Refresh 13 ISMS governance docs to v0.8.48 and propagate IMF data source#1885
Refresh 13 ISMS governance docs to v0.8.48 and propagate IMF data source#1885
Conversation
Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/7f0251fb-d465-433d-99bf-5a32d1b7ecfc Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
…er ISMS docs Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/e2b17f7b-0b8b-4bfb-9867-1438e83e8e02 Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
github-actions
Bot
added
documentation
🏷️ Automatic Labeling SummaryThis PR has been automatically labeled based on the files changed and PR metadata. Applied Labels: documentation,security,isms,iso-27001,nist-csf,cis-controls,size-l Label Categories
For more information, see |
🔍 Lighthouse Performance Audit
📥 Download full Lighthouse report Budget Compliance: Performance budgets enforced via |
There was a problem hiding this comment.
Pull request overview
Updates ISMS governance/architecture documentation to match the current v0.8.48 repository state and propagates the newly adopted IMF economic data source (as a pure TypeScript client) to parity with existing SCB/World Bank references.
Changes:
- Refreshed document control metadata (versions/dates/review cadence) and added “What changed since last review” blocks across the governance docs.
- Updated workflow inventory/diagrams to reflect the current
.github/workflows/contents and introduced IMF as an additional economic-data source (non-MCP, invoked via TypeScript scripts). - Expanded security/compliance/continuity documentation to include IMF endpoints, threat-agent coverage, and CRA evidence mapping.
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| WORKFLOWS.md | Refreshes workflow inventory/diagrams and adds IMF as an economic-data source in workflow documentation. |
| THREAT_MODEL.md | Updates threat model metadata and adds IMF economic-context asset + threat agent classification entry. |
| SWOT.md | Refreshes SWOT metadata and adds IMF-related strengths/opportunities/threats. |
| STATEDIAGRAM.md | Updates state-diagram doc control metadata and adds/refreshes lifecycle state-machine coverage. |
| SECURITY_ARCHITECTURE.md | Adds IMF to external data providers + egress allowlist and updates security posture narrative. |
| README.md | Adds an “Economic-Data Integrations” section including IMF TypeScript client and parity notes. |
| MINDMAP.md | Adds IMF branch and refreshes headline inventory counts/toolchain references. |
| FinancialSecurityPlan.md | Documents IMF adoption as $0 incremental cost and updates financial-security planning metadata. |
| FLOWCHART.md | Updates pipeline flowcharts to include IMF fetch as an optional enrichment path. |
| End-of-Life-Strategy.md | Adds IMF integration to lifecycle/EOL considerations (pure TypeScript client). |
| DATA_MODEL.md | Updates CIA inventory framing (15 subsystems) and adds IMF Open Data source section + contract notes. |
| CRA-ASSESSMENT.md | Expands CRA mapping/evidence to include IMF as an upstream data source. |
| BCPPlan.md | Adds IMF optional-enrichment continuity considerations and monitoring trigger entry. |
| ARCHITECTURE.md | Adds IMF to C4 dynamic/container views and documents TypeScript-client (non-MCP) integration pattern. |
| > - 📈 **IMF** added as a third primary economic-data source for agentic news workflows (alongside SCB MCP and World Bank MCP) per [ADR 0001](docs/adr/0001-adopt-imf-data-alongside-world-bank.md). IMF is consumed via the **pure-TypeScript client `scripts/imf-client.ts`** invoked by workflows through the `bash` tool — **intentionally not an MCP server** (no Python/uvx, SBOM-covered via npm). Egress allowlist extended with `data.imf.org`, `api.imf.org`, `www.imf.org` (Squid + iptables). The count of **MCP servers is unchanged**. Forward-looking workflows (`news-week-ahead`, `news-month-ahead`, `news-weekly-review`, `news-monthly-review`) now use IMF WEO/Fiscal Monitor projections as the primary source for look-ahead framing. | ||
| > | ||
| > **🆕 What changed since last review (v7.0 → v7.1, 2026-04-20):** | ||
| > - **Factual correction:** total workflow-file count under `.github/workflows/` is **45** (not 48). The breakdown is **21 standard `.yml` workflows + 12 agentic Markdown sources (`.md`) + 12 compiled `.lock.yml` siblings**. All inventory tables and narrative text below have been re-conciled with `ls .github/workflows/`. |
There was a problem hiding this comment.
Typo: "re-conciled" should be "reconciled" (no hyphen, correct spelling).
| > - **Factual correction:** total workflow-file count under `.github/workflows/` is **45** (not 48). The breakdown is **21 standard `.yml` workflows + 12 agentic Markdown sources (`.md`) + 12 compiled `.lock.yml` siblings**. All inventory tables and narrative text below have been re-conciled with `ls .github/workflows/`. | |
| > - **Factual correction:** total workflow-file count under `.github/workflows/` is **45** (not 48). The breakdown is **21 standard `.yml` workflows + 12 agentic Markdown sources (`.md`) + 12 compiled `.lock.yml` siblings**. All inventory tables and narrative text below have been reconciled with `ls .github/workflows/`. |
| <a href="#"><img src="https://img.shields.io/badge/Owner-CEO-0A66C2?style=for-the-badge" alt="Owner"/></a> | ||
| <a href="#"><img src="https://img.shields.io/badge/Version-1.0-555?style=for-the-badge" alt="Version"/></a> | ||
| <a href="#"><img src="https://img.shields.io/badge/Effective-2026--02--15-success?style=for-the-badge" alt="Effective Date"/></a> | ||
| <a href="#"><img src="https://img.shields.io/badge/Version-1.1-555?style=for-the-badge" alt="Version"/></a> |
There was a problem hiding this comment.
The version badge shows 1.1, but the document metadata immediately below states Version: 1.2. Please align the badge version with the actual document version so readers don’t get conflicting metadata.
| <a href="#"><img src="https://img.shields.io/badge/Version-1.1-555?style=for-the-badge" alt="Version"/></a> | |
| <a href="#"><img src="https://img.shields.io/badge/Version-1.2-555?style=for-the-badge" alt="Version"/></a> |
|
|
||
| 1. [Political Entities & Data Dictionary](#1-political-entities--data-dictionary) | ||
| 2. [CIA Data Products (19 Products)](#2-cia-data-products-19-products) | ||
| 2. [CIA Data Subsystems (15 Subsystems)](#2-cia-data-products-19-products) |
There was a problem hiding this comment.
Table of contents entry #2 links to #2-cia-data-products-19-products, but the section header is now “## 2. CIA Data Subsystems (15 Subsystems)”. This anchor mismatch will break intra-doc navigation; update the ToC link to the new heading anchor.
| 2. [CIA Data Subsystems (15 Subsystems)](#2-cia-data-products-19-products) | |
| 2. [CIA Data Subsystems (15 Subsystems)](#2-cia-data-subsystems-15-subsystems) |
| <a href="#"><img src="https://img.shields.io/badge/Owner-CEO-0A66C2?style=for-the-badge" alt="Owner"/></a> | ||
| <a href="#"><img src="https://img.shields.io/badge/Version-2.0-555?style=for-the-badge" alt="Version"/></a> | ||
| <a href="#"><img src="https://img.shields.io/badge/Effective-2026--02--20-success?style=for-the-badge" alt="Effective Date"/></a> | ||
| <a href="#"><img src="https://img.shields.io/badge/Version-2.1-555?style=for-the-badge" alt="Version"/></a> |
There was a problem hiding this comment.
The version badge shows 2.1, but the document metadata below states Version: 2.2. Please make the badge match the actual document version to avoid conflicting document control signals.
| <a href="#"><img src="https://img.shields.io/badge/Version-2.1-555?style=for-the-badge" alt="Version"/></a> | |
| <a href="#"><img src="https://img.shields.io/badge/Version-2.2-555?style=for-the-badge" alt="Version"/></a> |
| | **Format** | Markdown with Mermaid C4 Diagrams | | ||
| | **Last Updated** | 2026-03-19 (UTC) | | ||
| | **Last Updated** | 2026-04-20 (UTC) | | ||
| | **Next Review** | 2026-06-19 | |
There was a problem hiding this comment.
In the Document Control table, Last Updated is 2026-04-20 (updated in this PR) but Next Review is still 2026-06-19, which conflicts with the header’s Next Review (2026-07-20). Please update the Document Control "Next Review" field to stay consistent with the document header.
| | **Next Review** | 2026-06-19 | | |
| | **Next Review** | 2026-07-20 | |
|
@copilot apply changes based on the comments in this thread |
…view date, typo Agent-Logs-Url: https://github.com/Hack23/riksdagsmonitor/sessions/dc51b468-8804-4ba6-abd4-f72e6125eedd Co-authored-by: pethers <1726836+pethers@users.noreply.github.com>
All 5 review comments addressed in 908e8ad: WORKFLOWS.md typo |
🔍 Lighthouse Performance Audit
📥 Download full Lighthouse report Budget Compliance: Performance budgets enforced via |
ISMS Documentation Full Review & Update — Complete ✅
Two-pass refresh of all 13 Hack23-ISMS-required governance documents to v0.8.48 + IMF data-source coverage sweep, plus a follow-up reviewer-feedback pass.
Pass 1 — current-state refresh (13 docs)
WORKFLOWS.md48 → 45 files reconciled withls .github/workflows/DATA_MODEL.md"19 CIA Products" → "15 CIA Data Subsystems"Pass 2 — IMF coverage at parity with SCB / World Bank
STATEDIAGRAM.mdintentionally skipped — no SCB/WB baseline)Pass 3 — Reviewer feedback (review #4144265739)
WORKFLOWS.mdL27 — typore-conciled→reconciledDATA_MODEL.mdL14 — version badge 1.1 → 1.2 (matches doc-control metadata)DATA_MODEL.mdL82 — ToC anchor#2-cia-data-products-19-products→#2-cia-data-subsystems-15-subsystemsARCHITECTURE.mdL14 — version badge 2.1 → 2.2 (matches doc-control metadata)ARCHITECTURE.mdL1852 — Document-Control "Next Review" 2026-06-19 → 2026-07-20 (matches header)