zhongwei/gh-jeanluciano-quaestor-src-quaestor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f172746dc6e0e06add40bb895173865c4caf6fbd
gh-jeanluciano-quaestor-src…/skills/managing-specifications/TEMPLATE.md
Zhongwei Li f172746dc6 Initial commit
2025-11-29 18:50:24 +08:00

698 lines
17 KiB
Markdown
Raw Blame History

# Specification Template Reference
This file provides a field-by-field reference for the specification template. Only load when user asks specific questions about template structure or field meanings.
## When to Load This File
- User asks: "What does the rationale field mean?"
- User wants field examples: "Show me examples of good acceptance criteria"
- User is confused about a specific section
- User wants to understand optional vs required fields
## Complete Template Structure
```markdown
---
# FRONTMATTER (YAML metadata)
id: spec-TYPE-NNN # Required: Unique identifier
type: feature # Required: Category of work
status: draft # Required: Current state
priority: medium # Required: Urgency level
created_at: 2025-01-19T10:00:00 # Required: Creation timestamp
updated_at: 2025-01-19T10:00:00 # Required: Last modified timestamp
---
# Title # Required: Clear, descriptive name
## Description # Required: What needs to be done
What exactly needs to be implemented, fixed, or changed.
Be specific about functionality, scope, and affected components.
## Rationale # Required: Why this matters
Business value, technical benefit, or problem being solved.
Explain the impact if this is not done.
## Dependencies # Optional: Related specifications
- **Requires**: spec-001 # Must be done before this
- **Blocks**: spec-003 # This blocks other work
- **Related**: spec-004 # Context, not blocking
## Risks # Optional: Potential issues
- Technical risks
- Schedule risks
- Dependency risks
## Success Metrics # Optional: Measurable outcomes
- Performance targets
- Usage metrics
- Quality metrics
## Acceptance Criteria # Required: How to know it's done
- [ ] Specific, testable criterion
- [ ] Another specific criterion
- [ ] Include error cases
- [ ] Minimum 3 criteria recommended
## Test Scenarios # Required: How to verify
### Happy path test # At least one success case
**Given**: Initial state
**When**: Action taken
**Then**: Expected result
### Error case test # At least one failure case
**Given**: Invalid input
**When**: Action attempted
**Then**: Appropriate error shown
## Metadata # Optional: Additional info
estimated_hours: 8
technical_notes: Implementation notes
branch: feat/feature-name # Added when work starts
```
## Field Reference
### Frontmatter Fields
#### id (Required)
**Format**: `spec-TYPE-NNN`
**Purpose**: Unique identifier that never changes
**Type Prefixes**:
- `spec-feature-NNN` - New functionality
- `spec-bugfix-NNN` - Fix broken behavior
- `spec-refactor-NNN` - Improve code structure
- `spec-perf-NNN` - Performance improvements
- `spec-sec-NNN` - Security enhancements
- `spec-test-NNN` - Test coverage
- `spec-docs-NNN` - Documentation
**Numbering**: Zero-padded 3 digits (001, 002, ..., 999)
**Examples**:
```yaml
id: spec-feature-001
id: spec-bugfix-023
id: spec-refactor-005
```
**Rules**:
- Generated automatically from type + next available number
- Never changes once created
- Must be unique across all specs
---
#### type (Required)
**Values**: `feature | bugfix | refactor | documentation | performance | security | testing`
**Purpose**: Categorize the work type
**Descriptions**:
```yaml
feature:
description: "New functionality or capability"
examples:
- "User authentication system"
- "Export to PDF feature"
- "Real-time notifications"
bugfix:
description: "Fix broken or incorrect behavior"
examples:
- "Fix memory leak in processor"
- "Correct calculation error"
- "Resolve null pointer exception"
refactor:
description: "Improve code structure without changing behavior"
examples:
- "Consolidate authentication logic"
- "Simplify database queries"
- "Extract reusable components"
documentation:
description: "Add or improve documentation"
examples:
- "API documentation"
- "Add code comments"
- "Update README"
performance:
description: "Improve speed, efficiency, or resource usage"
examples:
- "Optimize database queries"
- "Implement caching"
- "Reduce memory usage"
security:
description: "Security improvements or vulnerability fixes"
examples:
- "Add input validation"
- "Implement rate limiting"
- "Fix SQL injection vulnerability"
testing:
description: "Add or improve test coverage"
examples:
- "Add unit tests for auth module"
- "Implement E2E tests"
- "Improve test coverage to 80%"
```
**Auto-Correction**: Parser auto-corrects common mistakes
- "removal" → "refactor"
- "fix" → "bugfix"
- "test" → "testing"
---
#### status (Required, Auto-Managed)
**Values**: `draft | active | completed`
**Purpose**: Track current state (managed by folder location)
**Note**: Folder location is source of truth, this field is kept in sync
```yaml
status: draft # In .quaestor/specs/draft/
status: active # In .quaestor/specs/active/
status: completed # In .quaestor/specs/completed/
```
---
#### priority (Required)
**Values**: `critical | high | medium | low`
**Purpose**: Indicate urgency and importance
**Guidelines**:
```yaml
critical:
when: "Production down, security vulnerability, data loss risk"
sla: "Drop everything, fix immediately"
examples:
- "Production outage"
- "Security breach"
- "Data corruption"
high:
when: "Important feature, significant bug, blocking other work"
sla: "Schedule this week"
examples:
- "Key customer feature"
- "Major bug affecting users"
- "Blocking other development"
medium:
when: "Normal priority work, planned features, minor bugs"
sla: "Schedule in sprint"
examples:
- "Planned feature work"
- "Minor bug fixes"
- "Technical debt"
low:
when: "Nice to have, minor improvements, future work"
sla: "Do when time allows"
examples:
- "Nice to have features"
- "Minor improvements"
- "Future enhancements"
```
---
#### created_at / updated_at (Required, Auto)
**Format**: ISO 8601 timestamp `YYYY-MM-DDTHH:MM:SS`
**Purpose**: Track when spec was created and last modified
**Examples**:
```yaml
created_at: 2025-01-19T10:30:00
updated_at: 2025-01-19T14:45:00
```
**Auto-Management**:
- `created_at`: Set once when spec is created
- `updated_at`: Updated whenever spec content changes
---
### Content Sections
#### Title (Required)
**Location**: First H1 heading after frontmatter
**Purpose**: Clear, descriptive name of the work
**Guidelines**:
```yaml
do:
- Use clear, descriptive names
- Be specific about what's being done
- Include key context
dont:
- Use vague terms: "Fix bug", "Update code"
- Use technical jargon without context
- Make it too long (> 80 chars)
```
**Examples**:
```markdown
# Good
- User Authentication System with JWT Tokens
- Fix Memory Leak in Background Job Processor
- Refactor Payment Validation Logic
- Optimize Database Query Performance
# Bad
- Auth
- Fix Bug
- Update Code
- Make It Faster
```
---
#### Description (Required)
**Location**: `## Description` section
**Purpose**: Detailed explanation of what needs to be done
**What to Include**:
- Specific functionality or changes
- Scope and boundaries
- Key components affected
- Current state vs desired state
**Example Structure**:
```markdown
## Description
[Opening paragraph: What needs to be done]
[Current state: How things work now]
[Desired state: How things should work]
[Scope: What's included and excluded]
[Key components: What parts of system affected]
```
**Good Example**:
```markdown
## Description
Implement a user authentication system with email/password login,
JWT-based session management, and secure password storage using bcrypt.
Current state: No authentication system exists. All endpoints are public.
Desired state: Users must authenticate to access protected endpoints.
Sessions persist for 24 hours with automatic renewal. Passwords are
securely hashed and never stored in plain text.
