@pensar/apex 2.0.0-canary.241920ad → 2.0.0

package/build/{cli-5h1kv0v4.js → cli-h825qzmd.js}

@@ -4,7 +4,7 @@ import {
   init_auth,
   init_constants,
   signGatewayRequest
-} from "./cli-78s9w64j.js";
+} from "./cli-948dk60p.js";
 import {
   AISDKError,
   APICallError,
@@ -32,7 +32,6 @@ import {
   delay,
   executeTool,
   exports_external,
-  exports_external1 as exports_external2,
   gateway,
   getErrorMessage,
   getErrorMessage1 as getErrorMessage2,
@@ -43,7 +42,6 @@ import {
   init_stream,
   init_v3,
   init_v4,
-  init_zod,
   isAbortError,
   isUrlSupported,
   lazySchema,
@@ -57,24 +55,17 @@ import {
   validateDownloadUrl,
   validateTypes,
   withUserAgentSuffix,
-  zodSchema,
-  zod_default
+  zodSchema
 } from "./cli-e6rgwtpb.js";
 import {
   config,
   init_config
-} from "./cli-rtbry75t.js";
+} from "./cli-h6nw89zf.js";
 import {
-  getCurrentVersion,
-  init_installation
-} from "./cli-k1vsv3qh.js";
-import {
-  __callDispose,
   __commonJS,
   __esm,
   __require,
-  __toESM,
-  __using
+  __toESM
 } from "./cli-8rxa073f.js";
 
 // node_modules/ai/dist/index.mjs
@@ -8785,20 +8776,6 @@ var init_models = __esm(() => {
   ];
 });
 
-// src/core/util/lazyLogger.ts
-function scopedLogger(factory) {
-  let instance;
-  const get = () => instance ??= factory();
-  return new Proxy({}, {
-    get(_target, prop) {
-      const inst = get();
-      const value = inst[prop];
-      return typeof value === "function" ? value.bind(inst) : value;
-    }
-  });
-}
-var init_lazyLogger = () => {};
-
 // node_modules/@ai-sdk/provider-utils/dist/index.mjs
 function combineHeaders(...headers) {
   return headers.reduce((combinedHeaders, currentHeaders) => ({
@@ -42457,7 +42434,7 @@ function wrapStreamWithErrorHandler(originalStream, messagesContainer, opts, mod
               if (!isCtxError && isStreamIdleTimeoutError(error) && idleResumeCount < MAX_IDLE_RESUME_RETRIES && messagesContainer.current.length > 0) {
                 const nextIdleCount = idleResumeCount + 1;
                 if (!silent) {
-                  log.warn(`Stream stalled (attempt ${nextIdleCount}/${MAX_IDLE_RESUME_RETRIES}), resuming with ${messagesContainer.current.length} messages: ${errorMessage}`);
+                  console.warn(`Stream stalled (attempt ${nextIdleCount}/${MAX_IDLE_RESUME_RETRIES}), resuming with ${messagesContainer.current.length} messages: ${errorMessage}`);
                 }
                 const retriedStream = streamResponse({
                   ...opts,
@@ -42473,7 +42450,7 @@ function wrapStreamWithErrorHandler(originalStream, messagesContainer, opts, mod
                 const nextRetryCount = rateLimitRetryCount + 1;
                 const delayMs = Math.min(1000 * nextRetryCount, 30000);
                 if (!silent) {
-                  log.warn(`Rate limit error (attempt ${nextRetryCount}/${MAX_RATE_LIMIT_RETRIES}), waiting ${delayMs}ms: ${errorMessage}`);
+                  console.warn(`Rate limit error (attempt ${nextRetryCount}/${MAX_RATE_LIMIT_RETRIES}), waiting ${delayMs}ms: ${errorMessage}`);
                 }
                 await new Promise((resolve4) => setTimeout(resolve4, delayMs));
                 const retriedStream = streamResponse({
@@ -42505,7 +42482,7 @@ function wrapStreamWithErrorHandler(originalStream, messagesContainer, opts, mod
                 let postReactiveDepth = opts._restartDepth ?? 0;
                 if (fitted.fitsBudget && fitted.modified) {
                   if (!silent) {
-                    log.warn(`Context length error — Layer 1+2 reduced to ~${fitted.estimatedInputTokens} tokens, retrying`);
+                    console.warn(`Context length error — Layer 1+2 reduced to ~${fitted.estimatedInputTokens} tokens, retrying`);
                   }
                   try {
                     const retried = streamResponse({
@@ -42527,7 +42504,7 @@ function wrapStreamWithErrorHandler(originalStream, messagesContainer, opts, mod
                 }
                 const messagesForSummary = messagesContainer.current;
                 if (!silent) {
-                  log.warn(`Context length error — summarizing ${messagesForSummary.length} messages`);
+                  console.warn(`Context length error — summarizing ${messagesForSummary.length} messages`);
                 }
                 try {
                   const summarizationStream = createSummarizationStream(messagesForSummary, { ...opts, _restartDepth: postReactiveDepth }, model);
@@ -42540,7 +42517,7 @@ function wrapStreamWithErrorHandler(originalStream, messagesContainer, opts, mod
                   }
                   if (!silent) {
                     const sumMsg = summarizeError instanceof Error ? summarizeError.message : String(summarizeError);
-                    log.warn(`Layer 3 summarization failed (${sumMsg}). Falling back to minimal-context restart.`);
+                    console.error(`Layer 3 summarization failed (${sumMsg}). Falling back to minimal-context restart.`);
                   }
                   opts.onSummarized?.("");
                   const minimalPrompt = typeof opts.prompt === "string" && opts.prompt.length > 0 ? opts.prompt.slice(0, 4000) : MINIMAL_RESTART_PROMPT;
@@ -42556,9 +42533,7 @@ function wrapStreamWithErrorHandler(originalStream, messagesContainer, opts, mod
                 }
               } else {
                 if (!silent) {
-                  log.error("Non-recoverable stream error, re-throwing", {
-                    error: errorMessage
-                  });
+                  console.error("Non-recoverable stream error, re-throwing:", errorMessage);
                 }
                 throw error;
               }
@@ -42645,13 +42620,13 @@ function streamResponse(opts) {
     fittedMessages = fitted.messages;
     proactiveFitFailed = !fitted.fitsBudget;
     if (fitted.modified && !silent) {
-      log.warn(`Proactive context fit: compacted messages to ~${fitted.estimatedInputTokens} tokens (fits=${fitted.fitsBudget})`);
+      console.warn(`Proactive context fit: compacted messages to ~${fitted.estimatedInputTokens} tokens (fits=${fitted.fitsBudget})`);
     }
   }
   const messagesContainer = { current: fittedMessages || [] };
   if (proactiveFitFailed && fittedMessages) {
     if (!silent) {
-      log.warn(`Proactive context fit returned fitsBudget=false on ${fittedMessages.length} messages — escalating to summarization before send`);
+      console.warn(`Proactive context fit returned fitsBudget=false on ${fittedMessages.length} messages — escalating to summarization before send`);
     }
     return wrapStreamWithErrorHandler(createSummarizationStream(fittedMessages, opts, providerModel), messagesContainer, opts, providerModel, silent);
   }
@@ -42744,17 +42719,16 @@ function streamResponse(opts) {
       }) => {
         try {
           if (!silent) {
-            log.debug(`Repairing tool call: ${toolCall.toolName}`, {
-              error: error.message || String(error)
-            });
+            console.log(`\uD83D\uDD27 Repairing tool call: ${toolCall.toolName}`);
+            console.log(`   Error: ${error.message || error}`);
             if (error.message && (error.message.includes("severity") || error.message.includes("riskLevel"))) {
-              log.debug("Enum validation error — tool call repair will normalize the value");
+              console.log(`   Note: This appears to be an enum validation error. Tool call repair will normalize the value.`);
             }
           }
           const tool6 = tools2[toolCall.toolName];
           if (!tool6 || !tool6.inputSchema) {
             if (!silent) {
-              log.warn(`Cannot repair tool call: ${toolCall.toolName} not found or has no schema`);
+              console.error(`Cannot repair tool call: ${toolCall.toolName} not found or has no schema`);
             }
             return null;
           }
@@ -42818,16 +42792,14 @@ function streamResponse(opts) {
           }
           if (repairedArgs === undefined || repairedArgs === null) {
             if (!silent) {
-              log.warn(`Tool call repair for "${toolCall.toolName}" produced no valid output`);
+              console.error(`Tool call repair for "${toolCall.toolName}" produced no valid output`);
             }
             return null;
           }
           return { ...toolCall, input: JSON.stringify(repairedArgs) };
         } catch (repairError) {
           if (!silent) {
-            log.warn("Error repairing tool call", {
-              error: String(repairError)
-            });
+            console.error("Error repairing tool call:", repairError instanceof Error ? repairError.message : String(repairError));
           }
           return null;
         }
@@ -42840,14 +42812,12 @@ function streamResponse(opts) {
     const outerErrorMessage = error instanceof Error ? error.message : String(error);
     if (isContextLengthError) {
       if (!silent) {
-        log.warn(`Context length error, summarizing ${messagesContainer.current.length} messages`, { error: outerErrorMessage });
+        console.warn(`Context length error, summarizing ${messagesContainer.current.length} messages: `, outerErrorMessage);
       }
       return wrapStreamWithErrorHandler(createSummarizationStream(messagesContainer.current, opts, providerModel), messagesContainer, opts, providerModel, silent);
     }
     if (!silent) {
-      log.error("Non-context length error, re-throwing", {
-        error: outerErrorMessage
-      });
+      console.error("Non-context length error, re-throwing", outerErrorMessage);
     }
     throw error;
   }
@@ -42920,17 +42890,14 @@ async function generateObjectResponse(opts) {
   }
   throw lastError;
 }
-var log, DEFAULT_OPENAI_REASONING_EFFORT = "medium", OPENAI_REASONING_MODEL_IDS, _usageCallback = null, MAX_RATE_LIMIT_RETRIES = 20, MAX_IDLE_RESUME_RETRIES = 3, STREAM_IDLE_TIMEOUT_MS, StreamIdleTimeoutError, MAX_OBJECT_RATE_LIMIT_RETRIES = 8, ContextLengthError, ContextLengthExhaustedError, MAX_RESTART_DEPTH = 3, MAX_TOOL_INPUT_CHARS = 8000, MAX_SCHEMA_CHARS = 6000, MINIMAL_RESTART_PROMPT = "Continue the previous task. Earlier context was discarded due to repeated context-length errors.";
+var DEFAULT_OPENAI_REASONING_EFFORT = "medium", OPENAI_REASONING_MODEL_IDS, _usageCallback = null, MAX_RATE_LIMIT_RETRIES = 20, MAX_IDLE_RESUME_RETRIES = 3, STREAM_IDLE_TIMEOUT_MS, StreamIdleTimeoutError, MAX_OBJECT_RATE_LIMIT_RETRIES = 8, ContextLengthError, ContextLengthExhaustedError, MAX_RESTART_DEPTH = 3, MAX_TOOL_INPUT_CHARS = 8000, MAX_SCHEMA_CHARS = 6000, MINIMAL_RESTART_PROMPT = "Continue the previous task. Earlier context was discarded due to repeated context-length errors.";
 var init_ai = __esm(() => {
   init_dist4();
-  init_structured();
   init_observability();
-  init_lazyLogger();
   init_caching();
   init_contextManagement();
   init_models();
   init_utils();
-  log = scopedLogger(() => createLogger("ai"));
   OPENAI_REASONING_MODEL_IDS = new Set([
     "gpt-5",
     "gpt-5-2025-08-07",
@@ -42970,1407 +42937,6 @@ var init_ai = __esm(() => {
   };
 });
 
-// src/core/ai/index.ts
-var init_ai2 = __esm(() => {
-  init_ai();
-  init_models();
-  init_utils();
-});
-
-// src/util/name.ts
-function generateRandomName() {
-  const adj = adjectives[Math.floor(Math.random() * adjectives.length)] ?? "swift";
-  const noun = nouns[Math.floor(Math.random() * nouns.length)] ?? "falcon";
-  return `${adj}-${noun}`;
-}
-async function generateSessionName(opts) {
-  const { targets, userMessage, model, authConfig, abortSignal } = opts;
-  const contextParts = [];
-  if (targets.length > 0) {
-    contextParts.push(`Target(s): ${targets.join(", ")}`);
-  }
-  if (userMessage) {
-    contextParts.push(`User objective: ${userMessage}`);
-  }
-  if (contextParts.length === 0)
-    return null;
-  const prompt = [
-    "Generate a short, descriptive name for a penetration testing session.",
-    "The name should be 2-4 lowercase words separated by hyphens.",
-    "It should capture the key aspect of the target or task — e.g. 'acme-api-pentest', 'login-auth-bypass', 'ecommerce-checkout-test'.",
-    "",
-    ...contextParts
-  ].join(`
-`);
-  try {
-    const result = await generateObjectResponse({
-      model,
-      schema: sessionNameSchema,
-      prompt,
-      maxTokens: 50,
-      temperature: 0.7,
-      authConfig,
-      abortSignal
-    });
-    if (!result?.name)
-      return null;
-    const name29 = result.name.toLowerCase().replace(/[^a-z0-9-]/g, "-").replace(/-+/g, "-").replace(/^-|-$/g, "").slice(0, 50);
-    return name29 || null;
-  } catch {
-    return null;
-  }
-}
-var adjectives, nouns, sessionNameSchema;
-var init_name = __esm(() => {
-  init_zod();
-  init_ai2();
-  adjectives = [
-    "swift",
-    "bright",
-    "calm",
-    "bold",
-    "keen",
-    "noble",
-    "quick",
-    "sharp",
-    "vivid",
-    "warm",
-    "agile",
-    "brave",
-    "clever",
-    "daring",
-    "eager",
-    "fierce",
-    "gentle",
-    "humble",
-    "jolly",
-    "lively",
-    "merry",
-    "nimble",
-    "proud",
-    "quiet",
-    "rapid",
-    "serene",
-    "sturdy",
-    "tender",
-    "valiant",
-    "witty",
-    "zealous"
-  ];
-  nouns = [
-    "falcon",
-    "wolf",
-    "hawk",
-    "bear",
-    "lion",
-    "tiger",
-    "eagle",
-    "raven",
-    "phoenix",
-    "dragon",
-    "panther",
-    "cobra",
-    "viper",
-    "shark",
-    "orca",
-    "mantis",
-    "spider",
-    "scorpion",
-    "hydra",
-    "griffin",
-    "sphinx",
-    "kraken",
-    "cipher",
-    "nexus",
-    "prism",
-    "vector",
-    "matrix",
-    "pulse",
-    "surge",
-    "flux"
-  ];
-  sessionNameSchema = exports_external2.object({
-    name: exports_external2.string().describe("A short, descriptive session name (2-4 words, lowercase, hyphenated)")
-  });
-});
-
-// src/core/credentials/manager.ts
-import { randomBytes } from "crypto";
-function generateCredentialId() {
-  return `cred_${randomBytes(8).toString("hex")}`;
-}
-function inferType(cred) {
-  const hasPwd = !!cred.password;
-  const hasApiKey = !!cred.apiKey;
-  const hasBearer = !!cred.tokens?.bearerToken;
-  const hasHeaders = !!cred.tokens?.customHeaders && Object.keys(cred.tokens.customHeaders).length > 0;
-  const hasCookies = !!cred.tokens?.cookies;
-  const count = (hasPwd ? 1 : 0) + (hasApiKey ? 1 : 0) + (hasBearer ? 1 : 0) + (hasHeaders ? 1 : 0) + (hasCookies ? 1 : 0);
-  if (count > 1)
-    return "composite";
-  if (hasPwd)
-    return "username-password";
-  if (hasApiKey)
-    return "api-key";
-  if (hasBearer)
-    return "bearer-token";
-  if (hasHeaders)
-    return "custom-headers";
-  if (hasCookies)
-    return "cookies";
-  return "username-password";
-}
-function toReference(stored) {
-  const ref = {
-    id: stored.id,
-    type: stored.type
-  };
-  if (stored.label)
-    ref.label = stored.label;
-  if (stored.role)
-    ref.role = stored.role;
-  if (stored.username)
-    ref.username = stored.username;
-  if (stored.loginUrl)
-    ref.loginUrl = stored.loginUrl;
-  if (stored.tokens?.customHeaders) {
-    ref.customHeaderKeys = Object.keys(stored.tokens.customHeaders);
-  }
-  const ctx = stored.metadata?.context;
-  if (typeof ctx === "string" && ctx)
-    ref.context = ctx;
-  return ref;
-}
-
-class CredentialManager {
-  store = new Map;
-  findDuplicate(candidate) {
-    for (const [id, existing] of this.store) {
-      if (existing.username === candidate.username && existing.password === candidate.password && existing.apiKey === candidate.apiKey && existing.loginUrl === candidate.loginUrl && existing.tokens?.bearerToken === candidate.tokens?.bearerToken && existing.tokens?.cookies === candidate.tokens?.cookies && existing.tokens?.sessionToken === candidate.tokens?.sessionToken && JSON.stringify(existing.tokens?.customHeaders) === JSON.stringify(candidate.tokens?.customHeaders)) {
-        return id;
-      }
-    }
-    return;
-  }
-  add(input) {
-    const id = input.id ?? generateCredentialId();
-    const type = input.type ?? inferType(input);
-    const stored = { ...input, id, type };
-    this.store.set(id, stored);
-    return id;
-  }
-  addFromAuthCredentials(creds, extra) {
-    const candidate = {
-      username: creds.username,
-      password: creds.password,
-      apiKey: creds.apiKey,
