Prerequisites
Knowns installed, MCP configured, and a Node.js/Express project ready to go.
What You'll Build
- A spec document defining auth requirements and acceptance criteria
- Tasks auto-linked to the spec with
fulfillsmapping - JWT login/register endpoints implemented by AI
- Verified coverage: every spec AC mapped to a completed task
Initialize Session
Start every session by loading project context.
/kn-init
Your AI reads KNOWNS.md, existing tasks, docs, and memory. It knows your project before writing a line of code.
Research First
Don't skip this step
Before writing a spec or plan, always research the existing codebase. Your AI needs to understand what's already there — existing patterns, conventions, and related code — before it can write a good spec.
/kn-research JWT authentication, middleware pattern, Express route structure
The AI searches your codebase, docs, and memory for relevant context:
AI: Researching "authentication" in project context...
Found:
- Doc: @doc/patterns/api-design — REST conventions
- Memory: "Express + TypeScript, Prisma ORM"
- Code: src/middleware/ — existing middleware pattern
- Code: src/routes/ — route structure (router → handler)
- No existing auth implementation found
Recommendations:
1. Follow existing middleware pattern in src/middleware/
2. Use Prisma for user model (consistent with project)
3. Express route pattern: router.post('/path', handler)This context feeds directly into the spec — your AI writes better specs when it understands the project first.
Create the Auth Spec
/kn-spec user-auth
The AI creates a structured spec at .knowns/docs/specs/user-auth.md, informed by the research:
.knowns/ ├── docs/ │ └── specs/ │ └── user-auth.md ← new spec ├── tasks/ └── config.json
# User Authentication Spec ## Overview JWT-based authentication for the REST API. ## Acceptance Criteria - AC-1: POST /auth/register creates a user and returns 201 - AC-2: POST /auth/login returns a JWT on valid credentials - AC-3: POST /auth/login returns 401 on invalid credentials - AC-4: Protected routes return 401 without a valid token - AC-5: Passwords are never stored in plain text
Review and edit the spec. When you're satisfied:
knowns doc edit "specs/user-auth" --tags spec --description "JWT auth spec"
Review & Approve the Spec
Gate: Spec must be approved before proceeding
This is a human checkpoint. Read the spec carefully — once approved, kn-plan or kn-go will generate tasks from it. A bad spec leads to bad tasks.
Review the spec for:
- Completeness — are all requirements covered?
- Clarity — can each AC be verified objectively?
- Scope — is it too broad or too narrow?
When you're satisfied, approve it:
You: Spec looks good. Approved.
Two paths after approval
/kn-plan --from @doc/specs/user-auth— generates tasks, waits for you to approve each plan before implementing/kn-go specs/user-auth— full autopilot: generates tasks and implements them all without review gates
Generate Tasks from Spec
/kn-plan --from @doc/specs/user-auth
The AI breaks the spec into implementation tasks, each linked via spec and fulfills:
Task 1: "Setup auth middleware" → spec: specs/user-auth → fulfills: AC-4 Task 2: "Implement register endpoint" → spec: specs/user-auth → fulfills: AC-1, AC-5 Task 3: "Implement login endpoint" → spec: specs/user-auth → fulfills: AC-2, AC-3
Check the board:
knowns task list --plain
Implement Each Task
Work through tasks in order. The AI reads the linked spec and follows your patterns.
