Authoring Requirements
Overview
Write technology-agnostic functional requirements, identify edge cases, and define measurable success criteria. Focus on WHAT the system does and WHY, never HOW it's implemented.
When to Use
- •Starting a new feature specification
- •Documenting acceptance criteria for user stories
- •Defining API contracts at the business logic level
- •Creating requirements for stakeholder review
- •When existing requirements are vague or missing structure
- •Translating informal feature requests into formal requirements
When NOT to Use
- •Implementation planning - Use design docs or architecture decisions instead
- •Technical architecture decisions - Use ADRs or technical design documents
- •When requirements already exist and are validated - Don't duplicate work
- •API endpoint specifications - Use
humaninloop:patterns-api-contractsinstead - •Data model design - Use
humaninloop:patterns-entity-modelinginstead - •User story authoring - Use
humaninloop:authoring-user-storiesinstead (this skill focuses on the underlying requirements)
Functional Requirements Format
Write requirements using the FR-XXX format with RFC 2119 keywords:
## Functional Requirements - **FR-001**: System MUST [specific capability] - **FR-002**: Users MUST be able to [specific action] - **FR-003**: System SHOULD [recommended behavior] - **FR-004**: System MAY [optional capability]
RFC 2119 Keywords
| Keyword | Meaning |
|---|---|
| MUST | Absolute requirement; no exceptions |
| SHOULD | Recommended; valid exceptions may exist |
| MAY | Optional; implementation choice |
See RFC-2119-KEYWORDS.md for detailed usage guidance.
FR Numbering Rules
- •Sequential numbering: FR-001, FR-002, FR-003...
- •No gaps in sequence
- •Three-digit padding (001, not 1)
- •Group related requirements together
Writing Technology-Agnostic Requirements
Good (what):
- •"System MUST notify users when their subscription expires"
- •"Users MUST be able to export their data in a portable format"
Bad (how):
- •"System MUST send email via SendGrid when subscription expires"
- •"Users MUST be able to download a JSON export from the /api/export endpoint"
Edge Cases
Identify 3-5 boundary conditions that need explicit handling:
## Edge Cases 1. **System limits**: What happens at maximum capacity? 2. **Invalid input**: How are malformed requests handled? 3. **External failures**: What if dependencies are unavailable? 4. **Concurrent access**: How are race conditions prevented? 5. **Permission boundaries**: What happens with unauthorized access?
Edge Case Categories
| Category | Examples |
|---|---|
| System limits | Max items, file size limits, rate limits |
| Invalid input | Empty fields, wrong types, boundary values |
| External failures | Network timeouts, service unavailable |
| Concurrency | Simultaneous edits, duplicate submissions |
| Permissions | Unauthorized access, expired tokens |
See EDGE-CASES.md for detailed patterns.
Success Criteria Format
Define 3-5 measurable outcomes using SC-XXX format:
## Success Criteria - **SC-001**: Users complete the task creation flow in under 2 minutes - **SC-002**: 95% of users successfully create their first recurring task - **SC-003**: Support tickets related to task scheduling decrease by 50%
Success Criteria Rules
- •Technology-agnostic: No API metrics, database stats, or code coverage
- •User/business focused: Observable by stakeholders
- •Measurable: Quantifiable where possible
- •Outcome-oriented: What changes, not what's built
Good:
- •"Users complete the workflow in under 2 minutes"
- •"Error rate for task creation drops below 5%"
- •"User satisfaction score increases to 4.5/5"
Bad:
- •"API responds in under 200ms"
- •"Database queries execute in under 50ms"
- •"Code coverage exceeds 80%"
Key Entities (Optional)
When the feature involves data, describe entities conceptually:
## Key Entities ### RecurringPattern Represents the schedule for a repeating task. **Attributes:** - Frequency (how often: daily, weekly, monthly) - Interval (every N occurrences) - End condition (never, after N times, on date) **Relationships:** - Belongs to one Task - Generates many TaskInstances
Entity Description Rules
- •Describe purpose, not schema
- •List attributes as concepts, not columns
- •Focus on relationships, not foreign keys
- •No data types, constraints, or indexes
Validation Script
Validate requirement format with the included script:
python scripts/validate-requirements.py path/to/spec.md
The script checks:
- •FR-XXX format and sequential numbering
- •RFC 2119 keywords present
- •SC-XXX format and sequential numbering
- •Technology-agnostic language
Quality Checklist
Before finalizing, verify:
- • All FRs use RFC 2119 keywords (MUST/SHOULD/MAY)
- • FR numbers are sequential with no gaps
- • No technology or implementation details mentioned
- • 3-5 edge cases identified
- • All SCs are measurable outcomes
- • SCs focus on user/business value
- • Entities described conceptually (if applicable)
Common Mistakes
Technology Leakage
❌ "System MUST use PostgreSQL for storage" ✅ "System MUST persist data durably"
Implementation Details
❌ "MUST implement using the Observer pattern" ✅ "System MUST notify relevant components when state changes"
Unmeasurable Criteria
❌ "System MUST be fast" or "MUST be user-friendly" ✅ "Users MUST complete the flow in under 2 minutes"
Missing RFC 2119 Keywords
❌ "System will notify users" ✅ "System MUST notify users" (use MUST/SHOULD/MAY)
Technical Metrics as Success Criteria
❌ "API latency MUST be under 100ms" ✅ "Users MUST perceive responses as instantaneous"
Confusing Requirements with User Stories
❌ "As a user, I want to see my balance" ✅ "System MUST display current balance to authenticated users" (FR) + separate user story
Scope Creep in Edge Cases
❌ Listing 20+ edge cases covering every hypothetical ✅ Focus on 3-5 high-impact boundary conditions