{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Create Resource Grant",
  "description": "Share a resource with recipient environments matching attribute conditions. The caller must have `resource:grant` on the source resource.",
  "type": "object",
  "required": ["action", "recipientConditions"],
  "properties": {
    "action": {
      "type": "string",
      "title": "Action",
      "description": "The action being granted on the resource. Currently the only grantable resource action is `resource:export` — resource visibility is inferred from any granted action.",
      "enum": ["resource:export"],
      "default": "resource:export",
      "examples": ["resource:export"]
    },
    "recipientConditions": {
      "type": "object",
      "x-gql-type": "conditions",
      "title": "Recipient Conditions",
      "description": "Restrict this grant to recipient environments whose attributes match every condition. Send the literal `\"*\"` to apply to every environment in the organization. Per-key, send `\"*\"` to match any value or a non-empty list of strings to match a closed set.",
      "additionalProperties": {
        "oneOf": [
          { "type": "string", "const": "*" },
          { "type": "array", "items": { "type": "string" }, "minItems": 1 }
        ]
      },
      "examples": [
        { "TEAM": ["payments"] },
        { "md-environment": ["prod", "staging"] },
        { "md-environment": "*" }
      ]
    }
  }
}