We all reach that moment where we think “sorry agent, but you are going round in circles, I need to drop you and start a new agent”.
So I have created a new acronym: TTR - Time to Replace.
If said correctly, this should sound like ta-ta, a colloquial English word meaning goodbye. As in “You’ve lost the plot agent, it’s time to replace you. Goodbye”
And I hereby give this acronym to the world. My best contribution yet 
Not bad, Steve! Have you found the new Agent’s “Optimizing agent memory” feature to have alleviated some of this?
I don’t know what it is doing when it says that, but in my mind it means “truncating context” or essentially starting a new chat. But maybe it’s better at truncating just enough to take on the next prompt?
I haven’t quite figured it out yet.
Eric, I am 90% sure it means “truncating context”. Perhaps I have some confirmation bias, but I feel convinced it is from that point on that answers/code fixes get worse.
So yes, whenever Agent says “Optimizing agent memory” I know it has very little time left on this earth, and I begin planning how I am going to give it the sad news
Same here. I start tidying things up, double check Git was working, and take it out to the woodshed.
Eric, I wish sometimes we could create some kind of physical representation of the agent (and of ChatGPT, etc too). Like a voodoo doll.
Ooh, maybe there’s a market in that. Real talking dolls that you can hook up via wi-fi and connect it to your account. Sits on the desk next to your PC. And when agent gets dozy, you can take it out on the doll. A rubber one so you can chuck it round the room.
Yeah, I think I’ve just figured a new biz idea - want in on it?
I’m in for a demo model.
I was having just these thoughts recently on my project. Small fixes that don’t work and need redoing over and over and over. Needing to use higher power (and cost) Agent options to get small bug fixes done. I don’t know what is a good next step - ask a maxed out agent to do a full code review with the aim to find and fix inconsistencies or problematic code to try and make it easier - or to get the Agent to write out a full spec of the current app and start again from scratch!!
I have a pre- written audit prompt that I run now and then to get agent to do a compliance test of the entire code base against my architecture and guardrails. The prompt asks agent to output any issues as a series of further prompts which, after review, I feed back to it one at a time to fix things.
BTW, I would always start a new chat to do this. Once a chat is maxed out and tired, you should retire it - it will only get worse.
I think that might have been a part of my initial problems. I didn’t realise that you could start a new chat - I just kept using the same Agent chat window.
I am new to Replit so would be interested to see your prompt for this, as well as what your guardrails are - I’m nor exactly sure what you mean by this.
This is my audit prompt. The bullets in the bottom section are clearly related to my specific app - you would need to rewrite these to be a list of things important to your project. Top tip: get agent to help you write these!
## **Replit Compliance Audit + Fix Prompts**
Please review the entire project codebase and perform a **compliance audit** against the architecture and guardrails below. **Only provide the report** at this time — do **not** make any changes until instructed.
Your response must include the following two outputs:
---
### PART 1: Compliance Summary
Output a **simple bullet list**, grouped into two sections:
#### Conforms to Architecture
* \[Bullet points referencing specific files, logic, patterns, or behaviors that match the expected architecture]
#### Violates Architecture
* \[Bullet points describing any violations, misconfigurations, or security concerns]
* Where applicable, reference filenames, function names, and line numbers
* Focus on: architecture violations, security risks, Supabase misuse, environment variable exposure, or direct SQL execution
---
### PART 2: Repair Prompts
Based on the issues found, output a **series of fix prompts** that the user can paste back into Replit to repair the project.
Format like this:
#### Fix Group 1: \[Succinct title, e.g. "Frontend calls Supabase directly"]
* **Prompt to fix**: \[Pasteable Replit prompt]
#### Fix Group 2: \[e.g. "JWT not verified in dashboard route"]
* **Prompt to fix**: \[Pasteable Replit prompt]
...
Please:
* Group related issues into a single fix prompt
* Separate unrelated fixes into their own sections
* Order prompts by priority: **security and architecture first**, cleanup last
* Do not repeat the same fix in multiple groups — consolidate cleanly
---
### Architecture Guardrails
1. The **frontend must never access Supabase directly** — including for auth or session data.
2. All Supabase usage (auth, database, file storage) must occur **only in the backend**, using `@supabase/supabase-js`. The service role key must be used for all database and storage operations. The anon key is permitted only for **sessionless authentication functions** (`signUp`, `signInWithPassword`, `resend()`, password reset, etc.) and must be isolated in a dedicated auth client to prevent RLS contamination.
3. The frontend must communicate **only with the backend** via API routes using `VITE_BACKEND_URL`.
4. Do **not use** `pg`, `drizzle`, `prisma`, or any direct database drivers or ORMs.
5. All file uploads must be routed through the backend and stored in **Supabase storage buckets**.
6. Backend APIs must issue **signed JWTs on login**, and all protected routes must verify the JWT.
7. Supabase keys, SMTP credentials, and other environment secrets must **never be exposed in frontend code or Vite-visible `.env` files**.
8. Project must have a clear and consistent **client/server directory split** (e.g., `/src` for frontend, `/server` for backend).
9. Do **not run Supabase SQL automatically** — all SQL (for tables, policies, triggers) must be **output for manual pasting into Supabase**.
10. **RLS enforcement must be in place** on all Supabase tables, including:
* Authenticated-user-only access:
* `SELECT`, `UPDATE`, and `INSERT` policies using `auth.uid() = id`
* Role-based `SELECT` access for admins (`role = 'admin'`)
* Explicit `service_role` bypass policies for all operations (`SELECT`, `INSERT`, `UPDATE`, `DELETE`)
* Proper **dual-client architecture**:
* `auth client` using the **anon key**, isolated to sessionless auth tasks (`signUp`, `signInWithPassword`, etc.)
* `admin client` using the **service role key** for all other DB/storage operations
* Ensure no contamination: **do not** reuse the auth client for database queries
11. All backend files must use consistent ES module syntax (`import`/`export`). CommonJS patterns like `require()` or `module.exports` must not be used in any `.ts` or `.js` files. Mixed imports within the same file are not permitted.
12. Advise of any environment variables used in the app that have not yet been defined in the secrets tool
13. Verify no forbidden dependencies are present: check for `drizzle`, `prisma`, `pg` packages in package.json and ensure no related config files exist (drizzle.config.ts, prisma.schema, etc.)
14. The **frontend must never access Supabase file storage directly** - it should use a backend proxy route that uses the admin Supabase client for storage operations to retrieve files and serve them through the backend API, avoiding any direct frontend storage access
Thanks. I’ll have a good look at that.
Do you paste that whole prompt into the chat window, or put it in a file and reference it in the chat?
I drop it into a prompt as and when I need it. I maintain these pre-written prompts on my PC, so I can re-use them quickly across multiple apps I’m working on.
Not being a dev myself some of your specific tech requirements are not ones I feel able to use. However the general approach is good. For example where you say in the guard rails
The frontend must never access Supabase directly
I would probably just say database rather than Supabase as I have not specified anything about tech stacks. And being general in my case is likely going to get a similar outcome?
Yes feel free to change those points at the bottom to be personalised to you, and try it. Because the overall instruction is “review but do not make any changes”, you can try it and see what the agent says - no harm.
I’ve found that it’s not always fatal. In some instances it just seems to be forgetting previous prompts in an elegant drop. Might have been just luck, but I will say I don’t always load the shotgun when I see it but I do retrieve it from the safe.
Keep the shotgun next to your computer, within sight of the AI agent to keep it on its toes