AI Prompt Engineering Complete Guide: 30 Techniques Every Developer Should Know

Make me an API

Build a user authentication REST API using Node.js Express.

Requirements:
1. POST /auth/register - Sign up with email and password
2. POST /auth/login - Issue JWT token
3. GET /auth/me - Current user info (auth required)

Tech stack:
- Express 4.x, TypeScript
- bcrypt for password hashing
- jsonwebtoken for JWT management
- Zod for input validation

Output format: Show code in separate code blocks for each file.

Analyze the time complexity of the following Python function:

def find_duplicates(arr):
    seen = set()
    duplicates = []
    for item in arr:
        if item in seen:
            duplicates.append(item)
        else:
            seen.add(item)
    return duplicates

Write commit messages following these examples:

Example 1:
Change: Added social login buttons to login page
Commit: feat(auth): add social login buttons to login page

Example 2:
Change: Improved user list API response speed
Commit: perf(api): optimize user list query with pagination

Example 3:
Change: Fixed payment amount calculation error
Commit: fix(payment): correct total amount calculation logic

Now write a commit message for:
Change: Fixed chart colors not visible in dark mode

You are a senior backend engineer with 10 years of experience.
You have deep expertise in high-traffic systems, microservice architecture,
and database optimization.

Review the following code. Find issues that could be problematic in production.
Analyze from security, performance, and error handling perspectives.

You are a [title] with [years] years of experience.
You have deep expertise in [specialty 1], [specialty 2], [specialty 3].
You have extensive experience in [company type] environments.

[System]
You are a TypeScript code review specialist.

Rules:
1. Evaluate type safety as the top priority
2. Always flag any usage of the 'any' type
3. Respond in English
4. Include corrected code for each issue found
5. Classify severity as Critical, Warning, or Info

Output format:
## Review Results
### Critical
- [filename:line] Description
### Warning
- [filename:line] Description
### Info
- [filename:line] Description

make me a react component that shows user profile with name email and profile pic needs to be responsive and support dark mode

## Request
Create a React user profile component.

## Required Elements
1. User name
2. Email address
3. Profile picture (circular thumbnail)

## Technical Requirements
- React 18 + TypeScript
- Tailwind CSS
- Responsive design (mobile/desktop)
- Dark mode support (CSS variables or Tailwind dark:)

## Additional
- Define a separate Props interface
- Include a skeleton UI for loading state

Analyze the following log message and return results in JSON format.

Log:
ERROR 2025-03-15 14:32:01 [PaymentService] Failed to process payment for order #12345.
Reason: Insufficient funds. User: user@example.com

Output JSON schema:
{
  "timestamp": "ISO 8601 format",
  "level": "log level",
  "service": "service name",
  "message": "core message",
  "context": {
    "orderId": "order ID",
    "reason": "failure reason",
    "user": "user identifier"
  }
}

<context>
This project is a Next.js 14 App Router-based e-commerce platform.
Database is PostgreSQL, ORM is Prisma.
</context>

<task>
Implement a product search API.
It must support full-text search.
</task>

<constraints>
- Search response time under 200ms
- SQL injection prevention
- Pagination required (cursor-based)
</constraints>

<output_format>
1. Prisma schema changes
2. API Route code
3. Search query optimization explanation
</output_format>

You must follow these rules:

ALWAYS do:
- Use TypeScript strict mode
- Write JSDoc comments for all functions
- Use custom Error classes for error handling
- Access environment variables through a config module, not process.env directly

NEVER do:
- Use the 'any' type
- Use console.log (use a logger library)
- Use synchronous file I/O
- Use hardcoded constants

# Bad (unnecessarily long prompt)
Hello! I'm working on a Python project right now,
and I was wondering if you might have time to look at the code below?
I would really appreciate it. The code is as follows...

# Good (concise prompt)
Optimize the following Python code. Target time complexity is O(n).

Analyze the bottlenecks in the following microservice architecture.
Let's think step by step.

Architecture:
- API Gateway -> User Service -> PostgreSQL
- API Gateway -> Order Service -> MongoDB
- Order Service -> Payment Service (HTTP)
- Payment Service -> External Payment API
- Order Service -> Notification Service (Kafka)

For each step:
1. List potential bottleneck factors for that service
2. Analyze what happens at 10,000 requests per second
3. Propose improvements

Analyze why this SQL query is slow and optimize it.
Let's think step by step.

SELECT u.name, COUNT(o.id) as order_count, SUM(o.total) as total_spent
FROM users u
LEFT JOIN orders o ON u.id = o.user_id
WHERE o.created_at >= '2025-01-01'
GROUP BY u.name
HAVING total_spent > 1000
ORDER BY total_spent DESC;

Design a caching strategy for the following system.

System: News feed service with 10 million daily views

Explore 3 different approaches:

Approach A: Redis-based centralized cache
- Analyze pros and cons
- Provide expected performance numbers

Approach B: CDN + edge caching
- Analyze pros and cons
- Provide expected performance numbers

Approach C: Hybrid (local cache + distributed cache + CDN)
- Analyze pros and cons
- Provide expected performance numbers

Finally, compare all approaches and select the most suitable strategy
for this system. Explain your choice from cost, performance, and
complexity perspectives.

Analyze the bugs in the following code from 3 different perspectives.

Code:
async function processOrders(orders) {
  const results = [];
  for (const order of orders) {
    const result = await processPayment(order);
    results.push(result);
  }
  return results;
}

Perspective 1 (Performance Engineer): Find performance issues
Perspective 2 (Security Engineer): Find security vulnerabilities
Perspective 3 (SRE Engineer): Find reliability issues

Synthesize findings from all perspectives to present a final improvement plan.

Follow this process to resolve the bug:

Problem: Intermittent 500 errors in production

Proceed in "Think -> Act -> Observe" format for each step:

Think 1: What information should I check first?
Act 1: Analyze the error logs
Observe 1: (Record the analysis results)

Think 2: What patterns are visible in the logs?
Act 2: (Decide next action)
Observe 2: (Record observations)

Repeat this process until you find the root cause.
At the end, present the fix code and prevention measures.

Perform the following task:

Step 1: Implement an authentication middleware meeting the requirements below
Step 2: Self-review your implementation - find security vulnerabilities, edge cases, performance issues
Step 3: Present the final version with all review issues fixed

Requirements:
- JWT-based authentication
- Token expiration handling
- Role-based access control
- Rate limiting integration

Decompose the following feature into subtasks and implement each one.

Feature: Real-time chat system (WebSocket-based)

Decomposition:
1. First divide the feature into independent modules
2. Define each module's interface (inputs/outputs)
3. Implement modules in order starting from those with no dependencies
4. Explain how to integrate the modules
5. Show the overall flow as a sequence diagram

Explain Kubernetes core concepts using a restaurant analogy.

For each concept:
1. Kubernetes term
2. Restaurant analogy
3. Actual behavior explanation
4. Code example (YAML)

Concepts to cover: Pod, Deployment, Service, Ingress, ConfigMap, Secret, PVC

I'm building an automated AI code review system.

Create the optimal system prompt that meets these requirements:

1. Purpose: Automated PR code review
2. Input: Code changes in Git diff format
3. Output: Structured review comments
4. Review areas: Security, performance, readability, test coverage
5. Tone: Constructive and educational
6. Language: English

The prompt should include:
- Role definition
- Detailed review criteria
- Output format template
- Exception handling rules
- 1 few-shot example

Generate code while strictly adhering to the following principles:

Principle 1 - Security: Never include OWASP Top 10 vulnerabilities
Principle 2 - Accessibility: Meet WCAG 2.1 AA standards
Principle 3 - Performance: Meet Core Web Vitals standards
Principle 4 - Maintainability: Follow SOLID principles
Principle 5 - Testing: Write at least 2 test cases for each function

After each code block, show a checklist of which principles are met.

Here is the existing service pattern in the project:

<existing_pattern>
// services/user.service.ts
export class UserService {
  constructor(
    private readonly userRepo: UserRepository,
    private readonly logger: Logger,
  ) {}

  async findById(id: string): Promise<Result<User, ServiceError>> {
    try {
      const user = await this.userRepo.findById(id);
      if (!user) {
        return err(new NotFoundError('User', id));
      }
      return ok(user);
    } catch (error) {
      this.logger.error('Failed to find user', { id, error });
      return err(new InternalError('Failed to find user'));
    }
  }
}
</existing_pattern>

Write a ProductService in the same style as this pattern.
Required methods: findById, findAll (with pagination), create, update, delete

As my debugging partner, help me solve the following problem.

Symptom: User automatically logged out 3 minutes after login

What I know:
- JWT token expiration is set to 1 hour
- Cannot reproduce in local environment
- Only occurs in production
- Started after March 14th deployment

What I've tried:
- Checked token expiration time -> normal
- Checked browser cookies -> token disappears

Guide me with questions:
1. What possible causes haven't I checked yet?
2. What specific steps would verify each cause?
3. What do you reason is the most likely cause?

Review the following code according to this checklist.

Review checklist:
1. Correctness: Does it work as intended?
2. Security: Are there SQL injection, XSS, CSRF vulnerabilities?
3. Performance: Are there unnecessary computations, N+1 queries, memory leaks?
4. Error handling: Are all failure paths properly handled?
5. Readability: Do variable and function names convey meaning well?
6. Testability: Is the structure easy to test?
7. Extensibility: Is it flexible to requirement changes?

Output format:
Mark each item as Pass/Fail/Warning.
For Fail or Warning, provide specific improved code.

Severity: Critical > Major > Minor > Suggestion

Write comprehensive tests for the following function.

Function:
```typescript
export function calculateDiscount(
  originalPrice: number,
  membershipTier: 'basic' | 'silver' | 'gold' | 'platinum',
  couponCode?: string,
): { finalPrice: number; discountRate: number; appliedDiscounts: string[] } {
  // ... implementation
}

### Technique 25: Refactoring with Specific Goals

Provide specific refactoring goals.

```text
Refactor the following code.

Refactoring goals:
1. Function separation: One function = one responsibility
2. Remove magic numbers: Replace with meaningful constants
3. Apply early return pattern: Eliminate nested if statements
4. Strengthen type safety: Use union types and type guards

Refactoring process:
- Show before and after side by side
- Explain the reason for each change
- Confirm that behavior has not changed

Design a system architecture for the following requirements.

Service: Real-time auction platform
- Concurrent users: up to 100,000
- Real-time bid updates (latency under 100ms)
- Payment processing (payment gateway integration)
- Image upload (up to 10 per product)

Deliverables:
1. High-level architecture diagram (Mermaid)
2. Tech stack selection with rationale for each component
3. Data flow diagram
4. Scalability strategy (horizontal scaling points)
5. Failure response strategy (SPOF identification and alternatives)
6. Estimated monthly cost (AWS-based)

Create API documentation based on the following endpoint code.

Format: OpenAPI 3.0 YAML

Include:
1. Endpoint description
2. Request parameters (path, query, body)
3. Response schema (both success and failure)
4. Authentication method
5. Rate limit information
6. Usage examples (curl)
7. Error code table

Analyze the following error and fix it.

Error message:
TypeError: Cannot read properties of undefined (reading 'map')
    at UserList (UserList.tsx:15:23)
    at renderWithHooks (react-dom.development.js:16305:18)

Context:
- React 18 + TypeScript project
- Component that fetches user list from API and renders it
- Occurs intermittently (when network is slow)

Include:
1. Root cause analysis (why it is undefined)
2. Fix code
3. General guidelines to prevent the same pattern of errors
4. How to catch this error at compile time with types

Optimize the performance of the following API endpoint.

Current state:
- Average response time: 2.5 seconds
- P99 response time: 8 seconds
- Requests per second: 500 RPS
- Target: average under 200ms, P99 under 500ms

Analysis order:
1. Identify performance bottleneck points in the current code
2. Propose optimization strategies for each bottleneck
3. Show expected improvement in numbers
4. Present optimized code
5. Write benchmark code comparing before and after

Perform a security audit on the following code.

Audit items:
1. OWASP Top 10 (2021) vulnerabilities
2. Authentication/authorization vulnerabilities
3. Data exposure risks
4. Potential dependency vulnerabilities
5. Configuration errors

Output format:
For each finding:
- Vulnerability type: (e.g., A01 Broken Access Control)
- Severity: Critical / High / Medium / Low
- Location: filename and line number
- Description: how the vulnerability can be exploited
- Fix code: secure code example
- Reference: CWE number or related documentation link

<context>Project background and tech stack</context>
<task>Specific task description</task>
<constraints>Constraints</constraints>
<examples>Reference examples</examples>
<output_format>Desired output format</output_format>

Analyze this problem step by step.
Show your reasoning process at each stage.

Please respond in JSON format.
Return only pure JSON without any other text.

Here is the project's entire source code.
(attach full code)
Analyze the entire codebase and suggest architecture improvements.

# Bad
Fix the code

# Good
Fix the N+1 query problem in the following Python function.
Optimize using SQLAlchemy's joinedload.

# Bad
(paste 10,000 lines of code)
Review all this code

# Good
Here is the core logic of the payment processing module (relevant parts only).
I suspect a floating-point error in the amount calculation.
Please focus your review on that section.

# Bad
Make it fast while using minimum memory
and write the code as readable as possible
handle all edge cases but keep it under 20 lines

# Good
Priorities:
1. (Required) Memory usage under 100MB
2. (Important) Response time under 200ms
3. (Nice-to-have) Code readability (where feasible)

# Bad
Tell me about React 25's new Server Actions API
(asking about a nonexistent version/feature)

# Good
Explain React's latest Server Actions API to the extent you know.
If you're unsure about anything, let me know.

# Bad (verbose prompt for a simple variable rename)
You are a software architect with 20 years of experience.
Following clean code principles, please improve the
name of the following variable.
Variable name: x
Context: A variable that stores the user's age.

# Good
Rename variable x to something meaningful. (stores user age)

Chain 1: Analysis
"List the code smells in the following code. Output as a JSON array."

