PromptShield logo PromptShield
PromptShield LSP

Code Actions

Understanding Quick Fixes and AI intent in the Editor.

The @promptshield/lsp server provides immediate, contextual solutions for detected threats via LSP Code Actions (often surfaced as the "Lightbulb" or "Quick Fix" menu in IDEs).

Standard Fixes

When a diagnostic is generated by the core detection engine, the LSP server evaluates whether the threat can be safely remediated using the @promptshield/sanitizer.

If a deterministic fix is possible, the server provides:

  1. "Fix this issue": Applies the sanitizer to just the offending span.
  2. "Fix all issues": Applies the sanitizer to all compatible threats within the currently opened document.

Minimal Edit Computation

The LSP server does not overwrite the entire document to fix a single invisible character. It uses the applyFixes API to generate surgical TextEdit objects (containing exact Start and End offset ranges) specifically tailored to the AST nodes provided by the @promptshield/core engine.

This preserves your undo/redo stack perfectly.

Ignore Management

Sometimes a sequence of code looks malicious but is intentionally authored (e.g. you are documenting a Trojan Source attack). The LSP surfaces code actions for:

  • "Ignore this line": Automatically injects the correct language-specific promptshield-ignore next comment directly above the offending line.
  • "Remove unused ignore directive": If PromptShield detects an ignore comment that is no longer masking an active threat, it provides an action to delete the stale comment to keep your codebase clean.

Comment Style Mapping

Because Prompts exist in Markdown, TypeScript, Python, and JSON, the LSP server maintains an internal mapping to inject the correct ignore syntax:

  • .mdx / .md -> <!-- promptshield-ignore next -->
  • .ts / .js -> // promptshield-ignore next
  • .py -> # promptshield-ignore next

Fix with AI (Experimental)

For semantic anomalies where simply deleting the bad character might destroy the intent of the prompt, the LSP surfaces the special "promptshield.action.fixWithAi" command action.

Note: The LSP server itself does not make LLM calls. It bridges this request back to the Host IDE (e.g., the VSCode Extension) which then delegates to the local Copilot installation or configured AI agent.

Note: This feature is experimental and may not work in all IDEs.

Workspace Scanning

How the LSP Server handles full repository analysis.

API Docs

Next Page

On this page

Standard FixesMinimal Edit ComputationIgnore ManagementComment Style MappingFix with AI (Experimental)