---
id: wiki-2026-0508-requirements
title: Requirements
category: 10_Wiki/Topics
status: verified
canonical_id: self
aliases: [Software-Requirements, Functional-Requirements, Non-Functional-Requirements]
duplicate_of: none
source_trust_level: A
confidence_score: 0.9
verification_status: applied
tags: [requirements, spec, product, engineering]
raw_sources: []
last_reinforced: 2026-05-10
github_commit: pending
tech_stack:
  language: markdown
  framework: gherkin
---

# Requirements

## 매 한 줄
> **"매 잘 쓴 requirement = 절반의 implementation"**. Requirements engineering은 매 stakeholder의 needs를 매 unambiguous, testable, prioritized statements로 매 변환 — 2026 의 매 AI-aided spec drafting (Claude/GPT-5)이 매 standard, 매 BDD/Gherkin은 매 living spec format 의 dominant.

## 매 핵심

### 매 분류
- **Functional (FR)**: 매 system이 매 무엇을 하는가 — input/output, behavior.
- **Non-functional (NFR)**: 매 어떻게 — performance, security, scalability, accessibility, reliability (SLO/SLA).
- **Constraints**: tech stack, regulatory (GDPR, HIPAA), budget.
- **Assumptions / Dependencies**: external upon 매 의존.

### 매 Quality criteria (INVEST + SMART)
- **Independent, Negotiable, Valuable, Estimable, Small, Testable** (user stories).
- **Specific, Measurable, Achievable, Relevant, Time-bound**.
- 매 Ambiguity의 매 적: "fast", "user-friendly" → 매 numeric ("p95 < 200ms", "SUS > 80").

### 매 Formats (modern 2026)
- **User story**: `As a <role>, I want <goal> so that <benefit>`.
- **Acceptance criteria**: Given-When-Then (Gherkin) — executable via Cucumber/pytest-bdd.
- **Job stories** (alternative): `When <situation>, I want to <motivation>, so I can <outcome>`.
- **PRD** (Product Requirements Doc): living markdown in repo, AI-assisted draft.
- **RFC / Design doc**: technical spec for engineering decisions.

### 매 AI-aided workflow (2026)
1. PM의 매 rough idea → Claude Opus 4.7 로 PRD draft.
2. Engineering review → AI 의 매 ambiguity flags ("매 'fast'를 quantify").
3. Gherkin scenarios 매 generate → directly executable.
4. Trace matrix (req → test → code) 매 AI auto-link.
5. Change requests → AI의 매 impact analysis (영향 받는 spec/test/code).

### 매 응용
1. SaaS feature spec.
2. Embedded system safety (DO-178C, ISO 26262 traceability).
3. RFP/contract scope.
4. AI agent task specification (prompt = 매 spec).

## 💻 패턴

### User story + acceptance criteria
```markdown
## US-142: Email-based password reset

**As a** registered user
**I want** to reset my password via email
**So that** I can regain access without contacting support

### Acceptance Criteria (Gherkin)
\`\`\`gherkin
Feature: Password reset

  Scenario: Valid email triggers reset link
    Given a user with email "alice@example.com" exists
    When I POST /auth/reset with that email
    Then a reset email is sent within 30 seconds
    And the email contains a token valid for 1 hour

  Scenario: Unknown email returns generic success
    Given no user with email "ghost@example.com"
    When I POST /auth/reset with that email
    Then the response is 200 OK
    And no email is sent
    # Reason: avoid user enumeration
\`\`\`

### NFR
- p95 endpoint latency < 300ms
- Email delivery SLA: 99.5% within 60s
- Token: 256-bit, single-use, 1h TTL
```

### pytest-bdd executable spec
```python
# features/password_reset.feature → tests/test_password_reset.py
from pytest_bdd import scenarios, given, when, then

scenarios("../features/password_reset.feature")

@given('a user with email "alice@example.com" exists')
def alice(db):
    db.users.insert(email="alice@example.com")

@when('I POST /auth/reset with that email')
def post_reset(client, ctx):
    ctx["resp"] = client.post("/auth/reset", json={"email": "alice@example.com"})

@then('a reset email is sent within 30 seconds')
def email_sent(mailbox):
    assert mailbox.last(timeout=30).to == "alice@example.com"
```

### NFR table (SLO format)
```markdown
| Category   | Metric                  | Target          | Measurement |
|------------|-------------------------|-----------------|-------------|
| Latency    | p95 GET /search         | < 200 ms        | Prometheus  |
| Throughput | sustained POST /events  | 10k req/s       | k6 load test|
| Avail.     | API uptime (monthly)    | 99.9%           | StatusPage  |
| Security   | OWASP Top 10 compliance | 100% checklist  | annual audit|
| A11y       | WCAG 2.2 AA             | 0 critical      | axe-core CI |
```

### Traceability matrix
```yaml
# requirements/trace.yaml
US-142:
  acceptance_tests: [test_password_reset.py::test_valid_email, test_password_reset.py::test_unknown_email]
  code: [src/auth/reset.py, src/email/templates/reset.html]
  related: [US-130, NFR-SEC-04]
```

### AI-assisted PRD draft prompt
```python
prompt = f"""You are a senior PM. Draft a PRD for: {feature_idea}

Output sections:
1. Problem (user pain quantified)
2. Goals / non-goals
3. User stories (INVEST format)
4. Acceptance criteria (Gherkin)
5. NFRs with measurable targets
6. Open questions

Flag every ambiguous adjective ('fast', 'easy') and demand a number."""
```

### Change-impact analysis
```python
def impact_of_change(req_id: str) -> dict:
    """Walk trace matrix to find affected artifacts."""
    trace = yaml.safe_load(open("requirements/trace.yaml"))
    node = trace[req_id]
    return {
        "tests": node["acceptance_tests"],
        "code": node["code"],
        "downstream_reqs": [r for r, n in trace.items() if req_id in n.get("related", [])],
    }
```

## 매 결정 기준
| 상황 | Approach |
|---|---|
| Agile feature | User stories + Gherkin AC |
| Compliance-heavy (med, aero) | Formal SRS (IEEE 830) + traceability |
| Internal tool | Lightweight one-pager PRD |
| AI agent task | Structured prompt = spec |
| Cross-team API | OpenAPI/AsyncAPI as contract |
| Performance critical | Explicit SLO table |

**기본값**: User story + Gherkin AC + NFR table; AI-drafted, human-reviewed.

## 🔗 Graph
- 변형: [[Use-Cases]]
- 응용: [[BDD]] · [[TDD]]
- Adjacent: [[RFC]] · [[OpenAPI]]

## 🤖 LLM 활용
**언제**: PRD draft, ambiguity detection, Gherkin generation, impact analysis.
**언제 X**: regulated safety-critical (FDA, FAA) 매 final sign-off는 매 human SME — LLM의 매 unverified.

## ❌ 안티패턴
- **Vague adjectives**: "fast", "scalable" without numbers.
- **Solution masquerading as requirement**: "Use Redis cache" (impl detail, not need).
- **Untestable AC**: "should feel intuitive" → 매 measurable proxy 의 부재.
- **Spec drift**: code changes 의 매 spec update 의 X — 매 living spec과 매 sync.
- **Big bang requirements**: 매 모든 feature 의 매 upfront freeze → agile 의 violation.

## 🧪 검증 / 중복
- Verified (IEEE 830-1998 ⇒ ISO/IEC/IEEE 29148:2018, Cohn user stories, Cucumber BDD).
- 신뢰도 A.

## 🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — full rewrite covering FR/NFR, user stories, Gherkin, AI-aided spec |