{
    "$schema": "https://json-schema.org/draft/2020-12/schema",
    "$id": "https://schema.beltic.com/developer/v1/developer-credential-v1.schema.json",
    "title": "DeveloperCredential v1",
    "description": "Machine-readable schema for Beltic DeveloperCredential v1 (see docs/developer-credential-v1.md).",
    "$defs": {
        "uuid": {
            "type": "string",
            "format": "uuid"
        },
        "isoCountry": {
            "type": "string",
            "pattern": "^[A-Z]{2}$",
            "description": "ISO 3166-1 alpha-2 country code"
        },
        "jurisdiction": {
            "type": "object",
            "required": ["country"],
            "additionalProperties": false,
            "properties": {
                "country": { "$ref": "#/$defs/isoCountry" },
                "region": {
                    "type": "string",
                    "pattern": "^[A-Z0-9]{1,5}$",
                    "description": "Subdivision code (without country prefix)"
                }
            }
        },
        "emailAddress": {
            "type": "string",
            "format": "email",
            "maxLength": 254
        },
        "phoneNumber": {
            "type": "string",
            "pattern": "^\\+?[0-9][0-9 ()-]{6,19}$",
            "maxLength": 25,
            "description": "Phone number in E.164 or common formats"
        },
        "riskLevel": {
            "type": "string",
            "enum": ["none", "low", "medium", "high", "not_assessed"]
        },
        "overallRiskLevel": {
            "type": "string",
            "enum": ["low", "medium", "high", "prohibited", "not_assessed"]
        },
        "screeningStatus": {
            "type": "string",
            "enum": ["clear", "potential_match", "confirmed_match", "not_screened", "screening_error"]
        },
        "credentialStatusEnum": {
            "type": "string",
            "enum": ["active", "suspended", "revoked", "expired"]
        },
        "assuranceLevel": {
            "type": "string",
            "enum": ["self_attested", "beltic_verified", "third_party_verified"]
        },
        "didIdentifier": {
            "type": "string",
            "pattern": "^did:(web|key|ion|pkh|ethr):[a-zA-Z0-9._%-]+",
            "minLength": 10,
            "maxLength": 500,
            "description": "Decentralized Identifier (DID)"
        },
        "verificationMethodRef": {
            "type": "string",
            "pattern": "^did:(web|key|ion|pkh|ethr):[a-zA-Z0-9._%-]+#[a-zA-Z0-9_-]+$",
            "minLength": 15,
            "maxLength": 600,
            "description": "DID verification method reference (DID#keyId format)"
        },
        "proofObject": {
            "type": "object",
            "description": "W3C VC Data Integrity Proof",
            "required": ["type", "created", "verificationMethod", "proofPurpose", "proofValue"],
            "additionalProperties": false,
            "properties": {
                "type": {
                    "type": "string",
                    "enum": ["Ed25519Signature2020", "JsonWebSignature2020", "EcdsaSecp256k1Signature2019"]
                },
                "created": {
                    "type": "string",
                    "format": "date-time"
                },
                "verificationMethod": { "$ref": "#/$defs/verificationMethodRef" },
                "proofPurpose": {
                    "type": "string",
                    "enum": ["assertionMethod", "authentication", "keyAgreement"]
                },
                "proofValue": {
                    "type": "string",
                    "minLength": 40,
                    "maxLength": 2000
                },
                "challenge": {
                    "type": "string",
                    "maxLength": 256
                },
                "domain": {
                    "type": "string",
                    "format": "uri"
                }
            }
        },
        "publicKeyObject": {
            "type": "object",
            "description": "Subject public key material",
            "required": ["type"],
            "additionalProperties": false,
            "properties": {
                "type": {
                    "type": "string",
                    "enum": ["Ed25519VerificationKey2020", "JsonWebKey2020", "EcdsaSecp256k1VerificationKey2019", "X25519KeyAgreementKey2020"]
                },
                "publicKeyMultibase": {
                    "type": "string",
                    "pattern": "^z[1-9A-HJ-NP-Za-km-z]+$",
                    "minLength": 40,
                    "maxLength": 200
                },
                "publicKeyJwk": {
                    "type": "object",
                    "properties": {
                        "kty": { "type": "string", "enum": ["EC", "OKP", "RSA"] },
                        "crv": { "type": "string" },
                        "x": { "type": "string" },
                        "y": { "type": "string" }
                    },
                    "required": ["kty"]
                }
            },
            "oneOf": [
                { "required": ["type", "publicKeyMultibase"] },
                { "required": ["type", "publicKeyJwk"] }
            ]
        }
    },
    "type": "object",
    "additionalProperties": false,
    "required": [
        "schemaVersion",
        "legalName",
        "entityType",
        "incorporationJurisdiction",
        "businessRegistrationStatus",
        "website",
        "businessEmail",
        "taxIdExists",
        "kybTier",
        "sanctionsScreeningStatus",
        "overallRiskRating",
        "credentialId",
        "issuanceDate",
        "expirationDate",
        "issuerDid",
        "verificationMethod",
        "credentialStatus",
        "revocationListUrl",
        "lastUpdatedDate",
        "subjectDid",
        "publicKey",
        "proof"
    ],
    "properties": {
        "$schema": {
            "type": "string",
            "description": "JSON Schema reference (optional)"
        },
        "schemaVersion": {
            "type": "string",
            "enum": ["1.0"],
            "description": "Schema version identifier."
