starred/shannon-KeygraphHQ
1
0
Fork 0
mirror of https://github.com/KeygraphHQ/shannon.git synced 2026-04-25 17:45:53 +03:00
Code Issues 18 Projects Releases Packages Wiki Activity

[PR #75] [CLOSED] Fix output token limit failures in agent report writing #102

New issue
Closed
opened 2026-02-27 07:20:26 +03:00 by kerem · 0 comments
kerem commented 2026-02-27 07:20:26 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/KeygraphHQ/shannon/pull/75
Author: @moscowchill
Created: 2/7/2026
Status: Closed

Base: mainHead: fix/chunked-report-writing

📝 Commits (1)

  • de9ea2b Fix output token limit failures in agent report writing

📊 Changes

14 files changed (+164 additions, -32 deletions)

View changed files

📝 mcp-server/src/tools/save-deliverable.ts (+32 -2)
📝 prompts/exploit-auth.txt (+10 -3)
📝 prompts/exploit-authz.txt (+10 -3)
📝 prompts/exploit-injection.txt (+9 -2)
📝 prompts/exploit-ssrf.txt (+10 -3)
📝 prompts/exploit-xss.txt (+9 -2)
📝 prompts/pre-recon-code.txt (+10 -4)
📝 prompts/recon.txt (+14 -3)
📝 prompts/vuln-auth.txt (+11 -2)
📝 prompts/vuln-authz.txt (+11 -2)
📝 prompts/vuln-injection.txt (+11 -2)
📝 prompts/vuln-ssrf.txt (+11 -2)
📝 prompts/vuln-xss.txt (+11 -2)
📝 src/ai/claude-executor.ts (+5 -0)

📄 Description

Summary

  • Agents writing large security reports via save_deliverable would exceed the 32K output token limit, crashing the pipeline at Phase 3 (report synthesis)
  • This primarily affects subscription plan users (OAuth token via CLAUDE_CODE_OAUTH_TOKEN) since the Claude Code SDK enforces a 32K default output token limit. API key users (ANTHROPIC_API_KEY) may encounter the same limit depending on SDK configuration.
  • Added file_path parameter to save_deliverable MCP tool so agents can write reports to disk incrementally then pass the path instead of inline content
  • Updated all 13 prompt templates with chunked writing instructions (Write sections 1-5, Edit-append remaining, save via file_path)
  • Pass CLAUDE_CODE_MAX_OUTPUT_TOKENS and auth tokens (OAuth/API key) through SDK env option so spawned subprocesses inherit the container environment

Test plan

  • Verified pre-recon agent successfully writes report in chunks (Write + Edit append) and saves via file_path
  • Validated deliverable passes output validation after chunked writing
  • Confirmed pipeline progresses past pre-recon into recon phase
  • Full pipeline run through all 5 phases

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/KeygraphHQ/shannon/pull/75 **Author:** [@moscowchill](https://github.com/moscowchill) **Created:** 2/7/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `fix/chunked-report-writing` --- ### 📝 Commits (1) - [`de9ea2b`](https://github.com/KeygraphHQ/shannon/commit/de9ea2b91192bee94d6ef5c61cb1c93a82923944) Fix output token limit failures in agent report writing ### 📊 Changes **14 files changed** (+164 additions, -32 deletions) <details> <summary>View changed files</summary> 📝 `mcp-server/src/tools/save-deliverable.ts` (+32 -2) 📝 `prompts/exploit-auth.txt` (+10 -3) 📝 `prompts/exploit-authz.txt` (+10 -3) 📝 `prompts/exploit-injection.txt` (+9 -2) 📝 `prompts/exploit-ssrf.txt` (+10 -3) 📝 `prompts/exploit-xss.txt` (+9 -2) 📝 `prompts/pre-recon-code.txt` (+10 -4) 📝 `prompts/recon.txt` (+14 -3) 📝 `prompts/vuln-auth.txt` (+11 -2) 📝 `prompts/vuln-authz.txt` (+11 -2) 📝 `prompts/vuln-injection.txt` (+11 -2) 📝 `prompts/vuln-ssrf.txt` (+11 -2) 📝 `prompts/vuln-xss.txt` (+11 -2) 📝 `src/ai/claude-executor.ts` (+5 -0) </details> ### 📄 Description ## Summary - Agents writing large security reports via `save_deliverable` would exceed the 32K output token limit, crashing the pipeline at Phase 3 (report synthesis) - This primarily affects subscription plan users (OAuth token via `CLAUDE_CODE_OAUTH_TOKEN`) since the Claude Code SDK enforces a 32K default output token limit. API key users (`ANTHROPIC_API_KEY`) may encounter the same limit depending on SDK configuration. - Added `file_path` parameter to `save_deliverable` MCP tool so agents can write reports to disk incrementally then pass the path instead of inline content - Updated all 13 prompt templates with chunked writing instructions (Write sections 1-5, Edit-append remaining, save via file_path) - Pass `CLAUDE_CODE_MAX_OUTPUT_TOKENS` and auth tokens (OAuth/API key) through SDK `env` option so spawned subprocesses inherit the container environment ## Test plan - [x] Verified pre-recon agent successfully writes report in chunks (Write + Edit append) and saves via file_path - [x] Validated deliverable passes output validation after chunked writing - [x] Confirmed pipeline progresses past pre-recon into recon phase - [x] Full pipeline run through all 5 phases --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-02-27 07:20:26 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
feat/npx-integration
Readme-Update
feat/telemetry
ctf-mode
v1.1.0
v1.0.0
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/shannon-KeygraphHQ#102
No description provided.