-      loginUrl: creds.loginUrl,
-      additionalFields: creds.additionalFields,
-      tokens: creds.tokens,
-      label: extra?.label,
-      role: extra?.role ?? creds.role,
-      metadata: creds.context ? { context: creds.context } : undefined
-    };
-    const existingId = this.findDuplicate(candidate);
-    if (existingId)
-      return existingId;
-    return this.add(candidate);
-  }
-  resolve(credentialId) {
-    return this.store.get(credentialId);
-  }
-  getReference(credentialId) {
-    const stored = this.store.get(credentialId);
-    if (!stored)
-      return;
-    return toReference(stored);
-  }
-  listReferences() {
-    return Array.from(this.store.values()).map(toReference);
-  }
-  listCredentialsWithHeaders() {
-    const out = [];
-    for (const stored of this.store.values()) {
-      const headers = stored.tokens?.customHeaders;
-      if (headers && Object.keys(headers).length > 0) {
-        out.push({ tokens: { customHeaders: { ...headers } } });
-      }
-    }
-    return out;
-  }
-  remove(credentialId) {
-    return this.store.delete(credentialId);
-  }
-  get size() {
-    return this.store.size;
-  }
-  clear() {
-    this.store.clear();
-  }
-  toAuthCredentials(credentialId) {
-    const stored = this.resolve(credentialId);
-    if (!stored)
-      return;
-    const result = {};
-    if (stored.username)
-      result.username = stored.username;
-    if (stored.password)
-      result.password = stored.password;
-    if (stored.apiKey)
-      result.apiKey = stored.apiKey;
-    if (stored.loginUrl)
-      result.loginUrl = stored.loginUrl;
-    if (stored.additionalFields)
-      result.additionalFields = stored.additionalFields;
-    if (stored.tokens)
-      result.tokens = { ...stored.tokens };
-    return result;
-  }
-  formatForPrompt() {
-    const refs = this.listReferences();
-    if (refs.length === 0)
-      return "";
-    const lines = refs.map((ref) => {
-      const parts = [`- Credential ID: ${ref.id}`];
-      if (ref.label)
-        parts.push(`  Label: ${ref.label}`);
-      parts.push(`  Type: ${ref.type}`);
-      if (ref.role)
-        parts.push(`  Role: ${ref.role}`);
-      if (ref.username)
-        parts.push(`  Username: ${ref.username}`);
-      if (ref.loginUrl)
-        parts.push(`  Login URL: ${ref.loginUrl}`);
-      if (ref.customHeaderKeys?.length) {
-        parts.push(`  Header keys: ${ref.customHeaderKeys.join(", ")}`);
-      }
-      if (ref.context)
-        parts.push(`  Context: ${ref.context}`);
-      return parts.join(`
-`);
-    });
-    return `<available_credentials>
-The following credentials are available. To use a credential, pass its ID to the appropriate tool.
-Do NOT ask the user for passwords or secrets — they are resolved automatically from the credential ID.
-
-${lines.join(`
-
-`)}
-</available_credentials>`;
-  }
-}
-var init_manager = () => {};
-
-// src/core/credentials/index.ts
-var init_credentials = __esm(() => {
-  init_manager();
-});
-
-// src/core/id/id.ts
-import { randomBytes as randomBytes2 } from "crypto";
-function schema(prefix) {
-  return zod_default.string().startsWith(prefixes[prefix]);
-}
-function descending(prefix, given) {
-  return generateID(prefix, true, given);
-}
-function generateID(prefix, descending2, given) {
-  if (!given) {
-    return create(prefix, descending2);
-  }
-  if (!given.startsWith(prefixes[prefix])) {
-    throw new Error(`ID ${given} does not start with ${prefixes[prefix]}`);
-  }
-  return given;
-}
-function randomBase62(length) {
-  const chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-  let result = "";
-  const bytes = randomBytes2(length);
-  for (let i = 0;i < length; i++) {
-    result += chars[bytes[i] % 62];
-  }
-  return result;
-}
-function create(prefix, descending2, timestamp) {
-  const currentTimestamp = timestamp ?? Date.now();
-  if (currentTimestamp !== lastTimestamp) {
-    lastTimestamp = currentTimestamp;
-    counter = 0;
-  }
-  counter++;
-  let now2 = BigInt(currentTimestamp) * BigInt(4096) + BigInt(counter);
-  now2 = descending2 ? ~now2 : now2;
-  const timeBytes = Buffer.alloc(6);
-  for (let i = 0;i < 6; i++) {
-    timeBytes[i] = Number(now2 >> BigInt(40 - 8 * i) & BigInt(255));
-  }
-  return prefixes[prefix] + "_" + timeBytes.toString("hex") + randomBase62(LENGTH - 12);
-}
-var prefixes, LENGTH = 26, lastTimestamp = 0, counter = 0;
-var init_id = __esm(() => {
-  init_zod();
-  prefixes = {
-    session: "ses",
-    message: "msg",
-    permission: "per",
-    user: "usr",
-    part: "prt"
-  };
-});
-
-// src/core/services/rateLimiter/index.ts
-function sleep(ms) {
-  return new Promise((resolve4) => setTimeout(resolve4, ms));
-}
-
-class RateLimiter {
-  tokens;
-  lastRefillTime;
-  rps;
-  bucketSize;
-  msPerToken;
-  queue;
-  constructor(config2) {
-    this.rps = config2?.requestsPerSecond;
-    this.bucketSize = this.rps ? 1 : 0;
-    this.tokens = this.bucketSize;
-    this.lastRefillTime = performance.now();
-    this.msPerToken = this.rps ? 1000 / this.rps : undefined;
-    this.queue = Promise.resolve();
-  }
-  async acquireSlot() {
-    if (!this.rps || !this.msPerToken)
-      return;
-    const previousPromise = this.queue;
-    let resolveCurrentRequest;
-    this.queue = new Promise((resolve4) => {
-      resolveCurrentRequest = resolve4;
-    });
-    await previousPromise;
-    try {
-      const now2 = performance.now();
-      this.refill(now2);
-      if (this.tokens < 1) {
-        const waitTime = (1 - this.tokens) * this.msPerToken;
-        await sleep(waitTime);
-        const nowAfterSleep = performance.now();
-        this.refill(nowAfterSleep);
-      }
-      this.tokens -= 1;
-    } finally {
-      resolveCurrentRequest();
-    }
-  }
-  refill(now2) {
-    if (this.tokens >= this.bucketSize) {
-      this.lastRefillTime = now2;
-      return;
-    }
-    const elapsed = now2 - this.lastRefillTime;
-    const tokensToAdd = elapsed / this.msPerToken;
-    this.tokens = Math.min(this.bucketSize, this.tokens + tokensToAdd);
-    this.lastRefillTime = now2;
-  }
-  isEnabled() {
-    return this.rps !== undefined;
-  }
-}
-var init_rateLimiter = () => {};
-
-// src/util/errors.ts
-var NamedError;
-var init_errors = __esm(() => {
-  init_zod();
-  NamedError = class NamedError extends Error {
-    static create(name29, data) {
-      const schema2 = zod_default.object({
-        name: zod_default.literal(name29),
-        data
-      });
-      const result = class extends NamedError {
-        data;
-        static Schema = schema2;
-        name = name29;
-        constructor(data2, options) {
-          super(name29, options);
-          this.data = data2;
-          this.name = name29;
-        }
-        static isInstance(input) {
-          return typeof input === "object" && input !== null && "name" in input && input.name === name29;
-        }
-        schema() {
-          return schema2;
-        }
-        toObject() {
-          return {
-            name: name29,
-            data: this.data
-          };
-        }
-      };
-      Object.defineProperty(result, "name", { value: name29 });
-      return result;
-    }
-    static Unknown = NamedError.create("UnknownError", zod_default.object({
-      message: zod_default.string()
-    }));
-  };
-});
-
-// src/util/lock.ts
-function getLock(key) {
-  let lock = locks.get(key);
-  if (!lock) {
-    lock = {
-      readers: 0,
-      writer: false,
-      waitingReaders: [],
-      waitingWriters: []
-    };
-    locks.set(key, lock);
-  }
-  return lock;
-}
-function processQueue(key) {
-  const lock = locks.get(key);
-  if (!lock || lock.writer || lock.readers > 0)
-    return;
-  if (lock.waitingWriters.length > 0) {
-    const nextWriter = lock.waitingWriters.shift();
-    nextWriter?.();
-    return;
-  }
-  while (lock.waitingReaders.length > 0) {
-    const nextReader = lock.waitingReaders.shift();
-    nextReader?.();
-  }
-  if (lock.readers === 0 && !lock.writer && lock.waitingReaders.length === 0 && lock.waitingWriters.length === 0) {
-    locks.delete(key);
-  }
-}
-async function read(key) {
-  const lock = getLock(key);
