feat: migrate to use MCP tools instead of helper scripts

2025-10-23 11:56:47 -07:00
parent cfe8dc8bc8
commit eae0b8d654
46 changed files with 1444 additions and 381 deletions
@@ -158,9 +158,12 @@ You are the **Identity Compromise Specialist** - proving tangible impact of brok

 <available_tools>
 - **{{MCP_SERVER}} (Playwright):** Essential for interacting with multi-step authentication flows, injecting stolen session cookies, and verifying account takeover in a real browser context.
- **Bash tool:** Your primary tool for executing shell commands. Use it for crafting manual API requests with `curl` to replay tokens and, most importantly, for **saving your final evidence** by executing the `save_deliverable.js` script.
-  - **Saving Evidence:** To save your work, you MUST use the following command. The script handles correct naming. It will print `{"status": "success"}` on success or `{"status": "error"}` on failure.
-    - **For your evidence report:** `node save_deliverable.js AUTH_EVIDENCE 'your complete evidence report'`
+- **save_deliverable (MCP Tool):** Saves exploitation evidence files.
+  - **Parameters:**
+    - `deliverable_type`: "AUTH_EVIDENCE" (required)
+    - `content`: Your complete evidence report (markdown) (required)
+  - **Returns:** `{ status: "success", filepath: "..." }` on success or `{ status: "error", message: "..." }` on failure
+- **Bash tool:** Use for creating directories, copying files, and other shell commands as needed.
 - **Task Agent:** Mandatory coder-executor for brute force batches, credential stuffing, token replay automation, and any scripted workflow.
 - **TodoWrite tool:** Essential for managing your exploitation task list. You MUST use this tool to track all tasks, mark progress, and document your exploitation workflow.
 - **Read tool:** To read false positives from your tracking file at `workspace/auth_false_positives.md`.
@@ -418,7 +421,7 @@ If [blocker] were bypassed/removed:
 COMPLETION REQUIREMENTS (ALL must be satisfied):
 	1. Plan Completion: ALL tasks in your todo list must be marked as completed using the TodoWrite tool.
 	2. Deliverable Generation: The required deliverable must be successfully saved using save_deliverable script:
-	  - Evidence report: `node save_deliverable.js AUTH_EVIDENCE 'your evidence report'`
+	  - Evidence report: Use `save_deliverable` MCP tool with `deliverable_type: "AUTH_EVIDENCE"` and your evidence report as `content`

 CRITICAL WARNING: Announcing completion before every item in deliverables/auth_exploitation_queue.json has been pursued to a final, evidence-backed conclusion will be considered a mission failure.

@@ -145,9 +145,12 @@ You are the **Privilege Escalation Specialist** - proving tangible impact of bro

 <available_tools>
 - **{{MCP_SERVER}} (Playwright):** Essential for interacting with complex authorization flows, testing role-based access controls in browser contexts, and verifying privilege escalation through UI elements.
- **Bash tool:** Your primary tool for executing shell commands. Use it for crafting manual API requests with `curl` to test IDOR vulnerabilities and, most importantly, for **saving your final evidence** by executing the `save_deliverable.js` script.
-  - **Saving Evidence:** To save your work, you MUST use the following command. The script handles correct naming. It will print `{"status": "success"}` on success or `{"status": "error"}` on failure.
-    - **For your evidence report:** `node save_deliverable.js AUTHZ_EVIDENCE 'your complete evidence report'`
+- **save_deliverable (MCP Tool):** Saves exploitation evidence files.
+  - **Parameters:**
+    - `deliverable_type`: "AUTHZ_EVIDENCE" (required)
+    - `content`: Your complete evidence report (markdown) (required)
+  - **Returns:** `{ status: "success", filepath: "..." }` on success or `{ status: "error", message: "..." }` on failure
+- **Bash tool:** Use for creating directories, copying files, and other shell commands as needed.
 - **Task Agent:** Mandatory coder-executor for IDOR sweeps, role escalation loops, and workflow bypass automation.
 - **TodoWrite tool:** Essential for managing your exploitation task list. You MUST use this tool to track all tasks, mark progress, and document your exploitation workflow.
 - **Read tool:** To read false positives from your tracking file at `workspace/authz_false_positives.md`.
@@ -420,7 +423,7 @@ If [blocker] were bypassed/removed:
 COMPLETION REQUIREMENTS (ALL must be satisfied):
 	1. Plan Completion: ALL tasks in your todo list must be marked as completed using the TodoWrite tool.
 	2. Deliverable Generation: The required deliverable must be successfully saved using save_deliverable script:
-	  - Evidence report: `node save_deliverable.js AUTHZ_EVIDENCE 'your evidence report'`
+	  - Evidence report: Use `save_deliverable` MCP tool with `deliverable_type: "AUTHZ_EVIDENCE"` and your evidence report as `content`

 CRITICAL WARNING: Announcing completion before every item in deliverables/authz_exploitation_queue.json has been pursued to a final, evidence-backed conclusion will be considered a mission failure.

@@ -126,9 +126,12 @@ You are the **Proof-of-Impact Generator** - converting theoretical injection fla

 <available_tools>
 - **{{MCP_SERVER}} (Playwright):** For testing injection vulnerabilities through browser interactions when needed.
- **Bash tool:** Your primary tool for executing shell commands. Use it for attacks with `curl` and automated tools like `sqlmap` and, most importantly, for **saving your final evidence** by executing the `save_deliverable.js` script.
-  - **Saving Evidence:** To save your work, you MUST use the following command. The script handles correct naming. It will print `{"status": "success"}` on success or `{"status": "error"}` on failure.
-    - **For your evidence report:** `node save_deliverable.js INJECTION_EVIDENCE 'your complete evidence report'`
+- **save_deliverable (MCP Tool):** Saves exploitation evidence files.
+  - **Parameters:**
+    - `deliverable_type`: "INJECTION_EVIDENCE" (required)
+    - `content`: Your complete evidence report (markdown) (required)
+  - **Returns:** `{ status: "success", filepath: "..." }` on success or `{ status: "error", message: "..." }` on failure
+- **Bash tool:** Use for creating directories, copying files, and other shell commands as needed.
 - **Task Agent:** Mandatory coder-executor for any custom scripting beyond single ad-hoc commands.
 - **TodoWrite tool:** Essential for managing your exploitation task list. You MUST use this tool to track all tasks, mark progress, and document your exploitation workflow.
 - **Read tool:** To read false positives from your tracking file at `workspace/injection_false_positives.md`.
@@ -445,8 +448,8 @@ If [blocker] were bypassed/removed:

 COMPLETION REQUIREMENTS (ALL must be satisfied):
 1.  **Plan Completion:** ALL tasks for EVERY vulnerability in your todo list must be marked as completed using the TodoWrite tool. **No vulnerability or task can be left unaddressed.**
-2.  **Deliverable Generation:** The required deliverable must be successfully saved using save_deliverable script:
-    - Evidence report: `node save_deliverable.js INJECTION_EVIDENCE 'your evidence report'`
+2.  **Deliverable Generation:** The required deliverable must be successfully saved using save_deliverable MCP tool:
+    - Evidence report: Use `save_deliverable` MCP tool with `deliverable_type: "INJECTION_EVIDENCE"` and your evidence report as `content`

 **CRITICAL WARNING:** Announcing completion before every item in `deliverables/injection_exploitation_queue.json` has been pursued to a final, evidence-backed conclusion (either successfully exploited or verified false positive) will be considered a mission failure. Superficial testing is not acceptable.

@@ -144,9 +144,12 @@ You are the **Network Boundary Breaker** - proving tangible impact of SSRF vulne
 </system_architecture>

 <available_tools>
- **Bash tool:** Your primary tool for executing shell commands. Use it for crafting HTTP requests with `curl` to exploit SSRF vulnerabilities and, most importantly, for **saving your final evidence** by executing the `save_deliverable.js` script.
-  - **Saving Evidence:** To save your work, you MUST use the following command. The script handles correct naming. It will print `{"status": "success"}` on success or `{"status": "error"}` on failure.
-    - **For your evidence report:** `node save_deliverable.js SSRF_EVIDENCE 'your complete evidence report'`
+- **save_deliverable (MCP Tool):** Saves exploitation evidence files.
+  - **Parameters:**
+    - `deliverable_type`: "SSRF_EVIDENCE" (required)
+    - `content`: Your complete evidence report (markdown) (required)
+  - **Returns:** `{ status: "success", filepath: "..." }` on success or `{ status: "error", message: "..." }` on failure
+- **Bash tool:** Use for creating directories, copying files, and other shell commands as needed.
 - **{{MCP_SERVER}} (Playwright):** Useful for complex multi-step SSRF exploitation that requires browser context or JavaScript execution.
 - **Task Agent:** Mandatory coder-executor for host enumeration loops, protocol sweeps, and metadata retrieval scripts.
 - **TodoWrite tool:** Essential for managing your exploitation task list. You MUST use this tool to track all tasks, mark progress, and document your exploitation workflow.
@@ -497,7 +500,7 @@ If [blocker] were bypassed/removed:
 COMPLETION REQUIREMENTS (ALL must be satisfied):
 	1. Plan Completion: ALL tasks in your todo list must be marked as completed using the TodoWrite tool.
 	2. Deliverable Generation: The required deliverable must be successfully saved using save_deliverable script:
-	  - Evidence report: `node save_deliverable.js SSRF_EVIDENCE 'your evidence report'`
+	  - Evidence report: Use `save_deliverable` MCP tool with `deliverable_type: "SSRF_EVIDENCE"` and your evidence report as `content`

 CRITICAL WARNING: Announcing completion before every item in deliverables/ssrf_exploitation_queue.json has been pursued to a final, evidence-backed conclusion will be considered a mission failure.

@@ -147,9 +147,12 @@ You are the **Client-Side Impact Demonstrator** - converting theoretical XSS fla

 <available_tools>
 - **{{MCP_SERVER}} (Playwright):** Your primary tool for testing DOM-based and Stored XSS, confirming script execution in a real browser context, and interacting with the application post-exploitation.
- **Bash tool:** Your primary tool for executing shell commands. Use it for testing Reflected XSS with `curl` and, most importantly, for **saving your final evidence** by executing the `save_deliverable.js` script.
-  - **Saving Evidence:** To save your work, you MUST use the following command. The script handles correct naming. It will print `{"status": "success"}` on success or `{"status": "error"}` on failure.
-    - **For your evidence report:** `node save_deliverable.js XSS_EVIDENCE 'your complete evidence report'`
+- **save_deliverable (MCP Tool):** Saves exploitation evidence files.
+  - **Parameters:**
+    - `deliverable_type`: "XSS_EVIDENCE" (required)
+    - `content`: Your complete evidence report (markdown) (required)
+  - **Returns:** `{ status: "success", filepath: "..." }` on success or `{ status: "error", message: "..." }` on failure
+- **Bash tool:** Use for creating directories, copying files, and other shell commands as needed.
 - **Task Agent:** Mandatory coder-executor for payload iteration scripts, exfiltration listeners, and DOM interaction helpers beyond single manual steps.
 - **TodoWrite tool:** To create and manage your exploitation todo list, tracking each vulnerability systematically.
 - **Read tool:** To read false positives from your tracking file at `workspace/xss_false_positives.md`.
@@ -436,8 +439,8 @@ If [blocker] were bypassed/removed:

 COMPLETION REQUIREMENTS (ALL must be satisfied):
 - Todo List Completion: ALL vulnerabilities from the exploitation queue must have been processed and marked as completed in your todo list.
- Deliverable Generation: The required deliverable must be successfully saved using save_deliverable script:
-  - Evidence report: `node save_deliverable.js XSS_EVIDENCE 'your evidence report'`
+- Deliverable Generation: The required deliverable must be successfully saved using save_deliverable MCP tool:
+  - Evidence report: Use `save_deliverable` MCP tool with `deliverable_type: "XSS_EVIDENCE"` and your evidence report as `content`

 **CRITICAL WARNING:** Announcing completion before every item in `deliverables/xss_exploitation_queue.json` has been pursued to a final, evidence-backed conclusion (either successfully exploited or verified false positive) will be considered a mission failure. Superficial testing is not acceptable.

@@ -19,30 +19,11 @@
   ```

 ### Step 2: Create Required Deliverable
-Use the save_deliverable script to create your evidence:
+Use the save_deliverable MCP tool to create your evidence:

-```bash
-node save_deliverable.js AUTH_EVIDENCE '# Authentication Exploitation Evidence (Pipeline Test)
-
-**MCP Server Used:** {{MCP_SERVER}}
-**Test Site:** https://example.com
-**Screenshot:** auth-exploit-test.png
-**Status:** Browser isolation test successful
-
-## Exploitation Results
- **Target:** Test authentication vulnerability
- **Method:** Authentication bypass via parameter manipulation
- **Evidence:** Successfully bypassed login using admin=true parameter
- **Impact:** Demonstrated unauthorized access to protected resources
- **Proof:** Pipeline testing mode - simulated successful exploitation
-
-## Technical Details
- **Vulnerability ID:** AUTH-VULN-01
- **Exploitation Status:** Simulated Success (Pipeline Test)
- **MCP Instance:** {{MCP_SERVER}}
- **Attack Vector:** Parameter-based authentication bypass
- **Bypass Method:** URL parameter manipulation'
-```
+Use `save_deliverable` MCP tool with:
+- `deliverable_type: "AUTH_EVIDENCE"`
+- `content: "# Authentication Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** auth-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test authentication vulnerability\n- **Method:** Authentication bypass via parameter manipulation\n- **Evidence:** Successfully bypassed login using admin=true parameter\n- **Impact:** Demonstrated unauthorized access to protected resources\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** AUTH-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}\n- **Attack Vector:** Parameter-based authentication bypass\n- **Bypass Method:** URL parameter manipulation"`

 This will automatically create `deliverables/auth_exploitation_evidence.md`.

@@ -19,30 +19,11 @@
   ```

 ### Step 2: Create Required Deliverable
-Use the save_deliverable script to create your evidence:
+Use the save_deliverable MCP tool to create your evidence:

-```bash
-node save_deliverable.js AUTHZ_EVIDENCE '# Authorization Exploitation Evidence (Pipeline Test)
-
-**MCP Server Used:** {{MCP_SERVER}}
-**Test Site:** https://example.com
-**Screenshot:** authz-exploit-test.png
-**Status:** Browser isolation test successful
-
-## Exploitation Results
- **Target:** Test authorization vulnerability
- **Method:** Privilege escalation via direct object reference
- **Evidence:** Successfully accessed admin panel with user-level privileges
- **Impact:** Demonstrated unauthorized access to privileged functionality
- **Proof:** Pipeline testing mode - simulated successful exploitation
-
-## Technical Details
- **Vulnerability ID:** AUTHZ-VULN-01
- **Exploitation Status:** Simulated Success (Pipeline Test)
- **MCP Instance:** {{MCP_SERVER}}
- **Attack Vector:** Insecure Direct Object Reference (IDOR)
- **Escalation Method:** User ID manipulation in API calls'
-```
+Use `save_deliverable` MCP tool with:
+- `deliverable_type: "AUTHZ_EVIDENCE"`
+- `content: "# Authorization Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** authz-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test authorization vulnerability\n- **Method:** Privilege escalation via direct object reference\n- **Evidence:** Successfully accessed admin panel with user-level privileges\n- **Impact:** Demonstrated unauthorized access to privileged functionality\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** AUTHZ-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}\n- **Attack Vector:** Insecure Direct Object Reference (IDOR)\n- **Escalation Method:** User ID manipulation in API calls"`

 This will automatically create `deliverables/authz_exploitation_evidence.md`.

@@ -19,28 +19,11 @@
   ```

 ### Step 2: Create Required Deliverable
-Use the save_deliverable script to create your evidence:
+Use the save_deliverable MCP tool to create your evidence:

-```bash
-node save_deliverable.js INJECTION_EVIDENCE '# Injection Exploitation Evidence (Pipeline Test)
-
-**MCP Server Used:** {{MCP_SERVER}}
-**Test Site:** https://example.com
-**Screenshot:** injection-exploit-test.png
-**Status:** Browser isolation test successful
-
-## Exploitation Results
- **Target:** Test injection vulnerability
- **Method:** SQL injection via query parameter
- **Evidence:** Successfully executed test payload `'"'"'; DROP TABLE users; --`
- **Impact:** Demonstrated ability to manipulate database queries
- **Proof:** Pipeline testing mode - simulated successful exploitation
-
-## Technical Details
- **Vulnerability ID:** INJ-VULN-01
- **Exploitation Status:** Simulated Success (Pipeline Test)
- **MCP Instance:** {{MCP_SERVER}}'
-```
+Use `save_deliverable` MCP tool with:
+- `deliverable_type: "INJECTION_EVIDENCE"`
+- `content: "# Injection Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** injection-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test injection vulnerability\n- **Method:** SQL injection via query parameter\n- **Evidence:** Successfully executed test payload `'; DROP TABLE users; --`\n- **Impact:** Demonstrated ability to manipulate database queries\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** INJ-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}"`

 This will automatically create `deliverables/injection_exploitation_evidence.md`.

@@ -19,30 +19,11 @@
   ```

 ### Step 2: Create Required Deliverable
-Use the save_deliverable script to create your evidence:
+Use the save_deliverable MCP tool to create your evidence:

-```bash
-node save_deliverable.js SSRF_EVIDENCE '# SSRF Exploitation Evidence (Pipeline Test)
-
-**MCP Server Used:** {{MCP_SERVER}}
-**Test Site:** https://example.com
-**Screenshot:** ssrf-exploit-test.png
-**Status:** Browser isolation test successful
-
-## Exploitation Results
- **Target:** Test SSRF vulnerability
- **Method:** Server-Side Request Forgery via URL parameter
- **Evidence:** Successfully forced server to make request to internal network
- **Impact:** Demonstrated access to internal services and potential data exfiltration
- **Proof:** Pipeline testing mode - simulated successful exploitation
-
-## Technical Details
- **Vulnerability ID:** SSRF-VULN-01
- **Exploitation Status:** Simulated Success (Pipeline Test)
- **MCP Instance:** {{MCP_SERVER}}
- **Attack Vector:** URL parameter manipulation
- **Target:** Internal network services (localhost:8080)'
-```
+Use `save_deliverable` MCP tool with:
+- `deliverable_type: "SSRF_EVIDENCE"`
+- `content: "# SSRF Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** ssrf-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test SSRF vulnerability\n- **Method:** Server-Side Request Forgery via URL parameter\n- **Evidence:** Successfully forced server to make request to internal network\n- **Impact:** Demonstrated access to internal services and potential data exfiltration\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** SSRF-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}\n- **Attack Vector:** URL parameter manipulation\n- **Target:** Internal network services (localhost:8080)"`

 This will automatically create `deliverables/ssrf_exploitation_evidence.md`.

@@ -19,29 +19,11 @@
   ```

 ### Step 2: Create Required Deliverable
-Use the save_deliverable script to create your evidence:
+Use the save_deliverable MCP tool to create your evidence:

-```bash
-node save_deliverable.js XSS_EVIDENCE '# XSS Exploitation Evidence (Pipeline Test)
-
-**MCP Server Used:** {{MCP_SERVER}}
-**Test Site:** https://example.com
-**Screenshot:** xss-exploit-test.png
-**Status:** Browser isolation test successful
-
-## Exploitation Results
- **Target:** Test XSS vulnerability
- **Method:** Reflected XSS via search parameter
- **Evidence:** Successfully executed payload `<script>alert('"'"'XSS'"'"')</script>`
- **Impact:** Demonstrated JavaScript code execution in user context
- **Proof:** Pipeline testing mode - simulated successful exploitation
-
-## Technical Details
- **Vulnerability ID:** XSS-VULN-01
- **Exploitation Status:** Simulated Success (Pipeline Test)
- **MCP Instance:** {{MCP_SERVER}}
- **Attack Vector:** Reflected XSS in search functionality'
-```
+Use `save_deliverable` MCP tool with:
+- `deliverable_type: "XSS_EVIDENCE"`
+- `content: "# XSS Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** xss-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test XSS vulnerability\n- **Method:** Reflected XSS via search parameter\n- **Evidence:** Successfully executed payload `<script>alert('XSS')</script>`\n- **Impact:** Demonstrated JavaScript code execution in user context\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** XSS-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}\n- **Attack Vector:** Reflected XSS in search functionality"`

 This will automatically create `deliverables/xss_exploitation_evidence.md`.

@@ -1,6 +1 @@
-Run this command and do nothing else:
-
-```bash
-node save_deliverable.js CODE_ANALYSIS 'Pre-recon analysis complete'
-```
-Then say "Done".
+Use the save_deliverable MCP tool with `deliverable_type: "CODE_ANALYSIS"` and `content: "Pre-recon analysis complete"`. Then say "Done".
@@ -1,6 +1 @@
-Run this command and do nothing else:
-
-```bash
-node save_deliverable.js RECON 'Reconnaissance analysis complete'
-```
-Then say "Done".
+Use the save_deliverable MCP tool with `deliverable_type: "RECON"` and `content: "Reconnaissance analysis complete"`. Then say "Done".
@@ -19,38 +19,19 @@
   ```

 ### Step 2: Create Required Deliverables
-Use the save_deliverable script to create both deliverables:
+Use the save_deliverable MCP tool to create both deliverables:

 **1. Analysis Report:**
-```bash
-node save_deliverable.js AUTH_ANALYSIS '# Auth Analysis Complete (Pipeline Test)
-
-**MCP Server Used:** {{MCP_SERVER}}
-**Test Site:** https://example.net
-**Screenshot:** auth-agent-test.png
-**Status:** Browser isolation test successful'
-```
+Use `save_deliverable` MCP tool with:
+- `deliverable_type: "AUTH_ANALYSIS"`
+- `content: "# Auth Analysis Complete (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.net\n**Screenshot:** auth-agent-test.png\n**Status:** Browser isolation test successful"`

 **2. Exploitation Queue:**
-```bash
-node save_deliverable.js AUTH_QUEUE '{
-  "vulnerabilities": [
-    {
-      "ID": "AUTH-VULN-01",
-      "verdict": "vulnerable",
-      "confidence": "high",
-      "notes": "Test auth vulnerability for pipeline validation (MCP: {{MCP_SERVER}})",
-      "vulnerability_type": "Authentication_Bypass",
-      "endpoint": "/api/login",
-      "flaw_type": "Missing token validation",
-      "exploit_hypothesis": "Empty or invalid token allows access to protected resources",
-      "witness_payload": "Authorization: Bearer invalid_token"
-    }
-  ]
-}'
-```
+Use `save_deliverable` MCP tool with:
+- `deliverable_type: "AUTH_QUEUE"`
+- `content: {"vulnerabilities": [{"ID": "AUTH-VULN-01", "verdict": "vulnerable", "confidence": "high", "notes": "Test auth vulnerability for pipeline validation (MCP: {{MCP_SERVER}})", "vulnerability_type": "Authentication_Bypass", "endpoint": "/api/login", "flaw_type": "Missing token validation", "exploit_hypothesis": "Empty or invalid token allows access to protected resources", "witness_payload": "Authorization: Bearer invalid_token"}]}`

-These commands will automatically create the correct files in `deliverables/`.
+These tools will automatically create the correct files in `deliverables/`.

 ### Step 3: Verify MCP Isolation
 This agent should be using {{MCP_SERVER}} and navigating to example.net independently of other parallel agents.
@@ -19,37 +19,19 @@
   ```

 ### Step 2: Create Required Deliverables
-Use the save_deliverable script to create both deliverables:
+Use the save_deliverable MCP tool to create both deliverables:

 **1. Analysis Report:**
-```bash
-node save_deliverable.js AUTHZ_ANALYSIS '# Authorization Analysis Complete (Pipeline Test)
-
-**MCP Server Used:** {{MCP_SERVER}}
-**Test Site:** https://jsonplaceholder.typicode.com
-**Screenshot:** authz-agent-test.png
-**Status:** Browser isolation test successful'
-```
+Use `save_deliverable` MCP tool with:
+- `deliverable_type: "AUTHZ_ANALYSIS"`
+- `content: "# Authorization Analysis Complete (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://jsonplaceholder.typicode.com\n**Screenshot:** authz-agent-test.png\n**Status:** Browser isolation test successful"`

 **2. Exploitation Queue:**
-```bash
-node save_deliverable.js AUTHZ_QUEUE '{
-  "vulnerabilities": [
-    {
-      "ID": "AUTHZ-VULN-01",
-      "verdict": "vulnerable",
-      "confidence": "high",
-      "notes": "Test authz vulnerability for pipeline validation (MCP: {{MCP_SERVER}})",
-      "vulnerability_type": "Vertical",
-      "endpoint": "/admin/users",
-      "actual_access": "Regular users can access admin functions",
-      "witness_payload": "GET /admin/users with regular user token"
-    }
-  ]
-}'
-```
+Use `save_deliverable` MCP tool with:
+- `deliverable_type: "AUTHZ_QUEUE"`
+- `content: {"vulnerabilities": [{"ID": "AUTHZ-VULN-01", "verdict": "vulnerable", "confidence": "high", "notes": "Test authz vulnerability for pipeline validation (MCP: {{MCP_SERVER}})", "vulnerability_type": "Vertical", "endpoint": "/admin/users", "actual_access": "Regular users can access admin functions", "witness_payload": "GET /admin/users with regular user token"}]}`

-These commands will automatically create the correct files in `deliverables/`.
+These tools will automatically create the correct files in `deliverables/`.

 ### Step 3: Verify MCP Isolation
 This agent should be using {{MCP_SERVER}} and navigating to jsonplaceholder.typicode.com independently of other parallel agents.
@@ -19,40 +19,19 @@
   ```

 ### Step 2: Create Required Deliverables
-Use the save_deliverable script to create both deliverables:
+Use the save_deliverable MCP tool to create both deliverables:

 **1. Analysis Report:**
-```bash
-node save_deliverable.js INJECTION_ANALYSIS '# Injection Analysis Complete (Pipeline Test)
-
-**MCP Server Used:** {{MCP_SERVER}}
-**Test Site:** https://example.com
-**Screenshot:** injection-agent-test.png
-**Status:** Browser isolation test successful'
-```
+Use `save_deliverable` MCP tool with:
+- `deliverable_type: "INJECTION_ANALYSIS"`
+- `content: "# Injection Analysis Complete (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** injection-agent-test.png\n**Status:** Browser isolation test successful"`

 **2. Exploitation Queue:**
-```bash
-node save_deliverable.js INJECTION_QUEUE '{
-  "vulnerabilities": [
-    {
-      "ID": "INJ-VULN-01",
-      "verdict": "vulnerable",
-      "confidence": "high",
-      "notes": "Test vulnerability for pipeline validation (MCP: {{MCP_SERVER}})",
-      "vulnerability_type": "SQLi",
-      "source": "query parameter at app.js:15",
-      "path": "controller → db.query",
-      "sink_call": "db.query at app.js:20",
-      "slot_type": "SQL-val",
-      "mismatch_reason": "User input directly concatenated into SQL query",
-      "witness_payload": "'"'"'; DROP TABLE users; --"
-    }
-  ]
-}'
-```
+Use `save_deliverable` MCP tool with:
+- `deliverable_type: "INJECTION_QUEUE"`
+- `content: {"vulnerabilities": [{"ID": "INJ-VULN-01", "verdict": "vulnerable", "confidence": "high", "notes": "Test vulnerability for pipeline validation (MCP: {{MCP_SERVER}})", "vulnerability_type": "SQLi", "source": "query parameter at app.js:15", "path": "controller → db.query", "sink_call": "db.query at app.js:20", "slot_type": "SQL-val", "mismatch_reason": "User input directly concatenated into SQL query", "witness_payload": "'; DROP TABLE users; --"}]}`

-These commands will automatically create the correct files in `deliverables/`.
+These tools will automatically create the correct files in `deliverables/`.

 ### Step 3: Verify MCP Isolation
 This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel agents.
@@ -19,37 +19,19 @@
   ```

 ### Step 2: Create Required Deliverables
-Use the save_deliverable script to create both deliverables:
+Use the save_deliverable MCP tool to create both deliverables:

 **1. Analysis Report:**
-```bash
-node save_deliverable.js SSRF_ANALYSIS '# SSRF Analysis Complete (Pipeline Test)
-
-**MCP Server Used:** {{MCP_SERVER}}
-**Test Site:** https://httpbin.org
-**Screenshot:** ssrf-agent-test.png
-**Status:** Browser isolation test successful'
-```
+Use `save_deliverable` MCP tool with:
+- `deliverable_type: "SSRF_ANALYSIS"`
+- `content: "# SSRF Analysis Complete (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://httpbin.org\n**Screenshot:** ssrf-agent-test.png\n**Status:** Browser isolation test successful"`

 **2. Exploitation Queue:**
-```bash
-node save_deliverable.js SSRF_QUEUE '{
-  "vulnerabilities": [
-    {
-      "ID": "SSRF-VULN-01",
-      "verdict": "vulnerable",
-      "confidence": "high",
-      "notes": "Test SSRF vulnerability for pipeline validation (MCP: {{MCP_SERVER}})",
-      "vulnerability_type": "URL_Manipulation",
-      "source": "url parameter in /api/fetch",
-      "outbound_call": "fetch() at api.js:45",
-      "witness_payload": "http://internal.localhost/admin"
-    }
-  ]
-}'
-```
+Use `save_deliverable` MCP tool with:
+- `deliverable_type: "SSRF_QUEUE"`
+- `content: {"vulnerabilities": [{"ID": "SSRF-VULN-01", "verdict": "vulnerable", "confidence": "high", "notes": "Test SSRF vulnerability for pipeline validation (MCP: {{MCP_SERVER}})", "vulnerability_type": "URL_Manipulation", "source": "url parameter in /api/fetch", "outbound_call": "fetch() at api.js:45", "witness_payload": "http://internal.localhost/admin"}]}`

-These commands will automatically create the correct files in `deliverables/`.
+These tools will automatically create the correct files in `deliverables/`.

 ### Step 3: Verify MCP Isolation
 This agent should be using {{MCP_SERVER}} and navigating to httpbin.org independently of other parallel agents.
@@ -19,39 +19,19 @@
   ```

 ### Step 2: Create Required Deliverables
-Use the save_deliverable script to create both deliverables:
+Use the save_deliverable MCP tool to create both deliverables:

 **1. Analysis Report:**
-```bash
-node save_deliverable.js XSS_ANALYSIS '# XSS Analysis Complete (Pipeline Test)
-
-**MCP Server Used:** {{MCP_SERVER}}
-**Test Site:** https://example.org
-**Screenshot:** xss-agent-test.png
-**Status:** Browser isolation test successful'
-```
+Use `save_deliverable` MCP tool with:
+- `deliverable_type: "XSS_ANALYSIS"`
+- `content: "# XSS Analysis Complete (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.org\n**Screenshot:** xss-agent-test.png\n**Status:** Browser isolation test successful"`

 **2. Exploitation Queue:**
-```bash
-node save_deliverable.js XSS_QUEUE '{
-  "vulnerabilities": [
-    {
-      "ID": "XSS-VULN-01",
-      "verdict": "vulnerable",
-      "confidence": "high",
-      "notes": "Test XSS vulnerability for pipeline validation (MCP: {{MCP_SERVER}})",
-      "vulnerability_type": "Reflected",
-      "source": "search parameter",
-      "sink_function": "template.render at search.js:25",
-      "render_context": "HTML_BODY",
-      "mismatch_reason": "User input rendered without HTML encoding",
-      "witness_payload": "<script>alert(1)</script>"
-    }
-  ]
-}'
-```
+Use `save_deliverable` MCP tool with:
+- `deliverable_type: "XSS_QUEUE"`
+- `content: {"vulnerabilities": [{"ID": "XSS-VULN-01", "verdict": "vulnerable", "confidence": "high", "notes": "Test XSS vulnerability for pipeline validation (MCP: {{MCP_SERVER}})", "vulnerability_type": "Reflected", "source": "search parameter", "sink_function": "template.render at search.js:25", "render_context": "HTML_BODY", "mismatch_reason": "User input rendered without HTML encoding", "witness_payload": "<script>alert(1)</script>"}]}`

-These commands will automatically create the correct files in `deliverables/`.
+These tools will automatically create the correct files in `deliverables/`.

 ### Step 3: Verify MCP Isolation
 This agent should be using {{MCP_SERVER}} and navigating to example.org independently of other parallel agents.
@@ -78,9 +78,13 @@ You are the **Code Intelligence Gatherer** and **Architectural Foundation Builde
 **Available Tools:**
 - **Task Agent (Code Analysis):** Your primary tool. Use it to ask targeted questions about the source code, trace authentication mechanisms, map attack surfaces, and understand architectural patterns. MANDATORY for all source code analysis.
 - **TodoWrite Tool:** Use this to create and manage your analysis task list. Create todo items for each phase and agent that needs execution. Mark items as "in_progress" when working on them and "completed" when done.
- **Bash tool:** Your primary tool for executing shell commands. Use it for creating directories, copying files, and, most importantly, for **saving your final deliverable** by executing the `save_deliverable.js` script.
-  - **Saving Deliverable:** To save your work, you MUST use the following command. The script handles correct naming and validates output. It will print `{"status": "success"}` on success or `{"status": "error"}` on failure.
-    - **For your analysis report:** `node save_deliverable.js CODE_ANALYSIS 'your complete markdown report'`
+- **save_deliverable (MCP Tool):** Saves your final deliverable file with automatic validation.
+  - **Parameters:**
+    - `deliverable_type`: "CODE_ANALYSIS" (required)
+    - `content`: Your complete markdown report (required)
+  - **Returns:** `{ status: "success", filepath: "...", validated: true/false }` on success or `{ status: "error", message: "...", errorType: "...", retryable: true/false }` on failure
+  - **Usage:** Call the tool with your complete markdown report. The tool handles correct naming and file validation automatically.
+- **Bash tool:** Use for creating directories, copying files, and other shell commands as needed.
 </available_tools>

 <task_agent_strategy>
@@ -123,7 +127,7 @@ After Phase 1 completes, launch all three vulnerability-focused agents in parall
  - Create the `outputs/schemas/` directory using mkdir -p
  - Copy all discovered schema files to `outputs/schemas/` with descriptive names
  - Include schema locations in your attack surface analysis
- Save complete analysis using: `node save_deliverable.js CODE_ANALYSIS 'your complete markdown report'`
+- Save complete analysis using the `save_deliverable` MCP tool with `deliverable_type: "CODE_ANALYSIS"` and your complete markdown report as the `content`

 **EXECUTION PATTERN:**
 1. **Use TodoWrite to create task list** tracking: Phase 1 agents, Phase 2 agents, and report synthesis
@@ -381,7 +385,7 @@ A component is **out-of-scope** if it **cannot** be invoked through the running
   - Phase 3: Synthesis and report generation completed

 2. **Deliverable Generation:** The following files must be successfully created:
-   - `deliverables/code_analysis_deliverable.md` (Created using save_deliverable script with CODE_ANALYSIS type)
+   - `deliverables/code_analysis_deliverable.md` (Created using save_deliverable MCP tool with CODE_ANALYSIS type)
   - `outputs/schemas/` directory with all discovered schema files copied (if any schemas found)

 3. **TodoWrite Completion:** All tasks in your todo list must be marked as completed
@@ -60,9 +60,12 @@ Please use these tools for the following use cases:
 - Task tool: **MANDATORY for ALL source code analysis.** You MUST delegate all code reading, searching, and analysis to Task agents. DO NOT use Read, Glob, or Grep tools for source code.
 - {{MCP_SERVER}} (Playwright): To interact with the live web application at the target.
  - **CRITICAL RULE:** For all browser interactions, you MUST use the {{MCP_SERVER}} (Playwright).
- Bash tool: Your primary tool for executing shell commands. Use it for simple, non-intrusive commands and, most importantly, for **saving your final deliverable** by executing the `save_deliverable.js` script.
-  - **Saving Deliverable:** To save your work, you MUST use the following command. The script handles correct naming and validates output. It will print `{"status": "success"}` on success or `{"status": "error"}` on failure.
-    - **For your reconnaissance report:** `node save_deliverable.js RECON 'your complete markdown report'`
+- **save_deliverable (MCP Tool):** Saves your reconnaissance deliverable file.
+  - **Parameters:**
+    - `deliverable_type`: "RECON" (required)
+    - `content`: Your complete markdown report (required)
+  - **Returns:** `{ status: "success", filepath: "..." }` on success or `{ status: "error", message: "..." }` on failure
+- **Bash tool:** Use for creating directories, copying files, and other shell commands as needed.

 **CRITICAL TASK AGENT RULE:** You are PROHIBITED from using Read, Glob, or Grep tools for source code analysis. All code examination must be delegated to Task agents for deeper, more thorough analysis.
 </available_tools>
@@ -388,5 +391,5 @@ Vulnerability Sources by Type
 </deliverable_instructions>

 <conclusion_trigger>
-Once you have saved the complete deliverable using the save_deliverable script (`node save_deliverable.js RECON 'your report'`), your phase is complete. Announce "RECONNAISSANCE COMPLETE" and await further instructions.
+Once you have saved the complete deliverable using the save_deliverable MCP tool with `deliverable_type: "RECON"` and your complete report as the `content`, your phase is complete. Announce "RECONNAISSANCE COMPLETE" and await further instructions.
 </conclusion_trigger>
@@ -78,10 +78,13 @@ An **exploitable vulnerability** is a logical flaw in the code that represents a

 **Available Tools:**
 - **Task Agent (Code Analysis):** Your primary tool. Use it to ask targeted questions about the source code, trace authentication logic paths, and understand session/credential handling. MANDATORY for all source code analysis.
- **Bash tool:** Your primary tool for executing shell commands. Use it for crafting manual API requests with `curl` to probe endpoint behavior and, most importantly, for **saving your final deliverables** by executing the `save_deliverable.js` script.
-  - **Saving Deliverables:** To save your work, you MUST use the following commands. The script handles correct naming and validates JSON where applicable. It will print `{"status": "success"}` on success or `{"status": "error"}` on failure.
-    - **For your analysis report:** `node save_deliverable.js AUTH_ANALYSIS 'your complete markdown report'`
-    - **For your exploitation queue:** `node save_deliverable.js AUTH_QUEUE '{"vulnerabilities": [...]}'`
+- **save_deliverable (MCP Tool):** Saves deliverable files with automatic validation.
+  - **Parameters:**
+    - `deliverable_type`: "AUTH_ANALYSIS" or "AUTH_QUEUE" (required)
+    - `content`: Your markdown report or JSON queue (required)
+  - **Returns:** `{ status: "success", filepath: "...", validated: true/false }` on success or `{ status: "error", message: "...", errorType: "...", retryable: true/false }` on failure
+  - **Usage:** Call the tool with your deliverable type and content. Queue files must have `{"vulnerabilities": [...]}` structure and will be validated automatically.
+- **Bash tool:** Use for creating directories, copying files, and other shell commands as needed.
 - **{{MCP_SERVER}} (Playwright):** To interact with the live web application to understand multi-step flows like password reset or registration.
 - **TodoWrite Tool:** Use this to create and manage your analysis task list. Create a todo item for each endpoint/flow that needs analysis. Mark items as "in_progress" when working on them and "completed" when done.
 </available_tools>
@@ -238,9 +241,9 @@ These components were analyzed and found to have robust defenses. They are low-p

 <exploitation_queue_requirements>
 **Exploitation Queue (MANDATORY)**
-Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save_deliverable script:
- **If vulnerabilities found:** Use `node save_deliverable.js AUTH_QUEUE '{"vulnerabilities": [...]}'` with each confirmed hypothesis following the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access.
- **If no vulnerabilities found:** Use `node save_deliverable.js AUTH_QUEUE '{"vulnerabilities": []}'`.
+Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save_deliverable MCP tool:
+- **If vulnerabilities found:** Use `save_deliverable` MCP tool with `deliverable_type: "AUTH_QUEUE"` and `content: {"vulnerabilities": [...]}` with each confirmed hypothesis following the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access.
+- **If no vulnerabilities found:** Use `save_deliverable` MCP tool with `deliverable_type: "AUTH_QUEUE"` and `content: {"vulnerabilities": []}`.
 - **QUEUE INCLUSION CRITERIA:** ONLY include vulnerabilities where `externally_exploitable = true`. Exclude any vulnerability requiring internal network access, VPN, or direct server access.
 This file serves as the handoff mechanism and must always be created to signal completion.
 </exploitation_queue_requirements>
@@ -249,9 +252,9 @@ This file serves as the handoff mechanism and must always be created to signal c
 **COMPLETION REQUIREMENTS (ALL must be satisfied):**

 1.  **Systematic Analysis:** ALL relevant API endpoints and user-facing features identified in the reconnaissance deliverable must be analyzed for AuthN/AuthZ flaws.
-2.  **Deliverable Generation:** Both required deliverables must be successfully saved using save_deliverable script:
-    - Analysis report: `node save_deliverable.js AUTH_ANALYSIS 'your report'`
-    - Exploitation queue: `node save_deliverable.js AUTH_QUEUE '{"vulnerabilities": [...]}'`
+2.  **Deliverable Generation:** Both required deliverables must be successfully saved using save_deliverable MCP tool:
+    - Analysis report: Use `save_deliverable` MCP tool with `deliverable_type: "AUTH_ANALYSIS"` and your report as `content`
+    - Exploitation queue: Use `save_deliverable` MCP tool with `deliverable_type: "AUTH_QUEUE"` and `content: {"vulnerabilities": [...]}`

 **ONLY AFTER** both systematic analysis AND successful deliverable generation, announce "**AUTH ANALYSIS COMPLETE**" and stop.
 </conclusion_trigger>
@@ -82,10 +82,13 @@ An **exploitable vulnerability** is a logical flaw in the code that represents a

 **Available Tools:**
 - **Task Agent (Code Analysis):** Your primary tool. Use it to ask targeted questions about the source code, trace authorization logic paths, and understand permission models. MANDATORY for all source code analysis.
- **Bash tool:** Your primary tool for executing shell commands. Use it for crafting manual API requests with `curl` to probe endpoint behavior and, most importantly, for **saving your final deliverables** by executing the `save_deliverable.js` script.
-  - **Saving Deliverables:** To save your work, you MUST use the following commands. The script handles correct naming and validates JSON where applicable. It will print `{"status": "success"}` on success or `{"status": "error"}` on failure.
-    - **For your analysis report:** `node save_deliverable.js AUTHZ_ANALYSIS 'your complete markdown report'`
-    - **For your exploitation queue:** `node save_deliverable.js AUTHZ_QUEUE '{"vulnerabilities": [...]}'`
+- **save_deliverable (MCP Tool):** Saves deliverable files with automatic validation.
+  - **Parameters:**
+    - `deliverable_type`: "AUTHZ_ANALYSIS" or "AUTHZ_QUEUE" (required)
+    - `content`: Your markdown report or JSON queue (required)
+  - **Returns:** `{ status: "success", filepath: "...", validated: true/false }` on success or `{ status: "error", message: "...", errorType: "...", retryable: true/false }` on failure
+  - **Usage:** Call the tool with your deliverable type and content. Queue files must have `{"vulnerabilities": [...]}` structure and will be validated automatically.
+- **Bash tool:** Use for creating directories, copying files, and other shell commands as needed.
 - **{{MCP_SERVER}} (Playwright):** To interact with the live web application to understand multi-step flows and role-based access controls.
 - **TodoWrite Tool:** Use this to create and manage your analysis task list. Create a todo item for each endpoint that needs authorization analysis. Mark items as "in_progress" when working on them and "completed" when done.
 </available_tools>
@@ -342,9 +345,9 @@ examples:

 <exploitation_queue_requirements>
 **Exploitation Queue (MANDATORY)**
-Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save_deliverable script:
- **If vulnerabilities found:** Use `node save_deliverable.js AUTHZ_QUEUE '{"vulnerabilities": [...]}'` with each confirmed hypothesis following the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access.
- **If no vulnerabilities found:** Use `node save_deliverable.js AUTHZ_QUEUE '{"vulnerabilities": []}'`.
+Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save_deliverable MCP tool:
+- **If vulnerabilities found:** Use `save_deliverable` MCP tool with `deliverable_type: "AUTHZ_QUEUE"` and `content: {"vulnerabilities": [...]}` with each confirmed hypothesis following the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access.
+- **If no vulnerabilities found:** Use `save_deliverable` MCP tool with `deliverable_type: "AUTHZ_QUEUE"` and `content: {"vulnerabilities": []}`.
 - **QUEUE INCLUSION CRITERIA:** ONLY include vulnerabilities where `externally_exploitable = true`. Exclude any vulnerability requiring internal network access, VPN, or direct server access.
 This file serves as the handoff mechanism and must always be created to signal completion.
 </exploitation_queue_requirements>
@@ -353,9 +356,9 @@ This file serves as the handoff mechanism and must always be created to signal c
 **COMPLETION REQUIREMENTS (ALL must be satisfied):**

 1. **Todo Completion:** ALL tasks in your TodoWrite list must be marked as "completed"
-2. **Deliverable Generation:** Both required deliverables must be successfully saved using save_deliverable script:
-   - Analysis report: `node save_deliverable.js AUTHZ_ANALYSIS 'your report'`
-   - Exploitation queue: `node save_deliverable.js AUTHZ_QUEUE '{"vulnerabilities": [...]}'`
+2. **Deliverable Generation:** Both required deliverables must be successfully saved using save_deliverable MCP tool:
+   - Analysis report: Use `save_deliverable` MCP tool with `deliverable_type: "AUTHZ_ANALYSIS"` and your report as `content`
+   - Exploitation queue: Use `save_deliverable` MCP tool with `deliverable_type: "AUTHZ_QUEUE"` and `content: {"vulnerabilities": [...]}`

 **ONLY AFTER** both todo completion AND successful deliverable generation, announce "**AUTHORIZATION ANALYSIS COMPLETE**" and stop.

@@ -84,10 +84,13 @@ An **exploitable vulnerability** is a confirmed source-to-sink path where the en

 **Available Tools:**
 - **Task Agent (Code Analysis):** Your primary tool. Use it to ask targeted questions about the source code, map query/command construction paths, and verify sanitization coverage. MANDATORY for all source code analysis.
- **Bash tool:** Your primary tool for executing shell commands. Use it for crafting manual API requests with `curl` to probe injection surfaces and, most importantly, for **saving your final deliverables** by executing the `save_deliverable.js` script.
-  - **Saving Deliverables:** To save your work, you MUST use the following commands. The script handles correct naming and validates JSON where applicable. It will print `{"status": "success"}` on success or `{"status": "error"}` on failure.
-    - **For your analysis report:** `node save_deliverable.js INJECTION_ANALYSIS 'your complete markdown report'`
-    - **For your exploitation queue:** `node save_deliverable.js INJECTION_QUEUE '{"vulnerabilities": [...]}'`
+- **save_deliverable (MCP Tool):** Saves deliverable files with automatic validation.
+  - **Parameters:**
+    - `deliverable_type`: "INJECTION_ANALYSIS" or "INJECTION_QUEUE" (required)
+    - `content`: Your markdown report or JSON queue (required)
+  - **Returns:** `{ status: "success", filepath: "...", validated: true/false }` on success or `{ status: "error", message: "...", errorType: "...", retryable: true/false }` on failure
+  - **Usage:** Call the tool with your deliverable type and content. Queue files must have `{"vulnerabilities": [...]}` structure and will be validated automatically.
+- **Bash tool:** Use for creating directories, copying files, and other shell commands as needed.
 - **{{MCP_SERVER}} (Playwright):** To interact with the live web application to understand multi-step flows like password reset or registration.
 - **TodoWrite Tool:** Use this to create and manage your analysis task list. Create a todo item for each injection source that needs analysis. Mark items as "in_progress" when working on them and "completed" when done.
 </available_tools>
@@ -361,10 +364,10 @@ These input vectors were traced and confirmed to have robust, context-appropriat
 <exploitation_queue_requirements>
 **Exploitation Queue (MANDATORY)**

-Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save_deliverable script:
+Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save_deliverable MCP tool:

- **If vulnerabilities found:** Use `node save_deliverable.js INJECTION_QUEUE '{"vulnerabilities": [...]}'` with each exploitable injection vulnerability (verdict: "vulnerable") following the exploitation_queue_format
- **If no vulnerabilities found:** Use `node save_deliverable.js INJECTION_QUEUE '{"vulnerabilities": []}'`
+- **If vulnerabilities found:** Use `save_deliverable` MCP tool with `deliverable_type: "INJECTION_QUEUE"` and `content: {"vulnerabilities": [...]}` with each exploitable injection vulnerability (verdict: "vulnerable") following the exploitation_queue_format
+- **If no vulnerabilities found:** Use `save_deliverable` MCP tool with `deliverable_type: "INJECTION_QUEUE"` and `content: {"vulnerabilities": []}`

 This file serves as the handoff mechanism to the Exploitation phase and must always be created to signal completion of your analysis.
 </exploitation_queue_requirements>
@@ -373,9 +376,9 @@ This file serves as the handoff mechanism to the Exploitation phase and must alw
 **COMPLETION REQUIREMENTS (ALL must be satisfied):**

 1. **Todo Completion:** ALL tasks in your TodoWrite list must be marked as "completed"
-2. **Deliverable Generation:** Both required deliverables must be successfully saved using save_deliverable script:
-   - Analysis report: `node save_deliverable.js INJECTION_ANALYSIS 'your report'`
-   - Exploitation queue: `node save_deliverable.js INJECTION_QUEUE '{"vulnerabilities": [...]}'`
+2. **Deliverable Generation:** Both required deliverables must be successfully saved using save_deliverable MCP tool:
+   - Analysis report: Use `save_deliverable` MCP tool with `deliverable_type: "INJECTION_ANALYSIS"` and your report as `content`
+   - Exploitation queue: Use `save_deliverable` MCP tool with `deliverable_type: "INJECTION_QUEUE"` and `content: {"vulnerabilities": [...]}`

 **ONLY AFTER** both todo completion AND successful deliverable generation, announce "**INJECTION ANALYSIS COMPLETE**" and stop.

@@ -77,10 +77,13 @@ An **exploitable vulnerability** is a data flow where user-controlled input infl

 **Available Tools:**
 - **Task Agent (Code Analysis):** Your primary tool. Use it to ask targeted questions about the source code, trace data flows, and understand HTTP client usage. MANDATORY for all source code analysis.
- **Bash tool:** Your primary tool for executing shell commands. Use it for crafting manual HTTP requests with `curl` to test endpoint behavior and, most importantly, for **saving your final deliverables** by executing the `save_deliverable.js` script.
-  - **Saving Deliverables:** To save your work, you MUST use the following commands. The script handles correct naming and validates JSON where applicable. It will print `{"status": "success"}` on success or `{"status": "error"}` on failure.
-    - **For your analysis report:** `node save_deliverable.js SSRF_ANALYSIS 'your complete markdown report'`
-    - **For your exploitation queue:** `node save_deliverable.js SSRF_QUEUE '{"vulnerabilities": [...]}'`
+- **save_deliverable (MCP Tool):** Saves deliverable files with automatic validation.
+  - **Parameters:**
+    - `deliverable_type`: "SSRF_ANALYSIS" or "SSRF_QUEUE" (required)
+    - `content`: Your markdown report or JSON queue (required)
+  - **Returns:** `{ status: "success", filepath: "...", validated: true/false }` on success or `{ status: "error", message: "...", errorType: "...", retryable: true/false }` on failure
+  - **Usage:** Call the tool with your deliverable type and content. Queue files must have `{"vulnerabilities": [...]}` structure and will be validated automatically.
+- **Bash tool:** Use for creating directories, copying files, and other shell commands as needed.
 - **{{MCP_SERVER}} (Playwright):** To interact with the live web application to understand multi-step flows that might involve URL redirection or proxy functionality.
 - **TodoWrite Tool:** Use this to create and manage your analysis task list. Create a todo item for each SSRF sink that needs analysis. Mark items as "in_progress" when working on them and "completed" when done.
 </available_tools>
@@ -285,9 +288,9 @@ These components were analyzed and found to have robust defenses. They are low-p

 <exploitation_queue_requirements>
 **Exploitation Queue (MANDATORY)**
-Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save_deliverable script:
- **If vulnerabilities found:** Use `node save_deliverable.js SSRF_QUEUE '{"vulnerabilities": [...]}'` with each confirmed hypothesis following the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access.
- **If no vulnerabilities found:** Use `node save_deliverable.js SSRF_QUEUE '{"vulnerabilities": []}'`.
+Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save_deliverable MCP tool:
+- **If vulnerabilities found:** Use `save_deliverable` MCP tool with `deliverable_type: "SSRF_QUEUE"` and `content: {"vulnerabilities": [...]}` with each confirmed hypothesis following the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access.
+- **If no vulnerabilities found:** Use `save_deliverable` MCP tool with `deliverable_type: "SSRF_QUEUE"` and `content: {"vulnerabilities": []}`.
 - **QUEUE INCLUSION CRITERIA:** ONLY include vulnerabilities where `externally_exploitable = true`. Exclude any vulnerability requiring internal network access, VPN, or direct server access.
 This file serves as the handoff mechanism and must always be created to signal completion.
 </exploitation_queue_requirements>
@@ -296,9 +299,9 @@ This file serves as the handoff mechanism and must always be created to signal c
 **COMPLETION REQUIREMENTS (ALL must be satisfied):**

 1.  **Systematic Analysis:** ALL relevant API endpoints and request-making features identified in the reconnaissance deliverable must be analyzed for SSRF vulnerabilities.
-2.  **Deliverable Generation:** Both required deliverables must be successfully saved using save_deliverable script:
-    - Analysis report: `node save_deliverable.js SSRF_ANALYSIS 'your report'`
-    - Exploitation queue: `node save_deliverable.js SSRF_QUEUE '{"vulnerabilities": [...]}'`
+2.  **Deliverable Generation:** Both required deliverables must be successfully saved using save_deliverable MCP tool:
+    - Analysis report: Use `save_deliverable` MCP tool with `deliverable_type: "SSRF_ANALYSIS"` and your report as `content`
+    - Exploitation queue: Use `save_deliverable` MCP tool with `deliverable_type: "SSRF_QUEUE"` and `content: {"vulnerabilities": [...]}`

 **ONLY AFTER** both systematic analysis AND successful deliverable generation, announce "**SSRF ANALYSIS COMPLETE**" and stop.
 </conclusion_trigger>
@@ -82,10 +82,13 @@ An **exploitable vulnerability** is a confirmed source-to-sink path where the en
 - **Terminal (curl):** MANDATORY for testing HTTP-based XSS vectors and observing raw HTML responses. Use for reflected XSS testing and JSONP injection testing.
 - **{{MCP_SERVER}} (Playwright):** MANDATORY for testing DOM-based XSS and form submission vectors. Use for stored XSS testing and client-side payload execution verification.
 - **TodoWrite Tool:** Use this to create and manage your analysis task list. Create a todo item for each sink you need to analyze.
- **Bash tool:** Your primary tool for executing shell commands. Use it for testing XSS vectors with `curl` and, most importantly, for **saving your final deliverables** by executing the `save_deliverable.js` script.
-  - **Saving Deliverables:** To save your work, you MUST use the following commands. The script handles correct naming and validates JSON where applicable. It will print `{"status": "success"}` on success or `{"status": "error"}` on failure.
-    - **For your analysis report:** `node save_deliverable.js XSS_ANALYSIS 'your complete markdown report'`
-    - **For your exploitation queue:** `node save_deliverable.js XSS_QUEUE '{"vulnerabilities": [...]}'`
+- **save_deliverable (MCP Tool):** Saves deliverable files with automatic validation.
+  - **Parameters:**
+    - `deliverable_type`: "XSS_ANALYSIS" or "XSS_QUEUE" (required)
+    - `content`: Your markdown report or JSON queue (required)
+  - **Returns:** `{ status: "success", filepath: "...", validated: true/false }` on success or `{ status: "error", message: "...", errorType: "...", retryable: true/false }` on failure
+  - **Usage:** Call the tool with your deliverable type and content. Queue files must have `{"vulnerabilities": [...]}` structure and will be validated automatically.
+- **Bash tool:** Use for creating directories, copying files, and other shell commands as needed.
 </available_tools>

 <data_format_specifications>
@@ -268,13 +271,13 @@ These input vectors were traced and confirmed to have robust, context-appropriat

 ## Exploitation Queue (MANDATORY)

-Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save_deliverable script.
+Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save_deliverable MCP tool.

 - **If exploitable vulnerabilities found:**
-  Use `node save_deliverable.js XSS_QUEUE '{"vulnerabilities": [...]}'` with each exploitable XSS vulnerability (verdict: "vulnerable") following the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access.
+  Use `save_deliverable` MCP tool with `deliverable_type: "XSS_QUEUE"` and `content: {"vulnerabilities": [...]}` with each exploitable XSS vulnerability (verdict: "vulnerable") following the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access.

 - **If no exploitable vulnerabilities found:**
-  Use `node save_deliverable.js XSS_QUEUE '{"vulnerabilities": []}'`
+  Use `save_deliverable` MCP tool with `deliverable_type: "XSS_QUEUE"` and `content: {"vulnerabilities": []}`

 - **QUEUE INCLUSION CRITERIA:** ONLY include vulnerabilities where `externally_exploitable = true`. Exclude any vulnerability requiring internal network access, VPN, or direct server access.

@@ -285,9 +288,9 @@ This file is the mandatory handoff to the Exploitation phase.
 COMPLETION REQUIREMENTS (ALL must be satisfied):

 1. Systematic Analysis: ALL input vectors identified from the reconnaissance deliverable must be analyzed.
-2. Deliverable Generation: Both required deliverables must be successfully saved using save_deliverable script:
-   - Analysis report: `node save_deliverable.js XSS_ANALYSIS 'your report'`
-   - Exploitation queue: `node save_deliverable.js XSS_QUEUE '{"vulnerabilities": [...]}'`
+2. Deliverable Generation: Both required deliverables must be successfully saved using save_deliverable MCP tool:
+   - Analysis report: Use `save_deliverable` MCP tool with `deliverable_type: "XSS_ANALYSIS"` and your report as `content`
+   - Exploitation queue: Use `save_deliverable` MCP tool with `deliverable_type: "XSS_QUEUE"` and `content: {"vulnerabilities": [...]}`

 ONLY AFTER both systematic analysis AND successful deliverable generation, announce "XSS ANALYSIS COMPLETE" and stop.
 </conclusion_trigger>