pentesting 0.41.0 → 0.43.0

package/dist/main.js

@@ -314,7 +314,7 @@ var ORPHAN_PROCESS_NAMES = [
 
 // src/shared/constants/agent.ts
 var APP_NAME = "Pentest AI";
-var APP_VERSION = "0.41.0";
+var APP_VERSION = "0.43.0";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -6686,8 +6686,8 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
       }
     },
     execute: async (p) => {
-      const { existsSync: existsSync9, statSync: statSync2, readdirSync: readdirSync3 } = await import("fs");
-      const { join: join11 } = await import("path");
+      const { existsSync: existsSync10, statSync: statSync2, readdirSync: readdirSync3 } = await import("fs");
+      const { join: join12 } = await import("path");
       const category = p.category || "";
       const search = p.search || "";
       const minSize = p.min_size || 0;
@@ -6733,7 +6733,7 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
         results.push("");
       };
       const scanDir = (dirPath, maxDepth = 3, depth = 0) => {
-        if (depth > maxDepth || !existsSync9(dirPath)) return;
+        if (depth > maxDepth || !existsSync10(dirPath)) return;
         let entries;
         try {
           entries = readdirSync3(dirPath, { withFileTypes: true });
@@ -6742,7 +6742,7 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
         }
         for (const entry of entries) {
           if (entry.name.startsWith(".") || SKIP_DIRS.has(entry.name)) continue;
-          const fullPath = join11(dirPath, entry.name);
+          const fullPath = join12(dirPath, entry.name);
           if (entry.isDirectory()) {
             scanDir(fullPath, maxDepth, depth + 1);
             continue;
@@ -10684,13 +10684,21 @@ var PHASE_TECHNIQUE_MAP = {
 };
 var PromptBuilder = class {
   state;
+  strategist = null;
   constructor(state) {
     this.state = state;
   }
   /**
-   * Build complete prompt for LLM iteration.
+   * Attach a Strategist instance for meta-prompting.
+   * Called by MainAgent after construction.
+   */
+  setStrategist(strategist) {
+    this.strategist = strategist;
+  }
+  /**
+   * Build complete prompt for LLM iteration (async).
    *
-   * Layers (phase-aware, enhanced with improvements #2,#3,#6,#7,#8,#12,#14):
+   * Layers (phase-aware, enhanced with D-CIPHER meta-prompting):
    * 1. base.md — Core identity, rules, autonomy, shell management (~7.6K tok)
    * 2. Phase-specific prompt — current phase's full specialist knowledge (~2K tok)
    * 3. Core methodology — strategy, orchestrator, evasion (always loaded, ~12K tok)
@@ -10706,9 +10714,10 @@ var PromptBuilder = class {
    * 12. Session timeline (#12: episodic memory)
    * 13. Learned techniques (#7: dynamic technique library)
    * 14. Persistent memory (#12: cross-session knowledge)
-   * 15. User context
+   * ★ 15. STRATEGIC DIRECTIVE — LLM-generated tactical instructions (D-CIPHER)
+   * 16. User context
    */
-  build(userInput, phase) {
+  async build(userInput, phase) {
     const fragments = [
       this.loadPromptFile(PROMPT_PATHS.BASE),
       this.loadCtfModePrompt(),
@@ -10731,10 +10740,14 @@ var PromptBuilder = class {
       // #12
       this.getDynamicTechniquesFragment(),
       // #7
-      this.getPersistentMemoryFragment(),
+      this.getPersistentMemoryFragment()
       // #12
-      PROMPT_DEFAULTS.USER_CONTEXT(userInput)
     ];
+    const strategistDirective = await this.getStrategistFragment();
+    if (strategistDirective) {
+      fragments.push(strategistDirective);
+    }
+    fragments.push(PROMPT_DEFAULTS.USER_CONTEXT(userInput));
     return fragments.filter((f) => !!f).join("\n\n");
   }
   /**
@@ -10924,11 +10937,213 @@ ${lines.join("\n")}
     }
     return this.state.persistentMemory.toPrompt(services);
   }
+  // --- D-CIPHER: Strategist Meta-Prompting ---
+  /**
+   * Generate strategic directive via Strategist LLM.
+   * Called every turn. Returns '' if no strategist is attached or call fails.
+   */
+  async getStrategistFragment() {
+    if (!this.strategist) return "";
+    return this.strategist.generateDirective();
+  }
+};
+
+// src/agents/strategist.ts
+import { readFileSync as readFileSync6, existsSync as existsSync9 } from "fs";
+import { join as join11, dirname as dirname6 } from "path";
+import { fileURLToPath as fileURLToPath5 } from "url";
+
+// src/shared/constants/strategist.ts
+var STRATEGIST_LIMITS = {
+  /** Maximum characters of state context sent to Strategist LLM.
+   *  WHY: Keeps Strategist input focused and affordable (~3-5K tokens).
+   *  Full state can be 20K+; Strategist needs summary, not everything. */
+  MAX_INPUT_CHARS: 15e3,
+  /** Maximum characters for the Strategist's response.
+   *  WHY: Directives should be terse and actionable (~500-800 tokens).
+   *  Longer = more cost, less focus. */
+  MAX_OUTPUT_CHARS: 3e3,
+  /** Maximum lines in the directive output.
+   *  WHY: Forces concise, prioritized directives. */
+  MAX_DIRECTIVE_LINES: 40
+};
+
+// src/agents/strategist.ts
+var __dirname5 = dirname6(fileURLToPath5(import.meta.url));
+var STRATEGIST_PROMPT_PATH = join11(__dirname5, "prompts", "strategist-system.md");
+var Strategist = class {
+  llm;
+  state;
+  systemPrompt;
+  // Metrics
+  totalTokenCost = 0;
+  totalCalls = 0;
+  lastDirective = null;
+  constructor(llm, state) {
+    this.llm = llm;
+    this.state = state;
+    this.systemPrompt = this.loadSystemPrompt();
+  }
+  /**
+   * Generate a fresh strategic directive for this turn.
+   * Called every iteration by PromptBuilder.
