sdd-workflow 1.1.0

package/templates/specify/templates/plan-modular-template/security.md

@@ -0,0 +1,85 @@
+# Security Design
+
+> This document describes security-related design
+
+## 1. Authentication & Authorization
+
+### 1.1 Authentication Mechanism
+
+- Use unified authentication system (SSO)
+- Token storage in secure cookies
+- Token expiry auto-redirect to login
+
+### 1.2 Access Control
+
+**Backend Access Control**:
+
+```{backend_language}
+// Role-based or permission-based access control on API endpoints
+// Only authorized users can access sensitive operations
+```
+
+**Frontend Access Control**:
+
+```{frontend_language}
+// Conditional rendering based on user permissions
+// Hide or disable UI elements based on roles
+```
+
+## 2. Data Security
+
+### 2.1 Sensitive Data Encryption
+
+- Passwords encrypted with strong hashing algorithm
+- Sensitive fields encrypted at rest
+- All communication over HTTPS
+
+### 2.2 Data Masking
+
+```{backend_language}
+// Phone number masking
+// maskPhone("13812345678") -> "138****5678"
+
+// ID card masking
+// maskIdCard("110101199001011234") -> "110101********1234"
+```
+
+## 3. Interface Security
+
+### 3.1 Parameter Validation
+
+```{backend_language}
+// Validate all input parameters on the server side
+// Use framework-provided validation where available
+```
+
+### 3.2 SQL Injection Prevention
+
+- Use parameterized queries
+- Never concatenate user input into SQL
+- Use ORM/query builder safely
+
+### 3.3 XSS Prevention
+
+- Frontend input sanitization
+- Backend output encoding
+- Content-Security-Policy headers
+
+## 4. Log Security
+
+### 4.1 Log Masking
+
+```{backend_language}
+// Never log sensitive data in plain text
+// Mask or redact sensitive fields before logging
+```
+
+### 4.2 Log Content Rules
+
+- Never log passwords
+- Never log full identification numbers
+- Never log financial account numbers
+
+---
+
+Back to [Plan Index](./README.md)

package/templates/specify/templates/plan-template.md

@@ -0,0 +1,190 @@
+# Implementation Plan
+
+> Feature ID: {feature_id}
+> Related Spec: {spec_file}
+> Created: {date}
+> Status: Draft
+
+## 1. Overview
+
+### 1.1 Implementation Goal
+{implementation_goal}
+
+### 1.2 Technology Choices
+{technology_choices}
+
+### 1.3 Design Principles
+{design_principles}
+
+## 2. Architecture Design
+
+### 2.1 Overall Architecture
+{architecture_overview}
+
+### 2.2 Module Breakdown
+{module_breakdown}
+
+### 2.3 Technology Stack
+
+> Read technology stack information from constitution.md or project configuration.
+
+#### Frontend
+- Framework: {frontend_framework}
+- UI Library: {ui_library}
+- State Management: {state_management}
+- HTTP Client: {http_client}
+- Other: {other_frontend_libs}
+
+#### Backend
+- Framework: {backend_framework}
+- ORM: {orm_framework}
+- Database: {database}
+- Other: {other_backend_libs}
+
+## 3. Data Model
+
+### 3.1 Database Design
+
+#### New Tables
+```sql
+-- {table_name} table
+CREATE TABLE {table_name} (
+    id VARCHAR(32) PRIMARY KEY,
+    -- Field definitions
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
+```
+
+#### Modified Tables
+```sql
+-- {table_name} add column
+ALTER TABLE {table_name} ADD COLUMN {column_name} {column_type};
+```
+
+### 3.2 Entity Design
+{entity_design}
+
+### 3.3 Data Flow
+{data_flow}
+
+## 4. API Design
+
+### 4.1 API List
+| Interface | Method | Path | Description |
+|-----------|--------|------|-------------|
+| {api_name} | {method} | {path} | {description} |
+
+### 4.2 API Detail Design
+
+#### {api_name}
+```json
+// Request
+{
+  "field1": "value1",
+  "field2": "value2"
+}
+
+// Response
+{
+  "code": 200,
+  "message": "success",
+  "data": {
+    // Response data
+  }
+}
+```
+
+### 4.3 API Contract File
+See: `contracts/api-spec.json`
+
+## 5. Frontend Implementation
+
+### 5.1 Page Structure
+{page_structure}
+
+### 5.2 Component Design
+| Component | Path | Function |
+|-----------|------|----------|
+| {component} | {path} | {description} |
+
+### 5.3 State Management
+{state_management}
+
+### 5.4 Route Configuration
+{route_config}
+
+## 6. Backend Implementation
+
+### 6.1 Layered Design
+
+{architecture_layer_design}
+
+### 6.2 Core Class Design
+{core_classes}
+
+### 6.3 Business Flow
+{business_flow}
+
+## 7. Security Design
+
+### 7.1 Access Control
+{permission_control}
+
+### 7.2 Data Validation
+{data_validation}
+
+### 7.3 Sensitive Data Handling
+{sensitive_data_handling}
+
+## 8. Performance Optimization
+
+### 8.1 Database Optimization
+- Index design: {index_design}
+- Query optimization: {query_optimization}
+
+### 8.2 Frontend Optimization
+- Component lazy loading: {lazy_loading}
+- Caching strategy: {caching_strategy}
+
+## 9. Test Plan
+
+### 9.1 Unit Tests
+{unit_test_plan}
+
+### 9.2 Integration Tests
+{integration_test_plan}
+
+### 9.3 E2E Tests
+{e2e_test_plan}
+
+## 10. Deployment Plan
+
+### 10.1 Environment Requirements
+{environment_requirements}
+
+### 10.2 Configuration Changes
+{configuration_changes}
+
+### 10.3 Data Migration
+{data_migration}
+
+## 11. Risk Assessment
+
+| Risk | Impact | Probability | Mitigation |
+|------|--------|-------------|------------|
+| {risk} | {impact} | {probability} | {mitigation} |
+
+## 12. Appendix
+
+### 12.1 References
+{references}
+
+### 12.2 Change Log
+| Date | Version | Change |
+|------|---------|--------|
+| {date} | v1.0 | Initial version |
+
+---
+
+*This document is generated based on SDD specification template*

package/templates/specify/templates/requirements/metadata-template.json

@@ -0,0 +1,12 @@
+{
+  "source": "{source_type}",
+  "source_url": "{source_url}",
+  "page_id": "{page_id}",
+  "title": "{title}",
+  "author": "{author}",
+  "last_updated": "{last_updated}",
+  "fetched_at": "{fetched_at}",
+  "space_key": "{space_key}",
+  "version": "{version}",
+  "child_pages": []
+}

package/templates/specify/templates/requirements/original-template.md

@@ -0,0 +1,26 @@
+# Original Requirement Document
+
+> This document is automatically fetched from the source for requirement traceability
+> Fetched at: {fetched_at}
+> Source: {source_url}
+
+---
+
+## Document Information
+
+| Item | Content |
+|------|---------|
+| Title | {title} |
+| Author | {author} |
+| Last Updated | {last_updated} |
+| Page ID | {page_id} |
+
+---
+
+## Requirement Content
+
+{content}
+
+---
+
+*This document is automatically fetched by SDD specification*

package/templates/specify/templates/spec-modular-template/README.md

@@ -0,0 +1,69 @@
+# {feature_name} - Feature Specification Index
+
+> Version: {version}
+> Created: {create_date}
+> Updated: {update_date}
+> Source: [{source_title}]({source_url})
+
+## Document Structure
+
+The specification has been split into the following modules for easier management and on-demand loading:
+
+```
+spec/
+├── README.md              # This file - specification index and overview
+├── overview.md            # Feature overview, business background
+├── user-stories.md        # All user stories
+├── acceptance-criteria.md # Acceptance criteria summary
+├── constraints.md         # Constraints and non-functional requirements
+└── changelog.md           # Change log
+```
+
+## Document Overview
+
+| Module | Content | Document |
+|--------|---------|----------|
+| Feature Overview | Business background, feature description, related modules | [overview.md](./overview.md) |
+| User Stories | All user stories (US-1, US-2...) | [user-stories.md](./user-stories.md) |
+| Acceptance Criteria | Summary of acceptance criteria per user story | [acceptance-criteria.md](./acceptance-criteria.md) |
+| Constraints | Technical constraints, performance requirements, security requirements | [constraints.md](./constraints.md) |
+| Change Log | Version change history | [changelog.md](./changelog.md) |
+
+## Quick Navigation
+
+### Core Documents
+- [Feature Overview](./overview.md) - Understand business background and goals
+- [User Stories](./user-stories.md) - View all user stories
+- [Acceptance Criteria](./acceptance-criteria.md) - Understand acceptance criteria
+
+### Auxiliary Documents
+- [Constraints](./constraints.md) - Technical and business constraints
+- [Change Log](./changelog.md) - Version change history
+
+## Core Information Summary
+
+### Business Background
+
+{Brief description of business background, 2-3 sentences}
+
+### Feature Description
+
+{Brief description of feature, 2-3 sentences}
+
+### User Story Count
+
+- Total: {total_stories} user stories
+- Core stories: {core_stories}
+- Extended stories: {extended_stories}
+
+## Usage Guide
+
+1. **View Overview**: Read this file to understand the overall structure
+2. **On-demand Loading**: Open the corresponding module document as needed
+3. **View User Stories**: Start from [user-stories.md](./user-stories.md)
+4. **Acceptance Criteria**: Refer to [acceptance-criteria.md](./acceptance-criteria.md)
+5. **Constraints**: View [constraints.md](./constraints.md) for limitations
+
+---
+
+*This document follows SDD specification, describing business requirements only, no technical implementation details*

