pentesting 0.44.1 → 0.45.0

package/dist/main.js

@@ -12,11 +12,11 @@ import { Command } from "commander";
 import chalk from "chalk";
 
 // src/platform/tui/app.tsx
-import { useState as useState4, useCallback as useCallback4, useEffect as useEffect4, useRef as useRef4 } from "react";
+import { useState as useState5, useCallback as useCallback4, useEffect as useEffect4, useRef as useRef5 } from "react";
 import { Box as Box6, useInput as useInput2, useApp } from "ink";
 
 // src/platform/tui/hooks/useAgent.ts
-import { useState as useState2, useEffect as useEffect2, useCallback as useCallback2, useRef as useRef2 } from "react";
+import { useState as useState2, useEffect as useEffect2, useCallback as useCallback2, useRef as useRef3 } from "react";
 
 // src/shared/constants/timing.ts
 var TOOL_TIMEOUTS = {
@@ -311,7 +311,7 @@ var ORPHAN_PROCESS_NAMES = [
 
 // src/shared/constants/agent.ts
 var APP_NAME = "Pentest AI";
-var APP_VERSION = "0.44.1";
+var APP_VERSION = "0.45.0";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -676,6 +676,7 @@ var EVENT_TYPES = {
   REASONING_START: "reasoning_start",
   REASONING_DELTA: "reasoning_delta",
   REASONING_END: "reasoning_end",
+  AI_RESPONSE: "ai_response",
   TOOL_CALL: "tool_call",
   TOOL_RESULT: "tool_result",
   ERROR: "error",
@@ -3903,6 +3904,21 @@ var NOISE_CLASSIFICATION = {
     "gobuster",
     "dirsearch",
     "feroxbuster"
+  ],
+  LOW_VISIBILITY: [
+    // State management — pure bookkeeping, zero operator value
+    "update_mission",
+    "get_state",
+    "update_phase",
+    "update_todo",
+    "add_target",
+    "add_finding",
+    "add_loot",
+    "set_scope",
+    // Resource health checks — noisy periodic calls
+    "bg_status",
+    "bg_cleanup",
+    "health_check"
   ]
 };
 
@@ -5138,7 +5154,9 @@ var ENV_KEYS = {
   BASE_URL: "PENTEST_BASE_URL",
   MODEL: "PENTEST_MODEL",
   SEARCH_API_KEY: "SEARCH_API_KEY",
-  SEARCH_API_URL: "SEARCH_API_URL"
+  SEARCH_API_URL: "SEARCH_API_URL",
+  THINKING: "PENTEST_THINKING",
+  THINKING_BUDGET: "PENTEST_THINKING_BUDGET"
 };
 var DEFAULT_SEARCH_API_URL = "https://api.search.brave.com/res/v1/web/search";
 function getApiKey() {
@@ -5156,6 +5174,13 @@ function getSearchApiKey() {
 function getSearchApiUrl() {
   return process.env[ENV_KEYS.SEARCH_API_URL] || DEFAULT_SEARCH_API_URL;
 }
+function isThinkingEnabled() {
+  return process.env[ENV_KEYS.THINKING] === "true";
+}
+function getThinkingBudget() {
+  const val = parseInt(process.env[ENV_KEYS.THINKING_BUDGET] || "", 10);
+  return isNaN(val) ? 8e3 : Math.max(1024, val);
+}
 function isBrowserHeadless() {
   return true;
 }
@@ -8818,6 +8843,8 @@ var LLM_BLOCK_TYPE = {
 var LLM_DELTA_TYPE = {
   TEXT_DELTA: "text_delta",
   THINKING_DELTA: "thinking_delta",
+  REASONING_DELTA: "reasoning_delta",
+  // Used by some providers (GLM, DeepSeek)
   INPUT_JSON_DELTA: "input_json_delta"
 };
 
