diff --git a/CLAUDE.md b/CLAUDE.md index 2947127..6fb6c57 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -91,7 +91,6 @@ pnpm biome:fix # Auto-fix lint, format, and import sorting ``` apps/cli/ — @keygraph/shannon (published to npm, bundled with tsdown) apps/worker/ — @shannon/worker (private, Temporal worker + pipeline logic) -packages/mcp-server/ — @shannon/mcp-server (private, MCP tool server) ``` ### CLI Package (`apps/cli/`) @@ -147,9 +146,9 @@ Durable workflow orchestration with crash recovery, queryable progress, intellig ### Supporting Systems - **Configuration** — YAML configs in `apps/worker/configs/` with JSON Schema validation (`config-schema.json`). Supports auth settings, MFA/TOTP, and per-app testing parameters. Credential resolution — local mode: env vars → `./.env`; npx mode: env vars → `~/.shannon/config.toml` (via `shn setup`) - **Prompts** — Per-phase templates in `apps/worker/prompts/` with variable substitution (`{{TARGET_URL}}`, `{{CONFIG_CONTEXT}}`). Shared partials in `apps/worker/prompts/shared/` via `apps/worker/src/services/prompt-manager.ts` -- **SDK Integration** — Uses `@anthropic-ai/claude-agent-sdk` with `maxTurns: 10_000` and `bypassPermissions` mode. Playwright MCP for browser automation, TOTP generation via MCP tool. Login flow template at `apps/worker/prompts/shared/login-instructions.txt` supports form, SSO, API, and basic auth +- **SDK Integration** — Uses `@anthropic-ai/claude-agent-sdk` with `maxTurns: 10_000` and `bypassPermissions` mode. Browser automation via `playwright-cli` with session isolation (`-s=`). TOTP generation via `generate-totp` CLI tool. Login flow template at `apps/worker/prompts/shared/login-instructions.txt` supports form, SSO, API, and basic auth - **Audit System** — Crash-safe append-only logging in `workspaces/{hostname}_{sessionId}/`. Tracks session metrics, per-agent logs, prompts, and deliverables. WorkflowLogger (`apps/worker/src/audit/workflow-logger.ts`) provides unified human-readable per-workflow logs, backed by LogStream (`apps/worker/src/audit/log-stream.ts`) shared stream primitive -- **Deliverables** — Saved to `deliverables/` in the target repo via the `save_deliverable` MCP tool +- **Deliverables** — Saved to `deliverables/` in the target repo via the `save-deliverable` CLI script (`apps/worker/src/scripts/save-deliverable.ts`) - **Workspaces & Resume** — Named workspaces via `-w ` or auto-named from URL+timestamp. Resume detects completed agents via `session.json`. `loadResumeState()` in `apps/worker/src/temporal/activities.ts` validates deliverable existence, restores git checkpoints, and cleans up incomplete deliverables. Workspace listing via `apps/worker/src/temporal/workspaces.ts` ## Development Notes diff --git a/Dockerfile b/Dockerfile index b3dbdc6..857061f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -60,15 +60,13 @@ WORKDIR /app COPY package.json pnpm-workspace.yaml pnpm-lock.yaml .npmrc ./ COPY apps/worker/package.json ./apps/worker/ COPY apps/cli/package.json ./apps/cli/ -COPY packages/mcp-server/package.json ./packages/mcp-server/ RUN pnpm install --frozen-lockfile COPY . . -# Build mcp-server (dependency) then worker. CLI not needed in Docker -RUN pnpm --filter @shannon/mcp-server run build && \ - pnpm --filter @shannon/worker run build +# Build worker. CLI not needed in Docker +RUN pnpm --filter @shannon/worker run build RUN pnpm prune --prod @@ -140,9 +138,18 @@ COPY --from=builder /app/package.json /app/pnpm-workspace.yaml /app/pnpm-lock.ya COPY --from=builder /app/node_modules /app/node_modules COPY --from=builder /app/apps/worker /app/apps/worker COPY --from=builder /app/apps/cli/package.json /app/apps/cli/package.json -COPY --from=builder /app/packages /app/packages -RUN npm install -g @anthropic-ai/claude-code +RUN npm install -g @anthropic-ai/claude-code @playwright/cli@latest +RUN mkdir -p /tmp/.claude/skills && \ + playwright-cli install --skills && \ + cp -r .claude/skills/playwright-cli /tmp/.claude/skills/ && \ + rm -rf .claude + +# Symlink CLI tools onto PATH +RUN ln -s /app/apps/worker/dist/scripts/save-deliverable.js /usr/local/bin/save-deliverable && \ + chmod +x /app/apps/worker/dist/scripts/save-deliverable.js && \ + ln -s /app/apps/worker/dist/scripts/generate-totp.js /usr/local/bin/generate-totp && \ + chmod +x /app/apps/worker/dist/scripts/generate-totp.js # Create directories for session data and ensure proper permissions RUN mkdir -p /app/sessions /app/deliverables /app/repos /app/workspaces && \ @@ -151,7 +158,7 @@ RUN mkdir -p /app/sessions /app/deliverables /app/repos /app/workspaces && \ chmod 777 /tmp/.cache && \ chmod 777 /tmp/.config && \ chmod 777 /tmp/.npm && \ - chown -R pentest:pentest /app + chown -R pentest:pentest /app /tmp/.claude COPY entrypoint.sh /app/entrypoint.sh RUN chmod +x /app/entrypoint.sh @@ -161,7 +168,7 @@ ENV NODE_ENV=production ENV PATH="/usr/local/bin:$PATH" ENV SHANNON_DOCKER=true ENV PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1 -ENV PLAYWRIGHT_CHROMIUM_EXECUTABLE_PATH=/usr/bin/chromium-browser +ENV PLAYWRIGHT_MCP_EXECUTABLE_PATH=/usr/bin/chromium-browser ENV npm_config_cache=/tmp/.npm ENV HOME=/tmp ENV XDG_CACHE_HOME=/tmp/.cache diff --git a/apps/cli/src/commands/start.ts b/apps/cli/src/commands/start.ts index 5a2121a..b184b89 100644 --- a/apps/cli/src/commands/start.ts +++ b/apps/cli/src/commands/start.ts @@ -141,9 +141,7 @@ export async function start(args: StartArgs): Promise { const resumeAttempts: { workflowId: string }[] = session.session?.resumeAttempts ?? []; // Fresh: session.json appears with originalWorkflowId. Resume: new resumeAttempts entry. - const ready = isResume - ? resumeAttempts.length > initialResumeCount - : !!session.session?.originalWorkflowId; + const ready = isResume ? resumeAttempts.length > initialResumeCount : !!session.session?.originalWorkflowId; if (ready) { clearInterval(pollInterval); diff --git a/apps/worker/package.json b/apps/worker/package.json index 37544b4..8d80807 100644 --- a/apps/worker/package.json +++ b/apps/worker/package.json @@ -10,7 +10,6 @@ }, "dependencies": { "@anthropic-ai/claude-agent-sdk": "catalog:", - "@shannon/mcp-server": "workspace:*", "@temporalio/activity": "^1.11.0", "@temporalio/client": "^1.11.0", "@temporalio/worker": "^1.11.0", diff --git a/apps/worker/prompts/exploit-auth.txt b/apps/worker/prompts/exploit-auth.txt index 0ae009a..81ebea5 100644 --- a/apps/worker/prompts/exploit-auth.txt +++ b/apps/worker/prompts/exploit-auth.txt @@ -141,15 +141,13 @@ Before beginning exploitation, read these strategic intelligence files in order: You are the **Identity Compromise Specialist** - proving tangible impact of broken authentication through successful account takeover and session hijacking. - -- **{{MCP_SERVER}} (Playwright):** Essential for interacting with multi-step authentication flows, injecting stolen session cookies, and verifying account takeover in a real browser context. -- **save_deliverable (MCP Tool):** Saves exploitation evidence files. - - **Parameters:** - - `deliverable_type`: "AUTH_EVIDENCE" (required) - - `file_path`: Path to the evidence report file you wrote to disk (preferred for large reports) - - `content`: Inline content string (optional, use only for small content) - - **Returns:** `{ status: "success", filepath: "..." }` on success or `{ status: "error", message: "..." }` on failure - - **WARNING:** Do NOT pass large reports as inline `content` — this will exceed output token limits and cause agent failure. Always use `file_path` for evidence reports. + +- **Browser Automation (playwright-cli skill):** Essential for interacting with multi-step authentication flows, injecting stolen session cookies, and verifying account takeover in a real browser context. Invoke the `playwright-cli` skill to learn available commands. Always pass `-s={{PLAYWRIGHT_SESSION}}` to every command for session isolation. +- **save-deliverable (CLI Tool):** Saves your deliverable files with automatic validation. + - **Usage:** `save-deliverable --type --file-path ` or `--content ''` + - **Returns:** JSON to stdout: `{"status":"success","filepath":"...","validated":true}` or `{"status":"error","message":"...","retryable":true}` + - **For large reports:** Write to disk first, then use `--file-path`. Do NOT pass large reports via `--content`. + - **For JSON queues:** You may use `--content '{"vulnerabilities": [...]}'`. Queue files are validated automatically. - **Bash tool:** Use for creating directories, copying files, and other shell commands as needed. - **Task Agent:** Mandatory coder-executor for brute force batches, credential stuffing, token replay automation, and any scripted workflow. - **TodoWrite tool:** Essential for managing your exploitation task list. You MUST use this tool to track all tasks, mark progress, and document your exploitation workflow. @@ -158,7 +156,7 @@ You are the **Identity Compromise Specialist** - proving tangible impact of brok **CRITICAL TASK AGENT WORKFLOW:** - Delegate every custom script or multi-step automation to the Task Agent; do not hand-write scripts in Bash. - Keep requests ≤15 lines and use the template below so the Task Agent has clear inputs and success criteria. - + ## Task Agent Scripting Requirements Use the Task Agent to execute all bulk or repetitive auth attacks. Manual commands are for quick verification only. @@ -314,7 +312,7 @@ When your attack plan is fully explored (all checkboxes are marked `[x]`), your **1. Your Specialist Deliverable** -First, synthesize all evidence into your specialist section and save it using the save_deliverable script with type AUTH_EVIDENCE. This section will be combined with other specialist reports to form the complete security assessment. +First, synthesize all evidence into your specialist section and save it using the save-deliverable CLI with --type AUTH_EVIDENCE. This section will be combined with other specialist reports to form the complete security assessment. **Section Ordering & Format Requirements:** - Use the exact vulnerability IDs from `deliverables/auth_exploitation_queue.json` @@ -407,12 +405,12 @@ If [blocker] were bypassed/removed: COMPLETION REQUIREMENTS (ALL must be satisfied): 1. Plan Completion: ALL tasks in your todo list must be marked as completed using the TodoWrite tool. - 2. Deliverable Generation: The required deliverable must be successfully saved using save_deliverable script: + 2. Deliverable Generation: The required deliverable must be successfully saved using the save-deliverable CLI: - **CHUNKED WRITING (MANDATORY):** 1. Use the **Write** tool to create `deliverables/auth_exploitation_evidence.md` with the title and first major section 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content 3. Repeat step 2 for all remaining sections - 4. Call `save_deliverable` with `deliverable_type: "AUTH_EVIDENCE"` and `file_path: "deliverables/auth_exploitation_evidence.md"` + 4. Run `save-deliverable` with `--type AUTH_EVIDENCE --file-path "deliverables/auth_exploitation_evidence.md"` **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. CRITICAL WARNING: Announcing completion before every item in deliverables/auth_exploitation_queue.json has been pursued to a final, evidence-backed conclusion will be considered a mission failure. diff --git a/apps/worker/prompts/exploit-authz.txt b/apps/worker/prompts/exploit-authz.txt index bcdd025..a467bdb 100644 --- a/apps/worker/prompts/exploit-authz.txt +++ b/apps/worker/prompts/exploit-authz.txt @@ -128,15 +128,13 @@ Before beginning exploitation, read these strategic intelligence files in order: You are the **Privilege Escalation Specialist** - proving tangible impact of broken authorization through access control bypass and unauthorized data access. - -- **{{MCP_SERVER}} (Playwright):** Essential for interacting with complex authorization flows, testing role-based access controls in browser contexts, and verifying privilege escalation through UI elements. -- **save_deliverable (MCP Tool):** Saves exploitation evidence files. - - **Parameters:** - - `deliverable_type`: "AUTHZ_EVIDENCE" (required) - - `file_path`: Path to the evidence report file you wrote to disk (preferred for large reports) - - `content`: Inline content string (optional, use only for small content) - - **Returns:** `{ status: "success", filepath: "..." }` on success or `{ status: "error", message: "..." }` on failure - - **WARNING:** Do NOT pass large reports as inline `content` — this will exceed output token limits and cause agent failure. Always use `file_path` for evidence reports. + +- **Browser Automation (playwright-cli skill):** Essential for interacting with complex authorization flows, testing role-based access controls in browser contexts, and verifying privilege escalation through UI elements. Invoke the `playwright-cli` skill to learn available commands. Always pass `-s={{PLAYWRIGHT_SESSION}}` to every command for session isolation. +- **save-deliverable (CLI Tool):** Saves your deliverable files with automatic validation. + - **Usage:** `save-deliverable --type --file-path ` or `--content ''` + - **Returns:** JSON to stdout: `{"status":"success","filepath":"...","validated":true}` or `{"status":"error","message":"...","retryable":true}` + - **For large reports:** Write to disk first, then use `--file-path`. Do NOT pass large reports via `--content`. + - **For JSON queues:** You may use `--content '{"vulnerabilities": [...]}'`. Queue files are validated automatically. - **Bash tool:** Use for creating directories, copying files, and other shell commands as needed. - **Task Agent:** Mandatory coder-executor for IDOR sweeps, role escalation loops, and workflow bypass automation. - **TodoWrite tool:** Essential for managing your exploitation task list. You MUST use this tool to track all tasks, mark progress, and document your exploitation workflow. @@ -145,7 +143,7 @@ You are the **Privilege Escalation Specialist** - proving tangible impact of bro **CRITICAL TASK AGENT WORKFLOW:** - Delegate every multi-user iteration, role toggle test, or workflow automation script to the Task Agent—never handcraft these scripts yourself. - Keep requests ≤15 lines and adhere to the template below so the Task Agent can act deterministically. - + ## Task Agent Scripting Requirements All repeated authorization tests must run through the Task Agent. @@ -320,7 +318,7 @@ When your attack plan is fully explored (all checkboxes are marked `[x]`), your **1. Your Specialist Deliverable** -First, synthesize all evidence into your specialist section and save it using the save_deliverable script with type AUTHZ_EVIDENCE. This section will be combined with other specialist reports to form the complete security assessment and MUST use the following structure: +First, synthesize all evidence into your specialist section and save it using the save-deliverable CLI with --type AUTHZ_EVIDENCE. This section will be combined with other specialist reports to form the complete security assessment and MUST use the following structure: **Section Ordering & Format Requirements:** - Use the exact vulnerability IDs from `deliverables/authz_exploitation_queue.json` @@ -409,12 +407,12 @@ If [blocker] were bypassed/removed: COMPLETION REQUIREMENTS (ALL must be satisfied): 1. Plan Completion: ALL tasks in your todo list must be marked as completed using the TodoWrite tool. - 2. Deliverable Generation: The required deliverable must be successfully saved using save_deliverable script: + 2. Deliverable Generation: The required deliverable must be successfully saved using the save-deliverable CLI: - **CHUNKED WRITING (MANDATORY):** 1. Use the **Write** tool to create `deliverables/authz_exploitation_evidence.md` with the title and first major section 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content 3. Repeat step 2 for all remaining sections - 4. Call `save_deliverable` with `deliverable_type: "AUTHZ_EVIDENCE"` and `file_path: "deliverables/authz_exploitation_evidence.md"` + 4. Run `save-deliverable` with `--type AUTHZ_EVIDENCE --file-path "deliverables/authz_exploitation_evidence.md"` **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. CRITICAL WARNING: Announcing completion before every item in deliverables/authz_exploitation_queue.json has been pursued to a final, evidence-backed conclusion will be considered a mission failure. diff --git a/apps/worker/prompts/exploit-injection.txt b/apps/worker/prompts/exploit-injection.txt index 8038cbe..48f27e9 100644 --- a/apps/worker/prompts/exploit-injection.txt +++ b/apps/worker/prompts/exploit-injection.txt @@ -110,15 +110,13 @@ Before beginning exploitation, read these strategic intelligence files in order: You are the **Proof-of-Impact Generator** - converting theoretical injection flaws into undeniable evidence of compromise through data extraction and command execution. - -- **{{MCP_SERVER}} (Playwright):** For testing injection vulnerabilities through browser interactions when needed. -- **save_deliverable (MCP Tool):** Saves exploitation evidence files. - - **Parameters:** - - `deliverable_type`: "INJECTION_EVIDENCE" (required) - - `file_path`: Path to the evidence report file you wrote to disk (preferred for large reports) - - `content`: Inline content string (optional, use only for small content) - - **Returns:** `{ status: "success", filepath: "..." }` on success or `{ status: "error", message: "..." }` on failure - - **WARNING:** Do NOT pass large reports as inline `content` — this will exceed output token limits and cause agent failure. Always use `file_path` for evidence reports. + +- **Browser Automation (playwright-cli skill):** For testing injection vulnerabilities through browser interactions when needed. Invoke the `playwright-cli` skill to learn available commands. Always pass `-s={{PLAYWRIGHT_SESSION}}` to every command for session isolation. +- **save-deliverable (CLI Tool):** Saves your deliverable files with automatic validation. + - **Usage:** `save-deliverable --type --file-path ` or `--content ''` + - **Returns:** JSON to stdout: `{"status":"success","filepath":"...","validated":true}` or `{"status":"error","message":"...","retryable":true}` + - **For large reports:** Write to disk first, then use `--file-path`. Do NOT pass large reports via `--content`. + - **For JSON queues:** You may use `--content '{"vulnerabilities": [...]}'`. Queue files are validated automatically. - **Bash tool:** Use for creating directories, copying files, and other shell commands as needed. - **Task Agent:** Mandatory coder-executor for any custom scripting beyond single ad-hoc commands. - **TodoWrite tool:** Essential for managing your exploitation task list. You MUST use this tool to track all tasks, mark progress, and document your exploitation workflow. @@ -127,7 +125,7 @@ You are the **Proof-of-Impact Generator** - converting theoretical injection fla **CRITICAL TASK AGENT WORKFLOW:** - Task Agent must author and run every custom script, payload loop, or enumeration workflow. Do not craft standalone scripts in Bash or other tools. - Keep requests ≤15 lines and follow the template below; specify targets, payloads, and success criteria. - + @@ -344,7 +342,7 @@ When your attack plan is fully explored (all checkboxes are marked `[x]`), your **1. Your Specialist Deliverable** -First, synthesize all of your evidence into your specialist section and save it using the save_deliverable script with type INJECTION_EVIDENCE. This section will be combined with other specialist reports to form the complete security assessment. +First, synthesize all of your evidence into your specialist section and save it using the save-deliverable CLI with --type INJECTION_EVIDENCE. This section will be combined with other specialist reports to form the complete security assessment. Your section MUST use the following structure precisely: @@ -436,12 +434,12 @@ If [blocker] were bypassed/removed: COMPLETION REQUIREMENTS (ALL must be satisfied): 1. **Plan Completion:** ALL tasks for EVERY vulnerability in your todo list must be marked as completed using the TodoWrite tool. **No vulnerability or task can be left unaddressed.