{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "ScanRequest",
  "description": "ScanRequest schema from Palo Alto Networks Prisma AIRS API",
  "$id": "https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/prisma-airs-api-scan-request-schema.json",
  "type": "object",
  "properties": {
    "ai_profile": {
      "type": "object",
      "required": [
        "profile_name"
      ],
      "properties": {
        "profile_name": {
          "type": "string",
          "description": "Name of the AI security profile to use for this scan. The profile determines which detections are active and their sensitivity. Must reference an existing profile configured for the tenant."
        }
      },
      "description": "Reference to the AI security profile to apply during scanning."
    },
    "contents": {
      "type": "array",
      "minItems": 1,
      "description": "Array of prompt/response pairs to scan. Each item represents one LLM interaction. For batch scanning, include multiple items.",
      "items": {
        "type": "object",
        "properties": {
          "prompt": {
            "type": "string",
            "description": "The user prompt or input text sent to the AI model. Evaluated for prompt injection, jailbreak attempts, and other input-side threats.",
            "maxLength": 32000
          },
          "response": {
            "type": "string",
            "description": "The AI model response or output text. When provided, also evaluated for data leakage, toxic content, and other output-side threats. May be omitted to scan only the prompt.",
            "maxLength": 64000
          }
        }
      }
    },
    "tr_id": {
      "type": "string",
      "description": "Optional caller-supplied transaction ID for correlating scan requests with application-side records."
    }
  },
  "required": [
    "ai_profile",
    "contents"
  ]
}