Public artifacts
Artifact policy
How we name, version, and publish public artifacts—verifiable by default and intentionally non‑enabling.
Rule of thumb
Publish “what” and “why”. Keep “how” private.
What we publish (public)
Structure‑only artifacts
- High‑level notes, primers, and checklists (scope‑qualified).
- References to official sources (standards / guidance) where applicable.
- Integrity artifacts (checksums + manifest) for verifiable downloads.
What we do not publish
- Templates, schemas, field mappings, or portal exports.
- Step‑by‑step operational instructions, triggers, or thresholds.
- Client‑identifying examples (datasets, screenshots, unique timelines).
Public content is designed to be audit‑friendly and evaluation‑ready—without enabling replication.
Naming and versioning
- We use stable, descriptive names with explicit versions.
- Recommended pattern:
FWL_<Topic>_<Type>_vX.Y[_YYYY-MM-DD].pdf - When a public artifact changes materially, the version changes—no silent edits.
Integrity and verification
- Where applicable, public downloads ship with SHA‑256 checksums.
- An integrity manifest lists what was published and the exact hashes.
- Verification is offline and does not require accounts or trackers.
Private delivery packs
- Operational mappings, templates, and runbooks are shared privately under a scoped agreement.
- Minimum necessary principle: only what is required for the agreed scope and evidence trail.
- Public pages stay structure‑only; enabling details remain private.