// UpdateFreeResources calculates, updates db and returns the free resources of the machine in the database
func (d DefaultManager) UpdateFreeResources(ctx context.Context) (types.FreeResources, error) {
	usage, err := d.usageMonitor.GetUsage(ctx)
	if err != nil {
		return types.FreeResources{}, fmt.Errorf("getting usage: %w", err)
	}

	onboardedResources, err := d.GetOnboardedResources(ctx)
	if err != nil {
		return types.FreeResources{}, fmt.Errorf("getting total resources: %w", err)
	}

	freeResources, err := onboardedResources.Subtract(usage)
	if err != nil {

// GetGPUVendors returns the GPU vendors for the system
func (l linuxSystemSpecs) GetGPUVendors() ([]types.GPUVendor, error) {
	var vendors []types.GPUVendor
	gpu, err := ghw.GPU()
	if err != nil {
		return nil, err
	}

	for _, card := range gpu.GraphicsCards {
		if card.DeviceInfo != nil {
			class := card.DeviceInfo.Class
			if class != nil {
				className := strings.ToLower(class.Name)
				if strings.Contains(className, "display controller") ||

// getIntelGPUInfo returns the GPU information for Intel GPUs
func (l linuxSystemSpecs) getIntelGPUInfo(metadata []gpuMetadata) ([]types.GPU, error) {
	// Determine the number of discrete Intel GPUs
	cmd := exec.Command("xpu-smi", "health", "-l")
	output, err := cmd.CombinedOutput()
	if err != nil {
		return nil, fmt.Errorf("xpu-smi not installed, initialized, or configured: %s", err)
	}

	outputStr := string(output)
	// fmt.Println("xpu-smi health -l output:\n", outputStr) // Print the output for debugging

	// Use regex to find all instances of Device ID
	deviceIDRegex := regexp.MustCompile(`(?i)\| Device ID\s+\|\s+(\d+)\s+\|`)

					vendor := card.DeviceInfo.Vendor
					if vendor != nil {
						switch {
						case strings.Contains(strings.ToLower(vendor.Name), "nvidia"):
							vendors = append(vendors, types.GPUVendorNvidia)
						case strings.Contains(strings.ToLower(vendor.Name), "amd"):
							vendors = append(vendors, types.GPUVendorAMDATI)
						case strings.Contains(strings.ToLower(vendor.Name), "intel"):
							vendors = append(vendors, types.GPUVendorIntel)
						default:
							vendors = append(vendors, types.GPUVendorUnknown)
						}
					}
				}

// GetProvisionedResources returns the total resources available on the system
func (l linuxSystemSpecs) GetProvisionedResources() (types.Resources, error) {
	cpuInfo, err := l.GetCPUInfo()
	if err != nil {
		return types.Resources{}, fmt.Errorf("failed to get CPU info: %s", err)
	}

	totalMemory, err := l.GetTotalMemory()
	if err != nil {
		return types.Resources{}, fmt.Errorf("failed to get total memory: %s", err)
	}

	gpus, err := l.GetGPUs()
	if err != nil {

// getAMDGPUInfo returns the GPU information for AMD GPUs
func (l linuxSystemSpecs) getAMDGPUInfo(metadata []gpuMetadata) ([]types.GPU, error) {
	cmd := exec.Command("rocm-smi", "--showid", "--showproductname", "--showmeminfo", "vram")

	output, err := cmd.CombinedOutput()
	if err != nil {
		return nil, fmt.Errorf("AMD ROCm not installed, initialized, or configured (reboot recommended for newly installed AMD GPU Drivers): %s", err)
	}

	outputStr := string(output)
	// fmt.Println("rocm-smi vram output:\n", outputStr) // Print the output for debugging

	gpuNameRegex := regexp.MustCompile(`GPU\[\d+\]\s+: Card Series:\s+([^\n]+)`)
	totalRegex := regexp.MustCompile(`GPU\[\d+\]\s+: VRAM Total Memory \(B\):\s+(\d+)`)

// getNVIDIAGPUInfo returns the GPU information for NVIDIA GPUs
func (l linuxSystemSpecs) getNVIDIAGPUInfo(metadata []gpuMetadata) ([]types.GPU, error) {
	// Initialize NVML
	ret := nvml.Init()
	if !errors.Is(ret, nvml.SUCCESS) {
		return nil, fmt.Errorf("NVIDIA Management Library not installed, initialized or configured (reboot recommended for newly installed NVIDIA GPU drivers): %s", nvml.ErrorString(ret))
	}

	defer func() {
		_ = nvml.Shutdown()
	}()

	// Get the number of GPU devices
	deviceCount, ret := nvml.DeviceGetCount()

// getIntelGPUInfo returns the GPU information for Intel GPUs
func (l linuxSystemSpecs) getIntelGPUInfo(metadata []gpuMetadata) ([]types.GPU, error) {
	// Determine the number of discrete Intel GPUs
	cmd := exec.Command("xpu-smi", "health", "-l")
	output, err := cmd.CombinedOutput()
	if err != nil {
		return nil, fmt.Errorf("xpu-smi not installed, initialized, or configured: %s", err)
	}

	outputStr := string(output)
	// fmt.Println("xpu-smi health -l output:\n", outputStr) // Print the output for debugging

	// Use regex to find all instances of Device ID
	deviceIDRegex := regexp.MustCompile(`(?i)\| Device ID\s+\|\s+(\d+)\s+\|`)

// NewConfig is a constructor for Config
func NewConfig(
	fs afero.Afero,
	workDir, dbPath string,
	onboardingRepo repositories.OnboardingParams,
	p2pRepo repositories.Libp2pInfo,
	avResourceRepo repositories.AvailableResources,
	uuidRepo repositories.MachineUUID,
	channels []string,
) *Config {
	return &Config{

// Onboard validates the onboarding params and onboards the machine to the network
// It returns a *types.OnboardingConfig and any error if encountered
func (o *Onboarding) Onboard(ctx context.Context, capacity types.CapacityForNunet) (*types.OnboardingConfig, *libp2p.Libp2p, error) {
	if err := o.validateOnboardingPrerequisites(capacity); err != nil {
		return nil, nil, err
	}

	hostname, err := os.Hostname()
	if err != nil {
		return nil, nil, fmt.Errorf("unable to get hostname: %v", err)
	}

	provisionedResources, err := o.ResourceManager.SystemSpecs().GetProvisionedResources()
	if err != nil {
		return nil, nil, fmt.Errorf("cannot get provisioned resources: %w", err)

// Onboard validates the onboarding params and onboards the machine to the network
// It returns a *types.OnboardingConfig and any error if encountered
func (o *Onboarding) Onboard(ctx context.Context, capacity types.CapacityForNunet) (*types.OnboardingConfig, *libp2p.Libp2p, error) {
	if err := o.validateOnboardingPrerequisites(capacity); err != nil {
		return nil, nil, err
	}

	hostname, err := os.Hostname()
	if err != nil {
		return nil, nil, fmt.Errorf("unable to get hostname: %v", err)
	}

	provisionedResources, err := o.ResourceManager.SystemSpecs().GetProvisionedResources()
	if err != nil {
		return nil, nil, fmt.Errorf("cannot get provisioned resources: %w", err)

// ResourceConfig allows changing onboarding parameters
func (o *Onboarding) ResourceConfig(ctx context.Context, capacity types.CapacityForNunet) (*types.OnboardingConfig, error) {
	onboarded, err := o.IsOnboarded(ctx)
	if err != nil {
		return nil, fmt.Errorf("could not check onboard status: %w", err)
	}
	if !onboarded {
		return nil, ErrMachineNotOnboarded
	}

	if err := o.validateCapacityForNunet(capacity); err != nil {
		return nil, fmt.Errorf("could not validate capacity data: %w", err)
	}

// Offboard deletes all onboarding information if already set
// It returns an error
func (o *Onboarding) Offboard(ctx context.Context, force bool) error {
	onboarded, err := o.IsOnboarded(ctx)
	if err != nil && !force {
		return fmt.Errorf("could not retrieve onboard status: %w", err)
	} else if err != nil && force {
		zlog.Sugar().Errorf("problem with onboarding state: %w", err)
		zlog.Info("continuing with offboarding because forced")
	}

	if !onboarded {
		return fmt.Errorf("machine is not onboarded")
	}

}

func (o *Onboarding) validateOnboardingPrerequisites(capacity types.CapacityForNunet) error {
	ok, err := o.Fs.DirExists(o.WorkDir)
	if err != nil {
		return fmt.Errorf("could not check if config directory exists: %w", err)
	}
	if !ok {
		return fmt.Errorf("config directory does not exist")
	}

	if err := utils.ValidateAddress(capacity.PaymentAddress); err != nil {
		return fmt.Errorf("could not validate payment address: %w", err)
	}

// QUESTION(dms-initialization): should the db instance be constructed here?
func Run() {
	ctx := context.Background()
	config.LoadConfig()

	db, err := db.ConnectDatabase(config.GetConfig().General.WorkDir)
	if err != nil {
		zlog.Sugar().Fatalf("unable to connect to database: %w", err)
	}

	repos := resources.ManagerRepos{
		FreeResources:      gdb.NewFreeResources(db),
		OnboardedResources: gdb.NewOnboardedResources(db),
		RequiredResources:  gdb.NewRequiredResources(db),

