pentesting 0.50.0 → 0.51.0

package/dist/main.js

@@ -228,7 +228,9 @@ var EXIT_CODES = {
   /** Process killed by SIGTERM */
   SIGTERM: 143,
   /** Process killed by SIGKILL */
-  SIGKILL: 137
+  SIGKILL: 137,
+  /** Invalid or missing configuration (Unix EX_CONFIG convention = 78) */
+  CONFIG_ERROR: 78
 };
 var PROCESS_ACTIONS = {
   LIST: "list",
@@ -343,7 +345,7 @@ var ORPHAN_PROCESS_NAMES = [
 
 // src/shared/constants/agent.ts
 var APP_NAME = "Pentest AI";
-var APP_VERSION = "0.50.0";
+var APP_VERSION = "0.51.0";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -532,14 +534,7 @@ var PHASES = {
   REPORT: "report"
 };
 var AGENT_ROLES = {
-  ORCHESTRATOR: "orchestrator",
-  RECON: "recon",
-  WEB: "web",
-  EXPLOITER: "exploit",
-  DATABASE: "database",
-  INFRA: "infra",
-  VULN: "vulnerability_analysis",
-  POST_EXPLOIT: "post_exploitation"
+  ORCHESTRATOR: "orchestrator"
 };
 var SERVICES = {
   HTTP: "http",
@@ -823,7 +818,7 @@ var DEFAULTS = {
   PORT_STATE_OPEN: "open"
 };
 
-// src/engine/process-manager.ts
+// src/engine/process/process-manager.ts
 import { spawn as spawn3, execSync as execSync2 } from "child_process";
 import { readFileSync as readFileSync2, existsSync as existsSync3, unlinkSync as unlinkSync2, writeFileSync as writeFileSync3, appendFileSync as appendFileSync2 } from "fs";
 
@@ -1333,12 +1328,7 @@ function validateCommand(command) {
       return result2;
     }
   }
-  const primaryBinary = extractBinary(subCommands[0].trim());
-  return {
-    isSafe: true,
-    binary: primaryBinary || void 0,
-    args: normalizedCommand.split(/\s+/).slice(1)
-  };
+  return { isSafe: true };
 }
 function splitChainedCommands(command) {
   const parts = [];
@@ -1596,6 +1586,7 @@ var TOOL_PACKAGE_MAP = {
   "seclists": { apt: "seclists", brew: "seclists" },
   "wfuzz": { apt: "wfuzz", brew: "wfuzz", pip: "wfuzz" },
   "dirsearch": { apt: "dirsearch", brew: "dirsearch", pip: "dirsearch" },
+  "wafw00f": { apt: "wafw00f", brew: "wafw00f", pip: "wafw00f" },
   "feroxbuster": { apt: "feroxbuster", brew: "feroxbuster" },
   "subfinder": { apt: "subfinder", brew: "subfinder" },
   "amass": { apt: "amass", brew: "amass" },
@@ -1637,20 +1628,16 @@ async function detectPackageManager() {
 }
 function isCommandNotFound(stderr, stdout) {
   const combined = (stderr + stdout).toLowerCase();
-  const patterns = [
+  return [
     /command not found/,
-    /not found$/,
+    /not found/,
     /no such file or directory/,
     /is not recognized/,
     /cannot find/,
     /not installed/,
-    /unable to locate package/
-  ];
-  const missing = patterns.some((p) => p.test(combined));
-  if (!missing) return { missing: false, toolName: null };
-  const toolMatch = combined.match(/(?:command not found|not found):\s*([a-zA-Z0-9_-]+)/i);
-  const toolName = toolMatch ? toolMatch[1] : null;
-  return { missing: true, toolName };
+    /unable to locate package/,
+    /enoent/
+  ].some((p) => p.test(combined));
 }
 async function installTool(toolName, eventEmitter, inputHandler) {
   const pkgInfo = TOOL_PACKAGE_MAP[toolName];
@@ -1769,14 +1756,15 @@ async function runCommand(command, args = [], options = {}) {
   }
   const timeout = options.timeout ?? TOOL_TIMEOUTS.DEFAULT_COMMAND;
   const maxRetries = options.maxRetries ?? AGENT_LIMITS.MAX_INSTALL_RETRIES;
+  const toolName = command.split(/[\s/]/).pop() || command;
   let lastResult = { success: false, output: "", error: "Unknown error" };
   for (let attempt = 0; attempt <= maxRetries; attempt++) {
-    const result2 = await executeCommandOnce(command, args, { ...options, timeout });
+    const result2 = await executeCommandOnce(fullCommand, { ...options, timeout });
     if (result2.success) {
       return result2;
     }
-    const { missing, toolName } = isCommandNotFound(result2.error || "", result2.output);
-    if (!missing || !toolName || attempt >= maxRetries) {
+    const missing = isCommandNotFound(result2.error || "", result2.output);
+    if (!missing || attempt >= maxRetries) {
       return result2;
     }
     lastResult = result2;
@@ -1803,7 +1791,7 @@ async function runCommand(command, args = [], options = {}) {
   }
   return lastResult;
 }
-async function executeCommandOnce(command, args = [], options = {}) {
+async function executeCommandOnce(command, options = {}) {
   return new Promise((resolve) => {
     const timeout = options.timeout ?? TOOL_TIMEOUTS.DEFAULT_COMMAND;
     globalEventEmitter?.({
@@ -1934,10 +1922,10 @@ function createTempFile(suffix = "") {
   return join2(tmpdir(), generateTempFilename(suffix));
 }
 
-// src/engine/process-cleanup.ts
+// src/engine/process/process-cleanup.ts
 import { unlinkSync } from "fs";
 
-// src/engine/process-tree.ts
+// src/engine/process/process-tree.ts
 import { execSync } from "child_process";
 function discoverChildPids(parentPid) {
   try {
@@ -2021,7 +2009,7 @@ function killProcessTreeSync(pid, childPids) {
   }
 }
 
-// src/engine/process-cleanup.ts
+// src/engine/process/process-cleanup.ts
 function syncCleanupAllProcesses(processMap) {
   for (const [, proc] of processMap) {
     if (!proc.hasExited) {
@@ -2057,7 +2045,7 @@ function registerExitHandlers(processMap) {
   });
 }
 
-// src/engine/process-detector.ts
+// src/engine/process/process-detector.ts
 function detectProcessRole(command) {
   const tags = [];
   let port;
@@ -2110,7 +2098,7 @@ function detectConnection(stdout) {
   return DETECTION_PATTERNS.CONNECTION.some((p) => p.test(stdout));
 }
 
-// src/engine/process-manager.ts
+// src/engine/process/process-manager.ts
 var backgroundProcesses = /* @__PURE__ */ new Map();
 var cleanupDone = false;
 registerExitHandlers(backgroundProcesses);
@@ -3666,6 +3654,22 @@ var SharedState = class {
       this.data.missionChecklist.push({ id, text, isCompleted: false });
     }
   }
+  /**
+   * Restore mission checklist from persistence (direct injection).
+   * WHY: avoids the add-then-update roundtrip that loadState previously needed.
+   */
+  restoreMissionChecklist(items) {
+    for (const item of items) {
+      this.data.missionChecklist.push({ ...item });
+    }
+  }
+  /**
+   * Restore a todo item from persistence (direct injection with original status).
+   * WHY: addTodo always creates PENDING; this preserves the saved status.
+   */
+  restoreTodoItem(item) {
+    this.data.todo.push({ ...item });
+  }
   // --- Engagement & Scope ---
   setEngagement(engagement) {
     this.data.engagement = engagement;
@@ -3708,26 +3712,6 @@ var SharedState = class {
   getTargets() {
     return this.data.targets;
   }
-  addServiceFingerprint(ip, fingerprint) {
-    const target = this.getTarget(ip);
-    if (!target) return;
-    target.services = target.services || [];
-    target.services.push(fingerprint);
-    target.primaryCategory = this.calculatePrimaryCategory(target.services);
-  }
-  calculatePrimaryCategory(services) {
-    const counts = {};
-    let winner = SERVICE_CATEGORIES.NETWORK;
-    let max = 0;
-    for (const s of services) {
-      counts[s.category] = (counts[s.category] || 0) + 1;
-      if (counts[s.category] > max) {
-        max = counts[s.category];
-        winner = s.category;
-      }
-    }
-    return winner;
-  }
   // --- Findings & Loot ---
   addFinding(finding) {
     this.data.findings.push(finding);
@@ -3738,14 +3722,6 @@ var SharedState = class {
   getFindingsBySeverity(severity) {
     return this.data.findings.filter((f) => f.severity === severity);
   }
-  /** Returns findings with confidence >= threshold (default: CONFIRMED = 80) */
-  getFindingsByConfidence(threshold = CONFIDENCE_THRESHOLDS.CONFIRMED) {
-    return this.data.findings.filter((f) => f.confidence >= threshold);
-  }
-  /** True if confidence >= CONFIRMED (80) */
-  isConfirmedFinding(finding) {
-    return finding.confidence >= CONFIDENCE_THRESHOLDS.CONFIRMED;
-  }
   addLoot(loot) {
     this.data.loot.push(loot);
   }
@@ -5460,7 +5436,8 @@ var ENV_KEYS = {
   THINKING: "PENTEST_THINKING",
   THINKING_BUDGET: "PENTEST_THINKING_BUDGET"
 };
-var DEFAULT_SEARCH_API_URL = "https://open.bigmodel.cn/api/paas/v4/tools/web-search-pro";
+var DEFAULT_SEARCH_API_URL = "https://api.search.brave.com/res/v1/web/search";
+var DEFAULT_MODEL = "glm-4.7";
 function getApiKey() {
   return process.env[ENV_KEYS.API_KEY] || "";
 }
@@ -5479,6 +5456,10 @@ function getSearchApiKey() {
 function getSearchApiUrl() {
   return process.env[ENV_KEYS.SEARCH_API_URL] || DEFAULT_SEARCH_API_URL;
 }
+function isZaiProvider() {
+  const baseUrl = getBaseUrl() || "";
+  return baseUrl.includes("z.ai");
+}
 function isThinkingEnabled() {
   return process.env[ENV_KEYS.THINKING] === "true";
 }
@@ -5486,8 +5467,26 @@ function getThinkingBudget() {
   const val = parseInt(process.env[ENV_KEYS.THINKING_BUDGET] || "", 10);
   return isNaN(val) ? 8e3 : Math.max(1024, val);
 }
-function isBrowserHeadless() {
-  return true;
+function validateRequiredConfig() {
+  const errors = [];
+  if (!getApiKey()) {
+    errors.push(
+      `[config] PENTEST_API_KEY is required.
+  Export it before running:
+    export PENTEST_API_KEY=your_api_key
+  For z.ai: get your key at https://api.z.ai`
+    );
+  }
+  const budgetRaw = process.env[ENV_KEYS.THINKING_BUDGET];
+  if (budgetRaw !== void 0 && budgetRaw !== "") {
+    const parsed = parseInt(budgetRaw, 10);
+    if (isNaN(parsed) || parsed < 1024) {
+      errors.push(
+        `[config] PENTEST_THINKING_BUDGET must be an integer \u2265 1024 (got: "${budgetRaw}")`
+      );
+    }
+  }
+  return errors;
 }
 
 // src/shared/constants/search-api.const.ts
@@ -5582,10 +5581,8 @@ function getPlaywrightPath() {
 }
 async function checkPlaywright() {
   try {
-    const result2 = await new Promise((resolve) => {
+    return await new Promise((resolve) => {
       const child = spawn4(PLAYWRIGHT_CMD.NPM, [PLAYWRIGHT_CMD.PLAYWRIGHT, PLAYWRIGHT_ACTION.VERSION], { shell: true });
-      let stdout = "";
-      child.stdout.on("data", (data) => stdout += data);
       child.on("close", (code) => {
         if (code === 0) {
           const browserCheck = spawn4(PLAYWRIGHT_CMD.NPM, [PLAYWRIGHT_CMD.PLAYWRIGHT, PLAYWRIGHT_BROWSER.CHROMIUM, PLAYWRIGHT_ACTION.HELP], { shell: true });
@@ -5599,7 +5596,6 @@ async function checkPlaywright() {
       });
       child.on("error", () => resolve({ installed: false, browserInstalled: false }));
     });
-    return result2;
   } catch {
     return { installed: false, browserInstalled: false };
   }
@@ -5710,13 +5706,12 @@ function buildBrowseScript(url, options, screenshotPath) {
   const safeExtraHeaders = JSON.stringify(options.extraHeaders || {});
   const playwrightPath = getPlaywrightPath();
   const safePlaywrightPath = safeJsString(playwrightPath);
-  const headlessMode = isBrowserHeadless();
   return `
 const { chromium } = require(${safePlaywrightPath});
 
 (async () => {
     const browser = await chromium.launch({
-        headless: ${headlessMode},
+        headless: true,
         args: ['${PLAYWRIGHT_ARG.NO_SANDBOX}', '${PLAYWRIGHT_ARG.DISABLE_SETUID_SANDBOX}']
     });
 
@@ -5860,7 +5855,7 @@ async function browseUrl(url, options = {}) {
         };
       }
     }
-    const screenshotPath = browserOptions.screenshot ? join6(join6(tmpdir3(), BROWSER_PATHS.TEMP_DIR_NAME), `screenshot-${Date.now()}.png`) : void 0;
+    const screenshotPath = browserOptions.screenshot ? join6(tmpdir3(), BROWSER_PATHS.TEMP_DIR_NAME, `screenshot-${Date.now()}.png`) : void 0;
     const script = buildBrowseScript(url, browserOptions, screenshotPath);
     const result2 = await runPlaywrightScript(script, browserOptions.timeout, "browse");
     if (!result2.success) {
@@ -5899,12 +5894,11 @@ async function fillAndSubmitForm(url, formData, options = {}) {
     const safeFormData = JSON.stringify(formData);
     const playwrightPath = getPlaywrightPath();
     const safePlaywrightPath = safeJsString(playwrightPath);
-    const headlessMode = process.env.HEADLESS !== "false";
     const script = `
 const { chromium } = require(${safePlaywrightPath});
 
 (async () => {
-    const browser = await chromium.launch({ headless: ${headlessMode} });
+    const browser = await chromium.launch({ headless: true });
     const page = await browser.newPage();
 
     try {
@@ -5989,12 +5983,16 @@ var SEARCH_TIMEOUT_MS = 15e3;
 function getErrorMessage(error) {
   return error instanceof Error ? error.message : String(error);
 }
+function generateRequestId() {
+  return crypto.randomUUID();
+}
 async function searchWithGLM(query, apiKey, apiUrl) {
   debugLog("search", "GLM request START", { apiUrl, query });
   const requestBody = {
-    model: "web-search-pro",
-    messages: [{ role: LLM_ROLES.USER, content: query }],
-    stream: false
+    request_id: generateRequestId(),
+    tool: "web-search-pro",
+    stream: false,
+    messages: [{ role: LLM_ROLES.USER, content: query }]
   };
   debugLog("search", "GLM request body", requestBody);
   let response;
@@ -6039,11 +6037,7 @@ async function searchWithGLM(query, apiKey, apiUrl) {
     debugLog("search", "GLM has tool_calls", { count: data.choices[0].message.tool_calls.length });
     for (const tc of data.choices[0].message.tool_calls) {
       if (tc.function?.arguments) {
-        try {
-          const args = JSON.parse(tc.function.arguments);
-          results += JSON.stringify(args, null, 2) + "\n";
-        } catch {
-        }
+        results += tc.function.arguments + "\n";
       }
     }
   }
@@ -6245,55 +6239,40 @@ async function parseNmap(xmlPath) {
   }
 }
 async function searchCVE(service, version) {
+  const query = version ? `${service} ${version}` : service;
   try {
-    return searchExploitDB(service, version);
-  } catch (error) {
+    const output = execFileSync("searchsploit", [query, "--color", "never"], {
+      encoding: "utf-8",
+      stdio: ["ignore", "pipe", "pipe"],
+      timeout: SEARCH_LIMIT.TIMEOUT_MS
+    });
+    const lines = output.trim().split("\n").slice(0, SEARCH_LIMIT.MAX_OUTPUT_LINES);
     return {
-      success: false,
-      output: "",
-      error: getErrorMessage2(error)
+      success: true,
+      output: lines.join("\n") || `No exploits found for ${query}`
     };
-  }
-}
-async function searchExploitDB(service, version) {
-  try {
-    const query = version ? `${service} ${version}` : service;
-    try {
-      const output = execFileSync("searchsploit", [query, "--color", "never"], {
-        encoding: "utf-8",
-        stdio: ["ignore", "pipe", "pipe"],
-        timeout: SEARCH_LIMIT.TIMEOUT_MS
-      });
-      const lines = output.trim().split("\n").slice(0, SEARCH_LIMIT.MAX_OUTPUT_LINES);
-      return {
-        success: true,
-        output: lines.join("\n") || `No exploits found for ${query}`
-      };
-    } catch (e) {
-      const execError = e;
-      const stderr = String(execError.stderr || "");
-      const stdout = String(execError.stdout || "");
-      if (stderr.includes("No results")) {
-        return {
-          success: true,
-          output: `No exploits found for ${query}`
-        };
-      }
+  } catch (e) {
+    const execError = e;
+    const stderr = String(execError.stderr || "");
+    const stdout = String(execError.stdout || "");
+    if (stderr.includes("No results")) {
       return {
         success: true,
-        output: stdout || `No exploits found for ${query}`
+        output: `No exploits found for ${query}`
       };
     }
-  } catch (error) {
     return {
-      success: false,
-      output: "",
-      error: getErrorMessage2(error)
+      success: true,
+      output: stdout || `No exploits found for ${query}`
     };
   }
 }
-async function webSearch(query, _engine) {
+async function webSearch(query) {
   debugLog("search", "webSearch START", { query });
+  if (isZaiProvider()) {
+    debugLog("search", "Using z.ai LLM-native web search (web_search_20250305)");
+    return await searchWithZai(query);
+  }
   const apiKey = getSearchApiKey();
   const apiUrl = getSearchApiUrl();
   debugLog("search", "Search API config", {
@@ -6321,7 +6300,7 @@ async function webSearch(query, _engine) {
     };
   }
   try {
-    if (apiUrl.includes(SEARCH_URL_PATTERN.GLM) || apiUrl.includes(SEARCH_URL_PATTERN.ZHIPU) || apiUrl.includes(SEARCH_URL_PATTERN.Z_AI)) {
+    if (apiUrl.includes(SEARCH_URL_PATTERN.GLM) || apiUrl.includes(SEARCH_URL_PATTERN.ZHIPU)) {
       debugLog("search", "Using GLM search");
       return await searchWithGLM(query, apiKey, apiUrl);
     } else if (apiUrl.includes(SEARCH_URL_PATTERN.BRAVE)) {
@@ -6343,6 +6322,111 @@ async function webSearch(query, _engine) {
     };
   }
 }
+var ZAI_SEARCH = {
+  TIMEOUT_MS: 2e4,
+  MAX_TOKENS: 1024,
+  MAX_USES: 3,
+  TOOL_TYPE: "web_search_20250305",
+  TOOL_NAME: "web_search",
+  ANTHROPIC_VERSION: "2023-06-01",
+  // §25-1 Retry constants
+  MAX_RETRIES: 2,
+  RETRY_BASE_MS: 500
+};
+function isTransientHttpError(status) {
+  return status === 429 || status >= 500;
+}
+async function searchWithZai(query) {
+  const apiKey = getApiKey();
+  const baseUrl = (getBaseUrl() || "https://api.z.ai/api/anthropic").replace(/\/+$/, "");
+  const url = `${baseUrl}/v1/messages`;
+  const requestBody = JSON.stringify({
+    model: getModel() || DEFAULT_MODEL,
+    max_tokens: ZAI_SEARCH.MAX_TOKENS,
+    tools: [{ type: ZAI_SEARCH.TOOL_TYPE, name: ZAI_SEARCH.TOOL_NAME, max_uses: ZAI_SEARCH.MAX_USES }],
+    messages: [{ role: "user", content: `Search the web for: ${query}` }]
+  });
+  let lastError = "";
+  for (let attempt = 0; attempt <= ZAI_SEARCH.MAX_RETRIES; attempt++) {
+    if (attempt > 0) {
+      const baseWait = ZAI_SEARCH.RETRY_BASE_MS * Math.pow(2, attempt - 1);
+      const jitter = baseWait * 0.25 * (Math.random() * 2 - 1);
+      await new Promise((r) => setTimeout(r, Math.round(baseWait + jitter)));
+      debugLog("search", `z.ai web search RETRY attempt=${attempt}`);
+    }
+    let response;
+    try {
+      response = await fetch(url, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "x-api-key": apiKey,
+          "anthropic-version": ZAI_SEARCH.ANTHROPIC_VERSION
+        },
+        body: requestBody,
+        signal: AbortSignal.timeout(ZAI_SEARCH.TIMEOUT_MS)
+      });
+    } catch (err) {
+      lastError = err instanceof Error ? err.message : String(err);
+      debugLog("search", "z.ai web search fetch FAILED", { attempt, error: lastError });
+      continue;
+    }
+    if (response.ok) {
+      let data;
+      try {
+        data = await response.json();
+      } catch (err) {
+        return { success: false, output: "", error: `z.ai web search invalid JSON: ${err instanceof Error ? err.message : String(err)}` };
+      }
+      const lines = [];
+      for (const block of data.content || []) {
+        if (block.type === "text" && block.text) {
+          lines.push(block.text);
+        } else if (block.type === "server_tool_use" && block.input?.results) {
+          const refs = block.input.results.filter((r) => !!r.url && !!r.title).map((r, i) => `[${i + 1}] ${r.title}
+    ${r.url}`);
+          if (refs.length > 0) {
+            lines.push("\n--- Search Sources ---\n" + refs.join("\n"));
+          }
+        }
+      }
+      const output = lines.join("\n").trim();
+      debugLog("search", "z.ai web search COMPLETE", { attempt, outputLength: output.length });
+      return { success: true, output: output || `No results found for: ${query}` };
+    }
+    let errorText = "";
+    try {
+      errorText = await response.text();
+    } catch {
+    }
+    lastError = `z.ai web search API error ${response.status}: ${errorText.slice(0, 500)}`;
+    debugLog("search", "z.ai web search ERROR", { attempt, status: response.status, error: errorText });
+    if (!isTransientHttpError(response.status)) {
+      break;
+    }
+  }
+  return { success: false, output: "", error: lastError };
+}
+async function extractURLs(text) {
+  try {
+    const urlRegex = /https?:\/\/[^\s<>"{}|\\^`\[\]]+/g;
+    const urls = text.match(urlRegex) || [];
+    const uniqueURLs = [...new Set(urls)];
+    return {
+      success: true,
+      output: JSON.stringify({
+        count: uniqueURLs.length,
+        urls: uniqueURLs
+      }, null, 2)
+    };
+  } catch (error) {
+    return {
+      success: false,
+      output: "",
+      error: getErrorMessage2(error)
+    };
+  }
+}
 