        },
        "assuranceMetadata": {
            "type": "object",
            "description": "Tracks the assurance level and verification details for each field in the credential.",
            "properties": {
                "globalAssuranceLevel": {
                    "type": "string",
                    "enum": ["self_attested", "beltic_verified", "third_party_verified"],
                    "description": "Overall assurance level for the credential."
                },
                "fieldAssurances": {
                    "type": "object",
                    "description": "Per-field assurance tracking.",
                    "additionalProperties": {
                        "type": "object",
                        "properties": {
                            "assuranceLevel": {
                                "type": "string",
                                "enum": ["self_attested", "beltic_verified", "third_party_verified"]
                            },
                            "verificationDate": {
                                "type": "string",
                                "format": "date-time"
                            },
                            "verificationSource": {
                                "type": "string",
                                "description": "Name or identifier of the verifying party or system."
                            }
                        },
                        "required": ["assuranceLevel"]
                    }
                }
            },
            "required": ["globalAssuranceLevel"]
        },
        "legalName": {
            "type": "string",
            "minLength": 2,
            "maxLength": 500,
            "description": "Full legal name of the organization or individual."
        },
        "entityType": {
            "type": "string",
            "enum": [
                "corporation",
                "limited_liability_company",
                "partnership",
                "sole_proprietorship",
                "individual",
                "nonprofit_organization",
                "government_entity",
                "other"
            ],
            "description": "Legal entity type."
        },
        "incorporationJurisdiction": {
            "$ref": "#/$defs/jurisdiction",
            "description": "Jurisdiction of incorporation"
        },
        "incorporationDate": {
            "type": "string",
            "format": "date",
            "description": "Date of incorporation (required for organizations, optional for individuals)."
        },
        "businessRegistrationNumber": {
            "type": "string",
            "description": "Tokenized/hashed registration number. MUST NOT contain raw registration numbers.",
            "minLength": 8,
            "maxLength": 128,
            "pattern": "^(hash_|tok_|hmac_)[A-Za-z0-9_-]+$"
        },
        "businessRegistrationStatus": {
            "type": "string",
            "enum": [
                "active_good_standing",
                "active_requires_attention",
                "inactive",
                "suspended",
                "not_applicable",
                "verification_pending"
            ],
            "description": "Registration status with authorities."
        },
        "website": {
            "type": "string",
            "format": "uri",
            "description": "Primary website URL."
        },
        "registeredAddress": {
            "type": "object",
            "properties": {
                "streetAddress": { "type": "string" },
                "addressLine2": { "type": "string" },
                "city": { "type": "string" },
                "region": { "type": "string" },
                "postalCode": { "type": "string" },
                "country": {
                    "type": "string",
                    "pattern": "^[A-Z]{2}$"
                }
            },
            "required": ["streetAddress", "city", "postalCode", "country"],
            "additionalProperties": false,
            "description": "Registered address (required for organizations).",
            "nullable": true
        },
        "businessEmail": {
            "type": "string",
            "format": "email",
            "maxLength": 254,
            "description": "Business contact email."
        },
        "businessPhone": {
            "$ref": "#/$defs/phoneNumber",
            "description": "Business phone number (restricted; recommended)."
        },
        "securityEmail": {
            "$ref": "#/$defs/emailAddress",
            "description": "Security/incident response email."
        },
        "taxIdExists": {
            "type": "boolean",
            "description": "Indicates whether the entity has a tax ID."
        },
        "taxIdVerified": {
            "oneOf": [
                {
                    "type": "string",
                    "enum": [
                        "verified",
                        "not_verified",
                        "verification_pending",
                        "verification_failed",
                        "not_applicable"
                    ]
                },
                { "type": "null" }
            ],
            "description": "Tax ID verification status (required when taxIdExists=true)."
