pentesting 0.40.3 → 0.40.6

package/dist/main.js

@@ -306,7 +306,7 @@ var ORPHAN_PROCESS_NAMES = [
 
 // src/shared/constants/agent.ts
 var APP_NAME = "Pentest AI";
-var APP_VERSION = "0.40.3";
+var APP_VERSION = "0.40.6";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -444,6 +444,7 @@ var TOOL_NAMES = {
   ADD_FINDING: "add_finding",
   UPDATE_MISSION: "update_mission",
   UPDATE_TODO: "update_todo",
+  UPDATE_PHASE: "update_phase",
   HASH_CRACK: "hash_crack",
   ADD_LOOT: "add_loot",
   GET_STATE: "get_state",
@@ -4189,7 +4190,7 @@ All ports freed. All children killed.`
 ];
 
 // src/engine/tools/pentest-state-tools.ts
-var createStateTools = (state) => [
+var createStateTools = (state, events) => [
   {
     name: TOOL_NAMES.UPDATE_MISSION,
     description: `Update the mission summary and checklist.
@@ -4240,6 +4241,58 @@ Checklist Items: ${state.getMissionChecklist().length}`
     description: "Get current engagement state summary",
     parameters: {},
     execute: async () => ({ success: true, output: state.toPrompt() })
+  },
+  {
+    name: TOOL_NAMES.UPDATE_PHASE,
+    description: `Update the current penetration testing phase.
+Use this to signal progress through the engagement lifecycle.
+Valid phases: ${Object.values(PHASES).join(", ")}
+Phase transitions should reflect actual progress, not just time passed.
+Examples:
+  - recon \u2192 vulnerability_analysis: After port scanning and service enumeration
+  - vulnerability_analysis \u2192 exploit: After finding exploitable vulnerabilities
+  - exploit \u2192 post_exploitation: After gaining initial access
+  - post_exploitation \u2192 privilege_escalation: When seeking higher privileges
+  - privilege_escalation \u2192 lateral_movement: When pivoting to other hosts`,
+    parameters: {
+      phase: {
+        type: "string",
+        description: "The new phase to transition to",
+        enum: Object.values(PHASES)
+      },
+      reason: {
+        type: "string",
+        description: "Brief explanation for the phase change"
+      }
+    },
+    required: ["phase"],
+    execute: async (p) => {
+      const newPhase = p.phase;
+      const reason = p.reason || "Phase transition";
+      const oldPhase = state.getPhase();
+      const validPhases = Object.values(PHASES);
+      if (!validPhases.includes(newPhase)) {
+        return {
+          success: false,
+          output: `Invalid phase. Valid phases: ${validPhases.join(", ")}`
+        };
+      }
+      state.setPhase(newPhase);
+      events.emit({
+        type: EVENT_TYPES.PHASE_CHANGE,
+        timestamp: Date.now(),
+        data: {
+          fromPhase: oldPhase,
+          toPhase: newPhase,
+          reason
+        }
+      });
+      return {
+        success: true,
+        output: `Phase changed: ${oldPhase} \u2192 ${newPhase}
+Reason: ${reason}`
+      };
+    }
   }
 ];
 
@@ -6277,8 +6330,8 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
 ];
 
