pentesting 0.49.2 → 0.49.3

package/dist/main.js

@@ -331,7 +331,7 @@ var ORPHAN_PROCESS_NAMES = [
 
 // src/shared/constants/agent.ts
 var APP_NAME = "Pentest AI";
-var APP_VERSION = "0.49.2";
+var APP_VERSION = "0.49.3";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -704,6 +704,16 @@ var ATTACK_VALUE_RANK = {
   LOW: 1,
   NONE: 0
 };
+var CONFIDENCE_THRESHOLDS = {
+  /** ≥80: exploit confirmed, shell access, flag captured */
+  CONFIRMED: 80,
+  /** ≥50: strong but not yet proven */
+  PROBABLE: 50,
+  /** ≥25: initial discovery, weak signal */
+  POSSIBLE: 25,
+  /** <25: speculation only */
+  NONE: 0
+};
 var APPROVAL_STATUSES = {
   AUTO: "auto",
   USER_CONFIRMED: "user_confirmed",
@@ -794,7 +804,11 @@ var DEFAULTS = {
   ENGAGEMENT_NAME: "auto-assessment",
   ENGAGEMENT_CLIENT: "internal",
   UNKNOWN_PHASE: "unknown",
-  INIT_PHASE: "init"
+  INIT_PHASE: "init",
+  /** Fallback service name when port fingerprinting yielded no result */
+  UNKNOWN_SERVICE: "unknown",
+  /** Default port state when not explicitly specified */
+  PORT_STATE_OPEN: "open"
 };
 
 // src/engine/process-manager.ts
@@ -2460,17 +2474,16 @@ var StateSerializer = class {
     }
     const findings = state.getFindings();
     if (findings.length > 0) {
-      const counts = findings.reduce((acc, f) => {
-        acc[f.severity] = (acc[f.severity] || 0) + 1;
-        return acc;
-      }, { critical: 0, high: 0, medium: 0, low: 0 });
-      lines.push(`Findings: ${findings.length} total (crit:${counts.critical} high:${counts.high} med:${counts.medium})`);
-      const important = findings.filter((f) => f.severity === "critical" || f.severity === "high");
-      if (important.length > 0) {
-        lines.push(`  Important Findings:`);
-        for (const f of important.slice(0, DISPLAY_LIMITS.FINDING_PREVIEW)) {
+      const confirmed = findings.filter((f) => f.confidence >= CONFIDENCE_THRESHOLDS.CONFIRMED).length;
+      const probable = findings.filter((f) => f.confidence >= CONFIDENCE_THRESHOLDS.PROBABLE && f.confidence < CONFIDENCE_THRESHOLDS.CONFIRMED).length;
+      const possible = findings.filter((f) => f.confidence < CONFIDENCE_THRESHOLDS.PROBABLE).length;
+      lines.push(`Findings: ${findings.length} total (confirmed:${confirmed} probable:${probable} possible:${possible})`);
+      const highPriority = findings.filter((f) => f.confidence >= CONFIDENCE_THRESHOLDS.CONFIRMED).sort((a, b) => b.confidence - a.confidence);
+      if (highPriority.length > 0) {
+        lines.push(`  Confirmed Findings (\u2265${CONFIDENCE_THRESHOLDS.CONFIRMED}):`);
+        for (const f of highPriority.slice(0, DISPLAY_LIMITS.FINDING_PREVIEW)) {
           const tactic = f.attackPattern ? ` [ATT&CK:${f.attackPattern}]` : "";
-          lines.push(`    [${f.severity.toUpperCase()}] ${f.title} (${f.category || "general"})${tactic}`);
+          lines.push(`    [conf:${f.confidence}|${f.severity.toUpperCase()}] ${f.title} (${f.category || "general"})${tactic}`);
         }
       }
     }
@@ -3350,7 +3363,7 @@ var DynamicTechniqueLibrary = class {
     });
     if (this.techniques.length > this.maxTechniques) {
       this.techniques.sort((a, b) => {
-        if (a.isVerified !== b.isVerified) return a.isVerified ? -1 : 1;
+        if (a.confidence !== b.confidence) return b.confidence - a.confidence;
         return b.learnedAt - a.learnedAt;
       });
       this.techniques = this.techniques.slice(0, this.maxTechniques);
@@ -3386,18 +3399,20 @@ var DynamicTechniqueLibrary = class {
         source: `Web search: "${query}"`,
         technique: tech,
         applicableTo,
-        isVerified: false,
+        confidence: CONFIDENCE_THRESHOLDS.POSSIBLE,
+        // discovered, not yet tested
         fromQuery: query
       });
     }
   }
   /**
    * Mark a technique as verified (it worked in practice).
+   * Upgrades confidence to 80.
    */
   verify(techniqueSubstring) {
     for (const t of this.techniques) {
       if (t.technique.toLowerCase().includes(techniqueSubstring.toLowerCase())) {
-        t.isVerified = true;
+        t.confidence = CONFIDENCE_THRESHOLDS.CONFIRMED;
       }
     }
   }
@@ -3425,18 +3440,18 @@ var DynamicTechniqueLibrary = class {
    */
   toPrompt() {
     if (this.techniques.length === 0) return "";
-    const verified = this.techniques.filter((t) => t.isVerified);
-    const unverified = this.techniques.filter((t) => !t.isVerified);
+    const confirmed = this.techniques.filter((t) => t.confidence >= CONFIDENCE_THRESHOLDS.CONFIRMED);
+    const discovered = this.techniques.filter((t) => t.confidence < CONFIDENCE_THRESHOLDS.CONFIRMED);
     const lines = ["<learned-techniques>"];
-    if (verified.length > 0) {
-      lines.push("VERIFIED (worked in this session):");
-      for (const t of verified) {
+    if (confirmed.length > 0) {
+      lines.push("CONFIRMED (worked in this session):");
+      for (const t of confirmed) {
         lines.push(`  \u2705 [${t.applicableTo.join(",")}] ${t.technique}`);
       }
     }
-    if (unverified.length > 0) {
-      lines.push(`DISCOVERED (${unverified.length} unverified):`);
-      for (const t of unverified.slice(0, MEMORY_LIMITS.PROMPT_UNVERIFIED_TECHNIQUES)) {
+    if (discovered.length > 0) {
+      lines.push(`DISCOVERED (${discovered.length} unverified):`);
+      for (const t of discovered.slice(0, MEMORY_LIMITS.PROMPT_UNVERIFIED_TECHNIQUES)) {
         lines.push(`  \u{1F4A1} [${t.applicableTo.join(",")}] ${t.technique} (from: ${t.source})`);
       }
     }
@@ -3659,6 +3674,14 @@ var SharedState = class {
   getFindingsBySeverity(severity) {
     return this.data.findings.filter((f) => f.severity === severity);
   }
+  /** Returns findings with confidence >= threshold (default: CONFIRMED = 80) */
+  getFindingsByConfidence(threshold = CONFIDENCE_THRESHOLDS.CONFIRMED) {
+    return this.data.findings.filter((f) => f.confidence >= threshold);
+  }
+  /** True if confidence >= CONFIRMED (80) */
+  isConfirmedFinding(finding) {
+    return finding.confidence >= CONFIDENCE_THRESHOLDS.CONFIRMED;
+  }
   addLoot(loot) {
     this.data.loot.push(loot);
   }
@@ -5044,43 +5067,32 @@ Reason: ${reason}`
 ];
 