        },
        "taxIdJurisdiction": {
            "$ref": "#/$defs/jurisdiction",
            "description": "Jurisdiction of tax ID"
        },
        "taxIdLastVerifiedDate": {
            "type": "string",
            "format": "date"
        },
        "kybTier": {
            "type": "string",
            "enum": [
                "tier_0_unverified",
                "tier_1_basic",
                "tier_2_standard",
                "tier_3_enhanced",
                "tier_4_maximum"
            ],
            "description": "KYB verification tier."
        },
        "sanctionsScreeningStatus": {
            "$ref": "#/$defs/screeningStatus",
            "description": "Sanctions screening result"
        },
        "sanctionsScreeningLastChecked": {
            "type": "string",
            "format": "date"
        },
        "pepRiskLevel": {
            "$ref": "#/$defs/riskLevel",
            "description": "Politically Exposed Person risk level"
        },
        "pepRiskLastAssessed": {
            "type": ["string", "null"],
            "format": "date"
        },
        "adverseMediaRiskLevel": {
            "$ref": "#/$defs/riskLevel",
            "description": "Adverse media screening risk level"
        },
        "adverseMediaLastAssessed": {
            "type": ["string", "null"],
            "format": "date"
        },
        "overallRiskRating": {
            "$ref": "#/$defs/overallRiskLevel",
            "description": "Overall risk rating for the entity"
        },
        "beneficialOwnersKycStatus": {
            "type": "string",
            "enum": [
                "all_identified_and_kycd",
                "partially_identified",
                "identified_not_kycd",
                "unable_to_identify",
                "not_applicable",
                "not_assessed"
            ]
        },
        "beneficialOwnersCount": {
            "type": "integer",
            "minimum": 0
        },
        "controlStructureComplexity": {
            "type": "string",
            "enum": ["simple", "moderate", "complex", "not_assessed"]
        },
        "credentialId": {
            "$ref": "#/$defs/uuid",
            "description": "Unique credential identifier"
        },
        "issuanceDate": {
            "type": "string",
            "format": "date-time"
        },
        "expirationDate": {
            "type": "string",
            "format": "date-time"
        },
        "issuerDid": {
            "$ref": "#/$defs/didIdentifier",
            "description": "DID of the credential issuer"
        },
        "verificationMethod": {
            "$ref": "#/$defs/verificationMethodRef",
            "description": "DID verification method reference for proof verification"
        },
        "credentialStatus": {
            "$ref": "#/$defs/credentialStatusEnum",
            "description": "Current status of the credential"
        },
        "revocationListUrl": {
            "type": "string",
            "format": "uri"
        },
        "lastUpdatedDate": {
            "type": "string",
            "format": "date-time"
        },
        "subjectDid": {
            "$ref": "#/$defs/didIdentifier",
            "description": "DID of the credential subject (developer/organization)"
        },
        "publicKey": {
            "$ref": "#/$defs/publicKeyObject"
        },
        "proof": {
            "$ref": "#/$defs/proofObject"
        }
    },
    "allOf": [
        {
            "$comment": "TIER 1 CRITICAL CONDITIONAL #1: When taxIdExists is true, taxIdVerified and taxIdJurisdiction are required",
            "if": {
                "required": ["taxIdExists"],
                "properties": {
                    "taxIdExists": { "const": true }
                }
            },
            "then": {
                "required": ["taxIdVerified", "taxIdJurisdiction"],
                "properties": {
                    "taxIdVerified": {
                        "not": { "type": "null" }
                    }
                }
            }
        },
        {
            "$comment": "TIER 1 CRITICAL CONDITIONAL #2: When taxIdVerified is 'verified', taxIdLastVerifiedDate is required",
            "if": {
                "required": ["taxIdVerified"],
                "properties": {
                    "taxIdVerified": { "const": "verified" }
                }
            },
            "then": {
                "required": ["taxIdLastVerifiedDate"]
            }
        },
        {
            "$comment": "TIER 1 CRITICAL CONDITIONAL #3: When entityType is 'individual', organization-only fields must NOT be present or should be null",
            "if": {
                "required": ["entityType"],
                "properties": {
                    "entityType": { "const": "individual" }
