feat(provenance): harden source manifest contracts and recalibrate downstream artifacts

[nsalvacao]

Summary

• implement Wave A and Wave B maturity work for the remaining public-draft corpus
• promote the conservative subset validated by cross-doc review
• sync README maturity and docs manifest with the final promoted set
• harden source manifests into bounded semantic contracts and add semantic provenance validation
• recalibrate previously promoted artifacts against the hardened manifest model

Included

• Discovery: keep only the narrow Scrum artifacts fully public and tighten the wording/provenance of the remaining hybrid discovery templates
• Architecture/Security: keep the promoted artifacts public, but remove over-anchoring where Microsoft architecture guidance was not materially claimed
• Operations/Continuity: keep the defensible public promotions, narrow incident vs continuity provenance, and keep scenario-heavy artifacts in public-draft with cleaner source claims
• Project/Service Governance: keep public status, but soften PMI/PRINCE2/ITIL wording to aligned public semantics rather than stronger implied fidelity
• Cross-doc hardening: remove stale manifest references, deduplicate manifest lists, and normalize reviewed dates after the manifest split

Validation

• python3 scripts/validate_governance_artifacts.py
• python3 artifacts/01_Governance_Method/scripts/validate_governance_artifacts.py
• python3 -m py_compile scripts/validate_governance_artifacts.py artifacts/01_Governance_Method/scripts/validate_governance_artifacts.py

Rationale Note

This PR now includes a directed post-hardening recalibration pass. After the source manifests became narrower and semantically enforceable, we re-reviewed the artifacts that had previously been promoted or materially affected by the old broader provenance buckets. The intent was not blanket demotion; it was to keep documents public only where the stronger manifest model still defensibly supports them, and to tighten wording where public manifests support aligned semantics rather than full framework fidelity.

[gemini-code-assist]

Code Review

This pull request promotes several artifact templates—including the Product Backlog, Planning Record, and various incident management documents—from "Public draft" to "Public" status. The changes include updating the revision dates to 2026-03-30, adding a "Related Artifacts" section to multiple templates for better cross-referencing, and updating the manifest.json and README.md to reflect the new maturity levels. I have no feedback to provide as there were no review comments.

[Copilot]

Pull request overview

This PR hardens the repository’s public provenance model by splitting broad source families into narrower, contract-driven manifests and updating downstream artifacts (plus the validator) to align with the new bounded manifest semantics.

Changes:

• Introduces/updates many public source manifests with a standardized Validation Contract (tokens, allowed dimensions, authority level) and updates the public manifest index.
• Extends the governance artifact validator to check manifest contract presence and enforce manifest alignment rules (dimension scoping + frontmatter/footer manifest consistency).
• Recalibrates a large set of artifacts and the public docs catalog to reference the new manifests and promote a conservative subset to Public maturity.

Reviewed changes

Copilot reviewed 120 out of 120 changed files in this pull request and generated 14 comments.

