product-playbook 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.es.md +518 -0
- package/README.ja.md +519 -0
- package/README.ko.md +518 -0
- package/README.md +520 -0
- package/README.zh-CN.md +518 -0
- package/README.zh-TW.md +518 -0
- package/SKILL.md +244 -0
- package/commands/product-build.md +13 -0
- package/commands/product-dev.md +21 -0
- package/commands/product-full.md +13 -0
- package/commands/product-prd.md +14 -0
- package/commands/product-quick.md +13 -0
- package/commands/product-report.md +12 -0
- package/commands/product-revision.md +13 -0
- package/i18n/en/SKILL.md +245 -0
- package/i18n/en/commands/product-build.md +13 -0
- package/i18n/en/commands/product-dev.md +21 -0
- package/i18n/en/commands/product-full.md +13 -0
- package/i18n/en/commands/product-prd.md +14 -0
- package/i18n/en/commands/product-quick.md +13 -0
- package/i18n/en/commands/product-report.md +12 -0
- package/i18n/en/commands/product-revision.md +13 -0
- package/i18n/en/references/00-opportunity-check.md +44 -0
- package/i18n/en/references/01-strategy.md +90 -0
- package/i18n/en/references/02a-persona.md +57 -0
- package/i18n/en/references/02b-jtbd.md +125 -0
- package/i18n/en/references/02c-ost-journey.md +65 -0
- package/i18n/en/references/03-define.md +118 -0
- package/i18n/en/references/04a-prfaq.md +112 -0
- package/i18n/en/references/04b-solutions.md +269 -0
- package/i18n/en/references/04c-mvp.md +21 -0
- package/i18n/en/references/05a-northstar-aha.md +93 -0
- package/i18n/en/references/05b-pmf-gtm.md +102 -0
- package/i18n/en/references/05c-validation-spec.md +117 -0
- package/i18n/en/references/06-html-report.md +128 -0
- package/i18n/en/references/07a-handoff-core.md +152 -0
- package/i18n/en/references/07b-tasks-tickets.md +215 -0
- package/i18n/en/references/07c-architecture-setup.md +197 -0
- package/i18n/en/references/08-security-checklist.md +221 -0
- package/i18n/en/references/rules-build.md +152 -0
- package/i18n/en/references/rules-change-propagation.md +74 -0
- package/i18n/en/references/rules-commands.md +98 -0
- package/i18n/en/references/rules-context.md +291 -0
- package/i18n/en/references/rules-custom.md +63 -0
- package/i18n/en/references/rules-document-tools.md +126 -0
- package/i18n/en/references/rules-end-of-flow.md +150 -0
- package/i18n/en/references/rules-export-document.md +346 -0
- package/i18n/en/references/rules-file-integration.md +65 -0
- package/i18n/en/references/rules-full.md +66 -0
- package/i18n/en/references/rules-import-document.md +261 -0
- package/i18n/en/references/rules-product-type.md +14 -0
- package/i18n/en/references/rules-progress.md +60 -0
- package/i18n/en/references/rules-quick.md +29 -0
- package/i18n/en/references/rules-revision.md +64 -0
- package/i18n/es/SKILL.md +245 -0
- package/i18n/es/commands/product-build.md +13 -0
- package/i18n/es/commands/product-dev.md +21 -0
- package/i18n/es/commands/product-full.md +13 -0
- package/i18n/es/commands/product-prd.md +14 -0
- package/i18n/es/commands/product-quick.md +13 -0
- package/i18n/es/commands/product-report.md +12 -0
- package/i18n/es/commands/product-revision.md +13 -0
- package/i18n/es/references/00-opportunity-check.md +44 -0
- package/i18n/es/references/01-strategy.md +90 -0
- package/i18n/es/references/02a-persona.md +57 -0
- package/i18n/es/references/02b-jtbd.md +125 -0
- package/i18n/es/references/02c-ost-journey.md +65 -0
- package/i18n/es/references/03-define.md +118 -0
- package/i18n/es/references/04a-prfaq.md +114 -0
- package/i18n/es/references/04b-solutions.md +269 -0
- package/i18n/es/references/04c-mvp.md +21 -0
- package/i18n/es/references/05a-northstar-aha.md +93 -0
- package/i18n/es/references/05b-pmf-gtm.md +102 -0
- package/i18n/es/references/05c-validation-spec.md +117 -0
- package/i18n/es/references/06-html-report.md +138 -0
- package/i18n/es/references/07a-handoff-core.md +152 -0
- package/i18n/es/references/07b-tasks-tickets.md +215 -0
- package/i18n/es/references/07c-architecture-setup.md +197 -0
- package/i18n/es/references/08-security-checklist.md +221 -0
- package/i18n/es/references/rules-build.md +152 -0
- package/i18n/es/references/rules-change-propagation.md +74 -0
- package/i18n/es/references/rules-commands.md +98 -0
- package/i18n/es/references/rules-context.md +291 -0
- package/i18n/es/references/rules-custom.md +63 -0
- package/i18n/es/references/rules-document-tools.md +126 -0
- package/i18n/es/references/rules-end-of-flow.md +150 -0
- package/i18n/es/references/rules-export-document.md +346 -0
- package/i18n/es/references/rules-file-integration.md +65 -0
- package/i18n/es/references/rules-full.md +66 -0
- package/i18n/es/references/rules-import-document.md +261 -0
- package/i18n/es/references/rules-product-type.md +14 -0
- package/i18n/es/references/rules-progress.md +60 -0
- package/i18n/es/references/rules-quick.md +29 -0
- package/i18n/es/references/rules-revision.md +64 -0
- package/i18n/ja/SKILL.md +245 -0
- package/i18n/ja/commands/product-build.md +13 -0
- package/i18n/ja/commands/product-dev.md +21 -0
- package/i18n/ja/commands/product-full.md +13 -0
- package/i18n/ja/commands/product-prd.md +14 -0
- package/i18n/ja/commands/product-quick.md +13 -0
- package/i18n/ja/commands/product-report.md +12 -0
- package/i18n/ja/commands/product-revision.md +13 -0
- package/i18n/ja/references/00-opportunity-check.md +44 -0
- package/i18n/ja/references/01-strategy.md +90 -0
- package/i18n/ja/references/02a-persona.md +57 -0
- package/i18n/ja/references/02b-jtbd.md +125 -0
- package/i18n/ja/references/02c-ost-journey.md +65 -0
- package/i18n/ja/references/03-define.md +118 -0