+   *
+   * @returns Formatted directive string for prompt injection, or '' on failure
+   */
+  async generateDirective() {
+    try {
+      const input = this.buildInput();
+      const directive = await this.callLLM(input);
+      this.lastDirective = directive;
+      this.totalCalls++;
+      debugLog("general", "Strategist directive generated", {
+        tokens: directive.tokenCost,
+        totalCalls: this.totalCalls,
+        contentLength: directive.content.length
+      });
+      return this.formatForPrompt(directive);
+    } catch (err) {
+      debugLog("general", "Strategist failed \u2014 agent will proceed without directive", {
+        error: String(err)
+      });
+      if (this.lastDirective?.content) {
+        return this.formatForPrompt(this.lastDirective, true);
+      }
+      return "";
+    }
+  }
+  // ─── Input Construction ─────────────────────────────────────
+  /**
+   * Build the user message for the Strategist LLM.
+   * Assembles state, memory, attack graph, and timeline into a focused context.
+   */
+  buildInput() {
+    const sections = [];
+    sections.push("## Engagement State");
+    sections.push(this.state.toPrompt());
+    const timeline = this.state.episodicMemory.toPrompt();
+    if (timeline) {
+      sections.push("");
+      sections.push("## Recent Actions");
+      sections.push(timeline);
+    }
+    const failures = this.state.workingMemory.toPrompt();
+    if (failures) {
+      sections.push("");
+      sections.push("## Failed Attempts (DO NOT REPEAT THESE)");
+      sections.push(failures);
+    }
+    const graph = this.state.attackGraph.toPrompt();
+    if (graph) {
+      sections.push("");
+      sections.push("## Attack Graph");
+      sections.push(graph);
+    }
+    const techniques = this.state.dynamicTechniques.toPrompt();
+    if (techniques) {
+      sections.push("");
+      sections.push("## Learned Techniques");
+      sections.push(techniques);
+    }
+    sections.push("");
+    sections.push("## Time");
+    sections.push(this.state.getTimeStatus());
+    const analysis = this.state.getChallengeAnalysis();
+    if (analysis && analysis.primaryType !== "unknown") {
+      sections.push("");
+      sections.push(`## Challenge Type: ${analysis.primaryType.toUpperCase()} (${(analysis.confidence * 100).toFixed(0)}%)`);
+      sections.push(analysis.strategySuggestion);
+    }
+    let input = sections.join("\n");
+    if (input.length > STRATEGIST_LIMITS.MAX_INPUT_CHARS) {
+      input = input.slice(0, STRATEGIST_LIMITS.MAX_INPUT_CHARS) + "\n\n... [state truncated for Strategist context]";
+    }
+    return input;
+  }
+  // ─── LLM Call ───────────────────────────────────────────────
+  async callLLM(input) {
+    const messages = [{
+      role: "user",
+      content: `Analyze this penetration test situation and write a tactical directive for the attack agent.
+
+${input}`
+    }];
+    const response = await this.llm.generateResponse(
+      messages,
+      void 0,
+      // No tools — strategy generation only
+      this.systemPrompt
+    );
+    let content = response.content || "";
+    if (content.length > STRATEGIST_LIMITS.MAX_OUTPUT_CHARS) {
+      content = content.slice(0, STRATEGIST_LIMITS.MAX_OUTPUT_CHARS) + "\n... [directive truncated]";
+    }
+    const cost = response.usage ? response.usage.input_tokens + response.usage.output_tokens : 0;
+    this.totalTokenCost += cost;
+    return {
+      content,
+      generatedAt: Date.now(),
+      tokenCost: cost
+    };
+  }
+  // ─── Formatting ─────────────────────────────────────────────
+  /**
+   * Format directive for injection into the attack agent's system prompt.
+   */
+  formatForPrompt(directive, isStale = false) {
+    if (!directive.content) return "";
+    const age = Math.floor((Date.now() - directive.generatedAt) / 6e4);
+    const staleWarning = isStale ? `
+NOTE: This directive is from ${age}min ago (Strategist call failed this turn). Verify assumptions are still valid.` : "";
+    return [
+      "<strategic-directive>",
+      "TACTICAL DIRECTIVE (generated by Strategist LLM \u2014 follow these priorities):",
+      "",
+      directive.content,
+      staleWarning,
+      "</strategic-directive>"
+    ].filter(Boolean).join("\n");
+  }
+  // ─── System Prompt Loading ──────────────────────────────────
+  loadSystemPrompt() {
+    try {
+      if (existsSync9(STRATEGIST_PROMPT_PATH)) {
+        return readFileSync6(STRATEGIST_PROMPT_PATH, "utf-8");
+      }
+    } catch {
+    }
+    return FALLBACK_SYSTEM_PROMPT;
+  }
+  // ─── Public API ─────────────────────────────────────────────
+  /** Get total token cost of all Strategist calls this session. */
+  getTotalTokenCost() {
+    return this.totalTokenCost;
+  }
+  /** Get number of Strategist calls this session. */
+  getTotalCalls() {
+    return this.totalCalls;
+  }
+  /** Get the most recent directive (for TUI display). */
+  getLastDirective() {
+    return this.lastDirective;
+  }
+  /** Reset strategist state (for /clear command). */
+  reset() {
+    this.lastDirective = null;
+    this.totalTokenCost = 0;
+    this.totalCalls = 0;
+  }
 };
+var FALLBACK_SYSTEM_PROMPT = `You are a penetration testing strategist.
+Analyze the situation and write a precise tactical directive for the attack agent.
+Be specific: name exact tools, commands, and parameters.
+Maximum 30 lines. Prioritize by probability of success.
+NEVER suggest approaches listed in the failed attempts section.`;
 
