cassel/calctext
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ef302ebda9885056ef805d38f519e5adfaa80a84
calctext/.agents/skills/bmad-validate-prd/steps-v/step-v-08-domain-compliance-validation.md
C. Cassel bfe0e01254 initial commit
2026-03-16 19:54:53 -04:00

241 lines
7.5 KiB
Markdown
Raw Blame History

---
# File references (ONLY variables used in this step)
nextStepFile: './step-v-09-project-type-validation.md'
prdFile: '{prd_file_path}'
prdFrontmatter: '{prd_frontmatter}'
validationReportPath: '{validation_report_path}'
domainComplexityData: '../data/domain-complexity.csv'
---
# Step 8: Domain Compliance Validation
## STEP GOAL:
Validate domain-specific requirements are present for high-complexity domains (Healthcare, Fintech, GovTech, etc.), ensuring regulatory and compliance requirements are properly documented.
## MANDATORY EXECUTION RULES (READ FIRST):
### Universal Rules:
- 🛑 NEVER generate content without user input
- 📖 CRITICAL: Read the complete step file before taking any action
- 🔄 CRITICAL: When loading next step with 'C', ensure entire file is read
- 📋 YOU ARE A FACILITATOR, not a content generator
- ✅ YOU MUST ALWAYS SPEAK OUTPUT In your Agent communication style with the config `{communication_language}`
### Role Reinforcement:
- ✅ You are a Validation Architect and Quality Assurance Specialist
- ✅ If you already have been given communication or persona patterns, continue to use those while playing this new role
- ✅ We engage in systematic validation, not collaborative dialogue
- ✅ You bring domain expertise and compliance knowledge
- ✅ This step runs autonomously - no user input needed
### Step-Specific Rules:
- 🎯 Focus ONLY on domain-specific compliance requirements
- 🚫 FORBIDDEN to validate other aspects in this step
- 💬 Approach: Conditional validation based on domain classification
- 🚪 This is a validation sequence step - auto-proceeds when complete
## EXECUTION PROTOCOLS:
- 🎯 Check classification.domain from PRD frontmatter
- 💬 If low complexity (general): Skip detailed checks
- 🎯 If high complexity: Validate required special sections
- 💾 Append compliance findings to validation report
- 📖 Display "Proceeding to next check..." and load next step
- 🚫 FORBIDDEN to pause or request user input
## CONTEXT BOUNDARIES:
- Available context: PRD file with frontmatter classification, validation report
- Focus: Domain compliance only (conditional on domain complexity)
- Limits: Don't validate other aspects, conditional execution
- Dependencies: Steps 2-7 completed - format and requirements validation done
## MANDATORY SEQUENCE
**CRITICAL:** Follow this sequence exactly. Do not skip, reorder, or improvise unless user explicitly requests a change.
### 1. Load Domain Complexity Data
Load and read the complete file at:
`{domainComplexityData}` (../data/domain-complexity.csv)
This CSV contains:
- Domain classifications and complexity levels (high/medium/low)
- Required special sections for each domain
- Key concerns and requirements for regulated industries
Internalize this data - it drives which domains require special compliance sections.
### 2. Extract Domain Classification
From PRD frontmatter, extract:
- `classification.domain` - what domain is this PRD for?
**If no domain classification found:**
Treat as "general" (low complexity) and proceed to step 4
### 2. Determine Domain Complexity
**Low complexity domains (skip detailed checks):**
- General
- Consumer apps (standard e-commerce, social, productivity)
- Content websites
- Business tools (standard)
**High complexity domains (require special sections):**
- Healthcare / Healthtech
- Fintech / Financial services
- GovTech / Public sector
- EdTech (educational records, accredited courses)
- Legal tech
- Other regulated domains
### 3. For High-Complexity Domains: Validate Required Special Sections
**Attempt subprocess validation:**
"Perform domain compliance validation for {domain}:
Based on {domain} requirements, check PRD for:
**Healthcare:**
- Clinical Requirements section
- Regulatory Pathway (FDA, HIPAA, etc.)
