awoooi/docs/schemas/security_approval_review_packet_v1.schema.json

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "urn:awoooi:security-approval-review-packet-v1",
  "title": "資安供應鏈人工審查封包契約 v1",
  "description": "定義 AwoooP 如何把 Security Supply Chain approval queue 與 approval gate 轉成可審查封包。此契約只準備人工審查資料，不授權 runtime execution。",
  "type": "object",
  "required": [
    "schema_version",
    "status",
    "date",
    "mode",
    "runtime_execution_authorized",
    "source_indexes",
    "summary",
    "review_packets",
    "packet_rules",
    "forbidden_actions"
  ],
  "properties": {
    "schema_version": {
      "const": "security_approval_review_packet_v1"
    },
    "status": {
      "type": "string",
      "enum": ["draft"]
    },
    "date": {
      "type": "string"
    },
    "mode": {
      "type": "string",
      "enum": ["approval_review_packet_only"]
    },
    "runtime_execution_authorized": {
      "type": "boolean",
      "const": false
    },
    "source_indexes": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "minItems": 1
    },
    "summary": {
      "type": "object",
      "required": [
        "total_review_packets",
        "ready_for_human_review_count",
        "block_candidate_count",
        "decision_records_created_count",
        "runtime_actions_authorized",
        "action_buttons_allowed",
        "raw_secret_storage_authorized"
      ],
      "properties": {
        "total_review_packets": {
          "type": "integer",
          "minimum": 0
        },
        "ready_for_human_review_count": {
          "type": "integer",
          "minimum": 0
        },
        "block_candidate_count": {
          "type": "integer",
          "minimum": 0
        },
        "decision_records_created_count": {
          "type": "integer",
          "minimum": 0
        },
        "runtime_actions_authorized": {
          "type": "boolean",
          "const": false
        },
        "action_buttons_allowed": {
          "type": "boolean",
          "const": false
        },
        "raw_secret_storage_authorized": {
          "type": "boolean",
          "const": false
        }
      },
      "additionalProperties": false
    },
    "review_packets": {
      "type": "array",
      "minItems": 1,
      "items": {
        "type": "object",
        "required": [
          "packet_id",
          "review_order",
          "gate_id",
          "source_queue_item_id",
          "risk",
          "review_state",
          "review_lane",
          "requested_decision",
          "required_reviewers",
          "decision_options",
          "evidence_refs",
          "allowed_pre_decision_actions",
          "allowed_after_decision_actions",
          "still_forbidden",
          "followup_runtime_gate_required",
          "execution_authorized"
        ],
        "properties": {
          "packet_id": {
            "type": "string"
          },
          "review_order": {
            "type": "integer",
            "minimum": 1
          },
          "gate_id": {
            "type": "string"
          },
          "source_queue_item_id": {
            "type": "string"
          },
          "risk": {
            "type": "string",
            "enum": ["MEDIUM", "HIGH", "CRITICAL"]
          },
          "review_state": {
            "type": "string",
            "enum": ["ready_for_human_review", "block_candidate"]
          },
          "review_lane": {
            "type": "string",
            "enum": [
              "design_or_draft_review",
              "read_only_inventory_review",
              "low_noise_scan_scope_review",
              "manual_exception_review",
              "blocked_by_default_review"
            ]
          },
          "requested_decision": {
            "type": "string"
          },
          "required_reviewers": {
            "type": "array",
            "items": {
              "type": "string"
            },
            "minItems": 1,
            "uniqueItems": true
          },
          "decision_options": {
            "type": "array",
            "items": {
              "type": "string",
              "enum": ["approve_scope", "reject", "defer", "request_more_evidence", "keep_blocked"]
            },
            "minItems": 1
          },
          "evidence_refs": {
            "type": "array",
            "items": {
              "type": "string"
            },
            "minItems": 1
          },
          "allowed_pre_decision_actions": {
            "type": "array",
            "items": {
              "type": "string"
            },
            "minItems": 1
          },
          "allowed_after_decision_actions": {
            "type": "array",
            "items": {
              "type": "string"
            },
            "minItems": 1
          },
          "still_forbidden": {
            "type": "array",
            "items": {
              "type": "string"
            },
            "minItems": 1
          },
          "followup_runtime_gate_required": {
            "type": "boolean",
            "const": true
          },
          "execution_authorized": {
            "type": "boolean",
            "const": false
          }
        },
        "additionalProperties": false
      }
    },
    "packet_rules": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "minItems": 1
    },
    "forbidden_actions": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "minItems": 1
    }
  },
  "additionalProperties": false
}