Merge pull request #65 from arm/custom_prompt

lyndon160 · web-flow · commit 8691bc59e322 · 2025-10-22T16:51:40.000+01:00
Add support for custom prompts
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "metis"
-version = "0.4.0"
+version = "0.5.0"
 description = "Metis is a command line tool for performing security code reviews using LLMs"
 readme = "README.md"
 license = { file = "LICENSE.md" }
diff --git a/src/metis/cli/commands.py b/src/metis/cli/commands.py
@@ -42,6 +42,7 @@ def show_help():
 Options:
     --backend chroma|postgres  Vector backend to use (default: chroma).
     --output-file PATH         Save analysis results to this file.
+    --custom-prompt PATH       Custom prompt file (.md or .txt) to guide analysis.
     --project-schema SCHEMA    (Optional) Project identifier if postresql is used.
     --chroma-dir DIR           (Optional) Directory to store ChromaDB data (default: ./chromadb).
     --verbose                  (Optional) Shows detailed output in the terminal window.
diff --git a/src/metis/cli/entry.py b/src/metis/cli/entry.py
@@ -14,6 +14,7 @@
 
 from metis.configuration import load_runtime_config
 from metis.engine import MetisEngine
+from metis.utils import read_file_content
 
 try:
     from metis.vector_store.pgvector_store import PGVectorStoreImpl
@@ -123,6 +124,11 @@ def main():
     )
     parser.add_argument("--log-file", type=str)
     parser.add_argument("--log-level", type=str, default="INFO")
+    parser.add_argument(
+        "--custom-prompt",
+        type=str,
+        help="Path to a custom prompt file (.md or .txt) used to guide analysis",
+    )
     parser.add_argument("--version", action="store_true", help="Show program version")
     parser.add_argument(
         "-v", "--verbose", action="store_true", help="Enable verbose output"
@@ -190,10 +196,28 @@ def main():
             args, runtime, embed_model_code, embed_model_docs
         )
 
+    # Resolve custom analysis prompt text
+    custom_prompt_text = None
+    if args.custom_prompt:
+        pf = Path(args.custom_prompt)
+        if pf.is_file() and pf.suffix.lower() in {".md", ".txt"}:
+            custom_prompt_text = read_file_content(str(pf))
+        else:
+            print_console(
+                f"[yellow]Warning:[/yellow] Ignoring --custom-prompt '{escape(str(pf))}'. It must exist and have .md or .txt extension.",
+                args.quiet,
+            )
+    if custom_prompt_text is None:
+        # Fallback to .metis.md in project root (codebase path)
+        metis_md = Path(args.codebase_path) / ".metis.md"
+        if metis_md.is_file():
+            custom_prompt_text = read_file_content(str(metis_md))
+
     engine = MetisEngine(
         codebase_path=args.codebase_path,
         llm_provider=llm_provider,
         vector_backend=vector_backend,
+        custom_prompt_text=custom_prompt_text,
         **runtime,
     )
 
diff --git a/src/metis/engine/core.py b/src/metis/engine/core.py
@@ -34,6 +34,7 @@
     extract_content_from_diff,
     process_diff_file,
     prepare_nodes_iter,
+    apply_custom_guidance,
 )
 
 
@@ -69,7 +70,14 @@ def __init__(
             setattr(self, k, kwargs[k])
 
         self.llm_provider = llm_provider
+        # Optional user-provided guidance to be appended to system prompts
+        self.custom_prompt_text = kwargs.get("custom_prompt_text")
         self.plugin_config = load_plugin_config()
+
+        # Load precedence note from general prompts
+        self.custom_guidance_precedence = self.plugin_config.get(
+            "general_prompts", {}
+        ).get("custom_guidance_precedence", "")
         self.plugins = load_plugins(self.plugin_config)
 
         # Cache splitters and extension/plugin lookups
@@ -355,6 +363,11 @@ def review_patch(self, patch_file, validate=False):
                     issue.get("issue", "") for issue in review_dict.get("reviews", [])
                 )
                 summary_prompt = language_prompts["snippet_security_summary"]
+                summary_prompt = apply_custom_guidance(
+                    summary_prompt,
+                    self.custom_prompt_text,
+                    self.custom_guidance_precedence,
+                )
                 changes_summary = summarize_changes(
                     self.llm_provider, file_diff.path, issues, summary_prompt
                 )
@@ -471,6 +484,9 @@ def _process_file_reviews(
 
         for chunk in chunks:
             system_prompt = f"{language_prompts[default_prompt_key]} \n {language_prompts['security_review_checks']} \n {report_prompt}"
+            system_prompt = apply_custom_guidance(
+                system_prompt, self.custom_prompt_text, self.custom_guidance_precedence
+            )
             review = perform_security_review(
                 self.llm_provider, file_path, chunk, combined_context, system_prompt
             )
diff --git a/src/metis/engine/helpers.py b/src/metis/engine/helpers.py
@@ -156,3 +156,17 @@ def prepare_nodes_iter(
             yield None
 
     return nodes_code, nodes_docs
+
+
+def apply_custom_guidance(base_prompt, custom_guidance, precedence_note):
+    """Prepend precedence note and custom guidance to a base prompt.
+
+    If custom_guidance is not set, returns base_prompt unchanged. The format is:
+    [precedence_note]\n\nCustom Guidance:\n{custom_guidance}\n\n{base_prompt}
+    """
+    if not custom_guidance:
+        return base_prompt
+    guidance_block = f"Custom Guidance:\n{custom_guidance.strip()}"
+    if precedence_note:
+        return f"{precedence_note.strip()}\n\n{guidance_block}\n\n{base_prompt}"
+    return f"{guidance_block}\n\n{base_prompt}"
diff --git a/src/metis/metis.yaml b/src/metis/metis.yaml
@@ -19,12 +19,12 @@ metis_engine:
 
 llm_provider:
   name: "openai"
-  model: "gpt-4.1"
+  model: "gpt-5"
   code_embedding_model: "text-embedding-3-large"
   docs_embedding_model: "text-embedding-3-large"
 
 query:
-  model: "gpt-4.1"
+  model: "gpt-5"
   similarity_top_k: 5
   response_mode: "tree_summarize"
   max_tokens: 5000
diff --git a/src/metis/plugins/plugins.yaml b/src/metis/plugins/plugins.yaml
@@ -2,6 +2,11 @@ docs:
   supported_extensions:  [".md", ".html", ".txt", ".pdf", ".rst"]
 
 general_prompts:
+  custom_guidance_precedence: |-
+    Instruction precedence: When 'Custom Guidance' conflicts with any default
+    instructions or checks below, follow 'Custom Guidance'. If guidance excludes
+    certain issue classes, omit them from analysis and do not report them unless
+    directly necessary to explain another issue.
   retrieve_context: |-
     You are a senior software engineer and your task is to explain what the following FILE does and what its purpose is.
     Include any data flows, function calls, or dependencies that could impact security.
