jameschang.co [experience]
[projects ▾]
[/now] résumé.pdf ↓

James Chang / Projects / Aleph / Roadmap

Static snapshot of the Aleph admin roadmap as of April 2026. The live admin roadmap lives inside the app at app.alephco.io/admin/roadmap.

Aleph · Admin / Roadmap · Last Updated

Four compliance modules. Six expansion verticals.

Aleph covers four regulatory modules today — FSVP, CPSIA/CPC, Prop 65, and PFAS — with six verticals identified for expansion ordered by the enforcement gradient, not by engineering ease.

Compliance modules

CPSIA / CPC

Progress: 100%

Children's Product Safety Improvement Act — generate Children's Product Certificates (CPC) for products intended for children 12 and under.

Workflow
  1. Add Product — Register the children's product with SKU, manufacturer, country of origin, and intended age group.
  2. Upload Lab Test Report — Attach the test report PDF from a CPSC-accepted laboratory. Link it to the product record.
  3. Complete CPC Form — Fill in all 7 required CPC fields: product description, applicable standards, lab info, test date/location, manufacture date/location, importer info, and tracking label.
  4. Preview & Generate PDF — Review the completed certificate data, then generate a formatted CPC PDF ready for filing or sharing with customs.
  • Product creation (children's product type)
  • CPC 7-field data entry form
  • CPC preview (read-only view)
  • CPC PDF generation (pdf-lib)
  • Lab test document upload + linking
  • CPC status tracking (draft -> issued -> superseded)
  • CPSIA product list with CPC status badges
  • Pre-populated CPSC safety standards (ASTM F963, etc.)
  • Importer info pre-fill from business profile
  • Server-side cohort enforcement (requireModule("cpsia") middleware) — session 19
  • Ownership checks on CPC endpoints (IDOR 404 fix) — session 19
  • CPSC e-Filing CSV export (GET /api/cpsia/efiling-export) — session 17
  • Consumer goods product creation form (cohort-aware) — session 16
  • CPSC e-Filing live submission to ACE *(deferred — pending July 2026 mandate)*
  • CPC version history / supersession chain — explicit supersedePreviousCpcId flow with atomic transaction, GET /api/cpsia/products/:productId/cpc-history endpoint, vertical timeline UI on CPC preview, audit log on supersession (session 21)

Prop 65

Progress: 100%

California Proposition 65 — assess products for listed chemicals, generate compliant warning labels (short-form and long-form).

Workflow
  1. Add Product — Register the consumer product with materials, manufacturer, and country of origin.
  2. Chemical Assessment — Answer: does this product require a Prop 65 warning? Select Yes / No / Not Sure. If No, record the negative assessment.
  3. Identify Chemicals & Warning Type — Select chemicals present from the pre-populated list (Lead, DEHP, Cadmium, etc.), exposure routes, and warning type (cancer / reproductive / both).
  4. Generate Warning Label — Choose short-form or long-form label format. Preview the label in packaging and shelf-tag sizes, then download as PDF.
  • Product creation for Prop 65 module
  • Yes/No/Not Sure assessment flow
  • Chemical multi-select with CAS numbers and tooltips
  • Warning type selection (cancer / reproductive / both)
  • Exposure route checkboxes
  • Safe harbor compliance checkbox with explanation
  • Short-form and long-form label text generation
  • Label preview (packaging + shelf tag sizes)
  • Label PDF generation
  • Server-side chemicals list endpoint (/api/prop65/chemicals)
  • Prop 65 product list with disclosure status badges
  • Server-side cohort enforcement (requireModule("prop65") middleware) — session 19
  • Ownership checks on disclosure endpoints (IDOR 404 fix) — session 19
  • Consumer goods product creation form (cohort-aware) — session 16
  • Prop 65 60-day notice CRUD with cure-deadline tracking (/api/prop65/notices) — session 17
  • OEHHA list auto-update — weekly cron syncs prop65_chemicals_master, diffs added/toxicity_changed/delisted into prop65_list_changes, fans out as 7th source in Compliance Alerts when a user disclosure references a changed chemical (admin sees cross-tenant)
  • Tailored warning label format *(deferred)*

PFAS

Progress: 100%

Per- and polyfluoroalkyl substances — structured material disclosure questionnaire and multi-state regulatory mapping.

