smart-spec-kit-mcp 2.0.0

package/templates/functional-spec.md

@@ -0,0 +1,191 @@
+---
+title: "[TO FILL: Feature Title]"
+workitem_id: "[TO FILL]"
+type: Functional Specification
+version: "1.0"
+status: Draft
+author: "[TO FILL]"
+created: "[TO FILL: Date]"
+last_updated: "[TO FILL: Date]"
+azure_devops_link: "[TO FILL: Link to ADO Work Item]"
+---
+
+# Functional Specification: [TO FILL: Feature Title]
+
+## 1. Overview
+
+### 1.1 Purpose
+[TO FILL: Brief description of the feature's purpose and the problem it solves]
+
+### 1.2 Scope
+[TO FILL: What is included and explicitly excluded from this feature]
+
+### 1.3 Background
+[TO FILL: Context and history leading to this feature request]
+
+---
+
+## 2. Stakeholders
+
+| Role | Name | Responsibility |
+|------|------|----------------|
+| Product Owner | [TO FILL] | Requirements validation |
+| Tech Lead | [TO FILL] | Technical decisions |
+| QA Lead | [TO FILL] | Test strategy |
+| UX Designer | [TO FILL] | User experience |
+
+---
+
+## 3. Requirements
+
+### 3.1 Functional Requirements
+
+| ID | Requirement | Priority | Source |
+|----|-------------|----------|--------|
+| FR-001 | [TO FILL] | Must Have | ADO #{workitem_id} |
+| FR-002 | [TO FILL] | Should Have | |
+| FR-003 | [TO FILL] | Could Have | |
+
+### 3.2 Non-Functional Requirements
+
+| ID | Category | Requirement | Target |
+|----|----------|-------------|--------|
+| NFR-001 | Performance | [TO FILL] | [TO FILL] |
+| NFR-002 | Security | [TO FILL] | [TO FILL] |
+| NFR-003 | Availability | [TO FILL] | [TO FILL] |
+| NFR-004 | Scalability | [TO FILL] | [TO FILL] |
+
+### 3.3 Acceptance Criteria
+
+```gherkin
+Feature: [TO FILL: Feature Name]
+
+  Scenario: [TO FILL: Main Success Scenario]
+    Given [TO FILL: Initial context]
+    When [TO FILL: Action performed]
+    Then [TO FILL: Expected outcome]
+
+  Scenario: [TO FILL: Alternative Scenario]
+    Given [TO FILL]
+    When [TO FILL]
+    Then [TO FILL]
+```
+
+---
+
+## 4. User Experience
+
+### 4.1 User Personas
+
+**Persona 1: [TO FILL: Name]**
+- Role: [TO FILL]
+- Goals: [TO FILL]
+- Pain Points: [TO FILL]
+
+### 4.2 User Stories
+
+| ID | As a... | I want to... | So that... |
+|----|---------|--------------|------------|
+| US-001 | [TO FILL] | [TO FILL] | [TO FILL] |
+| US-002 | [TO FILL] | [TO FILL] | [TO FILL] |
+
+### 4.3 User Flow
+
+```
+[TO FILL: Describe or link to user flow diagram]
+┌─────────┐    ┌─────────┐    ┌─────────┐
+│ Step 1  │───▶│ Step 2  │───▶│ Step 3  │
+└─────────┘    └─────────┘    └─────────┘
+```
+
+---
+
+## 5. Technical Considerations
+
+### 5.1 Architecture Impact
+[TO FILL: How this feature affects the existing architecture]
+
+### 5.2 Dependencies
+
+| Dependency | Type | Status | Notes |
+|------------|------|--------|-------|
+| [TO FILL] | Service/API | [TO FILL] | |
+| [TO FILL] | Library | [TO FILL] | |
+
+### 5.3 Data Model Changes
+[TO FILL: New entities, modified schemas, migrations needed]
+
+### 5.4 API Changes
+[TO FILL: New endpoints, modified contracts]
+
+---
+
+## 6. Risks & Assumptions
+
+### 6.1 Assumptions
+
+| ID | Assumption | Impact if Wrong |
+|----|------------|-----------------|
+| A-001 | [TO FILL] | [TO FILL] |
+
+### 6.2 Risks
+
+| ID | Risk | Probability | Impact | Mitigation |
+|----|------|-------------|--------|------------|
+| R-001 | [TO FILL] | Medium | High | [TO FILL] |
+
+### 6.3 Open Questions
+
+- [ ] [TO FILL: Question 1]
+- [ ] [TO FILL: Question 2]
+
+---
+
+## 7. Implementation Notes
+
+### 7.1 Suggested Approach
+[TO FILL: High-level implementation strategy]
+
+### 7.2 Phasing (if applicable)
+
+| Phase | Scope | Target Date |
+|-------|-------|-------------|
+| Phase 1 | [TO FILL] | [TO FILL] |
+| Phase 2 | [TO FILL] | [TO FILL] |
+
+---
+
+## 8. Testing Strategy
+
+### 8.1 Test Scenarios
+[TO FILL: Key scenarios to test]
+
+### 8.2 Test Data Requirements
+[TO FILL: Special data needed for testing]
+
+---
+
+## 9. Documentation & Training
