@pensar/apex 2.0.0 → 2.0.1

package/build/{cli-5fr9k6m4.js → cli-mfzkhttr.js}

@@ -1,13 +1,13 @@
 import {
   BlackboxAttackSurfaceAgent
-} from "./cli-sw5swz40.js";
+} from "./cli-fxtbkw2f.js";
 import {
   TargetedPentestAgent,
   buildPentestSystemPrompt
-} from "./cli-cb5va0cs.js";
+} from "./cli-w2st266h.js";
 import {
   CodeAgent
-} from "./cli-zpvmaxem.js";
+} from "./cli-f93g10xk.js";
 import {
   AppsDiscoveryResultSchema,
   DiscoverySummarySchema,
@@ -15,10 +15,10 @@ import {
   WHITEBOX_APPS_DISCOVERY_SYSTEM_PROMPT,
   WHITEBOX_DISCOVERY_SYSTEM_PROMPT,
   WHITEBOX_ENDPOINT_DOCUMENTATION_SYSTEM_PROMPT
-} from "./cli-wdmqkshz.js";
+} from "./cli-ddtmgbqv.js";
 import {
   EvidenceFileEntrySchema
-} from "./cli-ntd42071.js";
+} from "./cli-hk03x6fq.js";
 import {
   CweEntrySchema,
   FindingsRegistry,
@@ -27,14 +27,18 @@ import {
   ValidatedCweEntrySchema,
   hasCanonicalName,
   runWithBoundedConcurrency
-} from "./cli-k8mvghe1.js";
+} from "./cli-zpdmnz8c.js";
 import {
   createThreatModelPrompt
 } from "./cli-fw5r7pfj.js";
 import {
+  createLogger,
   hasToolCall,
-  init_dist
-} from "./cli-h825qzmd.js";
+  init_dist,
+  init_lazyLogger,
+  init_structured,
+  scopedLogger
+} from "./cli-z1dapp7v.js";
 import {
   exports_external1 as exports_external,
   init_zod
@@ -88,6 +92,9 @@ ${objectiveList}
 4. Submit the plan via submit_plan when complete`;
 }
 
+// src/core/workflows/pentest.ts
+init_structured();
+
 // src/core/report/schemas.ts
 init_zod();
 var PentestReportFindingSchema = exports_external.object({
@@ -343,10 +350,14 @@ function formatDurationHmsFromMs(durationMs) {
 }
 
 // src/core/session/loader.ts
+init_structured();
 import { existsSync as existsSync3, readFileSync as readFileSync3 } from "fs";
 import { join as join3 } from "path";
+init_lazyLogger();
 
 // src/core/session/persistence.ts
+init_structured();
+init_lazyLogger();
 import {
   existsSync as existsSync2,
   mkdirSync,
@@ -356,6 +367,7 @@ import {
   writeFileSync as writeFileSync2
 } from "fs";
 import { join as join2 } from "path";
+var log = scopedLogger(() => createLogger("session:persistence"));
 var SUBAGENTS_DIR = "subagents";
 var MANIFEST_FILE = "agent-manifest.json";
 function loadSubagentMessages(session, agentName) {
@@ -641,7 +653,7 @@ function loadSubagents(rootPath) {
           status
         });
       } catch (e) {
-        console.error(`Failed to load subagent file ${file}:`, e);
+        log.error(`Failed to load subagent file ${file}`, e instanceof Error ? e : undefined, { error: String(e) });
       }
     }
     const entries = readdirSync(subagentsPath, { withFileTypes: true });
@@ -708,13 +720,14 @@ function loadSubagents(rootPath) {
         }
       }
     } catch (e) {
-      console.error("Failed to load agent manifest:", e);
+      log.error("Failed to load agent manifest", e instanceof Error ? e : undefined, { error: String(e) });
     }
   }
   return subagents;
 }
 
