@rqml/schema 0.1.0

package/examples/helloworld.rqml

@@ -0,0 +1,21 @@
+<rqml xmlns="https://rqml.org/schema/2.1.0"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="https://rqml.org/schema/2.1.0 https://rqml.org/schema/rqml-2.1.0.xsd"
+      version="2.1.0" docId="DOC-HELLO-001" status="draft">
+  <meta>
+    <title>Hello World CLI</title>
+    <system>hello</system>
+  </meta>
+
+  <requirements>
+    <req id="REQ-HELLO-001" type="FR" title="Print greeting" status="draft" priority="must">
+      <statement>The program MUST print "Hello, world!" to standard output and exit with status code 0.</statement>
+      <acceptance>
+        <criterion>
+          <when>The user runs <code>hello</code>.</when>
+          <then>The program prints exactly <code>Hello, world!</code> followed by a newline and exits with code 0.</then>
+        </criterion>
+      </acceptance>
+    </req>
+  </requirements>
+</rqml>

package/examples/payments.rqml

@@ -0,0 +1,139 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<rqml xmlns="https://rqml.org/schema/2.1.0"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="https://rqml.org/schema/2.1.0 https://rqml.org/schema/rqml-2.1.0.xsd"
+      version="2.1.0" docId="PAY-001" status="review">
+  <meta>
+    <title>Checkout Payments</title>
+    <system>Checkout</system>
+    <summary>Authorization, capture, and refund flows for an e-commerce checkout API.</summary>
+    <authors>
+      <author>
+        <name>Sam Rivera</name>
+        <role>Product</role>
+      </author>
+    </authors>
+  </meta>
+
+  <catalogs>
+    <constraints>
+      <constraint id="CON-TLS">
+        <statement>All APIs must use TLS 1.2+.</statement>
+      </constraint>
+    </constraints>
+    <risks>
+      <risk id="RISK-FRAUD" severity="high">
+        <statement>Fraudulent card-not-present attempts.</statement>
+        <mitigation>Velocity checks and 3DS when required.</mitigation>
+      </risk>
+    </risks>
+  </catalogs>
+
+  <goals>
+    <goal id="GOAL-AVAIL" title="High availability" priority="must">
+      <statement>Payment API remains available during peak events.</statement>
+    </goal>
+    <qgoal id="QGOAL-LAT" title="Low latency" priority="should">
+      <statement>Keep latency low for checkout.</statement>
+      <metric>p95 authorization latency ≤ 500ms at 200 rps.</metric>
+    </qgoal>
+  </goals>
+
+  <scenarios>
+    <scenario id="SCN-CHECKOUT" title="Card checkout">
+      <narrative>User submits card details and receives authorization result.</narrative>
+    </scenario>
+    <misuseCase id="SCN-FRAUD" title="Fraud attempt">
+      <narrative>Attacker replays stolen card numbers.</narrative>
+    </misuseCase>
+  </scenarios>
+
+  <requirements>
+    <reqPackage id="PKG-PAY" title="Payments">
+      <req id="REQ-AUTH" type="FR" title="Authorize payment" priority="must">
+        <statement>The system SHALL authorize card payments with the acquiring bank.</statement>
+        <acceptance>
+          <criterion id="CRIT-AUTH-1">
+            <given>Valid card and funds</given>
+            <when>POST /payments is called</when>
+            <then>Response includes paymentId and status=authorized.</then>
+          </criterion>
+        </acceptance>
+      </req>
+      <req id="REQ-REFUND" type="FR" title="Refund payment" priority="should">
+        <statement>The system SHALL allow refunds on captured payments.</statement>
+        <acceptance>
+          <criterion id="CRIT-REF-1">
+            <given>A captured payment exists</given>
+            <when>POST /payments/{id}/refunds</when>
+            <then>A refundId is returned and payment status reflects refund.</then>
+          </criterion>
+        </acceptance>
+      </req>
+      <req id="REQ-LAT" type="NFR" title="Latency" priority="should">
+        <statement>p95 authorization latency SHALL be ≤ 500ms at 200 rps.</statement>
+      </req>
+      <req id="REQ-SEC" type="SR" title="Secure transport" priority="must">
+        <statement>All payment endpoints SHALL enforce TLS 1.2+.</statement>
+      </req>
+      <req id="REQ-FRAUD" type="SR" title="Fraud mitigation" priority="must">
+        <statement>The system SHALL apply velocity checks and challenge flows when risk is high.</statement>
+      </req>
+    </reqPackage>
+  </requirements>
+
+  <interfaces>
+    <api id="API-PAY" name="Payments API" protocol="https" auth="oauth2">
+      <endpoint id="EP-AUTH" method="POST" path="/payments">
+        <summary>Create a payment and request authorization.</summary>
+        <response>paymentId, status (authorized|declined|pending)</response>
+        <errors>422 for validation, 502 for upstream decline.</errors>
+      </endpoint>
+      <endpoint id="EP-REF" method="POST" path="/payments/{id}/refunds">
+        <summary>Refund a captured payment.</summary>
+        <response>refundId, status</response>
+      </endpoint>
+    </api>
+    <event id="EVT-PAY-UPDATED" name="PaymentUpdated">
+      <description>Emitted when a payment status changes.</description>
+      <payload>paymentId, status, updatedAt</payload>
+    </event>
+  </interfaces>
+
+  <verification>
+    <testCase id="TC-AUTH" type="integration" title="Authorize happy path">
+      <steps>POST /payments with valid card</steps>
+      <expected>201 with status=authorized</expected>
+    </testCase>
+    <testCase id="TC-LAT" type="performance" title="Latency budget">
+      <purpose>Ensure p95 latency meets target.</purpose>
+    </testCase>
+  </verification>
+
+  <trace>
+    <edge id="TR-AUTH-GOAL" type="satisfies" confidence="0.9">
+      <from><locator><local id="REQ-AUTH"/></locator></from>
+      <to><locator><local id="GOAL-AVAIL"/></locator></to>
+    </edge>
+    <edge id="TR-AUTH-SCN" type="satisfies">
+      <from><locator><local id="REQ-AUTH"/></locator></from>
+      <to><locator><local id="SCN-CHECKOUT"/></locator></to>
+    </edge>
+    <edge id="TR-SEC-TLS" type="dependsOn">
+      <from><locator><local id="REQ-SEC"/></locator></from>
+      <to><locator><local id="CON-TLS"/></locator></to>
+    </edge>
+    <edge id="TR-FRAUD" type="mitigates">
+      <from><locator><local id="REQ-FRAUD"/></locator></from>
+      <to><locator><local id="RISK-FRAUD"/></locator></to>
+    </edge>
+    <edge id="TR-AUTH-TEST" type="verifiedBy">
+      <from><locator><local id="REQ-AUTH"/></locator></from>
+      <to><locator><local id="TC-AUTH"/></locator></to>
+    </edge>
+    <edge id="TR-LAT-TEST" type="verifiedBy">
+      <from><locator><local id="REQ-LAT"/></locator></from>
+      <to><locator><local id="TC-LAT"/></locator></to>
+    </edge>
+  </trace>
+</rqml>

package/examples/reservations.rqml

@@ -0,0 +1,125 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<rqml xmlns="https://rqml.org/schema/2.1.0"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="https://rqml.org/schema/2.1.0 https://rqml.org/schema/rqml-2.1.0.xsd"
+      version="2.1.0" docId="RES-API-001" status="draft">
+  <meta>
+    <title>Restaurant Reservation &amp; Waitlist API</title>
+    <system>SeatSmart</system>
+    <summary>API for booking tables and managing waitlists at a single location.</summary>
+    <authors>
+      <author>
+        <name>Jordan Lee</name>
+        <role>Product</role>
+      </author>
+    </authors>
+  </meta>
+
+  <catalogs>
+    <actors>
+      <actor id="ACT-GUEST" name="Guest"/>
+      <actor id="ACT-HOST" name="Host"/>
+    </actors>
+    <constraints>
+      <constraint id="CON-HTTPS">
+        <statement>All endpoints must be served over HTTPS.</statement>
+        <source>Security policy</source>
+      </constraint>
+    </constraints>
+  </catalogs>
+
+  <domain>
+    <entities>
+      <entity id="ENT-RES" name="Reservation">
+        <attr id="ATTR-PARTY" name="partySize" type="integer" required="true"/>
+        <attr id="ATTR-TIME" name="time" type="dateTime" required="true"/>
+        <attr id="ATTR-STATUS" name="status" type="token" required="true"/>
+      </entity>
+    </entities>
+  </domain>
+
+  <scenarios>
+    <scenario id="SCN-BOOK" title="Book a table" actorRef="ACT-GUEST">
+      <narrative>Guest books a table for a given time and party size.</narrative>
+    </scenario>
+    <scenario id="SCN-CANCEL" title="Cancel reservation" actorRef="ACT-GUEST">
+      <narrative>Guest cancels an existing reservation.</narrative>
+    </scenario>
+  </scenarios>
+
+  <requirements>
+    <reqPackage id="PKG-RES" title="Reservations">
+      <req id="REQ-BOOK" type="FR" title="Create reservation" priority="must">
+        <statement>The API SHALL allow creating a reservation with time and party size.</statement>
+        <acceptance>
+          <criterion id="CRIT-BOOK-1">
+            <given>Requested time is within hours and capacity allows</given>
+            <when>Client POSTs /reservations</when>
+            <then>Return 201 with reservationId and status=confirmed.</then>
+          </criterion>
+        </acceptance>
+      </req>
+      <req id="REQ-CANCEL" type="FR" title="Cancel reservation" priority="must">
+        <statement>The API SHALL let a guest cancel an existing reservation.</statement>
+        <acceptance>
+          <criterion id="CRIT-CANCEL-1">
+            <given>A confirmed reservation exists</given>
+            <when>DELETE /reservations/{id}</when>
+            <then>Status becomes canceled and a 200 response is returned.</then>
+          </criterion>
+        </acceptance>
+      </req>
+      <req id="REQ-LAT" type="NFR" title="Latency" priority="should">
+        <statement>p95 response time for reservation create SHALL be ≤ 300ms under normal load.</statement>
+      </req>
+      <req id="REQ-SEC" type="SR" title="Transport security">
+        <statement>All API traffic SHALL enforce HTTPS (TLS 1.2+).</statement>
+      </req>
+    </reqPackage>
+  </requirements>
+
+  <interfaces>
+    <api id="API-RES" name="Reservations API" protocol="https">
+      <endpoint id="EP-CREATE" method="POST" path="/reservations">
+        <summary>Create a reservation.</summary>
+        <request>partySize, time, contact info</request>
+        <response>reservationId, status</response>
+      </endpoint>
+      <endpoint id="EP-CANCEL" method="DELETE" path="/reservations/{id}">
+        <summary>Cancel a reservation.</summary>
+        <response>canceled status</response>
+        <errors>404 if not found</errors>
+      </endpoint>
+    </api>
+  </interfaces>
+
+  <verification>
+    <testCase id="TC-BOOK" type="integration" title="Create reservation 201">
+      <steps>POST /reservations with valid body</steps>
+      <expected>201 created with id and status=confirmed</expected>
+    </testCase>
+  </verification>
+
+  <trace>
+    <edge id="TR-BOOK" type="satisfies">
+      <from><locator><local id="REQ-BOOK"/></locator></from>
+      <to><locator><local id="SCN-BOOK"/></locator></to>
+    </edge>
+    <edge id="TR-BOOK-ENT" type="dependsOn">
+      <from><locator><local id="REQ-BOOK"/></locator></from>
+      <to><locator><local id="ENT-RES"/></locator></to>
+    </edge>
+    <edge id="TR-CANCEL" type="satisfies">
+      <from><locator><local id="REQ-CANCEL"/></locator></from>
+      <to><locator><local id="SCN-CANCEL"/></locator></to>
+    </edge>
+    <edge id="TR-SEC-HTTPS" type="dependsOn">
+      <from><locator><local id="REQ-SEC"/></locator></from>
