pentesting 0.41.0 → 0.44.0

package/dist/main.js

@@ -10,7 +10,6 @@ var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require
 import { render } from "ink";
 import { Command } from "commander";
 import chalk from "chalk";
-import gradient from "gradient-string";
 
 // src/platform/tui/app.tsx
 import { useState as useState4, useCallback as useCallback4, useEffect as useEffect4, useRef as useRef4 } from "react";
@@ -307,14 +306,12 @@ var ORPHAN_PROCESS_NAMES = [
   "dnsspoof",
   "tcpdump",
   "tshark",
-  "socat",
-  "nc",
-  "python"
+  "socat"
 ];
 
 // src/shared/constants/agent.ts
 var APP_NAME = "Pentest AI";
-var APP_VERSION = "0.41.0";
+var APP_VERSION = "0.44.0";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -342,6 +339,146 @@ var SENSITIVE_INPUT_TYPES = [
   INPUT_TYPES.CREDENTIAL
 ];
 
+// src/shared/utils/time-strategy.ts
+var PHASE_RATIOS = {
+  /** Sprint ends at 25% of total time */
+  SPRINT_END: 0.25,
+  /** Exploit phase ends at 50% of total time */
+  EXPLOIT_END: 0.5,
+  /** Creative phase ends at 75% of total time */
+  CREATIVE_END: 0.75
+  // Harvest: 75%-100%
+};
+var DEFAULT_DURATION_SEC = 86400;
+var MIN_DURATION_SEC = 300;
+var MAX_DURATION_SEC = 604800;
+var MS_PER_SEC = 1e3;
+function getSessionDurationMs() {
+  const envValue = process.env.PENTEST_DURATION;
+  if (envValue) {
+    const parsed = parseInt(envValue, 10);
+    if (!isNaN(parsed) && parsed > 0) {
+      const clamped = Math.max(MIN_DURATION_SEC, Math.min(MAX_DURATION_SEC, parsed));
+      return clamped * MS_PER_SEC;
+    }
+  }
+  return DEFAULT_DURATION_SEC * MS_PER_SEC;
+}
+function computeDeadline(startedAt) {
+  return startedAt + getSessionDurationMs();
+}
+function formatDuration(totalSec) {
+  if (totalSec <= 0) return "0s";
+  const h = Math.floor(totalSec / 3600);
+  const m = Math.floor(totalSec % 3600 / 60);
+  const s = Math.floor(totalSec % 60);
+  if (h > 0 && m > 0) return `${h}h${m}m`;
+  if (h > 0) return `${h}h`;
+  if (m > 0 && s > 0) return `${m}m${s}s`;
+  if (m > 0) return `${m}m`;
+  return `${s}s`;
+}
+function getTimeAdaptiveStrategy(elapsedMs, deadlineMs) {
+  let totalMs;
+  let remainingMs;
+  if (deadlineMs > 0) {
+    remainingMs = Math.max(0, deadlineMs - Date.now());
+    totalMs = elapsedMs + remainingMs;
+  } else {
+    totalMs = getSessionDurationMs();
+    remainingMs = Math.max(0, totalMs - elapsedMs);
+  }
+  if (totalMs <= 0) totalMs = 1;
+  const progress = Math.min(1, elapsedMs / totalMs);
+  const remainingSec = Math.floor(remainingMs / MS_PER_SEC);
+  const totalDurationSec = Math.floor(totalMs / MS_PER_SEC);
+  const elapsedStr = formatDuration(Math.floor(elapsedMs / MS_PER_SEC));
+  const remainStr = formatDuration(remainingSec);
+  const totalStr = formatDuration(totalDurationSec);
+  const pctStr = `${Math.floor(progress * 100)}%`;
+  if (progress >= PHASE_RATIOS.CREATIVE_END) {
+    return {
+      phase: "harvest",
+      label: "HARVEST",
+      urgency: "critical",
+      progress,
+      totalDurationSec,
+      remainingSec,
+      directive: [
+        `\u{1F3C1} HARVEST MODE [${pctStr} elapsed, ${remainStr} of ${totalStr} remaining]:`,
+        "- STOP exploring new attack vectors. Exploit what you HAVE.",
+        "- Submit ALL discovered flags immediately",
+        "- Check obvious flag locations: /root/flag.txt, user.txt, env vars, DB tables",
+        "- Re-check previously accessed systems for missed flags/proof",
+        "- Collect and record ALL evidence and proof files",
+        "- Write final report with all findings",
+        "- Credential spray ALL discovered creds on ALL remaining services",
+        remainingSec <= 300 ? "- \u26A0\uFE0F FINAL 5 MINUTES \u2014 submit everything NOW, stop all scans" : "- Focus on highest-confidence paths only"
+      ].join("\n")
+    };
+  }
+  if (progress >= PHASE_RATIOS.EXPLOIT_END) {
+    return {
+      phase: "creative",
+      label: "CREATIVE",
+      urgency: "high",
+      progress,
+      totalDurationSec,
+      remainingSec,
+      directive: [
+        `\u{1F52C} CREATIVE MODE [${pctStr} elapsed, ${remainStr} of ${totalStr} remaining]:`,
+        "- Try advanced techniques: chained exploits, custom tools, race conditions",
+        "- Binary analysis for SUID/custom binaries, kernel exploits for privesc",
+        "- Protocol-level attacks: SMB relay, Kerberoasting, ADCS abuse",
+        '- Search for latest bypasses: web_search("{defense} bypass {year}")',
+        "- If stuck >5min on any vector, SWITCH immediately",
+        "- Start preparing evidence collection for final phase",
+        "- If all targets are compromised \u2192 skip to harvest immediately"
+      ].join("\n")
+    };
+  }
+  if (progress >= PHASE_RATIOS.SPRINT_END) {
+    return {
+      phase: "exploit",
+      label: "EXPLOIT",
+      urgency: "medium",
+      progress,
+      totalDurationSec,
+      remainingSec,
+      directive: [
+        `\u{1F3AF} EXPLOIT MODE [${pctStr} elapsed, ${remainStr} of ${totalStr} remaining]:`,
+        "- Concentrate on discovered vectors with highest success probability",
+        "- Run parallel exploitation attempts on multiple targets",
+        "- Search for CVE PoCs for every identified service+version",
+        "- Chain: credentials \u2192 spray everywhere, LFI \u2192 config \u2192 DB creds",
+        "- Keep background scans running for new targets",
+        "- Time-box each vector: 10min max then switch",
+        "- If all vectors exhausted early \u2192 move to creative techniques immediately"
+      ].join("\n")
+    };
+  }
+  return {
+    phase: "sprint",
+    label: "SPRINT",
+    urgency: "low",
+    progress,
+    totalDurationSec,
+    remainingSec,
+    directive: [
+      `\u26A1 SPRINT MODE [${pctStr} elapsed, ${remainStr} of ${totalStr} remaining]:`,
+      "- RustScan first for fast port discovery \u2192 then nmap -Pn -sV -sC on found ports",
+      "- ALWAYS use nmap -Pn (no exceptions \u2014 firewalls block ICMP)",
+      "- Run ALL scans in parallel (rustscan, nmap UDP, web fuzzing, CVE search)",
+      "- Try default/weak credentials on every discovered service IMMEDIATELY",
+      "- Check for exposed files (.env, .git, backup.sql, phpinfo)",
+      "- Anonymous access: FTP, SMB null session, Redis no auth, MongoDB",
+      "- OSINT: web_search for target intel, shodan, github repos",
+      "- Goal: Maximum attack surface discovery + instant wins",
+      "- \u26A1 If recon completes early \u2192 ATTACK IMMEDIATELY, do not wait for this phase to end"
+    ].join("\n")
+  };
+}
+
 // src/shared/utils/id.ts
 var ID_DEFAULT_RADIX = 36;
 var ID_DEFAULT_LENGTH = 6;
@@ -2027,7 +2164,7 @@ async function cleanupAllProcesses() {
   backgroundProcesses.clear();
   for (const name of ORPHAN_PROCESS_NAMES) {
     try {
-      execSync2(`pkill -f "${name}" 2>/dev/null || true`, { stdio: "ignore", timeout: SYSTEM_LIMITS.PROCESS_OP_TIMEOUT_MS });
+      execSync2(`pkill -x "${name}" 2>/dev/null || true`, { stdio: "ignore", timeout: SYSTEM_LIMITS.PROCESS_OP_TIMEOUT_MS });
     } catch {
     }
   }
@@ -2652,6 +2789,22 @@ var AttackGraph = class {
         if (nodeCount >= GRAPH_LIMITS.ASCII_MAX_NODES) break;
         const sIcon = statusIcons[node.status] || "?";
         const fail = node.status === NODE_STATUS.FAILED && node.failReason ? ` \u2014 ${node.failReason}` : "";
+        let detail = "";
+        if (type === NODE_TYPE.CREDENTIAL) {
+          const source = node.data.source ? ` (from: ${node.data.source})` : "";
+          detail = source;
+        } else if (type === NODE_TYPE.VULNERABILITY) {
+          const sev = node.data.severity ? ` [${String(node.data.severity).toUpperCase()}]` : "";
+          const exploit = node.data.hasExploit ? " [EXPLOIT]" : "";
+          const target = node.data.target ? ` \u2192 ${node.data.target}` : "";
+          detail = `${sev}${exploit}${target}`;
+        } else if (type === NODE_TYPE.ACCESS) {
+          const via = node.data.via ? ` via ${node.data.via}` : "";
+          detail = via;
+        } else if (type === NODE_TYPE.SERVICE) {
+          const ver = node.data.version ? ` (${node.data.version})` : "";
+          detail = ver;
+        }
         const outEdges = this.edges.filter((e) => e.from === node.id);
         const edgeStr = outEdges.length > 0 ? ` \u2192 ${outEdges.map((e) => {
           const target = this.nodes.get(e.to);
@@ -2659,10 +2812,19 @@ var AttackGraph = class {
           const eStatus = e.status === EDGE_STATUS.FAILED ? " \u2717" : e.status === EDGE_STATUS.SUCCEEDED ? " \u2713" : "";
           return `${eName}${eStatus}`;
         }).join(", ")}` : "";
-        lines.push(`\u2502   ${sIcon} ${node.label}${fail}${edgeStr}`);
+        lines.push(`\u2502   ${sIcon} ${node.label}${detail}${fail}${edgeStr}`);
         nodeCount++;
       }
     }
+    const succeededNodes = Array.from(this.nodes.values()).filter((n) => n.status === NODE_STATUS.SUCCEEDED);
+    if (succeededNodes.length > 0) {
+      lines.push(`\u2502`);
+      lines.push(`\u251C\u2500\u2500\u2500 Exploited \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524`);
+      for (const n of succeededNodes) {
+        const via = n.data.via ? ` via ${n.data.via}` : "";
+        lines.push(`\u2502 \u25CF ${n.label}${via}`);
+      }
+    }