Scope includes:
- Login/logout endpoints
- JWT token generation and validation
- Password hashing with bcrypt
- Session management middleware
Scope excludes:
- OAuth/social login (future enhancement)
- Password reset (separate spec: spec-auth-002)
- Multi-factor authentication (future enhancement)
```
---
#### Rationale (Required)
**Location**: `## Rationale` section
**Purpose**: Explain WHY this work matters
**What to Include**:
- Business value or technical benefit
- Problem being solved
- Impact if not done
- Alignment with goals
**Example Structure**:
```markdown
## Rationale
[Why this is needed]
[Problem being solved]
[Business/technical impact]
[What happens if not done]
```
**Good Example**:
```markdown
## Rationale
User authentication is essential for protecting user data and enabling
personalized features. Currently, all endpoints are public, exposing
sensitive user information and preventing per-user customization.
Problem solved: Unauthorized access to user data and inability to track
user-specific actions.
Business impact: Enables premium features, protects user privacy, meets
security compliance requirements.
If not done: Cannot launch paid features, risk data breaches, fail
security audits, lose customer trust.
```
---
#### Dependencies (Optional)
**Location**: `## Dependencies` section
**Purpose**: Link to related specifications
**Format**:
```markdown
## Dependencies
- **Requires**: spec-001, spec-002
- **Blocks**: spec-003, spec-004
- **Related**: spec-005
```
**Relationship Types**:
```yaml
Requires:
meaning: "These must be completed before this spec can start"
use_when: "Hard dependency on other work"
example: "Requires: spec-email-001 (email service must exist)"
Blocks:
meaning: "This spec prevents other specs from starting"
use_when: "Other work depends on this being done"
example: "Blocks: spec-auth-002 (password reset needs auth)"
Related:
meaning: "Related for context, not blocking"
use_when: "Useful context, not a hard dependency"
example: "Related: spec-user-001 (user profile system)"
```
---
#### Risks (Optional)
**Location**: `## Risks` section
**Purpose**: Identify potential issues or challenges
**Categories**:
```yaml
technical_risks:
- "Complex integration with third-party service"
- "Database migration required"
- "Performance impact on existing features"
schedule_risks:
- "Depends on external team's timeline"
- "Blocked by infrastructure work"
- "May require more time than estimated"
dependency_risks:
- "Third-party API may change"
- "Requires approval from security team"
- "Depends on unstable library"
mitigation:
- "Include how to reduce or handle each risk"
```
**Good Example**:
```markdown
## Risks
- **Performance risk**: Auth middleware adds latency to every request.
Mitigation: Cache token validation, use fast JWT library.
- **Security risk**: Password storage vulnerability if implemented wrong.
Mitigation: Use battle-tested bcrypt library, security review required.
- **Schedule risk**: Depends on database migration (spec-db-001).
Mitigation: Can implement with mock data, migrate later.
```
---
#### Success Metrics (Optional)
**Location**: `## Success Metrics` section
**Purpose**: Define measurable outcomes
**What to Include**:
- Performance targets
- Usage metrics
- Quality metrics
- Business metrics
**Good Example**:
```markdown
## Success Metrics
- Authentication latency < 200ms (p95)
- Session validation < 50ms (p95)
- Zero security vulnerabilities in audit
- 99.9% uptime for auth service
- 100% of protected endpoints require auth
- Password hashing takes 200-300ms (bcrypt security)
```
---
#### Acceptance Criteria (Required)
**Location**: `## Acceptance Criteria` section
**Purpose**: Define what "done" means with testable criteria
**Format**: Checklist with `- [ ]` or `- [x]`
**Guidelines**:
```yaml
do:
- Make each criterion specific and testable
- Include happy path and error cases
- Minimum 3 criteria (typically 5-8)
- Use action verbs: "User can...", "System will..."