+      <to><locator><local id="CON-HTTPS"/></locator></to>
+    </edge>
+    <edge id="TR-TEST-BOOK" type="verifiedBy">
+      <from><locator><local id="REQ-BOOK"/></locator></from>
+      <to><locator><local id="TC-BOOK"/></locator></to>
+    </edge>
+  </trace>
+</rqml>

package/examples/tasks.rqml

@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<rqml xmlns="https://rqml.org/schema/2.1.0"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="https://rqml.org/schema/2.1.0 https://rqml.org/schema/rqml-2.1.0.xsd"
+      version="2.1.0" docId="TASKS-001" status="draft">
+  <meta>
+    <title>Personal Task Manager</title>
+    <system>Taskie</system>
+    <summary>Lightweight to-do app for individuals.</summary>
+    <authors>
+      <author>
+        <name>Avery Kim</name>
+        <role>Product</role>
+      </author>
+    </authors>
+  </meta>
+
+  <domain>
+    <entities>
+      <entity id="ENT-TASK" name="Task">
+        <attr id="ATTR-TITLE" name="title" type="string" required="true"/>
+        <attr id="ATTR-STATUS" name="status" type="token" required="true"/>
+        <attr id="ATTR-DUE" name="dueDate" type="date" required="false"/>
+      </entity>
+    </entities>
+  </domain>
+
+  <scenarios>
+    <scenario id="SCN-ADD" title="Add a task">
+      <narrative>User enters a title and saves a new task.</narrative>
+    </scenario>
+    <scenario id="SCN-COMPLETE" title="Complete a task">
+      <narrative>User marks an existing task as done.</narrative>
+    </scenario>
+  </scenarios>
+
+  <requirements>
+    <reqPackage id="PKG-TASKS" title="Tasks">
+      <req id="REQ-ADD" type="FR" title="Create task" priority="must">
+        <statement>The system SHALL let a user create a task with a title.</statement>
+        <acceptance>
+          <criterion id="CRIT-ADD-1">
+            <when>User provides a title</when>
+            <then>The task is saved with status "open".</then>
+          </criterion>
+        </acceptance>
+      </req>
+      <req id="REQ-COMPLETE" type="FR" title="Complete task" priority="must">
+        <statement>The system SHALL allow marking a task as completed.</statement>
+        <acceptance>
+          <criterion id="CRIT-COMP-1">
+            <given>An open task exists</given>
+            <when>User marks it done</when>
+            <then>Status becomes "completed" with timestamp.</then>
+          </criterion>
+        </acceptance>
+      </req>
+      <req id="REQ-LIST" type="NFR" title="List performance" priority="should">
+        <statement>The task list SHALL render within 150ms for up to 500 tasks.</statement>
+      </req>
+    </reqPackage>
+  </requirements>
+
+  <verification>
+    <testCase id="TC-ADD-1" type="integration" title="Create task success">
+      <steps>POST /tasks with title=Buy milk</steps>
+      <expected>201 with taskId and status=open</expected>
+    </testCase>
+  </verification>
+
+  <trace>
+    <edge id="TR-ADD" type="satisfies">
+      <from><locator><local id="REQ-ADD"/></locator></from>
+      <to><locator><local id="SCN-ADD"/></locator></to>
+    </edge>
+    <edge id="TR-ADD-ENT" type="dependsOn">
+      <from><locator><local id="REQ-ADD"/></locator></from>
+      <to><locator><local id="ENT-TASK"/></locator></to>
+    </edge>
+    <edge id="TR-COMPLETE" type="satisfies">
+      <from><locator><local id="REQ-COMPLETE"/></locator></from>
+      <to><locator><local id="SCN-COMPLETE"/></locator></to>
+    </edge>
+    <edge id="TR-TEST" type="verifiedBy">
+      <from><locator><local id="REQ-ADD"/></locator></from>
+      <to><locator><local id="TC-ADD-1"/></locator></to>
+    </edge>
+  </trace>
+</rqml>

package/examples/telemedicine.rqml

