@pensar/apex 0.0.37-canary.0 → 0.0.39-canary.2f181ec5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +29 -1
  2. package/build/benchmark.js +121 -22
  3. package/build/index.js +180 -62
  4. package/build/pentest.js +121 -22
  5. package/build/quicktest.js +90 -16
  6. package/build/swarm.js +90 -16
  7. package/package.json +1 -1
package/build/swarm.js CHANGED
@@ -40120,11 +40120,38 @@ async function summarizeConversation(messages, opts, model) {
40120
40120
  content: `Summarize this conversation to pass to another agent. This was the system prompt: ${opts.system} `
40121
40121
  }
40122
40122
  ];
40123
- const { text: summary } = await generateText({
40123
+ const { text: summary, usage: summaryUsage } = await generateText({
40124
40124
  model,
40125
40125
  system: `You are a helpful assistant that summarizes conversations to pass to another agent. Review the conversation and system prompt at the end provided by the user.`,
40126
40126
  messages: summarizedMessages
40127
40127
  });
40128
+ if (opts.onStepFinish && summaryUsage) {
40129
+ opts.onStepFinish({
40130
+ text: "",
40131
+ reasoning: undefined,
40132
+ reasoningDetails: [],
40133
+ files: [],
40134
+ sources: [],
40135
+ toolCalls: [],
40136
+ toolResults: [],
40137
+ finishReason: "stop",
40138
+ usage: {
40139
+ inputTokens: summaryUsage.inputTokens ?? 0,
40140
+ outputTokens: summaryUsage.outputTokens ?? 0,
40141
+ totalTokens: summaryUsage.totalTokens ?? 0
40142
+ },
40143
+ warnings: [],
40144
+ request: {},
40145
+ response: {
40146
+ id: "summarization",
40147
+ timestamp: new Date,
40148
+ modelId: ""
40149
+ },
40150
+ providerMetadata: undefined,
40151
+ stepType: "initial",
40152
+ isContinued: false
40153
+ });
40154
+ }
40128
40155
  const originalLength = typeof opts.prompt === "string" ? opts.prompt.length : 0;
40129
40156
  const enhancedPrompt = originalLength > 1e5 ? `Context: The previous conversation contained very long content that was summarized.
40130
40157
 
@@ -40272,6 +40299,7 @@ function streamResponse(opts) {
40272
40299
  } = opts;
40273
40300
  const messagesContainer = { current: messages || [] };
40274
40301
  const providerModel = getProviderModel(model, authConfig);
40302
+ let rateLimitRetryCount = 0;
40275
40303
  try {
40276
40304
  const response = streamText({
40277
40305
  model: providerModel,
@@ -40285,6 +40313,16 @@ function streamResponse(opts) {
40285
40313
  messagesContainer.current = opts2.messages;
40286
40314
  return;
40287
40315
  },
40316
+ onError: async ({ error: error46 }) => {
40317
+ if (error46.message.toLowerCase().includes("too many tokens") || error46.message.toLowerCase().includes("overloaded")) {
40318
+ rateLimitRetryCount++;
40319
+ await new Promise((resolve2) => setTimeout(resolve2, 1000 * rateLimitRetryCount));
40320
+ if (rateLimitRetryCount < 20) {
40321
+ return;
40322
+ }
40323
+ }
40324
+ throw error46;
40325
+ },
40288
40326
  onStepFinish,
40289
40327
  abortSignal,
40290
40328
  activeTools,
@@ -40303,7 +40341,7 @@ function streamResponse(opts) {
40303
40341
  throw new Error(`Tool ${toolCall.toolName} not found or has no schema`);
40304
40342
  }
40305
40343
  const jsonSchema2 = inputSchema({ toolName: toolCall.toolName });
40306
- const { object: repairedArgs } = await generateObject({
40344
+ const { object: repairedArgs, usage: repairUsage } = await generateObject({
40307
40345
  model: providerModel,
40308
40346
  schema: tool2.inputSchema,
40309
40347
  prompt: [
@@ -40316,6 +40354,33 @@ function streamResponse(opts) {
40316
40354
  ].join(`
40317
40355
  `)
40318
40356
  });
40357
+ if (onStepFinish && repairUsage) {
40358
+ onStepFinish({
40359
+ text: "",
40360
+ reasoning: undefined,
40361
+ reasoningDetails: [],
40362
+ files: [],
40363
+ sources: [],
40364
+ toolCalls: [],
40365
+ toolResults: [],
40366
+ finishReason: "stop",
40367
+ usage: {
40368
+ inputTokens: repairUsage.inputTokens ?? 0,
40369
+ outputTokens: repairUsage.outputTokens ?? 0,
40370
+ totalTokens: repairUsage.totalTokens ?? 0
40371
+ },
40372
+ warnings: [],
40373
+ request: {},
40374
+ response: {
40375
+ id: "tool-repair",
40376
+ timestamp: new Date,
40377
+ modelId: ""
40378
+ },
40379
+ providerMetadata: undefined,
40380
+ stepType: "initial",
40381
+ isContinued: false
40382
+ });
40383
+ }
40319
40384
  return { ...toolCall, input: JSON.stringify(repairedArgs) };
40320
40385
  } catch (repairError) {
40321
40386
  if (!silent) {
@@ -40342,9 +40407,9 @@ function streamResponse(opts) {
40342
40407
  }
40343
40408
  }
40344
40409
  async function generateObjectResponse(opts) {
40345
- const { model, schema, prompt, system, maxTokens, temperature, authConfig } = opts;
40410
+ const { model, schema, prompt, system, maxTokens, temperature, authConfig, onTokenUsage } = opts;
40346
40411
  const providerModel = getProviderModel(model, authConfig);
40347
- const { object: object3 } = await generateObject({
40412
+ const { object: object3, usage } = await generateObject({
40348
40413
  model: providerModel,
40349
40414
  schema,
40350
40415
  prompt,
@@ -40352,6 +40417,9 @@ async function generateObjectResponse(opts) {
40352
40417
  maxTokens,
40353
40418
  temperature
40354
40419
  });
40420
+ if (onTokenUsage && usage) {
40421
+ onTokenUsage(usage.inputTokens ?? 0, usage.outputTokens ?? 0);
40422
+ }
40355
40423
  return object3;
40356
40424
  }
40357
40425
  // src/core/agent/pentestAgent/prompts.ts
@@ -43704,7 +43772,7 @@ Example workflow:
43704
43772
  execute: async (params) => recordTestResultCore(session, params)
43705
43773
  });
43706
43774
  }
43707
- async function generateTestStrategy(params, model) {
43775
+ async function generateTestStrategy(params, model, onTokenUsage) {
43708
43776
  const prompt = `You are a penetration testing expert. Generate a concise testing strategy:
43709
43777
 
43710
43778
  Attack Type: ${params.knowledge.name}
@@ -43730,12 +43798,15 @@ Be tactical and specific.`;
43730
43798
  model: providerModel,
43731
43799
  prompt
43732
43800
  });
43801
+ if (onTokenUsage && result.usage) {
43802
+ onTokenUsage(result.usage.inputTokens ?? 0, result.usage.outputTokens ?? 0);
43803
+ }
43733
43804
  return result.text;
43734
43805
  } catch (error46) {
43735
43806
  return params.knowledge.adaptiveStrategy;
43736
43807
  }
43737
43808
  }
43738
- async function generatePayload(params, model) {
43809
+ async function generatePayload(params, model, onTokenUsage) {
43739
43810
  const prompt = `Generate ONE ${params.knowledge.name} payload for testing.
43740
43811
 
43741
43812
  Techniques:
@@ -43759,7 +43830,8 @@ Generate ONE specific payload. Return ONLY JSON:
43759
43830
  const result = await generateObjectResponse({
43760
43831
  model,
43761
43832
  schema: PayloadSchema,
43762
- prompt
43833
+ prompt,
43834
+ onTokenUsage
43763
43835
  });
43764
43836
  return result;
43765
43837
  } catch (error46) {
@@ -43772,7 +43844,7 @@ Generate ONE specific payload. Return ONLY JSON:
43772
43844
  technique: technique.name
43773
43845
  };
43774
43846
  }
43775
- async function analyzeResponse(params, model) {
43847
+ async function analyzeResponse(params, model, onTokenUsage) {
43776
43848
  const prompt = `Analyze this security test response:
43777
43849
 
43778
43850
  Attack: ${params.knowledge.name}
@@ -43800,7 +43872,8 @@ Analyze: Is this vulnerable? Return ONLY JSON:
43800
43872
  const result = await generateObjectResponse({
43801
43873
  model,
43802
43874
  schema: AnalysisSchema,
43803
- prompt
43875
+ prompt,
43876
+ onTokenUsage
43804
43877
  });
43805
43878
  return result;
43806
43879
  } catch (error46) {
@@ -43819,7 +43892,7 @@ Analyze: Is this vulnerable? Return ONLY JSON:
43819
43892
  suggestedNextTest: "Try alternative payload or technique"
43820
43893
  };
43821
43894
  }
43822
- function createSmartTestTool(session, model) {
43895
+ function createSmartTestTool(session, model, onTokenUsage) {
43823
43896
  return tool({
43824
43897
  name: "test_parameter",
43825
43898
  description: `Intelligently test a parameter for a vulnerability using AI-powered adaptive testing.
