monadical/greywall-landing-page
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: readme as context

Browse Source
This commit is contained in:
Nik L
2026-03-18 15:27:30 -04:00
parent 62af4ed8b9
commit 616b3139e0
3 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/api/analyze/prompt.txt
View File

@@ -57,6 +57,11 @@ Sensitive files found: {{sensitiveFiles}}
Config files found: {{configFiles}} Config files found: {{configFiles}}
Agent instruction files found: {{agentInstructionFiles}} Agent instruction files found: {{agentInstructionFiles}}
README (for understanding what the project does):
{{readme}}
Use the README to understand the project's purpose, architecture, and what services it connects to. This should inform which findings are plausible. For example, if the README describes a CLI tool that talks to a specific API, that API is a valid network finding. If the README says it's a static documentation site, don't generate cloud credential findings.
Respond with ONLY valid JSON (no markdown, no code fences, no explanation): Respond with ONLY valid JSON (no markdown, no code fences, no explanation):
{ {
"riskScore": <number 0-100>, "riskScore": <number 0-100>,

3
app/api/analyze/route.ts
View File

@@ -10,7 +10,7 @@ const CACHE_TTL = 1000 * 60 * 60 * 24 // 24 hours
export async function POST(req: NextRequest) { export async function POST(req: NextRequest) {
try { try {
const { owner, repo, files, stack, dependencies, sensitiveFiles, configFiles, agentInstructionFiles } = await req.json() const { owner, repo, files, stack, dependencies, sensitiveFiles, configFiles, agentInstructionFiles, readme } = await req.json()
const baseUrl = process.env.SHARED_LLM_BASE_URL const baseUrl = process.env.SHARED_LLM_BASE_URL
const apiKey = process.env.SHARED_LLM_API_KEY const apiKey = process.env.SHARED_LLM_API_KEY
@@ -34,6 +34,7 @@ export async function POST(req: NextRequest) {
.replace('{{sensitiveFiles}}', sensitiveFiles.join(', ') || 'None') .replace('{{sensitiveFiles}}', sensitiveFiles.join(', ') || 'None')
.replace('{{configFiles}}', configFiles.join(', ') || 'None') .replace('{{configFiles}}', configFiles.join(', ') || 'None')
.replace('{{agentInstructionFiles}}', (agentInstructionFiles || []).join(', ') || 'None') .replace('{{agentInstructionFiles}}', (agentInstructionFiles || []).join(', ') || 'None')
.replace('{{readme}}', (readme || '').slice(0, 8000) || 'No README found')
let endpoint = baseUrl.replace(/\/+$/, '') let endpoint = baseUrl.replace(/\/+$/, '')
endpoint = endpoint.replace(/\/v1$/, '') endpoint = endpoint.replace(/\/v1$/, '')

10
app/greyscan/page.tsx
View File

@@ -296,12 +296,20 @@ export default function GamePage() {
} }
await delay(300) await delay(300)
// Fetch README for context
addLine('Reading README...', 'info')
const readmeRaw = await fetchFile(owner, repo, 'README.md') || await fetchFile(owner, repo, 'readme.md') || ''
const readme = readmeRaw.slice(0, 8000)
if (readme) addLine('README loaded', 'success')
else addLine('No README found', 'info')
await delay(200)
// Generate report via LLM // Generate report via LLM
addLine('Generating agent threat report...', 'info') addLine('Generating agent threat report...', 'info')
const res = await fetch('/api/analyze', { const res = await fetch('/api/analyze', {
method: 'POST', method: 'POST',
headers: { 'Content-Type': 'application/json' }, headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ owner, repo, files, stack, dependencies: deps, sensitiveFiles: sensitive, configFiles: configs, agentInstructionFiles: agentFiles }), body: JSON.stringify({ owner, repo, files, stack, dependencies: deps, sensitiveFiles: sensitive, configFiles: configs, agentInstructionFiles: agentFiles, readme }),
}) })
if (!res.ok) { if (!res.ok) {