Enforce 21 CFR Part 11 / GxP compliance UX patterns. Visible audit trails, governed-action confirmations with reason-for-change capture, e-signature flows, immutable history, and role-scoped visibility. Use when building any mutation, approval, submission, sign-off, or governed-data flow.
Concept2Cure's users are submitting to regulators. Every mutation that touches regulated content (documents, submissions, protocols, CSRs, approvals, status changes) MUST leave an audit trail the customer can defend under inspection. Compliance UX is a product feature, not chrome.
This skill activates when:
server/routes/authoring-actions.ts or similarwho, , , , , , . Use the existing audit-trail service — do NOT create ad-hoc logging.whenwhatfrom → toreasonipAddresssessionId<Textarea> in the governed confirmation dialog. Empty/whitespace rejected at the form level.┌ Publish section 3.2.P to submission package ────────────────┐
│ Artifact: Module 3 — Drug Product (v4.1) │
│ Target: IND-2026-0047 (FDA) │
│ │
│ Reason for publishing * │
│ ┌──────────────────────────────────────────────────────────┐│
│ │ [required textarea] ││
│ └──────────────────────────────────────────────────────────┘│
│ │
│ This will lock v4.1 as the submission version. The action │
│ is auditable. │
│ │
│ [Cancel] [Publish & Lock] │
└──────────────────────────────────────────────────────────────┘
┌ Sign as Approver ────────────────────────────────────────────┐
│ You are signing: CSR Protocol 2026-01 (v2.0) │
│ Meaning: Final approval for submission │
│ │
│ Confirm your identity: │
│ Username: [email protected] │
│ Password: [•••••••••••] │
│ │
│ By signing, you confirm 21 CFR 11.100(b) intent. │
│ │
│ [Cancel] [Sign] │
└──────────────────────────────────────────────────────────────┘
Every governed artifact header shows:
Module 3 — Drug Product · v4.1 · Locked · Signed by Jane Smith 2026-04-17
Clicking the provenance stamp opens the full history panel in-context.
<Button disabled>
Approve
</Button>
<Tooltip>
Requires Medical Director role. You are currently QA Reviewer.
</Tooltip>
Never show a governed action as clickable when the user cannot perform it.
| Forbidden | Use Instead |
|---|---|
| Silent mutation of locked content | Governed dialog + reason capture + audit record |
confirm("Sure?") for a governed action | Dialog with artifact context + reason field |
| Reusing session auth for signing | Password re-entry at signing time |
| Hiding the approver or timestamp | Inline provenance stamp + full history panel |
| Overwriting a prior version | New version + supersession pointer |
| Toast: "Published! 🎉" | Toast: "Published v4.1 to IND-2026-0047. Recorded." |
| Disabled button with no reason | Tooltip with the specific blocking condition |
| Cross-tenant list without explicit tenant switch | Tenant selector in header + tenant column visible |
A regulated flow is NOT complete until:
microcopy-tone skill)Flag any gap in audit coverage to the user explicitly — do not ship regulated flows with silent mutations.