 // src/shared/utils/finding-validator.ts
-var VALIDATION_THRESHOLDS = {
-  /** Divisor for base confidence (N+ pattern matches = 100%) */
-  CONFIDENCE_DIVISOR: 2,
-  /** Penalty per false-positive indicator */
-  FALSE_POSITIVE_PENALTY: 0.15,
-  /** Confidence breakpoints for quality classification */
-  QUALITY_STRONG: 0.8,
-  QUALITY_MODERATE: 0.5,
-  /** Minimum confidence for verification */
-  VERIFICATION_MIN: 0.5
-};
 var SUCCESS_PATTERNS = [
-  // Shell access indicators
-  { pattern: /uid=\d+\([^)]+\)\s+gid=\d+/, description: "Unix id output", weight: 1 },
-  { pattern: /root:x:0:0/, description: "/etc/passwd root entry", weight: 0.9 },
-  { pattern: /NT AUTHORITY\\SYSTEM/i, description: "Windows SYSTEM access", weight: 1 },
-  { pattern: /nt authority\\system/i, description: "Windows SYSTEM access (lowercase)", weight: 1 },
-  { pattern: /\$ whoami\s*\n\s*root/, description: "root whoami output", weight: 1 },
-  { pattern: /Administrator/, description: "Windows Administrator", weight: 0.7 },
-  // Database access
-  { pattern: /\d+ rows? in set/, description: "SQL query result", weight: 0.8 },
-  { pattern: /mysql>|postgres[=#]|sqlite>/, description: "Database shell prompt", weight: 0.9 },
-  { pattern: /CREATE TABLE|INSERT INTO|SELECT \*/i, description: "SQL DDL/DML output", weight: 0.7 },
-  // File read success
-  { pattern: /-----BEGIN (RSA |EC |OPENSSH )?PRIVATE KEY-----/, description: "Private key exposure", weight: 1 },
-  { pattern: /-----BEGIN CERTIFICATE-----/, description: "Certificate exposure", weight: 0.6 },
-  { pattern: /DB_PASSWORD|DATABASE_URL|SECRET_KEY/i, description: "Credential in config", weight: 0.8 },
-  // RCE indicators
-  { pattern: /Linux\s+\S+\s+\d+\.\d+/, description: "Linux uname output", weight: 0.7 },
-  { pattern: /Windows\s+(Server\s+)?\d{4}/i, description: "Windows systeminfo", weight: 0.7 },
-  { pattern: /\bwww-data\b/, description: "Web server user context", weight: 0.6 },
-  // Network access
-  { pattern: /Nmap scan report for/, description: "Internal nmap scan (pivoting)", weight: 0.5 },
-  { pattern: /meterpreter\s*>/, description: "Meterpreter session", weight: 1 },
-  // Credential extraction
-  { pattern: /\b[a-f0-9]{32}\b:\b[a-f0-9]{32}\b/, description: "Hash:hash pair", weight: 0.7 },
-  { pattern: /password\s*[:=]\s*\S+/i, description: "Password in output", weight: 0.6 }
+  // Absolute proof (100)
+  { pattern: /uid=0\([^)]+\)\s+gid=0/, description: "uid=0 (root shell confirmed)", score: 100 },
+  { pattern: /NT AUTHORITY\\SYSTEM/i, description: "Windows SYSTEM access", score: 100 },
+  { pattern: /meterpreter\s*>/, description: "Meterpreter session", score: 100 },
+  // Shell / access confirmed (90-95)
+  { pattern: /\$ whoami\s*\n\s*root/, description: "root whoami output", score: 95 },
+  { pattern: /root:x:0:0/, description: "/etc/passwd root entry read", score: 90 },
+  { pattern: /uid=\d+\([^)]+\)\s+gid=\d+/, description: "Unix id command output", score: 90 },
+  // Credential / sensitive data extracted (80-85)
+  { pattern: /-----BEGIN (RSA |EC |OPENSSH )?PRIVATE KEY-----/, description: "Private key exposed", score: 85 },
+  { pattern: /DB_PASSWORD|DATABASE_URL|SECRET_KEY/i, description: "Secret/credential in config", score: 80 },
+  { pattern: /\d+ rows? in set/i, description: "SQL query result returned", score: 80 },
+  { pattern: /mysql>|postgres[=#]|sqlite>/, description: "Database shell prompt", score: 80 },
+  { pattern: /password\s*[:=]\s*\S+/i, description: "Password in output", score: 80 },
+  { pattern: /\b[a-f0-9]{32}\b:\b[a-f0-9]{32}\b/, description: "Hash pair extracted", score: 80 },
+  // Strong indicators (65-75)
+  { pattern: /-----BEGIN CERTIFICATE-----/, description: "Certificate exposed", score: 70 },
+  { pattern: /CREATE TABLE|INSERT INTO|SELECT \*/i, description: "SQL DDL/DML output", score: 70 },
+  { pattern: /Administrator/i, description: "Windows Administrator context", score: 70 },
+  { pattern: /Linux\s+\S+\s+\d+\.\d+/, description: "Linux uname output (RCE)", score: 65 },
+  { pattern: /Windows\s+(Server\s+)?\d{4}/i, description: "Windows systeminfo (RCE)", score: 65 },
+  { pattern: /\bwww-data\b/, description: "Web server user context", score: 65 },
+  // Circumstantial evidence (50)
+  { pattern: /Nmap scan report for/, description: "Internal nmap scan (pivot)", score: 50 },
+  { pattern: /open\s+\w+\/\w+/, description: "Open port in scan output", score: 25 }
 ];
 var FALSE_POSITIVE_PATTERNS = [
   { pattern: /connection refused/i, description: "Connection refused" },
@@ -5089,66 +5101,83 @@ var FALSE_POSITIVE_PATTERNS = [
   { pattern: /404 not found/i, description: "404 response" },
   { pattern: /401 unauthorized/i, description: "Unauthorized" },
   { pattern: /timeout|timed out/i, description: "Timeout" },
-  { pattern: /error:|exception:/i, description: "Error/Exception" }
+  { pattern: /error:|exception:/i, description: "Error/Exception header" }
 ];
-function validateFinding(evidence, severity) {
+var FALSE_POSITIVE_PENALTY = 15;
+function validateFinding(evidence) {
   if (!evidence || evidence.length === 0) {
     return {
-      isVerified: false,
       confidence: 0,
-      verificationNote: "No evidence provided \u2014 finding is unverified.",
-      evidenceQuality: "none"
+      evidenceQuality: "none",
+      verificationNote: "No evidence provided \u2014 finding is unsubstantiated."
     };
   }
-  const combinedEvidence = evidence.join("\n");
-  const flags = detectFlags(combinedEvidence);
+  const combined = evidence.join("\n");
+  const flags = detectFlags(combined);
   if (flags.length > 0) {
     return {
-      isVerified: true,
-      confidence: 1,
-      verificationNote: `CTF flag detected in evidence: ${flags[0]}`,
-      evidenceQuality: "strong"
+      confidence: 100,
+      evidenceQuality: "confirmed",
+      verificationNote: `CTF flag detected in evidence: ${flags[0]}`
     };
   }
-  let totalWeight = 0;
-  const matchedPatterns = [];
-  for (const { pattern, description, weight } of SUCCESS_PATTERNS) {
+  let maxScore = 0;
+  const matched = [];
+  for (const { pattern, description, score } of SUCCESS_PATTERNS) {
     pattern.lastIndex = 0;
-    if (pattern.test(combinedEvidence)) {
-      totalWeight += weight;
-      matchedPatterns.push(description);
+    if (pattern.test(combined)) {
+      if (score > maxScore) maxScore = score;
+      matched.push(`${description} (+${score})`);
     }
   }
-  let falsePositiveCount = 0;
-  for (const { pattern } of FALSE_POSITIVE_PATTERNS) {
+  let fpCount = 0;
+  const fpMatched = [];
+  for (const { pattern, description } of FALSE_POSITIVE_PATTERNS) {
     pattern.lastIndex = 0;
-    if (pattern.test(combinedEvidence)) {
-      falsePositiveCount++;
-    }
-  }
-  const baseConfidence = Math.min(1, totalWeight / VALIDATION_THRESHOLDS.CONFIDENCE_DIVISOR);
-  const fpPenalty = falsePositiveCount * VALIDATION_THRESHOLDS.FALSE_POSITIVE_PENALTY;
-  const confidence = Math.max(0, baseConfidence - fpPenalty);
-  let evidenceQuality;
-  if (confidence >= VALIDATION_THRESHOLDS.QUALITY_STRONG) evidenceQuality = "strong";
-  else if (confidence >= VALIDATION_THRESHOLDS.QUALITY_MODERATE) evidenceQuality = "moderate";
-  else if (confidence > 0) evidenceQuality = "weak";
-  else evidenceQuality = "none";
-  const isVerified = confidence >= VALIDATION_THRESHOLDS.VERIFICATION_MIN;
-  const note = matchedPatterns.length > 0 ? `Evidence matches: ${matchedPatterns.join(", ")}. Confidence: ${(confidence * 100).toFixed(0)}%` : `No recognized success patterns in evidence. ${falsePositiveCount > 0 ? `${falsePositiveCount} potential false-positive indicators found.` : "Manual review recommended."}`;
-  return {
-    isVerified,
-    confidence,
-    verificationNote: note,
-    evidenceQuality
-  };
+    if (pattern.test(combined)) {
+      fpCount++;
+      fpMatched.push(description);
+    }
+  }
+  const raw = maxScore - fpCount * FALSE_POSITIVE_PENALTY;
+  const confidence = Math.max(0, Math.min(100, Math.round(raw)));
+  const evidenceQuality = qualityFromScore(confidence);
+  const note = buildNote(matched, fpMatched, confidence);
+  return { confidence, evidenceQuality, verificationNote: note };
+}
+function qualityFromScore(score) {
+  if (score >= CONFIDENCE_THRESHOLDS.CONFIRMED) return "confirmed";
+  if (score >= CONFIDENCE_THRESHOLDS.PROBABLE) return "probable";
+  if (score >= CONFIDENCE_THRESHOLDS.POSSIBLE) return "possible";
+  return "none";
+}
+function buildNote(matched, fpMatched, confidence) {
+  const parts = [];
+  if (matched.length > 0) {
+    parts.push(`Matched: ${matched.join(", ")}`);
+  }
+  if (fpMatched.length > 0) {
+    parts.push(`FP penalties (${fpMatched.length}\xD7): ${fpMatched.join(", ")}`);
+  }
+  if (parts.length === 0) {
+    parts.push("No recognized success patterns");
+  }
+  parts.push(`Confidence: ${confidence}/100`);
+  return parts.join(" | ");
 }
 function formatValidation(result2) {
-  const icon = result2.isVerified ? "\u2705" : "\u26A0\uFE0F";
-  return `${icon} Verified: ${result2.isVerified} | Quality: ${result2.evidenceQuality} | ${result2.verificationNote}`;
+  const icon = result2.confidence >= CONFIDENCE_THRESHOLDS.CONFIRMED ? "\u2705" : result2.confidence >= CONFIDENCE_THRESHOLDS.PROBABLE ? "\u{1F536}" : result2.confidence >= CONFIDENCE_THRESHOLDS.POSSIBLE ? "\u26A0\uFE0F" : "\u2753";
+  return `${icon} [${result2.confidence}/100] ${result2.evidenceQuality.toUpperCase()} | ${result2.verificationNote}`;
 }
 
 // src/engine/tools/pentest-target-tools.ts
+var CRACKABLE_LOOT_TYPES = /* @__PURE__ */ new Set([LOOT_TYPES.HASH]);
+var SPRAY_LOOT_TYPES = /* @__PURE__ */ new Set([
+  LOOT_TYPES.CREDENTIAL,
+  LOOT_TYPES.TOKEN,
+  LOOT_TYPES.SSH_KEY,
+  LOOT_TYPES.API_KEY
+]);
 function isPortArray(value) {
   if (!Array.isArray(value)) return false;
   return value.every(
@@ -5162,13 +5191,13 @@ function isValidSeverity(value) {
   return typeof value === "string" && Object.values(SEVERITIES).includes(value);
 }
 function parseSeverity(value) {
-  return isValidSeverity(value) ? value : "medium";
+  return isValidSeverity(value) ? value : SEVERITIES.MEDIUM;
 }
 function isValidLootType(value) {
   return typeof value === "string" && Object.values(LOOT_TYPES).includes(value);
 }
 function parseLootType(value) {
-  return isValidLootType(value) ? value : "file";
+  return isValidLootType(value) ? value : LOOT_TYPES.FILE;
 }
 function isValidAttackTactic(value) {
   return typeof value === "string" && Object.values(ATTACK_TACTICS).includes(value);
@@ -5219,12 +5248,12 @@ The target will be tracked in SharedState and available for all agents.`,
           if (!exists) {
             existing.ports.push({
               port: np.port,
-              service: np.service || "unknown",
+              service: np.service || DEFAULTS.UNKNOWN_SERVICE,
               version: np.version,
-              state: np.state || "open",
+              state: np.state || DEFAULTS.PORT_STATE_OPEN,
               notes: []
             });
-            state.attackGraph.addService(ip, np.port, np.service || "unknown", np.version);
+            state.attackGraph.addService(ip, np.port, np.service || DEFAULTS.UNKNOWN_SERVICE, np.version);
           }
         }
         if (p.hostname) existing.hostname = parseString(p.hostname);
@@ -5233,9 +5262,9 @@ The target will be tracked in SharedState and available for all agents.`,
       }
       const ports = parsePorts(p.ports).map((port) => ({
         port: port.port,
-        service: port.service || "unknown",
+        service: port.service || DEFAULTS.UNKNOWN_SERVICE,
         version: port.version,
-        state: port.state || "open",
+        state: port.state || DEFAULTS.PORT_STATE_OPEN,
         notes: []
       }));
       state.addTarget({
@@ -5262,18 +5291,18 @@ Types: credential, hash, token, ssh_key, api_key, file, session, ticket, certifi
     required: ["type", "host", "detail"],
     execute: async (p) => {
       const lootTypeStr = parseString(p.type);
-      const crackableTypes = ["hash"];
       const detail = parseString(p.detail);
       const host = parseString(p.host);
+      const isCrackable = CRACKABLE_LOOT_TYPES.has(lootTypeStr);
       state.addLoot({
         type: parseLootType(lootTypeStr),
         host,
         detail,
         obtainedAt: Date.now(),
-        isCrackable: crackableTypes.includes(lootTypeStr),
+        isCrackable,
         isCracked: false
       });
-      if (["credential", "token", "ssh_key", "api_key"].includes(lootTypeStr)) {
+      if (SPRAY_LOOT_TYPES.has(lootTypeStr)) {
         const parts = detail.split(":");
         if (parts.length >= 2) {
           state.attackGraph.addCredential(parts[0], parts.slice(1).join(":"), host);
@@ -5284,22 +5313,35 @@ Types: credential, hash, token, ssh_key, api_key, file, session, ticket, certifi
         success: true,
         output: `Loot recorded: [${lootTypeStr}] from ${host}
 Detail: ${detail}
-` + (crackableTypes.includes(lootTypeStr) ? `This is crackable. Consider: hash_crack({ hashes: "${detail.slice(0, DISPLAY_LIMITS.LOOT_DETAIL_PREVIEW)}..." })` : `Consider credential reuse / lateral movement with this loot.`)
+` + (isCrackable ? `This is crackable. Consider: hash_crack({ hashes: "${detail.slice(0, DISPLAY_LIMITS.LOOT_DETAIL_PREVIEW)}..." })` : `Consider credential reuse / lateral movement with this loot.`)
       };
     }
   },
   {
     name: TOOL_NAMES.ADD_FINDING,
-    description: `Add a security finding with full details.
-ALWAYS provide: description (HOW you exploited it, step-by-step), evidence (actual command output proving success), and attackPattern (MITRE ATT&CK tactic).
-Findings without evidence are marked as UNVERIFIED and have low credibility.`,
+    description: `Record a security finding with confidence score.
+
+ALWAYS provide: description (HOW exploited), evidence (actual command output), attackPattern (MITRE ATT&CK tactic).
+
+confidence score (0-100) \u2014 technical verification level:
+  100 = CTF flag captured, root shell confirmed (uid=0), NT AUTHORITY\\SYSTEM
+   80 = DB query result, private key read, auth bypass proven, credential extracted
+   75 = Stack trace / internal paths / suspicious error message
+   65 = RCE circumstantial (uname output, www-data context)
+   50 = CVE version match, unusual server response
+   25 = Port open, service detected (unverified \u2014 needs further testing)
+    0 = Pure speculation, no actual test performed
+
+Omit confidence to let the system auto-calculate from evidence.
+Findings with confidence >= 80 appear as CONFIRMED in reports.`,
     parameters: {
-      title: { type: "string", description: 'Concise finding title (e.g., "Path Traversal via /download endpoint")' },
-      severity: { type: "string", description: "Severity: critical, high, medium, low, info" },
-      affected: { type: "array", items: { type: "string" }, description: 'Affected host:port or URLs (e.g., ["ctf.example.com:443/download"])' },
-      description: { type: "string", description: "Detailed description: what the vulnerability is, how you exploited it step-by-step, what access it gives, and the impact. Include credentials found, methods used, and exploitation chain." },
-      evidence: { type: "array", items: { type: "string" }, description: 'Actual command outputs proving the finding (e.g., ["curl output showing /etc/passwd", "uid=0(root) gid=0(root)"]). Copy real output here.' },
-      attackPattern: { type: "string", description: "MITRE ATT&CK tactic: initial_access, execution, persistence, privilege_escalation, defense_evasion, credential_access, discovery, lateral_movement, collection, exfiltration, command_and_control, impact" }
+      title: { type: "string", description: 'Concise title (e.g., "Path Traversal via /download endpoint")' },
+      severity: { type: "string", description: "Business impact severity: critical, high, medium, low, info" },
+      affected: { type: "array", items: { type: "string" }, description: "Affected host:port or URLs" },
+      description: { type: "string", description: "What the vulnerability is, how you exploited it step-by-step, what access it gives, and the impact." },
+      evidence: { type: "array", items: { type: "string" }, description: "Actual command outputs proving the finding. Copy real output here." },
+      attackPattern: { type: "string", description: "MITRE ATT&CK tactic: initial_access, execution, persistence, privilege_escalation, defense_evasion, credential_access, discovery, lateral_movement, collection, exfiltration, command_and_control, impact" },
+      confidence: { type: "number", description: "Optional override (0-100). Omit to auto-calculate from evidence." }
     },
     required: ["title", "severity", "description", "evidence"],
     execute: async (p) => {
@@ -5308,31 +5350,34 @@ Findings without evidence are marked as UNVERIFIED and have low credibility.`,
       const severity = parseSeverity(p.severity);
       const affected = parseStringArray(p.affected);
       const description = parseString(p.description);
-      const validation = validateFinding(evidence, severity);
       const attackPattern = parseString(p.attackPattern);
+      const validation = validateFinding(evidence);
+      const rawOverride = p.confidence;
+      const confidence = typeof rawOverride === "number" && rawOverride >= 0 && rawOverride <= 100 ? Math.round(rawOverride) : validation.confidence;
       state.addFinding({
         id: generateId(AGENT_LIMITS.ID_RADIX, AGENT_LIMITS.ID_LENGTH),
         title,
         severity,
+        confidence,
         affected,
         description,
         evidence,
-        isVerified: validation.isVerified,
         remediation: "",
         foundAt: Date.now(),
         ...attackPattern && isValidAttackTactic(attackPattern) ? { attackPattern } : {}
       });
-      const hasExploit = validation.isVerified;
-      const target = affected[0] || "unknown";
+      const hasExploit = confidence >= CONFIDENCE_THRESHOLDS.CONFIRMED;
+      const target = affected[0] || DEFAULTS.UNKNOWN_SERVICE;
       state.attackGraph.addVulnerability(title, target, severity, hasExploit);
+      const memoryEvent = confidence >= CONFIDENCE_THRESHOLDS.CONFIRMED ? "tool_success" : "tool_failure";
       state.episodicMemory.record(
-        validation.isVerified ? "tool_success" : "tool_failure",
+        memoryEvent,
         `Finding: ${title} (${severity}) \u2014 ${formatValidation(validation)}`
       );
       return {
         success: true,
         output: `Added: ${title}
-${formatValidation(validation)}`
+${formatValidation(validation)}${rawOverride !== void 0 ? ` [confidence overridden to ${confidence}]` : ""}`
       };
     }
   }
@@ -5385,6 +5430,7 @@ function isBrowserHeadless() {
 var SEARCH_URL_PATTERN = {
   GLM: "bigmodel.cn",
   ZHIPU: "zhipuai",
+  Z_AI: "z.ai",
   BRAVE: "brave.com",
   SERPER: "serper.dev"
 };
@@ -6211,7 +6257,7 @@ async function webSearch(query, _engine) {
     };
   }
   try {
-    if (apiUrl.includes(SEARCH_URL_PATTERN.GLM) || apiUrl.includes(SEARCH_URL_PATTERN.ZHIPU)) {
+    if (apiUrl.includes(SEARCH_URL_PATTERN.GLM) || apiUrl.includes(SEARCH_URL_PATTERN.ZHIPU) || apiUrl.includes(SEARCH_URL_PATTERN.Z_AI)) {
       debugLog("search", "Using GLM search");
       return await searchWithGLM(query, apiKey, apiUrl);
     } else if (apiUrl.includes(SEARCH_URL_PATTERN.BRAVE)) {
@@ -7164,7 +7210,7 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
     },
     execute: async (p) => {
       const { existsSync: existsSync12, statSync: statSync3, readdirSync: readdirSync4 } = await import("fs");
-      const { join: join14 } = await import("path");
+      const { join: join13 } = await import("path");
       const category = p.category || "";
       const search = p.search || "";
       const minSize = p.min_size || 0;
@@ -7219,7 +7265,7 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
         }
         for (const entry of entries) {
           if (entry.name.startsWith(".") || SKIP_DIRS.has(entry.name)) continue;
-          const fullPath = join14(dirPath, entry.name);
+          const fullPath = join13(dirPath, entry.name);
           if (entry.isDirectory()) {
             scanDir(fullPath, maxDepth, depth + 1);
             continue;
@@ -9686,15 +9732,9 @@ function logLLM(message, data) {
   debugLog("llm", message, data);
 }
 
