pentesting 0.73.10 → 0.73.11

package/dist/{agent-tool-K3ETJX2V.js → agent-tool-WLGPVDX6.js}

@@ -5,7 +5,7 @@ import {
   createContextExtractor,
   getLLMClient,
   getShellSupervisorLifecycleSnapshot
-} from "./chunk-OP3YVCKB.js";
+} from "./chunk-WEEPTBTF.js";
 import {
   AGENT_ROLES,
   EVENT_TYPES,
@@ -13,7 +13,7 @@ import {
   TOOL_NAMES,
   getProcessOutput,
   listBackgroundProcesses
-} from "./chunk-TFYJWIQF.js";
+} from "./chunk-U2NIVQ2O.js";
 import {
   DETECTION_PATTERNS,
   PROCESS_EVENTS,

package/dist/{chunk-TFYJWIQF.js → chunk-U2NIVQ2O.js}

@@ -348,7 +348,7 @@ var INPUT_PROMPT_PATTERNS = [
 ];
 
 // src/shared/constants/agent.ts
-var APP_VERSION = "0.73.10";
+var APP_VERSION = "0.73.11";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -842,6 +842,7 @@ var UI_COMMANDS = {
   START_SHORT: "s",
   FINDINGS: "findings",
   FINDINGS_SHORT: "f",
+  POLICY: "policy",
   REPORT: "report",
   REPORT_SHORT: "r",
   ASSETS: "assets",

package/dist/{chunk-OP3YVCKB.js → chunk-WEEPTBTF.js}

@@ -69,7 +69,7 @@ import {
   startBackgroundProcess,
   stopBackgroundProcess,
   writeFileContent
-} from "./chunk-TFYJWIQF.js";
+} from "./chunk-U2NIVQ2O.js";
 import {
   DETECTION_PATTERNS,
   HEALTH_CONFIG,
@@ -736,6 +736,55 @@ var AuxiliaryLLMBase = class {
   }
 };
 
+// src/shared/utils/policy/document.ts
+import fs from "fs";
+import path from "path";
+var DEFAULT_POLICY_DOCUMENT = `# Policy Memory
+
+No persistent user policy has been recorded yet.
+Store only durable constraints, sensitive handling rules, and reusable engagement guidance here.
+`;
+function getPolicyDocumentPath() {
+  return WORKSPACE.POLICY;
+}
+function ensurePolicyDocument() {
+  const filePath = getPolicyDocumentPath();
+  const dirPath = path.dirname(filePath);
+  if (!fs.existsSync(dirPath)) {
+    fs.mkdirSync(dirPath, { recursive: true });
+  }
+  if (!fs.existsSync(filePath)) {
+    fs.writeFileSync(filePath, DEFAULT_POLICY_DOCUMENT, "utf-8");
+  }
+  return filePath;
+}
+function readPolicyDocument() {
+  try {
+    ensurePolicyDocument();
+    return fs.readFileSync(getPolicyDocumentPath(), "utf-8").trim();
+  } catch {
+    return "";
+  }
+}
+function writePolicyDocument(content) {
+  ensurePolicyDocument();
+  fs.writeFileSync(
+    getPolicyDocumentPath(),
+    content.trim() || DEFAULT_POLICY_DOCUMENT,
+    "utf-8"
+  );
+}
+function getDefaultPolicyDocument() {
+  return DEFAULT_POLICY_DOCUMENT;
+}
+function formatPolicyMemorySection(heading = "POLICY MEMORY") {
+  const content = readPolicyDocument().trim();
+  if (!content) return "";
+  return `${heading}:
+${content}
+`;
+}
+
 // src/engine/auxiliary-llm/context-extractor.ts
 function formatForExtraction(messages) {
   const parts = [];
@@ -758,7 +807,10 @@ var ContextExtractor = class extends AuxiliaryLLMBase {
     super(llm, { systemPrompt: llmNodeSystemPrompt("context_extractor"), logErrors: true });
   }
   formatInput(input) {
-    return formatForExtraction(input.messages);
+    const extracted = formatForExtraction(input.messages);
+    const policySection = formatPolicyMemorySection();
+    return policySection ? `${policySection}
+${extracted}` : extracted;
   }
   parseOutput(response) {
     return { extractedContext: response, success: true };
@@ -6575,12 +6627,15 @@ var Reflector = class extends AuxiliaryLLMBase {
     super(llm, { systemPrompt: llmNodeSystemPrompt("reflector"), logErrors: true });
   }
   formatInput(input) {
-    return formatReflectionInput({
+    const reflectionInput = formatReflectionInput({
       tools: input.tools,
       memo: input.memo,
       phase: input.phase,
       triageMemo: input.triageMemo
     });
+    const policySection = formatPolicyMemorySection();
+    return policySection ? `${policySection}
+${reflectionInput}` : reflectionInput;
   }
   parseOutput(response) {
     return { reflection: response, success: true };
@@ -6599,15 +6654,20 @@ var MemorySynth = class extends AuxiliaryLLMBase {
     super(llm, { systemPrompt: llmNodeSystemPrompt("memory_synth"), logErrors: true });
   }
   formatInput(input) {
+    const policySection = formatPolicyMemorySection();
     if (input.existingSummary) {
-      return `Previous memory:
+      const body2 = `Previous memory:
 ${input.existingSummary}
 
