@pensar/apex 1.0.0 → 1.1.0

package/build/{cli-yz3dzpxd.js → cli-tyrzasca.js}

@@ -1,3 +1,6 @@
+import {
+  detectOSAndEnhancePrompt
+} from "./cli-tp1tqn3k.js";
 import {
   CredentialManager,
   NotFoundError,
@@ -13,7 +16,7 @@ import {
   update,
   write,
   writeRaw
-} from "./cli-wqeja2k6.js";
+} from "./cli-6negm843.js";
 import {
   parseTargetUrl
 } from "./cli-3y0dgy56.js";
@@ -49,18 +52,18 @@ import {
   union,
   unknown,
   zod_default
-} from "./cli-dfth2beg.js";
+} from "./cli-1tv4x6xh.js";
 import {
   signGatewayRequest
-} from "./cli-qvq41y3z.js";
+} from "./cli-t1nkahx2.js";
 import {
   config,
   ensureValidToken,
   getPensarApiUrl
-} from "./cli-qcsv2e9h.js";
+} from "./cli-5xfjvm8j.js";
 import {
   getCurrentVersion
-} from "./cli-r4jzb7aj.js";
+} from "./cli-st6vsbzv.js";
 import {
   __commonJS,
   __require,
@@ -47190,15 +47193,15 @@ var require_node = __commonJS((exports) => {
   Object.defineProperty(exports, "__esModule", { value: true });
   exports.cloneNode = exports.hasChildren = exports.isDocument = exports.isDirective = exports.isComment = exports.isText = exports.isCDATA = exports.isTag = exports.Element = exports.Document = exports.CDATA = exports.NodeWithChildren = exports.ProcessingInstruction = exports.Comment = exports.Text = exports.DataNode = exports.Node = undefined;
   var domelementtype_1 = require_lib4();
-  var Node = function() {
-    function Node2() {
+  var Node2 = function() {
+    function Node3() {
       this.parent = null;
       this.prev = null;
       this.next = null;
       this.startIndex = null;
       this.endIndex = null;
     }
-    Object.defineProperty(Node2.prototype, "parentNode", {
+    Object.defineProperty(Node3.prototype, "parentNode", {
       get: function() {
         return this.parent;
       },
@@ -47208,7 +47211,7 @@ var require_node = __commonJS((exports) => {
       enumerable: false,
       configurable: true
     });
-    Object.defineProperty(Node2.prototype, "previousSibling", {
+    Object.defineProperty(Node3.prototype, "previousSibling", {
       get: function() {
         return this.prev;
       },
@@ -47218,7 +47221,7 @@ var require_node = __commonJS((exports) => {
       enumerable: false,
       configurable: true
     });
-    Object.defineProperty(Node2.prototype, "nextSibling", {
+    Object.defineProperty(Node3.prototype, "nextSibling", {
       get: function() {
         return this.next;
       },
@@ -47228,15 +47231,15 @@ var require_node = __commonJS((exports) => {
       enumerable: false,
       configurable: true
     });
-    Node2.prototype.cloneNode = function(recursive) {
+    Node3.prototype.cloneNode = function(recursive) {
       if (recursive === undefined) {
         recursive = false;
       }
       return cloneNode(this, recursive);
     };
-    return Node2;
+    return Node3;
   }();
-  exports.Node = Node;
+  exports.Node = Node2;
   var DataNode = function(_super) {
     __extends(DataNode2, _super);
     function DataNode2(data) {
@@ -47255,7 +47258,7 @@ var require_node = __commonJS((exports) => {
       configurable: true
     });
     return DataNode2;
-  }(Node);
+  }(Node2);
   exports.DataNode = DataNode;
   var Text = function(_super) {
     __extends(Text2, _super);
@@ -47342,7 +47345,7 @@ var require_node = __commonJS((exports) => {
       configurable: true
     });
     return NodeWithChildren2;
-  }(Node);
+  }(Node2);
   exports.NodeWithChildren = NodeWithChildren;
   var CDATA = function(_super) {
     __extends(CDATA2, _super);
@@ -99637,6 +99640,162 @@ function buildExplanation(riskLevel, assetType, _baseScore, totalScore, breakdow
   return parts.join(" ");
 }
 
+// node_modules/yocto-queue/index.js
+class Node {
+  value;
+  next;
+  constructor(value) {
+    this.value = value;
+  }
+}
+
+class Queue {
