km-spec-driven-development 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +25 -0
- package/README.md +282 -0
- package/bin/km-spec +995 -0
- package/package.json +25 -0
- package/templates/.specs/codebase/CONVENTIONS.md +125 -0
- package/templates/.specs/features/.gitkeep +0 -0
- package/templates/.specs/project/PROJECT.md +36 -0
- package/templates/.specs/project/ROADMAP.md +26 -0
- package/templates/.specs/project/STATE.md +37 -0
- package/templates/.specs/quick/.gitkeep +0 -0
- package/templates/AGENTS.md +42 -0
- package/templates/SDD.md +1873 -0
package/templates/SDD.md
ADDED
|
@@ -0,0 +1,1873 @@
|
|
|
1
|
+
# Spec Driven Development (SDD)
|
|
2
|
+
### AI-Assisted Development Methodology
|
|
3
|
+
|
|
4
|
+
> Based on the [TLC Spec-Driven Development](https://agent-skills.techleads.club/skills/tlc-spec-driven/) model.
|
|
5
|
+
> Version: 1.0.0 | Date: 2026-06-25
|
|
6
|
+
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
## Table of Contents
|
|
10
|
+
|
|
11
|
+
1. [Methodology Overview](#1-methodology-overview)
|
|
12
|
+
2. [`.specs/` Folder Structure](#2-specs-folder-structure)
|
|
13
|
+
3. [File Descriptions](#3-file-descriptions)
|
|
14
|
+
4. [Adaptive Workflow](#4-adaptive-workflow)
|
|
15
|
+
5. [AI Development Harness](#5-ai-development-harness)
|
|
16
|
+
6. [Context Loading Strategy](#6-context-loading-strategy)
|
|
17
|
+
7. [Agent Execution Protocol](#7-agent-execution-protocol)
|
|
18
|
+
8. [Sub-Agent Rules](#8-sub-agent-rules)
|
|
19
|
+
9. [Traceability Model](#9-traceability-model)
|
|
20
|
+
10. [Templates](#10-templates)
|
|
21
|
+
11. [New Project Process](#11-new-project-process)
|
|
22
|
+
12. [Existing Project Process](#12-existing-project-process)
|
|
23
|
+
13. [Validation Gates](#13-validation-gates)
|
|
24
|
+
14. [Commit Conventions](#14-commit-conventions)
|
|
25
|
+
15. [Security and Quality Rules](#15-security-and-quality-rules)
|
|
26
|
+
16. [Practical Feature Example](#16-practical-feature-example)
|
|
27
|
+
17. [Tool-Specific Guidance](#17-tool-specific-guidance)
|
|
28
|
+
|
|
29
|
+
---
|
|
30
|
+
|
|
31
|
+
## 1. Methodology Overview
|
|
32
|
+
|
|
33
|
+
### What is SDD?
|
|
34
|
+
|
|
35
|
+
Spec Driven Development (SDD) is a methodology for AI-assisted software development that creates a structured, persistent, and tool-independent contract between the codebase and any AI agent operating on it.
|
|
36
|
+
|
|
37
|
+
The core problem SDD solves: **AI agents lose context between sessions, invent details, duplicate work, and make undocumented decisions that are invisible to the next agent or human reviewing the code.**
|
|
38
|
+
|
|
39
|
+
SDD solves this by establishing a single source of truth in `.specs/` — a living documentation layer that any agent can read to understand what was built, why, how it should behave, and what comes next.
|
|
40
|
+
|
|
41
|
+
### Core Principles
|
|
42
|
+
|
|
43
|
+
1. **Complexity determines ceremony.** A bug fix in one file does not need the same overhead as a new authentication module. The process scales proportionally.
|
|
44
|
+
2. **Every agent starts cold.** Each session, each tool, each sub-agent must be able to orient itself from the spec files alone — without relying on chat history.
|
|
45
|
+
3. **No fabrication.** An agent must never invent APIs, file paths, function signatures, or behaviors. It reads what exists before it writes what is new.
|
|
46
|
+
4. **Traceability is not optional.** Every implemented line should trace back to a requirement. Every decision should trace to a document.
|
|
47
|
+
5. **STATE.md is the memory.** It is updated at the end of every session or after any relevant change. It is always loaded first.
|
|
48
|
+
6. **Validate before closing.** A task is not done until validation evidence exists.
|
|
49
|
+
|
|
50
|
+
### The Pipeline
|
|
51
|
+
|
|
52
|
+
```
|
|
53
|
+
SPECIFY → DESIGN → TASKS → EXECUTE → VALIDATE → RECORD STATE
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
The required phases are **Specify** and **Execute**. Design, Tasks, and the depth of each phase scale with complexity. The Record State phase is always mandatory — it is the mechanism that prevents context loss.
|
|
57
|
+
|
|
58
|
+
---
|
|
59
|
+
|
|
60
|
+
## 2. `.specs/` Folder Structure
|
|
61
|
+
|
|
62
|
+
The default structure keeps a clear separation between project context and codebase context, while avoiding excessive mandatory documentation.
|
|
63
|
+
|
|
64
|
+
```
|
|
65
|
+
.specs/
|
|
66
|
+
├── project/
|
|
67
|
+
│ ├── PROJECT.md # Vision, goals, users, constraints
|
|
68
|
+
│ ├── ROADMAP.md # Milestones, feature priority, planning
|
|
69
|
+
│ └── STATE.md # Persistent memory across sessions
|
|
70
|
+
│
|
|
71
|
+
├── codebase/
|
|
72
|
+
│ └── CONVENTIONS.md # Technical context, architecture, structure, testing, integrations, concerns, and AI rules
|
|
73
|
+
│
|
|
74
|
+
├── features/
|
|
75
|
+
│ └── [feature-name]/
|
|
76
|
+
│ ├── spec.md # Requirements, scope, acceptance criteria
|
|
77
|
+
│ ├── context.md # Background, prior decisions, related code
|
|
78
|
+
│ ├── design.md # Optional technical design for medium/large/complex features
|
|
79
|
+
│ └── tasks.md # Atomic tasks with traceability
|
|
80
|
+
│
|
|
81
|
+
└── quick/
|
|
82
|
+
└── [quick-task-name]/
|
|
83
|
+
├── TASK.md # What to do and acceptance criteria
|
|
84
|
+
└── SUMMARY.md # What was done, files changed, outcome
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
### Default vs Optional Codebase Documentation
|
|
88
|
+
|
|
89
|
+
By default, the codebase has only one required technical document:
|
|
90
|
+
|
|
91
|
+
```
|
|
92
|
+
.specs/codebase/CONVENTIONS.md
|
|
93
|
+
```
|
|
94
|
+
|
|
95
|
+
This file consolidates what would otherwise be split into separate files such as `STACK.md`, `ARCHITECTURE.md`, `STRUCTURE.md`, `TESTING.md`, `INTEGRATIONS.md`, and `CONCERNS.md`.
|
|
96
|
+
|
|
97
|
+
If one section becomes too large or complex, it may be extracted later into an optional dedicated file:
|
|
98
|
+
|
|
99
|
+
```
|
|
100
|
+
.specs/codebase/ARCHITECTURE.md
|
|
101
|
+
.specs/codebase/TESTING.md
|
|
102
|
+
.specs/codebase/INTEGRATIONS.md
|
|
103
|
+
.specs/codebase/CONCERNS.md
|
|
104
|
+
```
|
|
105
|
+
|
|
106
|
+
These files are optional expansions. They are not generated by default and should only be created when they reduce complexity instead of adding ceremony.
|
|
107
|
+
|
|
108
|
+
---
|
|
109
|
+
|
|
110
|
+
## 3. File Descriptions
|
|
111
|
+
|
|
112
|
+
### 3.1 `project/PROJECT.md`
|
|
113
|
+
|
|
114
|
+
**Purpose:** The north star. Defines what the project is, who it is for, what success looks like, and what constraints must never be violated.
|
|
115
|
+
|
|
116
|
+
**Created:** At project initialization (greenfield) or at first SDD adoption (brownfield).
|
|
117
|
+
|
|
118
|
+
**Updated:** Only when the project's fundamental direction changes. Not for individual features.
|
|
119
|
+
|
|
120
|
+
**Contains:**
|
|
121
|
+
- Project name, one-sentence description
|
|
122
|
+
- Problem being solved
|
|
123
|
+
- Target users/stakeholders
|
|
124
|
+
- Success criteria and KPIs
|
|
125
|
+
- Non-negotiable constraints (performance, security, compliance)
|
|
126
|
+
- Out-of-scope items
|
|
127
|
+
- Key terminology/glossary
|
|
128
|
+
|
|
129
|
+
---
|
|
130
|
+
|
|
131
|
+
### 3.2 `project/ROADMAP.md`
|
|
132
|
+
|
|
133
|
+
**Purpose:** Priority-ordered list of capabilities, milestones, and features. Gives agents a sense of what is planned and in what order.
|
|
134
|
+
|
|
135
|
+
**Created:** During project initialization.
|
|
136
|
+
|
|
137
|
+
**Updated:** When features are added, completed, reprioritized, or cancelled. Reflects current reality, not aspirational planning.
|
|
138
|
+
|
|
139
|
+
**Contains:**
|
|
140
|
+
- Milestones with target dates
|
|
141
|
+
- Feature list per milestone (with status: planned / in-progress / done / cancelled)
|
|
142
|
+
- Rationale for priority ordering
|
|
143
|
+
- Dependencies between features
|
|
144
|
+
|
|
145
|
+
---
|
|
146
|
+
|
|
147
|
+
### 3.3 `project/STATE.md`
|
|
148
|
+
|
|
149
|
+
**Purpose:** Persistent project memory. Bridges sessions so that the next agent or human picking up the work has full situational awareness without reading git history or chat logs.
|
|
150
|
+
|
|
151
|
+
**Created:** After the first working session.
|
|
152
|
+
|
|
153
|
+
**Updated:** At the end of every session and after any significant decision, blocker, or architectural choice.
|
|
154
|
+
|
|
155
|
+
**Contains:**
|
|
156
|
+
- Last task executed (with ID)
|
|
157
|
+
- Current task in progress (with ID)
|
|
158
|
+
- Suggested next steps
|
|
159
|
+
- Decisions made (with DEC-XXX IDs)
|
|
160
|
+
- Open blockers
|
|
161
|
+
- Pending items
|
|
162
|
+
- Deferred ideas
|
|
163
|
+
- Project preferences and conventions discovered during work
|
|
164
|
+
- Lessons learned
|
|
165
|
+
- Session log (date, summary, what changed)
|
|
166
|
+
|
|
167
|
+
> **Rule:** An AI must never end a session without updating STATE.md.
|
|
168
|
+
|
|
169
|
+
---
|
|
170
|
+
|
|
171
|
+
### 3.4 `codebase/CONVENTIONS.md`
|
|
172
|
+
|
|
173
|
+
**Purpose:** The technical operating manual for the project. It is the single required codebase document and contains the information agents need to work safely without creating multiple mandatory technical files.
|
|
174
|
+
|
|
175
|
+
**Created:** At project setup or during brownfield mapping.
|
|
176
|
+
|
|
177
|
+
**Updated:** Whenever the stack, architecture, folder structure, testing strategy, integrations, risks, or coding conventions change.
|
|
178
|
+
|
|
179
|
+
**Contains:**
|
|
180
|
+
|
|
181
|
+
#### 1. Technical Context
|
|
182
|
+
|
|
183
|
+
- Runtime and language versions
|
|
184
|
+
- Core frameworks and libraries
|
|
185
|
+
- Package manager and lockfile policy
|
|
186
|
+
- Database and data stores
|
|
187
|
+
- Build tools, bundlers, transpilers
|
|
188
|
+
- Deployment platform and CI/CD tools
|
|
189
|
+
|
|
190
|
+
#### 2. Architecture
|
|
191
|
+
|
|
192
|
+
- High-level system design
|
|
193
|
+
- Module/layer breakdown
|
|
194
|
+
- Data flow narratives
|
|
195
|
+
- Key architectural decisions
|
|
196
|
+
- Scaling and deployment model
|
|
197
|
+
- Monorepo vs. multi-repo structure if applicable
|
|
198
|
+
|
|
199
|
+
#### 3. Project Structure
|
|
200
|
+
|
|
201
|
+
- Annotated directory tree
|
|
202
|
+
- Rules for where new files go
|
|
203
|
+
- Co-location rules for tests, components, modules, and assets
|
|
204
|
+
- Generated vs. handwritten file boundaries
|
|
205
|
+
|
|
206
|
+
#### 4. Coding Standards
|
|
207
|
+
|
|
208
|
+
- Naming conventions
|
|
209
|
+
- Import ordering
|
|
210
|
+
- Error handling patterns
|
|
211
|
+
- Logging standards
|
|
212
|
+
- Comment policy
|
|
213
|
+
- Branch naming and PR conventions
|
|
214
|
+
- Environment variable patterns
|
|
215
|
+
- Feature flag conventions
|
|
216
|
+
|
|
217
|
+
#### 5. Testing
|
|
218
|
+
|
|
219
|
+
- Test types used: unit, integration, e2e, contract
|
|
220
|
+
- Test file naming and organization
|
|
221
|
+
- Mocking rules
|
|
222
|
+
- Fixtures and factories
|
|
223
|
+
- Commands to run validation gates
|
|
224
|
+
- Coverage and CI expectations
|
|
225
|
+
|
|
226
|
+
#### 6. Integrations
|
|
227
|
+
|
|
228
|
+
- External APIs and services
|
|
229
|
+
- SDKs in use and their configuration
|
|
230
|
+
- Webhook endpoints and event contracts
|
|
231
|
+
- Rate limits and retry policies
|
|
232
|
+
- Credentials management pattern
|
|
233
|
+
- Integration-specific risks
|
|
234
|
+
|
|
235
|
+
#### 7. Concerns
|
|
236
|
+
|
|
237
|
+
- Technical debt
|
|
238
|
+
- Known performance bottlenecks
|
|
239
|
+
- Security concerns
|
|
240
|
+
- Deprecated patterns still in use
|
|
241
|
+
- Areas with insufficient test coverage
|
|
242
|
+
- Fragile modules or files agents should modify carefully
|
|
243
|
+
|
|
244
|
+
#### 8. AI Rules
|
|
245
|
+
|
|
246
|
+
- Do not invent files, APIs, functions, or behavior.
