auditor-lambda 0.1.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (87) hide show
  1. package/README.md +2 -1
  2. package/audit-code-wrapper-lib.mjs +205 -187
  3. package/dist/adapters/eslint.js +4 -2
  4. package/dist/adapters/npmAudit.js +1 -1
  5. package/dist/cli.js +296 -12
  6. package/dist/coverage.d.ts +0 -1
  7. package/dist/coverage.js +3 -34
  8. package/dist/extractors/bucketing.js +14 -35
  9. package/dist/extractors/disposition.js +8 -9
  10. package/dist/extractors/flows.js +14 -23
  11. package/dist/extractors/pathPatterns.d.ts +19 -0
  12. package/dist/extractors/pathPatterns.js +87 -0
  13. package/dist/extractors/surfaces.js +2 -7
  14. package/dist/io/artifacts.d.ts +23 -1
  15. package/dist/io/artifacts.js +3 -1
  16. package/dist/io/runArtifacts.js +1 -1
  17. package/dist/orchestrator/advance.js +1 -1
  18. package/dist/orchestrator/flowPlanning.d.ts +1 -1
  19. package/dist/orchestrator/flowPlanning.js +21 -28
  20. package/dist/orchestrator/internalExecutors.js +4 -7
  21. package/dist/orchestrator/planning.js +12 -20
  22. package/dist/orchestrator/resultIngestion.js +3 -2
  23. package/dist/orchestrator/runtimeValidation.js +5 -0
  24. package/dist/orchestrator/syntaxResolutionExecutor.js +10 -2
  25. package/dist/orchestrator/taskBuilder.d.ts +7 -2
  26. package/dist/orchestrator/taskBuilder.js +47 -52
  27. package/dist/prompts/renderWorkerPrompt.js +33 -0
  28. package/dist/providers/claudeCodeProvider.js +5 -0
  29. package/dist/providers/constants.d.ts +1 -0
  30. package/dist/providers/constants.js +1 -0
  31. package/dist/providers/index.js +9 -2
  32. package/dist/providers/spawnLoggedCommand.js +4 -0
  33. package/dist/reporting/mergeFindings.js +0 -7
  34. package/dist/reporting/rootCause.d.ts +0 -1
  35. package/dist/reporting/rootCause.js +0 -6
  36. package/dist/reporting/synthesis.js +18 -0
  37. package/dist/supervisor/operatorHandoff.d.ts +2 -0
  38. package/dist/supervisor/operatorHandoff.js +21 -9
  39. package/dist/supervisor/runLedger.js +6 -3
  40. package/dist/supervisor/sessionConfig.js +1 -0
  41. package/dist/types/flowCoverage.d.ts +1 -1
  42. package/dist/types/runLedger.d.ts +1 -1
  43. package/dist/types/runtimeValidation.d.ts +2 -1
  44. package/dist/types/sessionConfig.d.ts +2 -0
  45. package/dist/types/surfaces.d.ts +2 -1
  46. package/dist/types/workerSession.d.ts +4 -0
  47. package/dist/types.d.ts +0 -2
  48. package/dist/validation/auditResults.d.ts +11 -0
  49. package/dist/validation/auditResults.js +118 -0
  50. package/docs/agent-integrations.md +61 -56
  51. package/docs/agent-roles.md +69 -69
  52. package/docs/architecture.md +90 -90
  53. package/docs/artifacts.md +69 -69
  54. package/docs/bootstrap-install.md +1 -1
  55. package/docs/model-selection.md +86 -86
  56. package/docs/next-steps.md +11 -9
  57. package/docs/packaging.md +3 -3
  58. package/docs/pipeline.md +152 -152
  59. package/docs/production-readiness.md +6 -5
  60. package/docs/repo-layout.md +18 -18
  61. package/docs/run-flow.md +5 -5
  62. package/docs/session-config.md +216 -210
  63. package/docs/supervisor.md +70 -70
  64. package/docs/windows-setup.md +139 -139
  65. package/package.json +56 -56
  66. package/schemas/audit-code-v1alpha1.schema.json +80 -76
  67. package/schemas/audit_result.schema.json +54 -48
  68. package/schemas/audit_state.schema.json +2 -2
  69. package/schemas/audit_task.schema.json +60 -49
  70. package/schemas/blind_spot_register.schema.json +13 -3
  71. package/schemas/coverage_matrix.schema.json +14 -17
  72. package/schemas/critical_flows.schema.json +6 -3
