@pensar/apex 1.2.0 → 1.3.0-canary.f6d7a6d1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/build/{agent-hv2vnw37.js → agent-2a7a9vkp.js} +12 -10
  2. package/build/agent-r885xt2p.js +19 -0
  3. package/build/{auth-aj10f99d.js → auth-eyah4gg5.js} +4 -4
  4. package/build/{authentication-90mvv4kd.js → authentication-gkv5644m.js} +8 -7
  5. package/build/blackboxAgent-pz1m2qgd.js +19 -0
  6. package/build/{blackboxPentest-prq8qrhc.js → blackboxPentest-zeva1p2s.js} +14 -13
  7. package/build/{cli-33rkyxds.js → cli-0fy9j5dw.js} +2 -2
  8. package/build/cli-0ghkg3w6.js +20780 -0
  9. package/build/{cli-t0am6nqt.js → cli-4gg0e7zp.js} +1 -1
  10. package/build/{cli-1rz3jys3.js → cli-73yjzavm.js} +1 -1
  11. package/build/{cli-q43w92k5.js → cli-7bv8bdv6.js} +5 -3
  12. package/build/{cli-s43zrc3b.js → cli-7qr65rt6.js} +3353 -24027
  13. package/build/{cli-qaaesy26.js → cli-942axn0y.js} +1 -1
  14. package/build/{cli-dvsj2p1x.js → cli-dj3jc5bq.js} +410 -375
  15. package/build/{cli-avnfgjhs.js → cli-h2vwr2b3.js} +3 -3
  16. package/build/{cli-2mnefwqh.js → cli-hxegwkcg.js} +1 -1
  17. package/build/{cli-erp6djfj.js → cli-kx4mh9b9.js} +11 -9
  18. package/build/{cli-4m9f65ze.js → cli-s9fq1gez.js} +1 -1
  19. package/build/{cli-ypxq76sm.js → cli-x071hk62.js} +3 -3
  20. package/build/{cli-720fdbrk.js → cli-xv1d4cgj.js} +1 -1
  21. package/build/{cli-gqphezya.js → cli-ye1c6gz7.js} +2 -2
  22. package/build/{cli-3sg681re.js → cli-zm5htfj3.js} +2 -2
  23. package/build/cli.js +126 -23
  24. package/build/{fixes-g7b34fs5.js → fixes-v3ydfqpe.js} +4 -4
  25. package/build/{index-9j9dqpdd.js → index-66d5h9d5.js} +4 -4
  26. package/build/index-dw1xbhfn.js +12268 -0
  27. package/build/{index-fds2qfsc.js → index-h0n7kjbs.js} +10 -10
  28. package/build/index-jcrwgbaz.js +32 -0
  29. package/build/{index-cpj7zx72.js → index-q7jya07x.js} +853 -141
  30. package/build/{index-ftdt7ktr.js → index-zy8wgxwc.js} +2 -2
  31. package/build/{issues-tecf6w97.js → issues-9w54wf9a.js} +4 -4
  32. package/build/{logs-5qwr98mr.js → logs-d9zgppn7.js} +4 -4
  33. package/build/offesecAgent-ppbv80cs.js +26 -0
  34. package/build/pentest-663b978f.js +29 -0
  35. package/build/{pentests-bsh9ht7r.js → pentests-3g8pbrk3.js} +4 -4
  36. package/build/{projects-zkw40bda.js → projects-3qxp342f.js} +4 -4
  37. package/build/{targetedPentest-6qpsqdx5.js → targetedPentest-krm97f3d.js} +9 -8
  38. package/build/{threatModel-g0azznnt.js → threatModel-jsqeh9md.js} +9 -8
  39. package/build/{uninstall-0yjhkdk3.js → uninstall-k7g5jpkt.js} +1 -1
  40. package/package.json +1 -1
  41. package/build/agent-jkr50v3q.js +0 -18
  42. package/build/blackboxAgent-f2y66hex.js +0 -18
  43. package/build/pentest-5p1ahtr6.js +0 -28
@@ -2,11 +2,11 @@ import {
2
2
  CweEntrySchema,
3
3
  ValidatedCweEntrySchema,
4
4
  hasCanonicalName
5
- } from "./cli-dvsj2p1x.js";
5
+ } from "./cli-dj3jc5bq.js";
6
6
  import {
7
- exports_external,
7
+ exports_external1 as exports_external,
8
8
  init_zod
9
- } from "./cli-s43zrc3b.js";
9
+ } from "./cli-0ghkg3w6.js";
10
10
 
