Spec-Driven Workflow — POWERFUL
Overview
Spec-driven workflow enforces a single, non-negotiable rule: write the specification BEFORE you write any code. Not alongside. Not after. Before.
This is not documentation. This is a contract. A spec defines what the system MUST do, what it SHOULD do, and what it explicitly WILL NOT do. Every line of code you write traces back to a requirement in the spec. Every test traces back to an acceptance criterion. If it is not in the spec, it does not get built.
Why Spec-First Matters
- Eliminates rework. 60-80% of defects originate from requirements, not implementation. Catching ambiguity in a spec costs minutes; catching it in production costs days.
- Forces clarity. If you cannot write what the system should do in plain language, you do not understand the problem well enough to write code.
- Enables parallelism. Once a spec is approved, frontend, backend, QA, and documentation can all start simultaneously.
- Creates accountability. The spec is the definition of done. No arguments about whether a feature is "complete" — either it satisfies the acceptance criteria or it does not.
- Feeds TDD directly. Acceptance criteria in Given/When/Then format translate 1:1 into test cases. The spec IS the test plan.
The Iron Law
NO CODE WITHOUT AN APPROVED SPEC.
NO EXCEPTIONS. NO "QUICK PROTOTYPES." NO "I'LL DOCUMENT IT LATER."
If the spec is not written, reviewed, and approved, implementation does not begin. Period.
The Spec Format
Every spec follows this structure. No sections are optional — if a section does not apply, write "N/A — [reason]" so reviewers know it was considered, not forgotten.
Mandatory Sections
| # | Section | Key Rules |
|---|---|---|
| 1 | Title and Metadata | Author, date, status (Draft/In Review/Approved/Superseded), reviewers |
| 2 | Context | Why this feature exists. 2-4 paragraphs with evidence (metrics, tickets). |
| 3 | Functional Requirements | RFC 2119 keywords (MUST/SHOULD/MAY). Numbered FR-N. Each is atomic and testable. |
| 4 | Non-Functional Requirements | Performance, security, accessibility, scalability, reliability — all with measurable thresholds. |
| 5 | Acceptance Criteria | Given/When/Then format. Every AC references at least one FR-* or NFR-*. |
| 6 | Edge Cases | Numbered EC-N. Cover failure modes for every external dependency. |
| 7 | API Contracts | TypeScript-style interfaces. Cover success and error responses. |
| 8 | Data Models | Table format with field, type, constraints. Every entity from requirements must have a model. |
| 9 | Out of Scope | Explicit exclusions with reasons. Prevents scope creep during implementation. |
RFC 2119 Keywords
| Keyword | Meaning |
|---|---|
| MUST | Absolute requirement. Non-conformant without it. |
| MUST NOT | Absolute prohibition. |
| SHOULD | Recommended. Omit only with documented justification. |
| MAY | Optional. Implementer's discretion. |
See spec_format_guide.md for the complete template with section-by-section examples, good/bad requirement patterns, and feature-type templates (CRUD, Integration, Migration).
See acceptance_criteria_patterns.md for a full pattern library of Given/When/Then criteria across authentication, CRUD, search, file upload, payment, notification, and accessibility scenarios.
Bounded Autonomy Rules
These rules define when an agent (human or AI) MUST stop and ask for guidance vs. when they can proceed independently.
STOP and Ask When:
-
Scope creep detected. The implementation requires something not in the spec. Even if it seems obviously needed, STOP. The spec might have excluded it deliberately.
-
Ambiguity exceeds 30%. If you cannot determine the correct behavior from the spec for more than 30% of a given requirement, the spec is incomplete. Do not guess.
-
Breaking changes required. The implementation would change an existing API contract, database schema, or public interface. Always escalate.
-
Security implications. Any change that touches authentication, authorization, encryption, or PII handling requires explicit approval.
-
Performance characteristics unknown. If a requirement says "MUST complete in < 500ms" but you have no way to measure or guarantee that, escalate before implementing a guess.
-
Cross-team dependencies. If the spec requires coordination with another team or service, confirm the dependency before building against it.
Continue Autonomously When:
- Spec is clear and unambiguous for the current task.
- All acceptance criteria have passing tests and you are refactoring internals.
- Changes are non-breaking — no public API, schema, or behavior changes.
- Implementation is a direct translation of a well-defined acceptance criterion.
- Error handling follows established patterns already documented in the codebase.
Escalation Protocol
When you must stop, provide:
## Escalation: [Brief Title]
**Blocked on:** [requirement ID, e.g., FR-3]
**Question:** [Specific, answerable question — not "what should I do?"]
**Options considered:**
A. [Option] — Pros: [...] Cons: [...]
B. [Option] — Pros: [...] Cons: [...]
**My recommendation:** [A or B, with reasoning]
**Impact of waiting:** [What is blocked until this is resolved?]
Never escalate without a recommendation. Never present an open-ended question. Always give options.
See references/bounded_autonomy_rules.md for the complete decision matrix.
Workflow — 6 Phases
Phase 1: Gather Requirements
Goal: Understand what needs to be built and why.
- Interview the user. Ask:
- What problem does this solve?
- Who are the users?
- What does success look like?
- What explicitly should NOT be built?
- Read existing code. Understand the current system before proposing changes.
- Identify constraints. Performance budgets, security requirements, backward compatibility.
- List unknowns. Every unknown is a risk. Surface them now, not during implementation.
Exit criteria: You can explain the feature to someone unfamiliar with the project in 2 minutes.
Phase 2: Write Spec
Goal: Produce a complete spec document following The Spec Format above.
- Fill every section of the template. No section left blank.
- Number all requirements (FR-, NFR-, AC-, EC-, OS-*).
- Use RFC 2119 keywords precisely.
- Write acceptance criteria in Given/When/Then format.
- Define API contracts with TypeScript-style types.
- List explicit exclusions in Out of Scope.
Exit criteria: The spec can be handed to a developer who was not in the requirements meeting, and they can implement the feature without asking clarifying questions.
Phase 3: Validate Spec
Goal: Verify the spec is complete, consistent, and implementable.
Run spec_validator.py against the spec file:
python spec_validator.py --file spec.md --strict
Manual validation checklist:
- Every functional requirement has at least one acceptance criterion
- Every acceptance criterion is testable (no subjective language)
- API contracts cover all endpoints mentioned in requirements
- Data models cover all entities mentioned in requirements
- Edge cases cover failure modes for every external dependency
- Out of scope is explicit about what was considered and rejected
- Non-functional requirements have measurable thresholds
Exit criteria: Spec scores 80+ on validator, and all manual checklist items pass.
Phase 4: Generate Tests
Goal: Extract test cases from acceptance criteria before writing implementation code.
Run test_extractor.py against the approved spec:
python test_extractor.py --file spec.md --framework pytest --output tests/
- Each