Operation-level semantic metadata schema for API policy and authorization.
https://shaalin.github.io/x-intent-schema/schemas/x-intent/v1/schema.json
- Effects are declarative. They describe policy-relevant intent, not an exhaustive runtime trace.
- Effects are cumulative and unordered. The array has no sequence; order carries no meaning.
- Target is a semantic boundary. It identifies the resource domain (e.g.,
billing.invoice), not a runtime scope, IAM resource, or specific object ID.
See docs/semantics.md for full details.
schemas/x-intent/v1/schema.json
| File | Description |
|---|---|
| minimal.json | Simplest valid intent (read, no optional fields) |
| read-only.json | Read with data classification |
| draft-mutate.json | Multi-effect: read + mutate |
| external-financial-high-risk.json | High-risk financial transfer with external call |
| Field | Required | Description |
|---|---|---|
ver |
yes | Schema version ("1") |
operation_class |
yes | Stable semantic identifier for the operation |
effects |
yes | Declarative policy-relevant effects (array) |
effects[].kind |
yes | Effect category (read, mutate, delete, etc.) |
effects[].target |
no | Affected domain/subsystem |
effects[].risk |
no | Risk level (low, medium, high) |
effects[].data.class |
no | Data classification |
effects[].data.pii |
no | PII indicator |
- Overview — What x-intent is and isn't
- Semantics — Field definitions and rules
- Publishing — Hosting and versioning guidance
pip install -r requirements.txt
python validate.pyThis repo defines only the x-intent schema. It does not include runtime grants, policy engines, or implementation details.
Apache 2.0