README
¶
PRISM Capability
Part of the PRISM ecosystem. Defines capability stacks with layers, capabilities, and maturity integration.
Overview
PRISM Capability defines what capabilities exist in an organization's technology landscape. It integrates with prism-intelligence to track maturity levels and prism-execution for improvement roadmaps.
┌─────────────────────────────────────────────────────────────────────┐
│ prism-capability │
│ "These are the capabilities we need" │
│ Layers, capabilities, categories, relationships │
└─────────────────────────────────────────────────────────────────────┘
│
│ references
▼
┌─────────────────────────────────────────────────────────────────────┐
│ prism-intelligence │
│ Maturity models, SLIs/SLOs, state tracking │
│ "What does M4 look like?" + "Capability X is at M2" │
└─────────────────────────────────────────────────────────────────────┘
│
│ references
▼
┌─────────────────────────────────────────────────────────────────────┐
│ prism-execution │
│ OKRs, roadmaps, improvement initiatives │
│ "Move SAST from M2→M4 by Q3 via these initiatives" │
└─────────────────────────────────────────────────────────────────────┘
Installation
CLI
go install github.com/grokify/prism-capability/cmd/capstack@latest
Library
go get github.com/grokify/prism-capability
CLI Usage
Validate a document
capstack validate examples/operations-saas-greenfield.json
Output:
Valid: examples/operations-saas-greenfield.json
Name: b2b-saas-operations
Version: 0.1.0
Domain: operations
Layers: 7
Categories: 6
Capabilities: 26
Foundational: 3
List capabilities
# List all capabilities
capstack list examples/operations-saas-greenfield.json
# Filter by status
capstack list examples/operations-saas-greenfield.json --status=implemented
# Filter by layer
capstack list examples/operations-saas-greenfield.json --layer=observe
# Filter by tag
capstack list examples/security-saas-greenfield.json --tag=shift-left
Show capability details
capstack show examples/operations-saas-greenfield.json slo-framework
Output:
ID: slo-framework
Name: SLO Framework
Full Name: Service Level Objectives Framework
Layer: Strategy & Governance (strategy-governance)
Category: Reliability (reliability)
Status: operational
Owner: SRE Team
Implemented At: 2025-03-01
Tooling:
- Nobl9 (Nobl9) [commercial] - deployed
PRISM Integration:
Domain: operations
SLIs: sli-slo-coverage, sli-slo-attainment
Maturity Criteria:
M1: No SLOs defined
M2: SLOs for critical services, manual tracking
M3: SLOs for all services, automated dashboards
M4: Error budgets drive release decisions
M5: Predictive SLO management, auto-scaling based on burn rate
Create a new capability stack
# Create with defaults
capstack init -o my-stack.json
# Specify domain
capstack init -d security -o security-stack.json
# Specify name and domain
capstack init -n platform-capabilities -d platform -o platform.json
Render to diagram
Generate D2 diagrams or HTML from capability stacks:
# Generate D2 file
capstack render stack.json -o stack.d2
# Executive grid view (clean, no dependency arrows)
capstack render stack.json --style=grid -o exec-view.d2
# Pipe to D2 CLI for SVG output
capstack render stack.json | d2 - stack.svg
capstack render stack.json --style=grid | d2 - exec.svg
# Generate static HTML (embeddable fragment)
capstack render stack.json -f html
# Generate standalone HTML document
capstack render stack.json -f html --standalone -o stack.html
# Generate dark theme HTML
capstack render stack.json -f html --standalone --dark -o dark.html
Output Formats:
| Format | Description |
|---|---|
d2 |
D2 diagram language (default) |
html |
Static HTML - embeddable fragment or standalone document |
Render Styles (D2 only):
| Style | Description |
|---|---|
default |
Standard view with dependency arrows between capabilities |
grid |
Clean grid layout for executives - no arrows, aligned boxes, shadows |
Options:
| Flag | Description |
|---|---|
-o, --output |
Output file (default: stdout) |
-s, --style |
Render style: default or grid (D2 only) |
-f, --format |
Output format: d2 or html |
-t, --title |
Override diagram title |
--no-deps |
Hide dependency arrows (D2 only) |
--no-foundational |
Hide foundational capabilities |
--no-legend |
Hide status legend |
--color-by |
Color scheme: status (default) or category (D2 only) |
--standalone |
Generate complete HTML document (HTML only) |
--dark |
Use dark theme (HTML only) |
Status Colors:
| Status | Color |
|---|---|
| operational | Green |
| implemented | Blue |
| in-progress | Amber |
| planned | Gray |
| deprecated | Red |
Installing D2:
To render D2 to images, install the D2 CLI:
# macOS
brew install d2
# Render to SVG
d2 stack.d2 stack.svg
# Render to PNG
d2 stack.d2 stack.png
Web Component
A Lit-based web component is available for embedding capability stacks in websites and MkDocs documentation.
