Model-Specific Guidance
Manicode prompts are available in variants optimized for specific models. This page documents practical differences across supported models and guidance for choosing between them.
Supported Models
| Vendor | Model | Prompt Variant Suffix | Primary Strengths |
|---|---|---|---|
| Anthropic | Claude Opus 4.6 | (Opus 4.6) | Long-form reasoning, instruction adherence, security analysis |
| OpenAI | GPT 5.3 Codex | (GPT 5.3 Codex) | Code generation, structured output, tool use |
| Gemini 3.1 Pro | (Gemini 3.1 Pro) | Long context windows, multimodal input, engineering tasks | |
| xAI | Grok 4.1 | (Grok 4.1) | Fast inference, code generation |
| Microsoft | GitHub Copilot | (Copilot) | IDE-integrated code completion, inline suggestions |
When to Use Which Model
Code Security Prompts
All five model variants are available for code security prompts. Choose based on your deployment context:
| Deployment Context | Recommended Model | Reason |
|---|---|---|
| IDE autocomplete | GitHub Copilot | Native IDE integration, inline completions |
| Coding agent (autonomous) | Claude Opus 4.6, GPT 5.3 Codex | Strong instruction following for long autonomous sessions |
| API-driven code generation | Any model | All variants produce comparable security-aware code |
| Code review / analysis | Claude Opus 4.6, Gemini 3.1 Pro | Detailed reasoning in review comments |
Threat Modeling Prompts
Threat modeling prompts are available for Claude Opus 4.6, GPT 5.3 Codex, and Gemini 3.1 Pro.
| Methodology | Recommended Model | Reason |
|---|---|---|
| Standard Interview | Claude Opus 4.6 | Patient, methodical multi-turn interviews |
| STRIDE for APIs | GPT 5.3 Codex | Structured, systematic STRIDE analysis |
| FMEA | Gemini 3.1 Pro | Engineering-focused quantitative analysis |
| Diagram Generation | Any supported model | Mermaid/PlantUML output is consistent across models |
| Repository Reconnaissance | Claude Opus 4.6 | Best file navigation and cross-referencing in agent mode |
Compliance Prompts
Compliance prompts do not have model-specific variants. Use any supported model. For best results:
- Long intake sessions — Use a model with a large context window (Gemini 3.1 Pro, Claude Opus 4.6)
- Structured output — If you need JSON-formatted control mappings, GPT 5.3 Codex handles structured output well
Validation Prompts
Validation prompts are designed to be model-agnostic. Choose based on latency and cost requirements:
| Requirement | Recommended Approach |
|---|---|
| Low latency (production guardrails) | Use Low Token variants with a fast model |
| High accuracy (audit/development) | Use High Token variants with a larger model |
| High throughput | Use the smallest model that meets your accuracy threshold |
Workforce and AI Coding Requirements
These prompts are available for Claude Opus 4.6 and GPT 5.3 Codex. Both perform comparably for these use cases.
Token and Context Considerations
| Model | Max Context Window | Practical Limit for Prompts |
|---|---|---|
| Claude Opus 4.6 | 200K tokens | System prompt + long conversations; suitable for full threat modeling sessions |
| GPT 5.3 Codex | 128K tokens | System prompt + medium conversations |
| Gemini 3.1 Pro | 1M tokens | Largest context; suitable for full-repository analysis |
| Grok 4.1 | 128K tokens | System prompt + medium conversations |
| GitHub Copilot | Varies by plan | IDE context is managed by Copilot; prompt size affects available context |
Prompt sizes (approximate): Most Manicode prompts fall in the 2,000-8,000 token range. Security validation prompts (High Token variants) can reach 10,000+ tokens. The AI Coding Requirements pipeline runs one stage at a time, so each stage prompt consumes roughly 3,000-6,000 tokens. Actual token counts vary by model tokenizer.
Determinism and Reproducibility
LLM outputs are inherently non-deterministic. To maximize consistency:
- Set temperature to 0 (or the lowest available setting) for deterministic use cases like validation
- Pin model versions in API calls (e.g.,
claude-opus-4-6notclaude-latest) - Use structured output modes (JSON mode, tool use) when available for validation prompts
- Cache prompt-model pairs that produce good results and re-test after model updates
No combination of settings guarantees identical output across runs. Build workflows that tolerate output variance.
Cost Considerations
Prompt costs depend on the model, the prompt size, and the conversation length. General guidance:
- Code security prompts in IDE — Cost is managed by the IDE provider's subscription (Copilot, Cursor, Windsurf)
- API-driven workflows — Cost scales with prompt tokens (system prompt) + completion tokens (model output). High Token validation variants cost more per invocation than Low Token variants.
- Threat modeling sessions — Multi-turn conversations accumulate context. A full 20-question interview may process 50K-100K tokens total.
- CI/CD pipelines — Per-run costs depend on how many prompts are invoked per build. Batch validation runs are more cost-effective than per-file invocations.
Use your model provider's pricing calculator to estimate costs for your specific workflow.
Testing After Model Updates
When a model provider releases an update:
- Re-run your most critical prompt-model pairs against known test cases
- Check that security constraints are still followed (e.g., parameterized queries, input validation)
- Check that validation prompts still produce correct ALLOW/BLOCK decisions on your test suite
- If behavior has degraded, try the prompt variant for a different model as a fallback