Add risk assessment and mitigation to plan template #713
Description
I’ve been working with Ai based spec driven development over the past six months, experimented a lot, and quite recently adopted spec-kit. First of all, thank you for open sourcing this amazing toolkit.
Fundamentally, when developing specs with Ai, I encounter about 3 categories of errors:
-
Incorrect understanding of the project - Solved with AGENTS.md and Constitution
-
Incorrect plan - Solved with spec kit
-
Incorrect assumptions or risk assessment - Open
My feature request is about the third category, it’s small but potent as I have used it successfully in countless features that got shipped over the last few months.
When the initial plan is completed, I always find myself promoting something like:
"Conduct a risk assessment, mitigate each identified risk,
and update the appropriate documents in /path/to/specs"
This humble prompt has correctly identified and mitigated real risks in my project before they even could occur. Examples I saw mitigated during the planing stage that were successfully implemented based on the de-risked plan:
- Integration problems across complex components
- Race conditions in complex algorithm
- Deadlocks in concurrency code
By my experience, the net value of adding a proper risk assessment and mitigation to the plan results in:
- Faster review
- Reduced debugging
- Reduced total time to delivery
For me, the impact is very meaningful as my time to delivery went down noticeably so that I spent more time on work that matters.
Speaking off important matters, a similar prompt for a code security plan would most likely have similar positive effects i.e.
“Conduct a code security assessment, mitigate each identified security risk,
derive safe code guidelines for the implementation, and update the plan in /path/to/specs"
I think the best and cheapest defense is still shipping code that is as safe as it gets by default.
In the interest of everyone working with spec-kit, please review this feature request, consider the merits, and if there is no obstacle, please add a proper risk mitigation to the planning stage.