dfinity · keplervital · Jan 21, 2025 · Feb 6, 2025 · Feb 21, 2025 · Feb 27, 2025
@@ -2715,14 +2715,6 @@ type MeResult = variant {
   Err : Error;
 };
 
-// The admin that is created in the station during the init process.
-type AdminInitInput = record {
-  // The name of the user.
-  name : text;
-  // The identity of the admin.
-  identity : principal;
-};
-
 // An input type for configuring the upgrader canister.
 type SystemUpgraderInput = variant {
   // An existing upgrader canister.
@@ -2752,10 +2744,32 @@ type InitAccountInput = record {
   metadata : vec AccountMetadata;
 };
 
+// The permissions for the account.
+type InitAccountPermissionsInput = record {
+  // Who can read the account information.
+  read_permission : Allow;
+  // Who can request updates to the account.
+  configs_permission : Allow;
+  // Who can request transfers from the account.
+  transfer_permission : Allow;
+  // The approval policy for updates to the account.
+  configs_request_policy : opt RequestPolicyRule;
+  // The approval policy for transfers from the account.
+  transfer_request_policy : opt RequestPolicyRule;
+};
+
+// The initial account to create when initializing the canister for the first time.
+type InitAccountWithPermissionsInput = record {
+  // The initial account to create.
+  account_init : InitAccountInput;
+  // The permissions for the account.
+  permissions : InitAccountPermissionsInput;
+};
+
 // The initial assets to create when initializing the canister for the first time, e.g., after disaster recovery.
 type InitAssetInput = record {
   // The UUID of the asset, if not provided a new UUID will be generated.
-  id : UUID;
+  id : opt UUID;
   // The name of the asset.
   name : text;
   // The blockchain identifier (e.g., `ethereum`, `bitcoin`, `icp`, etc.)
@@ -2770,24 +2784,136 @@ type InitAssetInput = record {
   metadata : vec AssetMetadata;
 };
 
-// The init configuration for the canister.
+// The input type for creating a user group when initializing the canister for the first time.
+type InitUserGroupInput = record {
+  // The id of the user group.
+  id : opt UUID;
+  // The name of the user group, must be unique.
+  name : text;
+};
+
+// The input type for adding identities to a user.
+type UserIdentityInput = record {
+  // The identity of the user.
+  identity : principal;
+};
+
+// The users to create when initializing the canister for the first time.
+type InitUserInput = record {
+  // The id of the user, if not provided a new UUID will be generated.
+  id : opt UUID;
+  // The name of the user.
+  name : text;
+  // The identities of the user.
+  identities : vec UserIdentityInput;
+  // The user groups to associate with the user (optional).
+  // If not provided it defaults to the `admin` group if default user groups are created,
+  // i.e., when the field `entries` in `SystemInit` is `null` or has the form of `WithDefaultPolicies`.
+  groups : opt vec UUID;
+  // The status of the user (e.g. `Active`).
+  //
+  // If not provided the default status is `Active` when there is at least
+  // one identity or `Inactive` otherwise.
+  status : opt UserStatus;
+};
+
+// The init type for initializing the permissions when first creating the canister.
+type InitPermissionInput = record {
+  // The resource that the permission is for.
+  resource : Resource;
+  // The allow rules for who can access the resource.
+  allow : Allow;
+};
+
+// The init type for adding a request approval policy when initializing the canister for the first time.
+type InitRequestPolicyInput = record {
+  // The id of the request policy, if not provided a new UUID will be generated.
+  id : opt UUID;
+  // The request specifier that identifies for what operation this policy is for (e.g. "transfer").
+  specifier : RequestSpecifier;
+  // The rule to use for the request approval evaluation (e.g. "quorum").
+  rule : RequestPolicyRule;
+};
+
+// The init type for adding a named rule when initializing the canister for the first time.
+type InitNamedRuleInput = record {
+  // The id of the named rule.
+  id : opt UUID;  
+  // The name of the named rule.
+  name : text;
+  // The description of the named rule.
+  description : opt text;
+  // The rule to use for the named rule.
+  rule : RequestPolicyRule;
+};
+
+// The initial configuration for the station. 
+//
+// Unless the `Complete` variant is used, the station will be initialized with default user 
+// groups, named rules (aka. approval rules), request policies, permissions, and assets.
 //
-// Only used when installing the canister for the first time.
+// The default user groups for the station will be:
+//  - `Admin` with the UUID "00000000-0000-4000-8000-000000000000"
+//  - `Operator` with the UUID "00000000-0000-4000-8000-000000000001"
+//
+// The default named rules for the station will be:
+//  - `Admin approval` with a specified admin quorum
+//  - `Operator approval` with a specified operator quorum
+//
+type InitialConfig = variant {
+  // Initialize the station with default user groups, named rules, policies, permissions, and assets.
+  // This does not create an initial account. 
+  WithAllDefaults : record {
+    // The initial users to create.
+    users : vec InitUserInput;
+    // The initial admin quorum in the admin level approval rule.
+    admin_quorum : nat16;
+    // The initial operator quorum in the operator level approval rule.
+    operator_quorum : nat16;
+  };
+  // Initialize the station with default user groups, named rules, policies, permissions.
+  WithDefaultPolicies : record {
+    // The initial users to create.
+    users : vec InitUserInput;
+    // The initial accounts to create.
+    accounts : vec InitAccountInput;
+    // The initial assets to create.
+    assets : vec InitAssetInput;
+    // The initial admin quorum in the admin level approval rule.
+    admin_quorum : nat16;
+    // The initial operator quorum in the operator level approval rule.
+    operator_quorum : nat16;
+  };
+  // Initialize the station with all custom entries.
+  Complete : record {
+    // The initial users to create.
+    users : vec InitUserInput;
+    // The initial user groups to create.
+    user_groups : vec InitUserGroupInput;
+    // The initial permissions to create.
+    permissions : vec InitPermissionInput;
+    // The initial request policies to create.
+    request_policies : vec InitRequestPolicyInput;
+    // The initial named rules to create.
+    named_rules : vec InitNamedRuleInput;
+    // The initial accounts to create.
+    accounts : vec InitAccountWithPermissionsInput;
+    // The initial assets to create.
+    assets : vec InitAssetInput;
+    // The initial disaster recovery committee to create.
+    disaster_recovery_committee : opt DisasterRecoveryCommittee;
+  };
+};
+
 type SystemInit = record {
   // The name of the station.
   name : text;
-  // The list of admin principals to be associated with the station.
-  admins : vec AdminInitInput;
-  // Quorum of admins for initial policies.
-  quorum : opt nat16;
   // The upgrader configuration.
   upgrader : SystemUpgraderInput;
-  // An optional additional controller of the station and upgrader canisters.
+  // An additional controller of the station and upgrader canisters (optional).
   fallback_controller : opt principal;
-  // Optional initial accounts to create.
-  accounts : opt vec InitAccountInput;
-  // Optional initial assets to create.
-  assets : opt vec InitAssetInput;
+  // The initial configuration to apply.
+  initial_config: InitialConfig;
 };
 
