|
| 1 | +{ |
| 2 | + "$schema": "https://json-schema.org/draft/2020-12/schema", |
| 3 | + "$id": "https://schemas.srcos.ai/v2/ConnectorActionScope.json", |
| 4 | + "title": "ConnectorActionScope", |
| 5 | + "description": "Precise action-scope envelope for a configured Connector. Prevents vague connector enablement by enumerating exact verbs, risk, credential-use posture, approval requirements, data exposure bounds, and receipt obligations.", |
| 6 | + "type": "object", |
| 7 | + "additionalProperties": false, |
| 8 | + "required": ["id", "type", "specVersion", "connectorRef", "connectorKind", "actions", "accessLevel", "riskLevel", "requiresExplicitApproval", "credentialUse", "receiptRequired"], |
| 9 | + "properties": { |
| 10 | + "id": { "type": "string", "pattern": "^urn:srcos:connector-action-scope:", "description": "Stable URN identifier." }, |
| 11 | + "type": { "const": "ConnectorActionScope", "description": "Discriminator constant." }, |
| 12 | + "specVersion": { "type": "string", "description": "Spec version." }, |
| 13 | + "name": { "type": "string", "description": "Human-readable scope name." }, |
| 14 | + "description": { "type": "string", "description": "What this scope permits and forbids." }, |
| 15 | + "connectorRef": { "type": "string", "pattern": "^urn:srcos:connector:", "description": "Configured Connector URN." }, |
| 16 | + "connectorKind": { "enum": ["filesystem", "github", "gitlab", "email", "calendar", "drive", "slack", "linear", "notion", "browser", "computer", "httpApi", "kafka", "rdbms", "objectStore", "lakehouse", "shell", "ci", "deployment", "observability", "custom"], "description": "Connector class." }, |
| 17 | + "actions": { |
| 18 | + "type": "array", |
| 19 | + "minItems": 1, |
| 20 | + "items": { "type": "string", "pattern": "^[a-z0-9]+(\\.[a-z0-9_:-]+)+$" }, |
| 21 | + "description": "Exact allowed connector verbs such as github.pr.read, email.draft, browser.submit_form, or computer.capture_replay." |
| 22 | + }, |
| 23 | + "accessLevel": { "enum": ["none", "readOnly", "draftOnly", "commentOnly", "scopedWrite", "send", "publish", "merge", "destructive", "control"], "description": "Maximum side-effect class." }, |
| 24 | + "riskLevel": { "enum": ["low", "medium", "high", "critical"], "description": "Risk tier." }, |
| 25 | + "requiresExplicitApproval": { "type": "boolean", "description": "Whether use requires explicit approval." }, |
| 26 | + "approvalMoments": { "type": "array", "items": { "enum": ["beforeConnectorEnable", "beforeCredentialUse", "beforeWrite", "beforeComment", "beforeSend", "beforePublish", "beforeMerge", "beforeDelete", "beforeFormSubmit", "beforeComputerControl", "beforeAutomationEnable"] }, "description": "Specific lifecycle moments that require approval." }, |
| 27 | + "credentialUse": { "enum": ["none", "ambientReadOnly", "explicitApproval", "credentialedSession", "delegatedToken"], "description": "Credential, cookie, session, or token posture." }, |
| 28 | + "dataExposure": { |
| 29 | + "type": "object", |
| 30 | + "additionalProperties": false, |
| 31 | + "properties": { |
| 32 | + "mayReadContent": { "type": "boolean", "description": "Whether content may be read." }, |
| 33 | + "mayTransmitContent": { "type": "boolean", "description": "Whether content may be transmitted outside the boundary." }, |
| 34 | + "allowedDomains": { "type": "array", "items": { "type": "string" }, "description": "Allowed network or application domains." }, |
| 35 | + "dataClasses": { "type": "array", "items": { "enum": ["public", "internal", "private", "sensitive", "secret", "credential", "regulated"] }, "description": "Permitted data classifications." } |
| 36 | + }, |
| 37 | + "description": "Data exposure and classification constraints." |
| 38 | + }, |
| 39 | + "retentionPolicy": { "enum": ["none", "sessionOnly", "untilRevoked", "policyDefined"], "default": "sessionOnly", "description": "How long data may be cached or indexed." }, |
| 40 | + "receiptRequired": { "type": "boolean", "description": "Whether use must be represented in a receipt." }, |
| 41 | + "policyRefs": { "type": "array", "items": { "type": "string", "pattern": "^urn:srcos:policy:" }, "description": "Governing policies." }, |
| 42 | + "validFrom": { "type": ["string", "null"], "format": "date-time", "description": "Optional activation start time." }, |
| 43 | + "expiresAt": { "type": ["string", "null"], "format": "date-time", "description": "Optional expiry time." } |
| 44 | + } |
| 45 | +} |
0 commit comments