pentesting 0.7.31 → 0.7.33

package/README.md

@@ -35,26 +35,61 @@ pentesting
 
 ---
 
-## ✨ Features
+## 🧠 Philosophy: Think Like a Hacker
+
+**Pentesting is not a brute-force tool.** It's an intelligent agent that thinks strategically.
+
+### Strategic Decision Framework
+
+Every action is evaluated using:
+
+```
+Value = (Probability × CVSS Impact) / Time Cost
+```
+
+The agent only executes actions with **confidence >50%**. Below that, it finds a better approach.
+
+### Self-Reflection Before Every Action
+
+Before running any tool, the agent asks:
+- "What exactly am I trying to learn?"
+- "Is this the FASTEST way to get that information?"
+- "Have I already tried this? What happened?"
+- "Is there a simpler approach?"
+
+### Mandatory Fallback Strategy
+
+When a tool fails, the agent immediately tries alternatives:
+
+| Task | Primary | Fallback 1 | Fallback 2 |
+|------|---------|------------|------------|
+| Subdomain | subfinder | ffuf | amass |
+| Directory | gobuster | ffuf | dirsearch |
+| Port Scan | rustscan | nmap | masscan |
+
+---
+
+## 🔥 Why Pentesting?
+
+| Feature | Traditional Tools | Pentesting Agent |
+|---------|-------------------|------------------|
+| Decision Making | Manual | AI-driven with confidence scoring |
+| Tool Selection | You choose | Auto-selects based on context |
+| Failure Handling | You retry | Auto-fallback to alternatives |
+| Attack Planning | Manual prioritization | CVSS-based priority matrix |
+| Context Awareness | None | Remembers all findings |
+| Reporting | Manual | Auto-generated findings |
+
+---
+
+## ✨ Core Capabilities
 
-### Core Capabilities
-- **Intelligent Agent**: Self-reflection and decision framework (inspired by Claude Code)
-- **Confidence Scoring**: Only acts on actions with >50% success probability
 - **10-Phase Attack Workflow**: Recon → Scan → Enum → Vuln Analysis → Exploitation → PrivEsc → Pivot → Persist → Exfil → Report
-- **Auto Docker Management**: Automatically pulls and starts `pentesting-tools` container
-- **Multi-Target Attack**: Register multiple targets and attack them sequentially
-- **Real-time Feedback**: See thinking process, tool calls, and results live
-- **ESC Interrupt**: Stop execution anytime with ESC key
-- **Rainbow Spinner**: Visual feedback with cycling colors
-
-### v0.7.16 New Features
-- **Self-Reflection**: Agent asks "Is this the fastest way?" before every action
-- **Decision Framework**: Value = (Probability × Impact) / Time Cost
-- **Concrete Tool Commands**: Exact ffuf, nmap, hydra syntax with wordlist paths
-- **Auto Docker**: Container starts automatically when tools are missing
-- **Thinking Display**: See `[thinking]` and `[reasoning]` messages
-- **Token Label**: Status bar shows `3k tok` instead of just `3k`
-- **Approval Fix**: "Approve always" now works correctly (no repeat prompts)
+- **Auto Docker Management**: Pulls and starts tool container automatically
+- **Multi-Target Attack**: Attack multiple targets sequentially
+- **Real-time Feedback**: See thinking process, tool calls, results live
+- **Session Persistence**: Save/resume attack sessions
+- **Context Compaction**: Automatic history summarization
 
 ---
 
@@ -329,40 +364,6 @@ await agent.addMCPServer('security-tools', 'docker', [
 
 ---
 
-## 📁 Project Structure
-
-```
-src/
-├── index.tsx              # CLI entry point
-├── cli/
-│   ├── app.tsx            # TUI with streaming, multi-target, approval
-│   ├── components/        # Rich display components
-│   └── utils/             # Keyboard listener
-├── core/
-│   ├── agent/             # Agent implementations
-│   ├── approval/          # Tool approval system
-│   ├── commands/          # Slash command registry
-│   ├── context/           # Checkpoint + compaction
-│   ├── display/           # Rich output blocks
-│   ├── hooks/             # Event hooks
-│   ├── loop/              # Ralph autonomous loop
-│   ├── replay/            # Session replay
-│   ├── session/           # Session persistence
-│   ├── skill/             # Flow skills (Mermaid/D2)
-│   ├── streaming/         # Real-time streaming
-│   ├── update/            # Auto-update system
-│   ├── prompts/           # System prompts
-│   └── tools/             # Tool definitions & executor
-├── agents/                # 9 built-in specialized agents
-├── commands/              # Built-in slash commands
-├── wire/                  # JSONL logging + Wire protocol
-├── mcp/                   # MCP client integration
-├── utils/                 # Clipboard, retry utilities
-└── config/                # Constants, theme
-```
-
----
-
 ## 🛠️ Development
 
 ```bash
@@ -380,39 +381,14 @@ npm run build
 npm run dev
 ```
 
----
-
-## Changelog
-
-### v0.7.16
-- Self-reflection framework (Claude Code inspired)
-- Confidence scoring (0-100) for decisions
-- Decision framework: Value = (Probability × Impact) / Time Cost
-- Concrete tool commands with wordlist paths
-- Efficiency rules and stop conditions
-
-### v0.7.15
-- Comprehensive prompt improvements
-- Approval fix (double popup bug)
-- Token label in status bar (`3k tok`)
-
-### v0.7.14
-- Auto Docker management
-- Container auto-start on first use
-
-### v0.7.13
-- Rainbow spinner
-- Thinking/reasoning display
-- Monochrome theme
-- Tab mode toggle
+## 📄 License
+## Documentation
 
-### v0.7.7
-- Multi-target management (`/target add/list/rm/clear`)
-- Batch attack (`/start all`)
-- `set_target` tool for agent
+- [Architecture](./docs/ARCHITECTURE.md) - System design and components
+- [Docker Image](https://hub.docker.com/r/agnusdei1207/pentesting-tools) - Pre-built security tools
 
 ---
 
-## 📄 License
+## �📄 License
 
 MIT

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.7.31",
+  "version": "0.7.33",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/index.js",