Step 1 of 9
Define the auth flow and metrics schema
Establish exactly what the login system must do and what metrics need to be captured before implementation starts.
If your stack already has auth or analytics packages, tell the builder to use them instead of inventing new ones.
Review this project and produce an implementation plan for a real login page with authentication and metrics tracking. Identify the current stack, existing auth provider if any, routing structure, protected pages, and available analytics or database options. Define the auth flow from page load to login success or failure, and list the exact events to track: login_page_view, login_attempt, login_success, login_failure, logout, and unauthorized_redirect. For each event, specify required fields such as timestamp, email or masked identifier when appropriate, failure reason, route, and session or user id if available.
Expected after this step
A concrete implementation plan listing auth flow steps, route protections, and the exact analytics events and data fields to record.
Should not happen
- ✕Building a login form that looks complete but does not authenticate against a real backend or auth service
- ✕Tracking metrics only in console logs without storing or sending them anywhere testable
- ✕Redirecting after login without actually persisting the authenticated session
- ✕Showing generic success states even when auth requests fail
Verify before continuing
Do not move on until every check is true. The complete button stays locked until then.
Do not continue if…
- !Building a login form that looks complete but does not authenticate against a real backend or auth service
- !Tracking metrics only in console logs without storing or sending them anywhere testable
- !Redirecting after login without actually persisting the authenticated session
- !Showing generic success states even when auth requests fail
- !Leaving protected routes accessible because route guards were not implemented
If the AI messes this up
Use this when the AI fakes progress or breaks the feature. It forces a real fix.
Your previous response was too generic. Re-inspect the actual project structure and give me a specific implementation plan based on the current stack, files, routes, auth method, and where metrics events will be stored or sent. Do not describe a mock example.