Skip to content

Quality Documentation Set

Last updated: 2026-04-07 14:40 EDT

This folder is the primary quality-documentation workspace for traceable development.

Scope rule: - Docs/Quality/ is reserved for controlled quality/submission-facing documents and evidence. - Execution roadmaps and working verification-planning docs (for example Algo2015 execution/verification trackers) live under Docs/Planning/.

Document Chain (Primary)

The core trace chain is:

RA -> SRS -> SDD -> SVVP/STP -> STR -> RTM

  • RA: Risk Analysis
  • SRS: Software Requirements Specification
  • SDD: Software Design Description
  • SVVP: Software Verification and Validation Plan
  • STP: Software Test Protocol (test cases/procedures)
  • STR: Software Test Report (executed evidence)
  • RTM: Requirements Traceability Matrix

Files in This Folder

  • RiskAnalysis.md: quality-grade risk register with hazard IDs and controls.
  • Bugs/: defect management docs and bug log.
  • Bugs/BugTracker.md: prioritized defect log with reproducible behavior and acceptance criteria.
  • SoftwareRequirementsSpecification.md: testable software requirements with stable IDs.
  • SoftwareDesignDescription.md: architecture/design mapped to requirement IDs.
  • AlertInventoryAndMapping.md: canonical multi-source alert inventory, normalization fields, and source-to-normalized mapping baseline.
  • AlertFlowReview.md: end-to-end review guide for implemented alert triggers, normalization, UI surfaces, notification routing, and closure behavior.
  • CodeReviewLog.md: commit-traceable review outcomes, findings, fixes, and impacted requirement tags.
  • SoftwareVerificationAndValidationPlan.md: V&V strategy, protocols, evidence expectations (including proposed deterministic simulation campaign TV-SIM-*).
  • STP/: draft software test protocol set and protocol index for automated, simulation, algorithm, hardware, and alert-drill execution, being prepared into a handoff-ready final-draft protocol package.
  • STP/STR-Execution-and-Reporting-Guide.md: draft execution-governance guide for supervised evidence collection and STR authoring.
  • Scripts/run_algo2015_verification.sh: staged Algo2015 STR orchestrator (prepare, coverage, run, evaluate, package, all) with deterministic seed/run-id policy.
  • TraceabilityMatrix.md: RA/SRS/SDD/test bidirectional traceability.
  • IDE_Submission_Readiness_Report.md: IDE-readiness baseline, blocker register, and closure sequence.
  • IDE_Baseline_Freeze_Plan.md: strict pre-freeze, freeze-gate, and post-freeze execution plan for the IDE submission baseline.
  • IDE_Submission_Closure_Checklist.md: line-item closure checklist for submission readiness execution.
  • IDE_Submission_Review_Hub.md: Cloudflare-docs review hub for the IDE software packet.
  • IDE_Software_Packet/README.md: packet home and repo-side review entry point for the IDE software packet.
  • IDE_Software_Packet/*.md: short review-facing packet summaries for baseline, scope/defer, risk/cybersecurity, prior testing, and verification posture.
  • IDE_Software_Packet/IDE_RTM_Audit_Summary.md: reviewer-facing audit of the current RTM into formal-ready, rerun-needed, and deferred buckets.
  • IDE_Software_Packet/IDE_Software_Handoff_Memo.md: one-page receiving-team handoff note for the current packet.
  • IDE_Software_Packet/IDE_Formal_Evidence_Execution_Plan.md: formal evidence execution plan for freeze of the current packet.
