config.MaxTokenAge.
DefaultMaxTokenAge = 60 * time.Second
// DefaultClockSkewTolerance is the allowed clock drift between parties (5 seconds).
// This accounts for minor time synchronization differences between systems.
DefaultClockSkewTolerance = 5 * time.Second
// DefaultMaxBodySize is the maximum request body size for middleware (10MB).
// Requests larger than this will be rejected to prevent memory exhaustion.
DefaultMaxBodySize = 10 << 20 // 10MB
)
MaxTokenAge is kept for backward compatibility. Use Config.MaxTokenAge instead. Deprecated: Use DefaultMaxTokenAge or Config.MaxTokenAge.
Variables¶
var (
ErrMissingHeader = errors.New("missing X-Capiscio-Badge header")
ErrInvalidToken = errors.New("invalid token format")
ErrTokenExpired = errors.New("token expired")
ErrTokenFuture = errors.New("token issued in the future")
ErrIntegrityFailed = errors.New("integrity check failed (body hash mismatch)")
ErrMissingKeyID = errors.New("missing kid header")
ErrUntrustedKey = errors.New("untrusted key ID")
ErrSignatureInvalid = errors.New("signature verification failed")
)
func Middleware¶
Middleware creates a net/http middleware for SimpleGuard.
func SubjectFromContext¶
SubjectFromContext retrieves the verified subject from the request context. Returns empty string if not found.
type Claims¶
Claims represents the JWT claims for SimpleGuard.
type Claims struct {
Subject string `json:"sub"`
Issuer string `json:"iss"`
IssuedAt int64 `json:"iat"`
Expiry int64 `json:"exp"`
BodyHash string `json:"bh,omitempty"`
MessageID string `json:"jti,omitempty"`
}
func ClaimsFromContext¶
ClaimsFromContext retrieves the verified claims from the request context. Returns nil if not found.
type Config¶
Config holds configuration for SimpleGuard.
type Config struct {
AgentID string
PrivateKey crypto.PrivateKey
PublicKey crypto.PublicKey
KeyID string // kid for the header
DevMode bool // If true, allows self-signed/generated keys
// MaxTokenAge is the token validity window. Defaults to DefaultMaxTokenAge (60s).
MaxTokenAge time.Duration
// ClockSkewTolerance is the allowed clock drift. Defaults to DefaultClockSkewTolerance (5s).
ClockSkewTolerance time.Duration
// MaxBodySize is the maximum request body size for middleware. Defaults to DefaultMaxBodySize (10MB).
MaxBodySize int64
}
type SimpleGuard¶
SimpleGuard handles A2A security enforcement.
func New¶
New creates a new SimpleGuard instance.
func \(\*SimpleGuard\) SignOutbound¶
SignOutbound creates a signed JWS for the given payload and body. It enforces iat and exp to prevent backdating.
func \(\*SimpleGuard\) VerifyInbound¶
VerifyInbound validates a received JWS token.
trust¶
Package trust provides a local trust store for CA public keys. This enables offline badge verification without network access. See RFC-002 ยง13.1.
Index¶
- Variables
- func DefaultTrustDir() string
- type FileStore
- func NewFileStore\(dir string\) \(\*FileStore, error\)
- func \(s \*FileStore\) Add\(key jose.JSONWebKey\) error
- func \(s \*FileStore\) AddFromJWKS\(jwks \*jose.JSONWebKeySet, issuerURL string\) error
- func \(s \*FileStore\) AddIssuerMapping\(issuerURL, kid string\) error
- func \(s \*FileStore\) Get\(kid string\) \(\*jose.JSONWebKey, error\)
- func \(s \*FileStore\) GetByIssuer\(issuerURL string\) \(\[\]jose.JSONWebKey, error\)
- func \(s \*FileStore\) List() \(\[\]jose.JSONWebKey, error\)
- func \(s \*FileStore\) Remove\(kid string\) error
- type Store
Variables¶
Common errors returned by this package.
var (
ErrKeyNotFound = errors.New("key not found in trust store")
ErrIssuerNotFound = errors.New("issuer not found in trust store")
ErrInvalidKey = errors.New("invalid key format")
)
func DefaultTrustDir¶
DefaultTrustDir returns the default trust store directory.
type FileStore¶
FileStore implements Store using the filesystem. Default location: ~/.capiscio/trust/
func NewFileStore¶
NewFileStore creates a new file-based trust store.
func \(\*FileStore\) Add¶
Add adds a key to the trust store.
func \(\*FileStore\) AddFromJWKS¶
AddFromJWKS adds all keys from a JWKS and optionally maps them to an issuer.
func \(\*FileStore\) AddIssuerMapping¶
AddIssuerMapping maps an issuer URL to a key kid.
func \(\*FileStore\) Get¶
Get retrieves a key by kid.
func \(\*FileStore\) GetByIssuer¶
GetByIssuer retrieves all keys for an issuer URL.
func \(\*FileStore\) List¶
List returns all keys in the store.
func \(\*FileStore\) Remove¶
Remove removes a key by kid.
type Store¶
Store is the interface for a trust store.
type Store interface {
// Add adds a key to the trust store.
Add(key jose.JSONWebKey) error
// Get retrieves a key by kid.
Get(kid string) (*jose.JSONWebKey, error)
// GetByIssuer retrieves all keys for an issuer URL.
GetByIssuer(issuerURL string) ([]jose.JSONWebKey, error)
// List returns all keys in the store.
List() ([]jose.JSONWebKey, error)
// Remove removes a key by kid.
Remove(kid string) error
// AddIssuerMapping maps an issuer URL to a key kid.
AddIssuerMapping(issuerURL, kid string) error
}
capisciov1¶
Index¶
- Constants
- Variables
- func RegisterBadgeServiceServer\(s grpc.ServiceRegistrar, srv BadgeServiceServer\)
- func RegisterDIDServiceServer\(s grpc.ServiceRegistrar, srv DIDServiceServer\)
- func RegisterMCPServiceServer\(s grpc.ServiceRegistrar, srv MCPServiceServer\)
- func RegisterRegistryServiceServer\(s grpc.ServiceRegistrar, srv RegistryServiceServer\)
- func RegisterRevocationServiceServer\(s grpc.ServiceRegistrar, srv RevocationServiceServer\)
- func RegisterScoringServiceServer\(s grpc.ServiceRegistrar, srv ScoringServiceServer\)
- func RegisterSimpleGuardServiceServer\(s grpc.ServiceRegistrar, srv SimpleGuardServiceServer\)
- func RegisterTrustStoreServiceServer\(s grpc.ServiceRegistrar, srv TrustStoreServiceServer\)
- type AddKeyRequest
- func \(\*AddKeyRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*AddKeyRequest\) GetDid() string
- func \(x \*AddKeyRequest\) GetFormat() KeyFormat
- func \(x \*AddKeyRequest\) GetMetadata() map[string]string
- func \(x \*AddKeyRequest\) GetPublicKey() []byte
- func \(\*AddKeyRequest\) ProtoMessage()
- func \(x \*AddKeyRequest\) ProtoReflect() protoreflect.Message
- func \(x \*AddKeyRequest\) Reset()
- func \(x \*AddKeyRequest\) String() string
- type AddKeyResponse
- func \(\*AddKeyResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*AddKeyResponse\) GetErrorMessage() string
- func \(x \*AddKeyResponse\) GetKeyId() string
- func \(\*AddKeyResponse\) ProtoMessage()
- func \(x \*AddKeyResponse\) ProtoReflect() protoreflect.Message
- func \(x \*AddKeyResponse\) Reset()
- func \(x \*AddKeyResponse\) String() string
- type AgentStatus
- func \(AgentStatus\) Descriptor() protoreflect.EnumDescriptor
- func \(x AgentStatus\) Enum() *AgentStatus
- func \(AgentStatus\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x AgentStatus\) Number() protoreflect.EnumNumber
- func \(x AgentStatus\) String() string
- func \(AgentStatus\) Type() protoreflect.EnumType
- type AggregateScoresRequest
- func \(\*AggregateScoresRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*AggregateScoresRequest\) GetAggregationMethod() string
- func \(x \*AggregateScoresRequest\) GetResults() []*ScoringResult
- func \(\*AggregateScoresRequest\) ProtoMessage()
- func \(x \*AggregateScoresRequest\) ProtoReflect() protoreflect.Message
- func \(x \*AggregateScoresRequest\) Reset()
- func \(x \*AggregateScoresRequest\) String() string
- type AggregateScoresResponse
- func \(\*AggregateScoresResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*AggregateScoresResponse\) GetAggregateRating() Rating
- func \(x \*AggregateScoresResponse\) GetAggregateScore() float64
- func \(x \*AggregateScoresResponse\) GetCategoryAggregates() map[string]float64
- func \(\*AggregateScoresResponse\) ProtoMessage()
- func \(x \*AggregateScoresResponse\) ProtoReflect() protoreflect.Message
- func \(x \*AggregateScoresResponse\) Reset()
- func \(x \*AggregateScoresResponse\) String() string
- type BadgeClaims
- func \(\*BadgeClaims\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*BadgeClaims\) GetAgentName() string
- func \(x \*BadgeClaims\) GetAud() []string
- func \(x \*BadgeClaims\) GetDomain() string
- func \(x \*BadgeClaims\) GetExp() int64
- func \(x \*BadgeClaims\) GetIat() int64
- func \(x \*BadgeClaims\) GetIss() string
- func \(x \*BadgeClaims\) GetJti() string
- func \(x \*BadgeClaims\) GetNbf() int64
- func \(x \*BadgeClaims\) GetScope() string
- func \(x \*BadgeClaims\) GetSub() string
- func \(x \*BadgeClaims\) GetTrustLevel() TrustLevel
- func \(\*BadgeClaims\) ProtoMessage()
- func \(x \*BadgeClaims\) ProtoReflect() protoreflect.Message
- func \(x \*BadgeClaims\) Reset()
- func \(x \*BadgeClaims\) String() string
- type BadgeServiceClient
- func NewBadgeServiceClient\(cc grpc.ClientConnInterface\) BadgeServiceClient
- type BadgeServiceServer
- type BadgeService_StartKeeperClient
- type BadgeService_StartKeeperServer
- type CategoryScore
- func \(\*CategoryScore\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*CategoryScore\) GetCategory() ScoreCategory
- func \(x \*CategoryScore\) GetResults() []*RuleResult
- func \(x \*CategoryScore\) GetRulesFailed() int32
- func \(x \*CategoryScore\) GetRulesPassed() int32
- func \(x \*CategoryScore\) GetScore() float64
- func \(\*CategoryScore\) ProtoMessage()
- func \(x \*CategoryScore\) ProtoReflect() protoreflect.Message
- func \(x \*CategoryScore\) Reset()
- func \(x \*CategoryScore\) String() string
- type ClearCacheRequest
- func \(\*ClearCacheRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ClearCacheRequest\) GetSourceFilter() string
- func \(\*ClearCacheRequest\) ProtoMessage()
- func \(x \*ClearCacheRequest\) ProtoReflect() protoreflect.Message
- func \(x \*ClearCacheRequest\) Reset()
- func \(x \*ClearCacheRequest\) String() string
- type ClearCacheResponse
- func \(\*ClearCacheResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ClearCacheResponse\) GetEntriesCleared() int32
- func \(\*ClearCacheResponse\) ProtoMessage()
- func \(x \*ClearCacheResponse\) ProtoReflect() protoreflect.Message
- func \(x \*ClearCacheResponse\) Reset()
- func \(x \*ClearCacheResponse\) String() string
- type ClearKeysRequest
- func \(\*ClearKeysRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ClearKeysRequest\) GetConfirm() bool
- func \(\*ClearKeysRequest\) ProtoMessage()
- func \(x \*ClearKeysRequest\) ProtoReflect() protoreflect.Message
- func \(x \*ClearKeysRequest\) Reset()
- func \(x \*ClearKeysRequest\) String() string
- type ClearKeysResponse
- func \(\*ClearKeysResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ClearKeysResponse\) GetKeysCleared() int32
- func \(\*ClearKeysResponse\) ProtoMessage()
- func \(x \*ClearKeysResponse\) ProtoReflect() protoreflect.Message
- func \(x \*ClearKeysResponse\) Reset()
- func \(x \*ClearKeysResponse\) String() string
- type CreateDVOrderRequest
- func \(\*CreateDVOrderRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*CreateDVOrderRequest\) GetCaUrl() string
- func \(x \*CreateDVOrderRequest\) GetChallengeType() string
- func \(x \*CreateDVOrderRequest\) GetDomain() string
- func \(x \*CreateDVOrderRequest\) GetJwk() string
- func \(\*CreateDVOrderRequest\) ProtoMessage()
- func \(x \*CreateDVOrderRequest\) ProtoReflect() protoreflect.Message
- func \(x \*CreateDVOrderRequest\) Reset()
- func \(x \*CreateDVOrderRequest\) String() string
- type CreateDVOrderResponse
- func \(\*CreateDVOrderResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*CreateDVOrderResponse\) GetChallengeToken() string
- func \(x \*CreateDVOrderResponse\) GetChallengeType() string
- func \(x \*CreateDVOrderResponse\) GetDnsRecord() string
- func \(x \*CreateDVOrderResponse\) GetDomain() string
- func \(x \*CreateDVOrderResponse\) GetError() string
- func \(x \*CreateDVOrderResponse\) GetErrorCode() string
- func \(x \*CreateDVOrderResponse\) GetExpiresAt() int64
- func \(x \*CreateDVOrderResponse\) GetOrderId() string
- func \(x \*CreateDVOrderResponse\) GetStatus() string
- func \(x \*CreateDVOrderResponse\) GetSuccess() bool
- func \(x \*CreateDVOrderResponse\) GetValidationUrl() string
- func \(\*CreateDVOrderResponse\) ProtoMessage()
- func \(x \*CreateDVOrderResponse\) ProtoReflect() protoreflect.Message
- func \(x \*CreateDVOrderResponse\) Reset()
- func \(x \*CreateDVOrderResponse\) String() string
- type DID
- func \(\*DID\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*DID\) GetDomain() string
- func \(x \*DID\) GetFragment() string
- func \(x \*DID\) GetMethod() string
- func \(x \*DID\) GetPath() []string
- func \(x \*DID\) GetRaw() string
- func \(\*DID\) ProtoMessage()
- func \(x \*DID\) ProtoReflect() protoreflect.Message
- func \(x \*DID\) Reset()
- func \(x \*DID\) String() string
- type DIDServiceClient
- func NewDIDServiceClient\(cc grpc.ClientConnInterface\) DIDServiceClient
- type DIDServiceServer
- type DeregisterAgentRequest
- func \(\*DeregisterAgentRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*DeregisterAgentRequest\) GetDid() string
- func \(x \*DeregisterAgentRequest\) GetReason() string
- func \(\*DeregisterAgentRequest\) ProtoMessage()
- func \(x \*DeregisterAgentRequest\) ProtoReflect() protoreflect.Message
- func \(x \*DeregisterAgentRequest\) Reset()
- func \(x \*DeregisterAgentRequest\) String() string
- type DeregisterAgentResponse
- func \(\*DeregisterAgentResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*DeregisterAgentResponse\) GetErrorMessage() string
- func \(x \*DeregisterAgentResponse\) GetSuccess() bool
- func \(\*DeregisterAgentResponse\) ProtoMessage()
- func \(x \*DeregisterAgentResponse\) ProtoReflect() protoreflect.Message
- func \(x \*DeregisterAgentResponse\) Reset()
- func \(x \*DeregisterAgentResponse\) String() string
- type DocumentURLRequest
- func \(\*DocumentURLRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*DocumentURLRequest\) GetDid() string
- func \(\*DocumentURLRequest\) ProtoMessage()
- func \(x \*DocumentURLRequest\) ProtoReflect() protoreflect.Message
- func \(x \*DocumentURLRequest\) Reset()
- func \(x \*DocumentURLRequest\) String() string
- type DocumentURLResponse
- func \(\*DocumentURLResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*DocumentURLResponse\) GetErrorMessage() string
- func \(x \*DocumentURLResponse\) GetUrl() string
- func \(\*DocumentURLResponse\) ProtoMessage()
- func \(x \*DocumentURLResponse\) ProtoReflect() protoreflect.Message
- func \(x \*DocumentURLResponse\) Reset()
- func \(x \*DocumentURLResponse\) String() string
- type Duration
- func \(\*Duration\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*Duration\) GetSeconds() int64
- func \(\*Duration\) ProtoMessage()
- func \(x \*Duration\) ProtoReflect() protoreflect.Message
- func \(x \*Duration\) Reset()
- func \(x \*Duration\) String() string
- type ErrorDetail
- func \(\*ErrorDetail\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ErrorDetail\) GetCode() string
- func \(x \*ErrorDetail\) GetMessage() string
- func \(x \*ErrorDetail\) GetMetadata() map[string]string
- func \(\*ErrorDetail\) ProtoMessage()
- func \(x \*ErrorDetail\) ProtoReflect() protoreflect.Message
- func \(x \*ErrorDetail\) Reset()
- func \(x \*ErrorDetail\) String() string
- type EvaluateConfig
- func \(\*EvaluateConfig\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*EvaluateConfig\) GetAcceptLevelZero() bool
- func \(x \*EvaluateConfig\) GetAllowedTools() []string
- func \(x \*EvaluateConfig\) GetMinTrustLevel() int32
- func \(x \*EvaluateConfig\) GetTrustedIssuers() []string
- func \(\*EvaluateConfig\) ProtoMessage()
- func \(x \*EvaluateConfig\) ProtoReflect() protoreflect.Message
- func \(x \*EvaluateConfig\) Reset()
- func \(x \*EvaluateConfig\) String() string
- type EvaluateToolAccessRequest
- func \(\*EvaluateToolAccessRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*EvaluateToolAccessRequest\) GetApiKey() string
- func \(x \*EvaluateToolAccessRequest\) GetBadgeJws() string
- func \(x \*EvaluateToolAccessRequest\) GetCallerCredential() isEvaluateToolAccessRequest_CallerCredential
- func \(x \*EvaluateToolAccessRequest\) GetCapabilityClass() string
- func \(x \*EvaluateToolAccessRequest\) GetConfig() *EvaluateConfig
- func \(x \*EvaluateToolAccessRequest\) GetConstraintsJson() string
- func \(x \*EvaluateToolAccessRequest\) GetDelegationDepth() int32
- func \(x \*EvaluateToolAccessRequest\) GetEnforcementMode() string
- func \(x \*EvaluateToolAccessRequest\) GetEnvelopeId() string
- func \(x \*EvaluateToolAccessRequest\) GetParamsHash() string
- func \(x \*EvaluateToolAccessRequest\) GetParentConstraintsJson() string
- func \(x \*EvaluateToolAccessRequest\) GetPolicyVersion() string
- func \(x \*EvaluateToolAccessRequest\) GetServerOrigin() string
- func \(x \*EvaluateToolAccessRequest\) GetToolName() string
- func \(\*EvaluateToolAccessRequest\) ProtoMessage()
- func \(x \*EvaluateToolAccessRequest\) ProtoReflect() protoreflect.Message
- func \(x \*EvaluateToolAccessRequest\) Reset()
- func \(x \*EvaluateToolAccessRequest\) String() string
- type EvaluateToolAccessRequest_ApiKey
- type EvaluateToolAccessRequest_BadgeJws
- type EvaluateToolAccessResponse
- func \(\*EvaluateToolAccessResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*EvaluateToolAccessResponse\) GetAgentDid() string
- func \(x \*EvaluateToolAccessResponse\) GetAuthLevel() MCPAuthLevel
- func \(x \*EvaluateToolAccessResponse\) GetBadgeJti() string
- func \(x \*EvaluateToolAccessResponse\) GetDecision() MCPDecision
- func \(x \*EvaluateToolAccessResponse\) GetDenyDetail() string
- func \(x \*EvaluateToolAccessResponse\) GetDenyReason() MCPDenyReason
- func \(x \*EvaluateToolAccessResponse\) GetEnforcementMode() string
- func \(x \*EvaluateToolAccessResponse\) GetEvidenceId() string
- func \(x \*EvaluateToolAccessResponse\) GetEvidenceJson() string
- func \(x \*EvaluateToolAccessResponse\) GetObligations() []*MCPObligation
- func \(x \*EvaluateToolAccessResponse\) GetPolicyDecision() string
- func \(x \*EvaluateToolAccessResponse\) GetPolicyDecisionId() string
- func \(x \*EvaluateToolAccessResponse\) GetTimestamp() *timestamppb.Timestamp
- func \(x \*EvaluateToolAccessResponse\) GetTrustLevel() int32
- func \(\*EvaluateToolAccessResponse\) ProtoMessage()
- func \(x \*EvaluateToolAccessResponse\) ProtoReflect() protoreflect.Message
- func \(x \*EvaluateToolAccessResponse\) Reset()
- func \(x \*EvaluateToolAccessResponse\) String() string
- type ExportKeyRequest
- func \(\*ExportKeyRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ExportKeyRequest\) GetFilePath() string
- func \(x \*ExportKeyRequest\) GetFormat() KeyFormat
- func \(x \*ExportKeyRequest\) GetIncludePrivate() bool
- func \(x \*ExportKeyRequest\) GetKeyId() string
- func \(x \*ExportKeyRequest\) GetPassphrase() string
- func \(\*ExportKeyRequest\) ProtoMessage()
- func \(x \*ExportKeyRequest\) ProtoReflect() protoreflect.Message
- func \(x \*ExportKeyRequest\) Reset()
- func \(x \*ExportKeyRequest\) String() string
- type ExportKeyResponse
- func \(\*ExportKeyResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ExportKeyResponse\) GetErrorMessage() string
- func \(x \*ExportKeyResponse\) GetFilePath() string
- func \(\*ExportKeyResponse\) ProtoMessage()
- func \(x \*ExportKeyResponse\) ProtoReflect() protoreflect.Message
- func \(x \*ExportKeyResponse\) Reset()
- func \(x \*ExportKeyResponse\) String() string
- type ExportToDirectoryRequest
- func \(\*ExportToDirectoryRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ExportToDirectoryRequest\) GetDirectoryPath() string
- func \(x \*ExportToDirectoryRequest\) GetFormat() KeyFormat
- func \(\*ExportToDirectoryRequest\) ProtoMessage()
- func \(x \*ExportToDirectoryRequest\) ProtoReflect() protoreflect.Message
- func \(x \*ExportToDirectoryRequest\) Reset()
- func \(x \*ExportToDirectoryRequest\) String() string
- type ExportToDirectoryResponse
- func \(\*ExportToDirectoryResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ExportToDirectoryResponse\) GetErrorMessage() string
- func \(x \*ExportToDirectoryResponse\) GetKeysExported() int32
- func \(\*ExportToDirectoryResponse\) ProtoMessage()
- func \(x \*ExportToDirectoryResponse\) ProtoReflect() protoreflect.Message
- func \(x \*ExportToDirectoryResponse\) Reset()
- func \(x \*ExportToDirectoryResponse\) String() string
- type FetchRevocationListRequest
- func \(\*FetchRevocationListRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*FetchRevocationListRequest\) GetTimeout() *Duration
- func \(x \*FetchRevocationListRequest\) GetUrl() string
- func \(\*FetchRevocationListRequest\) ProtoMessage()
- func \(x \*FetchRevocationListRequest\) ProtoReflect() protoreflect.Message
- func \(x \*FetchRevocationListRequest\) Reset()
- func \(x \*FetchRevocationListRequest\) String() string
- type FetchRevocationListResponse
- func \(\*FetchRevocationListResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*FetchRevocationListResponse\) GetEntriesAdded() int32
- func \(x \*FetchRevocationListResponse\) GetEntriesUpdated() int32
- func \(x \*FetchRevocationListResponse\) GetErrorMessage() string
- func \(x \*FetchRevocationListResponse\) GetFetchedAt() *Timestamp
- func \(\*FetchRevocationListResponse\) ProtoMessage()
- func \(x \*FetchRevocationListResponse\) ProtoReflect() protoreflect.Message
- func \(x \*FetchRevocationListResponse\) Reset()
- func \(x \*FetchRevocationListResponse\) String() string
- type FinalizeDVOrderRequest
- func \(\*FinalizeDVOrderRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*FinalizeDVOrderRequest\) GetCaUrl() string
- func \(x \*FinalizeDVOrderRequest\) GetOrderId() string
- func \(\*FinalizeDVOrderRequest\) ProtoMessage()
- func \(x \*FinalizeDVOrderRequest\) ProtoReflect() protoreflect.Message
- func \(x \*FinalizeDVOrderRequest\) Reset()
- func \(x \*FinalizeDVOrderRequest\) String() string
- type FinalizeDVOrderResponse
- func \(\*FinalizeDVOrderResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*FinalizeDVOrderResponse\) GetError() string
- func \(x \*FinalizeDVOrderResponse\) GetErrorCode() string
- func \(x \*FinalizeDVOrderResponse\) GetExpiresAt() int64
- func \(x \*FinalizeDVOrderResponse\) GetGrant() string
- func \(x \*FinalizeDVOrderResponse\) GetSuccess() bool
- func \(\*FinalizeDVOrderResponse\) ProtoMessage()
- func \(x \*FinalizeDVOrderResponse\) ProtoReflect() protoreflect.Message
- func \(x \*FinalizeDVOrderResponse\) Reset()
- func \(x \*FinalizeDVOrderResponse\) String() string
- type GenerateKeyPairRequest
- func \(\*GenerateKeyPairRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*GenerateKeyPairRequest\) GetAlgorithm() KeyAlgorithm
- func \(x \*GenerateKeyPairRequest\) GetKeyId() string
- func \(x \*GenerateKeyPairRequest\) GetMetadata() map[string]string
- func \(\*GenerateKeyPairRequest\) ProtoMessage()
- func \(x \*GenerateKeyPairRequest\) ProtoReflect() protoreflect.Message
- func \(x \*GenerateKeyPairRequest\) Reset()
- func \(x \*GenerateKeyPairRequest\) String() string
- type GenerateKeyPairResponse
- func \(\*GenerateKeyPairResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*GenerateKeyPairResponse\) GetAlgorithm() KeyAlgorithm
- func \(x \*GenerateKeyPairResponse\) GetDidKey() string
- func \(x \*GenerateKeyPairResponse\) GetErrorMessage() string
- func \(x \*GenerateKeyPairResponse\) GetKeyId() string
- func \(x \*GenerateKeyPairResponse\) GetPrivateKey() []byte
- func \(x \*GenerateKeyPairResponse\) GetPrivateKeyPem() string
- func \(x \*GenerateKeyPairResponse\) GetPublicKey() []byte
- func \(x \*GenerateKeyPairResponse\) GetPublicKeyPem() string
- func \(\*GenerateKeyPairResponse\) ProtoMessage()
- func \(x \*GenerateKeyPairResponse\) ProtoReflect() protoreflect.Message
- func \(x \*GenerateKeyPairResponse\) Reset()
- func \(x \*GenerateKeyPairResponse\) String() string
- type GetAgentRequest
- func \(\*GetAgentRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*GetAgentRequest\) GetDid() string
- func \(x \*GetAgentRequest\) GetIncludeBadge() bool
- func \(x \*GetAgentRequest\) GetVerifyBadge() bool
- func \(\*GetAgentRequest\) ProtoMessage()
- func \(x \*GetAgentRequest\) ProtoReflect() protoreflect.Message
- func \(x \*GetAgentRequest\) Reset()
- func \(x \*GetAgentRequest\) String() string
- type GetAgentResponse
- func \(\*GetAgentResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*GetAgentResponse\) GetAgent() *RegisteredAgent
- func \(x \*GetAgentResponse\) GetBadgeValid() bool
- func \(x \*GetAgentResponse\) GetErrorMessage() string
- func \(\*GetAgentResponse\) ProtoMessage()
- func \(x \*GetAgentResponse\) ProtoReflect() protoreflect.Message
- func \(x \*GetAgentResponse\) Reset()
- func \(x \*GetAgentResponse\) String() string
- type GetCacheStatsRequest
- func \(\*GetCacheStatsRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(\*GetCacheStatsRequest\) ProtoMessage()
- func \(x \*GetCacheStatsRequest\) ProtoReflect() protoreflect.Message
- func \(x \*GetCacheStatsRequest\) Reset()
- func \(x \*GetCacheStatsRequest\) String() string
- type GetCacheStatsResponse
- func \(\*GetCacheStatsResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*GetCacheStatsResponse\) GetCacheTtl() *Duration
- func \(x \*GetCacheStatsResponse\) GetEntriesBySource() map[string]int32
- func \(x \*GetCacheStatsResponse\) GetLastRemoteFetch() *Timestamp
- func \(x \*GetCacheStatsResponse\) GetLocalEntries() int32
- func \(x \*GetCacheStatsResponse\) GetRemoteEntries() int32
- func \(x \*GetCacheStatsResponse\) GetTotalEntries() int32
- func \(\*GetCacheStatsResponse\) ProtoMessage()
- func \(x \*GetCacheStatsResponse\) ProtoReflect() protoreflect.Message
- func \(x \*GetCacheStatsResponse\) Reset()
- func \(x \*GetCacheStatsResponse\) String() string
- type GetDVOrderRequest
- func \(\*GetDVOrderRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*GetDVOrderRequest\) GetCaUrl() string
- func \(x \*GetDVOrderRequest\) GetOrderId() string
- func \(\*GetDVOrderRequest\) ProtoMessage()
- func \(x \*GetDVOrderRequest\) ProtoReflect() protoreflect.Message
- func \(x \*GetDVOrderRequest\) Reset()
- func \(x \*GetDVOrderRequest\) String() string
- type GetDVOrderResponse
- func \(\*GetDVOrderResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*GetDVOrderResponse\) GetChallengeToken() string
- func \(x \*GetDVOrderResponse\) GetChallengeType() string
- func \(x \*GetDVOrderResponse\) GetDnsRecord() string
- func \(x \*GetDVOrderResponse\) GetDomain() string
- func \(x \*GetDVOrderResponse\) GetError() string
- func \(x \*GetDVOrderResponse\) GetErrorCode() string
- func \(x \*GetDVOrderResponse\) GetExpiresAt() int64
- func \(x \*GetDVOrderResponse\) GetFinalizedAt() int64
- func \(x \*GetDVOrderResponse\) GetOrderId() string
- func \(x \*GetDVOrderResponse\) GetStatus() string
- func \(x \*GetDVOrderResponse\) GetSuccess() bool
- func \(x \*GetDVOrderResponse\) GetValidationUrl() string
- func \(\*GetDVOrderResponse\) ProtoMessage()
- func \(x \*GetDVOrderResponse\) ProtoReflect() protoreflect.Message
- func \(x \*GetDVOrderResponse\) Reset()
- func \(x \*GetDVOrderResponse\) String() string
- type GetKeyInfoRequest
- func \(\*GetKeyInfoRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*GetKeyInfoRequest\) GetKeyId() string
- func \(\*GetKeyInfoRequest\) ProtoMessage()
- func \(x \*GetKeyInfoRequest\) ProtoReflect() protoreflect.Message
- func \(x \*GetKeyInfoRequest\) Reset()
- func \(x \*GetKeyInfoRequest\) String() string
- type GetKeyInfoResponse
- func \(\*GetKeyInfoResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*GetKeyInfoResponse\) GetAlgorithm() KeyAlgorithm
- func \(x \*GetKeyInfoResponse\) GetCreatedAt() *Timestamp
- func \(x \*GetKeyInfoResponse\) GetErrorMessage() string
- func \(x \*GetKeyInfoResponse\) GetHasPrivateKey() bool
- func \(x \*GetKeyInfoResponse\) GetKeyId() string
- func \(x \*GetKeyInfoResponse\) GetMetadata() map[string]string
- func \(x \*GetKeyInfoResponse\) GetPublicKey() []byte
- func \(x \*GetKeyInfoResponse\) GetPublicKeyPem() string
- func \(\*GetKeyInfoResponse\) ProtoMessage()
- func \(x \*GetKeyInfoResponse\) ProtoReflect() protoreflect.Message
- func \(x \*GetKeyInfoResponse\) Reset()
- func \(x \*GetKeyInfoResponse\) String() string
- type GetKeyRequest
- func \(\*GetKeyRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*GetKeyRequest\) GetDid() string
- func \(x \*GetKeyRequest\) GetKeyId() string
- func \(\*GetKeyRequest\) ProtoMessage()
- func \(x \*GetKeyRequest\) ProtoReflect() protoreflect.Message
- func \(x \*GetKeyRequest\) Reset()
- func \(x \*GetKeyRequest\) String() string
- type GetKeyResponse
- func \(\*GetKeyResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*GetKeyResponse\) GetErrorMessage() string
- func \(x \*GetKeyResponse\) GetKey() *TrustedKey
- func \(\*GetKeyResponse\) ProtoMessage()
- func \(x \*GetKeyResponse\) ProtoReflect() protoreflect.Message
- func \(x \*GetKeyResponse\) Reset()
- func \(x \*GetKeyResponse\) String() string
- type GetRuleSetRequest
- func \(\*GetRuleSetRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*GetRuleSetRequest\) GetId() string
- func \(x \*GetRuleSetRequest\) GetVersion() string
- func \(\*GetRuleSetRequest\) ProtoMessage()
- func \(x \*GetRuleSetRequest\) ProtoReflect() protoreflect.Message
- func \(x \*GetRuleSetRequest\) Reset()
- func \(x \*GetRuleSetRequest\) String() string
- type GetRuleSetResponse
- func \(\*GetRuleSetResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*GetRuleSetResponse\) GetErrorMessage() string
- func \(x \*GetRuleSetResponse\) GetRuleSet() *RuleSet
- func \(\*GetRuleSetResponse\) ProtoMessage()
- func \(x \*GetRuleSetResponse\) ProtoReflect() protoreflect.Message
- func \(x \*GetRuleSetResponse\) Reset()
- func \(x \*GetRuleSetResponse\) String() string
- type GetStatsRequest
- func \(\*GetStatsRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(\*GetStatsRequest\) ProtoMessage()
- func \(x \*GetStatsRequest\) ProtoReflect() protoreflect.Message
- func \(x \*GetStatsRequest\) Reset()
- func \(x \*GetStatsRequest\) String() string
- type GetStatsResponse
- func \(\*GetStatsResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*GetStatsResponse\) GetActiveAgents() int32
- func \(x \*GetStatsResponse\) GetAgentsByCapability() map[string]int32
- func \(x \*GetStatsResponse\) GetAgentsByRating() map[string]int32
- func \(x \*GetStatsResponse\) GetBadgedAgents() int32
- func \(x \*GetStatsResponse\) GetInactiveAgents() int32
- func \(x \*GetStatsResponse\) GetLastUpdated() *Timestamp
- func \(x \*GetStatsResponse\) GetPendingAgents() int32
- func \(x \*GetStatsResponse\) GetSuspendedAgents() int32
- func \(x \*GetStatsResponse\) GetTotalAgents() int32
- func \(\*GetStatsResponse\) ProtoMessage()
- func \(x \*GetStatsResponse\) ProtoReflect() protoreflect.Message
- func \(x \*GetStatsResponse\) Reset()
- func \(x \*GetStatsResponse\) String() string
- type ImportFromDirectoryRequest
- func \(\*ImportFromDirectoryRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ImportFromDirectoryRequest\) GetDirectoryPath() string
- func \(x \*ImportFromDirectoryRequest\) GetRecursive() bool
- func \(\*ImportFromDirectoryRequest\) ProtoMessage()
- func \(x \*ImportFromDirectoryRequest\) ProtoReflect() protoreflect.Message
- func \(x \*ImportFromDirectoryRequest\) Reset()
- func \(x \*ImportFromDirectoryRequest\) String() string
- type ImportFromDirectoryResponse
- func \(\*ImportFromDirectoryResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ImportFromDirectoryResponse\) GetErrors() []string
- func \(x \*ImportFromDirectoryResponse\) GetKeysImported() int32
- func \(x \*ImportFromDirectoryResponse\) GetKeysSkipped() int32
- func \(\*ImportFromDirectoryResponse\) ProtoMessage()
- func \(x \*ImportFromDirectoryResponse\) ProtoReflect() protoreflect.Message
- func \(x \*ImportFromDirectoryResponse\) Reset()
- func \(x \*ImportFromDirectoryResponse\) String() string
- type InitRequest
- func \(\*InitRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*InitRequest\) GetAgentId() string
- func \(x \*InitRequest\) GetAlgorithm() KeyAlgorithm
- func \(x \*InitRequest\) GetApiKey() string
- func \(x \*InitRequest\) GetForce() bool
- func \(x \*InitRequest\) GetMetadata() map[string]string
- func \(x \*InitRequest\) GetOutputDir() string
- func \(x \*InitRequest\) GetServerUrl() string
- func \(\*InitRequest\) ProtoMessage()
- func \(x \*InitRequest\) ProtoReflect() protoreflect.Message
- func \(x \*InitRequest\) Reset()
- func \(x \*InitRequest\) String() string
- type InitResponse
- func \(\*InitResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*InitResponse\) GetAgentCardJson() string
- func \(x \*InitResponse\) GetAgentCardPath() string
- func \(x \*InitResponse\) GetAgentId() string
- func \(x \*InitResponse\) GetDid() string
- func \(x \*InitResponse\) GetErrorMessage() string
- func \(x \*InitResponse\) GetPrivateKeyPath() string
- func \(x \*InitResponse\) GetPublicKeyPath() string
- func \(x \*InitResponse\) GetRegistered() bool
- func \(\*InitResponse\) ProtoMessage()
- func \(x \*InitResponse\) ProtoReflect() protoreflect.Message
- func \(x \*InitResponse\) Reset()
- func \(x \*InitResponse\) String() string
- type IsAgentDIDRequest
- func \(\*IsAgentDIDRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*IsAgentDIDRequest\) GetDid() string
- func \(\*IsAgentDIDRequest\) ProtoMessage()
- func \(x \*IsAgentDIDRequest\) ProtoReflect() protoreflect.Message
- func \(x \*IsAgentDIDRequest\) Reset()
- func \(x \*IsAgentDIDRequest\) String() string
- type IsAgentDIDResponse
- func \(\*IsAgentDIDResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*IsAgentDIDResponse\) GetAgentId() string
- func \(x \*IsAgentDIDResponse\) GetIsAgentDid() bool
- func \(\*IsAgentDIDResponse\) ProtoMessage()
- func \(x \*IsAgentDIDResponse\) ProtoReflect() protoreflect.Message
- func \(x \*IsAgentDIDResponse\) Reset()
- func \(x \*IsAgentDIDResponse\) String() string
- type IsRevokedRequest
- func \(\*IsRevokedRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*IsRevokedRequest\) GetAtTime() *Timestamp
- func \(x \*IsRevokedRequest\) GetCheckRemote() bool
- func \(x \*IsRevokedRequest\) GetSubject() string
- func \(\*IsRevokedRequest\) ProtoMessage()
- func \(x \*IsRevokedRequest\) ProtoReflect() protoreflect.Message
- func \(x \*IsRevokedRequest\) Reset()
- func \(x \*IsRevokedRequest\) String() string
- type IsRevokedResponse
- func \(\*IsRevokedResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*IsRevokedResponse\) GetEntry() *RevocationEntry
- func \(x \*IsRevokedResponse\) GetIsRevoked() bool
- func \(x \*IsRevokedResponse\) GetSource() string
- func \(\*IsRevokedResponse\) ProtoMessage()
- func \(x \*IsRevokedResponse\) ProtoReflect() protoreflect.Message
- func \(x \*IsRevokedResponse\) Reset()
- func \(x \*IsRevokedResponse\) String() string
- type IsTrustedRequest
- func \(\*IsTrustedRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*IsTrustedRequest\) GetDid() string
- func \(\*IsTrustedRequest\) ProtoMessage()
- func \(x \*IsTrustedRequest\) ProtoReflect() protoreflect.Message
- func \(x \*IsTrustedRequest\) Reset()
- func \(x \*IsTrustedRequest\) String() string
- type IsTrustedResponse
- func \(\*IsTrustedResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*IsTrustedResponse\) GetIsTrusted() bool
- func \(x \*IsTrustedResponse\) GetKey() *TrustedKey
- func \(\*IsTrustedResponse\) ProtoMessage()
- func \(x \*IsTrustedResponse\) ProtoReflect() protoreflect.Message
- func \(x \*IsTrustedResponse\) Reset()
- func \(x \*IsTrustedResponse\) String() string
- type KeeperEvent
- func \(\*KeeperEvent\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*KeeperEvent\) GetBadgeJti() string
- func \(x \*KeeperEvent\) GetError() string
- func \(x \*KeeperEvent\) GetErrorCode() string
- func \(x \*KeeperEvent\) GetExpiresAt() int64
- func \(x \*KeeperEvent\) GetSubject() string
- func \(x \*KeeperEvent\) GetTimestamp() int64
- func \(x \*KeeperEvent\) GetToken() string
- func \(x \*KeeperEvent\) GetTrustLevel() TrustLevel
- func \(x \*KeeperEvent\) GetType() KeeperEventType
- func \(\*KeeperEvent\) ProtoMessage()
- func \(x \*KeeperEvent\) ProtoReflect() protoreflect.Message
- func \(x \*KeeperEvent\) Reset()
- func \(x \*KeeperEvent\) String() string
- type KeeperEventType
- func \(KeeperEventType\) Descriptor() protoreflect.EnumDescriptor
- func \(x KeeperEventType\) Enum() *KeeperEventType
- func \(KeeperEventType\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x KeeperEventType\) Number() protoreflect.EnumNumber
- func \(x KeeperEventType\) String() string
- func \(KeeperEventType\) Type() protoreflect.EnumType
- type KeeperMode
- func \(KeeperMode\) Descriptor() protoreflect.EnumDescriptor
- func \(x KeeperMode\) Enum() *KeeperMode
- func \(KeeperMode\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x KeeperMode\) Number() protoreflect.EnumNumber
- func \(x KeeperMode\) String() string
- func \(KeeperMode\) Type() protoreflect.EnumType
- type KeyAlgorithm
- func \(KeyAlgorithm\) Descriptor() protoreflect.EnumDescriptor
- func \(x KeyAlgorithm\) Enum() *KeyAlgorithm
- func \(KeyAlgorithm\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x KeyAlgorithm\) Number() protoreflect.EnumNumber
- func \(x KeyAlgorithm\) String() string
- func \(KeyAlgorithm\) Type() protoreflect.EnumType
- type KeyFormat
- func \(KeyFormat\) Descriptor() protoreflect.EnumDescriptor
- func \(x KeyFormat\) Enum() *KeyFormat
- func \(KeyFormat\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x KeyFormat\) Number() protoreflect.EnumNumber
- func \(x KeyFormat\) String() string
- func \(KeyFormat\) Type() protoreflect.EnumType
- type KeyValue
- func \(\*KeyValue\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*KeyValue\) GetKey() string
- func \(x \*KeyValue\) GetValue() string
- func \(\*KeyValue\) ProtoMessage()
- func \(x \*KeyValue\) ProtoReflect() protoreflect.Message
- func \(x \*KeyValue\) Reset()
- func \(x \*KeyValue\) String() string
- type ListAgentsRequest
- func \(\*ListAgentsRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ListAgentsRequest\) GetCursor() string
- func \(x \*ListAgentsRequest\) GetLimit() int32
- func \(x \*ListAgentsRequest\) GetStatusFilter() AgentStatus
- func \(\*ListAgentsRequest\) ProtoMessage()
- func \(x \*ListAgentsRequest\) ProtoReflect() protoreflect.Message
- func \(x \*ListAgentsRequest\) Reset()
- func \(x \*ListAgentsRequest\) String() string
- type ListAgentsResponse
- func \(\*ListAgentsResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ListAgentsResponse\) GetAgents() []*RegisteredAgent
- func \(x \*ListAgentsResponse\) GetNextCursor() string
- func \(x \*ListAgentsResponse\) GetTotalCount() int32
- func \(\*ListAgentsResponse\) ProtoMessage()
- func \(x \*ListAgentsResponse\) ProtoReflect() protoreflect.Message
- func \(x \*ListAgentsResponse\) Reset()
- func \(x \*ListAgentsResponse\) String() string
- type ListKeysRequest
