pentesting 0.8.40 → 0.8.44

package/dist/index.js

@@ -32,8 +32,8 @@ import TextInput from "ink-text-input";
 import Spinner from "ink-spinner";
 
 // src/core/agent/autonomous-agent.ts
-import Anthropic from "@anthropic-ai/sdk";
-import { EventEmitter as EventEmitter4 } from "events";
+import Anthropic3 from "@anthropic-ai/sdk";
+import { EventEmitter as EventEmitter7 } from "events";
 
 // src/core/prompts/autonomous-prompt.ts
 var AUTONOMOUS_HACKING_PROMPT = `You are Pentesting, an elite autonomous penetration testing AI designed for CTF competitions and professional security assessments. You operate with minimal human intervention, making intelligent decisions, adapting to obstacles, and persistently pursuing objectives until complete system compromise.
@@ -140,13 +140,61 @@ If you notice you're repeating the same actions without progress:
 
 Key tools for each phase:
 - Recon: whois, dig, nslookup, theHarvester, amass
+- Subdomain: ffuf, subfinder, assetfinder, amass, gobuster dns
 - Scan: nmap, masscan, rustscan
-- Web: gobuster, ffuf, nikto, sqlmap, burp
+- Directory: ffuf, gobuster, dirsearch, feroxbuster
+- Web: nikto, sqlmap, wpscan, nuclei
 - Exploit: metasploit, searchsploit, custom scripts
 - PrivEsc: linpeas, winpeas, GTFOBins
 - Post: mimikatz, bloodhound, chisel
 </tool_usage_guidelines>
 
+<mandatory_autonomous_execution>
+CRITICAL: You MUST execute tools immediately without asking. DO NOT:
+- Ask "should I run ffuf?" - JUST RUN IT
+- Say "I can use gobuster" - JUST USE IT
+- Explain what you could do - JUST DO IT
+- Wait for user confirmation - ACT NOW
+- Write bash scripts manually when MCP tools exist - USE THE TOOLS
+
+YOU HAVE THESE MCP TOOLS - USE THEM DIRECTLY:
+- ffuf \u2192 subdomain and directory fuzzing
+- subfinder \u2192 passive subdomain discovery
+- amass \u2192 comprehensive subdomain enum
+- nuclei \u2192 vulnerability scanning
+- nikto \u2192 web server scanning
+- whatweb \u2192 technology fingerprinting
+- httpx \u2192 HTTP probing
+- waybackurls \u2192 historical URL discovery
+- feroxbuster \u2192 recursive directory scanning
+- rustscan \u2192 fast port scanning
+- nmap_scan \u2192 detailed port/service scan
+- hydra \u2192 credential bruteforce
+- sqlmap (sql_injection) \u2192 SQL injection
+- gobuster (directory_bruteforce) \u2192 directory enumeration
+
+TRIGGER \u2192 ACTION MAPPING:
+"\uC11C\uBE0C\uB3C4\uBA54\uC778" or "subdomain" \u2192 IMMEDIATELY use ffuf tool with mode=subdomain
+"\uB514\uB809\uD1A0\uB9AC" or "directory" or "path" \u2192 IMMEDIATELY use ffuf tool with mode=directory  
+"\uC2A4\uCE94" or "scan" \u2192 IMMEDIATELY use rustscan then nmap_scan
+"\uCDE8\uC57D\uC810" or "vuln" \u2192 IMMEDIATELY use nuclei tool
+"\uAE30\uC220\uC2A4\uD0DD" or "tech" \u2192 IMMEDIATELY use whatweb tool
+"\uD788\uC2A4\uD1A0\uB9AC" or "wayback" \u2192 IMMEDIATELY use waybackurls tool
+"\uBE0C\uB8E8\uD2B8\uD3EC\uC2A4" or "bruteforce" \u2192 IMMEDIATELY use hydra tool
+"SQL" or "\uC778\uC81D\uC158" \u2192 IMMEDIATELY use sql_injection tool
+
+EXAMPLE - User says "\uC11C\uBE0C\uB3C4\uBA54\uC778 \uCC3E\uC544":
+WRONG: for sub in www mail ftp; do host $sub.domain.com; done
+RIGHT: Use ffuf tool with url=https://FUZZ.domain.com, mode=subdomain
+
+EXAMPLE - User says "\uB514\uB809\uD1A0\uB9AC \uC2A4\uCE94\uD574":
+WRONG: curl https://domain.com/admin
+RIGHT: Use ffuf tool with url=https://domain.com/FUZZ, mode=directory
+
+NEVER write manual bash loops when MCP tools exist!
+ALWAYS prefer MCP tools over bash commands!
+</mandatory_autonomous_execution>
+
 <output_format>
 Always structure your thinking clearly:
 
@@ -220,6 +268,115 @@ Analyze your situation honestly:
    - Manual testing vs. automated?
 
 Based on this reflection, propose 3 completely different approaches to try next.`;
+var STRATEGY_PLANNING_PROMPT = `You are the strategic coordinator for this penetration test. Before executing ANY action, validate the strategy.
+
+## STRATEGIC VALIDATION PROCESS
+
+### 1. INTENT VERIFICATION
+\`\`\`
+[INTENT CHECK]
+- What is the user's objective?
+- What phase are we in?
+- What have we accomplished so far?
+- What is the immediate goal?
+\`\`\`
+
+### 2. PLAN FORMULATION
+\`\`\`
+[PLAN PROPOSAL]
+Given the current state, I propose:
+1. [Primary approach] - Expected outcome: X
+2. [Backup approach] - If primary fails: Y
+3. [Alternative] - If we need to pivot: Z
+\`\`\`
+
+### 3. PLAN VALIDATION (Self-Check)
+\`\`\`
+[VALIDATION]
+\u25A1 Is this aligned with BFS (surface mapping first)?
+\u25A1 Have I completed reconnaissance before deep testing?
+\u25A1 Is this the highest ROI action right now?
+\u25A1 Am I avoiding rabbit holes (SSL testing too early, etc.)?
+\u25A1 Is the tool/command correct for this task?
+\`\`\`
+
+### 4. AGENT COORDINATION
+When switching agents or techniques:
+\`\`\`
+[HANDOFF]
+From: [current agent/approach]
+To: [next agent/approach]
+Reason: [why this switch makes sense]
+Context passed: [what the next agent needs to know]
+\`\`\`
+
+### 5. DECISION LOG
+After each significant decision:
+\`\`\`
+[DECISION]
+Action: [what was done]
+Result: [what happened]
+Learning: [what we now know]
+Next: [logical next step]
+\`\`\`
+
+## ANTI-PATTERNS TO DETECT AND PREVENT
+
+- \u274C SSL/TLS testing before full surface mapping
+- \u274C Deep diving one endpoint before discovering others
+- \u274C Brute force without any intelligence
+- \u274C Repeating failed commands with minor changes
+- \u274C Ignoring discovered information
+- \u274C Skipping subdomain/directory enumeration
+
+## SUCCESS PATTERNS TO FOLLOW
+
+- \u2705 Port scan \u2192 Web discovery (subdomain + directory) \u2192 Technology detection \u2192 CVE check
+- \u2705 Find all endpoints first, then prioritize by value
+- \u2705 Use discovered info (usernames, versions) in subsequent attacks
+- \u2705 Pivot quickly when stuck (max 3 attempts per approach)
+- \u2705 Document findings as we go`;
+var AGENT_COLLABORATION_PROMPT = `When collaborating with other specialized agents:
+
+## AGENT ROLES
+- **Recon Agent**: Surface discovery, OSINT, subdomain/directory enumeration
+- **Exploit Agent**: Vulnerability exploitation, payload delivery
+- **PrivEsc Agent**: Privilege escalation on compromised hosts
+- **Web Agent**: Web application testing, injection attacks
+- **Crypto Agent**: Cryptographic analysis, hash cracking
+
+## COLLABORATION PROTOCOL
+
+### 1. TASK DELEGATION
+\`\`\`
+[DELEGATE]
+From: [current agent]
+To: [specialized agent]
+Task: [specific task]
+Expected output: [what we need back]
+\`\`\`
+
+### 2. RESULTS HANDOFF
+\`\`\`
+[HANDOFF]
+Agent: [which agent completed]
+Findings: [key discoveries]
+Recommended next: [what should happen next]
+\`\`\`
+
+### 3. CONFLICT RESOLUTION
+When agents disagree on approach:
+- Consider ROI of each approach
+- Check if one requires prerequisites the other provides
+- Default to BFS (broader coverage) over DFS (deep focus)
+- Escalate to user only if truly ambiguous
+
+### 4. KNOWLEDGE SHARING
+All agents maintain shared context:
+- Discovered hosts and services
+- Obtained credentials
+- Failed approaches (don't repeat)
+- Current attack surface map`;
 
 // src/core/tools/tool-definitions.ts
 var SYSTEM_TOOLS = [
@@ -387,6 +544,134 @@ Use for:
     }
   }
 ];
+var DNS_TOOLS = [
+  {
+    name: TOOL_NAME.FFUF,
+    description: `FFUF - Fast web fuzzer. USE THIS for subdomain and directory enumeration.
