@agile-vibe-coding/avc 0.1.1 → 0.3.1

package/cli/checks/cross-refs/story.json

@@ -0,0 +1,149 @@
+{
+  "scope": "story",
+  "tier": 2,
+  "checks": [
+    {
+      "id": "xref-sec-api-story-01",
+      "tier": 2,
+      "perspectives": ["security", "api"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sec-story-04", "api-story-01"],
+      "question": "Security auth in story: {{sec-story-04.evidence}}. API contract: {{api-story-01.evidence}}. Are the story's authentication requirements consistent with its API endpoint definitions?",
+      "failDescription": "Story security auth model and API endpoint definitions are inconsistent",
+      "failSuggestion": "Align story's API endpoint auth with its security requirements"
+    },
+    {
+      "id": "xref-sec-api-story-02",
+      "tier": 2,
+      "perspectives": ["security", "api"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sec-story-07", "api-story-03"],
+      "question": "Security input validation: {{sec-story-07.evidence}}. API inputs: {{api-story-03.evidence}}. Are input validation requirements consistent between security and API acceptance criteria?",
+      "failDescription": "Input validation requirements are inconsistent between security and API perspectives",
+      "failSuggestion": "Ensure every API input field has matching server-side validation from the security perspective"
+    },
+    {
+      "id": "xref-sec-api-story-03",
+      "tier": 2,
+      "perspectives": ["security", "api"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sec-story-05", "api-story-02"],
+      "question": "Security authorization: {{sec-story-05.evidence}}. API authorization: {{api-story-02.evidence}}. Are IDOR/BOLA protections and role boundary definitions consistent?",
+      "failDescription": "Authorization protections differ between security and API perspectives",
+      "failSuggestion": "Align IDOR protection and role boundary checks across security and API acceptance criteria"
+    },
+    {
+      "id": "xref-sec-db-story-01",
+      "tier": 2,
+      "perspectives": ["security", "database"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sec-story-09", "db-story-01"],
+      "question": "Security PII handling: {{sec-story-09.evidence}}. Database fields: {{db-story-01.evidence}}. Are PII fields handled consistently between security and database criteria?",
+      "failDescription": "PII handling differs between security and database acceptance criteria",
+      "failSuggestion": "Align PII field handling — database should reflect security's minimization and encryption requirements"
+    },
+    {
+      "id": "xref-sec-db-story-02",
+      "tier": 2,
+      "perspectives": ["security", "database"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sec-story-10", "db-story-02"],
+      "question": "Security logging: {{sec-story-10.evidence}}. Database audit: {{db-story-02.evidence}}. Are audit logging requirements consistent?",
+      "failDescription": "Audit logging requirements differ between security and database perspectives",
+      "failSuggestion": "Ensure audit log events defined in security ACs have corresponding database persistence"
+    },
+    {
+      "id": "xref-be-api-story-01",
+      "tier": 2,
+      "perspectives": ["backend", "api"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["be-story-01", "api-story-01"],
+      "question": "Backend implementation: {{be-story-01.evidence}}. API contract: {{api-story-01.evidence}}. Are backend implementation details consistent with API contract definitions?",
+      "failDescription": "Backend implementation and API contract are misaligned",
+      "failSuggestion": "Align backend implementation with API contract — handlers should match endpoint definitions"
+    },
+    {
+      "id": "xref-be-api-story-02",
+      "tier": 2,
+      "perspectives": ["backend", "api"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["be-story-02", "api-story-03"],
+      "question": "Backend error handling: {{be-story-02.evidence}}. API errors: {{api-story-03.evidence}}. Are error handling patterns consistent?",
+      "failDescription": "Backend error handling doesn't match API error definitions",
+      "failSuggestion": "Align backend error paths with API error response specifications"
+    },
+    {
+      "id": "xref-devops-be-story-01",
+      "tier": 2,
+      "perspectives": ["devops", "backend"],
+      "severity": "minor",
+      "category": "consistency",
+      "dependsOn": ["devops-story-01", "be-story-03"],
+      "question": "DevOps requirements: {{devops-story-01.evidence}}. Backend architecture: {{be-story-03.evidence}}. Are deployment requirements consistent with the backend implementation?",
+      "failDescription": "DevOps and backend requirements are inconsistent",
+      "failSuggestion": "Align deployment configuration with backend runtime requirements"
+    },
+    {
+      "id": "xref-qa-dev-story-01",
+      "tier": 2,
+      "perspectives": ["test-architect", "developer"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["ta-story-01", "dev-story-04"],
+      "question": "Test architecture: {{ta-story-01.evidence}}. Developer testing: {{dev-story-04.evidence}}. Are test requirements consistent between test architect and developer perspectives?",
+      "failDescription": "Test requirements are misaligned between test architect and developer",
+      "failSuggestion": "Align test scenarios with test architecture layers (unit, integration, e2e)"
+    },
+    {
+      "id": "xref-qa-sec-story-01",
+      "tier": 2,
+      "perspectives": ["test-architect", "security"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["ta-story-02", "sec-story-11"],
+      "question": "Test coverage: {{ta-story-02.evidence}}. Security testing: {{sec-story-11.evidence}}. Does the test strategy cover security-specific scenarios (abuse, unauthorized access)?",
+      "failDescription": "Test strategy doesn't cover security-specific scenarios",
+      "failSuggestion": "Add test scenarios for security abuse paths (wrong credentials, forged tokens, unauthorized access)"
+    },
+    {
+      "id": "xref-qa-api-story-01",
+      "tier": 2,
+      "perspectives": ["test-architect", "api"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["ta-story-03", "api-story-01"],
+      "question": "Test approach: {{ta-story-03.evidence}}. API endpoints: {{api-story-01.evidence}}. Does the testing strategy include integration tests for the story's API endpoints?",
+      "failDescription": "Testing strategy doesn't cover API integration tests for this story",
+      "failSuggestion": "Add API integration test scenarios for each endpoint with success and error paths"
+    },
+    {
+      "id": "xref-sa-be-story-01",
+      "tier": 2,
+      "perspectives": ["solution-architect", "backend"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sa-story-05", "be-story-01"],
+      "question": "SA dependencies: {{sa-story-05.evidence}}. Backend implementation: {{be-story-01.evidence}}. Are story dependencies and integration points consistent with backend implementation?",
+      "failDescription": "Story dependencies don't match backend implementation",
+      "failSuggestion": "Align story dependencies with actual backend service boundaries"
+    },
+    {
+      "id": "xref-sa-api-story-01",
+      "tier": 2,
+      "perspectives": ["solution-architect", "api"],
+      "severity": "major",
+      "category": "consistency",
+      "dependsOn": ["sa-story-01", "api-story-01"],
+      "question": "SA API contract: {{sa-story-01.evidence}}. API definition: {{api-story-01.evidence}}. Are SA-level API requirements consistent with detailed API definitions?",
+      "failDescription": "SA API requirements and detailed API definitions are inconsistent",
+      "failSuggestion": "Ensure SA endpoint requirements match the detailed API contract"
+    }
+  ]
+}

package/cli/checks/epic/api.json

@@ -0,0 +1,114 @@
+{
+  "perspective": "api",
+  "scope": "epic",
+  "checks": [
+    {
+      "id": "api-epic-01",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "critical",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic expose or consume APIs? (Does it define REST endpoints, GraphQL operations, or API contracts?)",
+      "question": "Does the epic scope clearly define API boundaries?",
+      "failDescription": "API boundaries are not defined — unclear which endpoints and resources are in scope",
+      "failSuggestion": "Define API boundaries: list endpoints, resource models, and API versioning strategy"
+    },
+    {
+      "id": "api-epic-02",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "critical",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic expose or consume APIs?",
+      "question": "Are all critical API features identified?",
+      "failDescription": "Critical API features are missing — endpoints, auth, or error handling not fully identified",
+      "failSuggestion": "Identify critical API features: endpoint specifications, authentication, rate limiting, error handling, versioning"
+    },
+    {
+      "id": "api-epic-03",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "major",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic depend on API services or infrastructure?",
+      "question": "Are dependencies on API services/infrastructure explicit?",
+      "failDescription": "API service dependencies are not explicit",
+      "failSuggestion": "Make API dependencies explicit: API gateway, authentication service, external APIs consumed"
+    },
+    {
+      "id": "api-epic-04",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "major",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic expose or consume APIs?",
+      "question": "Are API success criteria measurable?",
+      "failDescription": "API success criteria are not measurable",
+      "failSuggestion": "Define measurable API criteria: response time, throughput, error rate, uptime SLA"
+    },
+    {
+      "id": "api-epic-05",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "minor",
+      "category": "clarity",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic expose or consume APIs?",