+  #head;
+  #tail;
+  #size;
+  constructor() {
+    this.clear();
+  }
+  enqueue(value) {
+    const node = new Node(value);
+    if (this.#head) {
+      this.#tail.next = node;
+      this.#tail = node;
+    } else {
+      this.#head = node;
+      this.#tail = node;
+    }
+    this.#size++;
+  }
+  dequeue() {
+    const current = this.#head;
+    if (!current) {
+      return;
+    }
+    this.#head = this.#head.next;
+    this.#size--;
+    if (!this.#head) {
+      this.#tail = undefined;
+    }
+    return current.value;
+  }
+  peek() {
+    if (!this.#head) {
+      return;
+    }
+    return this.#head.value;
+  }
+  clear() {
+    this.#head = undefined;
+    this.#tail = undefined;
+    this.#size = 0;
+  }
+  get size() {
+    return this.#size;
+  }
+  *[Symbol.iterator]() {
+    let current = this.#head;
+    while (current) {
+      yield current.value;
+      current = current.next;
+    }
+  }
+  *drain() {
+    while (this.#head) {
+      yield this.dequeue();
+    }
+  }
+}
+
+// node_modules/p-limit/index.js
+function pLimit(concurrency) {
+  let rejectOnClear = false;
+  if (typeof concurrency === "object") {
+    ({ concurrency, rejectOnClear = false } = concurrency);
+  }
+  validateConcurrency(concurrency);
+  if (typeof rejectOnClear !== "boolean") {
+    throw new TypeError("Expected `rejectOnClear` to be a boolean");
+  }
+  const queue = new Queue;
+  let activeCount = 0;
+  const resumeNext = () => {
+    if (activeCount < concurrency && queue.size > 0) {
+      activeCount++;
+      queue.dequeue().run();
+    }
+  };
+  const next = () => {
+    activeCount--;
+    resumeNext();
+  };
+  const run = async (function_, resolve5, arguments_) => {
+    const result = (async () => function_(...arguments_))();
+    resolve5(result);
+    try {
+      await result;
+    } catch {}
+    next();
+  };
+  const enqueue = (function_, resolve5, reject, arguments_) => {
+    const queueItem = { reject };
+    new Promise((internalResolve) => {
+      queueItem.run = internalResolve;
+      queue.enqueue(queueItem);
+    }).then(run.bind(undefined, function_, resolve5, arguments_));
+    if (activeCount < concurrency) {
+      resumeNext();
+    }
+  };
+  const generator = (function_, ...arguments_) => new Promise((resolve5, reject) => {
+    enqueue(function_, resolve5, reject, arguments_);
+  });
+  Object.defineProperties(generator, {
+    activeCount: {
+      get: () => activeCount
+    },
+    pendingCount: {
+      get: () => queue.size
+    },
+    clearQueue: {
+      value() {
+        if (!rejectOnClear) {
+          queue.clear();
+          return;
+        }
+        const abortError = AbortSignal.abort().reason;
+        while (queue.size > 0) {
+          queue.dequeue().reject(abortError);
+        }
+      }
+    },
+    concurrency: {
+      get: () => concurrency,
+      set(newConcurrency) {
+        validateConcurrency(newConcurrency);
+        concurrency = newConcurrency;
+        queueMicrotask(() => {
+          while (activeCount < concurrency && queue.size > 0) {
+            resumeNext();
+          }
+        });
+      }
+    },
+    map: {
+      async value(iterable, function_) {
+        const promises = Array.from(iterable, (value, index) => this(function_, value, index));
+        return Promise.all(promises);
+      }
+    }
+  });
+  return generator;
+}
+function validateConcurrency(concurrency) {
+  if (!((Number.isInteger(concurrency) || concurrency === Number.POSITIVE_INFINITY) && concurrency > 0)) {
+    throw new TypeError("Expected `concurrency` to be a number from 1 and up");
+  }
+}
+
 // src/core/agents/offSecAgent/tools/threatModelGenerator.ts
 init_zod();
 
@@ -99747,6 +99906,8 @@ class AgentEventBus {
 }
 
 // src/core/agents/offSecAgent/tools/threatModelGenerator.ts
+var THREAT_MODEL_CONCURRENCY = 10;
+var threatModelLimiter = pLimit(THREAT_MODEL_CONCURRENCY);
 var PentestObjectiveSchema = exports_external.object({
   title: exports_external.string().describe("Short human-readable name. E.g. 'IDOR via orderId path param'."),
   hypothesis: exports_external.string().describe("Falsifiable negative statement the test aims to prove true. " + "E.g. 'The endpoint fails to validate that the authenticated user owns the order " + "referenced by :orderId, permitting cross-tenant reads.'"),
@@ -99788,61 +99949,66 @@ Your output is consumed by an automated pentest agent. The clarity and specifici
 async function generateThreatModelForEndpoint(ctx, input) {
   if (!ctx.model)
     return null;
-  const { CodeAgent } = await import("./agent-e3r90w2x.js");
-  const subagentId = `threat-model-${sanitize(input.appName)}-${sanitize(input.routePath)}`;
-  ctx.eventBus?.emit("subagent-spawn", {
-    subagentId,
-    name: `Threat Model: ${input.routePath}`,
-    input: { app: input.appName, endpoint: input.routePath }
-  });
-  const localBus = new AgentEventBus;
-  AgentEventBus.attachChild(localBus, ctx.eventBus, subagentId);
-  const prompt = buildThreatModelPrompt(input, ctx.projectThreatModel);
-  const agent = new CodeAgent({
-    codebasePath: ctx.agentCwd,
-    objective: prompt,
-    system: THREAT_MODEL_SYSTEM_PROMPT,
-    model: ctx.model,
-    session: ctx.session,
-    authConfig: ctx.authConfig,
-    abortSignal: ctx.abortSignal,
-    eventBus: localBus,
-    subagentId,
-    responseSchema: ThreatModelResultSchema,
-    excludeTools: ["document_endpoint", "document_app"]
-  });
-  try {
-    const result = await agent.consume();
-    ctx.eventBus?.emit("subagent-complete", {
+  const model = ctx.model;
+  return threatModelLimiter(async () => {
+    if (ctx.abortSignal?.aborted)
+      return null;
+    const { CodeAgent } = await import("./agent-0jmzw6zx.js");
+    const subagentId = `threat-model-${sanitize(input.appName)}-${sanitize(input.routePath)}`;
+    ctx.eventBus?.emit("subagent-spawn", {
       subagentId,
-      status: "completed"
+      name: `Threat Model: ${input.routePath}`,
+      input: { app: input.appName, endpoint: input.routePath }
     });
-    if (!result)
-      return null;
-    const totalScore = result.exposure + result.dataSensitivity + result.functionCriticality + result.securityIndicators;
-    return {
-      businessLogic: result.businessLogic,
-      threatModel: result.threatModel,
-      riskScore: {
-        score: totalScore,
-        explanation: result.riskScoreJustification,
-        breakdown: {
-          exposure: result.exposure,
-          dataSensitivity: result.dataSensitivity,
-          functionCriticality: result.functionCriticality,
-          securityIndicators: result.securityIndicators
-        }
-      },
-      pentestObjectives: (result.pentestObjectives ?? []).map(flattenPentestObjective)
-    };
-  } catch (error) {
-    ctx.eventBus?.emit("subagent-complete", {
+    const localBus = new AgentEventBus;
+    AgentEventBus.attachChild(localBus, ctx.eventBus, subagentId);
+    const prompt = buildThreatModelPrompt(input, ctx.projectThreatModel);
+    const agent = new CodeAgent({
+      codebasePath: ctx.agentCwd,
+      objective: prompt,
+      system: THREAT_MODEL_SYSTEM_PROMPT,
+      model,
+      session: ctx.session,
+      authConfig: ctx.authConfig,
+      abortSignal: ctx.abortSignal,
+      eventBus: localBus,
       subagentId,
-      status: "failed"
+      responseSchema: ThreatModelResultSchema,
+      excludeTools: ["document_endpoint", "document_app"]
     });
-    console.error(`Threat model generation failed for ${input.routePath}: ${error instanceof Error ? error.message : String(error)}`);
-    return null;
-  }
+    try {
