{"ok":true,"phase":"v17.5 Phase 195","service":"Sovereign Connector Manifest Validator","validator":{"system":"OmegaCrownAI Sovereign Connector Manifest Validator","phase":"v17.5 Phase 195","status":"validator_ready","purpose":"Validate connector manifests before install or marketplace approval so integrations remain scoped, auditable, safe, and governed.","allowedAuthTypes":["oauth","api_key","service_account","webhook_secret","local"],"allowedRiskLevels":["low","medium","high","blocked_by_default"],"allowedApprovalGates":["read_only","artifact_generation","workspace_write","external_write","blocked_by_default"],"allowedCategories":["communication","crm_sales","storage_files","development","payments_billing","marketing_distribution","model_compute","automation_webhooks"],"allowedPermissions":["connector_read","connector_write_draft","connector_external_write","connector_financial_action","connector_secret_management"],"requiredManifestFields":["connectorId","name","category","version","authType","permissionsRequested","riskLevel","actions","healthcheck","disconnectPolicy","dataRetentionPolicy"],"requiredActionFields":["actionId","name","inputSchema","outputSchema","approvalGate","auditRequired"],"blockedValidationRules":["Financial connector actions must be blocked_by_default.","External write permission cannot be low risk.","High-risk actions cannot use read_only approval gate.","All actions must require audit.","Unknown permissions are rejected.","Unsupported auth types are rejected.","Unsupported connector categories are rejected."],"sampleManifest":{"connectorId":"github","name":"GitHub","category":"development","version":"0.1.0","authType":"oauth","permissionsRequested":["connector_read","connector_write_draft"],"riskLevel":"medium","actions":[{"actionId":"github.read_issues","name":"Read GitHub issues","inputSchema":"repository, labels, state","outputSchema":"issue list","approvalGate":"read_only","auditRequired":true},{"actionId":"github.prepare_pull_request","name":"Prepare pull request draft","inputSchema":"branch, title, body, changed files","outputSchema":"pull request draft metadata","approvalGate":"workspace_write","auditRequired":true}],"healthcheck":"Verify repository access and scopes.","disconnectPolicy":"Revoke OAuth token and remove cached repository metadata.","dataRetentionPolicy":"Store only required issue/PR metadata and delete on disconnect."},"sampleValidation":{"ok":true,"manifest":{"connectorId":"github","name":"GitHub","category":"development","version":"0.1.0","authType":"oauth","permissionsRequested":["connector_read","connector_write_draft"],"riskLevel":"medium","actions":[{"actionId":"github.read_issues","name":"Read GitHub issues","inputSchema":"repository, labels, state","outputSchema":"issue list","approvalGate":"read_only","auditRequired":true},{"actionId":"github.prepare_pull_request","name":"Prepare pull request draft","inputSchema":"branch, title, body, changed files","outputSchema":"pull request draft metadata","approvalGate":"workspace_write","auditRequired":true}],"healthcheck":"Verify repository access and scopes.","disconnectPolicy":"Revoke OAuth token and remove cached repository metadata.","dataRetentionPolicy":"Store only required issue/PR metadata and delete on disconnect."},"errors":[],"warnings":[],"score":100,"allowedCategories":["communication","crm_sales","storage_files","development","payments_billing","marketing_distribution","model_compute","automation_webhooks"],"allowedPermissions":["connector_read","connector_write_draft","connector_external_write","connector_financial_action","connector_secret_management"],"allowedAuthTypes":["oauth","api_key","service_account","webhook_secret","local"],"allowedApprovalGates":["read_only","artifact_generation","workspace_write","external_write","blocked_by_default"],"credentialSafetyChecks":["Never commit API keys, OAuth tokens, webhooks secrets, passwords, or private credentials.","Use scoped OAuth permissions where possible.","Use least-privilege API keys.","Use server-side environment variables or secret manager only.","Do not expose secrets in generated artifacts, logs, screenshots, JSON responses, or client-side code.","Support credential revocation and connector disconnect flow.","Audit connector install, use, failure, and disconnect events."],"requiredPolicy":"Connector manifests must pass validation before install, execution, external write, marketplace approval, or customer-visible activation."}}}