@mitre/hdf-schema 3.0.1 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/LICENSE.md +55 -0
  2. package/README.md +83 -40
  3. package/dist/go/hdf.go +148 -104
  4. package/dist/index.d.ts +26 -1
  5. package/dist/index.js +26 -1
  6. package/dist/schemas/hdf-amendments.schema.json +178 -53
  7. package/dist/schemas/hdf-baseline.schema.json +181 -56
  8. package/dist/schemas/hdf-comparison.schema.json +523 -108
  9. package/dist/schemas/hdf-evidence-package.schema.json +175 -50
  10. package/dist/schemas/hdf-plan.schema.json +181 -56
  11. package/dist/schemas/hdf-results.schema.json +502 -87
  12. package/dist/schemas/hdf-system.schema.json +190 -65
  13. package/dist/ts/hdf-amendments.d.ts +43 -15
  14. package/dist/ts/hdf-amendments.js +18 -7
  15. package/dist/ts/hdf-amendments.ts +44 -15
  16. package/dist/ts/hdf-results.d.ts +91 -37
  17. package/dist/ts/hdf-results.js +40 -20
  18. package/dist/ts/hdf-results.ts +91 -36
  19. package/package.json +44 -45
  20. package/dist/python/hdf_amendments.py +0 -695
  21. package/dist/python/hdf_baseline.py +0 -782
  22. package/dist/python/hdf_comparison.py +0 -1771
  23. package/dist/python/hdf_evidence_package.py +0 -593
  24. package/dist/python/hdf_plan.py +0 -363
  25. package/dist/python/hdf_results.py +0 -2163
  26. package/dist/python/hdf_system.py +0 -904
  27. package/src/schemas/hdf-amendments.schema.json +0 -97
  28. package/src/schemas/hdf-baseline.schema.json +0 -190
  29. package/src/schemas/hdf-comparison.schema.json +0 -107
  30. package/src/schemas/hdf-evidence-package.schema.json +0 -227
  31. package/src/schemas/hdf-plan.schema.json +0 -92
  32. package/src/schemas/hdf-results.schema.json +0 -304
  33. package/src/schemas/hdf-system.schema.json +0 -136
  34. package/src/schemas/primitives/amendments.schema.json +0 -155
  35. package/src/schemas/primitives/common.schema.json +0 -814
  36. package/src/schemas/primitives/comparison.schema.json +0 -809
  37. package/src/schemas/primitives/component.schema.json +0 -518
  38. package/src/schemas/primitives/data-flow.schema.json +0 -158
  39. package/src/schemas/primitives/extensions.schema.json +0 -342
  40. package/src/schemas/primitives/parameter.schema.json +0 -128
  41. package/src/schemas/primitives/plan.schema.json +0 -128
  42. package/src/schemas/primitives/platform.schema.json +0 -32
  43. package/src/schemas/primitives/result.schema.json +0 -133
  44. package/src/schemas/primitives/runner.schema.json +0 -83
  45. package/src/schemas/primitives/statistics.schema.json +0 -71
  46. package/src/schemas/primitives/system.schema.json +0 -132
  47. package/src/schemas/primitives/target.schema.json +0 -523
package/src/schemas/primitives/component.schema.json DELETED
@@ -1,518 +0,0 @@
1
- {
2
- "$schema": "https://json-schema.org/draft/2020-12/schema",
3
- "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/component/v3.0.0",
4
- "title": "HDF Component Primitives",
5
- "description": "First-class system component with identity, polymorphic type, SBOM embedding, and system-binding properties. Components are the successor to Targets, adding stable identity (componentId), external system cross-references, and software inventory.",
6
- "$defs": {
7
- "Base_Component": {
8
- "type": "object",
9
- "additionalProperties": true,
10
- "required": [
11
- "type",
12
- "name"
13
- ],
14
- "properties": {
15
- "type": {
16
- "type": "string",
17
- "description": "Component type discriminator. Same values as Target types."
18
- },
19
- "name": {
20
- "type": "string",
21
- "description": "Human-readable name for this component."
22
- },
23
- "componentId": {
24
- "type": "string",
25
- "format": "uuid",
26
- "description": "Stable UUID (RFC 4122) for this component. Required in hdf-system documents, optional in hdf-results. Enables cross-document correlation, diffing, and data flow references."
