@pensar/apex 0.0.100 → 0.0.101-canary.5bc4cfc4

package/README.md

@@ -18,14 +18,6 @@
 
 ## Installation
 
-### Prerequisites
-
-- **API Key** for your chosen AI provider
-
-After installing, run `pensar doctor` to check for optional dependencies (like nmap) and install them.
-
-### Install Apex
-
 #### macOS / Linux (Quick Install)
 
 ```bash
@@ -42,7 +34,7 @@ brew install apex
 #### Windows (PowerShell)
 
 ```powershell
-irm https://pensarai.com/apex.ps1 | iex
+irm https://www.pensarai.com/apex.ps1 | iex
 ```
 
 #### npm
@@ -51,27 +43,6 @@ irm https://pensarai.com/apex.ps1 | iex
 npm install -g @pensar/apex
 ```
 
-### Configuration
-
-Set your AI provider API key as an environment variable:
-
-```bash
-export ANTHROPIC_API_KEY="your-api-key-here"
-# or for other providers:
-export OPENAI_API_KEY="your-api-key-here"
-export OPENROUTER_API_KEY="your-api-key-here"
-
-# AWS Bedrock (bearer token auth):
-export BEDROCK_API_KEY="your-bearer-token"
-export AWS_REGION="us-east-1"
-
-# AWS Bedrock (IAM credentials):
-export AWS_ACCESS_KEY_ID="..."
-export AWS_SECRET_ACCESS_KEY="..."
-export AWS_SESSION_TOKEN="..."  # optional, for temporary credentials
-export AWS_REGION="us-east-1"
-```
-
 ## Usage
 
 Run Apex:

package/bin/pensar.js

@@ -66,6 +66,13 @@ if (command === "benchmark") {
 
   // Import and run auth
   await import(authPath);
+} else if (command === "uninstall") {
+  // Run uninstall CLI
+  const uninstallPath = join(__dirname, "..", "build", "uninstall.js");
+
+  process.argv = [process.argv[0], uninstallPath, ...args.slice(1)];
+
+  await import(uninstallPath);
 } else if (command === "upgrade" || command === "update") {
   const currentVersion = getCurrentVersion();
   console.log(`Current version: v${currentVersion}`);
@@ -89,6 +96,7 @@ if (command === "benchmark") {
   console.log();
   console.log("Usage:");
   console.log("  pensar              Launch the TUI (Terminal User Interface)");
+  console.log("  pensar uninstall    Uninstall Pensar (keeps sessions, memories, skills)");
   console.log("  pensar upgrade      Update pensar to the latest version");
   console.log("  pensar help         Show this help message");
   console.log("  pensar version      Show version number");
@@ -181,6 +189,14 @@ if (command === "benchmark") {
   console.log("  pensar auth logout       Disconnect from Pensar Console");
   console.log("  pensar auth status       Show connection status");
   console.log();
+  console.log("Uninstall Usage:");
+  console.log(
+    "  pensar uninstall             Fully uninstall Pensar"
+  );
+  console.log(
+    "  pensar uninstall --force     Skip confirmation prompt"
+  );
+  console.log();
   console.log("Header Modes (for quicktest, pentest, swarm):");
   console.log("  none                     No custom headers added to requests");
   console.log(

package/build/auth.js

@@ -8,7 +8,7 @@ import fs from "fs/promises";
 // package.json
 var package_default = {
   name: "@pensar/apex",
-  version: "0.0.100",
+  version: "0.0.101-canary.5bc4cfc4",
   description: "AI-powered penetration testing CLI tool with terminal UI",
   module: "src/tui/index.tsx",
   main: "build/index.js",

