pentesting 0.73.2 → 0.73.4

package/dist/main.js

@@ -28,9 +28,12 @@ import {
   formatChallengeAnalysis,
   formatTurnRecord,
   getApiKey,
+  getGlobalRequestCount,
+  getGlobalTokenUsage,
   getModel,
   getNextTurnNumber,
   getServiceContext,
+  getShellSupervisorLifecycleSnapshot,
   getTimeAdaptiveStrategy,
   parseTurnNumbers,
   readJournalSummary,
@@ -39,7 +42,7 @@ import {
   rotateTurnRecords,
   setCurrentTurn,
   writePolicyDocument
-} from "./chunk-BGEXGHPB.js";
+} from "./chunk-3KWJPPYB.js";
 import {
   AGENT_ROLES,
   APP_DESCRIPTION,
@@ -72,20 +75,22 @@ import {
   generateId,
   getErrorMessage,
   getProcessOutput,
+  getWorkspaceConfig,
   initDebugLogger,
   listBackgroundProcesses,
   loadState,
+  readRuntimeAssetFile,
+  resolveRuntimeAssetPath,
   saveState,
   setActiveSessionRuntime,
   setTorEnabled,
   snapshotToPrompt
-} from "./chunk-KBJPZDIL.js";
+} from "./chunk-7E2VUIFU.js";
 import {
   EXIT_CODES,
-  getPipelineConfig,
-  getPromptBuilderConfig,
-  getPromptSources
-} from "./chunk-YFDJI3GO.js";
+  getOptionalRuntimeSection,
+  getRequiredRuntimeSection
+} from "./chunk-I52SWXYV.js";
 
 // src/platform/tui/main.tsx
 import chalk5 from "chalk";
@@ -291,17 +296,6 @@ var CLI_SCAN_TYPES = Object.freeze([
   CLI_SCAN_TYPE.VULN
 ]);
 
-// src/platform/tui/cli/commands/interactive.tsx
-import React16 from "react";
-import { render } from "ink";
-import chalk from "chalk";
-
-// src/platform/tui/app.tsx
-import { Box as Box18 } from "ink";
-
-// src/platform/tui/hooks/useAgent.ts
-import { useState as useState2, useEffect as useEffect2, useCallback as useCallback2, useRef as useRef3 } from "react";
-
 // src/engine/events.ts
 var AgentEventEmitter = class {
   listeners = /* @__PURE__ */ new Map();
@@ -588,13 +582,25 @@ var ApprovalGate = class {
     return this.shouldAutoApprove;
   }
   /**
-   * Runtime-aware approval:
-   * - containerized runtime defaults to advisory
-   * - host runtime defaults to require_auto_approve
-   * Category/level system is retained for audit trail only.
+   * Expose the effective runtime approval mode for UI/help text and tests.
+   */
+  getMode() {
+    return this.mode;
+  }
+  /**
+   * Whether tool execution is currently gated on the explicit auto-approve toggle.
+   */
+  requiresAutoApprove() {
+    return this.mode === "require_auto_approve";
+  }
+  /**
+   * Runtime-aware approval.
+   *
+   * In strict mode we currently have one explicit gate:
+   * the operator must enable auto-approve before tool execution proceeds.
    */
   async request(toolCall) {
-    if (this.mode === "require_auto_approve" && !this.shouldAutoApprove) {
+    if (this.requiresAutoApprove() && !this.shouldAutoApprove) {
       return {
         isApproved: false,
         reason: AUTO_APPROVE_REQUIRED_REASON(toolCall.name)
@@ -605,34 +611,67 @@ var ApprovalGate = class {
 };
 
 // src/agents/prompt-builder/prompt-loader.ts
-import { readFileSync as readFileSync2, existsSync as existsSync2 } from "fs";
+import { readFileSync as readFileSync2 } from "fs";
 import { join } from "path";
+
+// src/agents/prompt-sources.ts
+var DEFAULT_PROMPT_BASE_DIR = "src/agents/prompts/";
+var EMPTY_TECHNIQUE_SOURCES = [];
+var EMPTY_CORE_KNOWLEDGE_SOURCES = [];
+function getPromptSources() {
+  return getRequiredRuntimeSection("prompt_sources");
+}
+function getPromptSourceConfigValue(key) {
+  return getPromptSources()[key];
+}
+function getPhasePromptSource(phase) {
+  return getPromptSourceConfigValue("phase_prompts")?.[phase];
+}
+function getPromptBaseDir() {
+  return getPromptSourceConfigValue("base_dir") ?? DEFAULT_PROMPT_BASE_DIR;
+}
+function getPhaseTechniqueSources(phase) {
+  return getPromptSourceConfigValue("phase_techniques")?.[phase] ?? EMPTY_TECHNIQUE_SOURCES;
+}
+function getTechniqueBaseDir() {
+  return getPromptSourceConfigValue("techniques_dir");
+}
+function getCoreKnowledgeSources() {
+  return getPromptSourceConfigValue("core_knowledge") ?? EMPTY_CORE_KNOWLEDGE_SOURCES;
+}
+
+// src/agents/prompt-builder/prompt-loader.ts
 var _promptsDir = null;
 var _techniquesDir = null;
 function getPromptsDir() {
   if (!_promptsDir) {
-    const sources = getPromptSources();
-    _promptsDir = join(process.cwd(), sources.base_dir ?? "src/agents/prompts/");
+    const baseDir = getPromptBaseDir();
+    _promptsDir = resolveRuntimeAssetPath(baseDir) ?? join(process.cwd(), baseDir);
   }
   return _promptsDir;
 }
 function getTechniquesDir() {
   if (!_techniquesDir) {
-    const sources = getPromptSources();
-    _techniquesDir = sources.techniques_dir ? join(process.cwd(), sources.techniques_dir) : join(getPromptsDir(), PROMPT_PATHS.TECHNIQUES_DIR);
+    const techniquesDir = getTechniqueBaseDir();
+    _techniquesDir = techniquesDir ? resolveRuntimeAssetPath(techniquesDir) ?? join(process.cwd(), techniquesDir) : join(getPromptsDir(), PROMPT_PATHS.TECHNIQUES_DIR);
   }
   return _techniquesDir;
 }
 function loadPromptFile(filename) {
-  const path3 = join(getPromptsDir(), filename);
-  return existsSync2(path3) ? readFileSync2(path3, PROMPT_CONFIG.ENCODING) : "";
+  const path2 = join(getPromptsDir(), filename);
+  try {
+    const resolved = resolveRuntimeAssetPath(path2) ?? path2;
+    return readFileSync2(resolved, PROMPT_CONFIG.ENCODING);
+  } catch {
+    return "";
+  }
 }
 function loadTechniqueFile(techniqueName) {
   const filename = techniqueName.endsWith(".md") ? techniqueName : `${techniqueName}.md`;
   const filePath = join(getTechniquesDir(), filename);
   try {
-    if (!existsSync2(filePath)) return "";
-    return readFileSync2(filePath, PROMPT_CONFIG.ENCODING);
+    const resolved = resolveRuntimeAssetPath(filePath) ?? filePath;
+    return readFileSync2(resolved, PROMPT_CONFIG.ENCODING);
   } catch {
     return "";
   }
@@ -791,68 +830,32 @@ function buildUserContextFragment(userInput) {
   return PROMPT_DEFAULTS.USER_CONTEXT(userInput);
 }
 
-// src/agents/prompt-builder/yaml-layer-executor.ts
-import { existsSync as existsSync3, readFileSync as readFileSync3 } from "fs";
-import path from "path";
-var STATE_FRAGMENT_REGISTRY = {
-  "state.scope": (ctx) => buildScopeFragment(ctx.state),
-  "state.todo": (ctx) => buildTodoFragment(ctx.state),
-  "state.time": (ctx) => buildTimeFragment(ctx.state),
-  "state.serialized": (ctx) => buildStateFragment(ctx.state, StateSerializer.toPrompt(ctx.state)),
-  "state.workingMemory": (ctx) => buildWorkingMemoryFragment(ctx.state),
-  "state.challengeAnalysis": (ctx) => buildChallengeAnalysisFragment(ctx.state),
-  "state.attackGraph": (ctx) => buildAttackGraphFragment(ctx.state),
-  "state.episodicMemory": (ctx) => buildEpisodicMemoryFragment(ctx.state),
-  "state.dynamicTechniques": (ctx) => buildDynamicTechniquesFragment(ctx.state),
-  "state.lastReflection": (ctx) => buildLastReflectionFragment(ctx.state.lastReflection),
-  "state.targets_ports": (ctx) => buildAttackIntelligenceFragment(ctx.state),
-  // persistent memory는 별도 처리 (import 순서 문제 방지)
-  "state.persistentMemory": (ctx) => buildPersistentMemoryFragment(ctx.state)
-};
-async function executeLayer(layer, ctx) {
-  try {
-    switch (layer.type) {
-      case "file":
-        return executeFileLayer(layer);
-      case "file_phase_mapped":
-        return executePhaseFileLayer(ctx.phase);
-      case "files":
-        return executeFilesLayer(layer, ctx.phase);
-      case "files_phase_mapped":
-        return executePhaseFilesLayer(layer, ctx.phase);
-      case "state":
-        return executeStateLayer(layer, ctx);
-      case "static":
-        return layer.content?.trim() ?? null;
-      case "file_read":
-        return executeFileReadLayer(layer) || null;
-      case "user_input":
-        return buildUserContextFragment(ctx.userInput) || null;
-      case "memory": {
-        const key = layer.source?.replace(/^memory\./, "") || "";
-        return ctx.memory?.[key] || null;
-      }
-      default:
-        return null;
-    }
-  } catch {
-    return null;
+// src/agents/prompt-builder/layer-wrapping.ts
+function wrapLayerContent(template, content, tokens = {}) {
+  if (!template) {
+    return content;
   }
+  return Object.entries({ ...tokens, content }).reduce(
+    (acc, [key, value]) => acc.replace(`{${key}}`, value),
+    template
+  );
+}
+function wrapTechniqueReference(name, content) {
+  return `<technique-reference category="${name}">
+${content}
+</technique-reference>`;
 }
+
+// src/agents/prompt-builder/file-layer-executors.ts
 function executeFileReadLayer(layer) {
   const source = layer.source?.trim();
   if (!source) return null;
   if (source.includes("{N-1}")) {
     return buildJournalFragment() || null;
   }
-  const absolutePath = path.resolve(process.cwd(), source);
-  if (!existsSync3(absolutePath)) return null;
-  const content = readFileSync3(absolutePath, "utf-8").trim();
+  const content = readRuntimeAssetFile(source, "utf-8")?.trim();
   if (!content) return null;
-  if (layer.wrap) {
-    return layer.wrap.replace("{content}", content);
-  }
-  return content;
+  return wrapLayerContent(layer.wrap, content);
 }
 function executeFileLayer(layer) {
   if (!layer.source) return null;
@@ -861,54 +864,149 @@ function executeFileLayer(layer) {
   return loadPromptFile(filename) || null;
 }
 function executePhaseFileLayer(phase) {
-  const sources = getPromptSources();
-  const file = sources.phase_prompts?.[phase];
+  const file = getPhasePromptSource(phase);
   if (!file) return null;
   return loadPromptFile(file) || null;
 }
 function executeFilesLayer(layer, phase) {
-  const sources = getPromptSources();
-  const files = sources.core_knowledge ?? [];
-  const phaseFile = sources.phase_prompts?.[phase];
+  const files = getCoreKnowledgeSources();
+  const phaseFile = getPhasePromptSource(phase);
   const filtered = layer.exclude_current_phase_file && phaseFile ? files.filter((f) => f !== phaseFile) : files;
-  const parts = filtered.map((f) => {
-    const content = loadPromptFile(f);
+  const parts = filtered.map((file) => {
+    const content = loadPromptFile(file);
     if (!content) return "";
-    const label = f.replace(".md", "");
-    if (layer.wrap) {
-      return layer.wrap.replace("{label}", label).replace("{content}", content);
-    }
-    return content;
+    const label = file.replace(".md", "");
+    return wrapLayerContent(layer.wrap, content, { label });
   });
   return parts.filter(Boolean).join("\n\n") || null;
 }
 function executePhaseFilesLayer(layer, phase) {
-  const sources = getPromptSources();
-  const files = sources.phase_techniques?.[phase] ?? [];
+  const files = getPhaseTechniqueSources(phase);
   if (files.length === 0) return null;
   const parts = files.map((name) => {
     const content = loadTechniqueFile(name);
     if (!content) return "";
-    if (layer.wrap) {
-      return layer.wrap.replace("{name}", name).replace("{content}", content);
-    }
-    return `<technique-reference category="${name}">
-${content}
-</technique-reference>`;
+    if (layer.wrap) return wrapLayerContent(layer.wrap, content, { name });
+    return wrapTechniqueReference(name, content);
   });
   return parts.filter(Boolean).join("\n\n") || null;
 }
+
+// src/agents/prompt-builder/state-layer-registry.ts
+var STATE_LAYER_REGISTRY = {
+  "state.scope": (ctx) => buildScopeFragment(ctx.state),
+  "state.todo": (ctx) => buildTodoFragment(ctx.state),
+  "state.time": (ctx) => buildTimeFragment(ctx.state),
+  "state.serialized": (ctx) => buildStateFragment(ctx.state, StateSerializer.toPrompt(ctx.state)),
+  "state.workingMemory": (ctx) => buildWorkingMemoryFragment(ctx.state),
+  "state.challengeAnalysis": (ctx) => buildChallengeAnalysisFragment(ctx.state),
+  "state.attackGraph": (ctx) => buildAttackGraphFragment(ctx.state),
+  "state.episodicMemory": (ctx) => buildEpisodicMemoryFragment(ctx.state),
+  "state.dynamicTechniques": (ctx) => buildDynamicTechniquesFragment(ctx.state),
+  "state.lastReflection": (ctx) => buildLastReflectionFragment(ctx.state.lastReflection),
+  "state.targets_ports": (ctx) => buildAttackIntelligenceFragment(ctx.state),
+  "state.persistentMemory": (ctx) => buildPersistentMemoryFragment(ctx.state)
+};
+
+// src/agents/prompt-builder/stateful-layer-executors.ts
 function executeStateLayer(layer, ctx) {
   const source = layer.source ?? "";
   if (source === "state.blind_spots") {
     return buildBlindSpotsCheckFragment() || null;
   }
-  const fn = STATE_FRAGMENT_REGISTRY[source];
+  const fn = STATE_LAYER_REGISTRY[source];
   if (!fn) return null;
   const fragment = fn(ctx);
   if (!fragment && layer.on_empty) return layer.on_empty;
   return fragment || null;
 }
+function executeMemoryLayer(layer, ctx) {
+  const key = layer.source?.replace(/^memory\./, "") || "";
+  return ctx.memory?.[key] || null;
+}
+
+// src/agents/prompt-builder/layer-executor.ts
+var LAYER_EXECUTORS = {
+  file: (layer) => executeFileLayer(layer),
+  file_phase_mapped: (_layer, ctx) => executePhaseFileLayer(ctx.phase),
+  files: (layer, ctx) => executeFilesLayer(layer, ctx.phase),
+  files_phase_mapped: (layer, ctx) => executePhaseFilesLayer(layer, ctx.phase),
+  state: (layer, ctx) => executeStateLayer(layer, ctx),
+  static: (layer) => layer.content?.trim() ?? null,
+  file_read: (layer) => executeFileReadLayer(layer),
+  user_input: (_layer, ctx) => buildUserContextFragment(ctx.userInput) || null,
+  memory: (layer, ctx) => executeMemoryLayer(layer, ctx)
+};
+async function executeLayer(layer, ctx) {
+  try {
+    return LAYER_EXECUTORS[layer.type]?.(layer, ctx) ?? null;
+  } catch {
+    return null;
+  }
+}
+
+// src/agents/prompt-builder/prompt-section-builder.ts
+function sortLayersByPriority(layers) {
+  return [...layers].sort((a, b) => a.id - b.id);
+}
+async function buildPromptSections(layers, ctx) {
+  const sortedLayers = sortLayersByPriority(layers);
+  const alwaysIncluded = sortedLayers.filter((layer) => layer.always_included);
+  const regularLayers = sortedLayers.filter((layer) => !layer.always_included);
+  const regularSections = await renderLayerGroup(regularLayers, ctx);
+  const alwaysSections = await renderLayerGroup(alwaysIncluded, ctx);
+  return { regularSections, alwaysSections };
+}
+async function renderLayerGroup(layers, ctx) {
+  const sections = [];
+  for (const layer of layers) {
+    const fragment = await executeLayer(layer, ctx);
+    if (fragment) {
+      sections.push(fragment);
+    }
+  }
+  return sections;
+}
+
+// src/agents/prompt-builder/prompt-truncation.ts
+var TRUNCATION_NOTICE = "... [PROMPT TRUNCATED: content exceeded context limit] ...";
+var TRUNCATION_NOTICE_RESERVE = 100;
+function joinPromptSections(sections) {
+  const alwaysText = sections.alwaysSections.filter(Boolean).join("\n\n");
+  const fullBody = sections.regularSections.filter(Boolean).join("\n\n");
+  const full = alwaysText ? `${fullBody}
+
+${alwaysText}` : fullBody;
+  return { fullBody, alwaysText, full };
+}
+function applyPromptTruncation(fullBody, alwaysText, maxChars, userInput) {
+  const full = alwaysText ? `${fullBody}
+
+${alwaysText}` : fullBody;
+  if (full.length <= maxChars) {
+    return full;
+  }
+  const reservedLen = alwaysText.length + TRUNCATION_NOTICE_RESERVE;
+  const truncated = fullBody.slice(0, maxChars - reservedLen);
+  return alwaysText ? `${truncated}
+
+${TRUNCATION_NOTICE}
+
+${alwaysText}` : `${truncated}
+
+${TRUNCATION_NOTICE}
+
+${buildUserContextFragment(userInput)}`;
+}
+
+// src/agents/prompt-builder-config.ts
+var DEFAULT_PROMPT_BUILDER_CONFIG = {};
+function getPromptBuilderConfig() {
+  return getOptionalRuntimeSection("prompt_builder") ?? DEFAULT_PROMPT_BUILDER_CONFIG;
+}
+function getPromptBuilderLayers() {
+  return getPromptBuilderConfig().layers ?? [];
+}
 
 // src/agents/prompt-builder/prompt-builder.ts
 var DEFAULT_MAX_CHARS = 4e5;
@@ -918,51 +1016,23 @@ var PromptBuilder = class {
     this.state = state;
   }
   /**
-   * Build the system prompt by executing pipeline.yaml layers in order.
+   * Build the system prompt by executing declarative prompt layers in order.
    *
-   * Layer order is determined by `id` in pipeline.yaml prompt_builder.layers.
-   * To add/remove/reorder layers: edit pipeline.yaml only.
+   * Layer order is determined by `id` in runtime config prompt_builder.layers.
    */
   async build(userInput, phase, memory) {
     const config = getPromptBuilderConfig();
     const maxChars = config.max_chars ?? DEFAULT_MAX_CHARS;
-    const layers = [...config.layers ?? []].sort((a, b) => a.id - b.id);
-    const alwaysIncluded = layers.filter((l) => l.always_included);
-    const regularLayers = layers.filter((l) => !l.always_included);
+    const layers = getPromptBuilderLayers();
     const ctx = {
       state: this.state,
       phase,
       userInput,
       memory: memory ?? {}
     };
-    const regularSections = [];
-    for (const layer of regularLayers) {
-      const fragment = await executeLayer(layer, ctx);
-      if (fragment) regularSections.push(fragment);
-    }
-    const alwaysSections = [];
-    for (const layer of alwaysIncluded) {
-      const fragment = await executeLayer(layer, ctx);
-      if (fragment) alwaysSections.push(fragment);
-    }
-    const alwaysText = alwaysSections.filter(Boolean).join("\n\n");
-    const fullBody = regularSections.filter(Boolean).join("\n\n");
-    const full = alwaysText ? `${fullBody}
-
-${alwaysText}` : fullBody;
-    if (full.length <= maxChars) return full;
-    const reservedLen = alwaysText.length + 100;
-    const truncated = fullBody.slice(0, maxChars - reservedLen);
-    const notice = "... [PROMPT TRUNCATED: content exceeded context limit] ...";
-    return alwaysText ? `${truncated}
-
-${notice}
-
-${alwaysText}` : `${truncated}
-
-${notice}
-
-${buildUserContextFragment(userInput)}`;
+    const sections = await buildPromptSections(layers, ctx);
+    const { fullBody, alwaysText } = joinPromptSections(sections);
+    return applyPromptTruncation(fullBody, alwaysText, maxChars, userInput);
   }
 };
 
