Add shared output volume and symlinks for cross-container data

Makefile

@@ -69,6 +69,7 @@ nuke: ## Full cleanup: containers + volumes + ALL images (frees max disk space)
 	docker volume rm blhackbox_neo4j_data 2>/dev/null || true
 	docker volume rm blhackbox_neo4j_logs 2>/dev/null || true
 	docker volume rm blhackbox_wordlists 2>/dev/null || true
+	docker volume rm blhackbox_shared-output 2>/dev/null || true
 	find . -type d -name __pycache__ -exec rm -rf {} + 2>/dev/null || true
 	rm -rf dist/ build/ *.egg-info
 	@echo ""

README.md

@@ -194,9 +194,18 @@ output/
 
 | Container Path | Host Path | Contents |
 |:--|:--|:--|
-| `/root/reports/` | `./output/reports/` | Generated pentest reports (Markdown, PDF) |
-| `/tmp/screenshots/` | `./output/screenshots/` | Screenshot MCP captures and annotations |
-| `/root/results/` | `./output/sessions/` | `AggregatedPayload` session JSONs |
+| `output/reports/` | `./output/reports/` | Generated pentest reports (Markdown, PDF) |
+| `output/screenshots/` | `./output/screenshots/` | Screenshot MCP captures and annotations (read-only in Claude Code) |
+| `output/sessions/` | `./output/sessions/` | `AggregatedPayload` session JSONs |
+
+> **Path convention:** Inside the Claude Code container, use `output/reports/`, `output/sessions/`, etc. (relative to the working directory). These are symlinked to the bind-mounted paths (`/root/reports/`, `/root/results/`, `/tmp/screenshots/`) so files appear on the host automatically. Direct paths like `/root/reports/` also work.
+
+Additionally, a shared Docker volume (`shared-output`) connects Kali MCP and Claude Code:
+
+| Container | Mount Path | Access | Purpose |
+|:--|:--|:--:|:--|
+| Kali MCP | `/root/output/` | read-write | Tool output files (recon data, payloads) |
+| Claude Code | `/root/kali-data/` | read-only | Access Kali's recon artifacts |
 
 The `output/` directory is created automatically by `setup.sh`. For manual installs: `mkdir -p output/reports output/screenshots output/sessions`
 

docker-compose.yml

@@ -34,6 +34,7 @@ volumes:
   neo4j_logs:
   portainer_data:
   wordlists:
+  shared-output:    # Cross-container working data (Kali recon files, etc.)
 
 services:
 
@@ -102,6 +103,8 @@ services:
       KALI_MAX_TIMEOUT: "${KALI_MAX_TIMEOUT:-600}"
       # Metasploit timeout for msfconsole commands
       MSF_TIMEOUT: "${MSF_TIMEOUT:-300}"
+    volumes:
+      - shared-output:/root/output
     ports:
       - "${KALI_MCP_PORT:-9001}:9001"
     healthcheck:
@@ -241,6 +244,8 @@ services:
       - ./output/screenshots:/tmp/screenshots:ro
       - ./output/reports:/root/reports
       - ./output/sessions:/root/results
+      # Shared working data from Kali MCP (recon files, tool artifacts)
+      - shared-output:/root/kali-data:ro
       # Mount skills and project instructions so Claude Code discovers them
       - ./.claude/skills:/root/.claude/skills:ro
       - ./CLAUDE.md:/root/CLAUDE.md:ro

docker/claude-code-entrypoint.sh

@@ -70,6 +70,16 @@ wait_for_service() {
     return 1
 }
 
+# ── Output directory symlinks ──────────────────────────────────────
+# Skill templates reference "output/reports/", "output/sessions/", etc.
+# which resolve to /root/output/reports/ (WORKDIR is /root).
+# Bind mounts are at /root/reports, /root/results, /tmp/screenshots.
+# Create symlinks so both path conventions reach the bind mounts.
+mkdir -p /root/output
+ln -sfn /root/reports       /root/output/reports
+ln -sfn /root/results       /root/output/sessions
+ln -sfn /tmp/screenshots    /root/output/screenshots
+
 # ── Main ────────────────────────────────────────────────────────────
 
 print_banner
@@ -143,9 +153,10 @@ echo -e "    ${CYAN}/bug-bounty${NC}         ${DIM}Bug bounty hunting workflow${
 echo -e "    ${CYAN}/osint-gathering${NC}    ${DIM}Passive OSINT intelligence collection${NC}"
 echo ""
 echo -e "  ${BOLD}Output files${NC} ${DIM}(mounted to host ./output/)${NC}${BOLD}:${NC}"
-echo -e "    ${DIM}/root/reports/       → ./output/reports/      pentest reports${NC}"
-echo -e "    ${DIM}/tmp/screenshots/    → ./output/screenshots/  PoC evidence${NC}"
-echo -e "    ${DIM}/root/results/       → ./output/sessions/     session JSONs${NC}"
+echo -e "    ${DIM}output/reports/      → ./output/reports/      pentest reports${NC}"
+echo -e "    ${DIM}output/screenshots/  → ./output/screenshots/  PoC evidence (read-only)${NC}"
+echo -e "    ${DIM}output/sessions/     → ./output/sessions/     session JSONs${NC}"
+echo -e "    ${DIM}/root/kali-data/     ← shared Kali MCP recon artifacts (read-only)${NC}"
 echo ""
 echo -e "  ${BOLD}Quick start:${NC}"
 echo -e "    ${CYAN}/mcp${NC}                       ${DIM}Check MCP server status${NC}"