{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "https://stella-ops.org/schemas/scanner-offline-kit-config.schema.json", "title": "Scanner Offline Kit Configuration", "type": "object", "description": "Schema for the `scanner.offlineKit` configuration section used by Scanner WebService/Worker for offline kit verification.", "properties": { "enabled": { "type": "boolean", "default": false, "description": "Enable offline kit operations (opt-in)." }, "requireDsse": { "type": "boolean", "default": true, "description": "Fail import if DSSE verification fails." }, "rekorOfflineMode": { "type": "boolean", "default": true, "description": "Use only local Rekor snapshots; do not call online Rekor APIs." }, "attestationVerifier": { "type": "string", "format": "uri", "description": "URL of internal attestation verifier service." }, "trustRootDirectory": { "type": "string", "description": "Path to directory containing trust root public keys." }, "rekorSnapshotDirectory": { "type": "string", "description": "Path to Rekor snapshot directory." }, "trustAnchors": { "type": "array", "items": { "type": "object", "required": [ "anchorId", "purlPattern", "allowedKeyids" ], "properties": { "anchorId": { "type": "string", "minLength": 1 }, "purlPattern": { "type": "string", "minLength": 1, "examples": [ "pkg:npm/*", "pkg:maven/org.apache.*", "*" ] }, "allowedKeyids": { "type": "array", "items": { "type": "string" }, "minItems": 1 }, "description": { "type": "string" }, "expiresAt": { "type": "string", "format": "date-time" }, "minSignatures": { "type": "integer", "minimum": 1, "default": 1 } } } } } }