@phenixstar/talon 1.0.0

package/dist/types/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/types/errors.ts"],"names":[],"mappings":"AAMA;;GAEG;AAEH;;;;;;GAMG;AACH,oBAAY,SAAS;IAEnB,gBAAgB,qBAAqB;IACrC,wBAAwB,6BAA6B;IACrD,kBAAkB,uBAAuB;IAGzC,sBAAsB,2BAA2B;IACjD,wBAAwB,6BAA6B;IAGrD,gBAAgB,qBAAqB;IACrC,oBAAoB,yBAAyB;IAC7C,oBAAoB,yBAAyB;IAG7C,qBAAqB,0BAA0B;IAC/C,mBAAmB,wBAAwB;IAG3C,kBAAkB,uBAAuB;IAGzC,qBAAqB,0BAA0B;IAG/C,cAAc,mBAAmB;IACjC,WAAW,gBAAgB;IAC3B,aAAa,kBAAkB;CAChC;AAED,MAAM,MAAM,gBAAgB,GACxB,QAAQ,GACR,SAAS,GACT,MAAM,GACN,QAAQ,GACR,YAAY,GACZ,YAAY,GACZ,SAAS,GACT,SAAS,CAAC;AAEd,MAAM,WAAW,mBAAmB;IAClC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,gBAAgB,CAAC;QACvB,SAAS,EAAE,OAAO,CAAC;QACnB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,KAAK,CAAC;IACf,KAAK,EAAE,KAAK,CAAC;CACd;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,KAAK,CAAC;IACf,KAAK,EAAE,KAAK,CAAC;CACd"}

package/dist/types/errors.js

@@ -0,0 +1,41 @@
+// Copyright (C) 2025 PhenixStar (Alaa Qweider)
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License version 3
+// as published by the Free Software Foundation.
+/**
+ * Error type definitions
+ */
+/**
+ * Specific error codes for reliable classification.
+ *
+ * ErrorCode provides precision within the coarse 8-category PentestErrorType.
+ * Used by classifyErrorForTemporal for code-based classification (preferred)
+ * with string matching as fallback for external errors.
+ */
+export var ErrorCode;
+(function (ErrorCode) {
+    // Config errors (PentestErrorType: 'config')
+    ErrorCode["CONFIG_NOT_FOUND"] = "CONFIG_NOT_FOUND";
+    ErrorCode["CONFIG_VALIDATION_FAILED"] = "CONFIG_VALIDATION_FAILED";
+    ErrorCode["CONFIG_PARSE_ERROR"] = "CONFIG_PARSE_ERROR";
+    // Agent execution errors (PentestErrorType: 'validation')
+    ErrorCode["AGENT_EXECUTION_FAILED"] = "AGENT_EXECUTION_FAILED";
+    ErrorCode["OUTPUT_VALIDATION_FAILED"] = "OUTPUT_VALIDATION_FAILED";
+    // Billing errors (PentestErrorType: 'billing')
+    ErrorCode["API_RATE_LIMITED"] = "API_RATE_LIMITED";
+    ErrorCode["SPENDING_CAP_REACHED"] = "SPENDING_CAP_REACHED";
+    ErrorCode["INSUFFICIENT_CREDITS"] = "INSUFFICIENT_CREDITS";
+    // Git errors (PentestErrorType: 'filesystem')
+    ErrorCode["GIT_CHECKPOINT_FAILED"] = "GIT_CHECKPOINT_FAILED";
+    ErrorCode["GIT_ROLLBACK_FAILED"] = "GIT_ROLLBACK_FAILED";
+    // Prompt errors (PentestErrorType: 'prompt')
+    ErrorCode["PROMPT_LOAD_FAILED"] = "PROMPT_LOAD_FAILED";
+    // Validation errors (PentestErrorType: 'validation')
+    ErrorCode["DELIVERABLE_NOT_FOUND"] = "DELIVERABLE_NOT_FOUND";
+    // Preflight validation errors
+    ErrorCode["REPO_NOT_FOUND"] = "REPO_NOT_FOUND";
+    ErrorCode["AUTH_FAILED"] = "AUTH_FAILED";
+    ErrorCode["BILLING_ERROR"] = "BILLING_ERROR";
+})(ErrorCode || (ErrorCode = {}));
+//# sourceMappingURL=errors.js.map

package/dist/types/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/types/errors.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAC/C,EAAE;AACF,uEAAuE;AACvE,wEAAwE;AACxE,gDAAgD;AAEhD;;GAEG;AAEH;;;;;;GAMG;AACH,MAAM,CAAN,IAAY,SA6BX;AA7BD,WAAY,SAAS;IACnB,6CAA6C;IAC7C,kDAAqC,CAAA;IACrC,kEAAqD,CAAA;IACrD,sDAAyC,CAAA;IAEzC,0DAA0D;IAC1D,8DAAiD,CAAA;IACjD,kEAAqD,CAAA;IAErD,+CAA+C;IAC/C,kDAAqC,CAAA;IACrC,0DAA6C,CAAA;IAC7C,0DAA6C,CAAA;IAE7C,8CAA8C;IAC9C,4DAA+C,CAAA;IAC/C,wDAA2C,CAAA;IAE3C,6CAA6C;IAC7C,sDAAyC,CAAA;IAEzC,qDAAqD;IACrD,4DAA+C,CAAA;IAE/C,8BAA8B;IAC9B,8CAAiC,CAAA;IACjC,wCAA2B,CAAA;IAC3B,4CAA+B,CAAA;AACjC,CAAC,EA7BW,SAAS,KAAT,SAAS,QA6BpB"}

package/dist/types/evolution.d.ts

@@ -0,0 +1,36 @@
+/** A single evolved payload unit with fitness metadata */
+export interface Gene {
+    id: string;
+    cwe: string;
+    payload: string;
+    technique: string;
+    mutationHistory: string[];
+    fitness: number;
+    generation: number;
+}
+/** A snapshot of the full population at a given generation */
+export interface Population {
+    genes: Gene[];
+    generation: number;
+    bestFitness: number;
+    averageFitness: number;
+}
+/** Fitness evaluation result for a single gene */
+export interface FitnessResult {
+    geneId: string;
+    f1Score: number;
+    evasionRate: number;
+    speed: number;
+    compositeFitness: number;
+}
+/** Tuning parameters for the evolutionary algorithm */
+export interface EvolutionConfig {
+    populationSize: number;
+    mutationRate: number;
+    crossoverRate: number;
+    eliteCount: number;
+    tournamentSize: number;
+    maxGenerations: number;
+}
+export declare const DEFAULT_EVOLUTION_CONFIG: EvolutionConfig;
+//# sourceMappingURL=evolution.d.ts.map

package/dist/types/evolution.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"evolution.d.ts","sourceRoot":"","sources":["../../src/types/evolution.ts"],"names":[],"mappings":"AAMA,0DAA0D;AAC1D,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,8DAA8D;AAC9D,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,kDAAkD;AAClD,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,uDAAuD;AACvD,MAAM,WAAW,eAAe;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,eAAO,MAAM,wBAAwB,EAAE,eAOtC,CAAC"}

package/dist/types/evolution.js

@@ -0,0 +1,14 @@
+// Copyright (C) 2025 PhenixStar (Alaa Qweider)
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License version 3
+// as published by the Free Software Foundation.
+export const DEFAULT_EVOLUTION_CONFIG = {
+    populationSize: 100,
+    mutationRate: 0.1,
+    crossoverRate: 0.7,
+    eliteCount: 5,
+    tournamentSize: 3,
+    maxGenerations: 50,
+};
+//# sourceMappingURL=evolution.js.map