11
11
  // src/core/report/schemas.ts
12
12
  init_zod();
@@ -2,7 +2,7 @@ import {
2
2
  get,
3
3
  init,
4
4
  update
5
- } from "./cli-1rz3jys3.js";
5
+ } from "./cli-73yjzavm.js";
6
6
 
7
7
  // src/core/api/constants.ts
8
8
  var PENSAR_API_BASE_URL = "https://api.pensar.dev";
@@ -14,33 +14,35 @@ import {
14
14
  updateManifestEntryStatus,
15
15
  writeAgentManifest,
16
16
  writeExecutionMetrics
17
- } from "./cli-avnfgjhs.js";
17
+ } from "./cli-h2vwr2b3.js";
18
18
  import {
19
19
  TargetedPentestAgent,
20
20
  buildPentestSystemPrompt
21
- } from "./cli-ypxq76sm.js";
21
+ } from "./cli-x071hk62.js";
22
22
  import {
23
23
  BlackboxAttackSurfaceAgent
24
- } from "./cli-gqphezya.js";
24
+ } from "./cli-ye1c6gz7.js";
25
25
  import {
26
26
  createThreatModelPrompt
27
27
  } from "./cli-fw5r7pfj.js";
28
28
  import {
29
29
  CodeAgent
30
- } from "./cli-3sg681re.js";
30
+ } from "./cli-zm5htfj3.js";
31
31
  import {
32
32
  EndpointSchema
33
- } from "./cli-33rkyxds.js";
33
+ } from "./cli-0fy9j5dw.js";
34
34
  import {
35
35
  FindingsRegistry,
36
36
  OffensiveSecurityAgent,
37
37
  PLAN_MODE_TOOL_NAMES
38
- } from "./cli-dvsj2p1x.js";
38
+ } from "./cli-dj3jc5bq.js";
39
39
  import {
40
- exports_external,
41
- hasToolCall,
40
+ hasToolCall
41
+ } from "./cli-7qr65rt6.js";
42
+ import {
43
+ exports_external1 as exports_external,
42
44
  init_zod
43
- } from "./cli-s43zrc3b.js";
45
+ } from "./cli-0ghkg3w6.js";
44
46
 
45
47
  // src/core/workflows/pentest.ts
46
48
  import { existsSync as existsSync3, readdirSync as readdirSync2, readFileSync as readFileSync3, writeFileSync as writeFileSync2 } from "fs";
@@ -2,7 +2,7 @@ import {
2
2
  config,
3
3
  ensureValidToken,
4
4
  getPensarApiUrl
5
- } from "./cli-2mnefwqh.js";
5
+ } from "./cli-hxegwkcg.js";
6
6
 
7
7
  // src/core/api/issues.ts
8
8
  async function getAuthHeaders() {
@@ -1,11 +1,11 @@
1
1
  import {
2
2
  OffensiveSecurityAgent,
3
3
  readPlan
4
- } from "./cli-dvsj2p1x.js";
4
+ } from "./cli-dj3jc5bq.js";
5
5
  import {
6
- exports_external,
6
+ exports_external1 as exports_external,
7
7
  init_zod
8
- } from "./cli-s43zrc3b.js";
8
+ } from "./cli-0ghkg3w6.js";
9
9
 