|
|
247
|
+
- Read existing code before modifying it.
|
|
248
|
+
- Follow existing project patterns.
|
|
249
|
+
- Do not refactor unrelated code.
|
|
250
|
+
- Keep changes small and reviewable.
|
|
251
|
+
- Validate before marking work as done.
|
|
252
|
+
- Update `.specs/project/STATE.md` at the end of the session.
|
|
253
|
+
|
|
254
|
+
> **Expansion rule:** If one section becomes too large, extract it into a dedicated optional file. For example, move the Architecture section to `.specs/codebase/ARCHITECTURE.md` only when that makes the project easier to understand.
|
|
255
|
+
|
|
256
|
+
---
|
|
257
|
+
|
|
258
|
+
### 3.5 `features/[name]/spec.md`
|
|
259
|
+
|
|
260
|
+
**Purpose:** Single source of truth for a feature's requirements, scope, and acceptance criteria. The primary document that drives all downstream work.
|
|
261
|
+
|
|
262
|
+
**Created:** When a feature is approved for development.
|
|
263
|
+
|
|
264
|
+
**Updated:** Only when requirements change (with change log).
|
|
265
|
+
|
|
266
|
+
**Contains:**
|
|
267
|
+
- Feature ID and title
|
|
268
|
+
- Linked requirements (REQ-XXX)
|
|
269
|
+
- User stories
|
|
270
|
+
- Acceptance criteria (testable, specific)
|
|
271
|
+
- Out-of-scope clarifications
|
|
272
|
+
- Open questions
|
|
273
|
+
- Change log
|
|
274
|
+
|
|
275
|
+
---
|
|
276
|
+
|
|
277
|
+
### 3.6 `features/[name]/context.md`
|
|
278
|
+
|
|
279
|
+
**Purpose:** Provides agents with the "why" and the surrounding codebase context so they can make good decisions without reading every file.
|
|
280
|
+
|
|
281
|
+
**Created:** When spec.md is created.
|
|
282
|
+
|
|
283
|
+
**Updated:** When context evolves during implementation.
|
|
284
|
+
|
|
285
|
+
**Contains:**
|
|
286
|
+
- Background and motivation
|
|
287
|
+
- Related existing features or modules
|
|
288
|
+
- Prior decisions that constrain this feature
|
|
289
|
+
- Files most likely to be impacted
|
|
290
|
+
- Patterns to follow (with code references)
|
|
291
|
+
- Anti-patterns to avoid
|
|
292
|
+
|
|
293
|
+
---
|
|
294
|
+
|
|
295
|
+
### 3.7 `features/[name]/design.md`
|
|
296
|
+
|
|
297
|
+
**Purpose:** Technical design for the feature. Translates requirements into an implementable structure.
|
|
298
|
+
|
|
299
|
+
**Created:** After spec.md, before tasks.md, for medium/large/complex features.
|
|
300
|
+
|
|
301
|
+
**Skipped for:** Quick tasks and simple features where the implementation path is obvious.
|
|
302
|
+
|
|
303
|
+
**Updated:** When design decisions change during implementation (with DEC-XXX entries).
|
|
304
|
+
|
|
305
|
+
**Contains:**
|
|
306
|
+
- Component and module breakdown
|
|
307
|
+
- Data models and schema changes
|
|
308
|
+
- API contracts (endpoints, request/response shapes)
|
|
309
|
+
- State management design
|
|
310
|
+
- Error states and edge case handling
|
|
311
|
+
- Performance considerations
|
|
312
|
+
- Security considerations
|
|
313
|
+
- Diagrams as needed
|
|
314
|
+
|
|
315
|
+
---
|
|
316
|
+
|
|
317
|
+
### 3.8 `features/[name]/tasks.md`
|
|
318
|
+
|
|
319
|
+
**Purpose:** The execution plan. Breaks design into atomic, verifiable, and potentially parallelizable tasks.
|
|
320
|
+
|
|
321
|
+
**Created:** After design.md, for medium/large/complex features.
|
|
322
|
+
|
|
323
|
+
**Skipped for:** Quick tasks. For medium features, tasks may be inlined in spec.md.
|
|
324
|
+
|
|
325
|
+
**Updated:** As tasks are completed (status updated), or when new tasks are discovered during execution.
|
|
326
|
+
|
|
327
|
+
**Contains:**
|
|
328
|
+
- Full task list with TASK-XXX IDs
|
|
329
|
+
- Dependencies between tasks
|
|
330
|
+
- Parallelization markers (`[P]`)
|
|
331
|
+
- Per-task: objective, files, steps, acceptance criteria, tests, validation gate, status
|
|
332
|
+
|
|
333
|
+
---
|
|
334
|
+
|
|
335
|
+
### 3.9 `quick/[name]/TASK.md`
|
|
336
|
+
|
|
337
|
+
**Purpose:** Scoped description of a small task — a bug fix, small adjustment, or refactor that doesn't justify a full feature spec.
|
|
338
|
+
|
|
339
|
+
**Created:** When a quick task is identified.
|
|
340
|
+
|
|
341
|
+
**Contains:**
|
|
342
|
+
- Task title and objective
|
|
343
|
+
- Files affected (max 3 for quick mode)
|
|
344
|
+
- Acceptance criteria
|
|
345
|
+
- Validation steps
|
|
346
|
+
|
|
347
|
+
---
|
|
348
|
+
|
|
349
|
+
### 3.10 `quick/[name]/SUMMARY.md`
|
|
350
|
+
|
|
351
|
+
**Purpose:** Post-execution record of what was done for the quick task.
|
|
352
|
+
|
|
353
|
+
**Created:** After the task is complete.
|
|
354
|
+
|
|
355
|
+
**Contains:**
|
|
356
|
+
- Files changed
|
|
357
|
+
- What was changed and why
|
|
358
|
+
- Tests run and result
|
|
359
|
+
- Deviations from the original task
|
|
360
|
+
- Any follow-up actions
|
|
361
|
+
|
|
362
|
+
---
|
|
363
|
+
|
|
364
|
+
## 4. Adaptive Workflow
|
|
365
|
+
|
|
366
|
+
### The Six Phases
|
|
367
|
+
|
|
368
|
+
```
|
|
369
|
+
1. SPECIFY → Define scope, requirements, acceptance criteria
|
|
370
|
+
2. DESIGN → Translate requirements into technical structure
|
|
371
|
+
3. TASKS → Decompose into atomic, verifiable steps
|
|
372
|
+
4. EXECUTE → Implement, following the harness protocol
|
|
373
|
+
5. VALIDATE → Run all gates; verify acceptance criteria
|
|
374
|
+
6. RECORD STATE → Update STATE.md with decisions, outcomes, next steps
|
|
375
|
+
```
|
|
376
|
+
|
|
377
|
+
**Always required:** SPECIFY (even if minimal), EXECUTE, VALIDATE, RECORD STATE.
|
|
378
|
+
**Conditional:** DESIGN and TASKS scale with complexity.
|
|
379
|
+
|
|
380
|
+
---
|
|
381
|
+
|
|
382
|
+
### Complexity Tiers
|
|
383
|
+
|
|
384
|
+
#### Quick Task
|
|
385
|
+
**Profile:** Bug fix, copy change, config tweak. Affects ≤3 files. No ambiguity.
|
|
386
|
+
|
|
387
|
+
**Workflow:**
|
|
388
|
+
1. Create `quick/[name]/TASK.md`
|
|
389
|
+
2. Execute directly (no design doc needed)
|
|
390
|
+
3. Run validation gates
|
|
391
|
+
4. Create `quick/[name]/SUMMARY.md`
|
|
392
|
+
5. Update `STATE.md`
|
|
393
|
+
|
|
394
|
+
**Ceremony level:** Minimal. Total overhead: ~5 minutes.
|
|
395
|
+
|
|
396
|
+
---
|
|
397
|
+
|
|
398
|
+
#### Medium Feature
|
|
399
|
+
**Profile:** Clear functionality with defined inputs/outputs. Low ambiguity. Fewer than 3 existing dependencies impacted.
|
|
400
|
+
|
|
401
|
+
**Workflow:**
|
|
402
|
+
1. Create `features/[name]/spec.md` with requirements and acceptance criteria
|
|
403
|
+
2. Create `features/[name]/context.md` with relevant background
|
|
404
|
+
3. Design inline inside spec.md or in brief `design.md` if needed
|
|
405
|
+
4. Tasks inline in spec.md or a short `tasks.md`
|
|
406
|
+
5. Execute with harness protocol
|
|
407
|
+
6. Run all validation gates
|
|
408
|
+
7. Update `STATE.md`
|
|
409
|
+
|
|
410
|
+
**Ceremony level:** Low-to-medium. Skip `design.md` if implementation path is clear.
|
|
411
|
+
|
|
412
|
+
---
|
|
413
|
+
|
|
414
|
+
#### Large Feature
|
|
415
|
+
**Profile:** Multiple components. Touches existing architecture. Clear requirements but broad scope.
|
|
416
|
+
|
|
417
|
+
**Workflow:**
|
|
418
|
+
1. Create `spec.md`, `context.md`
|
|
419
|
+
2. Create `design.md` with full component breakdown, API contracts, data model
|
|
420
|
+
3. Create `tasks.md` with TASK-XXX IDs, dependencies, parallelization markers
|
|
421
|
+
4. Execute task by task, updating status in `tasks.md` as each completes
|
|
422
|
+
5. Run validation gates per task and full suite at end
|
|
423
|
+
6. Update `STATE.md`
|
|
424
|
+
|
|
425
|
+
**Ceremony level:** Full. Do not skip `design.md` or `tasks.md`.
|
|
426
|
+
|
|
427
|
+
---
|
|
428
|
+
|
|
429
|
+
#### Complex Feature
|
|
430
|
+
**Profile:** New domain, high uncertainty, external integrations, technical risks, or research required.
|
|
431
|
+
|
|
432
|
+
**Workflow:**
|
|
433
|
+
1. **Exploration phase:** Research before specifying. Use sub-agents for spikes.
|
|
434
|
+
2. Create `spec.md` after exploration — not before
|
|
435
|
+
3. Create `context.md` with extensive background and risk notes
|
|
436
|
+
4. Create `design.md` with alternatives considered and DEC-XXX decisions recorded
|
|
437
|
+
5. Create `tasks.md` with RISK-XXX markers on high-uncertainty tasks
|
|
438
|
+
6. Review design before execution (checkpoint)
|
|
439
|
+
7. Execute in phases — stop and respec if reality diverges significantly
|
|
440
|
+
8. Run validation gates including security review
|
|
441
|
+
9. UAT if applicable
|
|
442
|
+
10. Update `STATE.md` with all decisions, learnings, and deferred items
|
|
443
|
+
|
|
444
|
+
**Ceremony level:** Maximum. Expect to iterate on `design.md` during implementation.
|
|
445
|
+
|
|
446
|
+
---
|
|
447
|
+
|
|
448
|
+
### Safety Valve Rule
|
|
449
|
+
|
|
450
|
+
> **Even when Tasks is skipped, Execute ALWAYS starts by listing atomic steps inline before writing any code. If listing reveals more than 5 steps or complex dependencies, STOP and create `tasks.md` first.**
|
|
451
|
+
|
|
452
|
+
---
|
|
453
|
+
|
|
454
|
+
## 5. AI Development Harness
|
|
455
|
+
|
|
456
|
+
The AI Development Harness is the operational contract between any AI agent and this repository. It defines exactly how an agent should orient, execute, validate, and hand off — regardless of which tool is being used.
|
|
457
|
+
|
|
458
|
+
The harness has five components:
|
|
459
|
+
|
|
460
|
+
1. Context Loading Strategy (what to read and when)
|
|
461
|
+
2. Knowledge Verification Chain (how to verify before writing)
|
|
462
|
+
3. Execution Protocol (how to implement a task)
|
|
463
|
+
4. Validation Protocol (what done actually means)
|
|
464
|
+
5. Session Closure Protocol (how to leave the project in a clean state)
|
|
465
|
+
|
|
466
|
+
An agent that follows the harness never fabricates, never skips validation, and never leaves without updating STATE.md.
|
|
467
|
+
|
|
468
|
+
---
|
|
469
|
+
|
|
470
|
+
## 6. Context Loading Strategy
|
|
471
|
+
|
|
472
|
+
### Always Load First (Base Context, ~15k tokens)
|
|
473
|
+
|
|
474
|
+
| File | Reason |
|
|
475
|
+
|------|--------|
|
|
476
|
+
| `.specs/project/STATE.md` | Situational awareness, last task, blockers |
|
|
477
|
+
| `.specs/project/PROJECT.md` | Goals, constraints, non-negotiables |
|
|
478
|
+
| `.specs/codebase/CONVENTIONS.md` | Rules that apply to every line of code |
|
|
479
|
+
|
|
480
|
+
Do not skip these. They are the minimum for any agent to operate safely.
|
|
481
|
+
|
|
482
|
+
---
|
|
483
|
+
|
|
484
|
+
### Load on Demand (Feature and Technical Context)
|
|
485
|
+
|
|
486
|
+
Load only when working on the relevant feature or area:
|
|
487
|
+
|
|
488
|
+
| File or Section | Load When |
|
|
489
|
+
|------|-----------|
|
|
490
|
+
| `features/[name]/spec.md` | Working on this feature |
|
|
491
|
+
| `features/[name]/context.md` | Need background on this feature |
|
|
492
|
+
| `features/[name]/design.md` | Need architecture decisions for this feature |
|
|
493
|
+
| `features/[name]/tasks.md` | Checking task status or picking next task |
|
|
494
|
+
| `codebase/CONVENTIONS.md` → Technical Context | Adding dependencies or checking compatibility |
|
|
495
|
+
| `codebase/CONVENTIONS.md` → Architecture | Making structural or cross-module changes |
|
|
496
|
+
| `codebase/CONVENTIONS.md` → Project Structure | Creating new files or directories |
|
|
497
|
+
| `codebase/CONVENTIONS.md` → Testing | Writing or updating tests |
|
|
498
|
+
| `codebase/CONVENTIONS.md` → Integrations | Working with external services |
|
|
499
|
+
| `codebase/CONVENTIONS.md` → Concerns | Touching known risk areas |
|
|
500
|
+
|
|
501
|
+
If an optional extracted file exists, such as `.specs/codebase/ARCHITECTURE.md`, load it only when the current task requires that specific context.
|
|
502
|
+
|
|
503
|
+
---
|
|
504
|
+
|
|
505
|
+
### Never Load Together
|
|
506
|
+
|
|
507
|
+
Avoid loading all feature specs simultaneously. Load only the feature being worked on. Do not load `ROADMAP.md` unless doing project planning — it adds tokens without aiding implementation.
|
|
508
|
+
|
|
509
|
+
---
|
|
510
|
+
|
|
511
|
+
### Context Budget Rules
|
|
512
|
+
|
|
513
|
+
| Budget | Action |
|
|
514
|
+
|--------|--------|
|
|
515
|
+
| Base load | ~15k tokens (always) |
|
|
516
|
+
| On-demand additions | Load only what the current task requires |
|
|
517
|
+
| Hard ceiling | Stay under 40k tokens for context |
|
|
518
|
+
| Reservation | Keep 160k+ tokens free for reasoning and output |
|
|
519
|
+
|
|
520
|
+
**Rule:** If context is approaching the ceiling, summarize completed work into STATE.md and start a fresh context window loading only base files plus the current task's files.
|
|
521
|
+
|
|
522
|
+
---
|
|
523
|
+
|
|
524
|
+
### Staleness Rule
|
|
525
|
+
|
|
526
|
+
Before using any cached information about a file, re-read the file. Never operate on a mental model of what a file contains — read it. If a file does not exist where expected, stop and investigate rather than proceeding with assumptions.
|
|
527
|
+
|
|
528
|
+
---
|
|
529
|
+
|
|
530
|
+
## 7. Agent Execution Protocol
|
|
531
|
+
|
|
532
|
+
### Step 1: Orient
|
|
533
|
+
|
|
534
|
+
```
|
|
535
|
+
1. Read STATE.md → understand current project state
|
|
536
|
+
2. Read PROJECT.md → recall constraints
|
|
537
|
+
3. Read CONVENTIONS.md → recall code rules
|
|
538
|
+
4. Read the task file (spec.md / TASK.md / tasks.md entry)
|
|
539
|
+
5. Confirm: Does this task have all required information?
|
|
540
|
+
- If missing info → ask before proceeding
|
|
541
|
+
- If blocked by dependency → record in STATE.md and stop
|
|
542
|
+
```
|
|
543
|
+
|
|
544
|
+
---
|
|
545
|
+
|
|
546
|
+
### Step 2: Verify Dependencies
|
|
547
|
+
|
|
548
|
+
```
|
|
549
|
+
1. Identify files this task will touch
|
|
550
|
+
2. Read each file — do not assume content
|
|
551
|
+
3. Verify that assumed APIs, functions, and types actually exist
|
|
552
|
+
4. Check CONVENTIONS.md → Technical Context before using language, framework, library, or package-manager assumptions
|
|
553
|
+
5. Check CONVENTIONS.md → Project Structure before creating or moving files
|
|
554
|
+
6. Check CONVENTIONS.md → Testing before writing or changing tests
|
|
555
|
+
7. Check CONVENTIONS.md → Integrations before touching external service calls
|
|
556
|
+
8. Check CONVENTIONS.md → Concerns before modifying risky or fragile areas
|
|
557
|
+
```
|
|
558
|
+
|
|
559
|
+
If optional extracted files exist, such as `.specs/codebase/TESTING.md` or `.specs/codebase/INTEGRATIONS.md`, read them only for tasks that require that specific context.
|
|
560
|
+
|
|
561
|
+
**Knowledge Verification Chain (strict order):**
|
|
562
|
+
1. Read the actual source files in the codebase
|
|
563
|
+
2. Read the project's spec docs
|
|
564
|
+
3. Read the relevant sections of `CONVENTIONS.md`
|
|
565
|
+
4. Read optional extracted codebase docs if they exist and are relevant
|
|
566
|
+
5. Read library documentation if needed
|
|
567
|
+
6. Search the web if necessary
|
|
568
|
+
7. Flag as uncertain if still unresolved — never fabricate
|
|
569
|
+
|
|
570
|
+
---
|
|
571
|
+
|
|
572
|
+
### Step 3: Plan Inline
|
|
573
|
+
|
|
574
|
+
```
|
|
575
|
+
Before writing code, list the atomic steps:
|
|
576
|
+
- Step 1: [file] [action]
|
|
577
|
+
- Step 2: [file] [action]
|
|
578
|
+
...
|
|
579
|
+
|
|
580
|
+
If > 5 steps or complex dependencies → create tasks.md and stop for review.
|
|
581
|
+
If ≤ 5 steps → proceed.
|
|
582
|
+
```
|
|
583
|
+
|
|
584
|
+
---
|
|
585
|
+
|
|
586
|
+
### Step 4: Implement
|
|
587
|
+
|
|
588
|
+
```
|
|
589
|
+
1. Implement only the scope of the current task — nothing more
|
|
590
|
+
2. Follow CONVENTIONS.md for naming, structure, architecture, testing, integrations, and known concerns
|
|
591
|
+
3. Use the Project Structure section in CONVENTIONS.md for file placement
|
|
592
|
+
4. Use existing patterns — confirm them by reading code, not assuming
|
|
593
|
+
5. Do not refactor unrelated code
|
|
594
|
+
6. Do not introduce abstractions not required by this task
|
|
595
|
+
7. Keep changes small and reviewable
|
|
596
|
+
```
|
|
597
|
+
|
|
598
|
+
---
|
|
599
|
+
|
|
600
|
+
### Step 5: Validate
|
|
601
|
+
|
|
602
|
+
```
|
|
603
|
+
1. Run: build
|
|
604
|
+
2. Run: lint
|
|
605
|
+
3. Run: typecheck
|
|
606
|
+
4. Run: tests (unit + integration relevant to changed code)
|
|
607
|
+
5. Check: Do the changes satisfy the acceptance criteria in spec.md?
|
|
608
|
+
6. Check: Are there regressions in adjacent features?
|
|
609
|
+
7. If any gate fails → fix before marking task complete
|
|
610
|
+
```
|
|
611
|
+
|
|
612
|
+
**Rule:** An agent must never mark a task as complete without recorded validation evidence.
|
|
613
|
+
|
|
614
|
+
---
|
|
615
|
+
|
|
616
|
+
### Step 6: Record
|
|
617
|
+
|
|
618
|
+
```
|
|
619
|
+
1. Update tasks.md:
|
|
620
|
+
- Set task status to DONE
|
|
621
|
+
- Record files changed
|
|
622
|
+
- Record test results
|
|
623
|
+
|
|
624
|
+
2. Update STATE.md:
|
|
625
|
+
- Log the session (date, task completed, outcome)
|
|
626
|
+
- Record any decisions made (with DEC-XXX IDs)
|
|
627
|
+
- Record any deviations from the spec
|
|
628
|
+
- Record blockers encountered
|
|
629
|
+
- Set suggested next steps
|
|
630
|
+
|
|
631
|
+
3. Commit with atomic message following commit conventions
|
|
632
|
+
```
|
|
633
|
+
|
|
634
|
+
---
|
|
635
|
+
|
|
636
|
+
### Deviation Protocol
|
|
637
|
+
|
|
638
|
+
If implementation reveals that the spec is wrong, incomplete, or contradicts an existing constraint:
|
|
639
|
+
|
|
640
|
+
1. **Stop.** Do not implement a workaround silently.
|
|
641
|
+
2. Record the deviation in `STATE.md` under "Deviations".
|
|
642
|
+
3. If the deviation is minor and resolution is obvious → resolve and document.
|
|
643
|
+
4. If the deviation requires a decision → document the options and ask.
|
|
644
|
+
5. Update `spec.md` or `design.md` to reflect any approved changes before continuing.
|
|
645
|
+
|
|
646
|
+
---
|
|
647
|
+
|
|
648
|
+
## 8. Sub-Agent Rules
|
|
649
|
+
|
|
650
|
+
### When to Delegate to a Sub-Agent
|
|
651
|
+
|
|
652
|
+
| Scenario | Use Sub-Agent |
|
|
653
|
+
|----------|---------------|
|
|
654
|
+
| Technical research or library evaluation | Yes |
|
|
655
|
+
| Codebase mapping of an unfamiliar area | Yes |
|
|
656
|
+
| Independent task execution (parallelizable) | Yes |
|
|
657
|
+
| Security review | Yes |
|
|
658
|
+
| Test suite creation for a module | Yes |
|
|
659
|
+
| Architecture validation | Yes |
|
|
660
|
+
| Drafting a feature spec | Optional |
|
|
661
|
+
| Implementing the current focused task | No — keep in main agent |
|
|
662
|
+
|
|
663
|
+
---
|
|
664
|
+
|
|
665
|
+
### What to Pass to a Sub-Agent
|
|
666
|
+
|
|
667
|
+
A sub-agent receives a self-contained briefing. It must never rely on chat history or accumulated conversation context.