-  return new Promise((resolve4) => {
-    if (!lock.writer && lock.waitingWriters.length === 0) {
-      lock.readers++;
-      resolve4({
-        [Symbol.dispose]: () => {
-          lock.readers--;
-          processQueue(key);
-        }
-      });
-    } else {
-      lock.waitingReaders.push(() => {
-        lock.readers++;
-        resolve4({
-          [Symbol.dispose]: () => {
-            lock.readers--;
-            processQueue(key);
-          }
-        });
-      });
-    }
-  });
-}
-async function write(key) {
-  const lock = getLock(key);
-  return new Promise((resolve4) => {
-    if (!lock.writer && lock.readers === 0) {
-      lock.writer = true;
-      resolve4({
-        [Symbol.dispose]: () => {
-          lock.writer = false;
-          processQueue(key);
-        }
-      });
-    } else {
-      lock.waitingWriters.push(() => {
-        lock.writer = true;
-        resolve4({
-          [Symbol.dispose]: () => {
-            lock.writer = false;
-            processQueue(key);
-          }
-        });
-      });
-    }
-  });
-}
-var locks;
-var init_lock = __esm(() => {
-  locks = new Map;
-});
-
-// src/core/storage/index.ts
-import fs, { readdir } from "fs/promises";
-import os from "os";
-import path from "path";
-function getBaseDir() {
-  return process.env.PENSAR_DATA_DIR ?? path.join(os.homedir(), ".pensar");
-}
-async function write2(key, content, ext) {
-  const dir = getBaseDir();
-  const target = path.join(dir, ...key) + (ext ? ext : ".json");
-  return withErrorHandling(async () => {
-    let __stack = [];
-    try {
-      const _ = __using(__stack, await write(target), 0);
-      await fs.mkdir(path.dirname(target), { recursive: true });
-      await fs.writeFile(target, JSON.stringify(content, null, 2), "utf-8");
-    } catch (_catch) {
-      var _err = _catch, _hasErr = 1;
-    } finally {
-      __callDispose(__stack, _err, _hasErr);
-    }
-  });
-}
-async function createDir(key) {
-  const dir = getBaseDir();
-  const target = path.join(dir, ...key);
-  return withErrorHandling(async () => {
-    let __stack = [];
-    try {
-      const _ = __using(__stack, await write(target), 0);
-      await fs.mkdir(target, { recursive: true });
-    } catch (_catch) {
-      var _err = _catch, _hasErr = 1;
-    } finally {
-      __callDispose(__stack, _err, _hasErr);
-    }
-  });
-}
-async function writeRaw(key, content) {
-  const dir = getBaseDir();
-  const target = path.join(dir, ...key);
-  return withErrorHandling(async () => {
-    let __stack = [];
-    try {
-      const _ = __using(__stack, await write(target), 0);
-      const parentDir = path.dirname(target);
-      await fs.mkdir(parentDir, { recursive: true });
-      await fs.writeFile(target, content, "utf-8");
-    } catch (_catch) {
-      var _err = _catch, _hasErr = 1;
-    } finally {
-      __callDispose(__stack, _err, _hasErr);
-    }
-  });
-}
-async function read2(key, ext) {
-  const dir = getBaseDir();
-  const target = path.join(dir, ...key) + (ext ? ext : ".json");
-  return withErrorHandling(async () => {
-    let __stack = [];
-    try {
-      const _ = __using(__stack, await read(target), 0);
-      const text2 = await fs.readFile(target, "utf-8");
-      const result = ext ? text2 : JSON.parse(text2);
-      return result;
-    } catch (_catch) {
-      var _err = _catch, _hasErr = 1;
-    } finally {
-      __callDispose(__stack, _err, _hasErr);
-    }
-  });
-}
-async function update(key, fn, ext) {
-  const dir = getBaseDir();
-  const target = path.join(dir, ...key) + (ext ? ext : ".json");
-  return withErrorHandling(async () => {
-    let __stack = [];
-    try {
-      const _ = __using(__stack, await write(target), 0);
-      const text2 = await fs.readFile(target, "utf-8");
-      const content = ext ? text2 : JSON.parse(text2);
-      fn(content);
-      await fs.writeFile(target, JSON.stringify(content, null, 2), "utf-8");
-      return content;
-    } catch (_catch) {
-      var _err = _catch, _hasErr = 1;
-    } finally {
-      __callDispose(__stack, _err, _hasErr);
-    }
-  });
-}
-async function withErrorHandling(body) {
-  return body().catch((e) => {
-    if (!(e instanceof Error))
-      throw e;
-    const errnoExcpetion = e;
-    if (errnoExcpetion.code === "ENOENT") {
-      throw new NotFoundError({
-        message: `Resource not found: ${errnoExcpetion.path}`
-      });
-    }
-    throw e;
-  });
-}
-async function listFilesRecursively(dir) {
-  const entries = await readdir(dir, { withFileTypes: true });
-  const files = [];
-  for (const entry of entries) {
-    const fullPath = path.join(dir, entry.name);
-    if (entry.isDirectory()) {
-      files.push(...await listFilesRecursively(fullPath));
-    } else {
-      files.push(fullPath);
-    }
-  }
-  return files;
-}
-async function list(prefix) {
-  const dir = getBaseDir();
-  const targetDir = path.join(dir, ...prefix);
-  try {
-    const files = await listFilesRecursively(targetDir);
-    const result = files.map((filePath) => {
-      const relativePath = path.relative(targetDir, filePath);
-      return [...prefix, ...relativePath.slice(0, -5).split(path.sep)];
-    });
-    result.sort();
-    return result;
-  } catch {
-    return [];
-  }
-}
-var NotFoundError;
-var init_storage = __esm(() => {
-  init_zod();
-  init_errors();
-  init_lock();
-  NotFoundError = NamedError.create("NotFoundError", zod_default.object({
-    message: zod_default.string()
-  }));
-});
-
-// src/core/toolset/index.ts
-var ToolsetStateSchema;
-var init_toolset = __esm(() => {
-  init_zod();
-  ToolsetStateSchema = exports_external2.object({
-    baseToolsetId: exports_external2.string(),
-    enabledTools: exports_external2.record(exports_external2.string(), exports_external2.boolean()),
-    lastModified: exports_external2.number()
-  });
-});
-
-// src/core/session/index.ts
-import { existsSync, readFileSync } from "fs";
-import os2 from "os";
-import path2 from "path";
-function resolveSmtpConfig(explicit) {
-  if (explicit)
-    return explicit;
-  const fromAddress = process.env.OUTBOUND_EMAIL;
-  const resendKey = process.env.RESEND_API_KEY;
-  if (resendKey) {
-    return {
-      host: "smtp.resend.com",
-      port: 465,
-      username: "resend",
-      password: resendKey,
-      tls: true,
-      fromAddress
-    };
-  }
-  const host = process.env.SMTP_HOST;
-  const port = process.env.SMTP_PORT;
-  const username = process.env.SMTP_USERNAME;
-  const password = process.env.SMTP_PASSWORD;
-  if (host && port && username && password) {
-    return {
-      host,
-      port: parseInt(port, 10),
-      username,
-      password,
-      tls: process.env.SMTP_TLS !== "false",
-      fromAddress
-    };
-  }
-  return;
-}
-function getPensarDir() {
-  return path2.join(os2.homedir(), ".pensar");
-}
-function getSessionsDir() {
-  return path2.join(getPensarDir(), "sessions");
-}
-function getSessionRoot(id) {
-  return path2.join(getSessionsDir(), id);
-}
-async function createSessionDirs(input) {
-  const { session } = input;
-  await createDir(["sessions", session.id]);
-  await createDir(["sessions", session.id, "findings"]);
-  await createDir(["sessions", session.id, "scratchpad"]);
-  await createDir(["sessions", session.id, "logs"]);
-  await createDir(["sessions", session.id, "pocs"]);
-  const startTime = new Date().toISOString();
-  const readme = generateSessionReadme(session);
-  await writeRaw(["sessions", session.id, "README.md"], readme);
-  console.info("created session", session.id);
-}
-function generateSessionReadme(session) {
-  return `# Penetration Test Session
-
-**Session ID:** ${session.id}
-**Target:** ${session.targets}
-**Objective:** ${session.config?.outcomeGuidance}
-**Started:** ${session.time.created}
-
-## Directory Structure
-
-- \`findings/\` - Security findings and vulnerabilities
-- \`scratchpad/\` - Notes and temporary data during testing
-- \`logs/\` - Execution logs and command outputs
-- \`pocs/\` - Proof-of-concept exploit scripts
-- \`session.json\` - Session metadata
-
-## Findings
-
-Security findings will be documented in the \`findings/\` directory as individual files.