Show a summary per file

File	Description
sources/manifests/service_mgmt__itil.md	Adds Validation Contract + updates reviewed date/notes.
sources/manifests/security__owasp_threat_modeling.md	New OWASP threat modeling manifest with Validation Contract.
sources/manifests/security__owasp_asvs.md	New OWASP ASVS manifest with Validation Contract.
sources/manifests/quality__fmea.md	New FMEA manifest with Validation Contract.
sources/manifests/project__prince2.md	Adds Validation Contract + tightens notes/review date.
sources/manifests/project__pmi.md	Updates official source links + adds Validation Contract.
sources/manifests/platform__microsoft_security.md	New Microsoft security/STRIDE manifest with Validation Contract.
sources/manifests/platform__microsoft_mlops.md	New Microsoft MLOps manifest with Validation Contract.
sources/manifests/platform__microsoft_learn.md	Removes the older broad Microsoft Learn manifest.
sources/manifests/platform__microsoft_architecture.md	New Microsoft architecture manifest with Validation Contract.
sources/manifests/platform__gitops.md	Adds Validation Contract and updates reviewed date.
sources/manifests/platform__aws_well_architected.md	Adds Validation Contract and tightens continuity guidance note.
sources/manifests/operations__nist_incident_response.md	New incident response-focused NIST manifest with Validation Contract.
sources/manifests/operations__nist_continuity.md	New continuity-focused NIST manifest with Validation Contract.
sources/manifests/operations__nist_cisa.md	Removes older combined NIST/CISA manifest.
sources/manifests/operations__iso_22301.md	New ISO 22301 manifest with Validation Contract.
sources/manifests/operations__google_sre.md	Adds Validation Contract and clarifies non-stand-in usage.
sources/manifests/method__scrum_guide.md	Pins to Scrum Guide 2020 PDF + adds Validation Contract.
sources/manifests/method__retrospectives.md	New retrospectives manifest with Validation Contract.
sources/manifests/method__pre_mortem.md	New pre-mortem manifest with Validation Contract.
sources/manifests/method__okr.md	New OKR manifest with Validation Contract.
sources/manifests/method__lean_startup.md	New Lean Startup manifest with Validation Contract.
sources/manifests/method__continuous_discovery.md	New continuous discovery manifest with Validation Contract.
sources/manifests/governance__github_docs.md	Adds Validation Contract and clarifies scope boundaries.
sources/manifests/documentation__diataxis.md	Adds Validation Contract and updates reviewed date.
sources/manifests/architecture__madr.md	New MADR manifest with Validation Contract.
sources/manifests/architecture__arc42.md	New arc42 manifest with Validation Contract.
sources/manifests/ai_ops__openai_docs.md	Adds Validation Contract + clarifies governance-vs-provider guidance.
sources/manifests/ai_gov__nist_ai_rmf_eu_ai_act.md	New AI governance manifest with Validation Contract.
sources/README.md	Updates manifest index and documents bounded-scope semantics.
scripts/validate_governance_artifacts.py	Adds manifest contract parsing + alignment checks + contract presence checks.
artifacts/01_Governance_Method/scripts/validate_governance_artifacts.py	Mirrors validator hardening in the reusable artifact library.
docs/manifest.json	Promotes select artifacts to Public/ready in the docs catalog.
decision_log.md	Updates manifest references from removed manifests to split manifests.
README.md	Updates top-level navigation text and maturity table entries for promoted artifacts.
artifacts/10_Risk_Exceptions_Traceability/templates/security_advisory_vulnerability_record.md	Swaps old NIST/CISA manifest reference to NIST incident response manifest.
artifacts/10_Risk_Exceptions_Traceability/templates/risk_register.md	Swaps old NIST/CISA + Microsoft Learn manifests to split manifests.
artifacts/10_Risk_Exceptions_Traceability/templates/exception_deviation_record.md	Swaps old NIST/CISA + Microsoft Learn manifests to split manifests.
artifacts/10_Risk_Exceptions_Traceability/standards/metrics_review_cadence.md	Replaces GitHub Docs manifest with Scrum Guide manifest for inspection cadence.
artifacts/10_Risk_Exceptions_Traceability/policies/audit_trail_policy.md	Swaps old NIST/CISA manifest to NIST incident response manifest.
artifacts/09_Project_Portfolio_Service_Governance/templates/stakeholder_register.md	Tightens primary source basis wording.
artifacts/09_Project_Portfolio_Service_Governance/templates/project_charter.md	Tightens primary source basis wording.
artifacts/09_Project_Portfolio_Service_Governance/templates/known_error_record.md	Swaps old NIST/CISA manifest to NIST incident response manifest.
artifacts/09_Project_Portfolio_Service_Governance/templates/communications_management_plan.md	Tightens primary source basis wording.
artifacts/09_Project_Portfolio_Service_Governance/templates/business_case.md	Tightens primary source basis wording.
artifacts/09_Project_Portfolio_Service_Governance/templates/benefits_realization_record.md	Tightens primary source basis wording.
artifacts/09_Project_Portfolio_Service_Governance/policies/service_level_policy.md	Reframes basis toward ITIL semantics + governance framing.
