|
| 1 | +{ |
| 2 | + "$schema": "https://json-schema.org/draft/2020-12/schema", |
| 3 | + "$id": "https://sourceos.dev/schemas/MutationEvidenceUmbrellaPrimitives.schema.json", |
| 4 | + "title": "SourceOS Mutation Evidence Umbrella Primitives v0.1", |
| 5 | + "description": "Umbrella schema for SourceOS MutationReceipt, ExecutionContextReceipt, ServiceWorkReceipt, and EvidencePipelineReceipt with specialized subtypes.", |
| 6 | + "type": "object", |
| 7 | + "oneOf": [ |
| 8 | + { "$ref": "#/$defs/mutation_receipt" }, |
| 9 | + { "$ref": "#/$defs/execution_context_receipt" }, |
| 10 | + { "$ref": "#/$defs/service_work_receipt" }, |
| 11 | + { "$ref": "#/$defs/evidence_pipeline_receipt" } |
| 12 | + ], |
| 13 | + "$defs": { |
| 14 | + "actor_ref": { |
| 15 | + "type": "object", |
| 16 | + "required": ["role", "kind", "id", "name"], |
| 17 | + "properties": { |
| 18 | + "role": { "enum": ["human", "origin_actor", "requesting_actor", "execution_actor", "storage_actor", "observer", "policy_engine", "unknown"] }, |
| 19 | + "kind": { "enum": ["user", "process", "service", "daemon", "agent", "browser", "browser_content_process", "terminal", "file_manager", "sync_daemon", "cloud_service", "diagnostic_service", "kernel", "peripheral", "unknown"] }, |
| 20 | + "id": { "type": "string" }, |
| 21 | + "name": { "type": "string" }, |
| 22 | + "digest": { "type": ["string", "null"] }, |
| 23 | + "coalition_id": { "type": ["string", "null"] }, |
| 24 | + "persona_id": { "type": ["string", "null"] }, |
| 25 | + "trust_zone": { "type": ["string", "null"] }, |
| 26 | + "attribution_status": { "enum": ["complete", "partial", "none", "unknown_origin", "delegated_unknown"] } |
| 27 | + }, |
| 28 | + "additionalProperties": true |
| 29 | + }, |
| 30 | + "object_ref": { |
| 31 | + "type": "object", |
| 32 | + "required": ["class", "id", "path_class"], |
| 33 | + "properties": { |
| 34 | + "class": { "type": "string" }, |
| 35 | + "id": { "type": "string" }, |
| 36 | + "path_class": { "enum": ["user_data", "app_state", "browser_profile", "origin_storage", "service_worker_cache", "cache", "tmp", "sync_root", "cloud_object", "fog_object", "archive", "diagnostic_archive", "evidence_store", "system_volume", "trash", "downloads", "external_volume", "network_mount", "package_bundle", "unknown"] }, |
| 37 | + "redaction": { "enum": ["none", "stable_pseudonym", "path_class_only", "forensic_expansion_required"] } |
| 38 | + }, |
| 39 | + "additionalProperties": true |
| 40 | + }, |
| 41 | + "resource_cost": { |
| 42 | + "type": "object", |
| 43 | + "properties": { |
| 44 | + "logical_bytes": { "type": ["integer", "null"], "minimum": 0 }, |
| 45 | + "physical_bytes": { "type": ["integer", "null"], "minimum": 0 }, |
| 46 | + "dirty_memory_bytes": { "type": ["integer", "null"], "minimum": 0 }, |
| 47 | + "clone_or_reflink_bytes": { "type": ["integer", "null"], "minimum": 0 }, |
| 48 | + "cpu_ms": { "type": ["integer", "null"], "minimum": 0 }, |
| 49 | + "network_bytes_in": { "type": ["integer", "null"], "minimum": 0 }, |
| 50 | + "network_bytes_out": { "type": ["integer", "null"], "minimum": 0 }, |
| 51 | + "fsync_count": { "type": ["integer", "null"], "minimum": 0 }, |
| 52 | + "wal_bytes": { "type": ["integer", "null"], "minimum": 0 }, |
