cipher-security 5.0.0

package/lib/benchmark/reporter.js

@@ -0,0 +1,103 @@
+// Copyright (c) 2026 defconxt. All rights reserved.
+// Licensed under AGPL-3.0 — see LICENSE file for details.
+
+/**
+ * CIPHER Benchmark — Report generation (JSON + Markdown with gap analysis).
+ */
+
+import { ALL_BASELINES, PENTESTGPT_BASELINE } from './baselines.js';
+import { reportToDict } from './runner.js';
+
+export function generateJsonReport(report, solverName = '') {
+  const data = reportToDict(report);
+  data.metadata = { generated_at: new Date().toISOString(), solver: solverName };
+  data.baselines = {};
+  for (const bl of ALL_BASELINES) {
+    data.baselines[bl.name] = {
+      overall_pct: bl.overallPct,
+      overall_passed: bl.overallPassed,
+      overall_total: bl.overallTotal,
+      level_pct: Object.fromEntries(Object.entries(bl.levelPct).map(([k, v]) => [String(k), v])),
+      median_cost_usd: bl.medianCostUsd,
+      source: bl.source,
+    };
+  }
+  const byLevel = report.passRateByLevel();
+  data.gap_analysis = {
+    vs_pentestgpt: {
+      overall_delta: Math.round((report.passRate - PENTESTGPT_BASELINE.overallPct) * 10) / 10,
+      level_deltas: {},
+    },
+  };
+  for (const [level, pgtPct] of Object.entries(PENTESTGPT_BASELINE.levelPct)) {
+    const cipherPct = byLevel[level] || 0;
+    data.gap_analysis.vs_pentestgpt.level_deltas[level] = {
+      cipher: Math.round(cipherPct * 10) / 10,
+      pentestgpt: pgtPct,
+      delta: Math.round((cipherPct - pgtPct) * 10) / 10,
+    };
+  }
+  return JSON.stringify(data, null, 2);
+}
+
+function medianCost(report) {
+  const costs = report.results.map((r) => r.solverResult.apiCostUsd).sort((a, b) => a - b);
+  if (!costs.length) return 0;
+  const mid = Math.floor(costs.length / 2);
+  return costs.length % 2 === 0 ? (costs[mid - 1] + costs[mid]) / 2 : costs[mid];
+}
+
+export function generateMarkdownReport(report, solverName = '') {
+  const lines = [];
+  lines.push('# CIPHER Benchmark Report', '');
+  lines.push(`**Generated:** ${new Date().toISOString().slice(0, 16).replace('T', ' ')} UTC`);
+  lines.push(`**Solver:** ${solverName}`, '');
+  lines.push('## Summary', '');
+  lines.push('| Metric | Value |', '|--------|-------|');
+  lines.push(`| Total benchmarks | ${report.total} |`);
+  lines.push(`| Passed | ${report.passed} |`);
+  lines.push(`| Failed | ${report.failed} |`);
+  lines.push(`| Skipped (errors) | ${report.skipped} |`);
+  lines.push(`| **Pass rate** | **${report.passRate.toFixed(1)}%** |`);
+  lines.push(`| Total duration | ${report.durationS.toFixed(1)}s |`);
+  lines.push(`| Total cost | $${report.totalCostUsd.toFixed(4)} |`, '');
+
+  lines.push('## Gap Analysis vs Competitors', '');
+  lines.push('| System | Overall | L1 (Easy) | L2 (Medium) | L3 (Hard) | Median Cost |');
+  lines.push('|--------|---------|-----------|-------------|-----------|-------------|');
+  const byLevel = report.passRateByLevel();
+  const mc = medianCost(report);
+  lines.push(`| **CIPHER** | **${report.passRate.toFixed(1)}%** | ${(byLevel[1] || 0).toFixed(1)}% | ${(byLevel[2] || 0).toFixed(1)}% | ${(byLevel[3] || 0).toFixed(1)}% | $${mc.toFixed(2)} |`);
+  for (const bl of ALL_BASELINES) {
+    const l1 = bl.levelPct[1] ? `${bl.levelPct[1].toFixed(1)}%` : '—';
+    const l2 = bl.levelPct[2] ? `${bl.levelPct[2].toFixed(1)}%` : '—';
+    const l3 = bl.levelPct[3] ? `${bl.levelPct[3].toFixed(1)}%` : '—';
+    const cost = bl.medianCostUsd ? `$${bl.medianCostUsd.toFixed(2)}` : '—';
+    lines.push(`| ${bl.name} | ${bl.overallPct.toFixed(1)}% | ${l1} | ${l2} | ${l3} | ${cost} |`);
+  }
+  lines.push('');
+
+  const delta = report.passRate - PENTESTGPT_BASELINE.overallPct;
+  const dir = delta > 0 ? 'ahead' : delta < 0 ? 'behind' : 'tied';
+  lines.push('### Delta vs PentestGPT', '');
+  lines.push(`**Overall:** ${delta >= 0 ? '+' : ''}${delta.toFixed(1)}pp (${dir})`, '');
+
+  lines.push('## Results by Difficulty Level', '');
+  for (const level of Object.keys(byLevel).sort()) {
+    const lr = report.results.filter((r) => r.config.level === parseInt(level));
+    const p = lr.filter((r) => r.passed).length;
+    const pct = lr.length ? (p / lr.length) * 100 : 0;
+    const label = { 1: 'Easy', 2: 'Medium', 3: 'Hard' }[level] || `L${level}`;
+    lines.push(`### Level ${level} — ${label} (${p}/${lr.length} = ${pct.toFixed(1)}%)`, '');
+    lines.push('| Benchmark | Tags | Result | Duration | Cost |');
+    lines.push('|-----------|------|--------|----------|------|');
+    for (const r of lr.sort((a, b) => a.config.dirName.localeCompare(b.config.dirName))) {
+      let status = r.passed ? '✅ PASS' : '❌ FAIL';
+      if (r.solverResult.error) status = '⚠️ ERROR';
+      lines.push(`| ${r.config.dirName} | ${r.config.tags.join(', ')} | ${status} | ${r.solverResult.durationS.toFixed(1)}s | $${r.solverResult.apiCostUsd.toFixed(4)} |`);
+    }
+    lines.push('');
+  }
+
+  return lines.join('\n');
+}

package/lib/benchmark/runner.js

@@ -0,0 +1,103 @@
+// Copyright (c) 2026 defconxt. All rights reserved.
+// Licensed under AGPL-3.0 — see LICENSE file for details.
+
+/**
+ * CIPHER Benchmark — Runner (orchestrates build → start → solve → score → report).
+ */
+
+import { BenchmarkBuilder } from './builder.js';
+import { HarnessConfig } from './config.js';
+import { SolverResult } from './models.js';
+import { aggregateResults, scoreResult } from './scorer.js';
+import { getSolver } from './solver.js';
+
+export function runSingleBenchmark(builder, solver, name, flag) {
+  const config = builder.getBenchmark(name);
+  flag = flag || builder.config.generateFlag(name);
+  let targetUrl = '';
+  try {
+    const result = builder.runBenchmark(name, flag);
+    targetUrl = result.targetUrl;
+    const solverResult = solver.solve(config, targetUrl, result.expectedFlag);
+    // Handle promise (autonomous) or sync (stub)
+    if (solverResult && typeof solverResult.then === 'function') {
+      return solverResult.then((sr) => scoreResult(config, sr, flag, targetUrl));
+    }
+    return scoreResult(config, solverResult, flag, targetUrl);
+  } catch (e) {
+    return scoreResult(config, new SolverResult({ error: String(e) }), flag, targetUrl);
+  } finally {
+    try { builder.stop(name); } catch { /* ignore */ }
+  }
+}
+
+export async function runBenchmarks({ builder, solver, benchmarkNames, runAll = false, levelFilter, tagFilter }) {
+  let allBenchmarks;
+  try {
+    allBenchmarks = builder.listBenchmarks();
+  } catch {
+    builder.clone();
+    allBenchmarks = builder.listBenchmarks(true);
+  }
+
+  let targets;
+  if (benchmarkNames?.length) {
+    const available = new Set(allBenchmarks.map((b) => b.dirName));
+    targets = benchmarkNames.filter((n) => available.has(n));
+  } else if (runAll) {
+    targets = allBenchmarks.map((b) => b.dirName);
+  } else {
+    throw new Error('Must specify benchmarkNames or runAll');
+  }
+
+  if (levelFilter != null || tagFilter) {
+    const byName = Object.fromEntries(allBenchmarks.map((b) => [b.dirName, b]));
+    targets = targets.filter((name) => {
+      const b = byName[name];
+      if (levelFilter != null && b.level !== levelFilter) return false;
+      if (tagFilter && !b.tags.includes(tagFilter)) return false;
+      return true;
+    });
+  }
+
+  const results = [];
+  for (const name of targets) {
+    const result = await runSingleBenchmark(builder, solver, name);
+    results.push(result);
+  }
+  return aggregateResults(results);
+}
+
+export function reportToDict(report) {
+  return {
+    summary: {
+      total: report.total,
+      passed: report.passed,
+      failed: report.failed,
+      skipped: report.skipped,
+      pass_rate: Math.round(report.passRate * 10) / 10,
+      duration_s: Math.round(report.durationS * 10) / 10,
+      total_cost_usd: Math.round(report.totalCostUsd * 10000) / 10000,
+      pass_rate_by_level: Object.fromEntries(
+        Object.entries(report.passRateByLevel()).map(([k, v]) => [k, Math.round(v * 10) / 10]),
+      ),
+    },
+    results: report.results.map((r) => ({
+      benchmark: r.config.dirName,
+      name: r.config.name,
+      level: r.config.level,
+      tags: r.config.tags,
+      passed: r.passed,
+      expected_flag: r.expectedFlag,
+      actual_flag: r.actualFlag,
+      target_url: r.targetUrl,
+      duration_s: Math.round(r.solverResult.durationS * 1000) / 1000,
+      tokens_in: r.solverResult.tokensIn,
+      tokens_out: r.solverResult.tokensOut,
+      api_cost_usd: r.solverResult.apiCostUsd,
+      tool_calls: r.solverResult.toolCalls,
+      steps: r.solverResult.steps,
+      error: r.solverResult.error,
+    })),
+  };
+}

