pentesting 0.48.3 → 0.49.0

package/dist/main.js

@@ -13,7 +13,7 @@ import chalk from "chalk";
 
 // src/platform/tui/app.tsx
 import { useState as useState5, useCallback as useCallback4, useEffect as useEffect4, useRef as useRef5 } from "react";
-import { Box as Box6, useInput as useInput2, useApp } from "ink";
+import { Box as Box6, useInput as useInput2, useApp, useStdout } from "ink";
 
 // src/platform/tui/hooks/useAgent.ts
 import { useState as useState2, useEffect as useEffect2, useCallback as useCallback2, useRef as useRef3 } from "react";
@@ -331,7 +331,7 @@ var ORPHAN_PROCESS_NAMES = [
 
 // src/shared/constants/agent.ts
 var APP_NAME = "Pentest AI";
-var APP_VERSION = "0.48.3";
+var APP_VERSION = "0.49.0";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -2920,6 +2920,8 @@ var AttackGraph = class {
   // ─── TUI Visualization ──────────────────────────────────────
   /**
    * Generate ASCII visualization for TUI /graph command.
+   * WHY no truncation: /graph is the user's audit view — all nodes must be visible.
+   * Truncation is only for toPrompt() (LLM context budget).
    */
   toASCII() {
     if (this.nodes.size === 0) return "(Empty attack graph \u2014 no discoveries yet)";
@@ -2945,17 +2947,13 @@ var AttackGraph = class {
       [NODE_STATUS.SUCCEEDED]: "\u25CF",
       [NODE_STATUS.FAILED]: "\u2717"
     };
-    let nodeCount = 0;
+    const typeSummary = Object.entries(groups).map(([t, ns]) => `${typeIcons[t] || "\xB7"} ${ns.length}`).join("  ");
+    lines.push(`\u2502 ${typeSummary}`);
     for (const [type, nodes] of Object.entries(groups)) {
-      if (nodeCount >= GRAPH_LIMITS.ASCII_MAX_NODES) {
-        lines.push(`\u2502  ... and ${this.nodes.size - nodeCount} more nodes`);
-        break;
-      }
       const icon = typeIcons[type] || "\xB7";
       lines.push(`\u2502`);
       lines.push(`\u2502 ${icon} ${type.toUpperCase()} (${nodes.length})`);
       for (const node of nodes) {
-        if (nodeCount >= GRAPH_LIMITS.ASCII_MAX_NODES) break;
         const sIcon = statusIcons[node.status] || "?";
         const fail = node.status === NODE_STATUS.FAILED && node.failReason ? ` \u2014 ${node.failReason}` : "";
         let detail = "";
@@ -2982,7 +2980,6 @@ var AttackGraph = class {
           return `${eName}${eStatus}`;
         }).join(", ")}` : "";
         lines.push(`\u2502   ${sIcon} ${node.label}${detail}${fail}${edgeStr}`);
-        nodeCount++;
       }
     }
     const succeededNodes = Array.from(this.nodes.values()).filter((n) => n.status === NODE_STATUS.SUCCEEDED);
@@ -3816,19 +3813,27 @@ var AgentEventEmitter = class {
     }
   }
   /**
-   * Emit an event
+   * Emit an event.
+   * WHY try-catch: Listeners must NEVER crash the emitter.
+   * If a TUI listener throws (e.g., setState after unmount), the agent loop must survive.
    */
   emit(event) {
     const listeners = this.listeners.get(event.type);
     if (listeners) {
       for (const listener of listeners) {
-        listener(event);
+        try {
+          listener(event);
+        } catch {
+        }
       }
     }
     const anyListeners = this.listeners.get("*");
     if (anyListeners) {
       for (const listener of anyListeners) {
-        listener(event);
+        try {
+          listener(event);
+        } catch {
+        }
       }
     }
   }
@@ -10120,10 +10125,6 @@ function parseAnalystMemo(response) {
 }
 function formatAnalystDigest(digest, filePath, originalChars) {
   return [
-    "\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557",
-    "\u2551  ANALYST DIGEST (Independent LLM analysis)              \u2551",
-    "\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D",
-    "",
     digest,
     "",
     `\u{1F4C2} Full output saved: ${filePath} (${originalChars} chars)`,
@@ -12571,8 +12572,14 @@ var useAgentState = () => {
     }
   }, []);
   const clearAllTimers = useCallback(() => {
-    if (timerRef.current) clearInterval(timerRef.current);
-    if (retryCountdownRef.current) clearInterval(retryCountdownRef.current);
+    if (timerRef.current) {
+      clearInterval(timerRef.current);
+      timerRef.current = null;
+    }
+    if (retryCountdownRef.current) {
+      clearInterval(retryCountdownRef.current);
+      retryCountdownRef.current = null;
