pentesting 0.40.6 → 0.41.0

package/dist/main.js

@@ -13,8 +13,8 @@ import chalk from "chalk";
 import gradient from "gradient-string";
 
 // src/platform/tui/app.tsx
-import { useState as useState4, useCallback as useCallback3, useEffect as useEffect4, useRef as useRef3 } from "react";
-import { Box as Box6, useInput, useApp } from "ink";
+import { useState as useState4, useCallback as useCallback4, useEffect as useEffect4, useRef as useRef4 } from "react";
+import { Box as Box6, useInput as useInput2, useApp } from "ink";
 
 // src/platform/tui/hooks/useAgent.ts
 import { useState as useState2, useEffect as useEffect2, useCallback as useCallback2, useRef as useRef2 } from "react";
@@ -199,6 +199,14 @@ var EXIT_CODES = {
   /** Process killed by SIGKILL */
   SIGKILL: 137
 };
+var PROCESS_ACTIONS = {
+  LIST: "list",
+  STATUS: "status",
+  INTERACT: "interact",
+  PROMOTE: "promote",
+  STOP: "stop",
+  STOP_ALL: "stop_all"
+};
 var PROCESS_ROLES = {
   LISTENER: "listener",
   ACTIVE_SHELL: "active_shell",
@@ -306,7 +314,7 @@ var ORPHAN_PROCESS_NAMES = [
 
 // src/shared/constants/agent.ts
 var APP_NAME = "Pentest AI";
-var APP_VERSION = "0.40.6";
+var APP_VERSION = "0.41.0";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -565,6 +573,11 @@ var UI_COMMANDS = {
   LOGS: "logs",
   LOGS_SHORT: "l",
   CTF: "ctf",
+  AUTO: "auto",
+  GRAPH: "graph",
+  GRAPH_SHORT: "g",
+  PATHS: "paths",
+  PATHS_SHORT: "p",
   EXIT: "exit",
   QUIT: "quit",
   EXIT_SHORT: "q"
@@ -958,6 +971,18 @@ function debugLog(category, message, data) {
 }
 
