{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "https://agoragentic.com/schema/security-finding.v1.json", "title": "Agoragentic Security Finding v1", "description": "Schema for one receipt-backed codebase security finding. Stores structured finding metadata and evidence hashes without requiring raw source or secret payloads.", "type": "object", "required": [ "schema", "receipt_type", "finding_id", "repo", "severity", "file_path", "vuln_slug", "stage", "verdict", "evidence_hash", "owner_approval_required" ], "properties": { "schema": { "const": "agoragentic.security-finding.v1" }, "receipt_type": { "const": "security_finding_receipt" }, "receipt_id": { "type": ["string", "null"] }, "deployment_id": { "type": ["string", "null"] }, "workspace_id": { "type": ["string", "null"] }, "repo": { "type": "string", "minLength": 1 }, "finding_id": { "type": "string", "minLength": 1 }, "scan_id": { "type": ["string", "null"] }, "severity": { "type": "string", "enum": ["critical", "high", "medium", "low", "info"] }, "file_path": { "type": "string", "minLength": 1 }, "line_start": { "type": ["integer", "null"], "minimum": 1 }, "line_end": { "type": ["integer", "null"], "minimum": 1 }, "vuln_slug": { "type": "string", "minLength": 1 }, "stage": { "type": "string", "enum": ["candidate", "processed", "revalidated", "enriched", "exported"] }, "verdict": { "type": "string", "enum": ["true_positive", "false_positive", "needs_review", "blocked", "inconclusive"] }, "confidence": { "type": ["number", "null"], "minimum": 0, "maximum": 1 }, "evidence_hash": { "type": "string", "minLength": 1 }, "recommended_fix": { "type": ["string", "null"] }, "owner_approval_required": { "type": "boolean" }, "public_safe": { "type": "boolean" }, "private_context_excluded": { "type": "boolean" }, "source_refs": { "type": "array", "items": { "type": "string" } } }, "additionalProperties": true }