Try Claude
SEO AnalysisAudit pages for ranking issues
AI Tools for Full Stack Developers
AI tools that help full-stack developers audit APIs, debug client and server performance, research architecture, and ship features faster.
Get started for free
Works in Chat, Cowork and Code
LCP
5.8s — exceeds 4s threshold
CLS
0.04 — passes
TTFB
2.1s — server-side bottleneck suspected
Render-blocking
3 Google Font requests with no preconnect
Meta title
Present and within character limit
End-to-end performance debugging
Identify whether a slow page is a frontend issue (LCP, layout shifts), an API bottleneck (slow server response, N+1 queries), or a database problem. Audit both the client and server sides in a single workflow without switching between a dozen tools.
Our /dashboard page is slow. LCP is 5.8s. I need to know if the bottleneck is frontend rendering, API response time, or both.
Page audit: LCP 5.8s — TTFB alone is 2.1s (server-side issue). Largest element is a 900KB uncompressed hero chart. Render-blocking: 3 Google Font requests with no preconnect. Fix order: (1) investigate TTFB — likely N+1 DB query. (2) Add preconnect for fonts. (3) Optimize chart bundle with dynamic import.
ToolRouter analyze_url
LCP
5.8s — TTFB alone 2.1s (server-side issue)
Largest element
900KB uncompressed hero chart
Render-blocking
3 Google Font requests — no preconnect
Recommendation
(1) Fix N+1 DB query (2) Add preconnect (3) Dynamic import chart
Full-stack security review
Scan both the frontend (missing headers, exposed API keys in JS bundles) and the backend API (auth bypass, injection risks) for vulnerabilities before pushing to production. Full-stack developers own both surfaces.
Scan both https://myapp.com and https://api.myapp.com for security issues. I want frontend header issues and backend API vulnerabilities in one report.
Frontend: missing Content-Security-Policy header, X-Frame-Options absent, API base URL exposed in window.__NEXT_DATA__. Backend API: /api/users missing rate limiting, 500 errors return full Prisma stack trace, CORS wildcard (*) on /api/webhooks.
ToolRouter scan_url
Frontend — CSP
Missing Content-Security-Policy header
Frontend — Data leak
API base URL exposed in window.__NEXT_DATA__
API — Rate limiting
/api/users missing rate limiting
API — Error exposure
Full Prisma stack trace in 500 responses
API — CORS
Wildcard (*) on /api/webhooks
ToolRouter search_cves
next-auth@4.24.5
CVE-2024-29180 (CVSS 8.8) — session fixation via OAuth redirect
next@14.1.0
No critical CVEs
prisma@5.10.2
No critical CVEs
stripe@14.17.0
No critical CVEs
Framework docs and migration research
Get exact API docs, migration guides, and breaking changes for any version of the libraries in your stack — React, Next.js, Prisma, TypeScript — without hunting through GitHub release notes.
Fetch the Next.js 14 to 15 migration guide. I need the breaking changes for the App Router, server actions, and caching behavior.
Next.js 15 breaking changes: (1) fetch() no longer cached by default — add cache: "force-cache" explicitly. (2) Server Actions require "use server" in both function and file scope. (3) Dynamic routes now use Promise<params> — must await params in page components. (4) Turbopack is default in dev. Migration guide with codemods included.
ToolRouter fetch_docs
fetch() caching
No longer cached by default — add cache: "force-cache" explicitly
Server Actions
"use server" required in function and file scope
Dynamic params
Must await params — now Promise<params> type
Turbopack
Default dev bundler — replaces Webpack
System architecture diagramming
Generate sequence diagrams, ERDs, and full-stack architecture flowcharts for RFCs, ADRs, and onboarding docs. Describe the system in plain English and get Mermaid or PlantUML output that renders in GitHub instantly.
Generate a full-stack architecture diagram: Next.js app → API routes → Prisma ORM → Postgres + Redis cache. Show the auth flow with NextAuth and JWT refresh tokens.
Generated Mermaid diagram with 8 nodes. Client → Next.js Server Component → API Route. Auth: NextAuth → JWT verify → session cookie. Data path: API Route → Prisma → Postgres with Redis cache-aside. Redis TTL annotations on cached queries.
ToolRouter render_diagram
Diagram format
Mermaid — 8 nodes, renders in GitHub
Client path
Next.js Server Component → API Route
Auth flow
NextAuth → JWT verify → session cookie
Data path
Prisma → Postgres with Redis cache-aside
Dependency vulnerability triage
Check every package in your full stack — frontend and backend — for CVEs before releases. Catch vulnerable transitive dependencies that npm audit misses by searching the CVE database directly by package and version.
Check these packages for critical CVEs: next@14.1.0, prisma@5.10.2, next-auth@4.24.5, stripe@14.17.0, sharp@0.33.2.
next-auth@4.24.5: CVE-2024-29180 (CVSS 8.8) — session fixation via OAuth redirect. Upgrade to 4.24.7. Others: clean. Recommendation: update next-auth before next deployment.