 Current turn:
 ${input.turnData}`;
+      return policySection ? `${policySection}
+${body2}` : body2;
     }
-    return `First turn data:
+    const body = `First turn data:
 ${input.turnData}`;
+    return policySection ? `${policySection}
+${body}` : body;
   }
   parseOutput(response) {
     return { summary: response, success: true };
@@ -6645,7 +6705,10 @@ var PlaybookSynthesizer = class extends AuxiliaryLLMBase {
     if (input.existingChainSummary) {
       lines.push("", `EXISTING SUMMARY (regex-based, for reference): ${input.existingChainSummary}`);
     }
-    return lines.join("\n");
+    const body = lines.join("\n");
+    const policySection = formatPolicyMemorySection();
+    return policySection ? `${policySection}
+${body}` : body;
   }
   parseOutput(response) {
     const trimmed = response.trim();
@@ -6675,11 +6738,14 @@ var ReportGenerator = class extends AuxiliaryLLMBase {
       const valB = severityOrder[b.severity.toLowerCase()] ?? 0;
       return valB - valA;
     });
-    return `Mission Summary:
+    const body = `Mission Summary:
 ${input.missionSummary}
 
 Findings (Sorted by Severity):
 ${JSON.stringify(sortedFindings, null, 2)}`;
+    const policySection = formatPolicyMemorySection();
+    return policySection ? `${policySection}
+${body}` : body;
   }
   parseOutput(response) {
     return { reportMarkdown: response, success: true };
@@ -6715,11 +6781,14 @@ ${summary}`;
 PREVIOUS TRIAGE (for delta analysis):
 ${input.previousTriage}
 ` : "";
-    return `PHASE: ${input.phase}
+    const body = `PHASE: ${input.phase}
 ${prevSection}
 TOOL RESULTS THIS TURN:
 
 ${toolLines || "No tools executed this turn."}`;
+    const policySection = formatPolicyMemorySection();
+    return policySection ? `${policySection}
+${body}` : body;
   }
   parseOutput(response) {
     return { triage: response, success: true };
@@ -7532,45 +7601,6 @@ var SharedState = class {
   }
 };
 
-// src/shared/utils/policy/document.ts
-import fs from "fs";
-import path from "path";
-var DEFAULT_POLICY_DOCUMENT = `# Policy Memory
-
-No persistent user policy has been recorded yet.
-Store only durable constraints, sensitive handling rules, and reusable engagement guidance here.
-`;
-function getPolicyDocumentPath() {
-  return WORKSPACE.POLICY;
-}
-function ensurePolicyDocument() {
-  const filePath = getPolicyDocumentPath();
-  const dirPath = path.dirname(filePath);
-  if (!fs.existsSync(dirPath)) {
-    fs.mkdirSync(dirPath, { recursive: true });
-  }
-  if (!fs.existsSync(filePath)) {
-    fs.writeFileSync(filePath, DEFAULT_POLICY_DOCUMENT, "utf-8");
-  }
-  return filePath;
-}
-function readPolicyDocument() {
-  try {
-    ensurePolicyDocument();
-    return fs.readFileSync(getPolicyDocumentPath(), "utf-8").trim();
-  } catch {
-    return "";
-  }
-}
-function writePolicyDocument(content) {
-  ensurePolicyDocument();
-  fs.writeFileSync(
-    getPolicyDocumentPath(),
-    content.trim() || DEFAULT_POLICY_DOCUMENT,
-    "utf-8"
-  );
-}
-
 // src/engine/auxiliary-llm/strategist-prompt.ts
 function buildStrategistPrompt(input) {
   const state = input.state;
@@ -11054,7 +11084,7 @@ After completion: record key loot/findings from the sub-agent output to canonica
           rootTaskId: activeExecution.rootTaskId
         }
       });
-      const { AgentTool } = await import("./agent-tool-K3ETJX2V.js");
+      const { AgentTool } = await import("./agent-tool-WLGPVDX6.js");
       const executor = new AgentTool(state, events, scopeGuard, approvalGate);
       try {
         const result = await executor.execute(input);
@@ -11344,6 +11374,10 @@ export {
   getLLMClient,
   getGlobalRequestCount,
   getGlobalTokenUsage,
+  ensurePolicyDocument,
+  readPolicyDocument,
+  writePolicyDocument,
+  getDefaultPolicyDocument,
   createContextExtractor,
   parseTurnNumbers,
   rotateTurnRecords,
@@ -11356,9 +11390,6 @@ export {
   createMemorySynth,
   createPlaybookSynthesizer,
   createTriager,
-  ensurePolicyDocument,
-  readPolicyDocument,
-  writePolicyDocument,
   createStrategist,
   createInputProcessor,
   getServiceContext,