 // src/shared/utils/command-validator.ts
+var SHELL_OPERATORS = {
+  AND: "&&",
+  OR: "||",
+  SEQUENCE: ";",
+  PIPE: "|",
+  BACKGROUND: "&"
+};
+var SHELL_CHARS = {
+  SINGLE_QUOTE: "'",
+  DOUBLE_QUOTE: '"',
+  BACKTICK: "`"
+};
 function validateCommand(command) {
   if (!command || typeof command !== "string") {
     return { safe: false, error: "Empty or invalid command" };
@@ -997,13 +1022,13 @@ function splitChainedCommands(command) {
   let i = 0;
   while (i < command.length) {
     const ch = command[i];
-    if (ch === "'" && !inDouble) {
+    if (ch === SHELL_CHARS.SINGLE_QUOTE && !inDouble) {
       inSingle = !inSingle;
       current += ch;
       i++;
       continue;
     }
-    if (ch === '"' && !inSingle) {
+    if (ch === SHELL_CHARS.DOUBLE_QUOTE && !inSingle) {
       inDouble = !inDouble;
       current += ch;
       i++;
@@ -1016,7 +1041,7 @@ function splitChainedCommands(command) {
         i += 2;
         continue;
       }
-      if (ch === ";") {
+      if (ch === SHELL_OPERATORS.SEQUENCE) {
         if (current.trim()) parts.push(current.trim());
         current = "";
         i++;
@@ -1342,6 +1367,12 @@ var globalInputHandler = null;
 function setInputHandler(handler) {
   globalInputHandler = handler;
 }
+function clearInputHandler() {
+  globalInputHandler = null;
+}
+function clearCommandEventEmitter() {
+  globalEventEmitter = null;
+}
 async function runCommand(command, args = [], options = {}) {
   const fullCommand = args.length > 0 ? `${command} ${args.join(" ")}` : command;
   const validation = validateCommand(fullCommand);
@@ -1935,7 +1966,10 @@ async function cleanupAllProcesses() {
   if (cleanupDone) return;
   cleanupDone = true;
   const ids = Array.from(backgroundProcesses.keys());
-  if (ids.length === 0) return;
+  if (ids.length === 0) {
+    cleanupDone = false;
+    return;
+  }
   for (const [_id, proc] of backgroundProcesses) {
     if (!proc.hasExited) {
       proc.childPids = discoverAllDescendants(proc.pid);
@@ -1997,6 +2031,7 @@ async function cleanupAllProcesses() {
     } catch {
     }
   }
+  cleanupDone = false;
 }
 function getResourceSummary() {
   const procs = listBackgroundProcesses();
@@ -2128,7 +2163,8 @@ var StateSerializer = class {
       if (important.length > 0) {
         lines.push(`  Important Findings:`);
         for (const f of important.slice(0, DISPLAY_LIMITS.FINDING_PREVIEW)) {
-          lines.push(`    [${f.severity.toUpperCase()}] ${f.title} (${f.category || "general"})`);
+          const tactic = f.attackPattern ? ` [ATT&CK:${f.attackPattern}]` : "";
+          lines.push(`    [${f.severity.toUpperCase()}] ${f.title} (${f.category || "general"})${tactic}`);
         }
       }
     }
@@ -2174,11 +2210,54 @@ var GRAPH_LIMITS = {
   /** Maximum chains to show in prompt */
   PROMPT_CHAINS: 5,
   /** Maximum unexploited vulns to show in prompt */
-  PROMPT_VULNS: 5
+  PROMPT_VULNS: 5,
+  /** Maximum failed paths to show in prompt */
+  PROMPT_FAILED: 5,
+  /** Maximum DFS depth for chain discovery */
+  MAX_CHAIN_DEPTH: 6,
+  /** Maximum nodes to display in ASCII graph */
+  ASCII_MAX_NODES: 30
+};
+var NODE_TYPE = {
+  HOST: "host",
+  SERVICE: "service",
+  CREDENTIAL: "credential",
+  VULNERABILITY: "vulnerability",
+  ACCESS: "access",
+  LOOT: "loot",
+  OSINT: "osint"
+};
+var NODE_STATUS = {
+  DISCOVERED: "discovered",
+  ATTEMPTED: "attempted",
+  SUCCEEDED: "succeeded",
+  FAILED: "failed"
+};
+var EDGE_STATUS = {
+  UNTESTED: "untested",
+  TESTING: "testing",
+  SUCCEEDED: "succeeded",
+  FAILED: "failed"
+};
+var SEVERITY = {
+  CRITICAL: "critical",
+  HIGH: "high",
+  MEDIUM: "medium",
+  LOW: "low",
+  INFO: "info"
 };
+var IMPACT_WEIGHT = { critical: 4, high: 3, medium: 2, low: 1 };
 var AttackGraph = class {
   nodes = /* @__PURE__ */ new Map();
   edges = [];
+  failedPaths = [];
+  // ─── Core Graph Operations ──────────────────────────────────
+  /** Reset the graph to an empty state. */
+  reset() {
+    this.nodes.clear();
+    this.edges = [];
+    this.failedPaths = [];
+  }
   /**
    * Add a node to the attack graph.
    */
@@ -2190,7 +2269,7 @@ var AttackGraph = class {
         type,
         label,
         data,
-        exploited: false,
+        status: NODE_STATUS.DISCOVERED,
         discoveredAt: Date.now()
       });
     }
@@ -2202,34 +2281,106 @@ var AttackGraph = class {
   addEdge(fromId, toId, relation, confidence = 0.5) {
     const exists = this.edges.some((e) => e.from === fromId && e.to === toId && e.relation === relation);
     if (!exists) {
-      this.edges.push({ from: fromId, to: toId, relation, confidence });
+      this.edges.push({ from: fromId, to: toId, relation, confidence, status: EDGE_STATUS.UNTESTED });
     }
   }
   /**
-   * Mark a node as exploited.
+   * Get node by ID.
    */
-  markExploited(nodeId) {
+  getNode(nodeId) {
+    return this.nodes.get(nodeId);
+  }
+  // ─── Status Management ──────────────────────────────────────
+  /**
+   * Mark a node as being attempted (in-progress attack).
+   */
+  markAttempted(nodeId) {
     const node = this.nodes.get(nodeId);
-    if (node) node.exploited = true;
+    if (node && node.status === NODE_STATUS.DISCOVERED) {
+      node.status = NODE_STATUS.ATTEMPTED;
+      node.attemptedAt = Date.now();
+    }
   }
   /**
-   * Get node by ID.
+   * Mark a node as successfully exploited/achieved.
    */
-  getNode(nodeId) {
-    return this.nodes.get(nodeId);
+  markSucceeded(nodeId) {
+    const node = this.nodes.get(nodeId);
+    if (node) {
+      node.status = NODE_STATUS.SUCCEEDED;
+      node.resolvedAt = Date.now();
+    }
+    for (const edge of this.edges) {
+      if (edge.to === nodeId && edge.status === EDGE_STATUS.TESTING) {
+        edge.status = EDGE_STATUS.SUCCEEDED;
+      }
+    }
+  }
+  /**
+   * Mark a node as failed (attack didn't work).
+   */
+  markFailed(nodeId, reason) {
+    const node = this.nodes.get(nodeId);
+    if (node) {
+      node.status = NODE_STATUS.FAILED;
+      node.resolvedAt = Date.now();
+      node.failReason = reason;
+      this.failedPaths.push(`${node.label}${reason ? ` (${reason})` : ""}`);
+    }
+    for (const edge of this.edges) {
+      if (edge.to === nodeId && (edge.status === EDGE_STATUS.TESTING || edge.status === EDGE_STATUS.UNTESTED)) {
+        edge.status = EDGE_STATUS.FAILED;
+        edge.failReason = reason;
+      }
+    }
+  }
+  /**
+   * Mark an edge as being tested.
+   */
+  markEdgeTesting(fromId, toId) {
+    for (const edge of this.edges) {
+      if (edge.from === fromId && edge.to === toId) {
+        edge.status = EDGE_STATUS.TESTING;
+      }
+    }
+  }
+  /**
+   * Mark an edge as failed.
+   */
+  markEdgeFailed(fromId, toId, reason) {
+    for (const edge of this.edges) {
+      if (edge.from === fromId && edge.to === toId) {
+        edge.status = EDGE_STATUS.FAILED;
+        edge.failReason = reason;
+      }
+    }
+    this.failedPaths.push(`${fromId} \u2192 ${toId}${reason ? ` (${reason})` : ""}`);
+  }
+  // Backward-compatible alias
+  markExploited(nodeId) {
+    this.markSucceeded(nodeId);
+  }
+  // ─── Domain-Specific Registration ───────────────────────────
+  /**
+   * Record a host discovery.
+   */
+  addHost(ip, hostname) {
+    return this.addNode(NODE_TYPE.HOST, ip, { ip, hostname });
   }
   /**
    * Record a service discovery and auto-create edges.
    */
   addService(host, port, service, version) {
-    const serviceId = this.addNode("service", `${host}:${port}`, {
+    const hostId = this.addHost(host);
+    const serviceId = this.addNode(NODE_TYPE.SERVICE, `${host}:${port}`, {
       host,
       port,
       service,
       version
     });
+    this.addEdge(hostId, serviceId, "has_service", 0.95);
     if (version) {
-      const vulnId = this.addNode("vulnerability", `CVE search: ${service} ${version}`, {
+      const vulnId = this.addNode(NODE_TYPE.VULNERABILITY, `CVE search: ${service} ${version}`, {
         service,
         version,
         status: GRAPH_STATUS.NEEDS_SEARCH
@@ -2250,7 +2401,7 @@ var AttackGraph = class {
     for (const [id, node] of this.nodes) {
       if (node.type === "service") {
         const svc = String(node.data.service || "");
-        if (["ssh", "ftp", "rdp", "smb", "http", "mysql", "postgresql", "mssql", "winrm"].some((s) => svc.includes(s))) {
+        if (["ssh", "ftp", "rdp", "smb", "http", "mysql", "postgresql", "mssql", "winrm", "vnc", "telnet"].some((s) => svc.includes(s))) {
           this.addEdge(credId, id, "can_try_on", 0.6);
         }
       }
@@ -2289,7 +2440,7 @@ var AttackGraph = class {
       level,
       via
     });
-    this.markExploited(accessId);
+    this.markSucceeded(accessId);
     if (["root", "admin", "SYSTEM", "Administrator"].includes(level)) {
       const lootId = this.addNode("loot", `flags on ${host}`, {
         host,
@@ -2300,104 +2451,302 @@ var AttackGraph = class {
     return accessId;
   }
   /**
-   * Recommend attack chains based on current graph state.
-   * Returns chains sorted by probability (highest first).
+   * Record OSINT discovery (Docker image, GitHub repo, company info, etc.)
    */
-  recommendChains() {
-    const chains = [];
-    for (const edge of this.edges) {
-      if (edge.relation === "can_try_on") {
-        const cred = this.nodes.get(edge.from);
-        const service = this.nodes.get(edge.to);
-        if (cred && service && !service.exploited) {
-          chains.push({
-            steps: [cred, service],
-            description: `Credential spray: ${cred.label} \u2192 ${service.label}`,
-            probability: edge.confidence,
-            impact: "high"
-          });
+  addOSINT(category, detail, data = {}) {
+    const osintId = this.addNode("osint", `${category}: ${detail}`, {
+      category,
+      detail,
+      ...data
+    });
+    for (const [id, node] of this.nodes) {
+      if (node.type === "host" || node.type === "service") {
+        const hostIp = String(node.data.ip || node.data.host || "");
+        const hostname = String(node.data.hostname || "");
+        if (hostIp && detail.includes(hostIp) || hostname && detail.includes(hostname)) {
+          this.addEdge(osintId, id, "relates_to", 0.5);
         }
       }
     }
-    for (const edge of this.edges) {
-      if (edge.relation === "leads_to") {
-        const vuln = this.nodes.get(edge.from);
-        const access = this.nodes.get(edge.to);
-        if (vuln && access && !vuln.exploited) {
-          chains.push({
-            steps: [vuln, access],
-            description: `Exploit: ${vuln.label} \u2192 ${access.label}`,
-            probability: edge.confidence,
-            impact: "critical"
-          });
-        }
-      }
+    return osintId;
+  }
+  // ─── Chain Discovery (DFS) ──────────────────────────────────
+  /**
+   * Find all viable attack paths using DFS.
+   * Only follows edges that are untested or succeeded.
+   * Prioritizes by (probability × impact).
+   */
+  recommendChains() {
+    const chains = [];
+    const visited = /* @__PURE__ */ new Set();
+    const goalTypes = [NODE_TYPE.ACCESS, NODE_TYPE.LOOT];
+    const entryNodes = Array.from(this.nodes.values()).filter(
+      (n) => n.type === NODE_TYPE.HOST || n.type === NODE_TYPE.SERVICE || n.type === NODE_TYPE.CREDENTIAL || n.type === NODE_TYPE.OSINT
+    );
+    for (const entry of entryNodes) {
+      visited.clear();
+      this.dfsChains(entry.id, [], [], visited, chains, goalTypes);
     }
-    for (const edge of this.edges) {
-      if (edge.relation === "can_access") {
-        const access = this.nodes.get(edge.from);
-        const loot = this.nodes.get(edge.to);
-        if (access && loot && access.exploited && !loot.exploited) {
-          chains.push({
-            steps: [access, loot],
-            description: `Collect: ${access.label} \u2192 ${loot.label}`,
-            probability: edge.confidence,
-            impact: "high"
-          });
-        }
-      }
+    const seen = /* @__PURE__ */ new Set();
+    const unique = chains.filter((c) => {
+      if (seen.has(c.description)) return false;
+      seen.add(c.description);
+      return true;
+    });
+    unique.sort(
+      (a, b) => b.probability * (IMPACT_WEIGHT[b.impact] || 1) - a.probability * (IMPACT_WEIGHT[a.impact] || 1)
+    );
+    return unique.slice(0, GRAPH_LIMITS.MAX_CHAINS);
+  }
+  dfsChains(nodeId, path2, pathEdges, visited, results, goalTypes) {
+    if (visited.has(nodeId)) return;
+    if (path2.length >= GRAPH_LIMITS.MAX_CHAIN_DEPTH) return;
+    const node = this.nodes.get(nodeId);
+    if (!node) return;
+    if (node.status === NODE_STATUS.FAILED) return;
+    visited.add(nodeId);
+    path2.push(node);
+    if (goalTypes.includes(node.type) && node.status !== NODE_STATUS.SUCCEEDED && path2.length > 1) {
+      const prob = pathEdges.reduce((acc, e) => acc * e.confidence, 1);
+      const impact = this.estimateImpact(node);
+      results.push({
+        steps: [...path2],
+        edges: [...pathEdges],
+        description: path2.map((n) => n.label).join(" \u2192 "),
+        probability: prob,
+        impact,
+        length: path2.length
+      });
     }
-    const impactWeight = { critical: 4, high: 3, medium: 2, low: 1 };
-    chains.sort(
-      (a, b) => b.probability * (impactWeight[b.impact] || 1) - a.probability * (impactWeight[a.impact] || 1)
+    const outEdges = this.edges.filter(
+      (e) => e.from === nodeId && e.status !== EDGE_STATUS.FAILED
     );
-    return chains.slice(0, GRAPH_LIMITS.MAX_CHAINS);
+    for (const edge of outEdges) {
+      this.dfsChains(edge.to, path2, [...pathEdges, edge], visited, results, goalTypes);
+    }
+    path2.pop();
+    visited.delete(nodeId);
   }
+  estimateImpact(node) {
+    if (node.type === NODE_TYPE.LOOT) return SEVERITY.CRITICAL;
+    if (node.type === NODE_TYPE.ACCESS) {
+      const level = String(node.data.level || "");
+      if (["root", "SYSTEM", "Administrator", "admin"].includes(level)) return SEVERITY.CRITICAL;
+      return SEVERITY.HIGH;
+    }
+    if (node.type === NODE_TYPE.VULNERABILITY) {
+      const sev = String(node.data.severity || "");
+      if (sev === SEVERITY.CRITICAL) return SEVERITY.CRITICAL;
+      if (sev === SEVERITY.HIGH) return SEVERITY.HIGH;
+      if (sev === SEVERITY.MEDIUM) return SEVERITY.MEDIUM;
+    }
+    return SEVERITY.LOW;
+  }
+  // ─── Prompt Generation ──────────────────────────────────────
   /**
    * Format attack graph status for prompt injection.
+   * Provides LLM with:
+   * - Available paths (sorted by probability)
+   * - Failed paths (DO NOT retry)
+   * - Unexploited vulnerabilities
    */
   toPrompt() {
     if (this.nodes.size === 0) return "";
     const lines = ["<attack-graph>"];
     const nodesByType = {};
+    const nodesByStatus = {};
     for (const node of this.nodes.values()) {
       nodesByType[node.type] = (nodesByType[node.type] || 0) + 1;
+      nodesByStatus[node.status] = (nodesByStatus[node.status] || 0) + 1;
     }
     lines.push(`Nodes: ${Object.entries(nodesByType).map(([t, c]) => `${c} ${t}s`).join(", ")}`);
-    lines.push(`Edges: ${this.edges.length} relationships`);
+    lines.push(`Status: ${Object.entries(nodesByStatus).map(([s, c]) => `${c} ${s}`).join(", ")}`);
+    lines.push(`Edges: ${this.edges.length} (${this.edges.filter((e) => e.status === EDGE_STATUS.FAILED).length} failed)`);
     const chains = this.recommendChains();
     if (chains.length > 0) {
       lines.push("");
-      lines.push("RECOMMENDED NEXT ACTIONS:");
+      lines.push("RECOMMENDED ATTACK PATHS (try these):");
       for (let i = 0; i < Math.min(GRAPH_LIMITS.PROMPT_CHAINS, chains.length); i++) {
         const c = chains[i];
         const prob = (c.probability * 100).toFixed(0);
-        lines.push(`  ${i + 1}. [${c.impact.toUpperCase()} | ${prob}%] ${c.description}`);
+        lines.push(`  PATH ${i + 1} [${c.impact.toUpperCase()} | ${prob}%]: ${c.description}`);
+      }
+    }
+    if (this.failedPaths.length > 0) {
+      lines.push("");
+      lines.push("FAILED PATHS (DO NOT RETRY):");
+      for (const fp of this.failedPaths.slice(-GRAPH_LIMITS.PROMPT_FAILED)) {
+        lines.push(`  \u2717 ${fp}`);
       }
     }
-    const unexploitedVulns = Array.from(this.nodes.values()).filter((n) => n.type === "vulnerability" && !n.exploited);
+    const unexploitedVulns = Array.from(this.nodes.values()).filter((n) => n.type === NODE_TYPE.VULNERABILITY && n.status !== NODE_STATUS.SUCCEEDED && n.status !== NODE_STATUS.FAILED);
     if (unexploitedVulns.length > 0) {
       lines.push("");
       lines.push(`UNEXPLOITED VULNERABILITIES (${unexploitedVulns.length}):`);
       for (const v of unexploitedVulns.slice(0, GRAPH_LIMITS.PROMPT_VULNS)) {
-        lines.push(`  - ${v.label} (${v.data.severity || "unknown"})`);
+        const sev = v.data.severity || "unknown";
+        const status = v.status === NODE_STATUS.ATTEMPTED ? " \u23F3 testing" : "";
+        lines.push(`  - ${v.label} (${sev})${status}`);
+      }
+    }
+    const accessNodes = Array.from(this.nodes.values()).filter((n) => n.type === NODE_TYPE.ACCESS && n.status === NODE_STATUS.SUCCEEDED);
+    if (accessNodes.length > 0) {
+      lines.push("");
+      lines.push("ACHIEVED ACCESS:");
+      for (const a of accessNodes) {
+        lines.push(`  \u2713 ${a.label}`);
+      }
+    }
+    const credNodes = Array.from(this.nodes.values()).filter((n) => n.type === NODE_TYPE.CREDENTIAL);
+    if (credNodes.length > 0) {
+      lines.push("");
+      lines.push(`CREDENTIALS (${credNodes.length} \u2014 try on all services):`);
+      for (const c of credNodes) {
+        const source = c.data.source || "unknown";
+        const sprayEdges = this.edges.filter((e) => e.from === c.id && e.relation === "can_try_on");
+        const testedCount = sprayEdges.filter((e) => e.status !== EDGE_STATUS.UNTESTED).length;
+        lines.push(`  \u{1F511} ${c.label} (from: ${source}) [sprayed: ${testedCount}/${sprayEdges.length}]`);
       }
     }
     lines.push("</attack-graph>");
     return lines.join("\n");
   }
+  // ─── TUI Visualization ──────────────────────────────────────
+  /**
+   * Generate ASCII visualization for TUI /graph command.
+   */
+  toASCII() {
+    if (this.nodes.size === 0) return "(Empty attack graph \u2014 no discoveries yet)";
+    const lines = [];
+    lines.push("\u250C\u2500\u2500\u2500 Attack Graph \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510");
+    const groups = {};
+    for (const node of this.nodes.values()) {
+      if (!groups[node.type]) groups[node.type] = [];
+      groups[node.type].push(node);
+    }
+    const typeIcons = {
+      [NODE_TYPE.HOST]: "\u{1F5A5}",
+      [NODE_TYPE.SERVICE]: "\u2699",
+      [NODE_TYPE.VULNERABILITY]: "\u26A0",
+      [NODE_TYPE.CREDENTIAL]: "\u{1F511}",
+      [NODE_TYPE.ACCESS]: "\u{1F513}",
+      [NODE_TYPE.LOOT]: "\u{1F3F4}",
+      [NODE_TYPE.OSINT]: "\u{1F50D}"
+    };
+    const statusIcons = {
+      [NODE_STATUS.DISCOVERED]: "\u25CB",
+      [NODE_STATUS.ATTEMPTED]: "\u25D0",
+      [NODE_STATUS.SUCCEEDED]: "\u25CF",
+      [NODE_STATUS.FAILED]: "\u2717"
+    };
+    let nodeCount = 0;
+    for (const [type, nodes] of Object.entries(groups)) {
+      if (nodeCount >= GRAPH_LIMITS.ASCII_MAX_NODES) {
+        lines.push(`\u2502  ... and ${this.nodes.size - nodeCount} more nodes`);
+        break;
+      }
+      const icon = typeIcons[type] || "\xB7";
+      lines.push(`\u2502`);
+      lines.push(`\u2502 ${icon} ${type.toUpperCase()} (${nodes.length})`);
+      for (const node of nodes) {
+        if (nodeCount >= GRAPH_LIMITS.ASCII_MAX_NODES) break;
+        const sIcon = statusIcons[node.status] || "?";
+        const fail = node.status === NODE_STATUS.FAILED && node.failReason ? ` \u2014 ${node.failReason}` : "";
+        const outEdges = this.edges.filter((e) => e.from === node.id);
+        const edgeStr = outEdges.length > 0 ? ` \u2192 ${outEdges.map((e) => {
+          const target = this.nodes.get(e.to);
+          const eName = target ? target.label : e.to;
+          const eStatus = e.status === EDGE_STATUS.FAILED ? " \u2717" : e.status === EDGE_STATUS.SUCCEEDED ? " \u2713" : "";
+          return `${eName}${eStatus}`;
+        }).join(", ")}` : "";
+        lines.push(`\u2502   ${sIcon} ${node.label}${fail}${edgeStr}`);
+        nodeCount++;
+      }
+    }
+    const stats = this.getStats();
+    lines.push(`\u2502`);
+    lines.push(`\u251C\u2500\u2500\u2500 Summary \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524`);
+    lines.push(`\u2502 Nodes: ${stats.nodes} | Edges: ${stats.edges} | Succeeded: ${stats.succeeded} | Failed: ${stats.failed} | Chains: ${stats.chains}`);
+    lines.push(`\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518`);
+    return lines.join("\n");
+  }
+  /**
+   * Generate path listing for TUI /paths command.
+   */
+  toPathsList() {
+    const chains = this.recommendChains();
+    if (chains.length === 0) {
+      if (this.nodes.size === 0) return "No attack graph data yet. Start reconnaissance first.";
+      return "No viable attack paths found. All paths may be exhausted or failed.";
+    }
+    const lines = [];
+    lines.push(`\u2500\u2500\u2500 ${chains.length} Attack Paths (sorted by priority) \u2500\u2500\u2500`);
+    lines.push("");
+    for (let i = 0; i < chains.length; i++) {
+      const c = chains[i];
+      const prob = (c.probability * 100).toFixed(0);
+      const impactColors = {
+        [SEVERITY.CRITICAL]: "\u{1F534}",
+        [SEVERITY.HIGH]: "\u{1F7E0}",
+        [SEVERITY.MEDIUM]: "\u{1F7E1}",
+        [SEVERITY.LOW]: "\u{1F7E2}"
+      };
+      const impactIcon = impactColors[c.impact] || "\u26AA";
+      lines.push(`${impactIcon} PATH ${i + 1} [${c.impact.toUpperCase()} | prob: ${prob}% | steps: ${c.length}]`);
+      lines.push(`   ${c.description}`);
+      for (const edge of c.edges) {
+        const statusTag = edge.status === EDGE_STATUS.UNTESTED ? "  ?" : edge.status === EDGE_STATUS.TESTING ? "  \u23F3" : edge.status === EDGE_STATUS.SUCCEEDED ? "  \u2713" : "  \u2717";
+        lines.push(`   ${statusTag} ${edge.from.split(":").pop()} \u2014[${edge.relation}]\u2192 ${edge.to.split(":").pop()}`);
+      }
+      lines.push("");
+    }
+    if (this.failedPaths.length > 0) {
+      lines.push(`\u2500\u2500\u2500 Failed Paths (${this.failedPaths.length}) \u2500\u2500\u2500`);
+      for (const fp of this.failedPaths) {
+        lines.push(`   \u2717 ${fp}`);
+      }
+    }
+    return lines.join("\n");
+  }
+  // ─── Stats ──────────────────────────────────────────────────
   /**
    * Get graph stats for metrics display.
    */
   getStats() {
-    const exploited = Array.from(this.nodes.values()).filter((n) => n.exploited).length;
+    const succeeded = Array.from(this.nodes.values()).filter((n) => n.status === NODE_STATUS.SUCCEEDED).length;
+    const failed = Array.from(this.nodes.values()).filter((n) => n.status === NODE_STATUS.FAILED).length;
     return {
       nodes: this.nodes.size,
       edges: this.edges.length,
-      exploited,
+      succeeded,
+      failed,
       chains: this.recommendChains().length
     };
   }
+  /**
+   * Get all nodes (for serialization or external access).
+   */
+  getAllNodes() {
+    return Array.from(this.nodes.values());
+  }
+  /**
+   * Get all edges (for serialization or external access).
+   */
+  getAllEdges() {
+    return [...this.edges];
+  }
+  /**
+   * Get failed paths list.
+   */
+  getFailedPaths() {
+    return [...this.failedPaths];
+  }
+  /**
+   * Check if the graph has any data.
+   */
+  isEmpty() {
+    return this.nodes.size === 0;
+  }
 };
 
 // src/shared/utils/agent-memory.ts
@@ -2493,6 +2842,10 @@ var WorkingMemory = class {
   getEntries() {
     return [...this.entries];
   }
+  /** Clear all working memory entries. */
+  clear() {
+    this.entries = [];
+  }
 };
 var EpisodicMemory = class {
   events = [];
@@ -2548,6 +2901,10 @@ var EpisodicMemory = class {
     lines.push("</session-timeline>");
     return lines.join("\n");
   }
+  /** Clear all episodic events. */
+  clear() {
+    this.events = [];
+  }
 };
 var MEMORY_DIR = "/tmp/pentesting-memory";
 var MEMORY_FILE = join3(MEMORY_DIR, "persistent-knowledge.json");
@@ -2732,6 +3089,10 @@ var DynamicTechniqueLibrary = class {
   getAll() {
     return [...this.techniques];
   }
+  /** Clear all learned techniques. */
+  clear() {
+    this.techniques = [];
+  }
   /**
    * Format for prompt injection.
    */
@@ -2840,6 +3201,32 @@ var SharedState = class {
       challengeAnalysis: null
     };
   }
+  /**
+   * Reset all state to initial defaults.
+   * Used by /clear command to start a fresh session without recreating the agent.
+   */
+  reset() {
+    this.data = {
+      engagement: null,
+      targets: /* @__PURE__ */ new Map(),
+      findings: [],
+      loot: [],
+      todo: [],
+      actionLog: [],
+      currentPhase: PHASES.RECON,
+      missionSummary: "",
+      missionChecklist: [],
+      ctfMode: true,
+      flags: [],
+      startedAt: Date.now(),
+      deadlineAt: 0,
+      challengeAnalysis: null
+    };
+    this.attackGraph.reset();
+    this.workingMemory.clear();
+    this.episodicMemory.clear();
+    this.dynamicTechniques.clear();
+  }
   // --- Mission & Persistent Context ---
   setMissionSummary(summary) {
     this.data.missionSummary = summary;
@@ -3350,6 +3737,11 @@ var NOISE_CLASSIFICATION = {
 };
 
 // src/shared/utils/binary-analysis.ts
+var RELRO_STATUS = {
+  NO: "no",
+  PARTIAL: "partial",
+  FULL: "full"
+};
 function parseChecksec(output) {
   const info = {};
   if (/x86-64|amd64/i.test(output)) {
@@ -3403,10 +3795,10 @@ function suggestExploitTechniques(info) {
   if (info.pie === true && info.canary === false) {
     suggestions.push("PIE enabled \u2192 Need info leak first (partial overwrite, format string)");
   }
-  if (info.relro === "partial") {
+  if (info.relro === RELRO_STATUS.PARTIAL) {
     suggestions.push("Partial RELRO \u2192 GOT overwrite possible");
   }
-  if (info.relro === "full") {
+  if (info.relro === RELRO_STATUS.FULL) {
     suggestions.push("Full RELRO \u2192 GOT is read-only, try __malloc_hook/__free_hook or stack-based attacks");
   }
   if (info.canary === true) {
@@ -3441,6 +3833,11 @@ function formatBinaryAnalysis(info) {
 }
 
 // src/shared/utils/structured-output.ts
+var PORT_STATE = {
+  OPEN: "open",
+  CLOSED: "closed",
+  FILTERED: "filtered"
+};
 function extractNmapStructured(output) {
   const ports = [];
   const hosts = [];
@@ -3458,8 +3855,8 @@ function extractNmapStructured(output) {
   while ((match = hostRegex.exec(output)) !== null) {
     hosts.push(match[1]);
   }
-  const openCount = ports.filter((p) => p.state === "open").length;
-  const summary = `${hosts.length} host(s), ${openCount} open port(s): ${ports.filter((p) => p.state === "open").map((p) => `${p.port}/${p.service}`).join(", ")}`;
+  const openCount = ports.filter((p) => p.state === PORT_STATE.OPEN).length;
+  const summary = `${hosts.length} host(s), ${openCount} open port(s): ${ports.filter((p) => p.state === PORT_STATE.OPEN).map((p) => `${p.port}/${p.service}`).join(", ")}`;
   return {
     summary,
     structured: { openPorts: ports, hosts }
@@ -4031,7 +4428,7 @@ Resource Safety:
       const action = params.action;
       const processId = params.process_id;
       switch (action) {
-        case "list": {
+        case PROCESS_ACTIONS.LIST: {
           const procs = listBackgroundProcesses();
           if (procs.length === 0) {
             return { success: true, output: "No background processes running.\nNo ports in use." };
@@ -4062,7 +4459,7 @@ Ports in use: ${usedPorts.join(", ")}` : "\nNo ports in use.";
 ${lines.join("\n\n")}${portLine}${eventLines}`
           };
         }
-        case "status": {
+        case PROCESS_ACTIONS.STATUS: {
           if (!processId) return { success: false, output: "", error: "Missing required parameter: process_id" };
           const output = getProcessOutput(processId);
           if (!output) return { success: false, output: "", error: `Process ${processId} not found.` };
@@ -4102,7 +4499,7 @@ ${output.stdout.slice(-SYSTEM_LIMITS.MAX_STDOUT_SLICE) || "(empty)"}
 ${output.stderr.slice(-SYSTEM_LIMITS.MAX_STDERR_SLICE) || "(empty)"}` + connectionHint + interactHint
           };
         }
-        case "interact": {
+        case PROCESS_ACTIONS.INTERACT: {
           if (!processId) return { success: false, output: "", error: "Missing process_id for interact" };
           const cmd = params.command;
           if (!cmd) return { success: false, output: "", error: "Missing command for interact. Provide the command to execute on the target." };
@@ -4120,7 +4517,7 @@ ${result2.newOutput}
 ${result2.output}`
           };
         }
-        case "promote": {
+        case PROCESS_ACTIONS.PROMOTE: {
           if (!processId) return { success: false, output: "", error: "Missing process_id for promote" };
           const desc = params.description;
           const success = promoteToShell(processId, desc);
@@ -4141,11 +4538,11 @@ Next steps:
   5. Begin post-exploitation enumeration: whoami, sudo -l, etc.`
           };
         }
-        case "stop": {
+        case PROCESS_ACTIONS.STOP: {
           if (!processId) return { success: false, output: "", error: "Missing process_id" };
           return stopBackgroundProcess(processId);
         }
-        case "stop_all": {
+        case PROCESS_ACTIONS.STOP_ALL: {
           const procs = listBackgroundProcesses();
           if (procs.length === 0) return { success: true, output: "No background processes to stop." };
           const activeShells = procs.filter((p) => p.role === PROCESS_ROLES.ACTIVE_SHELL && p.isRunning);
@@ -4515,11 +4912,12 @@ Detail: ${detail}
   },
   {
     name: TOOL_NAMES.ADD_FINDING,
-    description: "Add a security finding",
+    description: "Add a security finding. Always include attackPattern for MITRE ATT&CK mapping.",
     parameters: {
       title: { type: "string", description: "Finding title" },
-      severity: { type: "string", description: "Severity" },
-      affected: { type: "array", items: { type: "string" }, description: "Affected host:port" }
+      severity: { type: "string", description: "Severity: critical, high, medium, low, info" },
+      affected: { type: "array", items: { type: "string" }, description: "Affected host:port" },
+      attackPattern: { type: "string", description: "MITRE ATT&CK tactic: initial_access, execution, persistence, privilege_escalation, defense_evasion, credential_access, discovery, lateral_movement, collection, exfiltration, command_and_control, impact" }
     },
     required: ["title", "severity"],
     execute: async (p) => {
@@ -4537,7 +4935,8 @@ Detail: ${detail}
         evidence,
         isVerified: validation.isVerified,
         remediation: "",
-        foundAt: Date.now()
+        foundAt: Date.now(),
+        ...p.attackPattern ? { attackPattern: p.attackPattern } : {}
       });
       const hasExploit = validation.isVerified;
       const target = affected[0] || "unknown";
@@ -5214,6 +5613,11 @@ async function searchWithPlaywright(query) {
 }
 
 // src/engine/tools-mid.ts
+var PORT_STATE2 = {
+  OPEN: "open",
+  CLOSED: "closed",
+  FILTERED: "filtered"
+};
 function getErrorMessage2(error) {
   return error instanceof Error ? error.message : String(error);
 }
@@ -5246,7 +5650,7 @@ async function parseNmap(xmlPath) {
         const serviceMatch = portMatch[0].match(/<service[^>]*name="([^"]*)"(?:[^>]*version="([^"]*)")?/);
         const service = serviceMatch ? serviceMatch[1] : void 0;
         const version = serviceMatch && serviceMatch[2] ? serviceMatch[2] : void 0;
-        if (state === "open") {
+        if (state === PORT_STATE2.OPEN) {
           ports.push({ port, protocol, state, service, version });
           results.summary.openPorts++;
           if (service) results.summary.servicesFound++;
@@ -5816,6 +6220,54 @@ For CVEs not in this list, use web_search to find them.`
 ];
 
