@pensar/apex 1.8.0 → 1.8.2-canary.fb75c486

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/README.md +11 -0
  2. package/build/agent-6dj1qm50.js +221 -0
  3. package/build/agent-6xr8vpgm.js +28 -0
  4. package/build/agent-x1htbpe3.js +22 -0
  5. package/build/apps-t0gmwc7z.js +446 -0
  6. package/build/{auth-dxjgy41e.js → auth-p4r1m7xq.js} +50 -13
  7. package/build/authentication-je2b0c3w.js +22 -0
  8. package/build/blackboxAgent-a4jnt0y5.js +22 -0
  9. package/build/{blackboxPentest-8ps4yvbk.js → blackboxPentest-b5741n3h.js} +19 -17
  10. package/build/{cli-y61d9433.js → cli-0tnv1vkp.js} +138 -38
  11. package/build/{cli-jg7r7y5n.js → cli-4xb21y6g.js} +30 -2
  12. package/build/{cli-k0tckznm.js → cli-6p7d2k55.js} +39701 -31695
  13. package/build/cli-87zakjb2.js +17 -0
  14. package/build/{authentication-e30mfzbe.js → cli-8frjr68r.js} +11 -18
  15. package/build/cli-8xknm7d9.js +204 -0
  16. package/build/cli-9egg9azd.js +22 -0
  17. package/build/cli-9fsre5pt.js +0 -0
  18. package/build/cli-abbka8n3.js +501 -0
  19. package/build/{cli-3y0dgy56.js → cli-c8131c4q.js} +2 -2
  20. package/build/cli-e08r86zk.js +24 -0
  21. package/build/{cli-0ghkg3w6.js → cli-e6rgwtpb.js} +19950 -18556
  22. package/build/cli-g5h24ny8.js +197 -0
  23. package/build/{cli-nr1cjfr9.js → cli-gtcd5c3f.js} +26 -7
  24. package/build/cli-k0730f59.js +52 -0
  25. package/build/{cli-tp1tqn3k.js → cli-mswm4k81.js} +1 -1
  26. package/build/{cli-m788e4f3.js → cli-q8dfq25x.js} +584 -33
  27. package/build/cli-rhry8mat.js +7213 -0
  28. package/build/{cli-g8t710ew.js → cli-ryy39d77.js} +253 -250
  29. package/build/cli-s1nckt4k.js +20 -0
  30. package/build/{cli-k4hrygff.js → cli-v9ds4jb8.js} +9 -5
  31. package/build/{cli-dqt80sw3.js → cli-w5990vr6.js} +199 -68
  32. package/build/{cli-3w2syxpv.js → cli-wfmdch3r.js} +102695 -104816
  33. package/build/cli.js +351 -280
  34. package/build/config-3bvtf3j8.js +188 -0
  35. package/build/{doctor-8tva8j99.js → doctor-2bkpddws.js} +1 -1
  36. package/build/{fixes-q5bhgxhc.js → fixes-60k3ts71.js} +23 -4
  37. package/build/{index-pfee23kv.js → index-0gp3x2r8.js} +19306 -18954
  38. package/build/index-861hkebg.js +12 -0
  39. package/build/{index-y5xpp21a.js → index-acc00eq4.js} +77 -108
  40. package/build/index-acdgrqa0.js +36 -0
  41. package/build/{index-e898mdyh.js → index-cfberehw.js} +4 -2
  42. package/build/{index-wfeb2gcc.js → index-hxn4rk8f.js} +9 -11
  43. package/build/{index-dw1xbhfn.js → index-vc29b21w.js} +161 -26
  44. package/build/index-vwt27stc.js +184 -0
  45. package/build/{issues-qbmdneej.js → issues-1bynat5q.js} +33 -9
  46. package/build/{logs-xm5vbymy.js → logs-e78vx2dy.js} +23 -4
  47. package/build/{main-3d7dfdvs.js → main-3zneyg7p.js} +93 -17
  48. package/build/{offesecAgent-re6kt2ff.js → offesecAgent-w9m0svwk.js} +14 -11
  49. package/build/parse-15kqmy2v.js +207 -0
  50. package/build/pentest-gpvqpvmd.js +31 -0
  51. package/build/{pentests-e3rj5845.js → pentests-nq7wa8yb.js} +36 -17
  52. package/build/{targetedPentest-fs0v570s.js → targetedPentest-fjxqn089.js} +15 -12
  53. package/build/threatModel-9yqx7d7x.js +29 -0
  54. package/build/{uninstall-qb2xbh2t.js → uninstall-9zbf4cwc.js} +6 -4
  55. package/build/{utils-jf52rmrb.js → utils-dh1t2r1e.js} +13 -10
  56. package/package.json +86 -88
  57. package/build/agent-4d8j2jsw.js +0 -278
  58. package/build/agent-z2s6h7n2.js +0 -19
  59. package/build/blackboxAgent-j9pczwym.js +0 -19
  60. package/build/cli-03z6pswp.js +0 -1423
  61. package/build/cli-0fy9j5dw.js +0 -61
  62. package/build/cli-asyas1xb.js +0 -110
  63. package/build/cli-dj1dgw2n.js +0 -190
  64. package/build/cli-q7r2sth7.js +0 -103
  65. package/build/cli-vkwch0bc.js +0 -1207
  66. package/build/cli-wr7g9qcr.js +0 -645
  67. package/build/index-bz6f8jry.js +0 -32
  68. package/build/pentest-mfm4hake.js +0 -29
  69. package/build/projects-qk22qcbt.js +0 -35
  70. package/build/threatModel-xfvc6cch.js +0 -67
@@ -3,21 +3,97 @@ import {
3
3
  __require
4
4
  } from "./cli-8rxa073f.js";
5
5
 
6
+ // node_modules/dotenv/package.json
7
+ var require_package = __commonJS((exports, module) => {
8
+ module.exports = {
9
+ name: "dotenv",
10
+ version: "17.2.3",
11
+ description: "Loads environment variables from .env file",
12
+ main: "lib/main.js",
13
+ types: "lib/main.d.ts",
14
+ exports: {
15
+ ".": {
16
+ types: "./lib/main.d.ts",
17
+ require: "./lib/main.js",
18
+ default: "./lib/main.js"
19
+ },
20
+ "./config": "./config.js",
21
+ "./config.js": "./config.js",
22
+ "./lib/env-options": "./lib/env-options.js",
23
+ "./lib/env-options.js": "./lib/env-options.js",
24
+ "./lib/cli-options": "./lib/cli-options.js",
25
+ "./lib/cli-options.js": "./lib/cli-options.js",
26
+ "./package.json": "./package.json"
27
+ },
28
+ scripts: {
29
+ "dts-check": "tsc --project tests/types/tsconfig.json",
30
+ lint: "standard",
31
+ pretest: "npm run lint && npm run dts-check",
32
+ test: "tap run tests/**/*.js --allow-empty-coverage --disable-coverage --timeout=60000",
33
+ "test:coverage": "tap run tests/**/*.js --show-full-coverage --timeout=60000 --coverage-report=text --coverage-report=lcov",
34
+ prerelease: "npm test",
35
+ release: "standard-version"
36
+ },
37
+ repository: {
38
+ type: "git",
39
+ url: "git://github.com/motdotla/dotenv.git"
40
+ },
41
+ homepage: "https://github.com/motdotla/dotenv#readme",
42
+ funding: "https://dotenvx.com",
43
+ keywords: [
44
+ "dotenv",
45
+ "env",
46
+ ".env",
47
+ "environment",
48
+ "variables",
49
+ "config",
50
+ "settings"
51
+ ],
52
+ readmeFilename: "README.md",
53
+ license: "BSD-2-Clause",
54
+ devDependencies: {
55
+ "@types/node": "^18.11.3",
56
+ decache: "^4.6.2",
57
+ sinon: "^14.0.1",
58
+ standard: "^17.0.0",
59
+ "standard-version": "^9.5.0",
60
+ tap: "^19.2.0",
61
+ typescript: "^4.8.4"
62
+ },
63
+ engines: {
64
+ node: ">=12"
65
+ },
66
+ browser: {
67
+ fs: false
68
+ }
69
+ };
70
+ });
71
+
6
72
  // node_modules/dotenv/lib/main.js
7
73
  var require_main = __commonJS((exports, module) => {
8
74
  var fs = __require("fs");
9
75
  var path = __require("path");
10
76
  var os = __require("os");
11
77
  var crypto = __require("crypto");
78
+ var packageJson = require_package();
79
+ var version = packageJson.version;
12
80
  var TIPS = [
13
- " encrypted .env [www.dotenvx.com]",
14
- " secrets for agents [www.dotenvx.com]",
15
- " auth for agents [www.vestauth.com]",
16
- " custom filepath { path: '/custom/path/.env' }",
17
- " enable debugging { debug: true }",
18
- " override existing { override: true }",
19
- " suppress logs { quiet: true }",
20
- " multiple files { path: ['.env.local', '.env'] }"
81
+ "\uD83D\uDD10 encrypt with Dotenvx: https://dotenvx.com",
82
+ "\uD83D\uDD10 prevent committing .env to code: https://dotenvx.com/precommit",
83
+ "\uD83D\uDD10 prevent building .env in docker: https://dotenvx.com/prebuild",
84
+ "\uD83D\uDCE1 add observability to secrets: https://dotenvx.com/ops",
85
+ "\uD83D\uDC65 sync secrets across teammates & machines: https://dotenvx.com/ops",
86
+ "\uD83D\uDDC2️ backup and recover secrets: https://dotenvx.com/ops",
87
+ " audit secrets and track compliance: https://dotenvx.com/ops",
88
+ "\uD83D\uDD04 add secrets lifecycle management: https://dotenvx.com/ops",
89
+ "\uD83D\uDD11 add access controls to secrets: https://dotenvx.com/ops",
90
+ "\uD83D\uDEE0️ run anywhere with `dotenvx run -- yourcommand`",
91
+ "⚙️ specify custom .env file path with { path: '/custom/path/.env' }",
92
+ "⚙️ enable debug logging with { debug: true }",
93
+ "⚙️ override existing env vars with { override: true }",
94
+ "⚙️ suppress all logs with { quiet: true }",
95
+ "⚙️ write to custom object with { processEnv: myObject }",
96
+ "⚙️ load multiple .env files with { path: ['.env.local', '.env'] }"
21
97
  ];
22
98
  function _getRandomTip() {
23
99
  return TIPS[Math.floor(Math.random() * TIPS.length)];
@@ -84,13 +160,13 @@ var require_main = __commonJS((exports, module) => {
84
160
  return DotenvModule.parse(decrypted);
85
161
  }
86
162
  function _warn(message) {
87
- console.error(`⚠ ${message}`);
163
+ console.error(`[dotenv@${version}][WARN] ${message}`);
88
164
  }
89
165
  function _debug(message) {
90
- console.log(`┆ ${message}`);
166
+ console.log(`[dotenv@${version}][DEBUG] ${message}`);
91
167
  }
92
168
  function _log(message) {
93
- console.log(`◇ ${message}`);
169
+ console.log(`[dotenv@${version}] ${message}`);
94
170
  }
95
171
  function _dotenvKey(options) {
96
172
  if (options && options.DOTENV_KEY && options.DOTENV_KEY.length > 0) {
@@ -161,7 +237,7 @@ var require_main = __commonJS((exports, module) => {
161
237
  const debug = parseBoolean(process.env.DOTENV_CONFIG_DEBUG || options && options.debug);
162
238
  const quiet = parseBoolean(process.env.DOTENV_CONFIG_QUIET || options && options.quiet);
163
239
  if (debug || !quiet) {
164
- _log("loading env from encrypted .env.vault");
240
+ _log("Loading env from encrypted .env.vault");
165
241
  }
166
242
  const parsed = DotenvModule._parseVault(options);
167
243
  let processEnv = process.env;
@@ -184,7 +260,7 @@ var require_main = __commonJS((exports, module) => {
184
260
  encoding = options.encoding;
185
261
  } else {
186
262
  if (debug) {
187
- _debug("no encoding is specified (UTF-8 is used by default)");
263
+ _debug("No encoding is specified. UTF-8 is used by default");
188
264
  }
189
265
  }
190
266
  let optionPaths = [dotenvPath];
@@ -206,7 +282,7 @@ var require_main = __commonJS((exports, module) => {
206
282
  DotenvModule.populate(parsedAll, parsed, options);
207
283
  } catch (e) {
208
284
  if (debug) {
209
- _debug(`failed to load ${path2} ${e.message}`);
285
+ _debug(`Failed to load ${path2} ${e.message}`);
210
286
  }
211
287
  lastError = e;
212
288
  }
@@ -223,12 +299,12 @@ var require_main = __commonJS((exports, module) => {
223
299
  shortPaths.push(relative);
224
300
  } catch (e) {
225
301
  if (debug) {
226
- _debug(`failed to load ${filePath} ${e.message}`);
302
+ _debug(`Failed to load ${filePath} ${e.message}`);
227
303
  }
228
304
  lastError = e;
229
305
  }
230
306
  }
231
- _log(`injected env (${keysCount}) from ${shortPaths.join(",")} ${dim(`// tip: ${_getRandomTip()}`)}`);
307
+ _log(`injecting env (${keysCount}) from ${shortPaths.join(",")} ${dim(`-- tip: ${_getRandomTip()}`)}`);
232
308
  }
233
309
  if (lastError) {
234
310
  return { parsed: parsedAll, error: lastError };
@@ -242,7 +318,7 @@ var require_main = __commonJS((exports, module) => {
242
318
  }
243
319
  const vaultPath = _vaultPath(options);
244
320
  if (!vaultPath) {
245
- _warn(`you set DOTENV_KEY but you are missing a .env.vault file at ${vaultPath}`);
321
+ _warn(`You set DOTENV_KEY but you are missing a .env.vault file at ${vaultPath}. Did you forget to build it?`);
246
322
  return DotenvModule.configDotenv(options);
247
323
  }
248
324
  return DotenvModule._configVault(options);
@@ -1,17 +1,20 @@
1
+ import"./cli-9fsre5pt.js";
2
+ import"./cli-k0730f59.js";
1
3
  import {
2
4
  OffensiveSecurityAgent
3
- } from "./cli-3w2syxpv.js";
4
- import"./cli-tp1tqn3k.js";
5
- import"./cli-g8t710ew.js";
6
- import"./cli-3y0dgy56.js";
7
- import"./cli-k0tckznm.js";
8
- import"./cli-0ghkg3w6.js";
9
- import"./cli-dqt80sw3.js";
10
- import"./cli-asyas1xb.js";
5
+ } from "./cli-wfmdch3r.js";
6
+ import"./cli-mswm4k81.js";
7
+ import"./cli-ryy39d77.js";
8
+ import"./cli-c8131c4q.js";
9
+ import"./cli-s1nckt4k.js";
10
+ import"./cli-87zakjb2.js";
11
+ import"./cli-6p7d2k55.js";
12
+ import"./cli-w5990vr6.js";
13
+ import"./cli-e6rgwtpb.js";
14
+ import"./cli-9egg9azd.js";
11
15
  import"./cli-gpnb45ck.js";
12
- import"./cli-nr1cjfr9.js";
13
- import"./cli-dj1dgw2n.js";
14
- import"./cli-03z6pswp.js";
16
+ import"./cli-gtcd5c3f.js";
17
+ import"./cli-g5h24ny8.js";
15
18
  import"./cli-8rxa073f.js";
16
19
 
17
20
  // src/core/api/offesecAgent.ts
@@ -0,0 +1,207 @@
1
+ import {
2
+ __require
3
+ } from "./cli-8rxa073f.js";
4
+
5
+ // src/core/http/parse.ts
6
+ var NAME_TOKEN = /^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/;
7
+ var NAME_CHAR = /[!#$%&'*+\-.^_`|~0-9A-Za-z]/;
8
+ function stripCurlPrefix(input) {
9
+ let s = input.trim();
10
+ if (s.startsWith("-H="))
11
+ s = s.slice(3);
12
+ else if (s.startsWith("--header="))
13
+ s = s.slice(9);
14
+ else if (s.startsWith("-H "))
15
+ s = s.slice(3);
16
+ else if (s.startsWith("--header "))
17
+ s = s.slice(9);
18
+ s = s.trim();
19
+ if (s.startsWith('"') && s.endsWith('"') || s.startsWith("'") && s.endsWith("'")) {
20
+ s = s.slice(1, -1);
21
+ }
22
+ return s;
23
+ }
24
+ function parseHeaderLine(input) {
25
+ const raw = stripCurlPrefix(input);
26
+ const colonIdx = raw.indexOf(":");
27
+ if (colonIdx === -1) {
28
+ return { ok: false, error: { kind: "missing-colon", input } };
29
+ }
30
+ const rawName = raw.slice(0, colonIdx);
31
+ const rawValue = raw.slice(colonIdx + 1);
32
+ const name = rawName.trim();
33
+ if (name.length === 0) {
34
+ return { ok: false, error: { kind: "empty-name", input } };
35
+ }
36
+ if (/\s/.test(name)) {
37
+ return { ok: false, error: { kind: "name-has-whitespace", input } };
38
+ }
39
+ if (!NAME_TOKEN.test(name)) {
40
+ for (let i = 0;i < name.length; i++) {
41
+ if (!NAME_CHAR.test(name[i])) {
42
+ return {
43
+ ok: false,
44
+ error: {
45
+ kind: "invalid-name-char",
46
+ input,
47
+ position: i,
48
+ char: name[i]
49
+ }
50
+ };
51
+ }
52
+ }
53
+ }
54
+ const value = rawValue.replace(/^\s+/, "").replace(/\s+$/, "");
55
+ for (let i = 0;i < value.length; i++) {
56
+ const code = value.charCodeAt(i);
57
+ if (code === 13 || code === 10) {
58
+ return {
59
+ ok: false,
60
