;;; Status codes returned from hostcalls.
(typename $fastly_status
    (enum (@witx tag u32)
        ;;; Success value.
        ;;;
        ;;; This indicates that a hostcall finished successfully.
        $ok
        ;;; Generic error value.
        ;;;
        ;;; This means that some unexpected error occurred during a hostcall.
        $error
        ;;; Invalid argument.
        $inval
        ;;; Invalid handle.
        ;;;
        ;;; Returned when a request, response, or body handle is not valid.
        $badf
        ;;; Buffer length error.
        ;;;
        ;;; Returned when a buffer is too long.
        $buflen
        ;;; Unsupported operation error.
        ;;;
        ;;; This error is returned when some operation cannot be performed, because it is not supported.
        $unsupported
        ;;; Alignment error.
        ;;;
        ;;; This is returned when a pointer does not point to a properly aligned slice of memory.
        $badalign
        ;;; Invalid HTTP error.
        ;;;
        ;;; This can be returned when a method, URI, header, or status is not valid. This can also
        ;;; be returned if a message head is too large.
        $httpinvalid
        ;;; HTTP user error.
        ;;;
        ;;; This is returned in cases where user code caused an HTTP error. For example, attempt to send
        ;;; a 1xx response code, or a request with a non-absolute URI. This can also be caused by
        ;;; an unexpected header: both `content-length` and `transfer-encoding`, for example.
        $httpuser
        ;;; HTTP incomplete message error.
        ;;;
        ;;; This can be returned when a stream ended unexpectedly.
        $httpincomplete
        ;;; A `None` error.
        ;;;
        ;;; This status code is used to indicate when an optional value did not exist, as opposed to
        ;;; an empty value.
        $none
        ;;; Message head too large.
        $httpheadtoolarge
        ;;; Invalid HTTP status.
        $httpinvalidstatus
        ;;; Limit exceeded
        ;;;
        ;;; This is returned when an attempt to allocate a resource has exceeded the maximum number of
        ;;; resources permitted. For example, creating too many response handles.
        $limitexceeded
        ;;; Resource temporarily unavailable
        ;;;
        ;;; This is returned when an attempting to retrieve a resource that is not yet available.
        ;;; For example when attempting to read trailers from a Body that has not yet been consumed.
        $again))

;;; A tag indicating HTTP protocol versions.
(typename $http_version
    (enum (@witx tag u32)
        $http_09
        $http_10
        $http_11
        $h2
        $h3))

;;; HTTP status codes.
(typename $http_status u16)

(typename $body_write_end
    (enum (@witx tag u32)
        $back
        $front))

;;; A handle to an HTTP request or response body.
(typename $body_handle (handle))
;;; A handle to an HTTP request.
(typename $request_handle (handle))
;;; A handle to an HTTP response.
(typename $response_handle (handle))
;;; A handle to a currently-pending asynchronous HTTP request.
(typename $pending_request_handle (handle))
;;; A handle to a logging endpoint.
(typename $endpoint_handle (handle))
;;; A handle to an Edge Dictionary.
(typename $dictionary_handle (handle))
;;; A handle to an Object Store.
(typename $object_store_handle (handle))
;;; A handle to a pending Object Store lookup.
(typename $pending_object_store_lookup_handle (handle))
;;; A handle to a pending Object Store insert.
(typename $pending_object_store_insert_handle (handle))
;;; A handle to a pending Object Store delete.
(typename $pending_object_store_delete_handle (handle))
;;; A handle to a Secret Store.
(typename $secret_store_handle (handle))
;;; A handle to an individual secret.
(typename $secret_handle (handle))
;;; A handle to an object supporting generic async operations.
;;; Can be either a `body_handle` or a `pending_request_handle`.
;;;
;;; Each async item has an associated I/O action:
;;;
;;; * Pending requests: awaiting the response headers / `Response` object
;;; * Normal bodies: reading bytes from the body
;;; * Streaming bodies: writing bytes to the body
;;;
;;; For writing bytes, note that there is a large host-side buffer that bytes can eagerly be written
;;; into, even before the origin itself consumes that data.
(typename $async_item_handle (handle))