 // src/core/session/loader.ts
+var log2 = scopedLogger(() => createLogger("session:loader"));
 function loadAttackSurfaceResults(rootPath) {
   const resultsPath = join3(rootPath, "attack-surface-results.json");
   if (!existsSync3(resultsPath)) {
@@ -723,11 +736,14 @@ function loadAttackSurfaceResults(rootPath) {
   try {
     return JSON.parse(readFileSync3(resultsPath, "utf-8"));
   } catch (e) {
-    console.error("Failed to load attack surface results:", e);
+    log2.error("Failed to load attack surface results", e instanceof Error ? e : undefined, { error: String(e) });
     return null;
   }
 }
 
+// src/core/workflows/pentest.ts
+init_lazyLogger();
+
 // src/core/workflows/whiteboxAttackSurface.ts
 import {
   existsSync as existsSync12,
@@ -740,6 +756,9 @@ import {
 import { join as join15 } from "path";
 
 // src/core/agents/specialized/whiteboxAttackSurface/endpointDocumentationAgent.ts
+init_structured();
+init_lazyLogger();
+var log3 = scopedLogger(() => createLogger("endpoint-documentation-agent"));
 var ENDPOINT_DOCUMENTATION_CONCURRENCY = 10;
 function slug(name) {
   return name.toLowerCase().replace(/[^a-z0-9]+/g, "_").replace(/^_|_$/g, "");
@@ -861,7 +880,7 @@ async function runEndpointDocumentationAgent(opts) {
     });
     return true;
   } catch (error) {
-    console.error(`[endpoint-documentation-agent] "${subagentId}" FAILED:`, error instanceof Error ? error.message : String(error));
+    log3.error(`"${subagentId}" FAILED`, error instanceof Error ? error : undefined, { error: String(error) });
     eventBus?.emit("subagent-complete", {
       subagentId,
       status: "failed",
@@ -6168,6 +6187,9 @@ function mapAppWithSurface(appPath, repoRoot, options) {
 }
 
