@pensar/apex 1.8.0-canary.d499bd2a → 1.8.0-canary.daa6bb4d
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/agent-npzj969d.js +20 -0
- package/build/{auth-2yh0rfmp.js → auth-dydhs9dj.js} +28 -8
- package/build/authentication-c6r6c4nz.js +20 -0
- package/build/blackboxAgent-m1wyrde3.js +20 -0
- package/build/{blackboxPentest-ew14x2yd.js → blackboxPentest-hdj4rbg1.js} +16 -16
- package/build/{cli-htfdcjay.js → cli-1g9b6ds5.js} +235 -244
- package/build/{cli-qqq512kx.js → cli-1j9zxr63.js} +24 -7
- package/build/{cli-0ghkg3w6.js → cli-2sdqzmg5.js} +19345 -19056
- package/build/cli-319h88b8.js +20 -0
- package/build/{cli-a9bpjq9z.js → cli-3jqqremf.js} +6 -4
- package/build/{cli-s30kjc2e.js → cli-5gxc0qvt.js} +501 -33
- package/build/{cli-mqztefgp.js → cli-5jss58b5.js} +3 -3
- package/build/{cli-g2e3j2z9.js → cli-76g9z96v.js} +6 -2
- package/build/cli-7gz8m1w5.js +499 -0
- package/build/{cli-4nyfkkf7.js → cli-88ka51h3.js} +206 -65
- package/build/cli-9fsre5pt.js +0 -0
- package/build/cli-cp66gbf3.js +196 -0
- package/build/cli-edbg2bzn.js +19 -0
- package/build/{authentication-92vqetrk.js → cli-fgmz7qxt.js} +8 -17
- package/build/{cli-hdcv79mk.js → cli-kx7e7wys.js} +99737 -104989
- package/build/{cli-tp1tqn3k.js → cli-mswm4k81.js} +1 -1
- package/build/{cli-tt43h704.js → cli-sjx9y22j.js} +35393 -33537
- package/build/cli-vwhsc4j5.js +7176 -0
- package/build/cli.js +261 -268
- package/build/{doctor-8tva8j99.js → doctor-2bkpddws.js} +1 -1
- package/build/{fixes-bzex8vyc.js → fixes-w40t3d1r.js} +21 -4
- package/build/{index-87w7dzwj.js → index-4cst2byw.js} +17 -105
- package/build/{index-2rp1yjx5.js → index-4x3ke94v.js} +18763 -18985
- package/build/index-bvrg6p47.js +44 -0
- package/build/index-e02mm4ay.js +177 -0
- package/build/{index-2nsv2yvz.js → index-qd4fgjt0.js} +8 -11
- package/build/{index-yenq2txh.js → index-tvspz423.js} +4 -2
- package/build/{index-dw1xbhfn.js → index-yvafffn2.js} +161 -26
- package/build/{issues-q66yexcy.js → issues-qfx161w7.js} +21 -4
- package/build/{logs-gaq2a7g9.js → logs-tjzjagkn.js} +21 -4
- package/build/{main-3d7dfdvs.js → main-3zneyg7p.js} +93 -17
- package/build/{offesecAgent-d2zpmwnw.js → offesecAgent-w3zp6pd7.js} +11 -10
- package/build/pentest-x7g4h8dk.js +29 -0
- package/build/{pentests-54vpws58.js → pentests-y9h9j7xk.js} +21 -4
- package/build/{projects-yfy7ka6h.js → projects-ek0mhw9y.js} +21 -4
- package/build/{targetedPentest-wz53yec5.js → targetedPentest-j9s6yyd4.js} +12 -11
- package/build/threatModel-c5svqdcf.js +27 -0
- package/build/{uninstall-hwb412bj.js → uninstall-74jpdhv9.js} +6 -4
- package/build/{utils-jf52rmrb.js → utils-wtdsfy0n.js} +11 -9
- package/package.json +81 -84
- package/build/agent-d4asvfr3.js +0 -278
- package/build/agent-fvaywkv8.js +0 -19
- package/build/blackboxAgent-t6ds2zjw.js +0 -19
- package/build/cli-03z6pswp.js +0 -1423
- package/build/cli-0fy9j5dw.js +0 -61
- package/build/cli-5jk61xs7.js +0 -645
- package/build/cli-6kfhrpzh.js +0 -190
- package/build/cli-c3qamm9x.js +0 -110
- package/build/cli-jy1vnz0z.js +0 -103
- package/build/cli-wagezt01.js +0 -1207
- package/build/index-shy3ssyb.js +0 -32
- package/build/pentest-d9ecg9mg.js +0 -29
- package/build/threatModel-73tnqjmj.js +0 -67
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import {
|
|
2
|
+
CodeAgent
|
|
3
|
+