+      const result = await agent.consume();
+      ctx.eventBus?.emit("subagent-complete", {
+        subagentId,
+        status: "completed"
+      });
+      if (!result)
+        return null;
+      const totalScore = result.exposure + result.dataSensitivity + result.functionCriticality + result.securityIndicators;
+      return {
+        businessLogic: result.businessLogic,
+        threatModel: result.threatModel,
+        riskScore: {
+          score: totalScore,
+          explanation: result.riskScoreJustification,
+          breakdown: {
+            exposure: result.exposure,
+            dataSensitivity: result.dataSensitivity,
+            functionCriticality: result.functionCriticality,
+            securityIndicators: result.securityIndicators
+          }
+        },
+        pentestObjectives: (result.pentestObjectives ?? []).map(flattenPentestObjective)
+      };
+    } catch (error) {
+      ctx.eventBus?.emit("subagent-complete", {
+        subagentId,
+        status: "failed"
+      });
+      console.error(`Threat model generation failed for ${input.routePath}: ${error instanceof Error ? error.message : String(error)}`);
+      return null;
+    }
+  });
 }
 function buildThreatModelPrompt(input, projectThreatModel) {
   const lineRange = input.line ? `around line ${input.line}` : "";
@@ -100476,7 +100642,7 @@ When to use delegate_to_auth_subagent vs authenticate_session:
         if (credentials) {
           ctx.session.credentialManager.addFromAuthCredentials(credentials);
         }
-        const { runAuthenticationAgent } = await import("./authentication-3m2qm7ym.js");
+        const { runAuthenticationAgent } = await import("./authentication-ngxxzcvc.js");
         const localBus = new AgentEventBus;
         AgentEventBus.attachChild(localBus, ctx.eventBus, subagentId);
         const result = await runAuthenticationAgent({
@@ -101389,7 +101555,7 @@ should be passed directly to spawn_pentest_swarm for deep testing.`,
       });
       if (cwd) {
         try {
-          const { WhiteboxAttackSurfaceAgent } = await import("./agent-95ysppvr.js");
+          const { WhiteboxAttackSurfaceAgent } = await import("./agent-wmynfx37.js");
           const localBus = new AgentEventBus;
           AgentEventBus.attachChild(localBus, ctx.eventBus, subagentId);
           const agent = new WhiteboxAttackSurfaceAgent({
@@ -101438,7 +101604,7 @@ should be passed directly to spawn_pentest_swarm for deep testing.`,
         }
       }
       try {
-        const { BlackboxAttackSurfaceAgent } = await import("./blackboxAgent-4t68wah3.js");
+        const { BlackboxAttackSurfaceAgent } = await import("./blackboxAgent-v698p7e4.js");
         const localBus = new AgentEventBus;
         AgentEventBus.attachChild(localBus, ctx.eventBus, subagentId);
         const agent = new BlackboxAttackSurfaceAgent({
@@ -101514,7 +101680,7 @@ Pass every target you want tested — the swarm handles concurrency automaticall
       toolCallDescription: exports_external.string().describe("A concise, human-readable description of what this tool call is doing")
     }),
     execute: async ({ targets }) => {
-      const { runPentestSwarm, DEFAULT_CONCURRENCY } = await import("./pentest-6ctf263k.js");
+      const { runPentestSwarm, DEFAULT_CONCURRENCY } = await import("./pentest-4ty38pt8.js");
       if (!ctx.model) {
         return {
           success: false,
@@ -101642,7 +101808,7 @@ Returns an array of results with the text output from each agent.`,
   });
 }
 async function runSingleCodingAgent(ctx, codebasePath, objective, agentIndex, name) {
-  const { CodeAgent } = await import("./agent-e3r90w2x.js");
+  const { CodeAgent } = await import("./agent-0jmzw6zx.js");
   const subagentId = `coding-agent-${agentIndex}`;
   ctx.eventBus?.emit("subagent-spawn", {
     subagentId,