                }
            },
            "then": {
                "properties": {
                    "incorporationDate": false,
                    "businessRegistrationNumber": false,
                    "registeredAddress": { "type": "null" },
                    "beneficialOwnersKycStatus": {
                        "enum": ["not_applicable"]
                    }
                }
            }
        },
        {
            "$comment": "TIER 1 CRITICAL CONDITIONAL #4: When entityType is NOT 'individual' or 'sole_proprietorship', organization fields are required",
            "if": {
                "required": ["entityType"],
                "properties": {
                    "entityType": {
                        "enum": ["corporation", "limited_liability_company", "partnership", "nonprofit_organization", "government_entity", "other"]
                    }
                }
            },
            "then": {
                "required": ["incorporationDate", "businessRegistrationNumber", "registeredAddress"]
            }
        },
        {
            "$comment": "TIER 1 CRITICAL CONDITIONAL #5: When kybTier is tier_2 or above, risk screening fields are required",
            "if": {
                "required": ["kybTier"],
                "properties": {
                    "kybTier": {
                        "enum": ["tier_2_standard", "tier_3_enhanced", "tier_4_maximum"]
                    }
                }
            },
            "then": {
                "required": ["sanctionsScreeningStatus", "pepRiskLevel", "adverseMediaRiskLevel", "overallRiskRating"]
            }
        },
        {
            "$comment": "TIER 1 CRITICAL CONDITIONAL #6a: When sanctionsScreeningStatus is set (not 'not_screened'), sanctionsScreeningLastChecked is required",
            "if": {
                "required": ["sanctionsScreeningStatus"],
                "properties": {
                    "sanctionsScreeningStatus": {
                        "enum": ["clear", "potential_match", "confirmed_match", "screening_error"]
                    }
                }
            },
            "then": {
                "required": ["sanctionsScreeningLastChecked"]
            }
        },
        {
            "$comment": "TIER 1 CRITICAL CONDITIONAL #6b: When pepRiskLevel is set (not 'not_assessed'), pepRiskLastAssessed is required",
            "if": {
                "required": ["pepRiskLevel"],
                "properties": {
                    "pepRiskLevel": {
                        "enum": ["none", "low", "medium", "high"]
                    }
                }
            },
            "then": {
                "required": ["pepRiskLastAssessed"]
            }
        },
        {
            "$comment": "TIER 1 CRITICAL CONDITIONAL #6c: When adverseMediaRiskLevel is set (not 'not_assessed'), adverseMediaLastAssessed is required",
            "if": {
                "required": ["adverseMediaRiskLevel"],
                "properties": {
                    "adverseMediaRiskLevel": {
                        "enum": ["none", "low", "medium", "high"]
                    }
                }
            },
            "then": {
                "required": ["adverseMediaLastAssessed"]
            }
        },
        {
            "$comment": "TIER 1 CRITICAL CONDITIONAL #7: When sanctionsScreeningStatus is 'confirmed_match', overallRiskRating must be 'high' or 'prohibited'",
            "if": {
                "required": ["sanctionsScreeningStatus"],
                "properties": {
                    "sanctionsScreeningStatus": { "const": "confirmed_match" }
                }
            },
            "then": {
                "properties": {
                    "overallRiskRating": {
                        "enum": ["high", "prohibited"]
                    }
                }
            }
        },
        {
            "$comment": "TIER 1 CRITICAL CONDITIONAL #8: issuanceDate must be before expirationDate",
            "if": {
                "required": ["issuanceDate", "expirationDate"]
            },
            "then": {
                "$comment": "This validation requires runtime checking as JSON Schema cannot compare date strings directly. Documented for implementation in validation logic."
            }
        },
        {
            "$comment": "TIER 1 CRITICAL CONDITIONAL #9: lastUpdatedDate must be between issuanceDate and expirationDate",
            "if": {
                "required": ["issuanceDate", "expirationDate", "lastUpdatedDate"]
            },
            "then": {
                "$comment": "This validation requires runtime checking as JSON Schema cannot compare date strings directly. Documented for implementation in validation logic."
