Skip to content
PromptForge

Worked example

One brief through the engine

What happens when you paste a brief into PromptForge and hit generate. The brief is real, the constraints are extracted, the dependency rules fire deterministically, and every recommendation carries a citation back to the catalogue row it came from.

The brief

A personal-trainer bookings platform for clients in East London.
Stripe checkout, GDPR-compliant client data, an admin dashboard for the
trainer to manage sessions. £20/month budget, ~50 clients to start.
Trainer is non-technical; I'm the developer building this for them.

Picked up from your brief

Fields filled in from the brief above without asking you a new question. Anything the brief leaves silent stays empty; you confirm or override before generation.

Project type
Web app, greenfield
Audience
Personal-trainer + their clients
Primary action
Book a training session
Stack hints
None named explicitly (engine will recommend)
Geography
UK (inferred from East London)
Compliance flags
personal, payments
Budget
£20 / month
Scale
under_100 (~50 clients to start)
Purpose
client (developer building for a non-technical owner)
Features
auth, payments, scheduled_job, admin_dashboard

Constraints flagged for your build

The combinations below get flagged early so your AI sees the rules of the road before it picks a stack. Each one ties to a real obligation, GDPR, PCI-DSS, or a client-handover need.

  • GDPR (personal data)

    Database and hosting picks favour EU-region providers so your data stays inside the EU/UK perimeter.

  • PCI-DSS (card payments)

    Rolling your own card form is off the table. Use a hosted-checkout flow to keep scope manageable.

  • Client handover

    A handover phase and a staging environment are added to the plan so the non-technical owner can operate the system without you.

Stack suggested for the brief

The top pick per layer, anchored to your stated budget, scale, and compliance. Your AI gets these as a shortlist with alternatives and is instructed to re-verify current pricing before locking anything in.

  • Frontend Next.js (App Router) + TypeScript + Tailwind
    nextjs.org/docs/app

    Static and server-rendered pages in one project fit the marketing-and-booking split. TypeScript catches schema drift before deploy.

  • Backend FastAPI on Railway
    fastapi.tiangolo.com

    Async out of the box and cheap on a £20 budget. Pydantic request/response models keep the API contract honest.

  • Database Supabase Postgres (Frankfurt region)
    supabase.com/pricing

    Frankfurt keeps GDPR-grade data inside the EU perimeter. Row-level security gives the owner's admin view and the clients' view a single backing table.

  • Auth Supabase Auth (magic link + Google)
    supabase.com/docs/guides/auth

    No password to leak. Magic-link covers email-first clients; Google covers the rest. Owner admin gates on a single role flag.

  • Payments Stripe Checkout (hosted page)
    stripe.com/docs/checkout

    Hosted checkout keeps PCI scope at the lowest tier (SAQ A). Webhook signs the booking with payment_intent.succeeded.

  • Email Resend (EU region)
    resend.com/docs

    EU residency keeps booking-confirmation emails inside the GDPR perimeter.

The meta-prompt the user pastes

A condensed excerpt of what you'd paste into your AI tool. Every recommendation ties back to a verified source the AI can re-check before committing to a build choice.

# Personal-trainer bookings platform

You're building a small SaaS that lets a personal trainer take
client bookings online, charge for them, and manage the resulting
schedule. The brief calls for a £20/month budget at ~50 clients;
your hosting and database picks are anchored to that ceiling.

## Stack
| Layer    | Pick                                     |
|----------|------------------------------------------|
| Frontend | Next.js 16 + TypeScript + Tailwind       |
| Backend  | FastAPI on Railway                       |
| Database | Supabase Postgres (Frankfurt region)     |
| Auth     | Supabase Auth (magic link + Google)      |
| Payments | Stripe Checkout (SAQ A scope)            |
| Email    | Resend (EU region)                       |

## Before you start
- GDPR applies. Keep all personal data in EU-region services
  (Frankfurt for Supabase, Resend EU). Sign a Data Processing
  Agreement with each processor before launch.
- Stripe Checkout keeps you in PCI-DSS SAQ A scope; do NOT roll
  your own card form.
- Add a handover phase at the end so the non-technical owner can
  operate the system without you.

## Phase 0, setup
1. Verify current Stripe pricing for UK accounts at
   https://stripe.com/gb/pricing (use plan-mode + WebFetch; record
   in docs/decisions/stripe-pricing.md).
2. Verify Supabase Frankfurt region is on the free tier or fits
   the £20 budget; record in the same dated note.
3. Generate the Next.js project, wire Supabase client, scaffold
   the booking + admin routes...

(truncated; the live output runs ~3 pages)

Sources:
- Next.js App Router docs: https://nextjs.org/docs/app
- FastAPI docs: https://fastapi.tiangolo.com
- Supabase region + pricing: https://supabase.com/pricing
- Stripe SAQ A guide: https://stripe.com/docs/security/guide
- Resend EU sending: https://resend.com/docs/send-with-nodejs
- ICO health-data + GDPR: https://ico.org.uk/

Why this matters

A generic AI assistant given this brief might pick a US-only host, a SQLite database, and a hand-rolled card form. Each of those costs you a real day later. The engine flags the regional, scale, and compliance trade-offs first, and every pick is tied to a catalogue row that carries its own last_verified date so the runtime AI can re-check it before committing to the build.

How the engine works →