npm - @pensar/apex - Versions diffs - 0.0.36-canary.0 → 0.0.39-canary.2f181ec5 - Mend

@pensar/apex 0.0.36-canary.0 → 0.0.39-canary.2f181ec5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md CHANGED Viewed

@@ -1,7 +1,14 @@
 <h1 align="center">Pensar Apex</h1>
 <p align="center">
-<a href="https://www.npmjs.com/package/@pensar/apex"><img src="https://img.shields.io/npm/v/@pensar/apex" alt="npm version"></a>
+  <a href="https://www.npmjs.com/package/@pensar/apex"><img src="https://img.shields.io/npm/v/@pensar/apex?label=latest" alt="npm version"></a>
+  <a href="https://www.npmjs.com/package/@pensar/apex"><img src="https://img.shields.io/npm/v/@pensar/apex/canary?label=prerelease&color=yellow" alt="npm prerelease version"></a>
+  <!-- <a href="https://www.npmjs.com/package/@pensar/apex"><img src="https://img.shields.io/npm/dm/@pensar/apex" alt="npm downloads"></a> -->
+  <a href="https://github.com/pensarai/homebrew-tap"><img src="https://img.shields.io/github/v/release/pensarai/apex?label=homebrew&logo=homebrew&color=orange" alt="Homebrew"></a>
+  <a href="./LICENSE"><img src="https://img.shields.io/badge/license-Apache--2.0-blue" alt="Apache 2.0 License"></a>
+  <a href="https://docs.pensar.dev/apex"><img src="https://img.shields.io/badge/docs-docs.pensar.dev/apex-purple?logo=readthedocs&logoColor=white" alt="Documentation"></a>
+</p>
 <p align="center">
   <img src="screenshot.png" alt="Pensar Apex Screenshot" width="800">
 </p>
@@ -40,6 +47,27 @@ Download installer from `https://nmap.org/download.html` and ensure `nmap` is on
 ### Install Apex
+#### macOS / Linux (Quick Install)
+```bash
+curl -fsSL https://pensarai.com/install.sh | bash
+```
+#### Homebrew
+```bash
+brew tap pensarai/tap
+brew install apex
+```
+#### Windows (PowerShell)
+```powershell
+irm https://pensarai.com/apex.ps1 | iex
+```
+#### npm
 ```bash
 npm install -g @pensar/apex
 ```

package/build/benchmark.js CHANGED Viewed

@@ -84615,7 +84615,7 @@ async function installApex(sandbox, branch) {
   const prefix = branch ? `[${branch}] ` : "";
   console.log(`${prefix}\uD83D\uDCE6 Installing Apex globally via bun...`);
   try {
-    const installResult = await sandbox.process.executeCommand('export BUN_INSTALL="$HOME/.bun" && export PATH="$BUN_INSTALL/bin:$PATH" && bun install -g @pensar/apex');
+    const installResult = await sandbox.process.executeCommand('export BUN_INSTALL="$HOME/.bun" && export PATH="$BUN_INSTALL/bin:$PATH" && bun install -g @pensar/apex@canary');
     if (installResult.exitCode !== 0) {
       throw new Error(`Bun install failed with exit code ${installResult.exitCode}`);
     }
@@ -121194,6 +121194,12 @@ var OPENROUTER_MODELS = [
     provider: "openrouter",
     contextLength: 64000
   },
+  {
+    id: "mistralai/mistral-large-2512",
+    name: "Mistral Large 3 2512",
+    provider: "openrouter",
+    contextLength: 262144
+  },
   {
     id: "moonshotai/kimi-k2-thinking",
     name: "Kimi K2 Thinking",
@@ -121795,11 +121801,38 @@ async function summarizeConversation(messages, opts, model) {
       content: `Summarize this conversation to pass to another agent. This was the system prompt: ${opts.system} `
     }
   ];
-  const { text: summary } = await generateText({
+  const { text: summary, usage: summaryUsage } = await generateText({
     model,
     system: `You are a helpful assistant that summarizes conversations to pass to another agent. Review the conversation and system prompt at the end provided by the user.`,
     messages: summarizedMessages
   });
+  if (opts.onStepFinish && summaryUsage) {
+    opts.onStepFinish({
+      text: "",
+      reasoning: undefined,
+      reasoningDetails: [],
+      files: [],
+      sources: [],
+      toolCalls: [],
+      toolResults: [],
+      finishReason: "stop",
+      usage: {
+        inputTokens: summaryUsage.inputTokens ?? 0,
+        outputTokens: summaryUsage.outputTokens ?? 0,
+        totalTokens: summaryUsage.totalTokens ?? 0
+      },
+      warnings: [],
+      request: {},
+      response: {
+        id: "summarization",
+        timestamp: new Date,
+        modelId: ""
+      },
+      providerMetadata: undefined,
+      stepType: "initial",
+      isContinued: false
+    });
+  }
   const originalLength = typeof opts.prompt === "string" ? opts.prompt.length : 0;
   const enhancedPrompt = originalLength > 1e5 ? `Context: The previous conversation contained very long content that was summarized.