+      "question": "Is API terminology used correctly?",
+      "failDescription": "API terminology is used incorrectly or inconsistently",
+      "failSuggestion": "Review API terminology: REST methods, status codes, resource naming, pagination"
+    },
+    {
+      "id": "api-epic-06",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "major",
+      "category": "technical-depth",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve API design or architecture?",
+      "question": "Are API architectural patterns considered?",
+      "failDescription": "API architectural patterns are not considered",
+      "failSuggestion": "Consider API patterns: RESTful resource design, consistent error format, pagination, filtering, versioning"
+    },
+    {
+      "id": "api-epic-07",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "major",
+      "category": "technical-depth",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic expose APIs that need to handle load?",
+      "question": "Are performance/scalability concerns for API addressed?",
+      "failDescription": "API performance and scalability concerns are not addressed",
+      "failSuggestion": "Address API performance: rate limiting, caching headers, pagination limits, payload size constraints"
+    },
+    {
+      "id": "api-epic-08",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "minor",
+      "category": "consistency",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic expose or consume APIs?",
+      "question": "Does the API approach align with project context?",
+      "failDescription": "API approach does not align with project context",
+      "failSuggestion": "Ensure API approach aligns with project: consistent naming, versioning, and error handling conventions"
+    },
+    {
+      "id": "api-epic-09",
+      "tier": 1,
+      "perspective": "api",
+      "severity": "minor",
+      "category": "best-practices",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic expose or consume APIs?",
+      "question": "Are industry-standard API patterns followed (REST/GraphQL principles)?",
+      "failDescription": "API best practices are not followed",
+      "failSuggestion": "Follow API best practices: proper HTTP methods, meaningful status codes, consistent resource naming"
+    }
+  ]
+}

package/cli/checks/epic/backend.json

@@ -0,0 +1,126 @@
+{
+  "perspective": "backend",
+  "scope": "epic",
+  "checks": [
+    {
+      "id": "be-epic-01",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "critical",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve server-side logic or backend services? (Does it include APIs, background jobs, data processing, or service-to-service communication?)",
+      "question": "Does the epic scope clearly define backend boundaries?",
+      "failDescription": "Backend boundaries are not defined — unclear which services and responsibilities are in scope",
+      "failSuggestion": "Define backend boundaries: which services, routes, and responsibilities belong to this epic"
+    },
+    {
+      "id": "be-epic-02",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "critical",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve server-side logic or backend services?",
+      "question": "Are all critical backend features identified?",
+      "failDescription": "Critical backend features are missing — APIs, data access, or business logic not fully identified",
+      "failSuggestion": "Identify all critical backend features: API endpoints, data access patterns, business logic, background jobs"
+    },
+    {
+      "id": "be-epic-03",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "major",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic depend on backend services or infrastructure?",
+      "question": "Are dependencies on backend services/infrastructure explicit?",
+      "failDescription": "Backend service dependencies are not explicit",
+      "failSuggestion": "Make backend dependencies explicit: database, message queue, cache, external APIs, auth service"
+    },
+    {
+      "id": "be-epic-04",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "major",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve server-side logic or backend services?",
+      "question": "Are backend success criteria measurable?",
+      "failDescription": "Backend success criteria are not measurable",
+      "failSuggestion": "Define measurable backend criteria: response time targets, throughput, error rates, test coverage"
+    },
+    {
+      "id": "be-epic-05",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "minor",
+      "category": "clarity",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve server-side logic or backend services?",
+      "question": "Is backend terminology used correctly?",
+      "failDescription": "Backend terminology is used incorrectly or inconsistently",
+      "failSuggestion": "Review backend terminology for accuracy: middleware, service layer, repository pattern, etc."
