NVIDIA · yhwen · Mar 19, 2024 · Feb 21, 2024 · Feb 21, 2024 · Feb 21, 2024
diff --git a/nvflare/apis/event_type.py b/nvflare/apis/event_type.py
@@ -72,7 +72,10 @@ class EventType(object):
     BEFORE_CLIENT_REGISTER = "_before_client_register"
     AFTER_CLIENT_REGISTER = "_after_client_register"
     CLIENT_REGISTERED = "_client_registered"
+    CLIENT_QUIT = "_client_quit"
     SYSTEM_BOOTSTRAP = "_system_bootstrap"
+    BEFORE_CLIENT_HEARTBEAT = "_before_client_heartbeat"
+    AFTER_CLIENT_HEARTBEAT = "_after_client_heartbeat"
 
     AUTHORIZE_COMMAND_CHECK = "_authorize_command_check"
     BEFORE_BUILD_COMPONENT = "_before_build_component"
diff --git a/nvflare/apis/fl_constant.py b/nvflare/apis/fl_constant.py
@@ -150,6 +150,7 @@ class FLContextKey(object):
     COMMUNICATION_ERROR = "Flare_communication_error__"
     UNAUTHENTICATED = "Flare_unauthenticated__"
     CLIENT_RESOURCE_SPECS = "__client_resource_specs"
+    CLIENT_RESOURCE_RESULT = "__client_resource_result"
     JOB_PARTICIPANTS = "__job_participants"
     JOB_BLOCK_REASON = "__job_block_reason"  # why the job should be blocked from scheduling
     SSID = "__ssid__"

diff --git a/nvflare/apis/server_engine_spec.py b/nvflare/apis/server_engine_spec.py
@@ -154,12 +154,13 @@ def restore_components(self, snapshot: RunSnapshot, fl_ctx: FLContext):
         pass
 
     @abstractmethod
-    def start_client_job(self, job_id, client_sites):
+    def start_client_job(self, job_id, client_sites, fl_ctx: FLContext):
         """To send the start client run commands to the clients
 
         Args:
             client_sites: client sites
             job_id: job_id
+            fl_ctx: FLContext
 
         Returns:
 
@@ -187,14 +188,15 @@ def check_client_resources(
 
     @abstractmethod
     def cancel_client_resources(
-        self, resource_check_results: Dict[str, Tuple[bool, str]], resource_reqs: Dict[str, dict]
+        self, resource_check_results: Dict[str, Tuple[bool, str]], resource_reqs: Dict[str, dict], fl_ctx: FLContext
     ):
         """Cancels the request resources for the job.
 
         Args:
             resource_check_results: A dict of {client_name: client_check_result}
                 where client_check_result is a tuple of (is_resource_enough, resource reserve token if any)
             resource_reqs: A dict of {client_name: resource requirements dict}
+            fl_ctx: FLContext
         """
         pass
 

diff --git a/nvflare/app_common/job_schedulers/job_scheduler.py b/nvflare/app_common/job_schedulers/job_scheduler.py
@@ -93,7 +93,7 @@ def _cancel_resources(
         if not isinstance(engine, ServerEngineSpec):
             raise RuntimeError(f"engine inside fl_ctx should be of type ServerEngineSpec, but got {type(engine)}.")
 
-        engine.cancel_client_resources(resource_check_results, resource_reqs)
+        engine.cancel_client_resources(resource_check_results, resource_reqs, fl_ctx)
         self.log_debug(fl_ctx, f"cancel client resources using check results: {resource_check_results}")
         return False, None
 
@@ -164,7 +164,11 @@ def _try_job(self, job: Job, fl_ctx: FLContext) -> (int, Optional[Dict[str, Disp
             self.log_info(fl_ctx, f"Job {job.job_id} can't be scheduled: {block_reason}")
             return SCHEDULE_RESULT_NO_RESOURCE, None, block_reason
 
+        PEER_CTX_CC_TOKEN = "_peer_ctx_cc_token"
+        cc_peer_ctx = fl_ctx.get_prop(key=PEER_CTX_CC_TOKEN)
+        self.logger.info(f"++++++++++ {cc_peer_ctx}")
         resource_check_results = self._check_client_resources(job=job, resource_reqs=resource_reqs, fl_ctx=fl_ctx)
+        fl_ctx.set_prop(FLContextKey.CLIENT_RESOURCE_RESULT, resource_check_results, private=True, sticky=False)
         self.fire_event(EventType.AFTER_CHECK_CLIENT_RESOURCES, fl_ctx)
 
         if not resource_check_results:

diff --git a/nvflare/app_opt/confidential_computing/cc_authorizer.py b/nvflare/app_opt/confidential_computing/cc_authorizer.py
@@ -0,0 +1,59 @@
+# Copyright (c) 2024, NVIDIA CORPORATION.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# import os.path
+
+
+class CCAuthorizer:
+    def can_generate(self) -> bool:
+        """This indicates if the authorizer can generate a CC token or not.
+
+        Returns: bool
+
+        """
+        pass
+
+    def can_verify(self) -> bool:
+        """This indicates if the authorizer can verify a CC token or not.
+
+        Returns: bool
+
+        """
+        pass
+
+    def get_namespace(self) -> str:
+        """This returns the namespace of the CCAuthorizer.
+
+        Returns: namespace string
+
+        """
+        pass
+
+    def generate(self) -> str:
+        """To generate and return the active CCAuthorizer token.
+
+        Returns: token string
+
+        """
+        pass
+
+    def verify(self, token: str) -> bool:
+        """To return the token verification result.
+
+        Args:
+            token: bool
+
+        Returns:
+
+        """
+        pass