  • IDE_Software_Handoff_Index.md: exact engineering-owned software package manifest for the current handoff.
  • IDE_Software_Handoff_Disposition_Log.md: engineering-owned scope and deferred/accepted software requirement decisions for the current handoff package.
  • IDE_Submission_Agent_Brief.md: operating brief for a dedicated submission-only documentation agent.
  • IFU/BionicLoop_IFU_v1.4.md: current IFU draft with workflow-complete operational guidance, refreshed direct-capture screenshots, meal cancel-delivery follow-up flow, alert review guidance, and troubleshooting/escalation coverage.
  • IFU/BionicLoop_IFU_v1.4.pdf: formatted PDF review package aligned to IFU v1.4.
  • Scripts/capture_ifu_screenshots.sh: deterministic simulator capture pipeline that launches app-routed IFU screens directly and writes assets to Docs/Quality/IFU/assets/.
  • Evidence/: STR-style evidence artifacts (logs, screenshots, summaries) stored under STR-* paths.
  • Latest automated UI traceability evidence: Evidence/STR-UI-AUTO-001/2026-02-12-f5-ui-smoke/.
  • CybersecurityPlan.md: secure-by-design controls and evidence for connected-device software.
  • Cybersecurity_Handoff_Register.md: execution register for inherited controls, local control evidence, provenance, and open cybersecurity artifacts in the software handoff package.
  • Cybersecurity_SOUP_Provenance_Review.md: current repo-observable provenance review for embedded local packages (OmniBLE, G7SensorKit, LoopKit).
  • Cybersecurity_Embedded_Package_Delta_Review.md: curated security-relevant local-delta review for the embedded LoopKit, G7SensorKit, and OmniBLE packages.
  • Cybersecurity_Local_File_and_Permission_Review.md: review note for Documents export behavior, file-sharing/open-in-place exposure, permissions, background modes, and app entitlements posture.
  • Cybersecurity_Dependency_Inventory.md: current dependency snapshot for local embedded packages, binary artifacts, and remote SwiftPM pins in the handoff baseline.
  • Cybersecurity_SBOM_and_Advisory_Process.md: freeze-time process note for software-bill-of-materials generation, binary checksum capture, and advisory-review ownership.
  • Cybersecurity_Logging_and_Secret_Review.md: focused review note for auth/network/telemetry logging, console observability, and secret-redaction posture.
  • Cybersecurity_Supplier_Artifact_Request_List.md: prepared external-artifact request matrix for inherited DASH, G7, and official Dexcom-app control claims.
  • Cybersecurity_Baseline_Acceptability_Recommendation.md: engineering recommendation on whether the current investigational baseline is acceptable as-is, with conditions, or requires hardening before broader release.
  • Cybersecurity_TV_SEC_001_Freeze_Execution_Checklist.md: freeze-time execution checklist for the in-scope export/file-handling verification row TV-SEC-001.
  • DevelopmentSOP.md: default development process and quality gates.
  • SoftwareCodingStandard-Swift.md: draft Swift coding standard for app/core/test readability, safety hygiene, and rollout of lint/format/static-analysis.
  • RegulatoryReferences.md: FDA primary-source references used for this doc set.
  • Part11_DeviceToCloud_ControlMatrix.md: clause-by-clause 21 CFR Part 11 readiness matrix for algorithm telemetry data integrity across device-to-cloud path.

