pentesting 0.7.41 → 0.7.44

package/README.md

@@ -189,7 +189,20 @@ Complete
 
 ---
 
-## 🤖 Built-in Agents
+## 🤖 Agentic System (Dual Architecture)
+
+### YAML-Based Agents (Primary)
+New agents defined in `src/agents/specs/*.yaml` with auto-switching:
+
+| YAML Agent | Phase | Description |
+|------------|-------|-------------|
+| `recon` | RECON, SCAN | Information gathering, port scanning |
+| `web` | ENUM | Web application security, OWASP Top 10 |
+| `exploit` | VULN, EXPLOIT | CVE research, exploit execution |
+| `privesc` | PRIVESC, PIVOT, PERSIST | Privilege escalation techniques |
+| `crypto` | EXFIL | Hash cracking, encryption analysis |
+
+### Built-in Agents (Fallback)
 
 | Agent | Specialty |
 |-------|-----------|
@@ -203,6 +216,22 @@ Complete
 | `attack-architect` | Attack strategy planning |
 | `finding-reviewer` | Vulnerability validation |
 
+### Agent Orchestration Flow
+
+```
+User Request → AutonomousHackingAgent
+       ↓
+Phase Change Detected (RECON → SCAN → ENUM → ...)
+       ↓
+autoSwitchAgentForPhase(phaseId)
+       ├── Try YAML Agent First (SpecOrchestrator)
+       └── Fallback to Builtin Agent
+       ↓
+System Prompt = Base + Agent-Specific Instructions
+       ↓
+LLM Call with Specialized Context
+```
+
 ---
 
 ## ⚙️ Configuration

package/dist/index.js

@@ -2440,7 +2440,7 @@ var HookExecutor = class extends EventEmitter {
   }
   // Execute single hook
   async executeHook(hook, context) {
-    return new Promise((resolve) => {
+    return new Promise((resolve2) => {
       const timeout = hook.timeout || 1e4;
       let command = hook.command;
       if (command.startsWith("./")) {
@@ -2479,7 +2479,7 @@ var HookExecutor = class extends EventEmitter {
           decision = "modify";
           reason = output.split("MODIFY:")[1]?.split("\n")[0]?.trim() || "";
         }
-        resolve({
+        resolve2({
           success: code === 0,
           output,
           decision,
@@ -2487,7 +2487,7 @@ var HookExecutor = class extends EventEmitter {
         });
       });
       proc.on("error", (error) => {
-        resolve({
+        resolve2({
           success: false,
           output: error.message,
           decision: "proceed"
@@ -2545,7 +2545,7 @@ var MCPClient = class extends EventEmitter2 {
   }
   // Start MCP server
   async connect() {
-    return new Promise((resolve, reject) => {
+    return new Promise((resolve2, reject) => {
       const { command, args, env } = this.config;
       this.process = spawn3(command, args || [], {
         env: { ...process.env, ...env },
@@ -2576,7 +2576,7 @@ var MCPClient = class extends EventEmitter2 {
       this.process.on("spawn", () => {
         this.connected = true;
         this.emit("connected", { server: this.serverName });
-        resolve();
+        resolve2();
       });
       this.process.on("close", (code) => {
         this.connected = false;
@@ -2596,8 +2596,8 @@ var MCPClient = class extends EventEmitter2 {
       method,
       params
     };
-    return new Promise((resolve, reject) => {
-      this.pendingRequests.set(id, { resolve, reject });
+    return new Promise((resolve2, reject) => {
+      this.pendingRequests.set(id, { resolve: resolve2, reject });
       const line = JSON.stringify(request) + "\n";
       this.process.stdin.write(line, (error) => {
         if (error) {
@@ -2947,11 +2947,11 @@ var ApprovalManager = class extends EventEmitter3 {
     };
     this.pendingRequests.set(request.id, request);
     this.emit(APPROVAL_EVENT.REQUEST, request);
-    return new Promise((resolve) => {
+    return new Promise((resolve2) => {
       const timeout = setTimeout(() => {
         this.pendingRequests.delete(request.id);
         this.emit(APPROVAL_EVENT.TIMEOUT, request.id);
-        resolve("deny");
+        resolve2("deny");
       }, this.defaultTimeout);
       const responseHandler = (response) => {
         if (response.requestId === request.id) {
@@ -2969,7 +2969,7 @@ var ApprovalManager = class extends EventEmitter3 {
                 respondedAt: (/* @__PURE__ */ new Date()).toISOString()
               });
             }
-            resolve("approve");
+            resolve2("approve");
           } else if (response.decision === "deny_always") {
             this.autoDeniedTools.add(toolName);
             const pendingForSameTool = Array.from(this.pendingRequests.entries()).filter(([_, req]) => req.toolName === toolName);
@@ -2981,9 +2981,9 @@ var ApprovalManager = class extends EventEmitter3 {
                 respondedAt: (/* @__PURE__ */ new Date()).toISOString()
               });
             }
-            resolve("deny");
+            resolve2("deny");
           } else {
-            resolve(response.decision);
+            resolve2(response.decision);
           }
         }
       };
@@ -3033,7 +3033,7 @@ function getApprovalManager(options) {
 import { spawn as spawn4 } from "child_process";
 async function searchDuckDuckGo(query, options = {}) {
   const { maxResults = 10, timeout = 3e4 } = options;
-  return new Promise((resolve) => {
+  return new Promise((resolve2) => {
     const url = `https://html.duckduckgo.com/html/?q=${encodeURIComponent(query)}`;
     const proc = spawn4("curl", [
       "-s",
@@ -3067,10 +3067,10 @@ async function searchDuckDuckGo(query, options = {}) {
           snippet: snippets[i] || ""
         });
       }
-      resolve(results);
+      resolve2(results);
     });
     proc.on("error", () => {
-      resolve([]);
+      resolve2([]);
     });
   });
 }
@@ -3130,7 +3130,7 @@ async function withRetry(fn, options = {}) {
       }
       const delay = calculateDelay(attempt, opts);
       opts.onRetry?.(attempt + 1, lastError, delay);
-      await new Promise((resolve) => setTimeout(resolve, delay));
+      await new Promise((resolve2) => setTimeout(resolve2, delay));
     }
   }
   throw lastError ?? new Error("Retry failed with no error");
@@ -3250,6 +3250,184 @@ var ContextManager = class {
   }
 };
 
+// src/agents/spec-loader.ts
+import * as fs3 from "fs";
+import * as path3 from "path";
+import * as yaml from "yaml";
+import { fileURLToPath } from "url";
+var __filename = fileURLToPath(import.meta.url);
+var __dirname = path3.dirname(__filename);
+var SPECS_DIR = path3.join(__dirname, "specs");
+function loadAgentSpec(specName) {
+  const specPath = path3.join(SPECS_DIR, `${specName}.yaml`);
+  if (!fs3.existsSync(specPath)) {
+    throw new Error(`Agent spec not found: ${specPath}`);
+  }
+  const content = fs3.readFileSync(specPath, "utf-8");
+  const spec = yaml.parse(content);
+  return resolveAgentSpec(spec, specPath);
+}
+function resolveAgentSpec(spec, specPath) {
+  const specDir = path3.dirname(specPath);
+  let resolved = {
+    name: spec.agent.name,
+    description: spec.agent.description || "",
+    systemPrompt: "",
+    tools: spec.agent.tools || [],
+    excludeTools: spec.agent.exclude_tools || [],
+    subagents: spec.agent.subagents || {},
+    switchingRules: spec.switching?.rules || []
+  };
+  if (spec.agent.extends) {
+    const basePath = path3.resolve(specDir, spec.agent.extends);
+    const baseContent = fs3.readFileSync(basePath, "utf-8");
+    const baseSpec = yaml.parse(baseContent);
+    const baseResolved = resolveAgentSpec(baseSpec, basePath);
+    resolved = {
+      ...baseResolved,
+      name: spec.agent.name || baseResolved.name,
+      description: spec.agent.description || baseResolved.description,
+      tools: spec.agent.tools || baseResolved.tools,
+      excludeTools: [...baseResolved.excludeTools, ...spec.agent.exclude_tools || []],
+      subagents: { ...baseResolved.subagents, ...spec.agent.subagents },
+      switchingRules: spec.switching?.rules || baseResolved.switchingRules
+    };
+  }
+  if (spec.agent.system_prompt) {
+    resolved.systemPrompt = spec.agent.system_prompt;
+  } else if (spec.agent.system_prompt_path) {
+    const promptPath = path3.resolve(specDir, spec.agent.system_prompt_path);
+    if (fs3.existsSync(promptPath)) {
+      resolved.systemPrompt = fs3.readFileSync(promptPath, "utf-8");
+    }
+  }
+  resolved.tools = resolved.tools.filter((t) => !resolved.excludeTools.includes(t));
+  return resolved;
+}
+var SpecOrchestrator = class {
+  currentAgent;
+  agents = /* @__PURE__ */ new Map();
+  context = {};
+  constructor() {
+    this.currentAgent = loadAgentSpec("default");
+    this.agents.set("default", this.currentAgent);
+    for (const [name] of Object.entries(this.currentAgent.subagents)) {
+      try {
+        const spec = loadAgentSpec(name);
+        this.agents.set(name, spec);
+      } catch {
+      }
+    }
+  }
+  /**
+   * Get current active agent
+   */
+  getCurrentAgent() {
+    return this.currentAgent;
+  }
+  /**
+   * Get current agent's system prompt
+   */
+  getSystemPrompt() {
+    return this.currentAgent.systemPrompt;
+  }
+  /**
+   * Update context for agent switching decisions
+   */
+  updateContext(key, value) {
+    this.context[key] = value;
+    this.evaluateSwitching();
+  }
+  /**
+   * Manually switch to a specific agent
+   */
+  switchTo(agentName) {
+    if (this.agents.has(agentName)) {
+      this.currentAgent = this.agents.get(agentName);
+      return true;
+    }
+    try {
+      const spec = loadAgentSpec(agentName);
+      this.agents.set(agentName, spec);
+      this.currentAgent = spec;
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Evaluate switching rules and auto-switch if needed
+   */
+  evaluateSwitching() {
+    for (const rule of this.currentAgent.switchingRules) {
