Prompt Library

You are an elite full-stack software engineer, SEO specialist, security auditor, and performance optimization expert. I need you to perform a COMPREHENSIVE, DEEP-DIVE audit of my entire codebase. Leave no file unexamined. Be brutally honest, thorough, and actionable.

  📋 PHASE 1: CODEBASE ARCHITECTURE & STRUCTURE ANALYSIS

1.  Project Structure Review 
   - Analyze folder/file organization and naming conventions
   - Identify misplaced files, redundant directories, or poor architectural patterns
   - Evaluate if the project follows standard conventions for its framework/language
   - Check for proper separation of concerns (MVC, MVVM, Clean Architecture, etc.)
   - Identify circular dependencies
   - Review monorepo vs multi-repo decisions if applicable

2.  Dependency Audit 
   - List all outdated dependencies and suggest latest stable versions
   - Identify unused dependencies (dead packages)
   - Flag dependencies with known vulnerabilities (CVEs)
   - Find duplicate dependencies doing the same thing
   - Evaluate bundle size impact of each dependency
   - Suggest lighter alternatives where possible
   - Check for dependency version conflicts
   - Review lock file integrity

  🔒 PHASE 2: SECURITY AUDIT (CRITICAL)

3.  Security Vulnerabilities Scan 
   - SQL Injection vulnerabilities
   - Cross-Site Scripting (XSS) vulnerabilities
   - Cross-Site Request Forgery (CSRF) vulnerabilities
   - Server-Side Request Forgery (SSRF)
   - Insecure Direct Object References (IDOR)
   - Authentication & Authorization flaws
   - Broken Access Control
   - Sensitive data exposure (API keys, secrets, passwords, tokens in code)
   - Check .env files and environment variable handling
   - Review .gitignore for sensitive file exclusions
   - Insecure deserialization
   - XML External Entity (XXE) attacks
   - Path traversal vulnerabilities
   - Rate limiting and brute force protection
   - CORS misconfiguration
   - Security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options, etc.)
   - Cookie security flags (HttpOnly, Secure, SameSite)
   - Input validation and sanitization on ALL user inputs
   - File upload vulnerabilities
   - Session management issues
   - JWT implementation flaws (if applicable)
   - API security (authentication, rate limiting, input validation)

  ⚡ PHASE 3: PERFORMANCE OPTIMIZATION

4.  Frontend Performance 
   - Identify render-blocking resources
   - Image optimization opportunities (format, size, lazy loading, WebP/AVIF)
   - Code splitting and lazy loading implementation
   - Bundle size analysis and tree-shaking opportunities
   - Unused CSS/JS detection and removal
   - Critical CSS extraction
   - Font loading optimization (font-display, preloading, subsetting)
   - Third-party script impact analysis
   - Virtual scrolling needs for large lists
   - Memoization opportunities (React.memo, useMemo, useCallback)
   - Unnecessary re-renders detection
   - Web Vitals optimization (LCP, FID/INP, CLS, TTFB, FCP)
   - Service Worker / PWA opportunities
   - Prefetching and preloading strategies
   - Animation performance (GPU acceleration, will-change, requestAnimationFrame)
   - DOM size and complexity reduction

5.  Backend Performance 
   - Database query optimization (N+1 queries, missing indexes, slow queries)
   - Caching strategy review (Redis, Memcached, in-memory, HTTP caching)
   - API response time optimization
   - Connection pooling
   - Memory leaks detection
   - Async/await and Promise optimization
   - Pagination implementation review
   - Data serialization efficiency
   - Compression (gzip, brotli) implementation
   - CDN utilization
   - Database schema optimization
   - Query result caching
   - Background job processing for heavy tasks
   - Rate limiting implementation
   - Load balancing readiness

  🔍 PHASE 4: SEO DEEP AUDIT (COMPREHENSIVE)