} from "./cli-76g9z96v.js";
|
|
4
|
+
import"./cli-9fsre5pt.js";
|
|
5
|
+
import"./cli-kx7e7wys.js";
|
|
6
|
+
import"./cli-mswm4k81.js";
|
|
7
|
+
import"./cli-1g9b6ds5.js";
|
|
8
|
+
import"./cli-3y0dgy56.js";
|
|
9
|
+
import"./cli-319h88b8.js";
|
|
10
|
+
import"./cli-edbg2bzn.js";
|
|
11
|
+
import"./cli-sjx9y22j.js";
|
|
12
|
+
import"./cli-88ka51h3.js";
|
|
13
|
+
import"./cli-2sdqzmg5.js";
|
|
14
|
+
import"./cli-gpnb45ck.js";
|
|
15
|
+
import"./cli-1j9zxr63.js";
|
|
16
|
+
import"./cli-cp66gbf3.js";
|
|
17
|
+
import"./cli-8rxa073f.js";
|
|
18
|
+
export {
|
|
19
|
+
CodeAgent
|
|
20
|
+
};
|
|
@@ -1,27 +1,47 @@
|
|
|
1
1
|
#!/usr/bin/env bun
|
|
2
|
+
import"./cli-5gxc0qvt.js";
|
|
3
|
+
import"./cli-vwhsc4j5.js";
|
|
4
|
+
import"./cli-5jss58b5.js";
|
|
5
|
+
import"./cli-76g9z96v.js";
|
|
6
|
+
import"./cli-7gz8m1w5.js";
|
|
7
|
+
import"./cli-3jqqremf.js";
|
|
8
|
+
import"./cli-fw5r7pfj.js";
|
|
9
|
+
import"./cli-fgmz7qxt.js";
|
|
10
|
+
import"./cli-9fsre5pt.js";
|
|
11
|
+
import"./cli-kx7e7wys.js";
|
|
12
|
+
import"./cli-mswm4k81.js";
|
|
13
|
+
import"./cli-1g9b6ds5.js";
|
|
14
|
+
import"./cli-3y0dgy56.js";
|
|
15
|
+
import"./cli-319h88b8.js";
|
|
16
|
+
import"./cli-edbg2bzn.js";
|
|
17
|
+
import"./cli-sjx9y22j.js";
|
|
2
18
|
import {
|
|
19
|
+
config,
|
|
3
20
|
disconnect,
|
|
4
21
|
fetchWorkspaces,
|
|
22
|
+
getPensarApiUrl,
|
|
23
|
+
getPensarConsoleUrl,
|
|
24
|
+
init_auth,
|
|
25
|
+
init_config,
|
|
5
26
|
isConnected,
|
|
6
27
|
pollForWorkspaceCreation,
|
|
7
28
|
pollLegacyToken,
|
|
8
29
|
pollWorkOSToken,
|
|
9
30
|
selectWorkspace,
|
|
10
31
|
startDeviceFlow
|
|
11
|
-
} from "./cli-
|
|
12
|
-
import
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
} from "./cli-c3qamm9x.js";
|
|
17
|
-
import"./cli-qqq512kx.js";
|
|
18
|
-
import"./cli-6kfhrpzh.js";
|
|
32
|
+
} from "./cli-88ka51h3.js";
|
|
33
|
+
import"./cli-2sdqzmg5.js";
|
|
34
|
+
import"./cli-gpnb45ck.js";
|
|
35
|
+
import"./cli-1j9zxr63.js";
|
|
36
|
+
import"./cli-cp66gbf3.js";
|
|
19
37
|
import {
|
|
20
38
|
__require
|
|
21
39
|
} from "./cli-8rxa073f.js";
|
|
22
40
|
|
|
23
41
|
// src/cli/auth.ts
|
|
24
42
|
import * as readline from "readline";
|
|
43
|
+
init_auth();
|
|
44
|
+
init_config();
|
|
25
45
|
function openUrl(url) {
|
|
26
46
|
try {
|
|
27
47
|
const { spawn } = __require("child_process");
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import {
|
|
2
|
+
runAuthenticationAgent
|
|
3
|
+
} from "./cli-fgmz7qxt.js";
|
|
4
|
+
import"./cli-9fsre5pt.js";
|
|
5
|
+
import"./cli-kx7e7wys.js";
|
|
6
|
+
import"./cli-mswm4k81.js";
|
|
7
|
+
import"./cli-1g9b6ds5.js";
|
|
8
|
+
import"./cli-3y0dgy56.js";
|
|
9
|
+
import"./cli-319h88b8.js";
|
|
10
|
+
import"./cli-edbg2bzn.js";
|
|
11
|
+
import"./cli-sjx9y22j.js";
|
|
12
|
+
import"./cli-88ka51h3.js";
|
|
13
|
+
import"./cli-2sdqzmg5.js";
|
|
14
|
+
import"./cli-gpnb45ck.js";
|
|
15
|
+
import"./cli-1j9zxr63.js";
|
|
16
|
+
import"./cli-cp66gbf3.js";
|
|
17
|
+
import"./cli-8rxa073f.js";
|
|
18
|
+
export {
|
|
19
|
+
runAuthenticationAgent
|
|
20
|
+
};
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import {
|
|
2
|
+
BlackboxAttackSurfaceAgent
|
|
3
|
+
} from "./cli-3jqqremf.js";
|
|
4
|
+
import"./cli-9fsre5pt.js";
|
|
5
|
+
import"./cli-kx7e7wys.js";
|
|
6
|
+
import"./cli-mswm4k81.js";
|
|
7
|
+
import"./cli-1g9b6ds5.js";
|
|
8
|
+
import"./cli-3y0dgy56.js";
|
|
9
|
+
import"./cli-319h88b8.js";
|
|
10
|
+
import"./cli-edbg2bzn.js";
|
|
11
|
+
import"./cli-sjx9y22j.js";
|
|
12
|
+
import"./cli-88ka51h3.js";
|
|
13
|
+
import"./cli-2sdqzmg5.js";
|
|
14
|
+
import"./cli-gpnb45ck.js";
|
|
15
|
+
import"./cli-1j9zxr63.js";
|
|
16
|
+
import"./cli-cp66gbf3.js";
|
|
17
|
+
import"./cli-8rxa073f.js";
|
|
18
|
+
export {
|
|
19
|
+
BlackboxAttackSurfaceAgent
|
|
20
|
+
};
|
|
@@ -1,24 +1,24 @@
|
|
|
1
1
|
import {
|
|
2
2
|
runPentestWorkflow
|
|
3
|
-
} from "./cli-
|
|
4
|
-
import"./cli-
|
|
5
|
-
import"./cli-
|
|
6
|
-
import"./cli-
|
|
7
|
-
import"./cli-
|
|
3
|
+
} from "./cli-vwhsc4j5.js";
|
|
4
|
+
import"./cli-5jss58b5.js";
|
|
5
|
+
import"./cli-76g9z96v.js";
|
|
6
|
+
import"./cli-7gz8m1w5.js";
|
|
7
|
+
import"./cli-3jqqremf.js";
|
|
8
8
|
import"./cli-fw5r7pfj.js";
|
|
9
|
-
import"./cli-
|
|
10
|
-
import"./cli-
|
|
11
|
-
import"./cli-
|
|
12
|
-
import"./cli-
|
|
9
|
+
import"./cli-9fsre5pt.js";
|
|
10
|
+
import"./cli-kx7e7wys.js";
|
|
11
|
+
import"./cli-mswm4k81.js";
|
|
12
|
+
import"./cli-1g9b6ds5.js";
|
|
13
13
|
import"./cli-3y0dgy56.js";
|
|
14
|
-
import"./cli-
|
|
15
|
-
import"./cli-
|
|
16
|
-
import"./cli-
|
|
17
|
-
import"./cli-
|
|
14
|
+
import"./cli-319h88b8.js";
|
|
15
|
+
import"./cli-edbg2bzn.js";
|
|
16
|
+
import"./cli-sjx9y22j.js";
|
|
17
|
+
import"./cli-88ka51h3.js";
|
|
18
|
+
import"./cli-2sdqzmg5.js";
|
|
18
19
|
import"./cli-gpnb45ck.js";
|
|
19
|
-
import"./cli-
|
|
20
|
-
import"./cli-
|
|
21
|
-
import"./cli-03z6pswp.js";
|
|
20
|
+
import"./cli-1j9zxr63.js";
|
|
21
|
+
import"./cli-cp66gbf3.js";
|
|
22
22
|
import"./cli-8rxa073f.js";
|
|
23
23
|
|
|
24
24
|
// src/core/api/blackboxPentest.ts
|
|
@@ -1,16 +1,133 @@
|
|
|
1
|
+
import {
|
|
2
|
+
init_ai
|
|
3
|
+
} from "./cli-edbg2bzn.js";
|
|
1
4
|
import {
|
|
2
5
|
generateObjectResponse
|
|
3
|
-
} from "./cli-
|
|
6
|
+
} from "./cli-sjx9y22j.js";
|
|
4
7
|
import {
|
|
5
8
|
exports_external1 as exports_external,
|
|
6
9
|
init_zod,
|
|
7
10
|
zod_default
|
|
8
|
-
} from "./cli-
|
|
11
|
+
} from "./cli-2sdqzmg5.js";
|
|
9
12
|
import {
|
|
10
13
|
__callDispose,
|
|
11
14
|
__using
|
|
12
15
|
} from "./cli-8rxa073f.js";
|
|
13
16
|
|
|
17
|
+
// src/util/name.ts
|
|
18
|
+
init_zod();
|
|
19
|
+
init_ai();
|
|
20
|
+
var adjectives = [
|
|
21
|
+
"swift",
|
|
22
|
+
"bright",
|
|
23
|
+
"calm",
|
|
24
|
+
"bold",
|
|
25
|
+
"keen",
|
|
26
|
+
"noble",
|
|
27
|
+
"quick",
|
|
28
|
+
"sharp",
|
|
29
|
+
"vivid",
|
|
30
|
+
"warm",
|
|
31
|
+
"agile",
|
|
32
|
+
"brave",
|
|
33
|
+
"clever",
|
|
34
|
+
"daring",
|
|
35
|
+
"eager",
|
|
36
|
+
"fierce",
|
|
37
|
+
"gentle",
|
|
38
|
+
"humble",
|
|
39
|
+
"jolly",
|
|
40
|
+
"lively",
|
|
41
|
+
"merry",
|
|
42
|
+
"nimble",
|
|
43
|
+
"proud",
|
|
44
|
+
"quiet",
|
|
45
|
+
"rapid",
|
|
46
|
+
"serene",
|
|
47
|
+
"sturdy",
|
|
48
|
+
"tender",
|
|
49
|
+
"valiant",
|
|
50
|
+
"witty",
|
|
51
|
+
"zealous"
|
|
52
|
+
];
|
|
53
|
+
var nouns = [
|
|
54
|
+
"falcon",
|
|
55
|
+
"wolf",
|
|
56
|
+
"hawk",
|
|
57
|
+
"bear",
|
|
58
|
+
"lion",
|
|
59
|
+
"tiger",
|
|
60
|
+
"eagle",
|
|
61
|
+
"raven",
|
|
62
|
+
"phoenix",
|
|
63
|
+
"dragon",
|
|
64
|
+
"panther",
|
|
65
|
+
"cobra",
|
|
66
|
+
"viper",
|
|
67
|
+
"shark",
|
|
68
|
+
"orca",
|
|
69
|
+
"mantis",
|
|
70
|
+
"spider",
|
|
71
|
+
"scorpion",
|
|
72
|
+
"hydra",
|
|
73
|
+
"griffin",
|
|
74
|
+
"sphinx",
|
|
75
|
+
"kraken",
|
|
76
|
+
"cipher",
|
|
77
|
+
"nexus",
|
|
78
|
+
"prism",
|
|
79
|
+
"vector",
|
|
80
|
+
"matrix",
|
|
81
|
+
"pulse",
|
|
82
|
+
"surge",
|
|
83
|
+
"flux"
|
|
84
|
+
];
|
|
85
|
+
function generateRandomName() {
|
|
86
|
+
const adj = adjectives[Math.floor(Math.random() * adjectives.length)];
|
|
87
|
+
const noun = nouns[Math.floor(Math.random() * nouns.length)];
|
|
88
|
+
return `${adj}-${noun}`;
|
|
89
|
+
}
|
|
90
|
+
var sessionNameSchema = exports_external.object({
|
|
91
|
+
name: exports_external.string().describe("A short, descriptive session name (2-4 words, lowercase, hyphenated)")
|
|
92
|
+
});
|
|
93
|
+
async function generateSessionName(opts) {
|
|
94
|
+
const { targets, userMessage, model, authConfig, abortSignal } = opts;
|
|
95
|
+
const contextParts = [];
|
|
96
|
+
if (targets.length > 0) {
|
|
97
|
+
contextParts.push(`Target(s): ${targets.join(", ")}`);
|
|
98
|
+
}
|
|
99
|
+
if (userMessage) {
|
|
100
|
+
contextParts.push(`User objective: ${userMessage}`);
|
|
101
|
+
}
|
|
102
|
+
if (contextParts.length === 0)
|
|
103
|
+
return null;
|
|
104
|
+
const prompt = [
|
|
105
|
+
"Generate a short, descriptive name for a penetration testing session.",
|
|
106
|
+
"The name should be 2-4 lowercase words separated by hyphens.",
|
|
107
|
+
"It should capture the key aspect of the target or task — e.g. 'acme-api-pentest', 'login-auth-bypass', 'ecommerce-checkout-test'.",
|
|
108
|
+
"",
|
|
109
|
+
...contextParts
|
|
110
|
+
].join(`
|
|
111
|
+
`);
|
|
112
|
+
try {
|
|
113
|
+
const result = await generateObjectResponse({
|
|
114
|
+
model,
|
|
115
|
+
schema: sessionNameSchema,
|
|
116
|
+
prompt,
|
|
117
|
+
maxTokens: 50,
|
|
118
|
+
temperature: 0.7,
|
|
119
|
+
authConfig,
|
|
120
|
+
abortSignal
|
|
121
|
+
});
|
|
122
|
+
if (!result?.name)
|
|
123
|
+
return null;
|
|
124
|
+
const name = result.name.toLowerCase().replace(/[^a-z0-9-]/g, "-").replace(/-+/g, "-").replace(/^-|-$/g, "").slice(0, 50);
|
|
125
|
+
return name || null;
|
|
126
|
+
} catch {
|
|
127
|
+
return null;
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
|
|
14
131
|
// src/core/credentials/manager.ts
|
|
15
132
|
import { randomBytes } from "crypto";
|
|
16
133
|
function generateCredentialId() {
|
|
@@ -166,25 +283,135 @@ ${lines.join(`
|
|
|
166
283
|
</available_credentials>`;
|
|
167
284
|
}
|
|
168
285
|
}
|
|
286
|
+
// src/core/id/id.ts
|
|
287
|
+
init_zod();
|
|
288
|
+
import { randomBytes as randomBytes2 } from "crypto";
|
|
289
|
+
var prefixes = {
|
|
290
|
+
session: "ses",
|
|
291
|
+
message: "msg",
|
|
292
|
+
permission: "per",
|
|
293
|
+
user: "usr",
|
|
294
|
+
part: "prt"
|
|
295
|
+
};
|
|
296
|
+
function schema(prefix) {
|
|
297
|
+
return zod_default.string().startsWith(prefixes[prefix]);
|
|
298
|
+
}
|
|
299
|
+
var LENGTH = 26;
|
|
300
|
+
var lastTimestamp = 0;
|
|
301
|
+
var counter = 0;
|
|
302
|
+
function descending(prefix, given) {
|
|
303
|
+
return generateID(prefix, true, given);
|
|
304
|
+
}
|
|
305
|
+
function generateID(prefix, descending2, given) {
|
|
306
|
+
if (!given) {
|
|
307
|
+
