refactor: re-gen protos

Signed-off-by: Christian Stewart <christian@aperture.us>

Author: paralin

.protoc-manifest.json

@@ -77,8 +77,8 @@ func (a *EnvelopeArgs) BuildCommands() []*cli.Command {
 			Flags:  a.BuildFlags(),
 		},
 		{
-			Name:  "unseal",
-			Usage: "unseal an envelope using the given private keys",
+			Name:   "unseal",
+			Usage:  "unseal an envelope using the given private keys",
 			Action: a.RunUnseal,
 			Flags: append(a.BuildFlags(), &cli.BoolFlag{
 				Name:  "info",
@@ -99,7 +99,7 @@ func (a *EnvelopeArgs) readInput() ([]byte, error) {
 // writeOutput writes output to the specified path or stdout.
 func (a *EnvelopeArgs) writeOutput(data []byte) error {
 	if a.OutputPath != "" {
-		return os.WriteFile(a.OutputPath, data, 0600)
+		return os.WriteFile(a.OutputPath, data, 0o600)
 	}
 	_, err := os.Stdout.Write(data)
 	return err

cli/envelope.go

@@ -0,0 +1,10 @@
+// @generated
+// This file is @generated by prost-build.
+/// Config configures the API.
+#[derive(Clone, Copy, PartialEq, Eq, Hash, ::prost::Message)]
+pub struct Config {
+    /// BusConfig configures the bus api.
+    #[prost(message, optional, tag="1")]
+    pub bus_config: ::core::option::Option<super::super::bus::api::Config>,
+}
+// @@protoc_insertion_point(module)

daemon/api/api.pb.go

@@ -0,0 +1,20 @@
+// @generated
+// This file is @generated by prost-build.
+/// Config configures the API.
+#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
+pub struct Config {
+    /// ListenAddr is the address to listen on for connections.
+    #[prost(string, tag="1")]
+    pub listen_addr: ::prost::alloc::string::String,
+    /// ApiConfig are api config options.
+    #[prost(message, optional, tag="2")]
+    pub api_config: ::core::option::Option<super::Config>,
+    /// DisableBusApi disables the bus api.
+    #[prost(bool, tag="3")]
+    pub disable_bus_api: bool,
+    /// BusApiConfig are controller-bus bus api config options.
+    /// BusApiConfig are options for controller bus api.
+    #[prost(message, optional, tag="4")]
+    pub bus_api_config: ::core::option::Option<super::super::super::bus::api::Config>,
+}
+// @@protoc_insertion_point(module)

daemon/api/api.pb.rs

@@ -0,0 +1,7 @@
+// @generated
+// This file is @generated by prost-build.
+/// Config is the config object for the entitygraph repoter.
+#[derive(Clone, Copy, PartialEq, Eq, Hash, ::prost::Message)]
+pub struct Config {
+}
+// @@protoc_insertion_point(module)