     const stats = this.getStats();
     lines.push(`\u2502`);
     lines.push(`\u251C\u2500\u2500\u2500 Summary \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524`);
@@ -3183,6 +3345,7 @@ var SharedState = class {
   // ─── Improvement #7: Dynamic Technique Library ────────────────
   dynamicTechniques = new DynamicTechniqueLibrary();
   constructor() {
+    const now = Date.now();
     this.data = {
       engagement: null,
       targets: /* @__PURE__ */ new Map(),
@@ -3196,8 +3359,10 @@ var SharedState = class {
       ctfMode: true,
       // CTF mode ON by default
       flags: [],
-      startedAt: Date.now(),
-      deadlineAt: 0,
+      startedAt: now,
+      // Auto-configure from PENTEST_DURATION env (seconds).
+      // Defaults to 24h if not set. Can be overridden via setDeadline().
+      deadlineAt: computeDeadline(now),
       challengeAnalysis: null
     };
   }
@@ -3206,6 +3371,7 @@ var SharedState = class {
    * Used by /clear command to start a fresh session without recreating the agent.
    */
   reset() {
+    const now = Date.now();
     this.data = {
       engagement: null,
       targets: /* @__PURE__ */ new Map(),
@@ -3218,8 +3384,8 @@ var SharedState = class {
       missionChecklist: [],
       ctfMode: true,
       flags: [],
-      startedAt: Date.now(),
-      deadlineAt: 0,
+      startedAt: now,
+      deadlineAt: computeDeadline(now),
       challengeAnalysis: null
     };
     this.attackGraph.reset();
@@ -3404,24 +3570,28 @@ var SharedState = class {
     if (this.data.deadlineAt === 0) return 0;
     return Math.max(0, this.data.deadlineAt - Date.now());
   }
-  /** Get time status string for prompt injection */
+  /** Get time status string for prompt injection (ratio-based, aligned with PHASE_RATIOS) */
   getTimeStatus() {
     const elapsed = this.getElapsedMs();
     const mins = Math.floor(elapsed / 6e4);
     let status = `\u23F1 Elapsed: ${mins}min`;
     if (this.data.deadlineAt > 0) {
       const remainingMs = this.getRemainingMs();
+      const totalMs = elapsed + remainingMs;
+      const progress = totalMs > 0 ? elapsed / totalMs : 1;
       const remainingMins = Math.floor(remainingMs / 6e4);
-      if (remainingMins <= 0) {
+      if (remainingMs <= 0) {
         status += " | \u26A0\uFE0F TIME IS UP \u2014 submit any flags you have NOW";
-      } else if (remainingMins <= 15) {
+      } else if (progress >= 0.95) {
         status += ` | \u{1F534} ${remainingMins}min LEFT \u2014 FINAL PUSH: submit flags, check obvious locations, env vars, DBs`;
-      } else if (remainingMins <= 30) {
-        status += ` | \u{1F7E1} ${remainingMins}min LEFT \u2014 wrap up current vector, ensure all findings are captured`;
-      } else if (remainingMins <= 60) {
-        status += ` | \u{1F7E0} ${remainingMins}min LEFT \u2014 focus on highest-probability vectors only`;
+      } else if (progress >= 0.75) {
+        status += ` | \u{1F7E1} ${remainingMins}min LEFT \u2014 HARVEST: wrap up, collect evidence, submit flags`;
+      } else if (progress >= 0.5) {
+        status += ` | \u{1F7E0} ${remainingMins}min LEFT \u2014 CREATIVE: advanced techniques, switch if stuck`;
+      } else if (progress >= 0.25) {
+        status += ` | \u{1F535} ${remainingMins}min LEFT \u2014 EXPLOIT: focus on discovered vectors`;
       } else {
-        status += ` | \u{1F7E2} ${remainingMins}min remaining`;
+        status += ` | \u{1F7E2} ${remainingMins}min remaining \u2014 SPRINT: recon + quick wins`;
       }
     }
     return status;
@@ -4912,26 +5082,31 @@ Detail: ${detail}
   },
   {
     name: TOOL_NAMES.ADD_FINDING,
-    description: "Add a security finding. Always include attackPattern for MITRE ATT&CK mapping.",
+    description: `Add a security finding with full details.
+ALWAYS provide: description (HOW you exploited it, step-by-step), evidence (actual command output proving success), and attackPattern (MITRE ATT&CK tactic).
+Findings without evidence are marked as UNVERIFIED and have low credibility.`,
     parameters: {
-      title: { type: "string", description: "Finding title" },
+      title: { type: "string", description: 'Concise finding title (e.g., "Path Traversal via /download endpoint")' },
       severity: { type: "string", description: "Severity: critical, high, medium, low, info" },
-      affected: { type: "array", items: { type: "string" }, description: "Affected host:port" },
+      affected: { type: "array", items: { type: "string" }, description: 'Affected host:port or URLs (e.g., ["ctf.example.com:443/download"])' },
+      description: { type: "string", description: "Detailed description: what the vulnerability is, how you exploited it step-by-step, what access it gives, and the impact. Include credentials found, methods used, and exploitation chain." },
+      evidence: { type: "array", items: { type: "string" }, description: 'Actual command outputs proving the finding (e.g., ["curl output showing /etc/passwd", "uid=0(root) gid=0(root)"]). Copy real output here.' },
       attackPattern: { type: "string", description: "MITRE ATT&CK tactic: initial_access, execution, persistence, privilege_escalation, defense_evasion, credential_access, discovery, lateral_movement, collection, exfiltration, command_and_control, impact" }
     },
-    required: ["title", "severity"],
+    required: ["title", "severity", "description", "evidence"],
     execute: async (p) => {
       const evidence = p.evidence || [];
       const title = p.title;
       const severity = p.severity;
       const affected = p.affected || [];
+      const description = p.description || "";
       const validation = validateFinding(evidence, severity);
       state.addFinding({
         id: generateId(AGENT_LIMITS.ID_RADIX, AGENT_LIMITS.ID_LENGTH),
         title,
         severity,
         affected,
-        description: p.description || "",
+        description,
         evidence,
         isVerified: validation.isVerified,
         remediation: "",
@@ -6686,8 +6861,8 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
       }
     },
     execute: async (p) => {
-      const { existsSync: existsSync9, statSync: statSync2, readdirSync: readdirSync3 } = await import("fs");
-      const { join: join11 } = await import("path");
+      const { existsSync: existsSync10, statSync: statSync2, readdirSync: readdirSync3 } = await import("fs");
+      const { join: join12 } = await import("path");
       const category = p.category || "";
       const search = p.search || "";
       const minSize = p.min_size || 0;
@@ -6733,7 +6908,7 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
         results.push("");
       };
       const scanDir = (dirPath, maxDepth = 3, depth = 0) => {
-        if (depth > maxDepth || !existsSync9(dirPath)) return;
+        if (depth > maxDepth || !existsSync10(dirPath)) return;
         let entries;
         try {
           entries = readdirSync3(dirPath, { withFileTypes: true });
@@ -6742,7 +6917,7 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
         }
         for (const entry of entries) {
           if (entry.name.startsWith(".") || SKIP_DIRS.has(entry.name)) continue;
-          const fullPath = join11(dirPath, entry.name);
+          const fullPath = join12(dirPath, entry.name);
           if (entry.isDirectory()) {
             scanDir(fullPath, maxDepth, depth + 1);
             continue;
@@ -8686,6 +8861,11 @@ var NETWORK_ERROR_CODES = {
   ENOTFOUND: "ENOTFOUND",
   CONNECT_TIMEOUT: "UND_ERR_CONNECT_TIMEOUT"
 };
+var TRANSIENT_NETWORK_ERRORS = [
+  NETWORK_ERROR_CODES.ECONNRESET,
+  NETWORK_ERROR_CODES.ETIMEDOUT,
+  NETWORK_ERROR_CODES.ENOTFOUND
+];
 var LLMError = class extends Error {
   /** Structured error information */
   errorInfo;
@@ -8696,8 +8876,11 @@ var LLMError = class extends Error {
   }
 };
 function classifyError(error) {
+  if (error === null || error === void 0) {
+    return { type: LLM_ERROR_TYPES.UNKNOWN, message: String(error), isRetryable: false, suggestedAction: "Analyze error" };
+  }
   const e = error;
-  const statusCode = e.status || e.statusCode;
+  const statusCode = e?.status || e?.statusCode;
   const errorMessage = e?.error?.error?.message || e?.error?.message || e?.message || String(error);
   if (statusCode === HTTP_STATUS.RATE_LIMIT || errorMessage.toLowerCase().includes("rate limit")) {
     return { type: LLM_ERROR_TYPES.RATE_LIMIT, message: errorMessage, statusCode, isRetryable: true, suggestedAction: "Wait and retry" };
@@ -8708,7 +8891,7 @@ function classifyError(error) {
   if (statusCode === HTTP_STATUS.BAD_REQUEST) {
     return { type: LLM_ERROR_TYPES.INVALID_REQUEST, message: errorMessage, statusCode, isRetryable: false, suggestedAction: "Modify request" };
   }
-  if (e.code === NETWORK_ERROR_CODES.ECONNRESET || e.code === NETWORK_ERROR_CODES.ETIMEDOUT || e.code === NETWORK_ERROR_CODES.ENOTFOUND) {
+  if (e.code && TRANSIENT_NETWORK_ERRORS.includes(e.code)) {
     return { type: LLM_ERROR_TYPES.NETWORK_ERROR, message: errorMessage, isRetryable: true, suggestedAction: "Check network" };
   }
   if (errorMessage.toLowerCase().includes("timeout") || e.code === NETWORK_ERROR_CODES.CONNECT_TIMEOUT) {
@@ -10317,100 +10500,6 @@ var INITIAL_TASKS = {
   RECON: "Initial reconnaissance and target discovery"
 };
 
