{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://fablepool.org/schemas/exploit-record.json",
  "title": "FablePool Exploit Record",
  "description": "Canonical, immutable record of a legal-moves-only exploit discovered in adversarial self-play. Records are append-only: closing an exploit means amending the kernel, never editing this file. Validated in strict mode by scripts/verify_exploit_coverage.py --strict; minimal invariants (id-filename match, regression-test existence, changelog accounting) are enforced unconditionally in CI.",
  "type": "object",
  "required": ["id", "title", "kernel_version"],
  "properties": {
    "id": {
      "type": "string",
      "pattern": "^EXP-[0-9]{3}$",
      "description": "Stable identifier; must match the filename (EXP-001 in EXP-001.json)."
    },
    "title": {
      "type": "string",
      "minLength": 1,
      "description": "One-line human-readable name of the exploit."
    },
    "kernel_version": {
      "type": "string",
      "description": "Kernel version the exploit was discovered against, e.g. '0.1.0'."
    },
    "summary": {
      "type": "string",
      "description": "Prose description of the mechanism: what legal sequence reaches the capture objective and why the text permits it."
    },
    "tournament": {
      "type": "string",
      "description": "Tournament id in which the exploit was discovered, e.g. 'T1'."
    },
    "objective": {
      "type": "string",
      "description": "Capture objective achieved, e.g. 'drain_treasury', 'entrench_power'."
    },
    "discovered_by": {
      "type": "string",
      "description": "Red-team role (and seed/episode if applicable) that found it."
    },
    "detector": {
      "type": "string",
      "description": "Detector in detectors.py that fired."
    },
    "severity": {
      "type": "string",
      "enum": ["low", "medium", "high", "critical"],
      "description": "Impact rating, graded first on worst-off participant outcomes."
    },
    "empathy_impact": {
      "description": "Effect of the exploit on the worst-off participant (number or structured object), per the project's primary scoring rule."
    },
    "transcript": {
      "type": "array",
      "description": "Minimal replayable action sequence. Each step names the actor, the action, and its parameters. Replaying this under the discovery kernel must reproduce the capture objective.",
      "items": { "type": "object" }
    },
    "regression_test": {
      "type": "string",
      "description": "Relative path to the generated regression test, e.g. 'tests/regression/test_exp_001.py'."
    },
    "status": {
      "type": "string",
      "enum": ["open", "patched"],
      "description": "Whether a ratified kernel amendment closes this exploit."
    },
    "closed_by": {
      "type": "string",
      "description": "Kernel version and/or amendment identifier that closed the exploit, e.g. '0.2.0'."
    }
  },
  "additionalProperties": true
}