feat: Add trustguard-ai kit#235
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI (base), Organization UI (inherited) Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
WalkthroughThe change adds a TrustGuard AI kit with a four-stage Lamatic investigation flow, typed and validated server execution, environment and application configuration, and a Next.js interface for submitting investigations and displaying evidence, threat analysis, and decisions. ChangesTrustGuard AI Kit
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
:robot_face: AgentKit Structural ValidationNew Contributions Detected
Check Results
|
|
Failure recorded at 2026-07-13T12:26:20Z UTC. If this PR is not fixed within 4 weeks it will be automatically closed. |
There was a problem hiding this comment.
Actionable comments posted: 27
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
kits/trustguard-ai/apps/README.md (1)
1-37: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winConsider adding TrustGuard AI-specific setup instructions.
This is stock
create-next-appboilerplate with no mention of TrustGuard AI, the investigation pipeline, required environment variables (e.g., Lamatic API credentials), or how the app connects to the flow. A developer cloning the repo would need to discover all of this independently.Adding a short "TrustGuard AI Setup" section covering env vars, the Lamatic flow dependency, and how to run the investigation dashboard would meaningfully improve onboarding.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@kits/trustguard-ai/apps/README.md` around lines 1 - 37, Add a TrustGuard AI Setup section to the README alongside the existing Getting Started content, documenting required environment variables such as Lamatic API credentials, the dependent Lamatic investigation flow, and the commands or steps needed to run and access the investigation dashboard. Replace or supplement the generic boilerplate with project-specific onboarding while retaining useful Next.js startup details.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/lamatic-update.yml:
- Around line 10-26: Add workflow-level permissions and concurrency controls to
the workflow containing the detect-flow-changes job: restrict GITHUB_TOKEN to
contents: read, and define a concurrency group based on the relevant
workflow/ref context with an appropriate overlap policy so rapid pushes cannot
run sync jobs concurrently. Leave the existing checkout and Lamatic sync
configuration unchanged.
In `@kits/trustguard-ai/apps/.gitignore`:
- Around line 33-34: Update the env ignore rules in the gitignore so the broad
.env* pattern still ignores environment files while explicitly allowing
.env.example to be committed.
In `@kits/trustguard-ai/apps/actions/runInvestigation.ts`:
- Around line 34-35: Replace the unchecked InvestigationResponse cast in the
successful response branch of runInvestigation with runtime validation of
response.result, ensuring required fields and collection values have the
expected shapes before returning data. Reject or handle invalid results through
the existing failure path so downstream consumers such as EvidenceCard only
receive validated InvestigationResponse data.
- Around line 42-46: Sanitize errors in the catch block of runInvestigation
before returning the client-facing error field. Replace raw messages from
getLamaticClient or executeFlow with a generic user-safe message, while
retaining detailed error information only through the established server-side
logging mechanism if available.
In `@kits/trustguard-ai/apps/app/error.tsx`:
- Around line 23-25: Replace the inline warning SVG with the lucide-react
TriangleAlert icon in kits/trustguard-ai/apps/app/error.tsx lines 23-25 and
kits/trustguard-ai/apps/components/ThreatCard.tsx lines 32-34, adding the
required import in each file and preserving the existing icon sizing and
styling.
In `@kits/trustguard-ai/apps/app/globals.css`:
- Line 57: Remove the stale `#__next` selector from the global CSS selector list,
while preserving the main, header, footer, and section selectors and their
existing styles.
- Line 1: The font configuration is split between the Google Fonts CDN and
next/font. In kits/trustguard-ai/apps/app/globals.css lines 1-1 and 36, remove
the CDN `@import` and change the body font-family to var(--font-inter);
kits/trustguard-ai/apps/app/layout.tsx lines 6-10 requires no direct change
because its next/font configuration will then be used.
In `@kits/trustguard-ai/apps/app/page.tsx`:
- Line 83: Update the gradient utility class on the highlighted span in the page
component from bg-gradient-to-r to Tailwind v4’s bg-linear-to-r so the text
retains its intended cyan-blue gradient.
In `@kits/trustguard-ai/apps/components/DecisionCard.tsx`:
- Around line 26-28: Replace the inline SVG checkmark and person icons in
DecisionCard.tsx, including the additional icon near lines 73-75, with the
lucide-react CheckCircle2 and User components. In EvidenceCard.tsx, replace
every emoji in SECTION_CONFIG with the specified lucide-react icon components
and update the icon field type and rendering to accept React components; apply
the changes at DecisionCard.tsx lines 26-28 and EvidenceCard.tsx lines 13-22.
In `@kits/trustguard-ai/apps/components/EvidenceCard.tsx`:
- Line 31: Update the evidence checks in EvidenceCard, including the hasAny
calculation and the corresponding logic around line 56, to safely handle missing
or null section fields before reading their length. Preserve the existing
behavior for present arrays while treating undefined or null values as empty
arrays.
In `@kits/trustguard-ai/apps/components/Header.tsx`:
- Line 34: Update the center title container’s className in the Header
component, replacing the incomplete “hidden sm” combination with the valid
responsive utility “hidden sm:flex” while preserving the remaining positioning
and flex classes.
- Around line 76-89: Update the Lamatic logo error handling in the Header image
and fallback span so an image load failure both hides the broken Image and
reveals the fallback text by removing its hidden state. Keep the normal
successful-image rendering unchanged.
In `@kits/trustguard-ai/apps/components/InputForm.tsx`:
- Line 150: Update the button’s className in InputForm to replace the deprecated
bg-gradient-to-r utility with Tailwind v4’s bg-linear-to-r utility, preserving
all other styling classes unchanged.
In `@kits/trustguard-ai/apps/components/LoadingSpinner.tsx`:
- Around line 14-21: Update the SVG element in LoadingSpinner to include
role="status" and aria-live="polite" alongside the existing aria-label, ensuring
screen readers announce the loading state when the spinner appears.
In `@kits/trustguard-ai/apps/components/ResultCards.tsx`:
- Around line 118-120: Replace the inline search and list SVGs in ResultCards
with the corresponding Search and List icons from lucide-react, preserving their
existing sizing and visual placement. Add lucide-react to the app’s package.json
dependencies and import the icons from it.
- Around line 14-29: Remove the entrance animation props from InfoCard,
including its initial, animate, and transition settings, so CardWrapper is the
sole owner of the card entrance animation. Preserve InfoCard’s layout, styling,
and content behavior, and keep CardWrapper’s animation unchanged for all card
types.
In `@kits/trustguard-ai/apps/components/RiskMeter.tsx`:
- Around line 36-86: Add an accessible label to the root container returned by
RiskMeter so screen readers receive the risk score and its associated label,
including the clamped percentage value. Use an appropriate ARIA labeling
attribute or role on that container without changing the existing visual
rendering.
In `@kits/trustguard-ai/apps/components/ThreatCard.tsx`:
- Around line 16-20: Remove the unused riskScore and confidenceScore
declarations from ThreatCard, and update normalise to clamp the result in both
the decimal-conversion branch and the existing percentage branch, ensuring
negative or out-of-range values cannot produce unbounded percentages.
In `@kits/trustguard-ai/apps/lib/lamatic.ts`:
- Around line 1-5: Add a side-effect import of the "server-only" module at the
top of the Lamatic singleton factory, alongside the existing Lamatic import, so
client-side imports fail at build time while preserving the current server-only
implementation.
In `@kits/trustguard-ai/apps/lib/utils.ts`:
- Around line 81-90: Update getIndicatorLevelColor to include a default fallback
return for unexpected level values, matching the established fallback behavior
of getSeverityColor and getDecisionColor so the badge always receives styling
classes.
In `@kits/trustguard-ai/apps/next.config.ts`:
- Around line 5-6: Resolve the mismatch between the comment and the
`remotePatterns` configuration: if external HTTPS attachment previews are
intended, add the corresponding unrestricted HTTPS remote pattern; otherwise
update the comment to state that no external image sources are currently
allowed. Keep the chosen behavior and comment consistent.
In `@kits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-352_user_1.md`:
- Around line 7-14: In the Decision Engine prompt, remove the Evidence node
entity-output instructions, including the requirement for non-empty entities and
the listed security-relevant examples; keep those instructions only in the
Evidence Extractor prompt. Also replace every needs_human_review reference in
the example or guidance with the schema’s human_review field name, preserving
the existing enum values.
In `@kits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-381_user_1.md`:
- Line 10: Update the investigation creation flow to generate the INV identifier
programmatically rather than asking the LLM for random characters. Keep the
required INV- prefix and eight uppercase alphanumeric characters, and have the
prompt request only the title and category while preserving their existing
constraints.
In `@kits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-847_system_0.md`:
- Around line 24-29: Update the output field list in the system prompt to use
the schema names severity and matched_patterns instead of risk_level and
threat_patterns, and add the indicators object with high, medium, and low
arrays. Keep the existing risk_score, confidence, missing_information, and
reasoning_summary fields unchanged.
In `@kits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-849_user_1.md`:
- Line 1: Reformat the prompt in the trustguard extraction template into a
structured multi-line layout, placing each extraction instruction—URLs, domains,
email addresses, phone numbers, currency amounts, brand names, urgency phrases,
attachments, languages, and named entities—on its own line while preserving the
normalized object reference and JSON-only schema requirement.
In `@kits/trustguard-ai/README.md`:
- Around line 139-145: Update the README folder-structure listing for lib/ to
include the types.ts and utils.ts files alongside lamatic.ts, with concise
descriptions matching their roles in the project.
In `@lamatic/flows/RichNail-7165.ts`:
- Around line 463-475: Remove the unnecessary async declarations from
getNodesAndEdges and getFlowConfig, returning their existing flowConfig values
synchronously. Verify and update any callers that await these functions so they
use the synchronous return contract, unless the surrounding API explicitly
requires Promises.
---
Outside diff comments:
In `@kits/trustguard-ai/apps/README.md`:
- Around line 1-37: Add a TrustGuard AI Setup section to the README alongside
the existing Getting Started content, documenting required environment variables
such as Lamatic API credentials, the dependent Lamatic investigation flow, and
the commands or steps needed to run and access the investigation dashboard.
Replace or supplement the generic boilerplate with project-specific onboarding
while retaining useful Next.js startup details.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI (base), Organization UI (inherited)
Review profile: ASSERTIVE
Plan: Pro
Run ID: 706b4bc9-a94e-4c72-bc44-0162af66237f
⛔ Files ignored due to path filters (9)
kits/trustguard-ai/apps/app/favicon.icois excluded by!**/*.icokits/trustguard-ai/apps/package-lock.jsonis excluded by!**/package-lock.jsonkits/trustguard-ai/apps/public/file.svgis excluded by!**/*.svgkits/trustguard-ai/apps/public/globe.svgis excluded by!**/*.svgkits/trustguard-ai/apps/public/lamatic-logo.pngis excluded by!**/*.pngkits/trustguard-ai/apps/public/next.svgis excluded by!**/*.svgkits/trustguard-ai/apps/public/trustguard-logo.pngis excluded by!**/*.pngkits/trustguard-ai/apps/public/vercel.svgis excluded by!**/*.svgkits/trustguard-ai/apps/public/window.svgis excluded by!**/*.svg
📒 Files selected for processing (50)
.github/workflows/lamatic-update.ymlkits/trustguard-ai/.gitignorekits/trustguard-ai/README.mdkits/trustguard-ai/agent.mdkits/trustguard-ai/apps/.gitignorekits/trustguard-ai/apps/AGENTS.mdkits/trustguard-ai/apps/CLAUDE.mdkits/trustguard-ai/apps/README.mdkits/trustguard-ai/apps/actions/runInvestigation.tskits/trustguard-ai/apps/app/error.tsxkits/trustguard-ai/apps/app/globals.csskits/trustguard-ai/apps/app/layout.tsxkits/trustguard-ai/apps/app/loading.tsxkits/trustguard-ai/apps/app/page.tsxkits/trustguard-ai/apps/components/Badge.tsxkits/trustguard-ai/apps/components/DecisionCard.tsxkits/trustguard-ai/apps/components/EvidenceCard.tsxkits/trustguard-ai/apps/components/Footer.tsxkits/trustguard-ai/apps/components/Header.tsxkits/trustguard-ai/apps/components/InputForm.tsxkits/trustguard-ai/apps/components/LoadingSpinner.tsxkits/trustguard-ai/apps/components/ResultCards.tsxkits/trustguard-ai/apps/components/RiskMeter.tsxkits/trustguard-ai/apps/components/ThreatCard.tsxkits/trustguard-ai/apps/eslint.config.mjskits/trustguard-ai/apps/lib/lamatic.tskits/trustguard-ai/apps/lib/types.tskits/trustguard-ai/apps/lib/utils.tskits/trustguard-ai/apps/next.config.tskits/trustguard-ai/apps/package.jsonkits/trustguard-ai/apps/postcss.config.mjskits/trustguard-ai/apps/tsconfig.jsonkits/trustguard-ai/apps/types/response.tskits/trustguard-ai/constitutions/default.mdkits/trustguard-ai/flows/trustguard-ai.tskits/trustguard-ai/lamatic.config.tskits/trustguard-ai/model-configs/trustguard-ai_instructor-llmnode-352_generative-model-name.tskits/trustguard-ai/model-configs/trustguard-ai_instructor-llmnode-381_generative-model-name.tskits/trustguard-ai/model-configs/trustguard-ai_instructor-llmnode-847_generative-model-name.tskits/trustguard-ai/model-configs/trustguard-ai_instructor-llmnode-849_generative-model-name.tskits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-352_system_0.mdkits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-352_user_1.mdkits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-381_system_0.mdkits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-381_user_1.mdkits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-847_system_0.mdkits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-847_user_1.mdkits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-849_system_0.mdkits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-849_user_1.mdlamatic/flows/RichNail-7165.tslamatic/project.json
| jobs: | ||
| detect-flow-changes: | ||
| environment: main | ||
| runs-on: ubuntu-latest | ||
| if: "!contains(github.event.head_commit.message, '[LAMATIC-COMMIT]')" | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Sync Flows to lamatic | ||
| uses: Lamatic/sync-flows-to-lamatic@v1 | ||
| with: | ||
| lamatic-endpoint: ${{ secrets.LAMATIC_PROJECT_ENDPOINT }} | ||
| api-key: ${{ secrets.LAMATIC_PROJECT_API_KEY }} | ||
| project-id: ${{ secrets.LAMATIC_PROJECT_ID }} | ||
| auto-deploy: ${{ secrets.LAMATIC_AUTO_DEPLOY_PROJECT }} | ||
|
|
There was a problem hiding this comment.
🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win
Add explicit permissions and concurrency controls to the workflow.
The workflow lacks a permissions block, so it inherits the default token scope (often contents: write or broader). Since this job only checks out the repo and calls an external action, it should be locked down to contents: read. Additionally, without a concurrency group, rapid successive pushes can trigger overlapping sync jobs that race against each other.
🔒️ Proposed hardening
jobs:
detect-flow-changes:
environment: main
runs-on: ubuntu-latest
+ timeout-minutes: 10
if: "!contains(github.event.head_commit.message, '[LAMATIC-COMMIT]')"
+ permissions:
+ contents: read
+ concurrency:
+ group: lamatic-sync-${{ github.ref }}
+ cancel-in-progress: true
steps:📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| jobs: | |
| detect-flow-changes: | |
| environment: main | |
| runs-on: ubuntu-latest | |
| if: "!contains(github.event.head_commit.message, '[LAMATIC-COMMIT]')" | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Sync Flows to lamatic | |
| uses: Lamatic/sync-flows-to-lamatic@v1 | |
| with: | |
| lamatic-endpoint: ${{ secrets.LAMATIC_PROJECT_ENDPOINT }} | |
| api-key: ${{ secrets.LAMATIC_PROJECT_API_KEY }} | |
| project-id: ${{ secrets.LAMATIC_PROJECT_ID }} | |
| auto-deploy: ${{ secrets.LAMATIC_AUTO_DEPLOY_PROJECT }} | |
| jobs: | |
| detect-flow-changes: | |
| environment: main | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| if: "!contains(github.event.head_commit.message, '[LAMATIC-COMMIT]')" | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: lamatic-sync-${{ github.ref }} | |
| cancel-in-progress: true | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Sync Flows to lamatic | |
| uses: Lamatic/sync-flows-to-lamatic@v1 | |
| with: | |
| lamatic-endpoint: ${{ secrets.LAMATIC_PROJECT_ENDPOINT }} | |
| api-key: ${{ secrets.LAMATIC_PROJECT_API_KEY }} | |
| project-id: ${{ secrets.LAMATIC_PROJECT_ID }} | |
| auto-deploy: ${{ secrets.LAMATIC_AUTO_DEPLOY_PROJECT }} |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/lamatic-update.yml around lines 10 - 26, Add
workflow-level permissions and concurrency controls to the workflow containing
the detect-flow-changes job: restrict GITHUB_TOKEN to contents: read, and define
a concurrency group based on the relevant workflow/ref context with an
appropriate overlap policy so rapid pushes cannot run sync jobs concurrently.
Leave the existing checkout and Lamatic sync configuration unchanged.
| <svg className="h-7 w-7" fill="none" stroke="currentColor" viewBox="0 0 24 24"> | ||
| <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" /> | ||
| </svg> |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win
Inline SVGs should be replaced with lucide-react icons. Per coding guidelines for kit Next.js apps, lucide-react should be used for icons. Both files hand-roll inline <svg> elements instead.
kits/trustguard-ai/apps/app/error.tsx#L23-L25: Replace the warning triangle SVG withTriangleAlertfromlucide-react.kits/trustguard-ai/apps/components/ThreatCard.tsx#L32-L34: Replace the warning triangle SVG withTriangleAlertfromlucide-react.
📍 Affects 2 files
kits/trustguard-ai/apps/app/error.tsx#L23-L25(this comment)kits/trustguard-ai/apps/components/ThreatCard.tsx#L32-L34
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@kits/trustguard-ai/apps/app/error.tsx` around lines 23 - 25, Replace the
inline warning SVG with the lucide-react TriangleAlert icon in
kits/trustguard-ai/apps/app/error.tsx lines 23-25 and
kits/trustguard-ai/apps/components/ThreatCard.tsx lines 32-34, adding the
required import in each file and preserving the existing icon sizing and
styling.
Source: Coding guidelines
| {{triggerNode_1.output.attachment_url}} | ||
| Language: | ||
| {{triggerNode_1.output.language}} | ||
| Create a unique investigation. Generate: id: INV-<8 random uppercase letters or digits> Example: INV-7KX29PQM title: Generate a concise title describing the investigation in fewer than 8 words. Examples: Prize Scam Email Suspicious Banking SMS Fake Job Offer Telegram Crypto Fraud, also generate a category like - Email, SMS, Website, Telegram, WhatsApp, Attachment, Call, QR Code. |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
LLM-generated random IDs are unreliable for uniqueness.
Instructing the LLM to generate INV-<8 random uppercase letters or digits> is problematic — LLMs are deterministic text generators, not RNGs. Collisions are likely across investigations, especially under high volume. If this ID is used for tracking or persistence, generate it programmatically in the flow or application layer instead.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@kits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-381_user_1.md` at
line 10, Update the investigation creation flow to generate the INV identifier
programmatically rather than asking the LLM for random characters. Keep the
required INV- prefix and eight uppercase alphanumeric characters, and have the
prompt request only the title and category while preserving their existing
constraints.
| Generate: | ||
| • risk_score (0-100)• risk_level (derive it from risk_score) | ||
| • confidence (0-100) | ||
| • threat_patterns (example - Lottery Scam, Credential Harvesting, Business Email Compromise, Tech Support Scam, Investment Fraud, Remote Access Scam) | ||
| • missing_information | ||
| • reasoning_summary |
There was a problem hiding this comment.
🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win
Align prompt field names with the flow schema — risk_level→severity, threat_patterns→matched_patterns, add indicators.
The system prompt instructs the LLM to generate risk_level and threat_patterns, but the node 847 schema defines severity and matched_patterns. The indicators object (with high/medium/low arrays) is also absent from the prompt despite being in the schema. This misalignment risks the LLM producing fields that don't map to the schema, resulting in missing or null values in the threat analysis output.
🔧 Proposed fix to align prompt with schema
Generate:
-• risk_score (0-100)• risk_level (derive it from risk_score)
-• confidence (0-100)
-• threat_patterns (example - Lottery Scam, Credential Harvesting, Business Email Compromise, Tech Support Scam, Investment Fraud, Remote Access Scam)
-• missing_information
-• reasoning_summary
+• risk_score (0-100)
+• severity (derive it from risk_score: LOW, MEDIUM, HIGH, CRITICAL)
+• confidence (0-100)
+• indicators (object with "high", "medium", "low" arrays — classify every indicator into the appropriate array)
+• matched_patterns (example - Lottery Scam, Credential Harvesting, Business Email Compromise, Tech Support Scam, Investment Fraud, Remote Access Scam)
+• missing_information
+• reasoning_summary📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| Generate: | |
| • risk_score (0-100)• risk_level (derive it from risk_score) | |
| • confidence (0-100) | |
| • threat_patterns (example - Lottery Scam, Credential Harvesting, Business Email Compromise, Tech Support Scam, Investment Fraud, Remote Access Scam) | |
| • missing_information | |
| • reasoning_summary | |
| Generate: | |
| • risk_score (0-100) | |
| • severity (derive it from risk_score: LOW, MEDIUM, HIGH, CRITICAL) | |
| • confidence (0-100) | |
| • indicators (object with "high", "medium", "low" arrays — classify every indicator into the appropriate array) | |
| • matched_patterns (example - Lottery Scam, Credential Harvesting, Business Email Compromise, Tech Support Scam, Investment Fraud, Remote Access Scam) | |
| • missing_information | |
| • reasoning_summary |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@kits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-847_system_0.md`
around lines 24 - 29, Update the output field list in the system prompt to use
the schema names severity and matched_patterns instead of risk_level and
threat_patterns, and add the indicators object with high, medium, and low
arrays. Keep the existing risk_score, confidence, missing_information, and
reasoning_summary fields unchanged.
| @@ -0,0 +1 @@ | |||
| Extract all observable evidence. Normalized Object: {{InstructorLLMNode_381.output.normalized}} Return ONLY JSON matching the schema. Extract URLs. Extract Domains. Extract Email Addresses. Extract Phone Numbers. Extract Currency Amounts. Extract Brand Names. Extract Urgency Phrases. Extract Attachments. Extract Languages. Extract Named Entities. No newline at end of file | |||
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win
Break the single-line prompt into structured multi-line format.
All extraction instructions are crammed into one line, making it hard to maintain and increasing the risk of the LLM overlooking individual tasks. Consider line breaks per extraction type for clarity and better LLM adherence.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@kits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-849_user_1.md` at
line 1, Reformat the prompt in the trustguard extraction template into a
structured multi-line layout, placing each extraction instruction—URLs, domains,
email addresses, phone numbers, currency amounts, brand names, urgency phrases,
attachments, languages, and named entities—on its own line while preserving the
normalized object reference and JSON-only schema requirement.
| export async function getNodesAndEdges(): Promise<{ | ||
| nodes: Record<string, any>[], | ||
| edges: Record<string, any>[], | ||
| }> { | ||
| return { | ||
| nodes: flowConfig.nodes, | ||
| edges: flowConfig.edges, | ||
| } | ||
| } | ||
|
|
||
| export async function getFlowConfig(): Promise<Record<string, any>> { | ||
| return flowConfig; | ||
| } No newline at end of file |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value
Async functions wrap synchronous static returns.
getNodesAndEdges and getFlowConfig are declared async but perform no asynchronous operations — they return the static flowConfig object directly. This is harmless but adds unnecessary Promise overhead and misleads callers into expecting I/O.
♻️ Proposed refactor: drop unnecessary async
-export async function getNodesAndEdges(): Promise<{
+export function getNodesAndEdges(): {
nodes: Record<string, any>[],
edges: Record<string, any>[],
-}> {
+} {
return {
nodes: flowConfig.nodes,
edges: flowConfig.edges,
}
}
-export async function getFlowConfig(): Promise<Record<string, any>> {
+export function getFlowConfig(): Record<string, any> {
return flowConfig;
}If callers depend on the Promise return, keep async but add a comment explaining the contract.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| export async function getNodesAndEdges(): Promise<{ | |
| nodes: Record<string, any>[], | |
| edges: Record<string, any>[], | |
| }> { | |
| return { | |
| nodes: flowConfig.nodes, | |
| edges: flowConfig.edges, | |
| } | |
| } | |
| export async function getFlowConfig(): Promise<Record<string, any>> { | |
| return flowConfig; | |
| } | |
| export function getNodesAndEdges(): { | |
| nodes: Record<string, any>[], | |
| edges: Record<string, any>[], | |
| } { | |
| return { | |
| nodes: flowConfig.nodes, | |
| edges: flowConfig.edges, | |
| } | |
| } | |
| export function getFlowConfig(): Record<string, any> { | |
| return flowConfig; | |
| } |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@lamatic/flows/RichNail-7165.ts` around lines 463 - 475, Remove the
unnecessary async declarations from getNodesAndEdges and getFlowConfig,
returning their existing flowConfig values synchronously. Verify and update any
callers that await these functions so they use the synchronous return contract,
unless the surrounding API explicitly requires Promises.
|
Hi Lamatic team, |
|
/validate |
|
📡 Running Studio validation — results will appear here shortly. |
Studio Runtime Validation (Phase 2)✅ Studio validation passed. The kit loaded successfully in Lamatic Studio. This PR is ready for final review and merge. |
|
@Tuhin402 please resolve the coderabbit comments above |
|
@coderabbitai review |
✅ Action performedReview finished.
|
the /validate warning from coderabbit says the kit is forced to run on node.js v24 but my kit has v20, so github says it is a deprecated model, now for this on the runtime environment, there is so such issue, it can run seamlessly, so do I still need to update the node version? |
|
📡 Running Studio validation — results will appear here shortly. |
|
I've addressed the actionable CodeRabbit feedback related to runtime validation, error handling, prompt/schema alignment, and documentation. The remaining Node.js warning comes from GitHub Actions (actions/checkout@v4) and is an upstream deprecation notice rather than an issue in this kit. |
There was a problem hiding this comment.
Actionable comments posted: 3
♻️ Duplicate comments (4)
kits/trustguard-ai/apps/components/ResultCards.tsx (1)
22-29: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winEliminate compounding nested animations on result cards.
Agent, we're seeing double. The
CardWrapperexecutes an entrance animation (sliding up 24px), but the components nestled inside it simultaneously execute identical entrance animations. This causes compounding offsets and a jarring visual artifact. Your mission, should you choose to accept it, is to strip the entrance animation from the inner cards and letCardWrapperoperate solo.
kits/trustguard-ai/apps/components/ResultCards.tsx#L22-L29: KeepCardWrapper's animation intact as the single source of truth.kits/trustguard-ai/apps/components/ResultCards.tsx#L47-L52: Stripinitial,animate, andtransitionprops fromInfoCard(or downgrade it to a standarddiv).kits/trustguard-ai/apps/components/EvidenceCard.tsx#L35-L40: Strip animation props fromEvidenceCard's rootmotion.div.kits/trustguard-ai/apps/components/ThreatCard.tsx#L22-L27: Strip animation props fromThreatCard's rootmotion.div.kits/trustguard-ai/apps/components/DecisionCard.tsx#L18-L23: Strip animation props fromDecisionCard's rootmotion.div.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@kits/trustguard-ai/apps/components/ResultCards.tsx` around lines 22 - 29, Remove entrance animation props from the nested result cards so CardWrapper remains the sole animation source. Keep CardWrapper’s animation unchanged; strip initial, animate, and transition from InfoCard in kits/trustguard-ai/apps/components/ResultCards.tsx lines 47-52, and from the root motion.div elements in EvidenceCard.tsx lines 35-40, ThreatCard.tsx lines 22-27, and DecisionCard.tsx lines 18-23, converting them to standard divs if appropriate.kits/trustguard-ai/apps/components/Header.tsx (2)
35-35: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick winAgent, your stealth camouflage is malfunctioning.
hidden smis an invalid Tailwind combination and leaves this element exposed or improperly hidden.Update it to the correct responsive utility
hidden sm:flexto ensure it only appears when the target viewport size is acquired.🛠️ Proposed fix
- <div className="hidden sm absolute left-1/2 -translate-x-1/2 flex flex-col items-center"> + <div className="hidden sm:flex absolute left-1/2 -translate-x-1/2 flex-col items-center">🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@kits/trustguard-ai/apps/components/Header.tsx` at line 35, Update the responsive class list on the header element to replace the invalid “hidden sm” combination with “hidden sm:flex”, preserving the existing positioning and flex-column utilities so the element remains hidden until the small breakpoint.
66-79: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick winAgent, our fallback operative is MIA. The Lamatic logo error handler hides the broken image, but the fallback text remains in deep cover (
hidden).Deploy a state toggle to reveal the text when the image goes down.
🛠️ Proposed fix
First, ensure you import
useStateat the top of your file:import { useState } from "react";Next, integrate the state toggle into the component:
-export default function Header() { +export default function Header() { + const [logoError, setLogoError] = useState(false); + return ( ... - {/* Try to load user-supplied lamatic-logo.png, fall back to text */} - <Image - src="/lamatic-logo.png" - alt="Lamatic AI" - width={68} - height={20} - className="object-contain h-5 w-auto" - onError={(e) => { - // Hide broken image, show text fallback handled in JSX below - (e.target as HTMLImageElement).style.display = "none"; - }} - /> - <span className="lamatic-text-fallback text-xs font-semibold text-cyan-400 hidden"> - Lamatic - </span> + {logoError ? ( + <span className="lamatic-text-fallback text-xs font-semibold text-cyan-400"> + Lamatic + </span> + ) : ( + <Image + src="/lamatic-logo.png" + alt="Lamatic AI" + width={68} + height={20} + className="object-contain h-5 w-auto" + onError={() => setLogoError(true)} + /> + )}🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@kits/trustguard-ai/apps/components/Header.tsx` around lines 66 - 79, Update the Header component’s logo fallback flow to track image failure with useState, import useState, and set the failure state in the Image onError handler. Use that state to conditionally reveal the lamatic-text-fallback span when the logo cannot load, while keeping it hidden during normal image rendering.kits/trustguard-ai/apps/app/page.tsx (1)
84-84: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick winAgent, your visual disguise uses outdated intel. Tailwind CSS v4 replaced the
bg-gradient-to-*utilities withbg-linear-to-*. The gradients will not render until this deprecated utility is updated.
kits/trustguard-ai/apps/app/page.tsx#L84-L84: Replacebg-gradient-to-rwithbg-linear-to-r.kits/trustguard-ai/apps/components/InputForm.tsx#L145-L145: Replacebg-gradient-to-rwithbg-linear-to-ron the submit button.Your mission is to upgrade these utilities to keep your cover intact.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@kits/trustguard-ai/apps/app/page.tsx` at line 84, Replace the deprecated bg-gradient-to-r utility with bg-linear-to-r in the span class in kits/trustguard-ai/apps/app/page.tsx at lines 84-84 and on the submit button in kits/trustguard-ai/apps/components/InputForm.tsx at lines 145-145; leave the remaining gradient classes unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@kits/trustguard-ai/apps/components/EvidenceCard.tsx`:
- Around line 31-32: Update EvidenceCard’s SECTION_CONFIG checks, including the
access around hasAny and the later access near line 55, to use optional chaining
when reading evidence[s.key].length. Preserve the existing behavior while
treating missing or null evidence arrays as empty rather than throwing.
In `@kits/trustguard-ai/apps/components/LoadingSpinner.tsx`:
- Around line 16-21: Update the Loader2 element in LoadingSpinner to include
role="status" and aria-live="polite", preserving its existing sizing, animation,
and aria-label attributes.
In `@kits/trustguard-ai/apps/components/ThreatCard.tsx`:
- Around line 18-19: Update the normalise function so both decimal conversion
and whole-number handling pass through clamp, ensuring negative or otherwise
out-of-range inputs produce bounded threat scores while preserving rounding.
---
Duplicate comments:
In `@kits/trustguard-ai/apps/app/page.tsx`:
- Line 84: Replace the deprecated bg-gradient-to-r utility with bg-linear-to-r
in the span class in kits/trustguard-ai/apps/app/page.tsx at lines 84-84 and on
the submit button in kits/trustguard-ai/apps/components/InputForm.tsx at lines
145-145; leave the remaining gradient classes unchanged.
In `@kits/trustguard-ai/apps/components/Header.tsx`:
- Line 35: Update the responsive class list on the header element to replace the
invalid “hidden sm” combination with “hidden sm:flex”, preserving the existing
positioning and flex-column utilities so the element remains hidden until the
small breakpoint.
- Around line 66-79: Update the Header component’s logo fallback flow to track
image failure with useState, import useState, and set the failure state in the
Image onError handler. Use that state to conditionally reveal the
lamatic-text-fallback span when the logo cannot load, while keeping it hidden
during normal image rendering.
In `@kits/trustguard-ai/apps/components/ResultCards.tsx`:
- Around line 22-29: Remove entrance animation props from the nested result
cards so CardWrapper remains the sole animation source. Keep CardWrapper’s
animation unchanged; strip initial, animate, and transition from InfoCard in
kits/trustguard-ai/apps/components/ResultCards.tsx lines 47-52, and from the
root motion.div elements in EvidenceCard.tsx lines 35-40, ThreatCard.tsx lines
22-27, and DecisionCard.tsx lines 18-23, converting them to standard divs if
appropriate.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI (base), Organization UI (inherited)
Review profile: ASSERTIVE
Plan: Pro
Run ID: 6204b45c-061c-41bc-87d2-8f26bf11c37b
⛔ Files ignored due to path filters (1)
kits/trustguard-ai/apps/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (16)
kits/trustguard-ai/README.mdkits/trustguard-ai/apps/.gitignorekits/trustguard-ai/apps/README.mdkits/trustguard-ai/apps/actions/runInvestigation.tskits/trustguard-ai/apps/app/page.tsxkits/trustguard-ai/apps/components/DecisionCard.tsxkits/trustguard-ai/apps/components/EvidenceCard.tsxkits/trustguard-ai/apps/components/Header.tsxkits/trustguard-ai/apps/components/InputForm.tsxkits/trustguard-ai/apps/components/LoadingSpinner.tsxkits/trustguard-ai/apps/components/ResultCards.tsxkits/trustguard-ai/apps/components/ThreatCard.tsxkits/trustguard-ai/apps/lib/schemas.tskits/trustguard-ai/apps/lib/types.tskits/trustguard-ai/apps/package.jsonkits/trustguard-ai/apps/types/response.ts
| <Loader2 | ||
| width={size} | ||
| height={size} | ||
| className={`animate-spin ${className}`} | ||
| aria-label="Loading" | ||
| /> |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Agent, your spinner needs a stealth comms upgrade. Add role="status" and aria-live="polite" so screen readers receive the intel when it drops in.
Your mission, should you choose to accept it, is to patch this accessibility gap. This message will self-destruct.
🛠️ Proposed fix
<Loader2
width={size}
height={size}
className={`animate-spin ${className}`}
+ role="status"
aria-label="Loading"
+ aria-live="polite"
/>🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@kits/trustguard-ai/apps/components/LoadingSpinner.tsx` around lines 16 - 21,
Update the Loader2 element in LoadingSpinner to include role="status" and
aria-live="polite", preserving its existing sizing, animation, and aria-label
attributes.
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@kits/trustguard-ai/apps/lib/schemas.ts`:
- Around line 42-47: Update ThreatIndicatorsSchema so the high, medium, and low
array schemas each apply .readonly() after their default([]) configuration,
matching the readonly string[] contract in ThreatIndicators while preserving the
existing defaults.
In `@kits/trustguard-ai/apps/types/response.ts`:
- Around line 27-31: Replace the handwritten interfaces in response.ts with
types inferred via z.infer from their corresponding schemas in schemas.ts,
preserving the existing exported type names and structure. Update each
referenced Zod schema to use .readonly() so the inferred types retain readonly
properties and remain synchronized with runtime validation.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI (base), Organization UI (inherited)
Review profile: ASSERTIVE
Plan: Pro
Run ID: a196bbce-36d4-414f-a3cb-b6050236c372
📒 Files selected for processing (2)
kits/trustguard-ai/apps/lib/schemas.tskits/trustguard-ai/apps/types/response.ts
|
@coderabbitai resume |
✅ Action performedReviews resumed. |
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
kits/trustguard-ai/apps/lib/utils.ts (1)
5-17: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick winSecure the fail-open logic on invalid risk scores.
Good morning, Agent. We've identified a vulnerability in our visual intel. If a compromised or missing risk score (
NaN) infiltrates this function, the cascading fall-through will incorrectly assign a "safe" green status. We cannot afford to give the agency a false sense of security.Your mission, should you choose to accept it, is to explicitly check for the safe threshold and fall back to a neutral color for unrecognized or corrupted data. This ensures the Threat Engine fails closed.
🕶️ Proposed operational fix
export function getRiskColor(score: number): string { if (score >= 80) return "text-red-400"; if (score >= 60) return "text-orange-400"; - if (score >= 40) return "text-yellow-400"; - return "text-green-400"; + if (score < 40) return "text-green-400"; + return "text-slate-400"; }This message will self-destruct upon merging.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@kits/trustguard-ai/apps/lib/utils.ts` around lines 5 - 17, Update getRiskColor to detect invalid scores such as NaN and return a neutral color instead of falling through to the safe green classification. Preserve the existing red, orange, and yellow thresholds, and only return green for valid scores below 40.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@kits/trustguard-ai/apps/actions/runInvestigation.ts`:
- Around line 12-22: Replace the broad RunInvestigationResult interface with a
strict discriminated union keyed by success: successful results must have
success true and required data with no error, while failed results must have
success false and required error with no data. Update only the result type
definition and preserve the existing ValidatedInvestigationResponse and
user-safe error types.
---
Outside diff comments:
In `@kits/trustguard-ai/apps/lib/utils.ts`:
- Around line 5-17: Update getRiskColor to detect invalid scores such as NaN and
return a neutral color instead of falling through to the safe green
classification. Preserve the existing red, orange, and yellow thresholds, and
only return green for valid scores below 40.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI (base), Organization UI (inherited)
Review profile: ASSERTIVE
Plan: Pro
Run ID: 65e900b8-4aca-4300-ae0c-aca56a64e905
📒 Files selected for processing (7)
kits/trustguard-ai/apps/actions/runInvestigation.tskits/trustguard-ai/apps/components/EvidenceCard.tsxkits/trustguard-ai/apps/components/LoadingSpinner.tsxkits/trustguard-ai/apps/components/ThreatCard.tsxkits/trustguard-ai/apps/lib/schemas.tskits/trustguard-ai/apps/lib/utils.tskits/trustguard-ai/apps/types/response.ts
Summary
This PR adds TrustGuard AI, a production-ready Lamatic AgentKit for detecting phishing, scams, fraudulent emails, SMS messages, URLs, and suspicious text using a multi-stage AI investigation pipeline.
The kit combines Lamatic Flows with a modern Next.js application to provide an end-to-end trust investigation experience.
What this Kit Includes
AI Investigation Pipeline
Web Application
Supported Inputs
Investigation Output
The pipeline returns structured investigation results including:
Tech Stack
Included Files
Local Verification
The application runs successfully in local development.
Checklist
Added TrustGuard AI kit:
kits/trustguard-ai/.gitignorekits/trustguard-ai/README.mdkits/trustguard-ai/agent.mdkits/trustguard-ai/constitutions/default.mdkits/trustguard-ai/lamatic.config.tskits/trustguard-ai/flows/trustguard-ai.ts(Lamatic flow definition)Added Lamatic flow assets (prompts + model configs for the 4 chained instructor stages):
kits/trustguard-ai/model-configs/trustguard-ai_instructor-llmnode-352_generative-model-name.tskits/trustguard-ai/model-configs/trustguard-ai_instructor-llmnode-381_generative-model-name.tskits/trustguard-ai/model-configs/trustguard-ai_instructor-llmnode-847_generative-model-name.tskits/trustguard-ai/model-configs/trustguard-ai_instructor-llmnode-849_generative-model-name.tskits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-381_system_0.mdkits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-381_user_1.mdkits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-849_system_0.mdkits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-849_user_1.mdkits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-847_system_0.mdkits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-847_user_1.mdkits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-352_system_0.mdkits/trustguard-ai/prompts/trustguard-ai_instructor-llmnode-352_user_1.mdAdded TrustGuard AI Next.js dashboard (App Router) + server integration:
kits/trustguard-ai/apps/.env.examplekits/trustguard-ai/apps/.gitignorekits/trustguard-ai/apps/README.mdkits/trustguard-ai/apps/package.jsonkits/trustguard-ai/apps/package-lock.jsonkits/trustguard-ai/apps/tsconfig.jsonkits/trustguard-ai/apps/next.config.tskits/trustguard-ai/apps/eslint.config.mjskits/trustguard-ai/apps/postcss.config.mjskits/trustguard-ai/apps/actions/runInvestigation.tskits/trustguard-ai/apps/lib/lamatic.tskits/trustguard-ai/apps/lib/schemas.tskits/trustguard-ai/apps/lib/types.tskits/trustguard-ai/apps/lib/utils.tskits/trustguard-ai/apps/types/response.tskits/trustguard-ai/apps/app/layout.tsxkits/trustguard-ai/apps/app/loading.tsxkits/trustguard-ai/apps/app/error.tsxkits/trustguard-ai/apps/app/page.tsxkits/trustguard-ai/apps/app/globals.csskits/trustguard-ai/apps/app/favicon.icokits/trustguard-ai/apps/components/Header.tsxkits/trustguard-ai/apps/components/Footer.tsxkits/trustguard-ai/apps/components/InputForm.tsxkits/trustguard-ai/apps/components/LoadingSpinner.tsxkits/trustguard-ai/apps/components/Badge.tsxkits/trustguard-ai/apps/components/ResultCards.tsxkits/trustguard-ai/apps/components/EvidenceCard.tsxkits/trustguard-ai/apps/components/ThreatCard.tsxkits/trustguard-ai/apps/components/RiskMeter.tsxkits/trustguard-ai/apps/components/DecisionCard.tsxkits/trustguard-ai/apps/public/lamatic-logo.pngkits/trustguard-ai/apps/public/trustguard-logo.pngkits/trustguard-ai/apps/public/file.svgkits/trustguard-ai/apps/public/globe.svgkits/trustguard-ai/apps/public/window.svgkits/trustguard-ai/apps/public/next.svgkits/trustguard-ai/apps/public/vercel.svgFlow (no
flow.jsonfound;flows/trustguard-ai.tsdefines the graph)Node types introduced in the flow:
triggerNode(triggerNode_1, “API Request”)dynamicNode(4 chainedInstructorLLMNode_*stages)responseNode(responseNode_triggerNode_1, “API Response”)How it works (high level):
advance_schemafields:input_type,content,attachment_url,language,memory_enabled,tenant_id,user_idInstructorLLMNode_381(Investigation Planner) → outputsinvestigation+normalizedInstructorLLMNode_849(Evidence Extractor) → outputsevidenceInstructorLLMNode_847(Threat Analyzer) → outputsanalysisInstructorLLMNode_352(Decision Engine) → outputsdecisionoutputMapping) returns:investigation,normalized,evidence,analysis,decisionmetadata: { workflow: "trustguard-ai", version: "1.0.0" }