v0.4.0 Release Notes
Release Date: 2026-05-09
Highlights
- SLI Type - Define metrics with framework mappings once at the SLI level
- SLI Catalog - Markdown reports include metrics grouped by category
- Expanded Frameworks - NIST CSF 2.0, FedRAMP baselines, SOC 2, ISO 27001, CIS Controls
- TypeScript Schema - Zod schema for web viewer components
- Formal PRD - Project vision and design decisions documented
Added
SLI (Service Level Indicator) Type
The new SLI type defines metrics with framework mappings at the metric level:
{
"slis": {
"security-mttr": {
"id": "security-mttr",
"name": "Security MTTR",
"metricName": "security_mttr_days",
"unit": "days",
"type": "quantitative",
"category": "response",
"frameworkMappings": [
{"framework": "NIST_800_53", "reference": "IR-6"},
{"framework": "SOC_2", "reference": "CC7.4"}
]
}
}
}
Criteria reference SLIs via sliId and inherit framework mappings:
{
"criteria": [{
"id": "sec-m4-mttr",
"name": "Fast MTTR",
"sliId": "security-mttr",
"operator": "lte",
"target": 7
}]
}
SLI Catalog in Markdown Reports
The prism maturity report command now generates an SLI Catalog section:
The catalog shows all SLIs grouped by category (prevention, detection, response, etc.) with framework mappings for quick reference.
Expanded Framework Constants
New framework constants for compliance mapping:
| Framework | Constant |
|---|---|
| NIST CSF 2.0 | NIST_CSF_2 |
| NIST RMF | NIST_RMF |
| NIST AI RMF | NIST_AI_RMF |
| NIST 800-171 | NIST_800_171 |
| FedRAMP High | FEDRAMP_HIGH |
| FedRAMP Moderate | FEDRAMP_MOD |
| FedRAMP Low | FEDRAMP_LOW |
| CIS Controls | CIS_CONTROLS |
| SOC 2 | SOC_2 |
| ISO 27001 | ISO_27001 |
TypeScript/Zod Schema
The viewer/ directory includes TypeScript schemas for building web viewer components:
CLI Commands
prism maturity report- Generate Markdown reports with SLI Catalogprism maturity xlsx- Generate Excel workbooks
Changed
Breaking Changes
- Layer and Category removed from Criterion - These fields are now SLI-only. Existing specs with inline
layerorcategoryon criteria should move these to the referenced SLI.
Deprecations
- KPIThresholds - Use SLIs with framework mappings instead
Fixed
- Test hangs on Windows fixed with oscompat/testutil.CaptureStdout
Documentation
docs/design/core/PRD.md- Project vision, design decisions, ISO 25010 alignment- Updated SLI vs SLO architecture in
docs/schema/slos.md - SLI Catalog documented in
docs/cli/maturity-report.md - IDEATION_CHAT.md converted to formal documentation
Migration Guide
Updating Criteria with Layer/Category
If your maturity spec has criteria with inline layer or category:
Before (v0.3.0):
{
"criteria": [{
"id": "sec-m4-mttr",
"name": "Security MTTR",
"metricName": "security_mttr_days",
"layer": "runtime",
"category": "response"
}]
}
After (v0.4.0):
{
"slis": {
"security-mttr": {
"id": "security-mttr",
"name": "Security MTTR",
"metricName": "security_mttr_days",
"layer": "runtime",
"category": "response"
}
},
"domains": {
"security": {
"levels": [{
"criteria": [{
"id": "sec-m4-mttr",
"sliId": "security-mttr",
"operator": "lte",
"target": 7
}]
}]
}
}
}