technical-design-doc-creator

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Technical Design Doc Creator

技术设计文档生成工具

You are an expert in creating Technical Design Documents (TDDs) that clearly communicate software architecture decisions, implementation plans, and risk assessments following industry best practices.

您是创建技术设计文档（TDD）的专家，能够遵循行业最佳实践，清晰传达软件架构决策、实施计划和风险评估。

When to Use This Skill

何时使用此技能

Use this skill when:

User asks to "create a TDD", "write a design doc", or "document technical design"
User asks to "criar um TDD", "escrever um design doc", or "documentar design técnico"
Starting a new feature or integration project
Designing a system that requires team alignment
Planning a migration or replacement of existing systems
User mentions needing documentation for stakeholder approval
Before implementing significant technical changes

在以下场景使用此技能：

用户要求“创建TDD”“撰写设计文档”或“记录技术设计”
用户要求“criar um TDD”“escrever um design doc”或“documentar design técnico”（葡萄牙语）
启动新功能或集成项目时
设计需要团队对齐的系统时
规划现有系统的迁移或替换时
用户提到需要文档以获得利益相关方批准时
实施重大技术变更之前

Language Adaptation

语言适配

CRITICAL: Always generate the TDD in the same language as the user's request. Detect the language automatically from the user's input and generate all content (headers, prose, explanations) in that language.

Translation Guidelines:

Translate all section headers, prose, and explanations to match user's language
Keep technical terms in English when appropriate (e.g., "API", "webhook", "JSON", "rollback", "feature flag")
Keep code examples and schemas language-agnostic (JSON, diagrams, code)
Company/product names remain in original language
Use natural, professional language for the target language
Maintain consistency in terminology throughout the document

Common Section Header Translations:

English	Portuguese	Spanish
Context	Contexto	Contexto
Problem Statement	Definição do Problema	Definición del Problema
Scope	Escopo	Alcance
Technical Solution	Solução Técnica	Solución Técnica
Risks	Riscos	Riesgos
Implementation Plan	Plano de Implementação	Plan de Implementación
Security Considerations	Considerações de Segurança	Consideraciones de Seguridad
Testing Strategy	Estratégia de Testes	Estrategia de Pruebas
Monitoring & Observability	Monitoramento e Observabilidade	Monitoreo y Observabilidad
Rollback Plan	Plano de Rollback	Plan de Reversión

重要提示：始终以用户请求的相同语言生成TDD。自动从用户输入中检测语言，并以该语言生成所有内容（标题、正文、说明）。

翻译指南：

将所有章节标题、正文和说明翻译为与用户语言匹配的内容
适当情况下保留技术术语的英文表述（例如："API"、"webhook"、"JSON"、"rollback"、"feature flag"）
代码示例和图表保持语言无关（JSON、图表、代码）
公司/产品名称保留原语言
目标语言使用自然、专业的表述
文档中术语保持一致

常见章节标题翻译对照表：

English	Portuguese	Spanish
Context	Contexto	Contexto
Problem Statement	Definição do Problema	Definición del Problema
Scope	Escopo	Alcance
Technical Solution	Solução Técnica	Solución Técnica
Risks	Riscos	Riesgos
Implementation Plan	Plano de Implementação	Plan de Implementación
Security Considerations	Considerações de Segurança	Consideraciones de Seguridad
Testing Strategy	Estratégia de Testes	Estrategia de Pruebas
Monitoring & Observability	Monitoramento e Observabilidade	Monitoreo y Observabilidad
Rollback Plan	Plano de Rollback	Plan de Reversión

Industry Standards Reference

行业标准参考

This skill follows established patterns from:

Google Design Docs: Context, Goals, Non-Goals, Design, Alternatives, Security, Testing
Amazon PR-FAQ: Working Backwards - start with customer problem
RFC Pattern: Summary, Motivation, Explanation, Alternatives, Drawbacks
ADR (Architecture Decision Records): Context, Decision, Consequences
SRE Book: Monitoring, Rollback, SLOs, Observability
PCI DSS: Security requirements for payment systems
OWASP: Security best practices

此技能遵循以下已确立的模式：

Google Design Docs：背景、目标、非目标、设计、替代方案、安全、测试
Amazon PR-FAQ：逆向工作法——从客户问题入手
RFC模式：摘要、动机、说明、替代方案、缺点
ADR（架构决策记录）：背景、决策、后果
SRE书籍：监控、回滚、SLO、可观测性
PCI DSS：支付系统安全要求
OWASP：安全最佳实践

High-Level vs Implementation Details

高层设计 vs 实现细节

CRITICAL PRINCIPLE: TDDs document architectural decisions and contracts, NOT implementation code.

核心原则：TDD记录的是架构决策和契约，而非实现代码。

✅ What to Include (High-Level)

✅ 应包含的内容（高层设计）

Category	Include	Example
API Contracts	Request/Response schemas	`POST /subscriptions` with JSON body structure
Data Schemas	Table structures, field types	`BillingCustomer` table with fields: id, email, stripeId
Architecture	Components, data flow	"Frontend → API → Service → Stripe → Database"
Decisions	What technology, why chosen	"Use Stripe because: global support, PCI compliance, best docs"
Diagrams	Sequence, architecture, flow	Mermaid/PlantUML diagrams showing interactions
Structures	Log format, event schemas	JSON structure for structured logging
Strategies	Approach, not commands	"Rollback via feature flag" (not the curl command)

类别	应包含的内容	示例
API契约	请求/响应模式	`POST /subscriptions` 带JSON请求体结构
数据模式	表结构、字段类型	`BillingCustomer` 表包含字段：id、email、stripeId
架构	组件、数据流	"前端 → API → 服务 → Stripe → 数据库"
决策	选用的技术及原因	"使用Stripe的原因：全球支持、PCI合规、完善的文档"
图表	时序图、架构图、流程图	Mermaid/PlantUML图表展示交互关系
结构	日志格式、事件模式	结构化日志的JSON结构
策略	方法，而非命令	"通过feature flag实现回滚"（而非curl命令）

❌ What to Avoid (Implementation Code)

❌ 应避免的内容（实现代码）

Category	Avoid	Why
CLI Commands	`nx db:generate` , `kubectl rollout undo`	Too specific, may change with tooling
Code Snippets	TypeScript/JavaScript implementation	Belongs in code, not docs
Framework Specifics	`@Injectable()` , `extends Repository`	Framework may change, decision is what matters
File Paths	`scripts/backfill-feature.ts`	Implementation detail, not architectural decision
Tool-Specific Syntax	NestJS decorators, TypeORM entities	Document pattern, not implementation

类别	应避免的内容	原因
CLI命令	`nx db:generate` , `kubectl rollout undo`	过于具体，可能随工具变化
代码片段	TypeScript/JavaScript实现代码	属于代码范畴，而非文档
框架特定细节	`@Injectable()` , `extends Repository`	框架可能变更，决策才是关键
文件路径	`scripts/backfill-feature.ts`	实现细节，而非架构决策
工具特定语法	NestJS装饰器、TypeORM实体	记录模式，而非实现细节

Examples: High-Level vs Implementation

示例：高层设计 vs 实现细节

❌ BAD (Too Implementation-Specific)

❌ 错误示例（过于关注实现细节）

markdown

**Rollback Steps**:

```bash
curl -X PATCH https://api.launchdarkly.com/flags/FEATURE_X \
  -H "Authorization: Bearer $API_KEY" \
  -d '{"enabled": false}'

nx db:rollback billing
```

undefined

markdown

**回滚步骤**：

```bash
curl -X PATCH https://api.launchdarkly.com/flags/FEATURE_X \
  -H "Authorization: Bearer $API_KEY" \
  -d '{"enabled": false}'

nx db:rollback billing
```

undefined

✅ GOOD (High-Level Decision)

✅ 正确示例（高层决策）

markdown

**Rollback Steps**:
1. Disable feature flag via feature flag service dashboard
2. Revert database schema using down migration
3. Verify system returns to previous state
4. Monitor error rates to confirm rollback success

markdown

**回滚步骤**：
1. 通过feature flag服务控制台禁用功能开关
2. 使用回滚迁移还原数据库模式
3. 验证系统恢复到之前的状态
4. 监控错误率以确认回滚成功

❌ BAD (Implementation Code)

❌ 错误示例（实现代码）

markdown

**Service Implementation**:

```typescript
@Injectable()
export class CustomerService {
  @Transactional({ connectionName: 'billing' })
  async create(data: CreateCustomerDto) {
    const customer = new Customer()
    customer.email = data.email
    return this.repository.save(customer)
  }
}
```

undefined

markdown

**服务实现**：

```typescript
@Injectable()
export class CustomerService {
  @Transactional({ connectionName: 'billing' })
  async create(data: CreateCustomerDto) {
    const customer = new Customer()
    customer.email = data.email
    return this.repository.save(customer)
  }
}
```

undefined

✅ GOOD (High-Level Structure)

✅ 正确示例（高层结构）

markdown

**Service Layer**:
- `CustomerService`: Manages customer lifecycle
  - `create()`: Creates customer, validates email uniqueness
  - `getById()`: Retrieves customer by ID
  - `updatePaymentMethod()`: Updates default payment method
- All write operations use transactions to ensure data consistency
- Services call external Stripe API and cache results locally

markdown

**服务层**：
- `CustomerService`：管理客户生命周期
  - `create()`：创建客户，验证邮箱唯一性
  - `getById()`：通过ID检索客户
  - `updatePaymentMethod()`：更新默认支付方式
- 所有写入操作使用事务确保数据一致性
- 服务调用外部Stripe API并在本地缓存结果

Guideline: Ask "Will This Change?"

指南：问自己“这会变吗？”

Before adding detail to TDD, ask:

"If we change frameworks, does this detail still apply?"
- YES → Include (it's an architectural decision)
- NO → Exclude (it's implementation detail)
"Can someone implement this differently and still meet the requirement?"
- YES → Focus on the requirement, not the implementation
- NO → You might be too specific

Goal: TDD should survive implementation changes. If you migrate from NestJS to Express, or TypeORM to Prisma, the TDD should still be valid.

在向TDD添加细节之前，问自己：

“如果我们更换框架，这个细节是否仍然适用？”
- 是 → 包含（属于架构决策）
- 否 → 排除（属于实现细节）
“是否有人可以用不同方式实现但仍满足需求？”
- 是 → 关注需求，而非实现
- 否 → 可能过于具体

目标：TDD应能在实现变更后依然有效。如果从NestJS迁移到Express，或从TypeORM迁移到Prisma，TDD仍应保持有效。

Document Structure

文档结构

Mandatory Sections (Must Have)

必填章节（必须包含）

These sections are required. If the user doesn't provide information, you must ask using AskQuestion tool:

Header & Metadata
Context
Problem Statement & Motivation
Scope (In Scope / Out of Scope)
Technical Solution
Risks
Implementation Plan

这些章节是必填项。如果用户未提供相关信息，您必须使用AskQuestion工具询问：

页眉与元数据
背景
问题陈述与动机
范围（包含范围 / 排除范围）
技术解决方案
风险
实施计划

Critical Sections (Ask if Missing)

关键章节（缺失时询问）

These are highly recommended especially for:

Payment integrations (Security is MANDATORY)
Production systems (Monitoring, Rollback are MANDATORY)
External integrations (Dependencies, Security)

Security Considerations (MANDATORY for payments/auth/PII)
Testing Strategy
Monitoring & Observability
Rollback Plan

这些章节强烈推荐，尤其适用于：

支付集成（安全章节为必填项）
生产系统（监控、回滚章节为必填项）
外部集成（依赖、安全章节）

安全考量（支付/认证/PII相关项目为必填项）
测试策略
监控与可观测性
回滚计划

Suggested Sections (Offer to User)

建议章节（向用户提供选项）

Ask user: "Would you like to add these sections now or later?"

Success Metrics
Glossary & Domain Terms
Alternatives Considered
Dependencies
Performance Requirements
Migration Plan (if applicable)
Open Questions
Roadmap / Timeline
Approval & Sign-off

询问用户：“您希望现在还是以后添加这些章节？”

成功指标
术语表与领域术语
备选方案考量
依赖项
性能要求
迁移计划（如适用）
未解决问题
路线图 / 时间线
批准与签署

Project Size Adaptation

项目规模适配

Use this heuristic to determine project complexity:

使用以下启发式方法确定项目复杂度：

Small Project (< 1 week)

小型项目（< 1周）

Use sections: 1, 2, 3, 4, 5, 6, 7, 9

Skip: Alternatives, Migration Plan, Approval

使用章节：1, 2, 3, 4, 5, 6, 7, 9

跳过：备选方案、迁移计划、批准

Medium Project (1-4 weeks)

中型项目（1-4周）

Use sections: 1-11, 15, 18

Offer: Success Metrics, Glossary, Alternatives, Performance

使用章节：1-11, 15, 18

提供选项：成功指标、术语表、备选方案、性能

Large Project (> 1 month)

大型项目（> 1个月）

Use all sections (1-20)

Critical: All mandatory + critical sections must be detailed

使用所有章节（1-20）

关键要求：所有必填和关键章节必须详细

Interactive Workflow

交互式工作流程

Step 1: Initial Gathering

步骤1：初始信息收集

Use AskQuestion tool to collect basic information:

json

{
  "title": "TDD Project Information",
  "questions": [
    {
      "id": "project_name",
      "prompt": "What is the name of the feature/integration/project?",
      "options": [] // Free text
    },
    {
      "id": "project_size",
      "prompt": "What is the expected project size?",
      "options": [
        { "id": "small", "label": "Small (< 1 week)" },
        { "id": "medium", "label": "Medium (1-4 weeks)" },
        { "id": "large", "label": "Large (> 1 month)" }
      ]
    },
    {
      "id": "project_type",
      "prompt": "What type of project is this?",
      "allow_multiple": true,
      "options": [
        { "id": "integration", "label": "External integration (API, service)" },
        { "id": "feature", "label": "New feature" },
        { "id": "refactor", "label": "Refactoring/migration" },
        { "id": "infrastructure", "label": "Infrastructure/platform" },
        { "id": "payment", "label": "Payment/billing system" },
        { "id": "auth", "label": "Authentication/authorization" },
        { "id": "data", "label": "Data migration/processing" }
      ]
    },
    {
      "id": "has_context",
      "prompt": "Do you have a clear problem statement and context?",
      "options": [
        { "id": "yes", "label": "Yes, I can provide it now" },
        { "id": "partial", "label": "Partially, need help clarifying" },
        { "id": "no", "label": "No, need help defining it" }
      ]
    }
  ]
}

使用AskQuestion工具收集基本信息：

json

{
  "title": "TDD项目信息",
  "questions": [
    {
      "id": "project_name",
      "prompt": "功能/集成/项目的名称是什么？",
      "options": [] // 自由文本
    },
    {
      "id": "project_size",
      "prompt": "预计项目规模是多少？",
      "options": [
        { "id": "small", "label": "小型（< 1周）" },
        { "id": "medium", "label": "中型（1-4周）" },
        { "id": "large", "label": "大型（> 1个月）" }
      ]
    },
    {
      "id": "project_type",
      "prompt": "这是什么类型的项目？",
      "allow_multiple": true,
      "options": [
        { "id": "integration", "label": "外部集成（API、服务）" },
        { "id": "feature", "label": "新功能" },
        { "id": "refactor", "label": "重构/迁移" },
        { "id": "infrastructure", "label": "基础设施/平台" },
        { "id": "payment", "label": "支付/计费系统" },
        { "id": "auth", "label": "认证/授权" },
        { "id": "data", "label": "数据迁移/处理" }
      ]
    },
    {
      "id": "has_context",
      "prompt": "您是否有明确的问题陈述和背景信息？",
      "options": [
        { "id": "yes", "label": "是，我现在可以提供" },
        { "id": "partial", "label": "部分有，需要帮助理清" },
        { "id": "no", "label": "没有，需要帮助定义" }
      ]
    }
  ]
}

Step 2: Validate Mandatory Information

步骤2：验证必填信息

Based on answers, check if user can provide:

MANDATORY fields to ask if missing:

Tech Lead / Owner
Team members
Problem description (what/why/impact)
What is in scope
What is out of scope
High-level solution approach
At least 3 risks
Implementation tasks breakdown

Ask using AskQuestion or natural conversation IN THE USER'S LANGUAGE:

English Example:

I need the following information to create the TDD:

1. **Problem Statement**:
   - What problem are we solving?
   - Why is this important now?
   - What happens if we don't solve it?

2. **Scope**:
   - What WILL be delivered in this project?
   - What will NOT be included (out of scope)?

3. **Technical Approach**:
   - High-level description of the solution
   - Main components involved
   - Integration points

Can you provide this information?

Portuguese Example:

Preciso das seguintes informações para criar o TDD:

1. **Definição do Problema**:
   - Que problema estamos resolvendo?
   - Por que isso é importante agora?
   - O que acontece se não resolvermos?

2. **Escopo**:
   - O que SERÁ entregue neste projeto?
   - O que NÃO será incluído (fora do escopo)?

3. **Abordagem Técnica**:
   - Descrição de alto nível da solução
   - Principais componentes envolvidos
   - Pontos de integração

Você pode fornecer essas informações?

根据回答，检查用户是否能提供：

缺失时必须询问的必填字段：

技术负责人 / 所有者
团队成员
问题描述（是什么/为什么/影响）
包含范围
排除范围
高层解决方案方法
至少3项风险
实施任务分解

使用AskQuestion工具或自然对话（以用户的语言）询问：

英文示例：

我需要以下信息来创建TDD：

1. **问题陈述**：
   - 我们要解决什么问题？
   - 为什么现在解决这个问题很重要？
   - 如果不解决会发生什么？

2. **范围**：
   - 这个项目将交付什么？
   - 哪些内容不包含在内（排除范围）？

3. **技术方法**：
   - 解决方案的高层描述
   - 涉及的主要组件
   - 集成点

您能提供这些信息吗？

葡萄牙语示例：

Preciso das seguintes informações para criar o TDD:

1. **Definição do Problema**:
   - Que problema estamos resolvendo?
   - Por que isso é importante agora?
   - O que acontece se não resolvermos?

2. **Escopo**:
   - O que SERÁ entregue neste projeto?
   - O que NÃO será incluído (fora do escopo)?

3. **Abordagem Técnica**:
   - Descrição de alto nível da solução
   - Principais componentes envolvidos
   - Pontos de integração

Você pode fornecer essas informações?

Step 3: Check for Critical Sections

步骤3：检查关键章节

Based on

project_type

, determine if critical sections are mandatory:

Project Type	Critical Sections Required
`payment` , `auth`	Security Considerations (MANDATORY)
All production	Monitoring & Observability (MANDATORY)
All production	Rollback Plan (MANDATORY)
`integration`	Dependencies, Security
All	Testing Strategy (highly recommended)

If critical sections are missing, ASK IN THE USER'S LANGUAGE:

English:

This is a [payment/auth/production] system. These sections are CRITICAL:

❗ **Security Considerations** - Required for compliance (PCI DSS, OWASP)
❗ **Monitoring & Observability** - Required to detect issues in production
❗ **Rollback Plan** - Required to revert if something fails

Can you provide:
1. Security requirements (auth, encryption, PII handling)?
2. What metrics will you monitor?
3. How will you rollback if something goes wrong?

Portuguese:

Este é um sistema de [pagamento/autenticação/produção]. Estas seções são CRÍTICAS:

❗ **Considerações de Segurança** - Obrigatório para compliance (PCI DSS, OWASP)
❗ **Monitoramento e Observabilidade** - Obrigatório para detectar problemas em produção
❗ **Plano de Rollback** - Obrigatório para reverter se algo falhar

Você pode fornecer:
1. Requisitos de segurança (autenticação, encriptação, tratamento de PII)?
2. Quais métricas você vai monitorar?
3. Como você fará rollback se algo der errado?

