npm - @pensar/apex - Versions diffs - 0.0.28 → 0.0.29 - Mend

@pensar/apex 0.0.28 → 0.0.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/build/pentest.js CHANGED Viewed

@@ -39333,8 +39333,8 @@ function createAnthropic(options = {}) {
 }
 var anthropic = createAnthropic();
-// src/core/ai/models.ts
-var AVAILABLE_MODELS = [
+// src/core/ai/models/anthropic.ts
+var ANTHROPIC_MODELS = [
   {
     id: "claude-haiku-4-5",
     name: "Claude Haiku 4.5",
@@ -39418,55 +39418,11 @@ var AVAILABLE_MODELS = [
     name: "Claude 3 Haiku (2024-03-07)",
     provider: "anthropic",
     contextLength: 200000
-  },
-  {
-    id: "gpt-4.5-turbo",
-    name: "GPT-4.5 Turbo",
-    provider: "openai",
-    contextLength: 128000
-  },
-  {
-    id: "gpt-4o",
-    name: "GPT-4o",
-    provider: "openai",
-    contextLength: 128000
-  },
-  {
-    id: "gpt-4o-mini",
-    name: "GPT-4o Mini",
-    provider: "openai",
-    contextLength: 128000
-  },
-  {
-    id: "gpt-4-turbo",
-    name: "GPT-4 Turbo",
-    provider: "openai",
-    contextLength: 128000
-  },
-  {
-    id: "gpt-4",
-    name: "GPT-4",
-    provider: "openai",
-    contextLength: 8192
-  },
-  {
-    id: "gpt-3.5-turbo",
-    name: "GPT-3.5 Turbo",
-    provider: "openai",
-    contextLength: 16385
-  },
-  {
-    id: "o1",
-    name: "O1",
-    provider: "openai",
-    contextLength: 200000
-  },
-  {
-    id: "o1-mini",
-    name: "O1 Mini",
-    provider: "openai",
-    contextLength: 128000
-  },
+  }
+];
+// src/core/ai/models/openrouter.ts
+var OPENROUTER_MODELS = [
   {
     id: "anthropic/claude-haiku-4.5",
     name: "Claude Haiku 4.5 (OpenRouter)",
@@ -39586,28 +39542,62 @@ var AVAILABLE_MODELS = [
     name: "Qwen 3 32B Instruct",
     provider: "openrouter",
     contextLength: 256000
+  }
+];
+// src/core/ai/models/bedrock.ts
+var BEDROCK_MODELS = [
+  {
+    id: "anthropic.claude-3-haiku-20240307-v1:0",
+    name: "Claude 3 Haiku (Bedrock)",
+    provider: "bedrock",
+    contextLength: 200000
   },
   {
-    id: "anthropic.claude-3-5-sonnet-20240620-v1:0",
-    name: "Claude 3.5 Sonnet (Bedrock)",
+    id: "anthropic.claude-3-5-haiku-20241022-v1:0",
+    name: "Claude 3.5 Haiku (Bedrock)",
     provider: "bedrock",
     contextLength: 200000
   },
   {
-    id: "anthropic.claude-3-opus-20240229-v1:0",
-    name: "Claude 3 Opus (Bedrock)",
+    id: "anthropic.claude-3-7-sonnet-20250219-v1:0",
+    name: "Claude 3.7 Sonnet (Bedrock)",
     provider: "bedrock",
     contextLength: 200000
   },
   {
-    id: "anthropic.claude-3-sonnet-20240229-v1:0",
-    name: "Claude 3 Sonnet (Bedrock)",
+    id: "anthropic.claude-haiku-4-5-20251001-v1:0",
+    name: "Claude Haiku 4.5 (Bedrock)",
     provider: "bedrock",
     contextLength: 200000
   },
   {
-    id: "anthropic.claude-3-haiku-20240307-v1:0",
-    name: "Claude 3 Haiku (Bedrock)",
+    id: "anthropic.claude-opus-4-1-20250805-v1:0",
+    name: "Claude Opus 4.1 (Bedrock)",
+    provider: "bedrock",
+    contextLength: 200000
+  },
+  {
+    id: "anthropic.claude-opus-4-5-20251101-v1:0",
+    name: "Claude Opus 4.5 (Bedrock)",
+    provider: "bedrock",
+    contextLength: 200000
+  },
+  {
+    id: "anthropic.claude-opus-4-20250514-v1:0",
+    name: "Claude Opus 4 (Bedrock)",
+    provider: "bedrock",
+    contextLength: 200000
+  },
+  {
+    id: "anthropic.claude-sonnet-4-5-20250929-v1:0",
+    name: "Claude Sonnet 4.5 (Bedrock)",
+    provider: "bedrock",
+    contextLength: 200000
+  },
+  {
+    id: "anthropic.claude-sonnet-4-20250514-v1:0",
+    name: "Claude Sonnet 4 (Bedrock)",
     provider: "bedrock",
     contextLength: 200000
   },
@@ -39648,6 +39638,66 @@ var AVAILABLE_MODELS = [
     contextLength: 128000
   }
 ];
+// src/core/ai/models/openai.ts
+var OPENAI_MODELS = [
+  {
+    id: "gpt-4.5-turbo",
+    name: "GPT-4.5 Turbo",
+    provider: "openai",
+    contextLength: 128000
+  },
+  {
+    id: "gpt-4o",
+    name: "GPT-4o",
+    provider: "openai",
+    contextLength: 128000
+  },
+  {
+    id: "gpt-4o-mini",
+    name: "GPT-4o Mini",
+    provider: "openai",
+    contextLength: 128000
+  },
+  {
