exaai-agent 2.1.2__py3-none-any.whl → 2.2.1__py3-none-any.whl

{exaai_agent-2.1.2.dist-info → exaai_agent-2.2.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: exaai-agent
-Version: 2.1.2
+Version: 2.2.1
 Summary: ExaAi - Advanced AI Security Agent for Comprehensive Penetration Testing
 License: Apache-2.0
 License-File: LICENSE
@@ -37,6 +37,7 @@ Requires-Dist: rich
 Requires-Dist: tenacity (>=9.0.0,<10.0.0)
 Requires-Dist: textual (>=4.0.0,<5.0.0)
 Requires-Dist: uvicorn
+Requires-Dist: websockets (>=12.0,<13.0)
 Requires-Dist: xmltodict (>=0.13.0,<0.14.0)
 Description-Content-Type: text/markdown
 
@@ -151,8 +152,7 @@ ExaAiAgent is an elite AI-powered cybersecurity agent that acts like a real pene
 # Install ExaAiAgent
 
 # Method 1: Automated Script (Recommended)
-curl -sSL https://raw.githubusercontent.com/hleliofficiel/ExaAiAgent/main/install.sh | bash
-
+pip install exaai-agent 
 # Method 2: pipx
 pipx install exaai-agent
 
@@ -366,6 +366,33 @@ export PERPLEXITY_API_KEY="key"       # For search capabilities
 
 ---
 
+## 🛠️ Troubleshooting
+
+### 🔧 Troubleshooting
+
+#### Problem: "LLM Connection Failed" or Model Not Found
+Modern models (like `gemini-3-pro-preview`) require the latest version of `litellm` to be recognized correctly.
+
+**Solution: Update LiteLLM**
+```bash
+pip install -U litellm
+```
+
+**Linux/Debian Users (Externally Managed Environment):**
+If you encounter permission errors or "externally-managed-environment", you may need to use a virtual environment (`venv`) or force a user install:
+
+```bash
+# Option 1: Virtual Environment (Recommended for Servers)
+python3 -m venv venv
+source venv/bin/activate
+pip install exaai-agent
+
+# Option 2: Force User Install
+pip install -U litellm --user --break-system-packages
+```
+
+---
+
 ## 🤝 Contributing
 
 We welcome contributions! Check out our [Contributing Guide](CONTRIBUTING.md).

{exaai_agent-2.1.2.dist-info → exaai_agent-2.2.1.dist-info}/RECORD

@@ -8,10 +8,12 @@ exaaiagnt/agents/base_agent.py,sha256=WzVJwjBM_gUo-P92zLHKq7C6wclDsVfAAO-bavLx5C
 exaaiagnt/agents/scan_modes.py,sha256=q2sSuTRCh_hOdVfikhHhOrEWl1GRCG9Uh6S6rALhLv0,8580
 exaaiagnt/agents/shared_memory.py,sha256=4Ps_kcUHIRVhpumlaF5ZGXmpoeAFi9JrJgEBK33qB84,10774
 exaaiagnt/agents/state.py,sha256=Tzjdegq3L4IS26XPlK9GQDcwqf6X-KKvih9_4LcXPYw,5881
+exaaiagnt/dashboard/server.py,sha256=jmx6UwBm-Lpso5izf-W0pclqrTDoyBeF89B9l11eemY,3332
+exaaiagnt/dashboard/templates/index.html,sha256=d5_Uwl2bNTm8Ynb_jlOoXftlrZ7F1KptzZBdxyDK3F0,11751
 exaaiagnt/interface/__init__.py,sha256=ww23sFOQhICEIrIo0MtwWv2qHW5qUprvPj8QVjv3SM0,44
 exaaiagnt/interface/assets/tui_styles.tcss,sha256=iwhx72f5bIiSg72168ifyR_Q0TKfL3Bf0lU6cyJw1Bg,12114
-exaaiagnt/interface/cli.py,sha256=nRKMGJXV884CfT6znU7qWPumMhefUVEnHgDZzD-LoPs,9480
-exaaiagnt/interface/main.py,sha256=PO62c4P26qT9v2nLWkfQSC_SWjaCncaxdZUT42U9Lu0,19483
+exaaiagnt/interface/cli.py,sha256=vTkeNELONfXwzQ_XgPhX3UcHVSbOBL_E6USnkRZtM74,9855
+exaaiagnt/interface/main.py,sha256=MK8Y8u43P3Y3hvHpR84NPL49YOA0jRR64DzZocWZn7M,20107
 exaaiagnt/interface/tool_components/__init__.py,sha256=Dz5ci3VMzvhlPOwQ2x9Nd11cmFzx1OP7sdlpZPMTT4k,935
 exaaiagnt/interface/tool_components/agents_graph_renderer.py,sha256=eVFRqmJ-TxyxZ-hssLTweDAio4UvsZZgxo2dKky0N1U,4399
 exaaiagnt/interface/tool_components/base_renderer.py,sha256=P0zYeRnbkr2NYoE8KDQmj1TzrAGX6r7qLMb4Sw7AoTI,1905
@@ -28,12 +30,12 @@ exaaiagnt/interface/tool_components/terminal_renderer.py,sha256=-ORL2vBH5XImUZrI
 exaaiagnt/interface/tool_components/thinking_renderer.py,sha256=-MQLkKCgOJksrustULFf2jhAjJrP5bbfS2BQ6zgNKCc,927
 exaaiagnt/interface/tool_components/user_message_renderer.py,sha256=6gHJ1hG-pwcTsxLM7JuYZuaDu8cZ2MeOuUDF3LGy-4I,1432
 exaaiagnt/interface/tool_components/web_search_renderer.py,sha256=JnJa22ACIcRksfxxdenesUo8Th9cHSxo-fej9YcuYHs,911
-exaaiagnt/interface/tui.py,sha256=bMuIJvrauCStAJkjvRWzDueLDraKnrHWtC5ZjyuDxOc,49970
+exaaiagnt/interface/tui.py,sha256=lPEqiW-_Un8dtP48311ksmqGs4LkGfxnz0r0nEQmfWA,49970
 exaaiagnt/interface/utils.py,sha256=xp6eDOC8C0c3cjt791S_jBDs1B-xp_ydIb74QnMLEt8,20219
 exaaiagnt/llm/__init__.py,sha256=hUVixjSSIUtwIP2I5D_9e6Kdxhhunnajgxx_2DEYNww,1095
 exaaiagnt/llm/config.py,sha256=HQ0skwQxtHwiDLDWBCU1Fp4UoQ8tbrTNQw9s7JGVaiY,3303
 exaaiagnt/llm/fallback.py,sha256=oPS0PGRxEHnyyBgS4yP9zdwSf4JFJh4dYZ3g8OFwWEE,11413