@@ -1088,9 +1158,6 @@ var ActionNode = class {
 // src/engine/pipeline/builder.ts
 var flagsCaptured = (ctx) => ctx.flagsAfter > ctx.flagsBefore;
 
-// src/engine/pipeline/loader.ts
-import { parse as yamlParse } from "yaml";
-
 // src/engine/pipeline/io-registry.ts
 var SOURCE_REGISTRY = {
   // ── Reflector input fields (ReflectorInput) ───────────────────────────────
@@ -1409,7 +1476,7 @@ var makeRotateTurns = (_llm, _opts) => async (_ctx) => {
 };
 var makeSaveSession = (_llm, _opts) => async (ctx) => {
   try {
-    const { saveState: saveState2 } = await import("./persistence-VFIOGTRC.js");
+    const { saveState: saveState2 } = await import("./persistence-BNVN3WW6.js");
     saveState2(ctx.state);
   } catch {
   }
@@ -1722,17 +1789,1674 @@ function initializeTask(state) {
     state.addTodo(INITIAL_TASKS.RECON, PRIORITIES.HIGH);
   }
 }
-async function resetSessionAction(state, userInputQueue) {
-  await cleanupAllProcesses().catch(() => {
+async function resetSessionAction(state, userInputQueue) {
+  await cleanupAllProcesses().catch(() => {
+  });
+  state.reset();
+  userInputQueue.clear();
+  return clearWorkspace();
+}
+var session = {
+  save: (state) => saveState(state),
+  load: (state) => loadState(state)
+};
+
+// src/agents/runtime-pipeline-config.ts
+function readRuntimePipelineNodes() {
+  return getRequiredRuntimeSection("nodes");
+}
+function readRuntimeTurnCycle() {
+  return getRequiredRuntimeSection("turn_cycle");
+}
+function getRuntimePipelineConfig() {
+  return {
+    version: getOptionalRuntimeSection("version"),
+    nodes: readRuntimePipelineNodes(),
+    turn_cycle: readRuntimeTurnCycle()
+  };
+}
+
+// src/agents/main-agent/delegated-task-scheduler.ts
+function getDelegatedTaskPriority(task) {
+  const workerPriority = task.nextWorkerType || task.workerType;
+  if (workerPriority === "shell-supervisor" && task.status === "waiting") return 0;
+  if (workerPriority === "shell-supervisor" && task.status === "running") return 1;
+  if (task.status === "waiting") return 2;
+  return 3;
+}
+function buildSelectionReason(task) {
+  const preferredWorkerType = task.nextWorkerType || task.workerType;
+  if (preferredWorkerType === "shell-supervisor" && task.status === "waiting") {
+    return "Selected first because shell supervision is waiting on an external callback and should be polled before duplicate chains start.";
+  }
+  if (preferredWorkerType === "shell-supervisor" && task.status === "running") {
+    return "Selected first because shell supervision is already active and should stay attached to the existing access path.";
+  }
+  if (task.status === "waiting") {
+    return "Selected because this delegated task is blocked on an external event and needs explicit supervision.";
+  }
+  return "Selected because this delegated task is already running and should progress before opening a fresh chain.";
+}
+function selectDelegatedTaskForResume(activeTasks, autoResumeCounts, lastAutoResumeTaskId) {
+  if (activeTasks.length === 0) {
+    return null;
+  }
+  const rankedTasks = [...activeTasks].sort((left, right) => {
+    const leftCount = autoResumeCounts.get(left.id) || 0;
+    const rightCount = autoResumeCounts.get(right.id) || 0;
+    if (leftCount !== rightCount) {
+      return leftCount - rightCount;
+    }
+    const leftPriority = getDelegatedTaskPriority(left);
+    const rightPriority = getDelegatedTaskPriority(right);
+    if (leftPriority !== rightPriority) {
+      return leftPriority - rightPriority;
+    }
+    if (left.updatedAt !== right.updatedAt) {
+      return left.updatedAt - right.updatedAt;
+    }
+    return left.createdAt - right.createdAt;
+  });
+  const selectedTask = rankedTasks.length > 1 ? rankedTasks.find((task) => task.id !== lastAutoResumeTaskId) || rankedTasks[0] : rankedTasks[0];
+  if (!selectedTask || selectedTask.id === lastAutoResumeTaskId) {
+    return null;
+  }
+  return {
+    task: selectedTask,
+    preferredWorkerType: selectedTask.nextWorkerType || selectedTask.workerType,
+    reason: buildSelectionReason(selectedTask),
+    resumeCount: autoResumeCounts.get(selectedTask.id) || 0
+  };
+}
+
+// src/agents/main-agent/delegated-task-queue.ts
+var DelegatedTaskQueue = class {
+  lastTaskId = null;
+  resumeCounts = /* @__PURE__ */ new Map();
+  reset() {
+    this.lastTaskId = null;
+    this.resumeCounts.clear();
+  }
+  sync(activeTasks) {
+    const activeIds = new Set(activeTasks.map((task) => task.id));
+    if (activeTasks.length === 0) {
+      this.reset();
+      return;
+    }
+    for (const taskId of this.resumeCounts.keys()) {
+      if (!activeIds.has(taskId)) {
+        this.resumeCounts.delete(taskId);
+      }
+    }
+    if (this.lastTaskId && !activeIds.has(this.lastTaskId)) {
+      this.lastTaskId = null;
+    }
+  }
+  next(activeTasks) {
+    this.sync(activeTasks);
+    return selectDelegatedTaskForResume(activeTasks, this.resumeCounts, this.lastTaskId);
+  }
+  acknowledge(taskId) {
+    this.lastTaskId = taskId;
+    const nextCount = (this.resumeCounts.get(taskId) || 0) + 1;
+    this.resumeCounts.set(taskId, nextCount);
+    return nextCount;
+  }
+  getLastTaskId() {
+    return this.lastTaskId;
+  }
+};
+
+// src/agents/main-agent/exploit-runtime-signals.ts
+function outputContainsAny(output, patterns) {
+  return patterns.some((pattern) => output.includes(pattern.toLowerCase()));
+}
+function getExploitResultSignals(result) {
+  const output = (result.output || "").toLowerCase();
+  const hasSession = outputContainsAny(output, ["[sessions]", "shell", "session"]);
+  const hasLoot = outputContainsAny(output, ["[loot]", "password", "credential", "token", "hash"]);
+  const hasAsset = outputContainsAny(output, ["[assets]", "artifact", "file", "payload"]);
+  return {
+    hasSession,
+    hasLoot,
+    hasAsset,
+    indicatesProgress: hasSession || hasLoot || hasAsset || outputContainsAny(output, ["[status] running", "[status] success"])
+  };
+}
+function buildExploitExecutionAnalysis(phase, signals) {
+  if (signals.hasSession) {
+    return {
+      phaseObservation: "exploit chain produced a foothold or authenticated session",
+      nextHint: "reuse the current foothold and continue from the confirmed access path"
+    };
+  }
+  if (phase === "credential_followup") {
+    return {
+      phaseObservation: signals.hasLoot ? "credential follow-up produced reusable credential material" : "credential follow-up step executed",
+      nextHint: "reuse validated credentials before changing exploit vectors"
+    };
+  }
+  if (phase === "artifact_ready") {
+    return {
+      phaseObservation: signals.hasAsset ? "artifact validation produced a reusable artifact or asset" : "artifact validation step executed",
+      nextHint: "advance the current artifact before replacing it"
+    };
+  }
+  return {
+    phaseObservation: signals.indicatesProgress ? "exploit chain advanced and produced follow-up signals" : "delegated exploit step executed",
+    nextHint: "continue the selected exploit chain before switching vectors"
+  };
+}
+
+// src/agents/main-agent/pwn-runtime-signals.ts
+function outputContainsAny2(output, patterns) {
+  return patterns.some((pattern) => output.includes(pattern.toLowerCase()));
+}
+function getPwnResultSignals(result) {
+  const output = (result.output || "").toLowerCase();
+  const hasFoothold2 = outputContainsAny2(output, ["[sessions]", "shell", "uid=", "got shell"]);
+  const stillCrashing = outputContainsAny2(output, ["crash", "segfault", "core"]);
+  const hasFindings = outputContainsAny2(output, ["[findings]", "rip controlled", "offset", "eip", "pc controlled"]);
+  return {
+    hasFoothold: hasFoothold2,
+    stillCrashing,
+    hasFindings,
+    indicatesProgress: hasFoothold2 || hasFindings || outputContainsAny2(output, ["[status] running", "[status] success", "[nextworker] pwn"])
+  };
+}
+function buildPwnExecutionAnalysis(phase, signals) {
+  if (signals.hasFoothold) {
+    return {
+      phaseObservation: "pwn chain achieved code execution or an interactive foothold",
+      nextHint: "reuse the achieved foothold and continue from the working exploit state"
+    };
+  }
+  if (phase === "offset_known") {
+    return {
+      phaseObservation: signals.hasFindings ? "offset-guided pwn iteration confirmed control signals" : "offset-guided pwn iteration executed",
+      nextHint: "continue from the known offset and latest payload revision"
+    };
+  }
+  if (phase === "crash_iteration") {
+    return {
+      phaseObservation: signals.stillCrashing ? "crash-driven pwn iteration preserved the crash state" : "crash-driven pwn iteration executed",
+      nextHint: "preserve crash evidence and narrow the next payload iteration"
+    };
+  }
+  return {
+    phaseObservation: signals.indicatesProgress ? "pwn chain advanced and produced follow-up signals" : "delegated pwn step executed",
+    nextHint: "continue the selected exploit-development loop before broadening scope"
+  };
+}
+
+// src/agents/main-agent/delegated-execution-analysis.ts
+function getBoundedCredentialService(request) {
+  const command = request.boundedCommand || "";
+  if (command.includes("sshpass")) return "ssh";
+  if (command.includes("smbclient")) return "smb";
+  if (command.includes("evil-winrm")) return "winrm";
+  if (command.includes("xfreerdp")) return "rdp";
+  if (command.includes("ldapwhoami") || command.includes("ldapsearch")) return "ldap";
+  if (command.includes("mysql ")) return "mysql";
+  if (command.includes("psql ")) return "postgres";
+  if (command.includes("curl -fsSIL -u")) return "http";
+  if (command.includes("curl -fsS --user")) return "ftp";
+  if (command.includes("Authorization: Bearer") || command.includes("X-API-Key")) return "token_or_api";
+  return null;
+}
+function getBoundedArtifactKind(request) {
+  const command = request.boundedCommand || "";
+  if (command.includes("curl -fsSIL") && command.includes("| head -n 5")) return "webshell";
+  if (command.includes("head -n 5") && command.includes(".sql")) return "database_dump";
+  if (command.includes("head -n 5") && command.includes(".db")) return "database_dump";
+  if (command.includes("smbclient -L")) return "smb_share";
+  if (command.includes("curl -fsSIL")) return "url";
+  if (command.includes("test -e")) return "file";
+  return null;
+}
+function getBoundedPwnProbeKind(request) {
+  const command = request.boundedCommand || "";
+  if (command.includes("gdb -q") && command.includes("info registers") && command.includes("bt")) {
+    return "core_gdb";
+  }
+  if (command.startsWith("gdb ")) {
+    return "gdb_replay";
+  }
+  if (command.includes("timeout 5")) {
+    return "binary_smoke";
+  }
+  return null;
+}
+function getPhaseFromContext(context, key) {
+  if (!context) {
+    return null;
+  }
+  const match = context.match(new RegExp(`${key}=([a-z_]+)`));
+  return match?.[1] ?? null;
+}
+function analyzeDelegatedExecutionResult(request, result) {
+  if (!request || !result) {
+    return null;
+  }
+  if (!result.success) {
+    return {
+      phaseObservation: "delegated step failed",
+      nextHint: "retry the same chain only after using the error to narrow the next step"
+    };
+  }
+  if (request.workerType === "shell-supervisor") {
+    const phase = getPhaseFromContext(request.context, "shell_phase");
+    if (phase === "listener_waiting") {
+      return {
+        phaseObservation: "listener supervision step executed",
+        nextHint: "if callback evidence appeared, promote and validate the shell immediately"
+      };
+    }
+    if (phase === "active_shell_stabilizing") {
+      return {
+        phaseObservation: "shell stabilization step executed",
+        nextHint: "finish PTY stabilization before broader enumeration"
+      };
+    }
+    if (phase === "post_exploitation_active") {
+      return {
+        phaseObservation: "post-exploitation enumeration step executed",
+        nextHint: "continue controlled enumeration through the same shell"
+      };
+    }
+  }
+  if (request.workerType === "exploit") {
+    if (request.boundedTool === "exploit_credential_check") {
+      const service = getBoundedCredentialService(request);
+      return {
+        phaseObservation: service ? `bounded ${service} credential validation executed for the exploit chain` : "bounded credential validation executed for the exploit chain",
+        nextHint: service ? `reuse the validated ${service} access path or convert it into a foothold before changing vectors` : "reuse the validated credentials or convert the access path into a foothold before changing vectors"
+      };
+    }
+    if (request.boundedTool === "exploit_artifact_check") {
+      const artifactKind = getBoundedArtifactKind(request);
+      return {
+        phaseObservation: artifactKind ? `bounded ${artifactKind} artifact validation executed for the exploit chain` : "bounded artifact validation executed for the exploit chain",
+        nextHint: artifactKind === "webshell" ? "reuse the validated webshell artifact as a foothold before changing exploit delivery" : artifactKind === "database_dump" ? "advance the validated dump into credential extraction, parsing, or authenticated follow-up" : artifactKind === "smb_share" ? "reuse the validated share path for file access or lateral follow-up before changing vectors" : "advance the validated artifact into data access, authenticated use, or foothold confirmation"
+      };
+    }
+    if (request.boundedTool === "exploit_foothold_check") {
+      return {
+        phaseObservation: "bounded foothold validation executed for the exploit chain",
+        nextHint: "reuse the foothold and continue from the confirmed access path instead of restarting delivery"
+      };
+    }
+    if (request.boundedTool === "exploit_vector_check") {
+      return {
+        phaseObservation: "bounded exploit-vector reachability check executed",
+        nextHint: "if the vector is still reachable, continue adapting the current chain before switching to a new one"
+      };
+    }
+    const phase = getPhaseFromContext(request.context, "exploit_phase");
+    return buildExploitExecutionAnalysis(phase, getExploitResultSignals(result));
+  }
+  if (request.workerType === "pwn") {
+    if (request.boundedTool === "pwn_offset_check") {
+      const probeKind = getBoundedPwnProbeKind(request);
+      return {
+        phaseObservation: probeKind === "core_gdb" ? "bounded gdb core-state verification executed for the pwn loop" : probeKind === "gdb_replay" ? "bounded gdb replay executed for the pwn loop" : "bounded offset verification executed for the pwn loop",
+        nextHint: probeKind === "core_gdb" ? "reuse the saved core-state evidence and narrow the next payload iteration from the confirmed crash context" : probeKind === "gdb_replay" ? "continue from the gdb-confirmed state and narrow the next payload iteration" : "continue from the known offset and narrow the next payload iteration"
+      };
+    }
+    if (request.boundedTool === "pwn_crash_repro") {
+      const probeKind = getBoundedPwnProbeKind(request);
+      return {
+        phaseObservation: probeKind === "core_gdb" ? "bounded core-backed crash inspection executed for the pwn loop" : probeKind === "gdb_replay" ? "bounded gdb-backed crash replay executed for the pwn loop" : "bounded crash reproduction executed for the pwn loop",
+        nextHint: probeKind === "core_gdb" ? "preserve the core-backed crash state and apply the narrowest next debugging step" : probeKind === "gdb_replay" ? "preserve the gdb replay state and apply the narrowest next debugging or payload mutation step" : "preserve the crash state and apply the narrowest next debugging or payload mutation step"
+      };
+    }
+    if (request.boundedTool === "pwn_payload_smoke") {
+      const probeKind = getBoundedPwnProbeKind(request);
+      return {
+        phaseObservation: probeKind === "gdb_replay" ? "bounded gdb-guided smoke test executed for the pwn loop" : "bounded payload smoke test executed for the pwn loop",
+        nextHint: probeKind === "gdb_replay" ? "preserve the gdb-guided payload state and continue narrowing the next test" : "preserve the last payload revision and continue narrowing the next test"
+      };
+    }
+    const phase = getPhaseFromContext(request.context, "pwn_phase");
+    return buildPwnExecutionAnalysis(phase, getPwnResultSignals(result));
+  }
+  return {
+    phaseObservation: "delegated step executed",
+    nextHint: "continue the selected delegated chain before switching focus"
+  };
+}
+
+// src/agents/main-agent/delegated-execution-plan.ts
+function getPhaseFromContext2(context, key) {
+  if (!context) {
+    return null;
+  }
+  const match = context.match(new RegExp(`${key}=([a-z_]+)`));
+  return match?.[1] ?? null;
+}
+function getRecommendedBoundedTool(request) {
+  if (request.workerType === "shell-supervisor") {
+    const phase = getPhaseFromContext2(request.context, "shell_phase");
+    if (phase === "listener_waiting") return "listener_status";
+    if (phase === "listener_callback_detected") return "shell_promote";
+    if (phase === "active_shell_stabilizing") return "shell_upgrade";
+    if (phase === "active_shell_stabilized" || phase === "post_exploitation_active") return "shell_check";
+    return null;
+  }
+  if (request.workerType === "exploit") {
+    const phase = getPhaseFromContext2(request.context, "exploit_phase");
+    if (phase === "foothold_active") return "exploit_foothold_check";
+    if (phase === "credential_followup") return "exploit_credential_check";
+    if (phase === "artifact_ready") return "exploit_artifact_check";
+    return null;
+  }
+  if (request.workerType === "pwn") {
+    const phase = getPhaseFromContext2(request.context, "pwn_phase");
+    if (phase === "offset_known") return "pwn_offset_check";
+    if (phase === "crash_iteration") return "pwn_crash_repro";
+    if (phase === "payload_iteration") return "pwn_payload_smoke";
+    return null;
+  }
+  return null;
+}
+function buildDelegatedExecutionPlan(request) {
+  if (request.workerType === "shell-supervisor") {
+    const phase = getPhaseFromContext2(request.context, "shell_phase");
+    if (phase === "listener_waiting") return "Poll the listener and promote immediately if a callback appears.";
+    if (phase === "listener_callback_detected") return "Promote the callback path and validate the resulting shell.";
+    if (phase === "active_shell_stabilizing") return "Finish PTY stabilization before broader post-exploitation.";
+    if (phase === "active_shell_stabilized") return "Reuse the stabilized shell for controlled enumeration.";
+    if (phase === "post_exploitation_active") return "Continue post-exploitation through the existing shell rather than opening a new chain.";
+    return "Continue supervising the current shell/listener chain first.";
+  }
+  if (request.workerType === "exploit") {
+    const phase = getPhaseFromContext2(request.context, "exploit_phase");
+    if (phase === "foothold_active") return "Reuse the existing foothold and prefer exploit_foothold_check for bounded access validation.";
+    if (phase === "credential_followup") return "Validate and reuse the obtained credentials or tokens, preferring exploit_credential_check for bounded probes.";
+    if (phase === "artifact_ready") return "Validate the current exploit artifact, preferring exploit_artifact_check before building a replacement.";
+    return "Continue the strongest surviving exploit vector and preserve branch evidence.";
+  }
+  if (request.workerType === "pwn") {
+    const phase = getPhaseFromContext2(request.context, "pwn_phase");
+    if (phase === "foothold_active") return "Reuse the achieved execution foothold and continue from there.";
+    if (phase === "offset_known") return "Resume from the known offset and latest payload revision, preferring pwn_offset_check for bounded verification.";
+    if (phase === "crash_iteration") return "Reproduce the latest crash and continue debugging from the preserved crash state, preferring pwn_crash_repro.";
+    return "Continue the active payload-design loop with narrower iterations, preferring pwn_payload_smoke for the next bounded test.";
+  }
+  return "Continue the selected delegated chain before starting unrelated work.";
+}
+
+// src/agents/main-agent/delegated-execution-formatting.ts
+var OUTPUT_PREVIEW_LIMIT = 240;
+var FIELD_PREVIEW_LIMIT = 180;
+function getDelegatedExecutionSignature(request) {
+  if (!request) return null;
+  return JSON.stringify(request);
+}
+function summarizeDelegatedExecutionField(value, limit = FIELD_PREVIEW_LIMIT) {
+  const normalized = value.replace(/\s+/g, " ").trim();
+  if (!normalized) {
+    return "";
+  }
+  if (normalized.length <= limit) {
+    return normalized;
+  }
+  return `${normalized.slice(0, limit - 3)}...`;
+}
+function summarizeDelegatedExecutionOutput(output) {
+  return summarizeDelegatedExecutionField(output, OUTPUT_PREVIEW_LIMIT);
+}
+function buildDelegatedExecutionRequestFragment(request) {
+  if (!request) {
+    return "";
+  }
+  const executionPlan = buildDelegatedExecutionPlan(request);
+  const lines = [
+    "<delegated-execution-request>",
+    `task: ${summarizeDelegatedExecutionField(request.task)}`,
+    request.workerType ? `worker_type: ${request.workerType}` : "",
+    request.resumeTaskId ? `resume_task_id: ${request.resumeTaskId}` : "",
+    request.target ? `target: ${request.target}` : "",
+    request.context ? `context: ${summarizeDelegatedExecutionField(request.context)}` : "",
+    request.boundedTool ? `bounded_tool: ${request.boundedTool}` : "",
+    request.boundedCommand ? `bounded_command: ${summarizeDelegatedExecutionField(request.boundedCommand)}` : "",
+    request.boundedTimeout ? `bounded_timeout: ${request.boundedTimeout}` : "",
+    request.boundedInstruction ? `bounded_instruction: ${summarizeDelegatedExecutionField(request.boundedInstruction)}` : "",
+    executionPlan ? `execution_plan: ${summarizeDelegatedExecutionField(executionPlan)}` : "",
+    "</delegated-execution-request>"
+  ].filter(Boolean);
+  return lines.join("\n");
+}
+function buildDelegatedExecutionResultFragment(result, analysis) {
+  if (!result) {
+    return "";
+  }
+  const outputPreview = summarizeDelegatedExecutionOutput(result.output);
+  const lines = [
+    "<delegated-execution-result>",
+    `success: ${result.success ? "true" : "false"}`,
+    result.error ? `error: ${result.error}` : "",
+    outputPreview ? `output_preview: ${outputPreview}` : "",
+    analysis?.phaseObservation ? `phase_observation: ${analysis.phaseObservation}` : "",
+    analysis?.nextHint ? `next_hint: ${analysis.nextHint}` : "",
+    "</delegated-execution-result>"
+  ].filter(Boolean);
+  return lines.join("\n");
+}
+
+// src/agents/main-agent/delegated-execution-state.ts
+function createDelegatedExecutionState() {
+  return {
+    pendingRequest: null,
+    lastAttemptedSignature: null
+  };
+}
+function setDelegatedExecutionState(currentState, request) {
+  const nextRequest = request || null;
+  const nextSignature = getDelegatedExecutionSignature(nextRequest);
+  const currentSignature = getDelegatedExecutionSignature(currentState.pendingRequest);
+  const requestChanged = nextSignature !== currentSignature;
+  return {
+    pendingRequest: nextRequest,
+    lastAttemptedSignature: requestChanged ? null : currentState.lastAttemptedSignature,
+    requestChanged
+  };
+}
+function canAutoExecuteDelegatedState(state) {
+  const pendingSignature = getDelegatedExecutionSignature(state.pendingRequest);
+  return pendingSignature !== null && pendingSignature !== state.lastAttemptedSignature;
+}
+function markDelegatedExecutionAttempt(state) {
+  return {
+    ...state,
+    lastAttemptedSignature: getDelegatedExecutionSignature(state.pendingRequest)
+  };
+}
+function consumeDelegatedExecutionState(state) {
+  return {
+    consumedRequest: state.pendingRequest,
+    nextState: createDelegatedExecutionState()
+  };
+}
+
+// src/agents/main-agent/delegated-execution-runtime.ts
+var DelegatedExecutionRuntime = class {
+  pendingRequest = createDelegatedExecutionState().pendingRequest;
+  lastAttemptedSignature = createDelegatedExecutionState().lastAttemptedSignature;
+  lastExecutionResult = null;
+  lastExecutionAnalysis = null;
+  set(request) {
+    const nextState = setDelegatedExecutionState(
+      {
+        pendingRequest: this.pendingRequest,
+        lastAttemptedSignature: this.lastAttemptedSignature
+      },
+      request
+    );
+    this.pendingRequest = nextState.pendingRequest;
+    this.lastAttemptedSignature = nextState.lastAttemptedSignature;
+    if (nextState.requestChanged) {
+      this.lastExecutionResult = null;
+      this.lastExecutionAnalysis = null;
+    }
+  }
+  peek() {
+    return this.pendingRequest;
+  }
+  canAutoExecute() {
+    return canAutoExecuteDelegatedState({
+      pendingRequest: this.pendingRequest,
+      lastAttemptedSignature: this.lastAttemptedSignature
+    });
+  }
+  markAutoExecutionAttempt() {
+    const nextState = markDelegatedExecutionAttempt({
+      pendingRequest: this.pendingRequest,
+      lastAttemptedSignature: this.lastAttemptedSignature
+    });
+    this.lastAttemptedSignature = nextState.lastAttemptedSignature;
+  }
+  setLastExecutionResult(result) {
+    this.lastExecutionResult = result;
+    this.lastExecutionAnalysis = analyzeDelegatedExecutionResult(this.pendingRequest, result);
+  }
+  consume() {
+    const consumed = consumeDelegatedExecutionState({
+      pendingRequest: this.pendingRequest,
+      lastAttemptedSignature: this.lastAttemptedSignature
+    });
+    this.pendingRequest = consumed.nextState.pendingRequest;
+    this.lastAttemptedSignature = consumed.nextState.lastAttemptedSignature;
+    this.lastExecutionAnalysis = null;
+    return consumed.consumedRequest;
+  }
+  reset() {
+    const resetState = createDelegatedExecutionState();
+    this.pendingRequest = resetState.pendingRequest;
+    this.lastAttemptedSignature = resetState.lastAttemptedSignature;
+    this.lastExecutionResult = null;
+    this.lastExecutionAnalysis = null;
+  }
+  toPromptFragment() {
+    return buildDelegatedExecutionRequestFragment(this.pendingRequest);
+  }
+  toResultFragment() {
+    return buildDelegatedExecutionResultFragment(
+      this.lastExecutionResult,
+      this.lastExecutionAnalysis
+    );
+  }
+};
+
+// src/agents/main-agent/delegated-auto-executor-helpers.ts
+function combineToolResults(results) {
+  const success = results.every((result) => result.success);
+  return {
+    success,
+    output: results.map((result, index) => `Step ${index + 1}:
+${result.output}`).join("\n\n"),
+    ...success ? {} : {
+      error: results.find((result) => !result.success)?.error || "delegated auto-execution failed"
+    }
+  };
+}
+function buildPatchedContext(context, key, value) {
+  const parts = (context || "").split("|").map((part) => part.trim()).filter(Boolean).filter((part) => !part.startsWith(`${key}=`));
+  parts.push(`${key}=${value}`);
+  return parts.join(" | ");
+}
+function getPhaseFromContext3(context, key) {
+  if (!context) {
+    return null;
+  }
+  const match = context.match(new RegExp(`${key}=([a-z_]+)`));
+  return match?.[1] ?? null;
+}
+function buildRunTaskInput(request, task, workerType, context) {
+  return {
+    name: TOOL_NAMES.RUN_TASK,
+    input: {
+      task,
+      worker_type: workerType,
+      ...request.resumeTaskId ? { resume_task_id: request.resumeTaskId } : {},
+      ...request.target ? { target: request.target } : {},
+      ...context ? { context } : {}
+    }
+  };
+}
+function shouldAutoExecuteDelegatedRequest(request) {
+  if (!request || typeof request.resumeTaskId !== "string") {
+    return false;
+  }
+  if (request.workerType === "shell-supervisor") {
+    return true;
+  }
+  if (request.workerType === "exploit") {
+    const phase = getPhaseFromContext3(request.context, "exploit_phase");
+    return phase === "artifact_ready" || phase === "credential_followup" || phase === "foothold_active";
+  }
+  if (request.workerType === "pwn") {
+    const phase = getPhaseFromContext3(request.context, "pwn_phase");
+    return phase === "offset_known" || phase === "crash_iteration" || phase === "foothold_active" || phase === "payload_iteration";
+  }
+  return false;
+}
+async function executeTwoStepLoop(execute, firstCall, buildFollowupCall, getSignals) {
+  const firstResult = await execute(firstCall);
+  if (!firstResult.success) {
+    return firstResult;
+  }
+  const followupCall = buildFollowupCall(firstResult);
+  if (!followupCall || !getSignals(firstResult).indicatesProgress) {
+    return firstResult;
+  }
+  const followupResult = await execute(followupCall);
+  return combineToolResults([firstResult, followupResult]);
+}
+
+// src/agents/main-agent/delegated-auto-executor-shell.ts
+function didStatusDetectConnection(result) {
+  const output = result.output || "";
+  return output.includes("CONNECTION DETECTED") || output.includes("Promote to shell");
+}
+function didShellCheckShowStability(result) {
+  const output = (result.output || "").toLowerCase();
+  return output.includes("xterm") || output.includes("rows") || output.includes("columns") || output.includes("/dev/pts/");
+}
+async function executeShellUpgradeSequence(toolRegistry, processId) {
+  const initialCheck = await toolRegistry.execute({
+    name: TOOL_NAMES.SHELL_CHECK,
+    input: {
+      process_id: processId,
+      profile: "stability"
+    }
+  });
+  if (!initialCheck.success || didShellCheckShowStability(initialCheck)) {
+    return initialCheck;
+  }
+  const pythonUpgrade = await toolRegistry.execute({
+    name: TOOL_NAMES.SHELL_UPGRADE,
+    input: {
+      process_id: processId,
+      method: "python_pty"
+    }
+  });
+  if (!pythonUpgrade.success) {
+    return combineToolResults([initialCheck, pythonUpgrade]);
+  }
+  const postPythonCheck = await toolRegistry.execute({
+    name: TOOL_NAMES.SHELL_CHECK,
+    input: {
+      process_id: processId,
+      profile: "stability"
+    }
+  });
+  if (!postPythonCheck.success || didShellCheckShowStability(postPythonCheck)) {
+    return combineToolResults([initialCheck, pythonUpgrade, postPythonCheck]);
+  }
+  const scriptUpgrade = await toolRegistry.execute({
+    name: TOOL_NAMES.SHELL_UPGRADE,
+    input: {
+      process_id: processId,
+      method: "script"
+    }
+  });
+  if (!scriptUpgrade.success) {
+    return combineToolResults([initialCheck, pythonUpgrade, postPythonCheck, scriptUpgrade]);
+  }
+  const finalCheck = await toolRegistry.execute({
+    name: TOOL_NAMES.SHELL_CHECK,
+    input: {
+      process_id: processId,
+      profile: "stability"
+    }
+  });
+  return combineToolResults([initialCheck, pythonUpgrade, postPythonCheck, scriptUpgrade, finalCheck]);
+}
+function buildShellSupervisorFastPathCall() {
+  const snapshot = getShellSupervisorLifecycleSnapshot();
+  switch (snapshot.phase) {
+    case "post_exploitation_active":
+      return snapshot.activeShellId ? {
+        name: TOOL_NAMES.SHELL_CHECK,
+        input: {
+          process_id: snapshot.activeShellId,
+          profile: "post"
+        }
+      } : null;
+    case "active_shell_stabilized":
+      return snapshot.activeShellId ? {
+        name: TOOL_NAMES.SHELL_EXEC,
+        input: {
+          process_id: snapshot.activeShellId,
+          command: "pwd && uname -a"
+        }
+      } : null;
+    case "active_shell_stabilizing":
+      return snapshot.activeShellId ? {
+        name: TOOL_NAMES.SHELL_CHECK,
+        input: {
+          process_id: snapshot.activeShellId,
+          profile: "stability"
+        }
+      } : null;
+    case "listener_waiting":
+      return snapshot.listenerId ? {
+        name: TOOL_NAMES.LISTENER_STATUS,
+        input: {
+          process_id: snapshot.listenerId
+        }
+      } : null;
+    case "listener_callback_detected":
+      return snapshot.listenerId ? {
+        name: TOOL_NAMES.SHELL_PROMOTE,
+        input: {
+          process_id: snapshot.listenerId
+        }
+      } : null;
+    case "active_shell_ready":
+      return snapshot.activeShellId ? {
+        name: TOOL_NAMES.SHELL_CHECK,
+        input: {
+          process_id: snapshot.activeShellId,
+          profile: "identity"
+        }
+      } : null;
+    default:
+      return null;
+  }
+}
+async function executeShellSupervisorMiniLoop(toolRegistry) {
+  const snapshot = getShellSupervisorLifecycleSnapshot();
+  if (snapshot.phase === "post_exploitation_active" && snapshot.activeShellId) {
+    const identityResult = await toolRegistry.execute({
+      name: TOOL_NAMES.SHELL_CHECK,
+      input: {
+        process_id: snapshot.activeShellId,
+        profile: "identity"
+      }
+    });
+    if (!identityResult.success) {
+      return identityResult;
+    }
+    const environmentResult = await toolRegistry.execute({
+      name: TOOL_NAMES.SHELL_CHECK,
+      input: {
+        process_id: snapshot.activeShellId,
+        profile: "environment"
+      }
+    });
+    if (!environmentResult.success) {
+      return combineToolResults([identityResult, environmentResult]);
+    }
+    const networkResult = await toolRegistry.execute({
+      name: TOOL_NAMES.SHELL_CHECK,
+      input: {
+        process_id: snapshot.activeShellId,
+        profile: "post"
+      }
+    });
+    return combineToolResults([identityResult, environmentResult, networkResult]);
+  }
+  if (snapshot.phase === "active_shell_stabilizing" && snapshot.activeShellId) {
+    return executeShellUpgradeSequence(toolRegistry, snapshot.activeShellId);
+  }
+  if (snapshot.phase === "listener_waiting" && snapshot.listenerId) {
+    const statusResult = await toolRegistry.execute({
+      name: TOOL_NAMES.LISTENER_STATUS,
+      input: {
+        process_id: snapshot.listenerId
+      }
+    });
+    if (!statusResult.success || !didStatusDetectConnection(statusResult)) {
+      return statusResult;
+    }
+    const promoteResult = await toolRegistry.execute({
+      name: TOOL_NAMES.SHELL_PROMOTE,
+      input: {
+        process_id: snapshot.listenerId
+      }
+    });
+    if (!promoteResult.success) {
+      return combineToolResults([statusResult, promoteResult]);
+    }
+    const interactResult = await toolRegistry.execute({
+      name: TOOL_NAMES.SHELL_CHECK,
+      input: {
+        process_id: snapshot.listenerId,
+        profile: "identity"
+      }
+    });
+    return combineToolResults([statusResult, promoteResult, interactResult]);
+  }
+  if (snapshot.phase === "listener_callback_detected" && snapshot.listenerId) {
+    const promoteResult = await toolRegistry.execute({
+      name: TOOL_NAMES.SHELL_PROMOTE,
+      input: {
+        process_id: snapshot.listenerId
+      }
+    });
+    if (!promoteResult.success) {
+      return promoteResult;
+    }
+    const interactResult = await toolRegistry.execute({
+      name: TOOL_NAMES.SHELL_CHECK,
+      input: {
+        process_id: snapshot.listenerId,
+        profile: "identity"
+      }
+    });
+    return combineToolResults([promoteResult, interactResult]);
+  }
+  const singleCall = buildShellSupervisorFastPathCall();
+  if (!singleCall) {
+    return null;