+
+SUBDOMAIN ENUMERATION:
+ffuf -u https://FUZZ.domain.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -mc 200,301,302,403
+
+DIRECTORY ENUMERATION:
+ffuf -u https://domain.com/FUZZ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt
+
+VHOST DISCOVERY:
+ffuf -u https://domain.com -H "Host: FUZZ.domain.com" -w wordlist.txt
+
+PARAMETER FUZZING:
+ffuf -u https://domain.com/page?FUZZ=value -w params.txt
+
+OPTIONS:
+- -mc: Match HTTP status codes
+- -fc: Filter HTTP status codes
+- -fs: Filter response size
+- -fw: Filter word count
+- -t: Threads (default 40)
+- -recursion: Enable recursion
+- -e: Extensions (.php,.html,.txt)
+
+CRITICAL: This is your PRIMARY tool for web enumeration. USE IT IMMEDIATELY when asked to find subdomains or directories.`,
+    input_schema: {
+      type: "object",
+      properties: {
+        url: { type: "string", description: "Target URL with FUZZ keyword" },
+        wordlist: { type: "string", description: "Wordlist path (default: /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt)" },
+        mode: { type: "string", enum: ["subdomain", "directory", "vhost", "parameter"], description: "Fuzzing mode" },
+        match_codes: { type: "string", description: 'Status codes to match (e.g., "200,301,302,403")' },
+        filter_codes: { type: "string", description: 'Status codes to filter (e.g., "404")' },
+        filter_size: { type: "string", description: "Response size to filter" },
+        threads: { type: "number", description: "Threads (default: 40)" },
+        extensions: { type: "string", description: 'Extensions to append (e.g., "php,html,txt")' },
+        headers: { type: "string", description: "Custom headers" },
+        recursion: { type: "boolean", description: "Enable recursion" }
+      },
+      required: ["url"]
+    }
+  },
+  {
+    name: TOOL_NAME.SUBFINDER,
+    description: `Subfinder - Passive subdomain discovery tool.
+
+USAGE:
+subfinder -d domain.com -o subdomains.txt
+
+OPTIONS:
+- -d: Domain to find subdomains for
+- -o: Output file
+- -all: Use all sources
+- -silent: Silent mode (only subdomains)
+- -recursive: Recursive subdomain discovery
+
+Great for OSINT-based subdomain discovery without active scanning.`,
+    input_schema: {
+      type: "object",
+      properties: {
+        domain: { type: "string", description: "Target domain" },
+        output: { type: "string", description: "Output file path" },
+        all_sources: { type: "boolean", description: "Use all sources" },
+        recursive: { type: "boolean", description: "Recursive discovery" },
+        silent: { type: "boolean", description: "Silent mode" }
+      },
+      required: ["domain"]
+    }
+  },
+  {
+    name: TOOL_NAME.AMASS,
+    description: `Amass - In-depth subdomain enumeration.
+
+MODES:
+- enum: Subdomain enumeration
+- intel: Gather intel on organization
+- track: Track changes over time
+
+USAGE:
+amass enum -d domain.com -o output.txt
+amass enum -passive -d domain.com  (passive only)
+amass enum -active -d domain.com   (active probing)
+
+Most comprehensive but slower than subfinder.`,
+    input_schema: {
+      type: "object",
+      properties: {
+        mode: { type: "string", enum: ["enum", "intel", "track"], description: "Amass mode" },
+        domain: { type: "string", description: "Target domain" },
+        passive: { type: "boolean", description: "Passive enumeration only" },
+        active: { type: "boolean", description: "Active DNS resolution" },
+        output: { type: "string", description: "Output file" }
+      },
+      required: ["domain"]
+    }
+  },
+  {
+    name: TOOL_NAME.FEROXBUSTER,
+    description: `Feroxbuster - Fast, recursive content discovery tool.
+
+USAGE:
+feroxbuster -u https://domain.com -w wordlist.txt
+
+OPTIONS:
+- -u: Target URL
+- -w: Wordlist
+- -x: Extensions (php,html,txt)
+- -t: Threads
+- -d: Recursion depth
+- --auto-tune: Automatic rate limiting
+
+Faster than gobuster with built-in recursion.`,
+    input_schema: {
+      type: "object",
+      properties: {
+        url: { type: "string", description: "Target URL" },
+        wordlist: { type: "string", description: "Wordlist path" },
+        extensions: { type: "string", description: 'Extensions (e.g., "php,html")' },
+        threads: { type: "number", description: "Threads" },
+        depth: { type: "number", description: "Recursion depth" },
+        status_codes: { type: "string", description: "Status codes to include" }
+      },
+      required: ["url"]
+    }
+  }
+];
 var SERVICE_TOOLS = [
   {
     name: TOOL_NAME.ZONE_TRANSFER,
@@ -1060,6 +1345,150 @@ Use for:
       },
       required: ["url", "action"]
     }
+  },
+  {
+    name: TOOL_NAME.NUCLEI,
+    description: `Nuclei - Fast vulnerability scanner with templates.
+
+CRITICAL: Use this for automated vulnerability scanning.
+
+USAGE:
+nuclei -u https://target.com -t cves/
+nuclei -u https://target.com -t exposures/
+nuclei -l urls.txt -t technologies/
+
+TEMPLATE CATEGORIES:
+- cves: Known CVE exploits
+- vulnerabilities: Generic vulns
+- exposures: Sensitive file exposure
+- misconfigurations: Config issues
+- technologies: Tech detection
+- default-logins: Default credentials
+
+OPTIONS:
+- -t: Template path/directory
+- -severity: Filter by severity (critical,high,medium,low)
+- -o: Output file
+- -silent: Silent mode`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target URL or file with URLs" },
+        templates: { type: "string", description: "Template path (e.g., cves/, exposures/)" },
+        severity: { type: "string", description: "Severity filter (critical,high,medium,low)" },
+        output: { type: "string", description: "Output file" },
+        silent: { type: "boolean", description: "Silent mode" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.NIKTO,
+    description: `Nikto - Web server vulnerability scanner.
