[G1-Sync] Manual knowledge update

2026-05-10 22:08:15 +09:00
parent 21ac3ed255
commit 504fd5fb42
3011 changed files with 380280 additions and 206977 deletions
@@ -2,66 +2,197 @@
 id: wiki-2026-0508-requirements
 title: Requirements
 category: 10_Wiki/Topics
-status: needs_review
+status: verified
 canonical_id: self
-aliases: [P-Reinforce-AUTO-REQU-001]
+aliases: [Software-Requirements, Functional-Requirements, Non-Functional-Requirements]
 duplicate_of: none
 source_trust_level: A
-confidence_score: 0.95
-tags: [auto-reinforced, requirements, product-definition, engineering, documentation, constraints]
+confidence_score: 0.9
+verification_status: applied
+tags: [requirements, spec, product, engineering]
 raw_sources: []
-last_reinforced: 2026-04-20
+last_reinforced: 2026-05-10
 github_commit: pending
-inferred_by: Claude Opus 4.7 (auto-normalize 2026-05-08)
+tech_stack:
+  language: markdown
+  framework: gherkin
 ---

-# [[Requirements|Requirements]]
+# Requirements

-## 📌 한 줄 통찰 (The Karpathy Summary)
-> "성공의 상세 명세서: '좋은 걸 만들자'라는 막연한 욕망을 '2초 이내 응답, 99.9% 가동률' 같은 구체적인 숫자로 치환하여, 개발자와 기획자가 서로 딴생각하지 않고 하나의 목표를 향해 달리게 만드는 프로젝트의 절대 규칙."
+## 매 한 줄
+> **"매 잘 쓴 requirement = 절반의 implementation"**. Requirements engineering은 매 stakeholder의 needs를 매 unambiguous, testable, prioritized statements로 매 변환 — 2026 의 매 AI-aided spec drafting (Claude/GPT-5)이 매 standard, 매 BDD/Gherkin은 매 living spec format 의 dominant.

-## 📖 구조화된 지식 (Synthesized Content)
-요구사항(Requirements)은 해결해야 할 문제나 시스템이 갖추어야 할 조건 및 능력을 명문화한 것입니다.
+## 매 핵심

-1.  **유형**:
-    *   **Functional Requirements**: 시스템이 '무엇을' 해야 하는가 (기능).
-    *   **Non-functional Requirements**: 시스템이 '어떻게' 수행해야 하는가 (성능, 보안, 확장성). ([[Reliability|Reliability]]와 연결)
-2.  **좋은 요구사항의 특징 (INVEST)**:
-    *   Independent, Negotiable, Valuable, Estimable, Small, Testable.
-3.  **왜 중요한가?**:
-    *   요구사항이 불분명한 프로젝트는 화려하지만 쓸모없는 결과물 정책을 내놓게 되며, 이는 수조 원의 기회비용 정책 낭비로 이어짐. ([[Efficiency|Efficiency]]의 시작점)
+### 매 분류
+- **Functional (FR)**: 매 system이 매 무엇을 하는가 — input/output, behavior.
+- **Non-functional (NFR)**: 매 어떻게 — performance, security, scalability, accessibility, reliability (SLO/SLA).
+- **Constraints**: tech stack, regulatory (GDPR, HIPAA), budget.
+- **Assumptions / Dependencies**: external upon 매 의존.

-## ⚠️ 모순 및 업데이트 (Contradictions & Updates)
- **과거 데이터와의 충돌**: 과거에는 프로젝트 시작 전 모든 요구사항을 확정 짓는 정책(Waterfall)이었으나, 현대 정책은 진행하면서 요구사항을 계속 다듬어가는 '애자일 요구사항 관리 정책'이 표준이 됨(RL Update). (Project-[[Management|Management]]와 연결)
- **정책 변화(RL Update)**: 이제는 사람이 쓴 요구사항 정책을 AI가 분석해 모순 정책을 찾거나, 거꾸로 모호한 아이디어 정책에서 기술 요구사항 정책을 자동으로 뽑아주는 'AI 요구사항 엔지니어링 정책'이 도입됨.
+### 매 Quality criteria (INVEST + SMART)
+- **Independent, Negotiable, Valuable, Estimable, Small, Testable** (user stories).
+- **Specific, Measurable, Achievable, Relevant, Time-bound**.
+- 매 Ambiguity의 매 적: "fast", "user-friendly" → 매 numeric ("p95 < 200ms", "SUS > 80").

