pentesting 0.3.2 → 0.4.0

package/dist/auto-update-H72IBVEQ.js

@@ -0,0 +1,24 @@
+import {
+  checkForUpdate,
+  checkForUpdateAsync,
+  compareSemver,
+  doUpdate,
+  fetchLatestVersion,
+  formatUpdateNotification,
+  readVersionCache,
+  semverTuple,
+  writeVersionCache
+} from "./chunk-LZGHM27D.js";
+import "./chunk-IU6YJKJT.js";
+import "./chunk-3RG5ZIWI.js";
+export {
+  checkForUpdate,
+  checkForUpdateAsync,
+  compareSemver,
+  doUpdate,
+  fetchLatestVersion,
+  formatUpdateNotification,
+  readVersionCache,
+  semverTuple,
+  writeVersionCache
+};

package/dist/chunk-3RG5ZIWI.js

@@ -0,0 +1,10 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+export {
+  __require
+};

package/dist/chunk-IU6YJKJT.js

@@ -0,0 +1,182 @@
+// src/config/agent-constants.ts
+var AGENT_STATUS = {
+  IDLE: "idle",
+  RUNNING: "running",
+  PAUSED: "paused",
+  STUCK: "stuck",
+  WAITING_INPUT: "waiting_input",
+  COMPLETED: "completed"
+};
+var PHASE_ID = {
+  RECON: "recon",
+  SCAN: "scan",
+  ENUM: "enum",
+  VULN: "vuln",
+  EXPLOIT: "exploit",
+  PRIVESC: "privesc",
+  PIVOT: "pivot",
+  PERSIST: "persist",
+  EXFIL: "exfil",
+  REPORT: "report"
+};
+var PHASE_STATUS = {
+  PENDING: "pending",
+  IN_PROGRESS: "in_progress",
+  COMPLETED: "completed",
+  FAILED: "failed",
+  SKIPPED: "skipped"
+};
+var THOUGHT_TYPE = {
+  OBSERVATION: "observation",
+  HYPOTHESIS: "hypothesis",
+  PLAN: "plan",
+  ACTION: "action",
+  RESULT: "result",
+  REFLECTION: "reflection",
+  STUCK: "stuck",
+  BREAKTHROUGH: "breakthrough"
+};
+var AGENT_EVENT = {
+  // Lifecycle
+  PLUGINS_LOADED: "plugins_loaded",
+  HOOKS_LOADED: "hooks_loaded",
+  COMMANDS_LOADED: "commands_loaded",
+  MCP_SERVER_ADDED: "mcp_server_added",
+  // Execution
+  ITERATION: "iteration",
+  THOUGHT: "thought",
+  RESPONSE: "response",
+  TOOL_CALL: "tool_call",
+  TOOL_RESULT: "tool_result",
+  COMMAND_EXECUTE: "command_execute",
+  APPROVAL_NEEDED: "approval_needed",
+  TOKEN_USAGE: "token_usage",
+  // State changes
+  TARGET_SET: "target_set",
+  PHASE_CHANGE: "phase_change",
+  AGENT_SWITCH: "agent_switch",
+  PAUSED: "paused",
+  RESUMED: "resumed",
+  RESET: "reset",
+  // Discoveries
+  FINDING: "finding",
+  CREDENTIAL: "credential",
+  COMPROMISED: "compromised",
+  // Completion
+  COMPLETE: "complete",
+  REPORT: "report",
+  ERROR: "error",
+  HINT_RECEIVED: "hint_received",
+  CONTEXT_COMPACTED: "context_compacted"
+};
+var CLI_COMMAND = {
+  HELP: "help",
+  TARGET: "target",
+  START: "start",
+  STOP: "stop",
+  FINDINGS: "findings",
+  CLEAR: "clear",
+  EXIT: "exit"
+};
+var MESSAGE_TYPE = {
+  USER: "user",
+  ASSISTANT: "assistant",
+  TOOL: "tool",
+  THINKING: "thinking",
+  ERROR: "error",
+  SYSTEM: "system",
+  RESULT: "result"
+};
+var TOOL_NAME = {
+  // System
+  BASH: "bash",
+  READ_FILE: "read_file",
+  WRITE_FILE: "write_file",
+  LIST_DIRECTORY: "list_directory",
+  // Network
+  NMAP_SCAN: "nmap_scan",
+  TCPDUMP_CAPTURE: "tcpdump_capture",
+  // Web
+  WEB_REQUEST: "web_request",
+  DIRECTORY_BRUTEFORCE: "directory_bruteforce",
+  SQL_INJECTION: "sql_injection",
+  BROWSER_AUTOMATION: "browser_automation",
+  // Exploit
+  SEARCHSPLOIT: "searchsploit",
+  METASPLOIT: "metasploit",
+  GENERATE_PAYLOAD: "generate_payload",
+  // Credential
+  BRUTEFORCE_LOGIN: "bruteforce_login",
+  CRACK_HASH: "crack_hash",
+  DUMP_CREDENTIALS: "dump_credentials",
+  // Privilege Escalation
+  CHECK_SUDO: "check_sudo",
+  FIND_SUID: "find_suid",
+  RUN_PRIVESC_ENUM: "run_privesc_enum",
+  // Post-Exploitation
+  SETUP_TUNNEL: "setup_tunnel",
+  LATERAL_MOVEMENT: "lateral_movement",
+  // Reporting
+  REPORT_FINDING: "report_finding",
+  TAKE_SCREENSHOT: "take_screenshot"
+};
+var SENSITIVE_TOOLS = [
+  TOOL_NAME.WRITE_FILE,
+  TOOL_NAME.BRUTEFORCE_LOGIN,
+  TOOL_NAME.METASPLOIT,
+  TOOL_NAME.SQL_INJECTION,
+  TOOL_NAME.DUMP_CREDENTIALS,
+  TOOL_NAME.GENERATE_PAYLOAD,
+  TOOL_NAME.LATERAL_MOVEMENT
+];
+
+// src/config/constants.ts
+var APP_NAME = "pentesting";
+var APP_VERSION = "0.4.0";
+var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
+var LLM_API_KEY = process.env.PENTEST_API_KEY || process.env.ANTHROPIC_API_KEY || "";
+var LLM_BASE_URL = process.env.PENTEST_BASE_URL || void 0;
+var LLM_MODEL = process.env.PENTEST_MODEL || "claude-sonnet-4-20250514";
+var LLM_MAX_TOKENS = parseInt(process.env.PENTEST_MAX_TOKENS || "16384", 10);
+var AGENT_CONFIG = {
+  maxIterations: 200,
+  maxToolCallsPerIteration: 10,
+  autoApprove: false,
+  sensitiveTools: SENSITIVE_TOOLS,
+  defaultTimeout: 6e4,
+  longRunningTimeout: 6e5,
+  stuckThreshold: 5,
+  stuckTimeThreshold: 3e5,
+  maxPhaseAttempts: 20
+};
+var PENTEST_PHASES = [
+  { id: PHASE_ID.RECON, name: "Reconnaissance", description: "Information gathering" },
+  { id: PHASE_ID.SCAN, name: "Scanning", description: "Port and service scanning" },
+  { id: PHASE_ID.ENUM, name: "Enumeration", description: "Deep service enumeration" },
+  { id: PHASE_ID.VULN, name: "Vulnerability Analysis", description: "Vulnerability identification" },
+  { id: PHASE_ID.EXPLOIT, name: "Exploitation", description: "Gaining access" },
+  { id: PHASE_ID.PRIVESC, name: "Privilege Escalation", description: "Elevating privileges" },
+  { id: PHASE_ID.PIVOT, name: "Pivoting", description: "Lateral movement" },
+  { id: PHASE_ID.PERSIST, name: "Persistence", description: "Maintaining access" },
+  { id: PHASE_ID.EXFIL, name: "Data Exfiltration", description: "Data extraction" },
+  { id: PHASE_ID.REPORT, name: "Reporting", description: "Documentation" }
+];
+
+export {
+  AGENT_STATUS,
+  PHASE_ID,
+  PHASE_STATUS,
+  THOUGHT_TYPE,
+  AGENT_EVENT,
+  CLI_COMMAND,
+  MESSAGE_TYPE,
+  TOOL_NAME,
+  APP_NAME,
+  APP_VERSION,
+  APP_DESCRIPTION,
+  LLM_API_KEY,
+  LLM_BASE_URL,
+  LLM_MODEL,
+  LLM_MAX_TOKENS,
+  AGENT_CONFIG
+};