@@ -8967,6 +8994,8 @@ var LLMClient = class {
       headers: {
         [LLM_HEADER.CONTENT_TYPE]: LLM_CONTENT_TYPE.JSON,
         [LLM_HEADER.API_KEY]: this.apiKey,
+        // Also send as Bearer for OpenAI-compat proxies (z.ai, GLM, etc.)
+        [LLM_HEADER.AUTHORIZATION]: `${LLM_HEADER.BEARER_PREFIX} ${this.apiKey}`,
         [LLM_HEADER.ANTHROPIC_VERSION]: LLM_API.VERSION
       },
       body: JSON.stringify(body),
@@ -8981,14 +9010,16 @@ var LLMClient = class {
     return response;
   }
   async executeNonStream(messages, tools, systemPrompt) {
+    const thinking = isThinkingEnabled() ? { type: "enabled", budget_tokens: getThinkingBudget() } : void 0;
     const requestBody = {
       model: this.model,
       max_tokens: LLM_LIMITS.nonStreamMaxTokens,
       system: systemPrompt,
       messages: this.convertMessages(messages),
-      tools
+      tools,
+      ...thinking && { thinking }
     };
-    debugLog("llm", "Non-stream request", { model: this.model, toolCount: tools?.length });
+    debugLog("llm", "Non-stream request", { model: this.model, toolCount: tools?.length, thinking: !!thinking });
     const response = await this.makeRequest(requestBody);
     const data = await response.json();
     const textBlock = data.content.find((b) => b.type === "text");
@@ -9004,15 +9035,17 @@ var LLMClient = class {
   async executeStream(messages, tools, systemPrompt, callbacks) {
     this.requestCount++;
     const requestId = this.requestCount;
+    const thinking = isThinkingEnabled() ? { type: "enabled", budget_tokens: getThinkingBudget() } : void 0;
     const requestBody = {
       model: this.model,
       max_tokens: LLM_LIMITS.streamMaxTokens,
       system: systemPrompt,
       messages: this.convertMessages(messages),
       tools,
-      stream: true
+      stream: true,
+      ...thinking && { thinking }
     };
-    debugLog("llm", `[${requestId}] Stream request START`, { model: this.model, toolCount: tools?.length, toolNames: tools?.map((t) => t.name) });
+    debugLog("llm", `[${requestId}] Stream request START`, { model: this.model, toolCount: tools?.length, toolNames: tools?.map((t) => t.name), thinking: !!thinking });
     const response = await this.makeRequest(requestBody, callbacks?.abortSignal);
     let fullContent = "";
     let fullReasoning = "";
@@ -9020,6 +9053,7 @@ var LLMClient = class {
     let usage = { input_tokens: 0, output_tokens: 0 };
     let totalChars = 0;
     let wasAborted = false;
+    const currentBlockRef = { value: null };
     const reader = response.body?.getReader();
     if (!reader) throw new Error("Response body is not readable");
     const decoder = new TextDecoder();
@@ -9070,7 +9104,8 @@ var LLMClient = class {
                 onUsage: (u) => {
                   usage = u;
                 },
-                getTotalChars: () => totalChars
+                getTotalChars: () => totalChars,
+                currentBlockRef
               });
             } catch {
             }
@@ -9100,28 +9135,53 @@ var LLMClient = class {
       toolCalls.push({ id: toolCall.id, name: toolCall.name, input: toolCall.input });
     }
     debugLog("llm", `[${requestId}] FINAL toolCalls`, { count: toolCalls.length, tools: toolCalls.map((t) => ({ id: t.id, name: t.name, input: t.input })) });
+    const stripped = this.stripThinkTags(fullContent, fullReasoning);
     return {
-      content: fullContent,
+      content: stripped.cleanText,
       toolCalls: toolCalls.length > 0 ? toolCalls : void 0,
       rawResponse: null,
-      reasoning: fullReasoning || void 0,
+      reasoning: stripped.extractedReasoning || void 0,
       usage: usage.input_tokens > 0 || usage.output_tokens > 0 ? usage : void 0,
       error: wasAborted ? { type: LLM_ERROR_TYPES.UNKNOWN, message: "Stream aborted", isRetryable: false } : void 0
     };
   }
+  /**
+   * Strip inline <think>...</think> XML reasoning tags from LLM text output.
+   *
+   * WHY: Some providers (GLM, DeepSeek, Qwen) output reasoning inline
+   * in text deltas as <think>content</think> instead of separate SSE blocks.
+   * Without stripping, raw tags like "</think>" appear literally in TUI output.
+   *
+   * @param text - Raw text content potentially containing think tags
+   * @param existingReasoning - Accumulated reasoning from SSE reasoning blocks
+   * @returns cleanText (tags removed) and extractedReasoning (tag content appended)
+   */
+  stripThinkTags(text, existingReasoning) {
+    let cleanText = text;
+    let extractedReasoning = existingReasoning;
+    cleanText = cleanText.replace(/<think>([\s\S]*?)<\/think>/gi, (_match, inner) => {
+      extractedReasoning += inner;
+      return "";
+    });
+    cleanText = cleanText.replace(/<\/?think>/gi, "");
+    return { cleanText, extractedReasoning };
+  }
   processStreamEvent(event, requestId, context) {
-    const { toolCallsMap, callbacks, onTextStart, onReasoningStart, onTextEnd, onReasoningEnd, onContent, onReasoning, onUsage, getTotalChars } = context;
+    const { toolCallsMap, callbacks, onTextStart, onReasoningStart, onTextEnd, onReasoningEnd, onContent, onReasoning, onUsage, getTotalChars, currentBlockRef } = context;
     switch (event.type) {
       case LLM_SSE_EVENT.CONTENT_BLOCK_START:
         if (event.content_block) {
           const blockType = event.content_block.type;
           if (blockType === LLM_BLOCK_TYPE.TEXT) {
+            currentBlockRef.value = "text";
             onTextStart();
             callbacks?.onOutputStart?.();
           } else if (blockType === LLM_BLOCK_TYPE.THINKING || blockType === LLM_BLOCK_TYPE.REASONING) {
+            currentBlockRef.value = "reasoning";
             onReasoningStart();
             callbacks?.onReasoningStart?.();
           } else if (blockType === LLM_BLOCK_TYPE.TOOL_USE) {
+            currentBlockRef.value = "tool_use";
             toolCallsMap.set(event.content_block.id || "", {
               id: event.content_block.id || "",
               name: event.content_block.name || "",
@@ -9137,9 +9197,13 @@ var LLMClient = class {
           if (event.delta.type === LLM_DELTA_TYPE.TEXT_DELTA && event.delta.text) {
             onContent(event.delta.text);
             callbacks?.onOutputDelta?.(event.delta.text);
-          } else if (event.delta.type === LLM_DELTA_TYPE.THINKING_DELTA && event.delta.thinking) {
-            onReasoning(event.delta.thinking);
-            callbacks?.onReasoningDelta?.(event.delta.thinking);
+          } else if (
+            // Anthropic: thinking_delta / GLM-DeepSeek: reasoning_delta
+            event.delta.type === LLM_DELTA_TYPE.THINKING_DELTA && event.delta.thinking || event.delta.type === LLM_DELTA_TYPE.REASONING_DELTA && event.delta.reasoning
+          ) {
+            const chunk = event.delta.thinking || event.delta.reasoning || "";
+            onReasoning(chunk);
+            callbacks?.onReasoningDelta?.(chunk);
           } else if (event.delta.type === LLM_DELTA_TYPE.INPUT_JSON_DELTA && event.delta.partial_json) {
             const index = event.index;
             if (index !== void 0) {
@@ -9156,12 +9220,18 @@ var LLMClient = class {
           callbacks?.onUsageUpdate?.({ input_tokens: 0, output_tokens: estimatedOutput });
         }
         break;
-      case LLM_SSE_EVENT.CONTENT_BLOCK_STOP:
-        callbacks?.onReasoningEnd?.();
-        callbacks?.onOutputEnd?.();
-        onTextEnd();
-        onReasoningEnd();
+      case LLM_SSE_EVENT.CONTENT_BLOCK_STOP: {
+        const stoppedType = currentBlockRef.value;
+        currentBlockRef.value = null;
+        if (stoppedType === "text") {
+          onTextEnd();
+          callbacks?.onOutputEnd?.();
+        } else if (stoppedType === "reasoning") {
+          onReasoningEnd();
+          callbacks?.onReasoningEnd?.();
+        }
         break;
+      }
       case LLM_SSE_EVENT.MESSAGE_START:
         if (event.message?.usage) {
           onUsage({ input_tokens: event.message.usage.input_tokens || 0, output_tokens: event.message.usage.output_tokens || 0 });
@@ -10130,7 +10200,7 @@ Please decide how to handle this error and continue.`;
   async step(iteration, messages, systemPrompt, progress) {
     const phase = this.state.getPhase();
     const stepStartTime = Date.now();
-    this.emitThink(iteration);
+    this.emitThink(iteration, progress);
     const callbacks = this.buildStreamCallbacks(phase);
     const response = await this.llm.generateResponseStream(
       messages,
@@ -10138,12 +10208,24 @@ Please decide how to handle this error and continue.`;
       systemPrompt,
       callbacks
     );
+    if (response.reasoning && !callbacks.hadReasoningEnd()) {
+      this.emitReasoningStart(phase);
+      this.emitReasoningDelta(response.reasoning, phase);
+      this.emitReasoningEnd(phase);
+    }
+    if (response.content?.trim()) {
+      this.events.emit({
+        type: EVENT_TYPES.AI_RESPONSE,
+        timestamp: Date.now(),
+        data: { content: response.content.trim(), phase }
+      });
+    }
     messages.push({ role: LLM_ROLES.ASSISTANT, content: response.content });
     const stepDuration = Date.now() - stepStartTime;
     const tokens = response.usage ? { input: response.usage.input_tokens, output: response.usage.output_tokens } : void 0;
     if (!response.toolCalls?.length) {
-      const hasDonemeaningfulWork = (progress?.totalToolsExecuted ?? 0) > 0;
-      if (hasDonemeaningfulWork) {
+      const hasDoneMeaningfulWork = (progress?.totalToolsExecuted ?? 0) > 0;
+      if (hasDoneMeaningfulWork) {
         this.emitComplete(response.content, iteration, 0, stepDuration, tokens);
         return { output: response.content, toolsExecuted: 0, isCompleted: true };
       }
@@ -10157,11 +10239,26 @@ Please decide how to handle this error and continue.`;
   // SUBSECTION: Callback Builder
   // ─────────────────────────────────────────────────────────────────
   buildStreamCallbacks(phase) {
-    return {
+    let _reasoningEndFired = false;
+    let _outputBuffer = "";
+    const callbacks = {
       onReasoningStart: () => this.emitReasoningStart(phase),
       onReasoningDelta: (content) => this.emitReasoningDelta(content, phase),
-      onReasoningEnd: () => this.emitReasoningEnd(phase),
-      onOutputDelta: () => {
+      onReasoningEnd: () => {
+        _reasoningEndFired = true;
+        this.emitReasoningEnd(phase);
+      },
+      // WHY: Show AI text as it streams, not after completion.
+      // The user sees what the AI is writing in real-time via the status bar.
+      onOutputDelta: (text) => {
+        _outputBuffer += text;
+        const firstLine = _outputBuffer.split("\n")[0]?.slice(0, 120) || "";
+        this.events.emit({
+          type: EVENT_TYPES.THINK,
+          timestamp: Date.now(),
+          data: { thought: `Writing\u2026 ${_outputBuffer.length} chars
+${firstLine}`, phase }
+        });
       },
       onRetry: (attempt, maxRetries, delayMs, error) => {
         this.events.emit({
@@ -10177,19 +10274,40 @@ Please decide how to handle this error and continue.`;
           data: { inputTokens: usage.input_tokens, outputTokens: usage.output_tokens }
         });
       },
-      abortSignal: this.abortController?.signal
+      abortSignal: this.abortController?.signal,
+      // WHY: Used by step() to detect if SSE reasoning blocks fired.
+      // If not, we know it was an inline <think> model and must emit post-stream.
+      hadReasoningEnd: () => _reasoningEndFired
     };
+    return callbacks;
   }
   // ─────────────────────────────────────────────────────────────────
   // SUBSECTION: Event Emitters
   // ─────────────────════════════════════════════════════════════
-  emitThink(iteration) {
+  emitThink(iteration, progress) {
+    const phase = this.state.getPhase();
+    const targets = this.state.getTargets().size;
+    const findings = this.state.getFindings().length;
+    const toolsUsed = progress?.totalToolsExecuted ?? 0;
+    const hasErrors = (progress?.toolErrors ?? 0) > 0;
+    let thought;
+    if (iteration === 0) {
+      thought = targets > 0 ? `Analyzing ${targets} target${targets > 1 ? "s" : ""} \xB7 Planning ${phase} approach` : `Reviewing task \xB7 Building ${phase} strategy`;
+    } else if (toolsUsed === 0) {
+      thought = `Iteration ${iteration + 1} \xB7 No actions yet \xB7 Reconsidering approach`;
+    } else if (hasErrors) {
+      thought = `Iteration ${iteration + 1} \xB7 [${phase}] ${toolsUsed} tools \xB7 ${progress?.toolErrors} error${(progress?.toolErrors ?? 0) > 1 ? "s" : ""} \xB7 Adapting strategy`;
+    } else if (findings > 0) {
+      thought = `Iteration ${iteration + 1} \xB7 [${phase}] ${findings} finding${findings > 1 ? "s" : ""} \xB7 ${toolsUsed} tools \xB7 Continuing`;
+    } else {
+      thought = `Iteration ${iteration + 1} \xB7 [${phase}] ${toolsUsed} tool${toolsUsed !== 1 ? "s" : ""} executed \xB7 Evaluating results`;
+    }
     this.events.emit({
       type: EVENT_TYPES.THINK,
       timestamp: Date.now(),
       data: {
-        thought: `${this.agentType} agent iteration ${iteration + 1}: Decision making`,
-        phase: this.state.getPhase()
+        thought,
+        phase
       }
     });
   }
@@ -11461,63 +11579,56 @@ import { useState, useRef, useCallback } from "react";
 