@@ -0,0 +1,181 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<rqml xmlns="https://rqml.org/schema/2.1.0"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="https://rqml.org/schema/2.1.0 https://rqml.org/schema/rqml-2.1.0.xsd"
+      version="2.1.0" docId="TELEMED-001" status="review">
+  <meta>
+    <title>Telemedicine Platform</title>
+    <system>CareConnect</system>
+    <summary>Video consultations, scheduling, and prescriptions with privacy controls.</summary>
+    <authors>
+      <author>
+        <name>Priya Singh</name>
+        <role>Product</role>
+      </author>
+    </authors>
+  </meta>
+
+  <catalogs>
+    <actors>
+      <actor id="ACT-PATIENT" name="Patient"/>
+      <actor id="ACT-CLINICIAN" name="Clinician"/>
+    </actors>
+    <policies>
+      <policy id="POL-HIPAA" source="HIPAA">
+        <obligation>Protect PHI with encryption in transit and at rest.</obligation>
+      </policy>
+    </policies>
+  </catalogs>
+
+  <domain>
+    <entities>
+      <entity id="ENT-VISIT" name="Visit">
+        <attr id="ATTR-SLOT" name="timeSlot" type="dateTime" required="true"/>
+        <attr id="ATTR-STATE" name="state" type="token" required="true"/>
+      </entity>
+      <entity id="ENT-PRESC" name="Prescription">
+        <attr id="ATTR-MED" name="medication" type="string" required="true"/>
+        <attr id="ATTR-DOS" name="dosage" type="string" required="true"/>
+      </entity>
+    </entities>
+  </domain>
+
+  <goals>
+    <goal id="GOAL-ACCESS" title="Accessible care" priority="must">
+      <statement>Allow patients to see a clinician within 24 hours.</statement>
+    </goal>
+    <qgoal id="QGOAL-QUALITY" title="High call quality" priority="should">
+      <statement>Video calls remain stable with minimal jitter.</statement>
+    </qgoal>
+  </goals>
+
+  <scenarios>
+    <scenario id="SCN-BOOK" title="Book a visit" actorRef="ACT-PATIENT">
+      <narrative>Patient books an appointment slot with a clinician.</narrative>
+    </scenario>
+    <scenario id="SCN-CALL" title="Start video consult" actorRef="ACT-CLINICIAN">
+      <narrative>Clinician and patient join a secure video call.</narrative>
+    </scenario>
+    <scenario id="SCN-PRESC" title="Issue prescription" actorRef="ACT-CLINICIAN">
+      <narrative>Clinician issues an e-prescription after the call.</narrative>
+    </scenario>
+  </scenarios>
+
+  <requirements>
+    <reqPackage id="PKG-VISIT" title="Visits">
+      <req id="REQ-SCHED" type="FR" title="Schedule visit" priority="must">
+        <statement>The system SHALL let patients book available slots with clinicians.</statement>
+        <acceptance>
+          <criterion id="CRIT-SCHED-1">
+            <given>A clinician has open slots</given>
+            <when>Patient selects a slot</when>
+            <then>A visit is created with state=scheduled and a confirmation is returned.</then>
+          </criterion>
+        </acceptance>
+      </req>
+      <req id="REQ-VIDEO" type="FR" title="Secure video" priority="must">
+        <statement>The platform SHALL provide encrypted video sessions for visits.</statement>
+        <acceptance>
+          <criterion id="CRIT-VIDEO-1">
+            <when>Clinician and patient join a visit</when>
+            <then>A video session is established using end-to-end encrypted transport.</then>
+          </criterion>
+        </acceptance>
+      </req>
+      <req id="REQ-PHI" type="SR" title="Protect PHI" priority="must">
+        <statement>PHI SHALL be encrypted in transit and at rest.</statement>
+      </req>
+      <req id="REQ-PRESC" type="FR" title="Issue prescription" priority="should">
+        <statement>Clinicians SHALL be able to issue and transmit prescriptions electronically.</statement>
+        <acceptance>
+          <criterion id="CRIT-PRESC-1">
+            <given>A completed visit</given>
