From 8cb66ffe3982d4fa53f1266f622c049482fbeb83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eric=20Meadows-J=C3=B6nsson?= Date: Thu, 21 May 2026 01:23:58 +0200 Subject: [PATCH 1/9] Add Policy resource support to registry and repo modules Generates hex_pb_policy.erl from the new policy.proto in specifications. hex_registry gains encode_policy/decode_policy/ build_policy/unpack_policy; hex_repo gains get_policy/2 for fetching /repos//policies/. Round-trip and HTTP fixture tests cover signed payload verification, repository/name mismatch errors, and the no_verify path. --- proto/hex_pb_policy.proto | 47 ++ src/hex_pb_policy.erl | 812 +++++++++++++++++++++++++++++++++ src/hex_registry.erl | 33 ++ src/hex_repo.erl | 31 ++ test/hex_registry_SUITE.erl | 32 +- test/hex_repo_SUITE.erl | 17 + test/support/hex_http_test.erl | 19 + 7 files changed, 990 insertions(+), 1 deletion(-) create mode 100644 proto/hex_pb_policy.proto create mode 100644 src/hex_pb_policy.erl diff --git a/proto/hex_pb_policy.proto b/proto/hex_pb_policy.proto new file mode 100644 index 0000000..46c5a05 --- /dev/null +++ b/proto/hex_pb_policy.proto @@ -0,0 +1,47 @@ +syntax = "proto2"; + +message Policy { + // Name of repository + required string repository = 1; + + // Policy name within the repository + // (matches ^[a-z0-9][a-z0-9_\-\.]*[a-z0-9]$, length 3..64) + required string name = 2; + + // Optional, free-form description (admin-set, surfaced in CLI/UI) + optional string description = 3; + + // Resource generation timestamp, seconds since unix epoch. + // Clients use this to compute staleness when a fetch fails and the + // last-known-good cached payload is loaded instead. + required int64 published_at = 4; + + // Whether the policy is publicly readable or restricted to org members. + // Read at the edge to decide whether to enforce auth on the fetch. + // Adding new Visibility values is a breaking change — old clients will + // treat unknown values as PRIVATE per the fail-closed rule. + required Visibility visibility = 5; + + // Categorical advisory rule. If set, deny any release whose maximum + // advisory severity is at least this value. Values map to AdvisorySeverity + // in package.proto (SEVERITY_NONE..SEVERITY_CRITICAL = 0..4). + // Unset = rule disabled. + optional uint32 advisory_min_severity = 6; + + // Categorical retirement rule. If non-empty, deny any release retired with + // a reason in this set. Values map to RetirementReason in package.proto + // (RETIRED_OTHER..RETIRED_RENAMED = 0..4). Empty = rule disabled. + repeated uint32 retirement_reasons = 7 [packed=true]; + + // Optional minimum release age for every package version governed by this + // policy. Same duration grammar as the Hex cooldown config ("7d", "2w", + // "1mo", "0"). Unset or "0" means no policy cooldown. If multiple active + // policies declare cooldowns, the effective cooldown is the strictest one. + optional string cooldown = 8; +} + +enum Visibility { + // PRIVATE is the safe default; unknown enum values must be treated as PRIVATE. + VISIBILITY_PRIVATE = 0; + VISIBILITY_PUBLIC = 1; +} diff --git a/src/hex_pb_policy.erl b/src/hex_pb_policy.erl new file mode 100644 index 0000000..af52a05 --- /dev/null +++ b/src/hex_pb_policy.erl @@ -0,0 +1,812 @@ +%% -*- coding: utf-8 -*- +%% % this file is @generated +%% @private +%% Automatically generated, do not edit +%% Generated by gpb_compile version 4.21.1 +%% Version source: file +-module(hex_pb_policy). + +-export([encode_msg/2, encode_msg/3]). +-export([decode_msg/2, decode_msg/3]). +-export([merge_msgs/3, merge_msgs/4]). +-export([verify_msg/2, verify_msg/3]). +-export([get_msg_defs/0]). +-export([get_msg_names/0]). +-export([get_group_names/0]). +-export([get_msg_or_group_names/0]). +-export([get_enum_names/0]). +-export([find_msg_def/1, fetch_msg_def/1]). +-export([find_enum_def/1, fetch_enum_def/1]). +-export([enum_symbol_by_value/2, enum_value_by_symbol/2]). +-export([enum_symbol_by_value_Visibility/1, enum_value_by_symbol_Visibility/1]). +-export([get_service_names/0]). +-export([get_service_def/1]). +-export([get_rpc_names/1]). +-export([find_rpc_def/2, fetch_rpc_def/2]). +-export([fqbin_to_service_name/1]). +-export([service_name_to_fqbin/1]). +-export([fqbins_to_service_and_rpc_name/2]). +-export([service_and_rpc_name_to_fqbins/2]). +-export([fqbin_to_msg_name/1]). +-export([msg_name_to_fqbin/1]). +-export([fqbin_to_enum_name/1]). +-export([enum_name_to_fqbin/1]). +-export([get_package_name/0]). +-export([uses_packages/0]). +-export([source_basename/0]). +-export([get_all_source_basenames/0]). +-export([get_all_proto_names/0]). +-export([get_msg_containment/1]). +-export([get_pkg_containment/1]). +-export([get_service_containment/1]). +-export([get_rpc_containment/1]). +-export([get_enum_containment/1]). +-export([get_proto_by_msg_name_as_fqbin/1]). +-export([get_proto_by_service_name_as_fqbin/1]). +-export([get_proto_by_enum_name_as_fqbin/1]). +-export([get_protos_by_pkg_name_as_fqbin/1]). +-export([gpb_version_as_string/0, gpb_version_as_list/0]). +-export([gpb_version_source/0]). + + +%% enumerated types +-type 'Visibility'() :: 'VISIBILITY_PRIVATE' | 'VISIBILITY_PUBLIC'. +-export_type(['Visibility'/0]). + +%% message types +-type 'Policy'() :: + #{repository => unicode:chardata(), % = 1, required + name => unicode:chardata(), % = 2, required + description => unicode:chardata(), % = 3, optional + published_at => integer(), % = 4, required, 64 bits + visibility => 'VISIBILITY_PRIVATE' | 'VISIBILITY_PUBLIC' | integer(), % = 5, required, enum Visibility + advisory_min_severity => non_neg_integer(), % = 6, optional, 32 bits + retirement_reasons => [non_neg_integer()], % = 7, repeated, 32 bits + cooldown => unicode:chardata() % = 8, optional + }. + +-export_type(['Policy'/0]). +-type '$msg_name'() :: 'Policy'. +-type '$msg'() :: 'Policy'(). +-export_type(['$msg_name'/0, '$msg'/0]). + +-spec encode_msg('$msg'(), '$msg_name'()) -> binary(). +encode_msg(Msg, MsgName) when is_atom(MsgName) -> encode_msg(Msg, MsgName, []). + +-spec encode_msg('$msg'(), '$msg_name'(), list()) -> binary(). +encode_msg(Msg, MsgName, Opts) -> + verify_msg(Msg, MsgName, Opts), + TrUserData = proplists:get_value(user_data, Opts), + case MsgName of 'Policy' -> encode_msg_Policy(id(Msg, TrUserData), TrUserData) end. + + +encode_msg_Policy(Msg, TrUserData) -> encode_msg_Policy(Msg, <<>>, TrUserData). + + +encode_msg_Policy(#{repository := F1, name := F2, published_at := F4, visibility := F5} = M, Bin, TrUserData) -> + B1 = begin TrF1 = id(F1, TrUserData), e_type_string(TrF1, <>, TrUserData) end, + B2 = begin TrF2 = id(F2, TrUserData), e_type_string(TrF2, <>, TrUserData) end, + B3 = case M of + #{description := F3} -> begin TrF3 = id(F3, TrUserData), e_type_string(TrF3, <>, TrUserData) end; + _ -> B2 + end, + B4 = begin TrF4 = id(F4, TrUserData), e_type_int64(TrF4, <>, TrUserData) end, + B5 = begin TrF5 = id(F5, TrUserData), e_enum_Visibility(TrF5, <>, TrUserData) end, + B6 = case M of + #{advisory_min_severity := F6} -> begin TrF6 = id(F6, TrUserData), e_varint(TrF6, <>, TrUserData) end; + _ -> B5 + end, + B7 = case M of + #{retirement_reasons := F7} -> + TrF7 = id(F7, TrUserData), + if TrF7 == [] -> B6; + true -> e_field_Policy_retirement_reasons(TrF7, B6, TrUserData) + end; + _ -> B6 + end, + case M of + #{cooldown := F8} -> begin TrF8 = id(F8, TrUserData), e_type_string(TrF8, <>, TrUserData) end; + _ -> B7 + end. + +e_field_Policy_retirement_reasons(Elems, Bin, TrUserData) when Elems =/= [] -> + SubBin = e_pfield_Policy_retirement_reasons(Elems, <<>>, TrUserData), + Bin2 = <>, + Bin3 = e_varint(byte_size(SubBin), Bin2), + <>; +e_field_Policy_retirement_reasons([], Bin, _TrUserData) -> Bin. + +e_pfield_Policy_retirement_reasons([Value | Rest], Bin, TrUserData) -> + Bin2 = e_varint(id(Value, TrUserData), Bin, TrUserData), + e_pfield_Policy_retirement_reasons(Rest, Bin2, TrUserData); +e_pfield_Policy_retirement_reasons([], Bin, _TrUserData) -> Bin. + +e_enum_Visibility('VISIBILITY_PRIVATE', Bin, _TrUserData) -> <>; +e_enum_Visibility('VISIBILITY_PUBLIC', Bin, _TrUserData) -> <>; +e_enum_Visibility(V, Bin, _TrUserData) -> e_varint(V, Bin). + +-compile({nowarn_unused_function,e_type_sint/3}). +e_type_sint(Value, Bin, _TrUserData) when Value >= 0 -> e_varint(Value * 2, Bin); +e_type_sint(Value, Bin, _TrUserData) -> e_varint(Value * -2 - 1, Bin). + +-compile({nowarn_unused_function,e_type_int32/3}). +e_type_int32(Value, Bin, _TrUserData) when 0 =< Value, Value =< 127 -> <>; +e_type_int32(Value, Bin, _TrUserData) -> + <> = <>, + e_varint(N, Bin). + +-compile({nowarn_unused_function,e_type_int64/3}). +e_type_int64(Value, Bin, _TrUserData) when 0 =< Value, Value =< 127 -> <>; +e_type_int64(Value, Bin, _TrUserData) -> + <> = <>, + e_varint(N, Bin). + +-compile({nowarn_unused_function,e_type_bool/3}). +e_type_bool(true, Bin, _TrUserData) -> <>; +e_type_bool(false, Bin, _TrUserData) -> <>; +e_type_bool(1, Bin, _TrUserData) -> <>; +e_type_bool(0, Bin, _TrUserData) -> <>. + +-compile({nowarn_unused_function,e_type_string/3}). +e_type_string(S, Bin, _TrUserData) -> + Utf8 = unicode:characters_to_binary(S), + Bin2 = e_varint(byte_size(Utf8), Bin), + <>. + +-compile({nowarn_unused_function,e_type_bytes/3}). +e_type_bytes(Bytes, Bin, _TrUserData) when is_binary(Bytes) -> + Bin2 = e_varint(byte_size(Bytes), Bin), + <>; +e_type_bytes(Bytes, Bin, _TrUserData) when is_list(Bytes) -> + BytesBin = iolist_to_binary(Bytes), + Bin2 = e_varint(byte_size(BytesBin), Bin), + <>. + +-compile({nowarn_unused_function,e_type_fixed32/3}). +e_type_fixed32(Value, Bin, _TrUserData) -> <>. + +-compile({nowarn_unused_function,e_type_sfixed32/3}). +e_type_sfixed32(Value, Bin, _TrUserData) -> <>. + +-compile({nowarn_unused_function,e_type_fixed64/3}). +e_type_fixed64(Value, Bin, _TrUserData) -> <>. + +-compile({nowarn_unused_function,e_type_sfixed64/3}). +e_type_sfixed64(Value, Bin, _TrUserData) -> <>. + +-compile({nowarn_unused_function,e_type_float/3}). +e_type_float(V, Bin, _) when is_number(V) -> <>; +e_type_float(infinity, Bin, _) -> <>; +e_type_float('-infinity', Bin, _) -> <>; +e_type_float(nan, Bin, _) -> <>. + +-compile({nowarn_unused_function,e_type_double/3}). +e_type_double(V, Bin, _) when is_number(V) -> <>; +e_type_double(infinity, Bin, _) -> <>; +e_type_double('-infinity', Bin, _) -> <>; +e_type_double(nan, Bin, _) -> <>. + +-compile({nowarn_unused_function,e_unknown_elems/2}). +e_unknown_elems([Elem | Rest], Bin) -> + BinR = case Elem of + {varint, FNum, N} -> + BinF = e_varint(FNum bsl 3, Bin), + e_varint(N, BinF); + {length_delimited, FNum, Data} -> + BinF = e_varint(FNum bsl 3 bor 2, Bin), + BinL = e_varint(byte_size(Data), BinF), + <>; + {group, FNum, GroupFields} -> + Bin1 = e_varint(FNum bsl 3 bor 3, Bin), + Bin2 = e_unknown_elems(GroupFields, Bin1), + e_varint(FNum bsl 3 bor 4, Bin2); + {fixed32, FNum, V} -> + BinF = e_varint(FNum bsl 3 bor 5, Bin), + <>; + {fixed64, FNum, V} -> + BinF = e_varint(FNum bsl 3 bor 1, Bin), + <> + end, + e_unknown_elems(Rest, BinR); +e_unknown_elems([], Bin) -> Bin. + +-compile({nowarn_unused_function,e_varint/3}). +e_varint(N, Bin, _TrUserData) -> e_varint(N, Bin). + +-compile({nowarn_unused_function,e_varint/2}). +e_varint(N, Bin) when N =< 127 -> <>; +e_varint(N, Bin) -> + Bin2 = <>, + e_varint(N bsr 7, Bin2). + + +decode_msg(Bin, MsgName) when is_binary(Bin) -> decode_msg(Bin, MsgName, []). + +decode_msg(Bin, MsgName, Opts) when is_binary(Bin) -> + TrUserData = proplists:get_value(user_data, Opts), + decode_msg_1_catch(Bin, MsgName, TrUserData). + +-ifdef('OTP_RELEASE'). +decode_msg_1_catch(Bin, MsgName, TrUserData) -> + try decode_msg_2_doit(MsgName, Bin, TrUserData) + catch + error:{gpb_error,_}=Reason:StackTrace -> + erlang:raise(error, Reason, StackTrace); + Class:Reason:StackTrace -> error({gpb_error,{decoding_failure, {Bin, MsgName, {Class, Reason, StackTrace}}}}) + end. +-else. +decode_msg_1_catch(Bin, MsgName, TrUserData) -> + try decode_msg_2_doit(MsgName, Bin, TrUserData) + catch + error:{gpb_error,_}=Reason -> + erlang:raise(error, Reason, + erlang:get_stacktrace()); + Class:Reason -> + StackTrace = erlang:get_stacktrace(), + error({gpb_error,{decoding_failure, {Bin, MsgName, {Class, Reason, StackTrace}}}}) + end. +-endif. + +decode_msg_2_doit('Policy', Bin, TrUserData) -> id(decode_msg_Policy(Bin, TrUserData), TrUserData). + + + +decode_msg_Policy(Bin, TrUserData) -> + dfp_read_field_def_Policy(Bin, + 