package/dist/main.js

@@ -24,6 +24,7 @@ import {
   formatChallengeAnalysis,
   formatTurnRecord,
   getApiKey,
+  getDefaultPolicyDocument,
   getGlobalRequestCount,
   getGlobalTokenUsage,
   getModel,
@@ -38,7 +39,7 @@ import {
   rotateTurnRecords,
   setCurrentTurn,
   writePolicyDocument
-} from "./chunk-OP3YVCKB.js";
+} from "./chunk-WEEPTBTF.js";
 import {
   AGENT_ROLES,
   APP_DESCRIPTION,
@@ -87,7 +88,7 @@ import {
   setActiveSessionRuntime,
   setTorEnabled,
   snapshotToPrompt
-} from "./chunk-TFYJWIQF.js";
+} from "./chunk-U2NIVQ2O.js";
 import {
   EXIT_CODES,
   getOptionalRuntimeSection,
@@ -650,14 +651,14 @@ async function recordTurn(context) {
   return turnCounter + 1;
 }
 async function writeTurnInsight(turnCounter, memorySynth, ctx) {
-  const { phase, toolJournal, memo: memo13, reflections } = ctx;
-  const fallbackNextSteps = Array.isArray(memo13.nextSteps) ? memo13.nextSteps : [];
+  const { phase, toolJournal, memo: memo14, reflections } = ctx;
+  const fallbackNextSteps = Array.isArray(memo14.nextSteps) ? memo14.nextSteps : [];
   const turnData = formatTurnRecord({
     turn: turnCounter,
     timestamp: (/* @__PURE__ */ new Date()).toISOString(),
     phase,
     tools: toolJournal,
-    memo: memo13,
+    memo: memo14,
     reflection: reflections.length > 0 ? reflections.join(" | ") : fallbackNextSteps.join("; ")
   });
   const existingSummary = readJournalSummary();
@@ -3273,7 +3274,7 @@ var makeRotateTurns = (_llm, _opts) => async (_ctx) => {
 };
 var makeSaveSession = (_llm, _opts) => async (ctx) => {
   try {
-    const { saveState: saveState2 } = await import("./persistence-TSBV5F6R.js");
+    const { saveState: saveState2 } = await import("./persistence-WP43KX7N.js");
     saveState2(ctx.state);
   } catch {
   }
@@ -4258,11 +4259,11 @@ async function writeJsonReport(outputPath, result) {
 }
 
 // src/platform/tui/cli/interactive-runtime.tsx
-import React16 from "react";
+import React17 from "react";
 import { render } from "ink";
 
 // src/platform/tui/app.tsx
-import { Box as Box18 } from "ink";
+import { Box as Box19 } from "ink";
 
 // src/platform/tui/hooks/useAgent.ts
 import { useState as useState6, useEffect as useEffect2, useCallback as useCallback7, useRef as useRef7 } from "react";
@@ -4825,6 +4826,8 @@ var UI_STATUS_MESSAGES = {
   START_ALREADY_RUNNING: "Autonomous mode is already active. Current run is still in progress.",
   /** Starting pentest message */
   STARTING_PENTEST: "Starting penetration test...",
+  /** Start cancelled from policy composer */
+  START_CANCELLED: "Start cancelled before execution.",
   /** Pentest task prefix */
   PENTEST_TASK_PREFIX: "Perform comprehensive penetration testing",
   /** Against prefix */
@@ -5736,6 +5739,7 @@ var COMMAND_DEFINITIONS = [
   { name: "target", alias: "t", args: "<ip>", description: "Set target IP or domain" },
   { name: "start", alias: "s", args: "[goal]", description: "Start autonomous pentest" },
   { name: "findings", alias: "f", description: "Show discovered vulnerabilities" },
+  { name: "policy", description: "Open the current policy memory" },
   { name: "report", alias: "r", description: "Open an operation report modal" },
   { name: "graph", alias: "g", description: "Visualize the attack graph" },
   { name: "paths", alias: "p", description: "Show ranked attack paths" },
@@ -5773,8 +5777,10 @@ ${COMMAND_DEFINITIONS.map((cmd) => {
 
