Handbook
Forge Versona — standards resolution
Purpose: Let every Versona know which standards apply, which win when they conflict, and what evidence follows—without copying large control catalogs into Cursor rules.
| Document | Role |
|---|---|
| Standards precedence — which controls win | Normative precedence stack (L1 external → L6 heuristics) |
| Versona standards matrix | Human-readable per-Versona standards profiles |
versona-standards-matrix.yaml |
Machine-readable matrix (same content; YAML) |
versona-standards-matrix.json |
Same as JSON for tooling |
schemas/standards-registry.schema.json |
JSON Schema for consuming-repo registries |
schemas/waiver-record.schema.json |
JSON Schema for waivers / exceptions |
examples/registry.example.yaml |
Example registry (fictional controls) |
examples/waiver.example.yaml |
Example waiver |
| Standards conflict scenarios (worked examples) | Security, compliance, product, engineering conflict walkthroughs |
Contract hook: §5 structured output may include Standards traceability — Versona contract §5.1.
Baseline hook: All Versona templates inherit Standards resolution from GENERIC VERSONA BASELINE.
Adopting in a consuming repository
- Copy or author
forge/standards-registry.yaml(validate againstschemas/standards-registry.schema.json) listing control IDs, severity, and evidence expectations your org actually uses. - Put L1–L2 non-negotiables in Cursor Team Rules (or equivalent) with links to policy, not full text.
- Point
AGENTS.mdat the registry path and any L3 repo overrides. - Add Skills for recurring evidence workflows (DPIA-lite, STRIDE pass, accessibility check) — keep rules thin.
- Optionally CI-validate the registry YAML against the schema.
Do not check classified or client-secret text into blueprints; keep sensitive detail in org systems and reference by ID in the registry.