{
  "x-spec-version": "0.2.0",
  "x-run-id": "1778054278631-pdf",
  "x-iso-standard": "ISO/IEC 25010:2023",
  "x-app-type": "web",
  "x-domain": "logistics",
  "attributes": {
    "functional_suitability": {
      "iso_25010_attribute": "functional_suitability",
      "applicable_app_type": "web",
      "requirements": [
        "Functional completeness: every CIR entity has CRUD operations available to its bound role(s) (or read-only if that role lacks write permissions).",
        "Functional correctness: outputs match acceptance criteria specified in PRD."
      ],
      "source": "step4_default"
    },
    "performance_efficiency": {
      "iso_25010_attribute": "performance_efficiency",
      "applicable_app_type": "web",
      "requirements": [
        "p95 page load < 2.5s on 4G",
        "p95 API response < 500ms for read endpoints",
        "Core Web Vitals: LCP < 2.5s, FID < 100ms, CLS < 0.1"
      ],
      "source": "step4_default"
    },
    "compatibility": {
      "iso_25010_attribute": "compatibility",
      "applicable_app_type": "web",
      "requirements": [
        "Last 2 major versions of Chrome, Safari, Firefox, Edge"
      ],
      "source": "step4_default"
    },
    "interaction_capability": {
      "iso_25010_attribute": "interaction_capability",
      "applicable_app_type": "web",
      "requirements": [
        "WCAG 2.2 Level AA conformance",
        "Keyboard-only navigation supported on all interactive elements",
        "Screen-reader landmarks and ARIA labels on all forms",
        "Mobile-responsive at \u2265360px viewport width"
      ],
      "source": "step4_default"
    },
    "reliability": {
      "iso_25010_attribute": "reliability",
      "applicable_app_type": "web",
      "requirements": [
        "Target availability \u2265 99.5% (43h downtime/year)",
        "Graceful degradation for read-only mode if write path fails"
      ],
      "source": "step4_default"
    },
    "security": {
      "iso_25010_attribute": "security",
      "applicable_app_type": "web",
      "requirements": [
        "TLS 1.2+ enforced; HSTS preload-eligible",
        "OWASP Top 10 mitigations: input validation, parameterized queries, CSRF tokens",
        "Session cookies: HttpOnly + Secure + SameSite=Lax",
        "Sensitive PII fields encrypted at rest (AES-256) and in transit"
      ],
      "source": "step4_default"
    },
    "maintainability": {
      "iso_25010_attribute": "maintainability",
      "applicable_app_type": "web",
      "requirements": [
        "Test coverage \u2265 70% on business logic modules",
        "Module boundaries follow CIR entity grouping"
      ],
      "source": "step4_default"
    },
    "flexibility": {
      "iso_25010_attribute": "flexibility",
      "applicable_app_type": "web",
      "requirements": [
        "Schema additions (new fields, new entities) do not break existing routes.",
        "i18n-ready: user-facing strings extracted into resource files."
      ],
      "source": "step4_default"
    },
    "safety": {
      "iso_25010_attribute": "safety",
      "applicable_app_type": "web",
      "requirements": [
        "Destructive operations require confirmation and produce audit-log entries."
      ],
      "source": "step4_default"
    }
  }
}