Matrix Pattern MCP Server

instructions.md•13.7 kB

# Specs Horizontal Instructions ## Purpose The Specs horizontal defines the functional and non-functional requirements, business rules, and acceptance criteria for each vertical component. It serves as the authoritative specification that guides development, testing, and validation across all system layers. ## Content Requirements ### Required Sections 1. **Functional Requirements** - User stories and use cases - Business process flows - Feature specifications - Input/output requirements 2. **Non-Functional Requirements** - Performance requirements (latency, throughput) - Scalability requirements (concurrent users, data volume) - Security requirements (authentication, authorization, encryption) - Availability requirements (uptime, disaster recovery) 3. **Business Rules** - Domain-specific constraints - Validation rules and logic - Workflow rules and approvals - Compliance and regulatory requirements 4. **Acceptance Criteria** - Definition of done for features - Quality gates and checkpoints - User acceptance test scenarios - Success metrics and KPIs 5. **Constraints and Assumptions** - Technical constraints and limitations - Business assumptions and dependencies - Resource constraints (time, budget, personnel) - External dependencies and integrations ### Documentation Format ```yaml feature: name: "User Registration" epic: "User Management" priority: "high" user_stories: - id: "US001" title: "As a new user, I want to register an account" description: | As a potential customer visiting the website, I want to create a new account with my email and password, So that I can access personalized features and make purchases. acceptance_criteria: - "Given I am on the registration page" - "When I enter a valid email and secure password" - "Then I should receive a confirmation email" - "And my account should be created in pending status" - "And I should be redirected to the email verification page" business_rules: - "Email must be unique across the system" - "Password must meet security policy requirements" - "Account activation required within 24 hours" - "Duplicate registrations should be prevented" performance_requirements: - "Registration should complete within 3 seconds" - "System should handle 100 concurrent registrations" - "Confirmation email should be sent within 30 seconds" security_requirements: - "Passwords must be hashed using bcrypt with salt" - "Email verification token must expire in 24 hours" - "Rate limiting: 5 registration attempts per IP per hour" ``` ## Validation Rules ### Quality Control 1. **Completeness** - All user stories must have acceptance criteria - All features must have defined business rules - All requirements must be testable and measurable - All dependencies must be identified and documented 2. **Clarity and Consistency** - Requirements must be unambiguous and specific - Terminology must be consistent across documents - Requirements must not contradict each other - Acceptance criteria must be clearly defined 3. **Traceability** - Requirements must trace to business objectives - Features must trace to user needs - Test cases must trace to requirements - Implementation must trace to specifications 4. **Feasibility** - Requirements must be technically achievable - Performance targets must be realistic - Resource estimates must be accurate - Timeline expectations must be feasible ### Automated Checks - Requirement completeness validation - Consistency checking across specifications - Traceability matrix generation - Requirements change impact analysis - Acceptance criteria coverage verification ## Evolution Rules ### Across Verticals (Left to Right) 1. **Foundation → Core** - Basic requirements evolve into detailed business logic - Simple use cases become complex workflow specifications - Generic requirements become domain-specific rules 2. **Core → Integration** - Internal requirements expand to external interface specs - Single-system requirements become multi-system orchestration - Synchronous requirements include asynchronous patterns 3. **Integration → Extension** - Fixed requirements become configurable specifications - Standard requirements include customization points - Monolithic requirements become modular and pluggable ### Specification Maturity Levels - **Level 1**: Basic user stories with minimal acceptance criteria - **Level 2**: Detailed requirements with business rules and constraints - **Level 3**: Comprehensive specifications with performance and security requirements - **Level 4**: Dynamic specifications with AI-assisted requirement generation ## Dependencies ### Upstream Dependencies 1. **Business Strategy** - Business objectives and goals - Market requirements and competition analysis - User research and personas - Revenue and cost models 2. **Stakeholder Input** - User feedback and requirements - Product management priorities - Technical architecture constraints - Compliance and regulatory requirements ### Downstream Dependencies 1. **Schema Horizontal** - Data model requirements - Validation rule specifications - Relationship constraints 2. **API Horizontal** - Interface requirement specifications - Authentication and authorization requirements - Performance and rate limiting requirements 3. **Tests Horizontal** - Test scenario generation - Acceptance criteria validation - Performance benchmark requirements 4. **Frontend Horizontal** - User experience requirements - Accessibility specifications - Browser compatibility requirements 5. **Backend Horizontal** - Performance and scalability requirements - Security implementation requirements - Integration specifications ## Best Practices ### Requirements Engineering 1. **User-Centered Design** - Focus on user needs and goals - Use personas and user journey mapping - Validate requirements with actual users - Prioritize based on user value 2. **Agile Requirements** - Write requirements as user stories - Use acceptance criteria for validation - Maintain a prioritized product backlog - Refine requirements iteratively 3. **Behavior-Driven Development** - Use Given-When-Then format for scenarios - Focus on behavior rather than implementation - Collaborate with stakeholders on examples - Maintain living documentation 4. **Requirements Traceability** - Link requirements to business objectives - Trace features to user needs - Connect test cases to requirements - Track implementation to specifications ### Common