Installation
cd web
npm install
npm run build
Usage
<script type="module" src="capability-stack.js"></script>
<!-- Load from JSON file -->
<capability-stack
src="stack.json"
show-legend
show-foundational
interactive>
</capability-stack>
<!-- Dark theme -->
<capability-stack
src="stack.json"
theme="dark"
show-legend>
</capability-stack>
Attributes
| Attribute | Type | Description |
|---|---|---|
src |
string | URL to capability stack JSON file |
data |
object | Inline JSON data (alternative to src) |
theme |
light | dark |
Color theme (default: light) |
show-legend |
boolean | Show status color legend |
show-foundational |
boolean | Show foundational capabilities |
interactive |
boolean | Enable hover tooltips |
filter-status |
string | Filter by capability status |
MkDocs Integration
The web component works with MkDocs and Material for MkDocs (unlike React components):
<!-- docs/stacks/security.md -->
<script type="module" src="../js/capability-stack.js"></script>
<capability-stack
src="../data/security-stack.json"
interactive
show-legend>
</capability-stack>
Copy the built dist/capability-stack.js to your MkDocs docs/js/ directory.
Go Library Usage
Loading and validating documents
package main
import (
"fmt"
"log"
capstack "github.com/grokify/prism-capability"
)
func main() {
// Load from file
doc, err := capstack.LoadFromFile("capability-stack.json")
if err != nil {
log.Fatal(err)
}
// Validate
errs := doc.Validate()
if errs.HasErrors() {
for _, e := range errs {
fmt.Printf("Error: %s\n", e.Error())
}
return
}
fmt.Printf("Loaded %d capabilities\n", len(doc.AllCapabilities()))
}
Querying capabilities
// Get capability by ID
cap := doc.GetCapabilityByID("sast")
if cap != nil {
fmt.Printf("Found: %s (%s)\n", cap.Name, cap.Status)
}
// Filter by status
implemented := doc.CapabilitiesByStatus(capstack.StatusImplemented)
fmt.Printf("Implemented: %d\n", len(implemented))
// Filter by layer
buildCaps := doc.CapabilitiesByLayer("build-test")
// Filter by tag
shiftLeft := doc.CapabilitiesByTag("shift-left")
// Get all capabilities including foundational
all := doc.AllCapabilities()
Creating documents programmatically
doc := &capstack.CapabilityStack{
Metadata: capstack.Metadata{
Name: "my-stack",
Version: "1.0.0",
Domain: capstack.DomainOperations,
},
Layers: []capstack.Layer{
{ID: "observe", Name: "Observe", Phase: capstack.PhaseMonitor},
},
Capabilities: []capstack.Capability{
{
ID: "metrics",
Name: "Metrics Collection",
LayerID: "observe",
Status: capstack.StatusOperational,
Tooling: []capstack.Tool{
{Name: "Prometheus", Type: capstack.ToolTypeOpenSource, Status: capstack.ToolStatusDeployed},
},
},
},
}
// Save to file
if err := doc.SaveToFile("my-stack.json"); err != nil {
log.Fatal(err)
}
Accessing the JSON Schema
import "github.com/grokify/prism-capability/schema"
// Get schema as bytes
schemaBytes := schema.CapabilityStackSchema()
// Get schema as string
schemaStr := schema.CapabilityStackSchemaString()
// Get schema as map
schemaMap, err := schema.CapabilityStackSchemaMap()
Key Concepts
Layers
Horizontal bands representing phases, domains, or stages. Layers are ordered from top to bottom.
{
"id": "shift-left-testing",
"name": "Shift-Left Security Testing",
"description": "Application security testing in the SDLC",
"order": 5,
"phase": "test",
"nistCsfFunction": "detect"
}
Capabilities
Individual boxes within layers representing specific capabilities. Each capability has a lifecycle status.
