Skip to content

Add confidential-workflows capability proto#298

Merged
nadahalli merged 4 commits intomainfrom
tejaswi/confidential-workflows-proto
Feb 25, 2026
Merged

Add confidential-workflows capability proto#298
nadahalli merged 4 commits intomainfrom
tejaswi/confidential-workflows-proto

Conversation

@nadahalli
Copy link
Contributor

@nadahalli nadahalli commented Feb 24, 2026
edited
Loading

Confidential CRE Workflows (implementation plan)

Summary

  • New capability proto for confidential CRE workflows at cre/capabilities/compute/confidentialworkflow/v1alpha/client.proto
  • Follows the confidential-http pattern: ConfidentialWorkflowRequest wraps a SecretIdentifier list + WorkflowExecution (public data for the enclave)
  • WorkflowExecution carries workflow ID, binary URL/hash, and a serialized sdk.ExecuteRequest (trigger or subscribe)
  • Service defines a single Execute RPC, capability ID confidential-workflows@1.0.0-alpha, MODE_DON
  • Regenerated bootstrap embeddings via go generate

@nadahalli
Add confidential-workflows capability proto
d15e712 
New capability proto at cre/capabilities/compute/confidentialworkflow/v1alpha/client.proto
following the confidential-http pattern: ConfidentialWorkflowRequest wraps
SecretIdentifier list + WorkflowExecution (public data for the enclave).
@nadahalli nadahalli requested review from a team as code owners February 24, 2026 22:56
@changeset-bot
Copy link

changeset-bot bot commented Feb 24, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: 3cd9870

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions
Copy link

github-actions bot commented Feb 24, 2026

👋 nadahalli, thanks for creating this pull request!

To help reviewers, please consider creating future PRs as drafts first. This allows you to self-review and make any final changes before notifying the team.

Once you're ready, you can mark it as "Ready for review" to request feedback. Thanks!

@github-actions
Copy link

github-actions bot commented Feb 24, 2026
edited
Loading

The latest Buf updates on your PR. Results from workflow Regenerate Protobuf Files / buf (pull_request).

BuildFormatLintBreakingUpdated (UTC)
✅ passed✅ passed✅ passed⏩ skippedFeb 25, 2026, 7:58 PM

@nadahalli nadahalli enabled auto-merge (squash) February 24, 2026 22:57
prashantkumar1982
prashantkumar1982 reviewed Feb 24, 2026
View reviewed changes
cre/capabilities/compute/confidentialworkflow/v1alpha/client.proto Outdated
message SecretIdentifier {
string key = 1;
string namespace = 2;
optional string owner = 3;
Copy link
Contributor

@prashantkumar1982 prashantkumar1982 Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we just get rid of it?

Copy link
Contributor Author

@nadahalli nadahalli Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we sure that the owner thing is resolved? I am happy to remove it.

Copy link
Contributor Author

@nadahalli nadahalli Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

cre/capabilities/compute/confidentialworkflow/v1alpha/client.proto Outdated

message SecretIdentifier {
string key = 1;
string namespace = 2;
Copy link
Contributor

@prashantkumar1982 prashantkumar1982 Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this perhaps can be optional. set to "main" if missing.

Copy link
Contributor Author

@nadahalli nadahalli Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call. Made it optional, defaults to "main" server-side when unset. See 2fedc0c.

This was referenced Feb 25, 2026
Open
Draft
@nadahalli
Copy link
Contributor Author

nadahalli commented Feb 25, 2026

Implementation plan: Confidential CRE Workflows (full PR chain and cross-repo dependencies)

@nadahalli nadahalli merged commit 1450f74 into main Feb 25, 2026
20 checks passed
@nadahalli nadahalli deleted the tejaswi/confidential-workflows-proto branch February 25, 2026 20:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prashantkumar1982 prashantkumar1982 prashantkumar1982 approved these changes

@ChrisAmora ChrisAmora Awaiting requested review from ChrisAmora

@Unheilbar Unheilbar Awaiting requested review from Unheilbar

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nadahalli @prashantkumar1982