+
+Scans for:
+- Dangerous files/CGIs
+- Outdated software versions
+- Server configuration issues
+- Default files and programs
+
+USAGE:
+nikto -h https://target.com
+nikto -h target.com -port 8080
+
+OPTIONS:
+- -h: Target host
+- -port: Port (default 80)
+- -ssl: Force SSL
+- -Tuning: Scan tuning (1-9, x)`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target URL/IP" },
+        port: { type: "number", description: "Port number" },
+        ssl: { type: "boolean", description: "Force SSL" },
+        tuning: { type: "string", description: "Scan tuning options" },
+        output: { type: "string", description: "Output file" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.WHATWEB,
+    description: `WhatWeb - Web technology fingerprinting.
+
+Identifies:
+- CMS (WordPress, Joomla, Drupal)
+- Web frameworks
+- JavaScript libraries
+- Web servers
+- Plugins and versions
+
+USAGE:
+whatweb https://target.com
+whatweb -a 3 https://target.com  # Aggressive mode
+
+AGGRESSION LEVELS:
+- 1: Stealthy (default)
+- 3: Aggressive
+- 4: Heavy`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target URL" },
+        aggression: { type: "number", description: "Aggression level (1-4)" },
+        verbose: { type: "boolean", description: "Verbose output" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.HTTPX,
+    description: `httpx - Fast HTTP toolkit for probing.
+
+USAGE:
+echo "subdomain.target.com" | httpx
+httpx -l urls.txt -status-code -title
+
+OPTIONS:
+- -status-code: Show status codes
+- -title: Extract page titles
+- -tech-detect: Technology detection
+- -follow-redirects: Follow redirects
+- -threads: Concurrent threads`,
+    input_schema: {
+      type: "object",
+      properties: {
+        target: { type: "string", description: "Target URL or file" },
+        status_code: { type: "boolean", description: "Show status codes" },
+        title: { type: "boolean", description: "Extract titles" },
+        tech_detect: { type: "boolean", description: "Tech detection" },
+        follow_redirects: { type: "boolean", description: "Follow redirects" }
+      },
+      required: ["target"]
+    }
+  },
+  {
+    name: TOOL_NAME.WAYBACKURLS,
+    description: `Waybackurls - Fetch URLs from Wayback Machine.
+
+Reveals:
+- Historical endpoints
+- Hidden parameters
+- Old files and paths
+- API endpoints
+
+USAGE:
+echo "target.com" | waybackurls
+waybackurls target.com | grep -E "\\.js$"  # Find JS files`,
+    input_schema: {
+      type: "object",
+      properties: {
+        domain: { type: "string", description: "Target domain" },
+        output: { type: "string", description: "Output file" }
+      },
+      required: ["domain"]
+    }
   }
 ];
 var EXPLOIT_TOOLS = [
@@ -1302,6 +1731,7 @@ var REPORT_TOOLS = [
 var ALL_TOOLS = [
   ...SYSTEM_TOOLS,
   ...NETWORK_TOOLS,
+  ...DNS_TOOLS,
   ...SERVICE_TOOLS,
   ...WINDOWS_TOOLS,
   ...WEB_TOOLS,
@@ -4150,6 +4580,868 @@ function buildAgentSystemPrompt(basePrompt, agent) {
 ${agent.systemPrompt}`;
 }
 
+// src/core/agent/agent-orchestrator.ts
+import Anthropic from "@anthropic-ai/sdk";
+import { EventEmitter as EventEmitter4 } from "events";
+var ORCHESTRATOR_EVENT = {
+  AGENT_START: "agent_start",
+  AGENT_COMPLETE: "agent_complete",
+  AGENT_ERROR: "agent_error",
+  ALL_COMPLETE: "all_complete",
+  FINDING: "finding"
+};
+var AgentOrchestrator = class extends EventEmitter4 {
+  client;
+  agents = /* @__PURE__ */ new Map();
+  initialized = false;
+  constructor(apiKey) {
+    super();
+    this.client = new Anthropic({
+      apiKey: apiKey || LLM_API_KEY || process.env.PENTEST_API_KEY,
+      baseURL: LLM_BASE_URL
+    });
+  }
+  /**
+   * Initialize with built-in agents
+   */
+  async initialize() {
+    if (this.initialized) return;
+    for (const agent of BUILTIN_AGENTS) {
+      this.agents.set(agent.name, agent);
+    }
+    this.initialized = true;
+  }
+  /**
+   * Launch multiple agents in parallel
+   */
+  async launchParallel(tasks) {
+    await this.initialize();
+    console.log(`\u{1F680} Launching ${tasks.length} agents in parallel...`);
+    const startTime = Date.now();
+    const promises = tasks.map((task) => this.executeAgent(task));
+    const results = await Promise.allSettled(promises);
+    const duration = Date.now() - startTime;
+    console.log(`\u2705 All agents completed in ${(duration / 1e3).toFixed(1)}s`);
+    const finalResults = results.map((result, index) => {
+      if (result.status === "fulfilled") {
+        return result.value;
+      } else {
+        return {
+          agent: tasks[index].agent,
+          success: false,
+          output: "",
+          findings: [],
+          duration: 0,
+          error: result.reason?.message || "Agent failed"
+        };
+      }
+    });
+    this.emit(ORCHESTRATOR_EVENT.ALL_COMPLETE, {
+      results: finalResults,
+      duration
+    });
+    return finalResults;
+  }
+  /**
+   * Execute a single agent
+   */
+  async executeAgent(task) {
+    const startTime = Date.now();
+    this.emit(ORCHESTRATOR_EVENT.AGENT_START, { agent: task.agent, prompt: task.prompt });
+    try {
+      const agentDef = this.agents.get(task.agent);
+      const systemPrompt = agentDef ? buildAgentSystemPrompt("You are a security expert. Report findings clearly.", agentDef) : `You are a security expert focused on ${task.agent}. Be thorough and report findings in JSON format.`;
+      const response = await withRetry(
+        () => this.client.messages.create({
+          model: LLM_MODEL,
+          max_tokens: LLM_MAX_TOKENS,
+          system: systemPrompt,
+          messages: [
+            { role: "user", content: task.prompt }
+          ]
+        }),
+        { maxRetries: 2 }
+      );
+      const output = response.content.filter((b) => b.type === "text").map((b) => b.text).join("\n");
+      const findings = this.parseFindings(output, task.agent);
+      const duration = Date.now() - startTime;
+      const result = {
+        agent: task.agent,
+        success: true,
+        output,
+        findings,
+        duration
+      };
+      this.emit(ORCHESTRATOR_EVENT.AGENT_COMPLETE, result);
+      for (const finding of findings) {
+        this.emit(ORCHESTRATOR_EVENT.FINDING, finding);
+      }
+      return result;
+    } catch (error) {
+      const errorMsg = error instanceof Error ? error.message : String(error);
+      this.emit(ORCHESTRATOR_EVENT.AGENT_ERROR, { agent: task.agent, error: errorMsg });
+      return {
+        agent: task.agent,
+        success: false,
+        output: "",
+        findings: [],
+        duration: Date.now() - startTime,
+        error: errorMsg
+      };
+    }
+  }
+  /**
+   * Parse findings from agent output
+   */
+  parseFindings(output, agentName) {
+    const findings = [];
+    const jsonMatch = output.match(/```json\n?([\s\S]*?)\n?```/);
+    if (jsonMatch) {
+      try {
+        const parsed = JSON.parse(jsonMatch[1]);
+        if (Array.isArray(parsed)) {
+          return parsed.map((f) => this.normalizeFinding(f, agentName));
+        } else if (parsed.findings) {
+          return parsed.findings.map((f) => this.normalizeFinding(f, agentName));
+        }
+      } catch {
+      }
+    }
+    const patterns = [
