starred/shannon-KeygraphHQ
1
0
Fork 0
mirror of https://github.com/KeygraphHQ/shannon.git synced 2026-04-25 01:25:52 +03:00
Code Issues 18 Projects Releases Packages Wiki Activity

[PR #129] feat: add Z.AI GLM models as router provider #132

New issue
Open
opened 2026-02-27 08:09:24 +03:00 by kerem · 0 comments
kerem commented 2026-02-27 08:09:24 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/KeygraphHQ/shannon/pull/129
Author: @rizkydwicmt
Created: 2/13/2026
Status: 🔄 Open

Base: mainHead: feat/zai-glm-provider

📝 Commits (2)

  • c6d10b1 feat: add Z.AI GLM models as router provider
  • 7cab544 Update configs/router-config.json

📊 Changes

6 files changed (+63 additions, -9 deletions)

View changed files

📝 .env.example (+5 -0)
📝 README.md (+5 -0)
📝 configs/router-config.json (+37 -4)
📝 docker-compose.yml (+1 -0)
📝 shannon (+4 -4)
📝 src/ai/claude-executor.ts (+11 -1)

📄 Description

Summary

Adds Z.AI (Zhipu AI) GLM models as a new provider option for Shannon's router mode, enabling pentesting with Chinese-developed large language models.

Changes

Router Configuration (configs/router-config.json)

  • Added zai provider with endpoint https://api.z.ai/api/coding/paas/v4/chat/completions
  • Configured models: glm-5, glm-4.7, glm-4.7-flash
  • Uses the same maxcompletiontokens transformer pattern as OpenAI

SDK Environment Forwarding (src/ai/claude-executor.ts)

  • Bug fix: Forward ANTHROPIC_BASE_URL, ANTHROPIC_AUTH_TOKEN, and ROUTER_DEFAULT env vars to the SDK subprocess
  • Without this fix, the SDK subprocess doesn't know about the router and tries to authenticate directly with Anthropic, causing AuthenticationError: Invalid API key
  • This fix benefits all router providers (OpenAI, OpenRouter, Z.AI, etc.), not just Z.AI

Docker & CLI

  • Added ZAI_API_KEY to docker-compose.yml router service environment
  • Added ZAI_API_KEY to shannon CLI provider key validation checks

Documentation

  • Updated .env.example with Z.AI configuration section
  • Updated README.md with Z.AI in Quick Setup and Experimental Models table

Testing

  • Verified Z.AI API connectivity with glm-4.7 model via curl
  • Successfully ran full Shannon pentest pipeline through router with glm-4.7
  • Pre-recon agent completed 405 turns of code analysis successfully
  • Recon agent running with 385+ turns of vulnerability discovery

Usage

# .env
ZAI_API_KEY=your-zai-api-key
ROUTER_DEFAULT=zai,glm-4.7

# Run
./shannon start URL=https://target.com REPO=target-repo ROUTER=true

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/KeygraphHQ/shannon/pull/129 **Author:** [@rizkydwicmt](https://github.com/rizkydwicmt) **Created:** 2/13/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `feat/zai-glm-provider` --- ### 📝 Commits (2) - [`c6d10b1`](https://github.com/KeygraphHQ/shannon/commit/c6d10b18cf1bbd7819781a169f96ccd82df3d2b6) feat: add Z.AI GLM models as router provider - [`7cab544`](https://github.com/KeygraphHQ/shannon/commit/7cab544bd3ff4c6c72d79b13c3928850a7ea66f2) Update configs/router-config.json ### 📊 Changes **6 files changed** (+63 additions, -9 deletions) <details> <summary>View changed files</summary> 📝 `.env.example` (+5 -0) 📝 `README.md` (+5 -0) 📝 `configs/router-config.json` (+37 -4) 📝 `docker-compose.yml` (+1 -0) 📝 `shannon` (+4 -4) 📝 `src/ai/claude-executor.ts` (+11 -1) </details> ### 📄 Description ## Summary Adds Z.AI (Zhipu AI) GLM models as a new provider option for Shannon's router mode, enabling pentesting with Chinese-developed large language models. ## Changes ### Router Configuration (`configs/router-config.json`) - Added `zai` provider with endpoint `https://api.z.ai/api/coding/paas/v4/chat/completions` - Configured models: `glm-5`, `glm-4.7`, `glm-4.7-flash` - Uses the same `maxcompletiontokens` transformer pattern as OpenAI ### SDK Environment Forwarding (`src/ai/claude-executor.ts`) - **Bug fix**: Forward `ANTHROPIC_BASE_URL`, `ANTHROPIC_AUTH_TOKEN`, and `ROUTER_DEFAULT` env vars to the SDK subprocess - Without this fix, the SDK subprocess doesn't know about the router and tries to authenticate directly with Anthropic, causing `AuthenticationError: Invalid API key` - This fix benefits **all** router providers (OpenAI, OpenRouter, Z.AI, etc.), not just Z.AI ### Docker & CLI - Added `ZAI_API_KEY` to `docker-compose.yml` router service environment - Added `ZAI_API_KEY` to `shannon` CLI provider key validation checks ### Documentation - Updated `.env.example` with Z.AI configuration section - Updated `README.md` with Z.AI in Quick Setup and Experimental Models table ## Testing - Verified Z.AI API connectivity with `glm-4.7` model via curl - Successfully ran full Shannon pentest pipeline through router with `glm-4.7` - Pre-recon agent completed 405 turns of code analysis successfully - Recon agent running with 385+ turns of vulnerability discovery ## Usage ```bash # .env ZAI_API_KEY=your-zai-api-key ROUTER_DEFAULT=zai,glm-4.7 # Run ./shannon start URL=https://target.com REPO=target-repo ROUTER=true ``` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
feat/npx-integration
Readme-Update
feat/telemetry
ctf-mode
v1.1.0
v1.0.0
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/shannon-KeygraphHQ#132
No description provided.