-exaaiagnt/llm/llm.py,sha256=D9VnU73ffz7GhotGqQ5RZDufQ8xPKz8aouU23oW0kPY,18664
+exaaiagnt/llm/llm.py,sha256=pMMRaHCnpD29iJR3ZTotqiONJ5JNI_Bc4Aem1ThZJl8,19858
 exaaiagnt/llm/llm_traffic_controller.py,sha256=DIgJvjrT0MIOStb8g2wTAMoDXp9YLEBlFD5Bwt862K8,12304
 exaaiagnt/llm/memory_compressor.py,sha256=_At7e5QlDv2vrUDUJMEwm4CjNJ2uGYQsOBhiHiQvVr8,7054
 exaaiagnt/llm/output_processor.py,sha256=JC3TtzYj9DJhJRuKzz_VV3WIwAyYhUdZeY1N9c4SzVw,13568
@@ -92,12 +94,12 @@ exaaiagnt/prompts/vulnerabilities/websocket_security.jinja,sha256=8xHptbsCCI1W9P
 exaaiagnt/prompts/vulnerabilities/xss.jinja,sha256=GG1egKjGw9onilu1azEhU2Hfxu9XjQfBA2j4P4KQRzE,8675
 exaaiagnt/prompts/vulnerabilities/xxe.jinja,sha256=yyWl5i74YiFZIhQknMPWXLKL0C5gwL6Ra_YB4xddJsc,7841
 exaaiagnt/runtime/__init__.py,sha256=MnuwXAMjvj2kQKJCOyzW-qQSpiipGzmESVWz436lqkQ,760
-exaaiagnt/runtime/docker_runtime.py,sha256=lb4cipUbCkwPw3_BxKyICFoIW8Su2zFs_sFW-r59Nfk,16185
+exaaiagnt/runtime/docker_runtime.py,sha256=anlBMLwlJ1RFprp8Zs29hN03NHQyOlKDMoY9jzZcZzI,16641
 exaaiagnt/runtime/runtime.py,sha256=PRYByipRG9OhtIphIruGBSe4k-glVnYAXH68mikqt78,730
 exaaiagnt/runtime/tool_manager.py,sha256=3PSUxTmGsFptNlKkZDnzXyyBA_AfbKvqhMPyRi6_fMU,14770
 exaaiagnt/runtime/tool_server.py,sha256=e23TJYL5w32gMqLS9UJ0xw3XZ4lM38ETBvHVHKk3APU,6835
 exaaiagnt/telemetry/__init__.py,sha256=8QLHMvrVNLlGKezWTf3mTSmTOLIvDS5xVciry1KVS1Y,130
-exaaiagnt/telemetry/tracer.py,sha256=DZuQ-xGdPWB2FKEn_rRPxP1RO2_acXQRkHzuhApAI88,12582
+exaaiagnt/telemetry/tracer.py,sha256=W7jWmsy41LZG_rvRCFRxa6Pxt6tAx8i5O3rW2dM6QUA,13299
 exaaiagnt/tools/__init__.py,sha256=1Z4EECFThur9Bn_EkqVHJYx9Z3pM1cdh6qXc3rTcyPA,4000
 exaaiagnt/tools/agents_graph/__init__.py,sha256=FLJ2kGxXICY2pRKrC0sgIc3w3KhZo7VID7hbwYcgBfM,278
 exaaiagnt/tools/agents_graph/agents_graph_actions.py,sha256=ujBj3R3MpOmIVsN4T3nekVhreu60xA2EEg9rYXCdz2c,21103
@@ -108,7 +110,7 @@ exaaiagnt/tools/browser/browser_actions.py,sha256=6p3drOznDLPVnqSo3CnJjq4qXXSvCh
 exaaiagnt/tools/browser/browser_actions_schema.xml,sha256=zZQD8sZWsNnxxnlY3QYDrfKHFu0x6i1vtfSOlIGyiho,9573
 exaaiagnt/tools/browser/browser_instance.py,sha256=vgb-dJP20SLaBOhFExn-uwfjdISBrHJpG7ewfiKQkYU,18605
 exaaiagnt/tools/browser/tab_manager.py,sha256=SMkDFOgEr3ADK2rP5Ko2uK-A24-8p0VsbjoxEj5eU-Y,13011
-exaaiagnt/tools/executor.py,sha256=YWw8Tz3MT3EgK9InLSjamkBWSY7sNcFziBU7Z1BMpMk,10869
+exaaiagnt/tools/executor.py,sha256=nglkwrW_Tt0ZAkn9CQUheoOv6Ac5ZaKoRmwCGWY0uIU,11465
 exaaiagnt/tools/file_edit/__init__.py,sha256=8f6VlEoGP627hGtcdLkr63vdrTmdb8uyPIqB0qVgZd8,141
