{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://stella-ops.org/schemas/verdict.stella/v1.json",
  "title": "Verdict Receipt Predicate Schema",
  "description": "Schema for verdict.stella/v1 predicate type - final surfaced decision receipt",
  "type": "object",
  "required": [
    "graphRevisionId",
    "findingKey",
    "rule",
    "decision",
    "inputs",
    "outputs",
    "createdAt"
  ],
  "properties": {
    "graphRevisionId": {
      "type": "string",
      "pattern": "^grv_sha256:[a-f0-9]{64}$",
      "description": "The graph revision ID this verdict was computed from"
    },
    "findingKey": {
      "type": "object",
      "required": ["sbomEntryId", "vulnerabilityId"],
      "properties": {
        "sbomEntryId": {
          "type": "string",
          "pattern": "^sha256:[a-f0-9]{64}:pkg:.+",
          "description": "The SBOM entry ID for the component"
        },
        "vulnerabilityId": {
          "type": "string",
          "pattern": "^(CVE-[0-9]{4}-[0-9]+|GHSA-.+)$",
          "description": "The vulnerability ID"
        }
      },
      "additionalProperties": false
    },
    "rule": {
      "type": "object",
      "required": ["id", "version"],
      "properties": {
        "id": {
          "type": "string",
          "minLength": 1,
          "description": "Unique identifier of the rule"
        },
        "version": {
          "type": "string",
          "description": "Version of the rule"
        }
      },
      "additionalProperties": false
    },
    "decision": {
      "type": "object",
      "required": ["status", "reason"],
      "properties": {
        "status": {
          "type": "string",
          "enum": ["block", "warn", "pass"],
          "description": "Status of the decision"
        },
        "reason": {
          "type": "string",
          "minLength": 1,
          "description": "Human-readable reason for the decision"
        }
      },
      "additionalProperties": false
    },
    "inputs": {
      "type": "object",
      "required": ["sbomDigest", "feedsDigest", "policyDigest"],
      "properties": {
        "sbomDigest": {
          "type": "string",
          "pattern": "^sha256:[a-f0-9]{64}$",
          "description": "Digest of the SBOM used"
        },
        "feedsDigest": {
          "type": "string",
          "pattern": "^sha256:[a-f0-9]{64}$",
          "description": "Digest of the advisory feeds used"
        },
        "policyDigest": {
          "type": "string",
          "pattern": "^sha256:[a-f0-9]{64}$",
          "description": "Digest of the policy bundle used"
        }
      },
      "additionalProperties": false
    },
    "outputs": {
      "type": "object",
      "required": ["proofBundleId", "reasoningId", "vexVerdictId"],
      "properties": {
        "proofBundleId": {
          "type": "string",
          "pattern": "^sha256:[a-f0-9]{64}$",
          "description": "The proof bundle ID containing the evidence chain"
        },
        "reasoningId": {
          "type": "string",
          "pattern": "^sha256:[a-f0-9]{64}$",
          "description": "The reasoning ID explaining the decision"
        },
        "vexVerdictId": {
          "type": "string",
          "pattern": "^sha256:[a-f0-9]{64}$",
          "description": "The VEX verdict ID for this finding"
        }
      },
      "additionalProperties": false
    },
    "createdAt": {
      "type": "string",
      "format": "date-time",
      "description": "UTC timestamp when this verdict was created"
    }
  },
  "additionalProperties": false
}