+    id: "gpt-4-turbo",
+    name: "GPT-4 Turbo",
+    provider: "openai",
+    contextLength: 128000
+  },
+  {
+    id: "gpt-4",
+    name: "GPT-4",
+    provider: "openai",
+    contextLength: 8192
+  },
+  {
+    id: "gpt-3.5-turbo",
+    name: "GPT-3.5 Turbo",
+    provider: "openai",
+    contextLength: 16385
+  },
+  {
+    id: "o1",
+    name: "O1",
+    provider: "openai",
+    contextLength: 200000
+  },
+  {
+    id: "o1-mini",
+    name: "O1 Mini",
+    provider: "openai",
+    contextLength: 128000
+  }
+];
+// src/core/ai/models/index.ts
+var AVAILABLE_MODELS = [
+  ...ANTHROPIC_MODELS,
+  ...OPENROUTER_MODELS,
+  ...BEDROCK_MODELS,
+  ...OPENAI_MODELS
+];
 function getModelInfo(model) {
   return AVAILABLE_MODELS.find((m) => m.id === model) ?? {
     id: model,
@@ -39664,7 +39714,7 @@ function getProviderModel(model, authConfig) {
   const openRouterAPIKey = authConfig?.openRouterAPIKey || process.env.OPENROUTER_API_KEY;
   const bedrockAccessKeyId = authConfig?.bedrock?.accessKeyId || process.env.AWS_ACCESS_KEY_ID;
   const bedrockSecretAccessKey = authConfig?.bedrock?.secretAccessKey || process.env.AWS_SECRET_ACCESS_KEY;
-  const bedrockRegion = authConfig?.bedrock?.region || process.env.AWS_REGION || "us-east-1";
+  const bedrockRegion = authConfig?.bedrock?.region || process.env.AWS_REGION;
   const localBaseURL = authConfig?.local?.baseURL || process.env.LOCAL_MODEL_URL || "http://127.0.0.1:1234/v1";
   let providerModel;
   switch (provider) {
@@ -40517,6 +40567,66 @@ import {
 } from "fs";
 import { join } from "path";
 import { homedir } from "os";
+// src/core/services/rateLimiter/index.ts
+function sleep(ms) {
+  return new Promise((resolve2) => setTimeout(resolve2, ms));
+}
+class RateLimiter {
+  tokens;
+  lastRefillTime;
+  rps;
+  bucketSize;
+  msPerToken;
+  queue;
+  constructor(config2) {
+    this.rps = config2?.requestsPerSecond;
+    this.bucketSize = this.rps ? 1 : 0;
+    this.tokens = this.bucketSize;
+    this.lastRefillTime = performance.now();
+    this.msPerToken = this.rps ? 1000 / this.rps : undefined;
+    this.queue = Promise.resolve();
+  }
+  async acquireSlot() {
+    if (!this.rps || !this.msPerToken)
+      return;
+    const previousPromise = this.queue;
+    let resolveCurrentRequest;
+    this.queue = new Promise((resolve2) => {
+      resolveCurrentRequest = resolve2;
+    });
+    await previousPromise;
+    try {
+      const now2 = performance.now();
+      this.refill(now2);
+      if (this.tokens < 1) {
+        const waitTime = (1 - this.tokens) * this.msPerToken;
+        await sleep(waitTime);
+        const nowAfterSleep = performance.now();
+        this.refill(nowAfterSleep);
+      }
+      this.tokens -= 1;
+    } finally {
+      resolveCurrentRequest();
+    }
+  }
+  refill(now2) {
+    if (this.tokens >= this.bucketSize) {
+      this.lastRefillTime = now2;
+      return;
+    }
+    const elapsed = now2 - this.lastRefillTime;
+    const tokensToAdd = elapsed / this.msPerToken;
+    this.tokens = Math.min(this.bucketSize, this.tokens + tokensToAdd);
+    this.lastRefillTime = now2;
+  }
+  isEnabled() {
+    return this.rps !== undefined;
+  }
+}
+// src/core/agent/sessions/index.ts
 var DEFAULT_OFFENSIVE_HEADERS = {
   "User-Agent": "pensar-apex"
 };
@@ -40551,6 +40661,9 @@ function createSession(target, objective, prefix, config2) {
     startTime: new Date().toISOString(),
     config: config2
   };
+  if (config2?.rateLimiter) {
+    session._rateLimiter = new RateLimiter(config2.rateLimiter);
+  }
   const metadataPath = join(rootPath, "session.json");
   writeFileSync(metadataPath, JSON.stringify(session, null, 2));
   const readmePath = join(rootPath, "README.md");
@@ -46747,6 +46860,7 @@ function wrapCommandWithHeaders(command, headers) {
 }
 function createPentestTools(session, model, toolOverride) {
   const offensiveHeaders = getOffensiveHeaders(session);
+  const rateLimiter = session._rateLimiter;
   const executeCommand = tool({
     name: "execute_command",
     description: `Execute a shell command for penetration testing activities.
