@pensar/apex 0.0.28 → 0.0.29

package/build/benchmark.js

@@ -62994,7 +62994,7 @@ var require_dist_cjs77 = __commonJS((exports) => {
 
 // node_modules/@smithy/util-waiter/dist-cjs/index.js
 var require_dist_cjs78 = __commonJS((exports) => {
-  var sleep = (seconds) => {
+  var sleep2 = (seconds) => {
     return new Promise((resolve3) => setTimeout(resolve3, seconds * 1000));
   };
   var waiterServiceDefaults = {
@@ -63061,7 +63061,7 @@ var require_dist_cjs78 = __commonJS((exports) => {
       if (Date.now() + delay2 * 1000 > waitUntil) {
         return { state: exports.WaiterState.TIMEOUT, observedResponses };
       }
-      await sleep(delay2);
+      await sleep2(delay2);
       const { state: state2, reason: reason2 } = await acceptorChecks(client, input);
       if (reason2) {
         const message = createMessageFromResponse(reason2);
@@ -121014,8 +121014,8 @@ function createAnthropic(options = {}) {
 }
 var anthropic = createAnthropic();
 
-// src/core/ai/models.ts
-var AVAILABLE_MODELS = [
+// src/core/ai/models/anthropic.ts
+var ANTHROPIC_MODELS = [
   {
     id: "claude-haiku-4-5",
     name: "Claude Haiku 4.5",
@@ -121099,55 +121099,11 @@ var AVAILABLE_MODELS = [
     name: "Claude 3 Haiku (2024-03-07)",
     provider: "anthropic",
     contextLength: 200000
-  },
-  {
-    id: "gpt-4.5-turbo",
-    name: "GPT-4.5 Turbo",
-    provider: "openai",
-    contextLength: 128000
-  },
-  {
-    id: "gpt-4o",
-    name: "GPT-4o",
-    provider: "openai",
-    contextLength: 128000
-  },
-  {
-    id: "gpt-4o-mini",
-    name: "GPT-4o Mini",
-    provider: "openai",
-    contextLength: 128000
-  },
-  {
-    id: "gpt-4-turbo",
-    name: "GPT-4 Turbo",
-    provider: "openai",
-    contextLength: 128000
-  },
-  {
-    id: "gpt-4",
-    name: "GPT-4",
-    provider: "openai",
-    contextLength: 8192
-  },
-  {
-    id: "gpt-3.5-turbo",
-    name: "GPT-3.5 Turbo",
-    provider: "openai",
-    contextLength: 16385
-  },
-  {
-    id: "o1",
-    name: "O1",
-    provider: "openai",
-    contextLength: 200000
-  },
-  {
-    id: "o1-mini",
-    name: "O1 Mini",
-    provider: "openai",
-    contextLength: 128000
-  },
+  }
+];
+
+// src/core/ai/models/openrouter.ts
+var OPENROUTER_MODELS = [
   {
     id: "anthropic/claude-haiku-4.5",
     name: "Claude Haiku 4.5 (OpenRouter)",
@@ -121267,28 +121223,62 @@ var AVAILABLE_MODELS = [
     name: "Qwen 3 32B Instruct",
     provider: "openrouter",
     contextLength: 256000
+  }
+];
+
+// src/core/ai/models/bedrock.ts
+var BEDROCK_MODELS = [
+  {
+    id: "anthropic.claude-3-haiku-20240307-v1:0",
+    name: "Claude 3 Haiku (Bedrock)",
+    provider: "bedrock",
+    contextLength: 200000
   },
   {
-    id: "anthropic.claude-3-5-sonnet-20240620-v1:0",
-    name: "Claude 3.5 Sonnet (Bedrock)",
+    id: "anthropic.claude-3-5-haiku-20241022-v1:0",
+    name: "Claude 3.5 Haiku (Bedrock)",
     provider: "bedrock",
     contextLength: 200000
   },
   {