- func \(\*ListKeysRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ListKeysRequest\) GetCursor() string
- func \(x \*ListKeysRequest\) GetDidFilter() string
- func \(x \*ListKeysRequest\) GetLimit() int32
- func \(\*ListKeysRequest\) ProtoMessage()
- func \(x \*ListKeysRequest\) ProtoReflect() protoreflect.Message
- func \(x \*ListKeysRequest\) Reset()
- func \(x \*ListKeysRequest\) String() string
- type ListKeysResponse
- func \(\*ListKeysResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ListKeysResponse\) GetKeys() []*TrustedKey
- func \(x \*ListKeysResponse\) GetNextCursor() string
- func \(x \*ListKeysResponse\) GetTotalCount() int32
- func \(\*ListKeysResponse\) ProtoMessage()
- func \(x \*ListKeysResponse\) ProtoReflect() protoreflect.Message
- func \(x \*ListKeysResponse\) Reset()
- func \(x \*ListKeysResponse\) String() string
- type ListRevocationsRequest
- func \(\*ListRevocationsRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ListRevocationsRequest\) GetCursor() string
- func \(x \*ListRevocationsRequest\) GetLimit() int32
- func \(x \*ListRevocationsRequest\) GetReasonFilter() RevocationReason
- func \(x \*ListRevocationsRequest\) GetSubjectFilter() string
- func \(\*ListRevocationsRequest\) ProtoMessage()
- func \(x \*ListRevocationsRequest\) ProtoReflect() protoreflect.Message
- func \(x \*ListRevocationsRequest\) Reset()
- func \(x \*ListRevocationsRequest\) String() string
- type ListRevocationsResponse
- func \(\*ListRevocationsResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ListRevocationsResponse\) GetEntries() []*RevocationEntry
- func \(x \*ListRevocationsResponse\) GetNextCursor() string
- func \(x \*ListRevocationsResponse\) GetTotalCount() int32
- func \(\*ListRevocationsResponse\) ProtoMessage()
- func \(x \*ListRevocationsResponse\) ProtoReflect() protoreflect.Message
- func \(x \*ListRevocationsResponse\) Reset()
- func \(x \*ListRevocationsResponse\) String() string
- type ListRuleSetsRequest
- func \(\*ListRuleSetsRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ListRuleSetsRequest\) GetCursor() string
- func \(x \*ListRuleSetsRequest\) GetLimit() int32
- func \(\*ListRuleSetsRequest\) ProtoMessage()
- func \(x \*ListRuleSetsRequest\) ProtoReflect() protoreflect.Message
- func \(x \*ListRuleSetsRequest\) Reset()
- func \(x \*ListRuleSetsRequest\) String() string
- type ListRuleSetsResponse
- func \(\*ListRuleSetsResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ListRuleSetsResponse\) GetNextCursor() string
- func \(x \*ListRuleSetsResponse\) GetRuleSets() []*RuleSet
- func \(\*ListRuleSetsResponse\) ProtoMessage()
- func \(x \*ListRuleSetsResponse\) ProtoReflect() protoreflect.Message
- func \(x \*ListRuleSetsResponse\) Reset()
- func \(x \*ListRuleSetsResponse\) String() string
- type LoadKeyRequest
- func \(\*LoadKeyRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*LoadKeyRequest\) GetFilePath() string
- func \(x \*LoadKeyRequest\) GetFormat() KeyFormat
- func \(x \*LoadKeyRequest\) GetPassphrase() string
- func \(\*LoadKeyRequest\) ProtoMessage()
- func \(x \*LoadKeyRequest\) ProtoReflect() protoreflect.Message
- func \(x \*LoadKeyRequest\) Reset()
- func \(x \*LoadKeyRequest\) String() string
- type LoadKeyResponse
- func \(\*LoadKeyResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*LoadKeyResponse\) GetAlgorithm() KeyAlgorithm
- func \(x \*LoadKeyResponse\) GetErrorMessage() string
- func \(x \*LoadKeyResponse\) GetHasPrivateKey() bool
- func \(x \*LoadKeyResponse\) GetKeyId() string
- func \(\*LoadKeyResponse\) ProtoMessage()
- func \(x \*LoadKeyResponse\) ProtoReflect() protoreflect.Message
- func \(x \*LoadKeyResponse\) Reset()
- func \(x \*LoadKeyResponse\) String() string
- type MCPAuthLevel
- func \(MCPAuthLevel\) Descriptor() protoreflect.EnumDescriptor
- func \(x MCPAuthLevel\) Enum() *MCPAuthLevel
- func \(MCPAuthLevel\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x MCPAuthLevel\) Number() protoreflect.EnumNumber
- func \(x MCPAuthLevel\) String() string
- func \(MCPAuthLevel\) Type() protoreflect.EnumType
- type MCPDecision
- func \(MCPDecision\) Descriptor() protoreflect.EnumDescriptor
- func \(x MCPDecision\) Enum() *MCPDecision
- func \(MCPDecision\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x MCPDecision\) Number() protoreflect.EnumNumber
- func \(x MCPDecision\) String() string
- func \(MCPDecision\) Type() protoreflect.EnumType
- type MCPDenyReason
- func \(MCPDenyReason\) Descriptor() protoreflect.EnumDescriptor
- func \(x MCPDenyReason\) Enum() *MCPDenyReason
- func \(MCPDenyReason\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x MCPDenyReason\) Number() protoreflect.EnumNumber
- func \(x MCPDenyReason\) String() string
- func \(MCPDenyReason\) Type() protoreflect.EnumType
- type MCPHealthRequest
- func \(\*MCPHealthRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*MCPHealthRequest\) GetClientVersion() string
- func \(\*MCPHealthRequest\) ProtoMessage()
- func \(x \*MCPHealthRequest\) ProtoReflect() protoreflect.Message
- func \(x \*MCPHealthRequest\) Reset()
- func \(x \*MCPHealthRequest\) String() string
- type MCPHealthResponse
- func \(\*MCPHealthResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*MCPHealthResponse\) GetCoreVersion() string
- func \(x \*MCPHealthResponse\) GetHealthy() bool
- func \(x \*MCPHealthResponse\) GetProtoVersion() string
- func \(x \*MCPHealthResponse\) GetVersionCompatible() bool
- func \(\*MCPHealthResponse\) ProtoMessage()
- func \(x \*MCPHealthResponse\) ProtoReflect() protoreflect.Message
- func \(x \*MCPHealthResponse\) Reset()
- func \(x \*MCPHealthResponse\) String() string
- type MCPHttpHeaders
- func \(\*MCPHttpHeaders\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*MCPHttpHeaders\) GetCapiscioServerBadge() string
- func \(x \*MCPHttpHeaders\) GetCapiscioServerDid() string
- func \(\*MCPHttpHeaders\) ProtoMessage()
- func \(x \*MCPHttpHeaders\) ProtoReflect() protoreflect.Message
- func \(x \*MCPHttpHeaders\) Reset()
- func \(x \*MCPHttpHeaders\) String() string
- type MCPJsonRpcMeta
- func \(\*MCPJsonRpcMeta\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*MCPJsonRpcMeta\) GetMetaJson() string
- func \(\*MCPJsonRpcMeta\) ProtoMessage()
- func \(x \*MCPJsonRpcMeta\) ProtoReflect() protoreflect.Message
- func \(x \*MCPJsonRpcMeta\) Reset()
- func \(x \*MCPJsonRpcMeta\) String() string
- type MCPObligation
- func \(\*MCPObligation\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*MCPObligation\) GetParamsJson() string
- func \(x \*MCPObligation\) GetType() string
- func \(\*MCPObligation\) ProtoMessage()
- func \(x \*MCPObligation\) ProtoReflect() protoreflect.Message
- func \(x \*MCPObligation\) Reset()
- func \(x \*MCPObligation\) String() string
- type MCPServerErrorCode
- func \(MCPServerErrorCode\) Descriptor() protoreflect.EnumDescriptor
- func \(x MCPServerErrorCode\) Enum() *MCPServerErrorCode
- func \(MCPServerErrorCode\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x MCPServerErrorCode\) Number() protoreflect.EnumNumber
- func \(x MCPServerErrorCode\) String() string
- func \(MCPServerErrorCode\) Type() protoreflect.EnumType
- type MCPServerState
- func \(MCPServerState\) Descriptor() protoreflect.EnumDescriptor
- func \(x MCPServerState\) Enum() *MCPServerState
- func \(MCPServerState\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x MCPServerState\) Number() protoreflect.EnumNumber
- func \(x MCPServerState\) String() string
- func \(MCPServerState\) Type() protoreflect.EnumType
- type MCPServiceClient
- func NewMCPServiceClient\(cc grpc.ClientConnInterface\) MCPServiceClient
- type MCPServiceServer
- type MCPVerifyConfig
- func \(\*MCPVerifyConfig\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*MCPVerifyConfig\) GetAcceptLevelZero() bool
- func \(x \*MCPVerifyConfig\) GetMinTrustLevel() int32
- func \(x \*MCPVerifyConfig\) GetOfflineMode() bool
- func \(x \*MCPVerifyConfig\) GetSkipOriginBinding() bool
- func \(x \*MCPVerifyConfig\) GetTrustedIssuers() []string
- func \(\*MCPVerifyConfig\) ProtoMessage()
- func \(x \*MCPVerifyConfig\) ProtoReflect() protoreflect.Message
- func \(x \*MCPVerifyConfig\) Reset()
- func \(x \*MCPVerifyConfig\) String() string
- type NewAgentDIDRequest
- func \(\*NewAgentDIDRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*NewAgentDIDRequest\) GetAgentId() string
- func \(x \*NewAgentDIDRequest\) GetDomain() string
- func \(\*NewAgentDIDRequest\) ProtoMessage()
- func \(x \*NewAgentDIDRequest\) ProtoReflect() protoreflect.Message
- func \(x \*NewAgentDIDRequest\) Reset()
- func \(x \*NewAgentDIDRequest\) String() string
- type NewAgentDIDResponse
- func \(\*NewAgentDIDResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*NewAgentDIDResponse\) GetDid() string
- func \(x \*NewAgentDIDResponse\) GetErrorMessage() string
- func \(\*NewAgentDIDResponse\) ProtoMessage()
- func \(x \*NewAgentDIDResponse\) ProtoReflect() protoreflect.Message
- func \(x \*NewAgentDIDResponse\) Reset()
- func \(x \*NewAgentDIDResponse\) String() string
- type NewCapiscIOAgentDIDRequest
- func \(\*NewCapiscIOAgentDIDRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*NewCapiscIOAgentDIDRequest\) GetAgentId() string
- func \(\*NewCapiscIOAgentDIDRequest\) ProtoMessage()
- func \(x \*NewCapiscIOAgentDIDRequest\) ProtoReflect() protoreflect.Message
- func \(x \*NewCapiscIOAgentDIDRequest\) Reset()
- func \(x \*NewCapiscIOAgentDIDRequest\) String() string
- type ParseBadgeRequest
- func \(\*ParseBadgeRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ParseBadgeRequest\) GetToken() string
- func \(\*ParseBadgeRequest\) ProtoMessage()
- func \(x \*ParseBadgeRequest\) ProtoReflect() protoreflect.Message
- func \(x \*ParseBadgeRequest\) Reset()
- func \(x \*ParseBadgeRequest\) String() string
- type ParseBadgeResponse
- func \(\*ParseBadgeResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ParseBadgeResponse\) GetClaims() *BadgeClaims
- func \(x \*ParseBadgeResponse\) GetErrorMessage() string
- func \(\*ParseBadgeResponse\) ProtoMessage()
- func \(x \*ParseBadgeResponse\) ProtoReflect() protoreflect.Message
- func \(x \*ParseBadgeResponse\) Reset()
- func \(x \*ParseBadgeResponse\) String() string
- type ParseDIDRequest
- func \(\*ParseDIDRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ParseDIDRequest\) GetDid() string
- func \(\*ParseDIDRequest\) ProtoMessage()
- func \(x \*ParseDIDRequest\) ProtoReflect() protoreflect.Message
- func \(x \*ParseDIDRequest\) Reset()
- func \(x \*ParseDIDRequest\) String() string
- type ParseDIDResponse
- func \(\*ParseDIDResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ParseDIDResponse\) GetDid() *DID
- func \(x \*ParseDIDResponse\) GetErrorMessage() string
- func \(\*ParseDIDResponse\) ProtoMessage()
- func \(x \*ParseDIDResponse\) ProtoReflect() protoreflect.Message
- func \(x \*ParseDIDResponse\) Reset()
- func \(x \*ParseDIDResponse\) String() string
- type ParseServerIdentityRequest
- func \(\*ParseServerIdentityRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ParseServerIdentityRequest\) GetHttpHeaders() *MCPHttpHeaders
- func \(x \*ParseServerIdentityRequest\) GetJsonrpcMeta() *MCPJsonRpcMeta
- func \(x \*ParseServerIdentityRequest\) GetSource() isParseServerIdentityRequest_Source
- func \(\*ParseServerIdentityRequest\) ProtoMessage()
- func \(x \*ParseServerIdentityRequest\) ProtoReflect() protoreflect.Message
- func \(x \*ParseServerIdentityRequest\) Reset()
- func \(x \*ParseServerIdentityRequest\) String() string
- type ParseServerIdentityRequest_HttpHeaders
- type ParseServerIdentityRequest_JsonrpcMeta
- type ParseServerIdentityResponse
- func \(\*ParseServerIdentityResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ParseServerIdentityResponse\) GetIdentityPresent() bool
- func \(x \*ParseServerIdentityResponse\) GetServerBadge() string
- func \(x \*ParseServerIdentityResponse\) GetServerDid() string
- func \(\*ParseServerIdentityResponse\) ProtoMessage()
- func \(x \*ParseServerIdentityResponse\) ProtoReflect() protoreflect.Message
- func \(x \*ParseServerIdentityResponse\) Reset()
- func \(x \*ParseServerIdentityResponse\) String() string
- type PingRequest
- func \(\*PingRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(\*PingRequest\) ProtoMessage()
- func \(x \*PingRequest\) ProtoReflect() protoreflect.Message
- func \(x \*PingRequest\) Reset()
- func \(x \*PingRequest\) String() string
- type PingResponse
- func \(\*PingResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*PingResponse\) GetServerTime() *Timestamp
- func \(x \*PingResponse\) GetStatus() string
- func \(x \*PingResponse\) GetVersion() string
- func \(\*PingResponse\) ProtoMessage()
- func \(x \*PingResponse\) ProtoReflect() protoreflect.Message
- func \(x \*PingResponse\) Reset()
- func \(x \*PingResponse\) String() string
- type PolicyAction
- func \(\*PolicyAction\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*PolicyAction\) GetCapabilityClass() string
- func \(x \*PolicyAction\) GetOperation() string
- func \(\*PolicyAction\) ProtoMessage()
- func \(x \*PolicyAction\) ProtoReflect() protoreflect.Message
- func \(x \*PolicyAction\) Reset()
- func \(x \*PolicyAction\) String() string
- type PolicyConfig
- func \(\*PolicyConfig\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*PolicyConfig\) GetBreakglassPublicKey() []byte
- func \(x \*PolicyConfig\) GetEnforcementMode() string
- func \(x \*PolicyConfig\) GetPdpEndpoint() string
- func \(x \*PolicyConfig\) GetPdpTimeoutMs() int32
- func \(x \*PolicyConfig\) GetPepId() string
- func \(x \*PolicyConfig\) GetWorkspace() string
- func \(\*PolicyConfig\) ProtoMessage()
- func \(x \*PolicyConfig\) ProtoReflect() protoreflect.Message
- func \(x \*PolicyConfig\) Reset()
- func \(x \*PolicyConfig\) String() string
- type PolicyDecisionRequest
- func \(\*PolicyDecisionRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*PolicyDecisionRequest\) GetAction() *PolicyAction
- func \(x \*PolicyDecisionRequest\) GetBreakglassToken() string
- func \(x \*PolicyDecisionRequest\) GetConfig() *PolicyConfig
- func \(x \*PolicyDecisionRequest\) GetResource() *PolicyResource
- func \(x \*PolicyDecisionRequest\) GetSubject() *PolicySubject
- func \(\*PolicyDecisionRequest\) ProtoMessage()
- func \(x \*PolicyDecisionRequest\) ProtoReflect() protoreflect.Message
- func \(x \*PolicyDecisionRequest\) Reset()
- func \(x \*PolicyDecisionRequest\) String() string
- type PolicyDecisionResponse
- func \(\*PolicyDecisionResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*PolicyDecisionResponse\) GetBreakglassJti() string
- func \(x \*PolicyDecisionResponse\) GetBreakglassOverride() bool
- func \(x \*PolicyDecisionResponse\) GetCacheHit() bool
- func \(x \*PolicyDecisionResponse\) GetDecision() string
- func \(x \*PolicyDecisionResponse\) GetDecisionId() string
- func \(x \*PolicyDecisionResponse\) GetEnforcementMode() string
- func \(x \*PolicyDecisionResponse\) GetErrorCode() string
- func \(x \*PolicyDecisionResponse\) GetObligations() []*MCPObligation
- func \(x \*PolicyDecisionResponse\) GetPdpLatencyMs() int64
- func \(x \*PolicyDecisionResponse\) GetReason() string
- func \(x \*PolicyDecisionResponse\) GetTtl() int32
- func \(x \*PolicyDecisionResponse\) GetTxnId() string
- func \(\*PolicyDecisionResponse\) ProtoMessage()
- func \(x \*PolicyDecisionResponse\) ProtoReflect() protoreflect.Message
- func \(x \*PolicyDecisionResponse\) Reset()
- func \(x \*PolicyDecisionResponse\) String() string
- type PolicyResource
- func \(\*PolicyResource\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*PolicyResource\) GetIdentifier() string
- func \(\*PolicyResource\) ProtoMessage()
- func \(x \*PolicyResource\) ProtoReflect() protoreflect.Message
- func \(x \*PolicyResource\) Reset()
- func \(x \*PolicyResource\) String() string
- type PolicySubject
- func \(\*PolicySubject\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*PolicySubject\) GetBadgeExp() int64
- func \(x \*PolicySubject\) GetBadgeJti() string
- func \(x \*PolicySubject\) GetDid() string
- func \(x \*PolicySubject\) GetIal() string
- func \(x \*PolicySubject\) GetTrustLevel() string
- func \(\*PolicySubject\) ProtoMessage()
- func \(x \*PolicySubject\) ProtoReflect() protoreflect.Message
- func \(x \*PolicySubject\) Reset()
- func \(x \*PolicySubject\) String() string
- type Rating
- func \(Rating\) Descriptor() protoreflect.EnumDescriptor
- func \(x Rating\) Enum() *Rating
- func \(Rating\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x Rating\) Number() protoreflect.EnumNumber
- func \(x Rating\) String() string
- func \(Rating\) Type() protoreflect.EnumType
- type RegisterAgentRequest
- func \(\*RegisterAgentRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*RegisterAgentRequest\) GetAgentCardJson() string
- func \(x \*RegisterAgentRequest\) GetMetadata() map[string]string
- func \(x \*RegisterAgentRequest\) GetSignedBadge() string
- func \(x \*RegisterAgentRequest\) GetTags() []string
- func \(\*RegisterAgentRequest\) ProtoMessage()
- func \(x \*RegisterAgentRequest\) ProtoReflect() protoreflect.Message
- func \(x \*RegisterAgentRequest\) Reset()
- func \(x \*RegisterAgentRequest\) String() string
- type RegisterAgentResponse
- func \(\*RegisterAgentResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*RegisterAgentResponse\) GetDid() string
- func \(x \*RegisterAgentResponse\) GetErrorMessage() string
- func \(x \*RegisterAgentResponse\) GetStatus() AgentStatus
- func \(\*RegisterAgentResponse\) ProtoMessage()
- func \(x \*RegisterAgentResponse\) ProtoReflect() protoreflect.Message
- func \(x \*RegisterAgentResponse\) Reset()
- func \(x \*RegisterAgentResponse\) String() string
- type RegisteredAgent
- func \(\*RegisteredAgent\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*RegisteredAgent\) GetAgentCardJson() string
- func \(x \*RegisteredAgent\) GetBadge() *BadgeClaims
- func \(x \*RegisteredAgent\) GetCapabilities() []string
- func \(x \*RegisteredAgent\) GetDescription() string
- func \(x \*RegisteredAgent\) GetDid() string
- func \(x \*RegisteredAgent\) GetMetadata() map[string]string
- func \(x \*RegisteredAgent\) GetName() string
- func \(x \*RegisteredAgent\) GetRating() Rating
- func \(x \*RegisteredAgent\) GetRegisteredAt() *Timestamp
- func \(x \*RegisteredAgent\) GetStatus() AgentStatus
- func \(x \*RegisteredAgent\) GetTags() []string
- func \(x \*RegisteredAgent\) GetUpdatedAt() *Timestamp
- func \(\*RegisteredAgent\) ProtoMessage()
- func \(x \*RegisteredAgent\) ProtoReflect() protoreflect.Message
- func \(x \*RegisteredAgent\) Reset()
- func \(x \*RegisteredAgent\) String() string
- type RegistryServiceClient
- func NewRegistryServiceClient\(cc grpc.ClientConnInterface\) RegistryServiceClient
- type RegistryServiceServer
- type RemoveKeyRequest
- func \(\*RemoveKeyRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*RemoveKeyRequest\) GetDid() string
- func \(x \*RemoveKeyRequest\) GetKeyId() string
- func \(\*RemoveKeyRequest\) ProtoMessage()
- func \(x \*RemoveKeyRequest\) ProtoReflect() protoreflect.Message
- func \(x \*RemoveKeyRequest\) Reset()
- func \(x \*RemoveKeyRequest\) String() string
- type RemoveKeyResponse
- func \(\*RemoveKeyResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*RemoveKeyResponse\) GetErrorMessage() string
- func \(x \*RemoveKeyResponse\) GetKeysRemoved() int32
- func \(\*RemoveKeyResponse\) ProtoMessage()
- func \(x \*RemoveKeyResponse\) ProtoReflect() protoreflect.Message
- func \(x \*RemoveKeyResponse\) Reset()
- func \(x \*RemoveKeyResponse\) String() string
- type RequestBadgeRequest
- func \(\*RequestBadgeRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*RequestBadgeRequest\) GetAgentId() string
- func \(x \*RequestBadgeRequest\) GetApiKey() string
- func \(x \*RequestBadgeRequest\) GetAudience() []string
- func \(x \*RequestBadgeRequest\) GetCaUrl() string
- func \(x \*RequestBadgeRequest\) GetDomain() string
- func \(x \*RequestBadgeRequest\) GetTrustLevel() TrustLevel
- func \(x \*RequestBadgeRequest\) GetTtlSeconds() int32
- func \(\*RequestBadgeRequest\) ProtoMessage()
- func \(x \*RequestBadgeRequest\) ProtoReflect() protoreflect.Message
- func \(x \*RequestBadgeRequest\) Reset()
- func \(x \*RequestBadgeRequest\) String() string
- type RequestBadgeResponse
- func \(\*RequestBadgeResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*RequestBadgeResponse\) GetError() string
- func \(x \*RequestBadgeResponse\) GetErrorCode() string
- func \(x \*RequestBadgeResponse\) GetExpiresAt() int64
- func \(x \*RequestBadgeResponse\) GetJti() string
- func \(x \*RequestBadgeResponse\) GetSubject() string
- func \(x \*RequestBadgeResponse\) GetSuccess() bool
- func \(x \*RequestBadgeResponse\) GetToken() string
- func \(x \*RequestBadgeResponse\) GetTrustLevel() TrustLevel
- func \(\*RequestBadgeResponse\) ProtoMessage()
- func \(x \*RequestBadgeResponse\) ProtoReflect() protoreflect.Message
- func \(x \*RequestBadgeResponse\) Reset()
- func \(x \*RequestBadgeResponse\) String() string
- type RequestPoPBadgeRequest
- func \(\*RequestPoPBadgeRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*RequestPoPBadgeRequest\) GetAgentDid() string
- func \(x \*RequestPoPBadgeRequest\) GetApiKey() string
- func \(x \*RequestPoPBadgeRequest\) GetAudience() []string
- func \(x \*RequestPoPBadgeRequest\) GetCaUrl() string
- func \(x \*RequestPoPBadgeRequest\) GetPrivateKeyJwk() string
- func \(x \*RequestPoPBadgeRequest\) GetTtlSeconds() int32
- func \(\*RequestPoPBadgeRequest\) ProtoMessage()
- func \(x \*RequestPoPBadgeRequest\) ProtoReflect() protoreflect.Message
- func \(x \*RequestPoPBadgeRequest\) Reset()
- func \(x \*RequestPoPBadgeRequest\) String() string
- type RequestPoPBadgeResponse
- func \(\*RequestPoPBadgeResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*RequestPoPBadgeResponse\) GetAssuranceLevel() string
- func \(x \*RequestPoPBadgeResponse\) GetCnf() map[string]string
- func \(x \*RequestPoPBadgeResponse\) GetError() string
- func \(x \*RequestPoPBadgeResponse\) GetErrorCode() string
- func \(x \*RequestPoPBadgeResponse\) GetExpiresAt() int64
- func \(x \*RequestPoPBadgeResponse\) GetJti() string
- func \(x \*RequestPoPBadgeResponse\) GetSubject() string
- func \(x \*RequestPoPBadgeResponse\) GetSuccess() bool
- func \(x \*RequestPoPBadgeResponse\) GetToken() string
- func \(x \*RequestPoPBadgeResponse\) GetTrustLevel() string
- func \(\*RequestPoPBadgeResponse\) ProtoMessage()
- func \(x \*RequestPoPBadgeResponse\) ProtoReflect() protoreflect.Message
- func \(x \*RequestPoPBadgeResponse\) Reset()
- func \(x \*RequestPoPBadgeResponse\) String() string
- type RevocationEntry
- func \(\*RevocationEntry\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*RevocationEntry\) GetComment() string
- func \(x \*RevocationEntry\) GetExpiresAt() *Timestamp
- func \(x \*RevocationEntry\) GetIssuer() string
- func \(x \*RevocationEntry\) GetReason() RevocationReason
- func \(x \*RevocationEntry\) GetRevokedAt() *Timestamp
- func \(x \*RevocationEntry\) GetSubject() string
- func \(\*RevocationEntry\) ProtoMessage()
- func \(x \*RevocationEntry\) ProtoReflect() protoreflect.Message
- func \(x \*RevocationEntry\) Reset()
- func \(x \*RevocationEntry\) String() string
- type RevocationReason
- func \(RevocationReason\) Descriptor() protoreflect.EnumDescriptor
- func \(x RevocationReason\) Enum() *RevocationReason
- func \(RevocationReason\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x RevocationReason\) Number() protoreflect.EnumNumber
- func \(x RevocationReason\) String() string
- func \(RevocationReason\) Type() protoreflect.EnumType
- type RevocationServiceClient
- func NewRevocationServiceClient\(cc grpc.ClientConnInterface\) RevocationServiceClient
- type RevocationServiceServer
- type RevokeRequest
- func \(\*RevokeRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*RevokeRequest\) GetComment() string
- func \(x \*RevokeRequest\) GetReason() RevocationReason
- func \(x \*RevokeRequest\) GetSubject() string
- func \(\*RevokeRequest\) ProtoMessage()
- func \(x \*RevokeRequest\) ProtoReflect() protoreflect.Message
- func \(x \*RevokeRequest\) Reset()
- func \(x \*RevokeRequest\) String() string
- type RevokeResponse
- func \(\*RevokeResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*RevokeResponse\) GetEntry() *RevocationEntry
- func \(x \*RevokeResponse\) GetErrorMessage() string
- func \(\*RevokeResponse\) ProtoMessage()
- func \(x \*RevokeResponse\) ProtoReflect() protoreflect.Message
- func \(x \*RevokeResponse\) Reset()
- func \(x \*RevokeResponse\) String() string
- type Rule
- func \(\*Rule\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*Rule\) GetCategory() ScoreCategory
- func \(x \*Rule\) GetDescription() string
- func \(x \*Rule\) GetExpression() string
- func \(x \*Rule\) GetId() string
- func \(x \*Rule\) GetName() string
- func \(x \*Rule\) GetSeverity() RuleSeverity
- func \(x \*Rule\) GetWeight() int32
- func \(\*Rule\) ProtoMessage()
- func \(x \*Rule\) ProtoReflect() protoreflect.Message
- func \(x \*Rule\) Reset()
- func \(x \*Rule\) String() string
- type RuleResult
- func \(\*RuleResult\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*RuleResult\) GetDetails() map[string]string
- func \(x \*RuleResult\) GetMessage() string
- func \(x \*RuleResult\) GetPassed() bool
- func \(x \*RuleResult\) GetRuleId() string
- func \(x \*RuleResult\) GetScoreContribution() float64
- func \(\*RuleResult\) ProtoMessage()
- func \(x \*RuleResult\) ProtoReflect() protoreflect.Message
- func \(x \*RuleResult\) Reset()
- func \(x \*RuleResult\) String() string
- type RuleSet
- func \(\*RuleSet\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*RuleSet\) GetDescription() string
- func \(x \*RuleSet\) GetId() string
- func \(x \*RuleSet\) GetMetadata() map[string]string
- func \(x \*RuleSet\) GetName() string
- func \(x \*RuleSet\) GetRules() []*Rule
- func \(x \*RuleSet\) GetVersion() string
- func \(\*RuleSet\) ProtoMessage()
- func \(x \*RuleSet\) ProtoReflect() protoreflect.Message
- func \(x \*RuleSet\) Reset()
- func \(x \*RuleSet\) String() string
- type RuleSeverity
- func \(RuleSeverity\) Descriptor() protoreflect.EnumDescriptor
- func \(x RuleSeverity\) Enum() *RuleSeverity
- func \(RuleSeverity\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x RuleSeverity\) Number() protoreflect.EnumNumber
- func \(x RuleSeverity\) String() string
- func \(RuleSeverity\) Type() protoreflect.EnumType
- type ScoreAgentCardRequest
- func \(\*ScoreAgentCardRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ScoreAgentCardRequest\) GetAgentCardJson() string
- func \(x \*ScoreAgentCardRequest\) GetCategories() []ScoreCategory
- func \(x \*ScoreAgentCardRequest\) GetRuleSetId() string
- func \(\*ScoreAgentCardRequest\) ProtoMessage()
- func \(x \*ScoreAgentCardRequest\) ProtoReflect() protoreflect.Message
- func \(x \*ScoreAgentCardRequest\) Reset()
- func \(x \*ScoreAgentCardRequest\) String() string
- type ScoreAgentCardResponse
- func \(\*ScoreAgentCardResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ScoreAgentCardResponse\) GetErrorMessage() string
- func \(x \*ScoreAgentCardResponse\) GetResult() *ScoringResult
- func \(\*ScoreAgentCardResponse\) ProtoMessage()
- func \(x \*ScoreAgentCardResponse\) ProtoReflect() protoreflect.Message
- func \(x \*ScoreAgentCardResponse\) Reset()
- func \(x \*ScoreAgentCardResponse\) String() string
- type ScoreCategory
- func \(ScoreCategory\) Descriptor() protoreflect.EnumDescriptor
- func \(x ScoreCategory\) Enum() *ScoreCategory
- func \(ScoreCategory\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x ScoreCategory\) Number() protoreflect.EnumNumber
- func \(x ScoreCategory\) String() string
- func \(ScoreCategory\) Type() protoreflect.EnumType
- type ScoringResult
- func \(\*ScoringResult\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ScoringResult\) GetCategories() []*CategoryScore
- func \(x \*ScoringResult\) GetOverallScore() float64
- func \(x \*ScoringResult\) GetRating() Rating
- func \(x \*ScoringResult\) GetRuleResults() []*RuleResult
- func \(x \*ScoringResult\) GetRuleSetId() string
- func \(x \*ScoringResult\) GetRuleSetVersion() string
- func \(x \*ScoringResult\) GetScoredAt() *Timestamp
- func \(x \*ScoringResult\) GetValidation() *ValidationResult
- func \(\*ScoringResult\) ProtoMessage()
- func \(x \*ScoringResult\) ProtoReflect() protoreflect.Message
- func \(x \*ScoringResult\) Reset()
- func \(x \*ScoringResult\) String() string
- type ScoringServiceClient
- func NewScoringServiceClient\(cc grpc.ClientConnInterface\) ScoringServiceClient
- type ScoringServiceServer
- type SearchAgentsRequest
- func \(\*SearchAgentsRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*SearchAgentsRequest\) GetCapabilities() []string
- func \(x \*SearchAgentsRequest\) GetCursor() string
- func \(x \*SearchAgentsRequest\) GetLimit() int32
- func \(x \*SearchAgentsRequest\) GetMinRating() Rating
- func \(x \*SearchAgentsRequest\) GetOperator() SearchOperator
- func \(x \*SearchAgentsRequest\) GetQuery() string
- func \(x \*SearchAgentsRequest\) GetSortBy() string
- func \(x \*SearchAgentsRequest\) GetSortDescending() bool
- func \(x \*SearchAgentsRequest\) GetStatusFilter() AgentStatus
- func \(x \*SearchAgentsRequest\) GetTags() []string
- func \(\*SearchAgentsRequest\) ProtoMessage()
- func \(x \*SearchAgentsRequest\) ProtoReflect() protoreflect.Message
- func \(x \*SearchAgentsRequest\) Reset()
- func \(x \*SearchAgentsRequest\) String() string
- type SearchAgentsResponse
- func \(\*SearchAgentsResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*SearchAgentsResponse\) GetAgents() []*RegisteredAgent
- func \(x \*SearchAgentsResponse\) GetNextCursor() string
- func \(x \*SearchAgentsResponse\) GetTotalCount() int32
- func \(\*SearchAgentsResponse\) ProtoMessage()
- func \(x \*SearchAgentsResponse\) ProtoReflect() protoreflect.Message
- func \(x \*SearchAgentsResponse\) Reset()
- func \(x \*SearchAgentsResponse\) String() string
- type SearchOperator
- func \(SearchOperator\) Descriptor() protoreflect.EnumDescriptor
- func \(x SearchOperator\) Enum() *SearchOperator
- func \(SearchOperator\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x SearchOperator\) Number() protoreflect.EnumNumber
- func \(x SearchOperator\) String() string
- func \(SearchOperator\) Type() protoreflect.EnumType
- type SignAttachedRequest
- func \(\*SignAttachedRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*SignAttachedRequest\) GetDetachPayload() bool
- func \(x \*SignAttachedRequest\) GetFormat() SignatureFormat
- func \(x \*SignAttachedRequest\) GetHeaders() map[string]string
- func \(x \*SignAttachedRequest\) GetKeyId() string
- func \(x \*SignAttachedRequest\) GetPayload() []byte
- func \(\*SignAttachedRequest\) ProtoMessage()
- func \(x \*SignAttachedRequest\) ProtoReflect() protoreflect.Message
- func \(x \*SignAttachedRequest\) Reset()
- func \(x \*SignAttachedRequest\) String() string
- type SignAttachedResponse
- func \(\*SignAttachedResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*SignAttachedResponse\) GetErrorMessage() string
- func \(x \*SignAttachedResponse\) GetJws() string
- func \(\*SignAttachedResponse\) ProtoMessage()
- func \(x \*SignAttachedResponse\) ProtoReflect() protoreflect.Message
- func \(x \*SignAttachedResponse\) Reset()
- func \(x \*SignAttachedResponse\) String() string
- type SignBadgeRequest
- func \(\*SignBadgeRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*SignBadgeRequest\) GetClaims() *BadgeClaims
- func \(x \*SignBadgeRequest\) GetKeyId() string
- func \(x \*SignBadgeRequest\) GetPrivateKeyJwk() string
- func \(\*SignBadgeRequest\) ProtoMessage()
- func \(x \*SignBadgeRequest\) ProtoReflect() protoreflect.Message
- func \(x \*SignBadgeRequest\) Reset()
- func \(x \*SignBadgeRequest\) String() string
- type SignBadgeResponse
- func \(\*SignBadgeResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*SignBadgeResponse\) GetClaims() *BadgeClaims
- func \(x \*SignBadgeResponse\) GetToken() string
- func \(\*SignBadgeResponse\) ProtoMessage()
- func \(x \*SignBadgeResponse\) ProtoReflect() protoreflect.Message
- func \(x \*SignBadgeResponse\) Reset()
- func \(x \*SignBadgeResponse\) String() string
- type SignRequest
- func \(\*SignRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*SignRequest\) GetFormat() SignatureFormat
- func \(x \*SignRequest\) GetHeaders() map[string]string
- func \(x \*SignRequest\) GetKeyId() string
- func \(x \*SignRequest\) GetPayload() []byte
- func \(\*SignRequest\) ProtoMessage()
- func \(x \*SignRequest\) ProtoReflect() protoreflect.Message
- func \(x \*SignRequest\) Reset()
- func \(x \*SignRequest\) String() string
- type SignResponse
- func \(\*SignResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*SignResponse\) GetErrorMessage() string
- func \(x \*SignResponse\) GetSignature() []byte
- func \(x \*SignResponse\) GetSignatureString() string
- func \(\*SignResponse\) ProtoMessage()
- func \(x \*SignResponse\) ProtoReflect() protoreflect.Message
- func \(x \*SignResponse\) Reset()
- func \(x \*SignResponse\) String() string
- type SignatureFormat
- func \(SignatureFormat\) Descriptor() protoreflect.EnumDescriptor
- func \(x SignatureFormat\) Enum() *SignatureFormat
- func \(SignatureFormat\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x SignatureFormat\) Number() protoreflect.EnumNumber
- func \(x SignatureFormat\) String() string
- func \(SignatureFormat\) Type() protoreflect.EnumType
- type SimpleGuardServiceClient
- func NewSimpleGuardServiceClient\(cc grpc.ClientConnInterface\) SimpleGuardServiceClient
- type SimpleGuardServiceServer
- type StartKeeperRequest
- func \(\*StartKeeperRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*StartKeeperRequest\) GetAgentId() string
- func \(x \*StartKeeperRequest\) GetApiKey() string
- func \(x \*StartKeeperRequest\) GetCaUrl() string
- func \(x \*StartKeeperRequest\) GetCheckIntervalSeconds() int32
- func \(x \*StartKeeperRequest\) GetDomain() string
- func \(x \*StartKeeperRequest\) GetMode() KeeperMode
- func \(x \*StartKeeperRequest\) GetOutputFile() string
- func \(x \*StartKeeperRequest\) GetPrivateKeyPath() string
- func \(x \*StartKeeperRequest\) GetRenewBeforeSeconds() int32
- func \(x \*StartKeeperRequest\) GetTrustLevel() TrustLevel
- func \(x \*StartKeeperRequest\) GetTtlSeconds() int32
- func \(\*StartKeeperRequest\) ProtoMessage()
- func \(x \*StartKeeperRequest\) ProtoReflect() protoreflect.Message
- func \(x \*StartKeeperRequest\) Reset()
- func \(x \*StartKeeperRequest\) String() string
- type Timestamp
- func \(\*Timestamp\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*Timestamp\) GetValue() string
- func \(\*Timestamp\) ProtoMessage()
- func \(x \*Timestamp\) ProtoReflect() protoreflect.Message
- func \(x \*Timestamp\) Reset()
- func \(x \*Timestamp\) String() string
- type TrustLevel
- func \(TrustLevel\) Descriptor() protoreflect.EnumDescriptor
- func \(x TrustLevel\) Enum() *TrustLevel
- func \(TrustLevel\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x TrustLevel\) Number() protoreflect.EnumNumber
- func \(x TrustLevel\) String() string
- func \(TrustLevel\) Type() protoreflect.EnumType
- type TrustStoreServiceClient
- func NewTrustStoreServiceClient\(cc grpc.ClientConnInterface\) TrustStoreServiceClient
- type TrustStoreServiceServer
- type TrustedKey
- func \(\*TrustedKey\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*TrustedKey\) GetAddedAt() *Timestamp
- func \(x \*TrustedKey\) GetAlgorithm() KeyAlgorithm
- func \(x \*TrustedKey\) GetDid() string
- func \(x \*TrustedKey\) GetExpiresAt() *Timestamp
- func \(x \*TrustedKey\) GetFormat() KeyFormat
- func \(x \*TrustedKey\) GetKeyId() string
- func \(x \*TrustedKey\) GetMetadata() map[string]string
- func \(x \*TrustedKey\) GetPublicKey() []byte
- func \(\*TrustedKey\) ProtoMessage()
- func \(x \*TrustedKey\) ProtoReflect() protoreflect.Message
- func \(x \*TrustedKey\) Reset()
- func \(x \*TrustedKey\) String() string
- type UnimplementedBadgeServiceServer
- func \(UnimplementedBadgeServiceServer\) CreateDVOrder\(context.Context, \*CreateDVOrderRequest\) \(\*CreateDVOrderResponse, error\)
- func \(UnimplementedBadgeServiceServer\) FinalizeDVOrder\(context.Context, \*FinalizeDVOrderRequest\) \(\*FinalizeDVOrderResponse, error\)
- func \(UnimplementedBadgeServiceServer\) GetDVOrder\(context.Context, \*GetDVOrderRequest\) \(\*GetDVOrderResponse, error\)
- func \(UnimplementedBadgeServiceServer\) ParseBadge\(context.Context, \*ParseBadgeRequest\) \(\*ParseBadgeResponse, error\)
- func \(UnimplementedBadgeServiceServer\) RequestBadge\(context.Context, \*RequestBadgeRequest\) \(\*RequestBadgeResponse, error\)
- func \(UnimplementedBadgeServiceServer\) RequestPoPBadge\(context.Context, \*RequestPoPBadgeRequest\) \(\*RequestPoPBadgeResponse, error\)
- func \(UnimplementedBadgeServiceServer\) SignBadge\(context.Context, \*SignBadgeRequest\) \(\*SignBadgeResponse, error\)
- func \(UnimplementedBadgeServiceServer\) StartKeeper\(\*StartKeeperRequest, grpc.ServerStreamingServer\[KeeperEvent\]\) error
- func \(UnimplementedBadgeServiceServer\) VerifyBadge\(context.Context, \*VerifyBadgeRequest\) \(\*VerifyBadgeResponse, error\)
- func \(UnimplementedBadgeServiceServer\) VerifyBadgeWithOptions\(context.Context, \*VerifyBadgeWithOptionsRequest\) \(\*VerifyBadgeResponse, error\)
- type UnimplementedDIDServiceServer
- func \(UnimplementedDIDServiceServer\) DocumentURL\(context.Context, \*DocumentURLRequest\) \(\*DocumentURLResponse, error\)
- func \(UnimplementedDIDServiceServer\) IsAgentDID\(context.Context, \*IsAgentDIDRequest\) \(\*IsAgentDIDResponse, error\)
- func \(UnimplementedDIDServiceServer\) NewAgentDID\(context.Context, \*NewAgentDIDRequest\) \(\*NewAgentDIDResponse, error\)
- func \(UnimplementedDIDServiceServer\) NewCapiscIOAgentDID\(context.Context, \*NewCapiscIOAgentDIDRequest\) \(\*NewAgentDIDResponse, error\)
- func \(UnimplementedDIDServiceServer\) Parse\(context.Context, \*ParseDIDRequest\) \(\*ParseDIDResponse, error\)
- type UnimplementedMCPServiceServer
- func \(UnimplementedMCPServiceServer\) EvaluatePolicyDecision\(context.Context, \*PolicyDecisionRequest\) \(\*PolicyDecisionResponse, error\)
- func \(UnimplementedMCPServiceServer\) EvaluateToolAccess\(context.Context, \*EvaluateToolAccessRequest\) \(\*EvaluateToolAccessResponse, error\)
- func \(UnimplementedMCPServiceServer\) Health\(context.Context, \*MCPHealthRequest\) \(\*MCPHealthResponse, error\)
- func \(UnimplementedMCPServiceServer\) ParseServerIdentity\(context.Context, \*ParseServerIdentityRequest\) \(\*ParseServerIdentityResponse, error\)
- func \(UnimplementedMCPServiceServer\) VerifyServerIdentity\(context.Context, \*VerifyServerIdentityRequest\) \(\*VerifyServerIdentityResponse, error\)
- type UnimplementedRegistryServiceServer
- func \(UnimplementedRegistryServiceServer\) DeregisterAgent\(context.Context, \*DeregisterAgentRequest\) \(\*DeregisterAgentResponse, error\)
- func \(UnimplementedRegistryServiceServer\) GetAgent\(context.Context, \*GetAgentRequest\) \(\*GetAgentResponse, error\)
- func \(UnimplementedRegistryServiceServer\) GetStats\(context.Context, \*GetStatsRequest\) \(\*GetStatsResponse, error\)
- func \(UnimplementedRegistryServiceServer\) ListAgents\(context.Context, \*ListAgentsRequest\) \(\*ListAgentsResponse, error\)
- func \(UnimplementedRegistryServiceServer\) Ping\(context.Context, \*PingRequest\) \(\*PingResponse, error\)
- func \(UnimplementedRegistryServiceServer\) RegisterAgent\(context.Context, \*RegisterAgentRequest\) \(\*RegisterAgentResponse, error\)
- func \(UnimplementedRegistryServiceServer\) SearchAgents\(context.Context, \*SearchAgentsRequest\) \(\*SearchAgentsResponse, error\)
- func \(UnimplementedRegistryServiceServer\) UpdateAgent\(context.Context, \*UpdateAgentRequest\) \(\*UpdateAgentResponse, error\)
- func \(UnimplementedRegistryServiceServer\) VerifyRegistration\(context.Context, \*VerifyRegistrationRequest\) \(\*VerifyRegistrationResponse, error\)
- type UnimplementedRevocationServiceServer
- func \(UnimplementedRevocationServiceServer\) ClearCache\(context.Context, \*ClearCacheRequest\) \(\*ClearCacheResponse, error\)
- func \(UnimplementedRevocationServiceServer\) FetchRevocationList\(context.Context, \*FetchRevocationListRequest\) \(\*FetchRevocationListResponse, error\)
- func \(UnimplementedRevocationServiceServer\) GetCacheStats\(context.Context, \*GetCacheStatsRequest\) \(\*GetCacheStatsResponse, error\)
- func \(UnimplementedRevocationServiceServer\) IsRevoked\(context.Context, \*IsRevokedRequest\) \(\*IsRevokedResponse, error\)
- func \(UnimplementedRevocationServiceServer\) ListRevocations\(context.Context, \*ListRevocationsRequest\) \(\*ListRevocationsResponse, error\)
- func \(UnimplementedRevocationServiceServer\) Revoke\(context.Context, \*RevokeRequest\) \(\*RevokeResponse, error\)
- func \(UnimplementedRevocationServiceServer\) Unrevoke\(context.Context, \*UnrevokeRequest\) \(\*UnrevokeResponse, error\)
- type UnimplementedScoringServiceServer
- func \(UnimplementedScoringServiceServer\) AggregateScores\(context.Context, \*AggregateScoresRequest\) \(\*AggregateScoresResponse, error\)
- func \(UnimplementedScoringServiceServer\) GetRuleSet\(context.Context, \*GetRuleSetRequest\) \(\*GetRuleSetResponse, error\)
- func \(UnimplementedScoringServiceServer\) ListRuleSets\(context.Context, \*ListRuleSetsRequest\) \(\*ListRuleSetsResponse, error\)
- func \(UnimplementedScoringServiceServer\) ScoreAgentCard\(context.Context, \*ScoreAgentCardRequest\) \(\*ScoreAgentCardResponse, error\)
- func \(UnimplementedScoringServiceServer\) ValidateRule\(context.Context, \*ValidateRuleRequest\) \(\*ValidateRuleResponse, error\)
- type UnimplementedSimpleGuardServiceServer
- func \(UnimplementedSimpleGuardServiceServer\) ExportKey\(context.Context, \*ExportKeyRequest\) \(\*ExportKeyResponse, error\)
- func \(UnimplementedSimpleGuardServiceServer\) GenerateKeyPair\(context.Context, \*GenerateKeyPairRequest\) \(\*GenerateKeyPairResponse, error\)
- func \(UnimplementedSimpleGuardServiceServer\) GetKeyInfo\(context.Context, \*GetKeyInfoRequest\) \(\*GetKeyInfoResponse, error\)
- func \(UnimplementedSimpleGuardServiceServer\) Init\(context.Context, \*InitRequest\) \(\*InitResponse, error\)
- func \(UnimplementedSimpleGuardServiceServer\) LoadKey\(context.Context, \*LoadKeyRequest\) \(\*LoadKeyResponse, error\)
- func \(UnimplementedSimpleGuardServiceServer\) Sign\(context.Context, \*SignRequest\) \(\*SignResponse, error\)
- func \(UnimplementedSimpleGuardServiceServer\) SignAttached\(context.Context, \*SignAttachedRequest\) \(\*SignAttachedResponse, error\)
- func \(UnimplementedSimpleGuardServiceServer\) Verify\(context.Context, \*VerifyRequest\) \(\*VerifyResponse, error\)
- func \(UnimplementedSimpleGuardServiceServer\) VerifyAttached\(context.Context, \*VerifyAttachedRequest\) \(\*VerifyAttachedResponse, error\)
- type UnimplementedTrustStoreServiceServer
- func \(UnimplementedTrustStoreServiceServer\) AddKey\(context.Context, \*AddKeyRequest\) \(\*AddKeyResponse, error\)
- func \(UnimplementedTrustStoreServiceServer\) Clear\(context.Context, \*ClearKeysRequest\) \(\*ClearKeysResponse, error\)
- func \(UnimplementedTrustStoreServiceServer\) ExportToDirectory\(context.Context, \*ExportToDirectoryRequest\) \(\*ExportToDirectoryResponse, error\)
- func \(UnimplementedTrustStoreServiceServer\) GetKey\(context.Context, \*GetKeyRequest\) \(\*GetKeyResponse, error\)
- func \(UnimplementedTrustStoreServiceServer\) ImportFromDirectory\(context.Context, \*ImportFromDirectoryRequest\) \(\*ImportFromDirectoryResponse, error\)
- func \(UnimplementedTrustStoreServiceServer\) IsTrusted\(context.Context, \*IsTrustedRequest\) \(\*IsTrustedResponse, error\)
- func \(UnimplementedTrustStoreServiceServer\) ListKeys\(context.Context, \*ListKeysRequest\) \(\*ListKeysResponse, error\)
- func \(UnimplementedTrustStoreServiceServer\) RemoveKey\(context.Context, \*RemoveKeyRequest\) \(\*RemoveKeyResponse, error\)
- type UnrevokeRequest
- func \(\*UnrevokeRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*UnrevokeRequest\) GetSubject() string
- func \(\*UnrevokeRequest\) ProtoMessage()
- func \(x \*UnrevokeRequest\) ProtoReflect() protoreflect.Message
- func \(x \*UnrevokeRequest\) Reset()
- func \(x \*UnrevokeRequest\) String() string
- type UnrevokeResponse
- func \(\*UnrevokeResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*UnrevokeResponse\) GetErrorMessage() string
- func \(x \*UnrevokeResponse\) GetWasRevoked() bool
- func \(\*UnrevokeResponse\) ProtoMessage()
- func \(x \*UnrevokeResponse\) ProtoReflect() protoreflect.Message
- func \(x \*UnrevokeResponse\) Reset()
- func \(x \*UnrevokeResponse\) String() string
- type UnsafeBadgeServiceServer
- type UnsafeDIDServiceServer
- type UnsafeMCPServiceServer
- type UnsafeRegistryServiceServer
- type UnsafeRevocationServiceServer
- type UnsafeScoringServiceServer
- type UnsafeSimpleGuardServiceServer
- type UnsafeTrustStoreServiceServer
- type UpdateAgentRequest
- func \(\*UpdateAgentRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*UpdateAgentRequest\) GetAgentCardJson() string
- func \(x \*UpdateAgentRequest\) GetDid() string
- func \(x \*UpdateAgentRequest\) GetMetadata() map[string]string
- func \(x \*UpdateAgentRequest\) GetSignedBadge() string
- func \(x \*UpdateAgentRequest\) GetTags() []string
- func \(\*UpdateAgentRequest\) ProtoMessage()
- func \(x \*UpdateAgentRequest\) ProtoReflect() protoreflect.Message
- func \(x \*UpdateAgentRequest\) Reset()
- func \(x \*UpdateAgentRequest\) String() string
- type UpdateAgentResponse
- func \(\*UpdateAgentResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*UpdateAgentResponse\) GetAgent() *RegisteredAgent
- func \(x \*UpdateAgentResponse\) GetErrorMessage() string
- func \(\*UpdateAgentResponse\) ProtoMessage()
- func \(x \*UpdateAgentResponse\) ProtoReflect() protoreflect.Message
- func \(x \*UpdateAgentResponse\) Reset()
- func \(x \*UpdateAgentResponse\) String() string
- type ValidateRuleRequest
- func \(\*ValidateRuleRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ValidateRuleRequest\) GetAgentCardJson() string
- func \(x \*ValidateRuleRequest\) GetRuleId() string
- func \(\*ValidateRuleRequest\) ProtoMessage()
- func \(x \*ValidateRuleRequest\) ProtoReflect() protoreflect.Message
- func \(x \*ValidateRuleRequest\) Reset()
- func \(x \*ValidateRuleRequest\) String() string
- type ValidateRuleResponse
- func \(\*ValidateRuleResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ValidateRuleResponse\) GetErrorMessage() string
- func \(x \*ValidateRuleResponse\) GetResult() *RuleResult
- func \(\*ValidateRuleResponse\) ProtoMessage()
- func \(x \*ValidateRuleResponse\) ProtoReflect() protoreflect.Message
- func \(x \*ValidateRuleResponse\) Reset()
- func \(x \*ValidateRuleResponse\) String() string
- type ValidationIssue
- func \(\*ValidationIssue\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ValidationIssue\) GetCode() string
- func \(x \*ValidationIssue\) GetDetails() string
- func \(x \*ValidationIssue\) GetField() string
- func \(x \*ValidationIssue\) GetMessage() string
- func \(x \*ValidationIssue\) GetSeverity() ValidationSeverity
- func \(\*ValidationIssue\) ProtoMessage()
- func \(x \*ValidationIssue\) ProtoReflect() protoreflect.Message
- func \(x \*ValidationIssue\) Reset()
- func \(x \*ValidationIssue\) String() string
- type ValidationResult
- func \(\*ValidationResult\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*ValidationResult\) GetIssues() []*ValidationIssue
- func \(x \*ValidationResult\) GetValid() bool
- func \(x \*ValidationResult\) GetValidatedAt() string
- func \(\*ValidationResult\) ProtoMessage()
- func \(x \*ValidationResult\) ProtoReflect() protoreflect.Message
- func \(x \*ValidationResult\) Reset()
- func \(x \*ValidationResult\) String() string
- type ValidationSeverity
- func \(ValidationSeverity\) Descriptor() protoreflect.EnumDescriptor
- func \(x ValidationSeverity\) Enum() *ValidationSeverity
- func \(ValidationSeverity\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x ValidationSeverity\) Number() protoreflect.EnumNumber
- func \(x ValidationSeverity\) String() string
- func \(ValidationSeverity\) Type() protoreflect.EnumType
- type VerifyAttachedRequest
- func \(\*VerifyAttachedRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*VerifyAttachedRequest\) GetDetachedPayload() []byte
- func \(x \*VerifyAttachedRequest\) GetExpectedSigner() string
- func \(x \*VerifyAttachedRequest\) GetJws() string
- func \(\*VerifyAttachedRequest\) ProtoMessage()
- func \(x \*VerifyAttachedRequest\) ProtoReflect() protoreflect.Message
- func \(x \*VerifyAttachedRequest\) Reset()
- func \(x \*VerifyAttachedRequest\) String() string
- type VerifyAttachedResponse
- func \(\*VerifyAttachedResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*VerifyAttachedResponse\) GetErrorMessage() string
- func \(x \*VerifyAttachedResponse\) GetKeyId() string
- func \(x \*VerifyAttachedResponse\) GetPayload() []byte
- func \(x \*VerifyAttachedResponse\) GetSignerDid() string
- func \(x \*VerifyAttachedResponse\) GetValid() bool
- func \(x \*VerifyAttachedResponse\) GetValidation() *ValidationResult
- func \(\*VerifyAttachedResponse\) ProtoMessage()
- func \(x \*VerifyAttachedResponse\) ProtoReflect() protoreflect.Message
- func \(x \*VerifyAttachedResponse\) Reset()
- func \(x \*VerifyAttachedResponse\) String() string
- type VerifyBadgeRequest
- func \(\*VerifyBadgeRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*VerifyBadgeRequest\) GetPublicKeyJwk() string
- func \(x \*VerifyBadgeRequest\) GetToken() string
- func \(\*VerifyBadgeRequest\) ProtoMessage()
- func \(x \*VerifyBadgeRequest\) ProtoReflect() protoreflect.Message
- func \(x \*VerifyBadgeRequest\) Reset()
- func \(x \*VerifyBadgeRequest\) String() string
- type VerifyBadgeResponse
- func \(\*VerifyBadgeResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*VerifyBadgeResponse\) GetClaims() *BadgeClaims
- func \(x \*VerifyBadgeResponse\) GetErrorCode() string
- func \(x \*VerifyBadgeResponse\) GetErrorMessage() string
- func \(x \*VerifyBadgeResponse\) GetModeUsed() VerifyMode
- func \(x \*VerifyBadgeResponse\) GetValid() bool
- func \(x \*VerifyBadgeResponse\) GetWarnings() []string
- func \(\*VerifyBadgeResponse\) ProtoMessage()
- func \(x \*VerifyBadgeResponse\) ProtoReflect() protoreflect.Message
- func \(x \*VerifyBadgeResponse\) Reset()
- func \(x \*VerifyBadgeResponse\) String() string
- type VerifyBadgeWithOptionsRequest
- func \(\*VerifyBadgeWithOptionsRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*VerifyBadgeWithOptionsRequest\) GetOptions() *VerifyOptions
- func \(x \*VerifyBadgeWithOptionsRequest\) GetToken() string
- func \(\*VerifyBadgeWithOptionsRequest\) ProtoMessage()
- func \(x \*VerifyBadgeWithOptionsRequest\) ProtoReflect() protoreflect.Message
- func \(x \*VerifyBadgeWithOptionsRequest\) Reset()
- func \(x \*VerifyBadgeWithOptionsRequest\) String() string
- type VerifyMode
- func \(VerifyMode\) Descriptor() protoreflect.EnumDescriptor
- func \(x VerifyMode\) Enum() *VerifyMode
- func \(VerifyMode\) EnumDescriptor() \(\[\]byte, \[\]int\)
- func \(x VerifyMode\) Number() protoreflect.EnumNumber
- func \(x VerifyMode\) String() string
- func \(VerifyMode\) Type() protoreflect.EnumType
- type VerifyOptions
- func \(\*VerifyOptions\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*VerifyOptions\) GetAcceptSelfSigned() bool
- func \(x \*VerifyOptions\) GetAudience() string
- func \(x \*VerifyOptions\) GetClockToleranceSeconds() int64
- func \(x \*VerifyOptions\) GetFailOpen() bool
- func \(x \*VerifyOptions\) GetMode() VerifyMode
- func \(x \*VerifyOptions\) GetRegistryUrl() string
- func \(x \*VerifyOptions\) GetSkipAgentStatus() bool
- func \(x \*VerifyOptions\) GetSkipRevocation() bool
- func \(x \*VerifyOptions\) GetStaleThresholdSeconds() int64
- func \(x \*VerifyOptions\) GetTrustedIssuers() []string
- func \(\*VerifyOptions\) ProtoMessage()
- func \(x \*VerifyOptions\) ProtoReflect() protoreflect.Message
- func \(x \*VerifyOptions\) Reset()
- func \(x \*VerifyOptions\) String() string
- type VerifyRegistrationRequest
- func \(\*VerifyRegistrationRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*VerifyRegistrationRequest\) GetDid() string
- func \(x \*VerifyRegistrationRequest\) GetVerifyBadge() bool
- func \(x \*VerifyRegistrationRequest\) GetVerifyKeys() bool
- func \(\*VerifyRegistrationRequest\) ProtoMessage()
- func \(x \*VerifyRegistrationRequest\) ProtoReflect() protoreflect.Message
- func \(x \*VerifyRegistrationRequest\) Reset()
- func \(x \*VerifyRegistrationRequest\) String() string
- type VerifyRegistrationResponse
- func \(\*VerifyRegistrationResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*VerifyRegistrationResponse\) GetBadgeValid() bool
- func \(x \*VerifyRegistrationResponse\) GetErrorMessage() string
- func \(x \*VerifyRegistrationResponse\) GetIsRegistered() bool
- func \(x \*VerifyRegistrationResponse\) GetKeysValid() bool
- func \(x \*VerifyRegistrationResponse\) GetValidation() *ValidationResult
- func \(\*VerifyRegistrationResponse\) ProtoMessage()
- func \(x \*VerifyRegistrationResponse\) ProtoReflect() protoreflect.Message
- func \(x \*VerifyRegistrationResponse\) Reset()
- func \(x \*VerifyRegistrationResponse\) String() string
- type VerifyRequest
- func \(\*VerifyRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*VerifyRequest\) GetExpectedSigner() string
- func \(x \*VerifyRequest\) GetPayload() []byte
- func \(x \*VerifyRequest\) GetSignature() []byte
- func \(x \*VerifyRequest\) GetSignatureString() string
- func \(\*VerifyRequest\) ProtoMessage()
- func \(x \*VerifyRequest\) ProtoReflect() protoreflect.Message
- func \(x \*VerifyRequest\) Reset()
- func \(x \*VerifyRequest\) String() string
- type VerifyResponse
- func \(\*VerifyResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*VerifyResponse\) GetErrorMessage() string
- func \(x \*VerifyResponse\) GetKeyId() string
- func \(x \*VerifyResponse\) GetSignerDid() string
- func \(x \*VerifyResponse\) GetValid() bool
- func \(x \*VerifyResponse\) GetValidation() *ValidationResult
- func \(\*VerifyResponse\) ProtoMessage()
- func \(x \*VerifyResponse\) ProtoReflect() protoreflect.Message
- func \(x \*VerifyResponse\) Reset()
- func \(x \*VerifyResponse\) String() string
- type VerifyServerIdentityRequest
- func \(\*VerifyServerIdentityRequest\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*VerifyServerIdentityRequest\) GetConfig() *MCPVerifyConfig
- func \(x \*VerifyServerIdentityRequest\) GetEndpointPath() string
- func \(x \*VerifyServerIdentityRequest\) GetServerBadge() string
- func \(x \*VerifyServerIdentityRequest\) GetServerDid() string
- func \(x \*VerifyServerIdentityRequest\) GetTransportOrigin() string
- func \(\*VerifyServerIdentityRequest\) ProtoMessage()
- func \(x \*VerifyServerIdentityRequest\) ProtoReflect() protoreflect.Message
- func \(x \*VerifyServerIdentityRequest\) Reset()
- func \(x \*VerifyServerIdentityRequest\) String() string
- type VerifyServerIdentityResponse
- func \(\*VerifyServerIdentityResponse\) Descriptor() \(\[\]byte, \[\]int\)
- func \(x \*VerifyServerIdentityResponse\) GetBadgeJti() string
- func \(x \*VerifyServerIdentityResponse\) GetErrorCode() MCPServerErrorCode
- func \(x \*VerifyServerIdentityResponse\) GetErrorDetail() string
- func \(x \*VerifyServerIdentityResponse\) GetServerDid() string
- func \(x \*VerifyServerIdentityResponse\) GetState() MCPServerState
- func \(x \*VerifyServerIdentityResponse\) GetTrustLevel() int32
- func \(\*VerifyServerIdentityResponse\) ProtoMessage()
- func \(x \*VerifyServerIdentityResponse\) ProtoReflect() protoreflect.Message
- func \(x \*VerifyServerIdentityResponse\) Reset()
- func \(x \*VerifyServerIdentityResponse\) String() string
Constants¶
const (
BadgeService_SignBadge_FullMethodName = "/capiscio.v1.BadgeService/SignBadge"
BadgeService_VerifyBadge_FullMethodName = "/capiscio.v1.BadgeService/VerifyBadge"
BadgeService_VerifyBadgeWithOptions_FullMethodName = "/capiscio.v1.BadgeService/VerifyBadgeWithOptions"
BadgeService_ParseBadge_FullMethodName = "/capiscio.v1.BadgeService/ParseBadge"
BadgeService_RequestBadge_FullMethodName = "/capiscio.v1.BadgeService/RequestBadge"
BadgeService_RequestPoPBadge_FullMethodName = "/capiscio.v1.BadgeService/RequestPoPBadge"
BadgeService_CreateDVOrder_FullMethodName = "/capiscio.v1.BadgeService/CreateDVOrder"
BadgeService_GetDVOrder_FullMethodName = "/capiscio.v1.BadgeService/GetDVOrder"
BadgeService_FinalizeDVOrder_FullMethodName = "/capiscio.v1.BadgeService/FinalizeDVOrder"
BadgeService_StartKeeper_FullMethodName = "/capiscio.v1.BadgeService/StartKeeper"
)
const (
DIDService_Parse_FullMethodName = "/capiscio.v1.DIDService/Parse"
DIDService_NewAgentDID_FullMethodName = "/capiscio.v1.DIDService/NewAgentDID"
DIDService_NewCapiscIOAgentDID_FullMethodName = "/capiscio.v1.DIDService/NewCapiscIOAgentDID"
DIDService_DocumentURL_FullMethodName = "/capiscio.v1.DIDService/DocumentURL"
DIDService_IsAgentDID_FullMethodName = "/capiscio.v1.DIDService/IsAgentDID"
)
const (
MCPService_EvaluateToolAccess_FullMethodName = "/capiscio.v1.MCPService/EvaluateToolAccess"
MCPService_EvaluatePolicyDecision_FullMethodName = "/capiscio.v1.MCPService/EvaluatePolicyDecision"
MCPService_VerifyServerIdentity_FullMethodName = "/capiscio.v1.MCPService/VerifyServerIdentity"
MCPService_ParseServerIdentity_FullMethodName = "/capiscio.v1.MCPService/ParseServerIdentity"
MCPService_Health_FullMethodName = "/capiscio.v1.MCPService/Health"
)
const (
RegistryService_GetAgent_FullMethodName = "/capiscio.v1.RegistryService/GetAgent"
RegistryService_SearchAgents_FullMethodName = "/capiscio.v1.RegistryService/SearchAgents"
RegistryService_RegisterAgent_FullMethodName = "/capiscio.v1.RegistryService/RegisterAgent"
RegistryService_UpdateAgent_FullMethodName = "/capiscio.v1.RegistryService/UpdateAgent"
RegistryService_DeregisterAgent_FullMethodName = "/capiscio.v1.RegistryService/DeregisterAgent"
RegistryService_VerifyRegistration_FullMethodName = "/capiscio.v1.RegistryService/VerifyRegistration"
RegistryService_ListAgents_FullMethodName = "/capiscio.v1.RegistryService/ListAgents"
RegistryService_GetStats_FullMethodName = "/capiscio.v1.RegistryService/GetStats"
RegistryService_Ping_FullMethodName = "/capiscio.v1.RegistryService/Ping"
)
const (
RevocationService_IsRevoked_FullMethodName = "/capiscio.v1.RevocationService/IsRevoked"
RevocationService_Revoke_FullMethodName = "/capiscio.v1.RevocationService/Revoke"
RevocationService_Unrevoke_FullMethodName = "/capiscio.v1.RevocationService/Unrevoke"
RevocationService_ListRevocations_FullMethodName = "/capiscio.v1.RevocationService/ListRevocations"
RevocationService_FetchRevocationList_FullMethodName = "/capiscio.v1.RevocationService/FetchRevocationList"
RevocationService_ClearCache_FullMethodName = "/capiscio.v1.RevocationService/ClearCache"
RevocationService_GetCacheStats_FullMethodName = "/capiscio.v1.RevocationService/GetCacheStats"
)
const (
ScoringService_ScoreAgentCard_FullMethodName = "/capiscio.v1.ScoringService/ScoreAgentCard"
ScoringService_ValidateRule_FullMethodName = "/capiscio.v1.ScoringService/ValidateRule"
ScoringService_ListRuleSets_FullMethodName = "/capiscio.v1.ScoringService/ListRuleSets"
ScoringService_GetRuleSet_FullMethodName = "/capiscio.v1.ScoringService/GetRuleSet"
ScoringService_AggregateScores_FullMethodName = "/capiscio.v1.ScoringService/AggregateScores"
)
const (
SimpleGuardService_Sign_FullMethodName = "/capiscio.v1.SimpleGuardService/Sign"
SimpleGuardService_Verify_FullMethodName = "/capiscio.v1.SimpleGuardService/Verify"
SimpleGuardService_SignAttached_FullMethodName = "/capiscio.v1.SimpleGuardService/SignAttached"
SimpleGuardService_VerifyAttached_FullMethodName = "/capiscio.v1.SimpleGuardService/VerifyAttached"
SimpleGuardService_GenerateKeyPair_FullMethodName = "/capiscio.v1.SimpleGuardService/GenerateKeyPair"
SimpleGuardService_LoadKey_FullMethodName = "/capiscio.v1.SimpleGuardService/LoadKey"
SimpleGuardService_ExportKey_FullMethodName = "/capiscio.v1.SimpleGuardService/ExportKey"
SimpleGuardService_GetKeyInfo_FullMethodName = "/capiscio.v1.SimpleGuardService/GetKeyInfo"
SimpleGuardService_Init_FullMethodName = "/capiscio.v1.SimpleGuardService/Init"
)
const (
TrustStoreService_AddKey_FullMethodName = "/capiscio.v1.TrustStoreService/AddKey"
TrustStoreService_RemoveKey_FullMethodName = "/capiscio.v1.TrustStoreService/RemoveKey"
TrustStoreService_GetKey_FullMethodName = "/capiscio.v1.TrustStoreService/GetKey"
TrustStoreService_ListKeys_FullMethodName = "/capiscio.v1.TrustStoreService/ListKeys"
TrustStoreService_IsTrusted_FullMethodName = "/capiscio.v1.TrustStoreService/IsTrusted"
TrustStoreService_ImportFromDirectory_FullMethodName = "/capiscio.v1.TrustStoreService/ImportFromDirectory"
TrustStoreService_ExportToDirectory_FullMethodName = "/capiscio.v1.TrustStoreService/ExportToDirectory"
TrustStoreService_Clear_FullMethodName = "/capiscio.v1.TrustStoreService/Clear"
)
Variables¶
Enum value maps for TrustLevel.
var (
TrustLevel_name = map[int32]string{
0: "TRUST_LEVEL_UNSPECIFIED",
1: "TRUST_LEVEL_SELF_SIGNED",
2: "TRUST_LEVEL_DV",
3: "TRUST_LEVEL_OV",
4: "TRUST_LEVEL_EV",
5: "TRUST_LEVEL_CV",
}
TrustLevel_value = map[string]int32{
"TRUST_LEVEL_UNSPECIFIED": 0,
"TRUST_LEVEL_SELF_SIGNED": 1,
"TRUST_LEVEL_DV": 2,
"TRUST_LEVEL_OV": 3,
"TRUST_LEVEL_EV": 4,
"TRUST_LEVEL_CV": 5,
}
)
Enum value maps for VerifyMode.
var (
VerifyMode_name = map[int32]string{
0: "VERIFY_MODE_UNSPECIFIED",
1: "VERIFY_MODE_OFFLINE",
2: "VERIFY_MODE_ONLINE",
3: "VERIFY_MODE_HYBRID",
}
VerifyMode_value = map[string]int32{
"VERIFY_MODE_UNSPECIFIED": 0,
"VERIFY_MODE_OFFLINE": 1,
"VERIFY_MODE_ONLINE": 2,
"VERIFY_MODE_HYBRID": 3,
}
)
Enum value maps for KeeperMode.
var (
KeeperMode_name = map[int32]string{
0: "KEEPER_MODE_UNSPECIFIED",
1: "KEEPER_MODE_CA",
2: "KEEPER_MODE_SELF_SIGN",
}
KeeperMode_value = map[string]int32{
"KEEPER_MODE_UNSPECIFIED": 0,
"KEEPER_MODE_CA": 1,
"KEEPER_MODE_SELF_SIGN": 2,
}
)
Enum value maps for KeeperEventType.
var (
KeeperEventType_name = map[int32]string{
0: "KEEPER_EVENT_UNSPECIFIED",
1: "KEEPER_EVENT_STARTED",
2: "KEEPER_EVENT_RENEWED",
3: "KEEPER_EVENT_ERROR",
4: "KEEPER_EVENT_STOPPED",
}
KeeperEventType_value = map[string]int32{
"KEEPER_EVENT_UNSPECIFIED": 0,
"KEEPER_EVENT_STARTED": 1,
"KEEPER_EVENT_RENEWED": 2,
"KEEPER_EVENT_ERROR": 3,
"KEEPER_EVENT_STOPPED": 4,
}
)
Enum value maps for ValidationSeverity.
var (
ValidationSeverity_name = map[int32]string{
0: "VALIDATION_SEVERITY_UNSPECIFIED",
1: "VALIDATION_SEVERITY_INFO",
2: "VALIDATION_SEVERITY_WARNING",
3: "VALIDATION_SEVERITY_ERROR",
}
ValidationSeverity_value = map[string]int32{
"VALIDATION_SEVERITY_UNSPECIFIED": 0,
"VALIDATION_SEVERITY_INFO": 1,
"VALIDATION_SEVERITY_WARNING": 2,
"VALIDATION_SEVERITY_ERROR": 3,
}
)
var (
Rating_name = map[int32]string{
0: "RATING_UNSPECIFIED",
1: "RATING_CRITICAL",
2: "RATING_POOR",
3: "RATING_FAIR",
4: "RATING_GOOD",
5: "RATING_EXCELLENT",
}
Rating_value = map[string]int32{
"RATING_UNSPECIFIED": 0,
"RATING_CRITICAL": 1,
"RATING_POOR": 2,
"RATING_FAIR": 3,
"RATING_GOOD": 4,
"RATING_EXCELLENT": 5,
}
)
Enum value maps for MCPDecision.
var (
MCPDecision_name = map[int32]string{
0: "MCP_DECISION_UNSPECIFIED",
1: "MCP_DECISION_ALLOW",
2: "MCP_DECISION_DENY",
}
MCPDecision_value = map[string]int32{
"MCP_DECISION_UNSPECIFIED": 0,
"MCP_DECISION_ALLOW": 1,
"MCP_DECISION_DENY": 2,
}
)
Enum value maps for MCPAuthLevel.
var (
MCPAuthLevel_name = map[int32]string{
0: "MCP_AUTH_LEVEL_UNSPECIFIED",
1: "MCP_AUTH_LEVEL_ANONYMOUS",
2: "MCP_AUTH_LEVEL_API_KEY",
3: "MCP_AUTH_LEVEL_BADGE",
}
MCPAuthLevel_value = map[string]int32{
"MCP_AUTH_LEVEL_UNSPECIFIED": 0,
"MCP_AUTH_LEVEL_ANONYMOUS": 1,
"MCP_AUTH_LEVEL_API_KEY": 2,
"MCP_AUTH_LEVEL_BADGE": 3,
}
)
Enum value maps for MCPDenyReason.
var (
MCPDenyReason_name = map[int32]string{
0: "MCP_DENY_REASON_UNSPECIFIED",
1: "MCP_DENY_REASON_BADGE_MISSING",
2: "MCP_DENY_REASON_BADGE_INVALID",
3: "MCP_DENY_REASON_BADGE_EXPIRED",
4: "MCP_DENY_REASON_BADGE_REVOKED",
5: "MCP_DENY_REASON_TRUST_INSUFFICIENT",
6: "MCP_DENY_REASON_TOOL_NOT_ALLOWED",
7: "MCP_DENY_REASON_ISSUER_UNTRUSTED",
8: "MCP_DENY_REASON_POLICY_DENIED",
}
MCPDenyReason_value = map[string]int32{
"MCP_DENY_REASON_UNSPECIFIED": 0,
"MCP_DENY_REASON_BADGE_MISSING": 1,
"MCP_DENY_REASON_BADGE_INVALID": 2,
"MCP_DENY_REASON_BADGE_EXPIRED": 3,
"MCP_DENY_REASON_BADGE_REVOKED": 4,
"MCP_DENY_REASON_TRUST_INSUFFICIENT": 5,
"MCP_DENY_REASON_TOOL_NOT_ALLOWED": 6,
"MCP_DENY_REASON_ISSUER_UNTRUSTED": 7,
"MCP_DENY_REASON_POLICY_DENIED": 8,
}
)
Enum value maps for MCPServerState.
var (
MCPServerState_name = map[int32]string{
0: "MCP_SERVER_STATE_UNSPECIFIED",
1: "MCP_SERVER_STATE_VERIFIED_PRINCIPAL",
2: "MCP_SERVER_STATE_DECLARED_PRINCIPAL",
3: "MCP_SERVER_STATE_UNVERIFIED_ORIGIN",
}
MCPServerState_value = map[string]int32{
"MCP_SERVER_STATE_UNSPECIFIED": 0,
"MCP_SERVER_STATE_VERIFIED_PRINCIPAL": 1,
"MCP_SERVER_STATE_DECLARED_PRINCIPAL": 2,
"MCP_SERVER_STATE_UNVERIFIED_ORIGIN": 3,
}
)
Enum value maps for MCPServerErrorCode.
var (
MCPServerErrorCode_name = map[int32]string{
0: "MCP_SERVER_ERROR_NONE",
1: "MCP_SERVER_ERROR_DID_INVALID",
2: "MCP_SERVER_ERROR_BADGE_INVALID",
3: "MCP_SERVER_ERROR_BADGE_EXPIRED",
4: "MCP_SERVER_ERROR_BADGE_REVOKED",
5: "MCP_SERVER_ERROR_TRUST_INSUFFICIENT",
6: "MCP_SERVER_ERROR_ORIGIN_MISMATCH",
7: "MCP_SERVER_ERROR_PATH_MISMATCH",
8: "MCP_SERVER_ERROR_ISSUER_UNTRUSTED",
}
MCPServerErrorCode_value = map[string]int32{
"MCP_SERVER_ERROR_NONE": 0,
"MCP_SERVER_ERROR_DID_INVALID": 1,
"MCP_SERVER_ERROR_BADGE_INVALID": 2,
"MCP_SERVER_ERROR_BADGE_EXPIRED": 3,
"MCP_SERVER_ERROR_BADGE_REVOKED": 4,
"MCP_SERVER_ERROR_TRUST_INSUFFICIENT": 5,
"MCP_SERVER_ERROR_ORIGIN_MISMATCH": 6,
"MCP_SERVER_ERROR_PATH_MISMATCH": 7,
"MCP_SERVER_ERROR_ISSUER_UNTRUSTED": 8,
}
)
Enum value maps for AgentStatus.
var (
AgentStatus_name = map[int32]string{
0: "AGENT_STATUS_UNSPECIFIED",
1: "AGENT_STATUS_ACTIVE",
2: "AGENT_STATUS_INACTIVE",
3: "AGENT_STATUS_SUSPENDED",
4: "AGENT_STATUS_PENDING",
}
AgentStatus_value = map[string]int32{
"AGENT_STATUS_UNSPECIFIED": 0,
"AGENT_STATUS_ACTIVE": 1,
"AGENT_STATUS_INACTIVE": 2,
"AGENT_STATUS_SUSPENDED": 3,
"AGENT_STATUS_PENDING": 4,
}
)
Enum value maps for SearchOperator.
var (
SearchOperator_name = map[int32]string{
0: "SEARCH_OPERATOR_UNSPECIFIED",
1: "SEARCH_OPERATOR_AND",
2: "SEARCH_OPERATOR_OR",
}
SearchOperator_value = map[string]int32{
"SEARCH_OPERATOR_UNSPECIFIED": 0,
"SEARCH_OPERATOR_AND": 1,
"SEARCH_OPERATOR_OR": 2,
}
)
Enum value maps for RevocationReason.
var (
RevocationReason_name = map[int32]string{
0: "REVOCATION_REASON_UNSPECIFIED",
1: "REVOCATION_REASON_KEY_COMPROMISE",
2: "REVOCATION_REASON_AFFILIATION_CHANGED",
3: "REVOCATION_REASON_SUPERSEDED",
4: "REVOCATION_REASON_CESSATION_OF_OPERATION",
5: "REVOCATION_REASON_PRIVILEGE_WITHDRAWN",
}
RevocationReason_value = map[string]int32{
"REVOCATION_REASON_UNSPECIFIED": 0,
"REVOCATION_REASON_KEY_COMPROMISE": 1,
"REVOCATION_REASON_AFFILIATION_CHANGED": 2,
"REVOCATION_REASON_SUPERSEDED": 3,
"REVOCATION_REASON_CESSATION_OF_OPERATION": 4,
"REVOCATION_REASON_PRIVILEGE_WITHDRAWN": 5,
}
)
Enum value maps for ScoreCategory.
var (
ScoreCategory_name = map[int32]string{
0: "SCORE_CATEGORY_UNSPECIFIED",
1: "SCORE_CATEGORY_IDENTITY",
2: "SCORE_CATEGORY_CAPABILITIES",
3: "SCORE_CATEGORY_SECURITY",
4: "SCORE_CATEGORY_COMPLIANCE",
5: "SCORE_CATEGORY_TRANSPARENCY",
}
ScoreCategory_value = map[string]int32{
"SCORE_CATEGORY_UNSPECIFIED": 0,
"SCORE_CATEGORY_IDENTITY": 1,
"SCORE_CATEGORY_CAPABILITIES": 2,
"SCORE_CATEGORY_SECURITY": 3,
"SCORE_CATEGORY_COMPLIANCE": 4,
"SCORE_CATEGORY_TRANSPARENCY": 5,
}
)
Enum value maps for RuleSeverity.
var (
RuleSeverity_name = map[int32]string{
0: "RULE_SEVERITY_UNSPECIFIED",
1: "RULE_SEVERITY_INFO",
2: "RULE_SEVERITY_WARNING",
3: "RULE_SEVERITY_ERROR",
4: "RULE_SEVERITY_CRITICAL",
}
RuleSeverity_value = map[string]int32{
"RULE_SEVERITY_UNSPECIFIED": 0,
"RULE_SEVERITY_INFO": 1,
"RULE_SEVERITY_WARNING": 2,
"RULE_SEVERITY_ERROR": 3,
"RULE_SEVERITY_CRITICAL": 4,
}
)
Enum value maps for SignatureFormat.
var (
SignatureFormat_name = map[int32]string{
0: "SIGNATURE_FORMAT_UNSPECIFIED",
1: "SIGNATURE_FORMAT_JWS_COMPACT",
2: "SIGNATURE_FORMAT_JWS_JSON",
3: "SIGNATURE_FORMAT_RAW",
}
SignatureFormat_value = map[string]int32{
"SIGNATURE_FORMAT_UNSPECIFIED": 0,
"SIGNATURE_FORMAT_JWS_COMPACT": 1,
"SIGNATURE_FORMAT_JWS_JSON": 2,
"SIGNATURE_FORMAT_RAW": 3,
}
)
Enum value maps for KeyAlgorithm.
var (
KeyAlgorithm_name = map[int32]string{
0: "KEY_ALGORITHM_UNSPECIFIED",
1: "KEY_ALGORITHM_ED25519",
2: "KEY_ALGORITHM_ECDSA_P256",
3: "KEY_ALGORITHM_ECDSA_P384",
4: "KEY_ALGORITHM_RSA_2048",
5: "KEY_ALGORITHM_RSA_4096",
}
KeyAlgorithm_value = map[string]int32{
"KEY_ALGORITHM_UNSPECIFIED": 0,
"KEY_ALGORITHM_ED25519": 1,
"KEY_ALGORITHM_ECDSA_P256": 2,
"KEY_ALGORITHM_ECDSA_P384": 3,
"KEY_ALGORITHM_RSA_2048": 4,
"KEY_ALGORITHM_RSA_4096": 5,
}
)
Enum value maps for KeyFormat.
var (
KeyFormat_name = map[int32]string{
0: "KEY_FORMAT_UNSPECIFIED",
1: "KEY_FORMAT_JWK",
2: "KEY_FORMAT_PEM",
3: "KEY_FORMAT_DER",
}
KeyFormat_value = map[string]int32{
"KEY_FORMAT_UNSPECIFIED": 0,
"KEY_FORMAT_JWK": 1,
"KEY_FORMAT_PEM": 2,
"KEY_FORMAT_DER": 3,
}
)
BadgeService_ServiceDesc is the grpc.ServiceDesc for BadgeService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified \(even as a copy\)
var BadgeService_ServiceDesc = grpc.ServiceDesc{
ServiceName: "capiscio.v1.BadgeService",
HandlerType: (*BadgeServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "SignBadge",
Handler: _BadgeService_SignBadge_Handler,
},
{
MethodName: "VerifyBadge",
Handler: _BadgeService_VerifyBadge_Handler,
},
{
MethodName: "VerifyBadgeWithOptions",
Handler: _BadgeService_VerifyBadgeWithOptions_Handler,
},
{
MethodName: "ParseBadge",
Handler: _BadgeService_ParseBadge_Handler,
},
{
MethodName: "RequestBadge",
Handler: _BadgeService_RequestBadge_Handler,
},
{
MethodName: "RequestPoPBadge",
Handler: _BadgeService_RequestPoPBadge_Handler,
},
{
MethodName: "CreateDVOrder",
Handler: _BadgeService_CreateDVOrder_Handler,
},
{
MethodName: "GetDVOrder",
Handler: _BadgeService_GetDVOrder_Handler,
},
{
MethodName: "FinalizeDVOrder",
Handler: _BadgeService_FinalizeDVOrder_Handler,
},
},
Streams: []grpc.StreamDesc{
{
StreamName: "StartKeeper",
Handler: _BadgeService_StartKeeper_Handler,
ServerStreams: true,
},
},
Metadata: "capiscio/v1/badge.proto",
}
DIDService_ServiceDesc is the grpc.ServiceDesc for DIDService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified \(even as a copy\)
var DIDService_ServiceDesc = grpc.ServiceDesc{
ServiceName: "capiscio.v1.DIDService",
HandlerType: (*DIDServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "Parse",
Handler: _DIDService_Parse_Handler,
},
{
MethodName: "NewAgentDID",
Handler: _DIDService_NewAgentDID_Handler,
},
{
MethodName: "NewCapiscIOAgentDID",
Handler: _DIDService_NewCapiscIOAgentDID_Handler,
},
{
MethodName: "DocumentURL",
Handler: _DIDService_DocumentURL_Handler,
},
{
MethodName: "IsAgentDID",
Handler: _DIDService_IsAgentDID_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "capiscio/v1/did.proto",
}
MCPService_ServiceDesc is the grpc.ServiceDesc for MCPService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified \(even as a copy\)
var MCPService_ServiceDesc = grpc.ServiceDesc{
ServiceName: "capiscio.v1.MCPService",
HandlerType: (*MCPServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "EvaluateToolAccess",
Handler: _MCPService_EvaluateToolAccess_Handler,
},
{
MethodName: "EvaluatePolicyDecision",
Handler: _MCPService_EvaluatePolicyDecision_Handler,
},
{
MethodName: "VerifyServerIdentity",
Handler: _MCPService_VerifyServerIdentity_Handler,
},
{
MethodName: "ParseServerIdentity",
Handler: _MCPService_ParseServerIdentity_Handler,
},
{
MethodName: "Health",
Handler: _MCPService_Health_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "capiscio/v1/mcp.proto",
}
RegistryService_ServiceDesc is the grpc.ServiceDesc for RegistryService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified \(even as a copy\)
var RegistryService_ServiceDesc = grpc.ServiceDesc{
ServiceName: "capiscio.v1.RegistryService",
HandlerType: (*RegistryServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "GetAgent",
Handler: _RegistryService_GetAgent_Handler,
},
{
MethodName: "SearchAgents",
Handler: _RegistryService_SearchAgents_Handler,
},
{
MethodName: "RegisterAgent",
Handler: _RegistryService_RegisterAgent_Handler,
},
{
MethodName: "UpdateAgent",
Handler: _RegistryService_UpdateAgent_Handler,
},
{
MethodName: "DeregisterAgent",
Handler: _RegistryService_DeregisterAgent_Handler,
},
{
MethodName: "VerifyRegistration",
Handler: _RegistryService_VerifyRegistration_Handler,
},
{
MethodName: "ListAgents",
Handler: _RegistryService_ListAgents_Handler,
},
{
MethodName: "GetStats",
Handler: _RegistryService_GetStats_Handler,
},
{
MethodName: "Ping",
Handler: _RegistryService_Ping_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "capiscio/v1/registry.proto",
}
RevocationService_ServiceDesc is the grpc.ServiceDesc for RevocationService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified \(even as a copy\)
var RevocationService_ServiceDesc = grpc.ServiceDesc{
ServiceName: "capiscio.v1.RevocationService",
HandlerType: (*RevocationServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "IsRevoked",
Handler: _RevocationService_IsRevoked_Handler,
},
{
MethodName: "Revoke",
Handler: _RevocationService_Revoke_Handler,
},
{
MethodName: "Unrevoke",
Handler: _RevocationService_Unrevoke_Handler,
},
{
MethodName: "ListRevocations",
Handler: _RevocationService_ListRevocations_Handler,
},
{
MethodName: "FetchRevocationList",
Handler: _RevocationService_FetchRevocationList_Handler,
},
{
MethodName: "ClearCache",
Handler: _RevocationService_ClearCache_Handler,
},
{
MethodName: "GetCacheStats",
Handler: _RevocationService_GetCacheStats_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "capiscio/v1/revocation.proto",
}
ScoringService_ServiceDesc is the grpc.ServiceDesc for ScoringService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified \(even as a copy\)
var ScoringService_ServiceDesc = grpc.ServiceDesc{
ServiceName: "capiscio.v1.ScoringService",
HandlerType: (*ScoringServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "ScoreAgentCard",
Handler: _ScoringService_ScoreAgentCard_Handler,
},
{
MethodName: "ValidateRule",
Handler: _ScoringService_ValidateRule_Handler,
},
{
MethodName: "ListRuleSets",
Handler: _ScoringService_ListRuleSets_Handler,
},
{
MethodName: "GetRuleSet",
Handler: _ScoringService_GetRuleSet_Handler,
},
{
MethodName: "AggregateScores",
Handler: _ScoringService_AggregateScores_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "capiscio/v1/scoring.proto",
}
SimpleGuardService_ServiceDesc is the grpc.ServiceDesc for SimpleGuardService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified \(even as a copy\)
var SimpleGuardService_ServiceDesc = grpc.ServiceDesc{
ServiceName: "capiscio.v1.SimpleGuardService",
HandlerType: (*SimpleGuardServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "Sign",
Handler: _SimpleGuardService_Sign_Handler,
},
{
MethodName: "Verify",
Handler: _SimpleGuardService_Verify_Handler,
},
{
MethodName: "SignAttached",
Handler: _SimpleGuardService_SignAttached_Handler,
},
{
MethodName: "VerifyAttached",
Handler: _SimpleGuardService_VerifyAttached_Handler,
},
{
MethodName: "GenerateKeyPair",
Handler: _SimpleGuardService_GenerateKeyPair_Handler,
},
{
MethodName: "LoadKey",
Handler: _SimpleGuardService_LoadKey_Handler,
},
{
MethodName: "ExportKey",
Handler: _SimpleGuardService_ExportKey_Handler,
},
{
MethodName: "GetKeyInfo",
Handler: _SimpleGuardService_GetKeyInfo_Handler,
},
{
MethodName: "Init",
Handler: _SimpleGuardService_Init_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "capiscio/v1/simpleguard.proto",
}
TrustStoreService_ServiceDesc is the grpc.ServiceDesc for TrustStoreService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified \(even as a copy\)
var TrustStoreService_ServiceDesc = grpc.ServiceDesc{
ServiceName: "capiscio.v1.TrustStoreService",
HandlerType: (*TrustStoreServiceServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "AddKey",
Handler: _TrustStoreService_AddKey_Handler,
},
{
MethodName: "RemoveKey",
Handler: _TrustStoreService_RemoveKey_Handler,
},
{
MethodName: "GetKey",
Handler: _TrustStoreService_GetKey_Handler,
},
{
MethodName: "ListKeys",
Handler: _TrustStoreService_ListKeys_Handler,
},
{
MethodName: "IsTrusted",
Handler: _TrustStoreService_IsTrusted_Handler,
},
{
MethodName: "ImportFromDirectory",
Handler: _TrustStoreService_ImportFromDirectory_Handler,
},
{
MethodName: "ExportToDirectory",
Handler: _TrustStoreService_ExportToDirectory_Handler,
},
{
MethodName: "Clear",
Handler: _TrustStoreService_Clear_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "capiscio/v1/trust.proto",
}
func RegisterBadgeServiceServer¶
func RegisterDIDServiceServer¶
func RegisterMCPServiceServer¶
func RegisterRegistryServiceServer¶
func RegisterRevocationServiceServer¶
func RegisterScoringServiceServer¶
func RegisterSimpleGuardServiceServer¶
func RegisterTrustStoreServiceServer¶
type AddKeyRequest¶
Request to add a key
type AddKeyRequest struct {
Did string `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"`
PublicKey []byte `protobuf:"bytes,2,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
Format KeyFormat `protobuf:"varint,3,opt,name=format,proto3,enum=capiscio.v1.KeyFormat" json:"format,omitempty"`
Metadata map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
// contains filtered or unexported fields
}
func \(\*AddKeyRequest\) Descriptor¶
Deprecated: Use AddKeyRequest.ProtoReflect.Descriptor instead.
