{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://tenantpilot.local/specs/149/contracts/execution-legitimacy.schema.json",
  "title": "Queued Execution Legitimacy Decision",
  "type": "object",
  "additionalProperties": false,
  "required": [
    "operation_type",
    "authority_mode",
    "allowed",
    "retryable",
    "target_scope",
    "checks"
  ],
  "properties": {
    "operation_type": {
      "type": "string",
      "minLength": 1
    },
    "authority_mode": {
      "type": "string",
      "enum": [
        "actor_bound",
        "system_authority"
      ]
    },
    "allowed": {
      "type": "boolean"
    },
    "retryable": {
      "type": "boolean",
      "description": "Canonical initial mapping: false for scope_denied, capability_denied, and initiator_invalid; true for tenant_not_operable and prerequisite_invalid."
    },
    "reason_code": {
      "type": [
        "string",
        "null"
      ],
      "enum": [
        "workspace_mismatch",
        "tenant_not_entitled",
        "missing_capability",
        "tenant_not_operable",
        "tenant_missing",
        "initiator_missing",
        "initiator_not_entitled",
        "provider_connection_invalid",
        "write_gate_blocked",
        "execution_prerequisite_invalid",
        null
      ]
    },
    "denial_class": {
      "type": [
        "string",
        "null"
      ],
      "description": "High-level refusal class used to derive retryable behavior and operator-facing blocked-execution explanation.",
      "enum": [
        "scope_denied",
        "capability_denied",
        "tenant_not_operable",
        "prerequisite_invalid",
        "initiator_invalid",
        null
      ]
    },
    "initiator": {
      "type": [
        "object",
        "null"
      ],
      "additionalProperties": false,
      "required": [
        "identity_type",
        "user_id"
      ],
      "properties": {
        "identity_type": {
          "type": "string",
          "enum": [
            "user",
            "system"
          ]
        },
        "user_id": {
          "type": [
            "integer",
            "null"
          ],
          "minimum": 1
        }
      }
    },
    "target_scope": {
      "type": "object",
      "additionalProperties": false,
      "required": [
        "workspace_id",
        "tenant_id"
      ],
      "properties": {
        "workspace_id": {
          "type": "integer",
          "minimum": 1
        },
        "tenant_id": {
          "type": [
            "integer",
            "null"
          ],
          "minimum": 1
        },
        "provider_connection_id": {
          "type": [
            "integer",
            "null"
          ],
          "minimum": 1
        }
      }
    },
    "checks": {
      "type": "object",
      "additionalProperties": false,
      "required": [
        "workspace_scope",
        "tenant_scope",
        "capability",
        "tenant_operability",
        "execution_prerequisites"
      ],
      "properties": {
        "workspace_scope": {
          "type": "string",
          "enum": [
            "passed",
            "failed",
            "not_applicable"
          ]
        },
        "tenant_scope": {
          "type": "string",
          "enum": [
            "passed",
            "failed",
            "not_applicable"
          ]
        },
        "capability": {
          "type": "string",
          "enum": [
            "passed",
            "failed",
            "not_applicable"
          ]
        },
        "tenant_operability": {
          "type": "string",
          "enum": [
            "passed",
            "failed",
            "not_applicable"
          ]
        },
        "execution_prerequisites": {
          "type": "string",
          "enum": [
            "passed",
            "failed",
            "not_applicable"
          ]
        }
      }
    },
    "metadata": {
      "type": "object"
    }
  }
}