package/lib/benchmark/sandbox.js

@@ -0,0 +1,96 @@
+// Copyright (c) 2026 defconxt. All rights reserved.
+// Licensed under AGPL-3.0 — see LICENSE file for details.
+
+/**
+ * CIPHER Benchmark — Docker sandbox for autonomous agent execution.
+ *
+ * Uses child_process to exec commands in a Docker container instead of
+ * dockerode, keeping the dependency footprint minimal.
+ */
+
+import { execSync, spawnSync } from 'node:child_process';
+import { randomBytes } from 'node:crypto';
+
+const DEFAULT_IMAGE = 'python:3.12-slim';
+const CONTAINER_PREFIX = 'cipher-sandbox';
+
+export class SandboxError extends Error {
+  constructor(msg) { super(msg); this.name = 'SandboxError'; }
+}
+
+export class SandboxContainer {
+  constructor({ image = DEFAULT_IMAGE, nameSuffix = '' } = {}) {
+    this._image = image;
+    this._containerId = null;
+    this._connectedNetworks = [];
+    this._nameSuffix = nameSuffix;
+    this._setupDone = false;
+  }
+
+  get containerId() { return this._containerId; }
+
+  create() {
+    const name = this._nameSuffix
+      ? `${CONTAINER_PREFIX}-${this._nameSuffix}`
+      : `${CONTAINER_PREFIX}-${randomBytes(4).toString('hex')}`;
+
+    const result = spawnSync('docker', [
+      'run', '-d', '--name', name,
+      '--memory=512m', '--cpus=0.5',
+      '--network=bridge',
+      this._image, 'sleep', 'infinity',
+    ], { timeout: 30000, stdio: 'pipe' });
+
+    if (result.status !== 0) {
+      throw new SandboxError(`Failed to create sandbox: ${(result.stderr || '').toString().slice(0, 300)}`);
+    }
+    this._containerId = (result.stdout || '').toString().trim().slice(0, 12);
+    this._installBaseTools();
+  }
+
+  _installBaseTools() {
+    if (this._setupDone) return;
+    this.execTool('apt-get update -qq && apt-get install -y -qq curl nmap > /dev/null 2>&1', 120);
+    this._setupDone = true;
+  }
+
+  execTool(command, timeout = 60) {
+    if (!this._containerId) throw new SandboxError('Container not created. Call create() first.');
+    const result = spawnSync('docker', ['exec', this._containerId, '/bin/sh', '-c', command], {
+      timeout: timeout * 1000,
+      stdio: 'pipe',
+      maxBuffer: 10 * 1024 * 1024,
+    });
+    return {
+      exitCode: result.status ?? -1,
+      stdout: (result.stdout || '').toString(),
+      stderr: (result.stderr || '').toString(),
+    };
+  }
+
+  connectNetwork(networkName) {
+    if (!this._containerId) throw new SandboxError('Container not created.');
+    const result = spawnSync('docker', ['network', 'connect', networkName, this._containerId], { timeout: 10000, stdio: 'pipe' });
+    if (result.status !== 0) {
+      throw new SandboxError(`Failed to connect to network ${networkName}: ${(result.stderr || '').toString().slice(0, 200)}`);
+    }
+    this._connectedNetworks.push(networkName);
+  }
+
+  getInternalUrl(serviceName, port = 80) {
+    const protocol = [443, 8443].includes(port) ? 'https' : 'http';
+    return `${protocol}://${serviceName}:${port}`;
+  }
+
+  cleanup() {
+    if (!this._containerId) return;
+    for (const net of this._connectedNetworks) {
+      try { spawnSync('docker', ['network', 'disconnect', '-f', net, this._containerId], { timeout: 5000, stdio: 'pipe' }); }
+      catch { /* ignore */ }
+    }
+    this._connectedNetworks = [];
+    try { spawnSync('docker', ['rm', '-f', this._containerId], { timeout: 10000, stdio: 'pipe' }); }
+    catch { /* ignore */ }
+    this._containerId = null;
+  }
+}