 // src/shared/utils/owasp-knowledge.ts
 var OWASP_2017 = {
@@ -6543,8 +6627,83 @@ Use 'get_owasp_knowledge' with edition="2023" or similar to see specific details
 `.trim();
 }
 
+// src/shared/utils/domain-tools-factory.ts
+function param(params, name, defaultValue) {
+  const value = params[name];
+  if (value === void 0 || value === null) {
+    if (defaultValue !== void 0) return defaultValue;
+    throw new Error(`Missing required parameter: ${name}`);
+  }
+  return String(value);
+}
+function paramNumber(params, name, defaultValue) {
+  const value = params[name];
+  if (value === void 0 || value === null) {
+    if (defaultValue !== void 0) return defaultValue;
+    throw new Error(`Missing required parameter: ${name}`);
+  }
+  return Number(value);
+}
+function ensureUrlProtocol(target) {
+  if (/^https?:\/\//i.test(target)) return target;
+  return `http://${target}`;
+}
+function createCommandTool(def) {
+  const parameters = {};
+  for (const paramName of def.params) {
+    parameters[paramName] = { type: "string", description: paramName };
+  }
+  if (def.optionalParams) {
+    for (const paramName of Object.keys(def.optionalParams)) {
+      parameters[paramName] = { type: "string", description: `${paramName} (optional)` };
+    }
+  }
+  return {
+    name: def.name,
+    description: def.description,
+    parameters,
+    required: def.params,
+    execute: async (params) => {
+      const resolvedArgs = def.args.map((arg) => {
+        const match = arg.match(/^\{(\w+)\}$/);
+        if (match) {
+          const paramName = match[1];
+          let value;
+          if (def.optionalParams && def.optionalParams[paramName] !== void 0) {
+            value = param(params, paramName, String(def.optionalParams[paramName]));
+          } else {
+            value = param(params, paramName);
+          }
+          if (def.requiresUrl && paramName === "target") {
+            value = ensureUrlProtocol(value);
+          }
+          return value;
+        }
+        return arg;
+      });
+      return await runCommand(def.cmd, resolvedArgs);
+    }
+  };
+}
+function createTool(name, description, parameters, required, execute) {
+  return { name, description, parameters, required, execute };
+}
+function createDomain(def) {
+  const tools = def.commands?.map(createCommandTool) ?? [];
+  const config = {
+    name: def.category,
+    description: def.description,
+    tools,
+    dangerLevel: def.dangerLevel,
+    defaultApproval: def.defaultApproval,
+    commonPorts: def.commonPorts,
+    commonServices: def.commonServices
+  };
+  return { tools, config };
+}
+
 // src/engine/tools/pentest-intel-tools.ts
-var createIntelTools = (_state) => [
+var createIntelTools = () => [
   {
     name: TOOL_NAMES.PARSE_NMAP,
     description: "Parse nmap XML output to structured JSON",
@@ -6630,7 +6789,8 @@ Can extract forms and inputs for security testing.`,
     },
     required: ["url"],
     execute: async (p) => {
-      const result2 = await browseUrl(p.url, {
+      const url = ensureUrlProtocol(p.url);
+      const result2 = await browseUrl(url, {
         extractForms: p.extract_forms,
         extractLinks: p.extract_links,
         screenshot: p.screenshot,
@@ -6660,7 +6820,8 @@ Can extract forms and inputs for security testing.`,
     },
     required: ["url", "fields"],
     execute: async (p) => {
-      const result2 = await fillAndSubmitForm(p.url, p.fields);
+      const url = ensureUrlProtocol(p.url);
+      const result2 = await fillAndSubmitForm(url, p.fields);
       return {
         success: result2.success,
         output: result2.output,
@@ -6803,6 +6964,19 @@ For CVEs not in this list, use web_search to find them.`
         output: `CVE ${cveId} not in local database. Use web_search({ query: "${cveId} exploit POC" }) to find more information online.`
       };
     }
+  },
+  {
+    name: TOOL_NAMES.EXTRACT_URLS,
+    description: `Extract all URLs from a block of text.
+Use this to:
+- Pull links from command output, HTML, or tool results
+- Discover subdomains and endpoints from scan results
+- Find API endpoints buried in verbose output`,
+    parameters: {
+      text: { type: "string", description: "Text to extract URLs from" }
+    },
+    required: ["text"],
+    execute: async (p) => extractURLs(p.text)
   }
 ];
 
@@ -7154,7 +7328,9 @@ function getContextRecommendations(context, variantCount) {
 }
 
 // src/engine/tools/pentest-attack-tools.ts
-var createAttackTools = (_state) => [
+import { existsSync as existsSync6, statSync, readdirSync } from "fs";
+import { join as join7 } from "path";
+var createAttackTools = () => [
   {
     name: TOOL_NAMES.HASH_CRACK,
     description: `Crack password hashes using hashcat or john.
@@ -7273,8 +7449,6 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
       }
     },
     execute: async (p) => {
-      const { existsSync: existsSync12, statSync: statSync3, readdirSync: readdirSync4 } = await import("fs");
-      const { join: join13 } = await import("path");
       const category = p.category || "";
       const search = p.search || "";
       const minSize = p.min_size || 0;
@@ -7305,12 +7479,12 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
         const q = search.toLowerCase();
         return fileName.toLowerCase().includes(q) || filePath.toLowerCase().includes(q);
       };
-      const results = ["# Available Wordlists on System\\n"];
+      const results = ["# Available Wordlists on System\n"];
       let totalCount = 0;
       const processFile = (fullPath, fileName) => {
         const ext = fileName.split(".").pop()?.toLowerCase();
         if (!WORDLIST_EXTENSIONS.has(ext || "")) return;
-        const stats = statSync3(fullPath);
+        const stats = statSync(fullPath);
         if (stats.size < minSize) return;
         if (!matchesCategory(fullPath)) return;
         if (!matchesSearch(fullPath, fileName)) return;
@@ -7320,16 +7494,16 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
         results.push("");
       };
       const scanDir = (dirPath, maxDepth = 3, depth = 0) => {
-        if (depth > maxDepth || !existsSync12(dirPath)) return;
+        if (depth > maxDepth || !existsSync6(dirPath)) return;
         let entries;
         try {
-          entries = readdirSync4(dirPath, { withFileTypes: true });
+          entries = readdirSync(dirPath, { withFileTypes: true });
         } catch {
           return;
         }
         for (const entry of entries) {
           if (entry.name.startsWith(".") || SKIP_DIRS.has(entry.name)) continue;
-          const fullPath = join13(dirPath, entry.name);
+          const fullPath = join7(dirPath, entry.name);
           if (entry.isDirectory()) {
             scanDir(fullPath, maxDepth, depth + 1);
             continue;
@@ -7342,19 +7516,26 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
         }
       };
       for (const basePath of scanPaths) {
-        results.push(`\\n## ${basePath}\\n`);
+        results.push(`
+## ${basePath}
+`);
         scanDir(basePath);
       }
       if (totalCount === 0) {
-        results.push(`\\nNo wordlists found matching your criteria.`);
-        results.push(`\\nTips:`);
+        results.push(`
+No wordlists found matching your criteria.`);
+        results.push(`
+Tips:`);
         results.push(`- Try without filters to see all available wordlists`);
         results.push(`- Ensure seclists/wordlists packages are installed`);
         results.push(`- Common locations: /usr/share/seclists/, /usr/share/wordlists/`);
       }
-      results.push(`\\n---`);
-      results.push(`\\nTotal wordlists found: ${totalCount}`);
-      results.push(`\\n## Commonly Used Wordlists (check if available)`);
+      results.push(`
+---`);
+      results.push(`
+Total wordlists found: ${totalCount}`);
+      results.push(`
+## Commonly Used Wordlists (check if available)`);
       results.push(`- RockYou: /usr/share/wordlists/rockyou.txt (14M passwords)`);
       results.push(`- Dirb common: /usr/share/wordlists/dirb/common.txt`);
       results.push(`- SecLists passwords: /usr/share/seclists/Passwords/Common-Credentials/`);
@@ -7362,7 +7543,7 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
       results.push(`- SecLists DNS: /usr/share/seclists/Discovery/DNS/`);
       return {
         success: true,
-        output: results.join("\\n")
+        output: results.join("\n")
       };
     }
   }
@@ -7372,8 +7553,8 @@ Returns: All available wordlists with their paths, sizes, and categories.`,
 var createPentestTools = (state, events) => [
   ...createStateTools(state, events),
   ...createTargetTools(state),
-  ...createIntelTools(state),
-  ...createAttackTools(state)
+  ...createIntelTools(),
+  ...createAttackTools()
 ];
 
 // src/engine/tools/agents.ts
@@ -7531,6 +7712,7 @@ var NETWORK_FILTERS = {
 };
 
 // src/engine/tools/network-attack.ts
+import { writeFileSync as writeFileSync6 } from "fs";
 var createNetworkAttackTools = () => [
   {
     name: TOOL_NAMES.ARP_SPOOF,
@@ -7706,8 +7888,7 @@ Requires root/sudo privileges.`,
       const iface = p.interface || "";
       const duration = p.duration || NETWORK_CONFIG.DEFAULT_SPOOF_DURATION;
       const hostsFile = createTempFile(FILE_EXTENSIONS.HOSTS);
-      const { writeFileSync: writeFileSync10 } = await import("fs");
-      writeFileSync10(hostsFile, `${spoofIp}	${domain}
+      writeFileSync6(hostsFile, `${spoofIp}	${domain}
 ${spoofIp}	*.${domain}
 `);
       const ifaceFlag = iface ? `-i ${iface}` : "";
@@ -7957,19 +8138,6 @@ var ZombieHunter = class {
     }
     return lines.join("\n");
   }
-  /**
-   * Get cleanup command suggestions for Orchestrator
-   */
-  getCleanupCommands(zombies) {
-    return zombies.map((z) => `bg_cleanup({ processId: "${z.processId}", killOrphans: true })`);
-  }
-  /**
-   * Check if any critical processes are among the zombies
-   * (shells, listeners that might be active shells)
-   */
-  hasCriticalZombies(zombies) {
-    return false;
-  }
 };
 
 // src/engine/resource/health-monitor.ts
@@ -8054,28 +8222,6 @@ var HealthMonitor = class {
     if (data.recommendations.length > MAX_RECOMMENDATIONS_FOR_HEALTHY) return HEALTH_STATUS.WARNING;
     return HEALTH_STATUS.HEALTHY;
   }
-  /**
-   * Generate summary string for Orchestrator context
-   */
-  generateSummary() {
-    const status = this.check();
-    const lines = [];
-    lines.push(`Health: ${status.overall.toUpperCase()}`);
-    lines.push(`Processes: ${status.processes.running}/${status.processes.total} running`);
-    if (status.ports.inUse.length > 0) {
-      lines.push(`Ports in use: ${status.ports.inUse.join(", ")}`);
-    }
-    if (status.ports.conflicts.length > 0) {
-      lines.push(`Port conflicts: ${status.ports.conflicts.join("; ")}`);
-    }
-    if (status.recommendations.length > 0) {
-      lines.push(`Recommendations:`);
-      for (const r of status.recommendations) {
-        lines.push(`  - ${r}`);
-      }
-    }
-    return lines.join("\n");
-  }
 };
 
 // src/engine/tools/resource.ts
@@ -8090,10 +8236,8 @@ var resourceTools = [
     description: `Query the status of all background processes.
 Shows running tasks, port usage, and health status.
 Used by the Orchestrator for resource management.`,
-    parameters: {
-      type: "object",
-      properties: {}
-    },
+    parameters: {},
+    // No parameters needed
     async execute() {
       const processes = listBackgroundProcesses();
       const health = healthMonitor.check();
@@ -8145,19 +8289,17 @@ Used by the Orchestrator for resource management.`,
 If processId is specified, terminates that process and its children.
 If killOrphans is true, also cleans up child processes whose parent has died.`,
     parameters: {
-      type: "object",
-      properties: {
-        processId: {
-          type: "string",
-          description: "Process ID to clean up (optional)"
-        },
-        killOrphans: {
-          type: "boolean",
-          description: "Also clean up orphan child processes (default: true)",
-          default: true
-        }
+      processId: {
+        type: "string",
+        description: "Process ID to clean up (optional)"
+      },
+      killOrphans: {
+        type: "boolean",
+        description: "Also clean up orphan child processes (default: true)",
+        default: true
       }
     },
+    required: [],
     async execute(params) {
       const results = [];
       if (params.processId) {
@@ -8198,14 +8340,27 @@ If killOrphans is true, also cleans up child processes whose parent has died.`,
     name: TOOL_NAMES.HEALTH_CHECK,
     description: `Check system resource health.
 Returns recommendations on process status, port conflicts, long-running tasks, etc.`,
-    parameters: {
-      type: "object",
-      properties: {}
-    },
+    parameters: {},
+    // No parameters needed
     async execute() {
       const status = healthMonitor.check();
       const zombies = zombieHunter.scan();
-      const output = healthMonitor.generateSummary();
+      const lines = [];
+      lines.push(`Health: ${status.overall.toUpperCase()}`);
+      lines.push(`Processes: ${status.processes.running}/${status.processes.total} running`);
+      if (status.ports.inUse.length > 0) {
+        lines.push(`Ports in use: ${status.ports.inUse.join(", ")}`);
+      }
+      if (status.ports.conflicts.length > 0) {
+        lines.push(`Port conflicts: ${status.ports.conflicts.join("; ")}`);
+      }
+      if (status.recommendations.length > 0) {
+        lines.push(`Recommendations:`);
+        for (const r of status.recommendations) {
+          lines.push(`  - ${r}`);
+        }
+      }
+      const output = lines.join("\n");
       if (zombies.length > 0) {
         return result(false, output + "\n\n" + zombieHunter.generateReport(zombies));
       }
@@ -8295,258 +8450,183 @@ var SMB_PORTS = [
 ];
 