return create(prefix, descending2);
|
|
308
|
+
}
|
|
309
|
+
if (!given.startsWith(prefixes[prefix])) {
|
|
310
|
+
throw new Error(`ID ${given} does not start with ${prefixes[prefix]}`);
|
|
311
|
+
}
|
|
312
|
+
return given;
|
|
313
|
+
}
|
|
314
|
+
function randomBase62(length) {
|
|
315
|
+
const chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
|
|
316
|
+
let result = "";
|
|
317
|
+
const bytes = randomBytes2(length);
|
|
318
|
+
for (let i = 0;i < length; i++) {
|
|
319
|
+
result += chars[bytes[i] % 62];
|
|
320
|
+
}
|
|
321
|
+
return result;
|
|
322
|
+
}
|
|
323
|
+
function create(prefix, descending2, timestamp) {
|
|
324
|
+
const currentTimestamp = timestamp ?? Date.now();
|
|
325
|
+
if (currentTimestamp !== lastTimestamp) {
|
|
326
|
+
lastTimestamp = currentTimestamp;
|
|
327
|
+
counter = 0;
|
|
328
|
+
}
|
|
329
|
+
counter++;
|
|
330
|
+
let now = BigInt(currentTimestamp) * BigInt(4096) + BigInt(counter);
|
|
331
|
+
now = descending2 ? ~now : now;
|
|
332
|
+
const timeBytes = Buffer.alloc(6);
|
|
333
|
+
for (let i = 0;i < 6; i++) {
|
|
334
|
+
timeBytes[i] = Number(now >> BigInt(40 - 8 * i) & BigInt(255));
|
|
335
|
+
}
|
|
336
|
+
return prefixes[prefix] + "_" + timeBytes.toString("hex") + randomBase62(LENGTH - 12);
|
|
337
|
+
}
|
|
338
|
+
|
|
339
|
+
// src/core/services/rateLimiter/index.ts
|
|
340
|
+
function sleep(ms) {
|
|
341
|
+
return new Promise((resolve) => setTimeout(resolve, ms));
|
|
342
|
+
}
|
|
343
|
+
|
|
344
|
+
class RateLimiter {
|
|
345
|
+
tokens;
|
|
346
|
+
lastRefillTime;
|
|
347
|
+
rps;
|
|
348
|
+
bucketSize;
|
|
349
|
+
msPerToken;
|
|
350
|
+
queue;
|
|
351
|
+
constructor(config) {
|
|
352
|
+
this.rps = config?.requestsPerSecond;
|
|
353
|
+
this.bucketSize = this.rps ? 1 : 0;
|
|
354
|
+
this.tokens = this.bucketSize;
|
|
355
|
+
this.lastRefillTime = performance.now();
|
|
356
|
+
this.msPerToken = this.rps ? 1000 / this.rps : undefined;
|
|
357
|
+
this.queue = Promise.resolve();
|
|
358
|
+
}
|
|
359
|
+
async acquireSlot() {
|
|
360
|
+
if (!this.rps || !this.msPerToken)
|
|
361
|
+
return;
|
|
362
|
+
const previousPromise = this.queue;
|
|
363
|
+
let resolveCurrentRequest;
|
|
364
|
+
this.queue = new Promise((resolve) => {
|
|
365
|
+
resolveCurrentRequest = resolve;
|
|
366
|
+
});
|
|
367
|
+
await previousPromise;
|
|
368
|
+
try {
|
|
369
|
+
const now = performance.now();
|
|
370
|
+
this.refill(now);
|
|
371
|
+
if (this.tokens < 1) {
|
|
372
|
+
const waitTime = (1 - this.tokens) * this.msPerToken;
|
|
373
|
+
await sleep(waitTime);
|
|
374
|
+
const nowAfterSleep = performance.now();
|
|
375
|
+
this.refill(nowAfterSleep);
|
|
376
|
+
}
|
|
377
|
+
this.tokens -= 1;
|
|
378
|
+
} finally {
|
|
379
|
+
resolveCurrentRequest();
|
|
380
|
+
}
|
|
381
|
+
}
|
|
382
|
+
refill(now) {
|
|
383
|
+
if (this.tokens >= this.bucketSize) {
|
|
384
|
+
this.lastRefillTime = now;
|
|
385
|
+
return;
|
|
386
|
+
}
|
|
387
|
+
const elapsed = now - this.lastRefillTime;
|
|
388
|
+
const tokensToAdd = elapsed / this.msPerToken;
|
|
389
|
+
this.tokens = Math.min(this.bucketSize, this.tokens + tokensToAdd);
|
|
390
|
+
this.lastRefillTime = now;
|
|
391
|
+
}
|
|
392
|
+
isEnabled() {
|
|
393
|
+
return this.rps !== undefined;
|
|
394
|
+
}
|
|
395
|
+
}
|
|
396
|
+
|
|
169
397
|
// src/core/storage/index.ts
