{
  "module": "12 — Capstone: Build a Production-Grade Harness",
  "course": "Master Course — Harness Engineering",
  "version": "1.0.0", "duration_minutes": 45, "total_questions": 10,
  "bloom_distribution": { "target": "20/40/40", "actual": { "recall": 2, "application": 4, "analysis": 4 } },
  "passing_score_percent": 70,
  "questions": [
    { "id": "Q01", "bloom": "recall", "type": "multiple_choice", "prompt": "What's the deliverable of the capstone?", "options": ["A test score", "Code + design doc + /60 scoring sheet + 3-sentence Verdict + 1-sentence MLSecOps note. The portfolio artifact — Course 1 credential.", "A presentation", "An essay"], "answer_index": 1, "rationale": "The capstone proves the full capability: design, build, audit, attack, defend. The artifact IS the credential." },
    { "id": "Q02", "bloom": "recall", "type": "multiple_choice", "prompt": "Which 3 attacks do you run against your capstone (Module 11)?", "options": ["DDoS, SQL injection, XSS", "Indirect injection · Memory poisoning (sleeper) · Tool abuse", "Phishing, social engineering, malware", "Brute force, dictionary, rainbow tables"], "answer_index": 1, "rationale": "The three Module 11 offensive techniques adapted to test your own harness. Each maps to a defense layer you should have implemented." },
    { "id": "Q03", "bloom": "application", "type": "multiple_choice", "prompt": "The capstone harness must have all 5 stop conditions (Module 1.2). Why?", "options": ["It's a rubric requirement", "A loop missing any stop is a production defect (infinite-loop problem). The capstone is PRODUCTION, not a demo.", "To pass the exam", "For observability"], "answer_index": 1, "rationale": "Production-grade means all 5: token budget, end_turn, max-iter, error threshold, human. A demo can have 1-2; production needs all." },
    { "id": "Q04", "bloom": "application", "type": "multiple_choice", "prompt": "You're building the capstone. When do you write the 12-decision design doc?", "options": ["After the build, to document what you did", "BEFORE coding. Design-doc-first prevents building-then-rationalizing. Commit to tradeoffs with no sunk-cost bias.", "During the build", "Never — just build"], "answer_index": 1, "rationale": "The capstone's key discipline. Decide before build; defend each choice. Makes the build an implementation of a design, not an accretion of accidents." },
    { "id": "Q05", "bloom": "application", "type": "multiple_choice", "prompt": "Why audit your OWN harness with the 6-phase method (12.3)?", "options": ["It's required for the grade", "The 6-phase method was built for OTHERS' harnesses. Applying it to your own catches vulnerabilities you're too close to see — objectivity via methodology.", "To show you know the method", "To pad the deliverable"], "answer_index": 1, "rationale": "You're too close to your own code. The methodology forces objectivity — the same checklist applied to Pi or Aider, now applied to your work." },
    { "id": "Q06", "bloom": "application", "type": "multiple_choice", "prompt": "After Course 1, what are the two paths?", "options": ["Graduate or drop out", "(1) Course 2 — push this harness into offensive/defensive security. (2) The 14 deep-dives — apply the 6-phase method to real production harnesses.", "Get a job or stay in school", "Build or stop"], "answer_index": 1, "rationale": "Both build on the capstone. Course 2 takes it into security; the deep-dives apply the methodology to the field's real harnesses." },
    { "id": "Q07", "bloom": "analysis", "type": "multiple_choice", "prompt": "Why require the security threat model (Module 11) in the design doc, not post-build?", "options": ["It's faster post-build", "Security designed-in is defense in depth; bolted-on is one layer. Deferring the threat model means architecture decisions (sandbox, prompt, memory) made without security context.", "It's optional", "Security is Module 11 only"], "answer_index": 1, "rationale": "Architecture decisions have security implications. If you defer the threat model, you've already chosen inside/outside sandbox, prompt density, memory model — without considering security. Design security WITH architecture." },
    { "id": "Q08", "bloom": "analysis", "type": "multiple_choice", "prompt": "Why choose thin (Pi) OR thick (Claude Code) up front, not both?", "options": ["Building both is more impressive", "Thickness is a design decision conditioned on use case (Module 0.1). Building 'both' = no coherent design — accreting features without a thickness commitment. Pick one, defend it.", "You should build both", "It doesn't matter"], "answer_index": 1, "rationale": "A coherent design commits to a position on the spectrum. 'Both' means neither — you've made no tradeoff, which means you've made no decision. The capstone requires a defensible position." },
    { "id": "Q09", "bloom": "analysis", "type": "multiple_choice", "prompt": "Why is the capstone described as 'the credential'?", "options": ["It's a certificate", "It demonstrates the FULL capability: design (12 decisions), build (all modules), audit (6 phases, /60), attack (3 techniques), defend (9 layers). One artifact proving the whole job.", "It's required for Course 2", "It has a grade"], "answer_index": 1, "rationale": "The capstone is the proof of competence. Not a test score — a working artifact that shows you can do every part of the job. That's what Course 1 grants." },
    { "id": "Q10", "bloom": "analysis", "type": "multiple_choice", "prompt": "Why does the capstone require attacking your own work (12.3)?", "options": ["It's destructive", "If you can't break your own harness, you don't understand its vulnerabilities. Attacking forces you to see the defenses from the outside — and to find the gaps you left during the build.", "It's optional", "It pads the deliverable"], "answer_index": 1, "rationale": "Defensive engineering requires offensive testing. If you only build and never attack, you ship defenses you've never stress-tested. The 3 attacks are the proof your defenses actually work — or the discovery that they don't." }
  ]
}
