npm - @pensar/apex - Versions diffs - 0.0.29 → 0.0.30-canary.0 - Mend

@pensar/apex 0.0.29 → 0.0.30-canary.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/build/pentest.js CHANGED Viewed

@@ -39879,6 +39879,21 @@ function createSummarizationStream(messages, opts, model) {
     }
   };
 }
+async function consumeStream2(stream, {
+  onTextDelta,
+  onToolCall,
+  onToolResult
+}) {
+  for await (const delta of stream.fullStream) {
+    if (delta.type === "text-delta") {
+      onTextDelta?.(delta);
+    } else if (delta.type === "tool-call") {
+      onToolCall?.(delta);
+    } else if (delta.type === "tool-result") {
+      onToolResult?.(delta);
+    }
+  }
+}
 // src/core/ai/ai.ts
 function wrapStreamWithErrorHandler(originalStream, messagesContainer, opts, model, silent) {
@@ -39942,7 +39957,8 @@ function streamResponse(opts) {
     abortSignal,
     activeTools,
     silent,
-    authConfig
+    authConfig,
+    onFinish
   } = opts;
   const messagesContainer = { current: messages || [] };
   const providerModel = getProviderModel(model, authConfig);
@@ -39997,7 +40013,8 @@ function streamResponse(opts) {
           }
           throw repairError;
         }
-      }
+      },
+      onFinish
     });
     return wrapStreamWithErrorHandler(response, messagesContainer, opts, providerModel, silent);
   } catch (error46) {
@@ -40713,7 +40730,14 @@ function getOffensiveHeaders(session) {
 // src/core/agent/thoroughPentestAgent/agent.ts
 import { join as join6 } from "path";
-import { readFileSync as readFileSync5, existsSync as existsSync8, writeFileSync as writeFileSync6, copyFileSync, readdirSync as readdirSync4, mkdirSync as mkdirSync6 } from "fs";
+import {
+  readFileSync as readFileSync5,
+  existsSync as existsSync8,
+  writeFileSync as writeFileSync6,
+  copyFileSync,
+  readdirSync as readdirSync4,
+  mkdirSync as mkdirSync6
+} from "fs";
 // src/core/agent/attackSurfaceAgent/prompts.ts
 var SYSTEM2 = `You are an expert attack surface analysis agent specializing in comprehensive reconnaissance and asset discovery. Your role is to AUTONOMOUSLY map the entire attack surface of a target and identify specific targets for deeper penetration testing.
@@ -44327,6 +44351,239 @@ Begin your analysis now.
   };
 }
+// src/core/messages/index.ts
+import fs from "fs";
+// src/core/messages/types.ts
+var ToolMessageObject = exports_external.object({
+  role: exports_external.literal("tool"),
+  status: exports_external.enum(["pending", "completed"]),
+  toolCallId: exports_external.string(),
+  content: exports_external.string(),
+  args: exports_external.record(exports_external.string(), exports_external.any()),
+  toolName: exports_external.string(),
+  createdAt: exports_external.coerce.date()
+});
+var SystemModelMessageObject = exports_external.object({
+  role: exports_external.literal("system"),
+  content: exports_external.string(),
+  createdAt: exports_external.coerce.date(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var TextPartObject = exports_external.object({
+  type: exports_external.literal("text"),
+  text: exports_external.string(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var FilePartObject = exports_external.object({
+  type: exports_external.literal("file"),
+  data: exports_external.union([
+    exports_external.string(),
+    exports_external.instanceof(Uint8Array),
+    exports_external.instanceof(ArrayBuffer),
+    exports_external.instanceof(Buffer),
+    exports_external.url()
+  ]),
+  filename: exports_external.string().optional(),
+  mediaType: exports_external.string(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var ReasoningPartObject = exports_external.object({
+  type: exports_external.literal("reasoning"),
+  text: exports_external.string(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var ToolCallPartObject = exports_external.object({
+  type: exports_external.literal("tool-call"),
+  toolCallId: exports_external.string(),
+  toolName: exports_external.string(),
+  input: exports_external.unknown(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional(),
+  providerExecuted: exports_external.boolean().optional()
+});
+var ToolResultOutputObject = exports_external.discriminatedUnion("type", [
+  exports_external.object({
+    type: exports_external.literal("text"),
+    value: exports_external.string()
+  }),
+  exports_external.object({
+    type: exports_external.literal("json"),
+    value: exports_external.any()
+  }),
+  exports_external.object({
+    type: exports_external.literal("error-text"),