+  }
+  return toolRegistry.execute(singleCall);
+}
+
+// src/agents/main-agent/delegated-auto-executor-offense.ts
+function buildExploitPhaseRunTaskCall(request) {
+  const phase = getPhaseFromContext3(request.context, "exploit_phase");
+  const phaseTask = phase === "foothold_active" ? "Reuse the existing foothold and continue the exploit chain from the current access path." : phase === "credential_followup" ? "Validate and reuse the obtained credentials or tokens before changing exploit vectors." : phase === "artifact_ready" ? "Validate and advance the current exploit artifact before switching to a different vector." : request.task;
+  return buildRunTaskInput(request, phaseTask, "exploit", request.context);
+}
+function buildExploitFollowupRunTaskCall(request, previousResult) {
+  const phase = getPhaseFromContext3(request.context, "exploit_phase");
+  const signals = previousResult ? getExploitResultSignals(previousResult) : null;
+  const hasSession = signals?.hasSession ?? false;
+  const hasLoot = signals?.hasLoot ?? false;
+  if (phase === "credential_followup" || hasLoot) {
+    return buildRunTaskInput(
+      request,
+      hasSession ? "Reuse the confirmed foothold or authenticated path and continue the exploit chain without restarting delivery." : "If credential reuse succeeded, continue from the confirmed foothold or authenticated path without restarting the exploit chain.",
+      "exploit",
+      buildPatchedContext(request.context, "exploit_phase", hasSession ? "foothold_active" : "credential_followup")
+    );
+  }
+  if (phase === "artifact_ready") {
+    return buildRunTaskInput(
+      request,
+      hasSession ? "A foothold exists from the validated artifact. Reuse it and continue the chain from that access path." : "If the artifact validated successfully, turn it into data extraction, authenticated access, or foothold confirmation before changing vectors.",
+      "exploit",
+      buildPatchedContext(request.context, "exploit_phase", hasSession ? "foothold_active" : "artifact_ready")
+    );
+  }
+  return null;
+}
+function buildPwnPhaseRunTaskCall(request) {
+  const phase = getPhaseFromContext3(request.context, "pwn_phase");
+  const phaseTask = phase === "foothold_active" ? "Reuse the existing execution foothold and continue post-exploitation or objective completion." : phase === "offset_known" ? "Resume the exploit loop from the known offset and latest payload revision." : phase === "crash_iteration" ? "Reproduce the latest crash and continue debugging from the preserved crash state." : request.task;
+  return buildRunTaskInput(request, phaseTask, "pwn", request.context);
+}
+function buildPwnFollowupRunTaskCall(request, previousResult) {
+  const phase = getPhaseFromContext3(request.context, "pwn_phase");
+  const signals = previousResult ? getPwnResultSignals(previousResult) : null;
+  const hasFoothold2 = signals?.hasFoothold ?? false;
+  const stillCrashing = signals?.stillCrashing ?? false;
+  if (phase === "offset_known") {
+    return buildRunTaskInput(
+      request,
+      hasFoothold2 ? "Execution is confirmed. Reuse the achieved foothold and continue from the working exploit state." : "Use the known offset to perform the narrowest next payload smoke test and confirm progress toward execution.",
+      "pwn",
+      buildPatchedContext(request.context, "pwn_phase", hasFoothold2 ? "foothold_active" : "payload_iteration")
+    );
+  }
+  if (phase === "crash_iteration") {
+    return buildRunTaskInput(
+      request,
+      stillCrashing ? "The crash state persists. Apply the narrowest next debugging or payload mutation step from the preserved crash state." : hasFoothold2 ? "Execution is confirmed. Reuse the achieved foothold and continue from the working exploit state." : "Apply the narrowest next debugging or payload mutation step from the preserved crash state.",
+      "pwn",
+      buildPatchedContext(
+        request.context,
+        "pwn_phase",
+        hasFoothold2 ? "foothold_active" : stillCrashing ? "crash_iteration" : "payload_iteration"
+      )
+    );
+  }
+  return null;
+}
+async function executeExploitMiniLoop(toolRegistry, request) {
+  return executeTwoStepLoop(
+    (call) => toolRegistry.execute(call),
+    buildExploitPhaseRunTaskCall(request),
+    (firstResult) => buildExploitFollowupRunTaskCall(request, firstResult),
+    getExploitResultSignals
+  );
+}
+async function executeExploitDirectBoundedLoop(toolRegistry, request, boundedCall) {
+  if (!boundedCall) {
+    return executeExploitMiniLoop(toolRegistry, request);
+  }
+  return executeTwoStepLoop(
+    (call) => toolRegistry.execute(call),
+    boundedCall,
+    (firstResult) => buildExploitFollowupRunTaskCall(request, firstResult),
+    getExploitResultSignals
+  );
+}
+async function executePwnMiniLoop(toolRegistry, request) {
+  return executeTwoStepLoop(
+    (call) => toolRegistry.execute(call),
+    buildPwnPhaseRunTaskCall(request),
+    (firstResult) => buildPwnFollowupRunTaskCall(request, firstResult),
+    getPwnResultSignals
+  );
+}
+async function executePwnDirectBoundedLoop(toolRegistry, request, boundedCall) {
+  if (!boundedCall) {
+    return executePwnMiniLoop(toolRegistry, request);
+  }
+  return executeTwoStepLoop(
+    (call) => toolRegistry.execute(call),
+    boundedCall,
+    (firstResult) => buildPwnFollowupRunTaskCall(request, firstResult),
+    getPwnResultSignals
+  );
+}
+
+// src/agents/main-agent/delegated-auto-executor-calls.ts
+function buildDelegatedRunTaskCall(request) {
+  return {
+    name: TOOL_NAMES.RUN_TASK,
+    input: {
+      task: request.task,
+      ...request.workerType ? { worker_type: request.workerType } : {},
+      ...request.resumeTaskId ? { resume_task_id: request.resumeTaskId } : {},
+      ...request.target ? { target: request.target } : {},
+      ...request.context ? { context: request.context } : {}
+    }
+  };
+}
+function buildBoundedDelegatedToolCall(request) {
+  if (!request.boundedTool || !request.boundedCommand) {
+    return null;
+  }
+  return {
+    name: request.boundedTool,
+    input: {
+      command: request.boundedCommand,
+      ...request.boundedTimeout ? { timeout: request.boundedTimeout } : {}
+    }
+  };
+}
+
+// src/agents/main-agent/delegated-auto-execution-strategies.ts
+var DEFAULT_DELEGATED_EXECUTION_STRATEGY = async (toolRegistry, request) => toolRegistry.execute(buildDelegatedRunTaskCall(request));
+var SHELL_SUPERVISOR_STRATEGY = async (toolRegistry, request) => await executeShellSupervisorMiniLoop(toolRegistry) || await toolRegistry.execute(buildDelegatedRunTaskCall(request));
+var EXPLOIT_STRATEGY = async (toolRegistry, request) => executeExploitDirectBoundedLoop(
+  toolRegistry,
+  request,
+  buildBoundedDelegatedToolCall(request)
+);
+var PWN_STRATEGY = async (toolRegistry, request) => executePwnDirectBoundedLoop(
+  toolRegistry,
+  request,
+  buildBoundedDelegatedToolCall(request)
+);
+var DELEGATED_EXECUTION_STRATEGIES = {
+  "shell-supervisor": SHELL_SUPERVISOR_STRATEGY,
+  exploit: EXPLOIT_STRATEGY,
+  pwn: PWN_STRATEGY
+};
+async function executeDelegatedRequestByStrategy(toolRegistry, request) {
+  const strategy = request.workerType ? DELEGATED_EXECUTION_STRATEGIES[request.workerType] : void 0;
+  return (strategy ?? DEFAULT_DELEGATED_EXECUTION_STRATEGY)(toolRegistry, request);
+}
+
+// src/agents/main-agent/delegated-auto-executor.ts
+var DelegatedAutoExecutor = class {
+  canExecutePending(runtime) {
+    return runtime.canAutoExecute() && shouldAutoExecuteDelegatedRequest(runtime.peek());
+  }
+  async executePending(runtime, toolRegistry) {
+    if (!toolRegistry) {
+      return null;
+    }
+    const request = runtime.peek();
+    if (!request || !this.canExecutePending(runtime)) {
+      return null;
+    }
+    runtime.markAutoExecutionAttempt();
+    const result = await executeDelegatedRequestByStrategy(toolRegistry, request);
+    runtime.setLastExecutionResult(result);
+    if (result.success) {
+      runtime.consume();
+    }
+    return result;
+  }
+};
+
+// src/agents/main-agent/prompt-assembly.ts
+async function buildMainAgentPrompt(promptBuilder, state, userInput, delegatedExecution, memory) {
+  const basePrompt = await promptBuilder.build(
+    userInput,
+    state.getPhase() || PHASES.RECON,
+    memory
+  );
+  return [basePrompt, delegatedExecution.request, delegatedExecution.result].filter(Boolean).join("\n\n");
+}
+
+// src/agents/main-agent/exploit-lifecycle.ts
+function shellEscape(value) {
+  return `'${value.replace(/'/g, `'"'"'`)}'`;
+}
+function getReplayableExploitCommand(task) {
+  const candidates = [task.resumeHint || "", ...task.tried].map((value) => value.trim()).filter(Boolean);
+  return candidates.find(
+    (candidate) => /^(?:curl|hydra|sqlmap|psql|mysql|ssh|ftp|smbclient|xfreerdp|evil-winrm)\s+/i.test(candidate)
+  ) || null;
+}
+function getUrlCandidate(task) {
+  const candidates = [
+    task.target || "",
+    ...task.assets,
+    ...task.findings,
+    task.summary,
+    task.resumeHint || ""
+  ].map((value) => value.trim()).filter(Boolean);
+  for (const candidate of candidates) {
+    const urlMatch = candidate.match(/https?:\/\/[^\s"'`]+/i);
+    if (urlMatch?.[0]) {
+      return urlMatch[0];
+    }
+    const assetMatch = candidate.match(/^url:(https?:\/\/.+)$/i);
+    if (assetMatch?.[1]) {
+      return assetMatch[1].trim();
+    }
+  }
+  return null;
+}
+function getTokenProbe(task) {
+  for (const item of task.loot) {
+    const normalized = item.trim();
+    const tokenMatch = normalized.match(/(?:bearer\s+token|token)\s*:\s*(.+)$/i);
+    if (tokenMatch?.[1]) {
+      return {
+        header: "Authorization",
+        secret: `Bearer ${tokenMatch[1].trim()}`
+      };
+    }
+    const apiKeyMatch = normalized.match(/(?:api[_ -]?key|apikey)\s*:\s*(.+)$/i);
+    if (apiKeyMatch?.[1]) {
+      return {
+        header: "X-API-Key",
+        secret: apiKeyMatch[1].trim()
+      };
+    }
+  }
+  return null;
+}
+function getJoinedExploitEvidence(task) {
+  return [
+    task.target || "",
+    task.summary,
+    task.resumeHint || "",
+    ...task.assets,
+    ...task.findings,
+    ...task.tried,
+    ...task.loot
+  ].join(" ").toLowerCase();
+}
+function getCredentialPair(task) {
+  let username = null;
+  let password = null;
+  for (const item of task.loot) {
+    const normalized = item.trim();
+    const combinedMatch = normalized.match(/^([^\s:]+)\s+password:\s*(.+)$/i);
+    if (combinedMatch?.[1] && combinedMatch?.[2]) {
+      username = combinedMatch[1].trim();
+      password = combinedMatch[2].trim();
+      break;
+    }
+    const userMatch = normalized.match(/^(?:username|user)\s*:\s*(.+)$/i);
+    if (userMatch?.[1]) {
+      username = userMatch[1].trim();
+    }
+    const passwordMatch = normalized.match(/^password\s*:\s*(.+)$/i);
+    if (passwordMatch?.[1]) {
+      password = passwordMatch[1].trim();
+    }
+  }
+  return username && password ? { username, password } : null;
+}
+function getHostCandidate(task) {
+  const url = getUrlCandidate(task);
+  if (url) {
+    try {
+      return new URL(url).host;
+    } catch {
+      return null;
+    }
+  }
+  const target = (task.target || "").trim();
+  if (!target) {
+    return null;
+  }
+  if (/^https?:\/\//i.test(target)) {
+    try {
+      return new URL(target).host;
+    } catch {
+      return null;
+    }
+  }
+  return target;
+}
+function getServiceHint(task) {
+  const evidence = getJoinedExploitEvidence(task);
+  if (evidence.includes("ssh")) return "ssh";
+  if (evidence.includes("ftp")) return "ftp";
+  if (evidence.includes("smb") || evidence.includes("445")) return "smb";
+  if (evidence.includes("winrm") || evidence.includes("5985") || evidence.includes("5986")) return "winrm";
+  if (evidence.includes("rdp") || evidence.includes("3389")) return "rdp";
+  if (evidence.includes("ldap") || evidence.includes("389") || evidence.includes("636")) return "ldap";
+  if (evidence.includes("mysql")) return "mysql";
+  if (evidence.includes("postgres") || evidence.includes("psql")) return "postgres";
+  if (evidence.includes("http") || evidence.includes("https") || evidence.includes("web")) return "http";
+  return null;
+}
+function getServicePort(service) {
+  switch (service) {
+    case "ssh":
+      return 22;
+    case "ftp":
+      return 21;
+    case "http":
+      return 80;
+    case "mysql":
+      return 3306;
+    case "postgres":
+      return 5432;
+    case "smb":
+      return 445;
+    case "winrm":
+      return 5985;
+    case "rdp":
+      return 3389;
+    case "ldap":
+      return 389;
+    default:
+      return null;
+  }
+}
+function getVectorBoundedCommand(task) {
+  const url = getUrlCandidate(task);
+  if (url) {
+    return `curl -fsSIL ${shellEscape(url)}`;
+  }
+  const host = getHostCandidate(task);
+  const service = getServiceHint(task);
+  const port = getServicePort(service);
+  if (host && port) {
+    return `nc -vz -w 5 ${shellEscape(host)} ${port}`;
+  }
+  return void 0;
+}
+function getCredentialBoundedCommand(task, replayableCommand) {
+  if (replayableCommand) {
+    return replayableCommand;
+  }
+  const url = getUrlCandidate(task);
+  const tokenProbe = getTokenProbe(task);
+  if (url && tokenProbe) {
+    return `curl -fsSIL -H ${shellEscape(`${tokenProbe.header}: ${tokenProbe.secret}`)} ${shellEscape(url)}`;
+  }
+  const pair = getCredentialPair(task);
+  const host = getHostCandidate(task);
+  const service = getServiceHint(task);
+  if (pair && host && service === "ssh") {
+    return `sshpass -p ${shellEscape(pair.password)} ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 ${shellEscape(`${pair.username}@${host}`)} id`;
+  }
+  if (pair && host && service === "ftp") {
+    return `curl -fsS --user ${shellEscape(`${pair.username}:${pair.password}`)} --max-time 5 ${shellEscape(`ftp://${host}/`)}`;
+  }
+  if (pair && service === "http") {
+    const httpTarget = url || (host ? `http://${host}` : null);
+    if (httpTarget) {
+      return `curl -fsSIL -u ${shellEscape(`${pair.username}:${pair.password}`)} ${shellEscape(httpTarget)}`;
+    }
+  }
+  if (pair && host && service === "mysql") {
+    return `mysql -h ${shellEscape(host)} -u ${shellEscape(pair.username)} -p${pair.password} -e 'SELECT 1;'`;
+  }
+  if (pair && host && service === "postgres") {
+    return `PGPASSWORD=${shellEscape(pair.password)} psql -h ${shellEscape(host)} -U ${shellEscape(pair.username)} -c 'SELECT 1;' postgres`;
+  }
+  if (pair && host && service === "smb") {
+    return `smbclient -L ${shellEscape(`//${host}/`)} -U ${shellEscape(`${pair.username}%${pair.password}`)} -m SMB3`;
+  }
+  if (pair && host && service === "winrm") {
+    return `evil-winrm -i ${shellEscape(host)} -u ${shellEscape(pair.username)} -p ${shellEscape(pair.password)} -c whoami`;
+  }
+  if (pair && host && service === "rdp") {
+    return `xfreerdp /cert:ignore /auth-only /u:${shellEscape(pair.username)} /p:${shellEscape(pair.password)} /v:${shellEscape(host)}`;
+  }
+  if (pair && host && service === "ldap") {
+    return `ldapwhoami -x -H ${shellEscape(`ldap://${host}`)} -D ${shellEscape(pair.username)} -w ${shellEscape(pair.password)}`;
+  }
+  return void 0;
+}
+function hasCredentialLoot(task) {
+  return task.loot.some((item) => {
+    const normalized = item.toLowerCase();
+    return normalized.includes("password") || normalized.includes("credential") || normalized.includes("hash") || normalized.includes("token") || normalized.includes("key");
+  });
+}
+function hasFoothold(task) {
+  return task.sessions.length > 0 || task.assets.some((asset) => {
+    const normalized = asset.toLowerCase();
+    return normalized.includes("shell:") || normalized.includes("stabilized_shell:") || normalized.includes("post_exploitation_shell:") || normalized.includes("listener:") || normalized.includes("session:") || normalized.includes("foothold");
+  });
+}
+function getArtifactPath(task) {
+  for (const asset of task.assets) {
+    const trimmed = asset.trim();
+    const artifactMatch = trimmed.match(/^artifact:(.+)$/i);
+    if (artifactMatch?.[1]) {
+      return artifactMatch[1].trim();
+    }
+    if (trimmed.startsWith("/") || trimmed.startsWith("./")) {
+      return trimmed;
+    }
+  }
+  return null;
+}
+function getArtifactKind(task, artifactPath, artifactUrl) {
+  const evidence = getJoinedExploitEvidence(task);
+  if (artifactUrl) {
+    if (artifactUrl.match(/\.(php|asp|aspx|jsp|jspx|cfm)(?:[?#].*)?$/i) || evidence.includes("webshell")) {
+      return "webshell";
+    }
+    return "url";
+  }
+  if (!artifactPath) {
+    return null;
+  }
+  if (artifactPath.match(/\.(sql|sqlite|db|mdb|bak|dump)(?:\.[a-z0-9]+)?$/i) || evidence.includes("dump")) {
+    return "database_dump";
+  }
+  if (artifactPath.startsWith("//") || evidence.includes("smb share") || evidence.includes("share:")) {
+    return "smb_share";
+  }
+  return "file";
+}
+function getArtifactBoundedCommand(kind, artifactPath, artifactUrl) {
+  if (!kind) {
+    return void 0;
+  }
+  if (kind === "webshell" && artifactUrl) {
+    return `curl -fsSIL ${shellEscape(artifactUrl)} && curl -fsS ${shellEscape(artifactUrl)} | head -n 5`;
+  }
+  if (kind === "url" && artifactUrl) {
+    return `curl -fsSIL ${shellEscape(artifactUrl)}`;
+  }
+  if (kind === "database_dump" && artifactPath) {
+    return `test -e ${artifactPath} && ls -lh ${artifactPath} && file ${artifactPath} 2>/dev/null && head -n 5 ${artifactPath} 2>/dev/null`;
+  }
+  if (kind === "smb_share" && artifactPath) {
+    return `smbclient -L ${shellEscape(artifactPath)} -N -m SMB3`;
+  }
+  if (kind === "file" && artifactPath) {
+    return `test -e ${artifactPath} && ls -l ${artifactPath} && file ${artifactPath} 2>/dev/null`;
+  }
+  return void 0;
+}
+function getExploitLifecycleSnapshot(task) {
+  const replayableCommand = getReplayableExploitCommand(task);
+  if (hasFoothold(task)) {
+    return {
+      phase: "foothold_active",
+      recommendation: "A foothold already exists. Reuse the current access path and continue the exploit chain from that foothold.",
+      boundedTool: "exploit_foothold_check",
+      boundedCommand: replayableCommand || void 0,
+      boundedTimeout: 4e3,
+      boundedInstruction: "Run one narrow foothold validation step before expanding the exploit chain."
+    };
+  }
+  if (hasCredentialLoot(task)) {
+    return {
+      phase: "credential_followup",
+      recommendation: "Credentials or tokens exist. Prioritize validation, reuse, and pivot from the current exploit chain.",
+      boundedTool: "exploit_credential_check",
+      boundedCommand: getCredentialBoundedCommand(task, replayableCommand),
+      boundedTimeout: 5e3,
+      boundedInstruction: "Run one bounded credential or token validation step before changing exploit vectors."
+    };
+  }
+  if (task.assets.length > 0) {
+    const artifactPath = getArtifactPath(task);
+    const artifactUrl = getUrlCandidate(task);
+    const artifactKind = getArtifactKind(task, artifactPath, artifactUrl);
+    return {
+      phase: "artifact_ready",
+      recommendation: "The exploit chain produced reusable artifacts. Validate and advance the current artifact before changing vectors.",
+      boundedTool: "exploit_artifact_check",
+      boundedCommand: getArtifactBoundedCommand(artifactKind, artifactPath, artifactUrl),
+      boundedTimeout: 3e3,
+      boundedInstruction: artifactKind === "webshell" ? "Run one bounded webshell validation step before replacing the current foothold artifact." : artifactKind === "database_dump" ? "Run one bounded dump validation step before replacing or parsing the recovered database artifact." : artifactKind === "smb_share" ? "Run one bounded share validation step before changing the current artifact path." : "Run one bounded artifact validation step before replacing the current artifact."
+    };
+  }
+  return {
+    phase: "vector_active",
+    recommendation: "The current exploit vector is still active. Continue adapting it before switching to a new chain.",
+    boundedTool: "exploit_vector_check",
+    boundedCommand: getVectorBoundedCommand(task),
+    boundedTimeout: 5e3,
+    boundedInstruction: "Run one bounded target reachability or service confirmation step before abandoning the current exploit vector."
+  };
+}
+
+// src/agents/main-agent/pwn-lifecycle.ts
+function joinedEvidence(task) {
+  return [
+    task.summary,
+    task.resumeHint,
+    task.waitingOn,
+    ...task.tried,
+    ...task.findings,
+    ...task.assets
+  ].filter(Boolean).join(" ").toLowerCase();
+}
+function getReplayableCommand(task) {
+  const candidates = [...task.tried, task.resumeHint || ""].map((value) => value.trim()).filter(Boolean);
+  return candidates.find(
+    (candidate) => /^(?:\.\/|\/|python(?:3)?\b|gdb\b|qemu(?:-[\w-]+)?\b|nc\b)/i.test(candidate) || candidate.includes("pwntools")
+  ) || null;
+}
+function getCandidateBinaryPath(task) {
+  const candidates = [...task.assets, ...task.findings, task.summary, task.task, task.resumeHint || ""].map((value) => value.trim()).filter(Boolean);
+  for (const candidate of candidates) {
+    const artifactMatch = candidate.match(/^artifact:(.+)$/i);
+    const normalized = artifactMatch?.[1]?.trim() || candidate;
+    if (normalized.startsWith("./") || normalized.startsWith("/")) {
+      return normalized;
+    }
+    const embeddedPath = normalized.match(/(\.\/[A-Za-z0-9_./-]+|\/[A-Za-z0-9_./-]+)/);
+    if (embeddedPath?.[1]) {
+      return embeddedPath[1];
+    }
+  }
+  return null;
+}
+function getCandidateCorePath(task) {
+  const candidates = [...task.assets, ...task.findings, task.summary].map((value) => value.trim()).filter(Boolean);
+  for (const candidate of candidates) {
+    const artifactMatch = candidate.match(/^artifact:(.+)$/i);
+    const normalized = artifactMatch?.[1]?.trim() || candidate;
+    if (normalized.match(/(?:^|\/)core(?:\.[A-Za-z0-9_-]+)?$/i)) {
+      return normalized;
+    }
+    const embeddedCore = normalized.match(/(\.\/core(?:\.[A-Za-z0-9_-]+)?|\/[A-Za-z0-9_./-]*core(?:\.[A-Za-z0-9_-]+)?)/i);
+    if (embeddedCore?.[1]) {
+      return embeddedCore[1];
+    }
+  }
+  return null;
+}
+function getPwnProbeKind(replayableCommand, binaryPath, corePath) {
+  if (binaryPath && corePath) {
+    return "core_gdb";
+  }
+  if (replayableCommand?.startsWith("gdb ")) {
+    return "gdb_replay";
+  }
+  return "binary_smoke";
+}
+function getBoundedPwnCommand(kind, replayableCommand, binaryPath, corePath) {
+  if (kind === "core_gdb" && binaryPath && corePath) {
+    return `gdb -q ${binaryPath} ${corePath} -batch -ex 'info registers' -ex 'bt'`;
+  }
+  if (kind === "gdb_replay" && replayableCommand) {
+    return replayableCommand;
+  }
+  if (replayableCommand) {
+    return replayableCommand;
+  }
+  if (binaryPath) {
+    return `test -x ${binaryPath} && timeout 5 ${binaryPath} </dev/null`;
+  }
+  return void 0;
+}
+function getPwnLifecycleSnapshot(task) {
+  const evidence = joinedEvidence(task);
+  const replayableCommand = getReplayableCommand(task);
+  const binaryPath = getCandidateBinaryPath(task);
+  const corePath = getCandidateCorePath(task);
+  const probeKind = getPwnProbeKind(replayableCommand, binaryPath, corePath);
+  if (task.sessions.length > 0 || task.assets.some((asset) => {
+    const normalized = asset.toLowerCase();
+    return normalized.includes("shell:") || normalized.includes("stabilized_shell:") || normalized.includes("post_exploitation_shell:");
+  })) {
+    return {
+      phase: "foothold_active",
+      recommendation: "The pwn chain already produced execution. Reuse the existing foothold instead of restarting the exploit loop."
+    };
+  }
+  if (evidence.includes("offset") || evidence.includes("pattern") || evidence.includes("eip") || evidence.includes("rip")) {
+    return {
+      phase: "offset_known",
+      recommendation: "Offsets or control primitives are known. Resume from the latest payload iteration instead of rediscovering the crash.",
+      boundedTool: "pwn_offset_check",
+      boundedCommand: getBoundedPwnCommand(probeKind, replayableCommand, binaryPath, corePath),
+      boundedTimeout: 5e3,
+      boundedInstruction: probeKind === "core_gdb" ? "Run one bounded gdb register/backtrace check against the saved core state before changing the payload." : probeKind === "gdb_replay" ? "Run one bounded gdb replay step against the latest exploit revision before changing the payload." : "Run one bounded offset verification step against the latest exploit revision."
+    };
+  }
+  if (evidence.includes("crash") || evidence.includes("segfault") || evidence.includes("core")) {
+    return {
+      phase: "crash_iteration",
+      recommendation: "A crash state exists. Preserve it and continue the debug loop from the latest observed crash.",
+      boundedTool: "pwn_crash_repro",
+      boundedCommand: getBoundedPwnCommand(probeKind, replayableCommand, binaryPath, corePath),
+      boundedTimeout: 1e4,
+      boundedInstruction: probeKind === "core_gdb" ? "Inspect the saved core state once and preserve the exact crash context before changing the exploit loop." : probeKind === "gdb_replay" ? "Replay the latest gdb-driven crash once and preserve the exact crash state." : "Reproduce the latest crash once and preserve the exact crash state."
+    };
+  }
+  return {
+    phase: "payload_iteration",
+    recommendation: "The pwn loop is still iterating payload design. Continue from the latest payload revision and observations.",
+    boundedTool: "pwn_payload_smoke",
+    boundedCommand: getBoundedPwnCommand(probeKind, replayableCommand, binaryPath, corePath),
+    boundedTimeout: 5e3,
+    boundedInstruction: probeKind === "gdb_replay" ? "Run one bounded gdb-guided smoke step from the latest payload revision." : "Run one bounded payload smoke test from the latest payload revision."
+  };
+}
+
+// src/agents/main-agent/delegated-task-handoff.ts
+function buildLifecycleSnapshot(decision) {
+  const task = decision.task;
+  if (decision.preferredWorkerType !== "shell-supervisor") {
+    if (decision.preferredWorkerType === "exploit") {
+      return getExploitLifecycleSnapshot(task);
+    }
+    if (decision.preferredWorkerType === "pwn") {
+      return getPwnLifecycleSnapshot(task);
+    }
+    return null;
+  }
+  return getShellSupervisorLifecycleSnapshot();
+}
+function buildDelegatedRequestContext(decision, lifecycleSnapshot) {
+  const task = decision.task;
+  if (!lifecycleSnapshot) {
+    return task.summary;
+  }
+  if (decision.preferredWorkerType === "exploit") {
+    return [
+      task.summary,
+      `exploit_phase=${lifecycleSnapshot.phase}`,
+      `recommendation=${lifecycleSnapshot.recommendation}`
+    ].filter(Boolean).join(" | ");
+  }
+  if (decision.preferredWorkerType === "pwn") {
+    return [
+      task.summary,
+      `pwn_phase=${lifecycleSnapshot.phase}`,
+      `recommendation=${lifecycleSnapshot.recommendation}`
+    ].filter(Boolean).join(" | ");
+  }
+  const shellSnapshot = lifecycleSnapshot;
+  return [
+    task.summary,
+    `shell_phase=${shellSnapshot.phase}`,
+    shellSnapshot.listenerId ? `listener=${shellSnapshot.listenerId}` : "",
+    shellSnapshot.activeShellId ? `active_shell=${shellSnapshot.activeShellId}` : "",
+    `recommendation=${shellSnapshot.recommendation}`
+  ].filter(Boolean).join(" | ");
+}
+function buildDelegatedExecutionRequest(decision, context, lifecycleSnapshot) {
+  const task = decision.task;
+  const preferredWorkerType = decision.preferredWorkerType;
+  const requestTask = task.resumeHint || task.task;
+  const boundedLifecycle = preferredWorkerType === "exploit" || preferredWorkerType === "pwn" ? lifecycleSnapshot : null;
+  return {
+    task: requestTask,
+    workerType: preferredWorkerType,
+    resumeTaskId: task.id,
+    target: task.target,
+    context,
+    boundedTool: preferredWorkerType ? getRecommendedBoundedTool({
+      task: requestTask,
+      workerType: preferredWorkerType,
+      target: task.target,
+      context
+    }) ?? void 0 : void 0,
+    boundedCommand: boundedLifecycle?.boundedCommand,
+    boundedTimeout: boundedLifecycle?.boundedTimeout,
+    boundedInstruction: preferredWorkerType ? boundedLifecycle?.boundedInstruction || buildDelegatedExecutionPlan({
+      task: requestTask,
+      workerType: preferredWorkerType,
+      target: task.target,
+      context
+    }) : void 0
+  };
+}
+function buildDelegatedTaskHandoff(decision) {
+  const task = decision.task;
+  const preferredWorkerType = decision.preferredWorkerType;
+  const lifecycleSnapshot = buildLifecycleSnapshot(decision);
+  const context = buildDelegatedRequestContext(decision, lifecycleSnapshot);
+  const delegatedExecutionRequest = buildDelegatedExecutionRequest(decision, context, lifecycleSnapshot);
+  const executionPlan = buildDelegatedExecutionPlan(delegatedExecutionRequest);
+  const details = [
+    `Resume delegated task: ${task.task}.`,
+    `Delegated task ID: ${task.id}.`,
+    `Scheduler reason: ${decision.reason}`,
+    `Scheduler cycle count: ${decision.resumeCount + 1}.`,
+    `Current status: ${task.status}.`,
+    task.waitingOn ? `Waiting on: ${task.waitingOn}.` : "",
+    task.assets.length > 0 ? `Reuse assets: ${task.assets.join(", ")}.` : "",
+    task.sessions.length > 0 ? `Reuse sessions: ${task.sessions.join(", ")}.` : "",
+    task.resumeHint ? `Resume guidance: ${task.resumeHint}.` : "",
+    preferredWorkerType ? `Preferred worker: ${preferredWorkerType}.` : "",
+    delegatedExecutionRequest.boundedTool ? `Bounded tool: ${delegatedExecutionRequest.boundedTool}.` : "",
+    delegatedExecutionRequest.boundedCommand ? `Bounded command candidate: ${delegatedExecutionRequest.boundedCommand}.` : "",
+    preferredWorkerType ? `Delegation policy: if this requires multi-step follow-up, call run_task with worker_type="${preferredWorkerType}" and resume_task_id="${task.id}" for this selected task before creating any unrelated delegated chain.` : "",
+    `Execution hint: ${executionPlan}`,
+    "Execution policy: continue the selected delegated chain first. Do not switch to a different active delegated task until this one is advanced or invalidated.",
+    "Goal: continue the existing chain instead of creating a duplicate operation."
+  ].filter(Boolean);
+  return {
+    shouldForwardToMain: true,
+    forwardedInput: details.join(" "),
+    directResponse: "",
+    shouldWritePolicy: false,
+    policyDocument: "",
+    policyUpdateSummary: "",
+    insightSummary: `Auto-resume delegated task ${task.id} via handoff builder.`,
+    delegatedExecutionRequest,
+    success: true
+  };
+}
+
+// src/agents/main-agent/user-input-runtime.ts
+function collectPendingUserInputs(userInputQueue, pendingInitialUserInput) {
+  const drained = userInputQueue.drain();
+  return [
+    ...pendingInitialUserInput ? [pendingInitialUserInput] : [],
+    ...drained.map((item) => item.text)
+  ].map((text) => text.trim()).filter(Boolean);
+}
+function appendUserInput(existing, next) {
+  return existing.trim() === "" ? next : `${existing}
+
+${next}`;
+}
+function normalizeInputProcessorResult(result, fallbackInput) {
+  if (!result.success) {
+    return {
+      shouldForwardToMain: true,
+      forwardedInput: fallbackInput,
+      directResponse: "",
+      shouldWritePolicy: false,
+      policyDocument: "",
+      policyUpdateSummary: "",
+      insightSummary: "Input processor fallback: forwarded raw input.",
+      success: false
+    };
+  }
+  return {
+    ...result,
+    forwardedInput: result.forwardedInput.trim() || fallbackInput,
+    directResponse: result.directResponse.trim(),
+    policyDocument: result.policyDocument.trim(),
+    policyUpdateSummary: result.policyUpdateSummary.trim(),
+    insightSummary: result.insightSummary.trim()
+  };
+}
+function buildAutoResumeResult(state, delegatedTaskQueue) {
+  const activeTasks = state.getActiveDelegatedTasks();
+  const decision = delegatedTaskQueue.next(activeTasks);
+  if (!decision) {
+    return null;
+  }
+  delegatedTaskQueue.acknowledge(decision.task.id);
+  return buildDelegatedTaskHandoff(decision);
+}
+function buildQueueSnapshot(userInputQueue) {
+  return {
+    count: userInputQueue.pendingCount(),
+    preview: userInputQueue.peek().map((item) => item.text)
+  };
+}
+
+// src/agents/main-agent/queue-facade.ts
+function emitMainAgentQueueUpdated(events, userInputQueue) {
+  events.emit({
+    type: EVENT_TYPES.QUEUE_UPDATED,
+    timestamp: Date.now(),
+    data: buildQueueSnapshot(userInputQueue)
+  });
+}
+function enqueueMainAgentUserInput(userInputQueue, events, text) {
+  userInputQueue.enqueue(text);
+  emitMainAgentQueueUpdated(events, userInputQueue);
+}
+function dequeueMainAgentUserInput(userInputQueue, events) {
+  const value = userInputQueue.dequeueLast();
+  emitMainAgentQueueUpdated(events, userInputQueue);
+  return value;
+}
+function getMainAgentPendingUserInputPreview(userInputQueue) {
+  return userInputQueue.peek().map((item) => item.text);
+}
+
+// src/agents/main-agent/session-mutations.ts
+async function resetMainAgentSession(state, userInputQueue) {
+  return resetSessionAction(state, userInputQueue);
+}
+function loadMainAgentSession(state) {
+  return session.load(state);
+}
+function saveMainAgentSession(state) {
+  return session.save(state);
+}
+function applyMainAgentScope(state, allowed, exclusions = []) {
+  state.setScope({
+    allowedCidrs: allowed.filter((a) => a.includes("/")),
+    allowedDomains: allowed.filter((a) => !a.includes("/")),
+    exclusions,
+    isDOSAllowed: false,
+    isSocialAllowed: false
   });
-  state.reset();
-  userInputQueue.clear();
-  return clearWorkspace();
 }
-var session = {
-  save: (state) => saveState(state),
-  load: (state) => loadState(state)
-};
+function addMainAgentTarget(state, events, ip) {
+  state.addTarget({ ip, ports: [], tags: [], firstSeen: Date.now(), hostname: "" });
+  emitStateChange(events, state);
+}
+
+// src/agents/main-agent/delegated-execution-facade.ts
+function resetDelegatedExecutionState(delegatedExecutionRuntime) {
+  delegatedExecutionRuntime.reset();
+}
+function setDelegatedExecutionRequest(delegatedExecutionRuntime, request) {
+  delegatedExecutionRuntime.set(request);
+}
+function buildDelegatedPromptFragments(delegatedExecutionRuntime) {
+  return {
+    request: delegatedExecutionRuntime.toPromptFragment(),
+    result: delegatedExecutionRuntime.toResultFragment()
+  };
+}
+function getDelegatedExecutionRequest(delegatedExecutionRuntime) {
+  return delegatedExecutionRuntime.peek();
+}
+function consumeDelegatedExecutionRequest(delegatedExecutionRuntime) {
+  return delegatedExecutionRuntime.consume();
+}
+async function executePendingDelegatedRequest(delegatedAutoExecutor, delegatedExecutionRuntime, toolRegistry) {
+  return delegatedAutoExecutor.executePending(delegatedExecutionRuntime, toolRegistry);
+}
+async function maybeAutoExecuteDelegatedRequest(delegatedAutoExecutor, delegatedExecutionRuntime, toolRegistry) {
+  if (!delegatedAutoExecutor.canExecutePending(delegatedExecutionRuntime)) {
+    return null;
+  }
+  return executePendingDelegatedRequest(
+    delegatedAutoExecutor,
+    delegatedExecutionRuntime,
+    toolRegistry
+  );
+}
 
