Schema reference
Every entry in this knowledge base follows a structured schema — version 0.2. This page documents the schema for contributors, automation developers, and anyone building on the knowledge base content.
Entry structure
Each entry is a Markdown file with YAML frontmatter and structured content sections.
Frontmatter fields
id: string # Unique identifier — e.g. c2-prompt-injection
title: string # Full entry title
sidebar_label: string # Short label for navigation
tags: list[string] # Searchable tags
last_verified: date # ISO date of last fact-check pass
next_review: date # ISO date triggering automated review
Layer structure
| Layer | Heading | Audience | Key fields |
|---|---|---|---|
| 1 | ## Layer 1 — Start here | All audiences | Headline, summary, severity badge, key question, persona tabs |
| 2 | ## Layer 2 — Practitioner overview | Risk, compliance, PMs | Risk description, likelihood drivers, consequence types, controls summary table |
| 3 | ## Layer 3 — Controls detail | Risk practitioners, audit | Full control descriptions, jurisdiction notes, KPIs |
| 4 | ## Layer 4 — Technical implementation | Engineers, security analysts | Code examples, tool references, compliance implementation |
Persona tabs (Layer 1)
Each entry includes persona-specific hooks in a tabbed interface. All entries include three practitioner tabs. Entries linked from the Fork everyday track (A1, C4, E1) also include an Everyday tab written in plain language for general public readers.
<Tabs>
<TabItem value="executive" label="Executive / Board">
[2-3 sentences anchored to reading an audit report or board paper]
</TabItem>
<TabItem value="pm" label="Project Manager">
[2-3 sentences anchored to a go-live sign-off decision]
</TabItem>
<TabItem value="analyst" label="Security Analyst">
[2-3 sentences anchored to implementing controls or reviewing a vendor]
</TabItem>
{/* Everyday tab — only on A1, C4, E1 (Fork-linked entries) */}
<TabItem value="everyday" label="Everyday">
[Plain language for general public. No jargon, no framework codes.
Ends with a link back to the Fork scenario. See CONTENT_STYLE_GUIDE for voice rules.]
</TabItem>
</Tabs>
Controls summary table (Layer 2)
Every control in the controls summary must have these five fields:
| Field | Values | Notes |
|---|---|---|
| Control | string | Short descriptive name |
| Owner | function name | Security, Technology, Risk, Legal, HR, Compliance, Procurement, Operations, All |
| Effort | Low / Medium / High | Low = <1 week, Medium = 1–4 weeks, High = >1 month |
| Go-live? | Required / Post-launch badge | required-golive or required-post CSS class |
| Definition of done | string | One observable, verifiable sentence |
Severity badges
<span className="severity-badge severity-critical">Critical severity</span>
<span className="severity-badge severity-high">High severity</span>
<span className="severity-badge severity-medium">Medium severity</span>
<span className="severity-badge severity-low">Low severity</span>
Severity defaults are starting points — real assessments are context-dependent.
Framework chips
<span className="framework-chip">NIST AI 600-1</span>
<span className="framework-chip">EU AI Act Art. 15</span>
Scenario seed (end of entry)
Every entry includes a scenario seed for training module use:
**Context:** [Organisational setting]
**Trigger event:** [What happens to initiate the scenario]
**Complicating factor:** [What makes resolution non-obvious]
**Discussion questions:** [3-5 questions]
**Difficulty:** Foundational | Intermediate | Advanced
**Jurisdictions:** [Applicable jurisdictions]
Jurisdictional scope
Entries include jurisdiction notes on controls where obligations differ. The controlled vocabulary for jurisdictions is: AU, EU, US, UK, Global.
Global means the risk and controls apply without jurisdiction-specific framing.
Verify flags
Claims that require verification before publication are flagged inline: [VERIFY: description]. The automation engine tracks these and clears them after a successful verification pass.
Version history
| Version | Changes |
|---|---|
| v0.1 | Initial schema — four layers, incidents, framework refs, scenario seed |
| v0.2 | Added jurisdictional scope fields, controls_summary with owner/effort/done, persona hooks in Layer 1 |
Full template
The complete entry template is available in the repository: schema/entry_template.md