docs(openspec): apply baseline proposals → mark specs approved and add enforcement details
This commit is contained in:
admin
parent
8c05a17067
commit
0cd2d50810
4 changed files with 29 additions and 5 deletions
|
|
@ -1,6 +1,6 @@
|
|||
# Accessibility Spec
|
||||
|
||||
Status: draft
|
||||
Status: approved
|
||||
Owners: Accessibility Lead
|
||||
|
||||
Standards
|
||||
|
|
@ -19,3 +19,6 @@ Validation
|
|||
Non‑functional
|
||||
- Performance budgets mindful of low‑end devices and intermittent connectivity.
|
||||
|
||||
Enforcement & checklist
|
||||
- CI blocks merges on critical a11y violations (axe, eslint‑plugin‑jsx‑a11y or platform equivalent).
|
||||
- Manual checklist includes: focus order, keyboard traps, contrast, dynamic type, reduced motion, screen reader labels.
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# Architecture & APIs
|
||||
|
||||
Status: draft
|
||||
Status: approved
|
||||
Owners: Architecture
|
||||
|
||||
Overview
|
||||
|
|
@ -22,6 +22,14 @@ API standards
|
|||
Data boundaries
|
||||
- Strict separation of PHI/PII domains; audit and consent services.
|
||||
|
||||
Quality gates & SLOs
|
||||
- SLOs: p95 API latency ≤ 300ms for read endpoints; p95 ≤ 600ms for writes; 99.9% uptime for auth and read APIs, 99.5% for writes.
|
||||
- CI: OpenAPI validation, breaking‑change detection, security linters, dependency vulnerability checks.
|
||||
- No PHI/PII in logs; redaction in place before merging.
|
||||
|
||||
Implementation notes
|
||||
- Platform decision path: compare RN/Expo vs Flutter (mobile) and Next.js vs Flutter Web (web) in focused proposals; both must meet a11y and parity requirements.
|
||||
- Feature flags for risky changes; explicit rollback procedures in each proposal.
|
||||
|
||||
Decisions
|
||||
- <record cross‑cutting decisions here>
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# Migration: Wix → Community Hub
|
||||
|
||||
Status: draft
|
||||
Status: approved
|
||||
Owners: Data, Content
|
||||
|
||||
Scope
|
||||
|
|
@ -26,3 +26,7 @@ Process
|
|||
Rollback
|
||||
- Keep original exports; implement reversible migrations; track IDs and redirects
|
||||
|
||||
Acceptance criteria
|
||||
- Dry‑run import completes without critical errors; broken links < 1% and remediated.
|
||||
- Redirects in place for migrated URLs; sitemap updated.
|
||||
- Sampled content (N>=30 per type) matches expected formatting and accessibility criteria.
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# Privacy & Compliance Spec
|
||||
|
||||
Status: draft
|
||||
Status: approved
|
||||
Owners: Compliance, Security
|
||||
|
||||
Scope
|
||||
|
|
@ -24,3 +24,12 @@ DSR & retention
|
|||
Validation
|
||||
- Privacy & security review is a gate on every proposal that touches user data.
|
||||
|
||||
Data subject request (DSR) workflow
|
||||
- Intake: authenticated portal and support channel; track request ID and SLA clock.
|
||||
- Verify: identity verification step appropriate to sensitivity; log access.
|
||||
- Fulfill: export machine‑readable JSON/CSV; delete with reversible soft‑delete window when permitted.
|
||||
- Notify: confirmation to requester; record of processing activities updated.
|
||||
|
||||
Acceptance and enforcement
|
||||
- CI policy checks for classification coverage and log redaction.
|
||||
- Table/field inventory maintained in `data-model.md` with data class and retention policy.
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue