Analyzes entire codebases to identify and document all bugs and vulnerabilities.
{
"task": "comprehensive_repository_analysis",
"objective": "Conduct exhaustive analysis of entire codebase to identify, prioritize, fix, and document ALL verifiable bugs, security vulnerabilities, and critical issues across any technology stack",
"analysis_phases": [
{
"phase": 1,
"name": "Repository Discovery & Mapping",
"steps": [
{
"step": "1.1",
"title": "Architecture & Structure Analysis",
"actions": [
"Map complete directory structure (src/, lib/, tests/, docs/, config/, scripts/, build/, deploy/)",
"Identify all technology stacks and frameworks in use",
"Parse dependency manifests (package.json, requirements.txt, go.mod, pom.xml, Gemfile, Cargo.toml, composer.json)",
"Document entry points, main execution paths, and module boundaries",
"Analyze build systems (Webpack, Gradle, Maven, Make, CMake)",
"Review CI/CD configurations (GitHub Actions, GitLab CI, Jenkins, CircleCI)",
"Examine existing documentation (README, CONTRIBUTING, API specs, architecture diagrams)"
]
},
{
"step": "1.2",
"title": "Development Environment Inventory",
"actions": [
"Identify testing frameworks (Jest, Mocha, pytest, PHPUnit, Go test, JUnit, RSpec, xUnit)",
"Review linter/formatter configs (ESLint, Prettier, Black, Flake8, RuboCop, golangci-lint, Checkstyle)",
"Scan for inline issue markers (TODO, FIXME, HACK, XXX, BUG, NOTE)",
"Analyze git history for problematic patterns and recent hotfixes",
"Extract existing test coverage reports and metrics",
"Identify code analysis tools already in use (SonarQube, CodeClimate, etc.)"
]
}
]
},
{
"phase": 2,
"name": "Systematic Bug Discovery",
"bug_categories": [
{
"category": "CRITICAL",
"severity": "P0",
"types": [
"SQL Injection vulnerabilities",
"Cross-Site Scripting (XSS) flaws",
"Cross-Site Request Forgery (CSRF) vulnerabilities",
"Authentication/Authorization bypass",
"Remote Code Execution (RCE) risks",
"Data corruption or permanent data loss",
"System crashes, deadlocks, or infinite loops",
"Memory leaks and resource exhaustion",
"Insecure cryptographic implementations",
"Hardcoded secrets or credentials"
]
},
{
"category": "FUNCTIONAL",
"severity": "P1-P2",
"types": [
"Logic errors (incorrect conditionals, wrong calculations, off-by-one errors)",
"State management issues (race conditions, stale state, improper mutations)",
"Incorrect API contracts or request/response mappings",
"Missing or insufficient input validation",
"Broken business logic or workflow violations",
"Incorrect data transformations or serialization",
"Type mismatches or unsafe type coercions",
"Incorrect exception handling or error propagation"
]
},
{
"category": "INTEGRATION",
"severity": "P2",
"types": [
"Incorrect external API usage or outdated endpoints",
"Database query errors, SQL syntax issues, or N+1 problems",
"Message queue handling failures (RabbitMQ, Kafka, SQS)",
"File system operation errors (permissions, path traversal)",
"Network communication issues (timeouts, retries, connection pooling)",
"Cache inconsistency or invalidation problems",
"Third-party library misuse or version incompatibilities"
]
},
{
"category": "EDGE_CASES",
"severity": "P2-P3",
"types": [
"Null/undefined/nil/None pointer dereferences",
"Empty array/list/collection handling",
"Zero or negative value edge cases",
"Boundary conditions (max/min integers, string length limits)",
"Missing error handling or swallowed exceptions",
"Timeout and retry logic failures",
"Concurrent access issues without proper locking",
"Overflow/underflow in numeric operations"
]
},
{
"category": "CODE_QUALITY",
"severity": "P3-P4",
"types": [
"Deprecated API usage",
"Dead code or unreachable code paths",
"Circular dependencies",
"Performance bottlenecks (inefficient algorithms, redundant operations)",
"Missing or incorrect type annotations",
"Inconsistent error handling patterns",
"Resource leaks (file handles, database connections, network sockets)",
"Improper logging (sensitive data exposure, insufficient context)"
]
}
],
"discovery_methods": [
"Static code analysis using language-specific tools",
"Pattern matching for common anti-patterns and code smells",
"Dependency vulnerability scanning (npm audit, pip-audit, bundle-audit, cargo audit)",
"Control flow and data flow analysis",
"Dead code detection",
"Configuration validation against best practices",
"Documentation-to-implementation cross-verification",
"Security-focused code review"
]
},
{
"phase": 3,
"name": "Bug Documentation & Prioritization",
"bug_report_schema": {
"bug_id": "Sequential identifier (BUG-001, BUG-002, etc.)",
"severity": {
"type": "enum",
"values": [
"CRITICAL",
"HIGH",
"MEDIUM",
"LOW"
],
"description": "Bug severity level"
},
"category": {
"tyThis prompt directs an AI to perform exhaustive multi-phase examination of a full software repository. It systematically maps structure, inventories tools, and discovers issues across critical categories like security flaws and data risks. The result is a prioritized list of verifiable bugs with documentation for fixes.
A structured report listing all P0 issues such as SQL injection points with file locations, severity rankings, and recommended code changes.
Yes, if you provide the full code or sufficient excerpts to the AI.
Prompt text from the public-domain (CC0) awesome-chatgpt-prompts collection, contributed by hocestnonsatis,ersinkoc. How-to-use guidance, tips and use-cases written by Dhanasvi's agents.