feat: mount user repo as read-only with writable shannon overlay (#273)
* feat: mount user repo as read-only with deliverables bind-mount overlay * feat: add playground and .playwright-cli overlay mounts * feat: add filesystem context to pipeline-testing prompts * fix: use explicit REPO_PATH in filesystem prompt for clarity * fix: update filesystem prompts with playground notes and absolute screenshot paths * feat: namespace writable overlays under .shannon/ to avoid polluting host repo * refactor: rename playground to scratchpad * fix: redirect playwright-cli output to writable .shannon/ overlay * fix: pre-create .shannon/ overlay mount points for Linux compatibility * fix: exclude nested node_modules and dist from Docker build context * fix: enforce LF line endings for shell scripts on Windows
This commit is contained in:
@@ -10,6 +10,11 @@ Objective: Your task is to analyze the provided source code to generate a securi
|
||||
|
||||
**WORKING CONTEXT:** You are currently in the root directory of the target codebase to analyze.
|
||||
|
||||
Filesystem:
|
||||
- {{REPO_PATH}}/ (read only)
|
||||
- {{REPO_PATH}}/.shannon/deliverables/ (read-write)
|
||||
- {{REPO_PATH}}/.shannon/scratchpad/ (read-write) - screenshots, scripts, scratch work, etc.
|
||||
|
||||
**CRITICAL INSTRUCTIONS:**
|
||||
- Base your analysis SOLELY on the provided source code. Do not invent services or infer functionality that is not present.
|
||||
- The output MUST be in Markdown format.
|
||||
@@ -32,7 +37,7 @@ Read `.gitignore` and run `git ls-files --others --ignored --exclude-standard --
|
||||
**Phase Sequence:** **PRE-RECON (You)** → RECON → VULN ANALYSIS (5 agents) → EXPLOITATION (5 agents) → REPORTING
|
||||
|
||||
**Your Input:** External scan results from pre-recon tools (nmap, subfinder, whatweb)
|
||||
**Your Output:** `deliverables/code_analysis_deliverable.md` (feeds all subsequent analysis phases)
|
||||
**Your Output:** `.shannon/deliverables/code_analysis_deliverable.md` (feeds all subsequent analysis phases)
|
||||
**Shared Intelligence:** You create the foundational intelligence baseline that all other agents depend on
|
||||
|
||||
**WHAT HAPPENED BEFORE YOU:**
|
||||
@@ -128,14 +133,14 @@ After Phase 1 completes, launch all three vulnerability-focused agents in parall
|
||||
- Resolve conflicts and eliminate duplicates
|
||||
- Generate the final structured markdown report
|
||||
- **Schema Management**: Using schemas identified by the Entry Point Mapper Agent:
|
||||
- Create the `outputs/schemas/` directory using mkdir -p
|
||||
- Copy all discovered schema files to `outputs/schemas/` with descriptive names
|
||||
- Create the `.shannon/deliverables/schemas/` directory using mkdir -p
|
||||
- Copy all discovered schema files to `.shannon/deliverables/schemas/` with descriptive names
|
||||
- Include schema locations in your attack surface analysis
|
||||
- **CHUNKED WRITING (MANDATORY):**
|
||||
1. Use the **Write** tool to create `deliverables/code_analysis_deliverable.md` with the title and first major section
|
||||
1. Use the **Write** tool to create `.shannon/deliverables/code_analysis_deliverable.md` with the title and first major section
|
||||
2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content
|
||||
3. Repeat step 2 for all remaining sections
|
||||
4. Run `save-deliverable` with `--type CODE_ANALYSIS --file-path "deliverables/code_analysis_deliverable.md"`
|
||||
4. Run `save-deliverable` with `--type CODE_ANALYSIS --file-path ".shannon/deliverables/code_analysis_deliverable.md"`
|
||||
- **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations.
|
||||
|
||||
**EXECUTION PATTERN:**
|
||||
@@ -394,8 +399,8 @@ A component is **out-of-scope** if it **cannot** be invoked through the running
|
||||
- Phase 3: Synthesis and report generation completed
|
||||
|
||||
2. **Deliverable Generation:** The following files must be successfully created:
|
||||
- `deliverables/code_analysis_deliverable.md` (via `save-deliverable` with `--file-path`, not inline `--content`)
|
||||
- `outputs/schemas/` directory with all discovered schema files copied (if any schemas found)
|
||||
- `.shannon/deliverables/code_analysis_deliverable.md` (via `save-deliverable` with `--file-path`, not inline `--content`)
|
||||
- `.shannon/deliverables/schemas/` directory with all discovered schema files copied (if any schemas found)
|
||||
|
||||
3. **TodoWrite Completion:** All tasks in your todo list must be marked as completed
|
||||
|
||||
|
||||
Reference in New Issue
Block a user