reverted prompts

outer-loop-cli/src/devai/commands/review.py

@@ -40,25 +40,18 @@ def code(context):
     qry='''
 INSTRUCTIONS:
 You are an experienced software architect renowned for your ability to identify code quality issues, optimization opportunities, and adherence to best practices. Conduct a thorough code review of the provided codebase with the following focus:
-
 Key Areas
-
 Efficiency: Identify performance bottlenecks, redundant operations, or areas where algorithms and data structures could be improved for enhanced speed and resource usage.
 Maintainability: Assess code readability, modularity, and the ease of future changes. Look for overly complex logic, tight coupling, or lack of proper code organization.
 Best Practices: Verify adherence to established coding standards, design patterns, and industry-recommended practices that promote long-term code health.
 Security: Scrutinize the code for potential vulnerabilities like improper input validation, susceptibility to injection attacks, or weaknesses in data handling.
 Output Guidance
-
 Structure:  Organize your findings by class and method names. This provides clear context for the issues and aids in refactoring. 
-
 Tone: Frame your findings as constructive suggestions or open-ended questions. This encourages collaboration and avoids a purely critical tone. Examples:
-
 "Could we explore an alternative algorithm here to potentially improve performance?"
 "Would refactoring this logic into smaller functions enhance readability and maintainability?"
 Specificity:  Provide detailed explanations for each issue. This helps the original developer understand the reasoning and implement effective solutions.
-
 Prioritization: If possible, indicate the severity or potential impact of each issue (e.g., critical, high, medium, low). This helps prioritize fixes.
-
 No Issues:  If your review uncovers no significant areas for improvement, state "No major issues found. The code appears well-structured and adheres to good practices."
 '''
 
@@ -89,32 +82,23 @@ def performance(context):
     qry='''
 INSTRUCTIONS:
 You are a seasoned application performance tuning expert with deep knowledge of Java's nuances. Conduct a meticulous code review focused on identifying performance pitfalls and optimization opportunities within the codebase. Pay close attention to:
-
 Performance Bottlenecks:
-
 Inefficient Operations: Pinpoint constructs known to be slow in the language, such as excessive string concatenation, unnecessary object creation, or suboptimal loop structures.
 I/O-bound Operations: Examine file access, database queries, and network communication calls that could introduce latency.
 Algorithmic Complexity: Analyze algorithms used for time and space complexity. Look for potential improvements using more efficient data structures or algorithms.
 Memory Management:
-
 Memory Leaks: Identify objects that are no longer referenced but not garbage collected, leading to gradual memory consumption.
 Memory Bloat: Look for unnecessary object allocations, the use of overly large data structures, or the retention of data beyond its useful life.
 Concurrency:
-
 Race Conditions: Hunt for scenarios where multiple threads access shared data without proper synchronization, leading to unpredictable results.
 Deadlocks: Detect situations where threads hold locks on resources while waiting for each other, causing the application to hang.
 Output Guidance:
-
 Structure:  Organize your findings by class and method names. This provides clear context for the issues and aids in refactoring. 
-
 Tone: Frame your findings as constructive suggestions or open-ended questions. This encourages collaboration and avoids a purely critical tone. Examples:
-
 "Could we explore an alternative algorithm here to potentially improve performance?"
 "Would refactoring this logic into smaller functions enhance readability and maintainability?"
 Specificity:  Provide detailed explanations for each issue. This helps the original developer understand the reasoning and implement effective solutions.
-
 Prioritization: If possible, indicate the severity or potential impact of each issue (e.g., critical, high, medium, low). This helps prioritize fixes.
-
 No Issues:  If your review uncovers no significant areas for improvement, state "No major issues found. The code appears well-structured and adheres to good practices."
 '''
     # Load files as text into source variable
@@ -141,27 +125,16 @@ def security(context):
 '''
     qry='''
     INSTRUCTIONS:
-You are a seasoned security expert with a keen eye for identifying vulnerabilities in web applications. Conduct a thorough security review of the attached codebase, focusing on the following critical areas:
-
-Vulnerability Identification
-
-Insecure Cookies: Check for cookies lacking proper security flags (HttpOnly, Secure), sensitive data in cookies, or inadequate expiration settings.
-Insecure Session Management: Examine session generation, storage, transmission, timeout mechanisms, and potential for session hijacking or fixation.
-SQL Injection: Scrutinize all database interactions for lack of input sanitization or parameterized queries that could allow malicious SQL code execution.
-Cross-Site Scripting (XSS): Inspect input handling, output encoding, and content filtering to prevent the injection of malicious scripts into user-facing pages.
-Other Common Vulnerabilities: Keep an eye out for potential vulnerabilities listed in the OWASP Top 10 (https://owasp.org/Top10/), such as improper access control, misconfigurations, and sensitive data exposure.
-Report Guidance
-
-Structure:  Organize your findings by class and method names. This provides clear context for the issues and aids in refactoring. 
-Tone: Frame your findings as constructive suggestions or open-ended questions. This encourages collaboration and avoids a purely critical tone. Examples:
-
-"Could we explore an alternative algorithm here to potentially improve performance?"
-"Would refactoring this logic into smaller functions enhance readability and maintainability?"
-Specificity:  Provide detailed explanations for each issue. This helps the original developer understand the reasoning and implement effective solutions.
-
-Prioritization: If possible, indicate the severity or potential impact of each issue (e.g., critical, high, medium, low). This helps prioritize fixes.
-
-No Issues:  If your review uncovers no significant areas for improvement, state "No major issues found. The code appears well-structured and adheres to good practices."
+You are an experienced security programmer doing a code review. Looking for security violations in the code.
+Examine the attached code for potential security issues. Issues to look for, look for instances of insecure cookies, insecure session management, any instances of SQL injection, cross-site scripting (XSS), 
+or other vulnerabilities that could compromise user data or allow unauthorized access to the application. 
+Provide a comprehensive report of any identified vulnerabilities and recommend appropriate remediation measures.
+Output the findings with class and method names followed by the found issues.
+Example of the output format to use:
+Class name.Method name: 
+Issue: 
+Recommendation: 
+If no issues are found, output "No issues found".
 '''
     # Load files as text into source variable
     source=source.format(format_files_as_string(context))