package/dist/chunk-LZGHM27D.js

@@ -0,0 +1,134 @@
+import {
+  APP_NAME,
+  APP_VERSION
+} from "./chunk-IU6YJKJT.js";
+
+// src/core/update/auto-update.ts
+import { execSync } from "child_process";
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+var UPDATE_CHECK_INTERVAL = 24 * 60 * 60 * 1e3;
+var VERSION_CACHE_FILE = join(homedir(), ".pentest", "latest_version.json");
+function semverTuple(version) {
+  const match = version.match(/^(\d+)\.(\d+)\.(\d+)/);
+  if (!match) return [0, 0, 0];
+  return [parseInt(match[1]), parseInt(match[2]), parseInt(match[3])];
+}
+function compareSemver(a, b) {
+  const [a1, a2, a3] = semverTuple(a);
+  const [b1, b2, b3] = semverTuple(b);
+  if (a1 !== b1) return a1 < b1 ? -1 : 1;
+  if (a2 !== b2) return a2 < b2 ? -1 : 1;
+  if (a3 !== b3) return a3 < b3 ? -1 : 1;
+  return 0;
+}
+function readVersionCache() {
+  try {
+    if (!existsSync(VERSION_CACHE_FILE)) return null;
+    const data = JSON.parse(readFileSync(VERSION_CACHE_FILE, "utf-8"));
+    return data;
+  } catch {
+    return null;
+  }
+}
+function writeVersionCache(info) {
+  try {
+    const dir = join(homedir(), ".pentest");
+    if (!existsSync(dir)) {
+      mkdirSync(dir, { recursive: true });
+    }
+    writeFileSync(VERSION_CACHE_FILE, JSON.stringify(info, null, 2));
+  } catch {
+  }
+}
+function fetchLatestVersion(packageName = APP_NAME) {
+  try {
+    const output = execSync(`npm view ${packageName} version`, {
+      encoding: "utf-8",
+      timeout: 1e4,
+      stdio: ["pipe", "pipe", "pipe"]
+    });
+    return output.trim();
+  } catch {
+    return null;
+  }
+}
+function checkForUpdate(forceCheck = false) {
+  const currentVersion = APP_VERSION;
+  const cached = readVersionCache();
+  const now = Date.now();
+  if (!forceCheck && cached && now - cached.checkedAt < UPDATE_CHECK_INTERVAL) {
+    const hasUpdate2 = compareSemver(cached.version, currentVersion) > 0;
+    return {
+      hasUpdate: hasUpdate2,
+      currentVersion,
+      latestVersion: cached.version
+    };
+  }
+  const latestVersion = fetchLatestVersion();
+  if (!latestVersion) {
+    return {
+      hasUpdate: false,
+      currentVersion,
+      latestVersion: null,
+      error: "Failed to fetch latest version"
+    };
+  }
+  writeVersionCache({
+    version: latestVersion,
+    checkedAt: now
+  });
+  const hasUpdate = compareSemver(latestVersion, currentVersion) > 0;
+  return {
+    hasUpdate,
+    currentVersion,
+    latestVersion
+  };
+}
+async function checkForUpdateAsync() {
+  return new Promise((resolve) => {
+    setImmediate(() => {
+      resolve(checkForUpdate());
+    });
+  });
+}
+function formatUpdateNotification(result) {
+  if (!result.hasUpdate || !result.latestVersion) return null;
+  return `
+\u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
+\u2502  \u{1F195} A new version of ${APP_NAME} is available!   \u2502
+\u2502                                                \u2502
+\u2502  Current: ${result.currentVersion.padEnd(10)}  Latest: ${result.latestVersion.padEnd(10)}  \u2502
+\u2502                                                \u2502
+\u2502  Run: npm update -g ${APP_NAME}                  \u2502
+\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518
+`.trim();
+}
+function doUpdate() {
+  try {
+    execSync(`npm update -g ${APP_NAME}`, {
+      encoding: "utf-8",
+      timeout: 12e4,
+      stdio: "inherit"
+    });
+    return { success: true, message: `Updated ${APP_NAME} successfully!` };
+  } catch (e) {
+    return {
+      success: false,
+      message: `Failed to update: ${e instanceof Error ? e.message : String(e)}`
+    };
+  }
+}
+
+export {
+  semverTuple,
+  compareSemver,
+  readVersionCache,
+  writeVersionCache,
+  fetchLatestVersion,
+  checkForUpdate,
+  checkForUpdateAsync,
+  formatUpdateNotification,
+  doUpdate
+};