package/build/index.js

@@ -31880,12 +31880,6 @@ var init_openrouter = __esm(() => {
 var PENSAR_MODELS;
 var init_pensar = __esm(() => {
   PENSAR_MODELS = [
-    {
-      id: "pensar:anthropic.claude-opus-4-6-v1",
-      name: "Claude Opus 4.6 (Pensar)",
-      provider: "pensar",
-      contextLength: 200000
-    },
     {
       id: "pensar:anthropic.claude-sonnet-4-5-20250929-v1:0",
       name: "Claude Sonnet 4.5 (Pensar)",
@@ -31977,7 +31971,7 @@ var package_default2;
 var init_package = __esm(() => {
   package_default2 = {
     name: "@pensar/apex",
-    version: "0.0.100",
+    version: "0.0.101-canary.5bc4cfc4",
     description: "AI-powered penetration testing CLI tool with terminal UI",
     module: "src/tui/index.tsx",
     main: "build/index.js",
@@ -89913,6 +89907,7 @@ function convertMessagesToUI(messages, baseTime) {
           const input = part.input;
           const toolDescription = typeof input?.toolCallDescription === "string" ? input.toolCallDescription : part.toolName || "tool";
           const result = part.toolCallId ? toolResults.get(part.toolCallId) : undefined;
+          const cancelled = typeof result === "string" && result.toLowerCase().includes("cancelled");
           uiMessages.push({
             role: "tool",
             content: toolDescription,
@@ -89921,7 +89916,7 @@ function convertMessagesToUI(messages, baseTime) {
             toolName: part.toolName,
             args: input,
             result,
-            status: "completed"
+            status: cancelled ? "error" : "completed"
           });
         }
       }
@@ -107298,9 +107293,9 @@ var init_executeCommand = __esm(() => {
   init_dist5();
   init_zod();
   executeCommandInputSchema = exports_external.object({
+    toolCallDescription: exports_external.string().describe("A concise, human-readable description of what this tool call is doing (e.g., 'Scanning for open ports on target')"),
     command: exports_external.string().describe("The shell command to execute"),
-    timeout: exports_external.number().optional().describe("Timeout in seconds. If omitted, the command runs until completion or abort."),
-    toolCallDescription: exports_external.string().describe("A concise, human-readable description of what this tool call is doing (e.g., 'Scanning for open ports on target')")
+    timeout: exports_external.number().optional().describe("Timeout in seconds. If omitted, the command runs until completion or abort.")
   });
 });
 
@@ -193797,6 +193792,19 @@ COMMON SEARCH PATTERNS:
     execute: async ({ query }) => {
       try {
         const cfg = await config2.get();
+        const apiUrl = getPensarApiUrl();
+        const body = JSON.stringify({ query });
+        if (cfg.pensarAPIKey && !cfg.accessToken) {
+          const response2 = await fetch(`${apiUrl}/agents/web_search`, {
+            method: "POST",
+            headers: {
+              "Content-Type": "application/json",
+              "x-api-key": cfg.pensarAPIKey
+            },
+            body
+          });
+          return handleSearchResponse(response2);
+        }
         const tokenResult = await ensureValidToken({
           accessToken: cfg.accessToken,
           refreshToken: cfg.refreshToken,
@@ -193823,8 +193831,6 @@ COMMON SEARCH PATTERNS:
             error: "Web search requires authentication. Please sign in again to your Pensar account."
           };
         }
-        const apiUrl = getPensarApiUrl();
-        const body = JSON.stringify({ query });
         const { signature, timestamp, nonce } = signGatewayRequest(cfg.gatewaySigningKey, "web_search", body);
         const response = await fetch(`${apiUrl}/agents/web_search`, {
           method: "POST",
@@ -193838,40 +193844,7 @@ COMMON SEARCH PATTERNS:
           },
           body
         });
-        if (!response.ok) {
-          if (response.status === 401) {
-            return {
-              success: false,
-              results: [],
-              error: "Authentication failed. Please sign in again to your Pensar account."
-            };
-          }
-          if (response.status === 429) {
-            return {
-              success: false,
-              results: [],
-              error: "Rate limit exceeded. Please wait a moment before searching again."
-            };
-          }
-          const errorText = await response.text().catch(() => "Unknown error");
-          return {
-            success: false,
-            results: [],
-            error: `Web search failed: ${response.status} ${response.statusText}. ${errorText}`
-          };
-        }
-        const data = await response.json();
-        if (data.error) {
-          return {
-            success: false,
-            results: [],
-            error: data.error
-          };
-        }
-        return {
-          success: true,
-          results: data.results || []
-        };
+        return handleSearchResponse(response);
       } catch (error40) {
         const errorMsg = error40 instanceof Error ? error40.message : String(error40);
         return {
@@ -193883,6 +193856,42 @@ COMMON SEARCH PATTERNS:
     }
   });
 }
+async function handleSearchResponse(response) {
+  if (!response.ok) {
+    if (response.status === 401) {
+      return {
+        success: false,
+        results: [],
+        error: "Authentication failed. Please sign in again to your Pensar account."
+      };
+    }
+    if (response.status === 429) {
+      return {
+        success: false,
+        results: [],
+        error: "Rate limit exceeded. Please wait a moment before searching again."
+      };
+    }
+    const errorText = await response.text().catch(() => "Unknown error");
+    return {
+      success: false,
+      results: [],
+      error: `Web search failed: ${response.status} ${response.statusText}. ${errorText}`
+    };
+  }
+  const data = await response.json();
+  if (data.error) {
+    return {
+      success: false,
+      results: [],
+      error: data.error
+    };
+  }
+  return {
+    success: true,
+    results: data.results || []
+  };
+}
 var webSearchInputSchema2;
 var init_webSearch = __esm(() => {
   init_dist5();
@@ -194800,7 +194809,8 @@ var init_operator = __esm(() => {
 
