# VRX-URS38-EXPANSION-001 — URS-38 Peer-Grade Expansion Requirements

| Field | Value |
|---|---|
| Document ID | VRX-URS38-EXPANSION-001 |
| Purpose | Operationalizes PACK-COR-004. Specifies what URS-38 (Quality Analytics / Dashboards / Inspection-Readiness Scorecard, currently 79 lines) **shall add** to reach the controlled-spec grade of its pack peers (URS-37/41) before pack freeze. |
| Status | **DRAFT — for URS Expert + QA + CSV/CSA + DI. Not approved.** |
| Date | 2026-06-07 |
| Verified against | `verixaai/verixa dev-vimal-deploy @ d8ccdb97` (read-only) |
| Owners | URS Expert (authoring) · QA + CSV/CSA + DI (review) |

> Read-only advisory MI **correctly lowers** URS-38's validation burden — that classification is not disputed. The defect is that the **document** is too thin to be a controlled Category-5 spec. This adds the missing sections; it does not raise the validation tier.

---

## 1. Verified current state (grounds the gaps)

- **AN-004 read-only — CONFIRMED.** The `dashboard` module writes only to its own MI tables (`dashboard_export_log` `export.service.ts:213`; `analytics_aggregations` `analytics-aggregation.service.ts:86/104`; `dashboard_alerts`); no write path to source GxP tables. Read-side classification holds.
- **AN-008 AI labelling — OPEN, and worse than "unverified":** `root-cause-clustering.service.ts` cited in the URS-38 header is **absent** in `modules/dashboard/` at `d8ccdb97` (present files: alert-engine, analytics-aggregation, analytics.routes, audit-registry, dashboard.service, export.service, industry-benchmark, kpi-engine, metric-calculator). The advisory-AI claim cannot be verified — the artifact is not at this baseline.
- **Baseline UNPINNED** (PACK-COR-001): URS-38 cites no commit SHA. The clustering-file discrepancy is a direct consequence.

## 2. Required additions (URS-38 → peer grade)

URS-38 **shall** add the following before it may sit in the controlled URS 36–41 pack. Each is a `shall`-grade requirement with acceptance.

| # | Section to add | Requirement | Acceptance |
|---|---|---|---|
| E-1 | **Baseline pin** | Cite a controlled baseline (commit SHA per VRX-PACK-BASELINE-001); re-verify every "Built/verified" code claim at that SHA. | Every code claim traces to one baseline row; `root-cause-clustering` either confirmed present at the pinned SHA or reclassified as target-state. |
| E-2 | **Atomic requirement register** | Expand AN-001…010 into atomic, individually-testable `shall` rows (one behaviour per row) with Risk, Acceptance, Reg/QS trace, Evidence — matching the URS-37/41 register format. | No compound requirements; each row independently testable. |
| E-3 | **Risk classification table** | Per-function failure-mode / GxP-impact / severity / probability / detectability / risk-level / control (CSV/CSA §12 format). | Each function risk-rated with rationale. |
| E-4 | **ALCOA+ / Part 11 applicability assessment** | Assess whether dashboard **snapshots, exports, and the inspection-readiness score** are records relied upon for a regulated activity (they may be shown to inspectors). Map to the pack Part 11 map (VRX-PACK-PART11-MAP-001). | A signed determination per output type; Part 11 controls applied only where in scope. |
| E-5 | **Controlled-export integrity rules** | Reproducibility, integrity stamp/hash, embedded filter context + timezone, access control, and an export audit event. (Partly built: `export.service.ts` + `dashboard_export_log`.) | An export reproduces identical data; export is audited; integrity verifiable. |
| E-6 | **Inspection-Readiness score definition (AN-003)** | Documented, **versioned** scoring formula; inputs enumerated; reproducible from a snapshot; drill-down to contributing records. | Score recomputes identically from its snapshot inputs; formula version recorded; score changes are controlled changes. |
| E-7 | **AI advisory labelling + acceptance (AN-008)** | Any AI insight (e.g., root-cause clustering) **shall** be labelled advisory, logged per URS-32 (`ai_governance_events`/`llm_audit_log`, `outcome_label`), and never a system-of-record fact; bind ARCH-AI-001 v1.0. **First** resolve the absent-artifact discrepancy (E-1). | AI insight labelled + logged at the pinned baseline; negative test: an unlabelled AI insight fails. |
| E-8 | **Cross-tenant aggregation controls (AN-010)** | Tenant + scope isolation on every analytics/benchmark query; no cross-tenant aggregation without authorization. Align to the platform-scoped-RLS decision (VRX-PACK-ISO-001). | Isolation OQ: Tenant A cannot see Tenant B data in any dashboard/score/export/benchmark; fails closed. |
| E-9 | **RTM** | URS-38 requirement → risk → design/code → test-case traceability; no orphan requirements. | Complete RTM; every high-risk row traces to test evidence. |
| E-10 | **OQ negative tests** | Forced cross-tenant leak (E-8), export non-reproducibility, score-recompute mismatch, unlabelled-AI-insight — all must fail closed. | Each negative case produces the expected block/failure. |

## 3. Required actions

1. Author the additions E-1…E-10 into URS-38 v2.0 under change control (URS-13). [URS Expert]
2. Resolve the `root-cause-clustering` artifact discrepancy at the pinned baseline (present → verify labelling+logging; absent → reclassify AN-008 as target-state). [Engineering + CSV/CSA]
3. Feed E-4 record types into the pack Part 11 map (VRX-PACK-PART11-MAP-001). [DI/QA]
4. Keep URS-38 **Rejected for freeze** until E-1…E-10 are in and reviewed. [QA]

| Boundary Check | Result |
|---|---|
| Primary lens | CSV/CSA (spec adequacy) + Data Integrity (export/record) + AI Governance (AN-008) |
| Owned deliverable | Expansion requirement set (what URS-38 must add) |
| Out-of-scope (deferred) | URS-38 authoring → URS Expert; final approval → Head of QA; OQ protocols → Test Architect |
| Repo | Read-only; no files modified |
| Final status | Draft — URS authoring + Head of QA review required |

*Verified read-only against `verixaai/verixa dev-vimal-deploy @ d8ccdb97`. No repo files modified. No claim of validation, compliance, or approval.*