 // src/engine/tools/pentest.ts
-var createPentestTools = (state) => [
-  ...createStateTools(state),
+var createPentestTools = (state, events) => [
+  ...createStateTools(state, events),
   ...createTargetTools(state),
   ...createIntelTools(state),
   ...createAttackTools(state)
@@ -7683,7 +7736,7 @@ var ToolRegistry = class {
   initializeRegistry() {
     const allTools = [
       ...systemTools,
-      ...createPentestTools(this.state),
+      ...createPentestTools(this.state, this.events),
       ...createAgentTools(),
       ...createNetworkAttackTools(),
       ...resourceTools,
@@ -10987,6 +11040,16 @@ var useAgentEvents = (agent, eventsRef, state) => {
     const onFlagFound = (e) => {
       addMessage("system", `\u{1F3F4} FLAG FOUND: ${e.data.flag}  (total: ${e.data.totalFlags})`);
     };
+    const onPhaseChange = (e) => {
+      addMessage("system", `\u{1F504} Phase: ${e.data.fromPhase} \u2192 ${e.data.toPhase} (${e.data.reason})`);
+      const s = agent.getState();
+      setStats({
+        phase: e.data.toPhase,
+        targets: s.getTargets().size,
+        findings: s.getFindings().length,
+        todo: s.getTodo().length
+      });
+    };
     setInputHandler((p) => {
       return new Promise((resolve) => {
         const isPassword = /password|passphrase/i.test(p);
@@ -11040,6 +11103,7 @@ var useAgentEvents = (agent, eventsRef, state) => {
     events.on(EVENT_TYPES.RETRY, onRetry);
     events.on(EVENT_TYPES.USAGE_UPDATE, onUsageUpdate);
     events.on(EVENT_TYPES.FLAG_FOUND, onFlagFound);
+    events.on(EVENT_TYPES.PHASE_CHANGE, onPhaseChange);
     events.on(EVENT_TYPES.STATE_CHANGE, updateStats);
     events.on(EVENT_TYPES.START, updateStats);
     updateStats();
@@ -11411,7 +11475,7 @@ import { useState as useState3, useEffect as useEffect3 } from "react";
 import { Text as Text3 } from "ink";
 import { jsx as jsx3 } from "react/jsx-runtime";
 var FRAMES = ["\u2669", "\u266A", "\u266B", "\u266C", "\u266B", "\u266A"];
-var INTERVAL = 150;
+var INTERVAL = 400;
 var MusicSpinner = ({ color }) => {
   const [index, setIndex] = useState3(0);
   useEffect3(() => {
@@ -11593,6 +11657,10 @@ var App = ({ autoApprove = false, target }) => {
     cancelInputRequest,
     addMessage
   } = useAgent(autoApproveMode, target);
+  const isProcessingRef = useRef3(isProcessing);
+  isProcessingRef.current = isProcessing;
+  const autoApproveModeRef = useRef3(autoApproveMode);
+  autoApproveModeRef.current = autoApproveMode;
   const inputRequestRef = useRef3(inputRequest);
   inputRequestRef.current = inputRequest;
   const handleExit = useCallback3(() => {
@@ -11629,7 +11697,7 @@ var App = ({ autoApprove = false, target }) => {
           addMessage("error", "Set target first: /target <ip>");
           break;
         }
-        if (!autoApproveMode) {
+        if (!autoApproveModeRef.current) {
           setAutoApproveMode(true);
           agent.setAutoApprove(true);
           addMessage("system", "\u{1F680} Autonomous mode enabled (auto-approve ON)");
@@ -11688,7 +11756,7 @@ ${procData.stdout || "(no output)"}
       default:
         addMessage("error", `Unknown command: /${cmd}`);
     }
-  }, [agent, addMessage, executeTask, setMessages, handleExit, autoApproveMode]);
+  }, [agent, addMessage, executeTask, setMessages, handleExit]);
   const handleSubmit = useCallback3(async (value) => {
     const trimmed = value.trim();
     if (!trimmed) return;
@@ -11714,10 +11782,10 @@ ${procData.stdout || "(no output)"}
   useInput(useCallback3((ch, key) => {
     if (key.escape) {
       if (inputRequestRef.current.isActive) cancelInputRequest();
-      else if (isProcessing) abort();
+      else if (isProcessingRef.current) abort();
     }
     if (key.ctrl && ch === "c") handleExit();
-  }, [cancelInputRequest, isProcessing, abort, handleExit]));
+  }, [cancelInputRequest, abort, handleExit]));
   useEffect4(() => {
     const onSignal = () => handleExit();
     process.on("SIGINT", onSignal);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.40.3",
+  "version": "0.40.6",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/main.js",