daemon/api/controller/controller.pb.go

@@ -0,0 +1,130 @@
+// @generated
+// This file is @generated by prost-build.
+/// Envelope contains an encrypted message unlockable via secret sharing.
+///
+/// The message is encrypted with a key derived from a Ristretto255 scalar.
+/// The scalar is split into shares distributed across Grants.
+/// At least threshold+1 shares are needed to reconstruct the scalar.
+#[derive(Clone, PartialEq, ::prost::Message)]
+pub struct Envelope {
+    /// EnvelopeId is the unique identifier of the envelope.
+    /// If empty when building, generated from hash of secret + context.
+    #[prost(string, tag="1")]
+    pub envelope_id: ::prost::alloc::string::String,
+    /// ContextHash is the BLAKE3 hash of the context string.
+    /// Used to verify the envelope matches the expected application context.
+    #[prost(bytes="vec", tag="2")]
+    pub context_hash: ::prost::alloc::vec::Vec<u8>,
+    /// Threshold is the CIRCL threshold parameter.
+    /// Recovery requires threshold+1 shares.
+    /// If zero, any single share suffices (no secret splitting).
+    #[prost(uint32, tag="3")]
+    pub threshold: u32,
+    /// Ciphertext is the encrypted payload.
+    /// Encrypted with XChaCha20-Poly1305 using a key derived from the scalar.
+    #[prost(bytes="vec", tag="4")]
+    pub ciphertext: ::prost::alloc::vec::Vec<u8>,
+    /// Grants is the list of encrypted share bundles.
+    #[prost(message, repeated, tag="5")]
+    pub grants: ::prost::alloc::vec::Vec<EnvelopeGrant>,
+    /// Keypairs is the list of public keys used to encrypt grants.
+    #[prost(message, repeated, tag="6")]
+    pub keypairs: ::prost::alloc::vec::Vec<EnvelopeKeypair>,
+    /// Contents is an optional plaintext description of what the envelope contains.
+    /// Application-specific; not used in the unlock process.
+    #[prost(bytes="vec", tag="7")]
+    pub contents: ::prost::alloc::vec::Vec<u8>,
+}
+/// EnvelopeGrant is an encrypted bundle of shares.
+/// The grant ciphertext contains a marshaled EnvelopeGrantInner.
+/// Encrypted to one or more keypairs in the Envelope keypairs list.
+#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
+pub struct EnvelopeGrant {
+    /// KeypairIndexes lists which keypairs can decrypt this grant.
+    /// Each value is an index into the Envelope.keypairs list.
+    #[prost(uint32, repeated, tag="1")]
+    pub keypair_indexes: ::prost::alloc::vec::Vec<u32>,
+    /// Ciphertexts contains the encrypted EnvelopeGrantInner.
+    /// One ciphertext per keypair index, in the same order.
+    /// Each encrypted with peer.EncryptToPubKey to the corresponding keypair.
+    #[prost(bytes="vec", repeated, tag="2")]
+    pub ciphertexts: ::prost::alloc::vec::Vec<::prost::alloc::vec::Vec<u8>>,
+}
+/// EnvelopeGrantInner is the decrypted contents of a grant.
+#[derive(Clone, PartialEq, ::prost::Message)]
+pub struct EnvelopeGrantInner {
+    /// Shares is the list of Shamir shares in this grant.
+    #[prost(message, repeated, tag="1")]
+    pub shares: ::prost::alloc::vec::Vec<EnvelopeShare>,
+}
+/// EnvelopeShare is a single Shamir share (Ristretto255 scalar pair).
+#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
+pub struct EnvelopeShare {
+    /// Id is the share identifier (marshaled Ristretto255 scalar, 32 bytes).
+    #[prost(bytes="vec", tag="1")]
+    pub id: ::prost::alloc::vec::Vec<u8>,
+    /// Value is the share value (marshaled Ristretto255 scalar, 32 bytes).
+    #[prost(bytes="vec", tag="2")]
+    pub value: ::prost::alloc::vec::Vec<u8>,
+}
+/// EnvelopeKeypair is a public key entry in the envelope.
+#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
+pub struct EnvelopeKeypair {
+    /// PubKey is the marshaled public key in PEM format (via bifrost/keypem).
+    #[prost(bytes="vec", tag="1")]
+    pub pub_key: ::prost::alloc::vec::Vec<u8>,
+    /// AuthMethodId is an optional identifier for the auth method.
+    /// Application-specific hint for how to derive the private key.
+    #[prost(string, tag="2")]
+    pub auth_method_id: ::prost::alloc::string::String,
+    /// AuthMethodParams is optional parameters for the auth method.
+    #[prost(bytes="vec", tag="3")]
+    pub auth_method_params: ::prost::alloc::vec::Vec<u8>,
+}
+/// EnvelopeConfig is the configuration for building an envelope.
+#[derive(Clone, PartialEq, ::prost::Message)]
+pub struct EnvelopeConfig {
+    /// EnvelopeId is the unique identifier. If empty, auto-generated.
+    #[prost(string, tag="1")]
+    pub envelope_id: ::prost::alloc::string::String,
+    /// Threshold is the CIRCL threshold parameter (need threshold+1 shares).
+    /// If zero, any single share suffices.
+    #[prost(uint32, tag="2")]
+    pub threshold: u32,
+    /// TotalShares is the total number of shares to create.
+    /// If zero, defaults to sum of shares across all grant configs.
+    #[prost(uint32, tag="3")]
+    pub total_shares: u32,
+    /// GrantConfigs defines how shares are distributed across grants.
+    #[prost(message, repeated, tag="4")]
+    pub grant_configs: ::prost::alloc::vec::Vec<EnvelopeGrantConfig>,
+}
+/// EnvelopeGrantConfig configures a single grant in the envelope.
+#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
+pub struct EnvelopeGrantConfig {
+    /// ShareCount is the number of shares to include in this grant.
+    /// If zero, defaults to 1.
+    #[prost(uint32, tag="1")]
+    pub share_count: u32,
+    /// KeypairIndexes lists which keypairs can decrypt this grant.
+    /// Indexes into the keypairs list provided to BuildEnvelope.
+    #[prost(uint32, repeated, tag="2")]
+    pub keypair_indexes: ::prost::alloc::vec::Vec<u32>,
+}
+/// EnvelopeUnlockResult is the result of attempting to unlock an envelope.
+#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
+pub struct EnvelopeUnlockResult {
+    /// Success indicates whether the envelope was fully unlocked.
+    #[prost(bool, tag="1")]
+    pub success: bool,
+    /// SharesAvailable is the number of shares recovered from grants.
+    #[prost(uint32, tag="2")]
+    pub shares_available: u32,
+    /// SharesNeeded is the number of shares needed (threshold+1).
+    #[prost(uint32, tag="3")]
+    pub shares_needed: u32,
+    /// UnlockedGrantIndexes lists which grants were successfully decrypted.
+    #[prost(uint32, repeated, tag="4")]
+    pub unlocked_grant_indexes: ::prost::alloc::vec::Vec<u32>,
+}
+// @@protoc_insertion_point(module)