{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://weverlabs.com/schemas/supabase-rls-policy-pack.schema.json",
  "title": "Wever Labs Supabase RLS Policy Pack",
  "type": "object",
  "required": [
    "policy_pack_id",
    "runtime_tables",
    "service_role_boundary",
    "public_discovery_boundary",
    "access_scopes"
  ],
  "properties": {
    "policy_pack_id": {
      "type": "string"
    },
    "version": {
      "type": "string"
    },
    "runtime_tables": {
      "type": "array",
      "items": {
        "$ref": "/schemas/runtime-table-access-policy.schema.json"
      }
    },
    "service_role_boundary": {
      "$ref": "/schemas/service-role-boundary.schema.json"
    },
    "public_discovery_boundary": {
      "type": "object",
      "properties": {
        "public_files": {
          "type": "array",
          "items": {
            "type": "string"
          }
        },
        "contains_secrets": {
          "type": "boolean",
          "const": false
        }
      }
    },
    "access_scopes": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "agent_trusted_read",
          "client_task_read",
          "operator_console_read",
          "service_role_write",
          "provider_webhook_write",
          "callback_delivery_write",
          "audit_event_write"
        ]
      }
    }
  }
}