+
+- [ ] User documentation required
+- [ ] Admin documentation required  
+- [ ] Training materials needed
+- [ ] Release notes entry
+
+---
+
+## 10. Approval
+
+| Role | Name | Date | Signature |
+|------|------|------|-----------|
+| Product Owner | | | ☐ Approved |
+| Tech Lead | | | ☐ Approved |
+| QA Lead | | | ☐ Approved |
+
+---
+
+## Revision History
+
+| Version | Date | Author | Changes |
+|---------|------|--------|---------|
+| 1.0 | [TO FILL] | [TO FILL] | Initial draft |

package/workflows/bugfix.yaml

@@ -0,0 +1,99 @@
+# Bugfix Workflow
+# Streamlined process for bug fixes with validation checkpoints
+
+name: bugfix
+displayName: "Bug Fix"
+description: "Structured workflow for analyzing, fixing, and validating bug corrections"
+
+metadata:
+  version: "1.0"
+  author: "Spec-Kit"
+  tags:
+    - bugfix
+    - hotfix
+    - correction
+
+template: bugfix-report.md
+defaultAgent: SpecAgent
+
+steps:
+  - id: analyze-bug
+    name: "Analyze Bug & Root Cause"
+    action: fetch_ado
+    description: |
+      Retrieve the bug work item from Azure DevOps and analyze:
+      - Reproduction steps
+      - Error logs and stack traces
+      - Affected components
+      - User impact assessment
+      
+      Identify the root cause of the issue.
+    outputs:
+      - bug_data
+      - root_cause_analysis
+
+  - id: plan-fix
+    name: "Plan Correction"
+    action: call_agent
+    agent: PlanAgent
+    description: |
+      Create a correction plan including:
+      - Proposed fix approach
+      - Files/components to modify
+      - Potential side effects
+      - Rollback strategy if needed
+      
+      Keep the fix minimal and focused.
+    inputs:
+      source: "root_cause_analysis"
+    outputs:
+      - fix_plan
+
+  - id: security-check
+    name: "Security Validation"
+    action: review
+    agent: GovAgent
+    description: |
+      Quick security review of the proposed fix:
+      - [ ] No new vulnerabilities introduced
+      - [ ] Input validation maintained
+      - [ ] No sensitive data exposure
+      - [ ] Authentication/Authorization intact
+    inputs:
+      document: "fix_plan"
+    outputs:
+      - security_clearance
+
+  - id: implement-fix
+    name: "Implement & Test"
+    action: generate_content
+    description: |
+      Implement the fix following the plan:
+      1. Write the code fix
+      2. Add unit tests for the bug scenario
+      3. Add regression tests
+      4. Update documentation if needed
+      
+      Ensure test coverage for the fixed code path.
+    inputs:
+      plan: "fix_plan"
+    outputs:
+      - code_changes
+      - test_cases
+
+  - id: final-review
+    name: "Final Review"
+    action: review
+    agent: GovAgent
+    description: |
+      Final validation before merge:
+      - [ ] Fix addresses root cause
+      - [ ] No regression introduced
+      - [ ] Tests pass
+      - [ ] Code review approved
+      - [ ] Documentation updated
+    inputs:
+      changes: "code_changes"
+      tests: "test_cases"
+    outputs:
+      - approval_status

package/workflows/feature-full.yaml

@@ -0,0 +1,344 @@
+# Full Feature Workflow with Governance
+# Complete workflow with all validation checkpoints
+
+name: feature-full
+displayName: "Feature with Full Governance"
+description: "Complete feature workflow including RGPD, Security, Architecture, Design System, and Testing validations"
+
+metadata:
+  version: "1.0"
+  author: "Spec-Kit"
+  tags:
+    - feature
+    - governance
+    - enterprise
+
+template: functional-spec.md
+defaultAgent: SpecAgent
+
+steps:
+  # ═══════════════════════════════════════════════════════════════
+  # PHASE 1: SPECIFICATION
+  # ═══════════════════════════════════════════════════════════════
+  
+  - id: fetch-requirements
+    name: "1.1 Fetch Requirements"
+    action: fetch_ado
+    description: |
+      Retrieve the Feature work item and all linked items from Azure DevOps.
+      
+      Extract:
+      - Title and description
+      - Acceptance criteria
+      - Parent Epic context
+      - Linked User Stories
+      - Attachments (mockups, documents)
+    outputs:
+      - workitem_data
+      - linked_items
+      - attachments
+
+  - id: write-spec
+    name: "1.2 Write Functional Specification"
+    action: call_agent
+    agent: SpecAgent
+    description: |
+      Generate a comprehensive functional specification including:
+      
+      **Functional Requirements**
+      - User stories with acceptance criteria
+      - Business rules
+      - Data requirements
+      
+      **Non-Functional Requirements**
+      - Performance targets
+      - Availability requirements
+      - Scalability needs
+      
+      Mark uncertain sections with [TO FILL] for human review.
+    inputs:
+      source: "workitem_data"
+    outputs:
+      - functional_spec
+
+  # ═══════════════════════════════════════════════════════════════
+  # PHASE 2: VALIDATION GATES
+  # ═══════════════════════════════════════════════════════════════
+
+  - id: rgpd-review
+    name: "2.1 🛡️ RGPD Compliance Review"
+    action: review
+    agent: GovAgent
+    description: |
+      Validate GDPR/RGPD compliance:
+      
+      **Data Collection**
+      - [ ] Personal data identified and documented
+      - [ ] Legal basis for processing defined
+      - [ ] Data minimization principle applied
+      
+      **User Rights**
+      - [ ] Right to access implemented
+      - [ ] Right to rectification supported
+      - [ ] Right to erasure (RTBF) supported
+      - [ ] Data portability considered
+      
+      **Security & Governance**
+      - [ ] Data retention period defined
+      - [ ] Third-party processors identified
+      - [ ] Privacy by design applied
+      - [ ] DPIA required? (if high risk)
+    inputs:
+      spec: "functional_spec"
+    outputs:
+      - rgpd_report
+      - rgpd_status
+
+  - id: security-review
+    name: "2.2 🔒 Security Review"
+    action: review
+    agent: GovAgent
+    description: |
+      Security assessment checklist:
+      
+      **Authentication & Authorization**
+      - [ ] Auth mechanism defined
+      - [ ] Role-based access control
+      - [ ] Session management
+      
+      **Data Protection**
+      - [ ] Encryption at rest
+      - [ ] Encryption in transit (TLS)
+      - [ ] Sensitive data handling
+      
+      **Input/Output Security**
+      - [ ] Input validation strategy
+      - [ ] Output encoding
+      - [ ] SQL injection prevention
+      - [ ] XSS prevention
+      - [ ] CSRF protection
+      
+      **Infrastructure**
+      - [ ] Secrets management
+      - [ ] Logging (without PII)
+      - [ ] Rate limiting
+      - [ ] DDoS considerations
+    inputs:
+      spec: "functional_spec"
+    outputs:
+      - security_report
+      - security_status
+
+  - id: architecture-review
+    name: "2.3 🏗️ Architecture Review"
+    action: review
+    agent: GovAgent
+    description: |
+      Architecture validation:
+      
+      **Consistency**
+      - [ ] Aligns with existing architecture
+      - [ ] Follows established patterns
+      - [ ] Uses approved technologies
+      
+      **Quality Attributes**
+      - [ ] Scalability addressed
+      - [ ] Performance requirements met
+      - [ ] Reliability/Availability design
+      - [ ] Maintainability considered
+      
+      **Technical Debt**
+      - [ ] No unnecessary complexity
+      - [ ] Reuses existing components
+      - [ ] Technical debt acceptable
+      
+      **Integration**
+      - [ ] API contracts defined
+      - [ ] Event/message schemas
+      - [ ] Database changes documented
+    inputs:
+      spec: "functional_spec"
+    outputs:
+      - architecture_report
+      - architecture_status
+
+  - id: design-review
+    name: "2.4 🎨 Design System Review"
+    action: review
+    agent: GovAgent
+    description: |
+      Design System compliance (if UI involved):
+      
+      **Components**
+      - [ ] Uses Design System components
+      - [ ] No unauthorized custom components
+      - [ ] Proper component composition
+      
+      **Visual Consistency**
+      - [ ] Color tokens used correctly
+      - [ ] Typography follows guidelines
+      - [ ] Spacing uses standard scale
+      - [ ] Icons from approved library
+      
+      **Accessibility (WCAG 2.1 AA)**