- Be precise with numbers and timeframes
dont:
- Use vague criteria: "System works well"
- Forget error cases
- Make criteria too large (break down if > 10)
- Forget non-functional requirements
```
**Good Example**:
```markdown
## Acceptance Criteria
- [ ] User can login with valid email and password
- [ ] Invalid credentials return 401 with error message
- [ ] Successful login returns JWT token valid for 24 hours
- [ ] Token automatically refreshes 1 hour before expiration
- [ ] User can logout and invalidate their token
- [ ] Logout clears session and prevents token reuse
- [ ] Protected endpoints return 401 without valid token
- [ ] Passwords are hashed with bcrypt (cost factor 12)
- [ ] Login attempts are rate-limited (5 per minute)
```
**Bad Example**:
```markdown
## Acceptance Criteria
- [ ] Login works
- [ ] Errors handled
- [ ] Security is good
```
---
#### Test Scenarios (Required)
**Location**: `## Test Scenarios` section
**Purpose**: Describe how to verify acceptance criteria
**Format**: Given/When/Then (BDD style)
**Minimum**: 2 scenarios (happy path + error case)
**Structure**:
```markdown
### [Scenario Name]
**Given**: [Initial state / preconditions]
**When**: [Action taken]
**Then**: [Expected result]
```
**Good Example**:
```markdown
## Test Scenarios
### Successful login
**Given**: User has account with email "user@example.com" and password "SecurePass123"
**When**: User submits correct credentials to /login endpoint
**Then**: System returns 200 status with JWT token valid for 24 hours
### Invalid password
**Given**: User exists with email "user@example.com"
**When**: User submits incorrect password
**Then**: System returns 401 status with error "Invalid credentials"
### Token expiration
**Given**: User has JWT token that expired 1 minute ago
**When**: User attempts to access protected endpoint
**Then**: System returns 401 status with error "Token expired"
### Rate limiting
**Given**: User has attempted login 5 times in last minute
**When**: User attempts 6th login
**Then**: System returns 429 status with error "Too many attempts"
```
---
#### Metadata (Optional)
**Location**: `## Metadata` section
**Purpose**: Additional information for tracking
**Common Fields**:
```markdown
## Metadata
estimated_hours: 8
actual_hours: 10
technical_notes: Using JWT library "jsonwebtoken", bcrypt cost factor 12
branch: feat/user-authentication
assignee: @developer-name
labels: security, backend, high-priority
```
**Field Meanings**:
```yaml
estimated_hours:
description: "Time estimate before starting"
use: "Planning and capacity"
actual_hours:
description: "Actual time spent (filled after completion)"
use: "Improve future estimates"
technical_notes:
description: "Implementation details, library choices, etc"
use: "Context for implementers"
branch:
description: "Git branch name for this work"
use: "Link spec to code changes"
added_when: "Work starts (activation)"
assignee:
description: "Who's working on this"
use: "Track ownership"
labels:
description: "Tags for categorization"
use: "Filtering and reporting"
```
---
## Template Validation
### Required Fields Check
```yaml
must_have:
- id
- type
- status
- priority
- created_at
- updated_at
- title
- description
- rationale
- acceptance_criteria (at least 1)
- test_scenarios (at least 1)
can_warn_if_missing:
- dependencies
- risks
- success_metrics
- metadata
```
### Quality Checks
```yaml
description:
min_length: 50 characters
recommendation: "2-4 paragraphs"
rationale:
min_length: 30 characters
recommendation: "Explain business/technical value"
acceptance_criteria:
min_count: 3
recommendation: "5-8 criteria typical"
format: "Use checkboxes [ ] or [x]"
test_scenarios:
min_count: 2
recommendation: "At least happy path + error case"
format: "Use Given/When/Then"
```
---
## Quick Reference
### Minimal Valid Spec
```markdown
---
id: spec-feature-001
type: feature
status: draft
priority: medium
created_at: 2025-01-19T10:00:00
updated_at: 2025-01-19T10:00:00
---
# Feature Title
## Description
What needs to be done.
## Rationale
Why this matters.
## Acceptance Criteria
- [ ] Criterion 1
- [ ] Criterion 2
- [ ] Criterion 3
## Test Scenarios
### Happy path
**Given**: Initial state
**When**: Action
**Then**: Result
```
### Complete Spec
See WRITING.md for complete examples with all optional sections filled.
---
*This template reference provides field-by-field details. Return to SKILL.md for overview, WRITING.md for creation process, or LIFECYCLE.md for management operations.*
Reference in New Issue View Git Blame Copy Permalink