27
- },
28
- "description": {
29
- "type": "string",
30
- "description": "Description of this component's role or purpose."
31
- },
32
- "owner": {
33
- "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Identity",
34
- "description": "Team or individual responsible for this component. Enables per-component ownership when different teams manage different parts of a system."
35
- },
36
- "externalIds": {
37
- "type": "object",
38
- "additionalProperties": {
39
- "type": "string"
40
- },
41
- "description": "Map of external identifier scheme to value. Well-known schemes: aws (instance ID), azure (resource ID), cmdb (asset ID), emass (system ID), cve (CVE ID). Custom schemes are allowed."
42
- },
43
- "labels": {
44
- "type": "object",
45
- "additionalProperties": {
46
- "type": "string"
47
- },
48
- "description": "Optional key-value labels for flexible grouping. Well-known keys: system, component, environment, region, team. Values must be strings."
49
- },
50
- "sbom": {
51
- "description": "Embedded CycloneDX or SPDX SBOM document representing this component's software inventory. The sbomFormat field determines which format constraints apply.",
52
- "$comment": "Validated conditionally: CycloneDX requires bomFormat='CycloneDX' + specVersion; SPDX requires spdxVersion + SPDXID. Full SBOM schema validation is a tool-level concern."
53
- },
54
- "sbomRef": {
55
- "type": "string",
56
- "format": "uri-reference",
57
- "description": "URI reference to an external CycloneDX or SPDX SBOM document for this component. May be a relative path, absolute URI, or fragment identifier."
58
- },
59
- "sbomFormat": {
60
- "type": "string",
61
- "enum": [
62
- "cyclonedx",
63
- "spdx"
64
- ],
65
- "description": "Format of the SBOM (embedded or referenced). Required when sbom or sbomRef is present."
66
- },
67
- "baselineRefs": {
68
- "type": "array",
69
- "items": {
70
- "type": "string"
71
- },
72
- "description": "Names of baselines that apply to this component."
73
- },
74
- "inputOverrides": {
75
- "type": "array",
76
- "items": {
77
- "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/system/v3.0.0#/$defs/Input_Override"
78
- },
79
- "description": "System-specific overrides for baseline input values."
80
- },
81
- "targetSelector": {
82
- "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/system/v3.0.0#/$defs/Target_Selector",
83
- "description": "Label selector to match targets belonging to this component during migration. Targets with matching labels are automatically included."
84
- }
85
- },
86
- "allOf": [
87
- {
88
- "if": {
89
- "allOf": [
90
- {
91
- "properties": { "sbomFormat": { "const": "cyclonedx" } },
92
- "required": ["sbomFormat"]
93
- },
94
- {
95
- "properties": { "sbom": { "type": "object" } },
96
- "required": ["sbom"]
97
- }
98
- ]
99
- },
100
- "then": {
101
- "properties": {
102
- "sbom": {
103
- "type": "object",
104
- "required": ["bomFormat", "specVersion"],
105
- "properties": {
106
- "bomFormat": {
107
- "type": "string",
108
- "const": "CycloneDX",
109
- "description": "Must be 'CycloneDX' for CycloneDX SBOM documents."
110
- },
111
- "specVersion": {
112
- "type": "string",
113
- "description": "CycloneDX specification version (e.g., '1.4', '1.5', '1.6')."
114
- }
115
- },
116
- "additionalProperties": true
117
- }
118
- }
119
- }
120
- },
121
- {
122
- "if": {
123
- "allOf": [
124
- {
125
- "properties": { "sbomFormat": { "const": "spdx" } },
126
- "required": ["sbomFormat"]
127
- },
128
- {
129
- "properties": { "sbom": { "type": "object" } },
130
- "required": ["sbom"]
131
- }
132
- ]
133
- },
134
- "then": {
135
- "properties": {
136
- "sbom": {
137
- "type": "object",
138
- "required": ["spdxVersion", "SPDXID"],
139
- "properties": {
140
- "spdxVersion": {
141
- "type": "string",
142
- "description": "SPDX specification version (e.g., 'SPDX-2.3')."
143
- },
144
- "SPDXID": {
145
- "type": "string",
146
- "description": "SPDX document identifier (e.g., 'SPDXRef-DOCUMENT')."