 // src/shared/constants/theme.ts
 var HEX = {
-  primary: "#FF968A",
-  pink: "#FFAEAE",
-  peach: "#FFC5BF"
+  primary: "#2496ED",
+  // Docker blue
+  cyan: "#58C4F0",
+  // bright sky blue
+  teal: "#4EC9B0",
+  // mint-teal (success states)
+  yellow: "#E0AF68",
+  // warm amber (warning)
+  gray: "#C8C8C8",
+  // secondary text
+  white: "#FFFFFF",
+  red: "#F7768E"
+  // pastel red (error)
 };
 var COLORS = {
-  // Primary accent - coral/salmon (ANSI 210 is light coral)
-  primary: "ansi256(210)",
-  // Pastel pink (ANSI 217 is light pink)
-  pink: "ansi256(217)",
-  // Pastel peach (ANSI 216 is light salmon)
-  peach: "ansi256(216)",
-  // Warning yellow (ANSI 222 is light goldenrod)
-  yellow: "ansi256(222)",
-  // Orange (ANSI 215)
-  orange: "ansi256(215)",
-  // Bright white for main text
+  primary: "ansi256(33)",
+  // Docker blue (#0087ff) — closest to #2496ED
+  cyan: "ansi256(74)",
+  // bright sky blue (#5fafd7)
+  teal: "ansi256(79)",
+  // mint-teal (#5fd7af) — success states
+  yellow: "ansi256(179)",
+  // warm amber (warning)
   white: "white",
-  // Light gray for secondary text (ANSI 252 is light gray)
-  gray: "ansi256(252)",
-  // Bright red for errors
-  red: "red"
+  // main text — unchanged
+  gray: "ansi256(250)",
+  // secondary text — bright enough to read
+  dimGray: "ansi256(240)",
+  // dimmer text for sub-lines
+  red: "ansi256(204)"
+  // pastel red (error)
 };
 var THEME = {
   ...COLORS,
-  bg: {
-    primary: "#050505",
-    input: "#020617"
-  },
-  text: {
-    primary: COLORS.white,
-    // AI responses - main text
-    secondary: COLORS.gray,
-    // Secondary info
-    muted: COLORS.gray,
-    // Metadata, hints
-    accent: COLORS.gray
-    // Very subtle
-  },
   status: {
-    success: COLORS.gray,
-    // Keep it subtle
+    success: COLORS.teal,
+    // teal for success
     warning: COLORS.yellow,
-    // Pastel yellow
-    error: COLORS.red,
-    // Bright red for errors
-    running: COLORS.gray
-    // Processing indicator
+    // amber for warnings
+    error: COLORS.red
+    // red for errors
   },
   border: {
-    // ANSI 241 is a medium slate gray for borders
-    default: "ansi256(241)",
+    default: "ansi256(25)",
+    // muted Docker blue border (#005faf)
     focus: COLORS.primary,
     error: COLORS.red
   },
   gradient: {
-    // Hex colors required for gradient-string
-    cyber: [HEX.primary, HEX.pink, HEX.peach]
+    cyber: [HEX.primary, HEX.cyan, HEX.teal]
   },
   spinner: COLORS.primary
 };
@@ -11537,9 +11648,8 @@ var ICONS = {
   info: "\u2139",
   running: "\u25C9",
   thinking: "\u25D0",
-  // Actions (pentesting-specific)
+  // Actions
   target: "\u25C8",
-  // Diamond for target
   scan: "\u25CE",
   exploit: "\u2607",
   shell: "\u276F",
@@ -11557,9 +11667,7 @@ var ICONS = {
   unlock: "\u2B1A",
   key: "\u26B7",
   flag: "\u2691",
-  // Simple flag
   pwned: "\u25C8"
-  // Compromised
 };
 
 // src/platform/tui/constants/display.ts
@@ -11570,7 +11678,11 @@ var TUI_DISPLAY_LIMITS = {
   reasoningPreview: 500,
   /** Reasoning history slice for display */
   reasoningHistorySlice: 1e3,
-  /** Tool input preview length (for command display) */
+  /** Max number of output lines shown from a tool result (success) */
+  toolOutputLines: 20,
+  /** Max number of output lines shown from a tool result (error — show more) */
+  errorOutputLines: 25,
+  /** Tool output preview length (for command display) */
   toolInputPreview: 200,
   /** Tool input truncated length */
   toolInputTruncated: 197,
@@ -11601,7 +11713,11 @@ var TUI_DISPLAY_LIMITS = {
   /** Max flow nodes to display */
   maxFlowNodes: 50,
   /** Max stopped processes to show */
-  maxStoppedProcesses: 3
+  maxStoppedProcesses: 3,
+  /** Max chars for live reasoning preview in status sub-line */
+  reasoningPreviewChars: 100,
+  /** Max chars for thinking block first-line summary */
+  thinkingSummaryChars: 72
 };
 var MESSAGE_STYLES = {
   colors: {
@@ -11619,8 +11735,10 @@ var MESSAGE_STYLES = {
     // Tool commands - light gray
     result: THEME.gray,
     // Tool results - light gray
-    status: THEME.primary
-    // Status - pastel red accent
+    status: THEME.primary,
+    // Status - teal accent
+    thinking: THEME.cyan
+    // Extended reasoning — sky blue (distinct from primary)
   },
   prefixes: {
     user: "\u276F",
@@ -11630,7 +11748,9 @@ var MESSAGE_STYLES = {
     error: "\u2717",
     tool: "\u23BF",
     result: "\u21B3",
-    status: "\u25C8"
+    status: "\u25C8",
+    thinking: "\u25D0"
+    // Thinking/reasoning icon
   }
 };
 var COMMAND_DEFINITIONS = [
@@ -11753,7 +11873,7 @@ var useAgentState = () => {
 };
 
