save work

docs/schemas/rekor-receipt.schema.json

@@ -0,0 +1,39 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://stella-ops.org/schemas/rekor-receipt.schema.json",
+  "title": "StellaOps Rekor Receipt Schema",
+  "description": "Schema for offline Rekor receipt payloads (rekor-receipt.json) used for air-gapped verification. See docs/modules/attestor/transparency.md and docs/product-advisories/14-Dec-2025 - Offline and Air-Gap Technical Reference.md (Section 1.4).",
+  "type": "object",
+  "additionalProperties": false,
+  "required": ["uuid", "logIndex", "rootHash", "hashes", "checkpoint"],
+  "properties": {
+    "uuid": {
+      "type": "string",
+      "minLength": 1,
+      "description": "Rekor entry UUID."
+    },
+    "logIndex": {
+      "type": "integer",
+      "minimum": 0,
+      "description": "Rekor log index."
+    },
+    "rootHash": {
+      "type": "string",
+      "pattern": "^[a-f0-9]{64}$",
+      "description": "Expected Merkle tree root hash as lowercase hex (32 bytes)."
+    },
+    "hashes": {
+      "type": "array",
+      "description": "Merkle inclusion path hashes ordered as provided by Rekor (each is lowercase hex, 32 bytes).",
+      "items": {
+        "type": "string",
+        "pattern": "^[a-f0-9]{64}$"
+      }
+    },
+    "checkpoint": {
+      "type": "string",
+      "minLength": 1,
+      "description": "Signed checkpoint note (UTF-8) either inline (body lines: origin, tree size, base64 root, optional timestamp, and optional signature block(s)) or a path resolved relative to the receipt file (e.g., checkpoint.sig or tlog/checkpoint.sig)."
+    }
+  }
+}