mirror of
https://github.com/KeygraphHQ/shannon.git
synced 2026-07-06 21:28:00 +02:00
feat: migrate to use MCP tools instead of helper scripts
This commit is contained in:
@@ -0,0 +1,107 @@
|
||||
/**
|
||||
* Deliverable Type Definitions
|
||||
*
|
||||
* Maps deliverable types to their filenames and defines validation requirements.
|
||||
* Must match the exact mappings from tools/save_deliverable.js.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @typedef {Object} DeliverableType
|
||||
* @property {string} CODE_ANALYSIS
|
||||
* @property {string} RECON
|
||||
* @property {string} INJECTION_ANALYSIS
|
||||
* @property {string} INJECTION_QUEUE
|
||||
* @property {string} XSS_ANALYSIS
|
||||
* @property {string} XSS_QUEUE
|
||||
* @property {string} AUTH_ANALYSIS
|
||||
* @property {string} AUTH_QUEUE
|
||||
* @property {string} AUTHZ_ANALYSIS
|
||||
* @property {string} AUTHZ_QUEUE
|
||||
* @property {string} SSRF_ANALYSIS
|
||||
* @property {string} SSRF_QUEUE
|
||||
* @property {string} INJECTION_EVIDENCE
|
||||
* @property {string} XSS_EVIDENCE
|
||||
* @property {string} AUTH_EVIDENCE
|
||||
* @property {string} AUTHZ_EVIDENCE
|
||||
* @property {string} SSRF_EVIDENCE
|
||||
*/
|
||||
|
||||
export const DeliverableType = {
|
||||
// Pre-recon agent
|
||||
CODE_ANALYSIS: 'CODE_ANALYSIS',
|
||||
|
||||
// Recon agent
|
||||
RECON: 'RECON',
|
||||
|
||||
// Vulnerability analysis agents
|
||||
INJECTION_ANALYSIS: 'INJECTION_ANALYSIS',
|
||||
INJECTION_QUEUE: 'INJECTION_QUEUE',
|
||||
|
||||
XSS_ANALYSIS: 'XSS_ANALYSIS',
|
||||
XSS_QUEUE: 'XSS_QUEUE',
|
||||
|
||||
AUTH_ANALYSIS: 'AUTH_ANALYSIS',
|
||||
AUTH_QUEUE: 'AUTH_QUEUE',
|
||||
|
||||
AUTHZ_ANALYSIS: 'AUTHZ_ANALYSIS',
|
||||
AUTHZ_QUEUE: 'AUTHZ_QUEUE',
|
||||
|
||||
SSRF_ANALYSIS: 'SSRF_ANALYSIS',
|
||||
SSRF_QUEUE: 'SSRF_QUEUE',
|
||||
|
||||
// Exploitation agents
|
||||
INJECTION_EVIDENCE: 'INJECTION_EVIDENCE',
|
||||
XSS_EVIDENCE: 'XSS_EVIDENCE',
|
||||
AUTH_EVIDENCE: 'AUTH_EVIDENCE',
|
||||
AUTHZ_EVIDENCE: 'AUTHZ_EVIDENCE',
|
||||
SSRF_EVIDENCE: 'SSRF_EVIDENCE',
|
||||
};
|
||||
|
||||
/**
|
||||
* Hard-coded filename mappings from agent prompts
|
||||
* Must match tools/save_deliverable.js exactly
|
||||
*/
|
||||
export const DELIVERABLE_FILENAMES = {
|
||||
[DeliverableType.CODE_ANALYSIS]: 'code_analysis_deliverable.md',
|
||||
[DeliverableType.RECON]: 'recon_deliverable.md',
|
||||
[DeliverableType.INJECTION_ANALYSIS]: 'injection_analysis_deliverable.md',
|
||||
[DeliverableType.INJECTION_QUEUE]: 'injection_exploitation_queue.json',
|
||||
[DeliverableType.XSS_ANALYSIS]: 'xss_analysis_deliverable.md',
|
||||
[DeliverableType.XSS_QUEUE]: 'xss_exploitation_queue.json',
|
||||
[DeliverableType.AUTH_ANALYSIS]: 'auth_analysis_deliverable.md',
|
||||
[DeliverableType.AUTH_QUEUE]: 'auth_exploitation_queue.json',
|
||||
[DeliverableType.AUTHZ_ANALYSIS]: 'authz_analysis_deliverable.md',
|
||||
[DeliverableType.AUTHZ_QUEUE]: 'authz_exploitation_queue.json',
|
||||
[DeliverableType.SSRF_ANALYSIS]: 'ssrf_analysis_deliverable.md',
|
||||
[DeliverableType.SSRF_QUEUE]: 'ssrf_exploitation_queue.json',
|
||||
[DeliverableType.INJECTION_EVIDENCE]: 'injection_exploitation_evidence.md',
|
||||
[DeliverableType.XSS_EVIDENCE]: 'xss_exploitation_evidence.md',
|
||||
[DeliverableType.AUTH_EVIDENCE]: 'auth_exploitation_evidence.md',
|
||||
[DeliverableType.AUTHZ_EVIDENCE]: 'authz_exploitation_evidence.md',
|
||||
[DeliverableType.SSRF_EVIDENCE]: 'ssrf_exploitation_evidence.md',
|
||||
};
|
||||
|
||||
/**
|
||||
* Queue types that require JSON validation
|
||||
*/
|
||||
export const QUEUE_TYPES = [
|
||||
DeliverableType.INJECTION_QUEUE,
|
||||
DeliverableType.XSS_QUEUE,
|
||||
DeliverableType.AUTH_QUEUE,
|
||||
DeliverableType.AUTHZ_QUEUE,
|
||||
DeliverableType.SSRF_QUEUE,
|
||||
];
|
||||
|
||||
/**
|
||||
* Type guard to check if a deliverable type is a queue
|
||||
* @param {string} type - Deliverable type to check
|
||||
* @returns {boolean} True if the type is a queue type
|
||||
*/
|
||||
export function isQueueType(type) {
|
||||
return QUEUE_TYPES.includes(type);
|
||||
}
|
||||
|
||||
/**
|
||||
* @typedef {Object} VulnerabilityQueue
|
||||
* @property {Array<Object>} vulnerabilities - Array of vulnerability objects
|
||||
*/
|
||||
@@ -0,0 +1,6 @@
|
||||
/**
|
||||
* Type definitions barrel export
|
||||
*/
|
||||
|
||||
export * from './deliverables.js';
|
||||
export * from './tool-responses.js';
|
||||
@@ -0,0 +1,58 @@
|
||||
/**
|
||||
* Tool Response Type Definitions
|
||||
*
|
||||
* Defines structured response formats for MCP tools to ensure
|
||||
* consistent error handling and success reporting.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @typedef {Object} ErrorResponse
|
||||
* @property {'error'} status
|
||||
* @property {string} message
|
||||
* @property {string} errorType - ValidationError, FileSystemError, CryptoError, etc.
|
||||
* @property {boolean} retryable
|
||||
* @property {Record<string, unknown>} [context]
|
||||
*/
|
||||
|
||||
/**
|
||||
* @typedef {Object} SuccessResponse
|
||||
* @property {'success'} status
|
||||
* @property {string} message
|
||||
*/
|
||||
|
||||
/**
|
||||
* @typedef {Object} SaveDeliverableResponse
|
||||
* @property {'success'} status
|
||||
* @property {string} message
|
||||
* @property {string} filepath
|
||||
* @property {string} deliverableType
|
||||
* @property {boolean} validated - true if queue JSON was validated
|
||||
*/
|
||||
|
||||
/**
|
||||
* @typedef {Object} GenerateTotpResponse
|
||||
* @property {'success'} status
|
||||
* @property {string} message
|
||||
* @property {string} totpCode
|
||||
* @property {string} timestamp
|
||||
* @property {number} expiresIn - seconds until expiration
|
||||
*/
|
||||
|
||||
/**
|
||||
* Helper to create tool result from response
|
||||
* MCP tools should return this format
|
||||
*
|
||||
* @param {ErrorResponse | SaveDeliverableResponse | GenerateTotpResponse} response
|
||||
* @returns {{ content: Array<{ type: string; text: string }>; isError: boolean }}
|
||||
*/
|
||||
export function createToolResult(response) {
|
||||
return {
|
||||
content: [
|
||||
{
|
||||
type: 'text',
|
||||
text: JSON.stringify(response, null, 2),
|
||||
},
|
||||
],
|
||||
isError: response.status === 'error',
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user