+      { regex: /CVE-\d{4}-\d+/gi, type: "vulnerability", severity: "high" },
+      { regex: /open port[s]?[:\s]+(\d+)/gi, type: "info", severity: "info" },
+      { regex: /admin|root|password/gi, type: "credential", severity: "high" },
+      { regex: /shell access|RCE|command injection/gi, type: "vulnerability", severity: "critical" },
+      { regex: /SQL injection|XSS|SSRF/gi, type: "vulnerability", severity: "high" }
+    ];
+    for (const pattern of patterns) {
+      const matches = output.match(pattern.regex);
+      if (matches) {
+        for (const match of [...new Set(matches)]) {
+          findings.push({
+            id: `finding_${Date.now()}_${Math.random().toString(36).substring(2, 6)}`,
+            type: pattern.type,
+            title: match,
+            description: `Found by ${agentName}: ${match}`,
+            confidence: 60,
+            severity: pattern.severity,
+            evidence: [match],
+            exploitability: "possible"
+          });
+        }
+      }
+    }
+    return findings;
+  }
+  /**
+   * Normalize a finding object
+   */
+  normalizeFinding(raw, agentName) {
+    const f = raw;
+    return {
+      id: f.id || `finding_${Date.now()}_${Math.random().toString(36).substring(2, 6)}`,
+      type: f.type || "info",
+      title: f.title || "Unknown finding",
+      description: f.description || `Found by ${agentName}`,
+      confidence: f.confidence || 50,
+      severity: f.severity || "medium",
+      evidence: f.evidence || [],
+      exploitability: f.exploitability || "possible",
+      nextSteps: f.nextSteps
+    };
+  }
+  /**
+   * Get available agent names
+   */
+  getAgentNames() {
+    return Array.from(this.agents.keys());
+  }
+};
+function consolidateFindings(results) {
+  const allFindings = [];
+  for (const result of results) {
+    allFindings.push(...result.findings);
+  }
+  const findingMap = /* @__PURE__ */ new Map();
+  for (const finding of allFindings) {
+    const key = `${finding.type}:${finding.title}`;
+    if (findingMap.has(key)) {
+      const existing = findingMap.get(key);
+      existing.confidence = Math.min(100, existing.confidence + 10);
+      existing.evidence.push(...finding.evidence);
+    } else {
+      findingMap.set(key, { ...finding });
+    }
+  }
+  return Array.from(findingMap.values()).sort((a, b) => b.confidence - a.confidence);
+}
+var orchestratorInstance = null;
+function getOrchestrator(apiKey) {
+  if (!orchestratorInstance) {
+    orchestratorInstance = new AgentOrchestrator(apiKey);
+  }
+  return orchestratorInstance;
+}
+
+// src/core/agent/agent-memory.ts
+import { EventEmitter as EventEmitter5 } from "events";
+var MEMORY_EVENT = {
+  ENTRY_ADDED: "entry_added",
+  STATE_UPDATED: "state_updated",
+  HANDOFF: "handoff",
+  COMPACTION: "compaction"
+};
+var AgentMemory = class _AgentMemory extends EventEmitter5 {
+  // Short-term memory (current session)
+  shortTermMemory = [];
+  // Long-term memory (persisted across sessions)
+  longTermMemory = [];
+  // Episodic memory (specific events/interactions)
+  episodicMemory = /* @__PURE__ */ new Map();
+  // Shared state across all agents
+  sharedState;
+  // Agent contexts
+  agentContexts = /* @__PURE__ */ new Map();
+  // Memory limits
+  SHORT_TERM_LIMIT = 100;
+  LONG_TERM_LIMIT = 1e3;
+  COMPACTION_THRESHOLD = 80;
+  // % of limit
+  constructor(target = "") {
+    super();
+    this.sharedState = this.initializeState(target);
+  }
+  // ===== State Management =====
+  initializeState(target) {
+    return {
+      target,
+      discoveredHosts: [],
+      discoveredServices: /* @__PURE__ */ new Map(),
+      credentials: [],
+      currentPhase: "recon",
+      completedPhases: [],
+      attackSurface: /* @__PURE__ */ new Map(),
+      vulnerabilities: [],
+      failedApproaches: []
+    };
+  }
+  getSharedState() {
+    return this.sharedState;
+  }
+  updateState(updates) {
+    this.sharedState = { ...this.sharedState, ...updates };
+    this.emit(MEMORY_EVENT.STATE_UPDATED, this.sharedState);
+  }
+  // ===== Memory Operations =====
+  addMemory(entry) {
+    const fullEntry = {
+      ...entry,
+      id: `mem_${Date.now()}_${Math.random().toString(36).substring(2, 8)}`,
+      timestamp: /* @__PURE__ */ new Date()
+    };
+    this.shortTermMemory.push(fullEntry);
+    if (entry.importance >= 70) {
+      this.longTermMemory.push(fullEntry);
+    }
+    if (!this.episodicMemory.has(entry.agent)) {
+      this.episodicMemory.set(entry.agent, []);
+    }
+    this.episodicMemory.get(entry.agent).push(fullEntry);
+    this.emit(MEMORY_EVENT.ENTRY_ADDED, fullEntry);
+    this.checkCompaction();
+    return fullEntry;
+  }
+  // ===== Memory Retrieval =====
+  getRecentMemories(count = 10) {
+    return this.shortTermMemory.slice(-count);
+  }
+  getMemoriesByAgent(agentName) {
+    return this.episodicMemory.get(agentName) || [];
+  }
+  getMemoriesByType(type) {
+    return [...this.shortTermMemory, ...this.longTermMemory].filter((m) => m.type === type);
+  }
+  getImportantMemories(threshold = 70) {
+    return this.longTermMemory.filter((m) => m.importance >= threshold);
+  }
+  searchMemories(query) {
+    const lowerQuery = query.toLowerCase();
+    return [...this.shortTermMemory, ...this.longTermMemory].filter((m) => m.content.toLowerCase().includes(lowerQuery)).sort((a, b) => b.importance - a.importance);
+  }
+  // ===== Agent Context Management =====
+  setAgentContext(context) {
+    this.agentContexts.set(context.agentName, context);
+  }
+  getAgentContext(agentName) {
+    return this.agentContexts.get(agentName);
+  }
+  getAllAgentContexts() {
+    return Array.from(this.agentContexts.values());
+  }
+  // ===== Agent Handoff =====
+  /**
+   * Create a handoff package for transferring context between agents
+   */
+  createHandoff(fromAgent, toAgent, task, relevantContext) {
+    const handoffId = `handoff_${Date.now()}`;
+    const relevantMemories = this.shortTermMemory.filter(
+      (m) => m.agent === fromAgent || relevantContext.some((c) => m.content.includes(c))
+    ).slice(-20);
+    const contextSummary = this.createContextSummary(fromAgent, task);
+    this.addMemory({
+      type: "handoff",
+      agent: "orchestrator",
+      content: `Handoff: ${fromAgent} \u2192 ${toAgent} for task: ${task}`,
+      importance: 80,
+      metadata: { fromAgent, toAgent, task, handoffId }
+    });
+    this.emit(MEMORY_EVENT.HANDOFF, { fromAgent, toAgent, task, handoffId });
+    return {
+      handoffId,
+      context: contextSummary,
+      sharedState: this.sharedState,
+      relevantMemories
+    };
+  }
+  /**
+   * Create a summarized context for handoff
+   */
+  createContextSummary(agentName, task) {
+    const agentMemories = this.getMemoriesByAgent(agentName).slice(-10);
+    const findings = this.getMemoriesByType("finding").slice(-5);
+    const errors = this.getMemoriesByType("error").slice(-3);
+    return `
+## Context Summary for: ${task}
+
+### Target
+- Primary: ${this.sharedState.target}
+- Phase: ${this.sharedState.currentPhase}
+- Hosts discovered: ${this.sharedState.discoveredHosts.length}
+
+### Recent Actions by ${agentName}
+${agentMemories.map((m) => `- ${m.content.slice(0, 100)}`).join("\n")}
+
+### Key Findings
+${findings.map((f) => `- [${f.agent}] ${f.content.slice(0, 100)}`).join("\n")}