+    },
+    {
+      "id": "be-epic-06",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "minor",
+      "category": "clarity",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve server-side logic or backend services?",
+      "question": "Are features described in business value terms?",
+      "failDescription": "Backend features lack business value context",
+      "failSuggestion": "Frame backend features in business terms alongside technical specifications"
+    },
+    {
+      "id": "be-epic-07",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "major",
+      "category": "technical-depth",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve backend architecture? (Does it need service design, async processing, or caching?)",
+      "question": "Are backend architectural patterns considered?",
+      "failDescription": "Backend architectural patterns are not considered",
+      "failSuggestion": "Consider backend patterns: service layer, repository pattern, CQRS, event sourcing, async processing"
+    },
+    {
+      "id": "be-epic-08",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "major",
+      "category": "technical-depth",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve backend services that need to handle load?",
+      "question": "Are performance/scalability concerns for backend addressed?",
+      "failDescription": "Backend performance and scalability concerns are not addressed",
+      "failSuggestion": "Address backend performance: caching strategy, connection pooling, async processing, horizontal scaling"
+    },
+    {
+      "id": "be-epic-09",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "minor",
+      "category": "consistency",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve server-side logic or backend services?",
+      "question": "Does the backend approach align with project context?",
+      "failDescription": "Backend approach does not align with project context",
+      "failSuggestion": "Ensure backend approach aligns with project: consistent framework, patterns, and conventions"
+    },
+    {
+      "id": "be-epic-10",
+      "tier": 1,
+      "perspective": "backend",
+      "severity": "minor",
+      "category": "best-practices",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve server-side logic or backend services?",
+      "question": "Are industry-standard backend patterns followed (separation of concerns, SOLID)?",
+      "failDescription": "Backend best practices are not followed",
+      "failSuggestion": "Follow backend best practices: separation of concerns, SOLID principles, error handling patterns"
+    }
+  ]
+}

package/cli/checks/epic/cloud.json

@@ -0,0 +1,126 @@
+{
+  "perspective": "cloud",
+  "scope": "epic",
+  "checks": [
+    {
+      "id": "cloud-epic-01",
+      "tier": 1,
+      "perspective": "cloud",
+      "severity": "critical",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve cloud services or cloud infrastructure? (Does it use AWS, Azure, GCP, or cloud-hosted services?)",
+      "question": "Does the epic scope clearly define cloud boundaries?",
+      "failDescription": "Cloud boundaries are not defined — unclear which cloud services and regions are in scope",
+      "failSuggestion": "Define cloud boundaries: which cloud provider, services, regions, and accounts are in scope"
+    },
+    {
+      "id": "cloud-epic-02",
+      "tier": 1,
+      "perspective": "cloud",
+      "severity": "critical",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve cloud services or cloud infrastructure?",
+      "question": "Are all critical cloud features identified?",
+      "failDescription": "Critical cloud features are not identified — compute, storage, networking, or security services missing",
+      "failSuggestion": "Identify critical cloud features: compute (EC2/Lambda/ECS), storage (S3/EBS), networking (VPC/ALB), security (IAM)"
+    },
+    {
+      "id": "cloud-epic-03",
+      "tier": 1,
+      "perspective": "cloud",
+      "severity": "major",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic depend on cloud services or infrastructure?",
+      "question": "Are dependencies on cloud services/infrastructure explicit?",
+      "failDescription": "Cloud service dependencies are not explicit",
