{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://securitycompliancehub.io/schemas/ce-prefill.schema.json",
  "title": "SCH Cyber Essentials Pre-fill Schema",
  "description": "Schema for importing RMM/patch management data into the SCH Cyber Essentials v3.3 assessment. Generate this file from your own tooling and import it using the 'Import from Security Tools' button on the assessment page.",
  "version": "1.0.0",
  "type": "object",
  "required": ["assessmentType", "generated", "questions"],
  "additionalProperties": false,
  "properties": {
    "assessmentType": {
      "type": "string",
      "const": "ce",
      "description": "Must be 'ce' for Cyber Essentials."
    },
    "source": {
      "type": "string",
      "description": "Identifier for the tool or pipeline that generated this file. Free-form, for your own audit trail.",
      "examples": ["ninjone", "qualys", "ninite-pro", "custom-script"]
    },
    "generated": {
      "type": "string",
      "format": "date-time",
      "description": "ISO 8601 timestamp when this file was generated. Used to warn users if data is stale."
    },
    "questions": {
      "type": "object",
      "description": "Map of question radio names to pre-fill values. Keys must match the radio input name attributes in the assessment. See the CE assessment HTML for the full question list. Control 1 (Firewalls): q1_1–q1_6. Control 2 (Secure Config): q2_1–q2_5. Control 3 (Updates): q3_1–q3_4. Control 4 (Access Control): q4_1–q4_5. Control 5 (Malware): q5_1–q5_4. Control 6 (Scope): q6_1–q6_4.",
      "propertyNames": {
        "pattern": "^q[1-6]_[0-9]+(_(audit|detail))?$"
      },
      "additionalProperties": {
        "$ref": "#/$defs/questionEntry"
      },
      "examples": [
        {
          "q3_1": {
            "suggested_value": "pass",
            "evidence_summary": "Automated patching active; 142/142 devices patched within 14 days"
          },
          "q3_2": {
            "suggested_value": "partial",
            "evidence_summary": "High/critical patches applied within 14 days on 87% of endpoints; 18 overdue",
            "evidence_detail": "Overdue endpoints: WS-042 (Win 10 21H2, 3 patches), WS-107 (Win 11 23H2, 1 patch). Full list attached.",
            "raw_stats": {
              "total_devices": 142,
              "patched_14d": 124,
              "overdue": 18,
              "critical_overdue": 3
            }
          }
        }
      ]
    }
  },
  "$defs": {
    "questionEntry": {
      "type": "object",
      "required": ["suggested_value"],
      "additionalProperties": false,
      "properties": {
        "suggested_value": {
          "type": "string",
          "enum": ["pass", "fail", "unsure"],
          "description": "The suggested radio answer. 'pass' = compliant, 'fail' = not compliant, 'unsure' = uncertain. The user reviews and confirms this value before the assessment is submitted."
        },
        "evidence_summary": {
          "type": "string",
          "maxLength": 500,
          "description": "CLAUDE-SAFE. A brief, aggregated, identifier-free summary of the evidence. This text may appear in the Phronesis AI analysis prompt. Do NOT include device names, hostnames, IP addresses, usernames, or other personal/sensitive identifiers here."
        },
        "evidence_detail": {
          "type": "string",
          "description": "EVIDENCE VAULT ONLY. Detailed evidence that may include device names, IPs, or other sensitive identifiers. This is stored in the Evidence Vault (GCS) and is NEVER sent to the Phronesis AI Service."
        },
        "raw_stats": {
          "type": "object",
          "description": "EVIDENCE VAULT ONLY. Machine-readable statistics from your tooling. Never sent to Phronesis. Stored as an evidence attachment for audit purposes.",
          "additionalProperties": true
        }
      }
    }
  }
}
