{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://stella-ops.org/schemas/trust-vector/1.0.0", "title": "Trust Vector Schema", "description": "Schema for 3-component trust vectors (Provenance, Coverage, Replayability)", "type": "object", "required": [ "provenance", "coverage", "replayability" ], "properties": { "provenance": { "type": "number", "minimum": 0, "maximum": 1, "description": "Provenance score (P): cryptographic and process integrity of the source" }, "coverage": { "type": "number", "minimum": 0, "maximum": 1, "description": "Coverage score (C): how well the statement's scope maps to the target asset" }, "replayability": { "type": "number", "minimum": 0, "maximum": 1, "description": "Replayability score (R): whether the claim can be deterministically re-derived" } }, "additionalProperties": false, "$defs": { "TrustWeights": { "type": "object", "description": "Weights for computing BaseTrust = wP*P + wC*C + wR*R", "required": ["provenance", "coverage", "replayability"], "properties": { "provenance": { "type": "number", "minimum": 0, "maximum": 1, "default": 0.45, "description": "Weight for Provenance component (wP)" }, "coverage": { "type": "number", "minimum": 0, "maximum": 1, "default": 0.35, "description": "Weight for Coverage component (wC)" }, "replayability": { "type": "number", "minimum": 0, "maximum": 1, "default": 0.20, "description": "Weight for Replayability component (wR)" } }, "additionalProperties": false }, "SourceClassDefaults": { "type": "object", "description": "Default trust vectors by source classification", "properties": { "vendor": { "$ref": "#", "description": "Default vector for vendor sources (P=0.90, C=0.70, R=0.60)" }, "distro": { "$ref": "#", "description": "Default vector for distribution sources (P=0.80, C=0.85, R=0.60)" }, "internal": { "$ref": "#", "description": "Default vector for internal sources (P=0.85, C=0.95, R=0.90)" }, "hub": { "$ref": "#", "description": "Default vector for hub/aggregator sources (P=0.70, C=0.65, R=0.50)" }, "attestation": { "$ref": "#", "description": "Default vector for attestation sources (P=0.95, C=0.80, R=0.95)" } }, "additionalProperties": { "$ref": "#" } }, "ClaimStrength": { "type": "string", "enum": [ "exploitability_with_reachability", "config_with_evidence", "vendor_blanket", "under_investigation" ], "description": "Evidence-based claim strength categories" }, "ClaimStrengthMultipliers": { "type": "object", "description": "Multiplier values for each claim strength category", "properties": { "exploitability_with_reachability": { "type": "number", "const": 1.00, "description": "Exploitability analysis + reachability proof" }, "config_with_evidence": { "type": "number", "const": 0.80, "description": "Config/feature-flag reason with evidence" }, "vendor_blanket": { "type": "number", "const": 0.60, "description": "Vendor blanket statement" }, "under_investigation": { "type": "number", "const": 0.40, "description": "Under investigation status" } } }, "FreshnessConfig": { "type": "object", "description": "Configuration for freshness decay calculation", "properties": { "half_life_days": { "type": "number", "minimum": 1, "default": 90, "description": "Days until score halves" }, "floor": { "type": "number", "minimum": 0, "maximum": 1, "default": 0.35, "description": "Minimum freshness unless revoked" } }, "additionalProperties": false } } }