pentesting 0.73.4 → 0.73.6

package/dist/chunk-KAUE3MSR.js

@@ -0,0 +1,1144 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/shared/constants/system/process.ts
+var EXIT_CODES = {
+  /** Successful execution */
+  SUCCESS: 0,
+  /** General error */
+  GENERAL_ERROR: 1,
+  /** Command not found */
+  COMMAND_NOT_FOUND: 127,
+  /** Process killed by SIGALRM (timeout) */
+  TIMEOUT: 124,
+  /** Process killed by SIGINT (Ctrl+C) */
+  SIGINT: 130,
+  /** Process killed by SIGTERM */
+  SIGTERM: 143,
+  /** Process killed by SIGKILL */
+  SIGKILL: 137,
+  /** Invalid or missing configuration (Unix EX_CONFIG convention = 78) */
+  CONFIG_ERROR: 78
+};
+var PROCESS_ACTIONS = {
+  LIST: "list",
+  STATUS: "status",
+  INTERACT: "interact",
+  PROMOTE: "promote",
+  STOP: "stop",
+  STOP_ALL: "stop_all"
+};
+var PROCESS_ROLES = {
+  LISTENER: "listener",
+  ACTIVE_SHELL: "active_shell",
+  SERVER: "server",
+  SNIFFER: "sniffer",
+  SPOOFER: "spoofer",
+  CALLBACK: "callback",
+  PROXY: "proxy",
+  BACKGROUND: "background"
+};
+var PROCESS_ICONS = {
+  [PROCESS_ROLES.LISTENER]: "[LISTENER]",
+  [PROCESS_ROLES.ACTIVE_SHELL]: "[SHELL]",
+  [PROCESS_ROLES.SERVER]: "[SERVER]",
+  [PROCESS_ROLES.SNIFFER]: "[SNIFFER]",
+  [PROCESS_ROLES.SPOOFER]: "[SPOOFER]",
+  [PROCESS_ROLES.CALLBACK]: "[CALLBACK]",
+  [PROCESS_ROLES.PROXY]: "[PROXY]",
+  [PROCESS_ROLES.BACKGROUND]: "[BG]"
+};
+var STATUS_MARKERS = {
+  RUNNING: "[RUNNING]",
+  STOPPED: "[STOPPED]",
+  WARNING: "[WARNING]",
+  INFO: "[INFO]",
+  INTERACTIVE: "[INTERACTIVE]",
+  EXITED: "[EXITED]"
+};
+var PROCESS_EVENTS = {
+  STARTED: "started",
+  CONNECTION_DETECTED: "connection_detected",
+  ROLE_CHANGED: "role_changed",
+  COMMAND_SENT: "command_sent",
+  SHELL_STABILITY_CHECKED: "shell_stability_checked",
+  SHELL_STABILITY_INCOMPLETE: "shell_stability_incomplete",
+  SHELL_UPGRADE_ATTEMPTED: "shell_upgrade_attempted",
+  SHELL_STABILIZED: "shell_stabilized",
+  POST_EXPLOITATION_ACTIVITY: "post_exploitation_activity",
+  STOPPED: "stopped",
+  DIED: "died",
+  ZOMBIE_CLEANED: "zombie_cleaned"
+};
+var PROCESS_LIMITS = {
+  GRACEFUL_SHUTDOWN_WAIT_MS: 200,
+  OUTPUT_TRUNCATION_LIMIT: 1e4
+  // characters
+};
+
+// src/agents/runtime-config/llm-runtime.ts
+function defineRuntimeNode(node) {
+  return node;
+}
+var RUNTIME_CONFIG_LLM_NODES = {
+  input_processor: {
+    role: "\uC785\uB825 \uC804\uCC98\uB9AC \u2014 direct response / main forward / policy merge",
+    system_prompt_file: "src/agents/prompts/llm/input-processor-system.md",
+    reads: [
+      "user_input.raw",
+      ".pentesting/memory/policy.md"
+    ],
+    writes: [
+      "memory.input_processing"
+    ]
+  },
+  strategist: {
+    role: "\uC804\uC220 \uC9C0\uC2DC \uC0DD\uC131 \u2014 \uB9E4 pre-step, \uCFE8\uB2E4\uC6B4 \uC815\uCC45\uC73C\uB85C \uCE90\uC2DC",
+    system_prompt_file: "src/agents/prompts/strategist-system.md",
+    fallback_system_prompt_file: "src/agents/prompts/llm/strategist-fallback.md",
+    reads: [
+      "state.phase",
+      "state.targets",
+      "state.findings",
+      "state.workingMemory",
+      "state.attackGraph"
+    ],
+    writes: [
+      "prompt_fragment.strategist_directive"
+    ],
+    cooldown_policy: {
+      cache_ttl_ms: 18e4,
+      stall_turns_threshold: 2,
+      triggers: [
+        "no_cached_directive",
+        "phase_changed",
+        "stall_detected",
+        "cache_ttl_expired"
+      ],
+      on_cache_hit: "reuse_previous"
+    }
+  },
+  main_llm: {
+    role: "\uCD94\uB860 + \uB3C4\uAD6C \uC0AC\uC6A9 \u2014 CoreAgent.step \uB9E4 iteration",
+    system_prompt: "prompt_builder",
+    model_role: "orchestrator",
+    reads: [
+      "messages[]",
+      "system_prompt"
+    ],
+    writes: [
+      "messages[] (append)",
+      "tool_calls",
+      ".pentesting/workspace/tools/"
+    ],
+    limits: {
+      max_tokens: 128e3,
+      max_prompt_chars: 4e5
+    }
+  },
+  analyst: {
+    role: "\uB3C4\uAD6C \uCD9C\uB825 \uC18C\uD654 \u2014 \uB3C4\uAD6C \uC2E4\uD589 \uC9C1\uD6C4 \uC778\uB77C\uC778 \uD638\uCD9C",
+    trigger: "per_tool_call",
+    system_prompt_file: "src/agents/prompts/llm/analyst-system.md",
+    reads: [
+      "tool.raw_output",
