pentesting 0.73.2 → 0.73.4

package/dist/{chunk-KBJPZDIL.js → chunk-7E2VUIFU.js}

@@ -13,12 +13,13 @@ import {
   getAllProcesses,
   getBackgroundProcessesMap,
   getLimits,
-  getPipelineConfig,
   getProcess,
   getProcessEventLog,
+  getRequiredRuntimeSection,
+  getRuntimeSectionOr,
   logEvent,
   setProcess
-} from "./chunk-YFDJI3GO.js";
+} from "./chunk-I52SWXYV.js";
 
 // src/shared/constants/time/conversions.ts
 var MS_PER_MINUTE = 6e4;
@@ -138,6 +139,119 @@ var DISPLAY_LIMITS = {
   SESSION_VALUE_PREVIEW: 300
 };
 
+// src/shared/utils/file-ops/runtime-asset-resolver.ts
+import { existsSync, readFileSync } from "fs";
+import path from "path";
+import { fileURLToPath } from "url";
+var RUNTIME_FILE_DIR = path.dirname(fileURLToPath(import.meta.url));
+var DIST_DIR = path.basename(RUNTIME_FILE_DIR) === "dist" ? RUNTIME_FILE_DIR : path.resolve(process.cwd(), "dist");
+function mapSourceAssetToDist(declaredPath) {
+  if (declaredPath.startsWith("src/agents/prompts/")) {
+    return path.join(DIST_DIR, "prompts", declaredPath.slice("src/agents/prompts/".length));
+  }
+  if (/^src\/domains\/[^/]+\/prompt\.md$/.test(declaredPath)) {
+    const [, domain] = declaredPath.split("/");
+    return path.join(DIST_DIR, domain, "prompt.md");
+  }
+  return null;
+}
+function getRuntimeAssetCandidates(declaredPath) {
+  const normalized = declaredPath.replace(/\\/g, "/").replace(/\/+$/, "");
+  const candidates = [path.resolve(process.cwd(), normalized)];
+  const distCandidate = mapSourceAssetToDist(normalized);
+  if (distCandidate) {
+    candidates.push(distCandidate);
+  }
+  return [...new Set(candidates)];
+}
+function resolveRuntimeAssetPath(declaredPath) {
+  for (const candidate of getRuntimeAssetCandidates(declaredPath)) {
+    if (existsSync(candidate)) {
+      return candidate;
+    }
+  }
+  return null;
+}
+function readRuntimeAssetFile(declaredPath, encoding = "utf-8") {
+  const resolved = resolveRuntimeAssetPath(declaredPath);
+  if (!resolved) {
+    return null;
+  }
+  return readFileSync(resolved, encoding);
+}
+
+// src/agents/llm-node-config.ts
+var RUNTIME_CONFIG_PATH = "src/agents/runtime-config.ts";
+function buildMissingNodeError(nodeName) {
+  return new Error(
+    `[runtime-config] llm_nodes.${nodeName} is not declared. Add it to ${RUNTIME_CONFIG_PATH}.`
+  );
+}
+function buildMissingPromptError(nodeName) {
+  return new Error(
+    `[runtime-config] llm_nodes.${nodeName} must declare system_prompt_file, fallback_system_prompt_file, or system_prompt. Add one to ${RUNTIME_CONFIG_PATH}.`
+  );
+}
+function buildMissingCooldownPolicyError(nodeName) {
+  return new Error(
+    `[runtime-config] llm_nodes.${nodeName}.cooldown_policy is required but not set. Add it to ${RUNTIME_CONFIG_PATH}.`
+  );
+}
+function resolvePromptFile(declaredPath, context) {
+  const content = readRuntimeAssetFile(declaredPath, "utf-8");
+  if (content === null) {
+    throw new Error(
+      `[runtime-config] ${context} points to "${declaredPath}" but no runtime asset was found. Tried: ${getRuntimeAssetCandidates(declaredPath).join(", ")}`
+    );
+  }
+  return content.trim();
+}
+function resolveInlinePrompt(prompt2) {
+  return prompt2 ? prompt2.trim() : void 0;
+}
+function resolveConfiguredPrompt(nodeName, nodeConfig) {
+  if (nodeConfig.system_prompt_file) {
+    return resolvePromptFile(
+      nodeConfig.system_prompt_file,
+      `llm_nodes.${nodeName}.system_prompt_file`
+    );
+  }
+  if (nodeConfig.fallback_system_prompt_file) {
+    return resolvePromptFile(
+      nodeConfig.fallback_system_prompt_file,
+      `llm_nodes.${nodeName}.fallback_system_prompt_file`
+    );
+  }
+  return resolveInlinePrompt(nodeConfig.system_prompt) ?? resolveInlinePrompt(nodeConfig.fallback_system_prompt);
+}
+function getLlmNodeConfig(nodeName) {
+  const nodeConfig = getRequiredRuntimeSection("llm_nodes")[nodeName];
+  if (!nodeConfig) {
+    throw buildMissingNodeError(nodeName);
+  }
+  return nodeConfig;
+}
+function llmNodeSystemPrompt(nodeName) {
+  const prompt2 = resolveConfiguredPrompt(nodeName, getLlmNodeConfig(nodeName));
+  if (!prompt2) {
+    throw buildMissingPromptError(nodeName);
+  }
+  return prompt2;
+}
+function llmNodeOutputParsing(nodeName) {
+  return getLlmNodeConfig(nodeName).output_parsing;
+}
+function llmNodeCooldownPolicy(nodeName) {
+  const policy = getLlmNodeConfig(nodeName).cooldown_policy;
+  if (!policy) {
+    throw buildMissingCooldownPolicyError(nodeName);
+  }
+  return policy;
+}
+function llmNodeMaxTokens(nodeName, fallback) {
+  return getLlmNodeConfig(nodeName).limits?.max_tokens ?? fallback;
+}
+
 // src/shared/constants/llm/config.ts
 var RETRY_CONFIG = {
   baseDelayMs: 2e3,
@@ -150,9 +264,8 @@ var RETRY_CONFIG = {
   autoRetryDelayMs: 1e4
   // 10s fixed interval for 429/network errors
 };
-var config = getPipelineConfig();
-var mainLlmTokens = config.llm_nodes?.["main_llm"]?.limits?.max_tokens ?? 128e3;
-var strategistTokens = config.llm_nodes?.["strategist"]?.limits?.max_tokens ?? 262144;
+var mainLlmTokens = llmNodeMaxTokens("main_llm", 128e3);
+var strategistTokens = llmNodeMaxTokens("strategist", 262144);
 var LLM_LIMITS = {
   /** WHY 64K: non-streaming calls (orchestrator, summaries) benefit from
    *  generous output budgets. Don't force premature truncation. */
@@ -194,7 +307,7 @@ var AGENT_LIMITS = {
   MAX_FAILED_PATHS: state.max_failed_paths,
   MAX_ATTACK_NODES: state.max_attack_nodes,
   MAX_ATTACK_EDGES: state.max_attack_edges,
-  // ─── Fixed Infrastructure Constants (not tunable via yaml) ───
+  // ─── Fixed Infrastructure Constants (not tunable via runtime config) ───
   /** Infinite retry on LLM errors — rate limit recovery */
   MAX_CONSECUTIVE_LLM_ERRORS: agent_loop.max_consecutive_llm_errors === "infinity" || agent_loop.max_consecutive_llm_errors === Infinity ? Infinity : Number(agent_loop.max_consecutive_llm_errors ?? Infinity),
   MAX_RETRIES: agent_loop.max_retries ?? 3,
@@ -218,7 +331,7 @@ var MEMORY_LIMITS = {
   TECHNIQUE_FAILURE_DECAY: state2.technique_failure_decay,
   TECHNIQUE_PRUNE_THRESHOLD: state2.technique_prune_threshold,
   MAX_TURN_ENTRIES: archive.max_turn_entries,
-  /** Maximum unverified techniques to show in prompt (display-only, not in yaml) */
+  /** Maximum unverified techniques to show in prompt (display-only, not in runtime config) */
   PROMPT_UNVERIFIED_TECHNIQUES: 10
 };
 
