> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Governance

> Central entry point for all governance documentation in Encore OS. This file links to the authoritative sources for each governance domain — it does not duplic…

**Last Updated:** 2026-04-12

Central entry point for all governance documentation in Encore OS. This file links to the authoritative sources for each governance domain — it does not duplicate their content.

***

## Document Hierarchy

```
constitution.md (guardrails — wins on conflict)
  └── AI_GUIDE.md (AI contribution process)
      └── AGENTS.md (quick reference, patterns, decision trees)
          └── .cursor/rules/ (detailed pattern files with code examples)
              └── Core-specific src/*/AGENTS.md files
```

**When documents conflict, `constitution.md` wins.**

***

## Platform Governance

| Document                                                                                  | Purpose                                                                                                                               |
| ----------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
| [constitution.md](https://github.com/Encore-OS/encoreos/blob/development/constitution.md) | Non-negotiable engineering guardrails (architecture, security, database, PWA, testing, documentation, automation, definition of done) |
| [AGENTS.md](https://github.com/Encore-OS/encoreos/blob/development/AGENTS.md)             | AI agent quick reference: patterns, checklists, regulatory decision tree, what AI must never do                                       |
| [AI\_GUIDE.md](https://github.com/Encore-OS/encoreos/blob/development/AI_GUIDE.md)        | AI contribution workflow: spec process, implementation log protocol, decision framework                                               |
| [docs/DOCUMENTATION\_STANDARDS.md](/DOCUMENTATION_STANDARDS)                              | Documentation hierarchy, naming, versioning, ownership, maintenance                                                                   |
| [docs/VERSIONS.md](/VERSIONS)                                                             | Single source of truth for all documentation versions                                                                                 |

***

## Architecture Governance

| Document                                                                                                                  | Purpose                                                                                           |
| ------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- |
| [docs/architecture/decisions/](/architecture/decisions/index)                                                             | Architecture Decision Records (ADR-001 through ADR-013) — why the platform is built the way it is |
| [docs/architecture/integrations/CROSS\_CORE\_INTEGRATIONS.md](/architecture/integrations/CROSS_CORE_INTEGRATIONS)         | Cross-core integration patterns, encounter lifecycle, event contracts                             |
| [docs/architecture/integrations/PLATFORM\_INTEGRATION\_LAYERS.md](/architecture/integrations/PLATFORM_INTEGRATION_LAYERS) | Platform Integration Layer (PIL) design                                                           |

***

## Regulatory Compliance

| Document                                                                                                              | Purpose                                                                               |
| --------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------- |
| [docs/compliance/REGULATORY\_COMPLIANCE\_TRACKER.md](/compliance/REGULATORY_COMPLIANCE_TRACKER)                       | Master compliance status: CL/PM regulations (42 CFR Part 2, HIPAA, AHCCCS, ONC, etc.) |
| [docs/compliance/HR\_WORKFORCE\_COMPLIANCE\_TRACKING.md](/compliance/HR_WORKFORCE_COMPLIANCE_TRACKING)                | HR compliance: FLSA, FMLA, ERISA, ACA, I-9, OSHA, EEOC, credentialing                 |
| [docs/compliance/FA\_FINANCIAL\_COMPLIANCE\_TRACKING.md](/compliance/FA_FINANCIAL_COMPLIANCE_TRACKING)                | FA compliance: IRS, FASB ASC 958, OMB 2 CFR 200                                       |
| [docs/compliance/RH\_RECOVERY\_HOUSING\_COMPLIANCE\_TRACKING.md](/compliance/RH_RECOVERY_HOUSING_COMPLIANCE_TRACKING) | RH compliance: AZ DHS, NARR, Fair Housing, fire safety                                |
| [docs/compliance/GR\_GOVERNANCE\_COMPLIANCE\_TRACKING.md](/compliance/GR_GOVERNANCE_COMPLIANCE_TRACKING)              | GR compliance: CARF, Joint Commission, HEDIS, NOMs, incident reporting                |
| [docs/compliance/IT\_SECURITY\_COMPLIANCE\_TRACKING.md](/compliance/IT_SECURITY_COMPLIANCE_TRACKING)                  | IT security: HIPAA Security Rule, HITECH, NIST CSF, CIS Controls                      |
| [docs/compliance/CE\_COMMUNICATIONS\_COMPLIANCE\_TRACKING.md](/compliance/CE_COMMUNICATIONS_COMPLIANCE_TRACKING)      | CE communications: CAN-SPAM, TCPA, call recording                                     |
| [docs/compliance/FCRA\_TCPA\_COMPLIANCE\_TRACKING.md](/compliance/FCRA_TCPA_COMPLIANCE_TRACKING)                      | FCRA/TCPA: background checks, SMS consent                                             |
| [docs/compliance/ONC\_CERTIFICATION\_ROADMAP.md](/compliance/ONC_CERTIFICATION_ROADMAP)                               | ONC certification roadmap (CL-16, PM-01)                                              |
| [docs/compliance/PHI\_CLASSIFICATION.md](/compliance/PHI_CLASSIFICATION)                                              | PHI classification table (which columns/tables contain PHI)                           |
| [docs/compliance/evidence/index.md](/compliance/evidence/index)                                                       | Compliance evidence packages (per-feature regulatory proof)                           |

**Multi-state compliance:** See [PF-96 jurisdiction profiles](https://github.com/Encore-OS/encoreos/blob/development/specs/pf/specs/PF-96-medicaid-state-compliance-configuration.md) and [AGENTS.md §Architecture Rules](https://github.com/Encore-OS/encoreos/blob/development/AGENTS.md).

