Technical Spec

EARS Ruleset

A requirement MUST have:

• Zero or many preconditions
• Zero or one trigger
• One system name
• One or many system responses

The clauses always appear in the same order, following temporal logic.

The Five EARS Patterns

1. Ubiquitous Requirements

Pattern: The <system name> shall <system response>

When to use: Requirements that are always active, with no conditions or triggers.

Example:

• The mobile phone shall have a mass of less than 150 grams.
• The system shall support up to 1000 concurrent users.

2. State Driven Requirements

Pattern: While <precondition(s)>, the <system name> shall <system response>

Keyword: While

When to use: Requirements active as long as the specified state remains true.

Examples:

• While there is no card in the ATM, the ATM shall display "insert card to begin".
• While the engine is running, the dashboard shall display engine temperature.

3. Event Driven Requirements

Pattern: When <trigger>, the <system name> shall <system response>

Keyword: When

When to use: Requirements that specify how a system must respond to a triggering event.

Examples:

• When "mute" is selected, the laptop shall suppress all audio output.
• When the user presses the power button, the device shall begin shutdown sequence.

4. Optional Feature Requirements

Pattern: Where <feature is included>, the <system name> shall <system response>

Keyword: Where

When to use: Requirements that apply only in products/systems that include the specified feature.

Examples:

• Where the car has a sunroof, the car shall have a sunroof control panel on the driver door.
• Where biometric authentication is enabled, the app shall support fingerprint scanning.

5. Unwanted Behaviour Requirements

Pattern: If <trigger>, then the <system name> shall <system response>

Keywords: If and Then

When to use: Requirements specifying the required system response to undesired situations.

Examples:

• If an invalid credit card number is entered, then the website shall display "please re-enter credit card details".
• If connection to the server is lost, then the application shall save work locally.

Complex Requirements

Combine patterns for richer system behavior by using multiple EARS keywords:

Pattern: While <precondition(s)>, when <trigger>, the <system name> shall <system response>

Example:

• While the aircraft is on ground, when reverse thrust is commanded, the engine control system shall enable reverse thrust.

Complex requirements for unwanted behavior also include If-Then:

Pattern: While <precondition(s)>, if <trigger>, then the <system name> shall <system response>

Common Mistakes to Avoid

1. Vague verbs - Use specific, measurable actions

   • ❌ The system shall handle errors
   • ✅ If an error occurs, then the system shall display an error message to the user

2. Multiple system responses without clarity

   • ❌ The system shall validate input and display errors
   • ✅ When invalid input is received, the system shall display a validation error message

3. Mixing conditions and triggers

   • ❌ When the user is logged in and presses save, the system shall...
   • ✅ While the user is logged in, when the save button is pressed, the system shall...

4. Using wrong keywords

   • ❌ When there is no network connection... (this is a state, not an event)
   • ✅ While there is no network connection...

5. Ambiguous system name

   • ❌ The app shall...
   • ✅ The mobile application shall...

How to Help Users

When writing new requirements:

1. Ask clarifying questions:

   • What is the system name?
   • Is this always active, or does it depend on a condition/event?
   • What triggers this behavior?
   • What is the desired system response?

2. Identify the correct pattern:

   • No conditions/triggers → Ubiquitous
   • Continuous state → State Driven (While)
   • One-time event → Event Driven (When)
   • Optional feature → Optional Feature (Where)
   • Error/unwanted behavior → Unwanted Behaviour (If-Then)

3. Write the requirement following the pattern

4. Validate against EARS rules

When reviewing existing requirements:

1. Identify the pattern the requirement is trying to express
2. Check for EARS violations:
   • Missing "shall"
   • Wrong keyword usage
   • Ambiguous system name
   • Multiple triggers or unclear logic
3. Rewrite in correct EARS format
4. Explain what changed and why

Output Format

IMPORTANT: All requirements documents MUST be saved as markdown files in the docs/specs/ directory.

When writing requirements, create a markdown file with the following structure:

# [System Name] Requirements

## Overview
[Brief description of the system and purpose of this requirements document]

## Requirements

### [Category or Feature Name]

**REQ-[ID]:** [Pattern Name]

**Requirement:**
[The formatted EARS requirement]

**Rationale:**
[Brief explanation of why this requirement exists]

**Verification:**
[How this requirement can be tested/verified]

---

File Naming Convention

• Use kebab-case for filenames
• Include the system/component name
• Example: docs/specs/mobile-app-authentication-requirements.md
• Example: docs/specs/payment-system-requirements.md

When Creating Requirements Documents

1. Ask the user for the system name if not provided
2. Create the docs/specs directory if it doesn't exist
3. Generate a properly formatted markdown file
4. Save to docs/specs/[system-name]-requirements.md
5. Inform the user of the file location

Example Requirements Document

Here's an example of a complete requirements document saved to docs/specs/user-authentication-requirements.md:

# User Authentication System Requirements

## Overview
This document specifies the functional requirements for the user authentication system. The system provides secure login, session management, and password recovery capabilities.

