hyperclaw 5.4.0 → 5.4.1

package/dist/backup-CspxXk78.js

@@ -0,0 +1,86 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_paths = require('./paths-AIyBxIzm.js');
+const require_paths$1 = require('./paths-DPovhojT.js');
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+const crypto = require_chunk.__toESM(require("crypto"));
+
+//#region src/commands/backup.ts
+require_paths$1.init_paths();
+const BACKUP_FILES = [
+	"hyperclaw.json",
+	"AGENTS.md",
+	"MEMORY.md",
+	"SOUL.md",
+	"USER.md",
+	"TOOLS.md"
+];
+const MANIFEST = "manifest.json";
+async function createBackup(outputDir) {
+	const hcDir = require_paths.getHyperClawDir();
+	const dest = outputDir || path.default.join(hcDir, "backups");
+	await fs_extra.default.ensureDir(dest);
+	const ts = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-").slice(0, 19);
+	const backupDir = path.default.join(dest, `hyperclaw-backup-${ts}`);
+	await fs_extra.default.ensureDir(backupDir);
+	const manifest = {
+		version: "1.0",
+		createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+		files: {}
+	};
+	for (const f of BACKUP_FILES) {
+		const src = path.default.join(hcDir, f);
+		if (await fs_extra.default.pathExists(src)) {
+			const content = await fs_extra.default.readFile(src);
+			const sha256 = crypto.default.createHash("sha256").update(content).digest("hex");
+			const destPath = path.default.join(backupDir, f);
+			await fs_extra.default.writeFile(destPath, content);
+			manifest.files[f] = {
+				path: f,
+				size: content.length,
+				sha256
+			};
+		}
+	}
+	await fs_extra.default.writeJson(path.default.join(backupDir, MANIFEST), manifest, { spaces: 2 });
+	return backupDir;
+}
+async function verifyBackup(backupDir) {
+	const errors = [];
+	const manifestPath = path.default.join(backupDir, MANIFEST);
+	if (!await fs_extra.default.pathExists(manifestPath)) return {
+		ok: false,
+		errors: ["manifest.json not found"]
+	};
+	const manifest = await fs_extra.default.readJson(manifestPath);
+	for (const [name, meta] of Object.entries(manifest.files)) {
+		const fpath = path.default.join(backupDir, name);
+		if (!await fs_extra.default.pathExists(fpath)) {
+			errors.push(`${name}: missing`);
+			continue;
+		}
+		const content = await fs_extra.default.readFile(fpath);
+		const sha256 = crypto.default.createHash("sha256").update(content).digest("hex");
+		if (sha256 !== meta.sha256) errors.push(`${name}: checksum mismatch`);
+	}
+	return {
+		ok: errors.length === 0,
+		errors
+	};
+}
+async function restoreBackup(backupDir) {
+	const { ok, errors } = await verifyBackup(backupDir);
+	if (!ok) throw new Error("Backup verification failed: " + errors.join(", "));
+	const hcDir = require_paths.getHyperClawDir();
+	const manifest = await fs_extra.default.readJson(path.default.join(backupDir, MANIFEST));
+	for (const name of Object.keys(manifest.files)) {
+		const src = path.default.join(backupDir, name);
+		const dest = path.default.join(hcDir, name);
+		await fs_extra.default.copy(src, dest, { overwrite: true });
+	}
+}
+
+//#endregion
+exports.createBackup = createBackup;
+exports.restoreBackup = restoreBackup;
+exports.verifyBackup = verifyBackup;

package/dist/backup-D8dFYDXV.js

@@ -0,0 +1,86 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_paths = require('./paths-AIyBxIzm.js');
+const require_paths$1 = require('./paths-DPovhojT.js');
+const fs_extra = require_chunk.__toESM(require("fs-extra"));
+const path = require_chunk.__toESM(require("path"));
+const crypto = require_chunk.__toESM(require("crypto"));
+
+//#region src/commands/backup.ts
+require_paths$1.init_paths();
+const BACKUP_FILES = [
+	"hyperclaw.json",
+	"AGENTS.md",
+	"MEMORY.md",
+	"SOUL.md",
+	"USER.md",
+	"TOOLS.md"
+];
+const MANIFEST = "manifest.json";
+async function createBackup(outputDir) {
+	const hcDir = require_paths.getHyperClawDir();
+	const dest = outputDir || path.default.join(hcDir, "backups");
+	await fs_extra.default.ensureDir(dest);
+	const ts = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-").slice(0, 19);
+	const backupDir = path.default.join(dest, `hyperclaw-backup-${ts}`);
+	await fs_extra.default.ensureDir(backupDir);
+	const manifest = {
+		version: "1.0",
+		createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+		files: {}
+	};
+	for (const f of BACKUP_FILES) {
+		const src = path.default.join(hcDir, f);
+		if (await fs_extra.default.pathExists(src)) {
+			const content = await fs_extra.default.readFile(src);
+			const sha256 = crypto.default.createHash("sha256").update(content).digest("hex");
+			const destPath = path.default.join(backupDir, f);
+			await fs_extra.default.writeFile(destPath, content);
+			manifest.files[f] = {
+				path: f,
+				size: content.length,
+				sha256
+			};
+		}
+	}
+	await fs_extra.default.writeJson(path.default.join(backupDir, MANIFEST), manifest, { spaces: 2 });
+	return backupDir;
+}
+async function verifyBackup(backupDir) {
+	const errors = [];
+	const manifestPath = path.default.join(backupDir, MANIFEST);
+	if (!await fs_extra.default.pathExists(manifestPath)) return {
+		ok: false,
+		errors: ["manifest.json not found"]
+	};
+	const manifest = await fs_extra.default.readJson(manifestPath);
+	for (const [name, meta] of Object.entries(manifest.files)) {
+		const fpath = path.default.join(backupDir, name);
+		if (!await fs_extra.default.pathExists(fpath)) {
+			errors.push(`${name}: missing`);
+			continue;
+		}
+		const content = await fs_extra.default.readFile(fpath);
+		const sha256 = crypto.default.createHash("sha256").update(content).digest("hex");
+		if (sha256 !== meta.sha256) errors.push(`${name}: checksum mismatch`);
+	}
+	return {
+		ok: errors.length === 0,
+		errors
+	};
+}
+async function restoreBackup(backupDir) {
+	const { ok, errors } = await verifyBackup(backupDir);
+	if (!ok) throw new Error("Backup verification failed: " + errors.join(", "));
+	const hcDir = require_paths.getHyperClawDir();
+	const manifest = await fs_extra.default.readJson(path.default.join(backupDir, MANIFEST));
+	for (const name of Object.keys(manifest.files)) {
+		const src = path.default.join(backupDir, name);
+		const dest = path.default.join(hcDir, name);
+		await fs_extra.default.copy(src, dest, { overwrite: true });
+	}
+}
+
+//#endregion
+exports.createBackup = createBackup;
+exports.restoreBackup = restoreBackup;
+exports.verifyBackup = verifyBackup;

package/dist/banner-CZ2BfvQq.js

@@ -0,0 +1,143 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_theme = require('./theme-CLXvI6Hr.js');
+const chalk = require_chunk.__toESM(require("chalk"));
+const boxen = require_chunk.__toESM(require("boxen"));
+const gradient_string = require_chunk.__toESM(require("gradient-string"));
+const figlet = require_chunk.__toESM(require("figlet"));
+
+//#region src/terminal/banner.ts
+require_theme.init_theme();
+var Banner = class {
+	async showNeonBanner(daemonMode = false) {
+		console.clear();
+		const t = require_theme.getTheme(daemonMode);
+		const icon = daemonMode ? "🩸" : "🦅";
+		try {
+			const title = figlet.default.textSync("HYPERCLAW", { font: "ANSI Shadow" });
+			const g = (0, gradient_string.default)(daemonMode ? t.daemonGradient : t.gradient);
+			const lines = title.split("\n");
+			const first = lines[0] ?? "";
+			console.log(`\n  ${icon} ` + g(first));
+			for (let i = 1; i < lines.length; i++) console.log(g("     " + (lines[i] ?? "")));
+		} catch {
+			console.log(chalk.default.bold.red(`\n  ${icon} HYPERCLAW\n`));
+		}
+		const subtitle = daemonMode ? chalk.default.hex(t.daemonPrimary)("    🩸 DAEMON MODE - ALWAYS WATCHING 🩸\n") : t.muted("    🦅 HyperClaw Bot - AI Gateway v5.4.1 🦅\n");
+		console.log(subtitle);
+		const boxOpts = {
+			padding: 1,
+			margin: {
+				top: 1,
+				bottom: 1
+			},
+			borderStyle: "round",
+			borderColor: daemonMode ? t.daemonBorderColor : t.borderColor
+		};
+		if (t.boxBg) boxOpts.backgroundColor = t.boxBg;
+		const { ConfigManager } = await Promise.resolve().then(() => require("./manager-Bq5LApdR.js"));
+		const { GatewayManager } = await Promise.resolve().then(() => require("./gateway-DroPtqyM.js"));
+		const cfg = await new ConfigManager().load().catch(() => null);
+		const port = cfg?.gateway?.port ?? 18789;
+		const gm = new GatewayManager();
+		const running = await gm.isRunning(port);
+		const chList = cfg?.gateway?.enabledChannels ?? cfg?.channels ?? [];
+		const chCount = Array.isArray(chList) ? chList.length : 0;
+		const providerCount = cfg?.providers?.length ?? (cfg?.provider ? 1 : 0);
+		const box = (0, boxen.default)(`${t.a("●")} Gateway: ${running ? t.success("✓ Running") : t.error("✗ Stopped")}  ${t.a("●")} Providers: ${providerCount}  ${t.a("●")} Channels: ${chCount}  ` + (daemonMode ? `${t.d("🩸")} DAEMON` : `${t.a("🦅")} HYPERCLAW`), boxOpts);
+		console.log(box);
+		console.log(t.muted("  One assistant. All your channels. 🦅\n"));
+		const { maybeShowUpdateNotice } = await Promise.resolve().then(() => require("./update-check-B-wd-tpa.js"));
+		maybeShowUpdateNotice(daemonMode);
+	}
+	async showMiniBanner() {
+		await this.showNeonBanner(false);
+	}
+	async showWizardBanner() {
+		console.clear();
+		const t = require_theme.getTheme(false);
+		const g = (0, gradient_string.default)(t.gradient);
+		try {
+			const title = figlet.default.textSync("HYPERCLAW", { font: "ANSI Shadow" });
+			const lines = title.split("\n");
+			const first = lines[0] ?? "";
+			console.log("\n  🦅 " + g(first));
+			for (let i = 1; i < lines.length; i++) console.log(g("     " + (lines[i] ?? "")));
+		} catch {
+			console.log(t.bold("\n  🦅 HYPERCLAW\n"));
+		}
+		console.log(t.muted("    🦅 HyperClaw Bot - AI Gateway - SETUP WIZARD v5.3.45 🦅\n"));
+		const boxOpts = {
+			padding: 1,
+			margin: { bottom: 1 },
+			borderStyle: "round",
+			borderColor: t.borderColor
+		};
+		if (t.boxBg) boxOpts.backgroundColor = t.boxBg;
+		const box = (0, boxen.default)(t.a("⚡") + " Provider - Channels - Gateway - Identity", boxOpts);
+		console.log(box);
+	}
+	async showOsintBanner(daemonMode, profile, model, sessionId) {
+		console.clear();
+		const t = require_theme.getTheme(daemonMode);
+		const g = (0, gradient_string.default)(daemonMode ? t.daemonGradient : t.gradient);
+		const icon = daemonMode ? "🩸" : "🔍";
+		try {
+			const title = figlet.default.textSync("HYPERCLAW", { font: "ANSI Shadow" });
+			const lines = title.split("\n");
+			const first = lines[0] ?? "";
+			console.log(`\n  ${icon} ` + g(first));
+			for (let i = 1; i < lines.length; i++) console.log(g("     " + (lines[i] ?? "")));
+		} catch {
+			console.log(chalk.default.bold.red(`\n  ${icon} HYPERCLAW\n`));
+		}
+		const subtitle = daemonMode ? chalk.default.hex(t.daemonPrimary)("    🩸 HYPERCLAW OSINT · DAEMON MODE 🩸\n") : chalk.default.red("    🔍 HYPERCLAW OSINT MODE\n");
+		console.log(subtitle);
+		const modeColors = {
+			recon: "#06b6d4",
+			bugbounty: "#eab308",
+			pentest: "#dc2626",
+			footprint: "#a855f7",
+			custom: "#ffffff"
+		};
+		const modeColor = modeColors[profile.mode] ?? "#ffffff";
+		const boxContent = `${t.a("●")} Workflow: ${chalk.default.hex(modeColor)(profile.mode.toUpperCase())}  ${t.a("●")} Model: ${model}  ${t.a("●")} Session: ${sessionId}` + (profile.target ? `\n  ${t.a("🎯")} Target: ${profile.target} ${profile.targetType ? `(${profile.targetType})` : ""}` : "") + (profile.notes ? `\n  ${t.a("📝")} ${profile.notes}` : "") + (daemonMode ? `\n  ${chalk.default.hex(t.daemonPrimary)("🩸")} Daemon connected — full shell/tool access` : "\n  ⚡ Standalone — start daemon for full access");
+		const boxOpts = {
+			padding: 1,
+			margin: {
+				top: 1,
+				bottom: 1
+			},
+			borderStyle: "round",
+			borderColor: daemonMode ? t.daemonBorderColor : "red"
+		};
+		if (t.boxBg) boxOpts.backgroundColor = t.boxBg;
+		const box = (0, boxen.default)(boxContent, boxOpts);
+		console.log(box);
+		console.log(chalk.default.yellow("  ⚠️  Authorized security research only. Stay within scope."));
+		console.log(t.muted("  Commands: /exit  /clear  /findings  /target <value>  /mode  /help\n"));
+	}
+	async showStatus() {
+		const t = require_theme.getTheme(false);
+		const { ConfigManager } = await Promise.resolve().then(() => require("./manager-Bq5LApdR.js"));
+		const { GatewayManager } = await Promise.resolve().then(() => require("./gateway-DroPtqyM.js"));
+		const cfg = await new ConfigManager().load();
+		const gm = new GatewayManager();
+		const port = cfg?.gateway?.port ?? 18789;
+		const running = await gm.isRunning(port);
+		const chList = cfg?.gateway?.enabledChannels ?? cfg?.channels ?? [];
+		const chCount = Array.isArray(chList) ? chList.length : 0;
+		console.log(t.bold("\n  HyperClaw Status\n"));
+		console.log(`  Gateway: ${running ? t.success("✓ Running") : t.error("✗ Stopped")}  port ${port}`);
+		console.log(`  Provider: ${t.c(cfg?.provider?.providerId ?? "none")}`);
+		console.log(`  Channels: ${t.c(String(chCount))}`);
+		console.log();
+	}
+};
+
+//#endregion
+Object.defineProperty(exports, 'Banner', {
+  enumerable: true,
+  get: function () {
+    return Banner;
+  }
+});

package/dist/banner-CjTRWmks.js

@@ -0,0 +1,7 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+require('./paths-AIyBxIzm.js');
+require('./paths-DPovhojT.js');
+require('./theme-CLXvI6Hr.js');
+const require_banner = require('./banner-CZ2BfvQq.js');
+
+exports.Banner = require_banner.Banner;

package/dist/banner-Dpygks0H.js

@@ -0,0 +1,143 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_theme = require('./theme-CLXvI6Hr.js');
+const chalk = require_chunk.__toESM(require("chalk"));
+const boxen = require_chunk.__toESM(require("boxen"));
+const gradient_string = require_chunk.__toESM(require("gradient-string"));
+const figlet = require_chunk.__toESM(require("figlet"));
+
+//#region src/terminal/banner.ts
+require_theme.init_theme();
+var Banner = class {
+	async showNeonBanner(daemonMode = false) {
+		console.clear();
+		const t = require_theme.getTheme(daemonMode);
+		const icon = daemonMode ? "🩸" : "🦅";
+		try {
+			const title = figlet.default.textSync("HYPERCLAW", { font: "ANSI Shadow" });
+			const g = (0, gradient_string.default)(daemonMode ? t.daemonGradient : t.gradient);
+			const lines = title.split("\n");
+			const first = lines[0] ?? "";
+			console.log(`\n  ${icon} ` + g(first));
+			for (let i = 1; i < lines.length; i++) console.log(g("     " + (lines[i] ?? "")));
+		} catch {
+			console.log(chalk.default.bold.red(`\n  ${icon} HYPERCLAW\n`));
+		}
+		const subtitle = daemonMode ? chalk.default.hex(t.daemonPrimary)("    🩸 DAEMON MODE - ALWAYS WATCHING 🩸\n") : t.muted("    🦅 HyperClaw Bot - AI Gateway v5.4.0 🦅\n");
+		console.log(subtitle);
+		const boxOpts = {
+			padding: 1,
+			margin: {
+				top: 1,
+				bottom: 1
+			},
+			borderStyle: "round",
+			borderColor: daemonMode ? t.daemonBorderColor : t.borderColor
+		};
+		if (t.boxBg) boxOpts.backgroundColor = t.boxBg;
+		const { ConfigManager } = await Promise.resolve().then(() => require("./manager-Bq5LApdR.js"));
+		const { GatewayManager } = await Promise.resolve().then(() => require("./gateway-DroPtqyM.js"));
+		const cfg = await new ConfigManager().load().catch(() => null);
+		const port = cfg?.gateway?.port ?? 18789;
+		const gm = new GatewayManager();
+		const running = await gm.isRunning(port);
+		const chList = cfg?.gateway?.enabledChannels ?? cfg?.channels ?? [];
+		const chCount = Array.isArray(chList) ? chList.length : 0;
+		const providerCount = cfg?.providers?.length ?? (cfg?.provider ? 1 : 0);
+		const box = (0, boxen.default)(`${t.a("●")} Gateway: ${running ? t.success("✓ Running") : t.error("✗ Stopped")}  ${t.a("●")} Providers: ${providerCount}  ${t.a("●")} Channels: ${chCount}  ` + (daemonMode ? `${t.d("🩸")} DAEMON` : `${t.a("🦅")} HYPERCLAW`), boxOpts);
+		console.log(box);
+		console.log(t.muted("  One assistant. All your channels. 🦅\n"));
+		const { maybeShowUpdateNotice } = await Promise.resolve().then(() => require("./update-check-B-wd-tpa.js"));
+		maybeShowUpdateNotice(daemonMode);
+	}
+	async showMiniBanner() {
+		await this.showNeonBanner(false);
+	}
+	async showWizardBanner() {
+		console.clear();
+		const t = require_theme.getTheme(false);
+		const g = (0, gradient_string.default)(t.gradient);
+		try {
+			const title = figlet.default.textSync("HYPERCLAW", { font: "ANSI Shadow" });
+			const lines = title.split("\n");
+			const first = lines[0] ?? "";
+			console.log("\n  🦅 " + g(first));
+			for (let i = 1; i < lines.length; i++) console.log(g("     " + (lines[i] ?? "")));
+		} catch {
+			console.log(t.bold("\n  🦅 HYPERCLAW\n"));
+		}
+		console.log(t.muted("    🦅 HyperClaw Bot - AI Gateway - SETUP WIZARD v5.3.45 🦅\n"));
+		const boxOpts = {
+			padding: 1,
+			margin: { bottom: 1 },
+			borderStyle: "round",
+			borderColor: t.borderColor
+		};
+		if (t.boxBg) boxOpts.backgroundColor = t.boxBg;
+		const box = (0, boxen.default)(t.a("⚡") + " Provider - Channels - Gateway - Identity", boxOpts);
+		console.log(box);
+	}
+	async showOsintBanner(daemonMode, profile, model, sessionId) {
+		console.clear();
+		const t = require_theme.getTheme(daemonMode);
+		const g = (0, gradient_string.default)(daemonMode ? t.daemonGradient : t.gradient);
+		const icon = daemonMode ? "🩸" : "🔍";
+		try {
+			const title = figlet.default.textSync("HYPERCLAW", { font: "ANSI Shadow" });
+			const lines = title.split("\n");
+			const first = lines[0] ?? "";
+			console.log(`\n  ${icon} ` + g(first));
+			for (let i = 1; i < lines.length; i++) console.log(g("     " + (lines[i] ?? "")));
+		} catch {
+			console.log(chalk.default.bold.red(`\n  ${icon} HYPERCLAW\n`));
+		}
+		const subtitle = daemonMode ? chalk.default.hex(t.daemonPrimary)("    🩸 HYPERCLAW OSINT · DAEMON MODE 🩸\n") : chalk.default.red("    🔍 HYPERCLAW OSINT MODE\n");
+		console.log(subtitle);
+		const modeColors = {
+			recon: "#06b6d4",
+			bugbounty: "#eab308",
+			pentest: "#dc2626",
+			footprint: "#a855f7",
+			custom: "#ffffff"
+		};
+		const modeColor = modeColors[profile.mode] ?? "#ffffff";
+		const boxContent = `${t.a("●")} Workflow: ${chalk.default.hex(modeColor)(profile.mode.toUpperCase())}  ${t.a("●")} Model: ${model}  ${t.a("●")} Session: ${sessionId}` + (profile.target ? `\n  ${t.a("🎯")} Target: ${profile.target} ${profile.targetType ? `(${profile.targetType})` : ""}` : "") + (profile.notes ? `\n  ${t.a("📝")} ${profile.notes}` : "") + (daemonMode ? `\n  ${chalk.default.hex(t.daemonPrimary)("🩸")} Daemon connected — full shell/tool access` : "\n  ⚡ Standalone — start daemon for full access");
+		const boxOpts = {
+			padding: 1,
+			margin: {
+				top: 1,
+				bottom: 1
+			},
+			borderStyle: "round",
+			borderColor: daemonMode ? t.daemonBorderColor : "red"
+		};
+		if (t.boxBg) boxOpts.backgroundColor = t.boxBg;
+		const box = (0, boxen.default)(boxContent, boxOpts);
+		console.log(box);
+		console.log(chalk.default.yellow("  ⚠️  Authorized security research only. Stay within scope."));
+		console.log(t.muted("  Commands: /exit  /clear  /findings  /target <value>  /mode  /help\n"));
+	}
+	async showStatus() {
+		const t = require_theme.getTheme(false);
+		const { ConfigManager } = await Promise.resolve().then(() => require("./manager-Bq5LApdR.js"));
+		const { GatewayManager } = await Promise.resolve().then(() => require("./gateway-DroPtqyM.js"));
+		const cfg = await new ConfigManager().load();
+		const gm = new GatewayManager();
+		const port = cfg?.gateway?.port ?? 18789;
+		const running = await gm.isRunning(port);
+		const chList = cfg?.gateway?.enabledChannels ?? cfg?.channels ?? [];
+		const chCount = Array.isArray(chList) ? chList.length : 0;
+		console.log(t.bold("\n  HyperClaw Status\n"));
+		console.log(`  Gateway: ${running ? t.success("✓ Running") : t.error("✗ Stopped")}  port ${port}`);
+		console.log(`  Provider: ${t.c(cfg?.provider?.providerId ?? "none")}`);
+		console.log(`  Channels: ${t.c(String(chCount))}`);
+		console.log();
+	}
+};
+
+//#endregion
+Object.defineProperty(exports, 'Banner', {
+  enumerable: true,
+  get: function () {
+    return Banner;
+  }
+});

package/dist/banner-ZX1WLr44.js

@@ -0,0 +1,7 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+require('./paths-AIyBxIzm.js');
+require('./paths-DPovhojT.js');
+require('./theme-CLXvI6Hr.js');
+const require_banner = require('./banner-Dpygks0H.js');
+
+exports.Banner = require_banner.Banner;

package/dist/bounty-tools-Cq-oC9gk.js

@@ -0,0 +1,211 @@
+const require_chunk = require('./chunk-jS-bbMI5.js');
+const require_env_resolve = require('./env-resolve-Buos635Y.js');
+const https = require_chunk.__toESM(require("https"));
+
+//#region packages/core/src/agent/bounty-tools.ts
+function fetchJson(url, auth) {
+	return new Promise((resolve, reject) => {
+		const u = new URL(url);
+		const opts = {
+			hostname: u.hostname,
+			port: 443,
+			path: u.pathname + u.search,
+			method: "GET",
+			headers: { "Accept": "application/json" }
+		};
+		if (auth) {
+			const h = opts.headers;
+			if (auth.startsWith("Basic ") || auth.startsWith("Token ") || auth.startsWith("Bearer ")) h["Authorization"] = auth;
+			else h["Authorization"] = `Basic ${Buffer.from(auth).toString("base64")}`;
+		}
+		https.default.get(opts, (res) => {
+			let data = "";
+			res.on("data", (c) => data += c);
+			res.on("end", () => {
+				try {
+					resolve(JSON.parse(data || "{}"));
+				} catch {
+					resolve({});
+				}
+			});
+		}).on("error", reject);
+	});
+}
+function getBountyTools(cfg) {
+	const hackeroneKey = require_env_resolve.resolveServiceApiKey("hackerone", cfg);
+	const bugcrowdKey = require_env_resolve.resolveServiceApiKey("bugcrowd", cfg);
+	const synackKey = require_env_resolve.resolveServiceApiKey("synack", cfg);
+	const tools = [];
+	if (hackeroneKey) tools.push({
+		name: "hackerone_list_programs",
+		description: "List HackerOne programs you have access to. Use for bug bounty research.",
+		input_schema: {
+			type: "object",
+			properties: { limit: {
+				type: "string",
+				description: "Max programs (default 20)"
+			} }
+		},
+		handler: async (input) => {
+			try {
+				const auth = Buffer.from(hackeroneKey.includes(":") ? hackeroneKey : `:${hackeroneKey}`).toString("base64");
+				const body = await fetchJson("https://api.hackerone.com/v1/hackers/programs", `Basic ${auth}`);
+				const progs = body.data || [];
+				const limit = parseInt(input.limit || "20", 10);
+				return progs.slice(0, limit).map((p) => {
+					const attrs = p.attributes;
+					return `- ${attrs?.name || p.id} (${attrs?.state || "?"})`;
+				}).join("\n") || "No programs found.";
+			} catch (e) {
+				return `Error: ${e.message}. Check HackerOne API key (username:token).`;
+			}
+		}
+	});
+	if (bugcrowdKey) tools.push({
+		name: "bugcrowd_list_programs",
+		description: "List Bugcrowd programs. Use for bug bounty research.",
+		input_schema: {
+			type: "object",
+			properties: { limit: {
+				type: "string",
+				description: "Max programs (default 20)"
+			} }
+		},
+		handler: async (input) => {
+			try {
+				const auth = bugcrowdKey.startsWith("Token ") ? bugcrowdKey : `Token ${bugcrowdKey}`;
+				const body = await fetchJson("https://api.bugcrowd.com/programs", auth);
+				const progs = (body && typeof body === "object" && "data" in body ? body.data : body) || [];
+				const arr = Array.isArray(progs) ? progs : [progs];
+				const limit = parseInt(input.limit || "20", 10);
+				return arr.slice(0, limit).map((p) => {
+					const attrs = p.attributes;
+					const name = attrs?.name || p.name || p.id || "?";
+					const links = p.links;
+					const linkUrl = links?.self || p.url || "";
+					return `- ${name} ${linkUrl ? `(${linkUrl})` : ""}`;
+				}).join("\n") || JSON.stringify(body).slice(0, 500);
+			} catch (e) {
+				return `Error: ${e.message}. Check Bugcrowd API token.`;
+			}
+		}
+	});
+	if (synackKey) tools.push({
+		name: "synack_list_targets",
+		description: "List Synack targets you have access to. Use for bug bounty research.",
+		input_schema: {
+			type: "object",
+			properties: {}
+		},
+		handler: async () => {
+			try {
+				const body = await fetchJson("https://api.synack.com/api/targets", `Bearer ${synackKey}`);
+				const targets = body.targets || body || [];
+				const arr = Array.isArray(targets) ? targets : [targets];
+				return arr.slice(0, 20).map((t) => `- ${t.name || t.slug || t.id || "?"}`).join("\n") || "No targets or check Synack API.";
+			} catch (e) {
+				return `Error: ${e.message}. Check Synack API token.`;
+			}
+		}
+	});
+	const apiKeys = cfg?.skills?.apiKeys ?? {};
+	const genericServiceIds = Object.keys(apiKeys).filter((id) => !KNOWN_BOUNTY_SERVICES.includes(id.toLowerCase()));
+	if (genericServiceIds.length > 0) tools.push({
+		name: "call_service_api",
+		description: `Call external API for services with configured keys. Available: ${genericServiceIds.join(", ")}. Use when the user needs to query an API for a service they've added (Stripe, GitHub, custom APIs, etc).`,
+		input_schema: {
+			type: "object",
+			properties: {
+				service_id: {
+					type: "string",
+					description: `Service id from configured keys: ${genericServiceIds.join(", ")}`
+				},
+				url: {
+					type: "string",
+					description: "Full API URL (e.g. https://api.example.com/v1/resource) or path if baseUrl configured"
+				},
+				method: {
+					type: "string",
+					description: "HTTP method",
+					enum: [
+						"GET",
+						"POST",
+						"PUT",
+						"PATCH",
+						"DELETE"
+					]
+				},
+				body: {
+					type: "object",
+					description: "Request body for POST/PUT/PATCH (optional)"
+				}
+			},
+			required: ["service_id", "url"]
+		},
+		handler: async (input) => {
+			const serviceId = String(input.service_id || "").trim().toLowerCase();
+			const url = String(input.url || "");
+			const method = String(input.method || "GET").toUpperCase();
+			const key = require_env_resolve.resolveServiceApiKey(serviceId, cfg);
+			if (!key) return `Error: No API key for service "${serviceId}". Configure via: hyperclaw config set-service-key ${serviceId} <key>`;
+			if (!url || !url.startsWith("http")) return "Error: url must be a full URL (https://...).";
+			try {
+				const body = await genericHttpRequest(url, method, key, input.body);
+				return typeof body === "string" ? body : JSON.stringify(body, null, 2).slice(0, 8e3);
+			} catch (e) {
+				return `Error: ${e.message}`;
+			}
+		}
+	});
+	return tools;
+}
+function genericHttpRequest(url, method, apiKey, body) {
+	return new Promise((resolve, reject) => {
+		const u = new URL(url);
+		const authHeader = apiKey.startsWith("Bearer ") || apiKey.startsWith("Token ") || apiKey.startsWith("Basic ") ? apiKey : `Bearer ${apiKey}`;
+		const bodyStr = body && method !== "GET" ? JSON.stringify(body) : void 0;
+		const opts = {
+			hostname: u.hostname,
+			port: u.port || 443,
+			path: u.pathname + u.search,
+			method,
+			headers: {
+				"Accept": "application/json",
+				"Authorization": authHeader,
+				...bodyStr ? {
+					"Content-Type": "application/json",
+					"Content-Length": Buffer.byteLength(bodyStr)
+				} : {}
+			}
+		};
+		const req = https.default.request(opts, (res) => {
+			let data = "";
+			res.on("data", (c) => {
+				data += c.toString();
+			});
+			res.on("end", () => {
+				try {
+					resolve(JSON.parse(data || "{}"));
+				} catch {
+					resolve(data || "{}");
+				}
+			});
+		});
+		req.on("error", reject);
+		if (bodyStr) req.write(bodyStr);
+		req.end();
+	});
+}
+var KNOWN_BOUNTY_SERVICES;
+var init_bounty_tools = require_chunk.__esm({ "packages/core/src/agent/bounty-tools.ts"() {
+	require_env_resolve.init_env_resolve();
+	KNOWN_BOUNTY_SERVICES = [
+		"hackerone",
+		"bugcrowd",
+		"synack"
+	];
+} });
+
+//#endregion
+init_bounty_tools();
+exports.getBountyTools = getBountyTools;