@pensar/apex 0.0.36-canary.0 → 0.0.39-canary.2f181ec5

package/build/swarm.js

@@ -39513,6 +39513,12 @@ var OPENROUTER_MODELS = [
     provider: "openrouter",
     contextLength: 64000
   },
+  {
+    id: "mistralai/mistral-large-2512",
+    name: "Mistral Large 3 2512",
+    provider: "openrouter",
+    contextLength: 262144
+  },
   {
     id: "moonshotai/kimi-k2-thinking",
     name: "Kimi K2 Thinking",
@@ -40114,11 +40120,38 @@ async function summarizeConversation(messages, opts, model) {
       content: `Summarize this conversation to pass to another agent. This was the system prompt: ${opts.system} `
     }
   ];
-  const { text: summary } = await generateText({
+  const { text: summary, usage: summaryUsage } = await generateText({
     model,
     system: `You are a helpful assistant that summarizes conversations to pass to another agent. Review the conversation and system prompt at the end provided by the user.`,
     messages: summarizedMessages
   });
+  if (opts.onStepFinish && summaryUsage) {
+    opts.onStepFinish({
+      text: "",
+      reasoning: undefined,
+      reasoningDetails: [],
+      files: [],
+      sources: [],
+      toolCalls: [],
+      toolResults: [],
+      finishReason: "stop",
+      usage: {
+        inputTokens: summaryUsage.inputTokens ?? 0,
+        outputTokens: summaryUsage.outputTokens ?? 0,
+        totalTokens: summaryUsage.totalTokens ?? 0
+      },
+      warnings: [],
+      request: {},
+      response: {
+        id: "summarization",
+        timestamp: new Date,
+        modelId: ""
+      },
+      providerMetadata: undefined,
+      stepType: "initial",
+      isContinued: false
+    });
+  }
   const originalLength = typeof opts.prompt === "string" ? opts.prompt.length : 0;
   const enhancedPrompt = originalLength > 1e5 ? `Context: The previous conversation contained very long content that was summarized.
 
@@ -40266,6 +40299,7 @@ function streamResponse(opts) {
   } = opts;
   const messagesContainer = { current: messages || [] };
   const providerModel = getProviderModel(model, authConfig);
+  let rateLimitRetryCount = 0;
   try {
     const response = streamText({
       model: providerModel,
@@ -40279,6 +40313,16 @@ function streamResponse(opts) {
         messagesContainer.current = opts2.messages;
         return;
       },
+      onError: async ({ error: error46 }) => {
+        if (error46.message.toLowerCase().includes("too many tokens") || error46.message.toLowerCase().includes("overloaded")) {
+          rateLimitRetryCount++;
+          await new Promise((resolve2) => setTimeout(resolve2, 1000 * rateLimitRetryCount));
+          if (rateLimitRetryCount < 20) {
+            return;
+          }
+        }
+        throw error46;
+      },
       onStepFinish,
       abortSignal,
       activeTools,
@@ -40297,7 +40341,7 @@ function streamResponse(opts) {
             throw new Error(`Tool ${toolCall.toolName} not found or has no schema`);
           }
           const jsonSchema2 = inputSchema({ toolName: toolCall.toolName });
-          const { object: repairedArgs } = await generateObject({
+          const { object: repairedArgs, usage: repairUsage } = await generateObject({
             model: providerModel,
             schema: tool2.inputSchema,
             prompt: [
@@ -40310,6 +40354,33 @@ function streamResponse(opts) {
             ].join(`
 `)
           });
+          if (onStepFinish && repairUsage) {
+            onStepFinish({
+              text: "",
+              reasoning: undefined,
+              reasoningDetails: [],
+              files: [],
+              sources: [],
+              toolCalls: [],
+              toolResults: [],
+              finishReason: "stop",
+              usage: {
+                inputTokens: repairUsage.inputTokens ?? 0,
+                outputTokens: repairUsage.outputTokens ?? 0,
+                totalTokens: repairUsage.totalTokens ?? 0
+              },
+              warnings: [],
+              request: {},
+              response: {
+                id: "tool-repair",
+                timestamp: new Date,
+                modelId: ""
+              },
+              providerMetadata: undefined,
+              stepType: "initial",
+              isContinued: false
+            });
+          }
           return { ...toolCall, input: JSON.stringify(repairedArgs) };
         } catch (repairError) {
           if (!silent) {
@@ -40336,9 +40407,9 @@ function streamResponse(opts) {
   }
 }
 async function generateObjectResponse(opts) {
-  const { model, schema, prompt, system, maxTokens, temperature, authConfig } = opts;
+  const { model, schema, prompt, system, maxTokens, temperature, authConfig, onTokenUsage } = opts;
   const providerModel = getProviderModel(model, authConfig);
-  const { object: object3 } = await generateObject({
+  const { object: object3, usage } = await generateObject({
     model: providerModel,
     schema,
     prompt,
@@ -40346,6 +40417,9 @@ async function generateObjectResponse(opts) {
     maxTokens,
     temperature
   });
+  if (onTokenUsage && usage) {
+    onTokenUsage(usage.inputTokens ?? 0, usage.outputTokens ?? 0);
+  }
   return object3;
 }
 // src/core/agent/pentestAgent/prompts.ts
@@ -43698,7 +43772,7 @@ Example workflow:
     execute: async (params) => recordTestResultCore(session, params)
   });
 }
-async function generateTestStrategy(params, model) {
+async function generateTestStrategy(params, model, onTokenUsage) {
   const prompt = `You are a penetration testing expert. Generate a concise testing strategy:
 
