fix: add report assembly step to Temporal workflow

- Add assembleReportActivity to concatenate exploitation evidence files before report agent runs
- Call assembleFinalReport in workflow Phase 5 before runReportAgent
- Ensure deliverables directory exists before writing final report
- Simplify pipeline-testing report prompt to just prepend header

src/phases/reporting.ts

@@ -48,9 +48,12 @@ export async function assembleFinalReport(sourceDir: string): Promise<string> {
   }
 
   const finalContent = sections.join('\n\n');
-  const finalReportPath = path.join(sourceDir, 'deliverables', 'comprehensive_security_assessment_report.md');
+  const deliverablesDir = path.join(sourceDir, 'deliverables');
+  const finalReportPath = path.join(deliverablesDir, 'comprehensive_security_assessment_report.md');
 
   try {
+    // Ensure deliverables directory exists
+    await fs.ensureDir(deliverablesDir);
     await fs.writeFile(finalReportPath, finalContent);
     console.log(chalk.green(`✅ Final report assembled at ${finalReportPath}`));
   } catch (error) {

src/temporal/activities.ts

@@ -58,6 +58,7 @@ import {
   rollbackGitWorkspace,
   getGitCommitHash,
 } from '../utils/git-manager.js';
+import { assembleFinalReport } from '../phases/reporting.js';
 import { getPromptNameForAgent } from '../types/agents.js';
 import { AuditSession } from '../audit/index.js';
 import type { AgentName } from '../types/agents.js';
@@ -305,3 +306,19 @@ export async function runAuthzExploitAgent(input: ActivityInput): Promise<AgentM
 export async function runReportAgent(input: ActivityInput): Promise<AgentMetrics> {
   return runAgentActivity('report', input);
 }
+
+/**
+ * Assemble the final report by concatenating exploitation evidence files.
+ * This must be called BEFORE runReportAgent to create the file that the report agent will modify.
+ */
+export async function assembleReportActivity(input: ActivityInput): Promise<void> {
+  const { repoPath } = input;
+  console.log(chalk.blue('📝 Assembling deliverables from specialist agents...'));
+  try {
+    await assembleFinalReport(repoPath);
+  } catch (error) {
+    const err = error as Error;
+    console.log(chalk.yellow(`⚠️ Error assembling final report: ${err.message}`));
+    // Don't throw - the report agent can still create content even if no exploitation files exist
+  }
+}

src/temporal/workflows.ts

@@ -167,6 +167,11 @@ export async function pentestPipelineWorkflow(
     // === Phase 5: Reporting ===
     state.currentPhase = 'reporting';
     state.currentAgent = 'report';
+
+    // First, assemble the concatenated report from exploitation evidence files
+    await acts.assembleReportActivity(activityInput);
+
+    // Then run the report agent to add executive summary and clean up
     state.agentMetrics['report'] = await acts.runReportAgent(activityInput);
     state.completedAgents.push('report');