From 169f90f20610090de553b4c1a192f89950b890ef Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 6 May 2026 19:44:03 +0000 Subject: [PATCH 1/2] Initial plan From bd2b8461366d3c10f1da020919b8ba34cf502e2c Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 6 May 2026 19:51:08 +0000 Subject: [PATCH 2/2] Changes before error encountered Agent-Logs-Url: https://github.com/SourceOS-Linux/sourceos-spec/sessions/3a930453-68f6-42ef-a26c-c7152602778a Co-authored-by: mdheller <21163552+mdheller@users.noreply.github.com> --- .../localoperationlog-terminal-command.json | 43 +++++ schemas/DeviceIdentity.json | 102 ++++++++++ schemas/LocalArtifactRef.json | 114 ++++++++++++ schemas/LocalEncryptionProfile.json | 86 +++++++++ schemas/LocalOperationLog.json | 174 ++++++++++++++++++ schemas/SyncCheckpoint.json | 97 ++++++++++ schemas/SyncConflictRecord.json | 97 ++++++++++ schemas/WorkspaceCapabilityProfile.json | 167 +++++++++++++++++ 8 files changed, 880 insertions(+) create mode 100644 examples/localoperationlog-terminal-command.json create mode 100644 schemas/DeviceIdentity.json create mode 100644 schemas/LocalArtifactRef.json create mode 100644 schemas/LocalEncryptionProfile.json create mode 100644 schemas/LocalOperationLog.json create mode 100644 schemas/SyncCheckpoint.json create mode 100644 schemas/SyncConflictRecord.json create mode 100644 schemas/WorkspaceCapabilityProfile.json diff --git a/examples/localoperationlog-terminal-command.json b/examples/localoperationlog-terminal-command.json new file mode 100644 index 0000000..c331578 --- /dev/null +++ b/examples/localoperationlog-terminal-command.json @@ -0,0 +1,43 @@ +{ + "id": "urn:srcos:local-operation-log:terminal-command-demo-0001", + "type": "LocalOperationLog", + "specVersion": "2.0.0", + "operationType": "terminal.command", + "surface": "turtleterm", + "occurredAt": "2026-05-06T14:23:00Z", + "actorRef": "urn:srcos:subject:operator-demo", + "agentRegistryRef": null, + "deviceRef": "urn:srcos:device-identity:workstation-demo-0001", + "sessionRef": "urn:srcos:shell-session:turtleterm-demo-0001", + "workspaceRef": "urn:srcos:workroom:professional-intelligence-demo", + "durabilityTier": "local-durable", + "replaySafe": false, + "replayConstraints": null, + "payloadMode": "metadata-only", + "payload": { + "commandClass": "build", + "commandHashRef": "urn:srcos:content-ref:sha256-demo-terminal-cmd-0001", + "exitCode": 0, + "rawCommandIncluded": false, + "rawOutputIncluded": false, + "durationMs": 1240 + }, + "artifactRefs": [], + "remoteOperationRef": null, + "workspaceOperationRef": "urn:prophet:workspace-operation:demo-ws-op-0001", + "operationTaskRef": "urn:prophet:operation-task:demo-task-0001", + "operationEventRef": "urn:prophet:operation-event:demo-event-0001", + "policyGateRecordRef": null, + "encryptionProfileRef": "urn:srcos:local-encryption-profile:workstation-demo-0001-default", + "policyDecisionRefs": [ + "urn:srcos:policy-decision:terminal-metadata-only-export-0001" + ], + "evidenceRefs": [ + "urn:srcos:evidence:shell-receipt-terminal-demo-0001" + ], + "redactionRefs": [], + "integrity": { + "entryHash": "sha256:aabbccdd0011223344556677889900aabbccdd0011223344556677889900aabb", + "signature": null + } +} diff --git a/schemas/DeviceIdentity.json b/schemas/DeviceIdentity.json new file mode 100644 index 0000000..546eaed --- /dev/null +++ b/schemas/DeviceIdentity.json @@ -0,0 +1,102 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/DeviceIdentity.json", + "title": "DeviceIdentity", + "description": "Device identity and trust profile for a SourceOS local-first workstation or operator device. Governs admission, attestation, capability assignment, and local data plane access.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "deviceName", + "platform", + "trustProfile", + "registeredAt" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:device-identity:", + "description": "Stable device identity URN. Must be unique per device." + }, + "type": { "const": "DeviceIdentity" }, + "specVersion": { "type": "string" }, + "deviceName": { + "type": "string", + "description": "Human-readable device name. Must not include raw network addresses or PII." + }, + "platform": { + "type": "string", + "enum": ["linux", "macos", "windows", "other"], + "description": "Host platform type." + }, + "archClass": { + "type": ["string", "null"], + "enum": ["x86_64", "aarch64", "apple-silicon", "riscv64", "other", null], + "description": "CPU architecture class." + }, + "trustProfile": { + "type": "object", + "additionalProperties": false, + "required": ["trustLevel"], + "description": "Device trust posture evaluated at registration or last attestation.", + "properties": { + "trustLevel": { + "type": "string", + "enum": ["untrusted", "provisional", "trusted", "anchor"], + "description": "untrusted = not admitted; provisional = limited policy scope; trusted = full local data plane; anchor = quorum-eligible trust root." + }, + "enrolledAt": { "type": ["string", "null"], "format": "date-time" }, + "lastAttestedAt": { "type": ["string", "null"], "format": "date-time" }, + "enrollmentRef": { + "type": ["string", "null"], + "description": "EnrollmentProfile URN governing this device's admission." + }, + "attestationRefs": { + "type": "array", + "items": { "type": "string" }, + "default": [], + "description": "AttestationEvidence URNs supporting the current trust level." + }, + "trustExpiresAt": { + "type": ["string", "null"], + "format": "date-time", + "description": "Optional expiry for time-bounded trust grants." + }, + "trustRevocationRef": { + "type": ["string", "null"], + "description": "RevocationEntry URN if trust has been revoked." + } + } + }, + "capabilityProfileRef": { + "type": ["string", "null"], + "pattern": "^urn:srcos:workspace-capability-profile:", + "description": "WorkspaceCapabilityProfile URN describing surfaces available on this device." + }, + "encryptionProfileRef": { + "type": ["string", "null"], + "pattern": "^urn:srcos:local-encryption-profile:", + "description": "LocalEncryptionProfile URN for this device's local data encryption posture." + }, + "ownerRef": { + "type": ["string", "null"], + "description": "Subject or org authority reference for device ownership." + }, + "registeredAt": { + "type": "string", + "format": "date-time" + }, + "policyDecisionRefs": { + "type": "array", + "items": { "type": "string" }, + "default": [] + }, + "evidenceRefs": { + "type": "array", + "items": { "type": "string" }, + "default": [] + } + } +} diff --git a/schemas/LocalArtifactRef.json b/schemas/LocalArtifactRef.json new file mode 100644 index 0000000..4d39085 --- /dev/null +++ b/schemas/LocalArtifactRef.json @@ -0,0 +1,114 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/LocalArtifactRef.json", + "title": "LocalArtifactRef", + "description": "Provisional local artifact reference capturing file availability state, content integrity, durability tier, and local-to-remote artifact mapping. Raw filesystem paths are never stored; only content hashes and opaque path hints are allowed.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "deviceRef", + "contentHash", + "availabilityState", + "durabilityTier", + "operationLogRef", + "createdAt" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:local-artifact:", + "description": "Stable local-artifact URN. Must be unique per artifact." + }, + "type": { "const": "LocalArtifactRef" }, + "specVersion": { "type": "string" }, + "deviceRef": { + "type": "string", + "pattern": "^urn:srcos:device-identity:", + "description": "DeviceIdentity URN for the device holding this artifact." + }, + "artifactClass": { + "type": "string", + "enum": [ + "terminal.output", + "browser.capture", + "agent.output", + "file.snapshot", + "model.output", + "diagnostic.export", + "sync.bundle", + "policy.record", + "other" + ], + "description": "Typed class of the local artifact." + }, + "mimeType": { + "type": ["string", "null"], + "description": "MIME type of the artifact content if known." + }, + "contentHash": { + "type": "string", + "description": "Content-addressed hash of the artifact. Must be a prefixed digest string (e.g. sha256:)." + }, + "sizeBytes": { + "type": ["integer", "null"], + "minimum": 0 + }, + "availabilityState": { + "type": "string", + "enum": ["available", "evicted", "pinned", "pending-sync", "remote-only", "tombstoned"], + "description": "Current