{
  "schema_version": 1,
  "milestone": "CF-M7_WEBHOOK_GATEWAY_GATE",
  "status": "schema_approved_no_endpoint",
  "approved_at": "2026-07-03T15:32:11Z",
  "approval_source": "user_instruction_execute_schema_only",
  "schema_id": "cf-m7.inbound_webhook_event.v1",
  "schema": {
    "$schema": "https://json-schema.org/draft/2020-12/schema",
    "$id": "https://evidence.catking.dev/data/webhook-event-schema.json",
    "title": "CF-M7 Inbound Evidence Event",
    "type": "object",
    "additionalProperties": false,
    "required": [
      "schema_version",
      "event_id",
      "idempotency_key",
      "event_type",
      "occurred_at",
      "producer",
      "subject",
      "evidence",
      "integrity",
      "claims",
      "safety"
    ],
    "properties": {
      "schema_version": {
        "const": "cf-m7.webhook_event.v1"
      },
      "event_id": {
        "type": "string",
        "pattern": "^evt_[a-z0-9][a-z0-9_-]{7,63}$"
      },
      "idempotency_key": {
        "type": "string",
        "pattern": "^idem_[a-z0-9][a-z0-9_-]{7,95}$"
      },
      "event_type": {
        "type": "string",
        "enum": [
          "evidence.receipt_published",
          "evidence.status_changed",
          "release.sha256_bound",
          "monitor.freshness_warning"
        ]
      },
      "occurred_at": {
        "type": "string",
        "format": "date-time"
      },
      "producer": {
        "type": "object",
        "additionalProperties": false,
        "required": [
          "system",
          "environment"
        ],
        "properties": {
          "system": {
            "type": "string",
            "minLength": 2,
            "maxLength": 80
          },
          "environment": {
            "type": "string",
            "enum": [
              "manual",
              "preview",
              "production",
              "ci"
            ]
          }
        }
      },
      "subject": {
        "type": "object",
        "additionalProperties": false,
        "required": [
          "project_id",
          "milestone_id"
        ],
        "properties": {
          "project_id": {
            "type": "string",
            "pattern": "^[a-z0-9][a-z0-9_-]{1,63}$"
          },
          "milestone_id": {
            "type": "string",
            "pattern": "^[A-Z0-9][A-Z0-9_-]{1,95}$"
          },
          "artifact_id": {
            "type": "string",
            "pattern": "^[a-z0-9][a-z0-9_-]{1,95}$"
          }
        }
      },
      "evidence": {
        "type": "object",
        "additionalProperties": false,
        "required": [
          "public_url",
          "visibility"
        ],
        "properties": {
          "public_url": {
            "type": "string",
            "format": "uri"
          },
          "visibility": {
            "type": "string",
            "enum": [
              "public",
              "access_protected_placeholder"
            ]
          },
          "receipt_path": {
            "type": "string",
            "pattern": "^[a-zA-Z0-9._/-]+$"
          }
        }
      },
      "integrity": {
        "type": "object",
        "additionalProperties": false,
        "required": [
          "sha256"
        ],
        "properties": {
          "sha256": {
            "type": "string",
            "pattern": "^[a-f0-9]{64}$"
          },
          "manifest_url": {
            "type": "string",
            "format": "uri"
          }
        }
      },
      "claims": {
        "type": "object",
        "additionalProperties": false,
        "required": [
          "verdict",
          "non_claims"
        ],
        "properties": {
          "verdict": {
            "type": "string",
            "enum": [
              "PASS",
              "PARTIAL",
              "FAIL",
              "BLOCKED",
              "NOT_STARTED"
            ]
          },
          "non_claims": {
            "type": "array",
            "minItems": 1,
            "items": {
              "type": "string",
              "minLength": 3,
              "maxLength": 240
            }
          }
        }
      },
      "safety": {
        "type": "object",
        "additionalProperties": false,
        "required": [
          "no_runtime_control",
          "no_secret_material",
          "no_private_payload",
          "redaction_status"
        ],
        "properties": {
          "no_runtime_control": {
            "const": true
          },
          "no_secret_material": {
            "const": true
          },
          "no_private_payload": {
            "const": true
          },
          "redaction_status": {
            "type": "string",
            "enum": [
              "public_safe",
              "redacted"
            ]
          }
        }
      }
    }
  },
  "example_event": {
    "schema_version": "cf-m7.webhook_event.v1",
    "event_id": "evt_cf_m7_schema_0001",
    "idempotency_key": "idem_cf_m7_schema_0001",
    "event_type": "evidence.status_changed",
    "occurred_at": "2026-07-03T15:32:11Z",
    "producer": {
      "system": "cloudflare_edge_stack",
      "environment": "manual"
    },
    "subject": {
      "project_id": "cloudflare_edge_stack",
      "milestone_id": "CF-M7_WEBHOOK_GATEWAY_GATE",
      "artifact_id": "webhook_event_schema"
    },
    "evidence": {
      "public_url": "https://evidence.catking.dev/webhooks/gateway-gate.html",
      "visibility": "public",
      "receipt_path": "cloudflare/evidence-viewer/verification/webhook_gate_receipt.json"
    },
    "integrity": {
      "sha256": "0000000000000000000000000000000000000000000000000000000000000000",
      "manifest_url": "https://evidence.catking.dev/data/webhook-event-schema.json"
    },
    "claims": {
      "verdict": "PASS",
      "non_claims": [
        "schema only",
        "no endpoint",
        "no runtime control"
      ]
    },
    "safety": {
      "no_runtime_control": true,
      "no_secret_material": true,
      "no_private_payload": true,
      "redaction_status": "public_safe"
    }
  },
  "non_claims": [
    "schema only",
    "no endpoint created",
    "no Worker or Pages Function created",
    "no write request handling",
    "no runtime gateway",
    "no private payload accepted"
  ]
}
