Summary
Create framework-specific vulnerability guides that show developers exactly how to fix g0 findings in their framework. Currently findings say "what's wrong" but not "here's the fix in your framework."
Motivation
g0 detects findings across 10 frameworks, but the remediation advice is generic. A LangChain developer needs different fix patterns than a CrewAI developer. For example:
- "Shared memory between users" → fix in LangChain uses
ConversationBufferMemory(memory_key=user_id), fix in CrewAI uses agent-scoped memory
- "No input validation on tool" → fix in MCP uses
inputSchema with JSON Schema, fix in LangChain uses Pydantic models
- "System prompt has no scope boundaries" → fix patterns differ by framework
Proposed Content
Per-Framework Guides
Create one guide per major framework:
-
LangChain/LangGraph (docs/frameworks/langchain.md)
- Top 10 findings and LangChain-specific fixes
- Memory isolation patterns
- Tool input validation with Pydantic
- Agent scope boundaries in LangGraph
- Safe ReAct agent patterns
-
CrewAI (docs/frameworks/crewai.md)
- Crew/agent/task security patterns
- Role-based access in multi-agent crews
- Tool permission scoping
- Memory isolation between agents
-
MCP (docs/frameworks/mcp.md)
- Tool description security (rug-pull prevention)
- Input schema validation best practices
- Server configuration hardening
- Transport security (stdio vs SSE vs HTTP)
-
OpenAI Agents SDK (docs/frameworks/openai.md)
- Agent instruction boundaries
- Tool call validation
- Guardrail implementation
- Handoff security patterns
-
Vercel AI SDK (docs/frameworks/vercel-ai.md)
- Tool result validation
- Streaming response security
- Multi-step agent boundaries
Each Guide Includes
- Top 10 most common findings for that framework
- Before/after code examples showing the fix
- Framework-specific security patterns and anti-patterns
- Links to framework documentation
- Which g0 rules are most relevant
Files to Create
docs/frameworks/langchain.mddocs/frameworks/crewai.mddocs/frameworks/mcp.mddocs/frameworks/openai.mddocs/frameworks/vercel-ai.mddocs/frameworks/README.md — index page- Update
docs/README.md to link to framework guides
Acceptance Criteria
Summary
Create framework-specific vulnerability guides that show developers exactly how to fix g0 findings in their framework. Currently findings say "what's wrong" but not "here's the fix in your framework."
Motivation
g0 detects findings across 10 frameworks, but the remediation advice is generic. A LangChain developer needs different fix patterns than a CrewAI developer. For example:
ConversationBufferMemory(memory_key=user_id), fix in CrewAI uses agent-scoped memoryinputSchemawith JSON Schema, fix in LangChain uses Pydantic modelsProposed Content
Per-Framework Guides
Create one guide per major framework:
LangChain/LangGraph (
docs/frameworks/langchain.md)CrewAI (
docs/frameworks/crewai.md)MCP (
docs/frameworks/mcp.md)OpenAI Agents SDK (
docs/frameworks/openai.md)Vercel AI SDK (
docs/frameworks/vercel-ai.md)Each Guide Includes
Files to Create
docs/frameworks/langchain.mddocs/frameworks/crewai.mddocs/frameworks/mcp.mddocs/frameworks/openai.mddocs/frameworks/vercel-ai.mddocs/frameworks/README.md— index pagedocs/README.mdto link to framework guidesAcceptance Criteria