Add default prompt values

Updated all LLM provider classes to use default values for prompt components if environment variables are not set.

Author: fredrik0x

pr_security_review/llm_providers/anthropic.py

@@ -99,15 +99,32 @@ def get_skeptical_verification_prompt(self, code_changes: str, findings: List[Di
             for i, finding in enumerate(findings)
         ])
 
-        # Load prompt components from environment variables (required)
-        intro = os.getenv('LLM_SKEPTICAL_VERIFICATION_INTRO')
-        critical_questions = os.getenv('LLM_SKEPTICAL_VERIFICATION_CRITICAL_QUESTIONS')
-        be_critical = os.getenv('LLM_SKEPTICAL_VERIFICATION_BE_CRITICAL')
-        only_confirm = os.getenv('LLM_SKEPTICAL_VERIFICATION_ONLY_CONFIRM')
-        response_format = os.getenv('LLM_SKEPTICAL_VERIFICATION_RESPONSE_FORMAT')
+        # Default values (can be overridden by environment variables)
+        intro = os.getenv('LLM_SKEPTICAL_VERIFICATION_INTRO',
+            "You are a skeptical security auditor tasked with CRITICALLY reviewing and VERIFYING potential vulnerabilities.")
 
-        if not all([intro, critical_questions, be_critical, only_confirm, response_format]):
-            raise ValueError("Required LLM skeptical verification environment variables are not set. Please check your .env file.")
+        critical_questions = os.getenv('LLM_SKEPTICAL_VERIFICATION_CRITICAL_QUESTIONS',
+            "Ask yourself is this is really a vulnerability.")
+        
+        be_critical = os.getenv('LLM_SKEPTICAL_VERIFICATION_BE_CRITICAL',
+            "Keep a critical mindset.")
+        
+        only_confirm = os.getenv('LLM_SKEPTICAL_VERIFICATION_ONLY_CONFIRM',
+            "Only confirm vulnerabilities you are very sure about.")
+        
+        response_format = os.getenv('LLM_SKEPTICAL_VERIFICATION_RESPONSE_FORMAT',
+            """Return ONLY a JSON object with your verification results:
+{
+    "verified_findings": [
+        {
+            "original_index": <index of the original finding, starting from 0>,
+            "is_real_vulnerability": <true/false>,
+            "verification_confidence": <0-100>,
+            "reason": "<why you believe this is or isnt a real vulnerability>"
+        }
+    ],
+    "summary": "<brief summary of your verification>"
+}""")
 
         prompt = f"""{intro}
         
@@ -145,9 +162,8 @@ def verify_findings(self, code_changes: str, initial_result: Dict) -> Tuple[Dict
             return initial_result, CostInfo(0.0, 0, 0, self.model, self.get_provider_name())
 
         try:
-            system_prompt = os.getenv('LLM_SYNTHESIS_SYSTEM_PROMPT_ANTHROPIC')
-            if not system_prompt:
-                raise ValueError("LLM_SYNTHESIS_SYSTEM_PROMPT_ANTHROPIC environment variable is not set.")
+            system_prompt = os.getenv('LLM_SYNTHESIS_SYSTEM_PROMPT_ANTHROPIC',
+                "You are a skeptical security auditor. Return ONLY JSON output with no additional text or explanation.")
 
             response = self.client.messages.create(
                 model=self.model,
@@ -265,9 +281,8 @@ def analyze_security(self, code_changes: str, context: str = "") -> Tuple[Dict,
         """
         try:
             # First analysis
-            system_prompt = os.getenv('LLM_SYNTHESIS_SYSTEM_PROMPT')
-            if not system_prompt:
-                raise ValueError("LLM_SYNTHESIS_SYSTEM_PROMPT environment variable is not set.")
+            system_prompt = os.getenv('LLM_SYNTHESIS_SYSTEM_PROMPT',
+                "You are a security expert specializing in code review. Return ONLY JSON output with no additional text or explanation.")
 
