# 🎯 Your First Project with CursorRIPER♦Σ

Let's build a real project using the framework - a simple task management API. This tutorial demonstrates the complete RIPER workflow.

## 📋 Project Overview

We'll build a REST API with:
- User authentication
- CRUD operations for tasks
- Data validation
- Error handling

## 🔍 Phase 1: Research Mode

Let's start by researching what we need:

```
/research
```

Now, let's gather requirements:

```
I need to build a task management API. What are the key components I should consider?
```

The framework will:
- ✅ Read any existing code
- ✅ Ask clarifying questions
- ✅ Document findings in memory

### Research Activities

1. **Define requirements:**
```
What are the core features needed for a task management API?
- User registration and login
- Create, read, update, delete tasks
- Task status (pending, in-progress, completed)
- Due dates and priorities
```

2. **Check context:**
```
!af package.json      # Add package file if exists
!ad src/             # Add source directory
```

3. **Memory is updated:**
The framework automatically updates:
- 📋 `projectbrief.md` - Requirements captured
- 💻 `techContext.md` - Technology decisions

## 💡 Phase 2: Innovate Mode

Switch to innovate mode to explore solutions:

```
/innovate
```

Ask for innovative approaches:

```
What modern approaches should we consider for authentication and data validation?
```

### Innovation Activities

1. **Explore authentication options:**
- JWT tokens vs sessions
- OAuth integration possibilities
- Refresh token strategies

2. **Consider architecture patterns:**
- RESTful vs GraphQL
- Microservices vs monolithic
- Database choices (SQL vs NoSQL)

3. **Validation strategies:**
- Schema validation libraries
- Custom validators
- Error handling patterns

**Context tracking:**
```
!ac authenticationStrategy    # Track auth decisions
!adoc API Design Patterns     # Reference documentation
```

## 📝 Phase 3: Plan Mode

Time to create a concrete plan:

```
/plan
```

Request a detailed plan:

```
Create a detailed implementation plan for the task management API with authentication
```

### The Plan (Generated)

```markdown
## Implementation Plan: Task Management API

### Architecture
- Node.js + Express
- PostgreSQL database  
- JWT authentication
- Input validation with Joi

### Project Structure
```
src/
├── controllers/
│   ├── auth.controller.js
│   └── task.controller.js
├── middleware/
│   ├── auth.middleware.js
│   └── validation.middleware.js
├── models/
│   ├── user.model.js
│   └── task.model.js
├── routes/
│   ├── auth.routes.js
│   └── task.routes.js
├── services/
│   ├── auth.service.js
│   └── task.service.js
├── utils/
│   ├── database.js
│   └── jwt.utils.js
└── app.js
```

### Implementation Steps
1. Set up project structure
2. Configure database connection
3. Create user model and authentication
4. Implement JWT token generation
5. Create task model and CRUD operations
6. Add validation middleware
7. Implement error handling
8. Add tests
```

**Protection markers added:**
```
!cp Critical sections identified for protection
```

## ⚙️ Phase 4: Execute Mode

Now let's implement the plan:

```
/execute
```

### Execute the Plan

1. **Set up project structure:**
```
Create the project structure according to the plan
```

The AI will create files following the plan exactly.

2. **Implement authentication:**
```javascript
// !cp PROTECTED - JWT Secret Configuration
const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key';
// !cp END-P

// !cc CRITICAL - User Authentication
async function authenticateUser(email, password) {
    const user = await User.findOne({ email });
    if (!user || !await bcrypt.compare(password, user.password)) {
        throw new Error('Invalid credentials');
    }
    return generateToken(user);
}
// !cc END-C
```

3. **Track implementation:**
```
!af src/controllers/auth.controller.js
!ac authenticateUser()
```

### Key Implementation Rules in Execute Mode

- ✅ Can create and modify files
- ✅ Must follow the plan exactly
- ❌ Cannot deviate or "improve" 
- ❌ Cannot search web (stay focused)

## 🔎 Phase 5: Review Mode

Finally, let's review our work:

```
/review
```

### Review Activities

1. **Check implementation against plan:**
```
Review the implementation against our plan. Are all components implemented correctly?
```

2. **Verify protection:**
```
Check that all critical code sections are properly protected
```

3. **Review findings:**
- ✅ All planned components implemented
- ✅ Authentication working correctly
- ✅ CRUD operations complete
- ⚠️ Missing: Rate limiting (not in original plan)

## 📊 Project Completion

### Memory Bank Status

After completing the project, your memory bank contains:

1. **📋 projectbrief.md**
   - Complete requirements
   - Success criteria
   - Scope definition

2. **🏛️ systemPatterns.md**
   - API architecture
   - Design patterns used
   - Component relationships

3. **💻 techContext.md**
   - Technology stack
   - Dependencies
   - Environment setup

4. **🔮 activeContext.md**
   - Current focus areas
   - Protected code sections
   - Active file references

5. **📊 progress.md**
   - Completed features
   - Test results
   - Outstanding items

## 🎓 Lessons Learned

1. **Research First** - Gather all requirements before designing
2. **Innovate Freely** - Explore options without committing
3. **Plan Thoroughly** - Detailed plans make execution smooth
4. **Execute Faithfully** - Stick to the plan, no surprises
5. **Review Honestly** - Catch issues before deployment

## 🚀 Next Steps

### Enhance Your Project

1. **Add more features:**
   - User roles and permissions
   - Task sharing and collaboration
   - Email notifications

2. **Improve security:**
   ```
   !cp Mark more sections as PROTECTED
   !cg Add GUARDED sections for sensitive logic
   ```

3. **Expand context:**
   ```
   !af test/auth.test.js    # Add test files
   !ad docs/               # Add documentation
   ```

### Try These Exercises

1. **Protection Practice:**
   - Add protection to database queries
   - Guard configuration files
   - Mark critical business logic

2. **Context Management:**
   - Create focused contexts for features
   - Use mode-specific contexts
   - Clear irrelevant context

3. **Permission Testing:**
   - Try forbidden operations in each mode
   - Understand permission boundaries
   - Practice safe mode transitions

## 📚 Further Learning

- 🧠 [Deep Dive: RIPER Modes](../Core-Concepts/RIPER-Modes)
- 🛡️ [Advanced Protection Strategies](../Features/Code-Protection)
- 📎 [Context Management Mastery](../Guides/Context-Management)
- 🔄 [Workflow Optimization](../Guides/Mode-Transitions)

## 🎉 Congratulations!

You've completed your first project with CursorRIPER♦Σ! You now understand:
- ✅ The complete RIPER workflow
- ✅ How to protect critical code
- ✅ Context management basics
- ✅ Permission boundaries
- ✅ Memory bank usage

### Ready for More?

- Build your own project idea
- Enable [MCP integrations](../Advanced/MCP-Integration/Overview) for more power
- Try [BMAD enterprise features](../Advanced/BMAD-Enterprise/Overview) for teams

---

**[← Quick Start](Quick-Start)** | **[Home](../Home)** | **[Basic Workflow →](Basic-Workflow)**