FixWeb

// docs / ai fix prompts

AI improvement prompts

Every finding has a Copy prompt button beneath the remediation. Click it, paste into Claude / Cursor / Copilot, and the agent gets the canonical improvement recipe for that website-quality issue — no Claude API call from us.

工作方式

点击时会组合两类数据:

  • 发现项:标题、描述、证据、修复建议、CWE,已经随报告加载。
  • 你代码库的框架:从扫描的 discovery.tech-fingerprint 发现项中检测(Next.js、React、Vue、Django、Express、Rails、Laravel、Flask)。如果没有检测到框架,就回退到通用方案(智能体提示词随后会要求 LLM 从仓库状态中识别框架)。

Templates live in lib/scanner/fix-prompts.ts. The registry has check-specific guidance for crawlability, search presentation, semantic content, structured data, media, performance, accessibility, forms, mobile/i18n, runtime, owner journeys, and repo-quality issues. For everything else, the existing remediation field on the finding becomes the generic recipe.

提示词长什么样

Fix the "Hero image is lazy-loaded and missing dimensions" finding on /pricing.

Issue: The largest above-the-fold image is marked loading="lazy" and has
no explicit width/height. That can delay LCP and create layout shift.

Codebase context: Next.js.

Recommended fix:
Use next/image or the existing image component with explicit width/height,
responsive sizes, meaningful alt text, and priority/fetchPriority for the
first major visual on the page.

Constraints:
- Don't break existing tests; run the test suite after the change.
- Match the codebase's existing style and lint config.
- Add a brief comment explaining the performance reasoning only where the
  fix would otherwise look arbitrary.
- If the fix needs a new dependency, install it via the project's
  package manager (npm / pnpm / pip / bundle / composer).

Reference: Core Web Vitals / Largest Contentful Paint guidance.

支持的框架

我们会为这些框架提供特定片段:

  • Next.js、React、Vue、Nuxt、Svelte(前端)
  • Express、Fastify(Node.js 后端)
  • Django、Flask(Python)
  • Ruby on Rails
  • Laravel(PHP)
  • ASP.NET Core(计划中,目前回退到通用方案)

框架检测是尽力而为。我们会嗅探 __NEXT_DATA__ tags、__NUXT__、hash cookies(laravel_session)、X-Powered-By headers,以及一些其他信号。如果你运行的是自定义框架,提示词会回退到通用方案,并由智能体从你的 package.json 中判断。

从你的 AI 智能体使用

如果你已经接入 MCP server,同一个提示词也会作为 slash command 暴露。从 Claude Desktop:

/fixweb-fix finding_id=550e8400-e29b-41d4-a716-446655440000

The renderer looks up the finding, detects the framework from the parent scan when available, renders the templated prompt, and injects it into your conversation as the user message. No round-trip to our Claude API; templates are pure and free.

为什么我们不会每次点击都调用 Claude

上线时,我们考虑过每次点击都调用 Anthropic API,用代码库上下文优化提示词。我们没有这么做,因为:

  • 用户粘贴进去的智能体已经有代码库上下文:他们是在打开仓库的 Cursor / Claude Desktop 中使用。
  • 按 (check × framework) 模板化覆盖了约 80% 的价值,而且没有每次点击的成本。
  • 如果用户需要,以后可以提供“用我的代码库上下文通过 AI 优化”的可选开关来触发 API。今天没有。
AI improvement prompts — Docs · FixWeb