10
10
  // src/core/agents/specialized/pentest/agent.ts
11
11
  import { existsSync, readdirSync, readFileSync } from "fs";
@@ -3,7 +3,7 @@ import {
3
3
  ensureValidToken,
4
4
  getPensarApiUrl,
5
5
  getPensarGatewayUrl
6
- } from "./cli-2mnefwqh.js";
6
+ } from "./cli-hxegwkcg.js";
7
7
 
8
8
  // src/core/auth/signing.ts
9
9
  import { createHmac, createHash, randomUUID } from "crypto";
@@ -1,13 +1,13 @@
1
1
  import {
2
2
  OffensiveSecurityAgent
3
- } from "./cli-dvsj2p1x.js";
3
+ } from "./cli-dj3jc5bq.js";
4
4
  import {
5
5
  detectOSAndEnhancePrompt
6
6
  } from "./cli-tp1tqn3k.js";
7
7
  import {
8
8
  hasToolCall,
9
9
  stepCountIs
10
- } from "./cli-s43zrc3b.js";
10
+ } from "./cli-7qr65rt6.js";
11
11
 
12
12
  // src/core/agents/specialized/attackSurface/blackboxAgent.ts
13
13
  import { join } from "path";
@@ -1,9 +1,9 @@
1
1
  import {
2
2
  OffensiveSecurityAgent
3
- } from "./cli-dvsj2p1x.js";
3
+ } from "./cli-dj3jc5bq.js";
4
4
  import {
5
5
  stepCountIs
6
- } from "./cli-s43zrc3b.js";
6
+ } from "./cli-7qr65rt6.js";
7
7
 
8
8
  // src/core/agents/specialized/codeAgent/prompts.ts
9
9
  var CODE_AGENT_SYSTEM_PROMPT = `You are an expert coding agent with direct filesystem access. You will be given a specific objective — focus exclusively on completing it.
package/build/cli.js CHANGED
@@ -6,16 +6,17 @@ import {
6
6
  import"./cli-3y0dgy56.js";
7
7
  import {
8
8
  init_toolset
9
- } from "./cli-s43zrc3b.js";
9
+ } from "./cli-7qr65rt6.js";
10
10
  import {
11
11
  init_models
12
12
  } from "./cli-03z6pswp.js";
13
- import"./cli-720fdbrk.js";
14
- import"./cli-2mnefwqh.js";
15
- import"./cli-1rz3jys3.js";
13
+ import"./cli-0ghkg3w6.js";
14
+ import"./cli-xv1d4cgj.js";
15
+ import"./cli-hxegwkcg.js";
16
+ import"./cli-73yjzavm.js";
16
17
  import {
17
18
  package_default
18
- } from "./cli-qaaesy26.js";
19
+ } from "./cli-942axn0y.js";
19
20
  import"./cli-gpnb45ck.js";
20
21
  import {
21
22
  __require,
@@ -24,7 +25,7 @@ import {
24
25
  // package.json
25
26
  var package_default2 = {
26
27
  name: "@pensar/apex",
27
- version: "1.2.0",
28
+ version: "1.3.0-canary.f6d7a6d1",
28
29
  description: "AI-powered penetration testing CLI tool with terminal UI",
29
30
  module: "src/tui/index.tsx",
30
31
  main: "build/cli.js",
@@ -496,6 +497,7 @@ function showHelp() {
496
497
 
497
498
  Usage:
498
499
  pensar Launch the TUI
500
+ pensar -p <prompt> Start an operator session with a prompt
499
501
  pensar pentest [options] Run a full pentest orchestration
500
502
  pensar targeted-pentest [options] Run a targeted pentest on a single target
501
503
  pensar threat-model [options] Generate application-centric threat model
@@ -511,6 +513,11 @@ Usage:
511
513
  pensar help Show this help message
512
514
  pensar version Show version number
513
515
 
