> ## Documentation Index
> Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Examples

> Explore framework-specific custom prompts for improving PR review coverage and compliance with your internal standards.

The following examples provide targeted custom prompts that can be integrated into your AI-powered PR review workflows. Our customers find these particularly helpful for their repos across frameworks like Spring Boot and React. Use these as templates or extend them to align with your team’s coding standards and architectural principles.

<AccordionGroup>
  <Accordion title="React">
    ```mdx theme={null}
    ## Direct DOM Manipulation
    Flag any use of `document.getElementById`, `querySelector`, `innerHTML`, or other direct DOM APIs inside React components (including in `useEffect`), since React’s virtual DOM and refs should be used instead.
    ```

    ```mdx theme={null}
    ## Excessive Inline Styles
    Flag JSX elements with large objects in `style={{…}}` - especially when reused - rather than defining CSS classes or styled-components for maintainability and performance.
    ```

    ```mdx theme={null}
    ## Uncontrolled to Controlled Component Switch
    Flag components that change from uncontrolled (no `value` prop) to controlled (with `value`) between renders, which can lead to React warnings and inconsistent state.
    ```

    ```mdx theme={null}
    ## Stale Closures in Hooks
    Flag cases where callbacks inside `useEffect` or `useCallback` reference state/props without listing them in the dependency array, as this causes outdated values to be used.
    ```
  </Accordion>

  <Accordion title="Angular">
    ```mdx theme={null}
    ## Direct DOM Access Bypassing Angular Renderer
    Flag any `document.querySelector`, `element.nativeElement`, or jQuery usage in components - instead use `Renderer2` or Angular’s template bindings to stay framework-compliant.
    ```

    ```mdx theme={null}
    ## Overuse of `any` in TypeScript
    Flag function parameters or variables typed as `any` throughout services or components, which defeats Angular’s compile-time type safety.
    ```

    ```mdx theme={null}
    ## Putting Business Logic in Templates
    Flag complex expressions or loops in the HTML template (e.g., `*ngIf="computeSomething(x)"`), which should be moved into the component class for readability and testability.
    ```

    ```mdx theme={null}
    ## Missing Subscription Cleanup
    Flag subscriptions to `Observables` in `ngOnInit` that are not unsubscribed in `ngOnDestroy`, leading to memory leaks in long‐running applications.
    ```
  </Accordion>

  <Accordion title="Vue.js">
    ```mdx theme={null}
    ## Mutating `props` Directly
    Flag any assignment to a prop inside a child component (e.g., `this.propValue = ...`), which should instead be emitted back to the parent or copied to local data.
    ```

    ```mdx theme={null}
    ## Using `$forceUpdate` to Bypass Reactivity
    Flag instances of `this.$forceUpdate()` or manually triggering watchers instead of fixing the reactive data flow.
    ```

    ```mdx theme={null}
    ## Logic-heavy Templates
    Flag templates containing complex JavaScript (e.g., inline methods or filters doing heavy computation) - move that logic into computed properties or methods in the component script.
    ```

    ```mdx theme={null}
    ## Unremoved Watchers and Event Listeners
    Flag watchers or `$on` event handlers set up in `mounted()` that aren’t properly torn down in `beforeDestroy()`, which can cause memory leaks.
    ```
  </Accordion>

  <Accordion title="Django">
    ```mdx theme={null}
    ## Hardcoded Secrets in Settings
    Flag any API keys, database passwords, or tokens hardcoded in `settings.py` instead of using environment variables (`os.getenv`) or a secrets manager.
    ```

    ```mdx theme={null}
    ## Raw SQL without Parameterization
    Flag any `cursor.execute(f"SELECT … {user_input}")` usage - instead use Django’s ORM or `cursor.execute("… WHERE x = %s", [user_input])` to prevent SQL injection.
    ```

    ```mdx theme={null}
    ## Mass Assignment on Forms or Models
    Flag `Model.objects.create(**request.POST)` or `form.save(commit=True)` without specifying `fields` or using `cleaned_data`, which can expose unintended fields.
    ```

    ```mdx theme={null}
    ## Unvalidated File Uploads
    Flag file upload handlers (e.g., `request.FILES['file']`) that don’t check file type or size before saving, exposing the app to malicious uploads.
    ```
  </Accordion>

  <Accordion title="Spring Boot">
    ```mdx theme={null}
    ## Hardcoded Secrets or Credentials
    Flag API keys, passwords, or tokens hardcoded in `.java` or `.properties` files.
    ```

    ```mdx theme={null}
    ## SQL Injection via Unparameterized Queries
    Flag dynamic SQL built using string concatenation or user inputs without parameter binding.
    ```

    ```mdx theme={null}
    ## Command Injection via Runtime Execution
    Flag use of `Runtime.exec()` or `ProcessBuilder` with unsanitized user inputs.
    ```

    ```mdx theme={null}
    ## Insecure Deserialization
    Flag uses of `ObjectInputStream.readObject()` on untrusted input sources.
    ```

    ```mdx theme={null}
    ## Unvalidated Input in Controllers
    Flag missing validation annotations (`@Valid`, `@NotNull`, etc.) on `@RequestBody`, `@PathVariable`, or `@RequestParam` parameters.
    ```
  </Accordion>

  <Accordion title="Express.js">
    ```mdx theme={null}
    ## Missing Error Handling in Async Routes
    Flag `async` route handlers without `try/catch` or a wrapper to forward errors to `next()`, which can cause unhandled promise rejections.
    ```

    ```mdx theme={null}
    ## Unvalidated `req.body` and `req.params`
    Flag any use of user inputs directly (e.g., `User.find(req.params.id)`) without schema validation via Joi, express-validator, or similar.
    ```

