Output Schemas and Examples
Several Manicode prompt categories produce structured output that can be parsed, validated, and integrated into tooling. This page documents the expected output schemas for three key categories: threat modeling, compliance, and validation.
Threat Modeling Output (CycloneDX)
Threat modeling prompts (Standard Interview, STRIDE, FMEA) produce output conforming to the CycloneDX schema (spec version 1.5/1.6).
Schema
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Manicode Threat Model Output",
"description": "Simplified schema for threat modeling prompt output, based on CycloneDX 1.6",
"type": "object",
"required": ["bomFormat", "specVersion", "metadata", "vulnerabilities"],
"properties": {
"bomFormat": {
"type": "string",
"const": "CycloneDX"
},
"specVersion": {
"type": "string",
"enum": ["1.5", "1.6"]
},
"serialNumber": {
"type": "string",
"pattern": "^urn:uuid:"
},
"version": {
"type": "integer"
},
"metadata": {
"type": "object",
"properties": {
"timestamp": { "type": "string", "format": "date-time" },
"component": {
"type": "object",
"properties": {
"type": { "type": "string" },
"name": { "type": "string" },
"description": { "type": "string" }
},
"required": ["type", "name"]
}
}
},
"vulnerabilities": {
"type": "array",
"items": {
"type": "object",
"required": ["id", "description", "ratings"],
"properties": {
"id": { "type": "string" },
"description": { "type": "string" },
"source": {
"type": "object",
"properties": {
"name": { "type": "string" }
}
},
"analysis": {
"type": "object",
"properties": {
"state": {
"type": "string",
"enum": ["exploitable", "in_triage", "false_positive", "not_affected", "resolved"]
},
"detail": { "type": "string" }
}
},
"ratings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"method": { "type": "string" },
"severity": {
"type": "string",
"enum": ["critical", "high", "medium", "low", "info", "none", "unknown"]
},
"score": { "type": "number" }
}
}
},
"recommendation": { "type": "string" },
"affects": {
"type": "array",
"items": {
"type": "object",
"properties": {
"ref": { "type": "string" }
}
}
}
}
}
}
}
}
Example Output
{
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"metadata": {
"timestamp": "2026-02-24T10:30:00Z",
"component": {
"type": "application",
"name": "Customer Portal API",
"description": "Microservices-based customer portal with payment processing"
}
},
"vulnerabilities": [
{
"id": "THREAT-001",
"description": "JWT token theft via XSS enables session hijacking",
"source": { "name": "Manicode Threat Model Interview" },
"analysis": {
"state": "exploitable",
"detail": "JWT tokens stored in localStorage are accessible to any JavaScript running in the page context. An XSS vulnerability in the React SPA would allow an attacker to exfiltrate tokens and impersonate users."
},
"ratings": [
{
"method": "other",
"severity": "high",
"score": 7.5
}
],
"recommendation": "Store JWT tokens in HttpOnly, Secure, SameSite=Strict cookies. Implement Content Security Policy headers. Use subresource integrity for third-party scripts.",
"affects": [
{ "ref": "component:react-spa" },
{ "ref": "component:api-gateway" }
]
},
{
"id": "THREAT-002",
"description": "Stripe API key exposure through environment variable misconfiguration",
"source": { "name": "Manicode Threat Model Interview" },
"analysis": {
"state": "in_triage",
"detail": "The Payment Service uses the Stripe secret key for server-side API calls. If the key is exposed through logging, error messages, or container environment dumps, an attacker could process fraudulent charges."
},
"ratings": [
{
"method": "other",
"severity": "critical",
"score": 9.0
}
],
"recommendation": "Store Stripe keys in a secrets manager (AWS Secrets Manager, HashiCorp Vault). Never log environment variables. Use Stripe restricted keys with minimum required permissions.",
"affects": [
{ "ref": "component:payment-service" }
]
}
]
}
Validation
To validate output against the CycloneDX schema:
npm install @cyclonedx/cyclonedx-library
# Or validate with the CycloneDX CLI tool
Compliance Output
Compliance copilot prompts produce structured artifacts. While the overall output is Markdown, the control mapping section follows a consistent structure.
