@pensar/apex 0.0.36-canary.0 → 0.0.39-canary.2f181ec5

package/build/pentest.js

@@ -39513,6 +39513,12 @@ var OPENROUTER_MODELS = [
     provider: "openrouter",
     contextLength: 64000
   },
+  {
+    id: "mistralai/mistral-large-2512",
+    name: "Mistral Large 3 2512",
+    provider: "openrouter",
+    contextLength: 262144
+  },
   {
     id: "moonshotai/kimi-k2-thinking",
     name: "Kimi K2 Thinking",
@@ -40114,11 +40120,38 @@ async function summarizeConversation(messages, opts, model) {
       content: `Summarize this conversation to pass to another agent. This was the system prompt: ${opts.system} `
     }
   ];
-  const { text: summary } = await generateText({
+  const { text: summary, usage: summaryUsage } = await generateText({
     model,
     system: `You are a helpful assistant that summarizes conversations to pass to another agent. Review the conversation and system prompt at the end provided by the user.`,
     messages: summarizedMessages
   });
+  if (opts.onStepFinish && summaryUsage) {
+    opts.onStepFinish({
+      text: "",
+      reasoning: undefined,
+      reasoningDetails: [],
+      files: [],
+      sources: [],
+      toolCalls: [],
+      toolResults: [],
+      finishReason: "stop",
+      usage: {
+        inputTokens: summaryUsage.inputTokens ?? 0,
+        outputTokens: summaryUsage.outputTokens ?? 0,
+        totalTokens: summaryUsage.totalTokens ?? 0
+      },
+      warnings: [],
+      request: {},
+      response: {
+        id: "summarization",
+        timestamp: new Date,
+        modelId: ""
+      },
+      providerMetadata: undefined,
+      stepType: "initial",
+      isContinued: false
+    });
+  }
   const originalLength = typeof opts.prompt === "string" ? opts.prompt.length : 0;
   const enhancedPrompt = originalLength > 1e5 ? `Context: The previous conversation contained very long content that was summarized.
 
