@phenixstar/talon 1.0.0

package/talon.ps1

@@ -0,0 +1,348 @@
+#Requires -Version 5.1
+<#
+.SYNOPSIS
+    Talon CLI - AI Penetration Testing Framework (PowerShell wrapper)
+.DESCRIPTION
+    PowerShell-native wrapper for Talon. Translates CLI commands to Docker Compose operations.
+    Equivalent to the bash ./talon script for Windows users without WSL/Git Bash.
+.EXAMPLE
+    .\talon.ps1 start -URL http://localhost:3000 -REPO juice-shop
+    .\talon.ps1 workspaces
+    .\talon.ps1 logs -ID example_talon-123
+    .\talon.ps1 stop -CLEAN
+#>
+
+[CmdletBinding()]
+param(
+    [Parameter(Position = 0)]
+    [ValidateSet('setup', 'doctor', 'start', 'stop', 'logs', 'workspaces', 'benchmark', 'evolve', 'help')]
+    [string]$Command = 'help',
+
+    [string]$URL,
+    [string]$REPO,
+    [string]$CONFIG,
+    [string]$OUTPUT,
+    [string]$ID,
+    [string]$WORKSPACE,
+    [string]$TARGET,
+    [int]$GENERATIONS = 1,
+    [string]$GROUND_TRUTH,
+    [string]$SEED,
+    [switch]$CLEAN,
+    [switch]$PIPELINE_TESTING,
+    [switch]$REBUILD,
+    [switch]$ROUTER
+)
+
+$ErrorActionPreference = 'Stop'
+
+# Load .env if present
+if (Test-Path '.env') {
+    Get-Content '.env' | ForEach-Object {
+        if ($_ -match '^\s*([^#][^=]+)=(.*)$') {
+            $key = $Matches[1].Trim()
+            $val = $Matches[2].Trim().Trim('"').Trim("'")
+            [Environment]::SetEnvironmentVariable($key, $val, 'Process')
+        }
+    }
+}
+
+$ComposeFile = 'docker-compose.yml'
+# Docker on Windows doesn't need the extra_hosts override (host.docker.internal works natively)
+
+function Show-Help {
+    Write-Host @"
+
+  ████████╗ █████╗ ██╗      ██████╗ ███╗   ██╗
+  ╚══██╔══╝██╔══██╗██║     ██╔═══██╗████╗  ██║
+     ██║   ███████║██║     ██║   ██║██╔██╗ ██║
+     ██║   ██╔══██║██║     ██║   ██║██║╚██╗██║
+     ██║   ██║  ██║███████╗╚██████╔╝██║ ╚████║
+     ╚═╝   ╚═╝  ╚═╝╚══════╝ ╚═════╝ ╚═╝  ╚═══╝
+
+           AI Penetration Testing Framework
+
+Usage:
+  .\talon.ps1 setup                              Interactive setup wizard
+  .\talon.ps1 doctor                             Validate configuration and dependencies
+  .\talon.ps1 start -URL <url> -REPO <name>     Start a pentest workflow
+  .\talon.ps1 workspaces                         List all workspaces
+  .\talon.ps1 logs -ID <workflow-id>             Tail logs for a specific workflow
+  .\talon.ps1 stop                               Stop all containers
+  .\talon.ps1 help                               Show this help message
+
+Options for 'start':
+  -REPO <name>            Folder name under .\repos\ (e.g. -REPO repo-name)
+  -CONFIG <path>          Configuration file (YAML)
+  -OUTPUT <path>          Output directory for reports (default: .\audit-logs\)
+  -WORKSPACE <name>       Named workspace (auto-resumes if exists)
+  -PIPELINE_TESTING       Use minimal prompts for fast testing
+  -ROUTER                 Route through claude-code-router (multi-model support)
+  -REBUILD                Force Docker rebuild
+
+Options for 'stop':
+  -CLEAN                  Remove all data including volumes
+
+Examples:
+  .\talon.ps1 start -URL https://example.com -REPO repo-name
+  .\talon.ps1 start -URL https://example.com -REPO repo-name -WORKSPACE q1-audit
+  .\talon.ps1 start -URL https://example.com -REPO repo-name -CONFIG .\config.yaml
+  .\talon.ps1 workspaces
+  .\talon.ps1 logs -ID example.com_talon-1234567890
+  .\talon.ps1 stop -CLEAN
+
+Monitor workflows at http://localhost:8233
+"@
+}
+
+function Invoke-Setup {
+    if (-not (Get-Command node -ErrorAction SilentlyContinue)) {
+        Write-Error 'Node.js is required for the setup wizard. Install Node.js 22+: https://nodejs.org/en/download'
+        exit 1
+    }
+    if (-not (Test-Path 'dist\cli\setup.js')) {
+        Write-Host 'Building Talon...'