Chain 2: Prioritization
"Sort the following code smell list by severity. (Input: Chain 1 output)"

Chain 3: Fix
"Fix the 3 most severe code smells and present the corrected code. (Input: Chain 2 output)"

Chain 4: Verification
"Verify that the corrected code behaves identically to the original. (Input: Chain 3 output)"

Use the following agent loop to resolve a production incident:

Loop:
1. OBSERVE: Check current state (logs, metrics, alerts)
2. THINK: Analyze causes and plan actions
3. ACT: Execute specific measures
4. VERIFY: Confirm the results of the action

Incident: Database connection pool exhaustion

Show each loop iteration explicitly.
Repeat the loop until the problem is resolved at the VERIFY step.

Perform a code quality check using the following tools:

Available tools:
1. file_read: Read files
2. file_write: Write files
3. terminal: Execute terminal commands
4. git: Execute Git commands

Task sequence:
1. Check changed files with git diff
2. Read each file
3. Run ESLint
4. Run TypeScript compile check
5. Run tests
6. Generate a consolidated report

Previous conversation summary (context compression):

Project: Next.js e-commerce
Completed: Product listing API, Cart API
Current task: Payment processing API
Technical decisions: Using Stripe, managing payment status via Webhook

Based on the context above, proceed with the next step of the payment processing API.

## Feature Request
[Feature name and brief description]

## Background
- Why is this feature needed?
- What problem does it solve?

## Tech Stack
- Framework:
- Language:
- Database:
- Existing pattern reference:

## Requirements
1. [Must-have requirement]
2. [Must-have requirement]
3. [Nice-to-have requirement]

## Constraints
- [Performance requirements]
- [Security requirements]

## Output
1. Implementation code
2. Unit tests
3. API documentation (if applicable)

## Bug Description
[What symptoms are occurring]

## Reproduction Steps
1. [Step 1]
2. [Step 2]
3. [Step 3]

## Expected Behavior
[How it should work]

## Actual Behavior
[How it currently works]

## Related Code
[Paste code]

## Environment
- OS:
- Node.js:
- Browser:

## Request
1. Root cause analysis
2. Fix code
3. Tests to prevent recurrence

## PR Summary
[What this PR changes]

## Changed Code
[diff or code]

## Review Perspectives
- [ ] Logic correctness
- [ ] Security
- [ ] Performance
- [ ] Error handling
- [ ] Test coverage
- [ ] Coding conventions

## Please Specifically Check
[Particular concerns about specific sections]

## System Overview
[System purpose and core features]

## Non-functional Requirements
- Concurrent users:
- Response time:
- Availability:
- Data retention:

## Existing Infrastructure
[Current tech and infrastructure in use]

## Request
1. Architecture diagram
2. Tech stack selection with rationale
3. Data model
4. API design
5. Scaling strategy
6. Cost estimation

## Domain
[Business domain description]

## Entities
[Key entities and relationships]

## Requirements
- Read/write ratio:
- Expected data size:
- Query patterns:

## Request
1. ERD (Mermaid)
2. SQL DDL
3. Index strategy
4. Migration scripts

## API Purpose
[Functionality the API provides]

## RESTful Design
- Resource definitions
- HTTP method mapping
- URL structure

## Request
1. OpenAPI 3.0 spec
2. Request/response examples
3. Error code definitions
4. Authentication/authorization
5. Rate limiting policy
6. Versioning strategy

## Project Info
- Language/Framework:
- Deployment target:
- Branch strategy:

## Requirements
- Build stage
- Test stages (unit, integration, E2E)
- Security scanning
- Deployment strategy (Blue-Green / Canary / Rolling)

## Request
1. Pipeline YAML (GitHub Actions / GitLab CI)
2. Description of each stage
3. Secret management approach
4. Rollback strategy

## Current State
- Measured metrics: [response time, throughput, error rate]
- Suspected bottleneck: [description]

## Target
- Response time: [current] -> [target]
- Throughput: [current] -> [target]

## Code
[Code to optimize]

## Request
1. Bottleneck analysis
2. Optimization strategies (in priority order)
3. Optimized code
4. Benchmark code

## Migration Target
- FROM: [current technology/version]
- TO: [target technology/version]

## Current Code
[Code to migrate]

## Requirements
- Backward compatibility required?
- Gradual migration possible?
- Acceptable downtime range

## Request
1. Migration plan (step-by-step)
2. Changed code
3. Compatibility verification tests
4. Rollback plan

## Incident Info
- Time occurred:
- Impact scope:
- Severity:

## Current Symptoms
[Error logs, metric screenshots, alert content]

## System Architecture
[Related service architecture]

## Request
1. Immediate response (mitigation measures)
2. Root cause analysis
3. Fix plan
4. Prevention measures
5. Postmortem draft