From 36fb1864e6ca1e0474d975e6af9055d85b91a1d6 Mon Sep 17 00:00:00 2001 From: admin Date: Mon, 17 Nov 2025 23:08:54 +0000 Subject: [PATCH] chore(openspec): seed initial proposals (architecture, privacy/compliance, accessibility, migration) --- .../proposal.md | 35 +++++++++++ .../proposal.md | 63 +++++++++++++++++++ .../proposal.md | 44 +++++++++++++ .../2025-11-17-wix-migration-plan/proposal.md | 38 +++++++++++ 4 files changed, 180 insertions(+) create mode 100644 openspec/changes/2025-11-17-accessibility-baseline/proposal.md create mode 100644 openspec/changes/2025-11-17-architecture-baseline/proposal.md create mode 100644 openspec/changes/2025-11-17-privacy-compliance-baseline/proposal.md create mode 100644 openspec/changes/2025-11-17-wix-migration-plan/proposal.md diff --git a/openspec/changes/2025-11-17-accessibility-baseline/proposal.md b/openspec/changes/2025-11-17-accessibility-baseline/proposal.md new file mode 100644 index 0000000..09c30f7 --- /dev/null +++ b/openspec/changes/2025-11-17-accessibility-baseline/proposal.md @@ -0,0 +1,35 @@ +# Proposal: Accessibility Baseline (WCAG 2.2 AA+) + +Status: draft +Authors: Accessibility Team +Owners: Accessibility Lead +Created: 2025-11-17 +Scope: spec|process +Related: openspec/specs/accessibility.md + +Summary +- Set enforceable accessibility standards and checks across Android/iOS/Web, reflecting the needs of chronically/terminally ill users. + +Motivation +- Ensure inclusive experiences: large text, reduced motion, assistive tech parity, and low-friction navigation. + +Goals / Non-Goals +- Goals: WCAG 2.2 AA+ baseline, platform-specific guidance, automated and manual checks, review gates. +- Non-Goals: brand-level visual design (handled in design system proposals). + +Requirements +- Functional: none; quality and process guardrails. +- Accessibility: VoiceOver/TalkBack parity; keyboard/focus; contrast; dynamic type. + +Validation +- Automated: axe (web), RN/Flutter lint rules. +- Manual: assistive tech smoke tests per release. + +Acceptance Criteria +- `openspec/specs/accessibility.md` approved; CI checks enabled; checklist published. + +Slash Commands +- `/review areas=accessibility` +- `/apply spec=openspec/specs/accessibility.md` +- `/archive link=` + diff --git a/openspec/changes/2025-11-17-architecture-baseline/proposal.md b/openspec/changes/2025-11-17-architecture-baseline/proposal.md new file mode 100644 index 0000000..cbee33a --- /dev/null +++ b/openspec/changes/2025-11-17-architecture-baseline/proposal.md @@ -0,0 +1,63 @@ +# Proposal: Architecture Baseline (v1) + +Status: draft +Authors: Core Team +Owners: Architecture Lead +Created: 2025-11-17 +Scope: spec +Related: openspec/specs/architecture.md + +Summary +- Establish the initial modular architecture, API standards, and platform choices to ensure full Android/iOS/Web parity with strong accessibility and compliance foundations. + +Motivation +- Align teams and AI agents on boundaries, tech choices, and quality bars before feature work begins. + +Goals / Non-Goals +- Goals: define modules, API standards, data boundaries, platform options, decision process. +- Non-Goals: choose vendors/providers definitively (covered in follow-up proposals). + +User Stories +- As a maintainer, I need clear boundaries to avoid coupling and accelerate features. + +Requirements +- Functional: module map, API standards, client stack decision path. +- Accessibility: parity mandate captured as a gate. +- Privacy & Compliance: PHI/PII boundaries and logging guidance. +- Performance/SLOs: capture high-level SLO targets for core flows. + +Architecture & Design +- See target spec: `openspec/specs/architecture.md` for DDD map, API, and data boundaries. + +Security & Threat Model +- Outline trust boundaries; require auth standardization (OIDC/OAuth2), rate limiting, idempotency keys. + +Observability & Telemetry +- Structured logging, traces on API, no PHI/PII in logs. + +Migration / Rollout Plan +- N/A (process/architecture only). Applies immediately upon approval. + +Test Plan +- Architecture checks via lint/CI