Step 1 of 13
Define auth requirements
Clarify exactly what the authentication system must do before building it.
This step prevents the AI from creating only a visual signup form. Paste the Context Pack first.
Create a complete authentication requirements spec for this app. Include user signup, login, logout, session persistence, protected dashboard routes, validation rules, error states, loading states, duplicate email handling, and mobile behavior. Make clear that the implementation must be functional, not only visual.
Expected after this step
A clear auth spec that can guide implementation.
Should not happen
- ✕AI creates a signup form with no real persistence
- ✕Login button redirects visually but does not store session state
- ✕Protected routes can still be opened while logged out
- ✕Duplicate emails are not handled
Verify before continuing
Do not move on until every check is true. The complete button stays locked until then.
Do not continue if…
- !AI creates a signup form with no real persistence
- !Login button redirects visually but does not store session state
- !Protected routes can still be opened while logged out
- !Duplicate emails are not handled
- !Errors only appear in console, not UI
- !Session dies on refresh because nothing was persisted
If the AI messes this up
Use this when the AI fakes progress or breaks the feature. It forces a real fix.
The auth requirements are too vague. Rewrite them as a strict implementation checklist that prevents fake UI-only authentication.