{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://fablepool.org/schemas/fpcf/v1/body.permission-grant.schema.json",
  "title": "Body: permission-grant",
  "type": "object",
  "required": ["grantee", "scope", "expires_at"],
  "additionalProperties": false,
  "properties": {
    "grantee": {
      "$ref": "defs.schema.json#/$defs/keyId",
      "description": "The key being granted capability-scoped read access to claims."
    },
    "scope": {
      "type": "object",
      "required": ["predicates"],
      "additionalProperties": false,
      "properties": {
        "predicates": {
          "type": "array",
          "items": { "$ref": "defs.schema.json#/$defs/nonEmptyString" },
          "minItems": 1,
          "uniqueItems": true,
          "description": "Predicate names (exact match) the grantee may read claims for."
        },
        "subjects": {
          "type": "array",
          "items": { "$ref": "defs.schema.json#/$defs/nonEmptyString" },
          "minItems": 1,
          "uniqueItems": true,
          "description": "Optional subject allow-list; absent means fp:self only."
        }
      }
    },
    "expires_at": {
      "oneOf": [
        { "$ref": "defs.schema.json#/$defs/timestamp" },
        { "type": "null" }
      ],
      "description": "Hard expiry, or null for until-revoked. The grant's own op id is its capability identifier."
    }
  }
}