jfrs1986rain-prog/solosweep — reverse-engineered prompt

Build me a really simple security scanner called SoloSweep for solo developers and tiny SaaS projects. I want it to work like a one command tool where I point it at a project folder and it quickly checks for obvious security mistakes, especially hardcoded API keys, tokens, passwords, and risky code patterns like unsafe eval usage or sensitive data stored in plain text.

The main output should be a clean Markdown report saved as something like solosweep report dot md, with clear severity, file and line references, a short explanation of what was found, and a practical what to do next section. If a Gemini API key is available, it should also generate a ready to paste fix for each issue using only the relevant code snippet, not the whole file. If no key is set, or if I use a no ai mode, it should still run fully offline and give me the findings without external calls.

Please keep it zero config, privacy first, and easy for non security people to use. Look up current docs online if you need to.