{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://stellaops.io/schemas/policy-pack.schema.json",
  "title": "Policy Pack Schema",
  "description": "Schema for StellaOps policy packs and overrides.",
  "type": "object",
  "required": ["apiVersion", "kind", "metadata", "spec"],
  "properties": {
    "apiVersion": {
      "type": "string",
      "pattern": "^policy\\.stellaops\\.io/v[0-9]+$"
    },
    "kind": {
      "type": "string",
      "enum": ["PolicyPack", "PolicyOverride"]
    },
    "metadata": {
      "type": "object",
      "required": ["name", "version"],
      "properties": {
        "name": { "type": "string" },
        "version": { "type": "string" },
        "description": { "type": "string" },
        "parent": { "type": "string" },
        "environment": { "type": "string" }
      },
      "additionalProperties": true
    },
    "spec": {
      "type": "object",
      "properties": {
        "settings": {
          "type": "object",
          "additionalProperties": true
        },
        "rules": {
          "type": "array",
          "items": { "$ref": "#/$defs/rule" }
        },
        "ruleOverrides": {
          "type": "array",
          "items": { "$ref": "#/$defs/ruleOverride" }
        },
        "additionalRules": {
          "type": "array",
          "items": { "$ref": "#/$defs/rule" }
        }
      },
      "additionalProperties": true
    }
  },
  "$defs": {
    "rule": {
      "type": "object",
      "required": ["name", "action"],
      "properties": {
        "name": { "type": "string" },
        "action": { "type": "string", "enum": ["allow", "warn", "block"] },
        "priority": { "type": "integer" },
        "description": { "type": "string" },
        "match": { "type": "object", "additionalProperties": true },
        "unless": { "type": "object", "additionalProperties": true },
        "require": { "type": "object", "additionalProperties": true },
        "message": { "type": "string" },
        "log": { "type": "boolean" },
        "enabled": { "type": "boolean" },
        "type": { "type": "string" }
      },
      "additionalProperties": true
    },
    "ruleOverride": {
      "type": "object",
      "required": ["name"],
      "properties": {
        "name": { "type": "string" },
        "action": { "type": "string", "enum": ["allow", "warn", "block"] },
        "enabled": { "type": "boolean" }
      },
      "additionalProperties": true
    }
  },
  "allOf": [
    {
      "if": { "properties": { "kind": { "const": "PolicyPack" } } },
      "then": { "properties": { "spec": { "required": ["rules"] } } }
    },
    {
      "if": { "properties": { "kind": { "const": "PolicyOverride" } } },
      "then": { "properties": { "metadata": { "required": ["parent", "environment"] } } }
    }
  ],
  "additionalProperties": true
}