| 53 | + "checkpoint_count": { "type": ["integer", "null"], "minimum": 0 }, |
| 54 | + "entries_visited": { "type": ["integer", "null"], "minimum": 0 }, |
| 55 | + "objects_processed": { "type": ["integer", "null"], "minimum": 0 } |
| 56 | + }, |
| 57 | + "additionalProperties": true |
| 58 | + }, |
| 59 | + "policy_ref": { |
| 60 | + "type": "object", |
| 61 | + "required": ["decision"], |
| 62 | + "properties": { |
| 63 | + "decision": { "enum": ["allow", "deny", "degrade", "sample", "drop", "route", "quarantine", "unknown"] }, |
| 64 | + "policy_id": { "type": ["string", "null"] }, |
| 65 | + "budget_id": { "type": ["string", "null"] }, |
| 66 | + "classification": { "type": ["string", "null"] } |
| 67 | + }, |
| 68 | + "additionalProperties": true |
| 69 | + }, |
| 70 | + "evidence_quality": { |
| 71 | + "type": "object", |
| 72 | + "required": ["status", "confidence"], |
| 73 | + "properties": { |
| 74 | + "status": { "enum": ["complete", "partial", "degraded_sensor", "opaque_symbolication", "redacted", "insufficient_for_clearance"] }, |
| 75 | + "confidence": { "enum": ["high", "medium", "low", "unknown"] }, |
| 76 | + "missing_fields": { "type": "array", "items": { "type": "string" } }, |
| 77 | + "sensor_state": { "enum": ["healthy", "degraded", "blind", "missing", "not_applicable", "unknown"] } |
| 78 | + }, |
| 79 | + "additionalProperties": true |
| 80 | + }, |
| 81 | + "base_receipt": { |
| 82 | + "type": "object", |
| 83 | + "required": ["schema", "primitive", "subtype", "event_id", "timestamp", "actor_chain", "object", "operation", "policy", "evidence_quality"], |
| 84 | + "properties": { |
| 85 | + "schema": { "const": "sourceos.mutation_evidence.umbrella.v0.1" }, |
| 86 | + "primitive": { "enum": ["MutationReceipt", "ExecutionContextReceipt", "ServiceWorkReceipt", "EvidencePipelineReceipt"] }, |
| 87 | + "subtype": { "type": "string" }, |
| 88 | + "event_id": { "type": "string", "minLength": 8 }, |
| 89 | + "timestamp": { "type": "string", "format": "date-time" }, |
| 90 | + "boot_id": { "type": ["string", "null"] }, |
| 91 | + "session_id": { "type": ["string", "null"] }, |
| 92 | + "actor_chain": { "type": "array", "items": { "$ref": "#/$defs/actor_ref" }, "minItems": 1 }, |
| 93 | + "object": { "$ref": "#/$defs/object_ref" }, |
| 94 | + "operation": { "type": "string" }, |
| 95 | + "resource_cost": { "$ref": "#/$defs/resource_cost" }, |
| 96 | + "policy": { "$ref": "#/$defs/policy_ref" }, |
| 97 | + "evidence_quality": { "$ref": "#/$defs/evidence_quality" }, |
| 98 | + "causal_parents": { "type": "array", "items": { "type": "string" } }, |
| 99 | + "downstream_effects": { "type": "array", "items": { "type": "string" } } |
| 100 | + }, |
| 101 | + "additionalProperties": true |
| 102 | + }, |
| 103 | + "mutation_receipt": { |
| 104 | + "allOf": [ |
| 105 | + { "$ref": "#/$defs/base_receipt" }, |
| 106 | + { "properties": { "primitive": { "const": "MutationReceipt" }, "subtype": { "enum": ["browser_write", "delegated_io", "sync_cycle", "folder_sizing", "metadata_traversal", "archive_extraction", "diagnostic_self_noise", "write_burst", "filesystem_clone", "cache_maintenance", "media_work", "temporary_artifact"] } } } |
| 107 | + ] |
| 108 | + }, |