@@ -235,7 +348,7 @@ var INPUT_PROMPT_PATTERNS = [
 
 // src/shared/constants/agent.ts
 var APP_NAME = "Pentest AI";
-var APP_VERSION = "0.73.2";
+var APP_VERSION = "0.73.4";
 var APP_DESCRIPTION = "Autonomous Penetration Testing AI Agent";
 var LLM_ROLES = {
   SYSTEM: "system",
@@ -509,6 +622,19 @@ var TOOL_NAMES = {
   READ_FILE: "read_file",
   WRITE_FILE: "write_file",
   BG_PROCESS: "bg_process",
+  LISTENER_START: "listener_start",
+  LISTENER_STATUS: "listener_status",
+  SHELL_PROMOTE: "shell_promote",
+  SHELL_EXEC: "shell_exec",
+  SHELL_CHECK: "shell_check",
+  SHELL_UPGRADE: "shell_upgrade",
+  EXPLOIT_CREDENTIAL_CHECK: "exploit_credential_check",
+  EXPLOIT_ARTIFACT_CHECK: "exploit_artifact_check",
+  EXPLOIT_FOOTHOLD_CHECK: "exploit_foothold_check",
+  EXPLOIT_VECTOR_CHECK: "exploit_vector_check",
+  PWN_CRASH_REPRO: "pwn_crash_repro",
+  PWN_OFFSET_CHECK: "pwn_offset_check",
+  PWN_PAYLOAD_SMOKE: "pwn_payload_smoke",
   // Intelligence & Research
   PARSE_NMAP: "parse_nmap",
   SEARCH_CVE: "search_cve",
@@ -936,7 +1062,20 @@ function getInputHandler() {
 }
 
 // src/shared/constants/paths.ts
-import path from "path";
+import path2 from "path";
+
+// src/agents/workspace-config.ts
+var DEFAULT_WORKSPACE_ROOT = ".pentesting";
+var DEFAULT_WORKSPACE_DIRECTORIES = {};
+function getWorkspaceConfig() {
+  return getRuntimeSectionOr("workspace", {});
+}
+function getWorkspaceRoot() {
+  return getWorkspaceConfig().root ?? DEFAULT_WORKSPACE_ROOT;
+}
+function getWorkspaceDirectories() {
+  return getWorkspaceConfig().directories ?? DEFAULT_WORKSPACE_DIRECTORIES;
+}
 
 // src/shared/constants/files/extensions.ts
 var FILE_EXTENSIONS = {
@@ -983,9 +1122,9 @@ var SPECIAL_FILES = {
 };
 
 // src/shared/utils/file-ops/file-utils.ts
-import { existsSync, mkdirSync } from "fs";
+import { existsSync as existsSync2, mkdirSync } from "fs";
 function ensureDirExists(dirPath) {
-  if (!existsSync(dirPath)) {
+  if (!existsSync2(dirPath)) {
     mkdirSync(dirPath, { recursive: true });
   }
 }
@@ -1013,15 +1152,13 @@ var _dirs = null;
 var _root = null;
 function getRoot() {
   if (_root === null) {
-    const ws = getPipelineConfig().workspace;
-    _root = ws?.root ?? ".pentesting";
+    _root = getWorkspaceRoot();
   }
   return _root;
 }
 function getDirs() {
   if (_dirs === null) {
-    const ws = getPipelineConfig().workspace;
-    _dirs = ws?.directories ?? {};
+    _dirs = getWorkspaceDirectories();
   }
   return _dirs;
 }
@@ -1033,39 +1170,39 @@ var WORK_DIR = dir("workspace", `${getRoot()}/workspace`);
 var MEMORY_DIR = dir("memory", `${getRoot()}/memory`);
 var WORKSPACE = {
   get ROOT() {
-    return path.resolve(getRoot());
+    return path2.resolve(getRoot());
   },
   get TMP() {
-    return path.resolve(dir("workspace", `${getRoot()}/workspace`));
+    return path2.resolve(dir("workspace", `${getRoot()}/workspace`));
   },
   get MEMORY() {
-    return path.resolve(dir("memory", `${getRoot()}/memory`));
+    return path2.resolve(dir("memory", `${getRoot()}/memory`));
   },
   get POLICY() {
-    return path.resolve(dir("memory", `${getRoot()}/memory`), SPECIAL_FILES.POLICY);
+    return path2.resolve(dir("memory", `${getRoot()}/memory`), SPECIAL_FILES.POLICY);
   },
   get REPORTS() {
-    return path.resolve(dir("reports", `${getRoot()}/reports`));
+    return path2.resolve(dir("reports", `${getRoot()}/reports`));
   },
   get SESSIONS() {
-    return path.resolve(dir("sessions", `${getRoot()}/sessions`));
+    return path2.resolve(dir("sessions", `${getRoot()}/sessions`));
   },
   get LOOT() {
-    return path.resolve(dir("loot", `${getRoot()}/loot`));
+    return path2.resolve(dir("loot", `${getRoot()}/loot`));
   },
   get DEBUG() {
-    return path.resolve(dir("debug", `${getRoot()}/debug`));
+    return path2.resolve(dir("debug", `${getRoot()}/debug`));
   },
   /** Turn insight files root: .pentesting/turns/ */
   get TURNS() {
-    return path.resolve(dir("turns", `${getRoot()}/turns`));
+    return path2.resolve(dir("turns", `${getRoot()}/turns`));
   },
   /**
    * Resolve the turn memory file for a specific turn: .pentesting/turns/{N}-memory.md
-   * Pipeline.yaml: workspace.turn_structure → single file per turn
+   * Runtime config turn storage policy → single file per turn
    */
   turnPath(turn) {
-    return path.resolve(dir("turns", `${getRoot()}/turns`), `${turn}-memory.md`);
+    return path2.resolve(dir("turns", `${getRoot()}/turns`), `${turn}-memory.md`);
   }
 };
 
