This tutorial walks you through creating a complete project using BMad Method, from initial concept to working code. Youโll experience the full workflow: analysis, planning, architecture, and implementation.
Weโll build a simple web application that helps users track their houseplants and care schedules. This project is complex enough to showcase BMadโs capabilities while remaining approachable for learning.Features weโll implement:
User authentication
Plant inventory management
Care schedule tracking
Watering reminders
This tutorial uses the BMad Method track (full PRD + Architecture). If youโre working on a simpler project, you can use the Quick Flow track instead.
Launch Claude Code, Cursor, or your preferred AI IDE in the project directory.
2
Start a fresh chat
Create a new chat session to begin.
3
Load the Analyst agent
/bmad-agent-bmm-analyst
Youโll meet Mary, the Business Analyst agent.
4
Run the product brief workflow
/bmad-bmm-create-product-brief
Mary will guide you through questions about:
Your target users (plant owners who struggle with care schedules)
Core problem (forgetting to water plants, over/under watering)
Key features (inventory, schedules, reminders)
Success metrics (user retention, plants saved)
Example interaction:
Mary (Business Analyst): "Let's discover what makes this product special! Who are your target users?"You: Plant owners who have killed plants by forgetting to water them or watering on inconsistent schedules.Mary: "Fascinating! What's the core problem they face that keeps them up at night?"You: They don't have a system to remember care tasks, and different plants need different schedules.
View example output
# Product Brief: Plant Care Tracker## Problem StatementPlant owners struggle to maintain consistent care schedules, leading to plant death from neglect or over-watering.## Target Users- Houseplant enthusiasts (3-15 plants)- New plant owners learning care routines- Busy professionals who want plants but lack time## Core Features1. Plant inventory with species information2. Customizable care schedules per plant3. Reminder notifications4. Care history tracking## Success Criteria- 70% user retention after 30 days- Average 5+ plants per active user- 80% of scheduled tasks completed
Always start fresh chats for each workflow to avoid context limitations.
2
Load the PM agent
/bmad-agent-bmm-pm
Meet John, your Product Manager agent who asks โWHY?โ relentlessly.
3
Run the PRD creation workflow
/bmad-bmm-create-prd
John will facilitate a structured interview covering:
Product vision and goals
User personas and scenarios
Functional requirements
Non-functional requirements
Success metrics
The PRD workflow uses step-file architecture:John will guide you through steps sequentially:
Initialization - Load context and understand your starting point
Vision & Goals - Define the โwhyโ behind your product
User Research - Identify personas and scenarios
Requirements Discovery - Functional and non-functional needs
Success Metrics - How youโll measure success
Validation - Ensure completeness and cohesion
Example interaction:
John (PM): "Let's nail down the vision. In one sentence, what change do you want to see in the world?"You: Plant owners confidently care for their plants with consistent routines, leading to healthier plants and happier owners.John: "Perfect. Now, WHY is this problem worth solving? What's the real pain?"You: People feel guilty when plants die, and it discourages them from trying again. A simple system would keep them engaged and successful.
View example PRD structure
# Product Requirements Document: Plant Care Tracker## 1. Product VisionEnable plant owners to maintain healthy plants through systematic care tracking and intelligent reminders.## 2. User Personas### Persona 1: Busy Professional- Name: Sarah- Age: 28-35- Context: Works full-time, has 5-8 houseplants- Pain: Forgets watering schedules, plants die- Goal: Automated reminders, minimal effort tracking## 3. Functional Requirements### FR-1: User AuthenticationUsers must be able to create accounts and log in securely.**Acceptance Criteria:**- Users can register with email and password- Passwords are hashed and secure- Users can log in and log out- Password reset functionality### FR-2: Plant Inventory ManagementUsers can add, edit, and remove plants from their collection.**Acceptance Criteria:**- Add plant with species, location, acquisition date- Upload plant photo (optional)- Edit plant details- Archive or delete plants- View all plants in grid or list view## 4. Non-Functional Requirements### NFR-1: Performance- Page load time < 2 seconds- Plant list renders in < 500ms for up to 100 plants### NFR-2: Security- All passwords hashed with bcrypt- HTTPS for all communications- JWT tokens expire after 24 hours
V6 Improvement: This workflow now runs after architecture, creating better quality stories informed by technical decisions.
