pentesting 0.16.7 → 0.16.8

package/README.md

@@ -30,6 +30,51 @@ export PENTEST_MODEL="glm-5"
 
 pentesting
 ```
+
+---
+
+## Environment Variables
+
+### Required (LLM)
+
+| Variable | Description | Example |
+|----------|-------------|---------|
+| `PENTEST_API_KEY` | API key for LLM provider | `your_api_key` |
+| `PENTEST_BASE_URL` | API endpoint URL | `https://api.z.ai/api/anthropic` |
+| `PENTEST_MODEL` | Model name | `glm-5` |
+
+### Optional (Web Search API)
+
+| Variable | Description | Example |
+|----------|-------------|---------|
+| `SEARCH_API_KEY` | Search API key | `your_api_key` |
+| `SEARCH_API_URL` | Search API endpoint | `https://open.bigmodel.cn/api/paas/v4/tools/web-search-pro` |
+| `BROWSER_HEADLESS` | Set `false` to show browser for captcha | `false` |
+
+**Supported Search APIs:**
+
+| Provider | SEARCH_API_URL |
+|----------|----------------|
+| GLM (Zhipu) | `https://open.bigmodel.cn/api/paas/v4/tools/web-search-pro` |
+| Brave | `https://api.search.brave.com/res/v1/web/search` |
+| Serper | `https://google.serper.dev/search` |
+
+### Example `.env`
+
+```bash
+# LLM Configuration
+PENTEST_API_KEY=your_api_key_here
+PENTEST_BASE_URL=https://api.z.ai/api/anthropic
+PENTEST_MODEL=glm-5
+
+# Web Search API
+SEARCH_API_KEY=your_api_key
+SEARCH_API_URL=https://open.bigmodel.cn/api/paas/v4/tools/web-search-pro
+
+# Browser (optional - for captcha handling)
+BROWSER_HEADLESS=false
+```
+
 ---
 
 ## Issue Report

package/dist/main.js

@@ -1,4 +1,10 @@
 #!/usr/bin/env node
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
 
 // src/platform/tui/main.tsx
 import { render } from "ink";
@@ -2173,6 +2179,107 @@ All ports freed. All children killed.`
 
 // src/engine/tools-mid.ts
 import { execFileSync } from "child_process";
+
+// src/shared/utils/config.ts
+import path from "path";
+import { fileURLToPath } from "url";
+var __filename = fileURLToPath(import.meta.url);
+var __dirname = path.dirname(__filename);
+function getApiKey() {
+  return process.env.PENTEST_API_KEY || "";
+}
+function getBaseUrl() {
+  return process.env.PENTEST_BASE_URL || void 0;
+}
+function getModel() {
+  return process.env.PENTEST_MODEL || "";
+}
+function getSearchApiKey() {
+  return process.env.SEARCH_API_KEY;
+}
+function getSearchApiUrl() {
+  return process.env.SEARCH_API_URL;
+}
+function isBrowserHeadless() {
+  return process.env.BROWSER_HEADLESS !== "false";
+}
+
+// src/shared/utils/debug-logger.ts
+import { appendFileSync as appendFileSync2, mkdirSync as mkdirSync2, existsSync as existsSync3, writeFileSync as writeFileSync3 } from "fs";
+import { join as join2 } from "path";
+var DebugLogger = class _DebugLogger {
+  static instance;
+  logPath;
+  initialized = false;
+  constructor(clearOnInit = false) {
+    const debugDir = join2(process.cwd(), ".pentesting", "debug");
+    try {
+      if (!existsSync3(debugDir)) {
+        mkdirSync2(debugDir, { recursive: true });
+      }
+      this.logPath = join2(debugDir, "debug.log");
+      if (clearOnInit) {
+        this.clear();
+      }
+      this.initialized = true;
+      this.log("general", "=== DEBUG LOGGER INITIALIZED ===");
+      this.log("general", `Log file: ${this.logPath}`);
+    } catch (e) {
+      console.error("[DebugLogger] Failed to initialize:", e);
+      this.logPath = "";
+    }
+  }
+  static getInstance(clearOnInit = false) {
+    if (!_DebugLogger.instance) {
+      _DebugLogger.instance = new _DebugLogger(clearOnInit);
+    }
+    return _DebugLogger.instance;
+  }
+  log(category, message, data) {
+    if (!this.initialized || !this.logPath) return;
+    try {
+      const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+      let logLine = `[${timestamp}] [${category.toUpperCase()}] ${message}`;
+      if (data !== void 0) {
+        logLine += ` | ${JSON.stringify(data)}`;
+      }
+      logLine += "\n";
+      appendFileSync2(this.logPath, logLine);
+    } catch (e) {
