pentesting 0.72.8 → 0.72.10

package/dist/main.js

@@ -48,20 +48,23 @@ import {
   WORKSPACE,
   WORK_DIR,
   cleanupAllProcesses,
-  clearCommandEventEmitter,
-  clearInputHandler,
+  clearActiveSessionRuntime,
   clearWorkspace,
+  createSessionRuntime,
   createTempFile,
   debugLog,
   ensureDirExists,
   flowLog,
   generateId,
   generatePrefixedId,
+  getActiveSessionRuntime,
   getApiKey,
+  getApprovalMode,
   getBaseUrl,
   getErrorMessage,
   getModel,
   getProcessOutput,
+  getScopeMode,
   getSearchApiKey,
   getSearchApiUrl,
   getThinkingBudget,
@@ -78,14 +81,13 @@ import {
   runCommand,
   saveState,
   sendToProcess,
-  setCommandEventEmitter,
-  setInputHandler,
+  setActiveSessionRuntime,
   setTorEnabled,
   startBackgroundProcess,
   stopBackgroundProcess,
   validateRequiredConfig,
   writeFileContent
-} from "./chunk-6YWYFB6E.js";
+} from "./chunk-SLDFXMHL.js";
 import {
   DETECTION_PATTERNS,
   EXIT_CODES,
@@ -101,11 +103,10 @@ import {
   getProcessEventLog,
   getPromptBuilderConfig,
   getPromptSources,
-  getUserInputQueueConfig,
   llmNodeCooldownPolicy,
   llmNodeOutputParsing,
   llmNodeSystemPrompt
-} from "./chunk-74KL4OOU.js";
+} from "./chunk-GHJPYI4S.js";
 
 // src/platform/tui/main.tsx
 import chalk5 from "chalk";
@@ -511,35 +512,35 @@ function prioritizeChains(chains) {
   );
   return unique.slice(0, GRAPH_LIMITS.MAX_CHAINS);
 }
-function dfsChains(nodeId, path2, pathEdges, visited, ctx) {
+function dfsChains(nodeId, path4, pathEdges, visited, ctx) {
   const { nodes, edges, goalTypes, results } = ctx;
   const node = nodes.get(nodeId);
-  if (!node || visited.has(nodeId) || path2.length >= GRAPH_LIMITS.MAX_CHAIN_DEPTH || node.status === NODE_STATUS.FAILED) {
+  if (!node || visited.has(nodeId) || path4.length >= GRAPH_LIMITS.MAX_CHAIN_DEPTH || node.status === NODE_STATUS.FAILED) {
     return;
   }
   visited.add(nodeId);
-  path2.push(node);
-  if (isGoalReached(node, goalTypes, path2)) {
-    results.push(buildChain(path2, pathEdges, node));
+  path4.push(node);
+  if (isGoalReached(node, goalTypes, path4)) {
+    results.push(buildChain(path4, pathEdges, node));
   }
   const outEdges = edges.filter((e) => e.from === nodeId && e.status !== EDGE_STATUS.FAILED);
   for (const edge of outEdges) {
-    dfsChains(edge.to, path2, [...pathEdges, edge], visited, ctx);
+    dfsChains(edge.to, path4, [...pathEdges, edge], visited, ctx);
   }
-  path2.pop();
+  path4.pop();
   visited.delete(nodeId);
 }
-function isGoalReached(node, goalTypes, path2) {
-  return goalTypes.includes(node.type) && node.status !== NODE_STATUS.SUCCEEDED && path2.length > 1;
+function isGoalReached(node, goalTypes, path4) {
+  return goalTypes.includes(node.type) && node.status !== NODE_STATUS.SUCCEEDED && path4.length > 1;
 }
-function buildChain(path2, edges, targetNode) {
+function buildChain(path4, edges, targetNode) {
   return {
-    steps: [...path2],
+    steps: [...path4],
     edges: [...edges],
-    description: path2.map((n) => n.label).join(" \u2192 "),
+    description: path4.map((n) => n.label).join(" \u2192 "),
     probability: edges.reduce((acc, e) => acc * e.confidence, 1),
     impact: estimateImpact(targetNode),
-    length: path2.length
+    length: path4.length
   };
 }
 function estimateImpact(node) {
@@ -1001,8 +1002,8 @@ var AttackGraphStore = class {
    * Record a failed path with IMP-1 cap.
    * Keeps only the most recent MAX_FAILED_PATHS entries.
    */
-  recordFailedPath(path2) {
-    this.failedPaths.push(path2);
+  recordFailedPath(path4) {
+    this.failedPaths.push(path4);
     if (this.failedPaths.length > AGENT_LIMITS.MAX_FAILED_PATHS) {
       this.failedPaths = this.failedPaths.slice(-AGENT_LIMITS.MAX_FAILED_PATHS);
     }
@@ -1079,7 +1080,7 @@ var AttackGraph = class {
    */
   markFailed(nodeId, reason) {
     markNodeFailedInGraph(this.store.getNodesMap(), this.store.getEdgesList(), nodeId, reason, {
-      onFailedPath: (path2) => this.store.recordFailedPath(path2)
+      onFailedPath: (path4) => this.store.recordFailedPath(path4)
     });
   }
   /**
@@ -1093,7 +1094,7 @@ var AttackGraph = class {
    */
   markEdgeFailed(fromId, toId, reason) {
     markEdgeFailedInList(this.store.getEdgesList(), fromId, toId, reason, {
-      onFailedPath: (path2) => this.store.recordFailedPath(path2)
+      onFailedPath: (path4) => this.store.recordFailedPath(path4)
     });
   }
   // ─── Domain-Specific Registration ───────────────────────────
@@ -1233,44 +1234,83 @@ var EPISODIC_EVENT_TYPES = {
 };
 
 // src/shared/utils/agent-memory/fingerprint.ts
+var WORDLIST_FLAGS = /* @__PURE__ */ new Set(["-w", "-P", "-U", "-L", "--wordlist", "--password", "--passwords", "--username", "--usernames"]);
+var PORT_FLAGS = /* @__PURE__ */ new Set(["-p", "--port"]);
+var SCRIPT_RUNNERS = /* @__PURE__ */ new Set(["python", "python3", "bash", "sh", "zsh", "node", "ruby", "perl"]);
+function stripWrappingQuotes(value) {
+  if (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'")) {
+    return value.slice(1, -1);
+  }
+  return value;
+}
+function tokenizeCommand(command) {
+  const matches = command.match(/"[^"]*"|'[^']*'|\S+/g) ?? [];
+  return matches.map(stripWrappingQuotes);
+}
+function parseOptionTokens(tokens) {
+  const options = [];
+  const positionals = [];
+  for (let i = 1; i < tokens.length; i++) {
+    const token = tokens[i];
+    if (token.startsWith("--")) {
+      const eqIndex = token.indexOf("=");
+      if (eqIndex !== -1) {
+        options.push({ flag: token.slice(0, eqIndex), value: token.slice(eqIndex + 1) });
+        continue;
+      }
+      const next = tokens[i + 1];
+      if (next && !next.startsWith("-")) {
+        options.push({ flag: token, value: next });
+        i++;
+      } else {
+        options.push({ flag: token, value: "" });
+      }
+      continue;
+    }
+    if (token.startsWith("-") && token.length > 1) {
+      const next = tokens[i + 1];
+      const expectsValue = /^-[A-Za-z]$/.test(token) || /^-[a-z]{2,}$/.test(token);
+      const canConsumeNext = expectsValue && next && !next.startsWith("-");
+      if (canConsumeNext) {
+        options.push({ flag: token, value: next });
+        i++;
+      } else {
+        options.push({ flag: token, value: "" });
+      }
+      continue;
+    }
+    positionals.push(token);
+  }
+  return { options, positionals };
+}
+function findOptionValue(options, flags) {
+  return options.find((option) => flags.has(option.flag))?.value || "";
+}
+function buildOptionSignature(options, positionals, effectiveTool) {
+  const entries = options.filter((option) => !WORDLIST_FLAGS.has(option.flag) && !PORT_FLAGS.has(option.flag)).map((option) => option.value ? `${option.flag}=${option.value}` : option.flag);
+  if (SCRIPT_RUNNERS.has(effectiveTool) && positionals.length > 0) {
+    entries.push(`script=${positionals[0]}`);
+  }
+  return Array.from(new Set(entries)).sort().join(" ");
+}
 function extractFingerprint(tool, command) {
   const cmd = command || "";
+  const tokens = tokenizeCommand(cmd);
   let effectiveTool = tool.toLowerCase();
   if (effectiveTool === "run_cmd" || effectiveTool === "run_background") {
-    const firstWord = cmd.trim().split(/\s+/)[0];
+    const firstWord = tokens[0];
     if (firstWord && !firstWord.startsWith("-")) {
       effectiveTool = firstWord.toLowerCase();
     }
   }
+  const { options, positionals } = parseOptionTokens(tokens);
   const targetMatch = cmd.match(
     /(?::\/\/|@)([\w.\-]+(?::\d+)?)|\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(?::\d+)?\b/
   );
   const target = targetMatch?.[1] || targetMatch?.[2] || "";
-  let wordlistMatch = cmd.match(/(?:-[wPUL]\s+)([^\s]+)/);
-  if (!wordlistMatch) {
-    wordlistMatch = cmd.match(/(?:--(?:wordlist|passwords?|usernames?)(?:=|\s+))([^\s]+)/i);
-  }
-  const wordlist = wordlistMatch?.[1] || "";
-  const portMatch = cmd.match(/(?:-p\s+|--port(?:=|\s+))(\S+)/);
-  const port = portMatch?.[1] || "";
-  const flagPatterns = [
-    /--level(?:=|\s+)(\S+)/i,
-    // sqlmap
-    /--risk(?:=|\s+)(\S+)/i,
-    // sqlmap
-    /-s([VSTCAUOPMX]+)/,
-    // nmap scan type
-    /--script(?:=|\s+)(\S+)/i,
-    // nmap scripts
-    /-[el]\s+(\S+)/i,
-    // hydra login/password single
-    /--method(?:=|\s+)(\S+)/i
-    // HTTP method
-  ];
-  const flags = flagPatterns.map((p) => {
-    const m = cmd.match(p);
-    return m?.[0]?.trim() || "";
-  }).filter(Boolean).join(" ");
+  const wordlist = findOptionValue(options, WORDLIST_FLAGS);
+  const port = findOptionValue(options, PORT_FLAGS);
+  const flags = buildOptionSignature(options, positionals, effectiveTool);
   return { tool: effectiveTool, target, wordlist, flags, port };
 }
 function fingerprintsMatch(a, b) {
@@ -1978,10 +2018,25 @@ var DynamicTechniqueLibrary = class {
 };
 
 // src/engine/state/models/engagement.ts
+function safeList(values) {
+  return Array.isArray(values) ? values.filter((value) => typeof value === "string") : [];
+}
+function normalizeScope(scope) {
+  return {
+    allowedCidrs: safeList(scope.allowedCidrs),
+    allowedDomains: safeList(scope.allowedDomains),
+    exclusions: safeList(scope.exclusions),
+    isDOSAllowed: Boolean(scope.isDOSAllowed),
+    isSocialAllowed: Boolean(scope.isSocialAllowed)
+  };
+}
 var EngagementState = class {
   engagement = null;
   set(engagement) {
-    this.engagement = engagement;
+    this.engagement = {
+      ...engagement,
+      scope: normalizeScope(engagement.scope)
+    };
   }
   get() {
     return this.engagement;
@@ -1990,14 +2045,15 @@ var EngagementState = class {
     return this.engagement?.scope || null;
   }
   setScope(scope, currentPhase) {
+    const normalizedScope = normalizeScope(scope);
     if (this.engagement) {
-      this.engagement.scope = scope;
+      this.engagement.scope = normalizedScope;
     } else {
       this.engagement = {
         id: generateId(AGENT_LIMITS.ID_RADIX, AGENT_LIMITS.ID_LENGTH),
         name: DEFAULTS.ENGAGEMENT_NAME,
         client: DEFAULTS.ENGAGEMENT_CLIENT,
-        scope,
+        scope: normalizedScope,
         phase: currentPhase,
         startedAt: Date.now()
       };
@@ -2302,9 +2358,9 @@ var DIRECTIVES = {
   ].join("\n"),
   SPRINT: (ctx) => [
     `\u26A1 SPRINT MODE [${ctx.pctStr} elapsed, ${ctx.remainStr} of ${ctx.totalStr} remaining]:`,
-    "- RustScan first for fast port discovery \u2192 then nmap -Pn -sV -sC on found ports",
-    "- ALWAYS use nmap -Pn (no exceptions \u2014 firewalls block ICMP)",
-    "- Run ALL scans in parallel (rustscan, nmap UDP, web fuzzing, CVE search)",
+    "- Start with the fastest broad discovery method available, then deepen only on confirmed surfaces",
+    "- If host discovery looks filtered, prefer reconnaissance that does not depend on ICMP assumptions",
+    "- Run independent discovery tasks in parallel (network, web, OSINT, version intel)",
     "- Try default/weak credentials on every discovered service IMMEDIATELY",
     "- Check for exposed files (.env, .git, backup.sql, phpinfo)",
     "- Anonymous access: FTP, SMB null session, Redis no auth, MongoDB",
@@ -2527,7 +2583,7 @@ var SharedState = class {
   /**
    * Last turn's triage memo (Triager ⑧).
    * Structured priority classification of tool results.
-   * WHY: Reflector and SummaryRegenerator read this for richer delta analysis.
+   * WHY: Reflector and MemorySynth read this for richer delta analysis.
    *      Injected into prompt as <triage-memo> for the main LLM.
    */
   lastTriageMemo = "";
@@ -2822,8 +2878,9 @@ var FILE_EXTENSIONS_TO_SKIP = /* @__PURE__ */ new Set([
   "dec"
 ]);
 var ScopeGuard = class {
-  constructor(state) {
+  constructor(state, mode = getScopeMode()) {
     this.state = state;
+    this.mode = mode;
   }
   /**
    * AI-Native: always allow.
@@ -2831,8 +2888,28 @@ var ScopeGuard = class {
    * The agent should attempt everything; humans and infrastructure judge the results.
    * isTargetInScope() exists for advisory reporting — not for blocking.
    */
-  check(_toolCall) {
-    return { isAllowed: true };
+  check(toolCall) {
+    if (this.mode === "advisory") {
+      return { isAllowed: true };
+    }
+    const scope = this.state.getScope();
+    const serializedInput = JSON.stringify(toolCall.input);
+    const targets = Array.from(this.extractTargets(serializedInput));
+    if (targets.length === 0) return { isAllowed: true };
+    if (!scope) {
+      return {
+        isAllowed: false,
+        reason: "Scope enforcement is enabled but no scope is configured.",
+        violations: targets
+      };
+    }
+    const violations = targets.filter((target) => !this.isTargetInScope(target));
+    if (violations.length === 0) return { isAllowed: true };
+    return {
+      isAllowed: false,
+      reason: `Out-of-scope target(s): ${violations.join(", ")}`,
+      violations
+    };
   }
   /**
    * Advisory check: is a specific target in scope?
@@ -2841,13 +2918,16 @@ var ScopeGuard = class {
   isTargetInScope(target) {
     const scope = this.state.getScope();
     if (!scope) return false;
-    if (scope.exclusions.some((e) => this.matchesDomain(target, e))) {
+    const exclusions = Array.isArray(scope.exclusions) ? scope.exclusions : [];
+    const allowedDomains = Array.isArray(scope.allowedDomains) ? scope.allowedDomains : [];
+    const allowedCidrs = Array.isArray(scope.allowedCidrs) ? scope.allowedCidrs : [];
+    if (exclusions.some((e) => this.matchesDomain(target, e))) {
       return false;
     }
-    if (scope.allowedDomains.some((d) => this.matchesDomain(target, d))) {
+    if (allowedDomains.some((d) => this.matchesDomain(target, d))) {
       return true;
     }
-    if (scope.allowedCidrs.some((c) => this.matchesCidr(target, c))) {
+    if (allowedCidrs.some((c) => this.matchesCidr(target, c))) {
       return true;
     }
     return false;
@@ -2916,7 +2996,7 @@ var ScopeGuard = class {
       const lower = match.toLowerCase();
       const ext = lower.split(".").pop() || "";
       if (FILE_EXTENSIONS_TO_SKIP.has(ext)) continue;
-      if (/^[a-z_][a-z0-9_]*\.[a-z_][a-z0-9_]*$/i.test(match)) continue;
+      if (/^[a-z_][a-z0-9_]*\.[a-z_][a-z0-9_]*$/i.test(match) && ext.length > 3) continue;
       targets.add(lower);
     }
     return targets;
@@ -2925,8 +3005,9 @@ var ScopeGuard = class {
 
