pentesting 0.2.3 → 0.2.5

package/README.md

@@ -1,130 +1,125 @@
-# Pentesting
-
-> 🎯 DEF CON-level Autonomous Penetration Testing AI Agent
-
-<p align="center">
-  <img src="assets/logo.png" alt="Pentesting Logo" width="200"/>
-</p>
+```
+╔═══════════════════════════════════════════════════════════════╗
+║                                                               ║
+║   ██████╗ ███████╗███╗   ██╗████████╗███████╗███████╗████████╗║
+║   ██╔══██╗██╔════╝████╗  ██║╚══██╔══╝██╔════╝██╔════╝╚══██╔══╝║
+║   ██████╔╝█████╗  ██╔██╗ ██║   ██║   █████╗  ███████╗   ██║   ║
+║   ██╔═══╝ ██╔══╝  ██║╚██╗██║   ██║   ██╔══╝  ╚════██║   ██║   ║
+║   ██║     ███████╗██║ ╚████║   ██║   ███████╗███████║   ██║   ║
+║   ╚═╝     ╚══════╝╚═╝  ╚═══╝   ╚═╝   ╚══════╝╚══════╝   ╚═╝   ║
+║                                                               ║
+║        🎯 DEF CON-level Autonomous Pentesting Agent           ║
+║                                                               ║
+╚═══════════════════════════════════════════════════════════════╝
+```
 
 [![npm version](https://badge.fury.io/js/pentesting.svg)](https://www.npmjs.com/package/pentesting)
 [![Docker](https://img.shields.io/badge/Docker-pentesting--tools-blue)](https://hub.docker.com/r/agnusdei1207/pentesting-tools)
 
-## ✨ Features
-
-- **7-Phase Attack Workflow**: Recon → Scan → Enum → Vuln Analysis → Exploitation → PrivEsc → Reporting
-- **9 Specialized Agents**: Built-in experts for each security domain
-- **Ralph Loop**: Autonomous iteration until objective is achieved
-- **Streaming Responses**: Real-time output from Claude
-- **Session Persistence**: Save/resume pentesting sessions
-- **Tool Approval**: Manual confirmation for dangerous commands
-- **MCP Integration**: Extend with Model Context Protocol tools
-- **Docker Toolkit**: 50+ pre-installed pentesting tools
-
-## Quick Start
+---
 
-### Install
+## 🚀 Quick Start
 
 ```bash
+# Install
 npm install -g pentesting
-```
-
-### Configure
 
-```bash
-# Required: API Key (either works)
+# Configure
 export PENTEST_API_KEY=your_api_key
-# or
-export ANTHROPIC_API_KEY=your_api_key
-
-# For other providers (GLM, OpenRouter, etc.)
 export PENTEST_BASE_URL=https://your-api-endpoint.com/v1
 export PENTEST_MODEL=your-model-name
-export PENTEST_MAX_TOKENS=16384
-```
 
-### Run
+export PENTEST_API_KEY="key"
+export PENTEST_BASE_URL="https://api.z.ai/api/anthropic"
+export PENTEST_MODEL="glm-4.7"
 
-```bash
-pentesting              # Interactive mode
-pentesting --yolo       # Auto-approve all tools (dangerous!)
+
+# Run
+pentesting
 ```
 
-## CLI Commands
+---
+
+## ✨ Features
+
+- **10-Phase Attack Workflow**: Recon → Scan → Enum → Vuln Analysis → Exploitation → PrivEsc → Pivot → Persist → Exfil → Report
+- **9 Specialized Agents**: Built-in experts for each security domain
+- **Ralph Loop**: Autonomous iteration until objective is achieved
+- **Streaming Responses**: Real-time LLM output
+- **Session Persistence**: Save/resume pentesting sessions
+- **Tool Approval**: Manual confirmation for dangerous commands
+- **MCP Integration**: Extend with Model Context Protocol tools
+- **Docker Toolkit**: 50+ pre-installed pentesting tools
+- **Provider Agnostic**: Works with any OpenAI-compatible API
+
+---
+
+## 📖 CLI Commands
 
 ```bash
+# Target & Session
 /target <ip>        Set target
 /start [objective]  Start autonomous pentest
+/sessions           List saved sessions
+/resume [id]        Resume a session
+
+# Scanning & Enumeration
 /scan <target>      Quick enumeration
+/web <url>          Web application testing
+
+# Exploitation
 /exploit <service>  Search for exploits
 /privesc [os]       Check privilege escalation vectors
-/web <url>          Web application testing
-/hash <hash>        Identify and crack hashes
 /attack <objective> Execute attack chain
+/hash <hash>        Identify and crack hashes
+
+# Reporting
 /report             Generate pentest report
-/sessions           List saved sessions
-/resume [id]        Resume a session
+/findings           Show findings
+
+# Control
 /yolo               Toggle auto-approve mode
 /approve /deny      Approve/deny tool execution
-/findings           Show findings
 /clear              Clear screen
 /exit               Exit
 ```
 
-## Built-in Agents
+---
+
+## 🤖 Built-in Agents
 
 | Agent | Specialty |
 |-------|-----------|
-| **target-explorer** | Network reconnaissance, service enumeration |
-| **exploit-researcher** | CVE research, exploit development |
-| **privesc-master** | Linux/Windows privilege escalation |
-| **web-hacker** | OWASP Top 10, SQLi, XSS, SSRF |
-| **crypto-solver** | Hash cracking, cipher analysis |
-| **forensics-analyst** | Memory forensics, file carving |
-| **reverse-engineer** | Binary analysis, exploit development |
-| **attack-architect** | Attack strategy planning |
-| **finding-reviewer** | Vulnerability validation |
-
-## Architecture
+| `target-explorer` | Network reconnaissance, service enumeration |
+| `exploit-researcher` | CVE research, exploit development |
+| `privesc-master` | Linux/Windows privilege escalation |
+| `web-hacker` | OWASP Top 10, SQLi, XSS, SSRF |
+| `crypto-solver` | Hash cracking, cipher analysis |
+| `forensics-analyst` | Memory forensics, file carving |
+| `reverse-engineer` | Binary analysis, exploit development |
+| `attack-architect` | Attack strategy planning |
+| `finding-reviewer` | Vulnerability validation |
 
-```
-┌─────────────────────────────────────────────────────────────┐
-│                        TUI (app.tsx)                         │
-│  - Streaming text display                                    │
-│  - Tool approval prompts                                     │
-│  - Session management                                        │
-└──────────────────────────┬──────────────────────────────────┘
-                          │ Wire Protocol
-┌──────────────────────────▼──────────────────────────────────┐
-│                 PentestingAgent (Unified)                    │
-│  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐       │
-│  │ RalphLoop    │  │ Streaming    │  │ Session      │       │
-│  │ (Auto-iter)  │  │ Handler      │  │ Manager      │       │
-│  └──────────────┘  └──────────────┘  └──────────────┘       │
-│                                                              │
-│  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐       │
-│  │ Context      │  │ Retry        │  │ Approval     │       │
-│  │ Compaction   │  │ Handler      │  │ Manager      │       │
-│  └──────────────┘  └──────────────┘  └──────────────┘       │
-│                                                              │
-│  ┌──────────────────────────────────────────────────┐       │
-│  │         AutonomousHackingAgent (Core)             │       │
-│  │  ┌──────────────────────────────────────────┐    │       │
-│  │  │ 9 Built-in Specialized Agents            │    │       │
-│  │  │ (No plugins needed)                       │    │       │
-│  │  └──────────────────────────────────────────┘    │       │
-│  │  - Hook System                                    │       │
-│  │  - MCP Client for Extended Tools                  │       │
-│  └──────────────────────────────────────────────────┘       │
-└──────────────────────────┬──────────────────────────────────┘
-                          │
-         ┌────────────────┼────────────────┐
-    ┌────▼────┐     ┌────▼────┐     ┌────▼────┐
-    │ Tool    │     │  Bash   │     │   MCP   │
-    │Executor │     │ Commands│     │ Servers │
-    └─────────┘     └─────────┘     └─────────┘
-```
+---
+
+## ⚙️ Configuration
 
