pentesting 0.90.10 โ 0.92.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +25 -275
- package/bin/pentesting.mjs +0 -0
- package/lib/runtime.mjs +1 -5
- package/package.json +8 -38
- package/scripts/postinstall.mjs +0 -0
package/README.md
CHANGED
|
@@ -13,50 +13,44 @@
|
|
|
13
13
|
|
|
14
14
|
---
|
|
15
15
|
|
|
16
|
-
|
|
16
|
+
## ๐น From the Developer
|
|
17
17
|
|
|
18
|
-
|
|
18
|
+
<div align="center">
|
|
19
|
+
<img src="public/image.png" alt="Chopin Ballade No.4" width="600" />
|
|
20
|
+
</div>
|
|
19
21
|
|
|
20
|
-
|
|
22
|
+
<br/>
|
|
21
23
|
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
* **Dynamic Agent Profiles** โ No fixed persona: the classifier *generates* a profile per request, *recalls* reusable templates, *reuses* them to drive tool scope, phase, and memory weighting.
|
|
30
|
-
* **Ebbinghaus-Inspired Memory** โ Memories carry a *strength* that fades like human memory and reinforces on recall. Faded notes are de-referenced, never destroyed.
|
|
31
|
-
* **Git-Backed Rewind** โ Working-tree checkpoint/restore keeps autonomous edits reversible.
|
|
24
|
+
> "I believe playing the piano is also a form of orchestration."
|
|
25
|
+
>
|
|
26
|
+
> The harmony of polyphony โ multiple voices โ and homophony โ a single melodic line.
|
|
27
|
+
>
|
|
28
|
+
> Each voice sings its most beautiful song from its own place, yet when combined, they create one grand, beautiful melody. I believe this structure is no different from AI agents.
|
|
29
|
+
>
|
|
30
|
+
> โ *agnusdei1207*
|
|
32
31
|
|
|
33
32
|
---
|
|
34
33
|
|
|
35
34
|
## ๐ Quick Start
|
|
36
35
|
|
|
37
|
-
### Install via npm
|
|
38
|
-
|
|
39
36
|
```bash
|
|
40
37
|
npm install -g pentesting
|
|
41
38
|
pentesting
|
|
42
39
|
```
|
|
43
40
|
|
|
44
|
-
|
|
41
|
+
Or run it with Docker:
|
|
45
42
|
|
|
46
43
|
```bash
|
|
47
|
-
docker run -it --rm
|
|
48
|
-
-v "$(pwd):/workspace" \
|
|
49
|
-
-w /workspace \
|
|
50
|
-
agnusdei1207/pentesting:latest
|
|
44
|
+
docker run -it --rm -v "$(pwd):/workspace" -w /workspace agnusdei1207/pentesting:latest
|
|
51
45
|
```
|
|
52
46
|
|
|
53
|
-
|
|
47
|
+
Or via Docker Compose:
|
|
54
48
|
|
|
55
49
|
```bash
|
|
56
50
|
PENTESTING_PROJECT_DIR=/path/to/project docker compose run pentesting
|
|
57
51
|
```
|
|
58
52
|
|
|
59
|
-
###
|
|
53
|
+
### Common commands
|
|
60
54
|
|
|
61
55
|
```bash
|
|
62
56
|
pentesting # Interactive TUI
|
|
@@ -65,271 +59,27 @@ pentesting shell-listener --bind 127.0.0.1 --port 4444 # Authorized lab listen
|
|
|
65
59
|
pentesting --version
|
|
66
60
|
```
|
|
67
61
|
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
## ๐งฉ Orchestration Map
|
|
71
|
-
|
|
72
|
-
Pentesting is a **domain-neutral** runtime with a security focus. Development, pentesting, CTF, audit, and release work layer in via skills โ never baked into the core.