@@ -1298,7 +1435,7 @@ var BLOCKED_BINARIES = /* @__PURE__ */ new Set([
 ]);
 
 // src/shared/utils/debug/debug-logger.ts
-import { appendFileSync, writeFileSync, statSync, readFileSync } from "fs";
+import { appendFileSync, writeFileSync, statSync, readFileSync as readFileSync2 } from "fs";
 import { join } from "path";
 var ROTATE_BYTES = 5 * 1024 * 1024;
 var WIPE_BYTES = 20 * 1024 * 1024;
@@ -1350,7 +1487,7 @@ var DebugLogger = class _DebugLogger {
         writeFileSync(this.logPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [GENERAL] === LOG WIPED (exceeded ${Math.round(WIPE_BYTES / 1024 / 1024)}MB) ===
 `);
       } else if (size > ROTATE_BYTES) {
-        const content = readFileSync(this.logPath, "utf-8");
+        const content = readFileSync2(this.logPath, "utf-8");
         const half = content.slice(Math.floor(content.length / 2));
         const firstNewline = half.indexOf("\n");
         const trimmed = firstNewline >= 0 ? half.slice(firstNewline + 1) : half;
@@ -1507,6 +1644,57 @@ function splitByPipe(command) {
 }
 
 // src/shared/utils/command-validator/redirect.ts
+function isAllowedRedirectPath(target) {
+  return SAFE_REDIRECT_PATHS.some((pathPrefix) => target.startsWith(pathPrefix));
+}
+function updateQuoteState(ch, state3) {
+  if (ch === "'" && !state3.inDouble) {
+    state3.inSingle = !state3.inSingle;
+    return true;
+  }
+  if (ch === '"' && !state3.inSingle) {
+    state3.inDouble = !state3.inDouble;
+    return true;
+  }
+  return false;
+}
+function extractFileDescriptor(command, operatorIndex) {
+  let fd = "";
+  let b = operatorIndex - 1;
+  while (b >= 0 && /\d/.test(command[b])) {
+    fd = command[b] + fd;
+    b--;
+  }
+  return fd;
+}
+function skipSpaces(command, start) {
+  let index = start;
+  while (index < command.length && /\s/.test(command[index])) index++;
+  return index;
+}
+function readRedirectTarget(command, start) {
+  let i = start;
+  let target = "";
+  let targetInSingle = false;
+  let targetInDouble = false;
+  while (i < command.length) {
+    const ch = command[i];
+    if (ch === "'" && !targetInDouble) {
+      targetInSingle = !targetInSingle;
+      i++;
+      continue;
+    }
+    if (ch === '"' && !targetInSingle) {
+      targetInDouble = !targetInDouble;
+      i++;
+      continue;
+    }
+    if (!targetInSingle && !targetInDouble && /[\s|;&<>]/.test(ch)) break;
+    target += ch;
+    i++;
+  }
+  return { target, nextIndex: i };
+}
 function stripRedirects(segment) {
   return segment.replace(/\d*>\s*&\d+/g, "").replace(/\d*>>\s*\S+/g, "").replace(/\d*>\s*\S+/g, "").replace(/<\s*\S+/g, "").trim();
 }
@@ -1515,8 +1703,7 @@ function validateRedirects(command) {
   for (const { type, target } of redirects) {
     if (type === ">" || type === ">>") {
       if (target.startsWith("&") || target === "/dev/null") continue;
-      const isAllowed = SAFE_REDIRECT_PATHS.some((p) => target.startsWith(p));
-      if (!isAllowed) {
+      if (!isAllowedRedirectPath(target)) {
         return {
           isSafe: false,
           error: `Redirect to '${target}' is not in allowed paths`,
@@ -1524,8 +1711,7 @@ function validateRedirects(command) {
         };
       }
     } else if (type === "<") {
-      const isAllowed = SAFE_REDIRECT_PATHS.some((p) => target.startsWith(p));
-      if (!isAllowed) {
+      if (!isAllowedRedirectPath(target)) {
         return {
           isSafe: false,
           error: `Input redirect from '${target}' is not in allowed paths`,
@@ -1538,55 +1724,23 @@ function validateRedirects(command) {
 }
 function extractRedirectTargets(command) {
   const redirects = [];
-  let inSingle = false;
-  let inDouble = false;
+  const quoteState = { inSingle: false, inDouble: false };
   let i = 0;
   while (i < command.length) {
     const ch = command[i];
-    if (ch === "'" && !inDouble) {
-      inSingle = !inSingle;
-      i++;
-      continue;
-    }
-    if (ch === '"' && !inSingle) {
-      inDouble = !inDouble;
+    if (updateQuoteState(ch, quoteState)) {
       i++;
       continue;
     }
-    if (!inSingle && !inDouble) {
+    if (!quoteState.inSingle && !quoteState.inDouble) {
       if (ch === ">" || ch === "<") {
         const isAppend = ch === ">" && command[i + 1] === ">";
         const type = isAppend ? ">>" : ch;
         const jump = isAppend ? 2 : 1;
-        let fd = "";
-        if (ch === ">") {
-          let b = i - 1;
-          while (b >= 0 && /\d/.test(command[b])) {
-            fd = command[b] + fd;
-            b--;
-          }
-        }
-        i += jump;
-        while (i < command.length && /\s/.test(command[i])) i++;
-        let target = "";
-        let targetInSingle = false;
-        let targetInDouble = false;
-        while (i < command.length) {
-          const tc = command[i];
-          if (tc === "'" && !targetInDouble) {
-            targetInSingle = !targetInSingle;
-            i++;
-            continue;
-          }
-          if (tc === '"' && !targetInSingle) {
-            targetInDouble = !targetInDouble;
-            i++;
-            continue;
-          }
-          if (!targetInSingle && !targetInDouble && /[\s|;&<>]/.test(tc)) break;
-          target += tc;
-          i++;
-        }
+        const fd = ch === ">" ? extractFileDescriptor(command, i) : "";
+        const targetStart = skipSpaces(command, i + jump);
+        const { target, nextIndex } = readRedirectTarget(command, targetStart);
+        i = nextIndex;
         if (target) {
           redirects.push({ type, fd, target });
         }
@@ -1946,76 +2100,115 @@ function getTorBrowserArgs() {
 }
 
