Comprehensive Repository Analysis & Bug Fixing: AI Code Audit
Description
Professional Tool for Deep Code Audit and Repair
This prompt transforms AI into a seasoned Lead Developer or Security Engineer capable of conducting an exhaustive analysis of an entire repository. It covers all stages of the development lifecycle: from architecture mapping to implementing verified fixes and generating detailed reporting.
Who is this prompt for?
- Developers: To quickly identify logical errors, memory leaks, and technical debt in complex projects.
- QA Engineers & Testers: To automatically generate test cases for edge cases and verify regressions.
- DevSecOps Specialists: To discover critical vulnerabilities (SQL Injection, XSS, RCE) and find hardcoded secrets.
- Project Managers: To get an objective assessment of the codebase health and prioritize fixes.
Key Advantages
- Deep Diagnostics: Analysis covers 5 bug categories — from critical security vulnerabilities to code quality and performance.
- Systematic Approach: The prompt includes 7 analysis phases, ensuring no issues are missed even in large repositories.
- TDD-Oriented: Proposes implementing fixes by writing a failing test first, ensuring the reliability of changes.
- Output Flexibility: Data can be presented in Markdown, JSON, or CSV for easy integration into Jira or GitHub Issues.
>_ Prompt
{
"task": "comprehensive_repository_analysis",
"objective": "Conduct exhaustive analysis of entire codebase to identify, prioritize, fix, and document ALL verifiable bugs, security vulnerabilities, and critical issues across any technology stack",
"analysis_phases": [
{
"phase": 1,
"name": "Repository Discovery & Mapping",
"steps": [
{
"step": "1.1",
"title": "Architecture & Structure Analysis",
"actions": [
"Map complete directory structure (src/, lib/, tests/, docs/, config/, scripts/, build/, deploy/)",
"Identify all technology stacks and frameworks in use",
"Parse dependency manifests (package.json, requirements.txt, go.mod, pom.xml, Gemfile, Cargo.toml, composer.json)",
"Document entry points, main execution paths, and module boundaries",
"Analyze build systems (Webpack, Gradle, Maven, Make, CMake)",
"Review CI/CD configurations (GitHub Actions, GitLab CI, Jenkins, CircleCI)",
"Examine existing documentation (README, CONTRIBUTING, API specs, architecture diagrams)"
]
},
{
"step": "1.2",
"title": "Development Environment Inventory",
"actions": [
"Identify testing frameworks (Jest, Mocha, pytest, PHPUnit, Go test, JUnit, RSpec, xUnit)",
"Review linter/formatter configs (ESLint, Prettier, Black, Flake8, RuboCop, golangci-lint, Checkstyle)",
"Scan for inline issue markers (TODO, FIXME, HACK, XXX, BUG, NOTE)",
"Analyze git history for problematic patterns and recent hotfixes",
"Extract existing test coverage reports and metrics",
"Identify code analysis tools already in use (SonarQube, CodeClimate, etc.)"
]
}
]
},
{
"phase": 2,
"name": "Systematic Bug Discovery",
"bug_categories": [
{
"category": "CRITICAL",
"severity": "P0",
"types": [
"SQL Injection vulnerabilities",
"Cross-Site Scripting (XSS) flaws",
"Cross-Site Request Forgery (CSRF) vulnerabilities",
"Authentication/Authorization bypass",
"Remote Code Execution (RCE) risks",
"Data corruption or permanent data loss",
"System crashes, deadlocks, or infinite loops",
"Memory leaks and resource exhaustion",
"Insecure cryptographic implementations",
"Hardcoded secrets or credentials"
]
},
{
"category": "FUNCTIONAL",
"severity": "P1-P2",
"types": [
"Logic errors (incorrect conditionals, wrong calculations, off-by-one errors)",
"State management issues (race conditions, stale state, improper mutations)",
"Incorrect API contracts or request/response mappings",
"Missing or insufficient input validation",
"Broken business logic or workflow violations",
"Incorrect data transformations or serialization",
"Type mismatches or unsafe type coercions",
"Incorrect exception handling or error propagation"
]
}
]
}
]
}