pentesting 0.72.12 → 0.73.2

package/README.md

@@ -5,8 +5,8 @@
 # pentesting
 > **Autonomous Offensive Security AI Agent**
 
-[![npm](https://img.shields.io/badge/npm-pentesting-red)](https://www.npmjs.org/package/pentesting)
-[![docker](https://img.shields.io/badge/docker-pentesting-blue)](https://hub.docker.com/r/agnusdei1207/pentesting)
+[![npm](https://img.shields.io/badge/npm-pentesting-2496ED)](https://www.npmjs.org/package/pentesting)
+[![docker](https://img.shields.io/badge/docker-pentesting-2496ED)](https://hub.docker.com/r/agnusdei1207/pentesting)
 
 </div>
 
@@ -32,17 +32,6 @@
 
 Pentesting support tool. Can autonomously execute network penetration tests or assist with generic Capture The Flag (CTF) challenges (such as Reverse Engineering, Cryptography, and binary analysis) without requiring a specific network target.
 
-## Architecture Notes
-
-- User input is preprocessed by a dedicated input processor LLM before the main loop acts on it.
-- Durable engagement guidance, sensitive data handling rules, and reusable operator constraints are merged into `.pentesting/memory/policy.md`.
-- Both the strategist and the main prompt builder read that policy document every turn.
-- Each completed turn is compressed into `.pentesting/turns/{N}-memory.md`, with provenance metadata describing who wrote it and what sources were used.
-- Automatically maintained LLM documents are intentionally small in number: bounded turn memories, one `policy.md`, one merged `persistent-knowledge.json`, and on-demand reports only.
-- Interactive prompts are brokered through a single active input slot in the TUI. Additional prompts wait in a hidden queue and are promoted one at a time.
-
----
-
 ## Quick Start
 
 ### z.ai — GLM Coding Plan Max (Recommended)
@@ -57,6 +46,8 @@ docker run -it --rm \
   agnusdei1207/pentesting
 ```
 
+Enable container Tor mode by adding `-e PENTEST_TOR=true` to the same `docker run` command.
+
 ### External Search API (Optional)
 
 For providers other than z.ai, or to use a dedicated search backend.
@@ -76,10 +67,35 @@ docker run -it --rm \
 | Variable | Required | Description |
 |----------|----------|-------------|
 | `PENTEST_API_KEY` | ✅ | LLM API key |
-| `PENTEST_BASE_URL` | ✅ | API endpoint (web search auto-enabled when URL contains `z.ai`) |
-| `PENTEST_MODEL` | ✅ | Model name (e.g. `glm-4.7`) |
+| `PENTEST_BASE_URL` | ❌ | Custom API endpoint (web search auto-enabled when URL contains `z.ai`) |
+| `PENTEST_MODEL` | ❌ | Model override (defaults depend on provider/runtime; examples use `glm-4.7`) |
 | `SEARCH_API_KEY` | ❌ | External search API key (not needed with z.ai) |
 | `SEARCH_API_URL` | ❌ | External search API URL (not needed with z.ai) |
+| `PENTEST_SCOPE_MODE` | ❌ | Scope mode override: `advisory` or `enforce` |
+| `PENTEST_APPROVAL_MODE` | ❌ | Approval mode override: `advisory` or `require_auto_approve` |
+| `PENTEST_TOR` | ❌ | Container-only Tor mode. When `true`, the Docker entrypoint starts Tor and launches the agent through `proxychains4` |
+
+Safety defaults:
+
+- Containerized runtime defaults to `PENTEST_SCOPE_MODE=advisory` and `PENTEST_APPROVAL_MODE=advisory`.
+- Non-container runtime defaults to `PENTEST_SCOPE_MODE=enforce` and `PENTEST_APPROVAL_MODE=require_auto_approve`.
+- Explicit env vars override those defaults.
+
+Tor notes:
+
+- Tor is supported only in the containerized runtime.
+- There is no in-app `/tor` toggle. Enable it at container startup with `-e PENTEST_TOR=true`.
+- Non-container runs ignore `PENTEST_TOR`, so local host execution stays on direct networking.
+
+### Developer Verification
+
+```bash
+npm run verify
+npm run verify:docker
+```
+
+- `npm run check` runs the full non-destructive verification flow.
+- `npm run check:clean` additionally performs `docker system prune -af --volumes` before the full check.
 
 ---
 

package/dist/agent-tool-HYQGTZC4.js

@@ -0,0 +1,256 @@
+import {
+  CategorizedToolRegistry,
+  CoreAgent,
+  createContextExtractor,
+  getLLMClient
+} from "./chunk-BGEXGHPB.js";
+import {
+  AGENT_ROLES,
+  EVENT_TYPES,
+  LLM_ROLES,
+  TOOL_NAMES
+} from "./chunk-KBJPZDIL.js";
+import {
+  getActiveProcessSummary
+} from "./chunk-YFDJI3GO.js";
+
+// src/engine/agent-tool/completion-box.ts
+function createCompletionBox() {
+  return { done: false, result: null };
+}
+
+// src/engine/agent-tool/task-complete.ts
+function createTaskCompleteTool(completion) {
+  return {
+    name: TOOL_NAMES.TASK_COMPLETE,
+    description: `Signal task completion. Call this when the delegated task is done.
+Include all findings and loot discovered during the task.
+Use status: 'success' if goal achieved, 'partial' if partially done, 'failed' if blocked.`,
+    parameters: {
+      status: {
+        type: "string",
+        enum: ["success", "partial", "failed"],
+        description: "Task completion status"
+      },
+      summary: {
+        type: "string",
+        description: "What was accomplished (or why it failed)"
+      },
+      tried: {
+        type: "array",
+        items: { type: "string" },
+        description: "Approaches attempted during the task"
+      },
+      findings: {
+        type: "array",
+        items: { type: "string" },
+        description: "Security findings discovered (summary for main loop)"
+      },
+      loot: {
+        type: "array",
+        items: { type: "string" },
+        description: "Credentials, flags, or sensitive data obtained"
+      },
+      sessions: {
+        type: "array",
+        items: { type: "string" },
+        description: "Active session IDs established during the task"
+      },
+      suggested_next: {
+        type: "string",
+        description: "Recommended next action for the main agent"
+      }
+    },
+    required: ["status", "summary"],
+    execute: async (params) => {
+      const result = {
+        status: params["status"] ?? "partial",
+        summary: params["summary"] ?? "",
+        tried: params["tried"] ?? [],
+        findings: params["findings"] ?? [],
+        loot: params["loot"] ?? [],
+        sessions: params["sessions"] ?? [],
+        suggestedNext: params["suggested_next"] ?? ""
+      };
+      completion.done = true;
+      completion.result = result;
+      return {
+        success: true,
+        output: [
+          "[TASK_COMPLETE]",
+          `[Status] ${result.status}`,
+          `[Summary] ${result.summary}`
+        ].join("\n")
+      };
+    }
+  };
+}
+
+// src/engine/agent-tool/agent-registry.ts
+var AgentRegistry = class extends CategorizedToolRegistry {
+  constructor(state, scopeGuard, approvalGate, events, completion) {
+    super(state, scopeGuard, approvalGate, events);
+    const taskCompleteTool = createTaskCompleteTool(completion);
