pentesting 0.3.1 → 0.3.2

package/dist/index.js

@@ -1,4 +1,10 @@
 #!/usr/bin/env node
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
 
 // src/index.tsx
 import { render } from "ink";
@@ -6,7 +12,7 @@ import { Command } from "commander";
 
 // src/cli/app.tsx
 import { useState, useEffect, useCallback, useRef } from "react";
-import { Box, Text, useInput, useApp, Static } from "ink";
+import { Box as Box2, Text as Text2, useInput, useApp, Static } from "ink";
 import TextInput from "ink-text-input";
 import Spinner from "ink-spinner";
 
@@ -1194,7 +1200,7 @@ async function executeMetasploit(input) {
   return executeBash(`msfconsole -q -x "${command}; exit"`, { timeout: 3e5 });
 }
 async function generatePayload(input) {
-  const { payload_type, lhost, lport, platform, format, encoder, output } = input;
+  const { payload_type, lhost, lport, platform: platform2, format, encoder, output } = input;
   const payloads = {
     windows: {
       reverse_tcp: "windows/meterpreter/reverse_tcp",
@@ -1213,7 +1219,7 @@ async function generatePayload(input) {
       reverse_tcp: "python/meterpreter/reverse_tcp"
     }
   };
-  const payloadName = payloads[platform]?.[payload_type] || `${platform}/meterpreter/reverse_tcp`;
+  const payloadName = payloads[platform2]?.[payload_type] || `${platform2}/meterpreter/reverse_tcp`;
   let cmd = `msfvenom -p ${payloadName} LHOST=${lhost} LPORT=${lport}`;
   if (format) cmd += ` -f ${format}`;
   if (encoder) cmd += ` -e ${encoder}`;
@@ -1376,7 +1382,7 @@ const { chromium } = require('playwright');
 }
 
 // src/config/constants.ts
-var APP_VERSION = "0.3.1";
+var APP_VERSION = "0.3.2";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_API_KEY = process.env.PENTEST_API_KEY || process.env.ANTHROPIC_API_KEY || "";
 var LLM_BASE_URL = process.env.PENTEST_BASE_URL || void 0;
@@ -4327,6 +4333,499 @@ function getSlashCommandRegistry() {
   return registry;
 }
 
+// src/core/context/context-manager.ts
+import { existsSync, mkdirSync, readFileSync, writeFileSync, renameSync } from "fs";
+import { join as join3, dirname as dirname2 } from "path";
+import { EventEmitter as EventEmitter6 } from "events";
+var CONTEXT_EVENT = {
+  MESSAGE_ADDED: "message_added",
+  CHECKPOINT_CREATED: "checkpoint_created",
+  REVERTED: "reverted",
+  CLEARED: "cleared",
+  COMPACTED: "compacted"
+};
+var ContextManager2 = class extends EventEmitter6 {
+  filePath;
+  state;
+  maxMessages;
+  constructor(sessionDir, options) {
+    super();
+    this.filePath = join3(sessionDir, "context.jsonl");
+    this.maxMessages = options?.maxMessages || 100;
+    this.state = {
+      messages: [],
+      checkpoints: [],
+      tokenCount: 0,
+      nextCheckpointId: 0
+    };
+    const dir = dirname2(this.filePath);
+    if (!existsSync(dir)) {
+      mkdirSync(dir, { recursive: true });
+    }
+  }
+  /**
+   * Restore context from file
+   */
+  async restore() {
+    if (!existsSync(this.filePath)) {
+      return false;
+    }
+    try {
+      const content = readFileSync(this.filePath, "utf-8");
+      const lines = content.trim().split("\n").filter((l) => l);
+      for (const line of lines) {
+        const data = JSON.parse(line);
+        if (data.role === "_checkpoint") {
+          this.state.checkpoints.push({
+            id: data.id,
+            timestamp: data.timestamp,
+            messageCount: data.messageCount,
+            description: data.description
+          });
+          this.state.nextCheckpointId = Math.max(this.state.nextCheckpointId, data.id + 1);
+        } else if (data.role === "_usage") {
+          this.state.tokenCount = data.tokenCount;
+        } else {
+          this.state.messages.push(data);
+        }
+      }
+      return this.state.messages.length > 0;
+    } catch (error) {
+      console.error("Failed to restore context:", error);
+      return false;
+    }
+  }
+  /**
+   * Get conversation history
+   */
+  getHistory() {
+    return [...this.state.messages];
+  }
+  /**
+   * Get checkpoints
+   */
+  getCheckpoints() {
+    return [...this.state.checkpoints];
+  }
+  /**
+   * Add a message to context
+   */
+  async addMessage(message) {
+    const msg = {
+      ...message,
+      timestamp: Date.now()
+    };
+    this.state.messages.push(msg);
+    await this.appendToFile(msg);
+    this.emit(CONTEXT_EVENT.MESSAGE_ADDED, msg);
+  }
+  /**
+   * Create a checkpoint
+   */
+  async checkpoint(description) {
+    const checkpoint = {
+      id: this.state.nextCheckpointId++,
+      timestamp: Date.now(),
+      messageCount: this.state.messages.length,
+      description
+    };
