Gate 1: Business requirements document - defines WHAT/WHY before HOW. Creates PRD with problem definition, user stories, success metrics.
Business requirements (WHAT/WHY) must be fully defined before technical decisions (HOW/WHERE).
Mixing business and technical concerns creates:
The PRD answers: WHAT we're building and WHY it matters to users and business. The PRD never answers: HOW we'll build it or WHERE components will live.
| Phase | Activities |
|---|---|
| 0. Load Research | Check docs/pre-dev/{feature}/research.md; review codebase patterns, best practices, framework constraints, UX research; reference findings with notation |
file:line| 1. Problem Discovery | Define problem without solution bias; identify specific users; quantify pain with metrics/evidence |
| 2. Business Requirements | Executive summary (3 sentences); user personas (goals, frustrations); user stories (As/I want/So that); success metrics (measurable); scope boundaries (in/out) |
| 3. Gate 1 Validation | Problem articulated; impact quantified; users identified; features address problem; metrics measurable; scope explicit |
| 4. UX Validation | Dispatch product-designer to validate PRD against user needs and create ux-criteria.md |
Problem definition and user pain points, user personas (demographics, goals, frustrations), user stories with acceptance criteria, feature requirements (WHAT not HOW), success metrics (adoption, satisfaction, KPIs), scope boundaries (in/out explicitly), go-to-market considerations
Architecture diagrams or component design, technology choices (languages, frameworks, databases), implementation approaches or algorithms, database schemas or API specifications, code examples or package dependencies, infrastructure needs or deployment strategies, system integration patterns
| Excuse | Reality |
|---|---|
| "Just a quick technical note won't hurt" | Technical details constrain business thinking. Keep them separate. |
| "Stakeholders need to know it's feasible" | Feasibility comes in TRD after business requirements are locked. |
| "The implementation is obvious" | Obvious to you ≠ obvious to everyone. Separate concerns. |
| "I'll save time by combining PRD and TRD" | You'll waste time rewriting when requirements change. |
| "This is a simple feature, no need for formality" | Simple features still need clear requirements. Follow the process. |
| "I can skip Gate 1, I know it's good" | Gates exist because humans are overconfident. Validate. |
| "The problem is obvious, no need for personas" | Obvious to you ≠ validated with users. Document it. |
| "Success metrics can be defined later" | Defining metrics later means building without targets. Do it now. |
| "I'll just add this one API endpoint detail" | API design is technical architecture. Stop. Keep it in TRD. |
| "But we already decided on PostgreSQL" | Technology decisions come after business requirements. Wait. |
| "CEO/CTO says it's a business constraint" | Authority doesn't change what's technical. Abstract it anyway. |
| "Investors need to see specific vendors/tech" | Show phasing and constraints abstractly. Vendors go in TRD. |
| "This is product scoping, not technical design" | Scope = capabilities. Technology = implementation. Different things. |
| "Mentioning Stripe shows we're being practical" | Mentioning "payment processor" shows the same. Stay abstract. |
| "PRDs can mention tech when it's a constraint" | PRDs mention capabilities needed. TRD maps capabilities to tech. |
| "Context matters - this is for exec review" | Context doesn't override principles. Executives get abstracted version. |
During PRD creation, identify if the feature requires access control:
| Business Question | If Yes → Document |
|---|---|
| Does this feature handle user-specific data? | "Users can only access their own [data type]" |
| Are there different user roles with different permissions? | "Admins can [X], regular users can [Y]" |
| Does this feature need to identify who performed an action? | "Audit trail required for [action type]" |
| Does this integrate with other internal services? | "Service must authenticate to [service name]" |
| Are there regulatory requirements (GDPR, PCI-DSS, HIPAA)? | "Must comply with [regulation] for [data type]" |
What to include in PRD:
What NOT to include in PRD:
Note: The TRD (Gate 3) will translate these business requirements into authentication/authorization architecture patterns. For Go services, refer to golang.md → Access Manager Integration section during TRD creation.
During PRD creation, assess whether the feature/product requires business dashboard endpoints.
Not every product needs dashboard endpoints. The deciding factor is whether a human operator or business manager will need aggregated visibility to make decisions.
This discovery MUST be triggered when:
Use AskUserQuestion tool:
Question: "Will an operator or business manager need a consolidated view of this feature's data to make decisions (e.g., volumes, statuses, error rates, trends)?"
Document in PRD under a "Dashboard Requirements" section:
| Question | Document |
|---|---|
| Who is the primary dashboard consumer? | Persona: operator, manager, compliance officer, etc. |
| What decisions does the dashboard support? | "Is this healthy?", "Where are bottlenecks?", "Are we meeting SLAs?" |
| What key metrics need visibility? | Volumes, rates, distributions, trends, aging |
| What is the expected refresh cadence? | Real-time, near real-time, periodic |
Example PRD section:
## Dashboard Requirements
**Consumer:** Operations manager
**Decisions supported:** Health monitoring, SLA compliance, exception triage
**Key metrics:**
- Total volume processed (by period)
- Distribution by status (success/pending/failed)
- Error rate trends
- Aging of unresolved items
**Refresh:** Near real-time (< 5 min lag)
This section cascades into Feature Map (Gate 2) for UI components and API Design (Gate 4) for dashboard data endpoints.
Document explicitly in PRD scope:
## Out of Scope
- Business dashboard endpoints (infrastructure product — monitoring via observability stack)
This prevents the question from resurfacing in later gates.
Flag as open question in PRD:
## Open Questions
- [ ] Dashboard requirements TBD — needs product/business review before Gate 2
STOP Gate 1 validation for this item until resolved.
| Product Type | Dashboard? | Rationale |
|---|---|---|
| Core ledger / transaction engine | Yes | Operators need volume, status, health visibility |
| Reconciliation / matching | Yes | Exception management requires aggregated view |
| Risk / fraud analysis | Yes | Monitoring product by nature — alerts, scores, trends |
| Regulatory reporting | Yes | Compliance needs deadline tracking, coverage, delivery status |
| Payment rails (PIX, SWIFT, etc.) | Yes | High volume + SLA requirements = operational visibility |
| Billing / fees | Yes | Revenue data needs consolidated view |
| Workflow orchestration | Maybe | Depends on volume and operational complexity |
| Data ingestion | No | Backend plumbing — health is infra/o11y concern |
| Auth / identity | No | Infrastructure — login metrics are o11y, not business dashboard |
| Tenant management | No | Admin/platform tooling, not end-user operated |
| Excuse | Reality |
|---|---|
| "We'll add dashboards later" | Later = never, or expensive rework. Decide now. |
| "Every product needs a dashboard" | Infrastructure products don't. Forcing it creates noise. |
| "Observability covers it" | O11y ≠ business dashboard. Grafana for SREs ≠ console for operators. |
| "Dashboard is a frontend concern" | Dashboard data endpoints are backend. Decide scope here. |
| "It's obvious this needs a dashboard" | Obvious to you ≠ documented. Ask and record the decision. |
If you catch yourself writing or thinking any of these in a PRD, STOP:
When you catch yourself: Move that content to a "technical notes" section to transfer to TRD later. Keep PRD pure business.
⛔ MANDATORY: If feature is frontend-only (uses existing backend APIs), this section MUST be completed.
Check research.md frontmatter for topology: