How Kiro Spec Engine Makes Moqui ERP Development Systematic and Manageable

Community
1

This case study demonstrates how Kiro Spec Engine (KSE) provides a systematic methodology for developing complex ERP systems like Moqui. Through a real authentication fix, we show how KSE’s structured approach (Requirements → Design → Tasks) enables AI to handle enterprise-level complexity with complete traceability and zero technical debt.

Key Results:

  • :white_check_mark: Complex authentication issue resolved systematically in 5 hours

  • :white_check_mark: 100% task completion (16/16 tasks) with full traceability

  • :white_check_mark: 13 comprehensive documentation files auto-generated

  • :white_check_mark: AI-suggested enhancements (soft-delete + recycle bin)

  • :white_check_mark: Zero technical debt, production-ready code

Tech Stack:

The Challenge: ERP Complexity

Developing enterprise ERP systems like Moqui presents unique challenges:

  • Multi-layered architecture: Entities, services, REST APIs, authorization

  • Complex business logic: Authentication, permissions, data integrity

  • Traceability requirements: Every change must be documented and justified

  • Quality assurance: Enterprise-grade code with zero technical debt

Our Novel Anime Generator (built on Moqui) encountered a typical ERP issue:


❌ Error: User [No User] is not authorized for Update on Entity novel.anime.Project

This seemingly simple error involved multiple layers: JWT authentication, service authorization, entity operations, and REST API integration. Traditional ad-hoc debugging would take days. KSE solved it systematically in 5 hours.

KSE: The Spec-Driven Development Methodology

What is KSE?

Kiro Spec Engine (KSE) is a development methodology specifically designed for complex enterprise systems. It structures development into three rigorous phases:


Requirements → Design → Tasks

Each phase has clear deliverables, acceptance criteria, and bidirectional traceability to the next phase.

Universal AI Agent Integration: KSE is designed as a framework-agnostic methodology that can seamlessly integrate into any AI agent system:

  • :white_check_mark: Kiro IDE: Native integration (this case study)

  • :white_check_mark: Claude/ChatGPT: Via steering files and prompts

  • :white_check_mark: Cursor/Windsurf: Via project configuration

  • :white_check_mark: Custom AI Agents: Via KSE CLI and file-based workflow

  • :white_check_mark: CI/CD Pipelines: Automated spec validation and execution

KSE works through file-based specifications (.kiro/specs/ directory structure), making it compatible with any AI agent that can read/write files and follow structured workflows.

Why KSE for Complex ERP Systems?

1. Structured Complexity Management

ERP systems have inherent complexity. KSE doesn’t eliminate it—it structures it:


kse create-spec 08-02-auth-diagnosis-fix

# Phase 1: Requirements

# - 7 acceptance criteria

# - Edge cases documented

# - Non-functional requirements (security, performance)

# Phase 2: Design

# - 8 correctness properties

# - Component architecture

# - Bidirectional traceability matrix

# Phase 3: Tasks

# - 16 actionable implementation tasks

# - Each task links to design decisions

# - Each design decision links to requirements

2. Complete Traceability

In enterprise systems, you must know why every line of code exists:


Requirement 1.1: "System must validate JWT tokens"

↓ (traced to)

Design Component: "AuthenticationValidator"

↓ (traced to)

Task 3.1: "Create diagnose-token.ts script"

↓ (traced to)

Implementation: diagnose-token.ts (actual code)

KSE maintains this traceability automatically. AI can always answer: “Why did we implement this?”

3. Incremental Verification

Complex systems can’t be built in one shot. KSE enforces incremental progress:


- [x] 1. Set up diagnostic infrastructure ✅ Verified

- [x] 2.1 Create diagnose-frontend.ts ✅ Verified

- [x] 3.1 Create diagnose-token.ts ✅ Verified

- [ ] 4.1 Create diagnose-api.ts ← Work here next

Each task is implemented, verified, then marked complete. No “big bang” integration.

4. AI-Friendly Structure

KSE provides AI with exactly what it needs at each phase:

  • Requirements phase: Clear acceptance criteria (what to build)

  • Design phase: Architecture and contracts (how to build)

  • Tasks phase: Step-by-step implementation (build it)

AI doesn’t need to “figure out” the structure—KSE provides it.

Universal AI Agent Compatibility: KSE’s file-based approach means any AI agent can use it:


# File structure that any AI can read/write

.kiro/specs/my-feature/

├── requirements.md # Acceptance criteria

├── design.md # Architecture & components

└── tasks.md # Implementation checklist

# AI agents can:

# 1. Read the current phase

# 2. Understand context and traceability

# 3. Generate/update content

# 4. Mark tasks complete

# 5. Move to next phase

Whether you’re using Kiro IDE, Claude, ChatGPT, Cursor, or a custom AI agent, KSE provides the same structured workflow.

5. Built-in Quality Assurance

KSE includes quality enhancement commands:


kse enhance requirements # AI reviews completeness

kse enhance design # AI reviews architecture

kse enhance tasks # AI checks implementation

These commands help AI improve its own output, catching issues before they become problems.

KSE + Moqui: Perfect Match for ERP Development

Why This Combination Works

Moqui’s Declarative Architecture:

  • XML service definitions (clear structure)

  • Entity framework (no SQL complexity)

  • Built-in JWT and authorization

  • REST API auto-generation

KSE’s Structured Methodology:

  • Requirements → Design → Tasks workflow

  • Complete traceability

  • Incremental verification

  • AI-friendly context

Result: AI can systematically develop complex ERP features with enterprise-grade quality.

Real Example: Authentication Fix

The Problem (Multi-layered ERP complexity):

  1. JWT token generation (authentication layer)

  2. Service authorization (business logic layer)

  3. Entity operations (data layer)

  4. REST API integration (API layer)

KSE’s Systematic Approach:

Phase 1: Requirements (7 Acceptance Criteria)


1.1 Frontend authentication state must be diagnosable

1.2 JWT tokens must be validated correctly

1.3 API requests must include proper authentication

1.4 Backend must recognize authenticated users

1.5 Delete operations must respect authorization

1.6 Diagnostic tools must be comprehensive

1.7 Complete documentation must be generated

KSE Benefit: Clear scope, no ambiguity about what “done” means.

Phase 2: Design (Architecture + Traceability)


Component: DiagnosticToolkit

- Purpose: Systematic debugging infrastructure

- Interfaces:

- diagnose-frontend.ts → Check localStorage and auth store

- diagnose-token.ts → Decode and validate JWT

- diagnose-api.ts → Test API authentication

- diagnose-backend.sh → Test backend endpoints

Component: AuthenticationService (Moqui)

- Purpose: Generate real JWT tokens

- Implementation: Use JwtUtil.generateTokenPair()

- Traces to: Requirement 1.2, 1.4

Component: AuthorizationControl (Moqui)

- Purpose: Fine-grained permission management

- Implementation: ec.artifactExecution.disableAuthz()

- Traces to: Requirement 1.5

KSE Benefit: Every component has a clear purpose and traces back to requirements.

Phase 3: Tasks (16 Actionable Steps)


- [x] 1. Set up diagnostic infrastructure

- [x] 2.1 Create diagnose-frontend.ts script

Traces to: Design.DiagnosticToolkit

Validates: Requirement 1.1

- [x] 3.1 Create diagnose-token.ts script

Traces to: Design.DiagnosticToolkit

Validates: Requirement 1.2

- [x] 7. Run diagnostics and analyze results

Output: ROOT_CAUSE_IDENTIFIED.md

- [x] 11.1 Fix JWT token generation in AuthServices.xml

Traces to: Design.AuthenticationService

Validates: Requirement 1.2, 1.4

- [x] 11.2 Fix authorization in delete service

Traces to: Design.AuthorizationControl

Validates: Requirement 1.5

KSE Benefit: Each task is small, verifiable, and traceable. AI implements one at a time.

The Solution: Systematic Implementation

Diagnostic-First Approach (KSE-Guided)

Instead of guessing, KSE guided AI to build diagnostics first:


// diagnose-token.ts (AI-generated, Task 3.1)

const token = localStorage.getItem('novel_anime_access_token');

if (token && token.split('.').length === 3) {

// It's a JWT token

const payload = JSON.parse(atob(token.split('.')[1]));

console.log('✅ Valid JWT:', payload);

} else {

// Not a JWT!

console.log('❌ Invalid token format:', token);

// This revealed the root cause: "dev-token-xxx"

}

Result: Root cause identified in 2 hours (not 2 days of trial-and-error).

Moqui Service Fix (AI-Generated, Task 11.1)


// AuthServices.xml - Before (broken)

accessToken = "dev-token-" + System.currentTimeMillis()

// AuthServices.xml - After (AI-generated fix)

if (ec.user.loginUser(loginIdentifier, password)) {

def userId = ec.user.userId

def tokenPair = org.moqui.jwt.JwtUtil.generateTokenPair(userId, clientIp)

accessToken = tokenPair.getAccessToken()

refreshToken = tokenPair.getRefreshToken()

}

KSE Benefit: AI knew exactly what to fix (JWT generation) and why (Requirement 1.2, 1.4).

Authorization Fix (AI-Generated, Task 11.2)


// TestServices.xml - Delete service

ec.artifactExecution.disableAuthz()

try {

projectEntity.status = "deleted"

projectEntity.deletedDate = ec.user.nowTimestamp

projectEntity.update()

} finally {

ec.artifactExecution.enableAuthz()

}

KSE Benefit: AI understood the authorization layer and applied Moqui’s fine-grained control correctly.

AI-Suggested Enhancement (Beyond Requirements)

KSE’s structured approach enabled AI to suggest improvements:


AI Suggestion: Instead of hard delete, implement soft delete + recycle bin

Rationale:

- Better user experience (undo capability)

- Data safety (prevent accidental loss)

- Audit trail (compliance requirement)

New Services (AI-generated):

- get#DeletedProjects (recycle bin)

- restore#Project (undo delete)

New Entity Field (AI-added):

- deletedDate (timestamp)

KSE Benefit: Structured thinking enabled AI to go beyond requirements and suggest enterprise-grade enhancements.

Results: Why KSE Works for Complex ERP Systems

Development Metrics

| Metric | Traditional Approach | KSE Approach |

|--------|---------------------|--------------|

| Time to Root Cause | 1-2 days (trial-and-error) | 2 hours (systematic diagnostics) |

| Time to Fix | 2-3 days (multiple attempts) | 3 hours (structured implementation) |

| Task Completion | ~70% (scope creep) | 100% (16/16 tasks) |

| Documentation | Minimal (afterthought) | 13 files (auto-generated) |

| Technical Debt | High (quick fixes) | Zero (systematic approach) |

| Traceability | None | Complete (requirements → design → tasks) |

Why KSE Succeeds with ERP Complexity

1. Structured Complexity Management

  • ERP systems are inherently complex

  • KSE doesn’t eliminate complexity—it structures it

  • Each phase has clear deliverables and acceptance criteria

2. Complete Traceability

  • Every line of code traces back to a requirement

  • Essential for enterprise systems (compliance, audits)