|
|
170
398
|
init_zod();
|
|
399
|
+
import fs, { readdir } from "fs/promises";
|
|
171
400
|
import os from "os";
|
|
172
401
|
import path from "path";
|
|
173
|
-
import fs from "fs/promises";
|
|
174
|
-
import { readdir } from "fs/promises";
|
|
175
402
|
|
|
176
403
|
// src/util/errors.ts
|
|
177
404
|
init_zod();
|
|
178
405
|
|
|
179
406
|
class NamedError extends Error {
|
|
180
407
|
static create(name, data) {
|
|
181
|
-
const
|
|
408
|
+
const schema2 = zod_default.object({
|
|
182
409
|
name: zod_default.literal(name),
|
|
183
410
|
data
|
|
184
411
|
});
|
|
185
412
|
const result = class extends NamedError {
|
|
186
413
|
data;
|
|
187
|
-
static Schema =
|
|
414
|
+
static Schema = schema2;
|
|
188
415
|
name = name;
|
|
189
416
|
constructor(data2, options) {
|
|
190
417
|
super(name, options);
|
|
@@ -195,7 +422,7 @@ class NamedError extends Error {
|
|
|
195
422
|
return typeof input === "object" && input !== null && "name" in input && input.name === name;
|
|
196
423
|
}
|
|
197
424
|
schema() {
|
|
198
|
-
return
|
|
425
|
+
return schema2;
|
|
199
426
|
}
|
|
200
427
|
toObject() {
|
|
201
428
|
return {
|
|
@@ -298,18 +525,6 @@ var NotFoundError = NamedError.create("NotFoundError", zod_default.object({
|
|
|
298
525
|
function getBaseDir() {
|
|
299
526
|
return process.env.PENSAR_DATA_DIR ?? path.join(os.homedir(), ".pensar");
|
|
300
527
|
}
|
|
301
|
-
async function remove(key) {
|
|
302
|
-
const dir = getBaseDir();
|
|
303
|
-
const target = path.join(dir, ...key) + ".json";
|
|
304
|
-
return withErrorHandling(async () => {
|
|
305
|
-
await fs.unlink(target).catch(() => {});
|
|
306
|
-
});
|
|
307
|
-
}
|
|
308
|
-
async function locate(key, ext) {
|
|
309
|
-
const dir = getBaseDir();
|
|
310
|
-
const target = path.join(dir, ...key) + (ext ? ext : ".json");
|
|
311
|
-
return target;
|
|
312
|
-
}
|
|
313
528
|
async function write2(key, content, ext) {
|
|
314
529
|
const dir = getBaseDir();
|
|
315
530
|
const target = path.join(dir, ...key) + (ext ? ext : ".json");
|
|
@@ -436,228 +651,4 @@ async function list(prefix) {
|
|
|
436
651
|
}
|
|
437
652
|
}
|
|
438
653
|
|
|
439
|
-
|
|
440
|
-
init_zod();
|
|
441
|
-
import { randomBytes as randomBytes2 } from "crypto";
|
|
442
|
-
var prefixes = {
|
|
443
|
-
session: "ses",
|
|
444
|
-
message: "msg",
|
|
445
|
-
permission: "per",
|
|
446
|
-
user: "usr",
|
|
447
|
-
part: "prt"
|
|
448
|
-
};
|
|
449
|
-
function schema(prefix) {
|
|
450
|
-
return zod_default.string().startsWith(prefixes[prefix]);
|
|
451
|
-
}
|
|
452
|
-
var LENGTH = 26;
|
|
453
|
-
var lastTimestamp = 0;
|
|
454
|
-
var counter = 0;
|
|
455
|
-
function descending(prefix, given) {
|
|
456
|
-
return generateID(prefix, true, given);
|
|
457
|
-
}
|
|
458
|
-
function generateID(prefix, descending2, given) {
|
|
459
|
-
if (!given) {
|
|
460
|
-
return create(prefix, descending2);
|
|
461
|
-
}
|
|
462
|
-
if (!given.startsWith(prefixes[prefix])) {
|
|
463
|
-
throw new Error(`ID ${given} does not start with ${prefixes[prefix]}`);
|
|
464
|
-
}
|
|
465
|
-
return given;
|
|
466
|
-
}
|
|
467
|
-
function randomBase62(length) {
|
|
468
|
-
const chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
|
|
469
|
-
let result = "";
|
|
470
|
-
const bytes = randomBytes2(length);
|
|
471