 // src/domains/network/tools.ts
-var NETWORK_TOOLS = [
-  {
-    name: TOOL_NAMES.NMAP_QUICK,
-    description: "Quick nmap scan - fast discovery",
-    parameters: {
-      target: { type: "string", description: "Target IP/CIDR" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      const target = params.target;
-      return await runCommand("nmap", ["-Pn", "-T4", "-F", target]);
-    }
-  },
-  {
-    name: TOOL_NAMES.NMAP_FULL,
-    description: "Full nmap scan - comprehensive",
-    parameters: {
-      target: { type: "string", description: "Target IP/CIDR" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      const target = params.target;
-      return await runCommand("nmap", ["-Pn", "-T4", "-sV", "-O", "-p-", target]);
-    }
-  },
-  {
-    name: TOOL_NAMES.RUSTSCAN,
-    description: "RustScan - very fast port discovery",
-    parameters: {
-      target: { type: "string", description: "Target IP" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      const target = params.target;
-      return await runCommand("rustscan", ["-a", target, "--range", "1-65535"]);
-    }
-  }
-];
-var NETWORK_CONFIG2 = {
-  name: SERVICE_CATEGORIES.NETWORK,
+var { tools: NETWORK_TOOLS, config: NETWORK_CONFIG2 } = createDomain({
+  category: SERVICE_CATEGORIES.NETWORK,
   description: "Network reconnaissance - scanning, OS fingerprinting",
-  tools: NETWORK_TOOLS,
   dangerLevel: DANGER_LEVELS.ACTIVE,
   defaultApproval: APPROVAL_LEVELS.CONFIRM,
   commonPorts: [SERVICE_PORTS.FTP, SERVICE_PORTS.SSH, SERVICE_PORTS.HTTP, SERVICE_PORTS.HTTPS, SERVICE_PORTS.SMB, SERVICE_PORTS.RDP, SERVICE_PORTS.HTTP_ALT],
-  commonServices: [SERVICES.FTP, SERVICES.SSH, SERVICES.HTTP, SERVICES.HTTPS, SERVICES.SMB]
-};
-
-// src/domains/web/tools.ts
-var WEB_TOOLS = [
-  {
-    name: TOOL_NAMES.HTTP_FINGERPRINT,
-    description: "HTTP fingerprinting - detect WAF, server type",
-    parameters: {
-      target: { type: "string", description: "Target URL" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      const target = params.target;
-      return await runCommand("curl", ["-sI", target]);
-    }
-  },
-  {
-    name: TOOL_NAMES.WAF_DETECT,
-    description: "WAF detection using wafw00f",
-    parameters: {
-      target: { type: "string", description: "Target URL" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      const target = params.target;
-      return await runCommand("wafw00f", [target]);
-    }
-  },
-  {
-    name: TOOL_NAMES.DIRSEARCH,
-    description: "Directory bruteforcing",
-    parameters: {
-      target: { type: "string", description: "Target URL" }
+  commonServices: [SERVICES.FTP, SERVICES.SSH, SERVICES.HTTP, SERVICES.HTTPS, SERVICES.SMB],
+  commands: [
+    {
+      name: TOOL_NAMES.NMAP_QUICK,
+      description: "Quick nmap scan - fast discovery",
+      cmd: "nmap",
+      args: ["-Pn", "-T4", "-F", "{target}"],
+      params: ["target"]
     },
-    required: ["target"],
-    execute: async (params) => {
-      const target = params.target;
-      return await runCommand("dirsearch", ["-u", target, "--quiet"]);
-    }
-  },
-  {
-    name: TOOL_NAMES.NUCLEI_WEB,
-    description: "Nuclei web vulnerability scanner",
-    parameters: {
-      target: { type: "string", description: "Target URL" },
-      severity: { type: "string", description: "Severities to check" }
+    {
+      name: TOOL_NAMES.NMAP_FULL,
+      description: "Full nmap scan - comprehensive",
+      cmd: "nmap",
+      args: ["-Pn", "-T4", "-sV", "-O", "-p-", "{target}"],
+      params: ["target"]
     },
-    required: ["target"],
-    execute: async (params) => {
-      const target = params.target;
-      const severity = params.severity || "medium,critical,high";
-      return await runCommand("nuclei", ["-u", target, "-s", severity, "-silent"]);
+    {
+      name: TOOL_NAMES.RUSTSCAN,
+      description: "RustScan - very fast port discovery",
+      cmd: "rustscan",
+      args: ["-a", "{target}", "--range", "1-65535"],
+      params: ["target"]
     }
-  }
-];
-var WEB_CONFIG = {
-  name: SERVICE_CATEGORIES.WEB,
+  ]
+});
+
+// src/domains/web/tools.ts
+var { tools: WEB_TOOLS, config: WEB_CONFIG } = createDomain({
+  category: SERVICE_CATEGORIES.WEB,
   description: "Web application testing - HTTP/HTTPS, APIs",
-  tools: WEB_TOOLS,
   dangerLevel: DANGER_LEVELS.ACTIVE,
   defaultApproval: APPROVAL_LEVELS.CONFIRM,
   commonPorts: [SERVICE_PORTS.HTTP, SERVICE_PORTS.HTTPS, SERVICE_PORTS.HTTP_ALT],
-  commonServices: [SERVICES.HTTP, SERVICES.HTTPS]
-};
+  commonServices: [SERVICES.HTTP, SERVICES.HTTPS],
+  commands: [
+    {
+      name: TOOL_NAMES.HTTP_FINGERPRINT,
+      description: "HTTP fingerprinting - detect WAF, server type",
+      cmd: "curl",
+      args: ["-sI", "{target}"],
+      params: ["target"],
+      requiresUrl: true
+    },
+    {
+      name: TOOL_NAMES.WAF_DETECT,
+      description: "WAF detection using wafw00f",
+      cmd: "wafw00f",
+      args: ["{target}"],
+      params: ["target"],
+      requiresUrl: true
+    },
+    {
+      name: TOOL_NAMES.DIRSEARCH,
+      description: "Directory bruteforcing",
+      cmd: "dirsearch",
+      args: ["-u", "{target}", "--quiet"],
+      params: ["target"],
+      requiresUrl: true
+    },
+    {
+      name: TOOL_NAMES.NUCLEI_WEB,
+      description: "Nuclei web vulnerability scanner",
+      cmd: "nuclei",
+      args: ["-u", "{target}", "-s", "{severity}", "-silent"],
+      params: ["target"],
+      optionalParams: { severity: "medium,critical,high" },
+      requiresUrl: true
+    }
+  ]
+});
 
 // src/domains/database/tools.ts
-var DATABASE_TOOLS = [
+var SQLMAP_BASIC = createTool(
+  TOOL_NAMES.SQLMAP_BASIC,
+  "SQL injection testing with sqlmap - basic scan",
+  { target: { type: "string", description: "Target URL" } },
+  ["target"],
+  async (params) => runCommand("sqlmap", ["-u", param(params, "target"), "--batch", "--risk=1", "--level=1"])
+);
+var SQLMAP_ADVANCED = createTool(
+  TOOL_NAMES.SQLMAP_ADVANCED,
+  "SQL injection with sqlmap - full enumeration",
+  { target: { type: "string", description: "Target URL" } },
+  ["target"],
+  async (params) => runCommand("sqlmap", ["-u", param(params, "target"), "--batch", "--risk=3", "--level=5", "--dbs", "--tables"])
+);
+var MYSQL_ENUM = createTool(
+  TOOL_NAMES.MYSQL_ENUM,
+  "MySQL enumeration - version, users, databases",
   {
-    name: TOOL_NAMES.SQLMAP_BASIC,
-    description: "SQL injection testing with sqlmap - basic scan",
-    parameters: {
-      target: { type: "string", description: "Target URL" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      const target = params.target;
-      return await runCommand("sqlmap", ["-u", target, "--batch", "--risk=1", "--level=1"]);
-    }
+    target: { type: "string", description: "Target IP/hostname" },
+    port: { type: "number", description: `Port (default ${SERVICE_PORTS.MYSQL})` }
   },
+  ["target"],
+  async (params) => runCommand("mysql", ["-h", param(params, "target"), "-P", String(paramNumber(params, "port", SERVICE_PORTS.MYSQL)), "-e", "SELECT VERSION(), USER(), DATABASE();"])
+);
+var POSTGRES_ENUM = createTool(
+  TOOL_NAMES.POSTGRES_ENUM,
+  "PostgreSQL enumeration",
+  { target: { type: "string", description: "Target IP" } },
+  ["target"],
+  async (params) => runCommand("psql", ["-h", param(params, "target"), "-U", "postgres", "-c", "SELECT version(); SELECT datname FROM pg_database;"])
+);
+var REDIS_ENUM = createTool(
+  TOOL_NAMES.REDIS_ENUM,
+  "Redis enumeration",
   {
-    name: TOOL_NAMES.SQLMAP_ADVANCED,
-    description: "SQL injection with sqlmap - full enumeration",
-    parameters: {
-      target: { type: "string", description: "Target URL" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      const target = params.target;
-      return await runCommand("sqlmap", ["-u", target, "--batch", "--risk=3", "--level=5", "--dbs", "--tables"]);
-    }
+    target: { type: "string", description: "Target IP" },
+    port: { type: "number", description: `Port (default ${SERVICE_PORTS.REDIS})` }
   },
+  ["target"],
+  async (params) => runCommand("redis-cli", ["-h", param(params, "target"), "-p", String(paramNumber(params, "port", SERVICE_PORTS.REDIS)), "INFO"])
+);
+var DB_BRUTE = createTool(
+  TOOL_NAMES.DB_BRUTE,
+  "Brute force database credentials",
   {
-    name: TOOL_NAMES.MYSQL_ENUM,
-    description: "MySQL enumeration - version, users, databases",
-    parameters: {
-      target: { type: "string", description: "Target IP/hostname" },
-      port: { type: "string", description: `Port (default ${SERVICE_PORTS.MYSQL})` }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      const target = params.target;
-      const port = params.port || String(SERVICE_PORTS.MYSQL);
-      return await runCommand("mysql", ["-h", target, "-P", port, "-e", "SELECT VERSION(), USER(), DATABASE();"]);
-    }
+    target: { type: "string", description: "Target IP" },
+    service: { type: "string", description: "Service (mysql, postgres, etc.)" }
   },
+  ["target", "service"],
+  async (params) => runCommand("hydra", [
+    "-L",
+    WORDLISTS.USERNAMES,
+    "-P",
+    WORDLISTS.COMMON_PASSWORDS,
+    param(params, "target"),
+    param(params, "service")
+  ])
+);
+var DATABASE_TOOLS = [SQLMAP_BASIC, SQLMAP_ADVANCED, MYSQL_ENUM, POSTGRES_ENUM, REDIS_ENUM, DB_BRUTE];
+var DATABASE_CONFIG = {
+  name: SERVICE_CATEGORIES.DATABASE,
+  description: "Database exploitation - SQL injection, credential extraction",
+  tools: DATABASE_TOOLS,
+  dangerLevel: DANGER_LEVELS.EXPLOIT,
+  defaultApproval: APPROVAL_LEVELS.REVIEW,
+  commonPorts: [SERVICE_PORTS.MSSQL, SERVICE_PORTS.MYSQL, SERVICE_PORTS.POSTGRESQL, SERVICE_PORTS.REDIS, SERVICE_PORTS.MONGODB],
+  commonServices: [SERVICES.MYSQL, SERVICES.POSTGRES, SERVICES.REDIS, SERVICES.MONGODB]
+};
+
+// src/domains/ad/tools.ts
+var BLOODHOUND_COLLECT = createTool(
+  TOOL_NAMES.BLOODHOUND_COLLECT,
+  "BloodHound data collection",
   {
-    name: TOOL_NAMES.POSTGRES_ENUM,
-    description: "PostgreSQL enumeration",
-    parameters: {
-      target: { type: "string", description: "Target IP" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      const target = params.target;
-      return await runCommand("psql", ["-h", target, "-U", "postgres", "-c", "SELECT version(); SELECT datname FROM pg_database;"]);
-    }
+    target: { type: "string", description: "Target DC IP" },
+    domain: { type: "string", description: "Domain name" }
   },
+  ["target"],
+  async (params) => runCommand("bloodhound-python", ["-c", "All", "-d", param(params, "domain", "DOMAIN"), param(params, "target"), "--zip"])
+);
+var KERBEROAST = createTool(
+  TOOL_NAMES.KERBEROAST,
+  "Kerberoasting attack",
   {
-    name: TOOL_NAMES.REDIS_ENUM,
-    description: "Redis enumeration",
-    parameters: {
-      target: { type: "string", description: "Target IP" },
-      port: { type: "string", description: `Port (default ${SERVICE_PORTS.REDIS})` }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      const target = params.target;
-      const port = params.port || String(SERVICE_PORTS.REDIS);
-      return await runCommand("redis-cli", ["-h", target, "-p", port, "INFO"]);
-    }
-  },
-  {
-    name: TOOL_NAMES.DB_BRUTE,
-    description: "Brute force database credentials",
-    parameters: {
-      target: { type: "string", description: "Target IP" },
-      service: { type: "string", description: "Service (mysql, postgres, etc.)" }
-    },
-    required: ["target", "service"],
-    execute: async (params) => {
-      const target = params.target;
-      const service = params.service || SERVICES.MYSQL;
-      return await runCommand("hydra", [
-        "-L",
-        WORDLISTS.USERNAMES,
-        "-P",
-        WORDLISTS.COMMON_PASSWORDS,
-        target,
-        service
-      ]);
-    }
-  }
-];
-var DATABASE_CONFIG = {
-  name: SERVICE_CATEGORIES.DATABASE,
-  description: "Database exploitation - SQL injection, credential extraction",
-  tools: DATABASE_TOOLS,
-  dangerLevel: DANGER_LEVELS.EXPLOIT,
-  defaultApproval: APPROVAL_LEVELS.REVIEW,
-  commonPorts: [SERVICE_PORTS.MSSQL, SERVICE_PORTS.MYSQL, SERVICE_PORTS.POSTGRESQL, SERVICE_PORTS.REDIS, SERVICE_PORTS.MONGODB],
-  commonServices: [SERVICES.MYSQL, SERVICES.POSTGRES, SERVICES.REDIS, SERVICES.MONGODB]
-};
-
-// src/domains/ad/tools.ts
-var AD_TOOLS = [
-  {
-    name: TOOL_NAMES.BLOODHOUND_COLLECT,
-    description: "BloodHound data collection",
-    parameters: {
-      target: { type: "string", description: "Target DC IP" },
-      domain: { type: "string", description: "Domain name" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      const target = params.target;
-      const domain = params.domain || "DOMAIN";
-      return await runCommand("bloodhound-python", ["-c", "All", "-d", domain, target, "--zip"]);
-    }
+    target: { type: "string", description: "DC IP" },
+    user: { type: "string", description: "Domain user" },
+    password: { type: "string", description: "Password" }
   },
-  {
-    name: TOOL_NAMES.KERBEROAST,
-    description: "Kerberoasting attack",
-    parameters: {
-      target: { type: "string", description: "DC IP" },
-      user: { type: "string", description: "Domain user" },
-      password: { type: "string", description: "Password" }
-    },
-    required: ["target", "user", "password"],
-    execute: async (params) => {
-      const target = params.target;
-      return await runCommand("GetUserSPNs.py", ["-dc-ip", target, `${params.user}:${params.password}`]);
-    }
-  },
-  {
-    name: TOOL_NAMES.LDAP_ENUM,
-    description: "LDAP enumeration",
-    parameters: {
-      target: { type: "string", description: "LDAP Server" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      const target = params.target;
-      return await runCommand("ldapsearch", ["-x", "-H", `ldap://${target}`, "-b", ""]);
-    }
-  }
-];
+  ["target", "user", "password"],
+  async (params) => runCommand("GetUserSPNs.py", ["-dc-ip", param(params, "target"), `${param(params, "user")}:${param(params, "password")}`])
+);
+var LDAP_ENUM = createTool(
+  TOOL_NAMES.LDAP_ENUM,
+  "LDAP enumeration",
+  { target: { type: "string", description: "LDAP Server" } },
+  ["target"],
+  async (params) => runCommand("ldapsearch", ["-x", "-H", `ldap://${param(params, "target")}`, "-b", ""])
+);
+var AD_TOOLS = [BLOODHOUND_COLLECT, KERBEROAST, LDAP_ENUM];
 var AD_CONFIG = {
   name: SERVICE_CATEGORIES.AD,
   description: "Active Directory and Windows domain",
@@ -8558,19 +8638,14 @@ var AD_CONFIG = {
 };
 
 // src/domains/email/tools.ts
-var EMAIL_TOOLS = [
-  {
-    name: TOOL_NAMES.SMTP_ENUM,
-    description: "SMTP user enumeration",
-    parameters: {
-      target: { type: "string", description: "SMTP server" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      return await runCommand("smtp-user-enum", ["-M", "VRFY", "-t", params.target]);
-    }
-  }
-];
+var SMTP_ENUM = createTool(
+  TOOL_NAMES.SMTP_ENUM,
+  "SMTP user enumeration",
+  { target: { type: "string", description: "SMTP server" } },
+  ["target"],
+  async (params) => runCommand("smtp-user-enum", ["-M", "VRFY", "-t", param(params, "target")])
+);
+var EMAIL_TOOLS = [SMTP_ENUM];
 var EMAIL_CONFIG = {
   name: SERVICE_CATEGORIES.EMAIL,
   description: "Email services - SMTP, IMAP, POP3",
@@ -8582,30 +8657,21 @@ var EMAIL_CONFIG = {
 };
 
 // src/domains/remote-access/tools.ts
-var REMOTE_ACCESS_TOOLS = [
-  {
-    name: TOOL_NAMES.SSH_ENUM,
-    description: "SSH enumeration",
-    parameters: {
-      target: { type: "string", description: "SSH Server" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      return await runCommand("ssh-audit", [params.target]);
-    }
-  },
-  {
-    name: TOOL_NAMES.RDP_ENUM,
-    description: "RDP enumeration",
-    parameters: {
-      target: { type: "string", description: "RDP Server" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      return await runCommand("nmap", ["-p", String(SERVICE_PORTS.RDP), "--script", "rdp-enum-encryption,rdp-ntlm-info", params.target]);
-    }
-  }
-];
+var SSH_ENUM = createTool(
+  TOOL_NAMES.SSH_ENUM,
+  "SSH enumeration",
+  { target: { type: "string", description: "SSH Server" } },
+  ["target"],
+  async (params) => runCommand("ssh-audit", [param(params, "target")])
+);
+var RDP_ENUM = createTool(
+  TOOL_NAMES.RDP_ENUM,
+  "RDP enumeration",
+  { target: { type: "string", description: "RDP Server" } },
+  ["target"],
+  async (params) => runCommand("nmap", ["-p", String(SERVICE_PORTS.RDP), "--script", "rdp-enum-encryption,rdp-ntlm-info", param(params, "target")])
+);
+var REMOTE_ACCESS_TOOLS = [SSH_ENUM, RDP_ENUM];
 var REMOTE_ACCESS_CONFIG = {
   name: SERVICE_CATEGORIES.REMOTE_ACCESS,
   description: "Remote access services - SSH, RDP, VNC",
@@ -8617,30 +8683,21 @@ var REMOTE_ACCESS_CONFIG = {
 };
 
