npm - @pensar/apex - Versions diffs - 0.0.13 → 0.0.15 - Mend

@pensar/apex 0.0.13 → 0.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/build/benchmark.js CHANGED Viewed

@@ -43280,54 +43280,9 @@ Create this POC, test it, then retry document_finding.`,
         };
         const safeTitle = finding2.title.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "").substring(0, 50);
         const findingId = `${timestamp.split("T")[0]}-${safeTitle}`;
-        const filename = `${findingId}.md`;
+        const filename = `${findingId}.json`;
         const filepath = join2(session.findingsPath, filename);
-        const markdown = `# ${finding2.title}
-**Severity:** ${finding2.severity}
-**Target:** ${session.target}
-**Date:** ${timestamp}
-**Session:** ${session.id}
-**POC:** \`${finding2.pocPath}\`
-## Description
-${finding2.description}
-## Impact
-${finding2.impact}
-## Evidence
-\`\`\`
-${finding2.evidence}
-\`\`\`
-## Proof of Concept
-A working POC script is available at: \`${finding2.pocPath}\`
-To reproduce this vulnerability, run:
-\`\`\`bash
-cd ${session.rootPath}
-./${finding2.pocPath}
-\`\`\`
-## Remediation
-${finding2.remediation}
-${finding2.references ? `## References
-${finding2.references}` : ""}
----
-*This finding was automatically documented by the Pensar penetration testing agent.*
-*POC verified and available at: ${finding2.pocPath}*
-`;
-        writeFileSync2(filepath, markdown);
+        writeFileSync2(filepath, JSON.stringify(findingWithMeta, null, 2));
         const summaryPath = join2(session.rootPath, "findings-summary.md");
         const summaryEntry = `- [${finding2.severity}] ${finding2.title} - \`findings/${filename}\` - POC: \`${finding2.pocPath}\`
 `;
@@ -44540,6 +44495,143 @@ function saveSubagentMessages(orchestratorSession, subagentId, messages) {
   fs.writeFileSync(`${subagentDir}/messages.json`, JSON.stringify(messages, null, 2));
 }
+// node_modules/yocto-queue/index.js
+class Node {
+  value;
+  next;
+  constructor(value) {
+    this.value = value;
+  }
+}
+class Queue {
+  #head;
+  #tail;
+  #size;
+  constructor() {
+    this.clear();
+  }
+  enqueue(value) {
+    const node = new Node(value);
+    if (this.#head) {
+      this.#tail.next = node;
+      this.#tail = node;
+    } else {
+      this.#head = node;
+      this.#tail = node;
+    }
+    this.#size++;
+  }
+  dequeue() {
+    const current = this.#head;
+    if (!current) {
+      return;
+    }
+    this.#head = this.#head.next;
+    this.#size--;
+    return current.value;
+  }
+  peek() {
+    if (!this.#head) {
+      return;
+    }
+    return this.#head.value;
+  }
+  clear() {
+    this.#head = undefined;
+    this.#tail = undefined;
+    this.#size = 0;
+  }
+  get size() {
+    return this.#size;
+  }
+  *[Symbol.iterator]() {
+    let current = this.#head;
+    while (current) {
+      yield current.value;
+      current = current.next;
+    }
+  }
+  *drain() {
+    while (this.#head) {
+      yield this.dequeue();
+    }
+  }
+}
+// node_modules/p-limit/index.js
+function pLimit(concurrency) {
+  validateConcurrency(concurrency);
+  const queue = new Queue;
+  let activeCount = 0;
+  const resumeNext = () => {
+    if (activeCount < concurrency && queue.size > 0) {
+      activeCount++;
+      queue.dequeue()();
+    }
+  };
+  const next = () => {
+    activeCount--;
+    resumeNext();
+  };
+  const run = async (function_, resolve2, arguments_) => {
+    const result = (async () => function_(...arguments_))();
+    resolve2(result);
+    try {
+      await result;
+    } catch {}
+    next();
+  };
+  const enqueue = (function_, resolve2, arguments_) => {
+    new Promise((internalResolve) => {
+      queue.enqueue(internalResolve);
+    }).then(run.bind(undefined, function_, resolve2, arguments_));
+    if (activeCount < concurrency) {
+      resumeNext();
+    }
+  };
+  const generator = (function_, ...arguments_) => new Promise((resolve2) => {
+    enqueue(function_, resolve2, arguments_);
+  });
