fix: use deep rglob search for module path discovery#119
Merged
double16 merged 14 commits intobvcyber:developfrom Mar 5, 2026
Merged
fix: use deep rglob search for module path discovery#119double16 merged 14 commits intobvcyber:developfrom
double16 merged 14 commits intobvcyber:developfrom
Conversation
Tool ID fixes for Ollama and Gemini
prep 0.3.1
Context size improvments - Estimate tokens for system prompt and tools instead of using constants - Rename 'general' module to 'web' - swarm tool allows model selection using selected provider or ollama - Allow modules to specify which built-in tools to use - Refactor XBOW benchmark script to python
- add back erroneously removed `python_repl` and `sleep` tools - fix incorrect model parameters (i.e., max output tokens) when swarm model == main model - validate swarm agent model and fall back to primary model - fix broken tool calling (ollama, gemini) in report, validation_specialist agents - relax prompt optimizer validation for line count increase - minor efficiency updates
Prompt budget consider output tokens (bvcyber#62)
… guidance, improved reporting. - dependency updates - add web_recon module for reconnaissance without exploitation - make reporting work with only observations for non-exploitation use cases - reporting uses all findings when MEMORY_ISOLATION=shared - increase PROMPT_TELEMETRY_THRESHOLD to more reasonable value of 85% to allow for more input context - fix sliding conversation manager to preserve first messages: initial user prompt was getting lost - improve handling of failure cases - patch OllamaModel usage reporting: input and output tokens are swapped - apply CYBER_AGENT_OUTPUT_DIR everywhere instead of hardcoded “outputs” directory - set context window message limit based on prompt token limit: 100 lines default, 200 lines for >= 128,000, 300 lines for >= 400,000 - use full paths with LLM content, some models prepend hallucinated filesystem roots - add operation_paths information to system prompt to control LLM filesystem scope - add reflection_snapshot information to system prompt (was already referenced by execution prompts) - run execution prompt optimizer before system prompt rebuilding to load the optimized prompt in the same step - improve agent continuation message with budget, check point and actions - update bedrock models to global.anthropic.claude-opus-4-5-20251101-v1:0 / us.anthropic.claude-sonnet-4-5-20250929-v1:0
Module features and misc. fixes
**NOTE:** Requires rebuilding the cyber-autoagent-tools image - fix Dockerfile.tools build, tool check was not working, so several tools were not working - Rewrite advanced_payload_coordinator.py using dalfox, sstimap and commix, optimize for model usage - Refactor auth_chain_analyzer.py and specialized_recon_coordinator.py for correctness and optimize for model usage - Improve tool guidance in system prompt - Change tool_catalog to include all tool information and help text from shell commands - Token usage estimation is closer to reality - Apply reasoning loop workaround to all agents
Module path search previously used a shallow lookup (base/module_name), which prevented modules from being discovered when nested inside sub-directories (e.g. external_plugins/collection/web/). The three key methods now use Python's Path.rglob() to search for **/module_name/module.yaml or **/module_name/module.yml, exactly as proposed in the issue. A shallow fallback is retained for modules that do not have a module.yaml manifest. Affected methods in ModulePromptLoader: - _find_module_dir - _find_prompt_path - _find_tools_dir Closes bvcyber#100
Contributor
|
Thanks! Can you update |
Contributor
Author
|
I have added the requested test cases in |
Contributor
|
Changes requested:
|
…kup, add specific deep test)
Contributor
|
Thanks, those last changes look good! The react UI
The user documentation needs updated to reflect the ability to nest modules in directories: |
Contributor
Author
|
I have implemented the deep search module path discovery algorithm in |
Contributor
|
test_prompt_loader.py tests are failing because the existing tests did not all have a |
…pipeline expectations
Contributor
Author
|
Added the missing |
double16
reviewed
Mar 4, 2026
|
|
||
| web_dir = tmp_path / "operation_plugins" / "web" | ||
| web_dir.mkdir(parents=True) | ||
| web_dir.mkdir(parents=True) |
|
|
||
| ctf_dir = tmp_path / "operation_plugins" / "ctf" | ||
| ctf_dir.mkdir(parents=True) | ||
| ctf_dir.mkdir(parents=True) |
|
|
||
| ctf_dir = tmp_path / "operation_plugins" / "ctf" | ||
| ctf_dir.mkdir(parents=True) | ||
| ctf_dir.mkdir(parents=True) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #100
Problem
Module path search used a shallow lookup
base / module_name, which prevented modules from being discovered when stored inside sub-directories — for example, cloning a repo of multiple modules intoexternal_plugins/:Solution
All three path-resolution methods in
ModulePromptLoadernow perform a deep search usingPath.rglob()for**/module_name/module.yamlor**/module_name/module.yml, exactly as proposed in the issue. A shallow fallback is retained for backwards compatibility with modules that lack amodule.yamlmanifest.Affected methods:
_find_module_dir_find_prompt_path_find_tools_dirTesting Checklist
module.yaml) continue to work via fallbackexternal_plugins/collection/web/) is now discovered correctly