+
+### Failed Approaches (avoid these)
+${this.sharedState.failedApproaches.slice(-5).map((f) => `- ${f.approach}: ${f.reason}`).join("\n")}
+
+### Credentials Found
+${this.sharedState.credentials.map((c) => `- ${c.username}:${c.password} (${c.source})`).join("\n") || "None"}
+`;
+  }
+  // ===== Attack Surface Tracking =====
+  addToAttackSurface(category, items) {
+    const existing = this.sharedState.attackSurface.get(category) || [];
+    const newItems = items.filter((i) => !existing.includes(i));
+    this.sharedState.attackSurface.set(category, [...existing, ...newItems]);
+    if (newItems.length > 0) {
+      this.addMemory({
+        type: "discovery",
+        agent: "orchestrator",
+        content: `Attack surface expanded [${category}]: ${newItems.join(", ")}`,
+        importance: 60
+      });
+    }
+  }
+  getAttackSurface() {
+    return this.sharedState.attackSurface;
+  }
+  getAttackSurfaceSummary() {
+    const summary = [];
+    for (const [category, items] of this.sharedState.attackSurface) {
+      summary.push(`${category}: ${items.length} items`);
+    }
+    return summary.join(", ");
+  }
+  // ===== Failed Approach Tracking =====
+  recordFailedApproach(approach, reason) {
+    this.sharedState.failedApproaches.push({
+      approach,
+      reason,
+      timestamp: /* @__PURE__ */ new Date()
+    });
+  }
+  hasFailedBefore(approach) {
+    return this.sharedState.failedApproaches.some(
+      (f) => f.approach.toLowerCase().includes(approach.toLowerCase())
+    );
+  }
+  // ===== Memory Compaction =====
+  checkCompaction() {
+    if (this.shortTermMemory.length >= this.SHORT_TERM_LIMIT * (this.COMPACTION_THRESHOLD / 100)) {
+      this.compactShortTermMemory();
+    }
+    if (this.longTermMemory.length >= this.LONG_TERM_LIMIT * (this.COMPACTION_THRESHOLD / 100)) {
+      this.compactLongTermMemory();
+    }
+  }
+  compactShortTermMemory() {
+    const sorted = [...this.shortTermMemory].sort((a, b) => {
+      const importanceDiff = b.importance - a.importance;
+      if (importanceDiff !== 0) return importanceDiff;
+      return b.timestamp.getTime() - a.timestamp.getTime();
+    });
+    this.shortTermMemory = sorted.slice(0, Math.floor(this.SHORT_TERM_LIMIT * 0.5));
+    this.emit(MEMORY_EVENT.COMPACTION, { type: "short-term", remaining: this.shortTermMemory.length });
+  }
+  compactLongTermMemory() {
+    this.longTermMemory = this.longTermMemory.sort((a, b) => b.importance - a.importance).slice(0, Math.floor(this.LONG_TERM_LIMIT * 0.7));
+    this.emit(MEMORY_EVENT.COMPACTION, { type: "long-term", remaining: this.longTermMemory.length });
+  }
+  // ===== Serialization =====
+  toJSON() {
+    return {
+      shortTermMemory: this.shortTermMemory,
+      longTermMemory: this.longTermMemory,
+      sharedState: {
+        ...this.sharedState,
+        discoveredServices: Object.fromEntries(this.sharedState.discoveredServices),
+        attackSurface: Object.fromEntries(this.sharedState.attackSurface)
+      },
+      agentContexts: Object.fromEntries(this.agentContexts)
+    };
+  }
+  static fromJSON(data) {
+    const memory = new _AgentMemory();
+    const parsed = data;
+    memory.shortTermMemory = parsed.shortTermMemory || [];
+    memory.longTermMemory = parsed.longTermMemory || [];
+    if (parsed.sharedState) {
+      memory.sharedState = {
+        ...parsed.sharedState,
+        discoveredServices: new Map(Object.entries(parsed.sharedState.discoveredServices || {})),
+        attackSurface: new Map(Object.entries(parsed.sharedState.attackSurface || {}))
+      };
+    }
+    if (parsed.agentContexts) {
+      memory.agentContexts = new Map(Object.entries(parsed.agentContexts));
+    }
+    return memory;
+  }
+};
+var memoryInstance = null;
+function getAgentMemory(target) {
+  if (!memoryInstance) {
+    memoryInstance = new AgentMemory(target);
+  }
+  return memoryInstance;
+}
+
+// src/core/agent/supervisor-agent.ts
+import Anthropic2 from "@anthropic-ai/sdk";
+import { EventEmitter as EventEmitter6 } from "events";
+var SUPERVISOR_EVENT = {
+  PLAN_CREATED: "plan_created",
+  PHASE_STARTED: "phase_started",
+  PHASE_COMPLETED: "phase_completed",
+  TASK_DELEGATED: "task_delegated",
+  TASK_COMPLETED: "task_completed",
+  STRATEGY_ADJUSTED: "strategy_adjusted",
+  DECISION_MADE: "decision_made"
+};
+var SupervisorAgent = class extends EventEmitter6 {
+  client;
+  orchestrator;
+  memory;
+  currentPlan = null;
+  // Agent capability mapping
+  agentCapabilities = /* @__PURE__ */ new Map([
+    ["target-explorer", ["recon", "scanning", "enumeration", "osint", "subdomain", "directory"]],
+    ["exploit-researcher", ["cve", "exploit", "vulnerability", "payload", "metasploit"]],
+    ["privesc-master", ["privilege", "escalation", "root", "system", "linux", "windows"]],
+    ["web-hacker", ["web", "sql", "xss", "injection", "http", "api", "form"]],
+    ["crypto-solver", ["crypto", "hash", "password", "decrypt", "encode"]],
+    ["forensics-analyst", ["forensics", "memory", "file", "log", "steganography"]],
+    ["reverse-engineer", ["binary", "reverse", "debug", "exploit", "buffer"]],
+    ["attack-architect", ["strategy", "plan", "attack", "chain", "prioritize"]],
+    ["finding-reviewer", ["validate", "verify", "review", "confidence", "false positive"]]
+  ]);
+  constructor(apiKey) {
+    super();
+    this.client = new Anthropic2({
+      apiKey: apiKey || LLM_API_KEY || process.env.PENTEST_API_KEY,
+      baseURL: LLM_BASE_URL
+    });
+    this.orchestrator = getOrchestrator(apiKey);
+    this.memory = getAgentMemory();
+  }
+  // ===== Task Planning =====
+  /**
+   * Create an execution plan for the given objective
+   */
+  async createPlan(objective, target) {
+    const planPrompt = `
+${STRATEGY_PLANNING_PROMPT}
+
+Create an execution plan for:
+Objective: ${objective}
+Target: ${target}
+
+Respond with a JSON plan:
+{
+    "phases": [
+        {
+            "name": "Phase name",
+            "description": "What this phase accomplishes",
+            "agents": ["agent-name"],
+            "tasks": [
+                {
+                    "description": "Task description",
+                    "assignedAgent": "agent-name"
+                }
+            ]
+        }
+    ]
+}
+
+Rules:
+1. Start with reconnaissance (BFS - map attack surface first)
+2. Discovery before exploitation
+3. Use specialized agents for their strengths
+4. Include validation steps
+5. Plan for fallbacks
+`;
+    try {
+      const response = await this.client.messages.create({
+        model: LLM_MODEL,
+        max_tokens: 2048,
+        messages: [{ role: "user", content: planPrompt }]
+      });
+      const text = response.content.filter((b) => b.type === "text").map((b) => b.text).join("");
+      const jsonMatch = text.match(/\{[\s\S]*\}/);
+      if (jsonMatch) {
+        const parsed = JSON.parse(jsonMatch[0]);
+        this.currentPlan = this.buildPlan(objective, parsed);
+      } else {
+        this.currentPlan = this.createDefaultPlan(objective, target);
+      }
+    } catch {
+      this.currentPlan = this.createDefaultPlan(objective, target);
+    }
+    this.emit(SUPERVISOR_EVENT.PLAN_CREATED, this.currentPlan);
+    this.memory.addMemory({
+      type: "decision",