 // src/core/agents/offSecAgent/offensiveSecurityAgent.ts
 import { join as join22 } from "path";
-import { writeFileSync as writeFileSync15, mkdirSync as mkdirSync10, existsSync as existsSync21 } from "fs";
+import { mkdirSync as mkdirSync10, existsSync as existsSync21 } from "fs";
+import { writeFile as writeFile3 } from "fs/promises";
 function wrapToolsWithApprovalGate(tools, gate) {
   const wrapped = {};
   for (const [name26, coreTool] of Object.entries(tools)) {
@@ -194954,13 +194964,11 @@ var init_offensiveSecurityAgent = __esm(() => {
         stopWhen,
         toolChoice: "auto",
         onStepFinish: (event) => {
-          try {
-            const allMessages = [
-              ...initialMessagesRef.current,
-              ...event.response.messages
-            ];
-            writeFileSync15(messagesPath, JSON.stringify(allMessages, null, 2));
-          } catch {}
+          const allMessages = [
+            ...initialMessagesRef.current,
+            ...event.response.messages
+          ];
+          writeFile3(messagesPath, JSON.stringify(allMessages, null, 2)).catch(() => {});
           input.onStepFinish?.(event);
         },
         onSummarized: () => {
@@ -195484,7 +195492,7 @@ var init_agent4 = __esm(() => {
 });
 