@@ -40281,6 +40314,7 @@ function streamResponse(opts) {
   } = opts;
   const messagesContainer = { current: messages || [] };
   const providerModel = getProviderModel(model, authConfig);
+  let rateLimitRetryCount = 0;
   try {
     const response = streamText({
       model: providerModel,
@@ -40294,6 +40328,16 @@ function streamResponse(opts) {
         messagesContainer.current = opts2.messages;
         return;
       },
+      onError: async ({ error: error46 }) => {
+        if (error46.message.toLowerCase().includes("too many tokens") || error46.message.toLowerCase().includes("overloaded")) {
+          rateLimitRetryCount++;
+          await new Promise((resolve2) => setTimeout(resolve2, 1000 * rateLimitRetryCount));
+          if (rateLimitRetryCount < 20) {
+            return;
+          }
+        }
+        throw error46;
+      },
       onStepFinish,
       abortSignal,
       activeTools,
@@ -40312,7 +40356,7 @@ function streamResponse(opts) {
             throw new Error(`Tool ${toolCall.toolName} not found or has no schema`);
           }
           const jsonSchema2 = inputSchema({ toolName: toolCall.toolName });
-          const { object: repairedArgs } = await generateObject({
+          const { object: repairedArgs, usage: repairUsage } = await generateObject({
             model: providerModel,
             schema: tool2.inputSchema,
             prompt: [
@@ -40325,6 +40369,33 @@ function streamResponse(opts) {
             ].join(`
 `)
           });
+          if (onStepFinish && repairUsage) {
+            onStepFinish({
+              text: "",
+              reasoning: undefined,
+              reasoningDetails: [],
+              files: [],
+              sources: [],
+              toolCalls: [],
+              toolResults: [],
+              finishReason: "stop",
+              usage: {
+                inputTokens: repairUsage.inputTokens ?? 0,
+                outputTokens: repairUsage.outputTokens ?? 0,
+                totalTokens: repairUsage.totalTokens ?? 0
+              },
+              warnings: [],
+              request: {},
+              response: {
+                id: "tool-repair",
+                timestamp: new Date,
+                modelId: ""
+              },
+              providerMetadata: undefined,
+              stepType: "initial",
+              isContinued: false
+            });
+          }
           return { ...toolCall, input: JSON.stringify(repairedArgs) };
         } catch (repairError) {
           if (!silent) {
@@ -40351,9 +40422,9 @@ function streamResponse(opts) {
   }
 }
 async function generateObjectResponse(opts) {
-  const { model, schema, prompt, system, maxTokens, temperature, authConfig } = opts;
+  const { model, schema, prompt, system, maxTokens, temperature, authConfig, onTokenUsage } = opts;
   const providerModel = getProviderModel(model, authConfig);
-  const { object: object3 } = await generateObject({
+  const { object: object3, usage } = await generateObject({
     model: providerModel,
     schema,
     prompt,
@@ -40361,6 +40432,9 @@ async function generateObjectResponse(opts) {
     maxTokens,
     temperature
   });
+  if (onTokenUsage && usage) {
+    onTokenUsage(usage.inputTokens ?? 0, usage.outputTokens ?? 0);
+  }
   return object3;
 }
 // src/core/agent/thoroughPentestAgent/prompts.ts
@@ -44911,6 +44985,7 @@ function runAgent(opts) {
     objective,
     model,
     onStepFinish,
+    onToolTokenUsage,
     abortSignal,
     silent,
     authConfig,
@@ -44930,7 +45005,7 @@ function runAgent(opts) {
     analyze_scan,
     scratchpad,
     generate_report
-  } = createPentestTools(session, undefined, toolOverride);
+  } = createPentestTools(session, undefined, toolOverride, onToolTokenUsage);
   const document_finding = tool({
     name: "document_finding",
     description: `Document a security finding with severity, impact, and remediation guidance.
@@ -46761,7 +46836,7 @@ Example workflow:
     execute: async (params) => recordTestResultCore(session, params)
   });
 }
-async function generateTestStrategy(params, model) {
+async function generateTestStrategy(params, model, onTokenUsage) {
   const prompt = `You are a penetration testing expert. Generate a concise testing strategy:
 
 Attack Type: ${params.knowledge.name}
@@ -46787,12 +46862,15 @@ Be tactical and specific.`;
       model: providerModel,
       prompt
     });
+    if (onTokenUsage && result.usage) {
+      onTokenUsage(result.usage.inputTokens ?? 0, result.usage.outputTokens ?? 0);
+    }
     return result.text;
   } catch (error46) {
     return params.knowledge.adaptiveStrategy;
   }
 }
-async function generatePayload(params, model) {
+async function generatePayload(params, model, onTokenUsage) {
   const prompt = `Generate ONE ${params.knowledge.name} payload for testing.
 
 Techniques:
@@ -46816,7 +46894,8 @@ Generate ONE specific payload. Return ONLY JSON:
     const result = await generateObjectResponse({
       model,
       schema: PayloadSchema,
-      prompt
+      prompt,
+      onTokenUsage
     });
     return result;
   } catch (error46) {
@@ -46829,7 +46908,7 @@ Generate ONE specific payload. Return ONLY JSON:
     technique: technique.name
   };
 }
-async function analyzeResponse(params, model) {
+async function analyzeResponse(params, model, onTokenUsage) {
   const prompt = `Analyze this security test response:
 