**System Name:** User Authentication System
**Version:** 1.0
**Last Updated:** 2024-11-16

## Requirements

### Login Functionality

**REQ-001:** Event Driven

**Requirement:**
When the user submits valid credentials, the User Authentication System shall grant access and create a session token.

**Rationale:**
Successful authentication must result in a session being created for the user to access protected resources.

**Verification:**
Test by submitting valid username/password and verifying session token is created.

---

**REQ-002:** Unwanted Behaviour

**Requirement:**
If the user submits invalid credentials, then the User Authentication System shall display "Invalid username or password" and increment the failed login counter.

**Rationale:**
Users need clear feedback on failed login attempts, and the system must track attempts for security.

**Verification:**
Test by submitting invalid credentials and verifying error message and counter increment.

---

### Session Management

**REQ-003:** State Driven

**Requirement:**
While the user session is active, the User Authentication System shall validate the session token on each request.

**Rationale:**
Continuous validation ensures only authenticated users can access protected resources.

**Verification:**
Test by making requests with valid and expired session tokens.

---

**REQ-004:** Event Driven

**Requirement:**
When the user clicks logout, the User Authentication System shall invalidate the session token and redirect to the login page.

**Rationale:**
Users must be able to explicitly end their session for security.

**Verification:**
Test by logging out and verifying session token is invalidated and redirect occurs.

---

### Security

**REQ-005:** Ubiquitous

**Requirement:**
The User Authentication System shall hash all passwords using bcrypt with a minimum cost factor of 12.

**Rationale:**
Passwords must be securely stored using industry-standard hashing algorithms.

**Verification:**
Code review and verification that bcrypt is used with cost factor >= 12.

---

**REQ-006:** Unwanted Behaviour

**Requirement:**
If a user exceeds 5 failed login attempts within 15 minutes, then the User Authentication System shall lock the account for 30 minutes.

**Rationale:**
Prevents brute force attacks by temporarily locking accounts after multiple failed attempts.

**Verification:**
Test by attempting 6 failed logins and verifying account is locked for 30 minutes.

---

Examples of Converting Natural Language to EARS

Example 1: Vague requirement

Original: The system should validate user input.

Questions to ask:

• When does validation occur?
• What is the system's response?

EARS Version: When the user submits a form, the system shall validate all input fields.

Example 2: Complex requirement

Original: The car needs to show a warning if the driver isn't wearing a seatbelt after starting the engine.

EARS Version: While the engine is running, if the driver seatbelt is not fastened, then the dashboard shall display a seatbelt warning.

Pattern: Complex Unwanted Behaviour (While + If-Then)

Example 3: Constant property

Original: The device must be waterproof.

EARS Version: The device shall be waterproof to IP68 standard.

Pattern: Ubiquitous

Best Practices

1. Be specific - Use measurable, testable criteria
2. One requirement per statement - Don't combine multiple requirements
3. Use consistent system names - Don't alternate between "the app", "the system", "it"
4. Include units - Specify grams, seconds, meters, etc.
5. Make responses observable - The system response should be verifiable
6. Avoid implementation details - Focus on what, not how

When to Invoke This Skill

This skill should be used when users:

• Ask to write system requirements
• Request EARS format requirements
• Need help documenting specifications
• Want to validate existing requirements
• Ask to convert natural language to structured requirements
• Need requirements for systems engineering, safety-critical systems, or formal specifications

Your Approach

1. Listen to what the user wants to specify
2. Clarify any ambiguities (system name, feature scope, etc.)
3. Identify the appropriate EARS pattern for each requirement
4. Write the requirements following EARS syntax
5. Create a markdown file in docs/specs/ with proper structure
6. Save the requirements document
7. Explain your reasoning and the file location
8. Iterate based on user feedback

Important Reminders

• Always save to docs/specs/ - Never output requirements without creating the file
• Use markdown format - All requirements documents are .md files
• Follow EARS patterns strictly - Don't deviate from the established syntax
• Include metadata - Add requirement IDs, rationale, and verification methods
• Create the directory - Use mkdir -p docs/specs if it doesn't exist

Remember: EARS is designed to be lightweight, intuitive, and easy to read. The goal is to reduce ambiguity while keeping requirements in natural language that stakeholders can understand.