@highflame/policy 2.0.8 → 2.0.9

package/src/service-schemas.gen.ts

@@ -1,608 +0,0 @@
-// Code generated by highflame-policy-codegen. DO NOT EDIT.
-// Source: schemas/overwatch/schema.cedarschema, schemas/palisade/schema.cedarschema
-//
-// Service-specific Cedar schemas and context metadata.
-// Works in both browser and Node.js environments.
-//
-// Usage:
-//   import { OVERWATCH_SCHEMA, PALISADE_SCHEMA } from '@highflame/policy/types';
-//   import { OVERWATCH_CONTEXT, PALISADE_CONTEXT } from '@highflame/policy/types';
-
-/**
- * Overwatch (Guardian) Cedar schema
- *
- * Full Cedar schema for IDE security, including:
- * - Actions: process_prompt, call_tool, connect_server, read_file, write_file
- * - Entities: User, Agent, LlmPrompt, Tool, Server, FilePath
- * - Context attributes for threat detection and workspace security
- */
-export const OVERWATCH_SCHEMA = `// Overwatch (Guardian) Cedar Schema
-// ===================================
-// IDE Security & Policy Enforcement
-//
-// Overwatch protects IDE operations (prompts, tool calls, file access) by evaluating
-// threats detected by YARA and Javelin scanners against Cedar policies.
-//
-// Architecture:
-//   User/Agent → IDE Hook → YARA/Javelin → Cedar Policy → Allow/Deny
-//
-// Supported IDEs:
-//   - Cursor (beforeSubmitPrompt, beforeShellExecution, beforeMCPExecution, etc.)
-//   - Claude Code (UserPromptSubmit, PreToolUse)
-//   - GitHub Copilot (userPromptSubmitted, preToolUse)
-
-namespace Overwatch {
-
-// =============================================================================
-// ENTITIES
-// =============================================================================
-
-// Human user or service account making requests to the IDE
-entity User {
-  user_type: String,      // "external" or "internal"
-  email: String,          // User email (optional)
-};
-
-// AI agent (Claude, GitHub Copilot, etc.)
-entity Agent {
-  agent_type: String,      // "claude", "copilot", etc.
-};
-
-// LLM prompt or session
-entity LlmPrompt {
-  prompt_type: String,     // "user_prompt", "session"
-};
-
-// MCP tool or native IDE tool
-entity Tool {
-  tool_name: String,       // "shell", "read_file", "playwright", etc.
-  risk_level: String,      // "low", "medium", "high"
-};
-
-// MCP server
-entity Server {
-  server_name: String,     // "filesystem", "playwright", etc.
-};
-
-// File system path
-entity FilePath {
-  path: String,
-  is_within_workspace: Bool,
-};
-
-// =============================================================================
-// ACTIONS
-// =============================================================================
-
-// User submits a prompt or receives AI response
-action process_prompt appliesTo {
-  principal: [User, Agent],
-  resource: [LlmPrompt],
-  context: {
-    // Event & Source
-    content: String,                // Raw content being scanned
-    source: String,                 // IDE source: "cursor", "claudecode", "github_copilot"
-    event: String,                  // Hook event name
-    user_email: String,             // User identifier
-
-    // Workspace
-    cwd: String,                   // Current working directory
-    workspace_root: String,        // Workspace/repository root
-
-    // Threat Detection
-    threat_count: Long,             // Total threats detected
-    highest_severity: String,       // "critical", "high", "medium", "low"
-    threat_categories: Set<String>, // Threat category names
-
-    yara_threats: Set<String>,      // YARA rule names
-    max_threat_severity: Long,      // Numeric severity (0-4)
-    contains_secrets: Bool,         // Whether secrets detected
-    prompt_text: String,           // Same as content (legacy)
-    response_content: String,      // Response content (if available)
-  },
-};
-
-// User calls a tool (native IDE tool or MCP tool)
-action call_tool appliesTo {
-  principal: [User, Agent],
-  resource: [Tool, FilePath],
-  context: {
-    // Event & Source
-    content: String,                // Raw content being scanned (e.g., shell command)
-    source: String,                 // IDE source
-    event: String,                  // Hook event name
-    user_email: String,             // User identifier
-
-    // Tool & MCP
-    tool_name: String,             // Normalized tool name ("shell", "read_file", etc.)
-    mcp_server: String,            // MCP server name
-    mcp_tool: String,              // MCP tool name
-
-    // File & Path
-    path: String,                  // File path (if file operation)
-
-    // Workspace
-    cwd: String,
-    workspace_root: String,
-
-    // Threat Detection
-    threat_count: Long,
-    highest_severity: String,
-    threat_categories: Set<String>,
-
-    yara_threats: Set<String>,
-    max_threat_severity: Long,
-    contains_secrets: Bool,
-    response_content: String,
-  },
-};
-
-// Connect to an MCP server
-action connect_server appliesTo {
-  principal: [User, Agent],
-  resource: [Server],
-  context: {
-    content: String,
-    source: String,
-    event: String,
-    user_email: String,
-    mcp_server: String,
-    threat_count: Long,
-    highest_severity: String,
-    threat_categories: Set<String>,
-    max_threat_severity: Long,
-  },
-};
-
-// Read a file from disk
-action read_file appliesTo {
-  principal: [User, Agent],
-  resource: [FilePath],
-  context: {
-    content: String,
-    source: String,
-    event: String,
-    user_email: String,
-    path: String,
-    cwd: String,
-    workspace_root: String,
-    threat_count: Long,
-    highest_severity: String,
-    threat_categories: Set<String>,
-    max_threat_severity: Long,
-    contains_secrets: Bool,
-  },
-};
-
-// Write a file to disk
-action write_file appliesTo {
-  principal: [User, Agent],
-  resource: [FilePath],
-  context: {
-    content: String,
-    source: String,
-    event: String,
-    user_email: String,
-    path: String,
-    cwd: String,
-    workspace_root: String,
-    threat_count: Long,
-    highest_severity: String,
-    threat_categories: Set<String>,
-    max_threat_severity: Long,
-    contains_secrets: Bool,
-  },
-};
-
-}
-`;
-
-/**
- * Palisade Cedar schema
- *
- * Full Cedar schema for ML supply chain security, including:
- * - Actions: scan_artifact, validate_integrity, validate_provenance, quarantine_artifact, load_model, deploy_model
- * - Entities: Scanner, Artifact, Package
- * - Context attributes for ML security findings
- */
-export const PALISADE_SCHEMA = `// Palisade Cedar Schema
-// =====================
-// ML Supply Chain Security & Artifact Scanning
-//
-// Palisade scans ML model artifacts (safetensors, GGUF, pickle, PyTorch) for
-// security vulnerabilities and enforces policies based on findings.
-//
-// Architecture:
-//   Scanner → Validators (Pickle, SafeTensors, GGUF, etc.) → Cedar Policy → Allow/Deny/Quarantine
-//
-// Supported Formats:
-//   - SafeTensors (.safetensors)
-//   - GGUF (.gguf)
-//   - Pickle (.pkl, .pickle, .pt)
-//   - PyTorch (.pth, .pt)
-//   - ONNX (.onnx)
-
-namespace Palisade {
-
-// =============================================================================
-// ENTITIES
-// =============================================================================
-
-// Security scanner service
-entity Scanner {
-  scanner_type: String,    // "palisade", "redteam", etc.
-};
-
-// ML model artifact
-entity Artifact {
-  artifact_format: String, // "safetensors", "gguf", "pickle", "pytorch", "onnx"
-  path: String,            // File path
-  signed: Bool,            // Whether digitally signed
-  signer: String,          // Who signed (if applicable)
-};
-
-// Software package (npm, PyPI, etc.)
