RETRIEVAL DATA PRODUCT SPEC (ONE-PAGE TEMPLATE) 1) Name + purpose - Product name: - Intended users (roles/teams/tenants): - Primary jobs-to-be-done (3–5 bullets): - Explicit non-goals (what it must refuse or redirect): 2) Sources of truth (registry) For each source, record: - System: (Confluence / Notion / GitHub / Google Drive / SharePoint / Zendesk / Salesforce / etc.) - What topics it is authoritative for: - Owner (person/team): - Content type: (policy / runbook / tutorial / contract / ticket / PRD) - Deletion/retention expectations: 3) Freshness + lifecycle - Freshness requirement by topic: (e.g., “policy must reflect latest published version”) - Sync method: (webhook/poll/manual) - Update cadence: - What triggers an emergency re-index: - Stale-content behavior: (refuse / warn / fallback to human) 4) Permissions + access model - Identity provider(s): (Okta / Entra ID / Google Workspace / etc.) - Permission mechanism per source: (ACLs, groups, folder sharing) - Retrieval-time enforcement approach: - Required user attributes (dept, region, tenant, employment status): - Required document attributes/tags: - Audit logging requirements: what gets logged and where it’s stored 5) Indexing & representation decisions - Chunking policy (by heading/procedure/FAQ pairs/etc.): - Required metadata fields (doc_id, source, owner, created_at, updated_at, sensitivity, region, product_area): - Citation format required in outputs: - Redaction rules (what must never appear in retrieved text): 6) Grounding rules (output constraints) - “No citation, no claim” rule? (yes/no) - Refusal categories (legal, HR, security, medical, financial, etc.): - Escalation path (who/what to route to): - Allowed tools/actions (if any) and hard stops: 7) Evals & release gates - Golden question set location (repo/path): - What gets tested on every change: - Retrieval correctness - Permission negatives - Citation presence/quality - Freshness after updates - Refusal behavior - CI gate: what constitutes a fail: - Human review requirements (who signs off): 8) Operational ownership - DRI (directly responsible individual): - On-call / escalation: - Incident types and playbook link: - Backlog for known issues: 9) Rollout plan - First integration surface (Slack, web app, internal portal, IDE): - Limited launch group: - Feedback channel: - Criteria to expand access: Use this as a forcing function: if a field is hard to fill in, that’s the work. The model won’t save you from missing ownership, permissions, or freshness.