             response = self.client.messages.create(
                 model=self.model,

pr_security_review/llm_providers/base.py

@@ -120,16 +120,51 @@ def get_security_prompt(code_changes: str, context: str = "") -> str:
         Returns:
             str: The formatted prompt for security analysis
         """
-        # Load prompt components from environment variables (required)
-        intro = os.getenv('LLM_SECURITY_PROMPT_INTRO')
-        focus_areas = os.getenv('LLM_SECURITY_PROMPT_FOCUS_AREAS')
-        important_notes = os.getenv('LLM_SECURITY_PROMPT_IMPORTANT_NOTES')
-        examples = os.getenv('LLM_SECURITY_PROMPT_EXAMPLES')
-        response_format = os.getenv('LLM_SECURITY_PROMPT_RESPONSE_FORMAT')
-        no_vulns_response = os.getenv('LLM_SECURITY_PROMPT_NO_VULNS_RESPONSE')
+        # Default values (can be overridden by environment variables)
+        intro = os.getenv('LLM_SECURITY_PROMPT_INTRO', 
+            "You are a security expert specializing in Ethereum client implementations and blockchain security.")
 
-        if not all([intro, focus_areas, important_notes, examples, response_format, no_vulns_response]):
-            raise ValueError("Required LLM prompt environment variables are not set. Please check your .env file.")
+        focus_areas = os.getenv('LLM_SECURITY_PROMPT_FOCUS_AREAS',
+            "Pay special attention to Blockchain specific vulnerabilities.")
+        
+        important_notes = os.getenv('LLM_SECURITY_PROMPT_IMPORTANT_NOTES',
+            "IMPORTANT:\n- Focus on concrete exploitable vulnerabilities.")
+        
+        examples = os.getenv('LLM_SECURITY_PROMPT_EXAMPLES',
+            "Examples of concrete vulnerabilities:\n- Gas costs that deviate from EIP specifications.")
+        
+        response_format = os.getenv('LLM_SECURITY_PROMPT_RESPONSE_FORMAT',
+            """CRITICAL: Your response must be ONLY the following JSON object, with no additional text, explanation, or markdown formatting:
+{
+    "confidence_score": <use highest confidence from findings, or 100 if no vulnerabilities>,
+    "has_vulnerabilities": <true/false>,
+    "findings": [
+        {
+            "severity": "<HIGH|MEDIUM|LOW>",
+            "description": "<specific vulnerability with exact code location>",
+            "recommendation": "<precise fix required>",
+            "confidence": <0-100, how certain you are about this specific vulnerability>,
+            "detailed_explanation": "<comprehensive explanation of what the issue is>",
+            "impact_explanation": "<what can happen if this vulnerability is exploited>",
+            "detailed_recommendation": "<detailed explanation of how to fix the issue>",
+            "code_example": "<the existing problematic code block, with proposed changes highlighted using html-style comments>",
+            "additional_resources": "<links to documentation or other resources>"
+        }
+    ],
+    "summary": "<only mention concrete vulnerabilities found>"
+}
+
+IMPORTANT: The overall confidence_score should match the highest confidence score from the findings.
+For example, if you find one vulnerability with 90% confidence, the overall confidence_score should also be 90.""")
+        
+        no_vulns_response = os.getenv('LLM_SECURITY_PROMPT_NO_VULNS_RESPONSE',
+            """If no clear vulnerabilities are found in the code changes, return:
+{
+    "confidence_score": 100,
+    "has_vulnerabilities": false,
+    "findings": [],
+    "summary": "No concrete vulnerabilities identified in the changed code."
+}""")
 
         # Build the prompt
         prompt = f"""{intro}

pr_security_review/llm_providers/deepseek.py

@@ -90,9 +90,8 @@ def analyze_security(self, code_changes: str, context: str = "") -> Tuple[Dict,
         # context = ""
         try:
             # Prepare the messages
-            system_prompt = os.getenv('LLM_SYNTHESIS_SYSTEM_PROMPT')
-            if not system_prompt:
-                raise ValueError("LLM_SYNTHESIS_SYSTEM_PROMPT environment variable is not set.")
+            system_prompt = os.getenv('LLM_SYNTHESIS_SYSTEM_PROMPT',
+                "You are a security expert specializing in code review. Return ONLY JSON output with no additional text or explanation.")
 
             messages = [
                 {

pr_security_review/llm_providers/gemini.py

@@ -84,9 +84,8 @@ def analyze_security(self, code_changes: str, context: str = "") -> Tuple[Dict,
                 "response_mime_type": "application/json",
             }
 
-            system_prompt = os.getenv('LLM_SYNTHESIS_SYSTEM_PROMPT')
-            if not system_prompt:
-                raise ValueError("LLM_SYNTHESIS_SYSTEM_PROMPT environment variable is not set.")
+            system_prompt = os.getenv('LLM_SYNTHESIS_SYSTEM_PROMPT',
+                "You are a security expert specializing in code review. Return ONLY JSON output with no additional text or explanation.")
 
             model = genai.GenerativeModel(
                 model_name=self.model,

pr_security_review/llm_providers/llama.py

@@ -95,9 +95,8 @@ def analyze_security(self, code_changes: str, context: str = "") -> Tuple[Dict,
         # context = ""
         try:
             # Prepare the messages
-            system_prompt = os.getenv('LLM_SYNTHESIS_SYSTEM_PROMPT')
-            if not system_prompt:
-                raise ValueError("LLM_SYNTHESIS_SYSTEM_PROMPT environment variable is not set.")
+            system_prompt = os.getenv('LLM_SYNTHESIS_SYSTEM_PROMPT',
+                "You are a security expert specializing in code review. Return ONLY JSON output with no additional text or explanation.")
 
             messages = [
                 {

pr_security_review/llm_providers/multi_judge.py

@@ -96,10 +96,9 @@ def _synthesize_report(self, all_results: Dict[str, Dict], vote_result: Dict, co
         """Use Anthropic to synthesize a combined report from all analyses."""
         anthropic = self.providers['anthropic']
 
-        # Load synthesis intro from environment variable (required)
-        synthesis_intro = os.getenv('LLM_SYNTHESIS_PROMPT_INTRO')
-        if not synthesis_intro:
-            raise ValueError("LLM_SYNTHESIS_PROMPT_INTRO environment variable is not set.")
+        # Load synthesis intro from environment variable (with default)
+        synthesis_intro = os.getenv('LLM_SYNTHESIS_PROMPT_INTRO',
+            "You are a security expert tasked with synthesizing multiple security analyses into a single coherent report.")
 
         # Create a synthesis prompt
         synthesis_prompt = f"""{synthesis_intro}
@@ -124,9 +123,8 @@ def _synthesize_report(self, all_results: Dict[str, Dict], vote_result: Dict, co
                 for finding in result['findings']:
                     synthesis_prompt += f"  * {finding['severity']}: {finding['description']}\n"
 
-        synthesis_instruction = os.getenv('LLM_SYNTHESIS_PROMPT_INSTRUCTION')
-        if not synthesis_instruction:
-            raise ValueError("LLM_SYNTHESIS_PROMPT_INSTRUCTION environment variable is not set.")
+        synthesis_instruction = os.getenv('LLM_SYNTHESIS_PROMPT_INSTRUCTION',
+            "Please synthesize these analyses into a single, coherent security report. Combine similar findings, use the highest confidence scores where appropriate, and create a unified summary.")
 
         synthesis_prompt += f"""
 
@@ -159,9 +157,8 @@ def _synthesize_report(self, all_results: Dict[str, Dict], vote_result: Dict, co
 
         try:
             # Use a fresh Claude instance for synthesis to avoid token limit issues
-            system_prompt = os.getenv('LLM_SYNTHESIS_SYSTEM_PROMPT_SYNTHESIZE')
-            if not system_prompt:
-                raise ValueError("LLM_SYNTHESIS_SYSTEM_PROMPT_SYNTHESIZE environment variable is not set.")
+            system_prompt = os.getenv('LLM_SYNTHESIS_SYSTEM_PROMPT_SYNTHESIZE',
+                "You are a security expert specializing in synthesizing multiple analyses. Return ONLY JSON output with no additional text or explanation.")
 
             response = anthropic.client.messages.create(
                 model=anthropic.model,

pr_security_review/llm_providers/openai.py

@@ -95,9 +95,8 @@ def analyze_security(self, code_changes: str, context: str = "") -> Tuple[Dict,
             - CostInfo: Cost information for the request
         """
         try:
-            system_prompt = os.getenv('LLM_SYNTHESIS_SYSTEM_PROMPT')
-            if not system_prompt:
-                raise ValueError("LLM_SYNTHESIS_SYSTEM_PROMPT environment variable is not set.")
+            system_prompt = os.getenv('LLM_SYNTHESIS_SYSTEM_PROMPT',
+                "You are a security expert specializing in code review. Return ONLY JSON output with no additional text or explanation.")
 
             response = self.client.chat.completions.create(
                 model=self.model,