1
Start a fresh chat
2
Load the PM agent
/bmad-agent-bmm-pm
3
Run create epics and stories
/bmad-bmm-create-epics-and-stories
John will analyze both your PRD and Architecture to create:
Logical epics grouping related functionality
Detailed user stories with acceptance criteria
Technically-informed implementation notes
Example output structure:
View example epics and stories
# Epics and Stories: Plant Care Tracker## Epic 1: User Authentication & Account Management**Goal:** Enable users to securely create accounts and manage their profiles.### Story 1.1: User Registration**As a** new user **I want to** register with my email and password **So that** I can create a personal plant tracking account**Acceptance Criteria:**- [ ] User can submit registration form with email and password- [ ] Email is validated for proper format- [ ] Password requires minimum 8 characters with complexity rules- [ ] Passwords are hashed using bcrypt before storage- [ ] Duplicate email addresses are rejected with clear error- [ ] Successful registration creates user record in database- [ ] User receives confirmation and is logged in automatically**Technical Notes:**- Use Prisma to create user record- Return JWT token on successful registration- Frontend validation with backend validation enforcement### Story 1.2: User Login**As a** registered user **I want to** log in with my credentials **So that** I can access my plant collection**Acceptance Criteria:**- [ ] User can submit login form with email and password- [ ] System validates credentials against database- [ ] Failed login shows generic error (security best practice)- [ ] Successful login returns JWT token- [ ] Token is stored securely in httpOnly cookie- [ ] User is redirected to plant dashboard## Epic 2: Plant Inventory Management**Goal:** Allow users to add, view, edit, and remove plants from their collection.### Story 2.1: Add New Plant**As a** logged-in user **I want to** add a new plant to my collection **So that** I can start tracking its care**Acceptance Criteria:**- [ ] User can access "Add Plant" form- [ ] Form includes: name, species, location, acquisition date- [ ] Optional photo upload with preview- [ ] Form validation prevents empty required fields- [ ] Plant is saved to database associated with user- [ ] User sees confirmation and new plant appears in list### Story 2.2: View Plant List**As a** logged-in user **I want to** see all my plants at a glance **So that** I can access their details quickly**Acceptance Criteria:**- [ ] Dashboard shows all user's plants in grid layout- [ ] Each plant card shows: photo, name, species, next care due- [ ] Grid is responsive (3 cols desktop, 2 tablet, 1 mobile)- [ ] Loading state while fetching plants- [ ] Empty state with "Add Your First Plant" CTA- [ ] Click on plant card navigates to detail view
---story_key: 1-1-user-registrationepic: 1status: ready-for-dev---# Story 1.1: User Registration## Story**As a** new user **I want to** register with my email and password **So that** I can create a personal plant tracking account## Acceptance Criteria- AC-1: User can submit registration form with email and password- AC-2: Email is validated for proper format- AC-3: Password requires minimum 8 characters with complexity- AC-4: Passwords are hashed using bcrypt before storage- AC-5: Duplicate emails rejected with clear error message- AC-6: Successful registration creates user record- AC-7: User receives JWT token and is logged in automatically## Tasks/Subtasks- Task 1: Set up database schema for users - Create Prisma schema for users table - Run migration to create table - Verify table structure in database- Task 2: Create registration API endpoint - POST /api/auth/register endpoint - Request validation (email format, password strength) - Check for duplicate email - Hash password with bcrypt (salt rounds: 10) - Create user record via Prisma - Generate JWT token with 24h expiry - Return token and user data (exclude password)- Task 3: Write comprehensive tests - Unit test: email validation - Unit test: password validation - Unit test: password hashing - Integration test: successful registration - Integration test: duplicate email rejection - Integration test: invalid input handling- Task 4: Create frontend registration form - Registration form component with React Hook Form - Email and password input fields - Client-side validation with error messages - Submit handler calling API - Loading state during submission - Error handling and display - Success redirect to dashboard## Dev Notes### Architecture Requirements**Backend:**- Framework: Express with TypeScript- Database: PostgreSQL via Prisma ORM- Password hashing: bcrypt (salt rounds: 10)- JWT: jsonwebtoken library, 24h expiry- Validation: express-validator middleware**Frontend:**- React 18 with TypeScript- Form handling: React Hook Form + Zod validation- API calls: React Query- Store token in httpOnly cookie### Security Considerations- Never log passwords or hashes- Use parameterized queries (Prisma handles this)- Rate limit registration endpoint (future enhancement)- Validate on both client and server## Statusready-for-dev
Meet Amelia, who speaks in file paths and AC IDs with ultra-succinct precision.
