musubi-sdd 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.ja.md +531 -0
- package/README.md +531 -0
- package/bin/musubi-init.js +321 -0
- package/bin/musubi.js +359 -0
- package/package.json +55 -0
- package/src/agents/registry.js +242 -0
- package/src/templates/agents/claude-code/CLAUDE.md +232 -0
- package/src/templates/agents/claude-code/commands/sdd-design.md +673 -0
- package/src/templates/agents/claude-code/commands/sdd-implement.md +777 -0
- package/src/templates/agents/claude-code/commands/sdd-requirements.md +438 -0
- package/src/templates/agents/claude-code/commands/sdd-steering.md +334 -0
- package/src/templates/agents/claude-code/commands/sdd-tasks.md +582 -0
- package/src/templates/agents/claude-code/commands/sdd-validate.md +710 -0
- package/src/templates/agents/claude-code/skills/ai-ml-engineer/SKILL.md +3055 -0
- package/src/templates/agents/claude-code/skills/api-designer/SKILL.md +1364 -0
- package/src/templates/agents/claude-code/skills/bug-hunter/SKILL.md +482 -0
- package/src/templates/agents/claude-code/skills/change-impact-analyzer/SKILL.md +397 -0
- package/src/templates/agents/claude-code/skills/cloud-architect/SKILL.md +1468 -0
- package/src/templates/agents/claude-code/skills/code-reviewer/SKILL.md +906 -0
- package/src/templates/agents/claude-code/skills/constitution-enforcer/SKILL.md +466 -0
- package/src/templates/agents/claude-code/skills/database-administrator/SKILL.md +3522 -0
- package/src/templates/agents/claude-code/skills/database-schema-designer/SKILL.md +1158 -0
- package/src/templates/agents/claude-code/skills/devops-engineer/SKILL.md +647 -0
- package/src/templates/agents/claude-code/skills/orchestrator/SKILL.md +574 -0
- package/src/templates/agents/claude-code/skills/performance-optimizer/SKILL.md +464 -0
- package/src/templates/agents/claude-code/skills/project-manager/SKILL.md +769 -0
- package/src/templates/agents/claude-code/skills/quality-assurance/SKILL.md +1059 -0
- package/src/templates/agents/claude-code/skills/release-coordinator/SKILL.md +653 -0
- package/src/templates/agents/claude-code/skills/requirements-analyst/SKILL.md +1287 -0
- package/src/templates/agents/claude-code/skills/security-auditor/SKILL.md +1107 -0
- package/src/templates/agents/claude-code/skills/site-reliability-engineer/SKILL.md +404 -0
- package/src/templates/agents/claude-code/skills/software-developer/SKILL.md +1254 -0
- package/src/templates/agents/claude-code/skills/steering/SKILL.md +383 -0
- package/src/templates/agents/claude-code/skills/system-architect/SKILL.md +1288 -0
- package/src/templates/agents/claude-code/skills/technical-writer/SKILL.md +712 -0
- package/src/templates/agents/claude-code/skills/test-engineer/SKILL.md +1262 -0
- package/src/templates/agents/claude-code/skills/traceability-auditor/SKILL.md +298 -0
- package/src/templates/agents/claude-code/skills/ui-ux-designer/SKILL.md +1009 -0
- package/src/templates/agents/codex/AGENTS.md +138 -0
- package/src/templates/agents/codex/commands/sdd-design.md +673 -0
- package/src/templates/agents/codex/commands/sdd-implement.md +777 -0
- package/src/templates/agents/codex/commands/sdd-requirements.md +438 -0
- package/src/templates/agents/codex/commands/sdd-steering.md +334 -0
- package/src/templates/agents/codex/commands/sdd-tasks.md +582 -0
- package/src/templates/agents/codex/commands/sdd-validate.md +710 -0
- package/src/templates/agents/cursor/AGENTS.md +138 -0
- package/src/templates/agents/cursor/commands/sdd-design.md +673 -0
- package/src/templates/agents/cursor/commands/sdd-implement.md +777 -0
- package/src/templates/agents/cursor/commands/sdd-requirements.md +438 -0
- package/src/templates/agents/cursor/commands/sdd-steering.md +334 -0
- package/src/templates/agents/cursor/commands/sdd-tasks.md +582 -0
- package/src/templates/agents/cursor/commands/sdd-validate.md +710 -0
- package/src/templates/agents/gemini-cli/GEMINI.md +128 -0
- package/src/templates/agents/gemini-cli/commands/sdd-design.toml +359 -0
- package/src/templates/agents/gemini-cli/commands/sdd-implement.toml +484 -0
- package/src/templates/agents/gemini-cli/commands/sdd-requirements.toml +291 -0
- package/src/templates/agents/gemini-cli/commands/sdd-steering.toml +209 -0
- package/src/templates/agents/gemini-cli/commands/sdd-tasks.toml +441 -0
- package/src/templates/agents/gemini-cli/commands/sdd-validate.toml +553 -0
- package/src/templates/agents/github-copilot/AGENTS.md +138 -0
- package/src/templates/agents/github-copilot/commands/sdd-design.md +673 -0
- package/src/templates/agents/github-copilot/commands/sdd-implement.md +777 -0
- package/src/templates/agents/github-copilot/commands/sdd-requirements.md +438 -0
- package/src/templates/agents/github-copilot/commands/sdd-steering.md +334 -0
- package/src/templates/agents/github-copilot/commands/sdd-tasks.md +582 -0
- package/src/templates/agents/github-copilot/commands/sdd-validate.md +710 -0
- package/src/templates/agents/qwen-code/QWEN.md +128 -0
- package/src/templates/agents/qwen-code/commands/sdd-design.md +673 -0
- package/src/templates/agents/qwen-code/commands/sdd-implement.md +777 -0
- package/src/templates/agents/qwen-code/commands/sdd-requirements.md +438 -0
- package/src/templates/agents/qwen-code/commands/sdd-steering.md +334 -0
- package/src/templates/agents/qwen-code/commands/sdd-tasks.md +582 -0
- package/src/templates/agents/qwen-code/commands/sdd-validate.md +710 -0
- package/src/templates/agents/windsurf/AGENTS.md +138 -0
- package/src/templates/agents/windsurf/commands/sdd-design.md +673 -0
- package/src/templates/agents/windsurf/commands/sdd-implement.md +777 -0
- package/src/templates/agents/windsurf/commands/sdd-requirements.md +438 -0
- package/src/templates/agents/windsurf/commands/sdd-steering.md +334 -0
- package/src/templates/agents/windsurf/commands/sdd-tasks.md +582 -0
- package/src/templates/agents/windsurf/commands/sdd-validate.md +710 -0
- package/src/templates/shared/constitution/constitution.md +408 -0
- package/src/templates/shared/constitution/ears-format.md +613 -0
- package/src/templates/shared/constitution/workflow.md +653 -0
- package/src/templates/shared/documents/design.md +737 -0
- package/src/templates/shared/documents/requirements.md +329 -0
- package/src/templates/shared/documents/research.md +494 -0
- package/src/templates/shared/documents/tasks.md +781 -0
- package/src/templates/shared/steering/product.md +544 -0
- package/src/templates/shared/steering/structure.md +405 -0
- package/src/templates/shared/steering/tech.md +537 -0
|
@@ -0,0 +1,128 @@
|
|
|
1
|
+
# MUSUBI for Gemini CLI
|
|
2
|
+
|
|
3
|
+
**Ultimate Specification Driven Development**
|
|
4
|
+
|
|
5
|
+
This project uses **MUSUBI** (Ultimate Specification Driven Development) configured for Gemini CLI.