file availability state on this device." + }, + "durabilityTier": { + "type": "string", + "enum": ["ephemeral", "local-durable", "synced", "archived"], + "description": "Artifact durability tier." + }, + "pathHint": { + "type": ["string", "null"], + "description": "Opaque path hint (e.g. XDG-relative reference). Must not be an absolute filesystem path." + }, + "operationLogRef": { + "type": "string", + "pattern": "^urn:srcos:local-operation-log:", + "description": "LocalOperationLog URN that produced or consumed this artifact." + }, + "remoteArtifactRef": { + "type": ["string", "null"], + "description": "Remote canonical Artifact URN (e.g. prophet-core Artifact) if this local artifact has been synced." + }, + "encryptionProfileRef": { + "type": ["string", "null"], + "pattern": "^urn:srcos:local-encryption-profile:", + "description": "LocalEncryptionProfile URN if this artifact is encrypted at rest." + }, + "createdAt": { + "type": "string", + "format": "date-time" + }, + "evictedAt": { + "type": ["string", "null"], + "format": "date-time" + }, + "syncedAt": { + "type": ["string", "null"], + "format": "date-time" + }, + "tombstonedAt": { + "type": ["string", "null"], + "format": "date-time" + }, + "policyDecisionRefs": { + "type": "array", + "items": { "type": "string" }, + "default": [] + }, + "evidenceRefs": { + "type": "array", + "items": { "type": "string" }, + "default": [] + } + } +} diff --git a/schemas/LocalEncryptionProfile.json b/schemas/LocalEncryptionProfile.json new file mode 100644 index 0000000..78ea3af --- /dev/null +++ b/schemas/LocalEncryptionProfile.json @@ -0,0 +1,86 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/LocalEncryptionProfile.json", + "title": "LocalEncryptionProfile", + "description": "Local encryption profile capturing the algorithm, key derivation posture, and scope for a SourceOS device's local-first data plane. Governs encrypted-at-rest and encrypted-in-transit posture for local operation logs, artifacts, and sync bundles.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "deviceRef", + "algorithm", + "keyDerivation", + "encryptedAtRest", + "encryptedInTransit", + "capturedAt" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:local-encryption-profile:", + "description": "Stable local-encryption-profile URN." + }, + "type": { "const": "LocalEncryptionProfile" }, + "specVersion": { "type": "string" }, + "deviceRef": { + "type": "string", + "pattern": "^urn:srcos:device-identity:", + "description": "DeviceIdentity URN this encryption profile is bound to." + }, + "algorithm": { + "type": "string", + "enum": ["aes-256-gcm", "chacha20-poly1305", "aes-128-gcm", "other"], + "description": "Symmetric encryption algorithm used for local data at rest." + }, + "keyDerivation": { + "type": "string", + "enum": ["argon2id", "pbkdf2", "hardware-backed", "os-keychain", "tpm", "other"], + "description": "Key derivation or key storage mechanism." + }, + "encryptedAtRest": { + "type": "boolean", + "description": "Whether local operation logs and artifacts are encrypted at rest." + }, + "encryptedInTransit": { + "type": "boolean", + "description": "Whether local-to-remote and peer sync transfers are encrypted in transit." + }, + "scope": { + "type": "array", + "items": { + "type": "string", + "enum": ["operation-logs", "artifacts", "sync-bundles", "diagnostic-exports", "all"] + }, + "description": "Data classes covered by this encryption profile. Defaults to all if omitted.", + "default": ["all"] + }, + "keyRef": { + "type": ["string", "null"], + "description": "Opaque key or keyslot reference. Must not include raw key material." + }, + "keyRotationPolicyRef": { + "type": ["string", "null"], + "description": "Optional policy URN governing key rotation schedule." + }, + "fipsCompliant": { + "type": ["boolean", "null"], + "description": "Whether the algorithm and key derivation combination is FIPS-140 compliant." + }, + "capturedAt": { + "type": "string", + "format": "date-time" + }, + "policyDecisionRefs": { + "type": "array", + "items": { "type": "string" }, + "default": [] + }, + "evidenceRefs": { + "type": "array", + "items": { "type": "string" }, + "default": [] + } + } +} diff --git a/schemas/LocalOperationLog.json b/schemas/LocalOperationLog.json new file mode 100644 index 0000000..f08dc7a --- /dev/null +++ b/schemas/LocalOperationLog.json @@ -0,0 +1,174 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/LocalOperationLog.json", + "title": "LocalOperationLog", + "description": "Local-first operation log entry capturing a governed workspace operation (terminal command, browser capture, local agent execution, sync event, or file operation). Supports replay safety, durability tiers, and local-to-remote operation mapping.