From c7c3d75267b2bda365402ca6d5fc7c664fe94dbe Mon Sep 17 00:00:00 2001 From: laypatel13 Date: Thu, 9 Jul 2026 01:10:08 +0530 Subject: [PATCH 1/2] docs: enhance README and blueprint with Money Heist theme (#136) --- README.md | 110 +++++++++++++++++++++++++++------------------- docs/blueprint.md | 47 ++++++++++++++------ 2 files changed, 97 insertions(+), 60 deletions(-) diff --git a/README.md b/README.md index 1e23a29..2176500 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,8 @@ -
-# ๐Ÿ›ก๏ธ SecureFlow +# ๐ŸŽญ SecureFlow -## AI-Powered GitHub Pull Request Security Scanner +## The Digital Heist Defense System โ€” AI-Powered GitHub Pull Request Security Scanner [![GitHub stars](https://img.shields.io/github/stars/GauravKarakoti/SecureFlow?style=for-the-badge&color=gold)](https://github.com/GauravKarakoti/SecureFlow/stargazers) [![GitHub forks](https://img.shields.io/github/forks/GauravKarakoti/SecureFlow?style=for-the-badge&color=blue)](https://github.com/GauravKarakoti/SecureFlow/network) @@ -15,7 +14,8 @@ [![Prisma](https://img.shields.io/badge/Prisma-3982CE?style=for-the-badge&logo=Prisma&logoColor=white)](https://www.prisma.io/) [![Tailwind CSS](https://img.shields.io/badge/Tailwind_CSS-38B2AC?style=for-the-badge&logo=tailwind-css&logoColor=white)](https://tailwindcss.com/) -> **Automatically detect vulnerabilities, hardcoded secrets, and code flaws before they reach production.** +> *"In this heist, we're not stealing โ€” we're protecting."* +> **SecureFlow automatically detects vulnerabilities, hardcoded secrets, and code flaws before they reach production.**
@@ -24,42 +24,48 @@ ## ๐Ÿ“‹ Table of Contents
Click to expand -- [๐ŸŒŸ Features](#-features) -- [๐Ÿง  How It Works](#-how-it-works) + +- [๐ŸŒŸ The Crew's Abilities (Features)](#-the-crews-abilities-features) +- [๐Ÿง  The Blueprint (How It Works)](#-the-blueprint-how-it-works) - [๐Ÿ› ๏ธ Tech Stack](#๏ธ-tech-stack) - [๐Ÿ“ Project Structure](#-project-structure) -- [๐Ÿš€ Getting Started](#-getting-started) +- [๐Ÿš€ Joining the Resistance (Getting Started)](#-joining-the-resistance-getting-started) - [Prerequisites](#prerequisites) - [1. Fork & Clone](#1-fork--clone) - [2. Environment Variables](#2-environment-variables) - [3. GitHub App Setup](#3-github-app-setup) - [4. Database Setup](#4-database-setup) - [5. Run the App](#5-run-the-app) -- [Docker Setup](#-docker-setup) - +- [๐Ÿณ Docker Setup](#-docker-setup) - [๐Ÿ”‘ Environment Variables Reference](#-environment-variables-reference) - [๐Ÿ“ Available Scripts](#-available-scripts) -- [๐Ÿ”’ Security Policies](#-security-policies) +- [๐Ÿ”’ Defense Strategy (Security Policies)](#-defense-strategy-security-policies) - [๐Ÿ“Š Architecture](#-architecture) - [๐Ÿค Contributing](#-contributing) - [โ“ FAQ](#-faq) - [๐Ÿ“„ License](#-license) +
+ --- -SecureFlow integrates directly with GitHub via a GitHub App and webhooks. Every time a Pull Request is opened or updated, it extracts the code diff, runs it through Groq's LLM (Llama 3.1), and generates actionable security findings with AI-written explanations and remediation steps โ€” all visible on a centralized dashboard. +SecureFlow integrates directly with GitHub via a GitHub App and webhooks. Every time a Pull Request is opened or updated, **The Professor** โ€” SecureFlow's AI mastermind โ€” extracts the code diff, runs it through Groq's LLM (Llama 3.1), and returns actionable security findings with AI-written explanations and remediation steps, all visible on a centralized Mission Control dashboard. + +Think of every Pull Request as a member of the crew trying to get into **The Vault** (your codebase). The Professor checks their credentials at the door โ€” no leaked keys, no sloppy code, no breaches on his watch. + +## ๐ŸŒŸ The Crew's Abilities (Features) ### ๐Ÿค– AI-Powered Detection Uses Groq's Llama 3.1 to detect hardcoded secrets, vulnerabilities, and misconfigurations in your code. ### โšก Real-time Scanning -Automatically scans every opened or updated Pull Request as soon as it's created. +Automatically scans every opened or updated Pull Request as soon as it's created โ€” The Professor never sleeps. ### ๐Ÿ›ก๏ธ Smart Remediation Generates precise explanations and concrete code fixes for each security finding. -### ๐Ÿ“Š Centralized Dashboard -View all your repositories, PRs, findings, and audit logs in one unified interface. +### ๐Ÿ“Š Mission Control Dashboard +View all your repositories, PRs, findings, and audit logs in one unified command center. ### ๐Ÿ’ฌ GitHub PR Comments Posts detailed security reports directly on your PRs with collapsible remediation blocks. @@ -68,14 +74,14 @@ Posts detailed security reports directly on your PRs with collapsible remediatio Sets Pass/Review Required/Blocked status on PR commits for clear CI/CD integration. ### ๐ŸŽฏ Custom Policies -Create, toggle, and manage security policies per user or organization. +Create, toggle, and manage security policies per user or organization โ€” write your own rules for the plan. ### ๐Ÿšซ Smart Exclusions Intelligently ignores non-executable files and mock placeholders to reduce noise. --- -## ๐Ÿง  How It Works +## ๐Ÿง  The Blueprint (How It Works) ``` Developer opens or updates a Pull Request @@ -88,13 +94,13 @@ ArmorIQScanner sends the diff to Groq LLM with active policy context โ†“ LLM returns structured findings (type, severity, file, snippet) โ†“ -For each finding โ†’ AI generates explanation + remediation steps +For each finding โ†’ The Professor generates explanation + remediation steps โ†“ -Findings saved to PostgreSQL via Prisma +Findings saved to PostgreSQL via Prisma โ€” the Vault Logs โ†“ Results posted as a GitHub PR comment + commit check status โ†“ -Everything visible on the SecureFlow Dashboard +Everything visible on the SecureFlow Mission Control Dashboard ``` ### What Gets Detected @@ -134,7 +140,7 @@ secureflow/ โ”œโ”€โ”€ src/ โ”‚ โ”œโ”€โ”€ ai/ โ”‚ โ”‚ โ””โ”€โ”€ flows/ -โ”‚ โ”‚ โ””โ”€โ”€ developer-receives-ai-security-explanations.ts # Genkit AI flow +โ”‚ โ”‚ โ””โ”€โ”€ developer-receives-ai-security-explanations.ts # The Professor's Genkit AI flow โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ app/ โ”‚ โ”‚ โ”œโ”€โ”€ api/ @@ -144,10 +150,10 @@ secureflow/ โ”‚ โ”‚ โ”‚ โ””โ”€โ”€ route.ts # Main webhook handler (PR scanning logic) โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ dashboard/ -โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ audit/ # Audit log page -โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ findings/ # Security findings page -โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ policies/ # Policy management page -โ”‚ โ”‚ โ”‚ โ””โ”€โ”€ page.tsx # Main dashboard overview +โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ audit/ # Vault Logs (audit log page) +โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ findings/ # Breach Attempts (security findings page) +โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ policies/ # Defense Strategy (policy management page) +โ”‚ โ”‚ โ”‚ โ””โ”€โ”€ page.tsx # Mission Control (main dashboard overview) โ”‚ โ”‚ โ”‚ โ”‚ โ”‚ โ”œโ”€โ”€ login/ # Login page โ”‚ โ”‚ โ””โ”€โ”€ setup/ # GitHub App installation setup page @@ -165,11 +171,11 @@ secureflow/ --- -## ๐Ÿš€ Getting Started +## ๐Ÿš€ Joining the Resistance (Getting Started) ### Prerequisites -Make sure you have the following installed and ready: +Make sure you have the following installed and ready before the heist begins: - [Node.js v20+](https://nodejs.org/) - [PostgreSQL](https://www.postgresql.org/) (local) or a free cloud DB ([Neon](https://neon.tech) / [Supabase](https://supabase.com)) @@ -180,10 +186,14 @@ Make sure you have the following installed and ready: ### 1. Fork & Clone +- Fork the repo on GitHub first, then: ```bash -# Fork the repo on GitHub first, then: git clone https://github.com/YOUR_USERNAME/secureflow.git +``` +```bash cd secureflow +``` +```bash npm install ``` @@ -237,14 +247,16 @@ Then set `DATABASE_URL="postgresql://postgres:yourpassword@localhost:5432/secure - Create a new project and copy the connection string directly into `DATABASE_URL` **Then run:** +- Generate Prisma Client ```bash -# Generate Prisma Client npm run db:gen - -# Apply migrations (creates all tables) +``` +- Apply migrations (creates all tables) +```bash npm run db:migrate - -# Seed default security policy templates +``` +- Seed default security policy templates +```bash npm run db:seed ``` @@ -260,7 +272,7 @@ Open [http://localhost:9002](http://localhost:9002) in your browser. - Sign in with GitHub - Install the GitHub App on your repositories via the Setup page -- Open a Pull Request on any linked repo to trigger a scan +- Open a Pull Request on any linked repo to trigger a scan โ€” and let The Professor take it from there **Optional โ€” Genkit AI dev environment** (for working on AI explanation flows): ```bash @@ -313,9 +325,9 @@ npm run genkit:dev --- -## ๐Ÿ”’ Security Policies +## ๐Ÿ”’ Defense Strategy (Security Policies) -SecureFlow ships with pre-built policy templates that are seeded into the database. Users can toggle them on/off from the dashboard. +SecureFlow ships with pre-built policy templates that are seeded into the database. Users can toggle them on/off from the dashboard โ€” think of it as briefing the crew before every job. | Policy | Severity | Default | |--------|----------|---------| @@ -335,22 +347,26 @@ SecureFlow ships with pre-built policy templates that are seeded into the databa The architecture follows a modern Next.js full-stack approach with real-time GitHub integration: -- **Frontend**: Next.js App Router with Tailwind CSS for the dashboard +- **Frontend**: Next.js App Router with Tailwind CSS for the Mission Control dashboard - **Backend**: API routes handle authentication, webhooks, and business logic -- **AI Layer**: Groq SDK processes code diffs through Llama 3.1 model -- **Database**: PostgreSQL with Prisma ORM for data persistence +- **AI Layer**: Groq SDK processes code diffs through Llama 3.1 model โ€” The Professor's brain +- **Database**: PostgreSQL with Prisma ORM for data persistence โ€” the Vault Logs - **GitHub Integration**: Octokit manages webhooks, PR comments, and checks --- ## ๐Ÿค Contributing -Contributions are welcome! Please read [CONTRIBUTING.md](./CONTRIBUTING.md) for guidelines on branching, commit messages, and the PR process. +Every good heist needs a crew. Contributions are welcome! Please read [CONTRIBUTING.md](./CONTRIBUTING.md) for guidelines on branching, commit messages, and the PR process. ```bash # Create a branch following the naming convention + + git checkout -b fix/your-issue-name # bug fix + git checkout -b feat/your-feature # new feature + git checkout -b docs/update-readme # documentation ``` @@ -358,7 +374,9 @@ Use [Conventional Commits](https://www.conventionalcommits.org/) for commit mess ```bash git commit -m "fix: description of what you fixed" + git commit -m "feat: description of new feature" + git commit -m "docs: description of documentation change" ``` @@ -366,28 +384,28 @@ git commit -m "docs: description of documentation change" ## โ“ FAQ -**How does SecureFlow protect my secrets?** +**How does SecureFlow protect my secrets?** SecureFlow uses AI to detect hardcoded secrets and sensitive data in your code. It's designed to catch API keys, passwords, tokens, and other credentials that might accidentally be committed to your repository. -**Can I customize the scanning rules?** +**Can I customize the scanning rules?** Yes! You can create, toggle, and manage custom policies through the dashboard. This allows you to enforce organization-specific security rules. -**Is my data sent to external services?** +**Is my data sent to external services?** Your code diffs are sent to Groq's LLM service for analysis. We do not store your code or share it with third parties. The service is compliant with data protection standards. -**How much does it cost to use SecureFlow?** +**How much does it cost to use SecureFlow?** SecureFlow is open-source and free to self-host. You'll need a Groq API key (free tier available) and your own PostgreSQL database. --- - -
**Built with โค๏ธ to make every Pull Request safer.** +*"The vault is empty. Zero traces left behind." โ€” every clean audit, thanks to The Professor.* + **โญ Star us on GitHub โ€” it helps!** [Report Bug](https://github.com/GauravKarakoti/SecureFlow/issues) ยท [Request Feature](https://github.com/GauravKarakoti/SecureFlow/issues) ยท [View Demo](https://secure-flow-six.vercel.app/) -
+ \ No newline at end of file diff --git a/docs/blueprint.md b/docs/blueprint.md index 81207f4..bd8363c 100644 --- a/docs/blueprint.md +++ b/docs/blueprint.md @@ -1,21 +1,40 @@ # **App Name**: SecureFlow +*"In this heist, we're not stealing โ€” we're protecting." SecureFlow casts every Pull Request as a member of the crew trying to reach The Vault (your codebase), with **The Professor** โ€” SecureFlow's AI mastermind โ€” checking credentials at the door before any breach gets through.* + ## Core Features: -- GitHub App Integration: Streamlined GitHub OAuth flow for repository selection and automated pull request webhook listeners. -- ArmorIQ Scanner: High-fidelity security scan implementation that identifies hardcoded secrets, vulnerable dependencies, and insecure code patterns during PR cycles. -- AI Reasoner Tool: An AI tool that applies logical reasoning to scanner findings to provide human-readable risk summaries and direct remediation advice in plain English. -- ArmorIQ Policy Engine: Logic engine for automated risk evaluation, mapping findings to customizable policy states: Pass, Review Required, or Blocked. -- Executive Security Dashboard: Centralized workspace featuring high-level risk trends, PR status visualizations, and active vulnerability metrics built with shadcn/ui and Recharts. -- Audit Transparency Logs: A persistent audit trail stored in PostgreSQL for all automated security decisions, actions, and scanner results. -- PR Status Reporter: Automated commit status updates and granular inline GitHub comments with direct feedback and action buttons. +- **GitHub App Integration โ€” The Inside Job**: Streamlined GitHub OAuth flow for repository selection and automated pull request webhook listeners. This is how the crew gets access to the building in the first place. +- **ArmorIQ Scanner โ€” The Professor's Eyes**: High-fidelity security scan implementation that identifies hardcoded secrets, vulnerable dependencies, and insecure code patterns during PR cycles. +- **AI Reasoner Tool โ€” The Professor's Voice**: An AI tool that applies logical reasoning to scanner findings to provide human-readable risk summaries and direct remediation advice in plain English, in-character as "The Professor." +- **ArmorIQ Policy Engine โ€” The Plan**: Logic engine for automated risk evaluation, mapping findings to customizable policy states: Pass, Review Required, or Blocked. +- **Mission Control Dashboard**: Centralized workspace featuring high-level risk trends, PR status visualizations, and active vulnerability metrics built with shadcn/ui and Recharts. +- **Vault Logs โ€” Audit Transparency**: A persistent audit trail stored in PostgreSQL for all automated security decisions, actions, and scanner results. +- **PR Status Reporter โ€” The Getaway Signal**: Automated commit status updates and granular inline GitHub comments with direct feedback and action buttons. ## Style Guidelines: -- Primary Color: Vibrant Deep Violet (#927BFF), providing a futuristic and high-tech feel that contrasts against deep surfaces. -- Background Color: Deep Graphite Charcoal (#0C0B0F), a desaturated variation of the primary hue to create an immersive, distraction-free dark interface. -- Accent Color: Electric Azure (#4D7BFF), an analogous hue that provides strong functional contrast for success states and interactive call-to-actions. -- Font Pairing: 'Space Grotesk' (Sans-serif) for sharp, technical-feeling headlines and 'Inter' (Sans-serif) for clean, highly-readable UI controls and density-rich scan results. -- Ultra-thin, mono-lineal strokes for icons, utilizing high-contrast borders to suggest precision and structural integrity. -- Spacious, container-less dashboard layout with high-blur background glass effects (Glassmorphism) to define hierarchy without visual clutter. -- Sophisticated micro-interactions using framer-motion, featuring rhythmic horizontal loaders that simulate continuous scanning pulses. \ No newline at end of file +- **Primary Color**: Vibrant Deep Violet (`#927BFF`) โ€” providing a futuristic and high-tech feel that contrasts against deep surfaces, echoing the crew's iconic red against a shadowy palette. +- **Background Color**: Deep Graphite Charcoal (`#0C0B0F`) โ€” a desaturated variation of the primary hue to create an immersive, distraction-free dark interface, like the inside of the Vault itself. +- **Accent Color**: Electric Azure (`#4D7BFF`) โ€” an analogous hue that provides strong functional contrast for success states and interactive call-to-actions ("Audit Passed" moments). +- **Font Pairing**: 'Space Grotesk' (Sans-serif) for sharp, technical-feeling headlines and 'Inter' (Sans-serif) for clean, highly-readable UI controls and density-rich scan results. +- **Iconography**: Ultra-thin, mono-lineal strokes for icons, utilizing high-contrast borders to suggest precision and structural integrity โ€” every line as deliberate as the heist itself. +- **Layout**: Spacious, container-less dashboard layout with high-blur background glass effects (Glassmorphism) to define hierarchy without visual clutter. +- **Motion**: Sophisticated micro-interactions using framer-motion, featuring rhythmic horizontal loaders that simulate continuous scanning pulses โ€” The Professor, always watching. + +## Narrative & Copy Guidelines: + +Use these terms consistently across UI copy, docs, and marketing surfaces so the theme stays coherent app-wide: + +| Theme Term | Refers To | +|---|---| +| The Professor | The AI security reasoner/persona behind explanations and remediation | +| The Vault | The codebase / protected repository | +| Mission Control | Main dashboard overview (`/dashboard`) | +| Breach Attempts | Security findings page (`/dashboard/findings`) | +| Defense Strategy | Policy management page (`/dashboard/policies`) | +| Vault Logs | Audit log page (`/dashboard/audit`) | +| The Resistance | SecureFlow's users/community defending their codebases | +| Bella Ciao | Tagline motif used for "all clear" / passed-audit moments | + +Keep the tone confident and cinematic, never juvenile โ€” SecureFlow is a serious security tool wearing a fun theme, not the other way around. \ No newline at end of file From f14a1fdb7a23746ed3a04a2de418afa41c71a684 Mon Sep 17 00:00:00 2001 From: laypatel13 Date: Thu, 9 Jul 2026 14:09:50 +0530 Subject: [PATCH 2/2] docs: correct style guidelines to match actual theme colors/fonts --- docs/blueprint.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/blueprint.md b/docs/blueprint.md index bd8363c..b3a72a2 100644 --- a/docs/blueprint.md +++ b/docs/blueprint.md @@ -14,10 +14,10 @@ ## Style Guidelines: -- **Primary Color**: Vibrant Deep Violet (`#927BFF`) โ€” providing a futuristic and high-tech feel that contrasts against deep surfaces, echoing the crew's iconic red against a shadowy palette. -- **Background Color**: Deep Graphite Charcoal (`#0C0B0F`) โ€” a desaturated variation of the primary hue to create an immersive, distraction-free dark interface, like the inside of the Vault itself. -- **Accent Color**: Electric Azure (`#4D7BFF`) โ€” an analogous hue that provides strong functional contrast for success states and interactive call-to-actions ("Audit Passed" moments). -- **Font Pairing**: 'Space Grotesk' (Sans-serif) for sharp, technical-feeling headlines and 'Inter' (Sans-serif) for clean, highly-readable UI controls and density-rich scan results. +- **Primary Color**: Heist Red (`hsl(356 96% 47%)` โ‰ˆ `#EB0514`) โ€” the signature red of the crew's jumpsuits, used for primary actions, alerts, and the accent color throughout the app. +- **Background Color**: Deep Cinematic Black (`hsl(0 0% 4%)` โ‰ˆ `#0A0A0A`) in dark mode โ€” evoking the shadows of the vault. Light mode uses a crisp off-white (`hsl(0 0% 98%)`) for high-contrast daytime use. +- **Card/Surface Color**: Slightly raised black (`hsl(0 0% 7%)` โ‰ˆ `#121212`) to separate cards and panels from the background without breaking the dark aesthetic. +- **Font Pairing**: 'Roboto' (Sans-serif) for bold, cinematic headlines and 'Inter' (Sans-serif) for clean, highly-readable body text and UI controls. - **Iconography**: Ultra-thin, mono-lineal strokes for icons, utilizing high-contrast borders to suggest precision and structural integrity โ€” every line as deliberate as the heist itself. - **Layout**: Spacious, container-less dashboard layout with high-blur background glass effects (Glassmorphism) to define hierarchy without visual clutter. - **Motion**: Sophisticated micro-interactions using framer-motion, featuring rhythmic horizontal loaders that simulate continuous scanning pulses โ€” The Professor, always watching.