|
| 1 | +{ |
| 2 | + "$schema": "https://json-schema.org/draft/2020-12/schema", |
| 3 | + "$id": "urn:srcos:agent-machine:schema:deployment-receipt:v0.1.0", |
| 4 | + "title": "DeploymentReceipt", |
| 5 | + "description": "Secret-free receipt proving an Agent Machine deployment artifact was derived from a typed source object by a named generator. This is evidence, not authorization.", |
| 6 | + "type": "object", |
| 7 | + "additionalProperties": false, |
| 8 | + "required": [ |
| 9 | + "specVersion", |
| 10 | + "kind", |
| 11 | + "receiptId", |
| 12 | + "generator", |
| 13 | + "source", |
| 14 | + "artifact", |
| 15 | + "target", |
| 16 | + "policy", |
| 17 | + "receiptSafety", |
| 18 | + "notes" |
| 19 | + ], |
| 20 | + "properties": { |
| 21 | + "specVersion": { |
| 22 | + "type": "string", |
| 23 | + "const": "0.1.0" |
| 24 | + }, |
| 25 | + "kind": { |
| 26 | + "type": "string", |
| 27 | + "const": "DeploymentReceipt" |
| 28 | + }, |
| 29 | + "receiptId": { |
| 30 | + "type": "string", |
| 31 | + "pattern": "^urn:srcos:agent-machine:deployment-receipt:[a-f0-9]{16,64}$" |
| 32 | + }, |
| 33 | + "generator": { |
| 34 | + "type": "object", |
| 35 | + "additionalProperties": false, |
| 36 | + "required": ["name", "version"], |
| 37 | + "properties": { |
| 38 | + "name": { "type": "string" }, |
| 39 | + "version": { "type": "string" } |
| 40 | + } |
| 41 | + }, |
| 42 | + "source": { |
| 43 | + "type": "object", |
| 44 | + "additionalProperties": false, |
| 45 | + "required": ["sourceKind", "path", "id", "digest"], |
| 46 | + "properties": { |
| 47 | + "sourceKind": { "type": "string", "enum": ["AgentPod"] }, |
| 48 | + "path": { "type": "string" }, |
| 49 | + "id": { |
| 50 | + "type": "string", |
| 51 | + "pattern": "^urn:srcos:agent-machine:agent-pod:[a-z0-9][a-z0-9-]*$" |
| 52 | + }, |
| 53 | + "digest": { |
| 54 | + "type": "string", |
| 55 | + "pattern": "^sha256:[a-f0-9]{64}$" |
| 56 | + } |
| 57 | + } |
| 58 | + }, |
| 59 | + "artifact": { |
| 60 | + "type": "object", |
| 61 | + "additionalProperties": false, |
| 62 | + "required": ["artifactKind", "path", "digest"], |
| 63 | + "properties": { |
| 64 | + "artifactKind": { |
| 65 | + "type": "string", |
| 66 | + "enum": ["AgentPodDeploymentPlan", "QuadletContainer", "KubernetesYaml", "Other"] |
| 67 | + }, |
| 68 | + "path": { "type": "string" }, |
| 69 | + "digest": { |
| 70 | + "type": "string", |
| 71 | + "pattern": "^sha256:[a-f0-9]{64}$" |
| 72 | + } |
| 73 | + } |
| 74 | + }, |
| 75 | + "target": { |
| 76 | + "type": "object", |
| 77 | + "additionalProperties": false, |
| 78 | + "required": ["surface", "profile"], |
| 79 | + "properties": { |
| 80 | + "surface": { |
| 81 | + "type": "string", |
| 82 | + "enum": ["quadlet-container", "local-runtime-plan", "kubernetes-yaml", "agentpod-crd", "unknown"] |
| 83 | + }, |
| 84 | + "profile": { |
| 85 | + "type": "string", |
| 86 | + "enum": [ |
| 87 | + "m2-asahi-linux", |
| 88 | + "sourceos-workstation", |
| 89 | + "fedora-silverblue", |
| 90 | + "linux-gpu-node", |
| 91 | + "linux-edge-node", |
| 92 | + "kubernetes-node", |
| 93 | + "macos-apple-silicon-compat" |
| 94 | + ] |
| 95 | + } |
| 96 | + } |
| 97 | + }, |
| 98 | + "policy": { |
| 99 | + "type": "object", |
| 100 | + "additionalProperties": false, |
| 101 | + "required": [ |
| 102 | + "authorizationGranted", |
| 103 | + "policyFabricRequired", |
| 104 | + "policyDecisionRef", |
| 105 | + "agentRegistryRequired", |
| 106 | + "agentRegistryGrantRef" |
| 107 | + ], |
| 108 | + "properties": { |
| 109 | + "authorizationGranted": { "type": "boolean", "const": false }, |
| 110 | + "policyFabricRequired": { "type": "boolean" }, |
| 111 | + "policyDecisionRef": { "type": ["string", "null"] }, |
| 112 | + "agentRegistryRequired": { "type": "boolean" }, |
| 113 | + "agentRegistryGrantRef": { "type": ["string", "null"] } |
| 114 | + } |
| 115 | + }, |
| 116 | + "receiptSafety": { |
| 117 | + "type": "object", |
| 118 | + "additionalProperties": false, |
| 119 | + "required": [ |
| 120 | + "includeRawContent", |
| 121 | + "rawPromptContentIncluded", |
| 122 | + "rawKvCacheContentIncluded", |
| 123 | + "secretValuesIncluded" |
| 124 | + ], |
| 125 | + "properties": { |
| 126 | + "includeRawContent": { "type": "boolean", "const": false }, |
| 127 | + "rawPromptContentIncluded": { "type": "boolean", "const": false }, |
| 128 | + "rawKvCacheContentIncluded": { "type": "boolean", "const": false }, |
| 129 | + "secretValuesIncluded": { "type": "boolean", "const": false } |
| 130 | + } |
| 131 | + }, |
| 132 | + "notes": { |
| 133 | + "type": "array", |
| 134 | + "items": { "type": "string" }, |
| 135 | + "minItems": 1 |
| 136 | + } |
| 137 | + } |
| 138 | +} |
0 commit comments