 // src/platform/tui/hooks/useAgentEvents.ts
-import { useEffect } from "react";
+import { useEffect, useRef as useRef2 } from "react";
 var useAgentEvents = (agent, eventsRef, state) => {
   const {
     addMessage,
@@ -11769,35 +11889,51 @@ var useAgentEvents = (agent, eventsRef, state) => {
     lastStepTokensRef,
     clearAllTimers
   } = state;
+  const reasoningBufferRef = useRef2("");
   useEffect(() => {
     const events = eventsRef.current;
     const onToolCall = (e) => {
-      setCurrentStatus(`Executing: ${e.data.toolName}`);
+      if (NOISE_CLASSIFICATION.LOW_VISIBILITY.includes(e.data.toolName)) return;
+      setCurrentStatus(`${e.data.toolName}\u2026`);
       const inputStr = formatToolInput(e.data.toolName, e.data.input);
-      addMessage("tool", inputStr ? `${e.data.toolName} ${inputStr}` : e.data.toolName);
+      const label = inputStr ? `${toDisplayName(e.data.toolName)}(${inputStr})` : `${toDisplayName(e.data.toolName)}`;
+      addMessage("tool", label);
     };
     const onToolResult = (e) => {
+      if (NOISE_CLASSIFICATION.LOW_VISIBILITY.includes(e.data.toolName)) {
+        return;
+      }
       const icon = e.data.success ? "\u2713" : "\u2717";
-      const content = e.data.success ? e.data.outputSummary || e.data.output || "" : e.data.error || e.data.output || "Unknown error";
-      const maxLen = e.data.success ? TUI_DISPLAY_LIMITS.toolOutputPreview : TUI_DISPLAY_LIMITS.errorPreview;
-      const preview = content.slice(0, maxLen).replace(/\n/g, " ");
-      const more = content.length > maxLen ? "..." : "";
-      addMessage("result", `${icon} ${preview}${more}`);
+      const rawContent = e.data.success ? e.data.outputSummary || e.data.output || "" : e.data.error || e.data.output || "Unknown error";
+      if (!rawContent.trim()) {
+        addMessage("result", `${icon}`);
+        return;
+      }
+      const lines = rawContent.replace(/^\s*-n\s+/gm, "").split("\n").map((l) => l.trimEnd()).filter((l, i, arr) => {
+        if (l === "" && arr[i - 1] === "") return false;
+        return true;
+      });
+      addMessage("result", `${icon} ${lines.join("\n")}`);
     };
     const onComplete = (e) => {
-      addMessage("system", `\u2713 Complete ${formatMeta(e.data.durationMs || 0, (e.data.tokens?.input || 0) + (e.data.tokens?.output || 0))}`);
+      const meta = formatMeta(e.data.durationMs || 0, (e.data.tokens?.input || 0) + (e.data.tokens?.output || 0));
+      addMessage("system", `\u2713 Done ${meta}`);
       lastResponseMetaRef.current = { durationMs: e.data.durationMs, tokens: e.data.tokens };
     };
     const onRetry = (e) => {
       handleRetry(e, addMessage, setRetryState, retryCountdownRef, retryCountRef);
     };
     const onThink = (e) => {
-      const t = e.data.thought;
-      setCurrentStatus(t.length > TUI_DISPLAY_LIMITS.statusThoughtPreview ? t.substring(0, TUI_DISPLAY_LIMITS.statusThoughtTruncated) + "..." : t);
+      setCurrentStatus(e.data.thought);
     };
     const onError = (e) => {
       addMessage("error", e.data.message || "An error occurred");
     };
+    const onAIResponse = (e) => {
+      if (e.data.content?.trim()) {
+        addMessage("ai", e.data.content.trim());
+      }
+    };
     const onUsageUpdate = (e) => {
       const stepTokens = e.data.inputTokens + e.data.outputTokens;
       if (stepTokens < lastStepTokensRef.current) {
@@ -11810,7 +11946,7 @@ var useAgentEvents = (agent, eventsRef, state) => {
       addMessage("system", `[FLAG] ${e.data.flag} (total: ${e.data.totalFlags})`);
     };
     const onPhaseChange = (e) => {
-      addMessage("system", `[Phase] ${e.data.fromPhase} -> ${e.data.toPhase} (${e.data.reason})`);
+      addMessage("system", `Phase  ${e.data.fromPhase} \u2192 ${e.data.toPhase}  (${e.data.reason})`);
       const s = agent.getState();
       setStats({
         phase: e.data.toPhase,
@@ -11819,6 +11955,25 @@ var useAgentEvents = (agent, eventsRef, state) => {
         todo: s.getTodo().length
       });
     };
+    const onReasoningStart = () => {
+      reasoningBufferRef.current = "";
+      setCurrentStatus("Thinking\u2026");
+    };
+    const onReasoningDelta = (e) => {
+      reasoningBufferRef.current += e.data.content;
+      const chars = reasoningBufferRef.current.length;
+      const firstLine = reasoningBufferRef.current.split("\n")[0]?.slice(0, TUI_DISPLAY_LIMITS.reasoningPreviewChars) || "";
+      setCurrentStatus(`Thinking\u2026 ${chars} chars
+${firstLine}`);
+    };
+    const onReasoningEnd = () => {
+      const text = reasoningBufferRef.current.trim();
+      reasoningBufferRef.current = "";
+      setCurrentStatus("");
+      if (text) {
+        addMessage("thinking", text);
+      }
+    };
     setInputHandler((p) => {
       return new Promise((resolve) => {
         const isPassword = /password|passphrase/i.test(p);
@@ -11850,9 +12005,11 @@ var useAgentEvents = (agent, eventsRef, state) => {
       });
     });
     setCommandEventEmitter((event) => {
+      if (event.type === COMMAND_EVENT_TYPES.COMMAND_START || event.type === COMMAND_EVENT_TYPES.COMMAND_SUCCESS) {
+        return;
+      }
       const icon = getCommandEventIcon(event.type);
-      const msg = event.detail ? `${icon} ${event.message}
-   ${event.detail}` : `${icon} ${event.message}`;
+      const msg = event.detail ? `${icon} ${event.message}  ${event.detail}` : `${icon} ${event.message}`;
       addMessage("system", msg);
     });
     const updateStats = () => {
@@ -11875,6 +12032,10 @@ var useAgentEvents = (agent, eventsRef, state) => {
     events.on(EVENT_TYPES.PHASE_CHANGE, onPhaseChange);
     events.on(EVENT_TYPES.STATE_CHANGE, updateStats);
     events.on(EVENT_TYPES.START, updateStats);
+    events.on(EVENT_TYPES.REASONING_START, onReasoningStart);
+    events.on(EVENT_TYPES.REASONING_DELTA, onReasoningDelta);
+    events.on(EVENT_TYPES.REASONING_END, onReasoningEnd);
+    events.on(EVENT_TYPES.AI_RESPONSE, onAIResponse);
     updateStats();
     return () => {
       events.removeAllListeners();
@@ -11900,6 +12061,16 @@ var useAgentEvents = (agent, eventsRef, state) => {
     eventsRef
   ]);
 };
+function toDisplayName(toolName) {
+  const MAP = {
+    [TOOL_NAMES.RUN_CMD]: "Bash",
+    [TOOL_NAMES.BG_PROCESS]: "Process",
+    [TOOL_NAMES.READ_FILE]: "Read",
+    [TOOL_NAMES.WRITE_FILE]: "Write",
+    [TOOL_NAMES.ASK_USER]: "Input"
+  };
+  return MAP[toolName] ?? toolName.replace(/_/g, " ").replace(/\b\w/g, (c) => c.toUpperCase());
+}
 function formatToolInput(toolName, input) {
   if (!input || Object.keys(input).length === 0) return "";
   try {
@@ -11955,24 +12126,24 @@ Options: ${request.options.join(", ")}`;
 }
 function getCommandEventIcon(eventType) {
   const icons = {
-    [COMMAND_EVENT_TYPES.TOOL_MISSING]: "[!]",
-    [COMMAND_EVENT_TYPES.TOOL_INSTALL]: "[install]",
-    [COMMAND_EVENT_TYPES.TOOL_INSTALLED]: "[ok]",
-    [COMMAND_EVENT_TYPES.TOOL_INSTALL_FAILED]: "[fail]",
-    [COMMAND_EVENT_TYPES.TOOL_RETRY]: "[retry]",
-    [COMMAND_EVENT_TYPES.COMMAND_START]: "[>]",
-    [COMMAND_EVENT_TYPES.COMMAND_SUCCESS]: "[ok]",
-    [COMMAND_EVENT_TYPES.COMMAND_FAILED]: "[x]",
-    [COMMAND_EVENT_TYPES.COMMAND_ERROR]: "[err]",
-    [COMMAND_EVENT_TYPES.INPUT_REQUIRED]: "[auth]"
+    [COMMAND_EVENT_TYPES.TOOL_MISSING]: "!",
+    [COMMAND_EVENT_TYPES.TOOL_INSTALL]: "\u2193",
+    [COMMAND_EVENT_TYPES.TOOL_INSTALLED]: "\u2713",
+    [COMMAND_EVENT_TYPES.TOOL_INSTALL_FAILED]: "\u2717",
+    [COMMAND_EVENT_TYPES.TOOL_RETRY]: "\u21BA",
+    [COMMAND_EVENT_TYPES.COMMAND_START]: "\u25B6",
+    [COMMAND_EVENT_TYPES.COMMAND_SUCCESS]: "\u2713",
+    [COMMAND_EVENT_TYPES.COMMAND_FAILED]: "\u2717",
+    [COMMAND_EVENT_TYPES.COMMAND_ERROR]: "\u26A0",
+    [COMMAND_EVENT_TYPES.INPUT_REQUIRED]: "\u{1F512}"
   };
-  return icons[eventType] || "[-]";
+  return icons[eventType] || "\u2022";
 }
 
