2 files changed, 193 insertions, 0 deletions
diff --git a/crates/secd/proto/authzed/api/v0/core.proto b/crates/secd/proto/authzed/api/v0/core.proto
new file mode 100644
index 0000000..d42eb04
--- /dev/null
+++ b/crates/secd/proto/authzed/api/v0/core.proto
@@ -0,0 +1,58 @@
+syntax = "proto3";
+package authzed.api.v0;
+
+option go_package = "github.com/authzed/authzed-go/proto/authzed/api/v0";
+option java_package = "com.authzed.api.v0";
+
+import "validate/validate.proto";
+
+message RelationTuple {
+  // Each tupleset specifies keys of a set of relation tuples. The set can
+  // include a single tuple key, or all tuples with a given object ID or
+  // userset in a namespace, optionally constrained by a relation name.
+  //
+  // examples:
+  // doc:readme#viewer@group:eng#member (fully specified)
+  // doc:*#*#group:eng#member (all tuples that this userset relates to)
+  // doc:12345#*#* (all tuples with a direct relationship to a document)
+  // doc:12345#writer#* (all tuples with direct write relationship with the
+  // document) doc:#writer#group:eng#member (all tuples that eng group has write
+  // relationship)
+  ObjectAndRelation object_and_relation = 1
+      [ (validate.rules).message.required = true ];
+  User user = 2 [ (validate.rules).message.required = true ];
+}
+
+message ObjectAndRelation {
+  string namespace = 1 [ (validate.rules).string = {
+    pattern : "^([a-z][a-z0-9_]{1,61}[a-z0-9]/)?[a-z][a-z0-9_]{1,62}[a-z0-9]$",
+    max_bytes : 128,
+  } ];
+  string object_id = 2 [ (validate.rules).string = {
+    pattern : "^(([a-zA-Z0-9_][a-zA-Z0-9/_|-]{0,127})|\\*)$",
+    max_bytes : 128,
+  } ];
+  string relation = 3 [ (validate.rules).string = {
+    pattern : "^(\\.\\.\\.|[a-z][a-z0-9_]{1,62}[a-z0-9])$",
+    max_bytes : 64,
+  } ];
+}
+
+message RelationReference {
+  string namespace = 1 [ (validate.rules).string = {
+    pattern : "^([a-z][a-z0-9_]{1,61}[a-z0-9]/)?[a-z][a-z0-9_]{1,62}[a-z0-9]$",
+    max_bytes : 128,
+  } ];
+  string relation = 3 [ (validate.rules).string = {
+    pattern : "^(\\.\\.\\.|[a-z][a-z0-9_]{1,62}[a-z0-9])$",
+    max_bytes : 64,
+  } ];
+}
+
+message User {
+  oneof user_oneof {
+    option (validate.required) = true;
+
+    ObjectAndRelation userset = 2 [ (validate.rules).message.required = true ];
+  }
+}
diff --git a/crates/secd/proto/authzed/api/v0/developer.proto b/crates/secd/proto/authzed/api/v0/developer.proto
new file mode 100644
index 0000000..9a4b97d
--- /dev/null
+++ b/crates/secd/proto/authzed/api/v0/developer.proto
@@ -0,0 +1,135 @@
+syntax = "proto3";
+package authzed.api.v0;
+
+option go_package = "github.com/authzed/authzed-go/proto/authzed/api/v0";
+option java_package = "com.authzed.api.v0";
+
+import "authzed/api/v0/core.proto";
+
+service DeveloperService {
+  rpc EditCheck(EditCheckRequest) returns (EditCheckResponse) {}
+  rpc Validate(ValidateRequest) returns (ValidateResponse) {}
+  rpc Share(ShareRequest) returns (ShareResponse) {}
+  rpc LookupShared(LookupShareRequest) returns (LookupShareResponse) {}
+  rpc UpgradeSchema(UpgradeSchemaRequest) returns (UpgradeSchemaResponse) {}
+  rpc FormatSchema(FormatSchemaRequest) returns (FormatSchemaResponse) {}
+}
+
+message FormatSchemaRequest {
+  string schema = 1;
+}
+
+message FormatSchemaResponse {
+  DeveloperError error = 1;
+  string formatted_schema = 2;
+}
+
+message UpgradeSchemaRequest {
+  repeated string namespace_configs = 1;
+}
+
+message UpgradeSchemaResponse {
+  DeveloperError error = 1;
+  string upgraded_schema = 2;
+}
+
+message ShareRequest {
+  string schema = 1;
+  string relationships_yaml = 2;
+  string validation_yaml = 3;
+  string assertions_yaml = 4;
+}
+
+message ShareResponse {
+  string share_reference = 1;
+}
+
+message LookupShareRequest {
+  string share_reference = 1;
+}
+
+message LookupShareResponse {
+  enum LookupStatus {
+    UNKNOWN_REFERENCE = 0;
+    FAILED_TO_LOOKUP = 1;
+    VALID_REFERENCE = 2;
+    UPGRADED_REFERENCE = 3;
+  }
+
+  LookupStatus status = 1;
+  string schema = 2;
+  string relationships_yaml = 3;
+  string validation_yaml = 4;
+  string assertions_yaml = 5;
+}
+
+message RequestContext {
+  string schema = 1;
+  repeated RelationTuple relationships = 2;
+  reserved 3; // Was legacy_ns_configs
+}
+
+message EditCheckRequest {
+  RequestContext context = 1;
+  repeated RelationTuple check_relationships = 2;
+}
+
+message EditCheckResult {
+  RelationTuple relationship = 1;
+  bool is_member = 2;
+  DeveloperError error = 3;
+}
+
+message EditCheckResponse {
+  repeated DeveloperError request_errors = 1;
+  repeated EditCheckResult check_results = 2;
+}
+
+message ValidateRequest {
+  RequestContext context = 1;
+  string validation_yaml = 3;
+  bool update_validation_yaml = 4;
+  string assertions_yaml = 5;
+}
+
+message ValidateResponse {
+  repeated DeveloperError request_errors = 1;
+  repeated DeveloperError validation_errors = 2;
+  string updated_validation_yaml = 3;
+}
+
+message DeveloperError {
+  enum Source {
+    UNKNOWN_SOURCE = 0;
+    SCHEMA = 1;
+    RELATIONSHIP = 2;
+    VALIDATION_YAML = 3;
+    CHECK_WATCH = 4;
+    ASSERTION = 5;
+  }
+
+  enum ErrorKind {
+    UNKNOWN_KIND = 0;
+    PARSE_ERROR = 1;
+    SCHEMA_ISSUE = 2;
+    DUPLICATE_RELATIONSHIP = 3;
+    MISSING_EXPECTED_RELATIONSHIP = 4;
+    EXTRA_RELATIONSHIP_FOUND = 5;
+    UNKNOWN_OBJECT_TYPE = 6;
+    UNKNOWN_RELATION = 7;
+    MAXIMUM_RECURSION = 8;
+    ASSERTION_FAILED = 9;
+  }
+
+  string message = 1;
+  uint32 line = 2;
+  uint32 column = 3;
+  Source source = 4;
+  ErrorKind kind = 5;
+  
+  repeated string path = 6;
+
+  // context holds the context for the error. For schema issues, this will be the
+  // name of the object type. For relationship issues, the full relationship string.
+  string context = 7;
+}