 // src/domains/file-sharing/tools.ts
-var FILE_SHARING_TOOLS = [
-  {
-    name: TOOL_NAMES.FTP_ENUM,
-    description: "FTP enumeration",
-    parameters: {
-      target: { type: "string", description: "FTP Server" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      return await runCommand("nmap", ["-p", String(SERVICE_PORTS.FTP), "--script", "ftp-anon,ftp-syst", params.target]);
-    }
-  },
-  {
-    name: TOOL_NAMES.SMB_ENUM,
-    description: "SMB enumeration",
-    parameters: {
-      target: { type: "string", description: "SMB Server" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      return await runCommand("enum4linux", ["-a", params.target]);
-    }
-  }
-];
+var FTP_ENUM = createTool(
+  TOOL_NAMES.FTP_ENUM,
+  "FTP enumeration",
+  { target: { type: "string", description: "FTP Server" } },
+  ["target"],
+  async (params) => runCommand("nmap", ["-p", String(SERVICE_PORTS.FTP), "--script", "ftp-anon,ftp-syst", param(params, "target")])
+);
+var SMB_ENUM = createTool(
+  TOOL_NAMES.SMB_ENUM,
+  "SMB enumeration",
+  { target: { type: "string", description: "SMB Server" } },
+  ["target"],
+  async (params) => runCommand("enum4linux", ["-a", param(params, "target")])
+);
+var FILE_SHARING_TOOLS = [FTP_ENUM, SMB_ENUM];
 var FILE_SHARING_CONFIG = {
   name: SERVICE_CATEGORIES.FILE_SHARING,
   description: "File sharing protocols - SMB, FTP, NFS",
@@ -8657,34 +8714,26 @@ var CLOUD_PROVIDER = {
   AZURE: "azure",
   GCP: "gcp"
 };
-var CLOUD_TOOLS = [
-  {
-    name: TOOL_NAMES.AWS_S3_CHECK,
-    description: "S3 bucket security check",
-    parameters: {
-      bucket: { type: "string", description: "Bucket name" }
-    },
-    required: ["bucket"],
-    execute: async (params) => {
-      const bucket = params.bucket;
-      return await runCommand("aws", ["s3", "ls", `s3://${bucket}`, "--no-sign-request"]);
-    }
-  },
-  {
-    name: TOOL_NAMES.CLOUD_META_CHECK,
-    description: "Check cloud metadata service access",
-    parameters: {
-      provider: { type: "string", description: "aws, azure, or gcp" }
-    },
-    required: ["provider"],
-    execute: async (params) => {
-      const provider = params.provider;
-      if (provider === CLOUD_PROVIDER.AWS) return await runCommand("curl", ["http://169.254.169.254/latest/meta-data/"]);
-      if (provider === CLOUD_PROVIDER.AZURE) return await runCommand("curl", ["-H", "Metadata:true", "http://169.254.169.254/metadata/instance?api-version=2021-02-01"]);
-      return await runCommand("curl", ["-H", "Metadata-Flavor: Google", "http://metadata.google.internal/computeMetadata/v1/"]);
-    }
-  }
-];
+var AWS_S3_CHECK = createTool(
+  TOOL_NAMES.AWS_S3_CHECK,
+  "S3 bucket security check",
+  { bucket: { type: "string", description: "Bucket name" } },
+  ["bucket"],
+  async (params) => runCommand("aws", ["s3", "ls", `s3://${param(params, "bucket")}`, "--no-sign-request"])
+);
+var CLOUD_META_CHECK = createTool(
+  TOOL_NAMES.CLOUD_META_CHECK,
+  "Check cloud metadata service access",
+  { provider: { type: "string", description: "aws, azure, or gcp" } },
+  ["provider"],
+  async (params) => {
+    const provider = param(params, "provider");
+    if (provider === CLOUD_PROVIDER.AWS) return runCommand("curl", ["http://169.254.169.254/latest/meta-data/"]);
+    if (provider === CLOUD_PROVIDER.AZURE) return runCommand("curl", ["-H", "Metadata:true", "http://169.254.169.254/metadata/instance?api-version=2021-02-01"]);
+    return runCommand("curl", ["-H", "Metadata-Flavor: Google", "http://metadata.google.internal/computeMetadata/v1/"]);
+  }
+);
+var CLOUD_TOOLS = [AWS_S3_CHECK, CLOUD_META_CHECK];
 var CLOUD_CONFIG = {
   name: SERVICE_CATEGORIES.CLOUD,
   description: "Cloud infrastructure - AWS, Azure, GCP",
@@ -8696,30 +8745,21 @@ var CLOUD_CONFIG = {
 };
 
 // src/domains/container/tools.ts
-var CONTAINER_TOOLS = [
-  {
-    name: TOOL_NAMES.DOCKER_PS,
-    description: "List running Docker containers",
-    parameters: {
-      host: { type: "string", description: "Docker host" }
-    },
-    required: ["host"],
-    execute: async (params) => {
-      return await runCommand("docker", ["-H", params.host, "ps"]);
-    }
-  },
-  {
-    name: TOOL_NAMES.KUBE_GET_PODS,
-    description: "List Kubernetes pods",
-    parameters: {
-      context: { type: "string", description: "Kube context" }
-    },
-    required: ["context"],
-    execute: async (params) => {
-      return await runCommand("kubectl", ["--context", params.context, "get", "pods"]);
-    }
-  }
-];
+var DOCKER_PS = createTool(
+  TOOL_NAMES.DOCKER_PS,
+  "List running Docker containers",
+  { host: { type: "string", description: "Docker host" } },
+  ["host"],
+  async (params) => runCommand("docker", ["-H", param(params, "host"), "ps"])
+);
+var KUBE_GET_PODS = createTool(
+  TOOL_NAMES.KUBE_GET_PODS,
+  "List Kubernetes pods",
+  { context: { type: "string", description: "Kube context" } },
+  ["context"],
+  async (params) => runCommand("kubectl", ["--context", param(params, "context"), "get", "pods"])
+);
+var CONTAINER_TOOLS = [DOCKER_PS, KUBE_GET_PODS];
 var CONTAINER_CONFIG = {
   name: SERVICE_CATEGORIES.CONTAINER,
   description: "Container platforms - Docker, Kubernetes",
@@ -8731,58 +8771,38 @@ var CONTAINER_CONFIG = {
 };
 
 // src/domains/api/tools.ts
-var API_TOOLS = [
-  {
-    name: TOOL_NAMES.API_DISCOVER,
-    description: "API endpoint discovery - using Arjun",
-    parameters: {
-      target: { type: "string", description: "Target URL" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      const target = params.target;
-      return await runCommand("arjun", ["-u", target, "-t", "20"]);
-    }
-  },
-  {
-    name: TOOL_NAMES.GRAPHQL_INTROSPECT,
-    description: "GraphQL introspection - schema discovery",
-    parameters: {
-      target: { type: "string", description: "GQL Endpoint" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      const target = params.target;
-      return await runCommand("curl", ["-X", "POST", target, "-H", "Content-Type: application/json", "-d", '{"query":"{__schema {queryType {name}}}"}']);
-    }
-  },
+var API_DISCOVER = createTool(
+  TOOL_NAMES.API_DISCOVER,
+  "API endpoint discovery - using Arjun",
+  { target: { type: "string", description: "Target URL" } },
+  ["target"],
+  async (params) => runCommand("arjun", ["-u", param(params, "target"), "-t", "20"])
+);
+var GRAPHQL_INTROSPECT = createTool(
+  TOOL_NAMES.GRAPHQL_INTROSPECT,
+  "GraphQL introspection - schema discovery",
+  { target: { type: "string", description: "GQL Endpoint" } },
+  ["target"],
+  async (params) => runCommand("curl", ["-X", "POST", param(params, "target"), "-H", "Content-Type: application/json", "-d", '{"query":"{__schema {queryType {name}}}"}'])
+);
+var SWAGGER_PARSE = createTool(
+  TOOL_NAMES.SWAGGER_PARSE,
+  "Parse Swagger/OpenAPI specification",
+  { spec: { type: "string", description: "URL to swagger.json/yaml" } },
+  ["spec"],
+  async (params) => runCommand("swagger-codegen", ["generate", "-i", param(params, "spec"), "-l", "html2"])
+);
+var API_FUZZ = createTool(
+  TOOL_NAMES.API_FUZZ,
+  "General API fuzzing",
   {
-    name: TOOL_NAMES.SWAGGER_PARSE,
-    description: "Parse Swagger/OpenAPI specification",
-    parameters: {
-      spec: { type: "string", description: "URL to swagger.json/yaml" }
-    },
-    required: ["spec"],
-    execute: async (params) => {
-      const spec = params.spec;
-      return await runCommand("swagger-codegen", ["generate", "-i", spec, "-l", "html2"]);
-    }
+    target: { type: "string", description: "Base API URL" },
+    wordlist: { type: "string", description: "Wordlist path" }
   },
-  {
-    name: TOOL_NAMES.API_FUZZ,
-    description: "General API fuzzing",
-    parameters: {
-      target: { type: "string", description: "Base API URL" },
-      wordlist: { type: "string", description: "Wordlist path" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      const target = params.target;
-      const wordlist = params.wordlist || WORDLISTS.API_FUZZ;
-      return await runCommand("ffuf", ["-u", `${target}/FUZZ`, "-w", wordlist, "-mc", "all"]);
-    }
-  }
-];
+  ["target"],
+  async (params) => runCommand("ffuf", ["-u", `${param(params, "target")}/FUZZ`, "-w", param(params, "wordlist", WORDLISTS.API_FUZZ), "-mc", "all"])
+);
+var API_TOOLS = [API_DISCOVER, GRAPHQL_INTROSPECT, SWAGGER_PARSE, API_FUZZ];
 var API_CONFIG = {
   name: SERVICE_CATEGORIES.API,
   description: "API testing - REST, GraphQL, SOAP",
@@ -8794,19 +8814,14 @@ var API_CONFIG = {
 };
 
 // src/domains/wireless/tools.ts
-var WIRELESS_TOOLS = [
-  {
-    name: TOOL_NAMES.WIFI_SCAN,
-    description: "WiFi network scanning",
-    parameters: {
-      interface: { type: "string", description: "Wireless interface" }
-    },
-    required: ["interface"],
-    execute: async (params) => {
-      return await runCommand("iwlist", [params.interface, "scanning"]);
-    }
-  }
-];
+var WIFI_SCAN = createTool(
+  TOOL_NAMES.WIFI_SCAN,
+  "WiFi network scanning",
+  { interface: { type: "string", description: "Wireless interface" } },
+  ["interface"],
+  async (params) => runCommand("iwlist", [param(params, "interface"), "scanning"])
+);
+var WIRELESS_TOOLS = [WIFI_SCAN];
 var WIRELESS_CONFIG = {
   name: SERVICE_CATEGORIES.WIRELESS,
   description: "Wireless security - WiFi, Bluetooth",
@@ -8818,19 +8833,14 @@ var WIRELESS_CONFIG = {
 };
 
 // src/domains/ics/tools.ts
-var ICS_TOOLS = [
-  {
-    name: TOOL_NAMES.MODBUS_ENUM,
-    description: "Modbus enumeration",
-    parameters: {
-      target: { type: "string", description: "ICS Device" }
-    },
-    required: ["target"],
-    execute: async (params) => {
-      return await runCommand("nmap", ["-p", String(SERVICE_PORTS.MODBUS), "--script", "modbus-discover", params.target]);
-    }
-  }
-];
+var MODBUS_ENUM = createTool(
+  TOOL_NAMES.MODBUS_ENUM,
+  "Modbus enumeration",
+  { target: { type: "string", description: "ICS Device" } },
+  ["target"],
+  async (params) => runCommand("nmap", ["-p", String(SERVICE_PORTS.MODBUS), "--script", "modbus-discover", param(params, "target")])
+);
+var ICS_TOOLS = [MODBUS_ENUM];
 var ICS_CONFIG = {
   name: SERVICE_CATEGORIES.ICS,
   description: "Industrial control systems - Modbus, DNP3, EtherNet/IP",
@@ -9083,7 +9093,7 @@ var ServiceParser = class {
 };
 
 // src/domains/registry.ts
-import { join as join7, dirname as dirname3 } from "path";
+import { join as join8, dirname as dirname3 } from "path";
 import { fileURLToPath } from "url";
 var __dirname = dirname3(fileURLToPath(import.meta.url));
 var DOMAINS = {
@@ -9091,73 +9101,73 @@ var DOMAINS = {
     id: SERVICE_CATEGORIES.NETWORK,
     name: "Network Infrastructure",
     description: "Vulnerability scanning, port mapping, and network service exploitation.",
-    promptPath: join7(__dirname, "network/prompt.md")
+    promptPath: join8(__dirname, "network/prompt.md")
   },
   [SERVICE_CATEGORIES.WEB]: {
     id: SERVICE_CATEGORIES.WEB,
     name: "Web Application",
     description: "Web app security testing, injection attacks, and auth bypass.",
-    promptPath: join7(__dirname, "web/prompt.md")
+    promptPath: join8(__dirname, "web/prompt.md")
   },
   [SERVICE_CATEGORIES.DATABASE]: {
     id: SERVICE_CATEGORIES.DATABASE,
     name: "Database Security",
     description: "SQL injection, database enumeration, and data extraction.",
-    promptPath: join7(__dirname, "database/prompt.md")
+    promptPath: join8(__dirname, "database/prompt.md")
   },
   [SERVICE_CATEGORIES.AD]: {
     id: SERVICE_CATEGORIES.AD,
     name: "Active Directory",
     description: "Kerberos, LDAP, and Windows domain privilege escalation.",
-    promptPath: join7(__dirname, "ad/prompt.md")
+    promptPath: join8(__dirname, "ad/prompt.md")
   },
   [SERVICE_CATEGORIES.EMAIL]: {
     id: SERVICE_CATEGORIES.EMAIL,
     name: "Email Services",
     description: "SMTP, IMAP, POP3 security and user enumeration.",
-    promptPath: join7(__dirname, "email/prompt.md")
+    promptPath: join8(__dirname, "email/prompt.md")
   },
   [SERVICE_CATEGORIES.REMOTE_ACCESS]: {
     id: SERVICE_CATEGORIES.REMOTE_ACCESS,
     name: "Remote Access",
     description: "SSH, RDP, VNC and other remote control protocols.",
-    promptPath: join7(__dirname, "remote-access/prompt.md")
+    promptPath: join8(__dirname, "remote-access/prompt.md")
   },
   [SERVICE_CATEGORIES.FILE_SHARING]: {
     id: SERVICE_CATEGORIES.FILE_SHARING,
     name: "File Sharing",
     description: "SMB, NFS, FTP and shared resource security.",
-    promptPath: join7(__dirname, "file-sharing/prompt.md")
+    promptPath: join8(__dirname, "file-sharing/prompt.md")
   },
   [SERVICE_CATEGORIES.CLOUD]: {
     id: SERVICE_CATEGORIES.CLOUD,
     name: "Cloud Infrastructure",
     description: "AWS, Azure, and GCP security and misconfiguration.",
-    promptPath: join7(__dirname, "cloud/prompt.md")
+    promptPath: join8(__dirname, "cloud/prompt.md")
   },
   [SERVICE_CATEGORIES.CONTAINER]: {
     id: SERVICE_CATEGORIES.CONTAINER,
     name: "Container Systems",
     description: "Docker and Kubernetes security testing.",
-    promptPath: join7(__dirname, "container/prompt.md")
+    promptPath: join8(__dirname, "container/prompt.md")
   },
   [SERVICE_CATEGORIES.API]: {
     id: SERVICE_CATEGORIES.API,
     name: "API Security",
     description: "REST, GraphQL, and SOAP API security testing.",
-    promptPath: join7(__dirname, "api/prompt.md")
+    promptPath: join8(__dirname, "api/prompt.md")
   },
   [SERVICE_CATEGORIES.WIRELESS]: {
     id: SERVICE_CATEGORIES.WIRELESS,
     name: "Wireless Networks",
     description: "WiFi and Bluetooth security testing.",
-    promptPath: join7(__dirname, "wireless/prompt.md")
+    promptPath: join8(__dirname, "wireless/prompt.md")
   },
   [SERVICE_CATEGORIES.ICS]: {
     id: SERVICE_CATEGORIES.ICS,
     name: "Industrial Systems",
     description: "Critical infrastructure - Modbus, DNP3, ENIP.",
-    promptPath: join7(__dirname, "ics/prompt.md")
+    promptPath: join8(__dirname, "ics/prompt.md")
   }
 };
 
@@ -9234,22 +9244,6 @@ var CategorizedToolRegistry = class extends ToolRegistry {
     }
     return results;
   }
-  suggestSubAgent(target) {
-    const suggestions = this.suggestTools(target);
-    const priority = [
-      SERVICE_CATEGORIES.ICS,
-      SERVICE_CATEGORIES.AD,
-      SERVICE_CATEGORIES.DATABASE,
-      SERVICE_CATEGORIES.CLOUD,
-      SERVICE_CATEGORIES.CONTAINER,
-      SERVICE_CATEGORIES.WEB,
-      SERVICE_CATEGORIES.NETWORK
-    ];
-    for (const cat of priority) {
-      if (suggestions.some((s) => s.category === cat)) return cat;
-    }
-    return AGENT_ROLES.RECON;
-  }
   fingerprintService(port) {
     const category = ServiceParser.detectCategory(port.port, port.service);
     if (!category) return null;
@@ -9578,14 +9572,6 @@ var LLMClient = class {
               this.processStreamEvent(event, requestId, {
                 toolCallsMap,
                 callbacks,
-                onTextStart: () => {
-                },
-                onReasoningStart: () => {
-                },
-                onTextEnd: () => {
-                },
-                onReasoningEnd: () => {
-                },
                 onContent: (text) => {
                   fullContent += text;
                   totalChars += text.length;
@@ -9660,18 +9646,18 @@ var LLMClient = class {
     return { cleanText, extractedReasoning };
   }
   processStreamEvent(event, requestId, context) {
-    const { toolCallsMap, callbacks, onTextStart, onReasoningStart, onTextEnd, onReasoningEnd, onContent, onReasoning, onUsage, getTotalChars, currentBlockRef } = context;
+    const { toolCallsMap, callbacks, onContent, onReasoning, onUsage, getTotalChars, currentBlockRef } = context;
     switch (event.type) {
       case LLM_SSE_EVENT.CONTENT_BLOCK_START:
         if (event.content_block) {
           const blockType = event.content_block.type;
           if (blockType === LLM_BLOCK_TYPE.TEXT) {
             currentBlockRef.value = "text";
-            onTextStart();
+            context.onTextStart?.();
             callbacks?.onOutputStart?.();
           } else if (blockType === LLM_BLOCK_TYPE.THINKING || blockType === LLM_BLOCK_TYPE.REASONING) {
             currentBlockRef.value = "reasoning";
-            onReasoningStart();
+            context.onReasoningStart?.();
             callbacks?.onReasoningStart?.();
           } else if (blockType === LLM_BLOCK_TYPE.TOOL_USE) {
             currentBlockRef.value = "tool_use";
@@ -9717,10 +9703,10 @@ var LLMClient = class {
         const stoppedType = currentBlockRef.value;
         currentBlockRef.value = null;
         if (stoppedType === "text") {
-          onTextEnd();
+          context.onTextEnd?.();
           callbacks?.onOutputEnd?.();
         } else if (stoppedType === "reasoning") {
-          onReasoningEnd();
+          context.onReasoningEnd?.();
           callbacks?.onReasoningEnd?.();
         }
         break;
@@ -9792,13 +9778,10 @@ function getLLMClient() {
   }
   return llmInstance;
 }
-function logLLM(message, data) {
-  debugLog("llm", message, data);
-}
 
