From 0a977ef12a7e6dc6f381972f98a33ccc9b9d8a2e Mon Sep 17 00:00:00 2001 From: vinland100 Date: Wed, 7 Jan 2026 16:52:00 +0800 Subject: [PATCH] docs: Consolidate English README content into `README.md` and remove `README_EN.md`. --- README.md | 269 +----------------------------- README_EN.md | 462 --------------------------------------------------- 2 files changed, 2 insertions(+), 729 deletions(-) delete mode 100644 README_EN.md diff --git a/README.md b/README.md index 1d45b61..0b55935 100644 --- a/README.md +++ b/README.md @@ -1,91 +1,3 @@ -# DeepAudit - 人人拥有的 AI 审计战队,让漏洞挖掘触手可及 🦸‍♂️ - -
- DeepAudit Logo -
- -
- -[![Version](https://img.shields.io/badge/version-3.0.2-blue.svg)](https://github.com/lintsinghua/DeepAudit/releases) -[![License: AGPL-3.0](https://img.shields.io/badge/License-AGPL--3.0-blue.svg)](https://www.gnu.org/licenses/agpl-3.0) -[![React](https://img.shields.io/badge/React-18-61dafb.svg)](https://reactjs.org/) -[![TypeScript](https://img.shields.io/badge/TypeScript-5.7-3178c6.svg)](https://www.typescriptlang.org/) -[![FastAPI](https://img.shields.io/badge/FastAPI-0.100+-009688.svg)](https://fastapi.tiangolo.com/) -[![Python](https://img.shields.io/badge/Python-3.11+-3776ab.svg)](https://www.python.org/) -[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/lintsinghua/DeepAudit) - -[![Stars](https://img.shields.io/github/stars/lintsinghua/DeepAudit?style=social)](https://github.com/lintsinghua/DeepAudit/stargazers) -[![Forks](https://img.shields.io/github/forks/lintsinghua/DeepAudit?style=social)](https://github.com/lintsinghua/DeepAudit/network/members) - -lintsinghua%2FDeepAudit | Trendshift - -

- 简体中文 | English -

- -
- -
- DeepAudit Demo -
- ---- - - - -## 📸 界面预览 - -
- -### 🤖 Agent 审计入口 - -Agent审计入口 - -*首页快速进入 Multi-Agent 深度审计* - -
- - - - - - - - - - -
-📋 审计流日志

-审计流日志
-实时查看 Agent 思考与执行过程 -		 -🎛️ 智能仪表盘

-仪表盘
-一眼掌握项目安全态势 -
-⚡ 即时分析

-即时分析
-粘贴代码 / 上传文件,秒出结果 -		 -🗂️ 项目管理

-项目管理
-GitHub/GitLab/Gitea 导入,多项目协同管理 -
- -
- -### 📊 专业报告 - -审计报告 - -*一键导出 PDF / Markdown / JSON*(图中为快速模式,非Agent模式报告) - -👉 [查看Agent审计完整报告示例](https://lintsinghua.github.io/) - -
- ---- - ## ⚡ 项目概述 **DeepAudit** 是一个基于 **Multi-Agent 协作架构**的下一代代码安全审计平台。它不仅仅是一个静态扫描工具,而是模拟安全专家的思维模式,通过多个智能体(**Orchestrator**, **Recon**, **Analysis**, **Verification**)的自主协作,实现对代码的深度理解、漏洞挖掘和 **自动化沙箱 PoC 验证**。 @@ -97,8 +9,6 @@ 用户只需导入项目,DeepAudit 便全自动开始工作:识别技术栈 → 分析潜在风险 → 生成脚本 → 沙箱验证 → 生成报告,最终输出一份专业审计报告。 -> **核心理念**: 让 AI 像黑客一样攻击,像专家一样防御。 - ## 💡 为什么选择 DeepAudit?
@@ -164,75 +74,7 @@ DeepAudit/ ## 🚀 快速开始 -### 方式一:一行命令部署(推荐) - -使用预构建的 Docker 镜像,无需克隆代码,一行命令即可启动: - -```bash -curl -fsSL https://raw.githubusercontent.com/lintsinghua/DeepAudit/v3.0.0/docker-compose.prod.yml | docker compose -f - up -d -``` - -## 🇨🇳 国内加速部署(作者亲测非常无敌之快) - -使用南京大学镜像站加速拉取 Docker 镜像(将 `ghcr.io` 替换为 `ghcr.nju.edu.cn`): - -```bash -# 国内加速版 - 使用南京大学 GHCR 镜像站 -curl -fsSL https://raw.githubusercontent.com/lintsinghua/DeepAudit/v3.0.0/docker-compose.prod.cn.yml | docker compose -f - up -d -``` -
-手动拉取镜像(如需单独拉取)(点击展开) - -```bash -# 前端镜像 -docker pull ghcr.nju.edu.cn/lintsinghua/deepaudit-frontend:latest - -# 后端镜像 -docker pull ghcr.nju.edu.cn/lintsinghua/deepaudit-backend:latest - -# 沙箱镜像 -docker pull ghcr.nju.edu.cn/lintsinghua/deepaudit-sandbox:latest -``` -
- -> 💡 镜像源由 [南京大学开源镜像站](https://mirrors.nju.edu.cn/) 提供支持 - -
-💡 配置 Docker 镜像加速(可选,进一步提升拉取速度)(点击展开) - -如果拉取镜像仍然较慢,可以配置 Docker 镜像加速器。编辑 Docker 配置文件并添加以下镜像源: - -**Linux / macOS**:编辑 `/etc/docker/daemon.json` - -**Windows**:右键 Docker Desktop 图标 → Settings → Docker Engine - -```json -{ - "registry-mirrors": [ - "https://docker.1ms.run", - "https://dockerproxy.com", - "https://hub.rat.dev" - ] -} -``` - -保存后重启 Docker 服务: - -```bash -# Linux -sudo systemctl restart docker - -# macOS / Windows -# 重启 Docker Desktop 应用 -``` - -
- -> 🎉 **启动成功!** 访问 http://localhost:3000 开始体验。 - ---- - -### 方式二:克隆代码部署 +### 方式一:克隆代码部署 适合需要自定义配置或二次开发的用户: @@ -382,8 +224,6 @@ DeepSeek-Coder · Codestral
-💡 支持 API 中转站,解决网络访问问题 | 详细配置 → [LLM 平台支持](docs/LLM_PROVIDERS.md) - --- ## 🎯 功能矩阵 @@ -400,110 +240,5 @@ DeepSeek-Coder · Codestral
