Saved memory (# quick-add), parallel tools, LLM retry, hardening#9
Merged
Merged
Conversation
…ening Saved memory (#-quick-add): a curated, human-readable memory layer. `#<text>` saves a durable fact (one Markdown file per fact under .pentesterflow/memory/, `#!` = personal scope). The fact catalog is pinned into the system prompt every turn (survives compaction) and the most relevant facts are recalled in full per turn (`recalled memory: …`). Manage via /memory add|list|forget. Secrets are redacted before write. Parallel tool dispatch: independent tool calls in a step run concurrently (bounded), results recorded in call order; single-call and load_skill steps stay sequential. BridgedPrompter serializes its modal so approvals stay one-at-a-time and a same-origin fan-out coalesces into one prompt. LLM retry/backoff: transient backend failures (429/502/503/504 + connection drops) retried with exponential backoff, honoring Retry-After. Wired into the OpenAI-compatible client. Redaction: mask connection-string query-param creds, HTTP Digest response hashes, and GCP private_key_id. Self-update hardening (L10): pin the installer to the requested release tag and assert the installer URL is https on raw.githubusercontent.com. Closes out the internal audit (AUDIT.md): 35/39 fixed, 3 accepted, 1 hardened. Adds tests throughout; full CI green (596 tests). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
PentesterFlow
added a commit
that referenced
this pull request
Jun 12, 2026
…hardening Saved memory (# quick-add), parallel tools, LLM retry, hardening
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
#quick-add) — Claude-Code-style curated memory:#<text>saves a durable Markdown fact under.pentesterflow/memory/(#!= personal). The catalog is pinned into the system prompt every turn (survives compaction); relevant facts are recalled in full per turn (recalled memory: …). Manage via/memory add|list|forget. Secrets redacted before write.load_skillsteps stay sequential. The permission prompter serializes its modal and coalesces same-origin fan-outs into one prompt.Retry-After; wired into the OpenAI-compatible client.response=hashes, GCPprivate_key_id.raw.githubusercontent.com.AUDIT.md): 35/39 fixed, 3 accepted, 1 hardened.Testing
npm run cigreen: typecheck, lint, 596 tests, build.dist/cli.js --version/--list-toolsrun clean.🤖 Generated with Claude Code