# Virsaitis Requirements - Index

**Project**: Virsaitis Three-Layer AI Governance System
**Version**: 3.0.0
**Status**: In Development
**Owner**: Toms Eisaks
**Updated**: 2026-04-21

---

## 📋 Requirements Overview

Total requirements: 83 across 7 categories

| Category | Count | REQ-ID Range | Status |
|----------|-------|--------------|--------|
| **Governance Core** | 12 | REQ-GOV-001 to 012 | Draft |
| **Security Controls** | 16 | REQ-SEC-001 to 016 | Draft |
| **MCP Server** | 11 | REQ-MCP-001 to 011 | Tested (277 tests, 100% functions) |
| **VS Code Extension** | 21 | REQ-EXT-001 to 021 | Tested (136 tests, 83% statements) |
| **Agent** | 8 | REQ-AGT-001 to 008 | Implemented |
| **Skills** | 5 | REQ-SKL-001 to 005 | Draft |
| **Testing & QA** | 10 | REQ-TEST-001 to 010 | Draft |

---

## 🎯 Project Mission

Create three-layer AI governance system that achieves **95%+ compliance** for AI-assisted software development through:

**Layer 1: Agent** (Behavioral Guidance)
- Atomic markdown instruction design
- Self-regulation through clear rules
- Consequence-aware decision making

**Layer 2: MCP Server** (Pre-execution Validation)
- TypeScript governance enforcement engine
- File operation validation
- Secret scanning and input validation

**Layer 3: VS Code Extension** (User Action Interception)
- Real-time file save interception
- Visual governance indicators
- Override workflow management

**Layer 4: Skills** (Domain-Specific Rules)
- Native VS Code Agent Skills
- Progressive disclosure (3 levels)
- Consequence documentation per TIER

---

## 📚 Requirements Documents

### Core Requirements
- **[functional-spec.md](functional-spec.md)** - Functional requirements for all components
- **[nonfunctional-spec.md](nonfunctional-spec.md)** - Performance, scalability, usability
- **[security-controls.md](security-controls.md)** - Security requirements and controls
- **[testing-requirements.md](testing-requirements.md)** - Test coverage and quality gates

### Supporting Documents
- **[glossary.md](glossary.md)** - Terminology and definitions
- **[assumptions.md](assumptions.md)** - Project assumptions log
- **[risk-register.md](risk-register.md)** - Identified risks and mitigations
- **[traceability.csv](traceability.csv)** - REQ-ID to Implementation mapping

---

## 🔑 Critical MUST Requirements (TIER-0)

These requirements are non-negotiable and block production deployment if not met:

1. **REQ-GOV-001**: Protected file modification enforcement
2. **REQ-GOV-002**: Atomic sentence structure in Agent.md
3. **REQ-SEC-001**: Secret detection 100% coverage
4. **REQ-SEC-002**: Credential rotation within 1 hour
5. **REQ-MCP-003**: File operation validation engine
6. **REQ-EXT-002**: File save interception for protected files
7. **REQ-TEST-001**: Security test coverage 100%

---

## 📊 Requirements by Priority

### TIER-0 (Safety-Critical) - 12 requirements
Must be 100% implemented and verified. No exceptions.

### TIER-1 (Code-Breaking) - 28 requirements
Must be ≥95% implemented. Minimal compromise allowed with approval.

### TIER-2 (Quality Standards) - 21 requirements
Should be ≥80% implemented. Acceptable tradeoffs with justification.

### TIER-3 (Enhancements) - 10 requirements
Best effort implementation. Negotiable based on resources.

---

## 🚀 Implementation Phases

### Phase 1: Foundation (Complete)
- Agent.md with atomic sentences
- 11 governance modules
- Core requirement documents
- Traceability framework

### Phase 2: MCP Server (Complete)
- TypeScript MCP server implementation (14 source files, 2,799 LOC)
- Governance validation engine (8 tools)
- Secret scanning (Shannon entropy + regex patterns)
- Input validation and rate limiting
- Test suite: 277 tests, 100% function coverage

### Phase 3: VS Code Extension (Complete)
- File save interception (readonlyInclude + post-save revert)
- Visual governance indicators (shield badges, status bar)
- MCP client (stdio transport, lifecycle management)
- Override workflow and audit trail
- Framework install/detect/update/validate commands
- First-run setup wizard
- Test suite: 136 tests, 83% statement coverage
- VSIX packaged: 688 KB, distributed to virsaitis-distribution/

### Phase 4: Skills Development
- 6 core skills with Consequences sections
- Progressive disclosure implementation
- Skills validation
- Integration testing

### Phase 5: Portable Distribution
- Build automation
- Installation scripts (Windows/Linux/Mac)
- Documentation
- Distribution packaging
- User acceptance testing

---

## 📈 Success Metrics

| Metric | Target | Current | Measurement |
|--------|--------|---------|-------------|
| **Governance Compliance** | ≥95% | — | TIER-0 violations per month |
| **MCP Test Coverage** | ≥70% | 100% functions | virsaitis-mcp: 277 tests |
| **Extension Test Coverage** | ≥80% | 83% statements | virsaitis-extension: 136 tests |
| **Security Test Coverage** | 100% | 100% | Secret scanning + TIER-0 enforcement |
| **Requirement Coverage** | 100% MUST | 100% EXT, 100% MCP | 112/112 EXT ACs, all MCP tested |
| **False Positive Rate** | <5% | — | Incorrect blocks |
| **Response Time** | <10s | <10s | MCP timeout default |
| **VSIX Size** | <10MB | 688 KB | virsaitis-3.0.0.vsix |

---

## 🔗 Related Documentation

- **Architecture**: [../virsaitis-documentation/5-COMPONENT-ARCHITECTURE.md](../virsaitis-documentation/)
- **Agent Standards**: [../.github/copilot-modules/agent-standards.md](../../.github/copilot-modules/agent-standards.md)
- **MCP Standards**: [../.github/copilot-modules/mcp-standards.md](../../.github/copilot-modules/mcp-standards.md)
- **Extension Standards**: [../.github/copilot-modules/extension-standards.md](../../.github/copilot-modules/extension-standards.md)

---

## 📝 Change History

| Date | Version | Author | Changes |
|------|---------|--------|---------|
| 2026-04-21 | 3.0.0 | Toms Eisaks | EXT status → Tested (136 tests, 112/112 ACs), phases 1-3 complete, metrics updated |
| 2026-04-20 | 3.0.0 | Toms Eisaks | MCP status → Tested (277 tests), Agent → Implemented, traceability populated |
| 2026-02-17 | 2.0.0 | Toms Eisaks | Initial requirements structure for Virsaitis v2.0 |

---

*Virsaitis Requirements Index v3.0.0*
*Three-layer AI governance system — Phases 1–3 complete*