|
|
668
|
+
|
|
669
|
+
**Required input:**
|
|
670
|
+
```
|
|
671
|
+
1. Task description (exact scope, no ambiguity)
|
|
672
|
+
2. Relevant spec files (spec.md, context.md, or design.md for the area)
|
|
673
|
+
3. Relevant codebase docs (CONVENTIONS.md always; others on demand)
|
|
674
|
+
4. Specific files to read or modify
|
|
675
|
+
5. Acceptance criteria
|
|
676
|
+
6. Test requirements
|
|
677
|
+
7. What to return (see output format below)
|
|
678
|
+
```
|
|
679
|
+
|
|
680
|
+
**Never pass:**
|
|
681
|
+
- Chat history
|
|
682
|
+
- Full project context when only feature context is needed
|
|
683
|
+
- Multiple unrelated tasks in one briefing
|
|
684
|
+
|
|
685
|
+
---
|
|
686
|
+
|
|
687
|
+
### Sub-Agent Output Format
|
|
688
|
+
|
|
689
|
+
Every sub-agent response must be structured as follows:
|
|
690
|
+
|
|
691
|
+
```markdown
|
|
692
|
+
## Sub-Agent Report
|
|
693
|
+
|
|
694
|
+
**Task ID:** TASK-XXX
|
|
695
|
+
**Agent Role:** [Research | Implementation | Security | Testing | Mapping]
|
|
696
|
+
**Status:** Complete | Partial | Blocked
|
|
697
|
+
|
|
698
|
+
### Changed Files
|
|
699
|
+
- `path/to/file.ts` — [description of change]
|
|
700
|
+
- `path/to/test.spec.ts` — [description of change]
|
|
701
|
+
|
|
702
|
+
### Tests Executed
|
|
703
|
+
- TEST-001: [test name] → PASSED | FAILED
|
|
704
|
+
- TEST-002: [test name] → PASSED | FAILED
|
|
705
|
+
|
|
706
|
+
### Validation Result
|
|
707
|
+
- Build: PASS | FAIL
|
|
708
|
+
- Lint: PASS | FAIL
|
|
709
|
+
- Typecheck: PASS | FAIL
|
|
710
|
+
- Acceptance Criteria [REQ-XXX]: MET | NOT MET
|
|
711
|
+
|
|
712
|
+
### Risks Found
|
|
713
|
+
- RISK-XXX: [description of risk]
|
|
714
|
+
|
|
715
|
+
### Deviations from Specification
|
|
716
|
+
- [Description of deviation, if any]
|
|
717
|
+
|
|
718
|
+
### Recommended Next Steps
|
|
719
|
+
1. [Next action]
|
|
720
|
+
2. [Next action]
|
|
721
|
+
```
|
|
722
|
+
|
|
723
|
+
The orchestrating agent reads this report and decides whether to proceed, escalate, or re-task.
|
|
724
|
+
|
|
725
|
+
---
|
|
726
|
+
|
|
727
|
+
### Sub-Agent Isolation Rule
|
|
728
|
+
|
|
729
|
+
Sub-agents work on isolated scopes. Two sub-agents must never write to the same file simultaneously. The orchestrating agent is responsible for sequencing or merging conflicting changes.
|
|
730
|
+
|
|
731
|
+
For parallelizable tasks (marked `[P]` in `tasks.md`), confirm they touch disjoint files before running in parallel.
|
|
732
|
+
|
|
733
|
+
---
|
|
734
|
+
|
|
735
|
+
## 9. Traceability Model
|
|
736
|
+
|
|
737
|
+
### ID Scheme
|
|
738
|
+
|
|
739
|
+
| ID Prefix | Entity | Example |
|
|
740
|
+
|-----------|--------|---------|
|
|
741
|
+
| `REQ-XXX` | Requirement | REQ-001 |
|
|
742
|
+
| `DEC-XXX` | Decision | DEC-001 |
|
|
743
|
+
| `TASK-XXX` | Task | TASK-001 |
|
|
744
|
+
| `TEST-XXX` | Test | TEST-001 |
|
|
745
|
+
| `RISK-XXX` | Risk | RISK-001 |
|
|
746
|
+
|
|
747
|
+
IDs are sequential and unique per project. Never reuse an ID, even after deletion.
|
|
748
|
+
|
|
749
|
+
---
|
|
750
|
+
|
|
751
|
+
### Traceability Chain
|
|
752
|
+
|
|
753
|
+
```
|
|
754
|
+
Project Goal
|
|
755
|
+
└── REQ-XXX (requirement in spec.md)
|
|
756
|
+
└── TASK-XXX (task in tasks.md)
|
|
757
|
+
├── TEST-XXX (test file or validation evidence)
|
|
758
|
+
├── DEC-XXX (decision in design.md or STATE.md)
|
|
759
|
+
└── Commit (references TASK-XXX in message)
|
|
760
|
+
```
|
|
761
|
+
|
|
762
|
+
Every task must reference the requirements it satisfies. Every test must reference the requirement or acceptance criterion it validates. Every decision must reference the context that prompted it.
|
|
763
|
+
|
|
764
|
+
---
|
|
765
|
+
|
|
766
|
+
### Traceability Rules
|
|
767
|
+
|
|
768
|
+
1. No task is created without a parent requirement.
|
|
769
|
+
2. No test is created without a parent task or requirement.
|
|
770
|
+
3. No significant decision is made without a DEC-XXX entry.
|
|
771
|
+
4. Commits reference TASK-XXX in the commit message.
|
|
772
|
+
5. If a requirement changes, all dependent tasks, tests, and design notes must be reviewed and updated.
|
|
773
|
+
|
|
774
|
+
---
|
|
775
|
+
|
|
776
|
+
## 10. Templates
|
|
777
|
+
|
|
778
|
+
### 10.1 `spec.md` Template
|
|
779
|
+
|
|
780
|
+
```markdown
|
|
781
|
+
# [Feature Name] — Specification
|
|
782
|
+
|
|
783
|
+
**Feature ID:** FEAT-XXX
|
|
784
|
+
**Created:** YYYY-MM-DD
|
|
785
|
+
**Status:** Draft | Approved | In Progress | Complete
|
|
786
|
+
**Owner:** [team or person]
|
|
787
|
+
|
|
788
|
+
## Overview
|
|
789
|
+
|
|
790
|
+
[1–3 sentence description of what this feature does and why it exists.]
|
|
791
|
+
|
|
792
|
+
## Requirements
|
|
793
|
+
|
|
794
|
+
| ID | Description | Priority |
|
|
795
|
+
|----|-------------|----------|
|
|
796
|
+
| REQ-001 | [Requirement statement] | Must Have |
|
|
797
|
+
| REQ-002 | [Requirement statement] | Should Have |
|
|
798
|
+
| REQ-003 | [Requirement statement] | Nice to Have |
|
|
799
|
+
|
|
800
|
+
## User Stories
|
|
801
|
+
|
|
802
|
+
- As a [user type], I want to [action] so that [benefit].
|
|
803
|
+
- As a [user type], I want to [action] so that [benefit].
|
|
804
|
+
|
|
805
|
+
## Acceptance Criteria
|
|
806
|
+
|
|
807
|
+
- [ ] REQ-001: [Specific, testable criterion]
|
|
808
|
+
- [ ] REQ-002: [Specific, testable criterion]
|
|
809
|
+
- [ ] REQ-003: [Specific, testable criterion]
|
|
810
|
+
|
|
811
|
+
## Out of Scope
|
|
812
|
+
|
|
813
|
+
- [Explicit exclusion]
|
|
814
|
+
- [Explicit exclusion]
|
|
815
|
+
|
|
816
|
+
## Open Questions
|
|
817
|
+
|
|
818
|
+
- [ ] [Question] — Owner: [name] — Due: [date]
|
|
819
|
+
|
|
820
|
+
## Change Log
|
|
821
|
+
|
|
822
|
+
| Date | Change | Author |
|
|
823
|
+
|------|--------|--------|
|
|
824
|
+
| YYYY-MM-DD | Initial draft | [name] |
|
|
825
|
+
```
|
|
826
|
+
|
|
827
|
+
---
|
|
828
|
+
|
|
829
|
+
### 10.2 `design.md` Template
|
|
830
|
+
|
|
831
|
+
```markdown
|
|
832
|
+
# [Feature Name] — Technical Design
|
|
833
|
+
|
|
834
|
+
**Feature ID:** FEAT-XXX
|
|
835
|
+
**Linked Spec:** spec.md
|
|
836
|
+
**Created:** YYYY-MM-DD
|
|
837
|
+
**Status:** Draft | Approved | Superseded
|
|
838
|
+
|
|
839
|
+
## Overview
|
|
840
|
+
|
|
841
|
+
[Brief description of the technical approach.]
|
|
842
|
+
|
|
843
|
+
## Components
|
|
844
|
+
|
|
845
|
+
### [Component Name]
|
|
846
|
+
|
|
847
|
+
**Responsibility:** [What this component does]
|
|
848
|
+
**Location:** `src/path/to/component`
|
|
849
|
+
**Interface:**
|
|
850
|
+
```typescript
|
|
851
|
+
// Describe the public interface
|
|
852
|
+
```
|
|
853
|
+
|
|
854
|
+
## Data Model
|
|
855
|
+
|
|
856
|
+
### [Entity Name]
|
|
857
|
+
|
|
858
|
+
```
|
|
859
|
+
Field | Type | Constraints | Notes
|
|
860
|
+
-------------|---------|-------------|------
|
|
861
|
+
id | uuid | PK, required |
|
|
862
|
+
name | string | max 255 |
|
|
863
|
+
created_at | datetime| required |
|
|
864
|
+
```
|
|
865
|
+
|
|
866
|
+
## API Contracts
|
|
867
|
+
|
|
868
|
+
### `POST /api/[resource]`
|
|
869
|
+
|
|
870
|
+
**Request:**
|
|
871
|
+
```json
|
|
872
|
+
{
|
|
873
|
+
"field": "type"
|
|
874
|
+
}
|
|
875
|
+
```
|
|
876
|
+
|
|
877
|
+
**Response (200):**
|
|
878
|
+
```json
|
|
879
|
+
{
|
|
880
|
+
"id": "uuid",
|
|
881
|
+
"field": "type"
|
|
882
|
+
}
|
|
883
|
+
```
|
|
884
|
+
|
|
885
|
+
**Error states:**
|
|
886
|
+
- 400: [condition]
|
|
887
|
+
- 401: [condition]
|
|
888
|
+
- 409: [condition]
|
|
889
|
+
|
|
890
|
+
## State Management
|
|
891
|
+
|
|
892
|
+
[Describe how state flows through the feature if applicable.]
|
|
893
|
+
|
|
894
|
+
## Error Handling
|
|
895
|
+
|
|
896
|
+
| Error Condition | Behavior | User Feedback |
|
|
897
|
+
|----------------|----------|---------------|
|
|
898
|
+
| [condition] | [action] | [message] |
|
|
899
|
+
|
|
900
|
+
## Performance Considerations
|
|
901
|
+
|
|
902
|
+
- [Note any N+1 risks, large queries, or caching needs]
|
|
903
|
+
|
|
904
|
+
## Security Considerations
|
|
905
|
+
|
|
906
|
+
- [Note authentication, authorization, input validation concerns]
|
|
907
|
+
|
|
908
|
+
## Decisions
|
|
909
|
+
|
|
910
|
+
| ID | Decision | Alternatives Considered | Rationale |
|
|
911
|
+
|----|----------|------------------------|-----------|
|
|
912
|
+
| DEC-001 | [Decision made] | [Alt A, Alt B] | [Why this choice] |
|
|
913
|
+
|
|
914
|
+
## Change Log
|
|
915
|
+
|
|
916
|
+
| Date | Change | Author |
|
|
917
|
+
|------|--------|--------|
|
|
918
|
+
| YYYY-MM-DD | Initial draft | [name] |
|
|
919
|
+
```
|
|
920
|
+
|
|
921
|
+
---
|
|
922
|
+
|
|
923
|
+
### 10.3 `tasks.md` Template
|
|
924
|
+
|
|
925
|
+
```markdown
|
|
926
|
+
# [Feature Name] — Tasks
|
|
927
|
+
|
|
928
|
+
**Feature ID:** FEAT-XXX
|
|
929
|
+
**Linked Spec:** spec.md
|
|
930
|
+
**Linked Design:** design.md
|
|
931
|
+
**Created:** YYYY-MM-DD
|
|
932
|
+
|
|
933
|
+
## Status Summary
|
|
934
|
+
|
|
935
|
+
| Status | Count |
|
|
936
|
+
|--------|-------|
|
|
937
|
+
| TODO | X |
|
|
938
|
+
| IN PROGRESS | X |
|
|
939
|
+
| DONE | X |
|
|
940
|
+
| BLOCKED | X |
|
|
941
|
+
|
|
942
|
+
---
|
|
943
|
+
|
|
944
|
+
## TASK-001 — [Task Title] [P]
|
|
945
|
+
|
|
946
|
+
> `[P]` marks a parallelizable task. Only valid when this task's files are disjoint from all currently running parallel tasks.
