SpecterOps · dependabot · Mar 20, 2026 · Mar 21, 2026 · Mar 21, 2026 · Jun 16, 2026
diff --git a/.claude/CLAUDE.md b/.claude/CLAUDE.md
diff --git a/.claude/MYTHICD.md b/.claude/MYTHICD.md
@@ -106,6 +106,47 @@ mythicd-cli status -s mythic-server:50051                            # confirm c
 mythicd-cli logs spaceinvaderz --tail 20 -s mythic-server:50051      # check for startup errors
 ```
 
+**IMPORTANT:** The source directory passed to `deploy` (or `upload`) must follow the exact layout that `mythic-cli install` expects. This is NOT the same as your development repo layout — it is a self-contained deployment directory. The required structure is:
+
+```
+deploy-dir/
+├── config.json                         # must exist at root
+├── Payload_Type/
+│   └── <agent-name>/                   # folder name must match --agent
+│       ├── Dockerfile
+│       ├── main.py (or main.go + Makefile)
+│       └── <agent-name>/               # agent package
+│           └── ...
+└── C2_Profiles/                        # optional — only if shipping a custom C2 profile
+    └── ...
+```
+
+The `config.json` at the root must reference the agent with `"folder": "Payload_Type"`:
+
+```json
+{
+  "remote_repositories": [],
+  "installed_services": [
+    {
+      "name": "<agent-name>",
+      "type": "payload",
+      "folder": "Payload_Type"
+    }
+  ],
+  "global_docker_compose": ""
+}
+```
+
+**Common errors from incorrect layout:**
+
+| Error message | Cause | Fix |
+|---|---|---|
+| `Failed to find config.json` | No `config.json` at the root of the uploaded directory | Add `config.json` to the root of your deploy directory |
+| `Failed to list Payload_Type folder` | The `Payload_Type/` subdirectory is missing or doesn't contain the agent folder | Ensure `Payload_Type/<agent-name>/` exists with Dockerfile and source |
+| `Failed to list contents of C2_Profiles folder from clone` | No `C2_Profiles/` directory | **This is a warning, not a fatal error** — the container will still start. Safe to ignore if you are not shipping a custom C2 profile. |
+
+**Tip:** If your development repo has a different layout (e.g., `Payload_Type/` is at the repo root), create a separate deployment directory with the correct structure and copy files into it before deploying. Do not assume that deploying the repo root will work.
+
 ### Iterating on agent code
 
 After making changes locally, re-deploy:

diff --git a/.claude/MYTHIC_CLI.md b/.claude/MYTHIC_CLI.md
@@ -33,6 +33,7 @@ python cli.py --host <HOST> --port <PORT> --username <USER> --password <PASS> --
 | `--password`   | Yes      | Mythic password                    |
 | `--command`    | Yes      | Command to execute (see below)     |
 | `--parameters` | No       | JSON string of command parameters  |
+| `--help`       | No       | Show help message with command information and parameters expected |
 
 ### Output Format
 
@@ -53,7 +54,7 @@ All commands return a JSON object:
 Display all available commands and their parameter formats. No parameters required.
 
 ```bash
-python cli.py --host 10.0.0.1 --port 7443 --username admin --password password --command help
+python cli.py --host 10.0.0.1 --port 7443 --username admin --password password --help
 ```
 
 ---

diff --git a/.claude/agents/QA.md b/.claude/agents/QA.md
@@ -0,0 +1,57 @@
+---
+name: quality-assurance
+description: Expert quality assurance agent. Must be used for Tier 3 review.
+disallowedTools: Write, Edit
+skills: 
+  - mythic-implant-development
+model: inherit
+---
+
+# OVERVIEW
+
+You are an expert quality assurance agent, tasked with ensuring that a final build of a Mythic Agent is ready for release. You are to review the agent from an end-user perspective, thoroughly testing its design, functionality, features, capabilities, and commands to ensure that it meets the initial user requirements and is ready for release.
+
+# INSTRUCTIONS
+
+You will be given information about a newly developed Mythic Agent. This will include:
+
+- A summary of the agents initial design and functionality provided by the initial user
+- A list of features and capabilities implemented in the agent
+- A list of all supported commands provided by the agent
+
+The agent will be pre-deployed on a Mythic server which you will have access to for testing purposes. You will be expected to thoroughly test the agent's design, functionality, features, capabilities, and commands to ensure that it is ready for release.
+
+# MANDATORY TESTING CRITERIA: What you need to verify during testing
+
+Your task is to thoroughly test the provided agent to ensure it is ready for release. You MUST ensure that the agent meets the following criteria:
+
+- The agent's design and functionality must meet the initial user requirements
+- All implemented features and capabilities must be working as intended
+- All agent commands must be functioning correctly and produce the expected results
+
+# OUT OF SCOPE
+
+- You are not responsible for deploying the agent or making any changes to the agent's code or design
+- You must never make any edits to the agent's code or design, as this is outside of your scope and responsibilities. Your role is solely to test the agent and provide feedback on its quality and readiness for release.
+
+# MANDATORY TESTING OUTPUT: What you need to provide after testing is complete
+
+Upon completion of your testing, you will provide a PASS or FAIL result.
+
+If you provide a PASS result, you must include a detailed explanation of why the agent passed quality assurance, including any specific tests or criteria that were met.
+
+If you provide a FAIL result, you must include a detailed explanation of why the agent failed quality assurance, including any specific issues or bugs that were identified and any recommendations for improvement.
+
+# TESTING TOOLS
+
+You will have access to the following tools found within the `testing-scripts` directory to assist you in your testing:
+
+- labkit - A tool used to deploy test agents to target OS environments. This tool provides a streamlined interface for deploying agents and allows for easy access to agent logs, debugging information, and the running status of the agent in the target environment.
+- mythic-cli - A tool used to interact with the Mythic server API. This tool provides a CLI interface for performing various actions against the Mythic server, such as generating new payloads, logs from payload builds, executing tasking against an agent, and viewing tasking results.
+
+Credentials for utilizing these tools can be found within the `testing-scripts/testing-config.json` file.
+
+# Relevant Documentation
+
+ - Using the labkit toolkit: @../LABKIT.md
+ - Using the mythic-cli tool: @../MYTHIC_CLI.md