+        npm install --silent; npm run build
+    }
+    node dist/cli/setup.js
+}
+
+function Invoke-Doctor {
+    if (-not (Get-Command node -ErrorAction SilentlyContinue)) {
+        Write-Error 'Node.js is required. Install: https://nodejs.org/en/download'
+        exit 1
+    }
+    if (-not (Test-Path 'dist\cli\doctor.js')) {
+        Write-Host 'Building Talon...'
+        npm install --silent; npm run build
+    }
+    node dist/cli/doctor.js
+}
+
+function Test-TemporalReady {
+    try {
+        $result = docker compose -f $ComposeFile exec -T temporal `
+            temporal operator cluster health --address localhost:7233 2>$null
+        return $result -match 'SERVING'
+    }
+    catch { return $false }
+}
+
+function Start-Containers {
+    if (Test-TemporalReady) {
+        docker compose -f $ComposeFile up -d worker 2>$null
+        return
+    }
+
+    Write-Host 'Starting Talon containers...'
+    if ($REBUILD) {
+        Write-Host 'Rebuilding with --no-cache...'
+        docker compose -f $ComposeFile build --no-cache worker
+    }
+    docker compose -f $ComposeFile up -d --build
+
+    Write-Host 'Waiting for Temporal to be ready...'
+    for ($i = 1; $i -le 30; $i++) {
+        if (Test-TemporalReady) {
+            Write-Host 'Temporal is ready!'
+            return
+        }
+        if ($i -eq 30) {
+            Write-Error 'Timeout waiting for Temporal'
+            exit 1
+        }
+        Start-Sleep -Seconds 2
+    }
+}
+
+function Invoke-Start {
+    if (-not $URL -or -not $REPO) {
+        Write-Error 'URL and REPO are required. Usage: .\talon.ps1 start -URL <url> -REPO <name>'
+        exit 1
+    }
+
+    # Check credentials
+    $apiKey = $env:ANTHROPIC_API_KEY
+    $oauthToken = $env:CLAUDE_CODE_OAUTH_TOKEN
+    if (-not $apiKey -and -not $oauthToken) {
+        if ($env:CLAUDE_CODE_USE_BEDROCK -eq '1') {
+            # Bedrock mode validation
+            $missing = @()
+            if (-not $env:AWS_REGION) { $missing += 'AWS_REGION' }
+            if (-not $env:AWS_BEARER_TOKEN_BEDROCK) { $missing += 'AWS_BEARER_TOKEN_BEDROCK' }
+            if (-not $env:ANTHROPIC_SMALL_MODEL) { $missing += 'ANTHROPIC_SMALL_MODEL' }
+            if (-not $env:ANTHROPIC_MEDIUM_MODEL) { $missing += 'ANTHROPIC_MEDIUM_MODEL' }
+            if (-not $env:ANTHROPIC_LARGE_MODEL) { $missing += 'ANTHROPIC_LARGE_MODEL' }
+            if ($missing.Count -gt 0) {
+                Write-Error "Bedrock mode requires: $($missing -join ', ')"
+                exit 1
+            }
+        }
+        elseif ($env:CLAUDE_CODE_USE_VERTEX -eq '1') {
+            # Vertex mode validation
+            $missing = @()
+            if (-not $env:CLOUD_ML_REGION) { $missing += 'CLOUD_ML_REGION' }
+            if (-not $env:ANTHROPIC_VERTEX_PROJECT_ID) { $missing += 'ANTHROPIC_VERTEX_PROJECT_ID' }
+            if (-not $env:GOOGLE_APPLICATION_CREDENTIALS) { $missing += 'GOOGLE_APPLICATION_CREDENTIALS' }
+            if (-not $env:ANTHROPIC_SMALL_MODEL) { $missing += 'ANTHROPIC_SMALL_MODEL' }
+            if (-not $env:ANTHROPIC_MEDIUM_MODEL) { $missing += 'ANTHROPIC_MEDIUM_MODEL' }
+            if (-not $env:ANTHROPIC_LARGE_MODEL) { $missing += 'ANTHROPIC_LARGE_MODEL' }
+            if ($missing.Count -gt 0) {
+                Write-Error "Vertex AI mode requires: $($missing -join ', ')"
+                exit 1
+            }
+        }
+        elseif ($ROUTER -and ($env:OPENAI_API_KEY -or $env:OPENROUTER_API_KEY)) {
+            $env:ANTHROPIC_API_KEY = 'router-mode'
+        }
+        else {
+            Write-Error @"
+Set ANTHROPIC_API_KEY or CLAUDE_CODE_OAUTH_TOKEN in .env
+  (or use CLAUDE_CODE_USE_BEDROCK=1, CLAUDE_CODE_USE_VERTEX=1,
+   or -ROUTER with OPENAI_API_KEY or OPENROUTER_API_KEY)
+"@
+            exit 1
+        }
+    }
+
+    # Determine container repo path
+    $containerRepo = switch -Wildcard ($REPO) {
+        '/benchmarks/*' { $REPO }
+        '/repos/*' { $REPO }
+        default {
+            if (-not (Test-Path ".\repos\$REPO")) {
+                Write-Error "Repository not found at .\repos\$REPO"
+                exit 1
+            }
+            "/repos/$REPO"
+        }
+    }
+
+    # Prepare output directory
+    if ($OUTPUT) {
+        New-Item -ItemType Directory -Path $OUTPUT -Force | Out-Null
+        $env:OUTPUT_DIR = $OUTPUT
+    }
+
+    # Handle router
+    if ($ROUTER) {
+        $env:ANTHROPIC_BASE_URL = 'http://router:3456'
+        if (-not $env:TALON_ROUTER_KEY) {
+            $bytes = New-Object byte[] 32
+            [System.Security.Cryptography.RandomNumberGenerator]::Create().GetBytes($bytes)
+            $env:TALON_ROUTER_KEY = ($bytes | ForEach-Object { $_.ToString('x2') }) -join ''
+            Write-Host 'Generated router key (set TALON_ROUTER_KEY in .env to persist)'
+        }
+        $env:ANTHROPIC_AUTH_TOKEN = $env:TALON_ROUTER_KEY
+
+        Write-Host 'Starting claude-code-router...'
+        docker compose -f $ComposeFile --profile router up -d --build router
+
+        Write-Host 'Waiting for router...'
+        for ($i = 1; $i -le 15; $i++) {
+            $ps = docker compose -f $ComposeFile --profile router ps router 2>$null
+            if ($ps -match 'healthy') {
+                Write-Host 'Router is ready!'
+                break
+            }
+            if ($i -eq 15) { Write-Host 'WARNING: Router health check timed out (continuing)' }
+            Start-Sleep -Seconds 2
+        }
+    }
+
+    # Ensure directories
+    New-Item -ItemType Directory -Path '.\audit-logs', '.\credentials' -Force | Out-Null
+    if (Test-Path ".\repos\$REPO") {
+        New-Item -ItemType Directory -Path ".\repos\$REPO\deliverables" -Force | Out-Null
+    }
+
+    Start-Containers
+
+    # Build args
+    $args = @()
+    if ($CONFIG) { $args += '--config', $CONFIG }
+    if ($OUTPUT) { $args += '--output', '/app/output', '--display-output', $OUTPUT }
+    if ($PIPELINE_TESTING) { $args += '--pipeline-testing' }
+    if ($WORKSPACE) { $args += '--workspace', $WORKSPACE }
+
+    docker compose -f $ComposeFile exec -T worker `
+        node dist/temporal/client.js $URL $containerRepo @args
+}
+
+function Invoke-Logs {
+    if (-not $ID) {
+        Write-Error 'ID is required. Usage: .\talon.ps1 logs -ID <workflow-id>'
+        exit 1
+    }
+
+    $logPath = ".\audit-logs\$ID\workflow.log"
+    if (Test-Path $logPath) {
+        Write-Host "Tailing workflow log: $logPath"
+        Get-Content -Path $logPath -Wait -Tail 50
+    }
+    else {
+        Write-Error @"
+Workflow log not found for ID: $ID
+
+Possible causes:
+  - Workflow hasn't started yet
+  - Workflow ID is incorrect
+
+Check the Temporal Web UI at http://localhost:8233
+"@
+        exit 1
+    }
+}
+
+function Invoke-Workspaces {
+    Start-Containers
+    docker compose -f $ComposeFile exec -T worker node dist/temporal/workspaces.js
+}
+
+function Invoke-Benchmark {
+    if (-not $TARGET) {
+        Write-Error 'TARGET is required. Usage: .\talon.ps1 benchmark -TARGET <name>'
+        exit 1
+    }
+
+    Start-Containers
+
+    $benchArgs = @($TARGET, '--output', '/app/audit-logs')
+    if ($GROUND_TRUTH) { $benchArgs += '--ground-truth', $GROUND_TRUTH }
+
+    docker compose -f $ComposeFile exec -T worker `
+        node dist/backtesting/benchmark-cli.js @benchArgs
+}
+
+function Invoke-Evolve {
+    Start-Containers
+
+    $evolveArgs = @('--generations', $GENERATIONS)
+    if ($SEED) { $evolveArgs += '--seed', $SEED }
+
+    docker compose -f $ComposeFile exec -T worker `
+        node dist/evolution/evolve-cli.js @evolveArgs
+}
+
+function Invoke-Stop {
+    if ($CLEAN) {
+        docker compose -f $ComposeFile --profile router down -v
+    }
+    else {
+        docker compose -f $ComposeFile --profile router down
+    }
+}
+
+# Dispatch
+switch ($Command) {
+    'setup'      { Invoke-Setup }
+    'doctor'     { Invoke-Doctor }
+    'start'      { Invoke-Start }
+    'benchmark'  { Invoke-Benchmark }
+    'evolve'     { Invoke-Evolve }
+    'logs'       { Invoke-Logs }
+    'workspaces' { Invoke-Workspaces }
+    'stop'       { Invoke-Stop }
+    'help'       { Show-Help }
+    default      { Show-Help }
+}