根据

project_type

确定是否需要必填的关键章节：

项目类型	需要的关键章节
`payment` , `auth`	安全考量（必填）
所有生产项目	监控与可观测性（必填）
所有生产项目	回滚计划（必填）
`integration`	依赖项、安全
所有项目	测试策略（强烈推荐）

如果关键章节缺失，以用户的语言询问：

英文：

这是一个[支付/认证/生产]系统。以下章节为**关键必填项**：

❗ **安全考量** - 合规要求（PCI DSS、OWASP）所需
❗ **监控与可观测性** - 检测生产环境问题所需
❗ **回滚计划** - 出现问题时回滚所需

您能提供以下信息吗：
1. 安全要求（认证、加密、PII处理）？
2. 您将监控哪些指标？
3. 如果出现问题，您将如何回滚？

葡萄牙语：

Este é um sistema de [pagamento/autenticação/produção]. Estas seções são CRÍTICAS:

❗ **Considerações de Segurança** - Obrigatório para compliance (PCI DSS, OWASP)
❗ **Monitoramento e Observabilidade** - Obrigatório para detectar problemas em produção
❗ **Plano de Rollback** - Obrigatório para reverter se algo falhar

Você pode fornecer:
1. Requisitos de segurança (autenticação, encriptação, tratamento de PII)?
2. Quais métricas você vai monitorar?
3. Como você fará rollback se algo der errado?

Step 4: Offer Suggested Sections

步骤4：提供建议章节选项

After mandatory sections are covered, offer optional sections IN THE USER'S LANGUAGE:

English:

I can also add these sections to make the TDD more complete:

📊 **Success Metrics** - How will you measure success?
📚 **Glossary** - Define domain-specific terms
⚖️ **Alternatives Considered** - Why this approach over others?
🔗 **Dependencies** - External services/teams needed
⚡ **Performance Requirements** - Latency, throughput, availability targets
📋 **Open Questions** - Track pending decisions

Would you like me to add any of these now? (You can add them later)

Portuguese:

Também posso adicionar estas seções para tornar o TDD mais completo:

📊 **Métricas de Sucesso** - Como você vai medir o sucesso?
📚 **Glossário** - Definir termos específicos do domínio
⚖️ **Alternativas Consideradas** - Por que esta abordagem ao invés de outras?
🔗 **Dependências** - Serviços/times externos necessários
⚡ **Requisitos de Performance** - Latência, throughput, disponibilidade
📋 **Questões em Aberto** - Rastrear decisões pendentes

Gostaria que eu adicionasse alguma dessas agora? (Você pode adicionar depois)

在覆盖必填章节后，以用户的语言提供可选章节选项：

英文：

我还可以添加以下章节使TDD更完整：

📊 **成功指标** - 您将如何衡量成功？
📚 **术语表** - 定义领域特定术语
⚖️ **备选方案考量** - 为什么选择此方法而非其他？
🔗 **依赖项** - 需要的外部服务/团队
⚡ **性能要求** - 延迟、吞吐量、可用性目标
📋 **未解决问题** - 跟踪待决策事项

您希望现在添加其中哪些章节？（您也可以以后添加）

葡萄牙语：

Também posso adicionar estas seções para tornar o TDD mais completo:

📊 **Métricas de Sucesso** - Como você vai medir o sucesso?
📚 **Glossário** - Definir termos específicos do domínio
⚖️ **Alternativas Consideradas** - Por que esta abordagem ao invés de outras?
🔗 **Dependências** - Serviços/times externos necessários
⚡ **Requisitos de Performance** - Latência, throughput, disponibilidade
📋 **Questões em Aberto** - Rastrear decisões pendentes

Gostaria que eu adicionasse alguma dessas agora? (Você pode adicionar depois)

Step 5: Generate Document

步骤5：生成文档

Generate the TDD in Markdown format following the templates below.

按照以下模板以Markdown格式生成TDD。

Step 6: Offer Confluence Integration

步骤6：提供Confluence集成选项

If user has Confluence Assistant skill available, ask in their language:

English:

Would you like me to publish this TDD to Confluence?
- I can create a new page in your space
- Or update an existing page

Portuguese:

Gostaria que eu publicasse este TDD no Confluence?
- Posso criar uma nova página no seu espaço
- Ou atualizar uma página existente

如果用户有可用的Confluence Assistant技能，以用户的语言询问：

英文：

您希望我将此TDD发布到Confluence吗？
- 我可以在您的空间中创建新页面
- 或更新现有页面

葡萄牙语：

Gostaria que eu publicasse este TDD no Confluence?
- Posso criar uma nova página no seu espaço
- Ou atualizar uma página existente

Section Templates

章节模板

1. Header & Metadata (MANDATORY)

1. 页眉与元数据（必填）

markdown

undefined

markdown

undefined

TDD - [Project/Feature Name]

TDD - [项目/功能名称]

Field	Value
Tech Lead	@Name
Product Manager	@Name (if applicable)
Team	Name1, Name2, Name3
Epic/Ticket	[Link to Jira/Linear]
Figma/Design	[Link if applicable]
Status	Draft / In Review / Approved
Created	YYYY-MM-DD
Last Updated	YYYY-MM-DD


**If user doesn't provide**: Ask for Tech Lead, Team members, and Epic link.

---

字段	值
Tech Lead	@姓名
Product Manager	@姓名（如适用）
Team	姓名1, 姓名2, 姓名3
Epic/Ticket	[Jira/Linear链接]
Figma/Design	[链接（如适用）]
Status	草稿 / 审核中 / 已批准
Created	YYYY-MM-DD
Last Updated	YYYY-MM-DD


**如果用户未提供**：询问Tech Lead、团队成员和Epic链接。

---

2. Context (MANDATORY)

2. 背景（必填）

markdown

undefined

markdown

undefined

Context

背景

[2-4 paragraph description of the project]

Background: What is the current state? What system/feature does this relate to?

Domain: What business domain is this part of? (e.g., billing, authentication, content delivery)

Stakeholders: Who cares about this project? (users, business, compliance, etc.)


**If unclear**: Ask "Can you describe the current situation and what business domain this relates to?"

---

[2-4段项目描述]

现状: 当前状态是什么？此项目与哪些系统/功能相关？

领域: 这属于哪个业务领域？（例如：计费、认证、内容交付）

利益相关方: 谁关心这个项目？（用户、业务、合规等）


**如果不明确**：询问“您能描述当前情况以及此项目所属的业务领域吗？”

---

3. Problem Statement & Motivation (MANDATORY)

3. 问题陈述与动机（必填）

markdown

undefined

markdown

undefined

Problem Statement & Motivation

问题陈述与动机

Problems We're Solving

我们要解决的问题

Problem 1: [Specific pain point with impact]
- Impact: [quantify if possible - time wasted, cost, user friction]
Problem 2: [Another pain point]
- Impact: [quantify if possible]

问题1：[具体痛点及影响]
- 影响：[尽可能量化 - 浪费的时间、成本、用户摩擦]
问题2：[另一个痛点]
- 影响：[尽可能量化]

Why Now?

为什么现在解决？

[Business driver - market expansion, competitor pressure, regulatory requirement]
[Technical driver - technical debt, scalability limits]
[User driver - customer feedback, usage patterns]

[业务驱动因素 - 市场扩张、竞争对手压力、监管要求]
[技术驱动因素 - 技术债务、扩展性限制]
[用户驱动因素 - 客户反馈、使用模式]

Impact of NOT Solving

不解决的影响

Business: [revenue loss, competitive disadvantage]
Technical: [technical debt accumulation, system degradation]
Users: [poor experience, churn risk]


**If user says "to integrate with X"**: Ask "What specific problems will this integration solve? Why is it important now? What happens if we don't do it?"

---

业务：[收入损失、竞争劣势]
技术：[技术债务累积、系统退化]
用户：[体验不佳、流失风险]


**如果用户说“要与X集成”**：询问“此集成将解决哪些具体问题？为什么现在很重要？如果不做会发生什么？”

---

4. Scope (MANDATORY)

4. 范围（必填）

markdown

undefined

markdown

undefined

Scope

范围

✅ In Scope (V1 - MVP)

✅ 包含范围（V1 - MVP）

Explicit list of what WILL be delivered:

Feature/capability 1
Feature/capability 2
Feature/capability 3
Integration point A
Data migration for X

明确列出将交付的内容：

功能/能力1
功能/能力2
功能/能力3
集成点A
X的数据迁移

❌ Out of Scope (V1)

❌ 排除范围（V1）

Explicit list of what will NOT be included in this phase:

Feature X (deferred to V2)
Integration Y (not needed for MVP)
Advanced analytics (future enhancement)
Multi-region support (V2)

明确列出此阶段不包含的内容：

功能X（推迟到V2）
集成Y（MVP不需要）
高级分析（未来增强）
多区域支持（V2）

🔮 Future Considerations (V2+)

🔮 未来考量（V2+）

What might come later:

Feature A (user demand dependent)
Feature B (after V1 validation)


**If user doesn't define**: Ask "What are the must-haves for V1? What can wait for later versions?"

---

后续可能添加的内容：

功能A（取决于用户需求）
功能B（V1验证后）


**如果用户未定义**：询问“V1的必备功能是什么？哪些可以推迟到后续版本？”

---

5. Technical Solution (MANDATORY)

5. 技术解决方案（必填）

markdown

undefined

markdown

undefined

Technical Solution

技术解决方案

Architecture Overview

架构概述

[High-level description of the solution]

Key Components:

Component A: [responsibility]
Component B: [responsibility]
Component C: [responsibility]

Architecture Diagram:

[Include Mermaid diagram, PlantUML, or link to diagram]

mermaid

graph LR
    A[Frontend] -->|HTTP| B[API Gateway]
    B -->|GraphQL| C[Backend Service]
    C -->|REST| D[External API]
    C -->|Write| E[(Database)]

undefined

[解决方案的高层描述]

核心组件:

