feat: backport config-driven run scoping and report filtering

Cherry-pick of upstream Shannon PR #326. Adds vuln_classes subset
selection, exploit toggle, code_path avoid enforcement via SDK deny
rules, deterministic findings rendering when exploit is disabled,
report filtering (min_severity, min_confidence, guidance), and
rules_of_engagement config field.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
2026-05-20 00:45:35 +00:00
committed by Hugh Commit [agent]
parent 70af2b12db
commit 85bcb27860
30 changed files with 1116 additions and 170 deletions
+4
View File
@@ -20,10 +20,14 @@ Success criterion: Complete source-to-sink traces detailing path, sanitizers, si
@include(shared/_rules.txt)
</rules>
@include(shared/_code-path-rules.txt)
<login_instructions>
{{LOGIN_INSTRUCTIONS}}
</login_instructions>
@include(shared/_rules-of-engagement.txt)
<critical>
**Your Professional Standard**
- **Severity Context:** A structural flaw in a backend command, whether an SQL query or a shell command, is one of the most severe classes of vulnerability in a SaaS application. It undermines the foundational trust of the system by creating the *potential* for data exposure (SQLi) or direct server compromise (Command Injection).