}

func (s *BasicSecurityContext) Verify(msg Envelope) error {
	if msg.Expired() {
		return ErrMessageExpired
	}

	pubk, err := crypto.PublicKeyFromID(msg.From.ID)
	if err != nil {
		return fmt.Errorf("public key from id: %w", err)
	}

	data, err := msg.SignatureData()
	if err != nil {
		return fmt.Errorf("signature data: %w", err)

// New creates a new basic actor.
func New(dispatch *Dispatch, scheduler *bt.Scheduler, net network.Network, security *BasicSecurityContext, params BasicActorParams, self Handle) (*BasicActor, error) {
	if dispatch == nil {
		return nil, errors.New("dispatch is nil")

// New creates a new basic actor.
func New(dispatch *Dispatch, scheduler *bt.Scheduler, net network.Network, security *BasicSecurityContext, params BasicActorParams, self Handle) (*BasicActor, error) {
	if dispatch == nil {
		return nil, errors.New("dispatch is nil")
	}

	if scheduler == nil {
		return nil, errors.New("scheduler is nil")
	}

	if net == nil {
		return nil, errors.New("network is nil")
	}

}

func (a *BasicActor) Start() error {
	// Network messages
	if err := a.network.HandleMessage(
		fmt.Sprintf("actor/%s/messages/0.0.1", a.self.Address.InboxAddress),
		a.handleMessage,
	); err != nil {
		return fmt.Errorf("starting actor: %s: %w", a.self.ID, err)
	}

	// Heartbeat
	err := a.dispatch.AddBehavior(heartbeatBehavior, a.handleHeartbeat)
	if err != nil {
		return fmt.Errorf("failed to add heartbeat behaviour: %w", err)

}

func (a *BasicActor) Send(msg Envelope) error {
	if msg.To.ID.Equal(a.self.ID) {
		return a.Receive(msg)
	}

	if msg.Signature == nil {
		if msg.Nonce == 0 {
			msg.Nonce = a.security.Nonce()
		}

		invoke := []Capability{Capability(msg.Behavior)}
		var delegate []Capability
		if msg.Options.ReplyTo != "" {

// Message constructs a new message envelope and applies the options
func Message(src Handle, dest Handle, behavior string, payload interface{}, opt ...MessageOption) (Envelope, error) {
	data, err := json.Marshal(payload)
	if err != nil {

// Run creates the executor based on the execution engine configuration.
func (a *Allocation) Run(ctx context.Context) error {
	freeResources, err := a.resourceManager.UpdateFreeResources(ctx)
	if err != nil {
		return fmt.Errorf("failed to get free resources: %w", err)
	}

	if !availableResources(a.Job.Resources, freeResources) {
		return fmt.Errorf("no available resources for job %s", a.Job.ID)
	}

	// if executor is nil create it
	if a.executor == nil {
		err = a.createExecutor(ctx, a.Job.Execution)

// matchParts checks if the path parts match the pattern parts
func matchParts(pathParts, patternParts []string) bool {
	// If the pattern is longer than the path, it can't match
	if len(pathParts) < len(patternParts) {
		return false
	}
	for i, part := range patternParts {
		switch part {
		case configPathMatchAnyMultiple:
			// if it is the last part of the pattern, it matches
			if i == len(patternParts)-1 {
				return true
			}
			// Otherwise, try to match the rest of the path

// matchParts checks if the path parts match the pattern parts
func matchParts(pathParts, patternParts []string) bool {
	// If the pattern is longer than the path, it can't match
	if len(pathParts) < len(patternParts) {
		return false
	}
	for i, part := range patternParts {
		switch part {
		case configPathMatchAnyMultiple:
			// if it is the last part of the pattern, it matches
			if i == len(patternParts)-1 {
				return true
			}
			// Otherwise, try to match the rest of the path

// transform is a recursive function that applies the transformers to the configuration.
func (t TransformerImpl) transform(root *map[string]interface{}, data any, path tree.Path, transformers map[tree.Path]TransformerFunc) (interface{}, error) {
	var err error
	// Apply transformers that match the current path.
	for pattern, transformer := range transformers {
		if path.Matches(pattern) {
			data, err = transformer(root, data, path)
			if err != nil {
				return nil, err
			}
		}
	}
	// Recursively apply transformers to children.
	if result, ok := data.(map[string]interface{}); ok {

// TransformNetwork transforms the network configuration
func TransformNetwork(_ *map[string]interface{}, data any, _ tree.Path) (any, error) {
	if data == nil {
		return nil, nil
	}
	config, ok := data.(map[string]any)
	if !ok {
		return nil, fmt.Errorf("invalid network configuration: %v", data)
	}
	ports, _ := transform.ToAnySlice(config["ports"])
	portMap := []map[string]any{}
	for _, port := range ports {
		protocol, host, container := "tcp", 0, 0
		switch v := port.(type) {

// New creates a new node, attaches an actor to the node.
func New(_ context.Context, id string, net network.Network, benchmark benchmarker, resourceManager resources.Manager) (*Node, error) {
	if id == "" {
		return nil, errors.New("id is nil")

// New creates a new node, attaches an actor to the node.
func New(_ context.Context, id string, net network.Network, benchmark benchmarker, resourceManager resources.Manager) (*Node, error) {
	if id == "" {
		return nil, errors.New("id is nil")
	}

	if net == nil {
		return nil, errors.New("network is nil")
	}

	if benchmark == nil {
		return nil, errors.New("benchmarker is nil")
	}

import "gitlab.com/nunet/device-management-service/types"

func StorageComparator(lraw interface{}, rraw interface{}, _ ...Preference) types.Comparison {
	// simplified version of (placeholder)
	// left represent machine capabilities;
	// right represent required capabilities;

	// validate input type
	_, lrawok := lraw.(types.Storage)
	_, rrawok := rraw.(types.Storage)
	if !lrawok || !rrawok {
		return types.Error
	}

	l := lraw.(types.Storage)

)

func GpuComparator(l, r interface{}, _ ...Preference) types.Comparison {
	// comparator for GPU type

	// we want to reason about the inner fields of the GPU type and how they compare between left and right
	// in the future we may want to pass custom preference parameters to the ComplexComparator
	// for now it is probably best to hardcode them;

	// validate input type
	_, lok := l.(types.GPU)
	_, rok := r.(types.GPU)
	if !lok || !rok {
		return types.Error
	}

)

func LocalitiesComparator(lraw interface{}, rraw interface{}, _ ...Preference) types.Comparison {
	// simplified version of Localities comparator
	// which is simply a slice of Locality type;
	// we do not have separate type defined for Localities
	// it takes preference variable where comparison Preference is defined
	// this is the first method that is used to take Preference variable into account
	// left represent machine capabilities;
	// right represent required capabilities;

	// validate input type
	_, lrawok := lraw.([]types.Locality)
	_, rrawok := rraw.([]types.Locality)
	if !lrawok || !rrawok {

)

func KYCsComparator(lraw interface{}, rraw interface{}, _ ...Preference) types.Comparison {
	// simplified version of (placeholder)
	// left represent machine capabilities;
	// right represent required capabilities;

	// validate input type
	_, lrawok := lraw.([]types.KYC)
	_, rrawok := rraw.([]types.KYC)
	if !lrawok || !rrawok {
		return types.Error
	}

	l := lraw.([]types.KYC)

)

func GPUsComparator(lraw, rraw interface{}, _ ...Preference) types.Comparison {
	// comparator for GPUs type which is just a slice of GPU types:
	// left represent machine capabilities;
	// right represent required capabilities;
	// we need to check if for ech GPU on the right there exist a matching GPU on the left...
	// (since given slices are not ordered...)

	// validate input type
	_, lrawok := lraw.([]types.GPU)
	_, rrawok := rraw.([]types.GPU)
	if !lrawok || !rrawok {
		return types.Error
	}

)

func TimeInformationComparator(lraw interface{}, rraw interface{}, _ ...Preference) types.Comparison {
	// simplified version of (placeholder)
	// left represent machine capabilities;
	// right represent required capabilities;

	// validate input type
	_, lrawok := lraw.(types.TimeInformation)
	_, rrawok := rraw.(types.TimeInformation)
	if !lrawok || !rrawok {
		return types.Error
	}

	l := lraw.(types.TimeInformation)

)

func LibraryComparator(lraw, rraw interface{}, _ ...Preference) types.Comparison {
	// comparator for single Library type:
	// left represent machine capabilities;
	// right represent required capabilities;

	// validate input type
	_, lrawok := lraw.(types.Library)
	_, rrawok := rraw.(types.Library)
	if !lrawok || !rrawok {
		return types.Error
	}

	l := lraw.(types.Library)

)

func LibrariesComparator(lraw, rraw interface{}, _ ...Preference) types.Comparison {
	// comparator for Libraries slices (of different lengths) of Library types:
	// left represent machine capabilities;
	// right represent required capabilities;

	// validate input type
	_, lrawok := lraw.([]types.Library)
	_, rrawok := rraw.([]types.Library)
	if !lrawok || !rrawok {
		return types.Error
	}

	l := lraw.([]types.Library)

