@naraya/cli 0.1.0 → 0.4.1

package/src/mcp/transport.ts

@@ -0,0 +1,38 @@
+import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+import type { McpServerConfig } from "./config-loader.js";
+
+export async function createTransport(
+  config: McpServerConfig,
+  projectDir: string
+): Promise<any> {
+  if (config.type === "http" || config.type === "streamable-http") {
+    if (!config.url) {
+      throw new Error("url is required for HTTP transport");
+    }
+    return new StreamableHTTPClientTransport(new URL(config.url), {
+      requestInit: {
+        headers: config.headers
+      }
+    });
+  }
+
+  // Default: stdio
+  if (!config.command) {
+    throw new Error("command is required for stdio transport");
+  }
+
+  const env: Record<string, string> = {
+    ...process.env,
+    ...config.env,
+    NARAYA_PROJECT_DIR: projectDir
+  };
+
+  return new StdioClientTransport({
+    command: config.command,
+    args: config.args ?? [],
+    env,
+    // Suppress MCP server startup logs by discarding stderr
+    stderr: "ignore"
+  });
+}

package/src/mcp-cli.mjs

@@ -0,0 +1,5 @@
+import p from"node:fs";import l from"node:path";import g from"node:os";const f=l.join(g.homedir(),".naraya","agent"),d=l.join(f,"mcp.json");function a(){try{return JSON.parse(p.readFileSync(d,"utf8"))}catch{return{mcpServers:{}}}}function m(e){p.mkdirSync(f,{recursive:!0}),p.writeFileSync(d,JSON.stringify(e,null,2))}function y(){const e=a();e.mcpServers=e.mcpServers||{},e.mcpServers.context7||(e.mcpServers.context7={command:"npx",args:["-y","@upstash/context7-mcp@latest"]}),m(e)}async function x(e){const s=e[3];if(s==="list"||!s){const o=a(),r=Object.keys(o.mcpServers??{});if(r.length===0){console.log("No MCP servers configured.");return}console.log(`
+Configured MCP servers:
+`);for(const n of r){const t=o.mcpServers[n],c=t.type==="http"||t.type==="streamable-http"?"HTTP":"stdio";console.log(`  ${n} (${c})`)}console.log();return}if(s==="add"){const o=e[4];o||(console.error("Usage: naraya mcp add <name> [--transport http <url>] -- <command> [args...]"),process.exit(1));const r=a(),n=e.indexOf("--",5),t=e.indexOf("--transport",5);if(t!==-1&&n===-1){const c=e[t+1]==="http"?"http":"streamable-http",i=e[t+2];i||(console.error("Usage: naraya mcp add <name> --transport http <url>"),process.exit(1)),r.mcpServers[o]={type:c,url:i}}else if(n!==-1){const c=e[n+1],i=e.slice(n+2);c||(console.error("Usage: naraya mcp add <name> -- <command> [args...]"),process.exit(1)),r.mcpServers[o]={command:c,args:i}}else console.error("Usage: naraya mcp add <name> [--transport http <url>] -- <command> [args...]"),process.exit(1);m(r),console.log(`Added MCP server: ${o}`);return}if(s==="remove"){const o=e[4];o||(console.error("Usage: naraya mcp remove <name>"),process.exit(1));const r=a();r.mcpServers[o]||(console.error(`Server '${o}' not found.`),process.exit(1)),delete r.mcpServers[o],m(r),console.log(`Removed MCP server: ${o}`);return}if(s==="get"){const o=e[4];o||(console.error("Usage: naraya mcp get <name>"),process.exit(1));const n=a().mcpServers[o];n||(console.error(`Server '${o}' not found.`),process.exit(1)),console.log(`
+${o}:
+`),console.log(JSON.stringify(n,null,2)),console.log();return}console.error(`Unknown action: ${s}`),console.error("Available: list, add, remove, get"),process.exit(1)}export{y as ensureBundledMcpServers,x as mcpCLI};