 // src/engine/approval.ts
 var ApprovalGate = class {
-  constructor(shouldAutoApprove = false) {
+  constructor(shouldAutoApprove = false, mode = getApprovalMode()) {
     this.shouldAutoApprove = shouldAutoApprove;
+    this.mode = mode;
   }
   /**
    * Set auto-approve mode
@@ -2945,7 +3026,13 @@ var ApprovalGate = class {
    * The agent must have unrestricted freedom to exploit targets.
    * Category/level system retained for audit trail only.
    */
-  async request(_toolCall) {
+  async request(toolCall) {
+    if (this.mode === "require_auto_approve" && !this.shouldAutoApprove) {
+      return {
+        isApproved: false,
+        reason: `Approval required for ${toolCall.name} while PENTEST_APPROVAL_MODE=require_auto_approve.`
+      };
+    }
     return { isApproved: true };
   }
 };
@@ -3284,22 +3371,16 @@ var systemTools = [
 ];
 
 // src/engine/tools/agents.ts
-var globalCredentialHandler = null;
-function setCredentialHandler(handler) {
-  globalCredentialHandler = handler;
-}
-function clearCredentialHandler() {
-  globalCredentialHandler = null;
-}
 async function requestCredential(request) {
-  if (!globalCredentialHandler) {
+  const credentialHandler = getActiveSessionRuntime()?.getCredentialHandler();
+  if (!credentialHandler) {
     return {
       success: false,
       output: `No credential handler available. Requested: ${request.type} - ${request.prompt}`
     };
   }
   try {
-    const value = await globalCredentialHandler(request);
+    const value = await credentialHandler(request);
     if (value === null) {
       if (request.isOptional) {
         return {
@@ -6762,7 +6843,7 @@ import { existsSync as existsSync3, readdirSync, rmSync } from "fs";
 import { join as join6 } from "path";
 function parseTurnNumbers(turnsDir) {
   if (!existsSync3(turnsDir)) return [];
-  return readdirSync(turnsDir).filter((e) => /^\d+\.md$/.test(e)).map((e) => Number(e.replace(".md", "")));
+  return readdirSync(turnsDir).filter((e) => /^\d+-memory\.md$/.test(e)).map((e) => Number(e.replace("-memory.md", "")));
 }
 function rotateTurnRecords() {
   try {
@@ -6773,7 +6854,7 @@ function rotateTurnRecords() {
       const toDel = turns.slice(0, turns.length - MEMORY_LIMITS.MAX_TURN_ENTRIES);
       for (const n of toDel) {
         try {
-          rmSync(join6(turnsDir, `${n}.md`), { force: true });
+          rmSync(join6(turnsDir, `${n}-memory.md`), { force: true });
         } catch {
         }
       }
@@ -6832,6 +6913,40 @@ function getRecentTurnContents(count) {
 
 // src/shared/utils/journal/summary.ts
 import { writeFileSync as writeFileSync4 } from "fs";
+
+// src/shared/utils/journal/memory-file.ts
+function yamlList(values) {
+  if (values.length === 0) return "  - none";
+  return values.map((value) => `  - ${value}`).join("\n");
+}
+function buildTurnMemoryDocument(input) {
+  const body = input.memoryBody.trim();
+  return [
+    "---",
+    `turn: ${input.turn}`,
+    `phase: ${input.phase}`,
+    "file_kind: turn_memory",
+    `written_by: ${input.writtenBy}`,
+    "input_sources:",
+    yamlList(input.inputSources),
+    "notes_included:",
+    yamlList(input.notesIncluded),
+    `generated_at: ${input.generatedAt}`,
+    "---",
+    "",
+    `# Turn Memory ${input.turn}`,
+    "",
+    "## Provenance",
+    `written_by: ${input.writtenBy}`,
+    `input_sources: ${input.inputSources.join(", ") || "none"}`,
+    `notes_included: ${input.notesIncluded.join(", ") || "none"}`,
+    "",
+    "## Memory",
+    body
+  ].join("\n");
+}
+
+// src/shared/utils/journal/summary.ts
 function regenerateJournalSummary() {
   try {
     const contents = getRecentTurnContents(MEMORY_LIMITS.MAX_TURN_ENTRIES);
@@ -6840,10 +6955,19 @@ function regenerateJournalSummary() {
     if (currentTurn < 1) return;
     ensureDirExists(WORKSPACE.TURNS);
     const summary = contents.slice(-5).join("\n\n---\n\n");
-    writeFileSync4(WORKSPACE.turnPath(currentTurn), summary, "utf-8");
+    const memoryFile = buildTurnMemoryDocument({
+      turn: currentTurn,
+      phase: "unknown",
+      generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      writtenBy: "fallback_concat",
+      inputSources: ["recent_turn_memory_files"],
+      notesIncluded: ["fallback_concat"],
+      memoryBody: summary
+    });
+    writeFileSync4(WORKSPACE.turnPath(currentTurn), memoryFile, "utf-8");
     debugLog("general", "Fallback journal summary written", {
       turns: contents.length,
-      target: `turns/${currentTurn}.md`
+      target: `turns/${currentTurn}-memory.md`
     });
   } catch (err) {
     debugLog("general", "Failed to regenerate journal summary", { error: String(err) });
@@ -6895,9 +7019,18 @@ var STATUS_ICONS2 = {
 };
 
 // src/shared/utils/journal/formatters/record.ts
+function safeList2(values) {
+  return Array.isArray(values) ? values.filter((value) => typeof value === "string") : [];
+}
 function formatTurnRecord(input) {
   const { turn, timestamp, phase, tools, memo: memo13, reflection } = input;
   const time = timestamp.slice(0, 19).replace("T", " ");
+  const keyFindings = safeList2(memo13.keyFindings);
+  const credentials = safeList2(memo13.credentials);
+  const attackVectors = safeList2(memo13.attackVectors);
+  const failures = safeList2(memo13.failures);
+  const suspicions = safeList2(memo13.suspicions);
+  const nextSteps = safeList2(memo13.nextSteps);
   const sections = [];
   sections.push(`# Turn ${turn} | ${time} | Phase: ${phase}`);
   sections.push("");
@@ -6913,25 +7046,25 @@ function formatTurnRecord(input) {
   }
   sections.push("");
   sections.push(`## ${TURN_SECTIONS.KEY_INSIGHTS}`);
-  if (memo13.keyFindings.length > 0) {
-    for (const f of memo13.keyFindings) sections.push(`- ${INSIGHT_TAGS.DISCOVERED}: ${f}`);
+  if (keyFindings.length > 0) {
+    for (const f of keyFindings) sections.push(`- ${INSIGHT_TAGS.DISCOVERED}: ${f}`);
   }
-  if (memo13.credentials.length > 0) {
-    for (const c of memo13.credentials) sections.push(`- ${INSIGHT_TAGS.CREDENTIAL}: ${c}`);
+  if (credentials.length > 0) {
+    for (const c of credentials) sections.push(`- ${INSIGHT_TAGS.CREDENTIAL}: ${c}`);
   }
-  if (memo13.attackVectors.length > 0) {
-    for (const v of memo13.attackVectors) sections.push(`- ${INSIGHT_TAGS.CONFIRMED}: ${v}`);
+  if (attackVectors.length > 0) {
+    for (const v of attackVectors) sections.push(`- ${INSIGHT_TAGS.CONFIRMED}: ${v}`);
   }
-  if (memo13.failures.length > 0) {
-    for (const f of memo13.failures) sections.push(`- ${INSIGHT_TAGS.DEAD_END}: ${f}`);
+  if (failures.length > 0) {
+    for (const f of failures) sections.push(`- ${INSIGHT_TAGS.DEAD_END}: ${f}`);
   }
-  if (memo13.suspicions.length > 0) {
-    for (const s of memo13.suspicions) sections.push(`- ${INSIGHT_TAGS.SUSPICIOUS}: ${s}`);
+  if (suspicions.length > 0) {
+    for (const s of suspicions) sections.push(`- ${INSIGHT_TAGS.SUSPICIOUS}: ${s}`);
   }
-  if (memo13.nextSteps.length > 0) {
-    for (const n of memo13.nextSteps) sections.push(`- ${INSIGHT_TAGS.NEXT}: ${n}`);
+  if (nextSteps.length > 0) {
+    for (const n of nextSteps) sections.push(`- ${INSIGHT_TAGS.NEXT}: ${n}`);
   }
-  if (memo13.keyFindings.length === 0 && memo13.failures.length === 0 && memo13.credentials.length === 0) {
+  if (keyFindings.length === 0 && failures.length === 0 && credentials.length === 0) {
     sections.push(`- ${TURN_EMPTY_MESSAGES.NO_INSIGHTS}`);
   }
   sections.push("");
@@ -6942,6 +7075,9 @@ function formatTurnRecord(input) {
 }
 
 // src/shared/utils/journal/formatters/reflection.ts
+function safeList3(values) {
+  return Array.isArray(values) ? values.filter((value) => typeof value === "string") : [];
+}
 function formatReflectionInput(input) {
   const { tools, memo: memo13, phase, triageMemo } = input;
   const parts = [
@@ -6962,10 +7098,14 @@ function formatReflectionInput(input) {
   parts.push("");
   parts.push("Analyst \uCD94\uCD9C \uBA54\uBAA8:");
   if (memo13) {
-    if (memo13.keyFindings.length > 0) parts.push(`  \uBC1C\uACAC: ${memo13.keyFindings.join(", ")}`);
-    if (memo13.credentials.length > 0) parts.push(`  \uD06C\uB808\uB374\uC15C: ${memo13.credentials.join(", ")}`);
-    if (memo13.failures.length > 0) parts.push(`  \uC2E4\uD328: ${memo13.failures.join(", ")}`);
-    if (memo13.suspicions.length > 0) parts.push(`  \uC758\uC2EC: ${memo13.suspicions.join(", ")}`);
+    const keyFindings = safeList3(memo13.keyFindings);
+    const credentials = safeList3(memo13.credentials);
+    const failures = safeList3(memo13.failures);
+    const suspicions = safeList3(memo13.suspicions);
+    if (keyFindings.length > 0) parts.push(`  \uBC1C\uACAC: ${keyFindings.join(", ")}`);
+    if (credentials.length > 0) parts.push(`  \uD06C\uB808\uB374\uC15C: ${credentials.join(", ")}`);
+    if (failures.length > 0) parts.push(`  \uC2E4\uD328: ${failures.join(", ")}`);
+    if (suspicions.length > 0) parts.push(`  \uC758\uC2EC: ${suspicions.join(", ")}`);
     parts.push(`  \uACF5\uACA9 \uAC00\uCE58: ${memo13.attackValue}`);
   } else {
     parts.push("  (\uBD84\uC11D \uACB0\uACFC \uC5C6\uC74C)");
@@ -6986,7 +7126,6 @@ var Reflector = class extends AuxiliaryLLMBase {
   formatInput(input) {
     return formatReflectionInput({
       tools: input.tools,
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
       memo: input.memo,
       phase: input.phase,
       triageMemo: input.triageMemo
@@ -7003,14 +7142,14 @@ function createReflector(llm) {
   return new Reflector(llm);
 }
 
-// src/engine/auxiliary-llm/summary-regenerator.ts
-var SummaryRegenerator = class extends AuxiliaryLLMBase {
+// src/engine/auxiliary-llm/memory-synth.ts
+var MemorySynth = class extends AuxiliaryLLMBase {
   constructor(llm) {
-    super(llm, { systemPrompt: llmNodeSystemPrompt("summary_regenerator"), logErrors: true });
+    super(llm, { systemPrompt: llmNodeSystemPrompt("memory_synth"), logErrors: true });
   }
   formatInput(input) {
     if (input.existingSummary) {
-      return `Previous summary:
+      return `Previous memory:
 ${input.existingSummary}
 
 Current turn:
@@ -7026,8 +7165,8 @@ ${input.turnData}`;
     return { summary: "", success: false };
   }
 };
-function createSummaryRegenerator(llm) {
-  return new SummaryRegenerator(llm);
+function createMemorySynth(llm) {
+  return new MemorySynth(llm);
 }
 
 // src/engine/auxiliary-llm/playbook-synthesizer.ts
@@ -7142,6 +7281,45 @@ function createTriager(llm) {
   return new Triager(llm);
 }
 
+// src/shared/utils/policy/document.ts
+import fs from "fs";
+import path from "path";
+var DEFAULT_POLICY_DOCUMENT = `# Policy Memory
+
+No persistent user policy has been recorded yet.
+Store only durable constraints, sensitive handling rules, and reusable engagement guidance here.
+`;
+function getPolicyDocumentPath() {
+  return WORKSPACE.POLICY;
+}
+function ensurePolicyDocument() {
+  const filePath = getPolicyDocumentPath();
+  const dirPath = path.dirname(filePath);
+  if (!fs.existsSync(dirPath)) {
+    fs.mkdirSync(dirPath, { recursive: true });
+  }
+  if (!fs.existsSync(filePath)) {
+    fs.writeFileSync(filePath, DEFAULT_POLICY_DOCUMENT, "utf-8");
+  }
+  return filePath;
+}
+function readPolicyDocument() {
+  try {
+    ensurePolicyDocument();
+    return fs.readFileSync(getPolicyDocumentPath(), "utf-8").trim();
+  } catch {
+    return "";
+  }
+}
+function writePolicyDocument(content) {
+  ensurePolicyDocument();
+  fs.writeFileSync(
+    getPolicyDocumentPath(),
+    content.trim() || DEFAULT_POLICY_DOCUMENT,
+    "utf-8"
+  );
+}
+
 // src/engine/auxiliary-llm/strategist.ts
 var Strategist = class extends AuxiliaryLLMBase {
   lastDirective = null;
@@ -7167,6 +7345,8 @@ var Strategist = class extends AuxiliaryLLMBase {
       if (journalSummary) sections.push("", "## Session Journal (past turns summary)", journalSummary);
     } catch {
     }
+    const policyDocument = readPolicyDocument();
+    if (policyDocument) sections.push("", "## Policy Memory", policyDocument);
     const graph = state.attackGraph.toPrompt();
     if (graph) sections.push("", "## Attack Graph", graph);
     const timeline = state.episodicMemory.toPrompt();
@@ -7300,6 +7480,74 @@ function createStrategist(llm) {
   return new Strategist(llm);
 }
 
