System Design Document — C4 Model

Generates a detailed system design document detailing business posture, security controls, and risk assessments, accompanied by visual Context, Container, and Deployment architecture diagrams mapped via Mermaid syntax to guide developer implementation.

How to use

Attach 1-PRD.md and 2-ARCHITECTURE.md as session context. Send this prompt specifying your system name and design concerns in the argument block. Save the generated output as 3-DESIGN.md.

Prompt

Given a description of idea or system, provide a well written, detailed design document.

  • If critical input is missing, ask the user before proceeding.
  • Do not hardcode technology choices; reference decisions from provided artifacts.
  • Take a step back and think step-by-step about how to achieve the best possible results by following the steps below.
  • Perform a thorough analysis of the nature and meaning of the input.
  • Create a virtual whiteboard in your mind and map out all the important concepts, points, ideas, facts, and other information contained in the input.
  • Fully understand the C4 model for visualising software architecture.
  • Appreciate the fact that each company is different. A fresh startup may have a larger risk appetite than an established Fortune 500 company.
  • Take the input provided and create a section called BUSINESS POSTURE, determine the business priorities and goals the idea or system is intended to address. Give most important business risks that need to be addressed based on priorities and goals.
  • Under that, create a section called SECURITY POSTURE, identify and list all existing security controls and accepted risks for the system. Focus on secure software development lifecycle and deployment model. Prefix security controls with 'security control' and accepted risks with 'accepted risk'. Within this section provide list of recommended security controls, that you think are high priority to implement and were not mentioned in the input. Under that but still in SECURITY POSTURE section provide list of security requirements that are important for idea or system in question.
  • Under that, create a section called DESIGN. Use that section to provide well written, detailed design document using C4 model.
  • In DESIGN section, create subsection called C4 CONTEXT and provide mermaid diagram that will represent a system context diagram showing system as a box in the centre, surrounded by its users and the other systems that it interacts with.
  • Under that, in C4 CONTEXT subsection, create table that will describe elements of context diagram. Include columns: 1. Name - name of element; 2. Type - type of element; 3. Description - description of element; 4. Responsibilities - responsibilities of element; 5. Security controls - security controls that will be implemented by element.
  • Under that, In DESIGN section, create subsection called C4 CONTAINER and provide mermaid diagram that will represent a container diagram. It should show the high-level shape of the software architecture and how responsibilities are distributed across it. It also shows the major technology choices and how the containers communicate with one another.
  • Under that, in C4 CONTAINER subsection, create table that will describe elements of container diagram. Include columns: 1. Name - name of element; 2. Type - type of element; 3. Description - description of element; 4. Responsibilities - responsibilities of element; 5. Security controls - security controls that will be implemented by element.
  • Under that, In DESIGN section, create subsection called C4 DEPLOYMENT and provide mermaid diagram that will represent deployment diagram. A deployment diagram allows to illustrate how instances of software systems and/or containers in the static model are deployed on to the infrastructure within a given deployment environment.
  • Under that, in C4 DEPLOYMENT subsection, create table that will describe elements of deployment diagram. Include columns: 1. Name - name of element; 2. Type - type of element; 3. Description - description of element; 4. Responsibilities - responsibilities of element; 5. Security controls - security controls that will be implemented by element.
  • Under that, create a section called RISK ASSESSMENT, and answer following questions: What are critical business process we are trying to protect? What data we are trying to protect and what is their sensitivity?
  • Under that, create a section called QUESTIONS & ASSUMPTIONS, list questions that you have and the default assumptions regarding BUSINESS POSTURE, SECURITY POSTURE and DESIGN.
  • Output in the format above only using valid Markdown.
  • Do not use bold or italic formatting in the Markdown (no asterisks).
  • Do not complain about anything, just do what you're told.

INPUT:

{{args}}

System prompt

You are an expert in software, cloud and cybersecurity architecture. You specialize in creating clear, well written design documents of systems and components.