- package/i18n/ja/references/04a-prfaq.md +111 -0
- package/i18n/ja/references/04b-solutions.md +269 -0
- package/i18n/ja/references/04c-mvp.md +21 -0
- package/i18n/ja/references/05a-northstar-aha.md +93 -0
- package/i18n/ja/references/05b-pmf-gtm.md +102 -0
- package/i18n/ja/references/05c-validation-spec.md +117 -0
- package/i18n/ja/references/06-html-report.md +126 -0
- package/i18n/ja/references/07a-handoff-core.md +152 -0
- package/i18n/ja/references/07b-tasks-tickets.md +215 -0
- package/i18n/ja/references/07c-architecture-setup.md +197 -0
- package/i18n/ja/references/08-security-checklist.md +221 -0
- package/i18n/ja/references/rules-build.md +152 -0
- package/i18n/ja/references/rules-change-propagation.md +74 -0
- package/i18n/ja/references/rules-commands.md +98 -0
- package/i18n/ja/references/rules-context.md +291 -0
- package/i18n/ja/references/rules-custom.md +63 -0
- package/i18n/ja/references/rules-document-tools.md +126 -0
- package/i18n/ja/references/rules-end-of-flow.md +150 -0
- package/i18n/ja/references/rules-export-document.md +346 -0
- package/i18n/ja/references/rules-file-integration.md +65 -0
- package/i18n/ja/references/rules-full.md +66 -0
- package/i18n/ja/references/rules-import-document.md +261 -0
- package/i18n/ja/references/rules-product-type.md +14 -0
- package/i18n/ja/references/rules-progress.md +60 -0
- package/i18n/ja/references/rules-quick.md +29 -0
- package/i18n/ja/references/rules-revision.md +64 -0
- package/i18n/ko/SKILL.md +245 -0
- package/i18n/ko/commands/product-build.md +13 -0
- package/i18n/ko/commands/product-dev.md +21 -0
- package/i18n/ko/commands/product-full.md +13 -0
- package/i18n/ko/commands/product-prd.md +14 -0
- package/i18n/ko/commands/product-quick.md +13 -0
- package/i18n/ko/commands/product-report.md +12 -0
- package/i18n/ko/commands/product-revision.md +13 -0
- package/i18n/ko/references/00-opportunity-check.md +44 -0
- package/i18n/ko/references/01-strategy.md +90 -0
- package/i18n/ko/references/02a-persona.md +57 -0
- package/i18n/ko/references/02b-jtbd.md +125 -0
- package/i18n/ko/references/02c-ost-journey.md +65 -0
- package/i18n/ko/references/03-define.md +118 -0
- package/i18n/ko/references/04a-prfaq.md +112 -0
- package/i18n/ko/references/04b-solutions.md +269 -0
- package/i18n/ko/references/04c-mvp.md +21 -0
- package/i18n/ko/references/05a-northstar-aha.md +93 -0
- package/i18n/ko/references/05b-pmf-gtm.md +102 -0
- package/i18n/ko/references/05c-validation-spec.md +117 -0
- package/i18n/ko/references/06-html-report.md +126 -0
- package/i18n/ko/references/07a-handoff-core.md +152 -0
- package/i18n/ko/references/07b-tasks-tickets.md +215 -0
- package/i18n/ko/references/07c-architecture-setup.md +197 -0
- package/i18n/ko/references/08-security-checklist.md +221 -0
- package/i18n/ko/references/rules-build.md +152 -0
- package/i18n/ko/references/rules-change-propagation.md +74 -0
- package/i18n/ko/references/rules-commands.md +98 -0
- package/i18n/ko/references/rules-context.md +291 -0
- package/i18n/ko/references/rules-custom.md +63 -0
- package/i18n/ko/references/rules-document-tools.md +126 -0
- package/i18n/ko/references/rules-end-of-flow.md +150 -0
- package/i18n/ko/references/rules-export-document.md +346 -0
- package/i18n/ko/references/rules-file-integration.md +65 -0
- package/i18n/ko/references/rules-full.md +66 -0
- package/i18n/ko/references/rules-import-document.md +261 -0
- package/i18n/ko/references/rules-product-type.md +14 -0
- package/i18n/ko/references/rules-progress.md +60 -0
- package/i18n/ko/references/rules-quick.md +29 -0
- package/i18n/ko/references/rules-revision.md +64 -0
- package/i18n/zh-CN/SKILL.md +245 -0
- package/i18n/zh-CN/commands/product-build.md +13 -0
- package/i18n/zh-CN/commands/product-dev.md +21 -0
- package/i18n/zh-CN/commands/product-full.md +13 -0
- package/i18n/zh-CN/commands/product-prd.md +14 -0
- package/i18n/zh-CN/commands/product-quick.md +13 -0
- package/i18n/zh-CN/commands/product-report.md +12 -0
- package/i18n/zh-CN/commands/product-revision.md +13 -0
- package/i18n/zh-CN/references/00-opportunity-check.md +44 -0
- package/i18n/zh-CN/references/01-strategy.md +90 -0
- package/i18n/zh-CN/references/02a-persona.md +57 -0
- package/i18n/zh-CN/references/02b-jtbd.md +125 -0
- package/i18n/zh-CN/references/02c-ost-journey.md +65 -0
- package/i18n/zh-CN/references/03-define.md +118 -0
- package/i18n/zh-CN/references/04a-prfaq.md +106 -0
- package/i18n/zh-CN/references/04b-solutions.md +269 -0
- package/i18n/zh-CN/references/04c-mvp.md +21 -0
- package/i18n/zh-CN/references/05a-northstar-aha.md +93 -0
- package/i18n/zh-CN/references/05b-pmf-gtm.md +102 -0
- package/i18n/zh-CN/references/05c-validation-spec.md +117 -0
- package/i18n/zh-CN/references/06-html-report.md +123 -0
- package/i18n/zh-CN/references/07a-handoff-core.md +152 -0
- package/i18n/zh-CN/references/07b-tasks-tickets.md +215 -0
- package/i18n/zh-CN/references/07c-architecture-setup.md +197 -0
- package/i18n/zh-CN/references/08-security-checklist.md +221 -0
- package/i18n/zh-CN/references/rules-build.md +152 -0
- package/i18n/zh-CN/references/rules-change-propagation.md +74 -0
- package/i18n/zh-CN/references/rules-commands.md +98 -0
- package/i18n/zh-CN/references/rules-context.md +291 -0
- package/i18n/zh-CN/references/rules-custom.md +63 -0
- package/i18n/zh-CN/references/rules-document-tools.md +126 -0
- package/i18n/zh-CN/references/rules-end-of-flow.md +150 -0
- package/i18n/zh-CN/references/rules-export-document.md +346 -0
- package/i18n/zh-CN/references/rules-file-integration.md +65 -0
- package/i18n/zh-CN/references/rules-full.md +66 -0
