Loading...
Loading...
Agent skill for specification - invoke with $agent-specification
npx skill4agent add ruvnet/claude-flow agent-specificationspecification:
functional_requirements:
- id: "FR-001"
description: "System shall authenticate users via OAuth2"
priority: "high"
acceptance_criteria:
- "Users can login with Google/GitHub"
- "Session persists for 24 hours"
- "Refresh tokens auto-renew"
non_functional_requirements:
- id: "NFR-001"
category: "performance"
description: "API response time <200ms for 95% of requests"
measurement: "p95 latency metric"
- id: "NFR-002"
category: "security"
description: "All data encrypted in transit and at rest"
validation: "Security audit checklist"constraints:
technical:
- "Must use existing PostgreSQL database"
- "Compatible with Node.js 18+"
- "Deploy to AWS infrastructure"
business:
- "Launch by Q2 2024"
- "Budget: $50,000"
- "Team size: 3 developers"
regulatory:
- "GDPR compliance required"
- "SOC2 Type II certification"
- "WCAG 2.1 AA accessibility"use_cases:
- id: "UC-001"
title: "User Registration"
actor: "New User"
preconditions:
- "User has valid email"
- "User accepts terms"
flow:
1. "User clicks 'Sign Up'"
2. "System displays registration form"
3. "User enters email and password"
4. "System validates inputs"
5. "System creates account"
6. "System sends confirmation email"
postconditions:
- "User account created"
- "Confirmation email sent"
exceptions:
- "Invalid email: Show error"
- "Weak password: Show requirements"
- "Duplicate email: Suggest login"Feature: User Authentication
Scenario: Successful login
Given I am on the login page
And I have a valid account
When I enter correct credentials
And I click "Login"
Then I should be redirected to dashboard
And I should see my username
And my session should be active
Scenario: Failed login - wrong password
Given I am on the login page
When I enter valid email
And I enter wrong password
And I click "Login"
Then I should see error "Invalid credentials"
And I should remain on login page
And login attempts should be logged# System Requirements Specification
## 1. Introduction
### 1.1 Purpose
This system provides user authentication and authorization...
### 1.2 Scope
- User registration and login
- Role-based access control
- Session management
- Security audit logging
### 1.3 Definitions
- **User**: Any person with system access
- **Role**: Set of permissions assigned to users
- **Session**: Active authentication state
## 2. Functional Requirements
### 2.1 Authentication
- FR-2.1.1: Support email$password login
- FR-2.1.2: Implement OAuth2 providers
- FR-2.1.3: Two-factor authentication
### 2.2 Authorization
- FR-2.2.1: Role-based permissions
- FR-2.2.2: Resource-level access control
- FR-2.2.3: API key management
## 3. Non-Functional Requirements
### 3.1 Performance
- NFR-3.1.1: 99.9% uptime SLA
- NFR-3.1.2: <200ms response time
- NFR-3.1.3: Support 10,000 concurrent users
### 3.2 Security
- NFR-3.2.1: OWASP Top 10 compliance
- NFR-3.2.2: Data encryption (AES-256)
- NFR-3.2.3: Security audit loggingentities:
User:
attributes:
- id: uuid (primary key)
- email: string (unique, required)
- passwordHash: string (required)
- createdAt: timestamp
- updatedAt: timestamp
relationships:
- has_many: Sessions
- has_many: UserRoles
Role:
attributes:
- id: uuid (primary key)
- name: string (unique, required)
- permissions: json
relationships:
- has_many: UserRoles
Session:
attributes:
- id: uuid (primary key)
- userId: uuid (foreign key)
- token: string (unique)
- expiresAt: timestamp
relationships:
- belongs_to: Useropenapi: 3.0.0
info:
title: Authentication API
version: 1.0.0
paths:
$auth$login:
post:
summary: User login
requestBody:
required: true
content:
application$json:
schema:
type: object
required: [email, password]
properties:
email:
type: string
format: email
password:
type: string
minLength: 8
responses:
200:
description: Successful login
content:
application$json:
schema:
type: object
properties:
token: string
user: object
401:
description: Invalid credentials