pentesting 0.3.1 → 0.4.0

package/dist/replay-6WU2ANWJ.js

@@ -0,0 +1,130 @@
+import {
+  __require
+} from "./chunk-3RG5ZIWI.js";
+
+// src/core/replay/session-replay.ts
+import { existsSync, readFileSync } from "fs";
+function parseWireFile(filePath) {
+  if (!existsSync(filePath)) return [];
+  const events = [];
+  const content = readFileSync(filePath, "utf-8");
+  for (const line of content.split("\n")) {
+    if (!line.trim()) continue;
+    try {
+      const record = JSON.parse(line);
+      events.push({
+        type: record.message.type,
+        timestamp: record.message.timestamp,
+        data: record.message.data
+      });
+    } catch {
+    }
+  }
+  return events;
+}
+function getReplaySummary(events) {
+  if (events.length === 0) {
+    return { events, duration: 0, toolCalls: 0, findings: 0 };
+  }
+  const firstTs = events[0].timestamp;
+  const lastTs = events[events.length - 1].timestamp;
+  const duration = (lastTs - firstTs) / 1e3;
+  let toolCalls = 0;
+  let findings = 0;
+  for (const event of events) {
+    if (event.type === "tool_call") toolCalls++;
+    if (event.type === "status_update") {
+      const data = event.data;
+      if (data.event === "finding") findings++;
+    }
+  }
+  return { events, duration, toolCalls, findings };
+}
+function formatReplayEvent(event) {
+  const time = new Date(event.timestamp).toLocaleTimeString();
+  switch (event.type) {
+    case "turn_begin":
+      return `[${time}] \u{1F504} Turn started`;
+    case "step_begin": {
+      const data = event.data;
+      return `[${time}] \u{1F4CD} Step ${data.stepIndex + 1}`;
+    }
+    case "content_part": {
+      const data = event.data;
+      const preview = data.content.slice(0, 50).replace(/\n/g, " ");
+      const icon = data.isThinking ? "\u{1F4AD}" : "\u{1F4AC}";
+      return `[${time}] ${icon} ${preview}...`;
+    }
+    case "tool_call": {
+      const data = event.data;
+      return `[${time}] \u25B6 Tool: ${data.toolName}`;
+    }
+    case "tool_result": {
+      const data = event.data;
+      const icon = data.isError ? "\u2717" : "\u2713";
+      return `[${time}] ${icon} Tool result`;
+    }
+    case "status_update": {
+      const data = event.data;
+      if (data.event === "finding") {
+        return `[${time}] \u{1F3AF} Finding: ${data.title}`;
+      }
+      if (data.event === "phase_change") {
+        return `[${time}] \u{1F4CD} Phase: ${data.phase}`;
+      }
+      return `[${time}] \u{1F4CA} ${data.event}`;
+    }
+    case "turn_end":
+      return `[${time}] \u2713 Turn complete`;
+    default:
+      return `[${time}] ${event.type}`;
+  }
+}
+async function replaySession(wirePath, options = {}) {
+  const events = parseWireFile(wirePath);
+  const summary = getReplaySummary(events);
+  if (events.length === 0) return summary;
+  const speed = options.speed ?? 0;
+  let lastTs = events[0].timestamp;
+  for (const event of events) {
+    const formatted = formatReplayEvent(event);
+    if (options.onEvent) {
+      options.onEvent(event, formatted);
+    }
+    if (speed > 0) {
+      const delay = (event.timestamp - lastTs) / speed;
+      if (delay > 0 && delay < 5e3) {
+        await new Promise((r) => setTimeout(r, delay));
+      }
+      lastTs = event.timestamp;
+    }
+  }
+  return summary;
+}
+function findRecentWireFiles(sessionDir, limit = 10) {
+  const { readdirSync, statSync } = __require("fs");
+  const { join } = __require("path");
+  if (!existsSync(sessionDir)) return [];
+  const files = [];
+  try {