artifacts/09_Project_Portfolio_Service_Governance/policies/problem_management_policy.md	Swaps old NIST/CISA manifest to NIST incident response manifest.
artifacts/08_Knowledge_Documentation_Continuous_Improvement/templates/root_cause_analysis.md	Swaps old NIST/CISA manifest to NIST incident response manifest.
artifacts/08_Knowledge_Documentation_Continuous_Improvement/templates/lessons_learned.md	Swaps old NIST/CISA manifest to NIST incident response manifest.
artifacts/08_Knowledge_Documentation_Continuous_Improvement/standards/production_readiness_standard.md	Removes Microsoft manifest reference; narrows source basis/manifests.
artifacts/08_Knowledge_Documentation_Continuous_Improvement/standards/decision_log_standard.md	Updates Microsoft manifest reference to microsoft_architecture.
artifacts/07_Operations_Incidents_Continuity/templates/standard_operating_procedure.md	Rewrites provenance away from ISO/NIST toward SRE + structured guidance.
artifacts/07_Operations_Incidents_Continuity/templates/service_fact_sheet.md	Promotes to public + adds related-artifact linking.
artifacts/07_Operations_Incidents_Continuity/templates/service_continuity_plan.md	Re-anchors to ISO 22301 manifest and adds related-artifact linking.
artifacts/07_Operations_Incidents_Continuity/templates/runbook.md	Updates reviewed date.
artifacts/07_Operations_Incidents_Continuity/templates/playbooks/service_recovery.md	Updates NIST manifest reference + reviewed date.
artifacts/07_Operations_Incidents_Continuity/templates/playbooks/incident_coordination.md	Removes NIST manifest reference + reviewed date.
artifacts/07_Operations_Incidents_Continuity/templates/playbooks/incident_communications.md	Removes NIST manifest reference + reviewed date.
artifacts/07_Operations_Incidents_Continuity/templates/playbooks/escalation.md	Updates NIST manifest reference + reviewed date.
artifacts/07_Operations_Incidents_Continuity/templates/playbook.md	Removes NIST manifest reference + reviewed date.
artifacts/07_Operations_Incidents_Continuity/templates/on_call_escalation_guide.md	Updates NIST manifest reference + reviewed date.
artifacts/07_Operations_Incidents_Continuity/templates/incident_timeline.md	Promotes to public + adds related-artifact linking.
artifacts/07_Operations_Incidents_Continuity/templates/incident_response_plan.md	Promotes to public + updates NIST manifest reference + adds related-artifact linking.
artifacts/07_Operations_Incidents_Continuity/templates/incident_report.md	Promotes to public + updates NIST manifest reference + adds related-artifact linking.
artifacts/07_Operations_Incidents_Continuity/templates/incident_communications_plan.md	Updates NIST manifest reference + reviewed date.
artifacts/07_Operations_Incidents_Continuity/templates/exercise_drill_record.md	Promotes to public + re-anchors to NIST continuity + ISO 22301 manifests.
artifacts/07_Operations_Incidents_Continuity/templates/contingency_plan.md	Re-anchors to NIST continuity manifest.
artifacts/07_Operations_Incidents_Continuity/templates/business_impact_analysis.md	Re-anchors to NIST continuity manifest.
artifacts/07_Operations_Incidents_Continuity/standards/incident_playbook_standard.md	Updates NIST manifest reference.
artifacts/07_Operations_Incidents_Continuity/standards/contingency_planning_standard.md	Re-anchors to NIST continuity manifest + updates reviewed date.
artifacts/07_Operations_Incidents_Continuity/standards/business_impact_analysis_standard.md	Re-anchors to NIST continuity manifest + updates reviewed date.
artifacts/07_Operations_Incidents_Continuity/policies/incident_response_policy.md	Updates NIST manifest reference + removes Microsoft manifest reference.
artifacts/06_Platform_Delivery_Automation_AI_Operations/templates/prompt_system_instruction_registry.md	Updates Microsoft manifest reference to microsoft_mlops.
artifacts/06_Platform_Delivery_Automation_AI_Operations/templates/model_release_serving_record.md	Updates Microsoft manifest reference to microsoft_mlops.
artifacts/06_Platform_Delivery_Automation_AI_Operations/templates/model_registry_record.md	Updates Microsoft manifest reference to microsoft_mlops.
artifacts/06_Platform_Delivery_Automation_AI_Operations/templates/model_monitoring_drift_report.md	Updates Microsoft manifest reference to microsoft_mlops.
artifacts/06_Platform_Delivery_Automation_AI_Operations/templates/infrastructure_as_code_platform_baseline_record.md	Updates Microsoft manifest reference to microsoft_architecture.
artifacts/06_Platform_Delivery_Automation_AI_Operations/templates/evaluation_suite_benchmark_record.md	Updates Microsoft manifest reference to microsoft_mlops.
artifacts/06_Platform_Delivery_Automation_AI_Operations/templates/dataset_training_data_record.md	Updates Microsoft manifest reference to microsoft_mlops.
artifacts/06_Platform_Delivery_Automation_AI_Operations/templates/ci_workflow_build_pipeline_record.md	Updates Microsoft manifest reference to microsoft_architecture.
artifacts/06_Platform_Delivery_Automation_AI_Operations/templates/cd_deployment_pipeline_record.md	Updates Microsoft manifest reference to microsoft_architecture.
artifacts/06_Platform_Delivery_Automation_AI_Operations/templates/artifact_build_provenance_record.md	Updates Microsoft manifest reference to microsoft_architecture.
artifacts/06_Platform_Delivery_Automation_AI_Operations/policies/mlops_genaiops_policy.md	Updates Microsoft manifest reference to microsoft_mlops.
artifacts/06_Platform_Delivery_Automation_AI_Operations/policies/environment_promotion_policy.md	Updates Microsoft manifest reference to microsoft_architecture.
artifacts/06_Platform_Delivery_Automation_AI_Operations/policies/ci_cd_policy.md	Updates Microsoft manifest reference to microsoft_architecture.
artifacts/06_Platform_Delivery_Automation_AI_Operations/policies/ai_safety_guardrail_policy.md	Adds AI governance manifest; removes Microsoft manifest reference.
artifacts/06_Platform_Delivery_Automation_AI_Operations/README.md	Updates manifest list to split Microsoft manifests.
artifacts/05_Delivery_Change_Readiness/templates/rollback_backout_plan.md	Swaps Microsoft manifest to AWS Well-Architected manifest.
artifacts/05_Delivery_Change_Readiness/templates/release_plan_rollout_plan.md	Removes GitHub Docs manifest reference.
artifacts/05_Delivery_Change_Readiness/templates/release_checklist.md	Removes GitHub Docs manifest reference.
artifacts/05_Delivery_Change_Readiness/templates/post_implementation_review.md	Swaps manifests to ITIL + Google SRE.
artifacts/05_Delivery_Change_Readiness/templates/change_record.md	Swaps NIST/CISA manifest reference to ITIL manifest.
artifacts/05_Delivery_Change_Readiness/templates/change_log_release_notes.md	Removes GitHub Docs manifest reference.
artifacts/05_Delivery_Change_Readiness/templates/change_communication.md	Swaps GitHub Docs manifest reference to ITIL manifest.
artifacts/04_Quality_Review_Control/standards/test_strategy_and_verification_policy.md	Updates Microsoft manifest reference to microsoft_architecture.
artifacts/03_Architecture_Security_Decision/templates/trade_off_analysis.md	Updates Microsoft manifest reference to microsoft_architecture.
artifacts/03_Architecture_Security_Decision/templates/threat_model.md	Re-anchors to Microsoft security + OWASP threat modeling manifests.
artifacts/03_Architecture_Security_Decision/templates/security_requirements_record.md	Re-anchors to OWASP ASVS manifest only.
artifacts/03_Architecture_Security_Decision/templates/design_rationale.md	Re-anchors from Microsoft to arc42 manifest.
artifacts/03_Architecture_Security_Decision/templates/architecture_review_record.md	Re-anchors from Microsoft to arc42 manifest.
artifacts/03_Architecture_Security_Decision/standards/architecture_decision_record_standard.md	Re-anchors to MADR + Microsoft architecture manifests.
artifacts/02_Discovery_Planning_Early_Learning/templates/technical_retrospective.md	Re-anchors to retrospectives manifest + adds related-artifact linking.
artifacts/02_Discovery_Planning_Early_Learning/templates/research_experiment_log.md	Re-anchors to Lean Startup manifest + refines wording/links.
artifacts/02_Discovery_Planning_Early_Learning/templates/product_goal_outcome_statement.md	Adds OKR manifest + refines wording/links.
artifacts/02_Discovery_Planning_Early_Learning/templates/product_backlog.md	Promotes to public + adds related-artifact linking.
artifacts/02_Discovery_Planning_Early_Learning/templates/pre_mortem_failure_scenario_review.md	Re-anchors to pre-mortem manifest + refines wording.
artifacts/02_Discovery_Planning_Early_Learning/templates/planning_record.md	Promotes to public + adds related-artifact linking.
artifacts/02_Discovery_Planning_Early_Learning/templates/fmea_failure_mode_analysis.md	Re-anchors to FMEA manifest + refines wording.
artifacts/02_Discovery_Planning_Early_Learning/templates/discovery_brief.md	Re-anchors to continuous discovery manifest + adds related-artifact linking.
artifacts/02_Discovery_Planning_Early_Learning/templates/assumptions_register.md	Re-anchors to PMI + Lean Startup manifests + refines wording/links.
artifacts/01_Governance_Method/templates/repository-health/README.md	Replaces placeholder attribution with fixed, public-safe attribution.
artifacts/01_Governance_Method/templates/partials/source_attribution.md	Adds concrete Source Attribution + embeds reusable block example.
artifacts/01_Governance_Method/templates/decision_log_entry.md	Updates Microsoft manifest reference to microsoft_architecture.
artifacts/01_Governance_Method/templates/architecture_decision_record.md	Updates manifest references to MADR + Microsoft architecture manifests.
artifacts/01_Governance_Method/standards/coding_standards.md	Updates Microsoft manifest reference to microsoft_architecture.
artifacts/01_Governance_Method/standards/automation_and_ai_execution.md	Updates Microsoft manifest reference to microsoft_architecture.
artifacts/01_Governance_Method/standards/adr_standard.md	Updates manifest references to MADR + Microsoft architecture manifests.
artifacts/01_Governance_Method/policies/incident_management_policy.md	Swaps old NIST/CISA manifest to NIST incident response manifest.
artifacts/01_Governance_Method/policies/adr_policy.md	Updates manifest references to MADR + Microsoft architecture manifests.