Skip to content

feat: add comprehensive security analysis prompt for scan function#1115

Merged
homanp merged 9 commits into
mainfrom
feat/scan-prompt
Feb 3, 2026
Merged

feat: add comprehensive security analysis prompt for scan function#1115
homanp merged 9 commits into
mainfrom
feat/scan-prompt

Conversation

@homanp
Copy link
Copy Markdown
Collaborator

@homanp homanp commented Feb 3, 2026

Description

Add detailed SCAN_SYSTEM_PROMPT with guidelines for SAST, LLM safety, prompt injection detection, and privacy violation analysis. Update client to pipe prompt to opencode via stdin for proper execution.

Fixes #1114

Type of Change

  • Bug fix
  • New feature

Checklist

  • Code follows project style guidelines
  • Tests pass locally
  • Documentation updated (if needed)

@homanp @cursoragent
feat: add comprehensive security analysis prompt for scan function
fc405c8 
Add detailed SCAN_SYSTEM_PROMPT with guidelines for SAST, LLM safety,
prompt injection detection, and privacy violation analysis. Update
client to pipe prompt to opencode via stdin for proper execution.

Co-authored-by: Cursor <cursoragent@cursor.com>
@homanp homanp self-assigned this Feb 3, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented Feb 3, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs Ready Ready Preview, Comment Feb 3, 2026 8:36am

Request Review

homanp and others added 3 commits February 3, 2026 09:01
@homanp @cursoragent
Merge origin/main into feat/scan-prompt
f169072 
Co-authored-by: Cursor <cursoragent@cursor.com>
@homanp @cursoragent
fix: update dependencies to resolve security vulnerabilities
7e77462 
- Bump @daytonaio/sdk to 0.138.0 (fixes tar vulnerability)
- Bump vitest to 4.0.18 (fixes esbuild vulnerability)
- Add fast-xml-parser override to 5.3.4 (fixes DoS vulnerability)
- Update scan test syntax for vitest 4.x API

Resolves all npm audit vulnerabilities (was 28 high/moderate, now 0)

Co-authored-by: Cursor <cursoragent@cursor.com>
@homanp @cursoragent
chore: bump Python SDK to 0.1.5
7a9711d 
Co-authored-by: Cursor <cursoragent@cursor.com>
@homanp @cursoragent
chore: bump CLI to 0.1.5 and MCP to 0.1.4
d22c501 
- Update safety-agent dependency to ^0.1.5
- Update vitest to latest (fixes moderate vulnerabilities in CLI)

Co-authored-by: Cursor <cursoragent@cursor.com>
homanp and others added 2 commits February 3, 2026 09:06
@homanp @cursoragent
chore: update package-lock.json files
8de87e3 
Co-authored-by: Cursor <cursoragent@cursor.com>
@homanp @cursoragent
docs: add fallback configuration options to SDK documentation
b397c4d 
Co-authored-by: Cursor <cursoragent@cursor.com>
@homanp @cursoragent
fix: resolve Content-Length mismatch in fallback requests
a58425c 
- Create fresh headers for fallback to avoid cached Content-Length
- Update tests to allow 0 token usage when fallback endpoint is used

Co-authored-by: Cursor <cursoragent@cursor.com>
@homanp @cursoragent
chore: bump versions for SDK 0.1.6 release
38681fb 
- TypeScript SDK: 0.1.6 (fixes Content-Length mismatch in fallback)
- CLI: 0.1.6 with safety-agent ^0.1.6
- MCP: 0.1.5 with safety-agent ^0.1.6

Co-authored-by: Cursor <cursoragent@cursor.com>
@homanp homanp merged commit 7567d4a into main Feb 3, 2026
3 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@homanp homanp

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug]: bump packages in SDK, MCP and CLI

1 participant

@homanp