docs: add scope change decision record template

[Hinotoi-agent]

Summary

• Add an informative Scope Change Decision Record Template for documenting approved, rejected, constrained, deferred, or expired scope changes during autonomous pentesting engagements
• Include fields for authorization basis, approval attestation, pending-decision safe state, risk review, operational constraints, enforcement deltas, evidence preservation, and post-decision checks
• Link the new appendix from the standard appendix index, Getting Started document map, and Scope Enforcement implementation guidance for audit/revalidation decisions

Why

APTS already requires strong scope validation, auditability, human authority, and protection against scope expansion. This appendix provides a practical per-decision record that helps operators, customers, and reviewers reconstruct why a proposed scope change was approved, constrained, rejected, or deferred without redefining the Rules of Engagement, Authority Delegation Matrix, or Autonomy Downgrade Matrix.

The template is intended to help capture high-risk scope transitions such as discovered assets, redirect chains, DNS/cloud drift, customer-requested additions, target-suggested scope changes, overlapping engagements, and stale or expired approvals.

Affected sections

• standard/appendix/Scope_Change_Decision_Record_Template.md
• standard/README.md
• standard/Getting_Started.md
• standard/1_Scope_Enforcement/Implementation_Guide.md

Related APTS areas include APTS-SE-006, APTS-SE-009, APTS-SE-012, APTS-SE-015, APTS-SE-016, APTS-SE-017, APTS-SE-019, APTS-SE-020, APTS-SE-021, APTS-HO-004, APTS-HO-005, APTS-AL-025, APTS-MR-010, and APTS-MR-012.

Contributing.md checklist

• No overlapping open issue or PR was found for this specific appendix/template topic
• Affected sections and files are listed above
• The addition is informative/non-normative and does not change requirement counts or tier definitions
• Formatting was checked with git diff --check
• Touched relative Markdown links were verified locally
• Markdown tables, internal links, cross-references, generated artifacts, and YAML examples were validated locally
• Drafted with AI assistance and reviewed for accuracy, consistency with the standard, and style-guide compliance

Validation

git diff --check
python scripts/validate_markdown_tables.py
python scripts/check_internal_markdown_links.py
python scripts/validate_cross_references.py
python scripts/check_generated_artifacts.py
python scripts/validate_yaml.py

Additional targeted checks:

# touched relative Markdown links
# YAML examples in Scope_Change_Decision_Record_Template.md

Notes

This template is designed as a per-decision transaction record. It should not replace or redefine the Rules of Engagement, Authority Delegation Matrix, or Autonomy Downgrade Matrix; it records the decision, evidence, constraints, approvals, and enforcement update for a specific proposed scope change.

[jinsonvarghese]

Hi @Hinotoi-agent, good addition. The Scope Change Decision Record fills a practical gap between the existing templates (RoE, Authority Delegation Matrix, Autonomy Downgrade Matrix) and the per-decision audit trail that SE-015 and SE-016 expect.

One fix needed before merge:

In the Related Requirements section, the title for HO-005 is incorrect:

• Current: APTS-HO-005: Escalation Decision Audit Trail
• Should be: APTS-HO-005: Delegation Chain-of-Custody and Decision Audit Trail

Everything else looks good. Happy to approve once that title is corrected.

[Hinotoi-agent]

Thanks for the review. Fixed in the latest push.

Changed:

• Corrected the Related Requirements entry from APTS-HO-005: Escalation Decision Audit Trail to APTS-HO-005: Delegation Chain-of-Custody and Decision Audit Trail in standard/appendix/Scope_Change_Decision_Record_Template.md.

Validation run locally:

• git diff --check
• python3 scripts/validate_markdown_tables.py
• python3 scripts/check_internal_markdown_links.py
• python3 scripts/validate_cross_references.py
• python3 scripts/check_generated_artifacts.py
• python3 scripts/validate_yaml.py

[jinsonvarghese]

Thanks for the quick fix on the HO-005 title, @Hinotoi-agent. Looks good, merging.