+// src/engine/auxiliary-llm/input-processor.ts
+function extractTag(content, tag) {
+  const match = content.match(new RegExp(`<${tag}>([\\s\\S]*?)</${tag}>`, "i"));
+  return match?.[1]?.trim() ?? "";
+}
+function parseBoolean(value) {
+  return value.trim().toLowerCase() === "true";
+}
+var InputProcessor = class extends AuxiliaryLLMBase {
+  constructor(llm) {
+    super(llm, {
+      systemPrompt: llmNodeSystemPrompt("input_processor"),
+      logErrors: true
+    });
+  }
+  formatInput(input) {
+    return [
+      "<input-processor-context>",
+      `<has-active-engagement>${String(input.hasActiveEngagement)}</has-active-engagement>`,
+      `<current-objective>${input.currentObjective || "none"}</current-objective>`,
+      "<existing-policy>",
+      input.existingPolicy || "No existing policy document.",
+      "</existing-policy>",
+      "<raw-user-input>",
+      input.rawInput,
+      "</raw-user-input>",
+      "</input-processor-context>"
+    ].join("\n");
+  }
+  parseOutput(response) {
+    const shouldForwardToMain = parseBoolean(extractTag(response, "should_forward_to_main"));
+    const shouldWritePolicy = parseBoolean(extractTag(response, "should_write_policy"));
+    const forwardedInput = extractTag(response, "forwarded_input");
+    const directResponse = extractTag(response, "direct_response");
+    const policyDocument = extractTag(response, "policy_document_markdown");
+    const policyUpdateSummary = extractTag(response, "policy_update_summary");
+    const insightSummary = extractTag(response, "insight_summary");
+    return {
+      shouldForwardToMain,
+      forwardedInput,
+      directResponse,
+      shouldWritePolicy,
+      policyDocument,
+      policyUpdateSummary,
+      insightSummary,
+      success: true
+    };
+  }
+  createFailureOutput(_reason) {
+    return {
+      shouldForwardToMain: true,
+      forwardedInput: "",
+      directResponse: "",
+      shouldWritePolicy: false,
+      policyDocument: "",
+      policyUpdateSummary: "",
+      insightSummary: "",
+      success: false
+    };
+  }
+  handleEmptyResponse() {
+    return this.createFailureOutput("Empty response from LLM");
+  }
+};
+function createInputProcessor(llm) {
+  return new InputProcessor(llm);
+}
+
 // src/domains/engagement/mission.ts
 import { writeFileSync as writeFileSync5, mkdirSync as mkdirSync3 } from "fs";
 import { join as join7 } from "path";
@@ -9769,8 +10017,8 @@ Install: apt-get install binwalk` };
         if (tryPassword(String(password))) {
           results.push(`Extracted with password: "${password}"`);
           try {
-            const { readFileSync: readFileSync5 } = await import("fs");
-            results.push(`Content: ${readFileSync5(outFile, "utf8").slice(0, 1e3)}`);
+            const { readFileSync: readFileSync6 } = await import("fs");
+            results.push(`Content: ${readFileSync6(outFile, "utf8").slice(0, 1e3)}`);
           } catch {
             results.push(`Saved to: ${outFile}`);
           }
@@ -9785,8 +10033,8 @@ Install: apt-get install binwalk` };
             results.push(`Extracted with password: "${pwd}"`);
             found = true;
             try {
-              const { readFileSync: readFileSync5 } = await import("fs");
-              results.push(`Content: ${readFileSync5(outFile, "utf8").slice(0, 1e3)}`);
+              const { readFileSync: readFileSync6 } = await import("fs");
+              results.push(`Content: ${readFileSync6(outFile, "utf8").slice(0, 1e3)}`);
             } catch {
               results.push(`Saved to: ${outFile}`);
             }
@@ -10460,8 +10708,8 @@ function extractFuzzStructured(output) {
   for (const pattern of pathPatterns) {
     let match;
     while ((match = pattern.exec(output)) !== null) {
-      const path2 = match[1] || match[0];
-      const cleanPath = path2.replace(/\s.*$/, "").trim();
+      const path4 = match[1] || match[0];
+      const cleanPath = path4.replace(/\s.*$/, "").trim();
       if (cleanPath.startsWith("/") && !paths.includes(cleanPath)) {
         paths.push(cleanPath);
       }
@@ -10696,6 +10944,19 @@ function autoExtractStructured(toolName, output) {
 
 // src/engine/tool-registry/pipeline.ts
 var PRIVATE_IP_RE = /^(?:10\.|172\.(?:1[6-9]|2\d|3[01])\.|192\.168\.|127\.|0\.)/;
+var RECON_TRIGGER_TOOLS = /* @__PURE__ */ new Set([
+  TOOL_NAMES.RUN_CMD,
+  TOOL_NAMES.BROWSE_URL,
+  TOOL_NAMES.PARSE_NMAP,
+  TOOL_NAMES.WHOIS_LOOKUP,
+  TOOL_NAMES.DNS_RECON,
+  TOOL_NAMES.SUBDOMAIN_ENUM,
+  TOOL_NAMES.HARVESTER,
+  TOOL_NAMES.BINWALK_ANALYZE,
+  TOOL_NAMES.EXIF_DATA,
+  TOOL_NAMES.CHECKSEC,
+  TOOL_NAMES.FILE_INFO
+]);
 function handleOSINTIPs(state, ips, sourceTool) {
   const publicIPs = ips.filter((ip) => !PRIVATE_IP_RE.test(ip)).slice(0, 10);
   const registered = [];
@@ -10707,81 +10968,123 @@ function handleOSINTIPs(state, ips, sourceTool) {
     }
   }
   if (registered.length > 0) {
-    state.episodicMemory.record("tool_success", `OSINT auto-registered ${registered.length} new target(s): ${registered.slice(0, 3).join(", ")}`);
+    state.episodicMemory.record(
+      "tool_success",
+      `OSINT auto-registered ${registered.length} new target(s): ${registered.slice(0, 3).join(", ")}`
+    );
   }
   return `
 [AUTO-EXTRACTED] ${publicIPs.length} IP(s) discovered: ${publicIPs.slice(0, 5).join(", ")}`;
 }
-var RECON_TRIGGER_TOOLS = /* @__PURE__ */ new Set([
-  TOOL_NAMES.RUN_CMD,
-  TOOL_NAMES.BROWSE_URL,
-  TOOL_NAMES.PARSE_NMAP,
-  // IMP-12: OSINT tools produce recon data that can identify challenge type
-  TOOL_NAMES.WHOIS_LOOKUP,
-  TOOL_NAMES.DNS_RECON,
-  TOOL_NAMES.SUBDOMAIN_ENUM,
-  TOOL_NAMES.HARVESTER,
-  // IMP-5: Forensics analysis output useful for challenge identification
-  TOOL_NAMES.BINWALK_ANALYZE,
-  TOOL_NAMES.EXIF_DATA,
-  // IMP-3: Binary analysis first step
-  TOOL_NAMES.CHECKSEC,
-  TOOL_NAMES.FILE_INFO
-]);
-function runPostExecutionPipeline(state, toolCall, result) {
-  const command = String(toolCall.input.command || toolCall.input.url || toolCall.input.query || JSON.stringify(toolCall.input));
-  if (result.success) {
-    state.workingMemory.recordSuccess(toolCall.name, command, result.output || "");
-  } else {
-    state.workingMemory.recordFailure(toolCall.name, command, result.error || "Unknown error");
-    state.dynamicTechniques.recordFailure(command);
-  }
-  if (result.success && result.output) {
-    const structured = autoExtractStructured(toolCall.name, result.output);
-    if (structured) {
-      const additions = [];
-      if (structured.credentials?.length) {
-        additions.push(`
-[AUTO-EXTRACTED] ${structured.credentials.length} credential(s) found`);
-      }
-      if (structured.vulnerabilities?.length) {
-        additions.push(`
-[AUTO-EXTRACTED] ${structured.vulnerabilities.length} CVE reference(s) found`);
-      }
-      if (structured.binaryAnalysisSummary) {
-        additions.push(`
+function buildCommand(toolCall) {
+  return String(
+    toolCall.input.command || toolCall.input.url || toolCall.input.query || JSON.stringify(toolCall.input)
+  );
+}
+var recordWorkingMemoryStep = {
+  name: "working_memory_update",
+  run(ctx) {
+    if (ctx.result.success) {
+      ctx.state.workingMemory.recordSuccess(ctx.toolCall.name, ctx.command, ctx.result.output || "");
+      return;
+    }
+    ctx.state.workingMemory.recordFailure(
+      ctx.toolCall.name,
+      ctx.command,
+      ctx.result.error || "Unknown error"
+    );
+    ctx.state.dynamicTechniques.recordFailure(ctx.command);
+  }
+};
+var extractStructuredOutputStep = {
+  name: "structured_extraction",
+  run(ctx) {
+    if (!ctx.result.success || !ctx.result.output) return;
+    ctx.structured = autoExtractStructured(ctx.toolCall.name, ctx.result.output);
+  }
+};
+var annotateStructuredOutputStep = {
+  name: "output_annotation",
+  run(ctx) {
+    if (!ctx.structured) return;
+    if (ctx.structured.credentials?.length) {
+      ctx.outputAdditions.push(`
+[AUTO-EXTRACTED] ${ctx.structured.credentials.length} credential(s) found`);
+    }
+    if (ctx.structured.vulnerabilities?.length) {
+      ctx.outputAdditions.push(`
+[AUTO-EXTRACTED] ${ctx.structured.vulnerabilities.length} CVE reference(s) found`);
+    }
+    if (ctx.structured.binaryAnalysisSummary) {
+      ctx.outputAdditions.push(`
 [AUTO-EXTRACTED] Binary analysis:
-${structured.binaryAnalysisSummary}`);
-      }
-      if (structured.discoveredIPs?.length) {
-        additions.push(handleOSINTIPs(state, structured.discoveredIPs, toolCall.name));
-      }
-      if (structured.discoveredSubdomains?.length) {
-        for (const sub of structured.discoveredSubdomains.slice(0, 20)) {
-          state.attackGraph.addOSINT("subdomain", sub, { source: toolCall.name });
-        }
-      }
-      if (structured.cryptoWeaknesses?.length) {
-        additions.push(`
-[AUTO-EXTRACTED] Crypto weaknesses: ${structured.cryptoWeaknesses.join("; ")}`);
-      }
-      if (structured.stegoHints?.length) {
-        additions.push(`
-[AUTO-EXTRACTED] Stego hints: ${structured.stegoHints.join("; ")}`);
-      }
-      if (additions.length > 0) {
-        result.output += additions.join("");
-      }
+${ctx.structured.binaryAnalysisSummary}`);
+    }
+    if (ctx.structured.cryptoWeaknesses?.length) {
+      ctx.outputAdditions.push(
+        `
+[AUTO-EXTRACTED] Crypto weaknesses: ${ctx.structured.cryptoWeaknesses.join("; ")}`
+      );
+    }
+    if (ctx.structured.stegoHints?.length) {
+      ctx.outputAdditions.push(`
+[AUTO-EXTRACTED] Stego hints: ${ctx.structured.stegoHints.join("; ")}`);
     }
   }
-  if (result.success && !state.getChallengeAnalysis()) {
-    if (RECON_TRIGGER_TOOLS.has(toolCall.name) && result.output && result.output.length > MIN_RECON_OUTPUT_LENGTH) {
-      const analysis = analyzeChallenge(result.output);
-      if (analysis.confidence > MIN_CHALLENGE_CONFIDENCE) {
-        state.setChallengeAnalysis(analysis);
+};
+var registerOSINTDiscoveriesStep = {
+  name: "osint_target_registration",
+  run(ctx) {
+    if (!ctx.structured) return;
+    if (ctx.structured.discoveredIPs?.length) {
+      ctx.outputAdditions.push(handleOSINTIPs(ctx.state, ctx.structured.discoveredIPs, ctx.toolCall.name));
+    }
+    if (ctx.structured.discoveredSubdomains?.length) {
+      for (const sub of ctx.structured.discoveredSubdomains.slice(0, 20)) {
+        ctx.state.attackGraph.addOSINT("subdomain", sub, { source: ctx.toolCall.name });
       }
     }
   }
+};
+var flushOutputAnnotationsStep = {
+  name: "flush_output_annotation",
+  run(ctx) {
+    if (ctx.outputAdditions.length === 0) return;
+    ctx.result.output += ctx.outputAdditions.join("");
+  }
+};
+var detectChallengeStep = {
+  name: "challenge_detection",
+  run(ctx) {
+    if (!ctx.result.success || ctx.state.getChallengeAnalysis()) return;
+    if (!RECON_TRIGGER_TOOLS.has(ctx.toolCall.name)) return;
+    if (!ctx.result.output || ctx.result.output.length <= MIN_RECON_OUTPUT_LENGTH) return;
+    const analysis = analyzeChallenge(ctx.result.output);
+    if (analysis.confidence > MIN_CHALLENGE_CONFIDENCE) {
+      ctx.state.setChallengeAnalysis(analysis);
+    }
+  }
+};
+var POST_EXECUTION_STEPS = [
+  recordWorkingMemoryStep,
+  extractStructuredOutputStep,
+  annotateStructuredOutputStep,
+  registerOSINTDiscoveriesStep,
+  flushOutputAnnotationsStep,
+  detectChallengeStep
+];
+function runPostExecutionPipeline(state, toolCall, result) {
+  const ctx = {
+    state,
+    toolCall,
+    result,
+    command: buildCommand(toolCall),
+    structured: null,
+    outputAdditions: []
+  };
+  for (const step of POST_EXECUTION_STEPS) {
+    step.run(ctx);
+  }
 }
 
 // src/engine/tool-registry/core.ts
@@ -11446,12 +11749,12 @@ function trackBlockedPattern(progress, toolName, errorLower) {
 }
 function appendBlockedCommandHints(lines, errorLower) {
   if (errorLower.includes("pipe target") || errorLower.includes("injection")) {
-    lines.push(`Fix: Use the tool's built-in output options instead of shell pipes.`);
+    lines.push(`Fix: Use the tool's native output or formatting options instead of shell pipes.`);
     lines.push(`Alternative approaches:`);
     lines.push(`  1. Save output to file: command > ${WORK_DIR}/output.txt, then use read_file("${WORK_DIR}/output.txt")`);
-    lines.push(`  2. Use tool-specific flags: nmap -oN ${WORK_DIR}/scan.txt, curl -o ${WORK_DIR}/page.html`);
-    lines.push(`  3. Use browse_url for web content instead of curl | grep`);
-    lines.push(`  4. If filtering output: run the command first, then read_file + parse results`);
+    lines.push(`  2. Discover the tool's own output flag via --help and use that instead of shell chaining`);
+    lines.push(`  3. If the target is web content, prefer a dedicated browser/web tool over shell text filtering`);
+    lines.push(`  4. If filtering output: run the command first, then read_file + parse the result in a second step`);
   } else if (errorLower.includes("redirect")) {
     lines.push(`Fix: Redirect to ${WORK_DIR}/ path.`);
     lines.push(`Example: command > ${WORK_DIR}/output.txt or command 2>&1 > ${WORK_DIR}/errors.txt`);
@@ -11650,14 +11953,23 @@ function extractHypothesizedReason(failureLine) {
 }
 
