Skip to content

Feature Archetype Driven Prompts

Luigi Colluto edited this page Jul 14, 2026 · 1 revision

Feature: Archetype-Driven Prompts (Stage 2 — Recon & Synthesis)

This is the heart of Argo's design: Stage 2 turns a handful of reusable prompt assets into a set of audit prompts tailored to one specific target. Three things converge — the reusable assets (always the same), scope.json (your links and rules), and the repo recon (stack, endpoints, CVE history from Threat-Informed Audit) — and out come the complementary custom prompts for that single scan.

Prompt enrichment: general to custom

Default model: Opus — this is the single highest-leverage stage in the pipeline. Validation can only remove false positives; it can never recover a bug a weak recon never pointed the auditor at.

Archetype classification (the de-biasing)

The meta-prompt's first step classifies the target: web app · HTTP/GraphQL API · CMS · plugin/extension/mod · library/SDK/framework · CLI/desktop · agent/LLM/MCP · mobile · data/ML pipeline · smart-contract · firmware · IaC. Everything downstream inherits from this:

  1. Entry-point reconstruction in the archetype's own terms — HTTP routes for a web app, command handlers and inter-instance protocols for a plugin, public functions and insecure defaults for a library, tool definitions and prompt assembly for an agent.
  2. Untrusted-input and sink mapping — the general checklist (injection, SSRF, path traversal, deserialization, sensitive-data exposure) plus archetype-specific sources/sinks.
  3. The prompt split — instead of a fixed web-app partition, the model picks a reference split per archetype (typically 3 complementary prompts, always including one architecture-led whole-system prompt) and adapts it to the real code.

Ground-truth extraction (the depth + precision lever)

Recon does the enumeration work up front and bakes it into both the prompt prose and ground_truth.json:

  • Invariantslocation → expected → how-to-check triples, turning the audit from open-ended hunting into a PASS/FAIL checklist.
  • Baseline-correct references — the one place a systemic pattern is done right; every sibling is diffed against it.
  • Variant families — repeated shapes (controller-per-operation, converter-per-type…) with a concrete enumerated member list, so the audit verifies each member, not just the first.
  • False-positive carve-outs — target-specific "do not flag" rules, also handed to the validator so it doesn't re-derive them and wrongly refute a real finding.

The audit template mandates a VARIANT_HUNT_LOG (one row per family member, 🟢/🟡/🔴) as a coverage forcing-function, and a completeness-critic re-pass loops until a pass adds nothing new.

Mandatory coverage checklist and variant census

Two deterministic, code-side mechanisms close the gap an open-ended instruction leaves: a coverage checklist injected into every prompt (variant-family census, resource-exhaustion, secrets-in-sinks, SSRF, memory-safety or panic-census depending on the language, crypto-primitive review, insecure-defaults/fail-open, one-finding-per-root-cause), and a variant census worksheet that pre-scans the repo for cheaply-detectable defect families (native free/copy/alloc sinks, panic/abort points) and bakes the exact site count + file list into the prompt — turning "enumerate every sibling" from an instruction a model under-executes into a closed-ended checklist it must account for.

Quality controls inside the meta-prompt

  • Every generated prompt must name the archetype and warn against treating a non-web target as a generic web/CRUD app.
  • A specificity self-check runs before the prompts are emitted: could this be pasted onto another project of the same archetype unchanged? Does it use the project's own terms?
  • The orchestrator independently re-verifies every generated prompt before driving an audit session — it must carry the RoE sections, prohibited techniques verbatim, and "Do NOT patch". A prompt that loses these fails the run; the model's freedom to tailor content never drops a safety constraint. See Guardrails & Safety.

Related

Clone this wiki locally