@pensar/apex 0.0.113 → 0.0.114-canary.2aa9b7e6

package/README.md

@@ -1,6 +1,8 @@
 <h1 align="center">Pensar Apex</h1>
 
-<p align="center">AI-powered penetration testing using an AI agent to perform comprehensive blackbox and whitebox pentesting - directly in your terminal.
+<p align="center">
+AI-powered penetration testing using autonomous agents — directly in your terminal. Run blackbox and whitebox pentests that explore, reason, and surface real vulnerabilities.
+
 </p>
 
 <p align="center">
@@ -20,52 +22,50 @@ Want to run from the cloud or integrate it with your CI/CD? See <a href="https:/
   <img src="screenshot.png" alt="Pensar Apex Screenshot" width="800">
 </p> -->
 
-## Use Cases
+## What is Apex?
 
-Apex enables both developers and security professionals to run autonomous and assisted penetration testing directly from the terminal.
+Apex is an autonomous penetration testing agent that runs directly in your terminal.
 
-### Developers: Run a Pentest in Minutes
+It doesn't wrap existing scanners or chain shell scripts. Apex deploys a **swarm of specialized AI agents** — each with domain expertise in reconnaissance, authentication analysis, exploitation, and code review — that coordinate a real penetration test against your application. Every finding comes with CVSS 4.0 scoring, CWE classification, evidence, and a validated proof-of-concept.
 
-Apex makes it easy for developers to run a real penetration test without needing deep offensive security expertise.
+The result is a pentest that runs like `npm test` — but thinks like a red team.
 
-Using the autonomous `/pentest` mode, Apex will perform reconnaissance, attack surface discovery, vulnerability testing, and exploitation attempts automatically.
+## Why Apex?
 
-This allows teams to quickly identify security issues before they reach production.
+Traditional scanners execute signatures. Apex executes a methodology.
 
-```bash
-/pentest
-```
+- **Swarm architecture** - Specialized agents run in parallel across your attack surface, the same way a real red team divides and conquers. Up to 10 concurrent agents, each scoped to a specific objective.
+- **Structured, auditable output** - Every vulnerability is automatically scored (CVSS 4.0), classified (CWE), and documented with evidence and remediation steps. No raw tool dumps.
+- **Real exploitation, not guesswork** - Apex writes, runs, and validates proof-of-concept scripts. If the PoC doesn't succeed, it pivots to a different technique.
+- **Blackbox and whitebox** - Test a live target with no source access, or analyze your codebase to map endpoints and test them against a running instance.
+- **30+ built-in tools** - Browser automation, shell execution, HTTP requests, file analysis, web search for CVE lookups, authenticated crawling, and more. Optional Kali Linux container adds 25+ offensive security tools (nmap, sqlmap, hydra, hashcat, gobuster, and others).
 
-Examples:
+## Two Modes
 
-- Test a staging environment before deploying
-- Scan a newly launched domain or API
-- Run quick security checks during development
-- Identify exposed services or misconfigurations
+### `/pentest` — Autonomous
 
-This is the **fastest way to get real pentesting coverage without becoming a security expert.**
+Fire and forget. Apex runs a full engagement end-to-end: attack surface discovery, parallel swarm testing, and a structured report with findings in Markdown and JSON. No security expertise required.
 
----
+### `/operator` — Interactive
 
-### Security Engineers: Advanced Operator Workflows
+Full control. Steer the agent step by step, approve each action, chain exploits manually, and dig deep into specific targets. Every tool is available. The approval gate holds until you say go.
 
-Security professionals can use Apex as an **agentic offensive security harness** that orchestrates tools and reasoning workflows.
+Start with `/pentest` to get coverage, then reopen the session in `/operator` to investigate specific findings — all context carries over.
 