 exaaiagnt/tools/file_edit/file_edit_actions.py,sha256=w-rEB9MphijtXJUyypttQ4DLU4y9rwHd7Zpl21LTTis,3955
 exaaiagnt/tools/file_edit/file_edit_actions_schema.xml,sha256=tt0_QgSjOtTEy8ordsXUcEiVTePiybgn4aisZJ_qnbc,5477
@@ -116,12 +118,14 @@ exaaiagnt/tools/finish/__init__.py,sha256=QIMaHYusly8YaFR3zjYsy_CFawwgtTZvOU7gsE
 exaaiagnt/tools/finish/finish_actions.py,sha256=ZLyOuYMjdTPHN9_6sQxyHwp3-BVSusk5dM2WHUn3WMI,5714
 exaaiagnt/tools/finish/finish_actions_schema.xml,sha256=CS6Vq3ByyNxv2spRWS4oJcmUzWQRB7jvUAOS8aiWd8o,2294
 exaaiagnt/tools/k8s_scanner/__init__.py,sha256=MIo_Hl4p7Zzea9KSR_wVnxnlyyrB9eS8g3DlZxwSsHk,557
-exaaiagnt/tools/k8s_scanner/k8s_actions.py,sha256=2iK-PchYw9X8XZvx5tmEQwIi6ckA153lolbNpN5sm3g,13365
+exaaiagnt/tools/k8s_scanner/k8s_actions.py,sha256=1Ow7uWTzAgOgQLjpH0M00YIycZ6bMsjXU2FgCrE-1m4,13477
+exaaiagnt/tools/k8s_scanner/k8s_actions_schema.xml,sha256=s-Qnq8FX6zjT6qIRHG81dq9zSToj6BbnntLGQ-vWzhM,1272
 exaaiagnt/tools/notes/__init__.py,sha256=DUpkZUWN21tb9AXCWfJLrKrgLz9YEBVU8KQy1J6cyxU,189
 exaaiagnt/tools/notes/notes_actions.py,sha256=8ewd1kCxZO_ujKP2oXuU03r9p8EZEYgoO7i_6GWw_VA,5775
 exaaiagnt/tools/notes/notes_actions_schema.xml,sha256=nzirWDyzbPRxaG3jdSjmSCjfY-ggDy1kH7oxAuj-osw,6264
 exaaiagnt/tools/prompt_injection/__init__.py,sha256=YjzfqLYKdOuEeV8WgE_b9swnP2uhYtOlPbeRplKOTzc,645
-exaaiagnt/tools/prompt_injection/prompt_injection_actions.py,sha256=xvg_MrRAjx9E1vumIJYK8utf34JjTupF3S4BVDV2cVM,24942
+exaaiagnt/tools/prompt_injection/prompt_injection_actions.py,sha256=yNJv7ESHBMvzFiNZGI8Jc8m0GwG73Z5yIngYEmZTOic,27903
+exaaiagnt/tools/prompt_injection/prompt_injection_actions_schema.xml,sha256=wZHYpaS35tOEuzY8j1-4JkkLgDWvFhJwm7MzlRGpfyg,1381
 exaaiagnt/tools/proxy/__init__.py,sha256=K3BFmT6QWw9heB7l7DnmI-Yj-DOI3BAow6g0GLWsA0c,329
 exaaiagnt/tools/proxy/proxy_actions.py,sha256=HyfI6iUVkRSnzLR_xNRKWhr4roDEAatGyYTq4wij2Js,2549
 exaaiagnt/tools/proxy/proxy_actions_schema.xml,sha256=d87SUKD2J16KQCCFpI5w2y-Ax1NgwOuGO3crr1bFPDw,11567
@@ -129,11 +133,11 @@ exaaiagnt/tools/proxy/proxy_manager.py,sha256=rmy8c_7jcYl9WeeA3O2lcZBnN7hESpTYxo
 exaaiagnt/tools/python/__init__.py,sha256=l5mFWKbtis61S8lOQY-gFn-vIlc13lu1K-pqqRywOCk,72
 exaaiagnt/tools/python/python_actions.py,sha256=ggLFFLW7cQamY1fvgUxzz9beOy_deY1zdouK_K8iF50,1436
 exaaiagnt/tools/python/python_actions_schema.xml,sha256=XcIUjz5uEoI7J3VFcby0O-0ovm9r9cIoADfpqDGJXlU,7122
-exaaiagnt/tools/python/python_instance.py,sha256=kYjyPIQG5QmYoKG4xMcb2wPyMcUO3R3A9vXINpXx6dQ,6030