 // src/shared/utils/config/tor/wrapper.ts
+function wrapCurl(command, socks) {
+  if (!/\bcurl\b/.test(command)) return null;
+  if (/--socks5|--proxy\b|-x\s/.test(command)) return command;
+  return command.replace(/\bcurl\b/, `curl --socks5-hostname ${socks}`);
+}
+function wrapWget(command, socks) {
+  if (!/\bwget\b/.test(command)) return null;
+  if (/--execute.*proxy|http_proxy|https_proxy/i.test(command)) return command;
+  return command.replace(
+    /\bwget\b/,
+    `wget -e use_proxy=yes -e http_proxy=socks5h://${socks} -e https_proxy=socks5h://${socks}`
+  );
+}
+function wrapSqlmap(command) {
+  if (!/\bsqlmap\b/.test(command)) return null;
+  if (/--tor\b|--proxy\b/.test(command)) return command;
+  return command.replace(
+    /\bsqlmap\b/,
+    `sqlmap --tor --tor-type=SOCKS5 --tor-port=${TOR_PROXY.SOCKS_PORT}`
+  );
+}
+function wrapGobuster(command, socks) {
+  if (!/\bgobuster\b/.test(command)) return null;
+  if (/--proxy\b/.test(command)) return command;
+  return command.replace(/\bgobuster\b/, `gobuster --proxy socks5://${socks}`);
+}
+function wrapFfuf(command, socks) {
+  if (!/\bffuf\b/.test(command)) return null;
+  if (/-x\s/.test(command)) return command;
+  return command.replace(/\bffuf\b/, `ffuf -x socks5://${socks}`);
+}
+function wrapNmap(command, wrapperPrefix) {
+  if (!/\bnmap\b/.test(command)) return null;
+  let nmapCmd = command;
+  nmapCmd = nmapCmd.replace(/\s-s[SAXFN]\b/g, " -sT");
+  if (!/\s-Pn\b/.test(nmapCmd)) {
+    nmapCmd = nmapCmd.replace(/\bnmap\b/, "nmap -Pn");
+  }
+  return `${wrapperPrefix} ${nmapCmd}`;
+}
 function wrapCommandForTor(command) {
   if (!isTorEnabled()) return command;
-  const SOCKS = `${TOR_PROXY.SOCKS_HOST}:${TOR_PROXY.SOCKS_PORT}`;
-  if (/\bcurl\b/.test(command)) {
-    if (/--socks5|--proxy\b|-x\s/.test(command)) return command;
-    return command.replace(/\bcurl\b/, `curl --socks5-hostname ${SOCKS}`);
-  }
-  if (/\bwget\b/.test(command)) {
-    if (/--execute.*proxy|http_proxy|https_proxy/i.test(command)) return command;
-    return command.replace(
-      /\bwget\b/,
-      `wget -e use_proxy=yes -e http_proxy=socks5h://${SOCKS} -e https_proxy=socks5h://${SOCKS}`
-    );
-  }
-  if (/\bsqlmap\b/.test(command)) {
-    if (/--tor\b|--proxy\b/.test(command)) return command;
-    return command.replace(
-      /\bsqlmap\b/,
-      `sqlmap --tor --tor-type=SOCKS5 --tor-port=${TOR_PROXY.SOCKS_PORT}`
-    );
-  }
-  if (/\bgobuster\b/.test(command)) {
-    if (/--proxy\b/.test(command)) return command;
-    return command.replace(/\bgobuster\b/, `gobuster --proxy socks5://${SOCKS}`);
-  }
-  if (/\bffuf\b/.test(command)) {
-    if (/-x\s/.test(command)) return command;
-    return command.replace(/\bffuf\b/, `ffuf -x socks5://${SOCKS}`);
-  }
-  if (/\bnmap\b/.test(command)) {
-    let nmapCmd = command;
-    nmapCmd = nmapCmd.replace(/\s-s[SAXFN]\b/g, " -sT");
-    if (!/\s-Pn\b/.test(nmapCmd)) {
-      nmapCmd = nmapCmd.replace(/\bnmap\b/, "nmap -Pn");
+  const socks = `${TOR_PROXY.SOCKS_HOST}:${TOR_PROXY.SOCKS_PORT}`;
+  const wrapperPrefix = `${TOR_PROXY.WRAPPER_CMD} ${TOR_PROXY.WRAPPER_FLAGS}`;
+  const handlers = [
+    () => wrapCurl(command, socks),
+    () => wrapWget(command, socks),
+    () => wrapSqlmap(command),
+    () => wrapGobuster(command, socks),
+    () => wrapFfuf(command, socks),
+    () => wrapNmap(command, wrapperPrefix)
+  ];
+  for (const handler of handlers) {
+    const wrapped = handler();
+    if (wrapped !== null) {
+      return wrapped;
     }
-    return `${TOR_PROXY.WRAPPER_CMD} ${TOR_PROXY.WRAPPER_FLAGS} ${nmapCmd}`;
   }
-  return `${TOR_PROXY.WRAPPER_CMD} ${TOR_PROXY.WRAPPER_FLAGS} ${command}`;
+  return `${wrapperPrefix} ${command}`;
 }
 