)

func ExecutionResourcesComparator(l, r interface{}, _ ...Preference) types.Comparison {
	// comparator for types.ExecutionResources type
	// Current implementation of the type has four fields: CPU, Memory, Disk, GPUs
	// we consider that all fields have to be 'Better' or 'Equal'
	// for the comparison to be 'Better' or 'Equal'
	// else we return 'Worse'

	// validate input type
	_, lok := l.(types.ExecutionResources)
	_, rok := r.(types.ExecutionResources)
	if !lok || !rok {
		return types.Error
	}

)

func StoragesComparator(lraw interface{}, rraw interface{}, _ ...Preference) types.Comparison {
	// simplified version of (placeholder)
	// left represent machine capabilities;
	// right represent required capabilities;

	// validate input type
	_, lrawok := lraw.([]types.Storage)
	_, rrawok := rraw.([]types.Storage)
	if !lrawok || !rrawok {
		return types.Error
	}

	l := lraw.([]types.Storage)

)

func StoragesComparator(lraw interface{}, rraw interface{}, _ ...Preference) types.Comparison {
	// simplified version of (placeholder)
	// left represent machine capabilities;
	// right represent required capabilities;

	// validate input type
	_, lrawok := lraw.([]types.Storage)
	_, rrawok := rraw.([]types.Storage)
	if !lrawok || !rrawok {
		return types.Error
	}

	l := lraw.([]types.Storage)

			if l.CurrencyPerHour == r.CurrencyPerHour {
				return types.Equal
			} else if l.CurrencyPerHour < r.CurrencyPerHour {
				return types.Better
			} else {
				return types.Worse
			}
		} else if l.TotalPerJob < r.TotalPerJob {
			if l.CurrencyPerHour <= r.CurrencyPerHour {

			}
		} else if l.TotalPerJob < r.TotalPerJob {
			if l.CurrencyPerHour <= r.CurrencyPerHour {
				return types.Better
			} else {
				return types.Worse
			}
		} else {
			return types.Worse

)

func PriceInformationComparator(lraw interface{}, rraw interface{}, _ ...Preference) types.Comparison {
	// simplified version of (placeholder)
	// left represent machine capabilities;
	// right represent required capabilities;

	// validate input type
	_, lrawok := lraw.(types.PriceInformation)
	_, rrawok := rraw.(types.PriceInformation)
	if !lrawok || !rrawok {
		return types.Error
	}

	l := lraw.(types.PriceInformation)

}

func returnBestMatch(dimension []types.Comparison) (types.Comparison, int) {
	// while i feel that there could be some weird matrix sorting algorithm that could be used here
	// i can't think of any right now, so i will just iterate over the matrix and return matches
	// in somewhat manual way

	for i, v := range dimension {
		if v == types.Equal {
			return v, i // selecting an equal match is the most efficient match
		}
	}
	for i, v := range dimension {
		if v == types.Better {
			return v, i // selecting a better is also not bad

// newActor returns a new actor based on the given arguments.
func newActor(
	parentActorAddress *ActorAddrInfo,
	hostID string,
	net network.Network,
	factory *ActorFactory,
	params *ActorParams,
) (*BasicActor, error) {
	if hostID == "" {

// Start registers the message handlers and starts an actor.
func (a *BasicActor) Start() error {
	err := a.network.HandleMessage(fmt.Sprintf("actor/%s/messages/0.0.1", a.address), func(data []byte) {
		var msg Message
		err := json.Unmarshal(data, &msg)
		if err != nil {
			log.Warn("error while handling message", err)
			return
		}
		a.messages <- msg
	})
	if err != nil {
		return fmt.Errorf("failed to start actor %s: %w", a.address, err)
	}

// SendMessage sends a message to another actor.
func (a *BasicActor) SendMessage(ctx context.Context, destination *ActorAddrInfo, m *Message) error {
	if !destination.Valid() {
		return errors.New("destination actor addr info is invalid")
	}

	if m == nil {
		return errors.New("message is invalid")
	}

	// get the multiaddress of a host by resolving the hostid
	addresses, err := a.network.ResolveAddress(ctx, destination.HostID)
	if err != nil {
		return fmt.Errorf("failed to send message to actor %s: %v", destination.HostID, err)

}

func (a *BasicActor) SendHeartbeat(ctx context.Context, destination *ActorAddrInfo, m *Message) error {
	if !destination.Valid() {
		return errors.New("destination actor addr info is invalid")
	}

	if m == nil {
		return errors.New("message is invalid")
	}

	// get the multiaddress of a host by resolving the hostid
	addresses, err := a.network.ResolveAddress(ctx, destination.HostID)
	if err != nil {
		return fmt.Errorf("failed to send message to actor %s: %v", destination.HostID, err)

// MakeRequest performs an HTTP request with the given method, path, and body
// It returns the response body, status code, and an error if any
func (c *HTTPClient) MakeRequest(method, relativePath string, body []byte) ([]byte, int, error) {
	url, err := url.Parse(c.BaseURL)
	if err != nil {
		return nil, 0, fmt.Errorf("failed to parse base URL: %v", err)
	}

	url.Path = path.Join(c.APIVersion, relativePath)

	req, err := http.NewRequest(method, url.String(), bytes.NewBuffer(body))
	if err != nil {
		return nil, 0, fmt.Errorf("failed to create request: %v", err)
	}

// Package docs Code generated by swaggo/swag. DO NOT EDIT
package docs

import "github.com/swaggo/swag"

const docTemplate = `{
    "schemes": {{ marshal .Schemes }},
    "swagger": "2.0",
    "info": {
        "description": "{{escape .Description}}",
        "title": "{{.Title}}",
        "termsOfService": "https://nunet.io/tos",
        "contact": {

// Add adds the resources of the given Capability to the current Capability
func (c *Capability) Add(cap Capability) error {
	// Executors
	for _, executor := range cap.Executors {
		if !c.Executors.Contains(executor) {
			c.Executors = append(c.Executors, executor)
		}
	}

	// JobTypes
	for _, jobType := range cap.JobTypes {
		if !c.JobTypes.Contains(jobType) {
			c.JobTypes = append(c.JobTypes, jobType)
		}

// Subtract subtracts the resources of the given Capability from the current Capability
func (c *Capability) Subtract(cap Capability) error {
	// Executors
	// No Subtract operation for Executors

	// JobTypes
	// No Subtract operation for JobTypes

	// Resources
	if c.Resources.CPU.Cores < cap.Resources.CPU.Cores || c.Resources.CPU.ClockSpeedHz < cap.Resources.CPU.ClockSpeedHz {
		return errors.New("cpu resources are not enough")
	}

	if c.Resources.Memory.Size < cap.Resources.Memory.Size {

// Add adds the resources of the given Capability to the current Capability
func (c *Capability) Add(cap Capability) error {
	// Executors
	for _, executor := range cap.Executors {
		if !c.Executors.Contains(executor) {
			c.Executors = append(c.Executors, executor)
		}
	}

	// JobTypes
	for _, jobType := range cap.JobTypes {
		if !c.JobTypes.Contains(jobType) {
			c.JobTypes = append(c.JobTypes, jobType)
		}

func (g *GPU) Equal(gpu *GPU) bool {
	if g.Model == gpu.Model &&
		g.TotalVRAM == gpu.TotalVRAM &&
		g.UsedVRAM == gpu.UsedVRAM &&
		g.FreeVRAM == gpu.FreeVRAM &&
		g.Index == gpu.Index &&
		g.Vendor == gpu.Vendor &&
		g.PCIAddress == gpu.PCIAddress {
		return true
	}

// Validate validates an item placed into the dht.
func (d dhtValidator) Validate(key string, value []byte) error {
	// empty value is considered deleting an item from the dht
	if len(value) == 0 {
		return nil
	}

	if !strings.HasPrefix(key, d.customNamespace) {
		return errors.New("invalid key namespace")
	}

	// verify signature
	var envelope commonproto.Advertisement
	err := proto.Unmarshal(value, &envelope)

package libp2p

import (
	"bufio"
	"bytes"
	"context"
	"crypto/sha256"
	"encoding/binary"
	"errors"
	"fmt"
	"io"
	"strings"
	"sync"

// TODO-suggestion: maybe we should call it something else like Libp2pPeer,
// Libp2pHost or just Peer (callers would use libp2p.Peer...)
type Libp2p struct {
	Host              host.Host
	DHT               *dht.IpfsDHT
	PS                peerstore.Peerstore
	pubsub            *pubsub.PubSub
	pubsubTopics      map[string]*pubsub.Topic
	topicSubscription map[string]*pubsub.Subscription
	topicMux          sync.RWMutex

	// a list of peers discovered by discovery
	discoveredPeers []peer.AddrInfo
	discovery       libp2pdiscovery.Discovery

// OpenStream opens a stream to a remote address and returns the stream for the caller to handle.
func (l *Libp2p) OpenStream(ctx context.Context, addr string, messageType types.MessageType) (network.Stream, error) {
	maddr, err := multiaddr.NewMultiaddr(addr)
	if err != nil {
		return nil, fmt.Errorf("invalid multiaddress: %w", err)
	}

	peerInfo, err := peer.AddrInfoFromP2pAddr(maddr)
	if err != nil {
		return nil, fmt.Errorf("could not resolve peer info: %w", err)
	}

	if err := l.Host.Connect(ctx, *peerInfo); err != nil {
		return nil, fmt.Errorf("failed to connect to peer: %w", err)

