openapi: 3.1.0 info: title: RBAC Finding Diff View Contract version: 1.0.0 description: >- Internal presentation contract for the RBAC role definition diff consumer on the Findings view page. This feature adds no external HTTP endpoints. The contract documents the authoritative evidence input and the render-ready diff presentation output used by the consumer. paths: {} components: schemas: RbacRoleDefinitionEvidence: type: object required: - changed_keys - baseline - current properties: diff_kind: type: string diff_fingerprint: type: string changed_keys: type: array items: type: string metadata_keys: type: array items: type: string permission_keys: type: array items: type: string baseline: $ref: '#/components/schemas/RbacRoleDefinitionSide' current: $ref: '#/components/schemas/RbacRoleDefinitionSide' RbacRoleDefinitionSide: type: object properties: normalized: type: object additionalProperties: true is_built_in: type: - boolean - 'null' role_permission_count: type: - integer - 'null' DiffPresentation: type: object required: - summary - rows properties: summary: $ref: '#/components/schemas/DiffSummary' rows: type: array items: $ref: '#/components/schemas/DiffRow' DiffSummary: type: object required: - changedCount - addedCount - removedCount - unchangedCount - hasRows properties: changedCount: type: integer minimum: 0 addedCount: type: integer minimum: 0 removedCount: type: integer minimum: 0 unchangedCount: type: integer minimum: 0 hasRows: type: boolean message: type: - string - 'null' DiffRow: type: object required: - key - label - status - isListLike - addedItems - removedItems - unchangedItems - meta properties: key: type: string minLength: 1 label: type: string minLength: 1 status: type: string enum: - changed - unchanged - added - removed oldValue: nullable: true newValue: nullable: true isListLike: type: boolean addedItems: type: array items: {} removedItems: type: array items: {} unchangedItems: type: array items: {} meta: type: object additionalProperties: true