@pensar/apex 0.0.109 → 0.0.110-canary.a34d3e3d

package/README.md

@@ -1,6 +1,10 @@
 <h1 align="center">Pensar Apex</h1>
 
-<p align="center">AI-powered penetration testing tool that enables you to use an AI agent to perform comprehensive blackbox and whitebox pentesting - directly in your terminal.
+<p align="center">AI-powered penetration testing using an AI agent to perform comprehensive blackbox and whitebox pentesting - directly in your terminal.
+</p>
+
+<p align="center">
+Want to run from the cloud or integrate it with your CI/CD? See <a href="https://docs.pensar.dev/console">Pensar Console</a>.
 </p>
 
 <p align="center">
@@ -12,9 +16,57 @@
   <a href="https://discord.gg/pensar"><img src="https://img.shields.io/badge/Discord-Join%20Us-5865F2?logo=discord&logoColor=white" alt="Discord"></a>
 </p>
 
-<p align="center">
+<!-- <p align="center">
   <img src="screenshot.png" alt="Pensar Apex Screenshot" width="800">
-</p>
+</p> -->
+
+
+## Use Cases
+
+Apex enables both developers and security professionals to run autonomous and assisted penetration testing directly from the terminal.
+
+
+### Developers: Run a Pentest in Minutes
+
+Apex makes it easy for developers to run a real penetration test without needing deep offensive security expertise.
+
+Using the autonomous `/pentest` mode, Apex will perform reconnaissance, attack surface discovery, vulnerability testing, and exploitation attempts automatically.
+
+This allows teams to quickly identify security issues before they reach production.
+
+```bash
+/pentest
+```
+
+Examples:
+- Test a staging environment before deploying
+- Scan a newly launched domain or API
+- Run quick security checks during development
+- Identify exposed services or misconfigurations
+
+This is the **fastest way to get real pentesting coverage without becoming a security expert.**
+
+---
+
+### Security Engineers: Advanced Operator Workflows
+
+Security professionals can use Apex as an **agentic offensive security harness** that orchestrates tools and reasoning workflows.
+
+The `/operator` mode allows engineers to work interactively with the Offensive Security Agent, guiding investigations and chaining tools dynamically.
+
+
+```bash
+/operator
+```
+
+Examples:
+- Deep investigation of suspicious endpoints
+- Manual exploitation of discovered vulnerabilities
+- Tool orchestration across recon and exploitation phases
+- Validation and reproduction of vulnerabilities
+- Open-source security research / testing
+
+This turns Apex into a **terminal-native AI pentesting partner** rather than just a scanner.
 
 ## Installation
 
@@ -45,17 +97,13 @@ npm install -g @pensar/apex
 
 ## Usage
 
-Run Apex:
+Open the Apex TUI:
 
 ```bash
 pensar
 ```
 
-## AI Provider Support
-
-Apex supports **OpenAI**, **Anthropic**, **AWS Bedrock**, and **vLLM** (local models). **Anthropic models provide the best performance** and are recommended for optimal results.
-
-## Kali Linux Container (Recommended)
+## Kali Linux Container (Optional)
 
 For **best performance**, run Apex in the included Kali Linux container with preconfigured pentest tools:
 
@@ -72,20 +120,6 @@ Inside the container, run:
 pensar
 ```
 
-**Note:** On Linux hosts, consider using `network_mode: host` in `docker-compose.yml` for comprehensive network scanning.
-
-## vLLM Local Model Support
-
-To use a local vLLM server:
-
-1. Set the vLLM endpoint:
-
-```bash
-export LOCAL_MODEL_URL="http://localhost:8000/v1"
-```
-
-2. In the Apex Models screen, enter your model name in the "Custom local model (vLLM)" input.
-
 ---
 
 ### ⚠️ Responsible Use

package/build/auth.js

@@ -8,7 +8,7 @@ import fs from "fs/promises";
 // package.json
 var package_default = {
   name: "@pensar/apex",
-  version: "0.0.109",
+  version: "0.0.110-canary.a34d3e3d",
   description: "AI-powered penetration testing CLI tool with terminal UI",
   module: "src/tui/index.tsx",
   main: "build/index.js",

package/build/index.js

@@ -31892,12 +31892,6 @@ var init_pensar = __esm(() => {
       provider: "pensar",
       contextLength: 200000
     },
-    {
-      id: "pensar:anthropic.claude-opus-4-1-20250805-v1:0",
-      name: "Claude Opus 4.1 (Pensar)",
-      provider: "pensar",
-      contextLength: 200000
-    },
     {
       id: "pensar:anthropic.claude-haiku-4-5-20251001-v1:0",
       name: "Claude Haiku 4.5 (Pensar)",
@@ -31977,7 +31971,7 @@ var package_default2;
 var init_package = __esm(() => {
   package_default2 = {
     name: "@pensar/apex",
-    version: "0.0.109",
+    version: "0.0.110-canary.a34d3e3d",
     description: "AI-powered penetration testing CLI tool with terminal UI",
     module: "src/tui/index.tsx",
     main: "build/index.js",
@@ -273281,7 +273275,7 @@ var PROVIDER_PREFERENCE_ORDER = [
   "bedrock"
 ];
 var PREFERRED_MODEL_BY_PROVIDER = {
-  pensar: "pensar:anthropic.claude-opus-4-1-20250805-v1:0",
+  pensar: "pensar:anthropic.claude-opus-4-6-v1",
   anthropic: "claude-opus-4-6",
   openai: "gpt-5.2-pro",
   google: "gemini-3.1-pro-preview",
@@ -273800,7 +273794,9 @@ function Footer({
   const { colors: colors2 } = useTheme();
   const { model, isExecuting, sessionCwd } = useAgent();
   const effectiveCwd = sessionCwd || cwd;
-  const displayCwd = "~" + effectiveCwd.split(os6.homedir()).pop() || "";
+  const relativeCwd = effectiveCwd.split(os6.homedir()).pop() || "";
+  const segments = relativeCwd.split("/").filter(Boolean);
+  const displayCwd = segments.length <= 2 ? "~/" + segments.join("/") : "…/" + segments.slice(-2).join("/");
   const session = useSession();
   const route = useRoute();
   const { isInputEmpty } = useInput();
@@ -273813,11 +273809,15 @@ function Footer({
     justifyContent: "space-between",
     width: "100%",
     maxWidth: "100%",
+    height: 1,
     flexShrink: 0,
+    overflow: "hidden",
     children: [
       /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("box", {
         flexDirection: "row",
         gap: 1,
+        flexShrink: 1,
+        overflow: "hidden",
         children: [
           /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
             fg: colors2.textMuted,
@@ -273850,6 +273850,7 @@ function Footer({
       showExitWarning ? /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("box", {
         flexDirection: "row",
         gap: 1,
+        flexShrink: 0,
         children: /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
           fg: colors2.warning,
           children: "⚠ Press Ctrl+C again to exit"
@@ -273857,6 +273858,7 @@ function Footer({
       }, undefined, false, undefined, this) : /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("box", {
         flexDirection: "row",
         gap: 2,
+        flexShrink: 0,
         children: hotkeys.map((hotkey, index) => /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("box", {
           flexDirection: "row",
           gap: 1,
@@ -279246,7 +279248,9 @@ function AuthFlow({ onClose }) {
   const { colors: colors2 } = useTheme();
   const appConfig = useConfig();
   const alreadyConnected = isConnected(appConfig.data);
-  const [step, setStep] = import_react48.useState(alreadyConnected ? "success" : "start");
+  const hasWorkspace = !!appConfig.data.workspaceId;
+  const needsWorkspace = alreadyConnected && !hasWorkspace && !!appConfig.data.accessToken;
+  const [step, setStep] = import_react48.useState(needsWorkspace ? "requesting" : alreadyConnected ? "success" : "start");
   const [error40, setError] = import_react48.useState(null);
   const [flowInfo, setFlowInfo] = import_react48.useState(null);
   const [workspaces, setWorkspaces] = import_react48.useState([]);
@@ -279457,6 +279461,14 @@ function AuthFlow({ onClose }) {
       setStep("error");
     }
   };
+  import_react48.useEffect(() => {
+    if (!needsWorkspace)
+      return;
+    const ac = new AbortController;
+    abortRef.current = ac;
+    const apiUrl = getPensarApiUrl();
+    handleFetchWorkspaces(apiUrl, appConfig.data.accessToken, ac);
+  }, []);
   const handleDisconnect = async () => {
     await disconnect();
     appConfig.reload();
@@ -279948,7 +279960,11 @@ function ProviderManager() {
     });
   };
   const handleAuthClose = () => {
-    route.navigate({ type: "base", path: "home" });
+    if (isOnboarding) {
+      setFlowState("choosing");
+    } else {
+      route.navigate({ type: "base", path: "home" });
+    }
   };
   const otherProviders = AVAILABLE_PROVIDERS.filter((p) => p.id !== "pensar");
   const selectedProviderInfo = AVAILABLE_PROVIDERS.find((p) => p.id === selectedProvider);
@@ -286757,7 +286773,23 @@ function MessageList({
                   }, undefined, false, undefined, this),
                   /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
                     fg: colors2.textMuted,
-                    children: " - Switch between Plan or Default mode"
+                    children: [
+                      " ",
+                      "- Switch between Plan or Default mode"
+                    ]
+                  }, undefined, true, undefined, this)
+                ]
+              }, undefined, true, undefined, this),
+              /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("box", {
+                flexDirection: "row",
+                children: [
+                  /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
+                    fg: colors2.primary,
+                    children: "Option+Shift+Tab"
+                  }, undefined, false, undefined, this),
+                  /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
+                    fg: colors2.textMuted,
+                    children: " - Toggle approval on/off"
                   }, undefined, false, undefined, this)
                 ]
               }, undefined, true, undefined, this)
@@ -286864,8 +286896,6 @@ function NormalInputAreaInner({
   status,
   mode = "operator",
   operatorMode,
-  verboseMode = false,
-  expandedLogs = false,
   enableAutocomplete = false,
   autocompleteOptions = [],
   enableCommands = false,
@@ -286944,30 +286974,25 @@ function NormalInputAreaInner({
         gap: 2,
         marginTop: 1,
         backgroundColor: "transparent",
+        alignItems: "center",
+        overflow: "hidden",
         children: [
-          operatorMode === "plan" && /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
-            fg: colors2.warning,
-            children: "PLAN"
-          }, undefined, false, undefined, this),
-          operatorMode === "auto" && /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
-            fg: colors2.primary,
-            children: "AUTO"
-          }, undefined, false, undefined, this),
-          operatorMode === "manual" && /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
-            fg: colors2.textMuted,
-            children: "MANUAL"
+          /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
+            fg: "#000000",
+            bg: operatorMode === "plan" ? colors2.warning : colors2.success,
+            children: ` ${operatorMode === "plan" ? "PLAN" : "DEFAULT"} `
           }, undefined, false, undefined, this),
           /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
             fg: colors2.textMuted,
             children: "/ commands"
           }, undefined, false, undefined, this),
           /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
-            fg: verboseMode ? colors2.primary : colors2.textMuted,
-            children: verboseMode ? "verbose:on" : "verbose"
+            fg: colors2.textMuted,
+            children: "⇧Tab mode"
           }, undefined, false, undefined, this),
           /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
-            fg: expandedLogs ? colors2.primary : colors2.textMuted,
-            children: expandedLogs ? "logs:full" : "logs"
+            fg: colors2.textMuted,
+            children: "⌥⇧Tab approval"
           }, undefined, false, undefined, this),
           /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
             fg: colors2.textMuted,
@@ -288417,7 +288442,7 @@ function OperatorDashboard({
                 children: agentMode === "plan" ? "PLAN" : "DEFAULT"
               }, undefined, false, undefined, this),
               /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
-                fg: operatorState.requireApproval ? colors2.warning : colors2.primary,
+                fg: operatorState.requireApproval ? colors2.success : colors2.warning,
                 children: operatorState.requireApproval ? "APPROVAL ON" : "APPROVAL OFF"
               }, undefined, false, undefined, this),
               /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV("text", {
@@ -288459,9 +288484,7 @@ function OperatorDashboard({
         focused: status === "running" ? selectedQueueIndex < 0 : resolveInputFocused(status, stack.length, externalDialogOpen),
         status: status === "waiting" ? "running" : status,
         mode: "operator",
-        operatorMode: agentMode === "plan" ? "plan" : operatorState.mode,
-        verboseMode,
-        expandedLogs,
+        operatorMode: agentMode,
         pendingApproval: currentPending,
         onApprove: handleApprove,
         onAutoApprove: handleAutoApprove,
@@ -291750,8 +291773,8 @@ function AppContent({
       return;
     if (!config3.data.responsibleUseAccepted && route.data.path !== "disclosure") {
       route.navigate({ type: "base", path: "disclosure" });
-    } else if (config3.data.responsibleUseAccepted && !hasAnyProviderConfigured(config3.data) && route.data.path !== "providers" && route.data.path !== "disclosure") {
-      route.navigate({ type: "base", path: "providers" });
+    } else if (config3.data.responsibleUseAccepted && !hasAnyProviderConfigured(config3.data) && route.data.path !== "auth" && route.data.path !== "providers" && route.data.path !== "disclosure") {
+      route.navigate({ type: "base", path: "auth" });
     }
   }, [config3.data.responsibleUseAccepted, route.data]);
   import_react90.useEffect(() => {
@@ -291879,7 +291902,7 @@ function CommandDisplay({
     await config3.update({ responsibleUseAccepted: true });
     route.navigate({
       type: "base",
-      path: "providers"
+      path: "auth"
     });
   };
   if (route.data.type === "base") {
@@ -291925,6 +291948,18 @@ function CommandDisplay({
             when: "models",
             children: /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV(ModelsDisplay, {}, undefined, false, undefined, this)
           }, undefined, false, undefined, this),
+          /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV(RouteSwitch.Case, {
+            when: "auth",
+            children: /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV(AuthFlow, {
+              onClose: () => {
+                if (hasAnyProviderConfigured(config3.data)) {
+                  route.navigate({ type: "base", path: "home" });
+                } else {
+                  route.navigate({ type: "base", path: "providers" });
+                }
+              }
+            }, undefined, false, undefined, this)
+          }, undefined, false, undefined, this),
           /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV(RouteSwitch.Case, {
             when: "providers",
             children: /* @__PURE__ */ import_jsx_dev_runtime2.jsxDEV(ProviderManager, {}, undefined, false, undefined, this)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pensar/apex",
-  "version": "0.0.109",
+  "version": "0.0.110-canary.a34d3e3d",
   "description": "AI-powered penetration testing CLI tool with terminal UI",
   "module": "src/tui/index.tsx",
   "main": "build/index.js",