{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://tokrepo.com/schemas/agent-evidence-bundle.schema.json", "title": "TokRepo Agent Evidence Bundle", "description": "Machine-readable evidence_bundle returned by tokrepo verify, tokrepo plan, and TokRepo MCP verification surfaces. It compresses provenance, SBOM, signature/hash evidence, policy compatibility, and eval links so agents do not infer trust from prose.", "type": "object", "required": [ "schema_version", "asset_uuid", "target", "integrity", "provenance", "sbom", "signature_evidence", "policy_compatibility", "acceptance_gate" ], "properties": { "schema_version": { "type": "integer", "const": 1 }, "schema": { "type": "string", "format": "uri" }, "generated_at": { "type": "string", "format": "date-time" }, "asset_uuid": { "type": "string" }, "asset_title": { "type": "string" }, "target": { "type": "string" }, "source_url": { "type": "string" }, "integrity": { "type": "object", "required": ["content_hash", "install_plan_hash", "hash_algorithm", "file_count"], "properties": { "content_hash": { "type": "string" }, "declared_content_hash": { "type": "string" }, "install_plan_hash": { "type": "string" }, "hash_algorithm": { "type": "string", "const": "sha256" }, "file_count": { "type": "integer" } } }, "provenance": { "type": "object", "description": "Source provenance v2: owner/source metadata plus computed content hash.", "required": ["schema_version", "source", "asset_uuid", "content_hash", "computed_bundle_hash"], "properties": { "schema_version": { "type": "integer" }, "source": { "type": "string" }, "asset_uuid": { "type": "string" }, "asset_title": { "type": "string" }, "asset_kind": { "type": "string" }, "source_url": { "type": "string" }, "owner_uuid": { "type": "string" }, "owner_name": { "type": "string" }, "parent_uuid": { "type": "string" }, "content_hash": { "type": "string" }, "computed_bundle_hash": { "type": "string" } }, "additionalProperties": true }, "sbom": { "type": "object", "description": "TokRepo SBOM-lite for agent installs: files, hashes, dependencies, and capability flags.", "required": ["schema_version", "format", "files", "dependencies", "capability_flags"], "properties": { "schema_version": { "type": "integer" }, "format": { "type": "string", "enum": ["SBOM-lite", "tokrepo-sbom-lite", "tokrepo-handoff-sbom-lite"] }, "asset_uuid": { "type": "string" }, "target": { "type": "string" }, "install_mode": { "type": "string" }, "content_hash": { "type": "string" }, "files": { "type": "array", "items": { "type": "object", "required": ["path", "sha256", "bytes"], "properties": { "path": { "type": "string" }, "source_name": { "type": "string" }, "sha256": { "type": "string" }, "bytes": { "type": "integer" }, "role": { "type": "string" }, "risk_flags": { "type": "array", "items": { "type": "string" } } } } }, "dependencies": { "type": "object", "properties": { "npm": { "type": "array", "items": { "type": "string" } }, "pip": { "type": "array", "items": { "type": "string" } }, "system": { "type": "array", "items": { "type": "string" } }, "mcp": { "type": "array", "items": { "type": "string" } } }, "additionalProperties": true }, "capability_flags": { "type": "object", "required": ["executes_code", "network_access", "modifies_global_config", "requires_secrets"], "properties": { "executes_code": { "type": "boolean" }, "network_access": { "type": "boolean" }, "modifies_global_config": { "type": "boolean" }, "requires_secrets": { "type": "array", "items": { "type": "string" } }, "destructive": { "type": "boolean" } }, "additionalProperties": true } }, "additionalProperties": true }, "signature_evidence": { "type": "object", "description": "Cryptographic signature evidence when available; otherwise explicit hash-only integrity status.", "required": ["schema_version", "status", "hash_algorithm", "content_hash", "install_plan_hash"], "properties": { "schema_version": { "type": "integer" }, "status": { "type": "string", "enum": ["signed", "hash_only"] }, "hash_algorithm": { "type": "string", "const": "sha256" }, "content_hash": { "type": "string" }, "install_plan_hash": { "type": "string" }, "signed_hash": { "type": "string" }, "signatures": { "type": "array" }, "verification_commands": { "type": "array", "items": { "type": "string" } }, "limitations": { "type": "array", "items": { "type": "string" } } }, "additionalProperties": true }, "policy_compatibility": { "type": "object", "required": ["target", "policy_decision", "permission_envelope", "trust_score_v2"], "properties": { "target": { "type": "string" }, "policy_decision": { "type": "object", "additionalProperties": true }, "permission_envelope": { "type": "object", "additionalProperties": true }, "trust_score_v2": { "$ref": "agent-trust-score.schema.json" }, "requires_confirmation": { "type": "boolean" } } }, "eval_evidence": { "type": "array", "items": { "type": "string" } }, "acceptance_gate": { "type": "object", "required": ["status", "recommended_action", "rule"], "properties": { "status": { "type": "string", "enum": ["pass", "caution", "block"] }, "recommended_action": { "type": "string" }, "rule": { "type": "string" } } }, "schemas": { "type": "object", "additionalProperties": { "type": "string" } } }, "additionalProperties": true }