pentesting 0.70.9 → 0.70.10

package/README.md

@@ -30,7 +30,7 @@
 
 ## Purpose
 
-Pentesting support tool
+Pentesting support tool. Can autonomously execute network penetration tests or assist with generic Capture The Flag (CTF) challenges (such as Reverse Engineering, Cryptography, and binary analysis) without requiring a specific network target.
 
 ---
 

package/dist/main.js

@@ -759,7 +759,7 @@ var INPUT_PROMPT_PATTERNS = [
 
 // src/shared/constants/agent.ts
 var APP_NAME = "Pentest AI";
-var APP_VERSION = "0.70.9";
+var APP_VERSION = "0.70.10";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -814,7 +814,7 @@ import { render } from "ink";
 import chalk from "chalk";
 
 // src/platform/tui/app.tsx
-import { useState as useState6, useCallback as useCallback9, useRef as useRef8 } from "react";
+import { useState as useState7, useCallback as useCallback9, useRef as useRef9 } from "react";
 import { Box as Box20, useApp, useStdout as useStdout4 } from "ink";
 
 // src/platform/tui/hooks/useAgent.ts
@@ -1026,7 +1026,8 @@ var NOISE_CLASSIFICATION = {
     "set_scope",
     "bg_status",
     "bg_cleanup",
-    "health_check"
+    "health_check",
+    "ask_user"
   ]
 };
 
@@ -1173,7 +1174,9 @@ var EVENT_TYPES = {
   USAGE_UPDATE: "usage_update",
   INPUT_REQUEST: "input_request",
   FLAG_FOUND: "flag_found",
-  NOTIFICATION: "notification"
+  NOTIFICATION: "notification",
+  AUXILIARY_WORK_START: "auxiliary_work_start",
+  AUXILIARY_WORK_END: "auxiliary_work_end"
 };
 var COMMAND_EVENT_TYPES = {
   TOOL_MISSING: "tool_missing",
@@ -3395,11 +3398,25 @@ var SharedState = class {
    *   이 필드로 turn N의 reflection → turn N+1 prompt 레이어(epistemic-check)에 주입된다.
    */
   lastReflection = null;
+  /**
+   * Artifacts for CTF / Non-Network tasks (e.g., .bin files, source code).
+   */
+  artifacts = [];
+  /**
+   * Current objective for flexible task management.
+   */
+  currentObjective = null;
   constructor() {
     this.targetState = new TargetState(this.attackGraph);
     this.findingState = new FindingState();
     this.lootState = new LootState();
   }
+  /**
+   * Checks if the agent has a valid target, artifact, or general objective to work on.
+   */
+  hasActiveEngagement() {
+    return this.targetState.getAll().length > 0 || this.artifacts.length > 0 || this.currentObjective !== null;
+  }
   reset() {
     this.targetState.clear();
     this.findingState.clear();
@@ -3413,6 +3430,8 @@ var SharedState = class {
     this.episodicMemory.clear();
     this.dynamicTechniques.clear();
     this.lastReflection = null;
+    this.artifacts = [];
+    this.currentObjective = null;
   }
   // Delegation to MissionState
   setMissionSummary(summary) {
@@ -5108,6 +5127,7 @@ var StateSerializer = class {
   static toPrompt(state) {
     const lines = [];
     this.formatContextAndMission(state, lines);
+    this.formatArtifactsAndObjectives(state, lines);
     this.formatTargets(state, lines);
     this.formatFindings(state, lines);
     this.formatLoot(state, lines);
@@ -5118,6 +5138,17 @@ var StateSerializer = class {
     lines.push(`Phase: ${state.getPhase()}`);
     return lines.join("\n");
   }
+  static formatArtifactsAndObjectives(state, lines) {
+    if (state.currentObjective) {
+      lines.push(`Current Objective: ${state.currentObjective}`);
+    }
+    if (state.artifacts && state.artifacts.length > 0) {
+      lines.push(`Artifacts (${state.artifacts.length}):`);
+      for (const a of state.artifacts) {
+        lines.push(`  [${a.type}] ${a.id}: ${a.description}`);
+      }
+    }
+  }
   static formatContextAndMission(state, lines) {
     const engagement = state.getEngagement();
     const scope = state.getScope();
@@ -14759,6 +14790,9 @@ var MainAgent = class extends CoreAgent {
   }
   async execute(userInput) {
     this.userInput = userInput;
+    if (!this.state.hasActiveEngagement() && userInput.trim().length > 0) {
+      this.state.currentObjective = userInput.trim();
+    }
     emitStart(this.events, userInput, this.state);
     initializeTask(this.state);
     try {
@@ -14790,8 +14824,30 @@ var MainAgent = class extends CoreAgent {
     const turnToolJournal = this.getTurnToolJournal();
     const turnMemo = this.getTurnMemo();
     const turnReflections = [];
+    this.events.emit({
+      type: "auxiliary_work_start",
+      timestamp: Date.now(),
+      data: { type: "context_extraction" }
+    });
+    const extStart = Date.now();
     await processContextExtraction(messages, this.contextExtractor);
+    this.events.emit({
+      type: "auxiliary_work_end",
+      timestamp: Date.now(),
+      data: { type: "context_extraction", durationMs: Date.now() - extStart, success: true }
+    });
+    this.events.emit({
+      type: "auxiliary_work_start",
+      timestamp: Date.now(),
+      data: { type: "reflection" }
+    });
+    const refStart = Date.now();
     const reflection = await processReflection(turnToolJournal, turnMemo, this.state.getPhase(), this.reflector);
+    this.events.emit({
+      type: "auxiliary_work_end",
+      timestamp: Date.now(),
+      data: { type: "reflection", durationMs: Date.now() - refStart, success: !!reflection }
+    });
     if (reflection) {
       turnReflections.push(reflection);
       this.state.lastReflection = reflection;
@@ -15280,6 +15336,13 @@ function createLifecycleHandlers(agent, state, _reasoningBufferRef) {
     const prefix = e.data.level === "error" ? "\u274C" : e.data.level === "warning" ? "\u26A0\uFE0F" : e.data.level === "success" ? "\u2705" : "\u{1F514}";
     addMessage("system", `${prefix} [${e.data.title}] ${e.data.message}`);
   };
+  const onAuxiliaryWorkStart = (e) => {
+    const msg = e.data.type === "context_extraction" ? "Compressing context..." : "Reflecting on actions...";
+    setCurrentStatus(msg);
+  };
+  const onAuxiliaryWorkEnd = () => {
+    setCurrentStatus("");
+  };
   return {
     onComplete,
     onRetry,
@@ -15289,7 +15352,9 @@ function createLifecycleHandlers(agent, state, _reasoningBufferRef) {
     onUsageUpdate,
     onFlagFound,
     onPhaseChange,
-    onNotification
+    onNotification,
+    onAuxiliaryWorkStart,
+    onAuxiliaryWorkEnd
   };
 }
 
@@ -15455,6 +15520,8 @@ var useAgentEvents = (agent, eventsRef, state) => {
     events.on(EVENT_TYPES.FLAG_FOUND, lifecycleHandlers.onFlagFound);
     events.on(EVENT_TYPES.PHASE_CHANGE, lifecycleHandlers.onPhaseChange);
     events.on(EVENT_TYPES.NOTIFICATION, lifecycleHandlers.onNotification);
+    events.on(EVENT_TYPES.AUXILIARY_WORK_START, lifecycleHandlers.onAuxiliaryWorkStart);
+    events.on(EVENT_TYPES.AUXILIARY_WORK_END, lifecycleHandlers.onAuxiliaryWorkEnd);
     events.on(EVENT_TYPES.STATE_CHANGE, updateStats);
     events.on(EVENT_TYPES.START, updateStats);
     events.on(EVENT_TYPES.REASONING_START, reasoningHandlers.onStart);
@@ -15526,30 +15593,46 @@ var useAgent = (shouldAutoApprove, target) => {
   useAgentEvents(agent, eventsRef, state);
   const abortedRef = useRef3(false);
   const executeTask = useCallback2(async (task) => {
-    abortedRef.current = false;
-    setTurnCount((n) => n + 1);
-    setIsProcessing(true);
-    manageTimer("start");
-    setCurrentStatus("Thinking");
-    resetCumulativeCounters();
-    try {
-      const response = await agent.execute(task);
-      if (abortedRef.current) return;
-      const meta = lastResponseMetaRef.current;
-      const suffix = meta ? ` ${formatMeta(meta.durationMs || 0, (meta.tokens?.input || 0) + (meta.tokens?.output || 0))}` : "";
-      addMessage("ai", response + suffix);
-    } catch (e) {
-      if (!abortedRef.current) {
+    let currentTask = task;
+    while (true) {
+      abortedRef.current = false;
+      setTurnCount((n) => n + 1);
+      setIsProcessing(true);
+      manageTimer("start");
+      setCurrentStatus("Thinking");
+      resetCumulativeCounters();
+      try {
+        const response = await agent.execute(currentTask);
+        if (abortedRef.current) {
+          if (agent.hasPendingUserInput()) {
+            currentTask = "";
+            continue;
+          }
+          return;
+        }
+        const meta = lastResponseMetaRef.current;
+        const suffix = meta ? ` ${formatMeta(meta.durationMs || 0, (meta.tokens?.input || 0) + (meta.tokens?.output || 0))}` : "";
+        addMessage("ai", response + suffix);
+        break;
+      } catch (e) {
+        if (abortedRef.current) {
+          if (agent.hasPendingUserInput()) {
+            currentTask = "";
+            continue;
+          }
+          return;
+        }
         addMessage("error", e instanceof Error ? e.message : String(e));
-      }
-    } finally {
-      if (!abortedRef.current) {
-        manageTimer("stop");
-        setIsProcessing(false);
-        setCurrentStatus("");
+        break;
+      } finally {
+        if (!abortedRef.current) {
+          manageTimer("stop");
+          setIsProcessing(false);
+          setCurrentStatus("");
+        }
       }
     }
-  }, [agent, addMessage, manageTimer, resetCumulativeCounters, setIsProcessing, lastResponseMetaRef, setCurrentStatus]);
+  }, [agent, addMessage, manageTimer, resetCumulativeCounters, setIsProcessing, lastResponseMetaRef, setCurrentStatus, setTurnCount]);
   const abort = useCallback2(() => {
     abortedRef.current = true;
     agent.abort();
@@ -15603,7 +15686,7 @@ var useAgent = (shouldAutoApprove, target) => {
 };
 
 // src/platform/tui/hooks/commands/index.ts
-import { useCallback as useCallback3 } from "react";
+import { useCallback as useCallback3, useMemo } from "react";
 
 // src/platform/tui/constants/commands.ts
 var COMMAND_DEFINITIONS = [
@@ -15710,7 +15793,7 @@ var createTargetCommands = (ctx) => ({
       ctx.addMessage("error", "Usage: /target <ip>");
       return;
     }
-    if (ctx.agent.getState().getTargets().size > 0) {
+    if (ctx.agent.getState().hasActiveEngagement()) {
       await ctx.agent.resetSession();
       ctx.addMessage("system", "Previous target data cleared. Starting fresh session for the new target.");
     }
@@ -15732,8 +15815,8 @@ var createTargetCommands = (ctx) => ({
     ctx.addMessage("system", `Target \u2192 ${args[0]}`);
   },
   [UI_COMMANDS.START]: async (args) => {
-    if (!ctx.agent.getState().getTargets().size) {
-      ctx.addMessage("error", "Set target first: /target <ip>");
+    if (!ctx.agent.getState().hasActiveEngagement()) {
+      ctx.addMessage("error", "Set a target first: /target <ip>, or ask me to perform a specific task.");
       return;
     }
     if (!ctx.autoApproveModeRef.current) {
@@ -15747,8 +15830,8 @@ var createTargetCommands = (ctx) => ({
     await ctx.executeTask(args.join(" ") || `Perform comprehensive penetration testing${targetInfo}`);
   },
   [UI_COMMANDS.START_SHORT]: async (args) => {
-    if (!ctx.agent.getState().getTargets().size) {
-      ctx.addMessage("error", "Set target first: /target <ip>");
+    if (!ctx.agent.getState().hasActiveEngagement()) {
+      ctx.addMessage("error", "Set a target first: /target <ip>, or ask me to perform a specific task.");
       return;
     }
     if (!ctx.autoApproveModeRef.current) {
@@ -16090,7 +16173,7 @@ var createToggleCommands = (ctx) => ({
 
 // src/platform/tui/hooks/commands/index.ts
 var useCommands = (props) => {
-  const ctx = {
+  const ctx = useMemo(() => ({
     agent: props.agent,
     addMessage: props.addMessage,
     showModal: props.showModal,
@@ -16101,13 +16184,24 @@ var useCommands = (props) => {
     handleExit: props.handleExit,
     isProcessingRef: props.isProcessingRef,
     autoApproveModeRef: props.autoApproveModeRef
-  };
-  const handlers = {
+  }), [
+    props.agent,
+    props.addMessage,
+    props.showModal,
+    props.setMessages,
+    props.executeTask,
+    props.refreshStats,
+    props.setAutoApproveMode,
+    props.handleExit,
+    props.isProcessingRef,
+    props.autoApproveModeRef
+  ]);
+  const handlers = useMemo(() => ({
     ...createSessionCommands(ctx),
     ...createTargetCommands(ctx),
     ...createDisplayCommands(ctx),
     ...createToggleCommands(ctx)
-  };
+  }), [ctx]);
   const handleCommand = useCallback3(async (cmd, args) => {
     const handler = handlers[cmd];
     if (handler) {
@@ -16860,7 +16954,7 @@ var BrandingHeader = memo7(({ modelName, autoApproveMode, version, showGuide = f
         /* @__PURE__ */ jsxs7(Box8, { gap: 2, children: [
           /* @__PURE__ */ jsx9(Text8, { color: THEME.primary, children: "\u276F" }),
           /* @__PURE__ */ jsx9(Text8, { color: THEME.white, children: "/target <ip>" }),
-          /* @__PURE__ */ jsx9(Text8, { color: THEME.dimGray, children: "Set target IP or domain" })
+          /* @__PURE__ */ jsx9(Text8, { color: THEME.dimGray, children: "Set a network target" })
         ] }),
         /* @__PURE__ */ jsxs7(Box8, { gap: 2, children: [
           /* @__PURE__ */ jsx9(Text8, { color: THEME.primary, children: "\u276F" }),
@@ -16872,7 +16966,7 @@ var BrandingHeader = memo7(({ modelName, autoApproveMode, version, showGuide = f
           /* @__PURE__ */ jsx9(Text8, { color: THEME.white, children: "/help" }),
           /* @__PURE__ */ jsx9(Text8, { color: THEME.dimGray, children: "        Show all commands" })
         ] }),
-        /* @__PURE__ */ jsx9(Box8, { paddingTop: 1, children: /* @__PURE__ */ jsx9(Text8, { color: THEME.dimGray, children: "Or just type a task and press Enter." }) })
+        /* @__PURE__ */ jsx9(Box8, { paddingTop: 1, children: /* @__PURE__ */ jsx9(Text8, { color: THEME.gray, children: 'Or type an objective (e.g. "Solve this python script").' }) })
       ] })
     ] })
   ] });
@@ -17093,8 +17187,8 @@ var StatusDisplay = memo11(({
 });
 