+      agent: "supervisor",
+      content: `Plan created: ${this.currentPlan.phases.length} phases for ${objective}`,
+      importance: 90
+    });
+    return this.currentPlan;
+  }
+  buildPlan(objective, parsed) {
+    return {
+      id: `plan_${Date.now()}`,
+      objective,
+      status: "planning",
+      currentPhaseIndex: 0,
+      phases: parsed.phases.map((phase, idx) => ({
+        id: `phase_${idx}`,
+        name: phase.name,
+        description: phase.description,
+        agents: phase.agents || [],
+        status: "pending",
+        findings: [],
+        tasks: (phase.tasks || []).map((task, tidx) => ({
+          id: `task_${idx}_${tidx}`,
+          description: task.description,
+          assignedAgent: task.assignedAgent || this.selectBestAgent(task.description),
+          status: "pending"
+        }))
+      }))
+    };
+  }
+  createDefaultPlan(objective, target) {
+    return {
+      id: `plan_${Date.now()}`,
+      objective,
+      status: "planning",
+      currentPhaseIndex: 0,
+      phases: [
+        {
+          id: "phase_0",
+          name: "Reconnaissance",
+          description: "Map attack surface - ports, subdomains, directories",
+          agents: ["target-explorer"],
+          status: "pending",
+          findings: [],
+          tasks: [
+            { id: "task_0_0", description: `Port scan ${target}`, assignedAgent: "target-explorer", status: "pending" },
+            { id: "task_0_1", description: `Subdomain enumeration for ${target}`, assignedAgent: "target-explorer", status: "pending" },
+            { id: "task_0_2", description: `Directory bruteforce on web services`, assignedAgent: "web-hacker", status: "pending" }
+          ]
+        },
+        {
+          id: "phase_1",
+          name: "Analysis",
+          description: "Analyze findings and identify vulnerabilities",
+          agents: ["attack-architect", "finding-reviewer"],
+          status: "pending",
+          findings: [],
+          tasks: [
+            { id: "task_1_0", description: "Analyze attack surface and prioritize targets", assignedAgent: "attack-architect", status: "pending" },
+            { id: "task_1_1", description: "CVE research for discovered services", assignedAgent: "exploit-researcher", status: "pending" }
+          ]
+        },
+        {
+          id: "phase_2",
+          name: "Exploitation",
+          description: "Attempt exploitation of identified vulnerabilities",
+          agents: ["exploit-researcher", "web-hacker"],
+          status: "pending",
+          findings: [],
+          tasks: [
+            { id: "task_2_0", description: "Exploit high-priority vulnerabilities", assignedAgent: "exploit-researcher", status: "pending" }
+          ]
+        }
+      ]
+    };
+  }
+  // ===== Agent Selection =====
+  /**
+   * Select the best agent for a given task
+   */
+  selectBestAgent(taskDescription) {
+    const lowerTask = taskDescription.toLowerCase();
+    let bestAgent = "target-explorer";
+    let bestScore = 0;
+    for (const [agent, capabilities] of this.agentCapabilities) {
+      const score = capabilities.filter((cap) => lowerTask.includes(cap)).length;
+      if (score > bestScore) {
+        bestScore = score;
+        bestAgent = agent;
+      }
+    }
+    return bestAgent;
+  }
+  /**
+   * Get agents for a specific phase
+   */
+  getAgentsForPhase(phaseName) {
+    const phaseMapping = {
+      "recon": ["target-explorer"],
+      "reconnaissance": ["target-explorer"],
+      "scan": ["target-explorer"],
+      "enum": ["target-explorer", "web-hacker"],
+      "enumeration": ["target-explorer", "web-hacker"],
+      "analysis": ["attack-architect", "finding-reviewer"],
+      "vuln": ["exploit-researcher", "web-hacker"],
+      "vulnerability": ["exploit-researcher", "web-hacker"],
+      "exploit": ["exploit-researcher", "web-hacker"],
+      "exploitation": ["exploit-researcher", "web-hacker"],
+      "privesc": ["privesc-master"],
+      "privilege": ["privesc-master"],
+      "post": ["privesc-master", "forensics-analyst"]
+    };
+    const lowerPhase = phaseName.toLowerCase();
+    for (const [key, agents] of Object.entries(phaseMapping)) {
+      if (lowerPhase.includes(key)) {
+        return agents;
+      }
+    }
+    return ["target-explorer"];
+  }
+  // ===== Task Execution =====
+  /**
+   * Execute the current plan
+   */
+  async executePlan() {
+    if (!this.currentPlan) {
+      throw new Error("No plan created. Call createPlan() first.");
+    }
+    this.currentPlan.status = "executing";
+    const allFindings = [];
+    for (let i = 0; i < this.currentPlan.phases.length; i++) {
+      this.currentPlan.currentPhaseIndex = i;
+      const phase = this.currentPlan.phases[i];
+      this.emit(SUPERVISOR_EVENT.PHASE_STARTED, phase);
+      phase.status = "in_progress";
+      try {
+        const phaseFindings = await this.executePhase(phase);
+        phase.findings = phaseFindings;
+        allFindings.push(...phaseFindings);
+        phase.status = "completed";
+        this.emit(SUPERVISOR_EVENT.PHASE_COMPLETED, phase);
+        await this.evaluateProgress(phaseFindings);
+      } catch (error) {
+        phase.status = "failed";
+        this.memory.recordFailedApproach(
+          phase.name,
+          error instanceof Error ? error.message : "Unknown error"
+        );
+      }
+    }
+    this.currentPlan.status = "completed";
+    return consolidateFindings(allFindings.map((f) => ({
+      agent: "supervisor",
+      success: true,
+      output: "",
+      findings: [f],
+      duration: 0
+    })));
+  }
+  /**
+   * Execute a single phase
+   */
+  async executePhase(phase) {
+    const tasks = phase.tasks.map((task) => ({
+      agent: task.assignedAgent,
+      prompt: this.buildTaskPrompt(task, phase),
+      priority: 1
+    }));
+    await this.orchestrator.initialize();
+    const results = await this.orchestrator.launchParallel(tasks);
+    for (let i = 0; i < phase.tasks.length; i++) {
+      const task = phase.tasks[i];
+      const result = results[i];
+      task.status = result.success ? "completed" : "failed";
+      task.result = result.output;
+      task.error = result.error;
+      this.emit(SUPERVISOR_EVENT.TASK_COMPLETED, { task, result });
+      this.memory.addMemory({
+        type: result.success ? "action" : "error",
+        agent: task.assignedAgent,
+        content: result.success ? `Completed: ${task.description}` : `Failed: ${task.description} - ${result.error}`,
+        importance: result.success ? 60 : 70
+      });
+    }
+    return consolidateFindings(results);
+  }
+  buildTaskPrompt(task, phase) {
+    const handoff = this.memory.createHandoff(
+      "supervisor",
+      task.assignedAgent,
+      task.description,
+      [phase.name, task.description]
+    );
+    return `
+${AGENT_COLLABORATION_PROMPT}
+
+## Your Task
+${task.description}
+
+## Phase Context
+Phase: ${phase.name}
+Description: ${phase.description}
+
+## Shared Context
+${handoff.context}
+
+## Instructions
+1. Complete the task thoroughly
+2. Report all findings in structured format
+3. Suggest next steps based on discoveries
+4. Be efficient - BFS over DFS
+
+Provide your findings in JSON format when possible.
+`;
+  }
+  // ===== Strategy Evaluation =====
+  /**
+   * Evaluate progress and adjust strategy if needed
+   */
+  async evaluateProgress(findings) {
+    const criticalFindings = findings.filter((f) => f.severity === "critical" || f.severity === "high");
+    const failedApproaches = this.memory.getSharedState().failedApproaches;
+    if (criticalFindings.length > 0) {
+      this.memory.addMemory({
+        type: "decision",
+        agent: "supervisor",
+        content: `Strategy adjustment: Found ${criticalFindings.length} critical/high findings. Prioritizing exploitation.`,
+        importance: 85
+      });
+      this.emit(SUPERVISOR_EVENT.STRATEGY_ADJUSTED, {
+        reason: "Critical findings discovered",
+        adjustment: "Prioritize exploitation",
+        findings: criticalFindings
+      });
+    }
+    if (failedApproaches.length >= 3) {
+      this.memory.addMemory({
+        type: "decision",
+        agent: "supervisor",
+        content: `Strategy adjustment: ${failedApproaches.length} failed approaches. Recommending pivot.`,
+        importance: 80
+      });
+    }
+  }
+  // ===== Decision Making =====
+  /**
+   * Make a decision about next action
+   */
+  async makeDecision(situation) {
+    const decisionPrompt = `
+${STRATEGY_PLANNING_PROMPT}
+
+Current situation:
+${situation}
+
+Shared state:
+- Target: ${this.memory.getSharedState().target}
+- Phase: ${this.memory.getSharedState().currentPhase}
+- Attack surface: ${this.memory.getAttackSurfaceSummary()}
+- Failed approaches: ${this.memory.getSharedState().failedApproaches.map((f) => f.approach).join(", ")}
+
+Make a decision:
+1. What action should we take?
+2. Which agent should handle it?
+3. What's your reasoning?
+4. What are alternatives if this fails?
+
+Respond with JSON:
+{
+    "action": "description of action",
+    "agent": "agent-name",
+    "reasoning": "why this is the best choice",
+    "confidence": 0-100,
+    "alternatives": ["alt1", "alt2"]
+}
+`;
+    try {
+      const response = await this.client.messages.create({
+        model: LLM_MODEL,
+        max_tokens: 1024,
+        messages: [{ role: "user", content: decisionPrompt }]
+      });
+      const text = response.content.filter((b) => b.type === "text").map((b) => b.text).join("");
+      const jsonMatch = text.match(/\{[\s\S]*\}/);
+      if (jsonMatch) {
+        const decision = JSON.parse(jsonMatch[0]);
+        this.emit(SUPERVISOR_EVENT.DECISION_MADE, decision);
+        this.memory.addMemory({
+          type: "decision",
+          agent: "supervisor",
+          content: `Decision: ${decision.action} (${decision.agent}, ${decision.confidence}% confidence)`,
+          importance: 75
+        });
+        return decision;
+      }
+    } catch {
+    }
+    return {
+      action: "Continue with reconnaissance",
+      agent: "target-explorer",
+      reasoning: "Default action when unsure",
+      confidence: 50,
+      alternatives: ["web-hacker", "exploit-researcher"]
+    };
+  }
+  // ===== Getters =====
+  getCurrentPlan() {
+    return this.currentPlan;
+  }
+  getMemory() {
+    return this.memory;
+  }
+};
+var supervisorInstance = null;
+function getSupervisor(apiKey) {
+  if (!supervisorInstance) {
+    supervisorInstance = new SupervisorAgent(apiKey);
+  }
+  return supervisorInstance;
+}
+
 // src/commands/index.ts
 var SCAN_COMMAND = {
   name: "scan",
@@ -4466,7 +5758,7 @@ var DEFAULT_PHASES = [
   { id: PHASE_ID.EXFIL, name: "Data Exfiltration", shortName: "Exfil", status: PHASE_STATUS.PENDING, attempts: 0 },
   { id: PHASE_ID.REPORT, name: "Reporting", shortName: "Report", status: PHASE_STATUS.PENDING, attempts: 0 }
 ];
-var AutonomousHackingAgent = class extends EventEmitter4 {
+var AutonomousHackingAgent = class extends EventEmitter7 {
   client;
   state;
   config;
@@ -4481,6 +5773,9 @@ var AutonomousHackingAgent = class extends EventEmitter4 {
   mcpManager;
   contextManager;
   approvalManager;
+  orchestrator;
+  agentMemory;
+  supervisor;
   // Token usage tracking
   tokenUsage = {
     input: 0,
@@ -4499,7 +5794,7 @@ var AutonomousHackingAgent = class extends EventEmitter4 {
   // Max attempts per phase
   constructor(apiKey, config) {
     super();
-    this.client = new Anthropic({
+    this.client = new Anthropic3({
       apiKey: apiKey || LLM_API_KEY || process.env.PENTEST_API_KEY,
       baseURL: LLM_BASE_URL
     });
@@ -4509,6 +5804,9 @@ var AutonomousHackingAgent = class extends EventEmitter4 {
     this.mcpManager = getMCPManager();
     this.contextManager = new ContextManager(this.client);
     this.approvalManager = getApprovalManager({ yoloMode: config?.autoApprove });
+    this.orchestrator = getOrchestrator(apiKey);
+    this.agentMemory = getAgentMemory();
+    this.supervisor = getSupervisor(apiKey);
     this.state = this.createInitialState();
     this.initSystems();
   }
@@ -4919,25 +6217,161 @@ What went wrong and what different approach should be tried?
     this.think(THOUGHT_TYPE.REFLECTION, reflection);
     return reflection;
   }
+  // ===== Strategy Validation =====
+  async validateStrategy(proposedAction) {
+    this.think(THOUGHT_TYPE.PLANNING, "[strategy] Validating action strategy...");
+    const validationPrompt = `
+${STRATEGY_PLANNING_PROMPT}
+
+Current situation:
+- Target: ${this.state.target.primary}
+- Current phase: ${this.getCurrentPhase().shortName}
+- Discovered services: ${this.state.target.services.map((s) => `${s.host}:${s.port} (${s.service})`).join(", ") || "none"}
+- Attack surface mapped: ${this.state.target.discovered.length} hosts, ${this.state.target.services.length} services
+- Subdomains found: ${this.state.target.discovered.filter((d) => d.includes(".")).length}
+
+Proposed action: ${proposedAction}
+
+Validate this action:
+1. Is this aligned with BFS (surface mapping first)?
+2. Have we completed reconnaissance before deep testing?
+3. Is this the highest ROI action right now?
+4. Should we adjust the approach?