package/dist/types/evolution.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"evolution.js","sourceRoot":"","sources":["../../src/types/evolution.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAC/C,EAAE;AACF,uEAAuE;AACvE,wEAAwE;AACxE,gDAAgD;AAwChD,MAAM,CAAC,MAAM,wBAAwB,GAAoB;IACvD,cAAc,EAAE,GAAG;IACnB,YAAY,EAAE,GAAG;IACjB,aAAa,EAAE,GAAG;IAClB,UAAU,EAAE,CAAC;IACb,cAAc,EAAE,CAAC;IACjB,cAAc,EAAE,EAAE;CACnB,CAAC"}

package/dist/types/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Type definitions barrel export
+ */
+export * from './activity-logger.js';
+export * from './errors.js';
+export * from './config.js';
+export * from './agents.js';
+export * from './audit.js';
+export * from './result.js';
+export * from './metrics.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAMA;;GAEG;AAEH,cAAc,sBAAsB,CAAC;AACrC,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC"}

package/dist/types/index.js

@@ -0,0 +1,16 @@
+// Copyright (C) 2025 PhenixStar (Alaa Qweider)
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License version 3
+// as published by the Free Software Foundation.
+/**
+ * Type definitions barrel export
+ */
+export * from './activity-logger.js';
+export * from './errors.js';
+export * from './config.js';
+export * from './agents.js';
+export * from './audit.js';
+export * from './result.js';
+export * from './metrics.js';
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAC/C,EAAE;AACF,uEAAuE;AACvE,wEAAwE;AACxE,gDAAgD;AAEhD;;GAEG;AAEH,cAAc,sBAAsB,CAAC;AACrC,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC"}

package/dist/types/metrics.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Agent metrics types used across services and activities.
+ * Centralized here to avoid temporal/shared.ts import boundary violations.
+ */
+export interface AgentMetrics {
+    durationMs: number;
+    inputTokens: number | null;
+    outputTokens: number | null;
+    costUsd: number | null;
+    numTurns: number | null;
+    model?: string | undefined;
+}
+//# sourceMappingURL=metrics.d.ts.map

package/dist/types/metrics.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"metrics.d.ts","sourceRoot":"","sources":["../../src/types/metrics.ts"],"names":[],"mappings":"AAMA;;;GAGG;AAEH,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC5B"}

package/dist/types/metrics.js

@@ -0,0 +1,7 @@
+// Copyright (C) 2025 PhenixStar (Alaa Qweider)
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License version 3
+// as published by the Free Software Foundation.
+export {};
+//# sourceMappingURL=metrics.js.map

package/dist/types/metrics.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"metrics.js","sourceRoot":"","sources":["../../src/types/metrics.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAC/C,EAAE;AACF,uEAAuE;AACvE,wEAAwE;AACxE,gDAAgD"}

package/dist/types/resilience.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Types for the resilience subsystem (WAF fingerprinting, payload mutation, pivoting).
+ */
+export type WafType = 'cloudflare' | 'aws-waf' | 'azure-waf' | 'cloud-armor' | 'modsecurity' | 'akamai' | 'imperva' | 'unknown';
+export interface WafFingerprint {
+    wafType: WafType;
+    confidence: number;
+    signatures: string[];
+}
+export type MutationTier = 'structural' | 'case' | 'encoding' | 'obfuscation' | 'technique-rotation';
+export interface MutationResult {
+    original: string;
+    mutated: string;
+    operator: string;
+    tier: MutationTier;
+}
+export interface PivotDecision {
+    blockedVector: string;
+    alternativeVectors: string[];
+    confidence: number;
+    reason: string;
+}
+export interface BypassTechnique {
+    name: string;
+    successRate: number;
+    effort: number;
+    applicableVulnTypes: string[];
+    example: string;
+}
+//# sourceMappingURL=resilience.d.ts.map

