Forge workbench with glowing tracker blueprints, anvil with golden checklist, and tech stack mascots floating as ember particles

Appendix E

Sample Project — Build a Tracker App

Pick your stack. Build a real app. Learn Plan Forge by using it.

The Tracker App

A task tracker with users, projects, tasks, statuses, and comments. Simple enough to build in an afternoon, rich enough to exercise every Plan Forge feature. You'll run the full pipeline (Specify → Harden → Execute → Review → Ship) five times — once per phase — and learn a different manual chapter with each one.

Tracker App — Data Model

Users

id, email, name, password_hash, role, created_at

Projects

id, name, description, owner_id, status, created_at

Tasks

id, project_id, title, description, status, assignee_id, priority, due_date

Comments

id, task_id, author_id, body, created_at

Pick Your Preset

The specs below are framework-agnostic. Plan Forge generates stack-specific plans based on your preset. Pick the one you want to learn:

dotnet

typescript

python

java

swift

rust

php

any stack

Getting Started

Terminal

mkdir tracker-app && cd tracker-app
git init

# Pick your preset (replace  with dotnet, typescript, python, etc.)
.\setup.ps1 -Preset <your-stack>

# Verify
.\pforge.ps1 smith

Phase Roadmap

Phase 1

Bootstrap + Health

→

Phase 2

Users + Auth

→

Phase 3

Projects + Tasks

→

Phase 4

Comments + Events

→

Phase 5

Dashboard + Reports

What You'll Practice

Phase	What You Build	Manual Chapters Practiced
1	Project scaffold + `GET /health`	Ch 3 (Installation), Ch 4 (Your First Plan)
2	User model + JWT auth + roles	Ch 5 (Writing Plans), Ch 9 (auto-loading auth + security instructions)
3	Project & Task CRUD + tests	Ch 6 (Dashboard monitoring), Ch 7 (CLI: sweep, diff, analyze)
4	Comments + event publishing	Ch 13 (quorum mode, parallel slices, model routing)
5	Dashboard views + caching	Ch 8 (custom instructions for reporting domain)

Phase 1 — Bootstrap + Health Endpoint

This is the same exercise from Chapter 4, but now in context of a larger project. Paste this into the specifier agent:

Paste into Step 0 (Specifier)

Feature: health-endpoint

Problem: The Tracker app needs a health check endpoint so load balancers
and monitoring tools can verify the service is running.

Scenarios: GET /health every 30 seconds. Returns 200 OK with
{"status": "healthy", "version": "1.0.0"}.

Acceptance Criteria:
- GET /health returns 200 with JSON body
- Response time under 50ms
- No authentication required
- If database unreachable: 503 {"status": "degraded", "reason": "database"}

Out of Scope: Deep dependency checks, metrics endpoint, custom health UI.

Run the full pipeline: Step 0 → Step 1 → Step 2 → Step 3 → Step 4 → Step 5 → Step 6. When done, pforge phase-status docs/plans/Phase-1-*.md complete.

Phase 2 — Users + Authentication

Paste into Step 0 (Specifier)

Feature: user-authentication

Problem: The Tracker app needs user accounts with login, registration,
and role-based access control (admin, member).

MUST Criteria:
- User registration with email + password (hashed, never plaintext)
- Login returns JWT token (access + refresh)
- Role-based authorization: admin can manage all projects, member sees own
- Protected endpoints return 401 without valid token, 403 without required role
- Password reset flow (token-based)

SHOULD Criteria:
- Rate limiting on login endpoint (5 attempts per minute)
- Audit log for authentication events

Out of Scope: OAuth/social login, MFA, user profile editing.

Watch for auto-loading: When the executor creates auth files, notice that auth.instructions.md and security.instructions.md load automatically. This is the applyTo mechanism from Chapter 2 in action.

Phase 3 — Projects + Tasks CRUD

Paste into Step 0 (Specifier)

Feature: project-task-management

Problem: Users need to create projects and manage tasks within them.

MUST Criteria:
- CRUD for Projects (create, read, update, delete)
- CRUD for Tasks within a project
- Task fields: title, description, status (todo/in-progress/done), priority (low/medium/high), assignee, due date
- Only project owner or admin can delete a project
- List tasks with filtering by status, assignee, priority
- Pagination on list endpoints (default 20 per page)
- 90%+ test coverage on service layer

SHOULD Criteria:
- Task sorting by priority, due date, created date
- Bulk status update for selected tasks

Out of Scope: File attachments, subtasks, task templates, Kanban board UI.

Try the dashboard: Start the MCP server (node pforge-mcp/server.mjs) and watch localhost:3100/dashboard during execution. You'll see slices progress in real-time — this is Chapter 6 in action.

Phase 4 — Comments + Event Publishing

Paste into Step 0 (Specifier)

Feature: comments-and-events

Problem: Users need to discuss tasks via comments, and the system needs
an event bus for audit/notification purposes.

MUST Criteria:
- Add, edit, delete comments on tasks
- Only comment author or admin can edit/delete
- Event publishing: task-created, task-updated, task-status-changed, comment-added
- Event consumers: update task activity log, update project last-modified timestamp
- Comments include created_at, updated_at timestamps

SHOULD Criteria:
- @mention support in comments (notify mentioned user)
- Activity feed endpoint: recent events across user's projects

Out of Scope: Real-time WebSocket push to clients, email notifications, rich text.

Try advanced execution: This phase has independent slices (comments vs events). Add [P] tags to the hardened plan for parallel execution. Try --quorum=auto to see multi-model consensus on complex slices. See Chapter 13.

Phase 5 — Dashboard + Reports

Paste into Step 0 (Specifier)

Feature: dashboard-and-reporting

Problem: Users need an overview of their projects with status summaries,
task distribution, and activity trends.

MUST Criteria:
- Dashboard endpoint: project count, task count by status, overdue tasks
- Per-project summary: task breakdown, recent activity, completion percentage
- Reporting endpoint: tasks completed this week/month, average time to close
- Cache dashboard data (invalidate on task/project changes)

SHOULD Criteria:
- Configurable date ranges on reports
- Export report as JSON

Out of Scope: Charts/graphs (API only), PDF export, scheduled reports.

Write a custom instruction: Create .github/instructions/reporting.instructions.md with rules for your reporting domain (cache invalidation patterns, aggregation query patterns). This is Chapter 8 in action.

Stretch Goals

Finished all 5 phases? Try these advanced exercises:

Exercise	What You'll Learn	Command/Chapter
Add multi-tenancy	Install an extension, see guardrails auto-apply	`pforge ext add saas-multi-tenancy` → Ch 11
Add CI validation	Automate quality gates on PRs	Copy `plan-forge-validate.yml` → Ch 13
Quorum analysis	Multi-model consistency scoring	`pforge analyze --quorum docs/plans/Phase-3-*.md`
Generate a Project Profile	Tighten guardrails based on your standards	Attach `project-profile.prompt.md` → Ch 8
Define Project Principles	Declare non-negotiable commitments	Attach `project-principles.prompt.md` → Ch 8
Run with a different AI tool	Test multi-agent setup	`.\setup.ps1 -Agent claude` → Ch 12
Diagnose a bug	Multi-model bug investigation	`pforge diagnose src/services/TaskService.*` → Ch 7

The specs are deliberately high-level. You use Plan Forge (specifier → hardener → executor) to flesh them out. That's the exercise — learning the pipeline by making it do the heavy lifting.

📄 Based on the Tracker sample app in plan-forge-testbed. See also: greenfield-todo-api.md