Workflow
  1. Add Product — Register the product with category, materials, and manufacturer details.
  2. PFAS Assessment — Answer: does this product contain PFAS? Yes / No / Unknown. If No, certify and complete. If Unknown, guidance is provided.
  3. Component Disclosure — For each PFAS-containing component: name, substance (PTFE, PFOS, GenX), concentration in ppm, and function (water resistance, non-stick, etc.).
  4. Regulatory Scope — Select states where the product is sold. Auto-identify applicable regulations (CA SB 1249, ME LD 1503, NY A4978, WA HB 2658, etc.).
  5. Generate Disclosure Report — Generate a formatted PDF report with component table, applicable regulations, and company certification.
  • Product creation for PFAS module
  • 3-step questionnaire wizard (assessment -> components -> regulations)
  • Yes/No/Unknown assessment with guidance
  • Dynamic component entry (add/remove rows)
  • 8-state regulation database (CA, ME, NY, WA, MN, VT, CO, MD)
  • Auto-populate regulatory basis from selected states
  • Disclosure report preview (HTML)
  • Disclosure report PDF generation
  • PFAS product list with status badges
  • Server-side cohort enforcement (requireModule("pfas") middleware) — session 19
  • Ownership checks on disclosure endpoints (IDOR 404 fix) — session 19
  • Consumer goods product creation form (cohort-aware) — session 16
  • PFAS state-report PDF for 6 states (/api/pfas/state-report/:stateCode) — session 17
  • Maine DEP annual report CSV export (/api/pfas/maine-dep-report) — session 17
  • Expanded PFAS substance database (EPA CompTox PFASMASTER, ~8,380 chemicals) — pfas_substances table + /api/pfas/substances/search autocomplete in component disclosure — session 21
  • Manufacturer PFAS declaration request flow — B2B tokenized supplier questionnaire, anon-allowed public surface, response writes a pfas_disclosures row on the requester's product — session 21

FSVP

Progress: 100%

Foreign Supplier Verification Program (21 CFR Part 1, Subpart L) — required for US food importers. Verify foreign suppliers produce food meeting US safety standards.

Workflow
  1. Add Food Product — Register the imported food with supplier, country of origin, food category.
  2. Hazard Analysis — Identify known or reasonably foreseeable hazards (biological, chemical, physical, radiological) with severity + probability assessments per food.
  3. Supplier Verification Activity — Choose onsite audit, sampling/testing, or records review based on hazard severity. Set frequency (typically annual for severe hazards).
  4. Qualified Individual — Assign a QI (in-house with documented training, or third-party firm) to perform verification activities.
  5. Inspection Bundle — Generate a per-supplier ZIP package with all FSVP records for FDA inspection or customs entry.
  • Food-cohort product creation
  • FSVP module page (/fsvp) — split-pane shell — session 19
  • FDA proxy (enforcement + adverse events) gated by requireModule("fsvp") — session 19
  • Per-supplier FSVP inspection package export (/api/compliance/fsvp/inspection-package) — session 17
  • FDA registration wizard
  • Hazard analysis CRUD (per-product, 4 hazard categories) — session 20
  • Supplier verification activity scheduling + tracking — session 20
  • Qualified Individual roster + assignment — session 20
  • FSVP record CRUD with ownership scoping (/api/fsvp/* — 17 endpoints, IDOR 404, requireModule, mass-assignment guards, audit log) — session 20
  • Compliance Alerts integration for overdue verifications (6th alerts source) — session 20
  • Hazard analysis / verification / QI form UIs (3 dialogs, Manifest design, mobile-stacked) — session 20
  • Product-detail Compliance tab integration — FSVP section with hazards, supplier verifications, assigned QIs (consistency with CPSIA/Prop65/PFAS access pattern) — session 21
  • FSVP inspection prep checklist (per-product red/yellow/green readiness rollup) — GET /api/fsvp/products/:productId/readiness + <InspectionReadinessCard> on /fsvp, 4 checks (hazard analysis / supplier verification / QI / supporting docs), pure rules in server/lib/fsvp-readiness.ts — session 21
  • Foreign supplier directory with reusable supplier entities *(deferred — currently free-text supplier name)*
  • Concurrent-edit handling / optimistic locking *(deferred — single-user use today)*

Expansion verticals

Six verticals identified for next-round build, ordered by enforcement activity and overlap with the existing module stack.

Apparel & Textiles · High priority

Market: Large — #1 PFAS enforcement target.
Have: CPSIA (children's), Prop 65, PFAS.
Need: Flammability (16 CFR 1610/1615), textile labeling (fiber content, care labels).

Cosmetics & Personal Care · High priority

Market: Growing — MoCRA brand new (2023).
Have: Prop 65, PFAS.
Need: MoCRA (facility registration + product listing), FDA adverse event reporting.

Furniture & Home Goods · Medium priority

Market: Medium — formaldehyde + flammability active enforcement.
Have: CPSIA, Prop 65, PFAS.
Need: TSCA Title VI (formaldehyde), CA TB 117 (flammability).

Electronics & Electrical · Medium priority

Market: Large, technical audience.
Have: Prop 65.
Need: FCC Part 15 (EMC testing), UL/ETL listing, RoHS, conflict minerals.

Dietary Supplements · Medium priority

Market: Medium-high — FDA scrutiny increasing.
Have: FSVP, Prop 65.
Need: DSHEA (NDI notifications), cGMP (21 CFR 111).

Automotive Aftermarket · Low priority

Market: Niche.
Have: Prop 65.
Need: FMVSS, CARB, EPA emissions.

From the admin UI

Aleph admin roadmap page with all modules

Admin roadmap — captured during the FSVP Pro era, before the rebrand to Aleph Co. in April 2026. The structure is unchanged; only the wordmark moved.

← How it works