Control Mapping Schema
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Manicode Compliance Control Mapping",
"type": "object",
"required": ["framework", "assessment_date", "controls"],
"properties": {
"framework": {
"type": "string",
"description": "Regulatory framework identifier (e.g., SOC 2, PCI DSS 4.0.1)"
},
"assessment_date": {
"type": "string",
"format": "date"
},
"controls": {
"type": "array",
"items": {
"type": "object",
"required": ["control_id", "control_name", "status"],
"properties": {
"control_id": {
"type": "string",
"description": "Framework-specific control identifier (e.g., CC6.1, 8.3.1)"
},
"control_name": {
"type": "string"
},
"status": {
"type": "string",
"enum": ["implemented", "partially_implemented", "not_implemented", "not_applicable"]
},
"gap_description": {
"type": "string",
"description": "Present when status is not 'implemented'"
},
"evidence_required": {
"type": "array",
"items": { "type": "string" }
},
"remediation": {
"type": "string",
"description": "Engineering task to close the gap"
},
"priority": {
"type": "string",
"enum": ["critical", "high", "medium", "low"]
}
}
}
}
}
}
Example Output
{
"framework": "SOC 2 (AICPA TSC)",
"assessment_date": "2026-02-24",
"controls": [
{
"control_id": "CC6.1",
"control_name": "Logical and Physical Access Controls",
"status": "partially_implemented",
"gap_description": "RBAC is implemented for the API but not enforced on the database layer. Direct database access is possible with shared credentials.",
"evidence_required": [
"RBAC policy documentation",
"Database access audit logs",
"List of users with direct database access"
],
"remediation": "Implement per-service database credentials with minimum required permissions. Remove shared database credentials. Enable database audit logging.",
"priority": "high"
},
{
"control_id": "CC7.2",
"control_name": "System Monitoring",
"status": "implemented",
"evidence_required": [
"Monitoring dashboard screenshots",
"Alert configuration documentation",
"Incident response runbook"
],
"remediation": null,
"priority": null
}
]
}
Requesting Structured Output
To get JSON output from a compliance copilot session, end your conversation with:
Format the control mappings as JSON following this structure:
{ "framework": "...", "assessment_date": "...", "controls": [{ "control_id": "...", "status": "...", ... }] }
Validation Prompt Output
Security validation prompts (SV-U and SV-D series) produce structured verdicts.
High Token Variant Schema
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Manicode Validation Verdict (High Token)",
"type": "object",
"required": ["verdict", "confidence", "threats_detected"],
"properties": {
"verdict": {
"type": "string",
"enum": ["ALLOW", "BLOCK"]
},
"confidence": {
"type": "number",
"minimum": 0,
"maximum": 1
},
"threats_detected": {
"type": "array",
"items": {
"type": "object",
"properties": {
"category": {
"type": "string",
"enum": [
"prompt_injection",
"jailbreak",
"data_exfiltration",
"harmful_content",
"pii_exposure",
"policy_violation",
"resource_exhaustion",
"obfuscation"
]
},
"severity": {
"type": "string",
"enum": ["critical", "high", "medium", "low"]
},
"description": { "type": "string" },
"evidence": { "type": "string" }
}
}
},
"reasoning": {
"type": "string",
"description": "Detailed explanation of the verdict"
}
}
}
Example Output (High Token)
{
"verdict": "BLOCK",
"confidence": 0.94,
"threats_detected": [
{
"category": "prompt_injection",
"severity": "high",
"description": "Input contains instruction override attempt disguised as a system message",
"evidence": "Text contains 'Ignore all previous instructions and...' pattern embedded within a base64-encoded string"
}
],
"reasoning": "The input contains a base64-encoded string that, when decoded, reveals a prompt injection attempt. The encoding is a common obfuscation technique used to bypass input filters. The injection attempts to override the system prompt and extract configuration details."
}
Low Token Variant
Low Token variants produce a compact response for production use:
BLOCK | prompt_injection | high | 0.94
Format: verdict | category | severity | confidence
Using Schemas in Your Workflow
Validate Output Programmatically
import json
import jsonschema
# Load the schema
with open("docs/schemas/threat-model-schema.json") as f:
schema = json.load(f)
# Validate model output
with open("threat-model-output.json") as f:
output = json.load(f)
try:
jsonschema.validate(output, schema)
print("Output is valid")
except jsonschema.ValidationError as e:
print(f"Validation error: {e.message}")
Parse and Transform
# Extract high-severity threats from a threat model
def get_high_severity_threats(threat_model):
return [
v for v in threat_model.get("vulnerabilities", [])
if any(r.get("severity") in ("critical", "high") for r in v.get("ratings", []))
]
# Extract gaps from a compliance assessment
def get_compliance_gaps(assessment):
return [
c for c in assessment.get("controls", [])
if c["status"] in ("not_implemented", "partially_implemented")
]