+      console.error("[DebugLogger] Write error:", e);
+    }
+  }
+  logRaw(category, label, raw) {
+    if (!this.initialized || !this.logPath) return;
+    try {
+      const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+      const logLine = `[${timestamp}] [${category.toUpperCase()}] ${label}:
+${raw}
+---
+`;
+      appendFileSync2(this.logPath, logLine);
+    } catch (e) {
+      console.error("[DebugLogger] Write error:", e);
+    }
+  }
+  clear() {
+    if (!this.logPath) return;
+    try {
+      writeFileSync3(this.logPath, "");
+    } catch (e) {
+      console.error("[DebugLogger] Clear error:", e);
+    }
+  }
+};
+var logger = DebugLogger.getInstance(false);
+function initDebugLogger() {
+  DebugLogger.instance = new DebugLogger(true);
+}
+function debugLog(category, message, data) {
+  logger.log(category, message, data);
+}
+
+// src/engine/tools-mid.ts
 function getErrorMessage(error) {
   return error instanceof Error ? error.message : String(error);
 }
@@ -2276,32 +2383,39 @@ async function searchExploitDB(service, version) {
     };
   }
 }
-async function webSearch(query, engine = "duckduckgo") {
+async function webSearch(query, _engine) {
+  debugLog("search", "webSearch START", { query });
   try {
-    let results = [];
-    if (engine === "duckduckgo") {
-      const url = `https://html.duckduckgo.com/html/?q=${encodeURIComponent(query)}`;
-      try {
-        const html = execFileSync("curl", ["-s", "-L", "-A", "Mozilla/5.0", url], {
-          encoding: "utf-8",
-          stdio: ["ignore", "pipe", "pipe"],
-          timeout: 15e3
-        });
-        const titleRegex = /class="result__a"[^>]*>([^<]+)</g;
-        const matches = html.match(titleRegex) || [];
-        results = matches.map((m) => m.replace(/class="result__a"[^>]*>/, "")).slice(0, 10);
-      } catch (e) {
-        results = [`Web search failed: ${getErrorMessage(e)}`];
-      }
+    const apiKey = getSearchApiKey();
+    const apiUrl = getSearchApiUrl();
+    debugLog("search", "Search API config", {
+      hasApiKey: !!apiKey,
+      apiUrl,
+      apiKeyPrefix: apiKey ? apiKey.slice(0, 8) + "..." : null
+    });
+    if (!apiKey || !apiUrl) {
+      debugLog("search", "Search API NOT CONFIGURED");
+      return {
+        success: false,
+        output: "",
+        error: "Search API not configured. Set SEARCH_API_KEY and SEARCH_API_URL environment variables."
+      };
+    }
+    if (apiUrl.includes("bigmodel.cn") || apiUrl.includes("zhipuai")) {
+      debugLog("search", "Using GLM search");
+      return await searchWithGLM(query, apiKey, apiUrl);
+    } else if (apiUrl.includes("brave.com")) {
+      debugLog("search", "Using Brave search");
+      return await searchWithBrave(query, apiKey, apiUrl);
+    } else if (apiUrl.includes("serper.dev")) {
+      debugLog("search", "Using Serper search");
+      return await searchWithSerper(query, apiKey, apiUrl);
     } else {
-      results = ["Search engine not supported. Use: duckduckgo"];
+      debugLog("search", "Using generic search API");
+      return await searchWithGenericApi(query, apiKey, apiUrl);
     }
-    const formatted = results.map((r, i) => `${i + 1}. ${r}`).join("\n");
-    return {
-      success: true,
-      output: formatted || `No results found for: ${query}`
-    };
   } catch (error) {
+    debugLog("search", "webSearch ERROR", { error: getErrorMessage(error) });
     return {
       success: false,
       output: "",
@@ -2309,11 +2423,134 @@ async function webSearch(query, engine = "duckduckgo") {
     };
   }
 }
+async function searchWithGLM(query, apiKey, apiUrl) {
+  debugLog("search", "GLM request START", { apiUrl, query });
+  const requestBody = {
+    model: "web-search-pro",
+    messages: [{ role: "user", content: query }],
+    stream: false
+  };
+  debugLog("search", "GLM request body", requestBody);
+  const response = await fetch(apiUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "Authorization": `Bearer ${apiKey}`