| 109 | + "execution_context_receipt": { |
| 110 | + "allOf": [ |
| 111 | + { "$ref": "#/$defs/base_receipt" }, |
| 112 | + { |
| 113 | + "properties": { |
| 114 | + "primitive": { "const": "ExecutionContextReceipt" }, |
| 115 | + "subtype": { "enum": ["qos_policy", "user_activity_context", "persona_context", "path_boundary", "binary_provenance", "model_activity_state", "terminal_session"] }, |
| 116 | + "execution_context": { |
| 117 | + "type": "object", |
| 118 | + "properties": { |
| 119 | + "frontmost": { "type": ["boolean", "null"] }, |
| 120 | + "user_active": { "type": ["boolean", "null"] }, |
| 121 | + "effective_qos": { "type": ["string", "null"] }, |
| 122 | + "requested_qos": { "type": ["string", "null"] }, |
| 123 | + "qos_match": { "type": ["boolean", "null"] }, |
| 124 | + "path_boundary_crossed": { "type": ["boolean", "null"] } |
| 125 | + }, |
| 126 | + "additionalProperties": true |
| 127 | + } |
| 128 | + } |
| 129 | + } |
| 130 | + ] |
| 131 | + }, |
| 132 | + "service_work_receipt": { |
| 133 | + "allOf": [ |
| 134 | + { "$ref": "#/$defs/base_receipt" }, |
| 135 | + { |
| 136 | + "properties": { |
| 137 | + "primitive": { "const": "ServiceWorkReceipt" }, |
| 138 | + "subtype": { "enum": ["scheduler_receipt", "ephemeral_service_work", "fileprovider_tracking", "cloud_object_transfer", "ui_event_route", "compositor_frame", "display_update_pressure", "ipc_serialization", "peripheral_io", "dock_channel_event"] }, |
| 139 | + "service_work": { |
| 140 | + "type": "object", |
| 141 | + "properties": { |
| 142 | + "scheduler_kind": { "type": ["string", "null"] }, |
| 143 | + "batch_size": { "type": ["integer", "null"], "minimum": 0 }, |
| 144 | + "max_cost": { "type": ["integer", "null"], "minimum": 0 }, |
| 145 | + "retry_after_ms": { "type": ["integer", "null"], "minimum": 0 }, |
| 146 | + "throttle": { "type": ["string", "null"] }, |
| 147 | + "object_count": { "type": ["integer", "null"], "minimum": 0 } |
| 148 | + }, |
| 149 | + "additionalProperties": true |
| 150 | + } |
| 151 | + } |
| 152 | + } |
| 153 | + ] |
| 154 | + }, |
| 155 | + "evidence_pipeline_receipt": { |
| 156 | + "allOf": [ |
| 157 | + { "$ref": "#/$defs/base_receipt" }, |
| 158 | + { |
| 159 | + "properties": { |
| 160 | + "primitive": { "const": "EvidencePipelineReceipt" }, |
| 161 | + "subtype": { "enum": ["routing_receipt", "sink_precedence", "evidence_gap", "log_flush", "symbolication_quality", "agent_coverage_attestation", "compromise_assessment"] }, |
| 162 | + "evidence_pipeline": { |
| 163 | + "type": "object", |
| 164 | + "properties": { |
| 165 | + "received": { "type": ["integer", "null"], "minimum": 0 }, |
| 166 | + "written": { "type": ["integer", "null"], "minimum": 0 }, |
| 167 | + "sampled": { "type": ["integer", "null"], "minimum": 0 }, |
| 168 | + "dropped": { "type": ["integer", "null"], "minimum": 0 }, |
| 169 | + "redacted": { "type": ["integer", "null"], "minimum": 0 }, |
| 170 | + "diverted": { "type": ["integer", "null"], "minimum": 0 }, |
| 171 | + "clearance_allowed": { "type": ["boolean", "null"] } |
| 172 | + }, |
| 173 | + "additionalProperties": true |
| 174 | + } |
| 175 | + } |
| 176 | + } |
| 177 | + ] |
| 178 | + } |
| 179 | + } |
| 180 | +} |
0 commit comments