 // src/core/session/execution-metrics.ts
-import { existsSync as existsSync24, readFileSync as readFileSync11, writeFileSync as writeFileSync16 } from "fs";
+import { existsSync as existsSync24, readFileSync as readFileSync11, writeFileSync as writeFileSync15 } from "fs";
 import { join as join25 } from "path";
 function toNonNegativeInteger(value) {
   const n = Number(value);
@@ -195530,7 +195538,7 @@ function writeSessionJsonTokenTotals(sessionRootPath, tokenUsage) {
     const parsed = JSON.parse(readFileSync11(path6, "utf-8"));
     parsed.tokensIn = tokenUsage.inputTokens;
     parsed.tokensOut = tokenUsage.outputTokens;
-    writeFileSync16(path6, JSON.stringify(parsed, null, 2));
+    writeFileSync15(path6, JSON.stringify(parsed, null, 2));
   } catch {}
 }
 function writeExecutionMetrics(input) {
@@ -195545,7 +195553,7 @@ function writeExecutionMetrics(input) {
     runtime: input.runtime ?? existing?.runtime,
     updatedAt: new Date().toISOString()
   };
-  writeFileSync16(metricsPath(input.sessionRootPath), JSON.stringify(next, null, 2), "utf-8");
+  writeFileSync15(metricsPath(input.sessionRootPath), JSON.stringify(next, null, 2), "utf-8");
   writeSessionJsonTokenTotals(input.sessionRootPath, next.tokenUsage);
   return next;
 }
@@ -196140,7 +196148,7 @@ __export(exports_pentest, {
   runPentestSwarm: () => runPentestSwarm,
   DEFAULT_CONCURRENCY: () => DEFAULT_CONCURRENCY4
 });
-import { existsSync as existsSync25, readdirSync as readdirSync5, readFileSync as readFileSync12, writeFileSync as writeFileSync17 } from "fs";
+import { existsSync as existsSync25, readdirSync as readdirSync5, readFileSync as readFileSync12, writeFileSync as writeFileSync16 } from "fs";
 import { join as join26 } from "path";
 function addUsageTotals(totals, usage) {
   if (!usage)
@@ -196310,8 +196318,8 @@ async function runPentestWorkflow(input) {
       });
       const mdPath2 = join26(session.rootPath, REPORT_FILENAME_MD);
       const jsonPath2 = join26(session.rootPath, REPORT_FILENAME_JSON);
-      writeFileSync17(mdPath2, renderMarkdown(report2));
-      writeFileSync17(jsonPath2, renderJson(report2));
+      writeFileSync16(mdPath2, renderMarkdown(report2));
+      writeFileSync16(jsonPath2, renderJson(report2));
       return {
         findings: [],
         findingsPath: session.findingsPath,
@@ -196350,8 +196358,8 @@ async function runPentestWorkflow(input) {
     });
     const mdPath = join26(session.rootPath, REPORT_FILENAME_MD);
     const jsonPath = join26(session.rootPath, REPORT_FILENAME_JSON);
-    writeFileSync17(mdPath, renderMarkdown(report));
-    writeFileSync17(jsonPath, renderJson(report));
+    writeFileSync16(mdPath, renderMarkdown(report));
+    writeFileSync16(jsonPath, renderJson(report));
     return {
       findings,
       findingsPath: session.findingsPath,
@@ -274503,7 +274511,27 @@ function CommandProvider({
         description: skill.description || "Skill"
       });
     }
-    return options;
+    const priorityOrder = [
+      "/pentest",
+      "/operator",
+      "/auth",
+      "/models",
+      "/sessions",
+      "/themes",
+      "/help"
+    ];
+    return options.sort((a, b2) => {
+      const aIndex = priorityOrder.indexOf(a.value);
+      const bIndex = priorityOrder.indexOf(b2.value);
+      if (aIndex !== -1 && bIndex !== -1) {
+        return aIndex - bIndex;
+      }
+      if (aIndex !== -1)
+        return -1;
+      if (bIndex !== -1)
+        return 1;
+      return a.value.localeCompare(b2.value);
+    });
   }, [router, skills]);
   const executeCommand = import_react17.useCallback(async (input) => {
     return await router.execute(input, ctx3);
@@ -275720,6 +275748,40 @@ function computeTab(suggestions, selectedIndex) {
 function shouldResetHistory(historyIndex, isNavigatingHistory) {
   return historyIndex !== -1 && !isNavigatingHistory;
 }
+function computeVisibleWindow(suggestions, selectedIndex, maxVisible) {
+  if (suggestions.length === 0) {
+    return {
+      start: 0,
+      end: 0,
+      visibleSuggestions: [],
+      hasMore: false,
+      hasMoreBelow: false
+    };
+  }
+  if (suggestions.length <= maxVisible) {
+    return {
+      start: 0,
+      end: suggestions.length,
+      visibleSuggestions: suggestions,
+      hasMore: false,
+      hasMoreBelow: false
+    };
+  }
+  const safeSelectedIndex = Math.max(0, selectedIndex);
+  let start = Math.max(0, safeSelectedIndex - Math.floor(maxVisible / 2));
+  let end = start + maxVisible;
+  if (end > suggestions.length) {
+    end = suggestions.length;
+    start = Math.max(0, end - maxVisible);
+  }
+  return {
+    start,
+    end,
+    visibleSuggestions: suggestions.slice(start, end),
+    hasMore: start > 0,
+    hasMoreBelow: end < suggestions.length
+  };
+}
 