+      "tool.name",
+      "state.phase"
+    ],
+    writes: [
+      "tool_journal[].analystSummary (in-memory, append)"
+    ],
+    on_failure: "empty_summary"
+  },
+  context_extractor: {
+    role: "\uB300\uD654 \uC555\uCD95 \u2014 \uB9E4 post-step, messages[] \uAD50\uCCB4",
+    trigger: "post_step",
+    input_formatter: "format_for_extraction",
+    system_prompt_file: "src/agents/prompts/llm/context-extractor-system.md",
+    reads: [
+      "messages"
+    ],
+    writes: {
+      memory: "extracted_context"
+    },
+    output_handling: {
+      wrap: "<session-context>\n{value}\n</session-context>",
+      write_target: "messages[]",
+      write_mode: "replace_all",
+      on_failure: "keep_existing"
+    }
+  },
+  reflector: {
+    role: "\uD134 \uC790\uAE30\uD3C9\uAC00 \u2014 \uB9E4 post-step, state.lastReflection\uC5D0 \uC800\uC7A5",
+    trigger: "post_step",
+    input_formatter: "format_reflection_input",
+    system_prompt_file: "src/agents/prompts/llm/reflector-system.md",
+    reads: [
+      "tools",
+      "memo",
+      "phase"
+    ],
+    writes: {
+      memory: "reflection"
+    },
+    output_handling: {
+      extract_field: "reflection",
+      write_target: "state.lastReflection",
+      write_mode: "overwrite",
+      inject_as: "<last-turn-review>\n{value}\n</last-turn-review>",
+      on_failure: "empty_string"
+    }
+  },
+  memory_synth: {
+    role: "\uD134 \uBA54\uBAA8\uB9AC \uC791\uC131 \u2014 \uB9E4 \uD134 turn-recorder\uC5D0\uC11C \uD638\uCD9C",
+    trigger: "after_turn_recorded",
+    input_format: 'Previous insight:\\n{existing_summary}\\n\\nCurrent turn:\\n{turn_data}\n# \uCCAB \uD134: "First turn data:\\n{turn_data}"\n',
+    system_prompt_file: "src/agents/prompts/llm/memory-synth-system.md",
+    reads: [
+      "previous_insight",
+      "current_turn_data"
+    ],
+    writes: {
+      disk: {
+        path: ".pentesting/turns/{N}-memory.md",
+        write_mode: "overwrite"
+      }
+    },
+    on_failure: "fallback_concat"
+  },
+  playbook_synthesizer: {
+    role: "\uACF5\uACA9 \uD328\uD134 \uCD94\uCD9C \u2014 SUCCEEDED \uB178\uB4DC >= N \uC2DC \uC870\uAC74\uBD80 \uC2E4\uD589",
+    trigger: "conditional",
+    condition: "has_exploit_chain",
+    min_succeeded_nodes: 2,
+    system_prompt_file: "src/agents/prompts/llm/playbook-synthesizer-system.md",
+    input_format: "SERVICE PROFILE: {service_profile}\n\nSUCCEEDED ATTACK NODES:\n{node_lines}\n\nATTACK ACTIONS (edges):\n{edge_actions} (max 8 items)\n\nEXISTING SUMMARY (regex-based, for reference): {existing_chain_summary}\n",
+    reads: [
+      "attack_graph.succeeded_nodes",
+      "attack_graph.succeeded_edges",
+      "attack_graph.service_profile",
+      "attack_graph.existing_chain_summary"
+    ],
+    output_parsing: {
+      skip_if: "SKIP",
+      max_chars: 120
+    },
+    writes: {
+      disk: {
+        path: ".pentesting/memory/persistent-knowledge.json",
+        write_mode: "merge"
+      }
+    },
+    on_failure: "skip"
+  },
+  report_generator: {
+    role: "\uBCF4\uACE0\uC11C \uC0DD\uC131 \u2014 \uC0AC\uC6A9\uC790 \uC694\uCCAD \uC2DC on-demand",
+    trigger: "on_demand",
+    system_prompt_file: "src/agents/prompts/llm/report-generator-system.md",
+    input_format: "Mission Summary:\\n{mission_summary}\\n\\nFindings (Sorted by Severity):\\n{json_findings}\n",
+    input_sorting: "severity_descending",
+    reads: [
+      "state.findings",
+      "state.currentObjective"
+    ],
+    writes: {
+      disk: {
+        path: ".pentesting/reports/{timestamp}-report.md",
+        write_mode: "overwrite"
+      }
+    },
+    on_failure: {
+      fallback_content: "# Fallback Report\nFailed to generate full report. Review raw findings in the workspace.\n"
+    }
+  },
+  triager: {
+    role: "\uD134 \uACB0\uACFC \uC6B0\uC120\uC21C\uC704 \uBD84\uB958 \u2014 \uB3C4\uAD6C \uC2E4\uD589 \uC9C1\uD6C4, Reflector \uC804 \uD638\uCD9C",
+    trigger: "post_tool_execution",
+    system_prompt_file: "src/agents/prompts/llm/triage-system.md",
+    reads: [
+      "tools",
+      "phase",
+      "state.lastTriageMemo"
+    ],
+    writes: {
+      memory: "triage_result"
+    },