+      if (this.evaluateCondition(rule.condition)) {
+        this.switchTo(rule.agent);
+        break;
+      }
+    }
+  }
+  /**
+   * Evaluate a condition string against current context
+   */
+  evaluateCondition(condition) {
+    try {
+      const ctx = this.context;
+      const checks = {
+        target_set: !!ctx.target,
+        vulnerability_found: (ctx.vulnerabilities || []).length > 0,
+        shell_obtained: !!ctx.shellObtained,
+        hash_found: (ctx.hashes || []).length > 0
+      };
+      const phaseMatch = condition.match(/phase\s*==\s*['"](\w+)['"]/);
+      if (phaseMatch) {
+        checks[`phase_${phaseMatch[1]}`] = ctx.phase === phaseMatch[1];
+      }
+      const portMatches = condition.matchAll(/port_(\d+)_open/g);
+      const openPorts = ctx.openPorts || [];
+      for (const match of portMatches) {
+        checks[`port_${match[1]}_open`] = openPorts.includes(parseInt(match[1]));
+      }
+      const tokens = condition.split(/\s*(&&|\|\|)\s*/);
+      let result = true;
+      let operator = "&&";
+      for (const token of tokens) {
+        if (token === "&&" || token === "||") {
+          operator = token;
+          continue;
+        }
+        let tokenResult = false;
+        for (const [key, value] of Object.entries(checks)) {
+          if (token.includes(key.replace("_", " ")) || token.includes(key)) {
+            tokenResult = value;
+            break;
+          }
+        }
+        if (operator === "&&") {
+          result = result && tokenResult;
+        } else {
+          result = result || tokenResult;
+        }
+      }
+      return result;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Get available subagents for current agent
+   */
+  getSubagents() {
+    return this.currentAgent.subagents;
+  }
+  /**
+   * Get tools available for current agent
+   */
+  getTools() {
+    return this.currentAgent.tools;
+  }
+};
+var specOrchestrator = new SpecOrchestrator();
+
 // src/agents/index.ts
 var TARGET_EXPLORER = {
   name: "target-explorer",
@@ -4263,6 +4441,9 @@ var AutonomousHackingAgent = class extends EventEmitter4 {
   tools;
   builtinAgents = BUILTIN_AGENTS;
   currentAgent = null;
+  // YAML-based agent orchestration
+  specOrchestrator = null;
+  currentSpec = null;
   // Integrated systems
   hookExecutor;
   mcpManager;
@@ -4299,13 +4480,22 @@ var AutonomousHackingAgent = class extends EventEmitter4 {
     this.state = this.createInitialState();
     this.initSystems();
   }
-  // Initialize systems (hooks, MCP)
+  // Initialize systems (hooks, MCP, spec orchestrator)
   async initSystems() {
     try {
       this.emit(AGENT_EVENT.PLUGINS_LOADED, { agents: this.builtinAgents.length });
       await this.hookExecutor.initialize();
       this.emit(AGENT_EVENT.HOOKS_LOADED);
       this.emit(AGENT_EVENT.COMMANDS_LOADED, { commands: BUILTIN_COMMANDS.length });
+      try {
+        this.specOrchestrator = new SpecOrchestrator();
+        this.currentSpec = this.specOrchestrator.getCurrentAgent();
+        this.emit(AGENT_EVENT.PLUGINS_LOADED, {
+          agents: this.builtinAgents.length,
+          yamlAgents: this.specOrchestrator.getSubagents()
+        });
+      } catch {
+      }
     } catch {
     }
   }
@@ -4576,7 +4766,20 @@ ${prompt}`
    * Automatically switch to the best agent for the current phase
    */
   autoSwitchAgentForPhase(phaseId) {
-    const phaseToAgentMap = {
+    const phaseToYamlAgentMap = {
+      [PHASE_ID.RECON]: "recon",
+      [PHASE_ID.SCAN]: "recon",
+      [PHASE_ID.ENUM]: "web",