|
|
947
|
+
|
|
948
|
+
**Objective:** [One sentence description of what this task achieves]
|
|
949
|
+
|
|
950
|
+
**Satisfies:** REQ-001, REQ-002
|
|
951
|
+
|
|
952
|
+
**Likely Files:**
|
|
953
|
+
- `src/path/to/file.ts` — [reason]
|
|
954
|
+
- `src/path/to/test.spec.ts` — [reason]
|
|
955
|
+
|
|
956
|
+
**Dependencies:** None | TASK-XXX must complete first
|
|
957
|
+
|
|
958
|
+
**Implementation Steps:**
|
|
959
|
+
1. [Specific action]
|
|
960
|
+
2. [Specific action]
|
|
961
|
+
3. [Specific action]
|
|
962
|
+
|
|
963
|
+
**Acceptance Criteria:**
|
|
964
|
+
- [ ] [Testable criterion linked to spec]
|
|
965
|
+
- [ ] [Testable criterion linked to spec]
|
|
966
|
+
|
|
967
|
+
**Required Tests:**
|
|
968
|
+
- TEST-001: [Test description] — unit | integration | e2e
|
|
969
|
+
|
|
970
|
+
**Validation Gate:**
|
|
971
|
+
- [ ] Build passes
|
|
972
|
+
- [ ] Lint passes
|
|
973
|
+
- [ ] Typecheck passes
|
|
974
|
+
- [ ] TEST-001 passes
|
|
975
|
+
- [ ] Acceptance criteria verified manually
|
|
976
|
+
|
|
977
|
+
**Status:** TODO | IN PROGRESS | DONE | BLOCKED
|
|
978
|
+
|
|
979
|
+
**Notes:** [Deviations, blockers, discoveries during implementation]
|
|
980
|
+
|
|
981
|
+
---
|
|
982
|
+
|
|
983
|
+
## TASK-002 — [Task Title]
|
|
984
|
+
|
|
985
|
+
[Repeat structure above]
|
|
986
|
+
```
|
|
987
|
+
|
|
988
|
+
---
|
|
989
|
+
|
|
990
|
+
### 10.4 `STATE.md` Template
|
|
991
|
+
|
|
992
|
+
```markdown
|
|
993
|
+
# Project State
|
|
994
|
+
|
|
995
|
+
**Last Updated:** YYYY-MM-DD HH:MM
|
|
996
|
+
**Last Task Completed:** TASK-XXX — [brief description]
|
|
997
|
+
**Current Task:** TASK-XXX — [brief description]
|
|
998
|
+
**Project Phase:** [Setup | Active Development | Stabilization | Maintenance]
|
|
999
|
+
|
|
1000
|
+
## Suggested Next Steps
|
|
1001
|
+
|
|
1002
|
+
1. [TASK-XXX] [brief description]
|
|
1003
|
+
2. [TASK-XXX] [brief description]
|
|
1004
|
+
3. [Open question or decision needed]
|
|
1005
|
+
|
|
1006
|
+
## Open Blockers
|
|
1007
|
+
|
|
1008
|
+
| ID | Description | Owner | Since |
|
|
1009
|
+
|----|-------------|-------|-------|
|
|
1010
|
+
| BLK-001 | [Description] | [owner] | YYYY-MM-DD |
|
|
1011
|
+
|
|
1012
|
+
## Decisions Log
|
|
1013
|
+
|
|
1014
|
+
| ID | Date | Decision | Rationale | Impact |
|
|
1015
|
+
|----|------|----------|-----------|--------|
|
|
1016
|
+
| DEC-001 | YYYY-MM-DD | [Decision] | [Why] | [What it affects] |
|
|
1017
|
+
|
|
1018
|
+
## Deviations from Specification
|
|
1019
|
+
|
|
1020
|
+
| Date | Task | Deviation | Resolution |
|
|
1021
|
+
|------|------|-----------|------------|
|
|
1022
|
+
| YYYY-MM-DD | TASK-XXX | [What changed] | [How resolved or deferred] |
|
|
1023
|
+
|
|
1024
|
+
## Pending Items
|
|
1025
|
+
|
|
1026
|
+
- [ ] [Item] — [owner or context]
|
|
1027
|
+
- [ ] [Item] — [owner or context]
|
|
1028
|
+
|
|
1029
|
+
## Deferred Ideas
|
|
1030
|
+
|
|
1031
|
+
- [Idea] — [deferred reason] — [potential future ticket]
|
|
1032
|
+
|
|
1033
|
+
## Project Preferences Discovered
|
|
1034
|
+
|
|
1035
|
+
- [Convention or preference discovered during implementation]
|
|
1036
|
+
- [Tooling quirk or project-specific rule not in CONVENTIONS.md]
|
|
1037
|
+
|
|
1038
|
+
## Lessons Learned
|
|
1039
|
+
|
|
1040
|
+
- [Lesson] — discovered during [TASK-XXX or context]
|
|
1041
|
+
|
|
1042
|
+
## Session Log
|
|
1043
|
+
|
|
1044
|
+
| Date | Summary | Tasks Completed | Key Decisions |
|
|
1045
|
+
|------|---------|----------------|---------------|
|
|
1046
|
+
| YYYY-MM-DD | [What happened this session] | TASK-001, TASK-002 | DEC-001 |
|
|
1047
|
+
```
|
|
1048
|
+
|
|
1049
|
+
---
|
|
1050
|
+
|
|
1051
|
+
### 10.5 `CONVENTIONS.md` Template
|
|
1052
|
+
|
|
1053
|
+
````markdown
|
|
1054
|
+
# Codebase Conventions
|
|
1055
|
+
|
|
1056
|
+
## 1. Technical Context
|
|
1057
|
+
|
|
1058
|
+
Describe the core technical context of the project.
|
|
1059
|
+
|
|
1060
|
+
- Language:
|
|
1061
|
+
- Runtime:
|
|
1062
|
+
- Framework:
|
|
1063
|
+
- Package manager:
|
|
1064
|
+
- Database:
|
|
1065
|
+
- Main libraries:
|
|
1066
|
+
- Build tools:
|
|
1067
|
+
- Deployment:
|
|
1068
|
+
- CI/CD:
|
|
1069
|
+
|
|
1070
|
+
## 2. Architecture
|
|
1071
|
+
|
|
1072
|
+
Describe the general architecture, layers, modules, data flow, and important technical decisions.
|
|
1073
|
+
|
|
1074
|
+
### Layers / Modules
|
|
1075
|
+
|
|
1076
|
+
-
|
|
1077
|
+
|
|
1078
|
+
### Data Flow
|
|
1079
|
+
|
|
1080
|
+
-
|
|
1081
|
+
|
|
1082
|
+
### Decisions
|
|
1083
|
+
|
|
1084
|
+
| ID | Decision | Rationale | Impact |
|
|
1085
|
+
|----|----------|-----------|--------|
|
|
1086
|
+
| DEC-001 | | | |
|
|
1087
|
+
|
|
1088
|
+
## 3. Project Structure
|
|
1089
|
+
|
|
1090
|
+
Explain the project folder structure and where new files should be created.
|
|
1091
|
+
|
|
1092
|
+
```txt
|
|
1093
|
+
src/
|
|
1094
|
+
├── ...
|
|
1095
|
+
```
|
|
1096
|
+
|
|
1097
|
+
### File Placement Rules
|
|
1098
|
+
|
|
1099
|
+
- New API routes:
|
|
1100
|
+
- New components:
|
|
1101
|
+
- New services:
|
|
1102
|
+
- New tests:
|
|
1103
|
+
- New assets:
|
|
1104
|
+
|
|
1105
|
+
## 4. Coding Standards
|
|
1106
|
+
|
|
1107
|
+
Define naming conventions, import organization, error handling, logging, environment variables, and coding style.
|
|
1108
|
+
|
|
1109
|
+
### Naming
|
|
1110
|
+
|
|
1111
|
+
-
|
|
1112
|
+
|
|
1113
|
+
### Imports
|
|
1114
|
+
|
|
1115
|
+
-
|
|
1116
|
+
|
|
1117
|
+
### Error Handling
|
|
1118
|
+
|
|
1119
|
+
-
|
|
1120
|
+
|
|
1121
|
+
### Logging
|
|
1122
|
+
|
|
1123
|
+
-
|
|
1124
|
+
|
|
1125
|
+
### Environment Variables
|
|
1126
|
+
|
|
1127
|
+
-
|
|
1128
|
+
|
|
1129
|
+
## 5. Testing
|
|
1130
|
+
|
|
1131
|
+
Describe how tests should be written, where they should live, which commands should be run, and which validation gates are required.
|
|
1132
|
+
|
|
1133
|
+
### Test Types
|
|
1134
|
+
|
|
1135
|
+
- Unit:
|
|
1136
|
+
- Integration:
|
|
1137
|
+
- E2E:
|
|
1138
|
+
|
|
1139
|
+
### Commands
|
|
1140
|
+
|
|
1141
|
+
```bash
|
|
1142
|
+
# build
|
|
1143
|
+
|
|
1144
|
+
# lint
|
|
1145
|
+
|
|
1146
|
+
# typecheck
|
|
1147
|
+
|
|
1148
|
+
# test
|
|
1149
|
+
```
|
|
1150
|
+
|
|
1151
|
+
### Required Gates
|
|
1152
|
+
|
|
1153
|
+
- [ ] Build passes
|
|
1154
|
+
- [ ] Lint passes, if available
|
|
1155
|
+
- [ ] Typecheck passes, if available
|
|
1156
|
+
- [ ] Tests pass, if available
|
|
1157
|
+
- [ ] Acceptance criteria verified
|
|
1158
|
+
|
|
1159
|
+
## 6. Integrations
|
|
1160
|
+
|
|
1161
|
+
List external services, APIs, SDKs, webhooks, authentication methods, and integration concerns.
|
|
1162
|
+
|
|
1163
|
+
| Service | Purpose | Auth | Notes |
|
|
1164
|
+
|---------|---------|------|-------|
|
|
1165
|
+
| | | | |
|
|
1166
|
+
|
|
1167
|
+
## 7. Concerns
|
|
1168
|
+
|
|
1169
|
+
List technical risks, tech debt, fragile areas, limitations, and parts of the codebase that agents should modify carefully.
|
|
1170
|
+
|
|
1171
|
+
| ID | Area | Concern | Severity | Notes |
|
|
1172
|
+
|----|------|---------|----------|-------|
|
|
1173
|
+
| RISK-001 | | | | |
|
|
1174
|
+
|
|
1175
|
+
## 8. AI Rules
|
|
1176
|
+
|
|
1177
|
+
- Do not invent files, APIs, functions, or behavior.
|
|
1178
|
+
- Read existing code before modifying it.
|
|
1179
|
+
- Follow existing project patterns.
|
|
1180
|
+
- Do not refactor unrelated code.
|
|
1181
|
+
- Keep changes small and reviewable.
|
|
1182
|
+
- Validate before marking work as done.
|
|
1183
|
+
- Update `.specs/project/STATE.md` at the end of the session.
|
|
1184
|
+
|
|
1185
|
+
## Optional Expansion
|
|
1186
|
+
|
|
1187
|
+
If one section becomes too large, it may be extracted into a dedicated optional file, such as:
|
|
1188
|
+
|
|
1189
|
+
- `.specs/codebase/ARCHITECTURE.md`
|
|
1190
|
+
- `.specs/codebase/TESTING.md`
|
|
1191
|
+
- `.specs/codebase/INTEGRATIONS.md`
|
|
1192
|
+
- `.specs/codebase/CONCERNS.md`
|
|
1193
|
+
|
|
1194
|
+
These files are optional and should not be generated by default.
|
|
1195
|
+
````
|
|
1196
|
+
|
|
1197
|
+
---
|
|
1198
|
+
|
|
1199
|
+
## 11. New Project Process
|
|
1200
|
+
|
|
1201
|
+
### Step 1: Initialize Project Spec
|
|
1202
|
+
|
|
1203
|
+
Create the following files before writing any code:
|
|
1204
|
+
|
|
1205
|
+
```
|
|
1206
|
+
.specs/project/PROJECT.md → Fill in vision, goals, users, constraints
|
|
1207
|
+
.specs/project/ROADMAP.md → List initial milestones and features
|
|
1208
|
+
.specs/project/STATE.md → Initialize with project phase and first tasks
|
|
1209
|
+
.specs/codebase/CONVENTIONS.md → Fill in technical context and development rules
|
|
1210
|
+
```
|
|
1211
|
+
|
|
1212
|
+
Key questions to answer in `PROJECT.md`:
|
|
1213
|
+
- What problem does this project solve?
|
|
1214
|
+
- Who are the users?
|
|
1215
|
+
- What are the non-negotiable constraints?
|
|
1216
|
+
- What is explicitly out of scope?
|
|
1217
|
+
- What does success look like in 3 months? 12 months?
|
|
1218
|
+
|
|
1219
|
+
---
|
|
1220
|
+
|
|
1221
|
+
### Step 2: Define Codebase Conventions
|
|
1222
|
+
|
|
1223
|
+
Create `.specs/codebase/CONVENTIONS.md` before writing production code.
|
|
1224
|
+
|
|
1225
|
+
Fill in these sections:
|
|
1226
|
+
|
|
1227
|
+
1. **Technical Context** — language, framework, runtime, package manager, database, infrastructure, and main tools.
|
|
1228
|
+
2. **Architecture** — modules, layers, data flow, boundaries, and important technical decisions.
|
|
1229
|
+
3. **Project Structure** — folder layout and rules for where new files should go.
|
|
1230
|
+
4. **Coding Standards** — naming, imports, errors, logs, env vars, comments, and style.
|
|
1231
|
+
5. **Testing** — test strategy, file placement, commands, gates, mocks, and coverage expectations.
|
|
1232
|
+
6. **Integrations** — external services, APIs, SDKs, webhooks, auth, rate limits, and secrets pattern.
|
|
1233
|
+
7. **Concerns** — risks, fragile areas, technical debt, limitations, and known gaps.