+    output_handling: {
+      extract_field: "triage",
+      write_target: "state.lastTriageMemo",
+      write_mode: "overwrite",
+      inject_as: "<triage-memo>\n{value}\n</triage-memo>",
+      on_failure: "empty_string"
+    }
+  }
+};
+var RUNTIME_CONFIG_TURN_CYCLE = {
+  serial: [
+    "process_user_input",
+    {
+      when: {
+        condition: "should_forward_to_main"
+      },
+      then: {
+        serial: [
+          "strategist",
+          "build_system_prompt",
+          "core_inference",
+          {
+            when: {
+              condition: "has_tool_calls"
+            },
+            then: "core_tool_execution"
+          }
+        ]
+      }
+    },
+    {
+      when: {
+        condition: "has_tool_calls"
+      },
+      then: "triager"
+    },
+    {
+      when: {
+        condition: "has_tool_calls"
+      },
+      then: "save_triage"
+    },
+    "verify_turn",
+    "reflector",
+    "context_extractor",
+    {
+      parallel: [
+        "save_reflection",
+        "finalize_context"
+      ]
+    },
+    {
+      when: {
+        condition: "has_exploit_chain",
+        min_succeeded: 2
+      },
+      then: "playbook_synthesizer"
+    },
+    "write_insight",
+    "rotate_turns",
+    "save_session"
+  ]
+};
+var RUNTIME_CONFIG_NODES = {
+  process_user_input: defineRuntimeNode({
+    type: "action",
+    handler: "process_user_input",
+    log_as: "\u24EAInputProcessor \u2192 forward/policy/direct-response"
+  }),
+  build_system_prompt: defineRuntimeNode({
+    type: "action",
+    handler: "build_system_prompt",
+    log_as: "\u2460PromptBuilder \u2192 messages"
+  }),
+  core_inference: defineRuntimeNode({
+    type: "action",
+    handler: "core_inference",
+    log_as: "\u2461MainLLM \u2192 tool_calls"
+  }),
+  core_tool_execution: defineRuntimeNode({
+    type: "action",
+    handler: "core_tool_execution",
+    log_as: "\u2462ToolExecutor \u2192 output"
+  }),
+  context_extractor: defineRuntimeNode({
+    type: "llm",
+    class: "context_extractor",
+    input_formatter: "format_for_extraction",
+    reads: [
+      "messages"
+    ],
+    writes: {
+      memory: "extracted_context"
+    }
+  }),
+  reflector: defineRuntimeNode({
+    type: "llm",
+    class: "reflector",
+    input_formatter: "format_reflection_input",
+    reads: [
+      "tools",
+      "memo",
+      "phase",
+      "triageMemo"
+    ],
+    writes: {
+      memory: "reflection"
+    }
+  }),
+  strategist: defineRuntimeNode({
+    type: "llm",
+    class: "strategist",
+    reads: [
+      "state"
+    ],
+    writes: {
+      memory: "strategist_directive"
+    },
+    log_as: "\u2460Strategist \u2192 ctx.memory.strategist_directive"
+  }),
+  triager: defineRuntimeNode({
+    type: "llm",
+    class: "triager",
+    input_formatter: "format_triage_input",
+    reads: [
+      "tools",
+      "phase",
+      "previousTriage"
+    ],
+    writes: {
+      memory: "triage_result"
+    },
+    log_as: "\u2467Triager \u2192 ctx.memory.triage_result"
+  }),
+  save_triage: defineRuntimeNode({
+    type: "action",
+    handler: "write_field_to_state",
+    config: {
+      from: "memory.triage_result",
+      field: "triage",
+      target: "state.lastTriageMemo",
+      write_mode: "overwrite"
+    },
+    log_as: "\u2467Triager \u2192 state.lastTriageMemo"
+  }),
+  verify_turn: defineRuntimeNode({
+    type: "action",
+    handler: "verify_turn",
+    log_as: "Verifier \u2192 ctx.memory.turn_verifier_report"
+  }),
+  save_reflection: defineRuntimeNode({
+    type: "action",
+    handler: "write_field_to_state",
+    config: {
+      from: "memory.reflection",
+      field: "reflection",
+      target: "state.lastReflection",
+      write_mode: "overwrite"
+    },
+    log_as: "\u2464Reflector \u2192 state.lastReflection"
+  }),
+  finalize_context: defineRuntimeNode({
+    type: "action",
+    handler: "replace_messages_from_memory",
+    config: {
+      from: "memory.extracted_context",
+      field: "extractedContext",
+      wrap: "<session-context>\n{value}\n</session-context>",
+      write_mode: "replace_all"
+    },
+    log_as: "\u2463ContextExtractor \u2192 messages REPLACED"
