` — 50-60 chars, keyword-first, format: "Page Title — Brand" - Add unique `<meta name="description">` — 150-160 chars, compelling with CTA - Add `<link rel="canonical">` with the full absolute URL - Add Open Graph tags: og:title, og:description, og:image, og:url, og:type - Add Twitter Card tags: twitter:card, twitter:title, twitter:description, twitter:image - Set robots to `index, follow` if public, `noindex, nofollow` if private 2. **Sitemap:** - Add this URL to the sitemap - Set appropriate priority (1.0 homepage, 0.8 key pages, 0.6 standard, 0.4 blog posts) - Set changefreq based on how often this content will change - If sitemap is dynamic/auto-generated, verify the new page appears 3. **llms.txt:** - If this is a significant public page (not a blog post), add it to llms.txt with a description - Update the "Updated:" date in llms.txt 4. **Internal linking:** - Add a link TO this new page from at least 1-2 relevant existing pages - Add links FROM this new page to 2-3 related existing pages - If there's a navigation menu or footer that should include this page, add it 5. **Schema markup (if applicable):** - Blog post → add Article/BlogPosting JSON-LD - FAQ page → add FAQPage JSON-LD - Product/feature page → add Product or SoftwareApplication JSON-LD - Validate with Rich Results Test 6. **Breadcrumbs:** - Ensure breadcrumb navigation includes this page - Ensure BreadcrumbList schema is updated if manually managed 7. **Heading structure:** - Verify page has exactly one `<h1>` with primary keyword - Verify heading hierarchy is logical (h1 → h2 → h3, no skips) Show me what you added. Flag if any existing pages should link to this new page that don't yet. ``` --- # ════════════════════════════════════════════════ # A2: PAGE REMOVED OR URL CHANGED # Run every time you delete a page or change a URL # ════════════════════════════════════════════════ ``` I'm making the following URL change: [DESCRIBE — e.g., "removing /old-page", "changing /features to /product", "renaming /blog/old-title to /blog/new-title"] Handle everything: 1. **301 Redirect:** - Add a permanent 301 redirect from the old URL to the new URL (or to the most relevant existing page if removing) - Implement in the framework's redirect config (next.config.js redirects, _redirects file, middleware, or server config) - If this is a complete removal with no replacement, redirect to the closest relevant page (parent section or homepage) 2. **Sitemap:** - Remove the old URL from the sitemap - Add the new URL if it's a rename/move - Update `<lastmod>` date - Verify no broken URLs in sitemap 3. **Internal links:** - Search the ENTIRE codebase for any links to the old URL - Update all internal links to point to the new URL - Check navigation menus, footers, breadcrumbs, in-content links - Search for both the full URL and the path (e.g., both "https://domain.com/old-page" and "/old-page") 4. **llms.txt:** - Remove the old URL from llms.txt - Add the new URL if it's a rename - Update the "Updated:" date 5. **Schema/JSON-LD:** - Update any schema markup that references the old URL - Check canonical URLs 6. **robots.txt:** - If the new URL should be blocked, add it to Disallow - If the old blocked URL is removed, clean up Disallow rules 7. **External references:** - List any external places I might need to manually update (Google Search Console, social profiles, directory listings, link in bio, email signatures) - The 301 redirect handles SEO, but I should update direct references where possible Search the entire codebase for references to the old URL. Show me everywhere it appeared and what you changed. ``` --- # ════════════════════════════════════════════════ # A3: NEW BLOG POST / CONTENT PUBLISHED # Run every time you publish content # ════════════════════════════════════════════════ ``` I just published new content: [TITLE / URL — e.g., "/blog/how-to-process-documents-with-ai"] **Topic:** [Brief topic description] **Target keyword:** [Primary keyword you're targeting] Set up everything for this content: 1. **Meta tags for this post:** - Title: keyword-first, under 60 chars, format: "Post Title — Brand" - Description: 150-160 chars, includes keyword, compelling enough to click - Canonical URL - OG tags with post-specific og:type="article" - Twitter Card tags - OG image — if there's a post-specific image, use it; otherwise use default 2. **Article schema (JSON-LD):** ```json { "@context": "https://schema.org", "@type": "Article", "headline": "Post Title", "description": "Post description", "author": { "@type": "Person", "name": "Author Name" }, "publisher": { "@type": "Organization", "name": "Brand", "logo": { "@type": "ImageObject", "url": "logo.png" } }, "datePublished": "ISO_DATE", "dateModified": "ISO_DATE", "image": "post-image-url", "mainEntityOfPage": { "@type": "WebPage", "@id": "canonical-url" } } ``` 3. **Sitemap:** - Verify post is in sitemap with correct URL and today's date as lastmod - Priority: 0.6 for blog posts 4. **Internal linking:** - Add links FROM this post to 2-3 related existing pages/posts - Find 1-2 existing pages/posts where a link TO this new post would be natural, and add them - If there's a blog index/listing page, verify this post appears 5. **Content SEO check:** - Primary keyword appears in: h1, first 100 words, at least one h2, URL slug, meta description, image alt text - Heading hierarchy is clean (one h1, logical h2→h3) - Post has at least 300+ words - Images have descriptive alt text - If there are any numbers, stats, or definitions — these are great for AI citation, make sure they're in clear, standalone sentences 6. **Social sharing:** - Verify OG preview looks good (paste URL in metatags.io) - If post has sharing buttons, verify they work Implement all of this for the new content piece. ``` --- # ════════════════════════════════════════════════ # A4: NEW FEATURE SHIPPED # Run when you add a significant new feature to the product # ════════════════════════════════════════════════ ``` I just shipped a new feature: [DESCRIBE THE FEATURE] **Feature page/section:** [URL if it has a dedicated page, or "integrated into existing pages"] Update everything: 1. **If new page was created:** Run the "New Page Added" checklist (Prompt A1) for it. 2. **Features page update:** - Add the new feature to the features page/section - Write a clear, benefit-focused description - Add to any feature comparison tables 3. **Homepage update (if significant):** - Consider adding to the homepage feature highlights - Update the homepage meta description if this feature changes your core value prop 4. **Schema update:** - If you have SoftwareApplication schema, update features/capabilities - If this feature adds a new content type (e.g., user reviews, events), add appropriate schema 5. **llms.txt update:** - Add feature to the description or key pages if it has its own URL - Update the "Updated:" date 6. **Changelog/What's New:** - Add entry to changelog page (if it exists) - If no changelog exists, consider creating one at /changelog 7. **Documentation:** - Add or update docs for this feature - Ensure docs page is in sitemap 8. **Announcement content:** - Draft a short blog post or social media announcement about the feature - This creates a new indexable page and gives you a fresh backlink opportunity Tell me what you updated. Suggest any marketing/content opportunities I should consider for this feature launch. ``` --- # ════════════════════════════════════════════════ # A5: DEPENDENCY / PACKAGE UPDATE # Run when you update packages or change tech # ════════════════════════════════════════════════ ``` I'm updating dependencies in this project. Do the following: 1. **Security check:** - Run `npm audit` and report findings - Fix any critical or high severity vulnerabilities - For vulnerabilities that can't be auto-fixed, tell me the risk and mitigation options 2. **Breaking changes:** - Check if any updated packages have breaking changes - Look at major version bumps specifically - Verify the build still succeeds after updates - Check for deprecation warnings in the build output 3. **Unused dependencies:** - Scan for packages in package.json that are not imported anywhere - Remove them - Check for duplicate packages (e.g., both `axios` and `node-fetch` when only one is used) 4. **Lock file:** - Ensure package-lock.json (or yarn.lock) is updated - Only one lock file exists (not both) 5. **Environment compatibility:** - Verify .nvmrc or .node-version matches the Node version in production - Check that no new env vars are required by updated packages 6. **Performance impact:** - If any large packages were updated, check bundle size impact - Flag if total bundle size increased significantly Report what was updated, what was removed, and any issues found. ``` --- --- # ════════════════════════════════════════════════════════════════ # SECTION B: WEEKLY MAINTENANCE # (Run once a week — takes 15-20 min total) # ════════════════════════════════════════════════════════════════ --- # ════════════════════════════════════════════════ # B1: WEEKLY HEALTH CHECK # Run every Monday (or your preferred day) # ════════════════════════════════════════════════ ``` Run a weekly health check on this project. 