-## Programmatic Usage
+### Environment Variables
+
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `PENTEST_API_KEY` | LLM API key | Required |
+| `PENTEST_BASE_URL` | API endpoint URL | - |
+| `PENTEST_MODEL` | Model name | claude-sonnet-4-20250514 |
+| `PENTEST_MAX_TOKENS` | Max response tokens | 16384 |
+| `PENTESTING_DOCKER` | Force Docker execution | 0 |
+| `PENTESTING_CONTAINER` | Docker container name | pentesting-tools |
+
+> **Note**: `ANTHROPIC_API_KEY` is also accepted as fallback for `PENTEST_API_KEY`.
+
+---
+
+## 💻 Programmatic Usage
 
 ```typescript
 import { PentestingAgent, PENTEST_EVENT } from 'pentesting';
@@ -158,7 +153,9 @@ const scanResult = await agent.chat('/scan 10.10.10.1');
 const exploitResult = await agent.chat('/exploit Apache 2.4.49');
 ```
 
-## Docker Environment
+---
+
+## 🐳 Docker Environment
 
 ```bash
 # Pull pre-built toolkit (50+ tools)
@@ -173,7 +170,9 @@ docker run -d --name pentesting-tools --network host \
 docker exec -it pentesting-tools nmap -sCV 10.0.0.1
 ```
 
-## MCP Integration
+---
+
+## 🔌 MCP Integration
 
 Extend with additional MCP servers:
 
@@ -191,32 +190,50 @@ await agent.addMCPServer('security-tools', 'docker', [
 ]);
 ```
 
-## Configuration
+---
 
-### Environment Variables
+## 🏗️ Architecture
 
-| Variable | Description | Default |
-|----------|-------------|---------|
-| PENTEST_API_KEY | API key (alternative: ANTHROPIC_API_KEY) | Required |
-| PENTEST_BASE_URL | API endpoint URL (for GLM, etc.) | - |
-| PENTEST_MODEL | Model name | claude-sonnet-4-20250514 |
-| PENTEST_MAX_TOKENS | Max response tokens | 16384 |
-| PENTESTING_DOCKER | Force Docker execution | 0 |
-| PENTESTING_CONTAINER | Docker container name | pentesting-tools |
+```
+┌─────────────────────────────────────────────────────────────┐
+│                        TUI (app.tsx)                         │
+│  - Streaming text display                                    │
+│  - Tool approval prompts                                     │
+│  - Session management                                        │
+└──────────────────────────┬──────────────────────────────────┘
+                          │ Wire Protocol
+┌──────────────────────────▼──────────────────────────────────┐
+│                 PentestingAgent (Unified)                    │
+│  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐       │
+│  │ RalphLoop    │  │ Streaming    │  │ Session      │       │
+│  │ (Auto-iter)  │  │ Handler      │  │ Manager      │       │
+│  └──────────────┘  └──────────────┘  └──────────────┘       │
+│                                                              │
+│  ┌──────────────────────────────────────────────────┐       │
+│  │         AutonomousHackingAgent (Core)             │       │
+│  │  ┌──────────────────────────────────────────┐    │       │
+│  │  │ 9 Built-in Specialized Agents            │    │       │
+│  │  └──────────────────────────────────────────┘    │       │
+│  └──────────────────────────────────────────────────┘       │
+└──────────────────────────┬──────────────────────────────────┘
+                          │
+         ┌────────────────┼────────────────┐
+    ┌────▼────┐     ┌────▼────┐     ┌────▼────┐
+    │ Tool    │     │  Bash   │     │   MCP   │
+    │Executor │     │ Commands│     │ Servers │
+    └─────────┘     └─────────┘     └─────────┘
+```
+
+---
 
-## Project Structure
+## 📁 Project Structure
 