+  Object.defineProperties(generator, {
+    activeCount: {
+      get: () => activeCount
+    },
+    pendingCount: {
+      get: () => queue.size
+    },
+    clearQueue: {
+      value() {
+        queue.clear();
+      }
+    },
+    concurrency: {
+      get: () => concurrency,
+      set(newConcurrency) {
+        validateConcurrency(newConcurrency);
+        concurrency = newConcurrency;
+        queueMicrotask(() => {
+          while (activeCount < concurrency && queue.size > 0) {
+            resumeNext();
+          }
+        });
+      }
+    },
+    map: {
+      async value(iterable, function_) {
+        const promises = Array.from(iterable, (value, index) => this(function_, value, index));
+        return Promise.all(promises);
+      }
+    }
+  });
+  return generator;
+}
+function validateConcurrency(concurrency) {
+  if (!((Number.isInteger(concurrency) || concurrency === Number.POSITIVE_INFINITY) && concurrency > 0)) {
+    throw new TypeError("Expected `concurrency` to be a number from 1 and up");
+  }
+}
 // src/core/agent/thoroughPentestAgent/agent.ts
 function runAgent3(opts) {
   const {
@@ -44780,7 +44872,8 @@ You can spawn multiple agents in parallel - they will run concurrently.`,
     execute: async ({ targets }) => {
       try {
         logger?.log(`[Orchestrator] Spawning ${targets.length} pentest agents...`);
-        const promises = targets.map(async (targetInfo, index) => {
+        const limit = pLimit(5);
+        const promises = targets.map((targetInfo, index) => limit(async () => {
           try {
             const { streamResult: result } = runAgent({
               session,
@@ -44900,7 +44993,7 @@ Objective: ${targetInfo.objective}`,
               error: error46.message
             };
           }
-        });
+        }));
         const results = await Promise.all(promises);
         const successful = results.filter((r) => r.success).length;
         const failed = results.filter((r) => !r.success).length;

package/build/index.js CHANGED Viewed

@@ -73392,54 +73392,9 @@ Create this POC, test it, then retry document_finding.`,
         };
         const safeTitle = finding2.title.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "").substring(0, 50);
         const findingId = `${timestamp.split("T")[0]}-${safeTitle}`;
-        const filename = `${findingId}.md`;
+        const filename = `${findingId}.json`;
         const filepath = join3(session.findingsPath, filename);
-        const markdown = `# ${finding2.title}
-**Severity:** ${finding2.severity}
-**Target:** ${session.target}
-**Date:** ${timestamp}
-**Session:** ${session.id}
-**POC:** \`${finding2.pocPath}\`
-## Description
-${finding2.description}
-## Impact
-${finding2.impact}
-## Evidence
-\`\`\`
-${finding2.evidence}
-\`\`\`
-## Proof of Concept
-A working POC script is available at: \`${finding2.pocPath}\`
-To reproduce this vulnerability, run:
-\`\`\`bash
-cd ${session.rootPath}
-./${finding2.pocPath}
-\`\`\`
-## Remediation
-${finding2.remediation}
-${finding2.references ? `## References
-${finding2.references}` : ""}
----
-*This finding was automatically documented by the Pensar penetration testing agent.*
-*POC verified and available at: ${finding2.pocPath}*
-`;
-        writeFileSync3(filepath, markdown);
+        writeFileSync3(filepath, JSON.stringify(findingWithMeta, null, 2));
         const summaryPath = join3(session.rootPath, "findings-summary.md");
         const summaryEntry = `- [${finding2.severity}] ${finding2.title} - \`findings/${filename}\` - POC: \`${finding2.pocPath}\`
 `;
@@ -77546,6 +77501,143 @@ You MUST provide the details final report using create_attack_surface_report too
   return { streamResult, session };
 }
+// node_modules/yocto-queue/index.js
+class Node {
+  value;
+  next;
+  constructor(value) {
+    this.value = value;
+  }
+}
+class Queue {
+  #head;
+  #tail;
+  #size;
+  constructor() {
+    this.clear();
+  }
+  enqueue(value) {
+    const node = new Node(value);
+    if (this.#head) {
