/spec Command

/spec <feature-description>

# New feature
/spec Add JWT-based authentication with email/password login and token refresh

# Bug fix
/spec Fix pagination bug where last page returns empty results

# Refactoring
/spec Refactor user service to use repository pattern with dependency injection

# Performance optimization
/spec Optimize API response time by adding Redis caching layer

# Documentation
/spec Update API documentation to include new authentication endpoints

id: "add-auth-jwt-20250105120000"
name: "Add JWT Authentication"
type: feature
status: draft

# WHAT problem are we solving?
problem: |
  Users cannot securely authenticate. Need JWT-based auth.

# WHY build this?
motivation: |
  Enable secure API access with stateless authentication.

# REQUIREMENTS
functional_requirements:
  - FR1: "Email/password login returns JWT token"
  - FR2: "Token refresh endpoint for expired tokens"
  - FR3: "Middleware validates JWT on protected routes"

non_functional_requirements:
  - NFR1: "Tokens expire after 15 minutes"
  - NFR2: "Password hashing uses bcrypt with salt rounds ≥ 10"

# HOW will we measure success?
acceptance_criteria:
  - AC1: "User can login with valid credentials and receive JWT"
  - AC2: "Invalid credentials return 401 Unauthorized"
  - AC3: "Expired tokens are rejected by middleware"

# WHAT is in/out of scope?
in_scope:
  - Email/password authentication
  - JWT token generation and validation
  - Token refresh mechanism

out_of_scope:
  - OAuth2 third-party login (future work)
  - Two-factor authentication
  - Password reset flow

id: "add-auth-jwt-20250105120000-plan"
spec_id: "add-auth-jwt-20250105120000"

# HOW will we implement this?
approach: |
  Create authentication middleware using jsonwebtoken library.
  Store password hashes with bcrypt. Implement token refresh endpoint.

technology_stack:
  - "jsonwebtoken - JWT generation and validation"
  - "bcrypt - Password hashing"
  - "express-jwt - Express middleware integration"

# WHAT are the key decisions?
decisions:
  - decision: "Use jsonwebtoken library"
    rationale: "Industry standard, well maintained, 18M weekly downloads"

# WHAT files will we touch?
files_to_create:
  - src/auth/middleware.ts
  - src/auth/service.ts
  - src/auth/routes.ts

# HOW will we build this in phases?
phase_1:
  name: "Authentication Core"
  tasks:
    - [ ] Create authentication service
      spec_refs: [FR1]
      files: [src/auth/service.ts]
    
    - [ ] Implement password hashing with bcrypt
      spec_refs: [NFR2]
      files: [src/auth/service.ts]

phase_2:
  name: "JWT Integration"
  tasks:
    - [ ] Create JWT middleware
      spec_refs: [FR3]
      files: [src/auth/middleware.ts]

/spec Add authentication system

/spec Add OAuth2 Google login to authentication

/spec Add caching to improve performance

# ❌ Vague
/spec Add authentication

# ✅ Specific
/spec Add JWT-based authentication with email/password login, 15-minute token expiration, and refresh token support

# ✅ Includes performance and security needs
/spec Add user search endpoint with pagination, max 50 results per page, response time < 200ms, and SQL injection protection

# Load context before defining requirements
/research authentication patterns in this codebase
/spec Add OAuth2 login following existing JWT pattern

# First iteration
/spec Add user registration

# Review spec, then refine
/spec Add email verification to registration flow

# Review again, then refine
/spec Add rate limiting to registration endpoint (5 attempts per hour)

.buildforce/specs/add-auth-jwt-20250105120000/
├── research.yaml   # Research findings (if /research was run)
├── spec.yaml       # Requirements (WHAT to build)
└── plan.yaml       # Implementation plan (HOW to build)