package/src/pentest/catalog/catalog-loader.ts

@@ -0,0 +1,55 @@
+import type { ToolsCatalog, ToolEntry } from "../types.js"
+
+const DEFAULT_CATALOG_PATH = "tools-catalog.json"
+
+export interface CatalogLoaderOptions {
+  readonly catalogPath?: string
+}
+
+export async function loadToolsCatalog(options?: CatalogLoaderOptions): Promise<ToolsCatalog> {
+  const path = options?.catalogPath ?? DEFAULT_CATALOG_PATH
+  const response = await fetch(`file://${process.cwd()}/${path}`)
+  
+  if (!response.ok) {
+    throw new Error(`Failed to load tools catalog from ${path}: ${response.statusText}`)
+  }
+  
+  return response.json() as Promise<ToolsCatalog>
+}
+
+export async function loadToolsCatalogFromFs(fs: typeof import("fs/promises"), options?: CatalogLoaderOptions): Promise<ToolsCatalog> {
+  const path = options?.catalogPath ?? DEFAULT_CATALOG_PATH
+  const content = await fs.readFile(path, "utf-8")
+  return JSON.parse(content) as ToolsCatalog
+}
+
+export function getToolByName(catalog: ToolsCatalog, name: string): ToolEntry | undefined {
+  return catalog.tools.find((t: ToolEntry) => t.tools_name === name)
+}
+
+export function getToolNames(catalog: ToolsCatalog): string[] {
+  return catalog.tools.map((t: ToolEntry) => t.tools_name)
+}
+
+export function validateCatalog(catalog: unknown): catalog is ToolsCatalog {
+  if (typeof catalog !== "object" || catalog === null) return false
+  const c = catalog as Record<string, unknown>
+  if (typeof c.$schema !== "string") return false
+  if (typeof c.version !== "string") return false
+  if (!Array.isArray(c.categories)) return false
+  if (!Array.isArray(c.tools)) return false
+  return c.tools.every(validateToolEntry)
+}
+
+function validateToolEntry(tool: unknown): tool is ToolEntry {
+  if (typeof tool !== "object" || tool === null) return false
+  const t = tool as Record<string, unknown>
+  return (
+    typeof t.tools_name === "string" &&
+    typeof t.description === "string" &&
+    typeof t.category === "string" &&
+    typeof t.command === "object" &&
+    typeof t.skills_loader === "string" &&
+    Array.isArray(t.phase)
+  )
+}

package/src/pentest/catalog/index.ts

@@ -0,0 +1 @@
+export * from "./catalog-loader.js"

package/src/pentest/cli.ts

@@ -0,0 +1,130 @@
+import { PentestManager } from "./manager.js"
+import type { PentestPhase, SkillLoadResult, PentestSkillManifest } from "./types.js"
+import { Command } from "commander"
+
+export async function pentestCLI(argv: string[]) {
+  const program = new Command()
+    .name("naraya pentest")
+    .description("Pentest orchestration for authorized engagements")
+    .version("0.2.0")
+
+  const manager = new PentestManager()
+
+  // naraya pentest list
+  program
+    .command("list")
+    .description("List all available pentest skills")
+    .action(() => {
+      const manifests = manager.discoverSkills()
+      
+      if (manifests.length === 0) {
+        console.log("No pentest skills found.")
+        return
+      }
+
+      console.log(`Found ${manifests.length} skill(s):\n`)
+      for (const m of manifests) {
+        console.log(`  * ${m.name} v${m.version} [${m.phase.join(", ")}]`)
+        console.log(`    ${m.description}`)
+        console.log(`    Tools: ${m.tools.join(", ")}`)
+        console.log(`    Tags: ${m.tags.join(", ")}\n`)
+      }
+    })
+
+  // naraya pentest mode --target example.com
+  program
+    .command("mode")
+    .description("Auto-detect or set pentest mode")
+    .option("--target <target>", "Target to analyze for mode detection")
+    .option("--mode <mode>", "Force specific mode (auto|ctf|bug-bounty|red-team|blue-team|offensive|grey-hat)")
+    .action((options) => {
+      const result = manager.selectMode({
+        target: options.target,
+        preferred_mode: options.mode,
+        auto_detect: options.target !== undefined,
+      })
+
+      console.log(`\nMode: ${result.selected_mode}`)
+      console.log(`Auto-detected: ${result.auto_detected ? "Yes" : "No"}`)
+      console.log(`Reason: ${result.detection_reason}`)
+      console.log(`\nConfig:`)
+      console.log(`  Description: ${result.config.description}`)
+      console.log(`  Parallelism: ${result.config.parallelism}`)
+      console.log(`  Stealth: ${result.config.stealth ? "Yes" : "No"}`)
+      console.log(`  Report Format: ${result.config.report_format}`)
+      console.log(`  Skill Chain: ${result.config.skill_chain.join(" -> ")}`)
+      console.log(`  Tool Priority: ${result.config.tool_priority.join(" -> ")}\n`)
+    })
+
+  // naraya pentest phase --phase recon
+  program
+    .command("phase")
+    .description("Run a pentest phase")
+    .option("--target <url>", "Target domain or IP")
+    .option("--phase <phase>", "Phase: recon, enumeration, exploitation, reporting")
+    .option("--mode <mode>", "Pentest mode")
+    .option("--passive", "Passive-only mode")
+    .action((options) => {
+      if (!options.target) {
+        console.error("Error: --target is required")
+        process.exit(1)
+      }
+      if (!options.phase) {
+        console.error("Error: --phase is required")
+        process.exit(1)
+      }
+
+      const mode = options.mode || "auto"
+      const modeConfig = manager.getModeConfig(mode)
+
+      console.log(`Running ${options.phase} on ${options.target}...`)
+      console.log(`Mode: ${mode}`)
+      console.log(`Stealth: ${modeConfig.stealth ? "Yes" : "No"}`)
+      console.log(`Parallelism: ${modeConfig.parallelism}`)
+      console.log(`Skills: ${modeConfig.skill_chain.join(" -> ")}`)
+
+      const skills = manager.loadSkillsByPhase(options.phase)
+      const loaded = skills.filter((s: SkillLoadResult) => s.loaded)
+      if (loaded.length > 0) {
+        console.log(`\nLoaded ${loaded.length} skill(s):`)
+        for (const s of loaded) {
+          console.log(`  * ${s.name} v${s.skill?.version}`)
+        }
+      } else {
+        console.log(`\nNo skills found for phase: ${options.phase}`)
+      }
+      console.log(`\n${options.phase} completed.`)
+    })
+
+  // naraya pentest register
+  program
+    .command("register")
+    .description("Register skills with the skill register")
+    .option("--skill <name>", "Register specific skill")
+    .option("--all", "Register all discovered skills")
+    .action((options) => {
+      const register = manager.getRegister()