1. **Broken links scan:** - Scan every internal link in the codebase - Find any links pointing to URLs that don't exist (404s) - Find any links pointing to redirected URLs (should be updated to final destination) - Check external links in content for any that might be dead - Report all broken/redirected links with their location in the code 2. **Sitemap validation:** - Verify sitemap.xml is accessible and valid XML - Cross-check: every public page/route should be in the sitemap - Cross-check: every URL in sitemap should return 200 (not 404 or redirect) - Check that lastmod dates are accurate (recently updated pages should have recent dates) 3. **Meta tags spot check:** - Pick 5 random public pages - Verify each has: title, description, canonical, OG tags, Twitter tags - Flag any pages with missing, duplicate, or default/template meta tags - Check for any pages with "undefined" or "null" in their meta tags 4. **Console error check:** - Look for any obvious runtime errors that might appear in production - Check for missing environment variable references - Check for deprecated API usage warnings 5. **Security quick scan:** - Run `npm audit` — report any new vulnerabilities since last check - Check that no new .env or secret files were accidentally committed 6. **Performance check:** - Check if any new large assets were added (images over 500KB, large JS bundles) - Verify lazy loading is still applied to below-fold images - Flag any new render-blocking resources Give me a report card: ✅ or ❌ for each category, with specific items to fix. ``` --- # ════════════════════════════════════════════════ # B2: WEEKLY CONTENT & SEO REVIEW # Run alongside B1 or on a separate day # ════════════════════════════════════════════════ ``` Review the content and SEO status of this project. 1. **New content check:** - List all pages/routes that were added or modified this week - For each: verify meta tags, schema, sitemap inclusion, internal links - Flag any new pages that are missing SEO essentials 2. **Heading audit:** - Scan all public pages - Flag any page with zero h1 tags or multiple h1 tags - Flag any page with broken heading hierarchy (h1 → h3 skipping h2) 3. **Image audit:** - Find any images without alt attributes - Find any images without width/height attributes (CLS risk) - Find any images over 500KB that aren't optimized - Find any images still in PNG/JPEG that could be WebP 4. **Duplicate content check:** - Find any pages with identical or very similar title tags - Find any pages with identical or very similar meta descriptions - Find any pages without canonical tags 5. **Internal linking opportunities:** - Find pages with zero internal links pointing to them (orphan pages) - Find pages with very little outgoing internal links (could link to related content) - Suggest 3-5 internal linking improvements Report findings and fix what you can automatically. List items that need my manual decision. ``` --- --- # ════════════════════════════════════════════════════════════════ # SECTION C: MONTHLY MAINTENANCE # (Run once a month — deeper audit) # ════════════════════════════════════════════════════════════════ --- # ════════════════════════════════════════════════ # C1: MONTHLY FULL SEO AUDIT # Run on the 1st of every month # ════════════════════════════════════════════════ ``` Run a comprehensive monthly SEO audit on this project. **Domain:** [https://yourdomain.com] 1. **Crawl the entire site structure:** - Map out every public route/page in the project - For each page create a table: | Page | URL | Title | Title Length | Description | Desc Length | Canonical | H1 | H1 Count | OG Image | Schema Type | - Flag issues: missing fields, titles too long/short, descriptions too long/short, missing OG images, missing schema 2. **Sitemap audit:** - Every public page should be in sitemap — list any missing - Every sitemap URL should return 200 — list any that don't - No duplicate URLs in sitemap - lastmod dates should reflect actual last modification 3. **robots.txt audit:** - Verify all private routes are blocked - Verify all public routes are allowed - Verify AI crawlers are still allowed - No conflicts between robots.txt and meta robots tags 4. **Schema audit:** - List every page with JSON-LD and what type - Identify pages that SHOULD have schema but don't: - Blog posts without Article schema - FAQ content without FAQPage schema - Product/pricing without Product/Offer schema - Verify all schema would pass Google Rich Results Test (valid structure, no missing required fields) 5. **Internal link audit:** - Pages with fewest incoming internal links (orphans or near-orphans) - Pages with broken outgoing links - Anchor text analysis: flag any "click here" or "read more" generic anchor text 6. **Redirect audit:** - List all redirects in the project - Verify no redirect chains (A→B→C) - Verify no redirect loops - Verify redirected-from URLs are not still in sitemap or internal links 7. **Performance snapshot:** - List page sizes for top 10 most important pages - Flag any page over 2MB total weight - Flag any individual asset over 500KB - Check total JS bundle size 8. **llms.txt audit:** - Verify llms.txt matches actual site structure - All listed URLs are valid - Description is still accurate - Date is updated 9. **Recommendations:** - Top 5 SEO improvements to make this month - Any new pages/content I should create based on site structure gaps - Internal linking improvements to implement Generate the full report with tables and actionable items. ``` --- # ════════════════════════════════════════════════ # C2: MONTHLY SECURITY & DEPENDENCY AUDIT # ════════════════════════════════════════════════ ``` Run a monthly security and dependency audit. 1. **Dependency vulnerabilities:** - Run `npm audit` — report ALL findings (critical, high, moderate, low) - For each critical/high: explain the risk and suggest fix - Auto-fix what's safe to auto-fix - Check for outdated packages that are more than 2 major versions behind 2. **Secret scanning:** - Search the entire codebase (including comments, config files, test files) for: - API keys, tokens, passwords, secrets - Hardcoded URLs with credentials - Private keys or certificates - Anything that looks like `sk_`, `pk_`, `api_`, `secret_`, `password`, `token` - Check git history for recently committed secrets (last 30 days of commits) 3. **Security headers check:** - Verify all security headers are still present and correct: - X-Content-Type-Options - X-Frame-Options - Strict-Transport-Security - Referrer-Policy - Permissions-Policy - Verify no middleware changes accidentally removed headers 4. **Auth & session review:** - Verify rate limiting is still active on auth endpoints - Verify CORS is still restrictive (no wildcard) - Check that session/token expiration is reasonable - Verify no new API endpoints were added without auth where needed 5. **Environment variables:** - Cross-check: every env var used in code should be in .env.example - Cross-check: every var in .env.example should be used somewhere - Flag any env vars that might contain stale/rotated credentials 6. **Third-party services:** - List all external services/APIs the app connects to - Verify each is still active and the integration is healthy - Check for any deprecated API versions being used Report with severity ratings. Fix critical issues immediately, create a plan for the rest. ``` --- # ════════════════════════════════════════════════ # C3: MONTHLY PERFORMANCE DEEP DIVE # ════════════════════════════════════════════════ ``` Run a deep performance audit on this project. 1. **Bundle analysis:** - Analyze the JavaScript bundle composition - List the top 10 largest dependencies by size - Identify any dependencies that could be: - Replaced with a lighter alternative - Dynamically imported instead of included in main bundle - Removed entirely (unused) - Report total bundle size (raw and gzipped) 2. **Image audit:** - List ALL images in the project with their file size and format - Flag images that should be converted to WebP/AVIF - Flag images that are oversized for their display dimensions - Flag images missing lazy loading - Flag images missing width/height attributes - Fix all of these issues 3. **Font audit:** - List all font files loaded - Check total font weight - Verify font-display: swap is set - Verify fonts are preloaded - Suggest subsetting if fonts include unused character sets 4. **Render blocking resources:** - Identify any CSS or JS that blocks rendering - Move non-critical CSS to async loading - Ensure scripts use async or defer - Check for any synchronous third-party scripts 5. **Caching headers:** - Verify static assets have long cache headers (max-age=31536000, immutable) - Verify HTML has appropriate short cache - Verify API responses have correct cache behavior - Flag any static assets without proper cache headers 6. **Third-party script impact:** - List all third-party scripts loaded (analytics, chat, ads, etc.) - Estimate their impact on page load time - Suggest loading strategies (delay until interaction, load after LCP, etc.) - Verify they don't load when user declines cookies (if applicable) 7. **Page-by-page report (top 5 pages):** For homepage and 4 most important pages: - Estimated total page weight - Number of HTTP requests - Largest asset - Potential LCP element and its load time - CLS risk factors (images without dimensions, dynamic content, font loading) Implement all auto-fixable improvements. Give me a prioritized list for manual fixes. ``` --- # ════════════════════════════════════════════════ # C4: MONTHLY EMAIL DELIVERABILITY CHECK # ════════════════════════════════════════════════ ``` Audit the email configuration and deliverability for this project. 1. **DNS records verification:** - Tell me what SPF, DKIM, and DMARC records should be set for my current email provider - Check the email sending code — which service/provider is configured? - Remind me to verify these DNS records are still correct (I'll check manually): - SPF record - DKIM record - DMARC record (and whether I should upgrade from p=none to p=quarantine) - MX records 2. **Email template review:** - List every email template/type in the codebase - For each template verify: - "From" address is professional (not noreply@) - "Reply-To" is set to a monitored address - Subject line is clear and not spammy - HTML version exists - Plain text version exists (or is auto-generated) - Unsubscribe link present (for marketing emails) - Company name and address in footer (CAN-SPAM) - No broken images or hardcoded localhost URLs - All links use production domain (not localhost or staging) 3. **Email code review:** - Verify email sending errors are caught and logged - Verify email sending is async (doesn't block API responses) - Verify rate limiting on any endpoint that triggers emails - Check for potential email loops (e.g., webhook triggers email, email triggers webhook) 4. **Bounce handling:** - Is there bounce/complaint handling implemented? - If not, recommend how to add it for our email provider 5. **Contact form check:** - Verify contact form still works end-to-end - Verify spam protection is still active - Verify confirmation email still sends Report what's healthy and what needs attention. Give me the DNS records I should verify. ``` --- --- # ════════════════════════════════════════════════════════════════ # SECTION D: QUARTERLY / AS-NEEDED MAINTENANCE # ════════════════════════════════════════════════════════════════ --- # ════════════════════════════════════════════════ # D1: QUARTERLY FULL PRODUCTION AUDIT # Run every 3 months — the big one # ════════════════════════════════════════════════ ``` Run a full quarterly production audit. This is comprehensive — check everything. **PART 1 — Code Quality:** - [ ] No console.logs in production code - [ ] No hardcoded secrets - [ ] No dead code or unused imports - [ ] No placeholder text - [ ] All env vars documented - [ ] npm audit clean (no critical/high) - [ ] Build succeeds with zero warnings - [ ] TypeScript strict mode passing (if applicable) - [ ] ESLint passing with zero warnings **PART 2 — SEO (every page):** - [ ] Every public page has unique title (50-60 chars) - [ ] Every public page has unique description (150-160 chars) - [ ] Every public page has canonical URL - [ ] Every public page has OG tags (title, description, image, url) - [ ] Every public page has Twitter Card tags - [ ] Every public page has one h1 with logical heading hierarchy - [ ] robots.txt is correct and accessible - [ ] sitemap.xml is valid and includes all public pages - [ ] JSON-LD schema is present and valid (Organization + WebSite minimum) - [ ] No pages with duplicate titles or descriptions - [ ] AI crawlers (GPTBot, Claude-Web, PerplexityBot) are allowed **PART 3 — Functionality (test every flow):** - [ ] Homepage loads correctly - [ ] All nav links work - [ ] Signup → verify → login → use app → logout works - [ ] Password reset works - [ ] Core feature works end-to-end - [ ] Payment/billing works (if applicable) - [ ] All forms submit and validate correctly - [ ] All emails deliver correctly - [ ] 404 page works - [ ] Error states handled gracefully - [ ] Mobile: entire app works on 375px width **PART 4 — Performance:** - [ ] No images over 500KB without reason - [ ] All images have width/height - [ ] All below-fold images lazy loaded - [ ] Total JS bundle < 300KB gzipped - [ ] No render-blocking resources - [ ] Fonts: max 2 files, font-display: swap - [ ] Cache headers correct on static assets **PART 5 — Security:** - [ ] HTTPS enforced everywhere - [ ] Security headers present (X-Content-Type-Options, X-Frame-Options, HSTS, Referrer-Policy) - [ ] CORS restrictive (no wildcard) - [ ] Auth endpoints rate limited - [ ] No sensitive data in URLs, logs, or error messages - [ ] Dependencies up to date, no known vulnerabilities **PART 6 — Legal & Compliance:** - [ ] Privacy Policy published and up to date - [ ] Terms of Service published and up to date - [ ] Cookie consent working (if serving EU) - [ ] Copyright year in footer is current - [ ] Third-party service list in Privacy Policy is accurate **PART 7 — External Presence:** - [ ] llms.txt up to date with current pages and accurate descriptions - [ ] Social profiles link to correct website URL - [ ] Google Search Console: no manual actions, no critical errors - [ ] Schema validates with Rich Results Test Generate a full report card with ✅ PASS / ❌ FAIL / ⚠️ WARNING for every item. Fix everything you can. List what needs my manual action. ``` --- # ════════════════════════════════════════════════ # D2: BEFORE MAJOR RELEASE / RELAUNCH # Run before any big launch or major update # ════════════════════════════════════════════════ ``` I'm about to push a major update / relaunch. Do a pre-release verification. **What's changing:** [DESCRIBE — e.g., "complete redesign", "new pricing structure", "adding user dashboard", "migrating from pages to app router"] Pre-release checklist: 1. **No regressions:** - Build succeeds with zero errors - All existing pages still load correctly - All existing forms still work - All existing auth flows still work - All existing API endpoints still respond correctly 2. **URL changes:** - List any URLs that changed in this update - Verify 301 redirects exist for every changed URL - Verify all internal links updated - Verify sitemap reflects the new URL structure - Verify no broken links 3. **SEO preservation:** - Verify no pages lost their meta tags during the update - Verify no pages accidentally got noindex - Verify canonical URLs are still correct - Verify schema markup is still present and valid - Verify OG images still work 4. **New content/pages:** - Every new page has full SEO treatment (title, description, canonical, OG, Twitter, schema) - Every new page is in sitemap - Every new page has internal links to and from it 5. **Visual/UX check:** - No broken layouts on mobile - No missing images or broken assets - No unstyled components or layout shifts - Dark mode still works (if applicable) - Loading and error states still work 6. **Performance check:** - Bundle size hasn't grown more than 20% without reason - No new render-blocking resources introduced - No large unoptimized images added - Page load time hasn't regressed 7. **Third-party integrations:** - Analytics still tracking (GA4 events firing) - Error tracking still working (Sentry capturing errors) - Email sending still working - Payment processing still working (if applicable) 8. **Post-deploy actions list (remind me to do):** - Request re-indexing in Google Search Console for changed pages - Clear CDN cache if needed - Monitor error tracking for 24 hours - Check analytics for data continuity - Update llms.txt if site structure changed - Notify users of changes if applicable Run all checks. Give me a GO / NO-GO recommendation with reasoning. ``` --- # ════════════════════════════════════════════════ # D3: DOMAIN / HOSTING MIGRATION # Run when changing domain, hosting, or infrastructure # ════════════════════════════════════════════════ ``` I'm migrating this project: [DESCRIBE — e.g., "moving from Vercel to AWS", "changing domain from old.com to new.com", "adding a CDN", "moving database"] Migration checklist: 1. **Pre-migration snapshot:** - Document current DNS records (all A, AAAA, CNAME, MX, TXT records) - Document current redirects - Document all environment variables and their values - List all third-party services and their configured domains/URLs - Screenshot current Google Search Console status - Note current sitemap URL count and indexing status 2. **DNS migration:** - List all DNS records that need to change - Prepare new records before switching (minimize downtime) - Plan for DNS propagation time (24-48 hours) - Set low TTL (300 seconds) on records 24 hours before migration to speed propagation 3. **If domain is changing:** - Set up 301 redirects from EVERY old URL to its equivalent new URL - This is CRITICAL for preserving SEO — every page must redirect - Update Google Search Console with new domain (Change of Address tool) - Update Bing Webmaster Tools - Update all social profiles with new URL - Update sitemap with new domain - Update canonical URLs to new domain - Update OG tags with new domain - Update schema markup with new domain - Update llms.txt with new domain - Update all hardcoded URLs in the codebase 4. **SSL/HTTPS:** - New SSL certificate provisioned and valid for new domain/host - HTTPS enforced on new infrastructure - No mixed content 5. **Email:** - MX records updated if email is affected - SPF record updated with new sending IP/service - DKIM re-verified on new domain if changed - DMARC record set on new domain - Test email sending after migration 6. **Environment variables:** - All env vars set in new hosting platform - Verify no vars reference old domain/infrastructure - Update any webhook URLs pointing to old domain 7. **Post-migration verification:** - Site loads on new domain/host - All pages return correct status codes - All forms work - All auth flows work - All email sends work - All payments work - Analytics tracking on new domain - Error tracking on new domain - Old domain redirects working - SSL certificate valid Generate the complete migration plan with a step-by-step order of operations. ``` --- # ════════════════════════════════════════════════ # D4: SCALING PREP — WHEN TRAFFIC GROWS # Run when you're getting real traction # ════════════════════════════════════════════════ ``` This project is getting real traffic and needs to scale. Optimize for growth. 