+      [PHASE_ID.VULN]: "exploit",
+      [PHASE_ID.EXPLOIT]: "exploit",
+      [PHASE_ID.PRIVESC]: "privesc",
+      [PHASE_ID.PIVOT]: "privesc",
+      [PHASE_ID.PERSIST]: "privesc",
+      [PHASE_ID.EXFIL]: "crypto",
+      [PHASE_ID.REPORT]: "recon"
+      // fallback
+    };
+    const phaseToBuiltinAgentMap = {
       [PHASE_ID.RECON]: "target-explorer",
       [PHASE_ID.SCAN]: "target-explorer",
       [PHASE_ID.ENUM]: "target-explorer",
@@ -4588,13 +4791,30 @@ ${prompt}`
       [PHASE_ID.EXFIL]: "forensics-analyst",
       [PHASE_ID.REPORT]: "finding-reviewer"
     };
-    const agentName = phaseToAgentMap[phaseId];
+    if (this.specOrchestrator) {
+      const yamlAgentName = phaseToYamlAgentMap[phaseId];
+      if (yamlAgentName) {
+        this.specOrchestrator.updateContext("phase", phaseId);
+        if (this.specOrchestrator.switchTo(yamlAgentName)) {
+          this.currentSpec = this.specOrchestrator.getCurrentAgent();
+          this.emit(AGENT_EVENT.AGENT_SWITCH, {
+            name: this.currentSpec.name,
+            description: this.currentSpec.description,
+            type: "yaml-spec"
+          });
+          this.think(THOUGHT_TYPE.OBSERVATION, `Switched to ${this.currentSpec.name} agent (YAML spec) for ${phaseId} phase`);
+          return;
+        }
+      }
+    }
+    const agentName = phaseToBuiltinAgentMap[phaseId];
     if (agentName) {
       const agent = getAgentByName(agentName);
       if (agent) {
         this.currentAgent = agent;
-        this.emit(AGENT_EVENT.AGENT_SWITCH, { name: agent.name, description: agent.description });
-        this.think(THOUGHT_TYPE.OBSERVATION, `Switched to ${agent.name} agent for ${phaseId} phase`);
+        this.currentSpec = null;
+        this.emit(AGENT_EVENT.AGENT_SWITCH, { name: agent.name, description: agent.description, type: "builtin" });
+        this.think(THOUGHT_TYPE.OBSERVATION, `Switched to ${agent.name} agent (builtin) for ${phaseId} phase`);
       }
     }
   }
@@ -4813,7 +5033,15 @@ Goal: Deep penetration to obtain root/system privileges, extract internal data,
       { role: "user", content: contextPrompt }
     ];
     let systemPrompt = AUTONOMOUS_HACKING_PROMPT;
-    if (this.currentAgent) {
+    if (this.currentSpec && this.currentSpec.systemPrompt) {
+      systemPrompt = `${AUTONOMOUS_HACKING_PROMPT}
+
+---
+
+## Current Agent: ${this.currentSpec.name}
+
+${this.currentSpec.systemPrompt}`;
+    } else if (this.currentAgent) {
       systemPrompt = buildAgentSystemPrompt(systemPrompt, this.currentAgent);
     }
     this.emit(AGENT_EVENT.LLM_START, { model: LLM_MODEL });
@@ -4912,15 +5140,15 @@ Use report_finding tool for important discoveries.
             toolInput,
             riskLevel: risk
           });
-          const decision = await new Promise((resolve) => {
+          const decision = await new Promise((resolve2) => {
             const handler = (response2) => {
               if (response2.requestId === block.id) {
                 this.approvalManager.removeListener("approval_response", handler);
                 if (response2.decision === "approve_always") {
                   this.approvalManager.autoApprovedTools?.add(toolName);
-                  resolve("approve");
+                  resolve2("approve");
                 } else {
-                  resolve(response2.decision);
+                  resolve2(response2.decision);
                 }
               }
             };
@@ -5389,8 +5617,8 @@ Respond helpfully to the user's message. If they ask to perform security testing
 };
 
 // src/core/session/session-manager.ts
-import * as fs3 from "fs/promises";
-import * as path3 from "path";
+import * as fs4 from "fs/promises";
+import * as path4 from "path";
 import { EventEmitter as EventEmitter5 } from "events";
 var SESSIONS_DIR = ".pentesting/sessions";
 function generateSessionId() {
@@ -5403,14 +5631,14 @@ var SessionManager = class extends EventEmitter5 {
   currentSession = null;
   constructor(baseDir) {
     super();
-    this.sessionsDir = path3.join(baseDir || process.cwd(), SESSIONS_DIR);
+    this.sessionsDir = path4.join(baseDir || process.cwd(), SESSIONS_DIR);
   }
   /**
    * Initialize sessions directory
    */
   async initialize() {
     try {
-      await fs3.mkdir(this.sessionsDir, { recursive: true });
+      await fs4.mkdir(this.sessionsDir, { recursive: true });
     } catch {
     }
   }
@@ -5430,8 +5658,8 @@ var SessionManager = class extends EventEmitter5 {
       status: "active"
     };
     this.currentSession = metadata;
-    const sessionDir = path3.join(this.sessionsDir, metadata.id);
-    await fs3.mkdir(sessionDir, { recursive: true });
+    const sessionDir = path4.join(this.sessionsDir, metadata.id);
+    await fs4.mkdir(sessionDir, { recursive: true });
     await this.saveMetadata(metadata);
     this.emit("session_created", metadata);
     return metadata;
@@ -5440,8 +5668,8 @@ var SessionManager = class extends EventEmitter5 {
    * Save session metadata
    */
   async saveMetadata(metadata) {
-    const metadataPath = path3.join(this.sessionsDir, metadata.id, "metadata.json");
-    await fs3.writeFile(metadataPath, JSON.stringify(metadata, null, 2));
+    const metadataPath = path4.join(this.sessionsDir, metadata.id, "metadata.json");
+    await fs4.writeFile(metadataPath, JSON.stringify(metadata, null, 2));
   }
   /**
    * Save full session snapshot
@@ -5450,21 +5678,21 @@ var SessionManager = class extends EventEmitter5 {
     if (!this.currentSession) {
       throw new Error("No active session");
     }
-    const sessionDir = path3.join(this.sessionsDir, this.currentSession.id);
+    const sessionDir = path4.join(this.sessionsDir, this.currentSession.id);
     this.currentSession.updatedAt = (/* @__PURE__ */ new Date()).toISOString();
     this.currentSession.currentPhase = snapshot.state.currentPhase;
     await this.saveMetadata(this.currentSession);
-    const statePath = path3.join(sessionDir, "state.json");
-    await fs3.writeFile(statePath, JSON.stringify(snapshot.state, null, 2));
-    const configPath = path3.join(sessionDir, "config.json");
-    await fs3.writeFile(configPath, JSON.stringify(snapshot.config, null, 2));
-    const historyPath = path3.join(sessionDir, "history.jsonl");
+    const statePath = path4.join(sessionDir, "state.json");
+    await fs4.writeFile(statePath, JSON.stringify(snapshot.state, null, 2));
+    const configPath = path4.join(sessionDir, "config.json");
+    await fs4.writeFile(configPath, JSON.stringify(snapshot.config, null, 2));
+    const historyPath = path4.join(sessionDir, "history.jsonl");
     const historyLine = JSON.stringify({
       timestamp: this.currentSession.updatedAt,
       iteration: snapshot.state.iteration,
       phase: snapshot.state.currentPhase
     }) + "\n";
-    await fs3.appendFile(historyPath, historyLine);
+    await fs4.appendFile(historyPath, historyLine);
     this.emit("snapshot_saved", this.currentSession.id);
   }
   /**
@@ -5472,17 +5700,17 @@ var SessionManager = class extends EventEmitter5 {
    */
   async loadSession(sessionId) {
     try {
-      const sessionDir = path3.join(this.sessionsDir, sessionId);
-      const metadataPath = path3.join(sessionDir, "metadata.json");
-      const metadataContent = await fs3.readFile(metadataPath, "utf-8");
+      const sessionDir = path4.join(this.sessionsDir, sessionId);
+      const metadataPath = path4.join(sessionDir, "metadata.json");
+      const metadataContent = await fs4.readFile(metadataPath, "utf-8");
       const metadata = JSON.parse(metadataContent);
-      const statePath = path3.join(sessionDir, "state.json");
-      const stateContent = await fs3.readFile(statePath, "utf-8");
+      const statePath = path4.join(sessionDir, "state.json");
+      const stateContent = await fs4.readFile(statePath, "utf-8");
       const state = JSON.parse(stateContent);
-      const configPath = path3.join(sessionDir, "config.json");
+      const configPath = path4.join(sessionDir, "config.json");
       let config = {};
       try {
-        const configContent = await fs3.readFile(configPath, "utf-8");
+        const configContent = await fs4.readFile(configPath, "utf-8");
         config = JSON.parse(configContent);
       } catch {
       }
@@ -5499,13 +5727,13 @@ var SessionManager = class extends EventEmitter5 {
   async listSessions() {
     await this.initialize();
     try {
-      const entries = await fs3.readdir(this.sessionsDir, { withFileTypes: true });
+      const entries = await fs4.readdir(this.sessionsDir, { withFileTypes: true });
       const sessions = [];
       for (const entry of entries) {
         if (entry.isDirectory()) {
           try {
-            const metadataPath = path3.join(this.sessionsDir, entry.name, "metadata.json");
-            const content = await fs3.readFile(metadataPath, "utf-8");
+            const metadataPath = path4.join(this.sessionsDir, entry.name, "metadata.json");
+            const content = await fs4.readFile(metadataPath, "utf-8");
             const metadata = JSON.parse(content);
             sessions.push({
               id: metadata.id,
@@ -5555,14 +5783,14 @@ var SessionManager = class extends EventEmitter5 {
     await this.initialize();
     let deletedCount = 0;
     try {
-      const entries = await fs3.readdir(this.sessionsDir, { withFileTypes: true });
+      const entries = await fs4.readdir(this.sessionsDir, { withFileTypes: true });
       for (const entry of entries) {
         if (entry.isDirectory()) {
-          const metadataPath = path3.join(this.sessionsDir, entry.name, "metadata.json");
+          const metadataPath = path4.join(this.sessionsDir, entry.name, "metadata.json");
           try {
-            await fs3.access(metadataPath);
+            await fs4.access(metadataPath);
           } catch {
-            await fs3.rm(path3.join(this.sessionsDir, entry.name), { recursive: true });
+            await fs4.rm(path4.join(this.sessionsDir, entry.name), { recursive: true });
             deletedCount++;
           }
         }
@@ -5584,8 +5812,8 @@ var SessionManager = class extends EventEmitter5 {
    */
   async deleteSession(sessionId) {
     try {
-      const sessionDir = path3.join(this.sessionsDir, sessionId);
-      await fs3.rm(sessionDir, { recursive: true });
+      const sessionDir = path4.join(this.sessionsDir, sessionId);
+      await fs4.rm(sessionDir, { recursive: true });
       this.emit("session_deleted", sessionId);
       return true;
     } catch {
@@ -5715,8 +5943,8 @@ function getSlashCommandRegistry() {
 }
 