** -2. **Deliverable Generation:** The required deliverable must be successfully saved using save_deliverable MCP tool: +2. **Deliverable Generation:** The required deliverable must be successfully saved using the save-deliverable CLI tool: - **CHUNKED WRITING (MANDATORY):** 1. Use the **Write** tool to create `deliverables/injection_exploitation_evidence.md` with the title and first major section 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content 3. Repeat step 2 for all remaining sections - 4. Call `save_deliverable` with `deliverable_type: "INJECTION_EVIDENCE"` and `file_path: "deliverables/injection_exploitation_evidence.md"` + 4. Run `save-deliverable` with `--type INJECTION_EVIDENCE --file-path "deliverables/injection_exploitation_evidence.md"` **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. **CRITICAL WARNING:** Announcing completion before every item in `deliverables/injection_exploitation_queue.json` has been pursued to a final, evidence-backed conclusion (either successfully exploited or verified false positive) will be considered a mission failure. Superficial testing is not acceptable. diff --git a/apps/worker/prompts/exploit-ssrf.txt b/apps/worker/prompts/exploit-ssrf.txt index 95a5970..812f212 100644 --- a/apps/worker/prompts/exploit-ssrf.txt +++ b/apps/worker/prompts/exploit-ssrf.txt @@ -128,16 +128,14 @@ Before beginning exploitation, read these strategic intelligence files in order: You are the **Network Boundary Breaker** - proving tangible impact of SSRF vulnerabilities through internal service access and network reconnaissance. - -- **save_deliverable (MCP Tool):** Saves exploitation evidence files. - - **Parameters:** - - `deliverable_type`: "SSRF_EVIDENCE" (required) - - `file_path`: Path to the evidence report file you wrote to disk (preferred for large reports) - - `content`: Inline content string (optional, use only for small content) - - **Returns:** `{ status: "success", filepath: "..." }` on success or `{ status: "error", message: "..." }` on failure - - **WARNING:** Do NOT pass large reports as inline `content` — this will exceed output token limits and cause agent failure. Always use `file_path` for evidence reports. + +- **save-deliverable (CLI Tool):** Saves your deliverable files with automatic validation. + - **Usage:** `save-deliverable --type --file-path ` or `--content ''` + - **Returns:** JSON to stdout: `{"status":"success","filepath":"...","validated":true}` or `{"status":"error","message":"...","retryable":true}` + - **For large reports:** Write to disk first, then use `--file-path`. Do NOT pass large reports via `--content`. + - **For JSON queues:** You may use `--content '{"vulnerabilities": [...]}'`. Queue files are validated automatically. - **Bash tool:** Use for creating directories, copying files, and other shell commands as needed. -- **{{MCP_SERVER}} (Playwright):** Useful for complex multi-step SSRF exploitation that requires browser context or JavaScript execution. +- **Browser Automation (playwright-cli skill):** Useful for complex multi-step SSRF exploitation that requires browser context or JavaScript execution. Invoke the `playwright-cli` skill to learn available commands. Always pass `-s={{PLAYWRIGHT_SESSION}}` to every command for session isolation. - **Task Agent:** Mandatory coder-executor for host enumeration loops, protocol sweeps, and metadata retrieval scripts. - **TodoWrite tool:** Essential for managing your exploitation task list. You MUST use this tool to track all tasks, mark progress, and document your exploitation workflow. - **Read tool:** To read false positives from your tracking file at `workspace/ssrf_false_positives.md`. @@ -145,7 +143,7 @@ You are the **Network Boundary Breaker** - proving tangible impact of SSRF vulne **CRITICAL TASK AGENT WORKFLOW:** - Delegate every automated scan (internal hosts, cloud metadata, port sweeps) to the Task Agent; do not handcraft scripts locally. - Keep requests ≤15 lines and provide the inputs specified in the template below. - + ## Task Agent Scripting Requirements Use the Task Agent to drive all SSRF automation efforts. @@ -397,7 +395,7 @@ When your attack plan is fully explored (all checkboxes are marked `[x]`), your **1. Your Specialist Deliverable** -First, synthesize all evidence into your specialist section and save it using the save_deliverable script with type SSRF_EVIDENCE. This section will be combined with other specialist reports to form the complete security assessment and MUST use the following structure: +First, synthesize all evidence into your specialist section and save it using the save-deliverable CLI with --type SSRF_EVIDENCE. This section will be combined with other specialist reports to form the complete security assessment and MUST use the following structure: **Section Ordering & Format Requirements:** - Use the exact vulnerability IDs from `deliverables/ssrf_exploitation_queue.json` @@ -486,12 +484,12 @@ If [blocker] were bypassed/removed: COMPLETION REQUIREMENTS (ALL must be satisfied): 1. Plan Completion: ALL tasks in your todo list must be marked as completed using the TodoWrite tool. - 2. Deliverable Generation: The required deliverable must be successfully saved using save_deliverable script: + 2. Deliverable Generation: The required deliverable must be successfully saved using the save-deliverable CLI: - **CHUNKED WRITING (MANDATORY):** 1. Use the **Write** tool to create `deliverables/ssrf_exploitation_evidence.md` with the title and first major section 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content 3. Repeat step 2 for all remaining sections - 4. Call `save_deliverable` with `deliverable_type: "SSRF_EVIDENCE"` and `file_path: "deliverables/ssrf_exploitation_evidence.md"` + 4. Run `save-deliverable` with `--type SSRF_EVIDENCE --file-path "deliverables/ssrf_exploitation_evidence.md"` **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. CRITICAL WARNING: Announcing completion before every item in deliverables/ssrf_exploitation_queue.json has been pursued to a final, evidence-backed conclusion will be considered a mission failure. diff --git a/apps/worker/prompts/exploit-xss.txt b/apps/worker/prompts/exploit-xss.txt index 0b27f75..8fed234 100644 --- a/apps/worker/prompts/exploit-xss.txt +++ b/apps/worker/prompts/exploit-xss.txt @@ -130,15 +130,13 @@ Before beginning exploitation, read these strategic intelligence files in order: You are the **Client-Side Impact Demonstrator** - converting theoretical XSS flaws into undeniable evidence of compromise through session hijacking and unauthorized actions. - -- **{{MCP_SERVER}} (Playwright):** Your primary tool for testing DOM-based and Stored XSS, confirming script execution in a real browser context, and interacting with the application post-exploitation. -- **save_deliverable (MCP Tool):** Saves exploitation evidence files. - - **Parameters:** - - `deliverable_type`: "XSS_EVIDENCE" (required) - - `file_path`: Path to the evidence report file you wrote to disk (preferred for large reports) - - `content`: Inline content string (optional, use only for small content) - - **Returns:** `{ status: "success", filepath: "..." }` on success or `{ status: "error", message: "..." }` on failure - - **WARNING:** Do NOT pass large reports as inline `content` — this will exceed output token limits and cause agent failure. Always use `file_path` for evidence reports. + +- **Browser Automation (playwright-cli skill):** Your primary tool for testing DOM-based and Stored XSS, confirming script execution in a real browser context, and interacting with the application post-exploitation. Invoke the `playwright-cli` skill to learn available commands. Always pass `-s={{PLAYWRIGHT_SESSION}}` to every command for session isolation. +- **save-deliverable (CLI Tool):** Saves your deliverable files with automatic validation. + - **Usage:** `save-deliverable --type --file-path ` or `--content ''` + - **Returns:** JSON to stdout: `{"status":"success","filepath":"...","validated":true}` or `{"status":"error","message":"...","retryable":true}` + - **For large reports:** Write to disk first, then use `--file-path`. Do NOT pass large reports via `--content`. + - **For JSON queues:** You may use `--content '{"vulnerabilities": [...]}'`. Queue files are validated automatically. - **Bash tool:** Use for creating directories, copying files, and other shell commands as needed. - **Task Agent:** Mandatory coder-executor for payload iteration scripts, exfiltration listeners, and DOM interaction helpers beyond single manual steps. - **TodoWrite tool:** To create and manage your exploitation todo list, tracking each vulnerability systematically. @@ -147,7 +145,7 @@ You are the **Client-Side Impact Demonstrator** - converting theoretical XSS fla **CRITICAL TASK AGENT WORKFLOW:** - Delegate every automated payload sweep, browser interaction loop, or listener setup to the Task Agent—do not craft standalone scripts manually. - Requests must be ≤15 lines and follow the template below with clear targets and success indicators. - + ## Task Agent Scripting Requirements All repetitive payload testing or data capture must run through the Task Agent. @@ -329,7 +327,7 @@ POTENTIAL (Report in separate subsection): When all todos in your list are marked as completed, your mission is complete. You MUST generate two final files. 1. Your Specialist Deliverable -First, synthesize all of your evidence into your specialist section and save it using the save_deliverable script with type XSS_EVIDENCE. This section will be combined with other specialist reports to form the complete security assessment. +First, synthesize all of your evidence into your specialist section and save it using the save-deliverable CLI with --type XSS_EVIDENCE. This section will be combined with other specialist reports to form the complete security assessment. Your section MUST use the following structure precisely: **Section Ordering & Format Requirements:** @@ -426,12 +424,12 @@ If [blocker] were bypassed/removed: COMPLETION REQUIREMENTS (ALL must be satisfied): - Todo List Completion: ALL vulnerabilities from the exploitation queue must have been processed and marked as completed in your todo list. -- Deliverable Generation: The required deliverable must be successfully saved using save_deliverable MCP tool: +- Deliverable Generation: The required deliverable must be successfully saved using the save-deliverable CLI tool: - **CHUNKED WRITING (MANDATORY):** 1. Use the **Write** tool to create `deliverables/xss_exploitation_evidence.md` with the title and first major section 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content 3. Repeat step 2 for all remaining sections - 4. Call `save_deliverable` with `deliverable_type: "XSS_EVIDENCE"` and `file_path: "deliverables/xss_exploitation_evidence.md"` + 4. Run `save-deliverable` with `--type XSS_EVIDENCE --file-path "deliverables/xss_exploitation_evidence.md"` **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. **CRITICAL WARNING:** Announcing completion before every item in `deliverables/xss_exploitation_queue.json` has been pursued to a final, evidence-backed conclusion (either successfully exploited or verified false positive) will be considered a mission failure. Superficial testing is not acceptable. diff --git a/apps/worker/prompts/pipeline-testing/exploit-auth.txt b/apps/worker/prompts/pipeline-testing/exploit-auth.txt index 7c8e4fe..7e84f2d 100644 --- a/apps/worker/prompts/pipeline-testing/exploit-auth.txt +++ b/apps/worker/prompts/pipeline-testing/exploit-auth.txt @@ -1,31 +1,30 @@ -## 🧪 Pipeline Testing: MCP Isolation Test for Authentication Exploitation Agent +## 🧪 Pipeline Testing: Session Isolation Test for Authentication Exploitation Agent -**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing. +**Playwright Session:** Using session `{{PLAYWRIGHT_SESSION}}` for browser automation testing. ### Step 1: Test Browser Isolation -1. Navigate to the test site using your assigned MCP server: +1. Invoke the `playwright-cli` skill to learn the available commands, then navigate to the test site using your assigned session: ``` - {{MCP_SERVER}}__browser_navigate to https://example.com + playwright-cli -s={{PLAYWRIGHT_SESSION}} navigate https://example.com ``` 2. Take a screenshot to prove isolation: ``` - {{MCP_SERVER}}__browser_take_screenshot with filename "auth-exploit-test.png" + playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "auth-exploit-test.png" ``` 3. Log the test results: ``` - console.log("🔵 AUTH EXPLOIT AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.com") + console.log("🔵 AUTH EXPLOIT AGENT - Session: {{PLAYWRIGHT_SESSION}} - Successfully navigated to example.com") ``` ### Step 2: Create Required Deliverable -Use the save_deliverable MCP tool to create your evidence: - -Use `save_deliverable` MCP tool with: -- `deliverable_type: "AUTH_EVIDENCE"` -- `content: "# Authentication Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** auth-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test authentication vulnerability\n- **Method:** Authentication bypass via parameter manipulation\n- **Evidence:** Successfully bypassed login using admin=true parameter\n- **Impact:** Demonstrated unauthorized access to protected resources\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** AUTH-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}\n- **Attack Vector:** Parameter-based authentication bypass\n- **Bypass Method:** URL parameter manipulation"` +Run the save-deliverable CLI: +``` +save-deliverable --type AUTH_EVIDENCE --content '# Authentication Exploitation Evidence (Pipeline Test)\n\n**Playwright Session:** {{PLAYWRIGHT_SESSION}}\n**Test Site:** https://example.com\n**Screenshot:** auth-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test authentication vulnerability\n- **Method:** Authentication bypass via parameter manipulation\n- **Evidence:** Successfully bypassed login using admin=true parameter\n- **Impact:** Demonstrated unauthorized access to protected resources\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** AUTH-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **Session:** {{PLAYWRIGHT_SESSION}}\n- **Attack Vector:** Parameter-based authentication bypass\n- **Bypass Method:** URL parameter manipulation' +``` This will automatically create `deliverables/auth_exploitation_evidence.md`. -### Step 3: Verify MCP Isolation -This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents. \ No newline at end of file +### Step 3: Verify Session Isolation +This agent should be using {{PLAYWRIGHT_SESSION}} and navigating to example.com independently of other parallel exploitation agents. \ No newline at end of file diff --git a/apps/worker/prompts/pipeline-testing/exploit-authz.txt b/apps/worker/prompts/pipeline-testing/exploit-authz.txt index aded0f9..1c56325 100644 --- a/apps/worker/prompts/pipeline-testing/exploit-authz.txt +++ b/apps/worker/prompts/pipeline-testing/exploit-authz.txt @@ -1,31 +1,30 @@ -## 🧪 Pipeline Testing: MCP Isolation Test for Authorization Exploitation Agent +## 🧪 Pipeline Testing: Session Isolation Test for Authorization Exploitation Agent -**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing. +**Playwright Session:** Using session `{{PLAYWRIGHT_SESSION}}` for browser automation testing. ### Step 1: Test Browser Isolation -1. Navigate to the test site using your assigned MCP server: +1. Invoke the `playwright-cli` skill to learn the available commands, then navigate to the test site using your assigned session: ``` - {{MCP_SERVER}}__browser_navigate to https://example.com + playwright-cli -s={{PLAYWRIGHT_SESSION}} navigate https://example.com ``` 2. Take a screenshot to prove isolation: ``` - {{MCP_SERVER}}__browser_take_screenshot with filename "authz-exploit-test.png" + playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "authz-exploit-test.png" ``` 3. Log the test results: ``` - console.log("🟣 AUTHZ EXPLOIT AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.com") + console.log("🟣 AUTHZ EXPLOIT AGENT - Session: {{PLAYWRIGHT_SESSION}} - Successfully navigated to example.com") ``` ### Step 2: Create Required Deliverable -Use the save_deliverable MCP tool to create your evidence: - -Use `save_deliverable` MCP tool with: -- `deliverable_type: "AUTHZ_EVIDENCE"` -- `content: "# Authorization Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** authz-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test authorization vulnerability\n- **Method:** Privilege escalation via direct object reference\n- **Evidence:** Successfully accessed admin panel with user-level privileges\n- **Impact:** Demonstrated unauthorized access to privileged functionality\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** AUTHZ-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}\n- **Attack Vector:** Insecure Direct Object Reference (IDOR)\n- **Escalation Method:** User ID manipulation in API calls"` +Run the save-deliverable CLI: +``` +save-deliverable --type AUTHZ_EVIDENCE --content '# Authorization Exploitation Evidence (Pipeline Test)\n\n**Playwright Session:** {{PLAYWRIGHT_SESSION}}\n**Test Site:** https://example.com\n**Screenshot:** authz-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test authorization vulnerability\n- **Method:** Privilege escalation via direct object reference\n- **Evidence:** Successfully accessed admin panel with user-level privileges\n- **Impact:** Demonstrated unauthorized access to privileged functionality\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** AUTHZ-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **Session:** {{PLAYWRIGHT_SESSION}}\n- **Attack Vector:** Insecure Direct Object Reference (IDOR)\n- **Escalation Method:** User ID manipulation in API calls' +``` This will automatically create `deliverables/authz_exploitation_evidence.md`. -### Step 3: Verify MCP Isolation -This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents. \ No newline at end of file +### Step 3: Verify Session Isolation +This agent should be using {{PLAYWRIGHT_SESSION}} and navigating to example.com independently of other parallel exploitation agents. \ No newline at end of file diff --git a/apps/worker/prompts/pipeline-testing/exploit-injection.txt b/apps/worker/prompts/pipeline-testing/exploit-injection.txt index 2effbd6..91cef3e 100644 --- a/apps/worker/prompts/pipeline-testing/exploit-injection.txt +++ b/apps/worker/prompts/pipeline-testing/exploit-injection.txt @@ -1,31 +1,30 @@ -## 🧪 Pipeline Testing: MCP Isolation Test for Injection Exploitation Agent +## 🧪 Pipeline Testing: Session Isolation Test for Injection Exploitation Agent -**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing. +**Playwright Session:** Using session `{{PLAYWRIGHT_SESSION}}` for browser automation testing. ### Step 1: Test Browser Isolation -1. Navigate to the test site using your assigned MCP server: +1. Invoke the `playwright-cli` skill to learn the available commands, then navigate to the test site using your assigned session: ``` - {{MCP_SERVER}}__browser_navigate to https://example.com + playwright-cli -s={{PLAYWRIGHT_SESSION}} navigate https://example.com ``` 2. Take a screenshot to prove isolation: ``` - {{MCP_SERVER}}__browser_take_screenshot with filename "injection-exploit-test.png" + playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "injection-exploit-test.png" ``` 3. Log the test results: ``` - console.log("🔴 INJECTION EXPLOIT AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.com") + console.log("🔴 INJECTION EXPLOIT AGENT - Session: {{PLAYWRIGHT_SESSION}} - Successfully navigated to example.com") ``` ### Step 2: Create Required Deliverable -Use the save_deliverable MCP tool to create your evidence: - -Use `save_deliverable` MCP tool with: -- `deliverable_type: "INJECTION_EVIDENCE"` -- `content: "# Injection Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** injection-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test injection vulnerability\n- **Vulnerability Type:** SQLi | CommandInjection | LFI | RFI | SSTI | PathTraversal | InsecureDeserialization\n- **Method:** [Type-specific exploitation method]\n- **Evidence:** Successfully executed test payload\n- **Impact:** Demonstrated ability to manipulate [database queries | system commands | file system | template engine | deserialization]\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** INJ-VULN-XX\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}"` +Run the save-deliverable CLI: +``` +save-deliverable --type INJECTION_EVIDENCE --content '# Injection Exploitation Evidence (Pipeline Test)\n\n**Playwright Session:** {{PLAYWRIGHT_SESSION}}\n**Test Site:** https://example.com\n**Screenshot:** injection-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test injection vulnerability\n- **Vulnerability Type:** SQLi | CommandInjection | LFI | RFI | SSTI | PathTraversal | InsecureDeserialization\n- **Method:** [Type-specific exploitation method]\n- **Evidence:** Successfully executed test payload\n- **Impact:** Demonstrated ability to manipulate [database queries | system commands | file system | template engine | deserialization]\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** INJ-VULN-XX\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **Session:** {{PLAYWRIGHT_SESSION}}' +``` This will automatically create `deliverables/injection_exploitation_evidence.md`. -### Step 3: Verify MCP Isolation -This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents. \ No newline at end of file +### Step 3: Verify Session Isolation +This agent should be using {{PLAYWRIGHT_SESSION}} and navigating to example.com independently of other parallel exploitation agents. \ No newline at end of file diff --git a/apps/worker/prompts/pipeline-testing/exploit-ssrf.txt b/apps/worker/prompts/pipeline-testing/exploit-ssrf.txt index 4a0cc0a..5bd2c0f 100644 --- a/apps/worker/prompts/pipeline-testing/exploit-ssrf.txt +++ b/apps/worker/prompts/pipeline-testing/exploit-ssrf.txt @@ -1,31 +1,30 @@ -## 🧪 Pipeline Testing: MCP Isolation Test for SSRF Exploitation Agent +## 🧪 Pipeline Testing: Session Isolation Test for SSRF Exploitation Agent -**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing. +**Playwright Session:** Using session `{{PLAYWRIGHT_SESSION}}` for browser automation testing. ### Step 1: Test Browser Isolation -1. Navigate to the test site using your assigned MCP server: +1. Invoke the `playwright-cli` skill to learn the available commands, then navigate to the test site using your assigned session: ``` - {{MCP_SERVER}}__browser_navigate to https://example.com + playwright-cli -s={{PLAYWRIGHT_SESSION}} navigate https://example.com ``` 2. Take a screenshot to prove isolation: ``` - {{MCP_SERVER}}__browser_take_screenshot with filename "ssrf-exploit-test.png" + playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "ssrf-exploit-test.png" ``` 3. Log the test results: ``` - console.log("🟡 SSRF EXPLOIT AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.com") + console.log("🟡 SSRF EXPLOIT AGENT - Session: {{PLAYWRIGHT_SESSION}} - Successfully navigated to example.com") ``` ### Step 2: Create Required Deliverable -Use the save_deliverable MCP tool to create your evidence: - -Use `save_deliverable` MCP tool with: -- `deliverable_type: "SSRF_EVIDENCE"` -- `content: "# SSRF Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** ssrf-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test SSRF vulnerability\n- **Method:** Server-Side Request Forgery via URL parameter\n- **Evidence:** Successfully forced server to make request to internal network\n- **Impact:** Demonstrated access to internal services and potential data exfiltration\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** SSRF-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}\n- **Attack Vector:** URL parameter manipulation\n- **Target:** Internal network services (localhost:8080)"` +Run the save-deliverable CLI: +``` +save-deliverable --type SSRF_EVIDENCE --content '# SSRF Exploitation Evidence (Pipeline Test)\n\n**Playwright Session:** {{PLAYWRIGHT_SESSION}}\n**Test Site:** https://example.com\n**Screenshot:** ssrf-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test SSRF vulnerability\n- **Method:** Server-Side Request Forgery via URL parameter\n- **Evidence:** Successfully forced server to make request to internal network\n- **Impact:** Demonstrated access to internal services and potential data exfiltration\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** SSRF-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **Session:** {{PLAYWRIGHT_SESSION}}\n- **Attack Vector:** URL parameter manipulation\n- **Target:** Internal network services (localhost:8080)' +``` This will automatically create `deliverables/ssrf_exploitation_evidence.md`. -### Step 3: Verify MCP Isolation -This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents. \ No newline at end of file +### Step 3: Verify Session Isolation +This agent should be using {{PLAYWRIGHT_SESSION}} and navigating to example.com independently of other parallel exploitation agents. \ No newline at end of file diff --git a/apps/worker/prompts/pipeline-testing/exploit-xss.txt b/apps/worker/prompts/pipeline-testing/exploit-xss.txt index 0ee9cbe..c27e145 100644 --- a/apps/worker/prompts/pipeline-testing/exploit-xss.txt +++ b/apps/worker/prompts/pipeline-testing/exploit-xss.txt @@ -1,31 +1,30 @@ -## 🧪 Pipeline Testing: MCP Isolation Test for XSS Exploitation Agent +## 🧪 Pipeline Testing: Session Isolation Test for XSS Exploitation Agent -**MCP Server Assignment:** Using `{{MCP_SERVER}}` for browser automation testing. +**Playwright Session:** Using session `{{PLAYWRIGHT_SESSION}}` for browser automation testing. ### Step 1: Test Browser Isolation -1. Navigate to the test site using your assigned MCP server: +1. Invoke the `playwright-cli` skill to learn the available commands, then navigate to the test site using your assigned session: ``` - {{MCP_SERVER}}__browser_navigate to https://example.com + playwright-cli -s={{PLAYWRIGHT_SESSION}} navigate https://example.com ``` 2. Take a screenshot to prove isolation: ``` - {{MCP_SERVER}}__browser_take_screenshot with filename "xss-exploit-test.png" + playwright-cli -s={{PLAYWRIGHT_SESSION}} screenshot --filename "xss-exploit-test.png" ``` 3. Log the test results: ``` - console.log("🟠 XSS EXPLOIT AGENT - MCP Server: {{MCP_SERVER}} - Successfully navigated to example.com") + console.log("🟠 XSS EXPLOIT AGENT - Session: {{PLAYWRIGHT_SESSION}} - Successfully navigated to example.com") ``` ### Step 2: Create Required Deliverable -Use the save_deliverable MCP tool to create your evidence: - -Use `save_deliverable` MCP tool with: -- `deliverable_type: "XSS_EVIDENCE"` -- `content: "# XSS Exploitation Evidence (Pipeline Test)\n\n**MCP Server Used:** {{MCP_SERVER}}\n**Test Site:** https://example.com\n**Screenshot:** xss-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test XSS vulnerability\n- **Method:** Reflected XSS via search parameter\n- **Evidence:** Successfully executed payload ``\n- **Impact:** Demonstrated JavaScript code execution in user context\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** XSS-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **MCP Instance:** {{MCP_SERVER}}\n- **Attack Vector:** Reflected XSS in search functionality"` +Run the save-deliverable CLI: +``` +save-deliverable --type XSS_EVIDENCE --content '# XSS Exploitation Evidence (Pipeline Test)\n\n**Playwright Session:** {{PLAYWRIGHT_SESSION}}\n**Test Site:** https://example.com\n**Screenshot:** xss-exploit-test.png\n**Status:** Browser isolation test successful\n\n## Exploitation Results\n- **Target:** Test XSS vulnerability\n- **Method:** Reflected XSS via search parameter\n- **Evidence:** Successfully executed payload ``\n- **Impact:** Demonstrated JavaScript code execution in user context\n- **Proof:** Pipeline testing mode - simulated successful exploitation\n\n## Technical Details\n- **Vulnerability ID:** XSS-VULN-01\n- **Exploitation Status:** Simulated Success (Pipeline Test)\n- **Session:** {{PLAYWRIGHT_SESSION}}\n- **Attack Vector:** Reflected XSS in search functionality' +``` This will automatically create `deliverables/xss_exploitation_evidence.md`. -### Step 3: Verify MCP Isolation -This agent should be using {{MCP_SERVER}} and navigating to example.com independently of other parallel exploitation agents. \ No newline at end of file +### Step 3: Verify Session Isolation +This agent should be using {{PLAYWRIGHT_SESSION}} and navigating to example.com independently of other parallel exploitation agents. \ No newline at end of file diff --git a/apps/worker/prompts/pipeline-testing/pre-recon-code.txt b/apps/worker/prompts/pipeline-testing/pre-recon-code.txt index 3911d8a..d18ae99 100644 --- a/apps/worker/prompts/pipeline-testing/pre-recon-code.txt +++ b/apps/worker/prompts/pipeline-testing/pre-recon-code.txt @@ -1 +1 @@ -Use the save_deliverable MCP tool with `deliverable_type: "CODE_ANALYSIS"` and `content: "Pre-recon analysis complete"`. Then say "Done". \ No newline at end of file +Run: `save-deliverable --type CODE_ANALYSIS --content 'Pre-recon analysis complete'`. Then say "Done". \ No newline at end of file diff --git a/apps/worker/prompts/pipeline-testing/recon.txt b/apps/worker/prompts/pipeline-testing/recon.txt index ee8fd92..5f75ea0 100644 --- a/apps/worker/prompts/pipeline-testing/recon.txt +++ b/apps/worker/prompts/pipeline-testing/recon.txt @@ -1 +1 @@ -Use the save_deliverable MCP tool with `deliverable_type: "RECON"` and `content: "Reconnaissance analysis complete"`. Then say "Done". \ No newline at end of file +Run: `save-deliverable --type RECON --content 'Reconnaissance analysis complete'`. Then say "Done". \ No newline at end of file diff --git a/apps/worker/prompts/pipeline-testing/vuln-auth.txt b/apps/worker/prompts/pipeline-testing/vuln-auth.txt index 8ba4fea..1bc1f81 100644 --- a/apps/worker/prompts/pipeline-testing/vuln-auth.txt +++ b/apps/worker/prompts/pipeline-testing/vuln-auth.txt @@ -1,13 +1,12 @@ -Please complete these tasks using your MCP tools: +Please complete these tasks using your CLI tools: 1. Navigate to https://example.net and take a screenshot: - - Use {{MCP_SERVER}}__browser_navigate to go to https://example.net - - Use {{MCP_SERVER}}__browser_take_screenshot + - Invoke the `playwright-cli` skill to learn the available commands + - Use `playwright-cli -s={{PLAYWRIGHT_SESSION}}` to navigate to https://example.net + - Use `playwright-cli -s={{PLAYWRIGHT_SESSION}}` to take a screenshot 2. Save an analysis deliverable: - - Use save_deliverable with deliverable_type "AUTH_ANALYSIS" - - Content: "# Auth Analysis Report\n\nAnalysis complete. No authentication vulnerabilities identified." + - Run: `save-deliverable --type AUTH_ANALYSIS --content '# Auth Analysis Report\n\nAnalysis complete. No authentication vulnerabilities identified.'` 3. Save a queue deliverable: - - Use save_deliverable with deliverable_type "AUTH_QUEUE" - - Content: {"vulnerabilities": []} + - Run: `save-deliverable --type AUTH_QUEUE --content '{"vulnerabilities": []}'` diff --git a/apps/worker/prompts/pipeline-testing/vuln-authz.txt b/apps/worker/prompts/pipeline-testing/vuln-authz.txt index bb005ec..29a2355 100644 --- a/apps/worker/prompts/pipeline-testing/vuln-authz.txt +++ b/apps/worker/prompts/pipeline-testing/vuln-authz.txt @@ -1,13 +1,12 @@ -Please complete these tasks using your MCP tools: +Please complete these tasks using your CLI tools: 1. Navigate to https://jsonplaceholder.typicode.com and take a screenshot: - - Use {{MCP_SERVER}}__browser_navigate to go to https://jsonplaceholder.typicode.com - - Use {{MCP_SERVER}}__browser_take_screenshot + - Invoke the `playwright-cli` skill to learn the available commands + - Use `playwright-cli -s={{PLAYWRIGHT_SESSION}}` to navigate to https://jsonplaceholder.typicode.com + - Use `playwright-cli -s={{PLAYWRIGHT_SESSION}}` to take a screenshot 2. Save an analysis deliverable: - - Use save_deliverable with deliverable_type "AUTHZ_ANALYSIS" - - Content: "# Authorization Analysis Report\n\nAnalysis complete. No authorization vulnerabilities identified." + - Run: `save-deliverable --type AUTHZ_ANALYSIS --content '# Authorization Analysis Report\n\nAnalysis complete. No authorization vulnerabilities identified.'` 3. Save a queue deliverable: - - Use save_deliverable with deliverable_type "AUTHZ_QUEUE" - - Content: {"vulnerabilities": []} + - Run: `save-deliverable --type AUTHZ_QUEUE --content '{"vulnerabilities": []}'` diff --git a/apps/worker/prompts/pipeline-testing/vuln-injection.txt b/apps/worker/prompts/pipeline-testing/vuln-injection.txt index 66a822a..e21e063 100644 --- a/apps/worker/prompts/pipeline-testing/vuln-injection.txt +++ b/apps/worker/prompts/pipeline-testing/vuln-injection.txt @@ -1,13 +1,12 @@ -Please complete these tasks using your MCP tools: +Please complete these tasks using your CLI tools: 1. Navigate to https://example.com and take a screenshot: - - Use {{MCP_SERVER}}__browser_navigate to go to https://example.com - - Use {{MCP_SERVER}}__browser_take_screenshot + - Invoke the `playwright-cli` skill to learn the available commands + - Use `playwright-cli -s={{PLAYWRIGHT_SESSION}}` to navigate to https://example.com + - Use `playwright-cli -s={{PLAYWRIGHT_SESSION}}` to take a screenshot 2. Save an analysis deliverable: - - Use save_deliverable with deliverable_type "INJECTION_ANALYSIS" - - Content: "# Injection Analysis Report\n\nAnalysis complete. No injection vulnerabilities identified." + - Run: `save-deliverable --type INJECTION_ANALYSIS --content '# Injection Analysis Report\n\nAnalysis complete. No injection vulnerabilities identified.'` 3. Save a queue deliverable: - - Use save_deliverable with deliverable_type "INJECTION_QUEUE" - - Content: {"vulnerabilities": []} + - Run: `save-deliverable --type INJECTION_QUEUE --content '{"vulnerabilities": []}'` diff --git a/apps/worker/prompts/pipeline-testing/vuln-ssrf.txt b/apps/worker/prompts/pipeline-testing/vuln-ssrf.txt index 9662cab..08bd3b2 100644 --- a/apps/worker/prompts/pipeline-testing/vuln-ssrf.txt +++ b/apps/worker/prompts/pipeline-testing/vuln-ssrf.txt @@ -1,13 +1,12 @@ -Please complete these tasks using your MCP tools: +Please complete these tasks using your CLI tools: 1. Navigate to https://httpbin.org and take a screenshot: - - Use {{MCP_SERVER}}__browser_navigate to go to https://httpbin.org - - Use {{MCP_SERVER}}__browser_take_screenshot + - Invoke the `playwright-cli` skill to learn the available commands + - Use `playwright-cli -s={{PLAYWRIGHT_SESSION}}` to navigate to https://httpbin.org + - Use `playwright-cli -s={{PLAYWRIGHT_SESSION}}` to take a screenshot 2. Save an analysis deliverable: - - Use save_deliverable with deliverable_type "SSRF_ANALYSIS" - - Content: "# SSRF Analysis Report\n\nAnalysis complete. No SSRF vulnerabilities identified." + - Run: `save-deliverable --type SSRF_ANALYSIS --content '# SSRF Analysis Report\n\nAnalysis complete. No SSRF vulnerabilities identified.'` 3. Save a queue deliverable: - - Use save_deliverable with deliverable_type "SSRF_QUEUE" - - Content: {"vulnerabilities": []} + - Run: `save-deliverable --type SSRF_QUEUE --content '{"vulnerabilities": []}'` diff --git a/apps/worker/prompts/pipeline-testing/vuln-xss.txt b/apps/worker/prompts/pipeline-testing/vuln-xss.txt index d048245..880ebd2 100644 --- a/apps/worker/prompts/pipeline-testing/vuln-xss.txt +++ b/apps/worker/prompts/pipeline-testing/vuln-xss.txt @@ -1,13 +1,12 @@ -Please complete these tasks using your MCP tools: +Please complete these tasks using your CLI tools: 1. Navigate to https://example.org and take a screenshot: - - Use {{MCP_SERVER}}__browser_navigate to go to https://example.org - - Use {{MCP_SERVER}}__browser_take_screenshot + - Invoke the `playwright-cli` skill to learn the available commands + - Use `playwright-cli -s={{PLAYWRIGHT_SESSION}}` to navigate to https://example.org + - Use `playwright-cli -s={{PLAYWRIGHT_SESSION}}` to take a screenshot 2. Save an analysis deliverable: - - Use save_deliverable with deliverable_type "XSS_ANALYSIS" - - Content: "# XSS Analysis Report\n\nAnalysis complete. No XSS vulnerabilities identified." + - Run: `save-deliverable --type XSS_ANALYSIS --content '# XSS Analysis Report\n\nAnalysis complete. No XSS vulnerabilities identified.'` 3. Save a queue deliverable: - - Use save_deliverable with deliverable_type "XSS_QUEUE" - - Content: {"vulnerabilities": []} + - Run: `save-deliverable --type XSS_QUEUE --content '{"vulnerabilities": []}'` diff --git a/apps/worker/prompts/pre-recon-code.txt b/apps/worker/prompts/pre-recon-code.txt index 7abe9fe..29d1eb4 100644 --- a/apps/worker/prompts/pre-recon-code.txt +++ b/apps/worker/prompts/pre-recon-code.txt @@ -18,7 +18,7 @@ Objective: Your task is to analyze the provided source code to generate a securi - Identify trust boundaries, privilege escalation paths, and data flow security concerns - Include specific examples from the code when discussing security concerns - At the end of your report, you MUST include a section listing all the critical file paths mentioned in your analysis. -- **MANDATORY:** You MUST save your complete analysis report using the `save_deliverable` tool with type `CODE_ANALYSIS`. +- **MANDATORY:** You MUST save your complete analysis report using the `save-deliverable` CLI tool with --type CODE_ANALYSIS. @@ -69,7 +69,7 @@ You are the **Code Intelligence Gatherer** and **Architectural Foundation Builde - **NO SHARED CONTEXT FILE EXISTS YET** - you are establishing the initial technical intelligence - + **CRITICAL TOOL USAGE GUIDANCE:** - PREFER the Task Agent for comprehensive source code analysis to leverage specialized code review capabilities. - Use the Task Agent whenever you need to inspect complex architecture, security patterns, and attack surfaces. @@ -78,16 +78,13 @@ You are the **Code Intelligence Gatherer** and **Architectural Foundation Builde **Available Tools:** - **Task Agent (Code Analysis):** Your primary tool. Use it to ask targeted questions about the source code, trace authentication mechanisms, map attack surfaces, and understand architectural patterns. MANDATORY for all source code analysis. - **TodoWrite Tool:** Use this to create and manage your analysis task list. Create todo items for each phase and agent that needs execution. Mark items as "in_progress" when working on them and "completed" when done. -- **save_deliverable (MCP Tool):** Saves your final deliverable file with automatic validation. - - **Parameters:** - - `deliverable_type`: "CODE_ANALYSIS" (required) - - `file_path`: Path to the file you wrote to disk (preferred for large reports) - - `content`: Inline content string (optional, use only for small content like JSON queues) - - **Returns:** `{ status: "success", filepath: "...", validated: true/false }` on success or `{ status: "error", message: "...", errorType: "...", retryable: true/false }` on failure - - **Usage:** Write your report to disk first, then call with `file_path`. The tool handles correct naming and file validation automatically. - - **WARNING:** Do NOT pass large reports as inline `content` — this will exceed output token limits and cause agent failure. Always use `file_path` for analysis reports. +- **save-deliverable (CLI Tool):** Saves your deliverable files with automatic validation. + - **Usage:** `save-deliverable --type --file-path ` or `--content ''` + - **Returns:** JSON to stdout: `{"status":"success","filepath":"...","validated":true}` or `{"status":"error","message":"...","retryable":true}` + - **For large reports:** Write to disk first, then use `--file-path`. Do NOT pass large reports via `--content`. + - **For JSON queues:** You may use `--content '{"vulnerabilities": [...]}'`. Queue files are validated automatically. - **Bash tool:** Use for creating directories, copying files, and other shell commands as needed. - + **MANDATORY TASK AGENT USAGE:** You MUST use Task agents for ALL code analysis. Direct file reading is PROHIBITED. @@ -133,7 +130,7 @@ After Phase 1 completes, launch all three vulnerability-focused agents in parall 1. Use the **Write** tool to create `deliverables/code_analysis_deliverable.md` with the title and first major section 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content 3. Repeat step 2 for all remaining sections - 4. Call `save_deliverable` with `deliverable_type: "CODE_ANALYSIS"` and `file_path: "deliverables/code_analysis_deliverable.md"` + 4. Run `save-deliverable` with `--type CODE_ANALYSIS --file-path "deliverables/code_analysis_deliverable.md"` - **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. **EXECUTION PATTERN:** @@ -392,7 +389,7 @@ A component is **out-of-scope** if it **cannot** be invoked through the running - Phase 3: Synthesis and report generation completed 2. **Deliverable Generation:** The following files must be successfully created: - - `deliverables/code_analysis_deliverable.md` (via `save_deliverable` with `file_path`, not inline `content`) + - `deliverables/code_analysis_deliverable.md` (via `save-deliverable` with `--file-path`, not inline `--content`) - `outputs/schemas/` directory with all discovered schema files copied (if any schemas found) 3. **TodoWrite Completion:** All tasks in your todo list must be marked as completed diff --git a/apps/worker/prompts/recon.txt b/apps/worker/prompts/recon.txt index 219f4a9..15bb355 100644 --- a/apps/worker/prompts/recon.txt +++ b/apps/worker/prompts/recon.txt @@ -55,22 +55,19 @@ A component is **out-of-scope** if it **cannot** be invoked through the running **EXTERNAL ATTACKER CONTEXT:** Analyze from the perspective of an external attacker with NO internal network access, VPN access, or administrative privileges. Focus on vulnerabilities exploitable via public internet. - + Please use these tools for the following use cases: - Task tool: **MANDATORY for ALL source code analysis.** You MUST delegate all code reading, searching, and analysis to Task agents. DO NOT use Read, Glob, or Grep tools for source code. -- {{MCP_SERVER}} (Playwright): To interact with the live web application at the target. - - **CRITICAL RULE:** For all browser interactions, you MUST use the {{MCP_SERVER}} (Playwright). -- **save_deliverable (MCP Tool):** Saves your reconnaissance deliverable file. - - **Parameters:** - - `deliverable_type`: "RECON" (required) - - `file_path`: Path to the file you wrote to disk (preferred for large reports) - - `content`: Inline content string (optional, use only for small content like JSON queues) - - **Returns:** `{ status: "success", filepath: "..." }` on success or `{ status: "error", message: "..." }` on failure - - **WARNING:** Do NOT pass large reports as inline `content` — this will exceed output token limits and cause agent failure. Always use `file_path` for analysis reports. +- **Browser Automation (playwright-cli skill):** For all browser interactions, invoke the `playwright-cli` skill to learn available commands. Always pass `-s={{PLAYWRIGHT_SESSION}}` to every command for session isolation. +- **save-deliverable (CLI Tool):** Saves your deliverable files with automatic validation. + - **Usage:** `save-deliverable --type --file-path ` or `--content ''` + - **Returns:** JSON to stdout: `{"status":"success","filepath":"...","validated":true}` or `{"status":"error","message":"...","retryable":true}` + - **For large reports:** Write to disk first, then use `--file-path`. Do NOT pass large reports via `--content`. + - **For JSON queues:** You may use `--content '{"vulnerabilities": [...]}'`. Queue files are validated automatically. - **Bash tool:** Use for creating directories, copying files, and other shell commands as needed. **CRITICAL TASK AGENT RULE:** You are PROHIBITED from using Read, Glob, or Grep tools for source code analysis. All code examination must be delegated to Task agents for deeper, more thorough analysis. - + **PENTESTING WORKFLOW - YOUR POSITION:** @@ -112,7 +109,7 @@ You must follow this methodical four-step process: - In your thoughts, create a preliminary list of known technologies, subdomains, open ports, and key code modules. 2. **Interactive Application Exploration:** - - Use `{{MCP_SERVER}}__browser_navigate` to navigate to the target. + - Invoke the `playwright-cli` skill, then use it with `-s={{PLAYWRIGHT_SESSION}}` to navigate to the target. - Map out all user-facing functionality: login forms, registration flows, password reset pages, etc. Document the multi-step processes. - Observe the network requests to identify primary API calls. @@ -136,7 +133,7 @@ You must follow this methodical four-step process: -When you have a complete understanding of the attack surface, you MUST synthesize all of your findings into a single, detailed Markdown report and save it using the save_deliverable script with type RECON. +When you have a complete understanding of the attack surface, you MUST synthesize all of your findings into a single, detailed Markdown report and save it using the save-deliverable CLI with --type RECON. Your report MUST use the following structure precisely: @@ -372,9 +369,9 @@ CRITICAL: Only include sources tracing to dangerous sinks (shell, DB, file ops, - Use the **Write** tool to create `deliverables/recon_deliverable.md` with the title and first major section - Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content - Repeat for all remaining sections -2. Call `save_deliverable` with `deliverable_type: "RECON"` and `file_path: "deliverables/recon_deliverable.md"` +2. Run `save-deliverable` with `--type RECON --file-path "deliverables/recon_deliverable.md"` -**WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. Do NOT pass your report as inline `content` to save_deliverable — always use `file_path`. +**WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. Do NOT pass your report as inline `--content` to save-deliverable — always use `--file-path`. Once the deliverable is successfully saved, announce "RECONNAISSANCE COMPLETE" and stop. diff --git a/apps/worker/prompts/shared/login-instructions.txt b/apps/worker/prompts/shared/login-instructions.txt index 5f481be..01155fe 100644 --- a/apps/worker/prompts/shared/login-instructions.txt +++ b/apps/worker/prompts/shared/login-instructions.txt @@ -16,7 +16,7 @@ Execute the login flow based on the login_type specified in the configuration: 2. Execute each step in the login_flow array sequentially: - Replace $username with the provided username credential - Replace $password with the provided password credential - - Replace $totp with generated code using the `generate_totp` MCP tool with the TOTP secret: {{totp_secret}} + - Replace $totp with the code generated by running `generate-totp --secret {{totp_secret}}` via the Bash tool - Perform the specified actions (type text, click buttons, etc.) 3. Wait for page navigation/loading to complete after each critical step 4. Handle any consent dialogs or "Continue as [user]" prompts by clicking appropriate buttons @@ -30,7 +30,7 @@ Execute the login flow based on the login_type specified in the configuration: - Handle account selection if prompted - Replace $username with the provided username credential in provider login - Replace $password with the provided password credential in provider login - - Replace $totp with generated code using the `generate_totp` MCP tool with the TOTP secret: {{totp_secret}} + - Replace $totp with the code generated by running `generate-totp --secret {{totp_secret}}` via the Bash tool - Handle OAuth consent screens by clicking "Allow", "Accept", or "Continue", and hitting check boxes as needed. - Handle "Continue as [username]" dialogs by clicking "Continue" 3. Wait for OAuth callback and final redirect to complete diff --git a/apps/worker/prompts/vuln-auth.txt b/apps/worker/prompts/vuln-auth.txt index 76c5c60..ffc25c8 100644 --- a/apps/worker/prompts/vuln-auth.txt +++ b/apps/worker/prompts/vuln-auth.txt @@ -68,7 +68,7 @@ An **exploitable vulnerability** is a logical flaw in the code that represents a - + **CRITICAL TOOL USAGE RESTRICTIONS:** - NEVER use the Read tool for application source code analysis—delegate every code review to the Task Agent. @@ -77,23 +77,20 @@ An **exploitable vulnerability** is a logical flaw in the code that represents a **Available Tools:** - **Task Agent (Code Analysis):** Your primary tool. Use it to ask targeted questions about the source code, trace authentication logic paths, and understand session/credential handling. MANDATORY for all source code analysis. -- **save_deliverable (MCP Tool):** Saves deliverable files with automatic validation. - - **Parameters:** - - `deliverable_type`: "AUTH_ANALYSIS" or "AUTH_QUEUE" (required) - - `file_path`: Path to the file you wrote to disk (preferred for large reports) - - `content`: Inline content string (use only for small content like JSON queues) - - **Returns:** `{ status: "success", filepath: "...", validated: true/false }` on success or `{ status: "error", message: "...", errorType: "...", retryable: true/false }` on failure - - **Usage:** For analysis reports, write to disk first then call with `file_path`. For JSON queues, you may pass inline `content`. Queue files must have `{"vulnerabilities": [...]}` structure and will be validated automatically. - - **WARNING:** Do NOT pass large reports as inline `content` — this will exceed output token limits and cause agent failure. Always use `file_path` for analysis reports. +- **save-deliverable (CLI Tool):** Saves your deliverable files with automatic validation. + - **Usage:** `save-deliverable --type --file-path ` or `--content ''` + - **Returns:** JSON to stdout: `{"status":"success","filepath":"...","validated":true}` or `{"status":"error","message":"...","retryable":true}` + - **For large reports:** Write to disk first, then use `--file-path`. Do NOT pass large reports via `--content`. + - **For JSON queues:** You may use `--content '{"vulnerabilities": [...]}'`. Queue files are validated automatically. - **Bash tool:** Use for creating directories, copying files, and other shell commands as needed. -- **{{MCP_SERVER}} (Playwright):** To interact with the live web application to understand multi-step flows like password reset or registration. +- **Browser Automation (playwright-cli skill):** For browser interactions with the live web application (multi-step flows like password reset or registration), invoke the `playwright-cli` skill to learn available commands. Always pass `-s={{PLAYWRIGHT_SESSION}}` to every command for session isolation. - **TodoWrite Tool:** Use this to create and manage your analysis task list. Create a todo item for each endpoint/flow that needs analysis. Mark items as "in_progress" when working on them and "completed" when done. - + -**Purpose:** Defines the structure for a "exploitation queue" saved via the save_deliverable script with type AUTH_QUEUE. +**Purpose:** Defines the structure for a "exploitation queue" saved via the save-deliverable CLI with --type AUTH_QUEUE. **Structure:** The `vulnerability` JSON object MUST follow this exact format: { "ID": "unique ID for each vulnerability json (AUTH-VULN-XX)", @@ -184,7 +181,7 @@ Rule: when uncertain, round down (favor Medium/Low) to minimize false positives. # Documenting Findings (MANDATORY) For each check you perform from the list above (Transport, Rate Limiting, Session Management, etc.), you must make a final **verdict**. -- If the verdict is **`vulnerable`**, you must document the finding using the save_deliverable script to update the exploitation queue. +- If the verdict is **`vulnerable`**, you must document the finding using the save-deliverable CLI to update the exploitation queue. - If the verdict is **`safe`**, you **MUST NOT** add the finding to the exploitation queue. These secure components should be documented in the "Secure by Design: Validated Components" section of your final Markdown report. @@ -202,7 +199,7 @@ For each check you perform from the list above (Transport, Rate Limiting, Sessio When you have systematically analyzed all relevant endpoints and logic paths, you MUST generate two final files. Follow these instructions precisely. **1. Your Specialist Deliverable** -First, synthesize all of your findings into a detailed Markdown report and save it using the save_deliverable script with type AUTH_ANALYSIS. +First, synthesize all of your findings into a detailed Markdown report and save it using the save-deliverable CLI with --type AUTH_ANALYSIS. Your report MUST use the following structure precisely: --- @@ -242,9 +239,9 @@ These components were analyzed and found to have robust defenses. They are low-p **Exploitation Queue (MANDATORY)** -Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save_deliverable MCP tool: -- **If vulnerabilities found:** Use `save_deliverable` MCP tool with `deliverable_type: "AUTH_QUEUE"` and `content: {"vulnerabilities": [...]}` with each confirmed hypothesis following the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access. -- **If no vulnerabilities found:** Use `save_deliverable` MCP tool with `deliverable_type: "AUTH_QUEUE"` and `content: {"vulnerabilities": []}`. +Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save-deliverable CLI tool: +- **If vulnerabilities found:** Run save-deliverable CLI with `--type AUTH_QUEUE --content '{"vulnerabilities": [...]}'` with each confirmed hypothesis following the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access. +- **If no vulnerabilities found:** Run save-deliverable CLI with `--type AUTH_QUEUE --content '{"vulnerabilities": []}'`. - **QUEUE INCLUSION CRITERIA:** ONLY include vulnerabilities where `externally_exploitable = true`. Exclude any vulnerability requiring internal network access, VPN, or direct server access. This file serves as the handoff mechanism and must always be created to signal completion. @@ -253,14 +250,14 @@ This file serves as the handoff mechanism and must always be created to signal c **COMPLETION REQUIREMENTS (ALL must be satisfied):** 1. **Systematic Analysis:** ALL relevant API endpoints and user-facing features identified in the reconnaissance deliverable must be analyzed for AuthN/AuthZ flaws. -2. **Deliverable Generation:** Both required deliverables must be successfully saved using save_deliverable MCP tool: +2. **Deliverable Generation:** Both required deliverables must be successfully saved using the save-deliverable CLI tool: - **CHUNKED WRITING (MANDATORY):** 1. Use the **Write** tool to create `deliverables/auth_analysis_deliverable.md` with the title and first major section 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content 3. Repeat step 2 for all remaining sections - 4. Call `save_deliverable` with `deliverable_type: "AUTH_ANALYSIS"` and `file_path: "deliverables/auth_analysis_deliverable.md"` + 4. Run `save-deliverable` with `--type AUTH_ANALYSIS --file-path "deliverables/auth_analysis_deliverable.md"` **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. - - Exploitation queue: Use `save_deliverable` MCP tool with `deliverable_type: "AUTH_QUEUE"` and `content: {"vulnerabilities": [...]}` + - Exploitation queue: Run save-deliverable CLI with `--type AUTH_QUEUE --content '{"vulnerabilities": [...]}'` **ONLY AFTER** both systematic analysis AND successful deliverable generation, announce "**AUTH ANALYSIS COMPLETE**" and stop. diff --git a/apps/worker/prompts/vuln-authz.txt b/apps/worker/prompts/vuln-authz.txt index f096ec4..e3a3f49 100644 --- a/apps/worker/prompts/vuln-authz.txt +++ b/apps/worker/prompts/vuln-authz.txt @@ -71,7 +71,7 @@ An **exploitable vulnerability** is a logical flaw in the code that represents a - + **CRITICAL TOOL USAGE RESTRICTIONS:** - NEVER use the Read tool for application source code analysis—delegate every code review to the Task Agent. @@ -80,23 +80,20 @@ An **exploitable vulnerability** is a logical flaw in the code that represents a **Available Tools:** - **Task Agent (Code Analysis):** Your primary tool. Use it to ask targeted questions about the source code, trace authorization logic paths, and understand permission models. MANDATORY for all source code analysis. -- **save_deliverable (MCP Tool):** Saves deliverable files with automatic validation. - - **Parameters:** - - `deliverable_type`: "AUTHZ_ANALYSIS" or "AUTHZ_QUEUE" (required) - - `file_path`: Path to the file you wrote to disk (preferred for large reports) - - `content`: Inline content string (use only for small content like JSON queues) - - **Returns:** `{ status: "success", filepath: "...", validated: true/false }` on success or `{ status: "error", message: "...", errorType: "...", retryable: true/false }` on failure - - **Usage:** For analysis reports, write to disk first then call with `file_path`. For JSON queues, you may pass inline `content`. Queue files must have `{"vulnerabilities": [...]}` structure and will be validated automatically. - - **WARNING:** Do NOT pass large reports as inline `content` — this will exceed output token limits and cause agent failure. Always use `file_path` for analysis reports. +- **save-deliverable (CLI Tool):** Saves your deliverable files with automatic validation. + - **Usage:** `save-deliverable --type --file-path ` or `--content ''` + - **Returns:** JSON to stdout: `{"status":"success","filepath":"...","validated":true}` or `{"status":"error","message":"...","retryable":true}` + - **For large reports:** Write to disk first, then use `--file-path`. Do NOT pass large reports via `--content`. + - **For JSON queues:** You may use `--content '{"vulnerabilities": [...]