# Resource Manifest Each `sources/*.json` file describes one upstream resource. Required fields: - `id`: Stable package id used by apps. - `title`: Human-readable title. - `abbreviation`: Short label. - `language`: BCP-47-ish language code. - `source.provider`: Upstream publisher or repository. - `source.url`: Human-facing upstream page. - `source.download_url`: Machine download URL used by importers. - `source.format`: Upstream source format, such as `usfm-zip`. - `license.name`: License or rights label. - `license.redistribution`: Whether this repo may redistribute normalized outputs. - `license.notes`: Practical rights notes. - `checks.expected_sha256`: Last accepted source archive checksum. - `checks.last_checked_at`: Last automated check timestamp. - `importer.name`: Script/importer id. - `importer.version`: Importer version. - `packages`: Generated package paths. Update flow: 1. Download the upstream artifact to `cache//`. 2. Calculate SHA-256. 3. Compare against `checks.expected_sha256`. 4. If unchanged, update `checks.last_checked_at` only when intentionally accepting that metadata churn. 5. If changed, inspect upstream release notes/license, regenerate packages, verify counts/checksums, then update the manifest in the same commit.