CodeReview/AGENTS.md

# DeepAudit Agent Instructions

This guide provides essential technical information for agentic coding tools operating within the DeepAudit repository.

## 🛠 Development Commands

### Backend (Python/FastAPI)
Located in `/backend`. Uses `uv` for environment management and `pytest` for testing.

- **Sync Environment:** `uv sync`
- **Start Server:** `uvicorn app.main:app --reload`
- **Run All Tests:** `pytest`
- **Run Agent Tests:** `python tests/agent/run_tests.py`
- **Run Single Test:** `pytest tests/agent/test_agents.py::test_name`
- **Linting:** `ruff check .`
- **Formatting:** `black .`
- **Type Checking:** `mypy .`
- **Database Migrations:** `alembic upgrade head`

### Frontend (React/TypeScript)
Located in `/frontend`. Uses `pnpm` and `Vite`.

- **Install Dependencies:** `pnpm install`
- **Start Dev Server:** `pnpm dev`
- **Build Project:** `pnpm build`
- **Linting:** `pnpm lint`
- **Format:** `pnpm format`
- **Type Checking:** `pnpm type-check`

---

## 🎨 Code Style & Conventions

### General
- **Language:** English for code (variables, functions, comments), though some documentation/logs may be in Chinese.
- **Architecture:** Follow the Multi-Agent architecture. Backend logic for agents is in `backend/app/agents/`.

### Backend (Python)
- **Style:** PEP 8 via `black` (100 char limit) and `ruff`.
- **Typing:** Strict type hinting is required. Use Pydantic models for data validation in `backend/app/schemas/`.
- **Imports:**
  - Standard library first.
  - Third-party libraries second.
  - Local application imports last (using `app.xxx` absolute paths).
- **Naming:** `snake_case` for variables/functions, `PascalCase` for classes.
- **Error Handling:** Use custom exceptions where appropriate. FastAPI's `HTTPException` for API responses. Prefer `logger.error` over `print`.
- **Database:** SQLAlchemy 2.0 (async). Models in `backend/app/models/`.

### Frontend (React/TypeScript)
- **Framework:** React 18+ with Vite and TypeScript.
- **State Management:** Zustand for stores.
- **UI Components:** Shadcn/UI (Radix UI) + Tailwind CSS.
- **Structure:**
  - `src/features/`: Domain-specific components and logic.
  - `src/components/ui/`: Shared low-level components.
  - `src/shared/`: Cross-cutting concerns (hooks, types, utils, api).
- **Types:** Define interfaces in `src/shared/types/index.ts`. Avoid `any`.
- **Imports:** Use absolute paths (e.g., `@/components/...` if configured, otherwise relative to `src`).
- **Naming:** `PascalCase` for components, `camelCase` for hooks and utilities.
- **Formatting:** Use Biome for linting and formatting.

---

## 🤖 Agent Framework specifics
- **Core Agents:** Orchestrator, Recon, Analysis, Verification.
- **Tools:** Agents use specialized tools (e.g., `sandbox_exec` for PoC verification, `semgrep_scan`, `rag_query`).
- **Sandbox:** PoC execution happens in isolated Docker containers (`docker/sandbox`).
- **RAG:** Uses ChromaDB for vector storage and Tree-sitter for intelligent code chunking.
- **Agent Logic:** Implementation resides in `backend/app/services/agent/agents/` and tools in `backend/app/services/agent/tools/`.

## 📁 Repository Structure
- `backend/app/agents/`: Agent logic.
- `backend/app/api/`: API endpoints.
- `frontend/src/features/`: Frontend modules.
- `docker/`: Deployment and sandbox configurations.
- `rules/`: Custom audit rules.
Add DeepAudit Agent Instructions and remove outdated architecture image - Introduced AGENTS.md with detailed instructions for backend and frontend development, code style conventions, agent framework specifics, and repository structure. 2026-01-13 15:12:22 +08:00			`# DeepAudit Agent Instructions`

			`This guide provides essential technical information for agentic coding tools operating within the DeepAudit repository.`

			`## 🛠 Development Commands`

			`### Backend (Python/FastAPI)`
			Located in `/backend`. Uses `uv` for environment management and `pytest` for testing.

			- Sync Environment: `uv sync`
			- Start Server: `uvicorn app.main:app --reload`
			- Run All Tests: `pytest`
			- Run Agent Tests: `python tests/agent/run_tests.py`
			- Run Single Test: `pytest tests/agent/test_agents.py::test_name`
			- Linting: `ruff check .`
			- Formatting: `black .`
			- Type Checking: `mypy .`
			- Database Migrations: `alembic upgrade head`

			`### Frontend (React/TypeScript)`
			Located in `/frontend`. Uses `pnpm` and `Vite`.

			- Install Dependencies: `pnpm install`
			- Start Dev Server: `pnpm dev`
			- Build Project: `pnpm build`
			- Linting: `pnpm lint`
			- Format: `pnpm format`
			- Type Checking: `pnpm type-check`

			`---`

			`## 🎨 Code Style & Conventions`

			`### General`
			`- Language: English for code (variables, functions, comments), though some documentation/logs may be in Chinese.`
			- Architecture: Follow the Multi-Agent architecture. Backend logic for agents is in `backend/app/agents/`.

			`### Backend (Python)`
			- Style: PEP 8 via `black` (100 char limit) and `ruff`.
			- Typing: Strict type hinting is required. Use Pydantic models for data validation in `backend/app/schemas/`.
			`- Imports:`
			`- Standard library first.`
			`- Third-party libraries second.`
			- Local application imports last (using `app.xxx` absolute paths).
			- Naming: `snake_case` for variables/functions, `PascalCase` for classes.
			- Error Handling: Use custom exceptions where appropriate. FastAPI's `HTTPException` for API responses. Prefer `logger.error` over `print`.
			- Database: SQLAlchemy 2.0 (async). Models in `backend/app/models/`.

			`### Frontend (React/TypeScript)`
			`- Framework: React 18+ with Vite and TypeScript.`
			`- State Management: Zustand for stores.`
			`- UI Components: Shadcn/UI (Radix UI) + Tailwind CSS.`
			`- Structure:`
			- `src/features/`: Domain-specific components and logic.
			- `src/components/ui/`: Shared low-level components.
			- `src/shared/`: Cross-cutting concerns (hooks, types, utils, api).
			- Types: Define interfaces in `src/shared/types/index.ts`. Avoid `any`.
			- Imports: Use absolute paths (e.g., `@/components/...` if configured, otherwise relative to `src`).
			- Naming: `PascalCase` for components, `camelCase` for hooks and utilities.
			`- Formatting: Use Biome for linting and formatting.`

			`---`

			`## 🤖 Agent Framework specifics`
			`- Core Agents: Orchestrator, Recon, Analysis, Verification.`
			- Tools: Agents use specialized tools (e.g., `sandbox_exec` for PoC verification, `semgrep_scan`, `rag_query`).
			- Sandbox: PoC execution happens in isolated Docker containers (`docker/sandbox`).
			`- RAG: Uses ChromaDB for vector storage and Tree-sitter for intelligent code chunking.`
			- Agent Logic: Implementation resides in `backend/app/services/agent/agents/` and tools in `backend/app/services/agent/tools/`.

			`## 📁 Repository Structure`
			- `backend/app/agents/`: Agent logic.
			- `backend/app/api/`: API endpoints.
			- `frontend/src/features/`: Frontend modules.
			- `docker/`: Deployment and sandbox configurations.
			- `rules/`: Custom audit rules.