-// src/engine/orchestrator/orchestrator.ts
-import { fileURLToPath as fileURLToPath2 } from "url";
-import { dirname as dirname4, join as join8 } from "path";
-var __filename = fileURLToPath2(import.meta.url);
-var __dirname2 = dirname4(__filename);
-
 // src/engine/state-persistence.ts
 import { writeFileSync as writeFileSync6, readFileSync as readFileSync4, existsSync as existsSync6, readdirSync, statSync, unlinkSync as unlinkSync4, rmSync } from "fs";
-import { join as join9 } from "path";
+import { join as join8 } from "path";
 function saveState(state) {
   const sessionsDir = WORKSPACE.SESSIONS;
   ensureDirExists(sessionsDir);
@@ -9712,9 +9752,9 @@ function saveState(state) {
     missionChecklist: state.getMissionChecklist()
   };
   const sessionId = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
-  const sessionFile = join9(sessionsDir, `${sessionId}.json`);
+  const sessionFile = join8(sessionsDir, `${sessionId}.json`);
   writeFileSync6(sessionFile, JSON.stringify(snapshot, null, 2), "utf-8");
-  const latestFile = join9(sessionsDir, "latest.json");
+  const latestFile = join8(sessionsDir, "latest.json");
   writeFileSync6(latestFile, JSON.stringify(snapshot, null, 2), "utf-8");
   pruneOldSessions(sessionsDir);
   return sessionFile;
@@ -9723,8 +9763,8 @@ function pruneOldSessions(sessionsDir) {
   try {
     const sessionFiles = readdirSync(sessionsDir).filter((f) => f.endsWith(FILE_EXTENSIONS.JSON) && f !== SPECIAL_FILES.LATEST_STATE).map((f) => ({
       name: f,
-      path: join9(sessionsDir, f),
-      mtime: statSync(join9(sessionsDir, f)).mtimeMs
+      path: join8(sessionsDir, f),
+      mtime: statSync(join8(sessionsDir, f)).mtimeMs
     })).sort((a, b) => b.mtime - a.mtime);
     const toDelete = sessionFiles.slice(AGENT_LIMITS.MAX_SESSION_FILES);
     for (const file of toDelete) {
@@ -9734,7 +9774,7 @@ function pruneOldSessions(sessionsDir) {
   }
 }
 function loadState(state) {
-  const latestFile = join9(WORKSPACE.SESSIONS, "latest.json");
+  const latestFile = join8(WORKSPACE.SESSIONS, "latest.json");
   if (!existsSync6(latestFile)) {
     return false;
   }
@@ -9752,7 +9792,11 @@ function loadState(state) {
       state.addTarget(value);
     }
     for (const finding of snapshot.findings) {
-      state.addFinding(finding);
+      const legacyFinding = finding;
+      if (typeof legacyFinding.confidence !== "number") {
+        legacyFinding.confidence = legacyFinding.isVerified === true ? 80 : 25;
+      }
+      state.addFinding(legacyFinding);
     }
     for (const loot of snapshot.loot) {
       state.addLoot(loot);
@@ -10780,10 +10824,11 @@ RULES:
             id: generateId(),
             title,
             severity: "high",
+            // Auto-extracted findings are unverified signals — score POSSIBLE (25)
+            confidence: CONFIDENCE_THRESHOLDS.POSSIBLE,
             affected: [],
             description: `Auto-extracted by Analyst LLM: ${vector}`,
             evidence: digestResult.memo.keyFindings.slice(0, 5),
-            isVerified: false,
             remediation: "",
             foundAt: Date.now()
           });
@@ -10863,8 +10908,8 @@ RULES:
 