ToolRouter search_cves
next-auth@4.24.5
CVE-2024-29180 (CVSS 8.8) — session fixation via OAuth redirect. Upgrade to 4.24.7.
next@14.1.0
Clean — no critical CVEs
prisma@5.10.2
Clean — no critical CVEs
stripe@14.17.0
Clean — no critical CVEs
sharp@0.33.2
Clean — no critical CVEs
Tech research for architectural decisions
Get synthesized comparisons of databases, ORMs, hosting platforms, and full-stack frameworks before committing the codebase to a multi-year decision.
Compare tRPC vs REST vs GraphQL for a Next.js + TypeScript SaaS app. I want type safety, client-side caching, and bundle size trade-offs.
tRPC: zero API layer, end-to-end TypeScript inference, no schema boilerplate — best for same-repo full-stack TypeScript. REST: widest ecosystem, stateless, easiest to cache at CDN. GraphQL: flexible client-driven queries but 40KB+ client bundle overhead. For Next.js + TypeScript monorepo, tRPC wins; for external API consumers, REST wins.
ToolRouter research
tRPC
Zero API layer, end-to-end TypeScript inference — best for same-repo monorepo
REST
Widest ecosystem, stateless, easiest CDN caching
GraphQL
Flexible client-driven queries — 40KB+ client bundle overhead
Recommendation
tRPC for Next.js TypeScript monorepo; REST for external API consumers
Ready-to-use prompts
Audit full-stack performance
Run a Lighthouse audit on https://myapp.com/dashboard. Report LCP, CLS, TTFB separately. Distinguish frontend rendering issues from server response time bottlenecks.
Scan API for OWASP issues
Scan https://api.myapp.com/v1 for OWASP Top 10 vulnerabilities. Check: missing auth on admin routes, SQL injection on filter params, exposed stack traces in 500 errors, and CORS misconfiguration.
Next.js 15 migration guide
Fetch the Next.js 14 to 15 migration guide. Show breaking changes for: App Router caching defaults, Server Actions, dynamic route params, and the new Turbopack dev server.
Full-stack architecture diagram
Generate a Mermaid diagram for a SaaS app: React client → Next.js server → tRPC router → Prisma → PostgreSQL. Include Redis cache-aside layer and NextAuth JWT flow.
Check all deps for CVEs
Check these for CVEs: next@14.1, react@18.2, prisma@5.10, next-auth@4.24, stripe@14, zod@3.22. Flag anything CVSS 7+.
tRPC vs REST vs GraphQL
Compare tRPC, REST, and GraphQL for a Next.js TypeScript SaaS. Cover: type safety, bundle size, client caching, and how each works with Next.js Server Components.
Prisma query optimization
Fetch Prisma v5 docs for query optimization: how to use select to avoid over-fetching, how to prevent N+1 with include, and when to use raw SQL queries for complex aggregations.
Security headers check
Audit https://myapp.com for security headers: CSP, X-Frame-Options, HSTS, X-Content-Type-Options, Referrer-Policy. Flag any missing or misconfigured headers.
Tools to power your best work
Page Speed TestPerformance, SEO & Web Vitals
Security ScannerScan URLs, IPs, domains and files for threats
Vulnerability DatabaseSearch CVEs & track new advisories
Deep ResearchAI research reports with citations
Web ScreenshotScreenshot any page at any viewport
Library DocsUp-to-date docs and code examples for any library
Diagram GeneratorRender Mermaid, PlantUML & more
165+ tools.
One conversation.
Everything full stack developers need from AI, connected to the assistant you already use. No extra apps, no switching tabs.
Pre-release security and performance check
Before any production release, audit the full stack: frontend performance, API security, and dependency vulnerabilities in a single pass.
Major version upgrade research
Before upgrading a critical framework (Next.js, React, Prisma), research breaking changes, check CVEs in the new version, and diagram what changes in the stack.
New feature architecture spike
Design a new feature end-to-end before building: research patterns, diagram the data flow, and verify the dependency stack.
Frequently Asked Questions
How do I know if a slow page is a frontend or backend problem?
Page Speed Test reports TTFB separately from rendering metrics. A high TTFB (above 600ms) points to server-side issues — slow API responses, database queries, or server rendering. A low TTFB with high LCP points to frontend issues like large images or render-blocking scripts.
Does the security scanner check both the frontend HTML and the API?
Yes. You can point the Security Scanner at both the public-facing URL (to check headers, exposed data in HTML source) and the API base URL (to check auth, CORS, and error responses). Run both for a complete picture of your attack surface.
Can Library Docs look up private internal packages?
Library Docs fetches documentation from public sources — npm registry, official framework docs, and GitHub. It works for any published open-source package. Internal private packages would need your own documentation solution.
How does Diagram Generator handle complex microservices with many services?
Describe the services, their communication patterns, and key data flows in your prompt. Diagram Generator handles systems with 15–20 nodes well. For very large systems, break them into subsystem diagrams and link them in your documentation.
Can I use Vulnerability Database to check Python and Go dependencies too?
Yes. The Vulnerability Database searches the full CVE catalog by package name and version — it covers npm, PyPI, Maven, Go modules, and more. Specify the package name and version in your prompt regardless of language.
Give your AI superpowers.
Get started for free
Works in Chat, Cowork and Code