{
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Update Policy",
  "description": "Edit an existing policy in place. The principal cannot be changed.",
  "type": "object",
  "properties": {
    "effect": {
      "type": "string",
      "x-gql-type": "policy_effect",
      "title": "Effect",
      "description": "ALLOW grants the actions. DENY blocks them and wins over any matching ALLOW.",
      "enum": ["ALLOW", "DENY"]
    },
    "actions": {
      "type": "array",
      "title": "Actions",
      "description": "Replace the policy's full action list. Pass one or more action ids in `{entity}:{verb}` form. Omit the field to leave the existing list unchanged. Duplicate entries are rejected.",
      "items": { "type": "string" },
      "minItems": 1,
      "uniqueItems": true,
      "examples": [
        ["project:view", "project:update"]
      ]
    },
    "conditions": {
      "type": "object",
      "x-gql-type": "conditions",
      "title": "Conditions",
      "description": "Restrict the actions to entities whose attributes match every condition. Pass `\"*\"` to clear all conditions and make the policy a wildcard. Per-key, send `\"*\"` to match any value or a non-empty list of strings to match a closed set. Omit the field to leave conditions unchanged.",
      "additionalProperties": {
        "oneOf": [
          { "type": "string", "const": "*" },
          { "type": "array", "items": { "type": "string" }, "minItems": 1 }
        ]
      }
    }
  }
}