Specification Patterns ```gherkin # User Story Pattern Feature: User Authentication As a registered user I want to log into my account So that I can access my personal information Background: Given I am a registered user with email "user@example.com" And my password is "SecurePassword123" Scenario: Successful login with valid credentials Given I am on the login page When I enter my email "user@example.com" And I enter my password "SecurePassword123" And I click the "Login" button Then I should be redirected to the dashboard And I should see a welcome message "Welcome back, John" And my session should be established Scenario: Failed login with invalid password Given I am on the login page When I enter my email "user@example.com" And I enter an incorrect password "WrongPassword" And I click the "Login" button Then I should see an error message "Invalid email or password" And I should remain on the login page And my failed login attempt should be logged Scenario: Account lockout after multiple failed attempts Given I have failed to login 4 times in the last hour When I attempt to login with incorrect credentials again Then my account should be temporarily locked And I should see a message "Account locked due to multiple failed attempts" And I should receive an email notification about the lockout ``` ```yaml # Business Rules Pattern business_rules: user_registration: - rule_id: "BR001" description: "Email uniqueness constraint" logic: "Each email address can only be associated with one active account" validation: "System must reject registration if email already exists" exception: "Soft-deleted accounts may reuse email after 30 days" - rule_id: "BR002" description: "Password security policy" logic: | Password must contain: - Minimum 8 characters - At least one uppercase letter - At least one lowercase letter - At least one number - At least one special character validation: "System must validate password on client and server side" exception: "Legacy users may keep existing passwords until next change" account_verification: - rule_id: "BR003" description: "Email verification requirement" logic: "All new accounts must verify email within 24 hours" validation: "Unverified accounts cannot access protected features" exception: "Admin-created accounts may bypass verification" ``` ## Non-Functional Requirements ### Performance Requirements ```yaml performance: response_times: page_load: "< 2 seconds (95th percentile)" api_response: "< 500ms (95th percentile)" database_query: "< 100ms (average)" search_results: "< 1 second (95th percentile)" throughput: concurrent_users: 1000 requests_per_second: 500 transactions_per_minute: 10000 scalability: horizontal_scaling: "Auto-scale from 2 to 20 instances" database_scaling: "Read replicas for geographic distribution" cdn_usage: "Static assets served via CDN" resource_limits: memory_usage: "< 512MB per instance" cpu_usage: "< 70% under normal load" disk_usage: "< 80% of allocated space" ``` ### Security Requirements ```yaml security: authentication: methods: ["email_password", "oauth_google", "oauth_github"] session_timeout: "24 hours inactive, 7 days absolute" password_policy: "As defined in BR002" multi_factor: "Optional for users, required for admins" authorization: model: "Role-Based Access Control (RBAC)" roles: ["user", "moderator", "admin", "super_admin"] permissions: "Fine-grained resource-based permissions" inheritance: "Role hierarchy with permission inheritance" data_protection: encryption_at_rest: "AES-256 for sensitive data" encryption_in_transit: "TLS 1.3 for all communications" pii_handling: "GDPR and CCPA compliant data processing" data_retention: "User data retained for 7 years after deletion" compliance: standards: ["OWASP Top 10", "ISO 27001", "SOC 2"] auditing: "All user actions logged and retained for 2 years" vulnerability_scanning: "Weekly automated security scans" penetration_testing: "Annual third-party security assessment" ``` ### Availability Requirements ```yaml availability: uptime: target: "99.9% (8.76 hours downtime per year)" measurement: "Monthly uptime calculation" exclusions: "Planned maintenance windows" disaster_recovery: rto: "4 hours (Recovery Time Objective)" rpo: "1 hour (Recovery Point Objective)" backup_frequency: "Real-time replication + daily snapshots" geographic_distribution: "Multi-region deployment" maintenance: planned_maintenance: "Monthly 2-hour window, off-peak hours" emergency_maintenance: "As needed with 1-hour notice" rollback_capability: "Ability to rollback within 15 minutes" ``` ## Integration Guidelines ### Requirements Management 1. **Version Control** - Track all requirement changes - Maintain requirement baselines - Document change rationale - Link changes to business justification 2. **Stakeholder Collaboration** - Regular requirement review sessions - Stakeholder sign-off on major changes - Feedback loop with development teams - User validation of requirements 3. **Requirements Testing** - Every requirement must be testable - Acceptance criteria must be verifiable - Performance requirements must be measurable - Business rules must be validatable ### Tools and Standards - **Requirements Management**: Jira, Azure DevOps, Confluence - **Documentation**: Markdown, AsciiDoc, Sphinx - **Behavior Specification**: Gherkin, Cucumber, SpecFlow - **Modeling**: UML, BPMN, ArchiMate - **Prototyping**: Figma, Sketch, InVision - **Validation**: User testing platforms, A/B testing tools ## Quality Assurance ### Requirements Review Checklist - [ ] All requirements are clearly defined and unambiguous - [ ] Acceptance criteria are specific and testable - [ ] Business rules are documented and validated - [ ] Performance requirements are measurable - [ ] Security requirements are comprehensive - [ ] Dependencies are identified and managed - [ ] Constraints and assumptions are documented - [ ] Requirements trace to business objectives - [ ] Stakeholders have reviewed and approved - [ ] Technical feasibility has been confirmed ### Continuous Improvement - Regular retrospectives on requirements quality - Metrics tracking on requirement changes and defects - User feedback integration into requirement refinement - Automated validation of requirement completeness - Best practice sharing across teams and projects

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Rodrigo-JM/matrix-pattern'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

instructions.md•13.7 kB