+    this.state.checkpoints.push(checkpoint);
+    await this.appendToFile({
+      role: "_checkpoint",
+      ...checkpoint
+    });
+    this.emit(CONTEXT_EVENT.CHECKPOINT_CREATED, checkpoint);
+    return checkpoint;
+  }
+  /**
+   * Revert to a specific checkpoint
+   */
+  async revertTo(checkpointId) {
+    const checkpoint = this.state.checkpoints.find((c) => c.id === checkpointId);
+    if (!checkpoint) {
+      return false;
+    }
+    const backupPath = `${this.filePath}.bak`;
+    if (existsSync(this.filePath)) {
+      renameSync(this.filePath, backupPath);
+    }
+    this.state.messages = this.state.messages.slice(0, checkpoint.messageCount);
+    this.state.checkpoints = this.state.checkpoints.filter((c) => c.id < checkpointId);
+    await this.rewriteFile();
+    this.emit(CONTEXT_EVENT.REVERTED, checkpointId);
+    return true;
+  }
+  /**
+   * Undo last checkpoint (go back one step)
+   */
+  async undo() {
+    if (this.state.checkpoints.length === 0) {
+      return false;
+    }
+    const lastCheckpoint = this.state.checkpoints[this.state.checkpoints.length - 1];
+    return this.revertTo(lastCheckpoint.id);
+  }
+  /**
+   * Clear all context
+   */
+  async clear() {
+    const backupPath = `${this.filePath}.${Date.now()}.bak`;
+    if (existsSync(this.filePath)) {
+      renameSync(this.filePath, backupPath);
+    }
+    this.state = {
+      messages: [],
+      checkpoints: [],
+      tokenCount: 0,
+      nextCheckpointId: 0
+    };
+    this.emit(CONTEXT_EVENT.CLEARED);
+  }
+  /**
+   * Update token count
+   */
+  async updateTokenCount(count) {
+    this.state.tokenCount = count;
+    await this.appendToFile({ role: "_usage", tokenCount: count });
+  }
+  /**
+   * Get token count
+   */
+  getTokenCount() {
+    return this.state.tokenCount;
+  }
+  /**
+   * Check if context needs compaction
+   */
+  needsCompaction(maxTokens, reservedTokens = 5e4) {
+    return this.state.tokenCount + reservedTokens >= maxTokens;
+  }
+  /**
+   * Compact context (keep last N messages, summarize rest)
+   */
+  async compact(summary, keepLast = 2) {
+    if (this.state.messages.length <= keepLast) {
+      return;
+    }
+    const preserved = this.state.messages.slice(-keepLast);
+    const summaryMessage = {
+      role: "system",
+      content: `[Context Compacted]
+
+Previous conversation summary:
+${summary}`,
+      timestamp: Date.now(),
+      metadata: { compacted: true }
+    };
+    const backupPath = `${this.filePath}.compact.bak`;
+    if (existsSync(this.filePath)) {
+      renameSync(this.filePath, backupPath);
+    }
+    this.state.messages = [summaryMessage, ...preserved];
+    this.state.checkpoints = [];
+    this.state.nextCheckpointId = 0;
+    await this.rewriteFile();
+    this.emit(CONTEXT_EVENT.COMPACTED, { summary, preserved: preserved.length });
+  }
+  async appendToFile(data) {
+    const line = JSON.stringify(data) + "\n";
+    const { appendFileSync: appendFileSync2 } = await import("fs");
+    appendFileSync2(this.filePath, line, "utf-8");
+  }
+  async rewriteFile() {
+    let content = "";
+    for (const msg of this.state.messages) {
+      content += JSON.stringify(msg) + "\n";
+    }
+    for (const cp of this.state.checkpoints) {
+      content += JSON.stringify({ role: "_checkpoint", ...cp }) + "\n";
+    }
+    if (this.state.tokenCount > 0) {
+      content += JSON.stringify({ role: "_usage", tokenCount: this.state.tokenCount }) + "\n";
+    }
+    writeFileSync(this.filePath, content, "utf-8");
+  }
+};
+
+// src/wire/wire-logger.ts
+import { existsSync as existsSync2, appendFileSync, readFileSync as readFileSync2, mkdirSync as mkdirSync2 } from "fs";
+import { join as join4, dirname as dirname3 } from "path";
+var WireFile = class {
+  filePath;
+  sequence = 0;
+  constructor(sessionDir) {
+    this.filePath = join4(sessionDir, "wire.jsonl");
+    const dir = dirname3(this.filePath);
+    if (!existsSync2(dir)) {
+      mkdirSync2(dir, { recursive: true });
+    }
+    if (existsSync2(this.filePath)) {
+      try {
+        const content = readFileSync2(this.filePath, "utf-8");
+        this.sequence = content.trim().split("\n").filter((l) => l).length;
+      } catch {
+        this.sequence = 0;
+      }
+    }
+  }
+  /**
+   * Write a message to the wire log
+   */
+  write(message) {
+    const record = {
+      sequence: this.sequence++,
+      message: {
+        ...message,
+        timestamp: Date.now()
+      }
+    };
+    const line = JSON.stringify(record) + "\n";
+    appendFileSync(this.filePath, line, "utf-8");
+    return record;
+  }
+  /**
+   * Read all records from the wire log
+   */
+  async *readRecords() {
+    if (!existsSync2(this.filePath)) {
+      return;
+    }
+    const content = readFileSync2(this.filePath, "utf-8");
+    const lines = content.trim().split("\n").filter((l) => l);
+    for (const line of lines) {
+      try {
+        yield JSON.parse(line);
+      } catch {
+      }
+    }
+  }
+  /**
+   * Check if wire file is empty
+   */
+  isEmpty() {
+    if (!existsSync2(this.filePath)) {
+      return true;
+    }
+    try {
+      const content = readFileSync2(this.filePath, "utf-8");
+      return content.trim().length === 0;
+    } catch {
+      return true;
+    }
+  }
+  /**
+   * Get file path
+   */
+  getPath() {
+    return this.filePath;
+  }
+};
+var WireLogger = class {
+  wire;
+  sessionId;
+  constructor(sessionDir, sessionId) {
+    this.wire = new WireFile(sessionDir);
+    this.sessionId = sessionId;
+  }
+  turnBegin(userInput) {
+    this.wire.write({
+      type: "turn_begin",
+      sessionId: this.sessionId,
+      data: { userInput }
+    });
+  }
+  turnEnd() {
+    this.wire.write({
+      type: "turn_end",
+      sessionId: this.sessionId,
+      data: {}
+    });
+  }
+  stepBegin(stepId) {
+    this.wire.write({
+      type: "step_begin",
+      sessionId: this.sessionId,
+      data: { stepId }
+    });
+  }
+  stepEnd(stepId) {
+    this.wire.write({
+      type: "step_end",
+      sessionId: this.sessionId,
+      data: { stepId }
+    });
+  }
+  contentPart(content, isThinking = false) {
+    this.wire.write({
+      type: "content_part",
+      sessionId: this.sessionId,
+      data: { content, isThinking }
+    });
+  }
+  toolCall(toolId, toolName, args) {
+    this.wire.write({
+      type: "tool_call",
+      sessionId: this.sessionId,
+      data: { toolId, toolName, args }
+    });
+  }
+  toolResult(toolId, result, isError = false) {
+    this.wire.write({
+      type: "tool_result",
+      sessionId: this.sessionId,
+      data: { toolId, result, isError }
+    });
+  }
+  approvalRequest(id, toolName, riskLevel) {
+    this.wire.write({
+      type: "approval_request",
+      sessionId: this.sessionId,
+      data: { id, toolName, riskLevel }
+    });
+  }
+  approvalResponse(id, decision) {
+    this.wire.write({
+      type: "approval_response",
+      sessionId: this.sessionId,
+      data: { id, decision }
+    });
+  }
+  statusUpdate(data) {
+    this.wire.write({
+      type: "status_update",
+      sessionId: this.sessionId,
+      data
+    });
+  }
+  error(message, stack) {
+    this.wire.write({
+      type: "error",
+      sessionId: this.sessionId,
+      data: { message, stack }
+    });
+  }
+};
+var wireLogger = null;
+function initWireLogger(sessionDir, sessionId) {
+  wireLogger = new WireLogger(sessionDir, sessionId);
+  return wireLogger;
+}
+
+// src/utils/clipboard.ts
+import { execSync } from "child_process";
+import { platform } from "os";
+import { existsSync as existsSync3, readFileSync as readFileSync3, unlinkSync as unlinkSync2 } from "fs";
+import { join as join5 } from "path";
+import { tmpdir } from "os";
+function readClipboardText() {
+  const os = platform();
+  try {
+    if (os === "darwin") {
+      return execSync("pbpaste", { encoding: "utf-8" });
+    } else if (os === "linux") {
+      try {
+        return execSync("xclip -selection clipboard -o", { encoding: "utf-8" });
+      } catch {
+        return execSync("xsel --clipboard --output", { encoding: "utf-8" });
+      }
+    } else if (os === "win32") {
+      return execSync('powershell -command "Get-Clipboard"', { encoding: "utf-8" });
+    }
+  } catch (error) {
+    console.error("Failed to read clipboard:", error);
+    return null;
+  }
+  return null;
+}
+function readClipboardImage() {
+  const os = platform();
+  const tmpPath = join5(tmpdir(), `clipboard-${Date.now()}.png`);
+  try {
+    if (os === "darwin") {
+      const script = `
+                set saveFile to POSIX file "${tmpPath}"
+                try
+                    set imageData to the clipboard as \xABclass PNGf\xBB
+                    set fileRef to open for access saveFile with write permission
+                    write imageData to fileRef
+                    close access fileRef
+                    return "success"
+                on error
+                    return "no image"
+                end try
+            `;
+      const result = execSync(`osascript -e '${script}'`, { encoding: "utf-8" }).trim();
+      if (result === "success" && existsSync3(tmpPath)) {
+        const imageBuffer = readFileSync3(tmpPath);
+        const base64 = imageBuffer.toString("base64");