 // src/platform/tui/hooks/useAgent.ts
 var useAgent = (shouldAutoApprove, target) => {
   const [agent] = useState2(() => AgentFactory.createMainAgent(shouldAutoApprove));
-  const eventsRef = useRef2(agent.getEventEmitter());
+  const eventsRef = useRef3(agent.getEventEmitter());
   const state = useAgentState();
   const {
     messages,
@@ -12025,7 +12196,7 @@ var useAgent = (shouldAutoApprove, target) => {
     setCurrentStatus("");
     addMessage("system", "Interrupted");
   }, [agent, addMessage, manageTimer, setIsProcessing, setCurrentStatus]);
-  const inputRequestRef = useRef2(inputRequest);
+  const inputRequestRef = useRef3(inputRequest);
   inputRequestRef.current = inputRequest;
   const cancelInputRequest = useCallback2(() => {
     const ir = inputRequestRef.current;
@@ -12244,9 +12415,76 @@ var MessageList = memo(({ messages }) => {
           }
         ) }, msg.id);
       }
-    }
-    return /* @__PURE__ */ jsx2(Box2, { children: /* @__PURE__ */ jsxs2(Text2, { color: MESSAGE_STYLES.colors[msg.type], dimColor: msg.type === "result", children: [
-      MESSAGE_STYLES.prefixes[msg.type],
+      return /* @__PURE__ */ jsx2(Box2, { children: /* @__PURE__ */ jsxs2(Text2, { color: THEME.gray, children: [
+        "\u2022 ",
+        msg.content
+      ] }) }, msg.id);
+    }
+    if (msg.type === "thinking") {
+      const lines = msg.content.split("\n");
+      const charCount = msg.content.length;
+      const firstLine = lines[0]?.slice(0, TUI_DISPLAY_LIMITS.thinkingSummaryChars) || "";
+      const isMultiLine = lines.length > 1 || charCount > TUI_DISPLAY_LIMITS.thinkingSummaryChars;
+      return /* @__PURE__ */ jsxs2(Box2, { flexDirection: "column", marginTop: 0, marginBottom: 1, children: [
+        /* @__PURE__ */ jsxs2(Box2, { children: [
+          /* @__PURE__ */ jsx2(Text2, { color: THEME.cyan, children: "\u25D0 " }),
+          /* @__PURE__ */ jsx2(Text2, { color: THEME.cyan, bold: true, children: "Thinking" }),
+          /* @__PURE__ */ jsx2(Text2, { color: THEME.gray, children: ` (${lines.length} line${lines.length !== 1 ? "s" : ""}, ${charCount} chars)` })
+        ] }),
+        lines.map((line, i) => /* @__PURE__ */ jsxs2(Box2, { children: [
+          /* @__PURE__ */ jsx2(Text2, { color: THEME.cyan, children: "\u2502 " }),
+          /* @__PURE__ */ jsx2(Text2, { color: THEME.gray, children: line })
+        ] }, i)),
+        /* @__PURE__ */ jsxs2(Box2, { children: [
+          /* @__PURE__ */ jsx2(Text2, { color: THEME.cyan, children: "\u2570\u2500" }),
+          isMultiLine && /* @__PURE__ */ jsx2(Text2, { color: THEME.gray, children: ` ${firstLine}\u2026` })
+        ] })
+      ] }, msg.id);
+    }
+    if (msg.type === "tool") {
+      return /* @__PURE__ */ jsxs2(Box2, { children: [
+        /* @__PURE__ */ jsx2(Text2, { color: THEME.gray, children: "\u23BF " }),
+        /* @__PURE__ */ jsx2(Text2, { color: THEME.primary, children: msg.content })
+      ] }, msg.id);
+    }
+    if (msg.type === "result") {
+      const isSuccess = msg.content.startsWith("\u2713");
+      const isFailure = msg.content.startsWith("\u2717");
+      const color = isSuccess ? THEME.primary : isFailure ? THEME.red : THEME.gray;
+      const lines = msg.content.split("\n");
+      const firstLine = lines[0] || "";
+      const restLines = lines.slice(1);
+      return /* @__PURE__ */ jsxs2(Box2, { flexDirection: "column", children: [
+        /* @__PURE__ */ jsxs2(Box2, { children: [
+          /* @__PURE__ */ jsx2(Text2, { color: THEME.gray, children: "\u21B3 " }),
+          /* @__PURE__ */ jsx2(Text2, { color, children: firstLine })
+        ] }),
+        restLines.map((line, i) => /* @__PURE__ */ jsx2(Box2, { paddingLeft: 2, children: /* @__PURE__ */ jsx2(Text2, { color: THEME.gray, children: line }) }, i))
+      ] }, msg.id);
+    }
+    if (msg.type === "ai" || msg.type === "assistant") {
+      return /* @__PURE__ */ jsx2(Box2, { flexDirection: "column", marginBottom: 0, children: /* @__PURE__ */ jsx2(Text2, { color: THEME.white, children: msg.content }) }, msg.id);
+    }
+    if (msg.type === "error") {
+      return /* @__PURE__ */ jsx2(Box2, { children: /* @__PURE__ */ jsxs2(Text2, { color: THEME.red, children: [
+        "\u2717 ",
+        msg.content
+      ] }) }, msg.id);
+    }
+    if (msg.type === "user") {
+      return /* @__PURE__ */ jsxs2(Box2, { children: [
+        /* @__PURE__ */ jsx2(Text2, { color: THEME.primary, children: "\u276F " }),
+        /* @__PURE__ */ jsx2(Text2, { color: THEME.white, children: msg.content })
+      ] }, msg.id);
+    }
+    if (msg.type === "system") {
+      return /* @__PURE__ */ jsx2(Box2, { children: /* @__PURE__ */ jsxs2(Text2, { color: THEME.gray, children: [
+        "\u2022 ",
+        msg.content
+      ] }) }, msg.id);
+    }
+    return /* @__PURE__ */ jsx2(Box2, { children: /* @__PURE__ */ jsxs2(Text2, { color: MESSAGE_STYLES.colors[msg.type] ?? THEME.gray, children: [
+      MESSAGE_STYLES.prefixes[msg.type] ?? "\u2022",
       " ",
       msg.content
     ] }) }, msg.id);
@@ -12287,39 +12525,48 @@ var StatusDisplay = memo3(({
     return err.length > DISPLAY_LIMITS.RETRY_ERROR_PREVIEW ? err.substring(0, DISPLAY_LIMITS.RETRY_ERROR_TRUNCATED) + "..." : err;
   };
   const meta = formatMeta(elapsedTime * 1e3, currentTokens);
+  const statusLines = currentStatus ? currentStatus.split("\n").filter(Boolean) : [];
+  const statusMain = statusLines[0] || "Processing...";
+  const statusSub = statusLines.slice(1).join(" ");
+  const isThinkingStatus = statusMain.startsWith("Thinking");
   return /* @__PURE__ */ jsxs3(Box3, { flexDirection: "column", marginTop: 0, children: [
     retryState.status === "retrying" && /* @__PURE__ */ jsxs3(Box3, { marginBottom: 1, children: [
       /* @__PURE__ */ jsx4(Text4, { color: THEME.yellow, children: /* @__PURE__ */ jsx4(MusicSpinner, { color: THEME.yellow }) }),
-      /* @__PURE__ */ jsxs3(Text4, { color: THEME.yellow, children: [
+      /* @__PURE__ */ jsxs3(Text4, { color: THEME.yellow, bold: true, children: [
         " \u27F3 Retry #",
-        retryState.attempt
+        retryState.attempt,
+        "/",
+        retryState.maxRetries
       ] }),
       /* @__PURE__ */ jsxs3(Text4, { color: THEME.gray, children: [
-        " \xB7 ",
-        truncateError(retryState.error)
-      ] }),
-      /* @__PURE__ */ jsxs3(Text4, { color: THEME.primary, bold: true, children: [
-        " \xB7 ",
+        " \u2014 ",
         retryState.countdown,
-        "s"
+        "s \xB7 ",
+        truncateError(retryState.error)
       ] })
     ] }),
-    isProcessing && retryState.status !== "retrying" && /* @__PURE__ */ jsxs3(Box3, { marginBottom: 1, children: [
-      /* @__PURE__ */ jsx4(Text4, { color: THEME.primary, children: /* @__PURE__ */ jsx4(MusicSpinner, { color: THEME.primary }) }),
-      /* @__PURE__ */ jsxs3(Text4, { color: THEME.gray, children: [
-        " ",
-        currentStatus || "Processing"
+    isProcessing && retryState.status !== "retrying" && /* @__PURE__ */ jsxs3(Box3, { flexDirection: "column", marginBottom: 1, children: [
+      /* @__PURE__ */ jsxs3(Box3, { children: [
+        /* @__PURE__ */ jsx4(Text4, { color: isThinkingStatus ? THEME.cyan : THEME.primary, children: /* @__PURE__ */ jsx4(MusicSpinner, { color: isThinkingStatus ? THEME.cyan : THEME.primary }) }),
+        /* @__PURE__ */ jsxs3(Text4, { color: isThinkingStatus ? THEME.cyan : THEME.primary, bold: true, children: [
+          " ",
+          statusMain
+        ] }),
+        /* @__PURE__ */ jsxs3(Text4, { color: THEME.gray, children: [
+          " ",
+          meta
+        ] })
       ] }),
-      /* @__PURE__ */ jsxs3(Text4, { color: THEME.gray, children: [
-        " ",
-        meta
-      ] })
+      statusSub ? /* @__PURE__ */ jsx4(Box3, { paddingLeft: 2, children: /* @__PURE__ */ jsxs3(Text4, { color: isThinkingStatus ? THEME.cyan : THEME.gray, children: [
+        "\u2502 ",
+        statusSub
+      ] }) }) : null
     ] })
   ] });
 });
 
