{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://stellaops.dev/schemas/evidence/audit-bundle-index.schema.json",
  "title": "StellaOps Audit Bundle Index",
  "description": "Index/manifest for audit bundles with integrity hashes and referenced artifacts.",
  "type": "object",
  "additionalProperties": false,
  "required": [
    "manifestVersion",
    "bundleId",
    "createdAt",
    "subject",
    "artifacts",
    "verification"
  ],
  "properties": {
    "manifestVersion": { "type": "string", "minLength": 1 },
    "bundleId": { "type": "string", "minLength": 1 },
    "createdAt": { "type": "string", "format": "date-time" },
    "subject": { "$ref": "#/$defs/subject" },
    "artifacts": {
      "type": "array",
      "minItems": 1,
      "items": { "$ref": "#/$defs/artifact" }
    },
    "verification": { "$ref": "#/$defs/verification" },
    "transparency": { "$ref": "#/$defs/transparency" },
    "timestamps": {
      "type": "array",
      "items": { "$ref": "#/$defs/timestampEntry" }
    }
  },
  "$defs": {
    "subject": {
      "type": "object",
      "additionalProperties": false,
      "required": ["type", "digest"],
      "properties": {
        "type": { "type": "string", "minLength": 1 },
        "digest": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" },
        "name": { "type": "string" }
      }
    },
    "artifact": {
      "type": "object",
      "additionalProperties": false,
      "required": ["path", "type", "digest", "size"],
      "properties": {
        "path": { "type": "string", "minLength": 1 },
        "type": { "type": "string", "minLength": 1 },
        "format": { "type": "string" },
        "digest": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" },
        "size": { "type": "integer", "minimum": 0 },
        "mediaType": { "type": "string" },
        "predicateType": { "type": "string" },
        "signedBy": {
          "type": "array",
          "items": { "type": "string" }
        },
        "attributes": {
          "type": "object",
          "additionalProperties": { "type": "string" }
        }
      }
    },
    "verification": {
      "type": "object",
      "additionalProperties": false,
      "required": ["merkleRoot", "algorithm", "checksumFile"],
      "properties": {
        "merkleRoot": { "type": "string", "pattern": "^sha256:[0-9a-f]{64}$" },
        "algorithm": { "type": "string", "minLength": 1 },
        "checksumFile": { "type": "string", "minLength": 1 }
      }
    },
    "transparency": {
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "rekorEntries": {
          "type": "array",
          "items": { "$ref": "#/$defs/rekorEntry" }
        }
      }
    },
    "rekorEntry": {
      "type": "object",
      "additionalProperties": false,
      "required": ["uuid", "logIndex"],
      "properties": {
        "uuid": { "type": "string", "minLength": 1 },
        "logIndex": { "type": "integer", "minimum": 0 },
        "rootHash": { "type": "string" },
        "inclusionProofPath": { "type": "string" },
        "logUrl": { "type": "string" }
      }
    },
    "timestampEntry": {
      "type": "object",
      "additionalProperties": false,
      "required": ["tokenPath", "hashAlgorithm"],
      "properties": {
        "tokenPath": { "type": "string", "minLength": 1 },
        "hashAlgorithm": { "type": "string", "minLength": 1 },
        "signedAt": { "type": "string", "format": "date-time" },
        "tsaName": { "type": "string" },
        "tsaUrl": { "type": "string" }
      }
    }
  }
}