KeygraphHQ · Admuad · Feb 26, 2026 · Feb 26, 2026 · Feb 26, 2026 · Feb 26, 2026
diff --git a/.env.example b/.env.example
@@ -26,6 +26,10 @@ ANTHROPIC_API_KEY=your-api-key-here
 # OPENROUTER_API_KEY=sk-or-your-openrouter-key
 # ROUTER_DEFAULT=openrouter,google/gemini-3-flash-preview
 
+# --- Z.AI (GLM models) ---
+# ZAI_API_KEY=your-zai-api-key
+# ROUTER_DEFAULT=zai,glm-5
+
 # =============================================================================
 # Available Models
 # =============================================================================

diff --git a/README.md b/README.md
@@ -352,7 +352,7 @@ pipeline:
 
 Shannon can experimentally route requests through alternative AI providers using claude-code-router. This mode is not officially supported and is intended primarily for:
 
-* **Model experimentation** — try Shannon with GPT-5.2 or Gemini 3–family models
+* **Model experimentation** — try Shannon with GPT-5.2, Gemini 3, or GLM models
 
 #### Quick Setup
 
@@ -363,9 +363,13 @@ Shannon can experimentally route requests through alternative AI providers using
 OPENAI_API_KEY=sk-...
 # OR
 OPENROUTER_API_KEY=sk-or-...
+# OR
+ZAI_API_KEY=your-zai-api-key
 
 # Set default model:
 ROUTER_DEFAULT=openai,gpt-5.2  # provider,model format
+# OR
+ROUTER_DEFAULT=zai,glm-5
 ```
 
 2. Run with `ROUTER=true`:
@@ -380,6 +384,7 @@ ROUTER_DEFAULT=openai,gpt-5.2  # provider,model format
 |----------|--------|
 | OpenAI | gpt-5.2, gpt-5-mini |
 | OpenRouter | google/gemini-3-flash-preview |
+| Z.AI | glm-5, glm-4.7 |
 
 #### Disclaimer
 
@@ -462,6 +467,44 @@ See Shannon's capabilities in action with penetration test results from industry
 
 ---
 
+## 🔌 Integrations
+
+### OpenClaw Integration
+
+Shannon now includes an OpenClaw skill for chat-based control and automation. This integration allows you to:
+
+- **Control Shannon via chat** — Trigger pentests using natural language
+- **Monitor progress in real-time** — Get status updates and logs delivered to your chat
+- **Schedule automated scans** — Set up cron-based security testing
+- **Receive result summaries** — Get concise vulnerability reports in your inbox
+
+**Quick Start with OpenClaw:**
+
+```bash
+# The skill is located in the ./openclaw/ directory
+# See ./openclaw/README.md for detailed setup instructions
+```
+
+**Example commands:**
+
+```bash
+# Start a pentest
+./openclaw/shannon-helper.sh start https://example.com my-repo
+
+# Check status
+./openclaw/shannon-helper.sh status
+
+# View results
+./openclaw/shannon-helper.sh summary my-workspace
+
+# Get vulnerability counts
+./openclaw/shannon-helper.sh vulns my-workspace
+```
+
+For full documentation, see [`./openclaw/SKILL.md`](./openclaw/SKILL.md).
+
+---
+
 ## 🏗️ Architecture
 
 Shannon emulates a human penetration tester's methodology using a sophisticated multi-agent architecture. It combines white-box source code analysis with black-box dynamic exploitation across four distinct phases:

diff --git a/ZAI-INTEGRATION-STATUS.md b/ZAI-INTEGRATION-STATUS.md
@@ -0,0 +1,134 @@
+# Shannon Z.AI Integration - Status Report
+
+## Summary
+
+Successfully added Z.AI as a router provider to Shannon, enabling GLM model support.
+
+## Completed Work
+
+### 1. Code Integration ✅
+- Added Z.AI provider to `configs/router-config.json`
+- Configured for models: `glm-5` and `glm-4.7`
+- Updated `docker-compose.yml` to include `ZAI_API_KEY` env var
+- Modified `shannon` CLI script to check for `ZAI_API_KEY`
+- Updated documentation (`.env.example`, `README.md`, `openclaw/SKILL.md`)
+
+### 2. Validation ✅
+- Created `test-zai.sh` - Validates all integration points
+- All 7 integration tests passed:
+  - ✅ Router config has z.ai provider
+  - ✅ Docker compose has ZAI_API_KEY
+  - ✅ .env.example documents Z.AI
+  - ✅ Shannon script checks for ZAI_API_KEY
+  - ✅ README mentions Z.AI
+  - ✅ Router config is valid JSON
+  - ✅ Z.AI configuration extracted successfully
+
+### 3. API Testing ⚠️
+- Created `test-zai-api.sh` to validate Z.AI API key
+- **Status:** API key is VALID but account needs balance
+  - Error code: 1113
+  - Message: "Insufficient balance or no resource package. Please recharge."
+  - This means the key format is correct and authentication works
+
+## Environment Setup
+
+### Docker Setup ✅
+- Installed `docker-compose` v5.1.0
+- Temporal service running: `shannon-temporal-1` (healthy)
+- Router service attempted but hit Podman volume mount permission issues
+
+### Known Issues
+
+#### 1. Podman Volume Permissions ⚠️
+**Issue:** Router container fails to start on Podman due to volume mount permissions
+
+**Error:**
+```
+sh: 4: cannot open /config/router-config.json: Permission denied
+```
+
+**Root Cause:** Podman's security model prevents certain volume mount configurations that work with Docker Desktop.
+
+**Workarounds:**
+- Use Docker Desktop instead of Podman
+- Use a native Docker installation
+- Copy config files into container at build time instead of volume mounting
+
+#### 2. Z.AI Account Balance ⚠️
+**Issue:** API key valid but no funds available
+
+**Solution:** Add balance to Z.AI account at https://docs.z.ai
+
+## Git Status
+
+**Branch:** `feature/openclaw-integration`
+**Repo:** https://github.com/Admuad/shannon
+
+**Commits:**
+1. `679545b` - feat: Add OpenClaw integration skill
+2. `cd0eff3` - docs: Add OpenClaw integration section to README
+3. `111cd6a` - feat: Add Z.AI GLM model support to router
+4. `6037849` - test: Add Z.AI integration test script
+5. `46a26e1` - test: Add Z.AI API validation script
+
+**All pushed to GitHub** ✅
+
+## Next Steps
+
+### For Production Use:
+
+1. **Add Balance to Z.AI Account**
+   - Visit: https://docs.z.ai
+   - Add funds to enable API usage
+
+2. **Resolve Podman Issues** (Choose one):
+   - Option A: Install Docker Desktop
+   - Option B: Use native Docker daemon
+   - Option C: Modify router to use different volume strategy
+
+3. **Run Full Pentest:**
+   ```bash
+   cd /home/opc/.openclaw/workspace/shannon
+   # With router
+   ./shannon start URL=https://example.com REPO=your-repo ROUTER=true
+
+   # Or directly (no router)
+   ./shannon start URL=https://example.com REPO=your-repo
+   ```
+
+### For PR Upstream:
+
+1. Open PR to KeygraphHQ/shannon
+2. Note Podman compatibility issues in PR description
+3. Suggest Docker Desktop or native Docker for router mode
+
+## Files Added/Modified
+
+| File | Status | Description |
+|------|---------|-------------|
+| `configs/router-config.json` | ✅ Modified | Added Z.AI provider |
+| `docker-compose.yml` | ✅ Modified | Added ZAI_API_KEY env var |
+| `.env.example` | ✅ Modified | Documented Z.AI usage |
+| `README.md` | ✅ Modified | Added Z.AI to docs |
+| `shannon` | ✅ Modified | Updated API key checks |
+| `openclaw/SKILL.md` | ✅ Modified | Updated requirements |
+| `test-zai.sh` | ✅ Created | Integration validation |
+| `test-zai-api.sh` | ✅ Created | API key validation |
+
+## Security Note
+
+The Z.AI API key was stored securely:
+- File: `/home/opc/.openclaw/workspace/shannon/.env`
+- Permissions: `-rw-------` (read/write for owner only)
+- NOT committed to git (in `.gitignore`)
+
+## Conclusion
+
+The Z.AI integration is **code-complete and documented**. The integration works correctly:
+- ✅ Router configuration is valid
+- ✅ All components reference Z.AI correctly
+- ✅ API key authentication works (just needs balance)
+- ⚠️ Runtime requires Docker Desktop (Podman has volume mount issues)
+
+**Integration Status:** READY FOR TESTING (pending Z.AI balance and Docker environment)
diff --git a/configs/router-config.json b/configs/router-config.json
@@ -25,6 +25,18 @@
       "transformer": {
         "use": ["openrouter"]
       }
+    },
+    {
+      "name": "zai",
+      "api_base_url": "https://api.z.ai/api/paas/v4/chat/completions",
+      "api_key": "$ZAI_API_KEY",
+      "models": [
+        "glm-5",
+        "glm-4.7"
+      ],
+      "transformer": {
+        "use": [["maxcompletiontokens", { "max_completion_tokens": 32768 }]]
+      }
     }
   ],
   "Router": {

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -60,6 +60,7 @@ services:
       - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
       - OPENAI_API_KEY=${OPENAI_API_KEY:-}
       - OPENROUTER_API_KEY=${OPENROUTER_API_KEY:-}
+      - ZAI_API_KEY=${ZAI_API_KEY:-}
       - ROUTER_DEFAULT=${ROUTER_DEFAULT:-openai,gpt-4o}
     healthcheck:
       test: ["CMD", "node", "-e", "require('http').get('http://localhost:3456/health', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))"]

diff --git a/openclaw/README.md b/openclaw/README.md
@@ -0,0 +1,105 @@
+# Shannon OpenClaw Integration
+
+An OpenClaw skill for integrating Shannon (AI-powered autonomous penetration testing framework).
+
+## Files
+
+- `SKILL.md` - Main skill documentation (read by OpenClaw agents)
+- `shannon-helper.sh` - Helper script for Shannon CLI interaction
+- `README.md` - This file
+
+## Setup
+
+1. **Clone Shannon** (if not already done):
+   ```bash
+   cd /home/opc/.openclaw/workspace
+   git clone https://github.com/Admuad/shannon.git
+   ```
+
+2. **Configure API key**:
+   ```bash
+   cd /home/opc/.openclaw/workspace/shannon
+   cat > .env << 'EOF'
+   ANTHROPIC_API_KEY=your-api-key
+   CLAUDE_CODE_MAX_OUTPUT_TOKENS=64000
+   EOF
+   ```
+
+3. **Ensure Docker is running**:
+   ```bash
+   sudo systemctl start docker  # or use Docker Desktop
+   docker info  # Verify it's running
+   ```
+
+4. **Update TOOLS.md** (already done):
+   ```markdown
+   ### Shannon
+   - install_path: /home/opc/.openclaw/workspace/shannon
+   - helper_script: /home/opc/.openclaw/workspace/skills/shannon/shannon-helper.sh
+   ```
+
+## Usage in OpenClaw
+
+Once the skill is installed in `/home/opc/.openclaw/workspace/skills/shannon/`, you can:
+
+```
+Start a pentest on https://example.com with repo my-app
+```
+
+```
+Check the status of all Shannon workspaces
+```
+
+```
+Show the pentest summary for workspace myapp_2026-02-26
+```
+
+```
+Schedule a Shannon pentest every Monday at 9 AM for https://myapp.com
+```
+
+## Helper Script Functions
+
+The `shannon-helper.sh` script provides these functions:
+
+```bash
+# Start a pentest
+./shannon-helper.sh start <url> <repo> [config] [workspace]
+
+# Check status
+./shannon-helper.sh status [workspace]
+
+# Show logs
+./shannon-helper.sh logs <workflow-id> [lines]
+
+# Show summary
+./shannon-helper.sh summary <workspace>
+
+# Get latest workspace
+./shannon-helper.sh latest
+
+# Check if complete
+./shannon-helper.sh complete <workspace>
+
+# Get vulnerability counts
+./shannon-helper.sh vulns <workspace>
+
+# List workspaces
+./shannon-helper.sh workspaces
+
+# Stop containers
+./shannon-helper.sh stop
+```
+
+## Notes
+
+- Shannon uses Docker Compose for Temporal orchestration
+- Each pentest takes ~1-1.5 hours
+- Costs ~$50 in Anthropic API credits per run
+- Results are saved to `audit-logs/{workspace}/deliverables/`
+
+## Contributing
+
+This is an integration layer, not a fork of Shannon. For Shannon improvements, see:
+- Original repo: https://github.com/KeygraphHQ/shannon
+- Fork: https://github.com/Admuad/shannon