@keygraph/shannon 1.0.0-beta.1 → 1.0.0

package/README.md

@@ -0,0 +1,22 @@
+<div align="center">
+
+<img src="https://raw.githubusercontent.com/KeygraphHQ/shannon/main/assets/github-banner.png" alt="Shannon — AI Pentester for Web Applications and APIs" width="100%">
+
+# Shannon — AI Pentester by Keygraph
+
+Shannon is an autonomous, white-box AI pentester for web applications and APIs. <br />
+It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.
+
+---
+
+<a href="https://github.com/KeygraphHQ/shannon/discussions/categories/announcements"><img src="https://raw.githubusercontent.com/KeygraphHQ/shannon/main/assets/announcements.png" height="40" alt="Announcements"></a>
+<a href="https://discord.gg/9ZqQPuhJB7"><img src="https://raw.githubusercontent.com/KeygraphHQ/shannon/main/assets/discord.png" height="40" alt="Join Discord"></a>
+<a href="https://keygraph.io/"><img src="https://raw.githubusercontent.com/KeygraphHQ/shannon/main/assets/Keygraph_Button.png" height="40" alt="Visit Keygraph.io"></a>
+<a href="https://www.linkedin.com/company/keygraph/"><img src="https://raw.githubusercontent.com/KeygraphHQ/shannon/main/assets/linkedin.png" height="40" alt="Follow Us on Linkedin"></a>
+
+---
+
+**Full README and usage guide**  
+[https://github.com/KeygraphHQ/shannon#readme](https://github.com/KeygraphHQ/shannon#readme)
+
+</div>