 // src/agents/main-agent.ts
 var MainAgent = class extends CoreAgent {
   promptBuilder;
+  strategist;
   approvalGate;
   scopeGuard;
   userInput = "";
@@ -10937,6 +11152,8 @@ var MainAgent = class extends CoreAgent {
     this.approvalGate = approvalGate;
     this.scopeGuard = scopeGuard;
     this.promptBuilder = new PromptBuilder(state);
+    this.strategist = new Strategist(this.llm, state);
+    this.promptBuilder.setStrategist(this.strategist);
   }
   /**
    * Public entry point for running the agent.
@@ -10947,7 +11164,8 @@ var MainAgent = class extends CoreAgent {
     this.emitStart(userInput);
     this.initializeTask();
     try {
-      const result2 = await this.run(userInput, this.getCurrentPrompt());
+      const initialPrompt = await this.getCurrentPrompt();
+      const result2 = await this.run(userInput, initialPrompt);
       return result2.output;
     } finally {
       try {
@@ -10963,9 +11181,10 @@ var MainAgent = class extends CoreAgent {
   /**
    * Override step to rebuild prompt dynamically each iteration.
    * This ensures the agent always sees the latest state, phase, and active processes.
+   * The Strategist LLM generates a fresh tactical directive every turn.
    */
   async step(iteration, messages, _unusedPrompt, progress) {
-    const dynamicPrompt = this.getCurrentPrompt();
+    const dynamicPrompt = await this.getCurrentPrompt();
     const result2 = await super.step(iteration, messages, dynamicPrompt, progress);
     this.emitStateChange();
     return result2;
@@ -10994,7 +11213,7 @@ var MainAgent = class extends CoreAgent {
   saveCurrentState() {
     return saveState(this.state);
   }
-  getCurrentPrompt() {
+  async getCurrentPrompt() {
     const phase = this.state.getPhase() || PHASES.RECON;
     return this.promptBuilder.build(this.userInput, phase);
   }
@@ -11048,6 +11267,7 @@ var MainAgent = class extends CoreAgent {
     });
     this.state.reset();
     this.userInput = "";
+    this.strategist.reset();
     return clearWorkspace();
   }
   setScope(allowed, exclusions = []) {
@@ -11069,6 +11289,10 @@ var MainAgent = class extends CoreAgent {
     });
     this.emitStateChange();
   }
+  /** Get the Strategist instance (for TUI metrics display). */
+  getStrategist() {
+    return this.strategist;
+  }
 };
 