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "operationType", + "surface", + "occurredAt", + "actorRef", + "deviceRef", + "durabilityTier", + "replaySafe", + "payloadMode", + "policyDecisionRefs" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:local-operation-log:", + "description": "Stable local-operation-log URN. Must be unique per log entry." + }, + "type": { "const": "LocalOperationLog" }, + "specVersion": { "type": "string" }, + "operationType": { + "type": "string", + "enum": [ + "terminal.command", + "browser.capture", + "browser.navigation", + "agent.execution", + "agent.delegation", + "sync.checkpoint", + "sync.conflict", + "file.read", + "file.write", + "file.delete", + "file.rename", + "policy.decision", + "session.start", + "session.end" + ], + "description": "Typed class of the workspace operation." + }, + "surface": { + "type": "string", + "enum": [ + "turtleterm", + "bearbrowser", + "agent-machine", + "sourceos-shell", + "sourceos-devtools", + "workstation-contracts", + "other" + ], + "description": "Product surface that emitted this log entry." + }, + "occurredAt": { + "type": "string", + "format": "date-time" + }, + "actorRef": { + "type": "string", + "description": "Human subject, agent, or service authority reference." + }, + "agentRegistryRef": { + "type": ["string", "null"], + "description": "Agent Registry identity ref for non-human actors." + }, + "deviceRef": { + "type": "string", + "pattern": "^urn:srcos:device-identity:", + "description": "DeviceIdentity URN for the device emitting this log entry." + }, + "sessionRef": { + "type": ["string", "null"], + "description": "Optional session URN for grouping related entries." + }, + "workspaceRef": { + "type": ["string", "null"], + "description": "Optional workspace or workroom URN." + }, + "durabilityTier": { + "type": "string", + "enum": ["ephemeral", "local-durable", "synced", "archived"], + "description": "Operation durability tier. ephemeral = memory-only; local-durable = persisted locally; synced = propagated to remote; archived = long-term governed storage." + }, + "replaySafe": { + "type": "boolean", + "description": "Whether this operation can be safely replayed. Side-effecting operations (file writes, shell commands with mutations) must set this to false unless replay constraints are provided." + }, + "replayConstraints": { + "type": ["object", "null"], + "additionalProperties": false, + "description": "Constraints governing safe replay of this operation, if replaySafe is true.", + "properties": { + "idempotencyKey": { "type": ["string", "null"] }, + "maxReplayCount": { "type": ["integer", "null"], "minimum": 1 }, + "replayWindowSeconds": { "type": ["integer", "null"], "minimum": 0 }, + "requiresDeviceMatch": { "type": "boolean" }, + "requiresActorMatch": { "type": "boolean" } + } + }, + "payloadMode": { + "type": "string", + "enum": ["metadata-only", "summary", "ref-only", "inline-bounded", "redacted"], + "description": "Payload capture mode. Raw sensitive content is denied by default." + }, + "payload": { + "type": ["object", "null"], + "additionalProperties": true, + "description": "Optional bounded payload. Must not contain raw credentials, secrets, or unrestricted command output." + }, + "artifactRefs": { + "type": "array", + "items": { "type": "string", "pattern": "^urn:srcos:local-artifact:" }, + "default": [], + "description": "LocalArtifactRef URNs produced or consumed by this operation." + }, + "remoteOperationRef": { + "type": ["string", "null"], + "description": "Remote WorkspaceOperation or OperationEvent URN for local-to-remote