0, + 0, + 0, + id('$undef', TrUserData), + id('$undef', TrUserData), + id('$undef', TrUserData), + id('$undef', TrUserData), + id('$undef', TrUserData), + id('$undef', TrUserData), + id([], TrUserData), + id('$undef', TrUserData), + TrUserData). + +dfp_read_field_def_Policy(<<10, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_field_Policy_repository(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +dfp_read_field_def_Policy(<<18, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_field_Policy_name(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +dfp_read_field_def_Policy(<<26, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_field_Policy_description(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +dfp_read_field_def_Policy(<<32, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_field_Policy_published_at(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +dfp_read_field_def_Policy(<<40, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_field_Policy_visibility(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +dfp_read_field_def_Policy(<<48, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_field_Policy_advisory_min_severity(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +dfp_read_field_def_Policy(<<58, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_pfield_Policy_retirement_reasons(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +dfp_read_field_def_Policy(<<56, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_field_Policy_retirement_reasons(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +dfp_read_field_def_Policy(<<66, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_field_Policy_cooldown(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +dfp_read_field_def_Policy(<<>>, 0, 0, _, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, R1, F@_8, TrUserData) -> + S1 = #{repository => F@_1, name => F@_2, published_at => F@_4, visibility => F@_5, retirement_reasons => lists_reverse(R1, TrUserData)}, + S2 = if F@_3 == '$undef' -> S1; + true -> S1#{description => F@_3} + end, + S3 = if F@_6 == '$undef' -> S2; + true -> S2#{advisory_min_severity => F@_6} + end, + if F@_8 == '$undef' -> S3; + true -> S3#{cooldown => F@_8} + end; +dfp_read_field_def_Policy(Other, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> dg_read_field_def_Policy(Other, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). + +dg_read_field_def_Policy(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 32 - 7 -> + dg_read_field_def_Policy(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +dg_read_field_def_Policy(<<0:1, X:7, Rest/binary>>, N, Acc, _, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> + Key = X bsl N + Acc, + case Key of + 10 -> d_field_Policy_repository(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); + 18 -> d_field_Policy_name(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); + 26 -> d_field_Policy_description(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); + 32 -> d_field_Policy_published_at(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); + 40 -> d_field_Policy_visibility(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); + 48 -> d_field_Policy_advisory_min_severity(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); + 58 -> d_pfield_Policy_retirement_reasons(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); + 56 -> d_field_Policy_retirement_reasons(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); + 66 -> d_field_Policy_cooldown(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); + _ -> + case Key band 7 of + 0 -> skip_varint_Policy(Rest, 0, 0, Key bsr 3, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); + 1 -> skip_64_Policy(Rest, 0, 0, Key bsr 3, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); + 2 -> skip_length_delimited_Policy(Rest, 0, 0, Key bsr 3, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); + 3 -> skip_group_Policy(Rest, 0, 0, Key bsr 3, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); + 5 -> skip_32_Policy(Rest, 0, 0, Key bsr 3, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) + end + end; +dg_read_field_def_Policy(<<>>, 0, 0, _, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, R1, F@_8, TrUserData) -> + S1 = #{repository => F@_1, name => F@_2, published_at => F@_4, visibility => F@_5, retirement_reasons => lists_reverse(R1, TrUserData)}, + S2 = if F@_3 == '$undef' -> S1; + true -> S1#{description => F@_3} + end, + S3 = if F@_6 == '$undef' -> S2; + true -> S2#{advisory_min_severity => F@_6} + end, + if F@_8 == '$undef' -> S3; + true -> S3#{cooldown => F@_8} + end. + +d_field_Policy_repository(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> + d_field_Policy_repository(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +d_field_Policy_repository(<<0:1, X:7, Rest/binary>>, N, Acc, F, _, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> + {NewFValue, RestF} = begin Len = X bsl N + Acc, <> = Rest, Bytes2 = binary:copy(Bytes), {id(Bytes2, TrUserData), Rest2} end, + dfp_read_field_def_Policy(RestF, 0, 0, F, NewFValue, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). + +d_field_Policy_name(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> d_field_Policy_name(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +d_field_Policy_name(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, _, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> + {NewFValue, RestF} = begin Len = X bsl N + Acc, <> = Rest, Bytes2 = binary:copy(Bytes), {id(Bytes2, TrUserData), Rest2} end, + dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, NewFValue, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). + +d_field_Policy_description(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> + d_field_Policy_description(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +d_field_Policy_description(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, _, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> + {NewFValue, RestF} = begin Len = X bsl N + Acc, <> = Rest, Bytes2 = binary:copy(Bytes), {id(Bytes2, TrUserData), Rest2} end, + dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, F@_2, NewFValue, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). + +d_field_Policy_published_at(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> + d_field_Policy_published_at(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +d_field_Policy_published_at(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, _, F@_5, F@_6, F@_7, F@_8, TrUserData) -> + {NewFValue, RestF} = {begin <> = <<(X bsl N + Acc):64/unsigned-native>>, id(Res, TrUserData) end, Rest}, + dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, F@_2, F@_3, NewFValue, F@_5, F@_6, F@_7, F@_8, TrUserData). + +d_field_Policy_visibility(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> + d_field_Policy_visibility(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +d_field_Policy_visibility(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, _, F@_6, F@_7, F@_8, TrUserData) -> + {NewFValue, RestF} = {id(d_enum_Visibility(begin <> = <<(X bsl N + Acc):32/unsigned-native>>, id(Res, TrUserData) end), TrUserData), Rest}, + dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, F@_2, F@_3, F@_4, NewFValue, F@_6, F@_7, F@_8, TrUserData). + +d_field_Policy_advisory_min_severity(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> + d_field_Policy_advisory_min_severity(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +d_field_Policy_advisory_min_severity(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, _, F@_7, F@_8, TrUserData) -> + {NewFValue, RestF} = {id((X bsl N + Acc) band 4294967295, TrUserData), Rest}, + dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, F@_2, F@_3, F@_4, F@_5, NewFValue, F@_7, F@_8, TrUserData). + +d_field_Policy_retirement_reasons(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> + d_field_Policy_retirement_reasons(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +d_field_Policy_retirement_reasons(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, Prev, F@_8, TrUserData) -> + {NewFValue, RestF} = {id((X bsl N + Acc) band 4294967295, TrUserData), Rest}, + dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, cons(NewFValue, Prev, TrUserData), F@_8, TrUserData). + +d_pfield_Policy_retirement_reasons(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> + d_pfield_Policy_retirement_reasons(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +d_pfield_Policy_retirement_reasons(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, E, F@_8, TrUserData) -> + Len = X bsl N + Acc, + <> = Rest, + NewSeq = d_packed_field_Policy_retirement_reasons(PackedBytes, 0, 0, F, E, TrUserData), + dfp_read_field_def_Policy(Rest2, 0, 0, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, NewSeq, F@_8, TrUserData). + +d_packed_field_Policy_retirement_reasons(<<1:1, X:7, Rest/binary>>, N, Acc, F, AccSeq, TrUserData) when N < 57 -> d_packed_field_Policy_retirement_reasons(Rest, N + 7, X bsl N + Acc, F, AccSeq, TrUserData); +d_packed_field_Policy_retirement_reasons(<<0:1, X:7, Rest/binary>>, N, Acc, F, AccSeq, TrUserData) -> + {NewFValue, RestF} = {id((X bsl N + Acc) band 4294967295, TrUserData), Rest}, + d_packed_field_Policy_retirement_reasons(RestF, 0, 0, F, [NewFValue | AccSeq], TrUserData); +d_packed_field_Policy_retirement_reasons(<<>>, 0, 0, _, AccSeq, _) -> AccSeq. + +d_field_Policy_cooldown(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> + d_field_Policy_cooldown(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +d_field_Policy_cooldown(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, _, TrUserData) -> + {NewFValue, RestF} = begin Len = X bsl N + Acc, <> = Rest, Bytes2 = binary:copy(Bytes), {id(Bytes2, TrUserData), Rest2} end, + dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, NewFValue, TrUserData). + +skip_varint_Policy(<<1:1, _:7, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> skip_varint_Policy(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +skip_varint_Policy(<<0:1, _:7, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> dfp_read_field_def_Policy(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). + +skip_length_delimited_Policy(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> + skip_length_delimited_Policy(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); +skip_length_delimited_Policy(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> + Length = X bsl N + Acc, + <<_:Length/binary, Rest2/binary>> = Rest, + dfp_read_field_def_Policy(Rest2, 0, 0, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). + +skip_group_Policy(Bin, _, Z2, FNum, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> + {_, Rest} = read_group(Bin, FNum), + dfp_read_field_def_Policy(Rest, 0, Z2, FNum, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). + +skip_32_Policy(<<_:32, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> dfp_read_field_def_Policy(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). + +skip_64_Policy(<<_:64, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> dfp_read_field_def_Policy(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). + +d_enum_Visibility(0) -> 'VISIBILITY_PRIVATE'; +d_enum_Visibility(1) -> 'VISIBILITY_PUBLIC'; +d_enum_Visibility(V) -> V. + +read_group(Bin, FieldNum) -> + {NumBytes, EndTagLen} = read_gr_b(Bin, 0, 0, 0, 0, FieldNum), + <> = Bin, + {Group, Rest}. + +%% Like skipping over fields, but record the total length, +%% Each field is <(FieldNum bsl 3) bor FieldType> ++ +%% Record the length because varints may be non-optimally encoded. +%% +%% Groups can be nested, but assume the same FieldNum cannot be nested +%% because group field numbers are shared with the rest of the fields +%% numbers. Thus we can search just for an group-end with the same +%% field number. +%% +%% (The only time the same group field number could occur would +%% be in a nested sub message, but then it would be inside a +%% length-delimited entry, which we skip-read by length.) +read_gr_b(<<1:1, X:7, Tl/binary>>, N, Acc, NumBytes, TagLen, FieldNum) + when N < (32-7) -> + read_gr_b(Tl, N+7, X bsl N + Acc, NumBytes, TagLen+1, FieldNum); +read_gr_b(<<0:1, X:7, Tl/binary>>, N, Acc, NumBytes, TagLen, + FieldNum) -> + Key = X bsl N + Acc, + TagLen1 = TagLen + 1, + case {Key bsr 3, Key band 7} of + {FieldNum, 4} -> % 4 = group_end + {NumBytes, TagLen1}; + {_, 0} -> % 0 = varint + read_gr_vi(Tl, 0, NumBytes + TagLen1, FieldNum); + {_, 1} -> % 1 = bits64 + <<_:64, Tl2/binary>> = Tl, + read_gr_b(Tl2, 0, 0, NumBytes + TagLen1 + 8, 0, FieldNum); + {_, 2} -> % 2 = length_delimited + read_gr_ld(Tl, 0, 0, NumBytes + TagLen1, FieldNum); + {_, 3} -> % 3 = group_start + read_gr_b(Tl, 0, 0, NumBytes + TagLen1, 0, FieldNum); + {_, 4} -> % 4 = group_end + read_gr_b(Tl, 0, 0, NumBytes + TagLen1, 0, FieldNum); + {_, 5} -> % 5 = bits32 + <<_:32, Tl2/binary>> = Tl, + read_gr_b(Tl2, 0, 0, NumBytes + TagLen1 + 4, 0, FieldNum) + end. + +read_gr_vi(<<1:1, _:7, Tl/binary>>, N, NumBytes, FieldNum) + when N < (64-7) -> + read_gr_vi(Tl, N+7, NumBytes+1, FieldNum); +read_gr_vi(<<0:1, _:7, Tl/binary>>, _, NumBytes, FieldNum) -> + read_gr_b(Tl, 0, 0, NumBytes+1, 0, FieldNum). + +read_gr_ld(<<1:1, X:7, Tl/binary>>, N, Acc, NumBytes, FieldNum) + when N < (64-7) -> + read_gr_ld(Tl, N+7, X bsl N + Acc, NumBytes+1, FieldNum); +read_gr_ld(<<0:1, X:7, Tl/binary>>, N, Acc, NumBytes, FieldNum) -> + Len = X bsl N + Acc, + NumBytes1 = NumBytes + 1, + <<_:Len/binary, Tl2/binary>> = Tl, + read_gr_b(Tl2, 0, 0, NumBytes1 + Len, 0, FieldNum). + +merge_msgs(Prev, New, MsgName) when is_atom(MsgName) -> merge_msgs(Prev, New, MsgName, []). + +merge_msgs(Prev, New, MsgName, Opts) -> + TrUserData = proplists:get_value(user_data, Opts), + case MsgName of 'Policy' -> merge_msg_Policy(Prev, New, TrUserData) end. + +-compile({nowarn_unused_function,merge_msg_Policy/3}). +merge_msg_Policy(#{} = PMsg, #{repository := NFrepository, name := NFname, published_at := NFpublished_at, visibility := NFvisibility} = NMsg, TrUserData) -> + S1 = #{repository => NFrepository, name => NFname, published_at => NFpublished_at, visibility => NFvisibility}, + S2 = case {PMsg, NMsg} of + {_, #{description := NFdescription}} -> S1#{description => NFdescription}; + {#{description := PFdescription}, _} -> S1#{description => PFdescription}; + _ -> S1 + end, + S3 = case {PMsg, NMsg} of + {_, #{advisory_min_severity := NFadvisory_min_severity}} -> S2#{advisory_min_severity => NFadvisory_min_severity}; + {#{advisory_min_severity := PFadvisory_min_severity}, _} -> S2#{advisory_min_severity => PFadvisory_min_severity}; + _ -> S2 + end, + S4 = case {PMsg, NMsg} of + {#{retirement_reasons := PFretirement_reasons}, #{retirement_reasons := NFretirement_reasons}} -> S3#{retirement_reasons => 'erlang_++'(PFretirement_reasons, NFretirement_reasons, TrUserData)}; + {_, #{retirement_reasons := NFretirement_reasons}} -> S3#{retirement_reasons => NFretirement_reasons}; + {#{retirement_reasons := PFretirement_reasons}, _} -> S3#{retirement_reasons => PFretirement_reasons}; + {_, _} -> S3 + end, + case {PMsg, NMsg} of + {_, #{cooldown := NFcooldown}} -> S4#{cooldown => NFcooldown}; + {#{cooldown := PFcooldown}, _} -> S4#{cooldown => PFcooldown}; + _ -> S4 + end. + + +verify_msg(Msg, MsgName) when is_atom(MsgName) -> verify_msg(Msg, MsgName, []). + +verify_msg(Msg, MsgName, Opts) -> + TrUserData = proplists:get_value(user_data, Opts), + case MsgName of + 'Policy' -> v_msg_Policy(Msg, [MsgName], TrUserData); + _ -> mk_type_error(not_a_known_message, Msg, []) + end. + + +-compile({nowarn_unused_function,v_msg_Policy/3}). +v_msg_Policy(#{repository := F1, name := F2, published_at := F4, visibility := F5} = M, Path, TrUserData) -> + v_type_string(F1, [repository | Path], TrUserData), + v_type_string(F2, [name | Path], TrUserData), + case M of + #{description := F3} -> v_type_string(F3, [description | Path], TrUserData); + _ -> ok + end, + v_type_int64(F4, [published_at | Path], TrUserData), + v_enum_Visibility(F5, [visibility | Path], TrUserData), + case M of + #{advisory_min_severity := F6} -> v_type_uint32(F6, [advisory_min_severity | Path], TrUserData); + _ -> ok + end, + case M of + #{retirement_reasons := F7} -> + if is_list(F7) -> + _ = [v_type_uint32(Elem, [retirement_reasons | Path], TrUserData) || Elem <- F7], + ok; + true -> mk_type_error({invalid_list_of, uint32}, F7, [retirement_reasons | Path]) + end; + _ -> ok + end, + case M of + #{cooldown := F8} -> v_type_string(F8, [cooldown | Path], TrUserData); + _ -> ok + end, + lists:foreach(fun (repository) -> ok; + (name) -> ok; + (description) -> ok; + (published_at) -> ok; + (visibility) -> ok; + (advisory_min_severity) -> ok; + (retirement_reasons) -> ok; + (cooldown) -> ok; + (OtherKey) -> mk_type_error({extraneous_key, OtherKey}, M, Path) + end, + maps:keys(M)), + ok; +v_msg_Policy(M, Path, _TrUserData) when is_map(M) -> mk_type_error({missing_fields, [repository, name, published_at, visibility] -- maps:keys(M), 'Policy'}, M, Path); +v_msg_Policy(X, Path, _TrUserData) -> mk_type_error({expected_msg, 'Policy'}, X, Path). + +-compile({nowarn_unused_function,v_enum_Visibility/3}). +v_enum_Visibility('VISIBILITY_PRIVATE', _Path, _TrUserData) -> ok; +v_enum_Visibility('VISIBILITY_PUBLIC', _Path, _TrUserData) -> ok; +v_enum_Visibility(V, _Path, _TrUserData) when -2147483648 =< V, V =< 2147483647, is_integer(V) -> ok; +v_enum_Visibility(X, Path, _TrUserData) -> mk_type_error({invalid_enum, 'Visibility'}, X, Path). + +-compile({nowarn_unused_function,v_type_int64/3}). +v_type_int64(N, _Path, _TrUserData) when is_integer(N), -9223372036854775808 =< N, N =< 9223372036854775807 -> ok; +v_type_int64(N, Path, _TrUserData) when is_integer(N) -> mk_type_error({value_out_of_range, int64, signed, 64}, N, Path); +v_type_int64(X, Path, _TrUserData) -> mk_type_error({bad_integer, int64, signed, 64}, X, Path). + +-compile({nowarn_unused_function,v_type_uint32/3}). +v_type_uint32(N, _Path, _TrUserData) when is_integer(N), 0 =< N, N =< 4294967295 -> ok; +v_type_uint32(N, Path, _TrUserData) when is_integer(N) -> mk_type_error({value_out_of_range, uint32, unsigned, 32}, N, Path); +v_type_uint32(X, Path, _TrUserData) -> mk_type_error({bad_integer, uint32, unsigned, 32}, X, Path). + +-compile({nowarn_unused_function,v_type_string/3}). +v_type_string(S, Path, _TrUserData) when is_list(S); is_binary(S) -> + try unicode:characters_to_binary(S) of + B when is_binary(B) -> ok; + {error, _, _} -> mk_type_error(bad_unicode_string, S, Path) + catch + error:badarg -> mk_type_error(bad_unicode_string, S, Path) + end; +v_type_string(X, Path, _TrUserData) -> mk_type_error(bad_unicode_string, X, Path). + +-compile({nowarn_unused_function,mk_type_error/3}). +-spec mk_type_error(_, _, list()) -> no_return(). +mk_type_error(Error, ValueSeen, Path) -> + Path2 = prettify_path(Path), + erlang:error({gpb_type_error, {Error, [{value, ValueSeen}, {path, Path2}]}}). + + +-compile({nowarn_unused_function,prettify_path/1}). +prettify_path([]) -> top_level; +prettify_path(PathR) -> string:join(lists:map(fun atom_to_list/1, lists:reverse(PathR)), "."). + + +-compile({nowarn_unused_function,id/2}). +-compile({inline,id/2}). +id(X, _TrUserData) -> X. + +-compile({nowarn_unused_function,v_ok/3}). +-compile({inline,v_ok/3}). +v_ok(_Value, _Path, _TrUserData) -> ok. + +-compile({nowarn_unused_function,m_overwrite/3}). +-compile({inline,m_overwrite/3}). +m_overwrite(_Prev, New, _TrUserData) -> New. + +-compile({nowarn_unused_function,cons/3}). +-compile({inline,cons/3}). +cons(Elem, Acc, _TrUserData) -> [Elem | Acc]. + +-compile({nowarn_unused_function,lists_reverse/2}). +-compile({inline,lists_reverse/2}). +'lists_reverse'(L, _TrUserData) -> lists:reverse(L). +-compile({nowarn_unused_function,'erlang_++'/3}). +-compile({inline,'erlang_++'/3}). +'erlang_++'(A, B, _TrUserData) -> A ++ B. + + +get_msg_defs() -> + [{{enum, 'Visibility'}, [{'VISIBILITY_PRIVATE', 0}, {'VISIBILITY_PUBLIC', 1}]}, + {{msg, 'Policy'}, + [#{name => repository, fnum => 1, rnum => 2, type => string, occurrence => required, opts => []}, + #{name => name, fnum => 2, rnum => 3, type => string, occurrence => required, opts => []}, + #{name => description, fnum => 3, rnum => 4, type => string, occurrence => optional, opts => []}, + #{name => published_at, fnum => 4, rnum => 5, type => int64, occurrence => required, opts => []}, + #{name => visibility, fnum => 5, rnum => 6, type => {enum, 'Visibility'}, occurrence => required, opts => []}, + #{name => advisory_min_severity, fnum => 6, rnum => 7, type => uint32, occurrence => optional, opts => []}, + #{name => retirement_reasons, fnum => 7, rnum => 8, type => uint32, occurrence => repeated, opts => [packed]}, + #{name => cooldown, fnum => 8, rnum => 9, type => string, occurrence => optional, opts => []}]}]. + + +get_msg_names() -> ['Policy']. + + +get_group_names() -> []. + + +get_msg_or_group_names() -> ['Policy']. + + +get_enum_names() -> ['Visibility']. + + +fetch_msg_def(MsgName) -> + case find_msg_def(MsgName) of + Fs when is_list(Fs) -> Fs; + error -> erlang:error({no_such_msg, MsgName}) + end. + + +fetch_enum_def(EnumName) -> + case find_enum_def(EnumName) of + Es when is_list(Es) -> Es; + error -> erlang:error({no_such_enum, EnumName}) + end. + + +find_msg_def('Policy') -> + [#{name => repository, fnum => 1, rnum => 2, type => string, occurrence => required, opts => []}, + #{name => name, fnum => 2, rnum => 3, type => string, occurrence => required, opts => []}, + #{name => description, fnum => 3, rnum => 4, type => string, occurrence => optional, opts => []}, + #{name => published_at, fnum => 4, rnum => 5, type => int64, occurrence => required, opts => []}, + #{name => visibility, fnum => 5, rnum => 6, type => {enum, 'Visibility'}, occurrence => required, opts => []}, + #{name => advisory_min_severity, fnum => 6, rnum => 7, type => uint32, occurrence => optional, opts => []}, + #{name => retirement_reasons, fnum => 7, rnum => 8, type => uint32, occurrence => repeated, opts => [packed]}, + #{name => cooldown, fnum => 8, rnum => 9, type => string, occurrence => optional, opts => []}]; +find_msg_def(_) -> error. + + +find_enum_def('Visibility') -> [{'VISIBILITY_PRIVATE', 0}, {'VISIBILITY_PUBLIC', 1}]; +find_enum_def(_) -> error. + + +enum_symbol_by_value('Visibility', Value) -> enum_symbol_by_value_Visibility(Value). + + +enum_value_by_symbol('Visibility', Sym) -> enum_value_by_symbol_Visibility(Sym). + + +enum_symbol_by_value_Visibility(0) -> 'VISIBILITY_PRIVATE'; +enum_symbol_by_value_Visibility(1) -> 'VISIBILITY_PUBLIC'. + + +enum_value_by_symbol_Visibility('VISIBILITY_PRIVATE') -> 0; +enum_value_by_symbol_Visibility('VISIBILITY_PUBLIC') -> 1. + + +get_service_names() -> []. + + +get_service_def(_) -> error. + + +get_rpc_names(_) -> error. + + +find_rpc_def(_, _) -> error. + + + +-spec fetch_rpc_def(_, _) -> no_return(). +fetch_rpc_def(ServiceName, RpcName) -> erlang:error({no_such_rpc, ServiceName, RpcName}). + + +%% Convert a a fully qualified (ie with package name) service name +%% as a binary to a service name as an atom. +-spec fqbin_to_service_name(_) -> no_return(). +fqbin_to_service_name(X) -> error({gpb_error, {badservice, X}}). + + +%% Convert a service name as an atom to a fully qualified +%% (ie with package name) name as a binary. +-spec service_name_to_fqbin(_) -> no_return(). +service_name_to_fqbin(X) -> error({gpb_error, {badservice, X}}). + + +%% Convert a a fully qualified (ie with package name) service name +%% and an rpc name, both as binaries to a service name and an rpc +%% name, as atoms. +-spec fqbins_to_service_and_rpc_name(_, _) -> no_return(). +fqbins_to_service_and_rpc_name(S, R) -> error({gpb_error, {badservice_or_rpc, {S, R}}}). + + +%% Convert a service name and an rpc name, both as atoms, +%% to a fully qualified (ie with package name) service name and +%% an rpc name as binaries. +-spec service_and_rpc_name_to_fqbins(_, _) -> no_return(). +service_and_rpc_name_to_fqbins(S, R) -> error({gpb_error, {badservice_or_rpc, {S, R}}}). + + +fqbin_to_msg_name(<<"Policy">>) -> 'Policy'; +fqbin_to_msg_name(E) -> error({gpb_error, {badmsg, E}}). + + +msg_name_to_fqbin('Policy') -> <<"Policy">>; +msg_name_to_fqbin(E) -> error({gpb_error, {badmsg, E}}). + + +fqbin_to_enum_name(<<"Visibility">>) -> 'Visibility'; +fqbin_to_enum_name(E) -> error({gpb_error, {badenum, E}}). + + +enum_name_to_fqbin('Visibility') -> <<"Visibility">>; +enum_name_to_fqbin(E) -> error({gpb_error, {badenum, E}}). + + +get_package_name() -> undefined. + + +%% Whether