-
-## Status
-
-Testing in progress...
-`;
-}
-function normalizeDeprecatedHeaders(config2) {
-  if (!config2)
-    return config2;
-  if (config2.offensiveHeaders == null) {
-    const { offensiveHeaders: _drop, ...rest2 } = config2;
-    return rest2;
-  }
-  const { offensiveHeaders, ...rest } = config2;
-  const restWithHeaders = rest;
-  if (restWithHeaders.headers !== undefined) {
-    return restWithHeaders;
-  }
-  const oh = offensiveHeaders;
-  if (oh.mode === "none") {
-    return { ...restWithHeaders, headers: {} };
-  }
-  let headers = {};
-  if (oh.mode === "default")
-    headers = { ...DEFAULT_HEADER_RECORD };
-  if (oh.headers)
-    headers = { ...headers, ...oh.headers };
-  return { ...restWithHeaders, headers };
-}
-function migrateLegacySessionData(input) {
-  if (!input || typeof input !== "object")
-    return input;
-  const root = input;
-  const config2 = root.config;
-  if (!config2 || typeof config2 !== "object")
-    return input;
-  const cfg = config2;
-  if (!("offensiveHeaders" in cfg))
-    return input;
-  return { ...root, config: normalizeDeprecatedHeaders(cfg) };
-}
-async function create2(input) {
-  const name29 = input.name ?? generateRandomName();
-  const normalizedConfig = normalizeDeprecatedHeaders(input.config);
-  const id = `${input.prefix ? input.prefix : ""}` + descending("session", input.id);
-  const rootPath = getSessionRoot(id);
-  const findingsPath = path2.join(rootPath, "findings");
-  const scratchpadPath = path2.join(rootPath, "scratchpad");
-  const logsPath = path2.join(rootPath, "logs");
-  const pocsPath = path2.join(rootPath, "pocs");
-  const rateLimiter = new RateLimiter({
-    requestsPerSecond: normalizedConfig?.requestsPerSecond
-  });
-  let credentialManager;
-  if (normalizedConfig?.authCredentials) {
-    credentialManager = new CredentialManager;
-    const creds = Array.isArray(normalizedConfig.authCredentials) ? normalizedConfig.authCredentials : [normalizedConfig.authCredentials];
-    for (const cred of creds) {
-      credentialManager.addFromAuthCredentials(cred);
-    }
-  }
-  const smtpConfig = resolveSmtpConfig(normalizedConfig?.smtpConfig);
-  let snapshotHeaders;
-  if (normalizedConfig?.headers !== undefined) {
-    snapshotHeaders = { ...normalizedConfig.headers };
-  } else {
-    const { config: appConfig } = await import("./index-ah3cm7hf.js");
-    const cfg = await appConfig.get();
-    snapshotHeaders = cfg.defaultHeaders ? { ...cfg.defaultHeaders } : { ...DEFAULT_HEADER_RECORD };
-  }
-  const result = {
-    id,
-    version: getCurrentVersion(),
-    targets: input.targets,
-    name: name29,
-    time: {
-      created: Date.now(),
-      updated: Date.now()
-    },
-    config: {
-      ...normalizedConfig,
-      mode: normalizedConfig?.mode || "auto",
-      headers: snapshotHeaders,
-      outcomeGuidance: normalizedConfig?.outcomeGuidance || (normalizedConfig?.exfilMode ? EXFIL_OUTCOME_GUIDANCE : DEFAULT_OUTCOME_GUIDANCE),
-      smtpConfig
-    },
-    _rateLimiter: rateLimiter,
-    credentialManager,
-    rootPath,
-    logsPath,
-    pocsPath,
-    scratchpadPath,
-    findingsPath
-  };
-  const { _rateLimiter, credentialManager: _cm, ...sessionData } = result;
-  await createSessionDirs({ session: result });
-  await write2(["sessions", result.id, "session"], sessionData);
-  if (!input.name && input.model) {
-    generateSessionName({
-      targets: input.targets,
-      userMessage: input.userMessage,
-      model: input.model,
-      authConfig: input.authConfig
-    }).then((aiName) => {
-      if (aiName) {
-        result.name = aiName;
-        update2(result.id, (s) => {
-          s.name = aiName;
-        }).catch(() => {});
-        input.onNameGenerated?.(aiName);
-      }
-    });
-  }
-  return result;
-}
-async function update2(id, editor) {
-  const result = await update(["sessions", id, "session"], (draft) => {
-    editor(draft);
-    draft.time.updated = Date.now();
-  });
-  return result;
-}
-async function* list2() {
-  const sessionsDir = getSessionsDir();
-  let entries;
-  try {
-    entries = await import("fs/promises").then((fsp) => fsp.readdir(sessionsDir, { withFileTypes: true }));
-  } catch {
-    return;
-  }
-  for (const entry of entries) {
-    if (!entry.isDirectory())
-      continue;
-    try {
-      yield await read2([
-        "sessions",
-        entry.name,
-        "session"
-      ]);
-    } catch {}
-  }
-}
-async function loadOperatorState(sessionId) {
-  try {
-    const session = await get(sessionId);
-    const statePath = path2.join(session.rootPath, "messages.json");
-    if (!existsSync(statePath))
-      return null;
-    const data = readFileSync(statePath, "utf-8");
-    const parsed = JSON.parse(data);
-    if (Array.isArray(parsed)) {
-      return {
-        mode: session.config?.operatorSettings?.initialMode ?? "manual",
-        requireApproval: session.config?.operatorSettings?.requireApproval ?? true,
-        currentStage: "recon",
-        messages: parsed,
-        attackSurface: [],
-        credentials: [],
-        verifiedVulns: [],
-        targetState: null,
-        hypotheses: [],
-        evidence: [],
-        actionHistory: [],
-        pausedAt: new Date().toISOString(),
-        lastRunId: ""
-      };
-    }
-    return parsed;
-  } catch (error) {
-    console.error("Error loading operator state:", error);
-    return null;
-  }
-}
-function hasOperatorState(session) {
-  const statePath = path2.join(session.rootPath, "messages.json");
-  return existsSync(statePath);
-}
-function getResumeMessages(messages, limit = MAX_RESUME_MESSAGES) {
-  if (messages.length <= limit)
-    return messages;
-  let cutIndex = messages.length - limit;
-  while (cutIndex < messages.length) {
-    if (messages[cutIndex].role === "user")
-      break;
-    cutIndex++;
-  }
-  if (cutIndex >= messages.length) {
-    cutIndex = messages.length - limit;
-  }
-  return messages.slice(cutIndex);
-}
-function normalizeMessages(messages) {
-  if (messages.length <= 1)
-    return fixToolOutputs(messages);
-  const result = [];
-  for (const msg of messages) {
-    const prev = result[result.length - 1];
-    if (prev && prev.role === "user" && msg.role === "user" && typeof prev.content === "string" && typeof msg.content === "string") {
-      result[result.length - 1] = {
-        ...prev,
-        content: `${prev.content}
-
-${msg.content}`
-      };
-    } else if (prev && prev.role === "user" && msg.role === "user") {
-      result[result.length - 1] = msg;
-    } else {
-      result.push(msg);
-    }
-  }
-  return fixToolOutputs(result);
-}
-function fixToolOutputs(messages) {
-  let changed = false;
-  const fixed = messages.map((msg) => {
-    if (msg.role !== "tool" || !Array.isArray(msg.content))
-      return msg;
-    let partChanged = false;
-    const fixedContent = msg.content.map((part) => {
-      if (part.type === "tool-result" && typeof part.output === "string") {
-        partChanged = true;
-        return { ...part, output: { type: "text", value: part.output } };
-      }
-      return part;
-    });
-    if (partChanged) {
-      changed = true;
-      return { ...msg, content: fixedContent };
-    }
-    return msg;
-  });
-  return changed ? fixed : messages;
-}
-async function updateOperatorSettings(sessionId, settings) {
-  return await update2(sessionId, (session) => {
-    if (!session.config) {
-      session.config = {};
-    }
-    if (!session.config.operatorSettings) {