+ error: { kind: "crlf-in-value", input, position: i }
61
+ };
62
+ }
63
+ if (code < 32 && code !== 9) {
64
+ return {
65
+ ok: false,
66
+ error: { kind: "control-char-in-value", input, position: i }
67
+ };
68
+ }
69
+ }
70
+ return {
71
+ ok: true,
72
+ value: { name, value }
73
+ };
74
+ }
75
+ function parseHeaderList(input) {
76
+ const lines = input.split(/\r?\n/);
77
+ const entries = [];
78
+ const errors = [];
79
+ const seenKeys = new Map;
80
+ for (let i = 0;i < lines.length; i++) {
81
+ const line = lines[i];
82
+ const trimmed = line.trim();
83
+ if (trimmed.length === 0)
84
+ continue;
85
+ if (trimmed.startsWith("#"))
86
+ continue;
87
+ const parsed = parseHeaderLine(line);
88
+ if (!parsed.ok) {
89
+ errors.push(parsed.error);
90
+ continue;
91
+ }
92
+ const canonical = parsed.value.name.toLowerCase();
93
+ const firstAt = seenKeys.get(canonical);
94
+ if (firstAt !== undefined) {
95
+ errors.push({
96
+ kind: "duplicate-key-in-bulk",
97
+ key: parsed.value.name,
98
+ firstAt,
99
+ secondAt: i
100
+ });
101
+ continue;
102
+ }
103
+ seenKeys.set(canonical, i);
104
+ entries.push(parsed.value);
105
+ }
106
+ if (errors.length > 0) {
107
+ return { ok: false, error: errors };
108
+ }
109
+ return { ok: true, value: entries };
110
+ }
111
+ function parseHeaderRecord(record) {
112
+ const lines = Object.entries(record).map(([k, v]) => `${k}: ${v}`);
113
+ return parseHeaderList(lines.join(`
114
+ `));
115
+ }
116
+ async function parseHeadersFromFile(filePath) {
117
+ const fs = await import("fs/promises");
118
+ let raw;
119
+ try {
120
+ raw = await fs.readFile(filePath, "utf-8");
121
+ } catch (e) {
122
+ const msg = e instanceof Error ? e.message : String(e);
123
+ return {
124
+ ok: false,
125
+ error: [{ kind: "file-read-failed", path: filePath, message: msg }]
126
+ };
127
+ }
128
+ const firstNonWs = raw.match(/\S/);
129
+ if (firstNonWs && firstNonWs[0] === "{") {
130
+ try {
131
+ const obj = JSON.parse(raw);
132
+ if (typeof obj !== "object" || obj === null || Array.isArray(obj) || Object.values(obj).some((v) => typeof v !== "string")) {
133
+ return {
134
+ ok: false,
135
+ error: [
136
+ {
137
+ kind: "invalid-json",
138
+ input: raw,
139
+ message: "expected a flat object of string values"
140
+ }
141
+ ]
142
+ };
143
+ }
144
+ return parseHeaderRecord(obj);
145
+ } catch (e) {
146
+ const msg = e instanceof Error ? e.message : String(e);
147
+ return {
148
+ ok: false,
149
+ error: [{ kind: "invalid-json", input: raw, message: msg }]
150
+ };
151
+ }
152
+ }
153
+ return parseHeaderList(raw);
154
+ }
155
+ function hintFor(error) {
156
+ switch (error.kind) {
157
+ case "missing-colon":
158
+ return "header name and value must be separated by a colon (Name: Value)";
159
+ case "empty-name":
160
+ return "header name cannot be empty — got a bare colon";
161
+ case "name-has-whitespace":
162
+ return "header names cannot contain whitespace — did you mean to use a hyphen?";
163
+ case "invalid-name-char":
164
+ return `'${error.char}' is not allowed in header names (use letters, digits, hyphens, or any of !#$%&'*+-.^_\`|~)`;
165
+ case "control-char-in-value":
166
+ return "header values cannot contain control characters (CR, LF, NUL, etc.)";
167
+ case "crlf-in-value":
168
+ return "header values cannot contain CR/LF (HTTP header injection risk)";
169
+ case "duplicate-key-in-bulk":
170
+ return `'${error.key}' was set twice in this batch — keep only one (later value would win)`;