package/templates/specify/templates/spec-modular-template/acceptance-criteria.md

@@ -0,0 +1,49 @@
+# Acceptance Criteria Summary
+
+> This document summarizes all acceptance criteria for user stories
+
+## US-1: {user_story_title}
+
+### Scenario 1: {scenario_description}
+
+```gherkin
+Given {precondition}
+When {action}
+Then {expected_result}
+And {additional_verification}
+```
+
+### Scenario 2: {scenario_description}
+
+```gherkin
+Given {precondition}
+When {action}
+Then {expected_result}
+```
+
+---
+
+## US-2: {user_story_title}
+
+### Scenario 1: {scenario_description}
+
+```gherkin
+Given {precondition}
+When {action}
+Then {expected_result}
+```
+
+---
+
+## Acceptance Checklist
+
+- [ ] US-1 All scenarios pass
+- [ ] US-2 All scenarios pass
+- [ ] US-3 All scenarios pass
+- [ ] Performance requirements met
+- [ ] Security requirements met
+- [ ] Compatibility requirements met
+
+---
+
+Back to [Specification Index](./README.md)

package/templates/specify/templates/spec-modular-template/changelog.md

@@ -0,0 +1,27 @@
+# Change Log
+
+> This document records version change history for the feature specification
+
+## Version History
+
+| Version | Date | Change | Changed By |
+|---------|------|--------|------------|
+| 1.0 | {date} | Initial version | {author} |
+
+## Detailed Changes
+
+### v1.0 (Initial Version)
+
+**Added Features**:
+- Feature 1
+- Feature 2
+- Feature 3
+
+**User Stories**:
+- US-1: {title}
+- US-2: {title}
+- US-3: {title}
+
+---
+
+Back to [Specification Index](./README.md)