 // src/platform/tui/components/ChatInput.tsx
-import { useMemo, useCallback as useCallback7, useRef as useRef6, memo as memo12, useState as useState5, useEffect as useEffect7 } from "react";
-import { Box as Box16, Text as Text17, useInput as useInput2 } from "ink";
+import { useMemo as useMemo2, useCallback as useCallback7, useRef as useRef7, memo as memo12, useState as useState6, useEffect as useEffect8 } from "react";
+import { Box as Box16, Text as Text18, useInput as useInput3 } from "ink";
 
 // src/platform/tui/components/input/AutocompletePreview.tsx
 import { Box as Box13, Text as Text14 } from "ink";
@@ -17123,9 +17217,74 @@ var AutocompletePreview = ({
 };
 
 // src/platform/tui/components/input/SecretInputArea.tsx
-import { Box as Box14, Text as Text15, useStdout } from "ink";
-import TextInput from "ink-text-input";
+import { Box as Box14, Text as Text16, useStdout } from "ink";
+
+// src/platform/tui/components/input/SimpleTextInput.tsx
+import { useState as useState5, useEffect as useEffect7, useRef as useRef6 } from "react";
+import { Text as Text15, useInput as useInput2 } from "ink";
 import { jsx as jsx17, jsxs as jsxs12 } from "react/jsx-runtime";
+var SimpleTextInput = ({
+  value,
+  onChange,
+  onSubmit,
+  placeholder,
+  isPassword
+}) => {
+  const [cursor, setCursor] = useState5(Array.from(value || "").length);
+  const valueRef = useRef6(value || "");
+  valueRef.current = value || "";
+  useEffect7(() => {
+    const len = Array.from(valueRef.current).length;
+    if (cursor > len) setCursor(len);
+  }, [value, cursor]);
+  useInput2((input, key) => {
+    if (key.ctrl && input === "c") return;
+    if (key.upArrow || key.downArrow || key.tab) return;
+    if (key.return) {
+      onSubmit?.(valueRef.current);
+      return;
+    }
+    const chars2 = Array.from(valueRef.current);
+    let c2 = cursor;
+    if (key.leftArrow) {
+      c2 = Math.max(0, c2 - 1);
+    } else if (key.rightArrow) {
+      c2 = Math.min(chars2.length, c2 + 1);
+    } else if (key.backspace || key.delete) {
+      if (c2 > 0) {
+        chars2.splice(c2 - 1, 1);
+        c2--;
+        onChange(chars2.join(""));
+      }
+    } else if (input) {
+      const inputChars = Array.from(input);
+      chars2.splice(c2, 0, ...inputChars);
+      c2 += inputChars.length;
+      onChange(chars2.join(""));
+    }
+    setCursor(c2);
+  }, { isActive: true });
+  const displayValue = isPassword ? "\u2022".repeat(Array.from(valueRef.current).length) : valueRef.current;
+  const chars = Array.from(displayValue);
+  if (chars.length === 0) {
+    return /* @__PURE__ */ jsxs12(Text15, { children: [
+      /* @__PURE__ */ jsx17(Text15, { inverse: true, children: " " }),
+      placeholder ? /* @__PURE__ */ jsx17(Text15, { color: "gray", children: placeholder }) : null
+    ] });
+  }
+  const c = Math.min(cursor, chars.length);
+  const before = chars.slice(0, c).join("");
+  const charAtCursor = c < chars.length ? chars[c] : " ";
+  const after = chars.slice(c + 1).join("");
+  return /* @__PURE__ */ jsxs12(Text15, { children: [
+    before,
+    /* @__PURE__ */ jsx17(Text15, { inverse: true, children: charAtCursor }),
+    after
+  ] });
+};
+
+// src/platform/tui/components/input/SecretInputArea.tsx
+import { jsx as jsx18, jsxs as jsxs13 } from "react/jsx-runtime";
 var OUTER_PADDING = 2;
 var SecretInputArea = ({
   inputRequest,
@@ -17136,29 +17295,28 @@ var SecretInputArea = ({
   const { stdout } = useStdout();
   const borderWidth = Math.max(10, (stdout?.columns ?? 80) - OUTER_PADDING);
   const borderLine = "\u2501".repeat(borderWidth);
-  return /* @__PURE__ */ jsxs12(Box14, { flexDirection: "column", children: [
-    /* @__PURE__ */ jsx17(Box14, { children: /* @__PURE__ */ jsx17(Text15, { color: THEME.yellow, children: borderLine }) }),
-    /* @__PURE__ */ jsxs12(Box14, { paddingX: 1, children: [
-      /* @__PURE__ */ jsx17(Text15, { color: THEME.yellow, bold: true, children: "\u25B8 " }),
-      /* @__PURE__ */ jsx17(
-        TextInput,
+  return /* @__PURE__ */ jsxs13(Box14, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsx18(Box14, { children: /* @__PURE__ */ jsx18(Text16, { color: THEME.yellow, children: borderLine }) }),
+    /* @__PURE__ */ jsxs13(Box14, { paddingX: 1, children: [
+      /* @__PURE__ */ jsx18(Text16, { color: THEME.yellow, bold: true, children: "\u25B8 " }),
+      /* @__PURE__ */ jsx18(
+        SimpleTextInput,
         {
           value: secretInput,
           onChange: setSecretInput,
           onSubmit: onSecretSubmit,
           placeholder: inputRequest.isPassword ? "(hidden \xB7 press Enter)" : "(type and press Enter)",
-          mask: inputRequest.isPassword ? "\u2022" : void 0
+          isPassword: inputRequest.isPassword
         }
       )
     ] }),
-    /* @__PURE__ */ jsx17(Box14, { children: /* @__PURE__ */ jsx17(Text15, { color: THEME.yellow, children: borderLine }) })
+    /* @__PURE__ */ jsx18(Box14, { children: /* @__PURE__ */ jsx18(Text16, { color: THEME.yellow, children: borderLine }) })
   ] });
 };
 
 // src/platform/tui/components/input/NormalInputArea.tsx
-import { Box as Box15, Text as Text16, useStdout as useStdout2 } from "ink";
-import TextInput2 from "ink-text-input";
-import { jsx as jsx18, jsxs as jsxs13 } from "react/jsx-runtime";
+import { Box as Box15, Text as Text17, useStdout as useStdout2 } from "ink";
+import { jsx as jsx19, jsxs as jsxs14 } from "react/jsx-runtime";
 var OUTER_PADDING2 = 2;
 var NormalInputArea = ({
   inputKey,
@@ -17170,12 +17328,12 @@ var NormalInputArea = ({
   const { stdout } = useStdout2();
   const borderWidth = Math.max(10, (stdout?.columns ?? 80) - OUTER_PADDING2);
   const borderLine = "\u2500".repeat(borderWidth);
-  return /* @__PURE__ */ jsxs13(Box15, { flexDirection: "column", children: [
-    /* @__PURE__ */ jsx18(Box15, { children: /* @__PURE__ */ jsx18(Text16, { dimColor: true, color: THEME.dimGray, children: borderLine }) }),
-    /* @__PURE__ */ jsxs13(Box15, { paddingX: 1, children: [
-      /* @__PURE__ */ jsx18(Text16, { color: THEME.primary, children: "\u276F " }),
-      /* @__PURE__ */ jsx18(
-        TextInput2,
+  return /* @__PURE__ */ jsxs14(Box15, { flexDirection: "column", children: [
+    /* @__PURE__ */ jsx19(Box15, { children: /* @__PURE__ */ jsx19(Text17, { dimColor: true, color: THEME.dimGray, children: borderLine }) }),
+    /* @__PURE__ */ jsxs14(Box15, { paddingX: 1, children: [
+      /* @__PURE__ */ jsx19(Text17, { color: THEME.primary, children: "\u276F " }),
+      /* @__PURE__ */ jsx19(
+        SimpleTextInput,
         {
           value,
           onChange,
@@ -17185,12 +17343,12 @@ var NormalInputArea = ({
         inputKey
       )
     ] }),
-    /* @__PURE__ */ jsx18(Box15, { children: /* @__PURE__ */ jsx18(Text16, { dimColor: true, color: THEME.dimGray, children: borderLine }) })
+    /* @__PURE__ */ jsx19(Box15, { children: /* @__PURE__ */ jsx19(Text17, { dimColor: true, color: THEME.dimGray, children: borderLine }) })
   ] });
 };
 
 // src/platform/tui/components/ChatInput.tsx
-import { jsx as jsx19, jsxs as jsxs14 } from "react/jsx-runtime";
+import { jsx as jsx20, jsxs as jsxs15 } from "react/jsx-runtime";
 var MAX_SUGGESTIONS = 6;
 var ChatInput = memo12(({
   value,
@@ -17205,31 +17363,43 @@ var ChatInput = memo12(({
   const isSlashMode = value.startsWith("/");
   const partialCmd = isSlashMode ? value.slice(1).split(" ")[0] : "";
   const hasArgs = isSlashMode && value.includes(" ");
-  const suggestions = useMemo(() => {
+  const suggestions = useMemo2(() => {
     if (!isSlashMode || hasArgs) return [];
     return getMatchingCommands(partialCmd).slice(0, MAX_SUGGESTIONS);
   }, [isSlashMode, partialCmd, hasArgs]);
   const showPreview = isSlashMode && !hasArgs && suggestions.length > 0;
-  const [selectedIdx, setSelectedIdx] = useState5(0);
+  const [selectedIdx, setSelectedIdx] = useState6(0);
   const clampedIdx = Math.min(selectedIdx, Math.max(0, suggestions.length - 1));
-  const selectedIdxRef = useRef6(clampedIdx);
+  const selectedIdxRef = useRef7(clampedIdx);
   selectedIdxRef.current = clampedIdx;
-  const suggestionsRef = useRef6(suggestions);
+  const suggestionsRef = useRef7(suggestions);
   suggestionsRef.current = suggestions;
-  const isSlashModeRef = useRef6(isSlashMode);
+  const isSlashModeRef = useRef7(isSlashMode);
   isSlashModeRef.current = isSlashMode;
-  const hasArgsRef = useRef6(hasArgs);
+  const hasArgsRef = useRef7(hasArgs);
   hasArgsRef.current = hasArgs;
-  const showPreviewRef = useRef6(showPreview);
+  const showPreviewRef = useRef7(showPreview);
   showPreviewRef.current = showPreview;
-  const inputRequestRef = useRef6(inputRequest);
+  const inputRequestRef = useRef7(inputRequest);
   inputRequestRef.current = inputRequest;
-  const onChangeRef = useRef6(onChange);
+  const onChangeRef = useRef7(onChange);
   onChangeRef.current = onChange;
-  const [pastedHint, setPastedHint] = useState5(null);
-  const prevValueRef = useRef6(value);
-  const pasteTimerRef = useRef6(null);
-  useEffect7(() => {
+  const latestValueRef = useRef7(value);
+  latestValueRef.current = value;
+  const handleLocalChange = useCallback7((newVal) => {
+    latestValueRef.current = newVal;
+    onChange(newVal);
+  }, [onChange]);
+  const latestSecretRef = useRef7(secretInput);
+  latestSecretRef.current = secretInput;
+  const handleSecretChange = useCallback7((newVal) => {
+    latestSecretRef.current = newVal;
+    setSecretInput(newVal);
+  }, [setSecretInput]);
+  const [pastedHint, setPastedHint] = useState6(null);
+  const prevValueRef = useRef7(value);
+  const pasteTimerRef = useRef7(null);
+  useEffect8(() => {
     const diff = value.length - prevValueRef.current.length;
     if (diff > 20) {
       if (pasteTimerRef.current) clearTimeout(pasteTimerRef.current);
@@ -17241,7 +17411,7 @@ var ChatInput = memo12(({
       if (pasteTimerRef.current) clearTimeout(pasteTimerRef.current);
     };
   }, [value]);
-  const [inputKey, setInputKey] = useState5(0);
+  const [inputKey, setInputKey] = useState6(0);
   const completeCommand = useCallback7((idx) => {
     const sug = suggestionsRef.current;
     if (!sug.length) return;
@@ -17252,13 +17422,14 @@ var ChatInput = memo12(({
     setSelectedIdx(0);
     setInputKey((k) => k + 1);
   }, []);
-  const onSubmitRef = useRef6(onSubmit);
+  const onSubmitRef = useRef7(onSubmit);
   onSubmitRef.current = onSubmit;
-  const wrappedOnSubmit = useCallback7((val) => {
+  const wrappedOnSubmit = useCallback7((_staleVal) => {
+    const finalValue = latestValueRef.current;
     if (showPreviewRef.current) {
       const sug = suggestionsRef.current;
       if (!sug.length) {
-        onSubmitRef.current(val);
+        onSubmitRef.current(finalValue);
         return;
       }
       const best = sug[Math.min(selectedIdxRef.current, sug.length - 1)];
@@ -17271,9 +17442,14 @@ var ChatInput = memo12(({
       }
       return;
     }
-    onSubmitRef.current(val);
+    onSubmitRef.current(finalValue);
   }, [completeCommand]);
-  useInput2(useCallback7((_input, key) => {
+  const onSecretSubmitRef = useRef7(onSecretSubmit);
+  onSecretSubmitRef.current = onSecretSubmit;
+  const wrappedSecretSubmit = useCallback7((_staleVal) => {
+    onSecretSubmitRef.current(latestSecretRef.current);
+  }, []);
+  useInput3(useCallback7((_input, key) => {
     if (inputRequestRef.current.status === "active") return;
     const sug = suggestionsRef.current;
     const visible = showPreviewRef.current;
@@ -17289,8 +17465,8 @@ var ChatInput = memo12(({
       completeCommand(selectedIdxRef.current);
     }
   }, [completeCommand]));
-  return /* @__PURE__ */ jsxs14(Box16, { flexDirection: "column", children: [
-    showPreview && /* @__PURE__ */ jsx19(
+  return /* @__PURE__ */ jsxs15(Box16, { flexDirection: "column", children: [
+    showPreview && /* @__PURE__ */ jsx20(
       AutocompletePreview,
       {
         suggestions,
@@ -17299,36 +17475,36 @@ var ChatInput = memo12(({
     ),
     inputRequest.status === "active" ? (
       /* Active input request — yellow top/bottom border */
-      /* @__PURE__ */ jsx19(
+      /* @__PURE__ */ jsx20(
         SecretInputArea,
         {
           inputRequest,
           secretInput,
-          setSecretInput,
-          onSecretSubmit
+          setSecretInput: handleSecretChange,
+          onSecretSubmit: wrappedSecretSubmit
         }
       )
     ) : (
       /* Normal input — dim top/bottom border */
-      /* @__PURE__ */ jsx19(
+      /* @__PURE__ */ jsx20(
         NormalInputArea,
         {
           inputKey,
           value,
-          onChange,
+          onChange: handleLocalChange,
           onSubmit: wrappedOnSubmit,
           placeholder
         }
       )
     ),
-    pastedHint && /* @__PURE__ */ jsx19(Box16, { paddingX: 2, children: /* @__PURE__ */ jsx19(Text17, { dimColor: true, color: THEME.dimGray, children: pastedHint }) })
+    pastedHint && /* @__PURE__ */ jsx20(Box16, { paddingX: 2, children: /* @__PURE__ */ jsx20(Text18, { dimColor: true, color: THEME.dimGray, children: pastedHint }) })
   ] });
 });
 