-// src/shared/utils/time-strategy.ts
-var TIME_CONSTANTS = {
-  /** Milliseconds per minute */
-  MS_PER_MINUTE: 6e4,
-  /** Minutes threshold for sprint-to-exploit switch (no deadline mode) */
-  SPRINT_MINUTES: 10,
-  /** Deadline percentage thresholds for phase transitions */
-  PHASE_SPRINT: 0.25,
-  PHASE_EXPLOIT: 0.5,
-  PHASE_CREATIVE: 0.75
-};
-function getTimeAdaptiveStrategy(elapsedMs, deadlineMs) {
-  if (deadlineMs === 0) {
-    const mins = Math.floor(elapsedMs / TIME_CONSTANTS.MS_PER_MINUTE);
-    if (mins < TIME_CONSTANTS.SPRINT_MINUTES) {
-      return {
-        phase: "sprint",
-        label: "SPRINT",
-        urgency: "low",
-        directive: `\u26A1 SPRINT MODE (${mins}min elapsed): Parallel reconnaissance. Full port scan + service enumeration + default credentials. Attack immediately on any finding.`
-      };
-    }
-    return {
-      phase: "exploit",
-      label: "EXPLOIT",
-      urgency: "low",
-      directive: `\u{1F3AF} EXPLOIT MODE (${mins}min elapsed): Focus on discovered vectors. Chain findings. Build custom tools if needed.`
-    };
-  }
-  const totalMs = deadlineMs - (deadlineMs > Date.now() ? Date.now() - elapsedMs : 0);
-  const remainingMs = Math.max(0, deadlineMs - Date.now());
-  const pct = totalMs > 0 ? 1 - remainingMs / totalMs : 1;
-  const remainingMins = Math.floor(remainingMs / TIME_CONSTANTS.MS_PER_MINUTE);
-  if (pct < TIME_CONSTANTS.PHASE_SPRINT) {
-    return {
-      phase: "sprint",
-      label: "SPRINT",
-      urgency: "low",
-      directive: [
-        `\u26A1 SPRINT MODE (${remainingMins}min remaining):`,
-        "- Run ALL scans in parallel (nmap TCP/UDP, web fuzzing, CVE search)",
-        "- Try default/weak credentials on every discovered service IMMEDIATELY",
-        "- Check for exposed files (.env, .git, backup.sql, phpinfo)",
-        "- Anonymous access: FTP, SMB null session, Redis no auth, MongoDB",
-        "- Goal: Maximum attack surface discovery + instant wins"
-      ].join("\n")
-    };
-  }
-  if (pct < TIME_CONSTANTS.PHASE_EXPLOIT) {
-    return {
-      phase: "exploit",
-      label: "EXPLOIT",
-      urgency: "medium",
-      directive: [
-        `\u{1F3AF} EXPLOIT MODE (${remainingMins}min remaining):`,
-        "- Concentrate on discovered vectors with highest success probability",
-        "- Run parallel exploitation attempts on multiple targets",
-        "- Search for CVE PoCs for every identified service+version",
-        "- Chain: credentials \u2192 spray everywhere, LFI \u2192 config \u2192 DB creds",
-        "- Keep background scans running for new targets"
-      ].join("\n")
-    };
-  }
-  if (pct < TIME_CONSTANTS.PHASE_CREATIVE) {
-    return {
-      phase: "creative",
-      label: "CREATIVE",
-      urgency: "high",
-      directive: [
-        `\u{1F52C} CREATIVE MODE (${remainingMins}min remaining):`,
-        "- Try advanced techniques: chained exploits, custom tools, race conditions",
-        "- Binary analysis for SUID/custom binaries, kernel exploits for privesc",
-        "- Protocol-level attacks: SMB relay, Kerberoasting, ADCS abuse",
-        '- Search for latest bypasses: web_search("{defense} bypass 2025")',
-        "- If stuck >5min on any vector, SWITCH immediately"
-      ].join("\n")
-    };
-  }
-  return {
-    phase: "harvest",
-    label: "HARVEST",
-    urgency: "critical",
-    directive: [
-      `\u{1F3C1} HARVEST MODE (${remainingMins}min remaining \u2014 FINAL PUSH):`,
-      "- STOP exploring new vectors. Focus on what you HAVE.",
-      "- Submit ALL discovered flags immediately",
-      "- Check obvious flag locations: /root/flag.txt, env vars, DB tables",
-      "- Re-check previously accessed systems for missed flags",
-      "- Collect and record ALL evidence and proof files",
-      "- Write final report with all findings"
-    ].join("\n")
-  };
-}
-
 // src/shared/constants/service-ports.ts
 var SERVICE_PORTS = {
   SSH: 22,
@@ -10684,13 +10773,21 @@ var PHASE_TECHNIQUE_MAP = {
 };
 var PromptBuilder = class {
   state;
+  strategist = null;
   constructor(state) {
     this.state = state;
   }
   /**
-   * Build complete prompt for LLM iteration.
+   * Attach a Strategist instance for meta-prompting.
+   * Called by MainAgent after construction.
+   */
+  setStrategist(strategist) {
+    this.strategist = strategist;
+  }
+  /**
+   * Build complete prompt for LLM iteration (async).
    *
-   * Layers (phase-aware, enhanced with improvements #2,#3,#6,#7,#8,#12,#14):
+   * Layers (phase-aware, enhanced with D-CIPHER meta-prompting):
    * 1. base.md — Core identity, rules, autonomy, shell management (~7.6K tok)
    * 2. Phase-specific prompt — current phase's full specialist knowledge (~2K tok)
    * 3. Core methodology — strategy, orchestrator, evasion (always loaded, ~12K tok)
@@ -10706,9 +10803,10 @@ var PromptBuilder = class {
    * 12. Session timeline (#12: episodic memory)
    * 13. Learned techniques (#7: dynamic technique library)
    * 14. Persistent memory (#12: cross-session knowledge)
-   * 15. User context
+   * ★ 15. STRATEGIC DIRECTIVE — LLM-generated tactical instructions (D-CIPHER)
+   * 16. User context
    */
-  build(userInput, phase) {
+  async build(userInput, phase) {
     const fragments = [
       this.loadPromptFile(PROMPT_PATHS.BASE),
       this.loadCtfModePrompt(),
@@ -10731,10 +10829,14 @@ var PromptBuilder = class {
       // #12
       this.getDynamicTechniquesFragment(),
       // #7
-      this.getPersistentMemoryFragment(),
+      this.getPersistentMemoryFragment()
       // #12
-      PROMPT_DEFAULTS.USER_CONTEXT(userInput)
     ];
+    const strategistDirective = await this.getStrategistFragment();
+    if (strategistDirective) {
+      fragments.push(strategistDirective);
+    }
+    fragments.push(PROMPT_DEFAULTS.USER_CONTEXT(userInput));
     return fragments.filter((f) => !!f).join("\n\n");
   }
   /**
@@ -10924,11 +11026,217 @@ ${lines.join("\n")}
     }
     return this.state.persistentMemory.toPrompt(services);
   }
+  // --- D-CIPHER: Strategist Meta-Prompting ---
+  /**
+   * Generate strategic directive via Strategist LLM.
+   * Called every turn. Returns '' if no strategist is attached or call fails.
+   */
+  async getStrategistFragment() {
+    if (!this.strategist) return "";
+    return this.strategist.generateDirective();
+  }
+};
+
+// src/agents/strategist.ts
+import { readFileSync as readFileSync6, existsSync as existsSync9 } from "fs";
+import { join as join11, dirname as dirname6 } from "path";
+import { fileURLToPath as fileURLToPath5 } from "url";
+
+// src/shared/constants/strategist.ts
+var STRATEGIST_LIMITS = {
+  /** Maximum characters of state context sent to Strategist LLM.
+   *  WHY: Keeps Strategist input focused and affordable (~3-5K tokens).
+   *  Full state can be 20K+; Strategist needs summary, not everything. */
+  MAX_INPUT_CHARS: 15e3,
+  /** Maximum characters for the Strategist's response.
+   *  WHY: Directives should be terse and actionable (~800-1500 tokens).
+   *  Enhanced format includes SITUATION, priorities, EXHAUSTED, and SEARCH ORDERS. */
+  MAX_OUTPUT_CHARS: 5e3,
+  /** Maximum lines in the directive output.
+   *  WHY: Forces concise, prioritized directives while allowing
+   *  structured format (priorities + exhausted + search orders). */
+  MAX_DIRECTIVE_LINES: 60
+};
+
+// src/agents/strategist.ts
+var __dirname5 = dirname6(fileURLToPath5(import.meta.url));
+var STRATEGIST_PROMPT_PATH = join11(__dirname5, "prompts", "strategist-system.md");
+var Strategist = class {
+  llm;
+  state;
+  systemPrompt;
+  // Metrics
+  totalTokenCost = 0;
+  totalCalls = 0;
+  lastDirective = null;
+  constructor(llm, state) {
+    this.llm = llm;
+    this.state = state;
+    this.systemPrompt = this.loadSystemPrompt();
+  }
+  /**
+   * Generate a fresh strategic directive for this turn.
+   * Called every iteration by PromptBuilder.
+   *
+   * @returns Formatted directive string for prompt injection, or '' on failure
+   */
+  async generateDirective() {
+    try {
+      const input = this.buildInput();
+      const directive = await this.callLLM(input);
+      this.lastDirective = directive;
+      this.totalCalls++;
+      debugLog("general", "Strategist directive generated", {
+        tokens: directive.tokenCost,
+        totalCalls: this.totalCalls,
+        contentLength: directive.content.length
+      });
+      return this.formatForPrompt(directive);
+    } catch (err) {
+      debugLog("general", "Strategist failed \u2014 agent will proceed without directive", {
+        error: String(err)
+      });
+      if (this.lastDirective?.content) {
+        return this.formatForPrompt(this.lastDirective, true);
+      }
+      return "";
+    }
+  }
+  // ─── Input Construction ─────────────────────────────────────
+  /**
+   * Build the user message for the Strategist LLM.
+   * Assembles state, memory, attack graph, and timeline into a focused context.
+   */
+  buildInput() {
+    const sections = [];
+    sections.push("## Engagement State");
+    sections.push(this.state.toPrompt());
+    const timeline = this.state.episodicMemory.toPrompt();
+    if (timeline) {
+      sections.push("");
+      sections.push("## Recent Actions");
+      sections.push(timeline);
+    }
+    const failures = this.state.workingMemory.toPrompt();
+    if (failures) {
+      sections.push("");
+      sections.push("## Failed Attempts (DO NOT REPEAT THESE)");
+      sections.push(failures);
+    }
+    const graph = this.state.attackGraph.toPrompt();
+    if (graph) {
+      sections.push("");
+      sections.push("## Attack Graph");
+      sections.push(graph);
+    }
+    const techniques = this.state.dynamicTechniques.toPrompt();
+    if (techniques) {
+      sections.push("");
+      sections.push("## Learned Techniques");
+      sections.push(techniques);
+    }
+    sections.push("");
+    sections.push("## Time");
+    sections.push(this.state.getTimeStatus());
+    const analysis = this.state.getChallengeAnalysis();
+    if (analysis && analysis.primaryType !== "unknown") {
+      sections.push("");
+      sections.push(`## Challenge Type: ${analysis.primaryType.toUpperCase()} (${(analysis.confidence * 100).toFixed(0)}%)`);
+      sections.push(analysis.strategySuggestion);
+    }
+    let input = sections.join("\n");
+    if (input.length > STRATEGIST_LIMITS.MAX_INPUT_CHARS) {
+      input = input.slice(0, STRATEGIST_LIMITS.MAX_INPUT_CHARS) + "\n\n... [state truncated for Strategist context]";
+    }
+    return input;
+  }
+  // ─── LLM Call ───────────────────────────────────────────────
+  async callLLM(input) {
+    const messages = [{
+      role: "user",
+      content: `Analyze this penetration test situation and write a tactical directive for the attack agent.
+
+${input}`
+    }];
+    const response = await this.llm.generateResponse(
+      messages,
+      void 0,
+      // No tools — strategy generation only
+      this.systemPrompt
+    );
+    let content = response.content || "";
+    if (content.length > STRATEGIST_LIMITS.MAX_OUTPUT_CHARS) {
+      content = content.slice(0, STRATEGIST_LIMITS.MAX_OUTPUT_CHARS) + "\n... [directive truncated]";
+    }
+    const cost = response.usage ? response.usage.input_tokens + response.usage.output_tokens : 0;
+    this.totalTokenCost += cost;
+    return {
+      content,
+      generatedAt: Date.now(),
+      tokenCost: cost
+    };
+  }
+  // ─── Formatting ─────────────────────────────────────────────
+  /**
+   * Format directive for injection into the attack agent's system prompt.
+   */
+  formatForPrompt(directive, isStale = false) {
+    if (!directive.content) return "";
+    const age = Math.floor((Date.now() - directive.generatedAt) / 6e4);
+    const staleWarning = isStale ? `
+NOTE: This directive is from ${age}min ago (Strategist call failed this turn). Verify assumptions are still valid.` : "";
+    return [
+      "<strategic-directive>",
+      "TACTICAL DIRECTIVE (generated by Strategist LLM \u2014 follow these priorities):",
+      "",
+      directive.content,
+      staleWarning,
+      "</strategic-directive>"
+    ].filter(Boolean).join("\n");
+  }
+  // ─── System Prompt Loading ──────────────────────────────────
+  loadSystemPrompt() {
+    try {
+      if (existsSync9(STRATEGIST_PROMPT_PATH)) {
+        return readFileSync6(STRATEGIST_PROMPT_PATH, "utf-8");
+      }
+    } catch {
+    }
+    return FALLBACK_SYSTEM_PROMPT;
+  }
+  // ─── Public API ─────────────────────────────────────────────
+  /** Get total token cost of all Strategist calls this session. */
+  getTotalTokenCost() {
+    return this.totalTokenCost;
+  }
+  /** Get number of Strategist calls this session. */
+  getTotalCalls() {
+    return this.totalCalls;
+  }
+  /** Get the most recent directive (for TUI display). */
+  getLastDirective() {
+    return this.lastDirective;
+  }
+  /** Reset strategist state (for /clear command). */
+  reset() {
+    this.lastDirective = null;
+    this.totalTokenCost = 0;
+    this.totalCalls = 0;
+  }
 };
+var FALLBACK_SYSTEM_PROMPT = `You are an elite autonomous penetration testing STRATEGIST \u2014 a red team tactical commander.
+Analyze the engagement state and issue precise attack orders for the execution agent.
+Format: SITUATION line, numbered PRIORITY items with ACTION/SEARCH/SUCCESS/FALLBACK/CHAIN fields, EXHAUSTED list, and SEARCH ORDERS.
+Be surgically specific: name exact tools, commands, parameters, and wordlists. The agent copy-pastes your commands.
+Include mandatory web_search directives for every unknown service/version.
+Detect stalls (repeated failures, no progress) and force completely different attack vectors.
+Chain every finding: "If X works \u2192 immediately do Y \u2192 which enables Z."
+Maximum 50 lines. Zero preamble. Direct imperatives only. Never repeat failed approaches.`;
 
