| name | pipeline |
| description | Prepare the battlefield — recon, scanning, and surface ranking. Stops before hunting. Run /hunt or /autopilot after. Usage: /pipeline or /pipeline <target> |
Prepare the battlefield for: $ARGUMENTS
This command runs recon, scanning, and surface ranking — everything needed BEFORE hunting.
It does NOT hunt, validate, or report. Use /hunt or /autopilot for that.
Phase 0: SETUP
- Read
scope.yaml — resolve and verify targets
- If
$ARGUMENTS is empty: uv run python3 ../../tools/scope_check.py --list
- If
$ARGUMENTS is a domain: uv run python3 ../../tools/scope_check.py $ARGUMENTS
- Read
policy.md — extract policy preamble for all agent dispatches
- Brain init or brief:
- If no brain exists:
uv run python3 ../../tools/brain.py init
- If brain exists:
uv run python3 ../../tools/brain.py brief <target>
Phase 1: RECON
- Dispatch
recon agent (model: inherit) with policy preamble and scope
- After recon: dispatch
config-auditor agent (model: inherit) for header/TLS/cookie review
- After config: dispatch
js-analyzer agent (model: inherit) for JavaScript analysis
- Brain update:
uv run python3 ../../tools/brain.py record <target> recon "<results summary>"
Phase 2: SCANNING (parallel, max 3)
- Dispatch in parallel (all model: inherit, all with policy preamble):
vuln-scanner agent with nuclei on discovered hosts
waf-profiler agent on primary targets
- Brain update with scan results
Phase 3: RANK
- Dispatch
recon-ranker agent (model: inherit) with recon data + brain knowledge
- Output P1/P2/Kill list
Complete
Battlefield ready.
P1 targets: [list]
P2 targets: [list]
Kill list: [list]
Next steps:
/hunt <target> — manual hunting on a specific target
/autopilot — autonomous hunting across all P1 targets
/surface — re-rank surface with current brain knowledge
Sync brain: uv run python3 ../../tools/global_brain.py sync-from-local
Top-Tier Pipeline Standard
The pipeline prepares a battlefield, not a folder of scan files.
- Scope first: every generated target must be in-scope or tagged
out-of-scope with reason.
- Normalize assets into stable inventories: hosts, endpoints, JS files, APIs, auth flows, cloud buckets, repos, mobile packages, and third-party integrations.
- Rank during collection. Do not wait until the end to identify crown jewels.
- Preserve raw evidence and parsed summaries. A hunter should be able to replay the exact source of every target.
- End with
P1, P2, and Kill lists plus the best first vuln class for each P1. If no P1 exists, say why and recommend monitoring or a different program.