 ```
 src/
 ├── index.tsx              # CLI entry point
-├── cli/
-│   └── app.tsx            # TUI with streaming, approval, sessions
+├── cli/app.tsx            # TUI with streaming, approval, sessions
 ├── core/
-│   ├── index.ts           # All core exports
-│   ├── agent/
-│   │   ├── pentesting-agent.ts   # Unified agent
-│   │   ├── autonomous-agent.ts   # Core agent logic
-│   │   └── agent-orchestrator.ts # Parallel agent execution
+│   ├── agent/             # Agent implementations
 │   ├── approval/          # Tool approval system
 │   ├── context/           # Conversation compaction
 │   ├── hooks/             # Event hooks
@@ -225,17 +242,16 @@ src/
 │   ├── streaming/         # Real-time streaming
 │   ├── prompts/           # System prompts
 │   └── tools/             # Tool definitions & executor
-├── agents/
-│   └── index.ts           # 9 built-in specialized agents
-├── commands/
-│   └── index.ts           # Built-in slash commands
-├── wire/                  # Agent-UI communication protocol
+├── agents/index.ts        # 9 built-in specialized agents
+├── commands/index.ts      # Built-in slash commands
+├── wire/                  # Agent-UI communication
 ├── mcp/                   # MCP client integration
-├── utils/                 # Retry logic, utilities
 └── config/                # Constants, theme
 ```
 
-## Development
+---
+
+## 🛠️ Development
 