 // src/agents/main-agent.ts
 var MainAgent = class extends CoreAgent {
   promptBuilder;
+  strategist;
   approvalGate;
   scopeGuard;
   userInput = "";
@@ -10937,6 +11245,8 @@ var MainAgent = class extends CoreAgent {
     this.approvalGate = approvalGate;
     this.scopeGuard = scopeGuard;
     this.promptBuilder = new PromptBuilder(state);
+    this.strategist = new Strategist(this.llm, state);
+    this.promptBuilder.setStrategist(this.strategist);
   }
   /**
    * Public entry point for running the agent.
@@ -10947,7 +11257,8 @@ var MainAgent = class extends CoreAgent {
     this.emitStart(userInput);
     this.initializeTask();
     try {
-      const result2 = await this.run(userInput, this.getCurrentPrompt());
+      const initialPrompt = await this.getCurrentPrompt();
+      const result2 = await this.run(userInput, initialPrompt);
       return result2.output;
     } finally {
       try {
@@ -10963,9 +11274,10 @@ var MainAgent = class extends CoreAgent {
   /**
    * Override step to rebuild prompt dynamically each iteration.
    * This ensures the agent always sees the latest state, phase, and active processes.
+   * The Strategist LLM generates a fresh tactical directive every turn.
    */
   async step(iteration, messages, _unusedPrompt, progress) {
-    const dynamicPrompt = this.getCurrentPrompt();
+    const dynamicPrompt = await this.getCurrentPrompt();
     const result2 = await super.step(iteration, messages, dynamicPrompt, progress);
     this.emitStateChange();
     return result2;
@@ -10994,7 +11306,7 @@ var MainAgent = class extends CoreAgent {
   saveCurrentState() {
     return saveState(this.state);
   }
-  getCurrentPrompt() {
+  async getCurrentPrompt() {
     const phase = this.state.getPhase() || PHASES.RECON;
     return this.promptBuilder.build(this.userInput, phase);
   }
@@ -11048,6 +11360,7 @@ var MainAgent = class extends CoreAgent {
     });
     this.state.reset();
     this.userInput = "";
+    this.strategist.reset();
     return clearWorkspace();
   }
   setScope(allowed, exclusions = []) {
@@ -11069,6 +11382,10 @@ var MainAgent = class extends CoreAgent {
     });
     this.emitStateChange();
   }
+  /** Get the Strategist instance (for TUI metrics display). */
+  getStrategist() {
+    return this.strategist;
+  }
 };
 
 // src/agents/factory.ts
@@ -11095,7 +11412,7 @@ var AgentFactory = class {
 };
 
 // src/platform/tui/utils/format.ts
-var formatDuration = (ms) => {
+var formatDuration2 = (ms) => {
   const totalSec = ms / 1e3;
   if (totalSec < 60) return `${totalSec.toFixed(1)}s`;
   const minutes = Math.floor(totalSec / 60);
@@ -11109,7 +11426,7 @@ var formatTokens = (count) => {
 };
 var formatMeta = (ms, tokens) => {
   const parts = [];
-  if (ms > 0) parts.push(formatDuration(ms));
+  if (ms > 0) parts.push(formatDuration2(ms));
   if (tokens > 0) parts.push(`\u2191 ${formatTokens(tokens)} tokens`);
   return parts.length > 0 ? `(${parts.join(" \xB7 ")})` : "";
 };
@@ -11143,137 +11460,59 @@ var formatInlineStatus = () => {
 import { useState, useRef, useCallback } from "react";
 