 // src/platform/tui/components/ChatInput.tsx
-import { useMemo, useCallback as useCallback3, useRef as useRef3, memo as memo4 } from "react";
+import { useMemo, useCallback as useCallback3, useRef as useRef4, memo as memo4, useState as useState4 } from "react";
 import { Box as Box4, Text as Text5, useInput } from "ink";
 import TextInput from "ink-text-input";
 import { jsx as jsx5, jsxs as jsxs4 } from "react/jsx-runtime";
@@ -12342,24 +12589,25 @@ var ChatInput = memo4(({
     return getMatchingCommands(partialCmd).slice(0, MAX_SUGGESTIONS);
   }, [isSlashMode, partialCmd, hasArgs]);
   const showPreview = isSlashMode && !hasArgs && suggestions.length > 0;
-  const suggestionsRef = useRef3(suggestions);
+  const suggestionsRef = useRef4(suggestions);
   suggestionsRef.current = suggestions;
-  const isSlashModeRef = useRef3(isSlashMode);
+  const isSlashModeRef = useRef4(isSlashMode);
   isSlashModeRef.current = isSlashMode;
-  const hasArgsRef = useRef3(hasArgs);
+  const hasArgsRef = useRef4(hasArgs);
   hasArgsRef.current = hasArgs;
-  const inputRequestRef = useRef3(inputRequest);
+  const inputRequestRef = useRef4(inputRequest);
   inputRequestRef.current = inputRequest;
-  const onChangeRef = useRef3(onChange);
+  const onChangeRef = useRef4(onChange);
   onChangeRef.current = onChange;
+  const [inputKey, setInputKey] = useState4(0);
   useInput(useCallback3((_input, key) => {
     if (inputRequestRef.current.status === "active") return;
     if (key.tab && isSlashModeRef.current && !hasArgsRef.current && suggestionsRef.current.length > 0) {
       const best = suggestionsRef.current[0];
       const argsHint = best.args ? " " : "";
       const completed = `/${best.name}${argsHint}`;
-      onChangeRef.current("");
-      setTimeout(() => onChangeRef.current(completed), 0);
+      onChangeRef.current(completed);
+      setInputKey((k) => k + 1);
     }
   }, []));
   return /* @__PURE__ */ jsxs4(Box4, { flexDirection: "column", children: [
@@ -12425,7 +12673,8 @@ var ChatInput = memo4(({
               onChange,
               onSubmit,
               placeholder
-            }
+            },
+            inputKey
           )
         ] })
       }
@@ -12487,9 +12736,9 @@ var footer_default = Footer;
 import { jsx as jsx7, jsxs as jsxs6 } from "react/jsx-runtime";
 var App = ({ autoApprove = false, target }) => {
   const { exit } = useApp();
-  const [input, setInput] = useState4("");
-  const [secretInput, setSecretInput] = useState4("");
-  const [autoApproveMode, setAutoApproveMode] = useState4(autoApprove);
+  const [input, setInput] = useState5("");
+  const [secretInput, setSecretInput] = useState5("");
+  const [autoApproveMode, setAutoApproveMode] = useState5(autoApprove);
   const {
     agent,
     messages,
@@ -12508,11 +12757,11 @@ var App = ({ autoApprove = false, target }) => {
     addMessage,
     refreshStats
   } = useAgent(autoApproveMode, target);
-  const isProcessingRef = useRef4(isProcessing);
+  const isProcessingRef = useRef5(isProcessing);
   isProcessingRef.current = isProcessing;
-  const autoApproveModeRef = useRef4(autoApproveMode);
+  const autoApproveModeRef = useRef5(autoApproveMode);
   autoApproveModeRef.current = autoApproveMode;
-  const inputRequestRef = useRef4(inputRequest);
+  const inputRequestRef = useRef5(inputRequest);
   inputRequestRef.current = inputRequest;
   const handleExit = useCallback4(() => {
     const ir = inputRequestRef.current;
@@ -12755,6 +13004,7 @@ var CLI_SCAN_TYPES = Object.freeze([
 ]);
 