 // src/shared/utils/config/tor/leak-detector.ts
+function checkPingLeakRisk(command) {
+  if (!/\bping\b/.test(command)) return null;
+  return {
+    safe: false,
+    reason: "ping uses ICMP \u2014 bypasses Tor, real IP exposed to target",
+    suggestion: "Use TCP probe instead: curl --socks5-hostname 127.0.0.1:9050 -s --connect-timeout 5 http://<target>:<port>"
+  };
+}
+function checkTracerouteLeakRisk(command) {
+  if (!/\btraceroute\b|\btracepath\b|\bmtr\b/.test(command)) return null;
+  return {
+    safe: false,
+    reason: "traceroute/tracepath/mtr uses ICMP/UDP \u2014 bypasses Tor, real IP exposed",
+    suggestion: "Skip traceroute when Tor is enabled (reveals all hops including your IP)"
+  };
+}
+function checkDnsLeakRisk(command) {
+  if (!/\bdig\b/.test(command) && !/\bnslookup\b/.test(command) && !/(?:^|[;&|\s])host(?:\s|$)/.test(command)) {
+    return null;
+  }
+  return {
+    safe: false,
+    reason: "dig/host/nslookup use UDP \u2014 DNS query bypasses Tor, real IP visible to DNS server",
+    suggestion: `Use DNS-over-HTTPS: curl --socks5-hostname ${TOR_PROXY.SOCKS_HOST}:${TOR_PROXY.SOCKS_PORT} "https://dns.google/resolve?name=<host>&type=A"`
+  };
+}
+function checkNmapUdpLeakRisk(command) {
+  if (!/\bnmap\b/.test(command) || !/\s-sU\b/.test(command)) return null;
+  return {
+    safe: false,
+    reason: "nmap -sU (UDP scan) bypasses Tor \u2014 UDP is not routed through SOCKS5",
+    suggestion: `Skip UDP scan with Tor ON. Use TCP scan: ${TOR_PROXY.WRAPPER_CMD} ${TOR_PROXY.WRAPPER_FLAGS} nmap -sT -Pn`
+  };
+}
 function checkTorLeakRisk(command) {
   if (!isTorEnabled()) return { safe: true };
-  if (/\bping\b/.test(command)) {
-    return {
-      safe: false,
-      reason: "ping uses ICMP \u2014 bypasses Tor, real IP exposed to target",
-      suggestion: "Use TCP probe instead: curl --socks5-hostname 127.0.0.1:9050 -s --connect-timeout 5 http://<target>:<port>"
-    };
-  }
-  if (/\btraceroute\b|\btracepath\b|\bmtr\b/.test(command)) {
-    return {
-      safe: false,
-      reason: "traceroute/tracepath/mtr uses ICMP/UDP \u2014 bypasses Tor, real IP exposed",
-      suggestion: "Skip traceroute when Tor is enabled (reveals all hops including your IP)"
-    };
-  }
-  if (/\bdig\b/.test(command) || /\bnslookup\b/.test(command) || /(?:^|[;&|\s])host(?:\s|$)/.test(command)) {
-    return {
-      safe: false,
-      reason: "dig/host/nslookup use UDP \u2014 DNS query bypasses Tor, real IP visible to DNS server",
-      suggestion: `Use DNS-over-HTTPS: curl --socks5-hostname ${TOR_PROXY.SOCKS_HOST}:${TOR_PROXY.SOCKS_PORT} "https://dns.google/resolve?name=<host>&type=A"`
-    };
-  }
-  if (/\bnmap\b/.test(command) && /\s-sU\b/.test(command)) {
-    return {
-      safe: false,
-      reason: "nmap -sU (UDP scan) bypasses Tor \u2014 UDP is not routed through SOCKS5",
-      suggestion: `Skip UDP scan with Tor ON. Use TCP scan: ${TOR_PROXY.WRAPPER_CMD} ${TOR_PROXY.WRAPPER_FLAGS} nmap -sT -Pn`
-    };
+  const checks = [
+    checkPingLeakRisk,
+    checkTracerouteLeakRisk,
+    checkDnsLeakRisk,
+    checkNmapUdpLeakRisk
+  ];
+  for (const check of checks) {
+    const risk = check(command);
+    if (risk) {
+      return risk;
+    }
   }
   return { safe: true };
 }
@@ -2276,7 +2469,7 @@ Suggestion: ${torLeak.suggestion}`
 }
 
 // src/engine/tools-base/file-operations.ts
-import { readFileSync as readFileSync2, existsSync as existsSync2, writeFileSync as writeFileSync2 } from "fs";
+import { readFileSync as readFileSync3, existsSync as existsSync3, writeFileSync as writeFileSync2 } from "fs";
 import { dirname } from "path";
 import { join as join2 } from "path";
 import { tmpdir } from "os";
@@ -2296,14 +2489,14 @@ function getErrorMessage(error) {
 // src/engine/tools-base/file-operations.ts
 async function readFileContent(filePath) {
   try {
-    if (!existsSync2(filePath)) {
+    if (!existsSync3(filePath)) {
       return {
         success: false,
         output: "",
         error: `File not found: ${filePath}`
       };
     }
-    const content = readFileSync2(filePath, "utf-8");
+    const content = readFileSync3(filePath, "utf-8");
     return {
       success: true,
       output: content
@@ -2414,7 +2607,7 @@ function startBackgroundProcess(command, options = {}) {
 }
 
 // src/engine/process/process-interaction.ts
-import { existsSync as existsSync3, readFileSync as readFileSync3, appendFileSync as appendFileSync2 } from "fs";
+import { existsSync as existsSync4, readFileSync as readFileSync4, appendFileSync as appendFileSync2 } from "fs";
 async function sendToProcess(processId, input, waitMs = SYSTEM_LIMITS.DEFAULT_WAIT_MS_INTERACT) {
   const proc = getProcess(processId);
   if (!proc) return { success: false, output: `Process ${processId} not found`, newOutput: "" };
@@ -2422,8 +2615,8 @@ async function sendToProcess(processId, input, waitMs = SYSTEM_LIMITS.DEFAULT_WA
   if (proc.hasExited) return { success: false, output: `Process ${processId} has exited`, newOutput: "" };
   let currentLen = 0;
   try {
-    if (existsSync3(proc.stdoutFile)) {
-      currentLen = readFileSync3(proc.stdoutFile, "utf-8").length;
+    if (existsSync4(proc.stdoutFile)) {
+      currentLen = readFileSync4(proc.stdoutFile, "utf-8").length;
     }
   } catch {
   }
@@ -2436,8 +2629,8 @@ async function sendToProcess(processId, input, waitMs = SYSTEM_LIMITS.DEFAULT_WA
   await new Promise((r) => setTimeout(r, waitMs));
   let fullStdout = "";
   try {
-    if (existsSync3(proc.stdoutFile)) {
-      fullStdout = readFileSync3(proc.stdoutFile, "utf-8");
+    if (existsSync4(proc.stdoutFile)) {
+      fullStdout = readFileSync4(proc.stdoutFile, "utf-8");
     }
   } catch {
   }
@@ -2459,7 +2652,7 @@ function promoteToShell(processId, description) {
 }
 
