Best Practice on how to load/ingest enterprise guidance/rules to spec kit context

[TechSkieur]

Hi Folks,

I'm wondering what would be the best practice to load enterprise-level context into spec kit context when executing spec command. For big enterprise, there are many requirements on security/ethics/compliance. Also for some common modules, to build features on top of these modules, need to refer to their help guide or documents. These can be all seen as Context. It's necessary to use such Context to build new features.

So when executing spec command should we put all these context into constitution.md file, in such case, constitution.md file would become too large... or construct a multi-layer structure and load these context separately?

[vinaybist]

I am also looking into this. Not 100% sure but IMO, requirements on security/ethics/compliance can be huge and may be not applicable straight away. Constitution.md is always in memory so as a first step you may mention few small statement for example "Security is mandatory for all features" in constitution.md however, detailed security/compliance requirements vary by technology domain and are therefore delegated to domain‑specific Security context (e.g., Web, Firmware, API, Cloud). Each project must apply only the Security context appropriate to its domain which I think we can use supported hooks/scripts as they operate across the flow of spec --> plan --> task generation pipeline.