 // src/engine/state-persistence.ts
-import { writeFileSync as writeFileSync6, readFileSync as readFileSync4, existsSync as existsSync6, readdirSync, statSync, unlinkSync as unlinkSync4, rmSync } from "fs";
-import { join as join8 } from "path";
+import { writeFileSync as writeFileSync7, readFileSync as readFileSync4, existsSync as existsSync7, readdirSync as readdirSync2, statSync as statSync2, unlinkSync as unlinkSync4, rmSync } from "fs";
+import { join as join9 } from "path";
 function saveState(state) {
   const sessionsDir = WORKSPACE.SESSIONS;
   ensureDirExists(sessionsDir);
@@ -9815,20 +9798,24 @@ function saveState(state) {
     missionSummary: state.getMissionSummary(),
     missionChecklist: state.getMissionChecklist()
   };
-  const sessionFile = join8(sessionsDir, FILE_PATTERNS.session());
-  writeFileSync6(sessionFile, JSON.stringify(snapshot, null, 2), "utf-8");
-  const latestFile = join8(sessionsDir, "latest.json");
-  writeFileSync6(latestFile, JSON.stringify(snapshot, null, 2), "utf-8");
+  const sessionFile = join9(sessionsDir, FILE_PATTERNS.session());
+  const json = JSON.stringify(snapshot, null, 2);
+  writeFileSync7(sessionFile, json, "utf-8");
+  const latestFile = join9(sessionsDir, "latest.json");
+  writeFileSync7(latestFile, json, "utf-8");
   pruneOldSessions(sessionsDir);
   return sessionFile;
 }
 function pruneOldSessions(sessionsDir) {
   try {
-    const sessionFiles = readdirSync(sessionsDir).filter((f) => f.endsWith(FILE_EXTENSIONS.JSON) && f !== SPECIAL_FILES.LATEST_STATE).map((f) => ({
-      name: f,
-      path: join8(sessionsDir, f),
-      mtime: statSync(join8(sessionsDir, f)).mtimeMs
-    })).sort((a, b) => b.mtime - a.mtime);
+    const sessionFiles = readdirSync2(sessionsDir).filter((f) => f.endsWith(FILE_EXTENSIONS.JSON) && f !== SPECIAL_FILES.LATEST_STATE).map((f) => {
+      const filePath = join9(sessionsDir, f);
+      return {
+        name: f,
+        path: filePath,
+        mtime: statSync2(filePath).mtimeMs
+      };
+    }).sort((a, b) => b.mtime - a.mtime);
     const toDelete = sessionFiles.slice(AGENT_LIMITS.MAX_SESSION_FILES);
     for (const file of toDelete) {
       unlinkSync4(file.path);
@@ -9837,8 +9824,8 @@ function pruneOldSessions(sessionsDir) {
   }
 }
 function loadState(state) {
-  const latestFile = join8(WORKSPACE.SESSIONS, "latest.json");
-  if (!existsSync6(latestFile)) {
+  const latestFile = join9(WORKSPACE.SESSIONS, "latest.json");
+  if (!existsSync7(latestFile)) {
     return false;
   }
   try {
@@ -9865,10 +9852,7 @@ function loadState(state) {
       state.addLoot(loot);
     }
     for (const item of snapshot.todo) {
-      const id = state.addTodo(item.content, item.priority);
-      if (item.status && item.status !== "pending") {
-        state.updateTodo(id, { status: item.status });
-      }
+      state.restoreTodoItem(item);
     }
     const validPhases = new Set(Object.values(PHASES));
     const restoredPhase = validPhases.has(snapshot.currentPhase) ? snapshot.currentPhase : PHASES.RECON;
@@ -9877,21 +9861,7 @@ function loadState(state) {
       state.setMissionSummary(snapshot.missionSummary);
     }
     if (snapshot.missionChecklist?.length > 0) {
-      state.addMissionChecklistItems(snapshot.missionChecklist.map((c) => c.text));
-      const restoredChecklist = state.getMissionChecklist();
-      const baseIndex = restoredChecklist.length - snapshot.missionChecklist.length;
-      const completedUpdates = [];
-      for (let i = 0; i < snapshot.missionChecklist.length; i++) {
-        if (snapshot.missionChecklist[i].isCompleted && restoredChecklist[baseIndex + i]) {
-          completedUpdates.push({
-            id: restoredChecklist[baseIndex + i].id,
-            isCompleted: true
-          });
-        }
-      }
-      if (completedUpdates.length > 0) {
-        state.updateMissionChecklist(completedUpdates);
-      }
+      state.restoreMissionChecklist(snapshot.missionChecklist);
     }
     return true;
   } catch (err) {
@@ -9914,7 +9884,7 @@ function clearWorkspace() {
   ];
   for (const dir of dirsToClean) {
     try {
-      if (existsSync6(dir.path)) {
+      if (existsSync7(dir.path)) {
         rmSync(dir.path, { recursive: true, force: true });
         ensureDirExists(dir.path);
         cleared.push(dir.label);
@@ -10004,7 +9974,7 @@ function appendBlockedCommandHints(lines, errorLower) {
 }
 
 // src/shared/utils/context-digest.ts
-import { writeFileSync as writeFileSync7 } from "fs";
+import { writeFileSync as writeFileSync8 } from "fs";
 
 // src/shared/constants/document-schema.ts
 var MEMO_SECTIONS = {
@@ -10336,7 +10306,7 @@ function saveFullOutput(output, toolName) {
     const toolsDir = WORKSPACE.turnToolsPath(_currentTurn);
     ensureDirExists(toolsDir);
     const filePath = `${toolsDir}/${FILE_PATTERNS.toolOutput(toolName)}`;
-    writeFileSync7(filePath, output, "utf-8");
+    writeFileSync8(filePath, output, "utf-8");
     return filePath;
   } catch (err) {
     debugLog("general", "Failed to save full output to file", { toolName, error: String(err) });
@@ -10365,8 +10335,306 @@ ${text}
   };
 }
 
+// src/agents/tool-executor.ts
+var ToolExecutor = class _ToolExecutor {
+  state;
+  events;
+  toolRegistry;
+  llm;
+  /** Collected tool execution records for the current turn */
+  turnToolJournal = [];
+  /** Aggregated memo from all tools in the current turn */
+  turnMemo = {
+    keyFindings: [],
+    credentials: [],
+    attackVectors: [],
+    failures: [],
+    suspicions: [],
+    attackValue: "LOW",
+    nextSteps: []
+  };
+  /** Analyst reflections collected during this turn */
+  turnReflections = [];
+  /** Tools safe to run in parallel */
+  static PARALLEL_SAFE_TOOLS = /* @__PURE__ */ new Set([
+    TOOL_NAMES.GET_STATE,
+    TOOL_NAMES.PARSE_NMAP,
+    TOOL_NAMES.SEARCH_CVE,
+    TOOL_NAMES.WEB_SEARCH,
+    TOOL_NAMES.BROWSE_URL,
+    TOOL_NAMES.READ_FILE,
+    TOOL_NAMES.GET_OWASP_KNOWLEDGE,
+    TOOL_NAMES.GET_WEB_ATTACK_SURFACE,
+    TOOL_NAMES.GET_CVE_INFO,
+    TOOL_NAMES.FILL_FORM,
+    TOOL_NAMES.ADD_TARGET,
+    TOOL_NAMES.ADD_FINDING,
+    TOOL_NAMES.ADD_LOOT,
+    TOOL_NAMES.UPDATE_MISSION,
+    TOOL_NAMES.UPDATE_TODO
+  ]);
+  constructor(deps) {
+    this.state = deps.state;
+    this.events = deps.events;
+    this.toolRegistry = deps.toolRegistry;
+    this.llm = deps.llm;
+  }
+  /** Clear turn-level state at the start of each step */
+  clearTurnState() {
+    this.turnToolJournal = [];
+    this.turnMemo = {
+      keyFindings: [],
+      credentials: [],
+      attackVectors: [],
+      failures: [],
+      suspicions: [],
+      attackValue: "LOW",
+      nextSteps: []
+    };
+    this.turnReflections = [];
+  }
+  // ─────────────────────────────────────────────────────────────────
+  // SUBSECTION: Tool Execution
+  // ─────────────────────────────────────────────────────────────────
+  async processToolCalls(toolCalls, progress) {
+    if (toolCalls.length <= 1) {
+      return this.executeSequentially(toolCalls, progress);
+    }
+    const allParallelSafe = toolCalls.every((c) => _ToolExecutor.PARALLEL_SAFE_TOOLS.has(c.name));
+    if (allParallelSafe) {
+      return this.executeInParallel(toolCalls, progress);
+    }
+    const parallelCalls = toolCalls.filter((c) => _ToolExecutor.PARALLEL_SAFE_TOOLS.has(c.name));
+    const sequentialCalls = toolCalls.filter((c) => !_ToolExecutor.PARALLEL_SAFE_TOOLS.has(c.name));
+    const parallelResults = parallelCalls.length > 0 ? await this.executeInParallel(parallelCalls, progress) : [];
+    const sequentialResults = sequentialCalls.length > 0 ? await this.executeSequentially(sequentialCalls, progress) : [];
+    const resultMap = /* @__PURE__ */ new Map();
+    for (const r of [...parallelResults, ...sequentialResults]) {
+      resultMap.set(r.toolCallId, r);
+    }
+    return toolCalls.map((c) => resultMap.get(c.id)).filter(Boolean);
+  }
+  async executeInParallel(toolCalls, progress) {
+    for (const call of toolCalls) {
+      this.emitToolCall(call.name, call.input);
+    }
+    const promises = toolCalls.map((call) => this.executeSingle(call, progress));
+    const settled = await Promise.allSettled(promises);
+    return settled.map((s, i) => {
+      if (s.status === "fulfilled") return s.value;
+      const errorMsg = String(s.reason);
+      return { toolCallId: toolCalls[i].id, output: errorMsg, error: errorMsg };
+    });
+  }
+  async executeSequentially(toolCalls, progress) {
+    const results = [];
+    for (const call of toolCalls) {
+      this.emitToolCall(call.name, call.input);
+      const result2 = await this.executeSingle(call, progress);
+      results.push(result2);
+    }
+    return results;
+  }
+  async executeSingle(call, progress) {
+    const toolStartTime = Date.now();
+    try {
+      const result2 = await this.toolRegistry.execute({ name: call.name, input: call.input });
+      let outputText = result2.output ?? "";
+      this.scanForFlags(outputText);
+      outputText = this.handleToolResult(result2, call, outputText, progress);
+      const { digestedOutputForLLM, digestResult } = await this.digestAndEmit(
+        call,
+        outputText,
+        result2,
+        toolStartTime
+      );
+      this.recordJournalMemo(call, result2, digestedOutputForLLM, digestResult);
+      return { toolCallId: call.id, output: digestedOutputForLLM, error: result2.error };
+    } catch (error) {
+      const errorMsg = String(error);
+      const enrichedError = enrichToolErrorContext({
+        toolName: call.name,
+        input: call.input,
+        error: errorMsg,
+        originalOutput: "",
+        progress
+      });
+      if (progress) progress.toolErrors++;
+      this.emitToolResult(call.name, false, enrichedError, errorMsg, Date.now() - toolStartTime);
+      return { toolCallId: call.id, output: enrichedError, error: errorMsg };
+    }
+  }
+  // ─────────────────────────────────────────────────────────────────
+  // SUBSECTION: Result Handling
+  // ─────────────────────────────────────────────────────────────────
+  handleToolResult(result2, call, outputText, progress) {
+    if (result2.error) {
+      if (progress) progress.toolErrors++;
+      return enrichToolErrorContext({
+        toolName: call.name,
+        input: call.input,
+        error: result2.error,
+        originalOutput: outputText,
+        progress
+      });
+    }
+    if (progress) {
+      progress.toolSuccesses++;
+      progress.blockedCommandPatterns.clear();
+    }
+    return outputText;
+  }
+  async digestAndEmit(call, outputText, result2, toolStartTime) {
+    let digestedOutputForLLM = outputText;
+    let digestResult = null;
+    try {
+      const llmDigestFn = createLLMDigestFn(this.llm);
+      digestResult = await digestToolOutput(
+        outputText,
+        call.name,
+        JSON.stringify(call.input).slice(0, DISPLAY_LIMITS.OUTPUT_SUMMARY),
+        llmDigestFn
+      );
+      digestedOutputForLLM = digestResult.digestedOutput;
+    } catch {
+      if (digestedOutputForLLM.length > AGENT_LIMITS.MAX_TOOL_OUTPUT_LENGTH) {
+        const truncated = digestedOutputForLLM.slice(0, AGENT_LIMITS.MAX_TOOL_OUTPUT_LENGTH);
+        const remaining = digestedOutputForLLM.length - AGENT_LIMITS.MAX_TOOL_OUTPUT_LENGTH;
+        digestedOutputForLLM = `${truncated}
+
+... [TRUNCATED ${remaining} chars] ...`;
+      }
+    }
+    const outputFilePath = digestResult?.fullOutputPath ?? null;
+    const tuiOutput = digestResult?.digestedOutput ? `${digestResult.digestedOutput}${outputFilePath ? `
+\u{1F4C4} Full output: ${outputFilePath}` : ""}` : outputText.slice(0, DISPLAY_LIMITS.OUTPUT_SUMMARY);
+    this.emitToolResult(call.name, result2.success, tuiOutput, result2.error, Date.now() - toolStartTime);
+    return { digestedOutputForLLM, digestResult };
+  }
+  recordJournalMemo(call, result2, digestedOutputForLLM, digestResult) {
+    this.turnToolJournal.push({
+      name: call.name,
+      inputSummary: JSON.stringify(call.input),
+      success: result2.success,
+      analystSummary: digestResult?.memo ? digestResult.memo.keyFindings.join("; ") || "No key findings" : digestedOutputForLLM,
+      outputFile: digestResult?.fullOutputPath ?? null
+    });
+    if (digestResult?.memo) {
+      const m = digestResult.memo;
+      this.turnMemo.keyFindings.push(...m.keyFindings);
+      this.turnMemo.credentials.push(...m.credentials);
+      this.turnMemo.attackVectors.push(...m.attackVectors);
+      this.turnMemo.failures.push(...m.failures);
+      this.turnMemo.suspicions.push(...m.suspicions);
+      if ((ATTACK_VALUE_RANK[m.attackValue] ?? 0) > (ATTACK_VALUE_RANK[this.turnMemo.attackValue] ?? 0)) {
+        this.turnMemo.attackValue = m.attackValue;
+      }
+      this.turnMemo.nextSteps.push(...m.nextSteps);
+      if (m.reflection) this.turnReflections.push(m.reflection);
+    }
+    if (digestResult?.memo?.credentials.length) {
+      for (const cred of digestResult.memo.credentials) {
+        this.state.addLoot({
+          type: LOOT_TYPES.CREDENTIAL,
+          host: "auto-extracted",
+          detail: cred,
+          obtainedAt: Date.now()
+        });
+      }
+    }
+    if (digestResult?.memo?.attackVectors.length && digestResult.memo.attackValue === "HIGH") {
+      const existingTitles = new Set(this.state.getFindings().map((f) => f.title));
+      for (const vector of digestResult.memo.attackVectors) {
+        const title = `[Auto] ${vector.slice(0, 100)}`;
+        if (!existingTitles.has(title)) {
+          this.state.addFinding({
+            id: generateId(),
+            title,
+            severity: "high",
+            confidence: CONFIDENCE_THRESHOLDS.POSSIBLE,
+            affected: [],
+            description: `Auto-extracted by Analyst LLM: ${vector}`,
+            evidence: digestResult.memo.keyFindings.slice(0, 5),
+            remediation: "",
+            foundAt: Date.now()
+          });
+          this.state.attackGraph.addVulnerability(title, "auto-detected", "high", false);
+          existingTitles.add(title);
+        }
+      }
+    }
+    if (this.state.getFindings().length > 0 && this.state.getPhase() === PHASES.RECON) {
+      this.state.setPhase(PHASES.VULN_ANALYSIS);
+    }
+  }
+  // ─────────────────────────────────────────────────────────────────
+  // SUBSECTION: CTF Flag Detection
+  // ─────────────────────────────────────────────────────────────────
+  scanForFlags(output) {
+    if (!this.state.isCtfMode()) return;
+    const flags = detectFlags(output);
+    for (const flag of flags) {
+      const isNew = this.state.addFlag(flag);
+      if (isNew) {
+        this.events.emit({
+          type: EVENT_TYPES.FLAG_FOUND,
+          timestamp: Date.now(),
+          data: {
+            flag,
+            totalFlags: this.state.getFlags().length,
+            phase: this.state.getPhase()
+          }
+        });
+      }
+    }
+  }
+  // ─────────────────────────────────────────────────────────────────
+  // SUBSECTION: Event Emitters
+  // ─────────────────────────────────────────────────────────────────
+  emitToolCall(toolName, input) {
+    this.events.emit({
+      type: EVENT_TYPES.TOOL_CALL,
+      timestamp: Date.now(),
+      data: {
+        toolName,
+        input,
+        approvalLevel: APPROVAL_LEVELS.AUTO,
+        needsApproval: false
+      }
+    });
+  }
+  emitToolResult(toolName, success, output, error, duration) {
+    this.events.emit({
+      type: EVENT_TYPES.TOOL_RESULT,
+      timestamp: Date.now(),
+      data: {
+        toolName,
+        success,
+        output,
+        outputSummary: output.slice(0, DISPLAY_LIMITS.OUTPUT_SUMMARY),
+        error,
+        duration
+      }
+    });
+  }
+  // ─────────────────────────────────────────────────────────────────
+  // SUBSECTION: Schema Helper
+  // ─────────────────────────────────────────────────────────────────
+  getToolSchemas() {
+    return this.toolRegistry.getAll().map((t) => ({
+      name: t.name,
+      description: t.description,
+      input_schema: {
+        type: "object",
+        properties: t.parameters,
+        required: t.required || []
+      }
+    }));
+  }
+};
+
 // src/agents/core-agent.ts
-var CoreAgent = class _CoreAgent {
+var CoreAgent = class {
   llm;
   state;
   events;
@@ -10374,16 +10642,7 @@ var CoreAgent = class _CoreAgent {
   agentType;
   maxIterations;
   abortController = null;
-  /**
-   * Collected tool execution records for the current turn.
-   * MainAgent reads this after each step to write journal entries.
-   * Cleared at the start of each step.
-   */
-  turnToolJournal = [];
-  /** Aggregated memo from all tools in the current turn */
-  turnMemo = { keyFindings: [], credentials: [], attackVectors: [], failures: [], suspicions: [], attackValue: "LOW", nextSteps: [] };
-  /** Analyst reflections collected during this turn (1-line assessments) */
-  turnReflections = [];
+  toolExecutor = null;
   constructor(agentType, state, events, toolRegistry, maxIterations) {
     this.agentType = agentType;
     this.state = state;
@@ -10396,10 +10655,20 @@ var CoreAgent = class _CoreAgent {
   setToolRegistry(registry) {
     this.toolRegistry = registry;
   }
-  /** Abort the current execution — immediately cancels LLM calls and retries */
+  /** Abort the current execution */
   abort() {
     this.abortController?.abort();
   }
+  /** Get turn tool journal (for MainAgent) */
+  getTurnToolJournal() {
+    return this.toolExecutor?.turnToolJournal ?? [];
+  }
+  getTurnMemo() {
+    return this.toolExecutor?.turnMemo ?? { keyFindings: [], credentials: [], attackVectors: [], failures: [], suspicions: [], attackValue: "LOW", nextSteps: [] };
+  }
+  getTurnReflections() {
+    return this.toolExecutor?.turnReflections ?? [];
+  }
   // ─────────────────────────────────────────────────────────────────
   // SUBSECTION: Main Run Loop
   // ─────────────────────────────────────────────────────────────────
@@ -10445,110 +10714,106 @@ var CoreAgent = class _CoreAgent {
           messages.push({ role: LLM_ROLES.USER, content: this.buildDeadlockNudge(progress) });
         }
       } catch (error) {
-        if (this.isAbortError(error)) {
-          return this.buildCancelledResult(iteration, progress.totalToolsExecuted);
-        }
-        if (error instanceof LLMError) {
-          const errorInfo = error.errorInfo;
-          this.events.emit({
-            type: EVENT_TYPES.ERROR,
-            timestamp: Date.now(),
-            data: {
-              message: `LLM Error: ${errorInfo.message}`,
-              phase: this.state.getPhase(),
-              isRecoverable: errorInfo.isRetryable,
-              errorInfo
-            }
-          });
-          if (errorInfo.type === LLM_ERROR_TYPES.RATE_LIMIT) {
+        const action = this.handleLoopError(
+          error,
+          messages,
+          progress,
+          iteration,
+          consecutiveLLMErrors,
+          maxConsecutiveLLMErrors
+        );
+        if (action.action === "return") return action.result;
+        if (action.action === "continue") {
+          if (error instanceof LLMError && error.errorInfo.type === LLM_ERROR_TYPES.RATE_LIMIT) {
             consecutiveLLMErrors++;
-            if (maxConsecutiveLLMErrors !== Infinity && consecutiveLLMErrors >= maxConsecutiveLLMErrors) {
-              return {
-                output: `LLM rate limit errors exceeded limit. Last error: ${errorInfo.message}`,
-                iterations: iteration + 1,
-                toolsExecuted: progress.totalToolsExecuted,
-                isCompleted: false
-              };
-            }
-            continue;
+          } else {
+            consecutiveLLMErrors = 0;
           }
-          consecutiveLLMErrors = 0;
-          const errorMessage = this.formatLLMErrorForAgent(errorInfo);
-          messages.push({
-            role: LLM_ROLES.USER,
-            content: errorMessage
-          });
           continue;
         }
-        const unexpectedMsg = error instanceof Error ? error.message : String(error);
-        this.events.emit({
-          type: EVENT_TYPES.ERROR,
-          timestamp: Date.now(),
-          data: {
-            message: `Unexpected error: ${unexpectedMsg}`,
-            phase: this.state.getPhase(),
-            isRecoverable: true
-          }
-        });
-        messages.push({
-          role: LLM_ROLES.USER,
-          content: `\u26A0\uFE0F UNEXPECTED ERROR: ${unexpectedMsg}
-This may be a transient issue. Continue your task \u2014 retry the last action or try an alternative approach.`
-        });
-        continue;
       }
     }
-    const summary = `Max iterations (${this.maxIterations}) reached. Progress: ${progress.totalToolsExecuted} tools executed (${progress.toolSuccesses} succeeded, ${progress.toolErrors} failed). Current phase: ${this.state.getPhase()}. Findings: ${this.state.getFindings?.()?.length ?? "unknown"}.`;
     return {
-      output: summary,
+      output: `Max iterations (${this.maxIterations}) reached. Tools: ${progress.totalToolsExecuted}.`,
       iterations: this.maxIterations,
       toolsExecuted: progress.totalToolsExecuted,
       isCompleted: false
     };
   }
-  // ─────────────────────────────────────────────────────────────────
-  // SUBSECTION: Error Formatting
-  // ─────────────────────────────────────────────────────────────────
   /**
-   * Format LLM error as a message for the agent to understand and act on
+   * §4-1: Handle errors caught in the run loop — extracted to reduce nesting depth.
+   *
+   * Returns a LoopErrorAction so the caller controls `continue` / `return`.
+   * WHY separate: The catch block in run() had nesting depth 8. By moving error
+   * dispatch here, run() stays at depth 3 (for → try → if) throughout.
    */
-  formatLLMErrorForAgent(errorInfo) {
-    const actionHints = {
-      [LLM_ERROR_TYPES.RATE_LIMIT]: "Wait a moment and try again with a simpler query.",
-      [LLM_ERROR_TYPES.AUTH_ERROR]: "Use the ask_user tool to request a valid API key from the user. Set the PENTEST_API_KEY environment variable.",
-      [LLM_ERROR_TYPES.INVALID_REQUEST]: "Simplify your request or modify the parameters.",
-      [LLM_ERROR_TYPES.NETWORK_ERROR]: "Check network connectivity and retry.",
-      [LLM_ERROR_TYPES.TIMEOUT]: "Retry with a shorter or simpler request.",
-      [LLM_ERROR_TYPES.UNKNOWN]: "Analyze the error and decide the best course of action."
-    };
-    return `[SYSTEM ERROR - LLM API Issue]
-Error Type: ${errorInfo.type}
-Message: ${errorInfo.message}
-Status Code: ${errorInfo.statusCode || "N/A"}
-Retryable: ${errorInfo.isRetryable ? "Yes" : "No"}
-
-Suggested Action: ${errorInfo.suggestedAction || actionHints[errorInfo.type] || "Decide appropriate action"}
-
-How to proceed:
-1. If retryable: Wait briefly and continue your task
-2. If auth error: Use ask_user tool to request API key from user
-3. If invalid request: Simplify or modify your approach
-4. If persistent: Report to user and await instructions
-
-Please decide how to handle this error and continue.`;
+  handleLoopError(error, messages, progress, iteration, consecutiveLLMErrors, maxConsecutiveLLMErrors) {
+    if (this.isAbortError(error)) {
+      return { action: "return", result: this.buildCancelledResult(iteration, progress.totalToolsExecuted) };
+    }
+    if (error instanceof LLMError) {
+      return this.handleLLMError(error, messages, progress, iteration, consecutiveLLMErrors, maxConsecutiveLLMErrors);
+    }
+    const unexpectedMsg = error instanceof Error ? error.message : String(error);
+    this.events.emit({
+      type: EVENT_TYPES.ERROR,
+      timestamp: Date.now(),
+      data: { message: `Unexpected error: ${unexpectedMsg}`, phase: this.state.getPhase(), isRecoverable: true }
+    });
+    messages.push({ role: LLM_ROLES.USER, content: `\u26A0\uFE0F UNEXPECTED ERROR: ${unexpectedMsg}
+Continue your task.` });
+    return { action: "continue" };
+  }
+  /** Handle LLMError specifically — rate limits vs other LLM errors. */
+  handleLLMError(error, messages, progress, iteration, consecutiveLLMErrors, maxConsecutiveLLMErrors) {
+    const errorInfo = error.errorInfo;
+    this.events.emit({
+      type: EVENT_TYPES.ERROR,
+      timestamp: Date.now(),
+      data: {
+        message: `LLM Error: ${errorInfo.message}`,
+        phase: this.state.getPhase(),
+        isRecoverable: errorInfo.isRetryable,
+        errorInfo
+      }
+    });
+    if (errorInfo.type !== LLM_ERROR_TYPES.RATE_LIMIT) {
+      messages.push({ role: LLM_ROLES.USER, content: this.formatLLMErrorForAgent(errorInfo) });
+      return { action: "continue" };
+    }
+    const newCount = consecutiveLLMErrors + 1;
+    if (maxConsecutiveLLMErrors !== Infinity && newCount >= maxConsecutiveLLMErrors) {
+      return {
+        action: "return",
+        result: {
+          output: `LLM rate limit errors exceeded. Last error: ${errorInfo.message}`,
+          iterations: iteration + 1,
+          toolsExecuted: progress.totalToolsExecuted,
+          isCompleted: false
+        }
+      };
+    }
+    return { action: "continue" };
   }
   // ─────────────────────────────────────────────────────────────────
   // SUBSECTION: Step Execution
   // ─────────────────────────────────────────────────────────────────
-  /** Execute a single Think → Act → Observe iteration */
   async step(iteration, messages, systemPrompt, progress) {
     const phase = this.state.getPhase();
-    const stepStartTime = Date.now();
     this.emitThink(iteration, progress);
+    if (this.toolRegistry && !this.toolExecutor) {
+      this.toolExecutor = new ToolExecutor({
+        state: this.state,
+        events: this.events,
+        toolRegistry: this.toolRegistry,
+        llm: this.llm
+      });
+    }
+    this.toolExecutor?.clearTurnState();
     const callbacks = this.buildStreamCallbacks(phase);
     const response = await this.llm.generateResponseStream(
       messages,
-      this.getToolSchemas(),
+      this.toolExecutor?.getToolSchemas() ?? [],
       systemPrompt,
       callbacks
     );
@@ -10571,12 +10836,10 @@ Please decide how to handle this error and continue.`;
       }
     }
     messages.push({ role: LLM_ROLES.ASSISTANT, content: response.content });
-    const stepDuration = Date.now() - stepStartTime;
-    const tokens = response.usage ? { input: response.usage.input_tokens, output: response.usage.output_tokens } : void 0;
     if (!response.toolCalls?.length) {
       return { output: response.content, toolsExecuted: 0, isCompleted: false };
     }
-    const results = await this.processToolCalls(response.toolCalls, progress);
+    const results = await this.toolExecutor.processToolCalls(response.toolCalls, progress);
     this.addToolResultsToMessages(messages, results);
     return { output: "", toolsExecuted: results.length, isCompleted: false };
   }
@@ -10586,15 +10849,13 @@ Please decide how to handle this error and continue.`;
   buildStreamCallbacks(phase) {
     let _reasoningEndFired = false;
     let _outputBuffer = "";
-    const callbacks = {
+    return {
       onReasoningStart: () => this.emitReasoningStart(phase),
       onReasoningDelta: (content) => this.emitReasoningDelta(content, phase),
       onReasoningEnd: () => {
         _reasoningEndFired = true;
         this.emitReasoningEnd(phase);
       },
-      // WHY: Show AI text as it streams, not after completion.
-      // The user sees what the AI is writing in real-time via the status bar.
       onOutputDelta: (text) => {
         _outputBuffer += text;
         const firstLine = _outputBuffer.split("\n")[0]?.slice(0, 120) || "";
@@ -10620,57 +10881,63 @@ ${firstLine}`, phase }
         });
       },
       abortSignal: this.abortController?.signal,
-      // WHY: Used by step() to detect if SSE reasoning blocks fired.
-      // If not, we know it was an inline <think> model and must emit post-stream.
       hadReasoningEnd: () => _reasoningEndFired
     };
-    return callbacks;
   }
   // ─────────────────────────────────────────────────────────────────
-  // SUBSECTION: Deadlock Nudge Builder
+  // SUBSECTION: Deadlock Nudge
   // ─────────────────────────────────────────────────────────────────
-  /**
-   * Build a deadlock nudge message for the agent.
-   *
-   * WHY separated: The nudge template is ~30 lines of prompt engineering.
-   * Keeping it in run() obscures the iteration control logic.
-   * Philosophy §12: Nudge is a safety net, not a driver —
-   * it reminds the agent to ACT, but never prescribes HOW.
-   */
   buildDeadlockNudge(progress) {
     const phase = this.state.getPhase();
     const targets = this.state.getTargets().size;
     const findings = this.state.getFindings().length;
     const phaseDirection = {
-      [PHASES.RECON]: `RECON: Scan targets. Enumerate services and versions.`,
-      [PHASES.VULN_ANALYSIS]: `VULN ANALYSIS: ${targets} target(s) discovered. Search for CVEs and known exploits.`,
-      [PHASES.EXPLOIT]: `EXPLOIT: ${findings} finding(s) available. Attack the highest-severity one.`,
-      [PHASES.POST_EXPLOIT]: `POST-EXPLOIT: Escalate privileges. Search for escalation paths.`,
-      [PHASES.PRIV_ESC]: `PRIVESC: Find and exploit privilege escalation vectors.`,
-      [PHASES.LATERAL]: `LATERAL: Reuse discovered credentials on other hosts.`,
-      [PHASES.WEB]: `WEB: Enumerate the attack surface. Test every input for injection.`
+      [PHASES.RECON]: `RECON: Scan targets. Enumerate services.`,
+      [PHASES.VULN_ANALYSIS]: `VULN: ${targets} target(s). Search for CVEs.`,
+      [PHASES.EXPLOIT]: `EXPLOIT: ${findings} finding(s). Attack the highest-severity one.`,
+      [PHASES.POST_EXPLOIT]: `POST-EXPLOIT: Escalate privileges.`,
+      [PHASES.PRIV_ESC]: `PRIVESC: Find privilege escalation vectors.`,
+      [PHASES.LATERAL]: `LATERAL: Reuse credentials on other hosts.`,
+      [PHASES.WEB]: `WEB: Enumerate attack surface. Test every input.`
     };
     const direction = phaseDirection[phase] || phaseDirection[PHASES.RECON];
     return `\u26A1 DEADLOCK: ${AGENT_LIMITS.MAX_CONSECUTIVE_IDLE} turns with ZERO tool calls.
-Phase: ${phase} | Targets: ${targets} | Findings: ${findings} | Tools executed: ${progress.totalToolsExecuted} (${progress.toolSuccesses}\u2713 ${progress.toolErrors}\u2717)
+Phase: ${phase} | Targets: ${targets} | Findings: ${findings}
 