 // src/agents/prompt-builder.ts
 import { readFileSync as readFileSync6, existsSync as existsSync9, readdirSync as readdirSync3 } from "fs";
-import { join as join11, dirname as dirname5 } from "path";
-import { fileURLToPath as fileURLToPath3 } from "url";
+import { join as join10, dirname as dirname4 } from "path";
+import { fileURLToPath as fileURLToPath2 } from "url";
 
 // src/shared/constants/prompts.ts
 var PROMPT_PATHS = {
@@ -10909,13 +10954,27 @@ var PROMPT_DEFAULTS = {
   NO_SCOPE: "<scope>NO SCOPE DEFINED. STOP.</scope>",
   EMPTY_TODO: "Create initial plan",
   USER_CONTEXT: (context) => `
-=========================================
-\u{1F6A8} CRITICAL: USER INPUT (YOUR OBJECTIVE) \u{1F6A8}
-=========================================
+<user-input>
 "${context}"
+</user-input>
+
+<intent-rules>
+ANALYZE the user's intent before acting. Classify into ONE:
+  ABORT \u2192 stop current work, confirm with \`ask_user\`
+  CORRECTION \u2192 adjust approach, continue
+  INFORMATION \u2192 store and USE immediately (credentials, paths, hints)
+  COMMAND \u2192 execute EXACTLY what was asked, nothing more
+  TARGET_CHANGE \u2192 \`add_target\`, then begin testing
+  GUIDANCE \u2192 acknowledge via \`ask_user\`, adjust strategy, continue
+  STATUS_QUERY \u2192 report via \`ask_user\`, then RESUME previous work
+  CONVERSATION \u2192 respond via \`ask_user\`, do NOT scan or attack
 
-RULE: If the user is just saying hello, asking a question, or did NOT provide a target, use the \`ask_user\` tool to respond and ask for a target. Do NOT start scanning unless a target is explicitly provided.
-=========================================`
+RULES:
+- No target set and none provided \u2192 \`ask_user\` to request target.
+- Conversation or greeting \u2192 respond conversationally, do NOT attack.
+- Uncertain intent \u2192 ask for clarification with \`ask_user\`.
+- This is a collaborative tool. The user is your partner.
+</intent-rules>`
 };
 var PROMPT_CONFIG = {
   ENCODING: "utf-8"
@@ -11124,7 +11183,7 @@ function getAttacksForService(service, port) {
 
 // src/shared/utils/journal.ts
 import { writeFileSync as writeFileSync8, readFileSync as readFileSync5, existsSync as existsSync8, readdirSync as readdirSync2, statSync as statSync2, unlinkSync as unlinkSync5 } from "fs";
-import { join as join10 } from "path";
+import { join as join9 } from "path";
 var MAX_JOURNAL_ENTRIES = 50;
 var MAX_OUTPUT_FILES = 30;
 var TURN_PREFIX = "turn-";
@@ -11134,7 +11193,7 @@ function writeJournalEntry(entry) {
     const journalDir = WORKSPACE.JOURNAL;
     ensureDirExists(journalDir);
     const padded = String(entry.turn).padStart(4, "0");
-    const filePath = join10(journalDir, `${TURN_PREFIX}${padded}.json`);
+    const filePath = join9(journalDir, `${TURN_PREFIX}${padded}.json`);
     writeFileSync8(filePath, JSON.stringify(entry, null, 2), "utf-8");
     return filePath;
   } catch (err) {
@@ -11144,7 +11203,7 @@ function writeJournalEntry(entry) {
 }
 function readJournalSummary() {
   try {
-    const summaryPath = join10(WORKSPACE.JOURNAL, SUMMARY_FILE);
+    const summaryPath = join9(WORKSPACE.JOURNAL, SUMMARY_FILE);
     if (!existsSync8(summaryPath)) return "";
     return readFileSync5(summaryPath, "utf-8");
   } catch {
@@ -11159,7 +11218,7 @@ function getRecentEntries(count = MAX_JOURNAL_ENTRIES) {
     const entries = [];
     for (const file of files) {
       try {
-        const raw = readFileSync5(join10(journalDir, file), "utf-8");
+        const raw = readFileSync5(join9(journalDir, file), "utf-8");
         entries.push(JSON.parse(raw));
       } catch {
       }
@@ -11189,7 +11248,7 @@ function regenerateJournalSummary() {
     const journalDir = WORKSPACE.JOURNAL;
     ensureDirExists(journalDir);
     const summary = buildSummaryFromEntries(entries);
-    const summaryPath = join10(journalDir, SUMMARY_FILE);
+    const summaryPath = join9(journalDir, SUMMARY_FILE);
     writeFileSync8(summaryPath, summary, "utf-8");
     debugLog("general", "Journal summary regenerated", {
       entries: entries.length,
@@ -11301,7 +11360,7 @@ function rotateJournalEntries() {
     const toDelete = files.slice(0, files.length - MAX_JOURNAL_ENTRIES);
     for (const file of toDelete) {
       try {
-        unlinkSync5(join10(journalDir, file));
+        unlinkSync5(join9(journalDir, file));
       } catch {
       }
     }
@@ -11318,8 +11377,8 @@ function rotateOutputFiles() {
     if (!existsSync8(outputDir)) return;
     const files = readdirSync2(outputDir).filter((f) => f.endsWith(".txt")).map((f) => ({
       name: f,
-      path: join10(outputDir, f),
-      mtime: statSync2(join10(outputDir, f)).mtimeMs
+      path: join9(outputDir, f),
+      mtime: statSync2(join9(outputDir, f)).mtimeMs
     })).sort((a, b) => b.mtime - a.mtime);
     if (files.length <= MAX_OUTPUT_FILES) return;
     const toDelete = files.slice(MAX_OUTPUT_FILES);
@@ -11345,7 +11404,7 @@ function rotateTurnRecords() {
     const toDelete = files.slice(0, files.length - MAX_JOURNAL_ENTRIES);
     for (const file of toDelete) {
       try {
-        unlinkSync5(join10(turnsDir, file));
+        unlinkSync5(join9(turnsDir, file));
       } catch {
       }
     }
@@ -11358,9 +11417,9 @@ function rotateTurnRecords() {
 }
 
