alprina chat
Start an interactive AI-powered security assistant to answer questions and analyze code.
Synopsis
alprina chat [OPTIONS]Description
The alprina chat command launches an interactive conversation with Alprina’s AI security assistant. Ask questions about security, get help understanding vulnerabilities, analyze code snippets, and receive expert guidance on secure development practices.
Think of it as having a security expert available 24/7 to help you write safer code.
Options
--model, -m
Specify which LLM model to use (default: claude-3-5-sonnet-20241022).
alprina chat --model gpt-4
alprina chat --model claude-3-5-sonnet-20241022Available models:
claude-3-5-sonnet-20241022- Anthropic Claude 3.5 Sonnet (recommended)gpt-4- OpenAI GPT-4gpt-4-turbo- OpenAI GPT-4 Turbogpt-3.5-turbo- OpenAI GPT-3.5 Turbo (faster, less capable)
--streaming / --no-streaming
Enable or disable streaming responses (default: enabled).
# Streaming enabled (default)
alprina chat --streaming
# Disable streaming
alprina chat --no-streamingStreaming shows responses as they’re generated. Disable for cleaner output or slower connections.
--load, -l
Load scan results into the chat context for analysis.
alprina chat --load ~/.alprina/out/latest-results.jsonThe AI will have access to your scan findings and can help you understand and fix them.
Examples
Basic Chat Session
Start a conversation:
alprina chat💬 Alprina AI Security Assistant
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Ask me anything about security, vulnerabilities, or secure coding!
Type 'help' for commands, 'exit' to quit.
You: What is SQL injection?
Alprina: SQL injection is a code injection attack where an attacker
can execute arbitrary SQL commands on a database...
[detailed explanation]
You: How do I prevent it in Python?
Alprina: Here are the best practices for preventing SQL injection
in Python:
1. Use parameterized queries...Analyze Scan Results
Load and discuss scan findings:
alprina chat --load ~/.alprina/out/scan-results.json💬 Alprina AI (with scan context loaded)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
I've loaded your scan results. Found 3 vulnerabilities.
You: Explain the SQL injection finding
Alprina: Looking at your scan results, I found a SQL injection
vulnerability in database.py at line 42:
query = f"SELECT * FROM users WHERE id = {user_id}"
This is vulnerable because...
[detailed analysis with code examples]Use Different Model
Try GPT-4 instead of Claude:
alprina chat --model gpt-4Disable Streaming
For cleaner output:
alprina chat --no-streamingChat Commands
Special commands available in the chat:
| Command | Description |
|---|---|
help | Show available commands |
exit, quit | Exit the chat |
clear | Clear the conversation history |
context | Show current context (scan results, etc.) |
save | Save conversation to file |
load <file> | Load scan results into context |
model <name> | Switch LLM model |
Example:
You: /help
Alprina: Available commands:
/exit - Exit the chat
/clear - Clear conversation
/context - Show loaded context
...Use Cases
Learn Security Concepts
You: What's the difference between XSS and CSRF?
Alprina: Great question! Let me explain...Understand Vulnerabilities
You: I got a "weak cryptography" finding. What does that mean?
Alprina: Weak cryptography means you're using outdated or
insecure encryption algorithms...Get Code Review
You: Is this code secure?
```python
password = input("Enter password: ")
if password == "admin123":
grant_access()Alprina: No, this code has several security issues:
- Hardcoded password…
- Plain text comparison…
### Debug Security Issues
You: Why am I getting “CORS error” in my API?
Alprina: CORS (Cross-Origin Resource Sharing) errors occur when… Here’s how to fix it securely…
### Best Practices Guidance
You: What’s the best way to store API keys in Python?
Alprina: Here are the best practices for API key storage:
- Use environment variables…
- Never commit keys to git…
## Context Awareness
When you load scan results, the AI has access to:
- All vulnerability findings
- File paths and line numbers
- Severity levels
- CWE/CVE references
- Your code snippets
This allows for highly relevant and specific advice.
## Conversation History
The chat maintains conversation context, so you can:
- Ask follow-up questions
- Reference previous answers
- Build on earlier topics
You: Tell me about SQL injection
Alprina: [explains SQL injection]
You: How do I prevent it?
Alprina: To prevent what we just discussed… [uses context]
## Saving Conversations
Save your chat for future reference:
You: /save security-qa.txt
Alprina: ✓ Conversation saved to security-qa.txt
## Privacy & Data
- Conversations are processed by the selected LLM provider
- Scan results loaded into chat are sent to the LLM
- No conversation data is stored on Alprina servers
- Local conversation history is stored in `~/.alprina/chat/`
To clear local history:
```bash
rm -rf ~/.alprina/chat/Example Workflows
Workflow 1: Understand Findings
# 1. Run scan
alprina scan ./src
# 2. Chat about findings
alprina chat --load ~/.alprina/out/latest-results.json
# 3. Ask questions
You: What's the most critical issue?
You: How do I fix the SQL injection?
You: Show me secure code examplesWorkflow 2: Learn Security
# Start chat
alprina chat
# Ask questions
You: What are the OWASP Top 10?
You: Explain each one with examples
You: How do I test for these in my code?Workflow 3: Code Review
# Start chat
alprina chat
# Paste code
You: Review this code for security issues:
[paste code]
# Get feedback
Alprina: [detailed security analysis]Tips for Better Responses
-
Be Specific: “How do I prevent SQL injection in FastAPI?” vs “How do I secure my API?”
-
Provide Context: Include language, framework, and specific code when relevant
-
Ask Follow-ups: Don’t hesitate to ask for clarification or more details
-
Load Scan Results: Use
--loadfor contextual help with your specific vulnerabilities -
Try Different Models: Some models excel at different tasks
Model Comparison
| Model | Speed | Security Knowledge | Code Generation | Cost |
|---|---|---|---|---|
| Claude 3.5 Sonnet | Fast | Excellent | Excellent | Medium |
| GPT-4 | Medium | Excellent | Excellent | High |
| GPT-4 Turbo | Fast | Very Good | Very Good | Medium |
| GPT-3.5 Turbo | Very Fast | Good | Good | Low |
Limitations
- AI responses are not guaranteed to be 100% accurate
- Always verify suggestions before implementing
- Complex security topics may require human expert review
- Rate limits apply based on your subscription tier
Related Commands
alprina scan- Scan code first, then chat about findingsalprina fix- Apply AI-generated fixesalprina mitigate- Get fix suggestions
Troubleshooting
”API key not configured”
Set up authentication first:
alprina auth loginSlow responses
Try a faster model or disable streaming:
alprina chat --model gpt-3.5-turbo --no-streamingOut of context
Clear and start fresh:
You: /clear