@@ -43889,7 +43962,7 @@ test_parameter({
43889
43962
  parameter,
43890
43963
  endpoint,
43891
43964
  context
43892
- }, model);
43965
+ }, model, onTokenUsage);
43893
43966
  console.log(`Strategy: ${strategy}`);
43894
43967
  const results = [];
43895
43968
  let vulnerable = false;
@@ -43902,7 +43975,7 @@ test_parameter({
43902
43975
  context: { ...context, parameter, endpoint },
43903
43976
  previousResults: results,
43904
43977
  round
43905
- }, model);
43978
+ }, model, onTokenUsage);
43906
43979
  console.log(` Payload: ${payloadData.payload}`);
43907
43980
  console.log(` Reasoning: ${payloadData.reasoning}`);
43908
43981
  let response;
@@ -43931,7 +44004,7 @@ test_parameter({
43931
44004
  attackType,
43932
44005
  knowledge,
43933
44006
  previousResults: results
43934
- }, model);
44007
+ }, model, onTokenUsage);
43935
44008
  console.log(` Analysis: ${analysis.reasoning}`);
43936
44009
  console.log(` Vulnerable: ${analysis.vulnerable} (confidence: ${analysis.confidence})`);
43937
44010
  results.push({
@@ -44381,7 +44454,7 @@ function wrapCommandWithHeaders(command, headers) {
44381
44454
  }
44382
44455
  return wrapped;
44383
44456
  }
44384
- function createPentestTools(session, model, toolOverride) {
44457
+ function createPentestTools(session, model, toolOverride, onTokenUsage) {
44385
44458
  const offensiveHeaders = getOffensiveHeaders(session);
44386
44459
  const rateLimiter = session._rateLimiter;
44387
44460
  const executeCommand = tool({
@@ -44555,7 +44628,7 @@ COMMON TESTING PATTERNS:
44555
44628
  http_request: httpRequest,
44556
44629
  document_finding: createDocumentFindingTool(session),
44557
44630
  record_test_result: createRecordTestResultTool(session),
44558
- test_parameter: createSmartTestTool(session, model || "claude-sonnet-4-20250514"),
44631
+ test_parameter: createSmartTestTool(session, model || "claude-sonnet-4-20250514", onTokenUsage),
44559
44632
  check_testing_coverage: createCheckTestingCoverageTool(session),
44560
44633
  validate_completeness: createValidateCompletenessTool(session),
44561
44634
  enumerate_endpoints: createEnumerateEndpointsTool(session),
@@ -45607,6 +45680,7 @@ function runAgent(opts) {
45607
45680
  objective,
45608
45681
  model,
45609
45682
  onStepFinish,
45683
+ onToolTokenUsage,
45610
45684
  abortSignal,
45611
45685
  silent,
45612
45686
  authConfig,
@@ -45626,7 +45700,7 @@ function runAgent(opts) {
45626
45700
  analyze_scan,
45627
45701
  scratchpad,
45628
45702
  generate_report
45629
- } = createPentestTools(session, undefined, toolOverride);
45703
+ } = createPentestTools(session, undefined, toolOverride, onToolTokenUsage);
45630
45704
  const document_finding = tool({
45631
45705
  name: "document_finding",
45632
45706
  description: `Document a security finding with severity, impact, and remediation guidance.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pensar/apex",
3
- "version": "0.0.37-canary.0",
3
+ "version": "0.0.39-canary.2f181ec5",
4
4
  "description": "AI-powered penetration testing CLI tool with terminal UI",
5
5
  "module": "src/tui/index.tsx",
6
6
  "main": "build/index.js",