147
- }
148
- },
149
- "additionalProperties": true
150
- }
151
- }
152
- }
153
- }
154
- ],
155
- "description": "Base properties shared by all component types. Extends the Target concept with stable identity, external references, and SBOM embedding.",
156
- "title": "Base Component"
157
- },
158
- "Component": {
159
- "description": "A system component. Uses discriminated union pattern with 'type' field as discriminator. Superset of Target with identity, external IDs, and SBOM support.",
160
- "title": "Component",
161
- "oneOf": [
162
- { "$ref": "#/$defs/Host_Component" },
163
- { "$ref": "#/$defs/Container_Image_Component" },
164
- { "$ref": "#/$defs/Container_Instance_Component" },
165
- { "$ref": "#/$defs/Container_Platform_Component" },
166
- { "$ref": "#/$defs/Cloud_Account_Component" },
167
- { "$ref": "#/$defs/Cloud_Resource_Component" },
168
- { "$ref": "#/$defs/Repository_Component" },
169
- { "$ref": "#/$defs/Application_Component" },
170
- { "$ref": "#/$defs/Artifact_Component" },
171
- { "$ref": "#/$defs/Network_Component" },
172
- { "$ref": "#/$defs/Database_Component" }
173
- ]
174
- },
175
- "Host_Component": {
176
- "allOf": [
177
- { "$ref": "#/$defs/Base_Component" },
178
- {
179
- "type": "object",
180
- "properties": {
181
- "type": { "const": "host" },
182
- "fqdn": {
183
- "type": "string",
184
- "format": "hostname",
185
- "description": "Fully qualified domain name."
186
- },
187
- "ipAddress": {
188
- "anyOf": [
189
- { "type": "string", "format": "ipv4" },
190
- { "type": "string", "format": "ipv6" }
191
- ],
192
- "description": "IP address of the host."
193
- },
194
- "macAddress": {
195
- "type": "string",
196
- "pattern": "^([0-9A-Fa-f]{2}:){5}[0-9A-Fa-f]{2}$",
197
- "description": "MAC address in colon-separated hexadecimal format."
198
- },
199
- "osName": {
200
- "type": "string",
201
- "description": "Operating system name."
202
- },
203
- "osVersion": {
204
- "type": "string",
205
- "description": "Operating system version."
206
- }
207
- }
208
- }
209
- ],
210
- "examples": [
211
- {
212
- "type": "host",
213
- "name": "web-server-prod-01",
214
- "componentId": "a1b2c3d4-e5f6-4a7b-8c9d-0e1f2a3b4c5d",
215
- "fqdn": "web01.prod.example.com",
216
- "ipAddress": "10.0.1.50",
217
- "osName": "Ubuntu",
218
- "osVersion": "22.04 LTS",
219
- "externalIds": {
220
- "cmdb": "ASSET-12345",
221
- "aws": "i-0abc123def456789"
222
- }
223
- }
224
- ],
225
- "description": "A physical or virtual server, workstation, or network device.",
226
- "title": "Host Component"
227
- },
228
- "Container_Image_Component": {
229
- "allOf": [
230
- { "$ref": "#/$defs/Base_Component" },
231
- {
232
- "type": "object",
233
- "properties": {
234
- "type": { "const": "containerImage" },
235
- "imageId": {
236
- "type": "string",
237
- "description": "Container image ID."
238
- },
239
- "registry": {
240
- "type": "string",
241
- "description": "Container registry. Example: 'docker.io'."
242
- },
243
- "repository": {
244
- "type": "string",
245
- "description": "Repository name. Example: 'library/nginx'."
246
- },
247
- "tag": {
248
- "type": "string",
249
- "description": "Image tag. Example: '1.25'."
250
- },
251
- "digest": {
252
- "type": "string",
253
- "pattern": "^(sha256:[a-f0-9]{64}|sha512:[a-f0-9]{128}|blake3:[a-f0-9]{64})$",
254
- "description": "Image digest for immutable reference."
255
- }
256
- }
257
- }
258
- ],
259
- "description": "A static container image (not running).",
260
- "title": "Container Image Component"
261
- },
262
- "Container_Instance_Component": {
263
- "allOf": [
264
- { "$ref": "#/$defs/Base_Component" },
265
- {
266
- "type": "object",
267
- "properties": {
268
- "type": { "const": "containerInstance" },
269
- "containerId": {
270
- "type": "string",
271
- "description": "Running container ID."
272
- },
273
- "image": {
274
- "type": "string",
275
- "description": "Image the container was started from."
276
- },
277
- "runtime": {
278
- "type": "string",
279
- "description": "Container runtime. Example: 'docker', 'containerd', 'cri-o'."
280
- }
281
- }
282
- }
283
- ],
284
- "description": "A running container instance.",
285
- "title": "Container Instance Component"
286
- },
287
- "Container_Platform_Component": {
288
- "allOf": [
289
- { "$ref": "#/$defs/Base_Component" },
290
- {
291
- "type": "object",
292
- "properties": {
293
- "type": { "const": "containerPlatform" },
294
- "platformType": {
295
- "type": "string",
296
- "description": "Platform type. Example: 'kubernetes', 'openshift', 'ecs', 'docker-swarm'."
297
- },
298
- "clusterName": {
299
- "type": "string",
300
- "description": "Cluster name."
301
- },
302
- "namespace": {
303
- "type": "string",
304
- "description": "Namespace within the cluster, if applicable."
305
- },
306
- "version": {
307
- "type": "string",
308
- "description": "Platform version."
309
- }
310
- }
311
- }
312
- ],
313
- "description": "A container orchestration platform (Kubernetes, OpenShift, ECS, etc.).",
314
- "title": "Container Platform Component"
315
- },
316
- "Cloud_Account_Component": {
317
- "allOf": [
318
- { "$ref": "#/$defs/Base_Component" },
319
- {
320
- "type": "object",
321
- "properties": {
322
- "type": { "const": "cloudAccount" },
323
- "provider": {
324
- "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Cloud_Provider",
325
- "description": "Cloud provider."
326
- },
327
- "accountId": {
328
- "type": "string",
329
- "description": "Cloud account identifier."
330
- },
331
- "region": {
332
- "type": "string",
333
- "description": "Cloud region, if applicable."
334
- }
335
- }
336
- }
337
- ],
338
- "examples": [
339
- {
340
- "type": "cloudAccount",
341
- "name": "Production AWS Account",
342
- "componentId": "f1e2d3c4-b5a6-4978-8069-1a2b3c4d5e6f",
343
- "provider": "aws",
344
- "accountId": "123456789012",
345
- "region": "us-east-1"
346
- }
347
- ],
348
- "description": "A cloud provider account (AWS account, Azure subscription, GCP project).",
349
- "title": "Cloud Account Component"
350
- },
351
- "Cloud_Resource_Component": {
352
- "allOf": [
353
- { "$ref": "#/$defs/Base_Component" },
354
- {
355
- "type": "object",
356
- "properties": {
357
- "type": { "const": "cloudResource" },
358
- "provider": {
359
- "$ref": "https://mitre.github.io/hdf-libs/schemas/primitives/common/v3.0.0#/$defs/Cloud_Provider",
360
- "description": "Cloud provider."
361
- },
362
- "resourceType": {
363
- "type": "string",
364
- "description": "Type of cloud resource. Example: 'ec2:instance', 's3:bucket'."
365
- },
366
- "resourceId": {
367
- "type": "string",
368
- "description": "Provider-specific resource identifier."
369
- },
370
- "arn": {
371
- "type": "string",
372
- "description": "Amazon Resource Name (AWS only)."
373
- },
374
- "region": {
375
- "type": "string",
376
- "description": "Cloud region where the resource resides."
377
- }
378
- }
379
- }
380
- ],
381
- "description": "A specific cloud resource (EC2 instance, S3 bucket, Azure VM, etc.).",
382
- "title": "Cloud Resource Component"
383
- },
384
- "Repository_Component": {
385
- "allOf": [
386
- { "$ref": "#/$defs/Base_Component" },
387
- {
388
- "type": "object",
389
- "properties": {
390
- "type": { "const": "repository" },
391
- "url": {
392
- "type": "string",
393
- "format": "uri",
394
- "description": "Repository URL."
395
- },
396
- "branch": {
397
- "type": "string",
398
- "description": "Branch that was scanned."
399
- },
400
- "commit": {
401
- "type": "string",
402
- "description": "Commit SHA that was scanned."
403
- }
404
- }
405
- }
406
- ],
407
- "description": "A code repository (for SAST tools).",
408
- "title": "Repository Component"
409
- },
410
- "Application_Component": {
411
- "allOf": [
412
- { "$ref": "#/$defs/Base_Component" },
413
- {
414
- "type": "object",
415
- "properties": {
416
- "type": { "const": "application" },
417
- "url": {
418
- "type": "string",
419
- "format": "uri",
420
- "description": "Application URL (for DAST tools)."