 // src/agents/main-agent/main-agent.ts
 var MainAgent = class extends CoreAgent {
@@ -1743,20 +3467,28 @@ var MainAgent = class extends CoreAgent {
   turnCounter = 0;
   userInputQueue = new UserInputQueue();
   pendingInitialUserInput = null;
+  delegatedTaskQueue = new DelegatedTaskQueue();
+  delegatedExecutionRuntime = new DelegatedExecutionRuntime();
+  delegatedAutoExecutor = new DelegatedAutoExecutor();
   pipelineRunner;
   turnCyclePipeline;
   inputProcessor;
   sessionRuntime;
-  constructor(state, events, toolRegistry, approvalGate, scopeGuard) {
-    super(AGENT_ROLES.ORCHESTRATOR, state, events, toolRegistry);
-    this.approvalGate = approvalGate;
-    this.scopeGuard = scopeGuard;
-    this.promptBuilder = new PromptBuilder(state);
+  constructor(options) {
+    super({
+      agentType: AGENT_ROLES.ORCHESTRATOR,
+      state: options.state,
+      events: options.events,
+      toolRegistry: options.toolRegistry
+    });
+    this.approvalGate = options.approvalGate;
+    this.scopeGuard = options.scopeGuard;
+    this.promptBuilder = new PromptBuilder(options.state);
     this.pipelineRunner = new PipelineRunner();
     this.inputProcessor = createInputProcessor(this.llm);
     this.sessionRuntime = createSessionRuntime();
     setActiveSessionRuntime(this.sessionRuntime);
-    this.turnCyclePipeline = loadPipelineFromConfig(getPipelineConfig(), {
+    this.turnCyclePipeline = loadPipelineFromConfig(getRuntimePipelineConfig(), {
       llm: this.llm,
       conditions: getConditionRegistry(),
       key: "turn_cycle"
@@ -1766,6 +3498,8 @@ var MainAgent = class extends CoreAgent {
   async execute(userInput) {
     this.userInput = "";
     this.pendingInitialUserInput = userInput;
+    this.delegatedTaskQueue.reset();
+    resetDelegatedExecutionState(this.delegatedExecutionRuntime);
     emitStart(this.events, userInput, this.state);
     initializeTask(this.state);
     try {
@@ -1774,7 +3508,7 @@ var MainAgent = class extends CoreAgent {
       return result.output;
     } finally {
       try {
-        session.save(this.state);
+        saveMainAgentSession(this.state);
       } catch {
       }
       await cleanupAllProcesses();
@@ -1809,9 +3543,15 @@ var MainAgent = class extends CoreAgent {
     };
   }
   async processUserInputTurn() {
-    const messages = this.collectPendingUserInputs();
+    const messages = collectPendingUserInputs(this.userInputQueue, this.pendingInitialUserInput);
     this.pendingInitialUserInput = null;
     if (messages.length === 0) {
+      const autoResume = buildAutoResumeResult(this.state, this.delegatedTaskQueue);
+      if (autoResume) {
+        this.updateObjectiveFromInputProcessor(autoResume);
+        await this.maybeAutoExecuteDelegatedRequest();
+        return autoResume;
+      }
       return { shouldForwardToMain: true };
     }
     const rawInput = messages.map((text, index) => `[${index + 1}] ${text}`).join("\n");
@@ -1821,11 +3561,11 @@ var MainAgent = class extends CoreAgent {
       hasActiveEngagement: this.state.hasActiveEngagement(),
       currentObjective: this.state.currentObjective || ""
     });
-    const normalized = this.normalizeInputProcessorResult(result, rawInput);
+    const normalized = normalizeInputProcessorResult(result, rawInput);
     this.updatePolicyFromInputProcessor(normalized);
     this.updateObjectiveFromInputProcessor(normalized);
     this.events.emit({ type: EVENT_TYPES.QUEUE_DRAINED, timestamp: Date.now() });
-    this.emitQueueUpdated();
+    emitMainAgentQueueUpdated(this.events, this.userInputQueue);
     return normalized;
   }
   updatePolicyFromInputProcessor(result) {
@@ -1834,63 +3574,39 @@ var MainAgent = class extends CoreAgent {
     }
   }
   updateObjectiveFromInputProcessor(result) {
+    setDelegatedExecutionRequest(this.delegatedExecutionRuntime, result.delegatedExecutionRequest);
     if (result.shouldForwardToMain && result.forwardedInput.trim()) {
-      this.userInput = this.appendUserInput(this.userInput, result.forwardedInput);
+      this.userInput = appendUserInput(this.userInput, result.forwardedInput);
       if (!this.state.hasActiveEngagement()) {
         this.state.currentObjective = result.forwardedInput;
       }
     }
   }
-  normalizeInputProcessorResult(result, fallbackInput) {
-    if (!result.success) {
-      return {
-        shouldForwardToMain: true,
-        forwardedInput: fallbackInput,
-        directResponse: "",
-        shouldWritePolicy: false,
-        policyDocument: "",
-        policyUpdateSummary: "",
-        insightSummary: "Input processor fallback: forwarded raw input.",
-        success: false
-      };
-    }
-    return {
-      ...result,
-      forwardedInput: result.forwardedInput.trim() || fallbackInput,
-      directResponse: result.directResponse.trim(),
-      policyDocument: result.policyDocument.trim(),
-      policyUpdateSummary: result.policyUpdateSummary.trim(),
-      insightSummary: result.insightSummary.trim()
-    };
-  }
-  collectPendingUserInputs() {
-    const drained = this.userInputQueue.drain();
-    return [
-      ...this.pendingInitialUserInput ? [this.pendingInitialUserInput] : [],
-      ...drained.map((item) => item.text)
-    ].map((text) => text.trim()).filter(Boolean);
-  }
-  appendUserInput(existing, next) {
-    return existing.trim() === "" ? next : `${existing}
-
-${next}`;
-  }
   async buildDynamicPrompt(memory) {
-    return this.promptBuilder.build(this.userInput, this.state.getPhase() || PHASES.RECON, memory);
+    const delegatedExecution = buildDelegatedPromptFragments(this.delegatedExecutionRuntime);
+    return buildMainAgentPrompt(
+      this.promptBuilder,
+      this.state,
+      this.userInput,
+      delegatedExecution,
+      memory
+    );
   }
   // ─── Public API ────────────────────────────────────────────────────────────
   loadPreviousSession() {
-    return session.load(this.state);
+    return loadMainAgentSession(this.state);
   }
   saveCurrentState() {
-    return session.save(this.state);
+    return saveMainAgentSession(this.state);
   }
   async resetSession() {
-    const result = await resetSessionAction(this.state, this.userInputQueue);
+    const result = await resetMainAgentSession(this.state, this.userInputQueue);
     this.userInput = "";
+    this.delegatedTaskQueue.reset();
+    resetDelegatedExecutionState(this.delegatedExecutionRuntime);
     return result;
   }
-  setAutoApprove(shouldEnable) {
+  setToolAutoApprove(shouldEnable) {
     this.approvalGate.setAutoApprove(shouldEnable);
   }
   getState() {
@@ -1905,63 +3621,63 @@ ${next}`;
   getSessionRuntime() {
     return this.sessionRuntime;
   }
-  setScope(allowed, exclusions = []) {
-    this.state.setScope({
-      allowedCidrs: allowed.filter((a) => a.includes("/")),
-      allowedDomains: allowed.filter((a) => !a.includes("/")),
-      exclusions,
-      isDOSAllowed: false,
-      isSocialAllowed: false
-    });
+  getLastDelegatedExecutionRequest() {
+    return getDelegatedExecutionRequest(this.delegatedExecutionRuntime);
+  }
+  consumeDelegatedExecutionRequest() {
+    return consumeDelegatedExecutionRequest(this.delegatedExecutionRuntime);
+  }
+  async executePendingDelegatedRequest() {
+    return executePendingDelegatedRequest(
+      this.delegatedAutoExecutor,
+      this.delegatedExecutionRuntime,
+      this.toolRegistry
+    );
+  }
+  async maybeAutoExecuteDelegatedRequest() {
+    return maybeAutoExecuteDelegatedRequest(
+      this.delegatedAutoExecutor,
+      this.delegatedExecutionRuntime,
+      this.toolRegistry
+    );
+  }
+  configureTarget(ip, exclusions = []) {
+    addMainAgentTarget(this.state, this.events, ip);
+    applyMainAgentScope(this.state, [ip], exclusions);
   }
   addTarget(ip) {
-    this.state.addTarget({ ip, ports: [], tags: [], firstSeen: Date.now(), hostname: "" });
-    emitStateChange(this.events, this.state);
+    addMainAgentTarget(this.state, this.events, ip);
+  }
+  setScope(allowed, exclusions = []) {
+    applyMainAgentScope(this.state, allowed, exclusions);
   }
   enqueueUserInput(text) {
-    this.userInputQueue.enqueue(text);
-    this.emitQueueUpdated();
+    enqueueMainAgentUserInput(this.userInputQueue, this.events, text);
   }
   dequeueLastUserInput() {
-    const value = this.userInputQueue.dequeueLast();
-    this.emitQueueUpdated();
-    return value;
+    return dequeueMainAgentUserInput(this.userInputQueue, this.events);
   }
   hasPendingUserInput() {
     return this.userInputQueue.hasPending();
   }
-  getPendingUserInputCount() {
-    return this.userInputQueue.pendingCount();
-  }
   getPendingUserInputPreview() {
-    return this.userInputQueue.peek().map((item) => item.text);
-  }
-  emitQueueUpdated() {
-    this.events.emit({
-      type: EVENT_TYPES.QUEUE_UPDATED,
-      timestamp: Date.now(),
-      data: {
-        count: this.getPendingUserInputCount(),
-        preview: this.getPendingUserInputPreview()
-      }
-    });
+    return getMainAgentPendingUserInputPreview(this.userInputQueue);
   }
 };
 