func \(\*AddKeyRequest\) GetDid¶
func \(\*AddKeyRequest\) GetFormat¶
func \(\*AddKeyRequest\) GetMetadata¶
func \(\*AddKeyRequest\) GetPublicKey¶
func \(\*AddKeyRequest\) ProtoMessage¶
func \(\*AddKeyRequest\) ProtoReflect¶
func \(\*AddKeyRequest\) Reset¶
func \(\*AddKeyRequest\) String¶
type AddKeyResponse¶
Response for add key
type AddKeyResponse struct {
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*AddKeyResponse\) Descriptor¶
Deprecated: Use AddKeyResponse.ProtoReflect.Descriptor instead.
func \(\*AddKeyResponse\) GetErrorMessage¶
func \(\*AddKeyResponse\) GetKeyId¶
func \(\*AddKeyResponse\) ProtoMessage¶
func \(\*AddKeyResponse\) ProtoReflect¶
func \(\*AddKeyResponse\) Reset¶
func \(\*AddKeyResponse\) String¶
type AgentStatus¶
Agent status
const (
AgentStatus_AGENT_STATUS_UNSPECIFIED AgentStatus = 0
AgentStatus_AGENT_STATUS_ACTIVE AgentStatus = 1
AgentStatus_AGENT_STATUS_INACTIVE AgentStatus = 2
AgentStatus_AGENT_STATUS_SUSPENDED AgentStatus = 3
AgentStatus_AGENT_STATUS_PENDING AgentStatus = 4
)
func \(AgentStatus\) Descriptor¶
func \(AgentStatus\) Enum¶
func \(AgentStatus\) EnumDescriptor¶
Deprecated: Use AgentStatus.Descriptor instead.
func \(AgentStatus\) Number¶
func \(AgentStatus\) String¶
func \(AgentStatus\) Type¶
type AggregateScoresRequest¶
Request to aggregate scores
type AggregateScoresRequest struct {
Results []*ScoringResult `protobuf:"bytes,1,rep,name=results,proto3" json:"results,omitempty"`
AggregationMethod string `protobuf:"bytes,2,opt,name=aggregation_method,json=aggregationMethod,proto3" json:"aggregation_method,omitempty"` // "mean", "weighted", "min"
// contains filtered or unexported fields
}
func \(\*AggregateScoresRequest\) Descriptor¶
Deprecated: Use AggregateScoresRequest.ProtoReflect.Descriptor instead.
func \(\*AggregateScoresRequest\) GetAggregationMethod¶
func \(\*AggregateScoresRequest\) GetResults¶
func \(\*AggregateScoresRequest\) ProtoMessage¶
func \(\*AggregateScoresRequest\) ProtoReflect¶
func \(\*AggregateScoresRequest\) Reset¶
func \(\*AggregateScoresRequest\) String¶
type AggregateScoresResponse¶
Response with aggregated score
type AggregateScoresResponse struct {
AggregateScore float64 `protobuf:"fixed64,1,opt,name=aggregate_score,json=aggregateScore,proto3" json:"aggregate_score,omitempty"`
AggregateRating Rating `protobuf:"varint,2,opt,name=aggregate_rating,json=aggregateRating,proto3,enum=capiscio.v1.Rating" json:"aggregate_rating,omitempty"`
CategoryAggregates map[string]float64 `protobuf:"bytes,3,rep,name=category_aggregates,json=categoryAggregates,proto3" json:"category_aggregates,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"fixed64,2,opt,name=value"`
// contains filtered or unexported fields
}
func \(\*AggregateScoresResponse\) Descriptor¶
Deprecated: Use AggregateScoresResponse.ProtoReflect.Descriptor instead.
func \(\*AggregateScoresResponse\) GetAggregateRating¶
func \(\*AggregateScoresResponse\) GetAggregateScore¶
func \(\*AggregateScoresResponse\) GetCategoryAggregates¶
func \(\*AggregateScoresResponse\) ProtoMessage¶
func \(\*AggregateScoresResponse\) ProtoReflect¶
func \(\*AggregateScoresResponse\) Reset¶
func \(\*AggregateScoresResponse\) String¶
type BadgeClaims¶
Badge claims structure
type BadgeClaims struct {
Jti string `protobuf:"bytes,1,opt,name=jti,proto3" json:"jti,omitempty"` // JWT ID - unique identifier
Iss string `protobuf:"bytes,2,opt,name=iss,proto3" json:"iss,omitempty"` // Issuer URL
Sub string `protobuf:"bytes,3,opt,name=sub,proto3" json:"sub,omitempty"` // Subject (did:web identifier)
Iat int64 `protobuf:"varint,4,opt,name=iat,proto3" json:"iat,omitempty"` // Issued At (Unix timestamp)
Exp int64 `protobuf:"varint,5,opt,name=exp,proto3" json:"exp,omitempty"` // Expiration (Unix timestamp)
Nbf int64 `protobuf:"varint,6,opt,name=nbf,proto3" json:"nbf,omitempty"` // Not Before (Unix timestamp)
Aud []string `protobuf:"bytes,7,rep,name=aud,proto3" json:"aud,omitempty"` // Audience
TrustLevel TrustLevel `protobuf:"varint,8,opt,name=trust_level,json=trustLevel,proto3,enum=capiscio.v1.TrustLevel" json:"trust_level,omitempty"`
Domain string `protobuf:"bytes,9,opt,name=domain,proto3" json:"domain,omitempty"`
AgentName string `protobuf:"bytes,10,opt,name=agent_name,json=agentName,proto3" json:"agent_name,omitempty"`
Scope string `protobuf:"bytes,11,opt,name=scope,proto3" json:"scope,omitempty"`
// contains filtered or unexported fields
}
func \(\*BadgeClaims\) Descriptor¶
Deprecated: Use BadgeClaims.ProtoReflect.Descriptor instead.
func \(\*BadgeClaims\) GetAgentName¶
func \(\*BadgeClaims\) GetAud¶
func \(\*BadgeClaims\) GetDomain¶
func \(\*BadgeClaims\) GetExp¶
func \(\*BadgeClaims\) GetIat¶
func \(\*BadgeClaims\) GetIss¶
func \(\*BadgeClaims\) GetJti¶
func \(\*BadgeClaims\) GetNbf¶
func \(\*BadgeClaims\) GetScope¶
func \(\*BadgeClaims\) GetSub¶
func \(\*BadgeClaims\) GetTrustLevel¶
func \(\*BadgeClaims\) ProtoMessage¶
func \(\*BadgeClaims\) ProtoReflect¶
func \(\*BadgeClaims\) Reset¶
func \(\*BadgeClaims\) String¶
type BadgeServiceClient¶
BadgeServiceClient is the client API for BadgeService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
BadgeService handles Trust Badge operations
type BadgeServiceClient interface {
// Sign a new badge with the provided claims
SignBadge(ctx context.Context, in *SignBadgeRequest, opts ...grpc.CallOption) (*SignBadgeResponse, error)
// Verify a badge token (basic verification)
VerifyBadge(ctx context.Context, in *VerifyBadgeRequest, opts ...grpc.CallOption) (*VerifyBadgeResponse, error)
// Verify a badge with full options (online checks, etc.)
VerifyBadgeWithOptions(ctx context.Context, in *VerifyBadgeWithOptionsRequest, opts ...grpc.CallOption) (*VerifyBadgeResponse, error)
// Parse badge claims without verification
ParseBadge(ctx context.Context, in *ParseBadgeRequest, opts ...grpc.CallOption) (*ParseBadgeResponse, error)
// Request a badge from a Certificate Authority (RFC-002 ยง12.1)
// This is for production use where badges are issued by CapiscIO registry
RequestBadge(ctx context.Context, in *RequestBadgeRequest, opts ...grpc.CallOption) (*RequestBadgeResponse, error)
// Request a badge using Proof of Possession (RFC-003)
// This provides IAL-1 assurance with cryptographic key binding
RequestPoPBadge(ctx context.Context, in *RequestPoPBadgeRequest, opts ...grpc.CallOption) (*RequestPoPBadgeResponse, error)
// Create a Domain Validated (DV) badge order (RFC-002 v1.2)
CreateDVOrder(ctx context.Context, in *CreateDVOrderRequest, opts ...grpc.CallOption) (*CreateDVOrderResponse, error)
// Get DV order status
GetDVOrder(ctx context.Context, in *GetDVOrderRequest, opts ...grpc.CallOption) (*GetDVOrderResponse, error)
// Finalize DV order and receive grant
FinalizeDVOrder(ctx context.Context, in *FinalizeDVOrderRequest, opts ...grpc.CallOption) (*FinalizeDVOrderResponse, error)
// Start a badge keeper that automatically renews badges (RFC-002 ยง7.3)
// Returns a stream of keeper events (started, renewed, error, stopped)
StartKeeper(ctx context.Context, in *StartKeeperRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[KeeperEvent], error)
}
func NewBadgeServiceClient¶
type BadgeServiceServer¶
BadgeServiceServer is the server API for BadgeService service. All implementations must embed UnimplementedBadgeServiceServer for forward compatibility.
BadgeService handles Trust Badge operations
type BadgeServiceServer interface {
// Sign a new badge with the provided claims
SignBadge(context.Context, *SignBadgeRequest) (*SignBadgeResponse, error)
// Verify a badge token (basic verification)
VerifyBadge(context.Context, *VerifyBadgeRequest) (*VerifyBadgeResponse, error)
// Verify a badge with full options (online checks, etc.)
VerifyBadgeWithOptions(context.Context, *VerifyBadgeWithOptionsRequest) (*VerifyBadgeResponse, error)
// Parse badge claims without verification
ParseBadge(context.Context, *ParseBadgeRequest) (*ParseBadgeResponse, error)
// Request a badge from a Certificate Authority (RFC-002 ยง12.1)
// This is for production use where badges are issued by CapiscIO registry
RequestBadge(context.Context, *RequestBadgeRequest) (*RequestBadgeResponse, error)
// Request a badge using Proof of Possession (RFC-003)
// This provides IAL-1 assurance with cryptographic key binding
RequestPoPBadge(context.Context, *RequestPoPBadgeRequest) (*RequestPoPBadgeResponse, error)
// Create a Domain Validated (DV) badge order (RFC-002 v1.2)
CreateDVOrder(context.Context, *CreateDVOrderRequest) (*CreateDVOrderResponse, error)
// Get DV order status
GetDVOrder(context.Context, *GetDVOrderRequest) (*GetDVOrderResponse, error)
// Finalize DV order and receive grant
FinalizeDVOrder(context.Context, *FinalizeDVOrderRequest) (*FinalizeDVOrderResponse, error)
// Start a badge keeper that automatically renews badges (RFC-002 ยง7.3)
// Returns a stream of keeper events (started, renewed, error, stopped)
StartKeeper(*StartKeeperRequest, grpc.ServerStreamingServer[KeeperEvent]) error
// contains filtered or unexported methods
}
type BadgeService\_StartKeeperClient¶
This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name.
type BadgeService\_StartKeeperServer¶
This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name.
type CategoryScore¶
Category score breakdown
type CategoryScore struct {
Category ScoreCategory `protobuf:"varint,1,opt,name=category,proto3,enum=capiscio.v1.ScoreCategory" json:"category,omitempty"`
Score float64 `protobuf:"fixed64,2,opt,name=score,proto3" json:"score,omitempty"` // 0.0 to 1.0
RulesPassed int32 `protobuf:"varint,3,opt,name=rules_passed,json=rulesPassed,proto3" json:"rules_passed,omitempty"`
RulesFailed int32 `protobuf:"varint,4,opt,name=rules_failed,json=rulesFailed,proto3" json:"rules_failed,omitempty"`
Results []*RuleResult `protobuf:"bytes,5,rep,name=results,proto3" json:"results,omitempty"`
// contains filtered or unexported fields
}
func \(\*CategoryScore\) Descriptor¶
Deprecated: Use CategoryScore.ProtoReflect.Descriptor instead.
func \(\*CategoryScore\) GetCategory¶
func \(\*CategoryScore\) GetResults¶
func \(\*CategoryScore\) GetRulesFailed¶
func \(\*CategoryScore\) GetRulesPassed¶
func \(\*CategoryScore\) GetScore¶
func \(\*CategoryScore\) ProtoMessage¶
func \(\*CategoryScore\) ProtoReflect¶
func \(\*CategoryScore\) Reset¶
func \(\*CategoryScore\) String¶
type ClearCacheRequest¶
Request to clear cache
type ClearCacheRequest struct {
SourceFilter string `protobuf:"bytes,1,opt,name=source_filter,json=sourceFilter,proto3" json:"source_filter,omitempty"` // Optional: clear only from specific source
// contains filtered or unexported fields
}
func \(\*ClearCacheRequest\) Descriptor¶
Deprecated: Use ClearCacheRequest.ProtoReflect.Descriptor instead.
func \(\*ClearCacheRequest\) GetSourceFilter¶
func \(\*ClearCacheRequest\) ProtoMessage¶
func \(\*ClearCacheRequest\) ProtoReflect¶
func \(\*ClearCacheRequest\) Reset¶
func \(\*ClearCacheRequest\) String¶
type ClearCacheResponse¶
Response for clear cache
type ClearCacheResponse struct {
EntriesCleared int32 `protobuf:"varint,1,opt,name=entries_cleared,json=entriesCleared,proto3" json:"entries_cleared,omitempty"`
// contains filtered or unexported fields
}
func \(\*ClearCacheResponse\) Descriptor¶
Deprecated: Use ClearCacheResponse.ProtoReflect.Descriptor instead.
func \(\*ClearCacheResponse\) GetEntriesCleared¶
func \(\*ClearCacheResponse\) ProtoMessage¶
func \(\*ClearCacheResponse\) ProtoReflect¶
func \(\*ClearCacheResponse\) Reset¶
func \(\*ClearCacheResponse\) String¶
type ClearKeysRequest¶
Request to clear all keys
type ClearKeysRequest struct {
Confirm bool `protobuf:"varint,1,opt,name=confirm,proto3" json:"confirm,omitempty"` // Must be true to clear
// contains filtered or unexported fields
}
func \(\*ClearKeysRequest\) Descriptor¶
Deprecated: Use ClearKeysRequest.ProtoReflect.Descriptor instead.
func \(\*ClearKeysRequest\) GetConfirm¶
func \(\*ClearKeysRequest\) ProtoMessage¶
func \(\*ClearKeysRequest\) ProtoReflect¶
func \(\*ClearKeysRequest\) Reset¶
func \(\*ClearKeysRequest\) String¶
type ClearKeysResponse¶
Response for clear
type ClearKeysResponse struct {
KeysCleared int32 `protobuf:"varint,1,opt,name=keys_cleared,json=keysCleared,proto3" json:"keys_cleared,omitempty"`
// contains filtered or unexported fields
}
func \(\*ClearKeysResponse\) Descriptor¶
Deprecated: Use ClearKeysResponse.ProtoReflect.Descriptor instead.
func \(\*ClearKeysResponse\) GetKeysCleared¶
func \(\*ClearKeysResponse\) ProtoMessage¶
func \(\*ClearKeysResponse\) ProtoReflect¶
func \(\*ClearKeysResponse\) Reset¶
func \(\*ClearKeysResponse\) String¶
type CreateDVOrderRequest¶
Request to create a DV badge order
type CreateDVOrderRequest struct {
// Domain to validate (e.g., "example.com")
Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"`
// Challenge type: "http-01" or "dns-01"
ChallengeType string `protobuf:"bytes,2,opt,name=challenge_type,json=challengeType,proto3" json:"challenge_type,omitempty"`
// Public key in JWK format (JSON string)
Jwk string `protobuf:"bytes,3,opt,name=jwk,proto3" json:"jwk,omitempty"`
// CA URL (default: https://registry.capisc.io)
CaUrl string `protobuf:"bytes,4,opt,name=ca_url,json=caUrl,proto3" json:"ca_url,omitempty"`
// contains filtered or unexported fields
}
func \(\*CreateDVOrderRequest\) Descriptor¶
Deprecated: Use CreateDVOrderRequest.ProtoReflect.Descriptor instead.
func \(\*CreateDVOrderRequest\) GetCaUrl¶
func \(\*CreateDVOrderRequest\) GetChallengeType¶
func \(\*CreateDVOrderRequest\) GetDomain¶
func \(\*CreateDVOrderRequest\) GetJwk¶
func \(\*CreateDVOrderRequest\) ProtoMessage¶
func \(\*CreateDVOrderRequest\) ProtoReflect¶
func \(\*CreateDVOrderRequest\) Reset¶
func \(\*CreateDVOrderRequest\) String¶
type CreateDVOrderResponse¶
Response from DV order creation
type CreateDVOrderResponse struct {
// Whether the request succeeded
Success bool `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
// Order ID (UUID)
OrderId string `protobuf:"bytes,2,opt,name=order_id,json=orderId,proto3" json:"order_id,omitempty"`
// Domain
Domain string `protobuf:"bytes,3,opt,name=domain,proto3" json:"domain,omitempty"`
// Challenge type
ChallengeType string `protobuf:"bytes,4,opt,name=challenge_type,json=challengeType,proto3" json:"challenge_type,omitempty"`
// Challenge token
ChallengeToken string `protobuf:"bytes,5,opt,name=challenge_token,json=challengeToken,proto3" json:"challenge_token,omitempty"`
// Order status ("pending", "valid", "invalid")
Status string `protobuf:"bytes,6,opt,name=status,proto3" json:"status,omitempty"`
// Validation URL (for HTTP-01)
ValidationUrl string `protobuf:"bytes,7,opt,name=validation_url,json=validationUrl,proto3" json:"validation_url,omitempty"`
// DNS record value (for DNS-01)
DnsRecord string `protobuf:"bytes,8,opt,name=dns_record,json=dnsRecord,proto3" json:"dns_record,omitempty"`
// When the order expires (Unix timestamp)
ExpiresAt int64 `protobuf:"varint,9,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
// Error message if success=false
Error string `protobuf:"bytes,10,opt,name=error,proto3" json:"error,omitempty"`
// Error code
ErrorCode string `protobuf:"bytes,11,opt,name=error_code,json=errorCode,proto3" json:"error_code,omitempty"`
// contains filtered or unexported fields
}
func \(\*CreateDVOrderResponse\) Descriptor¶
Deprecated: Use CreateDVOrderResponse.ProtoReflect.Descriptor instead.
func \(\*CreateDVOrderResponse\) GetChallengeToken¶
func \(\*CreateDVOrderResponse\) GetChallengeType¶
func \(\*CreateDVOrderResponse\) GetDnsRecord¶
func \(\*CreateDVOrderResponse\) GetDomain¶
func \(\*CreateDVOrderResponse\) GetError¶
func \(\*CreateDVOrderResponse\) GetErrorCode¶
func \(\*CreateDVOrderResponse\) GetExpiresAt¶
func \(\*CreateDVOrderResponse\) GetOrderId¶
func \(\*CreateDVOrderResponse\) GetStatus¶
func \(\*CreateDVOrderResponse\) GetSuccess¶
func \(\*CreateDVOrderResponse\) GetValidationUrl¶
func \(\*CreateDVOrderResponse\) ProtoMessage¶
func \(\*CreateDVOrderResponse\) ProtoReflect¶
func \(\*CreateDVOrderResponse\) Reset¶
func \(\*CreateDVOrderResponse\) String¶
type DID¶
Parsed DID structure
type DID struct {
Raw string `protobuf:"bytes,1,opt,name=raw,proto3" json:"raw,omitempty"` // Original DID string
Method string `protobuf:"bytes,2,opt,name=method,proto3" json:"method,omitempty"` // "web"
Domain string `protobuf:"bytes,3,opt,name=domain,proto3" json:"domain,omitempty"` // Domain part
Path []string `protobuf:"bytes,4,rep,name=path,proto3" json:"path,omitempty"` // Path segments
Fragment string `protobuf:"bytes,5,opt,name=fragment,proto3" json:"fragment,omitempty"` // Fragment (if any)
// contains filtered or unexported fields
}
func \(\*DID\) Descriptor¶
Deprecated: Use DID.ProtoReflect.Descriptor instead.
func \(\*DID\) GetDomain¶
func \(\*DID\) GetFragment¶
func \(\*DID\) GetMethod¶
func \(\*DID\) GetPath¶
func \(\*DID\) GetRaw¶
func \(\*DID\) ProtoMessage¶
func \(\*DID\) ProtoReflect¶
func \(\*DID\) Reset¶
func \(\*DID\) String¶
type DIDServiceClient¶
DIDServiceClient is the client API for DIDService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
DIDService handles did:web operations
type DIDServiceClient interface {
// Parse a did:web identifier
Parse(ctx context.Context, in *ParseDIDRequest, opts ...grpc.CallOption) (*ParseDIDResponse, error)
// Construct a new agent DID
NewAgentDID(ctx context.Context, in *NewAgentDIDRequest, opts ...grpc.CallOption) (*NewAgentDIDResponse, error)
// Construct a Capiscio registry DID
NewCapiscIOAgentDID(ctx context.Context, in *NewCapiscIOAgentDIDRequest, opts ...grpc.CallOption) (*NewAgentDIDResponse, error)
// Get the document URL for a DID
DocumentURL(ctx context.Context, in *DocumentURLRequest, opts ...grpc.CallOption) (*DocumentURLResponse, error)
// Check if a DID is an agent DID
IsAgentDID(ctx context.Context, in *IsAgentDIDRequest, opts ...grpc.CallOption) (*IsAgentDIDResponse, error)
}
func NewDIDServiceClient¶
type DIDServiceServer¶
DIDServiceServer is the server API for DIDService service. All implementations must embed UnimplementedDIDServiceServer for forward compatibility.
DIDService handles did:web operations
type DIDServiceServer interface {
// Parse a did:web identifier
Parse(context.Context, *ParseDIDRequest) (*ParseDIDResponse, error)
// Construct a new agent DID
NewAgentDID(context.Context, *NewAgentDIDRequest) (*NewAgentDIDResponse, error)
// Construct a Capiscio registry DID
NewCapiscIOAgentDID(context.Context, *NewCapiscIOAgentDIDRequest) (*NewAgentDIDResponse, error)
// Get the document URL for a DID
DocumentURL(context.Context, *DocumentURLRequest) (*DocumentURLResponse, error)
// Check if a DID is an agent DID
IsAgentDID(context.Context, *IsAgentDIDRequest) (*IsAgentDIDResponse, error)
// contains filtered or unexported methods
}
type DeregisterAgentRequest¶
Deregister request
type DeregisterAgentRequest struct {
Did string `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"`
Reason string `protobuf:"bytes,2,opt,name=reason,proto3" json:"reason,omitempty"`
// contains filtered or unexported fields
}
func \(\*DeregisterAgentRequest\) Descriptor¶
Deprecated: Use DeregisterAgentRequest.ProtoReflect.Descriptor instead.
func \(\*DeregisterAgentRequest\) GetDid¶
func \(\*DeregisterAgentRequest\) GetReason¶
func \(\*DeregisterAgentRequest\) ProtoMessage¶
func \(\*DeregisterAgentRequest\) ProtoReflect¶
func \(\*DeregisterAgentRequest\) Reset¶
func \(\*DeregisterAgentRequest\) String¶
type DeregisterAgentResponse¶
Deregister response
type DeregisterAgentResponse struct {
Success bool `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*DeregisterAgentResponse\) Descriptor¶
Deprecated: Use DeregisterAgentResponse.ProtoReflect.Descriptor instead.
func \(\*DeregisterAgentResponse\) GetErrorMessage¶
func \(\*DeregisterAgentResponse\) GetSuccess¶
func \(\*DeregisterAgentResponse\) ProtoMessage¶
func \(\*DeregisterAgentResponse\) ProtoReflect¶
func \(\*DeregisterAgentResponse\) Reset¶
func \(\*DeregisterAgentResponse\) String¶
type DocumentURLRequest¶
Request to get document URL
type DocumentURLRequest struct {
Did string `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"`
// contains filtered or unexported fields
}
func \(\*DocumentURLRequest\) Descriptor¶
Deprecated: Use DocumentURLRequest.ProtoReflect.Descriptor instead.
func \(\*DocumentURLRequest\) GetDid¶
func \(\*DocumentURLRequest\) ProtoMessage¶
func \(\*DocumentURLRequest\) ProtoReflect¶
func \(\*DocumentURLRequest\) Reset¶
func \(\*DocumentURLRequest\) String¶
type DocumentURLResponse¶
Response with document URL
type DocumentURLResponse struct {
Url string `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"`
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*DocumentURLResponse\) Descriptor¶
Deprecated: Use DocumentURLResponse.ProtoReflect.Descriptor instead.
func \(\*DocumentURLResponse\) GetErrorMessage¶
func \(\*DocumentURLResponse\) GetUrl¶
func \(\*DocumentURLResponse\) ProtoMessage¶
func \(\*DocumentURLResponse\) ProtoReflect¶
func \(\*DocumentURLResponse\) Reset¶
func \(\*DocumentURLResponse\) String¶
type Duration¶
Duration in seconds
type Duration struct {
Seconds int64 `protobuf:"varint,1,opt,name=seconds,proto3" json:"seconds,omitempty"`
// contains filtered or unexported fields
}
func \(\*Duration\) Descriptor¶
Deprecated: Use Duration.ProtoReflect.Descriptor instead.
func \(\*Duration\) GetSeconds¶
func \(\*Duration\) ProtoMessage¶
func \(\*Duration\) ProtoReflect¶
func \(\*Duration\) Reset¶
func \(\*Duration\) String¶
type ErrorDetail¶
Error details for rich error responses
type ErrorDetail struct {
Code string `protobuf:"bytes,1,opt,name=code,proto3" json:"code,omitempty"`
Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
Metadata map[string]string `protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
// contains filtered or unexported fields
}
func \(\*ErrorDetail\) Descriptor¶
Deprecated: Use ErrorDetail.ProtoReflect.Descriptor instead.
func \(\*ErrorDetail\) GetCode¶
func \(\*ErrorDetail\) GetMessage¶
func \(\*ErrorDetail\) GetMetadata¶
func \(\*ErrorDetail\) ProtoMessage¶
func \(\*ErrorDetail\) ProtoReflect¶
func \(\*ErrorDetail\) Reset¶
func \(\*ErrorDetail\) String¶
type EvaluateConfig¶
Configuration for tool access evaluation
type EvaluateConfig struct {
// List of trusted badge issuers
TrustedIssuers []string `protobuf:"bytes,1,rep,name=trusted_issuers,json=trustedIssuers,proto3" json:"trusted_issuers,omitempty"`
// Minimum required trust level (0-4, default 0)
MinTrustLevel int32 `protobuf:"varint,2,opt,name=min_trust_level,json=minTrustLevel,proto3" json:"min_trust_level,omitempty"`
// Accept self-signed did:key badges (Trust Level 0)
AcceptLevelZero bool `protobuf:"varint,3,opt,name=accept_level_zero,json=acceptLevelZero,proto3" json:"accept_level_zero,omitempty"`
// Allowed tool patterns (glob patterns, e.g., "read_*", "fs.*")
AllowedTools []string `protobuf:"bytes,4,rep,name=allowed_tools,json=allowedTools,proto3" json:"allowed_tools,omitempty"`
// contains filtered or unexported fields
}
func \(\*EvaluateConfig\) Descriptor¶
Deprecated: Use EvaluateConfig.ProtoReflect.Descriptor instead.
func \(\*EvaluateConfig\) GetAcceptLevelZero¶
func \(\*EvaluateConfig\) GetAllowedTools¶
func \(\*EvaluateConfig\) GetMinTrustLevel¶
func \(\*EvaluateConfig\) GetTrustedIssuers¶
func \(\*EvaluateConfig\) ProtoMessage¶
func \(\*EvaluateConfig\) ProtoReflect¶
func \(\*EvaluateConfig\) Reset¶
func \(\*EvaluateConfig\) String¶
type EvaluateToolAccessRequest¶
Request to evaluate tool access
type EvaluateToolAccessRequest struct {
// Tool name being invoked
ToolName string `protobuf:"bytes,1,opt,name=tool_name,json=toolName,proto3" json:"tool_name,omitempty"`
// SHA-256 hash of canonicalized params: "sha256:<base64url>"
// CRITICAL: Raw params never sent to core - canonicalization happens in wrapper
ParamsHash string `protobuf:"bytes,2,opt,name=params_hash,json=paramsHash,proto3" json:"params_hash,omitempty"`
// HTTP origin of the server (e.g., "https://api.example.com")
ServerOrigin string `protobuf:"bytes,3,opt,name=server_origin,json=serverOrigin,proto3" json:"server_origin,omitempty"`
// Caller identity - core derives agent_did, badge_jti, auth_level
//
// Types that are valid to be assigned to CallerCredential:
//
// *EvaluateToolAccessRequest_BadgeJws
// *EvaluateToolAccessRequest_ApiKey
CallerCredential isEvaluateToolAccessRequest_CallerCredential `protobuf_oneof:"caller_credential"`
// Optional policy configuration
PolicyVersion string `protobuf:"bytes,6,opt,name=policy_version,json=policyVersion,proto3" json:"policy_version,omitempty"`
Config *EvaluateConfig `protobuf:"bytes,7,opt,name=config,proto3" json:"config,omitempty"`
// RFC-005: PDP integration context (badge-only mode: all empty/zero)
EnforcementMode string `protobuf:"bytes,8,opt,name=enforcement_mode,json=enforcementMode,proto3" json:"enforcement_mode,omitempty"` // EM-OBSERVE, EM-GUARD, EM-DELEGATE, EM-STRICT
// RFC-008: Authority Envelope context (future, all empty for now)
CapabilityClass string `protobuf:"bytes,10,opt,name=capability_class,json=capabilityClass,proto3" json:"capability_class,omitempty"` // reserved for envelope
EnvelopeId string `protobuf:"bytes,11,opt,name=envelope_id,json=envelopeId,proto3" json:"envelope_id,omitempty"` // reserved for envelope
DelegationDepth int32 `protobuf:"varint,12,opt,name=delegation_depth,json=delegationDepth,proto3" json:"delegation_depth,omitempty"` // reserved for envelope
ConstraintsJson string `protobuf:"bytes,13,opt,name=constraints_json,json=constraintsJson,proto3" json:"constraints_json,omitempty"` // reserved for envelope
ParentConstraintsJson string `protobuf:"bytes,14,opt,name=parent_constraints_json,json=parentConstraintsJson,proto3" json:"parent_constraints_json,omitempty"` // reserved for envelope
// contains filtered or unexported fields
}
func \(\*EvaluateToolAccessRequest\) Descriptor¶
Deprecated: Use EvaluateToolAccessRequest.ProtoReflect.Descriptor instead.
func \(\*EvaluateToolAccessRequest\) GetApiKey¶
func \(\*EvaluateToolAccessRequest\) GetBadgeJws¶
func \(\*EvaluateToolAccessRequest\) GetCallerCredential¶
func (x *EvaluateToolAccessRequest) GetCallerCredential() isEvaluateToolAccessRequest_CallerCredential
func \(\*EvaluateToolAccessRequest\) GetCapabilityClass¶
func \(\*EvaluateToolAccessRequest\) GetConfig¶
func \(\*EvaluateToolAccessRequest\) GetConstraintsJson¶
func \(\*EvaluateToolAccessRequest\) GetDelegationDepth¶
func \(\*EvaluateToolAccessRequest\) GetEnforcementMode¶
func \(\*EvaluateToolAccessRequest\) GetEnvelopeId¶
func \(\*EvaluateToolAccessRequest\) GetParamsHash¶
func \(\*EvaluateToolAccessRequest\) GetParentConstraintsJson¶
func \(\*EvaluateToolAccessRequest\) GetPolicyVersion¶
func \(\*EvaluateToolAccessRequest\) GetServerOrigin¶
func \(\*EvaluateToolAccessRequest\) GetToolName¶
func \(\*EvaluateToolAccessRequest\) ProtoMessage¶
func \(\*EvaluateToolAccessRequest\) ProtoReflect¶
func \(\*EvaluateToolAccessRequest\) Reset¶
func \(\*EvaluateToolAccessRequest\) String¶
type EvaluateToolAccessRequest\_ApiKey¶
type EvaluateToolAccessRequest_ApiKey struct {
ApiKey string `protobuf:"bytes,5,opt,name=api_key,json=apiKey,proto3,oneof"` // API key
}
type EvaluateToolAccessRequest\_BadgeJws¶
type EvaluateToolAccessRequest_BadgeJws struct {
BadgeJws string `protobuf:"bytes,4,opt,name=badge_jws,json=badgeJws,proto3,oneof"` // Full badge JWT
}
type EvaluateToolAccessResponse¶
Response from tool access evaluation
type EvaluateToolAccessResponse struct {
// Access decision
Decision MCPDecision `protobuf:"varint,1,opt,name=decision,proto3,enum=capiscio.v1.MCPDecision" json:"decision,omitempty"`
// Reason for denial (only set if decision = DENY)
DenyReason MCPDenyReason `protobuf:"varint,2,opt,name=deny_reason,json=denyReason,proto3,enum=capiscio.v1.MCPDenyReason" json:"deny_reason,omitempty"`
// Human-readable denial detail
DenyDetail string `protobuf:"bytes,3,opt,name=deny_detail,json=denyDetail,proto3" json:"deny_detail,omitempty"`
// Derived identity (core extracts from credential)
AgentDid string `protobuf:"bytes,4,opt,name=agent_did,json=agentDid,proto3" json:"agent_did,omitempty"` // Extracted from badge/API key
BadgeJti string `protobuf:"bytes,5,opt,name=badge_jti,json=badgeJti,proto3" json:"badge_jti,omitempty"` // Badge ID if present
AuthLevel MCPAuthLevel `protobuf:"varint,6,opt,name=auth_level,json=authLevel,proto3,enum=capiscio.v1.MCPAuthLevel" json:"auth_level,omitempty"` // ANONYMOUS, API_KEY, or BADGE
TrustLevel int32 `protobuf:"varint,7,opt,name=trust_level,json=trustLevel,proto3" json:"trust_level,omitempty"` // Verified trust level (0-4)
// Evidence (single source of truth - no separate EmitEvidence RPC)
// RFC-006 ยง7 compliant JSON
EvidenceJson string `protobuf:"bytes,8,opt,name=evidence_json,json=evidenceJson,proto3" json:"evidence_json,omitempty"`
// Unique evidence record ID
EvidenceId string `protobuf:"bytes,9,opt,name=evidence_id,json=evidenceId,proto3" json:"evidence_id,omitempty"`
// Timestamp of evaluation
Timestamp *timestamppb.Timestamp `protobuf:"bytes,10,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
// RFC-005: Policy decision context
PolicyDecisionId string `protobuf:"bytes,11,opt,name=policy_decision_id,json=policyDecisionId,proto3" json:"policy_decision_id,omitempty"` // from PDP response
PolicyDecision string `protobuf:"bytes,12,opt,name=policy_decision,json=policyDecision,proto3" json:"policy_decision,omitempty"` // ALLOW, DENY, or ALLOW_OBSERVE
EnforcementMode string `protobuf:"bytes,13,opt,name=enforcement_mode,json=enforcementMode,proto3" json:"enforcement_mode,omitempty"` // mode used for this evaluation
Obligations []*MCPObligation `protobuf:"bytes,14,rep,name=obligations,proto3" json:"obligations,omitempty"` // obligations from PDP
// contains filtered or unexported fields
}
func \(\*EvaluateToolAccessResponse\) Descriptor¶
Deprecated: Use EvaluateToolAccessResponse.ProtoReflect.Descriptor instead.
func \(\*EvaluateToolAccessResponse\) GetAgentDid¶
func \(\*EvaluateToolAccessResponse\) GetAuthLevel¶
func \(\*EvaluateToolAccessResponse\) GetBadgeJti¶
func \(\*EvaluateToolAccessResponse\) GetDecision¶
func \(\*EvaluateToolAccessResponse\) GetDenyDetail¶
func \(\*EvaluateToolAccessResponse\) GetDenyReason¶
func \(\*EvaluateToolAccessResponse\) GetEnforcementMode¶
func \(\*EvaluateToolAccessResponse\) GetEvidenceId¶
func \(\*EvaluateToolAccessResponse\) GetEvidenceJson¶
func \(\*EvaluateToolAccessResponse\) GetObligations¶
func \(\*EvaluateToolAccessResponse\) GetPolicyDecision¶
func \(\*EvaluateToolAccessResponse\) GetPolicyDecisionId¶
func \(\*EvaluateToolAccessResponse\) GetTimestamp¶
func \(\*EvaluateToolAccessResponse\) GetTrustLevel¶
func \(\*EvaluateToolAccessResponse\) ProtoMessage¶
func \(\*EvaluateToolAccessResponse\) ProtoReflect¶
func \(\*EvaluateToolAccessResponse\) Reset¶
func \(\*EvaluateToolAccessResponse\) String¶
type ExportKeyRequest¶
Request to export key
type ExportKeyRequest struct {
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
FilePath string `protobuf:"bytes,2,opt,name=file_path,json=filePath,proto3" json:"file_path,omitempty"`
Format KeyFormat `protobuf:"varint,3,opt,name=format,proto3,enum=capiscio.v1.KeyFormat" json:"format,omitempty"`
IncludePrivate bool `protobuf:"varint,4,opt,name=include_private,json=includePrivate,proto3" json:"include_private,omitempty"`
Passphrase string `protobuf:"bytes,5,opt,name=passphrase,proto3" json:"passphrase,omitempty"` // Optional: encrypt private key
// contains filtered or unexported fields
}
func \(\*ExportKeyRequest\) Descriptor¶
Deprecated: Use ExportKeyRequest.ProtoReflect.Descriptor instead.
func \(\*ExportKeyRequest\) GetFilePath¶
func \(\*ExportKeyRequest\) GetFormat¶
func \(\*ExportKeyRequest\) GetIncludePrivate¶
func \(\*ExportKeyRequest\) GetKeyId¶
func \(\*ExportKeyRequest\) GetPassphrase¶
func \(\*ExportKeyRequest\) ProtoMessage¶
func \(\*ExportKeyRequest\) ProtoReflect¶
func \(\*ExportKeyRequest\) Reset¶
func \(\*ExportKeyRequest\) String¶
type ExportKeyResponse¶
Response for export
type ExportKeyResponse struct {
FilePath string `protobuf:"bytes,1,opt,name=file_path,json=filePath,proto3" json:"file_path,omitempty"`
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*ExportKeyResponse\) Descriptor¶
Deprecated: Use ExportKeyResponse.ProtoReflect.Descriptor instead.
func \(\*ExportKeyResponse\) GetErrorMessage¶
func \(\*ExportKeyResponse\) GetFilePath¶
func \(\*ExportKeyResponse\) ProtoMessage¶
func \(\*ExportKeyResponse\) ProtoReflect¶
func \(\*ExportKeyResponse\) Reset¶
func \(\*ExportKeyResponse\) String¶
type ExportToDirectoryRequest¶
Request to export to directory
type ExportToDirectoryRequest struct {
DirectoryPath string `protobuf:"bytes,1,opt,name=directory_path,json=directoryPath,proto3" json:"directory_path,omitempty"`
Format KeyFormat `protobuf:"varint,2,opt,name=format,proto3,enum=capiscio.v1.KeyFormat" json:"format,omitempty"`
// contains filtered or unexported fields
}
func \(\*ExportToDirectoryRequest\) Descriptor¶
Deprecated: Use ExportToDirectoryRequest.ProtoReflect.Descriptor instead.
func \(\*ExportToDirectoryRequest\) GetDirectoryPath¶
func \(\*ExportToDirectoryRequest\) GetFormat¶
func \(\*ExportToDirectoryRequest\) ProtoMessage¶
func \(\*ExportToDirectoryRequest\) ProtoReflect¶
func \(\*ExportToDirectoryRequest\) Reset¶
func \(\*ExportToDirectoryRequest\) String¶
type ExportToDirectoryResponse¶
Response for export
type ExportToDirectoryResponse struct {
KeysExported int32 `protobuf:"varint,1,opt,name=keys_exported,json=keysExported,proto3" json:"keys_exported,omitempty"`
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*ExportToDirectoryResponse\) Descriptor¶
Deprecated: Use ExportToDirectoryResponse.ProtoReflect.Descriptor instead.
func \(\*ExportToDirectoryResponse\) GetErrorMessage¶
func \(\*ExportToDirectoryResponse\) GetKeysExported¶
func \(\*ExportToDirectoryResponse\) ProtoMessage¶
func \(\*ExportToDirectoryResponse\) ProtoReflect¶
func \(\*ExportToDirectoryResponse\) Reset¶
func \(\*ExportToDirectoryResponse\) String¶
type FetchRevocationListRequest¶
Request to fetch remote revocation list
type FetchRevocationListRequest struct {
Url string `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"`
Timeout *Duration `protobuf:"bytes,2,opt,name=timeout,proto3" json:"timeout,omitempty"`
// contains filtered or unexported fields
}
func \(\*FetchRevocationListRequest\) Descriptor¶
Deprecated: Use FetchRevocationListRequest.ProtoReflect.Descriptor instead.
func \(\*FetchRevocationListRequest\) GetTimeout¶
func \(\*FetchRevocationListRequest\) GetUrl¶
func \(\*FetchRevocationListRequest\) ProtoMessage¶
func \(\*FetchRevocationListRequest\) ProtoReflect¶
func \(\*FetchRevocationListRequest\) Reset¶
func \(\*FetchRevocationListRequest\) String¶
type FetchRevocationListResponse¶
Response for fetch
type FetchRevocationListResponse struct {
EntriesAdded int32 `protobuf:"varint,1,opt,name=entries_added,json=entriesAdded,proto3" json:"entries_added,omitempty"`
EntriesUpdated int32 `protobuf:"varint,2,opt,name=entries_updated,json=entriesUpdated,proto3" json:"entries_updated,omitempty"`
FetchedAt *Timestamp `protobuf:"bytes,3,opt,name=fetched_at,json=fetchedAt,proto3" json:"fetched_at,omitempty"`
ErrorMessage string `protobuf:"bytes,4,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*FetchRevocationListResponse\) Descriptor¶
Deprecated: Use FetchRevocationListResponse.ProtoReflect.Descriptor instead.
func \(\*FetchRevocationListResponse\) GetEntriesAdded¶
func \(\*FetchRevocationListResponse\) GetEntriesUpdated¶
func \(\*FetchRevocationListResponse\) GetErrorMessage¶
func \(\*FetchRevocationListResponse\) GetFetchedAt¶
func \(\*FetchRevocationListResponse\) ProtoMessage¶
func \(\*FetchRevocationListResponse\) ProtoReflect¶
func \(\*FetchRevocationListResponse\) Reset¶
func \(\*FetchRevocationListResponse\) String¶
type FinalizeDVOrderRequest¶
Request to finalize DV order
type FinalizeDVOrderRequest struct {
// Order ID (UUID)
OrderId string `protobuf:"bytes,1,opt,name=order_id,json=orderId,proto3" json:"order_id,omitempty"`
// CA URL (default: https://registry.capisc.io)
CaUrl string `protobuf:"bytes,2,opt,name=ca_url,json=caUrl,proto3" json:"ca_url,omitempty"`
// contains filtered or unexported fields
}
func \(\*FinalizeDVOrderRequest\) Descriptor¶
Deprecated: Use FinalizeDVOrderRequest.ProtoReflect.Descriptor instead.
func \(\*FinalizeDVOrderRequest\) GetCaUrl¶
func \(\*FinalizeDVOrderRequest\) GetOrderId¶
func \(\*FinalizeDVOrderRequest\) ProtoMessage¶
func \(\*FinalizeDVOrderRequest\) ProtoReflect¶
func \(\*FinalizeDVOrderRequest\) Reset¶
func \(\*FinalizeDVOrderRequest\) String¶
type FinalizeDVOrderResponse¶
Response from DV order finalization
type FinalizeDVOrderResponse struct {
// Whether the request succeeded
Success bool `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
// DV grant JWT
Grant string `protobuf:"bytes,2,opt,name=grant,proto3" json:"grant,omitempty"`
// When the grant expires (Unix timestamp)
ExpiresAt int64 `protobuf:"varint,3,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
// Error message if success=false
Error string `protobuf:"bytes,4,opt,name=error,proto3" json:"error,omitempty"`
// Error code
ErrorCode string `protobuf:"bytes,5,opt,name=error_code,json=errorCode,proto3" json:"error_code,omitempty"`
// contains filtered or unexported fields
}
func \(\*FinalizeDVOrderResponse\) Descriptor¶
Deprecated: Use FinalizeDVOrderResponse.ProtoReflect.Descriptor instead.