  73. package/schemas/external_analyzer_results.schema.json +10 -4
  74. package/schemas/file_disposition.schema.json +33 -33
  75. package/schemas/finding.schema.json +86 -62
  76. package/schemas/flow_coverage.schema.json +53 -44
  77. package/schemas/graph_bundle.schema.json +12 -6
  78. package/schemas/merged_findings.schema.json +7 -2
  79. package/schemas/risk_register.schema.json +5 -1
  80. package/schemas/root_cause_clusters.schema.json +2 -5
  81. package/schemas/runtime_validation_report.schema.json +34 -34
  82. package/schemas/runtime_validation_tasks.schema.json +4 -1
  83. package/schemas/surface_manifest.schema.json +4 -1
  84. package/schemas/synthesis_report.schema.json +61 -61
  85. package/schemas/unit_manifest.schema.json +10 -3
  86. package/skills/audit-code/SKILL.md +37 -37
  87. package/skills/audit-code/audit-code.prompt.md +54 -54
package/schemas/audit_state.schema.json CHANGED
@@ -28,9 +28,9 @@
28
28
  },
29
29
  "reason": { "type": "string" }
30
30
  },
31
- "additionalProperties": true
31
+ "additionalProperties": false
32
32
  }
33
33
  }
34
34
  },
35
- "additionalProperties": true
35
+ "additionalProperties": false
36
36
  }
package/schemas/audit_task.schema.json CHANGED
@@ -1,49 +1,60 @@
1
- {
2
- "$schema": "https://json-schema.org/draft/2020-12/schema",
3
- "$id": "audit_task.schema.json",
4
- "title": "Audit Task",
5
- "type": "object",
6
- "required": [
7
- "task_id",
8
- "unit_id",
9
- "pass_id",
10
- "lens",
11
- "file_paths",
12
- "rationale"
13
- ],
14
- "properties": {
15
- "task_id": { "type": "string" },
16
- "unit_id": { "type": "string" },
17
- "pass_id": { "type": "string" },
18
- "lens": { "type": "string" },
19
- "file_paths": {
20
- "type": "array",
21
- "items": { "type": "string" }
22
- },
23
- "line_ranges": {
24
- "type": "array",
25
- "items": {
26
- "type": "object",
27
- "required": ["path", "start", "end"],
28
- "properties": {
29
- "path": { "type": "string" },
30
- "start": { "type": "integer" },
31
- "end": { "type": "integer" }
32
- },
33
- "additionalProperties": false
34
- }
35
- },
36
- "inputs": {
37
- "type": "object",
38
- "properties": {
39
- "unit_manifest_ref": { "type": "string" },
40
- "graph_bundle_ref": { "type": "string" },
41
- "mechanical_results_ref": { "type": "string" },
42
- "risk_register_ref": { "type": "string" }
43
- },
44
- "additionalProperties": true
45
- },
46
- "rationale": { "type": "string" }
47
- },
48
- "additionalProperties": true
49
- }
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "audit_task.schema.json",
4
+ "title": "Audit Task",
5
+ "type": "object",
6
+ "required": [
7
+ "task_id",
8
+ "unit_id",
9
+ "pass_id",
10
+ "lens",
11
+ "file_paths",
12
+ "rationale"
13
+ ],
14
+ "properties": {
15
+ "task_id": { "type": "string" },
16
+ "unit_id": { "type": "string" },
17
+ "pass_id": { "type": "string" },
18
+ "lens": {
19
+ "type": "string",
20
+ "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment"]
21
+ },
22
+ "file_paths": {
23
+ "type": "array",
24
+ "items": { "type": "string" }
25
+ },
26
+ "line_ranges": {
27
+ "type": "array",
28
+ "items": {
29
+ "type": "object",
30
+ "required": ["path", "start", "end"],
31
+ "properties": {
32
+ "path": { "type": "string" },
33
+ "start": { "type": "integer" },
34
+ "end": { "type": "integer" }
35
+ },
36
+ "additionalProperties": false
37
+ }
38
+ },
39
+ "inputs": {
40
+ "type": "object",
41
+ "properties": {
42
+ "unit_manifest_ref": { "type": "string" },
43
+ "graph_bundle_ref": { "type": "string" },
44
+ "mechanical_results_ref": { "type": "string" },