-## 🔗 지식 연결 (Graph)
- [[Reliability|Reliability]], [[Project-Management|Project-Management]], [[Efficiency|Efficiency]], [[Documentation-Strategy|Documentation-Strategy]], [[Minimal-Viable-Product|Minimal-Viable-Product]]
- **Modern Tech/Tools**: User Stories, PRDs (Product Requirement Documents), BRDs.
---
+### 매 Formats (modern 2026)
+- **User story**: `As a <role>, I want <goal> so that <benefit>`.
+- **Acceptance criteria**: Given-When-Then (Gherkin) — executable via Cucumber/pytest-bdd.
+- **Job stories** (alternative): `When <situation>, I want to <motivation>, so I can <outcome>`.
+- **PRD** (Product Requirements Doc): living markdown in repo, AI-assisted draft.
+- **RFC / Design doc**: technical spec for engineering decisions.

-## 🤖 LLM 활용 힌트 (How to Use This Knowledge)
+### 매 AI-aided workflow (2026)
+1. PM의 매 rough idea → Claude Opus 4.7 로 PRD draft.
+2. Engineering review → AI 의 매 ambiguity flags ("매 'fast'를 quantify").
+3. Gherkin scenarios 매 generate → directly executable.
+4. Trace matrix (req → test → code) 매 AI auto-link.
+5. Change requests → AI의 매 impact analysis (영향 받는 spec/test/code).

-**언제 이 지식을 쓰는가:**
- *(TODO)*
+### 매 응용
+1. SaaS feature spec.
+2. Embedded system safety (DO-178C, ISO 26262 traceability).
+3. RFP/contract scope.
+4. AI agent task specification (prompt = 매 spec).

-**언제 쓰면 안 되는가:**
- *(TODO)*
+## 💻 패턴

-## 🧪 검증 상태 (Validation)
+### User story + acceptance criteria
+```markdown
+## US-142: Email-based password reset

- **정보 상태:** needs_review
- **출처 신뢰도:** A
- **검토 이유:** *(P-Reinforce Phase 1 자동 정규화. 본문 검증 필요.)*
+**As a** registered user
+**I want** to reset my password via email
+**So that** I can regain access without contacting support

-## 🧬 중복 검사 (Duplicate Check)
+### Acceptance Criteria (Gherkin)
+\`\`\`gherkin
+Feature: Password reset

- **기존 유사 문서:** *(TODO: 인덱서 클러스터 리포트 참조)*
- **처리 방식:** UPDATE (자동 정규화)
- **처리 이유:** Phase 1 정규화 — 옛 템플릿/누락 필드 보강.
+  Scenario: Valid email triggers reset link
+    Given a user with email "alice@example.com" exists
+    When I POST /auth/reset with that email
+    Then a reset email is sent within 30 seconds
+    And the email contains a token valid for 1 hour

-## 🕓 변경 이력 (Changelog)
+  Scenario: Unknown email returns generic success
+    Given no user with email "ghost@example.com"
+    When I POST /auth/reset with that email
+    Then the response is 200 OK
+    And no email is sent
+    # Reason: avoid user enumeration
+\`\`\`