516
+ operator options (-p):
517
+ -p, --prompt <text|@file> (required) Prompt for the operator agent
518
+ --target <url> Target URL / domain / IP
519
+ --model <model> AI model (default: claude-sonnet-4-5)
520
+
514
521
  pentest options:
515
522
  --target <url> (required) Target URL / domain / IP
516
523
  --cwd <path> Source code path \u2014 enables whitebox attack surface
@@ -541,9 +548,9 @@ Global options:
541
548
  async function runPentest() {
542
549
  const { config: config2 } = await import("./main-3d7dfdvs.js").then((m)=>__toESM(m.default,1));
543
550
  config2();
544
- const { runPentestAgent } = await import("./blackboxPentest-prq8qrhc.js");
545
- const { sessions } = await import("./index-fds2qfsc.js");
546
- const { config: appConfig } = await import("./index-ftdt7ktr.js");
551
+ const { runPentestAgent } = await import("./blackboxPentest-zeva1p2s.js");
552
+ const { sessions } = await import("./index-h0n7kjbs.js");
553
+ const { config: appConfig } = await import("./index-zy8wgxwc.js");
547
554
  const { getDefaultModelForConfig } = await import("./utils-8yqe12jr.js");
548
555
  const target = getArgRequired("--target");
549
556
  const cwd = getArg("--cwd");
@@ -609,9 +616,9 @@ Report: ${reportPath}` : ""}`);
609
616
  async function runTargetedPentest() {
610
617
  const { config: config2 } = await import("./main-3d7dfdvs.js").then((m)=>__toESM(m.default,1));
611
618
  config2();
612
- const { runTargetedPentestAgent } = await import("./targetedPentest-6qpsqdx5.js");
613
- const { sessions } = await import("./index-fds2qfsc.js");
614
- const { config: appConfig } = await import("./index-ftdt7ktr.js");
619
+ const { runTargetedPentestAgent } = await import("./targetedPentest-krm97f3d.js");
620
+ const { sessions } = await import("./index-h0n7kjbs.js");
621
+ const { config: appConfig } = await import("./index-zy8wgxwc.js");
615
622
  const { getDefaultModelForConfig } = await import("./utils-8yqe12jr.js");
616
623
  const target = getArgRequired("--target");
617
624
  const objectives = getAllArgs("--objective");
@@ -661,8 +668,8 @@ POCs: ${pocsPath}`);
661
668
  async function runThreatModel() {
662
669
  const { config: config2 } = await import("./main-3d7dfdvs.js").then((m)=>__toESM(m.default,1));
663
670
  config2();
664
- const { runThreatModelWorkflow } = await import("./threatModel-g0azznnt.js");
665
- const { config: appConfig } = await import("./index-ftdt7ktr.js");
671
+ const { runThreatModelWorkflow } = await import("./threatModel-jsqeh9md.js");
672
+ const { config: appConfig } = await import("./index-zy8wgxwc.js");
666
673
  const { getDefaultModelForConfig } = await import("./utils-8yqe12jr.js");
667
674
  const path = await import("path");
668
675
  const pensarConfig = await appConfig.get();
@@ -697,6 +704,100 @@ COMPLETE
697
704
  ${sep}
698
705
  Threat model written to: ${resolvedPath}`);
699
706
  }
707
+ async function runOperator() {
708
+ const { config: config2 } = await import("./main-3d7dfdvs.js").then((m)=>__toESM(m.default,1));
709
+ config2();
710
+ const { runOffensiveSecurityAgent } = await import("./offesecAgent-ppbv80cs.js");
711
+ const { sessions, normalizeMessages, getResumeMessages } = await import("./index-h0n7kjbs.js");
712
+ const { ALL_TOOL_NAMES, SKILL_TOOL_NAMES } = await import("./index-jcrwgbaz.js");
713