package/dist/index.mjs

@@ -198,10 +198,9 @@ function spawnWorker(opts) {
 	if (opts.promptsDir) args.push("-v", `${opts.promptsDir}:/app/apps/worker/prompts:ro`);
 	if (opts.config) args.push("-v", `${opts.config.hostPath}:${opts.config.containerPath}:ro`);
 	if (opts.outputDir) args.push("-v", `${opts.outputDir}:/app/output`);
-	if (opts.credentialsDir) args.push("-v", `${opts.credentialsDir}:/app/credentials:ro`);
-	else if (opts.credentials) args.push("-v", `${opts.credentials}:/app/credentials/google-sa-key.json:ro`);
+	if (opts.credentials) args.push("-v", `${opts.credentials}:/app/credentials/google-sa-key.json:ro`);
 	args.push(...opts.envFlags);
-	args.push("--shm-size", "2gb", "--ipc", "host", "--security-opt", "seccomp=unconfined");
+	args.push("--shm-size", "2gb", "--security-opt", "seccomp=unconfined");
 	args.push(getWorkerImage(opts.version));
 	args.push("node", "apps/worker/dist/temporal/worker.js", opts.url, opts.repo.containerPath);
 	args.push("--task-queue", opts.taskQueue);
@@ -248,21 +247,6 @@ function stopInfra(clean) {
 	execFileSync("docker", args, { stdio: "inherit" });
 }
 /**
-* Pull the worker image matching the current CLI version.
-*/
-function pullImage(version) {
-	const image = getWorkerImage(version);
-	console.log(`Pulling ${image}...`);
-	try {
-		execFileSync("docker", ["pull", image], { stdio: "inherit" });
-	} catch {
-		console.error(`\nERROR: Failed to pull ${image}`);
-		console.error("Check https://hub.docker.com/r/keygraph/shannon for available tags.");
-		process.exit(1);
-	}
-	pruneOldImages(version);
-}
-/**
 * Remove old keygraph/shannon images that don't match the current version.
 */
 function pruneOldImages(currentVersion) {
@@ -333,16 +317,6 @@ function getCredentialsPath() {
 	return path.join(SHANNON_HOME$2, "google-sa-key.json");
 }
 /**
-* In dev mode, return the credentials directory if it exists and has files.
-* In npx mode, there is no credentials directory (single file mount instead).
-*/
-function getCredentialsDir() {
-	if (getMode() !== "local") return void 0;
-	const dir = path.resolve("credentials");
-	if (!fs.existsSync(dir)) return void 0;
-	return fs.readdirSync(dir).length > 0 ? dir : void 0;
-}
-/**
 * Initialize state directories.
 * Local mode: creates ./workspaces/ and ./credentials/
 * NPX mode: creates ~/.shannon/workspaces/
@@ -1314,9 +1288,9 @@ async function start(args) {
 	const taskQueue = `shannon-${suffix}`;
 	const containerName = `shannon-worker-${suffix}`;
 	const workspace = args.workspace ?? `${new URL(args.url).hostname.replace(/[^a-zA-Z0-9-]/g, "-")}_shannon-${Date.now()}`;
-	const credentialsDir = getCredentialsDir();
 	const credentialsPath = getCredentialsPath();
-	const hasCredentials = !credentialsDir && fs.existsSync(credentialsPath);
+	const hasCredentials = fs.existsSync(credentialsPath);
+	if (hasCredentials) process.env.GOOGLE_APPLICATION_CREDENTIALS = "/app/credentials/google-sa-key.json";
 	const outputDir = args.output ? path.resolve(args.output) : void 0;
 	if (outputDir) fs.mkdirSync(outputDir, { recursive: true });
 	const promptsDir = isLocal() ? path.resolve("apps/worker/prompts") : void 0;
@@ -1330,7 +1304,6 @@ async function start(args) {
 		containerName,
 		envFlags: buildEnvFlags(),
 		...config && { config },
-		...credentialsDir && { credentialsDir },
 		...hasCredentials && { credentials: credentialsPath },
 		...promptsDir && { promptsDir },
 		...outputDir && { outputDir },
@@ -1471,15 +1444,6 @@ async function uninstall() {
 	p.outro("Shannon has been uninstalled. Run `npx @keygraph/shannon setup` to start fresh.");
 }
 //#endregion
-//#region src/commands/update.ts
-/**
-* `shannon update` command — pull the worker image matching the current CLI version.
-*/
-function update(version) {
-	pullImage(version);
-	console.log("Update complete.");
-}
-//#endregion
 //#region src/commands/workspaces.ts
 /**
 * `shannon workspaces` command — list all workspaces.
@@ -1546,7 +1510,6 @@ Usage:${mode === "local" ? "" : `
   ${prefix} logs <workspace>                             Tail workflow log
   ${prefix} status                                       Show running workers${mode === "local" ? `
   ${prefix} build [--no-cache]                           Build worker image` : `
-  ${prefix} update                                       Pull latest image
   ${prefix} uninstall                                    Remove ~/.shannon/ and all data`}
   ${prefix} info                                         Show splash screen
   ${prefix} help                                         Show this help
@@ -1683,9 +1646,6 @@ switch (command) {
 	case "build":
 		build(args.includes("--no-cache"));
 		break;
-	case "update":
-		update(getVersion());
-		break;
 	case "uninstall":
 		if (getMode() === "local") {
 			console.error("ERROR: uninstall is only available in npx mode.");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@keygraph/shannon",
-  "version": "1.0.0-beta.1",
+  "version": "1.0.0",
   "description": "Shannon - Autonomous white-box AI pentester for web applications and APIs by Keygraph",
   "type": "module",
   "main": "dist/index.mjs",
@@ -15,7 +15,7 @@
     "@clack/prompts": "^1.1.0",
     "chokidar": "^5.0.0",
     "dotenv": "^17.3.1",
-    "smol-toml": "^1.6.0"
+    "smol-toml": "^1.6.1"
   },
   "keywords": [
     "security",
@@ -40,7 +40,7 @@
     "node": ">=18"
   },
   "devDependencies": {
-    "tsdown": "^0.21.2"
+    "tsdown": "^0.21.5"
   },
   "scripts": {
     "build": "tsdown",