45
+ "risk_register_ref": { "type": "string" }
46
+ },
47
+ "additionalProperties": true
48
+ },
49
+ "rationale": { "type": "string" },
50
+ "priority": {
51
+ "type": "string",
52
+ "enum": ["high", "medium", "low"]
53
+ },
54
+ "tags": {
55
+ "type": "array",
56
+ "items": { "type": "string" }
57
+ }
58
+ },
59
+ "additionalProperties": false
60
+ }
package/schemas/blind_spot_register.schema.json CHANGED
@@ -13,7 +13,17 @@
13
13
  "properties": {
14
14
  "id": { "type": "string" },
15
15
  "title": { "type": "string" },
16
- "kind": { "type": "string" },
16
+ "kind": {
17
+ "type": "string",
18
+ "enum": [
19
+ "coverage-gap",
20
+ "trust-boundary",
21
+ "dynamic-behavior",
22
+ "operational-risk",
23
+ "documentation-drift",
24
+ "external-dependency"
25
+ ]
26
+ },
17
27
  "summary": { "type": "string" },
18
28
  "affected_paths": {
19
29
  "type": "array",
@@ -32,9 +42,9 @@
32
42
  "items": { "type": "string" }
33
43
  }
34
44
  },
35
- "additionalProperties": true
45
+ "additionalProperties": false
36
46
  }
37
47
  }
38
48
  },
39
- "additionalProperties": true
49
+ "additionalProperties": false
40
50
  }
package/schemas/coverage_matrix.schema.json CHANGED
@@ -16,29 +16,26 @@
16
16
  "type": "array",
17
17
  "items": { "type": "string" }
18
18
  },
19
- "classification_status": { "type": "string" },
20
- "audit_status": { "type": "string" },
19
+ "classification_status": {
20
+ "type": "string",
21
+ "enum": ["unclassified", "classified", "excluded", "generated", "vendor", "binary", "doc_only"]
22
+ },
23
+ "audit_status": {
24
+ "type": "string",
25
+ "enum": ["pending", "partial", "complete", "excluded"]
26
+ },
21
27
  "required_lenses": {
22
28
  "type": "array",
23
- "items": { "type": "string" }
29
+ "items": {
30
+ "type": "string",
31
+ "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment"]
32
+ }
24
33
  },
25
34
  "completed_lenses": {
26
- "type": "array",
27
- "items": { "type": "string" }
28
- },
29
- "reviewed_line_ranges": {
30
35
  "type": "array",
31
36
  "items": {
32
- "type": "object",
33
- "required": ["start", "end", "pass_id"],
34
- "properties": {
35
- "start": { "type": "integer" },
36
- "end": { "type": "integer" },
37
- "pass_id": { "type": "string" },
38
- "lens": { "type": "string" },
39
- "agent_role": { "type": "string" }
40
- },
41
- "additionalProperties": true
37
+ "type": "string",
38
+ "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment"]
42
39
  }
43
40
  }
44
41
  },
package/schemas/critical_flows.schema.json CHANGED
@@ -15,15 +15,18 @@
15
15
  "name": { "type": "string" },
16
16
  "entrypoints": {
17
17
  "type": "array",
18
- "items": { "type": "string" }
18
+ "items": { "type": "string" },
19
+ "minItems": 1
19
20
  },
20
21
  "paths": {
21
22
  "type": "array",
22
- "items": { "type": "string" }
23
+ "items": { "type": "string" },
24
+ "minItems": 1
23
25
  },
24
26
  "concerns": {
25
27
  "type": "array",
26
- "items": { "type": "string" }
28
+ "items": { "type": "string" },
29
+ "minItems": 1
27
30
  },
28
31
  "notes": {
29
32
  "type": "array",
package/schemas/external_analyzer_results.schema.json CHANGED
@@ -14,8 +14,14 @@
14
14
  "required": ["id", "category", "severity", "path", "summary"],
15
15
  "properties": {
16
16
  "id": { "type": "string" },
17
- "category": { "type": "string" },
18
- "severity": { "type": "string" },
17
+ "category": {
18
+ "type": "string",
19
+ "description": "Free-form category string from the originating tool (e.g. 'security/injection', 'style/lint'). Mapped to audit lenses by analyzerCategoryToLenses."
20
+ },
21
+ "severity": {
22
+ "type": "string",
23
+ "enum": ["critical", "high", "medium", "low", "info"]
24
+ },
19
25
  "path": { "type": "string" },
20
26
  "line_start": { "type": "integer" },
21
27
  "line_end": { "type": "integer" },
@@ -23,9 +29,9 @@
23
29
  "rule": { "type": "string" },
24
30
  "raw": {}
25
31
  },
26
- "additionalProperties": true
32
+ "additionalProperties": false
27
33
  }
28
34
  }
29
35
  },
30
- "additionalProperties": true
36
+ "additionalProperties": false
31
37
  }
package/schemas/file_disposition.schema.json CHANGED
@@ -1,33 +1,33 @@
1
- {
2
- "$schema": "https://json-schema.org/draft/2020-12/schema",
3
- "$id": "file_disposition.schema.json",
4
- "title": "File Disposition",
5
- "type": "object",
6
- "required": ["files"],
7
- "properties": {
8
- "files": {
9
- "type": "array",
10
- "items": {
11
- "type": "object",
12
- "required": ["path", "status"],
13
- "properties": {
14
- "path": { "type": "string" },
15
- "status": {
16
- "type": "string",
17
- "enum": [
18
- "included",
19
- "excluded",
20
- "generated",
21
- "vendor",
22
- "binary",
23
- "doc_only"
24
- ]
25
- },
26
- "reason": { "type": "string" }
27
- },
28
- "additionalProperties": true
29
- }
30
- }
31
- },
32
- "additionalProperties": true
33
- }
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "file_disposition.schema.json",
4
+ "title": "File Disposition",
5
+ "type": "object",
6
+ "required": ["files"],
7
+ "properties": {
8
+ "files": {
9
+ "type": "array",
10
+ "items": {
11
+ "type": "object",
12
+ "required": ["path", "status"],
13
+ "properties": {
14
+ "path": { "type": "string" },
15
+ "status": {
16
+ "type": "string",
17
+ "enum": [
18
+ "included",
19
+ "excluded",
20
+ "generated",
21
+ "vendor",
22
+ "binary",
23
+ "doc_only"
24
+ ]
25
+ },
26
+ "reason": { "type": "string" }
27
+ },
28
+ "additionalProperties": true
29
+ }
30
+ }
31
+ },
32
+ "additionalProperties": true
33
+ }
package/schemas/finding.schema.json CHANGED
@@ -1,62 +1,86 @@
1
- {
2
- "$schema": "https://json-schema.org/draft/2020-12/schema",
3
- "$id": "finding.schema.json",
4
- "title": "Audit Finding",
5
- "type": "object",
6
- "required": [
7
- "id",
8
- "title",
9
- "category",
10
- "severity",
11
- "confidence",
12
- "lens",
13
- "affected_files",
14
- "summary"
15
- ],
16
- "properties": {
17
- "id": { "type": "string" },
18
- "title": { "type": "string" },
19
- "category": { "type": "string" },
20
- "severity": {
21
- "type": "string",
22
- "enum": ["critical", "high", "medium", "low", "info"]
23
- },
24
- "confidence": { "type": "string", "enum": ["high", "medium", "low"] },
25
- "lens": { "type": "string" },
26
- "summary": { "type": "string" },
27
- "affected_files": {
28
- "type": "array",
29
- "items": {
30
- "type": "object",
31
- "required": ["path"],
32
- "properties": {
33
- "path": { "type": "string" },
34
- "line_start": { "type": "integer" },
35
- "line_end": { "type": "integer" },
36
- "symbol": { "type": "string" }
37
- },
38
- "additionalProperties": true
39
- }
40
- },
41
- "impact": { "type": "string" },
42
- "likelihood": { "type": "string" },
43
- "evidence": {
44
- "type": "array",
45
- "items": { "type": "string" }
46
- },
47
- "reproduction": {
48
- "type": "array",
49
- "items": { "type": "string" }