@@ -101703,7 +101869,7 @@ Omit \`cwd\` for blackbox mode (live target probing only).`,
       toolCallDescription: exports_external.string().describe("A concise, human-readable description of what this tool call is doing")
     }),
     execute: async ({ target, cwd }) => {
-      const { runPentestWorkflow: workflow } = await import("./pentest-6ctf263k.js");
+      const { runPentestWorkflow: workflow } = await import("./pentest-4ty38pt8.js");
       if (!ctx.model) {
         return {
           success: false,
@@ -105935,6 +106101,29 @@ function hasStdbuf() {
   stdbufAvailable = res.status === 0;
   return stdbufAvailable;
 }
+function extractFallbackStdout(cmd) {
+  if (cmd.authoritativeStdout) {
+    let s2 = cmd.authoritativeStdout;
+    const exitIdx2 = s2.indexOf(cmd.exitMarkerPrefix);
+    if (exitIdx2 !== -1) {
+      s2 = s2.substring(0, exitIdx2);
+    }
+    return s2 || "(no output)";
+  }
+  let s = cmd.streamedStdout;
+  const cutIdx = s.indexOf(cmd.cutoverMarker);
+  if (cutIdx !== -1) {
+    s = s.substring(cutIdx + cmd.cutoverMarker.length);
+    if (s.startsWith(`
+`))
+      s = s.substring(1);
+  }
+  const exitIdx = s.indexOf(cmd.exitMarkerPrefix);
+  if (exitIdx !== -1) {
+    s = s.substring(0, exitIdx);
+  }
+  return s || "(no output)";
+}
 
 class PersistentShell {
   proc = null;
@@ -105981,7 +106170,7 @@ class PersistentShell {
         this.current = null;
         this.pendingCancel = null;
         cmd.resolve({
-          stdout: cmd.stdout || "(no output)",
+          stdout: extractFallbackStdout(cmd),
           stderr: cmd.stderr || "",
           exitCode: 1
         });
@@ -106001,22 +106190,40 @@ class PersistentShell {
     const cmd = this.current;
     if (!cmd)
       return;
-    const chunk = data.toString();
-    if (cmd.onData) {
-      const mIdx = chunk.indexOf(cmd.exitMarkerPrefix);
-      const visible = mIdx === -1 ? chunk : chunk.substring(0, mIdx);
-      if (visible.length > 0)
-        cmd.onData(visible);
-    }
-    cmd.stdout += chunk;
-    const markerIdx = cmd.stdout.indexOf(cmd.exitMarkerPrefix);
+    let chunk = data.toString();
+    if (!cmd.cutoverSeen) {
+      const prevLen = cmd.streamedStdout.length;
+      cmd.streamedStdout += chunk;
+      const cutIdx = cmd.streamedStdout.indexOf(cmd.cutoverMarker);
+      if (cutIdx === -1) {
+        if (chunk.length > 0 && cmd.onData)
+          cmd.onData(chunk);
+        if (cmd.streamedStdout.length > MAX_BUFFER) {
+          cmd.streamedStdout = cmd.streamedStdout.substring(cmd.streamedStdout.length - MAX_BUFFER);
+        }
+        return;
+      }
+      const chunkCutOffset = cutIdx - prevLen;
+      if (chunkCutOffset > 0 && cmd.onData) {
+        cmd.onData(chunk.substring(0, chunkCutOffset));
+      }
+      const postMarker = cmd.streamedStdout.substring(cutIdx + cmd.cutoverMarker.length);
+      cmd.cutoverSeen = true;
+      cmd.streamedStdout = "";
+      chunk = postMarker.startsWith(`
+`) ? postMarker.substring(1) : postMarker;
+      if (chunk.length === 0)
+        return;
+    }
+    cmd.authoritativeStdout += chunk;
+    const markerIdx = cmd.authoritativeStdout.indexOf(cmd.exitMarkerPrefix);
     if (markerIdx !== -1) {
-      const afterPrefix = cmd.stdout.substring(markerIdx + cmd.exitMarkerPrefix.length);
+      const afterPrefix = cmd.authoritativeStdout.substring(markerIdx + cmd.exitMarkerPrefix.length);
       const nlIdx = afterPrefix.indexOf(`
 `);
       const exitStr = nlIdx >= 0 ? afterPrefix.substring(0, nlIdx) : afterPrefix;
       const naturalExitCode = parseInt(exitStr, 10);
-      let commandOutput = cmd.stdout.substring(0, markerIdx);
+      let commandOutput = cmd.authoritativeStdout.substring(0, markerIdx);
       if (cmd.stdoutTruncated) {
         commandOutput = `(stdout truncated)...
 ` + commandOutput;
@@ -106033,8 +106240,8 @@ class PersistentShell {
       });
       return;
     }
-    if (cmd.stdout.length > MAX_BUFFER) {
-      cmd.stdout = cmd.stdout.substring(cmd.stdout.length - MAX_BUFFER);
+    if (cmd.authoritativeStdout.length > MAX_BUFFER) {
+      cmd.authoritativeStdout = cmd.authoritativeStdout.substring(cmd.authoritativeStdout.length - MAX_BUFFER);
       cmd.stdoutTruncated = true;
     }
   }
@@ -106066,12 +106273,16 @@ class PersistentShell {
     }
     const marker = `__APEX_${randomBytes(8).toString("hex")}__`;
     const exitMarkerPrefix = `${marker}_EXIT_`;
+    const cutoverMarker = `${marker}_CUTOVER`;
     return new Promise((resolve5) => {
       let resolved = false;
       let timeoutTimer;
       let killEscalationTimer;
       const pending = {
-        stdout: "",
+        streamedStdout: "",
+        authoritativeStdout: "",
+        cutoverSeen: false,
+        cutoverMarker,
         stderr: "",
         stdoutTruncated: false,
         exitMarkerPrefix,
@@ -106110,7 +106321,7 @@ class PersistentShell {
               if (resolved)
                 return;
               pending.resolve({
-                stdout: pending.stdout || "(no output)",
+                stdout: extractFallbackStdout(pending),
                 stderr: (pending.stderr || "") + (pending.forcedStderrSuffix ?? ""),
                 exitCode: 130
               });
@@ -106134,7 +106345,7 @@ class PersistentShell {
               if (resolved)
                 return;
               pending.resolve({
-                stdout: pending.stdout || "(no output)",
+                stdout: extractFallbackStdout(pending),
                 stderr: pending.stderr || "",
                 exitCode: 124
               });
@@ -106142,22 +106353,20 @@ class PersistentShell {
           }, 500);
         }, timeoutSeconds * 1000);
       }
-      const streaming = hasStdbuf();
+      const tailCmd = hasStdbuf() ? `stdbuf -oL tail -n +1 -f -s 0.05 "$__APEX_OUT"` : `tail -n +1 -f -s 0.05 "$__APEX_OUT"`;
       const wrapped = [
         `__APEX_OUT=$(mktemp 2>/dev/null || echo /tmp/.apex_out_$$)`,
         `__APEX_ERR=$(mktemp 2>/dev/null || echo /tmp/.apex_err_$$)`,
-        ...streaming ? [
-          `stdbuf -oL tail -n +1 -f -s 0.05 "$__APEX_OUT" 2>/dev/null &`,
-          `__APEX_TAIL=$!`
-        ] : [],
+        `${tailCmd} 2>/dev/null &`,
+        `__APEX_TAIL=$!`,
         `{ ${command}
 } </dev/null >"$__APEX_OUT" 2>"$__APEX_ERR"`,
         `__APEX_EC=$?`,
-        ...streaming ? [
-          `sleep 0.1`,
-          `kill "$__APEX_TAIL" 2>/dev/null`,
-          `wait "$__APEX_TAIL" 2>/dev/null`
-        ] : [`cat "$__APEX_OUT"`],
+        `sleep 0.1`,
+        `kill "$__APEX_TAIL" 2>/dev/null`,
+        `wait "$__APEX_TAIL" 2>/dev/null`,
+        `printf '%s\\n' "${cutoverMarker}"`,
+        `cat "$__APEX_OUT"`,
         `cat "$__APEX_ERR" >&2`,
         `rm -f "$__APEX_OUT" "$__APEX_ERR"`,
         `echo "${exitMarkerPrefix}$__APEX_EC"`,
@@ -106189,7 +106398,7 @@ class PersistentShell {
           killDescendants(this.proc.pid, "SIGKILL");
         setTimeout(() => {
           cmd.resolve({
-            stdout: cmd.stdout || "(no output)",
+            stdout: extractFallbackStdout(cmd),
             stderr: (cmd.stderr || "") + (cmd.forcedStderrSuffix ?? ""),
             exitCode: 130
           });
@@ -106197,7 +106406,7 @@ class PersistentShell {
       }, 500);
     } else {
       cmd.resolve({
-        stdout: cmd.stdout || "(no output)",
+        stdout: extractFallbackStdout(cmd),
         stderr: (cmd.stderr || "") + (cmd.forcedStderrSuffix ?? ""),
         exitCode: 130
       });
@@ -106327,6 +106536,8 @@ You can perform the full lifecycle of a penetration test and support a wide rang
 - **execute_command** — Run shell commands (curl, nmap, nikto, ffuf, gobuster, dig, etc.). Use for anything that needs a CLI tool.
 - **http_request** — Make HTTP requests with full control over method, headers, body, and redirect behavior. Redirects are NOT followed by default so you can inspect Location headers and Set-Cookie values.
 
+**Wordlist tools (operator-mode addition).** Tier selection is governed by the \`[BUNDLED ASSETS]\` env block. Operator-only rule: before escalating to \`LARGE_WORDLIST\`, confirm with the user via the \`response\` tool with a one-sentence rationale, unless the user pre-directed (e.g. "deep scan", "use the larger wordlist", "quick smoke check").