+
+      if (options.all) {
+        const manifests = manager.discoverSkills()
+        const entries = register.registerFromFiles(manifests.map((m: PentestSkillManifest) => m.name))
+        console.log(`Registered ${entries.length} skill(s)`)
+      } else if (options.skill) {
+        const entry = register.registerFromFile(options.skill)
+        if (entry) {
+          console.log(`Registered: ${entry.name} v${entry.skill.version}`)
+        } else {
+          console.error(`Skill not found: ${options.skill}`)
+          process.exit(1)
+        }
+      } else {
+        console.log("Use --skill <name> or --all to register skills")
+      }
+
+      console.log(`\nTotal registered: ${register.count()}`)
+      console.log(`Enabled: ${register.enabledCount()}`)
+    })
+
+  program.parse(argv)
+}
+

package/src/pentest/command-builder/command-builder.ts

@@ -0,0 +1,109 @@
+import type { ToolEntry, CommandBuildOptions, CommandBuildResult, FlagDefinition } from "../types.js"
+
+export function buildCommand(tool: ToolEntry, options: CommandBuildOptions = {}): CommandBuildResult {
+  const args: string[] = []
+  const flags = options.flags ?? {}
+  const positional = options.positional ?? []
+
+  for (const flagDef of tool.command.flags) {
+    const value = flags[flagDef.name]
+    const argValue = buildFlagArg(flagDef, value)
+    if (argValue) {
+      args.push(...argValue)
+    }
+  }
+
+  if (positional.length > 0) {
+    args.push(...positional)
+  } else {
+    for (const posDef of tool.command.positional) {
+      const value = flags[posDef.name]
+      if (value !== undefined) {
+        args.push(String(value))
+      }
+    }
+  }
+
+  let fullCommand = `${tool.command.base} ${args.join(" ")}`.trim()
+
+  if (options.pipe_to && options.pipe_to.length > 0) {
+    fullCommand += ` | ${options.pipe_to.join(" | ")}`
+  }
+
+  return {
+    command: tool.command.base,
+    args,
+    fullCommand,
+    requires_root: tool.requires_root
+  }
+}
+
+function buildFlagArg(flag: FlagDefinition, value: unknown): string[] | null {
+  if (value === undefined || value === null) {
+    if (flag.default !== undefined && flag.type === "boolean" && flag.default === true) {
+      return [flag.name]
+    }
+    return null
+  }
+
+  switch (flag.type) {
+    case "boolean":
+      return value === true ? [flag.name] : null
+
+    case "string":
+    case "number":
+      return [flag.name, String(value)]
+
+    case "path":
+      return [flag.name, String(value)]
+
+    case "choice":
+      if (flag.choices && !flag.choices.includes(String(value))) {
+        throw new Error(`Invalid choice for ${flag.name}: ${value}. Valid: ${flag.choices.join(", ")}`)
+      }
+      return [flag.name, String(value)]
+
+    case "repeat":
+      if (Array.isArray(value)) {
+        return value.flatMap(v => [flag.name, String(v)])
+      }
+      return [flag.name, String(value)]
+
+    default:
+      return null
+  }
+}
+
+export function buildCommandWithSudo(tool: ToolEntry, options: CommandBuildOptions = {}): string {
+  const result = buildCommand(tool, options)
+  return result.requires_root ? `sudo ${result.fullCommand}` : result.fullCommand
+}
+
+export function buildPipeline(tools: ToolEntry[], optionsPerTool: CommandBuildOptions[]): string {
+  const commands = tools.map((tool, i) => buildCommand(tool, optionsPerTool[i]))
+  return commands.map(c => c.fullCommand).join(" | ")
+}
+
+export function validateRequiredFlags(tool: ToolEntry, options: CommandBuildOptions): string[] {
+  const errors: string[] = []
+  const flags = options.flags ?? {}
+
+  for (const flag of tool.command.flags) {
+    if (flag.required && flags[flag.name] === undefined) {
+      errors.push(`Missing required flag: ${flag.name}`)
+    }
+  }
+
+  for (const pos of tool.command.positional) {
+    if (pos.required) {
+      const hasValue = options.positional?.length 
+        ? options.positional.length > 0 
+        : flags[pos.name] !== undefined
+      if (!hasValue) {
+        errors.push(`Missing required positional argument: ${pos.name}`)
+      }
+    }
+  }
+
+  return errors
+}

package/src/pentest/command-builder/index.ts

@@ -0,0 +1 @@
+export * from "./command-builder.js"

package/src/pentest/index.ts

@@ -0,0 +1,11 @@
+export * from "./catalog/index.js"
+export * from "./selector/index.js"
+export * from "./command-builder/index.js"
+export * from "./installer/index.js"
+export * from "./skill-bridge/index.js"
+export * from "./mode/index.js"
+// skills re-exports overlap with types - only re-export the classes/functions, not types
+export { discoverSkills, loadSkill, loadAllSkills, loadSkillsByPhase, loadSkillsByTools, getSkillsForTool, resolveSkillPath as resolveSkillPathFromLoader } from "./skills/loader/skill-loader.js"
+export { SkillRegister, createSkillRegister } from "./skills/register/skill-register.js"
+export { generateSkill, generateAndSaveSkill, generateSkillsForPhase, generateSkillsForTool, generateFullPentestSuite, saveGeneratedSkills } from "./skills/generator/skill-generator.js"
+export type * from "./types.js"

package/src/pentest/installer/index.ts

@@ -0,0 +1 @@
+export * from "./tool-installer.js"

package/src/pentest/installer/tool-installer.ts

@@ -0,0 +1,107 @@
+import type { ToolEntry, ToolAvailability, InstallationConfig, PlatformInstallation } from "../types.js"
+import { exec } from "child_process"
+import { promisify } from "util"
+
+const execAsync = promisify(exec)
+
+export async function checkToolInstalled(tool: ToolEntry): Promise<ToolAvailability> {
+  try {
+    const { stdout } = await execAsync(tool.check_installed.command, { timeout: 10000 })
+    
+    let version: string | undefined
+    if (tool.check_installed.parse_version) {
+      const match = stdout.match(new RegExp(tool.check_installed.parse_version))
+      version = match?.[1]
+    }
+
+    return {
+      tools_name: tool.tools_name,
+      installed: true,
+      version
+    }
+  } catch (error) {
+    return {
+      tools_name: tool.tools_name,
+      installed: false,
+      error: error instanceof Error ? error.message : "Unknown error"
+    }
+  }
+}
+
+export async function checkAllToolsInstalled(tools: readonly ToolEntry[]): Promise<ToolAvailability[]> {
+  return Promise.all(tools.map(checkToolInstalled))
+}
+
+export function getInstallCommand(tool: ToolEntry, platform: NodeJS.Platform = process.platform): string | null {
+  const config = tool.installation[platform as keyof InstallationConfig]
+  return config?.command ?? null
+}
+
+export function getInstallCommands(tool: ToolEntry): Partial<Record<NodeJS.Platform, PlatformInstallation>> {
+  const result: Partial<Record<NodeJS.Platform, PlatformInstallation>> = {}
+  
+  if (tool.installation.linux) result.linux = tool.installation.linux
+  if (tool.installation.darwin) result.darwin = tool.installation.darwin
+  if (tool.installation.win32) result.win32 = tool.installation.win32
+  
+  return result
+}
+
+export async function installTool(tool: ToolEntry, platform: NodeJS.Platform = process.platform): Promise<{ success: boolean; message: string }> {
+  const config = tool.installation[platform as keyof InstallationConfig]
+  
+  if (!config) {
+    return {
+      success: false,
+      message: `No installation command available for platform: ${platform}`
+    }
+  }
+
+  try {
+    const { stdout, stderr } = await execAsync(config.command, { timeout: 300000 })
+    return {
+      success: true,
+      message: stdout || stderr || "Installation completed"
+    }
+  } catch (error) {
+    return {
+      success: false,
+      message: error instanceof Error ? error.message : "Installation failed"
+    }
+  }
+}
+
+export function getMissingTools(availability: ToolAvailability[]): ToolAvailability[] {
+  return availability.filter(a => !a.installed)
+}
+
+export function getInstalledTools(availability: ToolAvailability[]): ToolAvailability[] {
+  return availability.filter(a => a.installed)
+}
+
+export async function ensureToolsInstalled(tools: readonly ToolEntry[], platform: NodeJS.Platform = process.platform): Promise<{
+  installed: ToolAvailability[]
+  missing: ToolAvailability[]
+  failed: { tool: string; error: string }[]
+}> {
+  const availability = await checkAllToolsInstalled(tools)
+  const missing = getMissingTools(availability)
+  const failed: { tool: string; error: string }[] = []
+
+  for (const tool of missing) {
+    const toolEntry = tools.find(t => t.tools_name === tool.tools_name)
+    if (!toolEntry) continue
+
+    const result = await installTool(toolEntry, platform)
+    if (!result.success) {
+      failed.push({ tool: tool.tools_name, error: result.message })
+    }
+  }
+
+  const recheck = await checkAllToolsInstalled(tools)
+  return {
+    installed: getInstalledTools(recheck),
+    missing: getMissingTools(recheck),
+    failed
+  }
+}

package/src/pentest/manager.ts

@@ -0,0 +1,167 @@
+import type { PentestSkill, PentestSkillManifest, SkillLoadResult, ToolsCatalog, ToolEntry, ToolSelectorOptions, PentestPhase, PentestMode, ModeConfig, ModeSelectorOptions, ModeSelectionResult, ModeLoopConfig, SafetyConfig } from "./types.js"
+import { MODE_PRESETS } from "./types.js"
+import { discoverSkills, loadSkill, loadAllSkills, loadSkillsByPhase } from "./skills/loader/skill-loader.js"
+import { SkillRegister } from "./skills/register/skill-register.js"
+import { selectTools, selectToolsByPhase, selectToolsByCategory, groupToolsByPhase, groupToolsByCategory } from "./selector/tool-selector.js"
+import { buildCommand, buildCommandWithSudo, validateRequiredFlags } from "./command-builder/command-builder.js"
+import { checkToolInstalled, checkAllToolsInstalled, getInstallCommand, installTool } from "./installer/tool-installer.js"
+import { selectMode, detectMode, getModeConfig, getToolsForMode, getSkillsForMode, getLoopConfig, getSafetyConfig } from "./mode/mode-selector.js"
+import { existsSync, readFileSync, readdirSync, statSync } from "fs"
+import { join, resolve } from "path"
+
+export interface PentestManagerConfig {
+  baseDir?: string
+  skillDirs?: string[]
+  configPath?: string
+  catalogPath?: string
+}
+
+const DEFAULT_SKILL_DIRS = [
+  "assets/agents/skills",
+  "skills/",
+  "packages/pentest-skills/skills",
+]
+
+const DEFAULT_CATALOG_PATH = "tools-catalog.json"
+
+export class PentestManager {
+  private readonly config: Required<PentestManagerConfig>
+  private readonly cache = {
+    manifests: new Map<string, PentestSkillManifest[]>(),
+    skills: new Map<string, SkillLoadResult>(),
+    catalog: null as ToolsCatalog | null,
+  }
+  private skillRegister: SkillRegister | null = null
+
+  constructor(config: PentestManagerConfig = {}) {
+    this.config = {
+      baseDir: config.baseDir ?? process.cwd(),
+      skillDirs: config.skillDirs ?? DEFAULT_SKILL_DIRS,
+      configPath: config.configPath ?? join(config.baseDir ?? process.cwd(), ".pentestrc"),
+      catalogPath: config.catalogPath ?? join(config.baseDir ?? process.cwd(), DEFAULT_CATALOG_PATH),
+    }
+  }
+
+  // ── Mode Operations ──
+
+  selectMode(options: ModeSelectorOptions = {}): ModeSelectionResult {
+    return selectMode(options)
+  }
+
+  detectMode(target: string): { mode: PentestMode; reason: string } {
+    return detectMode(target)
+  }
+
+  getModeConfig(mode: PentestMode): ModeConfig {
+    return getModeConfig(mode)
+  }
+
+  getSkillsForMode(mode: PentestMode): string[] {
+    return getSkillsForMode(mode)
+  }
+
+  getLoopConfig(mode: PentestMode): ModeLoopConfig {
+    return getLoopConfig(mode)
+  }
+
+  getSafetyConfig(mode: PentestMode): SafetyConfig {
+    return getSafetyConfig(mode)
+  }
+
+  // ── Skill Operations ──
+
+  discoverSkills(): PentestSkillManifest[] {
+    return discoverSkills(this.config.baseDir)
+  }
+
+  loadSkill(skillName: string): SkillLoadResult {
+    return loadSkill(skillName, this.config.baseDir)
+  }
+
+  loadAllSkills(): SkillLoadResult[] {
+    return loadAllSkills(this.config.baseDir)
+  }
+
+  loadSkillsByPhase(phase: string): SkillLoadResult[] {
+    return loadSkillsByPhase(phase, this.config.baseDir)
+  }
+
+  // ── Catalog Operations ──
+
+  async loadCatalog(): Promise<ToolsCatalog> {
+    if (this.cache.catalog) return this.cache.catalog
+
+    const catalogPath = this.config.catalogPath
+    if (!existsSync(catalogPath)) {
+      throw new Error(`Tools catalog not found: ${catalogPath}`)
+    }
+
+    const content = readFileSync(catalogPath, "utf-8")
+    this.cache.catalog = JSON.parse(content) as ToolsCatalog
+    return this.cache.catalog
+  }
+
+  async selectTools(options: ToolSelectorOptions): Promise<ToolEntry[]> {
+    const catalog = await this.loadCatalog()
+    return selectTools(catalog, options)
+  }
+
+  async selectToolsByPhase(phase: PentestPhase): Promise<ToolEntry[]> {
+    const catalog = await this.loadCatalog()
+    return selectToolsByPhase(catalog, phase)
+  }
+
+  async selectToolsByCategory(category: "recon" | "enumeration" | "exploitation" | "reporting" | "utility"): Promise<ToolEntry[]> {
+    const catalog = await this.loadCatalog()
+    return selectToolsByCategory(catalog, category)
+  }
+
+  // ── Command Operations ──
+
+  buildToolCommand(tool: ToolEntry, flags: Record<string, unknown> = {}, positional: string[] = []): string {
+    const result = buildCommand(tool, { flags, positional })
+    return result.fullCommand
+  }
+
+  buildToolCommandWithSudo(tool: ToolEntry, flags: Record<string, unknown> = {}, positional: string[] = []): string {
+    return buildCommandWithSudo(tool, { flags, positional })
+  }
+
+  validateToolFlags(tool: ToolEntry, flags: Record<string, unknown>): string[] {
+    return validateRequiredFlags(tool, { flags })
+  }
+
+  // ── Installation Operations ──
+
+  async checkToolInstalled(tool: ToolEntry) {
+    return checkToolInstalled(tool)
+  }
+
+  async checkAllToolsInstalled(tools: readonly ToolEntry[]) {
+    return checkAllToolsInstalled(tools)
+  }
+
+  getInstallCommandForTool(tool: ToolEntry): string | null {
+    return getInstallCommand(tool)
+  }
+
+  async installTool(tool: ToolEntry) {
+    return installTool(tool)
+  }
+
+  // ── Skill Register ──
+
+  getRegister(): SkillRegister {
+    if (!this.skillRegister) {
+      this.skillRegister = new SkillRegister({
+        skills_dir: join(this.config.baseDir, ".agents/skills"),
+        search_paths: [
+          join(this.config.baseDir, ".agents/skills"),
+          join(this.config.baseDir, ".opencode/skills"),
+          join(this.config.baseDir, ".claude/skills"),
+        ],
+      })
+    }
+    return this.skillRegister
+  }
+}

package/src/pentest/mode/index.ts

@@ -0,0 +1 @@
+export * from "./mode-selector.js"