50
- },
51
- "remediation": {
52
- "type": "array",
53
- "items": { "type": "string" }
54
- },
55
- "systemic": { "type": "boolean" },
56
- "related_findings": {
57
- "type": "array",
58
- "items": { "type": "string" }
59
- }
60
- },
61
- "additionalProperties": true
62
- }
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "finding.schema.json",
4
+ "title": "Audit Finding",
5
+ "type": "object",
6
+ "required": [
7
+ "id",
8
+ "title",
9
+ "category",
10
+ "severity",
11
+ "confidence",
12
+ "lens",
13
+ "affected_files",
14
+ "summary"
15
+ ],
16
+ "properties": {
17
+ "id": { "type": "string" },
18
+ "title": { "type": "string" },
19
+ "category": {
20
+ "type": "string",
21
+ "enum": [
22
+ "correctness",
23
+ "architecture",
24
+ "maintainability",
25
+ "security",
26
+ "reliability",
27
+ "performance",
28
+ "data_integrity",
29
+ "tests",
30
+ "operability",
31
+ "config_deployment"
32
+ ]
33
+ },
34
+ "severity": {
35
+ "type": "string",
36
+ "enum": ["critical", "high", "medium", "low", "info"]
37
+ },
38
+ "confidence": { "type": "string", "enum": ["high", "medium", "low"] },
39
+ "lens": {
40
+ "type": "string",
41
+ "enum": [
42
+ "correctness",
43
+ "architecture",
44
+ "maintainability",
45
+ "security",
46
+ "reliability",
47
+ "performance",
48
+ "data_integrity",
49
+ "tests",
50
+ "operability",
51
+ "config_deployment"
52
+ ]
53
+ },
54
+ "summary": { "type": "string" },
55
+ "affected_files": {
56
+ "type": "array",
57
+ "items": {
58
+ "type": "object",
59
+ "required": ["path"],
60
+ "properties": {
61
+ "path": { "type": "string" },
62
+ "line_start": { "type": "integer" },
63
+ "line_end": { "type": "integer" },
64
+ "symbol": { "type": "string" }
65
+ },
66
+ "additionalProperties": false
67
+ }
68
+ },
69
+ "impact": { "type": "string" },
70
+ "likelihood": { "type": "string" },
71
+ "evidence": {
72
+ "type": "array",
73
+ "items": { "type": "string" }
74
+ },
75
+ "reproduction": {
76
+ "type": "array",
77
+ "items": { "type": "string" }
78
+ },
79
+ "systemic": { "type": "boolean" },
80
+ "related_findings": {
81
+ "type": "array",
82
+ "items": { "type": "string" }
83
+ }
84
+ },
85
+ "additionalProperties": true
86
+ }
package/schemas/flow_coverage.schema.json CHANGED
@@ -1,44 +1,53 @@
1
- {
2
- "$schema": "https://json-schema.org/draft/2020-12/schema",
3
- "$id": "flow_coverage.schema.json",
4
- "title": "Flow Coverage",
5
- "type": "object",
6
- "required": ["flows"],
7
- "properties": {
8
- "flows": {
9
- "type": "array",
10
- "items": {
11
- "type": "object",
12
- "required": [
13
- "flow_id",
14
- "paths",
15
- "required_lenses",
16
- "completed_lenses",
17
- "status"
18
- ],
19
- "properties": {
20
- "flow_id": { "type": "string" },
21
- "paths": {
22
- "type": "array",
23
- "items": { "type": "string" }
24
- },
25
- "required_lenses": {
26
- "type": "array",
27
- "items": { "type": "string" }
28
- },
29
- "completed_lenses": {
30
- "type": "array",
31
- "items": { "type": "string" }
32
- },
33
- "status": { "type": "string" },
34
- "notes": {
35
- "type": "array",
36
- "items": { "type": "string" }
37
- }
38
- },
39
- "additionalProperties": true
40
- }
41
- }
42
- },
43
- "additionalProperties": true
44
- }