}'`. Queue files are validated automatically. - **Bash tool:** Use for creating directories, copying files, and other shell commands as needed. -- **{{MCP_SERVER}} (Playwright):** To interact with the live web application to understand multi-step flows and role-based access controls. +- **Browser Automation (playwright-cli skill):** For browser interactions with the live web application (multi-step flows and role-based access controls), invoke the `playwright-cli` skill to learn available commands. Always pass `-s={{PLAYWRIGHT_SESSION}}` to every command for session isolation. - **TodoWrite Tool:** Use this to create and manage your analysis task list. Create a todo item for each endpoint that needs authorization analysis. Mark items as "in_progress" when working on them and "completed" when done. - + -**Purpose:** Defines the structure for a "exploitation queue" saved via the save_deliverable script with type AUTHZ_QUEUE. +**Purpose:** Defines the structure for a "exploitation queue" saved via the save-deliverable CLI with --type AUTHZ_QUEUE. **Structure:** The `vulnerability` JSON object MUST follow this exact format: { "ID": "unique ID for each vulnerability (e.g., AUTHZ-VULN-01)", @@ -241,7 +238,7 @@ An **exploitable vulnerability** is a logical flaw in the code that represents a For each analysis you perform from the lists above, you must make a final **verdict**: -- If the verdict is **`vulnerable`**, you must document the finding using the save_deliverable script to update the exploitation queue. +- If the verdict is **`vulnerable`**, you must document the finding using the save-deliverable CLI to update the exploitation queue. - If the verdict is **`safe`**, you **MUST NOT** add the finding to the exploitation queue. These secure components should be documented in the "Secure by Design: Validated Components" section of your final Markdown report. @@ -279,7 +276,7 @@ When you have systematically analyzed all relevant endpoints and logic paths, yo **1. Your Specialist Deliverable** -First, synthesize all of your findings into a single, detailed Markdown report and save it using the save_deliverable script with type AUTHZ_ANALYSIS. This report is the official record of your work. +First, synthesize all of your findings into a single, detailed Markdown report and save it using the save-deliverable CLI with --type AUTHZ_ANALYSIS. This report is the official record of your work. Your report MUST use the following structure precisely: @@ -345,9 +342,9 @@ examples: **Exploitation Queue (MANDATORY)** -Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save_deliverable MCP tool: -- **If vulnerabilities found:** Use `save_deliverable` MCP tool with `deliverable_type: "AUTHZ_QUEUE"` and `content: {"vulnerabilities": [...]}` with each confirmed hypothesis following the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access. -- **If no vulnerabilities found:** Use `save_deliverable` MCP tool with `deliverable_type: "AUTHZ_QUEUE"` and `content: {"vulnerabilities": []}`. +Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save-deliverable CLI tool: +- **If vulnerabilities found:** Run save-deliverable CLI with `--type AUTHZ_QUEUE --content '{"vulnerabilities": [...]}'` with each confirmed hypothesis following the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access. +- **If no vulnerabilities found:** Run save-deliverable CLI with `--type AUTHZ_QUEUE --content '{"vulnerabilities": []}'`. - **QUEUE INCLUSION CRITERIA:** ONLY include vulnerabilities where `externally_exploitable = true`. Exclude any vulnerability requiring internal network access, VPN, or direct server access. This file serves as the handoff mechanism and must always be created to signal completion. @@ -356,14 +353,14 @@ This file serves as the handoff mechanism and must always be created to signal c **COMPLETION REQUIREMENTS (ALL must be satisfied):** 1. **Todo Completion:** ALL tasks in your TodoWrite list must be marked as "completed" -2. **Deliverable Generation:** Both required deliverables must be successfully saved using save_deliverable MCP tool: +2. **Deliverable Generation:** Both required deliverables must be successfully saved using the save-deliverable CLI tool: - **CHUNKED WRITING (MANDATORY):** 1. Use the **Write** tool to create `deliverables/authz_analysis_deliverable.md` with the title and first major section 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content 3. Repeat step 2 for all remaining sections - 4. Call `save_deliverable` with `deliverable_type: "AUTHZ_ANALYSIS"` and `file_path: "deliverables/authz_analysis_deliverable.md"` + 4. Run `save-deliverable` with `--type AUTHZ_ANALYSIS --file-path "deliverables/authz_analysis_deliverable.md"` **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. - - Exploitation queue: Use `save_deliverable` MCP tool with `deliverable_type: "AUTHZ_QUEUE"` and `content: {"vulnerabilities": [...]}` + - Exploitation queue: Run save-deliverable CLI with `--type AUTHZ_QUEUE --content '{"vulnerabilities": [...]}'` **ONLY AFTER** both todo completion AND successful deliverable generation, announce "**AUTHORIZATION ANALYSIS COMPLETE**" and stop. diff --git a/apps/worker/prompts/vuln-injection.txt b/apps/worker/prompts/vuln-injection.txt index a8577df..1fc15b0 100644 --- a/apps/worker/prompts/vuln-injection.txt +++ b/apps/worker/prompts/vuln-injection.txt @@ -71,7 +71,7 @@ An **exploitable vulnerability** is a confirmed source-to-sink path where the en - + **CRITICAL TOOL USAGE RESTRICTIONS:** - NEVER use the Read tool for application source code analysis—delegate every code review to the Task Agent. @@ -80,23 +80,20 @@ An **exploitable vulnerability** is a confirmed source-to-sink path where the en **Available Tools:** - **Task Agent (Code Analysis):** Your primary tool. Use it to ask targeted questions about the source code, map query/command construction paths, and verify sanitization coverage. MANDATORY for all source code analysis. -- **save_deliverable (MCP Tool):** Saves deliverable files with automatic validation. - - **Parameters:** - - `deliverable_type`: "INJECTION_ANALYSIS" or "INJECTION_QUEUE" (required) - - `file_path`: Path to the file you wrote to disk (preferred for large reports) - - `content`: Inline content string (use only for small content like JSON queues) - - **Returns:** `{ status: "success", filepath: "...", validated: true/false }` on success or `{ status: "error", message: "...", errorType: "...", retryable: true/false }` on failure - - **Usage:** For analysis reports, write to disk first then call with `file_path`. For JSON queues, you may pass inline `content`. Queue files must have `{"vulnerabilities": [...]}` structure and will be validated automatically. - - **WARNING:** Do NOT pass large reports as inline `content` — this will exceed output token limits and cause agent failure. Always use `file_path` for analysis reports. +- **save-deliverable (CLI Tool):** Saves your deliverable files with automatic validation. + - **Usage:** `save-deliverable --type --file-path ` or `--content ''` + - **Returns:** JSON to stdout: `{"status":"success","filepath":"...","validated":true}` or `{"status":"error","message":"...","retryable":true}` + - **For large reports:** Write to disk first, then use `--file-path`. Do NOT pass large reports via `--content`. + - **For JSON queues:** You may use `--content '{"vulnerabilities": [...]}'`. Queue files are validated automatically. - **Bash tool:** Use for creating directories, copying files, and other shell commands as needed. -- **{{MCP_SERVER}} (Playwright):** To interact with the live web application to understand multi-step flows like password reset or registration. +- **Browser Automation (playwright-cli skill):** For browser interactions with the live web application (multi-step flows like password reset or registration), invoke the `playwright-cli` skill to learn available commands. Always pass `-s={{PLAYWRIGHT_SESSION}}` to every command for session isolation. - **TodoWrite Tool:** Use this to create and manage your analysis task list. Create a todo item for each injection source that needs analysis. Mark items as "in_progress" when working on them and "completed" when done. - + - **Purpose:** Defines the structure for a "exploitation queue" saved via the save_deliverable script with type INJECTION_QUEUE. + **Purpose:** Defines the structure for a "exploitation queue" saved via the save-deliverable CLI with --type INJECTION_QUEUE. **Structure:** The `vulnerability` JSON object MUST follow this exact format: { @@ -351,10 +348,10 @@ These input vectors were traced and confirmed to have robust, context-appropriat **Exploitation Queue (MANDATORY)** -Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save_deliverable MCP tool: +Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save-deliverable CLI tool: -- **If vulnerabilities found:** Use `save_deliverable` MCP tool with `deliverable_type: "INJECTION_QUEUE"` and `content: {"vulnerabilities": [...]}` with each exploitable injection vulnerability (verdict: "vulnerable") following the exploitation_queue_format -- **If no vulnerabilities found:** Use `save_deliverable` MCP tool with `deliverable_type: "INJECTION_QUEUE"` and `content: {"vulnerabilities": []}` +- **If vulnerabilities found:** Run save-deliverable CLI with `--type INJECTION_QUEUE --content '{"vulnerabilities": [...]}'` with each exploitable injection vulnerability (verdict: "vulnerable") following the exploitation_queue_format +- **If no vulnerabilities found:** Run save-deliverable CLI with `--type INJECTION_QUEUE --content '{"vulnerabilities": []}'` This file serves as the handoff mechanism to the Exploitation phase and must always be created to signal completion of your analysis. @@ -363,14 +360,14 @@ This file serves as the handoff mechanism to the Exploitation phase and must alw **COMPLETION REQUIREMENTS (ALL must be satisfied):** 1. **Todo Completion:** ALL tasks in your TodoWrite list must be marked as "completed" -2. **Deliverable Generation:** Both required deliverables must be successfully saved using save_deliverable MCP tool: +2. **Deliverable Generation:** Both required deliverables must be successfully saved using the save-deliverable CLI tool: - **CHUNKED WRITING (MANDATORY):** 1. Use the **Write** tool to create `deliverables/injection_analysis_deliverable.md` with the title and first major section 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content 3. Repeat step 2 for all remaining sections - 4. Call `save_deliverable` with `deliverable_type: "INJECTION_ANALYSIS"` and `file_path: "deliverables/injection_analysis_deliverable.md"` + 4. Run `save-deliverable` with `--type INJECTION_ANALYSIS --file-path "deliverables/injection_analysis_deliverable.md"` **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. - - Exploitation queue: Use `save_deliverable` MCP tool with `deliverable_type: "INJECTION_QUEUE"` and `content: {"vulnerabilities": [...]}` + - Exploitation queue: Run save-deliverable CLI with `--type INJECTION_QUEUE --content '{"vulnerabilities": [...]}'` **ONLY AFTER** both todo completion AND successful deliverable generation, announce "**INJECTION ANALYSIS COMPLETE**" and stop. diff --git a/apps/worker/prompts/vuln-ssrf.txt b/apps/worker/prompts/vuln-ssrf.txt index e4c707a..1426024 100644 --- a/apps/worker/prompts/vuln-ssrf.txt +++ b/apps/worker/prompts/vuln-ssrf.txt @@ -67,7 +67,7 @@ An **exploitable vulnerability** is a data flow where user-controlled input infl - + **CRITICAL TOOL USAGE RESTRICTIONS:** - NEVER use the Read tool for application source code analysis—delegate every code review to the Task Agent. @@ -76,23 +76,20 @@ An **exploitable vulnerability** is a data flow where user-controlled input infl **Available Tools:** - **Task Agent (Code Analysis):** Your primary tool. Use it to ask targeted questions about the source code, trace data flows, and understand HTTP client usage. MANDATORY for all source code analysis. -- **save_deliverable (MCP Tool):** Saves deliverable files with automatic validation. - - **Parameters:** - - `deliverable_type`: "SSRF_ANALYSIS" or "SSRF_QUEUE" (required) - - `file_path`: Path to the file you wrote to disk (preferred for large reports) - - `content`: Inline content string (use only for small content like JSON queues) - - **Returns:** `{ status: "success", filepath: "...", validated: true/false }` on success or `{ status: "error", message: "...", errorType: "...", retryable: true/false }` on failure - - **Usage:** For analysis reports, write to disk first then call with `file_path`. For JSON queues, you may pass inline `content`. Queue files must have `{"vulnerabilities": [...]}` structure and will be validated automatically. - - **WARNING:** Do NOT pass large reports as inline `content` — this will exceed output token limits and cause agent failure. Always use `file_path` for analysis reports. +- **save-deliverable (CLI Tool):** Saves your deliverable files with automatic validation. + - **Usage:** `save-deliverable --type --file-path ` or `--content ''` + - **Returns:** JSON to stdout: `{"status":"success","filepath":"...","validated":true}` or `{"status":"error","message":"...","retryable":true}` + - **For large reports:** Write to disk first, then use `--file-path`. Do NOT pass large reports via `--content`. + - **For JSON queues:** You may use `--content '{"vulnerabilities": [...]}'`. Queue files are validated automatically. - **Bash tool:** Use for creating directories, copying files, and other shell commands as needed. -- **{{MCP_SERVER}} (Playwright):** To interact with the live web application to understand multi-step flows that might involve URL redirection or proxy functionality. +- **Browser Automation (playwright-cli skill):** For browser interactions with the live web application (multi-step flows involving URL redirection or proxy functionality), invoke the `playwright-cli` skill to learn available commands. Always pass `-s={{PLAYWRIGHT_SESSION}}` to every command for session isolation. - **TodoWrite Tool:** Use this to create and manage your analysis task list. Create a todo item for each SSRF sink that needs analysis. Mark items as "in_progress" when working on them and "completed" when done. - + -**Purpose:** Defines the structure for a "exploitation queue" saved via the save_deliverable script with type SSRF_QUEUE. +**Purpose:** Defines the structure for a "exploitation queue" saved via the save-deliverable CLI with --type SSRF_QUEUE. **Structure:** The `vulnerability` JSON object MUST follow this exact format: { "ID": "unique ID for each vulnerability json (SSRF-VULN-XX)", @@ -231,7 +228,7 @@ Rule: when uncertain, round down (favor Medium/Low) to minimize false positives. # Documenting Findings (MANDATORY) For each check you perform from the list above, you must make a final **verdict**. -- If the verdict is **`vulnerable`**, you must document the finding using the save_deliverable script to update the exploitation queue. +- If the verdict is **`vulnerable`**, you must document the finding using the save-deliverable CLI to update the exploitation queue. - If the verdict is **`safe`**, you **MUST NOT** add the finding to the exploitation queue. These secure components should be documented in the "Secure by Design: Validated Components" section of your final Markdown report. @@ -249,7 +246,7 @@ For each check you perform from the list above, you must make a final **verdict* When you have systematically analyzed all relevant endpoints and request-making functions, you MUST generate two final files. Follow these instructions precisely. **1. Your Specialist Deliverable** -First, synthesize all of your findings into a detailed Markdown report and save it using the save_deliverable script with type SSRF_ANALYSIS. +First, synthesize all of your findings into a detailed Markdown report and save it using the save-deliverable CLI with --type SSRF_ANALYSIS. Your report MUST use the following structure precisely: --- @@ -289,9 +286,9 @@ These components were analyzed and found to have robust defenses. They are low-p **Exploitation Queue (MANDATORY)** -Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save_deliverable MCP tool: -- **If vulnerabilities found:** Use `save_deliverable` MCP tool with `deliverable_type: "SSRF_QUEUE"` and `content: {"vulnerabilities": [...]}` with each confirmed hypothesis following the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access. -- **If no vulnerabilities found:** Use `save_deliverable` MCP tool with `deliverable_type: "SSRF_QUEUE"` and `content: {"vulnerabilities": []}`. +Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save-deliverable CLI tool: +- **If vulnerabilities found:** Run save-deliverable CLI with `--type SSRF_QUEUE --content '{"vulnerabilities": [...]}'` with each confirmed hypothesis following the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access. +- **If no vulnerabilities found:** Run save-deliverable CLI with `--type SSRF_QUEUE --content '{"vulnerabilities": []}'`. - **QUEUE INCLUSION CRITERIA:** ONLY include vulnerabilities where `externally_exploitable = true`. Exclude any vulnerability requiring internal network access, VPN, or direct server access. This file serves as the handoff mechanism and must always be created to signal completion. @@ -300,14 +297,14 @@ This file serves as the handoff mechanism and must always be created to signal c **COMPLETION REQUIREMENTS (ALL must be satisfied):** 1. **Systematic Analysis:** ALL relevant API endpoints and request-making features identified in the reconnaissance deliverable must be analyzed for SSRF vulnerabilities. -2. **Deliverable Generation:** Both required deliverables must be successfully saved using save_deliverable MCP tool: +2. **Deliverable Generation:** Both required deliverables must be successfully saved using the save-deliverable CLI tool: - **CHUNKED WRITING (MANDATORY):** 1. Use the **Write** tool to create `deliverables/ssrf_analysis_deliverable.md` with the title and first major section 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content 3. Repeat step 2 for all remaining sections - 4. Call `save_deliverable` with `deliverable_type: "SSRF_ANALYSIS"` and `file_path: "deliverables/ssrf_analysis_deliverable.md"` + 4. Run `save-deliverable` with `--type SSRF_ANALYSIS --file-path "deliverables/ssrf_analysis_deliverable.md"` **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. - - Exploitation queue: Use `save_deliverable` MCP tool with `deliverable_type: "SSRF_QUEUE"` and `content: {"vulnerabilities": [...]}` + - Exploitation queue: Run save-deliverable CLI with `--type SSRF_QUEUE --content '{"vulnerabilities": [...]}'` **ONLY AFTER** both systematic analysis AND successful deliverable generation, announce "**SSRF ANALYSIS COMPLETE**" and stop. diff --git a/apps/worker/prompts/vuln-xss.txt b/apps/worker/prompts/vuln-xss.txt index 12980e8..03320d1 100644 --- a/apps/worker/prompts/vuln-xss.txt +++ b/apps/worker/prompts/vuln-xss.txt @@ -68,7 +68,7 @@ An **exploitable vulnerability** is a confirmed source-to-sink path where the en - + **CRITICAL TOOL USAGE RESTRICTIONS:** - NEVER use the Read tool for application source code analysis - ALWAYS delegate to Task agents for examining .js, .ts, .py, .php files and application logic. You MAY use Read @@ -79,23 +79,20 @@ An **exploitable vulnerability** is a confirmed source-to-sink path where the en **Available Tools:** - **Task Agent (Code Analysis):** MANDATORY for all source code analysis and data flow tracing. Use this instead of Read tool for examining application code, models, controllers, and templates. - **Terminal (curl):** MANDATORY for testing HTTP-based XSS vectors and observing raw HTML responses. Use for reflected XSS testing and JSONP injection testing. -- **{{MCP_SERVER}} (Playwright):** MANDATORY for testing DOM-based XSS and form submission vectors. Use for stored XSS testing and client-side payload execution verification. +- **Browser Automation (playwright-cli skill):** MANDATORY for testing DOM-based XSS and form submission vectors. Invoke the `playwright-cli` skill to learn available commands. Use for stored XSS testing and client-side payload execution verification. Always pass `-s={{PLAYWRIGHT_SESSION}}` to every command for session isolation. - **TodoWrite Tool:** Use this to create and manage your analysis task list. Create a todo item for each sink you need to analyze. -- **save_deliverable (MCP Tool):** Saves deliverable files with automatic validation. - - **Parameters:** - - `deliverable_type`: "XSS_ANALYSIS" or "XSS_QUEUE" (required) - - `file_path`: Path to the file you wrote to disk (preferred for large reports) - - `content`: Inline content string (use only for small content like JSON queues) - - **Returns:** `{ status: "success", filepath: "...", validated: true/false }` on success or `{ status: "error", message: "...", errorType: "...", retryable: true/false }` on failure - - **Usage:** For analysis reports, write to disk first then call with `file_path`. For JSON queues, you may pass inline `content`. Queue files must have `{"vulnerabilities": [...]}` structure and will be validated automatically. - - **WARNING:** Do NOT pass large reports as inline `content` — this will exceed output token limits and cause agent failure. Always use `file_path` for analysis reports. +- **save-deliverable (CLI Tool):** Saves your deliverable files with automatic validation. + - **Usage:** `save-deliverable --type --file-path ` or `--content ''` + - **Returns:** JSON to stdout: `{"status":"success","filepath":"...","validated":true}` or `{"status":"error","message":"...","retryable":true}` + - **For large reports:** Write to disk first, then use `--file-path`. Do NOT pass large reports via `--content`. + - **For JSON queues:** You may use `--content '{"vulnerabilities": [...]}'`. Queue files are validated automatically. - **Bash tool:** Use for creating directories, copying files, and other shell commands as needed. - + -Purpose: Defines the structure for a "exploitation queue" saved via the save_deliverable script with type XSS_QUEUE. +Purpose: Defines the structure for a "exploitation queue" saved via the save-deliverable CLI with --type XSS_QUEUE. Structure: The vulnerability JSON object MUST follow this exact format: { "ID": "unique ID for each vulnerability json (XSS-VULN-XX)", @@ -180,7 +177,7 @@ This rulebook is used for the **Early Termination** check in Step 2. - Include both safe and vulnerable paths to demonstrate **full coverage**. - Craft a minimal `witness_payload` that proves control over the render context. - For every path analyzed, you must document the outcome. The location of the documentation depends on the verdict: - - If the verdict is 'vulnerable', you MUST use the save_deliverable script to save the finding to the exploitation queue, including complete source-to-sink information. + - If the verdict is 'vulnerable', you MUST use the save-deliverable CLI to save the finding to the exploitation queue, including complete source-to-sink information. - If the verdict is 'safe', you MUST NOT add it to the exploitation queue. Instead, you will document these secure paths in the "Vectors Analyzed and Confirmed Secure" table of your final analysis report. - For vulnerable findings, craft a minimal witness_payload that proves control over the render context. @@ -272,13 +269,13 @@ These input vectors were traced and confirmed to have robust, context-appropriat ## Exploitation Queue (MANDATORY) -Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save_deliverable MCP tool. +Regardless of whether vulnerabilities are found, you MUST create the exploitation queue using the save-deliverable CLI tool. - **If exploitable vulnerabilities found:** - Use `save_deliverable` MCP tool with `deliverable_type: "XSS_QUEUE"` and `content: {"vulnerabilities": [...]}` with each exploitable XSS vulnerability (verdict: "vulnerable") following the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access. + Run save-deliverable CLI with `--type XSS_QUEUE --content '{"vulnerabilities": [...]}'` with each exploitable XSS vulnerability (verdict: "vulnerable") following the `exploitation_queue_format`. Set `externally_exploitable` to `true` ONLY if exploitable via public internet without internal access. - **If no exploitable vulnerabilities found:** - Use `save_deliverable` MCP tool with `deliverable_type: "XSS_QUEUE"` and `content: {"vulnerabilities": []}` + Run save-deliverable CLI with `--type XSS_QUEUE --content '{"vulnerabilities": []}'` - **QUEUE INCLUSION CRITERIA:** ONLY include vulnerabilities where `externally_exploitable = true`. Exclude any vulnerability requiring internal network access, VPN, or direct server access. @@ -289,14 +286,14 @@ This file is the mandatory handoff to the Exploitation phase. COMPLETION REQUIREMENTS (ALL must be satisfied): 1. Systematic Analysis: ALL input vectors identified from the reconnaissance deliverable must be analyzed. -2. Deliverable Generation: Both required deliverables must be successfully saved using save_deliverable MCP tool: +2. Deliverable Generation: Both required deliverables must be successfully saved using the save-deliverable CLI tool: - **CHUNKED WRITING (MANDATORY):** 1. Use the **Write** tool to create `deliverables/xss_analysis_deliverable.md` with the title and first major section 2. Use the **Edit** tool to append each remaining section — match the last few lines of the file, then replace with those lines plus the new section content 3. Repeat step 2 for all remaining sections - 4. Call `save_deliverable` with `deliverable_type: "XSS_ANALYSIS"` and `file_path: "deliverables/xss_analysis_deliverable.md"` + 4. Run `save-deliverable` with `--type XSS_ANALYSIS --file-path "deliverables/xss_analysis_deliverable.md"` **WARNING:** Do NOT write the entire report in a single tool call — exceeds 32K output token limit. Split into multiple Write/Edit operations. - - Exploitation queue: Use `save_deliverable` MCP tool with `deliverable_type: "XSS_QUEUE"` and `content: {"vulnerabilities": [...]}` + - Exploitation queue: Run save-deliverable CLI with `--type XSS_QUEUE --content '{"vulnerabilities": [...]}'` ONLY AFTER both systematic analysis AND successful deliverable generation, announce "XSS ANALYSIS COMPLETE" and stop. diff --git a/apps/worker/src/ai/claude-executor.ts b/apps/worker/src/ai/claude-executor.ts index 3c159c5..2417e85 100644 --- a/apps/worker/src/ai/claude-executor.ts +++ b/apps/worker/src/ai/claude-executor.ts @@ -7,13 +7,11 @@ // Production Claude agent execution with retry, git checkpoints, and audit logging import { query } from '@anthropic-ai/claude-agent-sdk'; -import { createShannonHelperServer } from '@shannon/mcp-server'; import { fs, path } from 'zx'; import type { AuditSession } from '../audit/index.js'; import { isRetryableError, PentestError } from '../services/error-handling.js'; -import { AGENT_VALIDATORS, AGENTS, MCP_AGENT_MAPPING } from '../session-manager.js'; +import { AGENT_VALIDATORS } from '../session-manager.js'; import type { ActivityLogger } from '../types/activity-logger.js'; -import type { AgentName } from '../types/index.js'; import { isSpendingCapBehavior } from '../utils/billing-detection.js'; import { formatTimestamp } from '../utils/formatting.js'; import { Timer } from '../utils/metrics.js'; @@ -43,89 +41,6 @@ export interface ClaudePromptResult { retryable?: boolean | undefined; } -interface StdioMcpServer { - type: 'stdio'; - command: string; - args: string[]; - env: Record; -} - -type McpServer = ReturnType | StdioMcpServer; - -// Configures MCP servers for agent execution, with Docker-specific Chromium handling -function buildMcpServers( - sourceDir: string, - agentName: string | null, - logger: ActivityLogger, -): Record { - // 1. Create the shannon-helper server (always present) - const shannonHelperServer = createShannonHelperServer(sourceDir); - - const mcpServers: Record = { - 'shannon-helper': shannonHelperServer, - }; - - // 2. Look up the agent's Playwright MCP mapping - if (agentName) { - const promptTemplate = AGENTS[agentName as AgentName].promptTemplate; - const playwrightMcpName = MCP_AGENT_MAPPING[promptTemplate as keyof typeof MCP_AGENT_MAPPING] || null; - - if (playwrightMcpName) { - logger.info(`Assigned ${agentName} -> ${playwrightMcpName}`); - - const userDataDir = `/tmp/${playwrightMcpName}`; - - // 3. Configure Playwright MCP args with Docker/local browser handling - const isDocker = process.env.SHANNON_DOCKER === 'true'; - - const mcpArgs: string[] = ['@playwright/mcp@0.0.68', '--isolated', '--user-data-dir', userDataDir]; - - if (isDocker) { - mcpArgs.push('--executable-path', '/usr/bin/chromium-browser'); - mcpArgs.push('--browser', 'chromium'); - } - - // NOTE: Explicit allowlist — the Playwright MCP subprocess must not inherit - // secrets (API keys, AWS tokens) from the parent process. - const MCP_ENV_ALLOWLIST = [ - 'PATH', - 'HOME', - 'NODE_PATH', - 'DISPLAY', - 'PLAYWRIGHT_CHROMIUM_EXECUTABLE_PATH', - ] as const; - - const envVars: Record = { - PLAYWRIGHT_HEADLESS: 'true', - ...(isDocker && { PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: '1' }), - }; - - for (const key of MCP_ENV_ALLOWLIST) { - const val = process.env[key]; - if (val) { - envVars[key] = val; - } - } - - for (const [key, value] of Object.entries(process.env)) { - if (key.startsWith('XDG_') && value !== undefined) { - envVars[key] = value; - } - } - - mcpServers[playwrightMcpName] = { - type: 'stdio' as const, - command: 'npx', - args: mcpArgs, - env: envVars, - }; - } - } - - // 4. Return configured servers - return mcpServers; -} - function outputLines(lines: string[]): void { for (const line of lines) { console.log(line); @@ -213,7 +128,7 @@ export async function runClaudePrompt( sourceDir: string, context: string = '', description: string = 'Claude analysis', - agentName: string | null = null, + _agentName: string | null = null, auditSession: AuditSession | null = null, logger: ActivityLogger, modelTier: ModelTier = 'medium', @@ -232,10 +147,7 @@ export async function runClaudePrompt( logger.info(`Running Claude Code: ${description}...`); - // 3. Configure MCP servers - const mcpServers = buildMcpServers(sourceDir, agentName, logger); - - // 4. Build env vars to pass to SDK subprocesses + // 3. Build env vars to pass to SDK subprocesses const sdkEnv: Record = { CLAUDE_CODE_MAX_OUTPUT_TOKENS: process.env.CLAUDE_CODE_MAX_OUTPUT_TOKENS || '64000', }; @@ -254,6 +166,9 @@ export async function runClaudePrompt( 'ANTHROPIC_SMALL_MODEL', 'ANTHROPIC_MEDIUM_MODEL', 'ANTHROPIC_LARGE_MODEL', + 'HOME', + 'PATH', + 'PLAYWRIGHT_MCP_EXECUTABLE_PATH', ]; for (const name of passthroughVars) { const val = process.env[name]; @@ -262,14 +177,14 @@ export async function runClaudePrompt( } } - // 5. Configure SDK options + // 4. Configure SDK options const options = { model: resolveModel(modelTier), maxTurns: 10_000, cwd: sourceDir, permissionMode: 'bypassPermissions' as const, allowDangerouslySkipPermissions: true, - mcpServers, + settingSources: ['user'] as ('user' | 'project' | 'local')[], env: sdkEnv, }; diff --git a/apps/worker/src/ai/message-handlers.ts b/apps/worker/src/ai/message-handlers.ts index 7ff725c..f047292 100644 --- a/apps/worker/src/ai/message-handlers.ts +++ b/apps/worker/src/ai/message-handlers.ts @@ -308,10 +308,6 @@ export async function dispatchMessage( const actualModel = getActualModelName(initMsg.model); if (!execContext.useCleanOutput) { logger.info(`Model: ${actualModel}, Permission: ${initMsg.permissionMode}`); - if (initMsg.mcp_servers && initMsg.mcp_servers.length > 0) { - const mcpStatus = initMsg.mcp_servers.map((s) => `${s.name}(${s.status})`).join(', '); - logger.info(`MCP: ${mcpStatus}`); - } } // Return actual model for tracking in audit logs return { type: 'continue', model: actualModel }; diff --git a/apps/worker/src/ai/output-formatters.ts b/apps/worker/src/ai/output-formatters.ts index 8a0b2ed..c960fb4 100644 --- a/apps/worker/src/ai/output-formatters.ts +++ b/apps/worker/src/ai/output-formatters.ts @@ -16,6 +16,7 @@ interface ToolCallInput { text?: string; action?: string; description?: string; + command?: string; todos?: Array<{ status: string; content: string; @@ -76,6 +77,80 @@ function extractDomain(url: string): string { } } +/** + * Format playwright-cli commands into clean progress indicators + */ +function formatBrowserAction(command: string): string | null { + // Extract subcommand after optional session flag (e.g., "playwright-cli -s=session1 navigate https://example.com") + const match = command.match(/playwright-cli\s+(?:-s=\S+\s+)?(\S+)(?:\s+(.*))?/); + if (!match) return null; + + const subcommand = match[1]; + const args = match[2] || ''; + + switch (subcommand) { + case 'open': + case 'goto': { + const domain = args.trim() ? extractDomain(args.trim()) : ''; + return domain ? `🌐 Navigating to ${domain}` : '🌐 Opening browser'; + } + case 'go-back': + return '⬅️ Going back'; + case 'go-forward': + return '➡️ Going forward'; + case 'reload': + return '🔄 Reloading page'; + case 'click': + case 'dblclick': + return `🖱️ Clicking ${(args || 'element').slice(0, 25)}`; + case 'hover': + return `👆 Hovering over ${(args || 'element').slice(0, 20)}`; + case 'type': + return `⌨️ Typing ${(args || 'text').slice(0, 20)}`; + case 'press': + case 'keydown': + case 'keyup': + return `⌨️ Pressing ${args || 'key'}`; + case 'fill': + return `📝 Filling ${(args || 'field').slice(0, 25)}`; + case 'select': + return '📋 Selecting dropdown option'; + case 'check': + case 'uncheck': + return `☑️ ${subcommand === 'check' ? 'Checking' : 'Unchecking'} ${(args || 'element').slice(0, 20)}`; + case 'upload': + return '📁 Uploading file'; + case 'drag': + return '🖱️ Dragging element'; + case 'snapshot': + return '📸 Taking page snapshot'; + case 'screenshot': + return '📸 Taking screenshot'; + case 'eval': + case 'run-code': + return '🔍 Running JavaScript analysis'; + case 'console': + return '📜 Checking console logs'; + case 'network': + return '🌐 Analyzing network traffic'; + case 'tab-list': + case 'tab-new': + case 'tab-close': + case 'tab-select': + return `🗂️ ${subcommand.replace('tab-', '')} browser tab`; + case 'dialog-accept': + return '💬 Accepting dialog'; + case 'dialog-dismiss': + return '💬 Dismissing dialog'; + case 'pdf': + return '📄 Saving page as PDF'; + case 'resize': + return `🖥️ Resizing browser ${args || ''}`.trim(); + default: + return `🌐 Browser: ${subcommand}`; + } +} + /** * Summarize TodoWrite updates into clean progress indicators */ @@ -103,104 +178,6 @@ function summarizeTodoUpdate(input: ToolCallInput | undefined): string | null { return null; } -/** - * Format browser tool calls into clean progress indicators - */ -function formatBrowserAction(toolCall: ToolCall): string { - const toolName = toolCall.name; - const input = toolCall.input || {}; - - // Core Browser Operations - if (toolName === 'mcp__playwright__browser_navigate') { - const url = input.url || ''; - const domain = extractDomain(url); - return `🌐 Navigating to ${domain}`; - } - - if (toolName === 'mcp__playwright__browser_navigate_back') { - return `⬅️ Going back`; - } - - // Page Interaction - if (toolName === 'mcp__playwright__browser_click') { - const element = input.element || 'element'; - return `🖱️ Clicking ${element.slice(0, 25)}`; - } - - if (toolName === 'mcp__playwright__browser_hover') { - const element = input.element || 'element'; - return `👆 Hovering over ${element.slice(0, 20)}`; - } - - if (toolName === 'mcp__playwright__browser_type') { - const element = input.element || 'field'; - return `⌨️ Typing in ${element.slice(0, 20)}`; - } - - if (toolName === 'mcp__playwright__browser_press_key') { - const key = input.key || 'key'; - return `⌨️ Pressing ${key}`; - } - - // Form Handling - if (toolName === 'mcp__playwright__browser_fill_form') { - const fieldCount = input.fields?.length || 0; - return `📝 Filling ${fieldCount} form fields`; - } - - if (toolName === 'mcp__playwright__browser_select_option') { - return `📋 Selecting dropdown option`; - } - - if (toolName === 'mcp__playwright__browser_file_upload') { - return `📁 Uploading file`; - } - - // Page Analysis - if (toolName === 'mcp__playwright__browser_snapshot') { - return `📸 Taking page snapshot`; - } - - if (toolName === 'mcp__playwright__browser_take_screenshot') { - return `📸 Taking screenshot`; - } - - if (toolName === 'mcp__playwright__browser_evaluate') { - return `🔍 Running JavaScript analysis`; - } - - // Waiting & Monitoring - if (toolName === 'mcp__playwright__browser_wait_for') { - if (input.text) { - return `⏳ Waiting for "${input.text.slice(0, 20)}"`; - } - return `⏳ Waiting for page response`; - } - - if (toolName === 'mcp__playwright__browser_console_messages') { - return `📜 Checking console logs`; - } - - if (toolName === 'mcp__playwright__browser_network_requests') { - return `🌐 Analyzing network traffic`; - } - - // Tab Management - if (toolName === 'mcp__playwright__browser_tabs') { - const action = input.action || 'managing'; - return `🗂️ ${action} browser tab`; - } - - // Dialog Handling - if (toolName === 'mcp__playwright__browser_handle_dialog') { - return `💬 Handling browser dialog`; - } - - // Fallback for any missed tools - const actionType = toolName.split('_').pop(); - return `🌐 Browser: ${actionType}`; -} - /** * Filter out JSON tool calls from content, with special handling for Task calls */ @@ -241,11 +218,14 @@ export function filterJsonToolCalls(content: string | null | undefined): string continue; } - // Special handling for browser tool calls - if (toolCall.name.startsWith('mcp__playwright__browser_')) { - const browserAction = formatBrowserAction(toolCall); - if (browserAction) { - processedLines.push(browserAction); + // Special handling for browser tool calls (playwright-cli via Bash) + if (toolCall.name === 'Bash') { + const command = toolCall.input?.command || ''; + if (command.includes('playwright-cli')) { + const browserAction = formatBrowserAction(command); + if (browserAction) { + processedLines.push(browserAction); + } } } } catch { diff --git a/apps/worker/src/ai/types.ts b/apps/worker/src/ai/types.ts index d504ab9..ab3e2fa 100644 --- a/apps/worker/src/ai/types.ts +++ b/apps/worker/src/ai/types.ts @@ -92,7 +92,6 @@ export interface SystemInitMessage { subtype: 'init'; model?: string; permissionMode?: string; - mcp_servers?: Array<{ name: string; status: string }>; } export interface UserMessage { diff --git a/apps/worker/src/audit/workflow-logger.ts b/apps/worker/src/audit/workflow-logger.ts index 7c84f53..75cc54d 100644 --- a/apps/worker/src/audit/workflow-logger.ts +++ b/apps/worker/src/audit/workflow-logger.ts @@ -260,22 +260,6 @@ export class WorkflowLogger { return String(p.url); } break; - case 'mcp__playwright__browser_navigate': - if (p.url) { - return String(p.url); - } - break; - case 'mcp__playwright__browser_click': - if (p.selector) { - return this.truncate(String(p.selector), 60); - } - break; - case 'mcp__playwright__browser_type': - if (p.selector) { - const text = p.text ? `: "${this.truncate(String(p.text), 30)}"` : ''; - return `${this.truncate(String(p.selector), 40)}${text}`; - } - break; } // Default: show first string-valued param truncated diff --git a/apps/worker/src/scripts/generate-totp.ts b/apps/worker/src/scripts/generate-totp.ts new file mode 100644 index 0000000..2d3424e --- /dev/null +++ b/apps/worker/src/scripts/generate-totp.ts @@ -0,0 +1,137 @@ +#!/usr/bin/env node + +// Copyright (C) 2025 Keygraph, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License version 3 +// as published by the Free Software Foundation. + +/** + * generate-totp CLI + * + * Generates 6-digit TOTP codes for authentication. + * Replaces the MCP generate_totp tool. + * Based on RFC 6238 (TOTP) and RFC 4226 (HOTP). + * + * Usage: + * generate-totp --secret JBSWY3DPEHPK3PXP + */ + +import { createHmac } from 'node:crypto'; + +// === Base32 Decoding === + +function base32Decode(encoded: string): Buffer { + const alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'; + const cleanInput = encoded.toUpperCase().replace(/[^A-Z2-7]/g, ''); + + if (cleanInput.length === 0) { + throw new Error('TOTP secret is empty after cleaning'); + } + + const output: number[] = []; + let bits = 0; + let value = 0; + + for (const char of cleanInput) { + const index = alphabet.indexOf(char); + if (index === -1) { + throw new Error(`Invalid base32 character: ${char}`); + } + + value = (value << 5) | index; + bits += 5; + + if (bits >= 8) { + output.push((value >>> (bits - 8)) & 255); + bits -= 8; + } + } + + return Buffer.from(output); +} + +// === TOTP Generation (RFC 6238) === + +function generateHOTP(secret: string, counter: number, digits: number = 6): string { + const key = base32Decode(secret); + + // Convert counter to 8-byte buffer (big-endian) + const counterBuffer = Buffer.alloc(8); + counterBuffer.writeBigUInt64BE(BigInt(counter)); + + // Generate HMAC-SHA1 + const hmac = createHmac('sha1', key); + hmac.update(counterBuffer); + const hash = hmac.digest(); + + // Dynamic truncation (SHA-1 always produces 20 bytes) + const lastByte = hash[hash.length - 1] ?? 0; + const offset = lastByte & 0x0f; + const code = + (((hash[offset] ?? 0) & 0x7f) << 24) | + (((hash[offset + 1] ?? 0) & 0xff) << 16) | + (((hash[offset + 2] ?? 0) & 0xff) << 8) | + ((hash[offset + 3] ?? 0) & 0xff); + + return (code % 10 ** digits).toString().padStart(digits, '0'); +} + +function generateTOTP(secret: string, timeStep: number = 30, digits: number = 6): string { + const counter = Math.floor(Date.now() / 1000 / timeStep); + return generateHOTP(secret, counter, digits); +} + +// === Argument Parsing === + +function parseSecret(argv: string[]): string { + for (let i = 2; i < argv.length; i++) { + const next = argv[i + 1]; + if (argv[i] === '--secret' && next) { + return next; + } + } + return ''; +} + +// === Main === + +function main(): void { + const secret = parseSecret(process.argv); + + if (!secret) { + console.log(JSON.stringify({ status: 'error', message: 'Missing required --secret argument', retryable: false })); + process.exit(1); + } + + const base32Regex = /^[A-Z2-7]+$/i; + if (!base32Regex.test(secret)) { + console.log( + JSON.stringify({ + status: 'error', + message: 'Secret must be base32-encoded (characters A-Z and 2-7)', + retryable: false, + }), + ); + process.exit(1); + } + + try { + const totpCode = generateTOTP(secret); + const expiresIn = 30 - (Math.floor(Date.now() / 1000) % 30); + + console.log( + JSON.stringify({ + status: 'success', + totpCode, + expiresIn, + }), + ); + } catch (error) { + const msg = error instanceof Error ? error.message : String(error); + console.log(JSON.stringify({ status: 'error', message: `TOTP generation failed: ${msg}`, retryable: false })); + process.exit(1); + } +} + +main(); diff --git a/apps/worker/src/scripts/save-deliverable.ts b/apps/worker/src/scripts/save-deliverable.ts new file mode 100644 index 0000000..543c061 --- /dev/null +++ b/apps/worker/src/scripts/save-deliverable.ts @@ -0,0 +1,191 @@ +#!/usr/bin/env node + +// Copyright (C) 2025 Keygraph, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License version 3 +// as published by the Free Software Foundation. + +/** + * save-deliverable CLI + * + * Standalone script to save deliverable files with validation. + * Replaces the MCP save_deliverable tool. + * + * Usage: + * node save-deliverable.js --type INJECTION_QUEUE --content '{"vulnerabilities": [...]}' + * node save-deliverable.js --type INJECTION_ANALYSIS --file-path deliverables/injection_analysis_deliverable.md + */ + +import { mkdirSync, readFileSync, writeFileSync } from 'node:fs'; +import { join, resolve } from 'node:path'; +import { DELIVERABLE_FILENAMES, type DeliverableType, isQueueType } from '../types/deliverables.js'; + +// === Argument Parsing === + +interface ParsedArgs { + type: string; + content?: string; + filePath?: string; +} + +function parseArgs(argv: string[]): ParsedArgs { + const args: ParsedArgs = { type: '' }; + + for (let i = 2; i < argv.length; i++) { + const arg = argv[i]; + const next = argv[i + 1]; + + if (arg === '--type' && next) { + args.type = next; + i++; + } else if (arg === '--content' && next) { + args.content = next; + i++; + } else if (arg === '--file-path' && next) { + args.filePath = next; + i++; + } + } + + return args; +} + +// === Queue Validation === + +interface ValidationResult { + valid: boolean; + message?: string; +} + +function validateQueueJson(content: string): ValidationResult { + try { + const parsed = JSON.parse(content) as unknown; + + if (typeof parsed !== 'object' || parsed === null) { + return { + valid: false, + message: `Invalid queue structure: Expected an object. Got: ${typeof parsed}`, + }; + } + + const obj = parsed as Record; + + if (!('vulnerabilities' in obj)) { + return { + valid: false, + message: `Invalid queue structure: Missing 'vulnerabilities' property. Expected: {"vulnerabilities": [...]}`, + }; + } + + if (!Array.isArray(obj.vulnerabilities)) { + return { + valid: false, + message: `Invalid queue structure: 'vulnerabilities' must be an array. Expected: {"vulnerabilities": [...]}`, + }; + } + + return { valid: true }; + } catch (error) { + return { + valid: false, + message: `Invalid JSON: ${error instanceof Error ? error.message : String(error)}`, + }; + } +} + +// === File Operations === + +function saveDeliverableFile(targetDir: string, filename: string, content: string): string { + const deliverablesDir = join(targetDir, 'deliverables'); + const filepath = join(deliverablesDir, filename); + + try { + mkdirSync(deliverablesDir, { recursive: true }); + } catch { + throw new Error(`Cannot create deliverables directory at ${deliverablesDir}`); + } + + writeFileSync(filepath, content, 'utf8'); + return filepath; +} + +// === Main === + +function main(): void { + const args = parseArgs(process.argv); + + // 1. Validate --type + if (!args.type) { + console.log(JSON.stringify({ status: 'error', message: 'Missing required --type argument', retryable: false })); + process.exit(1); + } + + const deliverableType = args.type as DeliverableType; + const filename = DELIVERABLE_FILENAMES[deliverableType]; + + if (!filename) { + console.log( + JSON.stringify({ status: 'error', message: `Unknown deliverable type: ${args.type}`, retryable: false }), + ); + process.exit(1); + } + + // 2. Resolve content from --content or --file-path + let content: string; + + if (args.content) { + content = args.content; + } else if (args.filePath) { + // Path traversal protection: must resolve inside cwd + const cwd = process.cwd(); + const resolved = resolve(cwd, args.filePath); + if (!resolved.startsWith(`${cwd}/`) && resolved !== cwd) { + console.log( + JSON.stringify({ status: 'error', message: `Path traversal detected: ${args.filePath}`, retryable: false }), + ); + process.exit(1); + } + + try { + content = readFileSync(resolved, 'utf8'); + } catch (error) { + const msg = error instanceof Error ? error.message : String(error); + console.log(JSON.stringify({ status: 'error', message: `Failed to read file: ${msg}`, retryable: true })); + process.exit(1); + } + } else { + console.log( + JSON.stringify({ + status: 'error', + message: 'Either --content or --file-path is required', + retryable: false, + }), + ); + process.exit(1); + } + + // 3. Validate queue types + let validated = false; + if (isQueueType(args.type)) { + const validation = validateQueueJson(content); + if (!validation.valid) { + console.log(JSON.stringify({ status: 'error', message: validation.message, retryable: true })); + process.exit(1); + } + validated = true; + } + + // 4. Save the file + try { + const targetDir = process.cwd(); + const filepath = saveDeliverableFile(targetDir, filename, content); + console.log(JSON.stringify({ status: 'success', filepath, validated })); + } catch (error) { + const msg = error instanceof Error ? error.message : String(error); + console.log(JSON.stringify({ status: 'error', message: `Failed to save: ${msg}`, retryable: true })); + process.exit(1); + } +} + +main(); diff --git a/apps/worker/src/services/error-handling.ts b/apps/worker/src/services/error-handling.ts index 6c002c2..6c0f2b9 100644 --- a/apps/worker/src/services/error-handling.ts +++ b/apps/worker/src/services/error-handling.ts @@ -63,7 +63,6 @@ const RETRYABLE_PATTERNS = [ 'service unavailable', 'bad gateway', // Claude API errors - 'mcp server', 'model unavailable', 'service temporarily unavailable', 'api error', diff --git a/apps/worker/src/services/prompt-manager.ts b/apps/worker/src/services/prompt-manager.ts index de93c48..70fb99d 100644 --- a/apps/worker/src/services/prompt-manager.ts +++ b/apps/worker/src/services/prompt-manager.ts @@ -6,7 +6,7 @@ import { fs, path } from 'zx'; import { PROMPTS_DIR } from '../paths.js'; -import { MCP_AGENT_MAPPING } from '../session-manager.js'; +import { PLAYWRIGHT_SESSION_MAPPING } from '../session-manager.js'; import type { ActivityLogger } from '../types/activity-logger.js'; import type { Authentication, DistributedConfig } from '../types/config.js'; import { handlePromptError, PentestError } from './error-handling.js'; @@ -14,7 +14,7 @@ import { handlePromptError, PentestError } from './error-handling.js'; interface PromptVariables { webUrl: string; repoPath: string; - MCP_SERVER?: string; + PLAYWRIGHT_SESSION?: string; } interface IncludeReplacement { @@ -166,7 +166,7 @@ async function interpolateVariables( let result = template .replace(/{{WEB_URL}}/g, variables.webUrl) .replace(/{{REPO_PATH}}/g, variables.repoPath) - .replace(/{{MCP_SERVER}}/g, variables.MCP_SERVER || 'playwright-agent1') + .replace(/{{PLAYWRIGHT_SESSION}}/g, variables.PLAYWRIGHT_SESSION || 'agent1') .replace(/{{AUTH_CONTEXT}}/g, buildAuthContext(config)); if (config) { @@ -236,16 +236,16 @@ export async function loadPrompt( throw new PentestError(`Prompt file not found: ${promptPath}`, 'prompt', false, { promptName, promptPath }); } - // 2. Assign MCP server based on agent name + // 2. Assign Playwright session based on agent name const enhancedVariables: PromptVariables = { ...variables }; - const mcpServer = MCP_AGENT_MAPPING[promptName as keyof typeof MCP_AGENT_MAPPING]; - if (mcpServer) { - enhancedVariables.MCP_SERVER = mcpServer; - logger.info(`Assigned ${promptName} -> ${enhancedVariables.MCP_SERVER}`); + const session = PLAYWRIGHT_SESSION_MAPPING[promptName as keyof typeof PLAYWRIGHT_SESSION_MAPPING]; + if (session) { + enhancedVariables.PLAYWRIGHT_SESSION = session; + logger.info(`Assigned ${promptName} -> ${enhancedVariables.PLAYWRIGHT_SESSION}`); } else { - enhancedVariables.MCP_SERVER = 'playwright-agent1'; - logger.warn(`Unknown agent ${promptName}, using fallback -> ${enhancedVariables.MCP_SERVER}`); + enhancedVariables.PLAYWRIGHT_SESSION = 'agent1'; + logger.warn(`Unknown agent ${promptName}, using fallback -> ${enhancedVariables.PLAYWRIGHT_SESSION}`); } // 3. Read template file diff --git a/apps/worker/src/session-manager.ts b/apps/worker/src/session-manager.ts index b87eafd..817397a 100644 --- a/apps/worker/src/session-manager.ts +++ b/apps/worker/src/session-manager.ts @@ -7,10 +7,9 @@ import { fs, path } from 'zx'; import { validateQueueAndDeliverable } from './services/queue-validation.js'; import type { ActivityLogger } from './types/activity-logger.js'; -import type { AgentDefinition, AgentName, AgentValidator, PlaywrightAgent, VulnType } from './types/index.js'; +import type { AgentDefinition, AgentName, AgentValidator, PlaywrightSession, VulnType } from './types/index.js'; // Agent definitions according to PRD -// NOTE: deliverableFilename values must match mcp-server/src/types/deliverables.ts:DELIVERABLE_FILENAMES export const AGENTS: Readonly> = Object.freeze({ 'pre-recon': { name: 'pre-recon', @@ -149,35 +148,31 @@ function createExploitValidator(vulnType: VulnType): AgentValidator { }; } -// MCP agent mapping - assigns each agent to a specific Playwright instance to prevent conflicts +// Playwright session mapping - assigns each agent to a specific session for browser isolation // Keys are promptTemplate values from AGENTS registry -export const MCP_AGENT_MAPPING: Record = Object.freeze({ - // Phase 1: Pre-reconnaissance (actual prompt name is 'pre-recon-code') - // NOTE: Pre-recon is pure code analysis and doesn't use browser automation, - // but assigning MCP server anyway for consistency and future extensibility - 'pre-recon-code': 'playwright-agent1', +export const PLAYWRIGHT_SESSION_MAPPING: Record = Object.freeze({ + // Phase 1: Pre-reconnaissance + 'pre-recon-code': 'agent1', - // Phase 2: Reconnaissance (actual prompt name is 'recon') - recon: 'playwright-agent2', + // Phase 2: Reconnaissance + recon: 'agent2', // Phase 3: Vulnerability Analysis (5 parallel agents) - 'vuln-injection': 'playwright-agent1', - 'vuln-xss': 'playwright-agent2', - 'vuln-auth': 'playwright-agent3', - 'vuln-ssrf': 'playwright-agent4', - 'vuln-authz': 'playwright-agent5', + 'vuln-injection': 'agent1', + 'vuln-xss': 'agent2', + 'vuln-auth': 'agent3', + 'vuln-ssrf': 'agent4', + 'vuln-authz': 'agent5', // Phase 4: Exploitation (5 parallel agents - same as vuln counterparts) - 'exploit-injection': 'playwright-agent1', - 'exploit-xss': 'playwright-agent2', - 'exploit-auth': 'playwright-agent3', - 'exploit-ssrf': 'playwright-agent4', - 'exploit-authz': 'playwright-agent5', + 'exploit-injection': 'agent1', + 'exploit-xss': 'agent2', + 'exploit-auth': 'agent3', + 'exploit-ssrf': 'agent4', + 'exploit-authz': 'agent5', - // Phase 5: Reporting (actual prompt name is 'report-executive') - // NOTE: Report generation is typically text-based and doesn't use browser automation, - // but assigning MCP server anyway for potential screenshot inclusion or future needs - 'report-executive': 'playwright-agent3', + // Phase 5: Reporting + 'report-executive': 'agent3', }); // Direct agent-to-validator mapping - much simpler than pattern matching diff --git a/apps/worker/src/types/agents.ts b/apps/worker/src/types/agents.ts index 1fd916a..1cde2b1 100644 --- a/apps/worker/src/types/agents.ts +++ b/apps/worker/src/types/agents.ts @@ -34,12 +34,7 @@ export const ALL_AGENTS = [ */ export type AgentName = (typeof ALL_AGENTS)[number]; -export type PlaywrightAgent = - | 'playwright-agent1' - | 'playwright-agent2' - | 'playwright-agent3' - | 'playwright-agent4' - | 'playwright-agent5'; +export type PlaywrightSession = 'agent1' | 'agent2' | 'agent3' | 'agent4' | 'agent5'; import type { ActivityLogger } from './activity-logger.js'; diff --git a/packages/mcp-server/src/types/deliverables.ts b/apps/worker/src/types/deliverables.ts similarity index 96% rename from packages/mcp-server/src/types/deliverables.ts rename to apps/worker/src/types/deliverables.ts index 37c2b16..992af59 100644 --- a/packages/mcp-server/src/types/deliverables.ts +++ b/apps/worker/src/types/deliverables.ts @@ -8,7 +8,6 @@ * Deliverable Type Definitions * * Maps deliverable types to their filenames and defines validation requirements. - * Must match the exact mappings from tools/save_deliverable.js. */ export enum DeliverableType { @@ -44,7 +43,6 @@ export enum DeliverableType { /** * Hard-coded filename mappings from agent prompts - * Must match tools/save_deliverable.js exactly */ export const DELIVERABLE_FILENAMES: Record = { [DeliverableType.CODE_ANALYSIS]: 'code_analysis_deliverable.md', diff --git a/apps/worker/src/types/index.ts b/apps/worker/src/types/index.ts index 81d3dd1..ba16610 100644 --- a/apps/worker/src/types/index.ts +++ b/apps/worker/src/types/index.ts @@ -12,6 +12,7 @@ export * from './activity-logger.js'; export * from './agents.js'; export * from './audit.js'; export * from './config.js'; +export * from './deliverables.js'; export * from './errors.js'; export * from './metrics.js'; export * from './result.js'; diff --git a/entrypoint.sh b/entrypoint.sh index 7ff6206..5fd7262 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -12,7 +12,7 @@ if [ -n "$TARGET_UID" ] && [ "$TARGET_UID" != "$CURRENT_UID" ]; then addgroup -g "$TARGET_GID" pentest adduser -u "$TARGET_UID" -G pentest -s /bin/bash -D pentest - chown -R pentest:pentest /app/sessions /app/deliverables /app/workspaces + chown -R pentest:pentest /app/sessions /app/deliverables /app/workspaces /tmp/.claude fi -exec su pentest -c "exec $*" +exec su -m pentest -c "exec $*" diff --git a/packages/mcp-server/package.json b/packages/mcp-server/package.json deleted file mode 100644 index 8c698e9..0000000 --- a/packages/mcp-server/package.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "name": "@shannon/mcp-server", - "version": "1.0.0", - "type": "module", - "main": "./dist/index.js", - "exports": { - ".": { - "import": "./dist/index.js", - "types": "./dist/index.d.ts" - } - }, - "scripts": { - "build": "tsc", - "check": "tsc --noEmit", - "clean": "rm -rf dist" - }, - "dependencies": { - "@anthropic-ai/claude-agent-sdk": "catalog:", - "zod": "^4.3.6" - } -} diff --git a/packages/mcp-server/src/index.ts b/packages/mcp-server/src/index.ts deleted file mode 100644 index 635f6c0..0000000 --- a/packages/mcp-server/src/index.ts +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright (C) 2025 Keygraph, Inc. -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU Affero General Public License version 3 -// as published by the Free Software Foundation. - -/** - * Shannon Helper MCP Server - * - * In-process MCP server providing save_deliverable and generate_totp tools - * for Shannon penetration testing agents. - * - * Replaces bash script invocations with native tool access. - * - * Uses factory pattern to create tools with targetDir captured in closure, - * ensuring thread-safety when multiple workflows run in parallel. - */ - -import { createSdkMcpServer } from '@anthropic-ai/claude-agent-sdk'; -import { generateTotpTool } from './tools/generate-totp.js'; -import { createSaveDeliverableTool } from './tools/save-deliverable.js'; - -/** - * Create Shannon Helper MCP Server with target directory context - * - * Each workflow should create its own MCP server instance with its targetDir. - * The save_deliverable tool captures targetDir in a closure, preventing race - * conditions when multiple workflows run in parallel. - */ -export function createShannonHelperServer(targetDir: string): ReturnType { - // Create save_deliverable tool with targetDir in closure (no global variable) - const saveDeliverableTool = createSaveDeliverableTool(targetDir); - - return createSdkMcpServer({ - name: 'shannon-helper', - version: '1.0.0', - tools: [saveDeliverableTool, generateTotpTool], - }); -} - -export { generateTotpTool } from './tools/generate-totp.js'; -// Export factory for direct usage if needed -export { createSaveDeliverableTool } from './tools/save-deliverable.js'; - -// Export types for external use -export * from './types/index.js'; diff --git a/packages/mcp-server/src/tools/generate-totp.ts b/packages/mcp-server/src/tools/generate-totp.ts deleted file mode 100644 index e923e7e..0000000 --- a/packages/mcp-server/src/tools/generate-totp.ts +++ /dev/null @@ -1,129 +0,0 @@ -// Copyright (C) 2025 Keygraph, Inc. -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU Affero General Public License version 3 -// as published by the Free Software Foundation. - -/** - * generate_totp MCP Tool - * - * Generates 6-digit TOTP codes for authentication. - * Replaces tools/generate-totp-standalone.mjs bash script. - * Based on RFC 6238 (TOTP) and RFC 4226 (HOTP). - */ - -import { createHmac } from 'node:crypto'; -import { tool } from '@anthropic-ai/claude-agent-sdk'; -import { z } from 'zod'; -import { createToolResult, type GenerateTotpResponse, type ToolResult } from '../types/tool-responses.js'; -import { createCryptoError, createGenericError } from '../utils/error-formatter.js'; -import { base32Decode, validateTotpSecret } from '../validation/totp-validator.js'; - -/** - * Input schema for generate_totp tool - */ -export const GenerateTotpInputSchema = z.object({ - secret: z - .string() - .min(1) - .regex(/^[A-Z2-7]+$/i, 'Must be base32-encoded') - .describe('Base32-encoded TOTP secret'), -}); - -export type GenerateTotpInput = z.infer; - -/** - * Generate HOTP code (RFC 4226) - * Ported from generate-totp-standalone.mjs (lines 74-99) - */ -function generateHOTP(secret: string, counter: number, digits: number = 6): string { - const key = base32Decode(secret); - - // Convert counter to 8-byte buffer (big-endian) - const counterBuffer = Buffer.alloc(8); - counterBuffer.writeBigUInt64BE(BigInt(counter)); - - // Generate HMAC-SHA1 - const hmac = createHmac('sha1', key); - hmac.update(counterBuffer); - const hash = hmac.digest(); - - // Dynamic truncation (SHA-1 always produces 20 bytes) - const lastByte = hash[hash.length - 1] ?? 