- package/i18n/zh-CN/references/rules-import-document.md +261 -0
- package/i18n/zh-CN/references/rules-product-type.md +14 -0
- package/i18n/zh-CN/references/rules-progress.md +60 -0
- package/i18n/zh-CN/references/rules-quick.md +29 -0
- package/i18n/zh-CN/references/rules-revision.md +64 -0
- package/i18n/zh-TW/SKILL.md +244 -0
- package/i18n/zh-TW/commands/product-build.md +13 -0
- package/i18n/zh-TW/commands/product-dev.md +21 -0
- package/i18n/zh-TW/commands/product-full.md +13 -0
- package/i18n/zh-TW/commands/product-prd.md +14 -0
- package/i18n/zh-TW/commands/product-quick.md +13 -0
- package/i18n/zh-TW/commands/product-report.md +12 -0
- package/i18n/zh-TW/commands/product-revision.md +13 -0
- package/i18n/zh-TW/references/00-opportunity-check.md +44 -0
- package/i18n/zh-TW/references/01-strategy.md +90 -0
- package/i18n/zh-TW/references/02a-persona.md +57 -0
- package/i18n/zh-TW/references/02b-jtbd.md +125 -0
- package/i18n/zh-TW/references/02c-ost-journey.md +65 -0
- package/i18n/zh-TW/references/03-define.md +118 -0
- package/i18n/zh-TW/references/04a-prfaq.md +106 -0
- package/i18n/zh-TW/references/04b-solutions.md +269 -0
- package/i18n/zh-TW/references/04c-mvp.md +21 -0
- package/i18n/zh-TW/references/05a-northstar-aha.md +93 -0
- package/i18n/zh-TW/references/05b-pmf-gtm.md +102 -0
- package/i18n/zh-TW/references/05c-validation-spec.md +117 -0
- package/i18n/zh-TW/references/06-html-report.md +123 -0
- package/i18n/zh-TW/references/07a-handoff-core.md +152 -0
- package/i18n/zh-TW/references/07b-tasks-tickets.md +215 -0
- package/i18n/zh-TW/references/07c-architecture-setup.md +197 -0
- package/i18n/zh-TW/references/08-security-checklist.md +221 -0
- package/i18n/zh-TW/references/rules-build.md +152 -0
- package/i18n/zh-TW/references/rules-change-propagation.md +74 -0
- package/i18n/zh-TW/references/rules-commands.md +98 -0
- package/i18n/zh-TW/references/rules-context.md +291 -0
- package/i18n/zh-TW/references/rules-custom.md +63 -0
- package/i18n/zh-TW/references/rules-document-tools.md +126 -0
- package/i18n/zh-TW/references/rules-end-of-flow.md +150 -0
- package/i18n/zh-TW/references/rules-export-document.md +346 -0
- package/i18n/zh-TW/references/rules-file-integration.md +65 -0
- package/i18n/zh-TW/references/rules-full.md +66 -0
- package/i18n/zh-TW/references/rules-import-document.md +261 -0
- package/i18n/zh-TW/references/rules-product-type.md +14 -0
- package/i18n/zh-TW/references/rules-progress.md +60 -0
- package/i18n/zh-TW/references/rules-quick.md +29 -0
- package/i18n/zh-TW/references/rules-revision.md +64 -0
- package/install.sh +418 -0
- package/package.json +41 -0
- package/references/00-opportunity-check.md +44 -0
- package/references/01-strategy.md +90 -0
- package/references/02a-persona.md +57 -0
- package/references/02b-jtbd.md +125 -0
- package/references/02c-ost-journey.md +65 -0
- package/references/03-define.md +118 -0
- package/references/04a-prfaq.md +106 -0
- package/references/04b-solutions.md +269 -0
- package/references/04c-mvp.md +21 -0
- package/references/05a-northstar-aha.md +93 -0
- package/references/05b-pmf-gtm.md +102 -0
- package/references/05c-validation-spec.md +117 -0
- package/references/06-html-report.md +123 -0
- package/references/07a-handoff-core.md +152 -0
- package/references/07b-tasks-tickets.md +215 -0
- package/references/07c-architecture-setup.md +197 -0
- package/references/08-security-checklist.md +221 -0
- package/references/rules-build.md +152 -0
- package/references/rules-change-propagation.md +74 -0
- package/references/rules-commands.md +98 -0
- package/references/rules-context.md +291 -0
- package/references/rules-custom.md +63 -0
- package/references/rules-document-tools.md +126 -0
- package/references/rules-end-of-flow.md +150 -0
- package/references/rules-export-document.md +346 -0
- package/references/rules-file-integration.md +65 -0
- package/references/rules-full.md +66 -0
- package/references/rules-import-document.md +261 -0
- package/references/rules-product-type.md +14 -0
- package/references/rules-progress.md +60 -0
- package/references/rules-quick.md +29 -0
- package/references/rules-revision.md +64 -0
- package/references/templates/prd-style.css +464 -0
- package/references/templates/report-style.css +114 -0
|
@@ -0,0 +1,197 @@
|
|
|
1
|
+
# Development Handoff — ARCHITECTURE.md + setup.sh
|
|
2
|
+
|
|
3
|
+
## 📄 ARCHITECTURE.md Template
|
|
4
|
+
|
|
5
|
+
```markdown
|
|
6
|
+
# [Product Name] — Technical Architecture
|
|
7
|
+
|
|
8
|
+
## Directory Structure
|
|
9
|
+
|
|
10
|
+
[Generate the corresponding directory structure based on the tech stack]
|
|
11
|
+
|
|
12
|
+
## Database Design
|
|
13
|
+
|
|
14
|
+
[Consolidate from the PRD's DB Schema — convert to CREATE TABLE SQL or ORM model definitions]
|
|
15
|
+
|
|
16
|
+
### ER Diagram
|
|
17
|
+
|
|
18
|
+
[Mermaid erDiagram]
|
|
19
|
+
|
|
20
|
+
### Key Table Descriptions
|
|
21
|
+
|
|
22
|
+
| Table | Description | Key Fields | Index Recommendations |
|
|
23
|
+
|-------|------------|------------|----------------------|
|
|
24
|
+
| | | | |
|
|
25
|
+
|
|
26
|
+
## API Design
|
|
27
|
+
|
|
28
|
+
[Define RESTful API endpoints or GraphQL schema based on User Stories and feature specs]
|
|
29
|
+
|
|
30
|
+
### Endpoints List
|
|
31
|
+
|
|
32
|
+
| Method | Path | Description | Corresponding Task |
|
|
33
|
+
|--------|------|------------|-------------------|
|
|
34
|
+
| GET | /api/v1/[resource] | [Description] | T1.1 |
|
|
35
|
+
| POST | /api/v1/[resource] | [Description] | T1.2 |
|
|
36
|
+
|
|
37
|
+
### Authentication
|
|
38
|
+
|
|
39
|
+
[JWT / Session / OAuth, etc.]
|
|
40
|
+
|
|
41
|
+
## Third-Party Services
|
|
42
|
+
|
|
43
|
+
| Service | Purpose | Corresponding Feature |
|
|
44
|
+
|---------|---------|----------------------|
|
|
45
|
+
| | | |
|
|
46
|
+
|
|
47
|
+
## Security Architecture
|
|
48
|
+
|
|
49
|
+
### CORS Configuration
|
|
50
|
+
|
|
51
|
+
| Setting | Value | Notes |
|
|
52
|
+
|---------|-------|-------|
|
|
53
|
+
| Allowed Origins | [Production domain, localhost:port] | Do not use wildcard * |
|
|
54
|
+
| Allowed Methods | GET, POST, PUT, DELETE | Based on actual API needs |
|
|
55
|
+
| Allowed Headers | Content-Type, Authorization | |
|
|
56
|
+
| Credentials | true/false | Depends on authentication method |
|
|
57
|
+
|
|
58
|
+
### Security Headers
|
|
59
|
+
|
|
60
|
+
[Select applicable headers from references/08-security-checklist.md §5 based on product requirements]
|
|
61
|
+
|
|
62
|
+
### Rate Limiting Strategy
|
|
63
|
+
|
|
64
|
+
| Endpoint Type | Limit | Identification Method |
|
|
65
|
+
|--------------|-------|----------------------|
|
|
66
|
+
| General API | [X] req/min | IP + User ID |
|
|
67
|
+
| Login/Register | [X] req/min | IP |
|
|
68
|
+
| File Upload | [X] req/min | User ID |
|
|
69
|
+
|
|
70
|
+
### Sensitive Data Handling
|
|
71
|
+
|
|
72
|
+
- Secret management: [.env + platform env vars / Secrets Manager]
|
|
73
|
+
- Logging rules: Never log passwords, tokens, or personal data
|
|
74
|
+
- Data encryption: [TLS in transit / encryption at rest requirements]
|
|
75
|
+
|
|
76
|
+
> Full security checklist at `references/08-security-checklist.md`
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
---
|
|
80
|
+
|
|
81
|
+
## 📄 .gitignore Template
|
|
82
|
+
|
|
83
|
+
```gitignore
|
|
84
|
+
# Environment variables and secrets
|
|
85
|
+
.env
|
|
86
|
+
.env.local
|
|
87
|
+
.env.*.local
|
|
88
|
+
*.pem
|
|
89
|
+
*.key
|
|
90
|
+
|
|
91
|
+
# Product planning progress (may contain sensitive business information)
|
|
92
|
+
.product-playbook-progress.md
|
|
93
|
+
|
|
94
|
+
# IDE and OS
|
|
95
|
+
.idea/
|
|
96
|
+
.vscode/
|
|
97
|
+
*.swp
|
|
98
|
+
.DS_Store
|
|
99
|
+
Thumbs.db
|
|
100
|
+
|
|
101
|
+
# Dependencies
|
|
102
|
+
node_modules/
|
|
103
|
+
__pycache__/
|
|
104
|
+
*.pyc
|
|
105
|
+
venv/
|
|
106
|
+
|
|
107
|
+
# Build output
|
|
108
|
+
dist/
|
|
109
|
+
build/
|
|
110
|
+
.next/
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
---
|
|
114
|
+
|
|
115
|
+
## 📄 setup.sh Template
|
|
116
|
+
|
|
117
|
+
```bash
|
|
118
|
+
#!/bin/bash
|
|
119
|
+
# [Product Name] — Project Initialization Script
|
|
120
|
+
# Usage: chmod +x scripts/setup.sh && ./scripts/setup.sh
|
|
121
|
+
|
|
122
|
+
set -e
|
|
123
|
+
|
|
124
|
+
echo "🚀 Initializing [Product Name]..."
|
|
125
|
+
|
|
126
|
+
# ===== Check prerequisites =====
|
|
127
|
+
command -v [node/python/etc] >/dev/null 2>&1 || { echo "❌ [runtime] is required"; exit 1; }
|
|
128
|
+
|
|
129
|
+
# ===== Install dependencies =====
|
|
130
|
+
echo "📦 Installing dependencies..."
|
|
131
|
+
[npm install / pip install -r requirements.txt / etc]
|
|
132
|
+
|
|
133
|
+
# ===== Environment setup =====
|
|
134
|
+
if [ ! -f .env ]; then
|
|
135
|
+
echo "📝 Creating .env file..."
|
|
136
|
+
cp .env.example .env
|
|
137
|
+
echo "⚠️ Please edit .env and fill in the required environment variables"
|
|
138
|
+
fi
|
|
139
|
+
|
|
140
|
+
# ===== Database initialization =====
|
|
141
|
+
echo "🗄️ Initializing database..."
|
|
142
|
+
[migration commands]
|
|
143
|
+
|
|
144
|
+
echo ""
|
|
145
|
+
echo "✅ Initialization complete!"
|
|
146
|
+
echo ""
|
|
147
|
+
echo "Next steps:"
|
|
148
|
+
echo " 1. Edit .env to fill in environment variables"
|
|
149
|
+
echo " 2. Start the dev server: [start command]"
|
|
150
|
+
echo " 3. Start developing: claude \"Read CLAUDE.md and TASKS.md, then start executing Phase 1\""
|
|
151
|
+
```
|
|
152
|
+
|
|
153
|
+
---
|
|
154
|
+
|
|
155
|
+
## User Guidance Text
|
|
156
|
+
|
|
157
|
+
### In Claude Chat / Cowork
|
|
158
|
+
|
|
159
|
+
After producing the handoff package, display the following guidance:
|
|
160
|
+
|
|
161
|
+
```
|
|
162
|
+
📦 Development handoff package is ready! It includes the following files:
|
|
163
|
+
|
|
164
|
+
CLAUDE.md → Claude Code's project memory (product context + tech specs)
|
|
165
|
+
TASKS.md → Development task list (4 Phases, [N] Tasks total)
|
|
166
|
+
TICKETS.md → Ticket list ([N] tickets, ready to create in Jira/Asana/Linear)
|
|
167
|
+
docs/PRD.md → Full PRD
|
|
168
|
+
docs/ARCHITECTURE.md → Technical architecture (DB schema + API + directory structure)
|
|
169
|
+
docs/PRODUCT-SPEC.md → Product Spec Summary
|
|
170
|
+
scripts/setup.sh → One-click initialization script
|
|
171
|
+
|
|
172
|
+
🔗 How to start developing:
|
|
173
|
+
|
|
174
|
+
1. Download and extract to your project folder
|
|
175
|
+
2. Open a terminal and navigate to the project folder
|
|
176
|
+
3. Launch Claude Code:
|
|
177
|
+
$ claude
|
|
178
|
+
4. Tell Claude Code to begin:
|
|
179
|
+
> Read CLAUDE.md and TASKS.md, then start executing Phase 0
|
|
180
|
+
|
|
181
|
+
💡 Tips:
|
|
182
|
+
- Claude Code automatically reads CLAUDE.md, so it already knows the full product context
|
|
183
|
+
- After each Phase is complete, it will ask whether to proceed to the next Phase
|
|
184
|
+
- To adjust feature scope, just edit TASKS.md directly
|
|
185
|
+
- The "Explicitly Not Doing" list in CLAUDE.md prevents Claude Code from building out of scope
|
|
186
|
+
```
|
|
187
|
+
|
|
188
|
+
### Pre-Output Final Confirmation
|
|
189
|
+
|
|
190
|
+
```
|
|
191
|
+
Before producing the development handoff package, I need to confirm a few things:
|
|
192
|
+
|
|
193
|
+
1. Tech stack: [Confirmed / Needs confirmation]
|
|
194
|
+
2. Product name (for the project folder name): [Confirmed / Needs confirmation]
|
|
195
|
+
3. Any other technical constraints or preferences?
|
|
196
|
+
- e.g., Must use a specific ORM, need to support specific browsers, existing CI/CD, etc.
