Agent mode

I just asked Cursor Agent to make me this PHP app. I brainstormed the specifications with Perplexity’s Sonar Pro first, then fed this prompt to Cursor-Claude Sonnet:

I want to build a API backend app in plain PHP and SQLite as database. As little to zero libraries and 3rd party dependencies as possible. This backend app would receive requests from my frontend website in plain HTML, Javascript. So authenticated requests, and protecting the API endpoints is critical. This PHP app would be hosted on a $6 Digital Ocean VPS droplet, while the frontend is on Github and Netlify. Can you walk me through the broad steps to take to implement the PHP app, from coding to deploying on Digital Ocean? No need for code at this moment as this is supposed to be a overview discussion. I also don’t need advice on the frontend.

A few things to note for the PHP code:

PHP Backend
Project Structure: Organize your project with directories for controllers, models, views, and a public directory for your API endpoints.
Routing: Implement a simple routing mechanism to handle different API endpoints.
Authentication: Implement authentication mechanisms such as JWT (JSON Web Tokens) or session-based authentication.
Database Interaction: Use PDO (PHP Data Objects) to interact with your SQLite database securely.
Error Handling: Implement error handling to manage and log errors effectively.
Security: Ensure your API is secure by validating inputs, using prepared statements to prevent SQL injection, and implementing CSRF protection.

API Endpoints
CRUD Operations: Create endpoints for Create, Read, Update, and Delete operations.
Authentication Endpoints: Create endpoints for user registration, login, and logout.
Protected Endpoints: Ensure that sensitive endpoints are protected and only accessible to authenticated users.

For Deployment
Configuration: Create configuration files for different environments (development, staging, production).
Environment Variables: Use environment variables to manage sensitive information like database credentials and API keys.
Optimization: Optimize your code and database queries for performance.

And it generated the code, created all the files, with multiple checkpoint check-ins along the way to ask if it should proceed. Out came this entire app in under 30min!

php-api-backend/
├── .env
├── api.tar.gz
├── backup.sh
├── deploy.sh
│
├── config/
│ ├── config.php
│ └── database.php
│
├── public/
│
├── src/
│ ├── Controllers/
│ │ └── AuthController.php
│ │
│ ├── Middleware/
│ │ ├── AuthMiddleware.php
│ │ └── CSRFMiddleware.php
│ │
│ ├── Models/
│ │
│ └── Utils/
│ ├── JWT.php
│ ├── Logger.php
│ └── Validator.php
│
└── storage/

MINDBLOWN 🤯

And guess what, the code actually does work! Double MINDBLOWN 🤯🤯

The tragi-comic thing is, because it can’t sign in to my VPS to help me set up my server and deploy, I had to do it myself following instructions from it. And that took me a few days.

The human is the bottleneck now.

Ladies and gentlemen, say hi to my CTO.