+  }),
+  playbook_synthesizer: defineRuntimeNode({
+    type: "action",
+    handler: "synthesize_playbook",
+    config: {
+      min_succeeded_nodes: 2
+    },
+    reads: [
+      "attack_graph.succeeded"
+    ],
+    writes: {
+      disk: {
+        path: ".pentesting/memory/persistent-knowledge.json",
+        write_mode: "merge"
+      }
+    },
+    log_as: "\u2466PlaybookSynth \u2192 .pentesting/memory/persistent-knowledge.json"
+  }),
+  write_insight: defineRuntimeNode({
+    type: "action",
+    handler: "write_insight"
+  }),
+  rotate_turns: defineRuntimeNode({
+    type: "action",
+    handler: "rotate_turns"
+  }),
+  save_session: defineRuntimeNode({
+    type: "action",
+    handler: "save_session"
+  })
+};
+var RUNTIME_CONFIG_USER_INPUT_QUEUE = {
+  format: "tagged",
+  tag: "user-input",
+  inject_position: "messages_end"
+};
+
+// src/agents/runtime-config/prompt-runtime.ts
+function definePromptLayer(layer) {
+  return layer;
+}
+var RUNTIME_CONFIG_PROMPT_BUILDER = {
+  max_chars: 4e5,
+  truncation: "back",
+  preserved_last: "user_context",
+  layers: [
+    definePromptLayer({
+      id: 1,
+      type: "file",
+      source: "src/agents/prompts/base.md",
+      label: "core_identity"
+    }),
+    definePromptLayer({
+      id: 1.5,
+      type: "file",
+      source: "src/agents/prompts/main-agent.md",
+      label: "delegation_and_tactics"
+    }),
+    definePromptLayer({
+      id: 2,
+      type: "file",
+      source: "src/agents/prompts/offensive-playbook.md",
+      label: "offensive_playbook"
+    }),
+    definePromptLayer({
+      id: 3,
+      type: "file_phase_mapped",
+      mapping: "prompt_sources.phase_prompts",
+      label: "phase_specialist"
+    }),
+    definePromptLayer({
+      id: 4,
+      type: "state",
+      source: "state.scope",
+      label: "scope_constraints",
+      format: "<scope>\n  allowed-cidrs: {cidrs}\n  allowed-domains: {domains}\n  exclusions: {exclusions}\n  flags: DOS={is_dos_allowed} | Social={is_social_allowed}\n</scope>\n",
+      on_empty: "No scope defined \u2014 treat all discovered hosts as in-scope."
+    }),
+    definePromptLayer({
+      id: 5,
+      type: "state",
+      source: "state.todo",
+      label: "todo_list",
+      filter: "status != DONE",
+      format_item: "[{status_symbol}] {content} ({priority})"
+    }),
+    definePromptLayer({
+      id: 6,
+      type: "state",
+      source: "state.time",
+      label: "time_status",
+      format: '<time-status>{time_status}</time-status>\n<time-strategy phase="{phase}" urgency="{urgency}">{directive}</time-strategy>\n'
+    }),
+    definePromptLayer({
+      id: 7,
+      type: "memory",
+      source: "memory.strategist_directive",
+      label: "strategist_directive",
+      on_empty: "skip"
+    }),
+    definePromptLayer({
+      id: 7.5,
+      type: "file_read",
+      source: ".pentesting/memory/policy.md",
+      label: "policy_memory",
+      wrap: "<policy-memory>\n{content}\n</policy-memory>",
+      on_missing: "skip"
+    }),
+    definePromptLayer({
+      id: 8,
+      type: "file_read",
+      source: ".pentesting/turns/{N-1}-memory.md",
+      label: "session_journal",
+      format: "<session-journal>\n{content}\n</session-journal>",
+      on_missing: "skip"
+    }),
+    definePromptLayer({
+      id: 9,
+      type: "state",
+      source: "state.serialized",
+      label: "current_state",
+      format: "<current-state>\n{content}\n</current-state>"
+    }),
+    definePromptLayer({
+      id: 10,
+      type: "state",
+      source: "state.workingMemory",
+      label: "working_memory"
+    }),
+    definePromptLayer({
+      id: 11,
+      type: "state",
+      source: "state.challengeAnalysis",
+      label: "challenge_analysis",
+      on_empty: "skip"
+    }),
+    definePromptLayer({
+      id: 12,
+      type: "state",
+      source: "state.attackGraph",
+      label: "attack_graph"
+    }),
+    definePromptLayer({
+      id: 13,
+      type: "static",
+      label: "blind_spots_guidelines",