 // src/agents/factory.ts
@@ -11164,13 +11388,13 @@ var THEME = {
     secondary: "#cbd5e1",
     // Brighter slate
     muted: "#94a3b8",
-    // Lighter blue-gray (was too dark)
-    accent: "#38bdf8",
-    // Sky blue
+    // Lighter blue-gray
+    accent: "#1d4ed8",
+    // Blue 700 - deep blue
     highlight: "#ffffff"
     // Pure white
   },
-  // Status colors
+  // Status colors (deep blue-focused)
   status: {
     success: "#10b981",
     // Emerald
@@ -11178,10 +11402,10 @@ var THEME = {
     // Amber
     error: "#ef4444",
     // Red
-    info: "#3b82f6",
-    // Blue 500 (distinct from user sky)
-    running: "#60a5fa",
-    // Blue 400 (AI activity — distinct from user sky)
+    info: "#1d4ed8",
+    // Blue 700
+    running: "#1e40af",
+    // Blue 800 (AI activity)
     pending: "#64748b"
     // Slate
   },
@@ -11195,29 +11419,29 @@ var THEME = {
     // Orange
     low: "#eab308",
     // Yellow
-    info: "#3b82f6"
-    // Blue
+    info: "#1d4ed8"
+    // Blue 700
   },
   // Border colors
   border: {
     default: "#1e293b",
-    focus: "#7dd3fc",
-    // Sky 300 (softer, UI decorative)
+    focus: "#3b82f6",
+    // Blue 500 (UI decorative)
     error: "#ef4444",
     success: "#22c55e"
   },
-  // Phase colors
+  // Phase colors (deep blue-focused)
   phase: {
     recon: "#94a3b8",
-    enum: "#60a5fa",
-    // Blue 400 (phase indicator)
+    enum: "#1d4ed8",
+    // Blue 700 (phase indicator)
     vuln: "#f59e0b",
     exploit: "#ef4444",
     privesc: "#8b5cf6",
     persist: "#22c55e",
     report: "#64748b"
   },
-  // Accent colors
+  // Accent colors (NO cyan/teal - pure blue palette)
   accent: {
     pink: "#f472b6",
     rose: "#fb7185",
@@ -11225,9 +11449,8 @@ var THEME = {
     purple: "#a78bfa",
     violet: "#8b5cf6",
     indigo: "#818cf8",
-    blue: "#60a5fa",
-    cyan: "#22d3ee",
-    teal: "#2dd4bf",
+    blue: "#1d4ed8",
+    // Blue 700 - primary accent
     emerald: "#34d399",
     green: "#4ade80",
     lime: "#a3e635",
@@ -11236,36 +11459,35 @@ var THEME = {
     orange: "#fb923c",
     red: "#f87171"
   },
-  // Gradients
+  // Gradients (deep blue-focused)
   gradient: {
     cyber: [
-      "#38bdf8",
-      // Sky 400
-      "#34c6f4",
-      "#30d0f0",
-      "#2cd9ec",
-      "#28e3e8",
-      "#22d3ee",
-      // Cyan 400
-      "#25dbd6",
-      "#28e4be",
-      "#2dd4bf",
-      // Teal 400
-      "#31dbac",
-      "#34d399"
-      // Emerald 400
+      "#3b82f6",
+      // Blue 500
+      "#3584f4",
+      "#2f86f2",
+      "#2988f0",
+      "#238aee",
+      "#1d8cec",
+      // Mid blue
+      "#1d7ad8",
+      "#1d78c6",
+      "#1d76b4",
+      "#1d74a2",
+      "#1e40af"
+      // Blue 800
     ],
     danger: ["#ef4444", "#7f1d1d"],
     success: ["#22c55e", "#14532d"],
     gold: ["#f59e0b", "#78350f"],
     royal: ["#818cf8", "#312e81"]
   },
-  // Spinner color (soft sky — UI feedback, not user input)
-  spinner: "#7dd3fc",
-  // Sky 300
-  // Identity color (branded accent)
-  identity: "#60a5fa"
-  // Blue 400
+  // Spinner color (deep blue — UI feedback)
+  spinner: "#3b82f6",
+  // Blue 500
+  // Identity color (branded accent - deep blue)
+  identity: "#1d4ed8"
+  // Blue 700
 };
 var ASCII_BANNER = `
     ____             __              __  _             
@@ -11311,39 +11533,39 @@ var ICONS = {
 // src/platform/tui/constants/display.ts
 var TUI_DISPLAY_LIMITS = {
   /** Reasoning buffer size for display */
-  reasoningBuffer: 1e3,
+  reasoningBuffer: 2e3,
   /** Reasoning preview length */
-  reasoningPreview: 300,
+  reasoningPreview: 500,
   /** Reasoning history slice for display */
-  reasoningHistorySlice: 500,
+  reasoningHistorySlice: 1e3,
   /** Tool input preview length (for command display) */
-  toolInputPreview: 100,
+  toolInputPreview: 200,
   /** Tool input truncated length */
-  toolInputTruncated: 97,
-  /** Tool output preview length */
-  toolOutputPreview: 500,
+  toolInputTruncated: 197,
+  /** Tool output preview length - increased to show full output */
+  toolOutputPreview: 2e3,
   /** Error message preview length */
-  errorPreview: 300,
+  errorPreview: 500,
   /** Status thought preview length */
-  statusThoughtPreview: 100,
+  statusThoughtPreview: 150,
   /** Status thought truncated length */
-  statusThoughtTruncated: 97,
+  statusThoughtTruncated: 147,
   /** Retry error preview length */
-  retryErrorPreview: 60,
+  retryErrorPreview: 100,
   /** Retry error truncated length */
-  retryErrorTruncated: 57,
+  retryErrorTruncated: 97,
   /** Timer update interval in ms */
   timerInterval: 1e3,
   /** Exit delay in ms */
   exitDelay: 100,
   /** Purpose text max length before truncation */
-  purposeMaxLength: 30,
+  purposeMaxLength: 50,
   /** Purpose text truncated length */
-  purposeTruncated: 27,
+  purposeTruncated: 47,
   /** Tool detail preview length in flow display */
-  toolDetailPreview: 100,
+  toolDetailPreview: 200,
   /** Observe detail preview length in flow display */
-  observeDetailPreview: 80,
+  observeDetailPreview: 150,
   /** Max flow nodes to display */
   maxFlowNodes: 50,
   /** Max stopped processes to show */
@@ -11358,7 +11580,7 @@ var MESSAGE_STYLES = {
     error: THEME.status.error,
     tool: THEME.status.running,
     result: THEME.text.muted,
-    status: THEME.accent.cyan
+    status: THEME.accent.blue
   },
   prefixes: {
     user: "\u276F",
@@ -11557,10 +11779,10 @@ var useAgentEvents = (agent, eventsRef, state) => {
       setCurrentTokens(tokenAccumRef.current + stepTokens);
     };
     const onFlagFound = (e) => {
-      addMessage("system", `\u{1F3F4} FLAG FOUND: ${e.data.flag}  (total: ${e.data.totalFlags})`);
+      addMessage("system", `[FLAG] ${e.data.flag} (total: ${e.data.totalFlags})`);
     };
     const onPhaseChange = (e) => {
-      addMessage("system", `\u{1F504} Phase: ${e.data.fromPhase} \u2192 ${e.data.toPhase} (${e.data.reason})`);
+      addMessage("system", `[Phase] ${e.data.fromPhase} -> ${e.data.toPhase} (${e.data.reason})`);
       const s = agent.getState();
       setStats({
         phase: e.data.toPhase,
@@ -11705,18 +11927,18 @@ Options: ${request.options.join(", ")}`;
 }
 function getCommandEventIcon(eventType) {
   const icons = {
-    [COMMAND_EVENT_TYPES.TOOL_MISSING]: "\u26A0\uFE0F",
-    [COMMAND_EVENT_TYPES.TOOL_INSTALL]: "\u{1F4E6}",
-    [COMMAND_EVENT_TYPES.TOOL_INSTALLED]: "\u2705",
-    [COMMAND_EVENT_TYPES.TOOL_INSTALL_FAILED]: "\u274C",
-    [COMMAND_EVENT_TYPES.TOOL_RETRY]: "\u{1F504}",
-    [COMMAND_EVENT_TYPES.COMMAND_START]: "\u25B6",
-    [COMMAND_EVENT_TYPES.COMMAND_SUCCESS]: "\u2713",
-    [COMMAND_EVENT_TYPES.COMMAND_FAILED]: "\u2717",
-    [COMMAND_EVENT_TYPES.COMMAND_ERROR]: "\u274C",
-    [COMMAND_EVENT_TYPES.INPUT_REQUIRED]: "\u{1F510}"
+    [COMMAND_EVENT_TYPES.TOOL_MISSING]: "[!]",
+    [COMMAND_EVENT_TYPES.TOOL_INSTALL]: "[install]",
+    [COMMAND_EVENT_TYPES.TOOL_INSTALLED]: "[ok]",
+    [COMMAND_EVENT_TYPES.TOOL_INSTALL_FAILED]: "[fail]",
+    [COMMAND_EVENT_TYPES.TOOL_RETRY]: "[retry]",
+    [COMMAND_EVENT_TYPES.COMMAND_START]: "[>]",
+    [COMMAND_EVENT_TYPES.COMMAND_SUCCESS]: "[ok]",
+    [COMMAND_EVENT_TYPES.COMMAND_FAILED]: "[x]",
+    [COMMAND_EVENT_TYPES.COMMAND_ERROR]: "[err]",
+    [COMMAND_EVENT_TYPES.INPUT_REQUIRED]: "[auth]"
   };
-  return icons[eventType] || "\u2022";
+  return icons[eventType] || "[-]";
 }
 