-entity Package {
-  package_name: String,
-  package_version: String,
-};
-
-// =============================================================================
-// ACTIONS
-// =============================================================================
-
-// Scan an ML artifact for security issues
-action scan_artifact appliesTo {
-  principal: [Scanner],
-  resource: [Artifact],
-  context: {
-    // Core Finding & Severity
-    finding_type: String,              // Type of finding (e.g., "backdoor_detected", "safetensors_integrity_violation")
-    severity: String,                  // "CRITICAL", "HIGH", "MEDIUM", "LOW", "INFO"
-    environment: String,               // "production", "strict_production", "development", "permissive_development", "research"
-
-    // Artifact Metadata
-    artifact_format: String,           // "safetensors", "gguf", "pickle", "pytorch", "onnx"
-    path: String,                      // File path to artifact
-    artifact_signed: Bool,             // Whether artifact is digitally signed
-    provenance_signer: String,         // "unknown", "unsigned", or signer name
-
-    // Pickle Security
-    pickle_exec_path_detected: Bool,  // Pickle RCE execution path detected (CRITICAL)
-
-    // Tokenizer Security
-    tokenizer_added_tokens_count: Long, // Number of added tokens (0-5000+)
-
-    // LoRA Security
-    adapter_base_digest_mismatch: Bool, // LoRA adapter base model digest mismatch
-
-    // GGUF Security
-    gguf_suspicious_metadata: Bool,   // GGUF metadata contains suspicious patterns
-
-    // SafeTensors Security
-    safetensors_integrity_violation: Bool, // SafeTensors file integrity violated
-
-    // General Metadata Security
-    metadata_malicious_pattern: Bool, // Metadata contains malicious patterns
-
-    // CoSAI Maturity
-    metadata_cosai_level_numeric: Long, // CoSAI maturity level (0-5, higher = more trustworthy)
-
-    // Backdoor Detection
-    match_count: Long,                // Number of behavioral backdoor indicator matches
-  },
-};
-
-// Validate artifact integrity (checksum, signature)
-action validate_integrity appliesTo {
-  principal: [Scanner],
-  resource: [Artifact],
-  context: {
-    artifact_format: String,
-    path: String,
-    artifact_signed: Bool,
-    provenance_signer: String,
-    safetensors_integrity_violation: Bool,
-    finding_type: String,
-    severity: String,
-  },
-};
-
-// Validate artifact provenance (signer, origin)
-action validate_provenance appliesTo {
-  principal: [Scanner],
-  resource: [Artifact],
-  context: {
-    artifact_format: String,
-    path: String,
-    artifact_signed: Bool,
-    provenance_signer: String,
-    metadata_cosai_level_numeric: Long,
-    finding_type: String,
-    severity: String,
-  },
-};
-
-// Quarantine a malicious artifact
-action quarantine_artifact appliesTo {
-  principal: [Scanner],
-  resource: [Artifact],
-  context: {
-    finding_type: String,
-    severity: String,
-    environment: String,
-    artifact_format: String,
-    path: String,
-  },
-};
-
-// Load an ML model into memory
-action load_model appliesTo {
-  principal: [Scanner],
-  resource: [Artifact],
-  context: {
-    artifact_format: String,
-    environment: String,
-    artifact_signed: Bool,
-    severity: String,
-  },
-};
-
-// Deploy an ML model to production
-action deploy_model appliesTo {
-  principal: [Scanner],
-  resource: [Artifact],
-  context: {
-    artifact_format: String,
-    environment: String,
-    artifact_signed: Bool,
-    provenance_signer: String,
-    severity: String,
-  },
-};
-
-// Scan a software package
-action scan_package appliesTo {
-  principal: [Scanner],
-  resource: [Package],
-  context: {
-    finding_type: String,
-    severity: String,
-    environment: String,
-  },
-};
-
-}
-`;
-
-/**
- * Context attribute metadata for Overwatch actions.
- * Used by PolicyBuilder UI to generate form fields.