+      content: "<blind-spots-guidelines>\nWhen writing your mandatory <critical-reflection> before acting, ensure you evaluate:\n\na) Are there services/ports discovered but NOT yet tested?\nb) Have credentials/tokens been found but NOT sprayed on other services?\nc) Is there a SIMPLER explanation? (misconfiguration vs complex vuln)\nd) Are you drilling too deep while ignoring other viable attack surfaces?\ne) Could a custom script (Python/bash) accomplish what tool attempts have failed to do?\nf) Are there findings from PREVIOUS turns noted but not followed up on?\ng) What would an experienced human tester try RIGHT now?\n\nCRITICAL: You MUST explicitly acknowledge and accept any warnings or Pivot directions.\n</blind-spots-guidelines>\n"
+    }),
+    definePromptLayer({
+      id: 14,
+      type: "state",
+      source: "state.lastReflection",
+      label: "last_turn_review",
+      format: "<last-turn-review>\n{value}\n</last-turn-review>",
+      written_by: "reflector",
+      on_empty: "skip"
+    }),
+    definePromptLayer({
+      id: "14_triage",
+      type: "state",
+      source: "state.lastTriageMemo",
+      label: "triage_memo",
+      format: "<triage-memo>\n{value}\n</triage-memo>",
+      written_by: "triager",
+      on_empty: "skip"
+    }),
+    definePromptLayer({
+      id: 15,
+      type: "state",
+      source: "state.episodicMemory",
+      label: "episodic_memory"
+    }),
+    definePromptLayer({
+      id: 16,
+      type: "state",
+      source: "state.dynamicTechniques",
+      label: "dynamic_techniques",
+      pruning: "confidence < 10"
+    }),
+    definePromptLayer({
+      id: 16.5,
+      type: "state",
+      source: "state.persistentMemory",
+      label: "persistent_memory",
+      on_empty: "skip"
+    }),
+    definePromptLayer({
+      id: 17,
+      type: "files",
+      sources: "prompt_sources.core_knowledge",
+      label: "core_knowledge",
+      exclude_current_phase_file: true,
+      wrap: '<reference-knowledge area="{label}">\n{content}\n</reference-knowledge>'
+    }),
+    definePromptLayer({
+      id: 18,
+      type: "files_phase_mapped",
+      mapping: "prompt_sources.phase_techniques",
+      label: "phase_techniques",
+      base_dir: "src/agents/prompts/techniques/",
+      wrap: '<technique-reference category="{name}">\n{content}\n</technique-reference>'
+    }),
+    definePromptLayer({
+      id: 19,
+      type: "state",
+      source: "state.targets_ports",
+      label: "attack_intelligence",
+      format: "<service-inventory>\nDiscovered services \u2014 use get_owasp_knowledge, web_search, or get_web_attack_surface for attack ideas:\n{lines}\n</service-inventory>\n"
+    }),
+    definePromptLayer({
+      id: 20,
+      type: "user_input",
+      label: "user_context",
+      always_included: true
+    })
+  ]
+};
+var RUNTIME_CONFIG_PROMPT_SOURCES = {
+  base_dir: "src/agents/prompts/",
+  always: [
+    "base.md",
+    "offensive-playbook.md"
+  ],
+  phase_prompts: {
+    recon: "recon.md",
+    vulnerability_analysis: "vuln.md",
+    exploit: "exploit.md",
+    web: "web.md",
+    post_exploitation: "post.md",
+    privilege_escalation: "post.md",
+    lateral_movement: "post.md",
+    persistence: "post.md",
+    exfiltration: "post.md",
+    report: "report.md",
+    pwn: "ctf-pwn.md",
+    crypto: "ctf-crypto.md",
+    forensics: "ctf-forensics.md"
+  },
+  core_knowledge: [
+    "strategy.md",
+    "evasion.md",
+    "zero-day.md",
+    "payload-craft.md",
+    "infra.md"
+  ],
+  techniques_dir: "src/agents/prompts/techniques/",
+  phase_techniques: {
+    recon: [
+      "network-svc.md",
+      "shells.md",
+      "crypto.md",
+      "auth-access.md"
+    ],
+    vulnerability_analysis: [
+      "injection.md",
+      "network-svc.md",
+      "auth-access.md",
+      "file-attacks.md",
+      "crypto.md",
+      "reversing.md"
+    ],
+    exploit: [
+      "injection.md",
+      "auth-access.md",
+      "shells.md",
+      "file-attacks.md",
+      "network-svc.md",
+      "pwn.md",
+      "container-escape.md",
+      "sandbox-escape.md",
+      "reversing.md"
+    ],
+    post_exploitation: [
+      "privesc.md",
+      "lateral.md",
+      "auth-access.md",
+      "shells.md",
+      "container-escape.md",
+      "sandbox-escape.md",
+      "forensics.md",