 // src/shared/utils/context-digest/formatters.ts
+function safeList4(values) {
+  return Array.isArray(values) ? values.filter((value) => typeof value === "string") : [];
+}
 function formatContextForLLM(memo13) {
   const compact = {};
-  if (memo13.keyFindings.length > 0) compact.findings = memo13.keyFindings;
-  if (memo13.credentials.length > 0) compact.credentials = memo13.credentials;
-  if (memo13.attackVectors.length > 0) compact.attackVectors = memo13.attackVectors;
-  if (memo13.failures.length > 0) compact.failures = memo13.failures;
-  if (memo13.suspicions.length > 0) compact.suspicions = memo13.suspicions;
-  if (memo13.nextSteps.length > 0) compact.nextSteps = memo13.nextSteps;
+  const keyFindings = safeList4(memo13.keyFindings);
+  const credentials = safeList4(memo13.credentials);
+  const attackVectors = safeList4(memo13.attackVectors);
+  const failures = safeList4(memo13.failures);
+  const suspicions = safeList4(memo13.suspicions);
+  const nextSteps = safeList4(memo13.nextSteps);
+  if (keyFindings.length > 0) compact.findings = keyFindings;
+  if (credentials.length > 0) compact.credentials = credentials;
+  if (attackVectors.length > 0) compact.attackVectors = attackVectors;
+  if (failures.length > 0) compact.failures = failures;
+  if (suspicions.length > 0) compact.suspicions = suspicions;
+  if (nextSteps.length > 0) compact.nextSteps = nextSteps;
   compact.attackValue = memo13.attackValue;
   if (memo13.reflection) compact.reflection = memo13.reflection;
   return JSON.stringify(compact);
@@ -12315,8 +12627,8 @@ function getTechniquesDir() {
   return _techniquesDir;
 }
 function loadPromptFile(filename) {
-  const path2 = join10(getPromptsDir(), filename);
-  return existsSync6(path2) ? readFileSync3(path2, PROMPT_CONFIG.ENCODING) : "";
+  const path4 = join10(getPromptsDir(), filename);
+  return existsSync6(path4) ? readFileSync3(path4, PROMPT_CONFIG.ENCODING) : "";
 }
 function loadTechniqueFile(techniqueName) {
   const filename = techniqueName.endsWith(".md") ? techniqueName : `${techniqueName}.md`;
@@ -12330,14 +12642,20 @@ function loadTechniqueFile(techniqueName) {
 }
 
 // src/agents/prompt-builder/fragments/core.ts
+function safeList5(values) {
+  return Array.isArray(values) ? values.filter((value) => typeof value === "string") : [];
+}
 function buildScopeFragment(state) {
   const scope = state.getScope();
   if (!scope) return PROMPT_DEFAULTS.NO_SCOPE;
+  const allowedCidrs = safeList5(scope.allowedCidrs);
+  const allowedDomains = safeList5(scope.allowedDomains);
+  const exclusions = safeList5(scope.exclusions);
   const flags = `DOS Allowed: ${scope.isDOSAllowed} | Social Engineering Allowed: ${scope.isSocialAllowed}`;
   return PROMPT_XML.SCOPE(
-    scope.allowedCidrs.join(", ") || "none",
-    scope.allowedDomains.join(", ") || "none",
-    scope.exclusions.join(", ") || "none",
+    allowedCidrs.join(", ") || "none",
+    allowedDomains.join(", ") || "none",
+    exclusions.join(", ") || "none",
     flags
   );
 }
@@ -12457,7 +12775,7 @@ ${summary}
 </session-journal>`;
     }
     if (olderTurns.length > 0) {
-      const indexLines = olderTurns.slice(-10).map((n) => `.pentesting/turns/${n}.md`).join("\n");
+      const indexLines = olderTurns.slice(-10).map((n) => `.pentesting/turns/${n}-memory.md`).join("\n");
       const ellipsis = olderTurns.length > 10 ? `
   ... (${olderTurns.length - 10} earlier turns \u2014 check .pentesting/turns/)` : "";
       output += `
@@ -12477,6 +12795,8 @@ function buildUserContextFragment(userInput) {
 }
 
 // src/agents/prompt-builder/yaml-layer-executor.ts
+import { existsSync as existsSync7, readFileSync as readFileSync4 } from "fs";
+import path2 from "path";
 var STATE_FRAGMENT_REGISTRY = {
   "state.scope": (ctx) => buildScopeFragment(ctx.state),
   "state.todo": (ctx) => buildTodoFragment(ctx.state),
@@ -12508,7 +12828,7 @@ async function executeLayer(layer, ctx) {
       case "static":
         return layer.content?.trim() ?? null;
       case "file_read":
-        return buildJournalFragment() || null;
+        return executeFileReadLayer(layer) || null;
       case "user_input":
         return buildUserContextFragment(ctx.userInput) || null;
       case "memory": {
@@ -12522,6 +12842,21 @@ async function executeLayer(layer, ctx) {
     return null;
   }
 }
+function executeFileReadLayer(layer) {
+  const source = layer.source?.trim();
+  if (!source) return null;
+  if (source.includes("{N-1}")) {
+    return buildJournalFragment() || null;
+  }
+  const absolutePath = path2.resolve(process.cwd(), source);
+  if (!existsSync7(absolutePath)) return null;
+  const content = readFileSync4(absolutePath, "utf-8").trim();
+  if (!content) return null;
+  if (layer.wrap) {
+    return layer.wrap.replace("{content}", content);
+  }
+  return content;
+}
 function executeFileLayer(layer) {
   if (!layer.source) return null;
   const parts = layer.source.split("/");
@@ -12640,6 +12975,9 @@ function isPipelineNode(step) {
 }
 
 // src/engine/pipeline/runner.ts
+function collectChangedMemoryKeys(base, next) {
+  return Object.keys(next).filter((key) => !Object.is(base[key], next[key]));
+}
 var PipelineRunner = class {
   /**
    * Recursively execute a pipeline step.
@@ -12677,7 +13015,29 @@ var PipelineRunner = class {
       return;
     }
     if ("parallel" in step) {
-      await Promise.all(step.parallel.map((s) => this.execute(s, ctx)));
+      const branchResults = await Promise.all(step.parallel.map(async (s) => {
+        const localMemory = { ...ctx.memory };
+        const branchCtx = { ...ctx, memory: localMemory };
+        await this.execute(s, branchCtx);
+        return localMemory;
+      }));
+      const collisions = /* @__PURE__ */ new Set();
+      const baseMemory = { ...ctx.memory };
+      for (const branchMemory of branchResults) {
+        const changedKeys = collectChangedMemoryKeys(baseMemory, branchMemory);
+        for (const key of changedKeys) {
+          if (Object.prototype.hasOwnProperty.call(ctx.memory, key) && !Object.is(ctx.memory[key], baseMemory[key])) {
+            collisions.add(key);
+            continue;
+          }
+          ctx.memory[key] = branchMemory[key];
+        }
+      }
+      if (collisions.size > 0) {
+        throw new Error(
+          `PipelineRunner parallel memory collision on key(s): ${Array.from(collisions).join(", ")}`
+        );
+      }
       return;
     }
     if ("condition" in step) {
@@ -12732,7 +13092,7 @@ var ActionNode = class {
 var flagsCaptured = (ctx) => ctx.flagsAfter > ctx.flagsBefore;
 
 // src/engine/pipeline/loader.ts
-import { readFileSync as readFileSync4 } from "fs";
+import { readFileSync as readFileSync5 } from "fs";
 import { join as join11 } from "path";
 import { parse as yamlParse } from "yaml";
 
@@ -12853,32 +13213,45 @@ var makeSynthesizePlaybook = (llm, opts) => async (ctx) => {
 // src/agents/main-agent/turn-recorder.ts
 import { writeFileSync as writeFileSync7 } from "fs";
 async function recordTurn(context) {
-  const { turnCounter, toolJournal, summaryRegenerator } = context;
+  const { turnCounter, toolJournal, memorySynth } = context;
   if (toolJournal.length === 0) return turnCounter;
   try {
-    await writeTurnInsight(turnCounter, summaryRegenerator, context);
+    await writeTurnInsight(turnCounter, memorySynth, context);
     rotateTurnRecords();
   } catch {
   }
   return turnCounter + 1;
 }
-async function writeTurnInsight(turnCounter, summaryRegenerator, ctx) {
+async function writeTurnInsight(turnCounter, memorySynth, ctx) {
   const { phase, toolJournal, memo: memo13, reflections } = ctx;
+  const fallbackNextSteps = Array.isArray(memo13.nextSteps) ? memo13.nextSteps : [];
   const turnData = formatTurnRecord({
     turn: turnCounter,
     timestamp: (/* @__PURE__ */ new Date()).toISOString(),
     phase,
     tools: toolJournal,
     memo: memo13,
-    reflection: reflections.length > 0 ? reflections.join(" | ") : memo13.nextSteps.join("; ")
+    reflection: reflections.length > 0 ? reflections.join(" | ") : fallbackNextSteps.join("; ")
   });
   const existingSummary = readJournalSummary();
   try {
-    const result = await summaryRegenerator.execute({ existingSummary, turnData });
+    const result = await memorySynth.execute({ existingSummary, turnData });
     if (result.success && result.summary) {
       ensureDirExists(WORKSPACE.TURNS);
-      writeFileSync7(WORKSPACE.turnPath(turnCounter), result.summary, "utf-8");
-      flowLog("\u2465SummaryRegen", "\u2192", `turns/${turnCounter}.md`, `${result.summary.length}B`);
+      const memoryFile = buildTurnMemoryDocument({
+        turn: turnCounter,
+        phase,
+        generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+        writtenBy: "memory_synth",
+        inputSources: [
+          "previous_turn_memory",
+          "current_turn_record"
+        ],
+        notesIncluded: reflections.length > 0 ? ["analyst_memo", "turn_reviews"] : ["analyst_memo"],
+        memoryBody: result.summary
+      });
+      writeFileSync7(WORKSPACE.turnPath(turnCounter), memoryFile, "utf-8");
+      flowLog("\u2465MemorySynth", "\u2192", `turns/${turnCounter}-memory.md`, `${memoryFile.length}B`);
     } else {
       regenerateJournalSummary();
     }
@@ -12887,27 +13260,158 @@ async function writeTurnInsight(turnCounter, summaryRegenerator, ctx) {
   }
 }
 
+// src/engine/verifier/turn-verifier.ts
+function asStringArray(values) {
+  return Array.isArray(values) ? values.filter((value) => typeof value === "string") : [];
+}
+function uniq(values) {
+  const safeValues = asStringArray(values);
+  if (safeValues.length === 0) return [];
+  return [...new Set(safeValues.map((v) => v.trim()).filter(Boolean))];
+}
+function parseInputSummary(inputSummary) {
+  try {
+    const parsed = JSON.parse(inputSummary);
+    return parsed && typeof parsed === "object" ? parsed : null;
+  } catch {
+    return null;
+  }
+}
+function verifyStateConsistency(ctx) {
+  const issues = [];
+  const lootDetails = ctx.state.getLoot().map((item) => item.detail.toLowerCase());
+  const findingTexts = ctx.state.getFindings().map((item) => `${item.title}
+${item.description}`.toLowerCase());
+  for (const credential of uniq(ctx.memo?.credentials)) {
+    if (!lootDetails.some((detail) => detail.includes(credential.toLowerCase()))) {
+      issues.push({
+        severity: "error",
+        code: "state_consistency",
+        message: `Analyst extracted credential "${credential}" but state.loot does not contain it.`
+      });
+    }
+  }
+  if (ctx.memo?.attackValue === "HIGH" || ctx.memo?.attackValue === "MED") {
+    for (const vector of uniq(ctx.memo?.attackVectors)) {
+      const needle = vector.toLowerCase().slice(0, 80);
+      if (!findingTexts.some((text) => text.includes(needle))) {
+        issues.push({
+          severity: "warning",
+          code: "state_consistency",
+          message: `Analyst marked attack vector "${vector}" but no matching finding was recorded.`
+        });
+      }
+    }
+  }
+  return issues;
+}
+function verifyScopeConsistency(ctx) {
+  if (getScopeMode() !== "enforce") return [];
+  const issues = [];
+  const guard = new ScopeGuard(ctx.state, "enforce");
+  for (const tool of ctx.journal) {
+    if (!tool.success) continue;
+    const parsedInput = parseInputSummary(tool.inputSummary);
+    if (!parsedInput) continue;
+    const serialized = JSON.stringify(parsedInput);
+    const targets = Array.from(guard.extractTargets(serialized));
+    const violations = targets.filter((target) => !guard.isTargetInScope(target));
+    if (violations.length === 0) continue;
+    issues.push({
+      severity: "error",
+      code: "scope_violation",
+      message: `Successful tool ${tool.name} referenced out-of-scope target(s): ${violations.join(", ")}`
+    });
+  }
+  return issues;
+}
+function verifyAskUserUsage(ctx) {
+  const issues = [];
+  const askUserCalls = ctx.journal.filter((tool) => tool.name === TOOL_NAMES.ASK_USER && tool.success);
+  const nonSensitive = [];
+  for (const call of askUserCalls) {
+    const parsed = parseInputSummary(call.inputSummary);
+    const inputType = String(parsed?.input_type || "text");
+    const question = String(parsed?.question || "");
+    if (!SENSITIVE_INPUT_TYPES.includes(inputType)) {
+      nonSensitive.push({ inputType, question });
+    }
+  }
+  if (nonSensitive.length > 0) {
+    issues.push({
+      severity: "warning",
+      code: "ask_user_overuse",
+      message: `Non-sensitive ask_user used ${nonSensitive.length} time(s): ${nonSensitive.map((item) => `${item.inputType}:${item.question.slice(0, 80)}`).join(" | ")}`
+    });
+  }
+  if (askUserCalls.length > 1) {
+    issues.push({
+      severity: "warning",
+      code: "ask_user_overuse",
+      message: `ask_user was called ${askUserCalls.length} times in one turn.`
+    });
+  }
+  return issues;
+}
+function formatSummary(issues) {
+  if (issues.length === 0) return "[VERIFIER] OK - no rule violations detected";
+  const errorCount = issues.filter((issue) => issue.severity === "error").length;
+  const warningCount = issues.filter((issue) => issue.severity === "warning").length;
+  const lines = [`[VERIFIER] ${errorCount} error(s), ${warningCount} warning(s)`];
+  for (const issue of issues.slice(0, 5)) {
+    lines.push(`- ${issue.severity.toUpperCase()} ${issue.code}: ${issue.message}`);
+  }
+  return lines.join("\n");
+}
+function verifyTurnContext(ctx) {
+  const issues = [
+    ...verifyStateConsistency(ctx),
+    ...verifyScopeConsistency(ctx),
+    ...verifyAskUserUsage(ctx)
+  ];
+  return {
+    ok: !issues.some((issue) => issue.severity === "error"),
+    issues,
+    summary: formatSummary(issues)
+  };
+}
+
 // src/engine/pipeline/handlers/turn-mgmt.ts
+function resolveCurrentTurnCounter(memory) {
+  return typeof memory.turnCounter === "number" ? memory.turnCounter : Math.max(1, (getNextTurnNumber() || 2) - 1);
+}
+function collectTurnReflections(ctx) {
+  return [
+    ...ctx.state.lastReflection ? [ctx.state.lastReflection] : [],
+    ...typeof ctx.memory.turn_verifier_summary === "string" ? [ctx.memory.turn_verifier_summary] : []
+  ];
+}
 var makeWriteInsight = (llm, _opts) => async (ctx) => {
   if (!llm) return { success: false };
-  const turnCounter = typeof ctx.memory.turnCounter === "number" ? ctx.memory.turnCounter : Math.max(1, (getNextTurnNumber() || 2) - 1);
+  const turnCounter = resolveCurrentTurnCounter(ctx.memory);
   await recordTurn({
     turnCounter,
     phase: ctx.state.getPhase(),
     toolJournal: ctx.journal,
     memo: ctx.memo,
-    reflections: ctx.state.lastReflection ? [ctx.state.lastReflection] : [],
-    summaryRegenerator: createSummaryRegenerator(llm)
+    reflections: collectTurnReflections(ctx),
+    memorySynth: createMemorySynth(llm)
   });
   return { success: true };
 };
+var makeVerifyTurn = (_llm, _opts) => async (ctx) => {
+  const report = verifyTurnContext(ctx);
+  ctx.memory.turn_verifier_report = report;
+  ctx.memory.turn_verifier_summary = report.summary;
+  return { success: report.ok, output: report };
+};
 var makeRotateTurns = (_llm, _opts) => async (_ctx) => {
   rotateTurnRecords();
   return { success: true };
 };
 var makeSaveSession = (_llm, _opts) => async (ctx) => {
   try {
-    const { saveState: saveState2 } = await import("./persistence-RDC7AENL.js");
+    const { saveState: saveState2 } = await import("./persistence-7FTYXIZY.js");
     saveState2(ctx.state);
   } catch {
   }
@@ -12915,9 +13419,26 @@ var makeSaveSession = (_llm, _opts) => async (ctx) => {
 };
 
