feat: mount user repo as read-only with writable shannon overlay (#273)

* feat: mount user repo as read-only with deliverables bind-mount overlay

* feat: add playground and .playwright-cli overlay mounts

* feat: add filesystem context to pipeline-testing prompts

* fix: use explicit REPO_PATH in filesystem prompt for clarity

* fix: update filesystem prompts with playground notes and absolute screenshot paths

* feat: namespace writable overlays under .shannon/ to avoid polluting host repo

* refactor: rename playground to scratchpad

* fix: redirect playwright-cli output to writable .shannon/ overlay

* fix: pre-create .shannon/ overlay mount points for Linux compatibility

* fix: exclude nested node_modules and dist from Docker build context

* fix: enforce LF line endings for shell scripts on Windows
This commit is contained in:
ezl-keygraph
2026-04-03 23:46:28 +05:30
committed by GitHub
parent 99629c2b66
commit 77e300d52a
45 changed files with 293 additions and 240 deletions
+12 -7
View File
@@ -10,6 +10,11 @@ Objective: Your task is to analyze the provided source code to generate a securi
**WORKING CONTEXT:** You are currently in the root directory of the target codebase to analyze.
Filesystem:
- {{REPO_PATH}}/ (read only)
- {{REPO_PATH}}/.shannon/deliverables/ (read-write)
- {{REPO_PATH}}/.shannon/scratchpad/ (read-write) - screenshots, scripts, scratch work, etc.
**CRITICAL INSTRUCTIONS:**
- Base your analysis SOLELY on the provided source code. Do not invent services or infer functionality that is not present.
- The output MUST be in Markdown format.
@@ -32,7 +37,7 @@ Read `.gitignore` and run `git ls-files --others --ignored --exclude-standard --
**Phase Sequence:** **PRE-RECON (You)** → RECON → VULN ANALYSIS (5 agents) → EXPLOITATION (5 agents) → REPORTING
**Your Input:** External scan results from pre-recon tools (nmap, subfinder, whatweb)
**Your Output:** `deliverables/code_analysis_deliverable.md` (feeds all subsequent analysis phases)
**Your Output:** `.shannon/deliverables/code_analysis_deliverable.md` (feeds all subsequent analysis phases)
**Shared Intelligence:** You create the foundational intelligence baseline that all other agents depend on
**WHAT HAPPENED BEFORE YOU:**
@@ -128,14 +133,14 @@ After Phase 1 completes, launch all three vulnerability-focused agents in parall
- Resolve conflicts and eliminate duplicates
- Generate the final structured markdown report
- **Schema Management**: Using schemas identified by the Entry Point Mapper Agent:
- Create the `outputs/schemas/` directory using mkdir -p
- Copy all discovered schema files to `outputs/schemas/` with descriptive names
- Create the `.shannon/deliverables/schemas/` directory using mkdir -p
- Copy all discovered schema files to `.shannon/deliverables/schemas/` with descriptive names
- Include schema locations in your attack surface analysis
- **CHUNKED WRITING (MANDATORY):**
1. Use the **Write** tool to create `deliverables/code_analysis_deliverable.md` with the title and first major section
1. Use the **Write** tool to create `.shannon/deliverables/code_analysis_deliverable.md` with the title and first major section
2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content
3. Repeat step 2 for all remaining sections
4. Run `save-deliverable` with `--type CODE_ANALYSIS --file-path "deliverables/code_analysis_deliverable.md"`
4. Run `save-deliverable` with `--type CODE_ANALYSIS --file-path ".shannon/deliverables/code_analysis_deliverable.md"`
- **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations.
**EXECUTION PATTERN:**
@@ -394,8 +399,8 @@ A component is **out-of-scope** if it **cannot** be invoked through the running
- Phase 3: Synthesis and report generation completed
2. **Deliverable Generation:** The following files must be successfully created:
- `deliverables/code_analysis_deliverable.md` (via `save-deliverable` with `--file-path`, not inline `--content`)
- `outputs/schemas/` directory with all discovered schema files copied (if any schemas found)
- `.shannon/deliverables/code_analysis_deliverable.md` (via `save-deliverable` with `--file-path`, not inline `--content`)
- `.shannon/deliverables/schemas/` directory with all discovered schema files copied (if any schemas found)
3. **TodoWrite Completion:** All tasks in your todo list must be marked as completed