+exaaiagnt/tools/python/python_instance.py,sha256=pXF8MFVjxNeIUt6h_f2Oe5gjFEYJ-NM5Lqc6A3PUi40,6246
 exaaiagnt/tools/python/python_manager.py,sha256=C_k8C8uQ6ESpAgzhbf3km9jeFyI52SGd2m36mD1ErhM,4235
 exaaiagnt/tools/registry.py,sha256=iBRwtiWLQr3fo1vSAOehWbIlr6cqnNPLB1dluXtsf8s,6029
 exaaiagnt/tools/reporting/__init__.py,sha256=_cYxb3OP0vZtCwO_ExLBjhAn1ECaG-SH1Z4wfGDyT1Y,110
-exaaiagnt/tools/reporting/reporting_actions.py,sha256=aVEwfG5GgJ68bFJOicO_YD2yp5wCimxlnZzpXX3TJcQ,2200
+exaaiagnt/tools/reporting/reporting_actions.py,sha256=CYAXz5ee_eN-zFxBdhJ-QsmtCECulnf9m44y2SrX4kk,3107
 exaaiagnt/tools/reporting/reporting_actions_schema.xml,sha256=y_g0iuyBuCh79fvA0ri8fOPlXY7uUd-P-mdzXLUyIJg,1629
 exaaiagnt/tools/response_analyzer.py,sha256=0B8LZ3pvBImH40t8QqCtLdxwc28Chq-2C8I23zi-XJM,10647
 exaaiagnt/tools/smart_fuzzer.py,sha256=cN9TgJcLz3MzDuBIP8EVtEdoJL67LcrFBc2zo9j53cE,12367
@@ -149,10 +153,10 @@ exaaiagnt/tools/tool_prompts.py,sha256=eQL7B8H8mo6d6mvtN_X9rmSfjwgz9Cuzfg7C7WH6T
 exaaiagnt/tools/vuln_validator.py,sha256=jViG2-3pVBwI3VXe5JsgCFsDBNk9nmT_s2vEe7cZjmA,14025
 exaaiagnt/tools/waf_bypass.py,sha256=71oPWnDHjn2EHi6I1SluZCKfqfXkA5j61oIkL5kNoSw,12047
 exaaiagnt/tools/web_search/__init__.py,sha256=m5PCHXqeNVraLRLNIbh54Z2N4Y_75d-ftqwyq3dbCd0,70
-exaaiagnt/tools/web_search/web_search_actions.py,sha256=jmlN2uIq8lRbhRnyaMQkC-44jhpfkLQZ_byYNlNNlOY,3111
+exaaiagnt/tools/web_search/web_search_actions.py,sha256=k9zjzdqTVsNdh0pFtntIfwO77_ThQIedXSaUhJxPs2U,3295
 exaaiagnt/tools/web_search/web_search_actions_schema.xml,sha256=Ihc3Gv4LaPI_MzBbwZOt3y4pwg9xmtl8KfPNvFihEP4,4805
-exaai_agent-2.1.2.dist-info/METADATA,sha256=OjaCfqExnqZH9WLe1FU-hfJk7sJndMruISsjGZnlMvQ,12762
-exaai_agent-2.1.2.dist-info/WHEEL,sha256=kJCRJT_g0adfAJzTx2GUMmS80rTJIVHRCfG0DQgLq3o,88
-exaai_agent-2.1.2.dist-info/entry_points.txt,sha256=iLSTRDSjN8Zyc2Wo6WXmr4MtyEWkdqtZ1j_Hx73MiUs,137
-exaai_agent-2.1.2.dist-info/licenses/LICENSE,sha256=RV6IGl0sWdfbbtJmjPr1w_qwGyGt2jv02PXsAzN_kNs,11460
-exaai_agent-2.1.2.dist-info/RECORD,,
+exaai_agent-2.2.1.dist-info/METADATA,sha256=_N3L88kQUscOnVK0NuHGAjH0MZXidMNpNiSm9_nWJJ0,13462
+exaai_agent-2.2.1.dist-info/WHEEL,sha256=kJCRJT_g0adfAJzTx2GUMmS80rTJIVHRCfG0DQgLq3o,88
+exaai_agent-2.2.1.dist-info/entry_points.txt,sha256=iLSTRDSjN8Zyc2Wo6WXmr4MtyEWkdqtZ1j_Hx73MiUs,137
+exaai_agent-2.2.1.dist-info/licenses/LICENSE,sha256=RV6IGl0sWdfbbtJmjPr1w_qwGyGt2jv02PXsAzN_kNs,11460
+exaai_agent-2.2.1.dist-info/RECORD,,

