wormclaude 1.0.197 → 1.0.199
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/theme.js +1 -1
- package/dist/tools.js +1 -1
- package/dist/tui.js +6 -6
- package/package.json +1 -1
package/dist/theme.js
CHANGED
package/dist/tools.js
CHANGED
|
@@ -230,7 +230,7 @@ export const toolSchemas = [
|
|
|
230
230
|
parameters: {
|
|
231
231
|
type: 'object',
|
|
232
232
|
properties: {
|
|
233
|
-
tool: { type: 'string', enum: ['auto', 'full', 'recon', 'scan', 'xss', 'sqli', 'dirscan', 'idor', 'portscan', 'osint', 'cloudscan', 'spray', 'defaultcreds'], description: 'auto → OTONOM çoklu-yüzey pentest (web full + network portscan + OSINT + cloud bucket, hepsi tek raporda
|
|
233
|
+
tool: { type: 'string', enum: ['auto', 'full', 'recon', 'scan', 'xss', 'sqli', 'dirscan', 'idor', 'portscan', 'osint', 'cloudscan', 'spray', 'defaultcreds'], description: 'auto → OTONOM çoklu-yüzey pentest (web full + network portscan + OSINT + cloud bucket, hepsi tek raporda). KULLANICI "profesyonel/kapsamlı/eksiksiz/detaylı/tam tara", "pentest yap", "tam denetle", "her şeyi tara", "sızma testi" DEDİĞİNDE BUNU KULLAN (sadece full DEĞİL) — domain/host. full → SADECE web taraması (kullanıcı özellikle "sadece web" derse); recon/scan/dirscan/portscan/osint/cloudscan → domain/host/şirket; xss/sqli/idor → parameterized URL. portscan = TCP port/servis. osint = DNS + e-posta güvenliği (SPF/DMARC). cloudscan = açık bulut bucket keşfi (S3/GCP/Azure). spray = login formuna parola-spray (target = login URL, username param ile; "parola dene"/"spray"/"brute" denince, trust 3+). defaultcreds = login\'e varsayılan kimlikler (admin/admin vb.) dene (target = login URL, trust 3+)' },
|
|
234
234
|
target: { type: 'string', description: 'Domain for recon/scan/dirscan (example.com) OR parameterized URL for xss/sqli (https://example.com/p?id=1)' },
|
|
235
235
|
cookie: { type: 'string', description: 'Optional. Session cookie for AUTHENTICATED / behind-login scanning, e.g. "sessionid=abc123; csrftoken=xyz". The user copies it from their logged-in browser (DevTools → Application → Cookies, or the Cookie request header). Sent only to the target from the user IP — never stored on the server. Provide it whenever the user wants to scan pages behind a login.' },
|
|
236
236
|
auth_header: { type: 'string', description: 'Optional. Authorization header value for token-based authenticated scanning, e.g. "Bearer eyJhbGci..." or "Basic dXNlcjpwYXNz". Use instead of / together with cookie when the site authenticates via a token header.' },
|
package/dist/tui.js
CHANGED
|
@@ -534,16 +534,16 @@ export async function runTui() {
|
|
|
534
534
|
for (let i = 0; i < toolCalls.length; i++) {
|
|
535
535
|
let _content = capToolOut(toolCalls[i].name, results[i].output || '');
|
|
536
536
|
if (!results[i].ok && !_willStop) {
|
|
537
|
-
|
|
538
|
-
|
|
539
|
-
|
|
537
|
+
// Direktif İNGİLİZCE (model-yönlü) — Türkçe direktif instruction-following'i bozar
|
|
538
|
+
// (prompt-language-english kuralı). Model yine sohbet diliyle (TR) cevaplar.
|
|
539
|
+
_content += '\n\n[REFLECT] This call failed. Before continuing, think briefly: (1) WHY did it fail? (2) Do NOT repeat the same call verbatim — fix the arguments or try a DIFFERENT approach/tool. (3) If it cannot be solved, tell the user plainly in their language. Never give up silently or loop.';
|
|
540
540
|
}
|
|
541
541
|
history.push({ role: 'tool', tool_call_id: toolCalls[i].id, content: _content });
|
|
542
542
|
}
|
|
543
543
|
if (_willStop) {
|
|
544
|
-
|
|
545
|
-
|
|
546
|
-
|
|
544
|
+
// Model-yönlü direktif İNGİLİZCE (Türkçe direktif instruction-following'i bozar);
|
|
545
|
+
// model yine kullanıcının diliyle özetler. (Kullanıcı-yönlü not aşağıda TR kalır.)
|
|
546
|
+
history.push({ role: 'user', content: 'Several commands failed — required tools/syntax are not available here (e.g. grep/openssl/hydra on Windows). STOP running commands now and give a SHORT summary of what you found so far, in the user\'s language. Do NOT call more tools, do NOT use grep/sed/awk.' });
|
|
547
547
|
printItem({ kind: 'note', text: getLang() === 'en' ? 'Commands kept failing — wrapping up.' : 'Komutlar başarısız oldu — özetle bitiriliyor.' });
|
|
548
548
|
consecFail = 0;
|
|
549
549
|
totalFails = 0;
|