{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://tokrepo.com/schemas/asset-verification.schema.json",
  "title": "TokRepo Asset Verification Report",
  "description": "Read-only trust verification report returned by `tokrepo verify` and `tokrepo_verify` before an agent activates a TokRepo asset.",
  "type": "object",
  "required": [
    "schema_version",
    "status",
    "target",
    "asset_uuid",
    "content_hash",
    "install_plan_hash",
    "policy_decision",
    "permission_envelope",
    "trust_score_v2",
    "checks",
    "blockers",
    "warnings",
    "next_actions"
  ],
  "properties": {
    "schema_version": {
      "type": "integer",
      "const": 1
    },
    "status": {
      "type": "string",
      "enum": ["pass", "fail"]
    },
    "strict": {
      "type": "boolean"
    },
    "target": {
      "type": "string",
      "enum": ["codex"]
    },
    "asset_uuid": {
      "type": "string"
    },
    "asset_title": {
      "type": "string"
    },
    "asset_kind": {
      "type": "string"
    },
    "source_url": {
      "type": "string",
      "format": "uri"
    },
    "generated_at": {
      "type": "string",
      "format": "date-time"
    },
    "content_hash": {
      "type": "object",
      "required": ["computed_bundle_hash", "algorithm"],
      "properties": {
        "declared": { "type": "string" },
        "computed_bundle_hash": { "type": "string" },
        "algorithm": { "type": "string" }
      }
    },
    "install_plan_hash": {
      "type": "string"
    },
    "policy_decision": {
      "type": "object",
      "properties": {
        "decision": {
          "type": "string",
          "enum": ["allow", "confirm", "stage_only", "deny", "unknown"]
        },
        "reasons": {
          "type": "array",
          "items": { "type": "string" }
        }
      },
      "additionalProperties": true
    },
    "permission_envelope": {
      "type": "object",
      "required": [
        "filesystem_write",
        "file_count",
        "executes_code",
        "global_config_write",
        "network",
        "requires_secrets",
        "uses_absolute_paths",
        "destructive"
      ],
      "properties": {
        "filesystem_write": {
          "type": "array",
          "items": { "type": "string" }
        },
        "file_count": { "type": "integer" },
        "executes_code": { "type": "boolean" },
        "global_config_write": { "type": "boolean" },
        "network": { "type": "boolean" },
        "requires_secrets": {
          "type": "array",
          "items": { "type": "string" }
        },
        "uses_absolute_paths": { "type": "boolean" },
        "destructive": { "type": "boolean" }
      }
    },
    "trust_score_v2": {
      "$ref": "agent-trust-score.schema.json"
    },
    "checks": {
      "type": "array",
      "items": {
        "type": "object",
        "required": ["id", "status", "message"],
        "properties": {
          "id": { "type": "string" },
          "status": { "type": "string", "enum": ["pass", "warn", "block"] },
          "message": { "type": "string" }
        },
        "additionalProperties": true
      }
    },
    "blockers": { "type": "array" },
    "warnings": { "type": "array" },
    "files": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "path": { "type": "string" },
          "source_name": { "type": "string" },
          "sha256": { "type": "string" },
          "bytes": { "type": "integer" },
          "risk_flags": {
            "type": "array",
            "items": { "type": "string" }
          }
        }
      }
    },
    "next_actions": {
      "type": "array",
      "items": { "type": "string" }
    },
    "schemas": {
      "type": "object",
      "additionalProperties": { "type": "string" }
    }
  },
  "additionalProperties": true
}