-The `/operator` mode allows engineers to work interactively with the Offensive Security Agent, guiding investigations and chaining tools dynamically.
+## Use Cases
 
-```bash
-/operator
-```
+### Developers
 
-Examples:
+- Run `/pentest` before merging a PR — catch vulnerabilities as naturally as running tests
+- Get actionable findings with severity scores, evidence, and suggested fixes — no security background needed
+- Integrate into CI/CD via headless CLI commands or Pensar Console
 
-- Deep investigation of suspicious endpoints
-- Manual exploitation of discovered vulnerabilities
-- Tool orchestration across recon and exploitation phases
-- Validation and reproduction of vulnerabilities
-- Open-source security research / testing
+### Security Engineers
 
-This turns Apex into a **terminal-native AI pentesting partner** rather than just a scanner.
+- Deploy agent-driven swarm testing across large attack surfaces
+- Use `/operator` mode for manual investigation, exploit chaining, and validation
+- Automate repetitive testing workflows with persistent memory that accumulates across engagements
+- Scale across teams and projects through Pensar Console
 
 ## Installation
 
@@ -82,18 +82,18 @@ brew tap pensarai/tap
 brew install apex
 ```
 
-#### Windows (PowerShell)
-
-```powershell
-irm https://www.pensarai.com/apex.ps1 | iex
-```
-
 #### npm
 