            }
        },
        {
            "$comment": "TIER 1 CRITICAL CONDITIONAL #10: When overallRiskRating is 'prohibited', credentialStatus must be 'revoked' or 'suspended'",
            "if": {
                "required": ["overallRiskRating"],
                "properties": {
                    "overallRiskRating": { "const": "prohibited" }
                }
            },
            "then": {
                "properties": {
                    "credentialStatus": {
                        "enum": ["revoked", "suspended"]
                    }
                }
            }
        },
        {
            "$comment": "TIER 2 HIGH CONDITIONAL #1: When taxIdJurisdiction is provided, taxIdExists must be true",
            "if": {
                "required": ["taxIdJurisdiction"]
            },
            "then": {
                "properties": {
                    "taxIdExists": { "const": true }
                }
            }
        },
        {
            "$comment": "TIER 2 HIGH CONDITIONAL #2: When businessRegistrationStatus is NOT 'not_applicable', entityType must be organization",
            "if": {
                "required": ["businessRegistrationStatus"],
                "properties": {
                    "businessRegistrationStatus": {
                        "enum": ["active_good_standing", "active_requires_attention", "inactive", "suspended", "verification_pending"]
                    }
                }
            },
            "then": {
                "properties": {
                    "entityType": {
                        "enum": ["corporation", "limited_liability_company", "partnership", "nonprofit_organization", "government_entity", "other"]
                    }
                }
            }
        },
        {
            "$comment": "TIER 2 HIGH CONDITIONAL #3: When beneficialOwnersCount > 0, beneficialOwnersKycStatus must NOT be 'not_applicable'",
            "if": {
                "required": ["beneficialOwnersCount"],
                "properties": {
                    "beneficialOwnersCount": {
                        "minimum": 1
                    }
                }
            },
            "then": {
                "properties": {
                    "beneficialOwnersKycStatus": {
                        "enum": ["all_identified_and_kycd", "partially_identified", "identified_not_kycd", "unable_to_identify", "not_assessed"]
                    }
                }
            }
        },
        {
            "$comment": "TIER 2 HIGH CONDITIONAL #4-7: Date freshness constraints - These require runtime validation with current date",
            "if": {
                "required": ["sanctionsScreeningLastChecked"]
            },
            "then": {
                "$comment": "sanctionsScreeningLastChecked should be within 90 days. Requires runtime validation."
            }
        },
        {
            "$comment": "TIER 2 HIGH CONDITIONAL #8: credentialStatus 'expired' consistency",
            "if": {
                "required": ["credentialStatus"],
                "properties": {
                    "credentialStatus": { "const": "expired" }
                }
            },
            "then": {
                "$comment": "expirationDate should be in the past. Requires runtime validation with current date."
            }
        },
        {
            "$comment": "TIER 2 HIGH CONDITIONAL #9: When pepRiskLevel is 'high', overallRiskRating must be at least 'high'",
            "if": {
                "required": ["pepRiskLevel"],
                "properties": {
                    "pepRiskLevel": { "const": "high" }
                }
            },
            "then": {
                "properties": {
                    "overallRiskRating": {
                        "enum": ["high", "prohibited"]
                    }
                }
            }
        },
        {
            "$comment": "TIER 2 HIGH CONDITIONAL #10: When adverseMediaRiskLevel is 'high', overallRiskRating must be at least 'high'",
            "if": {
                "required": ["adverseMediaRiskLevel"],
                "properties": {
                    "adverseMediaRiskLevel": { "const": "high" }
                }
            },
            "then": {
                "properties": {
                    "overallRiskRating": {
                        "enum": ["high", "prohibited"]
                    }
                }
            }
        },
        {
            "$comment": "TIER 2 HIGH CONDITIONAL #11: When beneficialOwnersKycStatus is 'unable_to_identify', overallRiskRating should be escalated",
            "if": {
                "required": ["beneficialOwnersKycStatus"],
                "properties": {
                    "beneficialOwnersKycStatus": { "const": "unable_to_identify" }
                }
            },
            "then": {
                "properties": {
                    "overallRiskRating": {
                        "enum": ["medium", "high", "prohibited"]
                    }
                }
            }
        },
        {
            "$comment": "TIER 2 HIGH CONDITIONAL #12: Sole proprietorship handling - similar to individual",
            "if": {
                "required": ["entityType"],
                "properties": {
                    "entityType": { "const": "sole_proprietorship" }
                }
            },
            "then": {
                "$comment": "Sole proprietorship may have optional incorporationDate and registeredAddress, beneficialOwnersKycStatus should be 'not_applicable'",
                "properties": {
                    "beneficialOwnersKycStatus": {
                        "enum": ["not_applicable", "not_assessed"]
                    }
                }
            }
        },
        {
            "$comment": "TIER 2 HIGH CONDITIONAL #13: Complex control structures should have assessed beneficial owners",
            "if": {
                "required": ["controlStructureComplexity"],
                "properties": {
                    "controlStructureComplexity": { "const": "complex" }
                }
            },
            "then": {
                "$comment": "Recommended: beneficialOwnersKycStatus should not be 'unable_to_identify'. This is a soft requirement for data quality."
            }
        }
    ]
}
