[feat] build log screenshot tool#21
Draft
GangGreenTemperTatum wants to merge 1 commit into
Draft
Conversation
GangGreenTemperTatum
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds a small multimedia logging surface to the
web-securitycapability so agents can attach existing local proof-of-concept media to the current Dreadnode run in the same general style as the old v1web-agentlog_screenshothelper.The new toolset adds four path-based tools:
log_image_outputlog_audio_outputlog_video_outputlog_file_artifactThis keeps the interface simple for the agent. When another tool has already written a file to disk, the agent can log it directly as typed media output or upload it as a raw artifact without re-implementing SDK details inside prompts or ad hoc scripts.
Why
The older Dreadnode web agent exposed a dedicated screenshot-ingest helper. The current SDK has broader primitives (
Image,Audio,Video,log_output,log_artifact), butweb-securitydid not yet expose a purpose-built tool for agents to use them consistently.Without this wrapper, an agent would need to rely on implicit SDK knowledge or custom Python/Bash glue every time it wanted to attach a screenshot, audio clip, video, or supporting file to a run. This PR gives the capability a narrow, explicit, path-based interface for that workflow.
Changes
capabilities/web-security/tools/media_logging.pycapabilities/web-security/tests/test_media_logging.pydreadnodetest stub incapabilities/web-security/tests/conftest.pyto cover typed media logging primitivescapabilities/web-security/agents/web-security.mdValidation
I validated the change in a clean worktree on
ads/cap-985-build-log_screenshot-toolbased on freshorigin/main.Checks run:
python3 -m pytest capabilities/web-security/tests/test_media_logging.py capabilities/web-security/tests/test_dns_rebinding.py capabilities/web-security/tests/test_credence.py capabilities/web-security/tests/test_phone_verification.pypre-commit run --files capabilities/web-security/tools/media_logging.py capabilities/web-security/tests/test_media_logging.py capabilities/web-security/tests/conftest.py capabilities/web-security/agents/web-security.mdjust validateResults:
68 passedruffandruff-formatjust validatecompleted with0 failedRepo-level validation still shows pre-existing warnings for unrelated capabilities and local environment checks (
caido-cli, Burp jar, Java 17 for Ghidra, andbloodhound-enterpriseruntime import warnings). Those are not introduced by this PR.Linear