|
|
6
|
+
|
|
7
|
+
## Features
|
|
8
|
+
|
|
9
|
+
- 📋 **Constitutional Governance** - 9 immutable articles + Phase -1 Gates
|
|
10
|
+
- 📝 **EARS Requirements Format** - Unambiguous requirements with complete traceability
|
|
11
|
+
- 🧭 **Auto-Updating Project Memory** - Steering system maintains architecture, tech stack, and product context
|
|
12
|
+
- 🌐 **Bilingual Documentation** - All documents created in both English and Japanese
|
|
13
|
+
|
|
14
|
+
## Commands
|
|
15
|
+
|
|
16
|
+
Gemini CLI uses commands in `.gemini/commands/`:
|
|
17
|
+
|
|
18
|
+
```bash
|
|
19
|
+
# Generate project memory
|
|
20
|
+
/sdd-steering
|
|
21
|
+
|
|
22
|
+
# Create requirements
|
|
23
|
+
/sdd-requirements <feature>
|
|
24
|
+
|
|
25
|
+
# Design architecture
|
|
26
|
+
/sdd-design <feature>
|
|
27
|
+
|
|
28
|
+
# Break down into tasks
|
|
29
|
+
/sdd-tasks <feature>
|
|
30
|
+
|
|
31
|
+
# Implement feature
|
|
32
|
+
/sdd-implement <feature>
|
|
33
|
+
|
|
34
|
+
# Validate constitutional compliance
|
|
35
|
+
/sdd-validate <feature>
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
## Project Memory (Steering System)
|
|
39
|
+
|
|
40
|
+
**IMPORTANT**: Before starting any task, check if steering files exist in `steering/` directory:
|
|
41
|
+
|
|
42
|
+
- `steering/structure.md` - Architecture patterns, directory organization, naming conventions
|
|
43
|
+
- `steering/tech.md` - Technology stack, frameworks, development tools
|
|
44
|
+
- `steering/product.md` - Business context, product purpose, users
|
|
45
|
+
|
|
46
|
+
If these files exist, ALWAYS read them first to understand project context.
|
|
47
|
+
|
|
48
|
+
## SDD Workflow (8 Stages)
|
|
49
|
+
|
|
50
|
+
```
|
|
51
|
+
Research → Requirements → Design → Tasks → Implementation → Testing → Deployment → Monitoring
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
Each stage has:
|
|
55
|
+
- Quality gates
|
|
56
|
+
- Traceability requirements
|
|
57
|
+
- Constitutional validation
|
|
58
|
+
|
|
59
|
+
## EARS Requirements Format
|
|
60
|
+
|
|
61
|
+
All requirements must use EARS patterns:
|
|
62
|
+
|
|
63
|
+
```markdown
|
|
64
|
+
### Requirement: User Login
|
|
65
|
+
|
|
66
|
+
WHEN user provides valid credentials,
|
|
67
|
+
THEN the system SHALL authenticate the user
|
|
68
|
+
AND the system SHALL create a session.
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
## Constitutional Governance
|
|
72
|
+
|
|
73
|
+
MUSUBI enforces 9 immutable constitutional articles:
|
|
74
|
+
|
|
75
|
+
1. **Library-First Principle** - Features start as libraries
|
|
76
|
+
2. **CLI Interface Mandate** - All libraries expose CLI
|
|
77
|
+
3. **Test-First Imperative** - Tests before code (Red-Green-Blue)
|
|
78
|
+
4. **EARS Requirements Format** - Unambiguous requirements
|
|
79
|
+
5. **Traceability Mandate** - 100% coverage required
|
|
80
|
+
6. **Project Memory** - All commands check steering first
|
|
81
|
+
7. **Simplicity Gate** - Maximum 3 projects initially
|
|
82
|
+
8. **Anti-Abstraction Gate** - Use framework features directly
|
|
83
|
+
9. **Integration-First Testing** - Real services over mocks
|
|
84
|
+
|
|
85
|
+
## Bilingual Documentation
|
|
86
|
+
|
|
87
|
+
**All agent-generated documents are created in both English and Japanese.**
|
|
88
|
+
|
|
89
|
+
### Language Policy
|
|
90
|
+
|
|
91
|
+
- **English**: Reference/source documents (`.md`)
|
|
92
|
+
- **Japanese**: Translations (`.ja.md`)
|
|
93
|
+
- **Commands**: Always read English versions for work
|
|
94
|
+
- **Code References**: Requirement IDs, technical terms stay in English
|
|
95
|
+
|
|
96
|
+
## Quick Start
|
|
97
|
+
|
|
98
|
+
### First Time Setup
|
|
99
|
+
|
|
100
|
+
1. Generate project memory:
|
|
101
|
+
```
|
|
102
|
+
/sdd-steering
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
2. Review steering context in `steering/` directory
|
|
106
|
+
|
|
107
|
+
3. Start development
|
|
108
|
+
|
|
109
|
+
### Example Usage
|
|
110
|
+
|
|
111
|
+
```bash
|
|
112
|
+
# Greenfield Project (0→1)
|
|
113
|
+
/sdd-steering
|
|
114
|
+
/sdd-requirements user-authentication
|
|
115
|
+
/sdd-design user-authentication
|
|
116
|
+
/sdd-tasks user-authentication
|
|
117
|
+
/sdd-implement user-authentication
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
## Learn More
|
|
121
|
+
|
|
122
|
+
- [MUSUBI Documentation](https://github.com/your-org/musubi)
|
|
123
|
+
- [Constitutional Governance](steering/rules/constitution.md)
|
|
124
|
+
- [8-Stage SDD Workflow](steering/rules/workflow.md)
|
|
125
|
+
|
|
126
|
+
---
|
|
127
|
+
|
|
128
|
+
**MUSUBI for Gemini CLI** - むすび - Bringing specifications, design, and code together.
|
|
@@ -0,0 +1,359 @@
|
|
|
1
|
+
name = "sdd-design"
|
|
2
|
+
description = "Generate technical design with C4 model and ADR based on requirements"
|
|
3
|
+
|
|
4
|
+
[[instructions]]
|
|
5
|
+
role = "system"
|
|
6
|
+
content = """
|
|
7
|
+
You are executing the /sdd-design command to create a technical design specification.
|
|
8
|
+
|
|
9
|
+
# Command Format
|
|
10
|
+
|
|
11
|
+
/sdd-design <feature-name>
|
|
12
|
+
|
|
13
|
+
Example: /sdd-design authentication
|
|
14
|
+
|
|
15
|
+
# Your Task
|
|
16
|
+
|
|
17
|
+
Create a comprehensive technical design for the given feature based on requirements.
|
|
18
|
+
|
|
19
|
+
# Step 1: Read Project Memory and Requirements
|
|
20
|
+
|
|
21
|
+
**IMPORTANT: Read these files FIRST (English versions only):**
|
|
22
|
+
|
|
23
|
+
1. **Steering Context**:
|
|
24
|
+
- `steering/structure.md` - Architecture patterns
|
|
25
|
+
- `steering/tech.md` - Technology stack
|
|
26
|
+
- `steering/product.md` - Product context
|
|
27
|
+
|
|
28
|
+
2. **Requirements**:
|
|
29
|
+
- `storage/specs/{{feature-name}}-requirements.md` - Feature requirements
|
|
30
|
+
|
|
31
|
+
**Note**: Always read English versions (.md), not Japanese translations (.ja.md)
|
|
32
|
+
|
|
33
|
+
# Step 2: Design Approach
|
|
34
|
+
|
|
35
|
+
Follow this design methodology:
|
|
36
|
+
|
|
37
|
+
1. **Understand Requirements**: Map all EARS requirements
