@pensar/apex 0.0.28 → 0.0.29

package/build/quicktest.js

@@ -39333,8 +39333,8 @@ function createAnthropic(options = {}) {
 }
 var anthropic = createAnthropic();
 
-// src/core/ai/models.ts
-var AVAILABLE_MODELS = [
+// src/core/ai/models/anthropic.ts
+var ANTHROPIC_MODELS = [
   {
     id: "claude-haiku-4-5",
     name: "Claude Haiku 4.5",
@@ -39418,55 +39418,11 @@ var AVAILABLE_MODELS = [
     name: "Claude 3 Haiku (2024-03-07)",
     provider: "anthropic",
     contextLength: 200000
-  },
-  {
-    id: "gpt-4.5-turbo",
-    name: "GPT-4.5 Turbo",
-    provider: "openai",
-    contextLength: 128000
-  },
-  {
-    id: "gpt-4o",
-    name: "GPT-4o",
-    provider: "openai",
-    contextLength: 128000
-  },
-  {
-    id: "gpt-4o-mini",
-    name: "GPT-4o Mini",
-    provider: "openai",
-    contextLength: 128000
-  },
-  {
-    id: "gpt-4-turbo",
-    name: "GPT-4 Turbo",
-    provider: "openai",
-    contextLength: 128000
-  },
-  {
-    id: "gpt-4",
-    name: "GPT-4",
-    provider: "openai",
-    contextLength: 8192
-  },
-  {
-    id: "gpt-3.5-turbo",
-    name: "GPT-3.5 Turbo",
-    provider: "openai",
-    contextLength: 16385
-  },
-  {
-    id: "o1",
-    name: "O1",
-    provider: "openai",
-    contextLength: 200000
-  },
-  {
-    id: "o1-mini",
-    name: "O1 Mini",
-    provider: "openai",
-    contextLength: 128000
-  },
+  }
+];
+
+// src/core/ai/models/openrouter.ts
+var OPENROUTER_MODELS = [
   {
     id: "anthropic/claude-haiku-4.5",
     name: "Claude Haiku 4.5 (OpenRouter)",
@@ -39586,28 +39542,62 @@ var AVAILABLE_MODELS = [
     name: "Qwen 3 32B Instruct",
     provider: "openrouter",
     contextLength: 256000
+  }
+];
+
+// src/core/ai/models/bedrock.ts
+var BEDROCK_MODELS = [
+  {
+    id: "anthropic.claude-3-haiku-20240307-v1:0",
+    name: "Claude 3 Haiku (Bedrock)",
+    provider: "bedrock",
+    contextLength: 200000
   },
   {
-    id: "anthropic.claude-3-5-sonnet-20240620-v1:0",
-    name: "Claude 3.5 Sonnet (Bedrock)",
+    id: "anthropic.claude-3-5-haiku-20241022-v1:0",
+    name: "Claude 3.5 Haiku (Bedrock)",
     provider: "bedrock",
     contextLength: 200000
   },
   {
-    id: "anthropic.claude-3-opus-20240229-v1:0",
-    name: "Claude 3 Opus (Bedrock)",
+    id: "anthropic.claude-3-7-sonnet-20250219-v1:0",
+    name: "Claude 3.7 Sonnet (Bedrock)",
     provider: "bedrock",
     contextLength: 200000
   },
   {
-    id: "anthropic.claude-3-sonnet-20240229-v1:0",
-    name: "Claude 3 Sonnet (Bedrock)",
+    id: "anthropic.claude-haiku-4-5-20251001-v1:0",
+    name: "Claude Haiku 4.5 (Bedrock)",
     provider: "bedrock",
     contextLength: 200000
   },
   {
-    id: "anthropic.claude-3-haiku-20240307-v1:0",
-    name: "Claude 3 Haiku (Bedrock)",
+    id: "anthropic.claude-opus-4-1-20250805-v1:0",
+    name: "Claude Opus 4.1 (Bedrock)",
+    provider: "bedrock",
+    contextLength: 200000
+  },
+  {
+    id: "anthropic.claude-opus-4-5-20251101-v1:0",
+    name: "Claude Opus 4.5 (Bedrock)",
+    provider: "bedrock",
+    contextLength: 200000
+  },
+  {
+    id: "anthropic.claude-opus-4-20250514-v1:0",
+    name: "Claude Opus 4 (Bedrock)",
+    provider: "bedrock",
+    contextLength: 200000
+  },
+  {
+    id: "anthropic.claude-sonnet-4-5-20250929-v1:0",
+    name: "Claude Sonnet 4.5 (Bedrock)",
+    provider: "bedrock",
+    contextLength: 200000
+  },
+  {
+    id: "anthropic.claude-sonnet-4-20250514-v1:0",
+    name: "Claude Sonnet 4 (Bedrock)",
     provider: "bedrock",
     contextLength: 200000
   },
@@ -39648,6 +39638,66 @@ var AVAILABLE_MODELS = [
     contextLength: 128000
   }
 ];
+
+// src/core/ai/models/openai.ts
+var OPENAI_MODELS = [
+  {
+    id: "gpt-4.5-turbo",
+    name: "GPT-4.5 Turbo",
+    provider: "openai",
+    contextLength: 128000
+  },
+  {
+    id: "gpt-4o",
+    name: "GPT-4o",
+    provider: "openai",
+    contextLength: 128000
+  },
+  {
+    id: "gpt-4o-mini",
+    name: "GPT-4o Mini",
+    provider: "openai",
+    contextLength: 128000
+  },
+  {
+    id: "gpt-4-turbo",
+    name: "GPT-4 Turbo",
+    provider: "openai",
+    contextLength: 128000
+  },
+  {
+    id: "gpt-4",
+    name: "GPT-4",
+    provider: "openai",
+    contextLength: 8192
+  },
+  {
+    id: "gpt-3.5-turbo",
+    name: "GPT-3.5 Turbo",
+    provider: "openai",
+    contextLength: 16385
+  },
+  {
+    id: "o1",
+    name: "O1",
+    provider: "openai",
+    contextLength: 200000
+  },
+  {
+    id: "o1-mini",
+    name: "O1 Mini",
+    provider: "openai",
+    contextLength: 128000
+  }
+];
+
+// src/core/ai/models/index.ts
+var AVAILABLE_MODELS = [
+  ...ANTHROPIC_MODELS,
+  ...OPENROUTER_MODELS,
+  ...BEDROCK_MODELS,
+  ...OPENAI_MODELS
+];
 function getModelInfo(model) {
   return AVAILABLE_MODELS.find((m) => m.id === model) ?? {
     id: model,
@@ -39664,7 +39714,7 @@ function getProviderModel(model, authConfig) {
   const openRouterAPIKey = authConfig?.openRouterAPIKey || process.env.OPENROUTER_API_KEY;
   const bedrockAccessKeyId = authConfig?.bedrock?.accessKeyId || process.env.AWS_ACCESS_KEY_ID;
   const bedrockSecretAccessKey = authConfig?.bedrock?.secretAccessKey || process.env.AWS_SECRET_ACCESS_KEY;
-  const bedrockRegion = authConfig?.bedrock?.region || process.env.AWS_REGION || "us-east-1";
+  const bedrockRegion = authConfig?.bedrock?.region || process.env.AWS_REGION;
   const localBaseURL = authConfig?.local?.baseURL || process.env.LOCAL_MODEL_URL || "http://127.0.0.1:1234/v1";
   let providerModel;
   switch (provider) {
@@ -41505,6 +41555,66 @@ import {
 } from "fs";
 import { join } from "path";
 import { homedir } from "os";
+
+// src/core/services/rateLimiter/index.ts
+function sleep(ms) {
+  return new Promise((resolve2) => setTimeout(resolve2, ms));
+}
+
+class RateLimiter {
+  tokens;
+  lastRefillTime;
+  rps;
+  bucketSize;
+  msPerToken;
+  queue;
+  constructor(config2) {
+    this.rps = config2?.requestsPerSecond;
+    this.bucketSize = this.rps ? 1 : 0;
+    this.tokens = this.bucketSize;
+    this.lastRefillTime = performance.now();
+    this.msPerToken = this.rps ? 1000 / this.rps : undefined;
+    this.queue = Promise.resolve();
+  }
+  async acquireSlot() {
+    if (!this.rps || !this.msPerToken)
+      return;
+    const previousPromise = this.queue;
+    let resolveCurrentRequest;
+    this.queue = new Promise((resolve2) => {
+      resolveCurrentRequest = resolve2;
+    });
+    await previousPromise;
+    try {
+      const now2 = performance.now();
+      this.refill(now2);
+      if (this.tokens < 1) {
+        const waitTime = (1 - this.tokens) * this.msPerToken;
+        await sleep(waitTime);
+        const nowAfterSleep = performance.now();
+        this.refill(nowAfterSleep);
+      }
+      this.tokens -= 1;
+    } finally {
+      resolveCurrentRequest();
+    }
+  }
+  refill(now2) {
+    if (this.tokens >= this.bucketSize) {
+      this.lastRefillTime = now2;
+      return;
+    }
+    const elapsed = now2 - this.lastRefillTime;
+    const tokensToAdd = elapsed / this.msPerToken;
+    this.tokens = Math.min(this.bucketSize, this.tokens + tokensToAdd);
+    this.lastRefillTime = now2;
+  }
+  isEnabled() {
+    return this.rps !== undefined;
+  }
+}
+
+// src/core/agent/sessions/index.ts
 var DEFAULT_OFFENSIVE_HEADERS = {
   "User-Agent": "pensar-apex"
 };
@@ -41539,6 +41649,9 @@ function createSession(target, objective, prefix, config2) {
     startTime: new Date().toISOString(),
     config: config2
   };
+  if (config2?.rateLimiter) {
+    session._rateLimiter = new RateLimiter(config2.rateLimiter);
+  }
   const metadataPath = join(rootPath, "session.json");
   writeFileSync(metadataPath, JSON.stringify(session, null, 2));
   const readmePath = join(rootPath, "README.md");
@@ -43942,6 +44055,7 @@ function wrapCommandWithHeaders(command, headers) {
 }
 function createPentestTools(session, model, toolOverride) {
   const offensiveHeaders = getOffensiveHeaders(session);
+  const rateLimiter = session._rateLimiter;
   const executeCommand = tool({
     name: "execute_command",
     description: `Execute a shell command for penetration testing activities.
@@ -43986,6 +44100,9 @@ IMPORTANT: Always analyze results and adjust your approach based on findings.`,
     inputSchema: ExecuteCommandInput,
     execute: async ({ command, timeout = 30000, toolCallDescription }) => {
       try {
+        if (rateLimiter) {
+          await rateLimiter.acquireSlot();
+        }
         if (toolOverride?.execute_command) {
           return toolOverride.execute_command({
             command,
@@ -44042,6 +44159,9 @@ COMMON TESTING PATTERNS:
     inputSchema: HttpRequestInput,
     execute: async ({ url: url2, method, headers, body, followRedirects, timeout, toolCallDescription }) => {
       try {
+        if (rateLimiter) {
+          await rateLimiter.acquireSlot();
+        }
         if (toolOverride?.http_request) {
           return toolOverride.http_request({
             url: url2,
@@ -45105,7 +45225,8 @@ async function runQuicktest(options) {
     objective,
     model = "claude-sonnet-4-5",
     headerMode = "default",
-    customHeaders
+    customHeaders,
+    rps
   } = options;
   console.log("=".repeat(80));
   console.log("PENSAR QUICK PENTEST");
@@ -45113,6 +45234,7 @@ async function runQuicktest(options) {
   console.log(`Target: ${target}`);
   console.log(`Objective: ${objective}`);
   console.log(`Model: ${model}`);
+  console.log(`Rate Limit: ${rps ? `${rps} req/s` : "Unlimited"}`);
   console.log(`Headers: ${headerMode === "none" ? "None" : headerMode === "default" ? "Default (pensar-apex)" : "Custom"}`);
   if (headerMode === "custom" && customHeaders) {
     for (const [key, value] of Object.entries(customHeaders)) {
@@ -45125,6 +45247,11 @@ async function runQuicktest(options) {
       offensiveHeaders: {
         mode: headerMode,
         headers: headerMode === "custom" ? customHeaders : undefined
+      },
+      ...rps && {
+        rateLimiter: {
+          requestsPerSecond: rps
+        }
       }
     };
     const { streamResult, session } = runAgent({
@@ -45180,6 +45307,7 @@ async function main() {
     console.error();
     console.error("Options:");
     console.error("  --model <model>          AI model to use (default: claude-sonnet-4-5)");
+    console.error("  --rps <number>           Rate limit: requests per second (default: unlimited)");
     console.error("  --headers <mode>         Header mode: none, default, or custom (default: default)");
     console.error("  --header <name:value>    Add custom header (requires --headers custom, can be repeated)");
     console.error();
@@ -45191,7 +45319,7 @@ async function main() {
     console.error("Examples:");
     console.error("  pensar quicktest --target http://localhost:3000 --objective 'Find SQL injection'");
     console.error("  pensar quicktest --target 192.168.1.100 --objective 'Test auth bypass' --headers none");
-    console.error("  pensar quicktest --target api.example.com --objective 'API testing' \\");
+    console.error("  pensar quicktest --target api.example.com --objective 'API testing' --rps 5 \\");
     console.error("    --headers custom --header 'User-Agent: pensar_client123' --header 'X-Bug-Bounty: researcher'");
     console.error();
     process.exit(1);
@@ -45226,6 +45354,21 @@ async function main() {
     }
     model = modelArg;
   }
+  const rpsIndex = args.indexOf("--rps");
+  let rps;
+  if (rpsIndex !== -1) {
+    const rpsArg = args[rpsIndex + 1];
+    if (!rpsArg) {
+      console.error("Error: --rps must be followed by a number");
+      process.exit(1);
+    }
+    const parsedRps = parseInt(rpsArg, 10);
+    if (isNaN(parsedRps) || parsedRps <= 0) {
+      console.error("Error: --rps must be a positive number");
+      process.exit(1);
+    }
+    rps = parsedRps;
+  }
   const headersIndex = args.indexOf("--headers");
   let headerMode = "default";
   if (headersIndex !== -1) {
@@ -45272,7 +45415,8 @@ async function main() {
       objective,
       ...model && { model },
       headerMode,
-      ...headerMode === "custom" && { customHeaders }
+      ...headerMode === "custom" && { customHeaders },
+      ...rps && { rps }
     });
   } catch (error46) {
     console.error("Fatal error:", error46.message);