func \(\*FinalizeDVOrderResponse\) GetError¶
func \(\*FinalizeDVOrderResponse\) GetErrorCode¶
func \(\*FinalizeDVOrderResponse\) GetExpiresAt¶
func \(\*FinalizeDVOrderResponse\) GetGrant¶
func \(\*FinalizeDVOrderResponse\) GetSuccess¶
func \(\*FinalizeDVOrderResponse\) ProtoMessage¶
func \(\*FinalizeDVOrderResponse\) ProtoReflect¶
func \(\*FinalizeDVOrderResponse\) Reset¶
func \(\*FinalizeDVOrderResponse\) String¶
type GenerateKeyPairRequest¶
Request to generate key pair
type GenerateKeyPairRequest struct {
Algorithm KeyAlgorithm `protobuf:"varint,1,opt,name=algorithm,proto3,enum=capiscio.v1.KeyAlgorithm" json:"algorithm,omitempty"`
KeyId string `protobuf:"bytes,2,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` // Optional: specific key ID
Metadata map[string]string `protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
// contains filtered or unexported fields
}
func \(\*GenerateKeyPairRequest\) Descriptor¶
Deprecated: Use GenerateKeyPairRequest.ProtoReflect.Descriptor instead.
func \(\*GenerateKeyPairRequest\) GetAlgorithm¶
func \(\*GenerateKeyPairRequest\) GetKeyId¶
func \(\*GenerateKeyPairRequest\) GetMetadata¶
func \(\*GenerateKeyPairRequest\) ProtoMessage¶
func \(\*GenerateKeyPairRequest\) ProtoReflect¶
func \(\*GenerateKeyPairRequest\) Reset¶
func \(\*GenerateKeyPairRequest\) String¶
type GenerateKeyPairResponse¶
Response with generated keys
type GenerateKeyPairResponse struct {
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
PublicKey []byte `protobuf:"bytes,2,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
PrivateKey []byte `protobuf:"bytes,3,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"`
PublicKeyPem string `protobuf:"bytes,4,opt,name=public_key_pem,json=publicKeyPem,proto3" json:"public_key_pem,omitempty"`
PrivateKeyPem string `protobuf:"bytes,5,opt,name=private_key_pem,json=privateKeyPem,proto3" json:"private_key_pem,omitempty"`
Algorithm KeyAlgorithm `protobuf:"varint,6,opt,name=algorithm,proto3,enum=capiscio.v1.KeyAlgorithm" json:"algorithm,omitempty"`
ErrorMessage string `protobuf:"bytes,7,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
DidKey string `protobuf:"bytes,8,opt,name=did_key,json=didKey,proto3" json:"did_key,omitempty"` // did:key URI derived from public key (RFC-002 ยง6.1)
// contains filtered or unexported fields
}
func \(\*GenerateKeyPairResponse\) Descriptor¶
Deprecated: Use GenerateKeyPairResponse.ProtoReflect.Descriptor instead.
func \(\*GenerateKeyPairResponse\) GetAlgorithm¶
func \(\*GenerateKeyPairResponse\) GetDidKey¶
func \(\*GenerateKeyPairResponse\) GetErrorMessage¶
func \(\*GenerateKeyPairResponse\) GetKeyId¶
func \(\*GenerateKeyPairResponse\) GetPrivateKey¶
func \(\*GenerateKeyPairResponse\) GetPrivateKeyPem¶
func \(\*GenerateKeyPairResponse\) GetPublicKey¶
func \(\*GenerateKeyPairResponse\) GetPublicKeyPem¶
func \(\*GenerateKeyPairResponse\) ProtoMessage¶
func \(\*GenerateKeyPairResponse\) ProtoReflect¶
func \(\*GenerateKeyPairResponse\) Reset¶
func \(\*GenerateKeyPairResponse\) String¶
type GetAgentRequest¶
Request to get agent
type GetAgentRequest struct {
Did string `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"`
IncludeBadge bool `protobuf:"varint,2,opt,name=include_badge,json=includeBadge,proto3" json:"include_badge,omitempty"` // Whether to include badge info
VerifyBadge bool `protobuf:"varint,3,opt,name=verify_badge,json=verifyBadge,proto3" json:"verify_badge,omitempty"` // Whether to verify badge
// contains filtered or unexported fields
}
func \(\*GetAgentRequest\) Descriptor¶
Deprecated: Use GetAgentRequest.ProtoReflect.Descriptor instead.
func \(\*GetAgentRequest\) GetDid¶
func \(\*GetAgentRequest\) GetIncludeBadge¶
func \(\*GetAgentRequest\) GetVerifyBadge¶
func \(\*GetAgentRequest\) ProtoMessage¶
func \(\*GetAgentRequest\) ProtoReflect¶
func \(\*GetAgentRequest\) Reset¶
func \(\*GetAgentRequest\) String¶
type GetAgentResponse¶
Response with agent
type GetAgentResponse struct {
Agent *RegisteredAgent `protobuf:"bytes,1,opt,name=agent,proto3" json:"agent,omitempty"`
BadgeValid bool `protobuf:"varint,2,opt,name=badge_valid,json=badgeValid,proto3" json:"badge_valid,omitempty"`
ErrorMessage string `protobuf:"bytes,3,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*GetAgentResponse\) Descriptor¶
Deprecated: Use GetAgentResponse.ProtoReflect.Descriptor instead.
func \(\*GetAgentResponse\) GetAgent¶
func \(\*GetAgentResponse\) GetBadgeValid¶
func \(\*GetAgentResponse\) GetErrorMessage¶
func \(\*GetAgentResponse\) ProtoMessage¶
func \(\*GetAgentResponse\) ProtoReflect¶
func \(\*GetAgentResponse\) Reset¶
func \(\*GetAgentResponse\) String¶
type GetCacheStatsRequest¶
Request for cache stats
func \(\*GetCacheStatsRequest\) Descriptor¶
Deprecated: Use GetCacheStatsRequest.ProtoReflect.Descriptor instead.
func \(\*GetCacheStatsRequest\) ProtoMessage¶
func \(\*GetCacheStatsRequest\) ProtoReflect¶
func \(\*GetCacheStatsRequest\) Reset¶
func \(\*GetCacheStatsRequest\) String¶
type GetCacheStatsResponse¶
Cache statistics
type GetCacheStatsResponse struct {
TotalEntries int32 `protobuf:"varint,1,opt,name=total_entries,json=totalEntries,proto3" json:"total_entries,omitempty"`
LocalEntries int32 `protobuf:"varint,2,opt,name=local_entries,json=localEntries,proto3" json:"local_entries,omitempty"`
RemoteEntries int32 `protobuf:"varint,3,opt,name=remote_entries,json=remoteEntries,proto3" json:"remote_entries,omitempty"`
LastRemoteFetch *Timestamp `protobuf:"bytes,4,opt,name=last_remote_fetch,json=lastRemoteFetch,proto3" json:"last_remote_fetch,omitempty"`
CacheTtl *Duration `protobuf:"bytes,5,opt,name=cache_ttl,json=cacheTtl,proto3" json:"cache_ttl,omitempty"`
EntriesBySource map[string]int32 `protobuf:"bytes,6,rep,name=entries_by_source,json=entriesBySource,proto3" json:"entries_by_source,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"varint,2,opt,name=value"`
// contains filtered or unexported fields
}
func \(\*GetCacheStatsResponse\) Descriptor¶
Deprecated: Use GetCacheStatsResponse.ProtoReflect.Descriptor instead.
func \(\*GetCacheStatsResponse\) GetCacheTtl¶
func \(\*GetCacheStatsResponse\) GetEntriesBySource¶
func \(\*GetCacheStatsResponse\) GetLastRemoteFetch¶
func \(\*GetCacheStatsResponse\) GetLocalEntries¶
func \(\*GetCacheStatsResponse\) GetRemoteEntries¶
func \(\*GetCacheStatsResponse\) GetTotalEntries¶
func \(\*GetCacheStatsResponse\) ProtoMessage¶
func \(\*GetCacheStatsResponse\) ProtoReflect¶
func \(\*GetCacheStatsResponse\) Reset¶
func \(\*GetCacheStatsResponse\) String¶
type GetDVOrderRequest¶
Request to get DV order status
type GetDVOrderRequest struct {
// Order ID (UUID)
OrderId string `protobuf:"bytes,1,opt,name=order_id,json=orderId,proto3" json:"order_id,omitempty"`
// CA URL (default: https://registry.capisc.io)
CaUrl string `protobuf:"bytes,2,opt,name=ca_url,json=caUrl,proto3" json:"ca_url,omitempty"`
// contains filtered or unexported fields
}
func \(\*GetDVOrderRequest\) Descriptor¶
Deprecated: Use GetDVOrderRequest.ProtoReflect.Descriptor instead.
func \(\*GetDVOrderRequest\) GetCaUrl¶
func \(\*GetDVOrderRequest\) GetOrderId¶
func \(\*GetDVOrderRequest\) ProtoMessage¶
func \(\*GetDVOrderRequest\) ProtoReflect¶
func \(\*GetDVOrderRequest\) Reset¶
func \(\*GetDVOrderRequest\) String¶
type GetDVOrderResponse¶
Response with DV order status
type GetDVOrderResponse struct {
// Whether the request succeeded
Success bool `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
// Order ID (UUID)
OrderId string `protobuf:"bytes,2,opt,name=order_id,json=orderId,proto3" json:"order_id,omitempty"`
// Domain
Domain string `protobuf:"bytes,3,opt,name=domain,proto3" json:"domain,omitempty"`
// Challenge type
ChallengeType string `protobuf:"bytes,4,opt,name=challenge_type,json=challengeType,proto3" json:"challenge_type,omitempty"`
// Challenge token
ChallengeToken string `protobuf:"bytes,5,opt,name=challenge_token,json=challengeToken,proto3" json:"challenge_token,omitempty"`
// Order status
Status string `protobuf:"bytes,6,opt,name=status,proto3" json:"status,omitempty"`
// Validation URL (for HTTP-01)
ValidationUrl string `protobuf:"bytes,7,opt,name=validation_url,json=validationUrl,proto3" json:"validation_url,omitempty"`
// DNS record value (for DNS-01)
DnsRecord string `protobuf:"bytes,8,opt,name=dns_record,json=dnsRecord,proto3" json:"dns_record,omitempty"`
// When the order expires (Unix timestamp)
ExpiresAt int64 `protobuf:"varint,9,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
// When the order was finalized (Unix timestamp, optional)
FinalizedAt int64 `protobuf:"varint,10,opt,name=finalized_at,json=finalizedAt,proto3" json:"finalized_at,omitempty"`
// Error message if success=false
Error string `protobuf:"bytes,11,opt,name=error,proto3" json:"error,omitempty"`
// Error code
ErrorCode string `protobuf:"bytes,12,opt,name=error_code,json=errorCode,proto3" json:"error_code,omitempty"`
// contains filtered or unexported fields
}
func \(\*GetDVOrderResponse\) Descriptor¶
Deprecated: Use GetDVOrderResponse.ProtoReflect.Descriptor instead.
func \(\*GetDVOrderResponse\) GetChallengeToken¶
func \(\*GetDVOrderResponse\) GetChallengeType¶
func \(\*GetDVOrderResponse\) GetDnsRecord¶
func \(\*GetDVOrderResponse\) GetDomain¶
func \(\*GetDVOrderResponse\) GetError¶
func \(\*GetDVOrderResponse\) GetErrorCode¶
func \(\*GetDVOrderResponse\) GetExpiresAt¶
func \(\*GetDVOrderResponse\) GetFinalizedAt¶
func \(\*GetDVOrderResponse\) GetOrderId¶
func \(\*GetDVOrderResponse\) GetStatus¶
func \(\*GetDVOrderResponse\) GetSuccess¶
func \(\*GetDVOrderResponse\) GetValidationUrl¶
func \(\*GetDVOrderResponse\) ProtoMessage¶
func \(\*GetDVOrderResponse\) ProtoReflect¶
func \(\*GetDVOrderResponse\) Reset¶
func \(\*GetDVOrderResponse\) String¶
type GetKeyInfoRequest¶
Request for key info
type GetKeyInfoRequest struct {
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
// contains filtered or unexported fields
}
func \(\*GetKeyInfoRequest\) Descriptor¶
Deprecated: Use GetKeyInfoRequest.ProtoReflect.Descriptor instead.
func \(\*GetKeyInfoRequest\) GetKeyId¶
func \(\*GetKeyInfoRequest\) ProtoMessage¶
func \(\*GetKeyInfoRequest\) ProtoReflect¶
func \(\*GetKeyInfoRequest\) Reset¶
func \(\*GetKeyInfoRequest\) String¶
type GetKeyInfoResponse¶
Response with key info
type GetKeyInfoResponse struct {
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
Algorithm KeyAlgorithm `protobuf:"varint,2,opt,name=algorithm,proto3,enum=capiscio.v1.KeyAlgorithm" json:"algorithm,omitempty"`
HasPrivateKey bool `protobuf:"varint,3,opt,name=has_private_key,json=hasPrivateKey,proto3" json:"has_private_key,omitempty"`
PublicKey []byte `protobuf:"bytes,4,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
PublicKeyPem string `protobuf:"bytes,5,opt,name=public_key_pem,json=publicKeyPem,proto3" json:"public_key_pem,omitempty"`
CreatedAt *Timestamp `protobuf:"bytes,6,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
Metadata map[string]string `protobuf:"bytes,7,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
ErrorMessage string `protobuf:"bytes,8,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*GetKeyInfoResponse\) Descriptor¶
Deprecated: Use GetKeyInfoResponse.ProtoReflect.Descriptor instead.
func \(\*GetKeyInfoResponse\) GetAlgorithm¶
func \(\*GetKeyInfoResponse\) GetCreatedAt¶
func \(\*GetKeyInfoResponse\) GetErrorMessage¶
func \(\*GetKeyInfoResponse\) GetHasPrivateKey¶
func \(\*GetKeyInfoResponse\) GetKeyId¶
func \(\*GetKeyInfoResponse\) GetMetadata¶
func \(\*GetKeyInfoResponse\) GetPublicKey¶
func \(\*GetKeyInfoResponse\) GetPublicKeyPem¶
func \(\*GetKeyInfoResponse\) ProtoMessage¶
func \(\*GetKeyInfoResponse\) ProtoReflect¶
func \(\*GetKeyInfoResponse\) Reset¶
func \(\*GetKeyInfoResponse\) String¶
type GetKeyRequest¶
Request to get a key
type GetKeyRequest struct {
Did string `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"`
KeyId string `protobuf:"bytes,2,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` // Optional: if not set, returns primary key
// contains filtered or unexported fields
}
func \(\*GetKeyRequest\) Descriptor¶
Deprecated: Use GetKeyRequest.ProtoReflect.Descriptor instead.
func \(\*GetKeyRequest\) GetDid¶
func \(\*GetKeyRequest\) GetKeyId¶
func \(\*GetKeyRequest\) ProtoMessage¶
func \(\*GetKeyRequest\) ProtoReflect¶
func \(\*GetKeyRequest\) Reset¶
func \(\*GetKeyRequest\) String¶
type GetKeyResponse¶
Response with key
type GetKeyResponse struct {
Key *TrustedKey `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*GetKeyResponse\) Descriptor¶
Deprecated: Use GetKeyResponse.ProtoReflect.Descriptor instead.
func \(\*GetKeyResponse\) GetErrorMessage¶
func \(\*GetKeyResponse\) GetKey¶
func \(\*GetKeyResponse\) ProtoMessage¶
func \(\*GetKeyResponse\) ProtoReflect¶
func \(\*GetKeyResponse\) Reset¶
func \(\*GetKeyResponse\) String¶
type GetRuleSetRequest¶
Request to get rule set
type GetRuleSetRequest struct {
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Version string `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"` // Optional: specific version
// contains filtered or unexported fields
}
func \(\*GetRuleSetRequest\) Descriptor¶
Deprecated: Use GetRuleSetRequest.ProtoReflect.Descriptor instead.
func \(\*GetRuleSetRequest\) GetId¶
func \(\*GetRuleSetRequest\) GetVersion¶
func \(\*GetRuleSetRequest\) ProtoMessage¶
func \(\*GetRuleSetRequest\) ProtoReflect¶
func \(\*GetRuleSetRequest\) Reset¶
func \(\*GetRuleSetRequest\) String¶
type GetRuleSetResponse¶
Response with rule set
type GetRuleSetResponse struct {
RuleSet *RuleSet `protobuf:"bytes,1,opt,name=rule_set,json=ruleSet,proto3" json:"rule_set,omitempty"`
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*GetRuleSetResponse\) Descriptor¶
Deprecated: Use GetRuleSetResponse.ProtoReflect.Descriptor instead.
func \(\*GetRuleSetResponse\) GetErrorMessage¶
func \(\*GetRuleSetResponse\) GetRuleSet¶
func \(\*GetRuleSetResponse\) ProtoMessage¶
func \(\*GetRuleSetResponse\) ProtoReflect¶
func \(\*GetRuleSetResponse\) Reset¶
func \(\*GetRuleSetResponse\) String¶
type GetStatsRequest¶
Get stats request
func \(\*GetStatsRequest\) Descriptor¶
Deprecated: Use GetStatsRequest.ProtoReflect.Descriptor instead.
func \(\*GetStatsRequest\) ProtoMessage¶
func \(\*GetStatsRequest\) ProtoReflect¶
func \(\*GetStatsRequest\) Reset¶
func \(\*GetStatsRequest\) String¶
type GetStatsResponse¶
Registry statistics
type GetStatsResponse struct {
TotalAgents int32 `protobuf:"varint,1,opt,name=total_agents,json=totalAgents,proto3" json:"total_agents,omitempty"`
ActiveAgents int32 `protobuf:"varint,2,opt,name=active_agents,json=activeAgents,proto3" json:"active_agents,omitempty"`
InactiveAgents int32 `protobuf:"varint,3,opt,name=inactive_agents,json=inactiveAgents,proto3" json:"inactive_agents,omitempty"`
SuspendedAgents int32 `protobuf:"varint,4,opt,name=suspended_agents,json=suspendedAgents,proto3" json:"suspended_agents,omitempty"`
PendingAgents int32 `protobuf:"varint,5,opt,name=pending_agents,json=pendingAgents,proto3" json:"pending_agents,omitempty"`
BadgedAgents int32 `protobuf:"varint,6,opt,name=badged_agents,json=badgedAgents,proto3" json:"badged_agents,omitempty"` // Agents with valid badges
AgentsByRating map[string]int32 `protobuf:"bytes,7,rep,name=agents_by_rating,json=agentsByRating,proto3" json:"agents_by_rating,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"varint,2,opt,name=value"`
AgentsByCapability map[string]int32 `protobuf:"bytes,8,rep,name=agents_by_capability,json=agentsByCapability,proto3" json:"agents_by_capability,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"varint,2,opt,name=value"`
LastUpdated *Timestamp `protobuf:"bytes,9,opt,name=last_updated,json=lastUpdated,proto3" json:"last_updated,omitempty"`
// contains filtered or unexported fields
}
func \(\*GetStatsResponse\) Descriptor¶
Deprecated: Use GetStatsResponse.ProtoReflect.Descriptor instead.
func \(\*GetStatsResponse\) GetActiveAgents¶
func \(\*GetStatsResponse\) GetAgentsByCapability¶
func \(\*GetStatsResponse\) GetAgentsByRating¶
func \(\*GetStatsResponse\) GetBadgedAgents¶
func \(\*GetStatsResponse\) GetInactiveAgents¶
func \(\*GetStatsResponse\) GetLastUpdated¶
func \(\*GetStatsResponse\) GetPendingAgents¶
func \(\*GetStatsResponse\) GetSuspendedAgents¶
func \(\*GetStatsResponse\) GetTotalAgents¶
func \(\*GetStatsResponse\) ProtoMessage¶
func \(\*GetStatsResponse\) ProtoReflect¶
func \(\*GetStatsResponse\) Reset¶
func \(\*GetStatsResponse\) String¶
type ImportFromDirectoryRequest¶
Request to import from directory
type ImportFromDirectoryRequest struct {
DirectoryPath string `protobuf:"bytes,1,opt,name=directory_path,json=directoryPath,proto3" json:"directory_path,omitempty"`
Recursive bool `protobuf:"varint,2,opt,name=recursive,proto3" json:"recursive,omitempty"`
// contains filtered or unexported fields
}
func \(\*ImportFromDirectoryRequest\) Descriptor¶
Deprecated: Use ImportFromDirectoryRequest.ProtoReflect.Descriptor instead.
func \(\*ImportFromDirectoryRequest\) GetDirectoryPath¶
func \(\*ImportFromDirectoryRequest\) GetRecursive¶
func \(\*ImportFromDirectoryRequest\) ProtoMessage¶
func \(\*ImportFromDirectoryRequest\) ProtoReflect¶
func \(\*ImportFromDirectoryRequest\) Reset¶
func \(\*ImportFromDirectoryRequest\) String¶
type ImportFromDirectoryResponse¶
Response for import
type ImportFromDirectoryResponse struct {
KeysImported int32 `protobuf:"varint,1,opt,name=keys_imported,json=keysImported,proto3" json:"keys_imported,omitempty"`
KeysSkipped int32 `protobuf:"varint,2,opt,name=keys_skipped,json=keysSkipped,proto3" json:"keys_skipped,omitempty"`
Errors []string `protobuf:"bytes,3,rep,name=errors,proto3" json:"errors,omitempty"`
// contains filtered or unexported fields
}
func \(\*ImportFromDirectoryResponse\) Descriptor¶
Deprecated: Use ImportFromDirectoryResponse.ProtoReflect.Descriptor instead.
func \(\*ImportFromDirectoryResponse\) GetErrors¶
func \(\*ImportFromDirectoryResponse\) GetKeysImported¶
func \(\*ImportFromDirectoryResponse\) GetKeysSkipped¶
func \(\*ImportFromDirectoryResponse\) ProtoMessage¶
func \(\*ImportFromDirectoryResponse\) ProtoReflect¶
func \(\*ImportFromDirectoryResponse\) Reset¶
func \(\*ImportFromDirectoryResponse\) String¶
type InitRequest¶
Request to initialize agent identity
type InitRequest struct {
ApiKey string `protobuf:"bytes,1,opt,name=api_key,json=apiKey,proto3" json:"api_key,omitempty"` // API key for server authentication
AgentId string `protobuf:"bytes,2,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"` // Agent UUID to register DID for
ServerUrl string `protobuf:"bytes,3,opt,name=server_url,json=serverUrl,proto3" json:"server_url,omitempty"` // CapiscIO server URL (default: https://api.capisc.io)
OutputDir string `protobuf:"bytes,4,opt,name=output_dir,json=outputDir,proto3" json:"output_dir,omitempty"` // Directory for generated files (default: .capiscio)
Force bool `protobuf:"varint,5,opt,name=force,proto3" json:"force,omitempty"` // Overwrite existing files
Algorithm KeyAlgorithm `protobuf:"varint,6,opt,name=algorithm,proto3,enum=capiscio.v1.KeyAlgorithm" json:"algorithm,omitempty"` // Key algorithm (default: Ed25519)
Metadata map[string]string `protobuf:"bytes,7,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` // Additional metadata for agent card
// contains filtered or unexported fields
}
func \(\*InitRequest\) Descriptor¶
Deprecated: Use InitRequest.ProtoReflect.Descriptor instead.
func \(\*InitRequest\) GetAgentId¶
func \(\*InitRequest\) GetAlgorithm¶
func \(\*InitRequest\) GetApiKey¶
func \(\*InitRequest\) GetForce¶
func \(\*InitRequest\) GetMetadata¶
func \(\*InitRequest\) GetOutputDir¶
func \(\*InitRequest\) GetServerUrl¶
func \(\*InitRequest\) ProtoMessage¶
func \(\*InitRequest\) ProtoReflect¶
func \(\*InitRequest\) Reset¶
func \(\*InitRequest\) String¶
type InitResponse¶
Response from init
type InitResponse struct {
Did string `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"` // Generated did:key URI
AgentId string `protobuf:"bytes,2,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"` // Registered agent ID
PrivateKeyPath string `protobuf:"bytes,3,opt,name=private_key_path,json=privateKeyPath,proto3" json:"private_key_path,omitempty"` // Path to private key file
PublicKeyPath string `protobuf:"bytes,4,opt,name=public_key_path,json=publicKeyPath,proto3" json:"public_key_path,omitempty"` // Path to public key file
AgentCardPath string `protobuf:"bytes,5,opt,name=agent_card_path,json=agentCardPath,proto3" json:"agent_card_path,omitempty"` // Path to agent card JSON
AgentCardJson string `protobuf:"bytes,6,opt,name=agent_card_json,json=agentCardJson,proto3" json:"agent_card_json,omitempty"` // Agent card contents as JSON string
Registered bool `protobuf:"varint,7,opt,name=registered,proto3" json:"registered,omitempty"` // Whether DID was registered with server
ErrorMessage string `protobuf:"bytes,8,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"` // Error if any
// contains filtered or unexported fields
}
func \(\*InitResponse\) Descriptor¶
Deprecated: Use InitResponse.ProtoReflect.Descriptor instead.
func \(\*InitResponse\) GetAgentCardJson¶
func \(\*InitResponse\) GetAgentCardPath¶
func \(\*InitResponse\) GetAgentId¶
func \(\*InitResponse\) GetDid¶
func \(\*InitResponse\) GetErrorMessage¶
func \(\*InitResponse\) GetPrivateKeyPath¶
func \(\*InitResponse\) GetPublicKeyPath¶
func \(\*InitResponse\) GetRegistered¶
func \(\*InitResponse\) ProtoMessage¶
func \(\*InitResponse\) ProtoReflect¶
func \(\*InitResponse\) Reset¶
func \(\*InitResponse\) String¶
type IsAgentDIDRequest¶
Request to check if DID is agent DID
type IsAgentDIDRequest struct {
Did string `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"`
// contains filtered or unexported fields
}
func \(\*IsAgentDIDRequest\) Descriptor¶
Deprecated: Use IsAgentDIDRequest.ProtoReflect.Descriptor instead.
func \(\*IsAgentDIDRequest\) GetDid¶
func \(\*IsAgentDIDRequest\) ProtoMessage¶
func \(\*IsAgentDIDRequest\) ProtoReflect¶
func \(\*IsAgentDIDRequest\) Reset¶
func \(\*IsAgentDIDRequest\) String¶
type IsAgentDIDResponse¶
Response for agent DID check
type IsAgentDIDResponse struct {
IsAgentDid bool `protobuf:"varint,1,opt,name=is_agent_did,json=isAgentDid,proto3" json:"is_agent_did,omitempty"`
AgentId string `protobuf:"bytes,2,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"` // Extracted agent ID if valid
// contains filtered or unexported fields
}
func \(\*IsAgentDIDResponse\) Descriptor¶
Deprecated: Use IsAgentDIDResponse.ProtoReflect.Descriptor instead.
func \(\*IsAgentDIDResponse\) GetAgentId¶
func \(\*IsAgentDIDResponse\) GetIsAgentDid¶
func \(\*IsAgentDIDResponse\) ProtoMessage¶
func \(\*IsAgentDIDResponse\) ProtoReflect¶
func \(\*IsAgentDIDResponse\) Reset¶
func \(\*IsAgentDIDResponse\) String¶
type IsRevokedRequest¶
Request to check revocation
type IsRevokedRequest struct {
Subject string `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"` // DID or key ID to check
AtTime *Timestamp `protobuf:"bytes,2,opt,name=at_time,json=atTime,proto3" json:"at_time,omitempty"` // Optional: check at specific time
CheckRemote bool `protobuf:"varint,3,opt,name=check_remote,json=checkRemote,proto3" json:"check_remote,omitempty"` // Whether to check remote lists
// contains filtered or unexported fields
}
func \(\*IsRevokedRequest\) Descriptor¶
Deprecated: Use IsRevokedRequest.ProtoReflect.Descriptor instead.
func \(\*IsRevokedRequest\) GetAtTime¶
func \(\*IsRevokedRequest\) GetCheckRemote¶
func \(\*IsRevokedRequest\) GetSubject¶
func \(\*IsRevokedRequest\) ProtoMessage¶
func \(\*IsRevokedRequest\) ProtoReflect¶
func \(\*IsRevokedRequest\) Reset¶
func \(\*IsRevokedRequest\) String¶
type IsRevokedResponse¶
Response for revocation check
type IsRevokedResponse struct {
IsRevoked bool `protobuf:"varint,1,opt,name=is_revoked,json=isRevoked,proto3" json:"is_revoked,omitempty"`
Entry *RevocationEntry `protobuf:"bytes,2,opt,name=entry,proto3" json:"entry,omitempty"` // If revoked, the entry
Source string `protobuf:"bytes,3,opt,name=source,proto3" json:"source,omitempty"` // Where revocation was found
// contains filtered or unexported fields
}
func \(\*IsRevokedResponse\) Descriptor¶
Deprecated: Use IsRevokedResponse.ProtoReflect.Descriptor instead.
func \(\*IsRevokedResponse\) GetEntry¶
func \(\*IsRevokedResponse\) GetIsRevoked¶
func \(\*IsRevokedResponse\) GetSource¶
func \(\*IsRevokedResponse\) ProtoMessage¶
func \(\*IsRevokedResponse\) ProtoReflect¶
func \(\*IsRevokedResponse\) Reset¶
func \(\*IsRevokedResponse\) String¶
type IsTrustedRequest¶
Request to check if trusted
type IsTrustedRequest struct {
Did string `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"`
// contains filtered or unexported fields
}
func \(\*IsTrustedRequest\) Descriptor¶
Deprecated: Use IsTrustedRequest.ProtoReflect.Descriptor instead.
func \(\*IsTrustedRequest\) GetDid¶
func \(\*IsTrustedRequest\) ProtoMessage¶
func \(\*IsTrustedRequest\) ProtoReflect¶
func \(\*IsTrustedRequest\) Reset¶
func \(\*IsTrustedRequest\) String¶
type IsTrustedResponse¶
Response for trust check
type IsTrustedResponse struct {
IsTrusted bool `protobuf:"varint,1,opt,name=is_trusted,json=isTrusted,proto3" json:"is_trusted,omitempty"`
Key *TrustedKey `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"` // If trusted, the matching key
// contains filtered or unexported fields
}
func \(\*IsTrustedResponse\) Descriptor¶
Deprecated: Use IsTrustedResponse.ProtoReflect.Descriptor instead.
func \(\*IsTrustedResponse\) GetIsTrusted¶
func \(\*IsTrustedResponse\) GetKey¶
func \(\*IsTrustedResponse\) ProtoMessage¶
func \(\*IsTrustedResponse\) ProtoReflect¶
func \(\*IsTrustedResponse\) Reset¶
func \(\*IsTrustedResponse\) String¶
type KeeperEvent¶
Event emitted by the badge keeper
type KeeperEvent struct {
// Event type
Type KeeperEventType `protobuf:"varint,1,opt,name=type,proto3,enum=capiscio.v1.KeeperEventType" json:"type,omitempty"`
// Badge JTI (for RENEWED events)
BadgeJti string `protobuf:"bytes,2,opt,name=badge_jti,json=badgeJti,proto3" json:"badge_jti,omitempty"`
// Subject DID (for RENEWED events)
Subject string `protobuf:"bytes,3,opt,name=subject,proto3" json:"subject,omitempty"`
// Trust level (for RENEWED events)
TrustLevel TrustLevel `protobuf:"varint,4,opt,name=trust_level,json=trustLevel,proto3,enum=capiscio.v1.TrustLevel" json:"trust_level,omitempty"`
// When the badge expires (Unix timestamp, for RENEWED events)
ExpiresAt int64 `protobuf:"varint,5,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
// Error message (for ERROR events)
Error string `protobuf:"bytes,6,opt,name=error,proto3" json:"error,omitempty"`
// Error code (for ERROR events)
ErrorCode string `protobuf:"bytes,7,opt,name=error_code,json=errorCode,proto3" json:"error_code,omitempty"`
// Timestamp of the event (Unix timestamp)
Timestamp int64 `protobuf:"varint,8,opt,name=timestamp,proto3" json:"timestamp,omitempty"`
// The badge token itself (for RENEWED events, optional)
Token string `protobuf:"bytes,9,opt,name=token,proto3" json:"token,omitempty"`
// contains filtered or unexported fields
}
func \(\*KeeperEvent\) Descriptor¶
Deprecated: Use KeeperEvent.ProtoReflect.Descriptor instead.
func \(\*KeeperEvent\) GetBadgeJti¶
func \(\*KeeperEvent\) GetError¶
func \(\*KeeperEvent\) GetErrorCode¶
func \(\*KeeperEvent\) GetExpiresAt¶
func \(\*KeeperEvent\) GetSubject¶
func \(\*KeeperEvent\) GetTimestamp¶
func \(\*KeeperEvent\) GetToken¶
func \(\*KeeperEvent\) GetTrustLevel¶
func \(\*KeeperEvent\) GetType¶
func \(\*KeeperEvent\) ProtoMessage¶
func \(\*KeeperEvent\) ProtoReflect¶
func \(\*KeeperEvent\) Reset¶
func \(\*KeeperEvent\) String¶
type KeeperEventType¶
Event types emitted by the keeper
const (
KeeperEventType_KEEPER_EVENT_UNSPECIFIED KeeperEventType = 0
KeeperEventType_KEEPER_EVENT_STARTED KeeperEventType = 1 // Keeper started successfully
KeeperEventType_KEEPER_EVENT_RENEWED KeeperEventType = 2 // Badge was renewed
KeeperEventType_KEEPER_EVENT_ERROR KeeperEventType = 3 // An error occurred (non-fatal)
KeeperEventType_KEEPER_EVENT_STOPPED KeeperEventType = 4 // Keeper stopped (client disconnect or fatal error)
)
func \(KeeperEventType\) Descriptor¶
func \(KeeperEventType\) Enum¶
func \(KeeperEventType\) EnumDescriptor¶
Deprecated: Use KeeperEventType.Descriptor instead.
func \(KeeperEventType\) Number¶
func \(KeeperEventType\) String¶
func \(KeeperEventType\) Type¶
type KeeperMode¶
Keeper operation mode
const (
KeeperMode_KEEPER_MODE_UNSPECIFIED KeeperMode = 0
KeeperMode_KEEPER_MODE_CA KeeperMode = 1 // Request badges from CA
KeeperMode_KEEPER_MODE_SELF_SIGN KeeperMode = 2 // Self-sign badges locally (development)
)
func \(KeeperMode\) Descriptor¶
func \(KeeperMode\) Enum¶
func \(KeeperMode\) EnumDescriptor¶
Deprecated: Use KeeperMode.Descriptor instead.
func \(KeeperMode\) Number¶
func \(KeeperMode\) String¶
func \(KeeperMode\) Type¶
type KeyAlgorithm¶
Key algorithms supported
const (
KeyAlgorithm_KEY_ALGORITHM_UNSPECIFIED KeyAlgorithm = 0
KeyAlgorithm_KEY_ALGORITHM_ED25519 KeyAlgorithm = 1
KeyAlgorithm_KEY_ALGORITHM_ECDSA_P256 KeyAlgorithm = 2
KeyAlgorithm_KEY_ALGORITHM_ECDSA_P384 KeyAlgorithm = 3
KeyAlgorithm_KEY_ALGORITHM_RSA_2048 KeyAlgorithm = 4
KeyAlgorithm_KEY_ALGORITHM_RSA_4096 KeyAlgorithm = 5
)
func \(KeyAlgorithm\) Descriptor¶
func \(KeyAlgorithm\) Enum¶
func \(KeyAlgorithm\) EnumDescriptor¶
Deprecated: Use KeyAlgorithm.Descriptor instead.
func \(KeyAlgorithm\) Number¶
func \(KeyAlgorithm\) String¶
func \(KeyAlgorithm\) Type¶
type KeyFormat¶
Key format types
const (
KeyFormat_KEY_FORMAT_UNSPECIFIED KeyFormat = 0
KeyFormat_KEY_FORMAT_JWK KeyFormat = 1
KeyFormat_KEY_FORMAT_PEM KeyFormat = 2
KeyFormat_KEY_FORMAT_DER KeyFormat = 3
)
func \(KeyFormat\) Descriptor¶
func \(KeyFormat\) Enum¶
func \(KeyFormat\) EnumDescriptor¶
Deprecated: Use KeyFormat.Descriptor instead.
func \(KeyFormat\) Number¶
func \(KeyFormat\) String¶
func \(KeyFormat\) Type¶
type KeyValue¶
Generic key-value pair
type KeyValue struct {
Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
// contains filtered or unexported fields
}
func \(\*KeyValue\) Descriptor¶
Deprecated: Use KeyValue.ProtoReflect.Descriptor instead.
func \(\*KeyValue\) GetKey¶
func \(\*KeyValue\) GetValue¶
func \(\*KeyValue\) ProtoMessage¶
func \(\*KeyValue\) ProtoReflect¶
func \(\*KeyValue\) Reset¶
func \(\*KeyValue\) String¶
type ListAgentsRequest¶
List agents request
type ListAgentsRequest struct {
StatusFilter AgentStatus `protobuf:"varint,1,opt,name=status_filter,json=statusFilter,proto3,enum=capiscio.v1.AgentStatus" json:"status_filter,omitempty"`
Limit int32 `protobuf:"varint,2,opt,name=limit,proto3" json:"limit,omitempty"`
Cursor string `protobuf:"bytes,3,opt,name=cursor,proto3" json:"cursor,omitempty"`
// contains filtered or unexported fields
}
func \(\*ListAgentsRequest\) Descriptor¶
Deprecated: Use ListAgentsRequest.ProtoReflect.Descriptor instead.
func \(\*ListAgentsRequest\) GetCursor¶
func \(\*ListAgentsRequest\) GetLimit¶
func \(\*ListAgentsRequest\) GetStatusFilter¶
func \(\*ListAgentsRequest\) ProtoMessage¶
func \(\*ListAgentsRequest\) ProtoReflect¶
func \(\*ListAgentsRequest\) Reset¶
func \(\*ListAgentsRequest\) String¶
type ListAgentsResponse¶
List agents response
type ListAgentsResponse struct {
Agents []*RegisteredAgent `protobuf:"bytes,1,rep,name=agents,proto3" json:"agents,omitempty"`
NextCursor string `protobuf:"bytes,2,opt,name=next_cursor,json=nextCursor,proto3" json:"next_cursor,omitempty"`
TotalCount int32 `protobuf:"varint,3,opt,name=total_count,json=totalCount,proto3" json:"total_count,omitempty"`
// contains filtered or unexported fields
}
func \(\*ListAgentsResponse\) Descriptor¶
Deprecated: Use ListAgentsResponse.ProtoReflect.Descriptor instead.
func \(\*ListAgentsResponse\) GetAgents¶
func \(\*ListAgentsResponse\) GetNextCursor¶
func \(\*ListAgentsResponse\) GetTotalCount¶
func \(\*ListAgentsResponse\) ProtoMessage¶
func \(\*ListAgentsResponse\) ProtoReflect¶
func \(\*ListAgentsResponse\) Reset¶
func \(\*ListAgentsResponse\) String¶
type ListKeysRequest¶
Request to list keys
type ListKeysRequest struct {
DidFilter string `protobuf:"bytes,1,opt,name=did_filter,json=didFilter,proto3" json:"did_filter,omitempty"` // Optional: filter by DID prefix
Limit int32 `protobuf:"varint,2,opt,name=limit,proto3" json:"limit,omitempty"`
Cursor string `protobuf:"bytes,3,opt,name=cursor,proto3" json:"cursor,omitempty"`
// contains filtered or unexported fields
}
func \(\*ListKeysRequest\) Descriptor¶
Deprecated: Use ListKeysRequest.ProtoReflect.Descriptor instead.
func \(\*ListKeysRequest\) GetCursor¶
func \(\*ListKeysRequest\) GetDidFilter¶
func \(\*ListKeysRequest\) GetLimit¶
func \(\*ListKeysRequest\) ProtoMessage¶
func \(\*ListKeysRequest\) ProtoReflect¶
func \(\*ListKeysRequest\) Reset¶
func \(\*ListKeysRequest\) String¶
type ListKeysResponse¶
Response with keys list
type ListKeysResponse struct {
Keys []*TrustedKey `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"`
NextCursor string `protobuf:"bytes,2,opt,name=next_cursor,json=nextCursor,proto3" json:"next_cursor,omitempty"`
TotalCount int32 `protobuf:"varint,3,opt,name=total_count,json=totalCount,proto3" json:"total_count,omitempty"`
// contains filtered or unexported fields
}
func \(\*ListKeysResponse\) Descriptor¶
Deprecated: Use ListKeysResponse.ProtoReflect.Descriptor instead.
func \(\*ListKeysResponse\) GetKeys¶
func \(\*ListKeysResponse\) GetNextCursor¶
func \(\*ListKeysResponse\) GetTotalCount¶
func \(\*ListKeysResponse\) ProtoMessage¶
func \(\*ListKeysResponse\) ProtoReflect¶
func \(\*ListKeysResponse\) Reset¶
func \(\*ListKeysResponse\) String¶
type ListRevocationsRequest¶
Request to list revocations
type ListRevocationsRequest struct {
SubjectFilter string `protobuf:"bytes,1,opt,name=subject_filter,json=subjectFilter,proto3" json:"subject_filter,omitempty"` // Optional: filter by subject prefix
ReasonFilter RevocationReason `protobuf:"varint,2,opt,name=reason_filter,json=reasonFilter,proto3,enum=capiscio.v1.RevocationReason" json:"reason_filter,omitempty"`
Limit int32 `protobuf:"varint,3,opt,name=limit,proto3" json:"limit,omitempty"`
Cursor string `protobuf:"bytes,4,opt,name=cursor,proto3" json:"cursor,omitempty"`
// contains filtered or unexported fields
}
func \(\*ListRevocationsRequest\) Descriptor¶
Deprecated: Use ListRevocationsRequest.ProtoReflect.Descriptor instead.
func \(\*ListRevocationsRequest\) GetCursor¶
func \(\*ListRevocationsRequest\) GetLimit¶
func \(\*ListRevocationsRequest\) GetReasonFilter¶
func \(\*ListRevocationsRequest\) GetSubjectFilter¶
func \(\*ListRevocationsRequest\) ProtoMessage¶
func \(\*ListRevocationsRequest\) ProtoReflect¶
func \(\*ListRevocationsRequest\) Reset¶
func \(\*ListRevocationsRequest\) String¶
type ListRevocationsResponse¶
Response with revocations list
type ListRevocationsResponse struct {
Entries []*RevocationEntry `protobuf:"bytes,1,rep,name=entries,proto3" json:"entries,omitempty"`
NextCursor string `protobuf:"bytes,2,opt,name=next_cursor,json=nextCursor,proto3" json:"next_cursor,omitempty"`
TotalCount int32 `protobuf:"varint,3,opt,name=total_count,json=totalCount,proto3" json:"total_count,omitempty"`
// contains filtered or unexported fields
}
func \(\*ListRevocationsResponse\) Descriptor¶
Deprecated: Use ListRevocationsResponse.ProtoReflect.Descriptor instead.
func \(\*ListRevocationsResponse\) GetEntries¶
func \(\*ListRevocationsResponse\) GetNextCursor¶
func \(\*ListRevocationsResponse\) GetTotalCount¶
func \(\*ListRevocationsResponse\) ProtoMessage¶
func \(\*ListRevocationsResponse\) ProtoReflect¶
func \(\*ListRevocationsResponse\) Reset¶
func \(\*ListRevocationsResponse\) String¶
type ListRuleSetsRequest¶
Request to list rule sets
type ListRuleSetsRequest struct {
Limit int32 `protobuf:"varint,1,opt,name=limit,proto3" json:"limit,omitempty"`
Cursor string `protobuf:"bytes,2,opt,name=cursor,proto3" json:"cursor,omitempty"`
// contains filtered or unexported fields
}
func \(\*ListRuleSetsRequest\) Descriptor¶
Deprecated: Use ListRuleSetsRequest.ProtoReflect.Descriptor instead.
func \(\*ListRuleSetsRequest\) GetCursor¶
func \(\*ListRuleSetsRequest\) GetLimit¶
func \(\*ListRuleSetsRequest\) ProtoMessage¶
func \(\*ListRuleSetsRequest\) ProtoReflect¶
func \(\*ListRuleSetsRequest\) Reset¶
func \(\*ListRuleSetsRequest\) String¶
type ListRuleSetsResponse¶
Response with rule sets
type ListRuleSetsResponse struct {
RuleSets []*RuleSet `protobuf:"bytes,1,rep,name=rule_sets,json=ruleSets,proto3" json:"rule_sets,omitempty"`
NextCursor string `protobuf:"bytes,2,opt,name=next_cursor,json=nextCursor,proto3" json:"next_cursor,omitempty"`
// contains filtered or unexported fields
}
func \(\*ListRuleSetsResponse\) Descriptor¶
Deprecated: Use ListRuleSetsResponse.ProtoReflect.Descriptor instead.
func \(\*ListRuleSetsResponse\) GetNextCursor¶
func \(\*ListRuleSetsResponse\) GetRuleSets¶
func \(\*ListRuleSetsResponse\) ProtoMessage¶
func \(\*ListRuleSetsResponse\) ProtoReflect¶
func \(\*ListRuleSetsResponse\) Reset¶
func \(\*ListRuleSetsResponse\) String¶
type LoadKeyRequest¶
Request to load key
type LoadKeyRequest struct {
FilePath string `protobuf:"bytes,1,opt,name=file_path,json=filePath,proto3" json:"file_path,omitempty"`
Format KeyFormat `protobuf:"varint,2,opt,name=format,proto3,enum=capiscio.v1.KeyFormat" json:"format,omitempty"`
Passphrase string `protobuf:"bytes,3,opt,name=passphrase,proto3" json:"passphrase,omitempty"` // Optional: for encrypted keys
// contains filtered or unexported fields
}
func \(\*LoadKeyRequest\) Descriptor¶
Deprecated: Use LoadKeyRequest.ProtoReflect.Descriptor instead.