package/dist/index.js

@@ -1,10 +1,24 @@
 #!/usr/bin/env node
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
+import {
+  AGENT_CONFIG,
+  AGENT_EVENT,
+  AGENT_STATUS,
+  APP_DESCRIPTION,
+  APP_VERSION,
+  CLI_COMMAND,
+  LLM_API_KEY,
+  LLM_BASE_URL,
+  LLM_MAX_TOKENS,
+  LLM_MODEL,
+  MESSAGE_TYPE,
+  PHASE_ID,
+  PHASE_STATUS,
+  THOUGHT_TYPE,
+  TOOL_NAME
+} from "./chunk-IU6YJKJT.js";
+import {
+  __require
+} from "./chunk-3RG5ZIWI.js";
 
 // src/index.tsx
 import { render } from "ink";
@@ -206,138 +220,6 @@ Analyze your situation honestly:
 
 Based on this reflection, propose 3 completely different approaches to try next.`;
 
-// src/config/agent-constants.ts
-var AGENT_STATUS = {
-  IDLE: "idle",
-  RUNNING: "running",
-  PAUSED: "paused",
-  STUCK: "stuck",
-  WAITING_INPUT: "waiting_input",
-  COMPLETED: "completed"
-};
-var PHASE_ID = {
-  RECON: "recon",
-  SCAN: "scan",
-  ENUM: "enum",
-  VULN: "vuln",
-  EXPLOIT: "exploit",
-  PRIVESC: "privesc",
-  PIVOT: "pivot",
-  PERSIST: "persist",
-  EXFIL: "exfil",
-  REPORT: "report"
-};
-var PHASE_STATUS = {
-  PENDING: "pending",
-  IN_PROGRESS: "in_progress",
-  COMPLETED: "completed",
-  FAILED: "failed",
-  SKIPPED: "skipped"
-};
-var THOUGHT_TYPE = {
-  OBSERVATION: "observation",
-  HYPOTHESIS: "hypothesis",
-  PLAN: "plan",
-  ACTION: "action",
-  RESULT: "result",
-  REFLECTION: "reflection",
-  STUCK: "stuck",
-  BREAKTHROUGH: "breakthrough"
-};
-var AGENT_EVENT = {
-  // Lifecycle
-  PLUGINS_LOADED: "plugins_loaded",
-  HOOKS_LOADED: "hooks_loaded",
-  COMMANDS_LOADED: "commands_loaded",
-  MCP_SERVER_ADDED: "mcp_server_added",
-  // Execution
-  ITERATION: "iteration",
-  THOUGHT: "thought",
-  RESPONSE: "response",
-  TOOL_CALL: "tool_call",
-  TOOL_RESULT: "tool_result",
-  COMMAND_EXECUTE: "command_execute",
-  APPROVAL_NEEDED: "approval_needed",
-  TOKEN_USAGE: "token_usage",
-  // State changes
-  TARGET_SET: "target_set",
-  PHASE_CHANGE: "phase_change",
-  AGENT_SWITCH: "agent_switch",
-  PAUSED: "paused",
-  RESUMED: "resumed",
-  RESET: "reset",
-  // Discoveries
-  FINDING: "finding",
-  CREDENTIAL: "credential",
-  COMPROMISED: "compromised",
-  // Completion
-  COMPLETE: "complete",
-  REPORT: "report",
-  ERROR: "error",
-  HINT_RECEIVED: "hint_received",
-  CONTEXT_COMPACTED: "context_compacted"
-};
-var CLI_COMMAND = {
-  HELP: "help",
-  TARGET: "target",
-  START: "start",
-  STOP: "stop",
-  FINDINGS: "findings",
-  CLEAR: "clear",
-  EXIT: "exit"
-};
-var MESSAGE_TYPE = {
-  USER: "user",
-  ASSISTANT: "assistant",
-  TOOL: "tool",
-  THINKING: "thinking",
-  ERROR: "error",
-  SYSTEM: "system",
-  RESULT: "result"
-};
-var TOOL_NAME = {
-  // System
-  BASH: "bash",
-  READ_FILE: "read_file",
-  WRITE_FILE: "write_file",
-  LIST_DIRECTORY: "list_directory",
-  // Network
-  NMAP_SCAN: "nmap_scan",
-  TCPDUMP_CAPTURE: "tcpdump_capture",
-  // Web
-  WEB_REQUEST: "web_request",
-  DIRECTORY_BRUTEFORCE: "directory_bruteforce",
-  SQL_INJECTION: "sql_injection",
-  BROWSER_AUTOMATION: "browser_automation",
-  // Exploit
-  SEARCHSPLOIT: "searchsploit",
-  METASPLOIT: "metasploit",
-  GENERATE_PAYLOAD: "generate_payload",
-  // Credential
-  BRUTEFORCE_LOGIN: "bruteforce_login",
-  CRACK_HASH: "crack_hash",
-  DUMP_CREDENTIALS: "dump_credentials",
-  // Privilege Escalation
-  CHECK_SUDO: "check_sudo",
-  FIND_SUID: "find_suid",
-  RUN_PRIVESC_ENUM: "run_privesc_enum",
-  // Post-Exploitation
-  SETUP_TUNNEL: "setup_tunnel",
-  LATERAL_MOVEMENT: "lateral_movement",
-  // Reporting
-  REPORT_FINDING: "report_finding",
-  TAKE_SCREENSHOT: "take_screenshot"
-};
-var SENSITIVE_TOOLS = [
-  TOOL_NAME.WRITE_FILE,
-  TOOL_NAME.BRUTEFORCE_LOGIN,
-  TOOL_NAME.METASPLOIT,
-  TOOL_NAME.SQL_INJECTION,
-  TOOL_NAME.DUMP_CREDENTIALS,
-  TOOL_NAME.GENERATE_PAYLOAD,
-  TOOL_NAME.LATERAL_MOVEMENT
-];
-
 // src/core/tools/tool-definitions.ts
 var SYSTEM_TOOLS = [
   {
@@ -1381,37 +1263,6 @@ const { chromium } = require('playwright');
   return executeBash(`script -q /dev/null -c "cat" | tee "${filename || "terminal.txt"}"`);
 }
 
-// src/config/constants.ts
-var APP_VERSION = "0.3.2";
-var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
-var LLM_API_KEY = process.env.PENTEST_API_KEY || process.env.ANTHROPIC_API_KEY || "";
-var LLM_BASE_URL = process.env.PENTEST_BASE_URL || void 0;
-var LLM_MODEL = process.env.PENTEST_MODEL || "claude-sonnet-4-20250514";
-var LLM_MAX_TOKENS = parseInt(process.env.PENTEST_MAX_TOKENS || "16384", 10);
-var AGENT_CONFIG = {
-  maxIterations: 200,
-  maxToolCallsPerIteration: 10,
-  autoApprove: false,
-  sensitiveTools: SENSITIVE_TOOLS,
-  defaultTimeout: 6e4,
-  longRunningTimeout: 6e5,
-  stuckThreshold: 5,
-  stuckTimeThreshold: 3e5,
-  maxPhaseAttempts: 20
-};
-var PENTEST_PHASES = [
-  { id: PHASE_ID.RECON, name: "Reconnaissance", description: "Information gathering" },
-  { id: PHASE_ID.SCAN, name: "Scanning", description: "Port and service scanning" },
-  { id: PHASE_ID.ENUM, name: "Enumeration", description: "Deep service enumeration" },
-  { id: PHASE_ID.VULN, name: "Vulnerability Analysis", description: "Vulnerability identification" },
-  { id: PHASE_ID.EXPLOIT, name: "Exploitation", description: "Gaining access" },
-  { id: PHASE_ID.PRIVESC, name: "Privilege Escalation", description: "Elevating privileges" },
-  { id: PHASE_ID.PIVOT, name: "Pivoting", description: "Lateral movement" },
-  { id: PHASE_ID.PERSIST, name: "Persistence", description: "Maintaining access" },
-  { id: PHASE_ID.EXFIL, name: "Data Exfiltration", description: "Data extraction" },
-  { id: PHASE_ID.REPORT, name: "Reporting", description: "Documentation" }
-];
-
 // src/core/hooks/hook-executor.ts
 import { spawn as spawn2 } from "child_process";
 import * as fs2 from "fs/promises";
@@ -5033,6 +4884,21 @@ var App = ({ autoApprove = false, target }) => {
         setCheckpointCount(contextManagerRef.current?.getCheckpoints().length || 0);
       }
     });
+    import("./auto-update-H72IBVEQ.js").then(({ checkForUpdateAsync, formatUpdateNotification }) => {
+      checkForUpdateAsync().then((result) => {
+        if (result.hasUpdate) {
+          const notification = formatUpdateNotification(result);
+          if (notification) {
+            setMessages((prev) => [...prev, {
+              id: "update-notification",
+              type: MESSAGE_TYPE.SYSTEM,
+              content: notification,
+              timestamp: /* @__PURE__ */ new Date()
+            }]);
+          }
+        }
+      });
+    });
   }, []);
   const startTimeRef = useRef(0);
   const timerRef = useRef(null);
@@ -5196,6 +5062,12 @@ var App = ({ autoApprove = false, target }) => {
 /compact         Compact context
 /sessions        List saved sessions
 /resume [id]     Resume session
+/replay          Show session recordings
+
+\u2500\u2500 Skills & Extras \u2500\u2500
+/skills          List available skills
+/update          Check for updates
+/update now      Install update
 
 \u2500\u2500 Findings \u2500\u2500
 /findings        Show findings
@@ -5423,6 +5295,63 @@ var App = ({ autoApprove = false, target }) => {
    Tokens: ${tokenUsage.total.toLocaleString()}
    Checkpoints: ${checkpointCount}`);
           return;
+        case "skills":
+          try {
+            const { getSkillManager } = await import("./skill-2AON6M2V.js");
+            const skillMgr = getSkillManager();
+            const skills = skillMgr.list();
+            if (skills.length === 0) {
+              addMessage(MESSAGE_TYPE.SYSTEM, "No skills found. Add SKILL.md files to ~/.pentest/skills/");
+            } else {
+              addMessage(MESSAGE_TYPE.SYSTEM, `\u{1F4DA} ${skills.length} Skills:`);
+              skills.forEach((s) => {
+                addMessage(MESSAGE_TYPE.SYSTEM, `   ${s.type === "flow" ? "\u{1F504}" : "\u{1F4DD}"} ${s.name}: ${s.description}`);
+              });
+            }
+          } catch (e) {
+            addMessage(MESSAGE_TYPE.ERROR, `Skill error: ${e instanceof Error ? e.message : String(e)}`);
+          }
+          return;
+        case "replay":
+          try {
+            const { findRecentWireFiles, getReplaySummary, parseWireFile } = await import("./replay-6WU2ANWJ.js");
+            const wireFiles = findRecentWireFiles(sessionDirRef.current);
+            if (wireFiles.length === 0) {
+              addMessage(MESSAGE_TYPE.SYSTEM, "No session recordings found");
+            } else {
+              addMessage(MESSAGE_TYPE.SYSTEM, `\u{1F4FC} ${wireFiles.length} Session Recordings:`);
+              for (const file of wireFiles.slice(0, 5)) {
+                const events = parseWireFile(file);
+                const summary = getReplaySummary(events);
+                const name = file.split("/").pop()?.replace(".jsonl", "") || "unknown";
+                addMessage(MESSAGE_TYPE.SYSTEM, `   ${name}: ${summary.toolCalls} tools, ${summary.findings} findings, ${summary.duration.toFixed(1)}s`);
+              }
+            }
+          } catch (e) {
+            addMessage(MESSAGE_TYPE.ERROR, `Replay error: ${e instanceof Error ? e.message : String(e)}`);
+          }
+          return;
+        case "update":
+          try {
+            const { checkForUpdate, formatUpdateNotification, doUpdate } = await import("./update-DNXSBIOM.js");
+            const result = checkForUpdate(true);
+            if (result.hasUpdate) {
+              const notification = formatUpdateNotification(result);
+              if (notification) addMessage(MESSAGE_TYPE.SYSTEM, notification);
+              if (args[0] === "now") {
+                addMessage(MESSAGE_TYPE.SYSTEM, "\u{1F504} Updating...");
+                const updateResult = doUpdate();
+                addMessage(updateResult.success ? MESSAGE_TYPE.SYSTEM : MESSAGE_TYPE.ERROR, updateResult.message);
+              } else {
+                addMessage(MESSAGE_TYPE.SYSTEM, "Run /update now to update");
+              }
+            } else {
+              addMessage(MESSAGE_TYPE.SYSTEM, `\u2713 You have the latest version (${result.currentVersion})`);
+            }
+          } catch (e) {
+            addMessage(MESSAGE_TYPE.ERROR, `Update error: ${e instanceof Error ? e.message : String(e)}`);
+          }
+          return;
         case "think":
           addMessage(MESSAGE_TYPE.SYSTEM, "\u{1F9E0} Thinking mode: Extended reasoning enabled");
           return;

package/dist/replay-6WU2ANWJ.js

@@ -0,0 +1,130 @@
+import {
+  __require
+} from "./chunk-3RG5ZIWI.js";
+
+// src/core/replay/session-replay.ts
+import { existsSync, readFileSync } from "fs";
+function parseWireFile(filePath) {
+  if (!existsSync(filePath)) return [];
+  const events = [];
+  const content = readFileSync(filePath, "utf-8");
+  for (const line of content.split("\n")) {
+    if (!line.trim()) continue;
+    try {
+      const record = JSON.parse(line);
+      events.push({
+        type: record.message.type,
+        timestamp: record.message.timestamp,
+        data: record.message.data
+      });
+    } catch {
+    }
+  }
+  return events;
+}
+function getReplaySummary(events) {
+  if (events.length === 0) {
+    return { events, duration: 0, toolCalls: 0, findings: 0 };
+  }
+  const firstTs = events[0].timestamp;
+  const lastTs = events[events.length - 1].timestamp;
+  const duration = (lastTs - firstTs) / 1e3;
+  let toolCalls = 0;
+  let findings = 0;
+  for (const event of events) {
+    if (event.type === "tool_call") toolCalls++;
+    if (event.type === "status_update") {
+      const data = event.data;
+      if (data.event === "finding") findings++;
+    }
+  }
+  return { events, duration, toolCalls, findings };
+}
+function formatReplayEvent(event) {
+  const time = new Date(event.timestamp).toLocaleTimeString();
+  switch (event.type) {
+    case "turn_begin":
+      return `[${time}] \u{1F504} Turn started`;
+    case "step_begin": {
+      const data = event.data;
+      return `[${time}] \u{1F4CD} Step ${data.stepIndex + 1}`;
+    }
+    case "content_part": {
+      const data = event.data;
+      const preview = data.content.slice(0, 50).replace(/\n/g, " ");
+      const icon = data.isThinking ? "\u{1F4AD}" : "\u{1F4AC}";
+      return `[${time}] ${icon} ${preview}...`;
+    }
+    case "tool_call": {
+      const data = event.data;
+      return `[${time}] \u25B6 Tool: ${data.toolName}`;
+    }
+    case "tool_result": {
+      const data = event.data;
+      const icon = data.isError ? "\u2717" : "\u2713";
+      return `[${time}] ${icon} Tool result`;
+    }
+    case "status_update": {
+      const data = event.data;
+      if (data.event === "finding") {
+        return `[${time}] \u{1F3AF} Finding: ${data.title}`;
+      }
+      if (data.event === "phase_change") {
+        return `[${time}] \u{1F4CD} Phase: ${data.phase}`;
+      }
+      return `[${time}] \u{1F4CA} ${data.event}`;
+    }
+    case "turn_end":
+      return `[${time}] \u2713 Turn complete`;
+    default:
+      return `[${time}] ${event.type}`;
+  }
+}
+async function replaySession(wirePath, options = {}) {
+  const events = parseWireFile(wirePath);
+  const summary = getReplaySummary(events);
+  if (events.length === 0) return summary;
+  const speed = options.speed ?? 0;
+  let lastTs = events[0].timestamp;
+  for (const event of events) {
+    const formatted = formatReplayEvent(event);
+    if (options.onEvent) {
+      options.onEvent(event, formatted);
+    }
+    if (speed > 0) {
+      const delay = (event.timestamp - lastTs) / speed;
+      if (delay > 0 && delay < 5e3) {
+        await new Promise((r) => setTimeout(r, delay));
+      }
+      lastTs = event.timestamp;
+    }
+  }
+  return summary;
+}
+function findRecentWireFiles(sessionDir, limit = 10) {
+  const { readdirSync, statSync } = __require("fs");
+  const { join } = __require("path");
+  if (!existsSync(sessionDir)) return [];
+  const files = [];
+  try {
+    const entries = readdirSync(sessionDir, { withFileTypes: true });
+    for (const entry of entries) {
+      if (entry.isFile() && entry.name.endsWith(".jsonl")) {
+        const filePath = join(sessionDir, entry.name);
+        const stat = statSync(filePath);
+        files.push({ path: filePath, mtime: stat.mtimeMs });
+      }
+    }
+  } catch {
+    return [];
+  }
+  files.sort((a, b) => b.mtime - a.mtime);
+  return files.slice(0, limit).map((f) => f.path);
+}
+export {
+  findRecentWireFiles,
+  formatReplayEvent,
+  getReplaySummary,
+  parseWireFile,
+  replaySession
+};

