mirror of
https://github.com/KeygraphHQ/shannon.git
synced 2026-04-02 02:40:41 +02:00
2a433f090f
* feat: add structured outputs for vuln agent exploitation queues Use Claude Agent SDK's native outputFormat to get schema-validated JSON queue data from vulnerability analysis agents instead of relying on save-deliverable tool calls for queue files. - Add Zod schemas for all 5 vuln types (injection, xss, auth, ssrf, authz) - Thread outputFormat through SDK call chain (executor → message handlers) - Write structured_output to disk as queue JSON before validation - Handle error_max_structured_output_retries as retryable failure - Update vuln prompts to use structured output for queues - Keep save-deliverable for markdown deliverables (unchanged) * fix: correct structured output schema conversion for Claude Agent SDK Use draft-07 target for z.toJSONSchema() instead of the default draft-2020-12, which the SDK's AJV validator doesn't support. Update pipeline-testing prompts to use structured output instead of raw JSON responses. * refactor: remove save-deliverable references for queues in vuln prompts Queues are now captured via structured outputs, so vuln agents no longer need to use save-deliverable for queue JSON. Removes references to "structured response/output" phrasing and aligns all prompts to use consistent "exploitation queue" terminology. * refactor: remove queue support from save-deliverable Queues are now produced via structured outputs, so save-deliverable no longer needs queue-related code. Removes queue enum values, filename mappings, JSON validation, and updates all prompt tool descriptions to match the simplified CLI interface. * fix: instruct vuln agents to save deliverable before exploitation queue The structured output tool terminates the agent session when called. Agents were calling it before saving their deliverable markdown, causing output validation failures and unnecessary retries. * refactor: remove explicit exploitation queue output instructions from vuln prompts The Claude Agent SDK automatically captures structured output on the last turn when outputFormat is set. Prompts explicitly telling agents to produce the queue caused them to call StructuredOutput mid-session, conflicting with the SDK mechanism and silently dropping the output. Removed exploitation_queue_requirements sections and queue references from conclusion triggers. Added note that the queue is captured automatically. Updated Your Output to point to the deliverable markdown.
28 lines
616 B
JSON
28 lines
616 B
JSON
{
|
|
"name": "@shannon/worker",
|
|
"version": "0.0.0",
|
|
"private": true,
|
|
"type": "module",
|
|
"scripts": {
|
|
"build": "tsc",
|
|
"check": "tsc --noEmit",
|
|
"clean": "rm -rf dist"
|
|
},
|
|
"dependencies": {
|
|
"@anthropic-ai/claude-agent-sdk": "catalog:",
|
|
"@temporalio/activity": "^1.11.0",
|
|
"@temporalio/client": "^1.11.0",
|
|
"@temporalio/worker": "^1.11.0",
|
|
"@temporalio/workflow": "^1.11.0",
|
|
"ajv": "^8.12.0",
|
|
"ajv-formats": "^2.1.1",
|
|
"dotenv": "^16.4.5",
|
|
"js-yaml": "^4.1.0",
|
|
"zod": "^4.3.6",
|
|
"zx": "^8.0.0"
|
|
},
|
|
"devDependencies": {
|
|
"@types/js-yaml": "^4.0.9"
|
|
}
|
|
}
|