 // src/shared/constants/theme.ts
+var COLORS = {
+  primary: "#e11d48",
+  // Rose 600 - red team primary
+  accent: "#fb923c",
+  // Orange 400 - fire accent
+  secondary: "#94a3b8",
+  // Slate - secondary/muted
+  white: "#f8fafc",
+  // Main text
+  red: "#ff4500",
+  // OrangeRed - Error/Critical (distinct from rose primary)
+  yellow: "#facc15"
+  // Yellow 400 - Warning/Pending (pure yellow)
+};
 var THEME = {
-  // Backgrounds (deep dark with blue tint)
+  ...COLORS,
   bg: {
     primary: "#050505",
-    // Deepest black
-    secondary: "#0a0c10",
-    // Dark void
-    tertiary: "#0f172a",
-    // Slate dark
-    elevated: "#1e293b",
-    // Bright slate
     input: "#020617"
-    // Midnight
   },
-  // Text colors
   text: {
-    primary: "#f8fafc",
-    // Near white
-    secondary: "#cbd5e1",
-    // Brighter slate
-    muted: "#94a3b8",
-    // Lighter blue-gray (was too dark)
-    accent: "#38bdf8",
-    // Sky blue
-    highlight: "#ffffff"
-    // Pure white
+    primary: COLORS.white,
+    secondary: COLORS.secondary,
+    muted: "#64748b",
+    accent: COLORS.accent
+    // Using Emerald for "accented" text
   },
-  // Status colors
   status: {
-    success: "#10b981",
-    // Emerald
-    warning: "#f59e0b",
-    // Amber
-    error: "#ef4444",
-    // Red
-    info: "#3b82f6",
-    // Blue 500 (distinct from user sky)
-    running: "#60a5fa",
-    // Blue 400 (AI activity — distinct from user sky)
-    pending: "#64748b"
-    // Slate
+    success: COLORS.accent,
+    // Success feels good in emerald
+    warning: COLORS.yellow,
+    error: COLORS.red,
+    running: COLORS.primary
+    // System operations in blue
   },
-  // Severity colors
-  semantic: {
-    critical: "#7f1d1d",
-    // Dark red
-    high: "#ef4444",
-    // Red
-    medium: "#f97316",
-    // Orange
-    low: "#eab308",
-    // Yellow
-    info: "#3b82f6"
-    // Blue
-  },
-  // Border colors
   border: {
     default: "#1e293b",
-    focus: "#7dd3fc",
-    // Sky 300 (softer, UI decorative)
-    error: "#ef4444",
-    success: "#22c55e"
-  },
-  // Phase colors
-  phase: {
-    recon: "#94a3b8",
-    enum: "#60a5fa",
-    // Blue 400 (phase indicator)
-    vuln: "#f59e0b",
-    exploit: "#ef4444",
-    privesc: "#8b5cf6",
-    persist: "#22c55e",
-    report: "#64748b"
-  },
-  // Accent colors
-  accent: {
-    pink: "#f472b6",
-    rose: "#fb7185",
-    fuchsia: "#e879f9",
-    purple: "#a78bfa",
-    violet: "#8b5cf6",
-    indigo: "#818cf8",
-    blue: "#60a5fa",
-    cyan: "#22d3ee",
-    teal: "#2dd4bf",
-    emerald: "#34d399",
-    green: "#4ade80",
-    lime: "#a3e635",
-    yellow: "#facc15",
-    amber: "#fbbf24",
-    orange: "#fb923c",
-    red: "#f87171"
+    focus: COLORS.primary,
+    error: COLORS.red
   },
-  // Gradients
   gradient: {
-    cyber: [
-      "#38bdf8",
-      // Sky 400
-      "#34c6f4",
-      "#30d0f0",
-      "#2cd9ec",
-      "#28e3e8",
-      "#22d3ee",
-      // Cyan 400
-      "#25dbd6",
-      "#28e4be",
-      "#2dd4bf",
-      // Teal 400
-      "#31dbac",
-      "#34d399"
-      // Emerald 400
-    ],
-    danger: ["#ef4444", "#7f1d1d"],
-    success: ["#22c55e", "#14532d"],
-    gold: ["#f59e0b", "#78350f"],
-    royal: ["#818cf8", "#312e81"]
+    cyber: [COLORS.primary, "#f43f5e", "#fb923c"]
+    // Red team fire gradient: rose → pink → amber
   },
-  // Spinner color (soft sky — UI feedback, not user input)
-  spinner: "#7dd3fc",
-  // Sky 300
-  // Identity color (branded accent)
-  identity: "#60a5fa"
-  // Blue 400
+  spinner: COLORS.primary
 };
 var ASCII_BANNER = `
-    ____             __              __  _             
-   / __ \\___  ____  / /____  _______/ /_(_)___  ____ _ 
-  / /_/ / _ \\/ __ \\/ __/ _ \\/ ___/ __/ / / __ \\/ __ \`/ 
- / ____/  __/ / / / /_/  __(__  ) /_/ / / / / / /_/ /  
-/_/    \\___/_/ /_/\\__/\\___/____/\\__/_/_/_/ /_/\\__, /   
-                                             /____/    
+  \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2557   \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557\u2588\u2588\u2588\u2557   \u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 
+  \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u2588\u2588\u2588\u2588\u2557  \u2588\u2588\u2551\u255A\u2550\u2550\u2588\u2588\u2554\u2550\u2550\u255D\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u255A\u2550\u2550\u2588\u2588\u2554\u2550\u2550\u255D\u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2557  \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D 
+  \u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D\u2588\u2588\u2588\u2588\u2588\u2557  \u2588\u2588\u2554\u2588\u2588\u2557 \u2588\u2588\u2551   \u2588\u2588\u2551   \u2588\u2588\u2588\u2588\u2588\u2557  \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557   \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2554\u2588\u2588\u2557 \u2588\u2588\u2551\u2588\u2588\u2551  \u2588\u2588\u2588\u2557
+  \u2588\u2588\u2554\u2550\u2550\u2550\u255D \u2588\u2588\u2554\u2550\u2550\u255D  \u2588\u2588\u2551\u255A\u2588\u2588\u2557\u2588\u2588\u2551   \u2588\u2588\u2551   \u2588\u2588\u2554\u2550\u2550\u255D  \u255A\u2550\u2550\u2550\u2550\u2588\u2588\u2551   \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551\u255A\u2588\u2588\u2557\u2588\u2588\u2551\u2588\u2588\u2551   \u2588\u2588\u2551
+  \u2588\u2588\u2551     \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2551 \u255A\u2588\u2588\u2588\u2588\u2551   \u2588\u2588\u2551   \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551   \u2588\u2588\u2551   \u2588\u2588\u2551\u2588\u2588\u2551 \u255A\u2588\u2588\u2588\u2588\u2551\u255A\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255D
+  \u255A\u2550\u255D     \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D\u255A\u2550\u255D  \u255A\u2550\u2550\u2550\u255D   \u255A\u2550\u255D   \u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u255D   \u255A\u2550\u255D   \u255A\u2550\u255D\u255A\u2550\u255D  \u255A\u2550\u2550\u2550\u255D \u255A\u2550\u2550\u2550\u2550\u2550\u255D 
 `;
 var ICONS = {
   // Status
@@ -11287,7 +11526,7 @@ var ICONS = {
   target: "\u25C8",
   // Diamond for target
   scan: "\u25CE",
-  exploit: "\u26A1",
+  exploit: "\u2607",
   shell: "\u276F",
   // Progress
   pending: "\u25CB",
@@ -11299,9 +11538,9 @@ var ICONS = {
   medium: "\u25C7",
   low: "\u25E6",
   // Security
-  lock: "\u{1F512}",
-  unlock: "\u{1F513}",
-  key: "\u{1F511}",
+  lock: "\u22A1",
+  unlock: "\u2B1A",
+  key: "\u26B7",
   flag: "\u2691",
   // Simple flag
   pwned: "\u25C8"
@@ -11311,39 +11550,39 @@ var ICONS = {
 // src/platform/tui/constants/display.ts
 var TUI_DISPLAY_LIMITS = {
   /** Reasoning buffer size for display */
-  reasoningBuffer: 1e3,
+  reasoningBuffer: 2e3,
   /** Reasoning preview length */
-  reasoningPreview: 300,
+  reasoningPreview: 500,
   /** Reasoning history slice for display */
-  reasoningHistorySlice: 500,
+  reasoningHistorySlice: 1e3,
   /** Tool input preview length (for command display) */
-  toolInputPreview: 100,
+  toolInputPreview: 200,
   /** Tool input truncated length */
-  toolInputTruncated: 97,
-  /** Tool output preview length */
-  toolOutputPreview: 500,
+  toolInputTruncated: 197,
+  /** Tool output preview length - increased to show full output */
+  toolOutputPreview: 2e3,
   /** Error message preview length */
-  errorPreview: 300,
+  errorPreview: 500,
   /** Status thought preview length */
-  statusThoughtPreview: 100,
+  statusThoughtPreview: 150,
   /** Status thought truncated length */
-  statusThoughtTruncated: 97,
+  statusThoughtTruncated: 147,
   /** Retry error preview length */
-  retryErrorPreview: 60,
+  retryErrorPreview: 100,
   /** Retry error truncated length */
-  retryErrorTruncated: 57,
+  retryErrorTruncated: 97,
   /** Timer update interval in ms */
   timerInterval: 1e3,
   /** Exit delay in ms */
   exitDelay: 100,
   /** Purpose text max length before truncation */
-  purposeMaxLength: 30,
+  purposeMaxLength: 50,
   /** Purpose text truncated length */
-  purposeTruncated: 27,
+  purposeTruncated: 47,
   /** Tool detail preview length in flow display */
-  toolDetailPreview: 100,
+  toolDetailPreview: 200,
   /** Observe detail preview length in flow display */
-  observeDetailPreview: 80,
+  observeDetailPreview: 150,
   /** Max flow nodes to display */
   maxFlowNodes: 50,
   /** Max stopped processes to show */
@@ -11358,7 +11597,7 @@ var MESSAGE_STYLES = {
     error: THEME.status.error,
     tool: THEME.status.running,
     result: THEME.text.muted,
-    status: THEME.accent.cyan
+    status: THEME.primary
   },
   prefixes: {
     user: "\u276F",
@@ -11419,21 +11658,9 @@ var useAgentState = () => {
   const [isProcessing, setIsProcessing] = useState(false);
   const [currentStatus, setCurrentStatus] = useState("");
   const [elapsedTime, setElapsedTime] = useState(0);
-  const [retryState, setRetryState] = useState({
-    isRetrying: false,
-    attempt: 0,
-    maxRetries: 0,
-    delayMs: 0,
-    error: "",
-    countdown: 0
-  });
+  const [retryState, setRetryState] = useState({ status: "idle" });
   const [currentTokens, setCurrentTokens] = useState(0);
-  const [inputRequest, setInputRequest] = useState({
-    isActive: false,
-    prompt: "",
-    isPassword: false,
-    resolve: null
-  });
+  const [inputRequest, setInputRequest] = useState({ status: "inactive" });
   const [stats, setStats] = useState({ phase: DEFAULTS.INIT_PHASE, targets: 0, findings: 0, todo: 0 });
   const lastResponseMetaRef = useRef(null);
   const startTimeRef = useRef(0);
@@ -11557,10 +11784,10 @@ var useAgentEvents = (agent, eventsRef, state) => {
       setCurrentTokens(tokenAccumRef.current + stepTokens);
     };
     const onFlagFound = (e) => {
-      addMessage("system", `\u{1F3F4} FLAG FOUND: ${e.data.flag}  (total: ${e.data.totalFlags})`);
+      addMessage("system", `[FLAG] ${e.data.flag} (total: ${e.data.totalFlags})`);
     };
     const onPhaseChange = (e) => {
-      addMessage("system", `\u{1F504} Phase: ${e.data.fromPhase} \u2192 ${e.data.toPhase} (${e.data.reason})`);
+      addMessage("system", `[Phase] ${e.data.fromPhase} -> ${e.data.toPhase} (${e.data.reason})`);
       const s = agent.getState();
       setStats({
         phase: e.data.toPhase,
@@ -11574,7 +11801,7 @@ var useAgentEvents = (agent, eventsRef, state) => {
         const isPassword = /password|passphrase/i.test(p);
         const inputType = /sudo/i.test(p) ? "sudo_password" : isPassword ? "password" : "text";
         setInputRequest({
-          isActive: true,
+          status: "active",
           prompt: p.trim(),
           isPassword,
           inputType,
@@ -11588,7 +11815,7 @@ var useAgentEvents = (agent, eventsRef, state) => {
         const isPassword = hiddenTypes.includes(request.type);
         const displayPrompt = buildCredentialPrompt(request);
         setInputRequest({
-          isActive: true,
+          status: "active",
           prompt: displayPrompt,
           isPassword,
           inputType: request.type,
@@ -11669,7 +11896,7 @@ function handleRetry(e, addMessage, setRetryState, retryCountdownRef, retryCount
   const retryNum = retryCountRef.current;
   addMessage("system", `\u27F3 Retry #${retryNum} \xB7 ${e.data.error} \xB7 waiting ${delaySec}s...`);
   setRetryState({
-    isRetrying: true,
+    status: "retrying",
     attempt: retryNum,
     maxRetries: e.data.maxRetries,
     delayMs: e.data.delayMs,
@@ -11681,10 +11908,10 @@ function handleRetry(e, addMessage, setRetryState, retryCountdownRef, retryCount
   retryCountdownRef.current = setInterval(() => {
     remaining -= 1;
     if (remaining <= 0) {
-      setRetryState((prev) => ({ ...prev, isRetrying: false, countdown: 0 }));
+      setRetryState({ status: "idle" });
       if (retryCountdownRef.current) clearInterval(retryCountdownRef.current);
     } else {
-      setRetryState((prev) => ({ ...prev, countdown: remaining }));
+      setRetryState((prev) => prev.status === "retrying" ? { ...prev, countdown: remaining } : prev);
     }
   }, 1e3);
 }
@@ -11705,18 +11932,18 @@ Options: ${request.options.join(", ")}`;
 }
 function getCommandEventIcon(eventType) {
   const icons = {
-    [COMMAND_EVENT_TYPES.TOOL_MISSING]: "\u26A0\uFE0F",
-    [COMMAND_EVENT_TYPES.TOOL_INSTALL]: "\u{1F4E6}",
-    [COMMAND_EVENT_TYPES.TOOL_INSTALLED]: "\u2705",
-    [COMMAND_EVENT_TYPES.TOOL_INSTALL_FAILED]: "\u274C",
-    [COMMAND_EVENT_TYPES.TOOL_RETRY]: "\u{1F504}",
-    [COMMAND_EVENT_TYPES.COMMAND_START]: "\u25B6",
-    [COMMAND_EVENT_TYPES.COMMAND_SUCCESS]: "\u2713",
-    [COMMAND_EVENT_TYPES.COMMAND_FAILED]: "\u2717",
-    [COMMAND_EVENT_TYPES.COMMAND_ERROR]: "\u274C",
-    [COMMAND_EVENT_TYPES.INPUT_REQUIRED]: "\u{1F510}"
+    [COMMAND_EVENT_TYPES.TOOL_MISSING]: "[!]",
+    [COMMAND_EVENT_TYPES.TOOL_INSTALL]: "[install]",
+    [COMMAND_EVENT_TYPES.TOOL_INSTALLED]: "[ok]",
+    [COMMAND_EVENT_TYPES.TOOL_INSTALL_FAILED]: "[fail]",
+    [COMMAND_EVENT_TYPES.TOOL_RETRY]: "[retry]",
+    [COMMAND_EVENT_TYPES.COMMAND_START]: "[>]",
+    [COMMAND_EVENT_TYPES.COMMAND_SUCCESS]: "[ok]",
+    [COMMAND_EVENT_TYPES.COMMAND_FAILED]: "[x]",
+    [COMMAND_EVENT_TYPES.COMMAND_ERROR]: "[err]",
+    [COMMAND_EVENT_TYPES.INPUT_REQUIRED]: "[auth]"
   };
-  return icons[eventType] || "\u2022";
+  return icons[eventType] || "[-]";
 }
 
 // src/platform/tui/hooks/useAgent.ts
@@ -11779,9 +12006,9 @@ var useAgent = (shouldAutoApprove, target) => {
   inputRequestRef.current = inputRequest;
   const cancelInputRequest = useCallback2(() => {
     const ir = inputRequestRef.current;
-    if (ir.isActive && ir.resolve) {
+    if (ir.status === "active") {
       ir.resolve(null);
-      setInputRequest({ isActive: false, prompt: "", isPassword: false, resolve: null });
+      setInputRequest({ status: "inactive" });
       addMessage("system", "Input cancelled");
     }
   }, [setInputRequest, addMessage]);
@@ -11817,12 +12044,13 @@ var useAgent = (shouldAutoApprove, target) => {
 };
 
 // src/platform/tui/components/MessageList.tsx
+import { memo } from "react";
 import { Box as Box2, Text as Text2, Static } from "ink";
 
 // src/platform/tui/components/inline-status.tsx
 import { Box, Text } from "ink";
 import { Fragment, jsx, jsxs } from "react/jsx-runtime";
-function formatDuration2(ms) {
+function formatDuration3(ms) {
   const seconds = Math.floor(ms / 1e3);
   if (seconds < 60) return `${seconds}s`;
   const minutes = Math.floor(seconds / 60);
@@ -11834,13 +12062,13 @@ function formatDuration2(ms) {
 }
 function getRoleColor(role) {
   const roleColors = {
-    listener: THEME.accent.cyan,
-    active_shell: THEME.accent.green,
-    server: THEME.accent.blue,
-    sniffer: THEME.accent.amber,
-    spoofer: THEME.accent.orange,
-    proxy: THEME.accent.purple,
-    callback: THEME.accent.pink,
+    listener: THEME.primary,
+    active_shell: THEME.primary,
+    server: THEME.secondary,
+    sniffer: THEME.yellow,
+    spoofer: THEME.yellow,
+    proxy: THEME.primary,
+    callback: THEME.primary,
     background: THEME.text.muted
   };
   return roleColors[role] || THEME.text.secondary;
@@ -11864,7 +12092,7 @@ function StatusIndicator({ running, exitCode }) {
   ] });
 }
 function ProcessRow({ proc, compact }) {
-  const duration = formatDuration2(proc.durationMs);
+  const duration = formatDuration3(proc.durationMs);
   const port = proc.listeningPort ? `:${proc.listeningPort}` : "";
   const purpose = proc.purpose || proc.description || "";
   const truncatedPurpose = compact && purpose.length > TUI_DISPLAY_LIMITS.purposeMaxLength ? purpose.slice(0, TUI_DISPLAY_LIMITS.purposeTruncated) + "..." : purpose;
@@ -11979,7 +12207,7 @@ function parseStatusContent(content) {
   }
   return null;
 }
-var MessageList = ({ messages }) => {
+var MessageList = memo(({ messages }) => {
   return /* @__PURE__ */ jsx2(Static, { items: messages, children: (msg) => {
     if (msg.type === "status") {
       const statusData = parseStatusContent(msg.content);
@@ -12000,18 +12228,19 @@ var MessageList = ({ messages }) => {
       msg.content
     ] }) }, msg.id);
   } });
-};
+});
 
 // src/platform/tui/components/StatusDisplay.tsx
+import { memo as memo3 } from "react";
 import { Box as Box3, Text as Text4 } from "ink";
 
 // src/platform/tui/components/MusicSpinner.tsx
-import { useState as useState3, useEffect as useEffect3 } from "react";
+import { useState as useState3, useEffect as useEffect3, memo as memo2 } from "react";
 import { Text as Text3 } from "ink";
 import { jsx as jsx3 } from "react/jsx-runtime";
 var FRAMES = ["\u2669", "\u266A", "\u266B", "\u266C", "\u266B", "\u266A"];
-var INTERVAL = 400;
-var MusicSpinner = ({ color }) => {
+var INTERVAL = 600;
+var MusicSpinner = memo2(({ color }) => {
   const [index, setIndex] = useState3(0);
   useEffect3(() => {
     const timer = setInterval(() => {
@@ -12020,11 +12249,11 @@ var MusicSpinner = ({ color }) => {
     return () => clearInterval(timer);
   }, []);
   return /* @__PURE__ */ jsx3(Text3, { color, children: FRAMES[index] });
-};
+});
 
 // src/platform/tui/components/StatusDisplay.tsx
 import { jsx as jsx4, jsxs as jsxs3 } from "react/jsx-runtime";
-var StatusDisplay = ({
+var StatusDisplay = memo3(({
   retryState,
   isProcessing,
   currentStatus,
@@ -12036,7 +12265,7 @@ var StatusDisplay = ({
   };
   const meta = formatMeta(elapsedTime * 1e3, currentTokens);
   return /* @__PURE__ */ jsxs3(Box3, { flexDirection: "column", marginTop: 0, children: [
-    retryState.isRetrying && /* @__PURE__ */ jsxs3(Box3, { marginBottom: 1, children: [
+    retryState.status === "retrying" && /* @__PURE__ */ jsxs3(Box3, { marginBottom: 1, children: [
       /* @__PURE__ */ jsx4(Text4, { color: THEME.status.warning, children: /* @__PURE__ */ jsx4(MusicSpinner, { color: THEME.status.warning }) }),
       /* @__PURE__ */ jsxs3(Text4, { color: THEME.status.warning, children: [
         " \u27F3 Retry #",
@@ -12046,13 +12275,13 @@ var StatusDisplay = ({
         " \xB7 ",
         truncateError(retryState.error)
       ] }),
-      /* @__PURE__ */ jsxs3(Text4, { color: THEME.accent.cyan, bold: true, children: [
+      /* @__PURE__ */ jsxs3(Text4, { color: THEME.primary, bold: true, children: [
         " \xB7 ",
         retryState.countdown,
         "s"
       ] })
     ] }),
-    isProcessing && !retryState.isRetrying && /* @__PURE__ */ jsxs3(Box3, { marginBottom: 1, children: [
+    isProcessing && retryState.status !== "retrying" && /* @__PURE__ */ jsxs3(Box3, { marginBottom: 1, children: [
       /* @__PURE__ */ jsx4(Text4, { color: THEME.spinner, children: /* @__PURE__ */ jsx4(MusicSpinner, { color: THEME.spinner }) }),
       /* @__PURE__ */ jsxs3(Text4, { color: THEME.text.muted, children: [
         " ",
@@ -12064,15 +12293,15 @@ var StatusDisplay = ({
       ] })
     ] })
   ] });
-};
+});
 
 // src/platform/tui/components/ChatInput.tsx
-import { useMemo, useCallback as useCallback3, useRef as useRef3 } from "react";
+import { useMemo, useCallback as useCallback3, useRef as useRef3, memo as memo4 } from "react";
 import { Box as Box4, Text as Text5, useInput } from "ink";
 import TextInput from "ink-text-input";
 import { jsx as jsx5, jsxs as jsxs4 } from "react/jsx-runtime";
 var MAX_SUGGESTIONS = 6;
-var ChatInput = ({
+var ChatInput = memo4(({
   value,
   onChange,
   onSubmit,
@@ -12101,11 +12330,13 @@ var ChatInput = ({
   const onChangeRef = useRef3(onChange);
   onChangeRef.current = onChange;
   useInput(useCallback3((_input, key) => {
-    if (inputRequestRef.current.isActive) return;
+    if (inputRequestRef.current.status === "active") return;
     if (key.tab && isSlashModeRef.current && !hasArgsRef.current && suggestionsRef.current.length > 0) {
       const best = suggestionsRef.current[0];
       const argsHint = best.args ? " " : "";
-      onChangeRef.current(`/${best.name}${argsHint}`);
+      const completed = `/${best.name}${argsHint}`;
+      onChangeRef.current("");
+      setTimeout(() => onChangeRef.current(completed), 0);
     }
   }, []));
   return /* @__PURE__ */ jsxs4(Box4, { flexDirection: "column", children: [
@@ -12119,7 +12350,7 @@ var ChatInput = ({
         marginBottom: 0,
         children: suggestions.map((cmd, i) => {
           const isFirst = i === 0;
-          const nameColor = isFirst ? THEME.text.accent : THEME.text.secondary;
+          const nameColor = isFirst ? THEME.primary : THEME.text.secondary;
           const aliasText = cmd.alias ? ` /${cmd.alias}` : "";
           const argsText = cmd.args ? ` ${cmd.args}` : "";
           return /* @__PURE__ */ jsxs4(Box4, { children: [
@@ -12133,7 +12364,7 @@ var ChatInput = ({
               " \u2014 ",
               cmd.description
             ] }),
-            isFirst && /* @__PURE__ */ jsx5(Text5, { color: THEME.accent.cyan, children: " \u21E5 Tab" })
+            isFirst && /* @__PURE__ */ jsx5(Text5, { color: THEME.primary, children: " [Tab]" })
           ] }, cmd.name);
         })
       }
@@ -12142,10 +12373,10 @@ var ChatInput = ({
       Box4,
       {
         borderStyle: "single",
-        borderColor: inputRequest.isActive ? THEME.status.warning : THEME.border.default,
+        borderColor: inputRequest.status === "active" ? THEME.status.warning : THEME.border.default,
         paddingX: 1,
-        children: inputRequest.isActive ? /* @__PURE__ */ jsxs4(Box4, { children: [
-          /* @__PURE__ */ jsx5(Text5, { color: THEME.status.warning, children: "\u{1F512}" }),
+        children: inputRequest.status === "active" ? /* @__PURE__ */ jsxs4(Box4, { children: [
+          /* @__PURE__ */ jsx5(Text5, { color: THEME.status.warning, children: "[auth]" }),
           /* @__PURE__ */ jsxs4(Text5, { color: THEME.text.muted, children: [
             " ",
             inputRequest.prompt
@@ -12176,9 +12407,10 @@ var ChatInput = ({
       }
     )
   ] });
-};
+});
 
 // src/platform/tui/components/footer.tsx
+import { memo as memo5 } from "react";
 import { Box as Box5, Text as Text6 } from "ink";
 import { jsx as jsx6, jsxs as jsxs5 } from "react/jsx-runtime";
 var formatElapsed = (totalSeconds) => {
@@ -12191,7 +12423,7 @@ var formatElapsed = (totalSeconds) => {
   }
   return `${minutes}:${pad(seconds)}`;
 };
-var Footer = ({ phase, targets, findings, todo, elapsedTime, isProcessing }) => {
+var Footer = memo5(({ phase, targets, findings, todo, elapsedTime, isProcessing }) => {
   return /* @__PURE__ */ jsxs5(
     Box5,
     {
@@ -12202,7 +12434,7 @@ var Footer = ({ phase, targets, findings, todo, elapsedTime, isProcessing }) =>
         /* @__PURE__ */ jsxs5(Box5, { gap: 2, children: [
           /* @__PURE__ */ jsxs5(Text6, { color: THEME.text.muted, children: [
             "Phase: ",
-            /* @__PURE__ */ jsx6(Text6, { color: THEME.accent.cyan, children: phase })
+            /* @__PURE__ */ jsx6(Text6, { color: THEME.primary, children: phase })
           ] }),
           /* @__PURE__ */ jsxs5(Text6, { color: THEME.text.muted, children: [
             "Targets: ",
@@ -12224,7 +12456,7 @@ var Footer = ({ phase, targets, findings, todo, elapsedTime, isProcessing }) =>
       ]
     }
   );
-};
+});
 var footer_default = Footer;
 
