wormclaude 1.0.174 → 1.0.176

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/ansi.js CHANGED
@@ -239,7 +239,21 @@ export function itemAnsi(it, cols) {
239
239
  const head = paint(' ┌ ', theme.greyDim) + paint((t('tui.createFile') || 'Oluşturulacak dosya') + ': ', theme.redBright, true) + paint(`${it.file} (${lines.length} ${word})`, theme.white);
240
240
  // Onaylamadan ÖNCE tüm kodu göster (Claude gibi) — fazlası scrollback'e gider. 300 satır güvenlik sınırı.
241
241
  const PREV = 300;
242
- const body = lines.slice(0, PREV).map((ln, i) => paint(`${String(i + 1).padStart(3, ' ')} `, theme.greyDim) + paint(ln.replace(/\t/g, ' ').slice(0, Math.max(8, W - 10)), theme.grey));
242
+ const codeW = Math.max(8, W - 10); // gutter "NNN " 8 sütun
243
+ const shown = lines.slice(0, PREV).map((ln) => ln.replace(/\t/g, ' '));
244
+ const _lang = ((it.file || '').split('.').pop() || '').toLowerCase();
245
+ let body;
246
+ if (isHighlightable(_lang)) {
247
+ // Sözdizimi-vurgulu önizleme (sohbetteki kod blokları gibi) — satır no + renkli token'lar.
248
+ body = highlight(shown.join('\n'), _lang).map((toks, i) => {
249
+ const gutter = paint(` │ ${String(i + 1).padStart(3, ' ')} `, theme.greyDim);
250
+ const seg = toks.length ? wrapTokens(toks, codeW)[0] : ' ';
251
+ return gutter + (seg || ' ');
252
+ });
253
+ }
254
+ else {
255
+ body = shown.map((ln, i) => paint(` │ ${String(i + 1).padStart(3, ' ')} `, theme.greyDim) + paint(ln.slice(0, codeW), theme.grey));
256
+ }
243
257
  const more = lines.length > PREV ? '\n' + paint(` │ … +${lines.length - PREV} ${word} (çok büyük dosya)`, theme.greyDim) : '';
244
258
  return '\n' + head + (body.length ? '\n' + body.join('\n') : '') + more;
245
259
  }
package/dist/theme.js CHANGED
@@ -16,4 +16,4 @@ export const theme = {
16
16
  synType: '#a78bfa', // tip/sınıf adları, sabitler
17
17
  synProp: '#e0e0e0', // özellik/anahtar adları
18
18
  };
19
- export const VERSION = '1.0.174';
19
+ export const VERSION = '1.0.176';
package/dist/tools.js CHANGED
@@ -226,11 +226,11 @@ export const toolSchemas = [
226
226
  type: 'function',
227
227
  function: {
228
228
  name: 'SecurityScan',
229
- description: "Run an AUTHORIZED security scan with WormClaude's own server-side engine (no external tools, no manual payloads). Use THIS — never shell/curl/Invoke-WebRequest — whenever the user asks to scan/test a target for vulnerabilities (\"tara\", \"scan\", \"xss tara\", \"sqli\", \"recon\", \"açık bul\", \"zafiyet tara\"). The engine runs payloads + detection server-side and returns findings. For xss/sqli give a PARAMETERIZED url (e.g. https://site/page?id=1); for recon/scan give a domain. Requires authorized-researcher level (3+); traffic exits the user's IP — only authorized targets.",
229
+ description: "Run an AUTHORIZED security scan with WormClaude's own server-side engine (no external tools, no manual payloads). Use THIS — never shell/curl/Invoke-WebRequest — whenever the user asks to scan/test a target (\"tara\", \"scan\", \"xss tara\", \"sqli\", \"recon\", \"açık bul\", \"zafiyet tara\", \"tam kapsamlı tara\"). For a FULL/comprehensive scan use tool='full' ONCE — it deterministically runs recon+XSS+SQLi in code and returns ONE consolidated report (do NOT chain recon/xss/sqli yourself, that loops). For a single check use recon/xss/sqli. For xss/sqli give a PARAMETERIZED url; for recon/full give a domain. Requires authorized-researcher level (3+); traffic exits the user's IP — only authorized targets.",
230
230
  parameters: {
231
231
  type: 'object',
232
232
  properties: {
233
- tool: { type: 'string', enum: ['recon', 'scan', 'xss', 'sqli', 'dirscan'], description: 'recon/scan/dirscan → domain; xss/sqli → parameterized URL' },
233
+ tool: { type: 'string', enum: ['full', 'recon', 'scan', 'xss', 'sqli', 'dirscan'], description: 'full → tam kapsamlı (recon+xss+sqli tek seferde, kapsamlı tarama için BUNU kullan); recon/scan/dirscan → domain; xss/sqli → parameterized URL' },
234
234
  target: { type: 'string', description: 'Domain for recon/scan/dirscan (example.com) OR parameterized URL for xss/sqli (https://example.com/p?id=1)' },
235
235
  },
236
236
  required: ['tool', 'target'],
@@ -732,11 +732,55 @@ async function execOne(call, hooks) {
732
732
  if (call.name === 'SecurityScan') {
733
733
  let tool = String(args?.tool || '').toLowerCase().trim();
734
734
  const target = String(args?.target || '').trim();
735
- if (!['recon', 'scan', 'xss', 'sqli', 'dirscan'].includes(tool) || !target) {
736
- return { ok: false, output: 'SecurityScan: tool (recon|scan|xss|sqli|dirscan) ve target gerekli.', args };
735
+ if (!['recon', 'scan', 'xss', 'sqli', 'dirscan', 'full', 'fullscan'].includes(tool) || !target) {
736
+ return { ok: false, output: 'SecurityScan: tool (recon|scan|xss|sqli|dirscan|full) ve target gerekli.', args };
737
737
  }
738
738
  if (tool === 'scan')
739
739
  tool = 'recon'; // "scan" genel tarama → motorun bildiği "recon" (slash ile aynı)
740
+ // FULL: tam kapsamlı tarama TEK ÇAĞRIDA — model orkestrasyona girmesin (döngü olur). Kod
741
+ // deterministik olarak recon → xss → sqli koşar, TEK konsolide rapor döner.