    ```mdx theme={null}
    ## Use of `eval()` or `Function()` Constructors
    Flag any `eval()` calls or dynamic function creation from user inputs, as they enable arbitrary code execution.
    ```

    ```mdx theme={null}
    ## Insecure Cookie Configuration
    Flag cookies set without `HttpOnly`, `Secure`, or proper `SameSite` attributes in `res.cookie()` calls.
    ```
  </Accordion>

  <Accordion title="Laravel">
    ```mdx theme={null}
    ## Mass Assignment without `$fillable` or `$guarded`
    Flag `Model::create($request->all())` when the model doesn’t declare safe `$fillable` fields.
    ```

    ```mdx theme={null}
    ## Raw Queries without Bindings
    Flag `DB::select("SELECT … WHERE id = $id")` - use parameter binding (`?` or named bindings) or Eloquent methods to avoid SQL injection.
    ```

    ```mdx theme={null}
    ## Missing CSRF Protection
    Flag forms or AJAX routes lacking `@csrf` in Blade templates or `$request->validate()` in controllers.
    ```

    ```mdx theme={null}
    ## Committed `.env` with Secrets
    Flag any project commits that include the `.env` file containing database credentials or API keys.
    ```
  </Accordion>

  <Accordion title="Ruby on Rails">
    ```mdx theme={null}
    ## Mass Assignment via `params` without Strong Parameters
    Flag controllers using `Model.create(params[:model])` without whitelisting via `params.require(:model).permit(...)`.
    ```

    ```mdx theme={null}
    ## N+1 Query Patterns
    Flag view or controller code like `@users.each { |u| u.posts.count }` instead of eager loading with `includes(:posts)`.
    ```

    ```mdx theme={null}
    ## Skipping Model Validations
    Flag calls to `save(validate: false)` or `update_column` that bypass ActiveRecord validations.
    ```

    ```mdx theme={null}
    ## Unhandled Exceptions in Callbacks
    Flag `after_save` or `before_destroy` callbacks without error handling, which can break request flows.
    ```
  </Accordion>

  <Accordion title="ASP .NET Core">
    ```mdx theme={null}
    ## Dynamic SQL via String Interpolation
    Flag any `context.Database.ExecuteSqlRaw($"…{userInput}…")` or concatenated SQL strings - instead use parameterized queries.
    ```

    ```mdx theme={null}
    ## Missing Anti-Forgery Token Validation
    Flag POST actions without `[ValidateAntiForgeryToken]` when using Razor Pages or MVC forms.
    ```

    ```mdx theme={null}
    ## Exposing Sensitive Data in ViewBag/ViewData
    Flag passing secrets or tokens through `ViewBag` or `ViewData` for use in Razor views.
    ```

    ```mdx theme={null}
    ## Improper CORS Configuration
    Flag overly permissive CORS policies in `AddCors` (e.g., `AllowAnyOrigin`) that expose APIs unintentionally.
    ```
  </Accordion>

  <Accordion title="PySpark">
    ```mdx theme={null}
    ## Calling `collect()` on Large RDDs/DataFrames
    Flag any `df.collect()` or `rdd.collect()` on datasets >100K records, which can OOM the driver - use `take()` or write to storage instead.
    ```

    ```mdx theme={null}
    ## User-Defined Functions (UDFs) over Built-ins
    Flag use of `udf(myFunc)` for simple operations that Spark already optimizes (e.g., string, date functions) - opt for Spark SQL functions.
    ```

    ```mdx theme={null}
    ## Joins without Broadcast for Small Tables
    Flag large DataFrame `.join(smallDf, on, "left")` without using `broadcast(smallDf)`, leading to skewed shuffles.
    ```

    ```mdx theme={null}
    ## Caching Too Early or Too Much
    Flag `.cache()` on DataFrames before pruning unnecessary columns or filtering, which wastes executor memory.
    ```
  </Accordion>

  <Accordion title="Meteor">
    ```mdx theme={null}
    ## Overusing `autopublish` Package
    Flag projects where `autopublish` is not removed, exposing all collections to the client by default.
    ```

    ```mdx theme={null}
    ## Insecure `allow/deny` Rules
    Flag any `Collection.allow({ ... })` or `deny` settings permitting broad inserts/updates without checking `this.userId` or document ownership.
    ```

    ```mdx theme={null}
    ## Publishing Excessive Fields
    Flag publications that return whole documents (e.g., `return Collection.find()`) instead of selective fields to minimize data exposure.
    ```

    ```mdx theme={null}
    ## Unchecked Meteor Method Inputs
    Flag Meteor methods that access `this.userId` but do not validate or sanitize the `args` object, inviting injection attacks.
    ```
  </Accordion>

  <Accordion title="Svelte">
    ```mdx theme={null}
    ## Direct DOM API Usage
    Flag any `document.querySelector`, `addEventListener`, or manual DOM updates inside components - instead use Svelte’s reactive bindings.
    ```

    ```mdx theme={null}
    ## Mutable Store Updates without `update()`
    Flag direct assignments to store values (e.g., `myStore.set = …`) rather than using `myStore.update(...)`, which can break reactivity.
    ```

    ```mdx theme={null}
    ## Heavy Computation in Markup
    Flag long-running loops or calculations in the template (e.g., `{#each bigArray.map(...) as item}`) - move logic into a `<script>` reactive statement.
    ```

    ```mdx theme={null}
    ## Uncleaned Subscriptions on Destroy
    Flag stores or event subscriptions created in `onMount()` that are not unsubscribed in `onDestroy()`, causing memory leaks.
    ```
  </Accordion>
</AccordionGroup>
