README
¶
PRISM Capability
Part of the PRISM ecosystem. Defines capability stacks with layers, capabilities, and maturity integration.
Overview
PRISM Capability defines what capabilities exist in an organization's technology landscape. It integrates with prism-intelligence to track maturity levels and prism-execution for improvement roadmaps.
┌─────────────────────────────────────────────────────────────────────┐
│ prism-capability │
│ "These are the capabilities we need" │
│ Layers, capabilities, categories, relationships │
└─────────────────────────────────────────────────────────────────────┘
│
│ references
▼
┌─────────────────────────────────────────────────────────────────────┐
│ prism-intelligence │
│ Maturity models, SLIs/SLOs, state tracking │
│ "What does M4 look like?" + "Capability X is at M2" │
└─────────────────────────────────────────────────────────────────────┘
│
│ references
▼
┌─────────────────────────────────────────────────────────────────────┐
│ prism-execution │
│ OKRs, roadmaps, improvement initiatives │
│ "Move SAST from M2→M4 by Q3 via these initiatives" │
└─────────────────────────────────────────────────────────────────────┘
Installation
CLI
go install github.com/grokify/prism-capability/cmd/capstack@latest
Library
go get github.com/grokify/prism-capability
CLI Usage
Validate a document
capstack validate examples/operations-saas-greenfield.json
Output:
Valid: examples/operations-saas-greenfield.json
Name: b2b-saas-operations
Version: 0.1.0
Domain: operations
Layers: 7
Categories: 6
Capabilities: 26
Foundational: 3
List capabilities
# List all capabilities
capstack list examples/operations-saas-greenfield.json
# Filter by status
capstack list examples/operations-saas-greenfield.json --status=implemented
# Filter by layer
capstack list examples/operations-saas-greenfield.json --layer=observe
# Filter by tag
capstack list examples/security-saas-greenfield.json --tag=shift-left
Show capability details
capstack show examples/operations-saas-greenfield.json slo-framework
Output:
ID: slo-framework
Name: SLO Framework
Full Name: Service Level Objectives Framework
Layer: Strategy & Governance (strategy-governance)
Category: Reliability (reliability)
Status: operational
Owner: SRE Team
Implemented At: 2025-03-01
Tooling:
- Nobl9 (Nobl9) [commercial] - deployed
PRISM Integration:
Domain: operations
SLIs: sli-slo-coverage, sli-slo-attainment
Maturity Criteria:
M1: No SLOs defined
M2: SLOs for critical services, manual tracking
M3: SLOs for all services, automated dashboards
M4: Error budgets drive release decisions
M5: Predictive SLO management, auto-scaling based on burn rate
Create a new capability stack
# Create with defaults
capstack init -o my-stack.json
# Specify domain
capstack init -d security -o security-stack.json
# Specify name and domain
capstack init -n platform-capabilities -d platform -o platform.json
Render to diagram
Generate D2 diagrams or HTML from capability stacks:
# Generate D2 file
capstack render stack.json -o stack.d2
# Executive grid view (clean, no dependency arrows)
capstack render stack.json --style=grid -o exec-view.d2
# Pipe to D2 CLI for SVG output
capstack render stack.json | d2 - stack.svg
capstack render stack.json --style=grid | d2 - exec.svg
# Generate static HTML (embeddable fragment)
capstack render stack.json -f html
# Generate standalone HTML document
capstack render stack.json -f html --standalone -o stack.html
# Generate dark theme HTML
capstack render stack.json -f html --standalone --dark -o dark.html
# Generate interactive Lit web component HTML
capstack render stack.json -f lit -o stack-lit.html
# Lit with dark theme and category view
capstack render stack.json -f lit --dark --view=by-category -o stack-lit.html
# JSON data for custom Lit integration
capstack render stack.json -f json -o stack-data.json
Output Formats:
| Format | Description |
|---|---|
d2 |
D2 diagram language (default) |
html |
Static HTML - embeddable fragment or standalone document |
lit |
Interactive HTML with Lit web component |
json |
JSON data for custom Lit component integration |
Render Styles (D2 only):
| Style | Description |
|---|---|
default |
Standard view with dependency arrows between capabilities |
grid |
Clean grid layout for executives - no arrows, aligned boxes, shadows |
Options:
| Flag | Description |
|---|---|
-o, --output |
Output file (default: stdout) |
-s, --style |
Render style: default or grid (D2 only) |
-f, --format |
Output format: d2, html, lit, or json |
-t, --title |
Override diagram title |
--no-deps |
Hide dependency arrows (D2 only) |
--no-foundational |
Hide foundational capabilities |
--no-legend |
Hide status legend |
--color-by |
Color scheme: status (default) or category (D2 only) |
--standalone |
Generate complete HTML document (HTML only) |
--dark |
Use dark theme (HTML/lit only) |
--view |
View mode: by-layer or by-category (lit/json only) |
--component-path |
Path to prism-ui.js component (lit only) |
Status Colors:
| Status | Color |
|---|---|
| operational | Green |
| implemented | Blue |
| in-progress | Amber |
| planned | Gray |
| deprecated | Red |
Installing D2:
To render D2 to images, install the D2 CLI:
# macOS
brew install d2
# Render to SVG
d2 stack.d2 stack.svg
# Render to PNG
d2 stack.d2 stack.png
Web Component
A Lit-based web component is available for embedding capability stacks in websites and MkDocs documentation.