 ${direction}
 
-ESCALATION CHAIN \u2014 follow this order:
-1. web_search: Search for techniques, bypasses, default creds, CVEs, HackTricks
-2. BYPASS: Try alternative approaches \u2014 different protocols, ports, encodings, methods
-3. ZERO-DAY EXPLORATION: Probe for unknown vulns \u2014 fuzz parameters, test edge cases, analyze error responses for leaks
-4. BRUTE-FORCE: Wordlists, credential stuffing, common passwords, custom password lists from context
-5. ask_user: ONLY as last resort \u2014 ask the user for hints, wordlists, or guidance
+ESCALATION:
+1. web_search for techniques
+2. Try alternative approaches
+3. Probe for unknown vulns
+4. Brute-force with wordlists
+5. ask_user for hints
+
+ACT NOW \u2014 EXECUTE.`;
+  }
+  // ─────────────────────────────────────────────────────────────────
+  // SUBSECTION: Error Formatting
+  // ─────────────────────────────────────────────────────────────────
+  formatLLMErrorForAgent(errorInfo) {
+    const actionHints = {
+      [LLM_ERROR_TYPES.RATE_LIMIT]: "Wait and retry.",
+      [LLM_ERROR_TYPES.AUTH_ERROR]: "Use ask_user to request API key.",
+      [LLM_ERROR_TYPES.INVALID_REQUEST]: "Simplify your request.",
+      [LLM_ERROR_TYPES.NETWORK_ERROR]: "Check network and retry.",
+      [LLM_ERROR_TYPES.TIMEOUT]: "Retry with simpler request.",
+      [LLM_ERROR_TYPES.UNKNOWN]: "Analyze and decide."
+    };
+    return `[SYSTEM ERROR - LLM API Issue]
+Error Type: ${errorInfo.type}
+Message: ${errorInfo.message}
+Status Code: ${errorInfo.statusCode || "N/A"}
+Retryable: ${errorInfo.isRetryable ? "Yes" : "No"}
 
