@pensar/apex 0.0.29-canary.0 → 0.0.30-canary.0

package/build/benchmark.js

@@ -121560,6 +121560,21 @@ function createSummarizationStream(messages, opts, model) {
     }
   };
 }
+async function consumeStream2(stream, {
+  onTextDelta,
+  onToolCall,
+  onToolResult
+}) {
+  for await (const delta of stream.fullStream) {
+    if (delta.type === "text-delta") {
+      onTextDelta?.(delta);
+    } else if (delta.type === "tool-call") {
+      onToolCall?.(delta);
+    } else if (delta.type === "tool-result") {
+      onToolResult?.(delta);
+    }
+  }
+}
 
 // src/core/ai/ai.ts
 function wrapStreamWithErrorHandler(originalStream, messagesContainer, opts, model, silent) {
@@ -121623,7 +121638,8 @@ function streamResponse(opts) {
     abortSignal,
     activeTools,
     silent,
-    authConfig
+    authConfig,
+    onFinish
   } = opts;
   const messagesContainer = { current: messages || [] };
   const providerModel = getProviderModel(model, authConfig);
@@ -121678,7 +121694,8 @@ function streamResponse(opts) {
           }
           throw repairError;
         }
-      }
+      },
+      onFinish
     });
     return wrapStreamWithErrorHandler(response, messagesContainer, opts, providerModel, silent);
   } catch (error46) {
@@ -122657,7 +122674,14 @@ Remember: You are the orchestrator, not a testing agent. Your value is in strate
 
 // src/core/agent/thoroughPentestAgent/agent.ts
 import { join as join6 } from "path";
-import { readFileSync as readFileSync5, existsSync as existsSync8, writeFileSync as writeFileSync6, copyFileSync, readdirSync as readdirSync4, mkdirSync as mkdirSync6 } from "fs";
+import {
+  readFileSync as readFileSync5,
+  existsSync as existsSync8,
+  writeFileSync as writeFileSync6,
+  copyFileSync,
+  readdirSync as readdirSync4,
+  mkdirSync as mkdirSync6
+} from "fs";
 
 // src/core/agent/attackSurfaceAgent/prompts.ts
 var SYSTEM3 = `You are an expert attack surface analysis agent specializing in comprehensive reconnaissance and asset discovery. Your role is to AUTONOMOUSLY map the entire attack surface of a target and identify specific targets for deeper penetration testing.
@@ -126271,6 +126295,239 @@ Begin your analysis now.
   };
 }
 
+// src/core/messages/index.ts
+import fs from "fs";
+
+// src/core/messages/types.ts
+var ToolMessageObject = exports_external.object({
+  role: exports_external.literal("tool"),
+  status: exports_external.enum(["pending", "completed"]),
+  toolCallId: exports_external.string(),
+  content: exports_external.string(),
+  args: exports_external.record(exports_external.string(), exports_external.any()),
+  toolName: exports_external.string(),
+  createdAt: exports_external.coerce.date()
+});
+var SystemModelMessageObject = exports_external.object({
+  role: exports_external.literal("system"),
+  content: exports_external.string(),
+  createdAt: exports_external.coerce.date(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var TextPartObject = exports_external.object({
+  type: exports_external.literal("text"),
+  text: exports_external.string(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var FilePartObject = exports_external.object({
+  type: exports_external.literal("file"),
+  data: exports_external.union([
+    exports_external.string(),
+    exports_external.instanceof(Uint8Array),
+    exports_external.instanceof(ArrayBuffer),
+    exports_external.instanceof(Buffer),
+    exports_external.url()
+  ]),
+  filename: exports_external.string().optional(),
+  mediaType: exports_external.string(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var ReasoningPartObject = exports_external.object({
+  type: exports_external.literal("reasoning"),
+  text: exports_external.string(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var ToolCallPartObject = exports_external.object({
+  type: exports_external.literal("tool-call"),
+  toolCallId: exports_external.string(),
+  toolName: exports_external.string(),
+  input: exports_external.unknown(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional(),
+  providerExecuted: exports_external.boolean().optional()
+});
+var ToolResultOutputObject = exports_external.discriminatedUnion("type", [
+  exports_external.object({
+    type: exports_external.literal("text"),
+    value: exports_external.string()
+  }),
+  exports_external.object({
+    type: exports_external.literal("json"),
+    value: exports_external.any()
+  }),
+  exports_external.object({
+    type: exports_external.literal("error-text"),
+    value: exports_external.string()
+  }),
+  exports_external.object({
+    type: exports_external.literal("error-json"),
+    value: exports_external.any()
+  }),
+  exports_external.object({
+    type: exports_external.literal("content"),
+    value: exports_external.array(exports_external.discriminatedUnion("type", [
+      exports_external.object({
+        type: exports_external.literal("text"),
+        text: exports_external.string()
+      }),
+      exports_external.object({
+        type: exports_external.literal("media"),
+        data: exports_external.string(),
+        mediaType: exports_external.string()
+      })
+    ]))
+  })
+]);
+var ToolResultPartObject = exports_external.object({
+  type: exports_external.literal("tool-result"),
+  toolCallId: exports_external.string(),
+  toolName: exports_external.string(),
+  output: ToolResultOutputObject,
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var AssistantModelMessageObject = exports_external.object({
+  role: exports_external.literal("assistant"),
+  content: exports_external.union([
+    exports_external.string(),
+    exports_external.array(exports_external.discriminatedUnion("type", [
+      TextPartObject,
+      FilePartObject,
+      ReasoningPartObject,
+      ToolCallPartObject,
+      ToolResultPartObject
+    ]))
+  ]),
+  createdAt: exports_external.coerce.date(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var UserModelMessageObject = exports_external.object({
+  role: exports_external.literal("user"),
+  content: exports_external.union([
+    exports_external.string(),
+    exports_external.array(exports_external.discriminatedUnion("type", [TextPartObject, FilePartObject]))
+  ]),
+  createdAt: exports_external.coerce.date(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var ModelMessageObject = exports_external.discriminatedUnion("role", [
+  SystemModelMessageObject,
+  UserModelMessageObject,
+  AssistantModelMessageObject,
+  ToolMessageObject
+]);
+
+// src/core/messages/index.ts
+function saveMessages(session, messages) {
+  fs.writeFileSync(session.rootPath + "/messages.json", JSON.stringify(messages, null, 2));
+}
+function saveSubagentMessages(orchestratorSession, subagentId, messages) {
+  const subagentDir = `${orchestratorSession.rootPath}/subagents/${subagentId}`;
+  if (!fs.existsSync(`${orchestratorSession.rootPath}/subagents`)) {
+    fs.mkdirSync(`${orchestratorSession.rootPath}/subagents`, {
+      recursive: true
+    });
+  }
+  if (!fs.existsSync(subagentDir)) {
+    fs.mkdirSync(subagentDir, { recursive: true });
+  }
+  fs.writeFileSync(`${subagentDir}/messages.json`, JSON.stringify(messages, null, 2));
+}
+function mapMessages(messages) {
+  const result = [];
+  const toolResults = new Map;
+  for (const message of messages) {
+    if (message.role === "tool") {
+      const content = message.content;
+      if (Array.isArray(content)) {
+        for (const part of content) {
+          if (part.type === "tool-result") {
+            toolResults.set(part.toolCallId, part.output);
+          }
+        }
+      }
+    }
+  }
+  for (const message of messages) {
+    if (message.role === "system") {
+      result.push({
+        role: "system",
+        content: message.content,
+        createdAt: new Date,
+        ...message.providerOptions && {
+          providerOptions: message.providerOptions
+        }
+      });
+      continue;
+    }
+    if (message.role === "user") {
+      const content = typeof message.content === "string" ? message.content : message.content.map((part) => part.type === "text" ? part.text : "").join("");
+      result.push({
+        role: "user",
+        content,
+        createdAt: new Date,
+        ...message.providerOptions && {
+          providerOptions: message.providerOptions
+        }
+      });
+      continue;
+    }
+    if (message.role === "tool") {
+      continue;
+    }
+    if (message.role === "assistant") {
+      const content = message.content;
+      if (typeof content === "string") {
+        result.push({
+          role: "assistant",
+          content,
+          createdAt: new Date,
+          ...message.providerOptions && {
+            providerOptions: message.providerOptions
+          }
+        });
+        continue;
+      }
+      const textParts = [];
+      const toolCalls = [];
+      for (const part of content) {
+        if (part.type === "text") {
+          textParts.push(part.text);
+        } else if (part.type === "tool-call") {
+          toolCalls.push({
+            toolCallId: part.toolCallId,
+            toolName: part.toolName,
+            input: part.input
+          });
+        }
+      }
+      if (textParts.length > 0) {
+        result.push({
+          role: "assistant",
+          content: textParts.join(""),
+          createdAt: new Date,
+          ...message.providerOptions && {
+            providerOptions: message.providerOptions
+          }
+        });
+      }
+      for (const toolCall of toolCalls) {
+        const input = toolCall.input;
+        const toolCallDescription = input?.toolCallDescription || `Executing ${toolCall.toolName}`;
+        const hasResult = toolResults.has(toolCall.toolCallId);
+        result.push({
+          role: "tool",
+          status: hasResult ? "completed" : "pending",
+          toolCallId: toolCall.toolCallId,
+          content: hasResult ? `✓ ${toolCallDescription}` : toolCallDescription,
+          args: input || {},
+          toolName: toolCall.toolName,
+          createdAt: new Date
+        });
+      }
+    }
+  }
+  return result;
+}
+
 // src/core/agent/pentestAgent/agent.ts
 var execAsync2 = promisify2(exec2);
 function runAgent(opts) {
@@ -126287,6 +126544,7 @@ function runAgent(opts) {
     sessionConfig
   } = opts;
   const session = opts.session || createSession(target, objective, undefined, sessionConfig);
+  const subagentId = `pentest-${nanoid3(6)}`;
   const pocsPath = join3(session.rootPath, "pocs");
   if (!existsSync5(pocsPath)) {
     mkdirSync4(pocsPath, { recursive: true });
@@ -126442,10 +126700,13 @@ You are only authorized to perform testing against the specific target endpoint
     onStepFinish,
     abortSignal,
     silent,
-    authConfig
+    authConfig,
+    onFinish: ({ response }) => {
+      saveSubagentMessages(session, subagentId, mapMessages(response.messages));
+    }
   });
   streamResult.session = session;
-  return { streamResult, session };
+  return { streamResult, session, subagentId };
 }
 // src/core/agent/tools.ts
 var execAsync3 = promisify3(exec3);
@@ -128994,6 +129255,7 @@ import { writeFileSync as writeFileSync5, mkdirSync as mkdirSync5, existsSync as
 function runAgent2(opts) {
   const { target, model, onStepFinish, abortSignal } = opts;
   const session = opts.session || createSession(target);
+  const subagentId = `attack-surface-${nanoid3(6)}`;
   console.log(`Created attack surface session: ${session.id}`);
   console.log(`Session path: ${session.rootPath}`);
   const assetsPath = join5(session.rootPath, "assets");
@@ -129140,144 +129402,13 @@ You MUST provide the details final report using create_attack_surface_report too
     stopWhen: stepCountIs(1e4),
     toolChoice: "auto",
     onStepFinish,
-    abortSignal
+    abortSignal,
+    onFinish: ({ response }) => {
+      saveSubagentMessages(session, subagentId, mapMessages(response.messages));
+    }
   });
   streamResult.session = session;
-  return { streamResult, session };
-}
-
-// src/core/messages/index.ts
-import fs from "fs";
-
-// src/core/messages/types.ts
-var ToolMessageObject = exports_external.object({
-  role: exports_external.literal("tool"),
-  status: exports_external.enum(["pending", "completed"]),
-  toolCallId: exports_external.string(),
-  content: exports_external.string(),
-  args: exports_external.record(exports_external.string(), exports_external.any()),
-  toolName: exports_external.string(),
-  createdAt: exports_external.coerce.date()
-});
-var SystemModelMessageObject = exports_external.object({
-  role: exports_external.literal("system"),
-  content: exports_external.string(),
-  createdAt: exports_external.coerce.date(),
-  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
-});
-var TextPartObject = exports_external.object({
-  type: exports_external.literal("text"),
-  text: exports_external.string(),
-  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
-});
-var FilePartObject = exports_external.object({
-  type: exports_external.literal("file"),
-  data: exports_external.union([
-    exports_external.string(),
-    exports_external.instanceof(Uint8Array),
-    exports_external.instanceof(ArrayBuffer),
-    exports_external.instanceof(Buffer),
-    exports_external.url()
-  ]),
-  filename: exports_external.string().optional(),
-  mediaType: exports_external.string(),
-  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
-});
-var ReasoningPartObject = exports_external.object({
-  type: exports_external.literal("reasoning"),
-  text: exports_external.string(),
-  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
-});
-var ToolCallPartObject = exports_external.object({
-  type: exports_external.literal("tool-call"),
-  toolCallId: exports_external.string(),
-  toolName: exports_external.string(),
-  input: exports_external.unknown(),
-  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional(),
-  providerExecuted: exports_external.boolean().optional()
-});
-var ToolResultOutputObject = exports_external.discriminatedUnion("type", [
-  exports_external.object({
-    type: exports_external.literal("text"),
-    value: exports_external.string()
-  }),
-  exports_external.object({
-    type: exports_external.literal("json"),
-    value: exports_external.any()
-  }),
-  exports_external.object({
-    type: exports_external.literal("error-text"),
-    value: exports_external.string()
-  }),
-  exports_external.object({
-    type: exports_external.literal("error-json"),
-    value: exports_external.any()
-  }),
-  exports_external.object({
-    type: exports_external.literal("content"),
-    value: exports_external.array(exports_external.discriminatedUnion("type", [
-      exports_external.object({
-        type: exports_external.literal("text"),
-        text: exports_external.string()
-      }),
-      exports_external.object({
-        type: exports_external.literal("media"),
-        data: exports_external.string(),
-        mediaType: exports_external.string()
-      })
-    ]))
-  })
-]);
-var ToolResultPartObject = exports_external.object({
-  type: exports_external.literal("tool-result"),
-  toolCallId: exports_external.string(),
-  toolName: exports_external.string(),
-  output: ToolResultOutputObject,
-  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
-});
-var AssistantModelMessageObject = exports_external.object({
-  role: exports_external.literal("assistant"),
-  content: exports_external.union([
-    exports_external.string(),
-    exports_external.array(exports_external.discriminatedUnion("type", [
-      TextPartObject,
-      FilePartObject,
-      ReasoningPartObject,
-      ToolCallPartObject,
-      ToolResultPartObject
-    ]))
-  ]),
-  createdAt: exports_external.coerce.date(),
-  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
-});
-var UserModelMessageObject = exports_external.object({
-  role: exports_external.literal("user"),
-  content: exports_external.union([
-    exports_external.string(),
-    exports_external.array(exports_external.discriminatedUnion("type", [TextPartObject, FilePartObject]))
-  ]),
-  createdAt: exports_external.coerce.date(),
-  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
-});
-var ModelMessageObject = exports_external.discriminatedUnion("role", [
-  SystemModelMessageObject,
-  UserModelMessageObject,
-  AssistantModelMessageObject,
-  ToolMessageObject
-]);
-
-// src/core/messages/index.ts
-function saveSubagentMessages(orchestratorSession, subagentId, messages) {
-  const subagentDir = `${orchestratorSession.rootPath}/subagents/${subagentId}`;
-  if (!fs.existsSync(`${orchestratorSession.rootPath}/subagents`)) {
-    fs.mkdirSync(`${orchestratorSession.rootPath}/subagents`, {
-      recursive: true
-    });
-  }
-  if (!fs.existsSync(subagentDir)) {
-    fs.mkdirSync(subagentDir, { recursive: true });
-  }
-  fs.writeFileSync(`${subagentDir}/messages.json`, JSON.stringify(messages, null, 2));
+  return { streamResult, session, subagentId };
 }
 
 // src/core/agent/thoroughPentestAgent/agent.ts
@@ -129326,7 +129457,10 @@ Begin by using the get_attack_surface tool to map the complete attack surface of
     stopWhen: stepCountIs(1e4),
     toolChoice: "auto",
     onStepFinish,
-    abortSignal
+    abortSignal,
+    onFinish: ({ response }) => {
+      saveMessages(session, mapMessages(response.messages));
+    }
   });
   streamResult.session = session;
   return { streamResult, session };
@@ -129358,14 +129492,13 @@ Use this as the FIRST step in your thorough penetration test.`,
     execute: async ({ target, objective }) => {
       try {
         logger?.log(`[Orchestrator] Spawning attack surface agent for: ${target}`);
-        const { streamResult: result } = runAgent2({
+        const { streamResult: result, subagentId } = runAgent2({
           session,
           target,
           objective,
           model,
           abortSignal
         });
-        const subagentId = `attack-surface-${result.session.id}`;
         const allMessages = [];
         let currentAssistantText = "";
         if (onSubagentSpawn) {
@@ -129390,8 +129523,8 @@ Objective: ${objective}`,
         if (onSubagentMessage) {
           onSubagentMessage(subagentId, initialMessage);
         }
-        for await (const delta of result.fullStream) {
-          if (delta.type === "text-delta") {
+        await consumeStream2(result, {
+          onTextDelta: (delta) => {
             currentAssistantText += delta.text;
             const lastMessage = allMessages[allMessages.length - 1];
             if (lastMessage && lastMessage.role === "assistant") {
@@ -129414,7 +129547,8 @@ Objective: ${objective}`,
                 onSubagentMessage(subagentId, newMessage);
               }
             }
-          } else if (delta.type === "tool-call") {
+          },
+          onToolCall: (delta) => {
             if (currentAssistantText) {
               currentAssistantText = "";
             }
@@ -129431,7 +129565,8 @@ Objective: ${objective}`,
             if (onSubagentMessage) {
               onSubagentMessage(subagentId, toolMessage);
             }
-          } else if (delta.type === "tool-result") {
+          },
+          onToolResult: (delta) => {
             const existingToolMessageIndex = allMessages.findIndex((msg) => msg.role === "tool" && msg.toolCallId === delta.toolCallId);
             if (existingToolMessageIndex !== -1) {
               const existingMessage = allMessages[existingToolMessageIndex];
@@ -129446,11 +129581,10 @@ Objective: ${objective}`,
               }
             }
           }
-        }
+        });
         if (onSubagentComplete) {
           onSubagentComplete(subagentId, true);
         }
-        saveSubagentMessages(session, subagentId, allMessages);
         const subagentMetadata = {
           type: "attack-surface",
           subagentId,
@@ -129533,14 +129667,13 @@ You can spawn multiple agents in parallel - they will run concurrently.`,
         const limit = pLimit(5);
         const promises = targets.map((targetInfo, index) => limit(async () => {
           try {
-            const { streamResult: result } = runAgent({
+            const { streamResult: result, subagentId } = runAgent({
               session,
               target: targetInfo.target,
               objective: targetInfo.objective,
               model,
               abortSignal
             });
-            const subagentId = `pentest-${index + 1}-${result.session.id}`;
             const allMessages = [];
             let currentAssistantText = "";
             const startTime = new Date().toISOString();
@@ -129566,8 +129699,8 @@ Objective: ${targetInfo.objective}`,
             if (onSubagentMessage) {
               onSubagentMessage(subagentId, initialMessage);
             }
-            for await (const delta of result.fullStream) {
-              if (delta.type === "text-delta") {
+            await consumeStream2(result, {
+              onTextDelta: (delta) => {
                 currentAssistantText += delta.text;
                 const lastMessage = allMessages[allMessages.length - 1];
                 if (lastMessage && lastMessage.role === "assistant") {
@@ -129590,7 +129723,8 @@ Objective: ${targetInfo.objective}`,
                     onSubagentMessage(subagentId, newMessage);
                   }
                 }
-              } else if (delta.type === "tool-call") {
+              },
+              onToolCall: (delta) => {
                 if (currentAssistantText) {
                   currentAssistantText = "";
                 }
@@ -129607,7 +129741,8 @@ Objective: ${targetInfo.objective}`,
                 if (onSubagentMessage) {
                   onSubagentMessage(subagentId, toolMessage);
                 }
-              } else if (delta.type === "tool-result") {
+              },
+              onToolResult: (delta) => {
                 const existingToolMessageIndex = allMessages.findIndex((msg) => msg.role === "tool" && msg.toolCallId === delta.toolCallId);
                 if (existingToolMessageIndex !== -1) {
                   const existingMessage = allMessages[existingToolMessageIndex];
@@ -129622,12 +129757,11 @@ Objective: ${targetInfo.objective}`,
                   }
                 }
               }
-            }
-            const endTime = new Date().toISOString();
+            });
             if (onSubagentComplete) {
               onSubagentComplete(subagentId, true);
             }
-            saveSubagentMessages(session, subagentId, allMessages);
+            const endTime = new Date().toISOString();
             const subagentMetadata = {
               type: "pentest",
               subagentId,