Installation
cd web
npm install
npm run build
Usage
<script type="module" src="capability-stack.js"></script>
<!-- Load from JSON file -->
<capability-stack
src="stack.json"
show-legend
show-foundational
interactive>
</capability-stack>
<!-- Dark theme -->
<capability-stack
src="stack.json"
theme="dark"
show-legend>
</capability-stack>
Attributes
| Attribute | Type | Description |
|---|---|---|
src |
string | URL to capability stack JSON file |
data |
object | Inline JSON data (alternative to src) |
theme |
light | dark |
Color theme (default: light) |
show-legend |
boolean | Show status color legend |
show-foundational |
boolean | Show foundational capabilities |
interactive |
boolean | Enable hover tooltips |
filter-status |
string | Filter by capability status |
MkDocs Integration
The web component works with MkDocs and Material for MkDocs (unlike React components):
<!-- docs/stacks/security.md -->
<script type="module" src="../js/capability-stack.js"></script>
<capability-stack
src="../data/security-stack.json"
interactive
show-legend>
</capability-stack>
Copy the built dist/capability-stack.js to your MkDocs docs/js/ directory.
Go Library Usage
Loading and validating documents
package main
import (
"fmt"
"log"
capstack "github.com/grokify/prism-capability"
)
func main() {
// Load from file
doc, err := capstack.LoadFromFile("capability-stack.json")
if err != nil {
log.Fatal(err)
}
// Validate
errs := doc.Validate()
if errs.HasErrors() {
for _, e := range errs {
fmt.Printf("Error: %s\n", e.Error())
}
return
}
fmt.Printf("Loaded %d capabilities\n", len(doc.AllCapabilities()))
}
Querying capabilities
// Get capability by ID
cap := doc.GetCapabilityByID("sast")
if cap != nil {
fmt.Printf("Found: %s (%s)\n", cap.Name, cap.Status)
}
// Filter by status
implemented := doc.CapabilitiesByStatus(capstack.StatusImplemented)
fmt.Printf("Implemented: %d\n", len(implemented))
// Filter by layer
buildCaps := doc.CapabilitiesByLayer("build-test")
// Filter by tag
shiftLeft := doc.CapabilitiesByTag("shift-left")
// Get all capabilities including foundational
all := doc.AllCapabilities()
Creating documents programmatically
doc := &capstack.CapabilityStack{
Metadata: capstack.Metadata{
Name: "my-stack",
Version: "1.0.0",
Domain: capstack.DomainOperations,
},
Layers: []capstack.Layer{
{ID: "observe", Name: "Observe", Phase: capstack.PhaseMonitor},
},
Capabilities: []capstack.Capability{
{
ID: "metrics",
Name: "Metrics Collection",
LayerID: "observe",
Status: capstack.StatusOperational,
Tooling: []capstack.Tool{
{Name: "Prometheus", Type: capstack.ToolTypeOpenSource, Status: capstack.ToolStatusDeployed},
},
},
},
}
// Save to file
if err := doc.SaveToFile("my-stack.json"); err != nil {
log.Fatal(err)
}
Accessing the JSON Schema
import "github.com/grokify/prism-capability/schema"
// Get schema as bytes
schemaBytes := schema.CapabilityStackSchema()
// Get schema as string
schemaStr := schema.CapabilityStackSchemaString()
// Get schema as map
schemaMap, err := schema.CapabilityStackSchemaMap()
Key Concepts
Layers
Horizontal bands representing phases, domains, or stages. Layers are ordered from top to bottom.
{
"id": "shift-left-testing",
"name": "Shift-Left Security Testing",
"description": "Application security testing in the SDLC",
"order": 5,
"phase": "test",
"nistCsfFunction": "detect"
}
Capabilities
Individual boxes within layers representing specific capabilities. Each capability has a lifecycle status.
{
"id": "sast",
"name": "SAST",
"fullName": "Static Application Security Testing",
"layerId": "shift-left-testing",
"categoryId": "appsec",
"status": "implemented",
"importance": "critical",
"order": 1,
"owner": "AppSec Team",
"prismRef": {
"domainId": "security",
"sliIds": ["sli-sast-coverage", "sli-sast-findings"]
}
}
Importance
Static importance weights for capabilities, layers, and categories. Used with maturity state to calculate dynamic priority (P0-P3).
| Level | Weight | Description |
|---|---|---|
critical |
4 | Critical "-ilities" (security, availability) |
high |
3 | High importance capabilities |
medium |
2 | Standard importance (default) |
low |
1 | Nice-to-have capabilities |
Ordering
Capabilities can have an explicit order field for sorting:
{
"capabilities": [
{"id": "slo-framework", "name": "SLO Framework", "order": 1, ...},
{"id": "alerting", "name": "Alerting", "order": 2, ...},
{"id": "dashboards", "name": "Dashboards", "order": 3, ...}
]
}
Validation rules:
- If any capability has a non-zero Order, all Order values must be unique
- Capabilities with Order=0 are sorted after those with explicit ordering
- When no explicit ordering is set, capabilities sort alphabetically by name
Sorting
Sort capabilities programmatically:
// Sort methods available
capstack.SortByOrder // By explicit Order field (default)
capstack.SortByName // Alphabetically by Name
capstack.SortByImportance // By Importance weight (critical first)
capstack.SortByPriority // By Priority (critical first)
capstack.SortByStatus // By Status (operational first)
// Sort in place
cs.SortCapabilities(capstack.SortByImportance)
// Get sorted copy
sorted := cs.SortedCapabilities(capstack.SortByOrder)
Dynamic Priority (P0-P3)
Dynamic priority is calculated from importance and maturity gap:
Priority Score = Importance Weight × (Target Level - Current Level)
| Score | Priority | Description |
|---|---|---|
| ≥8 | P0 | Immediate action required |
| ≥4 | P1 | High priority improvement |
| ≥2 | P2 | Scheduled improvement |
| <2 | P3 | Low priority enhancement |
// Calculate dynamic priority
priority := capstack.CalculatePriority("critical", 1, 3) // Returns "P0" (4 × 2 = 8)
priority := capstack.CalculatePriority("medium", 2, 3) // Returns "P2" (2 × 1 = 2)
// Get priority weight for sorting
weight := capstack.DynamicPriorityWeight("P0") // Returns 4
### Capability Lifecycle
Capabilities progress through lifecycle stages:
| Status | Description | In prism-intelligence? |
|--------|-------------|------------------------|
| `planned` | On roadmap, not yet started | No - tracked in prism-execution |
| `in-progress` | Currently being implemented | No - tracked in prism-execution |
| `implemented` | Exists but may need maturity improvement | Yes - has M1 baseline |
| `operational` | Running in production, actively maintained | Yes - has M2+ level |
| `deprecated` | Being phased out | Yes - may have declining level |
### Greenfield vs Brownfield
**Greenfield (new system):**
- Most capabilities start as `planned`
- `targetDate` indicates when capability should be implemented
- No prism-intelligence entries until capability reaches `implemented`
- Focus on building foundational capabilities first
**Brownfield (existing system):**
- Most capabilities are `implemented` or `operational`
- prism-intelligence tracks current maturity levels
- prism-execution tracks initiatives to improve maturity
- Focus on maturing existing capabilities
## PRISM Integration
### Reference Structure
Each capability can reference PRISM for maturity tracking:
```json
{
"id": "sast",
"prismRef": {
"domainId": "security",
"sliIds": ["sli-sast-coverage", "sli-sast-findings"],
"levelCriteria": {
"M1": "No SAST",
"M2": "SAST on critical repos, manual runs",
"M3": "SAST in CI for all repos, blocking on high severity",
"M4": "Custom rules, <24h remediation SLA for critical",
"M5": "ML-enhanced detection, <4h remediation for critical"
}
}
}
Document Relationships
| Project | Contains | Example |
|---|---|---|
| prism-capability | Capability definitions, lifecycle status | capability/security-saas.json |
| prism-intelligence | Maturity models, SLIs/SLOs, current state | intelligence/security-model.json |
| prism-execution | OKRs, roadmaps, improvement initiatives | execution/security-plan.json |
Workflow
- Define capabilities in prism-capability
- Define SLIs in prism-intelligence maturity model (one or more per capability)
- Set thresholds per maturity level (M1-M5) in prism-intelligence
- Track state in prism-intelligence as capabilities become operational
- Plan improvements in prism-execution with initiatives per capability
Categories
Categories provide visual grouping within layers:
{
"categories": [
{ "id": "appsec", "name": "AppSec", "color": "#10b981" },
{ "id": "supply-chain", "name": "Supply Chain", "color": "#f59e0b" }
]
}
Dependencies
Capabilities can declare dependencies:
{
"id": "dast",
"dependencies": ["sast"],
"enables": ["pentest-automation"]
}
Framework Mappings
Map capabilities to compliance frameworks:
{
"id": "sbom",
"frameworkMappings": [
{ "framework": "slsa", "controls": ["L1", "L2"] },
{ "framework": "nist-csf-2.0", "controls": ["ID.SC-4"] }
]
}
Supported frameworks:
nist-csf-2.0- NIST Cybersecurity Framework 2.0nist-800-53- NIST SP 800-53iso-27001- ISO/IEC 27001soc2- SOC 2 Type IIpci-dss- PCI DSScis- CIS Controlsmitre-attack- MITRE ATT&CKowasp- OWASP Top 10 / ASVSslsa- SLSA (Supply-chain Levels for Software Artifacts)ssdf- NIST SSDF (Secure Software Development Framework)
Validation
The Go library validates:
- Required fields - id, name, layerId for capabilities
- Kebab-case IDs - All IDs must be kebab-case format
- Enum values - Status, priority, importance, domain, phase, etc.
- Reference integrity - layerId, categoryId, dependencies reference valid IDs
- Unique IDs - No duplicate layer, category, or capability IDs
- Dependency cycles - Circular dependencies are detected
- Order uniqueness - If any capability has non-zero Order, all Order values must be unique
Example validation errors:
capabilities[5].layerId: references non-existent layer ID (value: "invalid-layer")
capabilities[3].status: invalid status "active", must be one of: planned, in-progress, implemented, operational, deprecated
dependencies: circular dependency detected (value: "cap-a -> cap-b -> cap-c -> cap-a")
Examples
- operations-saas-greenfield.json - SRE/Operations reference architecture with SLO framework, observability, incident management
- security-saas-greenfield.json - B2B SaaS security stack with AppSec, supply chain, and runtime security
Schema
See schema/capability-stack.schema.json for the full JSON Schema.
Related Projects
| Project | Purpose |
|---|---|
| prism-intelligence | Maturity models, SLIs/SLOs, state tracking |
| prism-execution | OKRs, roadmaps, improvement initiatives |
License
MIT
Documentation
¶
Index ¶
- Constants
- func AllCapabilityStatuses() []string
- func AllDomains() []string
- func AllFrameworks() []string
- func AllImportanceLevels() []string
- func AllNistCsfFunctions() []string
- func AllPhases() []string
- func AllPriorities() []string
- func AllPriorityLevels() []string
- func AllToolStatuses() []string
- func AllToolTypes() []string
- func CalculatePriority(importance string, currentLevel, targetLevel int) string
- func DomainDisplayName(domain string) string
- func DynamicPriorityWeight(priority string) int
- func GeneralFramework() *pf.Framework
- func GetFramework(id string) *pf.Framework
- func IETFFramework() *pf.Framework
- func ImportanceWeight(importance string) int
- func MoSCoWFramework() *pf.Framework
- func NISTCSFFunctionSortWeight(function string) int
- func PriorityFrameworkP() *pf.Framework
- func PriorityWeight(priority string) int
- func SeverityFramework() *pf.Framework
- func ValidDomain(domain string) bool
- func ValidPriority(priority string) bool
- func ValidSortMethod(method string) bool
- func ValidateCapabilityStatus(status string) error
- func ValidateDomain(domain string) error
- func ValidateFramework(framework string) error
- func ValidateKebabCase(s string) bool
- func ValidateNistCsfFunction(fn string) error
- func ValidatePhase(phase string) error
- func ValidatePriority(priority string) error
- func ValidateToolStatus(status string) error
- func ValidateToolType(toolType string) error
- type Capability
- type CapabilityStack
- func (cs *CapabilityStack) AllCapabilities() []Capability
- func (cs *CapabilityStack) CapabilitiesByCategory(categoryID string) []Capability
- func (cs *CapabilityStack) CapabilitiesByLayer(layerID string) []Capability
- func (cs *CapabilityStack) CapabilitiesByMarket(marketID string) []Capability
- func (cs *CapabilityStack) CapabilitiesByMarketCapability(marketCapID string) []Capability
- func (cs *CapabilityStack) CapabilitiesByStatus(status string) []Capability
- func (cs *CapabilityStack) CapabilitiesByTag(tag string) []Capability
- func (cs *CapabilityStack) CapabilitiesForSegment(segmentID string) []Capability
- func (cs *CapabilityStack) CapabilityIDs() []string
- func (cs *CapabilityStack) CategoryIDs() []string
- func (cs *CapabilityStack) GetCapabilityByID(id string) *Capability
- func (cs *CapabilityStack) GetCategoryByID(id string) *Category
- func (cs *CapabilityStack) GetLayerByID(id string) *Layer
- func (cs *CapabilityStack) LayerIDs() []string
- func (cs *CapabilityStack) SaveToFile(path string) error
- func (cs *CapabilityStack) SortCapabilities(method SortMethod)
- func (cs *CapabilityStack) SortedCapabilities(method SortMethod) []Capability
- func (cs *CapabilityStack) Validate() ValidationErrors
- type Category
- type FrameworkMapping
- type GapContribution
- type Layer
- type LevelCriteria
- type MarketIntegration
- type MarketRef
- type Metadata
- type OrderRange
- type PRISMIntegration
- type PRISMRef
- type PriorityFramework
- type PriorityTier
- type SortMethod
- type Tool
- type ValidationError
- type ValidationErrors
Constants ¶
View Source
const ( StatusPlanned = "planned" StatusInProgress = "in-progress" StatusImplemented = "implemented" StatusOperational = "operational" StatusDeprecated = "deprecated" )
CapabilityStatus constants represent the lifecycle status of a capability. Note: Uses hyphen format ("in-progress") for JSON/YAML compatibility. prism-core uses underscore format - these remain local for backward compatibility.
View Source
const ( PriorityCritical = "critical" PriorityHigh = "high" PriorityMedium = "medium" PriorityLow = "low" )
Priority constants for severity-based prioritization. Now backed by priority-frameworks package.
View Source
const ( DomainSecurity = core.DomainSecurity DomainAI = core.DomainAI DomainPlatform = core.DomainPlatform DomainData = core.DomainData DomainObservability = core.DomainObservability DomainInfrastructure = core.DomainInfrastructure DomainProduct = core.DomainProduct DomainOperations = core.DomainOperations )
Domain constants imported from prism-core.
View Source
const ( PhasePlan = "plan" PhaseDesign = "design" PhaseBuild = "build" PhaseTest = "test" PhaseRelease = "release" PhaseDeploy = "deploy" PhaseOperate = "operate" PhaseMonitor = "monitor" PhaseRespond = "respond" PhaseRecover = "recover" )
Phase constants represent SDLC or lifecycle phases. These are more granular than prism-core stages and remain local.
View Source
const ( NistCsfGovern = core.NISTCSFGovern NistCsfIdentify = core.NISTCSFIdentify NistCsfProtect = core.NISTCSFProtect NistCsfDetect = core.NISTCSFDetect NistCsfRespond = core.NISTCSFRespond NistCsfRecover = core.NISTCSFRecover )
NIST CSF function constants imported from prism-core. Local names use NistCsf prefix for backward compatibility.
View Source
const ( ToolTypeCommercial = "commercial" ToolTypeOpenSource = "open-source" ToolTypeInternal = "internal" ToolTypeManagedService = "managed-service" )
ToolType constants represent tool/product types. These are capability-specific and remain local.
View Source
const ( ToolStatusEvaluating = "evaluating" ToolStatusPiloting = "piloting" ToolStatusDeployed = "deployed" ToolStatusDeprecated = "deprecated" )
ToolStatus constants represent tool deployment status.
View Source
const ( FrameworkNISTCSF2 = "nist-csf-2.0" FrameworkNIST80053 = "nist-800-53" FrameworkISO27001 = "iso-27001" FrameworkSOC2 = "soc2" FrameworkPCIDSS = "pci-dss" FrameworkCIS = "cis" FrameworkMITREATTACK = "mitre-attack" FrameworkOWASP = "owasp" FrameworkSLSA = "slsa" FrameworkSSDF = "ssdf" )
Framework constants represent compliance/security frameworks. Note: Uses kebab-case format for JSON/YAML compatibility. prism-core uses UPPER_SNAKE format - these remain local for backward compatibility.
View Source
const ( ImportanceCritical = "critical" ImportanceHigh = "high" ImportanceMedium = "medium" ImportanceLow = "low" )
Importance constants define static weights for categories, layers, and capabilities. These represent the inherent importance of "-ilities" (security, availability, etc.) and are used in conjunction with current state to calculate dynamic priority.
Deprecated: Use priority-frameworks package directly for new code.
View Source
const ( PriorityP0 = "P0" // Immediate action required PriorityP1 = "P1" // High priority PriorityP2 = "P2" // Medium priority PriorityP3 = "P3" // Low priority )
Priority constants define dynamic priority levels based on current state. These are calculated by combining importance with maturity gap.
Variables ¶
This section is empty.
Functions ¶
func AllCapabilityStatuses ¶
func AllCapabilityStatuses() []string
AllCapabilityStatuses returns all valid capability status values.
func AllDomains ¶
func AllDomains() []string
AllDomains returns all valid domain values for capability stacks. Note: Returns the 8 domains used by this module, not all prism-core domains.
func AllFrameworks ¶
func AllFrameworks() []string
AllFrameworks returns all valid framework values.
func AllImportanceLevels ¶ added in v0.4.0
func AllImportanceLevels() []string
AllImportanceLevels returns all valid importance levels in descending order.
func AllNistCsfFunctions ¶
func AllNistCsfFunctions() []string
AllNistCsfFunctions returns all valid NIST CSF function values.
func AllPriorityLevels ¶ added in v0.4.0
func AllPriorityLevels() []string
AllPriorityLevels returns all valid priority levels in descending order.
func AllToolStatuses ¶
func AllToolStatuses() []string
AllToolStatuses returns all valid tool status values.
func CalculatePriority ¶ added in v0.4.0
CalculatePriority determines dynamic priority based on importance and maturity gap. importance: the static importance level (critical, high, medium, low) currentLevel: current maturity level (1-5) targetLevel: target maturity level (1-5) Returns P0-P3 based on the combination.
func DomainDisplayName ¶ added in v0.3.0
DomainDisplayName returns a human-readable name for a domain.
func DynamicPriorityWeight ¶ added in v0.4.0
DynamicPriorityWeight returns a numeric weight for the dynamic priority level (P0-P3). Higher weights indicate higher priority.
func GeneralFramework ¶ added in v0.5.0
GeneralFramework returns the general requirement framework.
func GetFramework ¶ added in v0.5.0
GetFramework returns a priority framework by ID.
func IETFFramework ¶ added in v0.5.0
IETFFramework returns the IETF RFC 2119 requirement framework.
func ImportanceWeight ¶ added in v0.4.0
ImportanceWeight returns a numeric weight for the importance level. Higher weights indicate higher importance.
func MoSCoWFramework ¶ added in v0.5.0
MoSCoWFramework returns the MoSCoW priority framework.
func NISTCSFFunctionSortWeight ¶ added in v0.3.0
NISTCSFFunctionSortWeight returns a sort weight for NIST CSF functions.
func PriorityFrameworkP ¶ added in v0.5.0
PriorityFrameworkP returns the P# priority framework.
func PriorityWeight ¶ added in v0.3.0
PriorityWeight returns a numeric weight for sorting priorities. Higher weight = higher priority.
func SeverityFramework ¶ added in v0.5.0
SeverityFramework returns the Severity priority framework.
func ValidDomain ¶ added in v0.3.0
ValidDomain checks if a domain value is valid.
func ValidPriority ¶ added in v0.3.0
ValidPriority checks if a priority value is valid.
func ValidSortMethod ¶ added in v0.4.0
ValidSortMethod checks if a sort method is valid.
func ValidateCapabilityStatus ¶
ValidateCapabilityStatus validates a capability status value.
func ValidateDomain ¶
ValidateDomain validates a domain value.
func ValidateFramework ¶
ValidateFramework validates a framework value.
func ValidateKebabCase ¶
ValidateKebabCase validates that a string is in kebab-case format.
func ValidateNistCsfFunction ¶
ValidateNistCsfFunction validates a NIST CSF function value.
func ValidatePriority ¶
ValidatePriority validates a priority value.
func ValidateToolStatus ¶
ValidateToolStatus validates a tool status value.
func ValidateToolType ¶
ValidateToolType validates a tool type value.
Types ¶
type Capability ¶
type Capability struct {
// ID is the unique identifier for the capability (kebab-case).
ID string `json:"id"`
// Name is the short display name (for diagram boxes).
Name string `json:"name"`
// FullName is the expanded name (e.g., "Static Application Security Testing" for "SAST").
FullName string `json:"fullName,omitempty"`
// Description explains what this capability provides.
Description string `json:"description,omitempty"`
// LayerID references the layer this capability belongs to.
LayerID string `json:"layerId"`
// CategoryID references the category for visual grouping.
CategoryID string `json:"categoryId,omitempty"`
// Status is the lifecycle status (planned, in-progress, implemented, operational, deprecated).
Status string `json:"status,omitempty"`
// Priority is the implementation priority (critical, high, medium, low).
Priority string `json:"priority,omitempty"`
// Importance is the static weight for this capability (critical, high, medium, low).
// Represents the inherent importance for "-ilities" (security, availability, resiliency).
// Used with maturity state to calculate dynamic priority (P0-P3).
Importance string `json:"importance,omitempty"`
// Order is the explicit sort order for this capability.
// When non-zero, capabilities are sorted by Order ascending.
// If any capability has a non-zero Order, all should have unique Order values.
Order int `json:"order,omitempty"`
// TargetDate is when planned capabilities should be implemented (YYYY-MM-DD).
TargetDate string `json:"targetDate,omitempty"`
// ImplementedAt is when the capability was implemented (YYYY-MM-DD).
ImplementedAt string `json:"implementedAt,omitempty"`
// Owner is the team or person responsible for this capability.
Owner string `json:"owner,omitempty"`
// Tooling lists tools/products implementing this capability.
Tooling []Tool `json:"tooling,omitempty"`
// Dependencies lists capability IDs this capability depends on.
Dependencies []string `json:"dependencies,omitempty"`
// Enables lists capability IDs that this capability enables.
Enables []string `json:"enables,omitempty"`
// Tags are for filtering and classification (kebab-case).