171
+ case "invalid-json":
172
+ return 'expected a JSON object like {"X-API-Key": "abc"} with string values only';
173
+ case "file-read-failed":
174
+ return `could not read ${error.path}`;
175
+ }
176
+ }
177
+ function formatParseError(error) {
178
+ const hint = hintFor(error);
179
+ switch (error.kind) {
180
+ case "missing-colon":
181
+ case "empty-name":
182
+ case "name-has-whitespace":
183
+ return `reason: ${error.kind}
184
+ hint: ${hint}`;
185
+ case "invalid-name-char":
186
+ return `reason: ${error.kind} at position ${error.position} ('${error.char}')
187
+ hint: ${hint}`;
188
+ case "control-char-in-value":
189
+ case "crlf-in-value":
190
+ return `reason: ${error.kind} at position ${error.position}
191
+ hint: ${hint}`;
192
+ case "duplicate-key-in-bulk":
193
+ return `reason: duplicate key '${error.key}' (lines ${error.firstAt + 1} and ${error.secondAt + 1})
194
+ hint: ${hint}`;
195
+ case "invalid-json":
196
+ return `reason: ${error.kind}: ${error.message}
197
+ hint: ${hint}`;
198
+ case "file-read-failed":
199
+ return `reason: file-read-failed: ${error.message}
200
+ hint: ${hint}`;
201
+ }
202
+ }
203
+ export {
204
+ parseHeadersFromFile,
205
+ parseHeaderLine,
206
+ formatParseError
207
+ };
@@ -0,0 +1,31 @@
1
+ import {
2
+ DEFAULT_CONCURRENCY,
3
+ runPentestSwarm,
4
+ runPentestWorkflow
5
+ } from "./cli-rhry8mat.js";
6
+ import"./cli-v9ds4jb8.js";
7
+ import"./cli-0tnv1vkp.js";
8
+ import"./cli-4xb21y6g.js";
9
+ import"./cli-abbka8n3.js";
10
+ import"./cli-9fsre5pt.js";
11
+ import"./cli-k0730f59.js";
12
+ import"./cli-wfmdch3r.js";
13
+ import"./cli-mswm4k81.js";
14
+ import"./cli-ryy39d77.js";
15
+ import"./cli-fw5r7pfj.js";
16
+ import"./cli-c8131c4q.js";
17
+ import"./cli-s1nckt4k.js";
18
+ import"./cli-87zakjb2.js";
19
+ import"./cli-6p7d2k55.js";
20
+ import"./cli-w5990vr6.js";
21
+ import"./cli-e6rgwtpb.js";
22
+ import"./cli-9egg9azd.js";
23
+ import"./cli-gpnb45ck.js";
24
+ import"./cli-gtcd5c3f.js";
25
+ import"./cli-g5h24ny8.js";
26
+ import"./cli-8rxa073f.js";
27
+ export {
28
+ runPentestWorkflow,
29
+ runPentestSwarm,
30
+ DEFAULT_CONCURRENCY
31
+ };
@@ -3,10 +3,29 @@ import {
3
3
  dispatchPentest,
4
4
  getScan,
5
5
  listScans
6
- } from "./cli-q7r2sth7.js";
7
- import"./cli-asyas1xb.js";
8
- import"./cli-nr1cjfr9.js";
9
- import"./cli-dj1dgw2n.js";
6
+ } from "./cli-q8dfq25x.js";
7
+ import"./cli-rhry8mat.js";
8
+ import"./cli-v9ds4jb8.js";
9
+ import"./cli-0tnv1vkp.js";
10
+ import"./cli-8frjr68r.js";
11
+ import"./cli-4xb21y6g.js";
12
+ import"./cli-abbka8n3.js";
13
+ import"./cli-9fsre5pt.js";
14
+ import"./cli-k0730f59.js";
15
+ import"./cli-wfmdch3r.js";
16
+ import"./cli-mswm4k81.js";
17
+ import"./cli-ryy39d77.js";
18
+ import"./cli-fw5r7pfj.js";
19
+ import"./cli-c8131c4q.js";
20
+ import"./cli-s1nckt4k.js";
21
+ import"./cli-87zakjb2.js";
22
+ import"./cli-6p7d2k55.js";
23
+ import"./cli-w5990vr6.js";
24
+ import"./cli-e6rgwtpb.js";
25
+ import"./cli-9egg9azd.js";
26
+ import"./cli-gpnb45ck.js";
27
+ import"./cli-gtcd5c3f.js";
28
+ import"./cli-g5h24ny8.js";
10
29
  import"./cli-8rxa073f.js";
11
30
 
12
31
  // src/cli/pentests.ts
@@ -17,10 +36,12 @@ function getFlag(flag, argv) {
17
36
  function showHelp() {
18
37
  console.log(`pensar pentests — Manage pentests via the Pensar API
19
38
 
39
+ All commands operate on the selected workspace (set via \`pensar login\`).