 // src/core/workflows/whiteboxAttackSurface.ts
+init_structured();
+init_lazyLogger();
+var log4 = scopedLogger(() => createLogger("whitebox-workflow"));
 var DEFAULT_CONCURRENCY = 5;
 var TASK_TYPE_LABELS = {
   pages: "Pages",
@@ -6221,7 +6243,7 @@ async function runWhiteboxAttackSurfaceWorkflow(input) {
     projectThreatModel,
     excludeTools: ["document_endpoint"]
   });
-  console.log(`[whitebox-workflow] Phase 1: discovering apps in ${codebasePath}${domains?.length ? ` (${domains.length} known domains)` : ""}`);
+  log4.info(`Phase 1: discovering apps in ${codebasePath}${domains?.length ? ` (${domains.length} known domains)` : ""}`);
   const WORKFLOW_UMBRELLA_ID = "whitebox-apps-discovery";
   eventBus?.emit("subagent-spawn", {
     subagentId: WORKFLOW_UMBRELLA_ID,
@@ -6229,10 +6251,10 @@ async function runWhiteboxAttackSurfaceWorkflow(input) {
     input: { codebasePath }
   });
   const appsResult = await appsAgent.consume();
-  console.log(`[whitebox-workflow] Phase 1 complete: ${appsResult?.apps.length ?? 0} apps discovered` + (appsResult ? ` (repoType=${appsResult.repoType}, packageManager=${appsResult.packageManager})` : " (no result returned)"));
+  log4.info(`Phase 1 complete: ${appsResult?.apps.length ?? 0} apps discovered` + (appsResult ? ` (repoType=${appsResult.repoType}, packageManager=${appsResult.packageManager})` : " (no result returned)"));
   if (appsResult?.apps.length) {
     for (const app of appsResult.apps) {
-      console.log(`[whitebox-workflow]   app: "${app.name}" type=${app.type} framework="${app.framework}" location="${app.location}"`);
+      log4.debug(`app: "${app.name}" type=${app.type} framework="${app.framework}" location="${app.location}"`);
     }
   }
   if (!appsResult || appsResult.apps.length === 0) {
@@ -6259,11 +6281,11 @@ async function runWhiteboxAttackSurfaceWorkflow(input) {
     mkdirSync2(appDir, { recursive: true });
     writeFileSync3(join15(appDir, "app.json"), JSON.stringify(toAppMetadata(app), null, 2), "utf-8");
   }
-  console.log(`[whitebox-workflow] Phase 2: surfaceIntegrationEnabled=${surfaceIntegrationEnabled}`);
+  log4.info(`Phase 2: surfaceIntegrationEnabled=${surfaceIntegrationEnabled}`);
   const NON_SERVICE_TYPES = ["cloud_resource", "storage", "database"];
   const serviceApps = appsResult.apps.filter((app) => !NON_SERVICE_TYPES.includes(app.type));
   const cloudApps = appsResult.apps.filter((app) => NON_SERVICE_TYPES.includes(app.type));
-  console.log(`[whitebox-workflow] Phase 2: ${serviceApps.length} service apps (surface or fallback per app), ${cloudApps.length} cloud resources → ${appsResult.apps.length} total apps`);
+  log4.info(`Phase 2: ${serviceApps.length} service apps (surface or fallback per app), ${cloudApps.length} cloud resources → ${appsResult.apps.length} total apps`);
   const totalApps = appsResult.apps.length;
   let completedAppCount = 0;
   eventBus?.emit("app-analysis-progress", {
@@ -6285,7 +6307,7 @@ async function runWhiteboxAttackSurfaceWorkflow(input) {
   const spawnDiscoveryAgent = async (app, type2, objective) => {
     const subagentId = `${type2}-${app.name}`;
     const appNodeId = appNodeIdFor(app.name);
-    console.log(`[whitebox-workflow] Phase 2: spawning agent id="${subagentId}" parent="${appNodeId}" (app="${app.name}", type=${type2}, appType=${app.type})`);
+    log4.debug(`Phase 2: spawning agent id="${subagentId}" parent="${appNodeId}" (app="${app.name}", type=${type2}, appType=${app.type})`);
     eventBus?.emit("subagent-spawn", {
       subagentId,
       name: TASK_TYPE_LABELS[type2],
@@ -6312,14 +6334,14 @@ async function runWhiteboxAttackSurfaceWorkflow(input) {
     });
     try {
       await agent.consume();
-      console.log(`[whitebox-workflow] Phase 2: agent "${subagentId}" completed`);
+      log4.debug(`Phase 2: agent "${subagentId}" completed`);
       eventBus?.emit("subagent-complete", {
         subagentId,
         status: "completed",
         parentSubagentId: appNodeId
       });
     } catch (error) {
-      console.error(`[whitebox-workflow] Phase 2: agent "${subagentId}" FAILED:`, error instanceof Error ? error.message : String(error));
+      log4.error(`Phase 2: agent "${subagentId}" FAILED`, error instanceof Error ? error : undefined, { error: String(error) });
       appAnyTaskFailed.set(app.name, true);
       eventBus?.emit("subagent-complete", {
         subagentId,
@@ -6337,7 +6359,7 @@ async function runWhiteboxAttackSurfaceWorkflow(input) {
       if (NON_SERVICE_TYPES.includes(app.type)) {
         await spawnCloudResourceAgent(app);
       } else if (!surfaceIntegrationEnabled) {
-        console.log(`[whitebox] ${app.name}: legacy (surfaceIntegrationEnabled=false)`);
+        log4.debug(`${app.name}: legacy (surfaceIntegrationEnabled=false)`);
         await Promise.all([
           spawnPagesAgent(app),
           spawnApiEndpointsAgent(app)
@@ -6345,7 +6367,7 @@ async function runWhiteboxAttackSurfaceWorkflow(input) {
       } else {
         const surfaceResult = mapAppWithSurface(join15(codebasePath, app.location), codebasePath, { isSingleAppRepo: serviceApps.length === 1 });
         if (surfaceResult.mode === "surface") {
-          console.log(`[whitebox] ${app.name}: surface-driven (${surfaceResult.endpoints.length} endpoints, frameworks=${surfaceResult.frameworks.join(",")})`);
+          log4.debug(`${app.name}: surface-driven (${surfaceResult.endpoints.length} endpoints, frameworks=${surfaceResult.frameworks.join(",")})`);
           await runAppEndpointDocumentation({
             codebasePath,
             app,
@@ -6364,7 +6386,7 @@ async function runWhiteboxAttackSurfaceWorkflow(input) {
             parentSubagentId: appNodeId
           });
         } else {
-          console.log(`[whitebox] ${app.name}: fallback (${surfaceResult.reason})`);
+          log4.debug(`${app.name}: fallback (${surfaceResult.reason})`);
           await Promise.all([
             spawnPagesAgent(app),
             spawnApiEndpointsAgent(app)
@@ -6392,14 +6414,14 @@ async function runWhiteboxAttackSurfaceWorkflow(input) {
     subagentId: WORKFLOW_UMBRELLA_ID,
     status: "completed"
   });
-  console.log(`[whitebox-workflow] Phase 3: reading assets from ${assetsPath}`);
+  log4.info(`Phase 3: reading assets from ${assetsPath}`);
   const {
     apps: parsedApps,
     repoType,
     packageManager
   } = readAppsFromAssetsDirectory(assetsPath, appsResult);
   for (const app of parsedApps) {
-    console.log(`[whitebox-workflow] Phase 3: "${app.name}" → ${app.pages.length} pages, ${app.apiEndpoints.length} API endpoints`);
+    log4.debug(`Phase 3: "${app.name}" → ${app.pages.length} pages, ${app.apiEndpoints.length} API endpoints`);
   }
   const apps = parsedApps;
   const totalPages = apps.reduce((sum, a) => sum + a.pages.length, 0);
@@ -6421,16 +6443,16 @@ function readAppsFromAssetsDirectory(assetsPath, appsDiscovery) {
   const repoType = appsDiscovery?.repoType ?? "unknown";
   const packageManager = appsDiscovery?.packageManager ?? "unknown";
   if (!existsSync12(assetsPath)) {
-    console.log(`[readAssets] Assets directory does not exist: ${assetsPath}`);
+    log4.debug(`readAssets: assets directory does not exist: ${assetsPath}`);
     return { apps: [], repoType, packageManager };
   }
   const entries = readdirSync10(assetsPath);
-  console.log(`[readAssets] Found ${entries.length} entries in ${assetsPath}: [${entries.join(", ")}]`);
+  log4.debug(`readAssets: found ${entries.length} entries in ${assetsPath}: [${entries.join(", ")}]`);
   const apps = [];
   for (const entry of entries) {
     const entryPath = join15(assetsPath, entry);
     if (!statSync2(entryPath).isDirectory()) {
-      console.log(`[readAssets] Skipping non-directory: ${entry}`);
+      log4.debug(`readAssets: skipping non-directory: ${entry}`);
       continue;
     }
     const appJsonPath = join15(entryPath, "app.json");
@@ -6439,17 +6461,17 @@ function readAppsFromAssetsDirectory(assetsPath, appsDiscovery) {
       try {
         metadata = JSON.parse(readFileSync9(appJsonPath, "utf-8"));
       } catch {
-        console.warn(`[readAssets] Skipping app folder with unreadable app.json: ${entry}`);
+        log4.warn(`readAssets: skipping app folder with unreadable app.json: ${entry}`);
         continue;
       }
     } else {
-      console.log(`[readAssets] Skipping folder without app.json: ${entry}`);
+      log4.debug(`readAssets: skipping folder without app.json: ${entry}`);
       continue;
     }
     const pages = [];
     const apiEndpoints = [];
     const assetFiles = readdirSync10(entryPath).filter((f) => f.endsWith(".json") && f !== "app.json");
-    console.log(`[readAssets] App "${metadata.name}" (${entry}): ${assetFiles.length} asset files`);
+    log4.debug(`readAssets: app "${metadata.name}" (${entry}): ${assetFiles.length} asset files`);
     let parseFailed = 0;
     for (const file of assetFiles) {
       try {
@@ -6457,7 +6479,7 @@ function readAppsFromAssetsDirectory(assetsPath, appsDiscovery) {
         const data = JSON.parse(raw);
         const endpoint2 = assetRecordToEndpoint(data);
         if (!endpoint2) {
-          console.log(`[readAssets]   ${file}: failed schema validation (assetRecordToEndpoint returned null)`);
+          log4.debug(`readAssets: ${file}: failed schema validation (assetRecordToEndpoint returned null)`);
           parseFailed++;
           continue;
         }
@@ -6467,11 +6489,11 @@ function readAppsFromAssetsDirectory(assetsPath, appsDiscovery) {
           apiEndpoints.push(endpoint2);
         }
       } catch {
-        console.warn(`[readAssets] Skipping unreadable asset file: ${entry}/${file}`);
+        log4.warn(`readAssets: skipping unreadable asset file: ${entry}/${file}`);
         parseFailed++;
       }
     }
-    console.log(`[readAssets] App "${metadata.name}": ${pages.length} pages, ${apiEndpoints.length} API endpoints, ${parseFailed} failed`);
+    log4.debug(`readAssets: app "${metadata.name}": ${pages.length} pages, ${apiEndpoints.length} API endpoints, ${parseFailed} failed`);
     apps.push({
       name: metadata.name,
       type: metadata.type ?? "web_application",
@@ -6797,6 +6819,7 @@ When finished, call \`response\` with a summary of how many entry points you doc
 }
 
