refactor: remove orchestration layer (#45)

* refactor: remove orchestration layer and simplify CLI Remove the complex orchestration layer including checkpoint management, rollback/recovery commands, and session management commands. This consolidates the execution logic directly in shannon.ts for a simpler fire-and-forget execution model. Changes: - Remove checkpoint-manager.ts and rollback functionality - Remove command-handler.ts and cli/prompts.ts - Simplify session-manager.ts to just agent definitions - Consolidate orchestration logic in shannon.ts - Update CLAUDE.md documentation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor: move session lock logic to shannon.ts, simplify session-manager - Reduce session-manager.ts to only AGENTS, AGENT_ORDER, getParallelGroups() - Move Session interface and lock file functions to shannon.ts - Simplify Session to only: id, webUrl, repoPath, status, startedAt - Remove unused types/session.ts Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * refactor: use crypto.randomUUID() for session ID generation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-06-03 05:58:06 +02:00 · 2026-01-12 22:58:17 +05:30
parent 264b16991a
commit bc52d67dd5
15 changed files with 682 additions and 2496 deletions
@@ -1,180 +0,0 @@
-// Copyright (C) 2025 Keygraph, Inc.
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License version 3
-// as published by the Free Software Foundation.
-
-import chalk from 'chalk';
-import {
-  selectSession, deleteSession, deleteAllSessions,
-  validateAgent, validatePhase, reconcileSession, getSession
-} from '../session-manager.js';
-import type { Session } from '../session-manager.js';
-import {
-  runPhase, runAll, rollbackTo, rerunAgent, displayStatus, listAgents
-} from '../checkpoint-manager.js';
-import type { AgentResult } from '../checkpoint-manager.js';
-import { logError, PentestError } from '../error-handling.js';
-import { promptConfirmation } from './prompts.js';
-import type { ChalkInstance } from 'chalk';
-import type { SessionMetadata } from '../audit/utils.js';
-import type { DistributedConfig } from '../types/config.js';
-
-// Types for callback functions
-type RunClaudePromptWithRetry = (
-  prompt: string,
-  sourceDir: string,
-  allowedTools: string,
-  context: string,
-  description: string,
-  agentName: string | null,
-  colorFn: ChalkInstance,
-  sessionMetadata: SessionMetadata | null
-) => Promise<AgentResult>;
-
-type LoadPrompt = (
-  promptName: string,
-  variables: { webUrl: string; repoPath: string },
-  config: DistributedConfig | null,
-  pipelineTestingMode: boolean
-) => Promise<string>;
-
-// Developer command handlers
-export async function handleDeveloperCommand(
-  command: string,
-  args: string[],
-  pipelineTestingMode: boolean,
-  runClaudePromptWithRetry: RunClaudePromptWithRetry,
-  loadPrompt: LoadPrompt
-): Promise<void> {
-  try {
-    let session: Session | null;
-
-    // Commands that don't require session selection
-    if (command === '--list-agents') {
-      listAgents();
-      return;
-    }
-
-    if (command === '--cleanup') {
-      // Handle cleanup without needing session selection first
-      if (args[0]) {
-        // Cleanup specific session by ID
-        const sessionId = args[0];
-        const deletedSession = await deleteSession(sessionId);
-        console.log(chalk.green(`✅ Deleted session ${sessionId} (${new URL(deletedSession.webUrl).hostname})`));
-      } else {
-        // Cleanup all sessions - require confirmation
-        const confirmed = await promptConfirmation(chalk.yellow('⚠️  This will delete all pentest sessions. Are you sure? (y/N):'));
-        if (confirmed) {
-          const deleted = await deleteAllSessions();
-          if (deleted) {
-            console.log(chalk.green('✅ All sessions deleted'));
-          } else {
-            console.log(chalk.yellow('⚠️  No sessions found to delete'));
-          }
-        } else {
-          console.log(chalk.gray('Cleanup cancelled'));
-        }
-      }
-      return;
-    }
-
-    // Early validation for commands with agent names (before session selection)
-
-    if (command === '--run-phase') {
-      if (!args[0]) {
-        console.log(chalk.red('❌ --run-phase requires a phase name'));
-        console.log(chalk.gray('Usage: shannon --run-phase <phase-name>'));
-        process.exit(1);
-      }
-      validatePhase(args[0]); // This will throw PentestError if invalid
-    }
-
-    if (command === '--rollback-to' || command === '--rerun') {
-      if (!args[0]) {
-        console.log(chalk.red(`❌ ${command} requires an agent name`));
-        console.log(chalk.gray(`Usage: shannon ${command} <agent-name>`));
-        process.exit(1);
-      }
-      validateAgent(args[0]); // This will throw PentestError if invalid