 // src/platform/tui/components/footer.tsx
 import { memo as memo13 } from "react";
-import { Box as Box17, Text as Text18 } from "ink";
-import { jsx as jsx20, jsxs as jsxs15 } from "react/jsx-runtime";
+import { Box as Box17, Text as Text19 } from "ink";
+import { jsx as jsx21, jsxs as jsxs16 } from "react/jsx-runtime";
 var CTX_WARN_THRESHOLD = 0.8;
 var MAX_CONTEXT_TOKENS = LLM_LIMITS.streamMaxTokens;
 var formatElapsed = (totalSeconds) => {
@@ -17344,7 +17520,7 @@ var formatElapsed = (totalSeconds) => {
 var Footer = memo13(({ phase, targets, findings, todo, elapsedTime, isProcessing, totalTokens, turnCount }) => {
   const ctxPct = totalTokens > 0 ? Math.round(totalTokens / MAX_CONTEXT_TOKENS * 100) : 0;
   const ctxColor = ctxPct >= CTX_WARN_THRESHOLD * 100 ? THEME.yellow : THEME.dimGray;
-  return /* @__PURE__ */ jsxs15(
+  return /* @__PURE__ */ jsxs16(
     Box17,
     {
       width: "100%",
@@ -17352,44 +17528,44 @@ var Footer = memo13(({ phase, targets, findings, todo, elapsedTime, isProcessing
       justifyContent: "space-between",
       overflow: "hidden",
       children: [
-        /* @__PURE__ */ jsxs15(Box17, { gap: 2, children: [
-          /* @__PURE__ */ jsxs15(Text18, { color: THEME.gray, children: [
+        /* @__PURE__ */ jsxs16(Box17, { gap: 2, children: [
+          /* @__PURE__ */ jsxs16(Text19, { color: THEME.gray, children: [
             "Phase: ",
-            /* @__PURE__ */ jsx20(Text18, { color: THEME.white, children: phase })
+            /* @__PURE__ */ jsx21(Text19, { color: THEME.white, children: phase })
           ] }),
-          /* @__PURE__ */ jsxs15(Text18, { color: THEME.gray, children: [
+          /* @__PURE__ */ jsxs16(Text19, { color: THEME.gray, children: [
             "Targets: ",
-            /* @__PURE__ */ jsx20(Text18, { color: THEME.white, children: targets })
+            /* @__PURE__ */ jsx21(Text19, { color: THEME.white, children: targets })
           ] }),
-          /* @__PURE__ */ jsxs15(Text18, { color: THEME.gray, children: [
+          /* @__PURE__ */ jsxs16(Text19, { color: THEME.gray, children: [
             "Findings: ",
-            /* @__PURE__ */ jsx20(Text18, { color: THEME.white, children: findings })
+            /* @__PURE__ */ jsx21(Text19, { color: THEME.white, children: findings })
           ] }),
-          /* @__PURE__ */ jsxs15(Text18, { color: THEME.gray, children: [
+          /* @__PURE__ */ jsxs16(Text19, { color: THEME.gray, children: [
             "Tasks: ",
-            /* @__PURE__ */ jsx20(Text18, { color: THEME.white, children: todo })
+            /* @__PURE__ */ jsx21(Text19, { color: THEME.white, children: todo })
           ] })
         ] }),
-        /* @__PURE__ */ jsxs15(Box17, { gap: 2, children: [
-          isProcessing ? /* @__PURE__ */ jsxs15(Box17, { gap: 1, children: [
-            /* @__PURE__ */ jsx20(Text18, { dimColor: true, color: THEME.dimGray, children: "[ESC] abort" }),
-            /* @__PURE__ */ jsx20(Text18, { dimColor: true, color: THEME.dimGray, children: "[^C\xD72] exit" })
-          ] }) : /* @__PURE__ */ jsx20(Text18, { dimColor: true, color: THEME.dimGray, children: "[/help] commands" }),
-          turnCount > 0 && /* @__PURE__ */ jsxs15(Text18, { dimColor: true, color: THEME.dimGray, children: [
+        /* @__PURE__ */ jsxs16(Box17, { gap: 2, children: [
+          isProcessing ? /* @__PURE__ */ jsxs16(Box17, { gap: 1, children: [
+            /* @__PURE__ */ jsx21(Text19, { dimColor: true, color: THEME.dimGray, children: "[ESC] abort" }),
+            /* @__PURE__ */ jsx21(Text19, { dimColor: true, color: THEME.dimGray, children: "[^C\xD72] exit" })
+          ] }) : /* @__PURE__ */ jsx21(Text19, { dimColor: true, color: THEME.dimGray, children: "[/help] commands" }),
+          turnCount > 0 && /* @__PURE__ */ jsxs16(Text19, { dimColor: true, color: THEME.dimGray, children: [
             "turn:",
             turnCount
           ] }),
-          totalTokens > 0 && /* @__PURE__ */ jsxs15(Text18, { dimColor: true, color: ctxColor, children: [
+          totalTokens > 0 && /* @__PURE__ */ jsxs16(Text19, { dimColor: true, color: ctxColor, children: [
             "ctx:",
             ctxPct,
             "%"
           ] }),
-          totalTokens > 0 && /* @__PURE__ */ jsxs15(Text18, { dimColor: true, color: THEME.dimGray, children: [
+          totalTokens > 0 && /* @__PURE__ */ jsxs16(Text19, { dimColor: true, color: THEME.dimGray, children: [
             "\u2191",
             formatTokens(totalTokens)
           ] }),
-          /* @__PURE__ */ jsx20(Text18, { color: isProcessing ? THEME.primary : THEME.gray, children: isProcessing ? "Running " : "Idle " }),
-          /* @__PURE__ */ jsx20(Text18, { color: THEME.white, children: formatElapsed(elapsedTime) })
+          /* @__PURE__ */ jsx21(Text19, { color: isProcessing ? THEME.primary : THEME.gray, children: isProcessing ? "Running " : "Idle " }),
+          /* @__PURE__ */ jsx21(Text19, { color: THEME.white, children: formatElapsed(elapsedTime) })
         ] })
       ]
     }
@@ -17398,9 +17574,9 @@ var Footer = memo13(({ phase, targets, findings, todo, elapsedTime, isProcessing
 var footer_default = Footer;
 
