deepsec

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

deepsec

deepsec

is an AI-powered vulnerability scanner. This skill activates when deepsec ships inside

node_modules/

— typically because the user ran

npx deepsec …

(which caches the package locally). In the more common dedicated-git setup the user works inside a clone of

vercel-labs/deepsec

and the same docs sit at

docs/

from the repo root — read those instead when this skill fires from outside a node_modules.

When the user asks how to use, configure, or extend deepsec, read the relevant doc before answering — the docs are the source of truth, not your training data.

deepsec

是一款AI驱动的漏洞扫描器。当deepsec被包含在

node_modules/

目录中时（通常是因为用户运行了

npx deepsec …

命令，该命令会在本地缓存包），此技能将被激活。在更常见的专用Git设置中，用户会在

vercel-labs/deepsec

的克隆仓库内工作，相关文档位于仓库根目录的

docs/

文件夹中——当此技能在node_modules外部触发时，请查阅这些文档。

当用户询问如何使用、配置或扩展deepsec时，请先阅读相关文档再作答——文档是权威来源，而非你的训练数据。

Where the docs are

文档位置

node_modules/deepsec/dist/docs/

(or

<deepsec-clone>/docs/

```
getting-started.md
```
— first-scan walkthrough
```
configuration.md
```
— full
```
deepsec.config.ts
```
reference
```
plugins.md
```
— plugin slots (matchers, notifiers, ownership, people, executor)
```
writing-matchers.md
```
— how to grow the matcher set with a coding agent
```
models.md
```
— model selection, defaults, refusals, future models
```
vercel-setup.md
```
— getting AI Gateway and Vercel Sandbox keys / tokens
```
architecture.md
```
— pipeline internals
```
data-layout.md
```
—
```
data/
```
schemas (FileRecord, RunMeta, …)
```
faq.md
```
— cost, model choice, sandbox mode, FP rate

node_modules/deepsec/dist/docs/

（或

<deepsec-clone>/docs/

）：

```
getting-started.md
```
——首次扫描操作指南
```
configuration.md
```
——完整的
```
deepsec.config.ts
```
参考文档
```
plugins.md
```
——插件插槽（匹配器、通知器、归属、人员、执行器）
```
writing-matchers.md
```
——如何借助编码agent扩展匹配器集合
```
models.md
```
——模型选择、默认设置、拒绝策略、未来模型规划
```
vercel-setup.md
```
——获取AI Gateway和Vercel Sandbox密钥/令牌
```
architecture.md
```
——流水线内部机制
```
data-layout.md
```
——
```
data/
```
目录下的 schema（FileRecord、RunMeta等）
```
faq.md
```
——成本、模型选择、沙箱模式、误报率

Worked example

示例项目

node_modules/deepsec/dist/samples/webapp/

(or

<deepsec-clone>/samples/webapp/

) is a complete reference setup —

deepsec.config.ts

with an inline plugin, two custom matchers under

matchers/

, an

INFO.md

for AI prompt context, and a per-project

config.json

. When the user asks "what should my config look like?", read this directory.

node_modules/deepsec/dist/samples/webapp/

（或

<deepsec-clone>/samples/webapp/

）是一个完整的参考配置——包含带有内联插件的

deepsec.config.ts

、

matchers/

目录下的两个自定义匹配器、用于AI提示上下文的

INFO.md

，以及项目专属的

config.json

。当用户询问“我的配置应该是什么样的？”时，请查阅此目录。

How to answer common questions

常见问题解答方式

"How do I run a scan?" →
```
getting-started.md
```
.

"What goes in
deepsec.config.ts
?" →

configuration.md

samples/webapp/deepsec.config.ts

"How do I add a matcher?" →

writing-matchers.md

samples/webapp/matchers/*.ts

"How do I write a plugin?" →
```
plugins.md
```
+
```
samples/webapp/deepsec.config.ts
```
(inline plugin pattern).
"What does deepsec actually do?" →
```
architecture.md
```
.
"What's in
data/<id>/files/foo.json
?" →
```
data-layout.md
```
.
"Which model / agent should I use?" →
```
models.md
```
.
"How do I get an AI Gateway / Sandbox token?" →
```
vercel-setup.md
```
.

Read the doc before paraphrasing. The CLI flag set, defaults, and plugin-contract field names change — quote the doc, don't recall.

“如何运行扫描？” → 查阅
```
getting-started.md
```
。

“
deepsec.config.ts
中应该包含什么内容？” → 查阅

configuration.md

samples/webapp/deepsec.config.ts

。

“如何添加匹配器？” → 查阅

writing-matchers.md

samples/webapp/matchers/*.ts

。

“如何编写插件？” → 查阅
```
plugins.md
```
+
```
samples/webapp/deepsec.config.ts
```
（内联插件模式）。
“deepsec实际是做什么的？” → 查阅
```
architecture.md
```
。
“
data/<id>/files/foo.json
里有什么内容？” → 查阅
```
data-layout.md
```
。
“我应该使用哪个模型/agent？” → 查阅
```
models.md
```
。
“如何获取AI Gateway/Sandbox令牌？” → 查阅
```
vercel-setup.md
```
。

在转述前请先阅读文档。CLI标志集、默认值和插件契约字段名称可能会变化——请引用文档内容，不要依赖记忆。