feat(schema): add acknowledgement field to BOM operations

[isasmendiagus]

Summary by CodeRabbit

• New Features

  • Added optional "acknowledgement" and "timestamp" fields for BOM include/remove/replace entries so acknowledgements and event times are preserved in generated SBOMs.
  • Added optional "organization" field under self-identification to capture publisher/owner information.

• Documentation

  • Examples updated to show usage of the new fields.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR updates scanoss-settings-schema.json: adds an optional organization string under self, and extends BOM rule item schemas (bom.include, bom.remove, bom.replace) with optional acknowledgement (string) and optional timestamp (string, date-time), and updates example objects accordingly.

Changes

Cohort / File(s)	Summary
Schema updates scanoss-settings-schema.json	Added optional self.organization: string. Extended BOM rule item schemas in bom.include[], bom.remove[], bom.replace[] with optional acknowledgement: string and optional timestamp: string (date-time). Updated example objects to include the new fields.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I nibble bytes and tidy trees,
A new field springs beneath the leaves,
Organization, time, and note—
BOM hops brighter as I tote. 🥕✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title highlights the addition of the acknowledgement field to BOM operations, but omits the other notable changes including the organization field and timestamp field additions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/SP-4077/add-acknowledgement-field

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

scanoss-settings-schema.json (1)

296-306: LGTM - consider extracting shared definitions.

The acknowledgement and timestamp fields are well-defined with proper types, formats, and descriptions. The date-time format is correctly specified per JSON Schema draft-07.

Since these exact field definitions are repeated in bom.include, bom.remove, and bom.replace, you could optionally extract them into a shared $defs block to reduce duplication:

♻️ Optional: Extract to $defs

{
  "$defs": {
    "bomDecisionMetadata": {
      "acknowledgement": {
        "type": "string",
        "description": "Formal acknowledgement of this BOM decision, propagated to SBOM output"
      },
      "timestamp": {
        "type": "string",
        "format": "date-time",
        "description": "ISO 8601 UTC timestamp recording when this BOM decision was made",
        "examples": ["2026-03-15T10:30:00Z"]
      }
    }
  }
}

Then reference via "$ref": "#/$defs/bomDecisionMetadata" or spread the properties.

This is optional—inline definitions are fine for readability and the current file size.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@scanoss-settings-schema.json` around lines 296 - 306, Extract the duplicated
"acknowledgement" and "timestamp" property definitions into a shared schema
under $defs (e.g. "$defs": { "bomDecisionMetadata": { "acknowledgement": { ...
}, "timestamp": { ... } } }) and replace the inline repeats in the bom.include,
bom.remove, and bom.replace definitions with a $ref to
"#/$defs/bomDecisionMetadata" (or reference individual properties from that
$defs entry) so the schema reuses a single source of truth for those fields.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@scanoss-settings-schema.json`:
- Around line 296-306: Extract the duplicated "acknowledgement" and "timestamp"
property definitions into a shared schema under $defs (e.g. "$defs": {
"bomDecisionMetadata": { "acknowledgement": { ... }, "timestamp": { ... } } })
and replace the inline repeats in the bom.include, bom.remove, and bom.replace
definitions with a $ref to "#/$defs/bomDecisionMetadata" (or reference
individual properties from that $defs entry) so the schema reuses a single
source of truth for those fields.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a47aa812-3604-4959-a0c6-3a235db82b77

📥 Commits

Reviewing files that changed from the base of the PR and between 7b87382 and 2349f6f.

📒 Files selected for processing (1)

• scanoss-settings-schema.json