 // src/platform/tui/main.tsx
+import gradient from "gradient-string";
 import { jsx as jsx8 } from "react/jsx-runtime";
 initDebugLogger();
 var program = new Command();
@@ -12763,13 +13013,13 @@ program.command("interactive", { isDefault: true }).alias("i").description("Star
   const opts = program.opts();
   const skipPermissions = opts.dangerouslySkipPermissions || false;
   console.clear();
-  console.log(chalk.hex(THEME.primary)(ASCII_BANNER));
+  console.log(gradient([HEX.primary, HEX.cyan, HEX.teal]).multiline(ASCII_BANNER));
   console.log(
-    "   " + chalk.hex(THEME.text.secondary)(`v${APP_VERSION}`) + chalk.hex(THEME.text.muted)(" \u2502 ") + chalk.hex(THEME.primary)("Type /help for commands") + "\n"
+    "   " + chalk.hex(HEX.gray)(`v${APP_VERSION}`) + chalk.hex(HEX.gray)(" \u2502 ") + chalk.hex(HEX.primary)("Type /help for commands") + "\n"
   );
   if (skipPermissions) {
-    console.log(chalk.hex(THEME.status.error)("[!] WARNING: Running with --dangerously-skip-permissions"));
-    console.log(chalk.hex(THEME.status.error)("[!] All tool executions will be auto-approved!\n"));
+    console.log(chalk.hex(HEX.red)("[!] WARNING: Running with --dangerously-skip-permissions"));
+    console.log(chalk.hex(HEX.red)("[!] All tool executions will be auto-approved!\n"));
   }
   const { waitUntilExit } = render(
     /* @__PURE__ */ jsx8(
@@ -12785,11 +13035,11 @@ program.command("interactive", { isDefault: true }).alias("i").description("Star
 program.command("run <objective>").alias("r").description("Run a single objective and exit").option("-o, --output <file>", "Output file for results").option("--max-steps <n>", "Maximum number of steps", String(CLI_DEFAULT.MAX_STEPS)).action(async (objective, options) => {
   const opts = program.opts();
   const skipPermissions = opts.dangerouslySkipPermissions || false;
-  console.log(chalk.hex(THEME.primary)(ASCII_BANNER));
+  console.log(gradient([HEX.primary, HEX.cyan, HEX.teal]).multiline(ASCII_BANNER));
   if (skipPermissions) {
-    console.log(chalk.hex(THEME.status.error)("[!] WARNING: Running with --dangerously-skip-permissions\n"));
+    console.log(chalk.hex(HEX.red)("[!] WARNING: Running with --dangerously-skip-permissions\n"));
   }
-  console.log(chalk.hex(THEME.primary)(`[target] Objective: ${objective}
+  console.log(chalk.hex(HEX.primary)(`[target] Objective: ${objective}
 `));
   const agent = AgentFactory.createMainAgent(skipPermissions);
   if (skipPermissions) {
@@ -12806,18 +13056,18 @@ program.command("run <objective>").alias("r").description("Run a single objectiv
   process.on("SIGTERM", () => shutdown(EXIT_CODES.SIGTERM));
   try {
     const result2 = await agent.execute(objective);
-    console.log(chalk.hex(THEME.status.success)("\n[+] Assessment complete!\n"));
+    console.log(chalk.hex(HEX.gray)("\n[+] Assessment complete!\n"));
     console.log(result2);
     if (options.output) {
       const fs = await import("fs/promises");
       await fs.writeFile(options.output, JSON.stringify({ result: result2 }, null, 2));
-      console.log(chalk.hex(THEME.primary)(`
+      console.log(chalk.hex(HEX.primary)(`
 [+] Report saved to: ${options.output}`));
     }
     await shutdown(0);
   } catch (error) {
     const errorMessage = error instanceof Error ? error.message : String(error);
-    console.error(chalk.hex(THEME.status.error)(`
+    console.error(chalk.hex(HEX.red)(`
 [-] Failed: ${errorMessage}`));
     await shutdown(1);
   }
@@ -12825,8 +13075,8 @@ program.command("run <objective>").alias("r").description("Run a single objectiv
 program.command("scan <target>").description("Quick scan a target").option("-s, --scan-type <type>", `Scan type (${CLI_SCAN_TYPES.join("|")})`, CLI_DEFAULT.SCAN_TYPE).option("-p, --ports <ports>", "Specific ports to scan").action(async (target, options) => {
   const opts = program.opts();
   const skipPermissions = opts.dangerouslySkipPermissions || false;
-  console.log(chalk.hex(THEME.primary)(ASCII_BANNER));
-  console.log(chalk.hex(THEME.primary)(`
+  console.log(gradient([HEX.primary, HEX.cyan, HEX.teal]).multiline(ASCII_BANNER));
+  console.log(chalk.hex(HEX.primary)(`
 [scan] Target: ${target} (${options.scanType})
 `));
   const agent = AgentFactory.createMainAgent(skipPermissions);
@@ -12839,62 +13089,61 @@ program.command("scan <target>").description("Quick scan a target").option("-s,
   process.on("SIGTERM", () => shutdown(EXIT_CODES.SIGTERM));
   try {
     await agent.execute(`Perform a ${options.scanType} scan on ${target}${options.ports ? ` focusing on ports ${options.ports}` : ""}. Analyze the results and identify potential vulnerabilities.`);
-    console.log(chalk.hex(THEME.status.success)("[+] Scan complete!"));
+    console.log(chalk.hex(HEX.gray)("[+] Scan complete!"));
     await shutdown(0);
   } catch (error) {
     const errorMessage = error instanceof Error ? error.message : String(error);
-    console.error(chalk.hex(THEME.status.error)(`[-] Scan failed: ${errorMessage}`));
+    console.error(chalk.hex(HEX.red)(`[-] Scan failed: ${errorMessage}`));
     await shutdown(1);
   }
 });
 program.command("help-extended").description("Show extended help with examples").action(() => {
-  console.log(chalk.hex(THEME.primary)(ASCII_BANNER));
+  console.log(gradient([HEX.primary, HEX.cyan, HEX.teal]).multiline(ASCII_BANNER));
   console.log(`
-${chalk.hex(THEME.primary)(APP_NAME + " - Autonomous Penetration Testing AI")}
+${chalk.hex(HEX.primary)(APP_NAME + " - Autonomous Penetration Testing AI")}
 
-  ${chalk.hex(THEME.status.warning)("Usage:")}
+  ${chalk.hex(HEX.yellow)("Usage:")}
 
-  ${chalk.hex(THEME.status.success)("$ pentesting")}                                   Start interactive mode
-  ${chalk.hex(THEME.status.success)("$ pentesting -t 192.168.1.1")}                     Start with target
-  ${chalk.hex(THEME.status.success)("$ pentesting --dangerously-skip-permissions")}    Auto-approve all tools
+  ${chalk.hex(HEX.gray)("$ pentesting")}                                   Start interactive mode
+  ${chalk.hex(HEX.gray)("$ pentesting -t 192.168.1.1")}                     Start with target
+  ${chalk.hex(HEX.gray)("$ pentesting --dangerously-skip-permissions")}    Auto-approve all tools
 
-${chalk.hex(THEME.status.warning)("Commands:")}
+${chalk.hex(HEX.yellow)("Commands:")}
 
