# Default project-rollup RSK row schema, served by zddc-server when # no operator-supplied form.yaml exists at /rsk/. # # Identical to the per-party RSK schema (default-rsk.form.yaml) # except for one extra required field: `party`. The server reads it # on POST /rsk/form.html and routes the row to the matching # /archive//rsk/ folder. The `party` value is # stripped from the YAML on write (folder name IS the identity); on # read the dispatcher injects it back. # # To customize: drop your own form.yaml at /rsk/form.yaml. # Keep the `party` field shape unless you also customize the rollup # create handler. title: Risk (project rollup) description: One risk across all parties. The first field (Package) routes the row to the matching archive//rsk/ folder; the rest mirrors the per-party RSK schema. schema: type: object # `type` is intentionally absent from required: — the cascade's # field_defaults inject type=RSK after schema validation, and the # form renderer surfaces it as a locked readOnly field. Requiring # it here would 422 well-behaved clients that omit the cascade- # owned field. # `originator` is also omitted from required: the server derives it # from the selected party folder (folder_fields) after this schema # runs, same as the rollup MDL form. required: [party, project, discipline, sequence, title] additionalProperties: false properties: party: type: string title: Package (party folder) description: Routing key — must match an existing /archive// folder. pattern: "^[A-Za-z0-9][A-Za-z0-9.-]*$" minLength: 1 # --- Table-tracking components (same shape as the per-party rsk # schema). Together with `row` they compose the filename. originator: type: string title: Originator description: Auto-set from the selected Package (party folder) — the folder is the source of truth. Read-only; leave blank. readOnly: true # phase: # project-wide; sits between originator and project # type: string # title: Phase # minLength: 1 project: type: string title: Project minLength: 1 # area: # project-wide; sits between project and discipline # type: string # title: Area # minLength: 1 discipline: type: string title: Discipline minLength: 1 type: type: string title: Document type description: Locked to RSK by the cascade; the form renders this read-only. enum: [RSK] sequence: type: string title: Sequence minLength: 1 suffix: type: string title: Suffix description: Optional structural-part suffix (A, 01, ...). Just the letters/digits — the leading dash is added by the cascade's filename_format. row: type: string title: Row description: Zero-padded sequence within the parent register. Server-assigned. readOnly: true # --- Risk-level data. title: type: string title: Risk minLength: 1 category: type: string title: Category description: type: string title: Description likelihood: type: integer title: Likelihood minimum: 1 maximum: 5 impact: type: integer title: Impact minimum: 1 maximum: 5 severity: type: integer title: Severity minimum: 1 maximum: 25 mitigation: type: string title: Mitigation owner: type: string title: Owner status: type: string title: Status enum: [open, mitigated, accepted, closed] dueDate: type: string title: Due date format: date notes: type: string title: Notes # --- Audit fields (server-managed; read-only). created_at: type: string title: Created format: date-time readOnly: true created_by: type: string title: Created by format: email readOnly: true updated_at: type: string title: Updated format: date-time readOnly: true updated_by: type: string title: Updated by format: email readOnly: true revision: type: integer title: Revision minimum: 1 readOnly: true previous_sha: type: string title: Previous SHA readOnly: true ui: # originator is server-derived from the selected Package (party # folder); mirror the party value into its read-only field so the # composing tracking number is visible as the user fills the form. originator: ui:mirrorFrom: party description: ui:widget: textarea mitigation: ui:widget: textarea notes: ui:widget: textarea