+      "failSuggestion": "Make cloud dependencies explicit: list specific services (RDS, ElastiCache, SQS) and their configurations"
+    },
+    {
+      "id": "cloud-epic-04",
+      "tier": 1,
+      "perspective": "cloud",
+      "severity": "major",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve cloud services or cloud infrastructure?",
+      "question": "Are cloud success criteria measurable?",
+      "failDescription": "Cloud success criteria are not measurable",
+      "failSuggestion": "Define measurable cloud criteria: availability (99.9%), latency (< 100ms), cost budget, resource utilization targets"
+    },
+    {
+      "id": "cloud-epic-05",
+      "tier": 1,
+      "perspective": "cloud",
+      "severity": "minor",
+      "category": "clarity",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve cloud services or cloud infrastructure?",
+      "question": "Is cloud terminology used correctly?",
+      "failDescription": "Cloud terminology is used incorrectly or inconsistently",
+      "failSuggestion": "Review and correct cloud terminology for accuracy (e.g. region vs AZ, instance vs container)"
+    },
+    {
+      "id": "cloud-epic-06",
+      "tier": 1,
+      "perspective": "cloud",
+      "severity": "minor",
+      "category": "clarity",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve cloud services or cloud infrastructure?",
+      "question": "Are features described in business value terms?",
+      "failDescription": "Cloud features lack business value context",
+      "failSuggestion": "Frame cloud features in business terms: 'multi-AZ deployment ensures 99.99% availability for end users'"
+    },
+    {
+      "id": "cloud-epic-07",
+      "tier": 1,
+      "perspective": "cloud",
+      "severity": "major",
+      "category": "technical-depth",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve cloud architecture? (Does it need HA, scaling, or multi-region?)",
+      "question": "Are cloud architectural patterns considered?",
+      "failDescription": "Cloud architectural patterns are not considered — HA, scaling, or serverless patterns missing",
+      "failSuggestion": "Consider cloud patterns: multi-AZ, auto-scaling, serverless, microservices, event-driven architecture"
+    },
+    {
+      "id": "cloud-epic-08",
+      "tier": 1,
+      "perspective": "cloud",
+      "severity": "major",
+      "category": "technical-depth",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve cloud services that need to scale?",
+      "question": "Are performance/scalability concerns for cloud addressed?",
+      "failDescription": "Cloud performance and scalability concerns are not addressed",
+      "failSuggestion": "Address cloud scalability: auto-scaling policies, load balancing, caching strategy, CDN for static assets"
+    },
+    {
+      "id": "cloud-epic-09",
+      "tier": 1,
+      "perspective": "cloud",
+      "severity": "minor",
+      "category": "consistency",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve cloud services or cloud infrastructure?",
+      "question": "Does the cloud approach align with project context?",
+      "failDescription": "Cloud approach does not align with project context",
+      "failSuggestion": "Ensure cloud approach aligns with project: use consistent cloud provider, follow organization standards"
+    },
+    {
+      "id": "cloud-epic-10",
+      "tier": 1,
+      "perspective": "cloud",
+      "severity": "minor",
+      "category": "best-practices",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve cloud services or cloud infrastructure?",
+      "question": "Are industry-standard cloud patterns followed (well-architected framework)?",
+      "failDescription": "Cloud best practices are not followed",
+      "failSuggestion": "Follow cloud best practices: AWS Well-Architected Framework pillars (reliability, security, performance, cost, operations)"
+    }
+  ]
+}

package/cli/checks/epic/data.json

@@ -0,0 +1,102 @@
+{
+  "perspective": "data",
+  "scope": "epic",
+  "checks": [
+    {
+      "id": "data-epic-01",
+      "tier": 1,
+      "perspective": "data",
+      "severity": "critical",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve data pipelines, ETL, data warehousing, or data processing? (Does it handle data ingestion, transformation, or analytics?)",
