{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "$id": "https://dss.overbits.luz.uy/schemas/guardrails.schema.json",
  "title": "DSS Guardrails Schema",
  "description": "AI boundary rules and enforcement policies",
  "version": "2.0.0",
  "type": "object",
  "required": ["immutableFiles", "boundaries", "tempFolderPolicy"],
  "properties": {
    "immutableFiles": {
      "type": "array",
      "description": "Files that cannot be modified without authorization",
      "items": {
        "type": "object",
        "required": ["pattern", "reason"],
        "properties": {
          "pattern": {
            "type": "string",
            "description": "File path pattern (glob)"
          },
          "reason": {
            "type": "string",
            "description": "Why this file is immutable"
          },
          "bypassMethod": {
            "type": "string",
            "enum": ["commit-message", "environment-variable", "admin-approval"],
            "description": "How to bypass protection"
          }
        }
      }
    },
    "boundaries": {
      "type": "object",
      "description": "External API and operation boundaries",
      "properties": {
        "blockedAPIs": {
          "type": "array",
          "description": "External APIs that cannot be accessed directly",
          "items": {
            "type": "object",
            "properties": {
              "domain": {"type": "string"},
              "reason": {"type": "string"},
              "requiredTool": {
                "type": "string",
                "description": "DSS tool that must be used instead"
              }
            }
          }
        },
        "blockedImports": {
          "type": "array",
          "description": "Python modules that cannot be imported directly",
          "items": {
            "type": "object",
            "properties": {
              "module": {"type": "string"},
              "reason": {"type": "string"},
              "alternative": {"type": "string"}
            }
          }
        },
        "enforcementMode": {
          "type": "string",
          "enum": ["strict", "warn", "disabled"],
          "description": "How strictly to enforce boundaries"
        }
      }
    },
    "tempFolderPolicy": {
      "type": "object",
      "description": "Temporary file management rules",
      "required": ["location", "autoCleanup"],
      "properties": {
        "location": {
          "type": "string",
          "description": "Where temp files must be created"
        },
        "autoCleanup": {
          "type": "boolean",
          "description": "Whether to auto-delete old temp files"
        },
        "maxAge": {
          "type": "integer",
          "description": "Max age in hours before auto-cleanup"
        },
        "maxSize": {
          "type": "string",
          "description": "Max total size (e.g., '1GB')"
        }
      }
    },
    "toolRequirements": {
      "type": "object",
      "description": "Operations that require specific DSS tools",
      "additionalProperties": {
        "type": "object",
        "properties": {
          "operation": {"type": "string"},
          "requiredTools": {
            "type": "array",
            "items": {"type": "string"}
          },
          "rationale": {"type": "string"}
        }
      }
    }
  }
}