// TODO (Return error once): something that was confusing me when using this method is that the error is
// returned twice if any. Once as a field of PingResult and one as a return value.
func (l *Libp2p) Ping(ctx context.Context, peerIDAddress string, timeout time.Duration) (types.PingResult, error) {
	// avoid dial to self attempt
	if peerIDAddress == l.Host.ID().String() {
		err := errors.New("can't ping self")
		return types.PingResult{Success: false, Error: err}, err
	}

	pingCtx, cancel := context.WithTimeout(ctx, timeout)
	defer cancel()

	remotePeer, err := peer.Decode(peerIDAddress)
	if err != nil {
		return types.PingResult{}, err

// ResolveAddress resolves the address by given a peer id.
func (l *Libp2p) ResolveAddress(ctx context.Context, id string) ([]string, error) {
	pid, err := peer.Decode(id)
	if err != nil {
		return nil, fmt.Errorf("failed to resolve invalid peer: %w", err)
	}

	// resolve ourself
	if l.Host.ID().String() == id {
		multiAddrs, err := l.GetMultiaddr()
		if err != nil {
			return nil, fmt.Errorf("failed to resolve self: %w", err)
		}
		resolved := make([]string, len(multiAddrs))

// Query return all the advertisements in the network related to a key.
// The network is queried to find providers for the given key, and peers which we aren't connected to can be retrieved.
func (l *Libp2p) Query(ctx context.Context, key string) ([]*commonproto.Advertisement, error) {
	if key == "" {
		return nil, errors.New("advertisement key is empty")
	}

	customCID, err := createCIDFromKey(key)
	if err != nil {
		return nil, fmt.Errorf("failed to create cid for key %s: %w", key, err)
	}

	addrInfo, err := l.DHT.FindProviders(ctx, customCID)
	if err != nil {
		return nil, fmt.Errorf("failed to find providers for key %s: %w", key, err)

// Advertise given data and a key pushes the data to the dht.
func (l *Libp2p) Advertise(ctx context.Context, key string, data []byte) error {
	if key == "" {
		return errors.New("advertisement key is empty")
	}

	pubKeyBytes, err := l.getPublicKey()
	if err != nil {
		return fmt.Errorf("failed to get public key: %w", err)
	}

	envelope := &commonproto.Advertisement{
		PeerId:    l.Host.ID().String(),
		Timestamp: time.Now().Unix(),

}

func (l *Libp2p) sendMessage(ctx context.Context, addr string, msg types.MessageEnvelope) error {
	peerAddr, err := multiaddr.NewMultiaddr(addr)
	if err != nil {
		return fmt.Errorf("invalid multiaddr %s: %v", addr, err)
	}

	peerInfo, err := peer.AddrInfoFromP2pAddr(peerAddr)
	if err != nil {
		return fmt.Errorf("failed to get peer info %s: %v", addr, err)
	}

	// we are delivering a message to ourself
	// we should use the handler to send the message to the handler directly which has been previously registered.

}

func makeAddrsFactory(announce []string, appendAnnouce []string, noAnnounce []string) func([]multiaddr.Multiaddr) []multiaddr.Multiaddr {
	var err error                     // To assign to the slice in the for loop
	existing := make(map[string]bool) // To avoid duplicates

	annAddrs := make([]multiaddr.Multiaddr, len(announce))
	for i, addr := range announce {
		annAddrs[i], err = multiaddr.NewMultiaddr(addr)
		if err != nil {
			return nil
		}
		existing[addr] = true
	}

}

func makeAddrsFactory(announce []string, appendAnnouce []string, noAnnounce []string) func([]multiaddr.Multiaddr) []multiaddr.Multiaddr {
	var err error                     // To assign to the slice in the for loop
	existing := make(map[string]bool) // To avoid duplicates

	annAddrs := make([]multiaddr.Multiaddr, len(announce))
	for i, addr := range announce {
		annAddrs[i], err = multiaddr.NewMultiaddr(addr)
		if err != nil {
			return nil
		}
		existing[addr] = true
	}

// NewHost returns a new libp2p host with dht and other related settings.
func NewHost(ctx context.Context, config *types.Libp2pConfig, fs afero.Fs) (host.Host, *dht.IpfsDHT, *pubsub.PubSub, error) {
	var idht *dht.IpfsDHT
	connmgr, err := connmgr.NewConnManager(
		100,
		400,
		connmgr.WithGracePeriod(time.Duration(config.GracePeriodMs)*time.Millisecond),
	)
	if err != nil {
		return nil, nil, nil, err
	}

	filter := multiaddr.NewFilters()
	for _, s := range defaultServerFilters {

// NewHost returns a new libp2p host with dht and other related settings.
func NewHost(ctx context.Context, config *types.Libp2pConfig, fs afero.Fs) (host.Host, *dht.IpfsDHT, *pubsub.PubSub, error) {
	var idht *dht.IpfsDHT
	connmgr, err := connmgr.NewConnManager(
		100,
		400,
		connmgr.WithGracePeriod(time.Duration(config.GracePeriodMs)*time.Millisecond),
	)
	if err != nil {
		return nil, nil, nil, err
	}

	filter := multiaddr.NewFilters()
	for _, s := range defaultServerFilters {

// NewHost returns a new libp2p host with dht and other related settings.
func NewHost(ctx context.Context, config *types.Libp2pConfig, fs afero.Fs) (host.Host, *dht.IpfsDHT, *pubsub.PubSub, error) {
	var idht *dht.IpfsDHT
	connmgr, err := connmgr.NewConnManager(
		100,
		400,
		connmgr.WithGracePeriod(time.Duration(config.GracePeriodMs)*time.Millisecond),
	)
	if err != nil {
		return nil, nil, nil, err
	}

	filter := multiaddr.NewFilters()
	for _, s := range defaultServerFilters {

// be careful if managing files with `os` (the volume controller might be
// using an in-memory one)
func (s *Storage) Upload(ctx context.Context, vol types.StorageVolume, destinationSpecs *types.SpecConfig) error {
	target, err := DecodeInputSpec(destinationSpecs)
	if err != nil {
		return fmt.Errorf("failed to decode input spec: %v", err)
	}

	sanitizedKey := sanitizeKey(target.Key)

	// set file system to act upon based on the volume controller implementation
	var fs afero.Fs
	if basicVolController, ok := s.volController.(*basiccontroller.BasicVolumeController); ok {
		fs = basicVolController.FS
	}

// CreateContainer creates a new Docker container with the specified configuration.
func (c *Client) CreateContainer(
	ctx context.Context,
	config *container.Config,
	hostConfig *container.HostConfig,
	networkingConfig *network.NetworkingConfig,
	platform *v1.Platform,
	name string,
) (string, error) {
	_, err := c.PullImage(ctx, config.Image)

// DecodeSpec decodes a spec config into a docker engine spec
// It converts the params into a docker EngineSpec struct and validates it
func DecodeSpec(spec *types.SpecConfig) (EngineSpec, error) {
	if !spec.IsType(types.ExecutorTypeDocker) {
		return EngineSpec{}, fmt.Errorf(
			"invalid docker engine type. expected %s, but received: %s",
			types.ExecutorTypeDocker,
			spec.Type,
		)
	}

	inputParams := spec.Params
	if inputParams == nil {
		return EngineSpec{}, fmt.Errorf("invalid docker engine params: params cannot be nil")
	}

// run starts the container and handles its execution lifecycle.
func (h *executionHandler) run(ctx context.Context) {
	h.running.Store(true)
	defer func() {
		if err := h.destroy(DestroyTimeout); err != nil {
			zlog.Sugar().Warnf("failed to destroy container: %v\n", err)
		}
		h.running.Store(false)
		close(h.waitCh)
	}()

	if err := h.client.StartContainer(ctx, h.containerID); err != nil {
		h.result = types.NewFailedExecutionResult(fmt.Errorf("failed to start container: %v", err))
		return

// run starts the container and handles its execution lifecycle.
func (h *executionHandler) run(ctx context.Context) {
	h.running.Store(true)
	defer func() {
		if err := h.destroy(DestroyTimeout); err != nil {
			zlog.Sugar().Warnf("failed to destroy container: %v\n", err)
		}
		h.running.Store(false)
		close(h.waitCh)
	}()

	if err := h.client.StartContainer(ctx, h.containerID); err != nil {
		h.result = types.NewFailedExecutionResult(fmt.Errorf("failed to start container: %v", err))
		return

// DestroyVM destroys the Firecracker VM.
func (c *Client) DestroyVM(
	ctx context.Context,
	m *firecracker.Machine,
	timeout time.Duration,
) error {
	// Get the PID of the Firecracker process and shut down the VM.
	// If the process is still running after the timeout, kill it.
	err := c.ShutdownVM(ctx, m)
	if err != nil {
		return fmt.Errorf("failed to shutdown vm: %w", err)
	}

	pid, _ := m.PID()

// FindVM finds a Firecracker VM by its socket path.
// This implementation checks if the VM is running by sending a request to the Firecracker API.
func (c *Client) FindVM(ctx context.Context, socketPath string) (*firecracker.Machine, error) {
	// Check if the socket file exists.
	if _, err := os.Stat(socketPath); err != nil {
		return nil, fmt.Errorf("VM with socket path %v not found", socketPath)
	}

	// Create a new Firecracker machine instance.
	cmd := firecracker.VMCommandBuilder{}.WithSocketPath(socketPath).Build(ctx)
	machine, err := firecracker.NewMachine(
		ctx,
		firecracker.Config{SocketPath: socketPath},
		firecracker.WithProcessRunner(cmd),
	)

// DecodeSpec decodes a spec config into a firecracker engine spec
// It converts the params into a firecracker EngineSpec struct and validates it
func DecodeSpec(spec *types.SpecConfig) (EngineSpec, error) {
	if !spec.IsType(types.ExecutorTypeFirecracker) {
		return EngineSpec{}, fmt.Errorf(
			"invalid firecracker engine type. expected %s, but received: %s",
			types.ExecutorTypeFirecracker,
			spec.Type,
		)
	}

	inputParams := spec.Params
	if inputParams == nil {
		return EngineSpec{}, fmt.Errorf("invalid firecracker engine params: params cannot be nil")
	}

}

func newOnboardMLCmd(afs afero.Afero, dockerClient *docker.Client) *cobra.Command {
	return &cobra.Command{
		Use:   "onboard-ml",
		Short: "Setup for Machine Learning with GPU",
		Long:  ``,
		RunE: func(cmd *cobra.Command, _ []string) error {
			wsl, err := utils.CheckWSL(afs)
			if err != nil {
				return fmt.Errorf("could not check WSL: %w", err)
			}

			vendors, err := resources.ManagerInstance.SystemSpecs().GetGPUVendors()
			if err != nil {

// NewOnboardCmd is a constructor for `onboard` command
func newOnboardCmd(client *utils.HTTPClient) *cobra.Command {
	fnCPU := "cpu"
	fnMemory := "memory"
	fnChannel := "nunet-channel"
	fnAddr := "address"
	fnPlugin := "plugin"
	fnNTXPrice := "ntx-price"
	fnLocal := "local-enable"
	fnCardano := "cardano"
	fnUnavailable := "unavailable"

	cmd := &cobra.Command{
		Use:   "onboard",

// NewOnboardCmd is a constructor for `onboard` command
func newOnboardCmd(client *utils.HTTPClient) *cobra.Command {
	fnCPU := "cpu"
	fnMemory := "memory"
	fnChannel := "nunet-channel"
	fnAddr := "address"
	fnPlugin := "plugin"
	fnNTXPrice := "ntx-price"
	fnLocal := "local-enable"
	fnCardano := "cardano"
	fnUnavailable := "unavailable"

	cmd := &cobra.Command{
		Use:   "onboard",

// NewOnboardCmd is a constructor for `onboard` command
func newOnboardCmd(client *utils.HTTPClient) *cobra.Command {
	fnCPU := "cpu"
	fnMemory := "memory"
	fnChannel := "nunet-channel"
	fnAddr := "address"
	fnPlugin := "plugin"
	fnNTXPrice := "ntx-price"
	fnLocal := "local-enable"
	fnCardano := "cardano"
	fnUnavailable := "unavailable"

	cmd := &cobra.Command{
		Use:   "onboard",

// NewWalletNewCmd is a constructor for `wallet new` command
func newWalletNewCmd(client *utils.HTTPClient) *cobra.Command {
	fnEth := "ethereum"
	fnCardano := "cardano"

	cmd := &cobra.Command{
		Use:   "new",
		Short: "Create new wallet",
		RunE: func(cmd *cobra.Command, _ []string) error {
			eth, _ := cmd.Flags().GetBool(fnEth)

			var (
				pair  *types.BlockchainAddressPrivKey
				query string

// NewPeerListCmd is a constructor for `peer list` subcommand
func newPeerListCmd(client *utils.HTTPClient) *cobra.Command {
	fnDHT := "dht"
	cmd := &cobra.Command{
		Use:   "list",
		Short: "Display list of peers in the network",
		Long:  ``,
		RunE: func(cmd *cobra.Command, _ []string) error {
			onboarded, err := checkOnboarded(client)
			if err != nil {
				return fmt.Errorf("could not check onboard status: %w", err)
			}
			if !onboarded {
				return fmt.Errorf("machine is not onboarded")

// NewCapacityCmd is a constructor for `capacity` command
func newCapacityCmd(client *utils.HTTPClient) *cobra.Command {
	fnAvailable := "available"
	fnOnboarded := "onboarded"
	fnFull := "full"

	cmd := &cobra.Command{
		Use:   "capacity",
		Short: "Display capacity of device resources",
		Long:  `Retrieve capacity of the machine, onboarded or available amount of resources`,
		RunE: func(cmd *cobra.Command, _ []string) error {
			table := setupTable(cmd.OutOrStdout())
			defer table.Render()

}

func newGPUCapacityCmd() *cobra.Command {
	fnCuda := "cuda-tensor"
	fnRocm := "rocm-hip"

	cmd := &cobra.Command{
		Use:   "capacity",
		Short: "Check availability of NVIDIA/AMD/Intel GPUs",
		Long:  ``,
		Run: func(cmd *cobra.Command, _ []string) {
			cuda, _ := cmd.Flags().GetBool(fnCuda)
			rocm, _ := cmd.Flags().GetBool(fnRocm)

			if !cuda && !rocm {

}

func newGPUCapacityCmd() *cobra.Command {
	fnCuda := "cuda-tensor"
	fnRocm := "rocm-hip"

	cmd := &cobra.Command{
		Use:   "capacity",
		Short: "Check availability of NVIDIA/AMD/Intel GPUs",
		Long:  ``,
		Run: func(cmd *cobra.Command, _ []string) {
			cuda, _ := cmd.Flags().GetBool(fnCuda)
			rocm, _ := cmd.Flags().GetBool(fnRocm)

			if !cuda && !rocm {

}

func runDockerContainer(ctx context.Context, cli *client.Client, options ContainerOptions) error {
	if options.Image == "" {
		return fmt.Errorf("image name cannot be empty")
	}

	config := &container.Config{
		Image:      options.Image,
		Entrypoint: options.Entrypoint,
		Cmd:        options.Command,
		Tty:        true,
	}

	hostConfig := &container.HostConfig{}

}

func runDockerContainer(ctx context.Context, cli *client.Client, options ContainerOptions) error {
	if options.Image == "" {
		return fmt.Errorf("image name cannot be empty")
	}

	config := &container.Config{
		Image:      options.Image,
		Entrypoint: options.Entrypoint,
		Cmd:        options.Command,
		Tty:        true,
	}

	hostConfig := &container.HostConfig{}

// NewResourceConfigCmd is a constructor for `resource-config` command
func newResourceConfigCmd(client *utils.HTTPClient) *cobra.Command {
	fnMemory := "memory"
	fnCPU := "cpu"
	fnNTXPrice := "ntx-price"

	cmd := &cobra.Command{
		Use:   "resource-config",
		Short: "Update configuration of onboarded device",
		RunE: func(cmd *cobra.Command, _ []string) error {
			onboarded, err := checkOnboarded(client)
			if err != nil {
				return fmt.Errorf("could not check onboard status: %w", err)
			}

)

func newGPUOnboardCmd(afs afero.Afero) *cobra.Command {
	return &cobra.Command{
		Use:   "onboard",
		Short: "Install GPU drivers and Container Runtime",
		Long:  ``,
		RunE: func(cmd *cobra.Command, _ []string) error {
			wsl, err := utils.CheckWSL(afs)
			if err != nil {
				return fmt.Errorf("could not check WSL: %w", err)
			}

			mining, err := checkMiningOS(afs)
			if err != nil {

)

func newGPUOnboardCmd(afs afero.Afero) *cobra.Command {
	return &cobra.Command{
		Use:   "onboard",
		Short: "Install GPU drivers and Container Runtime",
		Long:  ``,
		RunE: func(cmd *cobra.Command, _ []string) error {
			wsl, err := utils.CheckWSL(afs)
			if err != nil {
				return fmt.Errorf("could not check WSL: %w", err)
			}

			mining, err := checkMiningOS(afs)
			if err != nil {

)

func newGPUStatusCmd() *cobra.Command {
	return &cobra.Command{
		Use:   "status",
		Short: "Check GPU status in real time",
		Long:  ``,
		Run: func(_ *cobra.Command, _ []string) {
			vendors, err := resources.ManagerInstance.SystemSpecs().GetGPUVendors()
			if err != nil {
				fmt.Println("Error trying to detect GPU(s):", err)
				return
			}

			hasAMD := containsVendor(vendors, types.GPUVendorAMDATI)

)

func newGPUStatusCmd() *cobra.Command {
	return &cobra.Command{
		Use:   "status",
		Short: "Check GPU status in real time",
		Long:  ``,
		Run: func(_ *cobra.Command, _ []string) {
			vendors, err := resources.ManagerInstance.SystemSpecs().GetGPUVendors()
			if err != nil {
				fmt.Println("Error trying to detect GPU(s):", err)
				return
			}

			hasAMD := containsVendor(vendors, types.GPUVendorAMDATI)

