Skip to content
BSWEN
Blog

How Do You Write Effective Software Specifications Before Coding?

Cowrie
Cowrie
Dev @ Bswen

The Problem

I was halfway through building a user authentication system when I realized I’d been coding for three days and had nothing to show for it.

Day 1: Built login form, added password validation
Day 2: Realized I needed email verification, rewrote half the code
Day 3: Discovered rate limiting requirement, refactored everything again

The feature kept getting messier. Every new requirement revealed something I’d missed. I couldn’t even explain to my team what exactly I was building anymore.

Then I found a Reddit thread that described exactly what I was experiencing:

“SDD quickly shows where the pain-points would end up - concepts, processes, user-flow, or UI designs that haven’t been fully thought out.”

The comment hit home. I was discovering requirements through failed code instead of through deliberate thought.

What I Was Doing Wrong

My approach was typical for many developers:

1. Get a vague feature request
2. Start coding immediately
3. Discover missing requirements mid-implementation
4. Refactor to accommodate new understanding
5. Repeat steps 3-4 until "done"

Here’s what that looked like for my password reset feature:

First attempt:
  - Built basic reset flow
  - Forgot about token expiration
  - Had to refactor


Second attempt:
  - Added token expiration
  - Forgot about rate limiting
  - Had to refactor


Third attempt:
  - Added rate limiting
  - Forgot about email deliverability checks
  - Had to refactor

Each iteration cost time and introduced bugs. The feature grew messier with every change.

The Shift: Specification-Driven Development

I decided to try something different. Before writing any code for my next feature, I wrote a specification.

Not a vague one-line description. A real specification that answered four questions:

  1. What does it do? (Functional requirements)
  2. What constraints must it respect? (Constraints)
  3. What could go wrong? (Edge cases)
  4. How do parts connect? (Component connections)

Here’s the specification I wrote for a password reset feature:

password-reset-spec.md
# Feature: User Password Reset


## What It Does
- Allows users to reset forgotten passwords via email
- Generates a time-limited reset token
- Requires email verification before password change


## Constraints
- Reset token expires after 15 minutes
- Token is single-use (invalidated after use)
- New password must meet complexity requirements
- Maximum 3 reset requests per hour per IP
- Email must be verified in our system


## Edge Cases
- User requests reset for non-existent email
  -> Show same success message (security: don't reveal existence)
- Token expired
  -> Clear error, offer new reset link
- Token already used
  -> Clear error, offer new reset link
- Invalid token format
  -> Generic error, don't reveal token structure
- Email provider blocks delivery
  -> Log and offer alternative (support contact)


## Component Connections


### API Contract
POST /auth/reset-request
  Request: { email: string }
  Response: { success: boolean, message: string }


POST /auth/reset-confirm
  Request: { token: string, newPassword: string }
  Response: { success: boolean, message: string }


### Services Involved
- AuthService: Token generation, validation
- EmailService: Reset email delivery
- UserService: Password update
- RateLimiter: Abuse prevention

This took me 20 minutes to write.

When I started coding, I implemented the feature in one pass. No refactoring. No “oh wait, I forgot about X.” The specification had already revealed the complexity.

The Before/After Comparison

Here’s what changed:

AspectBefore SDDAfter SDD
StructureUnclear, disorganizedClear purpose and boundaries
RefactoringExcessive, repetitiveMinimal, targeted
Feature QualityGets messy over timeRemains maintainable
Coding ExperienceStruggle to figure out purposeStraightforward implementation

Why SDD Works: Systems Thinking

The Reddit thread had a comment that explained the shift:

“It’s very important to focus on systems thinking rather than just code or optimisation.”

Before SDD, I thought in terms of code:

"What function do I need?"
"What database table?"
"What API endpoint?"

After SDD, I think in terms of systems:

"What states can this entity be in?"
"What transitions are valid?"
"What happens when things fail?"
"How do components communicate?"

This mindset shift is crucial. Code thinking focuses on implementation. Systems thinking focuses on behavior.

A State Machine Example

For an order processing system, I used to start with code:

order_service.py
class OrderService:
    def create_order(self, user_id, items):
        # Start coding here...
        pass

Now I start with a state specification:

order-state-spec.txt
States: pending, confirmed, processing, shipped, delivered, cancelled, refunded


Initial State: pending


Transitions:
  pending -> confirmed: payment_received
  pending -> cancelled: user_cancel, timeout
  confirmed -> processing: warehouse_picked
  processing -> shipped: carrier_picked_up
  shipped -> delivered: delivery_confirmed
  confirmed -> cancelled: admin_cancel
  processing -> cancelled: stock_unavailable
  any -> refunded: refund_processed


Edge Cases:
- Double payment: idempotent, stay in confirmed
- Timeout during processing: alert ops team
- Carrier loses package: manual state override
- Refund during shipping: intercept or return-to-sender


Constraints:
- Cannot cancel after shipped
- Refund requires delivered or cancelled state
- All transitions logged with timestamp and actor

This specification reveals complexity before I write a single line of code. I can see that:

  • A cancelled order can’t be shipped
  • Refunds have state requirements
  • Some transitions need manual intervention

The Modern Context: SDD for AI Coding Assistants

There’s another reason specifications matter now: AI coding assistants.

