Your AI agent needs a plan it holds to.
One conversation designs your entire architecture — entities, APIs, game loops, ML pipelines, smart contracts, whatever you're building. Your AI agent gets a full blueprint it executes from start to finish.
I'm building a SaaS analytics dashboard with team workspaces, role-based permissions, and Stripe billing.
Mapping your architecture. A few questions:
WORKS WITH CURSOR · WINDSURF · CLAUDE CODE · COPILOT · AIDER · ANY AI AGENT
THE REAL PROBLEM
You have a context-loss problem. Every time your AI agent forgets auth, edge cases, or data rules, your momentum dies. The project stalls. Another repo collects dust.
Your private repos are a graveyard of weekend projects. The spark of genius from Saturday dies by Monday, lost in half-written APIs and a forgotten auth flow.
Your AI coding agent writes great code and remembers nothing. You spend half your time re-explaining the database schema or reminding it about edge cases.
You started with a vibe. It felt great. Then came the spaghetti code, the security holes, and the realization you're 90% done with the hardest 10% still to go.
THE DIFFERENCE
Without PrimaSpec
Prompt-by-prompt improvisation
Requirements live in your head
AI hallucinates features you never wanted
You spend hours re-explaining user roles
Database schema forgotten halfway through
Momentum dies. Repo abandoned.
With PrimaSpec
Single source of truth from day one
Architecture, APIs, schema, and state aligned
AI follows governed architecture rules with reduced drift
Critical auth, data, and security decisions locked before coding starts
You're the architect, not the prompt-janitor
Momentum builds. Project gets shipped.
HOW IT WORKS
Talk about your project like you would to a co-founder. No forms, no templates, no jargon. Describe what you're building. PrimaSpec detects your domain and asks the questions you'd forget.
What are you building?
A marketplace for freelance dog walkers with booking, payments, and reviews
Detected domains
75 packs · 1,000+ questions loaded
How do customers pay for a walk?
What happens if a walker cancels within 24h?
Dispute resolution process:
PrimaSpec asks the questions you'd forget: payment escrow or direct? What happens on cancellation? How do disputes work? Every answer locks into a machine-readable blueprint your AI references throughout the build.
Hand the spec to Cursor, Windsurf, Claude Code, Copilot, or Aider. Your agent gets behavioral contracts, domain knowledge, build phases, and progress tracking. It builds feature by feature, referencing your architecture decisions at every step.
REAL OUTPUT
Up to 26 governance files, three shown here. A coordinated system your agent executes phase by phase. Your agent reads 2K tokens and builds. It does not read 50K tokens and forget.
# BLUEPRINT.md — DogWalker
Phase order: 0 → A → B → C → D → E → F → G → H → I
Total status marks: 47
## Phase B — Database Schema (~3h)
### Entity: Booking
| Field | Type | Constraints |
|--------------|----------|----------------------|
| id | UUID | PK, default uuid |
| customerId | UUID | FK → User, NOT NULL |
| walkerId | UUID | FK → Walker, NOT NULL|
| dogId | UUID | FK → Dog, NOT NULL |
| status | Enum | PENDING → CONFIRMED → |
| | | COMPLETED / CANCELLED|
| scheduledAt | DateTime | NOT NULL, future only|
| duration | Int | minutes, min: 15 |
| price | Decimal | precision: 10, scale: 2|
| notes | String? | max: 500 |
| createdAt | DateTime | default: now() |
| updatedAt | DateTime | @updatedAt |
### Relationships
- User 1:N Booking (customerId) CASCADE
- Walker 1:N Booking (walkerId) RESTRICT
- Dog 1:N Booking (dogId) RESTRICT
- Booking 1:1 Review CASCADE
- Booking 1:1 Payment CASCADE
### Tasks
- [ ] Create all entity tables with constraints
- [ ] Add foreign keys and indexes
- [ ] Run initial migration cleanly
- [ ] Verify with `prisma db push --dry-run`
## Phase D — API Surface (~4h)
### Bookings (5 endpoints)
| Method | Path | Auth | BOLA |
|--------|-------------------|------|------|
| POST | /bookings | yes | — |
| GET | /bookings | yes | user |
| GET | /bookings/:id | yes | user |
| PATCH | /bookings/:id | yes | user |
| DELETE | /bookings/:id | yes | user |
### Walkers (4 endpoints)
| Method | Path | Auth | BOLA |
|--------|-------------------|------|------|
| GET | /walkers | no | — |
| GET | /walkers/:id | no | — |
| PATCH | /walkers/:id | yes | user |
| GET | /walkers/:id/slots| no | — |
### Error Contract
All errors return: `{ statusCode, message,
error, code, requestId, timestamp, path }`
## Phase G — Testing (~6h)
### 6-Layer Test Pyramid
```
/ Chaos \
/ Smoke \
/ E2E \
/ Contract \
/ Integration \
/ Unit \
```
### BOLA Test Pattern
```
it("denies cross-user access", async () => {
const res = await request(app)
.get("/bookings/" + otherUserBookingId)
.set("Authorization", "Bearer " + userAToken);
expect(res.status).toBe(404);
});
```
*Generated by [PrimaSpec](https://primaspec.com). AI-driven architecture specs.*# AGENTS.md — DogWalker
Domain knowledge for AI agents.
Read CLAUDE.md first for rules and invariants.
Deep lookups: seek AGF:: tokens in AGENTS-full.md
## Session Start
1. Read CLAUDE.md → load behavioral contract
2. Read this file → load domain model
3. Read STATE.md → find current phase
4. Read BLUEPRINT.md → find current tasks
## Stack Overview
- **Backend**: NestJS 11 / TypeScript 5.7
- **ORM**: Prisma 7 (PostgreSQL 16)
- **Frontend**: Next.js 16 / React 19
- **Styling**: Tailwind CSS v4 + shadcn/ui
- **Cache**: Redis 7 (BullMQ queues)
- **Payments**: Stripe (Connect + Checkout)
## Domain Model
| Entity | Key Fields | Total |
|----------|----------------------|-------|
| User | email, role, name | 8 |
| Walker | userId, bio, rating | 12 |
| Dog | name, breed, weight | 9 |
| Booking | status, scheduledAt | 11 |
| Review | rating, comment | 7 |
| Payment | amount, stripeId | 9 |
| Payout | walkerId, amount | 8 |
| Dispute | reason, resolution | 10 |
## Business Rules
- Booking requires available walker slot [enforce]
- Walker rating recalculated on new review [auto]
- Cancellation < 24h → full refund [enforce]
- Cancellation ≥ 24h → 50% refund [enforce]
- Max 3 active bookings per customer [enforce]
- Walker payout = booking price × 0.85 [auto]
- Disputes auto-escalate after 48h [timed]
## State Machine: Booking.status
```
PENDING → CONFIRMED → IN_PROGRESS → COMPLETED
↓ ↓
CANCELLED CANCELLED
↓ ↓
REFUNDED REFUNDED
```
## User Roles
- **customer** (default) — book walks, leave reviews
- **walker** — accept bookings, manage availability
- **admin** — manage users, resolve disputes
## Security Overview
- Auth: JWT (access 15min + refresh 7d)
- Providers: email/password, Google OAuth
- BOLA: enabled on all user-scoped resources
- CSRF: enabled on all state-changing endpoints
- Rate limits: 20/60/5 req/min (public/auth/booking)
- Input: Zod validation on all mutations
## BOLA Quick Reference
1. Never `findUnique({ where: { id } })`
2. Always `findFirst({ where: { id, userId } })`
3. Return 404 on mismatch (never 403)
4. Test cross-user access in every E2E suite
## Decision Tree: Adding a New Endpoint
1. Which entity? → Check domain model above
2. Auth required? → Add JwtAuthGuard
3. User-scoped? → Add BOLA via ScopedFetchService
4. State change? → Add CSRF + Zod validation
5. Rate limit tier? → See security overview
6. Write E2E test → success + auth + BOLA + edge
