pentesting 0.24.0 → 0.24.1

package/dist/main.js

@@ -127,11 +127,16 @@ var AGENT_LIMITS = {
   /** ID radix for generation */
   ID_RADIX: 36,
   /** Maximum token budget for LLM response (matches LLM_LIMITS.streamMaxTokens) */
-  MAX_TOKENS: 32768,
+  MAX_TOKENS: 128e3,
   /** Maximum consecutive idle iterations before nudging agent (deadlock prevention) */
   MAX_CONSECUTIVE_IDLE: 3,
-  /** Maximum tool output length before truncation (context hygiene) */
-  MAX_TOOL_OUTPUT_LENGTH: 2e4,
+  /** Maximum tool output length before truncation (context hygiene)
+   *  WHY 200K: pentesting tools (linpeas, enum4linux, nmap -sV --script=*)
+   *  routinely produce 100K+ chars with critical findings scattered throughout.
+   *  Truncation loses data the agent can never recover.
+   *  Let the LLM see everything and summarize — it's what LLMs are good at.
+   */
+  MAX_TOOL_OUTPUT_LENGTH: 2e5,
   /** Max chars to include in blocked pattern tracking key (loop detection) */
   BLOCKED_PATTERN_KEY_SLICE: 80,
   /** Max chars of error text to include in web_search suggestion */
@@ -161,7 +166,7 @@ var INPUT_PROMPT_PATTERNS = [
   /\(Y\/n\)/i
 ];
 
-// src/shared/constants/exit-codes.ts
+// src/shared/constants/system.ts
 var EXIT_CODES = {
   /** Successful execution */
   SUCCESS: 0,
@@ -178,12 +183,110 @@ var EXIT_CODES = {
   /** Process killed by SIGKILL */
   SIGKILL: 137
 };
+var PROCESS_ROLES = {
+  LISTENER: "listener",
+  ACTIVE_SHELL: "active_shell",
+  SERVER: "server",
+  SNIFFER: "sniffer",
+  SPOOFER: "spoofer",
+  CALLBACK: "callback",
+  PROXY: "proxy",
+  BACKGROUND: "background"
+};
+var PROCESS_ICONS = {
+  [PROCESS_ROLES.LISTENER]: "[LISTENER]",
+  [PROCESS_ROLES.ACTIVE_SHELL]: "[SHELL]",
+  [PROCESS_ROLES.SERVER]: "[SERVER]",
+  [PROCESS_ROLES.SNIFFER]: "[SNIFFER]",
+  [PROCESS_ROLES.SPOOFER]: "[SPOOFER]",
+  [PROCESS_ROLES.CALLBACK]: "[CALLBACK]",
+  [PROCESS_ROLES.PROXY]: "[PROXY]",
+  [PROCESS_ROLES.BACKGROUND]: "[BG]"
+};
+var STATUS_MARKERS = {
+  RUNNING: "[RUNNING]",
+  STOPPED: "[STOPPED]",
+  WARNING: "[WARNING]",
+  INTERACTIVE: "[INTERACTIVE]",
+  EXITED: "[EXITED]"
+};
+var PROCESS_EVENTS = {
+  STARTED: "started",
+  CONNECTION_DETECTED: "connection_detected",
+  ROLE_CHANGED: "role_changed",
+  COMMAND_SENT: "command_sent",
+  STOPPED: "stopped",
+  DIED: "died",
+  ZOMBIE_CLEANED: "zombie_cleaned"
+};
+var SYSTEM_LIMITS = {
+  /** Maximum wait time for interactive shell responses (10 seconds) */
+  MAX_WAIT_MS_INTERACT: 1e4,
+  /** Default wait time for interactive shell responses (2 seconds) */
+  DEFAULT_WAIT_MS_INTERACT: 2e3,
+  /** Maximum characters for process description */
+  MAX_DESCRIPTION_LENGTH: 80,
+  /** Maximum characters for stored command string */
+  MAX_COMMAND_LENGTH: 200,
+  /** Maximum characters to show from stdout
+   *  WHY 50K: background processes (linpeas, scans, shells) produce large
+   *  output with findings scattered throughout. Let the LLM see it all. */
+  MAX_STDOUT_SLICE: 5e4,
+  /** Maximum characters to show from stderr */
+  MAX_STDERR_SLICE: 5e3,
+  /** Maximum characters for error detail messages */
+  MAX_ERROR_DETAIL_SLICE: 2e3,
+  /** Maximum characters for input prompt previews */
+  MAX_PROMPT_PREVIEW: 50,
+  /** Maximum characters for input snippets in logs */
+  MAX_INPUT_SLICE: 100,
+  /** Maximum events to keep in process event log */
+  MAX_EVENT_LOG: 30,
+  /** Wait time for child PID discovery via pgrep */
+  CHILD_PID_DISCOVERY_MS: 500,
+  /** Wait time between SIGTERM and SIGKILL during graceful shutdown */
+  SHUTDOWN_WAIT_MS: 500,
+  /** Wait time between process cleanup batches */
+  CLEANUP_BATCH_WAIT_MS: 300,
+  /** Timeout for pgrep and pkill operations */
+  PROCESS_OP_TIMEOUT_MS: 2e3,
+  /** Port range for web services (development servers) */
+  WEB_PORT_RANGE: { MIN: 8e3, MAX: 9e3 },
+  /** Port range for API services */
+  API_PORT_RANGE: { MIN: 3e3, MAX: 3500 }
+};
+var DETECTION_PATTERNS = {
+  LISTENER: /-(?:lvnp|nlvp|lp|p)\s+(\d+)/,
+  HTTP_SERVER: /(?:http\.server|SimpleHTTPServer)\s+(\d+)/,
+  GENERIC_PORT: /-(?:p|port|S)\s+(?:\S+:)?(\d+)/,
+  CONNECTION: [
+    /connection\s+from/i,
+    /connect\s+to/i,
+    /\$\s*$/m,
+    /#\s*$/m,
+    /bash-\d/i,
+    /sh-\d/i,
+    /www-data/i
+  ]
+};
+var ORPHAN_PROCESS_NAMES = [
+  "arpspoof",
+  "ettercap",
+  "mitmdump",
+  "mitmproxy",
+  "dnsspoof",
+  "tcpdump",
+  "tshark",
+  "socat",
+  "nc",
+  "python"
+];
 
 // src/shared/constants/agent.ts
 var ID_LENGTH = AGENT_LIMITS.ID_LENGTH;
 var ID_RADIX = AGENT_LIMITS.ID_RADIX;
 var APP_NAME = "Pentest AI";
-var APP_VERSION = "0.24.0";
+var APP_VERSION = "0.24.1";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -499,104 +602,6 @@ function ensureDirExists(dirPath) {
   }
 }
 
-// src/shared/constants/system.ts
-var PROCESS_ROLES = {
-  LISTENER: "listener",
-  ACTIVE_SHELL: "active_shell",
-  SERVER: "server",
-  SNIFFER: "sniffer",
-  SPOOFER: "spoofer",
-  CALLBACK: "callback",
-  PROXY: "proxy",
-  BACKGROUND: "background"
-};
-var PROCESS_ICONS = {
-  [PROCESS_ROLES.LISTENER]: "[LISTENER]",
-  [PROCESS_ROLES.ACTIVE_SHELL]: "[SHELL]",
-  [PROCESS_ROLES.SERVER]: "[SERVER]",
-  [PROCESS_ROLES.SNIFFER]: "[SNIFFER]",
-  [PROCESS_ROLES.SPOOFER]: "[SPOOFER]",
-  [PROCESS_ROLES.CALLBACK]: "[CALLBACK]",
-  [PROCESS_ROLES.PROXY]: "[PROXY]",
-  [PROCESS_ROLES.BACKGROUND]: "[BG]"
-};
-var STATUS_MARKERS = {
-  RUNNING: "[RUNNING]",
-  STOPPED: "[STOPPED]",
-  WARNING: "[WARNING]",
-  INTERACTIVE: "[INTERACTIVE]",
-  EXITED: "[EXITED]"
-};
-var PROCESS_EVENTS = {
-  STARTED: "started",
-  CONNECTION_DETECTED: "connection_detected",
-  ROLE_CHANGED: "role_changed",
-  COMMAND_SENT: "command_sent",
-  STOPPED: "stopped",
-  DIED: "died",
-  ZOMBIE_CLEANED: "zombie_cleaned"
-};
-var SYSTEM_LIMITS = {
-  /** Maximum wait time for interactive shell responses (10 seconds) */
-  MAX_WAIT_MS_INTERACT: 1e4,
-  /** Default wait time for interactive shell responses (2 seconds) */
-  DEFAULT_WAIT_MS_INTERACT: 2e3,
-  /** Maximum characters for process description */
-  MAX_DESCRIPTION_LENGTH: 80,
-  /** Maximum characters for stored command string */
-  MAX_COMMAND_LENGTH: 200,
-  /** Maximum characters to show from stdout */
-  MAX_STDOUT_SLICE: 3e3,
-  /** Maximum characters to show from stderr */
-  MAX_STDERR_SLICE: 500,
-  /** Maximum characters for error detail messages */
-  MAX_ERROR_DETAIL_SLICE: 200,
-  /** Maximum characters for input prompt previews */
-  MAX_PROMPT_PREVIEW: 50,
-  /** Maximum characters for input snippets in logs */
-  MAX_INPUT_SLICE: 100,
-  /** Maximum events to keep in process event log */
-  MAX_EVENT_LOG: 30,
-  /** Wait time for child PID discovery via pgrep */
-  CHILD_PID_DISCOVERY_MS: 500,
-  /** Wait time between SIGTERM and SIGKILL during graceful shutdown */
-  SHUTDOWN_WAIT_MS: 500,
-  /** Wait time between process cleanup batches */
-  CLEANUP_BATCH_WAIT_MS: 300,
-  /** Timeout for pgrep and pkill operations */
-  PROCESS_OP_TIMEOUT_MS: 2e3,
-  /** Port range for web services (development servers) */
-  WEB_PORT_RANGE: { MIN: 8e3, MAX: 9e3 },
-  /** Port range for API services */
-  API_PORT_RANGE: { MIN: 3e3, MAX: 3500 }
-};
-var DETECTION_PATTERNS = {
-  LISTENER: /-(?:lvnp|nlvp|lp|p)\s+(\d+)/,
-  HTTP_SERVER: /(?:http\.server|SimpleHTTPServer)\s+(\d+)/,
-  GENERIC_PORT: /-(?:p|port|S)\s+(?:\S+:)?(\d+)/,
-  CONNECTION: [
-    /connection\s+from/i,
-    /connect\s+to/i,
-    /\$\s*$/m,
-    /#\s*$/m,
-    /bash-\d/i,
-    /sh-\d/i,
-    /www-data/i
-  ]
-};
-var ORPHAN_PROCESS_NAMES = [
-  "arpspoof",
-  "ettercap",
-  "mitmdump",
-  "mitmproxy",
-  "dnsspoof",
-  "tcpdump",
-  "tshark",
-  "socat",
-  "nc",
-  "python"
-];
-
 // src/shared/utils/command-security-lists.ts
 var ALLOWED_BINARIES = /* @__PURE__ */ new Set([
   // Network scanning
@@ -5496,7 +5501,7 @@ var ZombieHunter = class {
 
 // src/shared/constants/orchestrator.ts
 var GRACEFUL_SHUTDOWN_WAIT_MS = 200;
-var PROCESS_OUTPUT_TRUNCATION_LIMIT = 500;
+var PROCESS_OUTPUT_TRUNCATION_LIMIT = 1e4;
 var MS_PER_MINUTE = 6e4;
 var LONG_RUNNING_THRESHOLD_MS = 5 * MS_PER_MINUTE;
 var VERY_LONG_RUNNING_THRESHOLD_MS = 15 * MS_PER_MINUTE;
@@ -6167,8 +6172,12 @@ var RETRY_CONFIG = {
   // Initial delay for rate limit retry (exponential backoff)
 };
 var LLM_LIMITS = {
-  nonStreamMaxTokens: 16384,
-  streamMaxTokens: 32768,
+  /** WHY 64K: non-streaming calls (orchestrator, summaries) benefit from
+   *  generous output budgets. Don't force premature truncation. */
+  nonStreamMaxTokens: 65536,
+  /** WHY 128K: streaming calls are the main agent loop. Max out so the LLM
+   *  can produce full analysis, tool calls, and reasoning without cutoff. */
+  streamMaxTokens: 128e3,
   /** WHY: ~3.5 chars/token is a reasonable average for mixed English/CJK content */
   charsPerTokenEstimate: 3.5
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.24.0",
+  "version": "0.24.1",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/main.js",