 ```bash
 # Clone
@@ -252,12 +268,24 @@ npm run build
 npm run dev
 ```
 
-## Legal
+---
+
+## 📚 Documentation
 
-⚠️ **Only use on systems you own or have explicit permission to test.**
+- [Architecture](docs/architecture.md) - System design and components
+- [API Reference](docs/api-reference.md) - Full API documentation
+- [Troubleshooting](docs/troubleshooting.md) - Common issues
+
+---
+
+## ⚠️ Legal
+
+**Only use on systems you own or have explicit permission to test.**
 
 This tool is for authorized penetration testing and CTF competitions only. Unauthorized access to computer systems is illegal.
 
-## License
+---
+
+## 📄 License
 
 MIT

package/dist/index.js

@@ -12,7 +12,7 @@ import Spinner from "ink-spinner";
 
 // src/core/agent/autonomous-agent.ts
 import Anthropic from "@anthropic-ai/sdk";
-import { EventEmitter as EventEmitter3 } from "events";
+import { EventEmitter as EventEmitter4 } from "events";
 
 // src/core/prompts/autonomous-prompt.ts
 var AUTONOMOUS_HACKING_PROMPT = `You are Hacker-Code, an elite autonomous penetration testing AI designed for CTF competitions and professional security assessments. You operate with minimal human intervention, making intelligent decisions, adapting to obstacles, and persistently pursuing objectives until complete system compromise.
@@ -251,6 +251,8 @@ var AGENT_EVENT = {
   TOOL_CALL: "tool_call",
   TOOL_RESULT: "tool_result",
   COMMAND_EXECUTE: "command_execute",
+  APPROVAL_NEEDED: "approval_needed",
+  TOKEN_USAGE: "token_usage",
   // State changes
   TARGET_SET: "target_set",
   PHASE_CHANGE: "phase_change",
@@ -1374,7 +1376,7 @@ const { chromium } = require('playwright');
 }
 
 // src/config/constants.ts
-var APP_VERSION = "0.2.3";
+var APP_VERSION = "0.2.5";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_API_KEY = process.env.PENTEST_API_KEY || process.env.ANTHROPIC_API_KEY || "";
 var LLM_BASE_URL = process.env.PENTEST_BASE_URL || void 0;
@@ -1732,6 +1734,183 @@ function getMCPManager() {
   return mcpManager;
 }
 
+// src/core/approval/approval-manager.ts
+import { EventEmitter as EventEmitter3 } from "events";
+var APPROVAL_EVENT = {
+  REQUEST: "approval_request",
+  RESPONSE: "approval_response",
+  TIMEOUT: "approval_timeout"
+};
+var CRITICAL_TOOLS = [
+  "execute_command",
+  "write_file",
+  "delete_file",
+  "modify_file",
+  "send_request",
+  "exploit_execute"
+];
+var HIGH_RISK_PATTERNS = [
+  /rm\s+-rf/i,
+  /mkfs/i,
+  /dd\s+if=/i,
+  /format/i,
+  /shutdown/i,
+  /reboot/i,
+  /kill\s+-9/i,
+  /pkill/i,
+  /iptables/i,
+  /ufw/i,
+  /firewall/i,
+  /passwd/i,
+  /useradd/i,
+  /userdel/i,
+  /chmod\s+777/i,
+  /chown/i,
+  /sudo/i,
+  /su\s+-/i,
+  /nc\s+-e/i,
+  /bash\s+-i/i,
+  /reverse.*shell/i,
+  /bind.*shell/i,
+  /meterpreter/i,
+  /mimikatz/i
+];
+function assessRisk(toolName, toolInput) {
+  const inputStr = JSON.stringify(toolInput).toLowerCase();
+  for (const pattern of HIGH_RISK_PATTERNS) {
+    if (pattern.test(inputStr)) {
+      return "critical";
+    }
+  }
+  if (CRITICAL_TOOLS.includes(toolName)) {
+    return "high";
+  }
+  if (toolName.includes("script") || toolName.includes("exec")) {
+    return "medium";
+  }
+  if (toolName.includes("scan") || toolName.includes("request")) {
+    return "medium";
+  }
+  return "low";
+}
+function generateRequestId() {
+  return `approval_${Date.now()}_${Math.random().toString(36).substring(2, 8)}`;
+}
+var ApprovalManager = class extends EventEmitter3 {
+  pendingRequests = /* @__PURE__ */ new Map();
+  autoApprovedTools = /* @__PURE__ */ new Set();
+  autoDeniedTools = /* @__PURE__ */ new Set();
+  yoloMode = false;
+  defaultTimeout = 6e4;
+  // 1 minute
+  constructor(options) {
+    super();
+    this.yoloMode = options?.yoloMode ?? false;
+    this.defaultTimeout = options?.timeout ?? 6e4;
+  }
+  /**
+   * Enable/disable YOLO mode (auto-approve everything)
+   */
+  setYoloMode(enabled) {
+    this.yoloMode = enabled;
+    this.emit("yolo_mode_changed", enabled);
+  }
+  /**
+   * Check if approval is required for a tool call
+   */
+  requiresApproval(toolName, toolInput) {
+    if (this.yoloMode) return false;
+    if (this.autoApprovedTools.has(toolName)) return false;
+    if (this.autoDeniedTools.has(toolName)) return true;
+    const risk = assessRisk(toolName, toolInput);
+    if (risk === "low") return false;
+    return true;
+  }
+  /**
+   * Request approval for a tool call
+   */
+  async requestApproval(toolName, toolInput, reason) {
+    if (this.autoDeniedTools.has(toolName)) {
+      return "deny";
+    }
+    if (this.autoApprovedTools.has(toolName)) {
+      return "approve";
+    }
+    const risk = assessRisk(toolName, toolInput);
+    const request = {
+      id: generateRequestId(),
+      toolName,
+      toolInput,
+      reason: reason || `Tool "${toolName}" requires approval (${risk} risk)`,
+      riskLevel: risk,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    this.pendingRequests.set(request.id, request);
+    this.emit(APPROVAL_EVENT.REQUEST, request);
+    return new Promise((resolve) => {
+      const timeout = setTimeout(() => {
+        this.pendingRequests.delete(request.id);
+        this.emit(APPROVAL_EVENT.TIMEOUT, request.id);
+        resolve("deny");
+      }, this.defaultTimeout);
+      const responseHandler = (response) => {
+        if (response.requestId === request.id) {
+          clearTimeout(timeout);
+          this.pendingRequests.delete(request.id);
+          this.removeListener(APPROVAL_EVENT.RESPONSE, responseHandler);
+          if (response.decision === "approve_always") {
+            this.autoApprovedTools.add(toolName);
+            resolve("approve");
+          } else if (response.decision === "deny_always") {
+            this.autoDeniedTools.add(toolName);
+            resolve("deny");
+          } else {
+            resolve(response.decision);
+          }
+        }
+      };
+      this.on(APPROVAL_EVENT.RESPONSE, responseHandler);
+    });
+  }
+  /**
+   * Respond to an approval request (called by UI)
+   */
+  respond(requestId, decision) {
+    const response = {
+      requestId,
+      decision,
+      respondedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    this.emit(APPROVAL_EVENT.RESPONSE, response);
+  }
+  /**
+   * Get pending requests
+   */
+  getPendingRequests() {
+    return Array.from(this.pendingRequests.values());
+  }
+  /**
+   * Get auto-approved tools
+   */
+  getAutoApprovedTools() {
+    return Array.from(this.autoApprovedTools);
+  }
+  /**
+   * Reset all auto decisions
+   */
+  resetAutoDecisions() {
+    this.autoApprovedTools.clear();
+    this.autoDeniedTools.clear();
+  }
+};
+var approvalManager = null;
+function getApprovalManager(options) {
+  if (!approvalManager) {
+    approvalManager = new ApprovalManager(options);
+  }
+  return approvalManager;
+}
+
 // src/core/tools/web-search.ts
 import { spawn as spawn4 } from "child_process";
 async function searchDuckDuckGo(query, options = {}) {
@@ -2959,7 +3138,7 @@ var DEFAULT_PHASES = [
   { id: PHASE_ID.EXFIL, name: "Data Exfiltration", shortName: "Exfil", status: PHASE_STATUS.PENDING, attempts: 0 },
   { id: PHASE_ID.REPORT, name: "Reporting", shortName: "Report", status: PHASE_STATUS.PENDING, attempts: 0 }
 ];
-var AutonomousHackingAgent = class extends EventEmitter3 {
+var AutonomousHackingAgent = class extends EventEmitter4 {
   client;
   state;
   config;
@@ -2970,6 +3149,13 @@ var AutonomousHackingAgent = class extends EventEmitter3 {
   hookExecutor;
   mcpManager;
   contextManager;
+  approvalManager;
+  // Token usage tracking
+  tokenUsage = {
+    input: 0,
+    output: 0,
+    total: 0
+  };
   // Rabbit hole detection settings
   STUCK_THRESHOLD = 5;
   // Same action repeat count
@@ -2988,6 +3174,7 @@ var AutonomousHackingAgent = class extends EventEmitter3 {
     this.hookExecutor = getHookExecutor();
     this.mcpManager = getMCPManager();
     this.contextManager = new ContextManager(this.client);
+    this.approvalManager = getApprovalManager({ yoloMode: config?.autoApprove });
     this.state = this.createInitialState();
     this.initSystems();
   }
@@ -3399,6 +3586,12 @@ Goal: Deep penetration to obtain root/system privileges, extract internal data,
         }
       }
     );
+    if (response.usage) {
+      this.tokenUsage.input += response.usage.input_tokens;
+      this.tokenUsage.output += response.usage.output_tokens;
+      this.tokenUsage.total = this.tokenUsage.input + this.tokenUsage.output;
+      this.emit(AGENT_EVENT.TOKEN_USAGE, this.tokenUsage);
+    }
     return this.processResponse(response);
   }
   buildContextPrompt() {
@@ -3457,6 +3650,29 @@ Use report_finding tool for important discoveries.
           this.think(THOUGHT_TYPE.STUCK, `Tool blocked by hook: ${hookCheck.output}`);