421
- },
422
- "version": {
423
- "type": "string",
424
- "description": "Application version."
425
- },
426
- "environment": {
427
- "type": "string",
428
- "description": "Environment. Example: 'production', 'staging', 'development'."
429
- }
430
- }
431
- }
432
- ],
433
- "description": "A running application or API (for DAST tools).",
434
- "title": "Application Component"
435
- },
436
- "Artifact_Component": {
437
- "allOf": [
438
- { "$ref": "#/$defs/Base_Component" },
439
- {
440
- "type": "object",
441
- "properties": {
442
- "type": { "const": "artifact" },
443
- "packageManager": {
444
- "type": "string",
445
- "description": "Package manager. Example: 'npm', 'maven', 'pip', 'nuget'."
446
- },
447
- "packageName": {
448
- "type": "string",
449
- "description": "Package name."
450
- },
451
- "version": {
452
- "type": "string",
453
- "description": "Package version."
454
- },
455
- "checksum": {
456
- "type": "string",
457
- "description": "Package checksum for verification."
458
- }
459
- }
460
- }
461
- ],
462
- "description": "A software artifact or dependency (for SCA tools).",
463
- "title": "Artifact Component"
464
- },
465
- "Network_Component": {
466
- "allOf": [
467
- { "$ref": "#/$defs/Base_Component" },
468
- {
469
- "type": "object",
470
- "properties": {
471
- "type": { "const": "network" },
472
- "cidr": {
473
- "type": "string",
474
- "description": "Network CIDR block."
475
- },
476
- "gateway": {
477
- "type": "string",
478
- "description": "Network gateway address."
479
- }
480
- }
481
- }
482
- ],
483
- "description": "A network segment or network device.",
484
- "title": "Network Component"
485
- },
486
- "Database_Component": {
487
- "allOf": [
488
- { "$ref": "#/$defs/Base_Component" },
489
- {
490
- "type": "object",
491
- "properties": {
492
- "type": { "const": "database" },
493
- "engine": {
494
- "type": "string",
495
- "description": "Database engine. Example: 'postgresql', 'mysql', 'oracle', 'mssql'."
496
- },
497
- "version": {
498
- "type": "string",
499
- "description": "Database version."
500
- },
501
- "host": {
502
- "type": "string",
503
- "description": "Database host."
504
- },
505
- "port": {
506
- "type": "integer",
507
- "minimum": 1,
508
- "maximum": 65535,
509
- "description": "Database port."
510
- }
511
- }
512
- }
513
- ],
514
- "description": "A database instance.",
515
- "title": "Database Component"
516
- }
517
- }
518
- }
package/src/schemas/primitives/data-flow.schema.json DELETED
@@ -1,158 +0,0 @@
1
- {
2
- "$schema": "https://json-schema.org/draft/2020-12/schema",
3
- "$id": "https://mitre.github.io/hdf-libs/schemas/primitives/data-flow/v3.0.0",
4
- "title": "HDF Data Flow Primitives",
5
- "description": "Types for describing data flows between components within a system and across system boundaries. Data flows model network connections, API calls, database queries, and other inter-component communication.",
6
- "$defs": {
7
- "Cross_System_Reference": {
8
- "type": "object",
9
- "unevaluatedProperties": false,
10
- "required": [
11
- "systemRef",
12
- "componentId"
13
- ],
14
- "properties": {
15
- "systemRef": {
16
- "type": "string",
17
- "format": "uri-reference",
18
- "description": "URI reference to the hdf-system document containing the target component. May be a relative path, absolute URI, or fragment identifier."
19
- },
20
- "componentId": {
21
- "type": "string",
22
- "format": "uuid",
23
- "description": "UUID of the component in the referenced system."
24
- }
25
- },
26
- "description": "Reference to a component in a different system document, enabling cross-boundary data flow modeling.",
27
- "title": "Cross-System Reference"
28
- },
29
- "External_Endpoint": {
30
- "type": "object",
31
- "unevaluatedProperties": false,
32
- "required": [
33
- "external",
34
- "description"
35
- ],
36
- "properties": {
37
- "external": {
38
- "type": "boolean",
39
- "const": true,
40
- "description": "Must be true. Discriminator indicating this endpoint is outside all modeled systems."
