stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
05597616d6c82ba8d9c41021c2fe7b6b3a946105
git.stella-ops.org/docs/schemas/authority-effective-write.schema.json
StellaOps Bot 05597616d6 feat: Add Go module and workspace test fixtures 
- Created expected JSON files for Go modules and workspaces.
- Added go.mod and go.sum files for example projects.
- Implemented private module structure with expected JSON output.
- Introduced vendored dependencies with corresponding expected JSON.
- Developed PostgresGraphJobStore for managing graph jobs.
- Established SQL migration scripts for graph jobs schema.
- Implemented GraphJobRepository for CRUD operations on graph jobs.
- Created IGraphJobRepository interface for repository abstraction.
- Added unit tests for GraphJobRepository to ensure functionality.
2025-12-06 20:04:03 +02:00

234 lines
6.6 KiB
JSON
Raw Blame History

{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://stellaops.io/schemas/authority-effective-write.v1.json",
"title": "AuthorityEffectiveWrite",
"description": "Authority effective:write contract for effective policy and scope attachment management",
"type": "object",
"$defs": {
"EffectivePolicy": {
"type": "object",
"description": "An effective policy binding that maps a policy to subjects",
"required": ["effectivePolicyId", "tenantId", "policyId", "policyVersion", "subjectPattern", "priority", "enabled"],
"properties": {
"effectivePolicyId": {
"type": "string",
"format": "uuid",
"description": "Auto-generated unique identifier"
},
"tenantId": {
"type": "string",
"description": "Tenant this policy applies to"
},
"policyId": {
"type": "string",
"description": "Reference to the policy pack"
},
"policyVersion": {
"type": "string",
"pattern": "^\\d+\\.\\d+\\.\\d+$",
"description": "SemVer of the policy"
},
"subjectPattern": {
"type": "string",
"description": "Glob-style pattern matching subjects",
"examples": ["pkg:npm/*", "pkg:maven/com.example/*", "*"]
},
"priority": {
"type": "integer",
"minimum": 0,
"description": "Higher priority wins when patterns overlap"
},
"enabled": {
"type": "boolean",
"default": true
},
"expiresAt": {
"type": "string",
"format": "date-time",
"description": "Optional expiration time"
},
"scopes": {
"type": "array",
"items": {"type": "string"},
"description": "Attached scope names"
},
"createdAt": {
"type": "string",
"format": "date-time"
},
"createdBy": {
"type": "string",
"description": "Actor who created this binding"
},
"updatedAt": {
"type": "string",
"format": "date-time"
}
}
},
"ScopeAttachment": {
"type": "object",
"description": "Attachment of a scope to an effective policy with conditions",
"required": ["attachmentId", "effectivePolicyId", "scope"],
"properties": {
"attachmentId": {
"type": "string",
"format": "uuid"
},
"effectivePolicyId": {
"type": "string",
"format": "uuid"
},
"scope": {
"type": "string",
"description": "Scope name being attached",
"examples": ["policy:read", "policy:write", "findings:read"]
},
"conditions": {
"$ref": "#/$defs/AttachmentConditions"
},
"createdAt": {
"type": "string",
"format": "date-time"
}
}
},
"AttachmentConditions": {
"type": "object",
"description": "Conditions under which the scope attachment applies",
"properties": {
"repositories": {
"type": "array",
"items": {"type": "string"},
"description": "Repository patterns (glob)"
},
"environments": {
"type": "array",
"items": {"type": "string"},
"description": "Environment names",
"examples": [["production", "staging"]]
},
"branches": {
"type": "array",
"items": {"type": "string"},
"description": "Branch patterns (glob)"
},
"timeWindow": {
"$ref": "#/$defs/TimeWindow"
}
}
},
"TimeWindow": {
"type": "object",
"properties": {
"notBefore": {
"type": "string",
"format": "date-time"
},
"notAfter": {
"type": "string",
"format": "date-time"
}
}
},
"CreateEffectivePolicyRequest": {
"type": "object",
"required": ["tenantId", "policyId", "policyVersion", "subjectPattern"],
"properties": {
"tenantId": {"type": "string"},
"policyId": {"type": "string"},
"policyVersion": {"type": "string"},
"subjectPattern": {"type": "string"},
"priority": {
"type": "integer",
"default": 0
},
"enabled": {
"type": "boolean",
"default": true
},
"expiresAt": {
"type": "string",
"format": "date-time"
}
}
},
"AttachScopeRequest": {
"type": "object",
"required": ["effectivePolicyId", "scope"],
"properties": {
"effectivePolicyId": {"type": "string", "format": "uuid"},
"scope": {"type": "string"},
"conditions": {"$ref": "#/$defs/AttachmentConditions"}
}
},
"ResolvePolicyRequest": {
"type": "object",
"required": ["subject"],
"properties": {
"subject": {
"type": "string",
"description": "Subject to resolve policy for",
"examples": ["pkg:npm/lodash@4.17.20"]
},
"tenantId": {
"type": "string"
}
}
},
"ResolvePolicyResponse": {
"type": "object",
"required": ["resolved"],
"properties": {
"resolved": {
"type": "boolean"
},
"effectivePolicy": {
"$ref": "#/$defs/EffectivePolicy"
},
"matchedPattern": {
"type": "string"
},
"priority": {
"type": "integer"
}
}
},
"PriorityResolutionRule": {
"type": "object",
"description": "Rules for resolving priority conflicts",
"properties": {
"rules": {
"type": "array",
"items": {
"type": "object",
"properties": {
"order": {"type": "integer"},
"description": {"type": "string"}
}
},
"default": [
{"order": 1, "description": "Higher priority value wins"},
{"order": 2, "description": "More specific pattern wins (longest match)"},
{"order": 3, "description": "Most recently updated wins"}
]
}
}
}
},
"examples": [
{
"effectivePolicyId": "550e8400-e29b-41d4-a716-446655440000",
"tenantId": "default",
"policyId": "default-policy",
"policyVersion": "1.0.0",
"subjectPattern": "pkg:npm/*",
"priority": 10,
"enabled": true,
"scopes": ["policy:read", "findings:read"],
"createdAt": "2025-12-06T00:00:00Z",
"createdBy": "system"
}
]
}
Reference in New Issue View Git Blame Copy Permalink