From a666f71ca46a11f1c0a14e98465798c6ae026df4 Mon Sep 17 00:00:00 2001
From: narawat <narawat@gmail.com>
Date: Sun, 22 Mar 2026 23:26:00 +0700
Subject: [PATCH] add FR

---
 ASG_Framework.md | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/ASG_Framework.md b/ASG_Framework.md
index 006182c..54eae27 100644
--- a/ASG_Framework.md
+++ b/ASG_Framework.md
@@ -35,7 +35,7 @@ This document defines the documentation framework for a software project. It est
 **Content Guidelines**:
 - User stories with clear acceptance criteria (As a X, I want Y so that Z)
 - Functional Requirements Documents with clear success metrics and KPIs.
-- Nonfunctional requirements covering performance, scalability, availability, reliability, and privacy.
+- Non-Functional Requirements covering performance, scalability, availability, reliability, and privacy.
 - Boundary definitions that state what is in scope and out of scope.
 - Security requirements including threat model outcomes, authentication and authorization expectations, data classification, encryption requirements, and compliance controls.
 - Observability requirements specifying required telemetry, metrics, traces, logs, alerting thresholds, and retention policies.
@@ -413,28 +413,33 @@ Each documentation artifact has associated KPIs. Track these to ensure quality:
 - Out of Scope
 - Dependencies (e.g., "Requires Stripe API v2023-08")
 
-## 3. Non-Functional Requirements (NFRs)
-### 3.1 Performance & Scalability
+## 3. Functional Requirements (FR)
+- **FR-XXX**: [Requirement ID] - [Clear, testable functional requirement]
+- **FR-XXX**: [Requirement ID] - [Clear, testable functional requirement]
+- *Example: FR-001 - System shall allow users to invite teammates via email address*
+
+## 4. Non-Functional Requirements (NFRs)
+### 4.1 Performance & Scalability
 - [e.g., Support 10K TPS, scale horizontally to 100 nodes]
 
-### 3.2 Availability & Reliability
+### 4.2 Availability & Reliability
 - [e.g., SLO: 99.9% monthly uptime, MTTR < 10min]
 
-### 3.3 Privacy & Security
+### 4.3 Privacy & Security
 - Data Classification: [e.g., PII, PHI]
 - Threat Model Outcomes: [e.g., "Mitigates replay attacks via nonce + timestamp"]
 - Auth/Z Expectations: [e.g., RBAC with 3 roles: viewer, editor, admin]
 - Encryption: [e.g., TLS 1.3+, AES-256 at rest]
 - Compliance: [e.g., GDPR Art. 32, SOC2 Type II]
 
-### 3.4 Observability & Telemetry
+### 4.4 Observability & Telemetry
 - Required Logs: [e.g., `user_id`, `request_id`, `status`, `latency_ms`]
 - Critical Metrics: [e.g., `auth_failures_total`, `api_latency_seconds{quantile=0.99}`]
 - Tracing: [e.g., Zipkin/B3 propagation, 10% sampling]
 - Alerting: [e.g., `auth_failure_rate > 5%/min` triggers PagerDuty]
 - Retention: [e.g., Logs: 30 days, Metrics: 1 year]
 
-## 4. Acceptance Conditions
+## 5. Acceptance Conditions
 - [List verifiable conditions for sign-off, including validation gates]
 ```