@@ -121962,6 +121995,7 @@ function streamResponse(opts) {
   } = opts;
   const messagesContainer = { current: messages || [] };
   const providerModel = getProviderModel(model, authConfig);
+  let rateLimitRetryCount = 0;
   try {
     const response = streamText({
       model: providerModel,
@@ -121975,6 +122009,16 @@ function streamResponse(opts) {
         messagesContainer.current = opts2.messages;
         return;
       },
+      onError: async ({ error: error46 }) => {
+        if (error46.message.toLowerCase().includes("too many tokens") || error46.message.toLowerCase().includes("overloaded")) {
+          rateLimitRetryCount++;
+          await new Promise((resolve2) => setTimeout(resolve2, 1000 * rateLimitRetryCount));
+          if (rateLimitRetryCount < 20) {
+            return;
+          }
+        }
+        throw error46;
+      },
       onStepFinish,
       abortSignal,
       activeTools,
@@ -121993,7 +122037,7 @@ function streamResponse(opts) {
             throw new Error(`Tool ${toolCall.toolName} not found or has no schema`);
           }
           const jsonSchema2 = inputSchema({ toolName: toolCall.toolName });
-          const { object: repairedArgs } = await generateObject({
+          const { object: repairedArgs, usage: repairUsage } = await generateObject({
             model: providerModel,
             schema: tool2.inputSchema,
             prompt: [
@@ -122006,6 +122050,33 @@ function streamResponse(opts) {
             ].join(`
 `)
           });
+          if (onStepFinish && repairUsage) {
+            onStepFinish({
+              text: "",
+              reasoning: undefined,
+              reasoningDetails: [],
+              files: [],
+              sources: [],
+              toolCalls: [],
+              toolResults: [],
+              finishReason: "stop",
+              usage: {
+                inputTokens: repairUsage.inputTokens ?? 0,
+                outputTokens: repairUsage.outputTokens ?? 0,
+                totalTokens: repairUsage.totalTokens ?? 0
+              },
+              warnings: [],
+              request: {},
+              response: {
+                id: "tool-repair",
+                timestamp: new Date,
+                modelId: ""
+              },
+              providerMetadata: undefined,
+              stepType: "initial",
+              isContinued: false
+            });
+          }
           return { ...toolCall, input: JSON.stringify(repairedArgs) };
         } catch (repairError) {
           if (!silent) {
@@ -122032,9 +122103,9 @@ function streamResponse(opts) {
   }
 }
 async function generateObjectResponse(opts) {
-  const { model, schema, prompt, system, maxTokens, temperature, authConfig } = opts;
+  const { model, schema, prompt, system, maxTokens, temperature, authConfig, onTokenUsage } = opts;
   const providerModel = getProviderModel(model, authConfig);
-  const { object: object3 } = await generateObject({
+  const { object: object3, usage } = await generateObject({
     model: providerModel,
     schema,
     prompt,
@@ -122042,6 +122113,9 @@ async function generateObjectResponse(opts) {
     maxTokens,
     temperature
   });
+  if (onTokenUsage && usage) {
+    onTokenUsage(usage.inputTokens ?? 0, usage.outputTokens ?? 0);
+  }
   return object3;
 }
 // src/core/agent/benchmark/prompts.ts
@@ -126855,6 +126929,7 @@ function runAgent(opts) {
     objective,
     model,
     onStepFinish,
+    onToolTokenUsage,
     abortSignal,
     silent,
     authConfig,
@@ -126874,7 +126949,7 @@ function runAgent(opts) {
     analyze_scan,
     scratchpad,
     generate_report
-  } = createPentestTools(session, undefined, toolOverride);
+  } = createPentestTools(session, undefined, toolOverride, onToolTokenUsage);
   const document_finding = tool({
     name: "document_finding",
     description: `Document a security finding with severity, impact, and remediation guidance.