3
Run dev-story
/bmad-bmm-dev-story
Amelia will:
Load the story file and all context
Execute tasks sequentially following red-green-refactor
Write failing tests first, then implementation
Mark each task complete only when tests pass
Update File List with all changes
Mark story as โreviewโ when complete
What happens during development:
View example dev execution
Amelia (Developer): "Loading story 1-1-user-registration..."โ Context LoadedStory and project context available for implementation๐ Starting work on story 1-1-user-registrationStatus updated: ready-for-dev โ in-progress---Task 1: Set up database schema for users๐ Creating Prisma schema...[Creates prisma/schema.prisma with User model]โ Task 1.1 complete: Prisma schema createdโ Task 1.2 complete: Migration generatedโ Task 1.3 complete: Database table verifiedโ Task 1 complete - marked [x]---Task 2: Create registration API endpoint๐ด RED: Writing failing tests...[Creates src/auth/auth.test.ts with registration tests]โ Tests failing as expected (no implementation yet)๐ข GREEN: Implementing minimal code...[Creates src/auth/auth.controller.ts][Creates src/auth/auth.service.ts][Creates src/middleware/validation.ts]โ All tests passing๐ต REFACTOR: Improving structure...[Extracts validation logic, adds error handling]โ Tests still passing after refactorโ Task 2 complete - marked [x]---Task 3: Write comprehensive tests[Adds unit tests for validation functions][Adds integration tests for API endpoint][Adds edge case tests]โ 15 tests written, all passingโ Task 3 complete - marked [x]---Task 4: Create frontend registration form๐ด RED: Writing component tests...[Creates src/components/RegistrationForm.test.tsx]โ Tests failing (component doesn't exist)๐ข GREEN: Implementing component...[Creates src/components/RegistrationForm.tsx][Creates src/hooks/useRegister.ts with React Query]โ All tests passingโ Task 4 complete - marked [x]---โ All tasks complete!Validating definition of done:- [x] All tasks marked complete- [x] All acceptance criteria satisfied- [x] Unit tests added (12 tests)- [x] Integration tests added (8 tests)- [x] All tests passing (20/20)- [x] Code quality checks pass- [x] File List updatedStory status updated to "review" in sprint-status.yaml---๐ก **Implementation Complete****Story:** 1-1-user-registration **Status:** review **Files Changed:** 12 files**Key Changes:**- Created user database schema with Prisma- Implemented registration API endpoint with validation- Added comprehensive test coverage (20 tests, 100% passing)- Built registration form component with React Hook Form**Next Steps:**1. Review the implementation in the story file2. Test the registration flow manually3. Run code-review workflow (recommended: use different LLM)๐ก **Tip:** For best results, run `code-review` using a **different** LLM than the one that implemented this story.
For best results, use a different LLM for code review than the one that implemented the story. This provides fresh perspective.
1
Start a fresh chat (in different LLM if possible)
2
Load the Developer agent
/bmad-agent-bmm-dev
3
Run code review
/bmad-bmm-code-review
Amelia (now acting as senior reviewer) will:
Load the story and review all changed files
Analyze code quality, patterns, security
Check test coverage and quality
Validate architecture compliance
Create action items for any issues found
Example review output:
View example code review
## Senior Developer Review (AI)**Reviewed:** 2026-03-04 **Reviewer:** Amelia (Senior Developer - AI) **Outcome:** โ Approved with minor suggestions### Action Items#### High Priority- [ ] None#### Medium Priority- [x] Add rate limiting to registration endpoint (AC-1)- [x] Add integration test for concurrent duplicate registrations (AC-5)#### Low Priority (Optional)- [ ] Consider extracting bcrypt config to environment variable- [ ] Add JSDoc comments to auth service methods### Detailed Findings**Code Quality:** โ Excellent- Clean separation of concerns (controller/service)- Proper error handling throughout- TypeScript types well-defined**Testing:** โ Comprehensive- 20 tests covering all acceptance criteria- Good coverage of edge cases- Both unit and integration tests present**Security:** โ Strong- Passwords properly hashed with bcrypt- JWT tokens generated correctly- No sensitive data in logs- Input validation on both client and server**Architecture Compliance:** โ Full- Follows Express/TypeScript patterns from architecture- Prisma used correctly for database access- React Hook Form implemented as specified**Suggestions:**1. Rate limiting would prevent abuse (see Medium priority items)2. Concurrent registration test would catch race conditions
If review finds issues, re-run dev-story to address them. The Dev agent will automatically detect the review context and prioritize fixing review items.
Review complete! Once all items are addressed, manually update sprint-status:
This launches Party Mode where multiple agent personas collaborate:
Bob (Scrum Master) facilitates
Amelia (Developer) shares technical insights
Winston (Architect) discusses patterns
John (PM) evaluates business value
You participate as project lead
Example Party Mode interaction:
Bob (Scrum Master): "Welcome to the Epic 1 retrospective! Let's reflect on our authentication implementation. What went well?"Amelia (Developer): "The TDD approach caught several edge cases early. The Prisma schema migrations worked smoothly."Winston (Architect): "I'm pleased we stuck with bcrypt and JWT as specified. The separation between auth service and controller is clean."You: The clear story files with dev notes made implementation straightforward.Bob: "Excellent. What could we improve for Epic 2?"Amelia: "Rate limiting came up in code review but wasn't in original stories. We should add that to Epic 2 planning."John (PM): "Good catch. I'll note that for course correction. We might add a story for security enhancements across all endpoints."