+      "pivoting.md",
+      "enterprise-pentest.md"
+    ],
+    privilege_escalation: [
+      "privesc.md",
+      "auth-access.md",
+      "shells.md",
+      "pwn.md",
+      "container-escape.md",
+      "sandbox-escape.md"
+    ],
+    lateral_movement: [
+      "lateral.md",
+      "ad-attack.md",
+      "auth-access.md",
+      "container-escape.md",
+      "network-svc.md",
+      "pivoting.md",
+      "enterprise-pentest.md"
+    ],
+    persistence: [
+      "shells.md",
+      "privesc.md",
+      "lateral.md",
+      "enterprise-pentest.md"
+    ],
+    exfiltration: [
+      "lateral.md",
+      "network-svc.md",
+      "forensics.md"
+    ],
+    web: [
+      "injection.md",
+      "file-attacks.md",
+      "auth-access.md",
+      "crypto.md",
+      "shells.md",
+      "network-svc.md"
+    ],
+    report: [],
+    pwn: [
+      "pwn.md",
+      "reversing.md",
+      "shells.md"
+    ],
+    crypto: [
+      "crypto.md",
+      "reversing.md"
+    ],
+    forensics: [
+      "forensics.md",
+      "reversing.md",
+      "network-svc.md"
+    ]
+  },
+  strategist_system: "src/agents/prompts/strategist-system.md"
+};
+
+// src/agents/runtime-config/ops-runtime.ts
+var RUNTIME_CONFIG_LIMITS = {
+  archive: {
+    max_turn_entries: 50,
+    eviction: "delete_oldest_first"
+  },
+  messages: {
+    context_extractor_per_msg_limit: 3e4,
+    truncation_direction: "back"
+  },
+  prompt: {
+    max_chars: 4e5,
+    truncation_direction: "back",
+    preserved_last: "user_context"
+  },
+  tool_output: {
+    max_chars: 2e5
+  },
+  agent_loop: {
+    max_iterations: 500,
+    max_consecutive_idle: 3,
+    max_consecutive_llm_errors: "infinity",
+    max_retries: 3,
+    periodic_report_every_n_turns: 10,
+    max_session_files: 10
+  },
+  state: {
+    max_findings: 500,
+    max_loot: 200,
+    max_action_log: 200,
+    max_attack_nodes: 300,
+    max_attack_edges: 1e3,
+    max_failed_paths: 100,
+    working_memory_max: 20,
+    episodic_memory_max: 100,
+    dynamic_techniques_max: 50,
+    technique_failure_decay: 30,
+    technique_prune_threshold: 10,
+    consecutive_fail_threshold: 3
+  }
+};
+var RUNTIME_CONFIG_COMPRESSION = {
+  messages: {
+    strategy: "llm_compress",
+    trigger: "every_turn",
+    agent: "context_extractor",
+    per_msg_max_chars: 3e4,
+    output_format: "<session-context>\n{value}\n</session-context>",
+    write_mode: "replace_all",
+    on_failure: "keep_existing"
+  },
+  session_summary: {
+    strategy: "llm_progressive",
+    trigger: "every_turn",
+    agent: "memory_synth",
+    input: [
+      "previous_insight",
+      "current_turn_data"
+    ],
+    output_path: ".pentesting/turns/{N}-memory.md",
+    write_mode: "overwrite",
+    on_failure: "fallback_concat"
+  },
+  deterministic_summary_buckets: [
+    "techniques_tried",
+    "suspicious_signals",
+    "key_findings",
+    "credentials",
+    "successful_vectors",
+    "failure_causes",
+    "next_recommendations"
+  ],
+  archive: {
+    strategy: "count_based_rotation",
+    max_turns: 50,
+    eviction: "delete_oldest_first",
+    trigger: "after_each_turn"
+  },
+  debug_log: {
+    strategy: "size_based_rotation",
+    rotate_at_mb: 5,
+    rotate_mode: "keep_latest_half",
+    wipe_at_mb: 20,
+    wipe_mode: "truncate_all"
+  },
+  dynamic_techniques: {
+    strategy: "confidence_based_pruning",
+    max_entries: 50,
+    prune_threshold: 10,
+    failure_decay: 30
+  }
+};
+var RUNTIME_CONFIG_WORKSPACE = {
+  root: ".pentesting/",
+  directories: {
+    turns: ".pentesting/turns/",
+    workspace: ".pentesting/workspace/",
+    sessions: ".pentesting/sessions/",
+    memory: ".pentesting/memory/",
+    reports: ".pentesting/reports/",
+    loot: ".pentesting/loot/",
+    debug: ".pentesting/debug/"
+  },
+  turn_structure: {
+    insight: {
+      file: "{N}-memory.md",
+      write_mode: "overwrite",
+      written_by: "memory_synth",
+      content: "core_insights_only",
+      metadata: {
+        file_kind: "turn_memory",
+        includes: [
+          "written_by",
+          "input_sources",
+          "notes_included",
+          "generated_at"
+        ]
+      }
+    }
+  },