|
|
197
|
+
```
|
|
@@ -0,0 +1,221 @@
|
|
|
1
|
+
# Security Checklist
|
|
2
|
+
|
|
3
|
+
> Loaded before producing the development handoff package. Ensures that critical security requirements are considered during the product planning phase, preventing security from becoming an afterthought.
|
|
4
|
+
|
|
5
|
+
## 🔐 Security Architecture Quick Check
|
|
6
|
+
|
|
7
|
+
Before producing the development handoff package, verify each of the following security aspects. Mark each as ✅ (covered in planning) or ❌ (needs to be added).
|
|
8
|
+
|
|
9
|
+
### 1. Authentication & Authorization
|
|
10
|
+
|
|
11
|
+
```
|
|
12
|
+
| Check Item | Status | Notes |
|
|
13
|
+
|-----------|--------|-------|
|
|
14
|
+
| Authentication method determined (JWT / Session / OAuth / Passkey) | | |
|
|
15
|
+
| Token storage is secure (HttpOnly Cookie, not localStorage) | | |
|
|
16
|
+
| Token expiration and refresh mechanism designed | | |
|
|
17
|
+
| Password storage uses bcrypt / argon2 (not MD5/SHA) | | |
|
|
18
|
+
| Permission model defined (RBAC / ABAC / simple roles) | | |
|
|
19
|
+
| All API endpoints have corresponding authorization checks | | |
|
|
20
|
+
| Login failures have brute-force protection (lockout / progressive delay) | | |
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
**JWT Best Practices (if using JWT):**
|
|
24
|
+
- Use short-lived Access Tokens (15-30 minutes) + long-lived Refresh Tokens
|
|
25
|
+
- Store Refresh Tokens in HttpOnly Secure Cookies
|
|
26
|
+
- Implement Token Revocation (invalidate Refresh Token on logout)
|
|
27
|
+
- Do not store sensitive information in the JWT payload
|
|
28
|
+
|
|
29
|
+
### 2. CORS Policy (Cross-Origin Resource Sharing)
|
|
30
|
+
|
|
31
|
+
```
|
|
32
|
+
| Check Item | Status | Notes |
|
|
33
|
+
|-----------|--------|-------|
|
|
34
|
+
| Allowed Origin list defined (no wildcard *) | | |
|
|
35
|
+
| Only necessary HTTP methods are allowed | | |
|
|
36
|
+
| Access-Control-Allow-Credentials configured | | |
|
|
37
|
+
| Preflight cache duration is reasonable (Access-Control-Max-Age) | | |
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
**CORS Configuration Template:**
|
|
41
|
+
```
|
|
42
|
+
Allowed Origins:
|
|
43
|
+
- Production: https://[your-domain.com]
|
|
44
|
+
- Development: http://localhost:[port]
|
|
45
|
+
|
|
46
|
+
Allowed Methods: GET, POST, PUT, DELETE, PATCH
|
|
47
|
+
Allowed Headers: Content-Type, Authorization
|
|
48
|
+
Credentials: true (if using cookie-based auth)
|
|
49
|
+
Max-Age: 86400 (24 hours)
|
|
50
|
+
```
|
|
51
|
+
|
|
52
|
+
### 3. Input Validation & Sanitization
|
|
53
|
+
|
|
54
|
+
```
|
|
55
|
+
| Check Item | Status | Notes |
|
|
56
|
+
|-----------|--------|-------|
|
|
57
|
+
| All API inputs have server-side validation | | |
|
|
58
|
+
| Parameterized queries used to prevent SQL Injection | | |
|
|
59
|
+
| User input is output-encoded before rendering to HTML (XSS prevention) | | |
|
|
60
|
+
| File uploads have type / size restrictions | | |
|
|
61
|
+
| URL / redirect targets have whitelist validation (Open Redirect prevention) | | |
|
|
62
|
+
```
|
|
63
|
+
|
|
64
|
+
**Validation Principles:**
|
|
65
|
+
- Frontend validation is UX; backend validation is security — both are needed, but backend validation is non-negotiable
|
|
66
|
+
- Use a Schema Validation Library (e.g., Zod, Joi, Pydantic) for unified validation logic
|
|
67
|
+
- Reject inputs that don't match expected formats — don't try to "fix" user input
|
|
68
|
+
|
|
69
|
+
### 4. CSRF Protection (Cross-Site Request Forgery)
|
|
70
|
+
|
|
71
|
+
```
|
|
72
|
+
| Check Item | Status | Notes |
|
|
73
|
+
|-----------|--------|-------|
|
|
74
|
+
| State-changing operations use POST/PUT/DELETE (not GET) | | |
|
|
75
|
+
| CSRF Token implemented or SameSite Cookie used | | |
|
|
76
|
+
| Critical operations have secondary confirmation | | |
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
### 5. Security Headers
|
|
80
|
+
|
|
81
|
+
```
|
|
82
|
+
| Header | Purpose | Recommended Value |
|
|
83
|
+
|--------|---------|-------------------|
|
|
84
|
+
| Content-Security-Policy (CSP) | Prevent XSS, data injection | default-src 'self'; script-src 'self' |
|
|
85
|
+
| X-Content-Type-Options | Prevent MIME sniffing | nosniff |
|
|
86
|
+
| X-Frame-Options | Prevent clickjacking | DENY or SAMEORIGIN |
|
|
87
|
+
| Strict-Transport-Security (HSTS) | Enforce HTTPS | max-age=31536000; includeSubDomains |
|
|
88
|
+
| X-XSS-Protection | Browser XSS filter | 0 (relying on CSP is more reliable) |
|
|
89
|
+
| Referrer-Policy | Control referrer information | strict-origin-when-cross-origin |
|
|
90
|
+
| Permissions-Policy | Restrict browser features | camera=(), microphone=(), geolocation=() |
|
|
91
|
+
```
|
|
92
|
+
|
|
93
|
+
### 6. API Security & Rate Limiting
|
|
94
|
+
|
|
95
|
+
```
|
|
96
|
+
| Check Item | Status | Notes |
|
|
97
|
+
|-----------|--------|-------|
|
|
98
|
+
| API has global rate limiting (e.g., 100 req/min/IP) | | |
|
|
99
|
+
| Sensitive endpoints have stricter limits (login 5 req/min, register 3 req/min) | | |
|
|
100
|
+
| API error responses don't leak internal details (stack traces, SQL statements) | | |
|
|
101
|
+
| API versioning strategy determined (/api/v1/) | | |
|
|
102
|
+
| Bulk data endpoints have pagination limits | | |
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
**Rate Limiting Design Recommendations:**
|
|
106
|
+
```
|
|
107
|
+
| Endpoint Type | Recommended Limit | Identification Method |
|
|
108
|
+
|--------------|-------------------|----------------------|
|
|
109
|
+
| General API | 100 req/min | IP + User ID |
|
|
110
|
+
| Login/Register | 5 req/min | IP |
|
|
111
|
+
| Password Reset | 3 req/hour | IP + Email |
|
|
112
|
+
| File Upload | 10 req/min | User ID |
|
|
113
|
+
| Search/Query | 30 req/min | IP + User ID |
|
|
114
|
+
```
|
|
115
|
+
|
|
116
|
+
### 7. Anti-Scraping & Bot Protection
|
|
117
|
+
|
|
118
|
+
```
|
|
119
|
+
| Check Item | Status | Notes |
|
|
120
|
+
|-----------|--------|-------|
|
|
121
|
+
| robots.txt configured (restrict sensitive paths) | | |
|
|
122
|
+
| Critical forms have bot protection (reCAPTCHA / hCaptcha / Honeypot) | | |
|
|
123
|
+
| API has User-Agent checks (optional) | | |
|
|
124
|
+
| Sensitive operations have behavioral analysis (optional, advanced) | | |
|
|
125
|
+
```
|
|
126
|
+
|
|
127
|
+
**Layered Protection Strategy:**
|
|
128
|
+
1. **Basic layer**: Rate Limiting + robots.txt — Every product should have this
|
|
129
|
+
2. **Standard layer**: + CAPTCHA (registration/login) + Honeypot fields — Recommended for B2C products
|
|
130
|
+
3. **Advanced layer**: + Behavioral analysis + IP reputation + Device Fingerprint — High-risk products
|
|
131
|
+
|
|
132
|
+
### 8. Sensitive Data Protection
|
|
133
|
+
|
|
134
|
+
```
|
|
135
|
+
| Check Item | Status | Notes |
|
|
136
|
+
|-----------|--------|-------|
|
|
137
|
+
| Sensitive data encrypted in transit (HTTPS/TLS) | | |
|
|
138
|
+
| Sensitive data encrypted at rest (if required) | | |
|
|
139
|
+
| Secrets and keys not stored in code | | |
|
|
140
|
+
| .env and sensitive files added to .gitignore | | |
|
|
141
|
+
| Logs don't record passwords, tokens, credit card numbers, etc. | | |
|
|
142
|
+
| Clear data retention and deletion policy (GDPR if applicable) | | |
|
|
143
|
+
```
|
|
144
|
+
|
|
145
|
+
**Secrets Management Recommendations:**
|
|
146
|
+
- Development: `.env` file (not in version control) + `.env.example` (key names only, no values)
|
|
147
|
+
- Production: Use platform-provided env var management (Vercel Environment Variables / Railway Variables / AWS Secrets Manager)
|
|
148
|
+
- Never mention secrets in commit messages, PR descriptions, or issues
|
|
149
|
+
|
|
150
|
+
### 9. .gitignore Security Template
|
|
151
|
+
|
|
152
|
+
```gitignore
|
|
153
|
+
# Environment variables and secrets
|
|
154
|
+
.env
|
|
155
|
+
.env.local
|
|
156
|
+
.env.*.local
|
|
157
|
+
*.pem
|
|
158
|
+
*.key
|
|
159
|
+
|
|
160
|
+
# Product planning progress (may contain sensitive business information)
|
|
161
|
+
.product-playbook-progress.md
|
|
162
|
+
|
|
163
|
+
# IDE and OS
|
|
164
|
+
.idea/
|
|
165
|
+
.vscode/
|
|
166
|
+
*.swp
|
|
167
|
+
.DS_Store
|
|
168
|
+
Thumbs.db
|
|
169
|
+
|
|
170
|
+
# Dependencies
|
|
171
|
+
node_modules/
|
|
172
|
+
__pycache__/
|
|
173
|
+
*.pyc
|
|
174
|
+
venv/
|
|
175
|
+
|
|
176
|
+
# Build output
|
|
177
|
+
dist/
|
|
178
|
+
build/
|
|
179
|
+
.next/
|
|
180
|
+
```
|
|
181
|
+
|
|
182
|
+
---
|
|
183
|
+
|
|
184
|
+
## 🏷️ OWASP Top 10 Quick Reference
|
|
185
|
+
|
|
186
|
+
| # | Risk | Relevant to This Product? | Corresponding Check |
|
|
187
|
+
|---|------|--------------------------|-------------------|
|
|
188
|
+
| A01 | Broken Access Control | [Yes/No] | §1 Authentication & Authorization |
|
|
189
|
+
| A02 | Cryptographic Failures | [Yes/No] | §8 Sensitive Data Protection |
|
|
190
|
+
| A03 | Injection (SQL / XSS / Command) | [Yes/No] | §3 Input Validation |
|
|
191
|
+
| A04 | Insecure Design | [Yes/No] | Overall architecture design |
|
|
192
|
+
| A05 | Security Misconfiguration | [Yes/No] | §5 Headers + §2 CORS |
|
|
193
|
+
| A06 | Vulnerable Components | [Yes/No] | Dependency management (npm audit / pip audit) |
|
|
194
|
+
| A07 | Authentication Failures | [Yes/No] | §1 Authentication & Authorization |
|
|
195
|
+
| A08 | Data Integrity Failures | [Yes/No] | §3 Input Validation + §8 Data Protection |
|
|
196
|
+
| A09 | Logging & Monitoring Failures | [Yes/No] | §8 Logging rules |
|
|
197
|
+
| A10 | SSRF (Server-Side Request Forgery) | [Yes/No] | §3 URL whitelist validation |
|
|
198
|
+
|
|
199
|
+
---
|
|
200
|
+
|
|
201
|
+
## 📎 Integration Timing
|
|
202
|
+
|
|
203
|
+
| Trigger | Integration Action |
|
|
204
|
+
|---------|-------------------|
|
|
205
|
+
| Before producing the dev handoff package | Run the security quick check, integrate results into CLAUDE.md "Risk Alerts" and ARCHITECTURE.md "Security Architecture" sections |
|
|
206
|
+
| When producing the PRD | Integrate security check results into PRD §6 "Technical Considerations → Security Requirements" |
|
|
207
|
+
| Pre-mortem step | Prompt the user to consider security failure scenarios |
|
|
208
|
+
| Revision mode S1 | Prompt the user to provide the existing product's current security posture |
|
|
209
|
+
|
|
210
|
+
## Quality Self-Check
|
|
211
|
+
|
|
212
|
+
```
|
|
213
|
+
| Check Item | ✅/❌ |
|
|
214
|
+
|-----------|------|
|
|
215
|
+
| Authentication method explicitly chosen, not left as "TBD" | |
|
|
216
|
+
| At least 3 security headers planned | |
|
|
217
|
+
| Rate limiting strategy tailored to product characteristics (not just copied from template) | |
|
|
218
|
+
| .gitignore includes all sensitive files | |
|
|
219
|
+
| All OWASP Top 10 items marked "relevant" have corresponding measures | |
|
|
220
|
+
| Security measure complexity matches the product stage (MVP doesn't need perfect security, but the basics are non-negotiable) | |
|
|
221
|
+
```
|
|
@@ -0,0 +1,152 @@
|
|
|
1
|
+
# ⚡ Build Mode Step Sequence (7 Steps + Final Output)
|
|
2
|
+
|
|
3
|
+
> This file is the authoritative step definition for Build Mode. Loaded by the SKILL.md core dispatcher.