- */
-export interface ContextAttribute {
-  key: string;
-  type: 'string' | 'number' | 'boolean' | 'array';
-  required: boolean;
-  description: string;
-}
-
-export interface ActionContext {
-  name: string;
-  description: string;
-  context_attributes: ContextAttribute[];
-}
-
-export interface ServiceContext {
-  service: string;
-  version: string;
-  description: string;
-  actions: ActionContext[];
-}
-
-/**
- * Overwatch context metadata (parsed JSON)
- */
-export const OVERWATCH_CONTEXT: ServiceContext = {
-  "service": "overwatch",
-  "version": "1.0.0",
-  "description": "Overwatch (Guardian) IDE security & policy enforcement",
-  "actions": [
-    {
-      "name": "process_prompt",
-      "description": "User submits a prompt or receives AI response",
-      "context_attributes": [
-        { "key": "content", "type": "string", "required": true, "description": "Raw content being scanned (prompt, command, etc.)" },
-        { "key": "source", "type": "string", "required": true, "description": "IDE source: cursor, claudecode, github_copilot" },
-        { "key": "event", "type": "string", "required": true, "description": "Hook event name (e.g., beforeSubmitPrompt, UserPromptSubmit)" },
-        { "key": "user_email", "type": "string", "required": true, "description": "User identifier (OAuth verified or fallback)" },
-        { "key": "cwd", "type": "string", "required": false, "description": "Current working directory" },
-        { "key": "workspace_root", "type": "string", "required": false, "description": "Workspace/repository root path" },
-        { "key": "threat_count", "type": "number", "required": true, "description": "Total number of threats detected by YARA/Javelin" },
-        { "key": "highest_severity", "type": "string", "required": true, "description": "Highest severity level: critical, high, medium, low" },
-        { "key": "threat_categories", "type": "array", "required": true, "description": "Threat category names from aggregator" },
-
-        { "key": "yara_threats", "type": "array", "required": true, "description": "YARA rule names that matched" },
-        { "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0-4, where 4=CRITICAL)" },
-        { "key": "contains_secrets", "type": "boolean", "required": true, "description": "Whether secrets or credentials were detected" },
-        { "key": "prompt_text", "type": "string", "required": false, "description": "Same as content (legacy field)" },
-        { "key": "response_content", "type": "string", "required": false, "description": "Response content from AI (if available)" }
-      ]
-    },
-    {
-      "name": "call_tool",
-      "description": "User calls a tool (native IDE tool or MCP tool)",
-      "context_attributes": [
-        { "key": "content", "type": "string", "required": true, "description": "Raw content being scanned (e.g., shell command)" },
-        { "key": "source", "type": "string", "required": true, "description": "IDE source: cursor, claudecode, github_copilot" },
-        { "key": "event", "type": "string", "required": true, "description": "Hook event name (e.g., beforeShellExecution, PreToolUse)" },
-        { "key": "user_email", "type": "string", "required": true, "description": "User identifier" },
-        { "key": "tool_name", "type": "string", "required": false, "description": "Normalized tool name: shell, read_file, write_file, edit_file, etc." },
-        { "key": "mcp_server", "type": "string", "required": false, "description": "MCP server name (e.g., filesystem, playwright)" },
-        { "key": "mcp_tool", "type": "string", "required": false, "description": "MCP tool name (e.g., list_directory, navigate)" },
-        { "key": "path", "type": "string", "required": false, "description": "File path (if file operation)" },
-        { "key": "cwd", "type": "string", "required": false, "description": "Current working directory" },
-        { "key": "workspace_root", "type": "string", "required": false, "description": "Workspace/repository root path" },
-        { "key": "threat_count", "type": "number", "required": true, "description": "Total threats detected" },
-        { "key": "highest_severity", "type": "string", "required": true, "description": "Highest severity: critical, high, medium, low" },
-        { "key": "threat_categories", "type": "array", "required": true, "description": "Threat category names" },
-
-        { "key": "yara_threats", "type": "array", "required": true, "description": "YARA rule names" },
-        { "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0-4)" },
-        { "key": "contains_secrets", "type": "boolean", "required": true, "description": "Whether secrets detected" },
-        { "key": "response_content", "type": "string", "required": false, "description": "Response content (if available)" }
-      ]
-    },
-    {
-      "name": "connect_server",
-      "description": "Connect to an MCP server",
-      "context_attributes": [
-        { "key": "content", "type": "string", "required": true, "description": "Raw content being scanned" },
-        { "key": "source", "type": "string", "required": true, "description": "IDE source" },
-        { "key": "event", "type": "string", "required": true, "description": "Hook event name" },
-        { "key": "user_email", "type": "string", "required": true, "description": "User identifier" },