0; - const offset = lastByte & 0x0f; - const code = - (((hash[offset] ?? 0) & 0x7f) << 24) | - (((hash[offset + 1] ?? 0) & 0xff) << 16) | - (((hash[offset + 2] ?? 0) & 0xff) << 8) | - ((hash[offset + 3] ?? 0) & 0xff); - - // Generate digits - const otp = (code % 10 ** digits).toString().padStart(digits, '0'); - return otp; -} - -/** - * Generate TOTP code (RFC 6238) - * Ported from generate-totp-standalone.mjs (lines 101-106) - */ -function generateTOTP(secret: string, timeStep: number = 30, digits: number = 6): string { - const currentTime = Math.floor(Date.now() / 1000); - const counter = Math.floor(currentTime / timeStep); - return generateHOTP(secret, counter, digits); -} - -/** - * Get seconds until TOTP code expires - */ -function getSecondsUntilExpiration(timeStep: number = 30): number { - const currentTime = Math.floor(Date.now() / 1000); - return timeStep - (currentTime % timeStep); -} - -/** - * generate_totp tool implementation - */ -export async function generateTotp(args: GenerateTotpInput): Promise { - try { - const { secret } = args; - - // Validate secret (throws on error) - validateTotpSecret(secret); - - // Generate TOTP code - const totpCode = generateTOTP(secret); - const expiresIn = getSecondsUntilExpiration(); - const timestamp = new Date().toISOString(); - - // Success response - const successResponse: GenerateTotpResponse = { - status: 'success', - message: 'TOTP code generated successfully', - totpCode, - timestamp, - expiresIn, - }; - - return createToolResult(successResponse); - } catch (error) { - // Check if it's a validation/crypto error - if (error instanceof Error && (error.message.includes('base32') || error.message.includes('TOTP'))) { - const errorResponse = createCryptoError(error.message, false); - return createToolResult(errorResponse); - } - - // Generic error - const errorResponse = createGenericError(error, false); - return createToolResult(errorResponse); - } -} - -/** - * Tool definition for MCP server - created using SDK's tool() function - */ -export const generateTotpTool = tool( - 'generate_totp', - 'Generates 6-digit TOTP code for authentication. Secret must be base32-encoded.', - GenerateTotpInputSchema.shape, - generateTotp, -); diff --git a/packages/mcp-server/src/tools/save-deliverable.ts b/packages/mcp-server/src/tools/save-deliverable.ts deleted file mode 100644 index dcb9ad5..0000000 --- a/packages/mcp-server/src/tools/save-deliverable.ts +++ /dev/null @@ -1,159 +0,0 @@ -// Copyright (C) 2025 Keygraph, Inc. -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU Affero General Public License version 3 -// as published by the Free Software Foundation. - -/** - * save_deliverable MCP Tool - * - * Saves deliverable files with automatic validation. - * Replaces tools/save_deliverable.js bash script. - * - * Uses factory pattern to capture targetDir in closure, avoiding race conditions - * when multiple workflows run in parallel. - */ - -import fs from 'node:fs'; -import path from 'node:path'; -import { tool } from '@anthropic-ai/claude-agent-sdk'; -import { z } from 'zod'; -import { DELIVERABLE_FILENAMES, DeliverableType, isQueueType } from '../types/deliverables.js'; -import { createToolResult, type SaveDeliverableResponse, type ToolResult } from '../types/tool-responses.js'; -import { createGenericError, createValidationError } from '../utils/error-formatter.js'; -import { saveDeliverableFile } from '../utils/file-operations.js'; -import { validateQueueJson } from '../validation/queue-validator.js'; - -/** - * Input schema for save_deliverable tool - */ -export const SaveDeliverableInputSchema = z.object({ - deliverable_type: z.nativeEnum(DeliverableType).describe('Type of deliverable to save'), - content: z - .string() - .min(1) - .optional() - .describe('File content (markdown for analysis/evidence, JSON for queues). Optional if file_path is provided.'), - file_path: z - .string() - .optional() - .describe( - 'Path to a file whose contents should be used as the deliverable content. Relative paths are resolved against the deliverables directory. Use this instead of content for large reports to avoid output token limits.', - ), -}); - -export type SaveDeliverableInput = z.infer; - -/** - * Check if a path is contained within a base directory. - * Prevents path traversal attacks (e.g., ../../../etc/passwd). - */ -function isPathContained(basePath: string, targetPath: string): boolean { - const resolvedBase = path.resolve(basePath); - const resolvedTarget = path.resolve(targetPath); - return resolvedTarget === resolvedBase || resolvedTarget.startsWith(resolvedBase + path.sep); -} - -/** - * Resolve deliverable content from either inline content or a file path. - * Returns the content string on success, or a ToolResult error on failure. - */ -function resolveContent(args: SaveDeliverableInput, targetDir: string): string | ToolResult { - if (args.content) { - return args.content; - } - - if (!args.file_path) { - return createToolResult( - createValidationError('Either "content" or "file_path" must be provided', true, { - deliverableType: args.deliverable_type, - }), - ); - } - - const resolvedPath = path.isAbsolute(args.file_path) ? args.file_path : path.resolve(targetDir, args.file_path); - - // Security: Prevent path traversal outside targetDir - if (!isPathContained(targetDir, resolvedPath)) { - return createToolResult( - createValidationError(`Path "${args.file_path}" resolves outside allowed directory`, false, { - deliverableType: args.deliverable_type, - allowedBase: targetDir, - }), - ); - } - - try { - return fs.readFileSync(resolvedPath, 'utf-8'); - } catch (readError) { - return createToolResult( - createValidationError( - `Failed to read file at ${resolvedPath}: ${readError instanceof Error ? readError.message : String(readError)}`, - true, - { deliverableType: args.deliverable_type, filePath: resolvedPath }, - ), - ); - } -} - -/** - * Create save_deliverable handler with targetDir captured in closure. - * - * This factory pattern ensures each MCP server instance has its own targetDir, - * preventing race conditions when multiple workflows run in parallel. - */ -function createSaveDeliverableHandler(targetDir: string) { - return async function saveDeliverable(args: SaveDeliverableInput): Promise { - try { - const { deliverable_type } = args; - - const contentOrError = resolveContent(args, targetDir); - if (typeof contentOrError !== 'string') { - return contentOrError; - } - const content = contentOrError; - - if (isQueueType(deliverable_type)) { - const queueValidation = validateQueueJson(content); - if (!queueValidation.valid) { - return createToolResult( - createValidationError(queueValidation.message ?? 'Invalid queue JSON', true, { - deliverableType: deliverable_type, - expectedFormat: '{"vulnerabilities": [...]}', - }), - ); - } - } - - const filename = DELIVERABLE_FILENAMES[deliverable_type]; - const filepath = saveDeliverableFile(targetDir, filename, content); - - const successResponse: SaveDeliverableResponse = { - status: 'success', - message: `Deliverable saved successfully: ${filename}`, - filepath, - deliverableType: deliverable_type, - validated: isQueueType(deliverable_type), - }; - - return createToolResult(successResponse); - } catch (error) { - return createToolResult(createGenericError(error, false, { deliverableType: args.deliverable_type })); - } - }; -} - -/** - * Factory function to create save_deliverable tool with targetDir in closure - * - * Each MCP server instance should call this with its own targetDir to ensure - * deliverables are saved to the correct workflow's directory. - */ -export function createSaveDeliverableTool(targetDir: string) { - return tool( - 'save_deliverable', - 'Saves deliverable files with automatic validation. Queue files must have {"vulnerabilities": [...]} structure. For large reports, write the file to disk first then pass file_path instead of inline content to avoid output token limits.', - SaveDeliverableInputSchema.shape, - createSaveDeliverableHandler(targetDir), - ); -} diff --git a/packages/mcp-server/src/types/index.ts b/packages/mcp-server/src/types/index.ts deleted file mode 100644 index 2d9c986..0000000 --- a/packages/mcp-server/src/types/index.ts +++ /dev/null @@ -1,12 +0,0 @@ -// Copyright (C) 2025 Keygraph, Inc. -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU Affero General Public License version 3 -// as published by the Free Software Foundation. - -/** - * Type definitions barrel export - */ - -export * from './deliverables.js'; -export * from './tool-responses.js'; diff --git a/packages/mcp-server/src/types/tool-responses.ts b/packages/mcp-server/src/types/tool-responses.ts deleted file mode 100644 index 80273ac..0000000 --- a/packages/mcp-server/src/types/tool-responses.ts +++ /dev/null @@ -1,69 +0,0 @@ -// Copyright (C) 2025 Keygraph, Inc. -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU Affero General Public License version 3 -// as published by the Free Software Foundation. - -/** - * Tool Response Type Definitions - * - * Defines structured response formats for MCP tools to ensure - * consistent error handling and success reporting. - */ - -export interface ErrorResponse { - status: 'error'; - message: string; - errorType: string; // ValidationError, FileSystemError, CryptoError, etc. - retryable: boolean; - context?: Record; -} - -export interface SuccessResponse { - status: 'success'; - message: string; -} - -export interface SaveDeliverableResponse { - status: 'success'; - message: string; - filepath: string; - deliverableType: string; - validated: boolean; // true if queue JSON was validated -} - -export interface GenerateTotpResponse { - status: 'success'; - message: string; - totpCode: string; - timestamp: string; - expiresIn: number; // seconds until expiration -} - -export type ToolResponse = ErrorResponse | SuccessResponse | SaveDeliverableResponse | GenerateTotpResponse; - -export interface ToolResultContent { - type: string; - text: string; -} - -export interface ToolResult { - content: ToolResultContent[]; - isError: boolean; -} - -/** - * Helper to create tool result from response - * MCP tools should return this format - */ -export function createToolResult(response: ToolResponse): ToolResult { - return { - content: [ - { - type: 'text', - text: JSON.stringify(response, null, 2), - }, - ], - isError: response.status === 'error', - }; -} diff --git a/packages/mcp-server/src/utils/error-formatter.ts b/packages/mcp-server/src/utils/error-formatter.ts deleted file mode 100644 index 7b7b554..0000000 --- a/packages/mcp-server/src/utils/error-formatter.ts +++ /dev/null @@ -1,67 +0,0 @@ -// Copyright (C) 2025 Keygraph, Inc. -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU Affero General Public License version 3 -// as published by the Free Software Foundation. - -/** - * Error Formatting Utilities - * - * Helper functions for creating structured error responses. - */ - -import type { ErrorResponse } from '../types/tool-responses.js'; - -/** - * Create a validation error response - */ -export function createValidationError( - message: string, - retryable: boolean = true, - context?: Record, -): ErrorResponse { - return { - status: 'error', - message, - errorType: 'ValidationError', - retryable, - ...(context !== undefined && { context }), - }; -} - -/** - * Create a crypto error response - */ -export function createCryptoError( - message: string, - retryable: boolean = false, - context?: Record, -): ErrorResponse { - return { - status: 'error', - message, - errorType: 'CryptoError', - retryable, - ...(context !== undefined && { context }), - }; -} - -/** - * Create a generic error response - */ -export function createGenericError( - error: unknown, - retryable: boolean = false, - context?: Record, -): ErrorResponse { - const message = error instanceof Error ? error.message : String(error); - const errorType = error instanceof Error ? error.constructor.name : 'UnknownError'; - - return { - status: 'error', - message, - errorType, - retryable, - ...(context !== undefined && { context }), - }; -} diff --git a/packages/mcp-server/src/utils/file-operations.ts b/packages/mcp-server/src/utils/file-operations.ts deleted file mode 100644 index e468007..0000000 --- a/packages/mcp-server/src/utils/file-operations.ts +++ /dev/null @@ -1,39 +0,0 @@ -// Copyright (C) 2025 Keygraph, Inc. -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU Affero General Public License version 3 -// as published by the Free Software Foundation. - -/** - * File Operations Utilities - * - * Handles file system operations for deliverable saving. - * Ported from tools/save_deliverable.js (lines 117-130). - */ - -import { mkdirSync, writeFileSync } from 'node:fs'; -import { join } from 'node:path'; - -/** - * Save deliverable file to deliverables/ directory - * - * @param targetDir - Target directory for deliverables (passed explicitly to avoid race conditions) - * @param filename - Name of the deliverable file - * @param content - File content to save - */ -export function saveDeliverableFile(targetDir: string, filename: string, content: string): string { - const deliverablesDir = join(targetDir, 'deliverables'); - const filepath = join(deliverablesDir, filename); - - // Ensure deliverables directory exists - try { - mkdirSync(deliverablesDir, { recursive: true }); - } catch { - throw new Error(`Cannot create deliverables directory at ${deliverablesDir}`); - } - - // Write file (atomic write - single operation) - writeFileSync(filepath, content, 'utf8'); - - return filepath; -} diff --git a/packages/mcp-server/src/validation/queue-validator.ts b/packages/mcp-server/src/validation/queue-validator.ts deleted file mode 100644 index c043934..0000000 --- a/packages/mcp-server/src/validation/queue-validator.ts +++ /dev/null @@ -1,65 +0,0 @@ -// Copyright (C) 2025 Keygraph, Inc. -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU Affero General Public License version 3 -// as published by the Free Software Foundation. - -/** - * Queue Validator - * - * Validates JSON structure for vulnerability queue files. - * Ported from tools/save_deliverable.js (lines 56-75). - */ - -import type { VulnerabilityQueue } from '../types/deliverables.js'; - -export interface ValidationResult { - valid: boolean; - message?: string; - data?: VulnerabilityQueue; -} - -/** - * Validate JSON structure for queue files - * Queue files must have a 'vulnerabilities' array - */ -export function validateQueueJson(content: string): ValidationResult { - try { - const parsed = JSON.parse(content) as unknown; - - // Type guard for the parsed result - if (typeof parsed !== 'object' || parsed === null) { - return { - valid: false, - message: `Invalid queue structure: Expected an object. Got: ${typeof parsed}`, - }; - } - - const obj = parsed as Record; - - // Queue files must have a 'vulnerabilities' array - if (!('vulnerabilities' in obj)) { - return { - valid: false, - message: `Invalid queue structure: Missing 'vulnerabilities' property. Expected: {"vulnerabilities": [...]}`, - }; - } - - if (!Array.isArray(obj.vulnerabilities)) { - return { - valid: false, - message: `Invalid queue structure: 'vulnerabilities' must be an array. Expected: {"vulnerabilities": [...]}`, - }; - } - - return { - valid: true, - data: parsed as VulnerabilityQueue, - }; - } catch (error) { - return { - valid: false, - message: `Invalid JSON: ${error instanceof Error ? error.message : String(error)}`, - }; - } -} diff --git a/packages/mcp-server/src/validation/totp-validator.ts b/packages/mcp-server/src/validation/totp-validator.ts deleted file mode 100644 index a5f7f74..0000000 --- a/packages/mcp-server/src/validation/totp-validator.ts +++ /dev/null @@ -1,73 +0,0 @@ -// Copyright (C) 2025 Keygraph, Inc. -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU Affero General Public License version 3 -// as published by the Free Software Foundation. - -/** - * TOTP Validator - * - * Validates TOTP secrets and provides base32 decoding. - * Ported from tools/generate-totp-standalone.mjs (lines 43-72). - */ - -/** - * Base32 decode function - * Ported from generate-totp-standalone.mjs - */ -export function base32Decode(encoded: string): Buffer { - const alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'; - const cleanInput = encoded.toUpperCase().replace(/[^A-Z2-7]/g, ''); - - if (cleanInput.length === 0) { - return Buffer.alloc(0); - } - - const output: number[] = []; - let bits = 0; - let value = 0; - - for (const char of cleanInput) { - const index = alphabet.indexOf(char); - if (index === -1) { - throw new Error(`Invalid base32 character: ${char}`); - } - - value = (value << 5) | index; - bits += 5; - - if (bits >= 8) { - output.push((value >>> (bits - 8)) & 255); - bits -= 8; - } - } - - return Buffer.from(output); -} - -/** - * Validate TOTP secret - * Must be base32-encoded string - * - * @returns true if valid, throws Error if invalid - */ -export function validateTotpSecret(secret: string): boolean { - if (!secret || secret.length === 0) { - throw new Error('TOTP secret cannot be empty'); - } - - // Check if it's valid base32 (only A-Z and 2-7, case-insensitive) - const base32Regex = /^[A-Z2-7]+$/i; - if (!base32Regex.test(secret.replace(/[^A-Z2-7]/gi, ''))) { - throw new Error('TOTP secret must be base32-encoded (characters A-Z and 2-7)'); - } - - // Try to decode to ensure it's valid - try { - base32Decode(secret); - } catch (error) { - throw new Error(`Invalid TOTP secret: ${error instanceof Error ? error.message : String(error)}`); - } - - return true; -} diff --git a/packages/mcp-server/tsconfig.json b/packages/mcp-server/tsconfig.json deleted file mode 100644 index 452b099..0000000 --- a/packages/mcp-server/tsconfig.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "extends": "../../tsconfig.base.json", - "compilerOptions": { - "rootDir": "./src", - "outDir": "./dist" - }, - "include": ["src/**/*"], - "exclude": ["node_modules", "dist"] -} diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 4a1fd8c..8c62e9d 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -51,9 +51,6 @@ importers: '@anthropic-ai/claude-agent-sdk': specifier: 'catalog:' version: 0.2.76(zod@4.3.6) - '@shannon/mcp-server': - specifier: workspace:* - version: link:../../packages/mcp-server '@temporalio/activity': specifier: ^1.11.0 version: 1.15.0 @@ -86,15 +83,6 @@ importers: specifier: ^4.0.9 version: 4.0.9 - packages/mcp-server: - dependencies: - '@anthropic-ai/claude-agent-sdk': - specifier: 'catalog:' - version: 0.2.76(zod@4.3.6) - zod: - specifier: ^4.3.6 - version: 4.3.6 - packages: '@anthropic-ai/claude-agent-sdk@0.2.76': diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index 6b85677..c4512cd 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -1,6 +1,5 @@ packages: - "apps/*" - - "packages/*" catalog: "@anthropic-ai/claude-agent-sdk": ^0.2.38 diff --git a/tsconfig.json b/tsconfig.json index 63581e2..9b8069d 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -1,4 +1,4 @@ { "files": [], - "references": [{ "path": "apps/worker" }, { "path": "apps/cli" }, { "path": "packages/mcp-server" }] + "references": [{ "path": "apps/worker" }, { "path": "apps/cli" }] }