Added schema bundler and updated readme.

Signed-off-by: Steve Springett <[email protected]>

Author: stevespringett

schema/2.0/README.md

@@ -1,29 +1,34 @@
 # CycloneDX 2.0 Schemas
 
-This directory contains the official JSON Schema definitions for CycloneDX 2.0, as standardised in [ECMA-424](https://ecma-international.org/publications-and-standards/standards/ecma-424/). These schemas constitute the normative implementation of the CycloneDX specification and are intended for use in validation, tooling, and data exchange.
+This directory contains the official JSON Schema definitions for CycloneDX 2.0, as standardised in 
+[ECMA-424](https://ecma-international.org/publications-and-standards/standards/ecma-424/). 
+These schemas constitute the normative implementation of the CycloneDX specification and are intended for use in 
+validation, tooling, and data exchange.
 
 ## Schema Overview
 
 | File                                                                                 | Description                                                                                                                                                                             |
 |--------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | [`cyclonedx-2.0.schema.json`](./cyclonedx-2.0.schema.json)                           | The normative schema for CycloneDX Bill of Materials (BOM) documents. This schema references modular models and defines the complete structure for expressing inventories and metadata. |
+| [`cyclonedx-2.0-bundled.schema.json`](./cyclonedx-2.0-bundled.schema.json)         | A fully resolved version of the BOM schema with all external model references inlined. Useful for systems that require a self-contained schema.                                         |
 | [`cyclonedx-api-2.0.schema.json`](./cyclonedx-api-2.0.schema.json)                   | The normative API-focused schema. It reuses CycloneDX models but is structured for compatibility with request/response patterns in service architectures.                               |
-| [`cyclonedx-combined-2.0.schema.json`](./cyclonedx-combined-2.0.schema.json)         | A fully resolved version of the BOM schema with all external model references inlined. Useful for systems that require a self-contained schema.                                         |
-| [`cyclonedx-api-combined-2.0.schema.json`](./cyclonedx-api-combined-2.0.schema.json) | The combined version of the API schema with all model definitions embedded. Suitable for use in tools or validators that do not support `$ref` resolution.                              |
+| [`cyclonedx-api-2.0-bundled.schema.json`](./cyclonedx-api-2.0-bundled.schema.json) | The combined version of the API schema with all model definitions embedded. Suitable for use in tools or validators that do not support `$ref` resolution.                              |
 
 ## Modularity and Model Composition
 
-CycloneDX 2.0 is defined as a modular specification. All core concepts—such as components, services, vulnerabilities, licensing, and AI/ML metadata—are encapsulated in reusable model definitions located in the [`model/`](./model) directory.
+CycloneDX 2.0 is defined as a modular specification. All core concepts—such as components, services, vulnerabilities, 
+licensing, and AI/ML metadata, are encapsulated in reusable model definitions located in the [`model/`](./model) directory.
 
 This modular architecture promotes:
 
 - **Consistency** across multiple schema contexts
 - **Reusability** of models within and beyond CycloneDX
 - **Clarity and maintainability** for implementers
 
-## Combined Schemas
+## Bundled Schemas
 
-The `*-combined` schema files are auto-generated from the normative schemas by resolving all references. These are provided for convenience and do not supersede the authoritative pre-defined schemas.
+The `*-bundled` schema files are auto-generated from the normative schemas by resolving all references. 
+These are provided for convenience and do not supersede the authoritative pre-defined schemas.
 
 ## Related Resources
 

tools/src/main/js/bundle-schemas.js

@@ -0,0 +1,196 @@
+#!/usr/bin/env node
+
+const fs = require('fs').promises;
+const path = require('path');
+
+/**
+ * Recursively walks through an object and rewrites $ref paths
+ */
+function rewriteRefs(obj, schemaFiles, defsKeyword, currentSchemaName) {
+    if (typeof obj !== 'object' || obj === null) {
+        return obj;
+    }
+
+    if (Array.isArray(obj)) {
+        return obj.map(item => rewriteRefs(item, schemaFiles, defsKeyword, currentSchemaName));
+    }
+
+    const newObj = {};
+    for (const [key, value] of Object.entries(obj)) {
+        if (key === '$ref' && typeof value === 'string') {
+            // Case 1: Reference to another schema file (external reference)
+            const fileMatch = value.match(/^(.+\.schema\.json)(#.*)?$/);
+            if (fileMatch) {
+                const filename = fileMatch[1];
+                const fragment = fileMatch[2] || '';
+
+                const basename = path.basename(filename);
+                const schemaName = basename.replace('.schema.json', '');
+
+                // Rewrite to point to the bundled schema's definitions
+                newObj[key] = `#/${defsKeyword}/${schemaName}${fragment}`;
+            }
+            // Case 2: Internal reference within the same schema (starts with #)
+            else if (value.startsWith('#')) {
+                // Rewrite to be relative to the current schema's location in the bundle
+                newObj[key] = `#/${defsKeyword}/${currentSchemaName}${value.substring(1)}`;
+            }
+            // Case 3: Other references (URLs, etc.) - leave as-is
+            else {
+                newObj[key] = value;
+            }
+        } else {
+            newObj[key] = rewriteRefs(value, schemaFiles, defsKeyword, currentSchemaName);
+        }
+    }
+    return newObj;
+}
+
+async function bundleSchemas(modelsDirectory, rootSchemaPath, options = {}) {
+    try {
+        const absoluteModelsDir = path.resolve(modelsDirectory);
+        const absoluteRootPath = path.resolve(rootSchemaPath);
+
+        // Verify paths exist
+        await fs.access(absoluteModelsDir);
+        await fs.access(absoluteRootPath);
+
+        const rootSchemaFilename = path.basename(absoluteRootPath);
+        const rootSchemaDir = path.dirname(absoluteRootPath);
+
+        console.log(`Models directory: ${absoluteModelsDir}`);
+        console.log(`Root schema: ${absoluteRootPath}`);
+
+        // Generate output filename by inserting "-bundled" before ".schema.json"
+        const outputFilename = rootSchemaFilename.replace('.schema.json', '-bundled.schema.json');
+        const outputPath = path.join(rootSchemaDir, outputFilename);
+
+        console.log(`Output: ${outputPath}\n`);
+
+        // Read all schema files in the models directory
+        const files = await fs.readdir(absoluteModelsDir);
+        const schemaFiles = files.filter(file => file.endsWith('.schema.json') && !file.includes('-bundled'));
+
+        console.log(`Found ${schemaFiles.length} schema files in models directory`);
+
+        // Read all schemas from models directory
+        const schemas = {};
+        let detectedSchemaVersion = null;
+
+        for (const file of schemaFiles) {
+            const schemaPath = path.join(absoluteModelsDir, file);
+            console.log(`  Reading ${file}...`);
+
+            const content = await fs.readFile(schemaPath, 'utf8');
+            const schema = JSON.parse(content);
+
+            // Detect the $schema version from the first schema that has it
+            if (!detectedSchemaVersion && schema.$schema) {
+                detectedSchemaVersion = schema.$schema;
+            }
+
+            const schemaName = path.basename(file, '.schema.json');
+            schemas[schemaName] = schema;
+        }
+
+        // Read the root schema
+        console.log(`\nReading root schema...`);
+        const rootContent = await fs.readFile(absoluteRootPath, 'utf8');
+        const rootSchema = JSON.parse(rootContent);  // Fixed: was 'content', should be 'rootContent'
+        const rootSchemaName = path.basename(rootSchemaFilename, '.schema.json');
+
+        // Add root schema to the schemas collection
+        schemas[rootSchemaName] = rootSchema;
+
+        // Use detected version from root schema if available
+        if (rootSchema.$schema) {
+            detectedSchemaVersion = rootSchema.$schema;
+        }
+
+        // Use detected version, or provided option, or default to 2020-12
+        const schemaVersion = options.schemaVersion ||
+            detectedSchemaVersion ||
+            'https://json-schema.org/draft/2020-12/schema';
+
+        // Determine which keyword to use based on schema version
+        const isDraft2019OrLater = schemaVersion.includes('2019-09') ||
+            schemaVersion.includes('2020-12') ||
+            schemaVersion.includes('/next');
+        const defsKeyword = isDraft2019OrLater ? '$defs' : 'definitions';
+
+        console.log(`\nUsing schema version: ${schemaVersion}`);
+        console.log(`Using keyword: ${defsKeyword}`);
+        console.log('Rewriting $ref pointers...');
+
+        // Rewrite all $refs in all schemas
+        const rewrittenDefinitions = {};
+        for (const [name, schema] of Object.entries(schemas)) {
+            console.log(`  Rewriting refs in ${name}...`);
+            rewrittenDefinitions[name] = rewriteRefs(schema, [...schemaFiles, rootSchemaFilename], defsKeyword, name);
+        }
+
+        // Get the rewritten root schema
+        const rootSchemaRewritten = rewrittenDefinitions[rootSchemaName];
+
+        // Build the final schema with root schema properties at the top level
+        const finalSchema = {
+            ...rootSchemaRewritten,
+            "$schema": schemaVersion,
+            [defsKeyword]: rewrittenDefinitions
+        };
+
+        // Optionally validate with AJV
+        if (options.validate) {
+            console.log('\nValidating with AJV...');
+            const Ajv = require('ajv');
+            const ajv = new Ajv({
+                strict: false,
+                allowUnionTypes: true
+            });
+
+            try {
+                ajv.compile(finalSchema);
+                console.log('✓ Schema validation passed');
+            } catch (validationErr) {
+                console.warn('⚠ Schema validation warning:', validationErr.message);
+            }
+        }
+
+        await fs.writeFile(outputPath, JSON.stringify(finalSchema, null, 2));
+
+        console.log(`\n✓ Bundled ${Object.keys(schemas).length} schemas to ${outputFilename}`);
+
+        // Show file size
+        const stats = await fs.stat(outputPath);
+        const sizeKB = (stats.size / 1024).toFixed(2);
+        console.log(`  File size: ${sizeKB} KB`);
+
+        return finalSchema;
+
+    } catch (err) {
+        console.error('Error processing schemas:', err.message);
+        throw err;
+    }
+}
+
+// CLI usage
+if (require.main === module) {
+    const [,, modelsDirectory, rootSchemaPath] = process.argv;
+
+    if (!modelsDirectory || !rootSchemaPath) {
+        console.log('Usage: node bundle-schemas.js <models-directory> <root-schema-path>');
+        console.log('');
+        console.log('Example:');
+        console.log('  node bundle-schemas.js \\');
+        console.log('    ./schema/2.0/model \\');
+        console.log('    ./schema/2.0/cyclonedx-2.0.schema.json');
+        console.log('');
+        console.log('This will create: ./schema/2.0/cyclonedx-2.0-bundled.schema.json');
+        process.exit(1);
+    }
+
+    bundleSchemas(modelsDirectory, rootSchemaPath, { validate: true })
+        .catch(err => process.exit(1));
+}
+
+module.exports = { bundleSchemas };

tools/src/main/js/package.json

@@ -0,0 +1,19 @@
+{
+  "name": "schema-bundler",
+  "version": "1.0.0",
+  "description": "Bundle multiple JSON schemas into a single file",
+  "main": "bundle-schemas.js",
+  "scripts": {
+    "bundle": "node bundle-schemas.js"
+  },
+  "bin": {
+    "bundle-schemas": "./bundle-schemas.js"
+  },
+  "keywords": ["json-schema", "ajv", "bundle"],
+  "author": "",
+  "license": "MIT",
+  "dependencies": {
+    "@apidevtools/json-schema-ref-parser": "^11.0.0",
+    "ajv": "^8.12.0"
+  }
+}