 // src/engine/pipeline/handlers/core-loop.ts
-var makeDrainUserInput = (_llm, _opts) => async (ctx) => {
+var makeProcessUserInput = (_llm, _opts) => async (ctx) => {
   if (!ctx.controller) return { success: true };
-  ctx.controller.drainUserInput(ctx.messages);
+  const result = await ctx.controller.processUserInputTurn();
+  const shouldForward = result?.shouldForwardToMain !== false;
+  ctx.memory.should_forward_to_main = shouldForward;
+  if (!shouldForward) {
+    const directResponse = typeof result?.directResponse === "string" ? result.directResponse : "";
+    ctx.memory.output = directResponse;
+    ctx.memory.short_circuit_response = ctx.memory.output;
+    ctx.memory.has_tool_calls = false;
+    ctx.memory.isCompleted = true;
+    if (directResponse.trim() && ctx.events) {
+      const phase = ctx.state.getPhase();
+      ctx.events.emit({
+        type: EVENT_TYPES.AI_RESPONSE,
+        timestamp: Date.now(),
+        data: { content: directResponse.trim(), phase }
+      });
+    }
+  }
   return { success: true };
 };
 var makeBuildSystemPrompt = (_llm, _opts) => async (ctx) => {
@@ -12928,6 +13449,12 @@ var makeBuildSystemPrompt = (_llm, _opts) => async (ctx) => {
 };
 var makeCoreInference = (_llm, _opts) => async (ctx) => {
   if (!ctx.controller) throw new Error("AgentController missing in context");
+  if (ctx.memory.short_circuit_response) {
+    ctx.memory.output = ctx.memory.short_circuit_response;
+    ctx.memory.has_tool_calls = false;
+    ctx.memory.isCompleted = true;
+    return { success: true };
+  }
   const prompt = ctx.memory.system_prompt;
   if (!prompt) throw new Error("core_inference: system_prompt missing \u2014 build_system_prompt must run before core_inference");
   const { output, toolCalls, hadReasoningEnd } = await ctx.controller.runLLMInference(ctx, prompt);
@@ -12959,11 +13486,12 @@ var ACTION_HANDLER_REGISTRY = {
   replace_messages_from_memory: makeReplaceMessagesFromMemory,
   synthesize_playbook: makeSynthesizePlaybook,
   // ── Turn lifecycle handlers ─────────────────────────────────────────────
+  verify_turn: makeVerifyTurn,
   write_insight: makeWriteInsight,
   rotate_turns: makeRotateTurns,
   save_session: makeSaveSession,
   // ── Core agent loop handlers ────────────────────────────────────────────
-  drain_user_input: makeDrainUserInput,
+  process_user_input: makeProcessUserInput,
   build_system_prompt: makeBuildSystemPrompt,
   core_inference: makeCoreInference,
   core_tool_execution: makeCoreToolExecution
@@ -13031,11 +13559,6 @@ function buildStepV2(raw, nodeMap, conditions) {
     throw new Error(`Invalid pipeline step: ${JSON.stringify(raw)}`);
   }
   const r = raw;
-  if ("node" in r && typeof r["node"] === "string") {
-    const node = nodeMap.get(r["node"]);
-    if (!node) throw new Error(`Unknown node reference: "${r["node"]}". Declare it in nodes: section.`);
-    return node;
-  }
   if ("serial" in r && Array.isArray(r["serial"])) {
     return { serial: r["serial"].map((s) => buildStepV2(s, nodeMap, conditions)) };
   }
@@ -13055,18 +13578,16 @@ function buildStepV2(raw, nodeMap, conditions) {
   }
   throw new Error(`Unrecognized step shape: ${JSON.stringify(raw)}`);
 }
-function loadPipeline(yamlPath, registryOrOptions, legacyKey) {
-  const content = readFileSync4(yamlPath, "utf-8");
+function loadPipeline(yamlPath, options) {
+  const content = readFileSync5(yamlPath, "utf-8");
   const config = yamlParse(content);
-  const key = legacyKey ?? registryOrOptions.key ?? "post_step";
+  const key = options.key ?? "post_step";
   const raw = config[key];
   if (!raw) throw new Error(`Pipeline key "${key}" not found in ${yamlPath}`);
-  if ("llm" in registryOrOptions && config.nodes) {
-    return loadV2(config, raw, registryOrOptions);
-  }
-  return buildStepV1(raw, registryOrOptions);
+  if (!config.nodes) throw new Error(`Pipeline config in ${yamlPath} must declare a nodes: section.`);
+  return loadCurrent(config, raw, options);
 }
-function loadV2(config, pipelineRaw, opts) {
+function loadCurrent(config, pipelineRaw, opts) {
   const llm = opts.llm;
   const conditions = opts.conditions ?? {};
   const nodeDefs = config.nodes ?? {};
@@ -13082,33 +13603,6 @@ function loadV2(config, pipelineRaw, opts) {
   }
   return buildStepV2(pipelineRaw, nodeMap, conditions);
 }
-function buildStepV1(raw, registry) {
-  if (!raw || typeof raw !== "object") {
-    throw new Error(`Invalid pipeline step: ${JSON.stringify(raw)}`);
-  }
-  const r = raw;
-  if ("node" in r) {
-    const id = r["node"];
-    const factory = registry.nodes[id];
-    if (!factory) throw new Error(`Unknown node: "${id}". Register it in node-registry.ts.`);
-    return factory(id);
-  }
-  if ("serial" in r && Array.isArray(r["serial"])) {
-    return { serial: r["serial"].map((s) => buildStepV1(s, registry)) };
-  }
-  if ("parallel" in r && Array.isArray(r["parallel"])) {
-    return { parallel: r["parallel"].map((s) => buildStepV1(s, registry)) };
-  }
-  if ("when" in r) {
-    const condName = r["when"];
-    const cond = registry.conditions[condName];
-    if (!cond) throw new Error(`Unknown condition: "${condName}".`);
-    const then = buildStepV1(r["then"], registry);
-    const otherwise = "else" in r ? buildStepV1(r["else"], registry) : void 0;
-    return { condition: cond, then, else: otherwise };
-  }
-  throw new Error(`Unrecognized step shape: ${JSON.stringify(raw)}`);
-}
 function resolvePipelineYaml(relativePath) {
   return join11(process.cwd(), relativePath);
 }
@@ -13129,181 +13623,15 @@ function getConditionRegistry() {
     // Fires when ≥ 2 SUCCEEDED attack graph nodes exist (works without flags)
     has_exploit_chain: hasExploitChain,
     // Fires when the LLM returned tool calls to execute
-    has_tool_calls: (ctx) => ctx.memory.has_tool_calls === true
+    has_tool_calls: (ctx) => ctx.memory.has_tool_calls === true,
+    // Fires when input processing decided the main agent should continue.
+    should_forward_to_main: (ctx) => ctx.memory.should_forward_to_main !== false
   };
 }
 