@@ -128705,7 +128780,7 @@ Example workflow:
     execute: async (params) => recordTestResultCore(session, params)
   });
 }
-async function generateTestStrategy(params, model) {
+async function generateTestStrategy(params, model, onTokenUsage) {
   const prompt = `You are a penetration testing expert. Generate a concise testing strategy:
 Attack Type: ${params.knowledge.name}
@@ -128731,12 +128806,15 @@ Be tactical and specific.`;
       model: providerModel,
       prompt
     });
+    if (onTokenUsage && result.usage) {
+      onTokenUsage(result.usage.inputTokens ?? 0, result.usage.outputTokens ?? 0);
+    }
     return result.text;
   } catch (error46) {
     return params.knowledge.adaptiveStrategy;
   }
 }
-async function generatePayload(params, model) {
+async function generatePayload(params, model, onTokenUsage) {
   const prompt = `Generate ONE ${params.knowledge.name} payload for testing.
 Techniques:
@@ -128760,7 +128838,8 @@ Generate ONE specific payload. Return ONLY JSON:
     const result = await generateObjectResponse({
       model,
       schema: PayloadSchema,
-      prompt
+      prompt,
+      onTokenUsage
     });
     return result;
   } catch (error46) {
@@ -128773,7 +128852,7 @@ Generate ONE specific payload. Return ONLY JSON:
     technique: technique.name
   };
 }
-async function analyzeResponse(params, model) {
+async function analyzeResponse(params, model, onTokenUsage) {
   const prompt = `Analyze this security test response:
 Attack: ${params.knowledge.name}
@@ -128801,7 +128880,8 @@ Analyze: Is this vulnerable? Return ONLY JSON:
     const result = await generateObjectResponse({
       model,
       schema: AnalysisSchema,
-      prompt
+      prompt,
+      onTokenUsage
     });
     return result;
   } catch (error46) {
@@ -128820,7 +128900,7 @@ Analyze: Is this vulnerable? Return ONLY JSON:
     suggestedNextTest: "Try alternative payload or technique"
   };
 }
-function createSmartTestTool(session, model) {
+function createSmartTestTool(session, model, onTokenUsage) {
   return tool({
     name: "test_parameter",
     description: `Intelligently test a parameter for a vulnerability using AI-powered adaptive testing.
@@ -128890,7 +128970,7 @@ test_parameter({
           parameter,
           endpoint,
           context
-        }, model);
+        }, model, onTokenUsage);
         console.log(`Strategy: ${strategy}`);
         const results = [];
         let vulnerable = false;
@@ -128903,7 +128983,7 @@ test_parameter({
             context: { ...context, parameter, endpoint },
             previousResults: results,
             round
-          }, model);
+          }, model, onTokenUsage);
           console.log(`  Payload: ${payloadData.payload}`);
           console.log(`  Reasoning: ${payloadData.reasoning}`);
           let response;
@@ -128932,7 +129012,7 @@ test_parameter({
             attackType,
             knowledge,
             previousResults: results
-          }, model);
+          }, model, onTokenUsage);
           console.log(`  Analysis: ${analysis.reasoning}`);
           console.log(`  Vulnerable: ${analysis.vulnerable} (confidence: ${analysis.confidence})`);
           results.push({
@@ -129382,7 +129462,7 @@ function wrapCommandWithHeaders(command, headers) {
   }
   return wrapped;
 }
-function createPentestTools(session, model, toolOverride) {
+function createPentestTools(session, model, toolOverride, onTokenUsage) {
   const offensiveHeaders = getOffensiveHeaders(session);
   const rateLimiter = session._rateLimiter;
   const executeCommand = tool({
@@ -129556,7 +129636,7 @@ COMMON TESTING PATTERNS:
     http_request: httpRequest,
     document_finding: createDocumentFindingTool(session),
     record_test_result: createRecordTestResultTool(session),
-    test_parameter: createSmartTestTool(session, model || "claude-sonnet-4-20250514"),
+    test_parameter: createSmartTestTool(session, model || "claude-sonnet-4-20250514", onTokenUsage),
     check_testing_coverage: createCheckTestingCoverageTool(session),
     validate_completeness: createValidateCompletenessTool(session),
     enumerate_endpoints: createEnumerateEndpointsTool(session),
@@ -129572,7 +129652,7 @@ COMMON TESTING PATTERNS:
 import { join as join5 } from "path";
 import { writeFileSync as writeFileSync5, mkdirSync as mkdirSync5, existsSync as existsSync7 } from "fs";
 function runAgent2(opts) {
-  const { target, model, onStepFinish, abortSignal } = opts;
+  const { target, model, onStepFinish, onToolTokenUsage, abortSignal } = opts;
   const session = opts.session || createSession(target);
   const subagentId = `attack-surface-${nanoid3(6)}`;
   console.log(`Created attack surface session: ${session.id}`);
@@ -129581,7 +129661,7 @@ function runAgent2(opts) {
   if (!existsSync7(assetsPath)) {
     mkdirSync5(assetsPath, { recursive: true });
   }
-  const { analyze_scan, execute_command, http_request } = createPentestTools(session, model);
+  const { analyze_scan, execute_command, http_request } = createPentestTools(session, model, undefined, onToolTokenUsage);
   const document_asset = tool({
     name: "document_asset",
     description: `Document a discovered asset during attack surface analysis.