func \(\*LoadKeyRequest\) GetFilePath¶
func \(\*LoadKeyRequest\) GetFormat¶
func \(\*LoadKeyRequest\) GetPassphrase¶
func \(\*LoadKeyRequest\) ProtoMessage¶
func \(\*LoadKeyRequest\) ProtoReflect¶
func \(\*LoadKeyRequest\) Reset¶
func \(\*LoadKeyRequest\) String¶
type LoadKeyResponse¶
Response for load key
type LoadKeyResponse struct {
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
Algorithm KeyAlgorithm `protobuf:"varint,2,opt,name=algorithm,proto3,enum=capiscio.v1.KeyAlgorithm" json:"algorithm,omitempty"`
HasPrivateKey bool `protobuf:"varint,3,opt,name=has_private_key,json=hasPrivateKey,proto3" json:"has_private_key,omitempty"`
ErrorMessage string `protobuf:"bytes,4,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*LoadKeyResponse\) Descriptor¶
Deprecated: Use LoadKeyResponse.ProtoReflect.Descriptor instead.
func \(\*LoadKeyResponse\) GetAlgorithm¶
func \(\*LoadKeyResponse\) GetErrorMessage¶
func \(\*LoadKeyResponse\) GetHasPrivateKey¶
func \(\*LoadKeyResponse\) GetKeyId¶
func \(\*LoadKeyResponse\) ProtoMessage¶
func \(\*LoadKeyResponse\) ProtoReflect¶
func \(\*LoadKeyResponse\) Reset¶
func \(\*LoadKeyResponse\) String¶
type MCPAuthLevel¶
Authentication level enum
const (
MCPAuthLevel_MCP_AUTH_LEVEL_UNSPECIFIED MCPAuthLevel = 0
MCPAuthLevel_MCP_AUTH_LEVEL_ANONYMOUS MCPAuthLevel = 1
MCPAuthLevel_MCP_AUTH_LEVEL_API_KEY MCPAuthLevel = 2
MCPAuthLevel_MCP_AUTH_LEVEL_BADGE MCPAuthLevel = 3
)
func \(MCPAuthLevel\) Descriptor¶
func \(MCPAuthLevel\) Enum¶
func \(MCPAuthLevel\) EnumDescriptor¶
Deprecated: Use MCPAuthLevel.Descriptor instead.
func \(MCPAuthLevel\) Number¶
func \(MCPAuthLevel\) String¶
func \(MCPAuthLevel\) Type¶
type MCPDecision¶
Access decision enum
const (
MCPDecision_MCP_DECISION_UNSPECIFIED MCPDecision = 0
MCPDecision_MCP_DECISION_ALLOW MCPDecision = 1
MCPDecision_MCP_DECISION_DENY MCPDecision = 2
)
func \(MCPDecision\) Descriptor¶
func \(MCPDecision\) Enum¶
func \(MCPDecision\) EnumDescriptor¶
Deprecated: Use MCPDecision.Descriptor instead.
func \(MCPDecision\) Number¶
func \(MCPDecision\) String¶
func \(MCPDecision\) Type¶
type MCPDenyReason¶
Denial reason enum \(RFC\-006 ยง6.4\)
const (
MCPDenyReason_MCP_DENY_REASON_UNSPECIFIED MCPDenyReason = 0
MCPDenyReason_MCP_DENY_REASON_BADGE_MISSING MCPDenyReason = 1 // Required but not provided
MCPDenyReason_MCP_DENY_REASON_BADGE_INVALID MCPDenyReason = 2 // Malformed or unverifiable
MCPDenyReason_MCP_DENY_REASON_BADGE_EXPIRED MCPDenyReason = 3
MCPDenyReason_MCP_DENY_REASON_BADGE_REVOKED MCPDenyReason = 4
MCPDenyReason_MCP_DENY_REASON_TRUST_INSUFFICIENT MCPDenyReason = 5 // Trust level < min required
MCPDenyReason_MCP_DENY_REASON_TOOL_NOT_ALLOWED MCPDenyReason = 6 // Tool not in allowed list
MCPDenyReason_MCP_DENY_REASON_ISSUER_UNTRUSTED MCPDenyReason = 7
MCPDenyReason_MCP_DENY_REASON_POLICY_DENIED MCPDenyReason = 8 // Policy evaluation failed
)
func \(MCPDenyReason\) Descriptor¶
func \(MCPDenyReason\) Enum¶
func \(MCPDenyReason\) EnumDescriptor¶
Deprecated: Use MCPDenyReason.Descriptor instead.
func \(MCPDenyReason\) Number¶
func \(MCPDenyReason\) String¶
func \(MCPDenyReason\) Type¶
type MCPHealthRequest¶
Health check request
type MCPHealthRequest struct {
// Client SDK version for compatibility check
ClientVersion string `protobuf:"bytes,1,opt,name=client_version,json=clientVersion,proto3" json:"client_version,omitempty"`
// contains filtered or unexported fields
}
func \(\*MCPHealthRequest\) Descriptor¶
Deprecated: Use MCPHealthRequest.ProtoReflect.Descriptor instead.
func \(\*MCPHealthRequest\) GetClientVersion¶
func \(\*MCPHealthRequest\) ProtoMessage¶
func \(\*MCPHealthRequest\) ProtoReflect¶
func \(\*MCPHealthRequest\) Reset¶
func \(\*MCPHealthRequest\) String¶
type MCPHealthResponse¶
Health check response
type MCPHealthResponse struct {
// Whether the service is healthy
Healthy bool `protobuf:"varint,1,opt,name=healthy,proto3" json:"healthy,omitempty"`
// capiscio-core version
CoreVersion string `protobuf:"bytes,2,opt,name=core_version,json=coreVersion,proto3" json:"core_version,omitempty"`
// Proto schema version
ProtoVersion string `protobuf:"bytes,3,opt,name=proto_version,json=protoVersion,proto3" json:"proto_version,omitempty"`
// Whether client version is compatible with this core
VersionCompatible bool `protobuf:"varint,4,opt,name=version_compatible,json=versionCompatible,proto3" json:"version_compatible,omitempty"`
// contains filtered or unexported fields
}
func \(\*MCPHealthResponse\) Descriptor¶
Deprecated: Use MCPHealthResponse.ProtoReflect.Descriptor instead.
func \(\*MCPHealthResponse\) GetCoreVersion¶
func \(\*MCPHealthResponse\) GetHealthy¶
func \(\*MCPHealthResponse\) GetProtoVersion¶
func \(\*MCPHealthResponse\) GetVersionCompatible¶
func \(\*MCPHealthResponse\) ProtoMessage¶
func \(\*MCPHealthResponse\) ProtoReflect¶
func \(\*MCPHealthResponse\) Reset¶
func \(\*MCPHealthResponse\) String¶
type MCPHttpHeaders¶
HTTP headers containing server identity
type MCPHttpHeaders struct {
CapiscioServerDid string `protobuf:"bytes,1,opt,name=capiscio_server_did,json=capiscioServerDid,proto3" json:"capiscio_server_did,omitempty"`
CapiscioServerBadge string `protobuf:"bytes,2,opt,name=capiscio_server_badge,json=capiscioServerBadge,proto3" json:"capiscio_server_badge,omitempty"`
// contains filtered or unexported fields
}
func \(\*MCPHttpHeaders\) Descriptor¶
Deprecated: Use MCPHttpHeaders.ProtoReflect.Descriptor instead.
func \(\*MCPHttpHeaders\) GetCapiscioServerBadge¶
func \(\*MCPHttpHeaders\) GetCapiscioServerDid¶
func \(\*MCPHttpHeaders\) ProtoMessage¶
func \(\*MCPHttpHeaders\) ProtoReflect¶
func \(\*MCPHttpHeaders\) Reset¶
func \(\*MCPHttpHeaders\) String¶
type MCPJsonRpcMeta¶
JSON-RPC _meta object containing server identity
type MCPJsonRpcMeta struct {
// The _meta object as JSON string
MetaJson string `protobuf:"bytes,1,opt,name=meta_json,json=metaJson,proto3" json:"meta_json,omitempty"`
// contains filtered or unexported fields
}
func \(\*MCPJsonRpcMeta\) Descriptor¶
Deprecated: Use MCPJsonRpcMeta.ProtoReflect.Descriptor instead.
func \(\*MCPJsonRpcMeta\) GetMetaJson¶
func \(\*MCPJsonRpcMeta\) ProtoMessage¶
func \(\*MCPJsonRpcMeta\) ProtoReflect¶
func \(\*MCPJsonRpcMeta\) Reset¶
func \(\*MCPJsonRpcMeta\) String¶
type MCPObligation¶
Obligation returned by PDP \(RFC\-005 ยง7.1\)
type MCPObligation struct {
Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
ParamsJson string `protobuf:"bytes,2,opt,name=params_json,json=paramsJson,proto3" json:"params_json,omitempty"` // opaque JSON
// contains filtered or unexported fields
}
func \(\*MCPObligation\) Descriptor¶
Deprecated: Use MCPObligation.ProtoReflect.Descriptor instead.
func \(\*MCPObligation\) GetParamsJson¶
func \(\*MCPObligation\) GetType¶
func \(\*MCPObligation\) ProtoMessage¶
func \(\*MCPObligation\) ProtoReflect¶
func \(\*MCPObligation\) Reset¶
func \(\*MCPObligation\) String¶
type MCPServerErrorCode¶
Server verification error codes \(RFC\-007 ยง8\)
const (
MCPServerErrorCode_MCP_SERVER_ERROR_NONE MCPServerErrorCode = 0
MCPServerErrorCode_MCP_SERVER_ERROR_DID_INVALID MCPServerErrorCode = 1
MCPServerErrorCode_MCP_SERVER_ERROR_BADGE_INVALID MCPServerErrorCode = 2
MCPServerErrorCode_MCP_SERVER_ERROR_BADGE_EXPIRED MCPServerErrorCode = 3
MCPServerErrorCode_MCP_SERVER_ERROR_BADGE_REVOKED MCPServerErrorCode = 4
MCPServerErrorCode_MCP_SERVER_ERROR_TRUST_INSUFFICIENT MCPServerErrorCode = 5
MCPServerErrorCode_MCP_SERVER_ERROR_ORIGIN_MISMATCH MCPServerErrorCode = 6
MCPServerErrorCode_MCP_SERVER_ERROR_PATH_MISMATCH MCPServerErrorCode = 7
MCPServerErrorCode_MCP_SERVER_ERROR_ISSUER_UNTRUSTED MCPServerErrorCode = 8
)
func \(MCPServerErrorCode\) Descriptor¶
func \(MCPServerErrorCode\) Enum¶
func \(MCPServerErrorCode\) EnumDescriptor¶
Deprecated: Use MCPServerErrorCode.Descriptor instead.
func \(MCPServerErrorCode\) Number¶
func \(MCPServerErrorCode\) String¶
func \(MCPServerErrorCode\) Type¶
type MCPServerState¶
Server classification state \(RFC\-007 ยง5.2\)
const (
MCPServerState_MCP_SERVER_STATE_UNSPECIFIED MCPServerState = 0
MCPServerState_MCP_SERVER_STATE_VERIFIED_PRINCIPAL MCPServerState = 1 // Badge verified, trust level established
MCPServerState_MCP_SERVER_STATE_DECLARED_PRINCIPAL MCPServerState = 2 // DID present but no/invalid badge
MCPServerState_MCP_SERVER_STATE_UNVERIFIED_ORIGIN MCPServerState = 3 // No identity disclosed (distinct from Trust Level 0)
)
func \(MCPServerState\) Descriptor¶
func \(MCPServerState\) Enum¶
func \(MCPServerState\) EnumDescriptor¶
Deprecated: Use MCPServerState.Descriptor instead.
func \(MCPServerState\) Number¶
func \(MCPServerState\) String¶
func \(MCPServerState\) Type¶
type MCPServiceClient¶
MCPServiceClient is the client API for MCPService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
MCPService provides unified MCP security operations \(RFC\-005, RFC\-006, RFC\-007\)
type MCPServiceClient interface {
// RFC-006: Evaluate tool access and emit evidence atomically
// Single RPC returns both decision and evidence to avoid partial failures
EvaluateToolAccess(ctx context.Context, in *EvaluateToolAccessRequest, opts ...grpc.CallOption) (*EvaluateToolAccessResponse, error)
// RFC-005: Centralized policy decision via PDP
// Go core owns decision logic, cache, break-glass, telemetry.
// SDK callers own obligation execution and response propagation.
// NEVER returns an RPC error for PDP unreachability โ encodes the outcome
// in the response (ALLOW_OBSERVE + error_code) so SDKs don't need to
// distinguish transport errors from policy outcomes.
EvaluatePolicyDecision(ctx context.Context, in *PolicyDecisionRequest, opts ...grpc.CallOption) (*PolicyDecisionResponse, error)
// RFC-007: Verify server identity from disclosed DID + badge
VerifyServerIdentity(ctx context.Context, in *VerifyServerIdentityRequest, opts ...grpc.CallOption) (*VerifyServerIdentityResponse, error)
// RFC-007: Extract server identity from transport headers/meta
ParseServerIdentity(ctx context.Context, in *ParseServerIdentityRequest, opts ...grpc.CallOption) (*ParseServerIdentityResponse, error)
// Health check for client supervision and version handshake
Health(ctx context.Context, in *MCPHealthRequest, opts ...grpc.CallOption) (*MCPHealthResponse, error)
}
func NewMCPServiceClient¶
type MCPServiceServer¶
MCPServiceServer is the server API for MCPService service. All implementations must embed UnimplementedMCPServiceServer for forward compatibility.
MCPService provides unified MCP security operations \(RFC\-005, RFC\-006, RFC\-007\)
type MCPServiceServer interface {
// RFC-006: Evaluate tool access and emit evidence atomically
// Single RPC returns both decision and evidence to avoid partial failures
EvaluateToolAccess(context.Context, *EvaluateToolAccessRequest) (*EvaluateToolAccessResponse, error)
// RFC-005: Centralized policy decision via PDP
// Go core owns decision logic, cache, break-glass, telemetry.
// SDK callers own obligation execution and response propagation.
// NEVER returns an RPC error for PDP unreachability โ encodes the outcome
// in the response (ALLOW_OBSERVE + error_code) so SDKs don't need to
// distinguish transport errors from policy outcomes.
EvaluatePolicyDecision(context.Context, *PolicyDecisionRequest) (*PolicyDecisionResponse, error)
// RFC-007: Verify server identity from disclosed DID + badge
VerifyServerIdentity(context.Context, *VerifyServerIdentityRequest) (*VerifyServerIdentityResponse, error)
// RFC-007: Extract server identity from transport headers/meta
ParseServerIdentity(context.Context, *ParseServerIdentityRequest) (*ParseServerIdentityResponse, error)
// Health check for client supervision and version handshake
Health(context.Context, *MCPHealthRequest) (*MCPHealthResponse, error)
// contains filtered or unexported methods
}
type MCPVerifyConfig¶
Configuration for server identity verification
type MCPVerifyConfig struct {
// List of trusted badge issuers
TrustedIssuers []string `protobuf:"bytes,1,rep,name=trusted_issuers,json=trustedIssuers,proto3" json:"trusted_issuers,omitempty"`
// Minimum required trust level (0-4, default 0)
MinTrustLevel int32 `protobuf:"varint,2,opt,name=min_trust_level,json=minTrustLevel,proto3" json:"min_trust_level,omitempty"`
// Accept self-signed did:key badges (Trust Level 0)
AcceptLevelZero bool `protobuf:"varint,3,opt,name=accept_level_zero,json=acceptLevelZero,proto3" json:"accept_level_zero,omitempty"`
// Skip revocation checks (offline mode)
OfflineMode bool `protobuf:"varint,4,opt,name=offline_mode,json=offlineMode,proto3" json:"offline_mode,omitempty"`
// Skip origin binding checks (for trusted gateways)
SkipOriginBinding bool `protobuf:"varint,5,opt,name=skip_origin_binding,json=skipOriginBinding,proto3" json:"skip_origin_binding,omitempty"`
// contains filtered or unexported fields
}
func \(\*MCPVerifyConfig\) Descriptor¶
Deprecated: Use MCPVerifyConfig.ProtoReflect.Descriptor instead.
func \(\*MCPVerifyConfig\) GetAcceptLevelZero¶
func \(\*MCPVerifyConfig\) GetMinTrustLevel¶
func \(\*MCPVerifyConfig\) GetOfflineMode¶
func \(\*MCPVerifyConfig\) GetSkipOriginBinding¶
func \(\*MCPVerifyConfig\) GetTrustedIssuers¶
func \(\*MCPVerifyConfig\) ProtoMessage¶
func \(\*MCPVerifyConfig\) ProtoReflect¶
func \(\*MCPVerifyConfig\) Reset¶
func \(\*MCPVerifyConfig\) String¶
type NewAgentDIDRequest¶
Request to create an agent DID
type NewAgentDIDRequest struct {
Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"`
AgentId string `protobuf:"bytes,2,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"`
// contains filtered or unexported fields
}
func \(\*NewAgentDIDRequest\) Descriptor¶
Deprecated: Use NewAgentDIDRequest.ProtoReflect.Descriptor instead.
func \(\*NewAgentDIDRequest\) GetAgentId¶
func \(\*NewAgentDIDRequest\) GetDomain¶
func \(\*NewAgentDIDRequest\) ProtoMessage¶
func \(\*NewAgentDIDRequest\) ProtoReflect¶
func \(\*NewAgentDIDRequest\) Reset¶
func \(\*NewAgentDIDRequest\) String¶
type NewAgentDIDResponse¶
Response with created DID
type NewAgentDIDResponse struct {
Did string `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"`
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*NewAgentDIDResponse\) Descriptor¶
Deprecated: Use NewAgentDIDResponse.ProtoReflect.Descriptor instead.
func \(\*NewAgentDIDResponse\) GetDid¶
func \(\*NewAgentDIDResponse\) GetErrorMessage¶
func \(\*NewAgentDIDResponse\) ProtoMessage¶
func \(\*NewAgentDIDResponse\) ProtoReflect¶
func \(\*NewAgentDIDResponse\) Reset¶
func \(\*NewAgentDIDResponse\) String¶
type NewCapiscIOAgentDIDRequest¶
Request to create a Capiscio registry DID
type NewCapiscIOAgentDIDRequest struct {
AgentId string `protobuf:"bytes,1,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"`
// contains filtered or unexported fields
}
func \(\*NewCapiscIOAgentDIDRequest\) Descriptor¶
Deprecated: Use NewCapiscIOAgentDIDRequest.ProtoReflect.Descriptor instead.
func \(\*NewCapiscIOAgentDIDRequest\) GetAgentId¶
func \(\*NewCapiscIOAgentDIDRequest\) ProtoMessage¶
func \(\*NewCapiscIOAgentDIDRequest\) ProtoReflect¶
func \(\*NewCapiscIOAgentDIDRequest\) Reset¶
func \(\*NewCapiscIOAgentDIDRequest\) String¶
type ParseBadgeRequest¶
Request to parse badge without verification
type ParseBadgeRequest struct {
Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
// contains filtered or unexported fields
}
func \(\*ParseBadgeRequest\) Descriptor¶
Deprecated: Use ParseBadgeRequest.ProtoReflect.Descriptor instead.
func \(\*ParseBadgeRequest\) GetToken¶
func \(\*ParseBadgeRequest\) ProtoMessage¶
func \(\*ParseBadgeRequest\) ProtoReflect¶
func \(\*ParseBadgeRequest\) Reset¶
func \(\*ParseBadgeRequest\) String¶
type ParseBadgeResponse¶
Response with parsed claims
type ParseBadgeResponse struct {
Claims *BadgeClaims `protobuf:"bytes,1,opt,name=claims,proto3" json:"claims,omitempty"`
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*ParseBadgeResponse\) Descriptor¶
Deprecated: Use ParseBadgeResponse.ProtoReflect.Descriptor instead.
func \(\*ParseBadgeResponse\) GetClaims¶
func \(\*ParseBadgeResponse\) GetErrorMessage¶
func \(\*ParseBadgeResponse\) ProtoMessage¶
func \(\*ParseBadgeResponse\) ProtoReflect¶
func \(\*ParseBadgeResponse\) Reset¶
func \(\*ParseBadgeResponse\) String¶
type ParseDIDRequest¶
Request to parse a DID
type ParseDIDRequest struct {
Did string `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"`
// contains filtered or unexported fields
}
func \(\*ParseDIDRequest\) Descriptor¶
Deprecated: Use ParseDIDRequest.ProtoReflect.Descriptor instead.
func \(\*ParseDIDRequest\) GetDid¶
func \(\*ParseDIDRequest\) ProtoMessage¶
func \(\*ParseDIDRequest\) ProtoReflect¶
func \(\*ParseDIDRequest\) Reset¶
func \(\*ParseDIDRequest\) String¶
type ParseDIDResponse¶
Response with parsed DID
type ParseDIDResponse struct {
Did *DID `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"`
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*ParseDIDResponse\) Descriptor¶
Deprecated: Use ParseDIDResponse.ProtoReflect.Descriptor instead.
func \(\*ParseDIDResponse\) GetDid¶
func \(\*ParseDIDResponse\) GetErrorMessage¶
func \(\*ParseDIDResponse\) ProtoMessage¶
func \(\*ParseDIDResponse\) ProtoReflect¶
func \(\*ParseDIDResponse\) Reset¶
func \(\*ParseDIDResponse\) String¶
type ParseServerIdentityRequest¶
Request to parse server identity from headers/meta
type ParseServerIdentityRequest struct {
// Types that are valid to be assigned to Source:
//
// *ParseServerIdentityRequest_HttpHeaders
// *ParseServerIdentityRequest_JsonrpcMeta
Source isParseServerIdentityRequest_Source `protobuf_oneof:"source"`
// contains filtered or unexported fields
}
func \(\*ParseServerIdentityRequest\) Descriptor¶
Deprecated: Use ParseServerIdentityRequest.ProtoReflect.Descriptor instead.
func \(\*ParseServerIdentityRequest\) GetHttpHeaders¶
func \(\*ParseServerIdentityRequest\) GetJsonrpcMeta¶
func \(\*ParseServerIdentityRequest\) GetSource¶
func \(\*ParseServerIdentityRequest\) ProtoMessage¶
func \(\*ParseServerIdentityRequest\) ProtoReflect¶
func \(\*ParseServerIdentityRequest\) Reset¶
func \(\*ParseServerIdentityRequest\) String¶
type ParseServerIdentityRequest\_HttpHeaders¶
type ParseServerIdentityRequest_HttpHeaders struct {
HttpHeaders *MCPHttpHeaders `protobuf:"bytes,1,opt,name=http_headers,json=httpHeaders,proto3,oneof"`
}
type ParseServerIdentityRequest\_JsonrpcMeta¶
type ParseServerIdentityRequest_JsonrpcMeta struct {
JsonrpcMeta *MCPJsonRpcMeta `protobuf:"bytes,2,opt,name=jsonrpc_meta,json=jsonrpcMeta,proto3,oneof"`
}
type ParseServerIdentityResponse¶
Response from parsing server identity
type ParseServerIdentityResponse struct {
// Extracted server DID
ServerDid string `protobuf:"bytes,1,opt,name=server_did,json=serverDid,proto3" json:"server_did,omitempty"`
// Extracted server badge
ServerBadge string `protobuf:"bytes,2,opt,name=server_badge,json=serverBadge,proto3" json:"server_badge,omitempty"`
// Whether any identity information was present
IdentityPresent bool `protobuf:"varint,3,opt,name=identity_present,json=identityPresent,proto3" json:"identity_present,omitempty"`
// contains filtered or unexported fields
}
func \(\*ParseServerIdentityResponse\) Descriptor¶
Deprecated: Use ParseServerIdentityResponse.ProtoReflect.Descriptor instead.
func \(\*ParseServerIdentityResponse\) GetIdentityPresent¶
func \(\*ParseServerIdentityResponse\) GetServerBadge¶
func \(\*ParseServerIdentityResponse\) GetServerDid¶
func \(\*ParseServerIdentityResponse\) ProtoMessage¶
func \(\*ParseServerIdentityResponse\) ProtoReflect¶
func \(\*ParseServerIdentityResponse\) Reset¶
func \(\*ParseServerIdentityResponse\) String¶
type PingRequest¶
Ping request
func \(\*PingRequest\) Descriptor¶
Deprecated: Use PingRequest.ProtoReflect.Descriptor instead.
func \(\*PingRequest\) ProtoMessage¶
func \(\*PingRequest\) ProtoReflect¶
func \(\*PingRequest\) Reset¶
func \(\*PingRequest\) String¶
type PingResponse¶
Ping response
type PingResponse struct {
Status string `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
Version string `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"`
ServerTime *Timestamp `protobuf:"bytes,3,opt,name=server_time,json=serverTime,proto3" json:"server_time,omitempty"`
// contains filtered or unexported fields
}
func \(\*PingResponse\) Descriptor¶
Deprecated: Use PingResponse.ProtoReflect.Descriptor instead.
func \(\*PingResponse\) GetServerTime¶
func \(\*PingResponse\) GetStatus¶
func \(\*PingResponse\) GetVersion¶
func \(\*PingResponse\) ProtoMessage¶
func \(\*PingResponse\) ProtoReflect¶
func \(\*PingResponse\) Reset¶
func \(\*PingResponse\) String¶
type PolicyAction¶
Action attributes for policy evaluation.
type PolicyAction struct {
Operation string `protobuf:"bytes,1,opt,name=operation,proto3" json:"operation,omitempty"` // tool name, HTTP method+route, etc.
CapabilityClass string `protobuf:"bytes,2,opt,name=capability_class,json=capabilityClass,proto3" json:"capability_class,omitempty"` // empty in badge-only mode (RFC-008)
// contains filtered or unexported fields
}
func \(\*PolicyAction\) Descriptor¶
Deprecated: Use PolicyAction.ProtoReflect.Descriptor instead.
func \(\*PolicyAction\) GetCapabilityClass¶
func \(\*PolicyAction\) GetOperation¶
func \(\*PolicyAction\) ProtoMessage¶
func \(\*PolicyAction\) ProtoReflect¶
func \(\*PolicyAction\) Reset¶
func \(\*PolicyAction\) String¶
type PolicyConfig¶
PEP-level configuration for the policy decision.
type PolicyConfig struct {
// PDP endpoint URL. If empty, RPC returns ALLOW (badge-only mode).
PdpEndpoint string `protobuf:"bytes,1,opt,name=pdp_endpoint,json=pdpEndpoint,proto3" json:"pdp_endpoint,omitempty"`
// PDP query timeout in milliseconds. 0 or negative โ 500ms default.
PdpTimeoutMs int32 `protobuf:"varint,2,opt,name=pdp_timeout_ms,json=pdpTimeoutMs,proto3" json:"pdp_timeout_ms,omitempty"`
// Enforcement mode: EM-OBSERVE, EM-GUARD, EM-DELEGATE, EM-STRICT.
// Empty โ EM-OBSERVE.
EnforcementMode string `protobuf:"bytes,3,opt,name=enforcement_mode,json=enforcementMode,proto3" json:"enforcement_mode,omitempty"`
// PEP identifier (included in PDP requests for audit).
PepId string `protobuf:"bytes,4,opt,name=pep_id,json=pepId,proto3" json:"pep_id,omitempty"`
// Workspace identifier (included in PDP requests).
Workspace string `protobuf:"bytes,5,opt,name=workspace,proto3" json:"workspace,omitempty"`
// Break-glass Ed25519 public key (raw 32 bytes).
// Must be separate from CA badge-signing key.
// Server-side configuration provides the key material directly;
// no filesystem paths cross the RPC boundary.
BreakglassPublicKey []byte `protobuf:"bytes,6,opt,name=breakglass_public_key,json=breakglassPublicKey,proto3" json:"breakglass_public_key,omitempty"`
// contains filtered or unexported fields
}
func \(\*PolicyConfig\) Descriptor¶
Deprecated: Use PolicyConfig.ProtoReflect.Descriptor instead.
func \(\*PolicyConfig\) GetBreakglassPublicKey¶
func \(\*PolicyConfig\) GetEnforcementMode¶
func \(\*PolicyConfig\) GetPdpEndpoint¶
func \(\*PolicyConfig\) GetPdpTimeoutMs¶
func \(\*PolicyConfig\) GetPepId¶
func \(\*PolicyConfig\) GetWorkspace¶
func \(\*PolicyConfig\) ProtoMessage¶
func \(\*PolicyConfig\) ProtoReflect¶
func \(\*PolicyConfig\) Reset¶
func \(\*PolicyConfig\) String¶
type PolicyDecisionRequest¶
Request for centralized policy decision. The Go core handles: PDP query, decision cache, break-glass override, enforcement mode logic, and telemetry emission. The SDK caller handles: obligation execution, response propagation, and surface-specific error handling.
type PolicyDecisionRequest struct {
// Subject identity (from badge verification, already completed by SDK)
Subject *PolicySubject `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
// What is being attempted
Action *PolicyAction `protobuf:"bytes,2,opt,name=action,proto3" json:"action,omitempty"`
// Target resource
Resource *PolicyResource `protobuf:"bytes,3,opt,name=resource,proto3" json:"resource,omitempty"`
// PDP and PEP configuration
Config *PolicyConfig `protobuf:"bytes,4,opt,name=config,proto3" json:"config,omitempty"`
// Optional break-glass override token (compact JWS, EdDSA)
BreakglassToken string `protobuf:"bytes,5,opt,name=breakglass_token,json=breakglassToken,proto3" json:"breakglass_token,omitempty"`
// contains filtered or unexported fields
}
func \(\*PolicyDecisionRequest\) Descriptor¶
Deprecated: Use PolicyDecisionRequest.ProtoReflect.Descriptor instead.
func \(\*PolicyDecisionRequest\) GetAction¶
func \(\*PolicyDecisionRequest\) GetBreakglassToken¶
func \(\*PolicyDecisionRequest\) GetConfig¶
func \(\*PolicyDecisionRequest\) GetResource¶
func \(\*PolicyDecisionRequest\) GetSubject¶
func \(\*PolicyDecisionRequest\) ProtoMessage¶
func \(\*PolicyDecisionRequest\) ProtoReflect¶
func \(\*PolicyDecisionRequest\) Reset¶
func \(\*PolicyDecisionRequest\) String¶
type PolicyDecisionResponse¶
Response from centralized policy decision. This is ALWAYS a successful RPC response โ PDP unreachability is encoded in the response fields, never as a gRPC error. SDKs should not need to distinguish transport errors from policy outcomes.
type PolicyDecisionResponse struct {
// Policy decision: "ALLOW", "DENY", or "ALLOW_OBSERVE".
// ALLOW_OBSERVE indicates PDP was unreachable in EM-OBSERVE mode.
Decision string `protobuf:"bytes,1,opt,name=decision,proto3" json:"decision,omitempty"`
// Globally unique decision ID from the PDP.
// Synthetic IDs (e.g., "pdp-unavailable", "breakglass-override", "cache-hit")
// are used when the PDP was not consulted.
DecisionId string `protobuf:"bytes,2,opt,name=decision_id,json=decisionId,proto3" json:"decision_id,omitempty"`
// Human-readable reason (populated on DENY or when PDP provides one).
Reason string `protobuf:"bytes,3,opt,name=reason,proto3" json:"reason,omitempty"`
// Cache TTL in seconds from PDP response. 0 if not cacheable.
Ttl int32 `protobuf:"varint,4,opt,name=ttl,proto3" json:"ttl,omitempty"`
// Obligations the SDK must execute. Obligation *decision* and *registry
// enforcement* is done by the Go core per the EM matrix. Only obligations
// that the core determined should proceed are returned here.
// For EM-OBSERVE: all obligations are returned (for logging).
// For EM-STRICT: only if all known, all succeeded in core pre-check.
Obligations []*MCPObligation `protobuf:"bytes,5,rep,name=obligations,proto3" json:"obligations,omitempty"`
// Enforcement mode that was applied for this decision.
EnforcementMode string `protobuf:"bytes,6,opt,name=enforcement_mode,json=enforcementMode,proto3" json:"enforcement_mode,omitempty"`
// Whether this decision came from cache (vs live PDP query).
CacheHit bool `protobuf:"varint,7,opt,name=cache_hit,json=cacheHit,proto3" json:"cache_hit,omitempty"`
// Whether a break-glass override was applied.
BreakglassOverride bool `protobuf:"varint,8,opt,name=breakglass_override,json=breakglassOverride,proto3" json:"breakglass_override,omitempty"`
// Break-glass token JTI (for audit trail, only set when override applied).
BreakglassJti string `protobuf:"bytes,9,opt,name=breakglass_jti,json=breakglassJti,proto3" json:"breakglass_jti,omitempty"`
// Error code when PDP could not be consulted.
// Empty string when PDP responded normally.
// Values: "pdp_unavailable", "pdp_timeout", "pdp_invalid_response".
ErrorCode string `protobuf:"bytes,10,opt,name=error_code,json=errorCode,proto3" json:"error_code,omitempty"`
// PDP query latency in milliseconds (0 if cache hit or PDP not consulted).
PdpLatencyMs int64 `protobuf:"varint,11,opt,name=pdp_latency_ms,json=pdpLatencyMs,proto3" json:"pdp_latency_ms,omitempty"`
// Transaction ID (UUID v7) assigned to this decision.
TxnId string `protobuf:"bytes,12,opt,name=txn_id,json=txnId,proto3" json:"txn_id,omitempty"`
// contains filtered or unexported fields
}
func \(\*PolicyDecisionResponse\) Descriptor¶
Deprecated: Use PolicyDecisionResponse.ProtoReflect.Descriptor instead.
func \(\*PolicyDecisionResponse\) GetBreakglassJti¶
func \(\*PolicyDecisionResponse\) GetBreakglassOverride¶
func \(\*PolicyDecisionResponse\) GetCacheHit¶
func \(\*PolicyDecisionResponse\) GetDecision¶
func \(\*PolicyDecisionResponse\) GetDecisionId¶
func \(\*PolicyDecisionResponse\) GetEnforcementMode¶
func \(\*PolicyDecisionResponse\) GetErrorCode¶
func \(\*PolicyDecisionResponse\) GetObligations¶
func \(\*PolicyDecisionResponse\) GetPdpLatencyMs¶
func \(\*PolicyDecisionResponse\) GetReason¶
func \(\*PolicyDecisionResponse\) GetTtl¶
func \(\*PolicyDecisionResponse\) GetTxnId¶
func \(\*PolicyDecisionResponse\) ProtoMessage¶
func \(\*PolicyDecisionResponse\) ProtoReflect¶
func \(\*PolicyDecisionResponse\) Reset¶
func \(\*PolicyDecisionResponse\) String¶
type PolicyResource¶
Resource attributes for policy evaluation.
type PolicyResource struct {
Identifier string `protobuf:"bytes,1,opt,name=identifier,proto3" json:"identifier,omitempty"` // target resource URI
// contains filtered or unexported fields
}
func \(\*PolicyResource\) Descriptor¶
Deprecated: Use PolicyResource.ProtoReflect.Descriptor instead.
func \(\*PolicyResource\) GetIdentifier¶
func \(\*PolicyResource\) ProtoMessage¶
func \(\*PolicyResource\) ProtoReflect¶
func \(\*PolicyResource\) Reset¶
func \(\*PolicyResource\) String¶
type PolicySubject¶
Subject attributes for policy evaluation. SDK extracts these from the verified badge before calling this RPC.
type PolicySubject struct {
Did string `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"` // Badge sub (agent DID)
BadgeJti string `protobuf:"bytes,2,opt,name=badge_jti,json=badgeJti,proto3" json:"badge_jti,omitempty"` // Badge jti
Ial string `protobuf:"bytes,3,opt,name=ial,proto3" json:"ial,omitempty"` // Badge ial
TrustLevel string `protobuf:"bytes,4,opt,name=trust_level,json=trustLevel,proto3" json:"trust_level,omitempty"` // Badge vc.credentialSubject.level ("1", "2", "3")
BadgeExp int64 `protobuf:"varint,5,opt,name=badge_exp,json=badgeExp,proto3" json:"badge_exp,omitempty"` // Badge exp (Unix seconds) โ bounds cache TTL
// contains filtered or unexported fields
}
func \(\*PolicySubject\) Descriptor¶
Deprecated: Use PolicySubject.ProtoReflect.Descriptor instead.
func \(\*PolicySubject\) GetBadgeExp¶
func \(\*PolicySubject\) GetBadgeJti¶
func \(\*PolicySubject\) GetDid¶
func \(\*PolicySubject\) GetIal¶
func \(\*PolicySubject\) GetTrustLevel¶
func \(\*PolicySubject\) ProtoMessage¶
func \(\*PolicySubject\) ProtoReflect¶
func \(\*PolicySubject\) Reset¶
func \(\*PolicySubject\) String¶
type Rating¶
Rating levels \(used by scoring\)
const (
Rating_RATING_UNSPECIFIED Rating = 0
Rating_RATING_CRITICAL Rating = 1
Rating_RATING_POOR Rating = 2
Rating_RATING_FAIR Rating = 3
Rating_RATING_GOOD Rating = 4
Rating_RATING_EXCELLENT Rating = 5
)
func \(Rating\) Descriptor¶
func \(Rating\) Enum¶
func \(Rating\) EnumDescriptor¶
Deprecated: Use Rating.Descriptor instead.
func \(Rating\) Number¶
func \(Rating\) String¶
func \(Rating\) Type¶
type RegisterAgentRequest¶
Register request
type RegisterAgentRequest struct {
AgentCardJson string `protobuf:"bytes,1,opt,name=agent_card_json,json=agentCardJson,proto3" json:"agent_card_json,omitempty"`
SignedBadge string `protobuf:"bytes,2,opt,name=signed_badge,json=signedBadge,proto3" json:"signed_badge,omitempty"` // Optional: pre-signed badge
Tags []string `protobuf:"bytes,3,rep,name=tags,proto3" json:"tags,omitempty"`
Metadata map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
// contains filtered or unexported fields
}
func \(\*RegisterAgentRequest\) Descriptor¶
Deprecated: Use RegisterAgentRequest.ProtoReflect.Descriptor instead.
func \(\*RegisterAgentRequest\) GetAgentCardJson¶
func \(\*RegisterAgentRequest\) GetMetadata¶
func \(\*RegisterAgentRequest\) GetSignedBadge¶
func \(\*RegisterAgentRequest\) GetTags¶
func \(\*RegisterAgentRequest\) ProtoMessage¶
func \(\*RegisterAgentRequest\) ProtoReflect¶
func \(\*RegisterAgentRequest\) Reset¶
func \(\*RegisterAgentRequest\) String¶
type RegisterAgentResponse¶
Register response
type RegisterAgentResponse struct {
Did string `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"`
Status AgentStatus `protobuf:"varint,2,opt,name=status,proto3,enum=capiscio.v1.AgentStatus" json:"status,omitempty"`
ErrorMessage string `protobuf:"bytes,3,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*RegisterAgentResponse\) Descriptor¶
Deprecated: Use RegisterAgentResponse.ProtoReflect.Descriptor instead.
func \(\*RegisterAgentResponse\) GetDid¶
func \(\*RegisterAgentResponse\) GetErrorMessage¶
func \(\*RegisterAgentResponse\) GetStatus¶
func \(\*RegisterAgentResponse\) ProtoMessage¶
func \(\*RegisterAgentResponse\) ProtoReflect¶
func \(\*RegisterAgentResponse\) Reset¶
func \(\*RegisterAgentResponse\) String¶
type RegisteredAgent¶
Registered agent information
type RegisteredAgent struct {
Did string `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"`
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
AgentCardJson string `protobuf:"bytes,4,opt,name=agent_card_json,json=agentCardJson,proto3" json:"agent_card_json,omitempty"` // Full agent card as JSON
Status AgentStatus `protobuf:"varint,5,opt,name=status,proto3,enum=capiscio.v1.AgentStatus" json:"status,omitempty"`
Badge *BadgeClaims `protobuf:"bytes,6,opt,name=badge,proto3" json:"badge,omitempty"` // Trust badge if signed
Rating Rating `protobuf:"varint,7,opt,name=rating,proto3,enum=capiscio.v1.Rating" json:"rating,omitempty"`
RegisteredAt *Timestamp `protobuf:"bytes,8,opt,name=registered_at,json=registeredAt,proto3" json:"registered_at,omitempty"`
UpdatedAt *Timestamp `protobuf:"bytes,9,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"`
Capabilities []string `protobuf:"bytes,10,rep,name=capabilities,proto3" json:"capabilities,omitempty"`
Tags []string `protobuf:"bytes,11,rep,name=tags,proto3" json:"tags,omitempty"`
Metadata map[string]string `protobuf:"bytes,12,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
// contains filtered or unexported fields
}
func \(\*RegisteredAgent\) Descriptor¶
Deprecated: Use RegisteredAgent.ProtoReflect.Descriptor instead.
func \(\*RegisteredAgent\) GetAgentCardJson¶
func \(\*RegisteredAgent\) GetBadge¶
func \(\*RegisteredAgent\) GetCapabilities¶
func \(\*RegisteredAgent\) GetDescription¶
func \(\*RegisteredAgent\) GetDid¶
func \(\*RegisteredAgent\) GetMetadata¶
func \(\*RegisteredAgent\) GetName¶
func \(\*RegisteredAgent\) GetRating¶
func \(\*RegisteredAgent\) GetRegisteredAt¶
func \(\*RegisteredAgent\) GetStatus¶
func \(\*RegisteredAgent\) GetTags¶
func \(\*RegisteredAgent\) GetUpdatedAt¶
func \(\*RegisteredAgent\) ProtoMessage¶
func \(\*RegisteredAgent\) ProtoReflect¶
func \(\*RegisteredAgent\) Reset¶
func \(\*RegisteredAgent\) String¶
type RegistryServiceClient¶
RegistryServiceClient is the client API for RegistryService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
RegistryService handles agent registration and discovery
type RegistryServiceClient interface {
// Get an agent card by DID
GetAgent(ctx context.Context, in *GetAgentRequest, opts ...grpc.CallOption) (*GetAgentResponse, error)
// Search for agents
SearchAgents(ctx context.Context, in *SearchAgentsRequest, opts ...grpc.CallOption) (*SearchAgentsResponse, error)
// Register a new agent
RegisterAgent(ctx context.Context, in *RegisterAgentRequest, opts ...grpc.CallOption) (*RegisterAgentResponse, error)
// Update an existing agent
UpdateAgent(ctx context.Context, in *UpdateAgentRequest, opts ...grpc.CallOption) (*UpdateAgentResponse, error)
// Deregister an agent
DeregisterAgent(ctx context.Context, in *DeregisterAgentRequest, opts ...grpc.CallOption) (*DeregisterAgentResponse, error)
// Verify agent registration
VerifyRegistration(ctx context.Context, in *VerifyRegistrationRequest, opts ...grpc.CallOption) (*VerifyRegistrationResponse, error)
// List agents (with pagination)
ListAgents(ctx context.Context, in *ListAgentsRequest, opts ...grpc.CallOption) (*ListAgentsResponse, error)
// Get registry statistics
GetStats(ctx context.Context, in *GetStatsRequest, opts ...grpc.CallOption) (*GetStatsResponse, error)
// Ping registry health
Ping(ctx context.Context, in *PingRequest, opts ...grpc.CallOption) (*PingResponse, error)
}
func NewRegistryServiceClient¶
type RegistryServiceServer¶
RegistryServiceServer is the server API for RegistryService service. All implementations must embed UnimplementedRegistryServiceServer for forward compatibility.
