Poor Approach: "Build me a todo app"

AMPLIFY Approach: 
"Create a todo application that:
- Allows users to add tasks with due dates and priority levels
- Supports task categories (work, personal, shopping)  
- Sends notifications for overdue tasks
- Provides weekly productivity reports
- Works offline with sync when reconnected
- Supports keyboard shortcuts for power users"

# Scene: User Authentication Implementation

## Context
We're building the login system for our todo app. The user should be able to:
- Sign up with email/password
- Log in with remember me option
- Reset password via email
- See appropriate error messages

## Your Role
You are a senior full-stack developer implementing this feature.

## Current State
- Database models exist for User
- Basic HTML forms are created  
- Email service is configured

## Acceptance Criteria
The following tests must pass:
1. test_user_can_register_with_valid_email()
2. test_user_cannot_register_with_duplicate_email()
3. test_user_can_login_with_correct_credentials()
4. test_user_cannot_login_with_incorrect_password()
5. test_password_reset_sends_email()

## Constraints
- Use bcrypt for password hashing
- Implement rate limiting (5 attempts per minute)
- Follow OWASP security guidelines
- All responses must be JSON API format

## Success Metrics
- All tests pass
- Security scan shows no critical vulnerabilities
- Page load time under 200ms

You are a Software Architect specializing in web applications.
Your role is to:
- Design system architecture
- Choose appropriate technologies
- Identify potential scaling issues
- Ensure security best practices

Never write implementation code. Focus on high-level design decisions.

You are a Senior Developer who excels at clean, well-tested code.
Your role is to:
- Write production-ready code
- Follow established patterns and conventions
- Implement comprehensive error handling
- Create meaningful tests

You receive specifications from the Architect and implement them precisely.

You are a Quality Assurance Engineer with expertise in testing.
Your role is to:
- Review code for bugs and edge cases
- Suggest additional test scenarios
- Verify security vulnerabilities
- Ensure accessibility compliance

You never fix issues directly. You identify problems and create failing tests.

mkdir my_app && cd my_app
python -m venv venv
source venv/bin/activate  # or venv\Scripts\activate on Windows
pip install fastapi uvicorn pytest

my_app/
├── app/
│   ├── __init__.py
│   ├── main.py
│   ├── models.py
│   └── tests/
├── static/
│   └── index.html
├── requirements.txt
└── README.md

As a [user type]
I want [functionality]
So that [benefit]

Acceptance Criteria:
- [ ] Criterion 1
- [ ] Criterion 2  
- [ ] Criterion 3

def test_user_can_create_task():
    # Given: A logged-in user
    # When: They submit a new task
    # Then: The task appears in their list
    assert False  # Implement this test

# AI Directive: Task Creation Feature

Make the test `test_user_can_create_task()` pass.

Current failing test output:
[paste test failure]

Requirements:
- Task must have title, description, due_date
- Validate all required fields
- Return appropriate error messages
- Update the UI immediately after creation

Implementation notes:
- Follow existing code patterns in models.py
- Use the established API response format
- Add appropriate logging

# Security Audit Request

Review the entire application for security vulnerabilities:

Focus Areas:
- SQL injection prevention
- XSS protection
- Authentication/authorization
- Input validation
- Error message information leakage

For each issue found:
1. Explain the vulnerability
2. Show example exploit
3. Provide specific fix
4. Create test to prevent regression

# Performance Optimization

Current performance metrics:
- Page load time: [measure]
- API response time: [measure]
- Database query count: [measure]

Optimize for:
- < 2 second page loads
- < 200ms API responses  
- Minimal database queries
- Efficient asset delivery

Provide before/after measurements for each optimization.

# UX Enhancement

Review the application from a user experience perspective:

Areas to evaluate:
- Navigation clarity
- Error message helpfulness
- Loading states and feedback
- Mobile responsiveness
- Accessibility compliance

For each improvement:
1. Identify the UX problem
2. Propose specific solution
3. Implement the change
4. Verify improved user flow

# Chain 1: Data Design
Design the database schema for user notifications including:
- Notification types (email, in-app, push)
- Delivery status tracking
- User preferences
- Scheduling options

# Chain 2: API Design  
Based on the schema from Chain 1, design REST API endpoints for:
- Creating notifications
- Marking as read/unread
- Managing user preferences
- Bulk operations

# Chain 3: Implementation
Implement the notification system using the schema and API design from previous chains.

I'm stuck on a problem and need to think through it step by step.

Problem: Users are reporting that the app is slow when they have many tasks.

Current approach: Loading all tasks at once on page load.

Help me think through this:
1. What might be causing the slowness?
2. What are some potential solutions?
3. What are the trade-offs of each approach?
4. Which solution should I implement first?

Don't give me code yet. Just help me think through the problem systematically.

# Code Review Checklist

Review this code against the following criteria:

## Functionality
- [ ] Does the code do what it's supposed to do?
- [ ] Are edge cases handled appropriately?
- [ ] Is error handling comprehensive?

## Code Quality  
- [ ] Is the code readable and well-organized?
- [ ] Are variables and functions named clearly?
- [ ] Is there appropriate commenting?
- [ ] Are functions focused and single-purpose?

## Performance
- [ ] Are there any obvious performance issues?
- [ ] Is database usage efficient?
- [ ] Are resources properly managed?

## Security
- [ ] Is user input properly validated?
- [ ] Are authentication/authorization checks in place?
- [ ] Are sensitive operations logged?

## Testing
- [ ] Is the code testable?
- [ ] Are important paths covered by tests?
- [ ] Are tests clear and maintainable?

For each issue found, provide:
1. Specific problem description
2. Code location
3. Suggested fix
4. Explanation of why it matters

# Pre-Launch Checklist

## Technical Verification
- [ ] All tests pass in production environment
- [ ] Database migrations work correctly
- [ ] Environment variables are configured
- [ ] SSL certificate is active
- [ ] Backup system is working
- [ ] Monitoring is configured

## User Experience
- [ ] All user flows work end-to-end
- [ ] Error pages are user-friendly
- [ ] Mobile experience is acceptable
- [ ] Load times meet performance targets

## Security
- [ ] Security headers are configured
- [ ] Input validation is comprehensive
- [ ] Authentication flows are secure
- [ ] Sensitive data is protected

## Business Requirements
- [ ] Core user stories are implemented
- [ ] Analytics tracking is active
- [ ] Legal requirements are met (privacy policy, etc.)