-// src/engine/yaml-runtime.ts
+// src/engine/agent-runtime.ts
 import fs from "fs";
-import path2 from "path";
-var YamlRuntime = class _YamlRuntime {
-  static build(state, events, toolRegistry, approvalGate, scopeGuard) {
-    const cfg = getPipelineConfig();
-    _YamlRuntime.setupWorkspace(cfg.workspace);
-    return new MainAgent(state, events, toolRegistry, approvalGate, scopeGuard);
+import path from "path";
+var AgentRuntime = class _AgentRuntime {
+  static build(options) {
+    _AgentRuntime.setupWorkspace(getWorkspaceConfig());
+    return new MainAgent(options);
   }
   static setupWorkspace(workspaceCfg) {
     const directories = workspaceCfg?.directories ?? {};
-    for (const [key, dirPath] of Object.entries(directories)) {
+    for (const dirPath of Object.values(directories)) {
       if (dirPath === "DEPRECATED") continue;
-      const resolved = path2.resolve(process.cwd(), dirPath);
+      const resolved = path.resolve(process.cwd(), dirPath);
       if (!fs.existsSync(resolved)) {
         fs.mkdirSync(resolved, { recursive: true });
       }
@@ -1970,11 +3686,48 @@ var YamlRuntime = class _YamlRuntime {
   }
 };
 
