- Add database migrations for agent checkpoints and tree node tracking
- Implement core agent execution framework with executor, state management, and message handling
- Create knowledge base system with framework-specific modules (Django, FastAPI, Flask, Express, React, Supabase)
- Add vulnerability knowledge modules covering authentication, cryptography, injection, XSS, XXE, SSRF, path traversal, deserialization, and race conditions
- Introduce new agent tools: thinking tool, reporting tool, and agent-specific utilities
- Implement LLM memory compression and prompt caching for improved performance
- Add agent registry and persistence layer for checkpoint management
- Refactor agent implementations (analysis, recon, verification, orchestrator) with enhanced capabilities
- Remove legacy agent implementations (analysis_v2, react_agent)
- Update API endpoints for agent task creation and project management
- Add frontend components for agent task creation and enhanced audit UI
- Consolidate agent service architecture with improved separation of concerns
- This refactoring provides a scalable foundation for multi-agent collaboration with knowledge-driven decision making and state persistence
- Implement dual-mode streaming: prioritize in-memory EventManager for running tasks with thinking_token support
- Add fallback to database polling for completed tasks without thinking_token replay capability
- Introduce SSE event formatter utility for consistent event serialization across streaming modes
- Add 10ms micro-delay for thinking_token events to ensure proper TCP packet separation and frontend incremental rendering
- Refactor stream_agent_with_thinking endpoint to support both runtime and historical event streaming
- Update event filtering logic to handle both in-memory and database event sources
- Improve logging with debug markers for thinking_token tracking and stream mode selection
- Optimize polling intervals: 0.3s for running tasks, 2.0s for completed tasks
- Reduce idle timeout from 10 minutes to 1 minute for completed task streams
- Update frontend useAgentStream hook to handle unified event format from dual-mode streaming
- Enhance AgentAudit UI to properly display streamed events from both sources
- Introduce LLM-driven decision-making across various agents, allowing for dynamic adjustments based on real-time analysis.
- Implement new event types for LLM thinking, decisions, actions, and observations to enrich the event streaming experience.
- Update agent task responses to include additional metrics for better tracking of task progress and outcomes.
- Refactor UI components to highlight LLM-related events and improve user interaction during audits.
- Enhance API endpoints to support new event structures and improve overall error handling.
- Introduce streaming capabilities for agent events, allowing real-time updates during audits.
- Add new hooks for managing agent stream events in React components.
- Enhance the AgentAudit page to display LLM thinking processes and tool call details in real-time.
- Update API endpoints to support streaming event data and improve error handling.
- Refactor UI components for better organization and user experience during audits.
- Introduce new Agent audit functionality for autonomous code security analysis and vulnerability verification.
- Add API endpoints for managing Agent tasks and configurations.
- Implement UI components for Agent mode selection and embedding model configuration.
- Enhance the overall architecture with a focus on RAG (Retrieval-Augmented Generation) for improved code semantic search.
- Create a sandbox environment for secure execution of vulnerability tests.
- Update documentation to include details on the new Agent audit features and usage instructions.
- Add exclude_patterns parameter to get_project_files endpoint for custom file filtering
- Support JSON-formatted exclude patterns array in API requests
- Integrate custom exclude patterns into ZIP and repository file scanning workflows
- Update should_exclude and is_text_file functions to support user-defined patterns
- Pass exclude_patterns through scan configuration in both scan_zip and scan_stored_zip endpoints
- Add ScanRequest model field for exclude_patterns to support pattern specification
- Implement file filtering logic that respects both default and custom exclusion rules
- Add comprehensive unit and E2E tests for file selection and exclusion pattern functionality
- Enable users to customize which files are scanned by specifying glob patterns like ["node_modules/**", "*.log"]
- Add user configuration retrieval with LLM API key decryption in prompt testing endpoint
- Support output language parameter in prompt template testing
- Integrate rule sets and prompt templates into ZIP file scanning process
- Add rule_set_id and prompt_template_id parameters to ScanRequest model
- Implement analyze_code_with_rules method for custom rule-based code analysis
- Add prompt_template_id support to instant analysis endpoint
- Update scan configuration to include rule set and prompt template selection
- Enhance error handling and logging in prompt testing with traceback output
- Extend InstantAnalysisRequest with optional prompt template ID parameter
- Add test code samples utility for prompt template validation
- Add database migration (004) to create prompt_templates, audit_rule_sets, and audit_rules tables with proper indexes
- Create PromptTemplate and AuditRule models with relationships and validation
- Implement prompt template API endpoints for CRUD operations and testing
- Implement audit rules API endpoints for CRUD operations and rule set management
- Add prompt and rules schemas for request/response validation
- Create prompt template initialization service with default system templates
- Integrate LLM service with prompt template system for dynamic prompt selection
- Add frontend pages for PromptManager and AuditRules management
- Add API client utilities for prompts and rules endpoints
- Update API router to include new prompts and rules endpoints
- Update database initialization to seed default templates and rules
- Update sidebar navigation to include new management pages
- Update frontend routes to support new prompt and rules management pages
- Add FileSelectionDialog component for granular file selection in audit tasks
- Extract task form logic into useTaskForm and useZipFile custom hooks
- Create modular components: BasicConfig, AdvancedOptions, ExcludePatterns, ProjectSelector, ZipFileSection
- Add file listing endpoint GET /projects/{id}/files with branch support
- Add branch listing endpoint GET /projects/{id}/branches for repository projects
- Implement ScanRequest model with file_paths, exclude_patterns, and branch_name fields
- Update scan endpoint to accept selective file scanning and exclude patterns
- Add branch_name and exclude_patterns fields to AuditTask model
- Enhance scanner service with GitHub and GitLab file/branch retrieval functions
- Improve CreateTaskDialog with better UX for repository and ZIP file scanning
- Support per-scan configuration storage in audit tasks
- Refactor repository scan services to handle file selection and branch parameters
- Replace individual adapter implementations (OpenAI, Claude, Gemini, DeepSeek, Qwen, Zhipu, Moonshot, Ollama) with unified LiteLLM adapter
- Keep native adapters for providers with special API formats (Baidu, MiniMax, Doubao)
- Update LLM factory to route requests through LiteLLM for supported providers
- Add test-llm endpoint to validate LLM connections with configurable timeout and token limits
- Add get-llm-providers endpoint to retrieve supported providers and their configurations
- Update config.py to ignore extra environment variables (VITE_* frontend variables)
- Refactor Baidu adapter to use new complete() method signature and improve error handling
- Update pyproject.toml dependencies to include litellm package
- Update env.example with new configuration options
- Simplify adapter initialization and reduce code duplication across multiple provider implementations
Image
lintsinghua