-    id: "anthropic.claude-3-opus-20240229-v1:0",
-    name: "Claude 3 Opus (Bedrock)",
+    id: "anthropic.claude-3-7-sonnet-20250219-v1:0",
+    name: "Claude 3.7 Sonnet (Bedrock)",
     provider: "bedrock",
     contextLength: 200000
   },
   {
-    id: "anthropic.claude-3-sonnet-20240229-v1:0",
-    name: "Claude 3 Sonnet (Bedrock)",
+    id: "anthropic.claude-haiku-4-5-20251001-v1:0",
+    name: "Claude Haiku 4.5 (Bedrock)",
     provider: "bedrock",
     contextLength: 200000
   },
   {
-    id: "anthropic.claude-3-haiku-20240307-v1:0",
-    name: "Claude 3 Haiku (Bedrock)",
+    id: "anthropic.claude-opus-4-1-20250805-v1:0",
+    name: "Claude Opus 4.1 (Bedrock)",
+    provider: "bedrock",
+    contextLength: 200000
+  },
+  {
+    id: "anthropic.claude-opus-4-5-20251101-v1:0",
+    name: "Claude Opus 4.5 (Bedrock)",
+    provider: "bedrock",
+    contextLength: 200000
+  },
+  {
+    id: "anthropic.claude-opus-4-20250514-v1:0",
+    name: "Claude Opus 4 (Bedrock)",
+    provider: "bedrock",
+    contextLength: 200000
+  },
+  {
+    id: "anthropic.claude-sonnet-4-5-20250929-v1:0",
+    name: "Claude Sonnet 4.5 (Bedrock)",
+    provider: "bedrock",
+    contextLength: 200000
+  },
+  {
+    id: "anthropic.claude-sonnet-4-20250514-v1:0",
+    name: "Claude Sonnet 4 (Bedrock)",
     provider: "bedrock",
     contextLength: 200000
   },
@@ -121329,6 +121319,66 @@ var AVAILABLE_MODELS = [
     contextLength: 128000
   }
 ];
+
+// src/core/ai/models/openai.ts
+var OPENAI_MODELS = [
+  {
+    id: "gpt-4.5-turbo",
+    name: "GPT-4.5 Turbo",
+    provider: "openai",
+    contextLength: 128000
+  },
+  {
+    id: "gpt-4o",
+    name: "GPT-4o",
+    provider: "openai",
+    contextLength: 128000
+  },
+  {
+    id: "gpt-4o-mini",
+    name: "GPT-4o Mini",
+    provider: "openai",
+    contextLength: 128000
+  },
+  {
+    id: "gpt-4-turbo",
+    name: "GPT-4 Turbo",
+    provider: "openai",
+    contextLength: 128000
+  },
+  {
+    id: "gpt-4",
+    name: "GPT-4",
+    provider: "openai",
+    contextLength: 8192
+  },
+  {
+    id: "gpt-3.5-turbo",
+    name: "GPT-3.5 Turbo",
+    provider: "openai",
+    contextLength: 16385
+  },
+  {
+    id: "o1",
+    name: "O1",
+    provider: "openai",
+    contextLength: 200000
+  },
+  {
+    id: "o1-mini",
+    name: "O1 Mini",
+    provider: "openai",
+    contextLength: 128000
+  }
+];
+
+// src/core/ai/models/index.ts
+var AVAILABLE_MODELS = [
+  ...ANTHROPIC_MODELS,
+  ...OPENROUTER_MODELS,
+  ...BEDROCK_MODELS,
+  ...OPENAI_MODELS
+];
 function getModelInfo(model) {
   return AVAILABLE_MODELS.find((m) => m.id === model) ?? {
     id: model,
@@ -121345,7 +121395,7 @@ function getProviderModel(model, authConfig) {
   const openRouterAPIKey = authConfig?.openRouterAPIKey || process.env.OPENROUTER_API_KEY;
   const bedrockAccessKeyId = authConfig?.bedrock?.accessKeyId || process.env.AWS_ACCESS_KEY_ID;
   const bedrockSecretAccessKey = authConfig?.bedrock?.secretAccessKey || process.env.AWS_SECRET_ACCESS_KEY;