 // src/engine/process/process-monitor.ts
-import { existsSync as existsSync4, readFileSync as readFileSync4 } from "fs";
+import { existsSync as existsSync5, readFileSync as readFileSync5 } from "fs";
 function isProcessRunning(processId) {
   const proc = getProcess(processId);
   if (!proc) return false;
@@ -2472,8 +2665,8 @@ function isProcessRunning(processId) {
   proc.childPids = discoverAllDescendants(proc.pid);
   if (proc.role === PROCESS_ROLES.LISTENER) {
     try {
-      if (existsSync4(proc.stdoutFile)) {
-        const stdout = readFileSync4(proc.stdoutFile, "utf-8");
+      if (existsSync5(proc.stdoutFile)) {
+        const stdout = readFileSync5(proc.stdoutFile, "utf-8");
         if (detectConnection(stdout)) {
           promoteToShell(processId, "Reverse shell connected (auto-detected)");
           logEvent(processId, PROCESS_EVENTS.CONNECTION_DETECTED, `Connection detected on port ${proc.listeningPort}`);
@@ -2491,16 +2684,16 @@ function getProcessOutput(processId) {
   let stdout = "";
   let stderr = "";
   try {
-    if (existsSync4(proc.stdoutFile)) {
-      const content = readFileSync4(proc.stdoutFile, "utf-8");
+    if (existsSync5(proc.stdoutFile)) {
+      const content = readFileSync5(proc.stdoutFile, "utf-8");
       stdout = content.length > SYSTEM_LIMITS.MAX_STDOUT_SLICE ? `... [truncated ${content.length - SYSTEM_LIMITS.MAX_STDOUT_SLICE} chars] ...
 ` + content.slice(-SYSTEM_LIMITS.MAX_STDOUT_SLICE) : content;
     }
   } catch {
   }
   try {
-    if (existsSync4(proc.stderrFile)) {
-      const content = readFileSync4(proc.stderrFile, "utf-8");
+    if (existsSync5(proc.stderrFile)) {
+      const content = readFileSync5(proc.stderrFile, "utf-8");
       stderr = content.length > SYSTEM_LIMITS.MAX_STDERR_SLICE ? `... [truncated ${content.length - SYSTEM_LIMITS.MAX_STDERR_SLICE} chars] ...
 ` + content.slice(-SYSTEM_LIMITS.MAX_STDERR_SLICE) : content;
     }
@@ -2606,7 +2799,7 @@ async function cleanupAllProcesses() {
     cleanupDone = false;
     return;
   }
-  const { getBackgroundProcessesMap: getBackgroundProcessesMap2 } = await import("./process-registry-GSHEX2LT.js");
+  const { getBackgroundProcessesMap: getBackgroundProcessesMap2 } = await import("./process-registry-BI7BKPHN.js");
   const backgroundProcesses = getBackgroundProcessesMap2();
   terminateAllNatively(backgroundProcesses, "SIGTERM");
   await new Promise((r) => setTimeout(r, SYSTEM_LIMITS.CLEANUP_BATCH_WAIT_MS));
@@ -2673,44 +2866,36 @@ function cleanupOrphanProcesses() {
 }
 