1. **Database optimization:** - Find any missing database indexes on frequently queried columns - Find any N+1 query problems - Identify slow queries (any query that could take >100ms) - Add pagination to any endpoint returning unbounded lists - Implement connection pooling if not already done - Consider read replicas if read-heavy 2. **API optimization:** - Add response caching where appropriate (stale-while-revalidate) - Implement API rate limiting per user/IP - Add request validation to reject bad requests early - Compress API responses (gzip) - Paginate all list endpoints 3. **Frontend optimization:** - Implement ISR (Incremental Static Regeneration) or static generation for content pages - Add proper client-side caching strategy - Implement service worker for offline support and caching - Optimize images that aren't already WebP/AVIF - Add resource hints (preconnect, prefetch) for critical resources 4. **Infrastructure:** - Set up auto-scaling if not already configured - Ensure CDN is configured for global delivery - Set up proper health check endpoint for load balancers - Configure proper error pages for overload situations (503 with retry-after) - Set up database backups (automated daily minimum) 5. **Monitoring for scale:** - Add response time monitoring to API endpoints - Add database query time monitoring - Set up alerts for: error rate > 1%, p95 response time > 2s, CPU > 80% - Add queue monitoring if using background jobs 6. **SEO for scale:** - Ensure sitemap handles large page counts (sitemap index if >50,000 URLs) - Ensure robots.txt doesn't slow crawlers with too many rules - Add pagination with proper rel="next"/rel="prev" for large content sets - Consider AMP for content pages (if mobile traffic is primary) Analyze the current codebase and implement what's applicable. Flag what requires infrastructure changes I need to make manually. ``` --- --- # ════════════════════════════════════════════════════════════════ # SECTION E: SPECIFIC SITUATION PROMPTS # (Use when the specific event happens) # ════════════════════════════════════════════════════════════════ --- # ════════════════════════════════════════════════ # E1: GOOGLE SEARCH CONSOLE SHOWS ISSUES # ════════════════════════════════════════════════ ``` Google Search Console is showing the following issues: [PASTE THE SPECIFIC ERRORS/WARNINGS — e.g., "Crawled - currently not indexed", "Discovered - currently not indexed", "Redirect error", "Server error (5xx)", "Page with redirect", "Duplicate without user-selected canonical", "Soft 404"] For each issue: 1. **Diagnose:** Explain what this error means in plain language 2. **Find:** Search the codebase for the affected URLs and identify what's causing the issue 3. **Fix:** Implement the fix 4. **Verify:** Tell me how to verify the fix in Search Console Also check: - Are there any pages that should be indexed but aren't? - Are there any pages being indexed that shouldn't be? - Are there any canonical tag conflicts? - Are there any sitemap issues? Fix everything you can find. List items that need my manual action in Search Console. ``` --- # ════════════════════════════════════════════════ # E2: ADDING A NEW THIRD-PARTY SERVICE # (Analytics, payment, CRM, chat, etc.) # ════════════════════════════════════════════════ ``` I'm integrating a new third-party service: [SERVICE NAME — e.g., "Stripe", "Intercom", "Hotjar", "Mailchimp"] **Purpose:** [What it does in our app] **SDK/script:** [If known, otherwise I'll get this] Set it up properly: 1. **Implementation:** - Install the SDK/package - Configure with environment variables (never hardcode keys) - Add env vars to .env.example with descriptions - Initialize properly (only in production, or with feature flag) 2. **Performance:** - Load the script asynchronously (don't block rendering) - If it's a heavy script (chat widget, analytics), delay loading until after page is interactive - Consider loading only on pages where it's needed (not globally if not necessary) 3. **Privacy & consent:** - Should this script wait for cookie consent? (If it sets cookies or tracks users: YES) - Implement consent check before loading (if applicable) - Add this service to the Privacy Policy's third-party services list 4. **Security:** - API keys in env vars only - If it involves webhooks: verify webhook signatures - If it involves user data: ensure HTTPS and proper data handling - Review what data this service collects/accesses 5. **Monitoring:** - Ensure the service failing doesn't break the app (graceful fallback) - Add error handling around API calls to this service - Log integration errors to Sentry 6. **Documentation:** - Add to README under "Third-party services" section - Document any setup steps for new developers Implement and verify it works. Show me what env vars I need to set. ``` --- # ════════════════════════════════════════════════ # E3: UPDATING PRICING / PLANS # ════════════════════════════════════════════════ ``` I'm updating the pricing/plans: [DESCRIBE CHANGES — e.g., "adding a new Enterprise plan", "raising prices from $29 to $39", "changing feature limits"] Update everything: 1. **Pricing page:** - Update pricing display to reflect new plans/prices - Update comparison table if it exists - Update any hardcoded pricing references elsewhere in the site 2. **Structured data:** - Update Product/Offer schema with new pricing - Update SoftwareApplication schema if applicable 3. **Meta tags:** - Update pricing page meta description if it mentions specific prices - Update OG tags if the preview mentions pricing 4. **Payment processor:** - Remind me to create/update products and prices in Stripe/Paddle/etc. - Check webhook handling for new plan types - Verify upgrade/downgrade logic handles new plans 5. **Content updates:** - Search entire codebase for old prices and update: - Pricing page - Homepage (if pricing is mentioned) - Features page (if pricing tiers are referenced) - Blog posts (flag but don't auto-change — might want to leave historical prices) - Email templates (if any mention pricing) - FAQ page (if pricing questions exist) 6. **llms.txt:** - If pricing is mentioned, update it - Update the "Updated:" date 7. **Existing customers:** - Verify existing subscriptions aren't affected unless intended - If grandfathering, ensure old plans still work Search for every reference to the old pricing and show me what needs to change. Fix what's code-related. List what I need to do manually (payment processor, customer communication). ``` --- # ════════════════════════════════════════════════ # E4: ADDING INTERNATIONALIZATION / NEW MARKET # ════════════════════════════════════════════════ ``` I'm expanding to a new market / adding a new language: [DESCRIBE — e.g., "adding Turkish language", "targeting MENA region", "adding EUR pricing"] Set up: 1. **i18n structure:** - Set up internationalization framework if not already present (next-intl, react-i18next, or framework equivalent) - Create locale directory structure: /locales/en/, /locales/tr/, etc. - Extract all user-facing strings into locale files - Set up locale detection (browser language, URL prefix, or user preference) 2. **URL structure:** - Implement locale prefix in URLs: /en/about, /tr/hakkimizda (or subdomain: en.domain.com, tr.domain.com) - Set up default locale handling (redirect or serve without prefix) 3. **SEO for i18n:** - Add hreflang tags to every page: ```html <link rel="alternate" hreflang="en" href="https://yourdomain.com/en/page"> <link rel="alternate" hreflang="tr" href="https://yourdomain.com/tr/page"> <link rel="alternate" hreflang="x-default" href="https://yourdomain.com/page"> ``` - Create separate or annotated sitemap with hreflang entries - Unique meta titles and descriptions per language (translated, not duplicated) - Canonical URLs per language version 4. **Content:** - Set up translation workflow (where will translations come from?) - Format dates, numbers, and currencies for each locale - Handle RTL layout if adding Arabic/Hebrew 5. **Schema:** - Update Organization schema if adding new addresses/locations - Ensure schema content matches the page language 6. **llms.txt:** - Consider creating llms.txt per language or listing multilingual pages Set up the technical infrastructure. Create the first locale file with all extractable strings. Flag content that needs human translation. ``` --- --- # ════════════════════════════════════════════════════════════════ # 📋 MAINTENANCE SCHEDULE SUMMARY # ════════════════════════════════════════════════════════════════ ## Every Feature/Change: - A1: New Page Added - A2: Page Removed / URL Changed - A3: New Blog Post Published - A4: New Feature Shipped - A5: Dependency Update ## Weekly (15-20 min): - B1: Health Check (broken links, sitemap, meta tags, security) - B2: Content & SEO Review (headings, images, internal links) ## Monthly (1-2 hours): - C1: Full SEO Audit (crawl, schema, sitemap, meta tags) - C2: Security & Dependency Audit (npm audit, secrets, headers) - C3: Performance Deep Dive (bundles, images, fonts, caching) - C4: Email Deliverability Check (DNS, templates, forms) ## Quarterly (2-3 hours): - D1: Full Production Audit (everything, soup to nuts) ## As-Needed: - D2: Before Major Release - D3: Domain/Hosting Migration - D4: Scaling Prep - E1: Google Search Console Issues - E2: New Third-Party Service - E3: Pricing Update - E4: Internationalization ## Pro Tips: - Keep these prompts in a `/prompts` folder in your project - Create a GitHub Action to remind you of weekly/monthly maintenance - After each prompt, commit the changes with a descriptive message - The weekly prompts (B1+B2) catch 90% of issues before they become problems - The monthly SEO audit (C1) is where you find the real growth opportunities - Run D1 before any investor demo or big launch --- © 2026 Replace Works OÜ

