PromptBase
Upgrade
Close icon
General
Home
Marketplace
Create
Hire
Login
Chat
Sell
Explore

Prompt Details

Model
(claude-5-sonnet)
Token size
1,670
Example input
[PLATFORM_CONTEXT]: microSaaS — Laravel 10 + Vue 3 + MySQL + Redis. 500 users. Founder (sole developer) left. No handover. Codebase: 25K LOC. No tests. No CI/CD. [CODEBASE_SNAPSHOT]: Laravel: app/Models/ (8 models), app/Http/Controllers/ (18 controllers), app/Services/ (6 service classes), app/Jobs/ (4 queue jobs), routes/ (web.php, api.php). Vue 3: resources/js/ (12 page components, 25 reusable components, Pinia stores). Key: custom subscription billing (not using Laravel Cashier), manual invoice generation, complex role/permission system (Spatie Permission), scheduled jobs for reports, Redis for caching + queues. Deployment: manual via Forge. Secrets: hardcoded in config files (Stripe keys, mail password). Database: 30 tables, 3 custom migrations that modify core Laravel tables. [ENGINEER_PROFILE]: Full-stack developer, 4 years Laravel, 3 years Vue, knows the stack well but never took over a production app alone. Needs to stabilize and then add features. [ONBOARDING_GOALS]: Week 1: Secure the application (secrets, access, backup), understand data model. Week 2: Set up CI/CD, write first tests for critical paths. Week 3: Add "export to Excel" feature for reports.
Example output
# Codebase Onboarding Path: Laravel/Vue microSaaS Takeover ## 1. CODEBASE ASSESSMENT - **Platform:** microSaaS — Laravel 10 + Vue 3 + MySQL + Redis, 500 users, 25K LOC - **Complexity:** High (custom billing logic + custom permission system + zero tests = high hidden-risk surface despite modest LOC) - **Documentation State:** None (sole founder-developer, no handover) - **Biggest Risk:** Hardcoded secrets (Stripe keys, mail password) sitting in config files in what may be a version-controlled repo — this is a live security/compliance exposure, not just a code-quality issue. Second risk: custom subscription billing means Stripe webhook handling and invoice state logic exist only in this developer's head, encoded in code with no tests to reveal edge cases. - **Safety Priority:** Rotate and remove hardcoded secrets, verify backup integrity, and lock down access (Forge, database, Stripe dashboard, admin accounts) before anyone touches business logic. ## 2. ONBOARDING PATH Since the engineer is senior (4 yrs Laravel, 3 yrs Vue), the timeline is compressed but **security and data-model fundamentals are not skipped** — they're inherited-codebase non-negotiables. ### Week 1: Foundation & Security Lockdown **Day 1 — Access Audit & Secrets** - Setup: Get Forge access, database credentials, Stripe dashboard access, mail provider access, domain/DNS access. Confirm who else (if anyone) has admin access to any of these. - Files to read: `config/services.php`, `.env.example` (or `.env` if committed — flag immediately if so), `config/database.php` - Concept: Where secrets currently live vs. where they should live (`.env`, not tracked in git) - Hands-on: Move every hardcoded key (Stripe, mail) out of config files into `.env`, rotate the Stripe keys in the Stripe dashboard (old ones may be exposed in git history even after removal), rotate the mail password. Confirm `.env` is in `.gitignore`. - Milestone: "By end of Day 1, no live secret exists in a committed file, and all previously-exposed keys have been rotated." **Day 2 — Backup Verification & Deployment Reality Check** - Setup: Locate and test-restore the most recent database backup to a local/staging environment. Confirm backup frequency and retention. - Files to read: Forge deployment script (or `deploy.sh` if present), any `.forge` config - Concept: What "manual deploy via Forge" actually means step-by-step — is it git push + manual button click? Are there manual steps (migrations, cache clear) a person must remember? - Hands-on: Do a full deploy to staging (or a cloned production instance) manually, documenting every step as you go — this becomes your first README. - Milestone: "You've restored a backup successfully and can deploy the app end-to-end without the previous developer." **Day 3 — Data Model Deep Dive** - Files to read: `app/Models/` (all 8, skim), the 3 custom migrations that modify core Laravel tables (read these carefully), `database/schema` dump or run `php artisan schema:dump` if not present - Concept: Why 3 migrations touch core Laravel tables — this is almost always either auth extension or permission-system wiring (Spatie). Understand exactly