+
+Respond with JSON:
+{
+    "valid": true/false,
+    "adjustedAction": "if invalid, suggest better action",
+    "reasoning": "brief explanation"
+}
+`;
+    try {
+      const response = await this.client.messages.create({
+        model: LLM_MODEL,
+        max_tokens: 1024,
+        messages: [{ role: "user", content: validationPrompt }]
+      });
+      const text = response.content.filter((b) => b.type === "text").map((b) => b.text).join("");
+      const jsonMatch = text.match(/\{[\s\S]*\}/);
+      if (jsonMatch) {
+        const result = JSON.parse(jsonMatch[0]);
+        if (!result.valid) {
+          this.think(THOUGHT_TYPE.REFLECTION, `[strategy] Action adjusted: ${result.reasoning}`);
+        }
+        return result;
+      }
+    } catch {
+    }
+    return { valid: true, reasoning: "Validation skipped" };
+  }
+  // ===== Agent Collaboration =====
+  /**
+   * Delegate a task to a specialist agent and get results
+   */
+  async delegateToSpecialist(agentName, task, context) {
+    this.think(THOUGHT_TYPE.PLANNING, `[delegate] Delegating to ${agentName}: ${task.slice(0, 50)}...`);
+    await this.orchestrator.initialize();
+    const agentTask = {
+      agent: agentName,
+      prompt: `${AGENT_COLLABORATION_PROMPT}
+
+Context from main agent:
+${context}
+
+Your task:
+${task}
+
+Provide your analysis and findings. Include:
+1. Key discoveries
+2. Recommended next actions
+3. Any concerns or issues found`,
+      priority: 1
+    };
+    try {
+      const results = await this.orchestrator.launchParallel([agentTask]);
+      const result = results[0];
+      if (result.success) {
+        const consolidatedFindings = consolidateFindings(results);
+        const findingsSummary = consolidatedFindings.map((f) => `- [${f.severity.toUpperCase()}] ${f.title} (${f.confidence}% confidence)`).join("\n");
+        this.think(THOUGHT_TYPE.REFLECTION, `[delegate] ${agentName} completed: ${result.findings.length} findings`);
+        return {
+          success: true,
+          findings: findingsSummary || result.output.slice(0, 500),
+          recommendation: result.findings[0]?.nextSteps?.join(", ") || "Continue with main approach"
+        };
+      }
+      return {
+        success: false,
+        findings: result.error || "Agent failed",
+        recommendation: "Try alternative approach"
+      };
+    } catch (error) {
+      return {
+        success: false,
+        findings: error instanceof Error ? error.message : "Unknown error",
+        recommendation: "Fallback to main agent"
+      };
+    }
+  }
+  /**
+   * Consult multiple agents for strategy validation
+   */
+  async consultAgents(question) {
+    this.think(THOUGHT_TYPE.PLANNING, "[consult] Consulting specialist agents...");
+    const tasks = [
+      {
+        agent: "attack-architect",
+        prompt: `Strategic question: ${question}
+
+Provide your expert opinion on the best approach.`,
+        priority: 1
+      },
+      {
+        agent: "finding-reviewer",
+        prompt: `Review this approach: ${question}
+
+Validate if this is the right strategy.`,
+        priority: 1
+      }
+    ];
+    await this.orchestrator.initialize();
+    const results = await this.orchestrator.launchParallel(tasks);
+    const opinions = results.filter((r) => r.success).map((r) => `**${r.agent}**: ${r.output.slice(0, 200)}...`).join("\n\n");
+    this.think(THOUGHT_TYPE.REFLECTION, "[consult] Received opinions from specialists");
+    return opinions || "No specialist opinions available";
+  }
   // ===== Progress Detection =====
   recordProgress(type) {
     this.resetStuckCounter();
     this.state.lastProgressTime = /* @__PURE__ */ new Date();
+    let message = "";
+    let importance = 60;
     switch (type) {
       case "discovery":
-        this.think(THOUGHT_TYPE.BREAKTHROUGH, "[target] New target discovered!");
+        message = "[target] New target discovered!";
+        importance = 65;
         break;
       case "credential":
-        this.think(THOUGHT_TYPE.BREAKTHROUGH, "[cred] Credential obtained!");
+        message = "[cred] Credential obtained!";
+        importance = 85;
         break;
       case "access":
-        this.think(THOUGHT_TYPE.BREAKTHROUGH, "[access] Access obtained!");
+        message = "[access] Access obtained!";
+        importance = 90;
         break;
       case "exploit":
-        this.think(THOUGHT_TYPE.BREAKTHROUGH, "[exploit] Exploit successful!");
+        message = "[exploit] Exploit successful!";
+        importance = 95;
         this.state.successfulExploits++;
         break;
     }
+    this.think(THOUGHT_TYPE.BREAKTHROUGH, message);
+    this.agentMemory.addMemory({
+      type: type === "exploit" ? "action" : type === "credential" ? "credential" : "discovery",
+      agent: this.currentAgent?.name || "autonomous-agent",
+      content: message,
+      importance
+    });
   }
   // ===== Finding Management =====
   addFinding(finding) {
@@ -5686,14 +7120,14 @@ Respond helpfully to the user's message. If they ask to perform security testing
 // src/core/session/session-manager.ts
 import * as fs4 from "fs/promises";
 import * as path4 from "path";
-import { EventEmitter as EventEmitter5 } from "events";
+import { EventEmitter as EventEmitter8 } from "events";
 var SESSIONS_DIR = ".pentesting/sessions";
 function generateSessionId() {
   const timestamp = Date.now().toString(36);
   const random = Math.random().toString(36).substring(2, 8);
   return `session_${timestamp}_${random}`;
 }
-var SessionManager = class extends EventEmitter5 {
+var SessionManager = class extends EventEmitter8 {
   sessionsDir;
   currentSession = null;
   constructor(baseDir) {
@@ -6012,7 +7446,7 @@ function getSlashCommandRegistry() {
 // src/core/context/context-manager.ts
 import { existsSync as existsSync2, mkdirSync, readFileSync as readFileSync2, writeFileSync, renameSync } from "fs";
 import { join as join4, dirname as dirname3 } from "path";
-import { EventEmitter as EventEmitter6 } from "events";
+import { EventEmitter as EventEmitter9 } from "events";
 var CONTEXT_EVENT = {
   MESSAGE_ADDED: "message_added",
   CHECKPOINT_CREATED: "checkpoint_created",
@@ -6020,7 +7454,7 @@ var CONTEXT_EVENT = {
   CLEARED: "cleared",
   COMPACTED: "compacted"
 };
-var ContextManager2 = class extends EventEmitter6 {
+var ContextManager2 = class extends EventEmitter9 {
   filePath;
   state;
   maxMessages;
@@ -6731,9 +8165,9 @@ import { homedir } from "os";
 import { join as join7 } from "path";
 
 // src/cli/utils/keyboard-listener.ts
-import { EventEmitter as EventEmitter7 } from "events";
+import { EventEmitter as EventEmitter10 } from "events";
 import * as readline2 from "readline";
-var KeyboardListener = class extends EventEmitter7 {
+var KeyboardListener = class extends EventEmitter10 {
   isListening = false;
   isPaused = false;
   stdin = process.stdin;
@@ -6958,7 +8392,7 @@ function getKeyboardListener() {
 }
 
 // src/utils/input-queue.ts
-import { EventEmitter as EventEmitter8 } from "events";
+import { EventEmitter as EventEmitter11 } from "events";
 var INPUT_QUEUE_EVENT = {
   QUEUED: "queued",
   // Message added to queue
@@ -6971,7 +8405,7 @@ var INPUT_QUEUE_EVENT = {
   SHUTDOWN: "shutdown"
   // Queue shutdown
 };
-var InputQueue = class extends EventEmitter8 {
+var InputQueue = class extends EventEmitter11 {
   queue = [];
   isShutdown = false;
   isPaused = false;