{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/tines/main/json-schema/tines-credential-schema.json",
  "title": "Tines Credential",
  "description": "A Tines credential resource for securely storing secrets used by actions",
  "type": "object",
  "properties": {
    "id": {
      "type": "integer",
      "description": "Unique credential identifier"
    },
    "name": {
      "type": "string",
      "description": "Credential name"
    },
    "mode": {
      "type": "string",
      "enum": ["AWS", "TEXT", "HTTP_REQUEST_AGENT", "JWT", "OAUTH2", "MTLS"],
      "description": "Credential type"
    },
    "team_id": {
      "type": "integer",
      "description": "ID of the team that owns the credential"
    },
    "folder_id": {
      "type": ["integer", "null"],
      "description": "ID of the folder containing the credential"
    },
    "read_access": {
      "type": "string",
      "enum": ["TEAM", "GLOBAL", "SPECIFIC_TEAMS"],
      "default": "TEAM",
      "description": "Access control level for the credential"
    },
    "shared_team_slugs": {
      "type": "array",
      "items": { "type": "string" },
      "description": "Team slugs for SPECIFIC_TEAMS access"
    },
    "slug": {
      "type": "string",
      "description": "URL-friendly identifier"
    },
    "description": {
      "type": "string"
    },
    "allowed_hosts": {
      "type": "array",
      "items": { "type": "string" },
      "description": "Domains where this credential can be used"
    },
    "metadata": {
      "type": "object",
      "description": "Key-value metadata for the credential"
    },
    "owner": {
      "type": "object",
      "description": "Creator details",
      "properties": {
        "user_id": { "type": "integer" },
        "first_name": { "type": "string" },
        "last_name": { "type": "string" },
        "email": { "type": "string", "format": "email" }
      }
    },
    "expires_at": {
      "type": ["string", "null"],
      "format": "date-time",
      "description": "Expiration timestamp"
    },
    "expiry_notifications_enabled": {
      "type": "boolean",
      "default": false
    },
    "credential_notification_recipient_user_ids": {
      "type": "array",
      "items": { "type": "integer" }
    },
    "aws_authentication_type": {
      "type": "string",
      "enum": ["KEY", "ROLE", "INSTANCE_PROFILE"],
      "description": "AWS authentication method (when mode is AWS)"
    },
    "aws_assumed_role_external_id": {
      "type": "string",
      "description": "Generated external ID for AWS role assumption"
    },
    "use_static_external_id": {
      "type": "boolean"
    },
    "created_at": {
      "type": "string",
      "format": "date-time"
    },
    "updated_at": {
      "type": "string",
      "format": "date-time"
    }
  },
  "required": ["id", "name", "mode", "team_id"],
  "additionalProperties": true
}