{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://weverlabs.com/schemas/os-security-boundary.schema.json",
  "title": "Wever Labs OS Security Boundary",
  "type": "object",
  "required": [
    "boundary_id",
    "runtime_surface",
    "identity_binding",
    "secret_boundary",
    "validation_controls",
    "audit_controls",
    "kill_switch"
  ],
  "properties": {
    "boundary_id": {
      "type": "string"
    },
    "runtime_surface": {
      "type": "string",
      "enum": [
        "tokenops",
        "financeops",
        "energyops",
        "wever_labs_os",
        "shared_runtime"
      ]
    },
    "identity_binding": {
      "type": "object",
      "properties": {
        "agent_id": {
          "type": "string"
        },
        "client_id": {
          "type": "string"
        },
        "credential_envelope_id": {
          "type": "string"
        },
        "trust_status": {
          "type": "string"
        },
        "allowed_tools": {
          "type": "array",
          "items": {
            "type": "string"
          }
        }
      }
    },
    "secret_boundary": {
      "type": "object",
      "properties": {
        "service_role_server_only": {
          "type": "boolean"
        },
        "provider_secret_env_var": {
          "type": "string"
        },
        "webhook_secret_env_var": {
          "type": "string"
        },
        "public_json_contains_secrets": {
          "type": "boolean",
          "const": false
        }
      }
    },
    "validation_controls": {
      "type": "object",
      "properties": {
        "schema_version_required": {
          "type": "boolean"
        },
        "callback_url_validation": {
          "type": "string"
        },
        "provider_signature_verification": {
          "type": "string"
        },
        "tool_route_allowlist": {
          "type": "array",
          "items": {
            "type": "string"
          }
        }
      }
    },
    "audit_controls": {
      "type": "object",
      "properties": {
        "write_audit_event": {
          "type": "boolean"
        },
        "audit_event_types": {
          "type": "array",
          "items": {
            "type": "string"
          }
        },
        "console_visibility": {
          "type": "boolean"
        }
      }
    },
    "kill_switch": {
      "type": "object",
      "properties": {
        "provider_route_enabled": {
          "type": "boolean"
        },
        "callback_delivery_enabled": {
          "type": "boolean"
        },
        "controlled_pilot_enabled": {
          "type": "boolean"
        }
      }
    }
  }
}