 // src/core/workflows/pentest.ts
+var log5 = scopedLogger(() => createLogger("pentest-swarm"));
 var DEFAULT_CONCURRENCY2 = 10;
 function addUsageTotals(totals, usage) {
   if (!usage)
@@ -6874,7 +6897,7 @@ async function runPentestSwarm(input) {
         });
         await planAgent.consume();
       } catch (planErr) {
-        console.error(`[pentest-swarm] Plan phase failed for ${subagentId}: ${planErr}`);
+        log5.warn(`Plan phase failed for ${subagentId}: ${planErr}`);
       }
     }
     const objectiveStr = target.objectives.join("; ");

package/build/{cli-31cara07.js → cli-pyzw545d.js}

@@ -3,19 +3,20 @@ import {
   ASK_USER_QUESTIONS_TOOL_NAME,
   OffensiveSecurityAgent,
   SKILL_TOOL_NAMES,
-  buildBaseSystemPrompt,
-  sessions
-} from "./cli-k8mvghe1.js";
+  buildBaseSystemPrompt
+} from "./cli-zpdmnz8c.js";
 import {
   init_dist,
+  init_session,
+  sessions,
   stepCountIs
-} from "./cli-h825qzmd.js";
+} from "./cli-z1dapp7v.js";
 import {
   ensureValidToken,
   getPensarApiUrl,
   init_auth,
   init_constants
-} from "./cli-948dk60p.js";
+} from "./cli-8g5cwvbm.js";
 import {
   exports_external1 as exports_external,
   init_zod
@@ -23,7 +24,7 @@ import {
 import {
   config,
   init_config
-} from "./cli-h6nw89zf.js";
+} from "./cli-eptabm2j.js";
 import {
   __commonJS,
   __require
@@ -7441,6 +7442,7 @@ var PatchResultSchema = exports_external.object({
 });
 // src/core/workflows/threatModel.ts
 init_dist();
+init_session();
 
 // src/core/skills/registry.ts
 import fs2 from "fs/promises";

package/build/{cli-cb5va0cs.js → cli-w2st266h.js}

@@ -2,7 +2,13 @@ import {
   OffensiveSecurityAgent,
   isMemoryEnabled,
   readPlan
-} from "./cli-k8mvghe1.js";
+} from "./cli-zpdmnz8c.js";
+import {
+  createLogger,
+  init_lazyLogger,
+  init_structured,
+  scopedLogger
+} from "./cli-z1dapp7v.js";
 import {
   exports_external1 as exports_external,
   init_zod
@@ -10,8 +16,11 @@ import {
 
 // src/core/agents/specialized/pentest/agent.ts
 init_zod();
+init_structured();
 import { existsSync, readdirSync, readFileSync } from "fs";
 import { join } from "path";
+init_lazyLogger();
+var log = scopedLogger(() => createLogger("pentest-agent"));
 var ObjectiveResultSchema = exports_external.object({
   objective: exports_external.string().describe("The objective text, exactly as it was provided or a refined version"),
   completed: exports_external.boolean().describe("true if this objective was thoroughly tested and can be considered done for this endpoint; false if it still needs further testing in future runs"),