***

## AI & Automation Governance

| Document                                                                                                                       | Purpose                                                                            |
| ------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------- |
| [.cursor/README.md](https://github.com/Encore-OS/encoreos/blob/development/.cursor/README.md)                                  | Cursor IDE governance: agent catalog, command inventory, rules, MCP                |
| [.cursor/BUGBOT.md](https://github.com/Encore-OS/encoreos/blob/development/.cursor/BUGBOT.md)                                  | Automated PR review rules (database, security, TODO/FIXME)                         |
| [.cursor/hooks.json](https://github.com/Encore-OS/encoreos/blob/development/.cursor/hooks.json)                                | IDE hooks: PHI scanner, sensitive file guard, risky command guard, post-edit check |
| [.cursor/rules/RULES\_GOVERNANCE.md](https://github.com/Encore-OS/encoreos/blob/development/.cursor/rules/RULES_GOVERNANCE.md) | Cursor rule authoring standards and review cadence                                 |
| [.claude/README.md](https://github.com/Encore-OS/encoreos/blob/development/.claude/README.md)                                  | Claude Code governance: agents, skills, hooks, conflict resolution                 |
| [docs/development/AI\_PLATFORM\_PARITY.md](/development/AI_PLATFORM_PARITY)                                                    | Capability matrix across Cursor, Claude Code, and GitHub Copilot                   |

***

## AI Configuration Governance Cadence

**Monthly (see AGENTS.md for full checklist):**

* Reconcile inventory counts for `.cursor/commands`, `.cursor/agents`, `.cursor/skills`, `.cursor/rules`
* Validate links in AI-facing docs and remove stale references
* Review MCP server list; confirm secrets are environment-driven
* Prune duplicate/overlapping rules; update skill/subagent taxonomy

**On PRs changing AI config** (`.cursor/**`, `AGENTS.md`, `AI_GUIDE.md`, `docs/development/*CURSOR*`):

* Update inventory/documentation references
* Confirm no committed plaintext secrets
* Confirm hook and command paths exist
* Include verification evidence

***

## CI Governance Gates

| Gate                        | Script                                               | Blocking?        |
| --------------------------- | ---------------------------------------------------- | ---------------- |
| Governance validation       | `npm run validate:governance`                        | ✅ Yes            |
| Version sync check          | `npm run validate-version-sync`                      | ✅ Yes            |
| Architecture boundary check | `npm run check-architecture`                         | ✅ Yes            |
| RLS coverage                | `scripts/check-rls-coverage.ts --min-coverage 100`   | ✅ Yes            |
| AI slop detection           | `npm run check:slop:ci`                              | ⚠️ Warning only  |
| Dead code detection         | `npm run deadcode:ci`                                | ⚠️ Warning only  |
| Compliance evidence audit   | `npx tsx scripts/audit/audit-compliance-evidence.ts` | Manual           |
| Governance report           | `npm run governance:report` (when created)           | Manual/weekly CI |

**Tighten non-blocking gates:** See [docs/development/CI\_PIPELINE.md](/development/CI_PIPELINE) for the plan to convert warning-only gates to blocking gates as baselines are established.

***

## Spec Governance

| Document                                                                                                                          | Purpose                                                                                                |
| --------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ |
| [docs/development/SPEC\_WORKFLOW.md](/development/SPEC_WORKFLOW)                                                                  | Canonical spec workflow (create → clarify → validate → review → tasks → implement → verify → complete) |
| [specs/README.md](https://github.com/Encore-OS/encoreos/blob/development/specs/README.md)                                         | Spec directory overview and discovery                                                                  |
| [specs/\_templates/TEMPLATE\_INDEX.md](https://github.com/Encore-OS/encoreos/blob/development/specs/_templates/TEMPLATE_INDEX.md) | Template decision tree and all template descriptions                                                   |
| [specs/IMPLEMENTATION\_LOG.md](https://github.com/Encore-OS/encoreos/blob/development/specs/IMPLEMENTATION_LOG.md)                | Platform-wide implementation log                                                                       |
| [specs/DEFERRED\_DASHBOARD.md](https://github.com/Encore-OS/encoreos/blob/development/specs/DEFERRED_DASHBOARD.md)                | Deferred phase dashboard                                                                               |

***

## Governance Health Scripts

```bash theme={null}
# Version sync check (CI)
npx tsx scripts/audit/validate-version-sync.ts

# Compliance evidence coverage
npx tsx scripts/audit/audit-compliance-evidence.ts

# Governance validation suite
npm run validate:governance

# Architecture boundary check
npm run check-architecture

# AI slop audit
npm run check:slop

# Dead code audit
npm run deadcode

# Governance report (all gates)
npm run governance:report
```

***

## Related: GR Module (Product Governance)

The **GR (Governance & Risk)** core handles *product-level* governance workflows (policy management, audit management, risk assessments, accreditation tracking, incident reporting, AI compliance advisor). This file covers *engineering and documentation* governance.

* [specs/gr/README.md](https://github.com/Encore-OS/encoreos/blob/development/specs/gr/README.md) — GR module specs
* [docs/compliance/GR\_GOVERNANCE\_COMPLIANCE\_TRACKING.md](/compliance/GR_GOVERNANCE_COMPLIANCE_TRACKING) — GR regulatory compliance