-  const bedrockRegion = authConfig?.bedrock?.region || process.env.AWS_REGION || "us-east-1";
+  const bedrockRegion = authConfig?.bedrock?.region || process.env.AWS_REGION;
   const localBaseURL = authConfig?.local?.baseURL || process.env.LOCAL_MODEL_URL || "http://127.0.0.1:1234/v1";
   let providerModel;
   switch (provider) {
@@ -121929,6 +121979,66 @@ import {
 } from "fs";
 import { join } from "path";
 import { homedir } from "os";
+
+// src/core/services/rateLimiter/index.ts
+function sleep(ms) {
+  return new Promise((resolve2) => setTimeout(resolve2, ms));
+}
+
+class RateLimiter {
+  tokens;
+  lastRefillTime;
+  rps;
+  bucketSize;
+  msPerToken;
+  queue;
+  constructor(config2) {
+    this.rps = config2?.requestsPerSecond;
+    this.bucketSize = this.rps ? 1 : 0;
+    this.tokens = this.bucketSize;
+    this.lastRefillTime = performance.now();
+    this.msPerToken = this.rps ? 1000 / this.rps : undefined;
+    this.queue = Promise.resolve();
+  }
+  async acquireSlot() {
+    if (!this.rps || !this.msPerToken)
+      return;
+    const previousPromise = this.queue;
+    let resolveCurrentRequest;
+    this.queue = new Promise((resolve2) => {
+      resolveCurrentRequest = resolve2;
+    });
+    await previousPromise;
+    try {
+      const now2 = performance.now();
+      this.refill(now2);
+      if (this.tokens < 1) {
+        const waitTime = (1 - this.tokens) * this.msPerToken;
+        await sleep(waitTime);
+        const nowAfterSleep = performance.now();
+        this.refill(nowAfterSleep);
+      }
+      this.tokens -= 1;
+    } finally {
+      resolveCurrentRequest();
+    }
+  }
+  refill(now2) {
+    if (this.tokens >= this.bucketSize) {
+      this.lastRefillTime = now2;
+      return;
+    }
+    const elapsed = now2 - this.lastRefillTime;
+    const tokensToAdd = elapsed / this.msPerToken;
+    this.tokens = Math.min(this.bucketSize, this.tokens + tokensToAdd);
+    this.lastRefillTime = now2;
+  }
+  isEnabled() {
+    return this.rps !== undefined;
+  }
+}
+
+// src/core/agent/sessions/index.ts
 var DEFAULT_OFFENSIVE_HEADERS = {
   "User-Agent": "pensar-apex"
 };
@@ -121963,6 +122073,9 @@ function createSession(target, objective, prefix, config2) {
     startTime: new Date().toISOString(),
     config: config2
   };
+  if (config2?.rateLimiter) {
+    session._rateLimiter = new RateLimiter(config2.rateLimiter);
+  }
   const metadataPath = join(rootPath, "session.json");
   writeFileSync(metadataPath, JSON.stringify(session, null, 2));
   const readmePath = join(rootPath, "README.md");
@@ -128691,6 +128804,7 @@ function wrapCommandWithHeaders(command, headers) {
 }
 function createPentestTools(session, model, toolOverride) {
   const offensiveHeaders = getOffensiveHeaders(session);
+  const rateLimiter = session._rateLimiter;
   const executeCommand = tool({
     name: "execute_command",
     description: `Execute a shell command for penetration testing activities.