package/dist/types/resilience.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resilience.d.ts","sourceRoot":"","sources":["../../src/types/resilience.ts"],"names":[],"mappings":"AAMA;;GAEG;AAEH,MAAM,MAAM,OAAO,GACf,YAAY,GACZ,SAAS,GACT,WAAW,GACX,aAAa,GACb,aAAa,GACb,QAAQ,GACR,SAAS,GACT,SAAS,CAAC;AAEd,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,MAAM,MAAM,YAAY,GACpB,YAAY,GACZ,MAAM,GACN,UAAU,GACV,aAAa,GACb,oBAAoB,CAAC;AAEzB,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,YAAY,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,OAAO,EAAE,MAAM,CAAC;CACjB"}

package/dist/types/resilience.js

@@ -0,0 +1,7 @@
+// Copyright (C) 2025 PhenixStar (Alaa Qweider)
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License version 3
+// as published by the Free Software Foundation.
+export {};
+//# sourceMappingURL=resilience.js.map

package/dist/types/resilience.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resilience.js","sourceRoot":"","sources":["../../src/types/resilience.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAC/C,EAAE;AACF,uEAAuE;AACvE,wEAAwE;AACxE,gDAAgD"}

package/dist/types/result.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Minimal Result type for explicit error handling.
+ *
+ * A discriminated union that makes error handling explicit without adding
+ * heavy machinery. Used in key modules (config loading, agent execution,
+ * queue validation) where callers need to make decisions based on error type.
+ */
+/**
+ * Success variant of Result
+ */
+export interface Ok<T> {
+    readonly ok: true;
+    readonly value: T;
+}
+/**
+ * Error variant of Result
+ */
+export interface Err<E> {
+    readonly ok: false;
+    readonly error: E;
+}
+/**
+ * Result type - either Ok with a value or Err with an error
+ */
+export type Result<T, E> = Ok<T> | Err<E>;
+/**
+ * Create a success Result
+ */
+export declare function ok<T>(value: T): Ok<T>;
+/**
+ * Create an error Result
+ */
+export declare function err<E>(error: E): Err<E>;
+/**
+ * Type guard for Ok variant
+ */
+export declare function isOk<T, E>(result: Result<T, E>): result is Ok<T>;
+/**
+ * Type guard for Err variant
+ */
+export declare function isErr<T, E>(result: Result<T, E>): result is Err<E>;
+//# sourceMappingURL=result.d.ts.map

package/dist/types/result.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"result.d.ts","sourceRoot":"","sources":["../../src/types/result.ts"],"names":[],"mappings":"AAMA;;;;;;GAMG;AAEH;;GAEG;AACH,MAAM,WAAW,EAAE,CAAC,CAAC;IACnB,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC;IAClB,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,GAAG,CAAC,CAAC;IACpB,QAAQ,CAAC,EAAE,EAAE,KAAK,CAAC;IACnB,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,MAAM,MAAM,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;AAE1C;;GAEG;AACH,wBAAgB,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAErC;AAED;;GAEG;AACH,wBAAgB,GAAG,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAEvC;AAED;;GAEG;AACH,wBAAgB,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,CAEhE;AAED;;GAEG;AACH,wBAAgB,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAElE"}

package/dist/types/result.js

@@ -0,0 +1,30 @@
+// Copyright (C) 2025 PhenixStar (Alaa Qweider)
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License version 3
+// as published by the Free Software Foundation.
+/**
+ * Create a success Result
+ */
+export function ok(value) {
+    return { ok: true, value };
+}
+/**
+ * Create an error Result
+ */
+export function err(error) {
+    return { ok: false, error };
+}
+/**
+ * Type guard for Ok variant
+ */
+export function isOk(result) {
+    return result.ok === true;
+}
+/**
+ * Type guard for Err variant
+ */
+export function isErr(result) {
+    return result.ok === false;
+}
+//# sourceMappingURL=result.js.map

package/dist/types/result.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"result.js","sourceRoot":"","sources":["../../src/types/result.ts"],"names":[],"mappings":"AAAA,+CAA+C;AAC/C,EAAE;AACF,uEAAuE;AACvE,wEAAwE;AACxE,gDAAgD;AA+BhD;;GAEG;AACH,MAAM,UAAU,EAAE,CAAI,KAAQ;IAC5B,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,GAAG,CAAI,KAAQ;IAC7B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,IAAI,CAAO,MAAoB;IAC7C,OAAO,MAAM,CAAC,EAAE,KAAK,IAAI,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,KAAK,CAAO,MAAoB;IAC9C,OAAO,MAAM,CAAC,EAAE,KAAK,KAAK,CAAC;AAC7B,CAAC"}

package/docker-compose.yml

@@ -0,0 +1,91 @@
+services:
+  temporal:
+    image: temporalio/temporal:latest
+    command: ["server", "start-dev", "--db-filename", "/home/temporal/temporal.db", "--ip", "0.0.0.0"]
+    ports:
+      - "127.0.0.1:7233:7233"   # gRPC
+      - "127.0.0.1:8233:8233"   # Web UI (built-in)
+    volumes:
+      - temporal-data:/home/temporal
+    healthcheck:
+      test: ["CMD", "temporal", "operator", "cluster", "health", "--address", "localhost:7233"]
+      interval: 10s
+      timeout: 5s
+      retries: 10
+      start_period: 30s
+
+  worker:
+    build: .
+    entrypoint: ["node", "dist/temporal/worker.js"]
+    environment:
+      - TEMPORAL_ADDRESS=temporal:7233
+      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
+      - ANTHROPIC_BASE_URL=${ANTHROPIC_BASE_URL:-}  # Optional: route through claude-code-router
+      - ANTHROPIC_AUTH_TOKEN=${ANTHROPIC_AUTH_TOKEN:-}  # Auth token for router
+      - ROUTER_DEFAULT=${ROUTER_DEFAULT:-}  # Model name when using router (e.g., "gemini,gemini-2.5-pro")
+      - CLAUDE_CODE_OAUTH_TOKEN=${CLAUDE_CODE_OAUTH_TOKEN:-}
+      - CLAUDE_CODE_USE_BEDROCK=${CLAUDE_CODE_USE_BEDROCK:-}
+      - AWS_REGION=${AWS_REGION:-}
+      - AWS_BEARER_TOKEN_BEDROCK=${AWS_BEARER_TOKEN_BEDROCK:-}
+      - CLAUDE_CODE_USE_VERTEX=${CLAUDE_CODE_USE_VERTEX:-}
+      - CLOUD_ML_REGION=${CLOUD_ML_REGION:-}
+      - ANTHROPIC_VERTEX_PROJECT_ID=${ANTHROPIC_VERTEX_PROJECT_ID:-}
+      - GOOGLE_APPLICATION_CREDENTIALS=${GOOGLE_APPLICATION_CREDENTIALS:-}
+      - ANTHROPIC_SMALL_MODEL=${ANTHROPIC_SMALL_MODEL:-}
+      - ANTHROPIC_MEDIUM_MODEL=${ANTHROPIC_MEDIUM_MODEL:-}
+      - ANTHROPIC_LARGE_MODEL=${ANTHROPIC_LARGE_MODEL:-}
+      - CLAUDE_CODE_MAX_OUTPUT_TOKENS=${CLAUDE_CODE_MAX_OUTPUT_TOKENS:-64000}
+      - TALON_MAX_TURNS=${TALON_MAX_TURNS:-500}
+      - TALON_PERMISSION_MODE=${TALON_PERMISSION_MODE:-bypassPermissions}
+    depends_on:
+      temporal:
+        condition: service_healthy
+    volumes:
+      - ./configs:/app/configs
+      - ./prompts:/app/prompts
+      - ./audit-logs:/app/audit-logs
+      - ${OUTPUT_DIR:-./audit-logs}:/app/output
+      - ./credentials:/app/credentials:ro
+      - ./repos:/repos
+      - ${BENCHMARKS_BASE:-.}:/benchmarks
+    read_only: true
+    tmpfs:
+      - /tmp:size=512m
+      - /var/tmp:size=256m
+      - /run:size=128m
+    shm_size: 2gb
+    cap_drop:
+      - ALL
+    cap_add:
+      - NET_RAW
+      - NET_BIND_SERVICE
+    security_opt:
+      - seccomp=configs/talon-seccomp.json
+
+  # Optional: claude-code-router for multi-model support
+  # Start with: ROUTER=true ./talon start ...
+  router:
+    build:
+      context: .
+      dockerfile: Dockerfile.router
+    profiles: ["router"]  # Only starts when explicitly requested
+    ports:
+      - "127.0.0.1:3456:3456"
+    volumes:
+      - ./configs/router-config.json:/config/router-config.json:ro
+    environment:
+      - HOST=0.0.0.0
+      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
+      - OPENAI_API_KEY=${OPENAI_API_KEY:-}
+      - OPENROUTER_API_KEY=${OPENROUTER_API_KEY:-}
+      - ROUTER_DEFAULT=${ROUTER_DEFAULT:-openai,gpt-4o}
+      - TALON_ROUTER_KEY=${TALON_ROUTER_KEY:-}
+    healthcheck:
+      test: ["CMD", "node", "-e", "require('http').get('http://localhost:3456/health', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+
+volumes:
+  temporal-data:

package/package.json

@@ -0,0 +1,75 @@
+{
+  "name": "@phenixstar/talon",
+  "version": "1.0.0",
+  "description": "AI penetration testing framework — autonomous security assessment with 13 agents across a 5-phase pipeline",
+  "type": "module",
+  "bin": {
+    "talon": "bin/talon.js"
+  },
+  "files": [
+    "bin/",
+    "dist/cli/",
+    "dist/types/",
+    "prompts/",
+    "configs/",
+    ".env.example",
+    "docker-compose.yml",
+    "Dockerfile",
+    "Dockerfile.router",
+    "talon",
+    "talon.ps1"
+  ],
+  "keywords": [
+    "security",
+    "pentesting",
+    "ai",
+    "claude",
+    "vulnerability-scanner",
+    "autonomous-agent"
+  ],
+  "author": "PhenixStar",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/PhenixStar/talon.git"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsc",
+    "temporal:server": "docker compose -f docker/docker-compose.temporal.yml up temporal -d",
+    "temporal:server:stop": "docker compose -f docker/docker-compose.temporal.yml down",
+    "temporal:worker": "node dist/temporal/worker.js",
+    "temporal:start": "node dist/temporal/client.js",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage"
+  },
+  "dependencies": {
+    "@anthropic-ai/claude-agent-sdk": "^0.2.38",
+    "@inquirer/prompts": "^8.3.0",
+    "@temporalio/activity": "^1.11.0",
+    "@temporalio/client": "^1.11.0",
+    "@temporalio/worker": "^1.11.0",
+    "@temporalio/workflow": "^1.11.0",
+    "ajv": "^8.12.0",
+    "ajv-formats": "^2.1.1",
+    "boxen": "^8.0.1",
+    "chalk": "^5.0.0",
+    "dotenv": "^16.4.5",
+    "figlet": "^1.9.3",
+    "gradient-string": "^3.0.0",
+    "js-yaml": "^4.1.0",
+    "ora": "^9.3.0",
+    "yaml": "^2.8.2",
+    "zx": "^8.0.0"
+  },
+  "devDependencies": {
+    "@types/js-yaml": "^4.0.9",
+    "@types/node": "^25.0.3",
+    "@vitest/coverage-v8": "^3.0.0",
+    "typescript": "^5.9.3",
+    "vitest": "^3.0.0"
+  }
+}