 // src/agents/prompt-builder.ts
-var __dirname3 = dirname5(fileURLToPath3(import.meta.url));
-var PROMPTS_DIR = join11(__dirname3, "prompts");
-var TECHNIQUES_DIR = join11(PROMPTS_DIR, PROMPT_PATHS.TECHNIQUES_DIR);
+var __dirname2 = dirname4(fileURLToPath2(import.meta.url));
+var PROMPTS_DIR = join10(__dirname2, "prompts");
+var TECHNIQUES_DIR = join10(PROMPTS_DIR, PROMPT_PATHS.TECHNIQUES_DIR);
 var { AGENT_FILES } = PROMPT_PATHS;
 var PHASE_PROMPT_MAP = {
   // Direct mappings — phase has its own prompt file
@@ -11493,7 +11552,7 @@ ${content}
    * Load a prompt file from src/agents/prompts/
    */
   loadPromptFile(filename) {
-    const path2 = join11(PROMPTS_DIR, filename);
+    const path2 = join10(PROMPTS_DIR, filename);
     return existsSync9(path2) ? readFileSync6(path2, PROMPT_CONFIG.ENCODING) : "";
   }
   /**
@@ -11545,7 +11604,7 @@ ${content}
     const loadedSet = /* @__PURE__ */ new Set();
     const fragments = [];
     for (const technique of priorityTechniques) {
-      const filePath = join11(TECHNIQUES_DIR, `${technique}.md`);
+      const filePath = join10(TECHNIQUES_DIR, `${technique}.md`);
       try {
         if (!existsSync9(filePath)) continue;
         const content = readFileSync6(filePath, PROMPT_CONFIG.ENCODING);
@@ -11561,7 +11620,7 @@ ${content}
     try {
       const allFiles = readdirSync3(TECHNIQUES_DIR).filter((f) => f.endsWith(".md") && f !== "README.md" && !loadedSet.has(f));
       for (const file of allFiles) {
-        const filePath = join11(TECHNIQUES_DIR, file);
+        const filePath = join10(TECHNIQUES_DIR, file);
         const content = readFileSync6(filePath, PROMPT_CONFIG.ENCODING);
         if (content) {
           const category = file.replace(".md", "");
@@ -11672,7 +11731,7 @@ ${lines.join("\n")}
    */
   getJournalFragment() {
     try {
-      const summaryPath = join11(WORKSPACE.TURNS, "summary.md");
+      const summaryPath = join10(WORKSPACE.TURNS, "summary.md");
       if (existsSync9(summaryPath)) {
         const summary2 = readFileSync6(summaryPath, "utf-8");
         if (summary2.trim()) {
@@ -11703,10 +11762,10 @@ ${summary}
 
 // src/agents/strategist.ts
 import { readFileSync as readFileSync7, existsSync as existsSync10 } from "fs";
-import { join as join12, dirname as dirname6 } from "path";
-import { fileURLToPath as fileURLToPath4 } from "url";
-var __dirname4 = dirname6(fileURLToPath4(import.meta.url));
-var STRATEGIST_PROMPT_PATH = join12(__dirname4, "prompts", "strategist-system.md");
+import { join as join11, dirname as dirname5 } from "path";
+import { fileURLToPath as fileURLToPath3 } from "url";
+var __dirname3 = dirname5(fileURLToPath3(import.meta.url));
+var STRATEGIST_PROMPT_PATH = join11(__dirname3, "prompts", "strategist-system.md");
 var Strategist = class {
   llm;
   state;
@@ -11765,7 +11824,7 @@ var Strategist = class {
     }
     try {
       let journalSummary = "";
-      const summaryPath = join12(WORKSPACE.TURNS, "summary.md");
+      const summaryPath = join11(WORKSPACE.TURNS, "summary.md");
       if (existsSync10(summaryPath)) {
         journalSummary = readFileSync7(summaryPath, "utf-8").trim();
       }
@@ -11888,6 +11947,198 @@ Detect stalls (repeated failures, no progress) and force completely different at
 Chain every finding: "If X works \u2192 immediately do Y \u2192 which enables Z."
 Maximum 50 lines. Zero preamble. Direct imperatives only. Never repeat failed approaches.`;
 