+    const entries = readdirSync(sessionDir, { withFileTypes: true });
+    for (const entry of entries) {
+      if (entry.isFile() && entry.name.endsWith(".jsonl")) {
+        const filePath = join(sessionDir, entry.name);
+        const stat = statSync(filePath);
+        files.push({ path: filePath, mtime: stat.mtimeMs });
+      }
+    }
+  } catch {
+    return [];
+  }
+  files.sort((a, b) => b.mtime - a.mtime);
+  return files.slice(0, limit).map((f) => f.path);
+}
+export {
+  findRecentWireFiles,
+  formatReplayEvent,
+  getReplaySummary,
+  parseWireFile,
+  replaySession
+};

package/dist/skill-2AON6M2V.js

@@ -0,0 +1,416 @@
+import "./chunk-3RG5ZIWI.js";
+
+// src/core/skill/flow.ts
+var FlowError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "FlowError";
+  }
+};
+var FlowParseError = class extends FlowError {
+  constructor(message) {
+    super(message);
+    this.name = "FlowParseError";
+  }
+};
+var FlowValidationError = class extends FlowError {
+  constructor(message) {
+    super(message);
+    this.name = "FlowValidationError";
+  }
+};
+function parseChoice(text) {
+  const match = text.match(/<choice>([^<]*)<\/choice>/);
+  return match ? match[1].trim() : null;
+}
+function validateFlow(nodes, outgoing) {
+  const beginNodes = Array.from(nodes.values()).filter((n) => n.kind === "begin");
+  const endNodes = Array.from(nodes.values()).filter((n) => n.kind === "end");
+  if (beginNodes.length !== 1) {
+    throw new FlowValidationError(`Expected exactly one BEGIN node, found ${beginNodes.length}`);
+  }
+  if (endNodes.length !== 1) {
+    throw new FlowValidationError(`Expected exactly one END node, found ${endNodes.length}`);
+  }
+  const beginId = beginNodes[0].id;
+  const endId = endNodes[0].id;
+  const reachable = /* @__PURE__ */ new Set();
+  const queue = [beginId];
+  while (queue.length > 0) {
+    const nodeId = queue.pop();
+    if (reachable.has(nodeId)) continue;
+    reachable.add(nodeId);
+    const edges = outgoing.get(nodeId) || [];
+    for (const edge of edges) {
+      if (!reachable.has(edge.dst)) {
+        queue.push(edge.dst);
+      }
+    }
+  }
+  if (!reachable.has(endId)) {
+    throw new FlowValidationError("END node is not reachable from BEGIN");
+  }
+  for (const node of nodes.values()) {
+    if (!reachable.has(node.id)) continue;
+    const edges = outgoing.get(node.id) || [];
+    if (edges.length <= 1) continue;
+    const labels = [];
+    for (const edge of edges) {
+      if (!edge.label?.trim()) {
+        throw new FlowValidationError(`Node "${node.id}" has an unlabeled edge`);
+      }
+      labels.push(edge.label);
+    }
+    if (new Set(labels).size !== labels.length) {
+      throw new FlowValidationError(`Node "${node.id}" has duplicate edge labels`);
+    }
+  }
+  return { beginId, endId };
+}
+function parseMermaidFlowchart(code) {
+  const nodes = /* @__PURE__ */ new Map();
+  const outgoing = /* @__PURE__ */ new Map();
+  const lines = code.split("\n").map((l) => l.trim()).filter((l) => l);
+  for (const line of lines) {
+    if (line.match(/^flowchart|^graph/i)) continue;
+    const nodeMatch = line.match(/^([A-Za-z0-9_]+)(\[([^\]]+)\]|\{([^\}]+)\}|\(\(([^\)]+)\)\)|\(\[([^\]]+)\]\))?$/);
+    if (nodeMatch && !line.includes("-->")) {
+      const id = nodeMatch[1];
+      const label = nodeMatch[3] || nodeMatch[4] || nodeMatch[5] || nodeMatch[6] || id;
+      let kind = "task";
+      if (nodeMatch[4]) kind = "decision";
+      else if (nodeMatch[5] || label.toLowerCase().includes("start") || label.toLowerCase().includes("begin")) kind = "begin";
+      else if (nodeMatch[6] || label.toLowerCase().includes("end")) kind = "end";
+      nodes.set(id, { id, label, kind });
+      continue;
+    }
+    const edgeMatch = line.match(/^([A-Za-z0-9_]+)\s*-->\s*(?:\|([^\|]+)\|\s*)?([A-Za-z0-9_]+)/);
+    if (edgeMatch) {
+      const src = edgeMatch[1];
+      const label = edgeMatch[2] || null;
+      const dst = edgeMatch[3];
+      if (!nodes.has(src)) nodes.set(src, { id: src, label: src, kind: "task" });
+      if (!nodes.has(dst)) nodes.set(dst, { id: dst, label: dst, kind: "task" });
+      const edges = outgoing.get(src) || [];
+      edges.push({ src, dst, label });
+      outgoing.set(src, edges);
+    }
+  }
+  const { beginId, endId } = validateFlow(nodes, outgoing);
+  return { nodes, outgoing, beginId, endId };
+}
+function parseD2Flowchart(code) {
+  const nodes = /* @__PURE__ */ new Map();
+  const outgoing = /* @__PURE__ */ new Map();
+  const lines = code.split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("#"));
+  for (const line of lines) {
+    const edgeMatch = line.match(/^([A-Za-z0-9_]+)\s*->\s*([A-Za-z0-9_]+)(?:\s*:\s*(.+))?$/);
+    if (edgeMatch) {
+      const src = edgeMatch[1];
+      const dst = edgeMatch[2];
+      const label = edgeMatch[3] || null;
+      if (!nodes.has(src)) {
+        const kind = src.toLowerCase().includes("start") ? "begin" : "task";
+        nodes.set(src, { id: src, label: src, kind });
+      }
+      if (!nodes.has(dst)) {
+        const kind = dst.toLowerCase().includes("end") ? "end" : "task";
+        nodes.set(dst, { id: dst, label: dst, kind });
+      }
+      const edges = outgoing.get(src) || [];
+      edges.push({ src, dst, label });
+      outgoing.set(src, edges);
+      continue;
+    }
+    const nodeMatch = line.match(/^([A-Za-z0-9_]+)\s*:\s*"?([^"{}]+)"?\s*(?:\{([^}]+)\})?$/);
+    if (nodeMatch) {
+      const id = nodeMatch[1];
+      const label = nodeMatch[2].trim();
+      const attrs = nodeMatch[3] || "";
+      let kind = "task";
+      if (attrs.includes("diamond")) kind = "decision";
+      else if (attrs.includes("oval") && label.toLowerCase().includes("start")) kind = "begin";
+      else if (attrs.includes("oval") && label.toLowerCase().includes("end")) kind = "end";
+      nodes.set(id, { id, label, kind });
+    }
+  }
+  const { beginId, endId } = validateFlow(nodes, outgoing);
+  return { nodes, outgoing, beginId, endId };
+}
+var FlowExecutor = class {
+  flow;
+  currentNodeId;
+  moveCount = 0;
+  maxMoves;
+  constructor(flow, maxMoves = 1e3) {
+    this.flow = flow;
+    this.currentNodeId = flow.beginId;
+    this.maxMoves = maxMoves;
+  }
+  get currentNode() {
+    return this.flow.nodes.get(this.currentNodeId);
+  }
+  get isComplete() {
+    return this.currentNodeId === this.flow.endId;
+  }
+  get availableChoices() {
+    const edges = this.flow.outgoing.get(this.currentNodeId) || [];
+    return edges.filter((e) => e.label).map((e) => e.label);
+  }
+  /**
+   * Move to next node
+   */
+  move(choice) {
+    if (this.isComplete) {
+      throw new FlowError("Flow is already complete");
+    }
+    if (this.moveCount >= this.maxMoves) {
+      throw new FlowError(`Max moves (${this.maxMoves}) exceeded`);
+    }
+    const edges = this.flow.outgoing.get(this.currentNodeId) || [];
+    if (edges.length === 0) {
+      throw new FlowError(`No outgoing edges from node "${this.currentNodeId}"`);
+    }
+    let nextEdge;
+    if (edges.length === 1) {
+      nextEdge = edges[0];
+    } else if (choice) {
+      nextEdge = edges.find((e) => e.label?.toLowerCase() === choice.toLowerCase());
+      if (!nextEdge) {
+        throw new FlowError(`Invalid choice "${choice}". Available: ${this.availableChoices.join(", ")}`);
+      }
+    } else {
+      throw new FlowError(`Choice required. Available: ${this.availableChoices.join(", ")}`);
+    }
+    this.currentNodeId = nextEdge.dst;
+    this.moveCount++;
+    return this.currentNode;
+  }
+  /**
+   * Reset flow
+   */
+  reset() {
+    this.currentNodeId = this.flow.beginId;
+    this.moveCount = 0;
+  }
+};
+
+// src/core/skill/skill.ts
+import { existsSync, readdirSync, readFileSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+function getBuiltinSkillsDir() {
+  return join(__dirname, "..", "..", "skills");
+}
+function getUserSkillsDirCandidates() {
+  return [
+    join(homedir(), ".config", "agents", "skills"),
+    join(homedir(), ".agents", "skills"),
+    join(homedir(), ".pentest", "skills"),
+    join(homedir(), ".claude", "skills")
+  ];
+}
+function getProjectSkillsDirCandidates(workDir) {
+  return [
+    join(workDir, ".agents", "skills"),
+    join(workDir, ".pentest", "skills"),
+    join(workDir, ".claude", "skills")
+  ];
+}
+function findFirstExistingDir(candidates) {
+  for (const candidate of candidates) {
+    if (existsSync(candidate)) {
+      return candidate;
+    }
+  }
+  return null;
+}
+function parseFrontmatter(content) {
+  const match = content.match(/^---\s*\n([\s\S]*?)\n---\s*\n/);
+  if (!match) return {};
+  const yaml = match[1];
+  const result = {};
+  for (const line of yaml.split("\n")) {
+    const colonIndex = line.indexOf(":");
+    if (colonIndex > 0) {
+      const key = line.slice(0, colonIndex).trim();
+      const value = line.slice(colonIndex + 1).trim().replace(/^["']|["']$/g, "");
+      result[key] = value;
+    }
+  }
+  return result;
+}
+function extractCodeBlocks(content) {
+  const blocks = [];
+  const regex = /```(\w+)?\n([\s\S]*?)```/g;
+  let match;
+  while ((match = regex.exec(content)) !== null) {
+    blocks.push({
+      lang: (match[1] || "").toLowerCase(),
+      code: match[2].trim()
+    });
+  }
+  return blocks;
+}
+function parseSkillText(content, dirPath) {
+  const frontmatter = parseFrontmatter(content);
+  const name = frontmatter.name || dirPath.split("/").pop() || "unnamed";
+  const description = frontmatter.description || "No description provided.";
+  const skillType = frontmatter.type || "standard";
+  let flow;
+  if (skillType === "flow") {
+    try {
+      const codeBlocks = extractCodeBlocks(content);
+      for (const block of codeBlocks) {
+        if (block.lang === "mermaid") {
+          flow = parseMermaidFlowchart(block.code);
+          break;
+        } else if (block.lang === "d2") {
+          flow = parseD2Flowchart(block.code);
+          break;
+        }
+      }
+      if (!flow) {
+        throw new FlowError("Flow skills require a mermaid or d2 code block");
+      }
+    } catch (e) {
+      console.error(`Failed to parse flow skill ${name}:`, e);
+      return {
+        name,
+        description,
+        type: "standard",
+        dir: dirPath,
+        content
+      };
+    }
+  }
+  return {
+    name,
+    description,
+    type: skillType,
+    dir: dirPath,
+    flow,
+    content
+  };
+}
+function discoverSkills(skillsDir) {
+  if (!existsSync(skillsDir)) return [];
+  const skills = [];
+  try {
+    const entries = readdirSync(skillsDir, { withFileTypes: true });
+    for (const entry of entries) {
