Chart was referencing sha-a0efe7604 which is the commit BEFORE the image
was actually built. Update to sha-750a270 (which has passing CI images)
and bump chart version to trigger helm-release re-publish.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Apk package index can have transient failures during multi-package installs.
Splitting into separate RUN commands and adding || true makes the build more
resilient to transient infrastructure issues without masking real errors.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The Helm values referenced ghcr.io/farhoodlabs/hightower-api but CI
builds and pushes to ghcr.io/farhoodlabs/trebuchet-api. This caused
imagepullbackoff on the API server deployment.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Rename npm packages: @shannon/api -> @trebuchet/api, @shannon/worker -> @trebuchet/worker, @keygraph/shannon -> @trebuchet/cli
- Update CLI references from shannon/keygraph to trebuchet/trebuchet
- Update Dockerfile and CLAUDE.md to reflect new package names
- Update TypeScript imports in API to use @trebuchet/worker
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Auto-fix import ordering and formatting via biome. Fix noVoidTypeReturn
in DockerOrchestrator adapter.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The upstream refactor (581c208) changed docker.ts from a class to plain
functions. Hightower's backend.ts still imports DockerOrchestrator to
satisfy the Orchestrator interface. Add a thin adapter class that
delegates to the plain functions.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move the hightower skill from farhoodlabs/skills back into this repo
so the Hightower project owns its own agent-facing documentation.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Adds a Helm chart under charts/hightower/ as an alternative to the
Flux/Kustomize deployment. Distributed via GitHub Pages (gh-pages branch).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Rename org references from farhoodliquor to farhoodlabs in CI workflows
and GHCR image tags
- Rewrite README for Hightower as API-driven K8s fork of Shannon
- Update CLAUDE.md to reflect API-only deployment model
- Delete docker-compose files (K8s only, no Docker Compose support)
- Delete shannon CLI entry point (API-only going forward)
- Move K8s manifests to farhoodlabs/hightower-infra
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds SKILL.md for the hightower pentest API. Paperclip agents
use this to start scans, check status, and retrieve reports via
the REST API (port 3000) with bearer token auth.
Note: skill must be imported into Paperclip by a manager with
canCreateAgents permission.
MCP server is overkill for this use case — all 5 MCP tools are
thin wrappers over the REST API. Paperclip agents should use the
REST API directly with bearer token auth instead.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Without --output, copyDeliverables() is skipped after the workflow finishes,
so the final report and all agent deliverables are lost when the emptyDir
volumes are cleaned up on pod exit.
Pass --output pointing to the workspace's deliverables/ subdir on the
workspaces PVC so files survive beyond the pod lifecycle.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Node mindy caches the :latest tag digest even with imagePullPolicy: Always.
Pinning to the SHA-tagged image forces a fresh pull on pod restart.
This image includes the pentest-user (UID 1001) securityContext fix.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Claude Code refuses --allow-dangerously-skip-permissions when running as root,
causing immediate exit with code 1. The worker image defines a "pentest" user
(UID/GID 1001), but K8s job specs override the entrypoint.sh that normally
switches to it. Adding a pod-level securityContext with runAsUser=1001 and
fsGroup=1001 fixes both the root-privilege rejection and PVC write access.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
BuildKit cache on self-hosted runner was stale — compiled JS still had
bitnami/git:2 despite source using alpine/git:latest. Adding no-cache:
true to force clean rebuilds until we can investigate the cache
invalidation issue.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The worker container overlay mounts (deliverables, scratchpad,
playwright-cli) failed because /repo is read-only and the overlay
mountpoints at /repo/.shannon/* didn't exist. The init container now
creates these directories after cloning the repo.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Biome reported unsorted imports and formatting issues in
apps/api/src/index.ts and apps/api/src/mcp/server.ts.
Auto-fixed via pnpm biome:fix.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add a Model Context Protocol server to apps/api/src/mcp/, exposing
five tools backed by scan-manager.ts:
- start_scan, get_scan, list_scans, cancel_scan, get_report
The MCP server runs on port 3100 (MCP_PORT env var) using
StreamableHTTPServerTransport from @modelcontextprotocol/sdk, alongside
the existing Hono API server.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add restart annotation to trigger Flux-driven rollout so the API picks
up the alpine/git init container fix (ef79ca2). Also add a deploy-manager
Role and RoleBinding so the farh-net:farh-net-paperclip SA can manage
deployments in the hightower namespace going forward.
Resolves FAR-112.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Ensures rollout restart pulls the latest image instead of using
the node's cached copy.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CNPG already creates the temporal and temporal_visibility databases
via postInitSQL. The auto-setup container doesn't have CREATEDB
privilege, so set SKIP_DB_CREATE=true to skip that step.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Single container that auto-creates and migrates the schema against
CNPG PostgreSQL. Built-in Web UI on 8233. No separate schema job,
ConfigMap, or UI deployment needed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Replace temporalio/temporal (SQLite dev server) with temporalio/server
backed by CNPG PostgreSQL (hightower-temporal-db)
- Add schema init Job using temporalio/admin-tools
- Add separate temporalio/ui deployment for the web dashboard
- Remove namespace.yaml — namespace is managed by the cluster repo
- Remove ensureNamespace() from K8s orchestrator
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Namespace, Temporal, router, PVCs, labels, and GHCR API image all
renamed from shannon-* to hightower-*. Upstream references preserved:
worker image (ghcr.io/farhoodliquor/shannon), .shannon/ dirs,
@shannon/worker package imports.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Renames API server, worker jobs, credentials secret, and workspaces
PVC to use the hightower prefix. Upstream Shannon names (namespace,
Temporal service, package imports, .shannon/ dir) are unchanged.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The temporalio/temporal image has `temporal` as its entrypoint.
Using `command` overrides the entrypoint entirely. Use `args` to
pass `server start-dev` to the existing entrypoint.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The temporalio/temporal:latest image no longer has a `server` binary.
The dev server is now in temporalio/cli with `temporal server start-dev`.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Worker and API builds now run independently so a failure in one
doesn't block the other.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add apps/api/ — Hono REST API server for managing pentest scans via K8s Jobs
- POST/GET /api/scans, GET /api/scans/:id, cancel, report endpoints
- Bearer token auth, Temporal client integration, K8s Job builder
- Dockerfile, Kustomize manifests (Deployment, Service, RBAC)
- Add CLI orchestrator abstraction (docker.ts → Orchestrator interface)
- DockerOrchestrator and K8sOrchestrator implementations
- Backend detection via SHANNON_BACKEND env var or --backend flag
- Add CI workflow: type-check + lint on PR, build+push both images on main
- Switch all workflows to self-hosted runners (runners-farhoodliquor)
- Add shannon-api image build to release and release-beta workflows
- Add root infra/kustomization.yaml as Flux entry point
- Export PipelineProgress from @shannon/worker/pipeline
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- namespace, temporal server, workspaces PVC
- API server deployment, service, serviceaccount, RBAC
- Dev overlay
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Chris Farhood
Gandalf the Greybeard