 // src/core/context/context-manager.ts
-import { existsSync, mkdirSync, readFileSync, writeFileSync, renameSync } from "fs";
-import { join as join3, dirname as dirname2 } from "path";
+import { existsSync as existsSync2, mkdirSync, readFileSync as readFileSync2, writeFileSync, renameSync } from "fs";
+import { join as join4, dirname as dirname3 } from "path";
 import { EventEmitter as EventEmitter6 } from "events";
 var CONTEXT_EVENT = {
   MESSAGE_ADDED: "message_added",
@@ -5731,7 +5959,7 @@ var ContextManager2 = class extends EventEmitter6 {
   maxMessages;
   constructor(sessionDir, options) {
     super();
-    this.filePath = join3(sessionDir, "context.jsonl");
+    this.filePath = join4(sessionDir, "context.jsonl");
     this.maxMessages = options?.maxMessages || 100;
     this.state = {
       messages: [],
@@ -5739,8 +5967,8 @@ var ContextManager2 = class extends EventEmitter6 {
       tokenCount: 0,
       nextCheckpointId: 0
     };
-    const dir = dirname2(this.filePath);
-    if (!existsSync(dir)) {
+    const dir = dirname3(this.filePath);
+    if (!existsSync2(dir)) {
       mkdirSync(dir, { recursive: true });
     }
   }
@@ -5748,11 +5976,11 @@ var ContextManager2 = class extends EventEmitter6 {
    * Restore context from file
    */
   async restore() {
-    if (!existsSync(this.filePath)) {
+    if (!existsSync2(this.filePath)) {
       return false;
     }
     try {
-      const content = readFileSync(this.filePath, "utf-8");
+      const content = readFileSync2(this.filePath, "utf-8");
       const lines = content.trim().split("\n").filter((l) => l);
       for (const line of lines) {
         const data = JSON.parse(line);
@@ -5827,7 +6055,7 @@ var ContextManager2 = class extends EventEmitter6 {
       return false;
     }
     const backupPath = `${this.filePath}.bak`;
-    if (existsSync(this.filePath)) {
+    if (existsSync2(this.filePath)) {
       renameSync(this.filePath, backupPath);
     }
     this.state.messages = this.state.messages.slice(0, checkpoint.messageCount);
@@ -5851,7 +6079,7 @@ var ContextManager2 = class extends EventEmitter6 {
    */
   async clear() {
     const backupPath = `${this.filePath}.${Date.now()}.bak`;
-    if (existsSync(this.filePath)) {
+    if (existsSync2(this.filePath)) {
       renameSync(this.filePath, backupPath);
     }
     this.state = {
@@ -5899,7 +6127,7 @@ ${summary}`,
       metadata: { compacted: true }
     };
     const backupPath = `${this.filePath}.compact.bak`;
-    if (existsSync(this.filePath)) {
+    if (existsSync2(this.filePath)) {
       renameSync(this.filePath, backupPath);
     }
     this.state.messages = [summaryMessage, ...preserved];
@@ -5929,20 +6157,20 @@ ${summary}`,
 };
 