|
|
4
|
+
|
|
5
|
+
> ⚠️ Required reminder: "Skipping the user research phase means your solution is built on assumptions. We recommend conducting Continuous Discovery as soon as possible after execution to validate."
|
|
6
|
+
|
|
7
|
+
## Step Sequence
|
|
8
|
+
|
|
9
|
+
```
|
|
10
|
+
S1. Confirm problem statement (one sentence)
|
|
11
|
+
S2. PR-FAQ → Read references/04a-prfaq.md
|
|
12
|
+
S3. Parallel solutions → Read references/04b-solutions.md → 3.2
|
|
13
|
+
S4. Pre-mortem → Read references/04b-solutions.md → 3.3
|
|
14
|
+
S5. GEM + RICE Prioritization → Read references/04b-solutions.md → 3.4 + 3.5
|
|
15
|
+
S6. MVP + Not Doing List → Read references/04c-mvp.md
|
|
16
|
+
S7. North Star + Aha Moment → Read references/05a-northstar-aha.md
|
|
17
|
+
────
|
|
18
|
+
Final Output → Engineer-oriented execution summary
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
## Reference Loading Instructions
|
|
22
|
+
|
|
23
|
+
| Step | Reference File |
|
|
24
|
+
|------|---------------|
|
|
25
|
+
| S1 | No external reference needed (directly guide the user to state the problem) |
|
|
26
|
+
| S2 | `references/04a-prfaq.md` |
|
|
27
|
+
| S3-S5 | `references/04b-solutions.md` |
|
|
28
|
+
| S6 | `references/04c-mvp.md` |
|
|
29
|
+
| S7 | `references/05a-northstar-aha.md` |
|
|
30
|
+
|
|
31
|
+
## Final Output Format
|
|
32
|
+
|
|
33
|
+
**Engineer-oriented execution summary**: Solution decisions → MVP boundary → Success metrics → Key risks
|
|
34
|
+
|
|
35
|
+
After completion, follow `references/rules-end-of-flow.md` to execute the end-of-flow rules.
|
|
36
|
+
|
|
37
|
+
---
|
|
38
|
+
|
|
39
|
+
## 🔧 Feature Extension Quick Path (4 Steps)
|
|
40
|
+
|
|
41
|
+
> Automatically switches to this path when the user is **adding a single feature to an existing product**.
|
|
42
|
+
> Trigger conditions: User description includes phrases like "add a feature," "new feature," "add XX functionality," "on the existing system," "existing product needs," etc.
|
|
43
|
+
|
|
44
|
+
**Differences from the full Build Mode (7 steps)**: An existing product already has a North Star, Aha Moment, and product positioning — no need to redefine them. A single feature does not require a PR-FAQ press release or full GEM+RICE re-prioritization. The focus is on "what to add, how to add it, and whether it will break existing functionality."
|
|
45
|
+
|
|
46
|
+
### Feature Extension Step Sequence
|
|
47
|
+
|
|
48
|
+
```
|
|
49
|
+
S1. Problem + existing system context
|
|
50
|
+
S2. Three parallel solutions + pros/cons + AI recommendation → Read references/04b-solutions.md → 3.2
|
|
51
|
+
S3. Risk assessment (regression + compatibility) → Read references/04b-solutions.md → 3.3
|
|
52
|
+
S4. Execution scope (what to do / what not to touch / acceptance criteria) → Read references/04c-mvp.md
|
|
53
|
+
────
|
|
54
|
+
Final Output → Feature development spec
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
### S1 Pre-step: Product Context Loading
|
|
58
|
+
|
|
59
|
+
Before entering S1, read `references/rules-context.md` and check `.product-context.md`:
|
|
60
|
+
|
|
61
|
+
- **Complete context available (Scenario 1)**: Automatically bring in product name, tech stack, key modules, and the 3 most recent Decision History entries. Change S1 guidance to **confirmation-style**: "Your product is [name], using [tech stack], with key modules including [module list]. What feature do you want to add? Which modules will be affected?" (Questions 2 and part of question 3 are pre-filled — just needs confirmation)
|
|
62
|
+
- **No context (Scenario 2)**: Trigger Context Bootstrap (`rules-context.md` Section 4), then proceed to the standard S1 below
|
|
63
|
+
- **Partial context (Scenario 3)**: Bring in known tech stack and modules (merged from Decision History), and collect the missing parts. For example: "Besides [known modules], are there other modules that might be affected?"
|
|
64
|
+
|
|
65
|
+
### S1 Guidance Content (Problem + Existing System Context)
|
|
66
|
+
|
|
67
|
+
Claude needs to collect the following information (guide step by step — do not ask all questions at once. If context has pre-filled some answers, confirm rather than re-collect):
|
|
68
|
+
|
|
69
|
+
```
|
|
70
|
+
1. What feature do you want to add? What problem does it solve?
|
|
71
|
+
2. Current product architecture overview (tech stack, key modules) ← context can pre-fill
|
|
72
|
+
3. Which existing modules will this feature affect? ← context can partially pre-fill
|
|
73
|
+
4. Is there any user feedback or data supporting this requirement?
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
### S2 Guidance Content (Three Parallel Solutions + AI Recommendation)
|
|
77
|
+
|
|
78
|
+
```
|
|
79
|
+
| HMW | Solution A (Conservative / minimal change) | Solution B (Balanced) | Solution C (Bold / refactor) |
|
|
80
|
+
|-----|-------------------------------------------|----------------------|----------------------------|
|
|
81
|
+
| [Problem] | | | |
|
|
82
|
+
|
|
83
|
+
| Solution | Pros | Cons | Impact Scope | Implementation Complexity |
|
|
84
|
+
|----------|------|------|-------------|--------------------------|
|
|
85
|
+
| A | | | | |
|
|
86
|
+
| B | | | | |
|
|
87
|
+
| C | | | | |
|
|
88
|
+
|
|
89
|
+
🤖 AI Recommendation: Solution [X]
|
|
90
|
+
Rationale: [Comprehensive judgment based on impact scope, complexity, and risk]
|
|
91
|
+
```
|
|
92
|
+
|
|
93
|
+
### S3 Guidance Content (Risk Assessment — Focused on Regression & Compatibility)
|
|
94
|
+
|
|
95
|
+
```
|
|
96
|
+
| Risk Type | Specific Risk | Likelihood | Mitigation |
|
|
97
|
+
|-----------|--------------|------------|------------|
|
|
98
|
+
| Regression risk | [Areas where existing features may be affected] | | |
|
|
99
|
+
| Compatibility risk | [Conflicts with existing architecture/data/APIs] | | |
|
|
100
|
+
| Performance risk | [Impact of the new feature on system performance] | | |
|
|
101
|
+
| Security risk | [Security considerations introduced by the new feature] | | |
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
### S4 Guidance Content (Execution Scope)
|
|
105
|
+
|
|
106
|
+
```
|
|
107
|
+
**What to do (Scope)**:
|
|
108
|
+
- [Specific feature items to add]
|
|
109
|
+
- [Existing modules that need modification]
|
|
110
|
+
|
|
111
|
+
**Do Not Touch**:
|
|
112
|
+
- [Modules and features explicitly not to modify]
|
|
113
|
+
- [Reason for not touching them]
|
|
114
|
+
|
|
115
|
+
**Acceptance Criteria**:
|
|
116
|
+
- [ ] [Specific testable condition]
|
|
117
|
+
- [ ] [Regression test: confirm existing features are unaffected]
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
### Feature Extension Final Output Format
|
|
121
|
+
|
|
122
|
+
**Feature development spec**: Problem statement → Selected solution + rationale → Impact scope → Execution scope + acceptance criteria → Risk list
|
|
123
|
+
|
|
124
|
+
### Incremental Document Output (when source document is available)
|
|
125
|
+
|
|
126
|
+
If the user uploaded a source document (PRD, spec, etc.) during the process:
|
|
127
|
+
|
|
128
|
+
1. **Incremental version** (default when source document exists):
|
|
129
|
+
- Insert/modify sections in the original document structure
|
|
130
|
+
- Maintain the original file's format, style, and naming conventions
|
|
131
|
+
- New content marked with `[NEW]`
|
|
132
|
+
- Modified content marked with `[UPDATED]` with original preserved as reference
|
|
133
|
+
- Sections unrelated to the new feature remain completely untouched
|
|
134
|
+
|
|
135
|
+
2. **Standalone version** (when no source document):
|
|
136
|
+
- Use the standard Feature development spec format (as defined above)
|
|
137
|
+
|
|
138
|
+
3. **Ask the user before generating**:
|
|
139
|
+
"I detected that you uploaded a [document type]. How would you like the output?
