# Pull Request

## Description
<!-- Provide a clear and concise description of your changes -->

## OpenSpec Compliance

**Related Spec/Proposal:**
<!-- Link to the approved OpenSpec proposal or spec file -->
- [ ] This PR links to an approved OpenSpec change proposal
- [ ] OR this is an OpenSpec proposal itself (propose phase)

**Spec File:** `openspec/specs/[filename].md` or `openspec/changes/[date-title]/proposal.md`

## OpenSpec Lifecycle Commands

<!-- Include relevant slash commands for AI assistants and reviewers -->

**For Proposals (propose phase):**
```
/review areas=[accessibility,compliance,security,mobile,web,backend,data]
```

**For Applying Specs (apply phase):**
```
/apply spec=openspec/specs/[target-file].md pr=[this PR link]
```

**For Archiving (archive phase):**
```
/archive reason="[accepted|rejected|superseded]" link=[PR link]
```

## Type of Change
<!-- Check all that apply -->

- [ ] OpenSpec proposal (new change proposal)
- [ ] OpenSpec spec update (applying an approved proposal)
- [ ] Feature implementation (requires approved spec link)
- [ ] Bug fix (link to issue)
- [ ] Documentation
- [ ] Infrastructure/tooling
- [ ] Data migration

## Compliance & Quality Checklist

### Privacy & Data Protection
- [ ] No new PHI/PII fields introduced OR properly classified in data-model.md
- [ ] No PHI/PII logged or exposed in errors/telemetry
- [ ] DSR (Data Subject Rights) impact assessed
- [ ] Encryption requirements met (TLS 1.3 in transit, AES-256 at rest)
- [ ] HIPAA/GDPR compliance verified

### Accessibility (WCAG 2.2 AA+)
- [ ] Keyboard navigation tested
- [ ] Screen reader tested (VoiceOver/TalkBack for mobile, NVDA/JAWS for web)
- [ ] Color contrast meets 4.5:1 minimum
- [ ] Dynamic type/large fonts supported
- [ ] Reduced motion preferences respected
- [ ] Focus indicators visible
- [ ] Semantic HTML/native components used (web)
- [ ] Accessibility labels provided (mobile)

### Security
- [ ] Input validation and sanitization implemented
- [ ] No SQL injection, XSS, or command injection vulnerabilities
- [ ] Authentication/authorization properly enforced
- [ ] Rate limiting applied where appropriate
- [ ] Secrets not committed (use env vars or secret management)
- [ ] OWASP Top 10 considerations addressed

### Platform Parity
- [ ] Feature parity across Android/iOS/Web OR exceptions documented
- [ ] Responsive design tested on multiple screen sizes
- [ ] Cross-browser testing completed (if web)
- [ ] Platform-specific adaptations follow design system

### Testing
- [ ] Unit tests added/updated
- [ ] Integration tests added/updated (if applicable)
- [ ] E2E tests added/updated (if applicable)
- [ ] Accessibility automated tests passing (axe, lint rules)
- [ ] Manual testing completed

### Observability
- [ ] Structured logging added (no PHI/PII)
- [ ] Error handling and user-facing messages clear
- [ ] Performance impact assessed
- [ ] Monitoring/alerting considerations documented

## Migration/Rollout Plan
<!-- Required for data migrations, breaking changes, or staged rollouts -->

- [ ] No migration needed
- [ ] Migration plan documented in proposal
- [ ] Rollback procedure defined
- [ ] Feature flag strategy defined (if applicable)

## Screenshots/Demos
<!-- For UI changes, include before/after screenshots or screen recordings -->
<!-- For accessibility, include screenshots of assistive tech testing -->

## Reviewers Needed
<!-- Tag specific domain experts based on areas affected -->

- [ ] Accessibility review (@accessibility-team)
- [ ] Compliance review (@compliance-team)
- [ ] Security review (@security-team)
- [ ] Mobile review (@mobile-team)
- [ ] Web review (@web-team)
- [ ] Backend review (@backend-team)
- [ ] Data review (@data-team)

## Additional Context
<!-- Add any other context, links, or information reviewers should know -->

---

**Remember:** All code changes must link to an approved OpenSpec spec. Use OpenSpec lifecycle: **propose → review → apply → archive**