+// src/agents/user-input-queue.ts
+var RECENT_MESSAGE_THRESHOLD_SECONDS = 5;
+var USER_INPUT_INTENT_PROMPT = `
+<user-message priority="INTERRUPT">
+\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
+\u26A1 USER MESSAGE \u2014 STOP. ANALYZE INTENT. THEN ACT.
+\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
+
+The user sent the following message(s) WHILE you are actively working.
+This message takes PRECEDENCE over your current plan. Process it NOW.
+
+<<USER_MESSAGES>>
+
+\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
+\xA71. INTENT CLASSIFICATION (Chain-of-Thought \u2014 MANDATORY)
+\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
+
+You MUST internally reason through this decision tree IN ORDER.
+Stop at the FIRST matching category \u2014 do NOT skip ahead.
+
+\u250C\u2500 STEP 1: Is the user telling you to STOP or ABORT?
+\u2502  Signals: "stop", "abort", "cancel", "enough", "halt", "wait"
+\u2502  \u2192 CATEGORY: ABORT
+\u2502  \u2192 ACTION: Immediately stop current tool execution.
+\u2502            Use \`ask_user\` to confirm: "Understood, stopping. What would you like me to do next?"
+\u2502
+\u251C\u2500 STEP 2: Is the user CORRECTING you or saying you're WRONG?
+\u2502  Signals: "that's wrong", "don't do that", "stop doing X", "you already tried that",
+\u2502           "not that way", "I said X not Y", negative feedback on your actions
+\u2502  \u2192 CATEGORY: CORRECTION
+\u2502  \u2192 ACTION: 1. Acknowledge the error briefly.
+\u2502            2. State what you will do differently.
+\u2502            3. Resume work with the corrected approach.
+\u2502            Do NOT use \`ask_user\` unless clarification is needed.
+\u2502
+\u251C\u2500 STEP 3: Is the user providing ACTIONABLE INFORMATION?
+\u2502  Signals: credentials, passwords, usernames, file paths, endpoints, API keys,
+\u2502           ports, version numbers, IP addresses, hints about the target
+\u2502  \u2192 CATEGORY: INFORMATION
+\u2502  \u2192 ACTION: 1. Store with \`add_loot\` (if credentials) or remember contextually.
+\u2502            2. USE this information immediately in your next tool call.
+\u2502            3. Do NOT ask "should I use this?" \u2014 just use it.
+\u2502            Example: User says "password is admin123"
+\u2502            \u2192 Immediately try those credentials on all discovered login surfaces.
+\u2502
+\u251C\u2500 STEP 4: Is the user giving a DIRECT COMMAND to execute something?
+\u2502  Signals: imperative verb + specific action: "run X", "scan Y", "exploit Z",
+\u2502           "try X on Y", "use sqlmap", "brute force SSH"
+\u2502  \u2192 CATEGORY: COMMAND
+\u2502  \u2192 ACTION: Execute EXACTLY what the user asked. No more, no less.
+\u2502            Do NOT add extra scans or "while we're at it" actions.
+\u2502            Do NOT ask for confirmation \u2014 the user already decided.
+\u2502
+\u251C\u2500 STEP 5: Is the user changing the TARGET or SCOPE?
+\u2502  Signals: new IP/domain, "switch to", "add target", "remove target",
+\u2502           "also attack X", "change scope"
+\u2502  \u2192 CATEGORY: TARGET_CHANGE
+\u2502  \u2192 ACTION: 1. Call \`add_target\` with the new target.
+\u2502            2. Confirm briefly with \`ask_user\`: "Added [target]. Starting reconnaissance."
+\u2502            3. Begin testing the new target.
+\u2502
+\u251C\u2500 STEP 6: Is the user providing STRATEGIC GUIDANCE?
+\u2502  Signals: "focus on X", "prioritize Y", "skip Z", "try X approach",
+\u2502           "what about X?", "have you considered X?", tactical suggestions
+\u2502  \u2192 CATEGORY: GUIDANCE
+\u2502  \u2192 ACTION: 1. Acknowledge the guidance briefly via \`ask_user\`:
+\u2502               "Understood \u2014 adjusting strategy to focus on [X]."
+\u2502            2. Immediately adjust your approach and continue working.
+\u2502            3. The acknowledgment and next action should be in the SAME turn.
+\u2502
+\u251C\u2500 STEP 7: Is the user asking about PROGRESS or STATUS?
+\u2502  Signals: "what did you find?", "any progress?", "status?", "what are you doing?",
+\u2502           "show me", "report", "findings so far", "how's it going?"
+\u2502  \u2192 CATEGORY: STATUS_QUERY
+\u2502  \u2192 ACTION: Use \`ask_user\` to provide a structured status report:
+\u2502            FORMAT:
+\u2502            "\u{1F4CA} Status Report:
+\u2502             \u2022 Phase: [current phase]
+\u2502             \u2022 Targets: [count] ([list key ones])
+\u2502             \u2022 Key Findings: [count] ([summarize top findings])
+\u2502             \u2022 Current Action: [what you were doing]
+\u2502             \u2022 Next Steps: [what you plan to do next]"
+\u2502            Then RESUME your previous work \u2014 do NOT stop after reporting.
+\u2502
+\u2514\u2500 STEP 8: Everything else \u2192 CONVERSATION
+   Signals: greetings, questions, discussions, explanations, opinions,
+            casual talk, "hello", "how does X work?", "explain Y"
+   \u2192 CATEGORY: CONVERSATION
+   \u2192 ACTION: Use \`ask_user\` to respond naturally and conversationally.
+             Answer questions with your knowledge.
+             Then ask if they want you to continue with the current task.
+             Do NOT start any scans or attacks.
+
+\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
+\xA72. MULTI-MESSAGE RESOLUTION
+\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
+
+If multiple user messages are queued, process them as follows:
+1. Read ALL messages first to understand the full context.
+2. Later messages may OVERRIDE or CLARIFY earlier ones.
+   Example: [1] "try brute force" \u2192 [2] "actually, skip brute force, try SQLi"
+   \u2192 Only execute the SQLi instruction (message 2 overrides message 1).
+3. If messages are independent, process the HIGHEST PRIORITY category first
+   (ABORT > CORRECTION > INFORMATION > COMMAND > TARGET > GUIDANCE > STATUS > CONVERSATION).
+4. Acknowledge all messages but act on the most recent directive.
+
+\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
+\xA73. WORK RESUMPTION RULES
+\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
+
+After handling the user's message, you MUST resume productive work:
+
+\u251C\u2500 ABORT/CONVERSATION \u2192 Wait for next user instruction. Do NOT auto-resume.
+\u251C\u2500 STATUS_QUERY \u2192 Report status, then RESUME previous work in the same turn.
+\u251C\u2500 GUIDANCE/CORRECTION \u2192 Adjust plan, then CONTINUE with modified approach.
+\u251C\u2500 INFORMATION \u2192 USE the information immediately in your next action.
+\u251C\u2500 COMMAND \u2192 Execute the command. After completion, resume prior work.
+\u251C\u2500 TARGET_CHANGE \u2192 Switch to new target, begin fresh workflow.
+
+KEY PRINCIPLE: Never leave a turn empty-handed.
+If you used \`ask_user\` to respond, you may ALSO call other tools in the same turn
+(except for ABORT and CONVERSATION categories).
+
+\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
+\xA74. ANTI-PATTERNS \u2014 NEVER DO THESE
+\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
+
+\u251C\u2500 \u274C Ignore the user's message and continue your previous plan
+\u251C\u2500 \u274C Start scanning/attacking after a greeting
+\u251C\u2500 \u274C Ask "should I use this?" when the user provides credentials \u2192 JUST USE THEM
+\u251C\u2500 \u274C Respond with only text (no tool call) \u2014 always use \`ask_user\` for responses
+\u251C\u2500 \u274C Stop all work after answering a status query \u2014 RESUME immediately
+\u251C\u2500 \u274C Add extra actions the user didn't ask for when handling a COMMAND
+\u251C\u2500 \u274C Repeat the same failed approach after a CORRECTION
+\u2514\u2500 \u274C Treat every input as an attack command \u2014 MOST inputs are collaborative
+</user-message>`;
+var UserInputQueue = class {
+  queue = [];
+  /**
+   * Add a user input to the queue.
+   * Called from TUI when user submits text during active agent processing.
+   */
+  enqueue(text) {
+    this.queue.push({
+      text,
+      timestamp: Date.now()
+    });
+  }
+  /**
+   * Check if there are pending user inputs.
+   */
+  hasPending() {
+    return this.queue.length > 0;
+  }
+  /**
+   * Get the count of pending inputs.
+   */
+  pendingCount() {
+    return this.queue.length;
+  }
+  /**
+   * Drain all queued inputs and format them with intent analysis prompt.
+   * Returns null if queue is empty.
+   * Clears the queue after draining.
+   */
+  drainAndFormat() {
+    if (this.queue.length === 0) return null;
+    const messages = [...this.queue];
+    this.queue = [];
+    const formattedMessages = messages.map((m, i) => {
+      const timeAgo = Math.round((Date.now() - m.timestamp) / 1e3);
+      const timeLabel = timeAgo < RECENT_MESSAGE_THRESHOLD_SECONDS ? "just now" : `${timeAgo}s ago`;
+      return `[${i + 1}] (${timeLabel}) "${m.text}"`;
+    }).join("\n");
+    return USER_INPUT_INTENT_PROMPT.replace("<<USER_MESSAGES>>", formattedMessages);
+  }
+  /**
+   * Peek at the queue without draining.
+   * Useful for diagnostics or TUI display.
+   */
+  peek() {
+    return this.queue;
+  }
+  /**
+   * Clear the queue without processing.
+   * Used during /clear or abort.
+   */
+  clear() {
+    this.queue = [];
+  }
+};
+
 // src/shared/utils/turn-record.ts
 function formatTurnRecord(input) {
   const { turn, timestamp, phase, tools, memo: memo6, reflection } = input;
@@ -11975,7 +12226,7 @@ function formatReflectionInput(input) {
 
 // src/agents/main-agent.ts
 import { writeFileSync as writeFileSync9, existsSync as existsSync11, readFileSync as readFileSync8 } from "fs";
-import { join as join13 } from "path";
+import { join as join12 } from "path";
 var MainAgent = class extends CoreAgent {
   promptBuilder;
   strategist;
@@ -11984,6 +12235,11 @@ var MainAgent = class extends CoreAgent {
   userInput = "";
   /** Monotonic turn counter for journal entries */
   turnCounter = 0;
+  /**
+   * Queue for user inputs received during agent execution.
+   * Inputs are drained and injected at iteration boundaries.
+   */
+  userInputQueue = new UserInputQueue();
   constructor(state, events, toolRegistry, approvalGate, scopeGuard) {
     super(AGENT_ROLES.ORCHESTRATOR, state, events, toolRegistry);
     this.approvalGate = approvalGate;
@@ -12024,6 +12280,15 @@ var MainAgent = class extends CoreAgent {
     if (this.turnCounter === 0) {
       this.turnCounter = getNextTurnNumber();
     }
+    if (this.userInputQueue.hasPending()) {
+      const userMessage = this.userInputQueue.drainAndFormat();
+      if (userMessage) {
+        messages.push({
+          role: "user",
+          content: userMessage
+        });
+      }
+    }
     this.turnToolJournal = [];
     this.turnMemo = { keyFindings: [], credentials: [], attackVectors: [], failures: [], suspicions: [], attackValue: "LOW", nextSteps: [] };
     this.turnReflections = [];
@@ -12083,7 +12348,7 @@ ${extraction.content.trim()}
           ensureDirExists(WORKSPACE.TURNS);
           const ts = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-").slice(0, 19);
           const turnFileName = `turn-${String(this.turnCounter).padStart(4, "0")}_${ts}.md`;
-          const turnPath = join13(WORKSPACE.TURNS, turnFileName);
+          const turnPath = join12(WORKSPACE.TURNS, turnFileName);
           const turnContent = formatTurnRecord({
             turn: this.turnCounter,
             timestamp: (/* @__PURE__ */ new Date()).toISOString(),
@@ -12096,7 +12361,7 @@ ${extraction.content.trim()}
         } catch {
         }
         try {
-          const summaryPath = join13(WORKSPACE.TURNS, "summary.md");
+          const summaryPath = join12(WORKSPACE.TURNS, "summary.md");
           const existingSummary = existsSync11(summaryPath) ? readFileSync8(summaryPath, "utf-8") : "";
           const turnData = formatTurnRecord({
             turn: this.turnCounter,
@@ -12213,6 +12478,7 @@ ${turnData}`
     });
     this.state.reset();
     this.userInput = "";
+    this.userInputQueue.clear();
     this.strategist.reset();
     return clearWorkspace();
   }
@@ -12239,6 +12505,20 @@ ${turnData}`
   getStrategist() {
     return this.strategist;
   }
+  /**
+   * Enqueue a user input for processing at the next iteration boundary.
+   * Called from TUI when user sends a message while agent is actively processing.
+   */
+  enqueueUserInput(text) {
+    this.userInputQueue.enqueue(text);
+  }
+  /**
+   * Check if there are pending user inputs in the queue.
+   * Useful for TUI to show pending input indicator.
+   */
+  hasPendingUserInput() {
+    return this.userInputQueue.hasPending();
+  }
 };
 