or not the message names +%% are prepended with package name or not. +uses_packages() -> false. + + +source_basename() -> "hex_pb_policy.proto". + + +%% Retrieve all proto file names, also imported ones. +%% The order is top-down. The first element is always the main +%% source file. The files are returned with extension, +%% see get_all_proto_names/0 for a version that returns +%% the basenames sans extension +get_all_source_basenames() -> ["hex_pb_policy.proto"]. + + +%% Retrieve all proto file names, also imported ones. +%% The order is top-down. The first element is always the main +%% source file. The files are returned sans .proto extension, +%% to make it easier to use them with the various get_xyz_containment +%% functions. +get_all_proto_names() -> ["hex_pb_policy"]. + + +get_msg_containment("hex_pb_policy") -> ['Policy']; +get_msg_containment(P) -> error({gpb_error, {badproto, P}}). + + +get_pkg_containment("hex_pb_policy") -> undefined; +get_pkg_containment(P) -> error({gpb_error, {badproto, P}}). + + +get_service_containment("hex_pb_policy") -> []; +get_service_containment(P) -> error({gpb_error, {badproto, P}}). + + +get_rpc_containment("hex_pb_policy") -> []; +get_rpc_containment(P) -> error({gpb_error, {badproto, P}}). + + +get_enum_containment("hex_pb_policy") -> ['Visibility']; +get_enum_containment(P) -> error({gpb_error, {badproto, P}}). + + +get_proto_by_msg_name_as_fqbin(<<"Policy">>) -> "hex_pb_policy"; +get_proto_by_msg_name_as_fqbin(E) -> error({gpb_error, {badmsg, E}}). + + +-spec get_proto_by_service_name_as_fqbin(_) -> no_return(). +get_proto_by_service_name_as_fqbin(E) -> error({gpb_error, {badservice, E}}). + + +get_proto_by_enum_name_as_fqbin(<<"Visibility">>) -> "hex_pb_policy"; +get_proto_by_enum_name_as_fqbin(E) -> error({gpb_error, {badenum, E}}). + + +-spec get_protos_by_pkg_name_as_fqbin(_) -> no_return(). +get_protos_by_pkg_name_as_fqbin(E) -> error({gpb_error, {badpkg, E}}). + + + +gpb_version_as_string() -> + "4.21.1". + +gpb_version_as_list() -> + [4,21,1]. + +gpb_version_source() -> + "file". diff --git a/src/hex_registry.erl b/src/hex_registry.erl index 9bb9cb5..a16e9a6 100644 --- a/src/hex_registry.erl +++ b/src/hex_registry.erl @@ -14,6 +14,10 @@ decode_package/3, build_package/2, unpack_package/4, + encode_policy/1, + decode_policy/3, + build_policy/2, + unpack_policy/4, sign_protobuf/2, decode_signed/1, decode_and_verify_signed/2, @@ -116,6 +120,35 @@ decode_package(Payload, Repository, Package) -> {error, bad_repo_name} end. +%% @doc +%% Builds policy resource. +build_policy(Policy, PrivateKey) -> + Payload = encode_policy(Policy), + zlib:gzip(sign_protobuf(Payload, PrivateKey)). + +%% @doc +%% Unpacks policy resource. +unpack_policy(Payload, Repository, Name, PublicKey) -> + case decode_and_verify_signed(zlib:gunzip(Payload), PublicKey) of + {ok, Policy} -> decode_policy(Policy, Repository, Name); + Other -> Other + end. + +%% @private +encode_policy(Policy) -> + hex_pb_policy:encode_msg(Policy, 'Policy'). + +%% @private +decode_policy(Payload, no_verify, no_verify) -> + {ok, hex_pb_policy:decode_msg(Payload, 'Policy')}; +decode_policy(Payload, Repository, Name) -> + case hex_pb_policy:decode_msg(Payload, 'Policy') of + #{repository := Repository, name := Name} = Result -> + {ok, Result}; + _ -> + {error, bad_repo_name} + end. + %% @private sign_protobuf(Payload, PrivateKey) -> Signature = sign(Payload, PrivateKey), diff --git a/src/hex_repo.erl b/src/hex_repo.erl index f44f7f8..f62efad 100644 --- a/src/hex_repo.erl +++ b/src/hex_repo.erl @@ -5,6 +5,7 @@ get_names/1, get_versions/1, get_package/2, + get_policy/2, get_tarball/3, get_tarball_to_file/4, get_docs/3, @@ -88,6 +89,36 @@ get_package(Config, Name) when is_binary(Name) and is_map(Config) -> end, get_protobuf(Config, <<"packages/", Name/binary>>, Decoder). +%% @doc +%% Gets policy resource from the repository. +%% +%% Requires `repo_organization' to be set in the config; policies are +%% always served from the per-organization namespace +%% (`/repos//policies/'). +%% +%% Examples: +%% +%% ``` +%% > Config = (hex_core:default_config())#{repo_organization => <<"myorg">>}, +%% > hex_repo:get_policy(Config, <<"strict-prod">>). +%% {ok, {200, ..., +%% #{repository => <<"myorg">>, +%% name => <<"strict-prod">>, +%% visibility => 'VISIBILITY_PUBLIC', +%% advisory_min_severity => 3, +%% ...}}} +%% ''' +%% @end +get_policy(Config, Name) when is_binary(Name) and is_map(Config) -> + Verify = maps:get(repo_verify_origin, Config, true), + Decoder = fun(Data) -> + case Verify of + true -> hex_registry:decode_policy(Data, repo_name(Config), Name); + false -> hex_registry:decode_policy(Data, no_verify, no_verify) + end + end, + get_protobuf(Config, <<"policies/", Name/binary>>, Decoder). + %% @doc %% Gets tarball from the repository. %% diff --git a/test/hex_registry_SUITE.erl b/test/hex_registry_SUITE.erl index 2b1f580..163f086 100644 --- a/test/hex_registry_SUITE.erl +++ b/test/hex_registry_SUITE.erl @@ -10,7 +10,7 @@ suite() -> [{require, {ssl_certs, [test_pub, test_priv, hexpm_pub]}}]. all() -> - [names_test, versions_test, package_test, signed_test]. + [names_test, versions_test, package_test, policy_test, signed_test]. names_test(_Config) -> TestPublicKey = ct:get_config({ssl_certs, test_pub}), @@ -126,6 +126,36 @@ package_test(_Config) -> ), ok. +policy_test(_Config) -> + TestPublicKey = ct:get_config({ssl_certs, test_pub}), + TestPrivateKey = ct:get_config({ssl_certs, test_priv}), + Policy = #{ + repository => <<"myorg">>, + name => <<"strict-prod">>, + description => <<"Production policy">>, + published_at => 1716253200, + visibility => 'VISIBILITY_PUBLIC', + advisory_min_severity => 3, + retirement_reasons => [1, 2], + cooldown => <<"14d">> + }, + Payload = hex_registry:build_policy(Policy, TestPrivateKey), + ?assertMatch( + {ok, Policy}, + hex_registry:unpack_policy(Payload, <<"myorg">>, <<"strict-prod">>, TestPublicKey) + ), + ?assertMatch( + {error, bad_repo_name}, + hex_registry:unpack_policy(Payload, <<"other">>, <<"strict-prod">>, TestPublicKey) + ), + ?assertMatch( + {error, bad_repo_name}, + hex_registry:unpack_policy(Payload, <<"myorg">>, <<"other">>, TestPublicKey) + ), + EncodedPayload = hex_registry:encode_policy(Policy), + ?assertMatch({ok, Policy}, hex_registry:decode_policy(EncodedPayload, no_verify, no_verify)), + ok. + signed_test(_Config) -> TestPublicKey = ct:get_config({ssl_certs, test_pub}), TestPrivateKey = ct:get_config({ssl_certs, test_priv}), diff --git a/test/hex_repo_SUITE.erl b/test/hex_repo_SUITE.erl index 7838d6a..53c6325 100644 --- a/test/hex_repo_SUITE.erl +++ b/test/hex_repo_SUITE.erl @@ -23,6 +23,7 @@ all() -> get_names_test, get_versions_test, get_package_test, + get_policy_test, get_tarball_test, get_tarball_to_file_test, get_docs_test, @@ -60,6 +61,22 @@ get_package_test(_Config) -> {ok, {403, _, _}} = hex_repo:get_package(?CONFIG, <<"nonexisting">>), ok. +get_policy_test(_Config) -> + Config = maps:put(repo_organization, <<"myorg">>, ?CONFIG), + + {ok, + {200, _, #{ + repository := <<"myorg">>, + name := <<"strict-prod">>, + visibility := 'VISIBILITY_PUBLIC', + advisory_min_severity := 3, + retirement_reasons := [1, 2], + cooldown := <<"14d">> + }}} = hex_repo:get_policy(Config, <<"strict-prod">>), + + {ok, {403, _, _}} = hex_repo:get_policy(Config, <<"nonexisting">>), + ok. + get_tarball_test(_Config) -> {ok, {200, #{<<"etag">> := ETag}, Tarball}} = hex_repo:get_tarball( ?CONFIG, <<"ecto">>, <<"1.0.0">> diff --git a/test/support/hex_http_test.erl b/test/support/hex_http_test.erl index ecd6c1d..084c1ab 100644 --- a/test/support/hex_http_test.erl +++ b/test/support/hex_http_test.erl @@ -92,6 +92,25 @@ fixture(get, <>, _, _) -> }, {ok, {200, Headers, Compressed}}; +fixture(get, <>, _, _) -> + Policy = #{ + repository => <<"myorg">>, + name => <<"strict-prod">>, + description => <<"Production policy">>, + published_at => 1716253200, + visibility => 'VISIBILITY_PUBLIC', + advisory_min_severity => 3, + retirement_reasons => [1, 2], + cooldown => <<"14d">> + }, + Payload = hex_registry:encode_policy(Policy), + Signed = hex_registry:sign_protobuf(Payload, ?PRIVATE_KEY), + Compressed = zlib:gzip(Signed), + Headers = #{ + <<"etag">> => <<"\"dummy\"">> + }, + {ok, {200, Headers, Compressed}}; + fixture(get, <>, _, _) -> Headers = #{ <<"etag">> => <<"\"dummy\"">> From 69af1f50ea50224a654572bfe40f78a1eec656fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eric=20Meadows-J=C3=B6nsson?= Date: Thu, 21 May 2026 01:31:16 +0200 Subject: [PATCH 2/9] Require repo_organization in hex_repo:get_policy/2 Policies only exist per-organization, so calling get_policy/2 without repo_organization set was silently falling back to the global path and returning a misleading bad_repo_name. Raise a clear error instead. Extend tests to cover the new error path and the no_verify unpack path. --- src/hex_repo.erl | 28 +++++++++++++++++----------- test/hex_registry_SUITE.erl | 3 +++ test/hex_repo_SUITE.erl | 9 +++++++++ 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/src/hex_repo.erl b/src/hex_repo.erl index f62efad..b75b9c0 100644 --- a/src/hex_repo.erl +++ b/src/hex_repo.erl @@ -104,20 +104,26 @@ get_package(Config, Name) when is_binary(Name) and is_map(Config) -> %% {ok, {200, ..., %% #{repository => <<"myorg">>, %% name => <<"strict-prod">>, -%% visibility => 'VISIBILITY_PUBLIC', -%% advisory_min_severity => 3, -%% ...}}} +%% visibility => 'VISIBILITY_PUBLIC'}}} %% ''' %% @end get_policy(Config, Name) when is_binary(Name) and is_map(Config) -> - Verify = maps:get(repo_verify_origin, Config, true), - Decoder = fun(Data) -> - case Verify of - true -> hex_registry:decode_policy(Data, repo_name(Config), Name); - false -> hex_registry:decode_policy(Data, no_verify, no_verify) - end - end, - get_protobuf(Config, <<"policies/", Name/binary>>, Decoder). + case maps:get(repo_organization, Config, undefined) of + undefined -> + error( + {missing_repo_organization, + "hex_repo:get_policy/2 requires repo_organization to be set"} + ); + Org when is_binary(Org) -> + Verify = maps:get(repo_verify_origin, Config, true), + Decoder = fun(Data) -> + case Verify of + true -> hex_registry:decode_policy(Data, repo_name(Config), Name); + false -> hex_registry:decode_policy(Data, no_verify, no_verify) + end + end, + get_protobuf(Config, <<"policies/", Name/binary>>, Decoder) + end. %% @doc %% Gets tarball from the repository. diff --git a/test/hex_registry_SUITE.erl b/test/hex_registry_SUITE.erl index 163f086..8d4e502 100644 --- a/test/hex_registry_SUITE.erl +++ b/test/hex_registry_SUITE.erl @@ -154,6 +154,9 @@ policy_test(_Config) -> ), EncodedPayload = hex_registry:encode_policy(Policy), ?assertMatch({ok, Policy}, hex_registry:decode_policy(EncodedPayload, no_verify, no_verify)), + %% unpack with no_verify identity (still verifies signature) + {ok, _} = + hex_registry:unpack_policy(Payload, no_verify, no_verify, TestPublicKey), ok. signed_test(_Config) -> diff --git a/test/hex_repo_SUITE.erl b/test/hex_repo_SUITE.erl index 53c6325..a7bf04b 100644 --- a/test/hex_repo_SUITE.erl +++ b/test/hex_repo_SUITE.erl @@ -24,6 +24,7 @@ all() -> get_versions_test, get_package_test, get_policy_test, + get_policy_missing_org_test, get_tarball_test, get_tarball_to_file_test, get_docs_test, @@ -77,6 +78,14 @@ get_policy_test(_Config) -> {ok, {403, _, _}} = hex_repo:get_policy(Config, <<"nonexisting">>), ok. +get_policy_missing_org_test(_Config) -> + Config = maps:remove(repo_organization, ?CONFIG), + ?assertError( + {missing_repo_organization, _}, + hex_repo:get_policy(Config, <<"strict-prod">>) + ), + ok. + get_tarball_test(_Config) -> {ok, {200, #{<<"etag">> := ETag}, Tarball}} = hex_repo:get_tarball( ?CONFIG, <<"ecto">>, <<"1.0.0">> From 93374f4f42ae5281845e820f51c839002c53e1f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eric=20Meadows-J=C3=B6nsson?