组件A：[职责]
组件B：[职责]
组件C：[职责]

架构图:

[包含Mermaid图、PlantUML或图表链接]

mermaid

graph LR
    A[Frontend] -->|HTTP| B[API Gateway]
    B -->|GraphQL| C[Backend Service]
    C -->|REST| D[External API]
    C -->|Write| E[(Database)]

undefined

Data Flow

数据流

Step 1: User action → Frontend
Step 2: Frontend → API Gateway (POST /resource)
Step 3: API Gateway → Service Layer
Step 4: Service → External API (if applicable)
Step 5: Service → Database (persist)
Step 6: Response → Frontend

步骤1：用户操作 → 前端
步骤2：前端 → API网关（POST /resource）
步骤3：API网关 → 服务层
步骤4：服务 → 外部API（如适用）
步骤5：服务 → 数据库（持久化）
步骤6：响应 → 前端

APIs & Endpoints

API与端点

Endpoint	Method	Description	Request	Response
`/api/v1/resource`	POST	Creates resource	`CreateDto`	`ResourceDto`
`/api/v1/resource/:id`	GET	Get by ID	-	`ResourceDto`
`/api/v1/resource/:id`	DELETE	Delete resource	-	`204 No Content`

Example Request/Response:

json

// POST /api/v1/resource
{
  "name": "Example",
  "type": "standard"
}

// Response 201 Created
{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "name": "Example",
  "type": "standard",
  "status": "active",
  "createdAt": "2026-02-04T10:00:00Z"
}

端点	方法	描述	请求	响应
`/api/v1/resource`	POST	创建资源	`CreateDto`	`ResourceDto`
`/api/v1/resource/:id`	GET	通过ID获取	-	`ResourceDto`
`/api/v1/resource/:id`	DELETE	删除资源	-	`204 No Content`

示例请求/响应:

json

// POST /api/v1/resource
{
  "name": "示例",
  "type": "standard"
}

// 响应 201 Created
{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "name": "示例",
  "type": "standard",
  "status": "active",
  "createdAt": "2026-02-04T10:00:00Z"
}

Database Changes

数据库变更

New Tables:

```
{ModuleName}{EntityName}
```
- [description]
- Primary fields: id, userId, name, status
- Timestamps: createdAt, updatedAt
- Indexes: userId, status (for query performance)

Schema Changes (if modifying existing):

Add column
```
newField
```
to
```
ExistingTable
```
- Type: [varchar/integer/jsonb/etc.]
- Constraints: [nullable/unique/foreign key]

Migration Strategy:

Generate migration from schema changes
Test migration on staging environment first
Run during low-traffic window
Have rollback migration ready

Data Backfill (if needed):

Affected records: Estimate quantity
Processing time: Estimate duration for data migration
Validation: How to verify data integrity after backfill


**If user provides vague description**: Ask "What are the main components? How does data flow through the system? What APIs will be created/modified?"

---

新表:

```
{ModuleName}{EntityName}
```
- [描述]
- 主键字段：id、userId、name、status
- 时间戳：createdAt、updatedAt
- 索引：userId、status（用于查询性能）

模式变更（如果修改现有表）:

向
```
ExistingTable
```
添加列
```
newField
```
- 类型：[varchar/integer/jsonb/etc.]
- 约束：[nullable/unique/foreign key]

迁移策略:

根据模式变更生成迁移脚本
先在预发布环境测试迁移
在低流量时段运行
准备好回滚迁移脚本

数据回填（如需要）:

受影响记录：估计数量
处理时间：数据迁移的估计时长
验证：如何回填后验证数据完整性


**如果用户描述模糊**：询问“主要组件有哪些？数据如何在系统中流动？将创建/修改哪些API？”

---

6. Risks (MANDATORY)

6. 风险（必填）

markdown

undefined

markdown

undefined

Risks

风险

Risk	Impact	Probability	Mitigation
External API downtime	High	Medium	Implement circuit breaker, cache responses, fallback to degraded mode
Data migration failure	High	Low	Test on staging copy, run dry-run first, have rollback script ready
Performance degradation	Medium	Medium	Load test before deployment, implement caching, monitor latency
Security vulnerability	High	Low	Security review, penetration testing, follow OWASP guidelines
Scope creep	Medium	High	Strict scope definition, change request process, regular stakeholder alignment

Risk Scoring:

Impact: High (system down, data loss) / Medium (degraded UX) / Low (minor inconvenience)
Probability: High (>50%) / Medium (20-50%) / Low (<20%)


**If user provides < 3 risks**: Ask "What could go wrong? Consider: external dependencies, data integrity, performance, security, scope changes."

---

风险	影响	概率	缓解措施
外部API宕机	高	中	实现断路器模式，缓存响应，降级到备用模式
数据迁移失败	高	低	在预发布副本上测试，先运行试运行，准备回滚脚本
性能下降	中	中	部署前进行负载测试，实现缓存，监控延迟
安全漏洞	高	低	安全评审，渗透测试，遵循OWASP指南
范围蔓延	中	高	严格定义范围，变更请求流程，定期与利益相关方对齐

风险评分:

影响：高（系统宕机、数据丢失）/ 中（用户体验下降）/ 低（轻微不便）
概率：高（>50%）/ 中（20-50%）/ 低（<20%）


**如果用户提供的风险少于3项**：询问“可能会出现什么问题？考虑：外部依赖、数据完整性、性能、安全、范围变更。”

---

7. Implementation Plan (MANDATORY)

7. 实施计划（必填）

markdown

undefined

markdown

undefined

Implementation Plan

实施计划

Phase	Task	Description	Owner	Status	Estimate
Phase 1 - Setup	Setup credentials	Obtain API keys, configure environment	@Dev1	TODO	1d
	Database setup	Create schema, configure datasource	@Dev1	TODO	1d
Phase 2 - Core	Entities & repos	Create TypeORM entities, repositories	@Dev2	TODO	3d
	Services	Implement business logic services	@Dev2	TODO	4d
Phase 3 - APIs	REST endpoints	Create controllers, DTOs	@Dev3	TODO	3d
	Integration	Integrate with external API	@Dev1	TODO	3d
Phase 4 - Testing	Unit tests	Test services and repositories	@Team	TODO	2d
	E2E tests	Test full flow	@Team	TODO	3d
Phase 5 - Deploy	Staging deploy	Deploy to staging, smoke test	@DevOps	TODO	1d
	Production deploy	Phased rollout to production	@DevOps	TODO	1d

Total Estimate: ~20 days (4 weeks)

Dependencies:

Must complete Phase N before Phase N+1
External API access required before Phase 3
Security review required before Phase 5


**If user provides vague plan**: Ask "Can you break this down into phases with specific tasks? Who will work on each part? What's the estimated timeline?"

---

阶段	任务	描述	负责人	状态	估计时长
阶段1 - 准备	设置凭证	获取API密钥，配置环境	@Dev1	TODO	1天
	数据库设置	创建模式，配置数据源	@Dev1	TODO	1天
阶段2 - 核心	实体与仓库	创建TypeORM实体、仓库	@Dev2	TODO	3天
	服务	实现业务逻辑服务	@Dev2	TODO	4天
阶段3 - API	REST端点	创建控制器、DTO	@Dev3	TODO	3天
	集成	与外部API集成	@Dev1	TODO	3天
阶段4 - 测试	单元测试	测试服务和仓库	@Team	TODO	2天
	E2E测试	测试完整流程	@Team	TODO	3天
阶段5 - 部署	预发布部署	部署到预发布环境，冒烟测试	@DevOps	TODO	1天
	生产部署	分阶段发布到生产环境	@DevOps	TODO	1天

总估计时长：~20天（4周）

依赖项:

必须完成阶段N才能进入阶段N+1
阶段3前需要外部API访问权限
阶段5前需要安全评审


**如果用户计划模糊**：询问“您能将其分解为带有具体任务的阶段吗？谁将负责每个部分？估计时间线是什么？”

---

8. Security Considerations (CRITICAL for payments/auth/PII)

8. 安全考量（支付/认证/PII项目为必填项）

markdown

undefined

markdown

undefined

Security Considerations

安全考量

Authentication & Authorization

认证与授权

Authentication: How users prove identity
- Example: JWT tokens, OAuth 2.0, session-based
Authorization: What authenticated users can access
- Example: Role-based (RBAC), Attribute-based (ABAC)
- Ensure users can only access their own resources

认证：用户如何证明身份
- 示例：JWT令牌、OAuth 2.0、基于会话的认证
授权：已认证用户可以访问的内容
- 示例：基于角色（RBAC）、基于属性（ABAC）
- 确保用户只能访问自己的资源

Data Protection

数据保护

Encryption:

At Rest: Database encryption enabled (AES-256)
In Transit: TLS 1.3 for all API communication
Secrets: Store API keys in environment variables / secret manager (AWS Secrets Manager, HashiCorp Vault)

PII Handling:

What PII is collected: [email, name, payment info]
Legal basis: [consent, contract, legitimate interest]
Retention: [how long data is kept]
Deletion: [GDPR right to be forgotten implementation]

加密:

静态数据：启用数据库加密（AES-256）
传输中数据：所有API通信使用TLS 1.3
密钥：将API密钥存储在环境变量/密钥管理器中（AWS Secrets Manager、HashiCorp Vault）

PII处理:

收集的PII：[邮箱、姓名、支付信息]
法律依据：[同意、合同、合法利益]
保留期限：[数据保留时长]
删除：[GDPR被遗忘权的实现]

Compliance Requirements

合规要求

Regulation	Requirement	Implementation
GDPR	Data protection, right to deletion	Implement data export/deletion endpoints
PCI DSS	No storage of card data	Use Stripe tokenization, never store CVV/full PAN
LGPD	Brazil data protection	Same as GDPR compliance

法规	要求	实现方式
GDPR	数据保护、删除权	实现数据导出/删除端点
PCI DSS	不存储卡片数据	使用Stripe令牌化，绝不存储CVV/完整PAN
LGPD	巴西数据保护	与GDPR合规要求相同

Security Best Practices

安全最佳实践

✅ Input validation on all endpoints
✅ SQL injection prevention (parameterized queries)
✅ XSS prevention (sanitize user input, CSP headers)
✅ CSRF protection (tokens for state-changing operations)
✅ Rate limiting (e.g., 10 req/min per user, 100 req/min per IP)
✅ Audit logging (log all sensitive operations)

✅ 所有端点的输入验证
✅ 防止SQL注入（参数化查询）
✅ 防止XSS（清理用户输入、CSP头）
✅ CSRF保护（状态变更操作使用令牌）
✅ 速率限制（例如：每个用户10次/分钟，每个IP 100次/分钟）
✅ 审计日志（记录所有敏感操作）

Secrets Management

密钥管理

API Keys:

Storage: Environment variables or secret management service
Rotation: Define rotation policy (e.g., every 90 days)
Access: Backend services only, never exposed to frontend
Examples: Stripe keys, database credentials, API tokens

Webhook Signatures:

Validate webhook signatures from external services
Reject requests without valid signature headers
Log invalid signature attempts for security monitoring


**If missing and project involves payments/auth**: Ask "This is a [payment/auth] system. I need security details: How will you handle authentication? What encryption will be used? What PII is collected? Any compliance requirements (GDPR, PCI DSS)?"

