Skip to content

merge main with secbench-cli#11

Merged
prizmo-prime merged 47 commits intofeature/secbench-clifrom
main
Jan 8, 2026
Merged

merge main with secbench-cli#11
prizmo-prime merged 47 commits intofeature/secbench-clifrom
main

Conversation

@prizmo-prime
Copy link
Copy Markdown
Collaborator

@prizmo-prime prizmo-prime commented Jan 8, 2026

No description provided.

@SplotyCode
Add placeholder to prompt input
c6673d0
@SplotyCode
Publish setting changes into own topic
f6b1e13
@SplotyCode
Show warning when llm provider is not configured
8f6a6a8
@SplotyCode
Move SecureCoderAiToolWindowFactory into own package
fdde8ac
@SplotyCode
Split up SecureCoderAiToolWindowFactory
f66960e
@SplotyCode
Dont translate internal error messages
7f00763
@SplotyCode
Exclude coroutines libs from build
dddc58d
@SplotyCode
Fix project context control
33f99d5
@SplotyCode
Write context as user role
1e24b6c
@SplotyCode
Expose chat messages in InvalidLlmOutputWarning
4176fe3
@SplotyCode
Add debug popup for invalid LLM responses
f672f60
@SplotyCode
Add failures in GuardianExecutor result rather than throwing
494ff1b
@SplotyCode
Expose full GuardianExecutor result in GuardianWarningEvent
6091584
@SplotyCode
Include raw result in parsed violation data
c162d35
@SplotyCode
Added parseChangesAttempts to workflow engine configuration
6c470f1
@SplotyCode
Restructure guardian stream events
728debd
@SplotyCode
Add optional delay to DummyGuardian
518c0a5
@SplotyCode
Redo guardian validations in the frontend
6bc013f
@SplotyCode
Use ProposalId instead of String
3f3a876
@SplotyCode
Present warnings more user friendly
791c053
@SplotyCode
Improve guardian summary
d50112d
@SplotyCode
Merge pull request #8 from stg-tud/feature/chat-frontend-improvements
2b64443 
Feature/chat frontend improvements
@SplotyCode
Add Docker support for openapi-bridge
c47b661
@SplotyCode
openapi -> openai
e73e479
@SplotyCode
Dont inherit java properties for openai-bridge java exec task
6d411d8
@SplotyCode
Improve error handling of OllamaClient
88d708e
@SplotyCode
Fix openai-bridge rename
8edfe63
@SplotyCode
Add in the prompt to only create ONE file when using openai bridge
04a4515
@SplotyCode
Rename openai bridge package
d0281d2
@SplotyCode
Add debug logging to llm clients
9e479e7
SplotyCode and others added 17 commits January 2, 2026 01:12
@SplotyCode
Improved response handling for smaller llms
504a14e
@SplotyCode
Release plugin 0.0.3
5ae891d
@SplotyCode
Fix grammar in FilesInContextPromptBuilder
309a01b
@SplotyCode
Add EngineLlmReplayTests
89da0c7
@SplotyCode
<EDITN> blocks -> edit blocks
4c70332
@SplotyCode
Move FilesInContextPromptBuilder to file package
2055fff
@SplotyCode
Dont dedupe llm changes
4a9860d
@SplotyCode
Basic structured output support
31d81e8
@SplotyCode
Add LLMDescription annotation
86bbd19
@SplotyCode
Add structured output support in logging and replay
d2f179d
@SplotyCode
Add StructuredEditFilesLlmWrapper
899397d
@SplotyCode
Add replay test in ci
ab87add
@SplotyCode
Merge pull request #10 from stg-tud/feature/structured-output
d8195eb 
Feature/structured output
@prizmo-prime
update gitignore for python
2ebf442
@prizmo-prime
Add Python entries to gitignore and update CWEval submodule
2f42af7
@prizmo-prime
Merge branch 'main' of https://github.com/stg-tud/SecureCoder
932ba58 
merge secbenchcli with main
@prizmo-prime
Merge branch 'feature/secbench-cli'
1af196d
@prizmo-prime prizmo-prime requested a review from Copilot January 8, 2026 13:38
Copilot AI reviewed Jan 8, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request merges the secbench-cli branch into main, introducing significant enhancements to the SecureCoder system including:

  • Fixed critical typo in module name (openapi-bridge → openai-bridge)
  • Added structured LLM output support with JSON schema generation
  • Enhanced Guardian error handling with failure tracking
  • Improved IntelliJ plugin UI with validation status indicators
  • Added LLM replay testing infrastructure for reproducible testing

Key Changes

  • LLM Integration: Introduced chatStructured API with JSON schema support for Ollama and OpenRouter clients
  • Guardian Improvements: Added failure tracking, raw violation data capture, and better error handling
  • UI Enhancements: Refactored IntelliJ plugin toolwindow with validation states and debug information display
  • Testing Infrastructure: Added comprehensive LLM replay/logging framework for testing with cached responses

Reviewed changes

Copilot reviewed 53 out of 57 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
settings.gradle.kts Fixed typo: openapi-bridge → openai-bridge
guardian/api/Models.kt Added raw field to Violation for debugging
guardian/codeql/CodeQLGuardian.kt Renamed parameter for consistency (codeqlBinary → codeQlBinary)
guardian/api/DummyGuardian.kt Added configurable sleep delay for testing
engine/llm/*.kt Added structured chat API with JSON schema support
engine/workflow/*.kt Enhanced with ProposalId tracking and validation events
engine/file/edit/*.kt Added StructuredEditFilesLlmWrapper for JSON-based edits
app/openai-bridge/*.kt Fixed package name from openapibridge to openaibridge
app/intellij-plugin/toolwindow/*.kt Refactored into separate classes with validation UI
engine/src/test/*.kt Added LLM replay test infrastructure
Files not reviewed (2)
  • .idea/gradle.xml: Language not supported
  • .idea/kotlinc.xml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

guardian/api/src/main/java/de/tuda/stg/securecoder/guardian/DummyGuardian.kt

class DummyGuardian(
private val flagProbabilityPerFile: Double = 0.8,
private val hardRejet: Boolean = false,
Copy link

Copilot AI Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo in parameter name: 'hardRejet' should be 'hardReject' to match the naming convention used elsewhere in the codebase.

Copilot uses AI. Check for mistakes.
guardian/codeql/src/main/java/de/tuda/stg/securecoder/guardian/CodeQLGuardian.kt

class CodeQLGuardian(
private val codeqlBinary: String = "codeql",
private val codeQlBinary: String = "codeql",
Copy link

Copilot AI Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The variable name 'codeQlBinary' uses inconsistent casing. It should be 'codeQLBinary' to match the CodeQL product naming convention, or 'codeqlBinary' to maintain consistency with the property name used in settings.

Copilot uses AI. Check for mistakes.
@prizmo-prime prizmo-prime merged commit bdc22b3 into feature/secbench-cli Jan 8, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@prizmo-prime @SplotyCode