@@ -128735,6 +128849,9 @@ IMPORTANT: Always analyze results and adjust your approach based on findings.`,
     inputSchema: ExecuteCommandInput,
     execute: async ({ command, timeout = 30000, toolCallDescription }) => {
       try {
+        if (rateLimiter) {
+          await rateLimiter.acquireSlot();
+        }
         if (toolOverride?.execute_command) {
           return toolOverride.execute_command({
             command,
@@ -128791,6 +128908,9 @@ COMMON TESTING PATTERNS:
     inputSchema: HttpRequestInput,
     execute: async ({ url: url2, method, headers, body, followRedirects, timeout, toolCallDescription }) => {
       try {
+        if (rateLimiter) {
+          await rateLimiter.acquireSlot();
+        }
         if (toolOverride?.http_request) {
           return toolOverride.http_request({
             url: url2,
@@ -129028,6 +129148,125 @@ You MUST provide the details final report using create_attack_surface_report too
 
 // src/core/messages/index.ts
 import fs from "fs";
+
+// src/core/messages/types.ts
+var ToolMessageObject = exports_external.object({
+  role: exports_external.literal("tool"),
+  status: exports_external.enum(["pending", "completed"]),
+  toolCallId: exports_external.string(),
+  content: exports_external.string(),
+  args: exports_external.record(exports_external.string(), exports_external.any()),
+  toolName: exports_external.string(),
+  createdAt: exports_external.coerce.date()
+});
+var SystemModelMessageObject = exports_external.object({
+  role: exports_external.literal("system"),
+  content: exports_external.string(),
+  createdAt: exports_external.coerce.date(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var TextPartObject = exports_external.object({
+  type: exports_external.literal("text"),
+  text: exports_external.string(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var FilePartObject = exports_external.object({
+  type: exports_external.literal("file"),
+  data: exports_external.union([
+    exports_external.string(),
+    exports_external.instanceof(Uint8Array),
+    exports_external.instanceof(ArrayBuffer),
+    exports_external.instanceof(Buffer),
+    exports_external.url()
+  ]),
+  filename: exports_external.string().optional(),
+  mediaType: exports_external.string(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var ReasoningPartObject = exports_external.object({
+  type: exports_external.literal("reasoning"),
+  text: exports_external.string(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var ToolCallPartObject = exports_external.object({
+  type: exports_external.literal("tool-call"),
+  toolCallId: exports_external.string(),
+  toolName: exports_external.string(),
+  input: exports_external.unknown(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional(),
+  providerExecuted: exports_external.boolean().optional()
+});
+var ToolResultOutputObject = exports_external.discriminatedUnion("type", [
+  exports_external.object({
+    type: exports_external.literal("text"),
+    value: exports_external.string()
+  }),
+  exports_external.object({
+    type: exports_external.literal("json"),
+    value: exports_external.any()
+  }),
+  exports_external.object({
+    type: exports_external.literal("error-text"),
+    value: exports_external.string()
+  }),
+  exports_external.object({
+    type: exports_external.literal("error-json"),
+    value: exports_external.any()
+  }),
+  exports_external.object({
+    type: exports_external.literal("content"),
+    value: exports_external.array(exports_external.discriminatedUnion("type", [
+      exports_external.object({
+        type: exports_external.literal("text"),
+        text: exports_external.string()
+      }),
+      exports_external.object({
+        type: exports_external.literal("media"),
+        data: exports_external.string(),
+        mediaType: exports_external.string()
+      })
+    ]))
+  })
+]);
+var ToolResultPartObject = exports_external.object({
+  type: exports_external.literal("tool-result"),
+  toolCallId: exports_external.string(),
+  toolName: exports_external.string(),
+  output: ToolResultOutputObject,
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var AssistantModelMessageObject = exports_external.object({
+  role: exports_external.literal("assistant"),
+  content: exports_external.union([
+    exports_external.string(),
+    exports_external.array(exports_external.discriminatedUnion("type", [
+      TextPartObject,
+      FilePartObject,
+      ReasoningPartObject,
+      ToolCallPartObject,
+      ToolResultPartObject
+    ]))
+  ]),
+  createdAt: exports_external.coerce.date(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var UserModelMessageObject = exports_external.object({
+  role: exports_external.literal("user"),
+  content: exports_external.union([
+    exports_external.string(),
+    exports_external.array(exports_external.discriminatedUnion("type", [TextPartObject, FilePartObject]))
+  ]),
+  createdAt: exports_external.coerce.date(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var ModelMessageObject = exports_external.discriminatedUnion("role", [
+  SystemModelMessageObject,
+  UserModelMessageObject,
+  AssistantModelMessageObject,
+  ToolMessageObject
+]);
+
+// src/core/messages/index.ts
 function saveSubagentMessages(orchestratorSession, subagentId, messages) {
   const subagentDir = `${orchestratorSession.rootPath}/subagents/${subagentId}`;
   if (!fs.existsSync(`${orchestratorSession.rootPath}/subagents`)) {