 // src/engine/process/resource-summary.ts
-import { existsSync as existsSync5, readFileSync as readFileSync5 } from "fs";
-function getResourceSummary() {
-  const procs = listBackgroundProcesses();
-  const running = procs.filter((p) => p.isRunning);
-  const exited = procs.filter((p) => !p.isRunning);
-  const ports = getUsedPorts();
-  const recentEvents = getProcessEventLog().slice(-SYSTEM_LIMITS.RECENT_EVENTS_IN_SUMMARY);
-  if (running.length === 0 && exited.length === 0 && recentEvents.length === 0) return "";
-  const lines = [];
-  if (running.length > 0) {
-    lines.push(`Active Assets (${running.length}):`);
-    for (const p of running) {
-      const dur = Math.round(p.durationMs / 1e3);
-      const portInfo = p.listeningPort ? ` port:${p.listeningPort}` : "";
-      const childInfo = p.childPids.length > 0 ? ` children:${p.childPids.join(",")}` : "";
-      const interactiveFlag = p.isInteractive ? ` ${STATUS_MARKERS.INTERACTIVE}` : "";
-      const roleIcon = PROCESS_ICONS[p.role] || PROCESS_ICONS[PROCESS_ROLES.BACKGROUND];
-      let lastOutput = "";
-      try {
-        if (p.stdoutFile && existsSync5(p.stdoutFile)) {
-          const content = readFileSync5(p.stdoutFile, "utf-8");
-          const outputLines = content.trim().split("\n");
-          lastOutput = outputLines.slice(-SYSTEM_LIMITS.RECENT_OUTPUT_LINES).join(" | ").replace(/\n/g, " ");
-        }
-      } catch {
+import { existsSync as existsSync6, readFileSync as readFileSync6 } from "fs";
+function formatActiveProcesses(running, lines) {
+  if (running.length === 0) return;
+  lines.push(`Active Assets (${running.length}):`);
+  for (const p of running) {
+    const dur = Math.round(p.durationMs / 1e3);
+    const portInfo = p.listeningPort ? ` port:${p.listeningPort}` : "";
+    const childInfo = p.childPids.length > 0 ? ` children:${p.childPids.join(",")}` : "";
+    const interactiveFlag = p.isInteractive ? ` ${STATUS_MARKERS.INTERACTIVE}` : "";
+    const roleIcon = PROCESS_ICONS[p.role] || PROCESS_ICONS[PROCESS_ROLES.BACKGROUND];
+    let lastOutput = "";
+    try {
+      if (p.stdoutFile && existsSync6(p.stdoutFile)) {
+        const content = readFileSync6(p.stdoutFile, "utf-8");
+        const outputLines = content.trim().split("\n");
+        lastOutput = outputLines.slice(-SYSTEM_LIMITS.RECENT_OUTPUT_LINES).join(" | ").replace(/\n/g, " ");
       }
-      const outputSnippet = lastOutput ? `
-    > Log: ${lastOutput}` : "";
-      lines.push(`  ${roleIcon} [${p.id}] PID:${p.pid}${portInfo}${childInfo}${interactiveFlag} [${p.role}] ${p.purpose} (${dur}s)${outputSnippet}`);
+    } catch {
     }
+    const outputSnippet = lastOutput ? `
+    > Log: ${lastOutput}` : "";
+    lines.push(`  ${roleIcon} [${p.id}] PID:${p.pid}${portInfo}${childInfo}${interactiveFlag} [${p.role}] ${p.purpose} (${dur}s)${outputSnippet}`);
   }
+}
+function formatZombies(exited, lines) {
   const orphans = [];
   for (const p of exited) {
     if (p.childPids.length > 0) {
       const aliveChildren = p.childPids.filter((pid) => isPidAlive(pid));
-      if (aliveChildren.length > 0) {
-        orphans.push({ id: p.id, childPids: aliveChildren });
-      }
+      if (aliveChildren.length > 0) orphans.push({ id: p.id, childPids: aliveChildren });
     }
   }
   if (orphans.length > 0) {
@@ -2721,10 +2906,8 @@ ${STATUS_MARKERS.WARNING} SUSPECTED ZOMBIES (Orphaned Children):`);
     }
     lines.push(`  \u2192 Recommendation: Run bg_process({ action: "stop", process_id: "ID" }) to clean up.`);
   }
-  if (ports.length > 0) {
-    lines.push(`
-Ports In Use: ${ports.join(", ")}`);
-  }
+}
+function formatActiveShells(running, lines) {
   const activeShells = running.filter((p) => p.role === PROCESS_ROLES.ACTIVE_SHELL);
   if (activeShells.length > 0) {
     lines.push(`
@@ -2733,19 +2916,39 @@ Ports In Use: ${ports.join(", ")}`);
       lines.push(`  \u2192 [${s.id}] Use interact to execute commands. Upgrade if unstable.`);
     }
   }
-  if (exited.length > 0) {
-    lines.push(`Exited Processes (${exited.length}):`);
-    for (const p of exited) {
-      lines.push(`  ${STATUS_MARKERS.EXITED} [${p.id}] exit:${p.exitCode} [${p.role}] ${p.description}`);
-    }
+}
+function formatExitedProcesses(exited, lines) {
+  if (exited.length === 0) return;
+  lines.push(`Exited Processes (${exited.length}):`);
+  for (const p of exited) {
+    lines.push(`  ${STATUS_MARKERS.EXITED} [${p.id}] exit:${p.exitCode} [${p.role}] ${p.description}`);
   }
-  if (recentEvents.length > 0) {
-    lines.push(`Recent Process Events:`);
-    for (const e of recentEvents.slice(-SYSTEM_LIMITS.RECENT_EVENTS_DISPLAY)) {
-      const ago = Math.round((Date.now() - e.timestamp) / 1e3);
-      lines.push(`  ${ago}s ago: [${e.event}] ${e.detail}`);
-    }
+}
+function formatRecentEvents(recentEvents, lines) {
+  if (recentEvents.length === 0) return;
+  lines.push(`Recent Process Events:`);
+  for (const e of recentEvents.slice(-SYSTEM_LIMITS.RECENT_EVENTS_DISPLAY)) {
+    const ago = Math.round((Date.now() - e.timestamp) / 1e3);
+    lines.push(`  ${ago}s ago: [${e.event}] ${e.detail}`);
   }
+}
+function getResourceSummary() {
+  const procs = listBackgroundProcesses();
+  const running = procs.filter((p) => p.isRunning);
+  const exited = procs.filter((p) => !p.isRunning);
+  const ports = getUsedPorts();
+  const recentEvents = getProcessEventLog().slice(-SYSTEM_LIMITS.RECENT_EVENTS_IN_SUMMARY);
+  if (running.length === 0 && exited.length === 0 && recentEvents.length === 0) return "";
+  const lines = [];
+  formatActiveProcesses(running, lines);
+  formatZombies(exited, lines);
+  if (ports.length > 0) {
+    lines.push(`
+Ports In Use: ${ports.join(", ")}`);
+  }
+  formatActiveShells(running, lines);
+  formatExitedProcesses(exited, lines);
+  formatRecentEvents(recentEvents, lines);
   return lines.join("\n");
 }
 
@@ -3150,7 +3353,7 @@ var EpisodicMemory = class {
 };
 
 // src/shared/utils/agent-memory/persistent-memory.ts
-import { existsSync as existsSync7, readFileSync as readFileSync7, writeFileSync as writeFileSync5 } from "fs";
+import { existsSync as existsSync8, readFileSync as readFileSync8, writeFileSync as writeFileSync5 } from "fs";
 import { join as join4 } from "path";
 
 // src/shared/utils/agent-memory/similarity.ts
@@ -3179,7 +3382,7 @@ function matchesServiceProfile(serviceProfile, services) {
 }
 