40
+
20
41
  Usage:
21
- pensar pentests <projectId> List pentests for a project
22
- pensar pentests get <pentestId> Get pentest details
23
- pensar pentests dispatch <projectId> [options] Dispatch a new pentest
42
+ pensar pentests List pentests in the workspace
43
+ pensar pentests get <pentestId> Get pentest details
44
+ pensar pentests dispatch [options] Dispatch a new pentest
24
45
 
25
46
  dispatch options:
26
47
  --branch <branch> Target branch to scan
@@ -32,7 +53,7 @@ Options:
32
53
  async function main() {
33
54
  const args = process.argv.slice(2);
34
55
  const sub = args[0];
35
- if (!sub || sub === "--help" || sub === "-h" || sub === "help") {
56
+ if (sub === "--help" || sub === "-h" || sub === "help") {
36
57
  showHelp();
37
58
  return;
38
59
  }
@@ -47,19 +68,17 @@ async function main() {
47
68
  const scan = await getScan(pentestId);
48
69
  console.log(JSON.stringify(scan, null, 2));
49
70
  } else if (sub === "dispatch") {
50
- const projectId = args[1];
51
- if (!projectId) {
52
- console.error("Error: project ID is required");
53
- console.error("Usage: pensar pentests dispatch <projectId> [--branch <branch>] [--level <priority|full>]");
54
- process.exit(1);
55
- }
56
71
  const branch = getFlag("--branch", args);
57
72
  const scanLevel = getFlag("--level", args);
58
- const result = await dispatchPentest(projectId, { branch, scanLevel });
73
+ const result = await dispatchPentest({ branch, scanLevel });
59
74
  console.log(JSON.stringify(result, null, 2));
60
- } else {
61
- const scans = await listScans(sub);
75
+ } else if (!sub || sub === "list") {
76
+ const scans = await listScans();
62
77
  console.log(JSON.stringify(scans, null, 2));
78
+ } else {
79
+ console.error(`Error: Unknown subcommand "${sub}"`);
80
+ showHelp();
81
+ process.exit(1);
63
82
  }
64
83
  } catch (err) {
65
84
  console.error(`
@@ -1,18 +1,21 @@
1
1
  import {
2
2
  TargetedPentestAgent
3
- } from "./cli-y61d9433.js";
4
- import"./cli-3w2syxpv.js";
5
- import"./cli-tp1tqn3k.js";
6
- import"./cli-g8t710ew.js";
7
- import"./cli-3y0dgy56.js";
8
- import"./cli-k0tckznm.js";
9
- import"./cli-0ghkg3w6.js";
10
- import"./cli-dqt80sw3.js";
11
- import"./cli-asyas1xb.js";
3
+ } from "./cli-0tnv1vkp.js";
4
+ import"./cli-9fsre5pt.js";
5
+ import"./cli-k0730f59.js";
6
+ import"./cli-wfmdch3r.js";
7
+ import"./cli-mswm4k81.js";
8
+ import"./cli-ryy39d77.js";
9
+ import"./cli-c8131c4q.js";
10
+ import"./cli-s1nckt4k.js";
11
+ import"./cli-87zakjb2.js";
12
+ import"./cli-6p7d2k55.js";
13
+ import"./cli-w5990vr6.js";
14
+ import"./cli-e6rgwtpb.js";
15
+ import"./cli-9egg9azd.js";
12
16
  import"./cli-gpnb45ck.js";
13
- import"./cli-nr1cjfr9.js";
14
- import"./cli-dj1dgw2n.js";
15
- import"./cli-03z6pswp.js";
17
+ import"./cli-gtcd5c3f.js";
18
+ import"./cli-g5h24ny8.js";
16
19
  import"./cli-8rxa073f.js";
17
20
 
18
21
  // src/core/api/targetedPentest.ts
@@ -0,0 +1,29 @@
1
+ import {
2
+ runThreatModelWorkflow
3
+ } from "./cli-q8dfq25x.js";
4
+ import"./cli-rhry8mat.js";
5
+ import"./cli-v9ds4jb8.js";
6
+ import"./cli-0tnv1vkp.js";
7
+ import"./cli-8frjr68r.js";
8
+ import"./cli-4xb21y6g.js";
9
+ import"./cli-abbka8n3.js";
10
+ import"./cli-9fsre5pt.js";
11
+ import"./cli-k0730f59.js";
12
+ import"./cli-wfmdch3r.js";
13
+ import"./cli-mswm4k81.js";