+      - [ ] Color contrast ratios
+      - [ ] Keyboard navigation
+      - [ ] Screen reader support
+      - [ ] Focus indicators
+      
+      **Responsive Design**
+      - [ ] Mobile breakpoints defined
+      - [ ] Touch targets adequate
+      - [ ] Dark mode support (if applicable)
+    inputs:
+      spec: "functional_spec"
+    outputs:
+      - design_report
+      - design_status
+
+  # ═══════════════════════════════════════════════════════════════
+  # PHASE 3: TECHNICAL PLANNING
+  # ═══════════════════════════════════════════════════════════════
+
+  - id: technical-plan
+    name: "3.1 Technical Planning"
+    action: call_agent
+    agent: PlanAgent
+    description: |
+      Create detailed technical plan:
+      
+      **Architecture Decisions**
+      - Components to create/modify
+      - Database schema changes
+      - API endpoints
+      - Integration points
+      
+      **Task Breakdown**
+      - Granular tasks (1-3 days each)
+      - Clear acceptance criteria
+      - Dependencies mapped
+      - Effort estimates (S/M/L/XL)
+      
+      **Risk Mitigation**
+      - Technical risks identified
+      - Mitigation strategies
+      - Spike tasks if needed
+    inputs:
+      spec: "functional_spec"
+      reviews: ["rgpd_report", "security_report", "architecture_report"]
+    outputs:
+      - technical_plan
+      - task_list
+
+  - id: test-strategy
+    name: "3.2 🧪 Test Strategy"
+    action: call_agent
+    agent: TestAgent
+    description: |
+      Define comprehensive test strategy:
+      
+      **Unit Tests**
+      - Critical business logic
+      - Edge cases
+      - Error handling
+      - Target: >80% coverage
+      
+      **Integration Tests**
+      - API contracts
+      - Database operations
+      - External service mocks
+      
+      **E2E Tests**
+      - Critical user journeys
+      - Happy path scenarios
+      - Key error scenarios
+      
+      **Non-Functional Tests**
+      - Performance benchmarks
+      - Load testing thresholds
+      - Security scan requirements
+    inputs:
+      spec: "functional_spec"
+      plan: "technical_plan"
+    outputs:
+      - test_strategy
+      - test_cases
+
+  # ═══════════════════════════════════════════════════════════════
+  # PHASE 4: DOCUMENTATION & FINALIZATION
+  # ═══════════════════════════════════════════════════════════════
+
+  - id: documentation
+    name: "4.1 📚 Documentation Plan"
+    action: generate_content
+    description: |
+      Identify documentation needs:
+      
+      **User Documentation**
+      - [ ] User guide updates
+      - [ ] FAQ additions
+      - [ ] Tutorial/walkthrough
+      
+      **Technical Documentation**
+      - [ ] API documentation
+      - [ ] Architecture Decision Record (ADR)
+      - [ ] Runbook updates
+      - [ ] README updates
+      
+      **Release Documentation**
+      - [ ] Changelog entry
+      - [ ] Release notes
+      - [ ] Migration guide (if breaking changes)
+    inputs:
+      spec: "functional_spec"
+      plan: "technical_plan"
+    outputs:
+      - documentation_plan
+
+  - id: final-approval
+    name: "4.2 ✅ Final Approval Gate"
+    action: review
+    agent: GovAgent
+    description: |
+      Final checklist before development starts:
+      
+      **Specification**
+      - [ ] Functional spec complete and approved
+      - [ ] All [TO FILL] sections resolved
+      - [ ] Stakeholder sign-off obtained
+      
+      **Compliance**
+      - [ ] RGPD review: PASSED
+      - [ ] Security review: PASSED
+      - [ ] Architecture review: PASSED
+      - [ ] Design review: PASSED (if applicable)
+      
+      **Planning**
+      - [ ] Technical plan approved
+      - [ ] Tasks created in ADO
+      - [ ] Test strategy defined
+      - [ ] Documentation plan ready
+      
+      **Ready for Development** ✅
+    inputs:
+      all_artifacts: true
+    outputs:
+      - final_approval
+      - development_ready
+
+  - id: create-tasks
+    name: "4.3 Create ADO Work Items"
+    action: create_file
+    description: |
+      Generate Azure DevOps work items:
+      - Create Tasks from technical plan
+      - Link to parent Feature
+      - Set estimates and priorities
+      - Assign to sprint
+      
+      Output format ready for ADO import or manual creation.
+    inputs:
+      tasks: "task_list"
+      feature_id: "context_id"
+    outputs:
+      - ado_work_items