 // src/agents/factory.ts
@@ -12719,7 +12999,7 @@ ${firstLine}`);
     setInputHandler((p) => {
       return new Promise((resolve) => {
         const isPassword = /password|passphrase/i.test(p);
-        const inputType = /sudo/i.test(p) ? "sudo_password" : isPassword ? "password" : "text";
+        const inputType = /sudo/i.test(p) ? INPUT_TYPES.SUDO_PASSWORD : isPassword ? INPUT_TYPES.PASSWORD : INPUT_TYPES.TEXT;
         setInputRequest({
           status: "active",
           prompt: p.trim(),
@@ -12731,8 +13011,7 @@ ${firstLine}`);
     });
     setCredentialHandler((request) => {
       return new Promise((resolve) => {
-        const hiddenTypes = ["password", "sudo_password", "ssh_password", "passphrase", "api_key", "credential"];
-        const isPassword = hiddenTypes.includes(request.type);
+        const isPassword = SENSITIVE_INPUT_TYPES.includes(request.type);
         const displayPrompt = buildCredentialPrompt(request);
         setInputRequest({
           status: "active",
@@ -13583,62 +13862,60 @@ var App = ({ autoApprove = false, target }) => {
         executeTask(args.join(" ") || `Perform comprehensive penetration testing${targetInfo}`);
         break;
       case UI_COMMANDS.FINDINGS:
-      case UI_COMMANDS.FINDINGS_SHORT:
+      case UI_COMMANDS.FINDINGS_SHORT: {
         const findings = agent.getState().getFindings();
         if (!findings.length) {
           addMessage("system", "No findings.");
           break;
         }
-        const severityOrder = ["critical", "high", "medium", "low", "info"];
-        const severityIcons = {
-          critical: "\u{1F534}",
-          high: "\u{1F7E0}",
-          medium: "\u{1F7E1}",
-          low: "\u{1F7E2}",
-          info: "\u26AA"
+        const sorted = [...findings].sort((a, b) => b.confidence - a.confidence);
+        const confIcon = (c) => {
+          if (c >= 100) return "\u{1F534}";
+          if (c >= CONFIDENCE_THRESHOLDS.CONFIRMED) return "\u{1F7E0}";
+          if (c >= CONFIDENCE_THRESHOLDS.PROBABLE) return "\u{1F7E1}";
+          if (c >= CONFIDENCE_THRESHOLDS.POSSIBLE) return "\u{1F7E2}";
+          return "\u26AA";
+        };
+        const confLabel = (c) => {
+          if (c >= CONFIDENCE_THRESHOLDS.CONFIRMED) return "confirmed";
+          if (c >= CONFIDENCE_THRESHOLDS.PROBABLE) return "probable";
+          if (c >= CONFIDENCE_THRESHOLDS.POSSIBLE) return "possible";
+          return "speculative";
         };
-        const grouped = {};
-        for (const f of findings) {
-          const sev = f.severity.toLowerCase();
-          if (!grouped[sev]) grouped[sev] = [];
-          grouped[sev].push(f);
-        }
         const findingLines = [];
-        const sevCounts = severityOrder.filter((s) => grouped[s]?.length).map((s) => `${severityIcons[s]} ${s.toUpperCase()}: ${grouped[s].length}`).join("  ");
-        findingLines.push(`\u2500\u2500\u2500 ${findings.length} Findings \u2500\u2500 ${sevCounts} \u2500\u2500\u2500`);
+        const nConfirmed = sorted.filter((f) => f.confidence >= CONFIDENCE_THRESHOLDS.CONFIRMED).length;
+        const nProbable = sorted.filter((f) => f.confidence >= CONFIDENCE_THRESHOLDS.PROBABLE && f.confidence < CONFIDENCE_THRESHOLDS.CONFIRMED).length;
+        const nPossible = sorted.filter((f) => f.confidence < CONFIDENCE_THRESHOLDS.PROBABLE).length;
+        findingLines.push(`\u2500\u2500\u2500 ${findings.length} Findings \u2500\u2500 \u{1F534}\u{1F7E0} confirmed:${nConfirmed}  \u{1F7E1} probable:${nProbable}  \u{1F7E2}\u26AA possible:${nPossible} \u2500\u2500\u2500`);
         findingLines.push("");
-        for (const sev of severityOrder) {
-          const group = grouped[sev];
-          if (!group?.length) continue;
-          const icon = severityIcons[sev] || "\u2022";
-          findingLines.push(`${icon} \u2500\u2500 ${sev.toUpperCase()} (${group.length}) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500`);
+        sorted.forEach((f, i) => {
+          const icon = confIcon(f.confidence);
+          const label = confLabel(f.confidence);
+          const scoreBar = `[${String(f.confidence).padStart(3, " ")}/100]`;
+          const atk = f.attackPattern ? ` \u2502 ATT&CK: ${f.attackPattern}` : "";
+          const cat = f.category ? ` \u2502 ${f.category}` : "";
+          findingLines.push(`  ${icon} ${scoreBar} ${f.title}`);
+          findingLines.push(`      ${label.toUpperCase()} \u2502 ${f.severity.toUpperCase()}${atk}${cat}`);
+          if (f.affected.length > 0) {
+            findingLines.push(`      Affected: ${f.affected.join(", ")}`);
+          }
+          if (f.description) {
+            findingLines.push(`      ${f.description}`);
+          }
+          if (f.evidence.length > 0) {
+            findingLines.push(`      Evidence:`);
+            f.evidence.forEach((e) => {
+              findingLines.push(`        \u25B8 ${e}`);
+            });
+          }
+          if (f.remediation) {
+            findingLines.push(`      Fix: ${f.remediation}`);
+          }
           findingLines.push("");
-          group.forEach((f, i) => {
-            const verified = f.isVerified ? `\u2713 Verified` : `? Unverified`;
-            const atk = f.attackPattern ? ` \u2502 ATT&CK: ${f.attackPattern}` : "";
-            const cat = f.category ? ` \u2502 ${f.category}` : "";
-            findingLines.push(`  [${i + 1}] ${f.title}`);
-            findingLines.push(`      ${verified}${atk}${cat}`);
-            if (f.affected.length > 0) {
-              findingLines.push(`      Affected: ${f.affected.join(", ")}`);
-            }
-            if (f.description) {
-              findingLines.push(`      ${f.description}`);
-            }
-            if (f.evidence.length > 0) {
-              findingLines.push(`      Evidence:`);
-              f.evidence.forEach((e) => {
-                findingLines.push(`        \u25B8 ${e}`);
-              });
-            }
-            if (f.remediation) {
-              findingLines.push(`      Fix: ${f.remediation}`);
-            }
-            findingLines.push("");
-          });
-        }
+        });
         addMessage("system", findingLines.join("\n"));
         break;
+      }
       case UI_COMMANDS.ASSETS:
       case UI_COMMANDS.ASSETS_SHORT:
         addMessage("status", formatInlineStatus());
@@ -13695,10 +13972,13 @@ ${procData.stdout || "(no output)"}
     if (trimmed.startsWith("/")) {
       const [cmd, ...args] = trimmed.slice(1).split(" ");
       await handleCommand(cmd, args);
+    } else if (isProcessingRef.current) {
+      agent.enqueueUserInput(trimmed);
+      addMessage("system", "\u{1F4AC} Message queued \u2014 will be processed at next iteration");
     } else {
       await executeTask(trimmed);
     }
-  }, [addMessage, executeTask, handleCommand]);
+  }, [agent, addMessage, executeTask, handleCommand]);
   const handleSecretSubmit = useCallback4((value) => {
     const ir = inputRequestRef.current;
     if (ir.status !== "active") return;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.49.2",
+  "version": "0.49.3",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/main.js",