14
+ import"./cli-ryy39d77.js";
15
+ import"./cli-fw5r7pfj.js";
16
+ import"./cli-c8131c4q.js";
17
+ import"./cli-s1nckt4k.js";
18
+ import"./cli-87zakjb2.js";
19
+ import"./cli-6p7d2k55.js";
20
+ import"./cli-w5990vr6.js";
21
+ import"./cli-e6rgwtpb.js";
22
+ import"./cli-9egg9azd.js";
23
+ import"./cli-gpnb45ck.js";
24
+ import"./cli-gtcd5c3f.js";
25
+ import"./cli-g5h24ny8.js";
26
+ import"./cli-8rxa073f.js";
27
+ export {
28
+ runThreatModelWorkflow
29
+ };
@@ -1,16 +1,18 @@
1
1
  #!/usr/bin/env bun
2
2
  import {
3
- detectInstallMethod
4
- } from "./cli-dj1dgw2n.js";
3
+ detectInstallMethod,
4
+ init_installation
5
+ } from "./cli-g5h24ny8.js";
5
6
  import {
6
7
  __require
7
8
  } from "./cli-8rxa073f.js";
8
9
 
9
10
  // src/cli/uninstall.ts
11
+ init_installation();
12
+ import { spawnSync } from "child_process";
13
+ import fs from "fs/promises";
10
14
  import os from "os";
11
15
  import path from "path";
12
- import fs from "fs/promises";
13
- import { spawnSync } from "child_process";
14
16
  import * as readline from "readline";
15
17
  var PRESERVED_DIRS = new Set(["sessions", "memories", "skills"]);
16
18
  function getPensarDir() {
@@ -3,13 +3,21 @@ import {
3
3
  init_types
4
4
  } from "./cli-yz80qkzn.js";
5
5
  import {
6
- AVAILABLE_MODELS,
7
- init_models
8
- } from "./cli-03z6pswp.js";
6
+ init_ai
7
+ } from "./cli-87zakjb2.js";
8
+ import {
9
+ AVAILABLE_MODELS
10
+ } from "./cli-6p7d2k55.js";
11
+ import"./cli-w5990vr6.js";
12
+ import"./cli-e6rgwtpb.js";
13
+ import"./cli-9egg9azd.js";
14
+ import"./cli-gpnb45ck.js";
15
+ import"./cli-gtcd5c3f.js";
16
+ import"./cli-g5h24ny8.js";
9
17
  import"./cli-8rxa073f.js";
10
18
 
11
19
  // src/core/providers/utils.ts
12
- init_models();
20
+ init_ai();
13
21
  init_types();
14
22
  var PROVIDER_PREFERENCE_ORDER = [
15
23
  "pensar",
@@ -22,7 +30,7 @@ var PROVIDER_PREFERENCE_ORDER = [
22
30
  var PREFERRED_MODEL_BY_PROVIDER = {
23
31
  pensar: "pensar:anthropic.claude-opus-4-6-v1",
24
32
  anthropic: "claude-opus-4-6",
25
- openai: "gpt-5.2-pro",
33
+ openai: "gpt-5.5",
26
34
  google: "gemini-3.1-pro-preview",
27
35
  openrouter: "anthropic/claude-opus-4.6",
28
36
  bedrock: "anthropic.claude-opus-4-6-v1"
@@ -62,9 +70,6 @@ function isProviderConfigured(providerId, config) {
62
70
  function hasAnyProviderConfigured(config) {
63
71
  return !!config.anthropicAPIKey || !!config.openAiAPIKey || !!config.googleAPIKey || !!config.openRouterAPIKey || !!config.inceptionAPIKey || !!config.bedrockAPIKey || !!config.localModelUrl || !!config.localModelName || !!process.env.LOCAL_MODEL_URL || !!config.pensarAPIKey || !!config.accessToken;
64
72
  }
65
- function getModelsByProvider(providerId) {
66
- return AVAILABLE_MODELS.filter((model) => model.provider === providerId);
67
- }
68
73
  function getAvailableModels(config) {
69
74
  const models = AVAILABLE_MODELS.filter((model) => {
70
75
  return isProviderConfigured(model.provider, config);
@@ -103,9 +108,7 @@ function getDefaultModelForConfig(config) {
103
108
  return available[0] ?? null;
104
109
  }
105
110
  export {
106
- isProviderConfigured,
107
111
  hasAnyProviderConfigured,
108
- getModelsByProvider,
109
112
  getDefaultModelForConfig,
110
113
  getConfiguredProviders,
111
114
  getAvailableModels