 ```bash
 npm install -g @pensar/apex
 ```
 
+#### Windows (PowerShell)
+
+```powershell
+irm https://www.pensarai.com/apex.ps1 | iex
+```
+
 ## Usage
 
 Open the Apex TUI:

package/build/{agent-k1n19b3w.js → agent-hfxqch32.js}

@@ -1,18 +1,18 @@
 import {
   WhiteboxAttackSurfaceResultSchema
-} from "./cli-4sxvxwcb.js";
+} from "./cli-xpcmmk4s.js";
 import {
   OffensiveSecurityAgent
-} from "./cli-t7dpdkd6.js";
-import"./cli-wqh6md2n.js";
+} from "./cli-xqh0sm9a.js";
+import"./cli-fjh1rynt.js";
 import {
   hasToolCall,
   tool
-} from "./cli-j6qdxby9.js";
-import"./cli-yc2cs5cs.js";
-import"./cli-qeg15dzj.js";
-import"./cli-6nhtpv4g.js";
-import"./cli-mnqb1xvt.js";
+} from "./cli-af9y0skb.js";
+import"./cli-q4vjhqrt.js";
+import"./cli-4k5wphws.js";
+import"./cli-6yhfhvnd.js";
+import"./cli-y48f3wn1.js";
 import"./cli-0tpx8khk.js";
 import"./cli-7ckctq7a.js";
 import"./cli-8rxa073f.js";

package/build/agent-y1e1k3sh.js

@@ -0,0 +1,16 @@
+import {
+  CodeAgent
+} from "./cli-nbshw8yp.js";
+import"./cli-xqh0sm9a.js";
+import"./cli-fjh1rynt.js";
+import"./cli-af9y0skb.js";
+import"./cli-q4vjhqrt.js";
+import"./cli-4k5wphws.js";
+import"./cli-6yhfhvnd.js";
+import"./cli-y48f3wn1.js";
+import"./cli-0tpx8khk.js";
+import"./cli-7ckctq7a.js";
+import"./cli-8rxa073f.js";
+export {
+  CodeAgent
+};

package/build/{auth-a0ftn8cb.js → auth-3j6t0z6j.js}

@@ -8,14 +8,14 @@ import {
   pollWorkOSToken,
   selectWorkspace,
   startDeviceFlow
-} from "./cli-yc2cs5cs.js";
+} from "./cli-q4vjhqrt.js";
 import {
   config,
   getPensarApiUrl,
   getPensarConsoleUrl
-} from "./cli-qeg15dzj.js";
-import"./cli-6nhtpv4g.js";
-import"./cli-mnqb1xvt.js";
+} from "./cli-4k5wphws.js";
+import"./cli-6yhfhvnd.js";
+import"./cli-y48f3wn1.js";
 import {
   __require
 } from "./cli-8rxa073f.js";

package/build/{authentication-vjefzf37.js → authentication-46ds8cb6.js}

@@ -3,15 +3,15 @@ import {
 } from "./cli-6gtnyaqf.js";
 import {
   OffensiveSecurityAgent
-} from "./cli-t7dpdkd6.js";
-import"./cli-wqh6md2n.js";
+} from "./cli-xqh0sm9a.js";
+import"./cli-fjh1rynt.js";
 import {
   hasToolCall
-} from "./cli-j6qdxby9.js";
-import"./cli-yc2cs5cs.js";
-import"./cli-qeg15dzj.js";
-import"./cli-6nhtpv4g.js";
-import"./cli-mnqb1xvt.js";
+} from "./cli-af9y0skb.js";
+import"./cli-q4vjhqrt.js";
+import"./cli-4k5wphws.js";
+import"./cli-6yhfhvnd.js";
+import"./cli-y48f3wn1.js";
 import"./cli-0tpx8khk.js";
 import"./cli-7ckctq7a.js";
 import"./cli-8rxa073f.js";

package/build/blackboxAgent-mrh58awg.js

@@ -0,0 +1,17 @@
+import {
+  BlackboxAttackSurfaceAgent
+} from "./cli-gh26tyfd.js";
+import"./cli-6gtnyaqf.js";
+import"./cli-xqh0sm9a.js";
+import"./cli-fjh1rynt.js";
+import"./cli-af9y0skb.js";
+import"./cli-q4vjhqrt.js";
+import"./cli-4k5wphws.js";
+import"./cli-6yhfhvnd.js";
+import"./cli-y48f3wn1.js";
+import"./cli-0tpx8khk.js";
+import"./cli-7ckctq7a.js";
+import"./cli-8rxa073f.js";
+export {
+  BlackboxAttackSurfaceAgent
+};

package/build/{blackboxPentest-26japf1w.js → blackboxPentest-g70cdden.js}

@@ -1,18 +1,18 @@
 import {
   runPentestWorkflow
-} from "./cli-tat7hrek.js";
-import"./cli-0v3p48tt.js";
-import"./cli-7kpzf8kz.js";
-import"./cli-4sxvxwcb.js";
-import"./cli-065mgjsh.js";
+} from "./cli-ktbbfzsq.js";
+import"./cli-2b4as9rh.js";
+import"./cli-nbshw8yp.js";
+import"./cli-xpcmmk4s.js";
+import"./cli-gh26tyfd.js";
 import"./cli-6gtnyaqf.js";
-import"./cli-t7dpdkd6.js";
-import"./cli-wqh6md2n.js";
-import"./cli-j6qdxby9.js";
-import"./cli-yc2cs5cs.js";
-import"./cli-qeg15dzj.js";
-import"./cli-6nhtpv4g.js";
-import"./cli-mnqb1xvt.js";
+import"./cli-xqh0sm9a.js";
+import"./cli-fjh1rynt.js";
+import"./cli-af9y0skb.js";
