lfg2025/archy
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 44 Wiki Activity
archy/loop/prompt-pentest-fix.md
Dorian 0b3c23ff76 chore: add pentest-fix prompt and wire verification into loop.sh 
- loop/prompt-pentest-fix.md: dedicated prompt for pentest fix overnight
  runs, instructs Claude to run verify-pentest-fixes.sh as final step
- loop/loop.sh: automatically runs verification script when all plan
  tasks are complete (runs for any plan, not just pentest)

Usage: PROMPT_FILE=loop/prompt-pentest-fix.md caffeinate -i ./loop/loop.sh

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:53:36 +00:00

2.4 KiB
Raw Blame History

You are remediating security vulnerabilities found during a penetration test of Archipelago. Read these files first:

  1. loop/plan.md — Your fix checklist (mark items - [x] as you complete them)
  2. CLAUDE.md — Archy project conventions, architecture, coding standards
  3. loop/pentest/security-assessment-report.md — Full pentest report with findings and evidence

Architecture Reference

Nginx (port 80) → Rust backend (port 5678) → Podman containers
                → Vue 3 frontend (static files)
                → WebSocket /ws/db

Key backend files:

  • core/archipelago/src/api/handler.rs — HTTP request routing and middleware
  • core/archipelago/src/api/rpc/mod.rs — RPC method dispatch and auth gating
  • core/archipelago/src/api/rpc/auth.rs — Login/logout handlers
  • core/archipelago/src/session.rs — Session store, rate limiter, cookie helpers
  • core/archipelago/src/api/rpc/package.rs — Package install/uninstall
  • core/archipelago/src/api/rpc/peers.rs — P2P peer messaging
  • core/archipelago/src/node_message.rs — P2P message storage and validation
  • image-recipe/configs/nginx-archipelago.conf — Nginx config
  • image-recipe/configs/archipelago.service — Systemd service

For each task in loop/plan.md:

  1. Find the first unchecked - [ ] item
  2. Read the task description and the corresponding finding in the pentest report
  3. Read the relevant source files before making changes
  4. Implement the fix following CLAUDE.md conventions
  5. Deploy to live server: ./scripts/deploy-to-target.sh --live
  6. Verify the specific fix works (curl test against the endpoint)
  7. Commit: fix: description (conventional commits)
  8. Mark it done - [x] in loop/plan.md
  9. Move to the next unchecked task immediately

When all FIX tasks are done:

Run the full verification suite:

./scripts/verify-pentest-fixes.sh

If ALL 26 checks pass (exit code 0):

  • Mark VERIFY as - [x] in loop/plan.md
  • Commit the final state

If ANY check fails (exit code 1):

  • DO NOT mark VERIFY done
  • Fix the failing checks, redeploy, and re-run verification
  • Only mark VERIFY done when all checks pass

Rules

  • Never skip deploy — changes must be live at 192.168.1.228 before marking done
  • If a fix breaks something else, fix the regression before moving on
  • Test each fix individually before moving to the next
  • Do not stop until all tasks are checked and verification passes, or you are rate limited