           continue;
         }
+        if (this.approvalManager.requiresApproval(toolName, toolInput)) {
+          const risk = assessRisk(toolName, toolInput);
+          this.emit(AGENT_EVENT.APPROVAL_NEEDED, {
+            id: block.id,
+            toolName,
+            toolInput,
+            riskLevel: risk
+          });
+          const decision = await this.approvalManager.requestApproval(
+            toolName,
+            toolInput,
+            `Executing ${toolName} (${risk} risk)`
+          );
+          if (decision === "deny") {
+            this.think(THOUGHT_TYPE.STUCK, `Tool denied by user: ${toolName}`);
+            this.emit(AGENT_EVENT.TOOL_RESULT, {
+              id: block.id,
+              name: toolName,
+              result: { success: false, output: "Denied by user" }
+            });
+            continue;
+          }
+        }
         const result = await executeToolCall(toolName, toolInput);
         await this.hookExecutor.runPostToolUse(toolName, result.output || "");
         const resultType = result.success ? "result" : "result";
@@ -3833,14 +4049,14 @@ Respond helpfully to the user's message. If they ask to perform security testing
 // src/core/session/session-manager.ts
 import * as fs3 from "fs/promises";
 import * as path3 from "path";
-import { EventEmitter as EventEmitter4 } from "events";
+import { EventEmitter as EventEmitter5 } from "events";
 var SESSIONS_DIR = ".pentesting/sessions";
 function generateSessionId() {
   const timestamp = Date.now().toString(36);
   const random = Math.random().toString(36).substring(2, 8);
   return `session_${timestamp}_${random}`;
 }
-var SessionManager = class extends EventEmitter4 {
+var SessionManager = class extends EventEmitter5 {
   sessionsDir;
   currentSession = null;
   constructor(baseDir) {
@@ -4015,183 +4231,6 @@ function getSessionManager() {
   return sessionManager;
 }
 
-// src/core/approval/approval-manager.ts
-import { EventEmitter as EventEmitter5 } from "events";
-var APPROVAL_EVENT = {
-  REQUEST: "approval_request",
-  RESPONSE: "approval_response",
-  TIMEOUT: "approval_timeout"
-};
-var CRITICAL_TOOLS = [
-  "execute_command",
-  "write_file",
-  "delete_file",
-  "modify_file",
-  "send_request",
-  "exploit_execute"
-];
-var HIGH_RISK_PATTERNS = [
-  /rm\s+-rf/i,
-  /mkfs/i,
-  /dd\s+if=/i,
-  /format/i,
-  /shutdown/i,
-  /reboot/i,
-  /kill\s+-9/i,
-  /pkill/i,
-  /iptables/i,
-  /ufw/i,
-  /firewall/i,
-  /passwd/i,
-  /useradd/i,
-  /userdel/i,
-  /chmod\s+777/i,
-  /chown/i,
-  /sudo/i,
-  /su\s+-/i,
-  /nc\s+-e/i,
-  /bash\s+-i/i,
-  /reverse.*shell/i,
-  /bind.*shell/i,
-  /meterpreter/i,
-  /mimikatz/i
-];
-function assessRisk(toolName, toolInput) {
-  const inputStr = JSON.stringify(toolInput).toLowerCase();
-  for (const pattern of HIGH_RISK_PATTERNS) {
-    if (pattern.test(inputStr)) {
-      return "critical";
-    }
-  }
-  if (CRITICAL_TOOLS.includes(toolName)) {
-    return "high";
-  }
-  if (toolName.includes("script") || toolName.includes("exec")) {
-    return "medium";
-  }
-  if (toolName.includes("scan") || toolName.includes("request")) {
-    return "medium";
-  }
-  return "low";
-}
-function generateRequestId() {
-  return `approval_${Date.now()}_${Math.random().toString(36).substring(2, 8)}`;
-}
-var ApprovalManager = class extends EventEmitter5 {
-  pendingRequests = /* @__PURE__ */ new Map();
-  autoApprovedTools = /* @__PURE__ */ new Set();
-  autoDeniedTools = /* @__PURE__ */ new Set();
-  yoloMode = false;
-  defaultTimeout = 6e4;
-  // 1 minute
-  constructor(options) {
-    super();
-    this.yoloMode = options?.yoloMode ?? false;
-    this.defaultTimeout = options?.timeout ?? 6e4;
-  }
-  /**
-   * Enable/disable YOLO mode (auto-approve everything)
-   */
-  setYoloMode(enabled) {
-    this.yoloMode = enabled;
-    this.emit("yolo_mode_changed", enabled);
-  }
-  /**
-   * Check if approval is required for a tool call
-   */
-  requiresApproval(toolName, toolInput) {
-    if (this.yoloMode) return false;
-    if (this.autoApprovedTools.has(toolName)) return false;
-    if (this.autoDeniedTools.has(toolName)) return true;
-    const risk = assessRisk(toolName, toolInput);
-    if (risk === "low") return false;
-    return true;
-  }
-  /**
-   * Request approval for a tool call
-   */
-  async requestApproval(toolName, toolInput, reason) {
-    if (this.autoDeniedTools.has(toolName)) {
-      return "deny";
-    }
-    if (this.autoApprovedTools.has(toolName)) {
-      return "approve";
-    }
-    const risk = assessRisk(toolName, toolInput);
-    const request = {
-      id: generateRequestId(),
-      toolName,
-      toolInput,
-      reason: reason || `Tool "${toolName}" requires approval (${risk} risk)`,
-      riskLevel: risk,
-      timestamp: (/* @__PURE__ */ new Date()).toISOString()
-    };
-    this.pendingRequests.set(request.id, request);
-    this.emit(APPROVAL_EVENT.REQUEST, request);
-    return new Promise((resolve) => {
-      const timeout = setTimeout(() => {
-        this.pendingRequests.delete(request.id);
-        this.emit(APPROVAL_EVENT.TIMEOUT, request.id);
-        resolve("deny");
-      }, this.defaultTimeout);
-      const responseHandler = (response) => {
-        if (response.requestId === request.id) {
-          clearTimeout(timeout);
-          this.pendingRequests.delete(request.id);
-          this.removeListener(APPROVAL_EVENT.RESPONSE, responseHandler);
-          if (response.decision === "approve_always") {
-            this.autoApprovedTools.add(toolName);
-            resolve("approve");
-          } else if (response.decision === "deny_always") {
-            this.autoDeniedTools.add(toolName);
-            resolve("deny");
-          } else {
-            resolve(response.decision);
-          }
-        }
-      };
-      this.on(APPROVAL_EVENT.RESPONSE, responseHandler);
-    });
-  }
-  /**
-   * Respond to an approval request (called by UI)
-   */
-  respond(requestId, decision) {
-    const response = {
-      requestId,
-      decision,
-      respondedAt: (/* @__PURE__ */ new Date()).toISOString()
-    };
-    this.emit(APPROVAL_EVENT.RESPONSE, response);
-  }
-  /**
-   * Get pending requests
-   */
-  getPendingRequests() {
-    return Array.from(this.pendingRequests.values());
-  }
-  /**
-   * Get auto-approved tools
-   */
-  getAutoApprovedTools() {
-    return Array.from(this.autoApprovedTools);
-  }
-  /**
-   * Reset all auto decisions
-   */
-  resetAutoDecisions() {
-    this.autoApprovedTools.clear();
-    this.autoDeniedTools.clear();
-  }
-};
-var approvalManager = null;
-function getApprovalManager(options) {
-  if (!approvalManager) {
-    approvalManager = new ApprovalManager(options);
-  }
-  return approvalManager;
-}
-
 // src/config/theme.ts
 var THEME = {
   // Primary backgrounds (dark purple tones)
@@ -4287,6 +4326,7 @@ var App = ({ autoApprove = false, target }) => {
   const [currentStatus, setCurrentStatus] = useState("");
   const [elapsedTime, setElapsedTime] = useState(0);
   const [pendingApproval, setPendingApproval] = useState(null);
+  const [tokenUsage, setTokenUsage] = useState({ input: 0, output: 0, total: 0 });
   const [agent] = useState(() => new AutonomousHackingAgent(void 0, { autoApprove }));
   const sessionManager2 = getSessionManager();
   const approvalManager2 = getApprovalManager({ yoloMode: autoApprove });
@@ -4350,6 +4390,18 @@ var App = ({ autoApprove = false, target }) => {
     agent.on(AGENT_EVENT.CONTEXT_COMPACTED, () => {
       addMessage(MESSAGE_TYPE.SYSTEM, "\u{1F4BE} Context compacted to save tokens");
     });
+    agent.on(AGENT_EVENT.TOKEN_USAGE, (usage) => {
+      setTokenUsage(usage);
+    });
+    agent.on(AGENT_EVENT.APPROVAL_NEEDED, (data) => {
+      setPendingApproval({
+        id: data.id,
+        toolName: data.toolName,
+        riskLevel: data.riskLevel
+      });
+      addMessage(MESSAGE_TYPE.SYSTEM, `\u26A0\uFE0F  APPROVAL NEEDED: ${data.toolName} (${data.riskLevel} risk)`);
+      addMessage(MESSAGE_TYPE.SYSTEM, "   Type /approve or /deny");
+    });
     agent.on(AGENT_EVENT.COMPLETE, () => {
       const duration = stopTimer();
       addMessage(MESSAGE_TYPE.SYSTEM, `\u2713 Complete (${duration}s)`);
@@ -4622,6 +4674,7 @@ var App = ({ autoApprove = false, target }) => {
         " findings \u2502",
         state.credentials.length,
         " creds \u2502",
+        tokenUsage.total > 0 && `${(tokenUsage.total / 1e3).toFixed(1)}k tokens \u2502`,
         state.currentPhase !== AGENT_STATUS.IDLE && ` ${state.currentPhase} \u2502`
       ] }),
       /* @__PURE__ */ jsxs(Text, { dimColor: true, children: [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.2.3",
+  "version": "0.2.5",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/index.js",