{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "$id": "https://docs.armoriq.ai/schemas/armoriq.schema.json",
  "title": "armoriq.yaml",
  "description": "Config-as-code manifest for an ArmorIQ-protected agent. See https://docs.armoriq.ai/platform/sdk-cli/armoriq-yaml for the prose reference.",
  "type": "object",
  "required": ["version", "identity"],
  "additionalProperties": false,
  "properties": {
    "version": { "type": "string", "const": "v1", "description": "Schema version. Always \"v1\" today." },
    "identity": {
      "type": "object",
      "required": ["api_key", "user_id", "agent_id"],
      "additionalProperties": false,
      "properties": {
        "api_key": { "type": "string", "description": "ArmorIQ API key. Supports $ENV_VAR substitution." },
        "user_id": { "type": "string", "description": "Service or worker identifier (e.g. service-account)." },
        "agent_id": { "type": "string", "description": "Agent persona identifier (e.g. booking-bot)." }
      }
    },
    "environment": { "type": "string", "enum": ["sandbox", "production"], "default": "sandbox" },
    "proxy": {
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "url": { "type": "string", "format": "uri", "default": "https://proxy.armoriq.ai" },
        "timeout": { "type": "integer", "minimum": 1, "default": 30, "description": "Request timeout in seconds." },
        "max_retries": { "type": "integer", "minimum": 0, "default": 3 }
      }
    },
    "mcp_servers": { "type": "array", "items": { "$ref": "#/definitions/mcpServer" }, "default": [] },
    "policy": {
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "allow": { "type": "array", "items": { "type": "string", "pattern": "^[A-Za-z0-9_-]+\\.[A-Za-z0-9_*-]+$" }, "default": [] },
        "deny":  { "type": "array", "items": { "type": "string", "pattern": "^[A-Za-z0-9_-]+\\.[A-Za-z0-9_*-]+$" }, "default": [] }
      }
    },
    "intent": {
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "ttl_seconds": { "type": "integer", "minimum": 1, "default": 300 },
        "require_csrg": { "type": "boolean", "default": true }
      }
    }
  },
  "definitions": {
    "mcpServer": {
      "type": "object",
      "required": ["id", "url"],
      "additionalProperties": false,
      "properties": {
        "id": { "type": "string", "pattern": "^[A-Za-z0-9_-]+$", "description": "Short, unique identifier used in policy refs." },
        "url": { "type": "string", "format": "uri" },
        "description": { "type": "string" },
        "auth": {
          "oneOf": [
            { "type": "object", "required": ["type"], "additionalProperties": false, "properties": { "type": { "const": "none" } } },
            { "type": "object", "required": ["type", "token"], "additionalProperties": false, "properties": { "type": { "const": "bearer" }, "token": { "type": "string" } } },
            { "type": "object", "required": ["type", "api_key"], "additionalProperties": false, "properties": { "type": { "const": "api_key" }, "api_key": { "type": "string" }, "header_name": { "type": "string", "default": "X-API-Key" } } }
          ]
        }
      }
    }
  }
}