+      if (!entry.isDirectory()) continue;
+      const skillDir = join(skillsDir, entry.name);
+      const skillMd = join(skillDir, "SKILL.md");
+      if (!existsSync(skillMd)) continue;
+      try {
+        const content = readFileSync(skillMd, "utf-8");
+        const skill = parseSkillText(content, skillDir);
+        skills.push(skill);
+      } catch {
+      }
+    }
+  } catch {
+  }
+  return skills.sort((a, b) => a.name.localeCompare(b.name));
+}
+function discoverSkillsFromRoots(skillsDirs) {
+  const skillsByName = /* @__PURE__ */ new Map();
+  for (const dir of skillsDirs) {
+    for (const skill of discoverSkills(dir)) {
+      skillsByName.set(skill.name.toLowerCase(), skill);
+    }
+  }
+  return Array.from(skillsByName.values()).sort((a, b) => a.name.localeCompare(b.name));
+}
+function resolveSkillRoots(workDir) {
+  const roots = [];
+  const builtinDir = getBuiltinSkillsDir();
+  if (existsSync(builtinDir)) {
+    roots.push(builtinDir);
+  }
+  const userDir = findFirstExistingDir(getUserSkillsDirCandidates());
+  if (userDir) {
+    roots.push(userDir);
+  }
+  const projectDir = findFirstExistingDir(getProjectSkillsDirCandidates(workDir));
+  if (projectDir) {
+    roots.push(projectDir);
+  }
+  return roots;
+}
+var SkillManager = class {
+  skills = /* @__PURE__ */ new Map();
+  workDir;
+  constructor(workDir) {
+    this.workDir = workDir || process.cwd();
+  }
+  /**
+   * Load all skills
+   */
+  load() {
+    const roots = resolveSkillRoots(this.workDir);
+    const skills = discoverSkillsFromRoots(roots);
+    this.skills.clear();
+    for (const skill of skills) {
+      this.skills.set(skill.name.toLowerCase(), skill);
+    }
+  }
+  /**
+   * Find skill by name
+   */
+  find(name) {
+    return this.skills.get(name.toLowerCase());
+  }
+  /**
+   * List all skills
+   */
+  list() {
+    return Array.from(this.skills.values());
+  }
+  /**
+   * Get skill content
+   */
+  getContent(name) {
+    const skill = this.find(name);
+    return skill?.content || null;
+  }
+  /**
+   * Format skills for system prompt
+   */
+  formatForPrompt() {
+    const skills = this.list();
+    if (skills.length === 0) return "No skills found.";
+    return skills.map(
+      (s) => `- ${s.name}
+  - Type: ${s.type}
+  - Description: ${s.description}`
+    ).join("\n");
+  }
+};
+var skillManager = null;
+function getSkillManager(workDir) {
+  if (!skillManager) {
+    skillManager = new SkillManager(workDir);
+    skillManager.load();
+  }
+  return skillManager;
+}
+export {
+  FlowError,
+  FlowExecutor,
+  FlowParseError,
+  FlowValidationError,
+  SkillManager,
+  discoverSkills,
+  discoverSkillsFromRoots,
+  extractCodeBlocks,
+  getSkillManager,
+  parseChoice,
+  parseD2Flowchart,
+  parseFrontmatter,
+  parseMermaidFlowchart,
+  parseSkillText,
+  resolveSkillRoots,
+  validateFlow
+};

package/dist/update-DNXSBIOM.js

@@ -0,0 +1,24 @@
+import {
+  checkForUpdate,
+  checkForUpdateAsync,
+  compareSemver,
+  doUpdate,
+  fetchLatestVersion,
+  formatUpdateNotification,
+  readVersionCache,
+  semverTuple,
+  writeVersionCache
+} from "./chunk-LZGHM27D.js";
+import "./chunk-IU6YJKJT.js";
+import "./chunk-3RG5ZIWI.js";
+export {
+  checkForUpdate,
+  checkForUpdateAsync,
+  compareSemver,
+  doUpdate,
+  fetchLatestVersion,
+  formatUpdateNotification,
+  readVersionCache,
+  semverTuple,
+  writeVersionCache
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.3.1",
+  "version": "0.4.0",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/index.js",