+    },
+    body: JSON.stringify(requestBody)
+  });
+  debugLog("search", "GLM response status", { status: response.status, ok: response.ok });
+  if (!response.ok) {
+    const errorText = await response.text();
+    debugLog("search", "GLM response ERROR", { status: response.status, error: errorText });
+    throw new Error(`GLM Search API error: ${response.status} - ${errorText}`);
+  }
+  const data = await response.json();
+  debugLog("search", "GLM response data", { hasChoices: !!data.choices, choicesCount: data.choices?.length });
+  let results = "";
+  if (data.choices?.[0]?.message?.content) {
+    results = data.choices[0].message.content;
+    debugLog("search", "GLM extracted from content", { contentLength: results.length });
+  } else if (data.choices?.[0]?.message?.tool_calls) {
+    debugLog("search", "GLM has tool_calls", { count: data.choices[0].message.tool_calls.length });
+    for (const tc of data.choices[0].message.tool_calls) {
+      if (tc.function?.arguments) {
+        try {
+          const args = JSON.parse(tc.function.arguments);
+          results += JSON.stringify(args, null, 2) + "\n";
+        } catch {
+        }
+      }
+    }
+  }
+  debugLog("search", "GLM search COMPLETE", { resultsLength: results.length });
+  return {
+    success: true,
+    output: results || `No results found for: ${query}`
+  };
+}
+async function searchWithBrave(query, apiKey, apiUrl) {
+  debugLog("search", "Brave request START", { apiUrl, query });
+  const url = `${apiUrl}?q=${encodeURIComponent(query)}&count=10`;
+  debugLog("search", "Brave request URL", { url });
+  const response = await fetch(url, {
+    headers: {
+      "Accept": "application/json",
+      "X-Subscription-Token": apiKey
+    }
+  });
+  debugLog("search", "Brave response status", { status: response.status, ok: response.ok });
+  if (!response.ok) {
+    const errorText = await response.text();
+    debugLog("search", "Brave response ERROR", { status: response.status, error: errorText });
+    throw new Error(`Brave API error: ${response.status}`);
+  }
+  const data = await response.json();
+  const results = data.web?.results || [];
+  debugLog("search", "Brave results count", { count: results.length });
+  if (results.length === 0) {
+    return { success: true, output: `No results found for: ${query}` };
+  }
+  const formatted = results.map(
+    (r, i) => `${i + 1}. ${r.title || "No title"}
+   ${r.url || ""}
+   ${r.description || ""}`
+  ).join("\n\n");
+  debugLog("search", "Brave search COMPLETE", { resultsLength: formatted.length });
+  return { success: true, output: formatted };
+}
+async function searchWithSerper(query, apiKey, apiUrl) {
+  debugLog("search", "Serper request START", { apiUrl, query });
+  const response = await fetch(apiUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "X-API-KEY": apiKey
+    },
+    body: JSON.stringify({ q: query })
+  });
+  debugLog("search", "Serper response status", { status: response.status, ok: response.ok });
+  if (!response.ok) {
+    const errorText = await response.text();
+    debugLog("search", "Serper response ERROR", { status: response.status, error: errorText });
+    throw new Error(`Serper API error: ${response.status}`);
+  }
+  const data = await response.json();
+  const results = data.organic || [];
+  debugLog("search", "Serper results count", { count: results.length });
+  if (results.length === 0) {
+    return { success: true, output: `No results found for: ${query}` };
+  }
+  const formatted = results.map(
+    (r, i) => `${i + 1}. ${r.title || "No title"}
+   ${r.link || ""}
+   ${r.snippet || ""}`
+  ).join("\n\n");
+  debugLog("search", "Serper search COMPLETE", { resultsLength: formatted.length });
+  return { success: true, output: formatted };
+}
+async function searchWithGenericApi(query, apiKey, apiUrl) {
+  const response = await fetch(apiUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "Authorization": `Bearer ${apiKey}`,