*Generated by [PrimaSpec](https://primaspec.com). AI-driven architecture specs.*--- current_phase: "D" current_step: "SM-17" total_status_marks: 47 completed_status_marks: 16 last_git_sha: "a3f8c21" current_plan_file: "plans/004-auth-stripe.md" blockers: [] --- # STATE.md — DogWalker ## Context Recovery If context was compacted or session restarted: 1. Read this file → note current_phase + current_step 2. Read CLAUDE.md → load invariants and workflow 3. Read AGENTS.md → load domain model 4. `git log --oneline -5` → verify last_git_sha 5. Resume from current_step below --- ## Phase 0 — Prerequisites (~1h) | SM | Status | Deliverable | |------|--------|------------------------------------| | SM-1 | [x] | Git repository initialized | | SM-2 | [x] | `.env.example` created | | SM-3 | [x] | docker-compose.yml + plans/ dir | | SM-4 | [x] | Dependencies installed | | SM-5 | [x] | Docker Desktop running, .env set | ## Phase A — Scaffolding (~2h) | SM | Status | Deliverable | |------|--------|------------------------------------| | SM-6 | [x] | Project structure initialized | | SM-7 | [x] | NestJS backend configured | | SM-8 | [x] | Next.js frontend configured | | SM-9 | [x] | Lint, format, typecheck passing | ## Phase B — Database Schema (~3h) | SM | Status | Deliverable | |-------|--------|-----------------------------------| | SM-10 | [x] | User table created | | SM-11 | [x] | Walker table created | | SM-12 | [x] | Dog table created | | SM-13 | [x] | Booking table created | | SM-14 | [x] | Review table created | | SM-15 | [x] | Payment table created | | SM-16 | [x] | Relationships + initial migration | ## Phase C — Data Model (~4h) | SM | Status | Deliverable | |-------|--------|-----------------------------------| | SM-17 | [x] | UserService CRUD + DTOs | | SM-18 | [x] | WalkerService CRUD + DTOs | | SM-19 | [x] | DogService CRUD + DTOs | | SM-20 | [x] | BookingService CRUD + DTOs | | SM-21 | [x] | ReviewService CRUD + DTOs | | SM-22 | [x] | PaymentService CRUD + DTOs | ## Phase D — API Surface (~4h) | SM | Status | Deliverable | |-------|--------|-----------------------------------| | SM-23 | [x] | Users controller (3 endpoints) | | SM-24 | [x] | Walkers controller (4 endpoints) | | SM-25 | [ ] | Bookings controller (5 endpoints) | | SM-26 | [ ] | Reviews controller (3 endpoints) | | SM-27 | [ ] | All 15 endpoints wired | ## Phase E — Auth & Security (~4h) | SM | Status | Deliverable | |-------|--------|-----------------------------------| | SM-28 | [ ] | JWT authentication (access+refresh)| | SM-29 | [ ] | Google OAuth provider | | SM-30 | [ ] | BOLA protection on all resources | | SM-31 | [ ] | CSRF protection enabled | | SM-32 | [ ] | Rate limiting (20/60/5 per min) | | SM-33 | [ ] | Role guards (customer/walker/admin)| ## Phase F — Frontend (~8h) | SM | Status | Deliverable | |-------|--------|-----------------------------------| | SM-34 | [ ] | Next.js setup complete | | SM-35 | [ ] | Auth pages (login, register) | | SM-36 | [ ] | Walker profile pages | | SM-37 | [ ] | Booking flow pages | | SM-38 | [ ] | Review pages | | SM-39 | [ ] | Dashboard layout | ## Phase G — Testing (~6h) | SM | Status | Deliverable | |-------|--------|-----------------------------------| | SM-40 | [ ] | UserService unit tests | | SM-41 | [ ] | WalkerService unit tests | | SM-42 | [ ] | BookingService unit tests | | SM-43 | [ ] | E2E tests for 15 endpoints | | SM-44 | [ ] | Auth flow E2E + BOLA tests | ## Phase H — Deployment (~3h) | SM | Status | Deliverable | |-------|--------|-----------------------------------| | SM-45 | [ ] | Dockerfiles created | | SM-46 | [ ] | CI/CD pipeline configured | | SM-47 | [ ] | Health check endpoint responding | *Generated by [PrimaSpec](https://primaspec.com). AI-driven architecture specs.*
WHY IT WORKS
PrimaSpec gives your agent behavioral contracts, token-indexed references, build phases, and live status tracking. Everything it needs to maintain consistency across build phases.