| 📋 **审计规则** | 内置 OWASP Top 10,支持自定义规则集 | 通用 | | 📝 **提示词模板** | 可视化管理,支持中英文双语 | 通用 | | 📊 **报告导出** | PDF / Markdown / JSON 一键导出 | 通用 | -| ⚙️ **运行时配置** | 浏览器配置 LLM,无需重启服务 | 通用 | -## 🦖 发展路线图 - -我们正在持续演进,未来将支持更多语言和更强大的 Agent 能力。 - -- [x] 基础静态分析,集成 Semgrep -- [x] 引入 RAG 知识库,支持 Docker 安全沙箱 -- [x] **Multi-Agent 协作架构** (Current) -- [ ] 支持更真实的模拟服务环境,进行更真实漏洞验证流程 -- [ ] 沙箱从function_call优化集成为稳定MCP服务 -- [ ] **自动修复 (Auto-Fix)**: Agent 直接提交 PR 修复漏洞 -- [ ] **增量PR审计**: 持续跟踪 PR 变更,智能分析漏洞,并集成CI/CD流程 -- [ ] **优化RAG**: 支持自定义知识库 - ---- - -## 🤝 贡献与社区 - -### 贡献指南 -我们非常欢迎您的贡献!无论是提交 Issue、PR 还是完善文档。 -请查看 [CONTRIBUTING.md](./CONTRIBUTING.md) 了解详情。 - -### 📬 联系作者 - -
- -**欢迎大家来和我交流探讨!无论是技术问题、功能建议还是合作意向,都期待与你沟通~** -(项目开发、投资孵化等合作洽谈请通过邮箱联系) -| 联系方式 | | -|:---:|:---:| -| 📧 **邮箱** | **lintsinghua@qq.com** | -| 🐙 **GitHub** | [@lintsinghua](https://github.com/lintsinghua) | - -
- -### 💬 交流群 - -
- -**欢迎大家入群交流分享、学习、摸鱼~** - -QQ交流群 - -
- -## 📄 许可证 - -本项目采用 [AGPL-3.0 License](LICENSE) 开源。 - -## 📈 项目热度 - - - - - - Star History Chart - - - ---- - -
- Made with ❤️ by lintsinghua -
- ---- - -## 致谢 - -感谢以下开源项目的支持: - -[FastAPI](https://fastapi.tiangolo.com/) · [LangChain](https://langchain.com/) · [LangGraph](https://langchain-ai.github.io/langgraph/) · [ChromaDB](https://www.trychroma.com/) · [LiteLLM](https://litellm.ai/) · [Tree-sitter](https://tree-sitter.github.io/) · [Kunlun-M](https://github.com/LoRexxar/Kunlun-M) · [Strix](https://github.com/usestrix/strix) · [React](https://react.dev/) · [Vite](https://vitejs.dev/) · [Radix UI](https://www.radix-ui.com/) · [TailwindCSS](https://tailwindcss.com/) · [shadcn/ui](https://ui.shadcn.com/) - ---- - -## ⚠️ 重要安全声明 - -### 法律合规声明 -1. 禁止**任何未经授权的漏洞测试、渗透测试或安全评估** -2. 本项目仅供网络空间安全学术研究、教学和学习使用 -3. 严禁将本项目用于任何非法目的或未经授权的安全测试 - -### 漏洞上报责任 -1. 发现任何安全漏洞时,请及时通过合法渠道上报 -2. 严禁利用发现的漏洞进行非法活动 -3. 遵守国家网络安全法律法规,维护网络空间安全 - -### 使用限制 -- 仅限在授权环境下用于教育和研究目的 -- 禁止用于对未授权系统进行安全测试 -- 使用者需对自身行为承担全部法律责任 - -### 免责声明 -作者不对任何因使用本项目而导致的直接或间接损失负责,使用者需对自身行为承担全部法律责任。 - ---- - -## 📖 详细安全政策 - -有关安装政策、免责声明、代码隐私、API使用安全和漏洞报告的详细信息,请参阅 [DISCLAIMER.md](DISCLAIMER.md) 和 [SECURITY.md](SECURITY.md) 文件。 - -### 快速参考 -- 🔒 **代码隐私警告**: 您的代码将被发送到所选择的LLM服务商服务器 -- 🛡️ **敏感代码处理**: 使用本地模型处理敏感代码 -- ⚠️ **合规要求**: 遵守数据保护和隐私法律法规 -- 📧 **漏洞报告**: 发现安全问题请通过合法渠道上报 +--- \ No newline at end of file diff --git a/README_EN.md b/README_EN.md deleted file mode 100644 index 8255db6..0000000 --- a/README_EN.md +++ /dev/null @@ -1,462 +0,0 @@ -# DeepAudit - Your AI Security Audit Team, Making Vulnerability Discovery Accessible - -