-  ${chalk.hex(THEME.primary)("pentesting")}                       Interactive TUI mode
-  ${chalk.hex(THEME.primary)("pentesting run <objective>")}       Run single objective
-  ${chalk.hex(THEME.primary)("pentesting scan <target>")}         Quick scan target
+  ${chalk.hex(HEX.primary)("pentesting")}                       Interactive TUI mode
+  ${chalk.hex(HEX.primary)("pentesting run <objective>")}       Run single objective
+  ${chalk.hex(HEX.primary)("pentesting scan <target>")}         Quick scan target
 
-${chalk.hex(THEME.status.warning)("Options:")}
+${chalk.hex(HEX.yellow)("Options:")}
 
-  ${chalk.hex(THEME.primary)("--dangerously-skip-permissions")}    Skip all permission prompts
-  ${chalk.hex(THEME.primary)("-t, --target <ip>")}                 Set target
-  ${chalk.hex(THEME.primary)("-o, --output <file>")}               Save results to file
+  ${chalk.hex(HEX.primary)("--dangerously-skip-permissions")}    Skip all permission prompts
+  ${chalk.hex(HEX.primary)("-t, --target <ip>")}                 Set target
+  ${chalk.hex(HEX.primary)("-o, --output <file>")}               Save results to file
 
-${chalk.hex(THEME.status.warning)("Interactive Commands:")}
+${chalk.hex(HEX.yellow)("Interactive Commands:")}
 
-  ${chalk.hex(THEME.primary)("/target <ip>")}     Set target
-  ${chalk.hex(THEME.primary)("/start")}           Start autonomous mode
-  ${chalk.hex(THEME.primary)("/config")}          Manage configuration
-  ${chalk.hex(THEME.primary)("/hint <text>")}     Provide hint
-  ${chalk.hex(THEME.primary)("/findings")}        Show findings
-  ${chalk.hex(THEME.primary)("/reset")}           Reset session
+  ${chalk.hex(HEX.primary)("/target <ip>")}     Set target
+  ${chalk.hex(HEX.primary)("/start")}           Start autonomous mode
+  ${chalk.hex(HEX.primary)("/hint <text>")}     Provide hint
+  ${chalk.hex(HEX.primary)("/findings")}        Show findings
+  ${chalk.hex(HEX.primary)("/clear")}           Reset session
 
-${chalk.hex(THEME.status.warning)("Examples:")}
+${chalk.hex(HEX.yellow)("Examples:")}
 
-  ${chalk.hex(THEME.text.muted)("# Full autonomous mode")}
+  ${chalk.hex(HEX.gray)("# Full autonomous mode")}
   $ pentesting --dangerously-skip-permissions -t 10.10.10.5
 
-  ${chalk.hex(THEME.text.muted)("# Run specific objective")}
+  ${chalk.hex(HEX.gray)("# Run specific objective")}
   $ pentesting run "Find SQL injection" -t http://target.com -o report.json
 
-  ${chalk.hex(THEME.text.muted)("# Quick vulnerability scan")}
+  ${chalk.hex(HEX.gray)("# Quick vulnerability scan")}
   $ pentesting scan 192.168.1.1 -s vuln
 
-${chalk.hex(THEME.status.warning)("Environment:")}
+${chalk.hex(HEX.yellow)("Environment:")}
 
-  ${chalk.hex(THEME.primary)("PENTEST_API_KEY")}      Required - LLM API key
-  ${chalk.hex(THEME.primary)("PENTEST_BASE_URL")}     Optional - AI API base URL
-  ${chalk.hex(THEME.primary)("PENTEST_MODEL")}        Optional - Model override
+  ${chalk.hex(HEX.primary)("PENTEST_API_KEY")}      Required - LLM API key
+  ${chalk.hex(HEX.primary)("PENTEST_BASE_URL")}     Optional - AI API base URL
+  ${chalk.hex(HEX.primary)("PENTEST_MODEL")}        Optional - Model override
 `);
 });
 program.parse();

package/dist/prompts/base.md

@@ -4,48 +4,46 @@ You are an **elite autonomous penetration testing AI** conducting authorized ope
 You think and act like a **senior offensive security researcher competing in a CTF**.
 You have direct access to all tools. **You can write your own code** — if a tool or PoC doesn't exist, build it yourself.
 
-##  FIRST TURN: ANALYZE USER INTENT
+##  FIRST TURN: ANALYZE USER INTENT (OVERRIDES ALL OTHER RULES)
 
-**Before taking any action, you MUST analyze the user's input on the FIRST turn.**
+**⚠️ ON THE FIRST TURN, THIS SECTION TAKES ABSOLUTE PRIORITY OVER EVERY OTHER RULE — including "EVERY TURN MUST PRODUCE TOOL CALLS" below.**
+
+**Before taking any action, you MUST classify the user's input:**
 
 ### Intent Classification (Check in Order)
 1. **Greeting/Small Talk** → Examples: "hi", "hello", "hey", "안녕", "what's up", "how are you"
    - **Response**: Brief friendly greeting + ask what target they want to attack
-   - **DO NOT**: Start scanning, searching, or running any commands
+   - **ZERO TOOL CALLS** — just respond with text. Do NOT call update_mission, get_state, or ANY tool.
 
 2. **Question/Help Request** → Examples: "how do I...", "what is...", "can you explain...", "help"
    - **Response**: Answer the question directly using your knowledge
-   - **DO NOT**: Start pentesting operations unless explicitly requested
+   - **ZERO TOOL CALLS** unless answering requires a data lookup
+
+3. **Hint/Additional Context** → Examples: contextual info, strategy suggestions, single words that aren't targets
+   - **Response**: Acknowledge, store mentally, ask for clarification if needed
+   - **ZERO TOOL CALLS** — hints are NOT targets
 
-3. **Unclear/Ambiguous Input** → Examples: single word that's not a target, incomplete sentences
+4. **Unclear/Ambiguous Input** → Examples: single word that's not a target, incomplete sentences
    - **Response**: Ask clarifying question: "What target would you like me to attack?"
-   - **DO NOT**: Assume it's a target and start scanning
+   - **ZERO TOOL CALLS** — do NOT assume it's a target and start scanning
 
-4. **Pentesting Request** → Examples: IP address, domain, "scan X", "attack Y", "find vulnerabilities in..."
+5. **Pentesting Request** → Examples: IP address, domain, "scan X", "attack Y", "find vulnerabilities in..."
    - **Response**: Proceed with reconnaissance and attack workflow
    - **REQUIRED**: Call tools and execute the pentesting loop
 
 ### Greeting Response Template
 ```
-👋 Hello! I'm your pentesting agent. I can help you with:
+I'm your pentesting agent, ready to help with:
 - Network reconnaissance and scanning
 - Vulnerability discovery and exploitation
 - Post-exploitation and privilege escalation
-- CTF challenges and security assessments
 
-What target would you like me to attack? (e.g., IP address, domain, or CTF challenge)
+What target would you like me to attack? (IP, domain, or CTF challenge)
 ```
 
 ##  SUBSEQUENT TURNS: EVERY TURN MUST PRODUCE TOOL CALLS
 
-**Once pentesting has started, you MUST call at least one tool on EVERY SINGLE TURN.** No exceptions.
-
--  FORBIDDEN: Outputting text without tool calls (planning, summarizing, asking)
--  FORBIDDEN: "Let me think about this..." or "I'll plan my approach..."
--  FORBIDDEN: Asking the user "Should I do X?" — **just do it**
--  REQUIRED: Think briefly in your reasoning, then IMMEDIATELY call tools
--  REQUIRED: When uncertain, `web_search` is ALWAYS a valid action
--  REQUIRED: Multiple parallel tool calls when possible (maximize throughput)
+**Once pentesting has started (target is set and attack is underway), you MUST call at least one tool on EVERY SINGLE TURN.** No exceptions.
 
 **Speed mindset: Treat every engagement like a 4-hour CTF.** Every second without a tool call is wasted time.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.44.1",
+  "version": "0.45.0",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/main.js",