 // src/platform/tui/components/Modal.tsx
-import { useMemo as useMemo2, memo as memo14, useCallback as useCallback8, useRef as useRef7 } from "react";
-import { Box as Box18, Text as Text19, useStdout as useStdout3, useInput as useInput3 } from "ink";
-import { jsx as jsx21, jsxs as jsxs16 } from "react/jsx-runtime";
+import { useMemo as useMemo3, memo as memo14, useCallback as useCallback8, useRef as useRef8 } from "react";
+import { Box as Box18, Text as Text20, useStdout as useStdout3, useInput as useInput4 } from "ink";
+import { jsx as jsx22, jsxs as jsxs17 } from "react/jsx-runtime";
 var MODAL_TITLES = {
   findings: "\u25C8 FINDINGS \u25C8",
   graph: "\u25C8 ATTACK GRAPH \u25C8",
@@ -17413,21 +17589,21 @@ var Modal = memo14(({
   onScroll,
   onClose
 }) => {
-  const onScrollRef = useRef7(onScroll);
+  const onScrollRef = useRef8(onScroll);
   onScrollRef.current = onScroll;
-  const onCloseRef = useRef7(onClose);
+  const onCloseRef = useRef8(onClose);
   onCloseRef.current = onClose;
   const { stdout } = useStdout3();
   const terminalHeight = stdout?.rows ?? 24;
   const terminalWidth = (stdout?.columns ?? 80) - 4;
   const maxHeight = Math.max(1, terminalHeight - 6);
-  const lines = useMemo2(() => content.split("\n"), [content]);
+  const lines = useMemo3(() => content.split("\n"), [content]);
   const totalLines = lines.length;
-  const visibleLines = useMemo2(
+  const visibleLines = useMemo3(
     () => lines.slice(scrollOffset, scrollOffset + maxHeight),
     [lines, scrollOffset, maxHeight]
   );
-  useInput3(useCallback8((input, key) => {
+  useInput4(useCallback8((input, key) => {
     if (key.escape || input === "q") {
       onCloseRef.current();
     } else if (key.upArrow || input === "k") {
@@ -17444,19 +17620,19 @@ var Modal = memo14(({
   const endLine = Math.min(scrollOffset + maxHeight, totalLines);
   const scrollbarHeight = Math.max(1, Math.floor(maxHeight * (maxHeight / Math.max(totalLines, 1))));
   const scrollbarPosition = totalLines > maxHeight ? Math.floor(scrollOffset / (totalLines - maxHeight) * (maxHeight - scrollbarHeight)) : 0;
-  return /* @__PURE__ */ jsxs16(
+  return /* @__PURE__ */ jsxs17(
     Box18,
     {
       flexDirection: "column",
       width: terminalWidth,
       height: terminalHeight,
       children: [
-        /* @__PURE__ */ jsx21(Box18, { justifyContent: "center", marginBottom: 0, children: /* @__PURE__ */ jsx21(Text19, { color: THEME.cyan, bold: true, children: (() => {
+        /* @__PURE__ */ jsx22(Box18, { justifyContent: "center", marginBottom: 0, children: /* @__PURE__ */ jsx22(Text20, { color: THEME.cyan, bold: true, children: (() => {
           const title = MODAL_TITLES[type];
           const sideWidth = Math.max(3, Math.floor((terminalWidth - title.length - 2) / 2));
           return `${"\u2500".repeat(sideWidth)} ${title} ${"\u2500".repeat(sideWidth)}`;
         })() }) }),
-        /* @__PURE__ */ jsx21(
+        /* @__PURE__ */ jsx22(
           Box18,
           {
             flexDirection: "column",
@@ -17466,17 +17642,17 @@ var Modal = memo14(({
             flexGrow: 1,
             children: visibleLines.map((line, i) => {
               const showScrollbar = totalLines > maxHeight && i >= scrollbarPosition && i < scrollbarPosition + scrollbarHeight;
-              return /* @__PURE__ */ jsxs16(Box18, { children: [
-                /* @__PURE__ */ jsx21(Text19, { color: THEME.white, wrap: "truncate", children: line }),
-                /* @__PURE__ */ jsx21(Box18, { flexGrow: 1 }),
-                totalLines > maxHeight && /* @__PURE__ */ jsx21(Text19, { color: showScrollbar ? THEME.cyan : THEME.dimGray, children: showScrollbar ? "\u2588" : "\u2502" })
+              return /* @__PURE__ */ jsxs17(Box18, { children: [
+                /* @__PURE__ */ jsx22(Text20, { color: THEME.white, wrap: "truncate", children: line }),
+                /* @__PURE__ */ jsx22(Box18, { flexGrow: 1 }),
+                totalLines > maxHeight && /* @__PURE__ */ jsx22(Text20, { color: showScrollbar ? THEME.cyan : THEME.dimGray, children: showScrollbar ? "\u2588" : "\u2502" })
               ] }, i);
             })
           }
         ),
-        /* @__PURE__ */ jsxs16(Box18, { justifyContent: "space-between", paddingX: 1, children: [
-          /* @__PURE__ */ jsx21(Text19, { dimColor: true, color: THEME.gray, children: "\u2191\u2193/jk: scroll | g/G: top/bottom | ESC/q: close" }),
-          /* @__PURE__ */ jsxs16(Text19, { dimColor: true, color: THEME.cyan, children: [
+        /* @__PURE__ */ jsxs17(Box18, { justifyContent: "space-between", paddingX: 1, children: [
+          /* @__PURE__ */ jsx22(Text20, { dimColor: true, color: THEME.gray, children: "\u2191\u2193/jk: scroll | g/G: top/bottom | ESC/q: close" }),
+          /* @__PURE__ */ jsxs17(Text20, { dimColor: true, color: THEME.cyan, children: [
             startLine,
             "-",
             endLine,
@@ -17491,7 +17667,7 @@ var Modal = memo14(({
 