 // The upgrade configuration for the canister.

@@ -128,7 +128,6 @@ export interface AddressBookEntryCallerPrivileges {
   'can_edit' : boolean,
 }
 export interface AddressBookMetadata { 'key' : string, 'value' : string }
-export interface AdminInitInput { 'name' : string, 'identity' : Principal }
 export interface Allow {
   'user_groups' : Array<UUID>,
   'auth_scope' : AuthScope,
@@ -731,15 +730,74 @@ export interface InitAccountInput {
   'assets' : Array<UUID>,
   'seed' : AccountSeed,
 }
+export interface InitAccountPermissionsInput {
+  'configs_request_policy' : [] | [RequestPolicyRule],
+  'read_permission' : Allow,
+  'configs_permission' : Allow,
+  'transfer_request_policy' : [] | [RequestPolicyRule],
+  'transfer_permission' : Allow,
+}
+export interface InitAccountWithPermissionsInput {
+  'permissions' : InitAccountPermissionsInput,
+  'account_init' : InitAccountInput,
+}
 export interface InitAssetInput {
-  'id' : UUID,
+  'id' : [] | [UUID],
   'decimals' : number,
   'standards' : Array<string>,
   'metadata' : Array<AssetMetadata>,
   'name' : string,
   'blockchain' : string,
   'symbol' : string,
 }
+export interface InitNamedRuleInput {
+  'id' : [] | [UUID],
+  'name' : string,
+  'rule' : RequestPolicyRule,
+  'description' : [] | [string],
+}
+export interface InitPermissionInput { 'resource' : Resource, 'allow' : Allow }
+export interface InitRequestPolicyInput {
+  'id' : [] | [UUID],
+  'rule' : RequestPolicyRule,
+  'specifier' : RequestSpecifier,
+}
+export interface InitUserGroupInput { 'id' : [] | [UUID], 'name' : string }
+export interface InitUserInput {
+  'id' : [] | [UUID],
+  'status' : [] | [UserStatus],
+  'groups' : [] | [Array<UUID>],
+  'name' : string,
+  'identities' : Array<UserIdentityInput>,
+}
+export type InitialConfig = {
+    'WithDefaultPolicies' : {
+      'assets' : Array<InitAssetInput>,
+      'admin_quorum' : number,
+      'accounts' : Array<InitAccountInput>,
+      'users' : Array<InitUserInput>,
+      'operator_quorum' : number,
+    }
+  } |
+  {
+    'WithAllDefaults' : {
+      'admin_quorum' : number,
+      'users' : Array<InitUserInput>,
+      'operator_quorum' : number,
+    }
+  } |
+  {
+    'Complete' : {
+      'permissions' : Array<InitPermissionInput>,
+      'assets' : Array<InitAssetInput>,
+      'request_policies' : Array<InitRequestPolicyInput>,
+      'user_groups' : Array<InitUserGroupInput>,
+      'accounts' : Array<InitAccountWithPermissionsInput>,
+      'disaster_recovery_committee' : [] | [DisasterRecoveryCommittee],
+      'users' : Array<InitUserInput>,
+      'named_rules' : Array<InitNamedRuleInput>,
+    }
+  };
 export interface ListAccountTransfersInput {
   'account_id' : UUID,
   'status' : [] | [TransferStatusType],
@@ -1385,12 +1443,9 @@ export type SystemInfoResult = { 'Ok' : { 'system' : SystemInfo } } |
   { 'Err' : Error };
 export interface SystemInit {
   'name' : string,
-  'assets' : [] | [Array<InitAssetInput>],
+  'initial_config' : InitialConfig,
   'fallback_controller' : [] | [Principal],
   'upgrader' : SystemUpgraderInput,
-  'accounts' : [] | [Array<InitAccountInput>],
-  'admins' : Array<AdminInitInput>,
-  'quorum' : [] | [number],
 }
 export type SystemInstall = { 'Upgrade' : SystemUpgrade } |
   { 'Init' : SystemInit };
@@ -1488,6 +1543,7 @@ export interface UserGroupCallerPrivileges {
   'can_delete' : boolean,
   'can_edit' : boolean,
 }
+export interface UserIdentityInput { 'identity' : Principal }
 export type UserPrivilege = { 'AddUserGroup' : null } |
   { 'ListRequestPolicies' : null } |
   { 'ListNamedRules' : null } |