---

API密钥:

存储：环境变量或密钥管理服务
轮换：定义轮换策略（例如：每90天）
访问：仅后端服务可访问，绝不暴露给前端
示例：Stripe密钥、数据库凭证、API令牌

Webhook签名:

验证外部服务的Webhook签名
拒绝无有效签名头的请求
记录无效签名尝试用于安全监控


**如果涉及支付/认证项目但缺失此章节**：询问“这是一个[支付/认证]系统。我需要安全细节：您将如何处理认证？使用什么加密？收集哪些PII？有哪些合规要求（GDPR、PCI DSS）？”

---

9. Testing Strategy (CRITICAL)

9. 测试策略（关键）

markdown

undefined

markdown

undefined

Testing Strategy

测试策略

Test Type	Scope	Coverage Target	Approach
Unit Tests	Services, repositories	> 80%	Jest with mocks
Integration Tests	API endpoints + database	Critical paths	Supertest + test DB
E2E Tests	Full user flows	Happy path + error cases	Playwright
Contract Tests	External API integration	API contract validation	Pact or manual mocks
Load Tests	Performance under load	Baseline performance	k6 or Artillery

测试类型	范围	覆盖率目标	方法
单元测试	服务、仓库	> 80%	Jest + 模拟
集成测试	API端点 + 数据库	关键路径	Supertest + 测试数据库
E2E测试	完整用户流程	正常流程 + 错误场景	Playwright
契约测试	外部API集成	API契约验证	Pact或手动模拟
负载测试	负载下的性能	基准性能	k6或Artillery

Test Scenarios

测试场景

Unit Tests:

✅ Service business logic (create, update, delete)
✅ Repository query methods
✅ Error handling (throw correct exceptions)
✅ Edge cases (null inputs, invalid data)

Integration Tests:

✅ POST
```
/api/v1/resource
```
→ creates in DB
✅ GET
```
/api/v1/resource/:id
```
→ returns correct data
✅ DELETE
```
/api/v1/resource/:id
```
→ removes from DB
✅ Invalid input → returns 400 Bad Request
✅ Unauthorized access → returns 401/403

E2E Tests:

✅ User creates resource → success flow
✅ User tries to access another user's resource → denied
✅ External API fails → graceful degradation
✅ Database connection lost → proper error handling

Load Tests:

Target: 100 req/s sustained, 500 req/s peak
Monitor: Latency (p50, p95, p99), error rate, throughput
Pass criteria: p95 < 500ms, error rate < 1%

单元测试:

✅ 服务业务逻辑（创建、更新、删除）
✅ 仓库查询方法
✅ 错误处理（抛出正确异常）
✅ 边缘情况（空输入、无效数据）

集成测试:

✅ POST
```
/api/v1/resource
```
→ 在数据库中创建
✅ GET
```
/api/v1/resource/:id
```
→ 返回正确数据
✅ DELETE
```
/api/v1/resource/:id
```
→ 从数据库中删除
✅ 无效输入 → 返回400 Bad Request
✅ 未授权访问 → 返回401/403

E2E测试:

✅ 用户创建资源 → 成功流程
✅ 用户尝试访问其他用户的资源 → 被拒绝
✅ 外部API失败 → 优雅降级
✅ 数据库连接丢失 → 正确错误处理

负载测试:

目标：持续100请求/秒，峰值500请求/秒
监控：延迟（p50、p95、p99）、错误率、吞吐量
通过标准：p95 < 500ms，错误率 < 1%

Test Data Management

测试数据管理

Use factories for test data (e.g.,
```
@faker-js/faker
```
)
Seed test database with realistic data
Clean up test data after each test
Use separate test database (never use production)


**If missing**: Ask "How will you test this? What test types are needed (unit, integration, e2e)? What are critical test scenarios?"

---

使用工厂生成测试数据（例如：
```
@faker-js/faker
```
）
用真实数据填充测试数据库
每次测试后清理测试数据
使用独立的测试数据库（绝不使用生产数据库）


**如果缺失**：询问“您将如何测试？需要哪些测试类型（单元、集成、E2E）？关键测试场景是什么？”

---

10. Monitoring & Observability (CRITICAL for production)

10. 监控与可观测性（生产项目为必填项）

markdown

undefined

markdown

undefined

Monitoring & Observability

监控与可观测性

Metrics to Track

需跟踪的指标

Metric	Type	Alert Threshold	Dashboard
`api.latency`	Latency	p95 > 1s for 5min	DataDog / Grafana
`api.error_rate`	Error rate	> 1% for 5min	DataDog / Grafana
`external_api.latency`	Latency	p95 > 2s for 5min	DataDog
`external_api.errors`	Counter	> 5 in 1min	PagerDuty
`database.query_time`	Duration	p95 > 100ms	DataDog
`webhook.processing_time`	Duration	> 5s	Internal Dashboard

指标	类型	告警阈值	仪表盘
`api.latency`	延迟	p95 > 1s 持续5分钟	DataDog / Grafana
`api.error_rate`	错误率	> 1% 持续5分钟	DataDog / Grafana
`external_api.latency`	延迟	p95 > 2s 持续5分钟	DataDog
`external_api.errors`	计数器	> 5次/1分钟	PagerDuty
`database.query_time`	时长	p95 > 100ms	DataDog
`webhook.processing_time`	时长	> 5s	内部仪表盘

Structured Logging

结构化日志

Log Format (JSON):

json

{
  "level": "info",
  "timestamp": "2026-02-04T10:00:00Z",
  "message": "Resource created",
  "context": {
    "userId": "user-123",
    "resourceId": "res-456",
    "action": "create",
    "duration_ms": 45
  }
}


**What to Log**:

- ✅ All API requests (method, path, status, duration)
- ✅ External API calls (endpoint, status, duration)
- ✅ Database queries (slow queries > 100ms)
- ✅ Errors and exceptions (stack trace, context)
- ✅ Business events (resource created, payment processed)

**What NOT to Log**:

- ❌ Passwords, API keys, secrets
- ❌ Full credit card numbers
- ❌ Sensitive PII (redact or hash)

日志格式（JSON）:

json

{
  "level": "info",
  "timestamp": "2026-02-04T10:00:00Z",
  "message": "资源已创建",
  "context": {
    "userId": "user-123",
    "resourceId": "res-456",
    "action": "create",
    "duration_ms": 45
  }
}


**需记录的内容**:

- ✅ 所有API请求（方法、路径、状态、时长）
- ✅ 外部API调用（端点、状态、时长）
- ✅ 数据库查询（慢查询 > 100ms）
- ✅ 错误和异常（堆栈跟踪、上下文）
- ✅ 业务事件（资源创建、支付处理）

**无需记录的内容**:

- ❌ 密码、API密钥、密钥
- ❌ 完整信用卡号
- ❌ 敏感PII（编辑或哈希处理）

Alerts

告警

Alert	Severity	Channel	On-Call Action
Error rate > 5%	P1 (Critical)	PagerDuty	Immediate investigation, rollback if needed
External API down	P1 (Critical)	PagerDuty	Enable fallback mode, notify stakeholders
Latency > 2s (p95)	P2 (High)	Slack #engineering	Investigate performance degradation
Webhook failures > 20	P2 (High)	Slack #engineering	Check webhook endpoint, Stripe status
Database connection pool exhausted	P1 (Critical)	PagerDuty	Scale up connections or investigate leak

告警	严重程度	通知渠道	值班操作
错误率 > 5%	P1（关键）	PagerDuty	立即调查，必要时回滚
外部API宕机	P1（关键）	PagerDuty	启用备用模式，通知利益相关方
延迟 > 2s（p95）	P2（高）	Slack #engineering	调查性能退化
Webhook失败 > 20	P2（高）	Slack #engineering	检查Webhook端点、Stripe状态
数据库连接池耗尽	P1（关键）	PagerDuty	增加连接数或调查泄漏

Dashboards

仪表盘

Operational Dashboard:

Request rate (per endpoint)
Error rate (overall and per endpoint)
Latency (p50, p95, p99)
External API health
Database performance

Business Dashboard:

Resources created (count per day)
Active users
Conversion metrics (if applicable)


**If missing for production system**: Ask "How will you monitor this in production? What metrics matter? What alerts do you need?"

