Transform Basic Prompts into Powerfull AI Agents Prompts

---

🎯 What is Promptea?

Promptea is an intelligent AI-powered prompt engineering platform that elevates your simple prompts into comprehensive, production-ready instructions. Built with patterns from GitHub's awesome copilot prompts repository, Promptea applies industry best practices to transform basic ideas into structured, actionable prompts that get results.

The Problem

Writing effective prompts for AI coding assistants is an art. Most developers start with basic requests like "create a REST API" or "add authentication" — but these lack the context, structure, and specificity needed for production-quality results.

The Solution

Promptea automatically enhances your prompts with:

• 🎯 Role Definition - Establishes expertise level and domain knowledge
• ⚙️ Configuration Variables - Adds customizable parameters with sensible defaults
• 📋 Clear Objectives - Defines specific, measurable outcomes
• 📐 Structured Output - Specifies formats, file paths, and code patterns
• ✅ Best Practices - Integrates industry standards and quality gates
• 🧠 Advanced Patterns - Applies chain-of-thought, few-shot, and template-driven approaches

---

⚡ Key Features

🚀 Intelligent Prompt Enhancement

Transform simple requests into detailed, production-ready instructions in seconds using GPT-4-powered analysis and enhancement.

🔐 Secure Authentication

Built-in NextAuth.js v5 authentication with secure session management, protecting your prompt history and API usage.

🛡️ Enterprise-Grade Security

• Rate limiting on all critical endpoints (brute force protection)
• Input validation with Zod schemas
• CORS protection with environment-based whitelisting
• SQL injection prevention via Prisma ORM
• bcrypt password hashing with configurable rounds

🎨 Beautiful, Responsive UI

Modern interface built with shadcn/ui and Tailwind CSS, featuring dark mode support and smooth animations.

⚡ Real-Time Results

Instant prompt enhancement with streaming responses and copy-to-clipboard functionality.

📊 Pattern Library

Built on proven patterns from GitHub's copilot prompts repository, ensuring your enhanced prompts follow best practices.

---

🏗️ Built With

Core Technologies

• Next.js 15 - React framework with App Router for optimal performance
• TypeScript 5 - Type-safe development with strict mode
• Tailwind CSS 4 - Utility-first styling with custom design system
• OpenRouter - Unified API gateway for GPT-4, Claude, and 200+ AI models

UI & Components

• shadcn/ui - High-quality, accessible React components
• Lucide Icons - Beautiful, consistent iconography
• Framer Motion - Smooth animations and transitions
• React Hook Form - Performant form validation with Zod

Backend & Database

• Prisma - Type-safe ORM for database operations
• NextAuth.js v5 - Complete authentication solution
• Socket.IO - Real-time bidirectional communication
• SQLite - Lightweight database (PostgreSQL-ready for production)

Security & Performance

• Custom rate limiting (100 API / 20 AI / 5 auth requests per window)
• Automatic memory cleanup and optimization
• Environment-based CORS protection
• Production-ready security headers

---

🚀 Quick Start

Prerequisites

• Node.js 18+ and npm
• OpenRouter API key (Get one free)

Installation

# Clone the repository
git clone https://github.com/yourusername/promptea.git
cd promptea

# Install dependencies
npm install

# Set up environment variables
cp .env.example .env
<<<<<<< HEAD
# Edit .env with your configuration (see comments in .env.example)
=======
# Edit .env and add your OPENROUTER_API_KEY
>>>>>>> 16412f8 (modified readme.md)

# Initialize database
npm run db:push

# Start development server
npm run dev

Open http://localhost:3001 and start enhancing prompts! 🎉

Production Build

# Build for production
npm run build

# Start production server
npm start

<<<<<<< HEAD Open http://localhost:3001 to see your application running.

---

16412f8 (modified readme.md)

📖 Documentation

Environment Configuration

See .env.example for comprehensive documentation. Key variables:

# Database
DATABASE_URL="file:./db/custom.db"

# Authentication (NextAuth.js v5)
NEXTAUTH_URL=http://localhost:3001
AUTH_SECRET="your-secret-here"  # Generate: openssl rand -base64 32

# AI Provider (OpenRouter)
OPENROUTER_API_KEY="sk-or-v1-xxxxx"

# Security
ALLOWED_ORIGINS=http://localhost:3001,http://localhost:3000
BCRYPT_ROUNDS=10

Project Structure

promptea/
├── src/
│   ├── app/                    # Next.js App Router
│   │   ├── api/               # API routes
│   │   │   ├── auth/          # Authentication endpoints
│   │   │   └── enhance-prompt/ # Prompt enhancement endpoint
│   │   ├── login/             # Login page
│   │   └── page.tsx           # Home page
│   ├── components/
│   │   └── ui/                # shadcn/ui components
│   ├── lib/
│   │   ├── db.ts             # Prisma client
│   │   ├── rate-limit.ts     # Rate limiting utilities
│   │   ├── password.ts       # Password hashing
│   │   └── validations/      # Zod schemas
│   └── types/                # TypeScript definitions
├── prisma/
│   └── schema.prisma         # Database schema
├── server.ts                 # Custom Next.js server with Socket.IO
└── auth.ts                   # NextAuth.js configuration

API Endpoints

POST /api/enhance-prompt

Enhance a basic prompt into a production-ready instruction.