+      "question": "Does the epic scope clearly define data boundaries?",
+      "failDescription": "Data boundaries are not defined — unclear which data sources, transformations, and destinations are in scope",
+      "failSuggestion": "Define data boundaries: data sources, transformation logic, destination systems, data quality requirements"
+    },
+    {
+      "id": "data-epic-02",
+      "tier": 1,
+      "perspective": "data",
+      "severity": "critical",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve data pipelines, ETL, data warehousing, or data processing?",
+      "question": "Are all critical data features identified?",
+      "failDescription": "Critical data features are missing — pipeline stages, orchestration, or quality checks not identified",
+      "failSuggestion": "Identify critical data features: ETL stages, orchestration tool, data quality checks, lineage tracking"
+    },
+    {
+      "id": "data-epic-03",
+      "tier": 1,
+      "perspective": "data",
+      "severity": "major",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic depend on data services or infrastructure?",
+      "question": "Are dependencies on data services/infrastructure explicit?",
+      "failDescription": "Data service dependencies are not explicit",
+      "failSuggestion": "Make data dependencies explicit: source databases, data warehouse, orchestration tool (Airflow), processing engine (Spark)"
+    },
+    {
+      "id": "data-epic-04",
+      "tier": 1,
+      "perspective": "data",
+      "severity": "major",
+      "category": "completeness",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve data pipelines, ETL, data warehousing, or data processing?",
+      "question": "Are data success criteria measurable?",
+      "failDescription": "Data success criteria are not measurable",
+      "failSuggestion": "Define measurable data criteria: data freshness SLA, processing latency, data quality score, pipeline uptime"
+    },
+    {
+      "id": "data-epic-05",
+      "tier": 1,
+      "perspective": "data",
+      "severity": "major",
+      "category": "technical-depth",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve data architecture? (Does it need batch vs streaming, schema evolution, or data governance?)",
+      "question": "Are data architectural patterns considered?",
+      "failDescription": "Data architectural patterns are not considered",
+      "failSuggestion": "Consider data patterns: batch vs streaming, schema evolution, data lake/warehouse architecture, CDC patterns"
+    },
+    {
+      "id": "data-epic-06",
+      "tier": 1,
+      "perspective": "data",
+      "severity": "major",
+      "category": "technical-depth",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve data processing that needs to scale?",
+      "question": "Are performance/scalability concerns for data addressed?",
+      "failDescription": "Data performance and scalability concerns are not addressed",
+      "failSuggestion": "Address data scalability: partitioning strategy, parallel processing, incremental loads, data retention policy"
+    },
+    {
+      "id": "data-epic-07",
+      "tier": 1,
+      "perspective": "data",
+      "severity": "minor",
+      "category": "consistency",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve data pipelines, ETL, data warehousing, or data processing?",
+      "question": "Does the data approach align with project context?",
+      "failDescription": "Data approach does not align with project context",
+      "failSuggestion": "Ensure data approach aligns with project: consistent tools, naming conventions, data governance policies"
+    },
+    {
+      "id": "data-epic-08",
+      "tier": 1,
+      "perspective": "data",
+      "severity": "minor",
+      "category": "best-practices",
+      "universal": false,
+      "applicabilityQuestion": "Does this epic involve data pipelines, ETL, data warehousing, or data processing?",
+      "question": "Are industry-standard data patterns followed (idempotency, schema evolution)?",
+      "failDescription": "Data best practices are not followed",
+      "failSuggestion": "Follow data best practices: idempotent pipelines, schema evolution support, data quality gates, lineage tracking"
+    }
+  ]
+}