pwn 0.5.621 → 0.5.622
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/documentation/Agent-Tool-Registry.md +1 -1
- data/documentation/Configuration.md +292 -47
- data/documentation/Cron.md +1 -1
- data/documentation/Skills-Memory-Learning.md +2 -2
- data/documentation/diagrams/dot/pwn-ai-feedback-learning-loop.dot +1 -1
- data/documentation/diagrams/pwn-ai-feedback-learning-loop.svg +9 -9
- data/documentation/pwn-ai-Agent.md +3 -3
- data/lib/pwn/ai/agent/assembly.rb +1 -1
- data/lib/pwn/ai/agent/btc.rb +1 -1
- data/lib/pwn/ai/agent/burp_suite.rb +1 -1
- data/lib/pwn/ai/agent/extrospection.rb +2 -2
- data/lib/pwn/ai/agent/gqrx.rb +2 -2
- data/lib/pwn/ai/agent/hacker_one.rb +1 -1
- data/lib/pwn/ai/agent/learning.rb +16 -16
- data/lib/pwn/ai/agent/loop.rb +1 -1
- data/lib/pwn/ai/agent/{introspection.rb → reflect.rb} +12 -12
- data/lib/pwn/ai/agent/sast.rb +1 -1
- data/lib/pwn/ai/agent/tools/extrospection.rb +1 -1
- data/lib/pwn/ai/agent/tools/learning.rb +7 -7
- data/lib/pwn/ai/agent/transparent_browser.rb +1 -1
- data/lib/pwn/ai/agent/vuln_gen.rb +2 -2
- data/lib/pwn/ai/agent.rb +1 -1
- data/lib/pwn/ai/open_ai.rb +10 -6
- data/lib/pwn/config.rb +5 -4
- data/lib/pwn/plugins/burp_suite.rb +2 -2
- data/lib/pwn/sast/pom_version.rb +2 -2
- data/lib/pwn/sast/test_case_engine.rb +1 -1
- data/lib/pwn/sdr/gqrx.rb +1 -1
- data/lib/pwn/version.rb +1 -1
- data/spec/lib/pwn/ai/agent/{introspection_spec.rb → reflect_spec.rb} +3 -3
- data/third_party/pwn_rdoc.jsonl +51 -16
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f4aeb484ae013e0feb9648009d60cfc493bbd4ec98ba42193745af669ed70bcc
|
|
4
|
+
data.tar.gz: 2dcffdf992ee24a9c8a10ae7b83c743ad5b6b1aed83e70063da56e8cf6e9ea85
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2468ec9291d44be94de1f3877441380e60cde34e24953f6ac677bd39f0679c82ab6f82f6554b7fcacf1348b0c751c63bf8d8a23a369ac665023b5a9e74cc3a01
|
|
7
|
+
data.tar.gz: 722765fd660ca9da266a170da45f65eb061886b7629557143436a0765412dc89d3de3e56ac8f5bd8e9b32e5f25831d3644ac3568d851f6ac5f7629531b9e7768
|
data/Gemfile
CHANGED
|
@@ -15,7 +15,7 @@ toolsets; the JSON-Schema for each tool is what the model actually sees.
|
|
|
15
15
|
| `memory` | `memory_remember` · `memory_recall` · `memory_forget` · `memory_clear` | `PWN::Memory` → `~/.pwn/memory.json` |
|
|
16
16
|
| `skills` | `skill_list` · `skill_view` · `skill_create` · `skill_add_reference` · `skill_delete` | `~/.pwn/skills/*.md` |
|
|
17
17
|
| `sessions` | `sessions_list` · `sessions_view` · `sessions_current` · `sessions_delete` · `sessions_stats` | `PWN::Sessions` → `~/.pwn/sessions/` |
|
|
18
|
-
| `learning` | `learning_note_outcome` · `learning_reflect` · `learning_distill_skill` · `learning_stats` · `learning_outcomes` · `learning_consolidate` · `learning_reset` · `
|
|
18
|
+
| `learning` | `learning_note_outcome` · `learning_reflect` · `learning_distill_skill` · `learning_stats` · `learning_outcomes` · `learning_consolidate` · `learning_reset` · `learning_auto_introspect_toggle` · **`mistakes_list`** · **`mistakes_record`** · **`mistakes_resolve`** · **`mistakes_reset`** | `PWN::AI::Agent::Learning` + `PWN::AI::Agent::Mistakes` → `~/.pwn/learning.jsonl` + `~/.pwn/mistakes.json` |
|
|
19
19
|
| `metrics` | `metrics_summary` · `metrics_reset` | `PWN::AI::Agent::Metrics` → `~/.pwn/metrics.json` |
|
|
20
20
|
| `extrospection` | `extro_snapshot` · `extro_drift` · `extro_observe` · `extro_observations` · `extro_intel` · **`extro_watch`** · **`extro_verify`** · `extro_correlate` · `extro_stats` · `extro_reset` · `extro_auto_toggle` | `PWN::AI::Agent::Extrospection` (+ `PWN::Plugins::TransparentBrowser`) → `~/.pwn/extrospection.json` |
|
|
21
21
|
| `cron` | `cron_list` · `cron_create` · `cron_run` · `cron_enable` · `cron_disable` · `cron_remove` | `PWN::Cron` → `~/.pwn/cron/jobs.yml` |
|
|
@@ -1,66 +1,311 @@
|
|
|
1
|
-
# Configuration — `~/.pwn/
|
|
1
|
+
# Configuration — `~/.pwn/pwn.yaml`
|
|
2
2
|
|
|
3
|
-
Everything configurable lives in one YAML file
|
|
4
|
-
startup and
|
|
3
|
+
Everything configurable in PWN lives in **one encrypted YAML file**, loaded by
|
|
4
|
+
`PWN::Config.refresh_env` at driver startup and exposed in-process as the
|
|
5
|
+
frozen constant **`PWN::Env`** (a redacted copy is available as
|
|
6
|
+
`PWN::EnvRedacted`).
|
|
5
7
|
|
|
6
|
-
|
|
8
|
+
The file is **AES-encrypted at rest** by `PWN::Plugins::Vault`. Its key/IV
|
|
9
|
+
live in a sibling **`~/.pwn/pwn.yaml.decryptor`** file (or in
|
|
10
|
+
`PWN_DECRYPTOR_KEY` / `PWN_DECRYPTOR_IV` env vars). Never edit `pwn.yaml`
|
|
11
|
+
by hand — use the **`pwn-vault`** REPL command, which decrypts → opens
|
|
12
|
+
`$EDITOR` → re-encrypts → reloads `PWN::Env`.
|
|
13
|
+
|
|
14
|
+
If `~/.pwn/pwn.yaml` does not exist on first run, `PWN::Config.default_env`
|
|
15
|
+
writes a fully-commented template with every key below (values set to
|
|
16
|
+
`'optional - …'` / `'required - …'` placeholder strings), encrypts it, and
|
|
17
|
+
generates the decryptor.
|
|
18
|
+
|
|
19
|
+
---
|
|
20
|
+
|
|
21
|
+
## Full annotated example
|
|
7
22
|
|
|
8
23
|
```yaml
|
|
9
|
-
# ~/.pwn/
|
|
24
|
+
# ~/.pwn/pwn.yaml (shown DECRYPTED — file is AES-encrypted on disk)
|
|
25
|
+
|
|
10
26
|
ai:
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
openai:
|
|
15
|
-
key: sk-…
|
|
27
|
+
active: grok # Which engine backs `pwn-ai`. One of: openai | anthropic | grok | gemini | ollama.
|
|
28
|
+
module_reflection: false # Master gate for LLM self-analysis (SAST triage, Burp enrichment, Learning.llm_reflect).
|
|
29
|
+
|
|
16
30
|
grok:
|
|
17
|
-
|
|
31
|
+
base_uri: https://api.x.ai/v1 # xAI API base URL. Override for a self-hosted proxy / private endpoint.
|
|
32
|
+
key: xai-… # xAI API key. If blank AND no oauth.* below, PWN prompts interactively at load.
|
|
33
|
+
model: grok-4.5 # Model id sent on every chat / tool-loop request.
|
|
34
|
+
system_role_content: 'You are an ethically hacking xAI Grok agent.' # Base system prompt (MEMORY/SKILLS/LEARNING/EXTROSPECTION blocks are appended to this).
|
|
35
|
+
temp: 1.0 # Sampling temperature passed to the chat endpoint.
|
|
36
|
+
max_prompt_length: 256000 # Soft input-context ceiling (chars) used for prompt truncation / chunking.
|
|
37
|
+
oauth: # RFC-8628 device-flow (SuperGrok subscription) — public client, no client_secret.
|
|
38
|
+
refresh_token: ~ # Durable OAuth refresh token; enables silent re-auth without an API key.
|
|
39
|
+
bearer_token: ~ # Short-lived OAuth access JWT; auto-refreshed each run when refresh_token is set.
|
|
40
|
+
client_id: b1a00492-073a-47ea-816f-4c329264a828 # xAI's PUBLIC OAuth client id for the "Grok CLI" application (not sensitive).
|
|
41
|
+
client_secret: ~ # Only for confidential-client OAuth flows; unused by the public Grok-CLI client.
|
|
42
|
+
scope: 'openid profile email offline_access grok-cli:access api:access' # OAuth scope string requested during device-flow enrollment.
|
|
43
|
+
token_uri: https://auth.x.ai/oauth2/token # OAuth token endpoint (override for enterprise IdP).
|
|
44
|
+
enroll: false # true → force RFC-8628 device-flow enrollment on load even when `key:` is set.
|
|
45
|
+
|
|
46
|
+
openai:
|
|
47
|
+
base_uri: https://api.openai.com/v1 # OpenAI API base URL. Override for Azure OpenAI / VPC gateway / local proxy.
|
|
48
|
+
key: sk-… # OpenAI API key (`sk-…`). Prompted interactively if blank.
|
|
49
|
+
model: gpt-4o # Model id sent on every chat / tool-loop request.
|
|
50
|
+
system_role_content: 'You are an ethically hacking OpenAI agent.' # Base system prompt for this engine.
|
|
51
|
+
temp: 1.0 # Sampling temperature.
|
|
52
|
+
max_prompt_length: 128000 # Soft input-context ceiling (chars) for truncation / chunking.
|
|
53
|
+
max_tokens: 16384 # Max OUTPUT tokens per response. Mapped to OpenAI wire param `max_completion_tokens`.
|
|
54
|
+
|
|
55
|
+
anthropic:
|
|
56
|
+
base_uri: https://api.anthropic.com/v1 # Anthropic API base URL. Override for Bedrock / private gateway.
|
|
57
|
+
key: sk-ant-… # Anthropic API key (`sk-ant-…`). Prompted interactively if blank.
|
|
58
|
+
model: claude-3-5-sonnet-20240620 # Model id sent on every chat / tool-loop request.
|
|
59
|
+
system_role_content: 'You are an ethically hacking Anthropic agent.' # Base system prompt for this engine.
|
|
60
|
+
temp: 1.0 # Sampling temperature.
|
|
61
|
+
max_tokens: 8192 # Max OUTPUT tokens per response. Raise if tool-call JSON truncates.
|
|
62
|
+
max_prompt_length: 200000 # Soft input-context ceiling (chars) for truncation / chunking.
|
|
63
|
+
|
|
64
|
+
gemini:
|
|
65
|
+
base_uri: https://generativelanguage.googleapis.com/v1beta # Google Generative Language API base URL.
|
|
66
|
+
key: AIza… # Google AI Studio API key (`AIza…`). Prompted interactively if blank.
|
|
67
|
+
model: gemini-2.5-pro # Model id sent on every chat / tool-loop request.
|
|
68
|
+
system_role_content: 'You are an ethically hacking Gemini agent.' # Base system prompt for this engine.
|
|
69
|
+
temp: 1.0 # Sampling temperature.
|
|
70
|
+
max_prompt_length: 1000000 # Soft input-context ceiling (chars) — Gemini supports very large contexts.
|
|
71
|
+
|
|
18
72
|
ollama:
|
|
19
|
-
|
|
20
|
-
|
|
73
|
+
base_uri: https://ollama.local # REQUIRED for ollama — Open WebUI / ollama-serve base URL (no vendor default).
|
|
74
|
+
key: eyJ… # Open WebUI JWT (Settings → Account → API Key). Prompted if blank.
|
|
75
|
+
model: llama3.1:70b # Local model tag as `ollama list` shows it.
|
|
76
|
+
system_role_content: 'You are an ethically hacking Ollama agent.' # Base system prompt for this engine.
|
|
77
|
+
temp: 1.0 # Sampling temperature.
|
|
78
|
+
max_prompt_length: 32000 # Soft input-context ceiling (chars) — tune per local model's real context window.
|
|
79
|
+
|
|
21
80
|
agent:
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
81
|
+
native_tools: true # Use provider-native tool_calls / function-calling. false → legacy text-parsed tool protocol.
|
|
82
|
+
max_iters: 25 # Hard cap on tool-call rounds per user turn before a forced final answer.
|
|
83
|
+
max_depth: 3 # Recursion guard: how many levels deep agent_ask/agent_debate sub-agents may spawn sub-agents.
|
|
84
|
+
auto_introspect: true # Run Learning.auto_introspect (outcome logging + lesson mining) after every final answer.
|
|
85
|
+
auto_extrospect: false # Also run Extrospection.auto_extrospect (host/toolchain/net/repo drift capture) after every final answer.
|
|
86
|
+
toolsets: ~ # Allow-list of toolsets exposed to the agent. nil = all. Valid: cron, extrospection, learning, memory, metrics, pwn, sessions, skills, swarm, terminal.
|
|
87
|
+
extrospection:
|
|
88
|
+
web:
|
|
89
|
+
anchors: # URLs the headless browser fingerprints on extro_snapshot(sections:[:web]). Alias: web_anchors.
|
|
90
|
+
- https://nvd.nist.gov
|
|
91
|
+
- https://www.exploit-db.com
|
|
92
|
+
proxy: ~ # Upstream proxy for TransparentBrowser during probe_web/verify/watch (e.g. 'tor', http://127.0.0.1:8080).
|
|
93
|
+
max_anchors: 8 # Cap on how many anchors are rendered per snapshot (protects run time).
|
|
94
|
+
per_page_timeout: 15 # Seconds before a single page render is abandoned and recorded as unreachable.
|
|
95
|
+
screenshot: false # Persist a PNG per anchor to ~/.pwn/extrospection/web/ (disk-heavy; off by default).
|
|
96
|
+
allow_targets: false # true → also merge top-level `targets:` into anchors (opt-in — off so in-scope hosts aren't touched unprompted).
|
|
97
|
+
|
|
98
|
+
plugins:
|
|
99
|
+
asm:
|
|
100
|
+
arch: x86_64 # Target architecture for `pwn-asm` inline assembler/disassembler. Default: PWN::Plugins::DetectOS.arch.
|
|
101
|
+
endian: little # Endianness for `pwn-asm` (little | big). Default: PWN::Plugins::DetectOS.endian.
|
|
102
|
+
blockchain:
|
|
103
|
+
bitcoin:
|
|
104
|
+
rpc_host: localhost # bitcoind JSON-RPC host for PWN::Blockchain::BTC.
|
|
105
|
+
rpc_port: 8332 # bitcoind JSON-RPC port.
|
|
106
|
+
rpc_user: … # bitcoind RPC username (rpcauth / rpcuser in bitcoin.conf).
|
|
107
|
+
rpc_pass: … # bitcoind RPC password. Redacted in PWN::EnvRedacted.
|
|
108
|
+
hunter:
|
|
109
|
+
api_key: … # hunter.how API key — passed as api_key: to PWN::Plugins::Hunter.search.
|
|
110
|
+
jira_data_center:
|
|
111
|
+
base_uri: https://jira.company.com/rest/api/latest # Jira Data Center REST base URL.
|
|
112
|
+
token: … # Jira Personal Access Token for PWN::Plugins::JiraDataCenter. Redacted.
|
|
113
|
+
meshtastic:
|
|
114
|
+
admin_key: … # Public key authorised to send admin messages to mesh nodes via `pwn-mesh`.
|
|
115
|
+
serial:
|
|
116
|
+
port: /dev/ttyUSB0 # Serial device path for a locally-attached Meshtastic node.
|
|
117
|
+
baud: 115200 # Serial baud rate.
|
|
118
|
+
bits: 8 # Serial data bits.
|
|
119
|
+
stop: 1 # Serial stop bits.
|
|
120
|
+
parity: none # Serial parity (none | even | odd).
|
|
121
|
+
mqtt:
|
|
122
|
+
host: mqtt.meshtastic.org # MQTT broker hostname for Meshtastic-over-MQTT.
|
|
123
|
+
port: 1883 # MQTT broker port (8883 for TLS).
|
|
124
|
+
tls: false # Use TLS to the MQTT broker.
|
|
125
|
+
user: meshdev # MQTT username (public Meshtastic broker default shown).
|
|
126
|
+
pass: large4cats # MQTT password (public Meshtastic broker default shown). Redacted.
|
|
127
|
+
channel:
|
|
128
|
+
active: LongFast # Which named channel block below `pwn-mesh` uses for TX/RX.
|
|
129
|
+
LongFast: # Channel definition — name is arbitrary, referenced by `active:` above.
|
|
130
|
+
psk: 'AQ==' # Channel pre-shared key (base64). 'AQ==' = Meshtastic default public key. Redacted.
|
|
131
|
+
region: US/UT # LoRa region tag (regulatory band).
|
|
132
|
+
topic: 2/e/# # MQTT topic filter to subscribe/publish for this channel.
|
|
133
|
+
channel_num: 8 # Meshtastic channel index (slot number on the device).
|
|
134
|
+
from: '!deadbeef' # Sender node id used on outbound packets. Optional — defaults to !<mqtt client_id>.
|
|
135
|
+
PWN: # Example second (private) channel definition.
|
|
136
|
+
psk: … # Private channel pre-shared key (base64). Redacted.
|
|
137
|
+
region: US/UT # LoRa region tag for this channel.
|
|
138
|
+
topic: 2/e/PWN/# # MQTT topic filter for this channel.
|
|
139
|
+
channel_num: 99 # Meshtastic channel index for this channel.
|
|
140
|
+
shodan:
|
|
141
|
+
api_key: … # Shodan API key — passed as api_key: to PWN::Plugins::Shodan.*. Redacted.
|
|
142
|
+
|
|
143
|
+
memory:
|
|
144
|
+
enabled: true # Reserve — persistent-memory subsystem on/off (currently always active; future gate).
|
|
145
|
+
provider: file # Storage backend for PWN::Memory: file (~/.pwn/memory.json). `sqlite` reserved.
|
|
146
|
+
|
|
147
|
+
sessions:
|
|
148
|
+
enabled: true # Reserve — transcript recording on/off (currently always active; future gate).
|
|
149
|
+
provider: jsonl # Transcript format under ~/.pwn/sessions/ (one .jsonl per session).
|
|
150
|
+
|
|
151
|
+
cron:
|
|
152
|
+
enabled: true # Reserve — scheduled-job subsystem on/off (currently always active; future gate).
|
|
153
|
+
provider: yaml # Job store format for PWN::Cron (~/.pwn/cron/jobs.yml).
|
|
154
|
+
|
|
155
|
+
targets: # Optional — engagement-scope URLs/hosts. Merged into :web snapshot anchors
|
|
156
|
+
- https://target.example.com # ONLY when ai.agent.extrospection.web.allow_targets: true.
|
|
36
157
|
```
|
|
37
158
|
|
|
159
|
+
---
|
|
160
|
+
|
|
38
161
|
## Reading / writing at runtime
|
|
39
162
|
|
|
40
163
|
```ruby
|
|
41
|
-
PWN::Env[:ai][:
|
|
42
|
-
PWN::Env
|
|
43
|
-
PWN::
|
|
164
|
+
PWN::Env[:ai][:active] # => :grok
|
|
165
|
+
PWN::Env.dig(:ai, :agent, :max_iters) # => 25
|
|
166
|
+
PWN::EnvRedacted[:ai][:grok][:key] # => ">>> REDACTED >>> …"
|
|
167
|
+
|
|
168
|
+
# Edit + re-encrypt + reload without leaving the REPL:
|
|
169
|
+
pwn-vault
|
|
170
|
+
|
|
171
|
+
# Force a reload from disk (e.g. after pwn-vault in another shell):
|
|
172
|
+
PWN::Config.refresh_env
|
|
44
173
|
```
|
|
45
174
|
|
|
46
|
-
|
|
175
|
+
---
|
|
176
|
+
|
|
177
|
+
## Exhaustive key reference
|
|
178
|
+
|
|
179
|
+
### `ai` — AI engines & agent loop
|
|
180
|
+
|
|
181
|
+
| Key path | Type | Default | Consumed by | Purpose |
|
|
182
|
+
|---|---|---|---|---|
|
|
183
|
+
| `ai.active` | String | `grok` | `PWN::Config.refresh_env`, `PWN::AI::Agent::Loop`, `PWN::Plugins::REPL`, `PWN::Cron` | Which AI engine backs `pwn-ai`. One of `openai` · `anthropic` · `grok` · `gemini` · `ollama`. |
|
|
184
|
+
| `ai.module_reflection` | Boolean | `false` | `PWN::AI::Agent::Reflect`, `PWN::SAST::*`, `PWN::Plugins::BurpSuite` | Master gate for LLM-driven self-analysis (SAST triage, Burp finding enrichment, `Learning.llm_reflect`). |
|
|
185
|
+
| `ai.<engine>.base_uri` | String | provider default | `PWN::AI::<Engine>.rest_call` | Override the API base URL (self-hosted proxy, private endpoint, Azure/VPC gateway). **Required** for `ollama`. |
|
|
186
|
+
| `ai.<engine>.key` | String | — | `PWN::AI::<Engine>` | API key / bearer token. If blank AND no OAuth is configured, PWN prompts interactively at load. |
|
|
187
|
+
| `ai.<engine>.model` | String | provider default | `PWN::AI::<Engine>.chat` / `.chat_tool_loop` | Model id sent on every request (e.g. `grok-4.5`, `gpt-4o`, `claude-3-5-sonnet-20240620`, `gemini-2.5-pro`, `llama3.1:70b`). |
|
|
188
|
+
| `ai.<engine>.system_role_content` | String | ethical-hacker persona | `PWN::AI::Agent::PromptBuilder`, `PWN::Plugins::REPL` | Base system prompt prepended to MEMORY / SKILLS / LEARNING / EXTROSPECTION blocks. |
|
|
189
|
+
| `ai.<engine>.temp` | Float | `1.0` | `PWN::AI::<Engine>.chat` | Sampling temperature. |
|
|
190
|
+
| `ai.<engine>.max_prompt_length` | Integer | per-engine | `PWN::AI::<Engine>`, `PWN::Plugins::REPL` | Soft input-context ceiling used for prompt truncation / chunking. |
|
|
191
|
+
| `ai.anthropic.max_tokens` | Integer | `8192` | `PWN::AI::Anthropic.chat_tool_loop` | Max **output** tokens per response. Raise if tool-call JSON truncates. |
|
|
192
|
+
| `ai.openai.max_tokens` | Integer | `16384` | `PWN::AI::OpenAI.chat` | Max **output** tokens per response. Mapped to OpenAI's wire param `max_completion_tokens` (legacy env key `max_completion_tokens` still accepted). |
|
|
193
|
+
| `ai.grok.oauth.refresh_token` | String | — | `PWN::AI::Grok.resolve_auth` | Durable OAuth refresh token (from `PWN::AI::Grok.obtain_oauth_bearer_token` device flow). Enables silent re-auth without an API key. |
|
|
194
|
+
| `ai.grok.oauth.bearer_token` | String | — | `PWN::AI::Grok.resolve_auth` | Short-lived OAuth access JWT. Auto-refreshed each run when `refresh_token` is present; live-cached back into this hash. |
|
|
195
|
+
| `ai.grok.oauth.client_id` | String | Grok-CLI public id | `PWN::AI::Grok` | Override the public OAuth client id used for device-flow / refresh. |
|
|
196
|
+
| `ai.grok.oauth.client_secret` | String | — | `PWN::Config.refresh_env`, `PWN::AI::Grok` | Only for confidential-client OAuth flows. Unused by the default public Grok-CLI client. |
|
|
197
|
+
| `ai.grok.oauth.scope` | String | see example | `PWN::AI::Grok` | OAuth scope string requested during device-flow enrollment. |
|
|
198
|
+
| `ai.grok.oauth.token_uri` | String | `https://auth.x.ai/oauth2/token` | `PWN::AI::Grok` | OAuth token endpoint (override for enterprise IdP). |
|
|
199
|
+
| `ai.grok.oauth.enroll` | Boolean | `false` | `PWN::AI::Grok` | `true` → always run RFC-8628 device-flow enrollment on load, even when `ai.grok.key` is set. |
|
|
200
|
+
|
|
201
|
+
### `ai.agent` — pwn-ai autonomous loop
|
|
202
|
+
|
|
203
|
+
| Key path | Type | Default | Consumed by | Purpose |
|
|
204
|
+
|---|---|---|---|---|
|
|
205
|
+
| `ai.agent.native_tools` | Boolean | `true` | `PWN::Plugins::REPL` (`pwn-ai` cmd) | Use provider-native `tool_calls` / function-calling. `false` falls back to the legacy text-parsed tool protocol. |
|
|
206
|
+
| `ai.agent.max_iters` | Integer | `25` | `PWN::AI::Agent::Loop.run`, `PWN::AI::Agent::Swarm` | Hard cap on tool-call rounds per user turn before a forced final answer. |
|
|
207
|
+
| `ai.agent.max_depth` | Integer | `3` | `PWN::AI::Agent::Swarm` | Recursion guard for `agent_ask` / `agent_debate` sub-agents spawning sub-agents. |
|
|
208
|
+
| `ai.agent.auto_introspect` | Boolean | `true` | `PWN::AI::Agent::Learning.auto_introspect` | Run outcome logging + lesson mining after every final answer. Toggle live via `learning_auto_introspect_toggle`. |
|
|
209
|
+
| `ai.agent.auto_extrospect` | Boolean | `false` | `PWN::AI::Agent::Extrospection.auto_extrospect` | Also capture host/toolchain/net/repo drift after every final answer. Toggle live via `extro_auto_toggle`. |
|
|
210
|
+
| `ai.agent.toolsets` | Array\<String\> \| `nil` | `nil` (all) | `bin/pwn`, `PWN::Plugins::REPL`, `PWN::AI::Agent::Registry` | Allow-list of toolsets exposed to the agent. Valid: `cron`, `extrospection`, `learning`, `memory`, `metrics`, `pwn`, `sessions`, `skills`, `swarm`, `terminal`. |
|
|
211
|
+
| `ai.agent.extrospection.web.anchors` | Array\<String\> | `DEFAULT_WEB_ANCHORS` | `PWN::AI::Agent::Extrospection.probe_web` | URLs the headless browser fingerprints on `extro_snapshot(sections:[:web])`. Alias: `web_anchors`. |
|
|
212
|
+
| `ai.agent.extrospection.web.proxy` | String | — | `Extrospection.probe_web` / `.verify` / `.watch` | Upstream proxy for `PWN::Plugins::TransparentBrowser` (e.g. `tor`, `http://127.0.0.1:8080`). |
|
|
213
|
+
| `ai.agent.extrospection.web.max_anchors` | Integer | `8` | `Extrospection.probe_web` | Cap on anchors rendered per snapshot. |
|
|
214
|
+
| `ai.agent.extrospection.web.per_page_timeout` | Integer | `15` | `Extrospection` (headless browser) | Seconds before a page render is abandoned. |
|
|
215
|
+
| `ai.agent.extrospection.web.screenshot` | Boolean | `false` | `Extrospection.probe_web` / `.watch` | Persist a PNG per anchor to `~/.pwn/extrospection/web/`. |
|
|
216
|
+
| `ai.agent.extrospection.web.allow_targets` | Boolean | `false` | `Extrospection.web_anchors` | Merge top-level `targets:` into the anchor list (opt-in — off by default to avoid touching in-scope hosts unprompted). |
|
|
217
|
+
|
|
218
|
+
### `plugins` — module credentials & wiring
|
|
219
|
+
|
|
220
|
+
| Key path | Type | Default | Consumed by | Purpose |
|
|
221
|
+
|---|---|---|---|---|
|
|
222
|
+
| `plugins.asm.arch` | String | `DetectOS.arch` | `PWN::Plugins::REPL` (`pwn-asm`) | Target architecture for the inline assembler / disassembler prompt (`x86_64`, `arm64`, …). |
|
|
223
|
+
| `plugins.asm.endian` | String | `DetectOS.endian` | `PWN::Plugins::REPL` (`pwn-asm`) | Endianness for the inline assembler (`little` / `big`). |
|
|
224
|
+
| `plugins.blockchain.bitcoin.rpc_host` | String | `localhost` | `PWN::Blockchain::BTC` | bitcoind JSON-RPC host. |
|
|
225
|
+
| `plugins.blockchain.bitcoin.rpc_port` | Integer | `8332` | `PWN::Blockchain::BTC` | bitcoind JSON-RPC port. |
|
|
226
|
+
| `plugins.blockchain.bitcoin.rpc_user` | String | — | `PWN::Blockchain::BTC` | bitcoind RPC username. |
|
|
227
|
+
| `plugins.blockchain.bitcoin.rpc_pass` | String | — | `PWN::Blockchain::BTC` | bitcoind RPC password. |
|
|
228
|
+
| `plugins.hunter.api_key` | String | — | `PWN::Plugins::Hunter` | hunter.how API key (passed as `api_key:` to `Hunter.search`). |
|
|
229
|
+
| `plugins.jira_data_center.base_uri` | String | — | `PWN::Plugins::JiraDataCenter` | Jira DC REST base (e.g. `https://jira.company.com/rest/api/latest`). |
|
|
230
|
+
| `plugins.jira_data_center.token` | String | — | `PWN::Plugins::JiraDataCenter` | Jira Personal Access Token. |
|
|
231
|
+
| `plugins.meshtastic.admin_key` | String | — | `PWN::Plugins::REPL` (`pwn-mesh`) | Public key authorised to send admin messages to mesh nodes. |
|
|
232
|
+
| `plugins.meshtastic.serial.port` | String | `/dev/ttyUSB0` | `pwn-mesh` (serial) | Serial device path for a locally-attached Meshtastic node. |
|
|
233
|
+
| `plugins.meshtastic.serial.baud` | Integer | `115200` | `pwn-mesh` (serial) | Serial baud rate. |
|
|
234
|
+
| `plugins.meshtastic.serial.bits` | Integer | `8` | `pwn-mesh` (serial) | Serial data bits. |
|
|
235
|
+
| `plugins.meshtastic.serial.stop` | Integer | `1` | `pwn-mesh` (serial) | Serial stop bits. |
|
|
236
|
+
| `plugins.meshtastic.serial.parity` | Symbol | `:none` | `pwn-mesh` (serial) | Serial parity. |
|
|
237
|
+
| `plugins.meshtastic.mqtt.host` | String | `mqtt.meshtastic.org` | `pwn-mesh` → `Meshtastic::MQTT.connect` | MQTT broker hostname. |
|
|
238
|
+
| `plugins.meshtastic.mqtt.port` | Integer | `1883` | `pwn-mesh` | MQTT broker port. |
|
|
239
|
+
| `plugins.meshtastic.mqtt.tls` | Boolean | `false` | `pwn-mesh` | Use TLS to the MQTT broker. |
|
|
240
|
+
| `plugins.meshtastic.mqtt.user` | String | `meshdev` | `pwn-mesh` | MQTT username. |
|
|
241
|
+
| `plugins.meshtastic.mqtt.pass` | String | `large4cats` | `pwn-mesh` | MQTT password. |
|
|
242
|
+
| `plugins.meshtastic.channel.active` | String | `LongFast` | `pwn-mesh` | Which named channel block below is used for TX/RX. |
|
|
243
|
+
| `plugins.meshtastic.channel.<NAME>.psk` | String (b64) | `AQ==` | `pwn-mesh` | Channel pre-shared key. |
|
|
244
|
+
| `plugins.meshtastic.channel.<NAME>.region` | String | — | `pwn-mesh` | LoRa region tag (e.g. `US/UT`). |
|
|
245
|
+
| `plugins.meshtastic.channel.<NAME>.topic` | String | — | `pwn-mesh` | MQTT topic filter to subscribe/publish (e.g. `2/e/#`). |
|
|
246
|
+
| `plugins.meshtastic.channel.<NAME>.channel_num` | Integer | — | `pwn-mesh` | Meshtastic channel index. |
|
|
247
|
+
| `plugins.meshtastic.channel.<NAME>.from` | String | `!<mqtt client_id>` | `pwn-mesh` | Sender node id used on outbound packets. |
|
|
248
|
+
| `plugins.shodan.api_key` | String | — | `PWN::Plugins::Shodan` | Shodan API key (passed as `api_key:` to `Shodan.*`). |
|
|
249
|
+
|
|
250
|
+
### `memory` / `sessions` / `cron`
|
|
251
|
+
|
|
252
|
+
| Key path | Type | Default | Consumed by | Purpose |
|
|
253
|
+
|---|---|---|---|---|
|
|
254
|
+
| `memory.enabled` | Boolean | `true` | `PWN::Memory` | Reserve — persistent memory on/off (currently always active; future gate). |
|
|
255
|
+
| `memory.provider` | String | `file` | `PWN::Memory` | Storage backend: `file` (`~/.pwn/memory.json`). `sqlite` reserved. |
|
|
256
|
+
| `sessions.enabled` | Boolean | `true` | `PWN::Sessions` | Reserve — transcript recording on/off (currently always active; future gate). |
|
|
257
|
+
| `sessions.provider` | String | `jsonl` | `PWN::Sessions` | Transcript format under `~/.pwn/sessions/`. |
|
|
258
|
+
| `cron.enabled` | Boolean | `true` | `PWN::Cron` | Reserve — scheduled-job subsystem on/off (currently always active; future gate). |
|
|
259
|
+
| `cron.provider` | String | `yaml` | `PWN::Cron` | Job store format (`~/.pwn/cron/jobs.yml`). |
|
|
260
|
+
|
|
261
|
+
### Top-level / miscellaneous
|
|
262
|
+
|
|
263
|
+
| Key path | Type | Default | Consumed by | Purpose |
|
|
264
|
+
|---|---|---|---|---|
|
|
265
|
+
| `targets` | Array\<String\> | — | `PWN::AI::Agent::Extrospection.web_anchors` | Engagement-scope URLs/hosts. Merged into `:web` snapshot anchors when `ai.agent.extrospection.web.allow_targets: true`. |
|
|
266
|
+
|
|
267
|
+
---
|
|
268
|
+
|
|
269
|
+
## Runtime-only keys on `PWN::Env` (NOT stored in `pwn.yaml`)
|
|
270
|
+
|
|
271
|
+
These are injected by `PWN::Config.refresh_env` / `PWN::AI::Agent::Loop` after
|
|
272
|
+
the YAML is decrypted. They will appear on `PWN::Env` in-process but are
|
|
273
|
+
**overwritten on every load**, so putting them in `pwn.yaml` has no effect.
|
|
274
|
+
|
|
275
|
+
| Key path | Set by | Purpose |
|
|
276
|
+
|---|---|---|
|
|
277
|
+
| `driver_opts.pwn_env_path` | `PWN::Config.refresh_env` / `PWN::Driver::Parser` | Resolved path to the active `pwn.yaml` (from `--pwn_env` or default). |
|
|
278
|
+
| `driver_opts.pwn_dec_path` | `PWN::Config.refresh_env` / `PWN::Driver::Parser` | Resolved path to the decryptor YAML (from `--pwn_dec` or default). |
|
|
279
|
+
| `pwn_skills_path` | `PWN::Config.refresh_env` | Absolute path to `~/.pwn/skills/`. |
|
|
280
|
+
| `pwn_memory_path` | `PWN::Config.refresh_env` | Absolute path to `~/.pwn/memory.json`. |
|
|
281
|
+
| `pwn_sessions_path` | `PWN::Config.refresh_env` | Absolute path to `~/.pwn/sessions/`. |
|
|
282
|
+
| `pwn_cron_path` | `PWN::Config.refresh_env` | Absolute path to `~/.pwn/cron/`. |
|
|
283
|
+
| `ai.<engine>.response_history` | `PWN::Config.refresh_env` | Rolling chat history for the active engine (reset on every reload). |
|
|
284
|
+
| `ai.session_id` | `PWN::AI::Agent::Loop.run` | Active `PWN::Sessions` id for the current turn (read by `sessions_current`, `mistakes_record`). |
|
|
285
|
+
|
|
286
|
+
---
|
|
287
|
+
|
|
288
|
+
## Redaction
|
|
289
|
+
|
|
290
|
+
`PWN::Config.redact_sensitive_artifacts` (and therefore `PWN::EnvRedacted`)
|
|
291
|
+
masks any key named: `admin_key`, `api_key`, `auth_client_secret`,
|
|
292
|
+
`bearer_token`, `client_secret`, `consumer_key`, `key`, `pass`, `password`,
|
|
293
|
+
`psk`, `refresh_token`, `secret_key`, `token`. Use those key names for any
|
|
294
|
+
custom secrets you add so they never leak into logs, transcripts, or the
|
|
295
|
+
agent system prompt.
|
|
296
|
+
|
|
297
|
+
---
|
|
47
298
|
|
|
48
|
-
|
|
49
|
-
|---|---|
|
|
50
|
-
| `ai.engine` | `PWN::AI::Agent::Loop` — which client to instantiate |
|
|
51
|
-
| `ai.<engine>.key` / `.oauth` | `PWN::AI::OpenAI` / `Anthropic` / `Grok` / `Gemini` / `Ollama` |
|
|
52
|
-
| `ai.agent.max_iters` | hard stop on tool-call rounds |
|
|
53
|
-
| `ai.agent.max_depth` | `Swarm` recursion guard |
|
|
54
|
-
| `ai.agent.auto_reflect` | toggle `Learning.auto_reflect` |
|
|
55
|
-
| `ai.agent.auto_extrospect` | toggle `Extrospection.auto_extrospect` |
|
|
56
|
-
| `burp.*` | `PWN::Plugins::BurpSuite` |
|
|
57
|
-
| `metasploit.*` | `PWN::Plugins::Metasploit` |
|
|
58
|
-
| `zap.*` | `PWN::Plugins::Zaproxy` |
|
|
59
|
-
| `shodan.key` / `hunter.key` / … | respective OSINT plugins |
|
|
60
|
-
| `aws.*` | `PWN::AWS::*` (falls back to standard AWS SDK env/instance-profile) |
|
|
299
|
+
## Related files under `~/.pwn/`
|
|
61
300
|
|
|
62
|
-
|
|
301
|
+
`pwn.yaml` is the only file you edit; everything else is machine-written
|
|
302
|
+
state. See **[Persistence](Persistence.md)** for the full map
|
|
303
|
+
(`memory.json`, `learning.jsonl`, `mistakes.json`, `metrics.json`,
|
|
304
|
+
`extrospection.json`, `sessions/`, `skills/`, `cron/`, `agents.yml`,
|
|
305
|
+
`swarm/`).
|
|
63
306
|
|
|
64
|
-
|
|
307
|
+
Multi-agent personas are **not** configured here — they live in
|
|
308
|
+
`~/.pwn/agents.yml` and are managed with `agent_spawn` / `agent_list`
|
|
309
|
+
(see **[Swarm](Swarm.md)**).
|
|
65
310
|
|
|
66
|
-
[← Home](Home.md)
|
|
311
|
+
[← Home](Home.md) · [Persistence](Persistence.md) · [pwn-ai Agent](pwn-ai-Agent.md) · [Extrospection](Extrospection.md)
|
data/documentation/Cron.md
CHANGED
|
@@ -37,7 +37,7 @@ cron_create(
|
|
|
37
37
|
```
|
|
38
38
|
|
|
39
39
|
At 02:00 the system cron fires `PWN::Cron.run`, which spins up a headless
|
|
40
|
-
`pwn-ai` turn. Because `
|
|
40
|
+
`pwn-ai` turn. Because `auto_introspect` and `auto_extrospect` are on, the run
|
|
41
41
|
also updates Learning/Metrics/Extrospection — so tomorrow's interactive
|
|
42
42
|
session already knows what changed overnight.
|
|
43
43
|
|
|
@@ -22,7 +22,7 @@ its own performance, turns wins into permanent capability, and — critically
|
|
|
22
22
|
1. Dispatch runs a tool → Metrics.record(tool, ok?, ms)
|
|
23
23
|
↳ tool FAILED? → Mistakes.record(tool, error) (count++, cross-session)
|
|
24
24
|
↳ same sig ≥3×? → guard_repeated_failure + inline correction_hint
|
|
25
|
-
2. Final answer produced → Learning.
|
|
25
|
+
2. Final answer produced → Learning.auto_introspect(session_id)
|
|
26
26
|
3. Reflect finds a durable insight → Memory.remember(lesson_xxxx, …)
|
|
27
27
|
4. A whole workflow succeeded → Learning.distill_skill(name, session_id, references:)
|
|
28
28
|
5. Found a fix for a mistake → mistakes_resolve(sig, fix) → Memory :lesson "AVOID X — FIX: Y"
|
|
@@ -66,7 +66,7 @@ the `## References` section, deduplicates, and exposes them via
|
|
|
66
66
|
| `mistakes_reset(confirm: true)` | new host/engagement — prior failure patterns no longer apply |
|
|
67
67
|
| `metrics_reset(confirm: true)` | fixed a broken tool; stale 0 % is misleading |
|
|
68
68
|
| `skill_delete(name)` | auto-distilled skill turned out low-quality |
|
|
69
|
-
| `
|
|
69
|
+
| `learning_auto_introspect_toggle(enabled: false)` | during noisy fuzz loops |
|
|
70
70
|
|
|
71
71
|
**See also:** [Mistakes](Mistakes.md) — the negative-feedback half ·
|
|
72
72
|
[Extrospection](Extrospection.md) — the outward-facing half ·
|
|
@@ -71,7 +71,7 @@ digraph "PWN_AI_Feedback_Learning_Loop" {
|
|
|
71
71
|
|
|
72
72
|
/* L1 → L2 */
|
|
73
73
|
Dispatch -> Metrics [label="record()", color="#34d399"];
|
|
74
|
-
Result -> Learning [label="
|
|
74
|
+
Result -> Learning [label="auto_introspect", color="#34d399"];
|
|
75
75
|
Dispatch -> Mistakes [label="on failure\nrecord()", color="#fb7185", penwidth=2];
|
|
76
76
|
User -> Mistakes [label="\"that's wrong\"\ncheck_user_correction", color="#fb7185",
|
|
77
77
|
style=dashed, constraint=false];
|
|
@@ -8,9 +8,9 @@
|
|
|
8
8
|
viewBox="0.00 0.00 1891.00 723.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
|
9
9
|
<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(43.2 679.95)">
|
|
10
10
|
<title>PWN_AI_Feedback_Learning_Loop</title>
|
|
11
|
-
<polygon fill="#0f172a" stroke="none" points="-43.2,43.2 -43.2,-679.95 1847.
|
|
12
|
-
<text xml:space="preserve" text-anchor="start" x="708.
|
|
13
|
-
<text xml:space="preserve" text-anchor="start" x="715.
|
|
11
|
+
<polygon fill="#0f172a" stroke="none" points="-43.2,43.2 -43.2,-679.95 1847.82,-679.95 1847.82,43.2 -43.2,43.2"/>
|
|
12
|
+
<text xml:space="preserve" text-anchor="start" x="708.81" y="-614.75" font-family="Helvetica,sans-Serif" font-weight="bold" font-size="20.00" fill="#e2e8f0">pwn-ai — Closed Self-Improvement Loop</text>
|
|
13
|
+
<text xml:space="preserve" text-anchor="start" x="715.93" y="-603.3" font-family="Helvetica,sans-Serif" font-size="11.00" fill="#94a3b8">Introspection (self)  ⟷  Extrospection (world)  ·  Mistakes (negative feedback)</text>
|
|
14
14
|
<g id="clust2" class="cluster">
|
|
15
15
|
<title>cluster_core</title>
|
|
16
16
|
<path fill="#2e1065" stroke="#6d28d9" stroke-width="2" d="M376.77,-424C376.77,-424 713.77,-424 713.77,-424 719.77,-424 725.77,-430 725.77,-436 725.77,-436 725.77,-495.25 725.77,-495.25 725.77,-501.25 719.77,-507.25 713.77,-507.25 713.77,-507.25 376.77,-507.25 376.77,-507.25 370.77,-507.25 364.77,-501.25 364.77,-495.25 364.77,-495.25 364.77,-436 364.77,-436 364.77,-430 370.77,-424 376.77,-424"/>
|
|
@@ -208,7 +208,7 @@
|
|
|
208
208
|
<title>Result->Learning</title>
|
|
209
209
|
<path fill="none" stroke="#34d399" stroke-width="1.3" d="M445.63,-431.31C452.81,-428.41 460.41,-425.77 467.77,-424 714.4,-364.49 806.38,-475.4 1035.77,-367 1055.89,-357.49 1075.27,-342.08 1090.33,-328.21"/>
|
|
210
210
|
<polygon fill="#34d399" stroke="#34d399" stroke-width="1.3" points="1092.05,-330.44 1095.94,-322.91 1088.2,-326.37 1092.05,-330.44"/>
|
|
211
|
-
<text xml:space="preserve" text-anchor="middle" x="
|
|
211
|
+
<text xml:space="preserve" text-anchor="middle" x="1040.38" y="-382.2" font-family="Helvetica,sans-Serif" font-size="9.00" fill="#cbd5e1">auto_introspect</text>
|
|
212
212
|
</g>
|
|
213
213
|
<!-- Result->Observe -->
|
|
214
214
|
<g id="edge11" class="edge">
|
|
@@ -382,9 +382,9 @@
|
|
|
382
382
|
<!-- Correlate->Prompt -->
|
|
383
383
|
<g id="edge37" class="edge">
|
|
384
384
|
<title>Correlate->Prompt</title>
|
|
385
|
-
<path fill="none" stroke="#fb7185" stroke-width="2" stroke-dasharray="5,2" d="M688.58,-166C859.66,-183.09 1168.35,-218.92 1200.77,-257.75 1231.89,-295.02
|
|
386
|
-
<polygon fill="#fb7185" stroke="#fb7185" stroke-width="2" points="584.97,-431.
|
|
387
|
-
<text xml:space="preserve" text-anchor="middle" x="1263.
|
|
385
|
+
<path fill="none" stroke="#fb7185" stroke-width="2" stroke-dasharray="5,2" d="M688.58,-166C859.66,-183.09 1168.35,-218.92 1200.77,-257.75 1231.89,-295.02 1230.76,-328.82 1200.77,-367 1162,-416.36 700.86,-414.85 638.77,-424 621.19,-426.59 602.23,-430.61 585.23,-434.67"/>
|
|
386
|
+
<polygon fill="#fb7185" stroke="#fb7185" stroke-width="2" points="584.97,-431.85 577.86,-436.47 586.3,-437.29 584.97,-431.85"/>
|
|
387
|
+
<text xml:space="preserve" text-anchor="middle" x="1263.06" y="-293.45" font-family="Helvetica,sans-Serif" font-size="9.00" fill="#cbd5e1">findings → next run</text>
|
|
388
388
|
</g>
|
|
389
389
|
<!-- Correlate->Fmet -->
|
|
390
390
|
<!-- Fmis->Prompt -->
|
|
@@ -412,9 +412,9 @@
|
|
|
412
412
|
<!-- Fext->Prompt -->
|
|
413
413
|
<g id="edge35" class="edge">
|
|
414
414
|
<title>Fext->Prompt</title>
|
|
415
|
-
<path fill="none" stroke="#fbbf24" stroke-width="1.3" stroke-dasharray="5,2" d="M390.5,-52.69C404.23,-65.91 424.9,-83.05 446.77,-91.25 600.4,-148.86 1020.44,-120.56 1183.77,-136.25 1430.07,-159.92 1572.59,-22.74 1735.77,-208.75 1800.
|
|
415
|
+
<path fill="none" stroke="#fbbf24" stroke-width="1.3" stroke-dasharray="5,2" d="M390.5,-52.69C404.23,-65.91 424.9,-83.05 446.77,-91.25 600.4,-148.86 1020.44,-120.56 1183.77,-136.25 1430.07,-159.92 1572.59,-22.74 1735.77,-208.75 1800.17,-282.17 1714.06,-367.09 1620.77,-396 1516.5,-428.31 747.02,-409.96 638.77,-424 620.81,-426.33 601.46,-430.37 584.22,-434.53"/>
|
|
416
416
|
<polygon fill="#fbbf24" stroke="#fbbf24" stroke-width="1.3" points="583.88,-431.73 576.79,-436.37 585.22,-437.16 583.88,-431.73"/>
|
|
417
|
-
<text xml:space="preserve" text-anchor="middle" x="1777.
|
|
417
|
+
<text xml:space="preserve" text-anchor="middle" x="1777.24" y="-215.95" font-family="Helvetica,sans-Serif" font-size="9.00" fill="#cbd5e1">EXTRO block</text>
|
|
418
418
|
</g>
|
|
419
419
|
</g>
|
|
420
420
|
</svg>
|
|
@@ -39,7 +39,7 @@ $ pwn --ai "run bin/pwn_sast against ./src and push findings to DefectDojo"
|
|
|
39
39
|
*change-approach* instruction.
|
|
40
40
|
5. Results are appended to the message list; go to 3.
|
|
41
41
|
6. When the reply has *no* tool_calls it's the **final answer** →
|
|
42
|
-
`Learning.
|
|
42
|
+
`Learning.auto_introspect` and `Extrospection.auto_extrospect` fire (if
|
|
43
43
|
enabled), transcript is flushed to `~/.pwn/sessions/`.
|
|
44
44
|
|
|
45
45
|

|
|
@@ -71,8 +71,8 @@ full `Loop.run` under a persona overlay) that share a JSONL bus. See
|
|
|
71
71
|
- SHIFT+ENTER = newline, ENTER = submit.
|
|
72
72
|
- `back` / `exit` returns to the plain REPL.
|
|
73
73
|
- Set `ai.agent.max_iters` in `~/.pwn/config.yml` if long tasks get truncated.
|
|
74
|
-
- Disable `
|
|
75
|
-
(`
|
|
74
|
+
- Disable `auto_introspect` during noisy fuzz loops
|
|
75
|
+
(`learning_auto_introspect_toggle(enabled: false)`), re-enable for the summary
|
|
76
76
|
turn.
|
|
77
77
|
- Run `mistakes_list` before retrying something that failed last session — the
|
|
78
78
|
fix may already be recorded.
|
|
@@ -35,7 +35,7 @@ module PWN
|
|
|
35
35
|
raise "ERROR: Unsupported type parameter value '#{type}'. Supported values are :opcodes_to_asm and :asm_to_opcodes."
|
|
36
36
|
end
|
|
37
37
|
|
|
38
|
-
PWN::AI::Agent::
|
|
38
|
+
PWN::AI::Agent::Reflect.on(
|
|
39
39
|
system_role_content: system_role_content,
|
|
40
40
|
request: request,
|
|
41
41
|
suppress_pii_warning: true
|
data/lib/pwn/ai/agent/btc.rb
CHANGED
|
@@ -16,7 +16,7 @@ module PWN
|
|
|
16
16
|
|
|
17
17
|
system_role_content = 'Provide a useful summary of this latest bitcoin block returned from a bitcoin node via getblockchaininfo.'
|
|
18
18
|
|
|
19
|
-
PWN::AI::Agent::
|
|
19
|
+
PWN::AI::Agent::Reflect.on(
|
|
20
20
|
system_role_content: system_role_content,
|
|
21
21
|
request: request,
|
|
22
22
|
suppress_pii_warning: true
|
|
@@ -50,7 +50,7 @@ module PWN
|
|
|
50
50
|
Analyze provided HTTP request/response pairs methodically: Start with a high-level overview, then dive into specifics, flag potential issues with evidence from the traffic, and end with PoC if applicable. Be verbose in reasoning but concise in output. Prioritize high-severity findings. If data is incomplete, request clarifications. If analyzing a JavaScript source map file (i.e. .js.map), focus on deobfuscating and identifying any potentially vulnerable code patterns, especially those that could lead to client-side vulnerabilities like DOM XSS, prototype pollution, or insecure deserialization. Look for patterns such as eval, document.write, innerHTML assignments, and event handlers that could be influenced by user input. Provide detailed analysis and PoCs if vulnerabilities are identified.
|
|
51
51
|
'
|
|
52
52
|
|
|
53
|
-
PWN::AI::Agent::
|
|
53
|
+
PWN::AI::Agent::Reflect.on(
|
|
54
54
|
system_role_content: system_role_content,
|
|
55
55
|
request: request,
|
|
56
56
|
suppress_pii_warning: true
|
|
@@ -597,7 +597,7 @@ module PWN
|
|
|
597
597
|
# session_id: 'optional - id of the just-completed session (for tagging)'
|
|
598
598
|
# )
|
|
599
599
|
#
|
|
600
|
-
# Called by Learning.
|
|
600
|
+
# Called by Learning.auto_introspect when
|
|
601
601
|
# PWN::Env[:ai][:agent][:auto_extrospect] is truthy. Captures a fresh
|
|
602
602
|
# snapshot and, if drift is non-trivial, records it as an observation
|
|
603
603
|
# and a PWN::Memory :env fact so the NEXT session's system prompt
|
|
@@ -1083,7 +1083,7 @@ module PWN
|
|
|
1083
1083
|
PWN::AI::Agent::Extrospection.correlate # introspection x extrospection findings
|
|
1084
1084
|
PWN::AI::Agent::Extrospection.to_context # injected by PromptBuilder
|
|
1085
1085
|
PWN::AI::Agent::Extrospection.stats
|
|
1086
|
-
PWN::AI::Agent::Extrospection.auto_extrospect(session_id: sid) # called from Learning.
|
|
1086
|
+
PWN::AI::Agent::Extrospection.auto_extrospect(session_id: sid) # called from Learning.auto_introspect
|
|
1087
1087
|
PWN::AI::Agent::Extrospection.snapshot(sections: %i[web]) # opt-in browser probe of web_anchors
|
|
1088
1088
|
PWN::AI::Agent::Extrospection.watch(url: 'https://target/api/version')
|
|
1089
1089
|
PWN::AI::Agent::Extrospection.verify(claim: 'CVE-2026-12345 affects OpenSSL 3.2.1')
|
data/lib/pwn/ai/agent/gqrx.rb
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
module PWN
|
|
4
4
|
module AI
|
|
5
5
|
module Agent
|
|
6
|
-
# This module is an AI agent designed to analyze signal data captured by a software-defined-radio using GQRX. It uses the PWN::AI::Agent::
|
|
6
|
+
# This module is an AI agent designed to analyze signal data captured by a software-defined-radio using GQRX. It uses the PWN::AI::Agent::Reflect.on method to analyze the signal data and provide insights based on the location where the data was captured. The agent can determine if the frequency is licensed or unlicensed based on FCC records and provide relevant information about the transmission. This module is useful for security professionals, researchers, and hobbyists interested in analyzing radio signals and understanding their context.
|
|
7
7
|
module GQRX
|
|
8
8
|
# Supported Method Parameters::
|
|
9
9
|
# ai_analysis = PWN::AI::Agent::GQRX.analyze(
|
|
@@ -20,7 +20,7 @@ module PWN
|
|
|
20
20
|
|
|
21
21
|
system_role_content = "Analyze signal data captured by a software-defined-radio using GQRX at the following location: #{location}. Respond with just FCC information about the transmission if available. If the frequency is unlicensed or not found in FCC records, state that clearly. Be clear and concise in your analysis."
|
|
22
22
|
|
|
23
|
-
PWN::AI::Agent::
|
|
23
|
+
PWN::AI::Agent::Reflect.on(
|
|
24
24
|
system_role_content: system_role_content,
|
|
25
25
|
request: request,
|
|
26
26
|
suppress_pii_warning: true
|