 \u2500\u2500 Tips \u2500\u2500
 \u2022 Type / and press Tab to autocomplete commands
+\u2022 /policy shows the current policy memory
 \u2022 /clear resets the entire session (messages, state, .pentesting data)
 \u2022 /start automatically enables auto-approve for hands-free operation
+\u2022 You can say "put this into policy memory" in normal chat and the agent will merge it automatically
 `;
 
 // src/platform/tui/hooks/commands/session-commands.ts
@@ -5840,13 +5846,9 @@ var createTargetCommands = (ctx) => {
       ctx.addMessage("system", UI_STATUS_MESSAGES.START_ALREADY_RUNNING);
       return;
     }
-    ctx.setAutoApproveMode(true);
-    ctx.agent.setToolAutoApprove(true);
-    ctx.addMessage("system", UI_STATUS_MESSAGES.AUTONOMOUS_MODE_ENABLED);
-    ctx.addMessage("system", UI_STATUS_MESSAGES.STARTING_PENTEST);
     const targets = Array.from(ctx.agent.getState().getTargets().keys());
     const targetInfo = targets.length > 0 ? `${UI_STATUS_MESSAGES.AGAINST_PREFIX}${targets.join(", ")}` : "";
-    await ctx.executeTask(args.join(" ") || `${UI_STATUS_MESSAGES.PENTEST_TASK_PREFIX}${targetInfo}`);
+    ctx.openPolicyComposer(args.join(" ") || `${UI_STATUS_MESSAGES.PENTEST_TASK_PREFIX}${targetInfo}`);
   };
   return {
     [UI_COMMANDS.TARGET]: handleTarget,
@@ -6091,6 +6093,21 @@ var formatGraphWithSummary = (state, findings, flags) => {
   return lines.join("\n");
 };
 
+// src/platform/tui/hooks/commands/formatters/policy.ts
+function formatPolicyMemory(content) {
+  const normalized = content.trim() || getDefaultPolicyDocument().trim();
+  return [
+    "POLICY MEMORY",
+    "",
+    "\u2500\u2500 Usage \u2500\u2500",
+    "/policy shows the current policy memory.",
+    "You can also tell the agent to remember a rule or put something into policy memory, and it will merge it automatically.",
+    "",
+    "\u2500\u2500 Current Policy \u2500\u2500",
+    normalized
+  ].join("\n");
+}
+
 // src/platform/tui/hooks/commands/formatters/report.ts
 var SEVERITY_WEIGHT = {
   critical: 4,
@@ -6253,6 +6270,9 @@ var createDisplayCommands = (ctx) => {
       const flags = state.getFlags();
       ctx.showModal("findings", formatFindingsWithFlags(findings, flags));
     },
+    [UI_COMMANDS.POLICY]: () => {
+      ctx.showModal("policy", formatPolicyMemory(readPolicyDocument()));
+    },
     [UI_COMMANDS.REPORT]: () => {
       const state = ctx.agent.getState();
       ctx.showModal("report", formatOperationReport(state));
@@ -6423,6 +6443,7 @@ var useCommands = (props) => {
     agent: props.agent,
     addMessage: props.addMessage,
     showModal: props.showModal,
+    openPolicyComposer: props.openPolicyComposer,
     setMessages: props.setMessages,
     executeTask: props.executeTask,
     refreshStats: props.refreshStats,
@@ -6436,6 +6457,7 @@ var useCommands = (props) => {
     props.agent,
     props.addMessage,
     props.showModal,
+    props.openPolicyComposer,
     props.setMessages,
     props.executeTask,
     props.refreshStats,
@@ -6704,6 +6726,26 @@ function useAppSubmission({
   };
 }
 