-        { "key": "mcp_server", "type": "string", "required": false, "description": "MCP server name" },
-        { "key": "threat_count", "type": "number", "required": true, "description": "Total threats detected" },
-        { "key": "highest_severity", "type": "string", "required": true, "description": "Highest severity level" },
-        { "key": "threat_categories", "type": "array", "required": true, "description": "Threat category names" },
-        { "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0-4)" }
-      ]
-    },
-    {
-      "name": "read_file",
-      "description": "Read a file from disk",
-      "context_attributes": [
-        { "key": "content", "type": "string", "required": true, "description": "File content or operation details" },
-        { "key": "source", "type": "string", "required": true, "description": "IDE source" },
-        { "key": "event", "type": "string", "required": true, "description": "Hook event name (e.g., beforeReadFile)" },
-        { "key": "user_email", "type": "string", "required": true, "description": "User identifier" },
-        { "key": "path", "type": "string", "required": false, "description": "File path being read" },
-        { "key": "file_path", "type": "string", "required": false, "description": "Duplicate of path field" },
-        { "key": "cwd", "type": "string", "required": false, "description": "Current working directory" },
-        { "key": "workspace_root", "type": "string", "required": false, "description": "Workspace root path" },
-        { "key": "threat_count", "type": "number", "required": true, "description": "Total threats detected" },
-        { "key": "highest_severity", "type": "string", "required": true, "description": "Highest severity level" },
-        { "key": "threat_categories", "type": "array", "required": true, "description": "Threat categories" },
-        { "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0-4)" },
-        { "key": "contains_secrets", "type": "boolean", "required": true, "description": "Whether secrets detected" }
-      ]
-    },
-    {
-      "name": "write_file",
-      "description": "Write a file to disk",
-      "context_attributes": [
-        { "key": "content", "type": "string", "required": true, "description": "File content being written" },
-        { "key": "source", "type": "string", "required": true, "description": "IDE source" },
-        { "key": "event", "type": "string", "required": true, "description": "Hook event name" },
-        { "key": "user_email", "type": "string", "required": true, "description": "User identifier" },
-        { "key": "path", "type": "string", "required": false, "description": "File path being written" },
-        { "key": "file_path", "type": "string", "required": false, "description": "Duplicate of path field" },
-        { "key": "cwd", "type": "string", "required": false, "description": "Current working directory" },
-        { "key": "workspace_root", "type": "string", "required": false, "description": "Workspace root path" },
-        { "key": "threat_count", "type": "number", "required": true, "description": "Total threats detected" },
-        { "key": "highest_severity", "type": "string", "required": true, "description": "Highest severity level" },
-        { "key": "threat_categories", "type": "array", "required": true, "description": "Threat categories" },
-        { "key": "max_threat_severity", "type": "number", "required": true, "description": "Numeric severity (0-4)" },
-        { "key": "contains_secrets", "type": "boolean", "required": true, "description": "Whether secrets detected" }
-      ]
-    }
-  ]
-};
-
-/**
- * Palisade context metadata (parsed JSON)
- */
-export const PALISADE_CONTEXT: ServiceContext = {
-  "service": "palisade",
-  "version": "1.0.0",
-  "description": "Palisade ML supply chain security & artifact scanning",
-  "actions": [
-    {
-      "name": "scan_artifact",
-      "description": "Scan an ML artifact for security issues",
-      "context_attributes": [
-        { "key": "finding_type", "type": "string", "required": true, "description": "Type of security finding (e.g., backdoor_detected, safetensors_integrity_violation)" },
-        { "key": "severity", "type": "string", "required": true, "description": "Severity level: CRITICAL, HIGH, MEDIUM, LOW, INFO" },
-        { "key": "environment", "type": "string", "required": true, "description": "Deployment environment: production, strict_production, development, permissive_development, research" },
-        { "key": "artifact_format", "type": "string", "required": true, "description": "Model format: safetensors, gguf, pickle, pytorch, onnx" },
-        { "key": "path", "type": "string", "required": true, "description": "File path to the ML artifact" },
-        { "key": "artifact_signed", "type": "boolean", "required": true, "description": "Whether the artifact is digitally signed" },
-        { "key": "provenance_signer", "type": "string", "required": true, "description": "Who signed the artifact: unknown, unsigned, or signer name" },
-        { "key": "pickle_exec_path_detected", "type": "boolean", "required": false, "description": "Pickle RCE execution path detected (CRITICAL security issue)" },
-        { "key": "tokenizer_added_tokens_count", "type": "number", "required": false, "description": "Number of added tokens in tokenizer (0-5000+, high count suspicious)" },
-        { "key": "adapter_base_digest_mismatch", "type": "boolean", "required": false, "description": "LoRA adapter base model digest mismatch (integrity issue)" },
-        { "key": "gguf_suspicious_metadata", "type": "boolean", "required": false, "description": "GGUF metadata contains suspicious patterns" },
-        { "key": "safetensors_integrity_violation", "type": "boolean", "required": false, "description": "SafeTensors file integrity violated or corrupted" },
-        { "key": "metadata_malicious_pattern", "type": "boolean", "required": false, "description": "Metadata contains malicious patterns" },
-        { "key": "metadata_cosai_level_numeric", "type": "number", "required": false, "description": "CoSAI maturity level (0-5, where higher = more trustworthy)" },
-        { "key": "match_count", "type": "number", "required": false, "description": "Number of behavioral backdoor indicator matches (for confidence scoring)" }
-      ]
-    },
-    {
-      "name": "validate_integrity",
-      "description": "Validate artifact integrity (checksum, signature)",
-      "context_attributes": [
-        { "key": "artifact_format", "type": "string", "required": true, "description": "Model format" },
-        { "key": "path", "type": "string", "required": true, "description": "File path" },
-        { "key": "artifact_signed", "type": "boolean", "required": true, "description": "Whether digitally signed" },
-        { "key": "provenance_signer", "type": "string", "required": true, "description": "Signer name" },
-        { "key": "safetensors_integrity_violation", "type": "boolean", "required": false, "description": "SafeTensors integrity check result" },
-        { "key": "finding_type", "type": "string", "required": false, "description": "Type of integrity finding" },
-        { "key": "severity", "type": "string", "required": false, "description": "Severity of integrity issue" }
-      ]
-    },
-    {
-      "name": "validate_provenance",
-      "description": "Validate artifact provenance (signer, origin)",
-      "context_attributes": [
-        { "key": "artifact_format", "type": "string", "required": true, "description": "Model format" },
-        { "key": "path", "type": "string", "required": true, "description": "File path" },
-        { "key": "artifact_signed", "type": "boolean", "required": true, "description": "Whether signed" },
-        { "key": "provenance_signer", "type": "string", "required": true, "description": "Signer identity" },
-        { "key": "metadata_cosai_level_numeric", "type": "number", "required": false, "description": "CoSAI maturity level" },
-        { "key": "finding_type", "type": "string", "required": false, "description": "Type of provenance finding" },
-        { "key": "severity", "type": "string", "required": false, "description": "Severity level" }
-      ]
-    },
-    {
-      "name": "quarantine_artifact",
-      "description": "Quarantine a malicious artifact",
-      "context_attributes": [
-        { "key": "finding_type", "type": "string", "required": true, "description": "Type of security finding" },
-        { "key": "severity", "type": "string", "required": true, "description": "Severity level" },
-        { "key": "environment", "type": "string", "required": true, "description": "Deployment environment" },
-        { "key": "artifact_format", "type": "string", "required": true, "description": "Model format" },
-        { "key": "path", "type": "string", "required": true, "description": "File path" }
-      ]
-    },
-    {
-      "name": "load_model",
-      "description": "Load an ML model into memory",
-      "context_attributes": [
-        { "key": "artifact_format", "type": "string", "required": true, "description": "Model format" },
-        { "key": "environment", "type": "string", "required": true, "description": "Deployment environment" },
-        { "key": "artifact_signed", "type": "boolean", "required": true, "description": "Whether signed" },
-        { "key": "severity", "type": "string", "required": false, "description": "Severity of any findings" }
-      ]
-    },
-    {
-      "name": "deploy_model",
-      "description": "Deploy an ML model to production",
-      "context_attributes": [
-        { "key": "artifact_format", "type": "string", "required": true, "description": "Model format" },
-        { "key": "environment", "type": "string", "required": true, "description": "Deployment environment" },
-        { "key": "artifact_signed", "type": "boolean", "required": true, "description": "Whether signed" },
-        { "key": "provenance_signer", "type": "string", "required": true, "description": "Signer identity" },
-        { "key": "severity", "type": "string", "required": false, "description": "Severity of any findings" }
-      ]
-    },
-    {
-      "name": "scan_package",
-      "description": "Scan a software package",
-      "context_attributes": [
-        { "key": "finding_type", "type": "string", "required": false, "description": "Type of finding" },
-        { "key": "severity", "type": "string", "required": false, "description": "Severity level" },
-        { "key": "environment", "type": "string", "required": true, "description": "Deployment environment" }
-      ]
-    }
-  ]
-};