/kn-implement <task-id>
For each task, the AI:
- Reads the task and its acceptance criteria
- Follows the
@doc/specs/user-authreference - Checks project memory for existing patterns
- Implements the code
- Checks off ACs as they're completed
You: /kn-implement abc123 AI: Reading task abc123: "Implement register endpoint" → Spec: @doc/specs/user-auth (AC-1, AC-5) → Memory: "Express + TypeScript, Prisma ORM" Creating src/routes/auth.ts... Creating src/middleware/validate.ts... Adding bcrypt password hashing... ✓ AC-1: POST /auth/register creates user → implemented ✓ AC-5: Passwords hashed with bcrypt → implemented ✓ Task marked done, spec ACs auto-synced
Verify Coverage
After all tasks are done, verify that every spec AC is covered:
/kn-verify
Spec: specs/user-auth ✓ AC-1: POST /auth/register creates a user and returns 201 ✓ AC-2: POST /auth/login returns a JWT on valid credentials ✓ AC-3: POST /auth/login returns 401 on invalid credentials ✓ AC-4: Protected routes return 401 without a valid token ✓ AC-5: Passwords are never stored in plain text Coverage: 5/5 (100%) All acceptance criteria verified.
Extract Patterns (Optional)
Save reusable patterns for future sessions:
/kn-extract
The AI saves patterns like:
- "JWT auth pattern: bcrypt + jsonwebtoken + middleware guard"
- "Express route structure: router → controller → service"
These persist in project memory and are available in every future session.
Key Takeaways
| Traditional approach | With Knowns SDD |
|---|---|
| Write code, then figure out if it's done | Define 'done' in a spec before writing code |
| Tasks are disconnected from requirements | Tasks auto-link to spec ACs via fulfills |
| AI starts blind — no project context | AI researches first, then writes informed specs |
| Manual checking of requirements | One command verifies full coverage |
| Knowledge stays in your head | Patterns extracted and saved for reuse |
What's next?
Try the AI Task Workflow for a simpler everyday loop, or read the Workflow Guide to choose the right flow for your task.
Yêu cầu
Knowns đã cài, MCP đã cấu hình, và project Node.js/Express sẵn sàng.
Bạn sẽ xây dựng gì
- Spec document định nghĩa auth requirements và acceptance criteria
- Tasks tự động link tới spec với
fulfillsmapping - JWT login/register endpoints do AI implement
- Verified coverage: mọi spec AC đều map tới task hoàn thành
Khởi tạo Session
Bắt đầu mỗi session bằng cách load project context.
/kn-init
AI đọc KNOWNS.md, tasks hiện có, docs, và memory. Nó hiểu project trước khi viết dòng code nào.
Research trước
Đừng bỏ qua bước này
Trước khi viết spec hay plan, luôn research codebase hiện có. AI cần hiểu những gì đã có — patterns, conventions, code liên quan — trước khi viết spec tốt.
/kn-research JWT authentication, middleware pattern, Express route structure
AI tìm kiếm codebase, docs, và memory cho context liên quan:
AI: Researching "authentication" trong project context...
Tìm thấy:
- Doc: @doc/patterns/api-design — REST conventions
- Memory: "Express + TypeScript, Prisma ORM"
- Code: src/middleware/ — middleware pattern hiện có
- Code: src/routes/ — route structure (router → handler)
- Chưa có auth implementation
Khuyến nghị:
1. Follow middleware pattern hiện có trong src/middleware/
2. Dùng Prisma cho user model (nhất quán với project)
3. Express route pattern: router.post('/path', handler)Context này feed trực tiếp vào spec — AI viết spec tốt hơn khi hiểu project trước.
Tạo Auth Spec
/kn-spec user-auth
AI tạo spec có cấu trúc tại .knowns/docs/specs/user-auth.md, dựa trên research:
.knowns/ ├── docs/ │ └── specs/ │ └── user-auth.md ← spec mới ├── tasks/ └── config.json
# User Authentication Spec ## Tổng quan JWT-based authentication cho REST API. ## Acceptance Criteria - AC-1: POST /auth/register tạo user và trả về 201 - AC-2: POST /auth/login trả về JWT khi credentials hợp lệ - AC-3: POST /auth/login trả về 401 khi credentials không hợp lệ - AC-4: Protected routes trả về 401 khi không có valid token - AC-5: Passwords không bao giờ lưu dạng plain text
Review và edit spec. Khi hài lòng:
knowns doc edit "specs/user-auth" --tags spec --description "JWT auth spec"
Review & Approve Spec
Gate: Spec phải được approve trước khi tiếp tục
Đây là checkpoint cho người dùng. Đọc spec kỹ — sau khi approve, kn-plan hoặc kn-go sẽ tạo tasks từ spec. Spec tệ dẫn tới tasks tệ.
