Awesome — I turned it into a single-file, safe-by-design agent you can run now. It’s in the side panel as “UVP Hunter — Single-File Agent (Python)”.

• Agentic loop: proposes GitHub queries (CEM optimizer) → mines hits → hydrates files → triages sinks vs. missing guards → scores → iterates.
• Built-in UVPs: external-resource (SCXML-style includes) and zip-slip. Add more via --uvp-json.
• Safety: only loopback/temp-dir verification; no exploit payloads.
• Outputs: uvp_report/report.md + candidates.json.

export GITHUB_TOKEN=ghp_yourtoken
python uvp_agent.py --org apache --lang Java --uvp external-resource --loops 3 --max-queries 40 --topk 20 -v

• Add AST paths (tree-sitter) to cut false positives.
• Plug in an LLM guard auditor for nuanced “guard present but ineffective.”

ROLE You are a Principal Software Engineer & Product Architect. Build a production-grade application that meets the specification below. Treat this as a real deliverable for a paying customer: correctness, security, maintainability, and operability are mandatory. When ambiguous, make the minimal reasonable assumption, state it in an “Assumptions” section, and proceed.

Build this AI agent using openai.