PrimaSpec outputs up to 26 coordinated files — behavioral contracts, domain knowledge, build plans, threat models, CI/CD configs, and progress tracking. Your agent knows what to build, how to build it, and where it left off.
8 of 14 endpoints built
Every build phase has a status mark: COMPLETE, IN_PROGRESS, or PENDING. When an agent crashes, hits a context limit, or starts a new session, it reads STATE.md and continues from the exact step. No duplicate work. No starting over.
AI agents have context windows. A 50,000-token architecture spec is too large to read at once.
PrimaSpec builds AGF:: token indexes, anchor points letting agents seek directly to any section. Need auth logic? AGF::AUTH jumps to line 847. Need the API surface? AGF::ENDPOINTS jumps to line 1,203. The agent reads only what it needs, when it needs it.
Traditional spec
Agent reads 50K tokens, forgets the middle
PrimaSpec spec
Agent seeks AGF::AUTH, reads 2K tokens, builds
SOUND FAMILIAR?
“I have 15 private repos from the last year. All great ideas. None of them finished. The problem was never the coding. It was the planning.”
Every indie hacker, probably
“I've spent more time re-explaining context to my AI than it would have taken to write the code myself. I need a spec it never forgets.”
A developer on the brink
“My agent built the CRUD in an hour. Then I spent three days fixing auth, edge cases, and the database schema it made up. 90% done is 10% shipped.”
The vibe coding hangover
PRICING
1 free project to try PrimaSpec end to end. Then buy credits in packs — from $17.90 per project. No subscriptions. Credits never expire.
READY?
Describe what you're building, answer a few architecture questions, and get up to 26 governance files your AI follows to ship your next project. Self-healing review catches inconsistencies across every file.
1 FREE PROJECT · FROM $17.90 PER PROJECT · NO SUBSCRIPTIONS
Governance files are structured documents (CLAUDE.md, BLUEPRINT.md, STATE.md, THREATS.md, DESIGN.md, and more) that tell your AI coding agent exactly how to build your project. Up to 26 files covering build plans, architecture specs, naming conventions, security rules, threat models, and deployment configs — everything an AI agent needs to go from zero to production.
The conversation takes 5-15 minutes across 6 phases. Governance file generation takes another 15-20 minutes (you can close the tab and come back). Total: under 30 minutes from idea to full project specification. You can cancel generation, regenerate single files, and preview files inline.
Every new account gets 1 free project to try PrimaSpec end to end. After that, buy credits in packs: $29 for 1, $99 for 5 ($19.80 each), or $179 for 10 ($17.90 each). Credits never expire, no subscriptions.
PrimaSpec generates config files for Cursor, Windsurf, Claude Code, GitHub Copilot, Aider, and any AI agent that can read markdown files. We detect your IDE choice and only generate the matching config.
Your project data is processed by Anthropic Claude (AI) and stored encrypted. We never share your data with third parties. You can export or delete all your data at any time from Settings. See our Privacy Policy for details.
Any. Web apps, mobile apps, ML pipelines, game engines, embedded systems, smart contracts, CLI tools, Kaggle competitions — PrimaSpec dynamically classifies your project type and activates the right concern packs from a library of 75 packs with 1,000+ domain-specific questions.