+      "X-API-KEY": apiKey
+    },
+    body: JSON.stringify({ query, q: query })
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Search API error: ${response.status} - ${errorText}`);
+  }
+  const data = await response.json();
+  return { success: true, output: JSON.stringify(data, null, 2) };
+}
 
 // src/engine/tools/web-browser.ts
 import { spawn as spawn3 } from "child_process";
-import { writeFileSync as writeFileSync3, existsSync as existsSync3, mkdirSync as mkdirSync2, unlinkSync as unlinkSync2 } from "fs";
-import { join as join2 } from "path";
+import { writeFileSync as writeFileSync4, existsSync as existsSync4, mkdirSync as mkdirSync3, unlinkSync as unlinkSync2 } from "fs";
+import { join as join3, dirname } from "path";
 import { tmpdir as tmpdir2 } from "os";
 
 // src/shared/constants/browser.ts
@@ -2336,6 +2573,14 @@ var BROWSER_PATHS = {
 };
 
 // src/engine/tools/web-browser.ts
+function getPlaywrightPath() {
+  try {
+    const mainPath = __require.resolve("playwright");
+    return dirname(mainPath);
+  } catch {
+    return join3(process.cwd(), "node_modules", "playwright");
+  }
+}
 var DEFAULT_OPTIONS = {
   timeout: BROWSER_CONFIG.DEFAULT_TIMEOUT,
   userAgent: BROWSER_CONFIG.DEFAULT_USER_AGENT,
@@ -2405,15 +2650,15 @@ async function browseUrl(url, options = {}) {
       };
     }
   }
-  const tempDir = join2(tmpdir2(), BROWSER_PATHS.TEMP_DIR_NAME);
-  if (!existsSync3(tempDir)) {
-    mkdirSync2(tempDir, { recursive: true });
+  const tempDir = join3(tmpdir2(), BROWSER_PATHS.TEMP_DIR_NAME);
+  if (!existsSync4(tempDir)) {
+    mkdirSync3(tempDir, { recursive: true });
   }
-  const screenshotPath = opts.screenshot ? join2(tempDir, `screenshot-${Date.now()}.png`) : void 0;
+  const screenshotPath = opts.screenshot ? join3(tempDir, `screenshot-${Date.now()}.png`) : void 0;
   const script = buildBrowseScript(url, opts, screenshotPath);
-  const scriptPath = join2(tempDir, `browse-${Date.now()}.cjs`);
+  const scriptPath = join3(tempDir, `browse-${Date.now()}.cjs`);
   try {
-    writeFileSync3(scriptPath, script, "utf-8");
+    writeFileSync4(scriptPath, script, "utf-8");
   } catch (err) {
     return {
       success: false,
@@ -2422,9 +2667,10 @@ async function browseUrl(url, options = {}) {
     };
   }
   return new Promise((resolve) => {
+    const nodePath = join3(process.cwd(), "node_modules");
     const child = spawn3("node", [scriptPath], {
       timeout: opts.timeout + 1e4,
-      env: { ...process.env, NODE_PATH: process.cwd() }
+      env: { ...process.env, NODE_PATH: nodePath }
     });
     let stdout = "";
     let stderr = "";
@@ -2481,12 +2727,15 @@ function buildBrowseScript(url, options, screenshotPath) {
   const safeUserAgent = safeJsString(options.userAgent || BROWSER_CONFIG.DEFAULT_USER_AGENT);
   const safeScreenshotPath = screenshotPath ? safeJsString(screenshotPath) : "null";
   const safeExtraHeaders = JSON.stringify(options.extraHeaders || {});
+  const playwrightPath = getPlaywrightPath();
+  const safePlaywrightPath = safeJsString(playwrightPath);
+  const headlessMode = isBrowserHeadless();
   return `
-const { chromium } = require('playwright');
+const { chromium } = require(${safePlaywrightPath});
 
 (async () => {
     const browser = await chromium.launch({
-        headless: true,
+        headless: ${headlessMode},
         args: ['--no-sandbox', '--disable-setuid-sandbox']
     });
 
@@ -2606,11 +2855,14 @@ async function fillAndSubmitForm(url, formData, options = {}) {
   const opts = { ...DEFAULT_OPTIONS, ...options };
   const safeUrl = safeJsString(url);
   const safeFormData = JSON.stringify(formData);
+  const playwrightPath = getPlaywrightPath();
+  const safePlaywrightPath = safeJsString(playwrightPath);
+  const headlessMode = isBrowserHeadless();
   const script = `
-const { chromium } = require('playwright');
+const { chromium } = require(${safePlaywrightPath});
 