|
|
1234
|
+
8. **AI Rules** — how agents must read, modify, validate, and record work.
|
|
1235
|
+
|
|
1236
|
+
---
|
|
1237
|
+
|
|
1238
|
+
### Step 3: Specify First Feature
|
|
1239
|
+
|
|
1240
|
+
Create `features/[first-feature]/spec.md` with requirements, user stories, and acceptance criteria.
|
|
1241
|
+
|
|
1242
|
+
Then follow the adaptive workflow based on the feature's complexity tier.
|
|
1243
|
+
|
|
1244
|
+
---
|
|
1245
|
+
|
|
1246
|
+
### Optional Expansion
|
|
1247
|
+
|
|
1248
|
+
Do not create separate codebase files by default. If one section of `CONVENTIONS.md` becomes too large, extract it into an optional dedicated file:
|
|
1249
|
+
|
|
1250
|
+
```
|
|
1251
|
+
.specs/codebase/ARCHITECTURE.md
|
|
1252
|
+
.specs/codebase/TESTING.md
|
|
1253
|
+
.specs/codebase/INTEGRATIONS.md
|
|
1254
|
+
.specs/codebase/CONCERNS.md
|
|
1255
|
+
```
|
|
1256
|
+
|
|
1257
|
+
Create these only when they reduce complexity.
|
|
1258
|
+
|
|
1259
|
+
---
|
|
1260
|
+
|
|
1261
|
+
### Greenfield Checklist
|
|
1262
|
+
|
|
1263
|
+
```
|
|
1264
|
+
[ ] .specs/project/PROJECT.md created
|
|
1265
|
+
[ ] .specs/project/ROADMAP.md created
|
|
1266
|
+
[ ] .specs/project/STATE.md initialized
|
|
1267
|
+
[ ] .specs/codebase/CONVENTIONS.md created
|
|
1268
|
+
[ ] CONVENTIONS.md → Technical Context filled
|
|
1269
|
+
[ ] CONVENTIONS.md → Architecture filled
|
|
1270
|
+
[ ] CONVENTIONS.md → Project Structure filled
|
|
1271
|
+
[ ] CONVENTIONS.md → Testing filled
|
|
1272
|
+
[ ] CONVENTIONS.md → Integrations filled, if applicable
|
|
1273
|
+
[ ] CONVENTIONS.md → Concerns filled, if applicable
|
|
1274
|
+
[ ] First feature spec created
|
|
1275
|
+
[ ] Initial commit includes .specs/ folder
|
|
1276
|
+
```
|
|
1277
|
+
|
|
1278
|
+
---
|
|
1279
|
+
|
|
1280
|
+
## 12. Existing Project Process
|
|
1281
|
+
|
|
1282
|
+
### Step 1: Codebase Mapping
|
|
1283
|
+
|
|
1284
|
+
Before modifying anything in a brownfield project, an agent must map what exists. This is a read-only discovery phase.
|
|
1285
|
+
|
|
1286
|
+
The mapping should populate `.specs/codebase/CONVENTIONS.md` instead of creating several mandatory technical files.
|
|
1287
|
+
|
|
1288
|
+
**Mapping deliverables inside `CONVENTIONS.md`:**
|
|
1289
|
+
|
|
1290
|
+
| Section | Source of Truth |
|
|
1291
|
+
|------|----------------|
|
|
1292
|
+
| Technical Context | `package.json`, lockfiles, config files, runtime files |
|
|
1293
|
+
| Project Structure | Directory tree + file organization patterns |
|
|
1294
|
+
| Architecture | Entry points, routers, modules, services, data flow |
|
|
1295
|
+
| Coding Standards | Patterns found in existing code |
|
|
1296
|
+
| Testing | Test files, coverage config, CI config |
|
|
1297
|
+
| Integrations | External service calls, env vars, SDK usage |
|
|
1298
|
+
| Concerns | TODO comments, deprecated patterns, coverage gaps, fragile areas |
|
|
1299
|
+
|
|
1300
|
+
**Mapping process:**
|
|
1301
|
+
1. Read package/config/lock files → populate Technical Context
|
|
1302
|
+
2. Run directory tree scan → populate Project Structure
|
|
1303
|
+
3. Read entry points, routers, main modules → populate Architecture
|
|
1304
|
+
4. Read 10–15 representative source files → extract Coding Standards
|
|
1305
|
+
5. Read test files and CI config → populate Testing
|
|
1306
|
+
6. Grep for external service calls and env var usage → populate Integrations
|
|
1307
|
+
7. Grep for TODO, FIXME, HACK, deprecated patterns, and dead code → populate Concerns
|
|
1308
|
+
|
|
1309
|
+
Do not start writing features until the relevant sections of `CONVENTIONS.md` are mapped.
|
|
1310
|
+
|
|
1311
|
+
---
|
|
1312
|
+
|
|
1313
|
+
### Step 2: Validate Mapping
|
|
1314
|
+
|
|
1315
|
+
After mapping, review `CONVENTIONS.md` for:
|
|
1316
|
+
- Contradictions: pattern A in one module, pattern B in another. Document both.
|
|
1317
|
+
- Gaps: areas with no clear convention. Add them to Concerns or Open Questions.
|
|
1318
|
+
- Risks: create RISK-XXX entries for anything that needs attention before new work.
|
|
1319
|
+
|
|
1320
|
+
If one mapped section becomes too large, extract it into an optional dedicated file and link it from `CONVENTIONS.md`.
|
|
1321
|
+
|
|
1322
|
+
---
|
|
1323
|
+
|
|
1324
|
+
### Step 3: Align on State
|
|
1325
|
+
|
|
1326
|
+
Create `.specs/project/STATE.md` with:
|
|
1327
|
+
- Current state of the project: what is working, what is broken
|
|
1328
|
+
- Known blockers
|
|
1329
|
+
- What the first feature/fix should be
|
|
1330
|
+
- Technical debt and risks summarized from `CONVENTIONS.md` → Concerns
|
|
1331
|
+
|
|
1332
|
+
---
|
|
1333
|
+
|
|
1334
|
+
### Step 4: Proceed with Feature Workflow
|
|
1335
|
+
|
|
1336
|
+
With mapping complete, treat subsequent work the same as greenfield — follow the adaptive workflow for each feature.
|
|
1337
|
+
|
|
1338
|
+
---
|
|
1339
|
+
|
|
1340
|
+
### Brownfield Checklist
|
|
1341
|
+
|
|
1342
|
+
```
|
|
1343
|
+
[ ] CONVENTIONS.md → Technical Context mapped from existing code
|
|
1344
|
+
[ ] CONVENTIONS.md → Project Structure mapped from directory tree
|
|
1345
|
+
[ ] CONVENTIONS.md → Architecture mapped from module analysis
|
|
1346
|
+
[ ] CONVENTIONS.md → Coding Standards extracted from existing code patterns
|
|
1347
|
+
[ ] CONVENTIONS.md → Testing mapped from test files and CI config
|
|
1348
|
+
[ ] CONVENTIONS.md → Integrations mapped from external service usage, if applicable
|
|
1349
|
+
[ ] CONVENTIONS.md → Concerns populated with debt, risks, and gaps
|
|
1350
|
+
[ ] STATE.md initialized with project current state
|
|
1351
|
+
[ ] First task identified and scoped
|
|
1352
|
+
```
|
|
1353
|
+
|
|
1354
|
+
---
|
|
1355
|
+
|
|
1356
|
+
## 13. Validation Gates
|
|
1357
|
+
|
|
1358
|
+
### Gate Definitions
|
|
1359
|
+
|
|
1360
|
+
Every task must pass all applicable gates before being marked DONE.
|
|
1361
|
+
|
|
1362
|
+
| Gate | Description | Required |
|
|
1363
|
+
|------|-------------|----------|
|
|
1364
|
+
| **BUILD** | Project compiles without errors | Always |
|
|
1365
|
+
| **LINT** | Code passes all lint rules | Always |
|
|
1366
|
+
| **TYPECHECK** | Type errors: zero | Always (typed languages) |
|
|
1367
|
+
| **UNIT** | Unit tests for changed logic pass | Always |
|
|
1368
|
+
| **INTEGRATION** | Integration tests for affected paths pass | When paths are affected |
|
|
1369
|
+
| **E2E** | End-to-end scenarios pass | For user-facing features |
|
|
1370
|
+
| **ACCEPTANCE** | Acceptance criteria from spec.md verified | Always |
|
|
1371
|
+
| **MANUAL** | Manual test of the feature | For UI changes |
|
|
1372
|
+
| **SECURITY** | Security review passed | For auth, data, or external integration changes |
|
|
1373
|
+
| **REGRESSION** | Adjacent features unbroken | Always |
|
|
1374
|
+
| **COVERAGE** | Coverage thresholds maintained | Per `CONVENTIONS.md` → Testing rules |
|
|
1375
|
+
|
|
1376
|
+
---
|
|
1377
|
+
|
|
1378
|
+
### Gate Evidence Format
|
|
1379
|
+
|
|
1380
|
+
When recording validation in `tasks.md` or `STATE.md`:
|
|
1381
|
+
|
|
1382
|
+
```
|
|
1383
|
+
Validation Evidence — TASK-XXX
|
|
1384
|
+
- Build: PASS (npm run build — 0 errors)
|
|
1385
|
+
- Lint: PASS (eslint — 0 warnings, 0 errors)
|
|
1386
|
+
- Typecheck: PASS (tsc — 0 errors)
|
|
1387
|
+
- Unit tests: PASS (23/23 — 0 failures)
|
|
1388
|
+
- Integration tests: PASS (7/7)
|
|
1389
|
+
- Acceptance: PASS — REQ-001 verified, REQ-002 verified
|
|
1390
|
+
- Regression: PASS — unrelated test suites unchanged
|
|
1391
|
+
```
|
|
1392
|
+
|
|
1393
|
+
---
|
|
1394
|
+
|
|
1395
|
+
### Failure Protocol
|
|
1396
|
+
|
|
1397
|
+
If a gate fails:
|
|
1398
|
+
1. Stop. Do not proceed to the next task.
|
|
1399
|
+
2. Record the failure in `STATE.md` under Open Blockers.
|
|
1400
|
+
3. Fix the root cause — do not suppress or work around it.
|
|
1401
|
+
4. Re-run the failed gate and all gates after it.
|
|
1402
|
+
5. Update task status and validation evidence.
|
|
1403
|
+
|
|
1404
|
+
---
|
|
1405
|
+
|
|
1406
|
+
## 14. Commit Conventions
|
|
1407
|
+
|
|
1408
|
+
### Format
|
|
1409
|
+
|
|
1410
|
+
```
|
|
1411
|
+
<type>(<scope>): <short description> [TASK-XXX]
|
|
1412
|
+
|
|
1413
|
+
[Optional body — what changed and why, not how]
|
|
1414
|
+
|
|
1415
|
+
[Optional footer — breaking changes, issue references]
|
|
1416
|
+
```
|
|
1417
|
+
|
|
1418
|
+
### Types
|
|
1419
|
+
|
|
1420
|
+
| Type | Use |
|
|
1421
|
+
|------|-----|
|
|
1422
|
+
| `feat` | New feature or capability |
|
|
1423
|
+
| `fix` | Bug fix |
|
|
1424
|
+
| `refactor` | Restructure without behavior change |
|
|
1425
|
+
| `test` | Adding or fixing tests |
|
|
1426
|
+
| `docs` | Documentation only |
|
|
1427
|
+
| `chore` | Build, tooling, dependency updates |
|
|
1428
|
+
| `perf` | Performance improvement |
|
|
1429
|
+
| `security` | Security fix |
|
|
1430
|
+
| `spec` | Changes to `.specs/` files only |
|
|
1431
|
+
|
|
1432
|
+
### Rules
|
|
1433
|
+
|
|
1434
|
+
1. One logical change per commit. Never bundle unrelated changes.
|
|
1435
|
+
2. Every commit that implements a task must reference `TASK-XXX` in the message.
|
|
1436
|
+
3. Breaking changes must be flagged in the footer: `BREAKING CHANGE: [description]`.
|
|
1437
|
+
4. Commits to `.specs/` use type `spec`.
|
|
1438
|
+
5. Never squash commits that contain TASK-XXX references — they are the traceability chain.
|
|
1439
|
+
|
|
1440
|
+
### Examples
|
|
1441
|
+
|
|
1442
|
+
```
|
|
1443
|
+
feat(auth): add JWT refresh token endpoint [TASK-004]
|
|
1444
|
+
|
|
1445
|
+
Implements the refresh token flow described in REQ-003.
|
|
1446
|
+
Tokens expire after 7 days and rotate on each use.
|
|
1447
|
+
```
|
|
1448
|
+
|
|
1449
|
+
```
|
|
1450
|
+
spec(user-profile): add design.md with API contract [TASK-003]
|
|
1451
|
+
```
|
|
1452
|
+
|
|
1453
|
+
```
|
|
1454
|
+
fix(orders): prevent duplicate submission on slow network [TASK-011]
|
|
1455
|
+
|
|
1456
|
+
Race condition in submit handler caused double inserts.
