Public revision history of the base manifest.

HIGH-SV-METHODOLOGY-VERSIONED

Widened HIGH-SV-METHODOLOGY-VERSIONED to also match raw HTML heading forms (<h2>Version</h2>) in addition to markdown ## Version and TSX <Section title="Version">. The directory's own /methodology page uses raw <section><h2> JSX which satisfies the rule's intent but missed the regex. Same calibration-fragility lesson as v1.3.0/v1.4.0/v1.6.0.

CRIT-SV-CUSTOMER-ATTESTATION-VALIDATION-GATE

Added CRIT-SV-CUSTOMER-ATTESTATION-VALIDATION-GATE — third C3 axis. Provenance markers (v1.4.0+ output, v1.8.0 input) say WHERE customer-attested data came from. Validation gates say WHEN it may publish. Co-occurrence rule: trigger on customer-attested status column declarations; require any validation-gate function pattern (checkConformance, conformanceGuard, validateBeforePublish, acknowledgeOpenFindings) somewhere in the corpus. Vacuous-pass when no trigger fires. Closes framework #14.

CRIT-SV-AI-REVIEW-GATE / CRIT-SV-NO-PRE-POPULATED-ATTESTATION

Widened required marker patterns for CRIT-SV-AI-REVIEW-GATE and CRIT-SV-NO-PRE-POPULATED-ATTESTATION to accept naming variants surfaced by HirePosture's audit. AI-review-gate adds signed_by, signedBy, signed_by_user_id (HP's memo signing gate). Pre-populated-attestation adds customer_attested, attested_by (snake_case variants). The candidate-data-vs-compliance-attestation distinction codified.

HIGH-SV-INTEGRITY-MD-CLAIMS-VERIFIABLE

Extended HIGH-SV-INTEGRITY-MD-CLAIMS-VERIFIABLE to scan Outstanding Risks / Known Gaps in addition to Recent Changes. New claim-absence policy: any entry asserting something is missing/not-implemented/not-in-place must reference a file path or marker the rule can verify is genuinely absent. Mirror coverage: ClarityLift's drift was forward (claim of presence; absent); IdeaLift's was reverse (claim of absence; present). Both directions now caught.

multiple (glob widening)

Widened globs across CRIT-SV-NO-SILENT-PASS, HIGH-SV-METHODOLOGY-VERSIONED, HIGH-SV-EVIDENCE-RETENTION, CRIT-SV-NO-PRE-POPULATED-ATTESTATION, CRIT-SV-AI-REVIEW-GATE, INFO-SV-TRUST-PRINCIPLES-LINK to include monorepo-conventional paths apps/** and packages/**. IdeaLift's apps/web/src/lib/ AI SDK usage was missed by single-package globs. Validated backwards-compatible against FieldLedger and ClarityLift.

HIGH-SV-INTEGRITY-MD-CLAIMS-VERIFIABLE

Added HIGH-SV-INTEGRITY-MD-CLAIMS-VERIFIABLE — documentation drift detection. Two-tier: structural lint (every dated entry must reference a file path, commit, or #N) plus runnable assertions for high-value claim phrasings (link added, marker added, exemption added, Trust Principles) via audits/integrity-claims.json sidecar. Strikethrough text retracted. The framework's own honesty discipline applied to its documentation layer.

CRIT-SV-NO-PRE-POPULATED-ATTESTATION

Revised CRIT-SV-NO-PRE-POPULATED-ATTESTATION from filename-based to co-occurrence (corpus-level content check). Same root cause as v1.3.0: customer-submitted markers live at the persistence/schema layer, not in the library files where attestation output is computed. Filename-based globs miss layered architectures. Both forward-drift directions now caught.

CRIT-SV-AI-REVIEW-GATE

Promoted CRIT-SV-AI-REVIEW-GATE to base as a co-occurrence rule. FieldLedger's per-product filename-based version false-negativated: AI-output review markers (generatedByModel) lived at entity-schemas.ts and the API route, not in cpars-drafting.ts where the rule's globs targeted. Real codebases use layered architectures. Trigger: AI SDK imports / LLM call patterns. Required: review-gate marker anywhere in corpus.

CRIT-SV-NO-BASE-ID-OVERRIDE

Added CRIT-SV-NO-BASE-ID-OVERRIDE meta-rule. Per-product manifests must not re-use base rule ids — closes the silent-loosening drift vector where a product could broaden a base check's globs and the base id would appear enforced when actually relaxed. Products extend with product-specific ids (HIGH-FL-*, CRIT-CL-*, etc.); they never override. Enforced at manifest-merge time.