{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://software-architecture-spec.github.io/sam/v0.1/schema.json", "title": "Software Architecture Manifest", "description": "Stability: experimental. Producer-signed declaration of software's intended properties \u2014 its purpose, operational envelope, and quality attributes \u2014 for consumption by humans, AI agents, and automated tooling. Companion to SBOM (contents) and SLSA (build provenance); SAM declares what software was designed to be. Predicate-only: signing happens via DSSE/sigstore wrapping this document.", "type": "object", "required": [ "manifestVersion", "subject", "intent", "envelope", "qualityAttributes", "producer" ], "additionalProperties": false, "properties": { "manifestVersion": { "const": "0.1", "description": "Stability: stable. Schema version. Bump on breaking changes.", "x-sam-stability": "stable" }, "subject": { "type": "object", "description": "Stability: experimental. What this manifest describes. Use 'layer' to declare granularity: an artifact (one container image / binary / package \u2014 SBOM/signing granularity), a service (a logical SLO-owning unit of 1+ artifacts), or a product (the contractual surface, often many services). Different audiences read different layers. Composition between layers is explicit via 'components'.", "required": [ "layer", "name", "version" ], "additionalProperties": false, "properties": { "layer": { "enum": [ "artifact", "service", "product" ], "description": "Stability: stable. artifact: one signed deployable (container image, binary, package). Required to carry a digest. Audience: AI agents, build/SLSA, SBOM tooling. service: a logical SLO-owning unit. Audience: SRE, on-call, ops. product: the contractual/customer-facing surface. Audience: procurement, audit, customers.", "x-sam-stability": "stable" }, "name": { "type": "string" }, "version": { "type": "string" }, "digest": { "type": "object", "description": "Stability: stable. Content-addressed digest. Required when layer=artifact. Optional at service/product layers (which have no single content-addressed blob). At least one algorithm when present.", "minProperties": 1, "patternProperties": { "^(sha256|sha512|sha3-256|sha3-512)$": { "type": "string", "pattern": "^[a-f0-9]+$" } }, "additionalProperties": false, "x-sam-stability": "stable" }, "sbomRef": { "type": "string", "format": "uri", "description": "Stability: experimental. Optional pointer to an SBOM (CycloneDX or SPDX). The two manifests are complementary." }, "components": { "type": "array", "description": "Stability: experimental. For service-layer or product-layer manifests: the constituent lower-layer subjects, each referencing its own SAM. Composition is explicit; no implicit nesting.", "items": { "type": "object", "required": [ "layer", "name", "version" ], "additionalProperties": false, "properties": { "layer": { "enum": [ "artifact", "service" ] }, "name": { "type": "string" }, "version": { "type": "string" }, "digest": { "type": "object", "minProperties": 1, "patternProperties": { "^(sha256|sha512|sha3-256|sha3-512)$": { "type": "string", "pattern": "^[a-f0-9]+$" } }, "additionalProperties": false }, "manifestUri": { "type": "string", "format": "uri", "description": "Stability: experimental. URI to the constituent's signed SAM, if available." } }, "patternProperties": { "^x-": {} } } } }, "allOf": [ { "if": { "properties": { "layer": { "const": "artifact" } }, "required": [ "layer" ] }, "then": { "required": [ "digest" ] } } ] }, "intent": { "type": "object", "required": [ "purpose", "audience", "tenancy" ], "additionalProperties": false, "properties": { "purpose": { "type": "string", "description": "Stability: stable. Free-text statement of what this software is for. One paragraph max.", "x-sam-stability": "stable" }, "audience": { "enum": [ "single_user", "multi_user_single_org", "multi_tenant" ], "description": "Stability: stable. Who the software was designed to serve. single_user: one person, one install. multi_user_single_org: multiple users sharing one logical instance. multi_tenant: isolation between distinct customer/tenant boundaries is a design property.", "x-sam-stability": "stable" }, "tenancy": { "type": "object", "required": [ "model" ], "additionalProperties": false, "properties": { "model": { "enum": [ "none", "shared", "siloed", "hybrid" ], "description": "Stability: stable. none: no tenant concept. shared: tenants share data plane with logical separation. siloed: each tenant gets dedicated data plane. hybrid: declared per-resource.", "x-sam-stability": "stable" }, "isolationGuarantees": { "type": "array", "items": { "enum": [ "data", "compute", "network", "identity", "encryption_keys" ] }, "description": "Stability: experimental. Which dimensions are isolated between tenants in shared/hybrid models." } } }, "outOfScope": { "type": "array", "items": { "type": "string" }, "description": "Stability: experimental. Explicit non-goals. What the software was NOT designed to do. Saying this prevents misuse downstream." } } }, "envelope": { "type": "object", "description": "Stability: experimental. The operational envelope the producer designed for. Outside this envelope, behavior is undefined.", "required": [ "throughput", "scaling", "instantiation", "privilege", "network" ], "additionalProperties": false, "properties": { "throughput": { "type": "object", "additionalProperties": false, "properties": { "targetRps": { "type": "number", "minimum": 0, "description": "Stability: experimental. Designed-for requests per second per instance." }, "maxRps": { "type": "number", "minimum": 0, "description": "Stability: experimental. Hard ceiling. Above this, the producer makes no guarantees." }, "latency": { "type": "object", "additionalProperties": false, "properties": { "p50Ms": { "type": "number", "minimum": 0 }, "p95Ms": { "type": "number", "minimum": 0 }, "p99Ms": { "type": "number", "minimum": 0 } } }, "concurrency": { "type": "object", "additionalProperties": false, "properties": { "maxConcurrentRequests": { "type": "integer", "minimum": 0 }, "maxConcurrentUsers": { "type": "integer", "minimum": 0 } } } } }, "scaling": { "type": "object", "required": [ "axis" ], "additionalProperties": false, "properties": { "axis": { "enum": [ "horizontal", "vertical", "both", "none" ], "description": "Stability: stable. How the producer designed for growth. 'none' means single-instance only \u2014 there is no scaling path.", "x-sam-stability": "stable" }, "stateful": { "type": "boolean", "description": "Stability: experimental. Whether instances hold state that prevents horizontal replication without coordination." }, "maxInstances": { "type": "integer", "minimum": 1 }, "verticalCeiling": { "type": "object", "additionalProperties": false, "properties": { "cpuCores": { "type": "number", "minimum": 0 }, "memoryGiB": { "type": "number", "minimum": 0 } } } } }, "instantiation": { "type": "object", "required": [ "mode" ], "additionalProperties": false, "properties": { "mode": { "enum": [ "singleton", "multi_instance", "leader_elected", "sharded" ], "description": "Stability: stable. singleton: exactly one instance must run. multi_instance: independent replicas. leader_elected: many run, one is active. sharded: many run, each owns a partition.", "x-sam-stability": "stable" }, "coordinationDependency": { "type": "string", "description": "Stability: experimental. External dependency required for coordination (e.g., 'postgres advisory locks', 'etcd', 'none')." } } }, "privilege": { "type": "object", "required": [ "runtime" ], "additionalProperties": false, "properties": { "runtime": { "enum": [ "root_required", "privileged", "unprivileged", "capability_scoped" ], "description": "Stability: stable. What privilege level the producer designed the artifact to run at.", "x-sam-stability": "stable" }, "linuxCapabilities": { "type": "array", "items": { "type": "string", "pattern": "^CAP_[A-Z_]+$" }, "description": "Stability: experimental. Required Linux capabilities when runtime=capability_scoped." }, "filesystemAccess": { "enum": [ "none", "read_only", "scoped_write", "full" ], "description": "Stability: experimental. Designed filesystem access posture." } } }, "network": { "type": "object", "required": [ "posture" ], "additionalProperties": false, "properties": { "posture": { "enum": [ "isolated", "egress_only", "ingress_only", "bidirectional" ], "description": "Stability: stable. isolated: works air-gapped, no network needed. egress_only: outbound calls required. ingress_only: serves traffic, no outbound. bidirectional: both.", "x-sam-stability": "stable" }, "requiredEgress": { "type": "array", "items": { "type": "object", "required": [ "host", "purpose" ], "additionalProperties": false, "properties": { "host": { "type": "string" }, "port": { "type": "integer", "minimum": 1, "maximum": 65535 }, "protocol": { "enum": [ "http", "https", "grpc", "tcp", "udp", "other" ] }, "purpose": { "type": "string" } } } }, "exposedPorts": { "type": "array", "items": { "type": "object", "required": [ "port", "protocol" ], "additionalProperties": false, "properties": { "port": { "type": "integer", "minimum": 1, "maximum": 65535 }, "protocol": { "enum": [ "http", "https", "grpc", "tcp", "udp" ] }, "purpose": { "type": "string" } } } } } }, "dependencies": { "type": "array", "description": "Stability: experimental. Third-party ICT services this software depends on at runtime, with criticality, failure-mode, data-flow, and jurisdictional metadata. Distinct from network.requiredEgress (which is host:port-level): dependencies is the service-level semantic layer. Consumers under EU DORA, NIS2, ISO/IEC 27036, or NIST SP 800-161 use this to populate their own ICT third-party risk registers without reverse-engineering the producer.", "items": { "type": "object", "required": [ "name", "type", "criticality" ], "additionalProperties": false, "patternProperties": { "^x-": {} }, "properties": { "name": { "type": "string", "description": "Stability: stable. Human-readable identifier of the dependency, e.g., 'Stripe API', 'Workday', 'AWS S3'." }, "type": { "enum": [ "saas", "infrastructure", "self_hosted_service", "identity_provider", "payment_provider", "data_provider", "communication_provider", "observability_provider", "ml_model_provider", "library", "other" ], "description": "Stability: experimental. Class of dependency." }, "criticality": { "enum": [ "critical", "important", "supportive" ], "description": "Stability: stable. Aligned with EU DORA tiering. critical: this software does not function if the dependency is down. important: operates degraded. supportive: acceptable to operate without." }, "failureMode": { "enum": [ "fail_closed", "fail_open", "degraded", "cached_fallback", "queued", "manual_intervention" ], "description": "Stability: experimental. What happens when this dependency is unavailable. fail_closed: requests rejected. fail_open: requests proceed without the dependency's contribution (e.g., authn bypass \u2014 usually a bad idea). degraded: feature subset unavailable. cached_fallback: serve stale. queued: hold and retry. manual_intervention: requires operator." }, "dataFlow": { "enum": [ "none", "egress_only", "ingress_only", "bidirectional" ], "description": "Stability: experimental. Direction of data flow with the dependency." }, "dataClassifications": { "type": "array", "items": { "enum": [ "public", "internal", "confidential", "pii", "phi", "pci", "secret" ] }, "description": "Stability: experimental. Data classifications that traverse this dependency. Empty array or omitted = no classified data." }, "jurisdiction": { "type": "array", "items": { "type": "string" }, "description": "Stability: experimental. ISO 3166 codes or named regions where the dependency operates / stores data (e.g., 'EU', 'US-EAST', 'DE', 'GLOBAL')." }, "alternative": { "enum": [ "substitutable", "partially_substitutable", "not_substitutable" ], "description": "Stability: experimental. Whether the dependency can be swapped without code changes. Informs DORA exit-strategy planning." }, "providerSamUri": { "type": "string", "format": "uri", "description": "Stability: experimental. Optional URI to the dependency's own SAM, if the provider publishes one." }, "industryRefs": { "type": "array", "description": "Stability: experimental. Standards anchors relevant to this dependency: EU DORA Art. 28 categorization, NIS2 essential/important classification, ISO/IEC 27036 supplier-relationship anchor, NIST SP 800-161 supply chain risk management cite.", "items": { "type": "object", "required": [ "standard" ], "additionalProperties": false, "patternProperties": { "^x-": {} }, "properties": { "standard": { "type": "string" }, "version": { "type": "string" }, "conformance": { "type": "string" }, "referenceUri": { "type": "string", "format": "uri" } } } } } } }, "persistence": { "type": "object", "additionalProperties": false, "properties": { "required": { "type": "boolean" }, "stores": { "type": "array", "items": { "enum": [ "sql", "kv", "document", "blob", "search", "queue", "filesystem", "other" ] } } } } } }, "qualityAttributes": { "type": "object", "description": "Stability: experimental. Producer claims per ISO/IEC 25010:2023 characteristic and sub-characteristic. Each claim has status (unspecified|declared|verified|not_applicable) and optional evidence. Use industryRefs[] for normative anchors (the auditor surface) and informationalRefs[] for non-normative design-context pointers (pattern catalogs, knowledge bases, AI-prompt sources).", "additionalProperties": false, "properties": { "functionalSuitability": { "$ref": "#/$defs/iso25010Characteristic", "description": "Stability: stable. Degree to which the product provides functions that meet stated and implied needs. Sub-characteristics: completeness, correctness, appropriateness.", "x-sam-stability": "stable" }, "performanceEfficiency": { "$ref": "#/$defs/iso25010Characteristic", "description": "Stability: stable. Performance relative to resources used. Sub-characteristics: timeBehaviour, resourceUtilization, capacity.", "x-sam-stability": "stable" }, "compatibility": { "$ref": "#/$defs/iso25010Characteristic", "description": "Stability: stable. Ability to share information and perform required functions while sharing the same environment. Sub-characteristics: coExistence, interoperability.", "x-sam-stability": "stable" }, "interactionCapability": { "$ref": "#/$defs/iso25010Characteristic", "description": "Stability: stable. Per ISO/IEC 25010:2023. Sub-characteristics: appropriatenessRecognizability, learnability, operability, userErrorProtection, userEngagement, inclusivity (accessibility lives here), userAssistance, selfDescriptiveness.", "x-sam-stability": "stable" }, "reliability": { "$ref": "#/$defs/iso25010Characteristic", "description": "Stability: stable. Sub-characteristics: faultTolerance, recoverability, availability, maturity.", "x-sam-stability": "stable" }, "security": { "$ref": "#/$defs/iso25010Characteristic", "description": "Stability: stable. Sub-characteristics: confidentiality, integrity, nonRepudiation, accountability, authenticity, resistance.", "x-sam-stability": "stable" }, "maintainability": { "$ref": "#/$defs/iso25010Characteristic", "description": "Stability: stable. Sub-characteristics: modularity, reusability, analysability, modifiability, testability.", "x-sam-stability": "stable" }, "flexibility": { "$ref": "#/$defs/iso25010Characteristic", "description": "Stability: stable. Per ISO/IEC 25010:2023. Sub-characteristics: adaptability, scalability, installability, replaceability.", "x-sam-stability": "stable" }, "safety": { "$ref": "#/$defs/iso25010Characteristic", "description": "Stability: stable. Per ISO/IEC 25010:2023. Sub-characteristics: operationalConstraint, riskIdentification, failSafe, hazardWarning, safeIntegration.", "x-sam-stability": "stable" } } }, "extensions": { "type": "object", "description": "Stability: experimental. Quality concerns not cleanly modeled by ISO 25010:2023. Observability folds awkwardly under maintainability.analysability in the standard; data lifecycle and AI-era concerns have no formal home.", "additionalProperties": false, "properties": { "observability": { "$ref": "#/$defs/qualityAttributeClaim", "description": "Stability: experimental. Structured logging, metrics, distributed tracing, health endpoints. The producer's claim about what is observable in production." }, "dataLifecycle": { "$ref": "#/$defs/qualityAttributeClaim", "description": "Stability: experimental. Retention, deletion, archival, right-to-deletion compliance. Distinct from security.confidentiality." }, "internationalization": { "$ref": "#/$defs/qualityAttributeClaim", "description": "Stability: experimental. Locale support, string externalization, RTL, CLDR pluralization. Adjacent to interactionCapability.inclusivity but operationally distinct." } } }, "tensionsDeclared": { "type": "array", "description": "Stability: experimental. For each declared tension between branches, which posture did the producer choose?", "items": { "type": "object", "required": [ "tension", "posture" ], "additionalProperties": false, "properties": { "tension": { "type": "string", "description": "Stability: experimental. Identifier for the tension. Well-known values (informational, not enforced): 'cap_pacelc' (consistency vs availability vs latency), 'observability_cost_trilemma' (resolution vs cost vs freshness), 'test_suite_tension' (coverage vs maintainability), 'observability_pii' (diagnosability vs PII exposure), 'security_performance_isolation' (boundary enforcement vs latency). For domain-specific tensions, use a stable identifier of your own with the prefix 'x:' (e.g., 'x:tenant_isolation_vs_cost').", "examples": [ "cap_pacelc", "observability_cost_trilemma", "test_suite_tension", "observability_pii", "security_performance_isolation" ] }, "posture": { "type": "string", "description": "Stability: experimental. The chosen posture and what was sacrificed (e.g., 'AP, staleness window 5s', 'CP, availability sacrificed during partition')." }, "rationale": { "type": "string" } }, "patternProperties": { "^x-": {} } } }, "producer": { "type": "object", "required": [ "name", "issuedAt" ], "additionalProperties": false, "properties": { "name": { "type": "string", "description": "Stability: stable. OSS maintainer or producing organization.", "x-sam-stability": "stable" }, "contact": { "type": "string", "format": "email" }, "issuedAt": { "type": "string", "format": "date-time" }, "validFor": { "type": "string", "description": "Stability: experimental. ISO 8601 duration. Manifest expires after this from issuedAt. Producers re-sign on each release.", "pattern": "^P" } }, "patternProperties": { "^x-": {} } } }, "$defs": { "iso25010Characteristic": { "type": "object", "description": "Stability: experimental. An ISO/IEC 25010:2023 characteristic. The characteristic itself carries an aggregate claim; sub-characteristics carry the granular claims. Producers may populate either or both \u2014 a single overall claim is acceptable for v0.", "additionalProperties": false, "properties": { "overall": { "$ref": "#/$defs/qualityAttributeClaim", "description": "Stability: experimental. Aggregate claim for the characteristic as a whole." }, "subCharacteristics": { "type": "object", "description": "Stability: experimental. ISO 25010:2023 sub-characteristics for this characteristic. Keys must be camelCase ISO sub-characteristic names. Validators may choose to enforce per-characteristic enum constraints; v0 accepts any string key matching the standard.", "additionalProperties": { "$ref": "#/$defs/qualityAttributeClaim" } } }, "patternProperties": { "^x-": {} } }, "qualityAttributeClaim": { "type": "object", "required": [ "status" ], "additionalProperties": false, "properties": { "status": { "enum": [ "unspecified", "declared", "verified", "not_applicable" ], "description": "Stability: stable. unspecified: producer makes no claim. declared: producer asserts but provides no evidence. verified: producer asserts and points to evidence. not_applicable: producer claims this attribute is irrelevant for this artifact.", "x-sam-stability": "stable" }, "summary": { "type": "string", "description": "Stability: stable. Plain-language statement of the claim. Required when status is declared or verified.", "x-sam-stability": "stable" }, "evidence": { "type": "array", "description": "Stability: stable. Evidence URIs. Required when status=verified. Examples: load test report, security scan, accessibility audit, CI run.", "items": { "type": "object", "required": [ "type", "uri" ], "additionalProperties": false, "properties": { "type": { "enum": [ "load_test", "security_scan", "fuzz_run", "accessibility_audit", "chaos_test", "ci_run", "spec_test", "manual_review", "other" ] }, "uri": { "type": "string", "format": "uri" }, "digest": { "type": "string", "description": "Stability: experimental. Content hash of the evidence artifact, if archived." } }, "patternProperties": { "^x-": {} } }, "x-sam-stability": "stable" }, "industryRefs": { "type": "array", "description": "Stability: stable. Normative cross-references to industry standards or specifications relevant to this claim (e.g., WCAG 2.2 AA, OWASP ASVS L2, NIST SP 800-218). These are what auditors and procurement teams look for; they are first-class on the manifest because they outlive any single host or vendor.", "items": { "type": "object", "required": [ "standard" ], "additionalProperties": false, "properties": { "standard": { "type": "string", "description": "Stability: experimental. Identifier of the standard or spec. Examples: 'ISO/IEC 25010', 'ISO/IEC 27001', 'NIST SP 800-218', 'OWASP ASVS', 'WCAG', 'OpenTelemetry', 'OpenAPI', 'AsyncAPI', 'SLSA', 'ISO 26262', 'IEC 62304', 'GDPR', 'SOC 2', 'HIPAA', 'PCI DSS'." }, "version": { "type": "string", "description": "Stability: experimental. Version of the standard (e.g., '2023', '2.2', '5.0', '3.1.0', 'v1.1')." }, "conformance": { "type": "string", "description": "Stability: experimental. Optional conformance level or profile (e.g., 'AA' for WCAG, 'L2' for ASVS, 'Tier 3' for SLSA, 'Type II' for SOC 2). Free text \u2014 varies per standard." }, "referenceUri": { "type": "string", "format": "uri", "description": "Stability: experimental. Optional canonical URI for the standard or section being referenced." } }, "patternProperties": { "^x-": {} } }, "x-sam-stability": "stable" }, "informationalRefs": { "type": "array", "description": "Stability: experimental. Non-normative pointers to additional context \u2014 pattern catalogs, design references, internal docs, or external knowledge bases that aided the producer's reasoning. Useful for AI agents and humans who want to drill into design rationale, but not anchors an auditor relies on. Use https URIs that resolve to stable resources.", "items": { "type": "string", "format": "uri" } } }, "patternProperties": { "^x-": {} } } }, "$comment": "x-sam-stability is a SAM-defined keyword (descriptive only, no validation behavior in v0.1). Tools MAY consume it to surface field maturity to consumers. Per JSON Schema 2020-12, unknown keywords are ignored by validators." }