+// src/platform/tui/cli/command-runtime.ts
+import chalk from "chalk";
+function ignoreCleanupFailure() {
+}
+async function cleanupCliProcesses() {
+  await cleanupAllProcesses().catch(ignoreCleanupFailure);
+}
+function printAutoApproveWarning(options = {}) {
+  if (options.includeHeader) {
+    console.log(chalk.hex(HEX.red)("[!] WARNING: Running with --dangerously-skip-permissions"));
+  }
+  console.log(chalk.hex(HEX.red)("[!] Strict approval mode will be bypassed by enabling tool auto-approve.\n"));
+}
+function registerShutdownSignals(shutdown) {
+  process.on("SIGINT", () => shutdown(EXIT_CODES.SIGINT));
+  process.on("SIGTERM", () => shutdown(EXIT_CODES.SIGTERM));
+}
+async function writeJsonReport(outputPath, result) {
+  const fs2 = await import("fs/promises");
+  const { dirname } = await import("path");
+  const outputDir = dirname(outputPath);
+  if (outputDir !== ".") {
+    await fs2.mkdir(outputDir, { recursive: true }).catch(ignoreCleanupFailure);
+  }
+  await fs2.writeFile(outputPath, JSON.stringify({ result }, null, 2));
+}
+
+// src/platform/tui/cli/interactive-runtime.tsx
+import React16 from "react";
+import { render } from "ink";
+
+// src/platform/tui/app.tsx
+import { Box as Box18 } from "ink";
+
+// src/platform/tui/hooks/useAgent.ts
+import { useState as useState6, useEffect as useEffect2, useCallback as useCallback6, useRef as useRef6 } from "react";
+
 // src/agents/factory.ts
-function createMainAgent(shouldAutoApprove = false) {
+function createMainAgent(autoApproveTools = false) {
   const state = new SharedState();
   const events = new AgentEventEmitter();
-  const approvalGate = new ApprovalGate(shouldAutoApprove);
+  const approvalGate = new ApprovalGate(autoApproveTools);
   const scopeGuard = new ScopeGuard(state);
   const toolRegistry = new CategorizedToolRegistry(
     state,
@@ -1982,11 +3735,11 @@ function createMainAgent(shouldAutoApprove = false) {
     approvalGate,
     events
   );
-  return YamlRuntime.build(state, events, toolRegistry, approvalGate, scopeGuard);
+  return AgentRuntime.build({ state, events, toolRegistry, approvalGate, scopeGuard });
 }
 
 // src/platform/tui/hooks/useAgentState.ts
-import { useState, useRef, useCallback } from "react";
+import { useState as useState5, useRef as useRef4, useCallback as useCallback5 } from "react";
 
 // src/platform/tui/constants/limits.ts
 var TUI_DISPLAY_LIMITS = {
@@ -2054,27 +3807,6 @@ var TUI_DISPLAY_LIMITS = {
   maxStoppedProcesses: 3
 };
 
-// src/platform/tui/types.ts
-var DEFAULT_LIVE_PROGRESS = {
-  mode: "idle",
-  stage: "",
-  detail: "",
-  activeTool: "",
-  reasoningPreview: "",
-  responsePreview: ""
-};
-var DEFAULT_FOOTER_DISPLAY_CONFIG = {
-  showTarget: true,
-  showCounts: true,
-  showHints: true,
-  showQueue: true,
-  showWindow: true,
-  showTurn: true,
-  showContext: true,
-  showTokens: true,
-  showRuntime: true
-};
-
 // src/platform/tui/utils/format.ts
 function truncate(text, width) {
   if (width <= 0) return "";
@@ -2126,6 +3858,47 @@ var formatInlineStatus = () => {
   return JSON.stringify(statusData);
 };
 
+// src/platform/tui/hooks/useAgentState/useMessages.ts
+import { useState, useCallback } from "react";
+function useMessages() {
+  const [messages, setMessages] = useState([]);
+  const addMessage = useCallback((type, content) => {
+    const id = generateId();
+    setMessages((prev) => {
+      const next = [...prev, { id, type, content, timestamp: /* @__PURE__ */ new Date() }];
+      if (next.length > TUI_DISPLAY_LIMITS.MAX_MESSAGES) {
+        return next.slice(next.length - TUI_DISPLAY_LIMITS.MAX_MESSAGES);
+      }
+      return next;
+    });
+  }, []);
+  return { messages, setMessages, addMessage };
+}
+
+// src/platform/tui/hooks/useAgentState/useTimer.ts
+import { useState as useState2, useRef, useCallback as useCallback2 } from "react";
+function useTimer() {
+  const [elapsedTime, setElapsedTime] = useState2(0);
+  const startTimeRef = useRef(0);
+  const manageTimer = useCallback2((action) => {
+    if (action === "start") {
+      startTimeRef.current = Date.now();
+      setElapsedTime(0);
+    } else {
+      const startedAt = startTimeRef.current;
+      if (startedAt > 0) {
+        setElapsedTime(Math.max(0, Math.floor((Date.now() - startedAt) / 1e3)));
+      } else {
+        setElapsedTime(0);
+      }
+    }
+  }, []);
+  return { elapsedTime, setElapsedTime, manageTimer };
+}
+
+// src/platform/tui/hooks/useAgentState/useInputBroker.ts
+import { useState as useState3, useCallback as useCallback3, useRef as useRef2 } from "react";
+
 // src/platform/tui/utils/input-request-broker.ts
 function createInputRequestBrokerState() {
   return {
@@ -2175,7 +3948,61 @@ function clearAllInputRequests(state) {
   return pending;
 }
 
-// src/platform/tui/hooks/useAgentState.ts
+// src/platform/tui/hooks/useAgentState/useInputBroker.ts
+function useInputBroker() {
+  const [inputBroker, setInputBroker] = useState3(
+    createInputRequestBrokerState()
+  );
+  const inputBrokerRef = useRef2(inputBroker);
+  inputBrokerRef.current = inputBroker;
+  const enqueueInputRequest2 = useCallback3((request) => {
+    setInputBroker((prev) => enqueueInputRequest(prev, request));
+  }, []);
+  const settleActiveInputRequest = useCallback3((value) => {
+    const current = inputBrokerRef.current;
+    if (current.active.status !== "active") return;
+    current.active.resolve(value);
+    setInputBroker(resolveActiveInputRequest(current).nextState);
+  }, []);
+  const cancelAllInputRequests = useCallback3(() => {
+    const current = inputBrokerRef.current;
+    const pending = clearAllInputRequests(current);
+    for (const request of pending) request.resolve(null);
+    setInputBroker(createInputRequestBrokerState());
+  }, []);
+  return {
+    inputBroker,
+    enqueueInputRequest: enqueueInputRequest2,
+    settleActiveInputRequest,
+    cancelAllInputRequests
+  };
+}
+
+// src/platform/tui/hooks/useAgentState/useLiveProgress.ts
+import { useState as useState4, useCallback as useCallback4 } from "react";
+
+// src/platform/tui/types.ts
+var DEFAULT_LIVE_PROGRESS = {
+  mode: "idle",
+  stage: "",
+  detail: "",
+  activeTool: "",
+  reasoningPreview: "",
+  responsePreview: ""
+};
+var DEFAULT_FOOTER_DISPLAY_CONFIG = {
+  showTarget: true,
+  showCounts: true,
+  showHints: true,
+  showQueue: true,
+  showWindow: true,
+  showTurn: true,
+  showContext: true,
+  showTokens: true,
+  showRuntime: true
+};
+
+// src/platform/tui/hooks/useAgentState/useLiveProgress.ts
 function sanitizeLiveProgress(progress) {
   return {
     mode: progress.mode,
@@ -2186,87 +4013,57 @@ function sanitizeLiveProgress(progress) {
     responsePreview: truncate(progress.responsePreview, TUI_DISPLAY_LIMITS.LIVE_PROGRESS_TEXT_MAX)
   };
 }
-var useAgentState = (isTyping = false) => {
-  const [messages, setMessages] = useState([]);
-  const [isProcessing, setIsProcessing] = useState(false);
-  const [currentStatusState, setCurrentStatusState] = useState("");
-  const [elapsedTime, setElapsedTime] = useState(0);
-  const [retryState, setRetryState] = useState({ status: "idle" });
-  const [currentTokens, setCurrentTokens] = useState(0);
-  const [inputBroker, setInputBroker] = useState(
-    createInputRequestBrokerState()
-  );
-  const [stats, setStats] = useState({ phase: DEFAULTS.INIT_PHASE, targets: 0, findings: 0, todo: 0, targetLabel: "" });
-  const [turnCount, setTurnCount] = useState(0);
-  const [liveProgressState, setLiveProgressState] = useState(DEFAULT_LIVE_PROGRESS);
-  const startTimeRef = useRef(0);
-  const inputBrokerRef = useRef(createInputRequestBrokerState());
-  inputBrokerRef.current = inputBroker;
-  const retryCountdownRef = useRef(null);
-  const retryCountRef = useRef(0);
-  const tokenAccumRef = useRef(0);
-  const lastStepTokensRef = useRef(0);
-  const toolStartedAtRef = useRef(0);
-  const addMessage = useCallback((type, content) => {
-    const id = generateId();
-    setMessages((prev) => {
-      const next = [...prev, { id, type, content, timestamp: /* @__PURE__ */ new Date() }];
-      if (next.length > TUI_DISPLAY_LIMITS.MAX_MESSAGES) {
-        return next.slice(next.length - TUI_DISPLAY_LIMITS.MAX_MESSAGES);
-      }
-      return next;
-    });
-  }, []);
-  const setCurrentStatus = useCallback((value) => {
-    setCurrentStatusState(truncate(value, TUI_DISPLAY_LIMITS.STATUS_TEXT_MAX));
-  }, []);
-  const setLiveProgress = useCallback((value) => {
+function useLiveProgress() {
+  const [liveProgress, setLiveProgressState] = useState4(DEFAULT_LIVE_PROGRESS);
+  const setLiveProgress = useCallback4((value) => {
     setLiveProgressState((prev) => {
       const next = typeof value === "function" ? value(prev) : value;
       return sanitizeLiveProgress(next);
     });
   }, []);
-  const resetCumulativeCounters = useCallback(() => {
+  return { liveProgress, setLiveProgress };
+}
+
+// src/platform/tui/hooks/useAgentState.ts
+var useAgentState = (isTyping = false) => {
+  const { messages, setMessages, addMessage } = useMessages();
+  const { elapsedTime, setElapsedTime, manageTimer } = useTimer();
+  const { inputBroker, enqueueInputRequest: enqueueInputRequest2, settleActiveInputRequest, cancelAllInputRequests } = useInputBroker();
+  const { liveProgress, setLiveProgress } = useLiveProgress();
+  const [isProcessing, setIsProcessing] = useState5(false);
+  const [currentStatusState, setCurrentStatusState] = useState5("");
+  const [retryState, setRetryState] = useState5({ status: "idle" });
+  const [currentTokens, setCurrentTokens] = useState5(0);
+  const [stats, setStats] = useState5({ phase: DEFAULTS.INIT_PHASE, targets: 0, findings: 0, todo: 0, targetLabel: "" });
+  const [turnCount, setTurnCount] = useState5(0);
+  const retryCountdownRef = useRef4(null);
+  const retryCountRef = useRef4(0);
+  const tokenAccumRef = useRef4(0);
+  const lastStepTokensRef = useRef4(0);
+  const toolStartedAtRef = useRef4(0);
+  const setCurrentStatus = useCallback5((value) => {
+    setCurrentStatusState(truncate(value, TUI_DISPLAY_LIMITS.STATUS_TEXT_MAX));
+  }, []);
+  const resetCumulativeCounters = useCallback5(() => {
     setCurrentTokens(0);
     retryCountRef.current = 0;
     tokenAccumRef.current = 0;
     lastStepTokensRef.current = 0;
-    setLiveProgress(DEFAULT_LIVE_PROGRESS);
-  }, []);
-  const manageTimer = useCallback((action) => {
-    if (action === "start") {
-      startTimeRef.current = Date.now();
-      setElapsedTime(0);
-    } else {
-      const startedAt = startTimeRef.current;
-      if (startedAt > 0) {
-        setElapsedTime(Math.max(0, Math.floor((Date.now() - startedAt) / 1e3)));
-      } else {
-        setElapsedTime(0);
-      }
-    }
-  }, []);
-  const clearAllTimers = useCallback(() => {
+    setLiveProgress({
+      mode: "thinking",
+      stage: "",
+      detail: "",
+      activeTool: "",
+      reasoningPreview: "",
+      responsePreview: ""
+    });
+  }, [setLiveProgress]);
+  const clearAllTimers = useCallback5(() => {
     if (retryCountdownRef.current) {
       clearInterval(retryCountdownRef.current);
       retryCountdownRef.current = null;
     }
   }, []);
-  const enqueueInputRequest2 = useCallback((request) => {
-    setInputBroker((prev) => enqueueInputRequest(prev, request));
-  }, []);
-  const settleActiveInputRequest = useCallback((value) => {
-    const current = inputBrokerRef.current;
-    if (current.active.status !== "active") return;
-    current.active.resolve(value);
-    setInputBroker(resolveActiveInputRequest(current).nextState);
-  }, []);
-  const cancelAllInputRequests = useCallback(() => {
-    const current = inputBrokerRef.current;
-    const pending = clearAllInputRequests(current);
-    for (const request of pending) request.resolve(null);
-    setInputBroker(createInputRequestBrokerState());
-  }, []);
   return {
     // State
     messages,
@@ -2286,7 +4083,7 @@ var useAgentState = (isTyping = false) => {
     setStats,
     turnCount,
     setTurnCount,
-    liveProgress: liveProgressState,
+    liveProgress,
     setLiveProgress,
     // Refs (external consumers only)
     retryCountdownRef,
@@ -2294,8 +4091,6 @@ var useAgentState = (isTyping = false) => {
     tokenAccumRef,
     lastStepTokensRef,
     toolStartedAtRef,
-    // WHY timerRef excluded: internal to manageTimer/clearAllTimers only,
-    // no external consumer exists.
     // Helpers
     addMessage,
     resetCumulativeCounters,
@@ -2308,7 +4103,7 @@ var useAgentState = (isTyping = false) => {
 };
 
