Claude-skill-registry design-with-traceability
Create technical solution architecture from requirements with REQ-* traceability. Designs components, APIs, data models, and interactions. Tags all design artifacts with requirement keys. Use after requirements are validated, before coding starts.
install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/design-with-traceability" ~/.claude/skills/majiayu000-claude-skill-registry-design-with-traceability && rm -rf "$T"
manifest:
skills/data/design-with-traceability/SKILL.mdsource content
design-with-traceability
Skill Type: Actuator (Design Stage) Purpose: Transform requirements into technical solution architecture Prerequisites: Requirements validated (REQ-*), quality gate passed
Agent Instructions
You are creating technical solution architecture from requirements.
Your goal is to design:
- Components (services, modules, classes)
- APIs (endpoints, contracts, protocols)
- Data Models (schemas, entities, relationships)
- Interactions (sequence diagrams, data flows)
All tagged with REQ- keys* for traceability.
Workflow
Step 1: Discover and Review Requirements
Find all requirement files:
# Discover requirements from folder REQUIREMENTS_DIR="${REQUIREMENTS_DIR:-.ai-workspace/requirements}" requirements=$(find "$REQUIREMENTS_DIR" -type f \( -name "*.md" -o -name "*.yml" -o -name "*.yaml" \)) echo "Found requirements:" for req in $requirements; do echo " - $req" done
Read and understand requirements:
requirements/functional/user-login.md: Title: User Login Feature Content: User wants to log in with email/password Priority: P0 requirements/functional/password-reset.md: Title: Password Reset Content: User can reset forgotten password via email Priority: P1 requirements/non-functional/security.yml: encryption: bcrypt session: JWT (30min timeout) requirements/non-functional/performance.yml: login_response: <500ms db_timeout: 100ms requirements/business-rules/email-validation.md: regex: RFC 5322 compliant normalization: lowercase requirements/business-rules/password-policy.md: minimum_length: 12 max_attempts: 3 lockout_duration: 15min
Step 2: Design Components
Identify components needed:
# docs/design/authentication-architecture.md # Implements: # - requirements/functional/user-login.md # - requirements/functional/password-reset.md # # References: # - requirements/non-functional/security.yml # - requirements/non-functional/performance.yml # - requirements/business-rules/email-validation.md # - requirements/business-rules/password-policy.md ## Components ### AuthenticationService **Implements**: - requirements/functional/user-login.md - requirements/functional/password-reset.md **Purpose**: Handle user authentication and password management **Responsibilities**: - User login (requirements/functional/user-login.md) - Password reset (requirements/functional/password-reset.md) - Session management (requirements/non-functional/security.yml) **Methods**: - `login(email, password)` → LoginResult - `request_password_reset(email)` → ResetResult - `reset_password(token, new_password)` → ResetResult **Dependencies**: - EmailValidator (requirements/business-rules/email-validation.md) - PasswordValidator (requirements/business-rules/password-policy.md) - LockoutTracker (requirements/business-rules/password-policy.md: lockout) - PasswordHasher (requirements/non-functional/security.yml: bcrypt) - SessionManager (requirements/non-functional/security.yml: JWT) --- ### EmailValidator **Implements**: requirements/business-rules/email-validation.md **Purpose**: Validate email format and normalization **Methods**: - `validate(email)` → bool - `normalize(email)` → str (lowercase) --- ### PasswordValidator **Implements**: requirements/business-rules/password-policy.md **Purpose**: Validate password requirements **Methods**: - `validate_length(password)` → bool (minimum 12 chars) - `validate_complexity(password)` → bool --- ### LockoutTracker **Implements**: requirements/business-rules/password-policy.md (lockout section) **Purpose**: Track failed login attempts and manage lockouts **Methods**: - `record_failed_attempt(user_id)` → bool (is_locked) - `is_locked(user_id)` → bool - `get_remaining_time(user_id)` → int (minutes) - `reset(user_id)` → void --- ### PasswordHasher **Implements**: requirements/non-functional/security.yml (encryption) **Purpose**: Hash and verify passwords using bcrypt **Methods**: - `hash(password)` → str - `verify(password, hash)` → bool --- ### SessionManager **Implements**: requirements/non-functional/security.yml (session management) **Purpose**: Manage JWT sessions with 30min timeout **Methods**: - `create_session(user_id)` → str (JWT token) - `validate_session(token)` → bool - `refresh_session(token)` → str (new token)
Step 3: Design APIs
Define API contracts:
# API Design (tagged with requirement files) ## POST /api/v1/auth/login **Implements**: requirements/functional/user-login.md **Request**: { "email": "user@example.com", "password": "SecurePass123!" } **Response (Success - 200)**: { "success": true, "token": "eyJhbGciOiJIUzI1NiIs...", "user": { "id": "user_123", "email": "user@example.com" } } **Response (Error - 400)**: { "success": false, "error": "Invalid email format" # requirements/business-rules/email-validation.md } **Response (Error - 401)**: { "success": false, "error": "Invalid credentials" } **Response (Error - 429)**: { "success": false, "error": "Account locked. Try again in 12 minutes" # requirements/business-rules/password-policy.md (lockout) } **Validation**: - Email: requirements/business-rules/email-validation.md (regex validation) - Password: requirements/business-rules/password-policy.md (minimum length) - Lockout: requirements/business-rules/password-policy.md (3 attempts, 15min) **Performance**: requirements/non-functional/performance.yml (< 500ms response) --- ## POST /api/v1/auth/password-reset-request **Implements**: requirements/functional/password-reset.md **Request**: { "email": "user@example.com" } **Response (Success - 200)**: { "success": true, "message": "If email exists, reset link sent" }
Step 4: Design Data Models
Define schemas and entities:
# Data Model Design ## User Entity **Implements**: - requirements/functional/user-login.md - requirements/functional/password-reset.md **Schema**: { "id": "uuid", "email": "string (unique, lowercase, max 255)", "password_hash": "string (bcrypt hash)", "created_at": "timestamp", "updated_at": "timestamp" } **Constraints**: - email: UNIQUE index, NOT NULL - password_hash: NOT NULL (requirements/non-functional/security.yml: bcrypt) **Requirements Satisfied**: - requirements/functional/user-login.md: Stores credentials - requirements/business-rules/email-validation.md: Email unique and normalized - requirements/non-functional/security.yml: Password hashed with bcrypt --- ## LoginAttempt Entity **Implements**: requirements/business-rules/password-policy.md (lockout tracking) **Schema**: { "id": "uuid", "user_id": "uuid (foreign key to User)", "timestamp": "timestamp", "success": "boolean", "ip_address": "string" } **Indexes**: - (user_id, timestamp) - For querying recent attempts **Requirements Satisfied**: - requirements/business-rules/password-policy.md: Track failed attempts - requirements/business-rules/password-policy.md: Calculate lockout expiry from timestamps --- ## Session Entity **Implements**: requirements/non-functional/security.yml (session management) **Schema**: { "id": "uuid", "user_id": "uuid (foreign key to User)", "token": "string (JWT)", "created_at": "timestamp", "expires_at": "timestamp", "last_activity": "timestamp" } **Constraints**: - token: UNIQUE - expires_at: created_at + 30 minutes (requirements/non-functional/security.yml) **Requirements Satisfied**: - requirements/non-functional/security.yml: JWT sessions with 30min timeout
Step 5: Create Component Diagram
Visualize architecture:
┌─────────────────────────────────────────────┐ │ Client (Web/Mobile) │ └─────────────────┬───────────────────────────┘ │ ▼ ┌─────────────────────┐ │ API Layer │ │ /api/v1/auth/* │ └─────────┬───────────┘ │ ▼ ┌──────────────────────────────────────┐ │ AuthenticationService │ ← requirements/functional/ │ - login() │ user-login.md, │ - request_password_reset() │ password-reset.md │ - reset_password() │ └───┬──────────────────────────────┬───┘ │ │ ▼ ▼ ┌───────────────┐ ┌──────────────────┐ │ Validators │ │ LockoutTracker │ │ - Email │ ← email- │ │ ← password-policy.md │ - Password │ validation │ │ (lockout) └───────────────┘ .md └──────────────────┘ │ │ ▼ ▼ ┌─────────────────────────────────────┐ │ Database (PostgreSQL) │ │ - User table │ │ - LoginAttempt table │ │ - Session table │ └─────────────────────────────────────┘ References: - requirements/non-functional/security.yml: bcrypt, JWT - requirements/non-functional/performance.yml: <500ms, 100ms DB timeout - requirements/business-rules/email-validation.md - requirements/business-rules/password-policy.md
Step 6: Tag All Design Artifacts
Reference requirement files in all design documents:
# .ai-workspace/designs/authentication-architecture.md # Implements: # - .ai-workspace/requirements/functional/user-login.md # - .ai-workspace/requirements/functional/password-reset.md # # References: # - .ai-workspace/requirements/non-functional/security.yml # - .ai-workspace/requirements/non-functional/performance.yml # - .ai-workspace/requirements/business-rules/email-validation.md # - .ai-workspace/requirements/business-rules/password-policy.md ## Architecture Overview This design implements user authentication and password reset.