 Attack: ${params.knowledge.name}
@@ -46857,7 +46936,8 @@ Analyze: Is this vulnerable? Return ONLY JSON:
     const result = await generateObjectResponse({
       model,
       schema: AnalysisSchema,
-      prompt
+      prompt,
+      onTokenUsage
     });
     return result;
   } catch (error46) {
@@ -46876,7 +46956,7 @@ Analyze: Is this vulnerable? Return ONLY JSON:
     suggestedNextTest: "Try alternative payload or technique"
   };
 }
-function createSmartTestTool(session, model) {
+function createSmartTestTool(session, model, onTokenUsage) {
   return tool({
     name: "test_parameter",
     description: `Intelligently test a parameter for a vulnerability using AI-powered adaptive testing.
@@ -46946,7 +47026,7 @@ test_parameter({
           parameter,
           endpoint,
           context
-        }, model);
+        }, model, onTokenUsage);
         console.log(`Strategy: ${strategy}`);
         const results = [];
         let vulnerable = false;
@@ -46959,7 +47039,7 @@ test_parameter({
             context: { ...context, parameter, endpoint },
             previousResults: results,
             round
-          }, model);
+          }, model, onTokenUsage);
           console.log(`  Payload: ${payloadData.payload}`);
           console.log(`  Reasoning: ${payloadData.reasoning}`);
           let response;
@@ -46988,7 +47068,7 @@ test_parameter({
             attackType,
             knowledge,
             previousResults: results
-          }, model);
+          }, model, onTokenUsage);
           console.log(`  Analysis: ${analysis.reasoning}`);
           console.log(`  Vulnerable: ${analysis.vulnerable} (confidence: ${analysis.confidence})`);
           results.push({
@@ -47438,7 +47518,7 @@ function wrapCommandWithHeaders(command, headers) {
   }
   return wrapped;
 }
-function createPentestTools(session, model, toolOverride) {
+function createPentestTools(session, model, toolOverride, onTokenUsage) {
   const offensiveHeaders = getOffensiveHeaders(session);
   const rateLimiter = session._rateLimiter;
   const executeCommand = tool({
@@ -47612,7 +47692,7 @@ COMMON TESTING PATTERNS:
     http_request: httpRequest,
     document_finding: createDocumentFindingTool(session),
     record_test_result: createRecordTestResultTool(session),
-    test_parameter: createSmartTestTool(session, model || "claude-sonnet-4-20250514"),
+    test_parameter: createSmartTestTool(session, model || "claude-sonnet-4-20250514", onTokenUsage),
     check_testing_coverage: createCheckTestingCoverageTool(session),
     validate_completeness: createValidateCompletenessTool(session),
     enumerate_endpoints: createEnumerateEndpointsTool(session),
@@ -47628,7 +47708,7 @@ COMMON TESTING PATTERNS:
 import { join as join5 } from "path";
 import { writeFileSync as writeFileSync5, mkdirSync as mkdirSync5, existsSync as existsSync7 } from "fs";
 function runAgent2(opts) {
-  const { target, model, onStepFinish, abortSignal } = opts;
+  const { target, model, onStepFinish, onToolTokenUsage, abortSignal } = opts;
   const session = opts.session || createSession(target);
   const subagentId = `attack-surface-${nanoid3(6)}`;
   console.log(`Created attack surface session: ${session.id}`);
@@ -47637,7 +47717,7 @@ function runAgent2(opts) {
   if (!existsSync7(assetsPath)) {
     mkdirSync5(assetsPath, { recursive: true });
   }
-  const { analyze_scan, execute_command, http_request } = createPentestTools(session, model);
+  const { analyze_scan, execute_command, http_request } = createPentestTools(session, model, undefined, onToolTokenUsage);
   const document_asset = tool({
     name: "document_asset",
     description: `Document a discovered asset during attack surface analysis.
@@ -47934,13 +48014,14 @@ function runAgent3(opts) {
     onSubagentSpawn,
     onSubagentMessage,
     onSubagentComplete,
+    onSubagentTokenUsage,
     session: sessionProp
   } = opts;
   const session = sessionProp || createSession(target, undefined, undefined, sessionConfig);
   const logger = new Logger(session);
   logger.log(`Created thorough pentest session: ${session.id}`);
   logger.log(`Session path: ${session.rootPath}`);
-  const tools2 = createOrchestratorTools(session, model, abortSignal, onSubagentSpawn, onSubagentMessage, onSubagentComplete, logger);
+  const tools2 = createOrchestratorTools(session, model, abortSignal, onSubagentSpawn, onSubagentMessage, onSubagentComplete, onSubagentTokenUsage, logger);
   const enhancedPrompt = `
 TARGET: ${target}
 
@@ -47976,7 +48057,7 @@ Begin by using the get_attack_surface tool to map the complete attack surface of
   streamResult.session = session;
   return { streamResult, session };
 }
-function createOrchestratorTools(session, model, abortSignal, onSubagentSpawn, onSubagentMessage, onSubagentComplete, logger) {
+function createOrchestratorTools(session, model, abortSignal, onSubagentSpawn, onSubagentMessage, onSubagentComplete, onSubagentTokenUsage, logger) {
   const getAttackSurface = tool({
     name: "get_attack_surface",
     description: `Run the attack surface analysis agent to discover all assets and identify targets.
@@ -48008,7 +48089,19 @@ Use this as the FIRST step in your thorough penetration test.`,
           target,
           objective,
           model,
-          abortSignal
+          abortSignal,
+          onStepFinish: ({ usage }) => {
+            if (onSubagentTokenUsage) {
+              const inputTokens = usage.inputTokens ?? 0;
+              const outputTokens = usage.outputTokens ?? 0;
+              onSubagentTokenUsage(subagentId, inputTokens, outputTokens);
+            }
+          },
+          onToolTokenUsage: (inputTokens, outputTokens) => {
+            if (onSubagentTokenUsage) {
+              onSubagentTokenUsage(subagentId, inputTokens, outputTokens);
+            }
+          }
         });
         const allMessages = [];
         let currentAssistantText = "";
@@ -48183,7 +48276,19 @@ You can spawn multiple agents in parallel - they will run concurrently.`,
               target: targetInfo.target,
               objective: targetInfo.objective,
               model,
-              abortSignal
+              abortSignal,
+              onStepFinish: ({ usage }) => {
+                if (onSubagentTokenUsage) {
+                  const inputTokens = usage.inputTokens ?? 0;
+                  const outputTokens = usage.outputTokens ?? 0;
+                  onSubagentTokenUsage(subagentId, inputTokens, outputTokens);
+                }
+              },
+              onToolTokenUsage: (inputTokens, outputTokens) => {
+                if (onSubagentTokenUsage) {
+                  onSubagentTokenUsage(subagentId, inputTokens, outputTokens);
+                }
+              }
             });
             const allMessages = [];
             let currentAssistantText = "";

package/build/quicktest.js

@@ -39513,6 +39513,12 @@ var OPENROUTER_MODELS = [
     provider: "openrouter",
     contextLength: 64000
   },
+  {
+    id: "mistralai/mistral-large-2512",
+    name: "Mistral Large 3 2512",
+    provider: "openrouter",
+    contextLength: 262144
+  },
   {
     id: "moonshotai/kimi-k2-thinking",
     name: "Kimi K2 Thinking",
@@ -40114,11 +40120,38 @@ async function summarizeConversation(messages, opts, model) {
       content: `Summarize this conversation to pass to another agent. This was the system prompt: ${opts.system} `
     }
   ];
-  const { text: summary } = await generateText({
+  const { text: summary, usage: summaryUsage } = await generateText({
     model,
     system: `You are a helpful assistant that summarizes conversations to pass to another agent. Review the conversation and system prompt at the end provided by the user.`,
     messages: summarizedMessages
   });
+  if (opts.onStepFinish && summaryUsage) {
+    opts.onStepFinish({
+      text: "",
+      reasoning: undefined,
+      reasoningDetails: [],
+      files: [],
+      sources: [],
+      toolCalls: [],
+      toolResults: [],
+      finishReason: "stop",
+      usage: {
+        inputTokens: summaryUsage.inputTokens ?? 0,
+        outputTokens: summaryUsage.outputTokens ?? 0,
+        totalTokens: summaryUsage.totalTokens ?? 0
+      },
+      warnings: [],
+      request: {},
+      response: {
+        id: "summarization",
+        timestamp: new Date,
+        modelId: ""
+      },
+      providerMetadata: undefined,
+      stepType: "initial",
+      isContinued: false
+    });
+  }
   const originalLength = typeof opts.prompt === "string" ? opts.prompt.length : 0;
   const enhancedPrompt = originalLength > 1e5 ? `Context: The previous conversation contained very long content that was summarized.
 
@@ -40266,6 +40299,7 @@ function streamResponse(opts) {
   } = opts;
   const messagesContainer = { current: messages || [] };
   const providerModel = getProviderModel(model, authConfig);
+  let rateLimitRetryCount = 0;
   try {
     const response = streamText({
       model: providerModel,
@@ -40279,6 +40313,16 @@ function streamResponse(opts) {
         messagesContainer.current = opts2.messages;
         return;
       },
+      onError: async ({ error: error46 }) => {
+        if (error46.message.toLowerCase().includes("too many tokens") || error46.message.toLowerCase().includes("overloaded")) {
+          rateLimitRetryCount++;
+          await new Promise((resolve2) => setTimeout(resolve2, 1000 * rateLimitRetryCount));
+          if (rateLimitRetryCount < 20) {
+            return;
+          }
+        }
+        throw error46;
+      },
       onStepFinish,
       abortSignal,
       activeTools,
@@ -40297,7 +40341,7 @@ function streamResponse(opts) {
             throw new Error(`Tool ${toolCall.toolName} not found or has no schema`);
           }
           const jsonSchema2 = inputSchema({ toolName: toolCall.toolName });
-          const { object: repairedArgs } = await generateObject({
+          const { object: repairedArgs, usage: repairUsage } = await generateObject({
             model: providerModel,
             schema: tool2.inputSchema,
             prompt: [
@@ -40310,6 +40354,33 @@ function streamResponse(opts) {
             ].join(`
 `)
           });
+          if (onStepFinish && repairUsage) {
+            onStepFinish({
+              text: "",
+              reasoning: undefined,
+              reasoningDetails: [],
+              files: [],
+              sources: [],
+              toolCalls: [],
+              toolResults: [],
+              finishReason: "stop",
+              usage: {
+                inputTokens: repairUsage.inputTokens ?? 0,
+                outputTokens: repairUsage.outputTokens ?? 0,
+                totalTokens: repairUsage.totalTokens ?? 0
+              },
+              warnings: [],
+              request: {},
+              response: {
+                id: "tool-repair",
+                timestamp: new Date,
+                modelId: ""
+              },
+              providerMetadata: undefined,
+              stepType: "initial",
+              isContinued: false
+            });
+          }
           return { ...toolCall, input: JSON.stringify(repairedArgs) };
         } catch (repairError) {
           if (!silent) {
@@ -40336,9 +40407,9 @@ function streamResponse(opts) {
   }
 }
 async function generateObjectResponse(opts) {
-  const { model, schema, prompt, system, maxTokens, temperature, authConfig } = opts;
+  const { model, schema, prompt, system, maxTokens, temperature, authConfig, onTokenUsage } = opts;
   const providerModel = getProviderModel(model, authConfig);
-  const { object: object3 } = await generateObject({
+  const { object: object3, usage } = await generateObject({
     model: providerModel,
     schema,
     prompt,
@@ -40346,6 +40417,9 @@ async function generateObjectResponse(opts) {
     maxTokens,
     temperature
   });
+  if (onTokenUsage && usage) {
+    onTokenUsage(usage.inputTokens ?? 0, usage.outputTokens ?? 0);
+  }
   return object3;
 }
 // src/core/agent/pentestAgent/prompts.ts
@@ -43697,7 +43771,7 @@ Example workflow:
     execute: async (params) => recordTestResultCore(session, params)
   });
 }
-async function generateTestStrategy(params, model) {
+async function generateTestStrategy(params, model, onTokenUsage) {
   const prompt = `You are a penetration testing expert. Generate a concise testing strategy:
 
 Attack Type: ${params.knowledge.name}
@@ -43723,12 +43797,15 @@ Be tactical and specific.`;
       model: providerModel,
       prompt
     });
+    if (onTokenUsage && result.usage) {
+      onTokenUsage(result.usage.inputTokens ?? 0, result.usage.outputTokens ?? 0);
+    }
     return result.text;
   } catch (error46) {
     return params.knowledge.adaptiveStrategy;
   }
 }
-async function generatePayload(params, model) {
+async function generatePayload(params, model, onTokenUsage) {
   const prompt = `Generate ONE ${params.knowledge.name} payload for testing.
 