= Date: Fri, 22 May 2026 17:03:58 +0200 Subject: [PATCH 3/9] Tighten Policy decoders and missing-org error idiom decode_policy/3 now matches published_at as a shape witness, matching the pattern that decode_package/3 (releases) and decode_names/2 / decode_versions/2 (packages) use to detect corrupt or mis-routed payloads. get_policy/2 returns {error, missing_repo_organization} when repo_organization is unset, matching the tagged-tuple error idiom the rest of the module uses. The embedded English string and the ad-hoc error/1 raise are dropped. --- src/hex_registry.erl | 2 +- src/hex_repo.erl | 5 +---- test/hex_registry_SUITE.erl | 2 +- test/hex_repo_SUITE.erl | 5 +---- 4 files changed, 4 insertions(+), 10 deletions(-) diff --git a/src/hex_registry.erl b/src/hex_registry.erl index a16e9a6..a8b8568 100644 --- a/src/hex_registry.erl +++ b/src/hex_registry.erl @@ -143,7 +143,7 @@ decode_policy(Payload, no_verify, no_verify) -> {ok, hex_pb_policy:decode_msg(Payload, 'Policy')}; decode_policy(Payload, Repository, Name) -> case hex_pb_policy:decode_msg(Payload, 'Policy') of - #{repository := Repository, name := Name} = Result -> + #{repository := Repository, name := Name, published_at := _} = Result -> {ok, Result}; _ -> {error, bad_repo_name} diff --git a/src/hex_repo.erl b/src/hex_repo.erl index b75b9c0..2c79554 100644 --- a/src/hex_repo.erl +++ b/src/hex_repo.erl @@ -110,10 +110,7 @@ get_package(Config, Name) when is_binary(Name) and is_map(Config) -> get_policy(Config, Name) when is_binary(Name) and is_map(Config) -> case maps:get(repo_organization, Config, undefined) of undefined -> - error( - {missing_repo_organization, - "hex_repo:get_policy/2 requires repo_organization to be set"} - ); + {error, missing_repo_organization}; Org when is_binary(Org) -> Verify = maps:get(repo_verify_origin, Config, true), Decoder = fun(Data) -> diff --git a/test/hex_registry_SUITE.erl b/test/hex_registry_SUITE.erl index 8d4e502..2425d0e 100644 --- a/test/hex_registry_SUITE.erl +++ b/test/hex_registry_SUITE.erl @@ -154,7 +154,7 @@ policy_test(_Config) -> ), EncodedPayload = hex_registry:encode_policy(Policy), ?assertMatch({ok, Policy}, hex_registry:decode_policy(EncodedPayload, no_verify, no_verify)), - %% unpack with no_verify identity (still verifies signature) + %% unpack while skipping repo/name check; signature still verified {ok, _} = hex_registry:unpack_policy(Payload, no_verify, no_verify, TestPublicKey), ok. diff --git a/test/hex_repo_SUITE.erl b/test/hex_repo_SUITE.erl index a7bf04b..eda2818 100644 --- a/test/hex_repo_SUITE.erl +++ b/test/hex_repo_SUITE.erl @@ -80,10 +80,7 @@ get_policy_test(_Config) -> get_policy_missing_org_test(_Config) -> Config = maps:remove(repo_organization, ?CONFIG), - ?assertError( - {missing_repo_organization, _}, - hex_repo:get_policy(Config, <<"strict-prod">>) - ), + {error, missing_repo_organization} = hex_repo:get_policy(Config, <<"strict-prod">>), ok. get_tarball_test(_Config) -> From 78e454bd8b4a05b48fb93f1f75b108f6437eb3d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eric=20Meadows-J=C3=B6nsson?= Date: Fri, 22 May 2026 17:22:53 +0200 Subject: [PATCH 4/9] =?UTF-8?q?Remove=20Policy.published=5Fat=20=E2=80=94?= =?UTF-8?q?=20unused=20by=20any=20client?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mirrors the change in specifications. Field 4 is reserved on the wire. The decode_policy/3 shape witness moves from published_at to visibility (also required). Fixtures and tests updated. --- proto/hex_pb_policy.proto | 7 +- src/hex_pb_policy.erl | 249 ++++++++++++++------------------- src/hex_registry.erl | 2 +- test/hex_registry_SUITE.erl | 1 - test/support/hex_http_test.erl | 1 - 5 files changed, 110 insertions(+), 150 deletions(-) diff --git a/proto/hex_pb_policy.proto b/proto/hex_pb_policy.proto index 46c5a05..42206b8 100644 --- a/proto/hex_pb_policy.proto +++ b/proto/hex_pb_policy.proto @@ -11,10 +11,9 @@ message Policy { // Optional, free-form description (admin-set, surfaced in CLI/UI) optional string description = 3; - // Resource generation timestamp, seconds since unix epoch. - // Clients use this to compute staleness when a fetch fails and the - // last-known-good cached payload is loaded instead. - required int64 published_at = 4; + // Field 4 was Policy.published_at — removed before release. + reserved 4; + reserved "published_at"; // Whether the policy is publicly readable or restricted to org members. // Read at the edge to decide whether to enforce auth on the fetch. diff --git a/src/hex_pb_policy.erl b/src/hex_pb_policy.erl index af52a05..2d706bf 100644 --- a/src/hex_pb_policy.erl +++ b/src/hex_pb_policy.erl @@ -58,7 +58,6 @@ #{repository => unicode:chardata(), % = 1, required name => unicode:chardata(), % = 2, required description => unicode:chardata(), % = 3, optional - published_at => integer(), % = 4, required, 64 bits visibility => 'VISIBILITY_PRIVATE' | 'VISIBILITY_PUBLIC' | integer(), % = 5, required, enum Visibility advisory_min_severity => non_neg_integer(), % = 6, optional, 32 bits retirement_reasons => [non_neg_integer()], % = 7, repeated, 32 bits @@ -83,30 +82,29 @@ encode_msg(Msg, MsgName, Opts) -> encode_msg_Policy(Msg, TrUserData) -> encode_msg_Policy(Msg, <<>>, TrUserData). -encode_msg_Policy(#{repository := F1, name := F2, published_at := F4, visibility := F5} = M, Bin, TrUserData) -> +encode_msg_Policy(#{repository := F1, name := F2, visibility := F4} = M, Bin, TrUserData) -> B1 = begin TrF1 = id(F1, TrUserData), e_type_string(TrF1, <>, TrUserData) end, B2 = begin TrF2 = id(F2, TrUserData), e_type_string(TrF2, <>, TrUserData) end, B3 = case M of #{description := F3} -> begin TrF3 = id(F3, TrUserData), e_type_string(TrF3, <>, TrUserData) end; _ -> B2 end, - B4 = begin TrF4 = id(F4, TrUserData), e_type_int64(TrF4, <>, TrUserData) end, - B5 = begin TrF5 = id(F5, TrUserData), e_enum_Visibility(TrF5, <>, TrUserData) end, - B6 = case M of - #{advisory_min_severity := F6} -> begin TrF6 = id(F6, TrUserData), e_varint(TrF6, <>, TrUserData) end; - _ -> B5 + B4 = begin TrF4 = id(F4, TrUserData), e_enum_Visibility(TrF4, <>, TrUserData) end, + B5 = case M of + #{advisory_min_severity := F5} -> begin TrF5 = id(F5, TrUserData), e_varint(TrF5, <>, TrUserData) end; + _ -> B4 end, - B7 = case M of - #{retirement_reasons := F7} -> - TrF7 = id(F7, TrUserData), - if TrF7 == [] -> B6; - true -> e_field_Policy_retirement_reasons(TrF7, B6, TrUserData) + B6 = case M of + #{retirement_reasons := F6} -> + TrF6 = id(F6, TrUserData), + if TrF6 == [] -> B5; + true -> e_field_Policy_retirement_reasons(TrF6, B5, TrUserData) end; - _ -> B6 + _ -> B5 end, case M of - #{cooldown := F8} -> begin TrF8 = id(F8, TrUserData), e_type_string(TrF8, <>, TrUserData) end; - _ -> B7 + #{cooldown := F7} -> begin TrF7 = id(F7, TrUserData), e_type_string(TrF7, <>, TrUserData) end; + _ -> B6 end. e_field_Policy_retirement_reasons(Elems, Bin, TrUserData) when Elems =/= [] -> @@ -252,125 +250,101 @@ decode_msg_2_doit('Policy', Bin, TrUserData) -> id(decode_msg_Policy(Bin, TrUser decode_msg_Policy(Bin, TrUserData) -> - dfp_read_field_def_Policy(Bin, - 0, - 0, - 0, - id('$undef', TrUserData), - id('$undef', TrUserData), - id('$undef', TrUserData), - id('$undef', TrUserData), - id('$undef', TrUserData), - id('$undef', TrUserData), - id([], TrUserData), - id('$undef', TrUserData), - TrUserData). - -dfp_read_field_def_Policy(<<10, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_field_Policy_repository(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -dfp_read_field_def_Policy(<<18, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_field_Policy_name(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -dfp_read_field_def_Policy(<<26, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_field_Policy_description(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -dfp_read_field_def_Policy(<<32, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_field_Policy_published_at(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -dfp_read_field_def_Policy(<<40, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_field_Policy_visibility(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -dfp_read_field_def_Policy(<<48, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_field_Policy_advisory_min_severity(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -dfp_read_field_def_Policy(<<58, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_pfield_Policy_retirement_reasons(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -dfp_read_field_def_Policy(<<56, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_field_Policy_retirement_reasons(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -dfp_read_field_def_Policy(<<66, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> d_field_Policy_cooldown(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -dfp_read_field_def_Policy(<<>>, 0, 0, _, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, R1, F@_8, TrUserData) -> - S1 = #{repository => F@_1, name => F@_2, published_at => F@_4, visibility => F@_5, retirement_reasons => lists_reverse(R1, TrUserData)}, + dfp_read_field_def_Policy(Bin, 0, 0, 0, id('$undef', TrUserData), id('$undef', TrUserData), id('$undef', TrUserData), id('$undef', TrUserData), id('$undef', TrUserData), id([], TrUserData), id('$undef', TrUserData), TrUserData). + +dfp_read_field_def_Policy(<<10, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_repository(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +dfp_read_field_def_Policy(<<18, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_name(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +dfp_read_field_def_Policy(<<26, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_description(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +dfp_read_field_def_Policy(<<40, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_visibility(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +dfp_read_field_def_Policy(<<48, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_advisory_min_severity(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +dfp_read_field_def_Policy(<<58, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_pfield_Policy_retirement_reasons(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +dfp_read_field_def_Policy(<<56, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_retirement_reasons(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +dfp_read_field_def_Policy(<<66, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_cooldown(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +dfp_read_field_def_Policy(<<>>, 0, 0, _, F@_1, F@_2, F@_3, F@_4, F@_5, R1, F@_7, TrUserData) -> + S1 = #{repository => F@_1, name => F@_2, visibility => F@_4, retirement_reasons => lists_reverse(R1, TrUserData)}, S2 = if F@_3 == '$undef' -> S1; true -> S1#{description => F@_3} end, - S3 = if F@_6 == '$undef' -> S2; - true -> S2#{advisory_min_severity => F@_6} + S3 = if F@_5 == '$undef' -> S2; + true -> S2#{advisory_min_severity => F@_5} end, - if F@_8 == '$undef' -> S3; - true -> S3#{cooldown => F@_8} + if F@_7 == '$undef' -> S3; + true -> S3#{cooldown => F@_7} end; -dfp_read_field_def_Policy(Other, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> dg_read_field_def_Policy(Other, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). +dfp_read_field_def_Policy(Other, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> dg_read_field_def_Policy(Other, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData). -dg_read_field_def_Policy(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 32 - 7 -> - dg_read_field_def_Policy(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -dg_read_field_def_Policy(<<0:1, X:7, Rest/binary>>, N, Acc, _, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> +dg_read_field_def_Policy(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) when N < 32 - 7 -> dg_read_field_def_Policy(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +dg_read_field_def_Policy(<<0:1, X:7, Rest/binary>>, N, Acc, _, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> Key = X bsl N + Acc, case Key of - 10 -> d_field_Policy_repository(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); - 18 -> d_field_Policy_name(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); - 26 -> d_field_Policy_description(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); - 32 -> d_field_Policy_published_at(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); - 40 -> d_field_Policy_visibility(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); - 48 -> d_field_Policy_advisory_min_severity(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); - 58 -> d_pfield_Policy_retirement_reasons(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); - 