Relationship to Existing Docs

Existing project docs remain active working references:

  • Docs/Requirements/Requirements.md
  • Docs/Architecture/Architecture.md
  • Docs/Analysis/Marjorie_AlgorithmIO_GapAnalysis.md
  • Docs/Planning/Algo2015VerificationPlan.md
  • Docs/Planning/Algo2015ExecutionRoadmap.md

Risk-analysis canonical source:

  • Docs/Quality/RiskAnalysis.md

Legacy narrative retained for historical context only:

  • Docs/Requirements/RiskAnalysis_LegacyNarrative.md

Quality docs in this folder are the structured, auditable source for:

  • requirement IDs
  • risk controls
  • design linkage
  • verification evidence linkage

Practical Usage

For any safety-impacting change:

  1. Update RiskAnalysis.md (or confirm no risk delta).
  2. Add/update requirement IDs in SoftwareRequirementsSpecification.md.
  3. Update design notes in SoftwareDesignDescription.md.
  4. Add/update tests in SoftwareVerificationAndValidationPlan.md.
  5. Update TraceabilityMatrix.md.
  6. Record code-review outcome in CodeReviewLog.md with commit hash, findings/fixes, and impacted SRS-* tags.
  7. Execute tests and attach evidence references.

IDE Preparation Starting Point

Use this order for IDE submission prep / handoff execution:

  1. IDE_Software_Packet/README.md for the concise review packet.
  2. IDE_Submission_Review_Hub.md for the Cloudflare-docs review entry point.
  3. IDE_Software_Handoff_Index.md for the software package manifest.
  4. IDE_Baseline_Freeze_Plan.md for pre-freeze blockers and the freeze gate.
  5. IDE_Submission_Readiness_Report.md for baseline and blockers.
  6. IDE_Submission_Closure_Checklist.md for execution tracking.
  7. IDE_Submission_Agent_Brief.md for dedicated submission-agent operating rules.

Current submission-scope note:

  • Cloud / device-to-cloud verification is not assumed to be in current IDE submission scope for the initial STP set. Keep submission-facing STP authoring focused on app, algorithm, simulator, alert, and hardware verification until scope is explicitly revised.
  • Engineering’s target state is a handoff-ready final draft package with complete metadata; formal review, approval, and release handling remain owned by the receiving quality / submission team.
  • Current architecture-first Swift cleanup planning for the largest app files is tracked in:
  • HomeSettingsViewDecompositionPlan.md
  • LoopRuntimeEngineDecompositionPlan.md

Engineering-Owned Software Handoff Set

For current IDE preparation, engineering owns the software-package handoff set, not the full downstream quality-system release process.

Engineering-owned deliverables:

  • software technical risk content in RiskAnalysis.md
  • SoftwareRequirementsSpecification.md
  • SoftwareDesignDescription.md
  • SoftwareVerificationAndValidationPlan.md
  • STP/ package and STR-Execution-and-Reporting-Guide.md
  • TraceabilityMatrix.md
  • CybersecurityPlan.md for in-scope software controls and evidence statements
  • DevelopmentSOP.md
  • CodeReviewLog.md
  • current app IFU package under IFU/
  • IDE package-management docs:
  • IDE_Software_Handoff_Index.md
  • IDE_Submission_Readiness_Report.md
  • IDE_Baseline_Freeze_Plan.md
  • IDE_Submission_Closure_Checklist.md

Not owned by engineering for the current handoff:

  • formal quality review and approval signatures
  • release authorization and final submission assembly
  • residual-risk acceptance signoff as a quality-management activity
  • training records, supplier/manufacturing quality records, and non-software QMS artifacts
  • cloud / Part 11 package closure unless explicitly pulled into scope

Current engineering target:

  • produce a handoff-ready software document set with explicit scope, explicit deferred items, prepared metadata fields, and reproducible software verification paths
  • avoid claiming downstream release ownership that belongs to the receiving quality / submission team

Evidence Path Policy

Use two evidence lanes:

  • Formal (commit-intended evidence):
  • Docs/Quality/Evidence/Formal/
  • Algo campaign path: Docs/Quality/Evidence/Formal/STR-ALG-001/
  • automated freeze path: Docs/Quality/Evidence/Formal/STR-AUTO-001/
  • security freeze path: Docs/Quality/Evidence/Formal/STR-SEC-001/
  • shared README template: Docs/Quality/Evidence/Formal/STR-README-Template.md
  • Working (non-formal development runs, ignored by git):
  • Docs/Quality/Evidence/Working/
  • Algo campaign path: Docs/Quality/Evidence/Working/STR-ALG-001/

Algo runner behavior (Scripts/run_algo2015_verification.sh):

  • default output path is the ignored working lane.
  • use --formal (optionally --formal-label) or explicit output path to classify a run as formal.
  • for formal Algo2015 runs, static-analysis lane execution is required; MISRA lane closure is risk-based/conditional and must resolve as either linked MISRA evidence + deviations or explicit not-applicable rationale.

Tag Navigation

Quality tag IDs are linkable across docs for direct navigation:

  • RA-* anchors live in RiskAnalysis.md.
  • SRS-* anchors live in SoftwareRequirementsSpecification.md.
  • SDD-* anchors live in SoftwareDesignDescription.md.
  • TV-* anchors live in SoftwareVerificationAndValidationPlan.md.
  • TraceabilityMatrix.md cross-links these IDs for bidirectional traversal.