> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Auto-Apply Safety Criteria for Spec Review (Optional Guidance)

> When the spec-reviewer agent runs in auto-apply mode (invoked with "apply recommendations"), it may apply all recommendation types. The agent is not required t…

When the **spec-reviewer** agent runs in **auto-apply mode** (invoked with "apply recommendations"), it may apply all recommendation types. The agent is not required to skip or flag any categories.

This document is **optional guidance** for human reviewers: after auto-apply, consider extra review of edits that touch the categories below.

## Healthcare-Sensitive Categories (Consider Human Review After Auto-Apply)

You may wish to double-check auto-applied edits in these areas:

* **PHI/PII** — Any requirement or text involving protected health information, personally identifiable information, or data classification (e.g. what may be stored, logged, or transmitted).
* **Multi-tenancy / RLS** — Row-level security policies, `organization_id` isolation, SECURITY DEFINER helpers, tenant-boundary wording, or defense-in-depth filters.
* **Security and consent** — Consent checks (e.g. `cl_check_sud_consent`), access control, authentication/authorization rules, or attestation requirements.
* **External integrations** — PDMP, FHIR, HIE, e-prescribing, or other external system contracts and fail-closed/fail-open behavior.
* **Regulatory and healthcare compliance** — HIPAA, 42 CFR Part 2, state prescription monitoring, ONC certification, or other regulatory text.

## References

* **Workflow:** [SPEC\_WORKFLOW.md](SPEC_WORKFLOW.md) — "What each step does" table, spec-reviewer row.
* **Checklist:** [SPEC\_CHECKLISTS.md](../../specs/_templates/SPEC_CHECKLISTS.md) — Post–spec-reviewer / auto-apply verification entry.
* **Agent:** `.cursor/agents/spec-reviewer.md` — Auto-apply mode and safe vs contextual edits.