You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Several v0.1.0 schema features (structured architecture, structured attackSteps, structured dataFlows, AFR inputFactors, impact categories, CAL/TAF objects) exist in the schema but are not demonstrated in examples/rdx-xml-comprehensive.xml or the JSON comprehensive example, which still lean on legacy string forms. Adopters following the examples will skip the newer capabilities entirely. The XSD/JSON parity work is partly invisible because no test vector currently exercises it end-to-end.
Proposed change
Rewrite examples/rdx-xml-comprehensive.xml and the JSON counterpart so every supported object/field type is exercised at least once — including:
structured architecture with components + dataFlows + trustZones
CAL assurance levels, CAL assessments, TAF assessments, and the new CAL relationship types
Add an XSD coverage report to tools/validate.sh that lists which complexType / element / attribute names are exercised by the comprehensive example and flags any unused ones in CI output.
Document the comprehensive example in CLAUDE.md and README.md as the canonical "what does a fully populated RDX document look like" reference.
References
AI peer review, section 4 closing note ("the comprehensive example still uses a simple architecture string, even though the schema supports structured architecture")
CLAUDE.md — schema parity note ("XML coverage example is the XSD coverage/test vector")
Acceptance criteria
examples/rdx-xml-comprehensive.xml and its JSON twin validate AND exercise every schema feature listed above
tools/validate.sh prints (or CI step displays) an XSD coverage summary
README and CLAUDE.md point to the comprehensive example as the canonical reference
Motivation
Several v0.1.0 schema features (structured
architecture, structuredattackSteps, structureddataFlows, AFRinputFactors, impactcategories, CAL/TAF objects) exist in the schema but are not demonstrated inexamples/rdx-xml-comprehensive.xmlor the JSON comprehensive example, which still lean on legacy string forms. Adopters following the examples will skip the newer capabilities entirely. The XSD/JSON parity work is partly invisible because no test vector currently exercises it end-to-end.Proposed change
examples/rdx-xml-comprehensive.xmland the JSON counterpart so every supported object/field type is exercised at least once — including:architecturewith components + dataFlows + trustZonesattackStepswithtype+ references (after Make structured attackSteps the default and link to CVE/CWE/CAPEC/ATT&CK #48 lands)riskLevels,riskThresholdMatrix, cryptographichashes, AFRinputFactors, impactcategories,componentIdstools/validate.shthat lists which complexType / element / attribute names are exercised by the comprehensive example and flags any unused ones in CI output.CLAUDE.mdandREADME.mdas the canonical "what does a fully populated RDX document look like" reference.References
CLAUDE.md— schema parity note ("XML coverage example is the XSD coverage/test vector")Acceptance criteria
examples/rdx-xml-comprehensive.xmland its JSON twin validate AND exercise every schema feature listed abovetools/validate.shprints (or CI step displays) an XSD coverage summarySurfaced by external AI peer review; see chat transcript for full review text.