+    }
   }, []);
   return {
     // State
@@ -12838,7 +12845,10 @@ function handleRetry(e, addMessage, setRetryState, retryCountdownRef, retryCount
     remaining -= 1;
     if (remaining <= 0) {
       setRetryState({ status: "idle" });
-      if (retryCountdownRef.current) clearInterval(retryCountdownRef.current);
+      if (retryCountdownRef.current) {
+        clearInterval(retryCountdownRef.current);
+        retryCountdownRef.current = null;
+      }
     } else {
       setRetryState((prev) => prev.status === "retrying" ? { ...prev, countdown: remaining } : prev);
     }
@@ -12906,25 +12916,33 @@ var useAgent = (shouldAutoApprove, target) => {
     }
   }, [agent, target]);
   useAgentEvents(agent, eventsRef, state);
+  const abortedRef = useRef3(false);
   const executeTask = useCallback2(async (task) => {
+    abortedRef.current = false;
     setIsProcessing(true);
     manageTimer("start");
     setCurrentStatus("Thinking");
     resetCumulativeCounters();
     try {
       const response = await agent.execute(task);
+      if (abortedRef.current) return;
       const meta = lastResponseMetaRef.current;
       const suffix = meta ? ` ${formatMeta(meta.durationMs || 0, (meta.tokens?.input || 0) + (meta.tokens?.output || 0))}` : "";
       addMessage("ai", response + suffix);
     } catch (e) {
-      addMessage("error", e instanceof Error ? e.message : String(e));
+      if (!abortedRef.current) {
+        addMessage("error", e instanceof Error ? e.message : String(e));
+      }
     } finally {
-      manageTimer("stop");
-      setIsProcessing(false);
-      setCurrentStatus("");
+      if (!abortedRef.current) {
+        manageTimer("stop");
+        setIsProcessing(false);
+        setCurrentStatus("");
+      }
     }
   }, [agent, addMessage, manageTimer, resetCumulativeCounters, setIsProcessing, lastResponseMetaRef, setCurrentStatus]);
   const abort = useCallback2(() => {
+    abortedRef.current = true;
     agent.abort();
     setIsProcessing(false);
     manageTimer("stop");
@@ -13353,6 +13371,7 @@ var ChatInput = memo4(({
         paddingX: showPreview ? 1 : 0,
         marginBottom: 0,
         height: showPreview ? void 0 : 0,
+        overflowX: "hidden",
         children: showPreview && suggestions.map((cmd, i) => {
           const isFirst = i === 0;
           const nameColor = isFirst ? THEME.white : THEME.gray;
@@ -13380,6 +13399,7 @@ var ChatInput = memo4(({
         borderStyle: "single",
         borderColor: inputRequest.status === "active" ? THEME.yellow : THEME.border.default,
         paddingX: 1,
+        overflowX: "hidden",
         children: inputRequest.status === "active" ? /* @__PURE__ */ jsxs4(Box4, { children: [
           /* @__PURE__ */ jsx5(Text5, { color: THEME.yellow, children: "[auth]" }),
           /* @__PURE__ */ jsxs4(Text5, { color: THEME.gray, children: [
@@ -13469,6 +13489,8 @@ var footer_default = Footer;
 import { jsx as jsx7, jsxs as jsxs6 } from "react/jsx-runtime";
 var App = ({ autoApprove = false, target }) => {
   const { exit } = useApp();
+  const { stdout } = useStdout();
+  const terminalWidth = stdout?.columns ?? 80;
   const [input, setInput] = useState5("");
   const [secretInput, setSecretInput] = useState5("");
   const [autoApproveMode, setAutoApproveMode] = useState5(autoApprove);
@@ -13498,12 +13520,15 @@ var App = ({ autoApprove = false, target }) => {
   inputRequestRef.current = inputRequest;
   const handleExit = useCallback4(() => {
     const ir = inputRequestRef.current;
-    if (ir.status === "active") ir.resolve(null);
+    if (ir.status === "active") {
+      ir.resolve(null);
+      setInputRequest({ status: "inactive" });
+    }
     cleanupAllProcesses().catch(() => {
     });
     exit();
     setTimeout(() => process.exit(0), DISPLAY_LIMITS.EXIT_DELAY);
-  }, [exit]);
+  }, [exit, setInputRequest]);
   const handleCommand = useCallback4(async (cmd, args) => {
     switch (cmd) {
       case UI_COMMANDS.HELP:
@@ -13562,28 +13587,54 @@ var App = ({ autoApprove = false, target }) => {
           addMessage("system", "No findings.");
           break;
         }
-        const findingLines = [`\u2500\u2500\u2500 ${findings.length} Findings \u2500\u2500\u2500`, ""];