;;; A "multi-value" cursor.
(typename $multi_value_cursor u32)
;;; -1 represents "finished", non-negative represents a $multi_value_cursor:
(typename $multi_value_cursor_result s64)

;;; An override for response caching behavior.
;;; A zero value indicates that the origin response's cache control headers should be used.
(typename $cache_override_tag
    (flags (@witx repr u32)
        ;;; Do not cache the response to this request, regardless of the origin response's headers.
        $pass
        $ttl
        $stale_while_revalidate
        $pci))
(typename $num_bytes (@witx usize))
(typename $header_count u32)
(typename $is_done u32)
(typename $done_idx u32)
(typename $is_valid u32)
(typename $inserted u32)
(typename $ready_idx u32)

(typename $port u16)
(typename $timeout_ms u32)
(typename $backend_exists u32)
(typename $is_dynamic u32)
(typename $is_ssl u32)
(typename $backend_health
    (enum (@witx tag u32)
        $unknown
        $healthy
        $unhealthy))

(typename $content_encodings
    (flags (@witx repr u32)
        $gzip))

(typename $framing_headers_mode
    (enum (@witx tag u32)
        $automatic
        $manually_from_headers))

(typename $http_keepalive_mode
    (enum (@witx tag u32)
        $automatic
        $no_keepalive))

(typename $tls_version
    (enum (@witx tag u32)
        $tls_1
        $tls_1_1
        $tls_1_2
        $tls_1_3))

(typename $backend_config_options
    (flags (@witx repr u32)
        $reserved
        $host_override
        $connect_timeout
        $first_byte_timeout
        $between_bytes_timeout
        $use_ssl
        $ssl_min_version
        $ssl_max_version
        $cert_hostname
        $ca_cert
        $ciphers
        $sni_hostname
        $dont_pool
        $client_cert
        $grpc
))

(typename $dynamic_backend_config
    (record
        (field $host_override (@witx pointer (@witx char8)))
        (field $host_override_len u32)
        (field $connect_timeout_ms u32)
        (field $first_byte_timeout_ms u32)
        (field $between_bytes_timeout_ms u32)
        (field $ssl_min_version $tls_version)
        (field $ssl_max_version $tls_version)
        (field $cert_hostname (@witx pointer (@witx char8)))
        (field $cert_hostname_len u32)
        (field $ca_cert (@witx pointer (@witx char8)))
        (field $ca_cert_len u32)
        (field $ciphers (@witx pointer (@witx char8)))
        (field $ciphers_len u32)
        (field $sni_hostname (@witx pointer (@witx char8)))
        (field $sni_hostname_len u32)
        (field $client_certificate (@witx pointer (@witx char8)))
        (field $client_certificate_len u32)
        (field $client_key $secret_handle)
))

;;; TLS client certificate verified result from downstream.
(typename $client_cert_verify_result
    (enum (@witx tag u32)
        ;;; Success value.
        ;;;
        ;;; This indicates that client certificate verified successfully.
        $ok
        ;;; bad certificate error.
        ;;;
        ;;; This error means the certificate is corrupt
        ;;; (e.g., the certificate signatures do not verify correctly).
        $bad_certificate
        ;;; certificate revoked error.
        ;;;
        ;;; This error means the client certificate is revoked by its signer.
        $certificate_revoked
        ;;; certificate expired error.
        ;;;
        ;;; This error means the client certificate has expired or is not currently valid.
        $certificate_expired
        ;;; unknown CA error.
        ;;;
        ;;; This error means the valid certificate chain or partial chain was received,
        ;;; but the certificate was not accepted because the CA certificate could not be
        ;;; located or could not be matched with a known trust anchor.
        $unknown_ca
        ;;; certificate missing error.
        ;;;
        ;;; This error means the client does not provide a certificate
        ;;; during the handshake..
        $certificate_missing
        ;;; certificate unknown error.
        ;;;
        ;;; This error means the client certificate was received, but some other (unspecified)
        ;;; issue arose in processing the certificate, rendering it unacceptable.
        $certificate_unknown))

