{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://stella-ops.org/schemas/evidence.stella/v1.json",
  "title": "Evidence Predicate Schema",
  "description": "Schema for evidence.stella/v1 predicate type - raw evidence from scanner or feed",
  "type": "object",
  "required": [
    "source",
    "sourceVersion",
    "collectionTime",
    "sbomEntryId",
    "rawFinding",
    "evidenceId"
  ],
  "properties": {
    "source": {
      "type": "string",
      "minLength": 1,
      "description": "Scanner or feed name that produced this evidence"
    },
    "sourceVersion": {
      "type": "string",
      "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+.*$",
      "description": "Version of the source tool"
    },
    "collectionTime": {
      "type": "string",
      "format": "date-time",
      "description": "UTC timestamp when evidence was collected"
    },
    "sbomEntryId": {
      "type": "string",
      "pattern": "^sha256:[a-f0-9]{64}:pkg:.+",
      "description": "Reference to the SBOM entry this evidence relates to"
    },
    "vulnerabilityId": {
      "type": "string",
      "pattern": "^(CVE-[0-9]{4}-[0-9]+|GHSA-.+)$",
      "description": "CVE or vulnerability identifier if applicable"
    },
    "rawFinding": {
      "type": ["object", "string"],
      "description": "Pointer to or inline representation of raw finding data"
    },
    "evidenceId": {
      "type": "string",
      "pattern": "^sha256:[a-f0-9]{64}$",
      "description": "Content-addressed ID of this evidence (hash of canonical JSON)"
    }
  },
  "additionalProperties": false
}