where applicable; sample OpenAPI linting job. + +Risks & Mitigations +- Scope creep → enforce spec-first and change lifecycle. + +Alternatives Considered +- Monolith vs modular: choosing modular with clear boundaries. + +Work Breakdown +- Finalize spec; generate skeleton SDK packages; CI templates. + +Acceptance Criteria +- `openspec/specs/architecture.md` updated and approved; CI guardrails defined. + +Open Questions +- React Native/Expo vs Flutter; Next.js vs Flutter Web. + +Slash Commands +- `/review areas=security,mobile,web,backend` +- `/apply spec=openspec/specs/architecture.md` +- `/archive link=` + diff --git a/openspec/changes/2025-11-17-privacy-compliance-baseline/proposal.md b/openspec/changes/2025-11-17-privacy-compliance-baseline/proposal.md new file mode 100644 index 0000000..a9081a7 --- /dev/null +++ b/openspec/changes/2025-11-17-privacy-compliance-baseline/proposal.md @@ -0,0 +1,44 @@ +# Proposal: Privacy & Compliance Baseline + +Status: draft +Authors: Compliance Team +Owners: Compliance Lead, Security Lead +Created: 2025-11-17 +Scope: policy|spec +Related: openspec/specs/privacy-compliance.md + +Summary +- Define privacy classes (Public/PII/PHI), HIPAA/GDPR controls, DSR workflows, logging rules, and review gates for all future changes. + +Motivation +- The community includes sensitive health contexts; we must minimize PHI exposure and ensure proper legal and ethical handling. + +Goals / Non-Goals +- Goals: data classes, encryption, access controls, DSRs, retention, subprocessors, review gates. +- Non-Goals: vendor selection for key mgmt or SIEM (follow-up proposals). + +User Stories +- As a member, I can control my data and request exports/deletions with clear SLAs. + +Requirements +- Functional: DSR endpoints/process, consent registry. +- Accessibility: clear consent UX, readable policies. +- Privacy & Compliance: HIPAA/GDPR alignment, audit logging without PHI/PII. + +Security & Threat Model +- Access to PII/PHI audited; least-privilege; incident response runbook. + +Migration / Rollout Plan +- Apply policy immediately; integrate checks into CI; backfill data classification in `data-model.md`. + +Test Plan +- Policy lint checks; table/field classification checkers; redaction tests for logs. + +Acceptance Criteria +- `openspec/specs/privacy-compliance.md` approved; CI gates configured; DSR flow documented. + +Slash Commands +- `/review areas=compliance,security` +- `/apply spec=openspec/specs/privacy-compliance.md` +- `/archive link=` + diff --git a/openspec/changes/2025-11-17-wix-migration-plan/proposal.md b/openspec/changes/2025-11-17-wix-migration-plan/proposal.md new file mode 100644 index 0000000..709afc0 --- /dev/null +++ b/openspec/changes/2025-11-17-wix-migration-plan/proposal.md @@ -0,0 +1,38 @@ +# Proposal: Wix Migration Plan (Inventory → Import) + +Status: draft +Authors: Data & Content Teams +Owners: Data Lead, Content Lead +Created: 2025-11-17 +Scope: spec +Related: openspec/specs/migration-wix.md + +Summary +- Inventory current Wix content/data and define export, transform, validate, and import processes with rollback. + +Motivation +- Achieve a seamless, auditable migration to the new hub with stable redirects and high content fidelity. + +Goals / Non-Goals +- Goals: data inventory, mapping, transforms, validation, import jobs, verification, rollback. +- Non-Goals: content rewriting or re-branding. + +Requirements +- Functional: idempotent import jobs; redirects; link integrity checks. +- Accessibility: content formatting that preserves semantic structure. +- Privacy & Compliance: classify fields; ensure consent and retention policies. + +Migration / Rollout Plan +- Follow steps in `openspec/specs/migration-wix.md` with dry-runs and sign-offs. + +Test Plan +- Sample-based verification; automated link checks; duplicate/redirect detection. + +Acceptance Criteria +- Successful dry-run; sign-off from stakeholders; archived logs and mapping. + +Slash Commands +- `/review areas=data,compliance` +- `/apply spec=openspec/specs/migration-wix.md` +- `/archive link=` +