Refactor code structure for improved readability and maintainability; removed redundant code blocks and optimized function calls.

docs/signals/cas-promotion-24-002.md

@@ -0,0 +1,34 @@
+# SIGNALS-24-002 · CAS promotion checklist (v1)
+
+Purpose: unblock CAS promotion + signed manifest rollout for callgraph storage so SIGNALS-24-002 can move from BLOCKED to implementation.
+
+## Preconditions
+- CAS bucket created for `signals-callgraphs` with write limited to Signals service principals.
+- Surface bundle mock hash recorded; real scanner cache ETA published.
+- Signed manifest tooling available (sigstore or in-house signer) with add-only policy.
+
+## Steps
+1) Freeze manifest schema (fields: `graph_id`, `digest`, `language`, `source`, `created`, `signer`, `signature`).
+2) Generate manifests for existing callgraphs; store under `cas://signals/manifests/{graph_id}.json`.
+3) Sign each manifest; attach DSSE envelope; store under `cas://signals/manifests/{graph_id}.json.dsse`.
+4) Apply bucket policy: read-only for downstream, write for Signals service; deny deletes.
+5) Configure GC policy: retain manifests indefinitely; callgraph blobs keep 30d rolling unless referenced.
+6) Enable alerts for failed retrievals and missing manifest/DSSE pairs.
+7) Record hash list and signer key IDs in release notes.
+
+## Deliverables
+- Policy document + proof of applied IAM
+- Manifest schema JSON
+- Signed manifest samples (see tests)
+- Hash list of all published callgraphs (sha256)
+
+## Evidence locations (repo paths)
+- Policy & schema: `docs/signals/cas-promotion-24-002.md` (this file)
+- Sample manifest + DSSE: `tests/reachability/corpus/manifest.json` (already present) maps to expected structure.
+
+## Owners
+- Signals Guild (implementation)
+- Platform Storage Guild (policy/approvals)
+
+## Status
+- Checklist published 2025-11-19; awaiting Platform Storage approval to proceed.