mapping." + }, + "workspaceOperationRef": { + "type": ["string", "null"], + "description": "Prophet-core WorkspaceOperation URN if this entry maps to a canonical workspace operation." + }, + "operationTaskRef": { + "type": ["string", "null"], + "description": "Prophet-core OperationTask URN if this entry maps to a canonical operation task." + }, + "operationEventRef": { + "type": ["string", "null"], + "description": "Prophet-core OperationEvent URN if this entry maps to a canonical operation event." + }, + "policyGateRecordRef": { + "type": ["string", "null"], + "description": "Prophet-core PolicyGateRecord URN if a policy gate was evaluated for this operation." + }, + "encryptionProfileRef": { + "type": ["string", "null"], + "pattern": "^urn:srcos:local-encryption-profile:", + "description": "LocalEncryptionProfile URN if payload or artifacts are encrypted at rest." + }, + "policyDecisionRefs": { + "type": "array", + "items": { "type": "string" }, + "description": "Policy Fabric decision refs governing this operation." + }, + "evidenceRefs": { + "type": "array", + "items": { "type": "string" }, + "default": [] + }, + "redactionRefs": { + "type": "array", + "items": { "type": "string" }, + "default": [] + }, + "integrity": { + "type": ["object", "null"], + "additionalProperties": false, + "properties": { + "entryHash": { "type": ["string", "null"] }, + "signature": { "type": ["string", "null"] } + } + } + } +} diff --git a/schemas/SyncCheckpoint.json b/schemas/SyncCheckpoint.json new file mode 100644 index 0000000..081f2d6 --- /dev/null +++ b/schemas/SyncCheckpoint.json @@ -0,0 +1,97 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/SyncCheckpoint.json", + "title": "SyncCheckpoint", + "description": "Local-first sync checkpoint capturing offline queue state, last-sync position, and sync health for a SourceOS device. Supports offline replay and recovery.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "deviceRef", + "checkpointAt", + "syncState", + "policyDecisionRefs" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:sync-checkpoint:", + "description": "Stable sync-checkpoint URN." + }, + "type": { "const": "SyncCheckpoint" }, + "specVersion": { "type": "string" }, + "deviceRef": { + "type": "string", + "pattern": "^urn:srcos:device-identity:", + "description": "DeviceIdentity URN for the device this checkpoint describes." + }, + "checkpointAt": { + "type": "string", + "format": "date-time", + "description": "Timestamp at which this checkpoint was recorded." + }, + "syncState": { + "type": "string", + "enum": ["idle", "syncing", "offline-queued", "conflict", "error", "recovery"], + "description": "Current sync health state of this device." + }, + "lastSyncedAt": { + "type": ["string", "null"], + "format": "date-time", + "description": "Timestamp of the last successful sync with a remote or peer device." + }, + "lastSyncedRemoteRef": { + "type": ["string", "null"], + "description": "Remote endpoint or peer device URN for the last successful sync." + }, + "queueDepth": { + "type": "integer", + "minimum": 0, + "description": "Number of LocalOperationLog entries currently in the offline queue awaiting sync." + }, + "offlineQueueRefs": { + "type": "array", + "items": { "type": "string", "pattern": "^urn:srcos:local-operation-log:" }, + "default": [], + "description": "LocalOperationLog URNs pending sync in the offline queue." + }, + "conflictRefs": { + "type": "array", + "items": { "type": "string", "pattern": "^urn:srcos:sync-conflict:" }, + "default": [], + "description": "SyncConflictRecord URNs awaiting resolution." + }, + "replayPending": { + "type": "boolean", + "description": "Whether offline-queued entries are pending replay on reconnection." + }, + "replaySafeQueueDepth": { + "type": ["integer", "null"], + "minimum": 0, + "description": "Number of queued entries with replaySafe=true, eligible for automatic replay." + }, + "network": { + "type": ["object", "null"], + "additionalProperties": false, + "properties": { + "state": { + "type": "string", + "enum": ["online", "offline", "metered", "battery-saver", "unknown"] + }, + "offlineSince": { "type": ["string", "null"], "format": "date-time" } + } + }, + "policyDecisionRefs": { + "type": "array", + "items": { "type": "string" }, + "description": "Policy