+      this.#tail.next = node;
+      this.#tail = node;
+    } else {
+      this.#head = node;
+      this.#tail = node;
+    }
+    this.#size++;
+  }
+  dequeue() {
+    const current = this.#head;
+    if (!current) {
+      return;
+    }
+    this.#head = this.#head.next;
+    this.#size--;
+    return current.value;
+  }
+  peek() {
+    if (!this.#head) {
+      return;
+    }
+    return this.#head.value;
+  }
+  clear() {
+    this.#head = undefined;
+    this.#tail = undefined;
+    this.#size = 0;
+  }
+  get size() {
+    return this.#size;
+  }
+  *[Symbol.iterator]() {
+    let current = this.#head;
+    while (current) {
+      yield current.value;
+      current = current.next;
+    }
+  }
+  *drain() {
+    while (this.#head) {
+      yield this.dequeue();
+    }
+  }
+}
+// node_modules/p-limit/index.js
+function pLimit(concurrency) {
+  validateConcurrency(concurrency);
+  const queue = new Queue;
+  let activeCount = 0;
+  const resumeNext = () => {
+    if (activeCount < concurrency && queue.size > 0) {
+      activeCount++;
+      queue.dequeue()();
+    }
+  };
+  const next = () => {
+    activeCount--;
+    resumeNext();
+  };
+  const run = async (function_, resolve4, arguments_) => {
+    const result = (async () => function_(...arguments_))();
+    resolve4(result);
+    try {
+      await result;
+    } catch {}
+    next();
+  };
+  const enqueue = (function_, resolve4, arguments_) => {
+    new Promise((internalResolve) => {
+      queue.enqueue(internalResolve);
+    }).then(run.bind(undefined, function_, resolve4, arguments_));
+    if (activeCount < concurrency) {
+      resumeNext();
+    }
+  };
+  const generator = (function_, ...arguments_) => new Promise((resolve4) => {
+    enqueue(function_, resolve4, arguments_);
+  });
+  Object.defineProperties(generator, {
+    activeCount: {
+      get: () => activeCount
+    },
+    pendingCount: {
+      get: () => queue.size
+    },
+    clearQueue: {
+      value() {
+        queue.clear();
+      }
+    },
+    concurrency: {
+      get: () => concurrency,
+      set(newConcurrency) {
+        validateConcurrency(newConcurrency);
+        concurrency = newConcurrency;
+        queueMicrotask(() => {
+          while (activeCount < concurrency && queue.size > 0) {
+            resumeNext();
+          }
+        });
+      }
+    },
+    map: {
+      async value(iterable, function_) {
+        const promises = Array.from(iterable, (value, index) => this(function_, value, index));
+        return Promise.all(promises);
+      }
+    }
+  });
+  return generator;
+}
+function validateConcurrency(concurrency) {
+  if (!((Number.isInteger(concurrency) || concurrency === Number.POSITIVE_INFINITY) && concurrency > 0)) {
+    throw new TypeError("Expected `concurrency` to be a number from 1 and up");
+  }
+}
 // src/core/agent/thoroughPentestAgent/agent.ts
 function runAgent3(opts) {
   const {
@@ -77786,7 +77878,8 @@ You can spawn multiple agents in parallel - they will run concurrently.`,
     execute: async ({ targets }) => {
       try {
         logger?.log(`[Orchestrator] Spawning ${targets.length} pentest agents...`);
-        const promises = targets.map(async (targetInfo, index) => {
+        const limit = pLimit(5);
+        const promises = targets.map((targetInfo, index) => limit(async () => {
           try {
             const { streamResult: result } = runAgent({
               session,
@@ -77906,7 +77999,7 @@ Objective: ${targetInfo.objective}`,
               error: error46.message
             };
           }
-        });
+        }));
         const results = await Promise.all(promises);
         const successful = results.filter((r) => r.success).length;
         const failed = results.filter((r) => !r.success).length;

package/build/quicktest.js CHANGED Viewed

@@ -42026,54 +42026,9 @@ Create this POC, test it, then retry document_finding.`,
         };
         const safeTitle = finding2.title.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "").substring(0, 50);