|
|
38
|
+
2. **Align with Architecture**: Follow patterns from steering/structure.md
|
|
39
|
+
3. **Technology Alignment**: Use stack from steering/tech.md
|
|
40
|
+
4. **C4 Model**: Create architecture diagrams
|
|
41
|
+
5. **ADR**: Document architectural decisions
|
|
42
|
+
6. **API Design**: Define interfaces
|
|
43
|
+
7. **Data Model**: Design database schema
|
|
44
|
+
8. **Integration**: Define component interactions
|
|
45
|
+
|
|
46
|
+
# Step 3: Design Document Structure
|
|
47
|
+
|
|
48
|
+
## 1. Overview
|
|
49
|
+
- Feature name and version
|
|
50
|
+
- Link to requirements document
|
|
51
|
+
- Design goals
|
|
52
|
+
- Constraints from steering
|
|
53
|
+
|
|
54
|
+
## 2. Architecture (C4 Model)
|
|
55
|
+
|
|
56
|
+
### Context Diagram (Level 1)
|
|
57
|
+
- System boundary
|
|
58
|
+
- External actors
|
|
59
|
+
- External systems
|
|
60
|
+
|
|
61
|
+
### Container Diagram (Level 2)
|
|
62
|
+
- Application components
|
|
63
|
+
- Databases
|
|
64
|
+
- Message queues
|
|
65
|
+
- External services
|
|
66
|
+
|
|
67
|
+
### Component Diagram (Level 3)
|
|
68
|
+
- Internal components
|
|
69
|
+
- Responsibilities
|
|
70
|
+
- Dependencies
|
|
71
|
+
- Communication patterns
|
|
72
|
+
|
|
73
|
+
### Code Organization (Level 4)
|
|
74
|
+
- Directory structure (aligned with steering/structure.md)
|
|
75
|
+
- Key classes/modules
|
|
76
|
+
- File organization
|
|
77
|
+
|
|
78
|
+
## 3. Architectural Decision Records (ADRs)
|
|
79
|
+
|
|
80
|
+
For each major decision:
|
|
81
|
+
|
|
82
|
+
**ADR-NNN: [Decision Title]**
|
|
83
|
+
|
|
84
|
+
- **Status**: Proposed / Accepted / Deprecated
|
|
85
|
+
- **Context**: What problem are we solving?
|
|
86
|
+
- **Decision**: What did we decide?
|
|
87
|
+
- **Consequences**: What are the trade-offs?
|
|
88
|
+
- **Alternatives Considered**: What other options were evaluated?
|
|
89
|
+
|
|
90
|
+
Example:
|
|
91
|
+
```
|
|
92
|
+
ADR-001: Use JWT for Authentication Tokens
|
|
93
|
+
|
|
94
|
+
Status: Accepted
|
|
95
|
+
Context: Need stateless authentication mechanism for API
|
|
96
|
+
Decision: Use JWT (RS256) with 24-hour expiry
|
|
97
|
+
Consequences:
|
|
98
|
+
+ Stateless, scales horizontally
|
|
99
|
+
+ Standard, well-supported
|
|
100
|
+
- Cannot revoke tokens before expiry
|
|
101
|
+
- Larger token size than session IDs
|
|
102
|
+
Alternatives: Session cookies, OAuth tokens
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
## 4. Requirements Mapping
|
|
106
|
+
|
|
107
|
+
Map each requirement to design components:
|
|
108
|
+
|
|
109
|
+
| Requirement ID | Component | Implementation |
|
|
110
|
+
|---------------|-----------|----------------|
|
|
111
|
+
| REQ-AUTH-001 | AuthService | EmailRegistration class |
|
|
112
|
+
| REQ-AUTH-002 | PasswordValidator | validatePassword() |
|
|
113
|
+
| REQ-AUTH-003 | AuthService | login() method |
|
|
114
|
+
|
|
115
|
+
## 5. API Design
|
|
116
|
+
|
|
117
|
+
### Endpoints
|
|
118
|
+
|
|
119
|
+
For each API endpoint:
|
|
120
|
+
|
|
121
|
+
**POST /api/auth/register**
|
|
122
|
+
- Request: { email: string, password: string }
|
|
123
|
+
- Response: { userId: string, status: string }
|
|
124
|
+
- Errors: 400 (validation), 409 (conflict)
|
|
125
|
+
- Requirements: REQ-AUTH-001, REQ-AUTH-002
|
|
126
|
+
|
|
127
|
+
**POST /api/auth/login**
|
|
128
|
+
- Request: { email: string, password: string }
|
|
129
|
+
- Response: { token: string, expiresAt: string }
|
|
130
|
+
- Errors: 401 (unauthorized), 429 (rate limit)
|
|
131
|
+
- Requirements: REQ-AUTH-003
|
|
132
|
+
|
|
133
|
+
### GraphQL Schema (if applicable)
|
|
134
|
+
```graphql
|
|
135
|
+
type User {
|
|
136
|
+
id: ID!
