40 lines
1.2 KiB
Markdown
40 lines
1.2 KiB
Markdown
# Proposal: Profiles MVP
|
|
|
|
Status: draft
|
|
Authors: Identity Team
|
|
Owners: Identity Lead, Compliance Lead
|
|
Created: 2025-11-17
|
|
Scope: spec
|
|
Related: openspec/specs/feature-profiles.md
|
|
|
|
Summary
|
|
- Deliver full profile management with privacy controls, optional pseudonyms, pronouns, avatar, and consent-driven visibility.
|
|
|
|
Motivation
|
|
- Empower members to represent themselves safely and control visibility of sensitive fields.
|
|
|
|
Requirements
|
|
- Accessibility: large text, screen reader labels, keyboard/focus parity.
|
|
- Privacy: field-level data class tags; default-private for sensitive fields; consent registry.
|
|
- Media: avatar upload with safe processing and size constraints.
|
|
|
|
API
|
|
- Profiles CRUD; consent endpoints; media upload policy and signed URLs.
|
|
|
|
Data Model
|
|
- Profile fields with Public/PII/PHI tags; retention policy; soft-delete behavior.
|
|
|
|
Test Plan
|
|
- Unit/integration for API; a11y checks; GDPR export/delete flows.
|
|
|
|
Rollout
|
|
- Feature flag; migration for existing members; help content.
|
|
|
|
Acceptance Criteria
|
|
- GDPR export/delete verified; HIPAA constraints respected; a11y parity on all profile screens.
|
|
|
|
Slash Commands
|
|
- `/review areas=mobile,web,backend,accessibility,compliance,security`
|
|
- `/apply spec=openspec/specs/feature-profiles.md`
|
|
- `/archive link=<PR>`
|
|
|