+// src/platform/tui/policy-composer.ts
+var POLICY_COMPOSER_PLACEHOLDER = "Paste competition rules or durable constraints to remember. Example: personal event, no write-up sharing, avoid platform abuse, flag format ENKI{...}, write-up required.";
+var POLICY_COMPOSER_AI_PROMPT = "Before I start, add any competition rules or durable constraints you want me to remember for this run.";
+var POLICY_COMPOSER_GUIDE = [
+  "Before autonomous execution, add any competition rules or durable engagement constraints here.",
+  "Use /policy to view the current policy memory at any time.",
+  "You can also tell the agent to remember a rule or put something into policy memory in normal chat, and it will merge it automatically.",
+  "Tip: paste a compact summary of the most important rules if the source text is long."
+].join("\n");
+function buildPolicyBootstrapInput(rawPolicy) {
+  const trimmed = rawPolicy.trim();
+  if (!trimmed) return "";
+  return [
+    "Remember and follow this as durable policy memory for the current competition or engagement.",
+    "Merge it into policy memory and apply it in future turns.",
+    "",
+    trimmed
+  ].join("\n");
+}
+
 // src/platform/tui/hooks/useAppLogic.ts
 var useAppLogic = ({ autoApprove = false, target }) => {
   const { exit } = useApp();
@@ -6712,6 +6754,11 @@ var useAppLogic = ({ autoApprove = false, target }) => {
   const [secretInput, setSecretInput] = useState7("");
   const [autoApproveMode, setAutoApproveMode] = useState7(autoApprove);
   const [modal, setModal] = useState7({ type: null, content: "", scrollOffset: 0 });
+  const [policyComposer, setPolicyComposer] = useState7({
+    isOpen: false,
+    value: "",
+    pendingTask: ""
+  });
   const [footerConfig, setFooterConfig] = useState7(DEFAULT_FOOTER_DISPLAY_CONFIG);
   const isTyping = input.length > 0 || secretInput.length > 0;
   const {
@@ -6744,8 +6791,8 @@ var useAppLogic = ({ autoApprove = false, target }) => {
   autoApproveModeRef.current = autoApproveMode;
   const inputRequestRef = useRef9(inputRequest);
   inputRequestRef.current = inputRequest;
-  const isModalOpenRef = useRef9(!!modal.type);
-  isModalOpenRef.current = !!modal.type;
+  const isModalOpenRef = useRef9(!!modal.type || policyComposer.isOpen);
+  isModalOpenRef.current = !!modal.type || policyComposer.isOpen;
   const inputRef = useRef9(input);
   inputRef.current = input;
   const clearInput = useCallback13(() => {
@@ -6757,6 +6804,35 @@ var useAppLogic = ({ autoApprove = false, target }) => {
   const closeModal = useCallback13(() => {
     setModal({ type: null, content: "", scrollOffset: 0 });
   }, []);
+  const openPolicyComposer = useCallback13((task) => {
+    addMessage("ai", POLICY_COMPOSER_AI_PROMPT);
+    setPolicyComposer({
+      isOpen: true,
+      value: "",
+      pendingTask: task
+    });
+  }, [addMessage]);
+  const closePolicyComposer = useCallback13(() => {
+    if (!policyComposer.isOpen) return;
+    setPolicyComposer((prev) => {
+      if (!prev.isOpen) return prev;
+      return { isOpen: false, value: "", pendingTask: "" };
+    });
+    addMessage("system", UI_STATUS_MESSAGES.START_CANCELLED);
+  }, [addMessage, policyComposer.isOpen]);
+  const submitPolicyComposer = useCallback13(async () => {
+    const task = policyComposer.pendingTask.trim();
+    const policyInput = buildPolicyBootstrapInput(policyComposer.value);
+    setPolicyComposer({ isOpen: false, value: "", pendingTask: "" });
+    if (policyInput) {
+      agent.enqueueUserInput(policyInput);
+    }
+    setAutoApproveMode(true);
+    agent.setToolAutoApprove(true);
+    addMessage("system", UI_STATUS_MESSAGES.AUTONOMOUS_MODE_ENABLED);
+    addMessage("system", UI_STATUS_MESSAGES.STARTING_PENTEST);
+    await executeTask(task);
+  }, [addMessage, agent, executeTask, policyComposer.pendingTask, policyComposer.value, setAutoApproveMode]);
   const handleModalScroll = useCallback13((delta) => {
     setModal((prev) => {
       const lines = prev.content.split("\n");
@@ -6784,6 +6860,7 @@ var useAppLogic = ({ autoApprove = false, target }) => {
     agent,
     addMessage,
     showModal,
+    openPolicyComposer,
     setMessages,
     executeTask,
     refreshStats,
@@ -6826,6 +6903,12 @@ var useAppLogic = ({ autoApprove = false, target }) => {
     setSecretInput,
     autoApproveMode,
     modal,
+    policyComposer,
+    setPolicyComposer,
+    submitPolicyComposer,
+    closePolicyComposer,
+    policyComposerGuide: POLICY_COMPOSER_GUIDE,
+    policyComposerPlaceholder: POLICY_COMPOSER_PLACEHOLDER,
     handleModalScroll,
     closeModal,
     handleSecretSubmit,
@@ -8254,7 +8337,8 @@ var MODAL_TITLES = {
   findings: "\u25C8 FINDINGS \u25C8",
   report: "\u25C8 OPERATION REPORT \u25C8",
   graph: "\u25C8 ATTACK GRAPH \u25C8",
-  help: "\u25C8 COMMANDS \u25C8"
+  help: "\u25C8 COMMANDS \u25C8",
+  policy: "\u25C8 POLICY MEMORY \u25C8"
 };
 var Modal = memo12(({
   type,
@@ -8339,9 +8423,76 @@ var Modal = memo12(({
   );
 });
 