- Safety Measures
- HIPAA Compliance (data privacy, security)
- Patient safety considerations
**Fintech:**
- Compliance Matrix (SOC2, PCI-DSS, GDPR, etc.)
- Security Architecture
- Audit Requirements
- Fraud Prevention measures
- Financial transaction handling
**GovTech:**
- Accessibility Standards (WCAG 2.1 AA, Section 508)
- Procurement Compliance
- Security Clearance requirements
- Data residency requirements
**Other regulated domains:**
- Check for domain-specific regulatory sections
- Compliance requirements
- Special considerations
For each required section:
- Is it present in PRD?
- Is it adequately documented?
- Note any gaps
Return compliance matrix with presence/adequacy assessment."
**Graceful degradation (if no Task tool):**
- Manually check for required sections based on domain
- List present sections and missing sections
- Assess adequacy of documentation
### 5. For Low-Complexity Domains: Skip Detailed Checks
Append to validation report:
```markdown
## Domain Compliance Validation
**Domain:** {domain}
**Complexity:** Low (general/standard)
**Assessment:** N/A - No special domain compliance requirements
**Note:** This PRD is for a standard domain without regulatory compliance requirements.
```
Display: "**Domain Compliance Validation Skipped**
Domain: {domain} (low complexity)
**Proceeding to next validation check...**"
Without delay, read fully and follow: {nextStepFile}
### 6. Report Compliance Findings (High-Complexity Domains)
Append to validation report:
```markdown
## Domain Compliance Validation
**Domain:** {domain}
**Complexity:** High (regulated)
### Required Special Sections
**{Section 1 Name}:** [Present/Missing/Adequate]
{If missing or inadequate: Note specific gaps}
**{Section 2 Name}:** [Present/Missing/Adequate]
{If missing or inadequate: Note specific gaps}
[Continue for all required sections]
### Compliance Matrix
| Requirement | Status | Notes |
|-------------|--------|-------|
| {Requirement 1} | [Met/Partial/Missing] | {Notes} |
| {Requirement 2} | [Met/Partial/Missing] | {Notes} |
[... continue for all requirements]
### Summary
**Required Sections Present:** {count}/{total}
**Compliance Gaps:** {count}
**Severity:** [Critical if missing regulatory sections, Warning if incomplete, Pass if complete]
**Recommendation:**
[If Critical] "PRD is missing required domain-specific compliance sections. These are essential for {domain} products."
[If Warning] "Some domain compliance sections are incomplete. Strengthen documentation for full compliance."
[If Pass] "All required domain compliance sections are present and adequately documented."
```
### 7. Display Progress and Auto-Proceed
Display: "**Domain Compliance Validation Complete**
Domain: {domain} ({complexity})
Compliance Status: {status}
**Proceeding to next validation check...**"
Without delay, read fully and follow: {nextStepFile} (step-v-09-project-type-validation.md)
---
## 🚨 SYSTEM SUCCESS/FAILURE METRICS
### ✅ SUCCESS:
- Domain classification extracted correctly
- Complexity assessed appropriately
- Low complexity domains: Skipped with clear "N/A" documentation
- High complexity domains: All required sections checked
- Compliance matrix built with status for each requirement
- Severity assessed correctly
- Findings reported to validation report
- Auto-proceeds to next validation step
- Subprocess attempted with graceful degradation
### ❌ SYSTEM FAILURE:
- Not checking domain classification before proceeding
- Performing detailed checks on low complexity domains
- For high complexity: missing required section checks
- Not building compliance matrix
- Not reporting findings to validation report
- Not auto-proceeding
**Master Rule:** Domain compliance is conditional. High-complexity domains require special sections - low complexity domains skip these checks.
Reference in New Issue View Git Blame Copy Permalink