Refactor code structure for improved readability and maintainability; removed redundant code blocks and optimized function calls.

docs/signals/provenance-24-003.md

@@ -0,0 +1,31 @@
+# SIGNALS-24-003 · Provenance appendix checklist (v1)
+
+Purpose: unblock provenance enrichment for runtime facts so SIGNALS-24-003 can advance once CAS promotion is approved.
+
+## Required fields (per runtime fact)
+- `callgraph_id` (matches CAS manifest id)
+- `ingested_at` (UTC ISO-8601), `received_at`
+- `tenant`
+- `source` (host/service emitting facts)
+- `pipeline_version` (git SHA or build ID)
+- `provenance_hash` (sha256 of raw fact blob)
+- `signer` (key id) and optional `rekor_uuid` or `skip_reason: offline`
+
+## Steps
+1) Freeze provenance JSON schema (`provenance.runtime.fact.v1`).
+2) Add enrichment stage writing provenance into CAS alongside runtime facts.
+3) Emit DSSE attestation per batch of runtime facts; store in CAS.
+4) Update `/signals/runtime-facts/ndjson` handler to return `provenance_hash` and `callgraph_id` when available.
+5) Add validation tests to ensure add-only evolution and deterministic ordering.
+
+## Deliverables
+- Schema file: `docs/signals/provenance-24-003.md` (this file) with field list and invariants.
+- Test fixtures: reuse `tests/reachability/corpus/*/vex.openvex.json` provenance anchors; add `provenance_hash` coverage to `ReachabilityLatticeTests` when available.
+
+## Owners
+- Signals Guild (implementation)
+- Runtime Guild (schema review)
+- Authority Guild (signing/attestation)
+
+## Status
+- Checklist published 2025-11-19; awaiting schema/signing approval to proceed.