|
|
1457
|
+
Added optimistic lock using idempotency key.
|
|
1458
|
+
```
|
|
1459
|
+
|
|
1460
|
+
---
|
|
1461
|
+
|
|
1462
|
+
## 15. Security and Quality Rules
|
|
1463
|
+
|
|
1464
|
+
### Security Rules
|
|
1465
|
+
|
|
1466
|
+
1. **No secrets in code.** All credentials use environment variables. Never hardcode tokens, passwords, or API keys.
|
|
1467
|
+
2. **Validate all inputs at the boundary.** Never trust data arriving from users, external APIs, or message queues without schema validation.
|
|
1468
|
+
3. **Sanitize before rendering.** Output encoding is required for any user-controlled data rendered in a UI.
|
|
1469
|
+
4. **Authentication before authorization.** Never implement authorization logic without confirming the authentication layer is correct.
|
|
1470
|
+
5. **Least privilege.** Database roles, IAM policies, and service accounts must request only the permissions they need.
|
|
1471
|
+
6. **Dependency audit.** Before adding a dependency, check for known CVEs. After adding an external service or SDK, document it in `CONVENTIONS.md` → Integrations.
|
|
1472
|
+
7. **Security gate on:** any change to authentication, session management, data access, payment flows, or external integrations.
|
|
1473
|
+
8. **Never log sensitive data.** Passwords, tokens, PII, and financial data must never appear in logs.
|
|
1474
|
+
|
|
1475
|
+
---
|
|
1476
|
+
|
|
1477
|
+
### Quality Rules
|
|
1478
|
+
|
|
1479
|
+
1. **No dead code in production.** Remove commented-out code, unused imports, and orphaned functions before committing.
|
|
1480
|
+
2. **No magic values.** Constants must be named and defined centrally.
|
|
1481
|
+
3. **Error messages are observable.** Every error must include enough context for debugging without leaking internal structure to end users.
|
|
1482
|
+
4. **Tests are not optional.** No logic without a test. If it cannot be tested, document why in `CONVENTIONS.md` → Concerns.
|
|
1483
|
+
5. **Dependencies must be justified.** Adding a library requires updating `CONVENTIONS.md` → Technical Context with the reason.
|
|
1484
|
+
6. **Breaking changes are flagged.** Any change to a public API, data contract, or shared module must be flagged before implementation.
|
|
1485
|
+
7. **No overengineering.** Three similar lines is better than a premature abstraction. Optimize when the need is real, not hypothetical.
|
|
1486
|
+
8. **Documentation stays alive.** `.specs/` files must be updated when the code they describe changes. Stale specs are worse than no specs.
|
|
1487
|
+
|
|
1488
|
+
---
|
|
1489
|
+
|
|
1490
|
+
### AI-Specific Quality Rules
|
|
1491
|
+
|
|
1492
|
+
1. **Never invent.** If an API, function, or file's existence is uncertain, read the source before assuming it exists.
|
|
1493
|
+
2. **No silent scope creep.** Implement exactly what the task specifies. Record anything discovered out-of-scope in STATE.md for a future task.
|
|
1494
|
+
3. **No silent decisions.** Every choice between two implementation approaches must be recorded as a DEC-XXX entry.
|
|
1495
|
+
4. **No fabricated validation.** Gate checks must actually be run. Do not write "tests pass" without running them.
|
|
1496
|
+
5. **Context revalidation.** When resuming after a session break, re-read STATE.md before taking any action.
|
|
1497
|
+
|
|
1498
|
+
---
|
|
1499
|
+
|
|
1500
|
+
## 16. Practical Feature Example
|
|
1501
|
+
|
|
1502
|
+
### Feature: "User Email Notifications"
|
|
1503
|
+
|
|
1504
|
+
This example demonstrates the full SDD workflow for a medium-complexity feature.
|
|
1505
|
+
|
|
1506
|
+
---
|
|
1507
|
+
|
|
1508
|
+
#### Step 1: Specify
|
|
1509
|
+
|
|
1510
|
+
**File:** `.specs/features/email-notifications/spec.md`
|
|
1511
|
+
|
|
1512
|
+
```markdown
|
|
1513
|
+
# Email Notifications — Specification
|
|
1514
|
+
|
|
1515
|
+
**Feature ID:** FEAT-003
|
|
1516
|
+
**Created:** 2026-06-25
|
|
1517
|
+
**Status:** Approved
|
|
1518
|
+
|
|
1519
|
+
## Overview
|
|
1520
|
+
Allow users to receive email notifications when their order status changes.
|
|
1521
|
+
|
|
1522
|
+
## Requirements
|
|
1523
|
+
|
|
1524
|
+
| ID | Description | Priority |
|
|
1525
|
+
|----|-------------|----------|
|
|
1526
|
+
| REQ-010 | System sends email when order moves to "shipped" status | Must Have |
|
|
1527
|
+
| REQ-011 | System sends email when order moves to "delivered" status | Must Have |
|
|
1528
|
+
| REQ-012 | User can opt out of email notifications per order | Should Have |
|
|
1529
|
+
| REQ-013 | Emails render correctly on mobile | Should Have |
|
|
1530
|
+
|
|
1531
|
+
## Acceptance Criteria
|
|
1532
|
+
- [ ] REQ-010: Creating a shipment record triggers a "shipped" email to the order owner
|
|
1533
|
+
- [ ] REQ-011: Marking an order delivered triggers a "delivered" email
|
|
1534
|
+
- [ ] REQ-012: Users with notifications_enabled=false receive no emails
|
|
1535
|
+
- [ ] REQ-013: Email template passes mobile rendering check
|
|
1536
|
+
|
|
1537
|
+
## Out of Scope
|
|
1538
|
+
- Push notifications
|
|
1539
|
+
- SMS notifications
|
|
1540
|
+
- Notification preferences beyond per-order opt-out
|
|
1541
|
+
```
|
|
1542
|
+
|
|
1543
|
+
---
|
|
1544
|
+
|
|
1545
|
+
#### Step 2: Add Context
|
|
1546
|
+
|
|
1547
|
+
**File:** `.specs/features/email-notifications/context.md`
|
|
1548
|
+
|
|
1549
|
+
```markdown
|
|
1550
|
+
# Email Notifications — Context
|
|
1551
|
+
|
|
1552
|
+
## Background
|
|
1553
|
+
Orders currently update status with no user feedback. Users are complaining in
|
|
1554
|
+
support tickets. This feature closes the most common support request.
|
|
1555
|
+
|
|
1556
|
+
## Related Code
|
|
1557
|
+
- `src/services/order.service.ts` — `updateStatus()` is where triggers belong
|
|
1558
|
+
- `src/models/order.model.ts` — Order schema, contains user_id and status
|
|
1559
|
+
- `src/services/user.service.ts` — `findById()` returns user email
|
|
1560
|
+
|
|
1561
|
+
## Prior Decisions
|
|
1562
|
+
- DEC-005: We use SendGrid for transactional email (see `CONVENTIONS.md` → Integrations)
|
|
1563
|
+
- DEC-006: Email templates are stored in `src/templates/email/`
|
|
1564
|
+
|
|
1565
|
+
## Patterns to Follow
|
|
1566
|
+
- See `src/services/payment.service.ts` for how async side effects are triggered
|
|
1567
|
+
- See `src/templates/email/receipt.html` for template structure
|
|
1568
|
+
|
|
1569
|
+
## Known Risks
|
|
1570
|
+
- RISK-007: SendGrid rate limit is 100/min on free tier — may be hit under load
|
|
1571
|
+
```
|
|
1572
|
+
|
|
1573
|
+
---
|
|
1574
|
+
|
|
1575
|
+
#### Step 3: Design (brief, medium feature)
|
|
1576
|
+
|
|
1577
|
+
**File:** `.specs/features/email-notifications/design.md`
|
|
1578
|
+
|
|
1579
|
+
```markdown
|
|
1580
|
+
# Email Notifications — Design
|
|
1581
|
+
|
|
1582
|
+
## Approach
|
|
1583
|
+
Add a notification trigger inside `order.service.ts` `updateStatus()`.
|
|
1584
|
+
Use the existing SendGrid integration documented in `CONVENTIONS.md` → Integrations.
|
|
1585
|
+
|
|
1586
|
+
## Components
|
|
1587
|
+
|
|
1588
|
+
### EmailNotificationService
|
|
1589
|
+
`src/services/email-notification.service.ts`
|
|
1590
|
+
- `sendShippedEmail(orderId: string): Promise<void>`
|
|
1591
|
+
- `sendDeliveredEmail(orderId: string): Promise<void>`
|
|
1592
|
+
- Reads order and user from DB, checks opt-out flag, sends via SendGrid
|
|
1593
|
+
|
|
1594
|
+
### Email Templates
|
|
1595
|
+
- `src/templates/email/order-shipped.html`
|
|
1596
|
+
- `src/templates/email/order-delivered.html`
|
|
1597
|
+
|
|
1598
|
+
## Decision
|
|
1599
|
+
| ID | Decision | Rationale |
|
|
1600
|
+
|----|----------|-----------|
|
|
1601
|
+
| DEC-012 | Trigger synchronously in updateStatus() | Low volume; async queue not justified yet |
|
|
1602
|
+
| DEC-013 | Reuse existing SendGrid service class | Consistency; no new dependency |
|
|
1603
|
+
```
|
|
1604
|
+
|
|
1605
|
+
---
|
|
1606
|
+
|
|
1607
|
+
#### Step 4: Tasks
|
|
1608
|
+
|
|
1609
|
+
**File:** `.specs/features/email-notifications/tasks.md`
|
|
1610
|
+
|
|
1611
|
+
```markdown
|
|
1612
|
+
# Email Notifications — Tasks
|
|
1613
|
+
|
|
1614
|
+
## TASK-020 — Create EmailNotificationService [P]
|
|
1615
|
+
|
|
1616
|
+
**Satisfies:** REQ-010, REQ-011, REQ-012
|
|
1617
|
+
**Files:** `src/services/email-notification.service.ts`, `src/services/__tests__/email-notification.service.spec.ts`
|
|
1618
|
+
**Dependencies:** None
|
|
1619
|
+
|
|
1620
|
+
**Steps:**
|
|
1621
|
+
1. Create service file at `src/services/email-notification.service.ts`
|
|
1622
|
+
2. Implement `sendShippedEmail` and `sendDeliveredEmail`
|
|
1623
|
+
3. Check `notifications_enabled` flag before sending
|
|
1624
|
+
4. Write unit tests with mocked SendGrid
|
|
1625
|
+
|
|
1626
|
+
**Acceptance Criteria:**
|
|
1627
|
+
- [ ] sendShippedEmail calls SendGrid with correct template and recipient
|
|
1628
|
+
- [ ] sendDeliveredEmail calls SendGrid with correct template and recipient
|
|
1629
|
+
- [ ] No email sent when notifications_enabled is false
|
|
1630
|
+
|
|
1631
|
+
**Status:** TODO
|
|
1632
|
+
|
|
1633
|
+
---
|
|
1634
|
+
|
|
1635
|
+
## TASK-021 — Create Email Templates [P]
|
|
1636
|
+
|
|
1637
|
+
**Satisfies:** REQ-010, REQ-011, REQ-013
|
|
1638
|
+
**Files:** `src/templates/email/order-shipped.html`, `src/templates/email/order-delivered.html`
|
|
1639
|
+
**Dependencies:** None
|
|
1640
|
+
|
|
1641
|
+
**Steps:**
|
|
1642
|
+
1. Copy structure from `src/templates/email/receipt.html`
|
|
1643
|
+
2. Create shipped template with order details
|
|
1644
|
+
3. Create delivered template with order details
|
|
1645
|
+
4. Use responsive table layout for mobile compatibility
|
|
1646
|
+
|
|
1647
|
+
**Acceptance Criteria:**
|
|
1648
|
+
- [ ] Templates render with correct order data
|
|
1649
|
+
- [ ] Templates pass basic mobile breakpoint check
|
|
1650
|
+
|
|
1651
|
+
**Status:** TODO
|
|
1652
|
+
|
|
1653
|
+
---
|
|
1654
|
+
|
|
1655
|
+
## TASK-022 — Wire Triggers in OrderService
|
|
1656
|
+
|
|
1657
|
+
**Satisfies:** REQ-010, REQ-011
|
|
1658
|
+
**Files:** `src/services/order.service.ts`, `src/services/__tests__/order.service.spec.ts`
|
|
1659
|
+
**Dependencies:** TASK-020
|
|
1660
|
+
|
|
1661
|
+
**Steps:**
|
|
1662
|
+
1. Import EmailNotificationService into order.service.ts
|
|
1663
|
+
2. Call sendShippedEmail when status changes to "shipped"
|
|
1664
|
+
3. Call sendDeliveredEmail when status changes to "delivered"
|
|
1665
|
+
4. Update order.service tests to verify trigger calls
|
|
1666
|
+
|
|
1667
|
+
**Acceptance Criteria:**
|
|
1668
|
+
- [ ] Status change to "shipped" calls sendShippedEmail
|
|
1669
|
+
- [ ] Status change to "delivered" calls sendDeliveredEmail
|
|
1670
|
+
- [ ] No email triggered for other status changes
|
|
1671
|
+
|
|
1672
|
+
**Status:** TODO
|
|
1673
|
+
```
|
|
1674
|
+
|
|
1675
|
+
---
|
|
1676
|
+
|
|
1677
|
+
#### Step 5: Execute
|
|
1678
|
+
|
|
1679
|
+
Agent runs TASK-020 and TASK-021 in parallel (they are marked `[P]` and touch disjoint files), then TASK-022 sequentially.