-// src/platform/tui/components/app/bottom-region.tsx
-import { Box as Box17, Text as Text18 } from "ink";
+// src/platform/tui/components/PolicyComposerModal.tsx
+import { memo as memo13, useCallback as useCallback16, useRef as useRef14 } from "react";
+import { Box as Box17, Text as Text18, useInput as useInput4 } from "ink";
 import { jsx as jsx21, jsxs as jsxs15 } from "react/jsx-runtime";
+var PolicyComposerModal = memo13(({
+  value,
+  onChange,
+  onSubmit,
+  onClose,
+  guide,
+  placeholder
+}) => {
+  const onCloseRef = useRef14(onClose);
+  onCloseRef.current = onClose;
+  const onSubmitRef = useRef14(onSubmit);
+  onSubmitRef.current = onSubmit;
+  const { columns, rows } = useTerminalSize();
+  const terminalHeight = rows;
+  const terminalWidth = columns - 4;
+  useInput4(useCallback16((_input, key) => {
+    if (key.escape) {
+      onCloseRef.current();
+    }
+  }, []), { isActive: true });
+  return /* @__PURE__ */ jsxs15(Box17, { flexDirection: "column", width: terminalWidth, height: terminalHeight, children: [
+    /* @__PURE__ */ jsx21(Box17, { justifyContent: "center", children: /* @__PURE__ */ jsx21(Text18, { color: THEME.primary, bold: true, children: (() => {
+      const title = "\u25C8 COMPETITION POLICY \u25C8";
+      const sideWidth = Math.max(3, Math.floor((terminalWidth - title.length - 2) / 2));
+      return `${"\u2500".repeat(sideWidth)} ${title} ${"\u2500".repeat(sideWidth)}`;
+    })() }) }),
+    /* @__PURE__ */ jsxs15(
+      Box17,
+      {
+        flexDirection: "column",
+        borderStyle: "round",
+        borderColor: THEME.primary,
+        paddingX: 1,
+        paddingY: 1,
+        flexGrow: 1,
+        children: [
+          /* @__PURE__ */ jsx21(Text18, { color: THEME.white, bold: true, children: "Optional bootstrap policy before /start" }),
+          /* @__PURE__ */ jsx21(Text18, { color: THEME.dimGray, children: " " }),
+          guide.split("\n").map((line, index) => /* @__PURE__ */ jsx21(Text18, { color: THEME.gray, wrap: "wrap", children: line }, index)),
+          /* @__PURE__ */ jsx21(Text18, { color: THEME.dimGray, children: " " }),
+          /* @__PURE__ */ jsx21(Box17, { borderStyle: "round", borderColor: THEME.primary, paddingX: 1, paddingY: 0, children: /* @__PURE__ */ jsx21(
+            NormalInputArea,
+            {
+              inputKey: 0,
+              value,
+              onChange,
+              onSubmit: () => onSubmitRef.current(),
+              placeholder
+            }
+          ) })
+        ]
+      }
+    ),
+    /* @__PURE__ */ jsxs15(Box17, { justifyContent: "space-between", paddingX: 1, children: [
+      /* @__PURE__ */ jsx21(Text18, { color: THEME.dimGray, children: "Enter: continue | Esc: cancel start" }),
+      /* @__PURE__ */ jsxs15(Text18, { color: THEME.primary, children: [
+        value.trim().length,
+        " chars"
+      ] })
+    ] })
+  ] });
+});
+
+// src/platform/tui/components/app/bottom-region.tsx
+import { Box as Box18, Text as Text19 } from "ink";
+import { jsx as jsx22, jsxs as jsxs16 } from "react/jsx-runtime";
 var BottomRegion = ({
   input,
   setInput,
@@ -8366,8 +8517,8 @@ var BottomRegion = ({
 }) => {
   const { columns } = useTerminalSize();
   const inputSeparatorColor = resolveInputSeparatorColor({ isProcessing, inputRequest });
-  return /* @__PURE__ */ jsxs15(Box17, { flexDirection: "column", width: "100%", children: [
-    /* @__PURE__ */ jsx21(
+  return /* @__PURE__ */ jsxs16(Box18, { flexDirection: "column", width: "100%", children: [
+    /* @__PURE__ */ jsx22(
       StatusDisplay,
       {
         retryState,
@@ -8378,8 +8529,8 @@ var BottomRegion = ({
         inputRequest
       }
     ),
-    /* @__PURE__ */ jsx21(Text18, { color: inputSeparatorColor, children: "\u2500".repeat(Math.max(1, columns - 2)) }),
-    /* @__PURE__ */ jsx21(Box17, { width: "100%", children: /* @__PURE__ */ jsx21(
+    /* @__PURE__ */ jsx22(Text19, { color: inputSeparatorColor, children: "\u2500".repeat(Math.max(1, columns - 2)) }),
+    /* @__PURE__ */ jsx22(Box18, { width: "100%", children: /* @__PURE__ */ jsx22(
       ChatInput,
       {
         value: input,
@@ -8396,8 +8547,8 @@ var BottomRegion = ({
         onSecretSubmit: handleSecretSubmit
       }
     ) }),
-    /* @__PURE__ */ jsx21(Text18, { color: inputSeparatorColor, children: "\u2500".repeat(Math.max(1, columns - 2)) }),
-    /* @__PURE__ */ jsx21(Box17, { width: "100%", children: /* @__PURE__ */ jsx21(
+    /* @__PURE__ */ jsx22(Text19, { color: inputSeparatorColor, children: "\u2500".repeat(Math.max(1, columns - 2)) }),
+    /* @__PURE__ */ jsx22(Box18, { width: "100%", children: /* @__PURE__ */ jsx22(
       footer_default,
       {
         phase: stats.phase,
@@ -8456,7 +8607,7 @@ function useModalMouseWheel({
 }
 
