### Frontend Setup and Startup Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/DEPLOYMENT.md Steps to set up the frontend environment, install dependencies, configure environment variables, and start the development server. ```bash # 1. Enter frontend directory cd frontend # 2. Install dependencies pnpm install # 3. Configure environment variables (optional) cp .env.example .env # 4. Start development server pnpm dev # 5. Access the application # Open http://localhost:5173 in your browser ``` -------------------------------- ### Backend Setup and Startup Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/DEPLOYMENT.md Steps to set up the backend environment, install dependencies, configure environment variables, and start the development server. ```bash # 1. Enter backend directory cd backend # 2. Install uv (if not installed) curl -LsSf https://astral.sh/uv/install.sh | sh # 3. Sync dependencies uv sync # 4. Configure environment variables cp env.example .env # Edit .env file to configure database and LLM parameters # 5. Initialize database uv run alembic upgrade head # 6. Start backend service (development mode, supports hot reload) uv run uvicorn app.main:app --reload --port 8000 ``` -------------------------------- ### Quick Start with Docker Compose Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/FAQ.md Clone the project, configure LLM API Key, and start the service using Docker Compose for a quick setup. ```bash # 1. 克隆项目 git clone https://github.com/lintsinghua/DeepAudit.git cd DeepAudit # 2. 配置 LLM API Key cp backend/env.example backend/.env # 编辑 backend/.env,填入你的 API Key # 3. 启动服务 docker-compose up -d # 4. 访问 http://localhost:5173 ``` -------------------------------- ### Start Frontend Service Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/README_EN.md Navigate to the frontend directory, configure environment variables, install dependencies using pnpm, and start the development server. ```bash cd frontend # Configure environment variables cp .env.example .env pnpm install pnpm dev ``` -------------------------------- ### Example Configuration for Individual Developer Source: https://github.com/lintsinghua/deepaudit/wiki/环境变量 Recommended environment variable setup for individual developers, including LLM, database, and output language settings. ```env # ========== LLM Configuration ========== VITE_LLM_PROVIDER=gemini VITE_GEMINI_API_KEY=Your_Gemini_KEY # ========== Database ========== VITE_USE_LOCAL_DB=true # ========== Output Language ========== VITE_OUTPUT_LANGUAGE=zh-CN # ========== Performance Tuning (Optional) ========== VITE_MAX_ANALYZE_FILES=40 VITE_LLM_CONCURRENCY=2 VITE_LLM_GAP_MS=500 ``` -------------------------------- ### Setup Ollama for Local LLM Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/FAQ.md Install Ollama, pull a model, ensure the Ollama service is running, and configure the backend to use Ollama. ```bash # 1. 安装 Ollama curl -fsSL https://ollama.com/install.sh | sh # macOS/Linux # Windows: 访问 https://ollama.com/download # 2. 拉取模型 ollama pull llama3 # 或 codellama、qwen2.5、deepseek-coder # 3. 确保 Ollama 服务运行 ollama serve # 4. 配置后端 # 在 backend/.env 中设置: LLM_PROVIDER=ollama LLM_MODEL=llama3 LLM_BASE_URL=http://localhost:11434/v1 ``` -------------------------------- ### Copy Frontend Environment Example Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/CONFIGURATION.md Use this command to copy the example frontend environment file to a new file for customization. This is the initial step for frontend configuration. ```bash cp frontend/.env.example frontend/.env ``` -------------------------------- ### Copy Backend Environment Example Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/CONFIGURATION.md Use this command to copy the example backend environment file to a new file for customization. This is the first step for backend configuration. ```bash cp backend/env.example backend/.env ``` -------------------------------- ### Install Ollama Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/LLM_PROVIDERS.md Instructions for installing Ollama on macOS/Linux and Windows for local LLM deployment. ```bash # macOS / Linux curl -fsSL https://ollama.com/install.sh | sh # Windows # 访问 https://ollama.com/download 下载安装包 ``` -------------------------------- ### Start PostgreSQL with Docker Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/DEPLOYMENT.md Use this command to start a PostgreSQL database container. It's recommended for setting up the database environment. ```bash docker run -d \ --name deepaudit-db \ -e POSTGRES_USER=postgres \ -e POSTGRES_PASSWORD=postgres \ -e POSTGRES_DB=deepaudit \ -p 5432:5432 \ postgres:15-alpine ``` -------------------------------- ### Start Backend Service Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/README_EN.md Navigate to the backend directory, configure environment variables, sync dependencies using uv, activate the virtual environment, and start the API service with uvicorn. ```bash cd backend # Configure environment variables cp env.example .env # Use uv to manage the environment (recommended) uv sync source .venv/bin/activate # Start the API service uvicorn app.main:app --reload ``` -------------------------------- ### Install Backend Dependencies Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/AGENT_DEPLOYMENT_CHECKLIST.md Install necessary Python packages for the backend, including ChromaDB, LiteLLM, and LangChain. Also installs optional external security tools like Semgrep, Bandit, and Safety. ```bash cd backend uv pip install chromadb litellm langchain langgraph pip install semgrep bandit safety brew install semgrep apt install semgrep ``` -------------------------------- ### 使用npm安装依赖 Source: https://github.com/lintsinghua/deepaudit/wiki/常见问题 如果`pnpm install`失败,可以尝试切换到`npm`进行依赖安装。 ```bash npm install ``` -------------------------------- ### Example Configuration for Multi-Platform Support Source: https://github.com/lintsinghua/deepaudit/wiki/环境变量 Configuration for supporting multiple LLM platforms, with a primary provider set and keys for other platforms pre-configured for easy switching. ```env # ========== Currently Using ========== VITE_LLM_PROVIDER=gemini # ========== Pre-configured for All Platforms ========== VITE_GEMINI_API_KEY=Your_Gemini_KEY VITE_OPENAI_API_KEY=Your_OpenAI_KEY VITE_CLAUDE_API_KEY=Your_Claude_KEY VITE_QWEN_API_KEY=Your_Qwen_KEY VITE_DEEPSEEK_API_KEY=Your_DeepSeek_KEY # Switch by modifying VITE_LLM_PROVIDER ``` -------------------------------- ### 配置pnpm使用国内镜像源 Source: https://github.com/lintsinghua/deepaudit/wiki/常见问题 通过临时命令或永久配置来使用国内的npm镜像源,以加速`pnpm install`。 ```bash # 临时使用 pnpm install --registry https://registry.npmmirror.com # 永久设置 pnpm config set registry https://registry.npmmirror.com ``` -------------------------------- ### Hardcoded API Key Example Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/audit_report_智能漏洞挖掘审计 - 完整示例_2025-12-15.html This snippet shows an example of a hardcoded API key within a configuration file. It is intended as a placeholder and should be replaced with actual credentials. Ensure such example files are not used in production and actual configuration files are properly secured. ```python # 示例配置文件 - 请复制为 config.py 并替换实际值 API_KEY = "your-api-key-here" # 请替换为实际密钥 SECRET_KEY = "change-this-secret" # 请替换为随机字符串 ``` -------------------------------- ### Deploy Agent Mode Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/AGENT_AUDIT.md Configure environment variables and start the full service to enable agent mode. Ensure AGENT_ENABLED is set to true in the .env file. ```bash # Configure environment variables cp backend/env.example backend/.env # Edit .env, set AGENT_ENABLED=true # Start the full service docker compose up -d ``` -------------------------------- ### Install WeasyPrint System Dependencies on Ubuntu/Debian Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/DEPLOYMENT.md APT commands to install system dependencies required by WeasyPrint for PDF export functionality on Ubuntu/Debian systems. ```bash # Ubuntu/Debian sudo apt-get install libpango-1.0-0 libpangoft2-1.0-0 libcairo2 libgdk-pixbuf-2.0-0 libglib2.0-0 ``` -------------------------------- ### Start Database Manually Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/README_EN.md Use Docker Compose to start the Redis, database, and Adminer services in detached mode. ```bash docker compose up -d redis db adminer ``` -------------------------------- ### Example Configuration for Team Collaboration (Supabase) Source: https://github.com/lintsinghua/deepaudit/wiki/环境变量 Environment variables for team collaboration using Supabase, including LLM provider, API keys, Supabase URL, and GitHub token. ```env # ========== LLM Configuration ========== VITE_LLM_PROVIDER=openai VITE_OPENAI_API_KEY=Team_OpenAI_KEY # ========== Database ========== VITE_SUPABASE_URL=https://team-project.supabase.co VITE_SUPABASE_ANON_KEY=Team_anon_key # ========== GitHub Integration ========== VITE_GITHUB_TOKEN=Team_GitHub_Token ``` -------------------------------- ### Install GTK Dependencies for PDF Export on Windows Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/FAQ.md Install GTK dependencies using MSYS2 by running 'pacman -S mingw-w64-x86_64-pango mingw-w64-x86_64-gtk3' and adding the MSYS2 bin directory to the system PATH. ```bash # 1. 下载并安装 MSYS2: https://www.msys2.org/ # 2. 打开 MSYS2 终端,执行: pacman -S mingw-w64-x86_64-pango mingw-w64-x86_64-gtk3 # 3. 将 MSYS2 的 bin 目录添加到系统 PATH: # C:\msys64\mingw64\bin ``` -------------------------------- ### Configure Kubernetes Resource Limits Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/AGENT_DEPLOYMENT_CHECKLIST.md Example Kubernetes resource configuration specifying memory and CPU requests and limits for deployment. ```yaml # Kubernetes 部署示例 resources: limits: memory: "2Gi" cpu: "2" requests: memory: "1Gi" cpu: "1" ``` -------------------------------- ### Example Configuration for Local Ollama Model Source: https://github.com/lintsinghua/deepaudit/wiki/环境变量 Environment variables for connecting to a local Ollama model, including the model name and base URL. Performance tuning for slower local models is also included. ```env # ========== LLM Configuration ========== VITE_LLM_PROVIDER=ollama VITE_LLM_MODEL=llama3 VITE_LLM_BASE_URL=http://localhost:11434/v1 # ========== Database ========== VITE_USE_LOCAL_DB=true # ========== Performance Tuning ========== VITE_LLM_TIMEOUT=300000 # Increase timeout for slow local models VITE_LLM_CONCURRENCY=1 # Local models can only be sequential ``` -------------------------------- ### Add New LLM Platform Adapter Source: https://github.com/lintsinghua/deepaudit/wiki/架构设计 Example of creating a new LLM adapter class for a specific platform and registering it with the factory. ```tsx // src/shared/services/llm/myplatform.ts export class MyPlatformAdapter implements LLMAdapter { async analyze(prompt: string): Promise { // 实现调用逻辑 } } ``` ```tsx // src/shared/services/llm/index.ts case 'myplatform': return new MyPlatformAdapter(apiKey); ``` -------------------------------- ### Custom Analysis Focus in Instant Analysis Source: https://github.com/lintsinghua/deepaudit/wiki/使用教程 Example of providing custom instructions for the 'Instant Analysis' feature. This allows users to specify particular areas or types of issues for the AI to focus on. ```text 代码: [粘贴代码] 额外要求: 重点检查: 1. 所有异步函数的错误处理 2. 输入参数的类型校验 3. 是否有内存泄漏风险 ``` -------------------------------- ### Code Analysis Workflow Example Source: https://github.com/lintsinghua/deepaudit/wiki/架构设计 Illustrates the frontend and backend flow for initiating code analysis, including UI interaction, state management, and business logic calls. ```tsx // 1. 用户点击"开始分析" ``` ```tsx // 2. 页面组件处理 const handleAnalyze = async () => { setLoading(true); try { // 3. 调用业务逻辑 const result = await analyzeCode(code, language, provider); // 4. 更新状态 setResult(result); } catch (error) { showError(error); } finally { setLoading(false); } }; // 3-4. 业务逻辑(analyzeCode函数) async function analyzeCode(...) { // 调用LLM适配器 const llm = getLLMAdapter(provider); const response = await llm.analyze(prompt); // 保存到数据库 const db = getDatabase(); await db.saveAnalysis(response); return response; } ``` -------------------------------- ### Example Configuration for API Relay Source: https://github.com/lintsinghua/deepaudit/wiki/环境变量 Environment variables for using an API relay service, specifying the LLM provider, API key, and base URL. ```env # ========== LLM Configuration ========== VITE_LLM_PROVIDER=openai VITE_LLM_API_KEY=Relay_Provided_KEY VITE_LLM_BASE_URL=https://your-relay.com/v1 # ========== Database ========== VITE_USE_LOCAL_DB=true ``` -------------------------------- ### 清理pnpm缓存并重装依赖 Source: https://github.com/lintsinghua/deepaudit/wiki/常见问题 当`pnpm install`失败时,可以尝试清理`node_modules`和`pnpm-lock.yaml`文件后重新安装依赖。 ```bash rm -rf node_modules rm pnpm-lock.yaml pnpm install ``` -------------------------------- ### Resolve Database Connection Issues in Docker Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/FAQ.md Ensure the database container starts before the backend. Use 'docker-compose up -d db' and 'docker-compose exec db pg_isready -U postgres' to verify. ```bash # 确保数据库先启动 docker-compose up -d db docker-compose exec db pg_isready -U postgres docker-compose up -d backend ``` -------------------------------- ### 创建配置文件 Source: https://github.com/lintsinghua/deepaudit/wiki/环境变量 复制`.env.example`文件为`.env`以创建你的配置文件。此文件不应提交到git。 ```bash cp .env.example .env ``` -------------------------------- ### Ollama Local Model Installation Source: https://github.com/lintsinghua/deepaudit/wiki/配置LLM Install Ollama for running LLMs locally, prioritizing data privacy. This involves downloading the installer and then pulling specific models. ```bash # macOS/Linux curl -fsSL https://ollama.com/install.sh | sh # Windows:访问 https://ollama.com/download 下载安装 ``` ```bash # 推荐模型(按需选择) ollama pull llama3 # 综合能力强(推荐) ollama pull codellama # 代码专用 ollama pull qwen2.5 # 中文好 ollama pull deepseek-coder # 代码审计专用 ``` -------------------------------- ### Install GTK Dependencies for PDF Export on macOS Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/FAQ.md Install necessary dependencies for PDF export on macOS using Homebrew. Run 'brew install pango cairo gdk-pixbuf libffi' and restart the backend service. ```bash # 安装依赖 brew install pango cairo gdk-pixbuf libffi # 重启后端服务 ``` -------------------------------- ### Install WeasyPrint System Dependencies on macOS Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/DEPLOYMENT.md Homebrew commands to install system dependencies required by WeasyPrint for PDF export functionality on macOS. ```bash # macOS brew install pango cairo gdk-pixbuf libffi ``` -------------------------------- ### Build Sandbox Image with Domestic Mirror Source Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/DEPLOYMENT.md Steps to rebuild the sandbox image using domestic mirror sources to resolve network issues during build. ```bash # Check Docker service status docker info # Rebuild using domestic mirror source cd docker/sandbox # Edit Dockerfile to use domestic mirror source ./build.sh ``` -------------------------------- ### Database Migration Troubleshooting Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/FAQ.md Navigate to the backend directory, activate the virtual environment, and use alembic commands to check migration status, apply migrations, or downgrade. ```bash cd backend source .venv/bin/activate # 查看当前迁移状态 alembic current # 重新执行迁移 alembic upgrade head # 如果有问题,可以回滚 alembic downgrade -1 ``` -------------------------------- ### Check External Tool Installation Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/AGENT_AUDIT.md Verify that required external security tools like Semgrep, Bandit, and Gitleaks are installed and accessible in your PATH. This is primarily for local development. ```bash which semgrep bandit gitleaks ``` -------------------------------- ### Build Sandbox Image Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/AGENT_AUDIT.md Navigate to the docker/sandbox directory and execute the build script to create the necessary sandbox environment. ```bash cd docker/sandbox ./build.sh ``` -------------------------------- ### 更改Docker端口占用 Source: https://github.com/lintsinghua/deepaudit/wiki/常见问题 当Docker提示端口被占用时,可以尝试更换端口。修改`docker run`命令中的端口映射,并相应调整访问地址。 ```bash # 比如改用8080端口 docker run -d -p 8080:80 --name xcodereviewer ghcr.io/lintsinghua/xcodereviewer:latest # 访问时也要改端口 http://localhost:8080 ``` -------------------------------- ### User Prompt Example for Python Code Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/CONFIGURATION.md An example of a user prompt for analyzing Python code. It specifies the programming language and provides the code with line numbers for accurate reporting. ```python 编程语言: Python 代码已标注行号(格式:行号| 代码内容),请根据行号准确填写 line 字段。 