+import"./cli-q4vjhqrt.js";
+import"./cli-4k5wphws.js";
+import"./cli-6yhfhvnd.js";
+import"./cli-y48f3wn1.js";
 import"./cli-0tpx8khk.js";
 import"./cli-7ckctq7a.js";
 import"./cli-8rxa073f.js";

package/build/{cli-0v3p48tt.js → cli-2b4as9rh.js}

@@ -1,10 +1,10 @@
 import {
   OffensiveSecurityAgent
-} from "./cli-t7dpdkd6.js";
+} from "./cli-xqh0sm9a.js";
 import {
   exports_external,
   init_zod
-} from "./cli-j6qdxby9.js";
+} from "./cli-af9y0skb.js";
 
 // src/core/agents/specialized/pentest/agent.ts
 init_zod();

package/build/{cli-qeg15dzj.js → cli-4k5wphws.js}

@@ -2,7 +2,7 @@ import {
   get,
   init,
   update
-} from "./cli-6nhtpv4g.js";
+} from "./cli-6yhfhvnd.js";
 
 // src/core/api/constants.ts
 var PENSAR_API_BASE_URL = "https://api.pensar.dev";

package/build/{cli-6nhtpv4g.js → cli-6yhfhvnd.js}

@@ -1,6 +1,6 @@
 import {
   getCurrentVersion
-} from "./cli-mnqb1xvt.js";
+} from "./cli-y48f3wn1.js";
 
 // src/core/config/config.ts
 import os from "os";

package/build/{cli-j6qdxby9.js → cli-af9y0skb.js}

@@ -1,11 +1,11 @@
 import {
   signGatewayRequest
-} from "./cli-yc2cs5cs.js";
+} from "./cli-q4vjhqrt.js";
 import {
   config,
   ensureValidToken,
   getPensarGatewayUrl
-} from "./cli-qeg15dzj.js";
+} from "./cli-4k5wphws.js";
 import {
   getModelInfo
 } from "./cli-0tpx8khk.js";
@@ -56496,8 +56496,8 @@ function streamResponse(opts) {
     authConfig,
     onFinish
   } = opts;
-  const onStepFinish = (step) => {
-    userOnStepFinish?.(step);
+  const onStepFinish = async (step) => {
+    await userOnStepFinish?.(step);
     if (_usageCallback) {
       const inp = step.usage?.inputTokens ?? 0;
       const out = step.usage?.outputTokens ?? 0;

package/build/{cli-g0r410cd.js → cli-eskw18a0.js}

@@ -2,7 +2,7 @@ import {
   config,
   ensureValidToken,
   getPensarApiUrl
-} from "./cli-qeg15dzj.js";
+} from "./cli-4k5wphws.js";
 
 // src/core/api/issues.ts
 async function getAuthHeaders() {

package/build/{cli-wqh6md2n.js → cli-fjh1rynt.js}

@@ -3,7 +3,7 @@ import {
   generateObjectResponse,
   init_zod,
   zod_default
-} from "./cli-j6qdxby9.js";
+} from "./cli-af9y0skb.js";
 import {
   __callDispose,
   __esm,

package/build/{cli-065mgjsh.js → cli-gh26tyfd.js}

@@ -3,11 +3,11 @@ import {
 } from "./cli-6gtnyaqf.js";
 import {
   OffensiveSecurityAgent
-} from "./cli-t7dpdkd6.js";
+} from "./cli-xqh0sm9a.js";
 import {
   hasToolCall,
   stepCountIs
-} from "./cli-j6qdxby9.js";
+} from "./cli-af9y0skb.js";
 
 // src/core/agents/specialized/attackSurface/blackboxAgent.ts
 import { join } from "path";

package/build/{cli-tat7hrek.js → cli-ktbbfzsq.js}

@@ -1,23 +1,23 @@
 import {
   TargetedPentestAgent
-} from "./cli-0v3p48tt.js";
+} from "./cli-2b4as9rh.js";
 import {
   CodeAgent
-} from "./cli-7kpzf8kz.js";
+} from "./cli-nbshw8yp.js";
 import {
   EndpointSchema
-} from "./cli-4sxvxwcb.js";
+} from "./cli-xpcmmk4s.js";
 import {
   BlackboxAttackSurfaceAgent
-} from "./cli-065mgjsh.js";
+} from "./cli-gh26tyfd.js";
 import {
   CweEntrySchema,
   FindingsRegistry
-} from "./cli-t7dpdkd6.js";
+} from "./cli-xqh0sm9a.js";
 import {
   exports_external,
   init_zod
-} from "./cli-j6qdxby9.js";
+} from "./cli-af9y0skb.js";
 
 // src/core/workflows/pentest.ts
 import { existsSync as existsSync4, readdirSync as readdirSync2, readFileSync as readFileSync4, writeFileSync as writeFileSync3 } from "fs";

package/build/{cli-7kpzf8kz.js → cli-nbshw8yp.js}

@@ -1,9 +1,9 @@
 import {
   OffensiveSecurityAgent
-} from "./cli-t7dpdkd6.js";
+} from "./cli-xqh0sm9a.js";
 import {
   stepCountIs
-} from "./cli-j6qdxby9.js";
+} from "./cli-af9y0skb.js";
 
 // src/core/agents/specialized/codeAgent/prompts.ts