 // src/shared/utils/agent-memory/session-snapshot.ts
-import { existsSync as existsSync6, readFileSync as readFileSync6, writeFileSync as writeFileSync4, unlinkSync as unlinkSync4 } from "fs";
+import { existsSync as existsSync7, readFileSync as readFileSync7, writeFileSync as writeFileSync4, unlinkSync as unlinkSync4 } from "fs";
 import { join as join3 } from "path";
 var SNAPSHOT_FILE = join3(WORKSPACE.MEMORY, SPECIAL_FILES.SESSION_SNAPSHOT);
 function saveSessionSnapshot(snapshot) {
@@ -3191,8 +3394,8 @@ function saveSessionSnapshot(snapshot) {
 }
 function loadSessionSnapshot() {
   try {
-    if (existsSync6(SNAPSHOT_FILE)) {
-      return JSON.parse(readFileSync6(SNAPSHOT_FILE, "utf-8"));
+    if (existsSync7(SNAPSHOT_FILE)) {
+      return JSON.parse(readFileSync7(SNAPSHOT_FILE, "utf-8"));
     }
   } catch {
   }
@@ -3223,7 +3426,7 @@ function snapshotToPrompt() {
 }
 function clearSessionSnapshot() {
   try {
-    if (existsSync6(SNAPSHOT_FILE)) {
+    if (existsSync7(SNAPSHOT_FILE)) {
       unlinkSync4(SNAPSHOT_FILE);
     }
   } catch {
@@ -3373,8 +3576,8 @@ var PersistentMemory = class {
   }
   load() {
     try {
-      if (existsSync7(MEMORY_FILE)) {
-        const data = JSON.parse(readFileSync7(MEMORY_FILE, "utf-8"));
+      if (existsSync8(MEMORY_FILE)) {
+        const data = JSON.parse(readFileSync8(MEMORY_FILE, "utf-8"));
         return {
           ...data,
           exploitChains: data.exploitChains ?? []
@@ -3604,6 +3807,7 @@ var StateSerializer = class {
     const lines = [];
     this.formatContextAndMission(state3, lines);
     this.formatArtifactsAndObjectives(state3, lines);
+    this.formatDelegatedTasks(state3, lines);
     this.formatTargets(state3, lines);
     this.formatFindings(state3, lines);
     this.formatLoot(state3, lines);
@@ -3625,6 +3829,34 @@ var StateSerializer = class {
       }
     }
   }
+  static formatDelegatedTasks(state3, lines) {
+    const activeTasks = state3.getActiveDelegatedTasks();
+    if (activeTasks.length === 0) return;
+    lines.push(`Delegated Tasks (${activeTasks.length} active):`);
+    for (const task of activeTasks.slice(0, DISPLAY_LIMITS.COMPACT_LIST_ITEMS)) {
+      const waiting = task.waitingOn ? ` waiting:${task.waitingOn}` : "";
+      const workerType = task.nextWorkerType || task.workerType;
+      const worker = workerType ? ` worker:${workerType}` : "";
+      lines.push(`  [${task.status}] ${task.task}${worker}${waiting}`);
+      lines.push(`    summary: ${task.summary}`);
+      if (task.parentTaskId || task.rootTaskId) {
+        const chainParts = [
+          task.parentTaskId ? `parent:${task.parentTaskId}` : "",
+          task.rootTaskId ? `root:${task.rootTaskId}` : ""
+        ].filter(Boolean);
+        lines.push(`    chain: ${chainParts.join(" ")}`);
+      }
+      if (task.assets.length > 0) {
+        lines.push(`    assets: ${task.assets.join(", ")}`);
+      }
+      if (task.sessions.length > 0) {
+        lines.push(`    sessions: ${task.sessions.join(", ")}`);
+      }
+      if (task.resumeHint) {
+        lines.push(`    resume: ${task.resumeHint}`);
+      }
+    }
+  }
   static formatContextAndMission(state3, lines) {
     const engagement = state3.getEngagement();
     const scope = state3.getScope();
@@ -3761,7 +3993,8 @@ function saveState(state3) {
     actionLog: state3.getRecentActions(AGENT_LIMITS.MAX_ACTION_LOG),
     currentPhase: state3.getPhase(),
     missionSummary: state3.getMissionSummary(),
-    missionChecklist: state3.getMissionChecklist()
+    missionChecklist: state3.getMissionChecklist(),
+    delegatedTasks: state3.getDelegatedTasks()
   };
   const sessionFile = join5(sessionsDir, FILE_PATTERNS.session());
   const json = JSON.stringify(snapshot, null, 2);
@@ -3790,15 +4023,15 @@ function pruneOldSessions(sessionsDir) {
 }
 
 // src/engine/state/persistence/loader.ts
-import { readFileSync as readFileSync8, existsSync as existsSync8 } from "fs";
+import { readFileSync as readFileSync9, existsSync as existsSync9 } from "fs";
 import { join as join6 } from "path";
 function loadState(state3) {
   const latestFile = join6(WORKSPACE.SESSIONS, "latest.json");
-  if (!existsSync8(latestFile)) {
+  if (!existsSync9(latestFile)) {
     return false;
   }
   try {
-    const raw = readFileSync8(latestFile, "utf-8");
+    const raw = readFileSync9(latestFile, "utf-8");
     const snapshot = JSON.parse(raw);
     if (snapshot.version !== 1) {
       debugLog("general", `Unknown snapshot version: ${snapshot.version}`);
@@ -3832,6 +4065,11 @@ function loadState(state3) {
     if (snapshot.missionChecklist?.length > 0) {
       state3.restoreMissionChecklist(snapshot.missionChecklist);
     }
+    if (Array.isArray(snapshot.delegatedTasks)) {
+      for (const task of snapshot.delegatedTasks) {
+        state3.restoreDelegatedTask(task);
+      }
+    }
     return true;
   } catch (err) {
     debugLog("general", `Failed to load state: ${err}`);
@@ -3840,8 +4078,8 @@ function loadState(state3) {
 }
 
 // src/engine/state/persistence/janitor.ts
-import { existsSync as existsSync9, rmSync } from "fs";
-import path2 from "path";
+import { existsSync as existsSync10, rmSync } from "fs";
+import path3 from "path";
 function clearWorkspace() {
   const cleared = [];
   const errors = [];
@@ -3852,13 +4090,13 @@ function clearWorkspace() {
     { path: WORKSPACE.TMP, label: "workspace/temp" },
     { path: WORKSPACE.LOOT, label: "loot" },
     { path: WORKSPACE.REPORTS, label: "reports" },
-    { path: path2.join(root, "archive"), label: "archive (historical cleanup)" },
-    { path: path2.join(root, "outputs"), label: "outputs (historical cleanup)" },
-    { path: path2.join(root, "journal"), label: "journal (historical cleanup)" }
+    { path: path3.join(root, "archive"), label: "archive (historical cleanup)" },
+    { path: path3.join(root, "outputs"), label: "outputs (historical cleanup)" },
+    { path: path3.join(root, "journal"), label: "journal (historical cleanup)" }
   ];
   for (const dir2 of dirsToClean) {
     try {
-      if (existsSync9(dir2.path)) {
+      if (existsSync10(dir2.path)) {
         rmSync(dir2.path, { recursive: true, force: true });
         ensureDirExists(dir2.path);
         cleared.push(dir2.label);
@@ -3872,6 +4110,7 @@ function clearWorkspace() {
 
 export {
   ensureDirExists,
+  getWorkspaceConfig,
   FILE_EXTENSIONS,
   FILE_PATTERNS,
   WORK_DIR,
@@ -3883,6 +4122,11 @@ export {
   getTorBrowserArgs,
   MS_PER_MINUTE,
   DISPLAY_LIMITS,
+  resolveRuntimeAssetPath,
+  readRuntimeAssetFile,
+  llmNodeSystemPrompt,
+  llmNodeOutputParsing,
+  llmNodeCooldownPolicy,
   RETRY_CONFIG,
   LLM_LIMITS,
   LLM_ERROR_TYPES,
@@ -3922,6 +4166,7 @@ export {
   COMMAND_EVENT_TYPES,
   UI_COMMANDS,
   generateId,
+  generatePrefixedId,
   WorkingMemory,
   EpisodicMemory,
   saveSessionSnapshot,