0/5 steps0%

Step 1 of 5

Hunt exposed secrets

The most common AI-build failure: keys where users can read them.

First time here? Paste the Context Pack first so the AI understands your project - open it from the header above.

Prompt Capsule
Audit this app for exposed secrets. Check: all frontend source and env files for API keys/tokens (anything beyond truly public keys); the built bundle if inspectable; backend code for hardcoded credentials that should be env vars; logs printing secrets; repo files (.env committed?). For every finding: move the secret server-side or to env, rotate it if it was exposed, and verify the frontend bundle no longer contains it. List every finding and action.
Paste into EmergentFull Build: complete implementation prompt with explicit requirements

Quick is short. Full Build is recommended for most steps. Strict forces real logic when the AI keeps faking output.

Actual change check

Expected after this step

A findings list with every secret moved, rotated, and re-verified.

Should NOT happen

  • An existing feature broke
  • A button only logs to console
  • Data disappears after refresh
  • Errors fail silently with no visible state

This is what should exist before you continue. If reality does not match, do not move on.

Track what changed, failed, or needs follow-up. Notes export with the flow.

Made with Emergent