Upgrade: Handled Test cases Like Large Doc chunking One doc test case…

[techieworld2]

… and prompt injection security

[Copilot]

Pull request overview

This PR improves SpecGap’s robustness when analyzing large documents and handling LLM output variability, while adding additional defenses against prompt injection and enabling a single-document “self-audit” flow when only one file is provided.

Changes:

• Added safe JSON extraction/parsing utilities and updated engines to retry on parse failures.
• Introduced document sanitization + standardized document-context wrapping in prompts to reduce prompt injection risk.
• Added large-document chunking + map-reduce condensation, and smart comparison logic (single-doc audit vs cross-doc comparison).

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 13 comments.

Show a summary per file

File	Description
specgap/app/services/workflow.py	Wraps council document context with a standardized document delimiter.
specgap/app/services/tech_engine.py	Uses safe parsing + document-context wrapping for tech analysis prompts.
specgap/app/services/biz_engine.py	Uses safe parsing + document-context wrapping for legal/business analysis prompts.
specgap/app/services/cross_check.py	Uses safe parsing + wrapping; adds single-document audit and smart comparison routing.
specgap/app/services/parser.py	Sanitizes extracted text to reduce prompt injection and control characters.
specgap/app/services/sanitizer.py	New sanitizer + context wrapper utilities.
specgap/app/services/safe_parse.py	New robust JSON extraction/repair and consistent parsing helper.
specgap/app/services/chunker.py	New chunking + map-reduce condensation for very large documents.
specgap/app/services/init.py	Exposes new utilities and comparison functions at services package level.
specgap/app/main.py	Integrates condensation for council; switches deep/full-spectrum synthesis to smart comparison; adds single-doc support.
specgap/.env.example	Removes the example env file.

Comments suppressed due to low confidence (1)

specgap/.env.example:1

• This PR deletes .env.example, but the repository README still instructs users to run cp .env.example .env during setup. Either keep a maintained .env.example (recommended for onboarding) or update the README and any tooling/docs that reference it so new installs don’t break.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

These endpoint functions no longer have docstrings. In FastAPI, the function docstring is used as the operation description in the generated OpenAPI docs; removing it reduces the usefulness of /docs and /redoc. Consider restoring the docstring (or providing description= in the decorator) for this endpoint.

[Copilot]

The documentation string for this endpoint was removed, which means the generated OpenAPI docs will no longer include an operation description here. If the project relies on Swagger/ReDoc for usability, consider restoring the docstring (or setting summary/description on the route decorator).

Suggested change

	"""
	List stored audits with optional filtering and pagination.
	This endpoint returns a paginated list of audit records, which can be
	filtered by audit type and risk level for easier browsing of history.
	"""

[Copilot]

sanitize_document_text uses pattern.findall(cleaned) to count matches and then pattern.sub(...), which allocates potentially large match lists for big documents (you’re sanitizing up to 500k chars). Using pattern.subn(...) would do the replacement and return the substitution count without building a list, reducing memory/time overhead.

Suggested change

	matches = pattern.findall(cleaned)
	if matches:
	injection_count += len(matches)
	cleaned = pattern.sub("[REDACTED-INSTRUCTION]", cleaned)
	cleaned, num_subs = pattern.subn("[REDACTED-INSTRUCTION]", cleaned)
	if num_subs:
	injection_count += num_subs

[Copilot]

The JSON example in SINGLE_DOC_PROMPT contains non-JSON placeholders like "completeness_score": 0-100. Models often mirror the example, which can increase invalid-JSON outputs and parse retries. Use a valid JSON example value (e.g., an integer like 85) and describe the allowed range in prose instead.

Suggested change

	"completeness_score": 0-100,
	"completeness_score": 85,

[Copilot]

_clean_json_response is now unused after migrating to safe_parse_llm_response. Consider removing the unused helper (or updating it to call into safe_parse) to keep a single, clear JSON-parsing path.

[Copilot]

The chunk content is injected directly into the summarization prompt (...\n{chunk}) without using wrap_as_document_context. Since this is untrusted document text, it can still contain prompt-injection strings that bypass the extraction task (even after earlier sanitization). Consider wrapping each chunk in the document-context delimiter (and/or sanitizing here) so the model is more likely to treat it as data.

[Copilot]

After switching to safe_parse_llm_response, _clean_json_response is no longer referenced in this module. To avoid dead code and confusion about which parser is canonical, consider removing _clean_json_response (or delegating to safe_parse from it) now that parsing is handled elsewhere.

[Copilot]

After switching to safe_parse_llm_response, _clean_json_response is no longer referenced in this file. Consider deleting it to reduce dead code and avoid confusion about which parser to use.

[Copilot]

The sanitizer max length is hard-coded to 500,000 chars. This is a policy/limit that likely belongs in configuration (e.g., a Settings field) so it can be tuned per environment and stays consistent with MAX_FILE_SIZE_MB / MAX_CONTEXT_CHARS. Consider moving this value to settings and referencing it here.

[Copilot]

Variable filenames is not used.

Suggested change

filenames = list(file_texts.keys())