A Reddit comment captured this:

“If you want to keep agents from running tasks, you need to be precise about what you want. Specification driven development is the way now.”

Here’s the difference:

Without SpecsWith Specs
AI makes assumptionsAI follows explicit requirements
Multiple iterations to correctFirst-pass correctness
Inconsistent patternsConsistent implementation
Scope creep from vague promptsBounded, testable output

I tested this with Claude Code:

Without specification:

Me: Build a password reset feature


Claude: [Builds basic reset]
        [I test it]
Me: Add token expiration
Claude: [Refactors]
        [I test it]
Me: Add rate limiting
Claude: [Refactors]
...

With specification:

Me: Read password-reset-spec.md and implement all requirements


Claude: [Reads spec]
        [Implements complete feature in one pass]
        [All edge cases handled]
        [All constraints enforced]

Same feature. One approach took 3 iterations. The other took 1.

The Practical Specification Process

I’ve settled on a 5-step process for writing specifications:

Step 1: Goals and User Flows

1. What problem does this solve?
2. Who are the users?
3. What are their success paths?
4. What are their failure paths?

Step 2: Component Breakdown

Routes? Auth? Component functionality? Services?
Map each piece before coding.

Step 3: Constraint Definition

Performance: [latency/throughput requirements]
Security: [auth/authz requirements]
Compatibility: [platform/version requirements]
Business: [rules and regulations]

Step 4: Edge Case Enumeration

Invalid inputs: [list scenarios]
Boundary conditions: [list limits]
Failure modes: [list failure types]
Concurrency: [list race conditions]

Step 5: Connection Mapping

API contracts: [define interfaces]
Data flow: [diagram]
State machine: [states and transitions]
Dependencies: [internal and external]

An API Specification Example

For a user preferences endpoint, I write the API contract first:

preferences-api-spec.yaml
paths:
  /api/users/{userId}/preferences:
    get:
      summary: Get user preferences
      parameters:
        - name: userId
          in: path
          required: true
          schema:
            type: string
            format: uuid
      responses:
        200:
          description: User preferences
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserPreferences'
        401:
          description: Unauthorized
        404:
          description: User not found


components:
  schemas:
    UserPreferences:
      type: object
      required:
        - theme
        - notifications
      properties:
        theme:
          type: string
          enum: [light, dark, system]
          default: system
        notifications:
          type: object
          properties:
            email:
              type: boolean
              default: true
            push:
              type: boolean
              default: false


# Edge cases documented:
# - What if theme is null? -> Use default "system"
# - What if user is deleted? -> 404 response
# - What if preferences never set? -> Return defaults

This specification becomes the contract. Implementation follows the contract, not the other way around.

The Cost of Skipping Specifications

I used to think specifications were “unnecessary paperwork.” Now I see them as “cheaper than refactoring.”

Consider the cost comparison:

Fixing issues at specification stage:
  - Time: 20 minutes to write spec
  - Changes: Update text
  - Cost: Minimal


Fixing issues during implementation:
  - Time: Hours to days of refactoring
  - Changes: Rewrite code, update tests, fix bugs
  - Cost: Significant


Fixing issues in production:
  - Time: Days to weeks of debugging
  - Changes: Hotfixes, rollbacks, customer communication
  - Cost: Critical (10-100x more expensive)

The Reddit thread consensus: “Fixing issues at specification stage costs 10-100x less than fixing in production.”

Common Objections (And Why They’re Wrong)

“Requirements evolve anyway, so why bother?”

Requirements do evolve. But specifications give you a baseline. When requirements change, you update the spec first, then implement. You don’t discover requirements through broken code.

“Agile values working code over documentation.”

Agile values working software over comprehensive documentation. A 1-page specification isn’t comprehensive documentation. It’s the minimum viable thinking before coding.

“I don’t have time to write specs.”

If you have time to refactor the same feature three times, you have time to write a spec. The spec takes 20 minutes. The refactoring takes hours.

The Mindset Shift

The real change isn’t the specification document itself. It’s the thinking that happens before you write it.

Old approach:
  Feature request -> Code -> Discover requirements -> Refactor


New approach:
  Feature request -> Think through requirements -> Write spec -> Code once

A Reddit commenter captured this:

“Before SDD, I spent hours trying to figure out what I was even building. After SDD, coding became straightforward implementation instead of exploratory struggle.”

Summary

In this post, I showed how Specification-Driven Development transformed my coding workflow. The key insight is that specifications answer four questions before coding: What does it do? What constraints must it respect? What could go wrong? How do parts connect?

By writing specifications first, I discovered pain-points in concepts, processes, and user flows before writing costly code. In the age of AI-assisted development, this precision isn’t optional - it’s what prevents agents from running wild with assumptions.

Before your next feature, spend 20 minutes writing a specification. Include what, constraints, edge cases, and connections. Then watch your coding become straightforward instead of exploratory.

Final Words + More Resources

My intention with this article was to help others share my knowledge and experience. If you want to contact me, you can contact by email: Email me

Here are also the most important links from this article along with some further resources that will help you in this scope:

Oh, and if you found these resources useful, don’t forget to support me by starring the repo on GitHub!

Comments

Tags: