pentesting 0.73.3 → 0.73.4

package/dist/main.js

@@ -42,7 +42,7 @@ import {
   rotateTurnRecords,
   setCurrentTurn,
   writePolicyDocument
-} from "./chunk-BKWCGMSV.js";
+} from "./chunk-3KWJPPYB.js";
 import {
   AGENT_ROLES,
   APP_DESCRIPTION,
@@ -75,20 +75,22 @@ import {
   generateId,
   getErrorMessage,
   getProcessOutput,
+  getWorkspaceConfig,
   initDebugLogger,
   listBackgroundProcesses,
   loadState,
+  readRuntimeAssetFile,
+  resolveRuntimeAssetPath,
   saveState,
   setActiveSessionRuntime,
   setTorEnabled,
   snapshotToPrompt
-} from "./chunk-UB7RW6LM.js";
+} from "./chunk-7E2VUIFU.js";
 import {
   EXIT_CODES,
-  getPipelineConfig,
-  getPromptBuilderConfig,
-  getPromptSources
-} from "./chunk-GLO6TOJN.js";
+  getOptionalRuntimeSection,
+  getRequiredRuntimeSection
+} from "./chunk-I52SWXYV.js";
 
 // src/platform/tui/main.tsx
 import chalk5 from "chalk";
@@ -294,17 +296,6 @@ var CLI_SCAN_TYPES = Object.freeze([
   CLI_SCAN_TYPE.VULN
 ]);
 
-// src/platform/tui/cli/commands/interactive.tsx
-import React16 from "react";
-import { render } from "ink";
-import chalk from "chalk";
-
-// src/platform/tui/app.tsx
-import { Box as Box18 } from "ink";
-
-// src/platform/tui/hooks/useAgent.ts
-import { useState as useState6, useEffect as useEffect2, useCallback as useCallback6, useRef as useRef6 } from "react";
-
 // src/engine/events.ts
 var AgentEventEmitter = class {
   listeners = /* @__PURE__ */ new Map();
@@ -591,13 +582,25 @@ var ApprovalGate = class {
     return this.shouldAutoApprove;
   }
   /**
-   * Runtime-aware approval:
-   * - containerized runtime defaults to advisory
-   * - host runtime defaults to require_auto_approve
-   * Category/level system is retained for audit trail only.
+   * Expose the effective runtime approval mode for UI/help text and tests.
+   */
+  getMode() {
+    return this.mode;
+  }
+  /**
+   * Whether tool execution is currently gated on the explicit auto-approve toggle.
+   */
+  requiresAutoApprove() {
+    return this.mode === "require_auto_approve";
+  }
+  /**
+   * Runtime-aware approval.
+   *
+   * In strict mode we currently have one explicit gate:
+   * the operator must enable auto-approve before tool execution proceeds.
    */
   async request(toolCall) {
-    if (this.mode === "require_auto_approve" && !this.shouldAutoApprove) {
+    if (this.requiresAutoApprove() && !this.shouldAutoApprove) {
       return {
         isApproved: false,
         reason: AUTO_APPROVE_REQUIRED_REASON(toolCall.name)
@@ -608,34 +611,67 @@ var ApprovalGate = class {
 };
 
 // src/agents/prompt-builder/prompt-loader.ts
-import { readFileSync as readFileSync2, existsSync as existsSync2 } from "fs";
+import { readFileSync as readFileSync2 } from "fs";
 import { join } from "path";
+
+// src/agents/prompt-sources.ts
+var DEFAULT_PROMPT_BASE_DIR = "src/agents/prompts/";
+var EMPTY_TECHNIQUE_SOURCES = [];
+var EMPTY_CORE_KNOWLEDGE_SOURCES = [];
+function getPromptSources() {
+  return getRequiredRuntimeSection("prompt_sources");
+}
+function getPromptSourceConfigValue(key) {
+  return getPromptSources()[key];
+}
+function getPhasePromptSource(phase) {
+  return getPromptSourceConfigValue("phase_prompts")?.[phase];
+}
+function getPromptBaseDir() {
+  return getPromptSourceConfigValue("base_dir") ?? DEFAULT_PROMPT_BASE_DIR;
+}
+function getPhaseTechniqueSources(phase) {
+  return getPromptSourceConfigValue("phase_techniques")?.[phase] ?? EMPTY_TECHNIQUE_SOURCES;
+}
+function getTechniqueBaseDir() {
+  return getPromptSourceConfigValue("techniques_dir");
+}
+function getCoreKnowledgeSources() {
+  return getPromptSourceConfigValue("core_knowledge") ?? EMPTY_CORE_KNOWLEDGE_SOURCES;
+}
+
+// src/agents/prompt-builder/prompt-loader.ts
 var _promptsDir = null;
 var _techniquesDir = null;
 function getPromptsDir() {
   if (!_promptsDir) {
-    const sources = getPromptSources();
-    _promptsDir = join(process.cwd(), sources.base_dir ?? "src/agents/prompts/");
+    const baseDir = getPromptBaseDir();
+    _promptsDir = resolveRuntimeAssetPath(baseDir) ?? join(process.cwd(), baseDir);
   }
   return _promptsDir;
 }
 function getTechniquesDir() {
   if (!_techniquesDir) {
-    const sources = getPromptSources();
-    _techniquesDir = sources.techniques_dir ? join(process.cwd(), sources.techniques_dir) : join(getPromptsDir(), PROMPT_PATHS.TECHNIQUES_DIR);
+    const techniquesDir = getTechniqueBaseDir();
+    _techniquesDir = techniquesDir ? resolveRuntimeAssetPath(techniquesDir) ?? join(process.cwd(), techniquesDir) : join(getPromptsDir(), PROMPT_PATHS.TECHNIQUES_DIR);
   }
   return _techniquesDir;
 }
 function loadPromptFile(filename) {
-  const path3 = join(getPromptsDir(), filename);
-  return existsSync2(path3) ? readFileSync2(path3, PROMPT_CONFIG.ENCODING) : "";
+  const path2 = join(getPromptsDir(), filename);
+  try {
+    const resolved = resolveRuntimeAssetPath(path2) ?? path2;
+    return readFileSync2(resolved, PROMPT_CONFIG.ENCODING);
+  } catch {
+    return "";
+  }
 }
 function loadTechniqueFile(techniqueName) {
   const filename = techniqueName.endsWith(".md") ? techniqueName : `${techniqueName}.md`;
   const filePath = join(getTechniquesDir(), filename);
   try {
-    if (!existsSync2(filePath)) return "";
-    return readFileSync2(filePath, PROMPT_CONFIG.ENCODING);
+    const resolved = resolveRuntimeAssetPath(filePath) ?? filePath;
+    return readFileSync2(resolved, PROMPT_CONFIG.ENCODING);
   } catch {
     return "";
   }
@@ -794,68 +830,32 @@ function buildUserContextFragment(userInput) {
   return PROMPT_DEFAULTS.USER_CONTEXT(userInput);
 }
 
-// src/agents/prompt-builder/yaml-layer-executor.ts
-import { existsSync as existsSync3, readFileSync as readFileSync3 } from "fs";
-import path from "path";
-var STATE_FRAGMENT_REGISTRY = {
-  "state.scope": (ctx) => buildScopeFragment(ctx.state),
-  "state.todo": (ctx) => buildTodoFragment(ctx.state),
-  "state.time": (ctx) => buildTimeFragment(ctx.state),
-  "state.serialized": (ctx) => buildStateFragment(ctx.state, StateSerializer.toPrompt(ctx.state)),
-  "state.workingMemory": (ctx) => buildWorkingMemoryFragment(ctx.state),
-  "state.challengeAnalysis": (ctx) => buildChallengeAnalysisFragment(ctx.state),
-  "state.attackGraph": (ctx) => buildAttackGraphFragment(ctx.state),
-  "state.episodicMemory": (ctx) => buildEpisodicMemoryFragment(ctx.state),
-  "state.dynamicTechniques": (ctx) => buildDynamicTechniquesFragment(ctx.state),
-  "state.lastReflection": (ctx) => buildLastReflectionFragment(ctx.state.lastReflection),
-  "state.targets_ports": (ctx) => buildAttackIntelligenceFragment(ctx.state),
-  // persistent memory는 별도 처리 (import 순서 문제 방지)
-  "state.persistentMemory": (ctx) => buildPersistentMemoryFragment(ctx.state)
-};
-async function executeLayer(layer, ctx) {
-  try {
-    switch (layer.type) {
-      case "file":
-        return executeFileLayer(layer);
-      case "file_phase_mapped":
-        return executePhaseFileLayer(ctx.phase);
-      case "files":
-        return executeFilesLayer(layer, ctx.phase);
-      case "files_phase_mapped":
-        return executePhaseFilesLayer(layer, ctx.phase);
-      case "state":
-        return executeStateLayer(layer, ctx);
-      case "static":
-        return layer.content?.trim() ?? null;
-      case "file_read":
-        return executeFileReadLayer(layer) || null;
-      case "user_input":
-        return buildUserContextFragment(ctx.userInput) || null;
-      case "memory": {
-        const key = layer.source?.replace(/^memory\./, "") || "";
-        return ctx.memory?.[key] || null;
-      }
-      default:
-        return null;
-    }
-  } catch {
-    return null;
+// src/agents/prompt-builder/layer-wrapping.ts
+function wrapLayerContent(template, content, tokens = {}) {
+  if (!template) {
+    return content;
   }
+  return Object.entries({ ...tokens, content }).reduce(
+    (acc, [key, value]) => acc.replace(`{${key}}`, value),
+    template
+  );
+}
+function wrapTechniqueReference(name, content) {
+  return `<technique-reference category="${name}">
+${content}
+</technique-reference>`;
 }
+
+// src/agents/prompt-builder/file-layer-executors.ts
 function executeFileReadLayer(layer) {
   const source = layer.source?.trim();
   if (!source) return null;
   if (source.includes("{N-1}")) {
     return buildJournalFragment() || null;
   }
-  const absolutePath = path.resolve(process.cwd(), source);
-  if (!existsSync3(absolutePath)) return null;
-  const content = readFileSync3(absolutePath, "utf-8").trim();
+  const content = readRuntimeAssetFile(source, "utf-8")?.trim();
   if (!content) return null;
-  if (layer.wrap) {
-    return layer.wrap.replace("{content}", content);
-  }
-  return content;
+  return wrapLayerContent(layer.wrap, content);
 }
 function executeFileLayer(layer) {
   if (!layer.source) return null;
@@ -864,54 +864,149 @@ function executeFileLayer(layer) {
   return loadPromptFile(filename) || null;
 }
 function executePhaseFileLayer(phase) {
-  const sources = getPromptSources();
-  const file = sources.phase_prompts?.[phase];
+  const file = getPhasePromptSource(phase);
   if (!file) return null;
   return loadPromptFile(file) || null;
 }
 function executeFilesLayer(layer, phase) {
-  const sources = getPromptSources();
-  const files = sources.core_knowledge ?? [];
-  const phaseFile = sources.phase_prompts?.[phase];
+  const files = getCoreKnowledgeSources();
+  const phaseFile = getPhasePromptSource(phase);
   const filtered = layer.exclude_current_phase_file && phaseFile ? files.filter((f) => f !== phaseFile) : files;
-  const parts = filtered.map((f) => {
-    const content = loadPromptFile(f);
+  const parts = filtered.map((file) => {
+    const content = loadPromptFile(file);
     if (!content) return "";
-    const label = f.replace(".md", "");
-    if (layer.wrap) {
-      return layer.wrap.replace("{label}", label).replace("{content}", content);
-    }
-    return content;
+    const label = file.replace(".md", "");
+    return wrapLayerContent(layer.wrap, content, { label });
   });
   return parts.filter(Boolean).join("\n\n") || null;
 }
 function executePhaseFilesLayer(layer, phase) {
-  const sources = getPromptSources();
-  const files = sources.phase_techniques?.[phase] ?? [];
+  const files = getPhaseTechniqueSources(phase);
   if (files.length === 0) return null;
   const parts = files.map((name) => {
     const content = loadTechniqueFile(name);
     if (!content) return "";
-    if (layer.wrap) {
-      return layer.wrap.replace("{name}", name).replace("{content}", content);
-    }
-    return `<technique-reference category="${name}">
-${content}
-</technique-reference>`;
+    if (layer.wrap) return wrapLayerContent(layer.wrap, content, { name });
+    return wrapTechniqueReference(name, content);
   });
   return parts.filter(Boolean).join("\n\n") || null;
 }
+
+// src/agents/prompt-builder/state-layer-registry.ts
+var STATE_LAYER_REGISTRY = {
+  "state.scope": (ctx) => buildScopeFragment(ctx.state),
+  "state.todo": (ctx) => buildTodoFragment(ctx.state),
+  "state.time": (ctx) => buildTimeFragment(ctx.state),
+  "state.serialized": (ctx) => buildStateFragment(ctx.state, StateSerializer.toPrompt(ctx.state)),
+  "state.workingMemory": (ctx) => buildWorkingMemoryFragment(ctx.state),
+  "state.challengeAnalysis": (ctx) => buildChallengeAnalysisFragment(ctx.state),
+  "state.attackGraph": (ctx) => buildAttackGraphFragment(ctx.state),
+  "state.episodicMemory": (ctx) => buildEpisodicMemoryFragment(ctx.state),
+  "state.dynamicTechniques": (ctx) => buildDynamicTechniquesFragment(ctx.state),
+  "state.lastReflection": (ctx) => buildLastReflectionFragment(ctx.state.lastReflection),
+  "state.targets_ports": (ctx) => buildAttackIntelligenceFragment(ctx.state),
+  "state.persistentMemory": (ctx) => buildPersistentMemoryFragment(ctx.state)
+};
+
+// src/agents/prompt-builder/stateful-layer-executors.ts
 function executeStateLayer(layer, ctx) {
   const source = layer.source ?? "";
   if (source === "state.blind_spots") {
     return buildBlindSpotsCheckFragment() || null;
   }
-  const fn = STATE_FRAGMENT_REGISTRY[source];
+  const fn = STATE_LAYER_REGISTRY[source];
   if (!fn) return null;
   const fragment = fn(ctx);
   if (!fragment && layer.on_empty) return layer.on_empty;
   return fragment || null;
 }
+function executeMemoryLayer(layer, ctx) {
+  const key = layer.source?.replace(/^memory\./, "") || "";
+  return ctx.memory?.[key] || null;
+}
+
+// src/agents/prompt-builder/layer-executor.ts
+var LAYER_EXECUTORS = {
+  file: (layer) => executeFileLayer(layer),
+  file_phase_mapped: (_layer, ctx) => executePhaseFileLayer(ctx.phase),
+  files: (layer, ctx) => executeFilesLayer(layer, ctx.phase),
+  files_phase_mapped: (layer, ctx) => executePhaseFilesLayer(layer, ctx.phase),
+  state: (layer, ctx) => executeStateLayer(layer, ctx),
+  static: (layer) => layer.content?.trim() ?? null,
+  file_read: (layer) => executeFileReadLayer(layer),
+  user_input: (_layer, ctx) => buildUserContextFragment(ctx.userInput) || null,
+  memory: (layer, ctx) => executeMemoryLayer(layer, ctx)
+};
+async function executeLayer(layer, ctx) {
+  try {
+    return LAYER_EXECUTORS[layer.type]?.(layer, ctx) ?? null;
+  } catch {
+    return null;
+  }
+}
+
+// src/agents/prompt-builder/prompt-section-builder.ts
+function sortLayersByPriority(layers) {
+  return [...layers].sort((a, b) => a.id - b.id);
+}
+async function buildPromptSections(layers, ctx) {
+  const sortedLayers = sortLayersByPriority(layers);
+  const alwaysIncluded = sortedLayers.filter((layer) => layer.always_included);
+  const regularLayers = sortedLayers.filter((layer) => !layer.always_included);
+  const regularSections = await renderLayerGroup(regularLayers, ctx);
+  const alwaysSections = await renderLayerGroup(alwaysIncluded, ctx);
+  return { regularSections, alwaysSections };
+}
+async function renderLayerGroup(layers, ctx) {
+  const sections = [];
+  for (const layer of layers) {
+    const fragment = await executeLayer(layer, ctx);
+    if (fragment) {
+      sections.push(fragment);
+    }
+  }
+  return sections;
+}
+
+// src/agents/prompt-builder/prompt-truncation.ts
+var TRUNCATION_NOTICE = "... [PROMPT TRUNCATED: content exceeded context limit] ...";
+var TRUNCATION_NOTICE_RESERVE = 100;
+function joinPromptSections(sections) {
+  const alwaysText = sections.alwaysSections.filter(Boolean).join("\n\n");
+  const fullBody = sections.regularSections.filter(Boolean).join("\n\n");
+  const full = alwaysText ? `${fullBody}
+
+${alwaysText}` : fullBody;
+  return { fullBody, alwaysText, full };
+}
+function applyPromptTruncation(fullBody, alwaysText, maxChars, userInput) {
+  const full = alwaysText ? `${fullBody}
+
+${alwaysText}` : fullBody;
+  if (full.length <= maxChars) {
+    return full;
+  }
+  const reservedLen = alwaysText.length + TRUNCATION_NOTICE_RESERVE;
+  const truncated = fullBody.slice(0, maxChars - reservedLen);
+  return alwaysText ? `${truncated}
+
+${TRUNCATION_NOTICE}
+
+${alwaysText}` : `${truncated}
+
+${TRUNCATION_NOTICE}
+
+${buildUserContextFragment(userInput)}`;
+}
+
+// src/agents/prompt-builder-config.ts
+var DEFAULT_PROMPT_BUILDER_CONFIG = {};
+function getPromptBuilderConfig() {
+  return getOptionalRuntimeSection("prompt_builder") ?? DEFAULT_PROMPT_BUILDER_CONFIG;
+}
+function getPromptBuilderLayers() {
+  return getPromptBuilderConfig().layers ?? [];
+}
 
 // src/agents/prompt-builder/prompt-builder.ts
 var DEFAULT_MAX_CHARS = 4e5;
@@ -921,51 +1016,23 @@ var PromptBuilder = class {
     this.state = state;
   }
   /**
-   * Build the system prompt by executing pipeline.yaml layers in order.
+   * Build the system prompt by executing declarative prompt layers in order.
    *
-   * Layer order is determined by `id` in pipeline.yaml prompt_builder.layers.
-   * To add/remove/reorder layers: edit pipeline.yaml only.
+   * Layer order is determined by `id` in runtime config prompt_builder.layers.
    */
   async build(userInput, phase, memory) {
     const config = getPromptBuilderConfig();
     const maxChars = config.max_chars ?? DEFAULT_MAX_CHARS;
-    const layers = [...config.layers ?? []].sort((a, b) => a.id - b.id);
-    const alwaysIncluded = layers.filter((l) => l.always_included);
-    const regularLayers = layers.filter((l) => !l.always_included);
+    const layers = getPromptBuilderLayers();
     const ctx = {
       state: this.state,
       phase,
       userInput,
       memory: memory ?? {}
     };
-    const regularSections = [];
-    for (const layer of regularLayers) {
-      const fragment = await executeLayer(layer, ctx);
-      if (fragment) regularSections.push(fragment);
-    }
-    const alwaysSections = [];
-    for (const layer of alwaysIncluded) {
-      const fragment = await executeLayer(layer, ctx);
-      if (fragment) alwaysSections.push(fragment);
-    }
-    const alwaysText = alwaysSections.filter(Boolean).join("\n\n");
-    const fullBody = regularSections.filter(Boolean).join("\n\n");
-    const full = alwaysText ? `${fullBody}
-
-${alwaysText}` : fullBody;
-    if (full.length <= maxChars) return full;
-    const reservedLen = alwaysText.length + 100;
-    const truncated = fullBody.slice(0, maxChars - reservedLen);
-    const notice = "... [PROMPT TRUNCATED: content exceeded context limit] ...";
-    return alwaysText ? `${truncated}
-
-${notice}
-
-${alwaysText}` : `${truncated}
-
-${notice}
-
-${buildUserContextFragment(userInput)}`;
+    const sections = await buildPromptSections(layers, ctx);
+    const { fullBody, alwaysText } = joinPromptSections(sections);
+    return applyPromptTruncation(fullBody, alwaysText, maxChars, userInput);
   }
 };
 
@@ -1091,9 +1158,6 @@ var ActionNode = class {
 // src/engine/pipeline/builder.ts
 var flagsCaptured = (ctx) => ctx.flagsAfter > ctx.flagsBefore;
 
-// src/engine/pipeline/loader.ts
-import { parse as yamlParse } from "yaml";
-
 // src/engine/pipeline/io-registry.ts
 var SOURCE_REGISTRY = {
   // ── Reflector input fields (ReflectorInput) ───────────────────────────────
@@ -1412,7 +1476,7 @@ var makeRotateTurns = (_llm, _opts) => async (_ctx) => {
 };
 var makeSaveSession = (_llm, _opts) => async (ctx) => {
   try {
-    const { saveState: saveState2 } = await import("./persistence-2WKQHGOL.js");
+    const { saveState: saveState2 } = await import("./persistence-BNVN3WW6.js");
     saveState2(ctx.state);
   } catch {
   }
@@ -1737,6 +1801,21 @@ var session = {
   load: (state) => loadState(state)
 };
 
+// src/agents/runtime-pipeline-config.ts
+function readRuntimePipelineNodes() {
+  return getRequiredRuntimeSection("nodes");
+}
+function readRuntimeTurnCycle() {
+  return getRequiredRuntimeSection("turn_cycle");
+}
+function getRuntimePipelineConfig() {
+  return {
+    version: getOptionalRuntimeSection("version"),
+    nodes: readRuntimePipelineNodes(),
+    turn_cycle: readRuntimeTurnCycle()
+  };
+}
+
 // src/agents/main-agent/delegated-task-scheduler.ts
 function getDelegatedTaskPriority(task) {
   const workerPriority = task.nextWorkerType || task.workerType;
@@ -1828,7 +1907,126 @@ var DelegatedTaskQueue = class {
   }
 };
 
-// src/agents/main-agent/delegated-execution-plan.ts
+// src/agents/main-agent/exploit-runtime-signals.ts
+function outputContainsAny(output, patterns) {
+  return patterns.some((pattern) => output.includes(pattern.toLowerCase()));
+}
+function getExploitResultSignals(result) {
+  const output = (result.output || "").toLowerCase();
+  const hasSession = outputContainsAny(output, ["[sessions]", "shell", "session"]);
+  const hasLoot = outputContainsAny(output, ["[loot]", "password", "credential", "token", "hash"]);
+  const hasAsset = outputContainsAny(output, ["[assets]", "artifact", "file", "payload"]);
+  return {
+    hasSession,
+    hasLoot,
+    hasAsset,
+    indicatesProgress: hasSession || hasLoot || hasAsset || outputContainsAny(output, ["[status] running", "[status] success"])
+  };
+}
+function buildExploitExecutionAnalysis(phase, signals) {
+  if (signals.hasSession) {
+    return {
+      phaseObservation: "exploit chain produced a foothold or authenticated session",
+      nextHint: "reuse the current foothold and continue from the confirmed access path"
+    };
+  }
+  if (phase === "credential_followup") {
+    return {
+      phaseObservation: signals.hasLoot ? "credential follow-up produced reusable credential material" : "credential follow-up step executed",
+      nextHint: "reuse validated credentials before changing exploit vectors"
+    };
+  }
+  if (phase === "artifact_ready") {
+    return {
+      phaseObservation: signals.hasAsset ? "artifact validation produced a reusable artifact or asset" : "artifact validation step executed",
+      nextHint: "advance the current artifact before replacing it"
+    };
+  }
+  return {
+    phaseObservation: signals.indicatesProgress ? "exploit chain advanced and produced follow-up signals" : "delegated exploit step executed",
+    nextHint: "continue the selected exploit chain before switching vectors"
+  };
+}
+
+// src/agents/main-agent/pwn-runtime-signals.ts
+function outputContainsAny2(output, patterns) {
+  return patterns.some((pattern) => output.includes(pattern.toLowerCase()));
+}
+function getPwnResultSignals(result) {
+  const output = (result.output || "").toLowerCase();
+  const hasFoothold2 = outputContainsAny2(output, ["[sessions]", "shell", "uid=", "got shell"]);
+  const stillCrashing = outputContainsAny2(output, ["crash", "segfault", "core"]);
+  const hasFindings = outputContainsAny2(output, ["[findings]", "rip controlled", "offset", "eip", "pc controlled"]);
+  return {
+    hasFoothold: hasFoothold2,
+    stillCrashing,
+    hasFindings,
+    indicatesProgress: hasFoothold2 || hasFindings || outputContainsAny2(output, ["[status] running", "[status] success", "[nextworker] pwn"])
+  };
+}
+function buildPwnExecutionAnalysis(phase, signals) {
+  if (signals.hasFoothold) {
+    return {
+      phaseObservation: "pwn chain achieved code execution or an interactive foothold",
+      nextHint: "reuse the achieved foothold and continue from the working exploit state"
+    };
+  }
+  if (phase === "offset_known") {
+    return {
+      phaseObservation: signals.hasFindings ? "offset-guided pwn iteration confirmed control signals" : "offset-guided pwn iteration executed",
+      nextHint: "continue from the known offset and latest payload revision"
+    };
+  }
+  if (phase === "crash_iteration") {
+    return {
+      phaseObservation: signals.stillCrashing ? "crash-driven pwn iteration preserved the crash state" : "crash-driven pwn iteration executed",
+      nextHint: "preserve crash evidence and narrow the next payload iteration"
+    };
+  }
+  return {
+    phaseObservation: signals.indicatesProgress ? "pwn chain advanced and produced follow-up signals" : "delegated pwn step executed",
+    nextHint: "continue the selected exploit-development loop before broadening scope"
+  };
+}
+
+// src/agents/main-agent/delegated-execution-analysis.ts
+function getBoundedCredentialService(request) {
+  const command = request.boundedCommand || "";
+  if (command.includes("sshpass")) return "ssh";
+  if (command.includes("smbclient")) return "smb";
+  if (command.includes("evil-winrm")) return "winrm";
+  if (command.includes("xfreerdp")) return "rdp";
+  if (command.includes("ldapwhoami") || command.includes("ldapsearch")) return "ldap";
+  if (command.includes("mysql ")) return "mysql";
+  if (command.includes("psql ")) return "postgres";
+  if (command.includes("curl -fsSIL -u")) return "http";
+  if (command.includes("curl -fsS --user")) return "ftp";
+  if (command.includes("Authorization: Bearer") || command.includes("X-API-Key")) return "token_or_api";
+  return null;
+}
+function getBoundedArtifactKind(request) {
+  const command = request.boundedCommand || "";
+  if (command.includes("curl -fsSIL") && command.includes("| head -n 5")) return "webshell";
+  if (command.includes("head -n 5") && command.includes(".sql")) return "database_dump";
+  if (command.includes("head -n 5") && command.includes(".db")) return "database_dump";
+  if (command.includes("smbclient -L")) return "smb_share";
+  if (command.includes("curl -fsSIL")) return "url";
+  if (command.includes("test -e")) return "file";
+  return null;
+}
+function getBoundedPwnProbeKind(request) {
+  const command = request.boundedCommand || "";
+  if (command.includes("gdb -q") && command.includes("info registers") && command.includes("bt")) {
+    return "core_gdb";
+  }
+  if (command.startsWith("gdb ")) {
+    return "gdb_replay";
+  }
+  if (command.includes("timeout 5")) {
+    return "binary_smoke";
+  }
+  return null;
+}
 function getPhaseFromContext(context, key) {
   if (!context) {
     return null;
@@ -1836,50 +2034,150 @@ function getPhaseFromContext(context, key) {
   const match = context.match(new RegExp(`${key}=([a-z_]+)`));
   return match?.[1] ?? null;
 }
-function getRecommendedBoundedTool(request) {
-  if (request.workerType === "shell-supervisor") {
-    const phase = getPhaseFromContext(request.context, "shell_phase");
-    if (phase === "listener_waiting") return "listener_status";
-    if (phase === "listener_callback_detected") return "shell_promote";
-    if (phase === "active_shell_stabilizing") return "shell_upgrade";
-    if (phase === "active_shell_stabilized" || phase === "post_exploitation_active") return "shell_check";
-    return null;
-  }
-  if (request.workerType === "exploit") {
-    const phase = getPhaseFromContext(request.context, "exploit_phase");
-    if (phase === "foothold_active") return "exploit_foothold_check";
-    if (phase === "credential_followup") return "exploit_credential_check";
-    if (phase === "artifact_ready") return "exploit_artifact_check";
+function analyzeDelegatedExecutionResult(request, result) {
+  if (!request || !result) {
     return null;
   }
-  if (request.workerType === "pwn") {
-    const phase = getPhaseFromContext(request.context, "pwn_phase");
-    if (phase === "offset_known") return "pwn_offset_check";
-    if (phase === "crash_iteration") return "pwn_crash_repro";
-    if (phase === "payload_iteration") return "pwn_payload_smoke";
-    return null;
+  if (!result.success) {
+    return {
+      phaseObservation: "delegated step failed",
+      nextHint: "retry the same chain only after using the error to narrow the next step"
+    };
   }
-  return null;
-}
-function buildDelegatedExecutionPlan(request) {
   if (request.workerType === "shell-supervisor") {
     const phase = getPhaseFromContext(request.context, "shell_phase");
-    if (phase === "listener_waiting") return "Poll the listener and promote immediately if a callback appears.";
-    if (phase === "listener_callback_detected") return "Promote the callback path and validate the resulting shell.";
-    if (phase === "active_shell_stabilizing") return "Finish PTY stabilization before broader post-exploitation.";
-    if (phase === "active_shell_stabilized") return "Reuse the stabilized shell for controlled enumeration.";
-    if (phase === "post_exploitation_active") return "Continue post-exploitation through the existing shell rather than opening a new chain.";
-    return "Continue supervising the current shell/listener chain first.";
+    if (phase === "listener_waiting") {
+      return {
+        phaseObservation: "listener supervision step executed",
+        nextHint: "if callback evidence appeared, promote and validate the shell immediately"
+      };
+    }
+    if (phase === "active_shell_stabilizing") {
+      return {
+        phaseObservation: "shell stabilization step executed",
+        nextHint: "finish PTY stabilization before broader enumeration"
+      };
+    }
+    if (phase === "post_exploitation_active") {
+      return {
+        phaseObservation: "post-exploitation enumeration step executed",
+        nextHint: "continue controlled enumeration through the same shell"
+      };
+    }
   }
   if (request.workerType === "exploit") {
+    if (request.boundedTool === "exploit_credential_check") {
+      const service = getBoundedCredentialService(request);
+      return {
+        phaseObservation: service ? `bounded ${service} credential validation executed for the exploit chain` : "bounded credential validation executed for the exploit chain",
+        nextHint: service ? `reuse the validated ${service} access path or convert it into a foothold before changing vectors` : "reuse the validated credentials or convert the access path into a foothold before changing vectors"
+      };
+    }
+    if (request.boundedTool === "exploit_artifact_check") {
+      const artifactKind = getBoundedArtifactKind(request);
+      return {
+        phaseObservation: artifactKind ? `bounded ${artifactKind} artifact validation executed for the exploit chain` : "bounded artifact validation executed for the exploit chain",
+        nextHint: artifactKind === "webshell" ? "reuse the validated webshell artifact as a foothold before changing exploit delivery" : artifactKind === "database_dump" ? "advance the validated dump into credential extraction, parsing, or authenticated follow-up" : artifactKind === "smb_share" ? "reuse the validated share path for file access or lateral follow-up before changing vectors" : "advance the validated artifact into data access, authenticated use, or foothold confirmation"
+      };
+    }
+    if (request.boundedTool === "exploit_foothold_check") {
+      return {
+        phaseObservation: "bounded foothold validation executed for the exploit chain",
+        nextHint: "reuse the foothold and continue from the confirmed access path instead of restarting delivery"
+      };
+    }
+    if (request.boundedTool === "exploit_vector_check") {
+      return {
+        phaseObservation: "bounded exploit-vector reachability check executed",
+        nextHint: "if the vector is still reachable, continue adapting the current chain before switching to a new one"
+      };
+    }
     const phase = getPhaseFromContext(request.context, "exploit_phase");
+    return buildExploitExecutionAnalysis(phase, getExploitResultSignals(result));
+  }
+  if (request.workerType === "pwn") {
+    if (request.boundedTool === "pwn_offset_check") {
+      const probeKind = getBoundedPwnProbeKind(request);
+      return {
+        phaseObservation: probeKind === "core_gdb" ? "bounded gdb core-state verification executed for the pwn loop" : probeKind === "gdb_replay" ? "bounded gdb replay executed for the pwn loop" : "bounded offset verification executed for the pwn loop",
+        nextHint: probeKind === "core_gdb" ? "reuse the saved core-state evidence and narrow the next payload iteration from the confirmed crash context" : probeKind === "gdb_replay" ? "continue from the gdb-confirmed state and narrow the next payload iteration" : "continue from the known offset and narrow the next payload iteration"
+      };
+    }
+    if (request.boundedTool === "pwn_crash_repro") {
+      const probeKind = getBoundedPwnProbeKind(request);
+      return {
+        phaseObservation: probeKind === "core_gdb" ? "bounded core-backed crash inspection executed for the pwn loop" : probeKind === "gdb_replay" ? "bounded gdb-backed crash replay executed for the pwn loop" : "bounded crash reproduction executed for the pwn loop",
+        nextHint: probeKind === "core_gdb" ? "preserve the core-backed crash state and apply the narrowest next debugging step" : probeKind === "gdb_replay" ? "preserve the gdb replay state and apply the narrowest next debugging or payload mutation step" : "preserve the crash state and apply the narrowest next debugging or payload mutation step"
+      };
+    }
+    if (request.boundedTool === "pwn_payload_smoke") {
+      const probeKind = getBoundedPwnProbeKind(request);
+      return {
+        phaseObservation: probeKind === "gdb_replay" ? "bounded gdb-guided smoke test executed for the pwn loop" : "bounded payload smoke test executed for the pwn loop",
+        nextHint: probeKind === "gdb_replay" ? "preserve the gdb-guided payload state and continue narrowing the next test" : "preserve the last payload revision and continue narrowing the next test"
+      };
+    }
+    const phase = getPhaseFromContext(request.context, "pwn_phase");
+    return buildPwnExecutionAnalysis(phase, getPwnResultSignals(result));
+  }
+  return {
+    phaseObservation: "delegated step executed",
+    nextHint: "continue the selected delegated chain before switching focus"
+  };
+}
+
+// src/agents/main-agent/delegated-execution-plan.ts
+function getPhaseFromContext2(context, key) {
+  if (!context) {
+    return null;
+  }
+  const match = context.match(new RegExp(`${key}=([a-z_]+)`));
+  return match?.[1] ?? null;
+}
+function getRecommendedBoundedTool(request) {
+  if (request.workerType === "shell-supervisor") {
+    const phase = getPhaseFromContext2(request.context, "shell_phase");
+    if (phase === "listener_waiting") return "listener_status";
+    if (phase === "listener_callback_detected") return "shell_promote";
+    if (phase === "active_shell_stabilizing") return "shell_upgrade";
+    if (phase === "active_shell_stabilized" || phase === "post_exploitation_active") return "shell_check";
+    return null;
+  }
+  if (request.workerType === "exploit") {
+    const phase = getPhaseFromContext2(request.context, "exploit_phase");
+    if (phase === "foothold_active") return "exploit_foothold_check";
+    if (phase === "credential_followup") return "exploit_credential_check";
+    if (phase === "artifact_ready") return "exploit_artifact_check";
+    return null;
+  }
+  if (request.workerType === "pwn") {
+    const phase = getPhaseFromContext2(request.context, "pwn_phase");
+    if (phase === "offset_known") return "pwn_offset_check";
+    if (phase === "crash_iteration") return "pwn_crash_repro";
+    if (phase === "payload_iteration") return "pwn_payload_smoke";
+    return null;
+  }
+  return null;
+}
+function buildDelegatedExecutionPlan(request) {
+  if (request.workerType === "shell-supervisor") {
+    const phase = getPhaseFromContext2(request.context, "shell_phase");
+    if (phase === "listener_waiting") return "Poll the listener and promote immediately if a callback appears.";
+    if (phase === "listener_callback_detected") return "Promote the callback path and validate the resulting shell.";
+    if (phase === "active_shell_stabilizing") return "Finish PTY stabilization before broader post-exploitation.";
+    if (phase === "active_shell_stabilized") return "Reuse the stabilized shell for controlled enumeration.";
+    if (phase === "post_exploitation_active") return "Continue post-exploitation through the existing shell rather than opening a new chain.";
+    return "Continue supervising the current shell/listener chain first.";
+  }
+  if (request.workerType === "exploit") {
+    const phase = getPhaseFromContext2(request.context, "exploit_phase");
     if (phase === "foothold_active") return "Reuse the existing foothold and prefer exploit_foothold_check for bounded access validation.";
     if (phase === "credential_followup") return "Validate and reuse the obtained credentials or tokens, preferring exploit_credential_check for bounded probes.";
     if (phase === "artifact_ready") return "Validate the current exploit artifact, preferring exploit_artifact_check before building a replacement.";
     return "Continue the strongest surviving exploit vector and preserve branch evidence.";
   }
   if (request.workerType === "pwn") {
-    const phase = getPhaseFromContext(request.context, "pwn_phase");
+    const phase = getPhaseFromContext2(request.context, "pwn_phase");
     if (phase === "foothold_active") return "Reuse the achieved execution foothold and continue from there.";
     if (phase === "offset_known") return "Resume from the known offset and latest payload revision, preferring pwn_offset_check for bounded verification.";
     if (phase === "crash_iteration") return "Reproduce the latest crash and continue debugging from the preserved crash state, preferring pwn_crash_repro.";
@@ -1888,520 +2186,235 @@ function buildDelegatedExecutionPlan(request) {
   return "Continue the selected delegated chain before starting unrelated work.";
 }
 
-// src/agents/main-agent/exploit-lifecycle.ts
-function getReplayableExploitCommand(task) {
-  const candidates = [task.resumeHint || "", ...task.tried, ...task.findings, task.summary].map((value) => value.trim()).filter(Boolean);
-  return candidates.find(
-    (candidate) => candidate.includes("curl ") || candidate.includes("hydra ") || candidate.includes("sqlmap ") || candidate.includes("psql ") || candidate.includes("mysql ") || candidate.includes("ssh ") || candidate.includes("ftp ") || candidate.includes("smbclient ") || candidate.includes("xfreerdp ") || candidate.includes("evil-winrm ")
-  ) || null;
+// src/agents/main-agent/delegated-execution-formatting.ts
+var OUTPUT_PREVIEW_LIMIT = 240;
+var FIELD_PREVIEW_LIMIT = 180;
+function getDelegatedExecutionSignature(request) {
+  if (!request) return null;
+  return JSON.stringify(request);
 }
-function hasCredentialLoot(task) {
-  return task.loot.some((item) => {
-    const normalized = item.toLowerCase();
-    return normalized.includes("password") || normalized.includes("credential") || normalized.includes("hash") || normalized.includes("token") || normalized.includes("key");
-  });
+function summarizeDelegatedExecutionField(value, limit = FIELD_PREVIEW_LIMIT) {
+  const normalized = value.replace(/\s+/g, " ").trim();
+  if (!normalized) {
+    return "";
+  }
+  if (normalized.length <= limit) {
+    return normalized;
+  }
+  return `${normalized.slice(0, limit - 3)}...`;
 }
-function hasFoothold(task) {
-  return task.sessions.length > 0 || task.assets.some((asset) => {
-    const normalized = asset.toLowerCase();
-    return normalized.includes("shell:") || normalized.includes("stabilized_shell:") || normalized.includes("post_exploitation_shell:") || normalized.includes("listener:") || normalized.includes("session:") || normalized.includes("foothold");
-  });
+function summarizeDelegatedExecutionOutput(output) {
+  return summarizeDelegatedExecutionField(output, OUTPUT_PREVIEW_LIMIT);
 }
-function getArtifactPath(task) {
-  for (const asset of task.assets) {
-    const trimmed = asset.trim();
-    const artifactMatch = trimmed.match(/^artifact:(.+)$/i);
-    if (artifactMatch?.[1]) {
-      return artifactMatch[1].trim();
-    }
-    if (trimmed.startsWith("/") || trimmed.startsWith("./")) {
-      return trimmed;
-    }
+function buildDelegatedExecutionRequestFragment(request) {
+  if (!request) {
+    return "";
   }
-  return null;
+  const executionPlan = buildDelegatedExecutionPlan(request);
+  const lines = [
+    "<delegated-execution-request>",
+    `task: ${summarizeDelegatedExecutionField(request.task)}`,
+    request.workerType ? `worker_type: ${request.workerType}` : "",
+    request.resumeTaskId ? `resume_task_id: ${request.resumeTaskId}` : "",
+    request.target ? `target: ${request.target}` : "",
+    request.context ? `context: ${summarizeDelegatedExecutionField(request.context)}` : "",
+    request.boundedTool ? `bounded_tool: ${request.boundedTool}` : "",
+    request.boundedCommand ? `bounded_command: ${summarizeDelegatedExecutionField(request.boundedCommand)}` : "",
+    request.boundedTimeout ? `bounded_timeout: ${request.boundedTimeout}` : "",
+    request.boundedInstruction ? `bounded_instruction: ${summarizeDelegatedExecutionField(request.boundedInstruction)}` : "",
+    executionPlan ? `execution_plan: ${summarizeDelegatedExecutionField(executionPlan)}` : "",
+    "</delegated-execution-request>"
+  ].filter(Boolean);
+  return lines.join("\n");
 }
-function getExploitLifecycleSnapshot(task) {
-  const replayableCommand = getReplayableExploitCommand(task);
-  if (hasFoothold(task)) {
-    return {
-      phase: "foothold_active",
-      recommendation: "A foothold already exists. Reuse the current access path and continue the exploit chain from that foothold.",
-      boundedTool: "exploit_foothold_check",
-      boundedCommand: replayableCommand || void 0,
-      boundedTimeout: 4e3,
-      boundedInstruction: "Run one narrow foothold validation step before expanding the exploit chain."
-    };
-  }
-  if (hasCredentialLoot(task)) {
-    return {
-      phase: "credential_followup",
-      recommendation: "Credentials or tokens exist. Prioritize validation, reuse, and pivot from the current exploit chain.",
-      boundedTool: "exploit_credential_check",
-      boundedCommand: replayableCommand || void 0,
-      boundedTimeout: 5e3,
-      boundedInstruction: "Run one bounded credential or token validation step before changing exploit vectors."
-    };
-  }
-  if (task.assets.length > 0) {
-    const artifactPath = getArtifactPath(task);
-    return {
-      phase: "artifact_ready",
-      recommendation: "The exploit chain produced reusable artifacts. Validate and advance the current artifact before changing vectors.",
-      boundedTool: "exploit_artifact_check",
-      boundedCommand: artifactPath ? `test -e ${artifactPath} && ls -l ${artifactPath} && file ${artifactPath} 2>/dev/null` : void 0,
-      boundedTimeout: 3e3,
-      boundedInstruction: "Run one bounded artifact validation step before replacing the current artifact."
-    };
+function buildDelegatedExecutionResultFragment(result, analysis) {
+  if (!result) {
+    return "";
   }
+  const outputPreview = summarizeDelegatedExecutionOutput(result.output);
+  const lines = [
+    "<delegated-execution-result>",
+    `success: ${result.success ? "true" : "false"}`,
+    result.error ? `error: ${result.error}` : "",
+    outputPreview ? `output_preview: ${outputPreview}` : "",
+    analysis?.phaseObservation ? `phase_observation: ${analysis.phaseObservation}` : "",
+    analysis?.nextHint ? `next_hint: ${analysis.nextHint}` : "",
+    "</delegated-execution-result>"
+  ].filter(Boolean);
+  return lines.join("\n");
+}
+
+// src/agents/main-agent/delegated-execution-state.ts
+function createDelegatedExecutionState() {
   return {
-    phase: "vector_active",
-    recommendation: "The current exploit vector is still active. Continue adapting it before switching to a new chain."
+    pendingRequest: null,
+    lastAttemptedSignature: null
   };
 }
-
-// src/agents/main-agent/pwn-lifecycle.ts
-function joinedEvidence(task) {
-  return [
-    task.summary,
-    task.resumeHint,
-    task.waitingOn,
-    ...task.tried,
-    ...task.findings,
-    ...task.assets
-  ].filter(Boolean).join(" ").toLowerCase();
+function setDelegatedExecutionState(currentState, request) {
+  const nextRequest = request || null;
+  const nextSignature = getDelegatedExecutionSignature(nextRequest);
+  const currentSignature = getDelegatedExecutionSignature(currentState.pendingRequest);
+  const requestChanged = nextSignature !== currentSignature;
+  return {
+    pendingRequest: nextRequest,
+    lastAttemptedSignature: requestChanged ? null : currentState.lastAttemptedSignature,
+    requestChanged
+  };
 }
-function getReplayableCommand(task) {
-  const candidates = [...task.tried, task.resumeHint || "", task.summary].map((value) => value.trim()).filter(Boolean);
-  return candidates.find(
-    (candidate) => /^(?:\.\/|\/|python(?:3)?\b|gdb\b|qemu(?:-[\w-]+)?\b|nc\b)/i.test(candidate) || candidate.includes("pwntools")
-  ) || null;
+function canAutoExecuteDelegatedState(state) {
+  const pendingSignature = getDelegatedExecutionSignature(state.pendingRequest);
+  return pendingSignature !== null && pendingSignature !== state.lastAttemptedSignature;
 }
-function getCandidateBinaryPath(task) {
-  const candidates = [...task.assets, ...task.findings, task.summary].map((value) => value.trim()).filter(Boolean);
-  for (const candidate of candidates) {
-    const artifactMatch = candidate.match(/^artifact:(.+)$/i);
-    const normalized = artifactMatch?.[1]?.trim() || candidate;
-    if (normalized.startsWith("./") || normalized.startsWith("/")) {
-      return normalized;
-    }
-    const embeddedPath = normalized.match(/(\.\/[A-Za-z0-9_./-]+|\/[A-Za-z0-9_./-]+)/);
-    if (embeddedPath?.[1]) {
-      return embeddedPath[1];
-    }
-  }
-  return null;
+function markDelegatedExecutionAttempt(state) {
+  return {
+    ...state,
+    lastAttemptedSignature: getDelegatedExecutionSignature(state.pendingRequest)
+  };
 }
-function getPwnLifecycleSnapshot(task) {
-  const evidence = joinedEvidence(task);
-  const replayableCommand = getReplayableCommand(task);
-  const binaryPath = getCandidateBinaryPath(task);
-  if (task.sessions.length > 0 || task.assets.some((asset) => {
-    const normalized = asset.toLowerCase();
-    return normalized.includes("shell:") || normalized.includes("stabilized_shell:") || normalized.includes("post_exploitation_shell:");
-  })) {
-    return {
-      phase: "foothold_active",
-      recommendation: "The pwn chain already produced execution. Reuse the existing foothold instead of restarting the exploit loop."
-    };
-  }
-  if (evidence.includes("offset") || evidence.includes("pattern") || evidence.includes("eip") || evidence.includes("rip")) {
-    return {
-      phase: "offset_known",
-      recommendation: "Offsets or control primitives are known. Resume from the latest payload iteration instead of rediscovering the crash.",
-      boundedTool: "pwn_offset_check",
-      boundedCommand: replayableCommand || (binaryPath ? `test -x ${binaryPath} && timeout 5 ${binaryPath} </dev/null` : void 0),
-      boundedTimeout: 5e3,
-      boundedInstruction: "Run one bounded offset verification step against the latest exploit revision."
-    };
-  }
-  if (evidence.includes("crash") || evidence.includes("segfault") || evidence.includes("core")) {
-    return {
-      phase: "crash_iteration",
-      recommendation: "A crash state exists. Preserve it and continue the debug loop from the latest observed crash.",
-      boundedTool: "pwn_crash_repro",
-      boundedCommand: replayableCommand || (binaryPath ? `test -x ${binaryPath} && timeout 5 ${binaryPath} </dev/null` : void 0),
-      boundedTimeout: 1e4,
-      boundedInstruction: "Reproduce the latest crash once and preserve the exact crash state."
-    };
-  }
+function consumeDelegatedExecutionState(state) {
   return {
-    phase: "payload_iteration",
-    recommendation: "The pwn loop is still iterating payload design. Continue from the latest payload revision and observations.",
-    boundedTool: "pwn_payload_smoke",
-    boundedCommand: replayableCommand || (binaryPath ? `test -x ${binaryPath} && timeout 5 ${binaryPath} </dev/null` : void 0),
-    boundedTimeout: 5e3,
-    boundedInstruction: "Run one bounded payload smoke test from the latest payload revision."
+    consumedRequest: state.pendingRequest,
+    nextState: createDelegatedExecutionState()
   };
 }
 
-// src/agents/main-agent/delegated-task-handoff.ts
-function buildLifecycleSnapshot(decision) {
-  const task = decision.task;
-  if (decision.preferredWorkerType !== "shell-supervisor") {
-    if (decision.preferredWorkerType === "exploit") {
-      return getExploitLifecycleSnapshot(task);
+// src/agents/main-agent/delegated-execution-runtime.ts
+var DelegatedExecutionRuntime = class {
+  pendingRequest = createDelegatedExecutionState().pendingRequest;
+  lastAttemptedSignature = createDelegatedExecutionState().lastAttemptedSignature;
+  lastExecutionResult = null;
+  lastExecutionAnalysis = null;
+  set(request) {
+    const nextState = setDelegatedExecutionState(
+      {
+        pendingRequest: this.pendingRequest,
+        lastAttemptedSignature: this.lastAttemptedSignature
+      },
+      request
+    );
+    this.pendingRequest = nextState.pendingRequest;
+    this.lastAttemptedSignature = nextState.lastAttemptedSignature;
+    if (nextState.requestChanged) {
+      this.lastExecutionResult = null;
+      this.lastExecutionAnalysis = null;
     }
-    if (decision.preferredWorkerType === "pwn") {
-      return getPwnLifecycleSnapshot(task);
-    }
-    return null;
-  }
-  return getShellSupervisorLifecycleSnapshot();
-}
-function buildDelegatedRequestContext(decision, lifecycleSnapshot) {
-  const task = decision.task;
-  if (!lifecycleSnapshot) {
-    return task.summary;
   }
-  if (decision.preferredWorkerType === "exploit") {
-    return [
-      task.summary,
-      `exploit_phase=${lifecycleSnapshot.phase}`,
-      `recommendation=${lifecycleSnapshot.recommendation}`
-    ].filter(Boolean).join(" | ");
+  peek() {
+    return this.pendingRequest;
   }
-  if (decision.preferredWorkerType === "pwn") {
-    return [
-      task.summary,
-      `pwn_phase=${lifecycleSnapshot.phase}`,
-      `recommendation=${lifecycleSnapshot.recommendation}`
-    ].filter(Boolean).join(" | ");
+  canAutoExecute() {
+    return canAutoExecuteDelegatedState({
+      pendingRequest: this.pendingRequest,
+      lastAttemptedSignature: this.lastAttemptedSignature
+    });
   }
-  const shellSnapshot = lifecycleSnapshot;
-  return [
-    task.summary,
-    `shell_phase=${shellSnapshot.phase}`,
-    shellSnapshot.listenerId ? `listener=${shellSnapshot.listenerId}` : "",
-    shellSnapshot.activeShellId ? `active_shell=${shellSnapshot.activeShellId}` : "",
-    `recommendation=${shellSnapshot.recommendation}`
-  ].filter(Boolean).join(" | ");
-}
-function buildDelegatedExecutionRequest(decision, context, lifecycleSnapshot) {
-  const task = decision.task;
-  const preferredWorkerType = decision.preferredWorkerType;
-  const requestTask = task.resumeHint || task.task;
-  const boundedLifecycle = preferredWorkerType === "exploit" || preferredWorkerType === "pwn" ? lifecycleSnapshot : null;
-  return {
-    task: requestTask,
-    workerType: preferredWorkerType,
-    resumeTaskId: task.id,
-    target: task.target,
-    context,
-    boundedTool: preferredWorkerType ? getRecommendedBoundedTool({
-      task: requestTask,
-      workerType: preferredWorkerType,
-      target: task.target,
-      context
-    }) ?? void 0 : void 0,
-    boundedCommand: boundedLifecycle?.boundedCommand,
-    boundedTimeout: boundedLifecycle?.boundedTimeout,
-    boundedInstruction: preferredWorkerType ? boundedLifecycle?.boundedInstruction || buildDelegatedExecutionPlan({
-      task: requestTask,
-      workerType: preferredWorkerType,
-      target: task.target,
-      context
-    }) : void 0
-  };
-}
-function buildDelegatedTaskHandoff(decision) {
-  const task = decision.task;
-  const preferredWorkerType = decision.preferredWorkerType;
-  const lifecycleSnapshot = buildLifecycleSnapshot(decision);
-  const context = buildDelegatedRequestContext(decision, lifecycleSnapshot);
-  const delegatedExecutionRequest = buildDelegatedExecutionRequest(decision, context, lifecycleSnapshot);
-  const executionPlan = buildDelegatedExecutionPlan(delegatedExecutionRequest);
-  const details = [
-    `Resume delegated task: ${task.task}.`,
-    `Delegated task ID: ${task.id}.`,
-    `Scheduler reason: ${decision.reason}`,
-    `Scheduler cycle count: ${decision.resumeCount + 1}.`,
-    `Current status: ${task.status}.`,
-    task.waitingOn ? `Waiting on: ${task.waitingOn}.` : "",
-    task.assets.length > 0 ? `Reuse assets: ${task.assets.join(", ")}.` : "",
-    task.sessions.length > 0 ? `Reuse sessions: ${task.sessions.join(", ")}.` : "",
-    task.resumeHint ? `Resume guidance: ${task.resumeHint}.` : "",
-    preferredWorkerType ? `Preferred worker: ${preferredWorkerType}.` : "",
-    delegatedExecutionRequest.boundedTool ? `Bounded tool: ${delegatedExecutionRequest.boundedTool}.` : "",
-    delegatedExecutionRequest.boundedCommand ? `Bounded command candidate: ${delegatedExecutionRequest.boundedCommand}.` : "",
-    preferredWorkerType ? `Delegation policy: if this requires multi-step follow-up, call run_task with worker_type="${preferredWorkerType}" and resume_task_id="${task.id}" for this selected task before creating any unrelated delegated chain.` : "",
-    `Execution hint: ${executionPlan}`,
-    "Execution policy: continue the selected delegated chain first. Do not switch to a different active delegated task until this one is advanced or invalidated.",
-    "Goal: continue the existing chain instead of creating a duplicate operation."
-  ].filter(Boolean);
-  return {
-    shouldForwardToMain: true,
-    forwardedInput: details.join(" "),
-    directResponse: "",
-    shouldWritePolicy: false,
-    policyDocument: "",
-    policyUpdateSummary: "",
-    insightSummary: `Auto-resume delegated task ${task.id} via handoff builder.`,
-    delegatedExecutionRequest,
-    success: true
-  };
-}
-
-// src/agents/main-agent/exploit-runtime-signals.ts
-function outputContainsAny(output, patterns) {
-  return patterns.some((pattern) => output.includes(pattern.toLowerCase()));
-}
-function getExploitResultSignals(result) {
-  const output = (result.output || "").toLowerCase();
-  const hasSession = outputContainsAny(output, ["[sessions]", "shell", "session"]);
-  const hasLoot = outputContainsAny(output, ["[loot]", "password", "credential", "token", "hash"]);
-  const hasAsset = outputContainsAny(output, ["[assets]", "artifact", "file", "payload"]);
-  return {
-    hasSession,
-    hasLoot,
-    hasAsset,
-    indicatesProgress: hasSession || hasLoot || hasAsset || outputContainsAny(output, ["[status] running", "[status] success"])
-  };
-}
-function buildExploitExecutionAnalysis(phase, signals) {
-  if (signals.hasSession) {
-    return {
-      phaseObservation: "exploit chain produced a foothold or authenticated session",
-      nextHint: "reuse the current foothold and continue from the confirmed access path"
-    };
+  markAutoExecutionAttempt() {
+    const nextState = markDelegatedExecutionAttempt({
+      pendingRequest: this.pendingRequest,
+      lastAttemptedSignature: this.lastAttemptedSignature
+    });
+    this.lastAttemptedSignature = nextState.lastAttemptedSignature;
   }
-  if (phase === "credential_followup") {
-    return {
-      phaseObservation: signals.hasLoot ? "credential follow-up produced reusable credential material" : "credential follow-up step executed",
-      nextHint: "reuse validated credentials before changing exploit vectors"
-    };
+  setLastExecutionResult(result) {
+    this.lastExecutionResult = result;
+    this.lastExecutionAnalysis = analyzeDelegatedExecutionResult(this.pendingRequest, result);
   }
-  if (phase === "artifact_ready") {
-    return {
-      phaseObservation: signals.hasAsset ? "artifact validation produced a reusable artifact or asset" : "artifact validation step executed",
-      nextHint: "advance the current artifact before replacing it"
-    };
+  consume() {
+    const consumed = consumeDelegatedExecutionState({
+      pendingRequest: this.pendingRequest,
+      lastAttemptedSignature: this.lastAttemptedSignature
+    });
+    this.pendingRequest = consumed.nextState.pendingRequest;
+    this.lastAttemptedSignature = consumed.nextState.lastAttemptedSignature;
+    this.lastExecutionAnalysis = null;
+    return consumed.consumedRequest;
   }
-  return {
-    phaseObservation: signals.indicatesProgress ? "exploit chain advanced and produced follow-up signals" : "delegated exploit step executed",
-    nextHint: "continue the selected exploit chain before switching vectors"
-  };
-}
-
-// src/agents/main-agent/pwn-runtime-signals.ts
-function outputContainsAny2(output, patterns) {
-  return patterns.some((pattern) => output.includes(pattern.toLowerCase()));
-}
-function getPwnResultSignals(result) {
-  const output = (result.output || "").toLowerCase();
-  const hasFoothold2 = outputContainsAny2(output, ["[sessions]", "shell", "uid=", "got shell"]);
-  const stillCrashing = outputContainsAny2(output, ["crash", "segfault", "core"]);
-  const hasFindings = outputContainsAny2(output, ["[findings]", "rip controlled", "offset", "eip", "pc controlled"]);
-  return {
-    hasFoothold: hasFoothold2,
-    stillCrashing,
-    hasFindings,
-    indicatesProgress: hasFoothold2 || hasFindings || outputContainsAny2(output, ["[status] running", "[status] success", "[nextworker] pwn"])
-  };
-}
-function buildPwnExecutionAnalysis(phase, signals) {
-  if (signals.hasFoothold) {
-    return {
-      phaseObservation: "pwn chain achieved code execution or an interactive foothold",
-      nextHint: "reuse the achieved foothold and continue from the working exploit state"
-    };
+  reset() {
+    const resetState = createDelegatedExecutionState();
+    this.pendingRequest = resetState.pendingRequest;
+    this.lastAttemptedSignature = resetState.lastAttemptedSignature;
+    this.lastExecutionResult = null;
+    this.lastExecutionAnalysis = null;
   }
-  if (phase === "offset_known") {
-    return {
-      phaseObservation: signals.hasFindings ? "offset-guided pwn iteration confirmed control signals" : "offset-guided pwn iteration executed",
-      nextHint: "continue from the known offset and latest payload revision"
-    };
+  toPromptFragment() {
+    return buildDelegatedExecutionRequestFragment(this.pendingRequest);
   }
-  if (phase === "crash_iteration") {
-    return {
-      phaseObservation: signals.stillCrashing ? "crash-driven pwn iteration preserved the crash state" : "crash-driven pwn iteration executed",
-      nextHint: "preserve crash evidence and narrow the next payload iteration"
-    };
+  toResultFragment() {
+    return buildDelegatedExecutionResultFragment(
+      this.lastExecutionResult,
+      this.lastExecutionAnalysis
+    );
   }
+};
+
+// src/agents/main-agent/delegated-auto-executor-helpers.ts
+function combineToolResults(results) {
+  const success = results.every((result) => result.success);
   return {
-    phaseObservation: signals.indicatesProgress ? "pwn chain advanced and produced follow-up signals" : "delegated pwn step executed",
-    nextHint: "continue the selected exploit-development loop before broadening scope"
+    success,
+    output: results.map((result, index) => `Step ${index + 1}:
+${result.output}`).join("\n\n"),
+    ...success ? {} : {
+      error: results.find((result) => !result.success)?.error || "delegated auto-execution failed"
+    }
   };
 }
-
-// src/agents/main-agent/delegated-execution-analysis.ts
-function getPhaseFromContext2(context, key) {
+function buildPatchedContext(context, key, value) {
+  const parts = (context || "").split("|").map((part) => part.trim()).filter(Boolean).filter((part) => !part.startsWith(`${key}=`));
+  parts.push(`${key}=${value}`);
+  return parts.join(" | ");
+}
+function getPhaseFromContext3(context, key) {
   if (!context) {
     return null;
   }
   const match = context.match(new RegExp(`${key}=([a-z_]+)`));
   return match?.[1] ?? null;
 }
-function analyzeDelegatedExecutionResult(request, result) {
-  if (!request || !result) {
-    return null;
-  }
-  if (!result.success) {
-    return {
-      phaseObservation: "delegated step failed",
-      nextHint: "retry the same chain only after using the error to narrow the next step"
-    };
+function buildRunTaskInput(request, task, workerType, context) {
+  return {
+    name: TOOL_NAMES.RUN_TASK,
+    input: {
+      task,
+      worker_type: workerType,
+      ...request.resumeTaskId ? { resume_task_id: request.resumeTaskId } : {},
+      ...request.target ? { target: request.target } : {},
+      ...context ? { context } : {}
+    }
+  };
+}
+function shouldAutoExecuteDelegatedRequest(request) {
+  if (!request || typeof request.resumeTaskId !== "string") {
+    return false;
   }
   if (request.workerType === "shell-supervisor") {
-    const phase = getPhaseFromContext2(request.context, "shell_phase");
-    if (phase === "listener_waiting") {
-      return {
-        phaseObservation: "listener supervision step executed",
-        nextHint: "if callback evidence appeared, promote and validate the shell immediately"
-      };
-    }
-    if (phase === "active_shell_stabilizing") {
-      return {
-        phaseObservation: "shell stabilization step executed",
-        nextHint: "finish PTY stabilization before broader enumeration"
-      };
-    }
-    if (phase === "post_exploitation_active") {
-      return {
-        phaseObservation: "post-exploitation enumeration step executed",
-        nextHint: "continue controlled enumeration through the same shell"
-      };
-    }
+    return true;
   }
   if (request.workerType === "exploit") {
-    if (request.boundedTool === "exploit_credential_check") {
-      return {
-        phaseObservation: "bounded credential validation executed for the exploit chain",
-        nextHint: "reuse the validated credentials or convert the access path into a foothold before changing vectors"
-      };
-    }
-    if (request.boundedTool === "exploit_artifact_check") {
-      return {
-        phaseObservation: "bounded artifact validation executed for the exploit chain",
-        nextHint: "advance the validated artifact into data access, authenticated use, or foothold confirmation"
-      };
-    }
-    if (request.boundedTool === "exploit_foothold_check") {
-      return {
-        phaseObservation: "bounded foothold validation executed for the exploit chain",
-        nextHint: "reuse the foothold and continue from the confirmed access path instead of restarting delivery"
-      };
-    }
-    const phase = getPhaseFromContext2(request.context, "exploit_phase");
-    return buildExploitExecutionAnalysis(phase, getExploitResultSignals(result));
+    const phase = getPhaseFromContext3(request.context, "exploit_phase");
+    return phase === "artifact_ready" || phase === "credential_followup" || phase === "foothold_active";
   }
   if (request.workerType === "pwn") {
-    if (request.boundedTool === "pwn_offset_check") {
-      return {
-        phaseObservation: "bounded offset verification executed for the pwn loop",
-        nextHint: "continue from the known offset and narrow the next payload iteration"
-      };
-    }
-    if (request.boundedTool === "pwn_crash_repro") {
-      return {
-        phaseObservation: "bounded crash reproduction executed for the pwn loop",
-        nextHint: "preserve the crash state and apply the narrowest next debugging or payload mutation step"
-      };
-    }
-    if (request.boundedTool === "pwn_payload_smoke") {
-      return {
-        phaseObservation: "bounded payload smoke test executed for the pwn loop",
-        nextHint: "preserve the last payload revision and continue narrowing the next test"
-      };
-    }
-    const phase = getPhaseFromContext2(request.context, "pwn_phase");
-    return buildPwnExecutionAnalysis(phase, getPwnResultSignals(result));
+    const phase = getPhaseFromContext3(request.context, "pwn_phase");
+    return phase === "offset_known" || phase === "crash_iteration" || phase === "foothold_active" || phase === "payload_iteration";
   }
-  return {
-    phaseObservation: "delegated step executed",
-    nextHint: "continue the selected delegated chain before switching focus"
-  };
+  return false;
 }
-
-// src/agents/main-agent/delegated-execution-runtime.ts
-var DelegatedExecutionRuntime = class {
-  pendingRequest = null;
-  lastAttemptedSignature = null;
-  lastExecutionResult = null;
-  lastExecutionAnalysis = null;
-  getSignature(request) {
-    if (!request) return null;
-    return JSON.stringify(request);
-  }
-  set(request) {
-    const nextRequest = request || null;
-    const nextSignature = this.getSignature(nextRequest);
-    const currentSignature = this.getSignature(this.pendingRequest);
-    if (nextSignature !== currentSignature) {
-      this.lastAttemptedSignature = null;
-    }
-    this.pendingRequest = nextRequest;
-    if (nextSignature !== currentSignature) {
-      this.lastExecutionResult = null;
-      this.lastExecutionAnalysis = null;
-    }
-  }
-  peek() {
-    return this.pendingRequest;
-  }
-  canAutoExecute() {
-    const pendingSignature = this.getSignature(this.pendingRequest);
-    return pendingSignature !== null && pendingSignature !== this.lastAttemptedSignature;
-  }
-  markAutoExecutionAttempt() {
-    this.lastAttemptedSignature = this.getSignature(this.pendingRequest);
-  }
-  setLastExecutionResult(result) {
-    this.lastExecutionResult = result;
-    this.lastExecutionAnalysis = analyzeDelegatedExecutionResult(this.pendingRequest, result);
-  }
-  consume() {
-    const request = this.pendingRequest;
-    this.pendingRequest = null;
-    this.lastAttemptedSignature = null;
-    this.lastExecutionAnalysis = null;
-    return request;
-  }
-  reset() {
-    this.pendingRequest = null;
-    this.lastAttemptedSignature = null;
-    this.lastExecutionResult = null;
-    this.lastExecutionAnalysis = null;
-  }
-  toPromptFragment() {
-    if (!this.pendingRequest) {
-      return "";
-    }
-    const request = this.pendingRequest;
-    const executionPlan = buildDelegatedExecutionPlan(request);
-    const lines = [
-      "<delegated-execution-request>",
-      `task: ${request.task}`,
-      request.workerType ? `worker_type: ${request.workerType}` : "",
-      request.resumeTaskId ? `resume_task_id: ${request.resumeTaskId}` : "",
-      request.target ? `target: ${request.target}` : "",
-      request.context ? `context: ${request.context}` : "",
-      request.boundedTool ? `bounded_tool: ${request.boundedTool}` : "",
-      request.boundedCommand ? `bounded_command: ${request.boundedCommand}` : "",
-      request.boundedTimeout ? `bounded_timeout: ${request.boundedTimeout}` : "",
-      request.boundedInstruction ? `bounded_instruction: ${request.boundedInstruction}` : "",
-      executionPlan ? `execution_plan: ${executionPlan}` : "",
-      "</delegated-execution-request>"
-    ].filter(Boolean);
-    return lines.join("\n");
+async function executeTwoStepLoop(execute, firstCall, buildFollowupCall, getSignals) {
+  const firstResult = await execute(firstCall);
+  if (!firstResult.success) {
+    return firstResult;
   }
-  toResultFragment() {
-    if (!this.lastExecutionResult) {
-      return "";
-    }
-    const lines = [
-      "<delegated-execution-result>",
-      `success: ${this.lastExecutionResult.success ? "true" : "false"}`,
-      this.lastExecutionResult.error ? `error: ${this.lastExecutionResult.error}` : "",
-      this.lastExecutionResult.output ? `output: ${this.lastExecutionResult.output}` : "",
-      this.lastExecutionAnalysis?.phaseObservation ? `phase_observation: ${this.lastExecutionAnalysis.phaseObservation}` : "",
-      this.lastExecutionAnalysis?.nextHint ? `next_hint: ${this.lastExecutionAnalysis.nextHint}` : "",
-      "</delegated-execution-result>"
-    ].filter(Boolean);
-    return lines.join("\n");
+  const followupCall = buildFollowupCall(firstResult);
+  if (!followupCall || !getSignals(firstResult).indicatesProgress) {
+    return firstResult;
   }
-};
+  const followupResult = await execute(followupCall);
+  return combineToolResults([firstResult, followupResult]);
+}
 
-// src/agents/main-agent/delegated-auto-executor.ts
+// src/agents/main-agent/delegated-auto-executor-shell.ts
 function didStatusDetectConnection(result) {
   const output = result.output || "";
   return output.includes("CONNECTION DETECTED") || output.includes("Promote to shell");
@@ -2460,142 +2473,6 @@ async function executeShellUpgradeSequence(toolRegistry, processId) {
   });
   return combineToolResults([initialCheck, pythonUpgrade, postPythonCheck, scriptUpgrade, finalCheck]);
 }
-function combineToolResults(results) {
-  const success = results.every((result) => result.success);
-  return {
-    success,
-    output: results.map((result, index) => `Step ${index + 1}:
-${result.output}`).join("\n\n"),
-    ...success ? {} : {
-      error: results.find((result) => !result.success)?.error || "delegated auto-execution failed"
-    }
-  };
-}
-function buildPatchedContext(context, key, value) {
-  const parts = (context || "").split("|").map((part) => part.trim()).filter(Boolean).filter((part) => !part.startsWith(`${key}=`));
-  parts.push(`${key}=${value}`);
-  return parts.join(" | ");
-}
-function getPhaseFromContext3(context, key) {
-  if (!context) {
-    return null;
-  }
-  const match = context.match(new RegExp(`${key}=([a-z_]+)`));
-  return match?.[1] ?? null;
-}
-function buildRunTaskInput(request, task, workerType, context) {
-  return {
-    name: TOOL_NAMES.RUN_TASK,
-    input: {
-      task,
-      worker_type: workerType,
-      ...request.resumeTaskId ? { resume_task_id: request.resumeTaskId } : {},
-      ...request.target ? { target: request.target } : {},
-      ...context ? { context } : {}
-    }
-  };
-}
-function shouldAutoExecuteDelegatedRequest(request) {
-  if (!request || typeof request.resumeTaskId !== "string") {
-    return false;
-  }
-  if (request.workerType === "shell-supervisor") {
-    return true;
-  }
-  if (request.workerType === "exploit") {
-    const phase = getPhaseFromContext3(request.context, "exploit_phase");
-    return phase === "artifact_ready" || phase === "credential_followup" || phase === "foothold_active";
-  }
-  if (request.workerType === "pwn") {
-    const phase = getPhaseFromContext3(request.context, "pwn_phase");
-    return phase === "offset_known" || phase === "crash_iteration" || phase === "foothold_active" || phase === "payload_iteration";
-  }
-  return false;
-}
-function buildDelegatedRunTaskCall(request) {
-  return {
-    name: TOOL_NAMES.RUN_TASK,
-    input: {
-      task: request.task,
-      ...request.workerType ? { worker_type: request.workerType } : {},
-      ...request.resumeTaskId ? { resume_task_id: request.resumeTaskId } : {},
-      ...request.target ? { target: request.target } : {},
-      ...request.context ? { context: request.context } : {}
-    }
-  };
-}
-function buildBoundedDelegatedToolCall(request) {
-  if (!request.boundedTool || !request.boundedCommand) {
-    return null;
-  }
-  return {
-    name: request.boundedTool,
-    input: {
-      command: request.boundedCommand,
-      ...request.boundedTimeout ? { timeout: request.boundedTimeout } : {}
-    }
-  };
-}
-function buildExploitPhaseRunTaskCall(request) {
-  const phase = getPhaseFromContext3(request.context, "exploit_phase");
-  const phaseTask = phase === "foothold_active" ? "Reuse the existing foothold and continue the exploit chain from the current access path." : phase === "credential_followup" ? "Validate and reuse the obtained credentials or tokens before changing exploit vectors." : phase === "artifact_ready" ? "Validate and advance the current exploit artifact before switching to a different vector." : request.task;
-  return buildRunTaskInput(request, phaseTask, "exploit", request.context);
-}
-function buildExploitFollowupRunTaskCall(request, previousResult) {
-  const phase = getPhaseFromContext3(request.context, "exploit_phase");
-  const signals = previousResult ? getExploitResultSignals(previousResult) : null;
-  const hasSession = signals?.hasSession ?? false;
-  const hasLoot = signals?.hasLoot ?? false;
-  if (phase === "credential_followup" || hasLoot) {
-    return buildRunTaskInput(
-      request,
-      hasSession ? "Reuse the confirmed foothold or authenticated path and continue the exploit chain without restarting delivery." : "If credential reuse succeeded, continue from the confirmed foothold or authenticated path without restarting the exploit chain.",
-      "exploit",
-      buildPatchedContext(request.context, "exploit_phase", hasSession ? "foothold_active" : "credential_followup")
-    );
-  }
-  if (phase === "artifact_ready") {
-    return buildRunTaskInput(
-      request,
-      hasSession ? "A foothold exists from the validated artifact. Reuse it and continue the chain from that access path." : "If the artifact validated successfully, turn it into data extraction, authenticated access, or foothold confirmation before changing vectors.",
-      "exploit",
-      buildPatchedContext(request.context, "exploit_phase", hasSession ? "foothold_active" : "artifact_ready")
-    );
-  }
-  return null;
-}
-function buildPwnPhaseRunTaskCall(request) {
-  const phase = getPhaseFromContext3(request.context, "pwn_phase");
-  const phaseTask = phase === "foothold_active" ? "Reuse the existing execution foothold and continue post-exploitation or objective completion." : phase === "offset_known" ? "Resume the exploit loop from the known offset and latest payload revision." : phase === "crash_iteration" ? "Reproduce the latest crash and continue debugging from the preserved crash state." : request.task;
-  return buildRunTaskInput(request, phaseTask, "pwn", request.context);
-}
-function buildPwnFollowupRunTaskCall(request, previousResult) {
-  const phase = getPhaseFromContext3(request.context, "pwn_phase");
-  const signals = previousResult ? getPwnResultSignals(previousResult) : null;
-  const hasFoothold2 = signals?.hasFoothold ?? false;
-  const stillCrashing = signals?.stillCrashing ?? false;
-  if (phase === "offset_known") {
-    return buildRunTaskInput(
-      request,
-      hasFoothold2 ? "Execution is confirmed. Reuse the achieved foothold and continue from the working exploit state." : "Use the known offset to perform the narrowest next payload smoke test and confirm progress toward execution.",
-      "pwn",
-      buildPatchedContext(request.context, "pwn_phase", hasFoothold2 ? "foothold_active" : "payload_iteration")
-    );
-  }
-  if (phase === "crash_iteration") {
-    return buildRunTaskInput(
-      request,
-      stillCrashing ? "The crash state persists. Apply the narrowest next debugging or payload mutation step from the preserved crash state." : hasFoothold2 ? "Execution is confirmed. Reuse the achieved foothold and continue from the working exploit state." : "Apply the narrowest next debugging or payload mutation step from the preserved crash state.",
-      "pwn",
-      buildPatchedContext(
-        request.context,
-        "pwn_phase",
-        hasFoothold2 ? "foothold_active" : stillCrashing ? "crash_iteration" : "payload_iteration"
-      )
-    );
-  }
-  return null;
-}
 function buildShellSupervisorFastPathCall() {
   const snapshot = getShellSupervisorLifecycleSnapshot();
   switch (snapshot.phase) {
@@ -2731,85 +2608,855 @@ async function executeShellSupervisorMiniLoop(toolRegistry) {
     });
     return combineToolResults([promoteResult, interactResult]);
   }
-  const singleCall = buildShellSupervisorFastPathCall();
-  if (!singleCall) {
-    return null;
+  const singleCall = buildShellSupervisorFastPathCall();
+  if (!singleCall) {
+    return null;
+  }
+  return toolRegistry.execute(singleCall);
+}
+
+// src/agents/main-agent/delegated-auto-executor-offense.ts
+function buildExploitPhaseRunTaskCall(request) {
+  const phase = getPhaseFromContext3(request.context, "exploit_phase");
+  const phaseTask = phase === "foothold_active" ? "Reuse the existing foothold and continue the exploit chain from the current access path." : phase === "credential_followup" ? "Validate and reuse the obtained credentials or tokens before changing exploit vectors." : phase === "artifact_ready" ? "Validate and advance the current exploit artifact before switching to a different vector." : request.task;
+  return buildRunTaskInput(request, phaseTask, "exploit", request.context);
+}
+function buildExploitFollowupRunTaskCall(request, previousResult) {
+  const phase = getPhaseFromContext3(request.context, "exploit_phase");
+  const signals = previousResult ? getExploitResultSignals(previousResult) : null;
+  const hasSession = signals?.hasSession ?? false;
+  const hasLoot = signals?.hasLoot ?? false;
+  if (phase === "credential_followup" || hasLoot) {
+    return buildRunTaskInput(
+      request,
+      hasSession ? "Reuse the confirmed foothold or authenticated path and continue the exploit chain without restarting delivery." : "If credential reuse succeeded, continue from the confirmed foothold or authenticated path without restarting the exploit chain.",
+      "exploit",
+      buildPatchedContext(request.context, "exploit_phase", hasSession ? "foothold_active" : "credential_followup")
+    );
+  }
+  if (phase === "artifact_ready") {
+    return buildRunTaskInput(
+      request,
+      hasSession ? "A foothold exists from the validated artifact. Reuse it and continue the chain from that access path." : "If the artifact validated successfully, turn it into data extraction, authenticated access, or foothold confirmation before changing vectors.",
+      "exploit",
+      buildPatchedContext(request.context, "exploit_phase", hasSession ? "foothold_active" : "artifact_ready")
+    );
+  }
+  return null;
+}
+function buildPwnPhaseRunTaskCall(request) {
+  const phase = getPhaseFromContext3(request.context, "pwn_phase");
+  const phaseTask = phase === "foothold_active" ? "Reuse the existing execution foothold and continue post-exploitation or objective completion." : phase === "offset_known" ? "Resume the exploit loop from the known offset and latest payload revision." : phase === "crash_iteration" ? "Reproduce the latest crash and continue debugging from the preserved crash state." : request.task;
+  return buildRunTaskInput(request, phaseTask, "pwn", request.context);
+}
+function buildPwnFollowupRunTaskCall(request, previousResult) {
+  const phase = getPhaseFromContext3(request.context, "pwn_phase");
+  const signals = previousResult ? getPwnResultSignals(previousResult) : null;
+  const hasFoothold2 = signals?.hasFoothold ?? false;
+  const stillCrashing = signals?.stillCrashing ?? false;
+  if (phase === "offset_known") {
+    return buildRunTaskInput(
+      request,
+      hasFoothold2 ? "Execution is confirmed. Reuse the achieved foothold and continue from the working exploit state." : "Use the known offset to perform the narrowest next payload smoke test and confirm progress toward execution.",
+      "pwn",
+      buildPatchedContext(request.context, "pwn_phase", hasFoothold2 ? "foothold_active" : "payload_iteration")
+    );
+  }
+  if (phase === "crash_iteration") {
+    return buildRunTaskInput(
+      request,
+      stillCrashing ? "The crash state persists. Apply the narrowest next debugging or payload mutation step from the preserved crash state." : hasFoothold2 ? "Execution is confirmed. Reuse the achieved foothold and continue from the working exploit state." : "Apply the narrowest next debugging or payload mutation step from the preserved crash state.",
+      "pwn",
+      buildPatchedContext(
+        request.context,
+        "pwn_phase",
+        hasFoothold2 ? "foothold_active" : stillCrashing ? "crash_iteration" : "payload_iteration"
+      )
+    );
+  }
+  return null;
+}
+async function executeExploitMiniLoop(toolRegistry, request) {
+  return executeTwoStepLoop(
+    (call) => toolRegistry.execute(call),
+    buildExploitPhaseRunTaskCall(request),
+    (firstResult) => buildExploitFollowupRunTaskCall(request, firstResult),
+    getExploitResultSignals
+  );
+}
+async function executeExploitDirectBoundedLoop(toolRegistry, request, boundedCall) {
+  if (!boundedCall) {
+    return executeExploitMiniLoop(toolRegistry, request);
+  }
+  return executeTwoStepLoop(
+    (call) => toolRegistry.execute(call),
+    boundedCall,
+    (firstResult) => buildExploitFollowupRunTaskCall(request, firstResult),
+    getExploitResultSignals
+  );
+}
+async function executePwnMiniLoop(toolRegistry, request) {
+  return executeTwoStepLoop(
+    (call) => toolRegistry.execute(call),
+    buildPwnPhaseRunTaskCall(request),
+    (firstResult) => buildPwnFollowupRunTaskCall(request, firstResult),
+    getPwnResultSignals
+  );
+}
+async function executePwnDirectBoundedLoop(toolRegistry, request, boundedCall) {
+  if (!boundedCall) {
+    return executePwnMiniLoop(toolRegistry, request);
+  }
+  return executeTwoStepLoop(
+    (call) => toolRegistry.execute(call),
+    boundedCall,
+    (firstResult) => buildPwnFollowupRunTaskCall(request, firstResult),
+    getPwnResultSignals
+  );
+}
+
+// src/agents/main-agent/delegated-auto-executor-calls.ts
+function buildDelegatedRunTaskCall(request) {
+  return {
+    name: TOOL_NAMES.RUN_TASK,
+    input: {
+      task: request.task,
+      ...request.workerType ? { worker_type: request.workerType } : {},
+      ...request.resumeTaskId ? { resume_task_id: request.resumeTaskId } : {},
+      ...request.target ? { target: request.target } : {},
+      ...request.context ? { context: request.context } : {}
+    }
+  };
+}
+function buildBoundedDelegatedToolCall(request) {
+  if (!request.boundedTool || !request.boundedCommand) {
+    return null;
+  }
+  return {
+    name: request.boundedTool,
+    input: {
+      command: request.boundedCommand,
+      ...request.boundedTimeout ? { timeout: request.boundedTimeout } : {}
+    }
+  };
+}
+
+// src/agents/main-agent/delegated-auto-execution-strategies.ts
+var DEFAULT_DELEGATED_EXECUTION_STRATEGY = async (toolRegistry, request) => toolRegistry.execute(buildDelegatedRunTaskCall(request));
+var SHELL_SUPERVISOR_STRATEGY = async (toolRegistry, request) => await executeShellSupervisorMiniLoop(toolRegistry) || await toolRegistry.execute(buildDelegatedRunTaskCall(request));
+var EXPLOIT_STRATEGY = async (toolRegistry, request) => executeExploitDirectBoundedLoop(
+  toolRegistry,
+  request,
+  buildBoundedDelegatedToolCall(request)
+);
+var PWN_STRATEGY = async (toolRegistry, request) => executePwnDirectBoundedLoop(
+  toolRegistry,
+  request,
+  buildBoundedDelegatedToolCall(request)
+);
+var DELEGATED_EXECUTION_STRATEGIES = {
+  "shell-supervisor": SHELL_SUPERVISOR_STRATEGY,
+  exploit: EXPLOIT_STRATEGY,
+  pwn: PWN_STRATEGY
+};
+async function executeDelegatedRequestByStrategy(toolRegistry, request) {
+  const strategy = request.workerType ? DELEGATED_EXECUTION_STRATEGIES[request.workerType] : void 0;
+  return (strategy ?? DEFAULT_DELEGATED_EXECUTION_STRATEGY)(toolRegistry, request);
+}
+
+// src/agents/main-agent/delegated-auto-executor.ts
+var DelegatedAutoExecutor = class {
+  canExecutePending(runtime) {
+    return runtime.canAutoExecute() && shouldAutoExecuteDelegatedRequest(runtime.peek());
+  }
+  async executePending(runtime, toolRegistry) {
+    if (!toolRegistry) {
+      return null;
+    }
+    const request = runtime.peek();
+    if (!request || !this.canExecutePending(runtime)) {
+      return null;
+    }
+    runtime.markAutoExecutionAttempt();
+    const result = await executeDelegatedRequestByStrategy(toolRegistry, request);
+    runtime.setLastExecutionResult(result);
+    if (result.success) {
+      runtime.consume();
+    }
+    return result;
+  }
+};
+
+// src/agents/main-agent/prompt-assembly.ts
+async function buildMainAgentPrompt(promptBuilder, state, userInput, delegatedExecution, memory) {
+  const basePrompt = await promptBuilder.build(
+    userInput,
+    state.getPhase() || PHASES.RECON,
+    memory
+  );
+  return [basePrompt, delegatedExecution.request, delegatedExecution.result].filter(Boolean).join("\n\n");
+}
+
+// src/agents/main-agent/exploit-lifecycle.ts
+function shellEscape(value) {
+  return `'${value.replace(/'/g, `'"'"'`)}'`;
+}
+function getReplayableExploitCommand(task) {
+  const candidates = [task.resumeHint || "", ...task.tried].map((value) => value.trim()).filter(Boolean);
+  return candidates.find(
+    (candidate) => /^(?:curl|hydra|sqlmap|psql|mysql|ssh|ftp|smbclient|xfreerdp|evil-winrm)\s+/i.test(candidate)
+  ) || null;
+}
+function getUrlCandidate(task) {
+  const candidates = [
+    task.target || "",
+    ...task.assets,
+    ...task.findings,
+    task.summary,
+    task.resumeHint || ""
+  ].map((value) => value.trim()).filter(Boolean);
+  for (const candidate of candidates) {
+    const urlMatch = candidate.match(/https?:\/\/[^\s"'`]+/i);
+    if (urlMatch?.[0]) {
+      return urlMatch[0];
+    }
+    const assetMatch = candidate.match(/^url:(https?:\/\/.+)$/i);
+    if (assetMatch?.[1]) {
+      return assetMatch[1].trim();
+    }
+  }
+  return null;
+}
+function getTokenProbe(task) {
+  for (const item of task.loot) {
+    const normalized = item.trim();
+    const tokenMatch = normalized.match(/(?:bearer\s+token|token)\s*:\s*(.+)$/i);
+    if (tokenMatch?.[1]) {
+      return {
+        header: "Authorization",
+        secret: `Bearer ${tokenMatch[1].trim()}`
+      };
+    }
+    const apiKeyMatch = normalized.match(/(?:api[_ -]?key|apikey)\s*:\s*(.+)$/i);
+    if (apiKeyMatch?.[1]) {
+      return {
+        header: "X-API-Key",
+        secret: apiKeyMatch[1].trim()
+      };
+    }
+  }
+  return null;
+}
+function getJoinedExploitEvidence(task) {
+  return [
+    task.target || "",
+    task.summary,
+    task.resumeHint || "",
+    ...task.assets,
+    ...task.findings,
+    ...task.tried,
+    ...task.loot
+  ].join(" ").toLowerCase();
+}
+function getCredentialPair(task) {
+  let username = null;
+  let password = null;
+  for (const item of task.loot) {
+    const normalized = item.trim();
+    const combinedMatch = normalized.match(/^([^\s:]+)\s+password:\s*(.+)$/i);
+    if (combinedMatch?.[1] && combinedMatch?.[2]) {
+      username = combinedMatch[1].trim();
+      password = combinedMatch[2].trim();
+      break;
+    }
+    const userMatch = normalized.match(/^(?:username|user)\s*:\s*(.+)$/i);
+    if (userMatch?.[1]) {
+      username = userMatch[1].trim();
+    }
+    const passwordMatch = normalized.match(/^password\s*:\s*(.+)$/i);
+    if (passwordMatch?.[1]) {
+      password = passwordMatch[1].trim();
+    }
+  }
+  return username && password ? { username, password } : null;
+}
+function getHostCandidate(task) {
+  const url = getUrlCandidate(task);
+  if (url) {
+    try {
+      return new URL(url).host;
+    } catch {
+      return null;
+    }
+  }
+  const target = (task.target || "").trim();
+  if (!target) {
+    return null;
+  }
+  if (/^https?:\/\//i.test(target)) {
+    try {
+      return new URL(target).host;
+    } catch {
+      return null;
+    }
+  }
+  return target;
+}
+function getServiceHint(task) {
+  const evidence = getJoinedExploitEvidence(task);
+  if (evidence.includes("ssh")) return "ssh";
+  if (evidence.includes("ftp")) return "ftp";
+  if (evidence.includes("smb") || evidence.includes("445")) return "smb";
+  if (evidence.includes("winrm") || evidence.includes("5985") || evidence.includes("5986")) return "winrm";
+  if (evidence.includes("rdp") || evidence.includes("3389")) return "rdp";
+  if (evidence.includes("ldap") || evidence.includes("389") || evidence.includes("636")) return "ldap";
+  if (evidence.includes("mysql")) return "mysql";
+  if (evidence.includes("postgres") || evidence.includes("psql")) return "postgres";
+  if (evidence.includes("http") || evidence.includes("https") || evidence.includes("web")) return "http";
+  return null;
+}
+function getServicePort(service) {
+  switch (service) {
+    case "ssh":
+      return 22;
+    case "ftp":
+      return 21;
+    case "http":
+      return 80;
+    case "mysql":
+      return 3306;
+    case "postgres":
+      return 5432;
+    case "smb":
+      return 445;
+    case "winrm":
+      return 5985;
+    case "rdp":
+      return 3389;
+    case "ldap":
+      return 389;
+    default:
+      return null;
+  }
+}
+function getVectorBoundedCommand(task) {
+  const url = getUrlCandidate(task);
+  if (url) {
+    return `curl -fsSIL ${shellEscape(url)}`;
+  }
+  const host = getHostCandidate(task);
+  const service = getServiceHint(task);
+  const port = getServicePort(service);
+  if (host && port) {
+    return `nc -vz -w 5 ${shellEscape(host)} ${port}`;
+  }
+  return void 0;
+}
+function getCredentialBoundedCommand(task, replayableCommand) {
+  if (replayableCommand) {
+    return replayableCommand;
+  }
+  const url = getUrlCandidate(task);
+  const tokenProbe = getTokenProbe(task);
+  if (url && tokenProbe) {
+    return `curl -fsSIL -H ${shellEscape(`${tokenProbe.header}: ${tokenProbe.secret}`)} ${shellEscape(url)}`;
+  }
+  const pair = getCredentialPair(task);
+  const host = getHostCandidate(task);
+  const service = getServiceHint(task);
+  if (pair && host && service === "ssh") {
+    return `sshpass -p ${shellEscape(pair.password)} ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 ${shellEscape(`${pair.username}@${host}`)} id`;
+  }
+  if (pair && host && service === "ftp") {
+    return `curl -fsS --user ${shellEscape(`${pair.username}:${pair.password}`)} --max-time 5 ${shellEscape(`ftp://${host}/`)}`;
+  }
+  if (pair && service === "http") {
+    const httpTarget = url || (host ? `http://${host}` : null);
+    if (httpTarget) {
+      return `curl -fsSIL -u ${shellEscape(`${pair.username}:${pair.password}`)} ${shellEscape(httpTarget)}`;
+    }
+  }
+  if (pair && host && service === "mysql") {
+    return `mysql -h ${shellEscape(host)} -u ${shellEscape(pair.username)} -p${pair.password} -e 'SELECT 1;'`;
+  }
+  if (pair && host && service === "postgres") {
+    return `PGPASSWORD=${shellEscape(pair.password)} psql -h ${shellEscape(host)} -U ${shellEscape(pair.username)} -c 'SELECT 1;' postgres`;
+  }
+  if (pair && host && service === "smb") {
+    return `smbclient -L ${shellEscape(`//${host}/`)} -U ${shellEscape(`${pair.username}%${pair.password}`)} -m SMB3`;
+  }
+  if (pair && host && service === "winrm") {
+    return `evil-winrm -i ${shellEscape(host)} -u ${shellEscape(pair.username)} -p ${shellEscape(pair.password)} -c whoami`;
+  }
+  if (pair && host && service === "rdp") {
+    return `xfreerdp /cert:ignore /auth-only /u:${shellEscape(pair.username)} /p:${shellEscape(pair.password)} /v:${shellEscape(host)}`;
+  }
+  if (pair && host && service === "ldap") {
+    return `ldapwhoami -x -H ${shellEscape(`ldap://${host}`)} -D ${shellEscape(pair.username)} -w ${shellEscape(pair.password)}`;
+  }
+  return void 0;
+}
+function hasCredentialLoot(task) {
+  return task.loot.some((item) => {
+    const normalized = item.toLowerCase();
+    return normalized.includes("password") || normalized.includes("credential") || normalized.includes("hash") || normalized.includes("token") || normalized.includes("key");
+  });
+}
+function hasFoothold(task) {
+  return task.sessions.length > 0 || task.assets.some((asset) => {
+    const normalized = asset.toLowerCase();
+    return normalized.includes("shell:") || normalized.includes("stabilized_shell:") || normalized.includes("post_exploitation_shell:") || normalized.includes("listener:") || normalized.includes("session:") || normalized.includes("foothold");
+  });
+}
+function getArtifactPath(task) {
+  for (const asset of task.assets) {
+    const trimmed = asset.trim();
+    const artifactMatch = trimmed.match(/^artifact:(.+)$/i);
+    if (artifactMatch?.[1]) {
+      return artifactMatch[1].trim();
+    }
+    if (trimmed.startsWith("/") || trimmed.startsWith("./")) {
+      return trimmed;
+    }
+  }
+  return null;
+}
+function getArtifactKind(task, artifactPath, artifactUrl) {
+  const evidence = getJoinedExploitEvidence(task);
+  if (artifactUrl) {
+    if (artifactUrl.match(/\.(php|asp|aspx|jsp|jspx|cfm)(?:[?#].*)?$/i) || evidence.includes("webshell")) {
+      return "webshell";
+    }
+    return "url";
+  }
+  if (!artifactPath) {
+    return null;
+  }
+  if (artifactPath.match(/\.(sql|sqlite|db|mdb|bak|dump)(?:\.[a-z0-9]+)?$/i) || evidence.includes("dump")) {
+    return "database_dump";
+  }
+  if (artifactPath.startsWith("//") || evidence.includes("smb share") || evidence.includes("share:")) {
+    return "smb_share";
+  }
+  return "file";
+}
+function getArtifactBoundedCommand(kind, artifactPath, artifactUrl) {
+  if (!kind) {
+    return void 0;
+  }
+  if (kind === "webshell" && artifactUrl) {
+    return `curl -fsSIL ${shellEscape(artifactUrl)} && curl -fsS ${shellEscape(artifactUrl)} | head -n 5`;
+  }
+  if (kind === "url" && artifactUrl) {
+    return `curl -fsSIL ${shellEscape(artifactUrl)}`;
+  }
+  if (kind === "database_dump" && artifactPath) {
+    return `test -e ${artifactPath} && ls -lh ${artifactPath} && file ${artifactPath} 2>/dev/null && head -n 5 ${artifactPath} 2>/dev/null`;
+  }
+  if (kind === "smb_share" && artifactPath) {
+    return `smbclient -L ${shellEscape(artifactPath)} -N -m SMB3`;
+  }
+  if (kind === "file" && artifactPath) {
+    return `test -e ${artifactPath} && ls -l ${artifactPath} && file ${artifactPath} 2>/dev/null`;
+  }
+  return void 0;
+}
+function getExploitLifecycleSnapshot(task) {
+  const replayableCommand = getReplayableExploitCommand(task);
+  if (hasFoothold(task)) {
+    return {
+      phase: "foothold_active",
+      recommendation: "A foothold already exists. Reuse the current access path and continue the exploit chain from that foothold.",
+      boundedTool: "exploit_foothold_check",
+      boundedCommand: replayableCommand || void 0,
+      boundedTimeout: 4e3,
+      boundedInstruction: "Run one narrow foothold validation step before expanding the exploit chain."
+    };
+  }
+  if (hasCredentialLoot(task)) {
+    return {
+      phase: "credential_followup",
+      recommendation: "Credentials or tokens exist. Prioritize validation, reuse, and pivot from the current exploit chain.",
+      boundedTool: "exploit_credential_check",
+      boundedCommand: getCredentialBoundedCommand(task, replayableCommand),
+      boundedTimeout: 5e3,
+      boundedInstruction: "Run one bounded credential or token validation step before changing exploit vectors."
+    };
+  }
+  if (task.assets.length > 0) {
+    const artifactPath = getArtifactPath(task);
+    const artifactUrl = getUrlCandidate(task);
+    const artifactKind = getArtifactKind(task, artifactPath, artifactUrl);
+    return {
+      phase: "artifact_ready",
+      recommendation: "The exploit chain produced reusable artifacts. Validate and advance the current artifact before changing vectors.",
+      boundedTool: "exploit_artifact_check",
+      boundedCommand: getArtifactBoundedCommand(artifactKind, artifactPath, artifactUrl),
+      boundedTimeout: 3e3,
+      boundedInstruction: artifactKind === "webshell" ? "Run one bounded webshell validation step before replacing the current foothold artifact." : artifactKind === "database_dump" ? "Run one bounded dump validation step before replacing or parsing the recovered database artifact." : artifactKind === "smb_share" ? "Run one bounded share validation step before changing the current artifact path." : "Run one bounded artifact validation step before replacing the current artifact."
+    };
+  }
+  return {
+    phase: "vector_active",
+    recommendation: "The current exploit vector is still active. Continue adapting it before switching to a new chain.",
+    boundedTool: "exploit_vector_check",
+    boundedCommand: getVectorBoundedCommand(task),
+    boundedTimeout: 5e3,
+    boundedInstruction: "Run one bounded target reachability or service confirmation step before abandoning the current exploit vector."
+  };
+}
+
+// src/agents/main-agent/pwn-lifecycle.ts
+function joinedEvidence(task) {
+  return [
+    task.summary,
+    task.resumeHint,
+    task.waitingOn,
+    ...task.tried,
+    ...task.findings,
+    ...task.assets
+  ].filter(Boolean).join(" ").toLowerCase();
+}
+function getReplayableCommand(task) {
+  const candidates = [...task.tried, task.resumeHint || ""].map((value) => value.trim()).filter(Boolean);
+  return candidates.find(
+    (candidate) => /^(?:\.\/|\/|python(?:3)?\b|gdb\b|qemu(?:-[\w-]+)?\b|nc\b)/i.test(candidate) || candidate.includes("pwntools")
+  ) || null;
+}
+function getCandidateBinaryPath(task) {
+  const candidates = [...task.assets, ...task.findings, task.summary, task.task, task.resumeHint || ""].map((value) => value.trim()).filter(Boolean);
+  for (const candidate of candidates) {
+    const artifactMatch = candidate.match(/^artifact:(.+)$/i);
+    const normalized = artifactMatch?.[1]?.trim() || candidate;
+    if (normalized.startsWith("./") || normalized.startsWith("/")) {
+      return normalized;
+    }
+    const embeddedPath = normalized.match(/(\.\/[A-Za-z0-9_./-]+|\/[A-Za-z0-9_./-]+)/);
+    if (embeddedPath?.[1]) {
+      return embeddedPath[1];
+    }
+  }
+  return null;
+}
+function getCandidateCorePath(task) {
+  const candidates = [...task.assets, ...task.findings, task.summary].map((value) => value.trim()).filter(Boolean);
+  for (const candidate of candidates) {
+    const artifactMatch = candidate.match(/^artifact:(.+)$/i);
+    const normalized = artifactMatch?.[1]?.trim() || candidate;
+    if (normalized.match(/(?:^|\/)core(?:\.[A-Za-z0-9_-]+)?$/i)) {
+      return normalized;
+    }
+    const embeddedCore = normalized.match(/(\.\/core(?:\.[A-Za-z0-9_-]+)?|\/[A-Za-z0-9_./-]*core(?:\.[A-Za-z0-9_-]+)?)/i);
+    if (embeddedCore?.[1]) {
+      return embeddedCore[1];
+    }
+  }
+  return null;
+}
+function getPwnProbeKind(replayableCommand, binaryPath, corePath) {
+  if (binaryPath && corePath) {
+    return "core_gdb";
+  }
+  if (replayableCommand?.startsWith("gdb ")) {
+    return "gdb_replay";
+  }
+  return "binary_smoke";
+}
+function getBoundedPwnCommand(kind, replayableCommand, binaryPath, corePath) {
+  if (kind === "core_gdb" && binaryPath && corePath) {
+    return `gdb -q ${binaryPath} ${corePath} -batch -ex 'info registers' -ex 'bt'`;
+  }
+  if (kind === "gdb_replay" && replayableCommand) {
+    return replayableCommand;
+  }
+  if (replayableCommand) {
+    return replayableCommand;
+  }
+  if (binaryPath) {
+    return `test -x ${binaryPath} && timeout 5 ${binaryPath} </dev/null`;
+  }
+  return void 0;
+}
+function getPwnLifecycleSnapshot(task) {
+  const evidence = joinedEvidence(task);
+  const replayableCommand = getReplayableCommand(task);
+  const binaryPath = getCandidateBinaryPath(task);
+  const corePath = getCandidateCorePath(task);
+  const probeKind = getPwnProbeKind(replayableCommand, binaryPath, corePath);
+  if (task.sessions.length > 0 || task.assets.some((asset) => {
+    const normalized = asset.toLowerCase();
+    return normalized.includes("shell:") || normalized.includes("stabilized_shell:") || normalized.includes("post_exploitation_shell:");
+  })) {
+    return {
+      phase: "foothold_active",
+      recommendation: "The pwn chain already produced execution. Reuse the existing foothold instead of restarting the exploit loop."
+    };
+  }
+  if (evidence.includes("offset") || evidence.includes("pattern") || evidence.includes("eip") || evidence.includes("rip")) {
+    return {
+      phase: "offset_known",
+      recommendation: "Offsets or control primitives are known. Resume from the latest payload iteration instead of rediscovering the crash.",
+      boundedTool: "pwn_offset_check",
+      boundedCommand: getBoundedPwnCommand(probeKind, replayableCommand, binaryPath, corePath),
+      boundedTimeout: 5e3,
+      boundedInstruction: probeKind === "core_gdb" ? "Run one bounded gdb register/backtrace check against the saved core state before changing the payload." : probeKind === "gdb_replay" ? "Run one bounded gdb replay step against the latest exploit revision before changing the payload." : "Run one bounded offset verification step against the latest exploit revision."
+    };
+  }
+  if (evidence.includes("crash") || evidence.includes("segfault") || evidence.includes("core")) {
+    return {
+      phase: "crash_iteration",
+      recommendation: "A crash state exists. Preserve it and continue the debug loop from the latest observed crash.",
+      boundedTool: "pwn_crash_repro",
+      boundedCommand: getBoundedPwnCommand(probeKind, replayableCommand, binaryPath, corePath),
+      boundedTimeout: 1e4,
+      boundedInstruction: probeKind === "core_gdb" ? "Inspect the saved core state once and preserve the exact crash context before changing the exploit loop." : probeKind === "gdb_replay" ? "Replay the latest gdb-driven crash once and preserve the exact crash state." : "Reproduce the latest crash once and preserve the exact crash state."
+    };
+  }
+  return {
+    phase: "payload_iteration",
+    recommendation: "The pwn loop is still iterating payload design. Continue from the latest payload revision and observations.",
+    boundedTool: "pwn_payload_smoke",
+    boundedCommand: getBoundedPwnCommand(probeKind, replayableCommand, binaryPath, corePath),
+    boundedTimeout: 5e3,
+    boundedInstruction: probeKind === "gdb_replay" ? "Run one bounded gdb-guided smoke step from the latest payload revision." : "Run one bounded payload smoke test from the latest payload revision."
+  };
+}
+
+// src/agents/main-agent/delegated-task-handoff.ts
+function buildLifecycleSnapshot(decision) {
+  const task = decision.task;
+  if (decision.preferredWorkerType !== "shell-supervisor") {
+    if (decision.preferredWorkerType === "exploit") {
+      return getExploitLifecycleSnapshot(task);
+    }
+    if (decision.preferredWorkerType === "pwn") {
+      return getPwnLifecycleSnapshot(task);
+    }
+    return null;
+  }
+  return getShellSupervisorLifecycleSnapshot();
+}
+function buildDelegatedRequestContext(decision, lifecycleSnapshot) {
+  const task = decision.task;
+  if (!lifecycleSnapshot) {
+    return task.summary;
+  }
+  if (decision.preferredWorkerType === "exploit") {
+    return [
+      task.summary,
+      `exploit_phase=${lifecycleSnapshot.phase}`,
+      `recommendation=${lifecycleSnapshot.recommendation}`
+    ].filter(Boolean).join(" | ");
   }
-  return toolRegistry.execute(singleCall);
+  if (decision.preferredWorkerType === "pwn") {
+    return [
+      task.summary,
+      `pwn_phase=${lifecycleSnapshot.phase}`,
+      `recommendation=${lifecycleSnapshot.recommendation}`
+    ].filter(Boolean).join(" | ");
+  }
+  const shellSnapshot = lifecycleSnapshot;
+  return [
+    task.summary,
+    `shell_phase=${shellSnapshot.phase}`,
+    shellSnapshot.listenerId ? `listener=${shellSnapshot.listenerId}` : "",
+    shellSnapshot.activeShellId ? `active_shell=${shellSnapshot.activeShellId}` : "",
+    `recommendation=${shellSnapshot.recommendation}`
+  ].filter(Boolean).join(" | ");
 }
-async function executeExploitMiniLoop(toolRegistry, request) {
-  return executeTwoStepLoop(
-    toolRegistry,
-    buildExploitPhaseRunTaskCall(request),
-    (firstResult) => buildExploitFollowupRunTaskCall(request, firstResult),
-    getExploitResultSignals
-  );
+function buildDelegatedExecutionRequest(decision, context, lifecycleSnapshot) {
+  const task = decision.task;
+  const preferredWorkerType = decision.preferredWorkerType;
+  const requestTask = task.resumeHint || task.task;
+  const boundedLifecycle = preferredWorkerType === "exploit" || preferredWorkerType === "pwn" ? lifecycleSnapshot : null;
+  return {
+    task: requestTask,
+    workerType: preferredWorkerType,
+    resumeTaskId: task.id,
+    target: task.target,
+    context,
+    boundedTool: preferredWorkerType ? getRecommendedBoundedTool({
+      task: requestTask,
+      workerType: preferredWorkerType,
+      target: task.target,
+      context
+    }) ?? void 0 : void 0,
+    boundedCommand: boundedLifecycle?.boundedCommand,
+    boundedTimeout: boundedLifecycle?.boundedTimeout,
+    boundedInstruction: preferredWorkerType ? boundedLifecycle?.boundedInstruction || buildDelegatedExecutionPlan({
+      task: requestTask,
+      workerType: preferredWorkerType,
+      target: task.target,
+      context
+    }) : void 0
+  };
 }
-async function executeExploitDirectBoundedLoop(toolRegistry, request) {
-  const boundedCall = buildBoundedDelegatedToolCall(request);
-  if (!boundedCall) {
-    return executeExploitMiniLoop(toolRegistry, request);
-  }
-  return executeTwoStepLoop(
-    toolRegistry,
-    boundedCall,
-    (firstResult) => buildExploitFollowupRunTaskCall(request, firstResult),
-    getExploitResultSignals
-  );
+function buildDelegatedTaskHandoff(decision) {
+  const task = decision.task;
+  const preferredWorkerType = decision.preferredWorkerType;
+  const lifecycleSnapshot = buildLifecycleSnapshot(decision);
+  const context = buildDelegatedRequestContext(decision, lifecycleSnapshot);
+  const delegatedExecutionRequest = buildDelegatedExecutionRequest(decision, context, lifecycleSnapshot);
+  const executionPlan = buildDelegatedExecutionPlan(delegatedExecutionRequest);
+  const details = [
+    `Resume delegated task: ${task.task}.`,
+    `Delegated task ID: ${task.id}.`,
+    `Scheduler reason: ${decision.reason}`,
+    `Scheduler cycle count: ${decision.resumeCount + 1}.`,
+    `Current status: ${task.status}.`,
+    task.waitingOn ? `Waiting on: ${task.waitingOn}.` : "",
+    task.assets.length > 0 ? `Reuse assets: ${task.assets.join(", ")}.` : "",
+    task.sessions.length > 0 ? `Reuse sessions: ${task.sessions.join(", ")}.` : "",
+    task.resumeHint ? `Resume guidance: ${task.resumeHint}.` : "",
+    preferredWorkerType ? `Preferred worker: ${preferredWorkerType}.` : "",
+    delegatedExecutionRequest.boundedTool ? `Bounded tool: ${delegatedExecutionRequest.boundedTool}.` : "",
+    delegatedExecutionRequest.boundedCommand ? `Bounded command candidate: ${delegatedExecutionRequest.boundedCommand}.` : "",
+    preferredWorkerType ? `Delegation policy: if this requires multi-step follow-up, call run_task with worker_type="${preferredWorkerType}" and resume_task_id="${task.id}" for this selected task before creating any unrelated delegated chain.` : "",
+    `Execution hint: ${executionPlan}`,
+    "Execution policy: continue the selected delegated chain first. Do not switch to a different active delegated task until this one is advanced or invalidated.",
+    "Goal: continue the existing chain instead of creating a duplicate operation."
+  ].filter(Boolean);
+  return {
+    shouldForwardToMain: true,
+    forwardedInput: details.join(" "),
+    directResponse: "",
+    shouldWritePolicy: false,
+    policyDocument: "",
+    policyUpdateSummary: "",
+    insightSummary: `Auto-resume delegated task ${task.id} via handoff builder.`,
+    delegatedExecutionRequest,
+    success: true
+  };
 }
-async function executePwnMiniLoop(toolRegistry, request) {
-  return executeTwoStepLoop(
-    toolRegistry,
-    buildPwnPhaseRunTaskCall(request),
-    (firstResult) => buildPwnFollowupRunTaskCall(request, firstResult),
-    getPwnResultSignals
-  );
+
+// src/agents/main-agent/user-input-runtime.ts
+function collectPendingUserInputs(userInputQueue, pendingInitialUserInput) {
+  const drained = userInputQueue.drain();
+  return [
+    ...pendingInitialUserInput ? [pendingInitialUserInput] : [],
+    ...drained.map((item) => item.text)
+  ].map((text) => text.trim()).filter(Boolean);
 }
-async function executePwnDirectBoundedLoop(toolRegistry, request) {
-  const boundedCall = buildBoundedDelegatedToolCall(request);
-  if (!boundedCall) {
-    return executePwnMiniLoop(toolRegistry, request);
-  }
-  return executeTwoStepLoop(
-    toolRegistry,
-    boundedCall,
-    (firstResult) => buildPwnFollowupRunTaskCall(request, firstResult),
-    getPwnResultSignals
-  );
+function appendUserInput(existing, next) {
+  return existing.trim() === "" ? next : `${existing}
+
+${next}`;
 }
-async function executeTwoStepLoop(toolRegistry, firstCall, buildFollowupCall, getSignals) {
-  const firstResult = await toolRegistry.execute(firstCall);
-  if (!firstResult.success) {
-    return firstResult;
-  }
-  const followupCall = buildFollowupCall(firstResult);
-  if (!followupCall || !getSignals(firstResult).indicatesProgress) {
-    return firstResult;
+function normalizeInputProcessorResult(result, fallbackInput) {
+  if (!result.success) {
+    return {
+      shouldForwardToMain: true,
+      forwardedInput: fallbackInput,
+      directResponse: "",
+      shouldWritePolicy: false,
+      policyDocument: "",
+      policyUpdateSummary: "",
+      insightSummary: "Input processor fallback: forwarded raw input.",
+      success: false
+    };
   }
-  const followupResult = await toolRegistry.execute(followupCall);
-  return combineToolResults([firstResult, followupResult]);
+  return {
+    ...result,
+    forwardedInput: result.forwardedInput.trim() || fallbackInput,
+    directResponse: result.directResponse.trim(),
+    policyDocument: result.policyDocument.trim(),
+    policyUpdateSummary: result.policyUpdateSummary.trim(),
+    insightSummary: result.insightSummary.trim()
+  };
 }
-var DelegatedAutoExecutor = class {
-  canExecutePending(runtime) {
-    return runtime.canAutoExecute() && shouldAutoExecuteDelegatedRequest(runtime.peek());
+function buildAutoResumeResult(state, delegatedTaskQueue) {
+  const activeTasks = state.getActiveDelegatedTasks();
+  const decision = delegatedTaskQueue.next(activeTasks);
+  if (!decision) {
+    return null;
   }
-  async executePending(runtime, toolRegistry) {
-    if (!toolRegistry) {
-      return null;
-    }
-    const request = runtime.peek();
-    if (!request || !this.canExecutePending(runtime)) {
-      return null;
-    }
-    runtime.markAutoExecutionAttempt();
-    const result = request.workerType === "shell-supervisor" ? await executeShellSupervisorMiniLoop(toolRegistry) || await toolRegistry.execute(buildDelegatedRunTaskCall(request)) : request.workerType === "exploit" ? await executeExploitDirectBoundedLoop(toolRegistry, request) : request.workerType === "pwn" ? await executePwnDirectBoundedLoop(toolRegistry, request) : await toolRegistry.execute(buildDelegatedRunTaskCall(request));
-    runtime.setLastExecutionResult(result);
-    if (result.success) {
-      runtime.consume();
-    }
-    return result;
+  delegatedTaskQueue.acknowledge(decision.task.id);
+  return buildDelegatedTaskHandoff(decision);
+}
+function buildQueueSnapshot(userInputQueue) {
+  return {
+    count: userInputQueue.pendingCount(),
+    preview: userInputQueue.peek().map((item) => item.text)
+  };
+}
+
+// src/agents/main-agent/queue-facade.ts
+function emitMainAgentQueueUpdated(events, userInputQueue) {
+  events.emit({
+    type: EVENT_TYPES.QUEUE_UPDATED,
+    timestamp: Date.now(),
+    data: buildQueueSnapshot(userInputQueue)
+  });
+}
+function enqueueMainAgentUserInput(userInputQueue, events, text) {
+  userInputQueue.enqueue(text);
+  emitMainAgentQueueUpdated(events, userInputQueue);
+}
+function dequeueMainAgentUserInput(userInputQueue, events) {
+  const value = userInputQueue.dequeueLast();
+  emitMainAgentQueueUpdated(events, userInputQueue);
+  return value;
+}
+function getMainAgentPendingUserInputPreview(userInputQueue) {
+  return userInputQueue.peek().map((item) => item.text);
+}
+
+// src/agents/main-agent/session-mutations.ts
+async function resetMainAgentSession(state, userInputQueue) {
+  return resetSessionAction(state, userInputQueue);
+}
+function loadMainAgentSession(state) {
+  return session.load(state);
+}
+function saveMainAgentSession(state) {
+  return session.save(state);
+}
+function applyMainAgentScope(state, allowed, exclusions = []) {
+  state.setScope({
+    allowedCidrs: allowed.filter((a) => a.includes("/")),
+    allowedDomains: allowed.filter((a) => !a.includes("/")),
+    exclusions,
+    isDOSAllowed: false,
+    isSocialAllowed: false
+  });
+}
+function addMainAgentTarget(state, events, ip) {
+  state.addTarget({ ip, ports: [], tags: [], firstSeen: Date.now(), hostname: "" });
+  emitStateChange(events, state);
+}
+
+// src/agents/main-agent/delegated-execution-facade.ts
+function resetDelegatedExecutionState(delegatedExecutionRuntime) {
+  delegatedExecutionRuntime.reset();
+}
+function setDelegatedExecutionRequest(delegatedExecutionRuntime, request) {
+  delegatedExecutionRuntime.set(request);
+}
+function buildDelegatedPromptFragments(delegatedExecutionRuntime) {
+  return {
+    request: delegatedExecutionRuntime.toPromptFragment(),
+    result: delegatedExecutionRuntime.toResultFragment()
+  };
+}
+function getDelegatedExecutionRequest(delegatedExecutionRuntime) {
+  return delegatedExecutionRuntime.peek();
+}
+function consumeDelegatedExecutionRequest(delegatedExecutionRuntime) {
+  return delegatedExecutionRuntime.consume();
+}
+async function executePendingDelegatedRequest(delegatedAutoExecutor, delegatedExecutionRuntime, toolRegistry) {
+  return delegatedAutoExecutor.executePending(delegatedExecutionRuntime, toolRegistry);
+}
+async function maybeAutoExecuteDelegatedRequest(delegatedAutoExecutor, delegatedExecutionRuntime, toolRegistry) {
+  if (!delegatedAutoExecutor.canExecutePending(delegatedExecutionRuntime)) {
+    return null;
   }
-};
+  return executePendingDelegatedRequest(
+    delegatedAutoExecutor,
+    delegatedExecutionRuntime,
+    toolRegistry
+  );
+}
 
 // src/agents/main-agent/main-agent.ts
 var MainAgent = class extends CoreAgent {
@@ -2841,7 +3488,7 @@ var MainAgent = class extends CoreAgent {
     this.inputProcessor = createInputProcessor(this.llm);
     this.sessionRuntime = createSessionRuntime();
     setActiveSessionRuntime(this.sessionRuntime);
-    this.turnCyclePipeline = loadPipelineFromConfig(getPipelineConfig(), {
+    this.turnCyclePipeline = loadPipelineFromConfig(getRuntimePipelineConfig(), {
       llm: this.llm,
       conditions: getConditionRegistry(),
       key: "turn_cycle"
@@ -2852,7 +3499,7 @@ var MainAgent = class extends CoreAgent {
     this.userInput = "";
     this.pendingInitialUserInput = userInput;
     this.delegatedTaskQueue.reset();
-    this.delegatedExecutionRuntime.reset();
+    resetDelegatedExecutionState(this.delegatedExecutionRuntime);
     emitStart(this.events, userInput, this.state);
     initializeTask(this.state);
     try {
@@ -2861,7 +3508,7 @@ var MainAgent = class extends CoreAgent {
       return result.output;
     } finally {
       try {
-        session.save(this.state);
+        saveMainAgentSession(this.state);
       } catch {
       }
       await cleanupAllProcesses();
@@ -2896,10 +3543,10 @@ var MainAgent = class extends CoreAgent {
     };
   }
   async processUserInputTurn() {
-    const messages = this.collectPendingUserInputs();
+    const messages = collectPendingUserInputs(this.userInputQueue, this.pendingInitialUserInput);
     this.pendingInitialUserInput = null;
     if (messages.length === 0) {
-      const autoResume = this.buildAutoResumeResult();
+      const autoResume = buildAutoResumeResult(this.state, this.delegatedTaskQueue);
       if (autoResume) {
         this.updateObjectiveFromInputProcessor(autoResume);
         await this.maybeAutoExecuteDelegatedRequest();
@@ -2914,11 +3561,11 @@ var MainAgent = class extends CoreAgent {
       hasActiveEngagement: this.state.hasActiveEngagement(),
       currentObjective: this.state.currentObjective || ""
     });
-    const normalized = this.normalizeInputProcessorResult(result, rawInput);
+    const normalized = normalizeInputProcessorResult(result, rawInput);
     this.updatePolicyFromInputProcessor(normalized);
     this.updateObjectiveFromInputProcessor(normalized);
     this.events.emit({ type: EVENT_TYPES.QUEUE_DRAINED, timestamp: Date.now() });
-    this.emitQueueUpdated();
+    emitMainAgentQueueUpdated(this.events, this.userInputQueue);
     return normalized;
   }
   updatePolicyFromInputProcessor(result) {
@@ -2927,82 +3574,39 @@ var MainAgent = class extends CoreAgent {
     }
   }
   updateObjectiveFromInputProcessor(result) {
-    this.delegatedExecutionRuntime.set(result.delegatedExecutionRequest);
+    setDelegatedExecutionRequest(this.delegatedExecutionRuntime, result.delegatedExecutionRequest);
     if (result.shouldForwardToMain && result.forwardedInput.trim()) {
-      this.userInput = this.appendUserInput(this.userInput, result.forwardedInput);
+      this.userInput = appendUserInput(this.userInput, result.forwardedInput);
       if (!this.state.hasActiveEngagement()) {
         this.state.currentObjective = result.forwardedInput;
       }
     }
   }
-  normalizeInputProcessorResult(result, fallbackInput) {
-    if (!result.success) {
-      return {
-        shouldForwardToMain: true,
-        forwardedInput: fallbackInput,
-        directResponse: "",
-        shouldWritePolicy: false,
-        policyDocument: "",
-        policyUpdateSummary: "",
-        insightSummary: "Input processor fallback: forwarded raw input.",
-        success: false
-      };
-    }
-    return {
-      ...result,
-      forwardedInput: result.forwardedInput.trim() || fallbackInput,
-      directResponse: result.directResponse.trim(),
-      policyDocument: result.policyDocument.trim(),
-      policyUpdateSummary: result.policyUpdateSummary.trim(),
-      insightSummary: result.insightSummary.trim()
-    };
-  }
-  collectPendingUserInputs() {
-    const drained = this.userInputQueue.drain();
-    return [
-      ...this.pendingInitialUserInput ? [this.pendingInitialUserInput] : [],
-      ...drained.map((item) => item.text)
-    ].map((text) => text.trim()).filter(Boolean);
-  }
-  appendUserInput(existing, next) {
-    return existing.trim() === "" ? next : `${existing}
-
-${next}`;
-  }
-  buildAutoResumeResult() {
-    const activeTasks = this.state.getActiveDelegatedTasks();
-    const decision = this.delegatedTaskQueue.next(activeTasks);
-    if (!decision) {
-      return null;
-    }
-    this.delegatedTaskQueue.acknowledge(decision.task.id);
-    return buildDelegatedTaskHandoff(decision);
-  }
   async buildDynamicPrompt(memory) {
-    const basePrompt = await this.promptBuilder.build(
+    const delegatedExecution = buildDelegatedPromptFragments(this.delegatedExecutionRuntime);
+    return buildMainAgentPrompt(
+      this.promptBuilder,
+      this.state,
       this.userInput,
-      this.state.getPhase() || PHASES.RECON,
+      delegatedExecution,
       memory
     );
-    const delegatedExecutionRequest = this.delegatedExecutionRuntime.toPromptFragment();
-    const delegatedExecutionResult = this.delegatedExecutionRuntime.toResultFragment();
-    return [basePrompt, delegatedExecutionRequest, delegatedExecutionResult].filter(Boolean).join("\n\n");
   }
   // ─── Public API ────────────────────────────────────────────────────────────
   loadPreviousSession() {
-    return session.load(this.state);
+    return loadMainAgentSession(this.state);
   }
   saveCurrentState() {
-    return session.save(this.state);
+    return saveMainAgentSession(this.state);
   }
   async resetSession() {
-    const result = await resetSessionAction(this.state, this.userInputQueue);
+    const result = await resetMainAgentSession(this.state, this.userInputQueue);
     this.userInput = "";
     this.delegatedTaskQueue.reset();
-    this.delegatedExecutionRuntime.reset();
+    resetDelegatedExecutionState(this.delegatedExecutionRuntime);
     return result;
   }
-  setAutoApprove(shouldEnable) {
+  setToolAutoApprove(shouldEnable) {
     this.approvalGate.setAutoApprove(shouldEnable);
   }
   getState() {
@@ -3018,78 +3622,62 @@ ${next}`;
     return this.sessionRuntime;
   }
   getLastDelegatedExecutionRequest() {
-    return this.delegatedExecutionRuntime.peek();
+    return getDelegatedExecutionRequest(this.delegatedExecutionRuntime);
   }
   consumeDelegatedExecutionRequest() {
-    return this.delegatedExecutionRuntime.consume();
+    return consumeDelegatedExecutionRequest(this.delegatedExecutionRuntime);
   }
   async executePendingDelegatedRequest() {
-    return this.delegatedAutoExecutor.executePending(this.delegatedExecutionRuntime, this.toolRegistry);
+    return executePendingDelegatedRequest(
+      this.delegatedAutoExecutor,
+      this.delegatedExecutionRuntime,
+      this.toolRegistry
+    );
   }
   async maybeAutoExecuteDelegatedRequest() {
-    if (!this.delegatedAutoExecutor.canExecutePending(this.delegatedExecutionRuntime)) {
-      return null;
-    }
-    const result = await this.executePendingDelegatedRequest();
-    return result;
+    return maybeAutoExecuteDelegatedRequest(
+      this.delegatedAutoExecutor,
+      this.delegatedExecutionRuntime,
+      this.toolRegistry
+    );
   }
-  setScope(allowed, exclusions = []) {
-    this.state.setScope({
-      allowedCidrs: allowed.filter((a) => a.includes("/")),
-      allowedDomains: allowed.filter((a) => !a.includes("/")),
-      exclusions,
-      isDOSAllowed: false,
-      isSocialAllowed: false
-    });
+  configureTarget(ip, exclusions = []) {
+    addMainAgentTarget(this.state, this.events, ip);
+    applyMainAgentScope(this.state, [ip], exclusions);
   }
   addTarget(ip) {
-    this.state.addTarget({ ip, ports: [], tags: [], firstSeen: Date.now(), hostname: "" });
-    emitStateChange(this.events, this.state);
+    addMainAgentTarget(this.state, this.events, ip);
+  }
+  setScope(allowed, exclusions = []) {
+    applyMainAgentScope(this.state, allowed, exclusions);
   }
   enqueueUserInput(text) {
-    this.userInputQueue.enqueue(text);
-    this.emitQueueUpdated();
+    enqueueMainAgentUserInput(this.userInputQueue, this.events, text);
   }
   dequeueLastUserInput() {
-    const value = this.userInputQueue.dequeueLast();
-    this.emitQueueUpdated();
-    return value;
+    return dequeueMainAgentUserInput(this.userInputQueue, this.events);
   }
   hasPendingUserInput() {
     return this.userInputQueue.hasPending();
   }
-  getPendingUserInputCount() {
-    return this.userInputQueue.pendingCount();
-  }
   getPendingUserInputPreview() {
-    return this.userInputQueue.peek().map((item) => item.text);
-  }
-  emitQueueUpdated() {
-    this.events.emit({
-      type: EVENT_TYPES.QUEUE_UPDATED,
-      timestamp: Date.now(),
-      data: {
-        count: this.getPendingUserInputCount(),
-        preview: this.getPendingUserInputPreview()
-      }
-    });
+    return getMainAgentPendingUserInputPreview(this.userInputQueue);
   }
 };
 