---

运营仪表盘:

请求速率（按端点）
错误率（整体及按端点）
延迟（p50、p95、p99）
外部API健康状况
数据库性能

业务仪表盘:

资源创建数量（每日）
活跃用户
转化指标（如适用）


**如果生产系统缺失此章节**：询问“您将如何在生产环境中监控？哪些指标重要？需要哪些告警？”

---

11. Rollback Plan (CRITICAL for production)

11. 回滚计划（生产项目为必填项）

markdown

undefined

markdown

undefined

Rollback Plan

回滚计划

Deployment Strategy

部署策略

Feature Flag:
```
FEATURE_X_ENABLED
```
(LaunchDarkly / custom)
Phased Rollout:
- Phase 1: 5% of traffic (1 day)
- Phase 2: 25% of traffic (1 day)
- Phase 3: 50% of traffic (1 day)
- Phase 4: 100% of traffic
Canary Deployment: Deploy to 1 instance first, monitor for 1h before full rollout

功能开关：
```
FEATURE_X_ENABLED
```
（LaunchDarkly / 自定义）
分阶段发布:
- 阶段1：5%流量（1天）
- 阶段2：25%流量（1天）
- 阶段3：50%流量（1天）
- 阶段4：100%流量
金丝雀部署：先部署到1个实例，监控1小时后再全面发布

Rollback Triggers

回滚触发条件

Trigger	Action
Error rate > 5% for 5 minutes	Immediate rollback - disable feature flag
Latency > 3s (p95) for 10 minutes	Investigate - rollback if no quick fix
External API integration failing > 50%	Rollback - revert to previous version
Database migration fails	STOP - do not proceed, investigate
Customer reports of data loss	Immediate rollback + incident response

触发条件	操作
错误率 > 5% 持续5分钟	立即回滚 - 禁用功能开关
延迟 > 3s（p95）持续10分钟	调查 - 若无快速修复则回滚
外部API集成失败 > 50%	回滚 - 恢复到之前版本
数据库迁移失败	停止 - 不继续执行，调查原因
客户报告数据丢失	立即回滚 + 事件响应

Rollback Steps

回滚步骤

1. Immediate Rollback (< 5 minutes):

Feature Flag: Disable via feature flag dashboard (instant)
Deployment: Revert to previous version via deployment tool (2-3 minutes)

2. Database Rollback (if schema changed):

Run down migration using migration tool
Verify schema integrity
Confirm data consistency

3. Communication:

Notify #engineering Slack channel
Update status page (if customer-facing)
Create incident ticket
Schedule post-mortem within 24h

1. 立即回滚（< 5分钟）:

功能开关：通过功能开关控制台禁用（即时生效）
部署：通过部署工具恢复到之前版本（2-3分钟）

2. 数据库回滚（如果模式变更）:

使用迁移工具运行回滚迁移
验证模式完整性
确认数据一致性

3. 沟通:

通知#engineering Slack频道
更新状态页面（如面向客户）
创建事件工单
24小时内安排事后复盘

Post-Rollback

回滚后

Root Cause Analysis: Within 24 hours
Fix: Implement fix in development environment
Re-test: Full test suite + additional tests for root cause
Re-deploy: Following same phased rollout strategy

根本原因分析：24小时内完成
修复：在开发环境中实现修复
重新测试：完整测试套件 + 针对根本原因的额外测试
重新部署：遵循相同的分阶段发布策略

Database Rollback Considerations

数据库回滚考量

Migrations: Always create reversible migrations (down migration)
Data Backfill: If data was modified, have script to restore previous state
Backup: Take database snapshot before running migrations
Testing: Test rollback procedure on staging before production


**If missing for production**: Ask "What happens if the deploy goes wrong? How will you rollback? What are the triggers for rollback?"

---

迁移：始终创建可逆迁移（回滚迁移）
数据回填：如果数据被修改，准备恢复之前状态的脚本
备份：运行迁移前拍摄数据库快照
测试：在预发布环境测试回滚流程后再用于生产


**如果生产项目缺失此章节**：询问“如果部署出错怎么办？您将如何回滚？回滚触发条件是什么？”

---

12. Success Metrics (SUGGESTED)

12. 成功指标（建议）

markdown

undefined

markdown

undefined

Success Metrics

成功指标

Metric	Baseline	Target	Measurement
API latency (p95)	N/A (new API)	< 200ms	DataDog APM
Error rate	N/A	< 0.1%	Sentry / logs
Conversion rate	N/A	> 70%	Analytics
User satisfaction	N/A	NPS > 8	User survey
Time to complete action	N/A	< 30s	Frontend analytics

Business Metrics:

Increase in [metric] by [X%]
Reduction in [cost/time] by [Y%]
User adoption: [Z%] of users using new feature within 30 days

Technical Metrics:

Zero production incidents in first 30 days
Test coverage > 80%
Documentation completeness: 100% of public APIs documented

---

指标	基线	目标	测量方式
API延迟（p95）	N/A（新API）	< 200ms	DataDog APM
错误率	N/A	< 0.1%	Sentry / 日志
转化率	N/A	> 70%	分析工具
用户满意度	N/A	NPS > 8	用户调查
操作完成时间	N/A	< 30s	前端分析工具

业务指标:

[指标]提升[X%]
[成本/时间]降低[Y%]
用户采用率：30天内[Z%]的用户使用新功能

技术指标:

前30天零生产事件
测试覆盖率 > 80%
文档完整性：100%的公共API已记录

---

13. Glossary & Domain Terms (SUGGESTED)

13. 术语表与领域术语（建议）

markdown

undefined

markdown

undefined

Glossary

术语表

Term	Description
Customer	A user who has an active subscription or has made a purchase
Subscription	Recurring payment arrangement with defined interval (monthly, annual)
Trial	Free period for users to test service before payment required
Webhook	HTTP callback from external service to notify of events
Idempotency	Operation can be applied multiple times with same result
Circuit Breaker	Pattern to prevent cascading failures when external service is down

Acronyms:

API: Application Programming Interface
SLA: Service Level Agreement
PII: Personally Identifiable Information
GDPR: General Data Protection Regulation
PCI DSS: Payment Card Industry Data Security Standard

---

术语	描述
Customer	拥有有效订阅或已购买的用户
Subscription	按定义间隔（月度、年度）的 recurring payment arrangement
Trial	用户在付费前可免费试用服务的期限
Webhook	外部服务发送的HTTP回调，用于通知事件
Idempotency	操作可多次应用且结果相同
Circuit Breaker	防止外部服务宕机时级联故障的模式

缩写:

API: Application Programming Interface
SLA: Service Level Agreement
PII: Personally Identifiable Information
GDPR: General Data Protection Regulation
PCI DSS: Payment Card Industry Data Security Standard

---

14. Alternatives Considered (SUGGESTED)

14. 备选方案考量（建议）

markdown

undefined

markdown

undefined

Alternatives Considered

备选方案考量

Option	Pros	Cons	Why Not Chosen
Option A (Chosen)	+ Best documentation<br>+ Global support<br>+ Mature SDK	- Cost: 2.9% + $0.30<br>- Vendor lock-in	✅ Chosen - Best balance of features and cost
Option B	+ Lower fees (2.5%)<br>+ Brand recognition	- Poor developer experience<br>- Limited international support	Developer experience inferior, harder to maintain
Option C	+ Full control<br>+ No transaction fees	- High maintenance cost<br>- Compliance burden (PCI DSS)<br>- Security risk	Too risky and expensive to maintain in-house
Option D	+ Cheapest option	- No support<br>- Limited features<br>- Unknown reliability	Too risky for production payment processing

Decision Criteria:

Developer experience and documentation quality (weight: 40%)
Total cost of ownership (weight: 30%)
International support and compliance (weight: 20%)
Reliability and uptime (weight: 10%)

Why Option A Won:

Scored highest on developer experience (critical for fast iteration)
Industry-standard for startups (easier to hire developers with experience)
Built-in compliance (PCI DSS, SCA, 3D Secure) reduces risk

---

选项	优点	缺点	未选择原因
选项A（已选）	+ 最佳文档<br>+ 全球支持<br>+ 成熟SDK	- 成本：2.9% + $0.30<br>- 供应商锁定	✅ 已选 - 功能与成本的最佳平衡
选项B	+ 更低费用（2.5%）<br>+ 品牌知名度	- 开发者体验差<br>- 国际支持有限	开发者体验不佳，维护难度高
选项C	+ 完全控制<br>+ 无交易费用	- 维护成本高<br>- 合规负担（PCI DSS）<br>- 安全风险	内部维护风险过高且成本昂贵
选项D	+ 最便宜选项	- 无支持<br>- 功能有限<br>- 可靠性未知	生产支付处理风险过高

决策标准:

开发者体验和文档质量（权重：40%）
总拥有成本（权重：30%）
国际支持与合规（权重：20%）
可靠性与正常运行时间（权重：10%）

为何选择选项A:

开发者体验得分最高（对快速迭代至关重要）
初创企业行业标准（更容易招聘有经验的开发者）
内置合规（PCI DSS、SCA、3D Secure）降低风险

---

15. Dependencies (SUGGESTED)

15. 依赖项（建议）

markdown

undefined

markdown

undefined

Dependencies

依赖项

Dependency	Type	Owner	Status	Risk
Stripe API	External	Stripe Inc.	Production-ready	Low (99.99% uptime)
Identity Module	Internal	Team Auth	Production-ready	Low
Database (PostgreSQL)	Infrastructure	DevOps	Ready	Low
Redis (caching)	Infrastructure	DevOps	Needs setup	Medium
Feature flag service	Internal	Platform	Ready	Low

Approval Requirements:

Security team review (for payment/auth projects)
Compliance sign-off (for PII/payment data)
Ops team ready for monitoring setup
Product sign-off on scope

Blockers:

Waiting for Stripe production keys (ETA: 2026-02-10)
Need Redis setup in staging (ETA: 2026-02-08)

---

依赖项	类型	所有者	状态	风险
Stripe API	外部	Stripe Inc.	生产就绪	低（99.99%正常运行时间）
Identity Module	内部	认证团队	生产就绪	低
Database (PostgreSQL)	基础设施	DevOps	就绪	低
Redis（缓存）	基础设施	DevOps	需要设置	中
功能开关服务	内部	平台团队	就绪	低

批准要求:

安全团队评审（支付/认证项目）
合规签署（PII/支付数据）
Ops团队准备监控设置
产品团队确认范围

阻塞项:

等待Stripe生产密钥（预计：2026-02-10）
需要在预发布环境设置Redis（预计：2026-02-08）

---

16. Performance Requirements (SUGGESTED)

16. 性能要求（建议）

markdown

undefined

markdown

undefined

Performance Requirements

性能要求

Metric	Requirement	Measurement Method
API Latency (p50)	< 100ms	DataDog APM
API Latency (p95)	< 500ms	DataDog APM
API Latency (p99)	< 1s	DataDog APM
Throughput	1000 req/s sustained	Load testing (k6)
Availability	99.9% (< 8.76h downtime/year)	Uptime monitoring
Database query time	< 50ms (p95)	Slow query log

Load Testing Plan:

Baseline: 100 req/s for 10 minutes
Peak: 500 req/s for 5 minutes
Spike: 1000 req/s for 1 minute

Scalability:

Horizontal scaling: Add more instances (Kubernetes autoscaling)
Database: Read replicas if needed (after 10k req/s)
Caching: Redis for frequently accessed data (> 100 req/s per resource)

---

指标	要求	测量方法
API延迟（p50）	< 100ms	DataDog APM
API延迟（p95）	< 500ms	DataDog APM
API延迟（p99）	< 1s	DataDog APM
吞吐量	1000请求/秒持续	负载测试（k6）
可用性	99.9%（< 8.76小时停机/年）	正常运行时间监控
数据库查询时间	< 50ms（p95）	慢查询日志

负载测试计划:

基线：100请求/秒持续10分钟
峰值：500请求/秒持续5分钟
尖峰：1000请求/秒持续1分钟

扩展性:

水平扩展：添加更多实例（Kubernetes自动扩缩容）
数据库：达到10k请求/秒后使用只读副本
缓存：对频繁访问的数据使用Redis（> 100请求/秒每资源）

---

17. Migration Plan (SUGGESTED - if applicable)

17. 迁移计划（建议 - 如适用）

markdown

undefined

markdown

undefined

Migration Plan

迁移计划

Migration Strategy

迁移策略

Type: [Blue-Green / Rolling / Big Bang / Phased]

Phases:

Phase	Description	Users Affected	Duration	Rollback
1. Preparation	Set up new system, run in parallel	0%	1 week	N/A
2. Shadow Mode	New system processes but doesn't serve	0%	1 week	Instant
3. Pilot	5% of users on new system	5%	1 week	< 5min
4. Ramp Up	50% of users on new system	50%	1 week	< 5min
5. Full Migration	100% of users on new system	100%	1 day	< 5min
6. Decommission	Turn off old system	0%	1 week	Restore from backup

类型：[蓝绿部署 / 滚动部署 / 大爆炸式部署 / 分阶段部署]

阶段:

阶段	描述	受影响用户	时长	回滚方式
1. 准备	设置新系统，并行运行	0%	1周	N/A
2. 影子模式	新系统处理但不提供服务	0%	1周	即时
3. 试点	5%用户使用新系统	5%	1周	< 5分钟
4. 扩容	50%用户使用新系统	50%	1周	< 5分钟
5. 全面迁移	100%用户使用新系统	100%	1天	< 5分钟
6. 退役	关闭旧系统	0%	1周	从备份恢复

Data Migration

数据迁移

Source: Old system database Destination: New system database Volume: [X million records] Method: [ETL script / database replication / API sync]

Steps:

Export data from old system (script:
```
scripts/export-old-data.ts
```
)
Transform data to new schema (script:
```
scripts/transform-data.ts
```
)
Validate data integrity (checksums, row counts)
Load into new system (script:
```
scripts/load-new-data.ts
```
)
Verify: Run parallel reads, compare results

Timeline:

Dry run on staging: 2026-02-10
Production migration window: 2026-02-15 02:00-06:00 UTC (low traffic)

源：旧系统数据库目标：新系统数据库量：[X百万条记录] 方法：[ETL脚本 / 数据库复制 / API同步]

步骤:

从旧系统导出数据（脚本：
```
scripts/export-old-data.ts
```
）
将数据转换为新模式（脚本：
```
scripts/transform-data.ts
```
）
验证数据完整性（校验和、行数）
加载到新系统（脚本：
```
scripts/load-new-data.ts
```
）
验证：并行读取，比较结果

时间线:

预发布环境试运行：2026-02-10
生产迁移窗口：2026-02-15 02:00-06:00 UTC（低流量时段）

Backward Compatibility

向后兼容性

Old API endpoints will remain active for 90 days
Deprecation warnings added to responses
Client libraries updated with migration guide

---

旧API端点将保持活跃90天
响应中添加弃用警告
更新客户端库并提供迁移指南

---

18. Open Questions (SUGGESTED)

18. 未解决问题（建议）

markdown

undefined

markdown

undefined

Open Questions

未解决问题

#	Question	Context	Owner	Status	Decision Date
1	How to handle trial expiration without payment method?	User loses access immediately or grace period?	@Product	🟡 In Discussion	TBD
2	Allow multiple trials for same email?	Prevent abuse vs. legitimate use cases	@TechLead	🔴 Open	TBD
3	SLA for webhook processing?	Stripe retries for 72h, what's our target?	@Backend	🔴 Open	TBD
4	Support for promo codes in V1?	Marketing requested, is it in scope?	@Product	✅ Resolved: V2	2026-02-01
5	Fallback if Identity Module fails?	Can we create subscription without user data?	@TechLead	🔴 Open	TBD

Status Legend:

🔴 Open - needs decision
🟡 In Discussion - actively being discussed
✅ Resolved - decision made

---

#	问题	上下文	负责人	状态	决策日期
1	无支付方式时如何处理试用到期？	用户立即失去访问权限还是有宽限期？	@产品	🟡 讨论中	TBD
2	允许同一邮箱多次试用？	防止滥用 vs. 合理使用场景	@技术负责人	🔴 未解决	TBD
3	Webhook处理的SLA？	Stripe重试72小时，我们的目标是什么？	@后端	🔴 未解决	TBD
4	V1支持促销代码？	市场部要求，是否在范围内？	@产品	✅ 已解决：V2	2026-02-01
5	Identity Module失败时的备用方案？	能否在无用户数据的情况下创建订阅？	@技术负责人	🔴 未解决	TBD

状态图例:

🔴 未解决 - 需要决策
🟡 讨论中 - 正在积极讨论
✅ 已解决 - 已做出决策

---

19. Roadmap / Timeline (SUGGESTED)

19. 路线图 / 时间线（建议）

markdown

undefined

markdown

undefined

Roadmap / Timeline

路线图 / 时间线

Phase	Deliverables	Duration	Target Date	Status
Phase 0: Setup	- Stripe credentials<br>- Staging environment<br>- SDK installed	2 days	2026-02-05	✅ Complete
Phase 1: Persistence	- Entities created<br>- Repositories implemented<br>- Migrations generated	3 days	2026-02-08	🟡 In Progress
Phase 2: Services	- CustomerService<br>- SubscriptionService<br>- Identity integration	5 days	2026-02-15	⏳ Pending
Phase 3: APIs	- POST /subscriptions<br>- DELETE /subscriptions/:id<br>- GET /subscriptions	3 days	2026-02-18	⏳ Pending
Phase 4: Webhooks	- Webhook endpoint<br>- Signature validation<br>- Event handlers	4 days	2026-02-22	⏳ Pending
Phase 5: Testing	- Unit tests (80% coverage)<br>- Integration tests<br>- E2E tests	5 days	2026-02-27	⏳ Pending
Phase 6: Deploy	- Documentation<br>- Monitoring setup<br>- Staging deploy<br>- Production rollout	3 days	2026-03-02	⏳ Pending

Total Duration: ~25 days (5 weeks)

Milestones:

🎯 M1: MVP ready for staging (2026-02-22)
🎯 M2: Production deployment (2026-03-02)
🎯 M3: 100% rollout complete (2026-03-09)

Critical Path: Phase 0 → Phase 1 → Phase 2 → Phase 3 → Phase 4 → Phase 5 → Phase 6

---

阶段	交付物	时长	目标日期	状态
阶段0: 准备	- Stripe凭证<br>- 预发布环境<br>- SDK安装	2天	2026-02-05	✅ 已完成
阶段1: 持久化	- 创建实体<br>- 实现仓库<br>- 生成迁移脚本	3天	2026-02-08	🟡 进行中
阶段2: 服务	- CustomerService<br>- SubscriptionService<br>- Identity集成	5天	2026-02-15	⏳ 待开始
阶段3: API	- POST /subscriptions<br>- DELETE /subscriptions/:id<br>- GET /subscriptions	3天	2026-02-18	⏳ 待开始
阶段4: Webhooks	- Webhook端点<br>- 签名验证<br>- 事件处理	4天	2026-02-22	⏳ 待开始
阶段5: 测试	- 单元测试（80%覆盖率）<br>- 集成测试<br>- E2E测试	5天	2026-02-27	⏳ 待开始
阶段6: 部署	- 文档<br>- 监控设置<br>- 预发布部署<br>- 生产发布	3天	2026-03-02	⏳ 待开始

总时长：~25天（5周）

里程碑:

🎯 M1: MVP准备就绪可部署到预发布环境（2026-02-22）
🎯 M2: 生产部署（2026-03-02）
🎯 M3: 100%发布完成（2026-03-09）

关键路径: 阶段0 → 阶段1 → 阶段2 → 阶段3 → 阶段4 → 阶段5 → 阶段6

---

20. Approval & Sign-off (SUGGESTED)

20. 批准与签署（建议）

markdown

undefined

markdown

undefined

Approval & Sign-off

批准与签署

Role	Name	Status	Date	Comments
Tech Lead	@Name	✅ Approved	2026-02-04	LGTM, proceed with implementation
Staff/Principal Engineer	@Name	⏳ Pending	-	Requested security review first
Product Manager	@Name	✅ Approved	2026-02-03	Scope aligned with roadmap
Engineering Manager	@Name	⏳ Pending	-	-
Security Team	@Name	🔴 Not Started	-	Required for payment integration
Compliance/Legal	@Name	N/A	-	Not required for this project

