Extract technical constraints (C-*) from ecosystem E(t) - timeouts, API limits, compliance requirements, platform dependencies. Acknowledges given constraints, not design choices. Use to document ecosystem realities that code must work within.
/plugin marketplace add foolishimp/ai_sdlc_method/plugin install aisdlc-methodology@aisdlcThis skill is limited to using the following tools:
Skill Type: Actuator (Requirements Disambiguation) Purpose: Extract C-* constraints acknowledging ecosystem E(t) Prerequisites: REQ-* requirement exists
You are extracting constraints (C-*) from the ecosystem E(t).
Constraints are GIVEN (external reality), not CHOSEN (design decisions).
Examples:
Goal: Acknowledge ecosystem constraints that code must work within.
Timeouts:
C-001: Stripe API timeout
- Value: 10 seconds (given by Stripe documentation)
- Source: https://stripe.com/docs/api#timeouts
- Fallback: Return error to user
- Monitoring: Alert if approaching timeout (>8s)
Rate limits:
C-010: Stripe API rate limit
- Limit: 100 requests per second
- Source: Stripe API documentation
- Behavior: Implement exponential backoff
- Error: "Payment service temporarily unavailable"
PCI-DSS:
C-020: PCI-DSS Level 1 compliance
- Requirement: Never store full credit card numbers
- Implementation: Tokenize via Stripe
- Validation: No card numbers in logs or database
- Audit: Regular PCI scans required
GDPR:
C-030: GDPR data portability
- Requirement: Users can export their data
- Format: JSON or CSV
- Timeline: Within 30 days of request
- Scope: All personal data
Language/runtime:
C-040: Python version
- Minimum: Python 3.8
- Reason: Using dataclasses, type hints
- Source: Project decision (E(t) = team knows Python)
- Validation: Check at startup
Dependencies:
C-050: bcrypt library
- Library: bcrypt
- Version: >=4.0.0
- Reason: Password hashing (security requirement)
- Source: Security team standard
Response time SLAs:
C-060: Login response time
- Max time: 500ms (p95)
- Measurement: End-to-end from request to response
- Monitoring: Datadog APM
- Alerting: >400ms warning, >500ms critical
Resource limits:
C-070: Database connection pool
- Max connections: 20
- Source: RDS instance limit
- Behavior: Queue requests if pool exhausted
- Timeout: 5 seconds wait for connection
Authentication:
C-080: HTTPS requirement
- Protocol: All auth requests must be HTTPS
- Source: Security policy
- Enforcement: Reject HTTP requests
- Exception: None (no HTTP fallback)
Session management:
C-090: Session timeout
- Duration: 30 minutes of inactivity
- Source: Security team policy
- Token: JWT with exp claim
- Storage: Redis with TTL
Constraint (C-*) - GIVEN by ecosystem:
✅ C-001: Stripe API timeout is 10 seconds
Source: Stripe documentation (external reality)
We MUST work within this constraint
✅ C-002: PCI-DSS prohibits storing card numbers
Source: Payment Card Industry regulation
We MUST comply
✅ C-003: Team knows Python, not Java
Source: Team capabilities (E(t))
We work within this reality
Design Decision - CHOSEN by us:
❌ "We will use PostgreSQL" → This is ADR, not C-*
❌ "We will implement REST API" → This is ADR, not C-*
❌ "We will use MVC pattern" → This is ADR, not C-*
Rule: If it's a choice between alternatives → ADR (Design stage) If it's a given reality we must work within → C-* (Constraint)
Ask:
Template:
C-{ID}: {Constraint Name}
- Value/Requirement: {What is constrained}
- Source: {Where this constraint comes from - API docs, regulation, policy}
- Ecosystem E(t): {What ecosystem component imposes this}
- Implementation: {How code must handle this}
- Validation: {How to verify compliance}
- Autogenerate: {Yes/No}
[EXTRACT CONSTRAINTS - <REQ-ID>]
Requirement: User login
Constraints Extracted:
API/Service Constraints (2):
✓ C-001: Database query timeout (100ms, RDS limit)
✓ C-002: Session storage (Redis, existing infrastructure)
Compliance Constraints (2):
✓ C-003: HTTPS required (security policy)
✓ C-004: Password hashing (bcrypt, security standard)
Performance Constraints (1):
✓ C-005: Login response time (<500ms, SLA requirement)
Total: 5 constraints
Ecosystem E(t) Acknowledged:
- External: RDS connection limits, Redis infrastructure
- Compliance: Security policies (HTTPS, bcrypt)
- Performance: SLA requirements
Updated: docs/requirements/authentication.md
Added: Constraints section with 5 C-*
✅ Constraint Extraction Complete!
Why extract constraints?
Homeostasis Goal:
desired_state:
all_ecosystem_constraints_documented: true
constraints_vs_choices_clear: true
"Excellence or nothing" 🔥
Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.
Create beautiful visual art in .png and .pdf documents using design philosophy. You should use this skill when the user asks to create a poster, piece of art, design, or other static piece. Create original visual designs, never copying existing artists' work to avoid copyright violations.