 (async () => {
-    const browser = await chromium.launch({ headless: true });
+    const browser = await chromium.launch({ headless: ${headlessMode} });
     const page = await browser.newPage();
 
     try {
@@ -2646,13 +2898,13 @@ const { chromium } = require('playwright');
     }
 })();
 `;
-  const tempDir = join2(tmpdir2(), BROWSER_PATHS.TEMP_DIR_NAME);
-  if (!existsSync3(tempDir)) {
-    mkdirSync2(tempDir, { recursive: true });
+  const tempDir = join3(tmpdir2(), BROWSER_PATHS.TEMP_DIR_NAME);
+  if (!existsSync4(tempDir)) {
+    mkdirSync3(tempDir, { recursive: true });
   }
-  const scriptPath = join2(tempDir, `form-${Date.now()}.cjs`);
+  const scriptPath = join3(tempDir, `form-${Date.now()}.cjs`);
   try {
-    writeFileSync3(scriptPath, script, "utf-8");
+    writeFileSync4(scriptPath, script, "utf-8");
   } catch (err) {
     return {
       success: false,
@@ -2661,8 +2913,10 @@ const { chromium } = require('playwright');
     };
   }
   return new Promise((resolve) => {
+    const nodePath = join3(process.cwd(), "node_modules");
     const child = spawn3("node", [scriptPath], {
-      timeout: opts.timeout + 1e4
+      timeout: opts.timeout + 1e4,
+      env: { ...process.env, NODE_PATH: nodePath }
     });
     let stdout = "";
     let stderr = "";
@@ -3993,81 +4247,81 @@ var ServiceParser = class {
 };
 
 // src/domains/registry.ts
-import { join as join3, dirname } from "path";
-import { fileURLToPath } from "url";
-var __dirname = dirname(fileURLToPath(import.meta.url));
+import { join as join4, dirname as dirname2 } from "path";
+import { fileURLToPath as fileURLToPath2 } from "url";
+var __dirname2 = dirname2(fileURLToPath2(import.meta.url));
 var DOMAINS = {
   [SERVICE_CATEGORIES.NETWORK]: {
     id: SERVICE_CATEGORIES.NETWORK,
     name: "Network Infrastructure",
     description: "Vulnerability scanning, port mapping, and network service exploitation.",
-    promptPath: join3(__dirname, "network/prompt.md")
+    promptPath: join4(__dirname2, "network/prompt.md")
   },
   [SERVICE_CATEGORIES.WEB]: {
     id: SERVICE_CATEGORIES.WEB,
     name: "Web Application",
     description: "Web app security testing, injection attacks, and auth bypass.",
-    promptPath: join3(__dirname, "web/prompt.md")
+    promptPath: join4(__dirname2, "web/prompt.md")
   },
   [SERVICE_CATEGORIES.DATABASE]: {
     id: SERVICE_CATEGORIES.DATABASE,
     name: "Database Security",
     description: "SQL injection, database enumeration, and data extraction.",
-    promptPath: join3(__dirname, "database/prompt.md")
+    promptPath: join4(__dirname2, "database/prompt.md")
   },
   [SERVICE_CATEGORIES.AD]: {
     id: SERVICE_CATEGORIES.AD,
     name: "Active Directory",
     description: "Kerberos, LDAP, and Windows domain privilege escalation.",
-    promptPath: join3(__dirname, "ad/prompt.md")
+    promptPath: join4(__dirname2, "ad/prompt.md")
   },
   [SERVICE_CATEGORIES.EMAIL]: {
     id: SERVICE_CATEGORIES.EMAIL,
     name: "Email Services",
     description: "SMTP, IMAP, POP3 security and user enumeration.",
-    promptPath: join3(__dirname, "email/prompt.md")
+    promptPath: join4(__dirname2, "email/prompt.md")
   },
   [SERVICE_CATEGORIES.REMOTE_ACCESS]: {
     id: SERVICE_CATEGORIES.REMOTE_ACCESS,
     name: "Remote Access",
     description: "SSH, RDP, VNC and other remote control protocols.",
-    promptPath: join3(__dirname, "remote-access/prompt.md")
+    promptPath: join4(__dirname2, "remote-access/prompt.md")
   },
   [SERVICE_CATEGORIES.FILE_SHARING]: {
     id: SERVICE_CATEGORIES.FILE_SHARING,
     name: "File Sharing",
     description: "SMB, NFS, FTP and shared resource security.",
-    promptPath: join3(__dirname, "file-sharing/prompt.md")
+    promptPath: join4(__dirname2, "file-sharing/prompt.md")
   },
   [SERVICE_CATEGORIES.CLOUD]: {
     id: SERVICE_CATEGORIES.CLOUD,
     name: "Cloud Infrastructure",
     description: "AWS, Azure, and GCP security and misconfiguration.",
-    promptPath: join3(__dirname, "cloud/prompt.md")
+    promptPath: join4(__dirname2, "cloud/prompt.md")
   },
   [SERVICE_CATEGORIES.CONTAINER]: {
     id: SERVICE_CATEGORIES.CONTAINER,
     name: "Container Systems",
     description: "Docker and Kubernetes security testing.",
-    promptPath: join3(__dirname, "container/prompt.md")
+    promptPath: join4(__dirname2, "container/prompt.md")
   },
   [SERVICE_CATEGORIES.API]: {
     id: SERVICE_CATEGORIES.API,
     name: "API Security",
     description: "REST, GraphQL, and SOAP API security testing.",
-    promptPath: join3(__dirname, "api/prompt.md")
+    promptPath: join4(__dirname2, "api/prompt.md")
   },
   [SERVICE_CATEGORIES.WIRELESS]: {
     id: SERVICE_CATEGORIES.WIRELESS,
     name: "Wireless Networks",
     description: "WiFi and Bluetooth security testing.",
-    promptPath: join3(__dirname, "wireless/prompt.md")
+    promptPath: join4(__dirname2, "wireless/prompt.md")
   },
   [SERVICE_CATEGORIES.ICS]: {
     id: SERVICE_CATEGORIES.ICS,
     name: "Industrial Systems",
     description: "Critical infrastructure - Modbus, DNP3, ENIP.",
-    promptPath: join3(__dirname, "ics/prompt.md")
+    promptPath: join4(__dirname2, "ics/prompt.md")
   }
 };
 
@@ -4316,21 +4570,6 @@ var agentLogger = new Logger("Agent", {
   colorOutput: true
 });
 
-// src/shared/utils/config.ts
-import path from "path";
-import { fileURLToPath as fileURLToPath2 } from "url";
-var __filename = fileURLToPath2(import.meta.url);
-var __dirname2 = path.dirname(__filename);
-function getApiKey() {
-  return process.env.PENTEST_API_KEY || "";
-}
-function getBaseUrl() {
-  return process.env.PENTEST_BASE_URL || void 0;
-}
-function getModel() {
-  return process.env.PENTEST_MODEL || "";
-}
-
 // src/shared/constants/llm.ts
 var RETRY_CONFIG = {
   baseDelayMs: 2e3,
@@ -4360,64 +4599,6 @@ var LLM_ERROR_TYPES = {
 };
 
 // src/engine/llm.ts
-import { appendFileSync as appendFileSync2, mkdirSync as mkdirSync3, existsSync as existsSync4 } from "fs";
-import { join as join4 } from "path";
-import { homedir } from "os";
-var LLMLogger = class _LLMLogger {
-  static instance;
-  logPath;
-  initialized = false;
-  constructor() {
-    const debugDir = join4(homedir(), ".pentesting", "debug");
-    try {
-      if (!existsSync4(debugDir)) {
-        mkdirSync3(debugDir, { recursive: true });
-      }
-      this.logPath = join4(debugDir, "llm-debug.log");
-      this.initialized = true;
-      this.log("=== LLM LOGGER INITIALIZED ===");
-      this.log(`Log file: ${this.logPath}`);
-    } catch (e) {
-      console.error("[LLMLogger] Failed to initialize:", e);
-      this.logPath = "";
-    }
-  }
-  static getInstance() {
-    if (!_LLMLogger.instance) {
-      _LLMLogger.instance = new _LLMLogger();
-    }
-    return _LLMLogger.instance;
-  }
-  log(message, data) {
-    if (!this.initialized || !this.logPath) return;
-    try {
-      const timestamp = (/* @__PURE__ */ new Date()).toISOString();
-      let logLine = `[${timestamp}] ${message}`;
-      if (data !== void 0) {
-        logLine += ` | ${JSON.stringify(data)}`;
-      }
-      logLine += "\n";
-      appendFileSync2(this.logPath, logLine);
-    } catch (e) {
-      console.error("[LLMLogger] Write error:", e);
-    }
-  }
-  logRaw(label, raw) {
-    if (!this.initialized || !this.logPath) return;
-    try {
-      const timestamp = (/* @__PURE__ */ new Date()).toISOString();
-      const logLine = `[${timestamp}] ${label}:
-${raw}
----
-`;
-      appendFileSync2(this.logPath, logLine);
-    } catch (e) {
-      console.error("[LLMLogger] Write error:", e);
-    }
-  }
-};
-var logger = LLMLogger.getInstance();
-logger.log("=== LLM MODULE LOADED ===");
 var LLMError = class extends Error {
   errorInfo;
   constructor(info) {
@@ -4456,7 +4637,7 @@ var LLMClient = class {
     this.apiKey = getApiKey();
     this.baseUrl = getBaseUrl() || "https://api.anthropic.com";
     this.model = getModel();
-    logger.log("LLMClient constructed", { model: this.model, baseUrl: this.baseUrl, apiKeyPrefix: this.apiKey.slice(0, 8) + "..." });
+    debugLog("llm", "LLMClient constructed", { model: this.model, baseUrl: this.baseUrl, apiKeyPrefix: this.apiKey.slice(0, 8) + "..." });
   }
   async generateResponse(messages, tools, systemPrompt, callbacks) {
     return this.executeWithRetry(() => this.executeNonStream(messages, tools, systemPrompt), callbacks);
@@ -4516,12 +4697,12 @@ var LLMClient = class {
       messages: this.convertMessages(messages),
       tools
     };
-    logger.log("Non-stream request", { model: this.model, toolCount: tools?.length });
+    debugLog("llm", "Non-stream request", { model: this.model, toolCount: tools?.length });
     const response = await this.makeRequest(requestBody);
     const data = await response.json();
     const textBlock = data.content.find((b) => b.type === "text");
     const toolBlocks = data.content.filter((b) => b.type === "tool_use");
-    logger.log("Non-stream response", { toolCount: toolBlocks.length, tools: toolBlocks.map((t) => ({ id: t.id, name: t.name, input: t.input })) });
+    debugLog("llm", "Non-stream response", { toolCount: toolBlocks.length, tools: toolBlocks.map((t) => ({ id: t.id, name: t.name, input: t.input })) });
     return {
       content: textBlock?.text || "",
       toolCalls: toolBlocks.map((b) => ({ id: b.id || "", name: b.name || "", input: b.input || {} })),
@@ -4540,7 +4721,7 @@ var LLMClient = class {
       tools,
       stream: true
     };
-    logger.log(`[${requestId2}] Stream request START`, { model: this.model, toolCount: tools?.length, toolNames: tools?.map((t) => t.name) });
+    debugLog("llm", `[${requestId2}] Stream request START`, { model: this.model, toolCount: tools?.length, toolNames: tools?.map((t) => t.name) });
     const response = await this.makeRequest(requestBody, callbacks?.abortSignal);
     let fullContent = "";
     let fullReasoning = "";
@@ -4569,12 +4750,12 @@ var LLMClient = class {
             if (data.trim() === "[DONE]") continue;
             try {
               const event = JSON.parse(data);
-              logger.log(`[${requestId2}] SSE event`, { type: event.type, index: event.index, deltaType: event.delta?.type });
+              debugLog("llm", `[${requestId2}] SSE event`, { type: event.type, index: event.index, deltaType: event.delta?.type });
               if (event.type === "content_block_start" && event.content_block?.type === "tool_use") {
-                logger.log(`[${requestId2}] TOOL BLOCK START`, { id: event.content_block.id, name: event.content_block.name });
+                debugLog("llm", `[${requestId2}] TOOL BLOCK START`, { id: event.content_block.id, name: event.content_block.name });
               }
               if (event.type === "content_block_delta" && event.delta?.type === "input_json_delta") {
-                logger.log(`[${requestId2}] JSON DELTA`, { index: event.index, partialJson: event.delta.partial_json });
+                debugLog("llm", `[${requestId2}] JSON DELTA`, { index: event.index, partialJson: event.delta.partial_json });
               }
               this.processStreamEvent(event, {
                 toolCallsMap,
@@ -4609,25 +4790,25 @@ var LLMClient = class {
       reader.releaseLock();
     }
     const toolCalls = [];
-    logger.log(`[${requestId2}] PARSING ${toolCallsMap.size} TOOL CALLS`);
+    debugLog("llm", `[${requestId2}] PARSING ${toolCallsMap.size} TOOL CALLS`);
     for (const [id, toolCall] of toolCallsMap) {
-      logger.log(`[${requestId2}] Tool before parse`, { id, name: toolCall.name, pendingJsonLen: toolCall._pendingJson?.length, pendingJson: toolCall._pendingJson });
+      debugLog("llm", `[${requestId2}] Tool before parse`, { id, name: toolCall.name, pendingJsonLen: toolCall._pendingJson?.length, pendingJson: toolCall._pendingJson });
       if (toolCall._pendingJson) {
