Requirements Gathering Skill
This skill enables Claude to autonomously gather, analyze, and document requirements for features, projects, or issues.
When to Use This Skill
Use this skill when:
- •A user describes a feature but hasn't provided detailed requirements
- •Converting vague ideas into structured specifications
- •Analyzing an issue and determining what needs to be built
- •Preparing for development planning
- •Creating GitHub issues from conversations
What This Skill Does
- •
Elicits Requirements Through Questions
- •Asks clarifying questions about scope and goals
- •Identifies functional and non-functional requirements
- •Discovers constraints and dependencies
- •Clarifies success criteria
- •
Analyzes Context
- •Reviews existing codebase patterns
- •Checks for similar implementations
- •Identifies affected components
- •Reviews related documentation
- •
Structures Requirements
- •Organizes into functional/non-functional categories
- •Defines clear acceptance criteria
- •Prioritizes using MoSCoW method
- •Creates user stories where applicable
- •
Documents Findings
- •Generates structured requirements document
- •Creates GitHub-compatible markdown
- •Includes technical specifications
- •Adds implementation considerations
Usage Process
Step 1: Initial Analysis
When a user describes a feature:
User: "I want to add user authentication"
Claude should:
- •Acknowledge the request
- •Start gathering context from the codebase
- •Begin asking clarifying questions
Step 2: Ask Clarifying Questions
Essential questions to ask:
- •What type of authentication? (OAuth, JWT, Session-based)
- •Who are the users? (Internal staff, external customers, admins)
- •What features need protection?
- •Any specific security requirements?
- •Integration with existing systems?
- •Password policies required?
- •MFA/2FA needed?
- •Social login options?
Step 3: Analyze Codebase
Search for:
- •Existing authentication patterns
- •Current user models
- •API structure
- •Frontend framework in use
- •State management approach
- •Database schema
Step 4: Structure Requirements
Create document following this format:
## Feature: User Authentication ### Business Context - **Problem**: Users currently have no way to securely access the system - **Goal**: Implement secure authentication for user access control - **Success Criteria**: Users can register, login, and access protected resources ### Functional Requirements #### FR-1: User Registration **Priority**: Must-have **Description**: Users can create new accounts with email and password **Acceptance Criteria**: - [ ] Registration form validates email format - [ ] Password meets complexity requirements (min 8 chars, 1 uppercase, 1 number) - [ ] Email confirmation sent upon registration - [ ] Duplicate emails are rejected - [ ] User data is stored securely in database #### FR-2: User Login **Priority**: Must-have **Description**: Registered users can authenticate and access the system **Acceptance Criteria**: - [ ] Login form accepts email and password - [ ] Invalid credentials show appropriate error message - [ ] Successful login creates session/JWT token - [ ] User is redirected to dashboard after login - [ ] Remember me option available #### FR-3: Password Reset **Priority**: Should-have **Description**: Users can reset forgotten passwords **Acceptance Criteria**: - [ ] Forgot password link on login page - [ ] Email with reset link sent to user - [ ] Reset link expires after 1 hour - [ ] User can set new password - [ ] Old password is invalidated ### Non-Functional Requirements #### NFR-1: Security - Passwords hashed using bcrypt (10+ rounds) - JWT tokens expire after 24 hours - Refresh tokens for extended sessions - HTTPS required for all auth endpoints - Protection against brute force attacks (rate limiting) - CSRF protection implemented #### NFR-2: Performance - Login response time < 500ms - Registration process < 1 second - Token validation < 100ms #### NFR-3: Accessibility - Forms are keyboard navigable - Screen reader compatible - Error messages clearly announced - WCAG 2.1 AA compliance ### User Stories **US-1**: As a new user, I want to register for an account, so that I can access the platform **US-2**: As a registered user, I want to login securely, so that I can access my data **US-3**: As a user, I want to reset my password if I forget it, so that I can regain access ### Technical Specifications #### Backend - Framework: [Express/Fastify/NestJS] - Authentication: JWT with refresh tokens - Password hashing: bcrypt - Rate limiting: express-rate-limit - Validation: Zod/Joi **API Endpoints**:
POST /api/auth/register - User registration POST /api/auth/login - User login POST /api/auth/refresh - Refresh JWT token POST /api/auth/logout - User logout POST /api/auth/forgot-password - Request password reset POST /api/auth/reset-password - Reset password with token GET /api/auth/me - Get current user