+        return { path: tmpPath, base64 };
+      }
+    } else if (os === "linux") {
+      try {
+        execSync(`xclip -selection clipboard -t image/png -o > "${tmpPath}"`, {
+          encoding: "utf-8",
+          shell: "/bin/bash"
+        });
+        if (existsSync3(tmpPath)) {
+          const stats = __require("fs").statSync(tmpPath);
+          if (stats.size > 0) {
+            const imageBuffer = readFileSync3(tmpPath);
+            const base64 = imageBuffer.toString("base64");
+            return { path: tmpPath, base64 };
+          }
+        }
+      } catch {
+      }
+    } else if (os === "win32") {
+      const script = `
+                Add-Type -AssemblyName System.Windows.Forms
+                $img = [System.Windows.Forms.Clipboard]::GetImage()
+                if ($img -ne $null) {
+                    $img.Save("${tmpPath.replace(/\\/g, "\\\\")}")
+                    Write-Output "success"
+                } else {
+                    Write-Output "no image"
+                }
+            `;
+      const result = execSync(`powershell -command "${script}"`, { encoding: "utf-8" }).trim();
+      if (result === "success" && existsSync3(tmpPath)) {
+        const imageBuffer = readFileSync3(tmpPath);
+        const base64 = imageBuffer.toString("base64");
+        return { path: tmpPath, base64 };
+      }
+    }
+  } catch (error) {
+    console.error("Failed to read clipboard image:", error);
+  }
+  if (existsSync3(tmpPath)) {
+    try {
+      unlinkSync2(tmpPath);
+    } catch {
+    }
+  }
+  return null;
+}
+function hasClipboardImage() {
+  const os = platform();
+  try {
+    if (os === "darwin") {
+      const result = execSync(
+        `osascript -e 'try' -e 'the clipboard as \xABclass PNGf\xBB' -e 'return "yes"' -e 'on error' -e 'return "no"' -e 'end try'`,
+        { encoding: "utf-8" }
+      ).trim();
+      return result === "yes";
+    } else if (os === "linux") {
+      const result = execSync("xclip -selection clipboard -t TARGETS -o", {
+        encoding: "utf-8"
+      });
+      return result.includes("image/png") || result.includes("image/jpeg");
+    }
+  } catch {
+    return false;
+  }
+  return false;
+}
+
 // src/config/theme.ts
 var THEME = {
   // Primary backgrounds (dark purple tones)
@@ -4444,8 +4943,68 @@ var ASCII_BANNER = `
  \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D
 `;
 
-// src/cli/app.tsx
+// src/cli/components/rich-display.tsx
+import { Box, Text } from "ink";
 import { jsx, jsxs } from "react/jsx-runtime";
+var SeverityBadge = ({ severity }) => {
+  const colors = {
+    critical: THEME.semantic.critical,
+    high: THEME.semantic.high,
+    medium: THEME.semantic.medium,
+    low: THEME.semantic.low,
+    info: THEME.semantic.info
+  };
+  return /* @__PURE__ */ jsxs(Text, { color: colors[severity], bold: true, children: [
+    "\u25CF ",
+    severity.toUpperCase()
+  ] });
+};
+var FindingDisplay = ({ block }) => {
+  const severityColors = {
+    critical: THEME.semantic.critical,
+    high: THEME.semantic.high,
+    medium: THEME.semantic.medium,
+    low: THEME.semantic.low,
+    info: THEME.semantic.info
+  };
+  return /* @__PURE__ */ jsxs(
+    Box,
+    {
+      flexDirection: "column",
+      borderStyle: "double",
+      borderColor: severityColors[block.severity],
+      paddingX: 1,
+      children: [
+        /* @__PURE__ */ jsxs(Box, { children: [
+          /* @__PURE__ */ jsx(SeverityBadge, { severity: block.severity }),
+          /* @__PURE__ */ jsxs(Text, { color: THEME.text.primary, bold: true, children: [
+            " ",
+            block.title
+          ] }),
+          block.cve && /* @__PURE__ */ jsxs(Text, { color: THEME.text.muted, children: [
+            " (",
+            block.cve,
+            ")"
+          ] })
+        ] }),
+        /* @__PURE__ */ jsx(Box, { marginTop: 1, flexDirection: "column", children: /* @__PURE__ */ jsx(Text, { color: THEME.text.secondary, children: block.description }) }),
+        block.evidence && /* @__PURE__ */ jsxs(Box, { marginTop: 1, flexDirection: "column", children: [
+          /* @__PURE__ */ jsx(Text, { color: THEME.accent.cyan, bold: true, children: "Evidence:" }),
+          /* @__PURE__ */ jsx(Text, { color: THEME.text.muted, children: block.evidence })
+        ] }),
+        block.recommendation && /* @__PURE__ */ jsxs(Box, { marginTop: 1, flexDirection: "column", children: [
+          /* @__PURE__ */ jsx(Text, { color: THEME.accent.green, bold: true, children: "Recommendation:" }),
+          /* @__PURE__ */ jsx(Text, { color: THEME.text.secondary, children: block.recommendation })
+        ] })
+      ]
+    }
+  );
+};
+
+// src/cli/app.tsx
+import { homedir } from "os";
+import { join as join6 } from "path";
+import { jsx as jsx2, jsxs as jsxs2 } from "react/jsx-runtime";
 var App = ({ autoApprove = false, target }) => {
   const { exit } = useApp();
   const [messages, setMessages] = useState([]);
@@ -4458,9 +5017,23 @@ var App = ({ autoApprove = false, target }) => {
   const [tokenUsage, setTokenUsage] = useState({ input: 0, output: 0, total: 0 });
   const [showCommandHints, setShowCommandHints] = useState(false);
   const [mode, setMode] = useState("agent");
+  const [checkpointCount, setCheckpointCount] = useState(0);
   const [agent] = useState(() => new AutonomousHackingAgent(void 0, { autoApprove }));
   const sessionManager2 = getSessionManager();
   const approvalManager2 = getApprovalManager({ yoloMode: autoApprove });
+  const sessionDirRef = useRef(join6(homedir(), ".pentest", "sessions", `session-${Date.now()}`));
+  const contextManagerRef = useRef(null);
+  const wireLoggerRef = useRef(null);
+  useEffect(() => {
+    const sessionId = `session-${Date.now()}`;
+    contextManagerRef.current = new ContextManager2(sessionDirRef.current);
+    wireLoggerRef.current = initWireLogger(sessionDirRef.current, sessionId);
+    contextManagerRef.current.restore().then((restored) => {
+      if (restored) {
+        setCheckpointCount(contextManagerRef.current?.getCheckpoints().length || 0);
+      }
+    });
+  }, []);
   const startTimeRef = useRef(0);
   const timerRef = useRef(null);
   const addMessage = useCallback((type, content, duration) => {
@@ -4498,31 +5071,39 @@ var App = ({ autoApprove = false, target }) => {
     }
     agent.on(AGENT_EVENT.THOUGHT, (thought) => {
       setCurrentStatus(thought.content.slice(0, 60));
+      wireLoggerRef.current?.contentPart(thought.content, thought.type === "thinking");
     });
     agent.on(AGENT_EVENT.TOOL_CALL, (data) => {
       const args = Object.entries(data.input).slice(0, 2).map(([k, v]) => `${k}=${typeof v === "string" ? v.slice(0, 30) : "..."}`).join(" ");
       setCurrentStatus(`Running ${data.name}...`);
       addMessage(MESSAGE_TYPE.TOOL, `\u25B6 ${data.name} ${args}`);
+      wireLoggerRef.current?.toolCall(data.id, data.name, data.input);
     });
     agent.on(AGENT_EVENT.TOOL_RESULT, (data) => {
       const icon = data.result.success ? "\u2713" : "\u2717";
       const preview = data.result.output?.slice(0, 100).replace(/\n/g, " ") || "";
       addMessage(MESSAGE_TYPE.RESULT, `${icon} ${preview}`);
+      wireLoggerRef.current?.toolResult(data.id, data.result, !data.result.success);
     });
     agent.on(AGENT_EVENT.ITERATION, (data) => {
       setCurrentStatus(`Phase: ${data.phase} (iteration ${data.current})`);
+      wireLoggerRef.current?.stepBegin(data.current);
     });
     agent.on(AGENT_EVENT.FINDING, (finding) => {
       addMessage(MESSAGE_TYPE.SYSTEM, `\u{1F3AF} [${finding.severity.toUpperCase()}] ${finding.title}`);
+      wireLoggerRef.current?.statusUpdate({ event: "finding", ...finding });
     });
     agent.on(AGENT_EVENT.PHASE_CHANGE, (data) => {
       addMessage(MESSAGE_TYPE.SYSTEM, `\u{1F4CD} Phase: ${data.phaseId}`);
+      wireLoggerRef.current?.statusUpdate({ event: "phase_change", phase: data.phaseId });
     });
     agent.on(AGENT_EVENT.CONTEXT_COMPACTED, () => {
       addMessage(MESSAGE_TYPE.SYSTEM, "\u{1F4BE} Context compacted to save tokens");
+      wireLoggerRef.current?.statusUpdate({ event: "context_compacted" });
     });
     agent.on(AGENT_EVENT.TOKEN_USAGE, (usage) => {
       setTokenUsage(usage);
+      wireLoggerRef.current?.statusUpdate({ event: "token_usage", ...usage });
     });
     agent.on(AGENT_EVENT.APPROVAL_NEEDED, (data) => {
       setPendingApproval({
@@ -4601,16 +5182,30 @@ var App = ({ autoApprove = false, target }) => {
         case "h":
           addMessage(
             MESSAGE_TYPE.SYSTEM,
-            `/target <ip>     Set target
+            `\u2500\u2500 Core \u2500\u2500
+/target <ip>     Set target
 /start [goal]    Start autonomous pentest  
 /stop            Stop operation
-/findings        Show findings
+/status          Show status report
+
+\u2500\u2500 Session \u2500\u2500
+/checkpoint [desc]  Create checkpoint
+/checkpoints     List all checkpoints
+/undo            Undo to last checkpoint
+/revert <id>     Revert to checkpoint
+/compact         Compact context
 /sessions        List saved sessions
 /resume [id]     Resume session
+
+\u2500\u2500 Findings \u2500\u2500
+/findings        Show findings
+
+\u2500\u2500 Utility \u2500\u2500
+/paste           Paste from clipboard
 /yolo            Toggle auto-approve
 /clear           Clear screen
 /exit            Exit
-/approve /deny   Approve/deny tool (during approval)`
+/y /n /ya        Approve/Deny/Always (approval)`
           );
           return;
         case CLI_COMMAND.TARGET:
@@ -4724,17 +5319,99 @@ var App = ({ autoApprove = false, target }) => {
             addMessage(MESSAGE_TYPE.ERROR, "No pending approval");
           }
           return;
-        // kimi-cli inspired commands
+        // kimi-cli inspired commands - REAL IMPLEMENTATIONS
         case "undo":
         case "u":
-          addMessage(MESSAGE_TYPE.SYSTEM, "\u21A9\uFE0F Undo not yet integrated (context checkpoints)");
+          if (contextManagerRef.current) {
+            const success = await contextManagerRef.current.undo();
+            if (success) {
+              setCheckpointCount((prev) => Math.max(0, prev - 1));
+              wireLoggerRef.current?.statusUpdate({ action: "undo" });
+              addMessage(MESSAGE_TYPE.SYSTEM, "\u21A9\uFE0F Undone to previous checkpoint");
+            } else {
+              addMessage(MESSAGE_TYPE.ERROR, "No checkpoint to undo");
+            }
+          } else {
+            addMessage(MESSAGE_TYPE.ERROR, "Context manager not initialized");
+          }
           return;
         case "checkpoint":
         case "cp":
-          addMessage(MESSAGE_TYPE.SYSTEM, "\u{1F4CD} Checkpoint created");
+          if (contextManagerRef.current) {
+            const description = args.join(" ") || void 0;
+            const cp = await contextManagerRef.current.checkpoint(description);
+            setCheckpointCount((prev) => prev + 1);
+            wireLoggerRef.current?.statusUpdate({ action: "checkpoint", id: cp.id });
+            addMessage(MESSAGE_TYPE.SYSTEM, `\u{1F4CD} Checkpoint #${cp.id} created${description ? `: ${description}` : ""}`);
+          } else {
+            addMessage(MESSAGE_TYPE.ERROR, "Context manager not initialized");
+          }
           return;
         case "compact":
-          addMessage(MESSAGE_TYPE.SYSTEM, "\u{1F5DC}\uFE0F Context compacted");
+          if (contextManagerRef.current) {
+            const summary = "Previous conversation summarized for context efficiency.";
+            await contextManagerRef.current.compact(summary, 3);
+            wireLoggerRef.current?.statusUpdate({ action: "compact" });
+            addMessage(MESSAGE_TYPE.SYSTEM, "\u{1F5DC}\uFE0F Context compacted (keeping last 3 messages)");
+          } else {
+            addMessage(MESSAGE_TYPE.ERROR, "Context manager not initialized");
+          }
+          return;
+        case "paste":
+        case "p":
+          try {
+            if (hasClipboardImage()) {
+              const img = readClipboardImage();
+              if (img) {
+                addMessage(MESSAGE_TYPE.SYSTEM, `\u{1F4F7} Image from clipboard: ${img.path}`);
+                addMessage(MESSAGE_TYPE.SYSTEM, `   Size: ${Math.round(img.base64.length / 1024)}KB base64`);
+              }
+            } else {
+              const text = readClipboardText();
+              if (text) {
+                const preview = text.length > 100 ? text.slice(0, 100) + "..." : text;
+                addMessage(MESSAGE_TYPE.SYSTEM, `\u{1F4CB} Clipboard: ${preview}`);
+                setInput(text);
+              } else {
+                addMessage(MESSAGE_TYPE.ERROR, "Clipboard is empty");
+              }
+            }
+          } catch (e) {
+            addMessage(MESSAGE_TYPE.ERROR, `Clipboard error: ${e instanceof Error ? e.message : String(e)}`);
+          }
+          return;
+        case "revert":
+          if (contextManagerRef.current && args[0]) {
+            const cpId = parseInt(args[0], 10);
+            if (isNaN(cpId)) {
+              addMessage(MESSAGE_TYPE.ERROR, "Usage: /revert <checkpoint_id>");
+              return;
+            }
+            const success = await contextManagerRef.current.revertTo(cpId);
+            if (success) {
+              wireLoggerRef.current?.statusUpdate({ action: "revert", checkpointId: cpId });
+              addMessage(MESSAGE_TYPE.SYSTEM, `\u21A9\uFE0F Reverted to checkpoint #${cpId}`);
+            } else {
+              addMessage(MESSAGE_TYPE.ERROR, `Checkpoint #${cpId} not found`);
+            }
+          } else {
+            addMessage(MESSAGE_TYPE.ERROR, "Usage: /revert <checkpoint_id>");
+          }
+          return;
+        case "checkpoints":
+        case "cps":
+          if (contextManagerRef.current) {
+            const cps = contextManagerRef.current.getCheckpoints();
+            if (cps.length === 0) {
