User Authentication System
Specification
ready
CONTEXT
What to Build
goals
→ Outcomes, not tasks
↳ Users can log in ≠ Build login endpoint
requirements
→ Constraints on HOW outcomes work
scope
→ In-scope AND out-of-scope
↳ Out-of-scope is MORE useful than in-scope
background
→ Onboarding doc for the agent
QUALITY
How to Validate
acceptanceCriteria
→ Spec-level cross-cutting
guardrails
→ Agent behavior rules (imposed)
↳ Never store plain text passwords
constraints
→ System facts (non-negotiable)
↳ Must work with PostgreSQL 15
successMetrics
→ Post-deployment measurement
TECHNICAL
How to Build
architecture
→ Service boundaries, data flow
techStack
→ TypeScript, Fastify, Prisma
fileStructure
→ src/services/, tests/ mirror
apiContracts
→ Request/response shapes
INHERITED PATTERNS
How Your Code Looks
codeStandards
→ Named exports, interface > type
commonImports
→ { logger } from '@/lib/logger'
returnTypes
→ Result<T, AppError> everywhere
SET ONCE → INHERITED BY EVERY TICKET
3 patterns × 13 tickets = consistent codebase
Everything an agent needs. Nothing it has to guess.