742
+ if (tool === 'full' || tool === 'fullscan') {
743
+ const _fk = 'full|' + target.toLowerCase();
744
+ const _fc = _scanCache.get(_fk);
745
+ if (_fc && Date.now() - _fc.t < 120000) {
746
+ return { ok: false, args, output: `[ALREADY-SCANNED] tam tarama "${target}" zaten koşuldu — bulgular yukarıda. TEKRAR SecurityScan çağırma; sonuçları METİN olarak özetle.` };
747
+ }
748
+ try {
749
+ const { runPentest } = await import('./pentest.js');
750
+ const all = [];
751
+ let rpt = `Tam kapsamlı tarama — ${target}\n`;
752
+ for (const _t of ['recon', 'xss', 'sqli']) {
753
+ try {
754
+ const o = await runPentest(cfg(), _t, target, true, () => { });
755
+ if (o?.ok) {
756
+ const ff = o.report?.findings || [];
757
+ all.push(...ff.map((x) => ({ ...x, scan: _t })));
758
+ rpt += `\n[${_t}] ${ff.length ? ff.length + ' bulgu' : 'temiz'}` + (o.report?.target ? ` (${o.report.target})` : '');
759
+ }
760
+ else {
761
+ const rsn = o?.reason || o?.plan?.reason || 'error';
762
+ rpt += `\n[${_t}] çalışmadı: ${rsn}`;
763
+ if (rsn === 'trust_required') {
764
+ rpt += ' — Doğrulanmış Araştırmacı (seviye 3+) gerekir.';
765
+ break;
766
+ }
767
+ }
768
+ }
769
+ catch (e) {
770
+ rpt += `\n[${_t}] hata: ${e?.message || e}`;
771
+ }
772
+ }
773
+ rpt += `\n\nToplam ${all.length} bulgu.`;
774
+ if (all.length)
775
+ rpt += '\n' + all.slice(0, 60).map((x) => ' ' + JSON.stringify(x)).join('\n');
776
+ rpt += `\n[full-done] recon+xss+sqli koşuldu. SecurityScan'i TEKRAR çağırma — bulguları kullanıcıya METİN olarak raporla (özet + öncelikli düzeltmeler).`;
777
+ _scanCache.set(_fk, { out: rpt, t: Date.now() });
778
+ return { ok: true, output: rpt, args };
779
+ }
780
+ catch (e) {
781
+ return { ok: false, output: 'Tam tarama hatası: ' + (e?.message || e), args };
782
+ }
783
+ }
740
784
  // DÖNGÜ-KIRICI: aynı tarama 2 dk içinde tekrar → yeniden koşma, önceki sonuç + "yeniden tarama" notu.
741
785
  const _ck = tool + '|' + target.toLowerCase();
742
786
  const _cached = _scanCache.get(_ck);
@@ -760,11 +804,9 @@ async function execOne(call, hooks) {
760
804
  txt += 'Zafiyet bulunamadı (hedef temiz ya da yanıt vermedi).';
761
805
  else
762
806
  txt += `${rep.found_count} bulgu:\n` + f.slice(0, 50).map((x) => ' ' + JSON.stringify(x)).join('\n');
763
- // HYBRID: bu gömülü ilk-geçiştir. Derin tarama = DETERMİNİSTİK /fullscan (model doğaçlamasın).
764
- txt += `\n\n[hybrid-note] This was WormClaude's fast first-pass scan. For a COMPREHENSIVE scan, tell`
765
- + ` the user to run the deterministic command "/fullscan ${target}"it chains recon + XSS + SQLi`
766
- + ` in one reliable, repeatable pass. Do NOT hand-orchestrate nmap/sqlmap yourself; recommend`
767
- + ` /fullscan. Pair it with the authorization reminder (only on owned / written-authorized targets).`;
807
+ // Tek-tip tarama bitti. Kapsamlı isteniyorsa model TEK çağrıyla SecurityScan(tool:"full") koşmalı
808
+ // (kod deterministik recon+xss+sqli yapar) kendi recon/xss/sqli zincirlemesin (döngüye girer).
809
+ txt += `\n\n[done] Bu tek tarama (${tool}) bitti sonucu kullanıcıya METİN olarak özetle. SecurityScan'i bu hedefte TEKRAR çağırma.`;
768
810
  _scanCache.set(_ck, { out: txt, t: Date.now() }); // döngü-kırıcı için sakla
769
811
  return { ok: true, output: txt, args };
770
812
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "wormclaude",
3
- "version": "1.0.174",
3
+ "version": "1.0.176",
4
4
  "description": "WormClaude CLI - uncensored security+code assistant (ink TUI, Claude-style)",
5
5
  "type": "module",
6
6
  "bin": {