Rate Limit: 20 requests per hour per IP

Request:

{
  "prompt": "create a REST API"
}

Response:

{
  "enhancedPrompt": "You are an expert backend developer specializing in RESTful API design..."
}

POST /api/auth/register

Register a new user account.

Rate Limit: 5 attempts per 15 minutes per IP

Request:

{
  "email": "user@example.com",
  "password": "SecurePass123!",
  "name": "John Doe"
}

Database Schema

model User {
  id            String    @id @default(cuid())
  email         String    @unique
  password      String
  name          String?
  image         String?
  emailVerified DateTime?
  createdAt     DateTime  @default(now())
  updatedAt     DateTime  @updatedAt
}

🔒 Security Features

This application includes production-ready security features:

🛡️ Authentication & Authorization

• NextAuth.js v5 - Industry-standard authentication
• Secure password hashing - bcrypt with configurable rounds
• Protected API routes - Authentication middleware on sensitive endpoints
• Session management - Secure JWT-based sessions

⚡ Rate Limiting

Built-in rate limiting to prevent abuse and protect against attacks:

• API Endpoints: 100 requests per 15 minutes per IP
• AI Operations: 20 requests per hour per IP (strict limit for expensive operations)
• Authentication: 5 attempts per 15 minutes per IP (prevents brute force attacks)

Rate limits return standard headers:

• X-RateLimit-Limit - Maximum requests allowed
• X-RateLimit-Remaining - Requests remaining in current window
• X-RateLimit-Reset - Timestamp when the limit resets
• Retry-After - Seconds to wait before retrying (429 responses)

Testing Rate Limits:

# Run the test suite
node test-rate-limit.js

🔐 Additional Security

• Input validation - Zod schemas on all API endpoints
• CORS protection - Environment-based origin whitelist
• SQL injection prevention - Parameterized queries via Prisma
• Environment variables - Sensitive data in .env (never committed)

Security Best Practices:

1. Generate strong secrets: openssl rand -base64 32
2. Rotate API keys and secrets regularly
3. Use HTTPS in production
4. Keep dependencies updated
5. Review and update CORS origins for production

---

🔒 Security Features

Promptea is built with security as a top priority:

✅ Authentication & Authorization

• NextAuth.js v5 with JWT strategy
• Secure password hashing with bcrypt (10 rounds)
• Protected API routes with middleware
• Session management with automatic expiration

✅ Rate Limiting

• API Endpoints: 100 requests per 15 minutes
• AI Operations: 20 requests per hour (strict)
• Authentication: 5 attempts per 15 minutes (brute force protection)
• Standard rate limit headers (X-RateLimit-*)
• Automatic cleanup to prevent memory leaks

✅ Input Validation

• Zod schemas on all API endpoints
• SQL injection prevention via Prisma ORM
• XSS protection with proper sanitization
• CORS with environment-based origin whitelisting

✅ Best Practices

• Environment variables for all secrets
• No sensitive data in responses
• Secure HTTP headers
• HTTPS enforced in production

---

🧪 Testing

# Run rate limiting tests
node test-rate-limit.js

# Run authentication tests
node test-auth.js

---

🚢 Deployment

Vercel (Recommended)

1. Click the deploy button above
2. Set environment variables in Vercel dashboard
3. Deploy!

Environment Variables for Production

# Update these for production
NEXTAUTH_URL=https://yourdomain.com
ALLOWED_ORIGINS=https://yourdomain.com,https://www.yourdomain.com
DATABASE_URL=postgresql://user:password@host:5432/promptea
NODE_ENV=production

Database Migration

For production with PostgreSQL:

# Update DATABASE_URL in .env
# Run migrations
npm run db:migrate

# Generate Prisma Client
npm run db:generate

---

📄 License

Copyright © 2025 Raoof A. All Rights Reserved.

This software and associated documentation files (the "Software") are proprietary and confidential. Unauthorized copying, modification, distribution, or use of this Software, via any medium, is strictly prohibited without explicit written permission from the copyright holder.

All rights reserved. No license is granted.

---

📞 Support

• 🐛 Issues: GitHub Issues
• 💬 Discussions: GitHub Discussions
• 📖 Docs: Full Documentation

---

⬆ Back to Top

Made with ❤️ by Raoof A.

© 2025 Raoof A. All Rights Reserved.