 // src/platform/tui/app.tsx
-import { jsx as jsx22, jsxs as jsxs16 } from "react/jsx-runtime";
+import { jsx as jsx23, jsxs as jsxs17 } from "react/jsx-runtime";
 var MODEL_NAME = getModel() || DEFAULT_MODEL;
 var App = ({ autoApprove = false, target }) => {
   const {
@@ -8468,6 +8619,12 @@ var App = ({ autoApprove = false, target }) => {
     setSecretInput,
     autoApproveMode,
     modal,
+    policyComposer,
+    submitPolicyComposer,
+    closePolicyComposer,
+    policyComposerGuide,
+    policyComposerPlaceholder,
+    setPolicyComposer,
     handleModalScroll,
     closeModal,
     handleSubmit,
@@ -8492,8 +8649,23 @@ var App = ({ autoApprove = false, target }) => {
     isActive: !!modal.type,
     onScroll: handleModalScroll
   });
+  if (policyComposer.isOpen) {
+    return /* @__PURE__ */ jsx23(Box19, { flexDirection: "column", paddingX: 1, width: terminalWidth, height: terminalHeight - 1, children: /* @__PURE__ */ jsx23(
+      PolicyComposerModal,
+      {
+        value: policyComposer.value,
+        onChange: (value) => {
+          setPolicyComposer((prev) => ({ ...prev, value }));
+        },
+        onSubmit: submitPolicyComposer,
+        onClose: closePolicyComposer,
+        guide: policyComposerGuide,
+        placeholder: policyComposerPlaceholder
+      }
+    ) });
+  }
   if (modal.type) {
-    return /* @__PURE__ */ jsx22(Box18, { flexDirection: "column", paddingX: 1, width: terminalWidth, height: terminalHeight - 1, children: /* @__PURE__ */ jsx22(
+    return /* @__PURE__ */ jsx23(Box19, { flexDirection: "column", paddingX: 1, width: terminalWidth, height: terminalHeight - 1, children: /* @__PURE__ */ jsx23(
       Modal,
       {
         type: modal.type,
@@ -8504,8 +8676,8 @@ var App = ({ autoApprove = false, target }) => {
       }
     ) });
   }
-  return /* @__PURE__ */ jsxs16(Box18, { flexDirection: "column", paddingX: 1, paddingBottom: 1, width: terminalWidth, children: [
-    /* @__PURE__ */ jsx22(Box18, { flexDirection: "column", width: "100%", children: /* @__PURE__ */ jsx22(
+  return /* @__PURE__ */ jsxs17(Box19, { flexDirection: "column", paddingX: 1, paddingBottom: 1, width: terminalWidth, children: [
+    /* @__PURE__ */ jsx23(Box19, { flexDirection: "column", width: "100%", children: /* @__PURE__ */ jsx23(
       MessageList,
       {
         messages,
@@ -8514,7 +8686,7 @@ var App = ({ autoApprove = false, target }) => {
         version: APP_VERSION
       }
     ) }),
-    /* @__PURE__ */ jsx22(Box18, { flexDirection: "column", marginTop: 1, width: "100%", children: /* @__PURE__ */ jsx22(
+    /* @__PURE__ */ jsx23(Box19, { flexDirection: "column", marginTop: 1, width: "100%", children: /* @__PURE__ */ jsx23(
       BottomRegion,
       {
         input,
@@ -8545,7 +8717,7 @@ var app_default = App;
 