RegistryService handles agent registration and discovery
type RegistryServiceServer interface {
// Get an agent card by DID
GetAgent(context.Context, *GetAgentRequest) (*GetAgentResponse, error)
// Search for agents
SearchAgents(context.Context, *SearchAgentsRequest) (*SearchAgentsResponse, error)
// Register a new agent
RegisterAgent(context.Context, *RegisterAgentRequest) (*RegisterAgentResponse, error)
// Update an existing agent
UpdateAgent(context.Context, *UpdateAgentRequest) (*UpdateAgentResponse, error)
// Deregister an agent
DeregisterAgent(context.Context, *DeregisterAgentRequest) (*DeregisterAgentResponse, error)
// Verify agent registration
VerifyRegistration(context.Context, *VerifyRegistrationRequest) (*VerifyRegistrationResponse, error)
// List agents (with pagination)
ListAgents(context.Context, *ListAgentsRequest) (*ListAgentsResponse, error)
// Get registry statistics
GetStats(context.Context, *GetStatsRequest) (*GetStatsResponse, error)
// Ping registry health
Ping(context.Context, *PingRequest) (*PingResponse, error)
// contains filtered or unexported methods
}
type RemoveKeyRequest¶
Request to remove a key
type RemoveKeyRequest struct {
Did string `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"`
KeyId string `protobuf:"bytes,2,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` // Optional: if not set, removes all keys for DID
// contains filtered or unexported fields
}
func \(\*RemoveKeyRequest\) Descriptor¶
Deprecated: Use RemoveKeyRequest.ProtoReflect.Descriptor instead.
func \(\*RemoveKeyRequest\) GetDid¶
func \(\*RemoveKeyRequest\) GetKeyId¶
func \(\*RemoveKeyRequest\) ProtoMessage¶
func \(\*RemoveKeyRequest\) ProtoReflect¶
func \(\*RemoveKeyRequest\) Reset¶
func \(\*RemoveKeyRequest\) String¶
type RemoveKeyResponse¶
Response for remove key
type RemoveKeyResponse struct {
KeysRemoved int32 `protobuf:"varint,1,opt,name=keys_removed,json=keysRemoved,proto3" json:"keys_removed,omitempty"`
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*RemoveKeyResponse\) Descriptor¶
Deprecated: Use RemoveKeyResponse.ProtoReflect.Descriptor instead.
func \(\*RemoveKeyResponse\) GetErrorMessage¶
func \(\*RemoveKeyResponse\) GetKeysRemoved¶
func \(\*RemoveKeyResponse\) ProtoMessage¶
func \(\*RemoveKeyResponse\) ProtoReflect¶
func \(\*RemoveKeyResponse\) Reset¶
func \(\*RemoveKeyResponse\) String¶
type RequestBadgeRequest¶
Request to obtain a badge from a Certificate Authority
type RequestBadgeRequest struct {
// Agent ID (UUID) to request badge for
AgentId string `protobuf:"bytes,1,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"`
// CA URL (default: https://registry.capisc.io)
CaUrl string `protobuf:"bytes,2,opt,name=ca_url,json=caUrl,proto3" json:"ca_url,omitempty"`
// API key for authentication with the CA
ApiKey string `protobuf:"bytes,3,opt,name=api_key,json=apiKey,proto3" json:"api_key,omitempty"`
// Agent domain (optional, uses agent's registered domain if not provided)
Domain string `protobuf:"bytes,4,opt,name=domain,proto3" json:"domain,omitempty"`
// Requested TTL in seconds (default: 300, per RFC-002)
TtlSeconds int32 `protobuf:"varint,5,opt,name=ttl_seconds,json=ttlSeconds,proto3" json:"ttl_seconds,omitempty"`
// Requested trust level (1-4, default: 1)
TrustLevel TrustLevel `protobuf:"varint,6,opt,name=trust_level,json=trustLevel,proto3,enum=capiscio.v1.TrustLevel" json:"trust_level,omitempty"`
// Optional audience restrictions
Audience []string `protobuf:"bytes,7,rep,name=audience,proto3" json:"audience,omitempty"`
// contains filtered or unexported fields
}
func \(\*RequestBadgeRequest\) Descriptor¶
Deprecated: Use RequestBadgeRequest.ProtoReflect.Descriptor instead.
func \(\*RequestBadgeRequest\) GetAgentId¶
func \(\*RequestBadgeRequest\) GetApiKey¶
func \(\*RequestBadgeRequest\) GetAudience¶
func \(\*RequestBadgeRequest\) GetCaUrl¶
func \(\*RequestBadgeRequest\) GetDomain¶
func \(\*RequestBadgeRequest\) GetTrustLevel¶
func \(\*RequestBadgeRequest\) GetTtlSeconds¶
func \(\*RequestBadgeRequest\) ProtoMessage¶
func \(\*RequestBadgeRequest\) ProtoReflect¶
func \(\*RequestBadgeRequest\) Reset¶
func \(\*RequestBadgeRequest\) String¶
type RequestBadgeResponse¶
Response from badge request
type RequestBadgeResponse struct {
// Whether the request succeeded
Success bool `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
// The signed badge token (JWS)
Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"`
// Badge ID (jti)
Jti string `protobuf:"bytes,3,opt,name=jti,proto3" json:"jti,omitempty"`
// Subject DID
Subject string `protobuf:"bytes,4,opt,name=subject,proto3" json:"subject,omitempty"`
// Trust level assigned
TrustLevel TrustLevel `protobuf:"varint,5,opt,name=trust_level,json=trustLevel,proto3,enum=capiscio.v1.TrustLevel" json:"trust_level,omitempty"`
// When the badge expires (Unix timestamp)
ExpiresAt int64 `protobuf:"varint,6,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
// Error message if success=false
Error string `protobuf:"bytes,7,opt,name=error,proto3" json:"error,omitempty"`
// Error code (RFC-002 ยง8.4 codes)
ErrorCode string `protobuf:"bytes,8,opt,name=error_code,json=errorCode,proto3" json:"error_code,omitempty"`
// contains filtered or unexported fields
}
func \(\*RequestBadgeResponse\) Descriptor¶
Deprecated: Use RequestBadgeResponse.ProtoReflect.Descriptor instead.
func \(\*RequestBadgeResponse\) GetError¶
func \(\*RequestBadgeResponse\) GetErrorCode¶
func \(\*RequestBadgeResponse\) GetExpiresAt¶
func \(\*RequestBadgeResponse\) GetJti¶
func \(\*RequestBadgeResponse\) GetSubject¶
func \(\*RequestBadgeResponse\) GetSuccess¶
func \(\*RequestBadgeResponse\) GetToken¶
func \(\*RequestBadgeResponse\) GetTrustLevel¶
func \(\*RequestBadgeResponse\) ProtoMessage¶
func \(\*RequestBadgeResponse\) ProtoReflect¶
func \(\*RequestBadgeResponse\) Reset¶
func \(\*RequestBadgeResponse\) String¶
type RequestPoPBadgeRequest¶
Request to obtain a badge using the PoP protocol \(RFC\-003\)
type RequestPoPBadgeRequest struct {
// Agent DID (e.g., did:web:registry.capisc.io:agents:my-agent or did:key:z6Mk...)
AgentDid string `protobuf:"bytes,1,opt,name=agent_did,json=agentDid,proto3" json:"agent_did,omitempty"`
// Private key in JWK format (JSON string) for signing the PoP proof
PrivateKeyJwk string `protobuf:"bytes,2,opt,name=private_key_jwk,json=privateKeyJwk,proto3" json:"private_key_jwk,omitempty"`
// CA URL (default: https://registry.capisc.io)
CaUrl string `protobuf:"bytes,3,opt,name=ca_url,json=caUrl,proto3" json:"ca_url,omitempty"`
// API key for authentication with the CA
ApiKey string `protobuf:"bytes,4,opt,name=api_key,json=apiKey,proto3" json:"api_key,omitempty"`
// Requested TTL in seconds (default: 300, per RFC-002)
TtlSeconds int32 `protobuf:"varint,5,opt,name=ttl_seconds,json=ttlSeconds,proto3" json:"ttl_seconds,omitempty"`
// Optional audience restrictions for the issued badge
Audience []string `protobuf:"bytes,6,rep,name=audience,proto3" json:"audience,omitempty"`
// contains filtered or unexported fields
}
func \(\*RequestPoPBadgeRequest\) Descriptor¶
Deprecated: Use RequestPoPBadgeRequest.ProtoReflect.Descriptor instead.
func \(\*RequestPoPBadgeRequest\) GetAgentDid¶
func \(\*RequestPoPBadgeRequest\) GetApiKey¶
func \(\*RequestPoPBadgeRequest\) GetAudience¶
func \(\*RequestPoPBadgeRequest\) GetCaUrl¶
func \(\*RequestPoPBadgeRequest\) GetPrivateKeyJwk¶
func \(\*RequestPoPBadgeRequest\) GetTtlSeconds¶
func \(\*RequestPoPBadgeRequest\) ProtoMessage¶
func \(\*RequestPoPBadgeRequest\) ProtoReflect¶
func \(\*RequestPoPBadgeRequest\) Reset¶
func \(\*RequestPoPBadgeRequest\) String¶
type RequestPoPBadgeResponse¶
Response from PoP badge request
type RequestPoPBadgeResponse struct {
// Whether the request succeeded
Success bool `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
// The signed badge token (JWS)
Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"`
// Badge ID (jti)
Jti string `protobuf:"bytes,3,opt,name=jti,proto3" json:"jti,omitempty"`
// Subject DID
Subject string `protobuf:"bytes,4,opt,name=subject,proto3" json:"subject,omitempty"`
// Trust level assigned
TrustLevel string `protobuf:"bytes,5,opt,name=trust_level,json=trustLevel,proto3" json:"trust_level,omitempty"`
// Assurance level (always "IAL-1" for PoP badges)
AssuranceLevel string `protobuf:"bytes,6,opt,name=assurance_level,json=assuranceLevel,proto3" json:"assurance_level,omitempty"`
// When the badge expires (Unix timestamp)
ExpiresAt int64 `protobuf:"varint,7,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
// CNF claim (key binding)
Cnf map[string]string `protobuf:"bytes,8,rep,name=cnf,proto3" json:"cnf,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
// Error message if success=false
Error string `protobuf:"bytes,9,opt,name=error,proto3" json:"error,omitempty"`
// Error code
ErrorCode string `protobuf:"bytes,10,opt,name=error_code,json=errorCode,proto3" json:"error_code,omitempty"`
// contains filtered or unexported fields
}
func \(\*RequestPoPBadgeResponse\) Descriptor¶
Deprecated: Use RequestPoPBadgeResponse.ProtoReflect.Descriptor instead.
func \(\*RequestPoPBadgeResponse\) GetAssuranceLevel¶
func \(\*RequestPoPBadgeResponse\) GetCnf¶
func \(\*RequestPoPBadgeResponse\) GetError¶
func \(\*RequestPoPBadgeResponse\) GetErrorCode¶
func \(\*RequestPoPBadgeResponse\) GetExpiresAt¶
func \(\*RequestPoPBadgeResponse\) GetJti¶
func \(\*RequestPoPBadgeResponse\) GetSubject¶
func \(\*RequestPoPBadgeResponse\) GetSuccess¶
func \(\*RequestPoPBadgeResponse\) GetToken¶
func \(\*RequestPoPBadgeResponse\) GetTrustLevel¶
func \(\*RequestPoPBadgeResponse\) ProtoMessage¶
func \(\*RequestPoPBadgeResponse\) ProtoReflect¶
func \(\*RequestPoPBadgeResponse\) Reset¶
func \(\*RequestPoPBadgeResponse\) String¶
type RevocationEntry¶
Revocation entry
type RevocationEntry struct {
Subject string `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"` // DID or key ID being revoked
Reason RevocationReason `protobuf:"varint,2,opt,name=reason,proto3,enum=capiscio.v1.RevocationReason" json:"reason,omitempty"` // Reason for revocation
RevokedAt *Timestamp `protobuf:"bytes,3,opt,name=revoked_at,json=revokedAt,proto3" json:"revoked_at,omitempty"` // When revocation occurred
ExpiresAt *Timestamp `protobuf:"bytes,4,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` // Optional: when revocation expires
Issuer string `protobuf:"bytes,5,opt,name=issuer,proto3" json:"issuer,omitempty"` // Who issued the revocation
Comment string `protobuf:"bytes,6,opt,name=comment,proto3" json:"comment,omitempty"` // Optional comment
// contains filtered or unexported fields
}
func \(\*RevocationEntry\) Descriptor¶
Deprecated: Use RevocationEntry.ProtoReflect.Descriptor instead.
func \(\*RevocationEntry\) GetComment¶
func \(\*RevocationEntry\) GetExpiresAt¶
func \(\*RevocationEntry\) GetIssuer¶
func \(\*RevocationEntry\) GetReason¶
func \(\*RevocationEntry\) GetRevokedAt¶
func \(\*RevocationEntry\) GetSubject¶
func \(\*RevocationEntry\) ProtoMessage¶
func \(\*RevocationEntry\) ProtoReflect¶
func \(\*RevocationEntry\) Reset¶
func \(\*RevocationEntry\) String¶
type RevocationReason¶
Revocation reason codes
const (
RevocationReason_REVOCATION_REASON_UNSPECIFIED RevocationReason = 0
RevocationReason_REVOCATION_REASON_KEY_COMPROMISE RevocationReason = 1
RevocationReason_REVOCATION_REASON_AFFILIATION_CHANGED RevocationReason = 2
RevocationReason_REVOCATION_REASON_SUPERSEDED RevocationReason = 3
RevocationReason_REVOCATION_REASON_CESSATION_OF_OPERATION RevocationReason = 4
RevocationReason_REVOCATION_REASON_PRIVILEGE_WITHDRAWN RevocationReason = 5
)
func \(RevocationReason\) Descriptor¶
func \(RevocationReason\) Enum¶
func \(RevocationReason\) EnumDescriptor¶
Deprecated: Use RevocationReason.Descriptor instead.
func \(RevocationReason\) Number¶
func \(RevocationReason\) String¶
func \(RevocationReason\) Type¶
type RevocationServiceClient¶
RevocationServiceClient is the client API for RevocationService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
RevocationService manages revocation lists and checks
type RevocationServiceClient interface {
// Check if a key is revoked
IsRevoked(ctx context.Context, in *IsRevokedRequest, opts ...grpc.CallOption) (*IsRevokedResponse, error)
// Add a revocation entry
Revoke(ctx context.Context, in *RevokeRequest, opts ...grpc.CallOption) (*RevokeResponse, error)
// Remove a revocation entry
Unrevoke(ctx context.Context, in *UnrevokeRequest, opts ...grpc.CallOption) (*UnrevokeResponse, error)
// List revoked entries
ListRevocations(ctx context.Context, in *ListRevocationsRequest, opts ...grpc.CallOption) (*ListRevocationsResponse, error)
// Fetch revocation list from URL
FetchRevocationList(ctx context.Context, in *FetchRevocationListRequest, opts ...grpc.CallOption) (*FetchRevocationListResponse, error)
// Clear the revocation cache
ClearCache(ctx context.Context, in *ClearCacheRequest, opts ...grpc.CallOption) (*ClearCacheResponse, error)
// Get cache statistics
GetCacheStats(ctx context.Context, in *GetCacheStatsRequest, opts ...grpc.CallOption) (*GetCacheStatsResponse, error)
}
func NewRevocationServiceClient¶
type RevocationServiceServer¶
RevocationServiceServer is the server API for RevocationService service. All implementations must embed UnimplementedRevocationServiceServer for forward compatibility.
RevocationService manages revocation lists and checks
type RevocationServiceServer interface {
// Check if a key is revoked
IsRevoked(context.Context, *IsRevokedRequest) (*IsRevokedResponse, error)
// Add a revocation entry
Revoke(context.Context, *RevokeRequest) (*RevokeResponse, error)
// Remove a revocation entry
Unrevoke(context.Context, *UnrevokeRequest) (*UnrevokeResponse, error)
// List revoked entries
ListRevocations(context.Context, *ListRevocationsRequest) (*ListRevocationsResponse, error)
// Fetch revocation list from URL
FetchRevocationList(context.Context, *FetchRevocationListRequest) (*FetchRevocationListResponse, error)
// Clear the revocation cache
ClearCache(context.Context, *ClearCacheRequest) (*ClearCacheResponse, error)
// Get cache statistics
GetCacheStats(context.Context, *GetCacheStatsRequest) (*GetCacheStatsResponse, error)
// contains filtered or unexported methods
}
type RevokeRequest¶
Request to revoke
type RevokeRequest struct {
Subject string `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
Reason RevocationReason `protobuf:"varint,2,opt,name=reason,proto3,enum=capiscio.v1.RevocationReason" json:"reason,omitempty"`
Comment string `protobuf:"bytes,3,opt,name=comment,proto3" json:"comment,omitempty"`
// contains filtered or unexported fields
}
func \(\*RevokeRequest\) Descriptor¶
Deprecated: Use RevokeRequest.ProtoReflect.Descriptor instead.
func \(\*RevokeRequest\) GetComment¶
func \(\*RevokeRequest\) GetReason¶
func \(\*RevokeRequest\) GetSubject¶
func \(\*RevokeRequest\) ProtoMessage¶
func \(\*RevokeRequest\) ProtoReflect¶
func \(\*RevokeRequest\) Reset¶
func \(\*RevokeRequest\) String¶
type RevokeResponse¶
Response for revoke
type RevokeResponse struct {
Entry *RevocationEntry `protobuf:"bytes,1,opt,name=entry,proto3" json:"entry,omitempty"`
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*RevokeResponse\) Descriptor¶
Deprecated: Use RevokeResponse.ProtoReflect.Descriptor instead.
func \(\*RevokeResponse\) GetEntry¶
func \(\*RevokeResponse\) GetErrorMessage¶
func \(\*RevokeResponse\) ProtoMessage¶
func \(\*RevokeResponse\) ProtoReflect¶
func \(\*RevokeResponse\) Reset¶
func \(\*RevokeResponse\) String¶
type Rule¶
Individual rule definition
type Rule struct {
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
Category ScoreCategory `protobuf:"varint,4,opt,name=category,proto3,enum=capiscio.v1.ScoreCategory" json:"category,omitempty"`
Severity RuleSeverity `protobuf:"varint,5,opt,name=severity,proto3,enum=capiscio.v1.RuleSeverity" json:"severity,omitempty"`
Weight int32 `protobuf:"varint,6,opt,name=weight,proto3" json:"weight,omitempty"` // Weight for scoring (0-100)
Expression string `protobuf:"bytes,7,opt,name=expression,proto3" json:"expression,omitempty"` // Rule expression/predicate
// contains filtered or unexported fields
}
func \(\*Rule\) Descriptor¶
Deprecated: Use Rule.ProtoReflect.Descriptor instead.
func \(\*Rule\) GetCategory¶
func \(\*Rule\) GetDescription¶
func \(\*Rule\) GetExpression¶
func \(\*Rule\) GetId¶
func \(\*Rule\) GetName¶
func \(\*Rule\) GetSeverity¶
func \(\*Rule\) GetWeight¶
func \(\*Rule\) ProtoMessage¶
func \(\*Rule\) ProtoReflect¶
func \(\*Rule\) Reset¶
func \(\*Rule\) String¶
type RuleResult¶
Result of evaluating a single rule
type RuleResult struct {
RuleId string `protobuf:"bytes,1,opt,name=rule_id,json=ruleId,proto3" json:"rule_id,omitempty"`
Passed bool `protobuf:"varint,2,opt,name=passed,proto3" json:"passed,omitempty"`
Message string `protobuf:"bytes,3,opt,name=message,proto3" json:"message,omitempty"`
ScoreContribution float64 `protobuf:"fixed64,4,opt,name=score_contribution,json=scoreContribution,proto3" json:"score_contribution,omitempty"` // Points contributed to final score
Details map[string]string `protobuf:"bytes,5,rep,name=details,proto3" json:"details,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
// contains filtered or unexported fields
}
func \(\*RuleResult\) Descriptor¶
Deprecated: Use RuleResult.ProtoReflect.Descriptor instead.
func \(\*RuleResult\) GetDetails¶
func \(\*RuleResult\) GetMessage¶
func \(\*RuleResult\) GetPassed¶
func \(\*RuleResult\) GetRuleId¶
func \(\*RuleResult\) GetScoreContribution¶
func \(\*RuleResult\) ProtoMessage¶
func \(\*RuleResult\) ProtoReflect¶
func \(\*RuleResult\) Reset¶
func \(\*RuleResult\) String¶
type RuleSet¶
Rule set containing multiple rules
type RuleSet struct {
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
Version string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
Description string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
Rules []*Rule `protobuf:"bytes,5,rep,name=rules,proto3" json:"rules,omitempty"`
Metadata map[string]string `protobuf:"bytes,6,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
// contains filtered or unexported fields
}
func \(\*RuleSet\) Descriptor¶
Deprecated: Use RuleSet.ProtoReflect.Descriptor instead.
func \(\*RuleSet\) GetDescription¶
func \(\*RuleSet\) GetId¶
func \(\*RuleSet\) GetMetadata¶
func \(\*RuleSet\) GetName¶
func \(\*RuleSet\) GetRules¶
func \(\*RuleSet\) GetVersion¶
func \(\*RuleSet\) ProtoMessage¶
func \(\*RuleSet\) ProtoReflect¶
func \(\*RuleSet\) Reset¶
func \(\*RuleSet\) String¶
type RuleSeverity¶
Rule severity for scoring
const (
RuleSeverity_RULE_SEVERITY_UNSPECIFIED RuleSeverity = 0
RuleSeverity_RULE_SEVERITY_INFO RuleSeverity = 1
RuleSeverity_RULE_SEVERITY_WARNING RuleSeverity = 2
RuleSeverity_RULE_SEVERITY_ERROR RuleSeverity = 3
RuleSeverity_RULE_SEVERITY_CRITICAL RuleSeverity = 4
)
func \(RuleSeverity\) Descriptor¶
func \(RuleSeverity\) Enum¶
func \(RuleSeverity\) EnumDescriptor¶
Deprecated: Use RuleSeverity.Descriptor instead.
func \(RuleSeverity\) Number¶
func \(RuleSeverity\) String¶
func \(RuleSeverity\) Type¶
type ScoreAgentCardRequest¶
Request to score an agent card
type ScoreAgentCardRequest struct {
AgentCardJson string `protobuf:"bytes,1,opt,name=agent_card_json,json=agentCardJson,proto3" json:"agent_card_json,omitempty"` // JSON of agent card
RuleSetId string `protobuf:"bytes,2,opt,name=rule_set_id,json=ruleSetId,proto3" json:"rule_set_id,omitempty"` // Optional: specific rule set
Categories []ScoreCategory `protobuf:"varint,3,rep,packed,name=categories,proto3,enum=capiscio.v1.ScoreCategory" json:"categories,omitempty"` // Optional: limit to categories
// contains filtered or unexported fields
}
func \(\*ScoreAgentCardRequest\) Descriptor¶
Deprecated: Use ScoreAgentCardRequest.ProtoReflect.Descriptor instead.
func \(\*ScoreAgentCardRequest\) GetAgentCardJson¶
func \(\*ScoreAgentCardRequest\) GetCategories¶
func \(\*ScoreAgentCardRequest\) GetRuleSetId¶
func \(\*ScoreAgentCardRequest\) ProtoMessage¶
func \(\*ScoreAgentCardRequest\) ProtoReflect¶
func \(\*ScoreAgentCardRequest\) Reset¶
func \(\*ScoreAgentCardRequest\) String¶
type ScoreAgentCardResponse¶
Response with score
type ScoreAgentCardResponse struct {
Result *ScoringResult `protobuf:"bytes,1,opt,name=result,proto3" json:"result,omitempty"`
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*ScoreAgentCardResponse\) Descriptor¶
Deprecated: Use ScoreAgentCardResponse.ProtoReflect.Descriptor instead.
func \(\*ScoreAgentCardResponse\) GetErrorMessage¶
func \(\*ScoreAgentCardResponse\) GetResult¶
func \(\*ScoreAgentCardResponse\) ProtoMessage¶
func \(\*ScoreAgentCardResponse\) ProtoReflect¶
func \(\*ScoreAgentCardResponse\) Reset¶
func \(\*ScoreAgentCardResponse\) String¶
type ScoreCategory¶
Score categories
const (
ScoreCategory_SCORE_CATEGORY_UNSPECIFIED ScoreCategory = 0
ScoreCategory_SCORE_CATEGORY_IDENTITY ScoreCategory = 1
ScoreCategory_SCORE_CATEGORY_CAPABILITIES ScoreCategory = 2
ScoreCategory_SCORE_CATEGORY_SECURITY ScoreCategory = 3
ScoreCategory_SCORE_CATEGORY_COMPLIANCE ScoreCategory = 4
ScoreCategory_SCORE_CATEGORY_TRANSPARENCY ScoreCategory = 5
)
func \(ScoreCategory\) Descriptor¶
func \(ScoreCategory\) Enum¶
func \(ScoreCategory\) EnumDescriptor¶
Deprecated: Use ScoreCategory.Descriptor instead.
func \(ScoreCategory\) Number¶
func \(ScoreCategory\) String¶
func \(ScoreCategory\) Type¶
type ScoringResult¶
Full scoring result
type ScoringResult struct {
OverallScore float64 `protobuf:"fixed64,1,opt,name=overall_score,json=overallScore,proto3" json:"overall_score,omitempty"` // 0.0 to 1.0
Rating Rating `protobuf:"varint,2,opt,name=rating,proto3,enum=capiscio.v1.Rating" json:"rating,omitempty"` // Derived rating
Categories []*CategoryScore `protobuf:"bytes,3,rep,name=categories,proto3" json:"categories,omitempty"`
RuleResults []*RuleResult `protobuf:"bytes,4,rep,name=rule_results,json=ruleResults,proto3" json:"rule_results,omitempty"`
Validation *ValidationResult `protobuf:"bytes,5,opt,name=validation,proto3" json:"validation,omitempty"` // Any validation issues found
ScoredAt *Timestamp `protobuf:"bytes,6,opt,name=scored_at,json=scoredAt,proto3" json:"scored_at,omitempty"`
RuleSetId string `protobuf:"bytes,7,opt,name=rule_set_id,json=ruleSetId,proto3" json:"rule_set_id,omitempty"`
RuleSetVersion string `protobuf:"bytes,8,opt,name=rule_set_version,json=ruleSetVersion,proto3" json:"rule_set_version,omitempty"`
// contains filtered or unexported fields
}
func \(\*ScoringResult\) Descriptor¶
Deprecated: Use ScoringResult.ProtoReflect.Descriptor instead.
func \(\*ScoringResult\) GetCategories¶
func \(\*ScoringResult\) GetOverallScore¶
func \(\*ScoringResult\) GetRating¶
func \(\*ScoringResult\) GetRuleResults¶
func \(\*ScoringResult\) GetRuleSetId¶
func \(\*ScoringResult\) GetRuleSetVersion¶
func \(\*ScoringResult\) GetScoredAt¶
func \(\*ScoringResult\) GetValidation¶
func \(\*ScoringResult\) ProtoMessage¶
func \(\*ScoringResult\) ProtoReflect¶
func \(\*ScoringResult\) Reset¶
func \(\*ScoringResult\) String¶
type ScoringServiceClient¶
ScoringServiceClient is the client API for ScoringService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
ScoringService evaluates agent cards and generates trust scores
type ScoringServiceClient interface {
// Validate an agent card and generate a score
ScoreAgentCard(ctx context.Context, in *ScoreAgentCardRequest, opts ...grpc.CallOption) (*ScoreAgentCardResponse, error)
// Validate a single rule
ValidateRule(ctx context.Context, in *ValidateRuleRequest, opts ...grpc.CallOption) (*ValidateRuleResponse, error)
// Get available rule sets
ListRuleSets(ctx context.Context, in *ListRuleSetsRequest, opts ...grpc.CallOption) (*ListRuleSetsResponse, error)
// Get rule set details
GetRuleSet(ctx context.Context, in *GetRuleSetRequest, opts ...grpc.CallOption) (*GetRuleSetResponse, error)
// Calculate aggregate score from multiple validations
AggregateScores(ctx context.Context, in *AggregateScoresRequest, opts ...grpc.CallOption) (*AggregateScoresResponse, error)
}
func NewScoringServiceClient¶
type ScoringServiceServer¶
ScoringServiceServer is the server API for ScoringService service. All implementations must embed UnimplementedScoringServiceServer for forward compatibility.
ScoringService evaluates agent cards and generates trust scores
type ScoringServiceServer interface {
// Validate an agent card and generate a score
ScoreAgentCard(context.Context, *ScoreAgentCardRequest) (*ScoreAgentCardResponse, error)
// Validate a single rule
ValidateRule(context.Context, *ValidateRuleRequest) (*ValidateRuleResponse, error)
// Get available rule sets
ListRuleSets(context.Context, *ListRuleSetsRequest) (*ListRuleSetsResponse, error)
// Get rule set details
GetRuleSet(context.Context, *GetRuleSetRequest) (*GetRuleSetResponse, error)
// Calculate aggregate score from multiple validations
AggregateScores(context.Context, *AggregateScoresRequest) (*AggregateScoresResponse, error)
// contains filtered or unexported methods
}
type SearchAgentsRequest¶
Search request
type SearchAgentsRequest struct {
Query string `protobuf:"bytes,1,opt,name=query,proto3" json:"query,omitempty"` // Free text query
Capabilities []string `protobuf:"bytes,2,rep,name=capabilities,proto3" json:"capabilities,omitempty"` // Filter by capabilities
Tags []string `protobuf:"bytes,3,rep,name=tags,proto3" json:"tags,omitempty"` // Filter by tags
Operator SearchOperator `protobuf:"varint,4,opt,name=operator,proto3,enum=capiscio.v1.SearchOperator" json:"operator,omitempty"` // How to combine filters
MinRating Rating `protobuf:"varint,5,opt,name=min_rating,json=minRating,proto3,enum=capiscio.v1.Rating" json:"min_rating,omitempty"` // Minimum rating filter
StatusFilter AgentStatus `protobuf:"varint,6,opt,name=status_filter,json=statusFilter,proto3,enum=capiscio.v1.AgentStatus" json:"status_filter,omitempty"` // Status filter
Limit int32 `protobuf:"varint,7,opt,name=limit,proto3" json:"limit,omitempty"`
Cursor string `protobuf:"bytes,8,opt,name=cursor,proto3" json:"cursor,omitempty"`
SortBy string `protobuf:"bytes,9,opt,name=sort_by,json=sortBy,proto3" json:"sort_by,omitempty"` // Field to sort by
SortDescending bool `protobuf:"varint,10,opt,name=sort_descending,json=sortDescending,proto3" json:"sort_descending,omitempty"`
// contains filtered or unexported fields
}
func \(\*SearchAgentsRequest\) Descriptor¶
Deprecated: Use SearchAgentsRequest.ProtoReflect.Descriptor instead.
func \(\*SearchAgentsRequest\) GetCapabilities¶
func \(\*SearchAgentsRequest\) GetCursor¶
func \(\*SearchAgentsRequest\) GetLimit¶
func \(\*SearchAgentsRequest\) GetMinRating¶
func \(\*SearchAgentsRequest\) GetOperator¶
func \(\*SearchAgentsRequest\) GetQuery¶
func \(\*SearchAgentsRequest\) GetSortBy¶
func \(\*SearchAgentsRequest\) GetSortDescending¶
func \(\*SearchAgentsRequest\) GetStatusFilter¶
func \(\*SearchAgentsRequest\) GetTags¶
func \(\*SearchAgentsRequest\) ProtoMessage¶
func \(\*SearchAgentsRequest\) ProtoReflect¶
func \(\*SearchAgentsRequest\) Reset¶
func \(\*SearchAgentsRequest\) String¶
type SearchAgentsResponse¶
Search response
type SearchAgentsResponse struct {
Agents []*RegisteredAgent `protobuf:"bytes,1,rep,name=agents,proto3" json:"agents,omitempty"`
NextCursor string `protobuf:"bytes,2,opt,name=next_cursor,json=nextCursor,proto3" json:"next_cursor,omitempty"`
TotalCount int32 `protobuf:"varint,3,opt,name=total_count,json=totalCount,proto3" json:"total_count,omitempty"`
// contains filtered or unexported fields
}
func \(\*SearchAgentsResponse\) Descriptor¶
Deprecated: Use SearchAgentsResponse.ProtoReflect.Descriptor instead.
func \(\*SearchAgentsResponse\) GetAgents¶
func \(\*SearchAgentsResponse\) GetNextCursor¶
func \(\*SearchAgentsResponse\) GetTotalCount¶
func \(\*SearchAgentsResponse\) ProtoMessage¶
func \(\*SearchAgentsResponse\) ProtoReflect¶
func \(\*SearchAgentsResponse\) Reset¶
func \(\*SearchAgentsResponse\) String¶
type SearchOperator¶
Search operator
const (
SearchOperator_SEARCH_OPERATOR_UNSPECIFIED SearchOperator = 0
SearchOperator_SEARCH_OPERATOR_AND SearchOperator = 1
SearchOperator_SEARCH_OPERATOR_OR SearchOperator = 2
)
func \(SearchOperator\) Descriptor¶
func \(SearchOperator\) Enum¶
func \(SearchOperator\) EnumDescriptor¶
Deprecated: Use SearchOperator.Descriptor instead.
func \(SearchOperator\) Number¶
func \(SearchOperator\) String¶
func \(SearchOperator\) Type¶
type SignAttachedRequest¶
Request to sign with attached payload
type SignAttachedRequest struct {
Payload []byte `protobuf:"bytes,1,opt,name=payload,proto3" json:"payload,omitempty"`
KeyId string `protobuf:"bytes,2,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
Format SignatureFormat `protobuf:"varint,3,opt,name=format,proto3,enum=capiscio.v1.SignatureFormat" json:"format,omitempty"`
Headers map[string]string `protobuf:"bytes,4,rep,name=headers,proto3" json:"headers,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"`
DetachPayload bool `protobuf:"varint,5,opt,name=detach_payload,json=detachPayload,proto3" json:"detach_payload,omitempty"` // Whether to detach payload from JWS
// contains filtered or unexported fields
}
func \(\*SignAttachedRequest\) Descriptor¶
Deprecated: Use SignAttachedRequest.ProtoReflect.Descriptor instead.
func \(\*SignAttachedRequest\) GetDetachPayload¶
func \(\*SignAttachedRequest\) GetFormat¶
func \(\*SignAttachedRequest\) GetHeaders¶
func \(\*SignAttachedRequest\) GetKeyId¶
func \(\*SignAttachedRequest\) GetPayload¶
func \(\*SignAttachedRequest\) ProtoMessage¶
func \(\*SignAttachedRequest\) ProtoReflect¶
func \(\*SignAttachedRequest\) Reset¶
func \(\*SignAttachedRequest\) String¶
type SignAttachedResponse¶
Response with attached signature
type SignAttachedResponse struct {
Jws string `protobuf:"bytes,1,opt,name=jws,proto3" json:"jws,omitempty"` // Complete JWS
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*SignAttachedResponse\) Descriptor¶
Deprecated: Use SignAttachedResponse.ProtoReflect.Descriptor instead.
func \(\*SignAttachedResponse\) GetErrorMessage¶
func \(\*SignAttachedResponse\) GetJws¶
func \(\*SignAttachedResponse\) ProtoMessage¶
func \(\*SignAttachedResponse\) ProtoReflect¶
func \(\*SignAttachedResponse\) Reset¶
func \(\*SignAttachedResponse\) String¶
type SignBadgeRequest¶
Request to sign a badge
type SignBadgeRequest struct {
Claims *BadgeClaims `protobuf:"bytes,1,opt,name=claims,proto3" json:"claims,omitempty"`
// Private key in JWK format (JSON string)
PrivateKeyJwk string `protobuf:"bytes,2,opt,name=private_key_jwk,json=privateKeyJwk,proto3" json:"private_key_jwk,omitempty"`
// Key ID for the signing key
KeyId string `protobuf:"bytes,3,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
// contains filtered or unexported fields
}
func \(\*SignBadgeRequest\) Descriptor¶
Deprecated: Use SignBadgeRequest.ProtoReflect.Descriptor instead.
func \(\*SignBadgeRequest\) GetClaims¶
func \(\*SignBadgeRequest\) GetKeyId¶
func \(\*SignBadgeRequest\) GetPrivateKeyJwk¶
func \(\*SignBadgeRequest\) ProtoMessage¶
func \(\*SignBadgeRequest\) ProtoReflect¶
func \(\*SignBadgeRequest\) Reset¶
func \(\*SignBadgeRequest\) String¶
type SignBadgeResponse¶
Response with signed badge
type SignBadgeResponse struct {
Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"` // Signed JWT token
Claims *BadgeClaims `protobuf:"bytes,2,opt,name=claims,proto3" json:"claims,omitempty"`
// contains filtered or unexported fields
}
func \(\*SignBadgeResponse\) Descriptor¶
Deprecated: Use SignBadgeResponse.ProtoReflect.Descriptor instead.
func \(\*SignBadgeResponse\) GetClaims¶
func \(\*SignBadgeResponse\) GetToken¶
func \(\*SignBadgeResponse\) ProtoMessage¶
func \(\*SignBadgeResponse\) ProtoReflect¶
func \(\*SignBadgeResponse\) Reset¶
func \(\*SignBadgeResponse\) String¶
type SignRequest¶
Request to sign
type SignRequest struct {
Payload []byte `protobuf:"bytes,1,opt,name=payload,proto3" json:"payload,omitempty"`
KeyId string `protobuf:"bytes,2,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` // Key to use for signing
Format SignatureFormat `protobuf:"varint,3,opt,name=format,proto3,enum=capiscio.v1.SignatureFormat" json:"format,omitempty"`
Headers map[string]string `protobuf:"bytes,4,rep,name=headers,proto3" json:"headers,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` // Additional JWS headers
// contains filtered or unexported fields
}
func \(\*SignRequest\) Descriptor¶
Deprecated: Use SignRequest.ProtoReflect.Descriptor instead.
func \(\*SignRequest\) GetFormat¶
func \(\*SignRequest\) GetHeaders¶
func \(\*SignRequest\) GetKeyId¶
func \(\*SignRequest\) GetPayload¶
func \(\*SignRequest\) ProtoMessage¶
func \(\*SignRequest\) ProtoReflect¶
func \(\*SignRequest\) Reset¶
func \(\*SignRequest\) String¶
type SignResponse¶
Response with signature
type SignResponse struct {
Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
SignatureString string `protobuf:"bytes,2,opt,name=signature_string,json=signatureString,proto3" json:"signature_string,omitempty"` // String form if applicable
ErrorMessage string `protobuf:"bytes,3,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*SignResponse\) Descriptor¶
Deprecated: Use SignResponse.ProtoReflect.Descriptor instead.
func \(\*SignResponse\) GetErrorMessage¶
func \(\*SignResponse\) GetSignature¶
func \(\*SignResponse\) GetSignatureString¶
func \(\*SignResponse\) ProtoMessage¶
func \(\*SignResponse\) ProtoReflect¶
func \(\*SignResponse\) Reset¶
func \(\*SignResponse\) String¶
type SignatureFormat¶
Signature format
const (
SignatureFormat_SIGNATURE_FORMAT_UNSPECIFIED SignatureFormat = 0
SignatureFormat_SIGNATURE_FORMAT_JWS_COMPACT SignatureFormat = 1
SignatureFormat_SIGNATURE_FORMAT_JWS_JSON SignatureFormat = 2
SignatureFormat_SIGNATURE_FORMAT_RAW SignatureFormat = 3
)
func \(SignatureFormat\) Descriptor¶
func \(SignatureFormat\) Enum¶
func \(SignatureFormat\) EnumDescriptor¶
Deprecated: Use SignatureFormat.Descriptor instead.
func \(SignatureFormat\) Number¶
func \(SignatureFormat\) String¶
func \(SignatureFormat\) Type¶
type SimpleGuardServiceClient¶
SimpleGuardServiceClient is the client API for SimpleGuardService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
SimpleGuardService provides simplified signing and verification
type SimpleGuardServiceClient interface {
// Sign a message
Sign(ctx context.Context, in *SignRequest, opts ...grpc.CallOption) (*SignResponse, error)
// Verify a signed message
Verify(ctx context.Context, in *VerifyRequest, opts ...grpc.CallOption) (*VerifyResponse, error)
// Sign with attached payload (creates JWS)
SignAttached(ctx context.Context, in *SignAttachedRequest, opts ...grpc.CallOption) (*SignAttachedResponse, error)
// Verify with attached payload
VerifyAttached(ctx context.Context, in *VerifyAttachedRequest, opts ...grpc.CallOption) (*VerifyAttachedResponse, error)
// Generate a new key pair
GenerateKeyPair(ctx context.Context, in *GenerateKeyPairRequest, opts ...grpc.CallOption) (*GenerateKeyPairResponse, error)
// Load key from file
LoadKey(ctx context.Context, in *LoadKeyRequest, opts ...grpc.CallOption) (*LoadKeyResponse, error)
// Export key to file
ExportKey(ctx context.Context, in *ExportKeyRequest, opts ...grpc.CallOption) (*ExportKeyResponse, error)
// Get key info
GetKeyInfo(ctx context.Context, in *GetKeyInfoRequest, opts ...grpc.CallOption) (*GetKeyInfoResponse, error)
// Initialize agent identity (Let's Encrypt style one-call setup)
// Generates key pair, derives DID, registers with server, creates agent card
Init(ctx context.Context, in *InitRequest, opts ...grpc.CallOption) (*InitResponse, error)
}
func NewSimpleGuardServiceClient¶
type SimpleGuardServiceServer¶
SimpleGuardServiceServer is the server API for SimpleGuardService service. All implementations must embed UnimplementedSimpleGuardServiceServer for forward compatibility.
SimpleGuardService provides simplified signing and verification
type SimpleGuardServiceServer interface {
// Sign a message
Sign(context.Context, *SignRequest) (*SignResponse, error)
// Verify a signed message
Verify(context.Context, *VerifyRequest) (*VerifyResponse, error)
// Sign with attached payload (creates JWS)
SignAttached(context.Context, *SignAttachedRequest) (*SignAttachedResponse, error)
// Verify with attached payload
VerifyAttached(context.Context, *VerifyAttachedRequest) (*VerifyAttachedResponse, error)
// Generate a new key pair
GenerateKeyPair(context.Context, *GenerateKeyPairRequest) (*GenerateKeyPairResponse, error)
// Load key from file
LoadKey(context.Context, *LoadKeyRequest) (*LoadKeyResponse, error)
// Export key to file
ExportKey(context.Context, *ExportKeyRequest) (*ExportKeyResponse, error)
// Get key info
GetKeyInfo(context.Context, *GetKeyInfoRequest) (*GetKeyInfoResponse, error)
// Initialize agent identity (Let's Encrypt style one-call setup)
// Generates key pair, derives DID, registers with server, creates agent card
Init(context.Context, *InitRequest) (*InitResponse, error)
// contains filtered or unexported methods
}
type StartKeeperRequest¶
Request to start a badge keeper daemon
type StartKeeperRequest struct {
// Mode: CA or self-signed
Mode KeeperMode `protobuf:"varint,1,opt,name=mode,proto3,enum=capiscio.v1.KeeperMode" json:"mode,omitempty"`
// Agent ID (required for CA mode)
AgentId string `protobuf:"bytes,2,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"`
// CA URL (default: https://registry.capisc.io)
CaUrl string `protobuf:"bytes,3,opt,name=ca_url,json=caUrl,proto3" json:"ca_url,omitempty"`
// API key for CA authentication (required for CA mode)
ApiKey string `protobuf:"bytes,4,opt,name=api_key,json=apiKey,proto3" json:"api_key,omitempty"`
// Output file path for the badge
OutputFile string `protobuf:"bytes,5,opt,name=output_file,json=outputFile,proto3" json:"output_file,omitempty"`
// Badge TTL in seconds (default: 300)
TtlSeconds int32 `protobuf:"varint,6,opt,name=ttl_seconds,json=ttlSeconds,proto3" json:"ttl_seconds,omitempty"`
// Time before expiry to renew, in seconds (default: 60)
RenewBeforeSeconds int32 `protobuf:"varint,7,opt,name=renew_before_seconds,json=renewBeforeSeconds,proto3" json:"renew_before_seconds,omitempty"`
// Check interval in seconds (default: 30)
CheckIntervalSeconds int32 `protobuf:"varint,8,opt,name=check_interval_seconds,json=checkIntervalSeconds,proto3" json:"check_interval_seconds,omitempty"`
// Private key path (required for self-sign mode, JWK file)
PrivateKeyPath string `protobuf:"bytes,9,opt,name=private_key_path,json=privateKeyPath,proto3" json:"private_key_path,omitempty"`
// Domain for the badge
Domain string `protobuf:"bytes,10,opt,name=domain,proto3" json:"domain,omitempty"`
// Trust level (for CA mode, 1-4; self-sign always 0)
TrustLevel TrustLevel `protobuf:"varint,11,opt,name=trust_level,json=trustLevel,proto3,enum=capiscio.v1.TrustLevel" json:"trust_level,omitempty"`
// contains filtered or unexported fields
}
func \(\*StartKeeperRequest\) Descriptor¶
Deprecated: Use StartKeeperRequest.ProtoReflect.Descriptor instead.
func \(\*StartKeeperRequest\) GetAgentId¶
func \(\*StartKeeperRequest\) GetApiKey¶
func \(\*StartKeeperRequest\) GetCaUrl¶
func \(\*StartKeeperRequest\) GetCheckIntervalSeconds¶
func \(\*StartKeeperRequest\) GetDomain¶
func \(\*StartKeeperRequest\) GetMode¶
func \(\*StartKeeperRequest\) GetOutputFile¶
func \(\*StartKeeperRequest\) GetPrivateKeyPath¶
func \(\*StartKeeperRequest\) GetRenewBeforeSeconds¶
func \(\*StartKeeperRequest\) GetTrustLevel¶
func \(\*StartKeeperRequest\) GetTtlSeconds¶
func \(\*StartKeeperRequest\) ProtoMessage¶
func \(\*StartKeeperRequest\) ProtoReflect¶
func \(\*StartKeeperRequest\) Reset¶
func \(\*StartKeeperRequest\) String¶
type Timestamp¶
Timestamp in RFC3339 format
type Timestamp struct {
Value string `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"` // RFC3339 formatted timestamp
// contains filtered or unexported fields
}
func \(\*Timestamp\) Descriptor¶
Deprecated: Use Timestamp.ProtoReflect.Descriptor instead.
func \(\*Timestamp\) GetValue¶
func \(\*Timestamp\) ProtoMessage¶
func \(\*Timestamp\) ProtoReflect¶
func \(\*Timestamp\) Reset¶
func \(\*Timestamp\) String¶
type TrustLevel¶
Trust level for badges \(RFC\-002 ยง5\) NOTE: Proto enum ordinals \(1\-5\) map to RFC-002 level strings \("0"\-"4"\) The badge JWT `vc.credentialSubject.level` uses the RFC string values
const (
TrustLevel_TRUST_LEVEL_UNSPECIFIED TrustLevel = 0
TrustLevel_TRUST_LEVEL_SELF_SIGNED TrustLevel = 1 // RFC-002 Level "0": Self-Signed (SS) - did:key, iss == sub
TrustLevel_TRUST_LEVEL_DV TrustLevel = 2 // RFC-002 Level "1": Registered (REG) - account registration
TrustLevel_TRUST_LEVEL_OV TrustLevel = 3 // RFC-002 Level "2": Domain Validated (DV) - DNS/HTTP proof
TrustLevel_TRUST_LEVEL_EV TrustLevel = 4 // RFC-002 Level "3": Organization Validated (OV) - legal entity
TrustLevel_TRUST_LEVEL_CV TrustLevel = 5 // RFC-002 Level "4": Extended Validated (EV) - security audit
)
func \(TrustLevel\) Descriptor¶
func \(TrustLevel\) Enum¶
func \(TrustLevel\) EnumDescriptor¶
Deprecated: Use TrustLevel.Descriptor instead.
func \(TrustLevel\) Number¶
func \(TrustLevel\) String¶
func \(TrustLevel\) Type¶
type TrustStoreServiceClient¶
TrustStoreServiceClient is the client API for TrustStoreService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
TrustStoreService manages trusted keys and certificates
type TrustStoreServiceClient interface {
// Add a trusted public key
AddKey(ctx context.Context, in *AddKeyRequest, opts ...grpc.CallOption) (*AddKeyResponse, error)
// Remove a trusted key
RemoveKey(ctx context.Context, in *RemoveKeyRequest, opts ...grpc.CallOption) (*RemoveKeyResponse, error)
// Get a key by DID
GetKey(ctx context.Context, in *GetKeyRequest, opts ...grpc.CallOption) (*GetKeyResponse, error)
// List all trusted keys
ListKeys(ctx context.Context, in *ListKeysRequest, opts ...grpc.CallOption) (*ListKeysResponse, error)
// Check if a key is trusted
IsTrusted(ctx context.Context, in *IsTrustedRequest, opts ...grpc.CallOption) (*IsTrustedResponse, error)
// Import keys from a directory
ImportFromDirectory(ctx context.Context, in *ImportFromDirectoryRequest, opts ...grpc.CallOption) (*ImportFromDirectoryResponse, error)
// Export keys to a directory
ExportToDirectory(ctx context.Context, in *ExportToDirectoryRequest, opts ...grpc.CallOption) (*ExportToDirectoryResponse, error)
// Clear all keys
Clear(ctx context.Context, in *ClearKeysRequest, opts ...grpc.CallOption) (*ClearKeysResponse, error)
}
func NewTrustStoreServiceClient¶
type TrustStoreServiceServer¶
TrustStoreServiceServer is the server API for TrustStoreService service. All implementations must embed UnimplementedTrustStoreServiceServer for forward compatibility.
