{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://stella-ops.org/schemas/sigstore-services/v1",
  "title": "Sigstore Services Map",
  "description": "Service discovery map for Sigstore infrastructure endpoints. Distributed via TUF for dynamic endpoint management without client reconfiguration.",
  "type": "object",
  "required": ["version", "rekor"],
  "properties": {
    "version": {
      "type": "integer",
      "minimum": 1,
      "description": "Schema version for forward compatibility"
    },
    "rekor": {
      "type": "object",
      "description": "Rekor transparency log configuration",
      "required": ["url"],
      "properties": {
        "url": {
          "type": "string",
          "format": "uri",
          "description": "Primary Rekor API endpoint"
        },
        "tile_base_url": {
          "type": "string",
          "format": "uri",
          "description": "Optional tile endpoint (defaults to {url}/tile/)"
        },
        "log_id": {
          "type": "string",
          "pattern": "^[a-f0-9]{64}$",
          "description": "SHA-256 hash of log public key (hex-encoded)"
        },
        "public_key_target": {
          "type": "string",
          "description": "TUF target name for Rekor public key"
        }
      }
    },
    "fulcio": {
      "type": "object",
      "description": "Fulcio certificate authority configuration",
      "properties": {
        "url": {
          "type": "string",
          "format": "uri",
          "description": "Fulcio API endpoint"
        },
        "root_cert_target": {
          "type": "string",
          "description": "TUF target name for Fulcio root certificate"
        }
      }
    },
    "ct_log": {
      "type": "object",
      "description": "Certificate Transparency log configuration",
      "properties": {
        "url": {
          "type": "string",
          "format": "uri",
          "description": "CT log API endpoint"
        },
        "public_key_target": {
          "type": "string",
          "description": "TUF target name for CT log public key"
        }
      }
    },
    "timestamp_authority": {
      "type": "object",
      "description": "Timestamp authority configuration",
      "properties": {
        "url": {
          "type": "string",
          "format": "uri",
          "description": "TSA endpoint"
        },
        "cert_chain_target": {
          "type": "string",
          "description": "TUF target name for TSA certificate chain"
        }
      }
    },
    "overrides": {
      "type": "object",
      "description": "Site-local endpoint overrides by environment",
      "additionalProperties": {
        "type": "object",
        "properties": {
          "rekor_url": {
            "type": "string",
            "format": "uri"
          },
          "fulcio_url": {
            "type": "string",
            "format": "uri"
          },
          "ct_log_url": {
            "type": "string",
            "format": "uri"
          }
        }
      }
    },
    "metadata": {
      "type": "object",
      "description": "Additional metadata",
      "properties": {
        "updated_at": {
          "type": "string",
          "format": "date-time",
          "description": "Last update timestamp"
        },
        "note": {
          "type": "string",
          "description": "Human-readable note about this configuration"
        }
      }
    }
  }
}