Review spec cho:
- Đầy đủ — tất cả requirements đã covered?
- Rõ ràng — mỗi AC có thể verify khách quan?
- Phạm vi — quá rộng hay quá hẹp?
Khi hài lòng, approve:
Bạn: Spec OK. Approved.
Hai đường sau khi approve
/kn-plan --from @doc/specs/user-auth— tạo tasks, chờ bạn approve mỗi plan trước khi implement/kn-go specs/user-auth— full autopilot: tạo tasks và implement tất cả không có review gates
Tạo Tasks từ Spec
/kn-plan --from @doc/specs/user-auth
AI chia spec thành implementation tasks, mỗi task link qua spec và fulfills:
Task 1: "Setup auth middleware" → spec: specs/user-auth → fulfills: AC-4 Task 2: "Implement register endpoint" → spec: specs/user-auth → fulfills: AC-1, AC-5 Task 3: "Implement login endpoint" → spec: specs/user-auth → fulfills: AC-2, AC-3
Xem board:
knowns task list --plain
Implement từng Task
Làm tasks theo thứ tự. AI đọc linked spec và follow patterns của bạn.
/kn-implement <task-id>
Với mỗi task, AI:
- Đọc task và acceptance criteria
- Follow
@doc/specs/user-authreference - Kiểm tra project memory cho patterns hiện có
- Implement code
- Check off ACs khi hoàn thành
Bạn: /kn-implement abc123 AI: Đọc task abc123: "Implement register endpoint" → Spec: @doc/specs/user-auth (AC-1, AC-5) → Memory: "Express + TypeScript, Prisma ORM" Tạo src/routes/auth.ts... Tạo src/middleware/validate.ts... Thêm bcrypt password hashing... ✓ AC-1: POST /auth/register tạo user → implemented ✓ AC-5: Passwords hashed bằng bcrypt → implemented ✓ Task marked done, spec ACs auto-synced
Verify Coverage
Sau khi tất cả tasks xong, verify mọi spec AC đều covered:
/kn-verify
Spec: specs/user-auth ✓ AC-1: POST /auth/register tạo user và trả về 201 ✓ AC-2: POST /auth/login trả về JWT khi credentials hợp lệ ✓ AC-3: POST /auth/login trả về 401 khi credentials không hợp lệ ✓ AC-4: Protected routes trả về 401 khi không có valid token ✓ AC-5: Passwords không bao giờ lưu dạng plain text Coverage: 5/5 (100%) Tất cả acceptance criteria đã verified.
Extract Patterns (Tùy chọn)
Lưu reusable patterns cho sessions sau:
/kn-extract
AI lưu patterns như:
- "JWT auth pattern: bcrypt + jsonwebtoken + middleware guard"
- "Express route structure: router → controller → service"
Chúng persist trong project memory và available trong mọi session sau.
Điểm chính
| Cách truyền thống | Với Knowns SDD |
|---|---|
| Viết code, rồi tìm hiểu xem xong chưa | Định nghĩa 'xong' trong spec trước khi code |
| Tasks không liên kết với requirements | Tasks tự động link tới spec ACs qua fulfills |
| AI bắt đầu mù — không có project context | AI research trước, rồi viết spec có thông tin |
| Kiểm tra requirements thủ công | Một lệnh verify full coverage |
| Knowledge ở trong đầu bạn | Patterns extracted và lưu để tái sử dụng |
Tiếp theo?
Thử AI Task Workflow cho vòng lặp hằng ngày đơn giản hơn, hoặc đọc Workflow Guide để chọn flow phù hợp.