{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://stella-ops.org/schemas/claim-score/1.0.0", "title": "Claim Score Schema", "description": "Schema for VEX claim scoring in the trust lattice", "type": "object", "required": [ "source_id", "status", "base_trust", "strength_multiplier", "freshness_multiplier", "claim_score" ], "properties": { "source_id": { "type": "string", "description": "Identifier of the VEX source" }, "status": { "type": "string", "enum": ["affected", "not_affected", "fixed", "under_investigation"], "description": "VEX status asserted by this claim" }, "trust_vector": { "$ref": "trust-vector.schema.json", "description": "Trust vector for the source" }, "base_trust": { "type": "number", "minimum": 0, "maximum": 1, "description": "BaseTrust(S) = wP*P + wC*C + wR*R" }, "strength": { "type": "string", "enum": [ "exploitability_with_reachability", "config_with_evidence", "vendor_blanket", "under_investigation" ], "description": "Claim strength category" }, "strength_multiplier": { "type": "number", "minimum": 0, "maximum": 1, "description": "Strength multiplier (M) based on evidence quality" }, "issued_at": { "type": "string", "format": "date-time", "description": "When the claim was issued" }, "freshness_multiplier": { "type": "number", "minimum": 0, "maximum": 1, "description": "Freshness decay multiplier (F)" }, "claim_score": { "type": "number", "minimum": 0, "maximum": 1, "description": "Final score: BaseTrust * M * F" }, "adjusted_score": { "type": "number", "minimum": 0, "maximum": 1, "description": "Score after conflict penalty (if applicable)" }, "conflict_penalty_applied": { "type": "boolean", "default": false, "description": "Whether a conflict penalty was applied" }, "scope_specificity": { "type": "integer", "minimum": 1, "maximum": 5, "description": "Scope specificity level (1=exact digest, 5=platform)" }, "reason": { "type": "string", "description": "Human-readable reason for the claim" }, "evidence_refs": { "type": "array", "items": { "type": "string" }, "description": "References to supporting evidence" } }, "additionalProperties": false, "$defs": { "ScoredClaimSet": { "type": "object", "description": "A set of scored claims for a single (asset, vulnerability) pair", "required": [ "asset_digest", "vulnerability_id", "claims" ], "properties": { "asset_digest": { "type": "string", "pattern": "^sha256:[a-f0-9]{64}$", "description": "SHA256 digest of the asset" }, "vulnerability_id": { "type": "string", "description": "Vulnerability identifier" }, "claims": { "type": "array", "items": { "$ref": "#" }, "description": "Scored claims for this asset/vulnerability" }, "has_conflict": { "type": "boolean", "description": "Whether conflicting claims exist" }, "winner": { "$ref": "#", "description": "The winning claim" }, "evaluated_at": { "type": "string", "format": "date-time", "description": "When the scoring was performed" } }, "additionalProperties": false }, "MergeResult": { "type": "object", "description": "Result of merging multiple claims into a verdict", "required": [ "status", "confidence", "policy_hash", "lattice_version" ], "properties": { "status": { "type": "string", "enum": ["affected", "not_affected", "fixed", "under_investigation"], "description": "Merged verdict status" }, "confidence": { "type": "number", "minimum": 0, "maximum": 1, "description": "Confidence in the verdict" }, "explanations": { "type": "array", "items": { "$ref": "#" }, "description": "All claims considered" }, "evidence_refs": { "type": "array", "items": { "type": "string" }, "description": "Aggregated evidence references" }, "policy_hash": { "type": "string", "pattern": "^sha256:[a-f0-9]{64}$", "description": "Hash of the policy file" }, "lattice_version": { "type": "string", "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+$", "description": "Trust lattice version" }, "gates_passed": { "type": "array", "items": { "type": "string" }, "description": "Policy gates that passed" }, "gates_failed": { "type": "array", "items": { "type": "string" }, "description": "Policy gates that failed" } }, "additionalProperties": false }, "ConflictResolution": { "type": "object", "description": "Details of how a conflict was resolved", "properties": { "conflict_detected": { "type": "boolean", "description": "Whether a conflict was detected" }, "conflicting_statuses": { "type": "array", "items": { "type": "string", "enum": ["affected", "not_affected", "fixed", "under_investigation"] }, "description": "Distinct statuses in conflict" }, "penalty_applied": { "type": "number", "default": 0.25, "description": "Penalty applied to weaker claims" }, "resolution_reason": { "type": "string", "description": "Explanation of resolution method" } }, "additionalProperties": false } } }