 // src/platform/tui/components/app/bottom-region.tsx
 import { Box as Box19 } from "ink";
-import { jsx as jsx22, jsxs as jsxs17 } from "react/jsx-runtime";
+import { jsx as jsx23, jsxs as jsxs18 } from "react/jsx-runtime";
 var BottomRegion = ({
   input,
   setInput,
@@ -17515,8 +17691,8 @@ var BottomRegion = ({
   const suggestionCount = isSlashMode && !hasArgs && inputRequest.status !== "active" ? Math.min(getMatchingCommands(partialCmd).length, MAX_SUGGESTIONS) : 0;
   const previewHeight = suggestionCount;
   const bottomMinHeight = 7;
-  return /* @__PURE__ */ jsxs17(Box19, { flexDirection: "column", minHeight: bottomMinHeight, children: [
-    /* @__PURE__ */ jsx22(
+  return /* @__PURE__ */ jsxs18(Box19, { flexDirection: "column", minHeight: bottomMinHeight, children: [
+    /* @__PURE__ */ jsx23(
       StatusDisplay,
       {
         retryState,
@@ -17526,7 +17702,7 @@ var BottomRegion = ({
         inputRequest
       }
     ),
-    /* @__PURE__ */ jsx22(
+    /* @__PURE__ */ jsx23(
       ChatInput,
       {
         value: input,
@@ -17539,7 +17715,7 @@ var BottomRegion = ({
         onSecretSubmit: handleSecretSubmit
       }
     ),
-    /* @__PURE__ */ jsx22(Box19, { marginTop: 1, children: /* @__PURE__ */ jsx22(
+    /* @__PURE__ */ jsx23(Box19, { marginTop: 1, children: /* @__PURE__ */ jsx23(
       footer_default,
       {
         phase: stats.phase,
@@ -17556,16 +17732,16 @@ var BottomRegion = ({
 };
 
 // src/platform/tui/app.tsx
-import { jsx as jsx23, jsxs as jsxs18 } from "react/jsx-runtime";
+import { jsx as jsx24, jsxs as jsxs19 } from "react/jsx-runtime";
 var MODEL_NAME = getModel() || DEFAULT_MODEL;
 var App = ({ autoApprove = false, target }) => {
   const { exit } = useApp();
   const { stdout } = useStdout4();
   const terminalWidth = stdout?.columns ?? 80;
-  const [input, setInput] = useState6("");
-  const [secretInput, setSecretInput] = useState6("");
-  const [autoApproveMode, setAutoApproveMode] = useState6(autoApprove);
-  const [modal, setModal] = useState6({ type: null, content: "", scrollOffset: 0 });
+  const [input, setInput] = useState7("");
+  const [secretInput, setSecretInput] = useState7("");
+  const [autoApproveMode, setAutoApproveMode] = useState7(autoApprove);
+  const [modal, setModal] = useState7({ type: null, content: "", scrollOffset: 0 });
   const {
     agent,
     messages,
@@ -17587,15 +17763,15 @@ var App = ({ autoApprove = false, target }) => {
     liveReasoning,
     isReasoning
   } = useAgent(autoApproveMode, target);
-  const isProcessingRef = useRef8(isProcessing);
+  const isProcessingRef = useRef9(isProcessing);
   isProcessingRef.current = isProcessing;
-  const autoApproveModeRef = useRef8(autoApproveMode);
+  const autoApproveModeRef = useRef9(autoApproveMode);
   autoApproveModeRef.current = autoApproveMode;
-  const inputRequestRef = useRef8(inputRequest);
+  const inputRequestRef = useRef9(inputRequest);
   inputRequestRef.current = inputRequest;
-  const isModalOpenRef = useRef8(!!modal.type);
+  const isModalOpenRef = useRef9(!!modal.type);
   isModalOpenRef.current = !!modal.type;
-  const inputRef = useRef8(input);
+  const inputRef = useRef9(input);
   inputRef.current = input;
   const clearInput = useCallback9(() => {
     setInput("");
@@ -17638,6 +17814,15 @@ var App = ({ autoApprove = false, target }) => {
     isProcessingRef,
     autoApproveModeRef
   });
+  const handleSecretSubmit = useCallback9((value) => {
+    const ir = inputRequestRef.current;
+    if (ir.status !== "active") return;
+    const displayText = ir.isPassword ? "\u2022".repeat(Math.min(value.length, TUI_DISPLAY_LIMITS.PASSWORD_MASK_MAX)) : value;
+    addMessage("system", `${UI_MESSAGES.SECRET_PREFIX}${displayText}`);
+    ir.resolve(value);
+    setInputRequest({ status: "inactive" });
+    setSecretInput("");
+  }, [addMessage, setInputRequest]);
   const handleSubmit = useCallback9(async (value) => {
     const trimmed = value.trim();
     if (!trimmed) return;
@@ -17646,22 +17831,15 @@ var App = ({ autoApprove = false, target }) => {
     if (trimmed.startsWith("/")) {
       const [cmd, ...args] = trimmed.slice(1).split(" ");
       await handleCommand(cmd, args);
+    } else if (inputRequestRef.current.status === "active") {
+      handleSecretSubmit(trimmed);
     } else if (isProcessingRef.current) {
       agent.enqueueUserInput(trimmed);
-      addMessage("system", UI_MESSAGES.QUEUED);
+      agent.abort();
     } else {
       await executeTask(trimmed);
     }
-  }, [agent, addMessage, executeTask, handleCommand]);
-  const handleSecretSubmit = useCallback9((value) => {
-    const ir = inputRequestRef.current;
-    if (ir.status !== "active") return;
-    const displayText = ir.isPassword ? "\u2022".repeat(Math.min(value.length, TUI_DISPLAY_LIMITS.PASSWORD_MASK_MAX)) : value;
-    addMessage("system", `${UI_MESSAGES.SECRET_PREFIX}${displayText}`);
-    ir.resolve(value);
-    setInputRequest({ status: "inactive" });
-    setSecretInput("");
-  }, [addMessage, setInputRequest]);
+  }, [agent, addMessage, executeTask, handleCommand, handleSecretSubmit]);
   useKeyboardShortcuts({
     addMessage,
     handleExit,
@@ -17674,7 +17852,7 @@ var App = ({ autoApprove = false, target }) => {
     clearInput
   });
   if (modal.type) {
-    return /* @__PURE__ */ jsx23(Box20, { flexDirection: "column", paddingX: 1, width: terminalWidth, children: /* @__PURE__ */ jsx23(
+    return /* @__PURE__ */ jsx24(Box20, { flexDirection: "column", paddingX: 1, width: terminalWidth, children: /* @__PURE__ */ jsx24(
       Modal,
       {
         type: modal.type,
@@ -17685,8 +17863,8 @@ var App = ({ autoApprove = false, target }) => {
       }
     ) });
   }
-  return /* @__PURE__ */ jsxs18(Box20, { flexDirection: "column", width: terminalWidth, children: [
-    /* @__PURE__ */ jsx23(Box20, { flexDirection: "column", children: /* @__PURE__ */ jsx23(
+  return /* @__PURE__ */ jsxs19(Box20, { flexDirection: "column", width: terminalWidth, children: [
+    /* @__PURE__ */ jsx24(Box20, { flexDirection: "column", children: /* @__PURE__ */ jsx24(
       MessageList,
       {
         messages,
@@ -17695,14 +17873,14 @@ var App = ({ autoApprove = false, target }) => {
         version: APP_VERSION
       }
     ) }),
-    /* @__PURE__ */ jsx23(
+    /* @__PURE__ */ jsx24(
       LiveReasoningPanel,
       {
         content: liveReasoning,
         isReasoning
       }
     ),
-    /* @__PURE__ */ jsx23(
+    /* @__PURE__ */ jsx24(AnimationProvider, { children: /* @__PURE__ */ jsx24(
       BottomRegion,
       {
         input,
@@ -17721,13 +17899,13 @@ var App = ({ autoApprove = false, target }) => {
         totalTokens: currentTokens,
         turnCount
       }
-    )
+    ) })
   ] });
 };
 var app_default = App;
 