 // src/shared/utils/payload-mutator.ts
+var TRANSFORM_TYPE = {
+  URL: "url",
+  DOUBLE_URL: "double_url",
+  TRIPLE_URL: "triple_url",
+  UNICODE: "unicode",
+  HTML_ENTITY_DEC: "html_entity_dec",
+  HTML_ENTITY_HEX: "html_entity_hex",
+  HEX: "hex",
+  OCTAL: "octal",
+  BASE64: "base64",
+  CASE_SWAP: "case_swap",
+  COMMENT_INSERT: "comment_insert",
+  WHITESPACE_ALT: "whitespace_alt",
+  CHAR_FUNCTION: "char_function",
+  CONCAT_SPLIT: "concat_split",
+  NULL_BYTE: "null_byte",
+  REVERSE: "reverse",
+  UTF8_OVERLONG: "utf8_overlong",
+  MIXED_ENCODING: "mixed_encoding",
+  TAG_ALTERNATIVE: "tag_alternative",
+  EVENT_HANDLER: "event_handler",
+  KEYWORD_BYPASS: "keyword_bypass",
+  SPACE_BYPASS: "space_bypass",
+  NO_QUOTES: "no_quotes",
+  JS_ALTERNATIVE: "js_alternative"
+};
+var PAYLOAD_CONTEXT = {
+  URL_PATH: "url_path",
+  URL_PARAM: "url_param",
+  POST_BODY: "post_body",
+  JSON_BODY: "json_body",
+  XML_BODY: "xml_body",
+  HTML_BODY: "html_body",
+  HTML_ATTR: "html_attr",
+  JS_STRING: "js_string",
+  SQL_STRING: "sql_string",
+  SQL_NUMERIC: "sql_numeric",
+  SHELL_CMD: "shell_cmd",
+  HTTP_HEADER: "http_header",
+  COOKIE: "cookie",
+  GENERIC: "generic"
+};
+var DATABASE_TYPE = {
+  MYSQL: "mysql",
+  MSSQL: "mssql",
+  POSTGRESQL: "pg",
+  ORACLE: "oracle"
+};
 function urlEncode(s) {
   return [...s].map((c) => {
     const code = c.charCodeAt(0);
@@ -5876,12 +6328,12 @@ function whitespaceAlt(s) {
   const alt = alts[Math.floor(Math.random() * alts.length)];
   return s.replace(/ /g, alt);
 }
-function charFunction(s, dbType = "mysql") {
+function charFunction(s, dbType = DATABASE_TYPE.MYSQL) {
   const chars = [...s].map((c) => c.charCodeAt(0));
-  if (dbType === "mysql") {
+  if (dbType === DATABASE_TYPE.MYSQL) {
     return `CHAR(${chars.join(",")})`;
   }
-  if (dbType === "mssql") {
+  if (dbType === DATABASE_TYPE.MSSQL) {
     return chars.map((c) => `CHAR(${c})`).join("+");
   }
   return chars.map((c) => `CHR(${c})`).join("||");
@@ -5966,78 +6418,78 @@ function mutatePayload(request) {
   const activeTransforms = transforms || getDefaultTransforms(context);
   for (const transform of activeTransforms) {
     switch (transform) {
-      case "url":
+      case TRANSFORM_TYPE.URL:
         variants.push({ payload: urlEncode(payload), transform: "url", description: "URL encoded (special chars only)" });
         variants.push({ payload: urlEncodeAll(payload), transform: "url_full", description: "URL encoded (all chars)" });
         break;
-      case "double_url":
+      case TRANSFORM_TYPE.DOUBLE_URL:
         variants.push({ payload: doubleUrlEncode(payload), transform: "double_url", description: "Double URL encoded" });
         break;
-      case "triple_url":
+      case TRANSFORM_TYPE.TRIPLE_URL:
         variants.push({ payload: tripleUrlEncode(payload), transform: "triple_url", description: "Triple URL encoded" });
         break;
-      case "unicode":
+      case TRANSFORM_TYPE.UNICODE:
         variants.push({ payload: unicodeEncode(payload), transform: "unicode", description: "Unicode escape sequences" });
         break;
-      case "html_entity_dec":
+      case TRANSFORM_TYPE.HTML_ENTITY_DEC:
         variants.push({ payload: htmlEntityDec(payload), transform: "html_entity_dec", description: "HTML decimal entities" });
         break;
-      case "html_entity_hex":
+      case TRANSFORM_TYPE.HTML_ENTITY_HEX:
         variants.push({ payload: htmlEntityHex(payload), transform: "html_entity_hex", description: "HTML hex entities" });
         break;
-      case "hex":
+      case TRANSFORM_TYPE.HEX:
         variants.push({ payload: hexEncode(payload), transform: "hex", description: "Hex encoded" });
         break;
-      case "octal":
+      case TRANSFORM_TYPE.OCTAL:
         variants.push({ payload: octalEncode(payload), transform: "octal", description: "Octal encoded" });
         break;
-      case "base64":
+      case TRANSFORM_TYPE.BASE64:
         variants.push({ payload: base64Encode(payload), transform: "base64", description: "Base64 encoded" });
         break;
-      case "case_swap":
+      case TRANSFORM_TYPE.CASE_SWAP:
         for (let i = 0; i < 3; i++) {
           variants.push({ payload: caseSwap(payload), transform: "case_swap", description: `Case variation ${i + 1}` });
         }
         break;
-      case "comment_insert":
+      case TRANSFORM_TYPE.COMMENT_INSERT:
         variants.push({ payload: commentInsert(payload), transform: "comment_insert", description: "SQL comments in keywords" });
         break;
-      case "whitespace_alt":
+      case TRANSFORM_TYPE.WHITESPACE_ALT:
         variants.push({ payload: whitespaceAlt(payload), transform: "whitespace_alt", description: "Alternative whitespace chars" });
         variants.push({ payload: payload.replace(/ /g, "/**/"), transform: "whitespace_comment", description: "Comment as whitespace" });
         variants.push({ payload: payload.replace(/ /g, "+"), transform: "whitespace_plus", description: "Plus as whitespace" });
         break;
-      case "char_function":
+      case TRANSFORM_TYPE.CHAR_FUNCTION:
         variants.push({ payload: charFunction(payload, "mysql"), transform: "char_mysql", description: "MySQL CHAR() encoding" });
         variants.push({ payload: charFunction(payload, "mssql"), transform: "char_mssql", description: "MSSQL CHAR() encoding" });
         variants.push({ payload: charFunction(payload, "pg"), transform: "char_pg", description: "PostgreSQL CHR() encoding" });
         break;
-      case "concat_split":
+      case TRANSFORM_TYPE.CONCAT_SPLIT:
         variants.push({ payload: concatSplit(payload), transform: "concat_split", description: "String split via CONCAT" });
         break;
-      case "null_byte":
+      case TRANSFORM_TYPE.NULL_BYTE:
         variants.push({ payload: nullByteAppend(payload), transform: "null_byte", description: "Null byte appended" });
         variants.push({ payload: payload + "%00.jpg", transform: "null_byte_ext", description: "Null byte + fake extension" });
         break;
-      case "reverse":
+      case TRANSFORM_TYPE.REVERSE:
         variants.push({ payload: reversePayload(payload), transform: "reverse", description: "Reversed (use with rev | sh)" });
         break;
-      case "utf8_overlong":
+      case TRANSFORM_TYPE.UTF8_OVERLONG:
         variants.push({ payload: utf8Overlong(payload), transform: "utf8_overlong", description: "UTF-8 overlong sequences" });
         break;
-      case "mixed_encoding":
+      case TRANSFORM_TYPE.MIXED_ENCODING:
         variants.push({ payload: mixedEncoding(payload), transform: "mixed_encoding", description: "Mixed encoding (partial)" });
         break;
-      case "tag_alternative":
-      case "event_handler":
-      case "js_alternative":
+      case TRANSFORM_TYPE.TAG_ALTERNATIVE:
+      case TRANSFORM_TYPE.EVENT_HANDLER:
+      case TRANSFORM_TYPE.JS_ALTERNATIVE:
         variants.push(...generateXssAlternatives(payload));
         break;
-      case "keyword_bypass":
+      case TRANSFORM_TYPE.KEYWORD_BYPASS:
         variants.push({ payload: keywordBypass(payload), transform: "keyword_bypass", description: "Quote-inserted keyword bypass" });
         variants.push({ payload: spaceBypass(payload), transform: "space_bypass", description: "$IFS space bypass" });
         break;
-      case "space_bypass":
+      case TRANSFORM_TYPE.SPACE_BYPASS:
         variants.push({ payload: payload.replace(/ /g, "${IFS}"), transform: "ifs", description: "$IFS space bypass" });
         variants.push({ payload: payload.replace(/ /g, "%09"), transform: "tab", description: "Tab space bypass" });
         variants.push({ payload: payload.replace(/ /g, "<"), transform: "redirect", description: "Redirect as separator" });
@@ -6059,52 +6511,52 @@ function mutatePayload(request) {
 }
 function getDefaultTransforms(context) {
   switch (context) {
-    case "url_path":
-    case "url_param":
-      return ["url", "double_url", "unicode", "utf8_overlong", "mixed_encoding", "null_byte"];
-    case "html_body":
-      return ["html_entity_dec", "html_entity_hex", "unicode", "tag_alternative", "event_handler", "js_alternative"];
-    case "html_attr":
-      return ["html_entity_dec", "html_entity_hex", "event_handler"];
-    case "js_string":
-      return ["unicode", "hex", "base64", "js_alternative"];
-    case "sql_string":
-    case "sql_numeric":
-      return ["case_swap", "comment_insert", "whitespace_alt", "char_function", "concat_split", "url", "double_url"];
-    case "shell_cmd":
-      return ["keyword_bypass", "space_bypass", "base64", "reverse", "hex", "octal"];
-    case "xml_body":
-      return ["html_entity_dec", "html_entity_hex", "unicode"];
-    case "json_body":
-      return ["unicode"];
-    case "http_header":
-    case "cookie":
-      return ["url", "double_url", "base64"];
+    case PAYLOAD_CONTEXT.URL_PATH:
+    case PAYLOAD_CONTEXT.URL_PARAM:
+      return [TRANSFORM_TYPE.URL, TRANSFORM_TYPE.DOUBLE_URL, TRANSFORM_TYPE.UNICODE, TRANSFORM_TYPE.UTF8_OVERLONG, TRANSFORM_TYPE.MIXED_ENCODING, TRANSFORM_TYPE.NULL_BYTE];
+    case PAYLOAD_CONTEXT.HTML_BODY:
+      return [TRANSFORM_TYPE.HTML_ENTITY_DEC, TRANSFORM_TYPE.HTML_ENTITY_HEX, TRANSFORM_TYPE.UNICODE, TRANSFORM_TYPE.TAG_ALTERNATIVE, TRANSFORM_TYPE.EVENT_HANDLER, TRANSFORM_TYPE.JS_ALTERNATIVE];
+    case PAYLOAD_CONTEXT.HTML_ATTR:
+      return [TRANSFORM_TYPE.HTML_ENTITY_DEC, TRANSFORM_TYPE.HTML_ENTITY_HEX, TRANSFORM_TYPE.EVENT_HANDLER];
+    case PAYLOAD_CONTEXT.JS_STRING:
+      return [TRANSFORM_TYPE.UNICODE, TRANSFORM_TYPE.HEX, TRANSFORM_TYPE.BASE64, TRANSFORM_TYPE.JS_ALTERNATIVE];
+    case PAYLOAD_CONTEXT.SQL_STRING:
+    case PAYLOAD_CONTEXT.SQL_NUMERIC:
+      return [TRANSFORM_TYPE.CASE_SWAP, TRANSFORM_TYPE.COMMENT_INSERT, TRANSFORM_TYPE.WHITESPACE_ALT, TRANSFORM_TYPE.CHAR_FUNCTION, TRANSFORM_TYPE.CONCAT_SPLIT, TRANSFORM_TYPE.URL, TRANSFORM_TYPE.DOUBLE_URL];
+    case PAYLOAD_CONTEXT.SHELL_CMD:
+      return [TRANSFORM_TYPE.KEYWORD_BYPASS, TRANSFORM_TYPE.SPACE_BYPASS, TRANSFORM_TYPE.BASE64, TRANSFORM_TYPE.REVERSE, TRANSFORM_TYPE.HEX, TRANSFORM_TYPE.OCTAL];
+    case PAYLOAD_CONTEXT.XML_BODY:
+      return [TRANSFORM_TYPE.HTML_ENTITY_DEC, TRANSFORM_TYPE.HTML_ENTITY_HEX, TRANSFORM_TYPE.UNICODE];
+    case PAYLOAD_CONTEXT.JSON_BODY:
+      return [TRANSFORM_TYPE.UNICODE];
+    case PAYLOAD_CONTEXT.HTTP_HEADER:
+    case PAYLOAD_CONTEXT.COOKIE:
+      return [TRANSFORM_TYPE.URL, TRANSFORM_TYPE.DOUBLE_URL, TRANSFORM_TYPE.BASE64];
     default:
-      return ["url", "double_url", "html_entity_dec", "unicode", "base64", "case_swap"];
+      return [TRANSFORM_TYPE.URL, TRANSFORM_TYPE.DOUBLE_URL, TRANSFORM_TYPE.HTML_ENTITY_DEC, TRANSFORM_TYPE.UNICODE, TRANSFORM_TYPE.BASE64, TRANSFORM_TYPE.CASE_SWAP];
   }
 }
 function getContextRecommendations(context, variantCount) {
   const recs = [];
   recs.push(`Generated ${variantCount} variants for context: ${context}`);
   switch (context) {
-    case "url_param":
+    case PAYLOAD_CONTEXT.URL_PARAM:
       recs.push("If all URL encoding fails: try HTTP Parameter Pollution (send same param twice)");
       recs.push("Try switching GET \u2192 POST or changing Content-Type");
       recs.push("Check if WebSocket endpoint exists (often unfiltered)");
       break;
-    case "sql_string":
-    case "sql_numeric":
+    case PAYLOAD_CONTEXT.SQL_STRING:
+    case PAYLOAD_CONTEXT.SQL_NUMERIC:
       recs.push("If inline comments fail: try MySQL version comments /*!50000SELECT*/");
       recs.push("Try time-based blind if error/union payloads are blocked");
       recs.push("Use sqlmap with --tamper scripts for automated bypass");
       break;
-    case "html_body":
+    case PAYLOAD_CONTEXT.HTML_BODY:
       recs.push("If common XSS tags blocked: try SVG, MathML, mutation XSS");
       recs.push("Check CSP header \u2014 it determines what JS execution is possible");
       recs.push("Try DOM-based XSS via document.location, innerHTML, postMessage");
       break;
-    case "shell_cmd":
+    case PAYLOAD_CONTEXT.SHELL_CMD:
       recs.push("Use ${IFS} for space, quotes for keyword bypass, base64 for full obfuscation");
       recs.push("Try: echo PAYLOAD_BASE64 | base64 -d | sh");
       recs.push("Variable concatenation: a=c;b=at;$a$b /etc/passwd");
@@ -6342,6 +6794,9 @@ var globalCredentialHandler = null;
 function setCredentialHandler(handler) {
   globalCredentialHandler = handler;
 }
+function clearCredentialHandler() {
+  globalCredentialHandler = null;
+}
 async function requestCredential(request) {
   if (!globalCredentialHandler) {
     return {
@@ -7539,6 +7994,11 @@ var FILE_SHARING_CONFIG = {
 };
 