         const parseResult = this.safeParseJson(toolCall._pendingJson);
         if (parseResult.success) {
           toolCall.input = parseResult.data;
-          logger.log(`[${requestId2}] Tool parsed OK`, { id, name: toolCall.name, input: toolCall.input });
+          debugLog("llm", `[${requestId2}] Tool parsed OK`, { id, name: toolCall.name, input: toolCall.input });
         } else {
           toolCall.input = { _parse_error: parseResult.error, _raw_json: toolCall._pendingJson.slice(0, 500) };
-          logger.log(`[${requestId2}] Tool parse FAILED`, { id, name: toolCall.name, error: parseResult.error, raw: toolCall._pendingJson });
+          debugLog("llm", `[${requestId2}] Tool parse FAILED`, { id, name: toolCall.name, error: parseResult.error, raw: toolCall._pendingJson });
         }
         delete toolCall._pendingJson;
       } else {
-        logger.log(`[${requestId2}] Tool NO JSON RECEIVED`, { id, name: toolCall.name });
+        debugLog("llm", `[${requestId2}] Tool NO JSON RECEIVED`, { id, name: toolCall.name });
       }
       toolCalls.push({ id: toolCall.id, name: toolCall.name, input: toolCall.input });
     }
-    logger.log(`[${requestId2}] FINAL toolCalls`, { count: toolCalls.length, tools: toolCalls.map((t) => ({ id: t.id, name: t.name, input: t.input })) });
+    debugLog("llm", `[${requestId2}] FINAL toolCalls`, { count: toolCalls.length, tools: toolCalls.map((t) => ({ id: t.id, name: t.name, input: t.input })) });
     return {
       content: fullContent,
       toolCalls: toolCalls.length > 0 ? toolCalls : void 0,
@@ -4674,9 +4855,9 @@ var LLMClient = class {
               const toolCall = Array.from(toolCallsMap.values()).find((t) => t._index === index);
               if (toolCall) {
                 toolCall._pendingJson = (toolCall._pendingJson || "") + event.delta.partial_json;
-                logger.log(`[${requestId}] JSON DELTA applied`, { index, toolId: toolCall.id, json: event.delta.partial_json });
+                debugLog("llm", `[${requestId}] JSON DELTA applied`, { index, toolId: toolCall.id, json: event.delta.partial_json });
               } else {
-                logger.log(`[${requestId}] JSON DELTA no tool found for index`, { index });
+                debugLog("llm", `[${requestId}] JSON DELTA no tool found for index`, { index });
               }
             }
           }
@@ -4758,7 +4939,7 @@ function getLLMClient() {
   return llmInstance;
 }
 function logLLM(message, data) {
-  logger.log(message, data);
+  debugLog("llm", message, data);
 }
 
 // src/agents/core-agent.ts
@@ -5193,7 +5374,7 @@ Please decide how to handle this error and continue.`;
 
 // src/agents/prompt-builder.ts
 import { readFileSync as readFileSync3, existsSync as existsSync5 } from "fs";
-import { join as join5, dirname as dirname2 } from "path";
+import { join as join5, dirname as dirname3 } from "path";
 import { fileURLToPath as fileURLToPath3 } from "url";
 
 // src/shared/constants/prompts.ts
@@ -5227,7 +5408,7 @@ var INITIAL_TASKS = {
 };
 
 // src/agents/prompt-builder.ts
-var __dirname3 = dirname2(fileURLToPath3(import.meta.url));
+var __dirname3 = dirname3(fileURLToPath3(import.meta.url));
 var PROMPTS_DIR = join5(__dirname3, "prompts");
 var PHASE_PROMPT_MAP = {
   recon: "recon.md",
@@ -6326,6 +6507,7 @@ var EXIT_CODE = {
 
 // src/platform/tui/main.tsx
 import { jsx as jsx7 } from "react/jsx-runtime";
+initDebugLogger();
 var program = new Command();
 program.name("pentesting").version(APP_VERSION).description(APP_DESCRIPTION).option("--dangerously-skip-permissions", "Skip all permission prompts (dangerous!)").option("-t, --target <target>", "Set initial target");
 program.command("interactive", { isDefault: true }).alias("i").description("Start interactive TUI mode").action(async () => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.16.7",
+  "version": "0.16.8",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/main.js",