Requisitos Não-Funcionais (NFR)
Sport Tech Club - Plataforma SaaS para Arenas de Esportes de Praia
Visão Geral
Este documento especifica os requisitos não-funcionais críticos para garantir qualidade, performance, segurança e usabilidade da plataforma Sport Tech Club.
1. Performance
1.1 Latência de API
| Operação | P50 | P95 | P99 | Máximo |
|---|---|---|---|---|
| Leitura simples (GET) | 50ms | 100ms | 200ms | 500ms |
| Escrita simples (POST/PUT) | 100ms | 200ms | 400ms | 1s |
| Consultas complexas | 200ms | 500ms | 1s | 2s |
| Operações em lote | 500ms | 1s | 2s | 5s |
| WebSocket (tempo real) | 10ms | 30ms | 50ms | 100ms |
1.2 Throughput
yaml
api_gateway:
requests_per_second: 10000
concurrent_connections: 5000
websocket_connections: 50000
database:
read_operations_per_second: 50000
write_operations_per_second: 10000
connection_pool_size: 100
cache:
operations_per_second: 100000
hit_ratio_target: 95%1.3 Time to First Byte (TTFB)
| Recurso | Alvo | Máximo |
|---|---|---|
| HTML inicial | 200ms | 500ms |
| API REST | 100ms | 300ms |
| Assets estáticos (CDN) | 50ms | 150ms |
| WebSocket handshake | 100ms | 300ms |
1.4 Métricas de Frontend
yaml
core_web_vitals:
LCP: # Largest Contentful Paint
target: 2.5s
maximum: 4s
FID: # First Input Delay
target: 100ms
maximum: 300ms
CLS: # Cumulative Layout Shift
target: 0.1
maximum: 0.25
INP: # Interaction to Next Paint
target: 200ms
maximum: 500ms
bundle_size:
initial_load: 200KB # gzipped
lazy_chunks: 50KB # each
total_budget: 500KB2. Disponibilidade e Confiabilidade
2.1 SLA (Service Level Agreement)
| Tier | Disponibilidade | Downtime/Mês | Downtime/Ano |
|---|---|---|---|
| Produção | 99.9% | 43.8 min | 8.76 horas |
| Staging | 99.5% | 3.6 horas | 1.8 dias |
| Development | 99% | 7.2 horas | 3.65 dias |
2.2 Recovery Objectives
yaml
disaster_recovery:
RTO: 1h # Recovery Time Objective
RPO: 15min # Recovery Point Objective
failover:
automatic: true
detection_time: 30s
switchover_time: 60s
backup:
frequency: continuous (WAL streaming)
retention: 30 days
point_in_time_recovery: true2.3 Circuit Breaker Configuration
typescript
interface CircuitBreakerConfig {
// Threshold para abrir o circuito
failureThreshold: 5; // 5 falhas consecutivas
failureRateThreshold: 50; // 50% de falhas em janela
// Tempos
slowCallDurationThreshold: 2000; // ms
slowCallRateThreshold: 80; // %
// Recovery
waitDurationInOpenState: 30000; // ms
permittedNumberOfCallsInHalfOpenState: 3;
// Sliding window
slidingWindowType: 'COUNT_BASED';
slidingWindowSize: 10;
}2.4 Health Checks
yaml
health_checks:
liveness:
path: /health/live
interval: 10s
timeout: 5s
failure_threshold: 3
readiness:
path: /health/ready
interval: 15s
timeout: 10s
failure_threshold: 2
checks:
- database
- redis
- rabbitmq
- keycloak
startup:
path: /health/startup
initial_delay: 30s
timeout: 60s3. Escalabilidade
3.1 Horizontal Scaling
yaml
autoscaling:
api_gateway:
min_replicas: 3
max_replicas: 20
cpu_threshold: 70%
memory_threshold: 80%
scale_up_cooldown: 60s
scale_down_cooldown: 300s
microservices:
scheduling:
min: 2
max: 10
booking:
min: 3
max: 15
notification:
min: 2
max: 8
workers:
min: 2
max: 20
queue_depth_threshold: 10003.2 Database Scaling
yaml
postgresql:
primary:
instance_type: db.r6g.2xlarge
storage: 500GB SSD
iops: 10000
read_replicas:
count: 2
instance_type: db.r6g.xlarge
lag_threshold: 100ms
connection_pooling:
pgbouncer:
pool_mode: transaction
default_pool_size: 50
max_client_conn: 10003.3 Limites de Multi-tenancy
yaml
tenant_limits:
small: # até 5 quadras
users: 500
bookings_per_month: 5000
storage_gb: 10
api_requests_per_minute: 100
medium: # 6-15 quadras
users: 2000
bookings_per_month: 20000
storage_gb: 50
api_requests_per_minute: 500
large: # 16+ quadras
users: 10000
bookings_per_month: 100000
storage_gb: 200
api_requests_per_minute: 2000
enterprise:
users: unlimited
bookings_per_month: unlimited
storage_gb: 1000
api_requests_per_minute: 100004. Segurança
4.1 Autenticação
yaml
authentication:
protocol: OpenID Connect
provider: Keycloak
password_policy:
min_length: 12
require_uppercase: true
require_lowercase: true
require_numbers: true
require_special: true
max_age_days: 90
history_count: 5
mfa:
required_for: [admin, arena_owner]
methods: [totp, sms, email]
session:
access_token_ttl: 15m
refresh_token_ttl: 7d
idle_timeout: 30m
absolute_timeout: 24h
rate_limiting:
login_attempts: 5 per 15 minutes
lockout_duration: 30 minutes4.2 Autorização
yaml
authorization:
model: RBAC + ABAC
rbac_roles:
- super_admin
- arena_owner
- arena_manager
- instructor
- receptionist
- player
abac_attributes:
- tenant_id
- resource_owner
- time_of_day
- ip_address
- device_trust_level4.3 Criptografia
yaml
encryption:
at_rest:
algorithm: AES-256-GCM
key_management: AWS KMS
key_rotation: 90 days
in_transit:
protocol: TLS 1.3
cipher_suites:
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
certificate_rotation: 30 days
pii_fields:
- cpf (masked)
- email (encrypted)
- phone (encrypted)
- address (encrypted)4.4 Compliance Headers
yaml
security_headers:
Content-Security-Policy: >
default-src 'self';
script-src 'self' 'unsafe-inline' cdn.example.com;
style-src 'self' 'unsafe-inline' fonts.googleapis.com;
img-src 'self' data: https:;
font-src 'self' fonts.gstatic.com;
connect-src 'self' api.sporttechclub.com wss://rt.sporttechclub.com;
frame-ancestors 'none';
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=(self), camera=(), microphone=()5. Usabilidade
5.1 Acessibilidade (WCAG 2.1 AA)
yaml
accessibility:
level: WCAG 2.1 AA
perceivable:
- text_alternatives: all images have alt text
- captions: videos have captions
- contrast_ratio: 4.5:1 (normal), 3:1 (large)
- resize: up to 200% without loss
operable:
- keyboard: all functions keyboard accessible
- focus_visible: clear focus indicators
- timing: adjustable or extendable
- seizure_safe: no flashing content
understandable:
- language: declared in HTML
- predictable: consistent navigation
- input_assistance: error identification
robust:
- parsing: valid HTML
- aria: proper ARIA usage
- compatibility: works with assistive tech5.2 Internacionalização (i18n)
yaml
internationalization:
default_locale: pt-BR
supported_locales:
- pt-BR (Brazilian Portuguese)
- en-US (American English)
- es-ES (Spanish)
features:
- date_format: locale-aware
- number_format: locale-aware
- currency: BRL, USD, EUR
- timezone: user preference
- rtl_support: false (future)
content:
- ui_strings: 100% translated
- error_messages: 100% translated
- email_templates: 100% translated
- legal_documents: 100% translated5.3 Responsividade
yaml
responsive_breakpoints:
xs: 0-575px # Mobile portrait
sm: 576-767px # Mobile landscape
md: 768-991px # Tablet
lg: 992-1199px # Desktop
xl: 1200-1399px # Large desktop
xxl: 1400px+ # Extra large
touch_targets:
minimum_size: 44x44px
spacing: 8px minimum
mobile_first:
approach: true
critical_features:
- booking_flow
- check_in
- court_status
- notifications6. Manutenibilidade
6.1 Code Quality
yaml
code_quality:
coverage:
unit_tests: 80%
integration_tests: 60%
e2e_tests: critical paths
static_analysis:
linting: ESLint + Prettier
type_checking: TypeScript strict
security_scan: Snyk, npm audit
complexity:
cyclomatic: max 10 per function
cognitive: max 15 per function
file_length: max 300 lines
function_length: max 50 lines6.2 Documentation
yaml
documentation:
code:
- JSDoc for public APIs
- README per module
- Architecture Decision Records
api:
- OpenAPI 3.0 spec
- AsyncAPI for events
- Postman collections
operations:
- Runbooks
- Incident response
- Disaster recovery6.3 Deployment
yaml
deployment:
strategy: blue-green
ci_cd:
pipeline_time: < 15 minutes
deployment_frequency: multiple per day
lead_time: < 1 hour
rollback:
automatic: on health check failure
time_to_rollback: < 5 minutes
feature_flags:
provider: custom implementation
gradual_rollout: supported7. Observabilidade
7.1 Logging
yaml
logging:
format: JSON structured
levels:
production: INFO
staging: DEBUG
development: DEBUG
fields:
required:
- timestamp
- level
- message
- correlation_id
- tenant_id
- user_id
- service
retention:
hot: 7 days
warm: 30 days
cold: 1 year
pii_handling:
- mask: cpf, credit_card
- hash: email, phone
- exclude: password7.2 Métricas
yaml
metrics:
collection: Prometheus
visualization: Grafana
types:
RED: # Request, Error, Duration
- request_count
- error_rate
- latency_histogram
USE: # Utilization, Saturation, Errors
- cpu_usage
- memory_usage
- connection_pool_usage
business:
- bookings_per_minute
- revenue_per_hour
- active_users
- court_utilization
scrape_interval: 15s
retention: 15 days7.3 Tracing
yaml
tracing:
protocol: OpenTelemetry
sampling:
production: 10%
staging: 100%
propagation:
- traceparent
- tracestate
- baggage
spans:
- http_request
- database_query
- cache_operation
- external_api_call
- message_publish
- message_consume7.4 Alerting
yaml
alerting:
channels:
- slack: #alerts-prod
- pagerduty: critical only
- email: daily digest
severity_levels:
critical: # P1 - Immediate response
response_time: 15 minutes
examples:
- service_down
- error_rate > 10%
- latency_p99 > 5s
warning: # P2 - Same day
response_time: 4 hours
examples:
- error_rate > 1%
- latency_p95 > 2s
- disk_usage > 80%
info: # P3 - Next business day
response_time: 24 hours
examples:
- deployment_complete
- backup_successful8. Compatibilidade
8.1 Browser Support
yaml
browsers:
desktop:
chrome: last 2 versions
firefox: last 2 versions
safari: last 2 versions
edge: last 2 versions
mobile:
chrome_android: last 2 versions
safari_ios: last 2 versions
samsung_internet: last 2 versions
not_supported:
- Internet Explorer
- Opera Mini8.2 Device Support
yaml
devices:
mobile:
ios: 14+
android: 10+
screen_sizes: 320px - 428px
tablet:
ipad: iPadOS 14+
android_tablet: 10+
screen_sizes: 768px - 1024px
desktop:
windows: 10+
macos: 11+
linux: modern distributions8.3 API Versioning
yaml
api_versioning:
strategy: URL path (/v1, /v2)
deprecation_policy:
notice_period: 6 months
sunset_period: 12 months
backward_compatibility:
minor_versions: guaranteed
major_versions: migration guide provided9. Resumo de SLIs/SLOs
| Indicador | SLO | Medição |
|---|---|---|
| Disponibilidade | 99.9% | Uptime mensal |
| Latência P95 | < 200ms | Percentil 95 de todas as requisições |
| Taxa de Erro | < 0.1% | Erros 5xx / Total requisições |
| Throughput | > 10k RPS | Requisições por segundo no pico |
| Apdex Score | > 0.95 | Satisfação do usuário (T=500ms) |
| MTTR | < 1 hora | Mean Time To Recovery |
| Deployment Success | > 99% | Deploys sem rollback |
10. Checklist de Compliance
- [ ] Performance: Todas as métricas dentro dos limites
- [ ] Disponibilidade: SLA 99.9% atingido
- [ ] Segurança: Penetration test aprovado
- [ ] Acessibilidade: WCAG 2.1 AA auditado
- [ ] LGPD: Conformidade verificada
- [ ] Observabilidade: Dashboards e alertas configurados
- [ ] Documentação: APIs e runbooks atualizados
- [ ] Disaster Recovery: Testes trimestrais executados