- 简体中文 | English -

- -
- DeepAudit Logo -
- -
- -[![Version](https://img.shields.io/badge/version-3.0.2-blue.svg)](https://github.com/lintsinghua/DeepAudit/releases) -[![License: AGPL-3.0](https://img.shields.io/badge/License-AGPL--3.0-blue.svg)](https://www.gnu.org/licenses/agpl-3.0) -[![React](https://img.shields.io/badge/React-18-61dafb.svg)](https://reactjs.org/) -[![TypeScript](https://img.shields.io/badge/TypeScript-5.7-3178c6.svg)](https://www.typescriptlang.org/) -[![FastAPI](https://img.shields.io/badge/FastAPI-0.100+-009688.svg)](https://fastapi.tiangolo.com/) -[![Python](https://img.shields.io/badge/Python-3.11+-3776ab.svg)](https://www.python.org/) -[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/lintsinghua/DeepAudit) - -[![Stars](https://img.shields.io/github/stars/lintsinghua/DeepAudit?style=social)](https://github.com/lintsinghua/DeepAudit/stargazers) -[![Forks](https://img.shields.io/github/forks/lintsinghua/DeepAudit?style=social)](https://github.com/lintsinghua/DeepAudit/network/members) - -lintsinghua%2FDeepAudit | Trendshift - - -
- -
- DeepAudit Demo -
- ---- - - - -## Screenshots - -
- -### Agent Audit Entry - -Agent Audit Entry - -*Quick access to Multi-Agent deep audit from homepage* - -
- - - - - - - - - - -
-Audit Flow Logs

-Audit Flow Logs
-Real-time view of Agent thinking and execution process -		 -Smart Dashboard

-Dashboard
-Grasp project security posture at a glance -
-Instant Analysis

-Instant Analysis
-Paste code / upload files, get results in seconds -		 -Project Management

-Project Management
-GitHub/GitLab import, multi-project collaboration -
- -
- -### Professional Reports - -Audit Report - -*One-click export to PDF / Markdown / JSON* (Quick mode shown, not Agent mode report) - -[View Full Agent Audit Report Example](https://lintsinghua.github.io/) - -
- ---- - -## Overview - -**DeepAudit** is a next-generation code security audit platform based on **Multi-Agent collaborative architecture**. It's not just a static scanning tool, but simulates the thinking patterns of security experts through autonomous collaboration of multiple agents (**Orchestrator**, **Recon**, **Analysis**, **Verification**), achieving deep code understanding, vulnerability discovery, and **automated sandbox PoC verification**. - -We are committed to solving three major pain points of traditional SAST tools: -- **High false positive rate** — Lack of semantic understanding, massive false positives consume manpower -- **Business logic blind spots** — Cannot understand cross-file calls and complex logic -- **Lack of verification methods** — Don't know if vulnerabilities are actually exploitable - -Users only need to import a project, and DeepAudit automatically starts working: identify tech stack → analyze potential risks → generate scripts → sandbox verification → generate report, ultimately outputting a professional audit report. - -> **Core Philosophy**: Let AI attack like a hacker, defend like an expert. - -## Why Choose DeepAudit? - -
- -| Traditional Audit Pain Points | DeepAudit Solutions | -| :--- | :--- | -| **Low manual audit efficiency**
Can't keep up with CI/CD iteration speed, slowing release process | **Multi-Agent Autonomous Audit**
AI automatically orchestrates audit strategies, 24/7 automated execution | -| **Too many false positives**
Lack of semantic understanding, spending lots of time cleaning noise daily | **RAG Knowledge Enhancement**
Combining code semantics with context, significantly reducing false positives | -| **Data privacy concerns**
Worried about core source code leaking to cloud AI, can't meet compliance requirements | **Ollama Local Deployment Support**
Data stays on-premises, supports Llama3/DeepSeek and other local models | -| **Can't confirm authenticity**
Outsourced projects have many vulnerabilities, don't know which are truly exploitable | **Sandbox PoC Verification**
Automatically generate and execute attack scripts, confirm real vulnerability impact | - -
- ---- - -## System Architecture - -### Architecture Diagram - -DeepAudit adopts microservices architecture, driven by the Multi-Agent engine at its core. - -
-DeepAudit Architecture -
- -### Audit Workflow - -| Step | Phase | Responsible Agent | Main Actions | -|:---:|:---:|:---:|:---| -| 1 | **Strategy Planning** | **Orchestrator** | Receive audit task, analyze project type, formulate audit plan, dispatch tasks to sub-agents | -| 2 | **Information Gathering** | **Recon Agent** | Scan project structure, identify frameworks/libraries/APIs, extract attack surface (Entry Points) | -| 3 | **Vulnerability Discovery** | **Analysis Agent** | Combine RAG knowledge base with AST analysis, deep code review, discover potential vulnerabilities | -| 4 | **PoC Verification** | **Verification Agent** | **(Critical)** Write PoC scripts, execute in Docker sandbox. Self-correct and retry if failed | -| 5 | **Report Generation** | **Orchestrator** | Aggregate all findings, filter out verified false positives, generate final report | - -### Project Structure - -```text -DeepAudit/ -├── backend/ # Python FastAPI Backend -│ ├── app/ -│ │ ├── agents/ # Multi-Agent Core Logic -│ │ │ ├── orchestrator.py # Commander: Task Orchestration -│ │ │ ├── recon.py # Scout: Asset Identification -│ │ │ ├── analysis.py # Analyst: Vulnerability Discovery -│ │ │ └── verification.py # Verifier: Sandbox PoC -│ │ ├── core/ # Core Config & Sandbox Interface -│ │ ├── models/ # Database Models -│ │ └── services/ # RAG, LLM Service Wrappers -│ └── tests/ # Unit Tests -├── frontend/ # React + TypeScript Frontend -│ ├── src/ -│ │ ├── components/ # UI Component Library -│ │ ├── pages/ # Page Routes -│ │ └── stores/ # Zustand State Management -├── docker/ # Docker Deployment Config -│ ├── sandbox/ # Security Sandbox Image Build -│ └── postgres/ # Database Initialization -└── docs/ # Detailed Documentation -``` - ---- - -## Quick Start - -### Option 1: One-Line Deployment (Recommended) - -Using pre-built Docker images, no need to clone code, start with one command: - -```bash -curl -fsSL https://raw.githubusercontent.com/lintsinghua/DeepAudit/v3.0.0/docker-compose.prod.yml | docker compose -f - up -d -``` - -
-💡 Configure Docker Registry Mirrors (Optional, for faster image pulling) (Click to expand) - -If pulling images is still slow, you can configure Docker registry mirrors. Edit the Docker configuration file and add the following mirror sources: - -**Linux / macOS**: Edit `/etc/docker/daemon.json` - -**Windows**: Right-click Docker Desktop icon → Settings → Docker Engine - -```json -{ - "registry-mirrors": [ - "https://docker.1ms.run", - "https://dockerproxy.com", - "https://hub.rat.dev" - ] -} -``` - -Restart Docker service after saving: - -```bash -# Linux -sudo systemctl restart docker - -# macOS / Windows -# Restart Docker Desktop application -``` - -
- -> **Success!** Visit http://localhost:3000 to start exploring. - ---- - -### Option 2: Clone and Deploy - -Suitable for users who need custom configuration or secondary development: - -```bash -# 1. Clone project -git clone https://github.com/lintsinghua/DeepAudit.git && cd DeepAudit - -# 2. Configure environment variables -cp backend/env.example backend/.env -# Edit backend/.env and fill in your LLM API Key - -# 3. One-click start -docker compose up -d -``` - -> First startup will automatically build the sandbox image, which may take a few minutes. - ---- - -## Development Guide - -For developers doing secondary development and debugging. - -### Requirements -- Python 3.11+ -- Node.js 20+ -- PostgreSQL 15+ -- Docker (for sandbox) - -### 1. Backend Setup - -```bash -cd backend -# Use uv for environment management (recommended) -uv sync -source .venv/bin/activate - -# Start API service -uvicorn app.main:app --reload -``` - -### 2. Frontend Setup - -```bash -cd frontend -pnpm install -pnpm dev -``` - -### 3. Sandbox Environment - -Development mode requires pulling the sandbox image locally: - -```bash -docker pull ghcr.io/lintsinghua/deepaudit-sandbox:latest -``` - ---- - -## Multi-Agent Intelligent Audit - -### Supported Vulnerability Types - - - - - - -
- -| Vulnerability Type | Description | -|---------|------| -| `sql_injection` | SQL Injection | -| `xss` | Cross-Site Scripting | -| `command_injection` | Command Injection | -| `path_traversal` | Path Traversal | -| `ssrf` | Server-Side Request Forgery | -| `xxe` | XML External Entity Injection | - - - -| Vulnerability Type | Description | -|---------|------| -| `insecure_deserialization` | Insecure Deserialization | -| `hardcoded_secret` | Hardcoded Secrets | -| `weak_crypto` | Weak Cryptography | -| `authentication_bypass` | Authentication Bypass | -| `authorization_bypass` | Authorization Bypass | -| `idor` | Insecure Direct Object Reference | - -
- -> For detailed documentation, see **[Agent Audit Guide](docs/AGENT_AUDIT.md)** - ---- - -## Supported LLM Platforms - - - - - - - -
-