{
"id": "sast",
"name": "SAST",
"fullName": "Static Application Security Testing",
"layerId": "shift-left-testing",
"categoryId": "appsec",
"status": "implemented",
"owner": "AppSec Team",
"prismRef": {
"domainId": "security",
"sliIds": ["sli-sast-coverage", "sli-sast-findings"]
}
}
Capability Lifecycle
Capabilities progress through lifecycle stages:
| Status | Description | In prism-intelligence? |
|---|---|---|
planned |
On roadmap, not yet started | No - tracked in prism-execution |
in-progress |
Currently being implemented | No - tracked in prism-execution |
implemented |
Exists but may need maturity improvement | Yes - has M1 baseline |
operational |
Running in production, actively maintained | Yes - has M2+ level |
deprecated |
Being phased out | Yes - may have declining level |
Greenfield vs Brownfield
Greenfield (new system):
- Most capabilities start as
planned targetDateindicates when capability should be implemented- No prism-intelligence entries until capability reaches
implemented - Focus on building foundational capabilities first
Brownfield (existing system):
- Most capabilities are
implementedoroperational - prism-intelligence tracks current maturity levels
- prism-execution tracks initiatives to improve maturity
- Focus on maturing existing capabilities
PRISM Integration
Reference Structure
Each capability can reference PRISM for maturity tracking:
{
"id": "sast",
"prismRef": {
"domainId": "security",
"sliIds": ["sli-sast-coverage", "sli-sast-findings"],
"levelCriteria": {
"M1": "No SAST",
"M2": "SAST on critical repos, manual runs",
"M3": "SAST in CI for all repos, blocking on high severity",
"M4": "Custom rules, <24h remediation SLA for critical",
"M5": "ML-enhanced detection, <4h remediation for critical"
}
}
}
Document Relationships
| Project | Contains | Example |
|---|---|---|
| prism-capability | Capability definitions, lifecycle status | capability/security-saas.json |
| prism-intelligence | Maturity models, SLIs/SLOs, current state | intelligence/security-model.json |
| prism-execution | OKRs, roadmaps, improvement initiatives | execution/security-plan.json |
Workflow
- Define capabilities in prism-capability
- Define SLIs in prism-intelligence maturity model (one or more per capability)
- Set thresholds per maturity level (M1-M5) in prism-intelligence
- Track state in prism-intelligence as capabilities become operational
- Plan improvements in prism-execution with initiatives per capability
Categories
Categories provide visual grouping within layers:
{
"categories": [
{ "id": "appsec", "name": "AppSec", "color": "#10b981" },
{ "id": "supply-chain", "name": "Supply Chain", "color": "#f59e0b" }
]
}
Dependencies
Capabilities can declare dependencies:
{
"id": "dast",
"dependencies": ["sast"],
"enables": ["pentest-automation"]
}
Framework Mappings
Map capabilities to compliance frameworks:
{
"id": "sbom",
"frameworkMappings": [
{ "framework": "slsa", "controls": ["L1", "L2"] },
{ "framework": "nist-csf-2.0", "controls": ["ID.SC-4"] }
]
}
Supported frameworks:
nist-csf-2.0- NIST Cybersecurity Framework 2.0nist-800-53- NIST SP 800-53iso-27001- ISO/IEC 27001soc2- SOC 2 Type IIpci-dss- PCI DSScis- CIS Controlsmitre-attack- MITRE ATT&CKowasp- OWASP Top 10 / ASVSslsa- SLSA (Supply-chain Levels for Software Artifacts)ssdf- NIST SSDF (Secure Software Development Framework)
Validation
The Go library validates:
- Required fields - id, name, layerId for capabilities
- Kebab-case IDs - All IDs must be kebab-case format
- Enum values - Status, priority, domain, phase, etc.
- Reference integrity - layerId, categoryId, dependencies reference valid IDs
- Unique IDs - No duplicate layer, category, or capability IDs
- Dependency cycles - Circular dependencies are detected
Example validation errors:
capabilities[5].layerId: references non-existent layer ID (value: "invalid-layer")
capabilities[3].status: invalid status "active", must be one of: planned, in-progress, implemented, operational, deprecated
dependencies: circular dependency detected (value: "cap-a -> cap-b -> cap-c -> cap-a")
Examples
- operations-saas-greenfield.json - SRE/Operations reference architecture with SLO framework, observability, incident management
- security-saas-greenfield.json - B2B SaaS security stack with AppSec, supply chain, and runtime security
Schema
See schema/capability-stack.schema.json for the full JSON Schema.
