chore(openspec): seed initial proposals (architecture, privacy/compliance, accessibility, migration)

openspec/changes/2025-11-17-accessibility-baseline/proposal.md

@@ -0,0 +1,35 @@
+# Proposal: Accessibility Baseline (WCAG 2.2 AA+)
+
+Status: draft
+Authors: Accessibility Team
+Owners: Accessibility Lead
+Created: 2025-11-17
+Scope: spec|process
+Related: openspec/specs/accessibility.md
+
+Summary
+- Set enforceable accessibility standards and checks across Android/iOS/Web, reflecting the needs of chronically/terminally ill users.
+
+Motivation
+- Ensure inclusive experiences: large text, reduced motion, assistive tech parity, and low-friction navigation.
+
+Goals / Non-Goals
+- Goals: WCAG 2.2 AA+ baseline, platform-specific guidance, automated and manual checks, review gates.
+- Non-Goals: brand-level visual design (handled in design system proposals).
+
+Requirements
+- Functional: none; quality and process guardrails.
+- Accessibility: VoiceOver/TalkBack parity; keyboard/focus; contrast; dynamic type.
+
+Validation
+- Automated: axe (web), RN/Flutter lint rules.
+- Manual: assistive tech smoke tests per release.
+
+Acceptance Criteria
+- `openspec/specs/accessibility.md` approved; CI checks enabled; checklist published.
+
+Slash Commands
+- `/review areas=accessibility`
+- `/apply spec=openspec/specs/accessibility.md`
+- `/archive link=<PR>`
+

openspec/changes/2025-11-17-architecture-baseline/proposal.md

@@ -0,0 +1,63 @@
+# Proposal: Architecture Baseline (v1)
+
+Status: draft
+Authors: Core Team
+Owners: Architecture Lead
+Created: 2025-11-17
+Scope: spec
+Related: openspec/specs/architecture.md
+
+Summary
+- Establish the initial modular architecture, API standards, and platform choices to ensure full Android/iOS/Web parity with strong accessibility and compliance foundations.
+
+Motivation
+- Align teams and AI agents on boundaries, tech choices, and quality bars before feature work begins.
+
+Goals / Non-Goals
+- Goals: define modules, API standards, data boundaries, platform options, decision process.
+- Non-Goals: choose vendors/providers definitively (covered in follow-up proposals).
+
+User Stories
+- As a maintainer, I need clear boundaries to avoid coupling and accelerate features.
+
+Requirements
+- Functional: module map, API standards, client stack decision path.
+- Accessibility: parity mandate captured as a gate.
+- Privacy & Compliance: PHI/PII boundaries and logging guidance.
+- Performance/SLOs: capture high-level SLO targets for core flows.
+
+Architecture & Design
+- See target spec: `openspec/specs/architecture.md` for DDD map, API, and data boundaries.
+
+Security & Threat Model
+- Outline trust boundaries; require auth standardization (OIDC/OAuth2), rate limiting, idempotency keys.
+
+Observability & Telemetry
+- Structured logging, traces on API, no PHI/PII in logs.
+
+Migration / Rollout Plan
+- N/A (process/architecture only). Applies immediately upon approval.
+
+Test Plan
+- Architecture checks via lint/CI where applicable; sample OpenAPI linting job.
+
+Risks & Mitigations
+- Scope creep → enforce spec-first and change lifecycle.
+
+Alternatives Considered
+- Monolith vs modular: choosing modular with clear boundaries.
+
+Work Breakdown
+- Finalize spec; generate skeleton SDK packages; CI templates.
+
+Acceptance Criteria
+- `openspec/specs/architecture.md` updated and approved; CI guardrails defined.
+
+Open Questions
+- React Native/Expo vs Flutter; Next.js vs Flutter Web.
+
+Slash Commands
+- `/review areas=security,mobile,web,backend`
+- `/apply spec=openspec/specs/architecture.md`
+- `/archive link=<PR>`
+

openspec/changes/2025-11-17-privacy-compliance-baseline/proposal.md

@@ -0,0 +1,44 @@
+# Proposal: Privacy & Compliance Baseline
+
+Status: draft
+Authors: Compliance Team
+Owners: Compliance Lead, Security Lead
+Created: 2025-11-17
+Scope: policy|spec
+Related: openspec/specs/privacy-compliance.md
+
+Summary
+- Define privacy classes (Public/PII/PHI), HIPAA/GDPR controls, DSR workflows, logging rules, and review gates for all future changes.
+
+Motivation
+- The community includes sensitive health contexts; we must minimize PHI exposure and ensure proper legal and ethical handling.
+
+Goals / Non-Goals
+- Goals: data classes, encryption, access controls, DSRs, retention, subprocessors, review gates.
+- Non-Goals: vendor selection for key mgmt or SIEM (follow-up proposals).
+
+User Stories
+- As a member, I can control my data and request exports/deletions with clear SLAs.
+
+Requirements
+- Functional: DSR endpoints/process, consent registry.
+- Accessibility: clear consent UX, readable policies.
+- Privacy & Compliance: HIPAA/GDPR alignment, audit logging without PHI/PII.
+
+Security & Threat Model
+- Access to PII/PHI audited; least-privilege; incident response runbook.
+
+Migration / Rollout Plan
+- Apply policy immediately; integrate checks into CI; backfill data classification in `data-model.md`.
+
+Test Plan
+- Policy lint checks; table/field classification checkers; redaction tests for logs.
+
+Acceptance Criteria
+- `openspec/specs/privacy-compliance.md` approved; CI gates configured; DSR flow documented.
+
+Slash Commands
+- `/review areas=compliance,security`
+- `/apply spec=openspec/specs/privacy-compliance.md`
+- `/archive link=<PR>`
+

openspec/changes/2025-11-17-wix-migration-plan/proposal.md

@@ -0,0 +1,38 @@
+# Proposal: Wix Migration Plan (Inventory → Import)
+
+Status: draft
+Authors: Data & Content Teams
+Owners: Data Lead, Content Lead
+Created: 2025-11-17
+Scope: spec
+Related: openspec/specs/migration-wix.md
+
+Summary
+- Inventory current Wix content/data and define export, transform, validate, and import processes with rollback.
+
+Motivation
+- Achieve a seamless, auditable migration to the new hub with stable redirects and high content fidelity.
+
+Goals / Non-Goals
+- Goals: data inventory, mapping, transforms, validation, import jobs, verification, rollback.
+- Non-Goals: content rewriting or re-branding.
+
+Requirements
+- Functional: idempotent import jobs; redirects; link integrity checks.
+- Accessibility: content formatting that preserves semantic structure.
+- Privacy & Compliance: classify fields; ensure consent and retention policies.
+
+Migration / Rollout Plan
+- Follow steps in `openspec/specs/migration-wix.md` with dry-runs and sign-offs.
+
+Test Plan
+- Sample-based verification; automated link checks; duplicate/redirect detection.
+
+Acceptance Criteria
+- Successful dry-run; sign-off from stakeholders; archived logs and mapping.
+
+Slash Commands
+- `/review areas=data,compliance`
+- `/apply spec=openspec/specs/migration-wix.md`
+- `/archive link=<PR>`
+