Spec Template: Login Flow
This is a ready-to-use Intent Specification for a standard email/password login flow. You can copy this template, adapt it for your tech stack, and feed it directly to your AI coding agent or engineering team.
The Template
{
"id": "intent-login-123",
"title": "Email / Password Login Flow",
"objective": "Allow users to securely access their accounts via email and password, preventing unauthorized access.",
"problemSeverity": "critical",
"outcomes": [
"User can log in with valid credentials and receives a session token",
"Invalid credentials show a generic 'Invalid email or password' error",
"User is redirected to the dashboard upon successful login"
],
"constraints": [
"Passwords must never be logged or stored in plaintext",
"Must use HTTPS for all authentication endpoints",
"Use existing AuthContext for state management"
],
"edgeCases": [
{
"scenario": "User tries to log in with an unverified email",
"expectedBehavior": "Show 'Email not verified' error and offer resend link"
},
{
"scenario": "Network timeout during login attempt",
"expectedBehavior": "Show generic timeout error and allow retry, do not crash"
}
],
"verification": {
"e2eTests": ["login-flow.spec.ts"],
"unitTests": ["auth-utils.test.ts"]
}
}How to Use This Template
- Copy the JSON above.
- Adjust the outcomes to match your product's specific login requirements.
- Add constraints for your tech stack (e.g., auth provider, framework, design system).
- Feed to your agent: Paste directly into Cursor, Windsurf, or your AI-assisted IDE.
- Or create a ticket: Use this as the description for your Linear/Jira issue.
Customization Ideas
- OAuth Login: Add acceptance criteria for "Sign in with Google" and "Sign in with GitHub" buttons.
- Two-Factor Auth: Add criteria for OTP verification after password submission.
- Magic Link: Replace password fields with email-only input and "Send Magic Link" button.
💡 Tip: Use the Copy button on the JSON block above to grab the full template. Then paste it into your AI agent or issue tracker.
See It In Action
We fed this exact spec to an AI coding agent. The result? A fully functional login form with validation, loading states, and tests — in under 3 minutes.
Why Structured Specs Beat Loose Prompts
When we tested this exact spec with AI coding agents, the results were consistent:
- No clarifying questions. The outcomes, constraints, and edge cases answered everything upfront.
- Security requirements caught. "Passwords must never be logged" is the kind of constraint that gets forgotten in a conversational prompt but is explicit in a spec.
- Verification was built-in. The agent wrote tests directly from the verification section — no guessing what to test.
- Clear "done" criteria. The outcomes are finite and testable. The agent knew when it was finished.
A loose prompt like "build a login page" produces working code that misses half the requirements. A structured spec produces code that matches the contract.
Ready to create your own specs? Let Pathmode synthesize them from your user research.