Related Projects
| Project | Purpose |
|---|---|
| prism-intelligence | Maturity models, SLIs/SLOs, state tracking |
| prism-execution | OKRs, roadmaps, improvement initiatives |
License
MIT
Documentation
¶
Index ¶
- Constants
- func AllCapabilityStatuses() []string
- func AllDomains() []string
- func AllFrameworks() []string
- func AllNistCsfFunctions() []string
- func AllPhases() []string
- func AllPriorities() []string
- func AllToolStatuses() []string
- func AllToolTypes() []string
- func ValidateCapabilityStatus(status string) error
- func ValidateDomain(domain string) error
- func ValidateFramework(framework string) error
- func ValidateKebabCase(s string) bool
- func ValidateNistCsfFunction(fn string) error
- func ValidatePhase(phase string) error
- func ValidatePriority(priority string) error
- func ValidateToolStatus(status string) error
- func ValidateToolType(toolType string) error
- type Capability
- type CapabilityStack
- func (cs *CapabilityStack) AllCapabilities() []Capability
- func (cs *CapabilityStack) CapabilitiesByCategory(categoryID string) []Capability
- func (cs *CapabilityStack) CapabilitiesByLayer(layerID string) []Capability
- func (cs *CapabilityStack) CapabilitiesByStatus(status string) []Capability
- func (cs *CapabilityStack) CapabilitiesByTag(tag string) []Capability
- func (cs *CapabilityStack) CapabilityIDs() []string
- func (cs *CapabilityStack) CategoryIDs() []string
- func (cs *CapabilityStack) GetCapabilityByID(id string) *Capability
- func (cs *CapabilityStack) GetCategoryByID(id string) *Category
- func (cs *CapabilityStack) GetLayerByID(id string) *Layer
- func (cs *CapabilityStack) LayerIDs() []string
- func (cs *CapabilityStack) SaveToFile(path string) error
- func (cs *CapabilityStack) Validate() ValidationErrors
- type Category
- type FrameworkMapping
- type Layer
- type LevelCriteria
- type Metadata
- type PRISMIntegration
- type PRISMRef
- type Tool
- type ValidationError
- type ValidationErrors
Constants ¶
View Source
const ( StatusPlanned = "planned" StatusInProgress = "in-progress" StatusImplemented = "implemented" StatusOperational = "operational" StatusDeprecated = "deprecated" )
CapabilityStatus constants represent the lifecycle status of a capability.
View Source
const ( PriorityCritical = "critical" PriorityHigh = "high" PriorityMedium = "medium" PriorityLow = "low" )
Priority constants represent implementation priority levels.
View Source
const ( DomainSecurity = "security" DomainAI = "ai" DomainPlatform = "platform" DomainData = "data" DomainObservability = "observability" DomainInfrastructure = "infrastructure" DomainProduct = "product" DomainOperations = "operations" )
Domain constants represent primary capability stack domains.
View Source
const ( PhasePlan = "plan" PhaseDesign = "design" PhaseBuild = "build" PhaseTest = "test" PhaseRelease = "release" PhaseDeploy = "deploy" PhaseOperate = "operate" PhaseMonitor = "monitor" PhaseRespond = "respond" PhaseRecover = "recover" )
Phase constants represent SDLC or lifecycle phases.
View Source
const ( NistCsfGovern = "govern" NistCsfIdentify = "identify" NistCsfProtect = "protect" NistCsfDetect = "detect" NistCsfRespond = "respond" NistCsfRecover = "recover" )
NistCsfFunction constants represent NIST CSF 2.0 functions.
View Source
const ( ToolTypeCommercial = "commercial" ToolTypeOpenSource = "open-source" ToolTypeInternal = "internal" ToolTypeManagedService = "managed-service" )
ToolType constants represent tool/product types.
View Source
const ( ToolStatusEvaluating = "evaluating" ToolStatusPiloting = "piloting" ToolStatusDeployed = "deployed" ToolStatusDeprecated = "deprecated" )
ToolStatus constants represent tool deployment status.
View Source
const ( FrameworkNISTCSF2 = "nist-csf-2.0" FrameworkNIST80053 = "nist-800-53" FrameworkISO27001 = "iso-27001" FrameworkSOC2 = "soc2" FrameworkPCIDSS = "pci-dss" FrameworkCIS = "cis" FrameworkMITREATTACK = "mitre-attack" FrameworkOWASP = "owasp" FrameworkSLSA = "slsa" FrameworkSSDF = "ssdf" )
Framework constants represent compliance/security frameworks.
Variables ¶
This section is empty.
Functions ¶
func AllCapabilityStatuses ¶
func AllCapabilityStatuses() []string
AllCapabilityStatuses returns all valid capability status values.
func AllFrameworks ¶
func AllFrameworks() []string
AllFrameworks returns all valid framework values.
func AllNistCsfFunctions ¶
func AllNistCsfFunctions() []string
AllNistCsfFunctions returns all valid NIST CSF function values.
func AllToolStatuses ¶
func AllToolStatuses() []string
AllToolStatuses returns all valid tool status values.
func ValidateCapabilityStatus ¶
ValidateCapabilityStatus validates a capability status value.
func ValidateDomain ¶
ValidateDomain validates a domain value.
func ValidateFramework ¶
ValidateFramework validates a framework value.
func ValidateKebabCase ¶
ValidateKebabCase validates that a string is in kebab-case format.
func ValidateNistCsfFunction ¶
ValidateNistCsfFunction validates a NIST CSF function value.
func ValidatePriority ¶
ValidatePriority validates a priority value.
func ValidateToolStatus ¶
ValidateToolStatus validates a tool status value.
func ValidateToolType ¶
ValidateToolType validates a tool type value.
Types ¶
type Capability ¶
type Capability struct {
// ID is the unique identifier for the capability (kebab-case).
ID string `json:"id"`
// Name is the short display name (for diagram boxes).
Name string `json:"name"`
// FullName is the expanded name (e.g., "Static Application Security Testing" for "SAST").
FullName string `json:"fullName,omitempty"`
// Description explains what this capability provides.
Description string `json:"description,omitempty"`
// LayerID references the layer this capability belongs to.
LayerID string `json:"layerId"`
// CategoryID references the category for visual grouping.
CategoryID string `json:"categoryId,omitempty"`
// Status is the lifecycle status (planned, in-progress, implemented, operational, deprecated).
Status string `json:"status,omitempty"`
// Priority is the implementation priority (critical, high, medium, low).
Priority string `json:"priority,omitempty"`
// TargetDate is when planned capabilities should be implemented (YYYY-MM-DD).
TargetDate string `json:"targetDate,omitempty"`
// ImplementedAt is when the capability was implemented (YYYY-MM-DD).
ImplementedAt string `json:"implementedAt,omitempty"`
// Owner is the team or person responsible for this capability.
Owner string `json:"owner,omitempty"`
// Tooling lists tools/products implementing this capability.
Tooling []Tool `json:"tooling,omitempty"`
// Dependencies lists capability IDs this capability depends on.
Dependencies []string `json:"dependencies,omitempty"`
// Enables lists capability IDs that this capability enables.
Enables []string `json:"enables,omitempty"`
// Tags are for filtering and classification (kebab-case).
Tags []string `json:"tags,omitempty"`
// FrameworkMappings maps to compliance/security framework controls.
FrameworkMappings []FrameworkMapping `json:"frameworkMappings,omitempty"`
// PRISMRef links to PRISM maturity model for this capability.
PRISMRef *PRISMRef `json:"prismRef,omitempty"`
}
Capability represents a single capability in the stack.
func (*Capability) Validate ¶
func (cap *Capability) Validate() ValidationErrors
Validate validates a Capability and returns validation errors.
type CapabilityStack ¶
type CapabilityStack struct {
// Schema is the JSON Schema reference.
Schema string `json:"$schema,omitempty"`
// Metadata contains document-level information.
Metadata Metadata `json:"metadata"`
// Layers are ordered list of layers (rows) in the capability stack.
Layers []Layer `json:"layers"`
// Categories define groupings for capabilities within layers.
Categories []Category `json:"categories,omitempty"`
// Capabilities are all capabilities in the stack.
Capabilities []Capability `json:"capabilities"`
// Foundational are cross-cutting capabilities that span multiple layers.
Foundational []Capability `json:"foundational,omitempty"`
// PRISMIntegration configures global PRISM integration.
PRISMIntegration *PRISMIntegration `json:"prismIntegration,omitempty"`
}
CapabilityStack is the root document for a capability stack specification.
func LoadFromFile ¶
func LoadFromFile(path string) (*CapabilityStack, error)
LoadFromFile reads a CapabilityStack from a JSON file.
func (*CapabilityStack) AllCapabilities ¶
func (cs *CapabilityStack) AllCapabilities() []Capability
AllCapabilities returns all capabilities including foundational ones.
func (*CapabilityStack) CapabilitiesByCategory ¶
func (cs *CapabilityStack) CapabilitiesByCategory(categoryID string) []Capability
CapabilitiesByCategory returns capabilities belonging to a specific category.
func (*CapabilityStack) CapabilitiesByLayer ¶
func (cs *CapabilityStack) CapabilitiesByLayer(layerID string) []Capability
CapabilitiesByLayer returns capabilities belonging to a specific layer.
func (*CapabilityStack) CapabilitiesByStatus ¶
func (cs *CapabilityStack) CapabilitiesByStatus(status string) []Capability
CapabilitiesByStatus returns capabilities with a specific status.
func (*CapabilityStack) CapabilitiesByTag ¶
func (cs *CapabilityStack) CapabilitiesByTag(tag string) []Capability
CapabilitiesByTag returns capabilities with a specific tag.
func (*CapabilityStack) CapabilityIDs ¶
func (cs *CapabilityStack) CapabilityIDs() []string
CapabilityIDs returns all capability IDs including foundational.
func (*CapabilityStack) CategoryIDs ¶
func (cs *CapabilityStack) CategoryIDs() []string
CategoryIDs returns all category IDs.
func (*CapabilityStack) GetCapabilityByID ¶
func (cs *CapabilityStack) GetCapabilityByID(id string) *Capability
GetCapabilityByID returns a capability by its ID, or nil if not found. Searches both capabilities and foundational lists.
func (*CapabilityStack) GetCategoryByID ¶
func (cs *CapabilityStack) GetCategoryByID(id string) *Category
GetCategoryByID returns a category by its ID, or nil if not found.
func (*CapabilityStack) GetLayerByID ¶
func (cs *CapabilityStack) GetLayerByID(id string) *Layer
GetLayerByID returns a layer by its ID, or nil if not found.
func (*CapabilityStack) LayerIDs ¶
func (cs *CapabilityStack) LayerIDs() []string
LayerIDs returns all layer IDs in order.
func (*CapabilityStack) SaveToFile ¶
func (cs *CapabilityStack) SaveToFile(path string) error
SaveToFile writes the CapabilityStack to a JSON file.
func (*CapabilityStack) Validate ¶
func (cs *CapabilityStack) Validate() ValidationErrors
Validate validates the entire CapabilityStack document.
type Category ¶
type Category struct {
// ID is the unique identifier for the category (kebab-case).
ID string `json:"id"`
// Name is the display name for the category.
Name string `json:"name"`
// Description explains what this category represents.
Description string `json:"description,omitempty"`
// Color is used for visual grouping (hex or named color).
Color string `json:"color,omitempty"`
}
Category groups capabilities within layers for visual organization.
func (*Category) Validate ¶
func (c *Category) Validate() ValidationErrors
Validate validates a Category and returns validation errors.
type FrameworkMapping ¶
type FrameworkMapping struct {
// Framework is the framework name (nist-csf-2.0, iso-27001, etc.).
Framework string `json:"framework"`
// Controls lists the control IDs from the framework.
Controls []string `json:"controls"`
}
FrameworkMapping maps a capability to compliance/security framework controls.
func (*FrameworkMapping) Validate ¶
func (fm *FrameworkMapping) Validate() ValidationErrors
Validate validates a FrameworkMapping and returns validation errors.
type Layer ¶
type Layer struct {
// ID is the unique identifier for the layer (kebab-case).
ID string `json:"id"`
// Name is the display name for the layer.
Name string `json:"name"`
// Description explains the purpose/objective of this layer.