what was changed and why before you migrate anything else. - Hands-on: Generate an ER diagram (manually or via a tool like `laravel-erd`) of all 30 tables. Annotate which tables are "core Laravel," which are Spatie Permission, and which are custom billing. - Milestone: "You can draw the subscription → invoice → user relationship from memory." **Day 4 — Custom Billing Logic (highest-risk business logic)** - Files to read: `app/Services/` — specifically whichever service class(es) handle billing/invoicing (identify by name, likely something like `BillingService.php` or `InvoiceService.php`) - Concept: Since this isn't Laravel Cashier, there's no framework safety net — trace the full lifecycle: subscription created → recurring charge → invoice generated → failure handling. Ask: what happens on a failed payment? Is there retry logic? Dunning? - Hands-on: Trace one full billing cycle in code, from the Stripe webhook endpoint (check `routes/api.php` for the webhook route) through to invoice record creation. Write down every assumption the code makes about Stripe's behavior. - Milestone: "You can explain what happens, step by step, when a customer's card is declined." **Day 5 — Permissions & Roles** - Files to read: Spatie Permission config, seeder or migration that defines roles, one controller that uses permission middleware/gates - Concept: What roles exist, what they can do, and whether the custom migrations from Day 3 altered Spatie's default behavior - Hands-on: Map every role to what it can access. Test logging in as each role type in staging. - Milestone: "By end of Week 1, you can independently secure, deploy, back up, and explain billing + permissions for this app — without the founder." ### Week 2: CI/CD & First Tests **Day 6-7 — CI/CD Pipeline Setup** - Set up GitHub Actions (or your CI tool of choice) for: lint → test → deploy-on-merge-to-main. Start simple; Forge deploy can stay manual initially or be triggered via webhook. - Hands-on: First green CI run on a trivial PR. - Milestone: "A pull request now runs automated checks before merge." **Day 8-9 — First Tests on Critical Paths** - Priority order for test coverage: (1) billing/invoice generation logic, (2) permission/role access checks, (3) the 4 queue jobs (especially the report jobs, since scheduled job failures are silent by default). - Hands-on: Write feature tests for the Stripe webhook handler and one permission gate. This is the highest-leverage testing you can do given zero existing coverage. - Milestone: "The riskiest untested code path (billing) now has at least basic regression coverage." **Day 10 — Review & Stabilization Check-in** - Self-review: has anything broken in staging? Any surprises from testing that reveal bugs in the inherited billing logic? - Milestone: "You feel confident this app won't silently break from a change you make." ### Week 3: First Feature — Export to Excel **Day 11-12 — Design & Data Access** - Files to read: the controller for whichever report(s) need exporting, relevant Eloquent model/query - Hands-on: Add `maatwebsite/excel` (Laravel Excel) package, scaffold an Export class for the target report. - Milestone: "Export class generates a correct .xlsx for a single report type in local dev." **Day 13-14 — Ship It** - Hands-on: Add the frontend trigger (Vue component/button), wire to a new export route, test via CI, deploy through the now-functioning pipeline. - Milestone: "First feature shipped through your own CI/CD pipeline, with a test covering the export endpoint." ## 3. CONCEPT MASTERY CHECKLIST | # | Concept | Verification Method | Priority | |---|---------|---------------------|----------| | 1 | Secrets management (.env vs config) | No secrets remain in committed files; keys rotated | Must | | 2 | Custom billing lifecycle | Can verbally trace subscription→charge→invoice→failure | Must | | 3 | Core-table migrations impact | Can explain what each of the 3 migrations changed | Must | | 4 | Spatie role/permission mapping | Can list every role and its access scope | Must | | 5 | Backup/restore process | Has successfully restored a backup | Must | | 6 | Deployment process (Forge) | Has deployed independently without prior notes | Must | | 7 | Redis usage split (cache vs queue) | Can identify which keys/queues serve which purpose | Should | | 8 | Scheduled report jobs | Knows schedule, can manually trigger and verify output | Should | | 9 | CI/CD pipeline | Pipeline runs green on a real PR | Should | | 10 | Frontend state (Pinia) architecture | Can trace one store's data flow to a component | Nice | ## 4. CRITICAL FILE MAP | Category | File Path | Why It Matters | When to Read | |----------|-----------|-----------------|---------------| | Secrets | `config/services.php` | Currently holds hardcoded keys | Day 1 | | Env | `.env` / `.env.example` | Where secrets should live | Day 1 | | Deployment | Forge deploy script | Only record of the deploy process | Day 2 | | Migrations | The 3 core-table migrations | Non-standard Laravel behavior lives here | Day 3 | | Data Model | `app/Models/*.php` (8 files) | Full domain model | Day 3 | | Billing | `app/Services/BillingService.php` (or equivalent) | Custom, untested, highest financial risk | Day 4 | | Billing | Stripe webhook route in `routes/api.php` | Entry point for all payment events | Day 4 | | Permissions | Spatie seeder/config | Defines the entire access model | Day 5 | | Jobs | `app/Jobs/*.php` (4 files) | Scheduled/queued logic, silent-failure risk | Day 5 | | Frontend entry | `resources/js/app.js` (or main entry) | Vue app bootstrap, Pinia store registration | Week 2 | | Reports | Controller behind target export report | Target for Week 3 feature | Day 11 | ## 5. KNOWN LANDMINES | Landmine | Location | Why It's Dangerous | How to Navigate | |----------|----------|---------------------|-------------------| | Hardcoded secrets | `config/services.php` and possibly `.env` in git history | Live credentials exposed to anyone with repo access, including in git log even after removal | Rotate keys immediately, purge from git history if repo is ever made public/shared | | Custom billing (no Cashier) | `app/Services/` billing class | No framework safety net; edge cases (failed payments, proration, cancellation) are hand-rolled and untested | Trace every code path before modifying; write tests before touching | | Core-table migrations | 3 custom migrations | Could conflict with future Laravel upgrades or Spatie package updates if they altered expected schema | Document exactly what changed; treat any framework/package upgrade as high-risk until reviewed | | No tests, no CI | Entire codebase | Any change could silently break billing or permissions with no automated signal | Prioritize test coverage on billing/permissions before adding new features | | Manual Forge deploy | Deployment process | Undocumented manual steps could be forgotten, causing partial/broken deploys | Document every step Day 2; automate what you can in Week 2 | | Scheduled report jobs | `app/Jobs/` | Failures in scheduled jobs are often silent unless explicitly logged/alerted | Add failure logging/alerting as part of Week 2 stabilization | ## 6. MENTOR CHECKPOINTS Since the founder is gone, there's no internal mentor — these become **self-checkpoints** or, ideally, points to loop in a trusted senior engineer/consultant for a second pair of eyes: | Day | Checkpoint | What to Review | |-----|-----------|-----------------| | 1 | Secrets rotated | Confirm no keys remain exposed anywhere, including git history | | 3 | Data model + migrations understood | Can you explain the 3 core-table changes to someone else? | | 5 | Billing logic traced | Walk an outside reviewer through the billing lifecycle — fresh eyes often catch what you've normalized | | 10 | CI/CD + first tests | Confirm pipeline actually blocks bad merges, not just runs | | 14 | First feature shipped | Full review of the export feature before wider rollout | --- A note on sequencing: given the hardcoded secrets, I'd treat Day 1 as non-negotiable even if it feels like it's cutting into "real" onboarding time — an exposed Stripe key on a live 500-user billing system is the kind of risk that outranks everything else on this list.
🌀 Claude

Codebase Onboarding Path Generator

$29.99-25%
$22.49
SPECIAL PROMOTION — Offer ends 5 July
Add to Cart
Instant accessInstant access
Usage rightsCommercial use
Money-back guaranteeMoney‑back
By purchasing this prompt, you agree to our terms of service
CLAUDE-5-SONNET
Tested icon
Guide icon
4 examples icon
Free credits icon
Personalized Learning Path for Navigating Unfamiliar Codebases | **Model** | Built and tested for Claude (Opus/Sonnet/fable). On GPT-4o/Gemini, add "Do not omit a required output section even if input is sparse — state 'insufficient data' explicitly instead" as a reinforcement line — Claude follows this constraint more reliably by default. | | **Cognitive Theory** | F21 (Mental Model) + F23 (Cognitive Load) |
...more
Added 5 hours ago
Report
Browse Marketplace