 Attack Type: ${params.knowledge.name}
@@ -43724,12 +43798,15 @@ Be tactical and specific.`;
       model: providerModel,
       prompt
     });
+    if (onTokenUsage && result.usage) {
+      onTokenUsage(result.usage.inputTokens ?? 0, result.usage.outputTokens ?? 0);
+    }
     return result.text;
   } catch (error46) {
     return params.knowledge.adaptiveStrategy;
   }
 }
-async function generatePayload(params, model) {
+async function generatePayload(params, model, onTokenUsage) {
   const prompt = `Generate ONE ${params.knowledge.name} payload for testing.
 
 Techniques:
@@ -43753,7 +43830,8 @@ Generate ONE specific payload. Return ONLY JSON:
     const result = await generateObjectResponse({
       model,
       schema: PayloadSchema,
-      prompt
+      prompt,
+      onTokenUsage
     });
     return result;
   } catch (error46) {
@@ -43766,7 +43844,7 @@ Generate ONE specific payload. Return ONLY JSON:
     technique: technique.name
   };
 }
-async function analyzeResponse(params, model) {
+async function analyzeResponse(params, model, onTokenUsage) {
   const prompt = `Analyze this security test response:
 
 Attack: ${params.knowledge.name}
@@ -43794,7 +43872,8 @@ Analyze: Is this vulnerable? Return ONLY JSON:
     const result = await generateObjectResponse({
       model,
       schema: AnalysisSchema,
-      prompt
+      prompt,
+      onTokenUsage
     });
     return result;
   } catch (error46) {
@@ -43813,7 +43892,7 @@ Analyze: Is this vulnerable? Return ONLY JSON:
     suggestedNextTest: "Try alternative payload or technique"
   };
 }
-function createSmartTestTool(session, model) {
+function createSmartTestTool(session, model, onTokenUsage) {
   return tool({
     name: "test_parameter",
     description: `Intelligently test a parameter for a vulnerability using AI-powered adaptive testing.
@@ -43883,7 +43962,7 @@ test_parameter({
           parameter,
           endpoint,
           context
-        }, model);
+        }, model, onTokenUsage);
         console.log(`Strategy: ${strategy}`);
         const results = [];
         let vulnerable = false;
@@ -43896,7 +43975,7 @@ test_parameter({
             context: { ...context, parameter, endpoint },
             previousResults: results,
             round
-          }, model);
+          }, model, onTokenUsage);
           console.log(`  Payload: ${payloadData.payload}`);
           console.log(`  Reasoning: ${payloadData.reasoning}`);
           let response;
@@ -43925,7 +44004,7 @@ test_parameter({
             attackType,
             knowledge,
             previousResults: results
-          }, model);
+          }, model, onTokenUsage);
           console.log(`  Analysis: ${analysis.reasoning}`);
           console.log(`  Vulnerable: ${analysis.vulnerable} (confidence: ${analysis.confidence})`);
           results.push({
@@ -44375,7 +44454,7 @@ function wrapCommandWithHeaders(command, headers) {
   }
   return wrapped;
 }
-function createPentestTools(session, model, toolOverride) {
+function createPentestTools(session, model, toolOverride, onTokenUsage) {
   const offensiveHeaders = getOffensiveHeaders(session);
   const rateLimiter = session._rateLimiter;
   const executeCommand = tool({
@@ -44549,7 +44628,7 @@ COMMON TESTING PATTERNS:
     http_request: httpRequest,
     document_finding: createDocumentFindingTool(session),
     record_test_result: createRecordTestResultTool(session),
-    test_parameter: createSmartTestTool(session, model || "claude-sonnet-4-20250514"),
+    test_parameter: createSmartTestTool(session, model || "claude-sonnet-4-20250514", onTokenUsage),
     check_testing_coverage: createCheckTestingCoverageTool(session),
     validate_completeness: createValidateCompletenessTool(session),
     enumerate_endpoints: createEnumerateEndpointsTool(session),
@@ -45601,6 +45680,7 @@ function runAgent(opts) {
     objective,
     model,
     onStepFinish,
+    onToolTokenUsage,
     abortSignal,
     silent,
     authConfig,
@@ -45620,7 +45700,7 @@ function runAgent(opts) {
     analyze_scan,
     scratchpad,
     generate_report
-  } = createPentestTools(session, undefined, toolOverride);
+  } = createPentestTools(session, undefined, toolOverride, onToolTokenUsage);
   const document_finding = tool({
     name: "document_finding",
     description: `Document a security finding with severity, impact, and remediation guidance.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pensar/apex",
-  "version": "0.0.36-canary.0",
+  "version": "0.0.39-canary.2f181ec5",
   "description": "AI-powered penetration testing CLI tool with terminal UI",
   "module": "src/tui/index.tsx",
   "main": "build/index.js",