         const findingId = `${timestamp.split("T")[0]}-${safeTitle}`;
-        const filename = `${findingId}.md`;
+        const filename = `${findingId}.json`;
         const filepath = join3(session.findingsPath, filename);
-        const markdown = `# ${finding2.title}
-**Severity:** ${finding2.severity}
-**Target:** ${session.target}
-**Date:** ${timestamp}
-**Session:** ${session.id}
-**POC:** \`${finding2.pocPath}\`
-## Description
-${finding2.description}
-## Impact
-${finding2.impact}
-## Evidence
-\`\`\`
-${finding2.evidence}
-\`\`\`
-## Proof of Concept
-A working POC script is available at: \`${finding2.pocPath}\`
-To reproduce this vulnerability, run:
-\`\`\`bash
-cd ${session.rootPath}
-./${finding2.pocPath}
-\`\`\`
-## Remediation
-${finding2.remediation}
-${finding2.references ? `## References
-${finding2.references}` : ""}
----
-*This finding was automatically documented by the Pensar penetration testing agent.*
-*POC verified and available at: ${finding2.pocPath}*
-`;
-        writeFileSync3(filepath, markdown);
+        writeFileSync3(filepath, JSON.stringify(findingWithMeta, null, 2));
         const summaryPath = join3(session.rootPath, "findings-summary.md");
         const summaryEntry = `- [${finding2.severity}] ${finding2.title} - \`findings/${filename}\` - POC: \`${finding2.pocPath}\`
 `;

package/build/swarm.js CHANGED Viewed

@@ -42026,54 +42026,9 @@ Create this POC, test it, then retry document_finding.`,
         };
         const safeTitle = finding2.title.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "").substring(0, 50);
         const findingId = `${timestamp.split("T")[0]}-${safeTitle}`;
-        const filename = `${findingId}.md`;
+        const filename = `${findingId}.json`;
         const filepath = join3(session.findingsPath, filename);
-        const markdown = `# ${finding2.title}
-**Severity:** ${finding2.severity}
-**Target:** ${session.target}
-**Date:** ${timestamp}
-**Session:** ${session.id}
-**POC:** \`${finding2.pocPath}\`
-## Description
-${finding2.description}
-## Impact
-${finding2.impact}
-## Evidence
-\`\`\`
-${finding2.evidence}
-\`\`\`
-## Proof of Concept
-A working POC script is available at: \`${finding2.pocPath}\`
-To reproduce this vulnerability, run:
-\`\`\`bash
-cd ${session.rootPath}
-./${finding2.pocPath}
-\`\`\`
-## Remediation
-${finding2.remediation}
-${finding2.references ? `## References
-${finding2.references}` : ""}
----
-*This finding was automatically documented by the Pensar penetration testing agent.*
-*POC verified and available at: ${finding2.pocPath}*
-`;
-        writeFileSync3(filepath, markdown);
+        writeFileSync3(filepath, JSON.stringify(findingWithMeta, null, 2));
         const summaryPath = join3(session.rootPath, "findings-summary.md");
         const summaryEntry = `- [${finding2.severity}] ${finding2.title} - \`findings/${filename}\` - POC: \`${finding2.pocPath}\`
 `;
@@ -42435,6 +42390,145 @@ Remember to follow a systematic methodology and explain your reasoning for each
 }
 // scripts/swarm.ts
 import { readFileSync as readFileSync4 } from "fs";
+// node_modules/yocto-queue/index.js
+class Node {
+  value;
+  next;
+  constructor(value) {
+    this.value = value;
+  }
+}
+class Queue {
+  #head;
+  #tail;
+  #size;
+  constructor() {
+    this.clear();
+  }
+  enqueue(value) {
+    const node = new Node(value);
+    if (this.#head) {
+      this.#tail.next = node;
+      this.#tail = node;
+    } else {
+      this.#head = node;
+      this.#tail = node;
+    }
+    this.#size++;
+  }
+  dequeue() {
+    const current = this.#head;
+    if (!current) {
+      return;
+    }
+    this.#head = this.#head.next;
+    this.#size--;
+    return current.value;
+  }
+  peek() {
+    if (!this.#head) {
+      return;
+    }
+    return this.#head.value;
+  }
+  clear() {
+    this.#head = undefined;
+    this.#tail = undefined;
+    this.#size = 0;
+  }
+  get size() {
+    return this.#size;
+  }
+  *[Symbol.iterator]() {