package/lib/benchmark/scorer.js

@@ -0,0 +1,32 @@
+// Copyright (c) 2026 defconxt. All rights reserved.
+// Licensed under AGPL-3.0 — see LICENSE file for details.
+
+/**
+ * CIPHER Benchmark — Scoring logic.
+ */
+
+import { BenchmarkResult, RunReport } from './models.js';
+
+export function scoreFlag(expected, actual) {
+  if (!expected || !actual) return false;
+  return expected.trim().toLowerCase() === actual.trim().toLowerCase();
+}
+
+export function scoreResult(config, solverResult, expectedFlag, targetUrl = '') {
+  const passed = solverResult.flagFound && solverResult.flagValue
+    ? scoreFlag(expectedFlag, solverResult.flagValue)
+    : false;
+  return new BenchmarkResult({ config, solverResult, passed, expectedFlag, actualFlag: solverResult.flagValue, targetUrl });
+}
+
+export function aggregateResults(results) {
+  return new RunReport({
+    total: results.length,
+    passed: results.filter((r) => r.passed).length,
+    failed: results.filter((r) => !r.passed && !r.solverResult.error).length,
+    skipped: results.filter((r) => r.solverResult.error != null).length,
+    durationS: results.reduce((s, r) => s + r.solverResult.durationS, 0),
+    totalCostUsd: results.reduce((s, r) => s + r.solverResult.apiCostUsd, 0),
+    results,
+  });
+}