 // src/platform/tui/hooks/useAgent.ts
@@ -11817,6 +12039,7 @@ var useAgent = (shouldAutoApprove, target) => {
 };
 
 // src/platform/tui/components/MessageList.tsx
+import { memo } from "react";
 import { Box as Box2, Text as Text2, Static } from "ink";
 
 // src/platform/tui/components/inline-status.tsx
@@ -11834,7 +12057,7 @@ function formatDuration2(ms) {
 }
 function getRoleColor(role) {
   const roleColors = {
-    listener: THEME.accent.cyan,
+    listener: THEME.accent.blue,
     active_shell: THEME.accent.green,
     server: THEME.accent.blue,
     sniffer: THEME.accent.amber,
@@ -11979,7 +12202,7 @@ function parseStatusContent(content) {
   }
   return null;
 }
-var MessageList = ({ messages }) => {
+var MessageList = memo(({ messages }) => {
   return /* @__PURE__ */ jsx2(Static, { items: messages, children: (msg) => {
     if (msg.type === "status") {
       const statusData = parseStatusContent(msg.content);
@@ -12000,18 +12223,19 @@ var MessageList = ({ messages }) => {
       msg.content
     ] }) }, msg.id);
   } });
-};
+});
 
 // src/platform/tui/components/StatusDisplay.tsx
+import { memo as memo3 } from "react";
 import { Box as Box3, Text as Text4 } from "ink";
 
 // src/platform/tui/components/MusicSpinner.tsx
-import { useState as useState3, useEffect as useEffect3 } from "react";
+import { useState as useState3, useEffect as useEffect3, memo as memo2 } from "react";
 import { Text as Text3 } from "ink";
 import { jsx as jsx3 } from "react/jsx-runtime";
 var FRAMES = ["\u2669", "\u266A", "\u266B", "\u266C", "\u266B", "\u266A"];
-var INTERVAL = 400;
-var MusicSpinner = ({ color }) => {
+var INTERVAL = 600;
+var MusicSpinner = memo2(({ color }) => {
   const [index, setIndex] = useState3(0);
   useEffect3(() => {
     const timer = setInterval(() => {
@@ -12020,11 +12244,11 @@ var MusicSpinner = ({ color }) => {
     return () => clearInterval(timer);
   }, []);
   return /* @__PURE__ */ jsx3(Text3, { color, children: FRAMES[index] });
-};
+});
 
