@mitre/hdf-schema 2.0.0 → 3.0.1

package/src/schemas/primitives/extensions.schema.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/extensions/v2.0.0",
+  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/extensions/v3.0.0",
   "title": "HDF Extension Primitives",
   "description": "Extension types for waivers, attestations, generators, and integrity.",
   "$defs": {
@@ -17,11 +17,11 @@
       ],
       "properties": {
         "type": {
-          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/amendments/v2.0.0#/$defs/Override_Type",
+          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/amendments/v3.0.0#/$defs/Override_Type",
           "description": "The type of status override applied to this requirement."
         },
         "status": {
-          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/result/v2.0.0#/$defs/Result_Status",
+          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/result/v3.0.0#/$defs/Result_Status",
           "description": "The new status this override sets for the requirement. This intentionally changes the compliance status."
         },
         "reason": {
@@ -29,7 +29,7 @@
           "description": "Explanation for why this status override was applied."
         },
         "appliedBy": {
-          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v2.0.0#/$defs/Identity",
+          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Identity",
           "description": "Identity of who applied this status override. For simple cases, use type 'simple' with just an identifier."
         },
         "appliedAt": {
@@ -43,18 +43,18 @@
           "description": "Timestamp when this status override expires and must be reviewed/renewed. REQUIRED - no permanent status overrides allowed. ISO 8601 format."
         },
         "signature": {
-          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v2.0.0#/$defs/Signature",
+          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Signature",
           "description": "Optional digital signature for enhanced trust and non-repudiation. Supports hardware security tokens (PKCS#11/PKCS#12), Yubikeys, GPG keys, passkeys, and other signing methods."
         },
         "evidence": {
           "type": "array",
           "items": {
-            "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v2.0.0#/$defs/Evidence"
+            "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Evidence"
           },
           "description": "Supporting evidence for this status override, such as screenshots demonstrating manual verification for attestations."
         },
         "previousChecksum": {
-          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v2.0.0#/$defs/Checksum",
+          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Checksum",
           "description": "SHA-256 checksum of the previous amendment in chronological order. Creates a tamper-evident chain of amendments (similar to blockchain). Null for the first amendment on a requirement."
         }
       },
@@ -124,7 +124,7 @@
           "description": "Detailed explanation of the plan, including what actions will be taken."
         },
         "appliedBy": {
-          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v2.0.0#/$defs/Identity",
+          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Identity",
           "description": "Identity of who created this POA&M. For simple cases, use type 'simple' with just an identifier."
         },
         "appliedAt": {
@@ -140,23 +140,23 @@
         "milestones": {
           "type": "array",
           "items": {
-            "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v2.0.0#/$defs/Milestone"
+            "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Milestone"
           },
           "description": "Optional array of milestones tracking progress toward completion."
         },
         "signature": {
-          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v2.0.0#/$defs/Signature",
+          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Signature",
           "description": "Optional digital signature for enhanced trust and non-repudiation."
         },
         "evidence": {
           "type": "array",
           "items": {
-            "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v2.0.0#/$defs/Evidence"
+            "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Evidence"
           },
           "description": "Supporting evidence for this POA&M, such as documentation of compensating controls or mitigation implementation."
         },
         "previousChecksum": {
-          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v2.0.0#/$defs/Checksum",
+          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Checksum",
           "description": "SHA-256 checksum of the previous amendment in chronological order. Creates a tamper-evident chain of amendments (similar to blockchain). Null for the first amendment on a requirement."
         }
       },
@@ -307,7 +307,7 @@
       },
       "properties": {
         "algorithm": {
-          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v2.0.0#/$defs/Hash_Algorithm",
+          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Hash_Algorithm",
           "description": "The hash algorithm used for the checksum."
         },
         "checksum": {

package/src/schemas/primitives/parameter.schema.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/parameter/v2.0.0",
+  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/parameter/v3.0.0",
   "title": "HDF Parameter Primitives",
   "description": "Input/parameter type definitions for typed, traceable configuration values that bridge governance prose and scanner automation.",
   "$defs": {

package/src/schemas/primitives/plan.schema.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/plan/v2.0.0",
+  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/plan/v3.0.0",
   "title": "HDF Plan Primitives",
   "description": "Types for defining assessment plans — what to scan, how to configure it, and when to run.",
   "$defs": {
@@ -48,7 +48,7 @@
           "description": "componentId of the system component this assessment targets. Use for direct component binding. Alternative to targetSelector."
         },
         "targetSelector": {
-          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/system/v2.0.0#/$defs/Target_Selector",
+          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/system/v3.0.0#/$defs/Target_Selector",
           "description": "Label selector to match targets for this assessment. Overrides the system component's targetSelector if provided."
         },
         "inputs": {

package/src/schemas/primitives/platform.schema.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/platform/v2.0.0",
+  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/platform/v3.0.0",
   "title": "HDF Platform Primitive",
   "description": "Legacy platform information for backward compatibility with existing HDF documents.",
   "$defs": {

package/src/schemas/primitives/result.schema.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/result/v2.0.0",
+  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/result/v3.0.0",
   "title": "HDF Result Primitives",
   "description": "Types for representing assessment results and statuses.",
   "$defs": {

package/src/schemas/primitives/runner.schema.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/runner/v2.0.0",
+  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/runner/v3.0.0",
   "title": "HDF Runner Primitive",
   "description": "Information about the test execution environment where the security tool/scanner was executed.",
   "$defs": {
@@ -34,7 +34,7 @@
           "description": "The container instance identifier. Example: 'a1b2c3d4e5f6', 'security-scan-job-xyz123'. Can be a Docker container ID, Kubernetes pod name, or other container runtime identifier."
         },
         "operator": {
-          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v2.0.0#/$defs/Identity",
+          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Identity",
           "description": "The identity of the person or system responsible for executing the test. This could be a human auditor manually completing a checklist, an automated CI/CD system, or a security tool. Optional field to support both automated and manual HDF generation."
         }
       },

package/src/schemas/primitives/statistics.schema.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/statistics/v2.0.0",
+  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/statistics/v3.0.0",
   "title": "HDF Statistics Primitives",
   "description": "Statistics types for tracking assessment run metrics.",
   "$defs": {

package/src/schemas/primitives/system.schema.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/system/v2.0.0",
+  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/system/v3.0.0",
   "title": "HDF System Primitives",
   "description": "Types for describing system architecture, authorization boundaries, and components.",
   "$defs": {
@@ -51,7 +51,7 @@
           "description": "Rationale for why this override is needed."
         },
         "approvedBy": {
-          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v2.0.0#/$defs/Identity",
+          "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Identity",
           "description": "Identity of the person or system that approved this override."
         }
       },

package/src/schemas/primitives/target.schema.json

@@ -1,6 +1,6 @@
 {
   "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/target/v2.0.0",
+  "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/target/v3.0.0",
   "title": "HDF Target Primitives",
   "description": "Polymorphic target system supporting diverse scan targets from 35+ security tools.",
   "$defs": {
@@ -266,7 +266,7 @@
               "const": "cloudAccount"
             },
             "provider": {
-              "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v2.0.0#/$defs/Cloud_Provider",
+              "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Cloud_Provider",
               "description": "Cloud provider."
             },
             "accountId": {
@@ -295,7 +295,7 @@
               "const": "cloudResource"
             },
             "provider": {
-              "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v2.0.0#/$defs/Cloud_Provider",
+              "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Cloud_Provider",
               "description": "Cloud provider."
             },
             "resourceType": {

package/LICENSE.md

@@ -1,55 +0,0 @@
-# License
-
-Copyright © 2025 The MITRE Corporation.
-
-Approved for Public Release; Distribution Unlimited. Case Number 18-3678.
-
-Licensed under the Apache License, Version 2.0 (the "License"); you may
-not use this file except in compliance with the License. You may obtain a
-copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-License for the specific language governing permissions and limitations
-under the License.
-
-## Redistribution Terms
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-- Redistributions of source code must retain the above copyright/digital
-  rights legend, this list of conditions and the following Notice.
-- Redistributions in binary form must reproduce the above
-  copyright/digital rights legend, this list of conditions and the
-  following Notice in the documentation and/or other materials provided
-  with the distribution.
-- Neither the name of The MITRE Corporation nor the names of its contributors
-  may be used to endorse or promote products derived from this software
-  without specific prior written permission.
-
-## Notice
-
-The MITRE Corporation grants permission to reproduce, distribute, modify, and
-otherwise use this software to the extent permitted by the licensed terms
-provided in the LICENSE file included with this project.
-
-This software was produced by The MITRE Corporation for the U.S. Government
-under contract. As such the U.S. Government has certain use and data
-rights in this software. No use other than those granted to the U.S.
-Government, or to those acting on behalf of the U.S. Government, under
-these contract arrangements is authorized without the express written
-permission of The MITRE Corporation.
-
-Some files in this codebase were generated by generative AI, under the
-direction and review of The MITRE Corporation employees, for the purpose of
-development efficiency. All AI-generated code functionality was validated
-by standard quality and assurance testing.
-
-For further information, please contact The MITRE Corporation,
-Contracts Management Office, 7515 Colshire Drive, McLean, VA 22102-7539,
-(703) 983-6000.