# Silent Knowledge Pass — signal -> conclusion map (curated DATA, injected).
#
# What a scanner finding lets us conclude WITHOUT asking the user. A signal yields either a capability
# the company demonstrably has (with the evidence already in hand) or a product fact that drives scope.
# `relationship: detected` = a concrete artifact (strong, no question); `partial` = indicative (still
# verify, but lower priority). The scanners (website crawler, repo scanner, doc parser, product intake)
# are UPSTREAM and produce the signals; this file only interprets them. No norm text, no real names.

mappings:
  # ── website ───────────────────────────────────────────────────────────────────────────────
  - {signal: security_txt_or_cvd_policy, capability: coordinated_vulnerability_disclosure, relationship: detected, evidence: cvd_policy}
  - {signal: ce_marking_on_site, capability: ce_conformity_assessment_and_technical_documentation, relationship: partial, evidence: ce_declaration}
  - {signal: support_lifecycle_page, capability: security_update_support_period, relationship: partial, evidence: support_policy}
  - {signal: security_policy_page, capability: information_security_management, relationship: partial}
  # ── repository ────────────────────────────────────────────────────────────────────────────
  - {signal: sbom_file_found, capability: sbom_creation, relationship: detected, evidence: sbom}
  - {signal: signed_releases, capability: secure_signed_update_distribution, relationship: detected, evidence: signing_config}
  - {signal: github_actions_ci, capability: secure_development_lifecycle, relationship: partial, evidence: ci_pipeline}
  - {signal: dependency_scanning, capability: technical_vulnerability_management, relationship: partial, evidence: vuln_scanning_config}
  # ── documents ─────────────────────────────────────────────────────────────────────────────
  - {signal: ce_conformity_doc, capability: ce_conformity_assessment_and_technical_documentation, relationship: detected, evidence: technical_documentation}
  - {signal: product_risk_assessment_doc, capability: product_cyber_risk_assessment, relationship: detected, evidence: product_risk_assessment}
  - {signal: patch_policy_doc, capability: secure_signed_update_distribution, relationship: partial, evidence: patch_policy}
  - {signal: incident_response_plan_doc, capability: incident_management, relationship: detected, evidence: incident_procedure}
  # ── product facts (drive scope / target applicability) ──────────────────────────────────────
  - {signal: cloud_connectivity, product_fact: connected_to_internet}
  - {signal: plc_sps, product_fact: is_machine}
  - {signal: embedded_software, product_fact: has_embedded_software}
  - {signal: wireless_radio, product_fact: has_radio_equipment}
  - {signal: remote_access, product_fact: has_remote_access}
  - {signal: generates_usage_data, product_fact: generates_usage_data}