 // src/wire/wire-logger.ts
-import { existsSync as existsSync2, appendFileSync, readFileSync as readFileSync2, mkdirSync as mkdirSync2 } from "fs";
-import { join as join4, dirname as dirname3 } from "path";
+import { existsSync as existsSync3, appendFileSync, readFileSync as readFileSync3, mkdirSync as mkdirSync2 } from "fs";
+import { join as join5, dirname as dirname4 } from "path";
 var WireFile = class {
   filePath;
   sequence = 0;
   constructor(sessionDir) {
-    this.filePath = join4(sessionDir, "wire.jsonl");
-    const dir = dirname3(this.filePath);
-    if (!existsSync2(dir)) {
+    this.filePath = join5(sessionDir, "wire.jsonl");
+    const dir = dirname4(this.filePath);
+    if (!existsSync3(dir)) {
       mkdirSync2(dir, { recursive: true });
     }
-    if (existsSync2(this.filePath)) {
+    if (existsSync3(this.filePath)) {
       try {
-        const content = readFileSync2(this.filePath, "utf-8");
+        const content = readFileSync3(this.filePath, "utf-8");
         this.sequence = content.trim().split("\n").filter((l) => l).length;
       } catch {
         this.sequence = 0;
@@ -5968,10 +6196,10 @@ var WireFile = class {
    * Read all records from the wire log
    */
   async *readRecords() {
-    if (!existsSync2(this.filePath)) {
+    if (!existsSync3(this.filePath)) {
       return;
     }
-    const content = readFileSync2(this.filePath, "utf-8");
+    const content = readFileSync3(this.filePath, "utf-8");
     const lines = content.trim().split("\n").filter((l) => l);
     for (const line of lines) {
       try {
@@ -5984,11 +6212,11 @@ var WireFile = class {
    * Check if wire file is empty
    */
   isEmpty() {
-    if (!existsSync2(this.filePath)) {
+    if (!existsSync3(this.filePath)) {
       return true;
     }
     try {
-      const content = readFileSync2(this.filePath, "utf-8");
+      const content = readFileSync3(this.filePath, "utf-8");
       return content.trim().length === 0;
     } catch {
       return true;
@@ -6095,8 +6323,8 @@ function initWireLogger(sessionDir, sessionId) {
 // src/utils/clipboard.ts
 import { execSync } from "child_process";
 import { platform } from "os";
-import { existsSync as existsSync3, readFileSync as readFileSync3, unlinkSync as unlinkSync2 } from "fs";
-import { join as join5 } from "path";
+import { existsSync as existsSync4, readFileSync as readFileSync4, unlinkSync as unlinkSync2 } from "fs";
+import { join as join6 } from "path";
 import { tmpdir } from "os";
 function readClipboardText() {
   const os = platform();
@@ -6120,7 +6348,7 @@ function readClipboardText() {
 }
 function readClipboardImage() {
   const os = platform();
-  const tmpPath = join5(tmpdir(), `clipboard-${Date.now()}.png`);
+  const tmpPath = join6(tmpdir(), `clipboard-${Date.now()}.png`);
   try {
     if (os === "darwin") {
       const script = `
@@ -6136,8 +6364,8 @@ function readClipboardImage() {
                 end try
             `;
       const result = execSync(`osascript -e '${script}'`, { encoding: "utf-8" }).trim();
-      if (result === "success" && existsSync3(tmpPath)) {
-        const imageBuffer = readFileSync3(tmpPath);
+      if (result === "success" && existsSync4(tmpPath)) {
+        const imageBuffer = readFileSync4(tmpPath);
         const base64 = imageBuffer.toString("base64");
         return { path: tmpPath, base64, mimeType: "image/png" };
       }
@@ -6147,10 +6375,10 @@ function readClipboardImage() {
           encoding: "utf-8",
           shell: "/bin/bash"
         });
-        if (existsSync3(tmpPath)) {
+        if (existsSync4(tmpPath)) {
           const stats = __require("fs").statSync(tmpPath);
           if (stats.size > 0) {
-            const imageBuffer = readFileSync3(tmpPath);
+            const imageBuffer = readFileSync4(tmpPath);
             const base64 = imageBuffer.toString("base64");
             return { path: tmpPath, base64, mimeType: "image/png" };
           }
@@ -6169,8 +6397,8 @@ function readClipboardImage() {
                 }
             `;
       const result = execSync(`powershell -command "${script}"`, { encoding: "utf-8" }).trim();
-      if (result === "success" && existsSync3(tmpPath)) {
-        const imageBuffer = readFileSync3(tmpPath);
+      if (result === "success" && existsSync4(tmpPath)) {
+        const imageBuffer = readFileSync4(tmpPath);
         const base64 = imageBuffer.toString("base64");
         return { path: tmpPath, base64, mimeType: "image/png" };
       }
@@ -6178,7 +6406,7 @@ function readClipboardImage() {
   } catch (error) {
     console.error("Failed to read clipboard image:", error);
   }
-  if (existsSync3(tmpPath)) {
+  if (existsSync4(tmpPath)) {
     try {
       unlinkSync2(tmpPath);
     } catch {
@@ -6420,7 +6648,7 @@ var FindingDisplay = ({ block }) => {
 