 // src/platform/tui/hooks/useAgentEvents/index.ts
-import { useEffect, useRef as useRef2 } from "react";
+import { useEffect, useRef as useRef5 } from "react";
 
 // src/platform/tui/constants/styles.ts
 var MESSAGE_STYLES = {
@@ -2967,7 +4762,7 @@ var useAgentEvents = (agent, eventsRef, state, isTyping = false) => {
     lastStepTokensRef,
     setCurrentTokens
   } = state;
-  const reasoningBufferRef = useRef2("");
+  const reasoningBufferRef = useRef5("");
   const getTargetLabel = () => {
     const firstTarget = agent.getState().getAllTargets()[0];
     return firstTarget?.hostname || firstTarget?.ip || "";
@@ -3076,8 +4871,8 @@ function trimQueuedMessages(queue, maxLength, maxItems) {
   return trimmed.slice(trimmed.length - maxItems);
 }
 var useAgent = (shouldAutoApprove, target, isTyping = false) => {
-  const [agent] = useState2(() => createMainAgent(shouldAutoApprove));
-  const eventsRef = useRef3(agent.getEventEmitter());
+  const [agent] = useState6(() => createMainAgent(shouldAutoApprove));
+  const eventsRef = useRef6(agent.getEventEmitter());
   const state = useAgentState(isTyping);
   const {
     messages,
@@ -3102,9 +4897,9 @@ var useAgent = (shouldAutoApprove, target, isTyping = false) => {
     settleActiveInputRequest,
     cancelAllInputRequests
   } = state;
-  const [messageQueue, setMessageQueue] = useState2([]);
-  const messageQueueLengthRef = useRef3(0);
-  const setMessageQueueSafe = useCallback2((value) => {
+  const [messageQueue, setMessageQueue] = useState6([]);
+  const messageQueueLengthRef = useRef6(0);
+  const setMessageQueueSafe = useCallback6((value) => {
     setMessageQueue((prev) => {
       const next = typeof value === "function" ? value(prev) : value;
       return trimQueuedMessages(
@@ -3119,8 +4914,7 @@ var useAgent = (shouldAutoApprove, target, isTyping = false) => {
   }, [messageQueue.length]);
   useEffect2(() => {
     if (target) {
-      agent.addTarget(target);
-      agent.setScope([target]);
+      agent.configureTarget(target);
     }
   }, [agent, target]);
   useEffect2(() => {
@@ -3141,8 +4935,8 @@ var useAgent = (shouldAutoApprove, target, isTyping = false) => {
     };
   }, [agent, addMessage, setMessageQueueSafe]);
   useAgentEvents(agent, eventsRef, state, isTyping);
-  const abortedRef = useRef3(false);
-  const executeTask = useCallback2(async (task) => {
+  const abortedRef = useRef6(false);
+  const executeTask = useCallback6(async (task) => {
     let currentTask = task;
     while (true) {
       abortedRef.current = false;
@@ -3188,7 +4982,7 @@ var useAgent = (shouldAutoApprove, target, isTyping = false) => {
       }
     }
   }, [agent, addMessage, manageTimer, resetCumulativeCounters, setIsProcessing, setCurrentStatus, setTurnCount]);
-  const abort = useCallback2(() => {
+  const abort = useCallback6(() => {
     abortedRef.current = true;
     agent.abort();
     setIsProcessing(false);
@@ -3196,21 +4990,21 @@ var useAgent = (shouldAutoApprove, target, isTyping = false) => {
     setCurrentStatus("");
     addMessage("system", UI_MESSAGES.INTERRUPTED);
   }, [agent, addMessage, manageTimer, setIsProcessing, setCurrentStatus]);
-  const recallQueuedInput = useCallback2(() => {
+  const recallQueuedInput = useCallback6(() => {
     const recalled = agent.dequeueLastUserInput();
     if (!recalled) return null;
     return recalled;
   }, [agent]);
-  const inputRequestRef = useRef3(inputRequest);
+  const inputRequestRef = useRef6(inputRequest);
   inputRequestRef.current = inputRequest;
-  const cancelInputRequest = useCallback2(() => {
+  const cancelInputRequest = useCallback6(() => {
     const ir = inputRequestRef.current;
     if (ir.status === "active") {
       settleActiveInputRequest(null);
       addMessage("system", UI_MESSAGES.INPUT_CANCELLED);
     }
   }, [settleActiveInputRequest, addMessage]);
-  const refreshStats = useCallback2(() => {
+  const refreshStats = useCallback6(() => {
     const s = agent.getState();
     setStats({
       phase: s.getPhase() || PHASES.RECON,
@@ -3248,7 +5042,7 @@ var useAgent = (shouldAutoApprove, target, isTyping = false) => {
 };
 
 // src/platform/tui/hooks/commands/index.ts
-import { useCallback as useCallback3, useMemo } from "react";
+import { useCallback as useCallback7, useMemo } from "react";
 
 // src/platform/tui/constants/commands.ts
 var COMMAND_DEFINITIONS = [
@@ -3346,8 +5140,7 @@ var createTargetCommands = (ctx) => {
       await ctx.agent.resetSession();
       ctx.addMessage("system", UI_STATUS_MESSAGES.TARGET_CLEARED);
     }
-    ctx.agent.addTarget(args[0]);
-    ctx.agent.setScope([args[0]]);
+    ctx.agent.configureTarget(args[0]);
     ctx.addMessage("system", `${UI_STATUS_MESSAGES.TARGET_SET_PREFIX}${args[0]}`);
   };
   const handleStart = async (args) => {
@@ -3357,7 +5150,7 @@ var createTargetCommands = (ctx) => {
     }
     if (!ctx.autoApproveModeRef.current) {
       ctx.setAutoApproveMode(true);
-      ctx.agent.setAutoApprove(true);
+      ctx.agent.setToolAutoApprove(true);
       ctx.addMessage("system", UI_STATUS_MESSAGES.AUTONOMOUS_MODE_ENABLED);
     }
     ctx.addMessage("system", UI_STATUS_MESSAGES.STARTING_PENTEST);
@@ -3757,7 +5550,7 @@ var createToggleCommands = (ctx) => ({
   [UI_COMMANDS.AUTO]: () => {
     ctx.setAutoApproveMode((prev) => {
       const newVal = !prev;
-      ctx.agent.setAutoApprove(newVal);
+      ctx.agent.setToolAutoApprove(newVal);
       ctx.addMessage("system", newVal ? UI_STATUS_MESSAGES.AUTO_APPROVE_ON : UI_STATUS_MESSAGES.AUTO_APPROVE_OFF);
       return newVal;
     });
@@ -3826,7 +5619,7 @@ var useCommands = (props) => {
     ...createDisplayCommands(ctx),
     ...createToggleCommands(ctx)
   }), [ctx]);
-  const handleCommand = useCallback3(async (cmd, args) => {
+  const handleCommand = useCallback7(async (cmd, args) => {
     const handler = handlers[cmd];
     if (handler) {
       await handler(args);
@@ -3838,15 +5631,15 @@ var useCommands = (props) => {
 };
 
 // src/platform/tui/hooks/useKeyboardShortcuts.ts
-import { useCallback as useCallback6, useEffect as useEffect4 } from "react";
+import { useCallback as useCallback10, useEffect as useEffect4 } from "react";
 import { useInput } from "ink";
 
 // src/platform/tui/hooks/keyboard/useDoubleTap.ts
-import { useRef as useRef4, useCallback as useCallback4, useEffect as useEffect3 } from "react";
+import { useRef as useRef7, useCallback as useCallback8, useEffect as useEffect3 } from "react";
 var useDoubleTap = ({ onFirstTap, onSecondTap, windowMs }) => {
-  const timerRef = useRef4(null);
-  const pressedRef = useRef4(false);
-  const trigger = useCallback4(() => {
+  const timerRef = useRef7(null);
+  const pressedRef = useRef7(false);
+  const trigger = useCallback8(() => {
     if (pressedRef.current) {
       if (timerRef.current) clearTimeout(timerRef.current);
       pressedRef.current = false;
@@ -3861,7 +5654,7 @@ var useDoubleTap = ({ onFirstTap, onSecondTap, windowMs }) => {
       timerRef.current = null;
     }, windowMs);
   }, [onFirstTap, onSecondTap, windowMs]);
-  const reset = useCallback4(() => {
+  const reset = useCallback8(() => {
     if (timerRef.current) clearTimeout(timerRef.current);
     pressedRef.current = false;
     timerRef.current = null;
@@ -3894,7 +5687,7 @@ var useExitHandler = ({
 };
 
 // src/platform/tui/hooks/keyboard/useEscHandler.ts
-import { useCallback as useCallback5 } from "react";
+import { useCallback as useCallback9 } from "react";
 var useEscHandler = ({
   cancelInputRequest,
   abort,
@@ -3917,7 +5710,7 @@ var useEscHandler = ({
     },
     windowMs
   });
-  const handleEsc = useCallback5(() => {
+  const handleEsc = useCallback9(() => {
     if (inputRequestRef.current.status === "active") {
       cancelInputRequest();
       return;
@@ -3963,7 +5756,7 @@ var useKeyboardShortcuts = ({
     inputRef,
     windowMs: DOUBLE_TAP_WINDOW
   });
-  useInput(useCallback6((ch, key) => {
+  useInput(useCallback10((ch, key) => {
     if (isModalOpenRef.current) return;
     if (key.escape) handleEsc();
     if (key.ctrl && ch === "c") handleCtrlC();
@@ -3981,7 +5774,7 @@ var useKeyboardShortcuts = ({
 };
 
 // src/platform/tui/hooks/useAppLogic.ts
-import { useState as useState3, useCallback as useCallback7, useRef as useRef5 } from "react";
+import { useState as useState7, useCallback as useCallback11, useRef as useRef8 } from "react";
 import { useApp } from "ink";
 function sanitizeInput(value) {
   return value.replace(/(?:\x1b)?\[<\d+;\d+;\d+[mM]/g, "").replace(/\x1b\[[0-9;]*[A-Za-z]/g, "").replace(/[\x00-\x08\x0B-\x1F\x7F-\x9F]/g, "").trim();
@@ -4005,11 +5798,11 @@ function parseSlashCommandInput(value) {
 var useAppLogic = ({ autoApprove = false, target }) => {
   const { exit } = useApp();
   const { columns: terminalWidth, rows: terminalHeight } = useTerminalSize();
-  const [input, setInput] = useState3("");
-  const [secretInput, setSecretInput] = useState3("");
-  const [autoApproveMode, setAutoApproveMode] = useState3(autoApprove);
-  const [modal, setModal] = useState3({ type: null, content: "", scrollOffset: 0 });
-  const [footerConfig, setFooterConfig] = useState3(DEFAULT_FOOTER_DISPLAY_CONFIG);
+  const [input, setInput] = useState7("");
+  const [secretInput, setSecretInput] = useState7("");
+  const [autoApproveMode, setAutoApproveMode] = useState7(autoApprove);
+  const [modal, setModal] = useState7({ type: null, content: "", scrollOffset: 0 });
+  const [footerConfig, setFooterConfig] = useState7(DEFAULT_FOOTER_DISPLAY_CONFIG);
   const isTyping = input.length > 0 || secretInput.length > 0;
   const {
     agent,
@@ -4035,26 +5828,26 @@ var useAppLogic = ({ autoApprove = false, target }) => {
     addMessage,
     refreshStats
   } = useAgent(autoApproveMode, target, isTyping);
-  const isProcessingRef = useRef5(isProcessing);
+  const isProcessingRef = useRef8(isProcessing);
   isProcessingRef.current = isProcessing;
-  const autoApproveModeRef = useRef5(autoApproveMode);
+  const autoApproveModeRef = useRef8(autoApproveMode);
   autoApproveModeRef.current = autoApproveMode;
-  const inputRequestRef = useRef5(inputRequest);
+  const inputRequestRef = useRef8(inputRequest);
   inputRequestRef.current = inputRequest;
-  const isModalOpenRef = useRef5(!!modal.type);
+  const isModalOpenRef = useRef8(!!modal.type);
   isModalOpenRef.current = !!modal.type;
-  const inputRef = useRef5(input);
+  const inputRef = useRef8(input);
   inputRef.current = input;
-  const clearInput = useCallback7(() => {
+  const clearInput = useCallback11(() => {
     setInput("");
   }, []);
-  const showModal = useCallback7((type, content) => {
+  const showModal = useCallback11((type, content) => {
     setModal({ type, content, scrollOffset: 0 });
   }, []);
-  const closeModal = useCallback7(() => {
+  const closeModal = useCallback11(() => {
     setModal({ type: null, content: "", scrollOffset: 0 });
   }, []);
-  const handleModalScroll = useCallback7((delta) => {
+  const handleModalScroll = useCallback11((delta) => {
     setModal((prev) => {
       const lines = prev.content.split("\n");
       const maxHeight = terminalHeight - TUI_DISPLAY_LIMITS.MODAL_CHROME_HEIGHT;
@@ -4063,12 +5856,19 @@ var useAppLogic = ({ autoApprove = false, target }) => {
       return { ...prev, scrollOffset: newOffset };
     });
   }, [terminalHeight]);
-  const handleExit = useCallback7(() => {
+  const handleExit = useCallback11(() => {
     cancelAllInputRequests();
     cleanupAllProcesses().catch(() => {
     });
     exit();
-    setTimeout(() => process.exit(0), DISPLAY_LIMITS.EXIT_DELAY);
+    setTimeout(() => {
+      const reqs = getGlobalRequestCount();
+      const usage = getGlobalTokenUsage();
+      console.log(`
+[Session Summary] Total LLM Requests: ${reqs} | Tokens In: ${usage.input_tokens} | Tokens Out: ${usage.output_tokens}
+`);
+      process.exit(0);
+    }, DISPLAY_LIMITS.EXIT_DELAY);
   }, [exit, cancelAllInputRequests]);
   const { handleCommand } = useCommands({
     agent,
@@ -4084,10 +5884,10 @@ var useAppLogic = ({ autoApprove = false, target }) => {
     isProcessingRef,
     autoApproveModeRef
   });
-  const handleRecallQueuedInput = useCallback7(() => {
+  const handleRecallQueuedInput = useCallback11(() => {
     return recallQueuedInput();
   }, [recallQueuedInput]);
-  const handleSecretSubmit = useCallback7((value) => {
+  const handleSecretSubmit = useCallback11((value) => {
     const ir = inputRequestRef.current;
     if (ir.status !== "active") return;
     const sanitized = sanitizeInput(value).slice(0, TUI_DISPLAY_LIMITS.MAX_INPUT_CHARS);
@@ -4096,7 +5896,7 @@ var useAppLogic = ({ autoApprove = false, target }) => {
     settleActiveInputRequest(sanitized);
     setSecretInput("");
   }, [addMessage, settleActiveInputRequest]);
-  const handleSubmit = useCallback7(async (value) => {
+  const handleSubmit = useCallback11(async (value) => {
     const trimmed = sanitizeInput(value);
     if (!trimmed) return;
     setInput("");
@@ -4159,11 +5959,11 @@ var useAppLogic = ({ autoApprove = false, target }) => {
 };
 
 // src/platform/tui/hooks/useTerminalSize.ts
-import { useState as useState4, useEffect as useEffect5 } from "react";
+import { useState as useState8, useEffect as useEffect5 } from "react";
 import { useStdout } from "ink";
 function useTerminalSize() {
   const { stdout } = useStdout();
-  const [size, setSize] = useState4({
+  const [size, setSize] = useState8({
     columns: stdout?.columns ?? TUI_DISPLAY_LIMITS.TERMINAL_DEFAULT_COLUMNS,
     rows: stdout?.rows ?? TUI_DISPLAY_LIMITS.TERMINAL_DEFAULT_ROWS
   });
@@ -4185,12 +5985,12 @@ function useTerminalSize() {
 }
 
 // src/platform/tui/hooks/useAnimationTick.tsx
-import { createContext, useContext, useState as useState5, useEffect as useEffect6 } from "react";
+import { createContext, useContext, useState as useState9, useEffect as useEffect6 } from "react";
 import { jsx } from "react/jsx-runtime";
 var ANIM_TICK_MS = 100;
 var AnimationContext = createContext(0);
 var AnimationProvider = ({ children }) => {
-  const [tick, setTick] = useState5(0);
+  const [tick, setTick] = useState9(0);
   useEffect6(() => {
     const timer = setInterval(() => {
       setTick((t) => t + 1);
@@ -4780,10 +6580,10 @@ var MessageList = memo6(({
 import { memo as memo9 } from "react";
 