Fabric decision refs governing sync admission and replay." + }, + "evidenceRefs": { + "type": "array", + "items": { "type": "string" }, + "default": [] + } + } +} diff --git a/schemas/SyncConflictRecord.json b/schemas/SyncConflictRecord.json new file mode 100644 index 0000000..0e51241 --- /dev/null +++ b/schemas/SyncConflictRecord.json @@ -0,0 +1,97 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/SyncConflictRecord.json", + "title": "SyncConflictRecord", + "description": "Conflict record for a local-to-remote or peer-to-peer sync conflict. Captures the conflict kind, competing operation references, and the governance-approved resolution decision (merge, fork, skip, or tombstone).", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "deviceRef", + "detectedAt", + "conflictKind", + "localOperationRef", + "resolution", + "policyDecisionRefs" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:sync-conflict:", + "description": "Stable sync-conflict URN." + }, + "type": { "const": "SyncConflictRecord" }, + "specVersion": { "type": "string" }, + "deviceRef": { + "type": "string", + "pattern": "^urn:srcos:device-identity:", + "description": "DeviceIdentity URN of the device that detected the conflict." + }, + "detectedAt": { + "type": "string", + "format": "date-time" + }, + "conflictKind": { + "type": "string", + "enum": [ + "merge", + "fork", + "delete-update", + "update-delete", + "schema-mismatch", + "replay-collision", + "policy-rejection" + ], + "description": "Type of conflict detected." + }, + "localOperationRef": { + "type": "string", + "pattern": "^urn:srcos:local-operation-log:", + "description": "LocalOperationLog URN for the local operation that triggered the conflict." + }, + "remoteOperationRef": { + "type": ["string", "null"], + "description": "Remote operation URN (WorkspaceOperation, OperationEvent, or peer LocalOperationLog) that conflicts with the local operation." + }, + "artifactRef": { + "type": ["string", "null"], + "pattern": "^urn:srcos:local-artifact:", + "description": "LocalArtifactRef URN if the conflict involves a specific artifact." + }, + "conflictingDeviceRef": { + "type": ["string", "null"], + "pattern": "^urn:srcos:device-identity:", + "description": "DeviceIdentity URN of the peer device whose operation conflicts with the local operation." + }, + "resolution": { + "type": "string", + "enum": ["pending", "merge", "fork", "skip", "tombstone"], + "description": "Resolution decision. pending = awaiting governance approval; merge = content merged; fork = divergent copies kept; skip = local change discarded; tombstone = artifact tombstoned." + }, + "resolvedAt": { + "type": ["string", "null"], + "format": "date-time", + "description": "Timestamp of resolution, if not pending." + }, + "resolutionRef": { + "type": ["string", "null"], + "description": "URN of the resolution artifact (merged LocalOperationLog, fork branch, or RedactionTombstone) produced by this resolution." + }, + "resolutionNote": { + "type": ["string", "null"], + "description": "Optional governance or operator note explaining the resolution decision." + }, + "policyDecisionRefs": { + "type": "array", + "items": { "type": "string" }, + "description": "Policy Fabric decision refs governing conflict detection and resolution." + }, + "evidenceRefs": { + "type": "array", + "items": { "type": "string" }, + "default": [] + } + } +} diff --git a/schemas/WorkspaceCapabilityProfile.json b/schemas/WorkspaceCapabilityProfile.json new file mode 100644 index 0000000..fe48d49 --- /dev/null +++ b/schemas/WorkspaceCapabilityProfile.json @@ -0,0 +1,167 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://schemas.srcos.ai/v2/WorkspaceCapabilityProfile.json", + "title": "WorkspaceCapabilityProfile", + "description": "Capability profile capturing the surface availability and posture of a SourceOS local-first workstation. Covers shell, terminal, browser, sandbox, local model, filesystem, and network state.", + "type": "object", + "additionalProperties": false, + "required": [ + "id", + "type", + "specVersion", + "deviceRef", + "capturedAt" + ], + "properties": { + "id": { + "type": "string", + "pattern": "^urn:srcos:workspace-capability-profile:", + "description": "Stable workspace-capability-profile URN." + }, + "type": { "const": "WorkspaceCapabilityProfile" }, + "specVersion": { "type": "string" }, + "deviceRef": { + "type": "string", + "pattern": "^urn:srcos:device-identity:", + "description": "DeviceIdentity URN this profile describes." + }, + "capturedAt": { + "type": "string", + "format": "date-time" + }, + "shell": { + "type": ["object", "null"], + "additionalProperties": false, + "description": "Shell availability and posture.", + "properties": { + "available": { "type": "boolean" }, + "shells": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": false, + "required": ["name", "available"], + "properties": { + "name": { "type": "string", "enum": ["bash", "fish", "zsh", "sh", "nushell", "other"] }, + "available": { "type": "boolean" }, + "isDefault": { "type": "boolean" } + } + } + }, + "sourceosShellAvailable": { "type": "boolean" }, + "scriptingEnabled": { "type": "boolean" } + } + }, + "terminal": { + "type": ["object", "null"], + "additionalProperties": false, + "description": "Terminal availability and posture.", + "properties": { + "available": { "type": "boolean" }, + "application": { + "type": "string", + "enum": ["turtleterm", "gnome-terminal", "kitty", "alacritty", "other"] + }, + "agentTermAvailable": { "type": "boolean" }, + "contentCaptureEnabled": { "type": "boolean" } + } + }, + "browser": { + "type": ["object", "null"], + "additionalProperties": false, + "description": "Browser availability and posture.", + "properties": { + "available": { "type": "boolean" }, + "application": { + "type": "string", + "enum": ["bearbrowser", "firefox", "chromium", "other"] + }, + "automationEnabled": { "type": "boolean" }, + "captureEnabled": { "type": "boolean" }, + "historyRetentionPolicy": { + "type": "string", + "enum": ["none", "metadata-only", "ref-only", "governed"] + } + } + }, + "sandbox": { + "type": ["object", "null"], + "additionalProperties": false, + "description": "Sandbox/container execution availability.", + "properties": { + "available": { "type": "boolean" }, + "kinds": { + "type": "array", + "items": { + "type": "string", + "enum": ["bubblewrap", "flatpak", "podman", "docker", "nsjail", "other"] + } + }, + "networkIsolationDefault": { "type": "boolean" }, + "filesystemOverlayDefault": { "type": "boolean" } + } + }, + "localModel": { + "type": ["object", "null"], + "additionalProperties": false, + "description": "Local inference model availability.", + "properties": { + "available": { "type": "boolean" }, + "modelRefs": { + "type": "array", + "items": { "type": "string" }, + "description": "SourceOSModelCarryRef or InferenceProvider URNs available locally." + }, + "accelerator": { + "type": "string", + "enum": ["cpu", "gpu-cuda", "gpu-metal", "gpu-vulkan", "npu", "none"] + } + } + }, + "filesystem": { + "type": ["object", "null"], + "additionalProperties": false, + "description": "Filesystem capability and encryption posture.", + "properties": { + "encryptedAtRest": { "type": "boolean" }, + "availabilityStates": { + "type": "array", + "items": { + "type": "string", + "enum": ["available", "evicted", "pinned", "pending-sync", "remote-only", "tombstoned"] + }, + "description": "File availability states supported on this device." + }, + "overlayFsAvailable": { "type": "boolean" }, + "maxLocalStorageBytes": { "type": ["integer", "null"], "minimum": 0 } + } + }, + "network": { + "type": ["object", "null"], + "additionalProperties": false, + "description": "Network state and offline posture.", + "properties": { + "state": { + "type": "string", + "enum": ["online", "offline", "metered", "battery-saver", "unknown"] + }, + "offlineBehavior": { + "type": "string", + "enum": ["queue-local", "deny", "metadata-only", "ref-only"] + }, + "vpnActive": { "type": "boolean" }, + "meshNetworkAvailable": { "type": "boolean" } + } + }, + "policyDecisionRefs": { + "type": "array", + "items": { "type": "string" }, + "default": [] + }, + "evidenceRefs": { + "type": "array", + "items": { "type": "string" }, + "default": [] + } + } +}