-RULES:
-- Every turn MUST have tool calls
-- NEVER silently give up \u2014 exhaust ALL 5 steps above first
-- ACT NOW \u2014 do not plan, do not explain, do not summarize. EXECUTE.`;
+Suggested Action: ${errorInfo.suggestedAction || actionHints[errorInfo.type] || "Decide appropriate action"}`;
   }
   // ─────────────────────────────────────────────────────────────────
   // SUBSECTION: Event Emitters
-  // ─────────────────════════════════════════════════════════════
+  // ─────────────────────────────────────────────────────────────────
   emitThink(iteration, progress) {
     const phase = this.state.getPhase();
     const targets = this.state.getTargets().size;
@@ -10679,26 +10946,22 @@ RULES:
     const hasErrors = (progress?.toolErrors ?? 0) > 0;
     let thought;
     if (iteration === 0) {
-      thought = targets > 0 ? `Analyzing ${targets} target${targets > 1 ? "s" : ""} \xB7 Planning ${phase} approach` : `Reviewing task \xB7 Building ${phase} strategy`;
+      thought = targets > 0 ? `Analyzing ${targets} target(s) \xB7 Planning ${phase} approach` : `Reviewing task \xB7 Building ${phase} strategy`;
     } else if (toolsUsed === 0) {
-      thought = `Iteration ${iteration + 1} \xB7 No actions yet \xB7 Reconsidering approach`;
+      thought = `Iteration ${iteration + 1} \xB7 No actions yet \xB7 Reconsidering`;
     } else if (hasErrors) {
-      thought = `Iteration ${iteration + 1} \xB7 [${phase}] ${toolsUsed} tools \xB7 ${progress?.toolErrors} error${(progress?.toolErrors ?? 0) > 1 ? "s" : ""} \xB7 Adapting strategy`;
+      thought = `Iteration ${iteration + 1} \xB7 [${phase}] ${toolsUsed} tools \xB7 ${progress?.toolErrors} error(s)`;
     } else if (findings > 0) {
-      thought = `Iteration ${iteration + 1} \xB7 [${phase}] ${findings} finding${findings > 1 ? "s" : ""} \xB7 ${toolsUsed} tools \xB7 Continuing`;
+      thought = `Iteration ${iteration + 1} \xB7 [${phase}] ${findings} finding(s) \xB7 ${toolsUsed} tools`;
     } else {
-      thought = `Iteration ${iteration + 1} \xB7 [${phase}] ${toolsUsed} tool${toolsUsed !== 1 ? "s" : ""} executed \xB7 Evaluating results`;
+      thought = `Iteration ${iteration + 1} \xB7 [${phase}] ${toolsUsed} tool(s) executed`;
     }
     this.events.emit({
       type: EVENT_TYPES.THINK,
       timestamp: Date.now(),
-      data: {
-        thought,
-        phase
-      }
+      data: { thought, phase }
     });
   }
-  /** Emit reasoning lifecycle events for extended thinking */
   emitReasoningStart(phase) {
     this.events.emit({ type: EVENT_TYPES.REASONING_START, timestamp: Date.now(), data: { phase } });
   }
@@ -10712,308 +10975,25 @@ RULES:
     this.events.emit({
       type: EVENT_TYPES.COMPLETE,
       timestamp: Date.now(),
-      data: {
-        finalOutput: output,
-        iterations: iteration + 1,
-        toolsExecuted,
-        durationMs,
-        tokens
-      }
-    });
-  }
-  /** Emit tool call event for TUI tracking */
-  emitToolCall(toolName, input) {
-    this.events.emit({
-      type: EVENT_TYPES.TOOL_CALL,
-      timestamp: Date.now(),
-      data: {
-        toolName,
-        input,
-        approvalLevel: APPROVAL_LEVELS.AUTO,
-        needsApproval: false
-      }
-    });
-  }
-  /** Emit tool result event for TUI tracking */
-  emitToolResult(toolName, success, output, error, duration) {
-    this.events.emit({
-      type: EVENT_TYPES.TOOL_RESULT,
-      timestamp: Date.now(),
-      data: {
-        toolName,
-        success,
-        output,
-        outputSummary: output.slice(0, DISPLAY_LIMITS.OUTPUT_SUMMARY),
-        error,
-        duration
-      }
+      data: { finalOutput: output, iterations: iteration + 1, toolsExecuted, durationMs, tokens }
     });
   }
   // ─────────────────────────────────────────────────────────────────
-  // SUBSECTION: Tool Processing
+  // SUBSECTION: Message Helpers
   // ─────────────────────────────────────────────────────────────────
   addToolResultsToMessages(messages, results) {
     for (const res of results) {
       messages.push({
         role: LLM_ROLES.USER,
-        content: [
-          {
-            type: LLM_BLOCK_TYPE.TOOL_RESULT,
-            tool_use_id: res.toolCallId,
-            content: res.output,
-            is_error: !!res.error
-          }
-        ]
+        content: [{
+          type: LLM_BLOCK_TYPE.TOOL_RESULT,
+          tool_use_id: res.toolCallId,
+          content: res.output,
+          is_error: !!res.error
+        }]
       });
     }
   }
-  /** Tools that are safe to run in parallel (read-only or per-key state mutations) */
-  static PARALLEL_SAFE_TOOLS = /* @__PURE__ */ new Set([
-    // Read-only intelligence tools
-    TOOL_NAMES.GET_STATE,
-    TOOL_NAMES.PARSE_NMAP,
-    TOOL_NAMES.SEARCH_CVE,
-    TOOL_NAMES.WEB_SEARCH,
-    TOOL_NAMES.BROWSE_URL,
-    TOOL_NAMES.READ_FILE,
-    TOOL_NAMES.GET_OWASP_KNOWLEDGE,
-    TOOL_NAMES.GET_WEB_ATTACK_SURFACE,
-    TOOL_NAMES.GET_CVE_INFO,
-    TOOL_NAMES.FILL_FORM,
-    // State recording (per-key mutations, no external side effects)
-    TOOL_NAMES.ADD_TARGET,
-    TOOL_NAMES.ADD_FINDING,
-    TOOL_NAMES.ADD_LOOT,
-    TOOL_NAMES.UPDATE_MISSION,
-    TOOL_NAMES.UPDATE_TODO
-  ]);
-  async processToolCalls(toolCalls, progress) {
-    if (toolCalls.length <= 1) {
-      return this.executeToolCallsSequentially(toolCalls, progress);
-    }
-    const allParallelSafe = toolCalls.every((c) => _CoreAgent.PARALLEL_SAFE_TOOLS.has(c.name));
-    if (allParallelSafe) {
-      return this.executeToolCallsInParallel(toolCalls, progress);
-    }
-    const parallelCalls = toolCalls.filter((c) => _CoreAgent.PARALLEL_SAFE_TOOLS.has(c.name));
-    const sequentialCalls = toolCalls.filter((c) => !_CoreAgent.PARALLEL_SAFE_TOOLS.has(c.name));
-    const parallelResults = parallelCalls.length > 0 ? await this.executeToolCallsInParallel(parallelCalls, progress) : [];
-    const sequentialResults = sequentialCalls.length > 0 ? await this.executeToolCallsSequentially(sequentialCalls, progress) : [];
-    const resultMap = /* @__PURE__ */ new Map();
-    for (const r of [...parallelResults, ...sequentialResults]) {
-      resultMap.set(r.toolCallId, r);
-    }
-    return toolCalls.map((c) => resultMap.get(c.id)).filter(Boolean);
-  }
-  /** Execute tool calls in parallel via Promise.allSettled */
-  async executeToolCallsInParallel(toolCalls, progress) {
-    for (const call of toolCalls) {
-      this.emitToolCall(call.name, call.input);
-    }
-    const promises = toolCalls.map((call) => this.executeSingleTool(call, progress));
-    const settled = await Promise.allSettled(promises);
-    return settled.map((s, i) => {
-      if (s.status === "fulfilled") return s.value;
-      const errorMsg = String(s.reason);
-      return { toolCallId: toolCalls[i].id, output: errorMsg, error: errorMsg };
-    });
-  }
-  /** Execute tool calls sequentially */
-  async executeToolCallsSequentially(toolCalls, progress) {
-    const results = [];
-    for (const call of toolCalls) {
-      this.emitToolCall(call.name, call.input);
-      const result2 = await this.executeSingleTool(call, progress);
-      results.push(result2);
-    }
-    return results;
-  }
-  /** Execute a single tool call with error enrichment and event emission */
-  async executeSingleTool(call, progress) {
-    const toolStartTime = Date.now();
-    logLLM("CoreAgent executing tool", { id: call.id, name: call.name, input: call.input });
-    if (!this.toolRegistry) {
-      return { toolCallId: call.id, output: "", error: "Tool registry not initialized. Call setToolRegistry() first." };
-    }
-    try {
-      const result2 = await this.toolRegistry.execute({ name: call.name, input: call.input });
-      let outputText = result2.output ?? "";
-      this.scanForFlags(outputText);
-      outputText = this.handleToolResult(result2, call, outputText, progress);
-      const { digestedOutputForLLM, digestResult } = await this.digestAndEmit(
-        call,
-        outputText,
-        result2,
-        toolStartTime
-      );
-      this.recordJournalMemo(call, result2, digestedOutputForLLM, digestResult);
-      return { toolCallId: call.id, output: digestedOutputForLLM, error: result2.error };
-    } catch (error) {
-      const errorMsg = String(error);
-      const enrichedError = this.enrichToolError({ toolName: call.name, input: call.input, error: errorMsg, originalOutput: "", progress });
-      if (progress) progress.toolErrors++;
-      this.emitToolResult(call.name, false, enrichedError, errorMsg, Date.now() - toolStartTime);
-      return { toolCallId: call.id, output: enrichedError, error: errorMsg };
-    }
-  }
-  /**
-   * Handle tool result: enrich errors or track success.
-   * @returns Possibly enriched output text.
-   */
-  handleToolResult(result2, call, outputText, progress) {
-    if (result2.error) {
-      if (progress) progress.toolErrors++;
-      return this.enrichToolError({ toolName: call.name, input: call.input, error: result2.error, originalOutput: outputText, progress });
-    }
-    if (progress) {
-      progress.toolSuccesses++;
-      progress.blockedCommandPatterns.clear();
-    }
-    return outputText;
-  }
-  /**
-   * Digest tool output via Analyst LLM (§13 ③) and emit TUI event.
-   *
-   * WHY separated: Digest + emit is a self-contained pipeline:
-   *   raw output → Analyst → digest + file → TUI event.
-   * Isolating it makes the pipeline testable without running actual tools.
-   */
-  async digestAndEmit(call, outputText, result2, toolStartTime) {
-    const digestFallbackOutput = outputText;
-    let digestedOutputForLLM = outputText;
-    let digestResult = null;
-    try {
-      const llmDigestFn = createLLMDigestFn(this.llm);
-      digestResult = await digestToolOutput(
-        outputText,
-        call.name,
-        JSON.stringify(call.input).slice(0, DISPLAY_LIMITS.OUTPUT_SUMMARY),
-        llmDigestFn
-      );
-      digestedOutputForLLM = digestResult.digestedOutput;
-    } catch {
-      if (digestedOutputForLLM.length > AGENT_LIMITS.MAX_TOOL_OUTPUT_LENGTH) {
-        const truncated = digestedOutputForLLM.slice(0, AGENT_LIMITS.MAX_TOOL_OUTPUT_LENGTH);
-        const remaining = digestedOutputForLLM.length - AGENT_LIMITS.MAX_TOOL_OUTPUT_LENGTH;
-        digestedOutputForLLM = `${truncated}
-
-... [TRUNCATED ${remaining} characters for context hygiene] ...
-\u{1F4A1} TIP: If you need to see the full output, use a tool to read the file directly or run the command with | head, | tail, or | grep.`;
-      }
-    }
-    const outputFilePath = digestResult?.fullOutputPath ?? null;
-    const tuiOutput = digestResult?.digestedOutput ? `${digestResult.digestedOutput}${outputFilePath ? `
-\u{1F4C4} Full output: ${outputFilePath}` : ""}` : digestFallbackOutput.slice(0, DISPLAY_LIMITS.OUTPUT_SUMMARY);
-    this.emitToolResult(call.name, result2.success, tuiOutput, result2.error, Date.now() - toolStartTime);
-    return { digestedOutputForLLM, digestResult };
-  }
-  /**
-   * Record tool execution results to Journal and aggregate memos.
-   *
-   * WHY no truncation on inputSummary: Strategist needs full context —
-   * "hydra -l admin -P rockyou.txt ssh://10.0.0.1" must survive intact.
-   */
-  recordJournalMemo(call, result2, digestedOutputForLLM, digestResult) {
-    this.turnToolJournal.push({
-      name: call.name,
-      inputSummary: JSON.stringify(call.input),
-      success: result2.success,
-      analystSummary: digestResult?.memo ? digestResult.memo.keyFindings.join("; ") || "No key findings" : digestedOutputForLLM,
-      outputFile: digestResult?.fullOutputPath ?? null
-    });
-    if (digestResult?.memo) {
-      const m = digestResult.memo;
-      this.turnMemo.keyFindings.push(...m.keyFindings);
-      this.turnMemo.credentials.push(...m.credentials);
-      this.turnMemo.attackVectors.push(...m.attackVectors);
-      this.turnMemo.failures.push(...m.failures);
-      this.turnMemo.suspicions.push(...m.suspicions);
-      if ((ATTACK_VALUE_RANK[m.attackValue] ?? 0) > (ATTACK_VALUE_RANK[this.turnMemo.attackValue] ?? 0)) {
-        this.turnMemo.attackValue = m.attackValue;
-      }
-      this.turnMemo.nextSteps.push(...m.nextSteps);
-      if (m.reflection) this.turnReflections.push(m.reflection);
-    }
-    if (digestResult?.memo?.credentials.length) {
-      for (const cred of digestResult.memo.credentials) {
-        this.state.addLoot({ type: LOOT_TYPES.CREDENTIAL, host: "auto-extracted", detail: cred, obtainedAt: Date.now() });
-      }
-    }
-    if (digestResult?.memo?.attackVectors.length && digestResult.memo.attackValue === "HIGH") {
-      const existingTitles = new Set(this.state.getFindings().map((f) => f.title));
-      for (const vector of digestResult.memo.attackVectors) {
-        const title = `[Auto] ${vector.slice(0, 100)}`;
-        if (!existingTitles.has(title)) {
-          this.state.addFinding({
-            id: generateId(),
-            title,
-            severity: "high",
-            // Auto-extracted findings are unverified signals — score POSSIBLE (25)
-            confidence: CONFIDENCE_THRESHOLDS.POSSIBLE,
-            affected: [],
-            description: `Auto-extracted by Analyst LLM: ${vector}`,
-            evidence: digestResult.memo.keyFindings.slice(0, 5),
-            remediation: "",
-            foundAt: Date.now()
-          });
-          this.state.attackGraph.addVulnerability(title, "auto-detected", "high", false);
-          existingTitles.add(title);
-        }
-      }
-    }
-    if (this.state.getFindings().length > 0 && this.state.getPhase() === PHASES.RECON) {
-      this.state.setPhase(PHASES.VULN_ANALYSIS);
-    }
-  }
-  /**
-   * Enrich tool error — delegates to extracted module (§3-1)
-   */
-  enrichToolError(ctx) {
-    return enrichToolErrorContext(ctx);
-  }
-  getToolSchemas() {
-    if (!this.toolRegistry) {
-      return [];
-    }
-    return this.toolRegistry.getAll().map((t) => ({
-      name: t.name,
-      description: t.description,
-      input_schema: {
-        type: "object",
-        properties: t.parameters,
-        required: t.required || []
-      }
-    }));
-  }
-  // ─────────────────────────────────────────────────────────────────
-  // SUBSECTION: CTF Flag Detection
-  // ─────────────────────────────────────────────────────────────────
-  /**
-   * Scan tool output for CTF flag patterns.
-   * When a new flag is detected, store it in state and emit event.
-   *
-   * @remarks
-   * WHY: Automatic flag detection eliminates manual flag hunting in CTF competitions.
-   * Called after every tool execution — zero overhead when CTF mode is OFF.
-   */
-  scanForFlags(output) {
-    if (!this.state.isCtfMode()) return;
-    const flags = detectFlags(output);
-    for (const flag of flags) {
-      const isNew = this.state.addFlag(flag);
-      if (isNew) {
-        this.events.emit({
-          type: EVENT_TYPES.FLAG_FOUND,
-          timestamp: Date.now(),
-          data: {
-            flag,
-            totalFlags: this.state.getFlags().length,
-            phase: this.state.getPhase()
-          }
-        });
-      }
-    }
-  }
   // ─────────────────────────────────────────────────────────────────
   // SUBSECTION: Abort Helpers
   // ─────────────────────────────────────────────────────────────────
@@ -11031,8 +11011,8 @@ RULES:
 };
 
 // src/agents/prompt-builder.ts
-import { readFileSync as readFileSync6, existsSync as existsSync9, readdirSync as readdirSync3 } from "fs";
-import { join as join10, dirname as dirname4 } from "path";
+import { readFileSync as readFileSync6, existsSync as existsSync10, readdirSync as readdirSync4 } from "fs";
+import { join as join11, dirname as dirname4 } from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
 
 // src/shared/constants/prompts.ts
@@ -11306,19 +11286,19 @@ function getAttacksForService(service, port) {
 }
 
 // src/shared/utils/journal.ts
-import { writeFileSync as writeFileSync8, readFileSync as readFileSync5, existsSync as existsSync8, readdirSync as readdirSync2, statSync as statSync2, rmSync as rmSync2 } from "fs";
-import { join as join9 } from "path";
+import { writeFileSync as writeFileSync9, readFileSync as readFileSync5, existsSync as existsSync9, readdirSync as readdirSync3, statSync as statSync3, rmSync as rmSync2 } from "fs";
+import { join as join10 } from "path";
 function parseTurnNumbers(turnsDir) {
-  if (!existsSync8(turnsDir)) return [];
-  return readdirSync2(turnsDir).filter((e) => e.startsWith(TURN_FOLDER_PREFIX) && /^\d+$/.test(e.slice(TURN_FOLDER_PREFIX.length))).map((e) => Number(e.slice(TURN_FOLDER_PREFIX.length)));
+  if (!existsSync9(turnsDir)) return [];
+  return readdirSync3(turnsDir).filter((e) => e.startsWith(TURN_FOLDER_PREFIX) && /^\d+$/.test(e.slice(TURN_FOLDER_PREFIX.length))).map((e) => Number(e.slice(TURN_FOLDER_PREFIX.length)));
 }
 function readJournalSummary() {
   try {
     const turnsDir = WORKSPACE.TURNS;
     const turnDirs = parseTurnNumbers(turnsDir).sort((a, b) => b - a);
     for (const turn of turnDirs) {
-      const summaryPath = join9(WORKSPACE.turnPath(turn), TURN_FILES.SUMMARY);
-      if (existsSync8(summaryPath)) {
+      const summaryPath = join10(WORKSPACE.turnPath(turn), TURN_FILES.SUMMARY);
+      if (existsSync9(summaryPath)) {
         return readFileSync5(summaryPath, "utf-8");
       }
     }
@@ -11334,8 +11314,8 @@ function getRecentEntries(count = MEMORY_LIMITS.MAX_TURN_ENTRIES) {
     const entries = [];
     for (const turn of turnDirs) {
       try {
-        const filePath = join9(WORKSPACE.turnPath(turn), TURN_FILES.STRUCTURED);
-        if (existsSync8(filePath)) {
+        const filePath = join10(WORKSPACE.turnPath(turn), TURN_FILES.STRUCTURED);
+        if (existsSync9(filePath)) {
           const raw = readFileSync5(filePath, "utf-8");
           entries.push(JSON.parse(raw));
         }
@@ -11366,8 +11346,8 @@ function regenerateJournalSummary() {
     const turnDir = WORKSPACE.turnPath(latestTurn);
     ensureDirExists(turnDir);
     const summary = buildSummaryFromEntries(entries);
-    const summaryPath = join9(turnDir, TURN_FILES.SUMMARY);
-    writeFileSync8(summaryPath, summary, "utf-8");
+    const summaryPath = join10(turnDir, TURN_FILES.SUMMARY);
+    writeFileSync9(summaryPath, summary, "utf-8");
     debugLog("general", "Journal summary regenerated", {
       entries: entries.length,
       summaryLength: summary.length
@@ -11472,13 +11452,13 @@ function formatSummaryMarkdown(buckets, entries) {
 function rotateTurnRecords() {
   try {
     const turnsDir = WORKSPACE.TURNS;
-    if (!existsSync8(turnsDir)) return;
-    const turnDirs = parseTurnNumbers(turnsDir).map((n) => `${TURN_FOLDER_PREFIX}${n}`).filter((e) => statSync2(join9(turnsDir, e)).isDirectory()).sort((a, b) => Number(a.slice(TURN_FOLDER_PREFIX.length)) - Number(b.slice(TURN_FOLDER_PREFIX.length)));
+    if (!existsSync9(turnsDir)) return;
+    const turnDirs = parseTurnNumbers(turnsDir).map((n) => `${TURN_FOLDER_PREFIX}${n}`).filter((e) => statSync3(join10(turnsDir, e)).isDirectory()).sort((a, b) => Number(a.slice(TURN_FOLDER_PREFIX.length)) - Number(b.slice(TURN_FOLDER_PREFIX.length)));
     if (turnDirs.length > MEMORY_LIMITS.MAX_TURN_ENTRIES) {
       const dirsToDel = turnDirs.slice(0, turnDirs.length - MEMORY_LIMITS.MAX_TURN_ENTRIES);
       for (const dir of dirsToDel) {
         try {
-          rmSync2(join9(turnsDir, dir), { recursive: true, force: true });
+          rmSync2(join10(turnsDir, dir), { recursive: true, force: true });
         } catch {
         }
       }
@@ -11493,8 +11473,8 @@ function rotateTurnRecords() {
 