+    let current = this.#head;
+    while (current) {
+      yield current.value;
+      current = current.next;
+    }
+  }
+  *drain() {
+    while (this.#head) {
+      yield this.dequeue();
+    }
+  }
+}
+// node_modules/p-limit/index.js
+function pLimit(concurrency) {
+  validateConcurrency(concurrency);
+  const queue = new Queue;
+  let activeCount = 0;
+  const resumeNext = () => {
+    if (activeCount < concurrency && queue.size > 0) {
+      activeCount++;
+      queue.dequeue()();
+    }
+  };
+  const next = () => {
+    activeCount--;
+    resumeNext();
+  };
+  const run = async (function_, resolve2, arguments_) => {
+    const result = (async () => function_(...arguments_))();
+    resolve2(result);
+    try {
+      await result;
+    } catch {}
+    next();
+  };
+  const enqueue = (function_, resolve2, arguments_) => {
+    new Promise((internalResolve) => {
+      queue.enqueue(internalResolve);
+    }).then(run.bind(undefined, function_, resolve2, arguments_));
+    if (activeCount < concurrency) {
+      resumeNext();
+    }
+  };
+  const generator = (function_, ...arguments_) => new Promise((resolve2) => {
+    enqueue(function_, resolve2, arguments_);
+  });
+  Object.defineProperties(generator, {
+    activeCount: {
+      get: () => activeCount
+    },
+    pendingCount: {
+      get: () => queue.size
+    },
+    clearQueue: {
+      value() {
+        queue.clear();
+      }
+    },
+    concurrency: {
+      get: () => concurrency,
+      set(newConcurrency) {
+        validateConcurrency(newConcurrency);
+        concurrency = newConcurrency;
+        queueMicrotask(() => {
+          while (activeCount < concurrency && queue.size > 0) {
+            resumeNext();
+          }
+        });
+      }
+    },
+    map: {
+      async value(iterable, function_) {
+        const promises = Array.from(iterable, (value, index) => this(function_, value, index));
+        return Promise.all(promises);
+      }
+    }
+  });
+  return generator;
+}
+function validateConcurrency(concurrency) {
+  if (!((Number.isInteger(concurrency) || concurrency === Number.POSITIVE_INFINITY) && concurrency > 0)) {
+    throw new TypeError("Expected `concurrency` to be a number from 1 and up");
+  }
+}
+// scripts/swarm.ts
 var TargetSchema = exports_external.array(exports_external.object({
   target: exports_external.string().describe("The target to perform a pentest on"),
   objective: exports_external.string().describe("The objective of the pentest")
@@ -42478,7 +42572,8 @@ async function swarm(options) {
   }
   const session = createSession("swarm", "Multi-target swarm pentest");
   const results = [];
-  const promises = targetsArray.map(async (target, idx) => {
+  const limit = pLimit(5);
+  const promises = targetsArray.map((target, idx) => limit(async () => {
     if (!silent) {
       console.log("=".repeat(80));
       console.log(`[${idx + 1}/${targetsArray.length}] Starting pentest for: ${target.target}`);
@@ -42518,8 +42613,8 @@ async function swarm(options) {
         error: error46.message
       });
     }
-  });
-  await Promise.all(promises);
+  }));
+  await Promise.allSettled(promises);
   if (!silent) {
     console.log("=".repeat(80));
     console.log("SWARM PENTEST SUMMARY");
@@ -42616,7 +42711,9 @@ async function main() {
       objective: session.objective
     }, null, 2));
   } catch (error46) {
-    console.error("Fatal error:", error46.message);
+    if (!silent) {
+      console.error("Fatal error:", error46.message);
+    }
     process.exit(1);
   }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@pensar/apex",
-  "version": "0.0.13",
+  "version": "0.0.15",
   "description": "AI-powered penetration testing CLI tool with terminal UI",
   "module": "src/tui/index.tsx",
   "main": "build/index.js",
@@ -59,6 +59,7 @@
     "@opentui/react": "0.1.26",
     "ai": "^5.0.68",
     "marked": "^16.4.0",
+    "p-limit": "^7.2.0",
     "react": "^19.2.0",
     "sharp": "^0.34.4",
     "zod": "^4.1.12"