-// src/engine/yaml-runtime.ts
+// src/engine/agent-runtime.ts
 import fs from "fs";
-import path2 from "path";
-var YamlRuntime = class _YamlRuntime {
+import path from "path";
+var AgentRuntime = class _AgentRuntime {
   static build(options) {
-    const cfg = getPipelineConfig();
-    _YamlRuntime.setupWorkspace(cfg.workspace);
+    _AgentRuntime.setupWorkspace(getWorkspaceConfig());
     return new MainAgent(options);
   }
   static setupWorkspace(workspaceCfg) {
     const directories = workspaceCfg?.directories ?? {};
-    for (const [key, dirPath] of Object.entries(directories)) {
+    for (const dirPath of Object.values(directories)) {
       if (dirPath === "DEPRECATED") continue;
-      const resolved = path2.resolve(process.cwd(), dirPath);
+      const resolved = path.resolve(process.cwd(), dirPath);
       if (!fs.existsSync(resolved)) {
         fs.mkdirSync(resolved, { recursive: true });
       }
@@ -3098,11 +3686,48 @@ var YamlRuntime = class _YamlRuntime {
   }
 };
 
+// src/platform/tui/cli/command-runtime.ts
+import chalk from "chalk";
+function ignoreCleanupFailure() {
+}
+async function cleanupCliProcesses() {
+  await cleanupAllProcesses().catch(ignoreCleanupFailure);
+}
+function printAutoApproveWarning(options = {}) {
+  if (options.includeHeader) {
+    console.log(chalk.hex(HEX.red)("[!] WARNING: Running with --dangerously-skip-permissions"));
+  }
+  console.log(chalk.hex(HEX.red)("[!] Strict approval mode will be bypassed by enabling tool auto-approve.\n"));
+}
+function registerShutdownSignals(shutdown) {
+  process.on("SIGINT", () => shutdown(EXIT_CODES.SIGINT));
+  process.on("SIGTERM", () => shutdown(EXIT_CODES.SIGTERM));
+}
+async function writeJsonReport(outputPath, result) {
+  const fs2 = await import("fs/promises");
+  const { dirname } = await import("path");
+  const outputDir = dirname(outputPath);
+  if (outputDir !== ".") {
+    await fs2.mkdir(outputDir, { recursive: true }).catch(ignoreCleanupFailure);
+  }
+  await fs2.writeFile(outputPath, JSON.stringify({ result }, null, 2));
+}
+
+// src/platform/tui/cli/interactive-runtime.tsx
+import React16 from "react";
+import { render } from "ink";
+
+// src/platform/tui/app.tsx
+import { Box as Box18 } from "ink";
+
+// src/platform/tui/hooks/useAgent.ts
+import { useState as useState6, useEffect as useEffect2, useCallback as useCallback6, useRef as useRef6 } from "react";
+
 // src/agents/factory.ts
-function createMainAgent(shouldAutoApprove = false) {
+function createMainAgent(autoApproveTools = false) {
   const state = new SharedState();
   const events = new AgentEventEmitter();
-  const approvalGate = new ApprovalGate(shouldAutoApprove);
+  const approvalGate = new ApprovalGate(autoApproveTools);
   const scopeGuard = new ScopeGuard(state);
   const toolRegistry = new CategorizedToolRegistry(
     state,
@@ -3110,7 +3735,7 @@ function createMainAgent(shouldAutoApprove = false) {
     approvalGate,
     events
   );
-  return YamlRuntime.build({ state, events, toolRegistry, approvalGate, scopeGuard });
+  return AgentRuntime.build({ state, events, toolRegistry, approvalGate, scopeGuard });
 }
 
 // src/platform/tui/hooks/useAgentState.ts
@@ -4289,8 +4914,7 @@ var useAgent = (shouldAutoApprove, target, isTyping = false) => {
   }, [messageQueue.length]);
   useEffect2(() => {
     if (target) {
-      agent.addTarget(target);
-      agent.setScope([target]);
+      agent.configureTarget(target);
     }
   }, [agent, target]);
   useEffect2(() => {
@@ -4516,8 +5140,7 @@ var createTargetCommands = (ctx) => {
       await ctx.agent.resetSession();
       ctx.addMessage("system", UI_STATUS_MESSAGES.TARGET_CLEARED);
     }
-    ctx.agent.addTarget(args[0]);
-    ctx.agent.setScope([args[0]]);
+    ctx.agent.configureTarget(args[0]);
     ctx.addMessage("system", `${UI_STATUS_MESSAGES.TARGET_SET_PREFIX}${args[0]}`);
   };
   const handleStart = async (args) => {
@@ -4527,7 +5150,7 @@ var createTargetCommands = (ctx) => {
     }
     if (!ctx.autoApproveModeRef.current) {
       ctx.setAutoApproveMode(true);
-      ctx.agent.setAutoApprove(true);
+      ctx.agent.setToolAutoApprove(true);
       ctx.addMessage("system", UI_STATUS_MESSAGES.AUTONOMOUS_MODE_ENABLED);
     }
     ctx.addMessage("system", UI_STATUS_MESSAGES.STARTING_PENTEST);
@@ -4927,7 +5550,7 @@ var createToggleCommands = (ctx) => ({
   [UI_COMMANDS.AUTO]: () => {
     ctx.setAutoApproveMode((prev) => {
       const newVal = !prev;
-      ctx.agent.setAutoApprove(newVal);
+      ctx.agent.setToolAutoApprove(newVal);
       ctx.addMessage("system", newVal ? UI_STATUS_MESSAGES.AUTO_APPROVE_ON : UI_STATUS_MESSAGES.AUTO_APPROVE_OFF);
       return newVal;
     });
@@ -7736,9 +8359,9 @@ var SplashScreen = ({
   );
 };
 
-// src/platform/tui/cli/commands/interactive.tsx
+// src/platform/tui/cli/interactive-runtime.tsx
 import { jsx as jsx24 } from "react/jsx-runtime";
-var Root = ({ skipPermissions, target }) => {
+var InteractiveRoot = ({ autoApprove, target }) => {
   const [showSplash, setShowSplash] = React16.useState(true);
   if (showSplash) {
     return /* @__PURE__ */ jsx24(SplashScreen, { durationMs: 3e3, onComplete: () => setShowSplash(false) });
@@ -7746,65 +8369,62 @@ var Root = ({ skipPermissions, target }) => {
   return /* @__PURE__ */ jsx24(
     app_default,
     {
-      autoApprove: skipPermissions,
+      autoApprove,
       target
     }
   );
 };
-async function interactiveAction(options) {
-  const { dangerouslySkipPermissions: skipPermissions = false, target } = options;
-  console.clear();
-  if (skipPermissions) {
-    console.log(chalk.hex(HEX.red)("[!] WARNING: Running with --dangerously-skip-permissions"));
-    console.log(chalk.hex(HEX.red)("[!] All tool executions will be auto-approved!\n"));
-  }
+async function renderInteractiveApp(props) {
   const { waitUntilExit } = render(
-    /* @__PURE__ */ jsx24(AnimationProvider, { children: /* @__PURE__ */ jsx24(Root, { skipPermissions, target }) })
+    /* @__PURE__ */ jsx24(AnimationProvider, { children: /* @__PURE__ */ jsx24(InteractiveRoot, { ...props }) })
   );
   await waitUntilExit();
 }
 
+// src/platform/tui/cli/commands/interactive.tsx
+async function interactiveAction(options) {
+  const { dangerouslySkipPermissions: autoApproveTools = false, target } = options;
+  console.clear();
+  if (autoApproveTools) {
+    printAutoApproveWarning({ includeHeader: true });
+  }
+  await renderInteractiveApp({
+    autoApprove: autoApproveTools,
+    target
+  });
+}
+
 // src/platform/tui/cli/commands/run.ts
 import chalk2 from "chalk";
 async function runAction(objective, options) {
-  const skipPermissions = options.dangerouslySkipPermissions || false;
-  if (skipPermissions) {
-    console.log(chalk2.hex(HEX.red)("[!] WARNING: Running with --dangerously-skip-permissions\n"));
+  const autoApproveTools = options.dangerouslySkipPermissions || false;
+  if (autoApproveTools) {
+    printAutoApproveWarning({ includeHeader: true });
   }
   console.log(chalk2.hex(HEX.primary)(`[target] Objective: ${objective}
 `));
-  const agent = createMainAgent(skipPermissions);
-  if (skipPermissions) {
-    agent.setAutoApprove(true);
+  const agent = createMainAgent(autoApproveTools, options.maxSteps);
+  if (autoApproveTools) {
+    agent.setToolAutoApprove(true);
   }
   if (options.target) {
-    agent.addTarget(options.target);
-    agent.setScope([options.target]);
+    agent.configureTarget(options.target);
   }
   const shutdown = async (exitCode = 0) => {
-    await cleanupAllProcesses().catch(() => {
-    });
+    await cleanupCliProcesses();
     const reqs = getGlobalRequestCount();
     const usage = getGlobalTokenUsage();
     console.log(chalk2.hex(HEX.gray)(`
 [Session Summary] Requests: ${reqs} | In: ${usage.input_tokens} | Out: ${usage.output_tokens}`));
     process.exit(exitCode);
   };
-  process.on("SIGINT", () => shutdown(EXIT_CODES.SIGINT));
-  process.on("SIGTERM", () => shutdown(EXIT_CODES.SIGTERM));
+  registerShutdownSignals(shutdown);
   try {
     const result = await agent.execute(objective);
     console.log(chalk2.hex(HEX.gray)("\n[+] Assessment complete!\n"));
     console.log(result);
     if (options.output) {
-      const fs2 = await import("fs/promises");
-      const { dirname } = await import("path");
-      const outputDir = dirname(options.output);
-      if (outputDir && outputDir !== ".") {
-        await fs2.mkdir(outputDir, { recursive: true }).catch(() => {
-        });
-      }
-      await fs2.writeFile(options.output, JSON.stringify({ result }, null, 2));
+      await writeJsonReport(options.output, result);
       console.log(chalk2.hex(HEX.primary)(`
 [+] Report saved to: ${options.output}`));
     }
@@ -7820,20 +8440,20 @@ async function runAction(objective, options) {
 // src/platform/tui/cli/commands/scan.ts
 import chalk3 from "chalk";
 async function scanAction(target, options) {
-  const skipPermissions = options.dangerouslySkipPermissions || false;
+  const autoApproveTools = options.dangerouslySkipPermissions || false;
   console.log(chalk3.hex(HEX.primary)(`
 [scan] Target: ${target} (${options.scanType})
 `));
-  const agent = createMainAgent(skipPermissions);
-  agent.addTarget(target);
-  agent.setScope([target]);
+  if (autoApproveTools) {
+    printAutoApproveWarning();
+  }
+  const agent = createMainAgent(autoApproveTools);
+  agent.configureTarget(target);
   const shutdown = async (exitCode = 0) => {
-    await cleanupAllProcesses().catch(() => {
-    });
+    await cleanupCliProcesses();
     process.exit(exitCode);
   };
-  process.on("SIGINT", () => shutdown(EXIT_CODES.SIGINT));
-  process.on("SIGTERM", () => shutdown(EXIT_CODES.SIGTERM));
+  registerShutdownSignals(shutdown);
   try {
     await agent.execute(`Perform a ${options.scanType} scan on ${target}${options.ports ? ` focusing on ports ${options.ports}` : ""}. Analyze the results and identify potential vulnerabilities.`);
     console.log(chalk3.hex(HEX.gray)("[+] Scan complete!"));
@@ -7855,7 +8475,7 @@ ${chalk4.hex(HEX.primary)(APP_NAME + " - Autonomous Penetration Testing AI")}
 
   ${chalk4.hex(HEX.gray)("$ pentesting")}                                   Start interactive mode
   ${chalk4.hex(HEX.gray)("$ pentesting -t 192.168.1.1")}                     Start with target
-  ${chalk4.hex(HEX.gray)("$ pentesting --dangerously-skip-permissions")}    Auto-approve all tools
+  ${chalk4.hex(HEX.gray)("$ pentesting --dangerously-skip-permissions")}    Enable tool auto-approve in strict mode
 
 ${chalk4.hex(HEX.yellow)("Commands:")}
 
@@ -7865,7 +8485,7 @@ ${chalk4.hex(HEX.yellow)("Commands:")}
 
 ${chalk4.hex(HEX.yellow)("Options:")}
 
-  ${chalk4.hex(HEX.primary)("--dangerously-skip-permissions")}    Skip all permission prompts
+  ${chalk4.hex(HEX.primary)("--dangerously-skip-permissions")}    Bypass strict approval mode by auto-approving tools
   ${chalk4.hex(HEX.primary)("-t, --target <ip>")}                 Set target
   ${chalk4.hex(HEX.primary)("-o, --output <file>")}               Save results to file
 
@@ -7896,10 +8516,20 @@ ${chalk4.hex(HEX.yellow)("Environment:")}
 `);
 }
 
+// src/platform/tui/cli/args.ts
+import { InvalidArgumentError } from "commander";
+function parsePositiveInt(value) {
+  const parsed = Number.parseInt(value, 10);
+  if (!Number.isInteger(parsed) || parsed <= 0) {
+    throw new InvalidArgumentError("max-steps must be a positive integer");
+  }
+  return parsed;
+}
+
 // src/platform/tui/cli/program.ts
 function createProgram() {
   const program2 = new Command();
-  program2.name("pentesting").version(APP_VERSION).description(APP_DESCRIPTION).option("--dangerously-skip-permissions", "Skip all permission prompts (dangerous!)").option("-t, --target <target>", "Set initial target");
+  program2.name("pentesting").version(APP_VERSION).description(APP_DESCRIPTION).option("--dangerously-skip-permissions", "Enable auto-approve for tool execution in strict approval mode (dangerous!)").option("-t, --target <target>", "Set initial target");
   program2.command("interactive", { isDefault: true }).alias("i").description("Start interactive TUI mode").action(async () => {
     const opts = program2.opts();
     await interactiveAction({
@@ -7907,7 +8537,7 @@ function createProgram() {
       target: opts.target
     });
   });
-  program2.command("run <objective>").alias("r").description("Run a single objective and exit").option("-o, --output <file>", "Output file for results").option("--max-steps <n>", "Maximum number of steps", String(CLI_DEFAULT.MAX_STEPS)).action(async (objective, options) => {
+  program2.command("run <objective>").alias("r").description("Run a single objective and exit").option("-o, --output <file>", "Output file for results").option("--max-steps <n>", "Maximum number of steps", parsePositiveInt, CLI_DEFAULT.MAX_STEPS).action(async (objective, options) => {
     const opts = program2.opts();
     await runAction(objective, {
       ...options,