-// src/agents/user-input/constants.ts
-var RECENT_MESSAGE_THRESHOLD_SECONDS = 5;
-
-// src/agents/user-input/intent/header.ts
-var INTENT_HEADER = `
-<user-message priority="INTERRUPT">
-\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
-\u26A1 USER MESSAGE \u2014 STOP. READ THIS FIRST. THEN ACT.
-\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
-
-The user sent the following message(s) WHILE you are actively working.
-This message takes PRECEDENCE over your current plan. Process it NOW.
-
-IMPORTANT RULES:
-- If the user is repeating themselves, it means you MISSED or IGNORED their previous message.
-- Check your Working Memory for the correct value before proceeding.
-- NEVER continue with an incorrect value after a correction, even if it appears in a SUCCESS log.
-- Working Memory success logs are NOT ground truth \u2014 user corrections override them.
-
-<<USER_MESSAGES>>
-`;
-
-// src/agents/user-input/intent/classification.ts
-var INTENT_CLASSIFICATION = `
-\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
-\xA71. INTENT CLASSIFICATION (Chain-of-Thought \u2014 MANDATORY)
-\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
-
-You MUST internally reason through this decision tree IN ORDER.
-Stop at the FIRST matching category \u2014 do NOT skip ahead.
-
-\u250C\u2500 STEP 1: Is the user telling you to STOP or ABORT?
-\u2502  Signals: "stop", "abort", "cancel", "enough", "halt", "wait"
-\u2502  \u2192 CATEGORY: ABORT
-\u2502  \u2192 ACTION: Immediately stop current tool execution.
-\u2502            Use \`ask_user\` to confirm: "Understood, stopping. What would you like me to do next?"
-\u2502
-\u251C\u2500 STEP 2: Is the user CORRECTING you or saying you're WRONG?
-\u2502  Signals: "that's wrong", "don't do that", "stop doing X", "you already tried that",
-\u2502           "not that way", "I said X not Y", negative feedback on your actions,
-\u2502           spelling corrections ("you wrote X, it should be Y"),
-\u2502           name corrections ("that's not the right username/target/domain")
-\u2502  \u2192 CATEGORY: CORRECTION
-\u2502  \u2192 ACTION: 1. Acknowledge the error in ONE sentence (do NOT apologize excessively).
-\u2502            2. IMMEDIATELY fix the mistake and resume work with the correct value.
-\u2502            3. Do NOT use \`ask_user\` for confirmation \u2014 fix it and continue.
-\u2502            4. NEVER repeat the same wrong value after a correction.
-\u2502
-\u251C\u2500 STEP 3: Is the user providing ACTIONABLE INFORMATION?
-\u2502  Signals: credentials, passwords, usernames, file paths, endpoints, API keys,
-\u2502           ports, version numbers, IP addresses, hints about the target
-\u2502  \u2192 CATEGORY: INFORMATION
-\u2502  \u2192 ACTION: 1. Store with \`add_loot\` (if credentials) or remember contextually.
-\u2502            2. USE this information immediately in your next tool call.
-\u2502            3. Do NOT ask "should I use this?" \u2014 just use it.
-\u2502            Example: User says "password is admin123"
-\u2502            \u2192 Immediately try those credentials on all discovered login surfaces.
-\u2502
-\u251C\u2500 STEP 4: Is the user giving a DIRECT COMMAND to execute something?
-\u2502  Signals: imperative verb + specific action: "run X", "scan Y", "exploit Z",
-\u2502           "try X on Y", "use sqlmap", "brute force SSH"
-\u2502  \u2192 CATEGORY: COMMAND
-\u2502  \u2192 ACTION: Execute EXACTLY what the user asked. No more, no less.
-\u2502            Do NOT add extra scans or "while we're at it" actions.
-\u2502            Do NOT ask for confirmation \u2014 the user already decided.
-\u2502
-\u251C\u2500 STEP 5: Is the user changing the TARGET or SCOPE?
-\u2502  Signals: new IP/domain, "switch to", "add target", "remove target",
-\u2502           "also attack X", "change scope"
-\u2502  \u2192 CATEGORY: TARGET_CHANGE
-\u2502  \u2192 ACTION: 1. Call \`add_target\` with the new target.
-\u2502            2. Confirm briefly with \`ask_user\`: "Added [target]. Starting reconnaissance."
-\u2502            3. Begin testing the new target.
-\u2502
-\u251C\u2500 STEP 6: Is the user providing STRATEGIC GUIDANCE?
-\u2502  Signals: "focus on X", "prioritize Y", "skip Z", "try X approach",
-\u2502           "what about X?", "have you considered X?", tactical suggestions
-\u2502  \u2192 CATEGORY: GUIDANCE
-\u2502  \u2192 ACTION: 1. Acknowledge the guidance briefly via \`ask_user\`:
-\u2502               "Understood \u2014 adjusting strategy to focus on [X]."
-\u2502            2. Immediately adjust your approach and continue working.
-\u2502            3. The acknowledgment and next action should be in the SAME turn.
-\u2502
-\u251C\u2500 STEP 7: Is the user asking about PROGRESS or STATUS?
-\u2502  Signals: "what did you find?", "any progress?", "status?", "what are you doing?",
-\u2502           "show me", "report", "findings so far", "how's it going?"
-\u2502  \u2192 CATEGORY: STATUS_QUERY
-\u2502  \u2192 ACTION: Use \`ask_user\` to provide a structured status report:
-\u2502            FORMAT:
-\u2502            "\u{1F4CA} Status Report:
-\u2502             \u2022 Phase: [current phase]
-\u2502             \u2022 Targets: [count] ([list key ones])
-\u2502             \u2022 Key Findings: [count] ([summarize top findings])
-\u2502             \u2022 Current Action: [what you were doing]
-\u2502             \u2022 Next Steps: [what you plan to do next]"
-\u2502            Then RESUME your previous work \u2014 do NOT stop after reporting.
-\u2502
-\u2514\u2500 STEP 8: Everything else \u2192 CONVERSATION
-   Signals: greetings, questions, discussions, explanations, opinions,
-            casual talk, "hello", "how does X work?", "explain Y"
-   \u2192 CATEGORY: CONVERSATION
-   \u2192 ACTION: Use \`ask_user\` to respond naturally and conversationally.
-             Answer questions with your knowledge.
-             Then ask if they want you to continue with the current task.
-             Do NOT start any scans or attacks.
-`;
-
-// src/agents/user-input/intent/resolution.ts
-var INTENT_RESOLUTION = `
-\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
-\xA72. MULTI-MESSAGE RESOLUTION
-\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
-
-If multiple user messages are queued, process them as follows:
-1. Read ALL messages first to understand the full context.
-2. Later messages may OVERRIDE or CLARIFY earlier ones.
-   Example: [1] "try brute force" \u2192 [2] "actually, skip brute force, try SQLi"
-   \u2192 Only execute the SQLi instruction (message 2 overrides message 1).
-3. If messages are independent, process the HIGHEST PRIORITY category first
-   (ABORT > CORRECTION > INFORMATION > COMMAND > TARGET > GUIDANCE > STATUS > CONVERSATION).
-4. Acknowledge all messages but act on the most recent directive.
-
-\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
-\xA73. WORK RESUMPTION RULES
-\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
-
-After handling the user's message, you MUST resume productive work:
-
-\u251C\u2500 ABORT/CONVERSATION \u2192 Wait for next user instruction. Do NOT auto-resume.
-\u251C\u2500 STATUS_QUERY \u2192 Report status, then RESUME previous work in the same turn.
-\u251C\u2500 GUIDANCE/CORRECTION \u2192 Adjust plan, then CONTINUE with modified approach.
-\u251C\u2500 INFORMATION \u2192 USE the information immediately in your next action.
-\u251C\u2500 COMMAND \u2192 Execute the command. After completion, resume prior work.
-\u251C\u2500 TARGET_CHANGE \u2192 Switch to new target, begin fresh workflow.
-
-KEY PRINCIPLE: Never leave a turn empty-handed.
-If you used \`ask_user\` to respond, you may ALSO call other tools in the same turn
-(except for ABORT and CONVERSATION categories).
-`;
-
-// src/agents/user-input/intent/antipatterns.ts
-var INTENT_ANTIPATTERNS = `
-\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
-\xA74. ANTI-PATTERNS \u2014 NEVER DO THESE
-\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550
-
-\u251C\u2500 \u274C Ignore the user's message and continue your previous plan
-\u251C\u2500 \u274C Start scanning/attacking after a greeting
-\u251C\u2500 \u274C Ask "should I use this?" when the user provides credentials \u2192 JUST USE THEM
-\u251C\u2500 \u274C Respond with only text (no tool call) \u2014 always use \`ask_user\` for responses
-\u251C\u2500 \u274C Stop all work after answering a status query \u2014 RESUME immediately
-\u251C\u2500 \u274C Add extra actions the user didn't ask for when handling a COMMAND
-\u251C\u2500 \u274C Repeat the same failed approach after a CORRECTION
-\u251C\u2500 \u274C Treat every input as an attack command \u2014 MOST inputs are collaborative
-\u251C\u2500 \u274C Apologize more than once for the same mistake \u2014 acknowledge once and fix it
-\u251C\u2500 \u274C Use the wrong value (typo/wrong target) AFTER the user corrected it
-\u2514\u2500 \u274C Ignore repeating corrections \u2014 if user says it twice, you missed it the first time
-</user-message>`;
-
-// src/agents/user-input/intent/index.ts
-var USER_INPUT_INTENT_PROMPT = [
-  INTENT_HEADER,
-  INTENT_CLASSIFICATION,
-  INTENT_RESOLUTION,
-  INTENT_ANTIPATTERNS
-].join("\n");
-
 // src/agents/user-input/queue.ts
 var MAX_QUEUE_ITEMS = 20;
 var MAX_ITEM_CHARS = 500;
-var MAX_DRAIN_CHARS = 4e3;
 function truncateText(text, max) {
   if (text.length <= max) return text;
   if (max <= 1) return text.slice(0, max);
@@ -13337,23 +13665,13 @@ var UserInputQueue = class {
     return this.queue.length;
   }
   /**
-   * Drain all queued inputs and format them with intent analysis prompt.
-   * Returns null if queue is empty.
-   * Clears the queue after draining.
+   * Drain all queued inputs as raw records.
    */
-  drainAndFormat() {
-    if (this.queue.length === 0) return null;
+  drain() {
+    if (this.queue.length === 0) return [];
     const messages = [...this.queue];
     this.queue = [];
-    const formattedMessages = messages.map((m, i) => {
-      const timeAgo = Math.round((Date.now() - m.timestamp) / 1e3);
-      const timeLabel = timeAgo < RECENT_MESSAGE_THRESHOLD_SECONDS ? "just now" : `${timeAgo}s ago`;
-      return `[${i + 1}] (${timeLabel}) "${truncateText(m.text, MAX_ITEM_CHARS)}"`;
-    }).join("\n");
-    return USER_INPUT_INTENT_PROMPT.replace(
-      "<<USER_MESSAGES>>",
-      truncateText(formattedMessages, MAX_DRAIN_CHARS)
-    );
+    return messages;
   }
   /**
    * Peek at the queue without draining.
@@ -13431,32 +13749,36 @@ var MainAgent = class extends CoreAgent {
   userInput = "";
   turnCounter = 0;
   userInputQueue = new UserInputQueue();
+  pendingInitialUserInput = null;
   pipelineRunner;
   turnCyclePipeline;
+  inputProcessor;
+  sessionRuntime;
   constructor(state, events, toolRegistry, approvalGate, scopeGuard) {
     super(AGENT_ROLES.ORCHESTRATOR, state, events, toolRegistry);
     this.approvalGate = approvalGate;
     this.scopeGuard = scopeGuard;
     this.promptBuilder = new PromptBuilder(state);
     this.pipelineRunner = new PipelineRunner();
+    this.inputProcessor = createInputProcessor(this.llm);
+    this.sessionRuntime = createSessionRuntime();
+    setActiveSessionRuntime(this.sessionRuntime);
     const pipelineYaml = resolvePipelineYaml("pipeline.yaml");
     this.turnCyclePipeline = loadPipeline(pipelineYaml, {
       llm: this.llm,
-      conditions: getConditionRegistry()
-    }, "turn_cycle");
+      conditions: getConditionRegistry(),
+      key: "turn_cycle"
+    });
   }
   // ─── Lifecycle ─────────────────────────────────────────────────────────────
   async execute(userInput) {
-    this.userInput = userInput;
-    this.drainUserInput([]);
-    if (!this.state.hasActiveEngagement() && this.userInput.trim().length > 0) {
-      this.state.currentObjective = this.userInput.trim();
-    }
-    emitStart(this.events, this.userInput, this.state);
+    this.userInput = "";
+    this.pendingInitialUserInput = userInput;
+    emitStart(this.events, userInput, this.state);
     initializeTask(this.state);
     try {
       const initialPrompt = await this.buildDynamicPrompt({});
-      const result = await this.run(this.userInput, initialPrompt);
+      const result = await this.run(userInput, initialPrompt);
       return result.output;
     } finally {
       try {
@@ -13494,34 +13816,66 @@ var MainAgent = class extends CoreAgent {
       isCompleted: !!ctx.memory.isCompleted
     };
   }
-  /**
-   * Injects any pending user input into the conversation.
-   *
-   * Behavior is fully controlled by pipeline.yaml `user_input_queue:` section:
-   *   format: 'raw' | 'tagged'  — whether to wrap with XML tag
-   *   tag: string               — XML tag name (default: user-input)
-   *   inject_position: 'messages_end' | 'messages_start'
-   *
-   * WHY: Zero hardcoded formatting — RL agent can mutate this in pipeline.yaml.
-   *      Called by the `drain_user_input` pipeline node at turn_cycle start.
-   */
-  drainUserInput(messages) {
-    if (!this.userInputQueue.hasPending()) return;
-    const queued = this.userInputQueue.drainAndFormat();
-    if (!queued) return;
-    const cfg = getUserInputQueueConfig();
-    const tag = cfg.tag ?? "user-input";
-    const formatted = cfg.format === "tagged" ? `<${tag}>
-${queued}
-</${tag}>` : queued;
-    if (this.userInput.trim() === "") {
-      this.userInput = formatted;
-    } else {
-      this.userInput = `${this.userInput}
-
-${formatted}`;
+  async processUserInputTurn() {
+    const messages = this.collectPendingUserInputs();
+    this.pendingInitialUserInput = null;
+    if (messages.length === 0) {
+      return { shouldForwardToMain: true };
+    }
+    const rawInput = messages.map((text, index) => `[${index + 1}] ${text}`).join("\n");
+    const result = await this.inputProcessor.execute({
+      rawInput,
+      existingPolicy: readPolicyDocument(),
+      hasActiveEngagement: this.state.hasActiveEngagement(),
+      currentObjective: this.state.currentObjective || ""
+    });
+    const normalized = this.normalizeInputProcessorResult(result, rawInput);
+    if (normalized.shouldWritePolicy && normalized.policyDocument.trim()) {
+      writePolicyDocument(normalized.policyDocument);
+    }
+    if (normalized.shouldForwardToMain && normalized.forwardedInput.trim()) {
+      this.userInput = this.appendUserInput(this.userInput, normalized.forwardedInput);
+      if (!this.state.hasActiveEngagement()) {
+        this.state.currentObjective = normalized.forwardedInput;
+      }
     }
     this.events.emit({ type: EVENT_TYPES.QUEUE_DRAINED, timestamp: Date.now() });
+    this.emitQueueUpdated();
+    return normalized;
+  }
+  normalizeInputProcessorResult(result, fallbackInput) {
+    if (!result.success) {
+      return {
+        shouldForwardToMain: true,
+        forwardedInput: fallbackInput,
+        directResponse: "",
+        shouldWritePolicy: false,
+        policyDocument: "",
+        policyUpdateSummary: "",
+        insightSummary: "Input processor fallback: forwarded raw input.",
+        success: false
+      };
+    }
+    return {
+      ...result,
+      forwardedInput: result.forwardedInput.trim() || fallbackInput,
+      directResponse: result.directResponse.trim(),
+      policyDocument: result.policyDocument.trim(),
+      policyUpdateSummary: result.policyUpdateSummary.trim(),
+      insightSummary: result.insightSummary.trim()
+    };
+  }
+  collectPendingUserInputs() {
+    const drained = this.userInputQueue.drain();
+    return [
+      ...this.pendingInitialUserInput ? [this.pendingInitialUserInput] : [],
+      ...drained.map((item) => item.text)
+    ].map((text) => text.trim()).filter(Boolean);
+  }
+  appendUserInput(existing, next) {
+    return existing.trim() === "" ? next : `${existing}
+
+${next}`;
   }
   async buildDynamicPrompt(memory) {
     return this.promptBuilder.build(this.userInput, this.state.getPhase() || PHASES.RECON, memory);
@@ -13550,6 +13904,9 @@ ${formatted}`;
   getEventEmitter() {
     return this.events;
   }
+  getSessionRuntime() {
+    return this.sessionRuntime;
+  }
   setScope(allowed, exclusions = []) {
     this.state.setScope({
       allowedCidrs: allowed.filter((a) => a.includes("/")),
@@ -13565,18 +13922,37 @@ ${formatted}`;
   }
   enqueueUserInput(text) {
     this.userInputQueue.enqueue(text);
+    this.emitQueueUpdated();
   }
   dequeueLastUserInput() {
-    return this.userInputQueue.dequeueLast();
+    const value = this.userInputQueue.dequeueLast();
+    this.emitQueueUpdated();
+    return value;
   }
   hasPendingUserInput() {
     return this.userInputQueue.hasPending();
   }
+  getPendingUserInputCount() {
+    return this.userInputQueue.pendingCount();
+  }
+  getPendingUserInputPreview() {
+    return this.userInputQueue.peek().map((item) => item.text);
+  }
+  emitQueueUpdated() {
+    this.events.emit({
+      type: EVENT_TYPES.QUEUE_UPDATED,
+      timestamp: Date.now(),
+      data: {
+        count: this.getPendingUserInputCount(),
+        preview: this.getPendingUserInputPreview()
+      }
+    });
+  }
 };
 
 // src/engine/yaml-runtime.ts
-import fs from "fs";
-import path from "path";
+import fs2 from "fs";
+import path3 from "path";
 var YamlRuntime = class _YamlRuntime {
   static build(state, events, toolRegistry, approvalGate, scopeGuard) {
     const cfg = getPipelineConfig();
@@ -13584,14 +13960,15 @@ var YamlRuntime = class _YamlRuntime {
     return new MainAgent(state, events, toolRegistry, approvalGate, scopeGuard);
   }
   static setupWorkspace(workspaceCfg) {
-    const directories = workspaceCfg?.directories || {};
+    const directories = workspaceCfg?.directories ?? {};
     for (const [key, dirPath] of Object.entries(directories)) {
       if (dirPath === "DEPRECATED") continue;
-      const resolved = path.resolve(process.cwd(), dirPath);
-      if (!fs.existsSync(resolved)) {
-        fs.mkdirSync(resolved, { recursive: true });
+      const resolved = path3.resolve(process.cwd(), dirPath);
+      if (!fs2.existsSync(resolved)) {
+        fs2.mkdirSync(resolved, { recursive: true });
       }
     }
+    ensurePolicyDocument();
   }
 };
 
@@ -13751,6 +14128,55 @@ var formatInlineStatus = () => {
   return JSON.stringify(statusData);
 };
 
+// src/platform/tui/utils/input-request-broker.ts
+function createInputRequestBrokerState() {
+  return {
+    active: { status: "inactive" },
+    queue: []
+  };
+}
+function sameRequest(a, b) {
+  return a.prompt === b.prompt && a.inputType === b.inputType && a.context === b.context && a.source === b.source;
+}
+function sortQueue(queue) {
+  return [...queue].sort((a, b) => b.priority - a.priority);
+}
+function enqueueInputRequest(state, request) {
+  if (state.active.status === "inactive") {
+    return {
+      active: { status: "active", ...request },
+      queue: []
+    };
+  }
+  const existingIndex = state.queue.findIndex((item) => sameRequest(item, request));
+  const nextQueue = existingIndex >= 0 ? state.queue.map((item, index) => index === existingIndex ? request : item) : [...state.queue, request];
+  return {
+    active: state.active,
+    queue: sortQueue(nextQueue)
+  };
+}
+function resolveActiveInputRequest(state) {
+  const resolved = state.active;
+  if (state.queue.length === 0) {
+    return {
+      resolved,
+      nextState: { active: { status: "inactive" }, queue: [] }
+    };
+  }
+  const [nextActive, ...rest] = sortQueue(state.queue);
+  return {
+    resolved,
+    nextState: {
+      active: { status: "active", ...nextActive },
+      queue: rest
+    }
+  };
+}
+function clearAllInputRequests(state) {
+  const pending = state.active.status === "active" ? [state.active, ...state.queue] : [...state.queue];
+  return pending;
+}
+
 // src/platform/tui/hooks/useAgentState.ts
 function sanitizeLiveProgress(progress) {
   return {
@@ -13769,11 +14195,15 @@ var useAgentState = (isTyping = false) => {
   const [elapsedTime, setElapsedTime] = useState(0);
   const [retryState, setRetryState] = useState({ status: "idle" });
   const [currentTokens, setCurrentTokens] = useState(0);
-  const [inputRequest, setInputRequest] = useState({ status: "inactive" });
+  const [inputBroker, setInputBroker] = useState(
+    createInputRequestBrokerState()
+  );
   const [stats, setStats] = useState({ phase: DEFAULTS.INIT_PHASE, targets: 0, findings: 0, todo: 0, targetLabel: "" });
   const [turnCount, setTurnCount] = useState(0);
   const [liveProgressState, setLiveProgressState] = useState(DEFAULT_LIVE_PROGRESS);
   const startTimeRef = useRef(0);
+  const inputBrokerRef = useRef(createInputRequestBrokerState());
+  inputBrokerRef.current = inputBroker;
   const retryCountdownRef = useRef(null);
   const retryCountRef = useRef(0);
   const tokenAccumRef = useRef(0);
@@ -13824,6 +14254,21 @@ var useAgentState = (isTyping = false) => {
       retryCountdownRef.current = null;
     }
   }, []);
+  const enqueueInputRequest2 = useCallback((request) => {
+    setInputBroker((prev) => enqueueInputRequest(prev, request));
+  }, []);
+  const settleActiveInputRequest = useCallback((value) => {
+    const current = inputBrokerRef.current;
+    if (current.active.status !== "active") return;
+    current.active.resolve(value);
+    setInputBroker(resolveActiveInputRequest(current).nextState);
+  }, []);
+  const cancelAllInputRequests = useCallback(() => {
+    const current = inputBrokerRef.current;
+    const pending = clearAllInputRequests(current);
+    for (const request of pending) request.resolve(null);
+    setInputBroker(createInputRequestBrokerState());
+  }, []);
   return {
     // State
     messages,
@@ -13837,8 +14282,8 @@ var useAgentState = (isTyping = false) => {
     setRetryState,
     currentTokens,
     setCurrentTokens,
-    inputRequest,
-    setInputRequest,
+    inputRequest: inputBroker.active,
+    pendingInputRequests: inputBroker.queue.length,
     stats,
     setStats,
     turnCount,
@@ -13857,7 +14302,10 @@ var useAgentState = (isTyping = false) => {
     addMessage,
     resetCumulativeCounters,
     manageTimer,
-    clearAllTimers
+    clearAllTimers,
+    enqueueInputRequest: enqueueInputRequest2,
+    settleActiveInputRequest,
+    cancelAllInputRequests
   };
 };
 
@@ -14220,7 +14668,7 @@ var AUXILIARY_STATUS_MAP = {
   post_step: UI_STATUS_MESSAGES.AUXILIARY_POST_STEP,
   turn_archive: UI_STATUS_MESSAGES.AUXILIARY_TURN_ARCHIVE,
   turn_cycle: UI_STATUS_MESSAGES.AUXILIARY_TURN_CYCLE,
-  drain_user_input: UI_STATUS_MESSAGES.AUXILIARY_DRAIN_INPUT,
+  process_user_input: UI_STATUS_MESSAGES.AUXILIARY_DRAIN_INPUT,
   strategist: UI_STATUS_MESSAGES.AUXILIARY_STRATEGIST,
   build_system_prompt: UI_STATUS_MESSAGES.AUXILIARY_BUILD_PROMPT,
   core_inference: UI_STATUS_MESSAGES.AUXILIARY_CORE_INFERENCE,
@@ -14421,50 +14869,63 @@ function createReasoningHandlers(state, reasoningBufferRef, isTyping = false) {
 }
 