+ const { config: appConfig } = await import("./index-zy8wgxwc.js");
714
+ const { getDefaultModelForConfig } = await import("./utils-8yqe12jr.js");
715
+ const { createInterface } = await import("readline");
716
+ const { readFileSync: readFileSync2, existsSync } = await import("fs");
717
+ const path = await import("path");
718
+ const { stepCountIs } = await import("./index-dw1xbhfn.js");
719
+ const promptRaw = getArg("-p") ?? getArg("--prompt");
720
+ if (!promptRaw) {
721
+ console.error("Error: -p <prompt> is required");
722
+ process.exit(1);
723
+ }
724
+ const prompt = resolveFlagValue(promptRaw);
725
+ const target = getArg("--target");
726
+ const pensarConfig = await appConfig.get();
727
+ const dynamicDefault = getDefaultModelForConfig(pensarConfig)?.id ?? "claude-sonnet-4-5";
728
+ const model = getArg("--model") ?? dynamicDefault;
729
+ const sep = "\u2500".repeat(60);
730
+ console.log(`${sep}
731
+ OPERATOR SESSION
732
+ ${sep}
733
+ Model: ${model}${target ? `
734
+ Target: ${target}` : ""}
735
+ ${sep}
736
+ `);
737
+ const session = await sessions.create({
738
+ name: "Operator Session",
739
+ targets: target ? [target] : [],
740
+ config: {
741
+ mode: "operator",
742
+ agentCwd: process.cwd(),
743
+ operatorSettings: {
744
+ initialMode: "auto",
745
+ requireApproval: false,
746
+ enableSuggestions: false
747
+ }
748
+ }
749
+ });
750
+ const { bus, cleanup: wandbCleanup } = await createInstrumentedBus(session);
751
+ let currentPrompt = prompt;
752
+ let messages;
753
+ const rl = createInterface({
754
+ input: process.stdin,
755
+ output: process.stdout
756
+ });
757
+ const askFollowUp = () => new Promise((resolve2) => {
758
+ process.stdout.write(`
759
+ ${sep}
760
+ `);
761
+ rl.question("follow-up (empty to exit): ", (answer) => {
762
+ const trimmed = answer.trim();
763
+ resolve2(trimmed || null);
764
+ });
765
+ });
766
+ try {
767
+ for (;; ) {
768
+ await runOffensiveSecurityAgent({
769
+ prompt: currentPrompt,
770
+ model,
771
+ target,
772
+ activeTools: [...ALL_TOOL_NAMES, ...SKILL_TOOL_NAMES],
773
+ stopWhen: stepCountIs(1e4),
774
+ authConfig: buildAuthConfig(pensarConfig),
775
+ eventBus: bus,
776
+ session,
777
+ messages
778
+ });
779
+ const messagesPath = path.join(session.rootPath, "messages.json");
780
+ if (existsSync(messagesPath)) {
781
+ const raw = JSON.parse(readFileSync2(messagesPath, "utf-8"));
782
+ const allMessages = Array.isArray(raw) ? raw : [];
783
+ messages = normalizeMessages(getResumeMessages(allMessages));
784
+ }
785
+ const followUp = await askFollowUp();
786
+ if (!followUp)
787
+ break;
788
+ currentPrompt = followUp;
789
+ messages = normalizeMessages([
790
+ ...messages ?? [],
791
+ { role: "user", content: followUp }
792
+ ]);
793
+ }
794
+ } finally {
795
+ rl.close();
796
+ await wandbCleanup();
797
+ }
798
+ console.log(`
799
+ Session: ${session.rootPath}`);
800
+ }
700
801
  async function runUpgrade2() {
701
802
  const currentVersion = getCurrentVersion();
702
803
  console.log(`Current version: v${currentVersion}
@@ -706,7 +807,9 @@ Checking for updates...`);
706
807
  ${result.message}`);
707
808
  process.exit(result.success ? 0 : 1);
708
809
  }
709
- if (command === "version" || command === "--version" || command === "-v") {
810
+ if (hasFlag("-p") || command === "--prompt") {
811
+ await runOperator();
812
