diff --git a/examples/runtime_identity_graph.json b/examples/runtime_identity_graph.json new file mode 100644 index 0000000..23436d5 --- /dev/null +++ b/examples/runtime_identity_graph.json @@ -0,0 +1,51 @@ +{ + "id": "urn:srcos:runtime-identity-graph:synthetic-browser-001", + "type": "RuntimeIdentityGraph", + "specVersion": "2.0.0", + "observedAt": "2026-05-06T22:37:03Z", + "rootComponentRef": "urn:srcos:component:synthetic-browser-surface", + "identityVerdict": "degraded", + "nodes": [ + { + "nodeId": "app.synthetic-browser", + "nodeKind": "app", + "displayName": "Synthetic Browser Surface", + "processId": 1000, + "bundleOrPackageId": "application.example.synthetic-browser", + "verificationVerdict": "valid" + }, + { + "nodeId": "child.synthetic-content.1001", + "nodeKind": "browser-child", + "displayName": "Synthetic Content Surface", + "processId": 1001, + "bundleOrPackageId": "application.example.synthetic-content", + "verificationVerdict": "degraded" + }, + { + "nodeId": "audit.synthetic-content.1001", + "nodeKind": "audit-token", + "displayName": "Synthetic content audit token", + "auditIdentity": "audit-token-unresolved", + "verificationVerdict": "ambiguous" + } + ], + "edges": [ + { + "from": "app.synthetic-browser", + "to": "child.synthetic-content.1001", + "relationship": "spawned" + }, + { + "from": "child.synthetic-content.1001", + "to": "audit.synthetic-content.1001", + "relationship": "observed-as" + } + ], + "evidenceRefs": [ + "urn:srcos:telemetry:synthetic-identity-degraded", + "urn:srcos:telemetry:synthetic-audit-token-unresolved" + ], + "userVisibleImpact": "A synthetic child surface launched, but its runtime identity could not be fully resolved.", + "remediationHint": "Verify child-surface package identity, audit-token mapping, and broker registration before allowing page load." +} diff --git a/schemas/RuntimeIdentityGraph.json b/schemas/RuntimeIdentityGraph.json new file mode 100644 index 0000000..f3df1c6 --- /dev/null +++ b/schemas/RuntimeIdentityGraph.json @@ -0,0 +1,60 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/RuntimeIdentityGraph.json", + "title": "RuntimeIdentityGraph", + "description": "A runtime identity graph connecting process, package, executable, helper, broker, profile, session, and audit-token identity observations.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "observedAt", + "rootComponentRef", + "identityVerdict", + "nodes" + ], + "properties": { + "id": { "type": "string", "pattern": "^urn:srcos:runtime-identity-graph:" }, + "type": { "const": "RuntimeIdentityGraph" }, + "specVersion": { "type": "string" }, + "observedAt": { "type": "string", "format": "date-time" }, + "rootComponentRef": { "type": "string", "minLength": 1 }, + "identityVerdict": { "enum": ["valid", "degraded", "missing", "ambiguous", "invalid", "unknown"] }, + "nodes": { + "type": "array", + "minItems": 1, + "items": { + "type": "object", + "additionalProperties": false, + "required": ["nodeId", "nodeKind", "displayName"], + "properties": { + "nodeId": { "type": "string", "minLength": 1 }, + "nodeKind": { "enum": ["app", "daemon", "xpc-service", "browser-child", "terminal-helper", "broker", "extension", "package", "profile", "session", "audit-token", "executable"] }, + "displayName": { "type": "string", "minLength": 1 }, + "processId": { "type": "integer", "minimum": 0 }, + "bundleOrPackageId": { "type": "string" }, + "executableDigest": { "type": "string" }, + "auditIdentity": { "type": "string" }, + "verificationVerdict": { "enum": ["valid", "degraded", "missing", "ambiguous", "invalid", "unknown"] } + } + } + }, + "edges": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "required": ["from", "to", "relationship"], + "properties": { + "from": { "type": "string" }, + "to": { "type": "string" }, + "relationship": { "enum": ["spawned", "owns", "brokers", "uses-profile", "runs-as", "attests", "packages", "observed-as", "unknown"] } + } + } + }, + "evidenceRefs": { "type": "array", "items": { "type": "string" } }, + "userVisibleImpact": { "type": "string" }, + "remediationHint": { "type": "string" } + } +} diff --git a/tools/validate_runtime_causality_examples.py b/tools/validate_runtime_causality_examples.py index 3b6cb1b..d0496b5 100644 --- a/tools/validate_runtime_causality_examples.py +++ b/tools/validate_runtime_causality_examples.py @@ -13,16 +13,13 @@ (ROOT / "schemas" / "SecurityVerdictState.json", ROOT / "examples" / "security_verdict_state.json"), (ROOT / "schemas" / "NetworkTruthState.json", ROOT / "examples" / "network_truth_state.json"), (ROOT / "schemas" / "BrowserLaunchTransaction.json", ROOT / "examples" / "browser_launch_transaction.json"), + (ROOT / "schemas" / "RuntimeIdentityGraph.json", ROOT / "examples" / "runtime_identity_graph.json"), (ROOT / "schemas" / "DesktopServiceBrokerState.json", ROOT / "examples" / "desktop_service_broker_state.json"), (ROOT / "schemas" / "MaintenanceEpoch.json", ROOT / "examples" / "maintenance_epoch.json"), (ROOT / "schemas" / "RuntimeRegistryIntegrityRecord.json", ROOT / "examples" / "runtime_registry_integrity_record.json"), (ROOT / "schemas" / "BootSessionPhaseState.json", ROOT / "examples" / "boot_session_phase_state.json"), (ROOT / "schemas" / "DiagnosticStormRecord.json", ROOT / "examples" / "diagnostic_storm_record.json"), ] -DEFERRED = [ - "schemas/RuntimeIdentityGraph.json", - "examples/runtime_identity_graph.json", -] def validate_pair(schema_path: Path, example_path: Path) -> None: @@ -37,7 +34,7 @@ def main() -> int: for schema_path, example_path in PAIRS: validate_pair(schema_path, example_path) checks[example_path.name] = True - print(json.dumps({"ok": all(checks.values()), "checks": checks, "deferred": DEFERRED}, indent=2, sort_keys=True)) + print(json.dumps({"ok": all(checks.values()), "checks": checks}, indent=2, sort_keys=True)) return 0