|
|
140
|
+
A) Incremental update on the original document (recommended)
|
|
141
|
+
B) Standalone feature development spec"
|
|
142
|
+
|
|
143
|
+
### Reference Loading Instructions
|
|
144
|
+
|
|
145
|
+
| Step | Reference File |
|
|
146
|
+
|------|---------------|
|
|
147
|
+
| S1 | No external reference needed |
|
|
148
|
+
| S2 | `references/04b-solutions.md` → 3.2 |
|
|
149
|
+
| S3 | `references/04b-solutions.md` → 3.3 |
|
|
150
|
+
| S4 | `references/04c-mvp.md` |
|
|
151
|
+
|
|
152
|
+
After completion, follow `references/rules-end-of-flow.md` to execute the end-of-flow rules.
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
# 🔄 Change Propagation Rules
|
|
2
|
+
|
|
3
|
+
> Loaded when the user modifies a previously completed step.
|
|
4
|
+
|
|
5
|
+
## 📍 Progress Indicator (must be displayed at every step)
|
|
6
|
+
|
|
7
|
+
When executing any step, Claude must display a progress bar at the very beginning of the response, in this format:
|
|
8
|
+
|
|
9
|
+
```
|
|
10
|
+
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
11
|
+
📍 [Execution Mode] | Progress S[current step number] / S[total steps]
|
|
12
|
+
✅ S1: [Step name] (completed)
|
|
13
|
+
✅ S2: [Step name] (completed)
|
|
14
|
+
▶️ S3: [Step name] (in progress)
|
|
15
|
+
⬜ S4: [Step name] (pending)
|
|
16
|
+
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
17
|
+
```
|
|
18
|
+
|
|
19
|
+
This progress indicator must appear in the following situations:
|
|
20
|
+
- When entering a new step
|
|
21
|
+
- When the user goes back to a step to make modifications
|
|
22
|
+
- When completing a step and prompting the user for confirmation before moving to the next step
|
|
23
|
+
|
|
24
|
+
## Trigger Methods
|
|
25
|
+
- "Go back to Persona," "Go back to JTBD," "Go back to HMW," "Go back to PR-FAQ," or any other step name
|
|
26
|
+
- "I want to modify [step name]," "[step name] — I want to change something"
|
|
27
|
+
- Directly referencing an already-produced table or content with "change this to..."
|
|
28
|
+
|
|
29
|
+
## Required Actions After Modification
|
|
30
|
+
|
|
31
|
+
When any step is modified, Claude **must proactively perform the following checks**:
|
|
32
|
+
|
|
33
|
+
```
|
|
34
|
+
Modified Layer Affected Downstream (must re-confirm or update)
|
|
35
|
+
─────────────────────────────────────────────────────
|
|
36
|
+
Persona / JTBD → HMW, Opportunity Assessment Table, Positioning, PR-FAQ, North Star, Product Spec Summary
|
|
37
|
+
HMW / Opportunity Assessment → PR-FAQ, Parallel Solutions, MVP, North Star, Product Spec Summary
|
|
38
|
+
Positioning → PR-FAQ, Product Spec Summary
|
|
39
|
+
PR-FAQ / Solutions → Pre-mortem, GEM/RICE, MVP, Aha Moment, Product Spec Summary
|
|
40
|
+
MVP / Not Doing List → User Story, DB schema (if already generated), Product Spec Summary
|
|
41
|
+
North Star / Metrics → Hypothesis Validation Plan, Product Spec Summary
|
|
42
|
+
Product Spec Summary → HTML Report, PRD (if already generated)
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
### Feature Extension dependency:
|
|
46
|
+
```
|
|
47
|
+
Feature Extension dependency:
|
|
48
|
+
─────────────────────────────────────────────────────
|
|
49
|
+
S1 (Problem + Context) → S2 (Solutions), S3 (Risks), S4 (Execution Scope)
|
|
50
|
+
S2 (Selected Solution) → S3 (Risks), S4 (Execution Scope)
|
|
51
|
+
S3 (Risk Assessment) → S4 (Execution Scope)
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
## Execution Process
|
|
55
|
+
|
|
56
|
+
1. **Inform the user of the impact scope**: "You modified [step]. This affects [list of downstream steps]. I will update each one."
|
|
57
|
+
2. **Confirm or auto-update downstream items**:
|
|
58
|
+
- If the downstream change is minor (wording adjustments) → Update directly and explain what changed
|
|
59
|
+
- If the downstream change is significant (directional shift) → Prompt the user to confirm the new direction before updating
|
|
60
|
+
3. **Re-integrate the Product Spec Summary**
|
|
61
|
+
4. **If an HTML report or PRD has already been generated**: Re-generate it directly and output a version snapshot:
|
|
62
|
+
|
|
63
|
+
```
|
|
64
|
+
📋 Version Snapshot v[old version] → v[new version]
|
|
65
|
+
Modified step: [Step name]
|
|
66
|
+
Key content before modification: [1-3 sentences]
|
|
67
|
+
Key content after modification: [1-3 sentences]
|
|
68
|
+
Downstream updates triggered: [Which steps were also adjusted]
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
## Principles
|
|
72
|
+
- No modification happens silently — the impact scope must always be explicitly communicated
|
|
73
|
+
- The user has the right to choose "only modify this step, leave downstream as-is for now." Claude must mark which parts are outdated (add a ⚠️ Needs Update label)
|
|
74
|
+
- Modification history remains traceable within the conversation
|