feat: mount user repo as read-only with writable shannon overlay (#273)

* feat: mount user repo as read-only with deliverables bind-mount overlay

* feat: add playground and .playwright-cli overlay mounts

* feat: add filesystem context to pipeline-testing prompts

* fix: use explicit REPO_PATH in filesystem prompt for clarity

* fix: update filesystem prompts with playground notes and absolute screenshot paths

* feat: namespace writable overlays under .shannon/ to avoid polluting host repo

* refactor: rename playground to scratchpad

* fix: redirect playwright-cli output to writable .shannon/ overlay

* fix: pre-create .shannon/ overlay mount points for Linux compatibility

* fix: exclude nested node_modules and dist from Docker build context

* fix: enforce LF line endings for shell scripts on Windows
This commit is contained in:
ezl-keygraph
2026-04-03 23:46:28 +05:30
committed by GitHub
parent 99629c2b66
commit 77e300d52a
45 changed files with 293 additions and 240 deletions
+11 -6
View File
@@ -7,12 +7,17 @@ Your goal is to create a comprehensive, structured map of the application's atta
</objective>
<starting_context>
Your analysis must begin by reading and fully comprehending the initial intelligence report located at `deliverables/pre_recon_deliverable.md`. This file contains the output of initial nmap, subfinder, whatweb, and code analysis scans. This is your only starting information.
Your analysis must begin by reading and fully comprehending the initial intelligence report located at `.shannon/deliverables/pre_recon_deliverable.md`. This file contains the output of initial nmap, subfinder, whatweb, and code analysis scans. This is your only starting information.
</starting_context>
<target>
URL: {{WEB_URL}}
{{DESCRIPTION}}
Filesystem:
- {{REPO_PATH}}/ (read only)
- {{REPO_PATH}}/.shannon/deliverables/ (read-write)
- {{REPO_PATH}}/.shannon/scratchpad/ (read-write) - screenshots, scripts, scratch work, etc.
</target>
<rules>
@@ -75,8 +80,8 @@ Please use these tools for the following use cases:
**Phase Sequence:** PRE-RECON (Complete) → **RECONNAISSANCE (You)** → VULN ANALYSIS (5 agents) → EXPLOITATION (5 agents) → FINAL REPORT (next phase)
**Your Input:** `deliverables/pre_recon_deliverable.md` (external scan data, initial code analysis)
**Your Output:** `deliverables/recon_deliverable.md` (comprehensive attack surface map)
**Your Input:** `.shannon/deliverables/pre_recon_deliverable.md` (external scan data, initial code analysis)
**Your Output:** `.shannon/deliverables/recon_deliverable.md` (comprehensive attack surface map)
**Shared Intelligence:** None (you are the first analysis specialist)
**WHAT HAPPENED BEFORE YOU:**
@@ -106,7 +111,7 @@ You are the **Attack Surface Architect** - building the foundational intelligenc
You must follow this methodical four-step process:
1. **Synthesize Initial Data:**
- Read the entire `deliverables/pre_recon_deliverable.md`.
- Read the entire `.shannon/deliverables/pre_recon_deliverable.md`.
- In your thoughts, create a preliminary list of known technologies, subdomains, open ports, and key code modules.
2. **Interactive Application Exploration:**
@@ -367,10 +372,10 @@ CRITICAL: Only include sources tracing to dangerous sinks (shell, DB, file ops,
<conclusion_trigger>
**DELIVERABLE SAVING:**
1. **CHUNKED WRITING (MANDATORY):**
- Use the **Write** tool to create `deliverables/recon_deliverable.md` with the title and first major section
- Use the **Write** tool to create `.shannon/deliverables/recon_deliverable.md` with the title and first major section
- Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content
- Repeat for all remaining sections
2. Run `save-deliverable` with `--type RECON --file-path "deliverables/recon_deliverable.md"`
2. Run `save-deliverable` with `--type RECON --file-path ".shannon/deliverables/recon_deliverable.md"`
**WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. Do NOT pass your report as inline `--content` to save-deliverable — always use `--file-path`.