 Techniques:
@@ -43752,7 +43829,8 @@ Generate ONE specific payload. Return ONLY JSON:
     const result = await generateObjectResponse({
       model,
       schema: PayloadSchema,
-      prompt
+      prompt,
+      onTokenUsage
     });
     return result;
   } catch (error46) {
@@ -43765,7 +43843,7 @@ Generate ONE specific payload. Return ONLY JSON:
     technique: technique.name
   };
 }
-async function analyzeResponse(params, model) {
+async function analyzeResponse(params, model, onTokenUsage) {
   const prompt = `Analyze this security test response:
 
 Attack: ${params.knowledge.name}
@@ -43793,7 +43871,8 @@ Analyze: Is this vulnerable? Return ONLY JSON:
     const result = await generateObjectResponse({
       model,
       schema: AnalysisSchema,
-      prompt
+      prompt,
+      onTokenUsage
     });
     return result;
   } catch (error46) {
@@ -43812,7 +43891,7 @@ Analyze: Is this vulnerable? Return ONLY JSON:
     suggestedNextTest: "Try alternative payload or technique"
   };
 }
-function createSmartTestTool(session, model) {
+function createSmartTestTool(session, model, onTokenUsage) {
   return tool({
     name: "test_parameter",
     description: `Intelligently test a parameter for a vulnerability using AI-powered adaptive testing.
@@ -43882,7 +43961,7 @@ test_parameter({
           parameter,
           endpoint,
           context
-        }, model);
+        }, model, onTokenUsage);
         console.log(`Strategy: ${strategy}`);
         const results = [];
         let vulnerable = false;
@@ -43895,7 +43974,7 @@ test_parameter({
             context: { ...context, parameter, endpoint },
             previousResults: results,
             round
-          }, model);
+          }, model, onTokenUsage);
           console.log(`  Payload: ${payloadData.payload}`);
           console.log(`  Reasoning: ${payloadData.reasoning}`);
           let response;
@@ -43924,7 +44003,7 @@ test_parameter({
             attackType,
             knowledge,
             previousResults: results
-          }, model);
+          }, model, onTokenUsage);
           console.log(`  Analysis: ${analysis.reasoning}`);
           console.log(`  Vulnerable: ${analysis.vulnerable} (confidence: ${analysis.confidence})`);
           results.push({
@@ -44374,7 +44453,7 @@ function wrapCommandWithHeaders(command, headers) {
   }
   return wrapped;
 }
-function createPentestTools(session, model, toolOverride) {
+function createPentestTools(session, model, toolOverride, onTokenUsage) {
   const offensiveHeaders = getOffensiveHeaders(session);
   const rateLimiter = session._rateLimiter;
   const executeCommand = tool({
@@ -44548,7 +44627,7 @@ COMMON TESTING PATTERNS:
     http_request: httpRequest,
     document_finding: createDocumentFindingTool(session),
     record_test_result: createRecordTestResultTool(session),
-    test_parameter: createSmartTestTool(session, model || "claude-sonnet-4-20250514"),
+    test_parameter: createSmartTestTool(session, model || "claude-sonnet-4-20250514", onTokenUsage),
     check_testing_coverage: createCheckTestingCoverageTool(session),
     validate_completeness: createValidateCompletenessTool(session),
     enumerate_endpoints: createEnumerateEndpointsTool(session),
@@ -45600,6 +45679,7 @@ function runAgent(opts) {
     objective,
     model,
     onStepFinish,
+    onToolTokenUsage,
     abortSignal,
     silent,
     authConfig,
@@ -45619,7 +45699,7 @@ function runAgent(opts) {
     analyze_scan,
     scratchpad,
     generate_report
-  } = createPentestTools(session, undefined, toolOverride);
+  } = createPentestTools(session, undefined, toolOverride, onToolTokenUsage);
   const document_finding = tool({
     name: "document_finding",
     description: `Document a security finding with severity, impact, and remediation guidance.