// NewOffboardCmd is a constructor for `offboard` command
func newOffboardCmd(client *utils.HTTPClient) *cobra.Command {
	fnForce := "force"
	cmd := &cobra.Command{
		Use:   "offboard",
		Short: "Offboard the device from NuNet",
		Long:  ``,
		RunE: func(cmd *cobra.Command, _ []string) error {
			onboarded, err := checkOnboarded(client)
			if err != nil {
				return fmt.Errorf("could not check onboard status: %w", err)
			}
			if !onboarded {
				return fmt.Errorf("machine is not onboarded")

}

func (ctx *BasicCapabilityContext) Provide(target did.DID, subject crypto.ID, audience crypto.ID, expire uint64, invoke []Capability, provide []Capability) ([]byte, error) {
	if len(invoke) == 0 && len(provide) == 0 {
		return nil, nil

package ucan

import (
	"bytes"
	"context"
	"crypto/rand"
	"encoding/json"
	"fmt"
	"slices"
	"sync"
	"time"

	"gitlab.com/nunet/device-management-service/lib/crypto"

}

func (ctx *BasicCapabilityContext) Delegate(subject, audience did.DID, expire uint64, provide []Capability) (TokenList, error) {
	if len(provide) == 0 {
		return TokenList{}, nil
	}

	var result []*Token

	for _, trustAnchor := range ctx.getProvideAnchors() {
		tokenList := ctx.getProvideTokens(trustAnchor)
		if len(tokenList) == 0 {
			continue
		}

}

func (ctx *BasicCapabilityContext) Consume(origin did.DID, data []byte) error {
	if len(data) > maxCapabilitySize {
		return ErrTooBig
	}

	var tokens TokenList
	if err := json.Unmarshal(data, &tokens); err != nil {
		return fmt.Errorf("unmarshaling payload: %w", err)
	}

	rootAnchors := ctx.getRoots()
	requireAnchors := ctx.getRequireAnchors()
	now := uint64(time.Now().UnixNano())

}

func (ctx *BasicCapabilityContext) Require(anchor did.DID, subject crypto.ID, audience crypto.ID, cap []Capability) error {
	// no capabilities required, we have to allow this for certain public behaviors
	if len(cap) == 0 {
		return nil
	}

	subjectDID, err := did.FromID(subject)
	if err != nil {
		return fmt.Errorf("DID for subject: %w", err)
	}

	audienceDID, err := did.FromID(audience)
	if err != nil {

}

type BasicCapabilityContext struct {
	mx       sync.Mutex
	provider did.Provider
	trust    did.TrustContext
	roots    map[did.DID]struct{} // our root anchors of trust
	require  map[did.DID][]*Token // our acceptance side-roots
	provide  map[did.DID][]*Token // root capabilities -> tokens
	tokens   map[did.DID][]*Token // our context dependent capabilities; subject ->  tokens

	stop func()
}

var _ CapabilityContext = (*BasicCapabilityContext)(nil)

}

func (ctx *BasicCapabilityContext) Require(anchor did.DID, subject crypto.ID, audience crypto.ID, cap []Capability) error {
	// no capabilities required, we have to allow this for certain public behaviors
	if len(cap) == 0 {
		return nil
	}

	subjectDID, err := did.FromID(subject)
	if err != nil {
		return fmt.Errorf("DID for subject: %w", err)
	}

	audienceDID, err := did.FromID(audience)
	if err != nil {

}

func (ctx *BasicCapabilityContext) Provide(target did.DID, subject crypto.ID, audience crypto.ID, expire uint64, invoke []Capability, provide []Capability) ([]byte, error) {
	if len(invoke) == 0 && len(provide) == 0 {
		return nil, nil
	}

	subjectDID, err := did.FromID(subject)
	if err != nil {
		return nil, fmt.Errorf("DID for subject: %w", err)
	}

	audienceDID, err := did.FromID(audience)
	if err != nil {
		return nil, fmt.Errorf("DID for audience: %w", err)

}

func (t *DMSToken) delegate(action Action, provider did.Provider, subject, audience did.DID, expire uint64, c []Capability) (*DMSToken, error) {
	if t.Action != Delegate {
		return nil, ErrNotAuthorized

}

func (t *DMSToken) Verify(trust did.TrustContext, now uint64) error {
	if t.ExpireBefore(now) {
		return ErrCapabilityExpired
	}

	if t.Chain != nil {
		if t.Chain.Action() != Delegate {
			return ErrNotAuthorized
		}

		if t.Chain.ExpireBefore(t.Expire) {
			return ErrCapabilityExpired
		}

}

func (t *DMSToken) Verify(trust did.TrustContext, now uint64) error {
	if t.ExpireBefore(now) {
		return ErrCapabilityExpired
	}

	if t.Chain != nil {
		if t.Chain.Action() != Delegate {
			return ErrNotAuthorized
		}

		if t.Chain.ExpireBefore(t.Expire) {
			return ErrCapabilityExpired
		}

}

func (t *DMSToken) AllowAction(ot *Token) bool {
	if t.Action != Delegate {
		return false
	}

	if t.ExpireBefore(ot.Expire()) {
		return false
	}

	if !ot.Anchor(t.Subject) {
		return false
	}

}

func (t *DMSToken) AllowInvocation(subject, audience did.DID, c Capability) bool {
	if t.Action != Invoke {
		return false
	}

	if !t.Subject.Equal(subject) {
		return false
	}

	if !t.Audience.Empty() && !t.Audience.Equal(audience) {
		return false
	}

}

func (t *DMSToken) AllowDelegation(issuer, audience did.DID, expire uint64, c Capability) bool {
	if t.Action != Delegate {
		return false
	}

	if t.ExpireBefore(expire) {
		return false
	}

	if !t.Subject.Equal(issuer) {
		return false
	}

}

func (t *DMSToken) delegate(action Action, provider did.Provider, subject, audience did.DID, expire uint64, c []Capability) (*DMSToken, error) {
	if t.Action != Delegate {
		return nil, ErrNotAuthorized
	}

	nonce := make([]byte, nonceLength)
	_, err := rand.Read(nonce)
	if err != nil {
		return nil, fmt.Errorf("nonce: %w", err)
	}

	result := &DMSToken{
		Issuer:     provider.DID(),

}

func ParseKeyURI(uri string) (crypto.PubKey, error) {
	if !strings.HasPrefix(uri, keyPrefix) {
		return nil, fmt.Errorf("decentralized identifier is not a 'key' type")
	}

	uri = strings.TrimPrefix(uri, keyPrefix+":")

	enc, data, err := mb.Decode(uri)
	if err != nil {
		return nil, fmt.Errorf("decoding multibase: %w", err)
	}

	if enc != mb.Base58BTC {

// GetSpecInfo returns the detailed specifications of the system
// TODO: implement the method
// https://gitlab.com/nunet/device-management-service/-/issues/537
func (d darwinSystemSpecs) GetSpecInfo() (types.SpecInfo, error) {

// https://gitlab.com/nunet/device-management-service/-/issues/537
func (d darwinSystemSpecs) GetSpecInfo() (types.SpecInfo, error) {
	// TODO implement me
	panic("implement me")
}

	}

	// TODO: disk usage
	var totalVCPU, totalMemSizeMib uint
	for _, vm := range vms {

	}

	// TODO: disk usage
	for _, service := range services {
		resourcesReq := requirements[service.ResourceRequirements]

)

// TODO: This needs to be initialized in `dms` package and removed from here
// https://gitlab.com/nunet/device-management-service/-/issues/536
// it is being initialized in `dms` package now but there is usage in executor

// DefaultManager implements the Manager interface
// TODO: do we want to have an in-memory cache for the resources instead of querying the DB every time?
// TODO: Add telemetry for the methods https://gitlab.com/nunet/device-management-service/-/issues/535
type DefaultManager struct {

// DefaultManager implements the Manager interface
// TODO: do we want to have an in-memory cache for the resources instead of querying the DB every time?
// TODO: Add telemetry for the methods https://gitlab.com/nunet/device-management-service/-/issues/535
type DefaultManager struct {
	usageMonitor UsageMonitor

// GetSpecInfo returns the detailed specifications of the system
// TODO: implement the method
// https://gitlab.com/nunet/device-management-service/-/issues/537
func (l linuxSystemSpecs) GetSpecInfo() (types.SpecInfo, error) {

// https://gitlab.com/nunet/device-management-service/-/issues/537
func (l linuxSystemSpecs) GetSpecInfo() (types.SpecInfo, error) {
	// TODO implement me
	panic("implement me")
}

// fetchGPUMetadata fetches the GPU metadata for the system using `ghw.GPU()`
// TODO: Use one single library to fetch GPU information or improve the match criteria
// https://gitlab.com/nunet/device-management-service/-/issues/548
// TODO: write tests by mocking the gpu snapshot

// TODO: Use one single library to fetch GPU information or improve the match criteria
// https://gitlab.com/nunet/device-management-service/-/issues/548
// TODO: write tests by mocking the gpu snapshot
// https://gitlab.com/nunet/device-management-service/-/issues/534
func (l linuxSystemSpecs) fetchGPUMetadata() (map[types.GPUVendor][]gpuMetadata, error) {

// GetSpecInfo returns the detailed specifications of the system
// TODO: implement the method
// https://gitlab.com/nunet/device-management-service/-/issues/537
func (d darwinSystemSpecs) GetSpecInfo() (types.SpecInfo, error) {