package/dist/skill-2AON6M2V.js

@@ -0,0 +1,416 @@
+import "./chunk-3RG5ZIWI.js";
+
+// src/core/skill/flow.ts
+var FlowError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "FlowError";
+  }
+};
+var FlowParseError = class extends FlowError {
+  constructor(message) {
+    super(message);
+    this.name = "FlowParseError";
+  }
+};
+var FlowValidationError = class extends FlowError {
+  constructor(message) {
+    super(message);
+    this.name = "FlowValidationError";
+  }
+};
+function parseChoice(text) {
+  const match = text.match(/<choice>([^<]*)<\/choice>/);
+  return match ? match[1].trim() : null;
+}
+function validateFlow(nodes, outgoing) {
+  const beginNodes = Array.from(nodes.values()).filter((n) => n.kind === "begin");
+  const endNodes = Array.from(nodes.values()).filter((n) => n.kind === "end");
+  if (beginNodes.length !== 1) {
+    throw new FlowValidationError(`Expected exactly one BEGIN node, found ${beginNodes.length}`);
+  }
+  if (endNodes.length !== 1) {
+    throw new FlowValidationError(`Expected exactly one END node, found ${endNodes.length}`);
+  }
+  const beginId = beginNodes[0].id;
+  const endId = endNodes[0].id;
+  const reachable = /* @__PURE__ */ new Set();
+  const queue = [beginId];
+  while (queue.length > 0) {
+    const nodeId = queue.pop();
+    if (reachable.has(nodeId)) continue;
+    reachable.add(nodeId);
+    const edges = outgoing.get(nodeId) || [];
+    for (const edge of edges) {
+      if (!reachable.has(edge.dst)) {
+        queue.push(edge.dst);
+      }
+    }
+  }
+  if (!reachable.has(endId)) {
+    throw new FlowValidationError("END node is not reachable from BEGIN");
+  }
+  for (const node of nodes.values()) {
+    if (!reachable.has(node.id)) continue;
+    const edges = outgoing.get(node.id) || [];
+    if (edges.length <= 1) continue;
+    const labels = [];
+    for (const edge of edges) {
+      if (!edge.label?.trim()) {
+        throw new FlowValidationError(`Node "${node.id}" has an unlabeled edge`);
+      }
+      labels.push(edge.label);
+    }
+    if (new Set(labels).size !== labels.length) {
+      throw new FlowValidationError(`Node "${node.id}" has duplicate edge labels`);
+    }
+  }
+  return { beginId, endId };
+}
+function parseMermaidFlowchart(code) {
+  const nodes = /* @__PURE__ */ new Map();
+  const outgoing = /* @__PURE__ */ new Map();
+  const lines = code.split("\n").map((l) => l.trim()).filter((l) => l);
+  for (const line of lines) {
+    if (line.match(/^flowchart|^graph/i)) continue;
+    const nodeMatch = line.match(/^([A-Za-z0-9_]+)(\[([^\]]+)\]|\{([^\}]+)\}|\(\(([^\)]+)\)\)|\(\[([^\]]+)\]\))?$/);
+    if (nodeMatch && !line.includes("-->")) {
+      const id = nodeMatch[1];
+      const label = nodeMatch[3] || nodeMatch[4] || nodeMatch[5] || nodeMatch[6] || id;
+      let kind = "task";
+      if (nodeMatch[4]) kind = "decision";
+      else if (nodeMatch[5] || label.toLowerCase().includes("start") || label.toLowerCase().includes("begin")) kind = "begin";
+      else if (nodeMatch[6] || label.toLowerCase().includes("end")) kind = "end";
+      nodes.set(id, { id, label, kind });
+      continue;
+    }
+    const edgeMatch = line.match(/^([A-Za-z0-9_]+)\s*-->\s*(?:\|([^\|]+)\|\s*)?([A-Za-z0-9_]+)/);
+    if (edgeMatch) {
+      const src = edgeMatch[1];
+      const label = edgeMatch[2] || null;
+      const dst = edgeMatch[3];
+      if (!nodes.has(src)) nodes.set(src, { id: src, label: src, kind: "task" });
+      if (!nodes.has(dst)) nodes.set(dst, { id: dst, label: dst, kind: "task" });
+      const edges = outgoing.get(src) || [];
+      edges.push({ src, dst, label });
+      outgoing.set(src, edges);
+    }
+  }
+  const { beginId, endId } = validateFlow(nodes, outgoing);
+  return { nodes, outgoing, beginId, endId };
+}
+function parseD2Flowchart(code) {
+  const nodes = /* @__PURE__ */ new Map();
+  const outgoing = /* @__PURE__ */ new Map();
+  const lines = code.split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("#"));
+  for (const line of lines) {
+    const edgeMatch = line.match(/^([A-Za-z0-9_]+)\s*->\s*([A-Za-z0-9_]+)(?:\s*:\s*(.+))?$/);
+    if (edgeMatch) {
+      const src = edgeMatch[1];
+      const dst = edgeMatch[2];
+      const label = edgeMatch[3] || null;
+      if (!nodes.has(src)) {
+        const kind = src.toLowerCase().includes("start") ? "begin" : "task";
+        nodes.set(src, { id: src, label: src, kind });
+      }
+      if (!nodes.has(dst)) {
+        const kind = dst.toLowerCase().includes("end") ? "end" : "task";
+        nodes.set(dst, { id: dst, label: dst, kind });
+      }
+      const edges = outgoing.get(src) || [];
+      edges.push({ src, dst, label });
+      outgoing.set(src, edges);
+      continue;
+    }
+    const nodeMatch = line.match(/^([A-Za-z0-9_]+)\s*:\s*"?([^"{}]+)"?\s*(?:\{([^}]+)\})?$/);
+    if (nodeMatch) {
+      const id = nodeMatch[1];
+      const label = nodeMatch[2].trim();
+      const attrs = nodeMatch[3] || "";
+      let kind = "task";
+      if (attrs.includes("diamond")) kind = "decision";
+      else if (attrs.includes("oval") && label.toLowerCase().includes("start")) kind = "begin";
+      else if (attrs.includes("oval") && label.toLowerCase().includes("end")) kind = "end";
+      nodes.set(id, { id, label, kind });
+    }
+  }
+  const { beginId, endId } = validateFlow(nodes, outgoing);
+  return { nodes, outgoing, beginId, endId };
+}
+var FlowExecutor = class {
+  flow;
+  currentNodeId;
+  moveCount = 0;
+  maxMoves;
+  constructor(flow, maxMoves = 1e3) {
+    this.flow = flow;
+    this.currentNodeId = flow.beginId;
+    this.maxMoves = maxMoves;
+  }
+  get currentNode() {
+    return this.flow.nodes.get(this.currentNodeId);
+  }
+  get isComplete() {
+    return this.currentNodeId === this.flow.endId;
+  }
+  get availableChoices() {
+    const edges = this.flow.outgoing.get(this.currentNodeId) || [];
+    return edges.filter((e) => e.label).map((e) => e.label);
+  }
+  /**
+   * Move to next node
+   */
+  move(choice) {
+    if (this.isComplete) {
+      throw new FlowError("Flow is already complete");
+    }
+    if (this.moveCount >= this.maxMoves) {
+      throw new FlowError(`Max moves (${this.maxMoves}) exceeded`);
+    }
+    const edges = this.flow.outgoing.get(this.currentNodeId) || [];
+    if (edges.length === 0) {
+      throw new FlowError(`No outgoing edges from node "${this.currentNodeId}"`);
+    }
+    let nextEdge;
+    if (edges.length === 1) {
+      nextEdge = edges[0];
+    } else if (choice) {
+      nextEdge = edges.find((e) => e.label?.toLowerCase() === choice.toLowerCase());
+      if (!nextEdge) {
+        throw new FlowError(`Invalid choice "${choice}". Available: ${this.availableChoices.join(", ")}`);
+      }
+    } else {
+      throw new FlowError(`Choice required. Available: ${this.availableChoices.join(", ")}`);
+    }
+    this.currentNodeId = nextEdge.dst;
+    this.moveCount++;
+    return this.currentNode;
+  }
+  /**
+   * Reset flow
+   */
+  reset() {
+    this.currentNodeId = this.flow.beginId;
+    this.moveCount = 0;
+  }
+};
+
+// src/core/skill/skill.ts
+import { existsSync, readdirSync, readFileSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+function getBuiltinSkillsDir() {
+  return join(__dirname, "..", "..", "skills");
+}
+function getUserSkillsDirCandidates() {
+  return [
+    join(homedir(), ".config", "agents", "skills"),
+    join(homedir(), ".agents", "skills"),
+    join(homedir(), ".pentest", "skills"),
+    join(homedir(), ".claude", "skills")
+  ];
+}
+function getProjectSkillsDirCandidates(workDir) {
+  return [
+    join(workDir, ".agents", "skills"),
+    join(workDir, ".pentest", "skills"),
+    join(workDir, ".claude", "skills")
+  ];
+}
+function findFirstExistingDir(candidates) {
+  for (const candidate of candidates) {
+    if (existsSync(candidate)) {
+      return candidate;
+    }
+  }
+  return null;
+}
+function parseFrontmatter(content) {
+  const match = content.match(/^---\s*\n([\s\S]*?)\n---\s*\n/);
+  if (!match) return {};
+  const yaml = match[1];
+  const result = {};
+  for (const line of yaml.split("\n")) {
+    const colonIndex = line.indexOf(":");
+    if (colonIndex > 0) {
+      const key = line.slice(0, colonIndex).trim();
+      const value = line.slice(colonIndex + 1).trim().replace(/^["']|["']$/g, "");
+      result[key] = value;
+    }
+  }
+  return result;
+}
+function extractCodeBlocks(content) {
+  const blocks = [];
+  const regex = /```(\w+)?\n([\s\S]*?)```/g;
+  let match;
+  while ((match = regex.exec(content)) !== null) {
+    blocks.push({
+      lang: (match[1] || "").toLowerCase(),
+      code: match[2].trim()
+    });
+  }
+  return blocks;
+}
+function parseSkillText(content, dirPath) {
+  const frontmatter = parseFrontmatter(content);
+  const name = frontmatter.name || dirPath.split("/").pop() || "unnamed";
+  const description = frontmatter.description || "No description provided.";
+  const skillType = frontmatter.type || "standard";
+  let flow;
+  if (skillType === "flow") {
+    try {
+      const codeBlocks = extractCodeBlocks(content);
+      for (const block of codeBlocks) {
+        if (block.lang === "mermaid") {
+          flow = parseMermaidFlowchart(block.code);
+          break;
+        } else if (block.lang === "d2") {
+          flow = parseD2Flowchart(block.code);
+          break;
+        }
+      }
+      if (!flow) {
+        throw new FlowError("Flow skills require a mermaid or d2 code block");
+      }
+    } catch (e) {
+      console.error(`Failed to parse flow skill ${name}:`, e);
+      return {
+        name,
+        description,
+        type: "standard",
+        dir: dirPath,
+        content
+      };
+    }
+  }
+  return {
+    name,
+    description,
+    type: skillType,
+    dir: dirPath,
+    flow,
+    content
+  };
+}
+function discoverSkills(skillsDir) {
+  if (!existsSync(skillsDir)) return [];
+  const skills = [];
+  try {
+    const entries = readdirSync(skillsDir, { withFileTypes: true });
+    for (const entry of entries) {
+      if (!entry.isDirectory()) continue;
+      const skillDir = join(skillsDir, entry.name);
+      const skillMd = join(skillDir, "SKILL.md");
+      if (!existsSync(skillMd)) continue;
+      try {
+        const content = readFileSync(skillMd, "utf-8");
+        const skill = parseSkillText(content, skillDir);
+        skills.push(skill);
+      } catch {
+      }
+    }
+  } catch {
+  }
+  return skills.sort((a, b) => a.name.localeCompare(b.name));
+}
+function discoverSkillsFromRoots(skillsDirs) {
+  const skillsByName = /* @__PURE__ */ new Map();
+  for (const dir of skillsDirs) {
+    for (const skill of discoverSkills(dir)) {
+      skillsByName.set(skill.name.toLowerCase(), skill);
+    }
+  }
+  return Array.from(skillsByName.values()).sort((a, b) => a.name.localeCompare(b.name));
+}
+function resolveSkillRoots(workDir) {
+  const roots = [];
+  const builtinDir = getBuiltinSkillsDir();
+  if (existsSync(builtinDir)) {
+    roots.push(builtinDir);
+  }
+  const userDir = findFirstExistingDir(getUserSkillsDirCandidates());
+  if (userDir) {
+    roots.push(userDir);
+  }
+  const projectDir = findFirstExistingDir(getProjectSkillsDirCandidates(workDir));
+  if (projectDir) {
+    roots.push(projectDir);
+  }
+  return roots;
+}
+var SkillManager = class {
+  skills = /* @__PURE__ */ new Map();
+  workDir;
+  constructor(workDir) {
+    this.workDir = workDir || process.cwd();
+  }
+  /**
+   * Load all skills
+   */
+  load() {
+    const roots = resolveSkillRoots(this.workDir);
+    const skills = discoverSkillsFromRoots(roots);
+    this.skills.clear();
+    for (const skill of skills) {
+      this.skills.set(skill.name.toLowerCase(), skill);
+    }
+  }
+  /**
+   * Find skill by name
+   */
+  find(name) {
+    return this.skills.get(name.toLowerCase());
+  }
+  /**
+   * List all skills
+   */
+  list() {
+    return Array.from(this.skills.values());
+  }
+  /**
+   * Get skill content
+   */
+  getContent(name) {
+    const skill = this.find(name);
+    return skill?.content || null;
+  }
+  /**
+   * Format skills for system prompt
+   */
+  formatForPrompt() {
+    const skills = this.list();
+    if (skills.length === 0) return "No skills found.";
+    return skills.map(
+      (s) => `- ${s.name}
+  - Type: ${s.type}
+  - Description: ${s.description}`
+    ).join("\n");
+  }
+};
+var skillManager = null;
+function getSkillManager(workDir) {
+  if (!skillManager) {
+    skillManager = new SkillManager(workDir);
+    skillManager.load();
+  }
+  return skillManager;
+}
+export {
+  FlowError,
+  FlowExecutor,
+  FlowParseError,
+  FlowValidationError,
+  SkillManager,
+  discoverSkills,
+  discoverSkillsFromRoots,
+  extractCodeBlocks,
+  getSkillManager,
+  parseChoice,
+  parseD2Flowchart,
+  parseFrontmatter,
+  parseMermaidFlowchart,
+  parseSkillText,
+  resolveSkillRoots,
+  validateFlow
+};

package/dist/update-DNXSBIOM.js

@@ -0,0 +1,24 @@
+import {
+  checkForUpdate,
+  checkForUpdateAsync,
+  compareSemver,
+  doUpdate,
+  fetchLatestVersion,
+  formatUpdateNotification,
+  readVersionCache,
+  semverTuple,
+  writeVersionCache
+} from "./chunk-LZGHM27D.js";
+import "./chunk-IU6YJKJT.js";
+import "./chunk-3RG5ZIWI.js";
+export {
+  checkForUpdate,
+  checkForUpdateAsync,
+  compareSemver,
+  doUpdate,
+  fetchLatestVersion,
+  formatUpdateNotification,
+  readVersionCache,
+  semverTuple,
+  writeVersionCache
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.3.2",
+  "version": "0.4.0",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/index.js",