请分析以下代码: 1| import sqlite3 2| 3| def get_user(user_id): 4| conn = sqlite3.connect('users.db') 5| cursor = conn.cursor() 6| query = f"SELECT * FROM users WHERE id = {user_id}" 7| cursor.execute(query) 8| return cursor.fetchone() ``` -------------------------------- ### 配置环境变量 Source: https://github.com/lintsinghua/deepaudit/wiki/本地开发 复制环境变量模板并编辑.env文件以配置必要的环境变量,如LLM提供商和API密钥。 ```bash # 复制环境变量模板 cp .env.example .env ``` ```env # ===== 最小配置(快速开发) ===== VITE_LLM_PROVIDER=gemini VITE_LLM_API_KEY=你的Gemini_API_KEY VITE_USE_LOCAL_DB=true ``` -------------------------------- ### 配置国内Docker镜像源 Source: https://github.com/lintsinghua/deepaudit/wiki/常见问题 当Docker拉取镜像速度缓慢时,可以通过配置国内镜像源来加速。编辑Docker配置文件并重启服务。 ```bash sudo vim /etc/docker/daemon.json { "registry-mirrors": [ "https://docker.mirrors.ustc.edu.cn", "https://hub-mirror.c.163.com" ] } sudo systemctl restart docker ``` -------------------------------- ### Complete System Prompt Example (Chinese) Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/CONFIGURATION.md An example of a full system prompt for DeepAudit, combining default templates with the OWASP Top 10 rule set. It specifies the AI's role, analysis dimensions, output format requirements, and audit rules. ```text 你是一个专业的代码审计助手。请从以下维度全面分析代码: - 安全漏洞(SQL注入、XSS、命令注入、路径遍历、SSRF、XXE、反序列化、硬编码密钥等) - 潜在的 Bug 和逻辑错误 - 性能问题和优化建议 - 编码规范和代码风格 - 可维护性和可读性 - 最佳实践和设计模式 请尽可能多地找出代码中的所有问题,不要遗漏任何安全漏洞或潜在风险! 【输出格式要求】 1. 必须只输出纯JSON对象 2. 禁止在JSON前后添加任何文字、说明、markdown标记 3. 所有文本字段(title, description, suggestion等)必须使用中文输出 4. 输出格式必须符合以下 JSON Schema: { "issues": [ { "type": "security|bug|performance|style|maintainability", "severity": "critical|high|medium|low", "title": "string", "description": "string", "suggestion": "string", "line": 1, "column": 1, "code_snippet": "string", "rule_code": "string (optional, if matched a specific rule)" } ], "quality_score": 0-100, "summary": { "total_issues": number, "critical_issues": number, "high_issues": number, "medium_issues": number, "low_issues": number } } 【审计规则】请特别关注以下规则: - [A01] 访问控制失效: 检测权限绕过、越权访问、IDOR等访问控制问题 检测要点: 检查是否存在访问控制失效问题:权限检查缺失、越权访问、IDOR(不安全的直接对象引用)、CORS配置错误 - [A02] 加密机制失效: 检测弱加密、明文传输、密钥管理不当等问题 检测要点: 检查是否存在加密问题:使用弱加密算法(MD5/SHA1/DES)、明文存储密码、硬编码密钥、不安全的随机数生成 - [A03] 注入攻击: 检测SQL注入、命令注入、LDAP注入等注入漏洞 检测要点: 检查是否存在注入漏洞:SQL注入、命令注入、LDAP注入、XPath注入、NoSQL注入、表达式语言注入 ... (其他规则) ``` -------------------------------- ### Google Gemini Configuration Source: https://github.com/lintsinghua/deepaudit/wiki/配置LLM Configure Google Gemini as the LLM provider. Recommended for beginners due to its large free quota and good Chinese support. Use `gemini-1.5-flash` for speed and a larger free quota, or `gemini-1.5-pro` for higher quality at a greater quota cost. ```env VITE_LLM_PROVIDER=gemini VITE_GEMINI_API_KEY=你的KEY VITE_GEMINI_MODEL=gemini-1.5-flash # 或 gemini-1.5-pro(更强但慢) ``` -------------------------------- ### Get Findings Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/AGENT_AUDIT.md Retrieves the security findings for a given audit task. You can filter to see only verified findings. ```APIDOC ## GET /api/v1/agent-tasks/{task_id}/findings ### Description Retrieves security findings for a specific agent task. ### Method GET ### Endpoint /api/v1/agent-tasks/{task_id}/findings ### Parameters #### Path Parameters - **task_id** (string) - Required - The ID of the agent task. #### Query Parameters - **verified_only** (boolean) - Optional - If true, only return verified findings. ``` -------------------------------- ### 启动Docker容器并查看日志 Source: https://github.com/lintsinghua/deepaudit/wiki/常见问题 使用Docker命令启动容器并查看日志以排查启动问题。如果镜像损坏,可以重新拉取最新镜像。 ```bash # 查看日志 docker logs xcodereviewer # 常见问题: # 1. 端口被占用 → 换端口 # 2. 权限不足 → 加 sudo # 3. 镜像损坏 → 重新拉取 docker pull ghcr.io/lintsinghua/xcodereviewer:latest ``` -------------------------------- ### Docker端口冲突解决方案 Source: https://github.com/lintsinghua/deepaudit/wiki/快速开始 当Docker容器的默认端口8888被占用时,可以通过修改`docker run`命令中的端口映射来解决。 ```bash # 换个端口(比如8080) docker run -d -p 8080:80 --name xcodereviewer ghcr.io/lintsinghua/xcodereviewer:latest ``` -------------------------------- ### Add New Feature Module Source: https://github.com/lintsinghua/deepaudit/wiki/架构设计 Demonstrates the directory structure and routing setup for adding a new feature module to the application. ```plaintext src/features/myfeature/ ├── services/ │ └── myService.ts └── index.ts ``` ```tsx src/pages/MyFeaturePage.tsx ``` ```tsx // src/app/routes.tsx { path: '/my-feature', element: } ``` -------------------------------- ### Docker容器管理命令 Source: https://github.com/lintsinghua/deepaudit/wiki/常见问题 提供了一系列用于管理Docker容器和镜像的常用命令,包括停止、启动、重启、删除容器以及删除镜像。 ```bash # 停止容器 docker stop xcodereviewer # 启动容器 docker start xcodereviewer # 重启容器 docker restart xcodereviewer # 删除容器 docker rm -f xcodereviewer # 删除镜像 docker rmi ghcr.io/lintsinghua/xcodereviewer:latest ``` -------------------------------- ### Check External Tool Versions Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/AGENT_DEPLOYMENT_CHECKLIST.md Verify the installation and availability of external security tools like Semgrep and Bandit by checking their versions. ```bash # 测试 Semgrep semgrep --version # 测试 Bandit bandit --version ``` -------------------------------- ### Configure Vector Database Path Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/AGENT_DEPLOYMENT_CHECKLIST.md Create a directory for the vector database and configure the `VECTOR_DB_PATH` environment variable in the .env file. ```bash # 创建向量数据库目录 mkdir -p /var/data/deepaudit/vector_db # 在 .env 中配置 VECTOR_DB_PATH=/var/data/deepaudit/vector_db ``` -------------------------------- ### Clone and Deploy DeepAudit Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/README_EN.md Alternative deployment method involving cloning the DeepAudit repository, configuring environment variables, and then starting the services. ```bash # 1. Clone the project git clone https://github.com/lintsinghua/DeepAudit.git && cd DeepAudit # 2. Configure environment variables cp backend/env.example backend/.env # Edit backend/.env and fill in your LLM API key # 3. Start everything docker compose up -d ``` -------------------------------- ### 解决模块找不到问题 Source: https://github.com/lintsinghua/deepaudit/wiki/本地开发 当遇到'Cannot find module'错误时,提供检查路径和重新安装依赖的解决方案。 ```bash # 1. 检查路径是否正确 # 2. 重新安装依赖 rm -rf node_modules pnpm install ``` -------------------------------- ### Get Agent Task Summary API Request Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/AGENT_AUDIT.md Retrieve a summary of a specific agent task, providing an overview of its status and results. ```http GET /api/v1/agent-tasks/{task_id}/summary ``` -------------------------------- ### 从本地数据库切换到云端数据库 Source: https://github.com/lintsinghua/deepaudit/wiki/数据库配置 切换到云端数据库需要先备份本地数据,然后配置Supabase环境变量,重启应用,最后将本地数据导入到云端数据库。 ```env # VITE_USE_LOCAL_DB=true ← 注释掉 VITE_SUPABASE_URL=... VITE_SUPABASE_ANON_KEY=... ``` -------------------------------- ### Full Backend Configuration Reference Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/CONFIGURATION.md This is a comprehensive reference for all backend environment variables. It covers database, security, LLM, Git, scanning, storage, and output settings. Remember to change SECRET_KEY in production. ```env # ============================================= # DeepAudit Backend 配置文件 # ============================================= # ========== 数据库配置 ========== POSTGRES_SERVER=localhost # 数据库服务器地址 POSTGRES_USER=postgres # 数据库用户名 POSTGRES_PASSWORD=postgres # 数据库密码 POSTGRES_DB=deepaudit # 数据库名称 # DATABASE_URL= # 完整数据库连接字符串(可选,会覆盖上述配置) # ========== 安全配置 ========== SECRET_KEY=your-super-secret-key # JWT 签名密钥(生产环境必须修改!) ALGORITHM=HS256 # JWT 加密算法 ACCESS_TOKEN_EXPIRE_MINUTES=11520 # Token 过期时间(分钟),默认 8 天 # ========== LLM 通用配置 ========== LLM_PROVIDER=openai # LLM 提供商(见下方支持列表) LLM_API_KEY=sk-your-api-key # API 密钥 LLM_MODEL= # 模型名称(留空使用默认模型) LLM_BASE_URL= # 自定义 API 端点(API 中转站) LLM_TIMEOUT=150 # 请求超时时间(秒) LLM_TEMPERATURE=0.1 # 生成温度(0-1,越低越确定) LLM_MAX_TOKENS=4096 # 最大生成 Token 数 # ========== 各平台独立配置(可选) ========== # 如果需要同时配置多个平台,可以单独设置 # OPENAI_API_KEY=sk-xxx # OPENAI_BASE_URL=https://api.openai.com/v1 # GEMINI_API_KEY=xxx # CLAUDE_API_KEY=xxx # QWEN_API_KEY=xxx # DEEPSEEK_API_KEY=xxx # ZHIPU_API_KEY=xxx # MOONSHOT_API_KEY=xxx # BAIDU_API_KEY=api_key:secret_key # 百度格式特殊 # MINIMAX_API_KEY=xxx # DOUBAO_API_KEY=xxx # OLLAMA_BASE_URL=http://localhost:11434/v1 # ========== Git 仓库配置 ========== GITHUB_TOKEN= # GitHub Personal Access Token GITLAB_TOKEN= # GitLab Personal Access Token # ========== 扫描配置 ========== MAX_ANALYZE_FILES=0 # 单次扫描最大文件数,0表示无限制 MAX_FILE_SIZE_BYTES=204800 # 单文件最大大小(字节),默认 200KB LLM_CONCURRENCY=3 # LLM 并发请求数 LLM_GAP_MS=2000 # 请求间隔(毫秒),避免限流 # ========== 存储配置 ========== ZIP_STORAGE_PATH=./uploads/zip_files # ZIP 文件存储目录 # ========== 输出配置 ========== OUTPUT_LANGUAGE=zh-CN # 输出语言:zh-CN(中文)| en-US(英文) ``` -------------------------------- ### Limit File Size for Analysis Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/FAQ.md Constrain the maximum size of files to be analyzed to manage memory usage. This example limits files to 100KB. ```env MAX_FILE_SIZE_BYTES=102400 #(100KB) ``` -------------------------------- ### 查找占用端口的进程 Source: https://github.com/lintsinghua/deepaudit/wiki/常见问题 用于查找哪个进程占用了特定端口。适用于macOS/Linux和Windows系统。 ```bash # macOS/Linux lsof -i :8888 # Windows netstat -ano | findstr :8888 ``` -------------------------------- ### 解决端口占用问题 Source: https://github.com/lintsinghua/deepaudit/wiki/本地开发 当端口被占用时,提供macOS/Linux和Windows下的命令行解决方案来查找并终止占用进程,或指定新端口运行。 ```bash # 方案1:杀掉占用端口的进程 lsof -ti:5173 | xargs kill -9 # macOS/Linux netstat -ano | findstr :5173 # Windows查看PID后手动结束 # 方案2:使用其他端口 pnpm dev --port 5174 ``` -------------------------------- ### OpenAI GPT Configuration Source: https://github.com/lintsinghua/deepaudit/wiki/配置LLM Configure OpenAI GPT as the LLM provider. Offers the strongest performance but requires payment. `gpt-4o-mini` is recommended for its balance of cost and speed. ```env VITE_LLM_PROVIDER=openai VITE_OPENAI_API_KEY=sk-...你的KEY VITE_OPENAI_MODEL=gpt-4o-mini # 性价比最高 ``` -------------------------------- ### Get Agent Task Findings API Request Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/AGENT_AUDIT.md Fetch verified findings for a given agent task. Use the `verified_only` query parameter to filter results. ```http GET /api/v1/agent-tasks/{task_id}/findings?verified_only=true ``` -------------------------------- ### 克隆 Fork 并添加上游仓库 Source: https://github.com/lintsinghua/deepaudit/wiki/贡献指南 克隆你 Fork 的仓库,并添加官方仓库作为上游,方便后续同步代码。 ```bash # 克隆你Fork的仓库 git clone https://github.com/你的用户名/XCodeReviewer.git # 进入目录 cd XCodeReviewer # 添加上游仓库 git remote add upstream https://github.com/lintsinghua/XCodeReviewer.git # 验证 git remote -v # 应该看到 origin (你的Fork) 和 upstream (官方仓库) ``` -------------------------------- ### Get Agent Task Events API Request Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/AGENT_AUDIT.md Retrieve real-time events for a specific agent task using its task ID. This endpoint streams events as they occur. ```http GET /api/v1/agent-tasks/{task_id}/events Accept: text/event-stream ``` -------------------------------- ### Linux Docker权限问题解决方案 Source: https://github.com/lintsinghua/deepaudit/wiki/快速开始 在Linux环境下,如果Docker命令执行失败,可能需要使用`sudo`来获取管理员权限。 ```bash sudo docker pull ... sudo docker run ... ``` -------------------------------- ### System Prompts for Agent Guidance Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/AGENT_AUDIT_ARCHITECTURE.md Defines core security principles, vulnerability priorities, and multi-agent collaboration rules. Used to guide the agent's behavior and decision-making. ```python # 核心安全原则 CORE_SECURITY_PRINCIPLES = """ - 深度分析优于广度覆盖 - 重视数据流追踪 - 上下文感知分析 - 假阳性需验证确认 """ # 漏洞优先级 VULNERABILITY_PRIORITIES = { "critical": ["sql_injection", "command_injection", "code_injection"], "high": ["path_traversal", "ssrf", "auth_bypass"], "medium": ["xss", "information_disclosure", "xxe"], "low": ["csrf", "weak_crypto", "unsafe_transport"] } # 多Agent协作规则 MULTI_AGENT_RULES = """ - 避免重复工作 - 共享上下文信息 - 聚焦自身职责 - 及时交接发现 """ ``` -------------------------------- ### Batch Analysis Exclusion Patterns Source: https://github.com/lintsinghua/deepaudit/wiki/使用教程 Example of defining exclusion patterns for batch analysis of large projects. This allows for modular analysis by specifying directories or files to exclude in each task. ```text 第1次任务: 排除模式: src/components/** src/pages/** 第2次任务: 排除模式: src/utils/** src/api/** ``` -------------------------------- ### 调整API请求频率以避免限流 Source: https://github.com/lintsinghua/deepaudit/wiki/常见问题 通过降低并发数和增加请求间隔来避免API速率限制,解决网络错误。 ```env # 降低请求频率 VITE_LLM_CONCURRENCY=1 VITE_LLM_GAP_MS=2000 ``` -------------------------------- ### Troubleshoot Docker Port Conflicts Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/FAQ.md Check for and resolve port conflicts when Docker containers fail to start. Use lsof to find and stop occupying processes or modify ports in docker-compose.yml. ```bash # 检查端口占用 lsof -i :5173 lsof -i :8000 lsof -i :5432 # 停止占用进程或修改 docker-compose.yml 中的端口 ``` -------------------------------- ### 更新后端和前端依赖 Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/SECURITY.md 定期更新项目依赖是维护安全性的重要环节。此命令用于更新后端 Python 依赖和前端 pnpm 依赖。 ```bash # 后端 cd backend && pip install --upgrade -r requirements.txt # 前端 cd frontend && pnpm update ``` -------------------------------- ### CI/CD Workflow for Automated Auditing Source: https://github.com/lintsinghua/deepaudit/wiki/使用教程 A GitHub Actions workflow configuration for scheduling weekly automated code audits. This example sets up a job to run XCodeReviewer every Sunday at midnight. ```yaml # .github/workflows/audit.yml name: 代码审计 on: schedule: - cron: '0 0 * * 0' # 每周日凌晨 jobs: audit: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: 运行XCodeReviewer # ... 调用XCodeReviewer API ``` -------------------------------- ### Verify Deployment Status Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/AGENT_DEPLOYMENT_CHECKLIST.md A Python script to check the deployment status by verifying database connection, LLM API key configuration, vector database path existence, and installation of optional external tools. ```python print('检查部署状态...') # 1. 检查数据库连接 try: from app.db.session import async_session_factory print('✅ 数据库配置正确') except Exception as e: print(f'❌ 数据库错误: {e}') # 2. 检查 LLM 配置 from app.core.config import settings if settings.LLM_API_KEY: print('✅ LLM API Key 已配置') else: print('⚠️ LLM API Key 未配置') # 3. 检查向量数据库 import os if os.path.exists(settings.VECTOR_DB_PATH or '/tmp'): print('✅ 向量数据库路径存在') else: print('⚠️ 向量数据库路径不存在') # 4. 检查外部工具 import shutil tools = ['semgrep', 'bandit'] for tool in tools: if shutil.which(tool): print(f'✅ {tool} 已安装') else: print(f'⚠️ {tool} 未安装(可选)') print() print('部署检查完成!') ``` -------------------------------- ### 降低并发和增加请求间隔 Source: https://github.com/lintsinghua/deepaudit/wiki/常见问题 通过设置环境变量`VITE_LLM_CONCURRENCY`和`VITE_LLM_GAP_MS`来降低并发请求数和增加请求间隔,以应对API速率限制或稳定性问题。 ```env VITE_LLM_CONCURRENCY=1 # 一次只请求一个 VITE_LLM_GAP_MS=1000 # 请求间隔1秒 ``` -------------------------------- ### VS Code Chrome调试配置 Source: https://github.com/lintsinghua/deepaudit/wiki/本地开发 配置`.vscode/launch.json`文件以在VS Code中启动Chrome调试会话。 ```json { "version": "0.2.0", "configurations": [ { "type": "chrome", "request": "launch", "name": "Debug in Chrome", "url": "http://localhost:5173", "webRoot": "${workspaceFolder}/src" } ] } ``` -------------------------------- ### Top Navigation Bar Example Source: https://github.com/lintsinghua/deepaudit/wiki/使用教程 Visual representation of the top navigation bar in the XCodeReviewer interface. It provides access to different sections like Home, Instant Analysis, Project Management, and System Management. ```text ┌─────────────────────────────────────────────────┐ │ 🏠 首页 | ⚡ 即时分析 | 📦 项目管理 | ⚙️ 系统管理 │ └─────────────────────────────────────────────────┘ ``` -------------------------------- ### Real-time Update Flow Source: https://github.com/lintsinghua/deepaudit/blob/v3.0.0/docs/AGENT_AUDIT_ARCHITECTURE.md Illustrates the data flow for real-time UI updates, starting from an SSE stream, processed by `useResilientStream`, dispatched to a reducer, and finally updating the UI. Specifically shows the handling of 'thinking_token' events. ```plaintext SSE Stream → useResilientStream → dispatch() → reducer → UI更新 ↓ thinking_token事件 ↓ onThinkingToken回调 ↓ dispatch({type: 'ADD_LOG', payload: {type: 'thinking', content: accumulated}}) ↓ UI渲染LogEntry(流式效果) ``` -------------------------------- ### 配置MiniMax专用参数 Source: https://github.com/lintsinghua/deepaudit/wiki/环境变量 设置MiniMax的API密钥和模型。 ```env VITE_MINIMAX_API_KEY=xxxxx VITE_MINIMAX_MODEL=abab6.5-chat ``` -------------------------------- ### Ollama Local Model Configuration Source: https://github.com/lintsinghua/deepaudit/wiki/配置LLM Configure XCodeReviewer to use a locally hosted Ollama model. This setup is ideal for maximum privacy and unlimited use, but requires adequate local hardware (16GB RAM + GPU recommended) and may be slower than cloud APIs. ```env VITE_LLM_PROVIDER=ollama VITE_LLM_MODEL=llama3 VITE_LLM_BASE_URL=http://localhost:11434/v1 ```