 // src/platform/tui/hooks/useAgentEvents/handlers/input.ts
-function setupInputHandlers(setInputRequest, addMessage, setCurrentStatus) {
-  setInputHandler((p) => {
+var INPUT_REQUEST_PRIORITIES = {
+  input_processor: 10,
+  tool_prompt: 50,
+  credential: 100
+};
+function buildRequestPayload(source, prompt, resolve, extra) {
+  return {
+    source,
+    prompt,
+    resolve,
+    priority: INPUT_REQUEST_PRIORITIES[source],
+    isPassword: extra.isPassword,
+    inputType: extra.inputType,
+    context: extra.context,
+    optional: extra.optional,
+    options: extra.options,
+    placeholder: extra.placeholder
+  };
+}
+function setupInputHandlers(runtime, enqueueInputRequest2, addMessage, setCurrentStatus) {
+  runtime.setInputHandler((p) => {
     return new Promise((resolve) => {
       const isPassword = /password|passphrase/i.test(p);
       const inputType = /sudo/i.test(p) ? INPUT_TYPES.SUDO_PASSWORD : isPassword ? INPUT_TYPES.PASSWORD : INPUT_TYPES.TEXT;
       if (setCurrentStatus) setCurrentStatus("");
       addMessage("ai", `${UI_ICONS.INPUT_LOCK} ${p.trim()}`);
-      setInputRequest({
-        status: "active",
-        prompt: p.trim(),
+      enqueueInputRequest2(buildRequestPayload("tool_prompt", p.trim(), resolve, {
         isPassword,
-        inputType,
-        resolve
-      });
+        inputType
+      }));
     });
   });
-  setCredentialHandler((request) => {
+  runtime.setCredentialHandler((request) => {
     return new Promise((resolve) => {
       const isPassword = SENSITIVE_INPUT_TYPES.includes(request.type);
       const displayPrompt = buildCredentialPrompt(request);
       if (setCurrentStatus) setCurrentStatus("");
       addMessage("ai", `${UI_ICONS.INPUT_LOCK} ${displayPrompt}`);
-      setInputRequest({
-        status: "active",
-        prompt: displayPrompt,
+      enqueueInputRequest2(buildRequestPayload("credential", displayPrompt, resolve, {
         isPassword,
         inputType: request.type,
         context: request.context,
         optional: request.isOptional,
-        options: request.options,
-        resolve
-      });
+        options: request.options
+      }));
     });
   });
   return () => {
-    clearInputHandler();
-    clearCredentialHandler();
+    runtime.clearInputHandler();
+    runtime.clearCredentialHandler();
   };
 }
 
 // src/platform/tui/hooks/useAgentEvents/handlers/command.ts
-function setupCommandHandlers(addMessage, setCurrentStatus) {
+function setupCommandHandlers(runtime, addMessage, setCurrentStatus) {
   let lastStatusBase = "";
-  setCommandEventEmitter((event) => {
+  runtime.setCommandEventEmitter((event) => {
     if (event.type === COMMAND_EVENT_TYPES.COMMAND_START) {
       lastStatusBase = event.message;
       setCurrentStatus(event.message);
@@ -14490,7 +14951,7 @@ ${UI_ICONS.LIVE_PREFIX}${cleanLine}`);
     addMessage("system", msg);
   });
   return () => {
-    clearCommandEventEmitter();
+    runtime.clearCommandEventEmitter();
   };
 }
 
@@ -14500,7 +14961,7 @@ var useAgentEvents = (agent, eventsRef, state, isTyping = false) => {
     addMessage,
     setCurrentStatus,
     setRetryState,
-    setInputRequest,
+    enqueueInputRequest: enqueueInputRequest2,
     setStats,
     setLiveProgress,
     clearAllTimers,
@@ -14518,6 +14979,8 @@ var useAgentEvents = (agent, eventsRef, state, isTyping = false) => {
   };
   useEffect(() => {
     const events = eventsRef.current;
+    const runtime = agent.getSessionRuntime();
+    setActiveSessionRuntime(runtime);
     const toolHandlers = createToolHandlers({ addMessage, setCurrentStatus, setLiveProgress, toolStartedAtRef });
     const lifecycleHandlers = createLifecycleHandlers(agent, {
       addMessage,
@@ -14536,8 +14999,8 @@ var useAgentEvents = (agent, eventsRef, state, isTyping = false) => {
       reasoningBufferRef,
       isTyping
     );
-    const cleanupInput = setupInputHandlers(setInputRequest, addMessage, setCurrentStatus);
-    const cleanupCommand = setupCommandHandlers(addMessage, setCurrentStatus);
+    const cleanupInput = setupInputHandlers(runtime, enqueueInputRequest2, addMessage, setCurrentStatus);
+    const cleanupCommand = setupCommandHandlers(runtime, addMessage, setCurrentStatus);
     const updateStats = () => {
       const s = agent.getState();
       setStats({
@@ -14589,6 +15052,7 @@ var useAgentEvents = (agent, eventsRef, state, isTyping = false) => {
       clearAllTimers();
       cleanupInput();
       cleanupCommand();
+      clearActiveSessionRuntime(runtime);
     };
   }, [
     agent,
@@ -14596,7 +15060,7 @@ var useAgentEvents = (agent, eventsRef, state, isTyping = false) => {
     setCurrentStatus,
     setRetryState,
     setCurrentTokens,
-    setInputRequest,
+    enqueueInputRequest2,
     setStats,
     setLiveProgress,
     retryCountdownRef,
@@ -14611,6 +15075,11 @@ var useAgentEvents = (agent, eventsRef, state, isTyping = false) => {
 };
 
 // src/platform/tui/hooks/useAgent.ts
+function trimQueuedMessages(queue, maxLength, maxItems) {
+  const trimmed = queue.map((text) => truncate(text, maxLength));
+  if (trimmed.length <= maxItems) return trimmed;
+  return trimmed.slice(trimmed.length - maxItems);
+}
 var useAgent = (shouldAutoApprove, target, isTyping = false) => {
   const [agent] = useState2(() => createMainAgent(shouldAutoApprove));
   const eventsRef = useRef3(agent.getEventEmitter());
@@ -14626,7 +15095,7 @@ var useAgent = (shouldAutoApprove, target, isTyping = false) => {
     retryState,
     currentTokens,
     inputRequest,
-    setInputRequest,
+    pendingInputRequests,
     stats,
     setStats,
     addMessage,
@@ -14634,17 +15103,25 @@ var useAgent = (shouldAutoApprove, target, isTyping = false) => {
     resetCumulativeCounters,
     turnCount,
     setTurnCount,
-    liveProgress
+    liveProgress,
+    settleActiveInputRequest,
+    cancelAllInputRequests
   } = state;
   const [messageQueue, setMessageQueue] = useState2([]);
+  const messageQueueLengthRef = useRef3(0);
   const setMessageQueueSafe = useCallback2((value) => {
     setMessageQueue((prev) => {
       const next = typeof value === "function" ? value(prev) : value;
-      const trimmed = next.map((t) => truncate(t, TUI_DISPLAY_LIMITS.QUEUED_MESSAGE_TEXT_MAX));
-      if (trimmed.length <= TUI_DISPLAY_LIMITS.MAX_QUEUED_MESSAGES) return trimmed;
-      return trimmed.slice(trimmed.length - TUI_DISPLAY_LIMITS.MAX_QUEUED_MESSAGES);
+      return trimQueuedMessages(
+        next,
+        TUI_DISPLAY_LIMITS.QUEUED_MESSAGE_TEXT_MAX,
+        TUI_DISPLAY_LIMITS.MAX_QUEUED_MESSAGES
+      );
     });
   }, []);
+  useEffect2(() => {
+    messageQueueLengthRef.current = messageQueue.length;
+  }, [messageQueue.length]);
   useEffect2(() => {
     if (target) {
       agent.addTarget(target);
@@ -14652,19 +15129,22 @@ var useAgent = (shouldAutoApprove, target, isTyping = false) => {
     }
   }, [agent, target]);
   useEffect2(() => {
+    const handleQueueUpdated = (event) => {
+      setMessageQueueSafe(event.data.preview);
+    };
     const handleQueueDrained = () => {
-      setMessageQueueSafe((prev) => {
-        if (prev.length > 0) {
-          addMessage("system", `Queued input applied (${prev.length})`);
-        }
-        return [];
-      });
+      if (messageQueueLengthRef.current > 0) {
+        addMessage("system", `Queued input applied (${messageQueueLengthRef.current})`);
+      }
     };
+    setMessageQueueSafe(agent.getPendingUserInputPreview());
+    agent.getEventEmitter().on(EVENT_TYPES.QUEUE_UPDATED, handleQueueUpdated);
     agent.getEventEmitter().on(EVENT_TYPES.QUEUE_DRAINED, handleQueueDrained);
     return () => {
+      agent.getEventEmitter().off(EVENT_TYPES.QUEUE_UPDATED, handleQueueUpdated);
       agent.getEventEmitter().off(EVENT_TYPES.QUEUE_DRAINED, handleQueueDrained);
     };
-  }, [agent, setMessageQueueSafe, addMessage]);
+  }, [agent, addMessage, setMessageQueueSafe]);
   useAgentEvents(agent, eventsRef, state, isTyping);
   const abortedRef = useRef3(false);
   const executeTask = useCallback2(async (task) => {
@@ -14689,7 +15169,6 @@ var useAgent = (shouldAutoApprove, target, isTyping = false) => {
         }
         if (agent.hasPendingUserInput()) {
           currentTask = "";
-          setMessageQueueSafe([]);
           continuing = true;
           continue;
         }
@@ -14721,24 +15200,21 @@ var useAgent = (shouldAutoApprove, target, isTyping = false) => {
     manageTimer("stop");
     setCurrentStatus("");
     addMessage("system", UI_MESSAGES.INTERRUPTED);
-    setMessageQueueSafe([]);
-  }, [agent, addMessage, manageTimer, setIsProcessing, setCurrentStatus, setMessageQueueSafe]);
+  }, [agent, addMessage, manageTimer, setIsProcessing, setCurrentStatus]);
   const recallQueuedInput = useCallback2(() => {
     const recalled = agent.dequeueLastUserInput();
     if (!recalled) return null;
-    setMessageQueueSafe((prev) => prev.length > 0 ? prev.slice(0, -1) : prev);
     return recalled;
-  }, [agent, setMessageQueueSafe]);
+  }, [agent]);
   const inputRequestRef = useRef3(inputRequest);
   inputRequestRef.current = inputRequest;
   const cancelInputRequest = useCallback2(() => {
     const ir = inputRequestRef.current;
     if (ir.status === "active") {
-      ir.resolve(null);
-      setInputRequest({ status: "inactive" });
+      settleActiveInputRequest(null);
       addMessage("system", UI_MESSAGES.INPUT_CANCELLED);
     }
-  }, [setInputRequest, addMessage]);
+  }, [settleActiveInputRequest, addMessage]);
   const refreshStats = useCallback2(() => {
     const s = agent.getState();
     setStats({
@@ -14761,15 +15237,16 @@ var useAgent = (shouldAutoApprove, target, isTyping = false) => {
     currentTokens,
     liveProgress,
     inputRequest,
-    setInputRequest,
+    pendingInputRequests,
     stats,
     turnCount,
     messageQueue,
-    setMessageQueue: setMessageQueueSafe,
     recallQueuedInput,
     executeTask,
     abort,
     cancelInputRequest,
+    settleActiveInputRequest,
+    cancelAllInputRequests,
     addMessage,
     refreshStats
   };
@@ -15556,15 +16033,16 @@ var useAppLogic = ({ autoApprove = false, target }) => {
     currentTokens,
     liveProgress = DEFAULT_LIVE_PROGRESS,
     inputRequest,
-    setInputRequest,
+    pendingInputRequests,
     stats,
     turnCount,
     messageQueue,
-    setMessageQueue,
     recallQueuedInput,
     executeTask,
     abort,
     cancelInputRequest,
+    settleActiveInputRequest,
+    cancelAllInputRequests,
     addMessage,
     refreshStats
   } = useAgent(autoApproveMode, target, isTyping);
@@ -15597,16 +16075,12 @@ var useAppLogic = ({ autoApprove = false, target }) => {
     });
   }, [terminalHeight]);
   const handleExit = useCallback7(() => {
-    const ir = inputRequestRef.current;
-    if (ir.status === "active") {
-      ir.resolve(null);
-      setInputRequest({ status: "inactive" });
-    }
+    cancelAllInputRequests();
     cleanupAllProcesses().catch(() => {
     });
     exit();
     setTimeout(() => process.exit(0), DISPLAY_LIMITS.EXIT_DELAY);
-  }, [exit, setInputRequest]);
+  }, [exit, cancelAllInputRequests]);
   const { handleCommand } = useCommands({
     agent,
     addMessage,
@@ -15630,10 +16104,9 @@ var useAppLogic = ({ autoApprove = false, target }) => {
     const sanitized = sanitizeInput(value).slice(0, TUI_DISPLAY_LIMITS.MAX_INPUT_CHARS);
     const displayText = ir.isPassword ? "\u2022".repeat(Math.min(sanitized.length, TUI_DISPLAY_LIMITS.PASSWORD_MASK_MAX)) : sanitized;
     addMessage("user", displayText);
-    ir.resolve(sanitized);
-    setInputRequest({ status: "inactive" });
+    settleActiveInputRequest(sanitized);
     setSecretInput("");
-  }, [addMessage, setInputRequest]);
+  }, [addMessage, settleActiveInputRequest]);
   const handleSubmit = useCallback7(async (value) => {
     const trimmed = sanitizeInput(value);
     if (!trimmed) return;
@@ -15650,10 +16123,8 @@ var useAppLogic = ({ autoApprove = false, target }) => {
       handleSecretSubmit(safeInput);
     } else if (isProcessingRef.current) {
       agent.enqueueUserInput(safeInput);
-      setMessageQueue((prev) => [...prev, safeInput]);
     } else {
       addMessage("user", safeInput);
-      setMessageQueue([]);
       await executeTask(safeInput);
     }
   }, [agent, addMessage, executeTask, handleCommand, handleSecretSubmit]);
@@ -15690,6 +16161,7 @@ var useAppLogic = ({ autoApprove = false, target }) => {
     currentTokens,
     liveProgress,
     inputRequest,
+    pendingInputRequests,
     stats,
     turnCount,
     messageQueue,
@@ -16327,11 +16799,115 @@ import { Box as Box8, Text as Text8 } from "ink";
 // src/platform/tui/components/BlinkingCircle.tsx
 import { memo as memo7 } from "react";
 import { Text as Text7 } from "ink";
+
+// src/platform/tui/utils/animation-style.ts
+var DOCKER_BLUE = "#0db7ed";
+var DOCKER_BLUE_DARK = "#2496ed";
+var BLINKING_CIRCLE_PHASE_LENGTH = 8;
+var BLINKING_CIRCLE_SOLID_PHASE = 4;
+var SPLASH_PULSE_PERIOD_DIVISOR = 10;
+var SPLASH_PULSE_BOLD_THRESHOLD = 0.55;
+var SPLASH_PULSE_DIM_THRESHOLD = 0.3;
+var SPLASH_PULSE_BRIGHT_THRESHOLD = 0.65;
+var SPLASH_PULSE_MID_THRESHOLD = 0.4;
+var SHIMMER_COLOR_STEPS = 64;
+var COIN_FRAME_FIXED_WIDTH = 40;
+function getBlinkingCircleFrame(tick, activeColor = THEME.primary) {
+  const phase = tick % BLINKING_CIRCLE_PHASE_LENGTH;
+  const isSolid = phase < BLINKING_CIRCLE_SOLID_PHASE;
+  return {
+    glyph: isSolid ? "\u25CF" : "\u25CC",
+    color: isSolid ? activeColor : THEME.cyan,
+    bold: isSolid,
+    dimColor: !isSolid
+  };
+}
+function normalizeFrameLines(frame) {
+  const width = COIN_FRAME_FIXED_WIDTH;
+  return {
+    width,
+    // Center each line within the fixed width
+    lines: frame.map((line) => {
+      const trimmed = line.trimEnd();
+      const padding = Math.floor((width - trimmed.length) / 2);
+      const leftPad = " ".repeat(Math.max(0, padding));
+      const rightPad = " ".repeat(Math.max(0, width - trimmed.length - padding));
+      return leftPad + trimmed + rightPad;
+    })
+  };
+}
+function hslToHex(h, s, l) {
+  const a = s * Math.min(l, 1 - l);
+  const f = (n) => {
+    const k = (n + h / 30) % 12;
+    const c = l - a * Math.max(-1, Math.min(k - 3, 9 - k, 1));
+    return Math.round(255 * c).toString(16).padStart(2, "0");
+  };
+  return `#${f(0)}${f(8)}${f(4)}`;
+}
+function coinHue(tick) {
+  const t = (Math.sin(tick * (Math.PI / 960)) + 1) / 2;
+  return hslToHex(197 + t * 15, 0.85, 0.45 + t * 0.15);
+}
+function getSplashPulseTone(tick) {
+  const pulse = (Math.sin(tick * (Math.PI / SPLASH_PULSE_PERIOD_DIVISOR)) + 1) / 2;
+  return {
+    bold: pulse > SPLASH_PULSE_BOLD_THRESHOLD,
+    dimColor: pulse < SPLASH_PULSE_DIM_THRESHOLD,
+    color: pulse > SPLASH_PULSE_BRIGHT_THRESHOLD ? "#ffffff" : pulse > SPLASH_PULSE_MID_THRESHOLD ? DOCKER_BLUE : DOCKER_BLUE_DARK
+    // #2496ed
+  };
+}
+function lerp(a, b, t) {
+  return Math.round(a + (b - a) * t);
+}
+function hexToRgb(hex) {
+  return [
+    parseInt(hex.slice(1, 3), 16),
+    parseInt(hex.slice(3, 5), 16),
+    parseInt(hex.slice(5, 7), 16)
+  ];
+}
+function rgbToHex([r, g, b]) {
+  return `#${r.toString(16).padStart(2, "0")}${g.toString(16).padStart(2, "0")}${b.toString(16).padStart(2, "0")}`;
+}
+function buildNeutralShimmerPalette() {
+  return Array.from({ length: SHIMMER_COLOR_STEPS }, (_, i) => {
+    const t = i / (SHIMMER_COLOR_STEPS - 1);
+    const v = Math.round(88 + t * (255 - 88));
+    const h = v.toString(16).padStart(2, "0");
+    return `#${h}${h}${h}`;
+  });
+}
+function buildAccentShimmerPalette() {
+  const accentStart = hexToRgb(DOCKER_BLUE_DARK);
+  const accentMid = hexToRgb(DOCKER_BLUE);
+  const accentPeak = hexToRgb("#ffffff");
+  return Array.from({ length: SHIMMER_COLOR_STEPS }, (_, i) => {
+    const t = i / (SHIMMER_COLOR_STEPS - 1);
+    if (t < 0.6) {
+      const local2 = t / 0.6;
+      return rgbToHex([
+        lerp(accentStart[0], accentMid[0], local2),
+        lerp(accentStart[1], accentMid[1], local2),
+        lerp(accentStart[2], accentMid[2], local2)
+      ]);
+    }
+    const local = (t - 0.6) / 0.4;
+    return rgbToHex([
+      lerp(accentMid[0], accentPeak[0], local),
+      lerp(accentMid[1], accentPeak[1], local),
+      lerp(accentMid[2], accentPeak[2], local)
+    ]);
+  });
+}
+
+// src/platform/tui/components/BlinkingCircle.tsx
 import { jsx as jsx9 } from "react/jsx-runtime";
 var BlinkingCircle = memo7(({ color }) => {
   const tick = useAnimationTick();
-  const isVisible = tick % 10 < 5;
-  return /* @__PURE__ */ jsx9(Text7, { color: color || THEME.primary, children: isVisible ? "\u25CF" : " " });
+  const frame = getBlinkingCircleFrame(tick, color);
+  return /* @__PURE__ */ jsx9(Text7, { color: frame.color, bold: frame.bold, dimColor: frame.dimColor, children: frame.glyph });
 });
 
