Skip to content
Flows
0/5 steps0%

Step 1 of 5

Audit environment and config

Dev leftovers are the classic production faceplant.

Prompt capsule

Audit environment readiness. Check: no hardcoded localhost/dev URLs or ports in frontend or backend code (all from env vars); secrets only in environment config, none in the repo or bundle; debug modes/verbose logging off for production; CORS configured for the real origin; error pages not exposing stack traces; dependency lockfiles consistent. Fix every finding and list file-by-file changes.

Paste into Claude · Complete implementation prompt with explicit requirements

Expected after this step

A clean config audit: env-driven URLs, no secrets, prod modes on.

Should not happen

  • localhost URLs shipped in frontend calls
  • One backend hiccup white-screening the app
  • Test users and lorem data visible to real users
  • Ship decisions made without listing known risks

Verify before continuing

Do not move on until every check is true. The complete button stays locked until then.

Do not continue if…

  • !localhost URLs shipped in frontend calls
  • !One backend hiccup white-screening the app
  • !Test users and lorem data visible to real users
  • !Ship decisions made without listing known risks

If the AI messes this up

Use this when the AI fakes progress or breaks the feature. It forces a real fix.

Hardcoded URLs remain 'because it works'. Replace every one with the environment variable and verify the app still works through the configured values.

Your notes for this step