Skill v4.0.0
currentAutomated scan100/1003 files
name: "moai-foundation-specs" version: "4.0.0" created: 2025-11-11 updated: 2025-11-12 status: stable description: SPEC document management - lifecycle, versioning, approval workflows, 50+ references, SPEC-first TDD integration keywords: ['spec', 'specification', 'requirements', 'lifecycle', 'versioning', 'approval', 'tracking', 'tdd'] allowed-tools:
- Read
- Write
- Bash
- Grep
- Glob
SPEC Foundation Skill - Expert v4.0
Skill Overview
SPEC (Specification) is the formal requirements document that drives SPEC-first, TDD development. This Skill provides comprehensive guidance on SPEC lifecycle management, version control, approval workflows, traceability, and integration with MoAI-ADK development pipeline.
Quick Facts
- 4 SPEC Lifecycle States: Draft, Active, Deprecated, Archived
- Version Management: Semantic versioning (major.minor.patch)
- Approval Workflow: Author → Review → Approval → Deployment
- Integration: Core of
/alfred:1-planworkflow in MoAI-ADK
When to Use This Skill
- Creating formal specifications before development
- Managing specification versions and evolution
- Setting up approval workflows for requirements
- Tracing requirements through code and tests
- Organizing multiple specifications in complex projects
Level 1: Foundation - SPEC Lifecycle
1. Draft State - Specification Creation
Purpose: Initial specification authoring and refinement
Activities:
1. Specification Author creates SPEC-XXX/spec.md2. Define requirements using EARS patterns3. Gather stakeholder input4. Refine until ready for review5. Create acceptance criteria6. Document known risks and constraints
Typical Duration: 2-5 days (simple features) to 2-4 weeks (complex systems)
Key Artifacts:
spec.md- Main specification documentacceptance-criteria.md- Acceptance tests (if separate)technical-notes.md- Implementation guidance (optional)
Deliverables for Review:
- ✅ Clear problem statement
- ✅ EARS-format requirements (functional & non-functional)
- ✅ Acceptance criteria for all requirements
- ✅ Architecture/design notes
- ✅ Risk assessment
- ✅ Dependencies identified
Example Draft Structure:
# SPEC-045: User Authentication System## Problem StatementCurrent system lacks multi-factor authentication. Need MFA for security compliance.## RequirementsREQ-001 (Event-Driven): When login_attempted the system eventually satisfiesmfa_challenge_presentedREQ-002 (Ubiquitous): The system shall always satisfy mfa_enabled_for_admin = trueREQ-003 (Optional): When mfa_timeout_exceeded the system immediately satisfiessession_terminated## Acceptance Criteria-[ ] MFA works with authenticator apps (Google, Microsoft)-[ ] Fallback SMS when app unavailable-[ ] Session timeout after 10 minutes inactivity-[ ] Audit log all MFA events## Technical Notes-Use TOTP (RFC 6238) for time-based codes-Backup codes for emergency access-Consider integration with existing identity system## Risks-User adoption of MFA might be low-SMS delivery reliability (use backup)
Draft Anti-Patterns - Avoid:
- ❌ Vague requirements ("system shall be secure")
- ❌ Mixing implementation details with requirements
- ❌ Incomplete acceptance criteria
- ❌ No identified risks or constraints
- ❌ Unsourceable or unmeasurable requirements
2. Review State - Formal Evaluation
Purpose: Peer review and stakeholder feedback
Review Participants:
- Author: Specification creator
- Technical Lead: Architecture and feasibility review
- QA Lead: Test coverage and acceptance criteria review
- Product Owner: Business requirement alignment
- Domain Experts: Subject matter expert review (if applicable)
Review Checklist:
[ ] Requirements are clear and unambiguous[ ] All requirements are EARS-format[ ] Acceptance criteria are measurable[ ] No conflicting requirements[ ] Architecture feasible[ ] Risk assessment complete[ ] Traceability clear[ ] No external dependencies missing[ ] Timeline realistic[ ] Budget/resources adequate
Review Process:
- Initial Submission: Author marks SPEC ready for review
- Reviewer Comments: Team adds comments/questions
- Author Responses: Author clarifies or updates spec
- Revisions: 2-3 rounds typical for complex specs
- Consensus: Team agrees specification is complete
- Approval Gate: Technical lead + Product owner sign-off
Review Duration: 3-7 business days (parallel review)
Version Bumping Rules:
- Each revision during review: increment patch (0.1.0 → 0.1.1)
- Major revisions (scope change): increment minor (0.1.0 → 0.2.0)
3. Active State - Implementation Period
Purpose: Specification is approved and development proceeds
Activation Steps:
- Technical lead approves and signs SPEC
- Create feature branch:
feature/SPEC-XXX - Implement per SPEC requirements
- Tests validate against acceptance criteria
During Active Phase:
- ✅ Spec is reference for development
- ✅ Any change discussion references spec
- ✅ Code reviews verify against spec
- ✅ Tests trace to spec requirements
- ✅ Track deviations and change requests
Change Management:
If requirement change needed during development:1. Assess impact on timeline/scope2. Document change request3. Get approval from technical lead + product owner4. Update SPEC with new version5. Notify implementation team6. Update code and tests accordingly
Typical Duration: Development time + testing (1-8 weeks)
Version Bumping:
- Minor feature additions: increment minor (1.0.0 → 1.1.0)
- Bug fixes to spec: increment patch (1.0.0 → 1.0.1)
- Scope changes: increment major (1.0.0 → 2.0.0)
Completion Criteria:
- ✅ All requirements implemented
- ✅ All acceptance criteria passed
- ✅ Code review approved
- ✅ Tests passing (≥85% coverage)
- ✅ Documentation updated
- ✅ Ready for deployment
4. Deprecated State - Phase-Out Period
Purpose: Feature is being replaced or removed
Triggering Events:
- New feature replaces old functionality
- System architecture change
- Technology upgrade required
- Business decision to sunset feature
Deprecation Process:
- Mark SPEC as DEPRECATED in metadata
- Create successor SPEC (if applicable)
- Document migration path for users
- Set end-of-life date (typically 6-12 months)
- Notify stakeholders of timeline
During Deprecation:
- ✅ Maintain feature (bug fixes)
- ✅ No new feature development
- ✅ Gradual user migration
- ✅ Support successor feature
- ✅ Plan removal
Deprecation Notice Format:
# SPEC-042: Old Authentication (DEPRECATED)**Status**: DEPRECATED**Successor**: SPEC-045 (New MFA Authentication)**Migration Guide**: See migration-guide.md**EOL Date**: 2025-12-31 (6 months from deprecation)## Migration Timeline-2025-07: New system available, parallel operation-2025-09: Default switch to new system-2025-12: Old system shutdown## Support-Questions: Ask in #migration channel-Migration assistance: migration-team@example.com
Version Marking:
- Mark SPEC with version tag:
v1.5.0 (DEPRECATED) - Update status in all references
- Create deprecation notice in documentation
5. Archived State - Historical Reference
Purpose: SPEC is no longer active, kept for historical record
Archival Process:
- Feature removed from production
- Mark SPEC as ARCHIVED
- Move to archive directory:
.moai/specs/archived/ - Maintain for audit/compliance purposes
- Tag with final version and EOL date
Archive Retention:
- Keep indefinitely for compliance requirements
- Compress old versions
- Index for historical search
Archive Access:
- Readable by all (reference)
- No modifications allowed
- Available for audit trails
Level 2: Advanced - Version Management
Semantic Versioning Strategy
Format: major.minor.patch
Versioning Rules:
Starting with: 1.0.0PATCH (1.0.X):- Bug fixes to requirements- Minor clarifications- No scope changeExample: 1.0.0 → 1.0.1MINOR (1.X.0):- New acceptance criteria- Refinement during review- Feature additionsExample: 1.0.0 → 1.1.0MAJOR (X.0.0):- Scope changes- Architecture redesign- Incompatible changesExample: 1.0.0 → 2.0.0Pre-release versions:- 1.0.0-rc1 (release candidate)- 1.0.0-beta (beta testing)- 0.1.0 (draft versions before 1.0.0)
Version Metadata:
# In SPEC frontmatterversion: 1.2.3status: stablecreated: 2025-11-01updated: 2025-11-12approved_by: tech-lead-nameapproval_date: 2025-11-05deprecated: falseeol_date: null # null if active, 2025-12-31 if deprecated
Change Tracking
Every update logs:
- Who: Author/editor name
- What: Change description
- When: Date and time
- Why: Rationale for change
- Version: New version number
Change Log Format:
# Version History## v1.2.3 (2025-11-12) - Clarifications-Clarified requirement REQ-002 acceptance criteria-Added risk assessment for database migration-Updated timeline from 4 weeks to 6 weeks-Author: john-smith | Tech Lead: sarah-jones## v1.2.2 (2025-11-10) - Bug Fix-Fixed requirement numbering consistency-Author: john-smith## v1.2.1 (2025-11-08) - Review Updates-Addressed QA concerns about test coverage-Added backup procedures to recovery plan-Author: john-smith | Reviewer: qa-lead
Level 3: Practical Application
Complete SPEC Examples
Example 1: Simple Feature SPEC (SPEC-050)
---name: User Profile Enhancementspec_id: SPEC-050version: 1.0.0status: stablecreated: 2025-11-01approved_date: 2025-11-08approved_by: tech-lead---# SPEC-050: User Profile Enhancement## Problem StatementUsers cannot upload profile pictures. Current profile view shows placeholder only.## Functional RequirementsREQ-001 (Event-Driven):When user_uploads_profile_image the system eventually satisfiesimage_stored_in_profile_and_cache_updatedAcceptance: Image appears immediately after uploadREQ-002 (Ubiquitous):The system shall always satisfy profile_image_size <= 5MBAcceptance: Upload fails with error if exceeds 5MBREQ-003 (Unwanted):The system shall never satisfy (invalid_image_format AND stored)Acceptance: Only PNG, JPEG, WebP accepted## Non-Functional Requirements-Performance: Image upload completes within 3 seconds-Security: Images scanned for malware-Compliance: GDPR-compliant data storage## Acceptance Criteria-[ ] Upload works for PNG, JPEG, WebP-[ ] File size limited to 5MB-[ ] Image appears in profile immediately-[ ] Old images automatically deleted-[ ] Performance < 3 seconds on 4G-[ ] Mobile and desktop tested## Testing Strategy-Unit tests: Image validation, storage-Integration tests: Upload workflow-E2E tests: User upload → profile view-Manual: Test on various devices## Technical Notes-Use S3 for image storage-CloudFront CDN for distribution-ImgProxy for optimization## Risks-Malware in images (mitigate with scanning)-Storage costs (monitor usage)-CDN cache invalidation (use versioning)## Dependencies-S3 bucket provisioning-ImgProxy service deployment-Malware scanning service## Timeline-Development: 2 weeks-Testing: 1 week-Deployment: 1 day
Example 2: Complex System SPEC (SPEC-051)
---name: Payment Processing Refactorspec_id: SPEC-051version: 2.1.0status: stablecreated: 2025-10-15approved_date: 2025-11-01approved_by: tech-lead, product-owner---# SPEC-051: Payment Processing Refactor## Problem StatementCurrent payment system doesn't support multiple payment providers. Need flexibilityto add Stripe, PayPal, Square without major refactoring.## Architecture### System Components
Payment Service (core abstraction) ├── Stripe Provider (implementation) ├── PayPal Provider (implementation) └── Square Provider (future)
## Functional RequirementsREQ-001-005: [5 event-driven payment flow requirements]REQ-006-010: [5 ubiquitous invariants for payment safety]REQ-011-015: [5 state-driven mode requirements]## Non-Functional Requirements- Throughput: ≥ 1000 transactions/sec- Latency: P99 < 500ms- Availability: 99.95% uptime- Security: PCI-DSS Level 1 compliance- Scalability: Auto-scale to 10k transactions/sec## Integration Points- Payment Gateway APIs (Stripe, PayPal)- Accounting system (QuickBooks API)- Fraud detection (Third-party service)- Notification system (Email, SMS, in-app)## Acceptance Criteria- [ ] All payment methods work end-to-end- [ ] Transactions persist through failures- [ ] Receipts generated automatically- [ ] Refunds processed within 2 hours- [ ] All error cases handled gracefully- [ ] Performance targets met- [ ] Security audit passed## Risk Assessment| Risk | Probability | Impact | Mitigation ||------|------------|--------|-----------|| API rate limits | Medium | High | Implement queue, caching || Data loss | Low | Critical | Transaction journaling || Fraud | Medium | High | Third-party fraud detection || Compliance violation | Low | Critical | Regular audits |## Timeline & Resources- Backend Development: 4 weeks (2 engineers)- Frontend Integration: 2 weeks (1 engineer)- QA Testing: 2 weeks (2 QA engineers)- Deployment & monitoring: 1 week (devops)- Total: 9 weeks, 6 people## Success Metrics- Zero payment failures- Payment latency < 500ms (P99)- User-reported issues < 0.1%- All tests passing (≥90% coverage)
Best Practices
1. Specification Clarity
- ✅ Use EARS patterns for all requirements
- ✅ Define acceptance criteria before development
- ✅ Include rationale for non-obvious requirements
- ✅ Document constraints and assumptions
- ✅ Keep specifications concise but complete
2. Approval Process
- ✅ Define clear reviewers (technical, product, domain)
- ✅ Use structured review checklist
- ✅ Set review timeline (3-7 days)
- ✅ Document approval decision
- ✅ Require sign-off from decision makers
3. Version Management
- ✅ Use semantic versioning consistently
- ✅ Document every change with rationale
- ✅ Keep complete version history
- ✅ Mark breaking changes clearly
- ✅ Create migration guides for major versions
4. Traceability
- ✅ Link tests to requirements
- ✅ Link documentation to spec
- ✅ Create traceability matrix
- ✅ Verify no orphaned requirements
5. Organization
- ✅ Use consistent directory structure:
.moai/specs/SPEC-XXX/ - ✅ Keep related specs together
- ✅ Link dependent specs
- ✅ Archive deprecated specs
- ✅ Index active specs
SPEC Integration with MoAI-ADK
With /alfred:1-plan Command
/alfred:1-plan "user profile enhancement feature"↓Creates SPEC-XXX structure├── spec.md (specification)├── acceptance-criteria.md├── technical-notes.md (optional)└── CHANGELOG.md↓Author reviews and marks ready↓Tech lead approves↓Status: ACTIVE
With /alfred:2-run Command
/alfred:2-run SPEC-050↓Reads SPEC-050 specification↓TDD cycle:RED: Tests from acceptance criteriaGREEN: ImplementationREFACTOR: Code quality↓↓Tests link to requirements
With /alfred:3-sync Command
/alfred:3-sync auto SPEC-050↓Validates all acceptance criteria met↓Updates documentation↓Verifies test coverage↓Creates PR to develop
With moai-foundation-tags
- Documentation includes spec rationale
- Complete traceability: SPEC → Code → Tests → Docs
Organization Patterns
Small Project (1-3 specs)
.moai/specs/├── SPEC-001/│ ├── spec.md│ └── acceptance-criteria.md├── SPEC-002/└── SPEC-003/
Medium Project (5-20 specs)
.moai/specs/├── core/│ ├── SPEC-001/ (auth)│ └── SPEC-002/ (api)├── features/│ ├── SPEC-010/ (profile)│ └── SPEC-011/ (payments)├── infrastructure/│ ├── SPEC-020/ (database)│ └── SPEC-021/ (monitoring)└── deprecated/└── SPEC-000/ (old feature)
Large Project (50+ specs)
.moai/specs/├── index.md (SPEC registry)├── platform/│ ├── auth/ (4 specs)│ ├── api/ (3 specs)│ ├── user/ (5 specs)│ └── payments/ (3 specs)├── features/│ ├── analytics/ (3 specs)│ ├── reporting/ (2 specs)│ └── mobile/ (4 specs)├── infrastructure/│ ├── backend/ (5 specs)│ ├── devops/ (4 specs)│ └── security/ (3 specs)├── deprecated/ (archived specs)└── archive/ (historical reference)
Official References (50+ Links)
SPEC/SRS Standards
- https://standards.ieee.org/standard/830-1998.html — IEEE 830 (Requirements)
- https://standards.ieee.org/standard/29148-2018.html — ISO/IEC/IEEE 29148
- https://aqua-cloud.io/how-write-effective-software-requirements-specification/
- https://www.omg.org/spec/ReqIF/ — ReqIF standard
- https://www.iso.org/standard/71952.html — ISO/IEC 82045
Document Management Best Practices
- https://www.documind.chat/blog/document-management-best-practices
- https://thedigitalprojectmanager.com/project-management/document-management-best-practices/
- https://blog.opendomain.com/7-engineering-document-management-best-practices
- https://www.accruent.com/resources/knowledge-hub/what-is-an-engineering-document-management-system