Step 7: Create Traceability Matrix
Map requirement files to design components:
| Requirement File | Component | API | Data Model | Diagram |
|---|---|---|---|---|
| requirements/functional/user-login.md | AuthenticationService | POST /auth/login | User, LoginAttempt, Session | Fig 1 |
| requirements/functional/password-reset.md | AuthenticationService | POST /auth/password-reset | User, PasswordResetToken | Fig 1 |
| requirements/business-rules/email-validation.md | EmailValidator | - | - | Fig 2 |
| requirements/business-rules/password-policy.md | PasswordValidator, LockoutTracker | - | LoginAttempt | Fig 2, 3 |
Step 8: Commit Design
git add .ai-workspace/designs/ git commit -m "DESIGN: Create architecture for authentication Design technical solution for user authentication and password reset. Implements: - .ai-workspace/requirements/functional/user-login.md - .ai-workspace/requirements/functional/password-reset.md References: - .ai-workspace/requirements/non-functional/security.yml - .ai-workspace/requirements/non-functional/performance.yml - .ai-workspace/requirements/business-rules/email-validation.md - .ai-workspace/requirements/business-rules/password-policy.md Components: - AuthenticationService (user-login.md, password-reset.md) - EmailValidator (email-validation.md) - PasswordValidator (password-policy.md) - LockoutTracker (password-policy.md: lockout) - PasswordHasher (security.yml: bcrypt) - SessionManager (security.yml: JWT) APIs: - POST /api/v1/auth/login - POST /api/v1/auth/password-reset-request - POST /api/v1/auth/password-reset Data Models: - User entity (email, password_hash) - LoginAttempt entity (lockout tracking) - Session entity (JWT tokens) Traceability: - requirements/functional/user-login.md → AuthenticationService → login() - requirements/functional/password-reset.md → AuthenticationService → reset() Design Coverage: 100% (all requirements have design) "
Output Format
[DESIGN WITH TRACEABILITY - Authentication] Requirements Implemented: - requirements/functional/user-login.md - requirements/functional/password-reset.md Requirements Referenced: - requirements/non-functional/security.yml - requirements/non-functional/performance.yml - requirements/business-rules/email-validation.md - requirements/business-rules/password-policy.md Design Created: Components (6): ✓ AuthenticationService (user-login.md, password-reset.md) ✓ EmailValidator (email-validation.md) ✓ PasswordValidator (password-policy.md) ✓ LockoutTracker (password-policy.md: lockout) ✓ PasswordHasher (security.yml: bcrypt) ✓ SessionManager (security.yml: JWT) APIs (3): ✓ POST /api/v1/auth/login (user-login.md) ✓ POST /api/v1/auth/password-reset-request (password-reset.md) ✓ POST /api/v1/auth/password-reset (password-reset.md) Data Models (3): ✓ User entity (email, password_hash) ✓ LoginAttempt entity (lockout tracking) ✓ Session entity (JWT tokens) Diagrams: ✓ Component diagram (architecture-overview.png) ✓ Sequence diagram (login-flow.png) ✓ Data model diagram (authentication-erd.png) Files Created: + .ai-workspace/designs/authentication-architecture.md (287 lines) + .ai-workspace/designs/diagrams/authentication-components.png + .ai-workspace/designs/api-specs/auth-api.yml (OpenAPI spec) Traceability: ✓ All components reference requirement files ✓ All APIs reference requirement files ✓ All data models reference requirement files ✓ Traceability matrix created Design Coverage: 100% (2/2 requirements have complete design) ✅ Design Complete! Ready for ADRs and implementation
Prerequisites Check
Before invoking:
- Requirements validated and approved
- Requirements have BR-, C-, F-* (from disambiguation)
Notes
Why design with traceability?
- Impact analysis: Know what design changes when requirements change
- Complete specification: Design + requirements = full implementation guide
- Architecture review: Stakeholders review tagged design
- Code generation: Design provides structure, BR-/C-/F-* provide logic
Homeostasis Goal:
desired_state: all_requirements_have_design: true all_design_tagged_with_req: true design_coverage: 100%
"Excellence or nothing" 🔥