 // src/domains/cloud/tools.ts
+var CLOUD_PROVIDER = {
+  AWS: "aws",
+  AZURE: "azure",
+  GCP: "gcp"
+};
 var CLOUD_TOOLS = [
   {
     name: TOOL_NAMES.AWS_S3_CHECK,
@@ -7561,8 +8021,8 @@ var CLOUD_TOOLS = [
     required: ["provider"],
     execute: async (params) => {
       const provider = params.provider;
-      if (provider === "aws") return await runCommand("curl", ["http://169.254.169.254/latest/meta-data/"]);
-      if (provider === "azure") return await runCommand("curl", ["-H", "Metadata:true", "http://169.254.169.254/metadata/instance?api-version=2021-02-01"]);
+      if (provider === CLOUD_PROVIDER.AWS) return await runCommand("curl", ["http://169.254.169.254/latest/meta-data/"]);
+      if (provider === CLOUD_PROVIDER.AZURE) return await runCommand("curl", ["-H", "Metadata:true", "http://169.254.169.254/metadata/instance?api-version=2021-02-01"]);
       return await runCommand("curl", ["-H", "Metadata-Flavor: Google", "http://metadata.google.internal/computeMetadata/v1/"]);
     }
   }
@@ -8220,6 +8680,12 @@ var LLM_ERROR_TYPES = {
 
 // src/engine/llm-types.ts
 var HTTP_STATUS = { BAD_REQUEST: 400, UNAUTHORIZED: 401, FORBIDDEN: 403, RATE_LIMIT: 429 };
+var NETWORK_ERROR_CODES = {
+  ECONNRESET: "ECONNRESET",
+  ETIMEDOUT: "ETIMEDOUT",
+  ENOTFOUND: "ENOTFOUND",
+  CONNECT_TIMEOUT: "UND_ERR_CONNECT_TIMEOUT"
+};
 var LLMError = class extends Error {
   /** Structured error information */
   errorInfo;
@@ -8242,10 +8708,10 @@ function classifyError(error) {
   if (statusCode === HTTP_STATUS.BAD_REQUEST) {
     return { type: LLM_ERROR_TYPES.INVALID_REQUEST, message: errorMessage, statusCode, isRetryable: false, suggestedAction: "Modify request" };
   }
-  if (e.code === "ECONNRESET" || e.code === "ETIMEDOUT" || e.code === "ENOTFOUND") {
+  if (e.code === NETWORK_ERROR_CODES.ECONNRESET || e.code === NETWORK_ERROR_CODES.ETIMEDOUT || e.code === NETWORK_ERROR_CODES.ENOTFOUND) {
     return { type: LLM_ERROR_TYPES.NETWORK_ERROR, message: errorMessage, isRetryable: true, suggestedAction: "Check network" };
   }
-  if (errorMessage.toLowerCase().includes("timeout") || e.code === "UND_ERR_CONNECT_TIMEOUT") {
+  if (errorMessage.toLowerCase().includes("timeout") || e.code === NETWORK_ERROR_CODES.CONNECT_TIMEOUT) {
     return { type: LLM_ERROR_TYPES.TIMEOUT, message: errorMessage, isRetryable: true, suggestedAction: "Retry" };
   }
   return { type: LLM_ERROR_TYPES.UNKNOWN, message: errorMessage, statusCode, isRetryable: false, suggestedAction: "Analyze error" };
@@ -8591,7 +9057,7 @@ var __filename2 = fileURLToPath3(import.meta.url);
 var __dirname3 = dirname4(__filename2);
 
 // src/engine/state-persistence.ts
-import { writeFileSync as writeFileSync6, readFileSync as readFileSync4, existsSync as existsSync6, readdirSync, statSync, unlinkSync as unlinkSync4 } from "fs";
+import { writeFileSync as writeFileSync6, readFileSync as readFileSync4, existsSync as existsSync6, readdirSync, statSync, unlinkSync as unlinkSync4, rmSync } from "fs";
 import { join as join9 } from "path";
 function saveState(state) {
   const sessionsDir = WORKSPACE.SESSIONS;
@@ -8673,6 +9139,28 @@ function loadState(state) {
     return false;
   }
 }
+function clearWorkspace() {
+  const cleared = [];
+  const errors = [];
+  const dirsToClean = [
+    { path: WORKSPACE.SESSIONS, label: "sessions" },
+    { path: WORKSPACE.DEBUG, label: "debug logs" },
+    { path: WORKSPACE.TEMP, label: "temp files" },
+    { path: WORKSPACE.OUTPUTS, label: "outputs" }
+  ];
+  for (const dir of dirsToClean) {
+    try {
+      if (existsSync6(dir.path)) {
+        rmSync(dir.path, { recursive: true, force: true });
+        ensureDirExists(dir.path);
+        cleared.push(dir.label);
+      }
+    } catch (err) {
+      errors.push(`${dir.label}: ${err instanceof Error ? err.message : String(err)}`);
+    }
+  }
+  return { cleared, errors };
+}
 
 // src/agents/tool-error-enrichment.ts
 function enrichToolErrorContext(ctx) {
@@ -10551,6 +11039,17 @@ var MainAgent = class extends CoreAgent {
   isCtfMode() {
     return this.state.isCtfMode();
   }
+  /**
+   * Full session reset — clears state, workspace files, and background processes.
+   * Used by /clear command for a complete fresh start.
+   */
+  async resetSession() {
+    await cleanupAllProcesses().catch(() => {
+    });
+    this.state.reset();
+    this.userInput = "";
+    return clearWorkspace();
+  }
   setScope(allowed, exclusions = []) {
     this.state.setScope({
       allowedCidrs: allowed.filter((a) => a.includes("/")),
@@ -10679,10 +11178,10 @@ var THEME = {
     // Amber
     error: "#ef4444",
     // Red
-    info: "#0ea5e9",
-    // Sky
-    running: "#38bdf8",
-    // Bright Sky
+    info: "#3b82f6",
+    // Blue 500 (distinct from user sky)
+    running: "#60a5fa",
+    // Blue 400 (AI activity — distinct from user sky)
     pending: "#64748b"
     // Slate
   },
@@ -10702,14 +11201,16 @@ var THEME = {
   // Border colors
   border: {
     default: "#1e293b",
-    focus: "#38bdf8",
+    focus: "#7dd3fc",
+    // Sky 300 (softer, UI decorative)
     error: "#ef4444",
     success: "#22c55e"
   },
   // Phase colors
   phase: {
     recon: "#94a3b8",
-    enum: "#38bdf8",
+    enum: "#60a5fa",
+    // Blue 400 (phase indicator)
     vuln: "#f59e0b",
     exploit: "#ef4444",
     privesc: "#8b5cf6",
@@ -10759,10 +11260,12 @@ var THEME = {
     gold: ["#f59e0b", "#78350f"],
     royal: ["#818cf8", "#312e81"]
   },
-  // Spinner color (Sky blue)
-  spinner: "#38bdf8",
-  // Identity color
-  identity: "#38bdf8"
+  // Spinner color (soft sky — UI feedback, not user input)
+  spinner: "#7dd3fc",
+  // Sky 300
+  // Identity color (branded accent)
+  identity: "#60a5fa"
+  // Blue 400
 };
 var ASCII_BANNER = `
     ____             __              __  _             
@@ -10868,30 +11371,46 @@ var MESSAGE_STYLES = {
     status: "\u25C8"
   }
 };
+var COMMAND_DEFINITIONS = [
+  { name: "target", alias: "t", args: "<ip>", description: "Set target IP or domain" },
+  { name: "start", alias: "s", args: "[goal]", description: "Start autonomous pentest" },
+  { name: "findings", alias: "f", description: "Show discovered vulnerabilities" },
+  { name: "graph", alias: "g", description: "Visualize the attack graph" },
+  { name: "paths", alias: "p", description: "Show ranked attack paths" },
+  { name: "assets", alias: "a", description: "List background processes" },
+  { name: "logs", alias: "l", args: "<id>", description: "Show logs for an asset" },
+  { name: "ctf", description: "Toggle CTF mode" },
+  { name: "auto", description: "Toggle auto-approve mode" },
+  { name: "clear", alias: "c", description: "Reset session & clean workspace" },
+  { name: "help", alias: "h", description: "Show detailed help" },
+  { name: "exit", alias: "q", description: "Exit the application" }
+];
+function getMatchingCommands(partial) {
+  const lower = partial.toLowerCase();
+  if (!lower) return COMMAND_DEFINITIONS;
+  return COMMAND_DEFINITIONS.filter(
+    (cmd) => cmd.name.startsWith(lower) || cmd.alias && cmd.alias.startsWith(lower)
+  );
+}
 var HELP_TEXT = `
 \u2500\u2500 Commands \u2500\u2500
-/target <ip>     Set target IP/domain
-/start [goal]    Start autonomous pentest (auto-approve enabled)
-/findings        Show discovered vulnerabilities
-/assets          List active background processes (listeners, shells)
-/logs <id>       Show full logs for a specific asset
-/ctf             Toggle CTF mode (default: ON)
-/auto            Toggle auto-approve mode
-/clear           Clear screen
-/exit            Exit
+${COMMAND_DEFINITIONS.map((cmd) => {
+  const usage = `/${cmd.name}${cmd.args ? " " + cmd.args : ""}`;
+  const alias = cmd.alias ? ` (/${cmd.alias})` : "";
+  return `${usage.padEnd(18)}${alias.padEnd(8)} ${cmd.description}`;
+}).join("\n")}
 
 \u2500\u2500 Features \u2500\u2500
 \u2022 Auto-install missing tools (apt/brew)
 \u2022 Transparent command execution
 \u2022 Interactive sudo password input
 \u2022 CTF mode: Auto flag detection & CTF-specific prompts
+\u2022 Attack graph: Tracks discovered paths & prevents repeating failures
 
-\u2500\u2500 Examples \u2500\u2500
-/target 192.168.1.1
-/start "Full pentest on target"
-/findings
-/ctf             (toggle CTF/standard mode)
-/auto            (toggle approval mode)
+\u2500\u2500 Tips \u2500\u2500
+\u2022 Type / and press Tab to autocomplete commands
+\u2022 /clear resets the entire session (messages, state, .pentesting data)
+\u2022 /start automatically enables auto-approve for hands-free operation
 `;
 
 // src/platform/tui/hooks/useAgentState.ts
@@ -11110,6 +11629,9 @@ var useAgentEvents = (agent, eventsRef, state) => {
     return () => {
       events.removeAllListeners();
       clearAllTimers();
+      clearInputHandler();
+      clearCredentialHandler();
+      clearCommandEventEmitter();
     };
   }, [
     agent,
@@ -11215,6 +11737,7 @@ var useAgent = (shouldAutoApprove, target) => {
     inputRequest,
     setInputRequest,
     stats,
+    setStats,
     lastResponseMetaRef,
     addMessage,
     manageTimer,
@@ -11262,6 +11785,17 @@ var useAgent = (shouldAutoApprove, target) => {
       addMessage("system", "Input cancelled");
     }
   }, [setInputRequest, addMessage]);
+  const refreshStats = useCallback2(() => {
+    const s = agent.getState();
+    setStats({
+      phase: s.getPhase() || PHASES.RECON,
+      targets: s.getTargets().size,
+      findings: s.getFindings().length,
+      todo: s.getTodo().length
+    });
+    resetCumulativeCounters();
+    setCurrentStatus("");
+  }, [agent, setStats, resetCumulativeCounters, setCurrentStatus]);
   return {
     agent,
     messages,
@@ -11277,7 +11811,8 @@ var useAgent = (shouldAutoApprove, target) => {
     executeTask,
     abort,
     cancelInputRequest,
-    addMessage
+    addMessage,
+    refreshStats
   };
 };
 
@@ -11532,9 +12067,11 @@ var StatusDisplay = ({
 };
 
 // src/platform/tui/components/ChatInput.tsx
-import { Box as Box4, Text as Text5 } from "ink";
+import { useMemo, useCallback as useCallback3, useRef as useRef3 } from "react";
+import { Box as Box4, Text as Text5, useInput } from "ink";
 import TextInput from "ink-text-input";
 import { jsx as jsx5, jsxs as jsxs4 } from "react/jsx-runtime";
+var MAX_SUGGESTIONS = 6;
 var ChatInput = ({
   value,
   onChange,
@@ -11545,43 +12082,100 @@ var ChatInput = ({
   setSecretInput,
   onSecretSubmit
 }) => {
-  return /* @__PURE__ */ jsx5(
-    Box4,
-    {
-      borderStyle: "single",
-      borderColor: inputRequest.isActive ? THEME.status.warning : THEME.border.default,
-      paddingX: 1,
-      children: inputRequest.isActive ? /* @__PURE__ */ jsxs4(Box4, { children: [
-        /* @__PURE__ */ jsx5(Text5, { color: THEME.status.warning, children: "\u{1F512}" }),
-        /* @__PURE__ */ jsxs4(Text5, { color: THEME.text.muted, children: [
-          " ",
-          inputRequest.prompt
-        ] }),
-        /* @__PURE__ */ jsx5(
-          TextInput,
-          {
-            value: secretInput,
-            onChange: setSecretInput,
-            onSubmit: onSecretSubmit,
-            placeholder: "...",
-            mask: inputRequest.isPassword ? "\u2022" : void 0
-          }
-        )
-      ] }) : /* @__PURE__ */ jsxs4(Box4, { children: [
-        /* @__PURE__ */ jsx5(Text5, { color: THEME.text.secondary, children: "\u25B8" }),
-        /* @__PURE__ */ jsx5(Text5, { children: " " }),
-        /* @__PURE__ */ jsx5(
-          TextInput,
-          {
-            value,
-            onChange,
-            onSubmit,
-            placeholder
-          }
-        )
-      ] })
-    }
-  );
+  const isSlashMode = value.startsWith("/");
+  const partialCmd = isSlashMode ? value.slice(1).split(" ")[0] : "";
+  const hasArgs = isSlashMode && value.includes(" ");
+  const suggestions = useMemo(() => {
+    if (!isSlashMode || hasArgs) return [];
+    return getMatchingCommands(partialCmd).slice(0, MAX_SUGGESTIONS);
+  }, [isSlashMode, partialCmd, hasArgs]);
+  const showPreview = isSlashMode && !hasArgs && suggestions.length > 0;
+  const suggestionsRef = useRef3(suggestions);
+  suggestionsRef.current = suggestions;
+  const isSlashModeRef = useRef3(isSlashMode);
+  isSlashModeRef.current = isSlashMode;
+  const hasArgsRef = useRef3(hasArgs);
+  hasArgsRef.current = hasArgs;
+  const inputRequestRef = useRef3(inputRequest);
+  inputRequestRef.current = inputRequest;
+  const onChangeRef = useRef3(onChange);
+  onChangeRef.current = onChange;
+  useInput(useCallback3((_input, key) => {
+    if (inputRequestRef.current.isActive) return;
+    if (key.tab && isSlashModeRef.current && !hasArgsRef.current && suggestionsRef.current.length > 0) {
+      const best = suggestionsRef.current[0];
+      const argsHint = best.args ? " " : "";
+      onChangeRef.current(`/${best.name}${argsHint}`);
+    }
+  }, []));
+  return /* @__PURE__ */ jsxs4(Box4, { flexDirection: "column", children: [
+    showPreview && /* @__PURE__ */ jsx5(
+      Box4,
+      {
+        flexDirection: "column",
+        borderStyle: "single",
+        borderColor: THEME.border.default,
+        paddingX: 1,
+        marginBottom: 0,
+        children: suggestions.map((cmd, i) => {
+          const isFirst = i === 0;
+          const nameColor = isFirst ? THEME.text.accent : THEME.text.secondary;
+          const aliasText = cmd.alias ? ` /${cmd.alias}` : "";
+          const argsText = cmd.args ? ` ${cmd.args}` : "";
+          return /* @__PURE__ */ jsxs4(Box4, { children: [
+            /* @__PURE__ */ jsxs4(Text5, { color: nameColor, bold: isFirst, children: [
+              "/",
+              cmd.name
+            ] }),
+            /* @__PURE__ */ jsx5(Text5, { color: THEME.text.muted, children: argsText }),
+            aliasText && /* @__PURE__ */ jsx5(Text5, { color: THEME.text.muted, children: aliasText }),
+            /* @__PURE__ */ jsxs4(Text5, { color: THEME.text.muted, children: [
+              " \u2014 ",
+              cmd.description
+            ] }),
+            isFirst && /* @__PURE__ */ jsx5(Text5, { color: THEME.accent.cyan, children: " \u21E5 Tab" })
+          ] }, cmd.name);
+        })
+      }
+    ),
+    /* @__PURE__ */ jsx5(
+      Box4,
+      {
+        borderStyle: "single",
+        borderColor: inputRequest.isActive ? THEME.status.warning : THEME.border.default,
+        paddingX: 1,
+        children: inputRequest.isActive ? /* @__PURE__ */ jsxs4(Box4, { children: [
+          /* @__PURE__ */ jsx5(Text5, { color: THEME.status.warning, children: "\u{1F512}" }),
+          /* @__PURE__ */ jsxs4(Text5, { color: THEME.text.muted, children: [
+            " ",
+            inputRequest.prompt
+          ] }),
+          /* @__PURE__ */ jsx5(
+            TextInput,
+            {
+              value: secretInput,
+              onChange: setSecretInput,
+              onSubmit: onSecretSubmit,
+              placeholder: "...",
+              mask: inputRequest.isPassword ? "\u2022" : void 0
+            }
+          )
+        ] }) : /* @__PURE__ */ jsxs4(Box4, { children: [
+          /* @__PURE__ */ jsx5(Text5, { color: THEME.text.secondary, children: "\u25B8" }),
+          /* @__PURE__ */ jsx5(Text5, { children: " " }),
+          /* @__PURE__ */ jsx5(
+            TextInput,
+            {
+              value,
+              onChange,
+              onSubmit,
+              placeholder
+            }
+          )
+        ] })
+      }
+    )
+  ] });
 };
 