 // src/platform/tui/components/status/RetryView.tsx
@@ -16356,22 +16932,23 @@ import { memo as memo8, useMemo as useMemo2 } from "react";
 import { Text as Text9 } from "ink";
 import { jsx as jsx11 } from "react/jsx-runtime";
 var SPOT_WIDTH = 6;
-var SWEEP_SPEED = 0.6;
+var SWEEP_SPEED = 1.5;
 var LOOP_PAD = SPOT_WIDTH * 2;
 var TICK_WRAP = 1e6;
-var COLOR_STEPS = 64;
-var PALETTE = Array.from({ length: COLOR_STEPS }, (_, i) => {
-  const t = i / (COLOR_STEPS - 1);
-  const v = Math.round(88 + t * (255 - 88));
-  const h = v.toString(16).padStart(2, "0");
-  return `#${h}${h}${h}`;
-});
+var NEUTRAL_PALETTE = buildNeutralShimmerPalette();
+var ACCENT_PALETTE = buildAccentShimmerPalette();
 function gaussian(x, sigma) {
   return Math.exp(-(x * x) / (2 * sigma * sigma));
 }
-var ShimmerText = memo8(({ children, bold, phase = 0 }) => {
+var ShimmerText = memo8(({
+  children,
+  bold,
+  phase = 0,
+  variant = "neutral"
+}) => {
   const tick = useAnimationTick() % TICK_WRAP;
   const len = children.length;
+  const palette = variant === "accent" ? ACCENT_PALETTE : NEUTRAL_PALETTE;
   const chars = useMemo2(() => Array.from(children), [children]);
   const loopLen = len + LOOP_PAD;
   const rawPos = (tick * SWEEP_SPEED + phase * loopLen) % loopLen;
@@ -16380,8 +16957,8 @@ var ShimmerText = memo8(({ children, bold, phase = 0 }) => {
   return /* @__PURE__ */ jsx11(Text9, { bold, children: chars.map((char, i) => {
     const dist = Math.abs(i - spotPos);
     const brightness = gaussian(dist, sigma);
-    const idx = Math.min(COLOR_STEPS - 1, Math.floor(brightness * COLOR_STEPS));
-    const color = PALETTE[idx];
+    const idx = Math.min(SHIMMER_COLOR_STEPS - 1, Math.floor(brightness * SHIMMER_COLOR_STEPS));
+    const color = palette[idx];
     return /* @__PURE__ */ jsx11(Text9, { color, children: char }, i);
   }) });
 });
@@ -16420,7 +16997,7 @@ var ProcessingView = ({
   return /* @__PURE__ */ jsxs8(Box9, { flexDirection: "column", children: [
     /* @__PURE__ */ jsxs8(Box9, { children: [
       /* @__PURE__ */ jsx12(Box9, { width: 2, flexShrink: 0, children: isActive ? /* @__PURE__ */ jsx12(BlinkingCircle, { color }) : /* @__PURE__ */ jsx12(Text10, { color: THEME.dimGray, children: "\u2022" }) }),
-      isActive ? /* @__PURE__ */ jsx12(ShimmerText, { bold: true, children: stageText }) : /* @__PURE__ */ jsx12(Text10, { bold: true, color: stageColor, children: stageText }),
+      isActive ? /* @__PURE__ */ jsx12(ShimmerText, { bold: true, variant: "accent", children: stageText }) : /* @__PURE__ */ jsx12(Text10, { bold: true, color: stageColor, children: stageText }),
       /* @__PURE__ */ jsxs8(Text10, { color: THEME.dimGray, dimColor: true, wrap: "truncate", children: [
         "  ",
         metaSuffix
@@ -16665,6 +17242,7 @@ var SimpleTextInput = ({
 import { jsx as jsx16, jsxs as jsxs11 } from "react/jsx-runtime";
 var SecretInputArea = ({
   inputRequest,
+  pendingCount = 0,
   secretInput,
   setSecretInput,
   onSecretSubmit
@@ -16677,7 +17255,8 @@ var SecretInputArea = ({
       children: [
         /* @__PURE__ */ jsxs11(Box12, { children: [
           /* @__PURE__ */ jsx16(Text13, { color: THEME.yellow, children: "secure input" }),
-          /* @__PURE__ */ jsx16(Text13, { color: THEME.gray, dimColor: true, children: "  hidden in transcript" })
+          /* @__PURE__ */ jsx16(Text13, { color: THEME.gray, dimColor: true, children: "  hidden in transcript" }),
+          pendingCount > 0 && /* @__PURE__ */ jsx16(Text13, { color: THEME.gray, dimColor: true, children: `  ${pendingCount} waiting` })
         ] }),
         /* @__PURE__ */ jsxs11(Box12, { flexDirection: "row", children: [
           /* @__PURE__ */ jsx16(Box12, { width: 2, flexShrink: 0, children: /* @__PURE__ */ jsx16(Text13, { color: THEME.yellow, children: "!" }) }),
@@ -16749,6 +17328,7 @@ var ChatInput = memo10(({
   queuedPreview = "",
   placeholder,
   inputRequest,
+  pendingInputCount = 0,
   secretInput,
   setSecretInput,
   onSecretSubmit
@@ -16879,6 +17459,7 @@ var ChatInput = memo10(({
         SecretInputArea,
         {
           inputRequest,
+          pendingCount: pendingInputCount,
           secretInput,
           setSecretInput: handleSecretChange,
           onSecretSubmit: wrappedSecretSubmit
@@ -17081,6 +17662,7 @@ var BottomRegion = ({
   recallQueuedInput,
   handleSubmit,
   inputRequest,
+  pendingInputRequests,
   secretInput,
   setSecretInput,
   handleSecretSubmit,
@@ -17121,11 +17703,13 @@ var BottomRegion = ({
         queuedPreview,
         placeholder: "Describe the target or type /help",
         inputRequest,
+        pendingInputCount: pendingInputRequests,
         secretInput,
         setSecretInput,
         onSecretSubmit: handleSecretSubmit
       }
     ) }),
+    /* @__PURE__ */ jsx21(Box17, { width: "100%", children: /* @__PURE__ */ jsx21(Text18, { dimColor: true, color: THEME.dimGray, children: "\u2500".repeat(Math.max(1, columns - 2)) }) }),
     /* @__PURE__ */ jsx21(Box17, { width: "100%", children: /* @__PURE__ */ jsx21(
       footer_default,
       {
@@ -17210,6 +17794,7 @@ var App = ({ autoApprove = false, target }) => {
     currentTokens,
     liveProgress,
     inputRequest,
+    pendingInputRequests,
     stats,
     turnCount,
     messageQueue,
@@ -17250,6 +17835,7 @@ var App = ({ autoApprove = false, target }) => {
         recallQueuedInput: handleRecallQueuedInput,
         handleSubmit,
         inputRequest,
+        pendingInputRequests,
         secretInput,
         setSecretInput,
         handleSecretSubmit,
@@ -17964,19 +18550,6 @@ var COIN_FRAMES = [
 
 // src/platform/tui/components/SplashScreen.tsx
 import { jsx as jsx23, jsxs as jsxs18 } from "react/jsx-runtime";
-function hslToHex(h, s, l) {
-  const a = s * Math.min(l, 1 - l);
-  const f = (n) => {
-    const k = (n + h / 30) % 12;
-    const c = l - a * Math.max(-1, Math.min(k - 3, 9 - k, 1));
-    return Math.round(255 * c).toString(16).padStart(2, "0");
-  };
-  return `#${f(0)}${f(8)}${f(4)}`;
-}
-function coinHue(tick) {
-  const t = (Math.sin(tick * (Math.PI / 960)) + 1) / 2;
-  return hslToHex(210 * (1 - t), 0.85, 0.55);
-}
 var SplashScreen = ({
   onComplete,
   durationMs = 3e3
@@ -17998,7 +18571,9 @@ var SplashScreen = ({
     return () => clearInterval(interval);
   }, [durationMs, onComplete]);
   const frame = COIN_FRAMES[tick % COIN_FRAMES.length];
+  const normalizedFrame = normalizeFrameLines(frame);
   const coinColor = coinHue(tick);
+  const titleTone = getSplashPulseTone(tick);
   const isFading = elapsed > durationMs - 500;
   return /* @__PURE__ */ jsx23(
     Box19,
@@ -18009,10 +18584,19 @@ var SplashScreen = ({
       alignItems: "center",
       justifyContent: "center",
       children: /* @__PURE__ */ jsxs18(Box19, { flexDirection: "column", alignItems: "center", flexShrink: 0, children: [
-        /* @__PURE__ */ jsx23(Box19, { flexDirection: "column", alignItems: "center", children: frame.map((line, i) => {
-          return /* @__PURE__ */ jsx23(Box19, { flexShrink: 0, height: 1, children: /* @__PURE__ */ jsx23(Text19, { color: coinColor, bold: !isFading, dimColor: isFading, wrap: "truncate-end", children: line }) }, i);
+        /* @__PURE__ */ jsx23(Box19, { flexDirection: "column", alignItems: "center", children: normalizedFrame.lines.map((line, i) => {
+          return /* @__PURE__ */ jsx23(Box19, { flexShrink: 0, height: 1, width: normalizedFrame.width, children: /* @__PURE__ */ jsx23(Text19, { color: coinColor, bold: !isFading, dimColor: isFading, wrap: "truncate-end", children: line }) }, i);
         }) }),
-        /* @__PURE__ */ jsx23(Box19, { marginTop: 2, flexShrink: 0, children: /* @__PURE__ */ jsx23(Text19, { bold: true, dimColor: isFading, children: "Pentesting Agent Starting..." }) })
+        /* @__PURE__ */ jsx23(Box19, { marginTop: 2, flexShrink: 0, children: isFading ? /* @__PURE__ */ jsx23(Text19, { bold: true, dimColor: true, children: "Pentesting Agent Starting..." }) : /* @__PURE__ */ jsx23(ShimmerText, { bold: true, variant: "accent", children: "Pentesting Agent Starting..." }) }),
+        /* @__PURE__ */ jsx23(Box19, { marginTop: 1, flexShrink: 0, children: /* @__PURE__ */ jsx23(
+          Text19,
+          {
+            color: titleTone.color,
+            bold: titleTone.bold && !isFading,
+            dimColor: isFading || titleTone.dimColor,
+            children: "Initializing autonomous workflow"
+          }
+        ) })
       ] })
     }
   );
@@ -18075,14 +18659,14 @@ async function runAction(objective, options) {
     console.log(chalk2.hex(HEX.gray)("\n[+] Assessment complete!\n"));
     console.log(result);
     if (options.output) {
-      const fs2 = await import("fs/promises");
+      const fs3 = await import("fs/promises");
       const { dirname: dirname2 } = await import("path");
       const outputDir = dirname2(options.output);
       if (outputDir && outputDir !== ".") {
-        await fs2.mkdir(outputDir, { recursive: true }).catch(() => {
+        await fs3.mkdir(outputDir, { recursive: true }).catch(() => {
         });
       }
-      await fs2.writeFile(options.output, JSON.stringify({ result }, null, 2));
+      await fs3.writeFile(options.output, JSON.stringify({ result }, null, 2));
       console.log(chalk2.hex(HEX.primary)(`
 [+] Report saved to: ${options.output}`));
     }