pwn 0.5.621 → 0.5.622

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '0708b22c22f49ec48a8263fe296b3dea6055d87259fe6bd6f63b484049432d6a'
4
- data.tar.gz: 7b0dd573b0e169afd93e8ae228a40d02b4331fcf989a78df884cfdd5649fac8a
3
+ metadata.gz: f4aeb484ae013e0feb9648009d60cfc493bbd4ec98ba42193745af669ed70bcc
4
+ data.tar.gz: 2dcffdf992ee24a9c8a10ae7b83c743ad5b6b1aed83e70063da56e8cf6e9ea85
5
5
  SHA512:
6
- metadata.gz: 840dd2114e03a96ecc79fad15d9204f18d1ce5f444561fe230d0da5ca3e6a35f4d93a41c6c69cf3d87b37edf46e5bbd64ca0cbe4440b1a3ef9a268b5f918b39b
7
- data.tar.gz: 0a18d690d4bc222a319500c7301c20f8a9629111e11498489ddf7516b6c2afe5ab6d6daf20354bea580688ad58bd7b85708f699cfe9c399dc8f1d23f65391bb1
6
+ metadata.gz: 2468ec9291d44be94de1f3877441380e60cde34e24953f6ac677bd39f0679c82ab6f82f6554b7fcacf1348b0c751c63bf8d8a23a369ac665023b5a9e74cc3a01
7
+ data.tar.gz: 722765fd660ca9da266a170da45f65eb061886b7629557143436a0765412dc89d3de3e56ac8f5bd8e9b32e5f25831d3644ac3568d851f6ac5f7629531b9e7768
data/Gemfile CHANGED
@@ -50,7 +50,7 @@ gem 'libusb', '0.7.2'
50
50
  gem 'luhn', '3.0.0'
51
51
  gem 'mail', '2.9.1'
52
52
  gem 'mcp', '0.23.0'
53
- gem 'meshtastic', '0.0.169'
53
+ gem 'meshtastic', '0.0.171'
54
54
  gem 'metasm', '1.0.6'
55
55
  gem 'mongo', '2.24.1'
56
56
  gem 'msfrpc-client', '1.1.2'
@@ -15,7 +15,7 @@ toolsets; the JSON-Schema for each tool is what the model actually sees.
15
15
  | `memory` | `memory_remember` · `memory_recall` · `memory_forget` · `memory_clear` | `PWN::Memory` → `~/.pwn/memory.json` |
16
16
  | `skills` | `skill_list` · `skill_view` · `skill_create` · `skill_add_reference` · `skill_delete` | `~/.pwn/skills/*.md` |
17
17
  | `sessions` | `sessions_list` · `sessions_view` · `sessions_current` · `sessions_delete` · `sessions_stats` | `PWN::Sessions` → `~/.pwn/sessions/` |
18
- | `learning` | `learning_note_outcome` · `learning_reflect` · `learning_distill_skill` · `learning_stats` · `learning_outcomes` · `learning_consolidate` · `learning_reset` · `learning_auto_reflect_toggle` · **`mistakes_list`** · **`mistakes_record`** · **`mistakes_resolve`** · **`mistakes_reset`** | `PWN::AI::Agent::Learning` + `PWN::AI::Agent::Mistakes` → `~/.pwn/learning.jsonl` + `~/.pwn/mistakes.json` |
18
+ | `learning` | `learning_note_outcome` · `learning_reflect` · `learning_distill_skill` · `learning_stats` · `learning_outcomes` · `learning_consolidate` · `learning_reset` · `learning_auto_introspect_toggle` · **`mistakes_list`** · **`mistakes_record`** · **`mistakes_resolve`** · **`mistakes_reset`** | `PWN::AI::Agent::Learning` + `PWN::AI::Agent::Mistakes` → `~/.pwn/learning.jsonl` + `~/.pwn/mistakes.json` |
19
19
  | `metrics` | `metrics_summary` · `metrics_reset` | `PWN::AI::Agent::Metrics` → `~/.pwn/metrics.json` |
20
20
  | `extrospection` | `extro_snapshot` · `extro_drift` · `extro_observe` · `extro_observations` · `extro_intel` · **`extro_watch`** · **`extro_verify`** · `extro_correlate` · `extro_stats` · `extro_reset` · `extro_auto_toggle` | `PWN::AI::Agent::Extrospection` (+ `PWN::Plugins::TransparentBrowser`) → `~/.pwn/extrospection.json` |
21
21
  | `cron` | `cron_list` · `cron_create` · `cron_run` · `cron_enable` · `cron_disable` · `cron_remove` | `PWN::Cron` → `~/.pwn/cron/jobs.yml` |
@@ -1,66 +1,311 @@
1
- # Configuration — `~/.pwn/config.yml`
1
+ # Configuration — `~/.pwn/pwn.yaml`
2
2
 
3
- Everything configurable lives in one YAML file, loaded by `PWN::Config` at
4
- startup and available in-process as `PWN::Env`.
3
+ Everything configurable in PWN lives in **one encrypted YAML file**, loaded by
4
+ `PWN::Config.refresh_env` at driver startup and exposed in-process as the
5
+ frozen constant **`PWN::Env`** (a redacted copy is available as
6
+ `PWN::EnvRedacted`).
5
7
 
6
- ## Minimal example
8
+ The file is **AES-encrypted at rest** by `PWN::Plugins::Vault`. Its key/IV
9
+ live in a sibling **`~/.pwn/pwn.yaml.decryptor`** file (or in
10
+ `PWN_DECRYPTOR_KEY` / `PWN_DECRYPTOR_IV` env vars). Never edit `pwn.yaml`
11
+ by hand — use the **`pwn-vault`** REPL command, which decrypts → opens
12
+ `$EDITOR` → re-encrypts → reloads `PWN::Env`.
13
+
14
+ If `~/.pwn/pwn.yaml` does not exist on first run, `PWN::Config.default_env`
15
+ writes a fully-commented template with every key below (values set to
16
+ `'optional - …'` / `'required - …'` placeholder strings), encrypts it, and
17
+ generates the decryptor.
18
+
19
+ ---
20
+
21
+ ## Full annotated example
7
22
 
8
23
  ```yaml
9
- # ~/.pwn/config.yml
24
+ # ~/.pwn/pwn.yaml (shown DECRYPTED — file is AES-encrypted on disk)
25
+
10
26
  ai:
11
- engine: anthropic # openai | anthropic | grok | gemini | ollama
12
- anthropic:
13
- key: sk-ant-…
14
- openai:
15
- key: sk-…
27
+ active: grok # Which engine backs `pwn-ai`. One of: openai | anthropic | grok | gemini | ollama.
28
+ module_reflection: false # Master gate for LLM self-analysis (SAST triage, Burp enrichment, Learning.llm_reflect).
29
+
16
30
  grok:
17
- oauth: true # RFC-8628 device flow, no client_secret
31
+ base_uri: https://api.x.ai/v1 # xAI API base URL. Override for a self-hosted proxy / private endpoint.
32
+ key: xai-… # xAI API key. If blank AND no oauth.* below, PWN prompts interactively at load.
33
+ model: grok-4.5 # Model id sent on every chat / tool-loop request.
34
+ system_role_content: 'You are an ethically hacking xAI Grok agent.' # Base system prompt (MEMORY/SKILLS/LEARNING/EXTROSPECTION blocks are appended to this).
35
+ temp: 1.0 # Sampling temperature passed to the chat endpoint.
36
+ max_prompt_length: 256000 # Soft input-context ceiling (chars) used for prompt truncation / chunking.
37
+ oauth: # RFC-8628 device-flow (SuperGrok subscription) — public client, no client_secret.
38
+ refresh_token: ~ # Durable OAuth refresh token; enables silent re-auth without an API key.
39
+ bearer_token: ~ # Short-lived OAuth access JWT; auto-refreshed each run when refresh_token is set.
40
+ client_id: b1a00492-073a-47ea-816f-4c329264a828 # xAI's PUBLIC OAuth client id for the "Grok CLI" application (not sensitive).
41
+ client_secret: ~ # Only for confidential-client OAuth flows; unused by the public Grok-CLI client.
42
+ scope: 'openid profile email offline_access grok-cli:access api:access' # OAuth scope string requested during device-flow enrollment.
43
+ token_uri: https://auth.x.ai/oauth2/token # OAuth token endpoint (override for enterprise IdP).
44
+ enroll: false # true → force RFC-8628 device-flow enrollment on load even when `key:` is set.
45
+
46
+ openai:
47
+ base_uri: https://api.openai.com/v1 # OpenAI API base URL. Override for Azure OpenAI / VPC gateway / local proxy.
48
+ key: sk-… # OpenAI API key (`sk-…`). Prompted interactively if blank.
49
+ model: gpt-4o # Model id sent on every chat / tool-loop request.
50
+ system_role_content: 'You are an ethically hacking OpenAI agent.' # Base system prompt for this engine.
51
+ temp: 1.0 # Sampling temperature.
52
+ max_prompt_length: 128000 # Soft input-context ceiling (chars) for truncation / chunking.
53
+ max_tokens: 16384 # Max OUTPUT tokens per response. Mapped to OpenAI wire param `max_completion_tokens`.
54
+
55
+ anthropic:
56
+ base_uri: https://api.anthropic.com/v1 # Anthropic API base URL. Override for Bedrock / private gateway.
57
+ key: sk-ant-… # Anthropic API key (`sk-ant-…`). Prompted interactively if blank.
58
+ model: claude-3-5-sonnet-20240620 # Model id sent on every chat / tool-loop request.
59
+ system_role_content: 'You are an ethically hacking Anthropic agent.' # Base system prompt for this engine.
60
+ temp: 1.0 # Sampling temperature.
61
+ max_tokens: 8192 # Max OUTPUT tokens per response. Raise if tool-call JSON truncates.
62
+ max_prompt_length: 200000 # Soft input-context ceiling (chars) for truncation / chunking.
63
+
64
+ gemini:
65
+ base_uri: https://generativelanguage.googleapis.com/v1beta # Google Generative Language API base URL.
66
+ key: AIza… # Google AI Studio API key (`AIza…`). Prompted interactively if blank.
67
+ model: gemini-2.5-pro # Model id sent on every chat / tool-loop request.
68
+ system_role_content: 'You are an ethically hacking Gemini agent.' # Base system prompt for this engine.
69
+ temp: 1.0 # Sampling temperature.
70
+ max_prompt_length: 1000000 # Soft input-context ceiling (chars) — Gemini supports very large contexts.
71
+
18
72
  ollama:
19
- base_url: http://localhost:11434
20
- model: llama3.1:70b
73
+ base_uri: https://ollama.local # REQUIRED for ollama — Open WebUI / ollama-serve base URL (no vendor default).
74
+ key: eyJ… # Open WebUI JWT (Settings → Account → API Key). Prompted if blank.
75
+ model: llama3.1:70b # Local model tag as `ollama list` shows it.
76
+ system_role_content: 'You are an ethically hacking Ollama agent.' # Base system prompt for this engine.
77
+ temp: 1.0 # Sampling temperature.
78
+ max_prompt_length: 32000 # Soft input-context ceiling (chars) — tune per local model's real context window.
79
+
21
80
  agent:
22
- max_iters: 40 # tool-loop cap per turn
23
- max_depth: 3 # swarm recursion cap
24
- auto_reflect: true # Learning.auto_reflect after every final answer
25
- auto_extrospect: true # Extrospection.auto_extrospect likewise
26
-
27
- burp:
28
- jar: /opt/burpsuite_pro/burpsuite_pro.jar
29
- api_key:
30
-
31
- metasploit:
32
- host: 127.0.0.1
33
- port: 55553
34
- user: msf
35
- pass:
81
+ native_tools: true # Use provider-native tool_calls / function-calling. false → legacy text-parsed tool protocol.
82
+ max_iters: 25 # Hard cap on tool-call rounds per user turn before a forced final answer.
83
+ max_depth: 3 # Recursion guard: how many levels deep agent_ask/agent_debate sub-agents may spawn sub-agents.
84
+ auto_introspect: true # Run Learning.auto_introspect (outcome logging + lesson mining) after every final answer.
85
+ auto_extrospect: false # Also run Extrospection.auto_extrospect (host/toolchain/net/repo drift capture) after every final answer.
86
+ toolsets: ~ # Allow-list of toolsets exposed to the agent. nil = all. Valid: cron, extrospection, learning, memory, metrics, pwn, sessions, skills, swarm, terminal.
87
+ extrospection:
88
+ web:
89
+ anchors: # URLs the headless browser fingerprints on extro_snapshot(sections:[:web]). Alias: web_anchors.
90
+ - https://nvd.nist.gov
91
+ - https://www.exploit-db.com
92
+ proxy: ~ # Upstream proxy for TransparentBrowser during probe_web/verify/watch (e.g. 'tor', http://127.0.0.1:8080).
93
+ max_anchors: 8 # Cap on how many anchors are rendered per snapshot (protects run time).
94
+ per_page_timeout: 15 # Seconds before a single page render is abandoned and recorded as unreachable.
95
+ screenshot: false # Persist a PNG per anchor to ~/.pwn/extrospection/web/ (disk-heavy; off by default).
96
+ allow_targets: false # true → also merge top-level `targets:` into anchors (opt-in — off so in-scope hosts aren't touched unprompted).
97
+
98
+ plugins:
99
+ asm:
100
+ arch: x86_64 # Target architecture for `pwn-asm` inline assembler/disassembler. Default: PWN::Plugins::DetectOS.arch.
101
+ endian: little # Endianness for `pwn-asm` (little | big). Default: PWN::Plugins::DetectOS.endian.
102
+ blockchain:
103
+ bitcoin:
104
+ rpc_host: localhost # bitcoind JSON-RPC host for PWN::Blockchain::BTC.
105
+ rpc_port: 8332 # bitcoind JSON-RPC port.
106
+ rpc_user: … # bitcoind RPC username (rpcauth / rpcuser in bitcoin.conf).
107
+ rpc_pass: … # bitcoind RPC password. Redacted in PWN::EnvRedacted.
108
+ hunter:
109
+ api_key: … # hunter.how API key — passed as api_key: to PWN::Plugins::Hunter.search.
110
+ jira_data_center:
111
+ base_uri: https://jira.company.com/rest/api/latest # Jira Data Center REST base URL.
112
+ token: … # Jira Personal Access Token for PWN::Plugins::JiraDataCenter. Redacted.
113
+ meshtastic:
114
+ admin_key: … # Public key authorised to send admin messages to mesh nodes via `pwn-mesh`.
115
+ serial:
116
+ port: /dev/ttyUSB0 # Serial device path for a locally-attached Meshtastic node.
117
+ baud: 115200 # Serial baud rate.
118
+ bits: 8 # Serial data bits.
119
+ stop: 1 # Serial stop bits.
120
+ parity: none # Serial parity (none | even | odd).
121
+ mqtt:
122
+ host: mqtt.meshtastic.org # MQTT broker hostname for Meshtastic-over-MQTT.
123
+ port: 1883 # MQTT broker port (8883 for TLS).
124
+ tls: false # Use TLS to the MQTT broker.
125
+ user: meshdev # MQTT username (public Meshtastic broker default shown).
126
+ pass: large4cats # MQTT password (public Meshtastic broker default shown). Redacted.
127
+ channel:
128
+ active: LongFast # Which named channel block below `pwn-mesh` uses for TX/RX.
129
+ LongFast: # Channel definition — name is arbitrary, referenced by `active:` above.
130
+ psk: 'AQ==' # Channel pre-shared key (base64). 'AQ==' = Meshtastic default public key. Redacted.
131
+ region: US/UT # LoRa region tag (regulatory band).
132
+ topic: 2/e/# # MQTT topic filter to subscribe/publish for this channel.
133
+ channel_num: 8 # Meshtastic channel index (slot number on the device).
134
+ from: '!deadbeef' # Sender node id used on outbound packets. Optional — defaults to !<mqtt client_id>.
135
+ PWN: # Example second (private) channel definition.
136
+ psk: … # Private channel pre-shared key (base64). Redacted.
137
+ region: US/UT # LoRa region tag for this channel.
138
+ topic: 2/e/PWN/# # MQTT topic filter for this channel.
139
+ channel_num: 99 # Meshtastic channel index for this channel.
140
+ shodan:
141
+ api_key: … # Shodan API key — passed as api_key: to PWN::Plugins::Shodan.*. Redacted.
142
+
143
+ memory:
144
+ enabled: true # Reserve — persistent-memory subsystem on/off (currently always active; future gate).
145
+ provider: file # Storage backend for PWN::Memory: file (~/.pwn/memory.json). `sqlite` reserved.
146
+
147
+ sessions:
148
+ enabled: true # Reserve — transcript recording on/off (currently always active; future gate).
149
+ provider: jsonl # Transcript format under ~/.pwn/sessions/ (one .jsonl per session).
150
+
151
+ cron:
152
+ enabled: true # Reserve — scheduled-job subsystem on/off (currently always active; future gate).
153
+ provider: yaml # Job store format for PWN::Cron (~/.pwn/cron/jobs.yml).
154
+
155
+ targets: # Optional — engagement-scope URLs/hosts. Merged into :web snapshot anchors
156
+ - https://target.example.com # ONLY when ai.agent.extrospection.web.allow_targets: true.
36
157
  ```
37
158
 
159
+ ---
160
+
38
161
  ## Reading / writing at runtime
39
162
 
40
163
  ```ruby
41
- PWN::Env[:ai][:engine] # => :anthropic
42
- PWN::Env[:ai][:agent][:auto_reflect] # => true
43
- PWN::Config.reload!
164
+ PWN::Env[:ai][:active] # => :grok
165
+ PWN::Env.dig(:ai, :agent, :max_iters) # => 25
166
+ PWN::EnvRedacted[:ai][:grok][:key] # => ">>> REDACTED >>> …"
167
+
168
+ # Edit + re-encrypt + reload without leaving the REPL:
169
+ pwn-vault
170
+
171
+ # Force a reload from disk (e.g. after pwn-vault in another shell):
172
+ PWN::Config.refresh_env
44
173
  ```
45
174
 
46
- ## Sections PWN looks for
175
+ ---
176
+
177
+ ## Exhaustive key reference
178
+
179
+ ### `ai` — AI engines & agent loop
180
+
181
+ | Key path | Type | Default | Consumed by | Purpose |
182
+ |---|---|---|---|---|
183
+ | `ai.active` | String | `grok` | `PWN::Config.refresh_env`, `PWN::AI::Agent::Loop`, `PWN::Plugins::REPL`, `PWN::Cron` | Which AI engine backs `pwn-ai`. One of `openai` · `anthropic` · `grok` · `gemini` · `ollama`. |
184
+ | `ai.module_reflection` | Boolean | `false` | `PWN::AI::Agent::Reflect`, `PWN::SAST::*`, `PWN::Plugins::BurpSuite` | Master gate for LLM-driven self-analysis (SAST triage, Burp finding enrichment, `Learning.llm_reflect`). |
185
+ | `ai.<engine>.base_uri` | String | provider default | `PWN::AI::<Engine>.rest_call` | Override the API base URL (self-hosted proxy, private endpoint, Azure/VPC gateway). **Required** for `ollama`. |
186
+ | `ai.<engine>.key` | String | — | `PWN::AI::<Engine>` | API key / bearer token. If blank AND no OAuth is configured, PWN prompts interactively at load. |
187
+ | `ai.<engine>.model` | String | provider default | `PWN::AI::<Engine>.chat` / `.chat_tool_loop` | Model id sent on every request (e.g. `grok-4.5`, `gpt-4o`, `claude-3-5-sonnet-20240620`, `gemini-2.5-pro`, `llama3.1:70b`). |
188
+ | `ai.<engine>.system_role_content` | String | ethical-hacker persona | `PWN::AI::Agent::PromptBuilder`, `PWN::Plugins::REPL` | Base system prompt prepended to MEMORY / SKILLS / LEARNING / EXTROSPECTION blocks. |
189
+ | `ai.<engine>.temp` | Float | `1.0` | `PWN::AI::<Engine>.chat` | Sampling temperature. |
190
+ | `ai.<engine>.max_prompt_length` | Integer | per-engine | `PWN::AI::<Engine>`, `PWN::Plugins::REPL` | Soft input-context ceiling used for prompt truncation / chunking. |
191
+ | `ai.anthropic.max_tokens` | Integer | `8192` | `PWN::AI::Anthropic.chat_tool_loop` | Max **output** tokens per response. Raise if tool-call JSON truncates. |
192
+ | `ai.openai.max_tokens` | Integer | `16384` | `PWN::AI::OpenAI.chat` | Max **output** tokens per response. Mapped to OpenAI's wire param `max_completion_tokens` (legacy env key `max_completion_tokens` still accepted). |
193
+ | `ai.grok.oauth.refresh_token` | String | — | `PWN::AI::Grok.resolve_auth` | Durable OAuth refresh token (from `PWN::AI::Grok.obtain_oauth_bearer_token` device flow). Enables silent re-auth without an API key. |
194
+ | `ai.grok.oauth.bearer_token` | String | — | `PWN::AI::Grok.resolve_auth` | Short-lived OAuth access JWT. Auto-refreshed each run when `refresh_token` is present; live-cached back into this hash. |
195
+ | `ai.grok.oauth.client_id` | String | Grok-CLI public id | `PWN::AI::Grok` | Override the public OAuth client id used for device-flow / refresh. |
196
+ | `ai.grok.oauth.client_secret` | String | — | `PWN::Config.refresh_env`, `PWN::AI::Grok` | Only for confidential-client OAuth flows. Unused by the default public Grok-CLI client. |
197
+ | `ai.grok.oauth.scope` | String | see example | `PWN::AI::Grok` | OAuth scope string requested during device-flow enrollment. |
198
+ | `ai.grok.oauth.token_uri` | String | `https://auth.x.ai/oauth2/token` | `PWN::AI::Grok` | OAuth token endpoint (override for enterprise IdP). |
199
+ | `ai.grok.oauth.enroll` | Boolean | `false` | `PWN::AI::Grok` | `true` → always run RFC-8628 device-flow enrollment on load, even when `ai.grok.key` is set. |
200
+
201
+ ### `ai.agent` — pwn-ai autonomous loop
202
+
203
+ | Key path | Type | Default | Consumed by | Purpose |
204
+ |---|---|---|---|---|
205
+ | `ai.agent.native_tools` | Boolean | `true` | `PWN::Plugins::REPL` (`pwn-ai` cmd) | Use provider-native `tool_calls` / function-calling. `false` falls back to the legacy text-parsed tool protocol. |
206
+ | `ai.agent.max_iters` | Integer | `25` | `PWN::AI::Agent::Loop.run`, `PWN::AI::Agent::Swarm` | Hard cap on tool-call rounds per user turn before a forced final answer. |
207
+ | `ai.agent.max_depth` | Integer | `3` | `PWN::AI::Agent::Swarm` | Recursion guard for `agent_ask` / `agent_debate` sub-agents spawning sub-agents. |
208
+ | `ai.agent.auto_introspect` | Boolean | `true` | `PWN::AI::Agent::Learning.auto_introspect` | Run outcome logging + lesson mining after every final answer. Toggle live via `learning_auto_introspect_toggle`. |
209
+ | `ai.agent.auto_extrospect` | Boolean | `false` | `PWN::AI::Agent::Extrospection.auto_extrospect` | Also capture host/toolchain/net/repo drift after every final answer. Toggle live via `extro_auto_toggle`. |
210
+ | `ai.agent.toolsets` | Array\<String\> \| `nil` | `nil` (all) | `bin/pwn`, `PWN::Plugins::REPL`, `PWN::AI::Agent::Registry` | Allow-list of toolsets exposed to the agent. Valid: `cron`, `extrospection`, `learning`, `memory`, `metrics`, `pwn`, `sessions`, `skills`, `swarm`, `terminal`. |
211
+ | `ai.agent.extrospection.web.anchors` | Array\<String\> | `DEFAULT_WEB_ANCHORS` | `PWN::AI::Agent::Extrospection.probe_web` | URLs the headless browser fingerprints on `extro_snapshot(sections:[:web])`. Alias: `web_anchors`. |
212
+ | `ai.agent.extrospection.web.proxy` | String | — | `Extrospection.probe_web` / `.verify` / `.watch` | Upstream proxy for `PWN::Plugins::TransparentBrowser` (e.g. `tor`, `http://127.0.0.1:8080`). |
213
+ | `ai.agent.extrospection.web.max_anchors` | Integer | `8` | `Extrospection.probe_web` | Cap on anchors rendered per snapshot. |
214
+ | `ai.agent.extrospection.web.per_page_timeout` | Integer | `15` | `Extrospection` (headless browser) | Seconds before a page render is abandoned. |
215
+ | `ai.agent.extrospection.web.screenshot` | Boolean | `false` | `Extrospection.probe_web` / `.watch` | Persist a PNG per anchor to `~/.pwn/extrospection/web/`. |
216
+ | `ai.agent.extrospection.web.allow_targets` | Boolean | `false` | `Extrospection.web_anchors` | Merge top-level `targets:` into the anchor list (opt-in — off by default to avoid touching in-scope hosts unprompted). |
217
+
218
+ ### `plugins` — module credentials & wiring
219
+
220
+ | Key path | Type | Default | Consumed by | Purpose |
221
+ |---|---|---|---|---|
222
+ | `plugins.asm.arch` | String | `DetectOS.arch` | `PWN::Plugins::REPL` (`pwn-asm`) | Target architecture for the inline assembler / disassembler prompt (`x86_64`, `arm64`, …). |
223
+ | `plugins.asm.endian` | String | `DetectOS.endian` | `PWN::Plugins::REPL` (`pwn-asm`) | Endianness for the inline assembler (`little` / `big`). |
224
+ | `plugins.blockchain.bitcoin.rpc_host` | String | `localhost` | `PWN::Blockchain::BTC` | bitcoind JSON-RPC host. |
225
+ | `plugins.blockchain.bitcoin.rpc_port` | Integer | `8332` | `PWN::Blockchain::BTC` | bitcoind JSON-RPC port. |
226
+ | `plugins.blockchain.bitcoin.rpc_user` | String | — | `PWN::Blockchain::BTC` | bitcoind RPC username. |
227
+ | `plugins.blockchain.bitcoin.rpc_pass` | String | — | `PWN::Blockchain::BTC` | bitcoind RPC password. |
228
+ | `plugins.hunter.api_key` | String | — | `PWN::Plugins::Hunter` | hunter.how API key (passed as `api_key:` to `Hunter.search`). |
229
+ | `plugins.jira_data_center.base_uri` | String | — | `PWN::Plugins::JiraDataCenter` | Jira DC REST base (e.g. `https://jira.company.com/rest/api/latest`). |
230
+ | `plugins.jira_data_center.token` | String | — | `PWN::Plugins::JiraDataCenter` | Jira Personal Access Token. |
231
+ | `plugins.meshtastic.admin_key` | String | — | `PWN::Plugins::REPL` (`pwn-mesh`) | Public key authorised to send admin messages to mesh nodes. |
232
+ | `plugins.meshtastic.serial.port` | String | `/dev/ttyUSB0` | `pwn-mesh` (serial) | Serial device path for a locally-attached Meshtastic node. |
233
+ | `plugins.meshtastic.serial.baud` | Integer | `115200` | `pwn-mesh` (serial) | Serial baud rate. |
234
+ | `plugins.meshtastic.serial.bits` | Integer | `8` | `pwn-mesh` (serial) | Serial data bits. |
235
+ | `plugins.meshtastic.serial.stop` | Integer | `1` | `pwn-mesh` (serial) | Serial stop bits. |
236
+ | `plugins.meshtastic.serial.parity` | Symbol | `:none` | `pwn-mesh` (serial) | Serial parity. |
237
+ | `plugins.meshtastic.mqtt.host` | String | `mqtt.meshtastic.org` | `pwn-mesh` → `Meshtastic::MQTT.connect` | MQTT broker hostname. |
238
+ | `plugins.meshtastic.mqtt.port` | Integer | `1883` | `pwn-mesh` | MQTT broker port. |
239
+ | `plugins.meshtastic.mqtt.tls` | Boolean | `false` | `pwn-mesh` | Use TLS to the MQTT broker. |
240
+ | `plugins.meshtastic.mqtt.user` | String | `meshdev` | `pwn-mesh` | MQTT username. |
241
+ | `plugins.meshtastic.mqtt.pass` | String | `large4cats` | `pwn-mesh` | MQTT password. |
242
+ | `plugins.meshtastic.channel.active` | String | `LongFast` | `pwn-mesh` | Which named channel block below is used for TX/RX. |
243
+ | `plugins.meshtastic.channel.<NAME>.psk` | String (b64) | `AQ==` | `pwn-mesh` | Channel pre-shared key. |
244
+ | `plugins.meshtastic.channel.<NAME>.region` | String | — | `pwn-mesh` | LoRa region tag (e.g. `US/UT`). |
245
+ | `plugins.meshtastic.channel.<NAME>.topic` | String | — | `pwn-mesh` | MQTT topic filter to subscribe/publish (e.g. `2/e/#`). |
246
+ | `plugins.meshtastic.channel.<NAME>.channel_num` | Integer | — | `pwn-mesh` | Meshtastic channel index. |
247
+ | `plugins.meshtastic.channel.<NAME>.from` | String | `!<mqtt client_id>` | `pwn-mesh` | Sender node id used on outbound packets. |
248
+ | `plugins.shodan.api_key` | String | — | `PWN::Plugins::Shodan` | Shodan API key (passed as `api_key:` to `Shodan.*`). |
249
+
250
+ ### `memory` / `sessions` / `cron`
251
+
252
+ | Key path | Type | Default | Consumed by | Purpose |
253
+ |---|---|---|---|---|
254
+ | `memory.enabled` | Boolean | `true` | `PWN::Memory` | Reserve — persistent memory on/off (currently always active; future gate). |
255
+ | `memory.provider` | String | `file` | `PWN::Memory` | Storage backend: `file` (`~/.pwn/memory.json`). `sqlite` reserved. |
256
+ | `sessions.enabled` | Boolean | `true` | `PWN::Sessions` | Reserve — transcript recording on/off (currently always active; future gate). |
257
+ | `sessions.provider` | String | `jsonl` | `PWN::Sessions` | Transcript format under `~/.pwn/sessions/`. |
258
+ | `cron.enabled` | Boolean | `true` | `PWN::Cron` | Reserve — scheduled-job subsystem on/off (currently always active; future gate). |
259
+ | `cron.provider` | String | `yaml` | `PWN::Cron` | Job store format (`~/.pwn/cron/jobs.yml`). |
260
+
261
+ ### Top-level / miscellaneous
262
+
263
+ | Key path | Type | Default | Consumed by | Purpose |
264
+ |---|---|---|---|---|
265
+ | `targets` | Array\<String\> | — | `PWN::AI::Agent::Extrospection.web_anchors` | Engagement-scope URLs/hosts. Merged into `:web` snapshot anchors when `ai.agent.extrospection.web.allow_targets: true`. |
266
+
267
+ ---
268
+
269
+ ## Runtime-only keys on `PWN::Env` (NOT stored in `pwn.yaml`)
270
+
271
+ These are injected by `PWN::Config.refresh_env` / `PWN::AI::Agent::Loop` after
272
+ the YAML is decrypted. They will appear on `PWN::Env` in-process but are
273
+ **overwritten on every load**, so putting them in `pwn.yaml` has no effect.
274
+
275
+ | Key path | Set by | Purpose |
276
+ |---|---|---|
277
+ | `driver_opts.pwn_env_path` | `PWN::Config.refresh_env` / `PWN::Driver::Parser` | Resolved path to the active `pwn.yaml` (from `--pwn_env` or default). |
278
+ | `driver_opts.pwn_dec_path` | `PWN::Config.refresh_env` / `PWN::Driver::Parser` | Resolved path to the decryptor YAML (from `--pwn_dec` or default). |
279
+ | `pwn_skills_path` | `PWN::Config.refresh_env` | Absolute path to `~/.pwn/skills/`. |
280
+ | `pwn_memory_path` | `PWN::Config.refresh_env` | Absolute path to `~/.pwn/memory.json`. |
281
+ | `pwn_sessions_path` | `PWN::Config.refresh_env` | Absolute path to `~/.pwn/sessions/`. |
282
+ | `pwn_cron_path` | `PWN::Config.refresh_env` | Absolute path to `~/.pwn/cron/`. |
283
+ | `ai.<engine>.response_history` | `PWN::Config.refresh_env` | Rolling chat history for the active engine (reset on every reload). |
284
+ | `ai.session_id` | `PWN::AI::Agent::Loop.run` | Active `PWN::Sessions` id for the current turn (read by `sessions_current`, `mistakes_record`). |
285
+
286
+ ---
287
+
288
+ ## Redaction
289
+
290
+ `PWN::Config.redact_sensitive_artifacts` (and therefore `PWN::EnvRedacted`)
291
+ masks any key named: `admin_key`, `api_key`, `auth_client_secret`,
292
+ `bearer_token`, `client_secret`, `consumer_key`, `key`, `pass`, `password`,
293
+ `psk`, `refresh_token`, `secret_key`, `token`. Use those key names for any
294
+ custom secrets you add so they never leak into logs, transcripts, or the
295
+ agent system prompt.
296
+
297
+ ---
47
298
 
48
- | Key path | Consumed by |
49
- |---|---|
50
- | `ai.engine` | `PWN::AI::Agent::Loop` — which client to instantiate |
51
- | `ai.<engine>.key` / `.oauth` | `PWN::AI::OpenAI` / `Anthropic` / `Grok` / `Gemini` / `Ollama` |
52
- | `ai.agent.max_iters` | hard stop on tool-call rounds |
53
- | `ai.agent.max_depth` | `Swarm` recursion guard |
54
- | `ai.agent.auto_reflect` | toggle `Learning.auto_reflect` |
55
- | `ai.agent.auto_extrospect` | toggle `Extrospection.auto_extrospect` |
56
- | `burp.*` | `PWN::Plugins::BurpSuite` |
57
- | `metasploit.*` | `PWN::Plugins::Metasploit` |
58
- | `zap.*` | `PWN::Plugins::Zaproxy` |
59
- | `shodan.key` / `hunter.key` / … | respective OSINT plugins |
60
- | `aws.*` | `PWN::AWS::*` (falls back to standard AWS SDK env/instance-profile) |
299
+ ## Related files under `~/.pwn/`
61
300
 
62
- ## Other files under `~/.pwn/`
301
+ `pwn.yaml` is the only file you edit; everything else is machine-written
302
+ state. See **[Persistence](Persistence.md)** for the full map
303
+ (`memory.json`, `learning.jsonl`, `mistakes.json`, `metrics.json`,
304
+ `extrospection.json`, `sessions/`, `skills/`, `cron/`, `agents.yml`,
305
+ `swarm/`).
63
306
 
64
- See [Persistence](Persistence.md) for the full map.
307
+ Multi-agent personas are **not** configured here — they live in
308
+ `~/.pwn/agents.yml` and are managed with `agent_spawn` / `agent_list`
309
+ (see **[Swarm](Swarm.md)**).
65
310
 
66
- [← Home](Home.md)
311
+ [← Home](Home.md) · [Persistence](Persistence.md) · [pwn-ai Agent](pwn-ai-Agent.md) · [Extrospection](Extrospection.md)
@@ -37,7 +37,7 @@ cron_create(
37
37
  ```
38
38
 
39
39
  At 02:00 the system cron fires `PWN::Cron.run`, which spins up a headless
40
- `pwn-ai` turn. Because `auto_reflect` and `auto_extrospect` are on, the run
40
+ `pwn-ai` turn. Because `auto_introspect` and `auto_extrospect` are on, the run
41
41
  also updates Learning/Metrics/Extrospection — so tomorrow's interactive
42
42
  session already knows what changed overnight.
43
43
 
@@ -22,7 +22,7 @@ its own performance, turns wins into permanent capability, and — critically
22
22
  1. Dispatch runs a tool → Metrics.record(tool, ok?, ms)
23
23
  ↳ tool FAILED? → Mistakes.record(tool, error) (count++, cross-session)
24
24
  ↳ same sig ≥3×? → guard_repeated_failure + inline correction_hint
25
- 2. Final answer produced → Learning.auto_reflect(session_id)
25
+ 2. Final answer produced → Learning.auto_introspect(session_id)
26
26
  3. Reflect finds a durable insight → Memory.remember(lesson_xxxx, …)
27
27
  4. A whole workflow succeeded → Learning.distill_skill(name, session_id, references:)
28
28
  5. Found a fix for a mistake → mistakes_resolve(sig, fix) → Memory :lesson "AVOID X — FIX: Y"
@@ -66,7 +66,7 @@ the `## References` section, deduplicates, and exposes them via
66
66
  | `mistakes_reset(confirm: true)` | new host/engagement — prior failure patterns no longer apply |
67
67
  | `metrics_reset(confirm: true)` | fixed a broken tool; stale 0 % is misleading |
68
68
  | `skill_delete(name)` | auto-distilled skill turned out low-quality |
69
- | `learning_auto_reflect_toggle(enabled: false)` | during noisy fuzz loops |
69
+ | `learning_auto_introspect_toggle(enabled: false)` | during noisy fuzz loops |
70
70
 
71
71
  **See also:** [Mistakes](Mistakes.md) — the negative-feedback half ·
72
72
  [Extrospection](Extrospection.md) — the outward-facing half ·
@@ -71,7 +71,7 @@ digraph "PWN_AI_Feedback_Learning_Loop" {
71
71
 
72
72
  /* L1 → L2 */
73
73
  Dispatch -> Metrics [label="record()", color="#34d399"];
74
- Result -> Learning [label="auto_reflect", color="#34d399"];
74
+ Result -> Learning [label="auto_introspect", color="#34d399"];
75
75
  Dispatch -> Mistakes [label="on failure\nrecord()", color="#fb7185", penwidth=2];
76
76
  User -> Mistakes [label="\"that's wrong\"\ncheck_user_correction", color="#fb7185",
77
77
  style=dashed, constraint=false];
@@ -8,9 +8,9 @@
8
8
  viewBox="0.00 0.00 1891.00 723.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
9
9
  <g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(43.2 679.95)">
10
10
  <title>PWN_AI_Feedback_Learning_Loop</title>
11
- <polygon fill="#0f172a" stroke="none" points="-43.2,43.2 -43.2,-679.95 1847.84,-679.95 1847.84,43.2 -43.2,43.2"/>
12
- <text xml:space="preserve" text-anchor="start" x="708.82" y="-614.75" font-family="Helvetica,sans-Serif" font-weight="bold" font-size="20.00" fill="#e2e8f0">pwn&#45;ai — Closed Self&#45;Improvement Loop</text>
13
- <text xml:space="preserve" text-anchor="start" x="715.94" y="-603.3" font-family="Helvetica,sans-Serif" font-size="11.00" fill="#94a3b8">Introspection (self) &#160;⟷ &#160;Extrospection (world) &#160;· &#160;Mistakes (negative feedback)</text>
11
+ <polygon fill="#0f172a" stroke="none" points="-43.2,43.2 -43.2,-679.95 1847.82,-679.95 1847.82,43.2 -43.2,43.2"/>
12
+ <text xml:space="preserve" text-anchor="start" x="708.81" y="-614.75" font-family="Helvetica,sans-Serif" font-weight="bold" font-size="20.00" fill="#e2e8f0">pwn&#45;ai — Closed Self&#45;Improvement Loop</text>
13
+ <text xml:space="preserve" text-anchor="start" x="715.93" y="-603.3" font-family="Helvetica,sans-Serif" font-size="11.00" fill="#94a3b8">Introspection (self) &#160;⟷ &#160;Extrospection (world) &#160;· &#160;Mistakes (negative feedback)</text>
14
14
  <g id="clust2" class="cluster">
15
15
  <title>cluster_core</title>
16
16
  <path fill="#2e1065" stroke="#6d28d9" stroke-width="2" d="M376.77,-424C376.77,-424 713.77,-424 713.77,-424 719.77,-424 725.77,-430 725.77,-436 725.77,-436 725.77,-495.25 725.77,-495.25 725.77,-501.25 719.77,-507.25 713.77,-507.25 713.77,-507.25 376.77,-507.25 376.77,-507.25 370.77,-507.25 364.77,-501.25 364.77,-495.25 364.77,-495.25 364.77,-436 364.77,-436 364.77,-430 370.77,-424 376.77,-424"/>
@@ -208,7 +208,7 @@
208
208
  <title>Result&#45;&gt;Learning</title>
209
209
  <path fill="none" stroke="#34d399" stroke-width="1.3" d="M445.63,-431.31C452.81,-428.41 460.41,-425.77 467.77,-424 714.4,-364.49 806.38,-475.4 1035.77,-367 1055.89,-357.49 1075.27,-342.08 1090.33,-328.21"/>
210
210
  <polygon fill="#34d399" stroke="#34d399" stroke-width="1.3" points="1092.05,-330.44 1095.94,-322.91 1088.2,-326.37 1092.05,-330.44"/>
211
- <text xml:space="preserve" text-anchor="middle" x="1032.88" y="-382.2" font-family="Helvetica,sans-Serif" font-size="9.00" fill="#cbd5e1">auto_reflect</text>
211
+ <text xml:space="preserve" text-anchor="middle" x="1040.38" y="-382.2" font-family="Helvetica,sans-Serif" font-size="9.00" fill="#cbd5e1">auto_introspect</text>
212
212
  </g>
213
213
  <!-- Result&#45;&gt;Observe -->
214
214
  <g id="edge11" class="edge">
@@ -382,9 +382,9 @@
382
382
  <!-- Correlate&#45;&gt;Prompt -->
383
383
  <g id="edge37" class="edge">
384
384
  <title>Correlate&#45;&gt;Prompt</title>
385
- <path fill="none" stroke="#fb7185" stroke-width="2" stroke-dasharray="5,2" d="M688.58,-166C859.66,-183.09 1168.35,-218.92 1200.77,-257.75 1231.89,-295.02 1231.26,-329.21 1200.77,-367 1161.36,-415.85 700.85,-414.78 638.77,-424 621.19,-426.61 602.23,-430.63 585.23,-434.69"/>
386
- <polygon fill="#fb7185" stroke="#fb7185" stroke-width="2" points="584.97,-431.87 577.87,-436.49 586.3,-437.31 584.97,-431.87"/>
387
- <text xml:space="preserve" text-anchor="middle" x="1263.25" y="-293.45" font-family="Helvetica,sans-Serif" font-size="9.00" fill="#cbd5e1">findings → next run</text>
385
+ <path fill="none" stroke="#fb7185" stroke-width="2" stroke-dasharray="5,2" d="M688.58,-166C859.66,-183.09 1168.35,-218.92 1200.77,-257.75 1231.89,-295.02 1230.76,-328.82 1200.77,-367 1162,-416.36 700.86,-414.85 638.77,-424 621.19,-426.59 602.23,-430.61 585.23,-434.67"/>
386
+ <polygon fill="#fb7185" stroke="#fb7185" stroke-width="2" points="584.97,-431.85 577.86,-436.47 586.3,-437.29 584.97,-431.85"/>
387
+ <text xml:space="preserve" text-anchor="middle" x="1263.06" y="-293.45" font-family="Helvetica,sans-Serif" font-size="9.00" fill="#cbd5e1">findings → next run</text>
388
388
  </g>
389
389
  <!-- Correlate&#45;&gt;Fmet -->
390
390
  <!-- Fmis&#45;&gt;Prompt -->
@@ -412,9 +412,9 @@
412
412
  <!-- Fext&#45;&gt;Prompt -->
413
413
  <g id="edge35" class="edge">
414
414
  <title>Fext&#45;&gt;Prompt</title>
415
- <path fill="none" stroke="#fbbf24" stroke-width="1.3" stroke-dasharray="5,2" d="M390.5,-52.69C404.23,-65.91 424.9,-83.05 446.77,-91.25 600.4,-148.86 1020.44,-120.56 1183.77,-136.25 1430.07,-159.92 1572.59,-22.74 1735.77,-208.75 1800.33,-282.34 1713.42,-367.49 1619.77,-396 1515.45,-427.76 746.91,-409.97 638.77,-424 620.81,-426.33 601.46,-430.37 584.22,-434.53"/>
415
+ <path fill="none" stroke="#fbbf24" stroke-width="1.3" stroke-dasharray="5,2" d="M390.5,-52.69C404.23,-65.91 424.9,-83.05 446.77,-91.25 600.4,-148.86 1020.44,-120.56 1183.77,-136.25 1430.07,-159.92 1572.59,-22.74 1735.77,-208.75 1800.17,-282.17 1714.06,-367.09 1620.77,-396 1516.5,-428.31 747.02,-409.96 638.77,-424 620.81,-426.33 601.46,-430.37 584.22,-434.53"/>
416
416
  <polygon fill="#fbbf24" stroke="#fbbf24" stroke-width="1.3" points="583.88,-431.73 576.79,-436.37 585.22,-437.16 583.88,-431.73"/>
417
- <text xml:space="preserve" text-anchor="middle" x="1777.26" y="-215.95" font-family="Helvetica,sans-Serif" font-size="9.00" fill="#cbd5e1">EXTRO block</text>
417
+ <text xml:space="preserve" text-anchor="middle" x="1777.24" y="-215.95" font-family="Helvetica,sans-Serif" font-size="9.00" fill="#cbd5e1">EXTRO block</text>
418
418
  </g>
419
419
  </g>
420
420
  </svg>
@@ -39,7 +39,7 @@ $ pwn --ai "run bin/pwn_sast against ./src and push findings to DefectDojo"
39
39
  *change-approach* instruction.
40
40
  5. Results are appended to the message list; go to 3.
41
41
  6. When the reply has *no* tool_calls it's the **final answer** →
42
- `Learning.auto_reflect` and `Extrospection.auto_extrospect` fire (if
42
+ `Learning.auto_introspect` and `Extrospection.auto_extrospect` fire (if
43
43
  enabled), transcript is flushed to `~/.pwn/sessions/`.
44
44
 
45
45
  ![Self-improvement loop](diagrams/pwn-ai-feedback-learning-loop.svg)
@@ -71,8 +71,8 @@ full `Loop.run` under a persona overlay) that share a JSONL bus. See
71
71
  - SHIFT+ENTER = newline, ENTER = submit.
72
72
  - `back` / `exit` returns to the plain REPL.
73
73
  - Set `ai.agent.max_iters` in `~/.pwn/config.yml` if long tasks get truncated.
74
- - Disable `auto_reflect` during noisy fuzz loops
75
- (`learning_auto_reflect_toggle(enabled: false)`), re-enable for the summary
74
+ - Disable `auto_introspect` during noisy fuzz loops
75
+ (`learning_auto_introspect_toggle(enabled: false)`), re-enable for the summary
76
76
  turn.
77
77
  - Run `mistakes_list` before retrying something that failed last session — the
78
78
  fix may already be recorded.
@@ -35,7 +35,7 @@ module PWN
35
35
  raise "ERROR: Unsupported type parameter value '#{type}'. Supported values are :opcodes_to_asm and :asm_to_opcodes."
36
36
  end
37
37
 
38
- PWN::AI::Agent::Introspection.reflect_on(
38
+ PWN::AI::Agent::Reflect.on(
39
39
  system_role_content: system_role_content,
40
40
  request: request,
41
41
  suppress_pii_warning: true
@@ -16,7 +16,7 @@ module PWN
16
16
 
17
17
  system_role_content = 'Provide a useful summary of this latest bitcoin block returned from a bitcoin node via getblockchaininfo.'
18
18
 
19
- PWN::AI::Agent::Introspection.reflect_on(
19
+ PWN::AI::Agent::Reflect.on(
20
20
  system_role_content: system_role_content,
21
21
  request: request,
22
22
  suppress_pii_warning: true
@@ -50,7 +50,7 @@ module PWN
50
50
  Analyze provided HTTP request/response pairs methodically: Start with a high-level overview, then dive into specifics, flag potential issues with evidence from the traffic, and end with PoC if applicable. Be verbose in reasoning but concise in output. Prioritize high-severity findings. If data is incomplete, request clarifications. If analyzing a JavaScript source map file (i.e. .js.map), focus on deobfuscating and identifying any potentially vulnerable code patterns, especially those that could lead to client-side vulnerabilities like DOM XSS, prototype pollution, or insecure deserialization. Look for patterns such as eval, document.write, innerHTML assignments, and event handlers that could be influenced by user input. Provide detailed analysis and PoCs if vulnerabilities are identified.
51
51
  '
52
52
 
53
- PWN::AI::Agent::Introspection.reflect_on(
53
+ PWN::AI::Agent::Reflect.on(
54
54
  system_role_content: system_role_content,
55
55
  request: request,
56
56
  suppress_pii_warning: true
@@ -597,7 +597,7 @@ module PWN
597
597
  # session_id: 'optional - id of the just-completed session (for tagging)'
598
598
  # )
599
599
  #
600
- # Called by Learning.auto_reflect when
600
+ # Called by Learning.auto_introspect when
601
601
  # PWN::Env[:ai][:agent][:auto_extrospect] is truthy. Captures a fresh
602
602
  # snapshot and, if drift is non-trivial, records it as an observation
603
603
  # and a PWN::Memory :env fact so the NEXT session's system prompt
@@ -1083,7 +1083,7 @@ module PWN
1083
1083
  PWN::AI::Agent::Extrospection.correlate # introspection x extrospection findings
1084
1084
  PWN::AI::Agent::Extrospection.to_context # injected by PromptBuilder
1085
1085
  PWN::AI::Agent::Extrospection.stats
1086
- PWN::AI::Agent::Extrospection.auto_extrospect(session_id: sid) # called from Learning.auto_reflect
1086
+ PWN::AI::Agent::Extrospection.auto_extrospect(session_id: sid) # called from Learning.auto_introspect
1087
1087
  PWN::AI::Agent::Extrospection.snapshot(sections: %i[web]) # opt-in browser probe of web_anchors
1088
1088
  PWN::AI::Agent::Extrospection.watch(url: 'https://target/api/version')
1089
1089
  PWN::AI::Agent::Extrospection.verify(claim: 'CVE-2026-12345 affects OpenSSL 3.2.1')
@@ -3,7 +3,7 @@
3
3
  module PWN
4
4
  module AI
5
5
  module Agent
6
- # This module is an AI agent designed to analyze signal data captured by a software-defined-radio using GQRX. It uses the PWN::AI::Agent::Introspection.reflect_on method to analyze the signal data and provide insights based on the location where the data was captured. The agent can determine if the frequency is licensed or unlicensed based on FCC records and provide relevant information about the transmission. This module is useful for security professionals, researchers, and hobbyists interested in analyzing radio signals and understanding their context.
6
+ # This module is an AI agent designed to analyze signal data captured by a software-defined-radio using GQRX. It uses the PWN::AI::Agent::Reflect.on method to analyze the signal data and provide insights based on the location where the data was captured. The agent can determine if the frequency is licensed or unlicensed based on FCC records and provide relevant information about the transmission. This module is useful for security professionals, researchers, and hobbyists interested in analyzing radio signals and understanding their context.
7
7
  module GQRX
8
8
  # Supported Method Parameters::
9
9
  # ai_analysis = PWN::AI::Agent::GQRX.analyze(
@@ -20,7 +20,7 @@ module PWN
20
20
 
21
21
  system_role_content = "Analyze signal data captured by a software-defined-radio using GQRX at the following location: #{location}. Respond with just FCC information about the transmission if available. If the frequency is unlicensed or not found in FCC records, state that clearly. Be clear and concise in your analysis."
22
22
 
23
- PWN::AI::Agent::Introspection.reflect_on(
23
+ PWN::AI::Agent::Reflect.on(
24
24
  system_role_content: system_role_content,
25
25
  request: request,
26
26
  suppress_pii_warning: true
@@ -29,7 +29,7 @@ module PWN
29
29
  raise "ERROR: type parameter value of #{type} is not supported"
30
30
  end
31
31
 
32
- PWN::AI::Agent::Introspection.reflect_on(
32
+ PWN::AI::Agent::Reflect.on(
33
33
  system_role_content: system_role_content,
34
34
  request: request,
35
35
  spinner: true,