+              addMessage(MESSAGE_TYPE.SYSTEM, "No checkpoints");
+            } else {
+              addMessage(MESSAGE_TYPE.SYSTEM, `\u{1F4CD} ${cps.length} Checkpoints:`);
+              cps.forEach((cp) => {
+                const time = new Date(cp.timestamp).toLocaleTimeString();
+                addMessage(MESSAGE_TYPE.SYSTEM, `   #${cp.id} @ ${time} (${cp.messageCount} msgs)${cp.description ? ` - ${cp.description}` : ""}`);
+              });
+            }
+          }
           return;
         case "status":
           const state2 = agent.getState();
@@ -4743,7 +5420,8 @@ var App = ({ autoApprove = false, target }) => {
    Iteration: ${state2.iteration}
    Findings: ${state2.findings.length}
    Compromised: ${state2.compromisedHosts.length}
-   Tokens: ${tokenUsage.total.toLocaleString()}`);
+   Tokens: ${tokenUsage.total.toLocaleString()}
+   Checkpoints: ${checkpointCount}`);
           return;
         case "think":
           addMessage(MESSAGE_TYPE.SYSTEM, "\u{1F9E0} Thinking mode: Extended reasoning enabled");
@@ -4774,8 +5452,8 @@ var App = ({ autoApprove = false, target }) => {
       startTimer();
       setCurrentStatus(`Running: ${trimmed}`);
       try {
-        const { execSync } = await import("child_process");
-        const output = execSync(trimmed, {
+        const { execSync: execSync2 } = await import("child_process");
+        const output = execSync2(trimmed, {
           encoding: "utf-8",
           timeout: 3e4,
           maxBuffer: 1024 * 1024
@@ -4859,48 +5537,51 @@ var App = ({ autoApprove = false, target }) => {
     return styles[type] || styles[MESSAGE_TYPE.SYSTEM];
   };
   const state = agent.getState();
-  return /* @__PURE__ */ jsxs(Box, { flexDirection: "column", paddingX: 1, children: [
-    /* @__PURE__ */ jsx(Box, { flexDirection: "column", marginBottom: 1, children: /* @__PURE__ */ jsx(Static, { items: messages.slice(-40), children: (msg) => {
+  return /* @__PURE__ */ jsxs2(Box2, { flexDirection: "column", paddingX: 1, children: [
+    /* @__PURE__ */ jsx2(Box2, { flexDirection: "column", marginBottom: 1, children: /* @__PURE__ */ jsx2(Static, { items: messages.slice(-40), children: (msg) => {
       const style = getStyle(msg.type);
-      return /* @__PURE__ */ jsx(Box, { children: /* @__PURE__ */ jsxs(Text, { color: style.color, dimColor: style.dim, children: [
+      if (msg.finding) {
+        return /* @__PURE__ */ jsx2(Box2, { marginY: 0, children: /* @__PURE__ */ jsx2(FindingDisplay, { block: msg.finding }) }, msg.id);
+      }
+      return /* @__PURE__ */ jsx2(Box2, { children: /* @__PURE__ */ jsxs2(Text2, { color: style.color, dimColor: style.dim, children: [
         style.prefix,
         " ",
         msg.content,
-        msg.duration && /* @__PURE__ */ jsxs(Text, { dimColor: true, children: [
+        msg.duration && /* @__PURE__ */ jsxs2(Text2, { dimColor: true, children: [
           " (",
           msg.duration,
           "s)"
         ] })
       ] }) }, msg.id);
     } }) }),
-    pendingApproval && /* @__PURE__ */ jsxs(Box, { flexDirection: "column", borderStyle: "round", borderColor: "yellow", paddingX: 1, marginBottom: 1, children: [
-      /* @__PURE__ */ jsxs(Text, { color: "yellow", bold: true, children: [
+    pendingApproval && /* @__PURE__ */ jsxs2(Box2, { flexDirection: "column", borderStyle: "round", borderColor: "yellow", paddingX: 1, marginBottom: 1, children: [
+      /* @__PURE__ */ jsxs2(Text2, { color: "yellow", bold: true, children: [
         "\u26A0\uFE0F  APPROVAL NEEDED: ",
         pendingApproval.toolName,
         " (",
         pendingApproval.riskLevel,
         " risk)"
       ] }),
-      /* @__PURE__ */ jsx(Text, { dimColor: true, children: Object.entries(pendingApproval.toolInput).slice(0, 2).map(([k, v]) => `${k}=${typeof v === "string" ? v.slice(0, 50) : JSON.stringify(v).slice(0, 50)}`).join(", ") }),
-      /* @__PURE__ */ jsx(Box, { flexDirection: "column", marginTop: 1, children: approvalOptions.map((opt, idx) => /* @__PURE__ */ jsxs(Text, { color: idx === approvalSelectedIndex ? "cyan" : "gray", children: [
+      /* @__PURE__ */ jsx2(Text2, { dimColor: true, children: Object.entries(pendingApproval.toolInput).slice(0, 2).map(([k, v]) => `${k}=${typeof v === "string" ? v.slice(0, 50) : JSON.stringify(v).slice(0, 50)}`).join(", ") }),
+      /* @__PURE__ */ jsx2(Box2, { flexDirection: "column", marginTop: 1, children: approvalOptions.map((opt, idx) => /* @__PURE__ */ jsxs2(Text2, { color: idx === approvalSelectedIndex ? "cyan" : "gray", children: [
         idx === approvalSelectedIndex ? "\u2192 " : "  ",
         opt.label
       ] }, opt.decision)) }),
-      /* @__PURE__ */ jsx(Box, { marginTop: 1, children: /* @__PURE__ */ jsx(Text, { dimColor: true, children: "\u2191\u2193 to select, Enter to confirm, or type /y /n /ya" }) })
+      /* @__PURE__ */ jsx2(Box2, { marginTop: 1, children: /* @__PURE__ */ jsx2(Text2, { dimColor: true, children: "\u2191\u2193 to select, Enter to confirm, or type /y /n /ya" }) })
     ] }),
-    isProcessing ? /* @__PURE__ */ jsxs(Box, { children: [
-      /* @__PURE__ */ jsx(Text, { color: THEME.status.running, children: /* @__PURE__ */ jsx(Spinner, { type: "dots" }) }),
-      /* @__PURE__ */ jsxs(Text, { color: THEME.text.muted, children: [
+    isProcessing ? /* @__PURE__ */ jsxs2(Box2, { children: [
+      /* @__PURE__ */ jsx2(Text2, { color: THEME.status.running, children: /* @__PURE__ */ jsx2(Spinner, { type: "dots" }) }),
+      /* @__PURE__ */ jsxs2(Text2, { color: THEME.text.muted, children: [
         " ",
         currentStatus,
-        elapsedTime > 0 && /* @__PURE__ */ jsxs(Text, { dimColor: true, children: [
+        elapsedTime > 0 && /* @__PURE__ */ jsxs2(Text2, { dimColor: true, children: [
           " (",
           elapsedTime,
           "s)"
         ] })
       ] })
-    ] }) : /* @__PURE__ */ jsxs(Box, { flexDirection: "column", children: [
-      showCommandHints && input.startsWith("/") && /* @__PURE__ */ jsx(Box, { flexDirection: "column", marginBottom: 1, children: /* @__PURE__ */ jsx(Text, { dimColor: true, children: [
+    ] }) : /* @__PURE__ */ jsxs2(Box2, { flexDirection: "column", children: [
+      showCommandHints && input.startsWith("/") && /* @__PURE__ */ jsx2(Box2, { flexDirection: "column", marginBottom: 1, children: /* @__PURE__ */ jsx2(Text2, { dimColor: true, children: [
         "/target <ip>",
         "/start",
         "/stop",
@@ -4911,9 +5592,9 @@ var App = ({ autoApprove = false, target }) => {
         "/exit",
         pendingApproval ? "/y /n /ya" : ""
       ].filter((cmd) => cmd && cmd.toLowerCase().includes(input.toLowerCase().slice(1))).slice(0, 5).join("  \u2502  ") }) }),
-      /* @__PURE__ */ jsxs(Box, { children: [
-        /* @__PURE__ */ jsx(Text, { color: mode === "agent" ? THEME.status.success : "yellow", children: mode === "agent" ? "\u2728 " : "$ " }),
-        /* @__PURE__ */ jsx(
+      /* @__PURE__ */ jsxs2(Box2, { children: [
+        /* @__PURE__ */ jsx2(Text2, { color: mode === "agent" ? THEME.status.success : "yellow", children: mode === "agent" ? "\u2728 " : "$ " }),
+        /* @__PURE__ */ jsx2(
           TextInput,
           {
             value: input,
@@ -4927,8 +5608,8 @@ var App = ({ autoApprove = false, target }) => {
         )
       ] })
     ] }),
-    /* @__PURE__ */ jsxs(Box, { marginTop: 1, justifyContent: "space-between", children: [
-      /* @__PURE__ */ jsxs(Text, { dimColor: true, children: [
+    /* @__PURE__ */ jsxs2(Box2, { marginTop: 1, justifyContent: "space-between", children: [
+      /* @__PURE__ */ jsxs2(Text2, { dimColor: true, children: [
         mode === "agent" ? "\u{1F916}" : "$",
         " ",
         state.target.primary || "No target",
@@ -4940,7 +5621,7 @@ var App = ({ autoApprove = false, target }) => {
         tokenUsage.total > 0 && `${(tokenUsage.total / 1e3).toFixed(1)}k tokens \u2502`,
         state.currentPhase !== AGENT_STATUS.IDLE && ` ${state.currentPhase} \u2502`
       ] }),
-      /* @__PURE__ */ jsxs(Text, { dimColor: true, children: [
+      /* @__PURE__ */ jsxs2(Text2, { dimColor: true, children: [
         "Ctrl+X mode \u2502 /help \u2502 Ctrl+C ",
         isProcessing ? "stop" : "exit"
       ] })
@@ -4951,7 +5632,7 @@ var app_default = App;
 
 // src/index.tsx
 import chalk from "chalk";
-import { jsx as jsx2 } from "react/jsx-runtime";
+import { jsx as jsx3 } from "react/jsx-runtime";
 var program = new Command();
 program.name("pentesting").version(APP_VERSION).description(APP_DESCRIPTION).option("--dangerously-skip-permissions", "Skip all permission prompts (dangerous!)").option("-t, --target <target>", "Set initial target");
 program.command("interactive", { isDefault: true }).alias("i").description("Start interactive TUI mode").action(() => {
@@ -4965,7 +5646,7 @@ program.command("interactive", { isDefault: true }).alias("i").description("Star
   }
   console.log(chalk.hex(THEME.text.accent)("Starting Pentest interactive mode...\n"));
   const { waitUntilExit } = render(
-    /* @__PURE__ */ jsx2(
+    /* @__PURE__ */ jsx3(
       app_default,
       {
         autoApprove: skipPermissions,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.3.1",
+  "version": "0.3.2",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/index.js",