coulomb/flex-auth
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
e2d410de6ee74a85b1e596b9ff3be72f50b3f685
flex-auth/schemas/resource_manifest.schema.json
tegwick e2d410de6e
Some checks failed
CI / Build and Test (push) Has been cancelled
Details
CI / Lint (push) Has been cancelled
Details
Pin FlexAuthResourceManifest schema (resource-registration-v0) 
Closes FLEX-WP-0005 T03. Shape pinned against the Markitect-side emitter
in markitect-tool/src/markitect_tool/policy/enterprise.py (FlexAuthResource
+ FlexAuthResourceManifest dataclasses, MKTT-WP-0014).

Artifacts:
- schemas/resource_manifest.schema.json (JSON Schema draft 2020-12)
- examples/markitect/resource_manifest.yaml (mirrors markitect-tool's
  example; metadata.flex_auth_contract = resource-registration-v0)
- pkg/api/resource_manifest.go (Go type with json + yaml tags, plus
  FlexAuthContractV0 const)
- pkg/api/resource_manifest_test.go (golden parse of the example +
  minimal-fields round-trip)

First external dep: gopkg.in/yaml.v3 v3.0.1. SBOM ingested into State Hub
(2 entries) — repo last_sbom_at now non-null. Makefile sbom target gains
a GOPATH/bin fallback so it works without ~/go/bin on PATH.

Interface change published to State Hub (a4a5293e-…) and inbox-notified
markitect-tool. The change is additive — Markitect's existing emitter
matches the pinned schema exactly.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-16 02:04:00 +02:00

88 lines
3.6 KiB
JSON
Raw Blame History

{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://flex-auth.netkingdom/schemas/resource_manifest.schema.json",
"title": "FlexAuthResourceManifest",
"description": "Manifest a protected system publishes to register its resources with flex-auth. Pinned against the Markitect-side emitter in markitect-tool/src/markitect_tool/policy/enterprise.py (MKTT-WP-0014).",
"type": "object",
"additionalProperties": false,
"required": ["id", "system", "resources"],
"properties": {
"id": {
"type": "string",
"description": "Stable identifier of this manifest (e.g. 'markitect-example-knowledge-base').",
"minLength": 1
},
"system": {
"type": "string",
"description": "Slug of the protected system publishing the manifest. Matches a registered protected-system manifest in flex-auth (e.g. 'markitect-tool').",
"minLength": 1
},
"resources": {
"type": "array",
"description": "Resources to register with flex-auth. Order is not significant; identity is by 'id'.",
"items": {"$ref": "#/$defs/resource"}
},
"actions": {
"type": "array",
"description": "Action vocabulary the manifest's resources expect. Validated against the protected system's declared actions on registration.",
"items": {"type": "string", "minLength": 1},
"uniqueItems": true
},
"metadata": {
"type": "object",
"description": "Free-form provenance and contract metadata. Conventions: 'source' (origin description), 'flex_auth_contract' (contract version string, currently 'resource-registration-v0').",
"additionalProperties": true
}
},
"$defs": {
"resource": {
"type": "object",
"additionalProperties": false,
"required": ["id", "type"],
"properties": {
"id": {
"type": "string",
"description": "Stable resource identifier, conventionally '<type>:<slug>' (e.g. 'document:architecture/adr-001').",
"minLength": 1
},
"type": {
"type": "string",
"description": "Resource type within the protected system's namespace (e.g. 'knowledge_base', 'repository', 'document', 'section', 'context_package', 'workflow_artifact', 'export'). Not enumerated — flex-auth validates against the protected system's declared namespace.",
"minLength": 1
},
"path": {
"type": "string",
"description": "Optional source path within the protected system (e.g. a filesystem path or repo-relative path).",
"minLength": 1
},
"parent": {
"type": "string",
"description": "Optional resource id of the parent resource for hierarchy and inherited access.",
"minLength": 1
},
"labels": {
"type": "array",
"description": "Policy labels applied to the resource (e.g. 'public', 'internal', 'restricted').",
"items": {"type": "string", "minLength": 1},
"uniqueItems": true
},
"trust_zone": {
"type": "string",
"description": "Coarse trust classification (e.g. 'public', 'internal', 'restricted').",
"minLength": 1
},
"owner": {
"type": "string",
"description": "Owner identifier, conventionally 'team:<slug>' or 'user:<slug>'.",
"minLength": 1
},
"attributes": {
"type": "object",
"description": "Free-form attributes that policy packages may consult. Reserved keys may be defined by individual policy packages.",
"additionalProperties": true
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink