http service with health, extension listing, profile validation, run planning, async run jobs, job inspection, and report retrieval

docs/ARCHITECTURE-BLUEPRINT.md

@@ -301,6 +301,15 @@ cluster, product, API, data archive, host, organization, process, or policy set.
 Assessment profiles select frameworks, controls, check groups, expectations,
 waivers, output policies, and retention policies.
 
+### Local Service Facade
+
+Wraps the CLI/core contracts in a dependency-light local HTTP API. The service
+can list extensions, validate profiles, build plans, start assessment jobs,
+inspect job status, and fetch generated reports.
+
+The first implementation stores job status in memory and leaves durable evidence
+in the normal run directory. It does not introduce separate execution semantics.
+
 ### Assessment Planner
 
 Resolves an assessment profile into an executable run plan:
@@ -446,6 +455,11 @@ executable harness exists.
 
 Examples: GDPR, SOC 2, HIPAA, NF Z 42-013, NF 461, ISO 14641, ISO 15489.
 
+Procedural packs use evidence request sets to describe artifact collection,
+review roles, acceptance criteria, confidentiality, renewal expectations, and
+waiver paths without reproducing restricted standard text. See
+`docs/COMPLIANCE-EVIDENCE-PACKS.md`.
+
 ### Hybrid Extension
 
 Combines automated checks, manual evidence, external auditor review, and imported