+    value: exports_external.string()
+  }),
+  exports_external.object({
+    type: exports_external.literal("error-json"),
+    value: exports_external.any()
+  }),
+  exports_external.object({
+    type: exports_external.literal("content"),
+    value: exports_external.array(exports_external.discriminatedUnion("type", [
+      exports_external.object({
+        type: exports_external.literal("text"),
+        text: exports_external.string()
+      }),
+      exports_external.object({
+        type: exports_external.literal("media"),
+        data: exports_external.string(),
+        mediaType: exports_external.string()
+      })
+    ]))
+  })
+]);
+var ToolResultPartObject = exports_external.object({
+  type: exports_external.literal("tool-result"),
+  toolCallId: exports_external.string(),
+  toolName: exports_external.string(),
+  output: ToolResultOutputObject,
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var AssistantModelMessageObject = exports_external.object({
+  role: exports_external.literal("assistant"),
+  content: exports_external.union([
+    exports_external.string(),
+    exports_external.array(exports_external.discriminatedUnion("type", [
+      TextPartObject,
+      FilePartObject,
+      ReasoningPartObject,
+      ToolCallPartObject,
+      ToolResultPartObject
+    ]))
+  ]),
+  createdAt: exports_external.coerce.date(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var UserModelMessageObject = exports_external.object({
+  role: exports_external.literal("user"),
+  content: exports_external.union([
+    exports_external.string(),
+    exports_external.array(exports_external.discriminatedUnion("type", [TextPartObject, FilePartObject]))
+  ]),
+  createdAt: exports_external.coerce.date(),
+  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
+});
+var ModelMessageObject = exports_external.discriminatedUnion("role", [
+  SystemModelMessageObject,
+  UserModelMessageObject,
+  AssistantModelMessageObject,
+  ToolMessageObject
+]);
+// src/core/messages/index.ts
+function saveMessages(session, messages) {
+  fs.writeFileSync(session.rootPath + "/messages.json", JSON.stringify(messages, null, 2));
+}
+function saveSubagentMessages(orchestratorSession, subagentId, messages) {
+  const subagentDir = `${orchestratorSession.rootPath}/subagents/${subagentId}`;
+  if (!fs.existsSync(`${orchestratorSession.rootPath}/subagents`)) {
+    fs.mkdirSync(`${orchestratorSession.rootPath}/subagents`, {
+      recursive: true
+    });
+  }
+  if (!fs.existsSync(subagentDir)) {
+    fs.mkdirSync(subagentDir, { recursive: true });
+  }
+  fs.writeFileSync(`${subagentDir}/messages.json`, JSON.stringify(messages, null, 2));
+}
+function mapMessages(messages) {
+  const result = [];
+  const toolResults = new Map;
+  for (const message of messages) {
+    if (message.role === "tool") {
+      const content = message.content;
+      if (Array.isArray(content)) {
+        for (const part of content) {
+          if (part.type === "tool-result") {
+            toolResults.set(part.toolCallId, part.output);
+          }
+        }
+      }
+    }
+  }
+  for (const message of messages) {
+    if (message.role === "system") {
+      result.push({
+        role: "system",
+        content: message.content,
+        createdAt: new Date,
+        ...message.providerOptions && {
+          providerOptions: message.providerOptions
+        }
+      });
+      continue;
+    }
+    if (message.role === "user") {
+      const content = typeof message.content === "string" ? message.content : message.content.map((part) => part.type === "text" ? part.text : "").join("");
+      result.push({
+        role: "user",
+        content,
+        createdAt: new Date,
+        ...message.providerOptions && {
+          providerOptions: message.providerOptions
+        }
+      });
+      continue;
+    }
+    if (message.role === "tool") {
+      continue;
+    }
+    if (message.role === "assistant") {
+      const content = message.content;
+      if (typeof content === "string") {
+        result.push({
+          role: "assistant",
+          content,
+          createdAt: new Date,
+          ...message.providerOptions && {
+            providerOptions: message.providerOptions
+          }
+        });
+        continue;
+      }
+      const textParts = [];
+      const toolCalls = [];
+      for (const part of content) {
+        if (part.type === "text") {
+          textParts.push(part.text);
+        } else if (part.type === "tool-call") {
+          toolCalls.push({
+            toolCallId: part.toolCallId,
+            toolName: part.toolName,
+            input: part.input
+          });
+        }
+      }
+      if (textParts.length > 0) {
+        result.push({
+          role: "assistant",
+          content: textParts.join(""),
+          createdAt: new Date,
+          ...message.providerOptions && {
+            providerOptions: message.providerOptions
+          }
+        });
+      }
+      for (const toolCall of toolCalls) {
+        const input = toolCall.input;
+        const toolCallDescription = input?.toolCallDescription || `Executing ${toolCall.toolName}`;
+        const hasResult = toolResults.has(toolCall.toolCallId);
+        result.push({
+          role: "tool",
+          status: hasResult ? "completed" : "pending",
+          toolCallId: toolCall.toolCallId,
+          content: hasResult ? `✓ ${toolCallDescription}` : toolCallDescription,
+          args: input || {},
+          toolName: toolCall.toolName,
+          createdAt: new Date
+        });
+      }
+    }
+  }
+  return result;
+}
 // src/core/agent/pentestAgent/agent.ts
 var execAsync2 = promisify2(exec2);
 function runAgent(opts) {
@@ -44343,6 +44600,7 @@ function runAgent(opts) {
     sessionConfig
   } = opts;
   const session = opts.session || createSession(target, objective, undefined, sessionConfig);
+  const subagentId = `pentest-${nanoid3(6)}`;
   const pocsPath = join3(session.rootPath, "pocs");
   if (!existsSync5(pocsPath)) {
     mkdirSync4(pocsPath, { recursive: true });
@@ -44498,10 +44756,13 @@ You are only authorized to perform testing against the specific target endpoint
     onStepFinish,
     abortSignal,
     silent,
-    authConfig
+    authConfig,
+    onFinish: ({ response }) => {
+      saveSubagentMessages(session, subagentId, mapMessages(response.messages));
+    }
   });
   streamResult.session = session;
-  return { streamResult, session };
+  return { streamResult, session, subagentId };
 }
 // src/core/agent/tools.ts
 var execAsync3 = promisify3(exec3);
@@ -47050,6 +47311,7 @@ import { writeFileSync as writeFileSync5, mkdirSync as mkdirSync5, existsSync as
 function runAgent2(opts) {
   const { target, model, onStepFinish, abortSignal } = opts;
   const session = opts.session || createSession(target);
+  const subagentId = `attack-surface-${nanoid3(6)}`;
   console.log(`Created attack surface session: ${session.id}`);
   console.log(`Session path: ${session.rootPath}`);
   const assetsPath = join5(session.rootPath, "assets");
@@ -47196,144 +47458,13 @@ You MUST provide the details final report using create_attack_surface_report too
     stopWhen: stepCountIs(1e4),
     toolChoice: "auto",
     onStepFinish,
-    abortSignal
+    abortSignal,
+    onFinish: ({ response }) => {
+      saveSubagentMessages(session, subagentId, mapMessages(response.messages));
+    }
   });
   streamResult.session = session;
-  return { streamResult, session };
-}
-// src/core/messages/index.ts
-import fs from "fs";
-// src/core/messages/types.ts
-var ToolMessageObject = exports_external.object({
-  role: exports_external.literal("tool"),
-  status: exports_external.enum(["pending", "completed"]),
-  toolCallId: exports_external.string(),
-  content: exports_external.string(),
-  args: exports_external.record(exports_external.string(), exports_external.any()),
-  toolName: exports_external.string(),
-  createdAt: exports_external.coerce.date()
-});
-var SystemModelMessageObject = exports_external.object({
-  role: exports_external.literal("system"),
-  content: exports_external.string(),
-  createdAt: exports_external.coerce.date(),
-  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
-});
-var TextPartObject = exports_external.object({
-  type: exports_external.literal("text"),
-  text: exports_external.string(),
-  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
-});
-var FilePartObject = exports_external.object({
-  type: exports_external.literal("file"),
-  data: exports_external.union([
-    exports_external.string(),
-    exports_external.instanceof(Uint8Array),
-    exports_external.instanceof(ArrayBuffer),
-    exports_external.instanceof(Buffer),
-    exports_external.url()
-  ]),
-  filename: exports_external.string().optional(),
-  mediaType: exports_external.string(),
-  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
-});
-var ReasoningPartObject = exports_external.object({
-  type: exports_external.literal("reasoning"),
-  text: exports_external.string(),
-  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