-    }
-
-    // Get session for other commands
-    try {
-      session = await selectSession();
-    } catch (error) {
-      const errMsg = error instanceof Error ? error.message : String(error);
-      console.log(chalk.red(`❌ ${errMsg}`));
-      process.exit(1);
-    }
-
-    // Self-healing: Reconcile session with audit logs before executing command
-    // This ensures Shannon store is consistent with audit data, even after crash recovery
-    try {
-      const reconcileReport = await reconcileSession(session.id);
-
-      if (reconcileReport.promotions.length > 0) {
-        console.log(chalk.blue(`🔄 Reconciled: Added ${reconcileReport.promotions.length} completed agents from audit logs`));
-      }
-      if (reconcileReport.demotions.length > 0) {
-        console.log(chalk.yellow(`🔄 Reconciled: Removed ${reconcileReport.demotions.length} rolled-back agents`));
-      }
-      if (reconcileReport.failures.length > 0) {
-        console.log(chalk.yellow(`🔄 Reconciled: Marked ${reconcileReport.failures.length} failed agents`));
-      }
-
-      // Reload session after reconciliation to get fresh state
-      session = await getSession(session.id);
-    } catch (error) {
-      // Reconciliation failure is non-critical, but log warning
-      const errMsg = error instanceof Error ? error.message : String(error);
-      console.log(chalk.yellow(`⚠️  Failed to reconcile session with audit logs: ${errMsg}`));
-    }
-
-    if (!session) {
-      console.log(chalk.red('❌ Session not found after reconciliation'));
-      process.exit(1);
-    }
-
-    switch (command) {
-
-      case '--run-phase':
-        await runPhase(args[0]!, session, pipelineTestingMode, runClaudePromptWithRetry, loadPrompt);
-        break;
-
-      case '--run-all':
-        await runAll(session, pipelineTestingMode, runClaudePromptWithRetry, loadPrompt);
-        break;
-
-      case '--rollback-to':
-        await rollbackTo(args[0]!, session);
-        break;
-
-      case '--rerun':
-        await rerunAgent(args[0]!, session, pipelineTestingMode, runClaudePromptWithRetry, loadPrompt);
-        break;
-
-      case '--status':
-        await displayStatus(session);
-        break;
-
-      default:
-        console.log(chalk.red(`❌ Unknown developer command: ${command}`));
-        console.log(chalk.gray('Use --help to see available commands'));
-        process.exit(1);
-    }
-  } catch (error) {
-    if (error instanceof PentestError) {
-      await logError(error, `Developer command ${command}`);
-      console.log(chalk.red.bold(`\n🚨 Command failed: ${error.message}`));
-    } else {
-      const errMsg = error instanceof Error ? error.message : String(error);
-      console.log(chalk.red.bold(`\n🚨 Unexpected error: ${errMsg}`));
-      if (process.env.DEBUG && error instanceof Error) {
-        console.log(chalk.gray(error.stack));
-      }
-    }
-    process.exit(1);
-  }
-}
@@ -1,60 +0,0 @@
-// Copyright (C) 2025 Keygraph, Inc.
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License version 3
-// as published by the Free Software Foundation.
-
-import { createInterface } from 'readline';
-import { PentestError } from '../error-handling.js';
-
-/**
- * Prompt user for yes/no confirmation
- */
-export async function promptConfirmation(message: string): Promise<boolean> {
-  const readline = createInterface({
-    input: process.stdin,
-    output: process.stdout,
-  });
-
-  return new Promise((resolve) => {
-    readline.question(message + ' ', (answer) => {
-      readline.close();
-      const confirmed = answer.toLowerCase() === 'y' || answer.toLowerCase() === 'yes';
-      resolve(confirmed);
-    });
-  });
-}
-
-/**
- * Prompt user to select from numbered list
- */
-export async function promptSelection<T>(message: string, items: T[]): Promise<T> {
-  if (!items || items.length === 0) {
-    throw new PentestError('No items available for selection', 'validation', false);
-  }
-
-  const readline = createInterface({
-    input: process.stdin,
-    output: process.stdout,
-  });
-
-  return new Promise((resolve, reject) => {
-    readline.question(message + ' ', (answer) => {
-      readline.close();
-
-      const choice = parseInt(answer);
-      if (isNaN(choice) || choice < 1 || choice > items.length) {
-        reject(
-          new PentestError(
-            `Invalid selection. Please enter a number between 1 and ${items.length}`,
-            'validation',
-            false,
-            { choice: answer }
-          )
-        );
-      } else {
-        resolve(items[choice - 1]!);
-      }
-    });
-  });
-}
@@ -12,22 +12,8 @@ export function showHelp(): void {
  console.log(chalk.cyan.bold('AI Penetration Testing Agent'));
  console.log(chalk.gray('Automated security assessment tool\n'));

-  console.log(chalk.yellow.bold('NORMAL MODE (Creates Sessions):'));
-  console.log(
-    '  shannon <WEB_URL> <REPO_PATH> [--config config.yaml] [--pipeline-testing]'
-  );
-  console.log(
-    '  shannon <WEB_URL> <REPO_PATH> --setup-only                     # Setup local repo and create session only\n'
-  );
-
-  console.log(chalk.yellow.bold('DEVELOPER MODE (Operates on Existing Sessions):'));
-  console.log('  shannon --run-phase <phase-name> [--pipeline-testing]');
-  console.log('  shannon --run-all [--pipeline-testing]');
-  console.log('  shannon --rollback-to <agent-name>');
-  console.log('  shannon --rerun <agent-name> [--pipeline-testing]');
-  console.log('  shannon --status');
-  console.log('  shannon --list-agents');
-  console.log('  shannon --cleanup [session-id]                      # Delete sessions\n');
+  console.log(chalk.yellow.bold('USAGE:'));
+  console.log('  shannon <WEB_URL> <REPO_PATH> [--config config.yaml] [--output /path/to/reports]\n');

  console.log(chalk.yellow.bold('OPTIONS:'));
  console.log(
@@ -40,42 +26,20 @@ export function showHelp(): void {
    '  --pipeline-testing   Use minimal prompts for fast pipeline testing (creates minimal deliverables)'
  );
  console.log(
-    '  --disable-loader     Disable the animated progress loader (useful when logs interfere with spinner)\n'
+    '  --disable-loader     Disable the animated progress loader (useful when logs interfere with spinner)'
  );
-
-  console.log(chalk.yellow.bold('DEVELOPER COMMANDS:'));
-  console.log(
-    '  --run-phase          Run all agents in a phase (parallel execution for 5x speedup)'
-  );
-  console.log('  --run-all            Run all remaining agents to completion (parallel execution)');
-  console.log('  --rollback-to        Rollback git workspace to agent checkpoint');
-  console.log('  --rerun              Rollback and rerun specific agent');
-  console.log('  --status             Show current session status and progress');
-  console.log('  --list-agents        List all available agents and phases');
-  console.log('  --cleanup            Delete all sessions or specific session by ID\n');
+  console.log('  --help               Show this help message\n');

  console.log(chalk.yellow.bold('EXAMPLES:'));
-  console.log('  # Normal mode - create new session');
  console.log('  shannon "https://example.com" "/path/to/local/repo"');
  console.log('  shannon "https://example.com" "/path/to/local/repo" --config auth.yaml');
  console.log('  shannon "https://example.com" "/path/to/local/repo" --output /path/to/reports');
-  console.log(
-    '  shannon "https://example.com" "/path/to/local/repo" --setup-only  # Setup only\n'
-  );
-
-  console.log('  # Developer mode - operate on existing session');
-  console.log('  shannon --status                    # Show session status');
-  console.log('  shannon --run-phase exploitation    # Run entire phase');
-  console.log('  shannon --run-all                   # Run all remaining agents');
-  console.log('  shannon --rerun xss-vuln           # Fix and rerun failed agent');
-  console.log('  shannon --cleanup                  # Delete all sessions');
-  console.log('  shannon --cleanup <session-id>    # Delete specific session\n');
+  console.log('  shannon "https://example.com" "/path/to/local/repo" --pipeline-testing\n');

  console.log(chalk.yellow.bold('REQUIREMENTS:'));
  console.log('  • WEB_URL must start with http:// or https://');
  console.log('  • REPO_PATH must be an accessible local directory');
-  console.log('  • Only test systems you own or have permission to test');
-  console.log('  • Developer mode requires existing pentest session\n');
+  console.log('  • Only test systems you own or have permission to test\n');

  console.log(chalk.yellow.bold('ENVIRONMENT VARIABLES:'));
  console.log('  PENTEST_MAX_RETRIES    Number of retries for AI agents (default: 3)');