+            <when>The clinician submits a prescription</when>
+            <then>A prescription record is created and sent to the pharmacy.</then>
+          </criterion>
+        </acceptance>
+      </req>
+      <req id="REQ-QUALITY" type="NFR" title="Call quality" priority="should">
+        <statement>Video calls SHALL maintain p95 MOS equivalent ≥ 4.0 under target bandwidth.</statement>
+      </req>
+    </reqPackage>
+  </requirements>
+
+  <interfaces>
+    <api id="API-VISIT" name="Visits API" protocol="https" auth="oauth2">
+      <endpoint id="EP-SCHEDULE" method="POST" path="/visits">
+        <summary>Create a visit</summary>
+        <request>patientId, clinicianId, slot</request>
+        <response>visitId, state</response>
+      </endpoint>
+      <endpoint id="EP-START" method="POST" path="/visits/{id}/start">
+        <summary>Start video session</summary>
+        <response>sessionUrl, token</response>
+      </endpoint>
+    </api>
+    <event id="EVT-VISIT-UPDATED" name="VisitUpdated">
+      <description>Emitted when a visit state changes.</description>
+      <payload>visitId, state, updatedAt</payload>
+    </event>
+  </interfaces>
+
+  <verification>
+    <testSuite id="TS-VISIT" title="Visit flows">
+      <description>Integration and security tests for visit scheduling and video.</description>
+    </testSuite>
+    <testCase id="TC-SCHED" type="integration" title="Schedule visit success">
+      <steps>POST /visits with valid slot</steps>
+      <expected>201 with state=scheduled</expected>
+    </testCase>
+    <testCase id="TC-VIDEO" type="security" title="Encrypted video established">
+      <expected>Video session negotiates encrypted transport</expected>
+    </testCase>
+  </verification>
+
+  <trace>
+    <edge id="TR-SCHED-GOAL" type="satisfies">
+      <from><locator><local id="REQ-SCHED"/></locator></from>
+      <to><locator><local id="GOAL-ACCESS"/></locator></to>
+    </edge>
+    <edge id="TR-SCHED-SCN" type="satisfies">
+      <from><locator><local id="REQ-SCHED"/></locator></from>
+      <to><locator><local id="SCN-BOOK"/></locator></to>
+    </edge>
+    <edge id="TR-SCHED-ENT" type="dependsOn">
+      <from><locator><local id="REQ-SCHED"/></locator></from>
+      <to><locator><local id="ENT-VISIT"/></locator></to>
+    </edge>
+    <edge id="TR-VIDEO-SCN" type="satisfies">
+      <from><locator><local id="REQ-VIDEO"/></locator></from>
+      <to><locator><local id="SCN-CALL"/></locator></to>
+    </edge>
+    <edge id="TR-VIDEO-PHI" type="dependsOn">
+      <from><locator><local id="REQ-VIDEO"/></locator></from>
+      <to><locator><local id="REQ-PHI"/></locator></to>
+    </edge>
+    <edge id="TR-PHI-HIPAA" type="satisfies">
+      <from><locator><local id="REQ-PHI"/></locator></from>
+      <to><locator><local id="POL-HIPAA"/></locator></to>
+    </edge>
+    <edge id="TR-PRESC-SCN" type="satisfies">
+      <from><locator><local id="REQ-PRESC"/></locator></from>
+      <to><locator><local id="SCN-PRESC"/></locator></to>
+    </edge>
+    <edge id="TR-PRESC-ENT" type="dependsOn">
+      <from><locator><local id="REQ-PRESC"/></locator></from>
+      <to><locator><local id="ENT-PRESC"/></locator></to>
+    </edge>
+    <edge id="TR-SCHED-TEST" type="verifiedBy">
+      <from><locator><local id="REQ-SCHED"/></locator></from>
+      <to><locator><local id="TC-SCHED"/></locator></to>
+    </edge>
+    <edge id="TR-VIDEO-TEST" type="verifiedBy">
+      <from><locator><local id="REQ-VIDEO"/></locator></from>
+      <to><locator><local id="TC-VIDEO"/></locator></to>
+    </edge>
+    <edge id="TR-PHI-TEST" type="verifiedBy">
+      <from><locator><local id="REQ-PHI"/></locator></from>
+      <to><locator><local id="TC-VIDEO"/></locator></to>
+    </edge>
+  </trace>
+</rqml>