@pensar/apex 0.0.111 → 0.0.112

package/README.md

@@ -20,12 +20,10 @@ Want to run from the cloud or integrate it with your CI/CD? See <a href="https:/
   <img src="screenshot.png" alt="Pensar Apex Screenshot" width="800">
 </p> -->
 
-
 ## Use Cases
 
 Apex enables both developers and security professionals to run autonomous and assisted penetration testing directly from the terminal.
 
-
 ### Developers: Run a Pentest in Minutes
 
 Apex makes it easy for developers to run a real penetration test without needing deep offensive security expertise.
@@ -39,6 +37,7 @@ This allows teams to quickly identify security issues before they reach producti
 ```
 
 Examples:
+
 - Test a staging environment before deploying
 - Scan a newly launched domain or API
 - Run quick security checks during development
@@ -54,12 +53,12 @@ Security professionals can use Apex as an **agentic offensive security harness**
 
 The `/operator` mode allows engineers to work interactively with the Offensive Security Agent, guiding investigations and chaining tools dynamically.
 
-
 ```bash
 /operator
 ```
 
 Examples:
+
 - Deep investigation of suspicious endpoints
 - Manual exploitation of discovered vulnerabilities
 - Tool orchestration across recon and exploitation phases

package/bin/pensar.js

@@ -1,282 +1,37 @@
-#!/usr/bin/env bun
+#!/usr/bin/env node
 
-/**
- * Pensar - AI-Powered Penetration Testing CLI
- *
- * This is the main entry point for the Pensar CLI tool.
- * It supports:
- * - Default (no args): Launches the OpenTUI-based terminal interface
- * - benchmark command: Runs the benchmark CLI
- */
-
-import { fileURLToPath } from "url";
 import { dirname, join } from "path";
-
-// Import package.json directly so Bun can embed it at compile time
-import packageJson from "../package.json";
-import { getCurrentVersion, upgrade } from "../src/core/installation/index.ts";
+import { fileURLToPath } from "url";
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
-
-// Get command-line arguments (skip node/bun and script path)
-const args = process.argv.slice(2);
-const command = args[0];
-
-const version = packageJson.version;
-
-// Handle different commands
-if (command === "benchmark") {
-  // Run benchmark CLI
-  const benchmarkPath = join(__dirname, "..", "build", "benchmark.js");
-
-  // Remove "benchmark" from args and pass the rest to benchmark script
-  process.argv = [process.argv[0], benchmarkPath, ...args.slice(1)];
-
-  // Import and run benchmark
-  await import(benchmarkPath);
-} else if (command === "swarm") {
-  const swarmPath = join(__dirname, "..", "build", "swarm.js");
-  process.argv = [process.argv[0], swarmPath, ...args.slice(1)];
-  await import(swarmPath);
-} else if (command === "quicktest") {
-  // Run quicktest CLI
-  const quicktestPath = join(__dirname, "..", "build", "quicktest.js");
-
-  // Remove "quicktest" from args and pass the rest to quicktest script
-  process.argv = [process.argv[0], quicktestPath, ...args.slice(1)];
-
-  // Import and run quicktest
-  await import(quicktestPath);
-} else if (command === "pentest") {
-  // Run pentest CLI
-  const pentestPath = join(__dirname, "..", "build", "pentest.js");
-
-  // Remove "pentest" from args and pass the rest to pentest script
-  process.argv = [process.argv[0], pentestPath, ...args.slice(1)];
-
-  // Import and run pentest
-  await import(pentestPath);
-} else if (command === "auth") {
-  // Run auth CLI
-  const authPath = join(__dirname, "..", "build", "auth.js");
-
-  // Remove "auth" from args and pass the rest to auth script
-  process.argv = [process.argv[0], authPath, ...args.slice(1)];
-
-  // Import and run auth
-  await import(authPath);
-} else if (command === "uninstall") {
-  // Run uninstall CLI
-  const uninstallPath = join(__dirname, "..", "build", "uninstall.js");
-
-  process.argv = [process.argv[0], uninstallPath, ...args.slice(1)];
-
-  await import(uninstallPath);
-} else if (command === "projects") {
-  const p = join(__dirname, "..", "build", "projects.js");
-  process.argv = [process.argv[0], p, ...args.slice(1)];
-  await import(p);
-} else if (command === "pentests") {
-  const p = join(__dirname, "..", "build", "pentests.js");
-  process.argv = [process.argv[0], p, ...args.slice(1)];
-  await import(p);
-} else if (command === "issues") {
-  const p = join(__dirname, "..", "build", "issues.js");
-  process.argv = [process.argv[0], p, ...args.slice(1)];
-  await import(p);
-} else if (command === "fixes") {
-  const p = join(__dirname, "..", "build", "fixes.js");
-  process.argv = [process.argv[0], p, ...args.slice(1)];
-  await import(p);
-} else if (command === "logs") {
-  const p = join(__dirname, "..", "build", "logs.js");
-  process.argv = [process.argv[0], p, ...args.slice(1)];
-  await import(p);
-} else if (command === "upgrade" || command === "update") {
-  const currentVersion = getCurrentVersion();
-  console.log(`Current version: v${currentVersion}`);
-  console.log("Checking for updates...");
-
-  const result = await upgrade({ interactive: true });
-  console.log();
-  console.log(result.message);
-
-  process.exit(result.success ? 0 : 1);
-} else if (
-  command === "version" ||
-  command === "--version" ||
-  command === "-v"
-) {
-  // Show version
-  console.log(`v${version}`);
-} else if (command === "help" || command === "--help" || command === "-h") {
-  // Show help
-  console.log("Pensar - AI-Powered Penetration Testing CLI");
-  console.log();
-  console.log("Usage:");
-  console.log("  pensar              Launch the TUI (Terminal User Interface)");
-  console.log("  pensar uninstall    Uninstall Pensar (keeps sessions, memories, skills)");
-  console.log("  pensar upgrade      Update pensar to the latest version");
-  console.log("  pensar help         Show this help message");
-  console.log("  pensar version      Show version number");
-  console.log("  pensar benchmark    Run the benchmark CLI");
-  console.log("  pensar quicktest    Run a quick penetration test");
-  console.log("  pensar pentest      Run a comprehensive penetration test");
-  console.log(
-    "  pensar swarm        Run parallel pentests on multiple targets"
-  );
-  console.log(
-    "  pensar auth         Connect to Pensar Console for managed inference"
-  );
-  console.log(
-    "  pensar projects     List workspace projects"
-  );
-  console.log(
-    "  pensar pentests     List and manage pentests"
-  );
-  console.log(
-    "  pensar issues       List and manage security issues"
-  );
-  console.log(
-    "  pensar fixes        View security fixes"
-  );
-  console.log(
-    "  pensar logs         View agent execution logs"
-  );
-  console.log();
-  console.log("Options:");
-  console.log("  -h, --help         Show this help message");
-  console.log("  -v, --version      Show version number");
-  console.log();
-  console.log("Benchmark Usage:");
-  console.log("  pensar benchmark <repo-path> [options] [branch1 branch2 ...]");
-  console.log();
-  console.log("Benchmark Options:");
-  console.log("  --all-branches       Test all branches in the repository");
-  console.log("  --limit <number>     Limit the number of branches to test");
-  console.log("  --skip <number>      Skip the first N branches");
-  console.log(
-    "  --model <model>      Specify the AI model to use (default: claude-sonnet-4-5)"
-  );
-  console.log();
-  console.log("Quicktest Usage:");
-  console.log(
-    "  pensar quicktest --target <target> --objective <objective> [options]"
-  );
-  console.log();
-  console.log("Quicktest Options:");
-  console.log(
-    "  --target <target>        Target URL or IP address to test (required)"
-  );
-  console.log(
-    "  --objective <objective>  Objective or goal of the pentest (required)"
-  );
-  console.log(
-    "  --model <model>          AI model to use (default: claude-sonnet-4-5)"
-  );
-  console.log(
-    "  --headers <mode>         Header mode: none, default, custom (default: default)"
-  );
-  console.log(
-    "  --header <name:value>    Add custom header (requires --headers custom)"
-  );
-  console.log();
-  console.log("Pentest Usage:");
-  console.log("  pensar pentest --target <target> [options]");
-  console.log();
-  console.log("Pentest Options:");
-  console.log(
-    "  --target <target>        Target domain or organization (required)"
-  );
-  console.log(
-    "  --model <model>          AI model to use (default: claude-sonnet-4-5)"
-  );
-  console.log(
-    "  --headers <mode>         Header mode: none, default, custom (default: default)"
-  );
-  console.log(
-    "  --header <name:value>    Add custom header (requires --headers custom)"
-  );
-  console.log();
-  console.log("Swarm Usage:");
-  console.log("  pensar swarm <targets> [options]");
-  console.log();
-  console.log("Swarm Arguments:");
-  console.log("  <targets>                JSON string or path to JSON file");
-  console.log();
-  console.log("Swarm Options:");
-  console.log(
-    "  --model <model>          AI model to use (default: claude-sonnet-4-5)"
-  );
-  console.log(
-    "  --headers <mode>         Header mode: none, default, custom (default: default)"
-  );
-  console.log(