 // src/tui/components/shared/use-paste-extmarks.ts
 var import_react30 = __toESM(require_react(), 1);
@@ -275813,6 +275875,7 @@ var PromptInput = import_react31.forwardRef(function PromptInput2({
   enableAutocomplete = false,
   autocompleteOptions = [],
   maxSuggestions = 10,
+  maxVisibleSuggestions = 6,
   enableCommands = false,
   onCommandExecute,
   commandHistory = [],
@@ -275978,34 +276041,72 @@ var PromptInput = import_react31.forwardRef(function PromptInput2({
       setHistoryIndex(-1);
     }
   };
+  const windowedView = import_react31.useMemo(() => computeVisibleWindow(suggestions, selectedSuggestionIndex, maxVisibleSuggestions), [suggestions, selectedSuggestionIndex, maxVisibleSuggestions]);
   const suggestionsBox = suggestions.length > 0 && /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("box", {
     flexDirection: "column",
     ...autocompletePlacement === "above" ? { marginBottom: 1 } : { marginTop: 1 },
-    children: suggestions.map((suggestion, index) => {
-      const isSelected = index === selectedSuggestionIndex;
-      return /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("box", {
+    children: [
+      windowedView.hasMore && /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("box", {
         flexDirection: "row",
         gap: 1,
         children: [
           /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
-            fg: isSelected ? colors2.primary : colors2.textMuted,
-            children: isSelected ? " ▸" : "  "
+            fg: colors2.textMuted,
+            children: "  ↑"
           }, undefined, false, undefined, this),
           /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
-            fg: isSelected ? colors2.text : colors2.textMuted,
-            children: suggestion.label
+            fg: colors2.textMuted,
+            children: [
+              windowedView.start,
+              " more above..."
+            ]
+          }, undefined, true, undefined, this)
+        ]
+      }, undefined, true, undefined, this),
+      windowedView.visibleSuggestions.map((suggestion, windowIndex) => {
+        const actualIndex = windowedView.start + windowIndex;
+        const isSelected = actualIndex === selectedSuggestionIndex;
+        return /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("box", {
+          flexDirection: "row",
+          gap: 1,
+          children: [
+            /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
+              fg: isSelected ? colors2.primary : colors2.textMuted,
+              children: isSelected ? " ▸" : "  "
+            }, undefined, false, undefined, this),
+            /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
+              fg: isSelected ? colors2.text : colors2.textMuted,
+              children: suggestion.label
+            }, undefined, false, undefined, this),
+            suggestion.description && /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
+              fg: colors2.textMuted,
+              children: [
+                " ",
+                suggestion.description
+              ]
+            }, undefined, true, undefined, this)
+          ]
+        }, suggestion.value, true, undefined, this);
+      }),
+      windowedView.hasMoreBelow && /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("box", {
+        flexDirection: "row",
+        gap: 1,
+        children: [
+          /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
+            fg: colors2.textMuted,
+            children: "  ↓"
           }, undefined, false, undefined, this),
-          suggestion.description && /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
+          /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
             fg: colors2.textMuted,
             children: [
-              " ",
-              suggestion.description
+              suggestions.length - windowedView.end,
+              " more below..."
             ]
           }, undefined, true, undefined, this)
         ]
-      }, suggestion.value, true, undefined, this);
-    })
-  }, undefined, false, undefined, this);
+      }, undefined, true, undefined, this)
+    ]
+  }, undefined, true, undefined, this);
   return /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("box", {
     flexDirection: "column",
     children: [
@@ -279749,7 +279850,7 @@ function ResponsibleUseDisclosure({
       }, undefined, false, undefined, this),
       /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
         fg: colors2.text,
-        children: "This penetration testing tool is designedfor AUTHORIZED security testing only."
+        children: "This penetration testing tool is designed for AUTHORIZED security testing only."
       }, undefined, false, undefined, this),
       /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("box", {
         flexDirection: "column",
@@ -279792,7 +279893,7 @@ function ResponsibleUseDisclosure({
         flexDirection: "column",
         children: /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
           fg: colors2.error,
-          children: "Unauthorized access to computer systems is illegaland may result in criminal prosecution."
+          children: "Unauthorized access to computer systems is illegal and may result in criminal prosecution."
         }, undefined, false, undefined, this)
       }, undefined, false, undefined, this),
       /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("box", {
@@ -280099,18 +280200,23 @@ function HelpDialog() {
     });
   };
   useKeyboard((evt) => {
+    if (evt.name === "escape") {
+      evt.preventDefault();
+      if (showDetail) {
+        setShowDetail(false);
+      } else {
+        handleClose();
+      }
+      return;
+    }
     if (showDetail) {
-      if (evt.name === "escape" || evt.name === "return") {
+      if (evt.name === "return") {
         evt.preventDefault();
         setShowDetail(false);
       }
       return;
     }
     switch (evt.name) {
-      case "escape":
-        evt.preventDefault();
-        handleClose();
-        break;
       case "up":
       case "k":
         evt.preventDefault();
@@ -281165,9 +281271,10 @@ function createKeybindings(deps) {
           return;
         }
         const isHome = route.data.type === "base" && route.data.path === "home";
+        const isHelp = route.data.type === "base" && route.data.path === "help";
         const isOperator = route.data.type === "base" && route.data.path === "operator";
         const isSession = route.data.type === "pentest" || route.data.type === "operator";
-        if (!isHome && !isOperator && !isSession) {
+        if (!isHome && !isHelp && !isOperator && !isSession) {
           route.navigate({
             type: "base",
             path: "home"
@@ -282911,6 +283018,15 @@ function getToolSummary(toolName, args) {
   const firstArg = Object.entries(args).filter(([k3]) => k3 !== "toolCallDescription").map(([, v3]) => typeof v3 === "string" ? v3 : JSON.stringify(v3)).find((v3) => v3 && v3.length > 0);
   return firstArg ? `${toolName} ${String(firstArg).slice(0, 50)}` : toolName;
 }
+function getToolDisplayLabel(toolName, args, options = {}) {
+  if (options.preferDescription && toolName === "execute_command") {
+    const description = args.toolCallDescription;
+    if (typeof description === "string" && description.trim().length > 0) {
+      return description.trim();
+    }
+  }
+  return getToolSummary(toolName, args);
+}
 function getArgsPreview(toolName, args, maxLength = 60) {
   const filteredArgs = Object.entries(args).filter(([k3]) => !k3.toLowerCase().includes("description"));
   if (filteredArgs.length === 0)
@@ -283744,7 +283860,9 @@ var ToolRenderer = import_react68.memo(function ToolRenderer2({
   const isCompleted = message.status === "completed";
   const isError = message.status === "error";
   const { toolName, args, result, logs, subagentLogs } = message;
-  const summary = getToolSummary(toolName, args);
+  const summary = getToolDisplayLabel(toolName, args, {
+    preferDescription: isPending
+  });
   const resultDisplay = isCompleted || isError ? getResultSummary(result, toolName, args) : null;
   const borderColor = isError ? colors2.error : isPending ? colors2.warning : colors2.info;
   const hasSubagentLogs = subagentLogs && Object.keys(subagentLogs).length > 0;
@@ -286132,7 +286250,7 @@ function MessageList({
                   }, undefined, false, undefined, this),
                   /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
                     fg: colors2.textMuted,
-                    children: " - Cycle approval on/off"
+                    children: " - Switch between Plan or Default mode"
                   }, undefined, false, undefined, this)
                 ]
               }, undefined, true, undefined, this)
@@ -286735,7 +286853,7 @@ function navigateDown(selectedIndex, queueLength) {
 }
 
 // src/tui/components/operator-dashboard/index.tsx
-import { existsSync as existsSync27, readFileSync as readFileSync14 } from "fs";
+import { existsSync as existsSync27, readFileSync as readFileSync14, writeFileSync as writeFileSync17 } from "fs";
 import { join as join28 } from "path";
 function OperatorDashboard({
   sessionId,
@@ -286775,6 +286893,8 @@ function OperatorDashboard({
     return filterOperatorAutocomplete(allAutocompleteOptions, skillSlugs);
   }, [allAutocompleteOptions, skills]);
   const [session, setSession] = import_react79.useState(null);
+  const sessionRef = import_react79.useRef(null);
+  sessionRef.current = session;
   const [loading, setLoading] = import_react79.useState(true);
   const [error40, setError] = import_react79.useState(null);
   const pendingNameRef = import_react79.useRef(null);
@@ -286786,6 +286906,8 @@ function OperatorDashboard({
   });
   const commandCancelledRef = import_react79.useRef(false);
   const [messages, setMessages] = import_react79.useState([]);
+  const displayMessagesRef = import_react79.useRef([]);
+  displayMessagesRef.current = messages;
   const textRef = import_react79.useRef("");
   const conversationRef = import_react79.useRef([]);
   const [inputValue, setInputValue] = import_react79.useState("");
@@ -287169,6 +287291,12 @@ function OperatorDashboard({
       { role: "user", content: prompt }
     ];
     conversationRef.current = nextMessages;
+    if (sessionRef.current) {
+      try {
+        const mp = join28(sessionRef.current.rootPath, "messages.json");
+        writeFileSync17(mp, JSON.stringify(nextMessages, null, 2));
+      } catch {}
+    }
     const onStepFinish = (event) => {
       const nextUsage = accumulateTokenUsage(tokenUsageRef.current, event.usage?.inputTokens ?? 0, event.usage?.outputTokens ?? 0);
       if (!nextUsage)
@@ -287186,22 +287314,32 @@ function OperatorDashboard({
     };
     const callbacks = {
       onTextDelta: (d3) => {
+        if (gen !== generationRef.current)
+          return;
         setThinking(false);
         appendText(d3.text);
       },
       onToolCallStreaming: (d3) => {
+        if (gen !== generationRef.current)
+          return;
         setThinking(false);
         addStreamingToolCall(d3.toolCallId, d3.toolName);
       },
       onToolCallDelta: (d3) => {
+        if (gen !== generationRef.current)
+          return;
         appendToolCallDelta(d3.toolCallId, d3.argsTextDelta);
       },
       onToolCall: (d3) => {
+        if (gen !== generationRef.current)
+          return;
         setThinking(false);
         commandCancelledRef.current = false;
         addToolCall(d3.toolCallId, d3.toolName, d3.input);
       },
       onToolResult: (d3) => {
+        if (gen !== generationRef.current)
+          return;
         flushCommandOutput();
         if (cmdFlushTimerRef.current) {
           clearInterval(cmdFlushTimerRef.current);
@@ -287261,6 +287399,8 @@ function OperatorDashboard({
       callbacks,
       onSessionReady: (s2) => {
         setSessionCwd(s2.rootPath);
+        sessionRef.current = s2;
+        setSession((prev) => prev ?? s2);
       }
     };
     try {
@@ -287506,19 +287646,61 @@ function OperatorDashboard({
     setQueuedMessages([]);
     queuedMessagesRef.current = [];
     setSelectedQueueIndex(-1);
+    approvalGateRef.current.denyAll();
     setStatus("idle");
     setThinking(false);
     setIsExecuting(false);
-    approvalGateRef.current.denyAll();
-    if (session) {
+    const activeSession = sessionRef.current;
+    if (activeSession) {
       try {
-        const messagesPath = join28(session.rootPath, "messages.json");
+        const messagesPath = join28(activeSession.rootPath, "messages.json");
         if (existsSync27(messagesPath)) {
           const raw = JSON.parse(readFileSync14(messagesPath, "utf-8"));
           if (Array.isArray(raw) && raw.length > 0) {
             conversationRef.current = sessions.getResumeMessages(raw);
           }
         }
+        const last = conversationRef.current[conversationRef.current.length - 1];
+        if (last?.role === "user") {
+          const partial2 = textRef.current.trim();
+          const pendingTools = displayMessagesRef.current.filter((m4) => isToolMessage(m4) && (m4.status === "pending" || m4.status === "streaming"));
+          const assistantContent = [
+            {
+              type: "text",
+              text: partial2 || "[Response interrupted by user.]"
+            }
+          ];
+          for (const t3 of pendingTools) {
+            assistantContent.push({
+              type: "tool-call",
+              toolCallId: t3.toolCallId,
+              toolName: t3.toolName,
+              input: t3.args ?? {}
+            });
+          }
+          conversationRef.current = [
+            ...conversationRef.current,
+            {
+              role: "assistant",
+              content: assistantContent
+            }
+          ];
+          if (pendingTools.length > 0) {
+            conversationRef.current = [
+              ...conversationRef.current,
+              {
+                role: "tool",
+                content: pendingTools.map((t3) => ({
+                  type: "tool-result",
+                  toolCallId: t3.toolCallId,
+                  toolName: t3.toolName ?? "unknown",
+                  output: "Cancelled by user."
+                }))
+              }
+            ];
+          }
+          writeFileSync17(join28(activeSession.rootPath, "messages.json"), JSON.stringify(conversationRef.current, null, 2));
+        }
       } catch {}
     }
     setMessages((prev) => {
@@ -287532,7 +287714,7 @@ function OperatorDashboard({
         }
       ];
     });
-  }, [session, setThinking, setIsExecuting]);
+  }, [setThinking, setIsExecuting]);
   const toggleApproval = import_react79.useCallback(() => {
     setOperatorState((prev) => {
       const newVal = !prev.requireApproval;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pensar/apex",
-  "version": "0.0.100",
+  "version": "0.0.101-canary.5bc4cfc4",
   "description": "AI-powered penetration testing CLI tool with terminal UI",
   "module": "src/tui/index.tsx",
   "main": "build/index.js",

package/src/core/installation/index.ts

@@ -66,6 +66,18 @@ export function detectInstallMethod(): InstallMethod {
     return "npm";
   }
 
+  // Determine if we're running as a compiled binary vs via an interpreter.
+  // Compiled Bun binaries have process.execPath pointing to the binary itself
+  // (e.g. ~/.local/bin/pensar), while interpreted scripts have it pointing to
+  // the runtime (e.g. ~/.bun/bin/bun or /usr/local/bin/node).
+  const execName = execPath.split("/").pop()?.replace(/\.exe$/, "") ?? "";
+  const isInterpreter =
+    execName === "bun" || execName === "node" || execName === "bun-debug";
+
+  if (!isInterpreter) {
+    return "binary";
+  }
+
   const npmCheck = spawnSync(
     "npm",
     ["list", "-g", "@pensar/apex", "--depth=0"],

package/src/core/installation/installation.test.ts

@@ -177,7 +177,7 @@ describe("detectInstallMethod", () => {
     expect(detectInstallMethod()).toBe("npm");
   });
 
-  it("detects npm via spawnSync fallback when path heuristics miss", async () => {
+  it("detects npm via spawnSync fallback when running under interpreter", async () => {
     Object.defineProperty(process, "execPath", {
       value: "/usr/local/bin/node",
       writable: true,
@@ -203,7 +203,7 @@ describe("detectInstallMethod", () => {
     );
   });
 
-  it("returns binary when all heuristics fail", async () => {
+  it("returns binary when all heuristics fail under interpreter", async () => {
     Object.defineProperty(process, "execPath", {
       value: "/usr/local/bin/node",
       writable: true,
@@ -223,6 +223,38 @@ describe("detectInstallMethod", () => {
 
     expect(detectInstallMethod()).toBe("binary");
   });
+
+  it("returns binary for compiled binary even when npm global package exists", async () => {
+    Object.defineProperty(process, "execPath", {
+      value: "/home/user/.local/bin/pensar",
+      writable: true,
+    });
+    process.argv[1] = "upgrade";
+
+    const { spawnSync } = await import("child_process");
+    const mockedSpawnSync = vi.mocked(spawnSync);
+    mockedSpawnSync.mockReturnValue({
+      status: 0,
+      stdout: "└── @pensar/apex@0.1.0",
+      stderr: "",
+      pid: 0,
+      output: [],
+      signal: null,
+    });
+
+    expect(detectInstallMethod()).toBe("binary");
+    expect(mockedSpawnSync).not.toHaveBeenCalled();
+  });
+
+  it("returns binary for compiled binary without npm fallback", () => {
+    Object.defineProperty(process, "execPath", {
+      value: "/usr/local/bin/pensar",
+      writable: true,
+    });
+    process.argv[1] = "uninstall";
+
+    expect(detectInstallMethod()).toBe("binary");
+  });
 });
 
 // ---------------------------------------------------------------------------