# 🔄 CURSOR MAINTENANCE & UPDATE PROMPTS ## Run These As You Build, Ship Features, and Grow ### Copy-paste into Cursor Agent mode whenever you make changes --- --- # ════════════════════════════════════════════════════════════════ # SECTION A: AFTER EVERY FEATURE / PAGE / CONTENT CHANGE # (Run the relevant prompt every time you ship something new) # ════════════════════════════════════════════════════════════════ --- # ════════════════════════════════════════════════ # A1: NEW PAGE ADDED # Run every time you create a new route/page # ════════════════════════════════════════════════ ``` I just added a new page/route to the project: [DESCRIBE THE PAGE — e.g., "/blog/my-first-post", "/features/ai-scanning", "/changelog"] Do the following for this new page: 1. **SEO Meta Tags:** - Add unique `` — 50-60 chars, keyword-first, format: "Page Title — Brand" - Add unique `<meta name="description">` — 150-160 chars, compelling with CTA - Add `<link rel="canonical">` with the full absolute URL - Add Open Graph tags: og:title, og:description, og:image, og:url, og:type - Add Twitter Card tags: twitter:card, twitter:title, twitter:description, twitter:image - Set robots to `index, follow` if public, `noindex, nofollow` if private 2. **Sitemap:** - Add this URL to the sitemap - Set appropriate priority (1.0 homepage, 0.8 key pages, 0.6 standard, 0.4 blog posts) - Set changefreq based on how often this content will change - If sitemap is dynamic/auto-generated, verify the new page appears 3. **llms.txt:** - If this is a significant public page (not a blog post), add it to llms.txt with a description - Update the "Updated:" date in llms.txt 4. **Internal linking:** - Add a link TO this new page from at least 1-2 relevant existing pages - Add links FROM this new page to 2-3 related existing pages - If there's a navigation menu or footer that should include this page, add it 5. **Schema markup (if applicable):** - Blog post → add Article/BlogPosting JSON-LD - FAQ page → add FAQPage JSON-LD - Product/feature page → add Product or SoftwareApplication JSON-LD - Validate with Rich Results Test 6. **Breadcrumbs:** - Ensure breadcrumb navigation includes this page - Ensure BreadcrumbList schema is updated if manually managed 7. **Heading structure:** - Verify page has exactly one `<h1>` with primary keyword - Verify heading hierarchy is logical (h1 → h2 → h3, no skips) Show me what you added. Flag if any existing pages should link to this new page that don't yet. ``` --- # ════════════════════════════════════════════════ # A2: PAGE REMOVED OR URL CHANGED # Run every time you delete a page or change a URL # ════════════════════════════════════════════════ ``` I'm making the following URL change: [DESCRIBE — e.g., "removing /old-page", "changing /features to /product", "renaming /blog/old-title to /blog/new-title"] Handle everything: 1. **301 Redirect:** - Add a permanent 301 redirect from the old URL to the new URL (or to the most relevant existing page if removing) - Implement in the framework's redirect config (next.config.js redirects, _redirects file, middleware, or server config) - If this is a complete removal with no replacement, redirect to the closest relevant page (parent section or homepage) 2. **Sitemap:** - Remove the old URL from the sitemap - Add the new URL if it's a rename/move - Update `<lastmod>` date - Verify no broken URLs in sitemap 3. **Internal links:** - Search the ENTIRE codebase for any links to the old URL - Update all internal links to point to the new URL - Check navigation menus, footers, breadcrumbs, in-content links - Search for both the full URL and the path (e.g., both "https://domain.com/old-page" and "/old-page") 4. **llms.txt:** - Remove the old URL from llms.txt - Add the new URL if it's a rename - Update the "Updated:" date 5. **Schema/JSON-LD:** - Update any schema markup that references the old URL - Check canonical URLs 6. **robots.txt:** - If the new URL should be blocked, add it to Disallow - If the old blocked URL is removed, clean up Disallow rules 7. **External references:** - List any external places I might need to manually update (Google Search Console, social profiles, directory listings, link in bio, email signatures) - The 301 redirect handles SEO, but I should update direct references where possible Search the entire codebase for references to the old URL. Show me everywhere it appeared and what you changed. ``` --- # ════════════════════════════════════════════════ # A3: NEW BLOG POST / CONTENT PUBLISHED # Run every time you publish content # ════════════════════════════════════════════════ ``` I just published new content: [TITLE / URL — e.g., "/blog/how-to-process-documents-with-ai"] **Topic:** [Brief topic description] **Target keyword:** [Primary keyword you're targeting] Set up everything for this content: 1. **Meta tags for this post:** - Title: keyword-first, under 60 chars, format: "Post Title — Brand" - Description: 150-160 chars, includes keyword, compelling enough to click - Canonical URL - OG tags with post-specific og:type="article" - Twitter Card tags - OG image — if there's a post-specific image, use it; otherwise use default 2. **Article schema (JSON-LD):** ```json { "@context": "https://schema.org", "@type": "Article", "headline": "Post Title", "description": "Post description", "author": { "@type": "Person", "name": "Author Name" }, "publisher": { "@type": "Organization", "name": "Brand", "logo": { "@type": "ImageObject", "url": "logo.png" } }, "datePublished": "ISO_DATE", "dateModified": "ISO_DATE", "image": "post-image-url", "mainEntityOfPage": { "@type": "WebPage", "@id": "canonical-url" } } ``` 3. **Sitemap:** - Verify post is in sitemap with correct URL and today's date as lastmod - Priority: 0.6 for blog posts 4. **Internal linking:** - Add links FROM this post to 2-3 related existing pages/posts - Find 1-2 existing pages/posts where a link TO this new post would be natural, and add them - If there's a blog index/listing page, verify this post appears 5. **Content SEO check:** - Primary keyword appears in: h1, first 100 words, at least one h2, URL slug, meta description, image alt text - Heading hierarchy is clean (one h1, logical h2→h3) - Post has at least 300+ words - Images have descriptive alt text - If there are any numbers, stats, or definitions — these are great for AI citation, make sure they're in clear, standalone sentences 6. **Social sharing:** - Verify OG preview looks good (paste URL in metatags.io) - If post has sharing buttons, verify they work Implement all of this for the new content piece. ``` --- # ════════════════════════════════════════════════ # A4: NEW FEATURE SHIPPED # Run when you add a significant new feature to the product # ════════════════════════════════════════════════ ``` I just shipped a new feature: [DESCRIBE THE FEATURE] **Feature page/section:** [URL if it has a dedicated page, or "integrated into existing pages"] Update everything: 1. **If new page was created:** Run the "New Page Added" checklist (Prompt A1) for it. 2. **Features page update:** - Add the new feature to the features page/section - Write a clear, benefit-focused description - Add to any feature comparison tables 3. **Homepage update (if significant):** - Consider adding to the homepage feature highlights - Update the homepage meta description if this feature changes your core value prop 4. **Schema update:** - If you have SoftwareApplication schema, update features/capabilities - If this feature adds a new content type (e.g., user reviews, events), add appropriate schema 5. **llms.txt update:** - Add feature to the description or key pages if it has its own URL - Update the "Updated:" date 6. **Changelog/What's New:** - Add entry to changelog page (if it exists) - If no changelog exists, consider creating one at /changelog 7. **Documentation:** - Add or update docs for this feature - Ensure docs page is in sitemap 8. **Announcement content:** - Draft a short blog post or social media announcement about the feature - This creates a new indexable page and gives you a fresh backlink opportunity Tell me what you updated. Suggest any marketing/content opportunities I should consider for this feature launch. ``` --- # ════════════════════════════════════════════════ # A5: DEPENDENCY / PACKAGE UPDATE # Run when you update packages or change tech # ════════════════════════════════════════════════ ``` I'm updating dependencies in this project. Do the following: 1. **Security check:** - Run `npm audit` and report findings - Fix any critical or high severity vulnerabilities - For vulnerabilities that can't be auto-fixed, tell me the risk and mitigation options 2. **Breaking changes:** - Check if any updated packages have breaking changes - Look at major version bumps specifically - Verify the build still succeeds after updates - Check for deprecation warnings in the build output 3. **Unused dependencies:** - Scan for packages in package.json that are not imported anywhere - Remove them - Check for duplicate packages (e.g., both `axios` and `node-fetch` when only one is used) 4. **Lock file:** - Ensure package-lock.json (or yarn.lock) is updated - Only one lock file exists (not both) 5. **Environment compatibility:** - Verify .nvmrc or .node-version matches the Node version in production - Check that no new env vars are required by updated packages 6. **Performance impact:** - If any large packages were updated, check bundle size impact - Flag if total bundle size increased significantly Report what was updated, what was removed, and any issues found. ``` --- --- # ════════════════════════════════════════════════════════════════ # SECTION B: WEEKLY MAINTENANCE # (Run once a week — takes 15-20 min total) # ════════════════════════════════════════════════════════════════ --- # ════════════════════════════════════════════════ # B1: WEEKLY HEALTH CHECK # Run every Monday (or your preferred day) # ════════════════════════════════════════════════ ``` Run a weekly health check on this project. 