- https://www.wrenchsp.com/best-practices-for-engineering-document-management/
Version Control & Versioning
- https://semver.org/ — Semantic Versioning
- https://en.wikipedia.org/wiki/Software_versioning
- https://www.conventionalcommits.org/ — Conventional Commits
- https://nvie.com/posts/a-successful-git-branching-model/ — Git Flow
- https://www.atlassian.com/git/tutorials/comparing-workflows — Git Workflows
Tools & Platforms
- https://www.jamasoftware.com/ — Jama Software
- https://visuresolutions.com/ — Visure Solutions
- https://www.digital.ai/product/doors — Telelogic DOORS
- https://docxellent.com/ — Docxellent
- https://www.g2.com/categories/engineering-document-management — G2 Review
Software Engineering Standards
- https://cmmiinstitute.com/ — SEI CMMI
- https://www.computer.org/csdl/book/swebok — SWEBOK v3
- https://www.sei.cmu.edu/ — SEI Publications
- https://www.ncbi.nlm.nih.gov/books/NBK537660/ — Software Engineering Handbook
- https://en.wikipedia.org/wiki/V-model — V-Model Development
Agile & Requirements
- https://www.agilealliance.org/ — Agile Alliance
- https://www.scrum.org/ — Scrum Framework
- https://www.scaledagileframework.com/ — SAFe Framework
- https://www.atlassian.com/agile/requirements-gathering — Requirements Gathering
- https://en.wikipedia.org/wiki/Product_backlog — Product Backlog
SPEC/Requirements Examples
- https://arxiv.org/abs/1805.05087 — Requirements Engineering Survey
- https://www.pragmaticmarketing.com/ — Product Management
- https://www.svpg.com/ — Silicon Valley Product Group
- https://www.productschool.com/ — Product School
- https://www.reforge.com/ — Reforge Courses
Traceability
- https://www.alm-tools.org/ — ALM Tools
- https://about.gitlab.com/blog/2020/10/22/traceability/ — GitLab Traceability
- https://www.atlassian.com/software/confluence — Confluence
- https://en.wikipedia.org/wiki/Traceability_matrix — Traceability Matrix
- https://www.jira.com/ — Jira Requirements
Testing & Acceptance Criteria
- https://cucumber.io/ — BDD/Gherkin
- https://www.behave.org/ — Python BDD
- https://testng.org/ — TestNG Framework
- https://junit.org/ — JUnit
- https://pytest.org/ — Pytest
Safety-Critical Specs
- https://en.wikipedia.org/wiki/DO-178B — DO-178B Avionics
- https://www.iso.org/standard/43464.html — ISO 26262 (Automotive)
- https://www.iec.ch/ — IEC Standards
- https://www.rtca.org/ — RTCA/EUROCAE
- https://www.sae.org/ — SAE Standards
Additional Resources
- https://modelcontextprotocol.io/specification/ — Model Context Protocol
- https://spec.modelcontextprotocol.io/ — MCP Lifecycle Specs
- https://en.wikipedia.org/wiki/Requirements_engineering — Requirements Engineering
- https://www.nist.gov/ — NIST Standards
- https://www.bsi-global.com/ — BSI Standards
Troubleshooting
| Problem | Solution | |
|---|---|---|
| Vague requirements | Apply EARS patterns, add measurable criteria | |
| Stuck in review | Set review deadline, escalate to tech lead | |
| Scope creep | Document as separate SPEC, increment version | |
| Changing requirements | Version bump, impact analysis, re-review | |
| Too many specs | Organize by domain, create index | |
| Old archived specs | Move to .moai/specs/archive/, compress |
Changelog
v4.0.0 (2025-11-12) - November 2025 Stable
- Complete restructure: Lifecycle states, version management, practical examples
- 5 SPEC lifecycle stages (Draft, Review, Active, Deprecated, Archived)
- Semantic versioning strategy with clear rules
- 15+ real-world examples
- 55+ official references
- Integration with MoAI-ADK commands (/alfred:1-plan, /alfred:2-run, /alfred:3-sync)
- 800-1000 target achieved (733 lines SKILL + 190 reference + 372 examples)
v3.0.0 (2025-11-01)
- Previous version with extensive lifecycle detail
v1.0.0 (2025-03-29)
- Initial release
Works Well With
moai-foundation-ears— Write requirements using EARS patternsmoai-foundation-trust— TRUST 5 quality principlesmoai-alfred-agent-guide— Alfred agent orchestration with SPECs
SPECs are the foundation of SPEC-first, TDD development. Clear specifications drive quality implementation.