|
|
73
|
-
|
|
74
|
-
**Profile flow** โ generate โ recall โ reuse:
|
|
75
|
-
|
|
76
|
-
```mermaid
|
|
77
|
-
flowchart LR
|
|
78
|
-
R[Request] --> GEN["Generate<br/>dynamic profile"]
|
|
79
|
-
GEN --> REC["Recall<br/>named template + overlay"]
|
|
80
|
-
REC --> USE["Reuse<br/>tool scope ยท phase ยท memory weight"]
|
|
81
|
-
```
|
|
82
|
-
|
|
83
|
-
**Agent flow** โ request to closure:
|
|
84
|
-
|
|
85
|
-
```mermaid
|
|
86
|
-
flowchart TD
|
|
87
|
-
U[User request] --> C[Intent classifier]
|
|
88
|
-
C --> P[Dynamic profile<br/>task shape + tool scope + rigor]
|
|
89
|
-
P --> R[Runtime router]
|
|
90
|
-
R --> A[Active agent]
|
|
91
|
-
A --> T{Need delegation?}
|
|
92
|
-
T -- no --> O[Tool execution]
|
|
93
|
-
T -- yes --> D[Agent tool]
|
|
94
|
-
D --> CO[coordinator]
|
|
95
|
-
D --> I[investigator]
|
|
96
|
-
D --> OP[operator]
|
|
97
|
-
D --> RV[reviewer]
|
|
98
|
-
D --> V[verifier]
|
|
99
|
-
D --> W[report-writer]
|
|
100
|
-
CO --> O
|
|
101
|
-
I --> O
|
|
102
|
-
OP --> O
|
|
103
|
-
RV --> O
|
|
104
|
-
V --> O
|
|
105
|
-
W --> O
|
|
106
|
-
O --> G[Completion gates]
|
|
107
|
-
G --> M[Memory + artifacts]
|
|
108
|
-
M --> U
|
|
109
|
-
```
|
|
110
|
-
|
|
111
|
-
### Built-in agent team
|
|
112
|
-
|
|
113
|
-
| Agent | Default role | Runtime profile |
|
|
114
|
-
| --- | --- | --- |
|
|
115
|
-
| `builder` | Hands-on implementation, refactoring, local file changes, tests | Implement + broad local write |
|
|
116
|
-
| `planner` | Implementation plans and risk breakdowns | Plan + read-only |
|
|
117
|
-
| `researcher` | Read-only codebase and reference research | Investigate + read-only |
|
|
118
|
-
| `coordinator` | Splits broad work into owned packets and consolidates results | Coordinate + broad local write |
|
|
119
|
-
| `investigator` | Evidence gathering across code, logs, commands, APIs, and behavior | Investigate + shell diagnostics |
|
|
120
|
-
| `operator` | Builds, tests, packaging, service startup, and runtime workflows | Implement + broad local write |
|
|
121
|
-
| `reviewer` | Findings-first technical review | Review + strict read-only |
|
|
122
|
-
| `verifier` | Reproduction, build/test proof, and completion claim checks | Verify + strict read-only |
|
|
123
|
-
| `report-writer` | Reports, handoffs, release notes, and reproducibility records | Implement + bounded write |
|
|
124
|
-
|
|
125
|
-
### Named autonomy profiles
|
|
126
|
-
|
|
127
|
-
Optionally pin the top-level profile (`autonomy_profile = "ctf-competition"`); leave unset for classifier-driven defaults. Delegated subagent contracts stay intact.
|
|
128
|
-
|
|
129
|
-
| Profile | Purpose |
|
|
130
|
-
| --- | --- |
|
|
131
|
-
| `general-agent` | Broad autonomous local orchestration for mixed tasks |
|
|
132
|
-
| `local-builder` | Hands-on implementation with fresh evidence retrieval |
|
|
133
|
-
| `ctf-competition` | Competition/lab workflow backed by `ctf-competition` and `pentesting-methodology` skills |
|
|
134
|
-
| `enterprise-review` | Strict, review-heavy profile with read-only dynamic scope |
|
|
135
|
-
|
|
136
|
-
### Engagement metadata
|
|
137
|
-
|
|
138
|
-
Runs can attach typed engagement context โ scope, phase, tags, and standard refs (PTES, MITRE ATT&CK, OWASP, CWE/CAPEC, NIST CSF, CIS Controls) โ to workflow metadata. `/workflow report` exports it as a Markdown handoff.
|
|
139
|
-
|
|
140
|
-
### Storage and graph strategy
|
|
141
|
-
|
|
142
|
-
- **Local-first** โ runtime state, notes, scratchpad, and graph inputs live on disk.
|
|
143
|
-
- **Derived graph** โ built from markdown notes, wiki-links/backlinks, skills, and memory; a view, not a second source of truth.
|
|
144
|
-
- **Separate skills** โ domain skills (`ctf-competition`, audit, release, dev) teach method without changing runtime identity.
|
|
145
|
-
|
|
146
|
-
---
|
|
147
|
-
|
|
148
|
-
## ๐ง Memory & Knowledge
|
|
149
|
-
|
|
150
|
-
One local-first store โ plain markdown notes on disk, no vector DB, no cloud. Memories carry a *strength* that fades like human memory, so the store stays sharp instead of rotting.
|
|
151
|
-
|
|
152
|
-
**Storage** โ Ebbinghaus lifecycle (decay ยท reinforce ยท floor, never deleted):
|
|
153
|
-
|
|
154
|
-
```mermaid
|
|
155
|
-
flowchart TD
|
|
156
|
-
N[New memory] --> S["strength = quality ร recall ร e^-ฮปยทage"]
|
|
157
|
-
S --> U{recalled?}
|
|
158
|
-
U -- yes --> RE[reinforce โ ยท reset age]
|
|
159
|
-
U -- no --> D[decay over time]
|
|
160
|
-
RE --> S
|
|
161
|
-
D --> F{below floor?}
|
|
162
|
-
F -- no --> S
|
|
163
|
-
F -- yes --> AR[de-reference: archive / tombstone]
|
|
164
|
-
AR -. recoverable on disk .-> N
|
|
165
|
-
```
|
|
166
|
-
|
|
167
|
-
Kinds fade at different speeds (procedural outlives episodic); bi-temporal `event_time` vs `ingestion_time` lets newer facts supersede stale ones.
|
|
168
|
-
|
|
169
|
-
**Retrieval** โ hybrid fuse, strength-weighted, read-only:
|
|
170
|
-
|
|
171
|
-
```mermaid
|
|
172
|
-
flowchart LR
|
|
173
|
-
Q[Query] --> L[Lexical]
|
|
174
|
-
Q --> SE[Semantic]
|
|
175
|
-
Q --> G[Graph]
|
|
176
|
-
L --> RRF[RRF fuse]
|
|
177
|
-
SE --> RRF
|
|
178
|
-
G --> RRF
|
|
179
|
-
RRF --> RR[rerank: phase ยท recency ยท task]
|
|
180
|
-
RR --> W[weight by strength]
|
|
181
|
-
W --> P[Prompt context]
|
|
182
|
-
```
|
|
183
|
-
|
|
184
|
-
Faded, private, or unsafe memories are held back from the prompt. Lookups never write โ reinforce/archive/supersede are explicit, never search side effects.
|
|
185
|
-
|
|
186
|
-
---
|
|
187
|
-
|
|
188
|
-
## ๐งญ Interactive Essentials
|
|
189
|
-
|
|
190
|
-
Inside an interactive pentesting session, these commands are the fastest way to inspect state:
|
|
191
|
-
|
|
192
|
-
```text
|
|
193
|
-
/status Show the current run phase, active tasks, gates, hooks, and budget signals
|
|
194
|
-
/workflow Show the current focus and recent workflow steps for the active conversation
|
|
195
|
-
/workflow report
|
|
196
|
-
Export the active run, engagement metadata, evidence, and large outputs to Markdown
|
|
197
|
-
/context Show recent context-budget snapshots for the current conversation
|
|
198
|
-
/memory Show stored conversation memories for the current conversation
|
|
199
|
-
/tools List the currently available tools and schemas
|
|
200
|
-
/agent Switch the active agent
|
|
201
|
-
/conversation Browse conversations for the active workspace
|
|
202
|
-
/goal <task> Set the active goal
|
|
203
|
-
/auto Toggle autonomous mode for the current goal
|
|
204
|
-
/help Show all commands
|
|
205
|
-
/exit Quit
|
|
206
|
-
```
|
|
207
|
-
|
|
208
|
-
`/update` downloads and applies the latest public release asset for the current OS/CPU target.
|
|
62
|
+
Inside a session, `/help` lists every command and `/update` pulls the latest release for your OS/CPU.
|
|
209
63
|
|
|
210
64
|
---
|
|
211
65
|
|
|
212
|
-
## โ๏ธ Configuration
|
|
66
|
+
## โ๏ธ Configuration
|
|
213
67
|
|
|
214
|
-
Pentesting reads
|
|
68
|
+
Pentesting reads `~/.pentesting/.pentesting.toml`, overridden by a project-local `.pentesting.toml`:
|
|
215
69
|
|
|
216
70
|
```toml
|
|
217
71
|
[storage]
|
|
218
|
-
backend = "local"
|
|
72
|
+
backend = "local" # Local md/fs runtime state
|
|
219
73
|
```
|
|
220
74
|
|
|
221
|
-
Environment variables use the `PENTESTING_` prefix
|
|
75
|
+
Environment variables use the `PENTESTING_` prefix (`__` for nested keys, e.g. `PENTESTING_SESSION__MODEL_ID=...`). Full variable list and the legacy `BUILDER_*` aliases are documented in [`ARCHITECTURE.md`](ARCHITECTURE.md#configuration).
|
|
222
76
|
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
The runtime engine is still `builder` under the hood, so legacy names keep working. Use whichever you like; the `PENTESTING_*` form wins when both are set.
|
|
226
|
-
|
|
227
|
-
| Surface | Canonical | Legacy (still accepted) |
|
|
228
|
-
| :--- | :--- | :--- |
|
|
229
|
-
| Env vars | `PENTESTING_*` | `BUILDER_*` |
|
|
230
|
-
| Config-dir override | `PENTESTING_CONFIG` | `BUILDER_CONFIG` |
|
|
231
|
-
| Global config file | `~/.pentesting/.pentesting.toml` | `~/.builder/.builder.toml`, `~/builder/.builder.toml` |
|
|
232
|
-
| Project config file | `.pentesting.toml` | `.builder.toml` |
|
|
77
|
+
> **Note:** The command you run is always **`pentesting`**. The internal engine is **`builder`** โ `pentesting` downloads and runs it under the hood; the engine name never surfaces in normal use.
|
|
233
78
|
|
|
234
79
|
---
|
|
235
80
|
|
|
236
|
-
##
|
|
237
|
-
|
|
238
|
-
### Architecture โ single source, two surfaces
|
|
239
|
-
|
|
240
|
-
Pentesting and Builder share the **same Rust runtime binary**. The `pentesting` npm package is a thin distribution facade:
|
|
241
|
-
|
|
242
|
-
```text
|
|
243
|
-
npm install -g pentesting
|
|
244
|
-
โ
|
|
245
|
-
โผ
|
|
246
|
-
pentesting CLI (Node.js shim)
|
|
247
|
-
โ resolves or downloads the matching Builder release asset
|
|
248
|
-
โผ
|
|
249
|
-
Builder binary (Rust) โ single runtime engine
|
|
250
|
-
โ PENTESTING_PRODUCT_NAME=pentesting
|
|
251
|
-
โผ
|
|
252
|
-
Interactive TUI with "pentesting" banner
|
|
253
|
-
```
|
|
254
|
-
|
|
255
|
-
- The npm package installs a launcher, **not** a second agent runtime.
|
|
256
|
-
- It resolves or downloads the correct release asset from `agnusdei1207/pentesting-public`.
|
|
257
|
-
- It forwards arguments directly into the Rust binary โ no command translation or compatibility shims.
|
|
258
|
-
- If a change would add orchestration, memory, or prompt logic into the npm layer, that change belongs upstream in the Rust runtime.
|
|
259
|
-
|
|
260
|
-
### Security domain skills
|
|
261
|
-
|
|
262
|
-
The `ctf-competition` and `pentesting-methodology` skills map authorized assessments to standard frameworks:
|
|
263
|
-
|
|
264
|
-
- **PTES** (Penetration Testing Execution Standard)
|
|
265
|
-
- **MITRE ATT&CK** tactics and techniques
|
|
266
|
-
- **OWASP** Top 10 and Testing Guide
|
|
267
|
-
- **CWE/CAPEC** weakness and attack pattern catalogs
|
|
268
|
-
- **NIST CSF** and **CIS Controls**
|
|
81
|
+
## ๐ Documentation
|
|
269
82
|
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
```bash
|
|
273
|
-
pentesting shell-listener --bind 127.0.0.1 --port 4444
|
|
274
|
-
```
|
|
275
|
-
|
|
276
|
-
Manages multiple accepted TCP sessions with per-session routing, buffered output, raw byte logging, and PTY-upgrade helpers. Bound to loopback by default; `--allow-remote` is an explicit opt-in gate.
|
|
277
|
-
|
|
278
|
-
---
|
|
279
|
-
|
|
280
|
-
## ๐ฆ Supported Runtime Targets
|
|
281
|
-
|
|
282
|
-
| OS | CPU | Release asset |
|
|
283
|
-
| --- | --- | --- |
|
|
284
|
-
| Linux | x64 | `pentesting-x86_64-unknown-linux-musl` |
|
|
285
|
-
| Linux | arm64 | `pentesting-aarch64-unknown-linux-musl` |
|
|
286
|
-
| macOS | x64 | `pentesting-x86_64-apple-darwin` |
|
|
287
|
-
| macOS | arm64 | `pentesting-aarch64-apple-darwin` |
|
|
288
|
-
| Windows | x64 | `pentesting-x86_64-pc-windows-msvc.exe` |
|
|
289
|
-
| Windows | arm64 | `pentesting-aarch64-pc-windows-msvc.exe` |
|
|
290
|
-
| Android | arm64 | `pentesting-aarch64-linux-android` |
|
|
291
|
-
|
|
292
|
-
---
|
|
293
|
-
|
|
294
|
-
## ๐ Environment Variables
|
|
295
|
-
|
|
296
|
-
| Variable | Description |
|
|
297
|
-
| --- | --- |
|
|
298
|
-
| `PENTESTING_BIN` | Use an already-installed Builder binary instead of the managed download. |
|
|
299
|
-
| `PENTESTING_PRODUCT_NAME` | Runtime banner label. The `pentesting` launcher sets this to `pentesting` automatically. |
|
|
300
|
-
| `PENTESTING_REPO` | Override the public release repo used for binary downloads. Defaults to `agnusdei1207/pentesting-public`. |
|
|
301
|
-
| `PENTESTING_SKIP_DOWNLOAD` | Skip the postinstall binary download. Useful in CI or when `PENTESTING_BIN` will be provided later. |
|
|
302
|
-
|
|
303
|
-
---
|
|
304
|
-
|
|
305
|
-
## ๐ Key Documentation
|
|
306
|
-
|
|
307
|
-
* [`Public site`](https://agnusdei1207.github.io/pentesting-public/) โ Landing page and public runtime entry surface.
|
|
83
|
+
* [`ARCHITECTURE.md`](ARCHITECTURE.md) โ Runtime flow, agent team, memory model, crate map, tool surface, and supported targets.
|
|
84
|
+
* [Public site](https://agnusdei1207.github.io/pentesting-public/) โ Landing page and public runtime entry surface.
|
|
308
85
|
* [`compose.yaml`](https://github.com/agnusdei1207/pentesting-public) โ Docker Compose facade for pentesting sessions.
|
|
309
|
-
|
|
310
|
-
---
|
|
311
|
-
|
|
312
|
-
<div align="center">
|
|
313
|
-
|
|
314
|
-
<br/>
|
|
315
|
-
|
|
316
|
-
<img src="https://api.iconify.design/twemoji:flag-ireland.svg" width="36" height="36" alt="Ireland" />
|
|
317
|
-
<img src="https://api.iconify.design/twemoji:flag-south-korea.svg" width="36" height="36" alt="South Korea" />
|
|
318
|
-
<img src="https://api.iconify.design/twemoji:flag-germany.svg" width="36" height="36" alt="Germany" />
|
|
319
|
-
<img src="https://api.iconify.design/twemoji:flag-italy.svg" width="36" height="36" alt="Italy" />
|
|
320
|
-
<img src="https://api.iconify.design/twemoji:flag-netherlands.svg" width="36" height="36" alt="Netherlands" />
|
|
321
|
-
<img src="https://api.iconify.design/twemoji:flag-japan.svg" width="36" height="36" alt="Japan" />
|
|
322
|
-
<img src="https://api.iconify.design/twemoji:flag-belgium.svg" width="36" height="36" alt="Belgium" />
|
|
323
|
-
<img src="https://api.iconify.design/twemoji:flag-spain.svg" width="36" height="36" alt="Spain" />
|
|
324
|
-
<img src="https://api.iconify.design/twemoji:flag-portugal.svg" width="36" height="36" alt="Portugal" />
|
|
325
|
-
<img src="https://api.iconify.design/twemoji:flag-austria.svg" width="36" height="36" alt="Austria" />
|
|
326
|
-
|
|
327
|
-
**Quietly built across Ireland, Korea, Germany, Italy, the Netherlands, Japan, Belgium, Spain, Portugal, and Austria.**
|
|
328
|
-
|
|
329
|
-
from recon to flag capture, the work speaks for itself.
|
|
330
|
-
|
|
331
|
-
[](#)
|
|
332
|
-
|
|
333
|
-
<br/>
|
|
334
|
-
|
|
335
|
-
</div>
|
package/bin/pentesting.mjs
CHANGED
|
File without changes
|
package/lib/runtime.mjs
CHANGED
|
@@ -119,11 +119,7 @@ export async function installManagedBuilder(options = {}) {
|
|
|
119
119
|
|
|
120
120
|
await mkdir(MANAGED_BINARY_DIR, { recursive: true });
|
|
121
121
|
const downloadUrl = releaseAssetUrl(target.assetName, { repo, releaseTag });
|
|
122
|
-
const response = await fetch(downloadUrl
|
|
123
|
-
headers: {
|
|
124
|
-
"user-agent": `pentesting-npm/${packageVersion()}`,
|
|
125
|
-
},
|
|
126
|
-
});
|
|
122
|
+
const response = await fetch(downloadUrl);
|
|
127
123
|
|
|
128
124
|
if (!response.ok || !response.body) {
|
|
129
125
|
throw new Error(
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "pentesting",
|
|
3
|
-
"version": "0.
|
|
4
|
-
"builderReleaseTag": "v0.
|
|
3
|
+
"version": "0.92.3",
|
|
4
|
+
"builderReleaseTag": "v0.92.3",
|
|
5
5
|
"description": "pentesting โ security-focused agent runtime (internal engine: builder). Thin npm facade that downloads the managed Builder binary and forwards arguments.",
|
|
6
6
|
"license": "MIT",
|
|
7
7
|
"author": "agnusdei1207",
|
|
@@ -49,42 +49,12 @@
|
|
|
49
49
|
"test": "node --test tests/*.test.mjs",
|
|
50
50
|
"preflight:local": "bash scripts/preflight-local.sh",
|
|
51
51
|
"verify": "npm run preflight:local && npm run test",
|
|
52
|
-
"
|
|
53
|
-
"
|
|
54
|
-
"
|
|
55
|
-
"
|
|
56
|
-
"
|
|
57
|
-
"
|
|
58
|
-
"pentesting:status": "./scripts/pentesting-release-status.sh",
|
|
59
|
-
"pentesting:test": "npm run test",
|
|
60
|
-
"pentesting:verify": "npm run verify",
|
|
61
|
-
"pentesting:pack:dry-run": "npm pack --dry-run",
|
|
62
|
-
"pentesting:check": "./scripts/check-pentesting-package.sh",
|
|
63
|
-
"pentesting:publish": "./scripts/publish-pentesting-package.sh",
|
|
64
|
-
"pentesting:publish:dry-run": "DRY_RUN=true ./scripts/publish-pentesting-package.sh",
|
|
65
|
-
"pentesting:release:patch": "npm run pentesting:check && AUTO_PUSH=true ./scripts/publish-pentesting-package.sh patch",
|
|
66
|
-
"pentesting:release:patch:dry-run": "npm run pentesting:check && DRY_RUN=true ./scripts/publish-pentesting-package.sh patch",
|
|
67
|
-
"pentesting:release:minor": "npm run pentesting:check && AUTO_PUSH=true ./scripts/publish-pentesting-package.sh minor",
|
|
68
|
-
"pentesting:release:minor:dry-run": "npm run pentesting:check && DRY_RUN=true ./scripts/publish-pentesting-package.sh minor",
|
|
69
|
-
"pentesting:release:major": "npm run pentesting:check && AUTO_PUSH=true ./scripts/publish-pentesting-package.sh major",
|
|
70
|
-
"pentesting:release:major:dry-run": "npm run pentesting:check && DRY_RUN=true ./scripts/publish-pentesting-package.sh major",
|
|
71
|
-
"public:sync": "./scripts/sync-public-repo.sh",
|
|
72
|
-
"public:sync:push": "AUTO_PUSH=true ./scripts/sync-public-repo.sh",
|
|
73
|
-
"public:pull": "git submodule update --remote --merge public",
|
|
74
|
-
"public:publish": "AUTO_PUSH=true ./scripts/sync-public-repo.sh && git add public && git commit -m 'chore: bump public facade pointer' && git push origin main",
|
|
75
|
-
"public:mirror-release": "./scripts/mirror-public-release.sh",
|
|
76
|
-
"docker:builder:build": "(docker image inspect agnusdei1207/pentesting-build-base:1.95 >/dev/null 2>&1 && docker image inspect agnusdei1207/pentesting-runtime-base:26.04 >/dev/null 2>&1 || npm run docker:base:build) && docker build --build-arg APP_VERSION=$(git describe --tags --abbrev=0 2>/dev/null || echo dev) -t agnusdei1207/pentesting:latest .",
|
|
77
|
-
"docker:builder:push": "if [ -n \"$DOCKER_PASSWORD\" ]; then echo \"$DOCKER_PASSWORD\" | docker login -u \"${DOCKER_USERNAME:-agnusdei1207}\" --password-stdin; fi && npm run docker:builder:build && docker push agnusdei1207/pentesting:latest",
|
|
78
|
-
"docker:builder:tag": "docker tag agnusdei1207/pentesting:latest agnusdei1207/pentesting:$(git describe --tags --abbrev=0) && docker push agnusdei1207/pentesting:$(git describe --tags --abbrev=0)",
|
|
79
|
-
"docker:base:build": "docker build -t agnusdei1207/pentesting-build-base:1.95 -f docker/build-base.Dockerfile . && docker build -t agnusdei1207/pentesting-runtime-base:26.04 -f docker/runtime-base.Dockerfile .",
|
|
80
|
-
"docker:base:push": "if [ -n \"$DOCKER_PASSWORD\" ]; then echo \"$DOCKER_PASSWORD\" | docker login -u \"${DOCKER_USERNAME:-agnusdei1207}\" --password-stdin; fi && npm run docker:base:build && docker push agnusdei1207/pentesting-build-base:1.95 && docker push agnusdei1207/pentesting-runtime-base:26.04",
|
|
81
|
-
"docker:clean": "docker stop $(docker ps -q) 2>/dev/null || true && docker system prune -af",
|
|
82
|
-
"release": "./scripts/release-all.sh patch",
|
|
83
|
-
"release:dry": "DRY_RUN=true ./scripts/release-all.sh patch",
|
|
84
|
-
"release:local": "./scripts/run-release-in-docker.sh ./scripts/build-release-local.sh",
|
|
85
|
-
"release:local:dry": "DRY_RUN=true ./scripts/run-release-in-docker.sh ./scripts/build-release-local.sh",
|
|
86
|
-
"release:backfill": "./scripts/run-release-in-docker.sh ./scripts/backfill-release-local.sh",
|
|
87
|
-
"release:backfill:dry": "DRY_RUN=true ./scripts/run-release-in-docker.sh ./scripts/backfill-release-local.sh"
|
|
52
|
+
"check": "sh -c 'npm run docker:build && docker run -it --rm -v builder-workspace:/workspace -e ANTHROPIC_BASE_URL -e ANTHROPIC_AUTH_TOKEN -e ANTHROPIC_MODEL -e ANTHROPIC_API_KEY -e MINIMAX_API_KEY -e OPENAI_API_KEY -e OPENAI_BASE_URL -e GEMINI_API_KEY -e DEEPSEEK_API_KEY agnusdei1207/pentesting:latest'",
|
|
53
|
+
"docker:build": "(docker image inspect agnusdei1207/pentesting-build-base:1.96 >/dev/null 2>&1 && docker image inspect agnusdei1207/pentesting-runtime-base:26.04 >/dev/null 2>&1 || npm run docker:base:build) && docker build --build-arg APP_VERSION=$(git describe --tags --abbrev=0 2>/dev/null || echo dev) -t agnusdei1207/pentesting:latest .",
|
|
54
|
+
"docker:base:build": "docker build -t agnusdei1207/pentesting-build-base:1.96 -f docker/build-base.Dockerfile . && docker build -t agnusdei1207/pentesting-runtime-base:26.04 -f docker/runtime-base.Dockerfile .",
|
|
55
|
+
"release:patch": "./scripts/release-all.sh patch",
|
|
56
|
+
"release:minor": "./scripts/release-all.sh minor",
|
|
57
|
+
"release:major": "./scripts/release-all.sh major"
|
|
88
58
|
},
|
|
89
59
|
"devDependencies": {
|
|
90
60
|
"@ai-sdk/google-vertex": "^4.0.47",
|
package/scripts/postinstall.mjs
CHANGED
|
File without changes
|