1. **Broken links scan:** - Scan every internal link in the codebase - Find any links pointing to URLs that don't exist (404s) - Find any links pointing to redirected URLs (should be updated to final destination) - Check external links in content for any that might be dead - Report all broken/redirected links with their location in the code 2. **Sitemap validation:** - Verify sitemap.xml is accessible and valid XML - Cross-check: every public page/route should be in the sitemap - Cross-check: every URL in sitemap should return 200 (not 404 or redirect) - Check that lastmod dates are accurate (recently updated pages should have recent dates) 3. **Meta tags spot check:** - Pick 5 random public pages - Verify each has: title, description, canonical, OG tags, Twitter tags - Flag any pages with missing, duplicate, or default/template meta tags - Check for any pages with "undefined" or "null" in their meta tags 4. **Console error check:** - Look for any obvious runtime errors that might appear in production - Check for missing environment variable references - Check for deprecated API usage warnings 5. **Security quick scan:** - Run `npm audit` — report any new vulnerabilities since last check - Check that no new .env or secret files were accidentally committed 6. **Performance check:** - Check if any new large assets were added (images over 500KB, large JS bundles) - Verify lazy loading is still applied to below-fold images - Flag any new render-blocking resources Give me a report card: ✅ or ❌ for each category, with specific items to fix. ``` --- # ════════════════════════════════════════════════ # B2: WEEKLY CONTENT & SEO REVIEW # Run alongside B1 or on a separate day # ════════════════════════════════════════════════ ``` Review the content and SEO status of this project. 1. **New content check:** - List all pages/routes that were added or modified this week - For each: verify meta tags, schema, sitemap inclusion, internal links - Flag any new pages that are missing SEO essentials 2. **Heading audit:** - Scan all public pages - Flag any page with zero h1 tags or multiple h1 tags - Flag any page with broken heading hierarchy (h1 → h3 skipping h2) 3. **Image audit:** - Find any images without alt attributes - Find any images without width/height attributes (CLS risk) - Find any images over 500KB that aren't optimized - Find any images still in PNG/JPEG that could be WebP 4. **Duplicate content check:** - Find any pages with identical or very similar title tags - Find any pages with identical or very similar meta descriptions - Find any pages without canonical tags 5. **Internal linking opportunities:** - Find pages with zero internal links pointing to them (orphan pages) - Find pages with very little outgoing internal links (could link to related content) - Suggest 3-5 internal linking improvements Report findings and fix what you can automatically. List items that need my manual decision. ``` --- --- # ════════════════════════════════════════════════════════════════ # SECTION C: MONTHLY MAINTENANCE # (Run once a month — deeper audit) # ════════════════════════════════════════════════════════════════ --- # ════════════════════════════════════════════════ # C1: MONTHLY FULL SEO AUDIT # Run on the 1st of every month # ════════════════════════════════════════════════ ``` Run a comprehensive monthly SEO audit on this project. **Domain:** [https://yourdomain.com] 1. **Crawl the entire site structure:** - Map out every public route/page in the project - For each page create a table: | Page | URL | Title | Title Length | Description | Desc Length | Canonical | H1 | H1 Count | OG Image | Schema Type | - Flag issues: missing fields, titles too long/short, descriptions too long/short, missing OG images, missing schema 2. **Sitemap audit:** - Every public page should be in sitemap — list any missing - Every sitemap URL should return 200 — list any that don't - No duplicate URLs in sitemap - lastmod dates should reflect actual last modification 3. **robots.txt audit:** - Verify all private routes are blocked - Verify all public routes are allowed - Verify AI crawlers are still allowed - No conflicts between robots.txt and meta robots tags 4. **Schema audit:** - List every page with JSON-LD and what type - Identify pages that SHOULD have schema but don't: - Blog posts without Article schema - FAQ content without FAQPage schema - Product/pricing without Product/Offer schema - Verify all schema would pass Google Rich Results Test (valid structure, no missing required fields) 5. **Internal link audit:** - Pages with fewest incoming internal links (orphans or near-orphans) - Pages with broken outgoing links - Anchor text analysis: flag any "click here" or "read more" generic anchor text 6. **Redirect audit:** - List all redirects in the project - Verify no redirect chains (A→B→C) - Verify no redirect loops - Verify redirected-from URLs are not still in sitemap or internal links 7. **Performance snapshot:** - List page sizes for top 10 most important pages - Flag any page over 2MB total weight - Flag any individual asset over 500KB - Check total JS bundle size 8. **llms.txt audit:** - Verify llms.txt matches actual site structure - All listed URLs are valid - Description is still accurate - Date is updated 9. **Recommendations:** - Top 5 SEO improvements to make this month - Any new pages/content I should create based on site structure gaps - Internal linking improvements to implement Generate the full report with tables and actionable items. ``` --- # ════════════════════════════════════════════════ # C2: MONTHLY SECURITY & DEPENDENCY AUDIT # ════════════════════════════════════════════════ ``` Run a monthly security and dependency audit. 1. **Dependency vulnerabilities:** - Run `npm audit` — report ALL findings (critical, high, moderate, low) - For each critical/high: explain the risk and suggest fix - Auto-fix what's safe to auto-fix - Check for outdated packages that are more than 2 major versions behind 2. **Secret scanning:** - Search the entire codebase (including comments, config files, test files) for: - API keys, tokens, passwords, secrets - Hardcoded URLs with credentials - Private keys or certificates - Anything that looks like `sk_`, `pk_`, `api_`, `secret_`, `password`, `token` - Check git history for recently committed secrets (last 30 days of commits) 3. **Security headers check:** - Verify all security headers are still present and correct: - X-Content-Type-Options - X-Frame-Options - Strict-Transport-Security - Referrer-Policy - Permissions-Policy - Verify no middleware changes accidentally removed headers 4. **Auth & session review:** - Verify rate limiting is still active on auth endpoints - Verify CORS is still restrictive (no wildcard) - Check that session/token expiration is reasonable - Verify no new API endpoints were added without auth where needed 5. **Environment variables:** - Cross-check: every env var used in code should be in .env.example - Cross-check: every var in .env.example should be used somewhere - Flag any env vars that might contain stale/rotated credentials 6. **Third-party services:** - List all external services/APIs the app connects to - Verify each is still active and the integration is healthy - Check for any deprecated API versions being used Report with severity ratings. Fix critical issues immediately, create a plan for the rest. ``` --- # ════════════════════════════════════════════════ # C3: MONTHLY PERFORMANCE DEEP DIVE # ════════════════════════════════════════════════ ``` Run a deep performance audit on this project. 1. **Bundle analysis:** - Analyze the JavaScript bundle composition - List the top 10 largest dependencies by size - Identify any dependencies that could be: - Replaced with a lighter alternative - Dynamically imported instead of included in main bundle - Removed entirely (unused) - Report total bundle size (raw and gzipped) 2. **Image audit:** - List ALL images in the project with their file size and format - Flag images that should be converted to WebP/AVIF - Flag images that are oversized for their display dimensions - Flag images missing lazy loading - Flag images missing width/height attributes - Fix all of these issues 3. **Font audit:** - List all font files loaded - Check total font weight - Verify font-display: swap is set - Verify fonts are preloaded - Suggest subsetting if fonts include unused character sets 4. **Render blocking resources:** - Identify any CSS or JS that blocks rendering - Move non-critical CSS to async loading - Ensure scripts use async or defer - Check for any synchronous third-party scripts 5. **Caching headers:** - Verify static assets have long cache headers (max-age=31536000, immutable) - Verify HTML has appropriate short cache - Verify API responses have correct cache behavior - Flag any static assets without proper cache headers 6. **Third-party script impact:** - List all third-party scripts loaded (analytics, chat, ads, etc.) - Estimate their impact on page load time - Suggest loading strategies (delay until interaction, load after LCP, etc.) - Verify they don't load when user declines cookies (if applicable) 7. **Page-by-page report (top 5 pages):** For homepage and 4 most important pages: - Estimated total page weight - Number of HTTP requests - Largest asset - Potential LCP element and its load time - CLS risk factors (images without dimensions, dynamic content, font loading) Implement all auto-fixable improvements. Give me a prioritized list for manual fixes. ``` --- # ════════════════════════════════════════════════ # C4: MONTHLY EMAIL DELIVERABILITY CHECK # ════════════════════════════════════════════════ ``` Audit the email configuration and deliverability for this project. 1. **DNS records verification:** - Tell me what SPF, DKIM, and DMARC records should be set for my current email provider - Check the email sending code — which service/provider is configured? - Remind me to verify these DNS records are still correct (I'll check manually): - SPF record - DKIM record - DMARC record (and whether I should upgrade from p=none to p=quarantine) - MX records 2. **Email template review:** - List every email template/type in the codebase - For each template verify: - "From" address is professional (not noreply@) - "Reply-To" is set to a monitored address - Subject line is clear and not spammy - HTML version exists - Plain text version exists (or is auto-generated) - Unsubscribe link present (for marketing emails) - Company name and address in footer (CAN-SPAM) - No broken images or hardcoded localhost URLs - All links use production domain (not localhost or staging) 3. **Email code review:** - Verify email sending errors are caught and logged - Verify email sending is async (doesn't block API responses) - Verify rate limiting on any endpoint that triggers emails - Check for potential email loops (e.g., webhook triggers email, email triggers webhook) 4. **Bounce handling:** - Is there bounce/complaint handling implemented? - If not, recommend how to add it for our email provider 5. **Contact form check:** - Verify contact form still works end-to-end - Verify spam protection is still active - Verify confirmation email still sends Report what's healthy and what needs attention. Give me the DNS records I should verify. ``` --- --- # ════════════════════════════════════════════════════════════════ # SECTION D: QUARTERLY / AS-NEEDED MAINTENANCE # ════════════════════════════════════════════════════════════════ --- # ════════════════════════════════════════════════ # D1: QUARTERLY FULL PRODUCTION AUDIT # Run every 3 months — the big one # ════════════════════════════════════════════════ ``` Run a full quarterly production audit. This is comprehensive — check everything. **PART 1 — Code Quality:** - [ ] No console.logs in production code - [ ] No hardcoded secrets - [ ] No dead code or unused imports - [ ] No placeholder text - [ ] All env vars documented - [ ] npm audit clean (no critical/high) - [ ] Build succeeds with zero warnings - [ ] TypeScript strict mode passing (if applicable) - [ ] ESLint passing with zero warnings **PART 2 — SEO (every page):** - [ ] Every public page has unique title (50-60 chars) - [ ] Every public page has unique description (150-160 chars) - [ ] Every public page has canonical URL - [ ] Every public page has OG tags (title, description, image, url) - [ ] Every public page has Twitter Card tags - [ ] Every public page has one h1 with logical heading hierarchy - [ ] robots.txt is correct and accessible - [ ] sitemap.xml is valid and includes all public pages - [ ] JSON-LD schema is present and valid (Organization + WebSite minimum) - [ ] No pages with duplicate titles or descriptions - [ ] AI crawlers (GPTBot, Claude-Web, PerplexityBot) are allowed **PART 3 — Functionality (test every flow):** - [ ] Homepage loads correctly - [ ] All nav links work - [ ] Signup → verify → login → use app → logout works - [ ] Password reset works - [ ] Core feature works end-to-end - [ ] Payment/billing works (if applicable) - [ ] All forms submit and validate correctly - [ ] All emails deliver correctly - [ ] 404 page works - [ ] Error states handled gracefully - [ ] Mobile: entire app works on 375px width **PART 4 — Performance:** - [ ] No images over 500KB without reason - [ ] All images have width/height - [ ] All below-fold images lazy loaded - [ ] Total JS bundle < 300KB gzipped - [ ] No render-blocking resources - [ ] Fonts: max 2 files, font-display: swap - [ ] Cache headers correct on static assets **PART 5 — Security:** - [ ] HTTPS enforced everywhere - [ ] Security headers present (X-Content-Type-Options, X-Frame-Options, HSTS, Referrer-Policy) - [ ] CORS restrictive (no wildcard) - [ ] Auth endpoints rate limited - [ ] No sensitive data in URLs, logs, or error messages - [ ] Dependencies up to date, no known vulnerabilities **PART 6 — Legal & Compliance:** - [ ] Privacy Policy published and up to date - [ ] Terms of Service published and up to date - [ ] Cookie consent working (if serving EU) - [ ] Copyright year in footer is current - [ ] Third-party service list in Privacy Policy is accurate **PART 7 — External Presence:** - [ ] llms.txt up to date with current pages and accurate descriptions - [ ] Social profiles link to correct website URL - [ ] Google Search Console: no manual actions, no critical errors - [ ] Schema validates with Rich Results Test Generate a full report card with ✅ PASS / ❌ FAIL / ⚠️ WARNING for every item. Fix everything you can. List what needs my manual action. ``` --- # ════════════════════════════════════════════════ # D2: BEFORE MAJOR RELEASE / RELAUNCH # Run before any big launch or major update # ════════════════════════════════════════════════ ``` I'm about to push a major update / relaunch. Do a pre-release verification. **What's changing:** [DESCRIBE — e.g., "complete redesign", "new pricing structure", "adding user dashboard", "migrating from pages to app router"] Pre-release checklist: 1. **No regressions:** - Build succeeds with zero errors - All existing pages still load correctly - All existing forms still work - All existing auth flows still work - All existing API endpoints still respond correctly 2. **URL changes:** - List any URLs that changed in this update - Verify 301 redirects exist for every changed URL - Verify all internal links updated - Verify sitemap reflects the new URL structure - Verify no broken links 3. **SEO preservation:** - Verify no pages lost their meta tags during the update - Verify no pages accidentally got noindex - Verify canonical URLs are still correct - Verify schema markup is still present and valid - Verify OG images still work 4. **New content/pages:** - Every new page has full SEO treatment (title, description, canonical, OG, Twitter, schema) - Every new page is in sitemap - Every new page has internal links to and from it 5. **Visual/UX check:** - No broken layouts on mobile - No missing images or broken assets - No unstyled components or layout shifts - Dark mode still works (if applicable) - Loading and error states still work 6. **Performance check:** - Bundle size hasn't grown more than 20% without reason - No new render-blocking resources introduced - No large unoptimized images added - Page load time hasn't regressed 7. **Third-party integrations:** - Analytics still tracking (GA4 events firing) - Error tracking still working (Sentry capturing errors) - Email sending still working - Payment processing still working (if applicable) 8. **Post-deploy actions list (remind me to do):** - Request re-indexing in Google Search Console for changed pages - Clear CDN cache if needed - Monitor error tracking for 24 hours - Check analytics for data continuity - Update llms.txt if site structure changed - Notify users of changes if applicable Run all checks. Give me a GO / NO-GO recommendation with reasoning. ``` --- # ════════════════════════════════════════════════ # D3: DOMAIN / HOSTING MIGRATION # Run when changing domain, hosting, or infrastructure # ════════════════════════════════════════════════ ``` I'm migrating this project: [DESCRIBE — e.g., "moving from Vercel to AWS", "changing domain from old.com to new.com", "adding a CDN", "moving database"] Migration checklist: 1. **Pre-migration snapshot:** - Document current DNS records (all A, AAAA, CNAME, MX, TXT records) - Document current redirects - Document all environment variables and their values - List all third-party services and their configured domains/URLs - Screenshot current Google Search Console status - Note current sitemap URL count and indexing status 2. **DNS migration:** - List all DNS records that need to change - Prepare new records before switching (minimize downtime) - Plan for DNS propagation time (24-48 hours) - Set low TTL (300 seconds) on records 24 hours before migration to speed propagation 3. **If domain is changing:** - Set up 301 redirects from EVERY old URL to its equivalent new URL - This is CRITICAL for preserving SEO — every page must redirect - Update Google Search Console with new domain (Change of Address tool) - Update Bing Webmaster Tools - Update all social profiles with new URL - Update sitemap with new domain - Update canonical URLs to new domain - Update OG tags with new domain - Update schema markup with new domain - Update llms.txt with new domain - Update all hardcoded URLs in the codebase 4. **SSL/HTTPS:** - New SSL certificate provisioned and valid for new domain/host - HTTPS enforced on new infrastructure - No mixed content 5. **Email:** - MX records updated if email is affected - SPF record updated with new sending IP/service - DKIM re-verified on new domain if changed - DMARC record set on new domain - Test email sending after migration 6. **Environment variables:** - All env vars set in new hosting platform - Verify no vars reference old domain/infrastructure - Update any webhook URLs pointing to old domain 7. **Post-migration verification:** - Site loads on new domain/host - All pages return correct status codes - All forms work - All auth flows work - All email sends work - All payments work - Analytics tracking on new domain - Error tracking on new domain - Old domain redirects working - SSL certificate valid Generate the complete migration plan with a step-by-step order of operations. ``` --- # ════════════════════════════════════════════════ # D4: SCALING PREP — WHEN TRAFFIC GROWS # Run when you're getting real traction # ════════════════════════════════════════════════ ``` This project is getting real traffic and needs to scale. Optimize for growth. 