 // src/platform/tui/hooks/useStatusTimer.ts
-import { useState as useState6, useEffect as useEffect7, useRef as useRef6 } from "react";
+import { useState as useState10, useEffect as useEffect7, useRef as useRef9 } from "react";
 var useStatusTimer = (currentStatus, isProcessing) => {
-  const [statusElapsed, setStatusElapsed] = useState6(0);
-  const lastStatusRef = useRef6("");
+  const [statusElapsed, setStatusElapsed] = useState10(0);
+  const lastStatusRef = useRef9("");
   useEffect7(() => {
     if (!isProcessing || !currentStatus) {
       lastStatusRef.current = "";
@@ -5038,7 +6838,7 @@ var StatusDisplay = memo9(({
 });
 
 // src/platform/tui/components/ChatInput.tsx
-import { useMemo as useMemo4, useCallback as useCallback8, useRef as useRef8, memo as memo10, useState as useState8 } from "react";
+import { useMemo as useMemo4, useCallback as useCallback12, useRef as useRef11, memo as memo10, useState as useState12 } from "react";
 import { Box as Box14, Text as Text15 } from "ink";
 
 // src/platform/tui/components/input/AutocompletePreview.tsx
@@ -5081,7 +6881,7 @@ var AutocompletePreview = ({
 import { Box as Box12, Text as Text13 } from "ink";
 
 // src/platform/tui/components/input/SimpleTextInput.tsx
-import { useState as useState7, useEffect as useEffect8, useRef as useRef7, useMemo as useMemo3 } from "react";
+import { useState as useState11, useEffect as useEffect8, useRef as useRef10, useMemo as useMemo3 } from "react";
 import { Box as Box11, Text as Text12, useInput as useInput2, useStdout as useStdout2 } from "ink";
 import { jsx as jsx15, jsxs as jsxs10 } from "react/jsx-runtime";
 var MOUSE_SEQUENCE_RE = /(?:\x1b)?\[<\d+;\d+;\d+[mM]/g;
@@ -5109,7 +6909,7 @@ var SimpleTextInput = ({
   onSpecialKey
 }) => {
   const chars = useMemo3(() => Array.from(value || ""), [value]);
-  const [cursor, setCursor] = useState7(chars.length);
+  const [cursor, setCursor] = useState11(chars.length);
   const { write } = useStdout2();
   useEffect8(() => {
     write?.("\x1B[?25h");
@@ -5117,12 +6917,12 @@ var SimpleTextInput = ({
       write?.("\x1B[?25l");
     };
   }, [write]);
-  const lastInputRef = useRef7("");
-  const lastInputTimeRef = useRef7(0);
-  const valueRef = useRef7(value || "");
+  const lastInputRef = useRef10("");
+  const lastInputTimeRef = useRef10(0);
+  const valueRef = useRef10(value || "");
   valueRef.current = value || "";
-  const mouseFragmentRef = useRef7("");
-  const cursorRef = useRef7(cursor);
+  const mouseFragmentRef = useRef10("");
+  const cursorRef = useRef10(cursor);
   cursorRef.current = cursor;
   useEffect8(() => {
     setCursor((prev) => {
@@ -5313,40 +7113,40 @@ var ChatInput = memo10(({
   }, [isSlashMode, partialCmd, hasArgs]);
   const showPreview = isSlashMode && !hasArgs && suggestions.length > 0;
   const showCommandHelp = isSlashMode && !hasArgs && suggestions.length === 0 && value.length > 1;
-  const [selectedIdx, setSelectedIdx] = useState8(0);
+  const [selectedIdx, setSelectedIdx] = useState12(0);
   const clampedIdx = Math.min(selectedIdx, Math.max(0, suggestions.length - 1));
-  const selectedIdxRef = useRef8(clampedIdx);
+  const selectedIdxRef = useRef11(clampedIdx);
   selectedIdxRef.current = clampedIdx;
-  const suggestionsRef = useRef8(suggestions);
+  const suggestionsRef = useRef11(suggestions);
   suggestionsRef.current = suggestions;
-  const isSlashModeRef = useRef8(isSlashMode);
+  const isSlashModeRef = useRef11(isSlashMode);
   isSlashModeRef.current = isSlashMode;
-  const hasArgsRef = useRef8(hasArgs);
+  const hasArgsRef = useRef11(hasArgs);
   hasArgsRef.current = hasArgs;
-  const showPreviewRef = useRef8(showPreview);
+  const showPreviewRef = useRef11(showPreview);
   showPreviewRef.current = showPreview;
-  const inputRequestRef = useRef8(inputRequest);
+  const inputRequestRef = useRef11(inputRequest);
   inputRequestRef.current = inputRequest;
-  const onChangeRef = useRef8(onChange);
+  const onChangeRef = useRef11(onChange);
   onChangeRef.current = onChange;
-  const onRecallQueuedInputRef = useRef8(onRecallQueuedInput);
+  const onRecallQueuedInputRef = useRef11(onRecallQueuedInput);
   onRecallQueuedInputRef.current = onRecallQueuedInput;
-  const queuedCountRef = useRef8(queuedCount);
+  const queuedCountRef = useRef11(queuedCount);
   queuedCountRef.current = queuedCount;
-  const latestValueRef = useRef8(value);
+  const latestValueRef = useRef11(value);
   latestValueRef.current = value;
-  const handleLocalChange = useCallback8((newVal) => {
+  const handleLocalChange = useCallback12((newVal) => {
     latestValueRef.current = newVal;
     onChange(newVal);
   }, [onChange]);
-  const latestSecretRef = useRef8(secretInput);
+  const latestSecretRef = useRef11(secretInput);
   latestSecretRef.current = secretInput;
-  const handleSecretChange = useCallback8((newVal) => {
+  const handleSecretChange = useCallback12((newVal) => {
     latestSecretRef.current = newVal;
     setSecretInput(newVal);
   }, [setSecretInput]);
-  const [inputKey, setInputKey] = useState8(0);
-  const completeCommand = useCallback8((idx) => {
+  const [inputKey, setInputKey] = useState12(0);
+  const completeCommand = useCallback12((idx) => {
     const sug = suggestionsRef.current;
     if (!sug.length) return;
     const best = sug[Math.min(idx, sug.length - 1)];
@@ -5356,9 +7156,9 @@ var ChatInput = memo10(({
     setSelectedIdx(0);
     setInputKey((k) => k + 1);
   }, []);
-  const onSubmitRef = useRef8(onSubmit);
+  const onSubmitRef = useRef11(onSubmit);
   onSubmitRef.current = onSubmit;
-  const wrappedOnSubmit = useCallback8((_staleVal) => {
+  const wrappedOnSubmit = useCallback12((_staleVal) => {
     const finalValue = latestValueRef.current;
     if (showPreviewRef.current) {
       const sug = suggestionsRef.current;
@@ -5378,12 +7178,12 @@ var ChatInput = memo10(({
     }
     onSubmitRef.current(finalValue);
   }, [completeCommand]);
-  const onSecretSubmitRef = useRef8(onSecretSubmit);
+  const onSecretSubmitRef = useRef11(onSecretSubmit);
   onSecretSubmitRef.current = onSecretSubmit;
-  const wrappedSecretSubmit = useCallback8((_staleVal) => {
+  const wrappedSecretSubmit = useCallback12((_staleVal) => {
     onSecretSubmitRef.current(latestSecretRef.current);
   }, []);
-  const handleSpecialKey = useCallback8((key) => {
+  const handleSpecialKey = useCallback12((key) => {
     if (inputRequestRef.current.status === "active") return false;
     const sug = suggestionsRef.current;
     const visible = showPreviewRef.current;
@@ -5454,7 +7254,7 @@ var ChatInput = memo10(({
 });
 
 // src/platform/tui/components/footer.tsx
-import { memo as memo11, useState as useState9, useEffect as useEffect9 } from "react";
+import { memo as memo11, useState as useState13, useEffect as useEffect9 } from "react";
 import { Box as Box15, Text as Text16 } from "ink";
 import { jsx as jsx19, jsxs as jsxs14 } from "react/jsx-runtime";
 var SECS_PER_HOUR = 3600;
@@ -5490,7 +7290,7 @@ var Footer = memo11(({
   const { columns } = useTerminalSize();
   const ctxPct = totalTokens > 0 ? Math.round(totalTokens / LLM_LIMITS.streamMaxTokens * 100) : 0;
   const canShowHint = !isProcessing && inputText.length === 0;
-  const [showHint, setShowHint] = useState9(false);
+  const [showHint, setShowHint] = useState13(false);
   useEffect9(() => {
     if (!canShowHint) {
       setShowHint(false);
@@ -5533,7 +7333,7 @@ var Footer = memo11(({
 var footer_default = Footer;
 
 // src/platform/tui/components/Modal.tsx
-import { useMemo as useMemo5, memo as memo12, useCallback as useCallback9, useRef as useRef9 } from "react";
+import { useMemo as useMemo5, memo as memo12, useCallback as useCallback13, useRef as useRef12 } from "react";
 import { Box as Box16, Text as Text17, useInput as useInput3 } from "ink";
 import { jsx as jsx20, jsxs as jsxs15 } from "react/jsx-runtime";
 var MODAL_TITLES = {
@@ -5548,9 +7348,9 @@ var Modal = memo12(({
   onScroll,
   onClose
 }) => {
-  const onScrollRef = useRef9(onScroll);
+  const onScrollRef = useRef12(onScroll);
   onScrollRef.current = onScroll;
-  const onCloseRef = useRef9(onClose);
+  const onCloseRef = useRef12(onClose);
   onCloseRef.current = onClose;
   const { columns, rows } = useTerminalSize();
   const terminalHeight = rows;
@@ -5562,7 +7362,7 @@ var Modal = memo12(({
     () => lines.slice(scrollOffset, scrollOffset + maxHeight),
     [lines, scrollOffset, maxHeight]
   );
-  useInput3(useCallback9((input, key) => {
+  useInput3(useCallback13((input, key) => {
     if (key.escape || input === "q") {
       onCloseRef.current();
     } else if (key.upArrow || input === "k") {
@@ -5828,7 +7628,7 @@ var App = ({ autoApprove = false, target }) => {
 var app_default = App;
 
 // src/platform/tui/components/SplashScreen.tsx
-import { useEffect as useEffect11, useState as useState10 } from "react";
+import { useEffect as useEffect11, useState as useState14 } from "react";
 import { Box as Box19, Text as Text19 } from "ink";
 
 // src/platform/tui/components/CoinFrames.ts
@@ -6527,7 +8327,7 @@ var SplashScreen = ({
 }) => {
   const { columns, rows } = useTerminalSize();
   const tick = useAnimationTick();
-  const [elapsed, setElapsed] = useState10(0);
+  const [elapsed, setElapsed] = useState14(0);
   useEffect11(() => {
     const start = Date.now();
     const interval = setInterval(() => {
@@ -6559,9 +8359,9 @@ var SplashScreen = ({
   );
 };
 
-// src/platform/tui/cli/commands/interactive.tsx
+// src/platform/tui/cli/interactive-runtime.tsx
 import { jsx as jsx24 } from "react/jsx-runtime";
-var Root = ({ skipPermissions, target }) => {
+var InteractiveRoot = ({ autoApprove, target }) => {
   const [showSplash, setShowSplash] = React16.useState(true);
   if (showSplash) {
     return /* @__PURE__ */ jsx24(SplashScreen, { durationMs: 3e3, onComplete: () => setShowSplash(false) });
@@ -6569,61 +8369,62 @@ var Root = ({ skipPermissions, target }) => {
   return /* @__PURE__ */ jsx24(
     app_default,
     {
-      autoApprove: skipPermissions,
+      autoApprove,
       target
     }
   );
 };
-async function interactiveAction(options) {
-  const { dangerouslySkipPermissions: skipPermissions = false, target } = options;
-  console.clear();
-  if (skipPermissions) {
-    console.log(chalk.hex(HEX.red)("[!] WARNING: Running with --dangerously-skip-permissions"));
-    console.log(chalk.hex(HEX.red)("[!] All tool executions will be auto-approved!\n"));
-  }
+async function renderInteractiveApp(props) {
   const { waitUntilExit } = render(
-    /* @__PURE__ */ jsx24(AnimationProvider, { children: /* @__PURE__ */ jsx24(Root, { skipPermissions, target }) })
+    /* @__PURE__ */ jsx24(AnimationProvider, { children: /* @__PURE__ */ jsx24(InteractiveRoot, { ...props }) })
   );
   await waitUntilExit();
 }
 
+// src/platform/tui/cli/commands/interactive.tsx
+async function interactiveAction(options) {
+  const { dangerouslySkipPermissions: autoApproveTools = false, target } = options;
+  console.clear();
+  if (autoApproveTools) {
+    printAutoApproveWarning({ includeHeader: true });
+  }
+  await renderInteractiveApp({
+    autoApprove: autoApproveTools,
+    target
+  });
+}
+
 // src/platform/tui/cli/commands/run.ts
 import chalk2 from "chalk";
 async function runAction(objective, options) {
-  const skipPermissions = options.dangerouslySkipPermissions || false;
-  if (skipPermissions) {
-    console.log(chalk2.hex(HEX.red)("[!] WARNING: Running with --dangerously-skip-permissions\n"));
+  const autoApproveTools = options.dangerouslySkipPermissions || false;
+  if (autoApproveTools) {
+    printAutoApproveWarning({ includeHeader: true });
   }
   console.log(chalk2.hex(HEX.primary)(`[target] Objective: ${objective}
 `));
-  const agent = createMainAgent(skipPermissions);
-  if (skipPermissions) {
-    agent.setAutoApprove(true);
+  const agent = createMainAgent(autoApproveTools, options.maxSteps);
+  if (autoApproveTools) {
+    agent.setToolAutoApprove(true);
   }
   if (options.target) {
-    agent.addTarget(options.target);
-    agent.setScope([options.target]);
+    agent.configureTarget(options.target);
   }
   const shutdown = async (exitCode = 0) => {
-    await cleanupAllProcesses().catch(() => {
-    });
+    await cleanupCliProcesses();
+    const reqs = getGlobalRequestCount();
+    const usage = getGlobalTokenUsage();
+    console.log(chalk2.hex(HEX.gray)(`
+[Session Summary] Requests: ${reqs} | In: ${usage.input_tokens} | Out: ${usage.output_tokens}`));
     process.exit(exitCode);
   };
-  process.on("SIGINT", () => shutdown(EXIT_CODES.SIGINT));
-  process.on("SIGTERM", () => shutdown(EXIT_CODES.SIGTERM));
+  registerShutdownSignals(shutdown);
   try {
     const result = await agent.execute(objective);
     console.log(chalk2.hex(HEX.gray)("\n[+] Assessment complete!\n"));
     console.log(result);
     if (options.output) {
-      const fs2 = await import("fs/promises");
-      const { dirname } = await import("path");
-      const outputDir = dirname(options.output);
-      if (outputDir && outputDir !== ".") {
-        await fs2.mkdir(outputDir, { recursive: true }).catch(() => {
-        });
-      }
-      await fs2.writeFile(options.output, JSON.stringify({ result }, null, 2));
+      await writeJsonReport(options.output, result);
       console.log(chalk2.hex(HEX.primary)(`
 [+] Report saved to: ${options.output}`));
     }
@@ -6639,20 +8440,20 @@ async function runAction(objective, options) {
 // src/platform/tui/cli/commands/scan.ts
 import chalk3 from "chalk";
 async function scanAction(target, options) {
-  const skipPermissions = options.dangerouslySkipPermissions || false;
+  const autoApproveTools = options.dangerouslySkipPermissions || false;
   console.log(chalk3.hex(HEX.primary)(`
 [scan] Target: ${target} (${options.scanType})
 `));
-  const agent = createMainAgent(skipPermissions);
-  agent.addTarget(target);
-  agent.setScope([target]);
+  if (autoApproveTools) {
+    printAutoApproveWarning();
+  }
+  const agent = createMainAgent(autoApproveTools);
+  agent.configureTarget(target);
   const shutdown = async (exitCode = 0) => {
-    await cleanupAllProcesses().catch(() => {
-    });
+    await cleanupCliProcesses();
     process.exit(exitCode);
   };
-  process.on("SIGINT", () => shutdown(EXIT_CODES.SIGINT));
-  process.on("SIGTERM", () => shutdown(EXIT_CODES.SIGTERM));
+  registerShutdownSignals(shutdown);
   try {
     await agent.execute(`Perform a ${options.scanType} scan on ${target}${options.ports ? ` focusing on ports ${options.ports}` : ""}. Analyze the results and identify potential vulnerabilities.`);
     console.log(chalk3.hex(HEX.gray)("[+] Scan complete!"));
@@ -6674,7 +8475,7 @@ ${chalk4.hex(HEX.primary)(APP_NAME + " - Autonomous Penetration Testing AI")}
 
   ${chalk4.hex(HEX.gray)("$ pentesting")}                                   Start interactive mode
   ${chalk4.hex(HEX.gray)("$ pentesting -t 192.168.1.1")}                     Start with target
-  ${chalk4.hex(HEX.gray)("$ pentesting --dangerously-skip-permissions")}    Auto-approve all tools
+  ${chalk4.hex(HEX.gray)("$ pentesting --dangerously-skip-permissions")}    Enable tool auto-approve in strict mode
 
 ${chalk4.hex(HEX.yellow)("Commands:")}
 
@@ -6684,7 +8485,7 @@ ${chalk4.hex(HEX.yellow)("Commands:")}
 
 ${chalk4.hex(HEX.yellow)("Options:")}
 
-  ${chalk4.hex(HEX.primary)("--dangerously-skip-permissions")}    Skip all permission prompts
+  ${chalk4.hex(HEX.primary)("--dangerously-skip-permissions")}    Bypass strict approval mode by auto-approving tools
   ${chalk4.hex(HEX.primary)("-t, --target <ip>")}                 Set target
   ${chalk4.hex(HEX.primary)("-o, --output <file>")}               Save results to file
 
@@ -6715,10 +8516,20 @@ ${chalk4.hex(HEX.yellow)("Environment:")}
 `);
 }
 
+// src/platform/tui/cli/args.ts
+import { InvalidArgumentError } from "commander";
+function parsePositiveInt(value) {
+  const parsed = Number.parseInt(value, 10);
+  if (!Number.isInteger(parsed) || parsed <= 0) {
+    throw new InvalidArgumentError("max-steps must be a positive integer");
+  }
+  return parsed;
+}
+
 // src/platform/tui/cli/program.ts
 function createProgram() {
   const program2 = new Command();
-  program2.name("pentesting").version(APP_VERSION).description(APP_DESCRIPTION).option("--dangerously-skip-permissions", "Skip all permission prompts (dangerous!)").option("-t, --target <target>", "Set initial target");
+  program2.name("pentesting").version(APP_VERSION).description(APP_DESCRIPTION).option("--dangerously-skip-permissions", "Enable auto-approve for tool execution in strict approval mode (dangerous!)").option("-t, --target <target>", "Set initial target");
   program2.command("interactive", { isDefault: true }).alias("i").description("Start interactive TUI mode").action(async () => {
     const opts = program2.opts();
     await interactiveAction({
@@ -6726,7 +8537,7 @@ function createProgram() {
       target: opts.target
     });
   });
-  program2.command("run <objective>").alias("r").description("Run a single objective and exit").option("-o, --output <file>", "Output file for results").option("--max-steps <n>", "Maximum number of steps", String(CLI_DEFAULT.MAX_STEPS)).action(async (objective, options) => {
+  program2.command("run <objective>").alias("r").description("Run a single objective and exit").option("-o, --output <file>", "Output file for results").option("--max-steps <n>", "Maximum number of steps", parsePositiveInt, CLI_DEFAULT.MAX_STEPS).action(async (objective, options) => {
     const opts = program2.opts();
     await runAction(objective, {
       ...options,