-});
-var ToolCallPartObject = exports_external.object({
-  type: exports_external.literal("tool-call"),
-  toolCallId: exports_external.string(),
-  toolName: exports_external.string(),
-  input: exports_external.unknown(),
-  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional(),
-  providerExecuted: exports_external.boolean().optional()
-});
-var ToolResultOutputObject = exports_external.discriminatedUnion("type", [
-  exports_external.object({
-    type: exports_external.literal("text"),
-    value: exports_external.string()
-  }),
-  exports_external.object({
-    type: exports_external.literal("json"),
-    value: exports_external.any()
-  }),
-  exports_external.object({
-    type: exports_external.literal("error-text"),
-    value: exports_external.string()
-  }),
-  exports_external.object({
-    type: exports_external.literal("error-json"),
-    value: exports_external.any()
-  }),
-  exports_external.object({
-    type: exports_external.literal("content"),
-    value: exports_external.array(exports_external.discriminatedUnion("type", [
-      exports_external.object({
-        type: exports_external.literal("text"),
-        text: exports_external.string()
-      }),
-      exports_external.object({
-        type: exports_external.literal("media"),
-        data: exports_external.string(),
-        mediaType: exports_external.string()
-      })
-    ]))
-  })
-]);
-var ToolResultPartObject = exports_external.object({
-  type: exports_external.literal("tool-result"),
-  toolCallId: exports_external.string(),
-  toolName: exports_external.string(),
-  output: ToolResultOutputObject,
-  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
-});
-var AssistantModelMessageObject = exports_external.object({
-  role: exports_external.literal("assistant"),
-  content: exports_external.union([
-    exports_external.string(),
-    exports_external.array(exports_external.discriminatedUnion("type", [
-      TextPartObject,
-      FilePartObject,
-      ReasoningPartObject,
-      ToolCallPartObject,
-      ToolResultPartObject
-    ]))
-  ]),
-  createdAt: exports_external.coerce.date(),
-  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
-});
-var UserModelMessageObject = exports_external.object({
-  role: exports_external.literal("user"),
-  content: exports_external.union([
-    exports_external.string(),
-    exports_external.array(exports_external.discriminatedUnion("type", [TextPartObject, FilePartObject]))
-  ]),
-  createdAt: exports_external.coerce.date(),
-  providerOptions: exports_external.record(exports_external.string(), exports_external.any()).optional()
-});
-var ModelMessageObject = exports_external.discriminatedUnion("role", [
-  SystemModelMessageObject,
-  UserModelMessageObject,
-  AssistantModelMessageObject,
-  ToolMessageObject
-]);
-// src/core/messages/index.ts
-function saveSubagentMessages(orchestratorSession, subagentId, messages) {
-  const subagentDir = `${orchestratorSession.rootPath}/subagents/${subagentId}`;
-  if (!fs.existsSync(`${orchestratorSession.rootPath}/subagents`)) {
-    fs.mkdirSync(`${orchestratorSession.rootPath}/subagents`, {
-      recursive: true
-    });
-  }
-  if (!fs.existsSync(subagentDir)) {
-    fs.mkdirSync(subagentDir, { recursive: true });
-  }
-  fs.writeFileSync(`${subagentDir}/messages.json`, JSON.stringify(messages, null, 2));
+  return { streamResult, session, subagentId };
 }
 // node_modules/yocto-queue/index.js
@@ -47518,7 +47649,10 @@ Begin by using the get_attack_surface tool to map the complete attack surface of
     stopWhen: stepCountIs(1e4),
     toolChoice: "auto",
     onStepFinish,
-    abortSignal
+    abortSignal,
+    onFinish: ({ response }) => {
+      saveMessages(session, mapMessages(response.messages));
+    }
   });
   streamResult.session = session;
   return { streamResult, session };
@@ -47550,14 +47684,13 @@ Use this as the FIRST step in your thorough penetration test.`,
     execute: async ({ target, objective }) => {
       try {
         logger?.log(`[Orchestrator] Spawning attack surface agent for: ${target}`);
-        const { streamResult: result } = runAgent2({
+        const { streamResult: result, subagentId } = runAgent2({
           session,
           target,
           objective,
           model,
           abortSignal
         });
-        const subagentId = `attack-surface-${result.session.id}`;
         const allMessages = [];
         let currentAssistantText = "";
         if (onSubagentSpawn) {
@@ -47582,8 +47715,8 @@ Objective: ${objective}`,