 // src/platform/tui/cli/commands/interactive.tsx
-import { jsx as jsx24 } from "react/jsx-runtime";
+import { jsx as jsx25 } from "react/jsx-runtime";
 async function interactiveAction(options) {
   const { dangerouslySkipPermissions: skipPermissions = false, target } = options;
   console.clear();
@@ -17736,13 +17914,13 @@ async function interactiveAction(options) {
     console.log(chalk.hex(HEX.red)("[!] All tool executions will be auto-approved!\n"));
   }
   const { waitUntilExit } = render(
-    /* @__PURE__ */ jsx24(AnimationProvider, { children: /* @__PURE__ */ jsx24(
+    /* @__PURE__ */ jsx25(
       app_default,
       {
         autoApprove: skipPermissions,
         target
       }
-    ) })
+    )
   );
   await waitUntilExit();
 }

package/dist/prompts/base.md

@@ -8,10 +8,11 @@ You have direct access to all tools. **If a tool or PoC doesn't exist, build it
 
 **On the first turn, classify intent BEFORE any action:**
 
-1. **Greeting/Small Talk** → `ask_user` to greet and ask for target. No other tools.
-2. **Question/Help** → Answer via `ask_user`. No attack tools.
-3. **Unclear input** → `ask_user` to clarify. Do not assume it's a target.
-4. **Pentesting request** (IP/domain/CTF) → Execute reconnaissance immediately.
+1. **Network Pentest** (IP/domain) → Execute reconnaissance immediately.
+2. **Artifact / CTF Task** (file, code snippet, math problem, reversing/crypto task) → Treat the provided input as the Engagement Objective. Start local static analysis, write solver scripts, or use tools immediately. **Do NOT ask for a target IP.**
+3. **Greeting/Small Talk** → `ask_user` to greet and ask for the objective. No other tools.
+4. **Question/Help** → Answer via `ask_user`.
+5. **Unclear input** → `ask_user` to clarify. Do not assume it's a network target.
 
 ## Subsequent Turns: Every Turn Must Produce Tool Calls
 
@@ -134,14 +135,15 @@ Self-check every turn: Did I find a vuln but not call `add_finding`? Call it now
 
 ### 2.5. Phase Transition Signals — When to Call `update_phase`
 ```
-RECON      → vuln_analysis:    1+ service identified (version optional) — ATTACK IMMEDIATELY
-vuln_analysis → exploit:       1+ finding (confidence ≥ 50) with exploit path identified
-                              OR brute-force/credential testing in progress
+RECON      → vuln_analysis:    [Network] 1+ service identified — ATTACK IMMEDIATELY
+                               [Artifact] File type identified, strings/static analysis complete
+vuln_analysis → exploit:       [Network] Exploit path identified OR brute-force ready
+                               [Artifact] Logic understood (e.g. crypto flaw, reverse engineering logic mapped) — ready to write solver
 exploit    → post_exploitation: Shell obtained AND promoted (active_shell process active)
 post_exploitation → lateral:   root/SYSTEM achieved on current host
-ANY_PHASE  → report:           All targets compromised OR time is up
+ANY_PHASE  → report:           All targets compromised, flag obtained, OR time is up
 ```
-**ATTACK OVER RECON: Transition to vuln_analysis as soon as ANY service is found.**
+**ATTACK OVER RECON: Transition to vuln_analysis as soon as ANY attack surface or file property is found.**
 **NEVER transition away from a phase while HIGH-priority vectors remain untested.**
 
 ### 3. ask_user Rules

package/dist/prompts/orchestrator.md

@@ -26,11 +26,20 @@ Your thought process must be visible. Before each tool call: OBSERVE what change
 
 ## Kill Chain Position — Know Where You Are
 
+Determine your engagement type and track your position:
+
+**[Network Pentest Chain]**
 ```
 External Recon → Service Discovery → Vuln ID → Initial Access → Shell Stabilization
 → Situational Awareness → Privilege Escalation → Credential Harvest → Lateral Movement → Objective
 ```
 
+**[Artifact / CTF Chain (Rev, Crypto, Forensics)]**
+```
+File/Input ID (file, strings) → Static Analysis (Code Review, Decompilation) → Logic Mapping 
+→ Dynamic Analysis (Debugger, Interaction) → Exploit/Solver Script Generation → Flag Capture
+```
+
 Know your position before every turn. Act accordingly.
 
 ## After First Shell — See base.md "Shell Lifecycle" + post.md pipeline

package/dist/prompts/strategist-system.md

@@ -62,11 +62,28 @@ STAGE 5 — FORK PLAN:    If STAGE 4 fails, which PATH becomes Priority 2? Decla
 ├─ Initial access granted but no obvious privesc → hidden connector exists
 ├─ AD environment → lateral chain required before final objective
 ├─ Multiple hops needed (pivot → internal host → target)
-└─ Standard tools all return clean/negative (custom path required)
+├─ Standard tools all return clean/negative (custom path required)
+└─ Complex Cryptography/Reverse Engineering logic is encountered (requires solver script)
 ```
 
 After 3 consecutive failures on the current path → **re-derive STAGE 3 entirely** with new hypotheses.
 
+## MISSION FLEXIBILITY & INTENT ADAPTATION
+
+You must be hypersensitive to changes in user intent. If new user input appears in the snapshot, analyze it immediately.
+
+### 1. MISSION ABANDONMENT / PIVOT
+If the user explicitly changes the topic (e.g., "Stop hacking, help me with development", "Explain this code", "Let's just chat"):
+├─ IMMEDIATE PIVOT: Abandon current pentesting priorities.
+├─ RE-CLASSIFY: Transition to CONVERSATION or DEVELOPMENT mode.
+└─ DO NOT: Do not demand a pentesting target if the user wants to do something else.
+
+### 2. INTERACTIVE INTERVENTION
+If the user provides feedback during an active attack (e.g., "Try this payload instead", "Don't scan that port"):
+├─ SUPERCEDE: User instructions supercede your previous tactical plan.
+├─ ACKNOWLEDGE: Incorporate the user's specific hint into PRIORITY 1.
+└─ ADAPT: Explain how the user's input changes the current attack chain.
+
 ---
 
 ## STRATEGIC REASONING FRAMEWORK
@@ -324,13 +341,15 @@ ORDER update_phase when these conditions are met:
 recon → vuln_analysis:
   ├─ 1+ service identified (version optional) — ATTACK IMMEDIATELY, refine during exploitation
   ├─ OSINT complete (shodan/github/crt.sh checked)
-  └─ Web surface mapped (get_web_attack_surface called if HTTP found)
+  ├─ Web surface mapped (get_web_attack_surface called if HTTP found)
+  └─ [Artifact] File type identified, strings/static analysis complete
 
 vuln_analysis → exploit:
   ├─ 1+ finding with confidence ≥ 50 AND a concrete exploit path identified
   ├─ Specific CVE confirmed applicable (version matches, PoC available)
   ├─ Or: critical misconfiguration found (default creds, exposed .env, anon access)
-  └─ Or: brute-force/credential testing ready on identified service
+  ├─ Or: brute-force/credential testing ready on identified service
+  └─ [Artifact] Logic understood (e.g. crypto flaw, reverse engineering logic mapped) — ready to write solver
 
 exploit → post_exploitation:
   ├─ Shell obtained AND promoted (active_shell process is running)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.70.9",
+  "version": "0.70.10",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/main.js",