Loading...
Loading...
Compare original and translation side by side
.health-docs/analysis.md.health-docs/analysis.mdcomply/⚠ REQUIRES HUMAN REVIEW.health-docs/[REDACTED — potential secret at <source-path>:<line>].env.env.*secrets.*credentials.*comply/⚠ 需要人工审核.health-docs/[已脱敏——潜在敏感内容位于 <源路径>:<行号>].env.env.*secrets.*credentials.***/*.mdAGENTS.md.github/copilot-instructions.md.cursor/rules.cursorrulesCLAUDE.md.github/workflows/Jenkinsfile.circleci/Makefiledocs/documentation/wiki/doc/nulldoc_root_detectedreferences/regime-signals.md**/*.mdAGENTS.md.github/copilot-instructions.md.cursor/rules.cursorrulesCLAUDE.md.github/workflows/Jenkinsfile.circleci/Makefiledocs/documentation/wiki/doc/doc_root_detectednullreferences/regime-signals.md| Subagent | Condition | Invocation | Coverage dimensions fed |
|---|---|---|---|
| PHI signals found (see | "scoped review" + file list | |
| FHIR or ONC signals found (FHIR resource types, SMART auth, EHR SDK imports, USCDI references) | "scoped review" + file list | |
| UI source files found ( | "scoped review" + file list | |
confidence: reduced| Subagent | Finding type | Coverage dimension |
|---|---|---|
| Access control / session management gaps | |
| Audit log / retention gaps | |
| Encryption at-rest or in-transit gaps | |
| Risk analysis / risk management gaps | |
| BAA / business associate documentation gaps | |
| Integration / vendor API documentation gaps | |
| SMART / bulk API access documentation gaps | |
| Missing usability test docs / acceptance criteria | |
confidence: reduced| 子代理 | 触发条件 | 调用参数 | 覆盖维度 |
|---|---|---|---|
| 检测到PHI信号(参见 | "范围审查" + 文件列表 | |
| 检测到FHIR或ONC信号(FHIR资源类型、SMART认证、EHR SDK导入、USCDI引用) | "范围审查" + 文件列表 | |
| 检测到UI源文件( | "范围审查" + 文件列表 | |
confidence: reduced| 子代理 | 发现类型 | 覆盖维度 |
|---|---|---|
| 访问控制/会话管理缺口 | |
| 审计日志/留存缺口 | |
| 静态加密/传输加密缺口 | |
| 风险分析/风险管理缺口 | |
| BAA/业务合作方文档缺口 | |
| 集成/供应商API文档缺口 | |
| SMART/批量API访问文档缺口 | |
| 缺失可用性测试文档/验收标准 | |
confidence: reducedreferences/doc-hierarchy.md| Status | Meaning |
|---|---|
| Exists, appears current and complete |
| Exists but stale, thin, or incomplete — note what's missing |
| Multiple sources cover the topic with contradictory content |
| No evidence found in the repository |
| Absent and mandated by applicable regulation |
references/doc-hierarchy.mdcovereddimensionsecure/audit-logsoperate/runbooks/breach-notificationstatussourcesregulatoryreferences/regulatory-mapping.mdnullrequirednullconfidencehighmediumreducedreferences/doc-hierarchy.md| 状态 | 含义 |
|---|---|
| 内容存在,看起来是最新且完整的 |
| 内容存在,但过时、单薄或不完整——注明缺失内容 |
| 多个来源覆盖同一主题,但内容相互矛盾 |
| 在仓库中未找到相关证据 |
| 内容缺失且属于适用法规强制要求 |
references/doc-hierarchy.mdcovereddimensionsecure/audit-logsoperate/runbooks/breach-notificationstatussourcesregulatoryreferences/regulatory-mapping.mdnullrequirednullconfidencehighmediumreduced.health-docs/analysis.md.health-docs/analysis.md.health-docs/analysis.mdgenerated_atrequirements.health-docs/analysis.mdgenerated_atrequirements"I found these indicators: Patient model with MRN and DOB fields (src/models/patient.rb), FHIR R4 resources in src/fhir/, 'phi' in 14 variable names. I'm proposing HIPAA track. Correct?"
INCLUDE ⚠ required[detected-root]/docs/"我发现了以下指标:包含MRN和DOB字段的患者模型(src/models/patient.rb)、src/fhir/目录下的FHIR R4资源、14个变量名中包含'phi'。我建议采用HIPAA跟踪,是否正确?"
包含 ⚠ 必填[检测到的根目录]/docs/required: true/false.health-docs/analysis.mdrequired: true/false.health-docs/analysis.mdCONSOLIDATE (copying to target path — no rewrites; originals flagged in place):
README.md:12-45 → docs/orient/README.md
AGENTS.md:23-31 → docs/agent-context/phi-rules.md
MERGE (combining sources — conflicts flagged for your review):
README.md:78-85 ⚠ CONFLICT → docs/secure/auth-model.md
AGENTS.md:23-31 (session timeout description differs)
DRAFT NEW (no existing source — requires human review where noted):
docs/operate/runbooks/breach-notification.md ← HIPAA §164.408 ⚠ REVIEW
docs/comply/hipaa/risk-analysis.md ← HIPAA §164.308 ⚠ REVIEW
SKIP (not required by your profile):
docs/comply/onc/
docs/comply/fda/
Proceed? [yes / no / edit plan]整合(复制到目标路径——不重写;原文件会被标记):
README.md:12-45 → docs/orient/README.md
AGENTS.md:23-31 → docs/agent-context/phi-rules.md
合并(合并多个来源——冲突会标记供您审核):
README.md:78-85 ⚠ 冲突 → docs/secure/auth-model.md
AGENTS.md:23-31 (会话超时描述不一致)
新起草(无现有来源——标注位置需要人工审核):
docs/operate/runbooks/breach-notification.md ← HIPAA §164.408 ⚠ 需审核
docs/comply/hipaa/risk-analysis.md ← HIPAA §164.308 ⚠ 需审核
跳过(您的配置中未要求):
docs/comply/onc/
docs/comply/fda/
是否继续? [是 / 否 / 编辑计划]⚠ REQUIRES HUMAN REVIEWcomply/<!-- ⚠ CONFLICT: session timeout described as 30min in README.md and 60min in AGENTS.md. Resolve before treating this document as authoritative. -->⚠ REQUIRES HUMAN REVIEWcomply/⚠ REQUIRES HUMAN REVIEWcomply/comply/⚠ 需要人工审核<!-- ⚠ 冲突:README.md中描述会话超时为30分钟,AGENTS.md中描述为60分钟。将此文档作为权威版本前请先解决冲突。 -->comply/⚠ 需要人工审核comply/⚠ 需要人工审核.health-docs/runs/YYYY-MM-DD.md.health-docs/runs/YYYY-MM-DD.md.health-docs/analysis.md---
generated_at: "2026-03-28T14:00:00Z"
schema_version: "1"
regime_detected:
hipaa:
proposed: true
confidence: high
evidence:
- "Patient model with mrn, dob fields (src/models/patient.rb:12)"
- "'phi' in 14 variable names"
onc:
proposed: true
confidence: medium
evidence:
- "SMART on FHIR scopes in config/oauth.yml"
fda_samd:
proposed: false
confidence: low
evidence: []
doc_root_detected: "docs/" # null if not found
coverage:
- dimension: "understand/data-flows"
status: "absent-required"
sources: []
regulatory: "HIPAA §164.308(a)(1)(ii)(A)"
required: null # populated by document mode
confidence: high
- dimension: "secure/audit-logs"
status: "partial"
sources:
- path: "README.md"
lines: "45-60"
note: "mentions audit logging exists but no schema or retention policy"
regulatory: "HIPAA §164.312(b)"
required: null
confidence: high
- dimension: "comply/hipaa/baa-inventory"
status: "absent-required"
sources: []
regulatory: "HIPAA §164.308(b)(1)"
required: null
confidence: high
requirements: # populated after document mode interview
interview_completed_at: null # ISO 8601 timestamp, null until interview complete
regime: [] # confirmed regimes (e.g., ["hipaa", "onc"])
dimensions: {} # dimension path → true/false
human_review_required: [] # file paths requiring human sign-off
---.health-docs/analysis.md---
generated_at: "2026-03-28T14:00:00Z"
schema_version: "1"
regime_detected:
hipaa:
proposed: true
confidence: high
evidence:
- "Patient model with mrn, dob fields (src/models/patient.rb:12)"
- "'phi' in 14 variable names"
onc:
proposed: true
confidence: medium
evidence:
- "SMART on FHIR scopes in config/oauth.yml"
fda_samd:
proposed: false
confidence: low
evidence: []
doc_root_detected: "docs/" # 未找到则为null
coverage:
- dimension: "understand/data-flows"
status: "absent-required"
sources: []
regulatory: "HIPAA §164.308(a)(1)(ii)(A)"
required: null # 文档模式填充
confidence: high
- dimension: "secure/audit-logs"
status: "partial"
sources:
- path: "README.md"
lines: "45-60"
note: "mentions audit logging exists but no schema or retention policy"
regulatory: "HIPAA §164.312(b)"
required: null
confidence: high
- dimension: "comply/hipaa/baa-inventory"
status: "absent-required"
sources: []
regulatory: "HIPAA §164.308(b)(1)"
required: null
confidence: high
requirements: # 文档模式访谈后填充
interview_completed_at: null # ISO 8601时间戳,访谈完成前为null
regime: [] # 确认的监管体系(例如["hipaa", "onc"])
dimensions: {} # 维度路径 → true/false
human_review_required: [] # 需要人工签字确认的文件路径
---references/doc-hierarchy.mdreferences/regime-signals.mdreferences/regulatory-mapping.mdexamples/example-analysis.mdexamples/example-analysis-artifact.md.health-docs/analysis.mdreferences/doc-hierarchy.mdreferences/regime-signals.mdreferences/regulatory-mapping.mdexamples/example-analysis.mdexamples/example-analysis-artifact.md.health-docs/analysis.md.health-docs/analysis.md.health-docs/analysis.md.health-docs/analysis.md.health-docs/runs/YYYY-MM-DD.md.health-docs/analysis.md.health-docs/runs/YYYY-MM-DD.md