TrustStoreService manages trusted keys and certificates
type TrustStoreServiceServer interface {
// Add a trusted public key
AddKey(context.Context, *AddKeyRequest) (*AddKeyResponse, error)
// Remove a trusted key
RemoveKey(context.Context, *RemoveKeyRequest) (*RemoveKeyResponse, error)
// Get a key by DID
GetKey(context.Context, *GetKeyRequest) (*GetKeyResponse, error)
// List all trusted keys
ListKeys(context.Context, *ListKeysRequest) (*ListKeysResponse, error)
// Check if a key is trusted
IsTrusted(context.Context, *IsTrustedRequest) (*IsTrustedResponse, error)
// Import keys from a directory
ImportFromDirectory(context.Context, *ImportFromDirectoryRequest) (*ImportFromDirectoryResponse, error)
// Export keys to a directory
ExportToDirectory(context.Context, *ExportToDirectoryRequest) (*ExportToDirectoryResponse, error)
// Clear all keys
Clear(context.Context, *ClearKeysRequest) (*ClearKeysResponse, error)
// contains filtered or unexported methods
}
type TrustedKey¶
Trusted key metadata
type TrustedKey struct {
Did string `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"` // DID associated with key
KeyId string `protobuf:"bytes,2,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` // Key identifier
Algorithm KeyAlgorithm `protobuf:"varint,3,opt,name=algorithm,proto3,enum=capiscio.v1.KeyAlgorithm" json:"algorithm,omitempty"` // Key algorithm
PublicKey []byte `protobuf:"bytes,4,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` // Public key bytes
Format KeyFormat `protobuf:"varint,5,opt,name=format,proto3,enum=capiscio.v1.KeyFormat" json:"format,omitempty"` // Key format
AddedAt *Timestamp `protobuf:"bytes,6,opt,name=added_at,json=addedAt,proto3" json:"added_at,omitempty"` // When key was added
ExpiresAt *Timestamp `protobuf:"bytes,7,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` // Optional expiration
Metadata map[string]string `protobuf:"bytes,8,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` // Additional metadata
// contains filtered or unexported fields
}
func \(\*TrustedKey\) Descriptor¶
Deprecated: Use TrustedKey.ProtoReflect.Descriptor instead.
func \(\*TrustedKey\) GetAddedAt¶
func \(\*TrustedKey\) GetAlgorithm¶
func \(\*TrustedKey\) GetDid¶
func \(\*TrustedKey\) GetExpiresAt¶
func \(\*TrustedKey\) GetFormat¶
func \(\*TrustedKey\) GetKeyId¶
func \(\*TrustedKey\) GetMetadata¶
func \(\*TrustedKey\) GetPublicKey¶
func \(\*TrustedKey\) ProtoMessage¶
func \(\*TrustedKey\) ProtoReflect¶
func \(\*TrustedKey\) Reset¶
func \(\*TrustedKey\) String¶
type UnimplementedBadgeServiceServer¶
UnimplementedBadgeServiceServer must be embedded to have forward compatible implementations.
NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.
func \(UnimplementedBadgeServiceServer\) CreateDVOrder¶
func (UnimplementedBadgeServiceServer) CreateDVOrder(context.Context, *CreateDVOrderRequest) (*CreateDVOrderResponse, error)
func \(UnimplementedBadgeServiceServer\) FinalizeDVOrder¶
func (UnimplementedBadgeServiceServer) FinalizeDVOrder(context.Context, *FinalizeDVOrderRequest) (*FinalizeDVOrderResponse, error)
func \(UnimplementedBadgeServiceServer\) GetDVOrder¶
func (UnimplementedBadgeServiceServer) GetDVOrder(context.Context, *GetDVOrderRequest) (*GetDVOrderResponse, error)
func \(UnimplementedBadgeServiceServer\) ParseBadge¶
func (UnimplementedBadgeServiceServer) ParseBadge(context.Context, *ParseBadgeRequest) (*ParseBadgeResponse, error)
func \(UnimplementedBadgeServiceServer\) RequestBadge¶
func (UnimplementedBadgeServiceServer) RequestBadge(context.Context, *RequestBadgeRequest) (*RequestBadgeResponse, error)
func \(UnimplementedBadgeServiceServer\) RequestPoPBadge¶
func (UnimplementedBadgeServiceServer) RequestPoPBadge(context.Context, *RequestPoPBadgeRequest) (*RequestPoPBadgeResponse, error)
func \(UnimplementedBadgeServiceServer\) SignBadge¶
func (UnimplementedBadgeServiceServer) SignBadge(context.Context, *SignBadgeRequest) (*SignBadgeResponse, error)
func \(UnimplementedBadgeServiceServer\) StartKeeper¶
func (UnimplementedBadgeServiceServer) StartKeeper(*StartKeeperRequest, grpc.ServerStreamingServer[KeeperEvent]) error
func \(UnimplementedBadgeServiceServer\) VerifyBadge¶
func (UnimplementedBadgeServiceServer) VerifyBadge(context.Context, *VerifyBadgeRequest) (*VerifyBadgeResponse, error)
func \(UnimplementedBadgeServiceServer\) VerifyBadgeWithOptions¶
func (UnimplementedBadgeServiceServer) VerifyBadgeWithOptions(context.Context, *VerifyBadgeWithOptionsRequest) (*VerifyBadgeResponse, error)
type UnimplementedDIDServiceServer¶
UnimplementedDIDServiceServer must be embedded to have forward compatible implementations.
NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.
func \(UnimplementedDIDServiceServer\) DocumentURL¶
func (UnimplementedDIDServiceServer) DocumentURL(context.Context, *DocumentURLRequest) (*DocumentURLResponse, error)
func \(UnimplementedDIDServiceServer\) IsAgentDID¶
func (UnimplementedDIDServiceServer) IsAgentDID(context.Context, *IsAgentDIDRequest) (*IsAgentDIDResponse, error)
func \(UnimplementedDIDServiceServer\) NewAgentDID¶
func (UnimplementedDIDServiceServer) NewAgentDID(context.Context, *NewAgentDIDRequest) (*NewAgentDIDResponse, error)
func \(UnimplementedDIDServiceServer\) NewCapiscIOAgentDID¶
func (UnimplementedDIDServiceServer) NewCapiscIOAgentDID(context.Context, *NewCapiscIOAgentDIDRequest) (*NewAgentDIDResponse, error)
func \(UnimplementedDIDServiceServer\) Parse¶
func (UnimplementedDIDServiceServer) Parse(context.Context, *ParseDIDRequest) (*ParseDIDResponse, error)
type UnimplementedMCPServiceServer¶
UnimplementedMCPServiceServer must be embedded to have forward compatible implementations.
NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.
func \(UnimplementedMCPServiceServer\) EvaluatePolicyDecision¶
func (UnimplementedMCPServiceServer) EvaluatePolicyDecision(context.Context, *PolicyDecisionRequest) (*PolicyDecisionResponse, error)
func \(UnimplementedMCPServiceServer\) EvaluateToolAccess¶
func (UnimplementedMCPServiceServer) EvaluateToolAccess(context.Context, *EvaluateToolAccessRequest) (*EvaluateToolAccessResponse, error)
func \(UnimplementedMCPServiceServer\) Health¶
func (UnimplementedMCPServiceServer) Health(context.Context, *MCPHealthRequest) (*MCPHealthResponse, error)
func \(UnimplementedMCPServiceServer\) ParseServerIdentity¶
func (UnimplementedMCPServiceServer) ParseServerIdentity(context.Context, *ParseServerIdentityRequest) (*ParseServerIdentityResponse, error)
func \(UnimplementedMCPServiceServer\) VerifyServerIdentity¶
func (UnimplementedMCPServiceServer) VerifyServerIdentity(context.Context, *VerifyServerIdentityRequest) (*VerifyServerIdentityResponse, error)
type UnimplementedRegistryServiceServer¶
UnimplementedRegistryServiceServer must be embedded to have forward compatible implementations.
NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.
func \(UnimplementedRegistryServiceServer\) DeregisterAgent¶
func (UnimplementedRegistryServiceServer) DeregisterAgent(context.Context, *DeregisterAgentRequest) (*DeregisterAgentResponse, error)
func \(UnimplementedRegistryServiceServer\) GetAgent¶
func (UnimplementedRegistryServiceServer) GetAgent(context.Context, *GetAgentRequest) (*GetAgentResponse, error)
func \(UnimplementedRegistryServiceServer\) GetStats¶
func (UnimplementedRegistryServiceServer) GetStats(context.Context, *GetStatsRequest) (*GetStatsResponse, error)
func \(UnimplementedRegistryServiceServer\) ListAgents¶
func (UnimplementedRegistryServiceServer) ListAgents(context.Context, *ListAgentsRequest) (*ListAgentsResponse, error)
func \(UnimplementedRegistryServiceServer\) Ping¶
func (UnimplementedRegistryServiceServer) Ping(context.Context, *PingRequest) (*PingResponse, error)
func \(UnimplementedRegistryServiceServer\) RegisterAgent¶
func (UnimplementedRegistryServiceServer) RegisterAgent(context.Context, *RegisterAgentRequest) (*RegisterAgentResponse, error)
func \(UnimplementedRegistryServiceServer\) SearchAgents¶
func (UnimplementedRegistryServiceServer) SearchAgents(context.Context, *SearchAgentsRequest) (*SearchAgentsResponse, error)
func \(UnimplementedRegistryServiceServer\) UpdateAgent¶
func (UnimplementedRegistryServiceServer) UpdateAgent(context.Context, *UpdateAgentRequest) (*UpdateAgentResponse, error)
func \(UnimplementedRegistryServiceServer\) VerifyRegistration¶
func (UnimplementedRegistryServiceServer) VerifyRegistration(context.Context, *VerifyRegistrationRequest) (*VerifyRegistrationResponse, error)
type UnimplementedRevocationServiceServer¶
UnimplementedRevocationServiceServer must be embedded to have forward compatible implementations.
NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.
func \(UnimplementedRevocationServiceServer\) ClearCache¶
func (UnimplementedRevocationServiceServer) ClearCache(context.Context, *ClearCacheRequest) (*ClearCacheResponse, error)
func \(UnimplementedRevocationServiceServer\) FetchRevocationList¶
func (UnimplementedRevocationServiceServer) FetchRevocationList(context.Context, *FetchRevocationListRequest) (*FetchRevocationListResponse, error)
func \(UnimplementedRevocationServiceServer\) GetCacheStats¶
func (UnimplementedRevocationServiceServer) GetCacheStats(context.Context, *GetCacheStatsRequest) (*GetCacheStatsResponse, error)
func \(UnimplementedRevocationServiceServer\) IsRevoked¶
func (UnimplementedRevocationServiceServer) IsRevoked(context.Context, *IsRevokedRequest) (*IsRevokedResponse, error)
func \(UnimplementedRevocationServiceServer\) ListRevocations¶
func (UnimplementedRevocationServiceServer) ListRevocations(context.Context, *ListRevocationsRequest) (*ListRevocationsResponse, error)
func \(UnimplementedRevocationServiceServer\) Revoke¶
func (UnimplementedRevocationServiceServer) Revoke(context.Context, *RevokeRequest) (*RevokeResponse, error)
func \(UnimplementedRevocationServiceServer\) Unrevoke¶
func (UnimplementedRevocationServiceServer) Unrevoke(context.Context, *UnrevokeRequest) (*UnrevokeResponse, error)
type UnimplementedScoringServiceServer¶
UnimplementedScoringServiceServer must be embedded to have forward compatible implementations.
NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.
func \(UnimplementedScoringServiceServer\) AggregateScores¶
func (UnimplementedScoringServiceServer) AggregateScores(context.Context, *AggregateScoresRequest) (*AggregateScoresResponse, error)
func \(UnimplementedScoringServiceServer\) GetRuleSet¶
func (UnimplementedScoringServiceServer) GetRuleSet(context.Context, *GetRuleSetRequest) (*GetRuleSetResponse, error)
func \(UnimplementedScoringServiceServer\) ListRuleSets¶
func (UnimplementedScoringServiceServer) ListRuleSets(context.Context, *ListRuleSetsRequest) (*ListRuleSetsResponse, error)
func \(UnimplementedScoringServiceServer\) ScoreAgentCard¶
func (UnimplementedScoringServiceServer) ScoreAgentCard(context.Context, *ScoreAgentCardRequest) (*ScoreAgentCardResponse, error)
func \(UnimplementedScoringServiceServer\) ValidateRule¶
func (UnimplementedScoringServiceServer) ValidateRule(context.Context, *ValidateRuleRequest) (*ValidateRuleResponse, error)
type UnimplementedSimpleGuardServiceServer¶
UnimplementedSimpleGuardServiceServer must be embedded to have forward compatible implementations.
NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.
func \(UnimplementedSimpleGuardServiceServer\) ExportKey¶
func (UnimplementedSimpleGuardServiceServer) ExportKey(context.Context, *ExportKeyRequest) (*ExportKeyResponse, error)
func \(UnimplementedSimpleGuardServiceServer\) GenerateKeyPair¶
func (UnimplementedSimpleGuardServiceServer) GenerateKeyPair(context.Context, *GenerateKeyPairRequest) (*GenerateKeyPairResponse, error)
func \(UnimplementedSimpleGuardServiceServer\) GetKeyInfo¶
func (UnimplementedSimpleGuardServiceServer) GetKeyInfo(context.Context, *GetKeyInfoRequest) (*GetKeyInfoResponse, error)
func \(UnimplementedSimpleGuardServiceServer\) Init¶
func (UnimplementedSimpleGuardServiceServer) Init(context.Context, *InitRequest) (*InitResponse, error)
func \(UnimplementedSimpleGuardServiceServer\) LoadKey¶
func (UnimplementedSimpleGuardServiceServer) LoadKey(context.Context, *LoadKeyRequest) (*LoadKeyResponse, error)
func \(UnimplementedSimpleGuardServiceServer\) Sign¶
func (UnimplementedSimpleGuardServiceServer) Sign(context.Context, *SignRequest) (*SignResponse, error)
func \(UnimplementedSimpleGuardServiceServer\) SignAttached¶
func (UnimplementedSimpleGuardServiceServer) SignAttached(context.Context, *SignAttachedRequest) (*SignAttachedResponse, error)
func \(UnimplementedSimpleGuardServiceServer\) Verify¶
func (UnimplementedSimpleGuardServiceServer) Verify(context.Context, *VerifyRequest) (*VerifyResponse, error)
func \(UnimplementedSimpleGuardServiceServer\) VerifyAttached¶
func (UnimplementedSimpleGuardServiceServer) VerifyAttached(context.Context, *VerifyAttachedRequest) (*VerifyAttachedResponse, error)
type UnimplementedTrustStoreServiceServer¶
UnimplementedTrustStoreServiceServer must be embedded to have forward compatible implementations.
NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.
func \(UnimplementedTrustStoreServiceServer\) AddKey¶
func (UnimplementedTrustStoreServiceServer) AddKey(context.Context, *AddKeyRequest) (*AddKeyResponse, error)
func \(UnimplementedTrustStoreServiceServer\) Clear¶
func (UnimplementedTrustStoreServiceServer) Clear(context.Context, *ClearKeysRequest) (*ClearKeysResponse, error)
func \(UnimplementedTrustStoreServiceServer\) ExportToDirectory¶
func (UnimplementedTrustStoreServiceServer) ExportToDirectory(context.Context, *ExportToDirectoryRequest) (*ExportToDirectoryResponse, error)
func \(UnimplementedTrustStoreServiceServer\) GetKey¶
func (UnimplementedTrustStoreServiceServer) GetKey(context.Context, *GetKeyRequest) (*GetKeyResponse, error)
func \(UnimplementedTrustStoreServiceServer\) ImportFromDirectory¶
func (UnimplementedTrustStoreServiceServer) ImportFromDirectory(context.Context, *ImportFromDirectoryRequest) (*ImportFromDirectoryResponse, error)
func \(UnimplementedTrustStoreServiceServer\) IsTrusted¶
func (UnimplementedTrustStoreServiceServer) IsTrusted(context.Context, *IsTrustedRequest) (*IsTrustedResponse, error)
func \(UnimplementedTrustStoreServiceServer\) ListKeys¶
func (UnimplementedTrustStoreServiceServer) ListKeys(context.Context, *ListKeysRequest) (*ListKeysResponse, error)
func \(UnimplementedTrustStoreServiceServer\) RemoveKey¶
func (UnimplementedTrustStoreServiceServer) RemoveKey(context.Context, *RemoveKeyRequest) (*RemoveKeyResponse, error)
type UnrevokeRequest¶
Request to unrevoke
type UnrevokeRequest struct {
Subject string `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"`
// contains filtered or unexported fields
}
func \(\*UnrevokeRequest\) Descriptor¶
Deprecated: Use UnrevokeRequest.ProtoReflect.Descriptor instead.
func \(\*UnrevokeRequest\) GetSubject¶
func \(\*UnrevokeRequest\) ProtoMessage¶
func \(\*UnrevokeRequest\) ProtoReflect¶
func \(\*UnrevokeRequest\) Reset¶
func \(\*UnrevokeRequest\) String¶
type UnrevokeResponse¶
Response for unrevoke
type UnrevokeResponse struct {
WasRevoked bool `protobuf:"varint,1,opt,name=was_revoked,json=wasRevoked,proto3" json:"was_revoked,omitempty"`
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*UnrevokeResponse\) Descriptor¶
Deprecated: Use UnrevokeResponse.ProtoReflect.Descriptor instead.
func \(\*UnrevokeResponse\) GetErrorMessage¶
func \(\*UnrevokeResponse\) GetWasRevoked¶
func \(\*UnrevokeResponse\) ProtoMessage¶
func \(\*UnrevokeResponse\) ProtoReflect¶
func \(\*UnrevokeResponse\) Reset¶
func \(\*UnrevokeResponse\) String¶
type UnsafeBadgeServiceServer¶
UnsafeBadgeServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to BadgeServiceServer will result in compilation errors.
type UnsafeDIDServiceServer¶
UnsafeDIDServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to DIDServiceServer will result in compilation errors.
type UnsafeMCPServiceServer¶
UnsafeMCPServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to MCPServiceServer will result in compilation errors.
type UnsafeRegistryServiceServer¶
UnsafeRegistryServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to RegistryServiceServer will result in compilation errors.
type UnsafeRevocationServiceServer¶
UnsafeRevocationServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to RevocationServiceServer will result in compilation errors.
type UnsafeScoringServiceServer¶
UnsafeScoringServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to ScoringServiceServer will result in compilation errors.
type UnsafeSimpleGuardServiceServer¶
UnsafeSimpleGuardServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to SimpleGuardServiceServer will result in compilation errors.
type UnsafeTrustStoreServiceServer¶
UnsafeTrustStoreServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to TrustStoreServiceServer will result in compilation errors.
type UpdateAgentRequest¶
Update request
type UpdateAgentRequest struct {
Did string `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"`
AgentCardJson string `protobuf:"bytes,2,opt,name=agent_card_json,json=agentCardJson,proto3" json:"agent_card_json,omitempty"` // Optional: new agent card
SignedBadge string `protobuf:"bytes,3,opt,name=signed_badge,json=signedBadge,proto3" json:"signed_badge,omitempty"` // Optional: new badge
Tags []string `protobuf:"bytes,4,rep,name=tags,proto3" json:"tags,omitempty"` // Optional: new tags (replaces existing)
Metadata map[string]string `protobuf:"bytes,5,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` // Optional: new metadata (merges)
// contains filtered or unexported fields
}
func \(\*UpdateAgentRequest\) Descriptor¶
Deprecated: Use UpdateAgentRequest.ProtoReflect.Descriptor instead.
func \(\*UpdateAgentRequest\) GetAgentCardJson¶
func \(\*UpdateAgentRequest\) GetDid¶
func \(\*UpdateAgentRequest\) GetMetadata¶
func \(\*UpdateAgentRequest\) GetSignedBadge¶
func \(\*UpdateAgentRequest\) GetTags¶
func \(\*UpdateAgentRequest\) ProtoMessage¶
func \(\*UpdateAgentRequest\) ProtoReflect¶
func \(\*UpdateAgentRequest\) Reset¶
func \(\*UpdateAgentRequest\) String¶
type UpdateAgentResponse¶
Update response
type UpdateAgentResponse struct {
Agent *RegisteredAgent `protobuf:"bytes,1,opt,name=agent,proto3" json:"agent,omitempty"`
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*UpdateAgentResponse\) Descriptor¶
Deprecated: Use UpdateAgentResponse.ProtoReflect.Descriptor instead.
func \(\*UpdateAgentResponse\) GetAgent¶
func \(\*UpdateAgentResponse\) GetErrorMessage¶
func \(\*UpdateAgentResponse\) ProtoMessage¶
func \(\*UpdateAgentResponse\) ProtoReflect¶
func \(\*UpdateAgentResponse\) Reset¶
func \(\*UpdateAgentResponse\) String¶
type ValidateRuleRequest¶
Request to validate a single rule
type ValidateRuleRequest struct {
RuleId string `protobuf:"bytes,1,opt,name=rule_id,json=ruleId,proto3" json:"rule_id,omitempty"`
AgentCardJson string `protobuf:"bytes,2,opt,name=agent_card_json,json=agentCardJson,proto3" json:"agent_card_json,omitempty"`
// contains filtered or unexported fields
}
func \(\*ValidateRuleRequest\) Descriptor¶
Deprecated: Use ValidateRuleRequest.ProtoReflect.Descriptor instead.
func \(\*ValidateRuleRequest\) GetAgentCardJson¶
func \(\*ValidateRuleRequest\) GetRuleId¶
func \(\*ValidateRuleRequest\) ProtoMessage¶
func \(\*ValidateRuleRequest\) ProtoReflect¶
func \(\*ValidateRuleRequest\) Reset¶
func \(\*ValidateRuleRequest\) String¶
type ValidateRuleResponse¶
Response for single rule validation
type ValidateRuleResponse struct {
Result *RuleResult `protobuf:"bytes,1,opt,name=result,proto3" json:"result,omitempty"`
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*ValidateRuleResponse\) Descriptor¶
Deprecated: Use ValidateRuleResponse.ProtoReflect.Descriptor instead.
func \(\*ValidateRuleResponse\) GetErrorMessage¶
func \(\*ValidateRuleResponse\) GetResult¶
func \(\*ValidateRuleResponse\) ProtoMessage¶
func \(\*ValidateRuleResponse\) ProtoReflect¶
func \(\*ValidateRuleResponse\) Reset¶
func \(\*ValidateRuleResponse\) String¶
type ValidationIssue¶
A single validation issue
type ValidationIssue struct {
Field string `protobuf:"bytes,1,opt,name=field,proto3" json:"field,omitempty"`
Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
Severity ValidationSeverity `protobuf:"varint,3,opt,name=severity,proto3,enum=capiscio.v1.ValidationSeverity" json:"severity,omitempty"`
Code string `protobuf:"bytes,4,opt,name=code,proto3" json:"code,omitempty"`
Details string `protobuf:"bytes,5,opt,name=details,proto3" json:"details,omitempty"`
// contains filtered or unexported fields
}
func \(\*ValidationIssue\) Descriptor¶
Deprecated: Use ValidationIssue.ProtoReflect.Descriptor instead.
func \(\*ValidationIssue\) GetCode¶
func \(\*ValidationIssue\) GetDetails¶
func \(\*ValidationIssue\) GetField¶
func \(\*ValidationIssue\) GetMessage¶
func \(\*ValidationIssue\) GetSeverity¶
func \(\*ValidationIssue\) ProtoMessage¶
func \(\*ValidationIssue\) ProtoReflect¶
func \(\*ValidationIssue\) Reset¶
func \(\*ValidationIssue\) String¶
type ValidationResult¶
Generic validation result
type ValidationResult struct {
Valid bool `protobuf:"varint,1,opt,name=valid,proto3" json:"valid,omitempty"`
Issues []*ValidationIssue `protobuf:"bytes,2,rep,name=issues,proto3" json:"issues,omitempty"`
ValidatedAt string `protobuf:"bytes,3,opt,name=validated_at,json=validatedAt,proto3" json:"validated_at,omitempty"`
// contains filtered or unexported fields
}
func \(\*ValidationResult\) Descriptor¶
Deprecated: Use ValidationResult.ProtoReflect.Descriptor instead.
func \(\*ValidationResult\) GetIssues¶
func \(\*ValidationResult\) GetValid¶
func \(\*ValidationResult\) GetValidatedAt¶
func \(\*ValidationResult\) ProtoMessage¶
func \(\*ValidationResult\) ProtoReflect¶
func \(\*ValidationResult\) Reset¶
func \(\*ValidationResult\) String¶
type ValidationSeverity¶
Validation severity levels
const (
ValidationSeverity_VALIDATION_SEVERITY_UNSPECIFIED ValidationSeverity = 0
ValidationSeverity_VALIDATION_SEVERITY_INFO ValidationSeverity = 1
ValidationSeverity_VALIDATION_SEVERITY_WARNING ValidationSeverity = 2
ValidationSeverity_VALIDATION_SEVERITY_ERROR ValidationSeverity = 3
)
func \(ValidationSeverity\) Descriptor¶
func \(ValidationSeverity\) Enum¶
func \(ValidationSeverity\) EnumDescriptor¶
Deprecated: Use ValidationSeverity.Descriptor instead.
func \(ValidationSeverity\) Number¶
func \(ValidationSeverity\) String¶
func \(ValidationSeverity\) Type¶
type VerifyAttachedRequest¶
Request to verify attached
type VerifyAttachedRequest struct {
Jws string `protobuf:"bytes,1,opt,name=jws,proto3" json:"jws,omitempty"`
DetachedPayload []byte `protobuf:"bytes,2,opt,name=detached_payload,json=detachedPayload,proto3" json:"detached_payload,omitempty"` // If payload was detached
ExpectedSigner string `protobuf:"bytes,3,opt,name=expected_signer,json=expectedSigner,proto3" json:"expected_signer,omitempty"`
// contains filtered or unexported fields
}
func \(\*VerifyAttachedRequest\) Descriptor¶
Deprecated: Use VerifyAttachedRequest.ProtoReflect.Descriptor instead.
func \(\*VerifyAttachedRequest\) GetDetachedPayload¶
func \(\*VerifyAttachedRequest\) GetExpectedSigner¶
func \(\*VerifyAttachedRequest\) GetJws¶
func \(\*VerifyAttachedRequest\) ProtoMessage¶
func \(\*VerifyAttachedRequest\) ProtoReflect¶
func \(\*VerifyAttachedRequest\) Reset¶
func \(\*VerifyAttachedRequest\) String¶
type VerifyAttachedResponse¶
Response for attached verification
type VerifyAttachedResponse struct {
Valid bool `protobuf:"varint,1,opt,name=valid,proto3" json:"valid,omitempty"`
Payload []byte `protobuf:"bytes,2,opt,name=payload,proto3" json:"payload,omitempty"` // Extracted payload
SignerDid string `protobuf:"bytes,3,opt,name=signer_did,json=signerDid,proto3" json:"signer_did,omitempty"`
KeyId string `protobuf:"bytes,4,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
Validation *ValidationResult `protobuf:"bytes,5,opt,name=validation,proto3" json:"validation,omitempty"`
ErrorMessage string `protobuf:"bytes,6,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*VerifyAttachedResponse\) Descriptor¶
Deprecated: Use VerifyAttachedResponse.ProtoReflect.Descriptor instead.
func \(\*VerifyAttachedResponse\) GetErrorMessage¶
func \(\*VerifyAttachedResponse\) GetKeyId¶
func \(\*VerifyAttachedResponse\) GetPayload¶
func \(\*VerifyAttachedResponse\) GetSignerDid¶
func \(\*VerifyAttachedResponse\) GetValid¶
func \(\*VerifyAttachedResponse\) GetValidation¶
func \(\*VerifyAttachedResponse\) ProtoMessage¶
func \(\*VerifyAttachedResponse\) ProtoReflect¶
func \(\*VerifyAttachedResponse\) Reset¶
func \(\*VerifyAttachedResponse\) String¶
type VerifyBadgeRequest¶
Request to verify a badge
type VerifyBadgeRequest struct {
Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
// Public key in JWK format (JSON string) - optional if JWKS URL used
PublicKeyJwk string `protobuf:"bytes,2,opt,name=public_key_jwk,json=publicKeyJwk,proto3" json:"public_key_jwk,omitempty"`
// contains filtered or unexported fields
}
func \(\*VerifyBadgeRequest\) Descriptor¶
Deprecated: Use VerifyBadgeRequest.ProtoReflect.Descriptor instead.
func \(\*VerifyBadgeRequest\) GetPublicKeyJwk¶
func \(\*VerifyBadgeRequest\) GetToken¶
func \(\*VerifyBadgeRequest\) ProtoMessage¶
func \(\*VerifyBadgeRequest\) ProtoReflect¶
func \(\*VerifyBadgeRequest\) Reset¶
func \(\*VerifyBadgeRequest\) String¶
type VerifyBadgeResponse¶
Badge verification result
type VerifyBadgeResponse struct {
Valid bool `protobuf:"varint,1,opt,name=valid,proto3" json:"valid,omitempty"`
Claims *BadgeClaims `protobuf:"bytes,2,opt,name=claims,proto3" json:"claims,omitempty"`
ModeUsed VerifyMode `protobuf:"varint,3,opt,name=mode_used,json=modeUsed,proto3,enum=capiscio.v1.VerifyMode" json:"mode_used,omitempty"`
Warnings []string `protobuf:"bytes,4,rep,name=warnings,proto3" json:"warnings,omitempty"`
ErrorCode string `protobuf:"bytes,5,opt,name=error_code,json=errorCode,proto3" json:"error_code,omitempty"`
ErrorMessage string `protobuf:"bytes,6,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*VerifyBadgeResponse\) Descriptor¶
Deprecated: Use VerifyBadgeResponse.ProtoReflect.Descriptor instead.
func \(\*VerifyBadgeResponse\) GetClaims¶
func \(\*VerifyBadgeResponse\) GetErrorCode¶
func \(\*VerifyBadgeResponse\) GetErrorMessage¶
func \(\*VerifyBadgeResponse\) GetModeUsed¶
func \(\*VerifyBadgeResponse\) GetValid¶
func \(\*VerifyBadgeResponse\) GetWarnings¶
func \(\*VerifyBadgeResponse\) ProtoMessage¶
func \(\*VerifyBadgeResponse\) ProtoReflect¶
func \(\*VerifyBadgeResponse\) Reset¶
func \(\*VerifyBadgeResponse\) String¶
type VerifyBadgeWithOptionsRequest¶
Request to verify with options
type VerifyBadgeWithOptionsRequest struct {
Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
Options *VerifyOptions `protobuf:"bytes,2,opt,name=options,proto3" json:"options,omitempty"`
// contains filtered or unexported fields
}
func \(\*VerifyBadgeWithOptionsRequest\) Descriptor¶
Deprecated: Use VerifyBadgeWithOptionsRequest.ProtoReflect.Descriptor instead.
func \(\*VerifyBadgeWithOptionsRequest\) GetOptions¶
func \(\*VerifyBadgeWithOptionsRequest\) GetToken¶
func \(\*VerifyBadgeWithOptionsRequest\) ProtoMessage¶
func \(\*VerifyBadgeWithOptionsRequest\) ProtoReflect¶
func \(\*VerifyBadgeWithOptionsRequest\) Reset¶
func \(\*VerifyBadgeWithOptionsRequest\) String¶
type VerifyMode¶
Verification mode
const (
VerifyMode_VERIFY_MODE_UNSPECIFIED VerifyMode = 0
VerifyMode_VERIFY_MODE_OFFLINE VerifyMode = 1 // Local verification only
VerifyMode_VERIFY_MODE_ONLINE VerifyMode = 2 // Full online checks
VerifyMode_VERIFY_MODE_HYBRID VerifyMode = 3 // Online if cache stale
)
func \(VerifyMode\) Descriptor¶
func \(VerifyMode\) Enum¶
func \(VerifyMode\) EnumDescriptor¶
Deprecated: Use VerifyMode.Descriptor instead.
func \(VerifyMode\) Number¶
func \(VerifyMode\) String¶
func \(VerifyMode\) Type¶
type VerifyOptions¶
Options for badge verification
type VerifyOptions struct {
Mode VerifyMode `protobuf:"varint,1,opt,name=mode,proto3,enum=capiscio.v1.VerifyMode" json:"mode,omitempty"`
TrustedIssuers []string `protobuf:"bytes,2,rep,name=trusted_issuers,json=trustedIssuers,proto3" json:"trusted_issuers,omitempty"`
Audience string `protobuf:"bytes,3,opt,name=audience,proto3" json:"audience,omitempty"`
SkipRevocation bool `protobuf:"varint,4,opt,name=skip_revocation,json=skipRevocation,proto3" json:"skip_revocation,omitempty"`
SkipAgentStatus bool `protobuf:"varint,5,opt,name=skip_agent_status,json=skipAgentStatus,proto3" json:"skip_agent_status,omitempty"`
ClockToleranceSeconds int64 `protobuf:"varint,6,opt,name=clock_tolerance_seconds,json=clockToleranceSeconds,proto3" json:"clock_tolerance_seconds,omitempty"`
RegistryUrl string `protobuf:"bytes,7,opt,name=registry_url,json=registryUrl,proto3" json:"registry_url,omitempty"`
AcceptSelfSigned bool `protobuf:"varint,8,opt,name=accept_self_signed,json=acceptSelfSigned,proto3" json:"accept_self_signed,omitempty"` // Accept Level 0 did:key badges
// RFC-002 v1.3 ยง7.5: Staleness fail-closed behavior
FailOpen bool `protobuf:"varint,9,opt,name=fail_open,json=failOpen,proto3" json:"fail_open,omitempty"` // If true, allow verification when cache is stale (default: false)
StaleThresholdSeconds int64 `protobuf:"varint,10,opt,name=stale_threshold_seconds,json=staleThresholdSeconds,proto3" json:"stale_threshold_seconds,omitempty"` // Max staleness before fail-closed (default: 300 = 5 min)
// contains filtered or unexported fields
}
func \(\*VerifyOptions\) Descriptor¶
Deprecated: Use VerifyOptions.ProtoReflect.Descriptor instead.
func \(\*VerifyOptions\) GetAcceptSelfSigned¶
func \(\*VerifyOptions\) GetAudience¶
func \(\*VerifyOptions\) GetClockToleranceSeconds¶
func \(\*VerifyOptions\) GetFailOpen¶
func \(\*VerifyOptions\) GetMode¶
func \(\*VerifyOptions\) GetRegistryUrl¶
func \(\*VerifyOptions\) GetSkipAgentStatus¶
func \(\*VerifyOptions\) GetSkipRevocation¶
func \(\*VerifyOptions\) GetStaleThresholdSeconds¶
func \(\*VerifyOptions\) GetTrustedIssuers¶
func \(\*VerifyOptions\) ProtoMessage¶
func \(\*VerifyOptions\) ProtoReflect¶
func \(\*VerifyOptions\) Reset¶
func \(\*VerifyOptions\) String¶
type VerifyRegistrationRequest¶
Verify registration request
type VerifyRegistrationRequest struct {
Did string `protobuf:"bytes,1,opt,name=did,proto3" json:"did,omitempty"`
VerifyBadge bool `protobuf:"varint,2,opt,name=verify_badge,json=verifyBadge,proto3" json:"verify_badge,omitempty"`
VerifyKeys bool `protobuf:"varint,3,opt,name=verify_keys,json=verifyKeys,proto3" json:"verify_keys,omitempty"`
// contains filtered or unexported fields
}
func \(\*VerifyRegistrationRequest\) Descriptor¶
Deprecated: Use VerifyRegistrationRequest.ProtoReflect.Descriptor instead.
func \(\*VerifyRegistrationRequest\) GetDid¶
func \(\*VerifyRegistrationRequest\) GetVerifyBadge¶
func \(\*VerifyRegistrationRequest\) GetVerifyKeys¶
func \(\*VerifyRegistrationRequest\) ProtoMessage¶
func \(\*VerifyRegistrationRequest\) ProtoReflect¶
func \(\*VerifyRegistrationRequest\) Reset¶
func \(\*VerifyRegistrationRequest\) String¶
type VerifyRegistrationResponse¶
Verify registration response
type VerifyRegistrationResponse struct {
IsRegistered bool `protobuf:"varint,1,opt,name=is_registered,json=isRegistered,proto3" json:"is_registered,omitempty"`
BadgeValid bool `protobuf:"varint,2,opt,name=badge_valid,json=badgeValid,proto3" json:"badge_valid,omitempty"`
KeysValid bool `protobuf:"varint,3,opt,name=keys_valid,json=keysValid,proto3" json:"keys_valid,omitempty"`
Validation *ValidationResult `protobuf:"bytes,4,opt,name=validation,proto3" json:"validation,omitempty"`
ErrorMessage string `protobuf:"bytes,5,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*VerifyRegistrationResponse\) Descriptor¶
Deprecated: Use VerifyRegistrationResponse.ProtoReflect.Descriptor instead.
func \(\*VerifyRegistrationResponse\) GetBadgeValid¶
func \(\*VerifyRegistrationResponse\) GetErrorMessage¶
func \(\*VerifyRegistrationResponse\) GetIsRegistered¶
func \(\*VerifyRegistrationResponse\) GetKeysValid¶
func \(\*VerifyRegistrationResponse\) GetValidation¶
func \(\*VerifyRegistrationResponse\) ProtoMessage¶
func \(\*VerifyRegistrationResponse\) ProtoReflect¶
func \(\*VerifyRegistrationResponse\) Reset¶
func \(\*VerifyRegistrationResponse\) String¶
type VerifyRequest¶
Request to verify
type VerifyRequest struct {
Payload []byte `protobuf:"bytes,1,opt,name=payload,proto3" json:"payload,omitempty"`
Signature []byte `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
SignatureString string `protobuf:"bytes,3,opt,name=signature_string,json=signatureString,proto3" json:"signature_string,omitempty"` // Alternative to bytes
ExpectedSigner string `protobuf:"bytes,4,opt,name=expected_signer,json=expectedSigner,proto3" json:"expected_signer,omitempty"` // Optional: expected signer DID
// contains filtered or unexported fields
}
func \(\*VerifyRequest\) Descriptor¶
Deprecated: Use VerifyRequest.ProtoReflect.Descriptor instead.
func \(\*VerifyRequest\) GetExpectedSigner¶
func \(\*VerifyRequest\) GetPayload¶
func \(\*VerifyRequest\) GetSignature¶
func \(\*VerifyRequest\) GetSignatureString¶
func \(\*VerifyRequest\) ProtoMessage¶
func \(\*VerifyRequest\) ProtoReflect¶
func \(\*VerifyRequest\) Reset¶
func \(\*VerifyRequest\) String¶
type VerifyResponse¶
Response for verification
type VerifyResponse struct {
Valid bool `protobuf:"varint,1,opt,name=valid,proto3" json:"valid,omitempty"`
SignerDid string `protobuf:"bytes,2,opt,name=signer_did,json=signerDid,proto3" json:"signer_did,omitempty"` // Extracted signer DID
KeyId string `protobuf:"bytes,3,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` // Key used for verification
Validation *ValidationResult `protobuf:"bytes,4,opt,name=validation,proto3" json:"validation,omitempty"`
ErrorMessage string `protobuf:"bytes,5,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// contains filtered or unexported fields
}
func \(\*VerifyResponse\) Descriptor¶
Deprecated: Use VerifyResponse.ProtoReflect.Descriptor instead.
func \(\*VerifyResponse\) GetErrorMessage¶
func \(\*VerifyResponse\) GetKeyId¶
func \(\*VerifyResponse\) GetSignerDid¶
func \(\*VerifyResponse\) GetValid¶
func \(\*VerifyResponse\) GetValidation¶
func \(\*VerifyResponse\) ProtoMessage¶
func \(\*VerifyResponse\) ProtoReflect¶
func \(\*VerifyResponse\) Reset¶
func \(\*VerifyResponse\) String¶
type VerifyServerIdentityRequest¶
Request to verify server identity
type VerifyServerIdentityRequest struct {
// Disclosed server DID
ServerDid string `protobuf:"bytes,1,opt,name=server_did,json=serverDid,proto3" json:"server_did,omitempty"`
// Server trust badge (JWS), optional
ServerBadge string `protobuf:"bytes,2,opt,name=server_badge,json=serverBadge,proto3" json:"server_badge,omitempty"`
// HTTP origin for origin binding (empty for stdio)
TransportOrigin string `protobuf:"bytes,3,opt,name=transport_origin,json=transportOrigin,proto3" json:"transport_origin,omitempty"`
// URL path for did:web path binding
EndpointPath string `protobuf:"bytes,4,opt,name=endpoint_path,json=endpointPath,proto3" json:"endpoint_path,omitempty"`
// Verification configuration
Config *MCPVerifyConfig `protobuf:"bytes,5,opt,name=config,proto3" json:"config,omitempty"`
// contains filtered or unexported fields
}
func \(\*VerifyServerIdentityRequest\) Descriptor¶
Deprecated: Use VerifyServerIdentityRequest.ProtoReflect.Descriptor instead.
func \(\*VerifyServerIdentityRequest\) GetConfig¶
func \(\*VerifyServerIdentityRequest\) GetEndpointPath¶
func \(\*VerifyServerIdentityRequest\) GetServerBadge¶
func \(\*VerifyServerIdentityRequest\) GetServerDid¶
func \(\*VerifyServerIdentityRequest\) GetTransportOrigin¶
func \(\*VerifyServerIdentityRequest\) ProtoMessage¶
func \(\*VerifyServerIdentityRequest\) ProtoReflect¶
func \(\*VerifyServerIdentityRequest\) Reset¶
func \(\*VerifyServerIdentityRequest\) String¶
type VerifyServerIdentityResponse¶
Response from server identity verification
type VerifyServerIdentityResponse struct {
// Server classification state (RFC-007 ยง5.2)
State MCPServerState `protobuf:"varint,1,opt,name=state,proto3,enum=capiscio.v1.MCPServerState" json:"state,omitempty"`
// Trust level (only set for VERIFIED_PRINCIPAL)
TrustLevel int32 `protobuf:"varint,2,opt,name=trust_level,json=trustLevel,proto3" json:"trust_level,omitempty"`
// Confirmed server DID
ServerDid string `protobuf:"bytes,3,opt,name=server_did,json=serverDid,proto3" json:"server_did,omitempty"`
// Badge ID if present
BadgeJti string `protobuf:"bytes,4,opt,name=badge_jti,json=badgeJti,proto3" json:"badge_jti,omitempty"`
// Error code (only set on verification failure)
ErrorCode MCPServerErrorCode `protobuf:"varint,5,opt,name=error_code,json=errorCode,proto3,enum=capiscio.v1.MCPServerErrorCode" json:"error_code,omitempty"`
// Human-readable error detail
ErrorDetail string `protobuf:"bytes,6,opt,name=error_detail,json=errorDetail,proto3" json:"error_detail,omitempty"`
// contains filtered or unexported fields
}
func \(\*VerifyServerIdentityResponse\) Descriptor¶
Deprecated: Use VerifyServerIdentityResponse.ProtoReflect.Descriptor instead.
func \(\*VerifyServerIdentityResponse\) GetBadgeJti¶
func \(\*VerifyServerIdentityResponse\) GetErrorCode¶
func \(\*VerifyServerIdentityResponse\) GetErrorDetail¶
func \(\*VerifyServerIdentityResponse\) GetServerDid¶
func \(\*VerifyServerIdentityResponse\) GetState¶
func \(\*VerifyServerIdentityResponse\) GetTrustLevel¶
func \(\*VerifyServerIdentityResponse\) ProtoMessage¶
func \(\*VerifyServerIdentityResponse\) ProtoReflect¶
func \(\*VerifyServerIdentityResponse\) Reset¶
func \(\*VerifyServerIdentityResponse\) String¶
Generated by gomarkdoc