package/templates/specify/templates/spec-modular-template/constraints.md

@@ -0,0 +1,125 @@
+# Constraints and Non-Functional Requirements
+
+> This document describes technical constraints, performance requirements, security requirements and other non-functional requirements
+
+## 1. Technical Constraints
+
+### 1.1 Technology Stack Constraints
+
+| Layer | Technology | Version | Notes |
+|-------|-----------|---------|-------|
+| Frontend Framework | {frontend_framework} | {frontend_version} | {frontend_notes} |
+| UI Library | {ui_library} | {ui_version} | {ui_notes} |
+| Backend Framework | {backend_framework} | {backend_version} | {backend_notes} |
+| Database | {database} | {database_version} | {database_notes} |
+
+> Fill in from constitution.md or project configuration.
+
+### 1.2 Compatibility Constraints
+
+**Browser Compatibility**:
+- Chrome 90+
+- Edge 90+
+- Firefox 88+
+- Safari 14+
+
+**Mobile Compatibility**:
+- {mobile_support_policy}
+
+### 1.3 Dependency Constraints
+
+**Restricted Technologies**:
+- No new third-party libraries without approval
+- No framework version changes without approval
+
+## 2. Performance Requirements
+
+### 2.1 Response Time
+
+| Operation | Target Response Time | Max Response Time |
+|-----------|---------------------|-------------------|
+| Page load | < 2s | < 5s |
+| List query | < 1s | < 3s |
+| Detail query | < 500ms | < 2s |
+| Data save | < 1s | < 3s |
+
+### 2.2 Concurrency Requirements
+
+- Support {concurrent_users} concurrent users
+- Peak QPS: {peak_qps}
+
+### 2.3 Data Volume Requirements
+
+- Max records per query: 1000
+- Page size: 20-100 records
+
+## 3. Security Requirements
+
+### 3.1 Authentication & Authorization
+
+- Must use unified authentication
+- Support role-based access control
+- Sensitive operations require confirmation
+
+### 3.2 Data Security
+
+- Sensitive data must be encrypted at rest
+- Logs must not contain sensitive information
+- Support data masking
+
+### 3.3 Interface Security
+
+- All APIs must require authentication
+- Prevent SQL injection
+- Prevent XSS attacks
+
+## 4. Availability Requirements
+
+### 4.1 System Availability
+
+- Availability target: 99.9%
+- Planned downtime: no more than 2 hours per month
+
+### 4.2 Fault Tolerance
+
+- Support graceful degradation
+- Critical operations support retry
+- Friendly error messages for exceptions
+
+## 5. Maintainability Requirements
+
+### 5.1 Code Standards
+
+- Follow project code conventions
+- Must pass lint/style checks
+- Critical logic must have comments
+
+### 5.2 Logging Standards
+
+- Critical operations must be logged
+- Log level usage follows conventions
+- Include necessary context information
+
+### 5.3 Documentation Requirements
+
+- API documentation must be complete
+- Complex logic must have design documentation
+- Changes must update documentation
+
+## 6. Other Constraints
+
+### 6.1 Database Constraints
+
+- No direct modification of production database
+- DDL changes must be approved
+- Must provide rollback plan
+
+### 6.2 Deployment Constraints
+
+- Must support gradual rollout
+- Must provide health check endpoint
+- Must support quick rollback
+
+---
+
+Back to [Specification Index](./README.md)

package/templates/specify/templates/spec-modular-template/overview.md

@@ -0,0 +1,60 @@
+# Feature Overview
+
+> This document describes the business background, feature description and related modules
+
+## 1. Business Background
+
+### 1.1 Current Pain Points
+
+{Describe current problems and pain points}
+
+### 1.2 Solution
+
+{Describe how this feature solves these pain points}
+
+### 1.3 Business Value
+
+{Describe the business value this feature brings}
+
+## 2. Feature Description
+
+### 2.1 Core Features
+
+{Describe core features, 2-3 paragraphs}
+
+### 2.2 Feature Scope
+
+**In Scope**:
+- Feature 1
+- Feature 2
+- Feature 3
+
+**Out of Scope**:
+- Feature 1
+- Feature 2
+
+### 2.3 User Roles
+
+| Role | Description | Permissions |
+|------|-------------|-------------|
+| Role 1 | Role description | Permission description |
+| Role 2 | Role description | Permission description |
+
+## 3. Related Modules
+
+| Module | Function | Description |
+|--------|----------|-------------|
+| Module 1 | Function description | Relationship description |
+| Module 2 | Function description | Relationship description |
+
+## 4. Business Flow
+
+```
+[User] -> [Action 1] -> [System Processing] -> [Result Display]
+```
+
+{Describe business flow in detail}
+
+---
+
+Back to [Specification Index](./README.md)

package/templates/specify/templates/spec-modular-template/user-stories.md

@@ -0,0 +1,59 @@
+# User Stories
+
+> This document contains all user stories
+
+## US-1: {user_story_title}
+
+**As** {role}
+**I want** {feature_description}
+**So that** {business_value}
+
+**Acceptance Criteria:**
+
+```gherkin
+Given {precondition}
+When {action}
+Then {expected_result}
+```
+
+```gherkin
+Given {precondition}
+When {action}
+Then {expected_result}
+```
+
+---
+
+## US-2: {user_story_title}
+
+**As** {role}
+**I want** {feature_description}
+**So that** {business_value}
+
+**Acceptance Criteria:**
+
+```gherkin
+Given {precondition}
+When {action}
+Then {expected_result}
+```
+
+---
+
+## US-3: {user_story_title}
+
+**As** {role}
+**I want** {feature_description}
+**So that** {business_value}
+
+**Acceptance Criteria:**
+
+```gherkin
+Given {precondition}
+When {action}
+Then {expected_result}
+```
+
+---
+
+Back to [Specification Index](./README.md)