Description string `json:"description,omitempty"`
// Order is the sort order (1 = top layer).
Order int `json:"order,omitempty"`
// Phase is the SDLC or lifecycle phase this layer represents.
Phase string `json:"phase,omitempty"`
// NistCsfFunction maps the layer to a NIST CSF 2.0 function.
NistCsfFunction string `json:"nistCsfFunction,omitempty"`
}
Layer represents a row in the capability stack, typically mapping to a lifecycle phase or organizational boundary.
func (*Layer) Validate ¶
func (l *Layer) Validate() ValidationErrors
Validate validates a Layer and returns validation errors.
type LevelCriteria ¶
type LevelCriteria struct {
M1 string `json:"M1,omitempty"`
M2 string `json:"M2,omitempty"`
M3 string `json:"M3,omitempty"`
M4 string `json:"M4,omitempty"`
M5 string `json:"M5,omitempty"`
}
LevelCriteria defines maturity level descriptions (M1-M5).
type Metadata ¶
type Metadata struct {
// Name is the identifier for the capability stack (kebab-case).
Name string `json:"name"`
// Version is the semantic version of this specification.
Version string `json:"version"`
// Title is the display title for rendered output.
Title string `json:"title,omitempty"`
// Description provides context about the capability stack.
Description string `json:"description,omitempty"`
// Domain is the primary domain (security, ai, platform, etc.).
Domain string `json:"domain,omitempty"`
// CreatedAt is the creation date (YYYY-MM-DD format).
CreatedAt string `json:"createdAt,omitempty"`
// UpdatedAt is the last update date (YYYY-MM-DD format).
UpdatedAt string `json:"updatedAt,omitempty"`
// Authors lists the people/teams who created this stack.
Authors []string `json:"authors,omitempty"`
}
Metadata contains document-level information about the capability stack.
func (*Metadata) Validate ¶
func (m *Metadata) Validate() ValidationErrors
Validate validates a Metadata and returns validation errors.
type PRISMIntegration ¶
type PRISMIntegration struct {
// ModelRef is the path or URL to the PRISM maturity model document.
ModelRef string `json:"modelRef,omitempty"`
// StateRef is the path or URL to the PRISM maturity state document.
StateRef string `json:"stateRef,omitempty"`
// PlanRef is the path or URL to the PRISM maturity plan document.
PlanRef string `json:"planRef,omitempty"`
// DefaultDomain is the default PRISM domain for capabilities without explicit domainId.
DefaultDomain string `json:"defaultDomain,omitempty"`
}
PRISMIntegration configures global PRISM integration settings.
type PRISMRef ¶
type PRISMRef struct {
// DomainID is the PRISM domain ID (e.g., "security", "operations").
DomainID string `json:"domainId,omitempty"`
// SLIIDs lists PRISM SLI IDs that measure this capability's maturity.
SLIIDs []string `json:"sliIds,omitempty"`
// LevelCriteria describes what each maturity level means for this capability.
LevelCriteria *LevelCriteria `json:"levelCriteria,omitempty"`
}
PRISMRef references a PRISM maturity model for a capability.
type Tool ¶
type Tool struct {
// Name is the tool or product name.
Name string `json:"name"`
// Vendor is the vendor name (for commercial tools).
Vendor string `json:"vendor,omitempty"`
// Type classifies the tool (commercial, open-source, internal, managed-service).
Type string `json:"type,omitempty"`
// URL is the tool's website or documentation link.
URL string `json:"url,omitempty"`
// Status is the deployment status (evaluating, piloting, deployed, deprecated).
Status string `json:"status,omitempty"`
}
Tool represents a tool or product that implements a capability.
func (*Tool) Validate ¶
func (t *Tool) Validate() ValidationErrors
Validate validates a Tool and returns validation errors.
type ValidationError ¶
ValidationError represents a validation error with context.
func (*ValidationError) Error ¶
func (e *ValidationError) Error() string
type ValidationErrors ¶
type ValidationErrors []ValidationError
ValidationErrors is a collection of validation errors.
func (ValidationErrors) Error ¶
func (ve ValidationErrors) Error() string
func (ValidationErrors) HasErrors ¶
func (ve ValidationErrors) HasErrors() bool
HasErrors returns true if there are any validation errors.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.