 var CODE_AGENT_SYSTEM_PROMPT = `You are an expert coding agent with direct filesystem access. You will be given a specific objective — focus exclusively on completing it.

package/build/{cli-yc2cs5cs.js → cli-q4vjhqrt.js}

@@ -3,7 +3,7 @@ import {
   ensureValidToken,
   getPensarApiUrl,
   getPensarGatewayUrl
-} from "./cli-qeg15dzj.js";
+} from "./cli-4k5wphws.js";
 
 // src/core/auth/device-flow.ts
 function sleep(ms) {

package/build/{cli-4sxvxwcb.js → cli-xpcmmk4s.js}

@@ -1,7 +1,7 @@
 import {
   exports_external,
   init_zod
-} from "./cli-j6qdxby9.js";
+} from "./cli-af9y0skb.js";
 
 // src/core/agents/specialized/whiteboxAttackSurface/types.ts
 init_zod();

package/build/{cli-t7dpdkd6.js → cli-xqh0sm9a.js}

@@ -17,7 +17,7 @@ import {
   update,
   write,
   writeRaw
-} from "./cli-wqh6md2n.js";
+} from "./cli-fjh1rynt.js";
 import {
   _enum,
   _null,
@@ -46,18 +46,18 @@ import {
   union,
   unknown,
   zod_default
-} from "./cli-j6qdxby9.js";
+} from "./cli-af9y0skb.js";
 import {
   signGatewayRequest
-} from "./cli-yc2cs5cs.js";
+} from "./cli-q4vjhqrt.js";
 import {
   config,
   ensureValidToken,
   getPensarApiUrl
-} from "./cli-qeg15dzj.js";
+} from "./cli-4k5wphws.js";
 import {
   getCurrentVersion
-} from "./cli-mnqb1xvt.js";
+} from "./cli-y48f3wn1.js";
 import {
   __commonJS,
   __require,
@@ -90666,7 +90666,7 @@ When to use delegate_to_auth_subagent vs authenticate_session:
         if (credentials) {
           ctx.session.credentialManager.addFromAuthCredentials(credentials);
         }
-        const { runAuthenticationAgent } = await import("./authentication-vjefzf37.js");
+        const { runAuthenticationAgent } = await import("./authentication-46ds8cb6.js");
         const subagentCallbacks = cbs ? {
           onTextDelta: (d) => cbs.onTextDelta?.({ ...d, subagentId }),
           onToolCall: (d) => cbs.onToolCall?.({ ...d, subagentId }),
@@ -91568,7 +91568,7 @@ should be passed directly to spawn_pentest_swarm for deep testing.`,
       });
       if (cwd) {
         try {
-          const { WhiteboxAttackSurfaceAgent } = await import("./agent-k1n19b3w.js");
+          const { WhiteboxAttackSurfaceAgent } = await import("./agent-hfxqch32.js");
           const agent = new WhiteboxAttackSurfaceAgent({
             codebasePath: cwd,
             model: ctx.model,
@@ -91620,7 +91620,7 @@ should be passed directly to spawn_pentest_swarm for deep testing.`,
         }
       }
       try {
-        const { BlackboxAttackSurfaceAgent } = await import("./blackboxAgent-dq8eany1.js");
+        const { BlackboxAttackSurfaceAgent } = await import("./blackboxAgent-mrh58awg.js");
         const agent = new BlackboxAttackSurfaceAgent({
           target,
           model: ctx.model,
@@ -91699,7 +91699,7 @@ Pass every target you want tested — the swarm handles concurrency automaticall
       toolCallDescription: exports_external.string().describe("A concise, human-readable description of what this tool call is doing")
     }),
     execute: async ({ targets }) => {
-      const { runPentestSwarm, DEFAULT_CONCURRENCY } = await import("./pentest-agm6pqh1.js");
+      const { runPentestSwarm, DEFAULT_CONCURRENCY } = await import("./pentest-xzqn3szz.js");
       if (!ctx.model) {
         return {
           success: false,
@@ -91826,7 +91826,7 @@ Returns an array of results with the text output from each agent.`,
   });
 }
 async function runSingleCodingAgent(ctx, codebasePath, objective, agentIndex, name) {
-  const { CodeAgent } = await import("./agent-cff8va32.js");
+  const { CodeAgent } = await import("./agent-y1e1k3sh.js");
   const subagentId = `coding-agent-${agentIndex}`;