6.  Technical SEO 
   - Meta tags audit (title, description, keywords on EVERY page)
   - Open Graph tags for social sharing (og:title, og:description, og:image, og:url, og:type)
   - Twitter Card meta tags
   - Canonical URL implementation
   - Hreflang tags for internationalization
   - XML Sitemap generation and accuracy
   - Robots.txt configuration review
   - Schema.org structured data / JSON-LD implementation
     - Organization schema
     - Website schema
     - BreadcrumbList schema
     - Article/BlogPosting schema
     - Product schema (if e-commerce)
     - FAQ schema
     - HowTo schema
     - Review/Rating schema
     - LocalBusiness schema (if applicable)
     - Event schema (if applicable)
   - Page load speed impact on SEO
   - Mobile-friendliness and responsive design
   - URL structure and slug optimization
   - Internal linking strategy
   - Breadcrumb navigation
   - 404 error page optimization
   - 301 redirect implementation
   - Pagination SEO (rel="next", rel="prev" or load more)
   - AMP implementation assessment

7.  On-Page SEO 
   - Heading hierarchy (H1-H6) on every page - ensure single H1, logical structure
   - Image alt text audit on ALL images
   - Image filename optimization
   - Anchor text optimization for internal links
   - Content-to-code ratio
   - Keyword density and placement analysis
   - URL length and keyword inclusion
   - Meta description length (150-160 chars) and uniqueness
   - Title tag length (50-60 chars) and uniqueness
   - Duplicate content issues
   - Thin content pages identification
   - Link equity distribution

8.  Core Web Vitals for SEO 
   - Largest Contentful Paint (LCP) - target < 2.5s
   - Interaction to Next Paint (INP) - target < 200ms
   - Cumulative Layout Shift (CLS) - target < 0.1
   - Time to First Byte (TTFB) - target < 800ms
   - First Contentful Paint (FCP) - target < 1.8s

9.  Rendering & Crawlability 
   - SSR vs CSR vs SSG vs ISR assessment for SEO
   - JavaScript rendering issues for search engine crawlers
   - Dynamic rendering needs
   - Pre-rendering implementation
   - Hydration issues
   - Check if content is accessible without JavaScript

  🧹 PHASE 5: CODE QUALITY & BEST PRACTICES

10.  Code Quality Issues 
    - Dead code detection (unused functions, variables, imports, components)
    - Code duplication (DRY violations) - identify and suggest abstractions
    - Complex functions that need refactoring (cyclomatic complexity)
    - Functions/files that are too long
    - Inconsistent coding style
    - Magic numbers and strings - suggest constants/enums
    - Poor variable/function naming
    - Missing or inadequate comments on complex logic
    - Console.log/debug statements left in production code
    - TODO/FIXME/HACK comments that need resolution
    - Proper use of design patterns
    - SOLID principles violations
    - Anti-patterns detection

11.  Error Handling 
    - Missing try-catch blocks
    - Unhandled promise rejections
    - Generic error catches that swallow errors
    - Missing error boundaries (React)
    - User-facing error messages quality
    - Error logging implementation
    - Graceful degradation strategies
    - Fallback UI components
    - Network error handling
    - Timeout handling

12.  TypeScript/Type Safety  (if applicable)
    - `any` type usage that should be properly typed
    - Missing type definitions
    - Improper type assertions
    - Missing interface/type exports
    - Enum vs union type usage
    - Generic type opportunities
    - Strict mode compliance
    - Null/undefined safety

  ♿ PHASE 6: ACCESSIBILITY (A11Y) AUDIT

13.  WCAG 2.1 AA Compliance 
    - Semantic HTML usage
    - ARIA labels and roles
    - Keyboard navigation support
    - Focus management and visible focus indicators
    - Color contrast ratios (minimum 4.5:1 for normal text, 3:1 for large text)
    - Screen reader compatibility
    - Alt text for all meaningful images
    - Form label associations
    - Skip navigation links
    - Language attribute on HTML tag
    - Responsive text sizing (rem/em vs px)
    - Touch target sizes (minimum 44x44px)
    - Motion/animation respect for prefers-reduced-motion
    - Dark mode support with prefers-color-scheme
    - Error identification and description in forms
    - Status messages for dynamic content
    - Consistent navigation patterns
    - No content that flashes more than 3 times per second

  🧪 PHASE 7: TESTING AUDIT

14.  Test Coverage & Quality 
    - Identify untested critical paths
    - Missing unit tests for utilities/helpers
    - Missing integration tests for API routes
    - Missing E2E tests for critical user flows
    - Test quality assessment (are tests actually testing the right things?)
    - Mock/stub usage review
    - Test naming conventions
    - Snapshot test overuse
    - Missing edge case tests
    - Missing error scenario tests
    - CI/CD pipeline test integration

  📱 PHASE 8: RESPONSIVE DESIGN & CROSS-BROWSER

15.  Responsiveness 
    - Mobile-first approach verification
    - Breakpoint consistency
    - Touch-friendly interactive elements
    - Viewport meta tag configuration
    - Flexible layouts (Flexbox/Grid usage)
    - Image responsiveness (srcset, sizes, picture element)
    - Typography scaling
    - Navigation mobile patterns
    - Form usability on mobile
    - Horizontal scroll issues

  🏗️ PHASE 9: DevOps & DEPLOYMENT

16.  Build & Deployment 
    - Build optimization (parallel builds, caching)
    - Environment configuration management
    - CI/CD pipeline review
    - Docker configuration (if applicable)
    - Logging and monitoring setup
    - Health check endpoints
    - Graceful shutdown handling
    - Database migration strategy
    - Backup strategy
    - Disaster recovery plan
    - Feature flags implementation

  📊 PHASE 10: ANALYTICS & MONITORING

17.  Observability 
    - Analytics implementation (Google Analytics 4, etc.)
    - Error tracking (Sentry, etc.)
    - Performance monitoring (Real User Monitoring)
    - User behavior tracking
    - Conversion tracking setup
    - Custom event tracking
    - Dashboard and alerting setup

---

  📝 OUTPUT FORMAT REQUIREMENTS:

For EVERY issue found, provide:

 # 🔴 CRITICAL | 🟡 WARNING | 🟢 SUGGESTION

 Issue:  [Clear description of the problem]
 File:  [Exact file path and line number]
 Current Code:  [Show the problematic code snippet]
 Fixed Code:  [Show the complete corrected code]
 Impact:  [What this issue affects - security/performance/SEO/UX/maintainability]
 Priority:  [P0-Critical, P1-High, P2-Medium, P3-Low]

---

  SUMMARY REQUIREMENTS:

After the full audit, provide:

1.  Executive Summary  - Overall health score (1-100) with breakdown by category
2.  Critical Issues List  - Must fix immediately (security & breaking bugs)
3.  Quick Wins  - Easy fixes with high impact
4.  Strategic Improvements  - Longer-term architectural improvements
5.  SEO Score Card  - Current estimated SEO score with specific improvement projections
6.  Performance Score Card  - Estimated Lighthouse scores with improvement targets
7.  Accessibility Score Card  - WCAG compliance level assessment
8.  Technical Debt Inventory  - Cataloged with estimated effort to resolve
9.  Prioritized Action Plan  - Ordered by impact/effort ratio
10.  Recommended Tools  - Specific tools to add for ongoing code quality

---

  IMPORTANT INSTRUCTIONS:
- Scan EVERY SINGLE FILE in the codebase. Do not skip any file.
- Be specific with file paths and line numbers.
- Provide COMPLETE, COPY-PASTEABLE code fixes, not partial snippets.
- Don't just identify problems - provide the EXACT solution.
- Consider the FULL context of the application when making suggestions.
- Flag any architectural decisions that won't scale.
- Identify any potential legal/compliance issues (GDPR, CCPA, cookie consent, etc.)
- Check for proper licensing of dependencies.
- If you see something good, mention it too - acknowledge best practices already in place.

START THE AUDIT NOW. Be thorough. Be ruthless. Miss nothing.