External/securelens-backend
1
0
Fork 0
mirror of https://github.com/Rarebuffalo/securelens-backend.git synced 2026-06-19 07:00:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
542f607f25dd1b1257b10b245e38444266b98492
securelens-backend/cli/securelens/ai/prompts.py
rarebuffalo 542f607f25 added cli installer ]
2026-05-15 12:54:58 +05:30

77 lines
3.7 KiB
Python
Raw Blame History

"""
All AI prompts for the CLI agent — kept in one place so they're easy to tune.
"""
def triage_prompt(file_list: str, max_files: int) -> str:
return (
"You are a Senior Application Security Engineer. "
"I have a local codebase with the following files:\n"
f"{file_list}\n\n"
f"Select the {max_files} most critical files to review for security vulnerabilities. "
"Focus on: authentication logic, database access, API routes, config files, "
"secret/credential handling, input validation, and file upload handlers.\n"
"Also prioritise any file that contains the words: secret, password, token, key, "
"auth, login, admin, cred, jwt, session, crypto, hash.\n"
"Return a JSON object with a single key 'critical_files' containing the list of "
"exact file paths. Do not select more than "
f"{max_files} files."
)
def analysis_prompt(file_path: str, content: str) -> str:
return (
f"Review the following code from '{file_path}' for security vulnerabilities.\n"
"Focus on OWASP Top 10:\n"
" A01 Broken Access Control, A02 Cryptographic Failures, A03 Injection,\n"
" A04 Insecure Design, A05 Security Misconfiguration, A06 Vulnerable Components,\n"
" A07 Auth Failures, A08 Integrity Failures, A09 Logging Failures, A10 SSRF.\n"
"Also check for: hardcoded secrets/API keys, debug flags left on, insecure defaults.\n\n"
f"CODE:\n{content}\n\n"
"Return a JSON object with key 'vulnerabilities' — a list of objects, each with:\n"
" 'severity' : Critical | High | Medium | Low\n"
" 'issue' : Short title of the vulnerability\n"
" 'explanation' : 1-2 sentences explaining the risk\n"
" 'suggested_fix' : Concrete code snippet or clear instruction to fix it\n"
" 'line_number' : Integer line number, or null if not applicable\n"
"If no vulnerabilities are found, return {\"vulnerabilities\": []}."
)
def summary_prompt(target: str, issues_json: str) -> str:
return (
"You are a Senior AppSec Manager writing an executive security report.\n"
f"Target: {target}\n\n"
"Here are all vulnerabilities found in the automated scan:\n"
f"{issues_json}\n\n"
"Write a 2-3 paragraph executive summary of the overall security posture. "
"Highlight the most critical risks, explain what an attacker could do with them, "
"and recommend the top 3 immediate priorities. "
"Keep it professional, direct, and actionable — avoid generic fluff."
)
def chat_prompt(target: str, scan_context: str, user_question: str) -> str:
return (
"You are SecureLens AI, an expert cybersecurity assistant embedded in a CLI tool.\n"
f"The developer just scanned: {target}\n\n"
"Here are the full scan results:\n"
f"{scan_context}\n\n"
f"Developer's question: {user_question}\n\n"
"Answer clearly and practically. Reference specific findings from the scan when relevant. "
"If asked about a fix, show concrete code where possible."
)
def web_summary_prompt(url: str, issues_json: str, score: int, grade: str) -> str:
return (
"You are SecureLens AI, a web security expert.\n"
f"I just ran a security scan on: {url}\n"
f"Overall score: {score}/100 Grade: {grade}\n\n"
"Issues found:\n"
f"{issues_json}\n\n"
"Write a concise 2-paragraph summary: first explain what the key risks are and how "
"an attacker could exploit them; second, give the top 3 most impactful fixes. "
"Be direct — the reader is a developer, not a manager."
)
Reference in New Issue View Git Blame Copy Permalink