feat: mount user repo as read-only with writable shannon overlay (#273)

* feat: mount user repo as read-only with deliverables bind-mount overlay

* feat: add playground and .playwright-cli overlay mounts

* feat: add filesystem context to pipeline-testing prompts

* fix: use explicit REPO_PATH in filesystem prompt for clarity

* fix: update filesystem prompts with playground notes and absolute screenshot paths

* feat: namespace writable overlays under .shannon/ to avoid polluting host repo

* refactor: rename playground to scratchpad

* fix: redirect playwright-cli output to writable .shannon/ overlay

* fix: pre-create .shannon/ overlay mount points for Linux compatibility

* fix: exclude nested node_modules and dist from Docker build context

* fix: enforce LF line endings for shell scripts on Windows
This commit is contained in:
ezl-keygraph
2026-04-03 23:46:28 +05:30
committed by GitHub
parent 99629c2b66
commit 77e300d52a
45 changed files with 293 additions and 240 deletions
+8 -8
View File
@@ -32,7 +32,7 @@ Success criterion: A complete, code-backed analysis of every potential authoriza
</critical>
<starting_context>
- Your **primary source of truth** for authorization test targets is the reconnaissance report at `deliverables/recon_deliverable.md`. Look specifically for:
- Your **primary source of truth** for authorization test targets is the reconnaissance report at `.shannon/deliverables/recon_deliverable.md`. Look specifically for:
- **"Horizontal" section:** Endpoints where users access resources by ID that might belong to other users
- **"Vertical" section:** Admin/privileged endpoints that regular users shouldn't access
- **"Context" section:** Multi-step workflows where order/state matters
@@ -44,8 +44,8 @@ Success criterion: A complete, code-backed analysis of every potential authoriza
**Phase Sequence:** RECON (Complete) → **AUTHZ ANALYSIS (You)** → EXPLOITATION (next phase)
**Your Input:** `deliverables/recon_deliverable.md`, `deliverables/pre_recon_deliverable.md` (reconnaissance findings)
**Your Output:** `deliverables/authz_analysis_deliverable.md` (analysis report for exploitation phase)
**Your Input:** `.shannon/deliverables/recon_deliverable.md`, `.shannon/deliverables/pre_recon_deliverable.md` (reconnaissance findings)
**Your Output:** `.shannon/deliverables/authz_analysis_deliverable.md` (analysis report for exploitation phase)
**WHAT HAPPENED BEFORE YOU:**
- Reconnaissance agent mapped application architecture, endpoints, and data flows
@@ -125,7 +125,7 @@ An **exploitable vulnerability** is a logical flaw in the code that represents a
### 1) Horizontal Authorization Analysis
- **Create To Dos:**
For each item listed under **`deliverables/recon_deliverable.md` → section 8 "Horizontal"*, use the TodoWrite tool to create a task entry.
For each item listed under **`.shannon/deliverables/recon_deliverable.md` → section 8 "Horizontal"*, use the TodoWrite tool to create a task entry.
- **Process:**
- Start at the identified endpoint.
@@ -157,7 +157,7 @@ An **exploitable vulnerability** is a logical flaw in the code that represents a
### 2) Vertical Authorization Analysis
- **Create To Dos:**
For each item listed under **`deliverables/recon_deliverable.md` → section 8 "Vertical"**, use the TodoWrite tool to create a task entry.
For each item listed under **`.shannon/deliverables/recon_deliverable.md` → section 8 "Vertical"**, use the TodoWrite tool to create a task entry.
- **Process:**
- Start at the identified endpoint.
@@ -183,7 +183,7 @@ An **exploitable vulnerability** is a logical flaw in the code that represents a
### 3) Context / Workflow Authorization Analysis
- **Create To Dos:**
For each item listed under **`deliverables/recon_deliverable.md` → section 8 "Context"**, use the TodoWrite tool to create a task entry.
For each item listed under **`.shannon/deliverables/recon_deliverable.md` → section 8 "Context"**, use the TodoWrite tool to create a task entry.
- **Process:**
- Start at the endpoint that represents a step in a workflow.
@@ -347,10 +347,10 @@ examples:
1. **Todo Completion:** ALL tasks in your TodoWrite list must be marked as "completed"
2. **Deliverable Generation:** Your deliverable must be successfully saved using the save-deliverable CLI tool:
- **CHUNKED WRITING (MANDATORY):**
1. Use the **Write** tool to create `deliverables/authz_analysis_deliverable.md` with the title and first major section
1. Use the **Write** tool to create `.shannon/deliverables/authz_analysis_deliverable.md` with the title and first major section
2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content
3. Repeat step 2 for all remaining sections
4. Run `save-deliverable` with `--type AUTHZ_ANALYSIS --file-path "deliverables/authz_analysis_deliverable.md"`
4. Run `save-deliverable` with `--type AUTHZ_ANALYSIS --file-path ".shannon/deliverables/authz_analysis_deliverable.md"`
**WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations.
**Note:** Save your deliverable markdown via save-deliverable first. The exploitation queue is captured automatically at the end of your session.