International Platforms

-

-OpenAI GPT-4o / GPT-4
-Claude 3.5 Sonnet / Opus
-Google Gemini Pro
-DeepSeek V3 -

-		 -

Chinese Platforms

-

-Qwen (Tongyi Qianwen)
-Zhipu GLM-4
-Moonshot Kimi
-Wenxin · MiniMax · Doubao -

-		 -

Local Deployment

-

-Ollama
-Llama3 · Qwen2.5 · CodeLlama
-DeepSeek-Coder · Codestral
-Code stays on-premises -

-
- -> Supports API proxies to solve network access issues | Detailed configuration → [LLM Platform Support](docs/LLM_PROVIDERS.md) - ---- - -## Feature Matrix - -| Feature | Description | Mode | -|------|------|------| -| **Agent Deep Audit** | Multi-Agent collaboration, autonomous audit strategy orchestration | Agent | -| **RAG Knowledge Enhancement** | Code semantic understanding, CWE/CVE knowledge base retrieval | Agent | -| **Sandbox PoC Verification** | Docker isolated execution, verify vulnerability validity | Agent | -| **Project Management** | GitHub/GitLab import, ZIP upload, 10+ language support | General | -| **Instant Analysis** | Code snippet analysis in seconds, paste and use | General | -| **Five-Dimensional Detection** | Bug · Security · Performance · Style · Maintainability | General | -| **What-Why-How** | Precise location + cause explanation + fix suggestions | General | -| **Audit Rules** | Built-in OWASP Top 10, supports custom rule sets | General | -| **Prompt Templates** | Visual management, bilingual support | General | -| **Report Export** | One-click export to PDF / Markdown / JSON | General | -| **Runtime Configuration** | Configure LLM in browser, no service restart needed | General | - -## Roadmap - -We are continuously evolving, with more language support and stronger Agent capabilities coming. - -- [x] Basic static analysis, Semgrep integration -- [x] RAG knowledge base introduction, Docker security sandbox support -- [x] **Multi-Agent Collaborative Architecture** (Current) -- [ ] Support for more realistic simulated service environments for more authentic vulnerability verification -- [ ] Optimize sandbox from function_call to stable MCP service -- [ ] **Auto-Fix**: Agent directly submits PRs to fix vulnerabilities -- [ ] **Incremental PR Audit**: Continuously track PR changes, intelligently analyze vulnerabilities, integrate with CI/CD -- [ ] **Optimized RAG**: Support custom knowledge bases - ---- - -## Contributing & Community - -### Contributing Guide -We warmly welcome your contributions! Whether it's submitting Issues, PRs, or improving documentation. -Please check [CONTRIBUTING.md](./CONTRIBUTING.md) for details. - -### Contact - -
- -**Feel free to reach out for technical discussions, feature suggestions, or collaboration opportunities!** - -| Contact | | -|:---:|:---:| -| **Email** | **lintsinghua@qq.com** | -| **GitHub** | [@lintsinghua](https://github.com/lintsinghua) | - -### 💬 Community Group - -**Welcome to join our QQ group for discussion, sharing, learning, and chatting~** - -QQ Group - -
- -## License - -This project is open-sourced under the [AGPL-3.0 License](LICENSE). - -## Star History - - - - - - Star History Chart - - - ---- - -
- Made with ❤️ by lintsinghua -
- ---- - -## Acknowledgements - -Thanks to the following open-source projects for their support: - -[FastAPI](https://fastapi.tiangolo.com/) · [LangChain](https://langchain.com/) · [LangGraph](https://langchain-ai.github.io/langgraph/) · [ChromaDB](https://www.trychroma.com/) · [LiteLLM](https://litellm.ai/) · [Tree-sitter](https://tree-sitter.github.io/) · [Kunlun-M](https://github.com/LoRexxar/Kunlun-M) · [Strix](https://github.com/usestrix/strix) · [React](https://react.dev/) · [Vite](https://vitejs.dev/) · [Radix UI](https://www.radix-ui.com/) · [TailwindCSS](https://tailwindcss.com/) · [shadcn/ui](https://ui.shadcn.com/) - ---- - -## Important Security Notice - -### Legal Compliance Statement -1. **Any unauthorized vulnerability testing, penetration testing, or security assessment is prohibited** -2. This project is only for cybersecurity academic research, teaching, and learning purposes -3. It is strictly prohibited to use this project for any illegal purposes or unauthorized security testing - -### Vulnerability Reporting Responsibility -1. When discovering any security vulnerabilities, please report them through legitimate channels promptly -2. It is strictly prohibited to use discovered vulnerabilities for illegal activities -3. Comply with national cybersecurity laws and regulations, maintain cyberspace security - -### Usage Restrictions -- Only for educational and research purposes in authorized environments -- Prohibited for security testing on unauthorized systems -- Users are fully responsible for their own actions - -### Disclaimer -The author is not responsible for any direct or indirect losses caused by the use of this project. Users bear full legal responsibility for their own actions. - ---- - -## Detailed Security Policy - -For detailed information about installation policy, disclaimer, code privacy, API usage security, and vulnerability reporting, please refer to [DISCLAIMER.md](DISCLAIMER.md) and [SECURITY.md](SECURITY.md) files. - -### Quick Reference -- **Code Privacy Warning**: Your code will be sent to the selected LLM provider's servers -- **Sensitive Code Handling**: Use local models for sensitive code -- **Compliance Requirements**: Comply with data protection and privacy laws -- **Vulnerability Reporting**: Report security issues through legitimate channels