// https://gitlab.com/nunet/device-management-service/-/issues/537
func (d darwinSystemSpecs) GetSpecInfo() (types.SpecInfo, error) {
	// TODO implement me
	panic("implement me")
}

package dms

// TODO this file will be removed in favor of actor package

// ActorRegistry represents an actor registry.

		return false, nil
	}
	// TODO: validate onboarding params
	return true, nil
}

	oConf.Name = hostname
	oConf.UpdateTimestamp = time.Now().Unix()
	// nolint TODO: 553
	oConf.TotalResources.RAM = provisionedResources.RAM
	oConf.TotalResources.NumCores = provisionedResources.NumCores

	oConf.OnboardedResources.RAM = capacity.Memory
	oConf.OnboardedResources.CPU = float64(capacity.CPU)
	// nolint TODO: 553
	oConf.Network = capacity.Channel
	oConf.PublicKey = capacity.PaymentAddress

	}

	// TODO: shutdown routine to stop networking etc... here

	err = o.ParamsRepo.Clear(ctx)

	}

	// nolint TODO: 553
	if capacity.Memory > provisionedResources.RAM*9/10 || capacity.Memory < provisionedResources.RAM/10 {
		return fmt.Errorf("memory should be between 10%% and 90%% of the available memory (%d and %d)", int64(provisionedResources.RAM/10), int64(provisionedResources.RAM*9/10))

		CPUNo:             totalProvisioned.NumCores,
		CPUHz:             cpuInfo.MHzPerCore,
		PriceCPU:          0, // TODO: Get price of CPU
		RAM:               capacity.Memory,
		PriceRAM:          0, // TODO: Get price of RAM

		PriceCPU:          0, // TODO: Get price of CPU
		RAM:               capacity.Memory,
		PriceRAM:          0, // TODO: Get price of RAM
		Vcpu:              int(math.Floor((float64(capacity.CPU)) / cpuInfo.MHzPerCore)),
		Disk:              0,

// CreatePaymentAddress generates a keypair based on the wallet type. Currently supported types: ethereum, cardano.
// TODO: This should be moved to utils-related package. It's a utility function independent of onboarding
func CreatePaymentAddress(wallet string) (*types.BlockchainAddressPrivKey, error) {
	var (

	ErrBadSender              = errors.New("bad sender")

	ErrTODO = errors.New("TODO")
)

	var msg Envelope
	if err := json.Unmarshal(data, &msg); err != nil {
		// TODO log debug
		return
	}

	if !a.self.ID.Equal(msg.To.ID) {
		// TODO log warn
		return
	}

func (a *BasicActor) handleHeartbeat(_ Envelope) {
	// TODO
}

func AddressFromString(_ string) (Address, error) {
	// TODO
	return Address{}, ErrTODO
}

func HandleFromString(_ string) (Handle, error) {
	// TODO
	return Handle{}, ErrTODO
}

type BasicDispatchLimiter struct {
	// TODO
}

func (l *BasicDispatchLimiter) Reserve(_ Envelope) error {
	// TODO we can leave this for follow up
	return ErrTODO
}

func (l *BasicDispatchLimiter) Release(_ Envelope) {
	// TODO we can leave this for follow up
}

		EngineSpec:  &a.Job.Execution,
		Resources:   &a.Job.Resources,
		// TODO add the following
		Inputs:     []*types.StorageVolumeExecutor{},
		Outputs:    []*types.StorageVolumeExecutor{},

}

// TODO: ExecutionResources and FreeResources should be compatible
func availableResources(jobResources types.ExecutionResources, fr types.FreeResources) bool {
	return fr.RAM >= uint64(jobResources.Memory.Size) && fr.Disk >= jobResources.Disk.Size && fr.CPU > float64(jobResources.CPU.Cores)

)

// TODO: remove after resource manager MR is merged
type benchmarker interface {
	Benchmark(ctx context.Context) (*types.Capability, error)

	actorFactory *dms.ActorFactory

	// TODO: fix when resource manager is merged to develop
	resourceManager resources.Manager

func Compare(l, r interface{}, _ ...Preference) types.Comparison {
	// TODO: it would be better to pass a pointer as this is a global structure
	comparatorMap := initComparatorMap()

		result = types.Worse

		// TODO: this comparator does not take into account options when several job types are available and several job types are required
		// in the same data structure; this is why the test fails;
	}

)

// TODO this file will be removed in favor of actor package

// Actor defines the functionalities of actor.

	}

	// TODO: convert to proto message and marshal with protobuf
	actorMessge, err := json.Marshal(m)
	if err != nil {

// Deleted now because dependencies such as the docker package have been replaced with executor/docker
func SanityCheck(_ *gorm.DB) {
	// TODO: sanity check of DMS last exit and correction of invalid states

	// resources.CalcFreeResAndUpdateDB()

echo "Looking for old versions of nunet-dms ..."

# XXX this can be removed once the new "nunet" binary has been in use for sometime
if [ -f "/usr/bin/nunet-dms" ];then
    rm -f /usr/bin/nunet-dms

		}

		// TODO(skylar): See if inline datum is present
		if input.DatumFile != "" {
			args = append(args, "--tx-in-inline-datum-present")

func getCustomCorsConfig() cors.Config {
	config := defaultConfig()
	// FIXME: This is a security concern.
	config.AllowOrigins = []string{"http://localhost:9991", "http://localhost:9992"}
	return config

//	@Router			/device/status [get]
func (rs RESTServer) DeviceStatus(c *gin.Context) {
	// TODO: handle this after refactor
	// status, err := libp2p.DeviceStatus()
	// if err != nil {

	}

	// TODO: handle this after refactor
	// err = libp2p.ChangeDeviceStatus(status.IsAvailable)
	// if err != nil {

	MessageHashAction    string
	Action               string
	// TODO: Add ContainerType field

}

// ResourceOps defines the operations on resources
// TODO: Check how to handle GPU resources
type ResourceOps interface {
	// Add returns the sum of the resources

// Add returns the sum of the resources
func (r Resources) Add(r2 Resources) Resources {
	// TODO: GPU addition
	return Resources{
		CPU:  r.CPU + r2.CPU,

	}

	// TODO: GPU subtraction

	if r.RAM < r2.RAM {

// RequiredResources represents the resources required by the jobs running on the machine
// TODO: this is a replacement for ServiceResourceRequirements. Check with the team on this.
type RequiredResources struct {
	BaseDBModel

// SpecInfo represents the machine specifications
// TODO: Finalise the fields required in this struct
// https://gitlab.com/nunet/device-management-service/-/issues/533
type SpecInfo struct {

type Disk struct {
	// Model represents the disk model, e.g., "Samsung 970 EVO Plus", "Western Digital Blue SN550"
	// TODO: may be removed as Disk models will be usually irrelevant, right?
	Model string

	// Vendor represents the disk manufacturer, e.g., "Samsung", "Western Digital"
	// TODO: may be removed as Disk vendors will be usually irrelevant, right?
	Vendor string

	// Read speed in bytes per second
	// TODO: may be removed as it may be too specific for our case
	ReadSpeed uint64
	// Write speed in bytes per second

	ReadSpeed uint64
	// Write speed in bytes per second
	// TODO: may be removed as it may be too specific for our case
	WriteSpeed uint64
}

	MessageHashAction    string
	Action               string
	// TODO: Add ContainerType field
}

// created using the VolumeController, there will be no data in it by default.
//
// TODO-maybe [job]: should volumes be related to a job or []job?
//
// TODO-maybe: most of the fields should be private, callers shouldn't be able to altere

// TODO-maybe [job]: should volumes be related to a job or []job?
//
// TODO-maybe: most of the fields should be private, callers shouldn't be able to altere
// the state of the volume except when using certain methods
type StorageVolume struct {

	// EncryptionType might be checked first if needed)
	//
	// TODO-maybe [type]: maybe it should be of type cid.CID
	CID string

	// Size is the size of the storage volume
	//
	// TODO-maybe: if relying on a size field, we would have to be more careful
	// how state is being mutated (and they shouldn't be by the caller)
	//  - Size might be calculated only when locking the volume also

// Warning: this is just a draft. And it might be moved to an Encryption package
//
// TODO: it must support encryption of files/directories, otherwise we have to
// create another interface for the usecase
type Encryptor interface {

// Warning: this is just a draft. And it might be moved to an Encryption package
//
// TODO: it must support decryption of files/directories, otherwise we have to
// create another interface for the usecase
type Decryptor interface {

)

// TODO: Consider comments in this thread: https://gitlab.com/nunet/device-management-service/-/merge_requests/356#note_1997854443
// TODO: Consider comments in this thread: https://gitlab.com/nunet/device-management-service/-/merge_requests/356#note_1997875361

// TODO: Consider comments in this thread: https://gitlab.com/nunet/device-management-service/-/merge_requests/356#note_1997854443
// TODO: Consider comments in this thread: https://gitlab.com/nunet/device-management-service/-/merge_requests/356#note_1997875361

// 'left' means 'this object' and 'right' means 'the supplied other object';

func (dhtValidator) Select(_ string, _ [][]byte) (int, error) { return 0, nil }

// TODO remove the below when network package is fully implemented
// UpdateKadDHT is a stub
func (l *Libp2p) UpdateKadDHT() {