|
-
for (let i = 0;i < length; i++) {
|
|
472
|
-
result += chars[bytes[i] % 62];
|
|
473
|
-
}
|
|
474
|
-
return result;
|
|
475
|
-
}
|
|
476
|
-
function create(prefix, descending2, timestamp) {
|
|
477
|
-
const currentTimestamp = timestamp ?? Date.now();
|
|
478
|
-
if (currentTimestamp !== lastTimestamp) {
|
|
479
|
-
lastTimestamp = currentTimestamp;
|
|
480
|
-
counter = 0;
|
|
481
|
-
}
|
|
482
|
-
counter++;
|
|
483
|
-
let now = BigInt(currentTimestamp) * BigInt(4096) + BigInt(counter);
|
|
484
|
-
now = descending2 ? ~now : now;
|
|
485
|
-
const timeBytes = Buffer.alloc(6);
|
|
486
|
-
for (let i = 0;i < 6; i++) {
|
|
487
|
-
timeBytes[i] = Number(now >> BigInt(40 - 8 * i) & BigInt(255));
|
|
488
|
-
}
|
|
489
|
-
return prefixes[prefix] + "_" + timeBytes.toString("hex") + randomBase62(LENGTH - 12);
|
|
490
|
-
}
|
|
491
|
-
|
|
492
|
-
// src/core/services/rateLimiter/index.ts
|
|
493
|
-
function sleep(ms) {
|
|
494
|
-
return new Promise((resolve) => setTimeout(resolve, ms));
|
|
495
|
-
}
|
|
496
|
-
|
|
497
|
-
class RateLimiter {
|
|
498
|
-
tokens;
|
|
499
|
-
lastRefillTime;
|
|
500
|
-
rps;
|
|
501
|
-
bucketSize;
|
|
502
|
-
msPerToken;
|
|
503
|
-
queue;
|
|
504
|
-
constructor(config) {
|
|
505
|
-
this.rps = config?.requestsPerSecond;
|
|
506
|
-
this.bucketSize = this.rps ? 1 : 0;
|
|
507
|
-
this.tokens = this.bucketSize;
|
|
508
|
-
this.lastRefillTime = performance.now();
|
|
509
|
-
this.msPerToken = this.rps ? 1000 / this.rps : undefined;
|
|
510
|
-
this.queue = Promise.resolve();
|
|
511
|
-
}
|
|
512
|
-
async acquireSlot() {
|
|
513
|
-
if (!this.rps || !this.msPerToken)
|
|
514
|
-
return;
|
|
515
|
-
const previousPromise = this.queue;
|
|
516
|
-
let resolveCurrentRequest;
|
|
517
|
-
this.queue = new Promise((resolve) => {
|
|
518
|
-
resolveCurrentRequest = resolve;
|
|
519
|
-
});
|
|
520
|
-
await previousPromise;
|
|
521
|
-
try {
|
|
522
|
-
const now = performance.now();
|
|
523
|
-
this.refill(now);
|
|
524
|
-
if (this.tokens < 1) {
|
|
525
|
-
const waitTime = (1 - this.tokens) * this.msPerToken;
|
|
526
|
-
await sleep(waitTime);
|
|
527
|
-
const nowAfterSleep = performance.now();
|
|
528
|
-
this.refill(nowAfterSleep);
|
|
529
|
-
}
|
|
530
|
-
this.tokens -= 1;
|
|
531
|
-
} finally {
|
|
532
|
-
resolveCurrentRequest();
|
|
533
|
-
}
|
|
534
|
-
}
|
|
535
|
-
refill(now) {
|
|
536
|
-
if (this.tokens >= this.bucketSize) {
|
|
537
|
-
this.lastRefillTime = now;
|
|
538
|
-
return;
|
|
539
|
-
}
|
|
540
|
-
const elapsed = now - this.lastRefillTime;
|
|
541
|
-
const tokensToAdd = elapsed / this.msPerToken;
|
|
542
|
-
this.tokens = Math.min(this.bucketSize, this.tokens + tokensToAdd);
|
|
543
|
-
this.lastRefillTime = now;
|
|
544
|
-
}
|
|
545
|
-
isEnabled() {
|
|
546
|
-
return this.rps !== undefined;
|
|
547
|
-
}
|
|
548
|
-
}
|
|
549
|
-
|
|
550
|
-
// src/util/name.ts
|
|
551
|
-
init_zod();
|
|
552
|
-
var adjectives = [
|
|
553
|
-
"swift",
|
|
554
|
-
"bright",
|
|
555
|
-
"calm",
|
|
556
|
-
"bold",
|
|
557
|
-
"keen",
|
|
558
|
-
"noble",
|
|
559
|
-
"quick",
|
|
560
|
-
"sharp",
|
|
561
|
-
"vivid",
|
|
562
|
-
"warm",
|
|
563
|
-
"agile",
|
|
564
|
-
"brave",
|
|
565
|
-
"clever",
|
|
566
|
-
"daring",
|
|
567
|
-
"eager",
|
|
568
|
-
"fierce",
|
|
569
|
-
"gentle",
|
|
570
|
-
"humble",
|