+    this.tools.set(taskCompleteTool.name, taskCompleteTool);
+  }
+  initializeRegistry() {
+    super.initializeRegistry();
+    this.tools.delete(TOOL_NAMES.RUN_TASK);
+    this.tools.delete(TOOL_NAMES.ASK_USER);
+  }
+};
+
+// src/engine/agent-tool/agent-runner.ts
+var MAX_AGENT_TOOL_ITERATIONS = 30;
+var COMPRESS_EVERY_N_STEPS = 5;
+var MAX_COMPRESS_FAILURES = 3;
+var AgentRunner = class extends CoreAgent {
+  completion;
+  contextExtractor;
+  stepCount = 0;
+  consecutiveCompressFailures = 0;
+  constructor(state, events, registry, completion) {
+    super(AGENT_ROLES.AGENT_TOOL, state, events, registry, MAX_AGENT_TOOL_ITERATIONS);
+    this.completion = completion;
+    this.contextExtractor = createContextExtractor(getLLMClient());
+  }
+  /**
+   * CoreAgent.step() 오버라이드
+   *
+   * 추가 동작 (super.step() 이후):
+   *   1. completion.done 확인 → task_complete 호출됐으면 즉시 완료 신호
+   *   2. COMPRESS_EVERY_N_STEPS마다 ContextExtractor 호출
+   */
+  async step(iteration, messages, systemPrompt, progress) {
+    const result = await super.step(iteration, messages, systemPrompt, progress);
+    if (this.completion.done) {
+      return {
+        output: JSON.stringify(this.completion.result),
+        toolsExecuted: result.toolsExecuted,
+        isCompleted: true
+      };
+    }
+    this.stepCount++;
+    if (this.stepCount % COMPRESS_EVERY_N_STEPS === 0) {
+      await this.compressContext(messages);
+    }
+    return result;
+  }
+  /**
+   * ContextExtractor를 사용해 messages[]를 1개 session-context로 압축.
+   *
+   * WHY: 실패 시 무시 (try/catch). CoreAgent의 trimMessagesIfNeeded(50)이
+   * 최후 안전망이므로 압축 실패가 치명적이지 않다.
+   * WHY (failure tracking): 연속 실패가 MAX_COMPRESS_FAILURES 초과 시 경고 emit.
+   * sub-agent가 초기 task를 잃어버릴 위험을 TUI에 노출해 사용자가 인지할 수 있게 한다.
+   */
+  async compressContext(messages) {
+    try {
+      const result = await this.contextExtractor.execute({ messages });
+      if (result.success && result.extractedContext) {
+        messages.length = 0;
+        messages.push({
+          role: LLM_ROLES.USER,
+          content: `<session-context>
+${result.extractedContext}
+</session-context>`
+        });
+        this.consecutiveCompressFailures = 0;
+      }
+    } catch {
+      this.consecutiveCompressFailures++;
+      if (this.consecutiveCompressFailures === MAX_COMPRESS_FAILURES) {
+        this.events.emit({
+          type: EVENT_TYPES.NOTIFICATION,
+          timestamp: Date.now(),
+          data: {
+            title: "Sub-Agent Context Warning",
+            message: `Context compression failed ${this.consecutiveCompressFailures}x in a row. Sub-agent may lose task direction. Consider reducing task scope.`,
+            level: "warning"
+          }
+        });
+      }
+    }
+  }
+};
+
+// src/engine/agent-tool/agent-prompt.ts
+function buildAgentPrompt(input) {
+  const parts = [
+    "You are an autonomous execution agent. Complete the delegated task using available tools.",
+    "",
+    `## Task
+${input.task}`
+  ];
+  if (input.target) {
+    parts.push(`
+## Target
+${input.target}`);
+  }
+  if (input.context) {
+    parts.push(`
+## Context
+${input.context}`);
+  }
+  const activeProcesses = getActiveProcessSummary();
+  if (activeProcesses) {
+    parts.push(`
+## Active Background Processes
+${activeProcesses}`);
+  }
+  parts.push(`
+## Rules
+- Do NOT call ask_user. You are autonomous. Make your best judgment.
+- Call task_complete when the task is done (status: success, partial, or failed).
+- Record findings with add_finding, loot with add_loot as you discover them.
+- If you hit 3 consecutive failures on the same approach, switch vectors or declare failed.
+- Be decisive \u2014 do not loop indefinitely on the same approach.`);
+  return parts.join("\n");
+}
+
+// src/engine/agent-tool/agent-tool.ts
+var TIMEOUT_RESULT = {
+  status: "failed",
+  summary: `Agent-tool timed out: max ${MAX_AGENT_TOOL_ITERATIONS} iterations reached without task_complete.`,
+  tried: [],
+  findings: [],
+  loot: [],
+  sessions: [],
+  suggestedNext: "Break the task into smaller sub-tasks and retry."
+};
+var AgentTool = class {
+  constructor(state, events, scopeGuard, approvalGate) {
+    this.state = state;
+    this.events = events;
+    this.scopeGuard = scopeGuard;
+    this.approvalGate = approvalGate;
+  }
+  async execute(input) {
+    const completion = createCompletionBox();
+    const registry = new AgentRegistry(
+      this.state,
+      this.scopeGuard,
+      this.approvalGate,
+      this.events,
+      completion
+    );
+    const runner = new AgentRunner(
+      this.state,
+      this.events,
+      registry,
+      completion
+    );
+    const prompt = buildAgentPrompt(input);
+    const loopResult = await runner.run(input.task, prompt);
+    if (completion.done && completion.result) {
+      return completion.result;
+    }
+    return {
+      ...TIMEOUT_RESULT,
+      tried: [`Reached ${loopResult.iterations} iterations without calling task_complete`]
+    };
+  }
+};
+export {
+  AgentTool
+};