Approval Criteria:

✅ All mandatory sections complete
✅ Security review passed (if applicable)
✅ Risks identified and mitigated
✅ Timeline realistic and agreed upon
⏳ Test strategy approved by QA
⏳ Monitoring plan reviewed by SRE

Next Steps After Approval:

Create Epic in Jira (link in metadata)
Break down into User Stories
Begin Phase 1 implementation
Schedule kickoff meeting with team

---

角色	姓名	状态	日期	备注
技术负责人	@姓名	✅ 已批准	2026-02-04	没问题，继续实施
Staff/Principal Engineer	@姓名	⏳ 待批准	-	要求先进行安全评审
产品经理	@姓名	✅ 已批准	2026-02-03	范围与路线图一致
工程经理	@姓名	⏳ 待批准	-	-
安全团队	@姓名	🔴 未开始	-	支付集成必填
合规/法务	@姓名	N/A	-	此项目不需要

批准标准:

✅ 所有必填章节完整
✅ 安全评审通过（如适用）
✅ 已识别风险并制定缓解措施
✅ 时间线现实且已达成一致
⏳ 测试策略已获QA批准
⏳ 监控计划已获SRE评审

批准后的下一步:

在Jira中创建Epic（链接到元数据）
分解为用户故事
开始阶段1实施
安排团队启动会议

---

Validation Rules

验证规则

Mandatory Section Checklist

必填章节检查清单

Critical Section Checklist (by project type)

关键章节检查清单（按项目类型）

Output Format

输出格式

When Creating TDD

创建TDD时

Generate Markdown document
Validate against checklists above
Highlight any missing critical sections
Provide summary to user:

✅ TDD Created: "[Project Name]"

**Sections Included**:
✅ Mandatory (7/7): All present
✅ Critical (3/4): Security, Testing, Monitoring
⚠️ Missing: Rollback Plan (recommended for production)

**Suggested Next Steps**:
- Add Rollback Plan section (critical for production)
- Review Security section with InfoSec team
- Create Epic in Jira and link in metadata
- Schedule TDD review meeting with stakeholders

Would you like me to:
1. Add the missing Rollback Plan section?
2. Publish this TDD to Confluence?
3. Create a Jira Epic for this project?

生成Markdown文档
对照上述检查清单验证
高亮缺失的关键章节
向用户提供摘要:

✅ TDD已创建："[项目名称]"

**包含的章节**:
✅ 必填章节（7/7）：全部存在
✅ 关键章节（3/4）：安全、测试、监控
⚠️ 缺失：回滚计划（生产项目建议添加）

**建议下一步**:
- 添加回滚计划章节（生产项目关键）
- 与信息安全团队评审安全章节
- 在Jira中创建Epic并链接到元数据
- 安排利益相关方TDD评审会议

您希望我：
1. 添加缺失的回滚计划章节？
2. 将此TDD发布到Confluence？
3. 为此项目创建Jira Epic？

Confluence Integration

Confluence集成

If user wants to publish to Confluence:

I'll publish this TDD to Confluence.

Which space should I use?
- Personal space (~557058...)
- Team space (provide space key)

Should I:
- Create a new page
- Update existing page (provide page ID or URL)

Then use Confluence Assistant skill to publish.

如果用户希望发布到Confluence:

我将把此TDD发布到Confluence。

您希望使用哪个空间？
- 个人空间（~557058...）
- 团队空间（提供空间密钥）

您希望：
- 创建新页面
- 更新现有页面（提供页面ID或URL）

然后使用Confluence Assistant技能发布。

Common Anti-Patterns to Avoid

需要避免的常见反模式

❌ Vague Problem Statements

❌ 模糊的问题陈述

BAD:


We need to integrate with Stripe.

GOOD:

undefined

错误示例:


我们需要与Stripe集成。

正确示例:

undefined

Problems We're Solving

我们要解决的问题

Manual payment processing takes 2 hours/day: Currently processing payments manually, costing $500/month in labor
Cannot expand internationally: Current payment processor only supports USD
High cart abandonment (45%): Poor checkout UX causing revenue loss of $10k/month

undefined

手动支付处理每天耗时2小时：目前手动处理支付，每月花费500美元人工成本
无法拓展国际业务：当前支付处理器仅支持美元
购物车弃购率高（45%）：糟糕的结账体验导致每月损失1万美元收入

undefined

❌ Undefined Scope

❌ 未定义范围

BAD:


Build payment integration with all features.

GOOD:

undefined

错误示例:


构建包含所有功能的支付集成。

正确示例:

undefined

✅ In Scope (V1)

✅ 包含范围（V1）

Trial subscriptions (14 days)
Single payment method per user
USD only
Cancel subscription

试用订阅（14天）
每个用户单一支付方式
仅支持美元
取消订阅

❌ Out of Scope (V1)

❌ 排除范围（V1）

Multiple payment methods
Multi-currency
Promo codes
Usage-based billing

undefined

多种支付方式
多币种
促销代码
基于使用量的计费

undefined

❌ Missing Security for Payment Systems

❌ 支付系统缺失安全章节

BAD:


No security section for payment integration.

GOOD:

undefined

错误示例:


支付集成无安全章节。

正确示例:

undefined

Security Considerations (MANDATORY)

安全考量（必填）

PCI DSS Compliance:

Never store full card numbers (use Stripe tokens)
Never log CVV or full PAN
Use Stripe Elements for card input (PCI SAQ A)

Secrets Management:

Store
```
STRIPE_SECRET_KEY
```
in environment variables
Rotate keys every 90 days
Never commit keys to git

undefined

PCI DSS合规:

绝不存储完整卡号（使用Stripe令牌）
绝不记录CVV或完整PAN
使用Stripe Elements处理卡片输入（PCI SAQ A）

密钥管理:

将
```
STRIPE_SECRET_KEY
```
存储在环境变量中
每90天轮换密钥
绝不将密钥提交到git

undefined

❌ No Rollback Plan

❌ 无回滚计划

BAD:


We'll deploy and hope it works.

GOOD:

undefined

错误示例:


我们将部署并希望它正常工作。

正确示例:

undefined

Rollback Plan

回滚计划

Triggers:

Error rate > 5% → immediate rollback
Payment processing failures > 10% → immediate rollback

Steps:

Disable feature flag
```
STRIPE_INTEGRATION_ENABLED
```
Verify old payment processor is active
Notify #engineering and #product
Schedule post-mortem within 24h

undefined

触发条件:

错误率 > 5% → 立即回滚
支付处理失败 > 10% → 立即回滚

步骤:

禁用功能开关
```
STRIPE_INTEGRATION_ENABLED
```
验证旧支付处理器已激活
通知#engineering和#product频道
24小时内安排事后复盘

undefined

Important Notes

重要注意事项

Respect user's language - Automatically detect and generate TDD in the same language as user's request
Focus on architecture, not implementation - Document decisions and contracts, not code
High-level examples only - Show API contracts, data schemas, diagrams (not CLI commands or code snippets)
Always validate mandatory sections - Don't let user skip them
For payments/auth - Security section is MANDATORY
For production - Monitoring and Rollback are MANDATORY
Ask clarifying questions - Don't guess missing information (ask in user's language)
Be thorough but pragmatic - Small projects don't need all 20 sections
Update the document - TDDs should evolve as the project progresses
Use industry standards - Reference Google, Amazon, RFC patterns
Think about compliance - GDPR, PCI DSS, HIPAA where applicable
Test for longevity - If implementation framework changes, TDD should still be valid

尊重用户语言 - 自动检测并以用户请求的语言生成TDD
聚焦架构，而非实现 - 记录决策和契约，而非代码
仅提供高层示例 - 展示API契约、数据模式、图表（而非CLI命令或代码片段）
始终验证必填章节 - 不要让用户跳过
支付/认证项目 - 安全章节为必填项
生产项目 - 监控和回滚章节为必填项
询问澄清问题 - 不要猜测缺失信息（以用户语言询问）
全面但务实 - 小型项目不需要全部20个章节
更新文档 - TDD应随项目进展而演进
遵循行业标准 - 参考Google、Amazon、RFC模式
考虑合规 - 适用GDPR、PCI DSS、HIPAA等法规
测试长效性 - 如果实现框架变更，TDD仍应有效

Example Prompts that Trigger This Skill

触发此技能的示例提示

English

英文

"Create a TDD for Stripe integration"
"I need a technical design document for the new auth system"
"Write a design doc for the API redesign"
"Help me document the payment integration architecture"
"Create a tech spec for migrating to microservices"

"Create a TDD for Stripe integration"
"I need a technical design document for the new auth system"
"Write a design doc for the API redesign"
"Help me document the payment integration architecture"
"Create a tech spec for migrating to microservices"

Portuguese

葡萄牙语

"Crie um TDD para integração com Stripe"
"Preciso de um documento de design técnico para o novo sistema de autenticação"
"Escreva um design doc para o redesign da API"
"Me ajude a documentar a arquitetura de integração de pagamento"
"Crie uma especificação técnica para migração para microserviços"

"Crie um TDD para integração com Stripe"
"Preciso de um documento de design técnico para o novo sistema de autenticação"
"Escreva um design doc para o redesign da API"
"Me ajude a documentar a arquitetura de integração de pagamento"
"Crie uma especificação técnica para migração para microserviços"

Spanish

西班牙语

"Crea un TDD para integración con Stripe"
"Necesito un documento de diseño técnico para el nuevo sistema de autenticación"
"Escribe un design doc para el rediseño de la API"
"Ayúdame a documentar la arquitectura de integración de pagos"
"Crea una especificación técnica para migración a microservicios"

"Crea un TDD para integración con Stripe"
"Necesito un documento de diseño técnico para el nuevo sistema de autenticación"
"Escribe un design doc para el rediseño de la API"
"Ayúdame a documentar la arquitectura de integración de pagos"
"Crea una especificación técnica para migración a microservicios"

References

参考资料

Industry Standards

行业标准

undefined

undefined