|
571
|
-
"jolly",
|
|
572
|
-
"lively",
|
|
573
|
-
"merry",
|
|
574
|
-
"nimble",
|
|
575
|
-
"proud",
|
|
576
|
-
"quiet",
|
|
577
|
-
"rapid",
|
|
578
|
-
"serene",
|
|
579
|
-
"sturdy",
|
|
580
|
-
"tender",
|
|
581
|
-
"valiant",
|
|
582
|
-
"witty",
|
|
583
|
-
"zealous"
|
|
584
|
-
];
|
|
585
|
-
var nouns = [
|
|
586
|
-
"falcon",
|
|
587
|
-
"wolf",
|
|
588
|
-
"hawk",
|
|
589
|
-
"bear",
|
|
590
|
-
"lion",
|
|
591
|
-
"tiger",
|
|
592
|
-
"eagle",
|
|
593
|
-
"raven",
|
|
594
|
-
"phoenix",
|
|
595
|
-
"dragon",
|
|
596
|
-
"panther",
|
|
597
|
-
"cobra",
|
|
598
|
-
"viper",
|
|
599
|
-
"shark",
|
|
600
|
-
"orca",
|
|
601
|
-
"mantis",
|
|
602
|
-
"spider",
|
|
603
|
-
"scorpion",
|
|
604
|
-
"hydra",
|
|
605
|
-
"griffin",
|
|
606
|
-
"sphinx",
|
|
607
|
-
"kraken",
|
|
608
|
-
"cipher",
|
|
609
|
-
"nexus",
|
|
610
|
-
"prism",
|
|
611
|
-
"vector",
|
|
612
|
-
"matrix",
|
|
613
|
-
"pulse",
|
|
614
|
-
"surge",
|
|
615
|
-
"flux"
|
|
616
|
-
];
|
|
617
|
-
function generateRandomName() {
|
|
618
|
-
const adj = adjectives[Math.floor(Math.random() * adjectives.length)];
|
|
619
|
-
const noun = nouns[Math.floor(Math.random() * nouns.length)];
|
|
620
|
-
return `${adj}-${noun}`;
|
|
621
|
-
}
|
|
622
|
-
var sessionNameSchema = exports_external.object({
|
|
623
|
-
name: exports_external.string().describe("A short, descriptive session name (2-4 words, lowercase, hyphenated)")
|
|
624
|
-
});
|
|
625
|
-
async function generateSessionName(opts) {
|
|
626
|
-
const { targets, userMessage, model, authConfig, abortSignal } = opts;
|
|
627
|
-
const contextParts = [];
|
|
628
|
-
if (targets.length > 0) {
|
|
629
|
-
contextParts.push(`Target(s): ${targets.join(", ")}`);
|
|
630
|
-
}
|
|
631
|
-
if (userMessage) {
|
|
632
|
-
contextParts.push(`User objective: ${userMessage}`);
|
|
633
|
-
}
|
|
634
|
-
if (contextParts.length === 0)
|
|
635
|
-
return null;
|
|
636
|
-
const prompt = [
|
|
637
|
-
"Generate a short, descriptive name for a penetration testing session.",
|
|
638
|
-
"The name should be 2-4 lowercase words separated by hyphens.",
|
|
639
|
-
"It should capture the key aspect of the target or task — e.g. 'acme-api-pentest', 'login-auth-bypass', 'ecommerce-checkout-test'.",
|
|
640
|
-
"",
|
|
641
|
-
...contextParts
|
|
642
|
-
].join(`
|
|
643
|
-
`);
|
|
644
|
-
try {
|
|
645
|
-
const result = await generateObjectResponse({
|
|
646
|
-
model,
|
|
647
|
-
schema: sessionNameSchema,
|
|
648
|
-
prompt,
|
|
649
|
-
maxTokens: 50,
|
|
650
|
-
temperature: 0.7,
|
|
651
|
-
authConfig,
|
|
652
|
-
abortSignal
|
|
653
|
-
});
|
|
654
|
-
if (!result?.name)
|
|
655
|
-
return null;
|
|
656
|
-
const name = result.name.toLowerCase().replace(/[^a-z0-9-]/g, "-").replace(/-+/g, "-").replace(/^-|-$/g, "").slice(0, 50);
|
|
657
|
-
return name || null;
|
|
658
|
-
} catch {
|
|
659
|
-
return null;
|
|
660
|
-
}
|
|
661
|
-
}
|
|
662
|
-
|
|
663
|
-
export { CredentialManager, NotFoundError, remove, locate, write2 as write, createDir, writeRaw, read2 as read, update, list, schema, descending, RateLimiter, generateRandomName, generateSessionName };
|
|
654
|
+
export { generateRandomName, generateSessionName, CredentialManager, schema, descending, RateLimiter, NotFoundError, write2 as write, createDir, writeRaw, read2 as read, update, list };
|