#### Frontend - Framework: [React/Vue/Next.js] - State management: [Context/Zustand/Redux] - Form handling: React Hook Form - API client: Axios/Fetch **Components**: - RegisterForm - LoginForm - ForgotPasswordForm - ResetPasswordForm - AuthProvider (context) #### Database ```sql CREATE TABLE users ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), email VARCHAR(255) UNIQUE NOT NULL, password_hash VARCHAR(255) NOT NULL, email_verified BOOLEAN DEFAULT FALSE, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP, updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ); CREATE TABLE password_resets ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), user_id UUID REFERENCES users(id), token VARCHAR(255) UNIQUE NOT NULL, expires_at TIMESTAMP NOT NULL, used BOOLEAN DEFAULT FALSE, created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP );
Dependencies
- •bcrypt library for password hashing
- •jsonwebtoken for JWT handling
- •nodemailer for email sending
- •express-validator for input validation
Assumptions
- •Email service is already configured
- •HTTPS is available in production
- •Database supports UUIDs
Risks
| Risk | Impact | Mitigation |
|---|---|---|
| Email delivery issues | High | Use reliable email service (SendGrid/AWS SES) |
| Token security | High | Use secure random tokens, HTTPS only |
| Database performance | Medium | Index email column, use connection pooling |
Testing Requirements
- •Unit tests for auth service methods
- •Integration tests for API endpoints
- •E2E tests for registration and login flows
- •Security testing (SQL injection, XSS, CSRF)
- •Load testing for concurrent logins
Implementation Estimate
- •Backend: 3-5 days
- •Frontend: 2-3 days
- •Testing: 2 days
- •Total: 7-10 days
### Step 5: Save and Share Save the document to appropriate location: ```bash mkdir -p docs/requirements cat > docs/requirements/user-authentication.md <<EOF [Requirements content] EOF
Optionally create GitHub issue:
gh issue create \ --title "Requirements: User Authentication" \ --body "$(cat docs/requirements/user-authentication.md)" \ --label "requirements,documentation"
Best Practices
Question Asking
- •Start with open-ended questions
- •Follow up with specific clarifications
- •Don't assume - ask when uncertain
- •Validate understanding by summarizing
Requirement Quality
- •Make requirements specific and measurable
- •Include clear acceptance criteria
- •Use consistent terminology
- •Avoid technical jargon in business requirements
Prioritization
- •Use MoSCoW (Must, Should, Could, Won't)
- •Distinguish MVP from future enhancements
- •Consider dependencies when prioritizing
Documentation
- •Use consistent formatting
- •Include code examples where helpful
- •Link to related documentation
- •Keep language clear and concise
Integration with Other Tools
This skill works well with:
- •
/sng-requirementscommand (for manual invocation) - •
requirements-analystagent (for deep analysis) - •
development-planneragent (for next step) - •GitHub issue creation workflows
Example Scenarios
Scenario 1: Vague Feature Request
User: "We need better search" Claude: [Activates requirements-gathering skill] - What should be searchable? (users, products, documents) - What search features are needed? (filters, autocomplete) - Performance requirements? (results per second) - Analyzes current search implementation - Documents comprehensive requirements
Scenario 2: Bug Report Needs Clarification
User: "Search is broken" Claude: [Activates requirements-gathering skill] - What specific search functionality is broken? - What is the expected vs actual behavior? - Steps to reproduce? - Creates detailed bug report with acceptance criteria for fix
Scenario 3: New Feature from Stakeholder
User: "CEO wants a dashboard" Claude: [Activates requirements-gathering skill] - What data should be displayed? - Who will use this dashboard? - Real-time or static data? - Mobile support needed? - Creates comprehensive requirements with user stories
Output Format
Always provide:
- •Requirements Summary: Executive overview (2-3 sentences)
- •Structured Document: Complete requirements in markdown
- •Next Steps: Suggested actions (create issue, start planning, etc.)
- •Open Questions: Any items that still need clarification
- •File Location: Where requirements were saved
Tips
- •Don't be afraid to ask "dumb" questions - better to clarify than assume
- •Look for existing patterns in the codebase to maintain consistency
- •Consider the full user journey, not just the happy path
- •Think about error cases and edge conditions
- •Include non-functional requirements (performance, security, accessibility)
- •Estimate implementation effort to help with planning