@@ -129742,13 +129822,14 @@ function runAgent3(opts) {
     onSubagentSpawn,
     onSubagentMessage,
     onSubagentComplete,
+    onSubagentTokenUsage,
     session: sessionProp
   } = opts;
   const session = sessionProp || createSession(target, undefined, undefined, sessionConfig);
   const logger = new Logger(session);
   logger.log(`Created thorough pentest session: ${session.id}`);
   logger.log(`Session path: ${session.rootPath}`);
-  const tools2 = createOrchestratorTools(session, model, abortSignal, onSubagentSpawn, onSubagentMessage, onSubagentComplete, logger);
+  const tools2 = createOrchestratorTools(session, model, abortSignal, onSubagentSpawn, onSubagentMessage, onSubagentComplete, onSubagentTokenUsage, logger);
   const enhancedPrompt = `
 TARGET: ${target}
@@ -129784,7 +129865,7 @@ Begin by using the get_attack_surface tool to map the complete attack surface of
   streamResult.session = session;
   return { streamResult, session };
 }
-function createOrchestratorTools(session, model, abortSignal, onSubagentSpawn, onSubagentMessage, onSubagentComplete, logger) {
+function createOrchestratorTools(session, model, abortSignal, onSubagentSpawn, onSubagentMessage, onSubagentComplete, onSubagentTokenUsage, logger) {
   const getAttackSurface = tool({
     name: "get_attack_surface",
     description: `Run the attack surface analysis agent to discover all assets and identify targets.
@@ -129816,7 +129897,19 @@ Use this as the FIRST step in your thorough penetration test.`,
           target,
           objective,
           model,
-          abortSignal
+          abortSignal,
+          onStepFinish: ({ usage }) => {
+            if (onSubagentTokenUsage) {
+              const inputTokens = usage.inputTokens ?? 0;
+              const outputTokens = usage.outputTokens ?? 0;
+              onSubagentTokenUsage(subagentId, inputTokens, outputTokens);
+            }
+          },
+          onToolTokenUsage: (inputTokens, outputTokens) => {
+            if (onSubagentTokenUsage) {
+              onSubagentTokenUsage(subagentId, inputTokens, outputTokens);
+            }
+          }
         });
         const allMessages = [];
         let currentAssistantText = "";
@@ -129991,7 +130084,19 @@ You can spawn multiple agents in parallel - they will run concurrently.`,
               target: targetInfo.target,
               objective: targetInfo.objective,
               model,
-              abortSignal
+              abortSignal,
+              onStepFinish: ({ usage }) => {
+                if (onSubagentTokenUsage) {
+                  const inputTokens = usage.inputTokens ?? 0;
+                  const outputTokens = usage.outputTokens ?? 0;
+                  onSubagentTokenUsage(subagentId, inputTokens, outputTokens);
+                }
+              },
+              onToolTokenUsage: (inputTokens, outputTokens) => {
+                if (onSubagentTokenUsage) {
+                  onSubagentTokenUsage(subagentId, inputTokens, outputTokens);
+                }
+              }
             });
             const allMessages = [];
             let currentAssistantText = "";