Manifest and Provenance

Manifest and provenance files describe what a TWPack contains and how it was produced. Together they enable auditing, reproducibility, and trust across organizations.

Manifest: Package Blueprint

{
  "format_version": "2.0.0",
  "pack_id": "PROJECT-2024-001",
  "pack_type": "full",
  "profile": "automotive-safety",
  "metadata": {
    "project": "Adaptive Cruise Control",
    "version": "1.2.0",
    "standard": "ISO 26262:2018"
  },
  "extensions": [
    "automotive/iso26262",
    "security/unr155"
  ],
  "statistics": {
    "artifacts": 1250,
    "links": 3400,
    "coverage": 0.98
  }
}

• format_version: TRF specification version.
• pack_type: full for complete evidence or partial for deltas.
• profile: Profile governing default artifact and validation sets.
• extensions: Domain packs applied during generation.
• statistics: Counts and high-level coverage snapshot.

Provenance: Creation Record

{
  "pack_id": "PROJECT-2024-001",
  "created_at": "2024-01-25T16:45:00Z",
  "created_by": {
    "name": "Jane Smith",
    "email": "jane.smith@company.com",
    "organization": "AutoCorp",
    "role": "Safety Engineer"
  },
  "tool": {
    "name": "TRF Generator",
    "version": "2.0.0"
  },
  "sources": [
    {
      "system": "JIRA",
      "version": "8.5.1",
      "extracted_at": "2024-01-25T16:00:00Z"
    }
  ],
  "signature": {
    "algorithm": "SHA256withRSA",
    "value": "3045022100..."
  }
}

• created_by: Who packaged the evidence and their affiliation.
• tool: Generator name and version for reproducibility.
• sources: Upstream systems, versions, and extraction times.
• signature: Cryptographic assurance that provenance has not been altered.

Related Topics

• TWPack Format
• Creating Your First Pack