Tags []string `json:"tags,omitempty"`
// FrameworkMappings maps to compliance/security framework controls.
FrameworkMappings []FrameworkMapping `json:"frameworkMappings,omitempty"`
// PRISMRef links to PRISM maturity model for this capability.
PRISMRef *PRISMRef `json:"prismRef,omitempty"`
// MarketRef links to market-strategy-engine capabilities this org capability enables.
MarketRef *MarketRef `json:"marketRef,omitempty"`
}
Capability represents a single capability in the stack.
func (*Capability) Validate ¶
func (cap *Capability) Validate() ValidationErrors
Validate validates a Capability and returns validation errors.
type CapabilityStack ¶
type CapabilityStack struct {
// Schema is the JSON Schema reference.
Schema string `json:"$schema,omitempty"`
// Metadata contains document-level information.
Metadata Metadata `json:"metadata"`
// Layers are ordered list of layers (rows) in the capability stack.
Layers []Layer `json:"layers"`
// Categories define groupings for capabilities within layers.
Categories []Category `json:"categories,omitempty"`
// Capabilities are all capabilities in the stack.
Capabilities []Capability `json:"capabilities"`
// Foundational are cross-cutting capabilities that span multiple layers.
Foundational []Capability `json:"foundational,omitempty"`
// PRISMIntegration configures global PRISM integration.
PRISMIntegration *PRISMIntegration `json:"prismIntegration,omitempty"`
// MarketIntegration configures global market-strategy-engine integration.
MarketIntegration *MarketIntegration `json:"marketIntegration,omitempty"`
// PriorityFramework defines the priority tier structure for organizing capabilities.
// When present, an HTML page explaining the priority tiers can be generated.
PriorityFramework *PriorityFramework `json:"priorityFramework,omitempty"`
}
CapabilityStack is the root document for a capability stack specification.
func LoadFromFile ¶
func LoadFromFile(path string) (*CapabilityStack, error)
LoadFromFile reads a CapabilityStack from a JSON file.
func (*CapabilityStack) AllCapabilities ¶
func (cs *CapabilityStack) AllCapabilities() []Capability
AllCapabilities returns all capabilities including foundational ones.
func (*CapabilityStack) CapabilitiesByCategory ¶
func (cs *CapabilityStack) CapabilitiesByCategory(categoryID string) []Capability
CapabilitiesByCategory returns capabilities belonging to a specific category.
func (*CapabilityStack) CapabilitiesByLayer ¶
func (cs *CapabilityStack) CapabilitiesByLayer(layerID string) []Capability
CapabilitiesByLayer returns capabilities belonging to a specific layer.
func (*CapabilityStack) CapabilitiesByMarket ¶ added in v0.3.0
func (cs *CapabilityStack) CapabilitiesByMarket(marketID string) []Capability
CapabilitiesByMarket returns org capabilities linked to a specific market.
func (*CapabilityStack) CapabilitiesByMarketCapability ¶ added in v0.3.0
func (cs *CapabilityStack) CapabilitiesByMarketCapability(marketCapID string) []Capability
CapabilitiesByMarketCapability returns org capabilities that enable a market capability.
func (*CapabilityStack) CapabilitiesByStatus ¶
func (cs *CapabilityStack) CapabilitiesByStatus(status string) []Capability
CapabilitiesByStatus returns capabilities with a specific status.
func (*CapabilityStack) CapabilitiesByTag ¶
func (cs *CapabilityStack) CapabilitiesByTag(tag string) []Capability
CapabilitiesByTag returns capabilities with a specific tag.
func (*CapabilityStack) CapabilitiesForSegment ¶ added in v0.3.0
func (cs *CapabilityStack) CapabilitiesForSegment(segmentID string) []Capability
CapabilitiesForSegment returns org capabilities that benefit a market segment.
func (*CapabilityStack) CapabilityIDs ¶
func (cs *CapabilityStack) CapabilityIDs() []string
CapabilityIDs returns all capability IDs including foundational.
func (*CapabilityStack) CategoryIDs ¶
func (cs *CapabilityStack) CategoryIDs() []string
CategoryIDs returns all category IDs.
func (*CapabilityStack) GetCapabilityByID ¶
func (cs *CapabilityStack) GetCapabilityByID(id string) *Capability
GetCapabilityByID returns a capability by its ID, or nil if not found. Searches both capabilities and foundational lists.
func (*CapabilityStack) GetCategoryByID ¶
func (cs *CapabilityStack) GetCategoryByID(id string) *Category
GetCategoryByID returns a category by its ID, or nil if not found.
func (*CapabilityStack) GetLayerByID ¶
func (cs *CapabilityStack) GetLayerByID(id string) *Layer
GetLayerByID returns a layer by its ID, or nil if not found.
func (*CapabilityStack) LayerIDs ¶
func (cs *CapabilityStack) LayerIDs() []string
LayerIDs returns all layer IDs in order.
func (*CapabilityStack) SaveToFile ¶
func (cs *CapabilityStack) SaveToFile(path string) error
SaveToFile writes the CapabilityStack to a JSON file.
func (*CapabilityStack) SortCapabilities ¶ added in v0.4.0
func (cs *CapabilityStack) SortCapabilities(method SortMethod)
SortCapabilities sorts the capabilities slice in place by the given method.
func (*CapabilityStack) SortedCapabilities ¶ added in v0.4.0
func (cs *CapabilityStack) SortedCapabilities(method SortMethod) []Capability
SortedCapabilities returns a sorted copy of all capabilities.
func (*CapabilityStack) Validate ¶
func (cs *CapabilityStack) Validate() ValidationErrors
Validate validates the entire CapabilityStack document.
type Category ¶
type Category struct {
// ID is the unique identifier for the category (kebab-case).
ID string `json:"id"`
// Name is the display name for the category.
Name string `json:"name"`
// Description explains what this category represents.
Description string `json:"description,omitempty"`
// Color is used for visual grouping (hex or named color).
Color string `json:"color,omitempty"`
// Importance is the static weight for this category (critical, high, medium, low).
// Used for "-ilities" prioritization (security, availability, resiliency, etc.).
Importance string `json:"importance,omitempty"`
}
Category groups capabilities within layers for visual organization.
func (*Category) Validate ¶
func (c *Category) Validate() ValidationErrors
Validate validates a Category and returns validation errors.
type FrameworkMapping ¶
type FrameworkMapping struct {
// Framework is the framework name (nist-csf-2.0, iso-27001, etc.).
Framework string `json:"framework"`
// Controls lists the control IDs from the framework.
Controls []string `json:"controls"`
}
FrameworkMapping maps a capability to compliance/security framework controls.
func (*FrameworkMapping) Validate ¶
func (fm *FrameworkMapping) Validate() ValidationErrors
Validate validates a FrameworkMapping and returns validation errors.
type GapContribution ¶ added in v0.3.0
type GapContribution struct {
// CapabilityID is the market capability with the gap.
CapabilityID string `json:"capabilityId"`
// SegmentID is the target segment for the gap.
SegmentID string `json:"segmentId,omitempty"`
// Contribution describes how this org capability helps close the gap.
// Examples: "primary", "supporting", "enabling".
Contribution string `json:"contribution,omitempty"`
// Description explains the relationship.
Description string `json:"description,omitempty"`
}
GapContribution describes how an org capability contributes to closing a market gap.
type Layer ¶
type Layer struct {
// ID is the unique identifier for the layer (kebab-case).
ID string `json:"id"`
// Name is the display name for the layer.
Name string `json:"name"`
// Description explains the purpose/objective of this layer.
Description string `json:"description,omitempty"`
// Order is the sort order (1 = top layer).
Order int `json:"order,omitempty"`
// Phase is the SDLC or lifecycle phase this layer represents.
Phase string `json:"phase,omitempty"`
// NistCsfFunction maps the layer to a NIST CSF 2.0 function.
NistCsfFunction string `json:"nistCsfFunction,omitempty"`
// Importance is the static weight for this layer (critical, high, medium, low).
// Used for "-ilities" prioritization when capabilities span multiple layers.
Importance string `json:"importance,omitempty"`
}
Layer represents a row in the capability stack, typically mapping to a lifecycle phase or organizational boundary.
func (*Layer) Validate ¶
func (l *Layer) Validate() ValidationErrors
Validate validates a Layer and returns validation errors.
type LevelCriteria ¶
type LevelCriteria struct {
M1 string `json:"M1,omitempty"`
M2 string `json:"M2,omitempty"`
M3 string `json:"M3,omitempty"`
M4 string `json:"M4,omitempty"`
M5 string `json:"M5,omitempty"`
}
LevelCriteria defines maturity level descriptions (M1-M5).
type MarketIntegration ¶ added in v0.3.0
type MarketIntegration struct {
// AnalysisRef is the path or URL to the market analysis document.
AnalysisRef string `json:"analysisRef,omitempty"`
// DefaultMarket is the default market for capabilities without explicit marketId.
DefaultMarket string `json:"defaultMarket,omitempty"`
// FocusSegments lists the primary segments the organization is targeting.
FocusSegments []string `json:"focusSegments,omitempty"`
}
MarketIntegration configures global market-strategy-engine integration settings.
type MarketRef ¶ added in v0.3.0
type MarketRef struct {
// MarketID is the market this capability contributes to (e.g., "security", "crm").
MarketID string `json:"marketId,omitempty"`
// CapabilityIDs lists market capability IDs that this org capability enables.
// These reference capabilities defined in market-strategy-engine Analysis documents.
CapabilityIDs []string `json:"capabilityIds,omitempty"`
// Segments indicates which market segments benefit from this capability.
// Common values: "smb", "mid-market", "enterprise".
Segments []string `json:"segments,omitempty"`
// Impact describes how this organizational capability affects market position.
Impact string `json:"impact,omitempty"`
// GapContribution describes which market gaps this capability helps close.
GapContribution []GapContribution `json:"gapContribution,omitempty"`
}
MarketRef references market-strategy-engine capabilities that this organizational capability enables. This creates traceability from internal capabilities to external market competitiveness.
type Metadata ¶
type Metadata struct {
// Name is the identifier for the capability stack (kebab-case).
Name string `json:"name"`
// Version is the semantic version of this specification.
Version string `json:"version"`
// Title is the display title for rendered output.
Title string `json:"title,omitempty"`
// Description provides context about the capability stack.
Description string `json:"description,omitempty"`
// Domain is the primary domain (security, ai, platform, etc.).
Domain string `json:"domain,omitempty"`
// CreatedAt is the creation date (YYYY-MM-DD format).
CreatedAt string `json:"createdAt,omitempty"`
// UpdatedAt is the last update date (YYYY-MM-DD format).
UpdatedAt string `json:"updatedAt,omitempty"`
// Authors lists the people/teams who created this stack.
Authors []string `json:"authors,omitempty"`
}
Metadata contains document-level information about the capability stack.
func (*Metadata) Validate ¶
func (m *Metadata) Validate() ValidationErrors
Validate validates a Metadata and returns validation errors.
type OrderRange ¶ added in v0.4.0
type OrderRange struct {
// Min is the minimum Order value (inclusive).
Min int `json:"min"`
// Max is the maximum Order value (inclusive). Use 0 for unlimited.
Max int `json:"max,omitempty"`
}
OrderRange defines an inclusive range of Order values.
func (OrderRange) Contains ¶ added in v0.4.0
func (r OrderRange) Contains(order int) bool
Contains returns true if the given order value is within this range.
func (OrderRange) String ¶ added in v0.4.0
func (r OrderRange) String() string
String returns a display string for the range (e.g., "1-5" or "31+").
type PRISMIntegration ¶
type PRISMIntegration struct {
// ModelRef is the path or URL to the PRISM maturity model document.
ModelRef string `json:"modelRef,omitempty"`
// StateRef is the path or URL to the PRISM maturity state document.
StateRef string `json:"stateRef,omitempty"`
// PlanRef is the path or URL to the PRISM maturity plan document.
PlanRef string `json:"planRef,omitempty"`
// DefaultDomain is the default PRISM domain for capabilities without explicit domainId.
DefaultDomain string `json:"defaultDomain,omitempty"`
}
PRISMIntegration configures global PRISM integration settings.
type PRISMRef ¶
type PRISMRef struct {
// DomainID is the PRISM domain ID (e.g., "security", "operations").
DomainID string `json:"domainId,omitempty"`
// SLIIDs lists PRISM SLI IDs that measure this capability's maturity.
SLIIDs []string `json:"sliIds,omitempty"`
// LevelCriteria describes what each maturity level means for this capability.
LevelCriteria *LevelCriteria `json:"levelCriteria,omitempty"`
}
PRISMRef references a PRISM maturity model for a capability.
type PriorityFramework ¶ added in v0.4.0
type PriorityFramework struct {
// Title is the display title for the priority framework page.
Title string `json:"title,omitempty"`
// Description explains the purpose of the priority framework.
Description string `json:"description,omitempty"`
// Tiers are the priority tiers in order (highest priority first).
Tiers []PriorityTier `json:"tiers"`
}
PriorityFramework defines the priority tier structure for organizing capabilities. This is embedded in the capability stack and can be rendered as an HTML page.
func DefaultPriorityFramework ¶ added in v0.4.0
func DefaultPriorityFramework() *PriorityFramework
DefaultPriorityFramework returns a standard 4-tier priority framework.
func (*PriorityFramework) GetTierForCapability ¶ added in v0.4.0
func (pf *PriorityFramework) GetTierForCapability(cap Capability) *PriorityTier
GetTierForCapability returns the tier that contains the given capability.
type PriorityTier ¶ added in v0.4.0
type PriorityTier struct {
// ID is the unique identifier for the tier (e.g., "tier-1").
ID string `json:"id"`
// Name is the display name (e.g., "Tier 1").
Name string `json:"name"`
// OrderRange defines the capability Order values in this tier.
OrderRange OrderRange `json:"orderRange"`
// Orders explains why capabilities in this tier are important.
// This is the business rationale (e.g., "Existential", "Critical", "Strategic").
Orders string `json:"orders"`
// OrdersDescription provides additional context for the Orders rationale.
OrdersDescription string `json:"ordersDescription,omitempty"`
// Focus lists the primary capability areas or categories in this tier.
Focus []string `json:"focus,omitempty"`
// CapabilityIDs explicitly lists capability IDs in this tier.
// If provided, overrides OrderRange for determining membership.
CapabilityIDs []string `json:"capabilityIds,omitempty"`
// Color is the display color for this tier (hex code).
Color string `json:"color,omitempty"`
}
PriorityTier represents a single priority tier grouping capabilities.
func (PriorityTier) CapabilitiesInTier ¶ added in v0.4.0
func (t PriorityTier) CapabilitiesInTier(caps []Capability) []Capability
CapabilitiesInTier returns capabilities that belong to this tier. If CapabilityIDs is set, uses that list. Otherwise uses OrderRange.
type SortMethod ¶ added in v0.4.0
type SortMethod string
SortMethod defines how capabilities should be sorted.
const ( // SortByOrder sorts by explicit Order field (default). SortByOrder SortMethod = "order" // SortByName sorts alphabetically by Name. SortByName SortMethod = "name" // SortByImportance sorts by Importance weight (critical first). SortByImportance SortMethod = "importance" // SortByPriority sorts by Priority (critical first, for static priority field). SortByPriority SortMethod = "priority" // SortByStatus sorts by Status (operational first). SortByStatus SortMethod = "status" )
func AllSortMethods ¶ added in v0.4.0
func AllSortMethods() []SortMethod
AllSortMethods returns all valid sort methods.
type Tool ¶
type Tool struct {
// Name is the tool or product name.
Name string `json:"name"`
// Vendor is the vendor name (for commercial tools).
Vendor string `json:"vendor,omitempty"`
// Type classifies the tool (commercial, open-source, internal, managed-service).
Type string `json:"type,omitempty"`
// URL is the tool's website or documentation link.
URL string `json:"url,omitempty"`
// Status is the deployment status (evaluating, piloting, deployed, deprecated).
Status string `json:"status,omitempty"`
}
Tool represents a tool or product that implements a capability.
func (*Tool) Validate ¶
func (t *Tool) Validate() ValidationErrors
Validate validates a Tool and returns validation errors.
type ValidationError ¶
ValidationError represents a validation error with context.
func (*ValidationError) Error ¶
func (e *ValidationError) Error() string
type ValidationErrors ¶
type ValidationErrors []ValidationError
ValidationErrors is a collection of validation errors.
func (ValidationErrors) Error ¶
func (ve ValidationErrors) Error() string
func (ValidationErrors) HasErrors ¶
func (ve ValidationErrors) HasErrors() bool
HasErrors returns true if there are any validation errors.
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package cli provides the exported Cobra command tree for the capability stack CLI.
|
Package cli provides the exported Cobra command tree for the capability stack CLI. |
|
cmd
|
|
|
capstack
command
|
|
|
Package render provides diagram rendering for capability stacks.
|
Package render provides diagram rendering for capability stacks. |
Click to show internal directories.
Click to hide internal directories.