feat: Add dockerguard kit#203
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughDockerGuard adds a Lamatic audit flow and a Next.js application for submitting Dockerfiles or compose files, normalizing and displaying audit reports, exporting results, configuring local deployment, and documenting setup and safety constraints. ChangesDockerGuard AgentKit
Suggested reviewers: 🚥 Pre-merge checks | ✅ 3 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (3 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
:robot_face: AgentKit Structural ValidationNew Contributions Detected
Check Results
🎉 All checks passed! This contribution follows the AgentKit structure. |
There was a problem hiding this comment.
Pull request overview
Adds a new DockerGuard kit to AgentKit: a Lamatic flow that statically audits Dockerfiles/docker-compose files and a Next.js UI to run audits and render/export a scored report.
Changes:
- Introduces the
dockerguard-auditLamatic flow with externalized prompts/constitution/model config and strict JSON output contract. - Adds a standalone Next.js app (Tailwind-based) to submit input, display an annotated report, and export JSON/Markdown/printable PDF.
- Adds kit metadata, docs, and environment templates for local and Vercel deployment.
Reviewed changes
Copilot reviewed 33 out of 38 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| kits/dockerguard/README.md | Kit documentation, screenshots, and setup instructions. |
| kits/dockerguard/agent.md | Agent/flow behavior spec and integration notes. |
| kits/dockerguard/lamatic.config.ts | Kit metadata (name, tags, links, required env step). |
| kits/dockerguard/flows/dockerguard-audit.ts | Exported Lamatic flow definition (trigger → LLM → response). |
| kits/dockerguard/prompts/dockerguard-audit_llmnode-540_system_0.md | System prompt defining rules, scoring, and strict JSON schema. |
| kits/dockerguard/prompts/dockerguard-audit_llmnode-540_user_1.md | User prompt injecting file contents and returning strict JSON. |
| kits/dockerguard/constitutions/default.md | Safety/handling constitution (no execution, redact secrets, strict output). |
| kits/dockerguard/model-configs/dockerguard-audit_llmnode-540_generative-model-name.ts | Default model/provider configuration for the LLM node. |
| kits/dockerguard/.gitignore | Kit-level ignore rules (env/build artifacts). |
| kits/dockerguard/.env.example | Kit-level env template pointing to apps/.env.local. |
| kits/dockerguard/apps/package.json | Next.js app package definition and dependencies. |
| kits/dockerguard/apps/package-lock.json | Dependency lockfile for the app. |
| kits/dockerguard/apps/tsconfig.json | TypeScript configuration for the Next.js app. |
| kits/dockerguard/apps/tailwind.config.ts | Tailwind theme/token configuration. |
| kits/dockerguard/apps/postcss.config.mjs | PostCSS setup for Tailwind + autoprefixer. |
| kits/dockerguard/apps/next.config.mjs | Next.js configuration (strict mode). |
| kits/dockerguard/apps/.gitignore | App-level ignore rules (node_modules, .next, env files). |
| kits/dockerguard/apps/.env.example | App env template for flow ID + Lamatic API credentials. |
| kits/dockerguard/apps/orchestrate.js | Centralized env-driven runtime config for flow invocation. |
| kits/dockerguard/apps/actions/orchestrate.ts | Server action to call Lamatic flow and parse/normalize the JSON report. |
| kits/dockerguard/apps/lib/lamatic-client.ts | Lamatic SDK client initialization for server-side calls. |
| kits/dockerguard/apps/lib/types.ts | Shared TypeScript types for report/findings. |
| kits/dockerguard/apps/lib/severity.ts | Severity normalization, labels/icons, score band colors. |
| kits/dockerguard/apps/lib/sample.ts | Sample Dockerfile used by “Load example”. |
| kits/dockerguard/apps/lib/report-format.ts | JSON/Markdown/printable HTML exporters for the report. |
| kits/dockerguard/apps/components/theme-toggle.tsx | Client-side light/dark mode toggle. |
| kits/dockerguard/apps/components/score-ring.tsx | Score ring visualization component. |
| kits/dockerguard/apps/components/export-menu.tsx | Export menu (copy/download/print). |
| kits/dockerguard/apps/components/copy-button.tsx | Reusable copy-to-clipboard UI control. |
| kits/dockerguard/apps/components/audit-report.tsx | Main report view (severity groups, passed checks, annotation). |
| kits/dockerguard/apps/components/annotated-dockerfile.tsx | Annotated source viewer with per-line severity markers. |
| kits/dockerguard/apps/app/layout.tsx | App shell + early theme init script + metadata. |
| kits/dockerguard/apps/app/page.tsx | Main UI page (input → run audit → results view). |
| kits/dockerguard/apps/app/globals.css | Design tokens + base styles + severity theming. |
Files not reviewed (1)
- kits/dockerguard/apps/package-lock.json: Generated file
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ADD . /app | ||
| WORKDIR /app | ||
|
|
||
| ENV API_KEY=sk-live-abc123secret |
| "tags": ["devops", "security", "generative"], | ||
| "testInput": { | ||
| "dockerfile": | ||
| "FROM node:latest\nADD . /app\nWORKDIR /app\nENV API_KEY=sk-live-123456\nRUN apt-get update\nRUN npm install\nEXPOSE 3000\nCMD npm start", |
| if (!config.api.endpoint || !config.api.apiKey) { | ||
| throw new Error( | ||
| "Lamatic API credentials are not set. Check your .env.local file." | ||
| ); | ||
| } | ||
| client = new Lamatic({ | ||
| endpoint: config.api.endpoint, | ||
| projectId: config.api.projectId ?? null, | ||
| apiKey: config.api.apiKey, | ||
| }); |
There was a problem hiding this comment.
Actionable comments posted: 8
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@kits/dockerguard/apps/actions/orchestrate.ts`:
- Around line 48-61: The findings array in parseReport is still passed through
unnormalized, so partial LLM output can break the report and produce undefined
fields in toMarkdown. Update orchestrate.ts so parseReport validates each item
in parsed.findings and maps them through normalizeFinding, giving default values
for missing Finding fields like id, why, and fix instead of returning raw
objects. Keep the existing top-level normalization intact and ensure
normalizeFinding is used consistently for all findings.
- Line 4: The orchestration action is still importing step metadata from the
app-level orchestrate module instead of the kit-level config. Update the import
in orchestrate.ts to read the step definition from the kit’s lamatic.config
source while keeping the app config for env/API values, and verify the wiring in
the orchestrate flow stays aligned through the config symbol being used.
In `@kits/dockerguard/apps/app/page.tsx`:
- Around line 93-99: The textarea in the page component lacks an accessible
name, so add a proper label via the existing textarea element in app/page.tsx by
giving it an aria-label or connecting it to a visible label with
aria-labelledby; update the textarea used with content/setContent so assistive
technologies can announce its purpose.
- Around line 93-99: Disable the textarea in the page component while the async
audit is in progress. Update the textarea in page.tsx to use the existing
audit-running state (or add one around the audit trigger) so the content field
cannot be edited during the in-flight call, and re-enable it once the audit
completes or fails. Keep the fix centered on the textarea element and the audit
action handler so the UI reflects the locked state consistently.
- Around line 67-81: The file-type toggle buttons in the segmented control need
to expose their selected state to assistive technology. Update the button
rendering inside the FileType map in page.tsx so each button uses an
aria-pressed state that reflects whether fileType matches the current option.
Keep the existing visual styling and selection logic, and ensure the change is
applied on the button element created in the toggle group.
In `@kits/dockerguard/apps/components/export-menu.tsx`:
- Around line 82-103: The custom dropdown in export-menu.tsx needs proper menu
semantics and focus handling; the current container and actions in the open
block lack role="menu" and role="menuitem", and Escape can leave focus on body
instead of returning to the trigger. Update the export menu markup around the
open state in the export-menu component to add the missing ARIA roles and
restore focus to the trigger when the menu closes, or preferably replace the
custom implementation with shadcn/ui’s DropdownMenu so keyboard navigation,
Escape behavior, and focus management are handled correctly.
In `@kits/dockerguard/apps/package.json`:
- Line 28: Tailwind CSS is still pinned to v3 in the app package, which violates
the kit guideline and requires a v4 migration. Update the app’s dependency to
Tailwind v4+, then align the related setup by replacing the current
Tailwind/PostCSS wiring in tailwind.config.ts and postcss.config.mjs with the v4
CSS-based approach and `@tailwindcss/postcss` plugin. Move any theme extensions
from the Tailwind config into CSS `@theme` blocks in globals.css and ensure the
app’s style imports follow the v4 syntax.
In `@kits/dockerguard/README.md`:
- Around line 85-88: The README flow setup hard-codes a transient LLM node id in
the API Response mapping, which can mismatch the checked-in export. Update the
dockerguard-audit instructions to reference the exported LLM node generically or
use the committed node id used by the flow export, so the report mapping in the
API Response node points to the correct generatedResponse output.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI (base), Organization UI (inherited)
Review profile: ASSERTIVE
Plan: Pro
Run ID: d443d12d-c224-45b2-a00f-0a78bf9edd37
⛔ Files ignored due to path filters (5)
kits/dockerguard/apps/package-lock.jsonis excluded by!**/package-lock.jsonkits/dockerguard/assets/dockerguard-dark.pngis excluded by!**/*.pngkits/dockerguard/assets/dockerguard-input.pngis excluded by!**/*.pngkits/dockerguard/assets/dockerguard-light.pngis excluded by!**/*.pngkits/dockerguard/assets/dockerguard-overview.pngis excluded by!**/*.png
📒 Files selected for processing (33)
kits/dockerguard/.env.examplekits/dockerguard/.gitignorekits/dockerguard/README.mdkits/dockerguard/agent.mdkits/dockerguard/apps/.env.examplekits/dockerguard/apps/.gitignorekits/dockerguard/apps/actions/orchestrate.tskits/dockerguard/apps/app/globals.csskits/dockerguard/apps/app/layout.tsxkits/dockerguard/apps/app/page.tsxkits/dockerguard/apps/components/annotated-dockerfile.tsxkits/dockerguard/apps/components/audit-report.tsxkits/dockerguard/apps/components/copy-button.tsxkits/dockerguard/apps/components/export-menu.tsxkits/dockerguard/apps/components/score-ring.tsxkits/dockerguard/apps/components/theme-toggle.tsxkits/dockerguard/apps/lib/lamatic-client.tskits/dockerguard/apps/lib/report-format.tskits/dockerguard/apps/lib/sample.tskits/dockerguard/apps/lib/severity.tskits/dockerguard/apps/lib/types.tskits/dockerguard/apps/next.config.mjskits/dockerguard/apps/orchestrate.jskits/dockerguard/apps/package.jsonkits/dockerguard/apps/postcss.config.mjskits/dockerguard/apps/tailwind.config.tskits/dockerguard/apps/tsconfig.jsonkits/dockerguard/constitutions/default.mdkits/dockerguard/flows/dockerguard-audit.tskits/dockerguard/lamatic.config.tskits/dockerguard/model-configs/dockerguard-audit_llmnode-540_generative-model-name.tskits/dockerguard/prompts/dockerguard-audit_llmnode-540_system_0.mdkits/dockerguard/prompts/dockerguard-audit_llmnode-540_user_1.md
|
hey, thanks for the review; went through everything and pushed fixes. what i changed:
couple of things i kept on purpose;
@coderabbitai review |
🧩 Analysis chain🏁 Script executed: #!/bin/bash
set -euo pipefail
gh pr view 203 --repo Lamatic/AgentKit --json files,commits -q '.files[].path' | grep -i dockerguard | head -50
echo "---"
gh pr diff 203 --repo Lamatic/AgentKit -- kits/dockerguard/apps/actions/orchestrate.ts | head -200Length of output: 2227 🏁 Script executed: #!/bin/bash
set -euo pipefail
gh pr diff 203 --repo Lamatic/AgentKit > /tmp/pr203.diff
wc -l /tmp/pr203.diff
echo "---orchestrate.ts---"
awk '/^diff --git a\/kits\/dockerguard\/apps\/actions\/orchestrate.ts/{flag=1} /^diff --git/{if(flag && !/orchestrate.ts/) exit} flag' /tmp/pr203.diff | head -250
echo "---package.json (tailwind)---"
awk '/^diff --git a\/kits\/dockerguard\/apps\/package.json/{flag=1} /^diff --git/{if(flag && !/package.json/) exit} flag' /tmp/pr203.diff
echo "---tailwind.config---"
awk '/^diff --git a\/kits\/dockerguard\/apps\/tailwind.config.ts/{flag=1} /^diff --git/{if(flag && !/tailwind.config.ts/) exit} flag' /tmp/pr203.diffLength of output: 8184 🏁 Script executed: #!/bin/bash
set -euo pipefail
echo "---export-menu---"
awk '/^diff --git a\/kits\/dockerguard\/apps\/components\/export-menu.tsx/{flag=1} /^diff --git/{if(flag && !/export-menu.tsx/) exit} flag' /tmp/pr203.diff
echo "---lamatic-client---"
awk '/^diff --git a\/kits\/dockerguard\/apps\/lib\/lamatic-client.ts/{flag=1} /^diff --git/{if(flag && !/lamatic-client.ts/) exit} flag' /tmp/pr203.diff
echo "---page.tsx aria---"
awk '/^diff --git a\/kits\/dockerguard\/apps\/app\/page.tsx/{flag=1} /^diff --git/{if(flag && !/page.tsx/) exit} flag' /tmp/pr203.diff | grep -n "aria-"
echo "---readme node id---"
awk '/^diff --git a\/kits\/dockerguard\/README.md/{flag=1} /^diff --git/{if(flag && !/README.md/) exit} flag' /tmp/pr203.diff | grep -n -i "node"Length of output: 7214 All the fixes check out, Agent. Confirmed on the ground:
On the two things you kept intentionally — agreed, both are reasonable calls:
Kicking off a fresh full review pass now to double check nothing else needs attention. ✅ Action performedReview finished.
|
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@kits/dockerguard/apps/actions/orchestrate.ts`:
- Line 47: The line normalization in the annotated source view is treating
missing values as valid line 0 because Number(null) and other falsy inputs pass
Number.isFinite; update the logic around the lineNum handling in orchestrate.ts
to reject null, empty, and non-positive values before rendering. Use the
existing lineNum check to return null unless the parsed value is a finite
integer greater than 0, so absent lines never become line 0 in the source
annotation output.
- Line 44: The severity mapping in orchestrate should normalize the LLM-provided
value before validation, since SEVERITIES.includes(f.severity as Severity) only
matches exact casing and can incorrectly fall back to "info". Update the
severity assignment in the findings mapping to lowercase the incoming f.severity
before checking against SEVERITIES, and keep the fallback behavior only for
truly unrecognized values.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI (base), Organization UI (inherited)
Review profile: ASSERTIVE
Plan: Pro
Run ID: 0c9b4566-ba70-4207-84c3-767a3834419a
⛔ Files ignored due to path filters (1)
kits/dockerguard/apps/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (8)
kits/dockerguard/README.mdkits/dockerguard/apps/actions/orchestrate.tskits/dockerguard/apps/app/globals.csskits/dockerguard/apps/app/page.tsxkits/dockerguard/apps/components/export-menu.tsxkits/dockerguard/apps/lib/lamatic-client.tskits/dockerguard/apps/package.jsonkits/dockerguard/apps/postcss.config.mjs
|
i have done the last two changes; they were small, made the severity match case-insensitive (so "HIGH"/"High" doesn't fall back to info) and stopped a missing line number from showing up as line 0. pls re-review @coderabbitai review |
🧩 Analysis chain🏁 Script executed: #!/bin/bash
set -euo pipefail
gh pr diff 203 --repo Lamatic/AgentKit > /tmp/pr203.diff
echo "---severity.ts---"
awk '/^diff --git a\/kits\/dockerguard\/apps\/lib\/severity.ts/{flag=1} /^diff --git/{if(flag && !/severity.ts/) exit} flag' /tmp/pr203.diff
echo "---orchestrate.ts line handling---"
awk '/^diff --git a\/kits\/dockerguard\/apps\/actions\/orchestrate.ts/{flag=1} /^diff --git/{if(flag && !/orchestrate.ts/) exit} flag' /tmp/pr203.diff | grep -n -i "line"
echo "---audit-report.tsx line handling---"
awk '/^diff --git a\/kits\/dockerguard\/apps\/components\/audit-report.tsx/{flag=1} /^diff --git/{if(flag && !/audit-report.tsx/) exit} flag' /tmp/pr203.diff | grep -n -i "line"Length of output: 4404
Nice, tight fixes — nothing else outstanding from my side. Kicking off a full review pass now, but I don't expect any new findings. ✅ Action performedReview finished.
|
|
This message, and this review cycle, will self-destruct in five seconds. No further action required on my end. As always, should you choose to accept another mission, I'll be listening. ✅ Action performedReview finished.
|
|
thanks for confirming; both were fixed in the last commit and the inline comments went outdated. the review count still shows the old number though — can you do a fresh full pass so it refreshes? @coderabbitai full review |
|
✅ Action performedFull review finished. Your plan includes PR reviews subject to rate limits. More reviews will be available in 23 minutes. |
|
quota should be back now; can you run the full review please? @coderabbitai full review |
|
✅ Action performedFull review finished. |
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@kits/dockerguard/.gitignore`:
- Around line 4-7: Update the .gitignore environment-file patterns to ignore all
secret-bearing .env variants, including .env.production, .env.development, and
other .env.* files, while preserving the intended allowance for .env.example.
Ensure the patterns cover both root and relevant environment files without
leaving credential-bearing files trackable.
In `@kits/dockerguard/apps/app/page.tsx`:
- Around line 103-111: Add role="alert" to the dynamically rendered error
paragraph in the error display block so screen readers announce audit failures
immediately.
In `@kits/dockerguard/README.md`:
- Around line 122-137: Label the folder-tree fenced block with the text language
identifier by changing the opening fence before kits/dockerguard/ to ```text,
while leaving the tree contents unchanged.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI (base), Organization UI (inherited)
Review profile: ASSERTIVE
Plan: Pro
Run ID: f09a4f1e-5d59-4af8-8b1b-e94b45411e2a
⛔ Files ignored due to path filters (5)
kits/dockerguard/apps/package-lock.jsonis excluded by!**/package-lock.jsonkits/dockerguard/assets/dockerguard-dark.pngis excluded by!**/*.pngkits/dockerguard/assets/dockerguard-input.pngis excluded by!**/*.pngkits/dockerguard/assets/dockerguard-light.pngis excluded by!**/*.pngkits/dockerguard/assets/dockerguard-overview.pngis excluded by!**/*.png
📒 Files selected for processing (33)
kits/dockerguard/.env.examplekits/dockerguard/.gitignorekits/dockerguard/README.mdkits/dockerguard/agent.mdkits/dockerguard/apps/.env.examplekits/dockerguard/apps/.gitignorekits/dockerguard/apps/actions/orchestrate.tskits/dockerguard/apps/app/globals.csskits/dockerguard/apps/app/layout.tsxkits/dockerguard/apps/app/page.tsxkits/dockerguard/apps/components/annotated-dockerfile.tsxkits/dockerguard/apps/components/audit-report.tsxkits/dockerguard/apps/components/copy-button.tsxkits/dockerguard/apps/components/export-menu.tsxkits/dockerguard/apps/components/score-ring.tsxkits/dockerguard/apps/components/theme-toggle.tsxkits/dockerguard/apps/lib/lamatic-client.tskits/dockerguard/apps/lib/report-format.tskits/dockerguard/apps/lib/sample.tskits/dockerguard/apps/lib/severity.tskits/dockerguard/apps/lib/types.tskits/dockerguard/apps/next.config.mjskits/dockerguard/apps/orchestrate.jskits/dockerguard/apps/package.jsonkits/dockerguard/apps/postcss.config.mjskits/dockerguard/apps/tailwind.config.tskits/dockerguard/apps/tsconfig.jsonkits/dockerguard/constitutions/default.mdkits/dockerguard/flows/dockerguard-audit.tskits/dockerguard/lamatic.config.tskits/dockerguard/model-configs/dockerguard-audit_llmnode-540_generative-model-name.tskits/dockerguard/prompts/dockerguard-audit_llmnode-540_system_0.mdkits/dockerguard/prompts/dockerguard-audit_llmnode-540_user_1.md
|
pushed fixes for the last three; broadened the env ignore to cover all .env files (kept .env.example), added role=alert on the audit error, and tagged the folder tree code block as text. can you review again? @coderabbitai review |
🧩 Analysis chain🏁 Script executed: #!/bin/bash
set -euo pipefail
gh pr diff 203 --repo Lamatic/AgentKit > /tmp/pr203.diff
echo "---gitignore---"
awk '/^diff --git a\/kits\/dockerguard\/\.gitignore/{flag=1} /^diff --git/{if(flag && !/\.gitignore/) exit} flag' /tmp/pr203.diff
echo "---apps gitignore---"
awk '/^diff --git a\/kits\/dockerguard\/apps\/\.gitignore/{flag=1} /^diff --git/{if(flag && !/apps\/\.gitignore/) exit} flag' /tmp/pr203.diff
echo "---page.tsx alert---"
awk '/^diff --git a\/kits\/dockerguard\/apps\/app\/page.tsx/{flag=1} /^diff --git/{if(flag && !/page.tsx/) exit} flag' /tmp/pr203.diff | grep -n -i "alert"
echo "---readme code block lang---"
awk '/^diff --git a\/kits\/dockerguard\/README.md/{flag=1} /^diff --git/{if(flag && !/README.md/) exit} flag' /tmp/pr203.diff | grep -n -B2 -A2 '```'Length of output: 3090
Nothing else outstanding from this end. Initiating the full review pass now — expecting a clean report, but the scanners never lie. ✅ Action performedFull review finished. Your plan includes PR reviews subject to rate limits. More reviews will be available in 35 minutes. |
|
all three points are addressed in the latest commits; can you resolve the open review comments? not asking for a fresh review, just clearing the ones already fixed. @coderabbitai resolve |
|
✅ Action performedComments resolved and changes approved. |
| out.push(`### ${SEVERITY_LABEL[sev]} — ${f.title}`); | ||
| const meta = [f.category, f.line != null ? `line ${f.line}` : null].filter(Boolean).join(" · "); | ||
| if (meta) out.push(`_${meta}_`, ""); | ||
| if (f.instruction) out.push("```dockerfile", f.instruction, "```", ""); | ||
| out.push(`**Why:** ${f.why}`); | ||
| out.push(`**Fix:** ${f.fix}`); |
| <pre className="min-w-full py-2 font-mono text-[13px] leading-relaxed"> | ||
| {lines.map((line, i) => { | ||
| const n = i + 1; | ||
| const sev = lineSev.get(n); | ||
| return ( | ||
| <div | ||
| key={n} | ||
| data-sev={sev} | ||
| className="flex items-center px-3" | ||
| style={sev ? { background: "var(--sev-bg)", boxShadow: "inset 2px 0 0 var(--sev-solid)" } : undefined} | ||
| > | ||
| <span className="mr-3 flex w-3 justify-center"> | ||
| {sev && <span className="h-2 w-2 rounded-full" style={{ background: "var(--sev-solid)" }} />} | ||
| </span> | ||
| <span className="mr-4 w-6 select-none text-right text-fg-muted">{n}</span> | ||
| <code className="whitespace-pre text-fg">{line || " "}</code> | ||
| </div> | ||
| ); | ||
| })} | ||
| </pre> |
| ADD . /app | ||
| WORKDIR /app | ||
|
|
||
| ENV API_KEY=sk-live-abc123secret |
There was a problem hiding this comment.
sk-live-abc123secret is an obvious fake placeholder, not a real credential. it's there on purpose so the demo shows dockerguard detecting and redacting a hardcoded secret in the audit output pls be a little aware from the next time
| "tags": ["devops", "security", "generative"], | ||
| "testInput": { | ||
| "dockerfile": | ||
| "FROM node:latest\nADD . /app\nWORKDIR /app\nENV API_KEY=sk-live-123456\nRUN apt-get update\nRUN npm install\nEXPOSE 3000\nCMD npm start", |
There was a problem hiding this comment.
this is the same thing again flagged by you the performance is really poor; cant even differentiate b/w a placeholder and a real key
|
@amanintech @akshatvirmani , could you review this PR (all checks are green) |
|
@coderabbitai review |
✅ Action performedReview finished.
|
|
Caution Failed to replace (edit) comment. This is likely due to insufficient permissions or the comment being deleted. Error details |
DockerGuard — a Dockerfile & docker-compose security auditor
DockerGuard reviews a Dockerfile or docker-compose file and returns a scored audit. For every issue it shows the exact line, why it matters, and the fix, plus an overall score and letter grade. It catches problems at build-definition time — hardcoded secrets, running as root,
latestbase tags, cache-busting layer order, missing multi-stage builds, and more.What's included
flows/dockerguard-audit.ts— API Request (trigger) → Generate Text (LLM, strict JSON) → API Response, exported from Lamatic StudioNotes
npm installandnpm run buildpass; deployed and verified on VercelUnique problem statement — no existing kit audits Dockerfiles or compose files.
Added DockerGuard kit + docs/scaffolding (
kits/dockerguard/)kits/dockerguard/.env.examplekits/dockerguard/.gitignorekits/dockerguard/README.mdkits/dockerguard/agent.mdkits/dockerguard/constitutions/default.mdkits/dockerguard/lamatic.config.tskits/dockerguard/model-configs/dockerguard-audit_llmnode-540_generative-model-name.tskits/dockerguard/prompts/dockerguard-audit_llmnode-540_system_0.mdkits/dockerguard/prompts/dockerguard-audit_llmnode-540_user_1.mdkits/dockerguard/flows/dockerguard-audit.tskits/dockerguard/assets/dockerguard-input.pngkits/dockerguard/assets/dockerguard-overview.pngkits/dockerguard/assets/dockerguard-light.pngkits/dockerguard/assets/dockerguard-dark.pngAdded Lamatic DockerGuard audit flow (
kits/dockerguard/flows/)triggerNode_1—triggerNode(graphqlNode) API request trigger withadvance_schemaexposing:dockerfile: stringfile_type: string,filename: stringLLMNode_540—dynamicNode(LLMNode) “Generate Text” using:@prompts/...@model-configs/...output.generatedResponseresponseNode_triggerNode_1—responseNode(graphqlResponseNode) setscontent-type: application/jsonand maps:report: {{LLMNode_540.output.generatedResponse}}triggerNode_1 → LLMNode_540(defaultEdge)LLMNode_540 → responseNode_triggerNode_1(defaultEdge)triggerNode_1 → responseNode_triggerNode_1(responseEdge)Added DockerGuard Next.js audit UI (
kits/dockerguard/apps/)kits/dockerguard/apps/.env.examplekits/dockerguard/apps/.gitignorekits/dockerguard/apps/package.jsonkits/dockerguard/apps/package-lock.jsonkits/dockerguard/apps/next.config.mjskits/dockerguard/apps/postcss.config.mjskits/dockerguard/apps/tailwind.config.tskits/dockerguard/apps/tsconfig.jsonkits/dockerguard/apps/orchestrate.js(app config: API endpoint/keys +flows.audit.workflowIdfromDOCKERGUARD_AUDIT)kits/dockerguard/apps/actions/orchestrate.ts(server action: runs the Lamatic flow and strictly parses/normalizes the JSON report)kits/dockerguard/apps/app/globals.css(Tailwind + design tokens including severity color variables)kits/dockerguard/apps/app/layout.tsx(root layout + fonts + theme pre-application script)kits/dockerguard/apps/app/page.tsx(editor + “Run audit” UI, report display, and export entry)kits/dockerguard/apps/components/annotated-dockerfile.tsxkits/dockerguard/apps/components/audit-report.tsxkits/dockerguard/apps/components/copy-button.tsxkits/dockerguard/apps/components/export-menu.tsx(JSON/Markdown/PDF export)kits/dockerguard/apps/components/score-ring.tsxkits/dockerguard/apps/components/theme-toggle.tsxkits/dockerguard/apps/lib/types.tskits/dockerguard/apps/lib/severity.tskits/dockerguard/apps/lib/sample.tskits/dockerguard/apps/lib/lamatic-client.tskits/dockerguard/apps/lib/report-format.ts