+  persistent_files: {
+    session: {
+      path: ".pentesting/sessions/latest.json",
+      write_mode: "overwrite",
+      rotation: {
+        strategy: "keep_latest_N",
+        max_files: 10
+      }
+    },
+    knowledge: {
+      path: ".pentesting/memory/persistent-knowledge.json",
+      write_mode: "merge",
+      written_by: "playbook_synthesizer"
+    },
+    debug_log: {
+      path: ".pentesting/debug/debug.log",
+      write_mode: "append",
+      rotation: {
+        strategy: "size_based",
+        rotate_at_mb: 5,
+        wipe_at_mb: 20
+      }
+    }
+  }
+};
+var RUNTIME_CONFIG_TUI = {
+  transcript: {
+    max_visible_turns: 6
+  }
+};
+
+// src/agents/runtime-config.ts
+var RUNTIME_CONFIG = {
+  version: "3.2",
+  llm_nodes: RUNTIME_CONFIG_LLM_NODES,
+  turn_cycle: RUNTIME_CONFIG_TURN_CYCLE,
+  prompt_builder: RUNTIME_CONFIG_PROMPT_BUILDER,
+  prompt_sources: RUNTIME_CONFIG_PROMPT_SOURCES,
+  limits: RUNTIME_CONFIG_LIMITS,
+  compression: RUNTIME_CONFIG_COMPRESSION,
+  workspace: RUNTIME_CONFIG_WORKSPACE,
+  tui: RUNTIME_CONFIG_TUI,
+  nodes: RUNTIME_CONFIG_NODES,
+  user_input_queue: RUNTIME_CONFIG_USER_INPUT_QUEUE
+};
+
+// src/agents/pipeline-config.ts
+var _config = null;
+function getPipelineConfig() {
+  if (_config) return _config;
+  _config = RUNTIME_CONFIG;
+  return _config;
+}
+
+// src/agents/runtime-config-sections.ts
+var RUNTIME_CONFIG_SOURCE_PATH = "src/agents/runtime-config.ts";
+function buildMissingSectionError(sectionName) {
+  return new Error(
+    `[runtime-config] ${String(sectionName)} section is required but not found. Add it to ${RUNTIME_CONFIG_SOURCE_PATH}.`
+  );
+}
+function getOptionalRuntimeSection(sectionName) {
+  return getPipelineConfig()[sectionName];
+}
+function getRequiredRuntimeSection(sectionName) {
+  const section = getOptionalRuntimeSection(sectionName);
+  if (section === void 0 || section === null) {
+    throw buildMissingSectionError(sectionName);
+  }
+  return section;
+}
+function getRuntimeSectionOr(sectionName, fallback) {
+  return getOptionalRuntimeSection(sectionName) ?? fallback;
+}
+
+// src/agents/limits-config.ts
+function getLimits() {
+  return getRequiredRuntimeSection("limits");
+}
+
+// src/shared/constants/system/limits.ts
+var _msgLimits = getLimits().messages ?? {};
+var SYSTEM_LIMITS = {
+  /** Maximum wait time for interactive shell responses (10 seconds) */
+  MAX_WAIT_MS_INTERACT: 1e4,
+  /** Default wait time for interactive shell responses (2 seconds) */
+  DEFAULT_WAIT_MS_INTERACT: 2e3,
+  /** Maximum characters for process description */
+  MAX_DESCRIPTION_LENGTH: 80,
+  /** Maximum characters for stored command string */
+  MAX_COMMAND_LENGTH: 200,
+  /** Maximum characters to show from stdout
+   *  WHY 50K: background processes (linpeas, scans, shells) produce large
+   *  output with findings scattered throughout. Let the LLM see it all. */
+  MAX_STDOUT_SLICE: 5e4,
+  /** Maximum characters to show from stderr */
+  MAX_STDERR_SLICE: 5e3,
+  /** Maximum characters for error detail messages */
+  MAX_ERROR_DETAIL_SLICE: 2e3,
+  /** Maximum characters for input prompt previews */
+  MAX_PROMPT_PREVIEW: 50,
+  /** Maximum characters for input snippets in logs */
+  MAX_INPUT_SLICE: 100,
+  /** Maximum events to keep in process event log */
+  MAX_EVENT_LOG: 30,
+  /** Wait time for child PID discovery via pgrep */
+  CHILD_PID_DISCOVERY_MS: 500,
+  /** Wait time between SIGTERM and SIGKILL during graceful shutdown */
+  SHUTDOWN_WAIT_MS: 500,
+  /** Wait time between process cleanup batches */
+  CLEANUP_BATCH_WAIT_MS: 300,
+  /** Timeout for pgrep and pkill operations */
+  PROCESS_OP_TIMEOUT_MS: 2e3,
+  /** Port range for web services (development servers) */
+  WEB_PORT_RANGE: { MIN: 8e3, MAX: 9e3 },
+  /** Port range for API services */
+  API_PORT_RANGE: { MIN: 3e3, MAX: 3500 },
+  /** Number of recent events to fetch for resource summary */
+  RECENT_EVENTS_IN_SUMMARY: 10,
+  /** Number of events to display in resource summary */
+  RECENT_EVENTS_DISPLAY: 5,
+  /** Number of recent output lines to show per process */
+  RECENT_OUTPUT_LINES: 3,
+  /** Maximum characters per message for context extraction.
