http service with health, extension listing, profile validation, run planning, async run jobs, job inspection, and report retrieval

2026-05-07 22:19:10 +02:00
parent 3ae6fd4140
commit a3ea11139c
12 changed files with 1028 additions and 13 deletions
--- a/docs/EXTENSION-SDK.md
+++ b/docs/EXTENSION-SDK.md
@@ -21,6 +21,7 @@ extensions/<extension-id>/
  src/
  docs/
  schemas/
+  evidence-requests/
  checks/
  mappings/
  profiles/
@@ -157,6 +158,32 @@ to extension-owned mappings and writes normalized mapping records to:
 runs/<run-id>/normalized/mappings.json
 ```

+## Evidence Request Sets
+
+Procedural and hybrid compliance extensions may include evidence request sets
+under:
+
+```text
+evidence-requests/<request-set-id>.json
+```
+
+These files validate against:
+
+```text
+docs/schemas/evidence-request-set.schema.json
+```
+
+Evidence request sets are for collection guidance and review workflow. They
+should reference official requirements by stable IDs or user-held licensed
+material, but they must not redistribute proprietary standard text. A starter
+template lives at:
+
+```text
+extensions/_template/evidence-request-set.json
+```
+
+See `docs/COMPLIANCE-EVIDENCE-PACKS.md` for the compliance-pack strategy.
+
 ## Expectations And Waivers

 Assessment profiles may reference expectation and waiver sets: