@naraya/cli 0.1.0 → 0.4.1

package/dist/mcp/transport.js

@@ -0,0 +1,30 @@
+import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+export async function createTransport(config, projectDir) {
+    if (config.type === "http" || config.type === "streamable-http") {
+        if (!config.url) {
+            throw new Error("url is required for HTTP transport");
+        }
+        return new StreamableHTTPClientTransport(new URL(config.url), {
+            requestInit: {
+                headers: config.headers
+            }
+        });
+    }
+    // Default: stdio
+    if (!config.command) {
+        throw new Error("command is required for stdio transport");
+    }
+    const env = {
+        ...process.env,
+        ...config.env,
+        NARAYA_PROJECT_DIR: projectDir
+    };
+    return new StdioClientTransport({
+        command: config.command,
+        args: config.args ?? [],
+        env,
+        // Suppress MCP server startup logs by discarding stderr
+        stderr: "ignore"
+    });
+}

package/dist/pentest/catalog/catalog-loader.js

@@ -0,0 +1,45 @@
+const DEFAULT_CATALOG_PATH = "tools-catalog.json";
+export async function loadToolsCatalog(options) {
+    const path = options?.catalogPath ?? DEFAULT_CATALOG_PATH;
+    const response = await fetch(`file://${process.cwd()}/${path}`);
+    if (!response.ok) {
+        throw new Error(`Failed to load tools catalog from ${path}: ${response.statusText}`);
+    }
+    return response.json();
+}
+export async function loadToolsCatalogFromFs(fs, options) {
+    const path = options?.catalogPath ?? DEFAULT_CATALOG_PATH;
+    const content = await fs.readFile(path, "utf-8");
+    return JSON.parse(content);
+}
+export function getToolByName(catalog, name) {
+    return catalog.tools.find((t) => t.tools_name === name);
+}
+export function getToolNames(catalog) {
+    return catalog.tools.map((t) => t.tools_name);
+}
+export function validateCatalog(catalog) {
+    if (typeof catalog !== "object" || catalog === null)
+        return false;
+    const c = catalog;
+    if (typeof c.$schema !== "string")
+        return false;
+    if (typeof c.version !== "string")
+        return false;
+    if (!Array.isArray(c.categories))
+        return false;
+    if (!Array.isArray(c.tools))
+        return false;
+    return c.tools.every(validateToolEntry);
+}
+function validateToolEntry(tool) {
+    if (typeof tool !== "object" || tool === null)
+        return false;
+    const t = tool;
+    return (typeof t.tools_name === "string" &&
+        typeof t.description === "string" &&
+        typeof t.category === "string" &&
+        typeof t.command === "object" &&
+        typeof t.skills_loader === "string" &&
+        Array.isArray(t.phase));
+}

package/dist/pentest/catalog/index.js

@@ -0,0 +1 @@
+export * from "./catalog-loader.js";

package/dist/pentest/cli.js

@@ -0,0 +1,117 @@
+import { PentestManager } from "./manager.js";
+import { Command } from "commander";
+export async function pentestCLI(argv) {
+    const program = new Command()
+        .name("naraya pentest")
+        .description("Pentest orchestration for authorized engagements")
+        .version("0.2.0");
+    const manager = new PentestManager();
+    // naraya pentest list
+    program
+        .command("list")
+        .description("List all available pentest skills")
+        .action(() => {
+        const manifests = manager.discoverSkills();
+        if (manifests.length === 0) {
+            console.log("No pentest skills found.");
+            return;
+        }
+        console.log(`Found ${manifests.length} skill(s):\n`);
+        for (const m of manifests) {
+            console.log(`  * ${m.name} v${m.version} [${m.phase.join(", ")}]`);
+            console.log(`    ${m.description}`);
+            console.log(`    Tools: ${m.tools.join(", ")}`);
+            console.log(`    Tags: ${m.tags.join(", ")}\n`);
+        }
+    });
+    // naraya pentest mode --target example.com
+    program
+        .command("mode")
+        .description("Auto-detect or set pentest mode")
+        .option("--target <target>", "Target to analyze for mode detection")
+        .option("--mode <mode>", "Force specific mode (auto|ctf|bug-bounty|red-team|blue-team|offensive|grey-hat)")
+        .action((options) => {
+        const result = manager.selectMode({
+            target: options.target,
+            preferred_mode: options.mode,
+            auto_detect: options.target !== undefined,
+        });
+        console.log(`\nMode: ${result.selected_mode}`);
+        console.log(`Auto-detected: ${result.auto_detected ? "Yes" : "No"}`);
+        console.log(`Reason: ${result.detection_reason}`);
+        console.log(`\nConfig:`);
+        console.log(`  Description: ${result.config.description}`);
+        console.log(`  Parallelism: ${result.config.parallelism}`);
+        console.log(`  Stealth: ${result.config.stealth ? "Yes" : "No"}`);
+        console.log(`  Report Format: ${result.config.report_format}`);
+        console.log(`  Skill Chain: ${result.config.skill_chain.join(" -> ")}`);
+        console.log(`  Tool Priority: ${result.config.tool_priority.join(" -> ")}\n`);
+    });
+    // naraya pentest phase --phase recon
+    program
+        .command("phase")
+        .description("Run a pentest phase")
+        .option("--target <url>", "Target domain or IP")
+        .option("--phase <phase>", "Phase: recon, enumeration, exploitation, reporting")
+        .option("--mode <mode>", "Pentest mode")
+        .option("--passive", "Passive-only mode")
+        .action((options) => {
+        if (!options.target) {
+            console.error("Error: --target is required");
+            process.exit(1);
+        }
+        if (!options.phase) {
+            console.error("Error: --phase is required");
+            process.exit(1);
+        }
+        const mode = options.mode || "auto";
+        const modeConfig = manager.getModeConfig(mode);
+        console.log(`Running ${options.phase} on ${options.target}...`);
+        console.log(`Mode: ${mode}`);
+        console.log(`Stealth: ${modeConfig.stealth ? "Yes" : "No"}`);
+        console.log(`Parallelism: ${modeConfig.parallelism}`);
+        console.log(`Skills: ${modeConfig.skill_chain.join(" -> ")}`);
+        const skills = manager.loadSkillsByPhase(options.phase);
+        const loaded = skills.filter((s) => s.loaded);
+        if (loaded.length > 0) {
+            console.log(`\nLoaded ${loaded.length} skill(s):`);
+            for (const s of loaded) {
+                console.log(`  * ${s.name} v${s.skill?.version}`);
+            }
+        }
+        else {
+            console.log(`\nNo skills found for phase: ${options.phase}`);
+        }
+        console.log(`\n${options.phase} completed.`);
+    });
+    // naraya pentest register
+    program
+        .command("register")
+        .description("Register skills with the skill register")
+        .option("--skill <name>", "Register specific skill")
+        .option("--all", "Register all discovered skills")
+        .action((options) => {
+        const register = manager.getRegister();
+        if (options.all) {
+            const manifests = manager.discoverSkills();
+            const entries = register.registerFromFiles(manifests.map((m) => m.name));
+            console.log(`Registered ${entries.length} skill(s)`);
+        }
+        else if (options.skill) {
+            const entry = register.registerFromFile(options.skill);
+            if (entry) {
+                console.log(`Registered: ${entry.name} v${entry.skill.version}`);
+            }
+            else {
+                console.error(`Skill not found: ${options.skill}`);
+                process.exit(1);
+            }
+        }
+        else {
+            console.log("Use --skill <name> or --all to register skills");
+        }
+        console.log(`\nTotal registered: ${register.count()}`);
+        console.log(`Enabled: ${register.enabledCount()}`);
+    });
+    program.parse(argv);
+}

package/dist/pentest/command-builder/command-builder.js

@@ -0,0 +1,90 @@
+export function buildCommand(tool, options = {}) {
+    const args = [];
+    const flags = options.flags ?? {};
+    const positional = options.positional ?? [];
+    for (const flagDef of tool.command.flags) {
+        const value = flags[flagDef.name];
+        const argValue = buildFlagArg(flagDef, value);
+        if (argValue) {
+            args.push(...argValue);
+        }
+    }
+    if (positional.length > 0) {
+        args.push(...positional);
+    }
+    else {
+        for (const posDef of tool.command.positional) {
+            const value = flags[posDef.name];
+            if (value !== undefined) {
+                args.push(String(value));
+            }
+        }
+    }
+    let fullCommand = `${tool.command.base} ${args.join(" ")}`.trim();
+    if (options.pipe_to && options.pipe_to.length > 0) {
+        fullCommand += ` | ${options.pipe_to.join(" | ")}`;
+    }
+    return {
+        command: tool.command.base,
+        args,
+        fullCommand,
+        requires_root: tool.requires_root
+    };
+}
+function buildFlagArg(flag, value) {
+    if (value === undefined || value === null) {
+        if (flag.default !== undefined && flag.type === "boolean" && flag.default === true) {
+            return [flag.name];
+        }
+        return null;
+    }
+    switch (flag.type) {
+        case "boolean":
+            return value === true ? [flag.name] : null;
+        case "string":
+        case "number":
+            return [flag.name, String(value)];
+        case "path":
+            return [flag.name, String(value)];
+        case "choice":
+            if (flag.choices && !flag.choices.includes(String(value))) {
+                throw new Error(`Invalid choice for ${flag.name}: ${value}. Valid: ${flag.choices.join(", ")}`);
+            }
+            return [flag.name, String(value)];
+        case "repeat":
+            if (Array.isArray(value)) {
+                return value.flatMap(v => [flag.name, String(v)]);
+            }
+            return [flag.name, String(value)];
+        default:
+            return null;
+    }
+}
+export function buildCommandWithSudo(tool, options = {}) {
+    const result = buildCommand(tool, options);
+    return result.requires_root ? `sudo ${result.fullCommand}` : result.fullCommand;
+}
+export function buildPipeline(tools, optionsPerTool) {
+    const commands = tools.map((tool, i) => buildCommand(tool, optionsPerTool[i]));
+    return commands.map(c => c.fullCommand).join(" | ");
+}
+export function validateRequiredFlags(tool, options) {
+    const errors = [];
+    const flags = options.flags ?? {};
+    for (const flag of tool.command.flags) {
+        if (flag.required && flags[flag.name] === undefined) {
+            errors.push(`Missing required flag: ${flag.name}`);
+        }
+    }
+    for (const pos of tool.command.positional) {
+        if (pos.required) {
+            const hasValue = options.positional?.length
+                ? options.positional.length > 0
+                : flags[pos.name] !== undefined;
+            if (!hasValue) {
+                errors.push(`Missing required positional argument: ${pos.name}`);
+            }
+        }
+    }
+    return errors;
+}

package/dist/pentest/command-builder/index.js

@@ -0,0 +1 @@
+export * from "./command-builder.js";

package/dist/pentest/index.js

@@ -0,0 +1,10 @@
+export * from "./catalog/index.js";
+export * from "./selector/index.js";
+export * from "./command-builder/index.js";
+export * from "./installer/index.js";
+export * from "./skill-bridge/index.js";
+export * from "./mode/index.js";
+// skills re-exports overlap with types - only re-export the classes/functions, not types
+export { discoverSkills, loadSkill, loadAllSkills, loadSkillsByPhase, loadSkillsByTools, getSkillsForTool, resolveSkillPath as resolveSkillPathFromLoader } from "./skills/loader/skill-loader.js";
+export { SkillRegister, createSkillRegister } from "./skills/register/skill-register.js";
+export { generateSkill, generateAndSaveSkill, generateSkillsForPhase, generateSkillsForTool, generateFullPentestSuite, saveGeneratedSkills } from "./skills/generator/skill-generator.js";

package/dist/pentest/installer/index.js

@@ -0,0 +1 @@
+export * from "./tool-installer.js";

package/dist/pentest/installer/tool-installer.js

@@ -0,0 +1,90 @@
+import { exec } from "child_process";
+import { promisify } from "util";
+const execAsync = promisify(exec);
+export async function checkToolInstalled(tool) {
+    try {
+        const { stdout } = await execAsync(tool.check_installed.command, { timeout: 10000 });
+        let version;
+        if (tool.check_installed.parse_version) {
+            const match = stdout.match(new RegExp(tool.check_installed.parse_version));
+            version = match?.[1];
+        }
+        return {
+            tools_name: tool.tools_name,
+            installed: true,
+            version
+        };
+    }
+    catch (error) {
+        return {
+            tools_name: tool.tools_name,
+            installed: false,
+            error: error instanceof Error ? error.message : "Unknown error"
+        };
+    }
+}
+export async function checkAllToolsInstalled(tools) {
+    return Promise.all(tools.map(checkToolInstalled));
+}
+export function getInstallCommand(tool, platform = process.platform) {
+    const config = tool.installation[platform];
+    return config?.command ?? null;
+}
+export function getInstallCommands(tool) {
+    const result = {};
+    if (tool.installation.linux)
+        result.linux = tool.installation.linux;
+    if (tool.installation.darwin)
+        result.darwin = tool.installation.darwin;
+    if (tool.installation.win32)
+        result.win32 = tool.installation.win32;
+    return result;
+}
+export async function installTool(tool, platform = process.platform) {
+    const config = tool.installation[platform];
+    if (!config) {
+        return {
+            success: false,
+            message: `No installation command available for platform: ${platform}`
+        };
+    }
+    try {
+        const { stdout, stderr } = await execAsync(config.command, { timeout: 300000 });
+        return {
+            success: true,
+            message: stdout || stderr || "Installation completed"
+        };
+    }
+    catch (error) {
+        return {
+            success: false,
+            message: error instanceof Error ? error.message : "Installation failed"
+        };
+    }
+}
+export function getMissingTools(availability) {
+    return availability.filter(a => !a.installed);
+}
+export function getInstalledTools(availability) {
+    return availability.filter(a => a.installed);
+}
+export async function ensureToolsInstalled(tools, platform = process.platform) {
+    const availability = await checkAllToolsInstalled(tools);
+    const missing = getMissingTools(availability);
+    const failed = [];
+    for (const tool of missing) {
+        const toolEntry = tools.find(t => t.tools_name === tool.tools_name);
+        if (!toolEntry)
+            continue;
+        const result = await installTool(toolEntry, platform);
+        if (!result.success) {
+            failed.push({ tool: tool.tools_name, error: result.message });
+        }
+    }
+    const recheck = await checkAllToolsInstalled(tools);
+    return {
+        installed: getInstalledTools(recheck),
+        missing: getMissingTools(recheck),
+        failed
+    };
+}

package/dist/pentest/manager.js

@@ -0,0 +1,125 @@
+import { discoverSkills, loadSkill, loadAllSkills, loadSkillsByPhase } from "./skills/loader/skill-loader.js";
+import { SkillRegister } from "./skills/register/skill-register.js";
+import { selectTools, selectToolsByPhase, selectToolsByCategory } from "./selector/tool-selector.js";
+import { buildCommand, buildCommandWithSudo, validateRequiredFlags } from "./command-builder/command-builder.js";
+import { checkToolInstalled, checkAllToolsInstalled, getInstallCommand, installTool } from "./installer/tool-installer.js";
+import { selectMode, detectMode, getModeConfig, getSkillsForMode, getLoopConfig, getSafetyConfig } from "./mode/mode-selector.js";
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+const DEFAULT_SKILL_DIRS = [
+    "assets/agents/skills",
+    "skills/",
+    "packages/pentest-skills/skills",
+];
+const DEFAULT_CATALOG_PATH = "tools-catalog.json";
+export class PentestManager {
+    config;
+    cache = {
+        manifests: new Map(),
+        skills: new Map(),
+        catalog: null,
+    };
+    skillRegister = null;
+    constructor(config = {}) {
+        this.config = {
+            baseDir: config.baseDir ?? process.cwd(),
+            skillDirs: config.skillDirs ?? DEFAULT_SKILL_DIRS,
+            configPath: config.configPath ?? join(config.baseDir ?? process.cwd(), ".pentestrc"),
+            catalogPath: config.catalogPath ?? join(config.baseDir ?? process.cwd(), DEFAULT_CATALOG_PATH),
+        };
+    }
+    // ── Mode Operations ──
+    selectMode(options = {}) {
+        return selectMode(options);
+    }
+    detectMode(target) {
+        return detectMode(target);
+    }
+    getModeConfig(mode) {
+        return getModeConfig(mode);
+    }
+    getSkillsForMode(mode) {
+        return getSkillsForMode(mode);
+    }
+    getLoopConfig(mode) {
+        return getLoopConfig(mode);
+    }
+    getSafetyConfig(mode) {
+        return getSafetyConfig(mode);
+    }
+    // ── Skill Operations ──
+    discoverSkills() {
+        return discoverSkills(this.config.baseDir);
+    }
+    loadSkill(skillName) {
+        return loadSkill(skillName, this.config.baseDir);
+    }
+    loadAllSkills() {
+        return loadAllSkills(this.config.baseDir);
+    }
+    loadSkillsByPhase(phase) {
+        return loadSkillsByPhase(phase, this.config.baseDir);
+    }
+    // ── Catalog Operations ──
+    async loadCatalog() {
+        if (this.cache.catalog)
+            return this.cache.catalog;
+        const catalogPath = this.config.catalogPath;
+        if (!existsSync(catalogPath)) {
+            throw new Error(`Tools catalog not found: ${catalogPath}`);
+        }
+        const content = readFileSync(catalogPath, "utf-8");
+        this.cache.catalog = JSON.parse(content);
+        return this.cache.catalog;
+    }
+    async selectTools(options) {
+        const catalog = await this.loadCatalog();
+        return selectTools(catalog, options);
+    }
+    async selectToolsByPhase(phase) {
+        const catalog = await this.loadCatalog();
+        return selectToolsByPhase(catalog, phase);
+    }
+    async selectToolsByCategory(category) {
+        const catalog = await this.loadCatalog();
+        return selectToolsByCategory(catalog, category);
+    }
+    // ── Command Operations ──
+    buildToolCommand(tool, flags = {}, positional = []) {
+        const result = buildCommand(tool, { flags, positional });
+        return result.fullCommand;
+    }
+    buildToolCommandWithSudo(tool, flags = {}, positional = []) {
+        return buildCommandWithSudo(tool, { flags, positional });
+    }
+    validateToolFlags(tool, flags) {
+        return validateRequiredFlags(tool, { flags });
+    }
+    // ── Installation Operations ──
+    async checkToolInstalled(tool) {
+        return checkToolInstalled(tool);
+    }
+    async checkAllToolsInstalled(tools) {
+        return checkAllToolsInstalled(tools);
+    }
+    getInstallCommandForTool(tool) {
+        return getInstallCommand(tool);
+    }
+    async installTool(tool) {
+        return installTool(tool);
+    }
+    // ── Skill Register ──
+    getRegister() {
+        if (!this.skillRegister) {
+            this.skillRegister = new SkillRegister({
+                skills_dir: join(this.config.baseDir, ".agents/skills"),
+                search_paths: [
+                    join(this.config.baseDir, ".agents/skills"),
+                    join(this.config.baseDir, ".opencode/skills"),
+                    join(this.config.baseDir, ".claude/skills"),
+                ],
+            });
+        }
+        return this.skillRegister;
+    }
+}

package/dist/pentest/mode/index.js

@@ -0,0 +1 @@
+export * from "./mode-selector.js";

package/dist/pentest/mode/mode-selector.js

@@ -0,0 +1,127 @@
+import { MODE_PRESETS } from "../types.js";
+const WEB_EXTENSIONS = [".php", ".asp", ".aspx", ".jsp", ".cgi", ".pl", ".py", ".rb"];
+const NETWORK_PORTS = [22, 23, 3389, 445, 139, 135, 1433, 3306, 5432, 27017];
+const CTF_INDICATORS = ["ctf", "chall", "pwn", "crypto", "forensics", "rev", "misc", "web"];
+const RED_TEAM_INDICATORS = ["ad", "active-directory", "kerberos", "ldap", "smb", "rdp"];
+export function detectMode(target) {
+    const lower = target.toLowerCase();
+    for (const indicator of CTF_INDICATORS) {
+        if (lower.includes(indicator)) {
+            return { mode: "ctf", reason: `CTF indicator detected: ${indicator}` };
+        }
+    }
+    for (const indicator of RED_TEAM_INDICATORS) {
+        if (lower.includes(indicator)) {
+            return { mode: "red-team", reason: `Red team indicator detected: ${indicator}` };
+        }
+    }
+    for (const ext of WEB_EXTENSIONS) {
+        if (lower.endsWith(ext)) {
+            return { mode: "bug-bounty", reason: `Web extension detected: ${ext}` };
+        }
+    }
+    const portMatch = lower.match(/:(\d+)/);
+    if (portMatch) {
+        const port = parseInt(portMatch[1], 10);
+        if (NETWORK_PORTS.includes(port)) {
+            return { mode: "red-team", reason: `Network service port detected: ${port}` };
+        }
+    }
+    if (lower.includes("http://") || lower.includes("https://")) {
+        return { mode: "bug-bounty", reason: "Web target detected (HTTP/HTTPS)" };
+    }
+    const ipMatch = lower.match(/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/);
+    if (ipMatch) {
+        return { mode: "red-team", reason: `IP address target: ${ipMatch[0]}` };
+    }
+    return { mode: "auto", reason: "No specific indicators detected, using adaptive mode" };
+}
+export function selectMode(options = {}) {
+    if (options.preferred_mode && options.preferred_mode !== "auto") {
+        const config = MODE_PRESETS[options.preferred_mode];
+        return {
+            selected_mode: options.preferred_mode,
+            config,
+            auto_detected: false,
+            detection_reason: `User selected mode: ${options.preferred_mode}`,
+        };
+    }
+    if (options.auto_detect !== false && options.target) {
+        const detection = detectMode(options.target);
+        if (detection.mode !== "auto") {
+            const config = MODE_PRESETS[detection.mode];
+            return {
+                selected_mode: detection.mode,
+                config,
+                auto_detected: true,
+                detection_reason: detection.reason,
+            };
+        }
+    }
+    const config = MODE_PRESETS["auto"];
+    return {
+        selected_mode: "auto",
+        config,
+        auto_detected: false,
+        detection_reason: "No specific mode detected, using adaptive auto mode",
+    };
+}
+export function getModeConfig(mode) {
+    return MODE_PRESETS[mode];
+}
+export function getToolsForMode(mode, availableTools) {
+    const config = MODE_PRESETS[mode];
+    const priority = config.tool_priority;
+    const prioritized = [];
+    const remaining = [];
+    for (const tool of availableTools) {
+        const toolCategory = getToolCategory(tool);
+        if (toolCategory && priority.includes(toolCategory)) {
+            prioritized.push(tool);
+        }
+        else {
+            remaining.push(tool);
+        }
+    }
+    prioritized.sort((a, b) => {
+        const catA = getToolCategory(a);
+        const catB = getToolCategory(b);
+        if (!catA || !catB)
+            return 0;
+        return priority.indexOf(catA) - priority.indexOf(catB);
+    });
+    return [...prioritized, ...remaining];
+}
+function getToolCategory(toolName) {
+    const categoryMap = {
+        subfinder: "recon", amass: "recon", assetfinder: "recon", httpx: "recon",
+        naabu: "recon", massdns: "recon", nmap: "enumeration", nuclei: "enumeration",
+        ffuf: "enumeration", dirsearch: "enumeration", gobuster: "enumeration",
+        feroxbuster: "enumeration", whatweb: "enumeration", wafw00f: "enumeration",
+        nikto: "enumeration", burpsuite: "enumeration", owasp_zap: "enumeration",
+        sqlmap: "exploitation", commix: "exploitation", hydra: "exploitation",
+        hashcat: "exploitation", john: "exploitation", metasploit: "exploitation",
+        pwntools: "exploitation",
+        curl: "utility", jq: "utility", anew: "utility", grep: "utility",
+        sort: "utility", uniq: "utility", notify: "reporting",
+    };
+    return categoryMap[toolName];
+}
+export function getSkillsForMode(mode) {
+    return [...MODE_PRESETS[mode].skill_chain];
+}
+export function getLoopConfig(mode) {
+    return MODE_PRESETS[mode].loop_config;
+}
+export function getSafetyConfig(mode) {
+    return MODE_PRESETS[mode].safety_constraints;
+}
+export function getReportFormat(mode) {
+    return MODE_PRESETS[mode].report_format;
+}
+export function isModeStealth(mode) {
+    return MODE_PRESETS[mode].stealth;
+}
+export function getModeParallelism(mode) {
+    return MODE_PRESETS[mode].parallelism;
+}

package/dist/pentest/selector/index.js

@@ -0,0 +1 @@
+export * from "./tool-selector.js";