* feat(auth): reuse preflight's authenticated session across agents
* fix(preflight): verify saved auth state parses and has cookies or origins
* fix(prompts): strip shared-session block when no auth is configured
* fix(shannon): store shared auth state in the per-session audit dir
* fix(prompts): write stub auth-state in pipeline-testing preflight
* fix(preflight): clear stale auth-state.json before validate-authentication
* fix(preflight): drop auth-state.json on workflow completion
* docs(claude): refresh auth-state.json description for new layout and cleanup
* refactor(prompts): drop unused PLAYWRIGHT_SESSION resolve in login instructions
* style(prompts): collapse verifySavedAuthState signature per biome
* refactor(prompts): require AUTH_STATE_FILE on authenticated runs
* style(prompts): trim numbered-step comments back to step headers
* feat(steerability): add config-driven profile with code_path avoid enforcement
* fix(steerability): write SDK deny rules once per workflow to avoid parallel-agent race
* fix(steerability): reference guidance by pointer in report DROP rules
* fix(steerability): tighten code_path avoid enforcement
* chore(steerability): use shared ALL_VULN_CLASSES const and tighten RunScope type
* fix(steerability): validate run scope before resume short-circuit
* fix(steerability): emit only documented Read/Edit deny rules for code_path
* fix(steerability): assemble report from analysis deliverables when exploit is disabled
* feat(steerability): preflight check that code_path rules match at least one repo entry
* fix(steerability): tag missing code_path entries with avoid/focus kind
* revert(steerability): assemble report from analysis deliverables when exploit is disabled
* feat(steerability): render per-class findings from queue JSON when exploit is disabled
* refactor(steerability): trim findings renderer to common mappable rows
* feat(steerability): allow report agent to rewrite category-label finding titles
* docs(steerability): document new config fields in README and CLAUDE.md
* docs(steerability): comment out optional config sections in examples
* feat: add ReportOutputProvider for consumer-extended report artifacts
* fix: thread deliverablesSubdir through report assembly
* fix: produce structured report JSON on resume path
* fix: fail loud on structured report output provider errors
* feat: extend checkpoint provider and container DI for consumer-specific backends
* fix: pre-create .shannon overlay mount points on all platforms
* chore: drop claude-code-router mode
* fix: drop 'resets' keyword from spending-cap text patterns
ezl-keygraph