 // src/platform/tui/components/StatusDisplay.tsx
 import { jsx as jsx4, jsxs as jsxs3 } from "react/jsx-runtime";
-var StatusDisplay = ({
+var StatusDisplay = memo3(({
   retryState,
   isProcessing,
   currentStatus,
@@ -12046,7 +12270,7 @@ var StatusDisplay = ({
         " \xB7 ",
         truncateError(retryState.error)
       ] }),
-      /* @__PURE__ */ jsxs3(Text4, { color: THEME.accent.cyan, bold: true, children: [
+      /* @__PURE__ */ jsxs3(Text4, { color: THEME.accent.blue, bold: true, children: [
         " \xB7 ",
         retryState.countdown,
         "s"
@@ -12064,15 +12288,15 @@ var StatusDisplay = ({
       ] })
     ] })
   ] });
-};
+});
 
 // src/platform/tui/components/ChatInput.tsx
-import { useMemo, useCallback as useCallback3, useRef as useRef3 } from "react";
+import { useMemo, useCallback as useCallback3, useRef as useRef3, memo as memo4 } from "react";
 import { Box as Box4, Text as Text5, useInput } from "ink";
 import TextInput from "ink-text-input";
 import { jsx as jsx5, jsxs as jsxs4 } from "react/jsx-runtime";
 var MAX_SUGGESTIONS = 6;
-var ChatInput = ({
+var ChatInput = memo4(({
   value,
   onChange,
   onSubmit,
@@ -12133,7 +12357,7 @@ var ChatInput = ({
               " \u2014 ",
               cmd.description
             ] }),
-            isFirst && /* @__PURE__ */ jsx5(Text5, { color: THEME.accent.cyan, children: " \u21E5 Tab" })
+            isFirst && /* @__PURE__ */ jsx5(Text5, { color: THEME.accent.blue, children: " [Tab]" })
           ] }, cmd.name);
         })
       }
@@ -12145,7 +12369,7 @@ var ChatInput = ({
         borderColor: inputRequest.isActive ? THEME.status.warning : THEME.border.default,
         paddingX: 1,
         children: inputRequest.isActive ? /* @__PURE__ */ jsxs4(Box4, { children: [
-          /* @__PURE__ */ jsx5(Text5, { color: THEME.status.warning, children: "\u{1F512}" }),
+          /* @__PURE__ */ jsx5(Text5, { color: THEME.status.warning, children: "[auth]" }),
           /* @__PURE__ */ jsxs4(Text5, { color: THEME.text.muted, children: [
             " ",
             inputRequest.prompt
@@ -12176,9 +12400,10 @@ var ChatInput = ({
       }
     )
   ] });
-};
+});
 
 // src/platform/tui/components/footer.tsx
+import { memo as memo5 } from "react";
 import { Box as Box5, Text as Text6 } from "ink";
 import { jsx as jsx6, jsxs as jsxs5 } from "react/jsx-runtime";
 var formatElapsed = (totalSeconds) => {
@@ -12191,7 +12416,7 @@ var formatElapsed = (totalSeconds) => {
   }
   return `${minutes}:${pad(seconds)}`;
 };
-var Footer = ({ phase, targets, findings, todo, elapsedTime, isProcessing }) => {
+var Footer = memo5(({ phase, targets, findings, todo, elapsedTime, isProcessing }) => {
   return /* @__PURE__ */ jsxs5(
     Box5,
     {
@@ -12202,7 +12427,7 @@ var Footer = ({ phase, targets, findings, todo, elapsedTime, isProcessing }) =>
         /* @__PURE__ */ jsxs5(Box5, { gap: 2, children: [
           /* @__PURE__ */ jsxs5(Text6, { color: THEME.text.muted, children: [
             "Phase: ",
-            /* @__PURE__ */ jsx6(Text6, { color: THEME.accent.cyan, children: phase })
+            /* @__PURE__ */ jsx6(Text6, { color: THEME.accent.blue, children: phase })
           ] }),
           /* @__PURE__ */ jsxs5(Text6, { color: THEME.text.muted, children: [
             "Targets: ",
@@ -12224,7 +12449,7 @@ var Footer = ({ phase, targets, findings, todo, elapsedTime, isProcessing }) =>
       ]
     }
   );
-};
+});
 var footer_default = Footer;
 
