事件建模指南：遵循Martin Dilger方法论，构建事件驱动系统的完整模型

event-modeling by jwilger/agent-skills

76 周安装量

2 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/jwilger/agent-skills --skill event-modeling

方法论设计系统架构

🇨🇳中文介绍

事件建模

价值： 沟通 —— 事件建模是一种结构化的对话，它能在编写任何代码之前，挖掘隐藏的领域知识，并在人类与智能体之间建立共同的理解。

目的

教导智能体遵循 Martin Dilger 的 "Understanding Eventsourcing" 方法论来引导事件建模会话。生成一个完整的事件模型（参与者、事件、命令、读取模型、自动化、切片），以驱动所有下游实现。该模型位于 docs/event_model/ 目录中。

实践

两阶段流程：先探索，后设计

在没有广泛理解领域之前，切勿直接进入详细的工作流设计。第一阶段是绘制地图；第二阶段是探索每个区域。

第一阶段 —— 领域探索。 识别业务做什么、参与者是谁、存在哪些主要流程、集成了哪些外部系统，以及要建模哪些工作流。向用户提出这些问题；不要假设答案。输出：docs/event_model/domain/overview.md。

第二阶段 —— 工作流设计。 对于每个工作流，遵循 9 步流程。你必须遵循 references/nine-steps.md 中的完整方法论。一次设计一个工作流。在开始下一个工作流之前，完成所有 9 个步骤。输出：docs/event_model/workflows/<name>/overview.md 以及 slices/ 目录中的各个切片文件。

首要原则：不丢失信息

存储发生了什么（事件），而不仅仅是当前状态。事件是使用业务语言描述的、不可变的过去式事实。每个读取模型字段都必须能追溯到某个事件。如果一个字段没有来源事件，则模型中缺少了某些东西。

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

每种切片模式所需的层

每种切片模式都隐含了一组最小的架构层。一个切片在所有必需的层都被实现并连接在一起之前，是不完整的。

状态视图：基础设施（从存储中读取事件/数据）+ 领域（投影/查询逻辑）+ 表示层（渲染或返回结果给调用者）+ 应用连接（端到端连接各层）
状态变更：表示层（接受用户输入或外部请求）+ 领域（命令验证和业务规则）+ 基础设施（持久化产生的事件/数据）+ 应用连接（端到端连接各层）
自动化：基础设施（检测触发条件 —— 定时器、外部事件、阈值）+ 领域（策略/决策逻辑）+ 基础设施（执行产生的动作 —— 发送消息、写入数据、调用服务）+ 应用连接（将触发器连接到策略再到动作）
转换：基础设施（从外部系统接收）+ 领域（映射/转换逻辑）+ 基础设施（交付到目标系统）+ 应用连接（连接入站适配器、映射器、出站适配器）

在分解一个切片时，请验证你的验收标准和任务分解是否涵盖了每一个必需的层。一个只实现了领域逻辑而没有表示层或基础设施的切片是不完整的 —— 它是一个组件，而不是一个垂直切片。

在工作流设计之后，为每个切片生成 Given/When/Then 场景。这些将成为实现的验收标准。

命令场景： Given = 建立状态的先前事件。When = 包含具体数据的命令。Then = 产生的事件或一个错误（两者不会同时出现）。

视图场景： Given = 当前的投影状态。When = 一个新事件。Then = 产生的投影状态。视图不能拒绝事件。

关键区别： GWT 场景测试业务规则（依赖于状态的政策），而不是数据验证（属于类型系统的格式/结构检查）。如果类型系统可以使无效状态无法表示，那么它就不是一个 GWT 场景。

你必须使用 references/gwt-template.md 来获取完整的场景格式和示例。

应用边界验收场景

每个垂直切片必须至少包含一个在应用边界定义的 GWT 场景：

Given：系统处于已知状态（先前事件、种子数据、配置）
When：用户（或外部调用者）通过应用程序的外部接口进行交互 —— 具体接口取决于项目（HTTP 端点、CLI 命令、消息队列消费者、UI 操作等）
Then：结果可以在同一边界观察到 —— 响应、输出、渲染的状态变化、发出的事件等。

一个完全可以通过在单元测试中调用内部函数来满足的 GWT 场景，描述的是单元级别的规范，而不是切片验收标准。切片验收标准必须执行从外部输入到可观察输出的完整路径。

在应用边界可以进行程序化测试的地方 —— HTTP 端点、CLI 输出解析、无头浏览器自动化、消息队列断言、API 契约测试等 —— 编写自动化的验收测试，从外部输入到可观察输出，完整地执行 GWT 场景。这些测试提供快速反馈，并作为切片行为的活文档。

在自动化边界测试不可行的地方（复杂的 GUI 交互、依赖于硬件的行为、视觉/美学验证），记录人工应手动验证的内容：要执行的具体步骤和预期的可观察结果。这份手动验证清单成为切片完成定义的一部分。

共享事件模式的切片是独立的。事件模式是共享的契约。命令切片通过断言产生的事件进行测试；视图切片使用合成事件夹具进行测试。两者都不需要对方先实现。切片之间没有人为的依赖链。

在编写完 GWT 场景后，验证模型的完整性：

每个读取模型字段都能追溯到某个事件
每个事件都有一个触发命令、自动化或转换
每个命令都有文档化的拒绝条件（业务规则）
每个自动化都有一个终止条件
GWT Given/When/Then 子句没有引用未定义的元素

当发现缺口时，请用户澄清，创建缺失的元素，并重新验证。不要在缺口仍然存在的情况下继续。

你是一个引导者，而不是一个速记员。提出探究性问题。挑战假设。在每个事件、每个命令、每个答案之后，不断追问"然后发生了什么？"。使用业务语言，而不是技术术语。在事件建模期间，不要讨论数据库、API、框架或实现。唯一的例外：按名称和目的记录强制性的第三方集成。

按顺序遵循所有步骤 —— 这个过程揭示了理解
坚持不懈地问"然后发生了什么？"
在所有示例和场景中使用具体、真实的数据
一次设计一个工作流
在继续之前确保信息完整性
对于读取模型字段，询问"这些是否可以同时存在多个？"
在将自动化标记为自动化之前，验证其是否包含所有四个组件

因为认为自己了解足够多而跳过步骤
在建模期间做出架构或实现决策
为数据验证编写 GWT 场景（使用类型系统）
同时设计多个工作流
在模型存在缺口的情况下继续

独立模式：建议性。智能体按照约定遵循九步方法论。
流水线模式：门控性。不完整的模型（缺少 GWT 场景、未定义的自动化）会阻止切片分解。

不要在模型存在缺口的情况下继续：[RP]

"必须遵循 nine-steps.md"：遵循九个步骤意味着执行每个步骤的具体活动并产生其特定的输出。它并不意味着阅读参考文档并声称"我遵循了其精神"。每个步骤都有定义的输出 —— 产生它们。
"不要同时设计多个工作流"：这包括在工作流 1 的步骤未完成时，开始工作流 2 的"探索"。探索就是设计。如果你正在收集关于未来工作流的信息，你就是在设计它。
引导与速记：引导意味着提出帮助领域专家发现他们尚未阐明的事情的问题。它并不意味着提出引导性问题，将答案引向你偏好的方向。测试标准是：专家的答案是否真的能让你感到惊讶？如果不能，你就是在引导，而不是在引导。

完成事件建模工作后，验证：

领域概览存在于 docs/event_model/domain/overview.md，包含参与者、工作流、外部集成和推荐的起始工作流
每个已设计的工作流都有 docs/event_model/workflows/<name>/overview.md，且所有 9 个步骤均已完成
所有事件都是过去式、业务语言、不可变的事实
每个读取模型字段都能追溯到一个来源事件
每个事件都有一个触发器（命令、自动化或转换）
自动化包含所有四个组件（事件、读取模型、条件逻辑、命令）
当领域支持并发实例时，读取模型字段使用集合类型
没有将横切关注点基础设施建模为转换切片
每个切片都存在 GWT 场景（内联在 docs/event_model/workflows/<name>/slices/*.md 中），并包含具体数据
GWT 错误场景仅测试业务规则，不测试数据验证
共享事件模式的切片可以独立测试（没有人为的依赖链）
验证后模型中不再存在缺口

如果任何标准未满足，请在继续之前重新审视相关实践。

此技能可独立工作。为了增强工作流，它与以下技能集成：

domain-modeling： 事件揭示了领域类型（Email、Money、OrderStatus），这些类型可由领域建模技能进行细化
tdd： 每个垂直切片对应一个 TDD 周期
architecture-decisions： 事件模型为架构提供信息；ADR 不应在事件建模本身期间编写
task-management： 工作流映射到史诗，切片映射到任务

缺少依赖项？请使用以下命令安装：

npx skills add jwilger/agent-skills --skill domain-modeling

🇺🇸English

Event Modeling

Value: Communication -- event modeling is a structured conversation that surfaces hidden domain knowledge and creates shared understanding between humans and agents before any code is written.

Purpose

Teaches the agent to facilitate event modeling sessions following Martin Dilger's "Understanding Eventsourcing" methodology. Produces a complete event model (actors, events, commands, read models, automations, slices) that drives all downstream implementation. The model lives in docs/event_model/.

Practices

Two-Phase Process: Discovery Then Design

Never jump into detailed workflow design without broad domain understanding first. Phase 1 maps the territory; Phase 2 explores each region.

Phase 1 -- Domain Discovery. Identify what the business does, who the actors are, what major processes exist, what external systems integrate, and which workflows to model. Ask these questions of the user; do not assume answers. Output: docs/event_model/domain/overview.md.

Phase 2 -- Workflow Design. For each workflow, follow the 9-step process. You MUST follow references/nine-steps.md for the full methodology. Design one workflow at a time. Complete all 9 steps before starting the next workflow. Output: docs/event_model/workflows/<name>/overview.md plus individual slice files in slices/.

The Prime Directive: Not Losing Information

Store what happened (events), not just current state. Events are immutable past-tense facts in business language. Every read model field must trace back to an event. If a field has no source event, something is missing from the model.

Event Design Rules

Name events in past tense using business language: OrderPlaced, not PlaceOrder or CreateOrderDTO
Events are immutable facts -- never modify or delete
Include relevant data: what happened, when, who/what caused it
Find the right granularity -- not DataUpdated (too broad) and not FieldXChanged (too narrow)
Commands depend on user inputs and the event stream, not read models. Read models serve views and automations only.
Events record domain facts (true on any machine). Runtime context (file paths, hostnames, PIDs, working directories) does not belong in event data.

The Four Patterns

Every event-sourced system uses these patterns. Each pattern maps to one vertical slice.

State Change: Command -> Event. The only way to modify state. A command may produce multiple events as part of a single operation.
State View: Events -> Read Model. How the system answers queries. When the domain supports concurrent instances, use collection types in read model fields, not singular values. Commands derive their inputs from user-provided data and the event stream — never from read models. No ReadModel → Command edges should appear in diagrams. If a command needs to check whether something already happened (e.g., idempotency), it checks the event stream, not a read model. Read models represent meaningful domain projections. Infrastructure preconditions ("does directory exist?", "is service running?") that are implicit in the command's execution context do not need their own read model.
Automation: Event -> Read Model (todo list) -> Process -> Command -> Event. Background work triggered by events. Requires all four components: triggering event, read model consulted, conditional process logic, and resulting command. If there is no read model and no conditional logic, it is NOT an automation — it is a command producing multiple events. Must have clear termination conditions.
Translation: External Data -> Internal Event. Anti-corruption layer for workflow-specific external integrations. Generic infrastructure shared by all workflows (event persistence, message transport) is NOT a Translation — it is cross-cutting infrastructure that belongs outside the event model.

Required Layers Per Slice Pattern

Each slice pattern implies a minimum set of architectural layers. A slice is not complete until all required layers are implemented and wired together.

State View : infrastructure (read events/data from store) + domain (projection/query logic) + presentation (render or return result to caller) + application wiring (connect layers end-to-end)
State Change : presentation (accept user input or external request) + domain (command validation and business rules) + infrastructure (persist resulting events/data) + application wiring (connect layers end-to-end)
Automation : infrastructure (detect triggering condition — timer, external event, threshold) + domain (policy/decision logic) + infrastructure (execute resulting action — send message, write data, call service) + application wiring (connect trigger to policy to action)
Translation : infrastructure (receive from external system) + domain (mapping/transformation logic) + infrastructure (deliver to target system) + application wiring (connect inbound adapter to mapper to outbound adapter)

When decomposing a slice, verify that your acceptance criteria and task breakdown cover every required layer. A slice that only implements domain logic without presentation or infrastructure is incomplete — it is a component, not a vertical slice.

GWT Scenarios

After workflow design, generate Given/When/Then scenarios for each slice. These become acceptance criteria for implementation.

Command scenarios: Given = prior events establishing state. When = the command with concrete data. Then = events produced OR an error (never both).

View scenarios: Given = current projection state. When = one new event. Then = resulting projection state. Views cannot reject events.

Critical distinction: GWT scenarios test business rules (state-dependent policies), not data validation (format/structure checks that belong in the type system). If the type system can make the invalid state unrepresentable, it is not a GWT scenario.

You MUST use references/gwt-template.md for the full scenario format and examples.

Application-Boundary Acceptance Scenarios

Every vertical slice MUST include at least one GWT scenario defined at the application boundary:

Given : The system is in a known state (prior events, seed data, configuration)
When : A user (or external caller) interacts through the application's external interface — the specific interface depends on the project (HTTP endpoint, CLI command, message queue consumer, UI action, etc.)
Then : The result is observable at that same boundary — a response, output, rendered state change, emitted event, etc.

A GWT scenario that can be satisfied entirely by calling an internal function in a unit test describes a unit-level specification, not a slice acceptance criterion. Slice acceptance criteria must exercise the path from external input to observable output.

Acceptance Test Strategy

Where the application boundary is programmatically testable — HTTP endpoints, CLI output parsing, headless browser automation, message queue assertions, API contract tests, etc. — write automated acceptance tests that exercise the full GWT scenario from external input to observable output. These tests provide fast feedback and serve as living documentation of slice behavior.

Where automated boundary testing is not feasible (complex GUI interactions, hardware-dependent behavior, visual/aesthetic verification), document what the human should manually verify: the specific steps to perform and the expected observable result. This manual verification checklist becomes part of the slice's definition of done.

Slice Independence

Slices sharing an event schema are independent. The event schema is the shared contract. Command slices test by asserting on produced events; view slices test with synthetic event fixtures. Neither needs the other to be implemented first. No artificial dependency chains between slices.

Model Validation

After GWT scenarios are written, validate the model for completeness:

Every read model field traces to an event
Every event has a triggering command, automation, or translation
Every command has documented rejection conditions (business rules)
Every automation has a termination condition
GWT Given/When/Then clauses do not reference undefined elements

When gaps are found, ask the user to clarify, create the missing element, and re-validate. Do not proceed with gaps remaining.

Facilitation Mindset

You are a facilitator, not a stenographer. Ask probing questions. Challenge assumptions. Keep asking "And then what happens?" after every event, every command, every answer. Use business language, not technical jargon. Do not discuss databases, APIs, frameworks, or implementation during event modeling. The only exception: note mandatory third-party integrations by name and purpose.

Do:

Follow all steps in order -- the process reveals understanding
Ask "And then what happens?" relentlessly
Use concrete, realistic data in all examples and scenarios
Design one workflow at a time
Ensure information completeness before proceeding
Ask "Can there be more than one of these at the same time?" for read model fields
Verify automations have all four components before labeling them as such

Do not:

Skip steps because you think you know enough
Make architecture or implementation decisions during modeling
Write GWT scenarios for data validation (use the type system)
Design multiple workflows simultaneously
Proceed with gaps in the model

Enforcement Note

Standalone mode : Advisory. The agent follows the nine-step methodology by convention.
Pipeline mode : Gating. Incomplete models (missing GWT scenarios, undefined automations) block slice decomposition.

Hard constraints:

Do not proceed with gaps in the model: [RP]

Constraints

"MUST follow nine-steps.md" : Following the nine steps means executing each step's specific activities and producing its specific outputs. It does not mean reading the reference and claiming "I followed the spirit." Each step has defined outputs -- produce them.
"Do not design multiple workflows simultaneously" : This includes starting "discovery" for Workflow 2 while Workflow 1's steps are incomplete. Discovery IS design. If you're gathering information about a future workflow, you're designing it.
Facilitation vs. stenography : Facilitation means asking questions that help the domain expert discover things they haven't articulated yet. It does not mean asking leading questions that guide toward your preferred answer. The test: could the expert's answer genuinely surprise you? If not, you're leading, not facilitating.

Verification

After completing event modeling work, verify:

Domain overview exists at docs/event_model/domain/overview.md with actors, workflows, external integrations, and recommended starting workflow
Each designed workflow has docs/event_model/workflows/<name>/overview.md with all 9 steps completed
All events are past tense, business language, immutable facts
Every read model field traces to a source event
Every event has a trigger (command, automation, or translation)
Automations have all four components (event, read model, conditional logic, command)
Read model fields use collection types when domain supports concurrent instances
No cross-cutting infrastructure modeled as Translation slices
GWT scenarios exist for each slice (inline in docs/event_model/workflows/<name>/slices/*.md) with concrete data
GWT error scenarios test business rules only, not data validation
Slices sharing an event schema are independently testable (no artificial dependency chains)
No gaps remain in the model after validation

If any criterion is not met, revisit the relevant practice before proceeding.

Dependencies

This skill works standalone. For enhanced workflows, it integrates with:

domain-modeling: Events reveal domain types (Email, Money, OrderStatus) that the domain modeling skill refines
tdd: Each vertical slice maps to one TDD cycle
architecture-decisions: Event model informs architecture; ADRs should not be written during event modeling itself
task-management: Workflows map to epics, slices map to tasks

Missing a dependency? Install with:

npx skills add jwilger/agent-skills --skill domain-modeling

Weekly Installs

Repository

jwilger/agent-skills

GitHub Stars

First Seen

Feb 12, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

claude-code67

codex63

cursor63

opencode61

github-copilot61

amp61