1. **Database optimization:** - Find any missing database indexes on frequently queried columns - Find any N+1 query problems - Identify slow queries (any query that could take >100ms) - Add pagination to any endpoint returning unbounded lists - Implement connection pooling if not already done - Consider read replicas if read-heavy 2. **API optimization:** - Add response caching where appropriate (stale-while-revalidate) - Implement API rate limiting per user/IP - Add request validation to reject bad requests early - Compress API responses (gzip) - Paginate all list endpoints 3. **Frontend optimization:** - Implement ISR (Incremental Static Regeneration) or static generation for content pages - Add proper client-side caching strategy - Implement service worker for offline support and caching - Optimize images that aren't already WebP/AVIF - Add resource hints (preconnect, prefetch) for critical resources 4. **Infrastructure:** - Set up auto-scaling if not already configured - Ensure CDN is configured for global delivery - Set up proper health check endpoint for load balancers - Configure proper error pages for overload situations (503 with retry-after) - Set up database backups (automated daily minimum) 5. **Monitoring for scale:** - Add response time monitoring to API endpoints - Add database query time monitoring - Set up alerts for: error rate > 1%, p95 response time > 2s, CPU > 80% - Add queue monitoring if using background jobs 6. **SEO for scale:** - Ensure sitemap handles large page counts (sitemap index if >50,000 URLs) - Ensure robots.txt doesn't slow crawlers with too many rules - Add pagination with proper rel="next"/rel="prev" for large content sets - Consider AMP for content pages (if mobile traffic is primary) Analyze the current codebase and implement what's applicable. Flag what requires infrastructure changes I need to make manually. ``` --- --- # ════════════════════════════════════════════════════════════════ # SECTION E: SPECIFIC SITUATION PROMPTS # (Use when the specific event happens) # ════════════════════════════════════════════════════════════════ --- # ════════════════════════════════════════════════ # E1: GOOGLE SEARCH CONSOLE SHOWS ISSUES # ════════════════════════════════════════════════ ``` Google Search Console is showing the following issues: [PASTE THE SPECIFIC ERRORS/WARNINGS — e.g., "Crawled - currently not indexed", "Discovered - currently not indexed", "Redirect error", "Server error (5xx)", "Page with redirect", "Duplicate without user-selected canonical", "Soft 404"] For each issue: 1. **Diagnose:** Explain what this error means in plain language 2. **Find:** Search the codebase for the affected URLs and identify what's causing the issue 3. **Fix:** Implement the fix 4. **Verify:** Tell me how to verify the fix in Search Console Also check: - Are there any pages that should be indexed but aren't? - Are there any pages being indexed that shouldn't be? - Are there any canonical tag conflicts? - Are there any sitemap issues? Fix everything you can find. List items that need my manual action in Search Console. ``` --- # ════════════════════════════════════════════════ # E2: ADDING A NEW THIRD-PARTY SERVICE # (Analytics, payment, CRM, chat, etc.) # ════════════════════════════════════════════════ ``` I'm integrating a new third-party service: [SERVICE NAME — e.g., "Stripe", "Intercom", "Hotjar", "Mailchimp"] **Purpose:** [What it does in our app] **SDK/script:** [If known, otherwise I'll get this] Set it up properly: 1. **Implementation:** - Install the SDK/package - Configure with environment variables (never hardcode keys) - Add env vars to .env.example with descriptions - Initialize properly (only in production, or with feature flag) 2. **Performance:** - Load the script asynchronously (don't block rendering) - If it's a heavy script (chat widget, analytics), delay loading until after page is interactive - Consider loading only on pages where it's needed (not globally if not necessary) 3. **Privacy & consent:** - Should this script wait for cookie consent? (If it sets cookies or tracks users: YES) - Implement consent check before loading (if applicable) - Add this service to the Privacy Policy's third-party services list 4. **Security:** - API keys in env vars only - If it involves webhooks: verify webhook signatures - If it involves user data: ensure HTTPS and proper data handling - Review what data this service collects/accesses 5. **Monitoring:** - Ensure the service failing doesn't break the app (graceful fallback) - Add error handling around API calls to this service - Log integration errors to Sentry 6. **Documentation:** - Add to README under "Third-party services" section - Document any setup steps for new developers Implement and verify it works. Show me what env vars I need to set. ``` --- # ════════════════════════════════════════════════ # E3: UPDATING PRICING / PLANS # ════════════════════════════════════════════════ ``` I'm updating the pricing/plans: [DESCRIBE CHANGES — e.g., "adding a new Enterprise plan", "raising prices from $29 to $39", "changing feature limits"] Update everything: 1. **Pricing page:** - Update pricing display to reflect new plans/prices - Update comparison table if it exists - Update any hardcoded pricing references elsewhere in the site 2. **Structured data:** - Update Product/Offer schema with new pricing - Update SoftwareApplication schema if applicable 3. **Meta tags:** - Update pricing page meta description if it mentions specific prices - Update OG tags if the preview mentions pricing 4. **Payment processor:** - Remind me to create/update products and prices in Stripe/Paddle/etc. - Check webhook handling for new plan types - Verify upgrade/downgrade logic handles new plans 5. **Content updates:** - Search entire codebase for old prices and update: - Pricing page - Homepage (if pricing is mentioned) - Features page (if pricing tiers are referenced) - Blog posts (flag but don't auto-change — might want to leave historical prices) - Email templates (if any mention pricing) - FAQ page (if pricing questions exist) 6. **llms.txt:** - If pricing is mentioned, update it - Update the "Updated:" date 7. **Existing customers:** - Verify existing subscriptions aren't affected unless intended - If grandfathering, ensure old plans still work Search for every reference to the old pricing and show me what needs to change. Fix what's code-related. List what I need to do manually (payment processor, customer communication). ``` --- # ════════════════════════════════════════════════ # E4: ADDING INTERNATIONALIZATION / NEW MARKET # ════════════════════════════════════════════════ ``` I'm expanding to a new market / adding a new language: [DESCRIBE — e.g., "adding Turkish language", "targeting MENA region", "adding EUR pricing"] Set up: 1. **i18n structure:** - Set up internationalization framework if not already present (next-intl, react-i18next, or framework equivalent) - Create locale directory structure: /locales/en/, /locales/tr/, etc. - Extract all user-facing strings into locale files - Set up locale detection (browser language, URL prefix, or user preference) 2. **URL structure:** - Implement locale prefix in URLs: /en/about, /tr/hakkimizda (or subdomain: en.domain.com, tr.domain.com) - Set up default locale handling (redirect or serve without prefix) 3. **SEO for i18n:** - Add hreflang tags to every page: ```html <link rel="alternate" hreflang="en" href="https://yourdomain.com/en/page"> <link rel="alternate" hreflang="tr" href="https://yourdomain.com/tr/page"> <link rel="alternate" hreflang="x-default" href="https://yourdomain.com/page"> ``` - Create separate or annotated sitemap with hreflang entries - Unique meta titles and descriptions per language (translated, not duplicated) - Canonical URLs per language version 4. **Content:** - Set up translation workflow (where will translations come from?) - Format dates, numbers, and currencies for each locale - Handle RTL layout if adding Arabic/Hebrew 5. **Schema:** - Update Organization schema if adding new addresses/locations - Ensure schema content matches the page language 6. **llms.txt:** - Consider creating llms.txt per language or listing multilingual pages Set up the technical infrastructure. Create the first locale file with all extractable strings. Flag content that needs human translation. ``` --- --- # ════════════════════════════════════════════════════════════════ # 📋 MAINTENANCE SCHEDULE SUMMARY # ════════════════════════════════════════════════════════════════ ## Every Feature/Change: - A1: New Page Added - A2: Page Removed / URL Changed - A3: New Blog Post Published - A4: New Feature Shipped - A5: Dependency Update ## Weekly (15-20 min): - B1: Health Check (broken links, sitemap, meta tags, security) - B2: Content & SEO Review (headings, images, internal links) ## Monthly (1-2 hours): - C1: Full SEO Audit (crawl, schema, sitemap, meta tags) - C2: Security & Dependency Audit (npm audit, secrets, headers) - C3: Performance Deep Dive (bundles, images, fonts, caching) - C4: Email Deliverability Check (DNS, templates, forms) ## Quarterly (2-3 hours): - D1: Full Production Audit (everything, soup to nuts) ## As-Needed: - D2: Before Major Release - D3: Domain/Hosting Migration - D4: Scaling Prep - E1: Google Search Console Issues - E2: New Third-Party Service - E3: Pricing Update - E4: Internationalization ## Pro Tips: - Keep these prompts in a `/prompts` folder in your project - Create a GitHub Action to remind you of weekly/monthly maintenance - After each prompt, commit the changes with a descriptive message - The weekly prompts (B1+B2) catch 90% of issues before they become problems - The monthly SEO audit (C1) is where you find the real growth opportunities - Run D1 before any investor demo or big launch --- © 2026 Replace Works OÜ — Ship fast, maintain properly.