Generated 1 epic + 6 stories under docs/work/epics/ from the approved
PRD docs/work/prds/compliance-docs-scaffolds.prd.md. Stories cover
landing + refreshing operator-checklist.md, the seven fill-in policy
templates, the pre-launch compliance checklist, the compliance-overview
hub, and doc wiring (CLAUDE.md, README, glossary). Final epic of
ADR-025. Ready for `pnpm work dispatch --execute`.
Implementation seed for ADR-025 Epic D, the final epic: seven fill-in
policy templates under docs/compliance/templates/ (2 anchored, 5
skeleton with not-code-enforced banner), a two-column pre-launch
compliance checklist mapping playbook obligations to template
mechanisms, a compliance-overview.md hub, and a landed + refreshed
operator-checklist.md. Pure docs — no code, no conformance changes.
Status: approved — ready for pnpm work decompose.
Implementation seed for ADR-025 Epic C: six security headers middleware
with nonce-based CSP in core-shared/security (Next + TanStack adapters),
fourth conformance channel for rate-limit in core-shared/rate-limit
(IRateLimit + RateLimited brand + multi-budget manifest field +
no-undeclared-rate-limit ESLint rule), CycloneDX SBOM step in
release-please.yml. auth.signIn backfilled as canonical rate-limit
reference. ADR-023 amendment for SBOM captured. Status: approved —
ready for pnpm work decompose.
Implementation seed for ADR-025 Epic B: two new optional cores
(@repo/core-dsr with 4 interfaces, @repo/core-consent with IConsent +
ConsentChecked brand + requiresConsent manifest field), CookieConsentBanner
in core-ui with EU-prominence defaults, subject-linkage types in
core-shared, ADR-018 amendment adding 4 new audit action types
(CONSENT_GRANT/WITHDRAW + RESTRICT/UNRESTRICT). 15 user stories ordered
by the in-epic sequencing hints. Status: approved — ready for
pnpm work decompose.
