8c05a17067
- Add PR template with OpenSpec compliance checklist - Enforces spec-first workflow and lifecycle commands - Includes accessibility, privacy, security gates - Requires platform parity verification - Add CODEOWNERS for automated review routing - Routes a11y changes to accessibility reviewers - Routes PHI/PII changes to compliance + security - Routes API/backend changes to security reviewers - Placeholder @fullsizemalt (expand to teams later) - Add AI_HANDOFF.md for agent collaboration - Documents current session state and decisions - Provides context for future AI collaborators - Lists next steps and open questions
3.9 KiB
3.9 KiB
Pull Request
Description
OpenSpec Compliance
Related Spec/Proposal:
- This PR links to an approved OpenSpec change proposal
- OR this is an OpenSpec proposal itself (propose phase)
Spec File: openspec/specs/[filename].md or openspec/changes/[date-title]/proposal.md
OpenSpec Lifecycle Commands
For Proposals (propose phase):
/review areas=[accessibility,compliance,security,mobile,web,backend,data]
For Applying Specs (apply phase):
/apply spec=openspec/specs/[target-file].md pr=[this PR link]
For Archiving (archive phase):
/archive reason="[accepted|rejected|superseded]" link=[PR link]
Type of Change
- OpenSpec proposal (new change proposal)
- OpenSpec spec update (applying an approved proposal)
- Feature implementation (requires approved spec link)
- Bug fix (link to issue)
- Documentation
- Infrastructure/tooling
- Data migration
Compliance & Quality Checklist
Privacy & Data Protection
- No new PHI/PII fields introduced OR properly classified in data-model.md
- No PHI/PII logged or exposed in errors/telemetry
- DSR (Data Subject Rights) impact assessed
- Encryption requirements met (TLS 1.3 in transit, AES-256 at rest)
- HIPAA/GDPR compliance verified
Accessibility (WCAG 2.2 AA+)
- Keyboard navigation tested
- Screen reader tested (VoiceOver/TalkBack for mobile, NVDA/JAWS for web)
- Color contrast meets 4.5:1 minimum
- Dynamic type/large fonts supported
- Reduced motion preferences respected
- Focus indicators visible
- Semantic HTML/native components used (web)
- Accessibility labels provided (mobile)
Security
- Input validation and sanitization implemented
- No SQL injection, XSS, or command injection vulnerabilities
- Authentication/authorization properly enforced
- Rate limiting applied where appropriate
- Secrets not committed (use env vars or secret management)
- OWASP Top 10 considerations addressed
Platform Parity
- Feature parity across Android/iOS/Web OR exceptions documented
- Responsive design tested on multiple screen sizes
- Cross-browser testing completed (if web)
- Platform-specific adaptations follow design system
Testing
- Unit tests added/updated
- Integration tests added/updated (if applicable)
- E2E tests added/updated (if applicable)
- Accessibility automated tests passing (axe, lint rules)
- Manual testing completed
Observability
- Structured logging added (no PHI/PII)
- Error handling and user-facing messages clear
- Performance impact assessed
- Monitoring/alerting considerations documented
Migration/Rollout Plan
- No migration needed
- Migration plan documented in proposal
- Rollback procedure defined
- Feature flag strategy defined (if applicable)
Screenshots/Demos
Reviewers Needed
- Accessibility review (@accessibility-team)
- Compliance review (@compliance-team)
- Security review (@security-team)
- Mobile review (@mobile-team)
- Web review (@web-team)
- Backend review (@backend-team)
- Data review (@data-team)
Additional Context
Remember: All code changes must link to an approved OpenSpec spec. Use OpenSpec lifecycle: propose → review → apply → archive