@@ -46791,6 +46905,9 @@ IMPORTANT: Always analyze results and adjust your approach based on findings.`,
     inputSchema: ExecuteCommandInput,
     execute: async ({ command, timeout = 30000, toolCallDescription }) => {
       try {
+        if (rateLimiter) {
+          await rateLimiter.acquireSlot();
+        }
         if (toolOverride?.execute_command) {
           return toolOverride.execute_command({
             command,
@@ -46847,6 +46964,9 @@ COMMON TESTING PATTERNS:
     inputSchema: HttpRequestInput,
     execute: async ({ url: url2, method, headers, body, followRedirects, timeout, toolCallDescription }) => {
       try {
+        if (rateLimiter) {
+          await rateLimiter.acquireSlot();
+        }
         if (toolOverride?.http_request) {
           return toolOverride.http_request({
             url: url2,
@@ -47084,6 +47204,125 @@ You MUST provide the details final report using create_attack_surface_report too
 // src/core/messages/index.ts
 import fs from "fs";
+// src/core/messages/types.ts
+var ToolMessageObject = exports_external.object({
+  role: exports_external.literal("tool"),
+  status: exports_external.enum(["pending", "completed"]),
+  toolCallId: exports_external.string(),
+  content: exports_external.string(),
+  args: exports_external.record(exports_external.string(), exports_external.any()),
+  toolName: exports_external.string(),
+  createdAt: exports_external.coerce.date()
+});
+var SystemModelMessageObject = exports_external.object({
+  role: exports_external.literal("system"),
+  content: exports_external.string(),
+  createdAt: exports_external.coerce.date(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var TextPartObject = exports_external.object({
+  type: exports_external.literal("text"),
+  text: exports_external.string(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var FilePartObject = exports_external.object({
+  type: exports_external.literal("file"),
+  data: exports_external.union([
+    exports_external.string(),
+    exports_external.instanceof(Uint8Array),
+    exports_external.instanceof(ArrayBuffer),
+    exports_external.instanceof(Buffer),
+    exports_external.url()
+  ]),
+  filename: exports_external.string().optional(),
+  mediaType: exports_external.string(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var ReasoningPartObject = exports_external.object({
+  type: exports_external.literal("reasoning"),
+  text: exports_external.string(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var ToolCallPartObject = exports_external.object({
+  type: exports_external.literal("tool-call"),
+  toolCallId: exports_external.string(),
+  toolName: exports_external.string(),
+  input: exports_external.unknown(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional(),
+  providerExecuted: exports_external.boolean().optional()
+});
+var ToolResultOutputObject = exports_external.discriminatedUnion("type", [
+  exports_external.object({
+    type: exports_external.literal("text"),
+    value: exports_external.string()
+  }),
+  exports_external.object({
+    type: exports_external.literal("json"),
+    value: exports_external.any()
+  }),
+  exports_external.object({
+    type: exports_external.literal("error-text"),
+    value: exports_external.string()
+  }),
+  exports_external.object({
+    type: exports_external.literal("error-json"),
+    value: exports_external.any()
+  }),
+  exports_external.object({
+    type: exports_external.literal("content"),
+    value: exports_external.array(exports_external.discriminatedUnion("type", [
+      exports_external.object({
+        type: exports_external.literal("text"),
+        text: exports_external.string()
+      }),
+      exports_external.object({
+        type: exports_external.literal("media"),
+        data: exports_external.string(),
+        mediaType: exports_external.string()
+      })
+    ]))
+  })
+]);
+var ToolResultPartObject = exports_external.object({
+  type: exports_external.literal("tool-result"),
+  toolCallId: exports_external.string(),
+  toolName: exports_external.string(),
+  output: ToolResultOutputObject,
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var AssistantModelMessageObject = exports_external.object({
+  role: exports_external.literal("assistant"),
+  content: exports_external.union([
+    exports_external.string(),
+    exports_external.array(exports_external.discriminatedUnion("type", [
+      TextPartObject,
+      FilePartObject,
+      ReasoningPartObject,
+      ToolCallPartObject,
+      ToolResultPartObject
+    ]))
+  ]),
+  createdAt: exports_external.coerce.date(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var UserModelMessageObject = exports_external.object({
+  role: exports_external.literal("user"),
+  content: exports_external.union([
+    exports_external.string(),
+    exports_external.array(exports_external.discriminatedUnion("type", [TextPartObject, FilePartObject]))
+  ]),
+  createdAt: exports_external.coerce.date(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var ModelMessageObject = exports_external.discriminatedUnion("role", [
+  SystemModelMessageObject,
+  UserModelMessageObject,
+  AssistantModelMessageObject,
+  ToolMessageObject
+]);
+// src/core/messages/index.ts
 function saveSubagentMessages(orchestratorSession, subagentId, messages) {
   const subagentDir = `${orchestratorSession.rootPath}/subagents/${subagentId}`;
   if (!fs.existsSync(`${orchestratorSession.rootPath}/subagents`)) {
@@ -47805,13 +48044,15 @@ async function runPentest(options) {
     target,
     model = "claude-sonnet-4-5",
     headerMode = "default",
-    customHeaders
+    customHeaders,
+    rps
   } = options;
   console.log("=".repeat(80));
   console.log("PENSAR COMPREHENSIVE PENTEST");
   console.log("=".repeat(80));
   console.log(`Target: ${target}`);
   console.log(`Model: ${model}`);
+  console.log(`Rate Limit: ${rps ? `${rps} req/s` : "Unlimited"}`);
   console.log(`Headers: ${headerMode === "none" ? "None" : headerMode === "default" ? "Default (pensar-apex)" : "Custom"}`);
   if (headerMode === "custom" && customHeaders) {
     for (const [key, value] of Object.entries(customHeaders)) {
@@ -47829,6 +48070,11 @@ async function runPentest(options) {
       offensiveHeaders: {
         mode: headerMode,
         headers: headerMode === "custom" ? customHeaders : undefined
+      },
+      ...rps && {
+        rateLimiter: {
+          requestsPerSecond: rps
+        }
       }
     };
     const { streamResult, session } = runAgent3({
@@ -47882,6 +48128,7 @@ async function main() {
     console.error();
     console.error("Options:");
     console.error("  --model <model>          AI model to use (default: claude-sonnet-4-5)");
+    console.error("  --rps <number>           Rate limit: requests per second (default: unlimited)");
     console.error("  --headers <mode>         Header mode: none, default, or custom (default: default)");
     console.error("  --header <name:value>    Add custom header (requires --headers custom, can be repeated)");
     console.error();
@@ -47899,7 +48146,7 @@ async function main() {
     console.error("Examples:");
     console.error("  pensar pentest --target example.com");
     console.error("  pensar pentest --target api.example.com --headers none");
-    console.error("  pensar pentest --target example.com --headers custom \\");
+    console.error("  pensar pentest --target example.com --rps 5 --headers custom \\");
     console.error("    --header 'User-Agent: pensar_client123' --header 'X-Bug-Bounty: researcher'");
     console.error();
     process.exit(1);
@@ -47924,6 +48171,21 @@ async function main() {
     }
     model = modelArg;
   }
+  const rpsIndex = args.indexOf("--rps");
+  let rps;
+  if (rpsIndex !== -1) {
+    const rpsArg = args[rpsIndex + 1];
+    if (!rpsArg) {
+      console.error("Error: --rps must be followed by a number");
+      process.exit(1);
+    }
+    const parsedRps = parseInt(rpsArg, 10);
+    if (isNaN(parsedRps) || parsedRps <= 0) {
+      console.error("Error: --rps must be a positive number");
+      process.exit(1);
+    }
+    rps = parsedRps;
+  }
   const headersIndex = args.indexOf("--headers");
   let headerMode = "default";
   if (headersIndex !== -1) {
@@ -47969,7 +48231,8 @@ async function main() {
       target,
       ...model && { model },
       headerMode,
-      ...headerMode === "custom" && { customHeaders }
+      ...headerMode === "custom" && { customHeaders },
+      ...rps && { rps }
     });
   } catch (error46) {
     console.error("Fatal error:", error46.message);