56 -> d_field_Policy_retirement_reasons(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); - 66 -> d_field_Policy_cooldown(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); + 10 -> d_field_Policy_repository(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); + 18 -> d_field_Policy_name(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); + 26 -> d_field_Policy_description(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); + 40 -> d_field_Policy_visibility(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); + 48 -> d_field_Policy_advisory_min_severity(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); + 58 -> d_pfield_Policy_retirement_reasons(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); + 56 -> d_field_Policy_retirement_reasons(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); + 66 -> d_field_Policy_cooldown(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); _ -> case Key band 7 of - 0 -> skip_varint_Policy(Rest, 0, 0, Key bsr 3, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); - 1 -> skip_64_Policy(Rest, 0, 0, Key bsr 3, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); - 2 -> skip_length_delimited_Policy(Rest, 0, 0, Key bsr 3, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); - 3 -> skip_group_Policy(Rest, 0, 0, Key bsr 3, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); - 5 -> skip_32_Policy(Rest, 0, 0, Key bsr 3, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) + 0 -> skip_varint_Policy(Rest, 0, 0, Key bsr 3, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); + 1 -> skip_64_Policy(Rest, 0, 0, Key bsr 3, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); + 2 -> skip_length_delimited_Policy(Rest, 0, 0, Key bsr 3, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); + 3 -> skip_group_Policy(Rest, 0, 0, Key bsr 3, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); + 5 -> skip_32_Policy(Rest, 0, 0, Key bsr 3, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) end end; -dg_read_field_def_Policy(<<>>, 0, 0, _, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, R1, F@_8, TrUserData) -> - S1 = #{repository => F@_1, name => F@_2, published_at => F@_4, visibility => F@_5, retirement_reasons => lists_reverse(R1, TrUserData)}, +dg_read_field_def_Policy(<<>>, 0, 0, _, F@_1, F@_2, F@_3, F@_4, F@_5, R1, F@_7, TrUserData) -> + S1 = #{repository => F@_1, name => F@_2, visibility => F@_4, retirement_reasons => lists_reverse(R1, TrUserData)}, S2 = if F@_3 == '$undef' -> S1; true -> S1#{description => F@_3} end, - S3 = if F@_6 == '$undef' -> S2; - true -> S2#{advisory_min_severity => F@_6} + S3 = if F@_5 == '$undef' -> S2; + true -> S2#{advisory_min_severity => F@_5} end, - if F@_8 == '$undef' -> S3; - true -> S3#{cooldown => F@_8} + if F@_7 == '$undef' -> S3; + true -> S3#{cooldown => F@_7} end. -d_field_Policy_repository(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> - d_field_Policy_repository(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -d_field_Policy_repository(<<0:1, X:7, Rest/binary>>, N, Acc, F, _, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> +d_field_Policy_repository(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) when N < 57 -> d_field_Policy_repository(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +d_field_Policy_repository(<<0:1, X:7, Rest/binary>>, N, Acc, F, _, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> {NewFValue, RestF} = begin Len = X bsl N + Acc, <> = Rest, Bytes2 = binary:copy(Bytes), {id(Bytes2, TrUserData), Rest2} end, - dfp_read_field_def_Policy(RestF, 0, 0, F, NewFValue, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). + dfp_read_field_def_Policy(RestF, 0, 0, F, NewFValue, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData). -d_field_Policy_name(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> d_field_Policy_name(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -d_field_Policy_name(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, _, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> +d_field_Policy_name(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) when N < 57 -> d_field_Policy_name(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +d_field_Policy_name(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, _, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> {NewFValue, RestF} = begin Len = X bsl N + Acc, <> = Rest, Bytes2 = binary:copy(Bytes), {id(Bytes2, TrUserData), Rest2} end, - dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, NewFValue, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). + dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, NewFValue, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData). -d_field_Policy_description(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> - d_field_Policy_description(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -d_field_Policy_description(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, _, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> +d_field_Policy_description(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) when N < 57 -> d_field_Policy_description(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +d_field_Policy_description(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, _, F@_4, F@_5, F@_6, F@_7, TrUserData) -> {NewFValue, RestF} = begin Len = X bsl N + Acc, <> = Rest, Bytes2 = binary:copy(Bytes), {id(Bytes2, TrUserData), Rest2} end, - dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, F@_2, NewFValue, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). - -d_field_Policy_published_at(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> - d_field_Policy_published_at(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -d_field_Policy_published_at(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, _, F@_5, F@_6, F@_7, F@_8, TrUserData) -> - {NewFValue, RestF} = {begin <> = <<(X bsl N + Acc):64/unsigned-native>>, id(Res, TrUserData) end, Rest}, - dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, F@_2, F@_3, NewFValue, F@_5, F@_6, F@_7, F@_8, TrUserData). + dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, F@_2, NewFValue, F@_4, F@_5, F@_6, F@_7, TrUserData). -d_field_Policy_visibility(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> - d_field_Policy_visibility(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -d_field_Policy_visibility(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, _, F@_6, F@_7, F@_8, TrUserData) -> +d_field_Policy_visibility(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) when N < 57 -> d_field_Policy_visibility(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +d_field_Policy_visibility(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, _, F@_5, F@_6, F@_7, TrUserData) -> {NewFValue, RestF} = {id(d_enum_Visibility(begin <> = <<(X bsl N + Acc):32/unsigned-native>>, id(Res, TrUserData) end), TrUserData), Rest}, - dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, F@_2, F@_3, F@_4, NewFValue, F@_6, F@_7, F@_8, TrUserData). + dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, F@_2, F@_3, NewFValue, F@_5, F@_6, F@_7, TrUserData). -d_field_Policy_advisory_min_severity(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> - d_field_Policy_advisory_min_severity(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -d_field_Policy_advisory_min_severity(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, _, F@_7, F@_8, TrUserData) -> +d_field_Policy_advisory_min_severity(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) when N < 57 -> + d_field_Policy_advisory_min_severity(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +d_field_Policy_advisory_min_severity(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, _, F@_6, F@_7, TrUserData) -> {NewFValue, RestF} = {id((X bsl N + Acc) band 4294967295, TrUserData), Rest}, - dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, F@_2, F@_3, F@_4, F@_5, NewFValue, F@_7, F@_8, TrUserData). + dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, F@_2, F@_3, F@_4, NewFValue, F@_6, F@_7, TrUserData). -d_field_Policy_retirement_reasons(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> - d_field_Policy_retirement_reasons(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -d_field_Policy_retirement_reasons(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, Prev, F@_8, TrUserData) -> +d_field_Policy_retirement_reasons(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) when N < 57 -> + d_field_Policy_retirement_reasons(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +d_field_Policy_retirement_reasons(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, Prev, F@_7, TrUserData) -> {NewFValue, RestF} = {id((X bsl N + Acc) band 4294967295, TrUserData), Rest}, - dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, cons(NewFValue, Prev, TrUserData), F@_8, TrUserData). + dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, F@_2, F@_3, F@_4, F@_5, cons(NewFValue, Prev, TrUserData), F@_7, TrUserData). -d_pfield_Policy_retirement_reasons(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> - d_pfield_Policy_retirement_reasons(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -d_pfield_Policy_retirement_reasons(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, E, F@_8, TrUserData) -> +d_pfield_Policy_retirement_reasons(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) when N < 57 -> + d_pfield_Policy_retirement_reasons(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +d_pfield_Policy_retirement_reasons(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, E, F@_7, TrUserData) -> Len = X bsl N + Acc, <> = Rest, NewSeq = d_packed_field_Policy_retirement_reasons(PackedBytes, 0, 0, F, E, TrUserData), - dfp_read_field_def_Policy(Rest2, 0, 0, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, NewSeq, F@_8, TrUserData). + dfp_read_field_def_Policy(Rest2, 0, 0, F, F@_1, F@_2, F@_3, F@_4, F@_5, NewSeq, F@_7, TrUserData). d_packed_field_Policy_retirement_reasons(<<1:1, X:7, Rest/binary>>, N, Acc, F, AccSeq, TrUserData) when N < 57 -> d_packed_field_Policy_retirement_reasons(Rest, N + 7, X bsl N + Acc, F, AccSeq, TrUserData); d_packed_field_Policy_retirement_reasons(<<0:1, X:7, Rest/binary>>, N, Acc, F, AccSeq, TrUserData) -> @@ -378,29 +352,27 @@ d_packed_field_Policy_retirement_reasons(<<0:1, X:7, Rest/binary>>, N, Acc, F, A d_packed_field_Policy_retirement_reasons(RestF, 0, 0, F, [NewFValue | AccSeq], TrUserData); d_packed_field_Policy_retirement_reasons(<<>>, 0, 0, _, AccSeq, _) -> AccSeq. -d_field_Policy_cooldown(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> - d_field_Policy_cooldown(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -d_field_Policy_cooldown(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, _, TrUserData) -> +d_field_Policy_cooldown(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) when N < 57 -> d_field_Policy_cooldown(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +d_field_Policy_cooldown(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, _, TrUserData) -> {NewFValue, RestF} = begin Len = X bsl N + Acc, <> = Rest, Bytes2 = binary:copy(Bytes), {id(Bytes2, TrUserData), Rest2} end, - dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, NewFValue, TrUserData). + dfp_read_field_def_Policy(RestF, 0, 0, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, NewFValue, TrUserData). -skip_varint_Policy(<<1:1, _:7, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> skip_varint_Policy(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -skip_varint_Policy(<<0:1, _:7, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> dfp_read_field_def_Policy(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). +skip_varint_Policy(<<1:1, _:7, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> skip_varint_Policy(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +skip_varint_Policy(<<0:1, _:7, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> dfp_read_field_def_Policy(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData). -skip_length_delimited_Policy(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) when N < 57 -> - skip_length_delimited_Policy(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData); -skip_length_delimited_Policy(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> +skip_length_delimited_Policy(<<1:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) when