When the spec-reviewer agent runs in auto-apply mode (invoked with “apply recommendations”), it may apply all recommendation types. The agent is not required to skip or flag any categories. This document is optional guidance for human reviewers: after auto-apply, consider extra review of edits that touch the categories below.Documentation Index
Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
Use this file to discover all available pages before exploring further.
Healthcare-Sensitive Categories (Consider Human Review After Auto-Apply)
You may wish to double-check auto-applied edits in these areas:- PHI/PII — Any requirement or text involving protected health information, personally identifiable information, or data classification (e.g. what may be stored, logged, or transmitted).
- Multi-tenancy / RLS — Row-level security policies,
organization_idisolation, SECURITY DEFINER helpers, tenant-boundary wording, or defense-in-depth filters. - Security and consent — Consent checks (e.g.
cl_check_sud_consent), access control, authentication/authorization rules, or attestation requirements. - External integrations — PDMP, FHIR, HIE, e-prescribing, or other external system contracts and fail-closed/fail-open behavior.
- Regulatory and healthcare compliance — HIPAA, 42 CFR Part 2, state prescription monitoring, ONC certification, or other regulatory text.
References
- Workflow: SPEC_WORKFLOW.md — “What each step does” table, spec-reviewer row.
- Checklist: SPEC_CHECKLISTS.md — Post–spec-reviewer / auto-apply verification entry.
- Agent:
.cursor/agents/spec-reviewer.md— Auto-apply mode and safe vs contextual edits.