Coverage-Preserving Compilation v2: A 31-Source Pipeline with Joint Manual and Knowledge-Graph Production

Background. The Security-by-Design Theory of Everything (SbD-ToE) research programme has produced two upstream artefacts: a normalized application-security ontology (AppSec Core v1; 10 slices, 259 typed instances) and an iterative coverage-preserving compilation method that operationalises a two-stage normalization pipeline grounding heterogeneous normative sources against that ontology under explicit bounding conditions. What remains open at the close of the programme's first multi-cycle arc is the downstream reconciliation primitive. When new sources enter the normalized substrate, the SbD-ToE Manual — the practitioner-authored consolidation of security-by-design engineering experience that is the programme's compiled knowledge base — and its derived knowledge graph must be kept in sync with the substrate: each entity surfaced by the substrate is reconciled against the Manual, either by demonstrating that existing prose already covers the entity (and updating the traceability surface) or by surfacing additions needed in chapter re-prose or new sections. The same reconciliation operation serves a second recurring use case: the Manual is open source (registered IGAC 949/2025; CC BY-SA 4.0) and may be customized by end users for their own deployments, in which case the customized Manual's knowledge graph — consumed by the user's MCP instance — must be recompiled against the customization. Both use cases require an operational pipeline that takes a normalized substrate (or a customized Manual) as input and produces a coherent published Manual + knowledge graph pair as output, exposing gaps explicitly enough that subsequent re-executions can proceed against new inputs without rediscovering the structure each time. Objective. This paper publishes that pipeline as a programme primitive succeeding the five-source first-wave execution of Paper 2 (Coverage-Preserving Knowledge Compilation) at expanded 31-source scale and extending the output to joint Manual + knowledge-graph production. The pipeline composes seven stages — external-source ingest, ontology-grounded normalization, normalized-substrate emission, V1 ontology binding, Manual coverage analysis, Manual content surfaces and KG compilation, and joint closure pinning with public-deposit mirroring — into a single repeatable artefact. The paper demonstrates the pipeline at the programme's current scale — 31 external sources, the v1 ontology, and a practitioner manual covering ten security-by-design domain families — and reports the joint frozen state that the demonstration produced. Method. The pipeline is composed from prior programme artefacts and exercised through one cycle (executed during 2026-05-09 to 2026-05-12; pinned at the cycle's closure ledger anchor cycle-b-frozen-2026-05-12). Six iterations are documented as one instantiation of the pipeline against the current substrate; each iteration's output is traced to a specific pipeline stage. Three closure mechanisms are quantified: entity-level traceability exposure, cross-chapter cross-references, and content-authoring registration. A three-way routing taxonomy (Core-mapped / Manual-only / Out-of-AppSec) is reported per chapter and contrasted against the programme's earlier five-source execution. Contributions. (1) An operational pipeline composing five prior programme artefacts into a single repeatable primitive. (2) A cycle-close Manual + knowledge-graph joint artefact deposited at the cycle's closure state. (3) Empirical demonstration of pipeline closure at V1 scale, with 38 of 38 detected gaps resolved through three closure mechanisms (37 via traceability mechanisms with no new Manual prose; 1 registered for the future-work surface). (4) A three-way routing taxonomy reported per chapter. (5) An empirical contrast against the five-source execution of Paper 2 documenting gap-class redistribution between executions — Semantic (claim-gap) share grows as sources diversify, while Gap (content-gap) share declines as Manual prose stabilizes.