+
 ## Browser Automation
 - **browser_navigate** — Navigate the browser to a URL (renders JS).
 - **browser_snapshot** — Get the accessibility tree with element refs. Always call this before clicking or filling.
@@ -106511,6 +106722,7 @@ var OperatorSettingsObject = exports_external.object({
 // src/core/operator/approvalGate.ts
 import { EventEmitter as EventEmitter3 } from "events";
 import { randomBytes as randomBytes2 } from "crypto";
+var DEFAULT_DECISION_TIMEOUT_MS = 15 * 60 * 1000;
 
 class ApprovalGate extends EventEmitter3 {
   config;
@@ -106518,7 +106730,10 @@ class ApprovalGate extends EventEmitter3 {
   actionHistory = [];
   constructor(config2) {
     super();
-    this.config = config2;
+    this.config = {
+      decisionTimeoutMs: DEFAULT_DECISION_TIMEOUT_MS,
+      ...config2
+    };
   }
   updateConfig(config2) {
     this.config = { ...this.config, ...config2 };
@@ -106553,14 +106768,37 @@ class ApprovalGate extends EventEmitter3 {
     return new Promise((resolve5, reject) => {
       const deferred = { approval, resolve: resolve5, reject };
       this.pendingApprovals.set(approval.id, deferred);
+      const timeoutMs = this.config.decisionTimeoutMs;
+      if (timeoutMs !== undefined && timeoutMs > 0) {
+        deferred.timeoutHandle = setTimeout(() => {
+          this.timeoutApproval(approval.id, timeoutMs);
+        }, timeoutMs);
+      }
       this.emitEvent({ type: "approval-needed", approval });
     });
   }
+  timeoutApproval(approvalId, timeoutMs) {
+    const deferred = this.pendingApprovals.get(approvalId);
+    if (!deferred)
+      return;
+    this.pendingApprovals.delete(approvalId);
+    const entry = this.recordAction(deferred.approval.toolName, deferred.approval.toolCallId, "denied");
+    entry.resultSummary = `decision_timeout:${timeoutMs}ms`;
+    this.emitEvent({
+      type: "approval-resolved",
+      id: approvalId,
+      decision: "denied"
+    });
+    this.emitEvent({ type: "action-completed", entry });
+    deferred.reject(new ApprovalTimeoutError(`Operator decision timeout after ${timeoutMs}ms for ${deferred.approval.toolName} — default-safe deny`));
+  }
   approve(approvalId) {
     const deferred = this.pendingApprovals.get(approvalId);
     if (!deferred) {
       throw new Error(`No pending approval with id: ${approvalId}`);
     }
+    if (deferred.timeoutHandle)
+      clearTimeout(deferred.timeoutHandle);
     this.pendingApprovals.delete(approvalId);
     const entry = this.recordAction(deferred.approval.toolName, deferred.approval.toolCallId, "approved");
     this.emitEvent({
@@ -106575,6 +106813,8 @@ class ApprovalGate extends EventEmitter3 {
     const deferred = this.pendingApprovals.get(approvalId);
     if (!deferred)
       return;
+    if (deferred.timeoutHandle)
+      clearTimeout(deferred.timeoutHandle);
     this.pendingApprovals.delete(approvalId);
     const entry = this.recordAction(deferred.approval.toolName, deferred.approval.toolCallId, "denied");
     this.emitEvent({
@@ -106623,6 +106863,13 @@ class ApprovalDeniedError extends Error {
     this.name = "ApprovalDeniedError";
   }
 }
+
+class ApprovalTimeoutError extends ApprovalDeniedError {
+  constructor(message) {
+    super(message);
+    this.name = "ApprovalTimeoutError";
+  }
+}
 // src/core/session/index.ts
 init_zod();
 import path from "path";
@@ -107435,9 +107682,9 @@ class OffensiveSecurityAgent {
         }
       }, PERSIST_INTERVAL_MS);
     };
-    const baseSystemPrompt = input.system ?? buildBaseSystemPrompt({
+    const baseSystemPrompt = input.system ?? detectOSAndEnhancePrompt(buildBaseSystemPrompt({
       sandboxMode: agentCwd === input.session.rootPath
-    });
+    }));
     const systemPrompt = baseSystemPrompt + buildSessionWorkspaceSection(input.session, agentCwd);
     traceWriter.writeInit({
       model: input.model,