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "flow_coverage.schema.json",
4
+ "title": "Flow Coverage",
5
+ "type": "object",
6
+ "required": ["flows"],
7
+ "properties": {
8
+ "flows": {
9
+ "type": "array",
10
+ "items": {
11
+ "type": "object",
12
+ "required": [
13
+ "flow_id",
14
+ "paths",
15
+ "required_lenses",
16
+ "completed_lenses",
17
+ "status"
18
+ ],
19
+ "properties": {
20
+ "flow_id": { "type": "string" },
21
+ "paths": {
22
+ "type": "array",
23
+ "items": { "type": "string" }
24
+ },
25
+ "required_lenses": {
26
+ "type": "array",
27
+ "items": {
28
+ "type": "string",
29
+ "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment"]
30
+ }
31
+ },
32
+ "completed_lenses": {
33
+ "type": "array",
34
+ "items": {
35
+ "type": "string",
36
+ "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment"]
37
+ }
38
+ },
39
+ "status": {
40
+ "type": "string",
41
+ "enum": ["pending", "partial", "complete"]
42
+ },
43
+ "notes": {
44
+ "type": "array",
45
+ "items": { "type": "string" }
46
+ }
47
+ },
48
+ "additionalProperties": true
49
+ }
50
+ }
51
+ },
52
+ "additionalProperties": true
53
+ }
package/schemas/graph_bundle.schema.json CHANGED
@@ -16,9 +16,12 @@
16
16
  "properties": {
17
17
  "from": { "type": "string" },
18
18
  "to": { "type": "string" },
19
- "kind": { "type": "string" }
19
+ "kind": {
20
+ "type": "string",
21
+ "description": "Import edge kind from the graph extractor (e.g. 'esm', 'commonjs', 'dynamic', 're-export')."
22
+ }
20
23
  },
21
- "additionalProperties": true
24
+ "additionalProperties": false
22
25
  }
23
26
  },
24
27
  "calls": {
@@ -29,9 +32,12 @@
29
32
  "properties": {
30
33
  "from": { "type": "string" },
31
34
  "to": { "type": "string" },
32
- "kind": { "type": "string" }
35
+ "kind": {
36
+ "type": "string",
37
+ "description": "Call edge kind from the graph extractor (e.g. 'sync', 'async', 'constructor', 'callback')."
38
+ }
33
39
  },
34
- "additionalProperties": true
40
+ "additionalProperties": false
35
41
  }
36
42
  },
37
43
  "routes": {
@@ -44,12 +50,12 @@
44
50
  "handler": { "type": "string" },
45
51
  "method": { "type": "string" }
46
52
  },
47
- "additionalProperties": true
53
+ "additionalProperties": false
48
54
  }
49
55
  }
50
56
  },
51
57
  "additionalProperties": true
52
58
  }
53
59
  },
54
- "additionalProperties": true
60
+ "additionalProperties": false
55
61
  }
package/schemas/merged_findings.schema.json CHANGED
@@ -4,11 +4,16 @@
4
4
  "title": "Merged Findings",
5
5
  "type": "object",
6
6
  "required": ["findings"],
7
+ "$defs": {
8
+ "Finding": {
9
+ "$ref": "finding.schema.json"
10
+ }
11
+ },
7
12
  "properties": {
8
13
  "findings": {
9
14
  "type": "array",
10
- "items": { "$ref": "finding.schema.json" }
15
+ "items": { "$ref": "#/$defs/Finding" }
11
16
  }
12
17
  },
13
- "additionalProperties": true
18
+ "additionalProperties": false
14
19
  }
package/schemas/risk_register.schema.json CHANGED
@@ -12,7 +12,11 @@
12
12
  "required": ["unit_id", "risk_score", "signals"],
13
13
  "properties": {
14
14
  "unit_id": { "type": "string" },
15
- "risk_score": { "type": "number" },
15
+ "risk_score": {
16
+ "type": "number",
17
+ "minimum": 0,
18
+ "maximum": 1
19
+ },
16
20
  "signals": {
17
21
  "type": "array",
18
22
  "items": { "type": "string" }