         if (onSubagentMessage) {
           onSubagentMessage(subagentId, initialMessage);
         }
-        for await (const delta of result.fullStream) {
-          if (delta.type === "text-delta") {
+        await consumeStream2(result, {
+          onTextDelta: (delta) => {
             currentAssistantText += delta.text;
             const lastMessage = allMessages[allMessages.length - 1];
             if (lastMessage && lastMessage.role === "assistant") {
@@ -47606,7 +47739,8 @@ Objective: ${objective}`,
                 onSubagentMessage(subagentId, newMessage);
               }
             }
-          } else if (delta.type === "tool-call") {
+          },
+          onToolCall: (delta) => {
             if (currentAssistantText) {
               currentAssistantText = "";
             }
@@ -47623,7 +47757,8 @@ Objective: ${objective}`,
             if (onSubagentMessage) {
               onSubagentMessage(subagentId, toolMessage);
             }
-          } else if (delta.type === "tool-result") {
+          },
+          onToolResult: (delta) => {
             const existingToolMessageIndex = allMessages.findIndex((msg) => msg.role === "tool" && msg.toolCallId === delta.toolCallId);
             if (existingToolMessageIndex !== -1) {
               const existingMessage = allMessages[existingToolMessageIndex];
@@ -47638,11 +47773,10 @@ Objective: ${objective}`,
               }
             }
           }
-        }
+        });
         if (onSubagentComplete) {
           onSubagentComplete(subagentId, true);
         }
-        saveSubagentMessages(session, subagentId, allMessages);
         const subagentMetadata = {
           type: "attack-surface",
           subagentId,
@@ -47725,14 +47859,13 @@ You can spawn multiple agents in parallel - they will run concurrently.`,
         const limit = pLimit(5);
         const promises = targets.map((targetInfo, index) => limit(async () => {
           try {
-            const { streamResult: result } = runAgent({
+            const { streamResult: result, subagentId } = runAgent({
               session,
               target: targetInfo.target,
               objective: targetInfo.objective,
               model,
               abortSignal
             });
-            const subagentId = `pentest-${index + 1}-${result.session.id}`;
             const allMessages = [];
             let currentAssistantText = "";
             const startTime = new Date().toISOString();
@@ -47758,8 +47891,8 @@ Objective: ${targetInfo.objective}`,
             if (onSubagentMessage) {
               onSubagentMessage(subagentId, initialMessage);
             }
-            for await (const delta of result.fullStream) {
-              if (delta.type === "text-delta") {
+            await consumeStream2(result, {
+              onTextDelta: (delta) => {
                 currentAssistantText += delta.text;
                 const lastMessage = allMessages[allMessages.length - 1];
                 if (lastMessage && lastMessage.role === "assistant") {
@@ -47782,7 +47915,8 @@ Objective: ${targetInfo.objective}`,
                     onSubagentMessage(subagentId, newMessage);
                   }
                 }
-              } else if (delta.type === "tool-call") {
+              },
+              onToolCall: (delta) => {
                 if (currentAssistantText) {
                   currentAssistantText = "";
                 }
@@ -47799,7 +47933,8 @@ Objective: ${targetInfo.objective}`,
                 if (onSubagentMessage) {
                   onSubagentMessage(subagentId, toolMessage);
                 }
-              } else if (delta.type === "tool-result") {
+              },
+              onToolResult: (delta) => {
                 const existingToolMessageIndex = allMessages.findIndex((msg) => msg.role === "tool" && msg.toolCallId === delta.toolCallId);
                 if (existingToolMessageIndex !== -1) {
                   const existingMessage = allMessages[existingToolMessageIndex];
@@ -47814,12 +47949,11 @@ Objective: ${targetInfo.objective}`,
                   }
                 }
               }
-            }
-            const endTime = new Date().toISOString();
+            });
             if (onSubagentComplete) {
               onSubagentComplete(subagentId, true);
             }
-            saveSubagentMessages(session, subagentId, allMessages);
+            const endTime = new Date().toISOString();
             const subagentMetadata = {
               type: "pentest",
               subagentId,