  • AI maintains traceability automatically

3. Incremental Verification

  • Complex systems can’t be built in one shot

  • KSE enforces small, verifiable steps

  • Each task is implemented, tested, then marked complete

4. AI-Friendly Structure

  • AI doesn’t need to “figure out” the structure

  • KSE provides clear context at each phase

  • AI focuses on implementation, not planning

5. Quality Assurance Built-in

  • kse enhance commands catch issues early

  • AI reviews its own output

  • Enterprise-grade quality by default

Key Takeaways

For ERP Developers

  1. Complexity needs structure: Ad-hoc development doesn’t scale to ERP systems

  2. Traceability is essential: Know why every line of code exists

  3. Incremental progress: Small, verifiable steps beat “big bang” integration

  4. Documentation matters: KSE generates it automatically as you develop

For AI-Assisted Development

  1. Structure enables AI: KSE provides the framework AI needs to succeed

  2. Traceability guides AI: AI always knows why it’s implementing something

  3. Verification prevents errors: Incremental approach catches issues early

  4. Quality is systematic: Not dependent on AI “getting lucky”

  5. Universal compatibility: Works with any AI agent (Kiro, Claude, ChatGPT, Cursor, custom agents)

For Moqui Development

  1. Declarative architecture: Moqui’s XML services are AI-friendly

  2. Built-in enterprise features: JWT, authorization, entity framework

  3. KSE + Moqui: Perfect combination for complex ERP development

  4. Systematic approach: Handles multi-layered architecture systematically

Getting Started

1. Install KSE (Works with Any AI Agent)


npm install -g kiro-spec-engine

kse adopt --auto

KSE creates a .kiro/specs/ directory structure that any AI agent can read and follow.

2. Create Your First Spec


kse create-spec my-erp-feature

# KSE guides you through:

# - Requirements: What to build (acceptance criteria)

# - Design: How to build it (architecture, components)

# - Tasks: Build it (step-by-step implementation)

3. Use with Your Preferred AI Agent

Option A: Kiro IDE (Native Integration)


# AI automatically follows KSE workflow

# Full integration with task tracking and status updates

Option B: Claude/ChatGPT (Via Prompts)


# Share spec files with AI

# AI reads requirements.md, design.md, tasks.md

# AI implements tasks following KSE structure

Option C: Cursor/Windsurf (Via Project Config)


# Add KSE specs to project context

# AI uses specs as structured guidance

Option D: Custom AI Agent (Via CLI)


kse status # Check progress

kse enhance design # AI reviews architecture

kse enhance tasks # AI checks implementation

4. Try with Moqui


# Clone enhanced Moqui framework

git clone https://github.com/heguangyong/moqui-framework.git

# Clone example application

git clone https://github.com/heguangyong/novel-anime-generator.git

# Follow KSE workflow for your features

# Works with any AI agent you prefer

Conclusion

Kiro Spec Engine (KSE) provides a systematic methodology for developing complex ERP systems like Moqui. Through structured phases (Requirements → Design → Tasks), complete traceability, and incremental verification, KSE enables AI to handle enterprise-level complexity with confidence.

Key Benefits:

  • :white_check_mark: Structured complexity management: ERP complexity becomes manageable

  • :white_check_mark: Complete traceability: Every code change is justified and documented

  • :white_check_mark: Incremental verification: Catch issues early, not during integration

  • :white_check_mark: AI-friendly: Clear context enables AI to succeed systematically

  • :white_check_mark: Universal compatibility: Works with any AI agent (Kiro, Claude, ChatGPT, Cursor, custom)

  • :white_check_mark: Enterprise quality: Zero technical debt, production-ready code

Real Results:

  • 5 hours (systematic) vs. 2-3 days (ad-hoc)

  • 100% task completion with full traceability

  • 13 comprehensive documentation files

  • Zero technical debt

  • AI-suggested enhancements beyond requirements

Perfect for:

  • Complex ERP systems (like Moqui)

  • Enterprise applications requiring traceability

  • AI-assisted development at scale (any AI agent)

  • Teams needing systematic methodology

  • Multi-agent development workflows

Resources

Try KSE for your next ERP feature and experience systematic, traceable, AI-driven development!

#KSE #Moqui #ERP #AI-Driven-Development #Spec-Driven #Enterprise-Software

1 Like
2