Skip to content

Release Notes - v0.9.0

Release Date: 2026-03-16

Overview

This release adds compliance requirements support for tracking regulatory and standards compliance (GDPR, SOC2, HIPAA, PCI-DSS, WCAG, FedRAMP), plus a new requirements-by-phase view that consolidates all requirements for execution planning.

New Features

Compliance Requirements

Track regulatory and standards compliance requirements as a first-class PRD section:

Compliance Categories:

Category Description Example Standards
data_privacy Data protection regulations GDPR, CCPA
security Security certifications SOC2, ISO 27001
healthcare Healthcare regulations HIPAA, HITRUST
financial Financial regulations PCI-DSS, SOX
accessibility Accessibility standards WCAG, ADA
government Government certifications FedRAMP, StateRAMP
industry Industry-specific standards Varies by sector

JSON Example:

{
  "requirements": {
    "functional": [...],
    "nonFunctional": [...],
    "compliance": [
      {
        "id": "CR-001",
        "title": "GDPR Data Subject Rights",
        "description": "Users must be able to request data export and deletion",
        "category": "data_privacy",
        "standard": "GDPR",
        "controlReference": "GDPR Article 17",
        "geographicScope": ["EU"],
        "priority": "must",
        "phaseId": "phase-1",
        "status": "in_progress",
        "auditFrequency": "annual",
        "evidenceRequirements": ["Data deletion logs", "Export request records"],
        "certificationRequired": false
      }
    ]
  }
}

Rendered Output:

## Compliance Requirements

### Data Privacy

| ID | Title | Standard | Control Ref | Scope | Priority | Phase |
|----|-------|----------|-------------|-------|----------|-------|
| CR-001 | GDPR Data Subject Rights | GDPR | GDPR Article 17 | EU | must | phase-1 |

Compliance Requirement Fields:

Field Required Description
id Yes Unique identifier (e.g., "CR-001")
title Yes Requirement title
description Yes Detailed description
category Yes Compliance category (see table above)
standard Yes Standard name (GDPR, SOC2, HIPAA, etc.)
controlReference No Specific control reference (e.g., "GDPR Article 17")
geographicScope No Applicable regions (EU, US, California, Global)
effectiveDate No When compliance is required
priority Yes MoSCoW priority
phaseId Yes Target roadmap phase
status No not_started, in_progress, compliant, non_compliant
auditFrequency No annual, quarterly, continuous
evidenceRequirements No Documentation needed for compliance
certificationRequired No Whether third-party certification is required
thirdPartyAssessment No Assessor type or name
penalties No Business risk of non-compliance

Requirements by Phase View

A new consolidated view groups all requirements (functional, non-functional, and compliance) by roadmap phase for execution planning:

## Requirements by Phase

*All requirements grouped by target delivery phase for execution planning.*

### phase-1: MVP

| ID | Title | Type | Category | Priority |
|------|-----------------|--------------|----------|----------|
| FR-001 | User Authentication | Functional | Auth | must |
| NFR-001 | Response Time | Non-Functional | Performance | must |
| CR-001 | GDPR Data Subject Rights | Compliance | Data Privacy | must |

### Unassigned

*Requirements not yet assigned to a phase.*

| ID | Title | Type | Category | Priority |
|------|-----------------|--------------|----------|----------|
| FR-010 | Admin Dashboard | Functional | Admin | could |

Features:

  • Natural ID sorting - FR-2 sorts before FR-10
  • Priority-based sorting - Must → Should → Could → Won't
  • Phase-aware ordering - Follows roadmap phase sequence
  • Unassigned section - Shows requirements without phase assignment

Scoring and Completeness

Compliance requirements are integrated into the PRD evaluation system:

Quality Scoring (scoreRequirementsQuality):

  • +1.5 points for having compliance requirements
  • +0.5 bonus for multiple compliance categories
  • +0.5 bonus for documented evidence requirements

Completeness Check (checkRequirements):

  • +1 point for comprehensive coverage (3+ requirements)
  • +0.5 points for partial coverage (1-2 requirements)
  • Suggestion to add compliance requirements if missing

Optional sections total increased from 16 to 18.

Filtering

Compliance requirements are included in tag-based filtering:

splan req prd filter input.json --tags=gdpr,security

Section Ordering

New sections added to all PRD type templates:

  • SectionComplianceReqs - Compliance Requirements
  • SectionRequirementsByPhase - Requirements by Phase
# Include compliance in custom order
splan req prd generate input.json --order=executiveSummary,functionalRequirements,nonFunctionalRequirements,complianceRequirements

Installation

Homebrew (macOS/Linux)

brew upgrade grokify/tap/splan

Go Install

go install github.com/grokify/structured-plan/cmd/splan@v0.9.0

Go Module

go get github.com/grokify/structured-plan@v0.9.0

Full Changelog

See CHANGELOG.md for complete details.