|
|
137
|
+
email: String!
|
|
138
|
+
createdAt: DateTime!
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
type Mutation {
|
|
142
|
+
register(email: String!, password: String!): User!
|
|
143
|
+
login(email: String!, password: String!): AuthPayload!
|
|
144
|
+
}
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
## 6. Data Model
|
|
148
|
+
|
|
149
|
+
### Database Schema
|
|
150
|
+
|
|
151
|
+
**users table**
|
|
152
|
+
```sql
|
|
153
|
+
CREATE TABLE users (
|
|
154
|
+
id UUID PRIMARY KEY,
|
|
155
|
+
email VARCHAR(255) UNIQUE NOT NULL,
|
|
156
|
+
password_hash VARCHAR(255) NOT NULL,
|
|
157
|
+
created_at TIMESTAMP DEFAULT NOW(),
|
|
158
|
+
updated_at TIMESTAMP DEFAULT NOW()
|
|
159
|
+
);
|
|
160
|
+
```
|
|
161
|
+
|
|
162
|
+
**sessions table**
|
|
163
|
+
```sql
|
|
164
|
+
CREATE TABLE sessions (
|
|
165
|
+
id UUID PRIMARY KEY,
|
|
166
|
+
user_id UUID REFERENCES users(id),
|
|
167
|
+
token VARCHAR(512) NOT NULL,
|
|
168
|
+
expires_at TIMESTAMP NOT NULL,
|
|
169
|
+
created_at TIMESTAMP DEFAULT NOW()
|
|
170
|
+
);
|
|
171
|
+
```
|
|
172
|
+
|
|
173
|
+
### ER Diagram
|
|
174
|
+
```
|
|
175
|
+
[User] 1 ---- * [Session]
|
|
176
|
+
[User] 1 ---- * [RefreshToken]
|
|
177
|
+
```
|
|
178
|
+
|
|
179
|
+
## 7. Component Design
|
|
180
|
+
|
|
181
|
+
### AuthService
|
|
182
|
+
```typescript
|
|
183
|
+
class AuthService {
|
|
184
|
+
async register(email: string, password: string): Promise<User>
|
|
185
|
+
async login(email: string, password: string): Promise<AuthToken>
|
|
186
|
+
async logout(userId: string): Promise<void>
|
|
187
|
+
async refreshToken(token: string): Promise<AuthToken>
|
|
188
|
+
}
|
|
189
|
+
```
|
|
190
|
+
|
|
191
|
+
### PasswordValidator
|
|
192
|
+
```typescript
|
|
193
|
+
class PasswordValidator {
|
|
194
|
+
validate(password: string): ValidationResult
|
|
195
|
+
hash(password: string): Promise<string>
|
|
196
|
+
verify(password: string, hash: string): Promise<boolean>
|
|
197
|
+
}
|
|
198
|
+
```
|
|
199
|
+
|
|
200
|
+
## 8. Integration Points
|
|
201
|
+
|
|
202
|
+
### Internal Dependencies
|
|
203
|
+
- UserRepository (lib/users/)
|
|
204
|
+
- EmailService (lib/notifications/)
|
|
205
|
+
- TokenService (lib/auth/tokens/)
|
|
206
|
+
|
|
207
|
+
### External Dependencies
|
|
208
|
+
- PostgreSQL database
|
|
209
|
+
- Redis cache (for rate limiting)
|
|
210
|
+
- Email SMTP service
|
|
211
|
+
|
|
212
|
+
## 9. Security Design
|
|
213
|
+
|
|
214
|
+
Based on Constitutional Article (OWASP Top 10):
|
|
215
|
+
|
|
216
|
+
- **A01: Broken Access Control**: JWT validation on all protected routes
|
|
217