 // src/cli/app.tsx
 import { homedir } from "os";
-import { join as join6 } from "path";
+import { join as join7 } from "path";
 
 // src/cli/utils/keyboard-listener.ts
 import { EventEmitter as EventEmitter7 } from "events";
@@ -6723,7 +6951,7 @@ var App = ({ autoApprove = false, target }) => {
   const [agent] = useState(() => new AutonomousHackingAgent(void 0, { autoApprove }));
   const sessionManager2 = getSessionManager();
   const approvalManager2 = getApprovalManager({ yoloMode: autoApprove });
-  const sessionDirRef = useRef(join6(homedir(), ".pentest", "sessions", `session-${Date.now()}`));
+  const sessionDirRef = useRef(join7(homedir(), ".pentest", "sessions", `session-${Date.now()}`));
   const contextManagerRef = useRef(null);
   const wireLoggerRef = useRef(null);
   const keyboardListenerRef = useRef(getKeyboardListener());
@@ -7740,8 +7968,8 @@ program.command("run <objective>").alias("r").description("Run a single objectiv
     const summary = agent.getSummary();
     console.log(JSON.stringify(summary, null, 2));
     if (options.output) {
-      const fs4 = await import("fs/promises");
-      await fs4.writeFile(options.output, JSON.stringify(summary, null, 2));
+      const fs5 = await import("fs/promises");
+      await fs5.writeFile(options.output, JSON.stringify(summary, null, 2));
       console.log(chalk.hex(THEME.text.accent)(`
 [+] Report saved to: ${options.output}`));
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.7.41",
+  "version": "0.7.44",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/index.js",
@@ -69,7 +69,8 @@
     "ink-text-input": "^6.0.0",
     "nanospinner": "^1.2.2",
     "ora": "^8.1.1",
-    "react": "^18.3.1"
+    "react": "^18.3.1",
+    "yaml": "^2.8.2"
   },
   "devDependencies": {
     "@types/node": "^22.13.1",