+   *  runtime config: limits.messages.context_extractor_per_msg_limit */
+  CONTEXT_EXTRACTOR_LIMIT: _msgLimits.context_extractor_per_msg_limit
+};
+
+// src/shared/constants/system/detection.ts
+var DETECTION_PATTERNS = {
+  LISTENER: /-(?:lvnp|nlvp|lp|p)\s+(\d+)/,
+  HTTP_SERVER: /(?:http\.server|SimpleHTTPServer)\s+(\d+)/,
+  GENERIC_PORT: /-(?:p|port|S)\s+(?:\S+:)?(\d+)/,
+  CONNECTION: [
+    /connection\s+from/i,
+    /connect\s+to/i,
+    /\$\s*$/m,
+    /#\s*$/m,
+    /bash-\d/i,
+    /sh-\d/i,
+    /www-data/i
+  ]
+};
+var ORPHAN_PROCESS_NAMES = [
+  "arpspoof",
+  "ettercap",
+  "mitmdump",
+  "mitmproxy",
+  "dnsspoof",
+  "tcpdump",
+  "tshark",
+  "socat"
+];
+
+// src/shared/constants/system/health.ts
+var HEALTH_CONFIG = {
+  LONG_RUNNING_THRESHOLD_MS: 3e5,
+  // 5 minutes
+  VERY_LONG_RUNNING_THRESHOLD_MS: 9e5,
+  // 15 minutes
+  MAX_RECOMMENDATIONS_FOR_HEALTHY: 2
+};
+
+// src/engine/process/process-registry.ts
+var backgroundProcesses = /* @__PURE__ */ new Map();
+var processEventLog = [];
+function logEvent(processId, event, detail) {
+  processEventLog.push({ timestamp: Date.now(), processId, event, detail });
+  if (processEventLog.length > SYSTEM_LIMITS.MAX_EVENT_LOG) {
+    processEventLog.splice(0, processEventLog.length - SYSTEM_LIMITS.MAX_EVENT_LOG);
+  }
+}
+function getProcess(processId) {
+  return backgroundProcesses.get(processId);
+}
+function setProcess(processId, process) {
+  backgroundProcesses.set(processId, process);
+}
+function deleteProcess(processId) {
+  return backgroundProcesses.delete(processId);
+}
+function hasProcess(processId) {
+  return backgroundProcesses.has(processId);
+}
+function getAllProcessIds() {
+  return Array.from(backgroundProcesses.keys());
+}
+function getAllProcesses() {
+  return backgroundProcesses.values();
+}
+function getProcessEntries() {
+  return backgroundProcesses.entries();
+}
+function getProcessCount() {
+  return backgroundProcesses.size;
+}
+function clearAllProcesses() {
+  backgroundProcesses.clear();
+}
+function getProcessEventLog() {
+  return [...processEventLog];
+}
+function getBackgroundProcessesMap() {
+  return backgroundProcesses;
+}
+function getActiveProcessSummary() {
+  const processes = Array.from(getAllProcesses());
+  if (!processes.length) return "";
+  return processes.filter((p) => !p.hasExited).map((p) => {
+    const port = p.listeningPort ? ` port=${p.listeningPort}` : "";
+    const interactive = p.isInteractive ? " interactive=true" : "";
+    return `${p.id}: ${p.command} | role=${p.role}${port}${interactive}`;
+  }).join("\n");
+}
+
+export {
+  __require,
+  EXIT_CODES,
+  PROCESS_ACTIONS,
+  PROCESS_ROLES,
+  PROCESS_ICONS,
+  STATUS_MARKERS,
+  PROCESS_EVENTS,
+  PROCESS_LIMITS,
+  getOptionalRuntimeSection,
+  getRequiredRuntimeSection,
+  getRuntimeSectionOr,
+  getLimits,
+  SYSTEM_LIMITS,
+  DETECTION_PATTERNS,
+  ORPHAN_PROCESS_NAMES,
+  HEALTH_CONFIG,
+  logEvent,
+  getProcess,
+  setProcess,
+  deleteProcess,
+  hasProcess,
+  getAllProcessIds,
+  getAllProcesses,
+  getProcessEntries,
+  getProcessCount,
+  clearAllProcesses,
+  getProcessEventLog,
+  getBackgroundProcessesMap,
+  getActiveProcessSummary
+};