-        findings.forEach((f, i) => {
-          const verified = f.isVerified ? `[${ICONS.success}] Verified` : `[${ICONS.warning}] Unverified`;
-          const atk = f.attackPattern ? ` | ATT&CK: ${f.attackPattern}` : "";
-          findingLines.push(`[${i + 1}] [${f.severity.toUpperCase()}] ${f.title}`);
-          findingLines.push(`    ${verified}${atk}`);
-          if (f.affected.length > 0) {
-            findingLines.push(`    Affected: ${f.affected.join(", ")}`);
-          }
-          if (f.description) {
-            findingLines.push(`    ${f.description}`);
-          }
-          if (f.evidence.length > 0) {
-            findingLines.push(`    Evidence:`);
-            f.evidence.slice(0, DISPLAY_LIMITS.EVIDENCE_ITEMS_PREVIEW).forEach((e) => {
-              const preview = e.length > DISPLAY_LIMITS.EVIDENCE_PREVIEW_LENGTH ? e.slice(0, DISPLAY_LIMITS.EVIDENCE_PREVIEW_LENGTH) + "..." : e;
-              findingLines.push(`      \u25B8 ${preview}`);
-            });
-            if (f.evidence.length > DISPLAY_LIMITS.EVIDENCE_ITEMS_PREVIEW) findingLines.push(`      ... +${f.evidence.length - DISPLAY_LIMITS.EVIDENCE_ITEMS_PREVIEW} more`);
-          }
+        const severityOrder = ["critical", "high", "medium", "low", "info"];
+        const severityIcons = {
+          critical: "\u{1F534}",
+          high: "\u{1F7E0}",
+          medium: "\u{1F7E1}",
+          low: "\u{1F7E2}",
+          info: "\u26AA"
+        };
+        const grouped = {};
+        for (const f of findings) {
+          const sev = f.severity.toLowerCase();
+          if (!grouped[sev]) grouped[sev] = [];
+          grouped[sev].push(f);
+        }
+        const findingLines = [];
+        const sevCounts = severityOrder.filter((s) => grouped[s]?.length).map((s) => `${severityIcons[s]} ${s.toUpperCase()}: ${grouped[s].length}`).join("  ");
+        findingLines.push(`\u2500\u2500\u2500 ${findings.length} Findings \u2500\u2500 ${sevCounts} \u2500\u2500\u2500`);
+        findingLines.push("");
+        for (const sev of severityOrder) {
+          const group = grouped[sev];
+          if (!group?.length) continue;
+          const icon = severityIcons[sev] || "\u2022";
+          findingLines.push(`${icon} \u2500\u2500 ${sev.toUpperCase()} (${group.length}) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500`);
           findingLines.push("");
-        });
+          group.forEach((f, i) => {
+            const verified = f.isVerified ? `\u2713 Verified` : `? Unverified`;
+            const atk = f.attackPattern ? ` \u2502 ATT&CK: ${f.attackPattern}` : "";
+            const cat = f.category ? ` \u2502 ${f.category}` : "";
+            findingLines.push(`  [${i + 1}] ${f.title}`);
+            findingLines.push(`      ${verified}${atk}${cat}`);
+            if (f.affected.length > 0) {
+              findingLines.push(`      Affected: ${f.affected.join(", ")}`);
+            }
+            if (f.description) {
+              findingLines.push(`      ${f.description}`);
+            }
+            if (f.evidence.length > 0) {
+              findingLines.push(`      Evidence:`);
+              f.evidence.forEach((e) => {
+                findingLines.push(`        \u25B8 ${e}`);
+              });
+            }
+            if (f.remediation) {
+              findingLines.push(`      Fix: ${f.remediation}`);
+            }
+            findingLines.push("");
+          });
+        }
         addMessage("system", findingLines.join("\n"));
         break;
       case UI_COMMANDS.ASSETS:
@@ -13693,7 +13744,7 @@ ${procData.stdout || "(no output)"}
       process.off("SIGTERM", onSignal);
     };
   }, [handleCtrlC]);
-  return /* @__PURE__ */ jsxs6(Box6, { flexDirection: "column", paddingX: 1, children: [
+  return /* @__PURE__ */ jsxs6(Box6, { flexDirection: "column", paddingX: 1, width: terminalWidth, children: [
     /* @__PURE__ */ jsx7(Box6, { flexDirection: "column", marginBottom: 1, flexGrow: 1, children: /* @__PURE__ */ jsx7(MessageList, { messages }) }),
     /* @__PURE__ */ jsxs6(Box6, { flexDirection: "column", children: [
       /* @__PURE__ */ jsx7(

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.48.3",
+  "version": "0.49.0",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/main.js",