+ } else if (command === "version" || command === "--version" || command === "-v") {
710
813
  console.log(`v${version}`);
711
814
  } else if (command === "help" || command === "--help" || command === "-h") {
712
815
  showHelp();
@@ -718,25 +821,25 @@ if (command === "version" || command === "--version" || command === "-v") {
718
821
  await runTargetedPentest();
719
822
  } else if (command === "login" || command === "auth") {
720
823
  process.argv = [process.argv[0], process.argv[1], ...args.slice(1)];
721
- await import("./auth-aj10f99d.js");
824
+ await import("./auth-eyah4gg5.js");
722
825
  } else if (command === "uninstall") {
723
826
  process.argv = [process.argv[0], process.argv[1], ...args.slice(1)];
724
- await import("./uninstall-0yjhkdk3.js");
827
+ await import("./uninstall-k7g5jpkt.js");
725
828
  } else if (command === "projects") {
726
829
  process.argv = [process.argv[0], process.argv[1], ...args.slice(1)];
727
- await import("./projects-zkw40bda.js");
830
+ await import("./projects-3qxp342f.js");
728
831
  } else if (command === "pentests") {
729
832
  process.argv = [process.argv[0], process.argv[1], ...args.slice(1)];
730
- await import("./pentests-bsh9ht7r.js");
833
+ await import("./pentests-3g8pbrk3.js");
731
834
  } else if (command === "issues") {
732
835
  process.argv = [process.argv[0], process.argv[1], ...args.slice(1)];
733
- await import("./issues-tecf6w97.js");
836
+ await import("./issues-9w54wf9a.js");
734
837
  } else if (command === "fixes") {
735
838
  process.argv = [process.argv[0], process.argv[1], ...args.slice(1)];
736
- await import("./fixes-g7b34fs5.js");
839
+ await import("./fixes-v3ydfqpe.js");
737
840
  } else if (command === "logs") {
738
841
  process.argv = [process.argv[0], process.argv[1], ...args.slice(1)];
739
- await import("./logs-5qwr98mr.js");
842
+ await import("./logs-d9zgppn7.js");
740
843
  } else if (command === "threat-model") {
741
844
  await runThreatModel();
742
845
  } else if (command === "doctor") {
@@ -748,7 +851,7 @@ if (command === "version" || command === "--version" || command === "-v") {
748
851
  console.error("All other commands work with Node \u2014 run 'pensar --help'.");
749
852
  process.exit(1);
750
853
  }
751
- await import("./index-cpj7zx72.js");
854
+ await import("./index-q7jya07x.js");
752
855
  } else {
753
856
  console.error(`Error: Unknown command '${command}'`);
754
857
  console.error();
@@ -2,10 +2,10 @@
2
2
  import {
3
3
  getFix,
4
4
  listFixes
5
- } from "./cli-4m9f65ze.js";
6
- import"./cli-2mnefwqh.js";
7
- import"./cli-1rz3jys3.js";
8
- import"./cli-qaaesy26.js";
5
+ } from "./cli-s9fq1gez.js";
6
+ import"./cli-hxegwkcg.js";
7
+ import"./cli-73yjzavm.js";
8
+ import"./cli-942axn0y.js";
9
9
  import"./cli-8rxa073f.js";
10
10
 
11
11
  // src/cli/fixes.ts
@@ -9,15 +9,15 @@ import {
9
9
  signGatewayRequest,
10
10
  startDeviceFlow,
11
11
  validateGateway
12
- } from "./cli-720fdbrk.js";
12
+ } from "./cli-xv1d4cgj.js";
13
13
  import {
14
14
  ensureValidToken,
15
15
  fetchWorkOSClientId,
16
16
  isTokenExpired,
17
17
  refreshAccessToken
18
- } from "./cli-2mnefwqh.js";
19
- import"./cli-1rz3jys3.js";
20
- import"./cli-qaaesy26.js";
18
+ } from "./cli-hxegwkcg.js";
19
+ import"./cli-73yjzavm.js";
20
+ import"./cli-942axn0y.js";
21
21
  import"./cli-8rxa073f.js";
22
22
  export {
23
23
  validateGateway,