// Libp2p contains the configuration for a Libp2p instance.
//
// TODO-suggestion: maybe we should call it something else like Libp2pPeer,
// Libp2pHost or just Peer (callers would use libp2p.Peer...)
type Libp2p struct {

// New creates a libp2p instance.
//
// TODO-Suggestion: move types.Libp2pConfig to here for better readability.
// Unless there is a reason to keep within types.
func New(config *types.Libp2pConfig, fs afero.Fs) (*Libp2p, error) {

	err = l.advertiseForRendezvousDiscovery(context)
	if err != nil {
		// TODO: the error might be misleading as a peer can normally work well if an error
		// is returned here (e.g.: the error is yielded in tests even though all tests pass).
		zlog.Sugar().Errorf("failed to start network with randevouz discovery: %v", err)

// Ping the remote address. The remote address is the encoded peer id which will be decoded and used here.
//
// TODO (Return error once): something that was confusing me when using this method is that the error is
// returned twice if any. Once as a field of PingResult and one as a return value.
func (l *Libp2p) Ping(ctx context.Context, peerIDAddress string, timeout time.Duration) (types.PingResult, error) {

	advertisements := make([]*commonproto.Advertisement, 0)
	for _, v := range addrInfo {
		// TODO: use go routines to get the values in parallel.
		bytesAdvertisement, err := l.DHT.GetValue(ctx, l.getCustomNamespace(key, v.ID.String()))
		if err != nil {

*/

// TODO-pnet-1: we shouldn't handle configuration paths here, a general configuration path
// should be provided by /internal/config.go
func getBasePath(_ afero.Fs) (string, error) {

// If a swarm key is not found, generate a new one.
//
// TODO-ask: should we continue to generate a new swarm key if one is not found?
// Or we should enforce the user to use some cmd/API rpc to generate a new one?
func configureSwarmKey(fs afero.Fs) (pnet.PSK, error) {

	}

	// TODO-ask: should we return psk fingerprint?
	return psk, nil
}

	swarmKeyWithCodec := fmt.Sprintf("/key/swarm/psk/1.0.0/\n/base64/\n%s\n", encodedKey)

	// TODO-pnet-1
	nunetDir, err := getBasePath(fs)
	if err != nil {

)

// TODO: pass the logger to the constructor and remove from here
var (
	zlog    *otelzap.Logger

// NewNetwork returns a new network given the configuration.
func NewNetwork(netConfig *types.NetworkConfig, fs afero.Fs) (Network, error) {
	// TODO: probable additional params to receive: DB, FileSystem
	if netConfig == nil {
		return nil, errors.New("network configuration is nil")

		return []s3Object{}, fmt.Errorf("failed to retrieve object metadata: %v", err)
	}
	// TODO-minor: validate checksum if provided

	if strings.HasPrefix(*headObjectOut.ContentType, "application/x-directory") {

// NewDefaultVolumeController returns a new instance of BasicVolumeController
//
// TODO-BugFix [path]: volBasePath might not end with `/`, causing errors when calling methods.
// We need to validate it using the `path` library or just verifying the string.
func NewDefaultVolumeController(repo repositories.StorageVolume, volBasePath string, fs afero.Fs) (*BasicVolumeController, error) {

// where `name` is random.
//
// TODO-maybe [withName]: allow callers to specify custom name for path
func (vc *BasicVolumeController) CreateVolume(volSource storage.VolumeSource, opts ...storage.CreateVolOpt) (types.StorageVolume, error) {
	vol := types.StorageVolume{

// It optionally can also set the CID and mark the volume as private.
//
// TODO-maybe [CID]: maybe calculate CID of every volume in case WithCID opt is not provided
func (vc *BasicVolumeController) LockVolume(pathToVol string, opts ...storage.LockVolOpt) error {
	query := vc.repo.GetQuery()

// WithCID sets the CID of a given volume if already calculated
//
// TODO [validate]: check if CID provided is valid
func WithCID(cid string) storage.LockVolOpt {
	return func(v *types.StorageVolume) {

// ListVolumes returns a list of all storage volumes stored on the database
//
// TODO [filter]: maybe add opts to filter results by certain values
func (vc *BasicVolumeController) ListVolumes() ([]types.StorageVolume, error) {
	volumes, err := vc.repo.FindAll(context.Background(), vc.repo.GetQuery())

// GetSize returns the size of a volume
// TODO-minor: identify which measurement type will be used
func (vc *BasicVolumeController) GetSize(identifier string, idType storage.IDType) (int64, error) {
	query := vc.repo.GetQuery()

}

// TODO-minor: compiler-time check for interface implementation
var _ storage.VolumeController = (*BasicVolumeController)(nil)

// VolumeController is used to manage storage volumes.
//
// TODO-maybe: is the interface too big? We may have to split it?
type VolumeController interface {
	// CreateVolume creates a directory where data can be stored, and returns a StorageVolume

	// One of the opts may be a CID. Or the implementation might handle the CID calculation
	//
	// TODO-maybe: after volume is locked, callers should not be able to write data to it.
	LockVolume(pathToVol string, opts ...LockVolOpt) error

	// GetSize returns the size of a volume
	// TODO-minor: identify which measurement type will be used
	GetSize(identifier string, idType IDType) (int64, error)

	GetSize(identifier string, idType IDType) (int64, error)

	// TODO-maybe: encrypt/decrypt method might move to an unique EncryptVolume/DecryptVolume interfaces
	// or something else.
	//  - Warning: if moved, EncryptionType field of StorageVolume must be updated somehow by the new interface

	}

	// TODO: Move this code block ( L263-272) to the allocator in future
	// Select the GPU with the highest available free VRAM and choose the GPU vendor for container's host config
	gpus, err := resources.ManagerInstance.SystemSpecs().GetGPUs()

				Cardano:           cardano,
				ServerMode:        local,
				IsAvailable:       unavailable, // TODO: Update this
			}

			}

			// TODO: what to do with the response body?
			fmt.Fprintf(cmd.OutOrStdout(), "%s\n", resBody)

			}

			// TODO: Define API endpoint for this
			vendors, err := resources.ManagerInstance.SystemSpecs().GetGPUVendors()
			if err != nil {

			}

			// TODO:what to do with the response body?
			fmt.Fprintf(cmd.OutOrStdout(), "%s\n", resBody)
			return nil

	ErrUnsupportedKeyType = errors.New("unsupported key type")

	ErrTODO = errors.New("TODO")
)

// nolint
func ReadVault(path string, passphrase string) ([]byte, error) {
	// TODO
	return nil, ErrTODO
}

// nolint
func WriteVault(path string, passphrase string, data []byte) error {
	// TODO
	return ErrTODO
}

	ErrTooBig            = errors.New("capability blob too big")

	ErrTODO = errors.New("TODO")
)

func SaveCapabilityContext(_ CapabilityContext, _ io.Writer) (int, error) {
	// TODO
	return 0, ErrTODO
}

func LoadCapabilityContext(_ io.Reader, _ did.TrustContext) (CapabilityContext, error) {
	// TODO
	return nil, ErrTODO
}

	Invoke   Action = "invoke"
	Delegate Action = "delegate"
	// Revoke   Action = "revoke" // TODO

	nonceLength = 12 // 96 bits

type BYOToken struct {
	// TODO followup
}

		return t.DMS.SignatureData()
	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

		return t.DMS.Issuer
	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

		return t.DMS.Subject
	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

		return t.DMS.Audience
	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

		return t.DMS.Capability
	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

		return t.DMS.Expire
	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

		return t.DMS.Nonce
	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

		return t.DMS.Action
	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

		return t.DMS.Verify(trust, now)
	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

		return t.DMS.AllowAction(ot)
	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

		return t.DMS.Subsumes(ot)
	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

		return t.DMS.AllowInvocation(subject, audience, c)
	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

	case t.UCAN != nil:
		// TODO UCAN envelopes for BYO trust; followup
		fallthrough
	default:

	ErrNoAnchorMethod   = errors.New("no anchor method")

	ErrTODO = errors.New("TODO")
)

		}

		// TODO validate parts according to spec: https://www.w3.org/TR/did-core/
	}

func SaveTrustContext(_ TrustContext, _ io.Writer) (int, error) {
	// TODO follow up
	return 0, ErrTODO
}

func LoadTrustContext(_ io.Reader) (TrustContext, error) {
	// TODO follow up
	return nil, ErrTODO
}

	}

	// TODO other supported key types (secp?)
	t := multicodecKindEd25519PubKey
	size := varint.UvarintSize(t)

type Job struct {
	LogUpdateInterval int    `mapstructure:"log_update_interval"` // in minutes
	TargetPeer        string `mapstructure:"target_peer"`         // specific peer to send deployment requests to - XXX probably not a good idea. Remove after testing stage.
	CleanupInterval   int    `mapstructure:"cleanup_interval"` // docker container and images clean up interval in days
}

type Job struct {
	LogUpdateInterval int    `mapstructure:"log_update_interval"` // in minutes
	TargetPeer        string `mapstructure:"target_peer"`         // specific peer to send deployment requests to - XXX probably not a good idea. Remove after testing stage.
	CleanupInterval   int    `mapstructure:"cleanup_interval"`    // docker container and images clean up interval in days
}