-      session.config.operatorSettings = {
-        initialMode: "manual",
-        requireApproval: true,
-        enableSuggestions: true
-      };
-    }
-    if (settings.initialMode !== undefined) {
-      session.config.operatorSettings.initialMode = settings.initialMode;
-    }
-    if (settings.requireApproval !== undefined) {
-      session.config.operatorSettings.requireApproval = settings.requireApproval;
-    }
-    if (settings.enableSuggestions !== undefined) {
-      session.config.operatorSettings.enableSuggestions = settings.enableSuggestions;
-    }
-  });
-}
-async function updateSessionHeaders(sessionId, headers) {
-  return await update2(sessionId, (session) => {
-    if (!session.config) {
-      session.config = {};
-    }
-    session.config.headers = { ...headers };
-  });
-}
-var DEFAULT_OUTCOME_GUIDANCE, EXFIL_OUTCOME_GUIDANCE, DEFAULT_HEADER_RECORD, AuthCredentialsObject, ScopeConstraintsObject, SessionHeadersRecord, OffensiveHeadersConfigObject, OperatorSettingsObject, EmailInboxConfigObject, EmailIntegrationConfigObject, SmtpConfigObject, SessionConfigObject, SessionInfoObject, get = async (id) => {
-  const raw = await read2(["sessions", id, "session"]);
-  const read3 = migrateLegacySessionData(raw);
-  if (read3.config?.requestsPerSecond) {
-    read3._rateLimiter = new RateLimiter({
-      requestsPerSecond: read3.config.requestsPerSecond
-    });
-  } else {
-    delete read3._rateLimiter;
-  }
-  return read3;
-}, RemoveInput, remove2 = async (input) => {
-  try {
-    const sessionDir = getSessionRoot(input.sessionId);
-    const fsp = await import("fs/promises");
-    await fsp.rm(sessionDir, { recursive: true, force: true });
-  } catch (e) {
-    console.error(e);
-  }
-}, RemoveMsgInput, MAX_RESUME_MESSAGES = 200, sessions;
-var init_session = __esm(() => {
-  init_zod();
-  init_name();
-  init_credentials();
-  init_id();
-  init_installation();
-  init_rateLimiter();
-  init_storage();
-  init_toolset();
-  DEFAULT_OUTCOME_GUIDANCE = "Prove the exploit can be run but do not exfiltrate data or cause any harm to the system. " + "Create proof-of-concept exploits that demonstrate the vulnerability exists without causing damage.";
-  EXFIL_OUTCOME_GUIDANCE = "Exfiltrate data to extract the flag value. " + "Create proof-of-concept exploits that successfully extract the flag from the target system.";
-  DEFAULT_HEADER_RECORD = {
-    "User-Agent": "pensar-apex"
-  };
-  AuthCredentialsObject = zod_default.object({
-    username: zod_default.string().optional(),
-    password: zod_default.string().optional(),
-    loginUrl: zod_default.string().optional(),
-    additionalFields: zod_default.record(zod_default.string(), zod_default.string()).optional(),
-    apiKey: zod_default.string().optional(),
-    role: zod_default.string().optional(),
-    context: zod_default.string().optional(),
-    tokens: zod_default.object({
-      bearerToken: zod_default.string().optional(),
-      cookies: zod_default.string().optional(),
-      sessionToken: zod_default.string().optional(),
-      customHeaders: zod_default.record(zod_default.string(), zod_default.string()).optional()
-    }).optional()
-  });
-  ScopeConstraintsObject = zod_default.object({
-    allowedHosts: zod_default.string().array().optional(),
-    allowedPorts: zod_default.number().array().optional(),
-    strictScope: zod_default.boolean().optional()
-  });
-  SessionHeadersRecord = zod_default.record(zod_default.string(), zod_default.string());
-  OffensiveHeadersConfigObject = zod_default.object({
-    mode: zod_default.enum(["none", "default", "custom"]).optional(),
-    headers: SessionHeadersRecord.optional()
-  });
-  OperatorSettingsObject = zod_default.object({
-    initialMode: zod_default.enum(["plan", "manual", "auto"]).default("manual"),
-    requireApproval: zod_default.boolean().default(true),
-    enableSuggestions: zod_default.boolean().default(true)
-  });
-  EmailInboxConfigObject = zod_default.discriminatedUnion("provider", [
-    zod_default.object({
-      provider: zod_default.literal("gmail"),
-      id: zod_default.string(),
-      name: zod_default.string(),
-      emailAddress: zod_default.string(),
-      accessToken: zod_default.string(),
-      refreshToken: zod_default.string(),
-      clientId: zod_default.string().optional(),
-      clientSecret: zod_default.string().optional(),
-      tokenExpiry: zod_default.number().optional()
-    }),
-    zod_default.object({
-      provider: zod_default.literal("outlook"),
-      id: zod_default.string(),
-      name: zod_default.string(),
-      emailAddress: zod_default.string(),
-      accessToken: zod_default.string(),
-      refreshToken: zod_default.string(),
-      clientId: zod_default.string().optional(),
-      clientSecret: zod_default.string().optional(),
-      tokenExpiry: zod_default.number().optional()
-    }),
-    zod_default.object({
-      provider: zod_default.literal("imap"),
-      id: zod_default.string(),
-      name: zod_default.string(),
-      emailAddress: zod_default.string(),
-      imapHost: zod_default.string(),
-      imapPort: zod_default.number(),
-      username: zod_default.string(),
-      password: zod_default.string(),
-      tls: zod_default.boolean()
-    })
-  ]);
-  EmailIntegrationConfigObject = zod_default.object({
-    inboxes: zod_default.array(EmailInboxConfigObject)
-  });
-  SmtpConfigObject = zod_default.object({
-    host: zod_default.string(),
-    port: zod_default.number(),
-    username: zod_default.string(),
-    password: zod_default.string(),
-    tls: zod_default.boolean().default(true),
-    fromAddress: zod_default.string().optional()
-  });
-  SessionConfigObject = zod_default.object({
-    headers: SessionHeadersRecord.optional(),
-    offensiveHeaders: OffensiveHeadersConfigObject.optional(),
-    sessionType: zod_default.enum(["web-app"]).optional(),
-    mode: zod_default.enum(["auto", "driver", "operator"]).optional(),
-    outcomeGuidance: zod_default.string().optional(),
-    scopeConstraints: ScopeConstraintsObject.optional(),
-    authCredentials: zod_default.union([AuthCredentialsObject, zod_default.array(AuthCredentialsObject)]).optional(),
-    authenticationInstructions: zod_default.string().optional(),
-    requestsPerSecond: zod_default.number().optional(),
-    operatorSettings: OperatorSettingsObject.optional(),
-    toolsetState: ToolsetStateSchema.optional(),
-    enumerateSubdomains: zod_default.boolean().optional(),
-    codebasePath: zod_default.string().optional(),
-    emailIntegration: EmailIntegrationConfigObject.optional(),
-    smtpConfig: SmtpConfigObject.optional(),
-    exfilMode: zod_default.boolean().optional(),
-    agentCwd: zod_default.string().optional(),
-    prompt: zod_default.string().optional(),
-    taskDriven: zod_default.boolean().optional(),
-    requirePlan: zod_default.boolean().optional()
-  });
-  SessionInfoObject = zod_default.object({
-    id: schema("session"),
-    name: zod_default.string().optional(),
-    version: zod_default.string(),
-    targets: zod_default.array(zod_default.string()),
-    config: SessionConfigObject.optional(),
-    time: zod_default.object({
-      created: zod_default.number(),
-      updated: zod_default.number()
-    }),
-    rootPath: zod_default.string(),
-    logsPath: zod_default.string(),
-    findingsPath: zod_default.string(),
-    scratchpadPath: zod_default.string(),
-    pocsPath: zod_default.string()
-  });
-  RemoveInput = zod_default.object({
-    sessionId: schema("session")
-  });
-  RemoveMsgInput = zod_default.object({
-    sessionId: schema("session"),
-    messageId: schema("message")
-  });
-  sessions = {
-    getSessionRoot,
-    EXFIL_OUTCOME_GUIDANCE,
-    create: create2,
-    get,
-    remove: remove2,
-    loadOperatorState,
-    hasOperatorState,
-    getResumeMessages,
-    updateOperatorSettings,
-    updateSessionHeaders
-  };
-});
-
-// src/core/logger/index.ts
-import {
-  appendFileSync,
-  existsSync as existsSync2,
-  mkdirSync as mkdirSync2,
-  readFileSync as readFileSync2,
-  writeFileSync as writeFileSync2
-} from "fs";
-import os3 from "os";
-import path3 from "path";
-function pruneErrorLog() {
-  if (hasPruned)
-    return;
-  hasPruned = true;
-  try {
-    if (!existsSync2(ERROR_LOG_PATH))
-      return;
-    const cutoff = Date.now() - RETENTION_DAYS * 86400000;
-    const raw = readFileSync2(ERROR_LOG_PATH, "utf8");
-    const lines = raw.split(`
-`);
-    const kept = [];
-    let keeping = true;
-    for (const line of lines) {
-      const match = TIMESTAMP_RE.exec(line);
-      if (match) {
-        keeping = new Date(match[1]).getTime() >= cutoff;
-      }
-      if (keeping) {
-        kept.push(line);
-      }
-    }
-    writeFileSync2(ERROR_LOG_PATH, kept.join(`
-`), "utf8");
-  } catch {}
-}
-function writeErrorLog(error, source, fields) {
-  try {
-    pruneErrorLog();
-    const dir = path3.dirname(ERROR_LOG_PATH);
-    if (!existsSync2(dir)) {
-      mkdirSync2(dir, { recursive: true });
-    }
-    const timestamp = new Date().toISOString();
-    const tag = source ? `[${source}] ` : "";
-    const message = error instanceof Error ? `${error.message}
-${error.stack ?? ""}` : String(error);
-    let fieldsStr = "";
-    if (fields && Object.keys(fields).length > 0) {
-      try {
-        fieldsStr = ` ${JSON.stringify(fields)}`;
-      } catch {}
-    }
-    const entry = `${timestamp} - [ERROR] ${tag}${message}${fieldsStr}
-`;
-    appendFileSync(ERROR_LOG_PATH, entry, "utf8");
-  } catch {}
-}
-var ERROR_LOG_PATH, RETENTION_DAYS = 7, TIMESTAMP_RE, hasPruned = false;
-var init_logger = __esm(() => {
-  init_session();
-  init_structured();
-  ERROR_LOG_PATH = path3.join(os3.homedir(), ".pensar", "error.log");
-  TIMESTAMP_RE = /^(\d{4}-\d{2}-\d{2}T[\d:.]+Z) - /;
-});
-
-// src/core/logger/structured.ts
-function isLevel(v) {
-  return typeof v === "string" && VALID_LEVELS.has(v);
-}
-function resolveInitialLevel(env) {
-  const explicit = env.PENSAR_LOG_LEVEL?.trim().toUpperCase();
-  if (isLevel(explicit))
-    return explicit;
-  const debug = env.PENSAR_DEBUG?.toLowerCase();
-  if (debug === "1" || debug === "true")
-    return "DEBUG";
-  return "INFO";
-}
-function resolveFormat(env) {
-  const forced = env.PENSAR_LOG_FORMAT?.toLowerCase();
-  if (forced === "json" || forced === "pretty")
-    return forced;
-  return process.stderr.isTTY ? "pretty" : "json";
-}
-
-class Logger {
-  level;
-  explicit = false;
-  scope;
-  constructor(scope, level) {
-    this.scope = scope;
-    this.level = level ?? resolveInitialLevel(process.env);
-  }
-  setLevel(level) {
-    this.level = level;
-    this.explicit = true;
-  }
-  getLevel() {
-    return this.level;
-  }
-  child(scope) {
-    const next = this.scope ? `${this.scope}:${scope}` : scope;
-    const child = new Logger(next, this.level);
-    if (this.explicit)
-      child.setLevel(this.level);
-    return child;
-  }
-  debug(msg, fields) {
-    this.emit("DEBUG", msg, fields);
-  }
-  info(msg, fields) {
-    this.emit("INFO", msg, fields);
-  }
-  warn(msg, fields) {
-    this.emit("WARN", msg, fields);
-  }
-  error(msg, errOrFields, fields) {
-    let err;
-    let extra;
-    if (errOrFields instanceof Error) {
-      err = errOrFields;
-      extra = fields;
-    } else if (errOrFields && typeof errOrFields === "object") {
-      extra = errOrFields;
-    }
-    const merged = { ...extra };
-    if (err) {
-      merged.error = err.message;
-      if (err.stack)
-        merged.stack = err.stack;
-    }
-    this.emit("ERROR", msg, merged);
-    if (this.level !== "SILENT") {
-      writeErrorLog(err ?? msg, this.scope, extra);
-    }
-  }
-  emit(level, msg, fields) {
-    if (SEVERITY[level] < SEVERITY[this.level])
-      return;
-    const ts = new Date().toISOString();
-    const format = resolveFormat(process.env);
-    const line = format === "json" ? this.formatJson(ts, level, msg, fields) : this.formatPretty(ts, level, msg, fields);
-    process.stderr.write(`${line}
-`);
-  }
-  formatJson(ts, level, msg, fields) {
-    const record = { ts, level, msg };
-    if (this.scope)
-      record.scope = this.scope;
-    if (fields) {
-      for (const [k, v] of Object.entries(fields)) {
-        if (k !== "ts" && k !== "level" && k !== "msg" && k !== "scope") {
-          record[k] = v;
-        }
-      }
-    }
-    return safeStringify(record);
-  }
-  formatPretty(ts, level, msg, fields) {
-    const color = COLORS[level];
-    const tag = `${color}${level.padEnd(5)}${RESET}`;
-    const scope = this.scope ? ` ${DIM}[${this.scope}]${RESET}` : "";
-    let rest = "";
-    if (fields && Object.keys(fields).length > 0) {
-      rest = ` ${DIM}${safeStringify(fields)}${RESET}`;
-    }
-    return `${DIM}${ts}${RESET} ${tag}${scope} ${msg}${rest}`;
-  }
-}
-function safeStringify(value) {
-  try {
-    return JSON.stringify(value);
-  } catch {
-    return JSON.stringify({ msg: "[unserializable log payload]" });
-  }
-}
-function createLogger(scope) {
-  return new Logger(scope);
-}
-var SEVERITY, VALID_LEVELS, COLORS, RESET = "\x1B[0m", DIM = "\x1B[2m", logger;
-var init_structured = __esm(() => {
-  init_logger();
-  SEVERITY = {
-    DEBUG: 10,
-    INFO: 20,
-    WARN: 30,
-    ERROR: 40,
-    SILENT: 50
-  };
-  VALID_LEVELS = new Set([
-    "DEBUG",
-    "INFO",
-    "WARN",
-    "ERROR",
-    "SILENT"
-  ]);
-  COLORS = {
-    DEBUG: "\x1B[90m",
-    INFO: "\x1B[36m",
-    WARN: "\x1B[33m",
-    ERROR: "\x1B[31m",
-    SILENT: ""
-  };
-  logger = new Logger;
-});
-
 // src/core/ai/providers/pensarFormatters.ts
 function convertToBedrockFormat(modelId, options) {
   if (modelId.includes("anthropic.claude")) {
@@ -44573,9 +43139,11 @@ async function* parseSSE(stream, options = {}) {
           clearTimeout(timeoutId);
       }
       if (result.done) {
-        log2.debug(`stream done: ${chunkCount} chunks, ${totalBytes} bytes, ${eventCount} events yielded, remaining buffer=${buffer.length} chars`);
-        if (buffer.length > 0) {
-          log2.debug(`remaining buffer: ${buffer.slice(0, 500)}`);
+        if (DEBUG) {
+          console.error(`[parseSSE] stream done: ${chunkCount} chunks, ${totalBytes} bytes, ${eventCount} events yielded, remaining buffer=${buffer.length} chars`);
+          if (buffer.length > 0) {
+            console.error(`[parseSSE] remaining buffer: ${buffer.slice(0, 500)}`);
+          }
         }
         break;
       }
@@ -44583,8 +43151,8 @@ async function* parseSSE(stream, options = {}) {
       chunkCount++;
       totalBytes += value.byteLength;
       const decoded = decoder.decode(value, { stream: true });
-      if (chunkCount <= 3) {
-        log2.debug(`chunk #${chunkCount}: ${value.byteLength} bytes, preview: ${decoded.slice(0, 200)}`);
+      if (DEBUG && chunkCount <= 3) {
+        console.error(`[parseSSE] chunk #${chunkCount}: ${value.byteLength} bytes, preview: ${decoded.slice(0, 200)}`);
       }
       buffer += decoded;
       const lines = buffer.split(`
@@ -44609,38 +43177,34 @@ async function* parseSSE(stream, options = {}) {