-    "  --header <name:value>    Add custom header (requires --headers custom)"
-  );
-  console.log();
-  console.log("Auth Usage:");
-  console.log(
-    "  pensar auth              Login to Pensar Console (or show status if connected)"
-  );
-  console.log("  pensar auth login        Login to Pensar Console");
-  console.log("  pensar auth logout       Disconnect from Pensar Console");
-  console.log("  pensar auth status       Show connection status");
-  console.log();
-  console.log("Uninstall Usage:");
-  console.log(
-    "  pensar uninstall             Fully uninstall Pensar"
-  );
-  console.log(
-    "  pensar uninstall --force     Skip confirmation prompt"
-  );
-  console.log();
-  console.log("Header Modes (for quicktest, pentest, swarm):");
-  console.log("  none                     No custom headers added to requests");
-  console.log(
-    "  default                  Add 'User-Agent: pensar-apex' to all offensive requests"
-  );
-  console.log(
-    "  custom                   Use custom headers defined with --header flag"
-  );
-  console.log();
-  console.log("Examples:");
-  console.log("  pensar");
-  console.log("  pensar benchmark /path/to/vulnerable-app");
-  console.log("  pensar benchmark /path/to/app main develop");
-  console.log("  pensar benchmark /path/to/app --all-branches --limit 3");
-  console.log(
-    "  pensar quicktest --target http://localhost:3000 --objective 'Find SQL injection'"
-  );
-  console.log(
-    "  pensar quicktest --target api.example.com --objective 'API testing' --headers custom --header 'User-Agent: pensar_client123'"
-  );
-  console.log("  pensar pentest --target example.com");
-  console.log(
-    "  pensar pentest --target example.com --headers custom --header 'User-Agent: pensar_client123'"
-  );
-  console.log("  pensar swarm targets.json");
-  console.log("  pensar swarm targets.json --headers none");
-  console.log("  pensar auth");
-  console.log("  pensar auth status");
-  console.log("  pensar auth logout");
-  console.log();
-  console.log("Console API:");
-  console.log("  pensar projects");
-  console.log("  pensar pentests <projectId>");
-  console.log("  pensar issues <projectId>");
-  console.log("  pensar issues get <issueId>");
-  console.log("  pensar fixes <issueId>");
-  console.log("  pensar logs <issueId>");
-} else if (args.length === 0) {
-  // No command specified, run the TUI
-  const appPath = join(__dirname, "..", "build", "index.js");
-  await import(appPath);
-} else {
-  // Unknown command
-  console.error(`Error: Unknown command '${command}'`);
-  console.error();
-  console.error("Run 'pensar --help' for usage information");
-  process.exit(1);
+const cliPath = join(__dirname, "..", "build", "cli.js");
+
+// Under Node, try to re-exec under Bun if no subcommand given (TUI needs Bun)
+if (typeof globalThis.Bun === "undefined") {
+  const args = process.argv.slice(2);
+  if (args.length === 0) {
+    // No subcommand = TUI mode — try re-exec under Bun
+    const { execFileSync } = await import("child_process");
+    try {
+      execFileSync("bun", [__filename], { stdio: "inherit" });
+      process.exit(0);
+    } catch (err) {
+      if (err && typeof err === "object" && "code" in err && err.code === "ENOENT") {
+        console.error(
+          "TUI mode requires Bun. Install Bun (https://bun.sh) or use a standalone binary release for interactive mode.",
+        );
+        console.error("All other commands work with Node — run 'pensar --help'.");
+        process.exit(1);
+      }
+      if (err && typeof err === "object" && "status" in err) {
+        process.exit(err.status ?? 1);
+      }
+      process.exit(1);
+    }
+  }
+  process.env.PENSAR_NO_TUI = "1";
 }
+
+process.argv = [process.argv[0], cliPath, ...process.argv.slice(2)];
+await import(cliPath);

package/build/agent-5qdmmchx.js

@@ -0,0 +1,206 @@
+import {
+  WhiteboxAttackSurfaceResultSchema
+} from "./cli-2ckm5es2.js";
+import {
+  OffensiveSecurityAgent
+} from "./cli-r8r90gka.js";
+import"./cli-jh38b6zv.js";
+import {
+  hasToolCall,
+  tool
+} from "./cli-kqtgcdzn.js";
+import"./cli-j66pect7.js";
+import"./cli-bp6d08sg.js";
+import"./cli-jb0gcnrs.js";
+import"./cli-yj3dy0vg.js";
+import"./cli-15vxn9zj.js";
+import"./cli-7ckctq7a.js";
+import"./cli-8rxa073f.js";
+
+// src/core/agents/specialized/whiteboxAttackSurface/prompts.ts
+var WHITEBOX_ATTACK_SURFACE_SYSTEM_PROMPT = `You are an expert source-code analyst and orchestrator. Your mission is to comprehensively map the attack surface of a codebase by analyzing its source code directly.
