mirror of
https://github.com/KeygraphHQ/shannon.git
synced 2026-05-21 00:14:58 +02:00
ezl-keygraph
95998d1a44
* feat(steerability): add config-driven profile with code_path avoid enforcement * fix(steerability): write SDK deny rules once per workflow to avoid parallel-agent race * fix(steerability): reference guidance by pointer in report DROP rules * fix(steerability): tighten code_path avoid enforcement * chore(steerability): use shared ALL_VULN_CLASSES const and tighten RunScope type * fix(steerability): validate run scope before resume short-circuit * fix(steerability): emit only documented Read/Edit deny rules for code_path * fix(steerability): assemble report from analysis deliverables when exploit is disabled * feat(steerability): preflight check that code_path rules match at least one repo entry * fix(steerability): tag missing code_path entries with avoid/focus kind * revert(steerability): assemble report from analysis deliverables when exploit is disabled * feat(steerability): render per-class findings from queue JSON when exploit is disabled * refactor(steerability): trim findings renderer to common mappable rows * feat(steerability): allow report agent to rewrite category-label finding titles * docs(steerability): document new config fields in README and CLAUDE.md * docs(steerability): comment out optional config sections in examples
14 lines
566 B
Plaintext
14 lines
566 B
Plaintext
<code_path_rules>
|
|
Source-code routing. Each rule is tagged `[FILE]` (literal path) or `[GLOB]` (pattern). All paths are repository-relative.
|
|
|
|
How to apply (focus rules):
|
|
- For `[FILE]` entries — delegate analysis to the Task tool.
|
|
- For `[GLOB]` entries — invoke the Glob tool to enumerate matches, then delegate analysis of every match to the Task tool.
|
|
|
|
Avoid — out of scope. Skip entirely; the tool layer will block any access attempts.
|
|
{{CODE_RULES_AVOID}}
|
|
|
|
Focus — priority work assignments. Analyze every entry.
|
|
{{CODE_RULES_FOCUS}}
|
|
</code_path_rules>
|