{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "urn:awoooi:security-finding-v1",
  "title": "AWOOOI 資安發現事件 (v1)",
  "description": "資安掃描與驗證結果的標準事件契約。初期只作為 observe-only / mirror-only evidence，不授權自動封鎖或自動修復。",
  "type": "object",
  "required": [
    "schema_version",
    "finding_id",
    "scan_run_id",
    "scanner",
    "asset_key",
    "target_type",
    "target",
    "category",
    "severity",
    "confidence",
    "recommended_mode",
    "evidence_ref",
    "summary",
    "recommended_action"
  ],
  "properties": {
    "schema_version": {
      "const": "security_finding_v1"
    },
    "finding_id": {
      "type": "string",
      "minLength": 8,
      "description": "穩定且可重算的 fingerprint。"
    },
    "scan_run_id": {
      "type": "string",
      "minLength": 1
    },
    "scanner": {
      "type": "string",
      "enum": [
        "kali",
        "trivy",
        "zap",
        "semgrep",
        "detect-secrets",
        "kube-bench",
        "manual",
        "other"
      ]
    },
    "scanner_version": {
      "type": "string"
    },
    "asset_key": {
      "type": "string",
      "minLength": 1
    },
    "target_type": {
      "type": "string",
      "enum": [
        "host",
        "website",
        "api_endpoint",
        "container",
        "package",
        "repo",
        "k8s_resource",
        "tool"
      ]
    },
    "target": {
      "type": "string",
      "minLength": 1,
      "description": "已脫敏 target identifier，不可含 raw secret、cookie 或 exploit payload。"
    },
    "category": {
      "type": "string",
      "enum": [
        "exposure",
        "cve",
        "secret",
        "misconfig",
        "auth",
        "tls",
        "web",
        "code",
        "supply_chain",
        "network"
      ]
    },
    "severity": {
      "type": "string",
      "enum": ["LOW", "MEDIUM", "HIGH", "CRITICAL"]
    },
    "confidence": {
      "type": "string",
      "enum": ["LOW", "MEDIUM", "HIGH"]
    },
    "status": {
      "type": "string",
      "enum": [
        "new",
        "confirmed",
        "false_positive",
        "accepted_risk",
        "fixed",
        "expired"
      ],
      "default": "new"
    },
    "recommended_mode": {
      "type": "string",
      "enum": [
        "observe",
        "warn",
        "approve_required",
        "block_candidate"
      ]
    },
    "evidence_ref": {
      "type": "string",
      "minLength": 1,
      "description": "指向已脫敏 evidence 的 reference。"
    },
    "summary": {
      "type": "string",
      "minLength": 1
    },
    "recommended_action": {
      "type": "string",
      "minLength": 1
    },
    "owner_team": {
      "type": "string"
    },
    "expires_at": {
      "type": "string",
      "format": "date-time"
    },
    "labels": {
      "type": "object",
      "additionalProperties": {
        "type": "string"
      }
    }
  },
  "additionalProperties": false
}