N < 57 -> skip_length_delimited_Policy(Rest, N + 7, X bsl N + Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +skip_length_delimited_Policy(<<0:1, X:7, Rest/binary>>, N, Acc, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> Length = X bsl N + Acc, <<_:Length/binary, Rest2/binary>> = Rest, - dfp_read_field_def_Policy(Rest2, 0, 0, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). + dfp_read_field_def_Policy(Rest2, 0, 0, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData). -skip_group_Policy(Bin, _, Z2, FNum, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> +skip_group_Policy(Bin, _, Z2, FNum, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> {_, Rest} = read_group(Bin, FNum), - dfp_read_field_def_Policy(Rest, 0, Z2, FNum, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). + dfp_read_field_def_Policy(Rest, 0, Z2, FNum, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData). -skip_32_Policy(<<_:32, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> dfp_read_field_def_Policy(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). +skip_32_Policy(<<_:32, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> dfp_read_field_def_Policy(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData). -skip_64_Policy(<<_:64, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData) -> dfp_read_field_def_Policy(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, F@_8, TrUserData). +skip_64_Policy(<<_:64, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> dfp_read_field_def_Policy(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData). d_enum_Visibility(0) -> 'VISIBILITY_PRIVATE'; d_enum_Visibility(1) -> 'VISIBILITY_PUBLIC'; @@ -471,8 +443,8 @@ merge_msgs(Prev, New, MsgName, Opts) -> case MsgName of 'Policy' -> merge_msg_Policy(Prev, New, TrUserData) end. -compile({nowarn_unused_function,merge_msg_Policy/3}). -merge_msg_Policy(#{} = PMsg, #{repository := NFrepository, name := NFname, published_at := NFpublished_at, visibility := NFvisibility} = NMsg, TrUserData) -> - S1 = #{repository => NFrepository, name => NFname, published_at => NFpublished_at, visibility => NFvisibility}, +merge_msg_Policy(#{} = PMsg, #{repository := NFrepository, name := NFname, visibility := NFvisibility} = NMsg, TrUserData) -> + S1 = #{repository => NFrepository, name => NFname, visibility => NFvisibility}, S2 = case {PMsg, NMsg} of {_, #{description := NFdescription}} -> S1#{description => NFdescription}; {#{description := PFdescription}, _} -> S1#{description => PFdescription}; @@ -507,36 +479,34 @@ verify_msg(Msg, MsgName, Opts) -> -compile({nowarn_unused_function,v_msg_Policy/3}). -v_msg_Policy(#{repository := F1, name := F2, published_at := F4, visibility := F5} = M, Path, TrUserData) -> +v_msg_Policy(#{repository := F1, name := F2, visibility := F4} = M, Path, TrUserData) -> v_type_string(F1, [repository | Path], TrUserData), v_type_string(F2, [name | Path], TrUserData), case M of #{description := F3} -> v_type_string(F3, [description | Path], TrUserData); _ -> ok end, - v_type_int64(F4, [published_at | Path], TrUserData), - v_enum_Visibility(F5, [visibility | Path], TrUserData), + v_enum_Visibility(F4, [visibility | Path], TrUserData), case M of - #{advisory_min_severity := F6} -> v_type_uint32(F6, [advisory_min_severity | Path], TrUserData); + #{advisory_min_severity := F5} -> v_type_uint32(F5, [advisory_min_severity | Path], TrUserData); _ -> ok end, case M of - #{retirement_reasons := F7} -> - if is_list(F7) -> - _ = [v_type_uint32(Elem, [retirement_reasons | Path], TrUserData) || Elem <- F7], + #{retirement_reasons := F6} -> + if is_list(F6) -> + _ = [v_type_uint32(Elem, [retirement_reasons | Path], TrUserData) || Elem <- F6], ok; - true -> mk_type_error({invalid_list_of, uint32}, F7, [retirement_reasons | Path]) + true -> mk_type_error({invalid_list_of, uint32}, F6, [retirement_reasons | Path]) end; _ -> ok end, case M of - #{cooldown := F8} -> v_type_string(F8, [cooldown | Path], TrUserData); + #{cooldown := F7} -> v_type_string(F7, [cooldown | Path], TrUserData); _ -> ok end, lists:foreach(fun (repository) -> ok; (name) -> ok; (description) -> ok; - (published_at) -> ok; (visibility) -> ok; (advisory_min_severity) -> ok; (retirement_reasons) -> ok; @@ -545,7 +515,7 @@ v_msg_Policy(#{repository := F1, name := F2, published_at := F4, visibility := F end, maps:keys(M)), ok; -v_msg_Policy(M, Path, _TrUserData) when is_map(M) -> mk_type_error({missing_fields, [repository, name, published_at, visibility] -- maps:keys(M), 'Policy'}, M, Path); +v_msg_Policy(M, Path, _TrUserData) when is_map(M) -> mk_type_error({missing_fields, [repository, name, visibility] -- maps:keys(M), 'Policy'}, M, Path); v_msg_Policy(X, Path, _TrUserData) -> mk_type_error({expected_msg, 'Policy'}, X, Path). -compile({nowarn_unused_function,v_enum_Visibility/3}). @@ -554,11 +524,6 @@ v_enum_Visibility('VISIBILITY_PUBLIC', _Path, _TrUserData) -> ok; v_enum_Visibility(V, _Path, _TrUserData) when -2147483648 =< V, V =< 2147483647, is_integer(V) -> ok; v_enum_Visibility(X, Path, _TrUserData) -> mk_type_error({invalid_enum, 'Visibility'}, X, Path). --compile({nowarn_unused_function,v_type_int64/3}). -v_type_int64(N, _Path, _TrUserData) when is_integer(N), -9223372036854775808 =< N, N =< 9223372036854775807 -> ok; -v_type_int64(N, Path, _TrUserData) when is_integer(N) -> mk_type_error({value_out_of_range, int64, signed, 64}, N, Path); -v_type_int64(X, Path, _TrUserData) -> mk_type_error({bad_integer, int64, signed, 64}, X, Path). - -compile({nowarn_unused_function,v_type_uint32/3}). v_type_uint32(N, _Path, _TrUserData) when is_integer(N), 0 =< N, N =< 4294967295 -> ok; v_type_uint32(N, Path, _TrUserData) when is_integer(N) -> mk_type_error({value_out_of_range, uint32, unsigned, 32}, N, Path); @@ -616,11 +581,10 @@ get_msg_defs() -> [#{name => repository, fnum => 1, rnum => 2, type => string, occurrence => required, opts => []}, #{name => name, fnum => 2, rnum => 3, type => string, occurrence => required, opts => []}, #{name => description, fnum => 3, rnum => 4, type => string, occurrence => optional, opts => []}, - #{name => published_at, fnum => 4, rnum => 5, type => int64, occurrence => required, opts => []}, - #{name => visibility, fnum => 5, rnum => 6, type => {enum, 'Visibility'}, occurrence => required, opts => []}, - #{name => advisory_min_severity, fnum => 6, rnum => 7, type => uint32, occurrence => optional, opts => []}, - #{name => retirement_reasons, fnum => 7, rnum => 8, type => uint32, occurrence => repeated, opts => [packed]}, - #{name => cooldown, fnum => 8, rnum => 9, type => string, occurrence => optional, opts => []}]}]. + #{name => visibility, fnum => 5, rnum => 5, type => {enum, 'Visibility'}, occurrence => required, opts => []}, + #{name => advisory_min_severity, fnum => 6, rnum => 6, type => uint32, occurrence => optional, opts => []}, + #{name => retirement_reasons, fnum => 7, rnum => 7, type => uint32, occurrence => repeated, opts => [packed]}, + #{name => cooldown, fnum => 8, rnum => 8, type => string, occurrence => optional, opts => []}]}]. get_msg_names() -> ['Policy']. @@ -653,11 +617,10 @@ find_msg_def('Policy') -> [#{name => repository, fnum => 1, rnum => 2, type => string, occurrence => required, opts => []}, #{name => name, fnum => 2, rnum => 3, type => string, occurrence => required, opts => []}, #{name => description, fnum => 3, rnum => 4, type => string, occurrence => optional, opts => []}, - #{name => published_at, fnum => 4, rnum => 5, type => int64, occurrence => required, opts => []}, - #{name => visibility, fnum => 5, rnum => 6, type => {enum, 'Visibility'}, occurrence => required, opts => []}, - #{name => advisory_min_severity, fnum => 6, rnum => 7, type => uint32, occurrence => optional, opts => []}, - #{name => retirement_reasons, fnum => 7, rnum => 8, type => uint32, occurrence => repeated, opts => [packed]}, - #{name => cooldown, fnum => 8, rnum => 9, type => string, occurrence => optional, opts => []}]; + #{name => visibility, fnum => 5, rnum => 5, type => {enum, 'Visibility'}, occurrence => required, opts => []}, + #{name => advisory_min_severity, fnum => 6, rnum => 6, type => uint32, occurrence => optional, opts => []}, + #{name => retirement_reasons, fnum => 7, rnum => 7, type => uint32, occurrence => repeated, opts => [packed]}, + #{name => cooldown, fnum => 8, rnum => 8, type => string, occurrence => optional, opts => []}]; find_msg_def(_) -> error. diff --git a/src/hex_registry.erl b/src/hex_registry.erl index a8b8568..2f3e878 100644 --- a/src/hex_registry.erl +++ b/src/hex_registry.erl @@ -143,7 +143,7 @@ decode_policy(Payload, no_verify, no_verify) -> {ok, hex_pb_policy:decode_msg(Payload, 'Policy')}; decode_policy(Payload, Repository, Name) -> case hex_pb_policy:decode_msg(Payload, 'Policy') of - #{repository := Repository, name := Name, published_at := _} = Result -> + #{repository := Repository, name := Name, visibility := _} = Result -> {ok, Result}; _ -> {error, bad_repo_name} diff --git a/test/hex_registry_SUITE.erl b/test/hex_registry_SUITE.erl index 2425d0e..0b2aafd 100644 --- a/test/hex_registry_SUITE.erl +++ b/test/hex_registry_SUITE.erl @@ -133,7 +133,6 @@ policy_test(_Config) -> repository => <<"myorg">>, name => <<"strict-prod">>, description => <<"Production policy">>, - published_at => 1716253200, visibility => 'VISIBILITY_PUBLIC', advisory_min_severity => 3, retirement_reasons => [1, 2], diff --git a/test/support/hex_http_test.erl b/test/support/hex_http_test.erl index 084c1ab..6b79874 100644 --- a/test/support/hex_http_test.erl +++ b/test/support/hex_http_test.erl @@ -97,7 +97,6 @@ fixture(get, <>, _, _) -> repository => <<"myorg">>, name => <<"strict-prod">>, description => <<"Production policy">>, - published_at => 1716253200, visibility => 'VISIBILITY_PUBLIC', advisory_min_severity => 3, retirement_reasons => [1, 2], From 364a64d811956ba0052d5cfe632884a391d9bb57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eric=20Meadows-J=C3=B6nsson?= Date: Fri, 22 May 2026 17:24:52 +0200 Subject: [PATCH 5/9] Renumber Policy fields contiguously after dropping published_at Mirrors the renumbering in specifications. The proto was unreleased so back-compat reservations are dead weight. --- proto/hex_pb_policy.proto | 12 +++------ src/hex_pb_policy.erl | 52 +++++++++++++++++++-------------------- 2 files changed, 30 insertions(+), 34 deletions(-) diff --git a/proto/hex_pb_policy.proto b/proto/hex_pb_policy.proto index 42206b8..387ba48 100644 --- a/proto/hex_pb_policy.proto +++ b/proto/hex_pb_policy.proto @@ -11,32 +11,28 @@ message Policy { // Optional, free-form description (admin-set, surfaced in CLI/UI) optional string description = 3; - // Field 4 was Policy.published_at — removed before release. - reserved 4; - reserved "published_at"; - // Whether the policy is publicly readable or restricted to org members. // Read at the edge to decide whether to enforce auth on the fetch. // Adding new Visibility values is a breaking change — old clients will // treat unknown values as PRIVATE per the fail-closed rule. - required Visibility visibility = 5; + required Visibility visibility = 4; // Categorical advisory rule. If set, deny any release whose maximum // advisory severity is at least this value. Values map to AdvisorySeverity // in package.proto (SEVERITY_NONE..SEVERITY_CRITICAL = 0..4). // Unset = rule disabled. - optional uint32 advisory_min_severity = 6; + optional uint32 advisory_min_severity = 5; // Categorical retirement rule. If non-empty, deny any release retired with // a reason in this set. Values map to RetirementReason in package.proto // (RETIRED_OTHER..RETIRED_RENAMED = 0..4). Empty = rule disabled. - repeated uint32 retirement_reasons = 7 [packed=true]; + repeated uint32 retirement_reasons = 6 [packed=true]; // Optional minimum release age for every package version governed by this // policy. Same duration grammar as the Hex cooldown config ("7d", "2w", // "1mo", "0"). Unset or "0" means no policy cooldown. If multiple active // policies declare cooldowns, the effective cooldown is the strictest one. - optional string cooldown = 8; + optional string cooldown = 7; } enum Visibility { diff --git a/src/hex_pb_policy.erl