 // src/platform/tui/components/footer.tsx
@@ -11655,15 +12249,16 @@ var App = ({ autoApprove = false, target }) => {
     executeTask,
     abort,
     cancelInputRequest,
-    addMessage
+    addMessage,
+    refreshStats
   } = useAgent(autoApproveMode, target);
-  const isProcessingRef = useRef3(isProcessing);
+  const isProcessingRef = useRef4(isProcessing);
   isProcessingRef.current = isProcessing;
-  const autoApproveModeRef = useRef3(autoApproveMode);
+  const autoApproveModeRef = useRef4(autoApproveMode);
   autoApproveModeRef.current = autoApproveMode;
-  const inputRequestRef = useRef3(inputRequest);
+  const inputRequestRef = useRef4(inputRequest);
   inputRequestRef.current = inputRequest;
-  const handleExit = useCallback3(() => {
+  const handleExit = useCallback4(() => {
     const ir = inputRequestRef.current;
     if (ir.isActive && ir.resolve) ir.resolve(null);
     cleanupAllProcesses().catch(() => {
@@ -11671,16 +12266,31 @@ var App = ({ autoApprove = false, target }) => {
     exit();
     setTimeout(() => process.exit(0), DISPLAY_LIMITS.EXIT_DELAY);
   }, [exit]);
-  const handleCommand = useCallback3(async (cmd, args) => {
+  const handleCommand = useCallback4(async (cmd, args) => {
     switch (cmd) {
       case UI_COMMANDS.HELP:
       case UI_COMMANDS.HELP_SHORT:
         addMessage("system", HELP_TEXT);
         break;
       case UI_COMMANDS.CLEAR:
-      case UI_COMMANDS.CLEAR_SHORT:
+      case UI_COMMANDS.CLEAR_SHORT: {
+        if (isProcessingRef.current) {
+          addMessage("error", "Cannot /clear while agent is running. Press Esc to abort first.");
+          break;
+        }
         setMessages([]);
+        const result2 = await agent.resetSession();
+        if (result2.cleared.length > 0) {
+          addMessage("system", `\u{1F9F9} Session reset \u2014 cleared: ${result2.cleared.join(", ")}`);
+        } else {
+          addMessage("system", "\u{1F9F9} Session reset \u2014 all clean");
+        }
+        if (result2.errors.length > 0) {
+          addMessage("error", `Cleanup errors: ${result2.errors.join("; ")}`);
+        }
+        refreshStats();
         break;
+      }
       case UI_COMMANDS.TARGET:
       case UI_COMMANDS.TARGET_SHORT:
         if (!args[0]) {
@@ -11715,7 +12325,7 @@ var App = ({ autoApprove = false, target }) => {
           break;
         }
         addMessage("system", `--- ${findings.length} Findings ---`);
-        findings.forEach((f) => addMessage("system", `[${f.severity}] ${f.title}`));
+        findings.forEach((f) => addMessage("system", `[${f.severity}] ${f.title}${f.attackPattern ? ` (ATT&CK: ${f.attackPattern})` : ""}`));
         break;
       case UI_COMMANDS.ASSETS:
       case UI_COMMANDS.ASSETS_SHORT:
@@ -11740,7 +12350,15 @@ ${procData.stdout || "(no output)"}
         const ctfEnabled = agent.toggleCtfMode();
         addMessage("system", ctfEnabled ? "\u{1F3F4} CTF mode ON \u2014 flag detection active, CTF prompts loaded" : "\u{1F512} CTF mode OFF \u2014 standard pentest mode");
         break;
-      case "auto":
+      case UI_COMMANDS.GRAPH:
+      case UI_COMMANDS.GRAPH_SHORT:
+        addMessage("system", agent.getState().attackGraph.toASCII());
+        break;
+      case UI_COMMANDS.PATHS:
+      case UI_COMMANDS.PATHS_SHORT:
+        addMessage("system", agent.getState().attackGraph.toPathsList());
+        break;
+      case UI_COMMANDS.AUTO:
         setAutoApproveMode((prev) => {
           const newVal = !prev;
           agent.setAutoApprove(newVal);
@@ -11756,8 +12374,8 @@ ${procData.stdout || "(no output)"}
       default:
         addMessage("error", `Unknown command: /${cmd}`);
     }
-  }, [agent, addMessage, executeTask, setMessages, handleExit]);
-  const handleSubmit = useCallback3(async (value) => {
+  }, [agent, addMessage, executeTask, setMessages, handleExit, refreshStats]);
+  const handleSubmit = useCallback4(async (value) => {
     const trimmed = value.trim();
     if (!trimmed) return;
     setInput("");
@@ -11769,7 +12387,7 @@ ${procData.stdout || "(no output)"}
       await executeTask(trimmed);
     }
   }, [addMessage, executeTask, handleCommand]);
-  const handleSecretSubmit = useCallback3((value) => {
+  const handleSecretSubmit = useCallback4((value) => {
     const ir = inputRequestRef.current;
     if (!ir.isActive || !ir.resolve) return;
     const displayText = ir.isPassword ? "\u2022".repeat(value.length) : value;
@@ -11779,7 +12397,7 @@ ${procData.stdout || "(no output)"}
     setInputRequest({ isActive: false, prompt: "", isPassword: false, resolve: null });
     setSecretInput("");
   }, [addMessage, setInputRequest]);
-  useInput(useCallback3((ch, key) => {
+  useInput2(useCallback4((ch, key) => {
     if (key.escape) {
       if (inputRequestRef.current.isActive) cancelInputRequest();
       else if (isProcessingRef.current) abort();
@@ -11870,7 +12488,7 @@ program.command("interactive", { isDefault: true }).alias("i").description("Star
   console.clear();
   console.log(gradient([...THEME.gradient.cyber]).multiline(ASCII_BANNER));
   console.log(
-    "   " + chalk.hex(THEME.text.secondary)(`v${APP_VERSION}`) + chalk.hex(THEME.text.muted)(" \u2502 ") + chalk.hex(THEME.text.accent)("Type /help for commands") + "\n"
+    "   " + chalk.hex(THEME.text.secondary)(`v${APP_VERSION}`) + chalk.hex(THEME.text.muted)(" \u2502 ") + chalk.hex(THEME.accent.blue)("Type /help for commands") + "\n"
   );
   if (skipPermissions) {
     console.log(chalk.hex(THEME.status.error)("[!] WARNING: Running with --dangerously-skip-permissions"));
@@ -11894,7 +12512,7 @@ program.command("run <objective>").alias("r").description("Run a single objectiv
   if (skipPermissions) {
     console.log(chalk.hex(THEME.status.error)("[!] WARNING: Running with --dangerously-skip-permissions\n"));
   }
-  console.log(chalk.hex(THEME.text.accent)(`[target] Objective: ${objective}
+  console.log(chalk.hex(THEME.accent.blue)(`[target] Objective: ${objective}
 `));
   const agent = AgentFactory.createMainAgent(skipPermissions);
   if (skipPermissions) {
@@ -11916,7 +12534,7 @@ program.command("run <objective>").alias("r").description("Run a single objectiv
     if (options.output) {
       const fs = await import("fs/promises");
       await fs.writeFile(options.output, JSON.stringify({ result: result2 }, null, 2));
-      console.log(chalk.hex(THEME.text.accent)(`
+      console.log(chalk.hex(THEME.accent.blue)(`
 [+] Report saved to: ${options.output}`));
     }
     await shutdown(0);
@@ -11931,7 +12549,7 @@ program.command("scan <target>").description("Quick scan a target").option("-s,
   const opts = program.opts();
   const skipPermissions = opts.dangerouslySkipPermissions || false;
   console.log(gradient([...THEME.gradient.cyber]).multiline(ASCII_BANNER));
-  console.log(chalk.hex(THEME.text.accent)(`
+  console.log(chalk.hex(THEME.accent.blue)(`
 [scan] Target: ${target} (${options.scanType})
 `));
   const agent = AgentFactory.createMainAgent(skipPermissions);
@@ -11955,7 +12573,7 @@ program.command("scan <target>").description("Quick scan a target").option("-s,
 program.command("help-extended").description("Show extended help with examples").action(() => {
   console.log(gradient([...THEME.gradient.cyber]).multiline(ASCII_BANNER));
   console.log(`
-${chalk.hex(THEME.text.accent)(APP_NAME + " - Autonomous Penetration Testing AI")}
+${chalk.hex(THEME.accent.blue)(APP_NAME + " - Autonomous Penetration Testing AI")}
 
 ${chalk.hex(THEME.status.warning)("Usage:")}
 
@@ -11965,24 +12583,24 @@ ${chalk.hex(THEME.status.warning)("Usage:")}
 
 ${chalk.hex(THEME.status.warning)("Commands:")}
 
-  ${chalk.hex(THEME.text.accent)("pentesting")}                       Interactive TUI mode
-  ${chalk.hex(THEME.text.accent)("pentesting run <objective>")}       Run single objective
-  ${chalk.hex(THEME.text.accent)("pentesting scan <target>")}         Quick scan target
+  ${chalk.hex(THEME.accent.blue)("pentesting")}                       Interactive TUI mode
+  ${chalk.hex(THEME.accent.blue)("pentesting run <objective>")}       Run single objective
+  ${chalk.hex(THEME.accent.blue)("pentesting scan <target>")}         Quick scan target
 
 ${chalk.hex(THEME.status.warning)("Options:")}
 
-  ${chalk.hex(THEME.text.accent)("--dangerously-skip-permissions")}    Skip all permission prompts
-  ${chalk.hex(THEME.text.accent)("-t, --target <ip>")}                 Set target
-  ${chalk.hex(THEME.text.accent)("-o, --output <file>")}               Save results to file
+  ${chalk.hex(THEME.accent.blue)("--dangerously-skip-permissions")}    Skip all permission prompts
+  ${chalk.hex(THEME.accent.blue)("-t, --target <ip>")}                 Set target
+  ${chalk.hex(THEME.accent.blue)("-o, --output <file>")}               Save results to file
 
 ${chalk.hex(THEME.status.warning)("Interactive Commands:")}
 
-  ${chalk.hex(THEME.text.accent)("/target <ip>")}     Set target
-  ${chalk.hex(THEME.text.accent)("/start")}           Start autonomous mode
-  ${chalk.hex(THEME.text.accent)("/config")}          Manage configuration
-  ${chalk.hex(THEME.text.accent)("/hint <text>")}     Provide hint
-  ${chalk.hex(THEME.text.accent)("/findings")}        Show findings
-  ${chalk.hex(THEME.text.accent)("/reset")}           Reset session
+  ${chalk.hex(THEME.accent.blue)("/target <ip>")}     Set target
+  ${chalk.hex(THEME.accent.blue)("/start")}           Start autonomous mode
+  ${chalk.hex(THEME.accent.blue)("/config")}          Manage configuration
+  ${chalk.hex(THEME.accent.blue)("/hint <text>")}     Provide hint
+  ${chalk.hex(THEME.accent.blue)("/findings")}        Show findings
+  ${chalk.hex(THEME.accent.blue)("/reset")}           Reset session
 
 ${chalk.hex(THEME.status.warning)("Examples:")}
 
@@ -11997,9 +12615,9 @@ ${chalk.hex(THEME.status.warning)("Examples:")}
 
 ${chalk.hex(THEME.status.warning)("Environment:")}
 
-  ${chalk.hex(THEME.text.accent)("PENTEST_API_KEY")}      Required - LLM API key
-  ${chalk.hex(THEME.text.accent)("PENTEST_BASE_URL")}     Optional - AI API base URL
-  ${chalk.hex(THEME.text.accent)("PENTEST_MODEL")}        Optional - Model override
+  ${chalk.hex(THEME.accent.blue)("PENTEST_API_KEY")}      Required - LLM API key
+  ${chalk.hex(THEME.accent.blue)("PENTEST_BASE_URL")}     Optional - AI API base URL
+  ${chalk.hex(THEME.accent.blue)("PENTEST_MODEL")}        Optional - Model override
 `);
 });
 program.parse();