|
|
1680
|
+
|
|
1681
|
+
---
|
|
1682
|
+
|
|
1683
|
+
#### Step 6: Validate
|
|
1684
|
+
|
|
1685
|
+
```
|
|
1686
|
+
TASK-022 Validation Evidence:
|
|
1687
|
+
- Build: PASS
|
|
1688
|
+
- Lint: PASS
|
|
1689
|
+
- Typecheck: PASS
|
|
1690
|
+
- Unit tests: PASS (41/41)
|
|
1691
|
+
- Acceptance REQ-010: PASS — shipped trigger confirmed in test
|
|
1692
|
+
- Acceptance REQ-011: PASS — delivered trigger confirmed in test
|
|
1693
|
+
- Acceptance REQ-012: PASS — opt-out flag blocks send confirmed in test
|
|
1694
|
+
- Regression: PASS — order.service existing tests unchanged
|
|
1695
|
+
```
|
|
1696
|
+
|
|
1697
|
+
---
|
|
1698
|
+
|
|
1699
|
+
#### Step 7: Record State
|
|
1700
|
+
|
|
1701
|
+
**Update to `STATE.md`:**
|
|
1702
|
+
|
|
1703
|
+
```markdown
|
|
1704
|
+
## Session Log
|
|
1705
|
+
| 2026-06-25 | Implemented FEAT-003 email notifications | TASK-020, TASK-021, TASK-022 | DEC-012, DEC-013 |
|
|
1706
|
+
|
|
1707
|
+
## Last Task Completed
|
|
1708
|
+
TASK-022 — Wire email notification triggers in OrderService
|
|
1709
|
+
|
|
1710
|
+
## Suggested Next Steps
|
|
1711
|
+
1. TASK-023 (if created): Manual QA of email rendering on mobile
|
|
1712
|
+
2. Monitor RISK-007 (SendGrid rate limit) after deploy
|
|
1713
|
+
|
|
1714
|
+
## Decisions Log
|
|
1715
|
+
| DEC-012 | 2026-06-25 | Trigger synchronously in updateStatus() | Low volume; queue not justified | order.service.ts |
|
|
1716
|
+
| DEC-013 | 2026-06-25 | Reuse existing SendGrid service | Consistency | email-notification.service.ts |
|
|
1717
|
+
```
|
|
1718
|
+
|
|
1719
|
+
---
|
|
1720
|
+
|
|
1721
|
+
## 17. Tool-Specific Guidance
|
|
1722
|
+
|
|
1723
|
+
### General Principle
|
|
1724
|
+
|
|
1725
|
+
The `.specs/` structure is tool-independent. It works as a plain text contract that any agent can read. The adaptations below are operational tips — not requirements.
|
|
1726
|
+
|
|
1727
|
+
---
|
|
1728
|
+
|
|
1729
|
+
### Claude Code
|
|
1730
|
+
|
|
1731
|
+
**Strengths:** Long context window, multi-file edits, built-in tool use for running tests and reading files.
|
|
1732
|
+
|
|
1733
|
+
**Usage pattern:**
|
|
1734
|
+
1. Start each session: `Read .specs/project/STATE.md`
|
|
1735
|
+
2. Load feature context: `Read .specs/features/[name]/spec.md` and `context.md`
|
|
1736
|
+
3. Use `CLAUDE.md` to point to the harness: add a line pointing to this `SDD.md`
|
|
1737
|
+
4. Use Claude Code's task system to track TASK-XXX progress
|
|
1738
|
+
5. Use `Bash` tool to run validation gates and capture evidence
|
|
1739
|
+
6. End each session: update `STATE.md` before closing
|
|
1740
|
+
|
|
1741
|
+
**CLAUDE.md suggestion:**
|
|
1742
|
+
```markdown
|
|
1743
|
+
# Development Guide
|
|
1744
|
+
This project uses Spec Driven Development. See `SDD.md` for the full methodology.
|
|
1745
|
+
|
|
1746
|
+
Always start a session by reading `.specs/project/STATE.md`.
|
|
1747
|
+
All work follows the AI Development Harness in `SDD.md` Section 7.
|
|
1748
|
+
```
|
|
1749
|
+
|
|
1750
|
+
---
|
|
1751
|
+
|
|
1752
|
+
### OpenAI Codex / ChatGPT with Code Interpreter
|
|
1753
|
+
|
|
1754
|
+
**Strengths:** Strong reasoning, good at spec analysis and plan generation.
|
|
1755
|
+
|
|
1756
|
+
**Usage pattern:**
|
|
1757
|
+
1. Paste the content of `STATE.md`, `spec.md`, and `context.md` at the start of the prompt
|
|
1758
|
+
2. Request one task at a time — Codex works best with focused, bounded scope
|
|
1759
|
+
3. Ask Codex to return output in the sub-agent report format (Section 8)
|
|
1760
|
+
4. Manually apply changes and run gates — Codex does not run tests natively in all modes
|
|
1761
|
+
|
|
1762
|
+
**Limitation:** Cannot read files directly. Must paste context. Keep pasted context under 8k tokens.
|
|
1763
|
+
|
|
1764
|
+
---
|
|
1765
|
+
|
|
1766
|
+
### Cursor
|
|
1767
|
+
|
|
1768
|
+
**Strengths:** IDE integration, inline suggestions, `@` file references, `.cursorrules` support.
|
|
1769
|
+
|
|
1770
|
+
**Usage pattern:**
|
|
1771
|
+
1. Add `.cursorrules` pointing to key spec files:
|
|
1772
|
+
```
|
|
1773
|
+
Always read .specs/project/STATE.md before suggesting changes.
|
|
1774
|
+
Follow conventions in .specs/codebase/CONVENTIONS.md.
|
|
1775
|
+
Reference the current feature spec before generating code.
|
|
1776
|
+
```
|
|
1777
|
+
2. Use `@file` references in prompts: `@.specs/features/email-notifications/spec.md`
|
|
1778
|
+
3. Use Cursor's Composer for multi-file tasks (TASK-XXX scope)
|
|
1779
|
+
4. After Composer runs, manually update `tasks.md` and `STATE.md`
|
|
1780
|
+
|
|
1781
|
+
**Limitation:** Does not natively run tests. Use terminal to run validation gates.
|
|
1782
|
+
|
|
1783
|
+
---
|
|
1784
|
+
|
|
1785
|
+
### GitHub Copilot
|
|
1786
|
+
|
|
1787
|
+
**Strengths:** Autocomplete, inline suggestions, Copilot Chat for bounded Q&A.
|
|
1788
|
+
|
|
1789
|
+
**Usage pattern:**
|
|
1790
|
+
1. Use Copilot Chat with explicit file context: "Given `spec.md` [paste], implement `sendShippedEmail`"
|
|
1791
|
+
2. Use `@workspace` in Copilot Chat to reference the full codebase (when available)
|
|
1792
|
+
3. Copilot is best for filling in implementation detail after design is done in `design.md`
|
|
1793
|
+
4. Manually validate and update `tasks.md` — Copilot does not maintain state
|
|
1794
|
+
|
|
1795
|
+
**Limitation:** No persistent memory. Must re-establish context per chat session.
|
|
1796
|
+
|
|
1797
|
+
---
|
|
1798
|
+
|
|
1799
|
+
### CLI Agents (LangChain, AutoGPT, custom harnesses)
|
|
1800
|
+
|
|
1801
|
+
**Strengths:** Automation, multi-step execution, tool use, scriptable.
|
|
1802
|
+
|
|
1803
|
+
**Usage pattern:**
|
|
1804
|
+
1. At agent startup, inject: `STATE.md`, `PROJECT.md`, `CONVENTIONS.md`
|
|
1805
|
+
2. Pass the current `tasks.md` as the work queue
|
|
1806
|
+
3. Configure the agent to output sub-agent reports (Section 8 format)
|
|
1807
|
+
4. Use file write tools to update `tasks.md` status fields after each task
|
|
1808
|
+
5. Use file write tools to append to `STATE.md` session log at end of run
|
|
1809
|
+
|
|
1810
|
+
**Key configuration:**
|
|
1811
|
+
```yaml
|
|
1812
|
+
context_files:
|
|
1813
|
+
- .specs/project/STATE.md
|
|
1814
|
+
- .specs/project/PROJECT.md
|
|
1815
|
+
- .specs/codebase/CONVENTIONS.md
|
|
1816
|
+
|
|
1817
|
+
task_source: .specs/features/[name]/tasks.md
|
|
1818
|
+
|
|
1819
|
+
on_task_complete:
|
|
1820
|
+
- update: tasks.md (set status=DONE, add evidence)
|
|
1821
|
+
- append: STATE.md (session log entry)
|
|
1822
|
+
|
|
1823
|
+
output_format: sub-agent-report
|
|
1824
|
+
```
|
|
1825
|
+
|
|
1826
|
+
---
|
|
1827
|
+
|
|
1828
|
+
### Specialized Sub-Agents
|
|
1829
|
+
|
|
1830
|
+
When delegating to specialized sub-agents (security reviewer, test writer, architecture validator), provide:
|
|
1831
|
+
|
|
1832
|
+
1. The sub-agent's specific spec section — not the whole project
|
|
1833
|
+
2. The sub-agent report format (Section 8) as the expected output
|
|
1834
|
+
3. Explicit scope boundaries: what files to read, what files to write, what not to touch
|
|
1835
|
+
|
|
1836
|
+
The orchestrating agent is responsible for integrating the sub-agent's output back into `tasks.md` and `STATE.md`.
|
|
1837
|
+
|
|
1838
|
+
---
|
|
1839
|
+
|
|
1840
|
+
## Final Recommendations
|
|
1841
|
+
|
|
1842
|
+
### Start lean, grow as needed
|
|
1843
|
+
|
|
1844
|
+
Do not create every `.specs/` file before writing any code. For a quick task, `quick/[name]/TASK.md` is sufficient. For a new medium feature, start with `spec.md` and `context.md`. Add `design.md` and `tasks.md` when the complexity warrants it.
|
|
1845
|
+
|
|
1846
|
+
### STATE.md is the most important file
|
|
1847
|
+
|
|
1848
|
+
Every agent must read it first and update it last. A well-maintained `STATE.md` means any agent — or any human — can pick up the project in under 5 minutes. A neglected `STATE.md` means the next session starts from zero.
|
|
1849
|
+
|
|
1850
|
+
### Trust the traceability chain
|
|
1851
|
+
|
|
1852
|
+
When requirements change, follow the chain: update `spec.md`, then `design.md`, then `tasks.md`, then the code. Never update code and forget to update the spec. The spec is the contract — the code is the execution.
|
|
1853
|
+
|
|
1854
|
+
### Keep validation evidence
|
|
1855
|
+
|
|
1856
|
+
The most common failure mode in AI-assisted development is a task marked DONE that was never actually validated. Recording gate evidence in `tasks.md` makes this impossible to fake and easy to audit.
|
|
1857
|
+
|
|
1858
|
+
### Commit atomically
|
|
1859
|
+
|
|
1860
|
+
One task, one commit. The commit message references the TASK-XXX. This creates a permanent audit trail between decisions, specs, and code that survives team changes, tool changes, and time.
|
|
1861
|
+
|
|
1862
|
+
### Revisit CONVENTIONS.md → Concerns
|
|
1863
|
+
|
|
1864
|
+
Technical debt and known risks accumulate silently. The Concerns section in `CONVENTIONS.md` is only useful if it is read before touching risky areas and updated when new concerns are found. Build the habit of reading it at the start of any session involving complex or legacy code.
|
|
1865
|
+
|
|
1866
|
+
### This SDD is a living document
|
|
1867
|
+
|
|
1868
|
+
Update `SDD.md` itself when the team finds patterns that work better, when tools change, or when new complexity tiers emerge. The methodology should evolve with the project — not constrain it.
|
|
1869
|
+
|
|
1870
|
+
---
|
|
1871
|
+
|
|
1872
|
+
*SDD v1.0.0 — Built on the TLC Spec Driven Development model.*
|
|
1873
|
+
*Tool-independent. Complexity-adaptive. AI-native.*
|