awoooi/docs/schemas/high_value_config_control_coverage_v1.schema.json

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://awoooi.wooo.work/schemas/high_value_config_control_coverage_v1.schema.json",
  "title": "IwoooS 高價值配置控管覆蓋矩陣",
  "type": "object",
  "additionalProperties": false,
  "required": [
    "schema_version",
    "generated_at",
    "git_commit",
    "source_category_definition",
    "status",
    "summary",
    "execution_boundaries",
    "coverage_categories",
    "lowest_coverage_categories",
    "next_collection_order",
    "operator_interpretation"
  ],
  "properties": {
    "schema_version": {
      "const": "high_value_config_control_coverage_v1"
    },
    "generated_at": {
      "type": "string"
    },
    "git_commit": {
      "type": "string"
    },
    "source_category_definition": {
      "const": "scripts/security/high-value-config-change-gate.py"
    },
    "status": {
      "const": "coverage_matrix_ready"
    },
    "summary": {
      "type": "object",
      "additionalProperties": false,
      "required": [
        "category_count",
        "c0_category_count",
        "c1_category_count",
        "c2_category_count",
        "c3_category_count",
        "registered_control_count",
        "owner_response_required_count",
        "owner_response_received_count",
        "owner_response_accepted_count",
        "runtime_gate_count",
        "action_button_count",
        "average_coverage_percent",
        "needs_live_evidence_count",
        "lowest_coverage_category_count"
      ],
      "properties": {
        "category_count": { "type": "integer", "minimum": 1 },
        "c0_category_count": { "type": "integer", "minimum": 0 },
        "c1_category_count": { "type": "integer", "minimum": 0 },
        "c2_category_count": { "type": "integer", "minimum": 0 },
        "c3_category_count": { "type": "integer", "minimum": 0 },
        "registered_control_count": { "type": "integer", "minimum": 1 },
        "owner_response_required_count": { "type": "integer", "minimum": 0 },
        "owner_response_received_count": { "const": 0 },
        "owner_response_accepted_count": { "const": 0 },
        "runtime_gate_count": { "const": 0 },
        "action_button_count": { "const": 0 },
        "average_coverage_percent": { "type": "integer", "minimum": 0, "maximum": 100 },
        "needs_live_evidence_count": { "type": "integer", "minimum": 0 },
        "lowest_coverage_category_count": { "type": "integer", "minimum": 0 }
      }
    },
    "execution_boundaries": {
      "type": "object",
      "additionalProperties": { "const": false },
      "required": [
        "runtime_execution_authorized",
        "host_write_authorized",
        "nginx_reload_authorized",
        "dns_tls_change_authorized",
        "certbot_renew_authorized",
        "argocd_sync_authorized",
        "kubectl_action_authorized",
        "backup_run_authorized",
        "restore_run_authorized",
        "restore_drill_authorized",
        "offsite_sync_authorized",
        "offsite_remote_delete_authorized",
        "credential_escrow_marker_write_authorized",
        "retention_change_authorized",
        "restic_prune_authorized",
        "rclone_config_authorized",
        "velero_restore_authorized",
        "workflow_modification_authorized",
        "runner_change_authorized",
        "refs_sync_authorized",
        "force_push_authorized",
        "secret_value_collection_allowed",
        "active_scan_authorized",
        "agent_bounty_runtime_authorized",
        "payout_or_withdrawal_authorized",
        "action_buttons_allowed"
      ]
    },
    "coverage_categories": {
      "type": "array",
      "minItems": 1,
      "items": {
        "$ref": "#/$defs/coverage_category"
      }
    },
    "lowest_coverage_categories": {
      "type": "array",
      "items": {
        "type": "object",
        "additionalProperties": false,
        "required": [
          "category_id",
          "label",
          "coverage_percent",
          "current_gap",
          "next_owner_action"
        ],
        "properties": {
          "category_id": { "type": "string" },
          "label": { "type": "string" },
          "coverage_percent": { "type": "integer", "minimum": 0, "maximum": 100 },
          "current_gap": { "type": "string" },
          "next_owner_action": { "type": "string" }
        }
      }
    },
    "next_collection_order": {
      "type": "array",
      "items": { "type": "string" }
    },
    "operator_interpretation": {
      "type": "array",
      "items": { "type": "string" }
    }
  },
  "$defs": {
    "coverage_category": {
      "type": "object",
      "additionalProperties": false,
      "required": [
        "category_id",
        "label",
        "priority",
        "control_tier",
        "required_gate",
        "coverage_status",
        "coverage_percent",
        "patterns",
        "required_validation",
        "evidence_refs",
        "current_gap",
        "next_owner_action",
        "owner_response_required",
        "owner_response_received",
        "owner_response_accepted",
        "runtime_gate_open",
        "action_buttons_allowed"
      ],
      "properties": {
        "category_id": { "type": "string" },
        "label": { "type": "string" },
        "priority": { "enum": ["P0", "P1", "P2", "P3"] },
        "control_tier": { "enum": ["C0", "C1", "C2", "C3"] },
        "required_gate": { "type": "string" },
        "coverage_status": { "type": "string" },
        "coverage_percent": { "type": "integer", "minimum": 0, "maximum": 100 },
        "patterns": {
          "type": "array",
          "items": { "type": "string" }
        },
        "required_validation": {
          "type": "array",
          "items": { "type": "string" }
        },
        "evidence_refs": {
          "type": "array",
          "items": { "type": "string" }
        },
        "current_gap": { "type": "string" },
        "next_owner_action": { "type": "string" },
        "owner_response_required": { "const": true },
        "owner_response_received": { "const": false },
        "owner_response_accepted": { "const": false },
        "runtime_gate_open": { "const": false },
        "action_buttons_allowed": { "const": false }
      }
    }
  }
}