 // src/platform/tui/components/SplashScreen.tsx
 import { useEffect as useEffect11, useState as useState14 } from "react";
-import { Box as Box19, Text as Text19 } from "ink";
+import { Box as Box20, Text as Text20 } from "ink";
 
 // src/platform/tui/components/CoinFrames.ts
 var COIN_FRAMES = [
@@ -9236,7 +9408,7 @@ var COIN_FRAMES = [
 ];
 
 // src/platform/tui/components/SplashScreen.tsx
-import { jsx as jsx23 } from "react/jsx-runtime";
+import { jsx as jsx24 } from "react/jsx-runtime";
 var SplashScreen = ({
   onComplete,
   durationMs = 3e3
@@ -9258,27 +9430,27 @@ var SplashScreen = ({
     return () => clearInterval(interval);
   }, [durationMs, onComplete]);
   const currentFrame = COIN_FRAMES[frameIdx % COIN_FRAMES.length];
-  return /* @__PURE__ */ jsx23(
-    Box19,
+  return /* @__PURE__ */ jsx24(
+    Box20,
     {
       width: columns,
       minHeight: rows,
       flexDirection: "column",
       alignItems: "center",
       justifyContent: "center",
-      children: /* @__PURE__ */ jsx23(Box19, { flexDirection: "column", alignItems: "center", flexShrink: 0, children: /* @__PURE__ */ jsx23(Box19, { flexDirection: "column", alignItems: "center", children: currentFrame.map((line, i) => /* @__PURE__ */ jsx23(Box19, { flexShrink: 0, height: 1, children: /* @__PURE__ */ jsx23(Text19, { color: THEME.white, bold: true, wrap: "truncate-end", children: line }, `coin-text-${i}`) }, `coin-row-${i}`)) }) })
+      children: /* @__PURE__ */ jsx24(Box20, { flexDirection: "column", alignItems: "center", flexShrink: 0, children: /* @__PURE__ */ jsx24(Box20, { flexDirection: "column", alignItems: "center", children: currentFrame.map((line, i) => /* @__PURE__ */ jsx24(Box20, { flexShrink: 0, height: 1, children: /* @__PURE__ */ jsx24(Text20, { color: THEME.white, bold: true, wrap: "truncate-end", children: line }, `coin-text-${i}`) }, `coin-row-${i}`)) }) })
     }
   );
 };
 
 // src/platform/tui/cli/interactive-runtime.tsx
-import { jsx as jsx24 } from "react/jsx-runtime";
+import { jsx as jsx25 } from "react/jsx-runtime";
 var InteractiveRoot = ({ autoApprove, target }) => {
-  const [showSplash, setShowSplash] = React16.useState(true);
+  const [showSplash, setShowSplash] = React17.useState(true);
   if (showSplash) {
-    return /* @__PURE__ */ jsx24(SplashScreen, { durationMs: 3e3, onComplete: () => setShowSplash(false) });
+    return /* @__PURE__ */ jsx25(SplashScreen, { durationMs: 3e3, onComplete: () => setShowSplash(false) });
   }
-  return /* @__PURE__ */ jsx24(
+  return /* @__PURE__ */ jsx25(
     app_default,
     {
       autoApprove,
@@ -9288,7 +9460,7 @@ var InteractiveRoot = ({ autoApprove, target }) => {
 };
 async function renderInteractiveApp(props) {
   const { waitUntilExit } = render(
-    /* @__PURE__ */ jsx24(AnimationProvider, { children: /* @__PURE__ */ jsx24(InteractiveRoot, { ...props }) })
+    /* @__PURE__ */ jsx25(AnimationProvider, { children: /* @__PURE__ */ jsx25(InteractiveRoot, { ...props }) })
   );
   await waitUntilExit();
 }

package/dist/{persistence-TSBV5F6R.js → persistence-WP43KX7N.js}

@@ -3,7 +3,7 @@ import {
   clearWorkspace,
   loadState,
   saveState
-} from "./chunk-TFYJWIQF.js";
+} from "./chunk-U2NIVQ2O.js";
 import "./chunk-S5ZMXFHR.js";
 export {
   StateSerializer,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pentesting",
-  "version": "0.73.10",
+  "version": "0.73.11",
   "description": "Autonomous Penetration Testing AI Agent",
   "type": "module",
   "main": "dist/main.js",