b/src/hex_pb_policy.erl index 2d706bf..d01deb6 100644 --- a/src/hex_pb_policy.erl +++ b/src/hex_pb_policy.erl @@ -58,10 +58,10 @@ #{repository => unicode:chardata(), % = 1, required name => unicode:chardata(), % = 2, required description => unicode:chardata(), % = 3, optional - visibility => 'VISIBILITY_PRIVATE' | 'VISIBILITY_PUBLIC' | integer(), % = 5, required, enum Visibility - advisory_min_severity => non_neg_integer(), % = 6, optional, 32 bits - retirement_reasons => [non_neg_integer()], % = 7, repeated, 32 bits - cooldown => unicode:chardata() % = 8, optional + visibility => 'VISIBILITY_PRIVATE' | 'VISIBILITY_PUBLIC' | integer(), % = 4, required, enum Visibility + advisory_min_severity => non_neg_integer(), % = 5, optional, 32 bits + retirement_reasons => [non_neg_integer()], % = 6, repeated, 32 bits + cooldown => unicode:chardata() % = 7, optional }. -export_type(['Policy'/0]). @@ -89,9 +89,9 @@ encode_msg_Policy(#{repository := F1, name := F2, visibility := F4} = M, Bin, Tr #{description := F3} -> begin TrF3 = id(F3, TrUserData), e_type_string(TrF3, <>, TrUserData) end; _ -> B2 end, - B4 = begin TrF4 = id(F4, TrUserData), e_enum_Visibility(TrF4, <>, TrUserData) end, + B4 = begin TrF4 = id(F4, TrUserData), e_enum_Visibility(TrF4, <>, TrUserData) end, B5 = case M of - #{advisory_min_severity := F5} -> begin TrF5 = id(F5, TrUserData), e_varint(TrF5, <>, TrUserData) end; + #{advisory_min_severity := F5} -> begin TrF5 = id(F5, TrUserData), e_varint(TrF5, <>, TrUserData) end; _ -> B4 end, B6 = case M of @@ -103,13 +103,13 @@ encode_msg_Policy(#{repository := F1, name := F2, visibility := F4} = M, Bin, Tr _ -> B5 end, case M of - #{cooldown := F7} -> begin TrF7 = id(F7, TrUserData), e_type_string(TrF7, <>, TrUserData) end; + #{cooldown := F7} -> begin TrF7 = id(F7, TrUserData), e_type_string(TrF7, <>, TrUserData) end; _ -> B6 end. e_field_Policy_retirement_reasons(Elems, Bin, TrUserData) when Elems =/= [] -> SubBin = e_pfield_Policy_retirement_reasons(Elems, <<>>, TrUserData), - Bin2 = <>, + Bin2 = <>, Bin3 = e_varint(byte_size(SubBin), Bin2), <>; e_field_Policy_retirement_reasons([], Bin, _TrUserData) -> Bin. @@ -255,11 +255,11 @@ decode_msg_Policy(Bin, TrUserData) -> dfp_read_field_def_Policy(<<10, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_repository(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); dfp_read_field_def_Policy(<<18, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_name(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); dfp_read_field_def_Policy(<<26, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_description(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); -dfp_read_field_def_Policy(<<40, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_visibility(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); -dfp_read_field_def_Policy(<<48, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_advisory_min_severity(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); -dfp_read_field_def_Policy(<<58, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_pfield_Policy_retirement_reasons(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); -dfp_read_field_def_Policy(<<56, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_retirement_reasons(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); -dfp_read_field_def_Policy(<<66, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_cooldown(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +dfp_read_field_def_Policy(<<32, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_visibility(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +dfp_read_field_def_Policy(<<40, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_advisory_min_severity(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +dfp_read_field_def_Policy(<<50, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_pfield_Policy_retirement_reasons(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +dfp_read_field_def_Policy(<<48, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_retirement_reasons(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); +dfp_read_field_def_Policy(<<58, Rest/binary>>, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData) -> d_field_Policy_cooldown(Rest, Z1, Z2, F, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); dfp_read_field_def_Policy(<<>>, 0, 0, _, F@_1, F@_2, F@_3, F@_4, F@_5, R1, F@_7, TrUserData) -> S1 = #{repository => F@_1, name => F@_2, visibility => F@_4, retirement_reasons => lists_reverse(R1, TrUserData)}, S2 = if F@_3 == '$undef' -> S1; @@ -280,11 +280,11 @@ dg_read_field_def_Policy(<<0:1, X:7, Rest/binary>>, N, Acc, _, F@_1, F@_2, F@_3, 10 -> d_field_Policy_repository(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); 18 -> d_field_Policy_name(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); 26 -> d_field_Policy_description(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); - 40 -> d_field_Policy_visibility(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); - 48 -> d_field_Policy_advisory_min_severity(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); - 58 -> d_pfield_Policy_retirement_reasons(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); - 56 -> d_field_Policy_retirement_reasons(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); - 66 -> d_field_Policy_cooldown(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); + 32 -> d_field_Policy_visibility(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); + 40 -> d_field_Policy_advisory_min_severity(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); + 50 -> d_pfield_Policy_retirement_reasons(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); + 48 -> d_field_Policy_retirement_reasons(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); + 58 -> d_field_Policy_cooldown(Rest, 0, 0, 0, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); _ -> case Key band 7 of 0 -> skip_varint_Policy(Rest, 0, 0, Key bsr 3, F@_1, F@_2, F@_3, F@_4, F@_5, F@_6, F@_7, TrUserData); @@ -581,10 +581,10 @@ get_msg_defs() -> [#{name => repository, fnum => 1, rnum => 2, type => string, occurrence => required, opts => []}, #{name => name, fnum => 2, rnum => 3, type => string, occurrence => required, opts => []}, #{name => description, fnum => 3, rnum => 4, type => string, occurrence => optional, opts => []}, - #{name => visibility, fnum => 5, rnum => 5, type => {enum, 'Visibility'}, occurrence => required, opts => []}, - #{name => advisory_min_severity, fnum => 6, rnum => 6, type => uint32, occurrence => optional, opts => []}, - #{name => retirement_reasons, fnum => 7, rnum => 7, type => uint32, occurrence => repeated, opts => [packed]}, - #{name => cooldown, fnum => 8, rnum => 8, type => string, occurrence => optional, opts => []}]}]. + #{name => visibility, fnum => 4, rnum => 5, type => {enum, 'Visibility'}, occurrence => required, opts => []}, + #{name => advisory_min_severity, fnum => 5, rnum => 6, type => uint32, occurrence => optional, opts => []}, + #{name => retirement_reasons, fnum => 6, rnum => 7, type => uint32, occurrence => repeated, opts => [packed]}, + #{name => cooldown, fnum => 7, rnum => 8, type => string, occurrence => optional, opts => []}]}]. get_msg_names() -> ['Policy']. @@ -617,10 +617,10 @@ find_msg_def('Policy') -> [#{name => repository, fnum => 1, rnum => 2, type => string, occurrence => required, opts => []}, #{name => name, fnum => 2, rnum => 3, type => string, occurrence => required, opts => []}, #{name => description, fnum => 3, rnum => 4, type => string, occurrence => optional, opts => []}, - #{name => visibility, fnum => 5, rnum => 5, type => {enum, 'Visibility'}, occurrence => required, opts => []}, - #{name => advisory_min_severity, fnum => 6, rnum => 6, type => uint32, occurrence => optional, opts => []}, - #{name => retirement_reasons, fnum => 7, rnum => 7, type => uint32, occurrence => repeated, opts => [packed]}, - #{name => cooldown, fnum => 8, rnum => 8, type => string, occurrence => optional, opts => []}]; + #{name => visibility, fnum => 4, rnum => 5, type => {enum, 'Visibility'}, occurrence => required, opts => []}, + #{name => advisory_min_severity, fnum => 5, rnum => 6, type => uint32, occurrence => optional, opts => []}, + #{name => retirement_reasons, fnum => 6, rnum => 7, type => uint32, occurrence => repeated, opts => [packed]}, + #{name => cooldown, fnum => 7, rnum => 8, type => string, occurrence => optional, opts => []}]; find_msg_def(_) -> error. From 2c3afcced4ab19b12d0ccd9760cb555ea401e2b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eric=20Meadows-J=C3=B6nsson?= Date: Sat, 23 May 2026 00:20:53 +0200 Subject: [PATCH 6/9] Use bound Org binding in get_policy/2 decoder The Org binding from the case clause is equivalent to repo_name(Config) inside this branch (repo_name/1 returns repo_organization when set), so use it directly and drop the indirection. --- src/hex_repo.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/hex_repo.erl b/src/hex_repo.erl index 2c79554..9a08c92 100644 --- a/src/hex_repo.erl +++ b/src/hex_repo.erl @@ -115,7 +115,7 @@ get_policy(Config, Name) when is_binary(Name) and is_map(Config) -> Verify = maps:get(repo_verify_origin, Config, true), Decoder = fun(Data) -> case Verify of - true -> hex_registry:decode_policy(Data, repo_name(Config), Name); + true -> hex_registry:decode_policy(Data, Org, Name); false -> hex_registry:decode_policy(Data, no_verify, no_verify) end end, From a38a412f20d32a3943edb8fcf52ec1b474b55bf8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eric=20Meadows-J=C3=B6nsson?= Date: Sat, 23 May 2026 00:21:12 +0200 Subject: [PATCH 7/9] Drop tautological visibility witness in decode_policy/3 visibility is required by the proto, so the pattern always binds it. Keep only the repository/name checks that match against the verifier inputs. --- src/hex_registry.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/hex_registry.erl b/src/hex_registry.erl index 2f3e878..a16e9a6 100644 --- a/src/hex_registry.erl +++ b/src/hex_registry.erl @@ -143,7 +143,7 @@ decode_policy(Payload, no_verify, no_verify) -> {ok, hex_pb_policy:decode_msg(Payload, 'Policy')}; decode_policy(Payload, Repository, Name) -> case hex_pb_policy:decode_msg(Payload, 'Policy') of - #{repository := Repository, name := Name, visibility := _} = Result -> + #{repository := Repository, name := Name} = Result -> {ok, Result}; _ -> {error, bad_repo_name} From d04ce99109914f9273dbdc3f0a48377ff1484ef8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eric=20Meadows-J=C3=B6nsson?= Date: Sat, 23 May 2026 00:21:31 +0200 Subject: [PATCH 8/9] Drop no-op maps:remove in get_policy_missing_org_test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ?CONFIG never sets repo_organization, so removing it was misleading. Use ?CONFIG directly — the absence of the key is what the test exercises. --- test/hex_repo_SUITE.erl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/hex_repo_SUITE.erl b/test/hex_repo_SUITE.erl index eda2818..18942a0 100644 --- a/test/hex_repo_SUITE.erl +++ b/test/hex_repo_SUITE.erl @@ -79,8 +79,7 @@ get_policy_test(_Config) -> ok. get_policy_missing_org_test(_Config) -> - Config = maps:remove(repo_organization, ?CONFIG), - {error, missing_repo_organization} = hex_repo:get_policy(Config, <<"strict-prod">>), + {error, missing_repo_organization} = hex_repo:get_policy(?CONFIG, <<"strict-prod">>), ok. get_tarball_test(_Config) -> From d3ab9d8f321fd64538518c0ffcbda39a178b7109 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eric=20Meadows-J=C3=B6nsson?= Date: Sat, 23 May 2026 00:21:54 +0200 Subject: [PATCH 9/9] Document missing_repo_organization error in get_policy/2 doc Mention the {error, missing_repo_organization} return so the doc covers both the success and absence-of-config cases. --- src/hex_repo.erl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/hex_repo.erl b/src/hex_repo.erl index 9a08c92..ef706a9 100644 --- a/src/hex_repo.erl +++ b/src/hex_repo.erl @@ -94,7 +94,8 @@ get_package(Config, Name) when is_binary(Name) and is_map(Config) -> %% %% Requires `repo_organization' to be set in the config; policies are %% always served from the per-organization namespace -%% (`/repos//policies/'). +%% (`/repos//policies/'). Returns +%% `{error, missing_repo_organization}' when it is not set. %% %% Examples: %%