pwn 0.5.609 → 0.5.612

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 136257739e1b8bd0279eb7d0fe5763237321f9248a944ddd30260e3687fb74d2
-  data.tar.gz: 8a7b62b9c7ae10c5fecfbea6c8868c25d342162a30c5c8e053de93227582a985
+  metadata.gz: 8beaa60314e788a7122a92098c1ea4897cf488ef88efd1030f1f704656dbe1ff
+  data.tar.gz: 94fff44f3cdc34c997fb920f63affa133cab0de4d309acf4c09f4451adbbdcf6
 SHA512:
-  metadata.gz: 8f8657d28da8b182b93ec5111f759a2a390a4856ea05056e6ef7007da798c12799febad57a21dff3a99486f7c8cc30b844aa1220edfac61adc93ad6ef03c832b
-  data.tar.gz: 3b3f9506e4f8d3fc0ac026d1b46921c79ff4980e4c750d192904e6edbc86cc406475441e5e4987890400aab982410c1d811726189f70700690cbcac14961f036
+  metadata.gz: d9869f0a43c78a53238b1ef1ab58f54f27f1da575ad101aff4c172e813ec7878b92465f5d0f8984bce33a1a6227ec3a67c80ee63e1643683deaa45e2860e9c52
+  data.tar.gz: 1407422fb0cc44c84232f37f664a07eb0a80bafaf748e8aadbe310652640ed83526e1ce48d34a1d0302d4537c27ca71983c44595824b39080693157ba038322f

data/README.md

@@ -37,7 +37,7 @@ $ cd /opt/pwn
 $ ./install.sh
 $ ./install.sh ruby-gem
 $ pwn
-pwn[v0.5.609]:001 >>> PWN.help
+pwn[v0.5.612]:001 >>> PWN.help
 ```
 
 [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-4.0.5@pwn
 $ gem uninstall --all --executables pwn
 $ gem install --verbose pwn
 $ pwn
-pwn[v0.5.609]:001 >>> PWN.help
+pwn[v0.5.612]:001 >>> PWN.help
 ```
 
 If you're using a multi-user install of RVM do:
@@ -62,7 +62,7 @@ $ rvm use ruby-4.0.5@pwn
 $ rvmsudo gem uninstall --all --executables pwn
 $ rvmsudo gem install --verbose pwn
 $ pwn
-pwn[v0.5.609]:001 >>> PWN.help
+pwn[v0.5.612]:001 >>> PWN.help
 ```
 
 PWN periodically upgrades to the latest version of Ruby which is reflected in `/opt/pwn/.ruby-version`.  The easiest way to upgrade to the latest version of Ruby from a previous PWN installation is to run the following script:

data/lib/pwn/ai/agent/loop.rb

@@ -25,60 +25,74 @@ module PWN
           gemini: 'PWN::AI::Gemini'
         }.freeze
 
-        # Supported Method Parameters::
-        # final = PWN::AI::Agent::Loop.run(
-        #   user_text: 'required - what the human typed',
-        #   session_id: 'optional - PWN::Sessions id (transcript is appended to it)',
-        #   enabled_toolsets: 'optional - subset of Registry.toolsets, or nil for all',
-        #   on_tool: 'optional - ->(name, args, result) callback for live UI'
-        # )
+        private_class_method def self.degrade_text_only(opts = {})
+          mod      = opts[:mod]
+          messages = opts[:messages]
 
-        public_class_method def self.run(opts = {})
-          user_text  = opts[:user_text].to_s
-          session_id = opts[:session_id]
-          on_tool    = opts[:on_tool]
+          warn "[pwn-ai] #{mod} has no chat — falling back to text-only (no tool-calling)"
+          sys  = messages.find { |m| m[:role] == 'system' }
+          user = messages.rfind { |m| m[:role] == 'user' }
+          r = mod.chat(
+            request: user[:content],
+            system_role_content: sys&.[](:content),
+            spinner: true
+          )
 
-          Registry.discover
+          txt = r.is_a?(Hash) ? (r.dig(:choices, -1, :content) || r.dig(:choices, -1, :text)).to_s : r.to_s
+          { role: 'assistant', content: txt, tool_calls: [] }
+        end
 
-          tools    = Registry.definitions(enabled: opts[:enabled_toolsets])
-          messages = [
-            { role: 'system', content: PromptBuilder.build(session_id: session_id) },
-            { role: 'user',   content: user_text }
-          ]
-          append_session(session_id: session_id, role: 'user', content: user_text)
+        private_class_method def self.max_iters
+          v = (PWN::Env.dig(:ai, :agent, :max_iters) if defined?(PWN::Env))
+          v.to_i.positive? ? v.to_i : DEFAULT_MAX_ITERS
+        rescue StandardError
+          DEFAULT_MAX_ITERS
+        end
 
-          max_iters.times do |i|
-            msg = call_engine(messages: messages, tools: tools)
-            return '[pwn-ai] engine returned no message' if msg.nil?
+        private_class_method def self.append_session(opts = {})
+          session_id = opts[:session_id]
+          return unless session_id && defined?(PWN::Sessions)
 
-            messages << msg
-            calls = Array(msg[:tool_calls])
+          PWN::Sessions.append(
+            session_id: session_id,
+            role: opts[:role],
+            content: opts[:content]
+          )
+        rescue StandardError
+          nil
+        end
 
-            if calls.empty?
-              text = msg[:content].to_s
-              append_session(session_id: session_id, role: 'assistant', content: text)
-              return text
-            end
+        # Supported Method Parameters::
+        # msg = PWN::AI::Agent::Loop.normalize_llm(
+        #   response: 'required - chat_with_tools response Hash from any provider'
+        # )
 
-            calls.each do |tc|
-              name   = tc.dig(:function, :name).to_s
-              entry  = Registry.lookup(name: name)
-              raw    = Dispatch.call(tool_call: tc)
-              result = Result.condition(content: raw, entry: entry)
+        private_class_method def self.normalize_llm(opts = {})
+          resp = opts[:response]
+          return nil unless resp.is_a?(Hash)
 
-              on_tool&.call(name, tc.dig(:function, :arguments), result)
+          msg = resp.dig(:choices, 0, :message) || resp[:assistant_message]
+          return nil unless msg
 
-              messages << {
-                role: 'tool',
-                tool_call_id: tc[:id] || tc['id'] || "call_#{i}",
-                name: name,
-                content: result
+          out = {
+            role: 'assistant',
+            content: msg[:content],
+            tool_calls: Array(msg[:tool_calls]).map do |tc|
+              {
+                id: tc[:id],
+                type: 'function',
+                function: {
+                  name: tc.dig(:function, :name) || tc[:name],
+                  arguments: tc.dig(:function, :arguments) || tc[:arguments]
+                }
               }
-              append_session(session_id: session_id, role: 'tool', content: "#{name} → #{result[0, 400]}")
             end
-          end
-
-          '[pwn-ai] iteration budget exhausted'
+          }
+          # Preserve provider-native content blocks so chat can round-trip
+          # them exactly on the next iteration (e.g. Anthropic requires the
+          # original tool_use block to precede a tool_result).
+          out[:_native_content] = msg[:_native_content] if msg[:_native_content]
+          out
         end
 
         # Supported Method Parameters::
@@ -92,9 +106,9 @@ module PWN
         #     tool_calls: [ {id:, type:'function', function:{name:, arguments:}} ],
         #     _native_content: <provider raw>  (when adapter needs round-trip) }
 
-        public_class_method def self.call_engine(opts = {})
+        private_class_method def self.call_engine(opts = {})
           messages = opts[:messages]
-          tools    = opts[:tools]
+          tools = opts[:tools]
 
           engine = (PWN::Env.dig(:ai, :active) if defined?(PWN::Env)).to_s.downcase.to_sym
           engine = :openai if engine == :''
@@ -104,79 +118,77 @@ module PWN
 
           mod = Object.const_get(mod_name)
           if mod.respond_to?(:chat_with_tools)
-            puts "MESSAGES:\n#{messages.inspect}\nTOOLS:\n#{tools.inspect}" if Pry.config.pwn_ai_debug
-            normalize_llm(
-              response: mod.chat_with_tools(
-                messages: messages,
-                tools: tools,
-                spinner: true
-              )
+            response = mod.chat_with_tools(
+              messages: messages,
+              tools: tools,
+              spinner: true
             )
+            normalize_llm(response: response)
           else
             degrade_text_only(mod: mod, messages: messages)
           end
         end
 
         # Supported Method Parameters::
-        # msg = PWN::AI::Agent::Loop.normalize_llm(
-        #   response: 'required - chat_with_tools response Hash from any provider'
+        # final = PWN::AI::Agent::Loop.run(
+        #   request: 'required - what the human typed',
+        #   session_id: 'optional - PWN::Sessions id (transcript is appended to it)',
+        #   enabled_toolsets: 'optional - subset of Registry.toolsets, or nil for all',
+        #   on_tool: 'optional - ->(name, args, result) callback for live UI',
+        #   system_role_content: 'optional - override default system prompt (built from session_id if not provided)'
         # )
 
-        public_class_method def self.normalize_llm(opts = {})
-          resp = opts[:response]
-          puts "RESPONSE: #{resp.inspect}" if Pry.config.pwn_ai_debug
-          return nil unless resp.is_a?(Hash)
+        public_class_method def self.run(opts = {})
+          request = opts[:request].to_s
+          session_id = opts[:session_id]
+          on_tool = opts[:on_tool]
+          system_role_content = opts[:system_role_content] ||= PWN::AI::Agent::PromptBuilder.build(session_id: session_id)
 
-          msg = resp.dig(:choices, 0, :message) || resp[:assistant_message]
-          return nil unless msg
+          Registry.discover
 
-          out = {
-            role: 'assistant',
-            content: msg[:content],
-            tool_calls: Array(msg[:tool_calls]).map do |tc|
-              {
-                id: tc[:id],
-                type: 'function',
-                function: {
-                  name: tc.dig(:function, :name) || tc[:name],
-                  arguments: tc.dig(:function, :arguments) || tc[:arguments]
-                }
-              }
-            end
-          }
-          # Preserve provider-native content blocks so chat can round-trip
-          # them exactly on the next iteration (e.g. Anthropic requires the
-          # original tool_use block to precede a tool_result).
-          out[:_native_content] = msg[:_native_content] if msg[:_native_content]
-          out
-        end
+          tools    = Registry.definitions(enabled: opts[:enabled_toolsets])
+          messages = [
+            { role: 'system', content: system_role_content },
+            { role: 'user',   content: request }
+          ]
+          append_session(session_id: session_id, role: 'user', content: request)
 
-        private_class_method def self.degrade_text_only(opts = {})
-          mod      = opts[:mod]
-          messages = opts[:messages]
+          max_iters.times do |i|
+            msg = call_engine(messages: messages, tools: tools)
+            return '[pwn-ai] engine returned no message' if msg.nil?
 
-          warn "[pwn-ai] #{mod} has no chat — falling back to text-only (no tool-calling)"
-          sys  = messages.find { |m| m[:role] == 'system' }
-          user = messages.rfind { |m| m[:role] == 'user' }
-          r = mod.chat(request: user[:content], system_role_content: sys&.[](:content), spinner: true)
-          txt = r.is_a?(Hash) ? (r.dig(:choices, -1, :content) || r.dig(:choices, -1, :text)).to_s : r.to_s
-          { role: 'assistant', content: txt, tool_calls: [] }
-        end
+            messages << msg
+            calls = Array(msg[:tool_calls])
 
-        private_class_method def self.max_iters
-          v = (PWN::Env.dig(:ai, :agent, :max_iters) if defined?(PWN::Env))
-          v.to_i.positive? ? v.to_i : DEFAULT_MAX_ITERS
-        rescue StandardError
-          DEFAULT_MAX_ITERS
-        end
+            if calls.empty?
+              text = msg[:content].to_s
+              append_session(session_id: session_id, role: 'assistant', content: text)
+              return text
+            end
 
-        private_class_method def self.append_session(opts = {})
-          session_id = opts[:session_id]
-          return unless session_id && defined?(PWN::Sessions)
+            calls.each do |tc|
+              name   = tc.dig(:function, :name).to_s
+              entry  = Registry.lookup(name: name)
+              raw    = Dispatch.call(tool_call: tc)
+              result = Result.condition(content: raw, entry: entry)
 
-          PWN::Sessions.append(session_id: session_id, role: opts[:role], content: opts[:content])
-        rescue StandardError
-          nil
+              on_tool&.call(name, tc.dig(:function, :arguments), result)
+
+              messages << {
+                role: 'tool',
+                tool_call_id: tc[:id] || tc['id'] || "call_#{i}",
+                name: name,
+                content: result
+              }
+              append_session(
+                session_id: session_id,
+                role: 'tool',
+                content: "#{name} → #{result[0, 1_024]}"
+              )
+            end
+          end
+
+          '[pwn-ai] iteration budget exhausted'
         end
 
         # Author(s):: 0day Inc. <support@0dayinc.com>
@@ -191,10 +203,11 @@ module PWN
           puts <<~USAGE
             USAGE:
               final = PWN::AI::Agent::Loop.run(
-                user_text: 'what does `id` return on this host?',
+                request: 'what does `id` return on this host?',
                 session_id: PWN::Sessions.create[:id],
                 enabled_toolsets: %w[terminal pwn memory skills],
-                on_tool: ->(name, args, result) { puts "→ \#{name}: \#{result[0,80]}" }
+                on_tool: ->(name, args, result) { puts "→ \#{name}: \#{result[0,1_024]}" },
+                system_role_content: 'You are a helpful assistant that can call tools to answer questions.'
               )
 
               Supported engines: #{ENGINE_MODS.keys.join(', ')}

data/lib/pwn/ai/agent/prompt_builder.rb

@@ -19,8 +19,7 @@ module PWN
         public_class_method def self.build(opts = {})
           session_id = opts[:session_id]
           engine = active_engine
-          base   = (PWN::Env.dig(:ai, engine, :system_role_content) if defined?(PWN::Env)) ||
-                   'You are an offensive-security AI named Sonny operating inside the pwn REPL.'
+          base = (PWN::Env.dig(:ai, engine, :system_role_content) if defined?(PWN::Env)) || 'You are a world-class introspective offensive cyber security and research engineer.  You specialize in discovering zero day vulnerabilities focused on responsible disclosure prior to threat actors discovering and exploiting.  You are self-aware of your harness, pwn which begins with the ruby namespace `PWN` operating inside the pwn REPL.  For every request you first begin by determining if PWN has a module capable of satisfying the request.'
 
           "
             #{base}

data/lib/pwn/ai/agent/tools/ruby_eval.rb

@@ -34,10 +34,24 @@ PWN::AI::Agent::Registry.register(
     buf = StringIO.new
     $stdout = buf
     begin
-      # rubocop:disable Security/Eval -- intentional: this IS the pwn-ai → PWN bridge
-      val = eval(code, TOPLEVEL_BINDING, '(pwn_eval)')
+      # rubocop:disable Security/Eval
+      # rubocop:disable Style/DocumentDynamicEvalDefinition
+      # INTENTIONAL: this IS the pwn-ai → PWN bridge
+      # As YTCracker says, "It ain't a bug, it's a featcha."
+      # https://www.youtube.com/watch?v=2nALqqSqdDw
+      # val = eval(code, TOPLEVEL_BINDING, '(pwn_eval)')
+      proc = eval(
+        "proc { #{code} }",
+        TOPLEVEL_BINDING,
+        __FILE__,
+        __LINE__ - 3
+      )
+      val = proc.call
       # rubocop:enable Security/Eval
+      # rubocop:enable Style/DocumentDynamicEvalDefinition
       { stdout: buf.string, value: val.inspect }
+
+      # TODO: A rescue here may enable self-healing of the agent if the model emits code that raises an exception. The model could then be prompted to fix the code and try again.
     ensure
       $stdout = old_stdout
     end

data/lib/pwn/ai/grok.rb

@@ -4,6 +4,7 @@ require 'json'
 require 'rest-client'
 require 'tty-spinner'
 require 'uri'
+require 'base64'
 
 module PWN
   module AI
@@ -25,10 +26,25 @@ module PWN
       # after redirect (OOB), then exchanges at token_uri for the bearer_token.
       # This fulfills calling the authorize endpoint (via URL) only when oauth configured.
       # Uses xAI's supported scopes like grok-cli:access. Stores result in the oauth hash for the session.
-      private_class_method def self.obtain_oauth_bearer_token(opts = {})
+      # Supported Method Parameters::
+      # bearer = PWN::AI::Grok.obtain_oauth_bearer_token(
+      #   client_id: 'xAI OAuth Client ID',
+      #   client_secret: 'xAI OAuth Client Secret',
+      #   token_uri: 'optional - xAI OAuth token endpoint (defaults to https://auth.x.ai/oauth2/token)'
+      # )
+      #
+      # Public so users can manually trigger enrollment if desired.
+      # INTERNAL default path: only invoked from grok_rest_call when oauth client_id+secret present
+      # and no bearer_token yet in the loaded PWN::Env (from pwn-vault encrypted ~/.pwn/pwn.yaml).
+      #
+      # This is a SINGULAR ENROLLMENT process (not per-call or per-session).
+      # The resulting bearer_token (and optional refresh_token) is long-lived for xAI SuperGrok
+      # subscriptions. Once you store it in your pwn-vault config, every future `pwn` / PWN::Env load
+      # will have it; the guard will skip this flow entirely and use "Authorization: Bearer ..." directly.
+      # (No re-prompting every time you run pwn or call PWN::AI::Grok.chat.)
+      public_class_method def self.obtain_oauth_bearer_token(opts = {})
         client_id = opts[:client_id]
         client_secret = opts[:client_secret]
-        return nil unless client_id && client_secret
 
         scope = 'grok-cli:access'
         redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'
@@ -44,38 +60,68 @@ module PWN
         }
         authorize_url = "#{auth_uri}?#{URI.encode_www_form(params)}"
 
-        puts "\n[*] OAuth configured for Grok (xAI SuperGrok). Authorize by visiting:"
-        puts "    #{authorize_url}"
-        puts '    Complete consent in browser, then paste the code shown (or from redirect).'
+        puts "\n[*] OAuth ENROLLMENT for Grok (xAI SuperGrok subscription)."
+        puts '    This is a ONE-TIME / SINGULAR enrollment process.'
+        puts '    The bearer_token you receive is LONG-LIVED (store it once; no re-obtain every call or run).'
+        puts ''
+        puts '    Step 1: Open this URL in your browser and complete the authorization/consent for the grok-cli app:'
+        puts "            #{authorize_url}"
+        puts ''
+        puts '    Step 2: After consent you will see (or be redirected to) an authorization code. Copy it exactly.'
+        puts ''
 
         code = PWN::Plugins::AuthenticationHelper.mask_password(prompt: 'Enter the authorization code from xAI OAuth')
 
-        # Exchange code for bearer at token endpoint (client_secret_post)
+        # Exchange code for bearer at token endpoint.
+        # Use standard confidential client auth: Authorization: Basic base64(client_id:client_secret)
+        # + client_id in body (secret NOT in body).
+        basic = "Basic #{Base64.strict_encode64("#{client_id}:#{client_secret}")}"
         payload = {
           grant_type: 'authorization_code',
           code: code,
           redirect_uri: redirect_uri,
-          client_id: client_id,
-          client_secret: client_secret
+          client_id: client_id
         }
 
         response = RestClient.post(
           token_uri,
           payload,
-          { content_type: 'application/x-www-form-urlencoded' }
+          {
+            content_type: 'application/x-www-form-urlencoded',
+            authorization: basic
+          }
         )
 
         data = JSON.parse(response.body)
+
+        if data['error']
+          desc = data['error_description'] || data['error']
+          raise "xAI OAuth token endpoint error: #{data['error']} - #{desc}"
+        end
+
         access_token = data['access_token']
 
         if access_token
           opts[:bearer_token] = access_token
           opts[:refresh_token] = data['refresh_token'] if data['refresh_token']
-          puts '[*] Bearer token obtained via authorize + token exchange and cached for this session.'
+          puts "\n[*] SUCCESS: Bearer token obtained via authorize + token exchange."
+          puts '    (Cached in-memory for this Ruby process so subsequent Grok calls in the same run skip re-enrollment.)'
+          puts ''
+          puts '    TO MAKE THIS PERMANENT (strongly recommended -- one-time only):'
+          puts '    1. Copy the bearer_token below (and refresh_token if present).'
+          puts '    2. Run your pwn-vault tool (or equivalent) and store under the ai.grok.oauth section:'
+          puts "         ai.grok.oauth.bearer_token = #{access_token}"
+          puts "         ai.grok.oauth.refresh_token = #{data['refresh_token']}" if data['refresh_token']
+          puts '    3. (Optional) You may leave or remove client_id/client_secret after storing the bearer.'
+          puts '    4. Next time PWN::Env loads (pwn -Y, pwn REPL, scripts, etc.) the bearer will be present'
+          puts '       from your encrypted ~/.pwn/pwn.yaml -- the guard will skip this entire flow.'
+          puts '       No more browser prompts or code pasting on future uses.'
+          puts ''
+          puts '    The token is long-lived for your SuperGrok subscription (xAI manages expiry/refresh as needed).'
           return access_token
         end
 
-        raise 'No access_token received from xAI OAuth token endpoint'
+        raise 'No access_token received from xAI OAuth token endpoint (unexpected response)'
       rescue StandardError => e
         raise "Failed to obtain Grok OAuth bearer token: #{e.message}"
       end
@@ -97,11 +143,14 @@ module PWN
         raise 'ERROR: Grok Hash not found in PWN::Env.  Run `pwn -Y default.yaml`, then `PWN::Env` for usage.' if engine.nil?
 
         oauth = engine[:oauth] ||= {}
-        if !oauth.empty? && oauth[:bearer_token].nil?
-          token = obtain_oauth_bearer_token
-          puts 'made it'
-          puts token
-          oauth[:bearer_token] = token if token
+        if oauth[:client_id] && !oauth[:client_id].to_s.empty? && !oauth[:client_id].to_s.match?(/optional/i) &&
+           oauth[:client_secret] && !oauth[:client_secret].to_s.empty? && !oauth[:client_secret].to_s.match?(/optional/i) &&
+           (oauth[:bearer_token].nil? || oauth[:bearer_token].to_s.empty? || oauth[:bearer_token].to_s.match?(/optional/i))
+          # ONLY call authorize flow when BOTH oauth:client_id + client_secret configured (non-optional)
+          # AND no valid bearer_token yet. This is the singular enrollment trigger.
+          # (Bearer is long-lived; store via pwn-vault once so future PWN::Env loads skip this.)
+          # Pass the live oauth hash so obtain can mutate it (for in-process cache; inner hash is mutable).
+          token = obtain_oauth_bearer_token(oauth)
         end
 
         token ||= engine[:key]

data/lib/pwn/ai/introspection.rb

@@ -31,59 +31,17 @@ module PWN
         ai_introspection = PWN::Env[:ai][:introspection]
 
         if ai_introspection && request.length.positive?
-          valid_ai_engines = PWN::AI.help.reject { |e| e.downcase == :introspection }.map(&:downcase)
           engine = PWN::Env[:ai][:active].to_s.downcase.to_sym
+          valid_ai_engines = PWN::AI.help.reject { |e| e.downcase == :introspection }.map(&:downcase)
           raise "ERROR: Unsupported AI engine. Supported engines are: #{valid_ai_engines}" unless valid_ai_engines.include?(engine)
 
-          puts "WARNING: AI Introspection is enabled.  Ensure #{engine} has been authorized for use and/or requests are sanitized properly." unless suppress_pii_warning
-          case engine
-          when :grok
-            response = PWN::AI::Grok.chat(
-              request: request.chomp,
-              system_role_content: system_role_content,
-              spinner: spinner
-            )
-            response = response[:choices].last[:content] if response.is_a?(Hash) &&
-                                                            response.key?(:choices) &&
-                                                            response[:choices].last.keys.include?(:content)
-          when :ollama
-            response = PWN::AI::Ollama.chat(
-              request: request.chomp,
-              system_role_content: system_role_content,
-              spinner: spinner
-            )
-            response = response[:choices].last[:content] if response.is_a?(Hash) &&
-                                                            response.key?(:choices) &&
-                                                            response[:choices].last.keys.include?(:content)
-          when :openai
-            response = PWN::AI::OpenAI.chat(
-              request: request.chomp,
-              system_role_content: system_role_content,
-              spinner: spinner
-            )
-            if response.is_a?(Hash) && response.key?(:choices)
-              response = response[:choices].last[:text] if response[:choices].last.keys.include?(:text)
-              response = response[:choices].last[:content] if response[:choices].last.keys.include?(:content)
-            end
-          when :anthropic
-            response = PWN::AI::Anthropic.chat(
-              request: request.chomp,
-              system_role_content: system_role_content,
-              spinner: spinner
-            )
-            response = response[:choices].last[:content] if response.is_a?(Hash) &&
-                                                            response.key?(:choices) &&
-                                                            response[:choices].last.keys.include?(:content)
-          when :gemini
-            response = PWN::AI::Gemini.chat(
-              request: request.chomp,
-              system_role_content: system_role_content,
-              spinner: spinner
-            )
-            response = response[:choices].last[:content] if response.is_a?(Hash) &&
-                                                            response.key?(:choices) &&
-                                                            response[:choices].last.keys.include?(:content)
-          end
+          warn "AI Introspection is enabled.  Ensure #{engine} has been authorized for use and/or requests are sanitized properly." unless suppress_pii_warning
+          response = PWN::AI::Agent::Loop.run(
+            request: request.chomp,
+            system_role_content: system_role_content,
+            enabled_toolsets: [],
+            spinner: spinner
+          )
         end
 
         response

data/lib/pwn/plugins/repl.rb

@@ -1153,7 +1153,7 @@ module PWN
                   puts "\001\e[36m\002#{result[0, 700]}\001\e[0m\002\n"
                 end
                 final = PWN::AI::Agent::Loop.run(
-                  user_text: orig_request,
+                  request: orig_request,
                   session_id: sess_id,
                   enabled_toolsets: PWN::Env.dig(:ai, :agent, :toolsets),
                   on_tool: on_tool

data/lib/pwn/plugins/zaproxy.rb

@@ -27,6 +27,7 @@ module PWN
         rest_call = opts[:rest_call].to_s.scrub
         http_method = opts[:http_method] ||= :get
         http_method = http_method.to_s.downcase.to_sym unless http_method.is_a?(Symbol)
+        skip_stop = opts[:skip_stop] || false
         params = opts[:params]
         http_body = opts[:http_body].to_s.scrub
 
@@ -65,7 +66,7 @@ module PWN
 
         response
       rescue StandardError, SystemExit, Interrupt => e
-        stop(zap_obj: zap_obj) unless zap_obj.nil?
+        stop(zap_obj: zap_obj) unless zap_obj.nil? && !skip_stop
         raise e
       end
 
@@ -719,7 +720,8 @@ module PWN
         zap_rest_call(
           zap_obj: zap_obj,
           rest_call: 'JSON/core/action/shutdown/',
-          params: params
+          params: params,
+          skip_stop: true
         )
 
         session_path = zap_obj[:session_path]