Skip to content

Trace CCI-003 from summary artifact to schema contract #76

Description

@stacknil

Review scope

Trace one committed config-change investigation summary item to the schema contract named in docs/evidence-pipeline-contract.md.

Sample input

Use the CCI-003 object in demos/config-change-investigation-demo/artifacts/investigation_summary.json.

Key fields:

{
  "investigation_id": "CCI-003",
  "severity": "high",
  "target_system": "vault-gateway",
  "triggering_change_id": "cfg-004",
  "evidence_counts": {
    "policy_denials": 0,
    "follow_on_events": 0
  }
}

Expected output

schemas/investigation_summary.schema.json should make the object reviewable without adding production meaning:

  • investigation_id matches ^CCI-[0-9]{3}$
  • severity is one of the documented enum values
  • evidence_counts.policy_denials and evidence_counts.follow_on_events are non-negative integers
  • the artifact remains a bounded evidence summary, not an incident verdict

Acceptance criteria

  • Name the artifact path and schema path.
  • Confirm whether CCI-003 satisfies the schema fields above.
  • Note any unclear field meaning or documentation route with a small correction.
  • Do not expand the five-demo matrix or add live telemetry behavior.

Boundaries

Use committed synthetic artifacts only. This is a schema/documentation review, not a request for production integrations, live telemetry, or final incident conclusions.

Metadata

Metadata

Assignees

No one assigned

    Labels

    docsDocumentation and README behaviorgood first issueGood for newcomershelp wantedExtra attention is needed

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions