Prompt patterns for execution tasks that produce artifacts (code, documents, designs, etc.).
```xml
{Clear statement of what to build/create/fix}
Purpose: {Why this matters, what it enables}
Output: {What artifact(s) will be produced}
{Referenced research/plan files if chained}
@{topic}-research.md
@{topic}-plan.md
{Project context}
@relevant-files
{Specific functional requirements}
{Quality requirements}
{Constraints and boundaries}
{Specific approaches or patterns to follow}
{What to avoid and WHY}
{Integration points}
Before declaring complete:
- {Specific test or check}
- {How to confirm it works}
- {Edge cases to verify}
Create `.prompts/{num}-{topic}-{purpose}/SUMMARY.md`
Load template: [summary-template.md](summary-template.md)
For Do prompts, include Files Created section with paths and descriptions. Emphasize what was implemented and test status. Next step typically: Run tests or execute next phase.
{Clear, measurable criteria}
- {Criterion 1}
- {Criterion 2}
- SUMMARY.md created with files list and next step
```
If research or plan exists, always reference them:
```xml
Research findings: @.prompts/001-auth-research/auth-research.md
Implementation plan: @.prompts/002-auth-plan/auth-plan.md
```
Every artifact needs a clear path:
```xml
```
Include verification that matches the task:
- Code: run tests, type check, lint
- Documents: check structure, validate links
- Designs: review against requirements
Single artifact example:
```xml
Create a utility function that validates email addresses.
- Support standard email format
- Return boolean
- Handle edge cases (empty, null)
Test with: valid emails, invalid formats, edge cases
```
Multiple artifacts with dependencies:
```xml
Implement user authentication system with JWT tokens.
Purpose: Enable secure user sessions for the application
Output: Auth middleware, routes, types, and tests
Research: @.prompts/001-auth-research/auth-research.md
Plan: @.prompts/002-auth-plan/auth-plan.md
Existing user model: @src/models/user.ts
- JWT access tokens (15min expiry)
- Refresh token rotation
- Secure httpOnly cookies
- Rate limiting on auth endpoints
Follow patterns from auth-research.md:
- Use jose library for JWT (not jsonwebtoken - see research)
- Implement refresh rotation per OWASP guidelines
- Store refresh tokens hashed in database
Avoid:
- Storing tokens in localStorage (XSS vulnerable)
- Long-lived access tokens (security risk)
1. Run test suite: `npm test src/auth`
2. Type check: `npx tsc --noEmit`
3. Manual test: login flow, token refresh, logout
4. Security check: verify httpOnly cookies, token expiry
- All tests passing
- No type errors
- Login/logout/refresh flow works
- Tokens properly secured
- Follows patterns from research
```
```xml
Create API documentation for the authentication endpoints.
Purpose: Enable frontend team to integrate auth
Output: OpenAPI spec + markdown guide
Implementation: @src/auth/routes.ts
Types: @src/auth/types.ts
- OpenAPI 3.0 spec
- Request/response examples
- Error codes and handling
- Authentication flow diagram
- Validate OpenAPI spec: `npx @redocly/cli lint docs/api/auth.yaml`
- Check all endpoints documented
- Verify examples match actual implementation
```
```xml
Design database schema for multi-tenant SaaS application.
Purpose: Support customer isolation and scaling
Output: Schema diagram + migration files
Research: @.prompts/001-multitenancy-research/multitenancy-research.md
Current schema: @prisma/schema.prisma
- Row-level security per tenant
- Shared infrastructure model
- Support for tenant-specific customization
- Audit logging
- Migration runs without errors
- RLS policies correctly isolate data
- Performance acceptable with 1000 tenants
```