41
- },
42
- "description": {
43
- "type": "string",
44
- "description": "Human-readable description of the external endpoint. Example: 'Third-party payment gateway (Stripe API)'."
45
- }
46
- },
47
- "description": "An endpoint outside all modeled systems (e.g., a third-party API, public internet, or partner system not represented in HDF).",
48
- "title": "External Endpoint"
49
- },
50
- "Data_Flow_Endpoint": {
51
- "description": "A data flow endpoint: either a local component (UUID), a component in another system (cross-system reference), or an external endpoint outside all modeled systems.",
52
- "title": "Data Flow Endpoint",
53
- "oneOf": [
54
- {
55
- "type": "string",
56
- "format": "uuid",
57
- "description": "UUID of a component in the current system."
58
- },
59
- {
60
- "$ref": "#/$defs/Cross_System_Reference"
61
- },
62
- {
63
- "$ref": "#/$defs/External_Endpoint"
64
- }
65
- ]
66
- },
67
- "Data_Flow": {
68
- "type": "object",
69
- "unevaluatedProperties": false,
70
- "required": [
71
- "from",
72
- "to"
73
- ],
74
- "properties": {
75
- "from": {
76
- "type": "string",
77
- "format": "uuid",
78
- "description": "UUID of the local component that is one end of this data flow. Always references a component in the current system document."
79
- },
80
- "to": {
81
- "$ref": "#/$defs/Data_Flow_Endpoint",
82
- "description": "The other end of this data flow. Can be a local component (UUID), a cross-system component reference, or an external endpoint."
83
- },
84
- "protocol": {
85
- "type": "string",
86
- "description": "Communication protocol. Examples: 'http', 'https', 'grpc', 'ssh', 'jdbc', 'k8s-api', 'socket', 'sftp'."
87
- },
88
- "port": {
89
- "type": "integer",
90
- "minimum": 1,
91
- "maximum": 65535,
92
- "description": "Network port number."
93
- },
94
- "direction": {
95
- "type": "string",
96
- "enum": [
97
- "unidirectional",
98
- "bidirectional"
99
- ],
100
- "description": "Data flow direction. 'unidirectional' means data flows from→to only. 'bidirectional' means data flows in both directions (e.g., request/response)."
101
- },
102
- "description": {
103
- "type": "string",
104
- "description": "Human-readable description of this data flow's purpose and the data exchanged."
105
- },
106
- "authentication": {
107
- "type": "string",
108
- "description": "Authentication mechanism used for this connection. Examples: 'mTLS', 'OAuth2', 'API key', 'SAML', 'Kerberos'."
109
- }
110
- },
111
- "examples": [
112
- {
113
- "from": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
114
- "to": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
115
- "protocol": "https",
116
- "port": 443,
117
- "direction": "bidirectional",
118
- "description": "REST API calls from WebTier to API Gateway",
119
- "authentication": "mTLS"
120
- },
121
- {
122
- "from": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
123
- "to": "c3d4e5f6-a7b8-9012-cdef-123456789012",
124
- "protocol": "jdbc",
125
- "port": 5432,
126
- "direction": "unidirectional",
127
- "description": "Database queries from API Gateway to PostgreSQL",
128
- "authentication": "username/password + TLS"
129
- },
130
- {
131
- "from": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
132
- "to": {
133
- "systemRef": "https://systems.agency.gov/auth-system.json",
134
- "componentId": "b2c3d4e5-f6a7-8901-bcde-f12345678901"
135
- },
136
- "protocol": "https",
137
- "direction": "bidirectional",
138
- "description": "SAML authentication requests to central auth system",
139
- "authentication": "SAML 2.0"
140
- },
141
- {
142
- "from": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
143
- "to": {
144
- "external": true,
145
- "description": "Stripe payment processing API"
146
- },
147
- "protocol": "https",
148
- "port": 443,
149
- "direction": "bidirectional",
150
- "description": "Payment processing via Stripe",
151
- "authentication": "API key + TLS"
152
- }
153
- ],
154
- "description": "A data flow between two endpoints. The 'from' endpoint is always a local component; the 'to' endpoint can be local, cross-system, or external. Use 'direction' to indicate whether data flows one-way or both ways.",
155
- "title": "Data Flow"
156
- }
157
- }
158
- }