 // src/platform/tui/app.tsx
@@ -12260,7 +12492,7 @@ var App = ({ autoApprove = false, target }) => {
   inputRequestRef.current = inputRequest;
   const handleExit = useCallback4(() => {
     const ir = inputRequestRef.current;
-    if (ir.isActive && ir.resolve) ir.resolve(null);
+    if (ir.status === "active") ir.resolve(null);
     cleanupAllProcesses().catch(() => {
     });
     exit();
@@ -12281,9 +12513,9 @@ var App = ({ autoApprove = false, target }) => {
         setMessages([]);
         const result2 = await agent.resetSession();
         if (result2.cleared.length > 0) {
-          addMessage("system", `\u{1F9F9} Session reset \u2014 cleared: ${result2.cleared.join(", ")}`);
+          addMessage("system", `[reset] Session cleared: ${result2.cleared.join(", ")}`);
         } else {
-          addMessage("system", "\u{1F9F9} Session reset \u2014 all clean");
+          addMessage("system", "[reset] Session clean");
         }
         if (result2.errors.length > 0) {
           addMessage("error", `Cleanup errors: ${result2.errors.join("; ")}`);
@@ -12310,7 +12542,7 @@ var App = ({ autoApprove = false, target }) => {
         if (!autoApproveModeRef.current) {
           setAutoApproveMode(true);
           agent.setAutoApprove(true);
-          addMessage("system", "\u{1F680} Autonomous mode enabled (auto-approve ON)");
+          addMessage("system", "[auto] Autonomous mode enabled");
         }
         addMessage("system", "Starting penetration test...");
         const targets = Array.from(agent.getState().getTargets().keys());
@@ -12324,8 +12556,29 @@ var App = ({ autoApprove = false, target }) => {
           addMessage("system", "No findings.");
           break;
         }
-        addMessage("system", `--- ${findings.length} Findings ---`);
-        findings.forEach((f) => addMessage("system", `[${f.severity}] ${f.title}${f.attackPattern ? ` (ATT&CK: ${f.attackPattern})` : ""}`));
+        const findingLines = [`\u2500\u2500\u2500 ${findings.length} Findings \u2500\u2500\u2500`, ""];
+        findings.forEach((f, i) => {
+          const verified = f.isVerified ? `[${ICONS.success}] Verified` : `[${ICONS.warning}] Unverified`;
+          const atk = f.attackPattern ? ` | ATT&CK: ${f.attackPattern}` : "";
+          findingLines.push(`[${i + 1}] [${f.severity.toUpperCase()}] ${f.title}`);
+          findingLines.push(`    ${verified}${atk}`);
+          if (f.affected.length > 0) {
+            findingLines.push(`    Affected: ${f.affected.join(", ")}`);
+          }
+          if (f.description) {
+            findingLines.push(`    ${f.description}`);
+          }
+          if (f.evidence.length > 0) {
+            findingLines.push(`    Evidence:`);
+            f.evidence.slice(0, 3).forEach((e) => {
+              const preview = e.length > 120 ? e.slice(0, 120) + "..." : e;
+              findingLines.push(`      \u25B8 ${preview}`);
+            });
+            if (f.evidence.length > 3) findingLines.push(`      ... +${f.evidence.length - 3} more`);
+          }
+          findingLines.push("");
+        });
+        addMessage("system", findingLines.join("\n"));
         break;
       case UI_COMMANDS.ASSETS:
       case UI_COMMANDS.ASSETS_SHORT:
@@ -12348,7 +12601,7 @@ ${procData.stdout || "(no output)"}
         break;
       case UI_COMMANDS.CTF:
         const ctfEnabled = agent.toggleCtfMode();
-        addMessage("system", ctfEnabled ? "\u{1F3F4} CTF mode ON \u2014 flag detection active, CTF prompts loaded" : "\u{1F512} CTF mode OFF \u2014 standard pentest mode");
+        addMessage("system", ctfEnabled ? "[CTF] Mode ON - flag detection active" : "[CTF] Mode OFF - standard pentest");
         break;
       case UI_COMMANDS.GRAPH:
       case UI_COMMANDS.GRAPH_SHORT:
@@ -12389,17 +12642,17 @@ ${procData.stdout || "(no output)"}
   }, [addMessage, executeTask, handleCommand]);
   const handleSecretSubmit = useCallback4((value) => {
     const ir = inputRequestRef.current;
-    if (!ir.isActive || !ir.resolve) return;
+    if (ir.status !== "active") return;
     const displayText = ir.isPassword ? "\u2022".repeat(value.length) : value;
     const promptLabel = ir.prompt || "Input";
     addMessage("system", `\u21B3 ${promptLabel} ${displayText}`);
     ir.resolve(value);
-    setInputRequest({ isActive: false, prompt: "", isPassword: false, resolve: null });
+    setInputRequest({ status: "inactive" });
     setSecretInput("");
   }, [addMessage, setInputRequest]);
   useInput2(useCallback4((ch, key) => {
     if (key.escape) {
-      if (inputRequestRef.current.isActive) cancelInputRequest();
+      if (inputRequestRef.current.status === "active") cancelInputRequest();
       else if (isProcessingRef.current) abort();
     }
     if (key.ctrl && ch === "c") handleExit();
@@ -12486,9 +12739,9 @@ program.command("interactive", { isDefault: true }).alias("i").description("Star
   const opts = program.opts();
   const skipPermissions = opts.dangerouslySkipPermissions || false;
   console.clear();
-  console.log(gradient([...THEME.gradient.cyber]).multiline(ASCII_BANNER));
+  console.log(chalk.hex(THEME.primary)(ASCII_BANNER));
   console.log(
-    "   " + chalk.hex(THEME.text.secondary)(`v${APP_VERSION}`) + chalk.hex(THEME.text.muted)(" \u2502 ") + chalk.hex(THEME.accent.blue)("Type /help for commands") + "\n"
+    "   " + chalk.hex(THEME.text.secondary)(`v${APP_VERSION}`) + chalk.hex(THEME.text.muted)(" \u2502 ") + chalk.hex(THEME.primary)("Type /help for commands") + "\n"
   );
   if (skipPermissions) {
     console.log(chalk.hex(THEME.status.error)("[!] WARNING: Running with --dangerously-skip-permissions"));
@@ -12508,11 +12761,11 @@ program.command("interactive", { isDefault: true }).alias("i").description("Star
 program.command("run <objective>").alias("r").description("Run a single objective and exit").option("-o, --output <file>", "Output file for results").option("--max-steps <n>", "Maximum number of steps", String(CLI_DEFAULT.MAX_STEPS)).action(async (objective, options) => {
   const opts = program.opts();
   const skipPermissions = opts.dangerouslySkipPermissions || false;
-  console.log(gradient([...THEME.gradient.cyber]).multiline(ASCII_BANNER));
+  console.log(chalk.hex(THEME.primary)(ASCII_BANNER));
   if (skipPermissions) {
     console.log(chalk.hex(THEME.status.error)("[!] WARNING: Running with --dangerously-skip-permissions\n"));
   }
-  console.log(chalk.hex(THEME.accent.blue)(`[target] Objective: ${objective}
+  console.log(chalk.hex(THEME.primary)(`[target] Objective: ${objective}
 `));
   const agent = AgentFactory.createMainAgent(skipPermissions);
   if (skipPermissions) {
@@ -12534,7 +12787,7 @@ program.command("run <objective>").alias("r").description("Run a single objectiv
     if (options.output) {
       const fs = await import("fs/promises");
       await fs.writeFile(options.output, JSON.stringify({ result: result2 }, null, 2));
-      console.log(chalk.hex(THEME.accent.blue)(`
+      console.log(chalk.hex(THEME.primary)(`
 [+] Report saved to: ${options.output}`));
     }
     await shutdown(0);
@@ -12548,8 +12801,8 @@ program.command("run <objective>").alias("r").description("Run a single objectiv
 program.command("scan <target>").description("Quick scan a target").option("-s, --scan-type <type>", `Scan type (${CLI_SCAN_TYPES.join("|")})`, CLI_DEFAULT.SCAN_TYPE).option("-p, --ports <ports>", "Specific ports to scan").action(async (target, options) => {
   const opts = program.opts();
   const skipPermissions = opts.dangerouslySkipPermissions || false;
-  console.log(gradient([...THEME.gradient.cyber]).multiline(ASCII_BANNER));
-  console.log(chalk.hex(THEME.accent.blue)(`
+  console.log(chalk.hex(THEME.primary)(ASCII_BANNER));
+  console.log(chalk.hex(THEME.primary)(`
 [scan] Target: ${target} (${options.scanType})
 `));
   const agent = AgentFactory.createMainAgent(skipPermissions);
@@ -12571,11 +12824,11 @@ program.command("scan <target>").description("Quick scan a target").option("-s,
   }
 });
 program.command("help-extended").description("Show extended help with examples").action(() => {
-  console.log(gradient([...THEME.gradient.cyber]).multiline(ASCII_BANNER));
+  console.log(chalk.hex(THEME.primary)(ASCII_BANNER));
   console.log(`
-${chalk.hex(THEME.accent.blue)(APP_NAME + " - Autonomous Penetration Testing AI")}
+${chalk.hex(THEME.primary)(APP_NAME + " - Autonomous Penetration Testing AI")}
 
-${chalk.hex(THEME.status.warning)("Usage:")}
+  ${chalk.hex(THEME.status.warning)("Usage:")}
 
   ${chalk.hex(THEME.status.success)("$ pentesting")}                                   Start interactive mode
   ${chalk.hex(THEME.status.success)("$ pentesting -t 192.168.1.1")}                     Start with target
@@ -12583,24 +12836,24 @@ ${chalk.hex(THEME.status.warning)("Usage:")}
 
 ${chalk.hex(THEME.status.warning)("Commands:")}
 
-  ${chalk.hex(THEME.accent.blue)("pentesting")}                       Interactive TUI mode
-  ${chalk.hex(THEME.accent.blue)("pentesting run <objective>")}       Run single objective
-  ${chalk.hex(THEME.accent.blue)("pentesting scan <target>")}         Quick scan target
+  ${chalk.hex(THEME.primary)("pentesting")}                       Interactive TUI mode
+  ${chalk.hex(THEME.primary)("pentesting run <objective>")}       Run single objective
+  ${chalk.hex(THEME.primary)("pentesting scan <target>")}         Quick scan target
 
 ${chalk.hex(THEME.status.warning)("Options:")}
 
-  ${chalk.hex(THEME.accent.blue)("--dangerously-skip-permissions")}    Skip all permission prompts
-  ${chalk.hex(THEME.accent.blue)("-t, --target <ip>")}                 Set target
-  ${chalk.hex(THEME.accent.blue)("-o, --output <file>")}               Save results to file
+  ${chalk.hex(THEME.primary)("--dangerously-skip-permissions")}    Skip all permission prompts
+  ${chalk.hex(THEME.primary)("-t, --target <ip>")}                 Set target
+  ${chalk.hex(THEME.primary)("-o, --output <file>")}               Save results to file
 
 ${chalk.hex(THEME.status.warning)("Interactive Commands:")}
 
-  ${chalk.hex(THEME.accent.blue)("/target <ip>")}     Set target
-  ${chalk.hex(THEME.accent.blue)("/start")}           Start autonomous mode
-  ${chalk.hex(THEME.accent.blue)("/config")}          Manage configuration
-  ${chalk.hex(THEME.accent.blue)("/hint <text>")}     Provide hint
-  ${chalk.hex(THEME.accent.blue)("/findings")}        Show findings
-  ${chalk.hex(THEME.accent.blue)("/reset")}           Reset session
+  ${chalk.hex(THEME.primary)("/target <ip>")}     Set target
+  ${chalk.hex(THEME.primary)("/start")}           Start autonomous mode
+  ${chalk.hex(THEME.primary)("/config")}          Manage configuration
+  ${chalk.hex(THEME.primary)("/hint <text>")}     Provide hint
+  ${chalk.hex(THEME.primary)("/findings")}        Show findings
+  ${chalk.hex(THEME.primary)("/reset")}           Reset session
 
 ${chalk.hex(THEME.status.warning)("Examples:")}
 
@@ -12615,9 +12868,9 @@ ${chalk.hex(THEME.status.warning)("Examples:")}
 
 ${chalk.hex(THEME.status.warning)("Environment:")}
 
-  ${chalk.hex(THEME.accent.blue)("PENTEST_API_KEY")}      Required - LLM API key
-  ${chalk.hex(THEME.accent.blue)("PENTEST_BASE_URL")}     Optional - AI API base URL
-  ${chalk.hex(THEME.accent.blue)("PENTEST_MODEL")}        Optional - Model override
+  ${chalk.hex(THEME.primary)("PENTEST_API_KEY")}      Required - LLM API key
+  ${chalk.hex(THEME.primary)("PENTEST_BASE_URL")}     Optional - AI API base URL
+  ${chalk.hex(THEME.primary)("PENTEST_MODEL")}        Optional - Model override
 `);
 });
 program.parse();