|
+
- **A02: Cryptographic Failures**: bcrypt for passwords, RS256 for JWT
|
|
218
|
+
- **A03: Injection**: Parameterized queries with Prisma ORM
|
|
219
|
+
- **A05: Security Misconfiguration**: Environment variables for secrets
|
|
220
|
+
- **A07: Authentication Failures**: Rate limiting, account lockout
|
|
221
|
+
|
|
222
|
+
## 10. Performance Considerations
|
|
223
|
+
|
|
224
|
+
- **Caching**: Cache user sessions in Redis
|
|
225
|
+
- **Database**: Index on email, user_id
|
|
226
|
+
- **Rate Limiting**: 5 login attempts per IP per minute
|
|
227
|
+
- **Async Operations**: Email sending via background queue
|
|
228
|
+
|
|
229
|
+
## 11. Error Handling
|
|
230
|
+
|
|
231
|
+
### Error Codes
|
|
232
|
+
- AUTH_001: Invalid credentials
|
|
233
|
+
- AUTH_002: Account locked
|
|
234
|
+
- AUTH_003: Token expired
|
|
235
|
+
- AUTH_004: Validation failed
|
|
236
|
+
|
|
237
|
+
### Error Response Format
|
|
238
|
+
```json
|
|
239
|
+
{
|
|
240
|
+
"error": {
|
|
241
|
+
"code": "AUTH_001",
|
|
242
|
+
"message": "Invalid credentials",
|
|
243
|
+
"details": { ... }
|
|
244
|
+
}
|
|
245
|
+
}
|
|
246
|
+
```
|
|
247
|
+
|
|
248
|
+
## 12. Testing Strategy
|
|
249
|
+
|
|
250
|
+
### Unit Tests
|
|
251
|
+
- PasswordValidator.validate()
|
|
252
|
+
- AuthService.register()
|
|
253
|
+
- AuthService.login()
|
|
254
|
+
|
|
255
|
+
### Integration Tests
|
|
256
|
+
- POST /api/auth/register
|
|
257
|
+
- POST /api/auth/login
|
|
258
|
+
- Token validation flow
|
|
259
|
+
|
|
260
|
+
### Test Coverage Requirements
|
|
261
|
+
- Minimum 80% code coverage
|
|
262
|
+
- All EARS requirements tested
|
|
263
|
+
- All error paths tested
|
|
264
|
+
|
|
265
|
+
## 13. Deployment
|
|
266
|
+
|
|
267
|
+
### Environment Variables
|
|
268
|
+
- DATABASE_URL
|
|
269
|
+
- JWT_SECRET
|
|
270
|
+
- JWT_EXPIRES_IN
|
|
271
|
+
- REDIS_URL
|
|
272
|
+
|
|
273
|
+
### Infrastructure
|
|
274
|
+
- Database migrations (Prisma)
|
|
275
|
+
- Redis for sessions
|
|
276
|
+
- SMTP configuration
|
|
277
|
+
|
|
278
|
+
## 14. Constitutional Compliance
|
|
279
|
+
|
|
280
|
+
Verify alignment with Constitutional Articles:
|
|
281
|
+
|
|
282
|
+
- ✅ **Article I: Library-First**: Implemented in lib/auth/
|
|
283
|
+
- ✅ **Article II: CLI Interface**: CLI tool for user management
|
|
284
|
+
- ✅ **Article III: Test-First**: Test strategy defined
|
|
285
|
+
- ✅ **Article IV: EARS Format**: All requirements mapped
|
|
286
|
+
- ✅ **Article V: Traceability**: Requirements → Design mapping complete
|
|
287
|
+
- ✅ **Article VIII: Anti-Abstraction**: Use Prisma directly, no custom ORM wrapper
|
|
288
|
+
|
|
289
|
+
# Step 4: Bilingual Output
|
|
290
|
+
|
|
291
|
+
**IMPORTANT**: Create BOTH English and Japanese versions.
|
|
292
|
+
|
|
293
|
+
**English version (Primary/Reference)**:
|
|
294
|
+
Save to: `storage/specs/{{feature-name}}-design.md`
|
|
295
|
+
|
|
296
|
+
**Japanese version (Translation)**:
|
|
297
|
+
Save to: `storage/specs/{{feature-name}}-design.ja.md`
|
|
298
|
+
|
|
299
|
+
Translation rules:
|
|
300
|
+
- Keep technical terms in English (API, JWT, bcrypt, etc.)
|
|
301
|
+
- Keep code examples unchanged
|
|
302
|
+
- Keep requirement IDs in English (REQ-AUTH-001)
|
|
303
|
+
- Keep ADR numbers in English (ADR-001)
|
|
304
|
+
- Translate explanations and descriptions to Japanese
|
|
305
|
+
|
|
306
|
+
# Example C4 Diagrams
|
|
307
|
+
|
|
308
|
+
Use Mermaid or ASCII art:
|
|
309
|
+
|
|
310
|
+
```mermaid
|
|
311
|
+
graph TB
|
|
312
|
+
User[User] --> WebApp[Web Application]
|
|
313
|
+
WebApp --> AuthAPI[Auth API]
|
|
314
|
+
AuthAPI --> DB[(PostgreSQL)]
|
|
315
|
+
AuthAPI --> Cache[(Redis)]
|
|
316
|
+
AuthAPI --> EmailService[Email Service]
|
|
317
|
+
```
|
|
318
|
+
|
|
319
|
+
# Validation Checklist
|
|
320
|
+
|
|
321
|
+
Before finalizing:
|
|
322
|
+
|
|
323
|
+
1. **Requirements Coverage**:
|
|
324
|
+
- All requirements from requirements.md mapped
|
|
325
|
+
- No missing functionality
|
|
326
|
+
|
|
327
|
+
2. **Architecture Alignment**:
|
|
328
|
+
- Follows patterns from steering/structure.md
|
|
329
|
+
- Uses tech stack from steering/tech.md
|
|
330
|
+
- Aligns with product goals from steering/product.md
|
|
331
|
+
|
|
332
|
+
3. **Constitutional Compliance**:
|
|
333
|
+
- Library-first approach
|
|
334
|
+
- CLI interface designed
|
|
335
|
+
- Test strategy defined
|
|
336
|
+
- EARS requirements mapped
|
|
337
|
+
- No unnecessary abstractions
|
|
338
|
+
|
|
339
|
+
4. **Completeness**:
|
|
340
|
+
- All major components designed
|
|
341
|
+
- API contracts defined
|
|
342
|
+
- Data model complete
|
|
343
|
+
- Security considerations included
|
|
344
|
+
- Performance strategy defined
|
|
345
|
+
|
|
346
|
+
5. **Bilingual**:
|
|
347
|
+
- Both English and Japanese versions created
|
|
348
|
+
- Technical terms consistent
|
|
349
|
+
- Diagrams identical
|
|
350
|
+
|
|
351
|
+
# Next Steps
|
|
352
|
+
|
|
353
|
+
After design is complete:
|
|
354
|
+
1. User reviews and approves design
|
|
355
|
+
2. Proceed to tasks: /sdd-tasks {{feature-name}}
|
|
356
|
+
3. Or validate compliance: /sdd-validate {{feature-name}}
|
|
357
|
+
|
|
358
|
+
**Execute design generation now.**
|
|
359
|
+
"""
|