{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://stellaops.io/schemas/evidence-locker/portable-audit-pack-manifest.v1.schema.json",
  "title": "StellaOps Portable Audit Pack Manifest v1",
  "type": "object",
  "additionalProperties": false,
  "required": [
    "spec_version",
    "created_utc",
    "artifact",
    "files",
    "digests",
    "rekor",
    "timestamps",
    "verifiers"
  ],
  "properties": {
    "spec_version": {
      "type": "string",
      "const": "1.0"
    },
    "created_utc": {
      "type": "string",
      "format": "date-time"
    },
    "artifact": {
      "$ref": "#/$defs/artifact"
    },
    "files": {
      "type": "object",
      "minProperties": 3,
      "required": [
        "canonical_bom.json",
        "dsse_envelope.json",
        "manifest.sig"
      ],
      "propertyNames": {
        "type": "string",
        "minLength": 1,
        "pattern": "^[^\\\\]+$"
      },
      "additionalProperties": {
        "$ref": "#/$defs/fileEntry"
      }
    },
    "digests": {
      "$ref": "#/$defs/digests"
    },
    "rekor": {
      "$ref": "#/$defs/rekor"
    },
    "timestamps": {
      "$ref": "#/$defs/timestamps"
    },
    "verifiers": {
      "$ref": "#/$defs/verifiers"
    },
    "compatibility": {
      "$ref": "#/$defs/compatibility"
    }
  },
  "$defs": {
    "sha256": {
      "type": "string",
      "pattern": "^[a-f0-9]{64}$"
    },
    "artifact": {
      "type": "object",
      "additionalProperties": false,
      "required": [
        "name",
        "version",
        "digest",
        "media_type"
      ],
      "properties": {
        "name": {
          "type": "string",
          "minLength": 1
        },
        "version": {
          "type": "string",
          "minLength": 1
        },
        "digest": {
          "type": "object",
          "additionalProperties": false,
          "required": [
            "sha256"
          ],
          "properties": {
            "sha256": {
              "$ref": "#/$defs/sha256"
            }
          }
        },
        "media_type": {
          "type": "string",
          "minLength": 1
        }
      }
    },
    "fileEntry": {
      "type": "object",
      "additionalProperties": false,
      "required": [
        "sha256",
        "size",
        "content_type"
      ],
      "properties": {
        "sha256": {
          "$ref": "#/$defs/sha256"
        },
        "size": {
          "type": "integer",
          "minimum": 0
        },
        "content_type": {
          "type": "string",
          "minLength": 1
        },
        "compression": {
          "type": "string",
          "enum": [
            "none",
            "gzip",
            "zstd",
            "snappy"
          ]
        },
        "schema_fingerprint": {
          "type": "string",
          "minLength": 1
        }
      }
    },
    "digests": {
      "type": "object",
      "additionalProperties": false,
      "required": [
        "canonical_bom_sha256",
        "dsse_payload_digest"
      ],
      "properties": {
        "canonical_bom_sha256": {
          "$ref": "#/$defs/sha256"
        },
        "dsse_payload_digest": {
          "type": "object",
          "additionalProperties": false,
          "required": [
            "sha256"
          ],
          "properties": {
            "sha256": {
              "$ref": "#/$defs/sha256"
            }
          }
        }
      }
    },
    "rekor": {
      "type": "object",
      "additionalProperties": false,
      "required": [
        "log_id",
        "api_version",
        "tile_refs",
        "root_hash"
      ],
      "properties": {
        "log_id": {
          "type": "string",
          "minLength": 1
        },
        "api_version": {
          "type": "string",
          "const": "2"
        },
        "tile_refs": {
          "type": "array",
          "minItems": 1,
          "items": {
            "type": "object",
            "additionalProperties": false,
            "required": [
              "path",
              "covers"
            ],
            "properties": {
              "path": {
                "type": "string",
                "pattern": "^rekor/"
              },
              "covers": {
                "type": "array",
                "minItems": 1,
                "items": {
                  "type": "string",
                  "pattern": "^SHA256:[A-Fa-f0-9]{64}$"
                }
              }
            }
          }
        },
        "root_hash": {
          "$ref": "#/$defs/sha256"
        }
      }
    },
    "timestamps": {
      "type": "object",
      "additionalProperties": false,
      "required": [
        "bom_canonicalized",
        "dsse_signed",
        "rekor_included"
      ],
      "properties": {
        "bom_canonicalized": {
          "type": "string",
          "format": "date-time"
        },
        "dsse_signed": {
          "type": "string",
          "format": "date-time"
        },
        "rekor_included": {
          "type": "string",
          "format": "date-time"
        }
      }
    },
    "verifiers": {
      "type": "object",
      "additionalProperties": false,
      "required": [
        "pubkeys"
      ],
      "properties": {
        "pubkeys": {
          "type": "array",
          "minItems": 1,
          "items": {
            "$ref": "#/$defs/pubkey"
          }
        },
        "rekor_pub": {
          "type": "object",
          "additionalProperties": false,
          "required": [
            "type",
            "key_material"
          ],
          "properties": {
            "type": {
              "type": "string",
              "enum": [
                "rekor-checkpoint",
                "rekor-key-hash"
              ]
            },
            "key_material": {
              "type": "string",
              "minLength": 1
            }
          }
        }
      }
    },
    "pubkey": {
      "type": "object",
      "additionalProperties": false,
      "required": [
        "id",
        "type",
        "public_key",
        "usage"
      ],
      "properties": {
        "id": {
          "type": "string",
          "minLength": 1
        },
        "type": {
          "type": "string",
          "enum": [
            "ed25519",
            "ecdsa-p256",
            "rsa-4096"
          ]
        },
        "public_key": {
          "type": "string",
          "minLength": 1
        },
        "usage": {
          "type": "array",
          "minItems": 1,
          "items": {
            "type": "string",
            "enum": [
              "dsse",
              "manifest-signing",
              "checkpoint-verification"
            ]
          }
        }
      }
    },
    "compatibility": {
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "legacy_manifest_version": {
          "type": "string"
        },
        "legacy_bundle_id": {
          "type": "string"
        },
        "migration_notes": {
          "type": "array",
          "items": {
            "type": "string"
          }
        }
      }
    }
  }
}