+
+You operate completely autonomously. Do not ask for permission or wait for user input.
+
+# Your Goal
+
+Given a codebase path, you must:
+1. Identify the repository structure (monorepo vs single app, package manager, etc.)
+2. Discover every application/service defined in the repo
+3. For each app, enumerate ALL web pages and ALL API endpoints defined in the source code
+4. For each endpoint, generate specific pentest objectives
+
+# Tools at Your Disposal
+
+## list_files
+List directories to understand project structure. Start here.
+
+## read_file
+Read config files, entry points, route definitions, etc.
+
+## grep
+Your primary search tool. Use it to find route definitions, middleware, controllers, etc.
+
+## document_asset
+**Use this to document every significant asset you discover.** Each call persists a JSON record to the session's assets directory. Document:
+- Each application/service you identify (assetType: "web_application" or "api")
+- Notable subdomains or infrastructure you encounter (assetType: "subdomain", "infrastructure_service")
+- Key API endpoint groups or admin panels (assetType: "endpoint", "admin_panel")
+
+Call this throughout your analysis as you discover assets — don't wait until the end. Include relevant details like the technology stack, URL, authentication requirements, and risk level.
+
+## spawn_coding_agent
+**This is your key tool for scaling out analysis.** Spawn coding sub-agents to analyze individual apps in parallel for higher fidelity. Each sub-agent has full filesystem access (read_file, list_files, grep, execute_command).
+
+## submit_results
+Call this LAST with your complete structured results. This ends your run.
+
+# Methodology
+
+## Phase 1: REPO IDENTIFICATION (do this yourself — it's fast)
+1. List the root directory
+2. Read the top-level config files to determine:
+   - Package manager (package.json → npm/yarn/pnpm, requirements.txt → pip, Cargo.toml → cargo, go.mod → go, etc.)
+   - Repo structure (workspaces field in package.json → monorepo, multiple service dirs → multi-package, etc.)
+3. Identify all apps/services — look for:
+   - Monorepo workspace packages with their own entry points
+   - Separate service directories with their own configs
+   - A single app at the root
+
+## Phase 2: APP ANALYSIS (delegate to coding agents)
+For each app you identified, spawn a coding agent with a detailed objective. The objective should instruct the agent to:
+
+1. **Identify the framework** — read the app's config/entry point to determine the web framework
+2. **Find ALL web pages** — search for page/view/route definitions:
+   - React/Next.js: pages/ or app/ directory, route components
+   - Express: res.render(), res.sendFile(), static file serving
+   - Django: urls.py patterns pointing to template views
+   - Rails: routes.rb entries pointing to controller actions that render views
+   - Vue/Nuxt: pages/ directory, router definitions
+   - etc.
+3. **Find ALL API endpoints** — search for route/endpoint definitions:
+   - Express: app.get(), app.post(), router.get(), router.post(), etc.
+   - Next.js: app/api/ or pages/api/ route handlers
+   - Django: urls.py patterns pointing to API views, DRF viewsets/routers
+   - FastAPI: @app.get(), @app.post() decorators
+   - Rails: routes.rb API namespaces, controller actions
+   - Spring: @GetMapping, @PostMapping, @RequestMapping
+   - etc.
+4. **For each endpoint, determine**:
+   - HTTP method and route path
+   - Handler function/component name
+   - File location and line number
+   - Whether auth appears to be required (middleware, decorators, guards)
+   - Brief description of what it does
+5. **For each endpoint, generate pentest objectives** — specific, actionable testing goals like:
+   - "Test for SQL injection in the 'search' query parameter"
+   - "Test for IDOR by accessing /api/orders/{id} with other users' order IDs"
+   - "Test for XSS in the user profile name field"
+   - "Test for privilege escalation by accessing admin-only endpoint as regular user"
+   - "Test for CSRF on the password change endpoint"
+   - "Test for path traversal in the file download parameter"
+
+**IMPORTANT:** Tell each coding agent to output its findings in a STRUCTURED FORMAT that you can parse. Instruct it to use clear delimiters or a consistent format for each endpoint (method, path, handler, file, line, auth, description, pentest objectives).
+
+## Phase 3: COLLECT AND SUBMIT (do this yourself)
+1. Parse the output from all coding agents
+2. Assemble the complete structured result
+3. Call \`submit_results\` with the full data
+
+# Guidelines
+- Be thorough — every endpoint matters. Don't skip files or directories.
+- Delegate aggressively — spawn coding agents for each app to get high-fidelity results.
+- Give coding agents VERY detailed objectives — they work best with specific instructions about what to search for and how to report it.
+- Don't duplicate work — let the coding agents do the deep file-by-file analysis.
+- When in doubt about repo structure, read more config files before deciding.
+`;
+
+// src/core/agents/specialized/whiteboxAttackSurface/agent.ts
+class WhiteboxAttackSurfaceAgent extends OffensiveSecurityAgent {
+  constructor(opts) {
+    const {
+      model,
+      codebasePath,
+      session,
+      authConfig,
+      onStepFinish,
+      abortSignal,
+      callbacks,
+      attackSurfaceRegistry
+    } = opts;
+    let capturedResult = null;
+    const submitResultsTool = tool({
+      description: `Submit the final whitebox attack surface analysis results.
+
+Call this ONCE at the end with your complete structured findings.
+This ends the agent run — make sure all data is included.`,
+      inputSchema: WhiteboxAttackSurfaceResultSchema,
+      execute: async (results) => {
+        capturedResult = results;
+        return { success: true, message: "Results submitted." };
+      }
+    });
+    super({
+      system: WHITEBOX_ATTACK_SURFACE_SYSTEM_PROMPT,
+      prompt: buildPrompt(codebasePath),
+      model,
+      session,
+      authConfig,
+      onStepFinish,
+      abortSignal,
+      attackSurfaceRegistry,
+      callbacks,
+      subagentCallbacks: callbacks?.subagentCallbacks,
+      activeTools: [
+        "read_file",
+        "list_files",
+        "grep",
+        "document_asset",
+        "spawn_coding_agent",
+        "submit_results"
+      ],
+      extraTools: {
+        submit_results: submitResultsTool
+      },
+      stopWhen: hasToolCall("submit_results"),
+      resolveResult: () => {
+        if (capturedResult) {
+          return capturedResult;
+        }
+        return {
+          repoType: "unknown",
+          packageManager: "unknown",
+          apps: [],
+          summary: {
+            totalApps: 0,
+            totalPages: 0,
+            totalApiEndpoints: 0,
+            totalPentestObjectives: 0
+          }
+        };
+      }
+    });
+  }
+}
+function buildPrompt(codebasePath) {
+  return `# Whitebox Attack Surface Analysis
+
+## Codebase
+- **Path:** ${codebasePath}
+
+## Task
+Analyze this codebase and produce a complete attack surface map:
+1. Identify the repo type and package manager
+2. Discover all apps/services
+3. For each app, find all web pages and API endpoints
+4. For each endpoint, generate pentest objectives
+
+Use \`spawn_coding_agent\` to delegate app-level analysis for higher fidelity.
+
+When finished, call \`submit_results\` with the complete structured output.
+
+Begin now.`;
+}
+export {
+  WhiteboxAttackSurfaceAgent
+};

package/build/agent-s2z0dasf.js

@@ -0,0 +1,16 @@
+import {
+  CodeAgent
+} from "./cli-w04ggbe4.js";
+import"./cli-r8r90gka.js";
+import"./cli-jh38b6zv.js";
+import"./cli-kqtgcdzn.js";
+import"./cli-j66pect7.js";
+import"./cli-bp6d08sg.js";
+import"./cli-jb0gcnrs.js";
+import"./cli-yj3dy0vg.js";
+import"./cli-15vxn9zj.js";
+import"./cli-7ckctq7a.js";
+import"./cli-8rxa073f.js";
+export {
+  CodeAgent
+};