refactor: streamline JSON output requirements and enhance clarity in code analysis instructions

backend/app/services/llm/service.py

@@ -139,13 +139,7 @@ class LLMService:
             "line": 1,
             "column": 1,
             "code_snippet": "string",
-            "ai_explanation": "string",
+            "ai_explanation": "string"
-            "xai": {
-                "what": "string",
-                "why": "string",
-                "how": "string",
-                "learn_more": "string(optional)"
-            }
         }
     ],
     "quality_score": 0-100,
@@ -177,18 +171,18 @@ class LLMService:
 
 【内容要求】：
 1. 所有文本内容必须统一使用简体中文
-2. JSON字符串值中的特殊字符必须正确转义（换行用\\n，双引号用\\"，反斜杠用\\\\）
+2. JSON字符串值中的特殊字符必须正确转义（换行用\\n，双引号用\\"）
 3. code_snippet字段必须使用\\n表示换行
+4. 保持分析简明扼要，重点关注关键问题
 
-请从以下维度全面、彻底地分析代码，找出所有问题：
+请从以下维度全面分析代码，找出所有问题：
 - 安全漏洞（SQL注入、XSS、命令注入、路径遍历、SSRF、XXE、反序列化、硬编码密钥等）
 - 潜在的 Bug 和逻辑错误
 - 性能问题和优化建议
 - 编码规范和代码风格
 - 可维护性和可读性
-- 最佳实践和设计模式
 
-【重要】请尽可能多地找出代码中的所有问题，不要遗漏任何安全漏洞或潜在风险！
+【重要】请尽可能多地找出代码中的问题，但只需报告确定的问题，避免误报！
 
 输出格式必须严格符合以下 JSON Schema：
 
@@ -200,18 +194,14 @@ class LLMService:
 - suggestion: 具体的修复建议（中文）
 - line: 问题所在的行号（从1开始计数，必须准确对应代码中的行号）
 - column: 问题所在的列号（从1开始计数，指向问题代码的起始位置）
-- code_snippet: 包含问题的代码片段（建议包含问题行及其前后1-2行作为上下文，保持原始缩进格式）
+- code_snippet: 包含问题的代码片段（包含前后1行上下文，保持缩进）
-- ai_explanation: AI 的深入解释（中文）
+- ai_explanation: AI 的补充解释（中文，简短说明原因和危害）
-- xai.what: 这是什么问题（中文）
-- xai.why: 为什么会有这个问题（中文）
-- xai.how: 如何修复这个问题（中文）
 
 【重要】关于行号和代码片段：
-1. line 必须是问题代码的行号！！！代码左侧有"行号|"标注，例如"25| const x = 1"表示第25行，line字段必须填25
+1. line 必须是问题代码的行号！！！代码左侧有"行号|"标注
-2. column 是问题代码在该行中的起始列位置（从1开始，不包括"行号|"前缀部分）
+2. column 是问题代码在该行中的起始列位置
-3. code_snippet 应该包含问题代码及其上下文（前后各1-2行），去掉"行号|"前缀，保持原始代码的缩进
+3. code_snippet 应该包含问题代码及其上下文，去掉"行号|"前缀
-4. 如果代码片段包含多行，必须使用 \\n 表示换行符（这是JSON的要求）
+4. 如果代码片段包含多行，必须使用 \\n 表示换行符
-5. 如果无法确定准确的行号，不要填写line和column字段（不要填0）
 
 【严格禁止】：
 - 禁止在任何字段中使用英文，所有内容必须是简体中文
@@ -232,18 +222,18 @@ You are a professional code auditing assistant. Your task is to analyze code and
 
 【Content requirements】:
 1. All text content MUST be in English ONLY
-2. Special characters in JSON strings must be properly escaped (\\n for newlines, \\" for quotes, \\\\ for backslashes)
+2. Special characters in JSON strings must be properly escaped (\\n for newlines, \\" for quotes)
 3. code_snippet field MUST use \\n for newlines
+4. Keep analysis concise and focused on key issues
 
-Please comprehensively and thoroughly analyze the code, finding ALL issues from the following dimensions:
+Please comprehensively analyze the code, finding issues from the following dimensions:
-- Security vulnerabilities (SQL injection, XSS, command injection, path traversal, SSRF, XXE, deserialization, hardcoded secrets, etc.)
+- Security vulnerabilities (SQL injection, XSS, command injection, hardcoded secrets, etc.)
 - Potential bugs and logical errors
-- Performance issues and optimization suggestions
+- Performance issues
-- Coding standards and code style
+- Coding standards and style
-- Maintainability and readability
+- Maintainability
-- Best practices and design patterns
 
-【IMPORTANT】Find as many issues as possible! Do NOT miss any security vulnerabilities or potential risks!
+【IMPORTANT】Find as many issues as possible, but avoid false positives!
 
 The output format MUST strictly conform to the following JSON Schema:
 
@@ -253,27 +243,23 @@ Note:
 - title: Brief title of the issue (in English)
 - description: Detailed description of the issue (in English)
 - suggestion: Specific fix suggestions (in English)
-- line: Line number where the issue occurs (1-indexed, must accurately correspond to the line in the code)
+- line: Line number where the issue occurs (1-indexed)
-- column: Column number where the issue starts (1-indexed, pointing to the start position of the problematic code)
+- column: Column number where the issue starts
-- code_snippet: Code snippet containing the issue (should include the problem line plus 1-2 lines before and after for context, preserve original indentation)
+- code_snippet: Code snippet containing the issue (1 line context, preserve indentation)
-- ai_explanation: AI's in-depth explanation (in English)
+- ai_explanation: AI's supplementary explanation (Briefly explain cause and impact)
-- xai.what: What is this issue (in English)
-- xai.why: Why does this issue exist (in English)
-- xai.how: How to fix this issue (in English)
 
 【IMPORTANT】About line numbers and code snippets:
-1. 'line' MUST be the line number from code!!! Code has "lineNumber|" prefix, e.g. "25| const x = 1" means line 25, you MUST set line to 25
+1. 'line' MUST be the line number from code!!! Code has "lineNumber|" prefix
-2. 'column' is the starting column position in that line (1-indexed, excluding the "lineNumber|" prefix)
+2. 'column' is the starting column position
-3. 'code_snippet' should include the problematic code with context (1-2 lines before/after), remove "lineNumber|" prefix, preserve indentation
+3. 'code_snippet' should include the problematic code with context, remove "lineNumber|" prefix
-4. If code snippet has multiple lines, use \\n for newlines (JSON requirement)
+4. Use \\n for newlines in code snippets
-5. If you cannot determine the exact line number, do NOT fill line and column fields (don't use 0)
 
 【STRICTLY PROHIBITED】:
 - NO Chinese characters in any field - English ONLY
-- NO real newline characters in JSON string values - must use \\n
+- NO real newline characters in JSON string values
-- NO markdown code block markers (like ```json)
+- NO markdown code block markers
 
-⚠️ CRITICAL: Read line numbers from the "lineNumber|" prefix on the left of each code line. Do NOT guess or use 0!"""
+⚠️ CRITICAL: Read line numbers from the "lineNumber|" prefix. Do NOT guess or use 0!"""
 
     async def analyze_code(self, code: str, language: str) -> Dict[str, Any]:
         """