From 0cd2d508108242838aba115c118d497db0108145 Mon Sep 17 00:00:00 2001 From: admin Date: Mon, 17 Nov 2025 23:30:27 +0000 Subject: [PATCH] =?UTF-8?q?docs(openspec):=20apply=20baseline=20proposals?= =?UTF-8?q?=20=E2=86=92=20mark=20specs=20approved=20and=20add=20enforcemen?= =?UTF-8?q?t=20details?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- openspec/specs/accessibility.md | 5 ++++- openspec/specs/architecture.md | 12 ++++++++++-- openspec/specs/migration-wix.md | 6 +++++- openspec/specs/privacy-compliance.md | 11 ++++++++++- 4 files changed, 29 insertions(+), 5 deletions(-) diff --git a/openspec/specs/accessibility.md b/openspec/specs/accessibility.md index 301b0d3..a1505d4 100644 --- a/openspec/specs/accessibility.md +++ b/openspec/specs/accessibility.md @@ -1,6 +1,6 @@ # Accessibility Spec -Status: draft +Status: approved Owners: Accessibility Lead Standards @@ -19,3 +19,6 @@ Validation Non‑functional - Performance budgets mindful of low‑end devices and intermittent connectivity. +Enforcement & checklist +- CI blocks merges on critical a11y violations (axe, eslint‑plugin‑jsx‑a11y or platform equivalent). +- Manual checklist includes: focus order, keyboard traps, contrast, dynamic type, reduced motion, screen reader labels. diff --git a/openspec/specs/architecture.md b/openspec/specs/architecture.md index 9b4c9e8..ff71f5e 100644 --- a/openspec/specs/architecture.md +++ b/openspec/specs/architecture.md @@ -1,6 +1,6 @@ # Architecture & APIs -Status: draft +Status: approved Owners: Architecture Overview @@ -22,6 +22,14 @@ API standards Data boundaries - Strict separation of PHI/PII domains; audit and consent services. +Quality gates & SLOs +- SLOs: p95 API latency ≤ 300ms for read endpoints; p95 ≤ 600ms for writes; 99.9% uptime for auth and read APIs, 99.5% for writes. +- CI: OpenAPI validation, breaking‑change detection, security linters, dependency vulnerability checks. +- No PHI/PII in logs; redaction in place before merging. + +Implementation notes +- Platform decision path: compare RN/Expo vs Flutter (mobile) and Next.js vs Flutter Web (web) in focused proposals; both must meet a11y and parity requirements. +- Feature flags for risky changes; explicit rollback procedures in each proposal. + Decisions - - diff --git a/openspec/specs/migration-wix.md b/openspec/specs/migration-wix.md index cac5be1..bade076 100644 --- a/openspec/specs/migration-wix.md +++ b/openspec/specs/migration-wix.md @@ -1,6 +1,6 @@ # Migration: Wix → Community Hub -Status: draft +Status: approved Owners: Data, Content Scope @@ -26,3 +26,7 @@ Process Rollback - Keep original exports; implement reversible migrations; track IDs and redirects +Acceptance criteria +- Dry‑run import completes without critical errors; broken links < 1% and remediated. +- Redirects in place for migrated URLs; sitemap updated. +- Sampled content (N>=30 per type) matches expected formatting and accessibility criteria. diff --git a/openspec/specs/privacy-compliance.md b/openspec/specs/privacy-compliance.md index cbc6eb2..05a69f1 100644 --- a/openspec/specs/privacy-compliance.md +++ b/openspec/specs/privacy-compliance.md @@ -1,6 +1,6 @@ # Privacy & Compliance Spec -Status: draft +Status: approved Owners: Compliance, Security Scope @@ -24,3 +24,12 @@ DSR & retention Validation - Privacy & security review is a gate on every proposal that touches user data. +Data subject request (DSR) workflow +- Intake: authenticated portal and support channel; track request ID and SLA clock. +- Verify: identity verification step appropriate to sensitivity; log access. +- Fulfill: export machine‑readable JSON/CSV; delete with reversible soft‑delete window when permitted. +- Notify: confirmation to requester; record of processing activities updated. + +Acceptance and enforcement +- CI policy checks for classification coverage and log redaction. +- Table/field inventory maintained in `data-model.md` with data class and retention policy.