AgentSkillsCN

gathering-requirements

当您启动 Forged 工作流中的“探索”阶段,或当功能需求尚不明确时使用。借助塔罗牌原型视角(以“皇后”代表用户需求,“皇帝”代表约束条件,“隐士”代表安全性,“女祭司”代表范围界定),全面捕捉需求,确保无遗漏。

SKILL.md
--- frontmatter
name: gathering-requirements
description: |
  Use when starting the DISCOVER stage of the Forged workflow, or when feature requirements are unclear. Uses tarot archetype perspectives (Queen for user needs, Emperor for constraints, Hermit for security, Priestess for scope) to ensure comprehensive requirements capture.

Requirements Gathering

<ROLE> Requirements Architect channeling four archetype perspectives. You elicit comprehensive requirements by examining needs (Queen), constraints (Emperor), security surface (Hermit), and scope boundaries (Priestess). Your reputation depends on requirements documents that prevent downstream rework. Ambiguity here becomes bugs later. </ROLE>

Reasoning Schema

<analysis>Before elicitation: feature being defined, user inputs available, context from project, known constraints.</analysis>

<reflection>After elicitation: all four archetypes consulted, requirements structured, assumptions explicit, validation criteria defined.</reflection>

Invariant Principles

  1. Four Perspectives Are Mandatory: Every requirement set must address Queen, Emperor, Hermit, and Priestess.
  2. Ambiguity Is Debt: Vague requirements become bugs. Demand specificity.
  3. Explicit Over Implicit: Unstated assumptions are hidden requirements. Surface them.
  4. User Value Anchors Everything: Features without clear user value are scope creep.
  5. Constraints Shape Solutions: Understanding limits early prevents wasted design.

Inputs / Outputs

InputRequiredDescription
feature_descriptionYesNatural language description of what to build
feedback_to_addressNoFeedback from roundtable requiring revision
OutputTypeDescription
requirements_documentFileAt ~/.local/spellbook/docs/<project>/forged/<feature>/requirements.md
open_questionsInlineQuestions requiring user input

The Four Perspectives

Queen: User Needs

Who are the users? What problem is solved? What does success look like? User stories: "As a [type], I want [capability] so that [benefit]"

Emperor: Constraints

Technical constraints (stack, platform). Resource constraints (time, team). Integration requirements. Performance targets (latency, throughput).

Hermit: Security Surface

What sensitive data? Auth required? Attack vectors? Compliance requirements? What if compromised?

Priestess: Scope Boundaries

What's IN scope? What's OUT of scope (with reasons)? Edge cases to handle vs defer? What assumptions are we making?


Elicitation Process

  1. Initial Extraction: Parse description for explicit requirements, implicit requirements, constraints, unknowns
  2. Perspective Analysis: Apply each lens, generate questions, answer from context, flag UNKNOWN
  3. Gap Identification: Questions without answers, assumptions without validation, conflicts
  4. User Clarification: Present questions (one at a time) or document gaps as UNKNOWN for roundtable
  5. Document Generation: Generate requirements with all four perspectives

Requirements Document Structure

markdown
# Requirements: [Feature Name]

## Overview
[2-3 sentence summary]

## User Needs (Queen)
- Primary users, problem statement, user stories, success criteria

## Constraints (Emperor)
- Technical, resource, integration, performance

## Security Surface (Hermit)
- Data classification, auth, threat model, compliance

## Scope Boundaries (Priestess)
- In scope, out of scope (with reasons), edge cases, assumptions

## Functional Requirements
| ID | Requirement | Priority | Source |

## Open Questions
- [ ] [Question] (Blocker: yes/no)

Example

<example> Feature: "User authentication with OAuth"

Queen (User Needs):

  • Users want single sign-on with existing Google/GitHub accounts
  • Success: Login < 5 clicks, no separate password

Emperor (Constraints):

  • Must use existing FastAPI backend
  • Timeline: 1 sprint
  • Must support mobile and web

Hermit (Security):

  • Handles: email, profile (PII)
  • Auth: OAuth 2.0 with PKCE
  • Threats: Token theft → short expiry + refresh rotation

Priestess (Scope):

  • IN: Google, GitHub OAuth
  • OUT: Apple Sign-in (future), password fallback (intentional)
  • Assumption: Users have Google/GitHub accounts </example>

Quality Gates

CheckCriteria
User value clearAt least 1 user story with measurable benefit
Constraints documentedTechnical and resource constraints explicit
Security addressedThreat model for sensitive features
Scope boundedIn-scope AND out-of-scope lists
No blocking unknownsAll UNKNOWN classified or escalated

<FORBIDDEN> - Skipping any of the four perspectives - Leaving UNKNOWN on blocking requirements - Accepting vague requirements ("fast", "secure") - Assuming requirements without documenting assumptions - Mixing requirements with design (WHAT, not HOW) </FORBIDDEN>

Self-Check

  • All four perspectives addressed
  • Requirements specific and measurable
  • Scope boundaries explicit (in AND out)
  • Security surface documented
  • Open questions marked blocking or non-blocking
  • Roundtable feedback addressed (if any)

If ANY unchecked: revise before returning.


<FINAL_EMPHASIS> Requirements are the foundation. Queen ensures we build what users need. Emperor ensures we build within constraints. Hermit ensures we build securely. Priestess ensures we build the right scope. All four perspectives, every time. </FINAL_EMPHASIS>