Step 1 of 8
Identify Stack and Request Entry Point
Determine the app's language/framework and locate the main request handling file to know where to inject rate limiting.
The existing app code repository is available. It may be Node/Express, Python/Flask, Ruby on Rails, etc.
Analyze the provided project source (assume the root folder is accessible) and produce a concise summary: 1) Programming language and framework. 2) The primary server file where the HTTP server or routing middleware is initialized (e.g., app.js, server.py, config.ru). Include the exact relative path. Do not add extra commentary.
Expected after this step
You should see something like "Node.js with Express – src/app.js" indicating both language/framework and file path.
Should not happen
- ✕AI returns pseudo‑code or comments instead of real files
- ✕Uses in‑memory counters instead of Redis
- ✕Omits DB lookup for limits
- ✕Provides generic dependency lines without exact version
Verify before continuing
Do not move on until every check is true. The complete button stays locked until then.
Do not continue if…
- !AI returns pseudo‑code or comments instead of real files
- !Uses in‑memory counters instead of Redis
- !Omits DB lookup for limits
- !Provides generic dependency lines without exact version
- !Fails to self‑audit or claims PASS incorrectly
- !Forgot to export middleware
- !Test does not actually trigger 429
If the AI messes this up
Use this when the AI fakes progress or breaks the feature. It forces a real fix.
You did not provide the correct file name or omitted the framework. Respond with the exact programming language and the relative path to the file that creates the server instance, reading from the project's structure.