CalvinBackup/shannon
1
0
Fork 0
mirror of https://github.com/KeygraphHQ/shannon.git synced 2026-05-31 12:49:30 +02:00
Code Issues Packages Projects Releases Wiki Activity
251 Commits 4 Branches 5 Tags
ef2b2540306bf87bb1ebe2ce97336c13747f0886
Commit Graph

7 Commits

Author SHA1 Message Date
ezl-keygraph 147bc3f5f4 fix: harden supply chain security (#255) 
* fix: patch smol-toml and tsdown vulnerabilities

Update smol-toml 1.6.0→1.6.1 (DoS via recursive comment parsing) and
tsdown 0.21.2→0.21.5 (picomatch ReDoS + method injection).

* fix: pin all unpinned dependency versions in Dockerfile

Pins subfinder v2.13.0, WhatWeb v0.6.3 (switched from git clone to
release tarball), schemathesis 4.13.0, addressable 2.8.9,
claude-code 2.1.84, and playwright-cli 0.1.1 for reproducible builds.

* fix: pin GitHub Actions to commit SHAs for supply chain security

* fix: pin GitHub Actions to commit SHAs in beta and rollback workflows
 2026-03-27 01:55:09 +05:30
ezl-keygraph e220f4862c fix: case-insensitive grep for semantic-release version probe 2026-03-26 23:36:58 +05:30
ezl-keygraph a513aad161 fix: remove environment gates and add NPM_TOKEN to publish step 2026-03-18 16:09:40 +05:30
ezl-keygraph 955eae5d65 fix: remove duplicate environment gate from merge-docker job 
Move DOCKERHUB_USERNAME from vars to secrets so merge-docker can access
credentials without its own environment scope. This eliminates the
redundant double approval since build-docker already gates on
release-publish.
 2026-03-18 15:58:45 +05:30
ezl-keygraph 12ce802770 fix: use native ARM64 runners for Docker multi-platform builds 
Replace QEMU emulation with parallel native builds using a matrix
strategy (ubuntu-latest for amd64, ubuntu-24.04-arm for arm64).
Each platform pushes by digest, then a merge job creates the
multi-arch manifest list before signing with cosign.
 2026-03-18 15:58:45 +05:30
ezl-keygraph 181f24cfcc refactor: migrate to Turborepo + pnpm + Biome monorepo 
Restructure into apps/worker, apps/cli, packages/mcp-server with
Turborepo task orchestration, pnpm workspaces, Biome linting/formatting,
and tsdown CLI bundling.

Key changes:
- src/ -> apps/worker/src/, cli/ -> apps/cli/, mcp-server/ -> packages/mcp-server/
- prompts/ and configs/ moved into apps/worker/
- npm replaced with pnpm, package-lock.json replaced with pnpm-lock.yaml
- Dockerfile updated for pnpm-based builds
- CLI logs command rewritten with chokidar for cross-platform reliability
- Router health checking added for auto-detected router mode
- Centralized path resolution via apps/worker/src/paths.ts
 2026-03-18 15:58:45 +05:30
ezl-keygraph 9b1abd9ec0 feat: integrate npx CLI, CI/CD, and ephemeral worker architecture 
Bring in changes from shannon-npx: npx-distributable CLI package (cli/),
semantic-release CI/CD workflows, ephemeral per-scan worker containers,
TOML config support, setup wizard, and workspace management.

Preserves all shannon-only changes: security hardening (localhost-bound
ports, MCP env allowlist, path traversal guard), updated benchmarks
(XBEN 19/31/35/44), README assets, and prompt injection disclaimer.

Applies security hardening to cli/infra/compose.yml as well.
 2026-03-18 15:57:57 +05:30