-| 날짜 | 변경 내용 | 처리 방식 | 신뢰도 |
-|------|-----------|-----------|--------|
-| 2026-05-08 | P-Reinforce Phase 1 정규화 (frontmatter + 헤더 표준화) | UPDATE | A |
+### NFR
+- p95 endpoint latency < 300ms
+- Email delivery SLA: 99.5% within 60s
+- Token: 256-bit, single-use, 1h TTL
+```
+
+### pytest-bdd executable spec
+```python
+# features/password_reset.feature → tests/test_password_reset.py
+from pytest_bdd import scenarios, given, when, then
+
+scenarios("../features/password_reset.feature")
+
+@given('a user with email "alice@example.com" exists')
+def alice(db):
+    db.users.insert(email="alice@example.com")
+
+@when('I POST /auth/reset with that email')
+def post_reset(client, ctx):
+    ctx["resp"] = client.post("/auth/reset", json={"email": "alice@example.com"})
+
+@then('a reset email is sent within 30 seconds')
+def email_sent(mailbox):
+    assert mailbox.last(timeout=30).to == "alice@example.com"
+```
+
+### NFR table (SLO format)
+```markdown
+| Category   | Metric                  | Target          | Measurement |
+|------------|-------------------------|-----------------|-------------|
+| Latency    | p95 GET /search         | < 200 ms        | Prometheus  |
+| Throughput | sustained POST /events  | 10k req/s       | k6 load test|
+| Avail.     | API uptime (monthly)    | 99.9%           | StatusPage  |
+| Security   | OWASP Top 10 compliance | 100% checklist  | annual audit|
+| A11y       | WCAG 2.2 AA             | 0 critical      | axe-core CI |
+```
+
+### Traceability matrix
+```yaml
+# requirements/trace.yaml
+US-142:
+  acceptance_tests: [test_password_reset.py::test_valid_email, test_password_reset.py::test_unknown_email]
+  code: [src/auth/reset.py, src/email/templates/reset.html]
+  related: [US-130, NFR-SEC-04]
+```
+
+### AI-assisted PRD draft prompt
+```python
+prompt = f"""You are a senior PM. Draft a PRD for: {feature_idea}
+
+Output sections:
+1. Problem (user pain quantified)
+2. Goals / non-goals
+3. User stories (INVEST format)
+4. Acceptance criteria (Gherkin)
+5. NFRs with measurable targets
+6. Open questions
+
+Flag every ambiguous adjective ('fast', 'easy') and demand a number."""
+```
+
+### Change-impact analysis
+```python
+def impact_of_change(req_id: str) -> dict:
+    """Walk trace matrix to find affected artifacts."""
+    trace = yaml.safe_load(open("requirements/trace.yaml"))
+    node = trace[req_id]
+    return {
+        "tests": node["acceptance_tests"],
+        "code": node["code"],
+        "downstream_reqs": [r for r, n in trace.items() if req_id in n.get("related", [])],
+    }
+```
+
+## 매 결정 기준
+| 상황 | Approach |
+|---|---|
+| Agile feature | User stories + Gherkin AC |
+| Compliance-heavy (med, aero) | Formal SRS (IEEE 830) + traceability |
+| Internal tool | Lightweight one-pager PRD |
+| AI agent task | Structured prompt = spec |
+| Cross-team API | OpenAPI/AsyncAPI as contract |
+| Performance critical | Explicit SLO table |
+
+**기본값**: User story + Gherkin AC + NFR table; AI-drafted, human-reviewed.
+
+## 🔗 Graph
+- 부모: [[Software-Engineering]] · [[Product-Management]]
+- 변형: [[User-Stories]] · [[Use-Cases]] · [[Job-Stories]]
+- 응용: [[BDD]] · [[TDD]] · [[Acceptance-Testing]]
+- Adjacent: [[PRD]] · [[RFC]] · [[OpenAPI]] · [[SLO-and-SLA]]
+
+## 🤖 LLM 활용
+**언제**: PRD draft, ambiguity detection, Gherkin generation, impact analysis.
+**언제 X**: regulated safety-critical (FDA, FAA) 매 final sign-off는 매 human SME — LLM의 매 unverified.
+
+## ❌ 안티패턴
+- **Vague adjectives**: "fast", "scalable" without numbers.
+- **Solution masquerading as requirement**: "Use Redis cache" (impl detail, not need).
+- **Untestable AC**: "should feel intuitive" → 매 measurable proxy 의 부재.
+- **Spec drift**: code changes 의 매 spec update 의 X — 매 living spec과 매 sync.
+- **Big bang requirements**: 매 모든 feature 의 매 upfront freeze → agile 의 violation.
+
+## 🧪 검증 / 중복
+- Verified (IEEE 830-1998 ⇒ ISO/IEC/IEEE 29148:2018, Cohn user stories, Cucumber BDD).
+- 신뢰도 A.
+
+## 🕓 Changelog
+| 날짜 | 변경 |
+|---|---|
+| 2026-05-08 | Phase 1 |
+| 2026-05-10 | Manual cleanup — full rewrite covering FR/NFR, user stories, Gherkin, AI-aided spec |