{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://stellaops.io/schemas/authority-effective-write.v1.json", "title": "AuthorityEffectiveWrite", "description": "Authority effective:write contract for effective policy and scope attachment management", "type": "object", "$defs": { "EffectivePolicy": { "type": "object", "description": "An effective policy binding that maps a policy to subjects", "required": ["effectivePolicyId", "tenantId", "policyId", "policyVersion", "subjectPattern", "priority", "enabled"], "properties": { "effectivePolicyId": { "type": "string", "format": "uuid", "description": "Auto-generated unique identifier" }, "tenantId": { "type": "string", "description": "Tenant this policy applies to" }, "policyId": { "type": "string", "description": "Reference to the policy pack" }, "policyVersion": { "type": "string", "pattern": "^\\d+\\.\\d+\\.\\d+$", "description": "SemVer of the policy" }, "subjectPattern": { "type": "string", "description": "Glob-style pattern matching subjects", "examples": ["pkg:npm/*", "pkg:maven/com.example/*", "*"] }, "priority": { "type": "integer", "minimum": 0, "description": "Higher priority wins when patterns overlap" }, "enabled": { "type": "boolean", "default": true }, "expiresAt": { "type": "string", "format": "date-time", "description": "Optional expiration time" }, "scopes": { "type": "array", "items": {"type": "string"}, "description": "Attached scope names" }, "createdAt": { "type": "string", "format": "date-time" }, "createdBy": { "type": "string", "description": "Actor who created this binding" }, "updatedAt": { "type": "string", "format": "date-time" } } }, "ScopeAttachment": { "type": "object", "description": "Attachment of a scope to an effective policy with conditions", "required": ["attachmentId", "effectivePolicyId", "scope"], "properties": { "attachmentId": { "type": "string", "format": "uuid" }, "effectivePolicyId": { "type": "string", "format": "uuid" }, "scope": { "type": "string", "description": "Scope name being attached", "examples": ["policy:read", "policy:write", "findings:read"] }, "conditions": { "$ref": "#/$defs/AttachmentConditions" }, "createdAt": { "type": "string", "format": "date-time" } } }, "AttachmentConditions": { "type": "object", "description": "Conditions under which the scope attachment applies", "properties": { "repositories": { "type": "array", "items": {"type": "string"}, "description": "Repository patterns (glob)" }, "environments": { "type": "array", "items": {"type": "string"}, "description": "Environment names", "examples": [["production", "staging"]] }, "branches": { "type": "array", "items": {"type": "string"}, "description": "Branch patterns (glob)" }, "timeWindow": { "$ref": "#/$defs/TimeWindow" } } }, "TimeWindow": { "type": "object", "properties": { "notBefore": { "type": "string", "format": "date-time" }, "notAfter": { "type": "string", "format": "date-time" } } }, "CreateEffectivePolicyRequest": { "type": "object", "required": ["tenantId", "policyId", "policyVersion", "subjectPattern"], "properties": { "tenantId": {"type": "string"}, "policyId": {"type": "string"}, "policyVersion": {"type": "string"}, "subjectPattern": {"type": "string"}, "priority": { "type": "integer", "default": 0 }, "enabled": { "type": "boolean", "default": true }, "expiresAt": { "type": "string", "format": "date-time" } } }, "AttachScopeRequest": { "type": "object", "required": ["effectivePolicyId", "scope"], "properties": { "effectivePolicyId": {"type": "string", "format": "uuid"}, "scope": {"type": "string"}, "conditions": {"$ref": "#/$defs/AttachmentConditions"} } }, "ResolvePolicyRequest": { "type": "object", "required": ["subject"], "properties": { "subject": { "type": "string", "description": "Subject to resolve policy for", "examples": ["pkg:npm/lodash@4.17.20"] }, "tenantId": { "type": "string" } } }, "ResolvePolicyResponse": { "type": "object", "required": ["resolved"], "properties": { "resolved": { "type": "boolean" }, "effectivePolicy": { "$ref": "#/$defs/EffectivePolicy" }, "matchedPattern": { "type": "string" }, "priority": { "type": "integer" } } }, "PriorityResolutionRule": { "type": "object", "description": "Rules for resolving priority conflicts", "properties": { "rules": { "type": "array", "items": { "type": "object", "properties": { "order": {"type": "integer"}, "description": {"type": "string"} } }, "default": [ {"order": 1, "description": "Higher priority value wins"}, {"order": 2, "description": "More specific pattern wins (longest match)"}, {"order": 3, "description": "Most recently updated wins"} ] } } } }, "examples": [ { "effectivePolicyId": "550e8400-e29b-41d4-a716-446655440000", "tenantId": "default", "policyId": "default-policy", "policyVersion": "1.0.0", "subjectPattern": "pkg:npm/*", "priority": 10, "enabled": true, "scopes": ["policy:read", "findings:read"], "createdAt": "2025-12-06T00:00:00Z", "createdBy": "system" } ] }