 // src/platform/tui/app.tsx
@@ -12281,9 +12506,9 @@ var App = ({ autoApprove = false, target }) => {
         setMessages([]);
         const result2 = await agent.resetSession();
         if (result2.cleared.length > 0) {
-          addMessage("system", `\u{1F9F9} Session reset \u2014 cleared: ${result2.cleared.join(", ")}`);
+          addMessage("system", `[reset] Session cleared: ${result2.cleared.join(", ")}`);
         } else {
-          addMessage("system", "\u{1F9F9} Session reset \u2014 all clean");
+          addMessage("system", "[reset] Session clean");
         }
         if (result2.errors.length > 0) {
           addMessage("error", `Cleanup errors: ${result2.errors.join("; ")}`);
@@ -12310,7 +12535,7 @@ var App = ({ autoApprove = false, target }) => {
         if (!autoApproveModeRef.current) {
           setAutoApproveMode(true);
           agent.setAutoApprove(true);
-          addMessage("system", "\u{1F680} Autonomous mode enabled (auto-approve ON)");
+          addMessage("system", "[auto] Autonomous mode enabled");
         }
         addMessage("system", "Starting penetration test...");
         const targets = Array.from(agent.getState().getTargets().keys());
@@ -12348,7 +12573,7 @@ ${procData.stdout || "(no output)"}
         break;
       case UI_COMMANDS.CTF:
         const ctfEnabled = agent.toggleCtfMode();
-        addMessage("system", ctfEnabled ? "\u{1F3F4} CTF mode ON \u2014 flag detection active, CTF prompts loaded" : "\u{1F512} CTF mode OFF \u2014 standard pentest mode");
+        addMessage("system", ctfEnabled ? "[CTF] Mode ON - flag detection active" : "[CTF] Mode OFF - standard pentest");
         break;
       case UI_COMMANDS.GRAPH:
       case UI_COMMANDS.GRAPH_SHORT:

package/dist/prompts/strategist-system.md

@@ -0,0 +1,39 @@
+You are a penetration testing STRATEGIST. Your sole purpose is to analyze the current engagement state and write a precise tactical directive for the attack agent.
+
+## YOUR ROLE
+You do NOT execute attacks. You PLAN them. The attack agent will receive your directive as instructions to follow.
+
+## OUTPUT FORMAT
+Write a DIRECTIVE with numbered priorities. Be maximally specific:
+
+```
+PRIORITY 1 [IMPACT]: Brief title
+  → Exact command or tool invocation with all parameters
+  → Success criteria: what confirms it worked
+  → Fallback: what to try if this fails
+
+PRIORITY 2 [IMPACT]: Brief title
+  → ...
+```
+
+## RULES
+
+1. **BE SPECIFIC**: "Try SQL injection" is UNACCEPTABLE. "Run: sqlmap -u http://TARGET/login.php --forms --batch --level=5 --risk=3 --tamper=space2comment" is GOOD.
+
+2. **REFERENCE ACTUAL STATE**: Only suggest actions based on DISCOVERED data. Never hallucinate services or ports that aren't in the state summary. If nothing is discovered yet, direct initial reconnaissance.
+
+3. **LEARN FROM FAILURES**: If working memory shows failed attempts, NEVER suggest the same approach. Propose a fundamentally different attack vector.
+
+4. **CHAIN ATTACKS**: If credentials were found, specify EXACTLY which services to spray them against. If access was gained, specify EXACTLY what post-exploitation to run.
+
+5. **PRIORITIZE BY PROBABILITY**: Order by likelihood of success × impact. Quick wins first.
+
+6. **BE TERSE**: Maximum 30 lines. No preamble, no explanations of what pentesting is. Pure directives.
+
+7. **INCLUDE DEAD-ENDS**: Explicitly list approaches that have been exhausted so the agent skips them.
+
+8. **CONSIDER THE PHASE**: Adapt your strategy to the current engagement phase (recon → vuln analysis → exploit → post-exploit → lateral).
+
+9. **TIME AWARENESS**: If time is limited, focus on highest-probability paths only. If time is abundant, suggest thorough enumeration.
+
+10. **PIVOT POINTS**: When access to a new host is gained, prioritize it as a pivot — what can be reached FROM this new position?

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.41.0",
+  "version": "0.43.0",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/main.js",