From 76f731cb22b7963d11d1fd49f8a2fd9e5b5472e0 Mon Sep 17 00:00:00 2001 From: vinland100 Date: Mon, 12 Jan 2026 16:27:41 +0800 Subject: [PATCH] refactor: streamline JSON output requirements and enhance clarity in code analysis instructions --- backend/app/services/llm/service.py | 74 ++++++++++++----------------- 1 file changed, 30 insertions(+), 44 deletions(-) diff --git a/backend/app/services/llm/service.py b/backend/app/services/llm/service.py index 8368c26..13a333c 100644 --- a/backend/app/services/llm/service.py +++ b/backend/app/services/llm/service.py @@ -139,13 +139,7 @@ class LLMService: "line": 1, "column": 1, "code_snippet": "string", - "ai_explanation": "string", - "xai": { - "what": "string", - "why": "string", - "how": "string", - "learn_more": "string(optional)" - } + "ai_explanation": "string" } ], "quality_score": 0-100, @@ -177,18 +171,18 @@ class LLMService: 【内容要求】: 1. 所有文本内容必须统一使用简体中文 -2. JSON字符串值中的特殊字符必须正确转义(换行用\\n,双引号用\\",反斜杠用\\\\) +2. JSON字符串值中的特殊字符必须正确转义(换行用\\n,双引号用\\") 3. code_snippet字段必须使用\\n表示换行 +4. 保持分析简明扼要,重点关注关键问题 -请从以下维度全面、彻底地分析代码,找出所有问题: +请从以下维度全面分析代码,找出所有问题: - 安全漏洞(SQL注入、XSS、命令注入、路径遍历、SSRF、XXE、反序列化、硬编码密钥等) - 潜在的 Bug 和逻辑错误 - 性能问题和优化建议 - 编码规范和代码风格 - 可维护性和可读性 -- 最佳实践和设计模式 -【重要】请尽可能多地找出代码中的所有问题,不要遗漏任何安全漏洞或潜在风险! +【重要】请尽可能多地找出代码中的问题,但只需报告确定的问题,避免误报! 输出格式必须严格符合以下 JSON Schema: @@ -200,18 +194,14 @@ class LLMService: - suggestion: 具体的修复建议(中文) - line: 问题所在的行号(从1开始计数,必须准确对应代码中的行号) - column: 问题所在的列号(从1开始计数,指向问题代码的起始位置) -- code_snippet: 包含问题的代码片段(建议包含问题行及其前后1-2行作为上下文,保持原始缩进格式) -- ai_explanation: AI 的深入解释(中文) -- xai.what: 这是什么问题(中文) -- xai.why: 为什么会有这个问题(中文) -- xai.how: 如何修复这个问题(中文) +- code_snippet: 包含问题的代码片段(包含前后1行上下文,保持缩进) +- ai_explanation: AI 的补充解释(中文,简短说明原因和危害) 【重要】关于行号和代码片段: -1. line 必须是问题代码的行号!!!代码左侧有"行号|"标注,例如"25| const x = 1"表示第25行,line字段必须填25 -2. column 是问题代码在该行中的起始列位置(从1开始,不包括"行号|"前缀部分) -3. code_snippet 应该包含问题代码及其上下文(前后各1-2行),去掉"行号|"前缀,保持原始代码的缩进 -4. 如果代码片段包含多行,必须使用 \\n 表示换行符(这是JSON的要求) -5. 如果无法确定准确的行号,不要填写line和column字段(不要填0) +1. line 必须是问题代码的行号!!!代码左侧有"行号|"标注 +2. column 是问题代码在该行中的起始列位置 +3. code_snippet 应该包含问题代码及其上下文,去掉"行号|"前缀 +4. 如果代码片段包含多行,必须使用 \\n 表示换行符 【严格禁止】: - 禁止在任何字段中使用英文,所有内容必须是简体中文 @@ -232,18 +222,18 @@ You are a professional code auditing assistant. Your task is to analyze code and 【Content requirements】: 1. All text content MUST be in English ONLY -2. Special characters in JSON strings must be properly escaped (\\n for newlines, \\" for quotes, \\\\ for backslashes) +2. Special characters in JSON strings must be properly escaped (\\n for newlines, \\" for quotes) 3. code_snippet field MUST use \\n for newlines +4. Keep analysis concise and focused on key issues -Please comprehensively and thoroughly analyze the code, finding ALL issues from the following dimensions: -- Security vulnerabilities (SQL injection, XSS, command injection, path traversal, SSRF, XXE, deserialization, hardcoded secrets, etc.) +Please comprehensively analyze the code, finding issues from the following dimensions: +- Security vulnerabilities (SQL injection, XSS, command injection, hardcoded secrets, etc.) - Potential bugs and logical errors -- Performance issues and optimization suggestions -- Coding standards and code style -- Maintainability and readability -- Best practices and design patterns +- Performance issues +- Coding standards and style +- Maintainability -【IMPORTANT】Find as many issues as possible! Do NOT miss any security vulnerabilities or potential risks! +【IMPORTANT】Find as many issues as possible, but avoid false positives! The output format MUST strictly conform to the following JSON Schema: @@ -253,27 +243,23 @@ Note: - title: Brief title of the issue (in English) - description: Detailed description of the issue (in English) - suggestion: Specific fix suggestions (in English) -- line: Line number where the issue occurs (1-indexed, must accurately correspond to the line in the code) -- column: Column number where the issue starts (1-indexed, pointing to the start position of the problematic code) -- code_snippet: Code snippet containing the issue (should include the problem line plus 1-2 lines before and after for context, preserve original indentation) -- ai_explanation: AI's in-depth explanation (in English) -- xai.what: What is this issue (in English) -- xai.why: Why does this issue exist (in English) -- xai.how: How to fix this issue (in English) +- line: Line number where the issue occurs (1-indexed) +- column: Column number where the issue starts +- code_snippet: Code snippet containing the issue (1 line context, preserve indentation) +- ai_explanation: AI's supplementary explanation (Briefly explain cause and impact) 【IMPORTANT】About line numbers and code snippets: -1. 'line' MUST be the line number from code!!! Code has "lineNumber|" prefix, e.g. "25| const x = 1" means line 25, you MUST set line to 25 -2. 'column' is the starting column position in that line (1-indexed, excluding the "lineNumber|" prefix) -3. 'code_snippet' should include the problematic code with context (1-2 lines before/after), remove "lineNumber|" prefix, preserve indentation -4. If code snippet has multiple lines, use \\n for newlines (JSON requirement) -5. If you cannot determine the exact line number, do NOT fill line and column fields (don't use 0) +1. 'line' MUST be the line number from code!!! Code has "lineNumber|" prefix +2. 'column' is the starting column position +3. 'code_snippet' should include the problematic code with context, remove "lineNumber|" prefix +4. Use \\n for newlines in code snippets 【STRICTLY PROHIBITED】: - NO Chinese characters in any field - English ONLY -- NO real newline characters in JSON string values - must use \\n -- NO markdown code block markers (like ```json) +- NO real newline characters in JSON string values +- NO markdown code block markers -⚠️ CRITICAL: Read line numbers from the "lineNumber|" prefix on the left of each code line. Do NOT guess or use 0!""" +⚠️ CRITICAL: Read line numbers from the "lineNumber|" prefix. Do NOT guess or use 0!""" async def analyze_code(self, code: str, language: str) -> Dict[str, Any]: """