(typename $purge_options_mask
    (flags (@witx repr u32)
        $soft_purge
        $ret_buf ;; all ret_buf fields must be populated
    )
)

(typename $purge_options
    (record
        ;; JSON purge response as in https://developer.fastly.com/reference/api/purging/#purge-tag
        (field $ret_buf_ptr (@witx pointer u8))
        (field $ret_buf_len (@witx usize))
        (field $ret_buf_nwritten_out (@witx pointer (@witx usize)))
    )
)

(typename $send_error_detail_tag
    (enum (@witx tag u32)
        ;;; The $send_error_detail struct has not been populated.
        $uninitialized
        ;;; There was no send error.
        $ok
        ;;; The system encountered a timeout when trying to find an IP address for the backend
        ;;; hostname.
        $dns_timeout
        ;;; The system encountered a DNS error when trying to find an IP address for the backend
        ;;; hostname. The fields $dns_error_rcode and $dns_error_info_code may be set in the
        ;;; $send_error_detail.
        $dns_error
        ;;; The system cannot determine which backend to use, or the specified backend was invalid.
        $destination_not_found
        ;;; The system considers the backend to be unavailable; e.g., recent attempts to communicate
        ;;; with it may have failed, or a health check may indicate that it is down.
        $destination_unavailable
        ;;; The system cannot find a route to the next-hop IP address.
        $destination_ip_unroutable
        ;;; The system's connection to the backend was refused.
        $connection_refused
        ;;; The system's connection to the backend was closed before a complete response was
        ;;; received.
        $connection_terminated
        ;;; The system's attempt to open a connection to the backend timed out.
        $connection_timeout
        ;;; The system is configured to limit the number of connections it has to the backend, and
        ;;; that limit has been exceeded.
        $connection_limit_reached
        ;;; The system encountered an error when verifying the certificate presented by the backend.
        $tls_certificate_error
        ;;; The system encountered an error with the backend TLS configuration.
        $tls_configuration_error
        ;;; The system received an incomplete response to the request from the backend.
        $http_incomplete_response
        ;;; The system received a response to the request whose header section was considered too
        ;;; large.
        $http_response_header_section_too_large
        ;;; The system received a response to the request whose body was considered too large.
        $http_response_body_too_large
        ;;; The system reached a configured time limit waiting for the complete response.
        $http_response_timeout
        ;;; The system received a response to the request whose status code or reason phrase was
        ;;; invalid.
        $http_response_status_invalid
        ;;; The process of negotiating an upgrade of the HTTP version between the system and the
        ;;; backend failed.
        $http_upgrade_failed
        ;;; The system encountered an HTTP protocol error when communicating with the backend. This
        ;;; error will only be used when a more specific one is not defined.
        $http_protocol_error
        ;;; An invalid cache key was provided for the request.
        $http_request_cache_key_invalid
        ;;; An invalid URI was provided for the request.
        $http_request_uri_invalid
        ;;; The system encountered an unexpected internal error.
        $internal_error
        ;;; The system received a TLS alert from the backend. The field $tls_alert_id may be set in
        ;;; the $send_error_detail.
        $tls_alert_received
        ;;; The system encountered a TLS error when communicating with the backend, either during
        ;;; the handshake or afterwards.
        $tls_protocol_error
))

;;; Mask representing which fields are understood by the guest, and which have been set by the host.
;;;
;;; When the guest calls hostcalls with a mask, it should set every bit in the mask that corresponds
;;; to a defined flag. This signals the host to write only to fields with a set bit, allowing
;;; forward compatibility for existing guest programs even after new fields are added to the struct.
(typename $send_error_detail_mask
    (flags (@witx repr u32)
        $reserved
        $dns_error_rcode
        $dns_error_info_code
        $tls_alert_id
))

(typename $send_error_detail
    (record
        (field $tag $send_error_detail_tag)
        (field $mask $send_error_detail_mask)
        (field $dns_error_rcode u16)
        (field $dns_error_info_code u16)
        (field $tls_alert_id u8)
))

(typename $blocked u32)
(typename $rate u32)
(typename $count u32)
(typename $has u32)

(typename $body_length u64)