{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://spec.agentthreatrule.org/rule/v1.0/schema.json", "title": "ATR Rule v1.0", "description": "Machine-readable schema for ATR detection rule format. Normative prose spec at ATR-SPEC-v1.md. Existing YAML schema at spec/atr-schema.yaml. This JSON Schema adds v2.0 provenance + lifecycle fields per governance/CHARTER.md and is backward-compatible with v1.0 rules (new fields optional). License: CC BY 4.0.", "type": "object", "required": [ "schema_version", "id", "title", "status", "description", "author", "date", "severity", "detection_tier", "maturity", "tags", "agent_source", "detection", "response" ], "additionalProperties": true, "properties": { "schema_version": { "type": "string", "pattern": "^\\d+\\.\\d+$" }, "id": { "type": "string", "pattern": "^ATR-(?:[A-Z]{2}-)?[0-9]{4}-[0-9]{5}$", "description": "Canonical: ATR-YYYY-NNNNN. Sovereign-prefixed: ATR-XX-YYYY-NNNNN per CHARTER § 8.2." }, "rule_version": { "type": "integer", "minimum": 1, "default": 1 }, "title": {"type": "string", "minLength": 5}, "status": { "type": "string", "enum": ["draft", "experimental", "stable", "deprecated"] }, "description": {"type": "string", "minLength": 20}, "author": {"type": "string", "minLength": 1}, "date": { "type": "string", "anyOf": [ {"format": "date"}, {"pattern": "^[0-9]{4}/[0-9]{2}/[0-9]{2}$"} ] }, "modified": {"type": "string"}, "severity": { "type": "string", "enum": ["critical", "high", "medium", "low", "informational"] }, "detection_tier": { "type": "string", "enum": ["pattern", "behavioral", "protocol", "classifier"] }, "maturity": { "type": "string", "enum": ["draft", "experimental", "test", "stable", "deprecated"] }, "confidence": { "type": "integer", "minimum": 0, "maximum": 100, "description": "Engine confidence percentage 0-100." }, "tags": { "type": "object", "required": ["category"], "properties": { "category": {"type": "string"}, "subcategory": {"type": "string"}, "confidence": {"type": "string", "enum": ["high", "medium", "low"]}, "scan_target": {"type": "string", "enum": ["mcp", "skill", "skill_md", "llm_io", "runtime", "user_input", "tool_response", "both", "llm"]}, "source": {"type": "string"}, "vendor_sources": {"oneOf": [{"type": "string"}, {"type": "array"}]}, "suppress_in_code_blocks": {"type": "boolean"} }, "additionalProperties": true }, "agent_source": { "type": "object", "required": ["type"], "properties": { "type": {"type": "string"}, "framework": {"type": "array", "items": {"type": "string"}}, "provider": {"type": "array", "items": {"type": "string"}} }, "additionalProperties": true }, "detection": { "type": "object", "required": ["conditions"], "properties": { "conditions": { "type": "array", "minItems": 1, "items": { "type": "object", "anyOf": [ { "required": ["field", "operator", "value"], "properties": { "field": {"type": "string"}, "operator": {"type": "string", "enum": ["regex", "equals", "contains", "matches", "ml_classifier", "ast", "bytecode"]}, "value": {"type": ["string", "array", "object"]}, "language": {"type": "string", "description": "ISO 639-1 code per spec/atr-language-detection-v1.0.md"}, "description": {"type": "string"} } }, { "required": ["metric", "operator", "threshold"], "properties": { "metric": {"type": "string"}, "operator": {"type": "string"}, "threshold": {"type": ["number", "string"]} } } ] } }, "condition": {"type": "string", "description": "Boolean expression over condition aliases. Default: 'any' (OR)."}, "false_positives": {"type": "array", "items": {"type": "string"}} } }, "response": { "type": "object", "required": ["actions"], "properties": { "actions": { "type": "array", "items": {"type": "string", "enum": ["block_input", "block_output", "redact", "alert", "snapshot", "quarantine", "terminate_session"]}, "minItems": 1 }, "auto_response_threshold": {"type": "string"}, "message_template": {"type": "string"} } }, "references": { "type": "object", "additionalProperties": true, "properties": { "owasp_llm": {"type": "array", "items": {"type": "string"}}, "owasp_agentic": {"type": "array", "items": {"type": "string"}}, "mitre_atlas": {"type": "array", "items": {"type": "string"}}, "cve": {"type": "array", "items": {"type": "string"}}, "ghsa": {"type": "array", "items": {"type": "string"}} } }, "compliance": { "type": "object", "additionalProperties": true, "description": "Mappings to compliance frameworks (OWASP, EU AI Act, NIST AI RMF, ISO 42001, etc.). Each is an array of objects with id/article/clause + context + strength fields." }, "test_cases": { "type": "object", "properties": { "true_positives": { "type": "array", "minItems": 1, "items": { "type": "object", "required": ["input", "expected"], "properties": { "input": {"type": "string"}, "expected": {"type": "string", "enum": ["triggered", "not_triggered"]}, "description": {"type": "string"} } } }, "true_negatives": { "type": "array", "minItems": 1, "items": { "type": "object", "required": ["input", "expected"], "properties": { "input": {"type": "string"}, "expected": {"type": "string", "enum": ["triggered", "not_triggered"]}, "description": {"type": "string"} } } } } }, "provenance": { "type": "object", "description": "v2.0 — producer attribution per CHARTER § 5 multi-producer architecture. Optional in v1.0 rules for backward compatibility.", "properties": { "producer": { "type": "string", "enum": ["red_team", "tc_flywheel", "cve_pipeline", "research_paper", "community", "sovereign"] }, "contributor": {"type": "string"}, "contributor_org": {"type": "string"}, "attestation_signature": { "type": "string", "description": "ed25519 sig for sovereign-issued rules per CHARTER § 8.2." }, "origin_event_id": { "type": "string", "description": "Link to source CVE / TC event / research paper." } } }, "lifecycle": { "type": "object", "description": "v2.0 — explicit lifecycle metadata per CHARTER § 5.", "properties": { "review_status": { "type": "string", "enum": ["unreviewed", "community_reviewed", "tsc_approved"] }, "created": {"type": "string", "format": "date"}, "last_validated": {"type": "string", "format": "date"} } } } }