farhoodlabs/trebuchet
8
0
Fork 0
Code Issues Pull Requests 5 Actions Packages Projects Releases Wiki Activity
Files
47a6e4933a2417511eb69166a29969fd46da6fa6
trebuchet/apps/worker/configs/config-schema.json
T
Chris Farhood 47a6e4933a
CI / Type-check & lint (pull_request) Successful in 16s
Details
CI / Build & push worker image (pull_request) Has been skipped
Details
CI / Build & push API image (pull_request) Has been skipped
Details
feat: backport auth-validation preflight + email_login credentials 
Backport upstream Shannon PR #335:
- Add credential validation activity that drives a real browser login
  before the full pipeline, catching bad credentials early
- New email_login credentials type for magic-link and email-OTP flows
- Make credentials.password optional for passwordless flows
- Playwright stealth config (chrome.runtime, plugin simulation, UA)
- Centralize prompt directory resolution into resolvePromptDir helper
- New AUTH_LOGIN_FAILED error code with non-retryable classification
- Remove dangerous-pattern validation on credentials.password
- Pipeline-testing stub for auth validation (returns success)
- Auth validation timeout of 10 minutes for browser-based login
- .playwright directory workspace overlay for CLI/Docker

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-20 00:59:27 +00:00

193 lines
6.3 KiB
JSON
Raw Blame History

{
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/pentest-config-schema.json",
"title": "Penetration Testing Configuration Schema",
"description": "Schema for YAML configuration files used in the penetration testing agent",
"type": "object",
"properties": {
"authentication": {
"type": "object",
"description": "Authentication configuration for the target application",
"properties": {
"login_type": {
"type": "string",
"enum": ["form", "sso", "api", "basic"],
"description": "Type of authentication mechanism"
},
"login_url": {
"type": "string",
"format": "uri",
"description": "URL for the login page or endpoint"
},
"credentials": {
"type": "object",
"description": "Login credentials",
"properties": {
"username": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"description": "Username or email for authentication"
},
"password": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"description": "Password for authentication"
},
"totp_secret": {
"type": "string",
"pattern": "^[A-Za-z2-7]+=*$",
"description": "TOTP secret for two-factor authentication (Base32 encoded, case insensitive)"
},
"email_login": {
"type": "object",
"description": "Email-based login credentials for magic-link and email-OTP flows",
"properties": {
"address": {
"type": "string",
"format": "email",
"description": "Email address for authentication"
},
"password": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"description": "Password for the email account"
},
"totp_secret": {
"type": "string",
"pattern": "^[A-Za-z2-7]+=*$",
"description": "TOTP secret for email 2FA (Base32 encoded)"
}
},
"required": ["address", "password"],
"additionalProperties": false
}
},
"required": ["username"],
"additionalProperties": false
},
"login_flow": {
"type": "array",
"description": "Step-by-step instructions for the login process",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 500
},
"minItems": 1,
"maxItems": 20
},
"success_condition": {
"type": "object",
"description": "Condition that indicates successful authentication",
"properties": {
"type": {
"type": "string",
"enum": ["url_contains", "element_present", "url_equals_exactly", "text_contains"],
"description": "Type of success condition to check"
},
"value": {
"type": "string",
"minLength": 1,
"maxLength": 500,
"description": "Value to match against the success condition"
}
},
"required": ["type", "value"],
"additionalProperties": false
}
},
"required": ["login_type", "login_url", "credentials", "success_condition"],
"additionalProperties": false
},
"pipeline": {
"type": "object",
"description": "Pipeline execution settings for retry behavior and concurrency",
"properties": {
"retry_preset": {
"type": "string",
"enum": ["default", "subscription"],
"description": "Retry preset. 'subscription' extends timeouts for Anthropic subscription rate limit windows (5h+)."
},
"max_concurrent_pipelines": {
"type": "string",
"pattern": "^[1-5]$",
"description": "Max concurrent vulnerability pipelines (1-5, default: 5)"
}
},
"additionalProperties": false
},
"rules": {
"type": "object",
"description": "Testing rules that define what to focus on or avoid during penetration testing",
"properties": {
"avoid": {
"type": "array",
"description": "Rules defining areas to avoid during testing",
"items": {
"$ref": "#/$defs/rule"
},
"maxItems": 50
},
"focus": {
"type": "array",
"description": "Rules defining areas to focus on during testing",
"items": {
"$ref": "#/$defs/rule"
},
"maxItems": 50
}
},
"additionalProperties": false
},
"login": {
"type": "object",
"description": "Deprecated: Use 'authentication' section instead",
"deprecated": true
},
"description": {
"type": "string",
"description": "Description of the target environment, its deployment context, and any information that helps guide the security assessment",
"minLength": 1,
"maxLength": 500,
"pattern": "\\S"
}
},
"anyOf": [
{ "required": ["authentication"] },
{ "required": ["rules"] },
{ "required": ["authentication", "rules"] },
{ "required": ["description"] }
],
"additionalProperties": false,
"$defs": {
"rule": {
"type": "object",
"description": "A single testing rule",
"properties": {
"description": {
"type": "string",
"minLength": 1,
"maxLength": 200,
"description": "Human-readable description of the rule"
},
"type": {
"type": "string",
"enum": ["path", "subdomain", "domain", "method", "header", "parameter"],
"description": "Type of rule (what aspect of requests to match against)"
},
"url_path": {
"type": "string",
"minLength": 1,
"maxLength": 1000,
"description": "URL path pattern or value to match"
}
},
"required": ["description", "type", "url_path"],
"additionalProperties": false
}
}
}
Reference in New Issue View Git Blame Copy Permalink