 // src/agents/prompt-builder.ts
 var __dirname2 = dirname4(fileURLToPath2(import.meta.url));
-var PROMPTS_DIR = join10(__dirname2, "prompts");
-var TECHNIQUES_DIR = join10(PROMPTS_DIR, PROMPT_PATHS.TECHNIQUES_DIR);
+var PROMPTS_DIR = join11(__dirname2, "prompts");
+var TECHNIQUES_DIR = join11(PROMPTS_DIR, PROMPT_PATHS.TECHNIQUES_DIR);
 var { AGENT_FILES } = PROMPT_PATHS;
 var PHASE_PROMPT_MAP = {
   // Direct mappings — phase has its own prompt file
@@ -11627,8 +11607,8 @@ ${content}
    * Load a prompt file from src/agents/prompts/
    */
   loadPromptFile(filename) {
-    const path2 = join10(PROMPTS_DIR, filename);
-    return existsSync9(path2) ? readFileSync6(path2, PROMPT_CONFIG.ENCODING) : "";
+    const path2 = join11(PROMPTS_DIR, filename);
+    return existsSync10(path2) ? readFileSync6(path2, PROMPT_CONFIG.ENCODING) : "";
   }
   /**
    * Load phase-specific prompt.
@@ -11674,14 +11654,14 @@ ${content}
    * "Drop a markdown file in the folder, PromptBuilder auto-discovers and loads it."
    */
   loadPhaseRelevantTechniques(phase) {
-    if (!existsSync9(TECHNIQUES_DIR)) return "";
+    if (!existsSync10(TECHNIQUES_DIR)) return "";
     const priorityTechniques = PHASE_TECHNIQUE_MAP[phase] || [];
     const loadedSet = /* @__PURE__ */ new Set();
     const fragments = [];
     for (const technique of priorityTechniques) {
-      const filePath = join10(TECHNIQUES_DIR, `${technique}.md`);
+      const filePath = join11(TECHNIQUES_DIR, `${technique}.md`);
       try {
-        if (!existsSync9(filePath)) continue;
+        if (!existsSync10(filePath)) continue;
         const content = readFileSync6(filePath, PROMPT_CONFIG.ENCODING);
         if (content) {
           fragments.push(`<technique-reference category="${technique}">
@@ -11693,9 +11673,9 @@ ${content}
       }
     }
     try {
-      const allFiles = readdirSync3(TECHNIQUES_DIR).filter((f) => f.endsWith(".md") && f !== "README.md" && !loadedSet.has(f));
+      const allFiles = readdirSync4(TECHNIQUES_DIR).filter((f) => f.endsWith(".md") && f !== "README.md" && !loadedSet.has(f));
       for (const file of allFiles) {
-        const filePath = join10(TECHNIQUES_DIR, file);
+        const filePath = join11(TECHNIQUES_DIR, file);
         const content = readFileSync6(filePath, PROMPT_CONFIG.ENCODING);
         if (content) {
           const category = file.replace(".md", "");
@@ -11826,11 +11806,11 @@ ${summary}
 };
 
 // src/agents/strategist.ts
-import { readFileSync as readFileSync7, existsSync as existsSync10 } from "fs";
-import { join as join11, dirname as dirname5 } from "path";
+import { readFileSync as readFileSync7, existsSync as existsSync11 } from "fs";
+import { join as join12, dirname as dirname5 } from "path";
 import { fileURLToPath as fileURLToPath3 } from "url";
 var __dirname3 = dirname5(fileURLToPath3(import.meta.url));
-var STRATEGIST_PROMPT_PATH = join11(__dirname3, "prompts", "strategist-system.md");
+var STRATEGIST_PROMPT_PATH = join12(__dirname3, "prompts", "strategist-system.md");
 var Strategist = class {
   llm;
   state;
@@ -11969,7 +11949,7 @@ NOTE: This directive is from ${age}min ago (Strategist call failed this turn). V
   // ─── System Prompt Loading ──────────────────────────────────
   loadSystemPrompt() {
     try {
-      if (existsSync10(STRATEGIST_PROMPT_PATH)) {
+      if (existsSync11(STRATEGIST_PROMPT_PATH)) {
         return readFileSync7(STRATEGIST_PROMPT_PATH, "utf-8");
       }
     } catch {
@@ -12283,8 +12263,8 @@ function formatReflectionInput(input) {
 }
 
 // src/agents/main-agent.ts
-import { writeFileSync as writeFileSync9, existsSync as existsSync11, readFileSync as readFileSync8 } from "fs";
-import { join as join12 } from "path";
+import { writeFileSync as writeFileSync10, existsSync as existsSync12, readFileSync as readFileSync8 } from "fs";
+import { join as join13 } from "path";
 var MainAgent = class extends CoreAgent {
   promptBuilder;
   strategist;
@@ -12348,11 +12328,11 @@ var MainAgent = class extends CoreAgent {
         });
       }
     }
-    this.turnToolJournal = [];
-    this.turnMemo = { keyFindings: [], credentials: [], attackVectors: [], failures: [], suspicions: [], attackValue: "LOW", nextSteps: [] };
-    this.turnReflections = [];
     const dynamicPrompt = await this.getCurrentPrompt();
     const result2 = await super.step(iteration, messages, dynamicPrompt, progress);
+    const turnToolJournal = this.getTurnToolJournal();
+    const turnMemo = this.getTurnMemo();
+    const turnReflections = this.getTurnReflections();
     try {
       if (messages.length > 2) {
         const extraction = await this.llm.generateResponse(
@@ -12373,13 +12353,13 @@ ${extraction.content.trim()}
     } catch {
     }
     try {
-      if (this.turnToolJournal.length > 0) {
+      if (turnToolJournal.length > 0) {
         const reflection = await this.llm.generateResponse(
           [{
             role: "user",
             content: formatReflectionInput({
-              tools: this.turnToolJournal,
-              memo: this.turnMemo,
+              tools: turnToolJournal,
+              memo: turnMemo,
               phase: this.state.getPhase()
             })
           }],
@@ -12387,20 +12367,20 @@ ${extraction.content.trim()}
           REFLECTION_PROMPT
         );
         if (reflection.content?.trim()) {
-          this.turnReflections.push(reflection.content.trim());
+          turnReflections.push(reflection.content.trim());
         }
       }
     } catch {
     }
-    if (this.turnToolJournal.length > 0) {
+    if (turnToolJournal.length > 0) {
       try {
         const entry = {
           turn: this.turnCounter,
           timestamp: (/* @__PURE__ */ new Date()).toISOString(),
           phase: this.state.getPhase(),
-          tools: this.turnToolJournal,
-          memo: this.turnMemo,
-          reflection: this.turnReflections.length > 0 ? this.turnReflections.join(" | ") : this.turnMemo.nextSteps.join("; ")
+          tools: turnToolJournal,
+          memo: turnMemo,
+          reflection: turnReflections.length > 0 ? turnReflections.join(" | ") : turnMemo.nextSteps.join("; ")
         };
         try {
           const turnDir = WORKSPACE.turnPath(this.turnCounter);
@@ -12411,32 +12391,32 @@ ${extraction.content.trim()}
             turn: this.turnCounter,
             timestamp: (/* @__PURE__ */ new Date()).toISOString(),
             phase: this.state.getPhase(),
-            tools: this.turnToolJournal,
-            memo: this.turnMemo,
+            tools: turnToolJournal,
+            memo: turnMemo,
             reflection: entry.reflection
           });
-          writeFileSync9(join12(turnDir, TURN_FILES.RECORD), turnContent, "utf-8");
-          writeFileSync9(join12(turnDir, TURN_FILES.STRUCTURED), JSON.stringify(entry, null, 2), "utf-8");
+          writeFileSync10(join13(turnDir, TURN_FILES.RECORD), turnContent, "utf-8");
+          writeFileSync10(join13(turnDir, TURN_FILES.STRUCTURED), JSON.stringify(entry, null, 2), "utf-8");
           const memoLines = [];
-          if (this.turnMemo.keyFindings.length > 0) memoLines.push("## Key Findings", ...this.turnMemo.keyFindings.map((f) => `- ${f}`), "");
-          if (this.turnMemo.credentials.length > 0) memoLines.push("## Credentials", ...this.turnMemo.credentials.map((c) => `- ${c}`), "");
-          if (this.turnMemo.attackVectors.length > 0) memoLines.push("## Attack Vectors", ...this.turnMemo.attackVectors.map((v) => `- ${v}`), "");
-          if (this.turnMemo.failures.length > 0) memoLines.push("## Failures", ...this.turnMemo.failures.map((f) => `- ${f}`), "");
-          if (this.turnMemo.suspicions.length > 0) memoLines.push("## Suspicious", ...this.turnMemo.suspicions.map((s) => `- ${s}`), "");
-          if (this.turnMemo.nextSteps.length > 0) memoLines.push("## Next Steps", ...this.turnMemo.nextSteps.map((n) => `- ${n}`), "");
+          if (turnMemo.keyFindings.length > 0) memoLines.push("## Key Findings", ...turnMemo.keyFindings.map((f) => `- ${f}`), "");
+          if (turnMemo.credentials.length > 0) memoLines.push("## Credentials", ...turnMemo.credentials.map((c) => `- ${c}`), "");
+          if (turnMemo.attackVectors.length > 0) memoLines.push("## Attack Vectors", ...turnMemo.attackVectors.map((v) => `- ${v}`), "");
+          if (turnMemo.failures.length > 0) memoLines.push("## Failures", ...turnMemo.failures.map((f) => `- ${f}`), "");
+          if (turnMemo.suspicions.length > 0) memoLines.push("## Suspicious", ...turnMemo.suspicions.map((s) => `- ${s}`), "");
+          if (turnMemo.nextSteps.length > 0) memoLines.push("## Next Steps", ...turnMemo.nextSteps.map((n) => `- ${n}`), "");
           if (memoLines.length > 0) {
-            writeFileSync9(join12(turnDir, TURN_FILES.ANALYST), memoLines.join("\n"), "utf-8");
+            writeFileSync10(join13(turnDir, TURN_FILES.ANALYST), memoLines.join("\n"), "utf-8");
           }
         } catch {
         }
         try {
           const turnDir = WORKSPACE.turnPath(this.turnCounter);
-          const summaryPath = join12(turnDir, TURN_FILES.SUMMARY);
+          const summaryPath = join13(turnDir, TURN_FILES.SUMMARY);
           const prevTurn = this.turnCounter - 1;
           let existingSummary = "";
           if (prevTurn >= 1) {
-            const prevSummaryPath = join12(WORKSPACE.turnPath(prevTurn), TURN_FILES.SUMMARY);
-            if (existsSync11(prevSummaryPath)) {
+            const prevSummaryPath = join13(WORKSPACE.turnPath(prevTurn), TURN_FILES.SUMMARY);
+            if (existsSync12(prevSummaryPath)) {
               existingSummary = readFileSync8(prevSummaryPath, "utf-8");
             }
           }
@@ -12444,8 +12424,8 @@ ${extraction.content.trim()}
             turn: this.turnCounter,
             timestamp: (/* @__PURE__ */ new Date()).toISOString(),
             phase: this.state.getPhase(),
-            tools: this.turnToolJournal,
-            memo: this.turnMemo,
+            tools: turnToolJournal,
+            memo: turnMemo,
             reflection: entry.reflection
           });
           const summaryResponse = await this.llm.generateResponse(
@@ -12463,7 +12443,7 @@ ${turnData}`
           );
           if (summaryResponse.content?.trim()) {
             ensureDirExists(turnDir);
-            writeFileSync9(summaryPath, summaryResponse.content.trim(), "utf-8");
+            writeFileSync10(summaryPath, summaryResponse.content.trim(), "utf-8");
           }
         } catch {
           regenerateJournalSummary();
@@ -12598,27 +12578,19 @@ ${turnData}`
 };
 
 // src/agents/factory.ts
-var AgentFactory = class {
-  /**
-   * Create a fully initialized MainAgent system.
-   *
-   * Architecture: Single agent with all tools.
-   * No sub-agents, no spawn_sub, no nested loops.
-   */
-  static createMainAgent(shouldAutoApprove = false) {
-    const state = new SharedState();
-    const events = new AgentEventEmitter();
-    const approvalGate = new ApprovalGate(shouldAutoApprove);
-    const scopeGuard = new ScopeGuard(state);
-    const toolRegistry = new CategorizedToolRegistry(
-      state,
-      scopeGuard,
-      approvalGate,
-      events
-    );
-    return new MainAgent(state, events, toolRegistry, approvalGate, scopeGuard);
-  }
-};
+function createMainAgent(shouldAutoApprove = false) {
+  const state = new SharedState();
+  const events = new AgentEventEmitter();
+  const approvalGate = new ApprovalGate(shouldAutoApprove);
+  const scopeGuard = new ScopeGuard(state);
+  const toolRegistry = new CategorizedToolRegistry(
+    state,
+    scopeGuard,
+    approvalGate,
+    events
+  );
+  return new MainAgent(state, events, toolRegistry, approvalGate, scopeGuard);
+}
 
 // src/platform/tui/utils/format.ts
 var formatDuration2 = (ms) => {
@@ -13242,7 +13214,7 @@ function getCommandEventIcon(eventType) {
 
 // src/platform/tui/hooks/useAgent.ts
 var useAgent = (shouldAutoApprove, target) => {
-  const [agent] = useState2(() => AgentFactory.createMainAgent(shouldAutoApprove));
+  const [agent] = useState2(() => createMainAgent(shouldAutoApprove));
   const eventsRef = useRef3(agent.getEventEmitter());
   const state = useAgentState();
   const {
@@ -13616,7 +13588,6 @@ var MusicSpinner = memo2(({ color }) => {
 
 // src/platform/tui/components/StatusDisplay.tsx
 import { jsx as jsx4, jsxs as jsxs3 } from "react/jsx-runtime";
-var MAX_THINKING_LINES = 15;
 var StatusDisplay = memo3(({
   retryState,
   isProcessing,
@@ -13649,26 +13620,17 @@ var StatusDisplay = memo3(({
     ] });
   }
   if (isProcessing) {
-    return /* @__PURE__ */ jsxs3(Box3, { flexDirection: "column", children: [
-      /* @__PURE__ */ jsxs3(Box3, { children: [
-        /* @__PURE__ */ jsx4(Text4, { color: isThinkingStatus ? THEME.cyan : THEME.primary, children: /* @__PURE__ */ jsx4(MusicSpinner, { color: isThinkingStatus ? THEME.cyan : THEME.primary }) }),
-        /* @__PURE__ */ jsxs3(Text4, { color: isThinkingStatus ? THEME.cyan : THEME.primary, bold: true, children: [
-          " ",
-          statusMain
-        ] }),
-        /* @__PURE__ */ jsxs3(Text4, { color: THEME.gray, children: [
-          " ",
-          meta
-        ] })
+    const previewText = isThinkingStatus && statusLines.length > 1 ? `${statusMain} \u2014 ${statusLines[statusLines.length - 1]}` : statusMain;
+    return /* @__PURE__ */ jsxs3(Box3, { children: [
+      /* @__PURE__ */ jsx4(Text4, { color: isThinkingStatus ? THEME.cyan : THEME.primary, children: /* @__PURE__ */ jsx4(MusicSpinner, { color: isThinkingStatus ? THEME.cyan : THEME.primary }) }),
+      /* @__PURE__ */ jsxs3(Text4, { color: isThinkingStatus ? THEME.cyan : THEME.primary, bold: true, children: [
+        " ",
+        previewText
       ] }),
-      isThinkingStatus && statusLines.length > 1 && statusLines.slice(1).slice(-MAX_THINKING_LINES).map((line, i) => /* @__PURE__ */ jsxs3(Box3, { children: [
-        /* @__PURE__ */ jsx4(Text4, { color: THEME.cyan, children: "\u2502 " }),
-        /* @__PURE__ */ jsx4(Text4, { color: THEME.gray, children: line })
-      ] }, i)),
-      !isThinkingStatus && statusLines.length > 1 && /* @__PURE__ */ jsx4(Box3, { paddingLeft: 2, children: /* @__PURE__ */ jsxs3(Text4, { color: THEME.gray, children: [
-        "\u2502 ",
-        statusLines.slice(1).join(" ")
-      ] }) })
+      /* @__PURE__ */ jsxs3(Text4, { color: THEME.gray, children: [
+        " ",
+        meta
+      ] })
     ] });
   }
   return /* @__PURE__ */ jsx4(Box3, { height: 1, children: /* @__PURE__ */ jsx4(Text4, { children: " " }) });
@@ -13758,10 +13720,10 @@ var ChatInput = memo4(({
         paddingX: 1,
         overflowX: "hidden",
         children: inputRequest.status === "active" ? /* @__PURE__ */ jsxs4(Box4, { children: [
-          /* @__PURE__ */ jsx5(Text5, { color: THEME.yellow, children: "[auth]" }),
-          /* @__PURE__ */ jsxs4(Text5, { color: THEME.gray, children: [
-            " ",
-            inputRequest.prompt
+          /* @__PURE__ */ jsxs4(Text5, { color: THEME.yellow, children: [
+            "\u25B8 ",
+            inputRequest.prompt,
+            " "
           ] }),
           /* @__PURE__ */ jsx5(
             TextInput,
@@ -13769,7 +13731,7 @@ var ChatInput = memo4(({
               value: secretInput,
               onChange: setSecretInput,
               onSubmit: onSecretSubmit,
-              placeholder: "...",
+              placeholder: inputRequest.isPassword ? "(hidden)" : "...",
               mask: inputRequest.isPassword ? "\u2022" : void 0
             }
           )
@@ -14104,7 +14066,7 @@ ${procData.stdout || "(no output)"}
   }, [handleCtrlC]);
   return /* @__PURE__ */ jsxs6(Box6, { flexDirection: "column", paddingX: 1, width: terminalWidth, children: [
     /* @__PURE__ */ jsx7(Box6, { flexDirection: "column", children: /* @__PURE__ */ jsx7(MessageList, { messages }) }),
-    /* @__PURE__ */ jsxs6(Box6, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsxs6(Box6, { flexDirection: "column", height: 6, children: [
       /* @__PURE__ */ jsx7(
         StatusDisplay,
         {
@@ -14170,6 +14132,11 @@ var CLI_SCAN_TYPES = Object.freeze([
 import gradient from "gradient-string";
 import { jsx as jsx8 } from "react/jsx-runtime";
 initDebugLogger();
+var _configErrors = validateRequiredConfig();
+if (_configErrors.length > 0) {
+  _configErrors.forEach((e) => console.error(chalk.hex(HEX.red)(e)));
+  process.exit(EXIT_CODES.CONFIG_ERROR);
+}
 var program = new Command();
 program.name("pentesting").version(APP_VERSION).description(APP_DESCRIPTION).option("--dangerously-skip-permissions", "Skip all permission prompts (dangerous!)").option("-t, --target <target>", "Set initial target");
 program.command("interactive", { isDefault: true }).alias("i").description("Start interactive TUI mode").action(async () => {
@@ -14204,7 +14171,7 @@ program.command("run <objective>").alias("r").description("Run a single objectiv
   }
   console.log(chalk.hex(HEX.primary)(`[target] Objective: ${objective}
 `));
-  const agent = AgentFactory.createMainAgent(skipPermissions);
+  const agent = createMainAgent(skipPermissions);
   if (skipPermissions) {
     agent.setAutoApprove(true);
   }
@@ -14242,7 +14209,7 @@ program.command("scan <target>").description("Quick scan a target").option("-s,
   console.log(chalk.hex(HEX.primary)(`
 [scan] Target: ${target} (${options.scanType})
 `));
-  const agent = AgentFactory.createMainAgent(skipPermissions);
+  const agent = createMainAgent(skipPermissions);
   agent.addTarget(target);
   agent.setScope([target]);
   const shutdown = async (exitCode = 0) => {