- Rename npm packages: @shannon/api -> @trebuchet/api, @shannon/worker -> @trebuchet/worker, @keygraph/shannon -> @trebuchet/cli
- Update CLI references from shannon/keygraph to trebuchet/trebuchet
- Update Dockerfile and CLAUDE.md to reflect new package names
- Update TypeScript imports in API to use @trebuchet/worker
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Rename org references from farhoodliquor to farhoodlabs in CI workflows
and GHCR image tags
- Rewrite README for Hightower as API-driven K8s fork of Shannon
- Update CLAUDE.md to reflect API-only deployment model
- Delete docker-compose files (K8s only, no Docker Compose support)
- Delete shannon CLI entry point (API-only going forward)
- Move K8s manifests to farhoodlabs/hightower-infra
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
MCP server is overkill for this use case — all 5 MCP tools are
thin wrappers over the REST API. Paperclip agents should use the
REST API directly with bearer token auth instead.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Without --output, copyDeliverables() is skipped after the workflow finishes,
so the final report and all agent deliverables are lost when the emptyDir
volumes are cleaned up on pod exit.
Pass --output pointing to the workspace's deliverables/ subdir on the
workspaces PVC so files survive beyond the pod lifecycle.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Node mindy caches the :latest tag digest even with imagePullPolicy: Always.
Pinning to the SHA-tagged image forces a fresh pull on pod restart.
This image includes the pentest-user (UID 1001) securityContext fix.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Claude Code refuses --allow-dangerously-skip-permissions when running as root,
causing immediate exit with code 1. The worker image defines a "pentest" user
(UID/GID 1001), but K8s job specs override the entrypoint.sh that normally
switches to it. Adding a pod-level securityContext with runAsUser=1001 and
fsGroup=1001 fixes both the root-privilege rejection and PVC write access.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The worker container overlay mounts (deliverables, scratchpad,
playwright-cli) failed because /repo is read-only and the overlay
mountpoints at /repo/.shannon/* didn't exist. The init container now
creates these directories after cloning the repo.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Biome reported unsorted imports and formatting issues in
apps/api/src/index.ts and apps/api/src/mcp/server.ts.
Auto-fixed via pnpm biome:fix.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add a Model Context Protocol server to apps/api/src/mcp/, exposing
five tools backed by scan-manager.ts:
- start_scan, get_scan, list_scans, cancel_scan, get_report
The MCP server runs on port 3100 (MCP_PORT env var) using
StreamableHTTPServerTransport from @modelcontextprotocol/sdk, alongside
the existing Hono API server.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Add restart annotation to trigger Flux-driven rollout so the API picks
up the alpine/git init container fix (ef79ca2). Also add a deploy-manager
Role and RoleBinding so the farh-net:farh-net-paperclip SA can manage
deployments in the hightower namespace going forward.
Resolves FAR-112.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Ensures rollout restart pulls the latest image instead of using
the node's cached copy.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Namespace, Temporal, router, PVCs, labels, and GHCR API image all
renamed from shannon-* to hightower-*. Upstream references preserved:
worker image (ghcr.io/farhoodliquor/shannon), .shannon/ dirs,
@shannon/worker package imports.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Renames API server, worker jobs, credentials secret, and workspaces
PVC to use the hightower prefix. Upstream Shannon names (namespace,
Temporal service, package imports, .shannon/ dir) are unchanged.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add apps/api/ — Hono REST API server for managing pentest scans via K8s Jobs
- POST/GET /api/scans, GET /api/scans/:id, cancel, report endpoints
- Bearer token auth, Temporal client integration, K8s Job builder
- Dockerfile, Kustomize manifests (Deployment, Service, RBAC)
- Add CLI orchestrator abstraction (docker.ts → Orchestrator interface)
- DockerOrchestrator and K8sOrchestrator implementations
- Backend detection via SHANNON_BACKEND env var or --backend flag
- Add CI workflow: type-check + lint on PR, build+push both images on main
- Switch all workflows to self-hosted runners (runners-farhoodliquor)
- Add shannon-api image build to release and release-beta workflows
- Add root infra/kustomization.yaml as Flux entry point
- Export PipelineProgress from @shannon/worker/pipeline
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- namespace, temporal server, workspaces PVC
- API server deployment, service, serviceaccount, RBAC
- Dev overlay
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Chris Farhood
Test User