core architecture blueprint

workplans/GUIDE-BOARD-WP-0001-bootstrapping.md

@@ -121,13 +121,33 @@ Acceptance:
   harness candidates.
 - Candidates include CMIS/OpenCMIS, OGC TEAM Engine, OpenID Foundation
   Conformance Suite, CNCF Kubernetes Conformance, web-platform-tests, Khronos
-  CTS, NIST ACVP, ONC/HL7 FHIR Inferno, Jakarta EE TCK, and OPC UA CTT.
+  CTS, NIST ACVP, ONC/HL7 FHIR Inferno, Jakarta EE TCK, OPC UA CTT, NIST
+  SCAP/OpenSCAP, NIST OSCAL, CIS-CAT Pro, and OpenSSF Scorecard.
 - Candidate notes capture authority, harness pattern, value, and access
   constraints.
 - Non-harness compliance packs are separated from executable conformance harness
   candidates.
 
-## D1.4 - Core Contract Schemas
+## D1.4 - Core Architecture Blueprint
+
+```task
+id: GUIDE-BOARD-WP-0001-T004A
+status: done
+priority: high
+state_hub_task_id: "503cb054-e8a7-42e6-a171-e57c7188d835"
+```
+
+Acceptance:
+
+- `docs/ARCHITECTURE-BLUEPRINT.md` captures core concepts, precedent lessons,
+  component boundaries, extension archetypes, execution flow, run directory
+  contract, and governance model.
+- The blueprint distinguishes executable harnesses, validators,
+  protocol-driven services, hosted suites, repository quality scanners, and
+  procedural evidence collectors.
+- The blueprint names the next schema and CLI implementation sequence.
+
+## D1.5 - Core Contract Schemas
 
 ```task
 id: GUIDE-BOARD-WP-0001-T004
@@ -146,7 +166,7 @@ Acceptance:
 - Schemas include source URL, source version, harness version, license/access
   posture, and certification boundary fields.
 
-## D1.5 - Local CLI Baseline
+## D1.6 - Local CLI Baseline
 
 ```task
 id: GUIDE-BOARD-WP-0001-T005
@@ -163,7 +183,7 @@ Acceptance:
 - CLI can execute a no-op/sample extension to prove core contracts independent
   of CMIS.
 
-## D1.6 - Extension SDK Skeleton
+## D1.7 - Extension SDK Skeleton
 
 ```task
 id: GUIDE-BOARD-WP-0001-T006
@@ -180,7 +200,7 @@ Acceptance:
 - Extension ownership boundaries make later extraction to a separate repository
   straightforward.
 
-## D1.7 - CMIS Seed Extension Integration
+## D1.8 - CMIS Seed Extension Integration
 
 ```task
 id: GUIDE-BOARD-WP-0001-T007
@@ -196,7 +216,7 @@ Acceptance:
 - CMIS output normalizes into the same evidence model used by other extensions.
 - CMIS capability mappings are extension-owned.
 
-## D1.8 - Containerized Execution Design
+## D1.9 - Containerized Execution Design
 
 ```task
 id: GUIDE-BOARD-WP-0001-T008
@@ -213,7 +233,7 @@ Acceptance:
 - Restricted or license-gated harnesses are represented as mounted external
   assets, not redistributed guide-board content.
 
-## D1.9 - Optional Local Service API
+## D1.10 - Optional Local Service API
 
 ```task
 id: GUIDE-BOARD-WP-0001-T009
@@ -229,7 +249,7 @@ Acceptance:
 - Long-running jobs are tracked without blocking the API process.
 - CLI remains the source of truth for execution semantics.
 
-## D1.10 - Compliance Evidence Pack Strategy
+## D1.11 - Compliance Evidence Pack Strategy
 
 ```task
 id: GUIDE-BOARD-WP-0001-T010
@@ -253,6 +273,7 @@ Acceptance:
 - CMIS is represented as the first extension, not the root product.
 - The root architecture is broad enough for official conformance harnesses and
   procedural evidence packs.
+- The root architecture blueprint is documented and linked from README.
 - At least one extension can be run through local CLI contracts.
 - Candidate extensions are registered with authority, source, access, and
   architecture notes.