   ctx.subagentCallbacks?.onSubagentSpawn?.({
     subagentId,
@@ -95270,6 +95270,32 @@ BEST PRACTICES:
     }
   });
 }
+// src/core/agents/offSecAgent/tools/readSkill.ts
+init_zod();
+function readSkill(ctx) {
+  return tool({
+    description: "Load a skill's full instructions by name from the available skills catalog.",
+    inputSchema: exports_external.object({
+      name: exports_external.string().describe("Skill slug from the available skills catalog"),
+      toolCallDescription: exports_external.string().describe("A concise, human-readable description of what this tool call is doing")
+    }),
+    execute: async ({ name }) => {
+      if (!ctx.skillsRegistry) {
+        return { success: false, error: "Skills not available" };
+      }
+      try {
+        const { name: skillName, content } = await ctx.skillsRegistry.readSkillContent(name);
+        return { success: true, name: skillName, content };
+      } catch {
+        const available = ctx.skillsRegistry.list().map((e) => e.slug).join(", ");
+        return {
+          success: false,
+          error: `Unknown skill "${name}". Available: ${available}`
+        };
+      }
+    }
+  });
+}
 // src/core/agents/offSecAgent/tools/index.ts
 function createAllTools(ctx) {
   return {
@@ -95307,7 +95333,8 @@ function createAllTools(ctx) {
     email_search_messages: emailSearchMessages(ctx),
     email_get_message: emailGetMessage(ctx),
     web_search: webSearch(ctx),
-    get_page: getPage(ctx)
+    get_page: getPage(ctx),
+    ...ctx.skillsRegistry ? { read_skill: readSkill(ctx) } : {}
   };
 }
 var ALL_TOOL_NAMES = [
@@ -95383,6 +95410,7 @@ var PLAN_MODE_TOOL_NAMES = [
   "web_search",
   "get_page"
 ];
+var SKILL_TOOL_NAMES = ["read_skill"];
 
 // src/core/agents/offSecAgent/tools/response.ts
 init_zod();
@@ -96486,7 +96514,8 @@ class OffensiveSecurityAgent {
       attackSurfaceRegistry: input.attackSurfaceRegistry,
       credentialManager,
       persistentShell: this.persistentShell,
-      onCommandOutput: input.callbacks?.onCommandOutput
+      onCommandOutput: input.callbacks?.onCommandOutput,
+      skillsRegistry: input.skillsRegistry
     });
     let tools = input.extraTools ? { ...builtinTools, ...input.extraTools } : { ...builtinTools };
     if (input.approvalGate) {
@@ -96565,13 +96594,13 @@ class OffensiveSecurityAgent {
       activeTools,
       stopWhen,
       toolChoice: "auto",
-      onStepFinish: (event) => {
+      onStepFinish: async (event) => {
         latestMessages = [
           ...initialMessagesRef.current,
           ...event.response.messages
         ];
         schedulePersist();
-        input.onStepFinish?.(event);
+        await input.onStepFinish?.(event);
       },
       onSummarized: () => {
         initialMessagesRef.current = [];
@@ -96698,4 +96727,4 @@ function wrapToolsWithApprovalGate(tools, gate) {
   return wrapped;
 }
 
-export { CweEntrySchema, FindingsRegistry, ALL_TOOL_NAMES, PLAN_MODE_TOOL_NAMES, BASE_SYSTEM_PROMPT, createInitialOperatorState, ApprovalGate, normalizeMessages, sessions, OffensiveSecurityAgent };
+export { CweEntrySchema, FindingsRegistry, ALL_TOOL_NAMES, PLAN_MODE_TOOL_NAMES, SKILL_TOOL_NAMES, BASE_SYSTEM_PROMPT, createInitialOperatorState, ApprovalGate, normalizeMessages, sessions, OffensiveSecurityAgent };

package/build/{cli-mnqb1xvt.js → cli-y48f3wn1.js}

@@ -3,7 +3,7 @@ import { spawnSync } from "child_process";
 // package.json
 var package_default = {
   name: "@pensar/apex",
-  version: "0.0.113",
+  version: "0.0.114-canary.2aa9b7e6",
   description: "AI-powered penetration testing CLI tool with terminal UI",
   module: "src/tui/index.tsx",
   main: "build/cli.js",