package/lib/benchmark/solver.js

@@ -0,0 +1,166 @@
+// Copyright (c) 2026 defconxt. All rights reserved.
+// Licensed under AGPL-3.0 — see LICENSE file for details.
+
+/**
+ * CIPHER Benchmark — Solver adapters.
+ */
+
+import { SolverResult } from './models.js';
+
+/** Abstract solver base. Subclasses must implement name and solve(). */
+export class SolverAdapter {
+  get name() { throw new Error('not implemented'); }
+  solve(config, targetUrl, expectedFlag) { throw new Error('not implemented'); }
+}
+
+/** Testing solver — returns the expected flag immediately. */
+export class StubSolver extends SolverAdapter {
+  get name() { return 'stub'; }
+  solve(config, targetUrl, expectedFlag) {
+    const start = performance.now();
+    return new SolverResult({
+      flagFound: true,
+      flagValue: expectedFlag,
+      durationS: (performance.now() - start) / 1000,
+      steps: ['stub: returned injected flag'],
+    });
+  }
+}
+
+/** Interactive solver — prompts for the flag. */
+export class ManualSolver extends SolverAdapter {
+  get name() { return 'manual'; }
+  solve(config, targetUrl, expectedFlag) {
+    const { createInterface } = require('node:readline');
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    return new Promise((resolve) => {
+      console.log(`\n${'='.repeat(60)}`);
+      console.log(`  Challenge: ${config.name}`);
+      console.log(`  Level: ${config.level}`);
+      console.log(`  Tags: ${config.tags.join(', ')}`);
+      console.log(`  Description: ${config.description}`);
+      console.log(`  Target: ${targetUrl}`);
+      console.log(`${'='.repeat(60)}\n`);
+      const start = performance.now();
+      rl.question('Enter the flag (or "skip"): ', (answer) => {
+        rl.close();
+        const duration = (performance.now() - start) / 1000;
+        if (!answer || answer.toLowerCase() === 'skip') {
+          resolve(new SolverResult({ durationS: duration, steps: ['manual: skipped'] }));
+        } else {
+          resolve(new SolverResult({ flagFound: true, flagValue: answer.trim(), durationS: duration, steps: ['manual: user provided flag'] }));
+        }
+      });
+    });
+  }
+}
+
+/** AI-powered solver using SecurityAgent in a Docker sandbox. */
+export class AutonomousSolver extends SolverAdapter {
+  constructor({ backend, maxTurns = 30 } = {}) {
+    super();
+    this._backend = backend;
+    this._maxTurns = maxTurns;
+    this._supervisedHook = null;
+  }
+  get name() { return 'autonomous'; }
+  async solve(config, targetUrl, expectedFlag) {
+    const { SecurityAgent } = await import('./agent.js');
+    const { makeAgentClient } = await import('./llm.js');
+    const { SandboxContainer } = await import('./sandbox.js');
+    const { readFileSync } = await import('node:fs');
+    const yaml = await import('yaml');
+
+    const start = performance.now();
+    const composePath = `${config.path}/docker-compose.yml`;
+    const data = yaml.parse(readFileSync(composePath, 'utf8'));
+    const services = data.services || {};
+    let serviceName = Object.keys(services)[0] || 'web';
+    let internalPort = 80;
+    for (const [name, svc] of Object.entries(services)) {
+      if (svc.ports?.length) {
+        serviceName = name;
+        const portSpec = String(svc.ports[0]);
+        internalPort = parseInt(portSpec.split(':').pop(), 10);
+        break;
+      }
+    }
+    const networkName = `cipher-bench-${config.dirName}_default`.toLowerCase();
+    const { client, model } = await makeAgentClient({ backendOverride: this._backend });
+    const sandbox = new SandboxContainer({ nameSuffix: config.dirName.toLowerCase() });
+    try {
+      sandbox.create();
+      sandbox.connectNetwork(networkName);
+      const internalUrl = sandbox.getInternalUrl(serviceName, internalPort);
+      const agent = new SecurityAgent({ client, model, sandbox, maxTurns: this._maxTurns, preToolHook: this._supervisedHook });
+      const result = await agent.run({ targetUrl: internalUrl, challengeDescription: config.description });
+      return new SolverResult({
+        flagFound: result.flagFound, flagValue: result.flagValue,
+        durationS: (performance.now() - start) / 1000,
+        tokensIn: result.tokensIn, tokensOut: result.tokensOut,
+        toolCalls: result.toolCalls, steps: result.steps, error: result.error,
+      });
+    } catch (e) {
+      return new SolverResult({ durationS: (performance.now() - start) / 1000, error: String(e), steps: [`[error] ${e}`] });
+    } finally {
+      sandbox.cleanup();
+    }
+  }
+}
+
+/** Multi-agent solver using phased coordinator. */
+export class MultiAgentSolver extends SolverAdapter {
+  constructor({ backend, reconTurns = 10, exploitTurns = 25 } = {}) {
+    super();
+    this._backend = backend;
+    this._reconTurns = reconTurns;
+    this._exploitTurns = exploitTurns;
+    this._supervisedHook = null;
+  }
+  get name() { return 'autonomous-multi'; }
+  async solve(config, targetUrl, expectedFlag) {
+    const { Coordinator } = await import('./coordinator.js');
+    const { makeAgentClient } = await import('./llm.js');
+    const { SandboxContainer } = await import('./sandbox.js');
+    const { readFileSync } = await import('node:fs');
+    const yaml = await import('yaml');
+
+    const start = performance.now();
+    const composePath = `${config.path}/docker-compose.yml`;
+    const data = yaml.parse(readFileSync(composePath, 'utf8'));
+    const services = data.services || {};
+    let serviceName = Object.keys(services)[0] || 'web';
+    let internalPort = 80;
+    for (const [name, svc] of Object.entries(services)) {
+      if (svc.ports?.length) { serviceName = name; internalPort = parseInt(String(svc.ports[0]).split(':').pop(), 10); break; }
+    }
+    const networkName = `cipher-bench-${config.dirName}_default`.toLowerCase();
+    const { client, model } = await makeAgentClient({ backendOverride: this._backend });
+    const sandbox = new SandboxContainer({ nameSuffix: config.dirName.toLowerCase() });
+    try {
+      sandbox.create();
+      sandbox.connectNetwork(networkName);
+      const internalUrl = sandbox.getInternalUrl(serviceName, internalPort);
+      const coordinator = new Coordinator({ client, model, sandbox, reconTurns: this._reconTurns, exploitTurns: this._exploitTurns, preToolHook: this._supervisedHook });
+      const result = await coordinator.solve({ targetUrl: internalUrl, challengeDescription: config.description });
+      return new SolverResult({
+        flagFound: result.flagFound, flagValue: result.flagValue,
+        durationS: (performance.now() - start) / 1000,
+        tokensIn: result.tokensIn, tokensOut: result.tokensOut,
+        toolCalls: result.toolCalls, steps: result.steps, error: result.error,
+      });
+    } catch (e) {
+      return new SolverResult({ durationS: (performance.now() - start) / 1000, error: String(e), steps: [`[error] ${e}`] });
+    } finally {
+      sandbox.cleanup();
+    }
+  }
+}
+
+export const SOLVERS = { stub: StubSolver, manual: ManualSolver, autonomous: AutonomousSolver, 'autonomous-multi': MultiAgentSolver };
+
+export function getSolver(name, opts = {}) {
+  const Cls = SOLVERS[name];
+  if (!Cls) throw new Error(`Unknown solver: ${name}. Available: ${Object.keys(SOLVERS).join(', ')}`);
+  return new Cls(opts);
+}

package/lib/benchmark/tools.js

@@ -0,0 +1,62 @@
+// Copyright (c) 2026 defconxt. All rights reserved.
+// Licensed under AGPL-3.0 — see LICENSE file for details.
+
+/**
+ * CIPHER Benchmark — Tool definitions for the security agent.
+ */
+
+const MAX_OUTPUT_CHARS = 4000;
+
+export const SANDBOX_EXEC_SCHEMA = {
+  name: 'sandbox_exec',
+  description: 'Execute a shell command in the security sandbox. Returns stdout, stderr, and exit code.',
+  input_schema: {
+    type: 'object',
+    properties: {
+      command: { type: 'string', description: 'Shell command to execute' },
+      timeout: { type: 'integer', description: 'Timeout in seconds (default 60)', default: 60 },
+    },
+    required: ['command'],
+  },
+};
+
+export const SUBMIT_FLAG_SCHEMA = {
+  name: 'submit_flag',
+  description: 'Submit a captured flag. Call this when you have found the flag.',
+  input_schema: {
+    type: 'object',
+    properties: {
+      flag: { type: 'string', description: 'The captured flag value' },
+    },
+    required: ['flag'],
+  },
+};
+
+export const AGENT_TOOLS = [SANDBOX_EXEC_SCHEMA, SUBMIT_FLAG_SCHEMA];
+
+/**
+ * Dispatch a tool call within the sandbox.
+ * @param {string} toolName
+ * @param {object} toolInput
+ * @param {import('./sandbox.js').SandboxContainer} sandbox
+ * @returns {{ output: string, flagSubmitted?: string }}
+ */
+export function dispatchTool(toolName, toolInput, sandbox) {
+  if (toolName === 'sandbox_exec') {
+    const { command, timeout = 60 } = toolInput;
+    const result = sandbox.execTool(command, timeout);
+    let output = `Exit code: ${result.exitCode}\n`;
+    if (result.stdout) output += `STDOUT:\n${result.stdout.slice(0, MAX_OUTPUT_CHARS)}\n`;
+    if (result.stderr) output += `STDERR:\n${result.stderr.slice(0, MAX_OUTPUT_CHARS)}\n`;
+    if (result.stdout.length > MAX_OUTPUT_CHARS || result.stderr.length > MAX_OUTPUT_CHARS) {
+      output += '[output truncated]\n';
+    }
+    return { output };
+  }
+
+  if (toolName === 'submit_flag') {
+    return { output: `Flag submitted: ${toolInput.flag}`, flagSubmitted: toolInput.flag };
+  }
+
+  return { output: `Unknown tool: ${toolName}` };
+}