     }
     if (currentData.length > 0) {
       eventCount++;
-      log2.debug(`flushing final event: ${currentEvent}`);
+      if (DEBUG)
+        console.error(`[parseSSE] flushing final event: ${currentEvent}`);
       yield { event: currentEvent, data: currentData.join(`
 `) };
     }
     if (eventCount === 0) {
-      log2.warn(`stream ended with 0 events! totalBytes=${totalBytes}, chunks=${chunkCount}`);
+      console.error(`[parseSSE] WARNING: stream ended with 0 events! totalBytes=${totalBytes}, chunks=${chunkCount}`);
     }
   } finally {
     reader.releaseLock();
   }
 }
-var log2;
+var DEBUG;
 var init_pensarSSE = __esm(() => {
-  init_structured();
-  init_lazyLogger();
-  log2 = scopedLogger(() => createLogger("pensarSSE"));
+  DEBUG = process.env.PENSAR_DEBUG === "1" || process.env.PENSAR_DEBUG === "true";
 });
 
 // src/core/ai/providers/pensar.ts
-function fmtArgs(args) {
-  return args.map((a) => typeof a === "string" ? a : JSON.stringify(a)).join(" ");
-}
-function log3(...args) {
-  structuredLog.debug(fmtArgs(args));
+function log(...args) {
+  if (DEBUG2)
+    console.error("[pensar:debug]", ...args);
 }
 function logInfo(...args) {
-  structuredLog.debug(fmtArgs(args));
+  if (DEBUG2)
+    console.error("[pensar]", ...args);
 }
 function logError(...args) {
-  const err = args.find((a) => a instanceof Error);
-  const msg = fmtArgs(args.filter((a) => !(a instanceof Error)));
-  structuredLog.error(msg, err);
+  console.error("[pensar:error]", ...args);
 }
 function createPensarModel(bedrockModelId, config2) {
   const modelId = `pensar:${bedrockModelId}`;
@@ -44656,14 +43220,14 @@ function createPensarModel(bedrockModelId, config2) {
         throw new Error("Pensar authentication failed. Run /login to reconnect.");
       }
       headers.Authorization = `Bearer ${result.token.slice(0, 12)}…`;
-      log3(`  auth: ${result.type} token (${result.token.length} chars)`);
+      log(`  auth: ${result.type} token (${result.token.length} chars)`);
       if (config2.workspaceId) {
         headers["X-Workspace-Id"] = config2.workspaceId;
       }
       headers.Authorization = `Bearer ${result.token}`;
     } else {
       headers.Authorization = `Bearer ${config2.apiKey}`;
-      log3(`  auth: apiKey (${config2.apiKey.length} chars)`);
+      log(`  auth: apiKey (${config2.apiKey.length} chars)`);
       if (config2.workspaceId && !config2.apiKey.startsWith("sk-")) {
         headers["X-Workspace-Id"] = config2.workspaceId;
       }
@@ -44772,7 +43336,7 @@ function createPensarModel(bedrockModelId, config2) {
       const body = convertToBedrockFormat(bedrockModelId, options);
       const url = `${config2.baseUrl}/gateway/invoke`;
       logInfo(`doStream → ${bedrockModelId} (${url})`);
-      log3(`  messages: ${body.messages?.length ?? 0}, tools: ${body.tools?.length ?? 0}`);
+      log(`  messages: ${body.messages?.length ?? 0}, tools: ${body.tools?.length ?? 0}`);
       const startTime = Date.now();
       const serializedBody = JSON.stringify({
         modelId: bedrockModelId,
@@ -44785,7 +43349,7 @@ function createPensarModel(bedrockModelId, config2) {
         headers["X-Pensar-Timestamp"] = sig.timestamp;
         headers["X-Pensar-Nonce"] = sig.nonce;
       }
-      log3(`  headers: ${Object.keys(headers).join(", ")}`);
+      log(`  headers: ${Object.keys(headers).join(", ")}`);
       const fetchSignal = buildStreamingFetchSignal(options.abortSignal);
       let response;
       try {
@@ -44862,10 +43426,10 @@ function createPensarModel(bedrockModelId, config2) {
               try {
                 parsed = JSON.parse(sse.data);
               } catch {
-                log3(`  SSE event #${eventCount}: unparseable data, skipping`);
+                log(`  SSE event #${eventCount}: unparseable data, skipping`);
                 continue;
               }
-              log3(`  SSE event #${eventCount}: ${sse.event} (type=${parsed.type})`);
+              log(`  SSE event #${eventCount}: ${sse.event} (type=${parsed.type})`);
               if (sse.event === "error") {
                 const msg = parsed.error ?? "Unknown streaming error";
                 logError(`  SSE error event: ${msg}`);
@@ -44874,7 +43438,7 @@ function createPensarModel(bedrockModelId, config2) {
               }
               if (sse.event === "pensar:usage") {
                 if (parsed.totalCost != null) {
-                  log3(`  cost: $${Number(parsed.totalCost).toFixed(6)}`);
+                  log(`  cost: $${Number(parsed.totalCost).toFixed(6)}`);
                 }
                 continue;
               }
@@ -45061,15 +43625,13 @@ function mapStopReason(reason) {
       return "other";
   }
 }
-var structuredLog;
+var DEBUG2;
 var init_pensar2 = __esm(() => {
-  init_structured();
-  init_lazyLogger();
   init_utils();
   init_pensarFormatters();
   init_pensarSigning();
   init_pensarSSE();
-  structuredLog = scopedLogger(() => createLogger("pensar"));
+  DEBUG2 = process.env.PENSAR_DEBUG === "1" || process.env.PENSAR_DEBUG === "true";
 });
 
 // src/core/ai/utils.ts
@@ -45173,7 +43735,9 @@ function getProviderModel(model, authConfig) {
       }
       const gatewayUrl = authConfig?.gatewayUrl || getPensarGatewayUrl();
       const bedrockModelId = model.startsWith("pensar:") ? model.slice(7) : model;
-      log4.debug(`getProviderModel: ${model} → bedrock:${bedrockModelId} via ${gatewayUrl}`);
+      if (process.env.PENSAR_DEBUG === "1" || process.env.PENSAR_DEBUG === "true") {
+        console.log(`[pensar] getProviderModel: ${model} → bedrock:${bedrockModelId} via ${gatewayUrl}`);
+      }
       const modelConfig = {
         apiKey: pensarApiKey || authConfig?.accessToken || "",
         baseUrl: gatewayUrl,
@@ -45390,7 +43954,7 @@ function createSummarizationStream(messages, opts, model) {
     }
   };
 }
-var log4, STREAMING_FETCH_TIMEOUT_MS;
+var STREAMING_FETCH_TIMEOUT_MS;
 var init_utils = __esm(() => {
   init_dist6();
   init_dist7();
@@ -45402,14 +43966,11 @@ var init_utils = __esm(() => {
   init_constants();
   init_auth();
   init_config();
-  init_structured();
-  init_lazyLogger();
   init_ai();
   init_contextManagement();
   init_models();
   init_pensar2();
-  log4 = scopedLogger(() => createLogger("ai:utils"));
   STREAMING_FETCH_TIMEOUT_MS = 15 * 60 * 1000;
 });
 
-export { stepCountIs, hasToolCall, init_dist4 as init_dist, AVAILABLE_MODELS, init_models, require_tslib, scopedLogger, init_lazyLogger, buildAuthConfig, init_utils, init_ai2 as init_ai, generateRandomName, generateSessionName, init_name, CredentialManager, init_credentials, schema, descending, init_id, RateLimiter, init_rateLimiter, NotFoundError, write2 as write, createDir, writeRaw, read2 as read, update, list, init_storage, ToolsetStateSchema, init_toolset, create2 as create, list2 as list1, normalizeMessages, sessions, init_session, writeErrorLog, init_logger, createLogger, logger, init_structured, getApexTracer, init_observability, DEFAULT_OPENAI_REASONING_EFFORT, modelSupportsThinking, modelSupportsOpenAIReasoning, getOpenAIReasoningEfforts, streamResponse, generateObjectResponse, init_ai as init_ai1 };
+export { stepCountIs, hasToolCall, init_dist4 as init_dist, getApexTracer, init_observability, AVAILABLE_MODELS, init_models, require_tslib, buildAuthConfig, init_utils, DEFAULT_OPENAI_REASONING_EFFORT, modelSupportsThinking, modelSupportsOpenAIReasoning, getOpenAIReasoningEfforts, streamResponse, generateObjectResponse, init_ai };