exaaiagnt/dashboard/server.py

@@ -0,0 +1,99 @@
+from fastapi import FastAPI, WebSocket, WebSocketDisconnect
+from fastapi.staticfiles import StaticFiles
+from fastapi.responses import HTMLResponse
+import uvicorn
+import json
+import asyncio
+import logging
+from typing import List, Dict, Any
+import os
+
+from exaaiagnt.telemetry.tracer import get_global_tracer
+
+app = FastAPI(title="ExaAi Live Dashboard")
+
+# Serve static files
+static_dir = os.path.join(os.path.dirname(__file__), "static")
+app.mount("/static", StaticFiles(directory=static_dir), name="static")
+
+class ConnectionManager:
+    def __init__(self):
+        self.active_connections: List[WebSocket] = []
+
+    async def connect(self, websocket: WebSocket):
+        await websocket.accept()
+        self.active_connections.append(websocket)
+
+    def disconnect(self, websocket: WebSocket):
+        self.active_connections.remove(websocket)
+
+    async def broadcast(self, message: str):
+        for connection in self.active_connections:
+            try:
+                await connection.send_text(message)
+            except Exception:
+                pass
+
+manager = ConnectionManager()
+
+@app.get("/")
+async def get_dashboard():
+    html_path = os.path.join(os.path.dirname(__file__), "templates", "index.html")
+    with open(html_path, "r") as f:
+        return HTMLResponse(content=f.read())
+
+@app.get("/api/stats")
+async def get_stats():
+    tracer = get_global_tracer()
+    if not tracer:
+        return {"status": "Waiting for agent..."}
+    
+    return {
+        "agents_count": len(tracer.agents),
+        "vulnerabilities": len(tracer.vulnerability_reports),
+        "tool_calls": len(tracer.tool_executions),
+        "start_time": tracer.start_time,
+        "run_name": tracer.run_name
+    }
+
+@app.get("/api/vulnerabilities")
+async def get_vulns():
+    tracer = get_global_tracer()
+    if not tracer:
+        return []
+    return tracer.vulnerability_reports
+
+@app.websocket("/ws")
+async def websocket_endpoint(websocket: WebSocket):
+    await manager.connect(websocket)
+    try:
+        while True:
+            # Send updates every second
+            tracer = get_global_tracer()
+            if tracer:
+                data = {
+                    "agents": tracer.agents,
+                    "stats": {
+                        "active": sum(1 for a in tracer.agents.values() if a.get("status") == "running"),
+                        "completed": sum(1 for a in tracer.agents.values() if a.get("status") == "completed"),
+                        "failed": sum(1 for a in tracer.agents.values() if a.get("status") == "failed"),
+                    },
+                    "recent_logs": tracer.chat_messages[-10:] if tracer.chat_messages else []
+                }
+                await websocket.send_json(data)
+            await asyncio.sleep(1)
+    except WebSocketDisconnect:
+        manager.disconnect(websocket)
+    except Exception as e:
+        logging.error(f"WebSocket error: {e}")
+        manager.disconnect(websocket)
+
+def start_dashboard(host="0.0.0.0", port=8000):
+    """Start the dashboard server in a background thread or process."""
+    config = uvicorn.Config(app, host=host, port=port, log_level="error")
+    server = uvicorn.Server(config)
+    # We'll run this in a thread from the main agent
+    import threading
+    t = threading.Thread(target=server.run, daemon=True)
+    t.start()
+    return t

exaaiagnt/dashboard/templates/index.html

@@ -0,0 +1,232 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>ExaAi Mission Control</title>
+    <script src="https://cdn.tailwindcss.com"></script>
+    <script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
+    <style>
+        body { background-color: #0f172a; color: #e2e8f0; font-family: 'Courier New', Courier, monospace; }
+        .neon-text { text-shadow: 0 0 5px #3b82f6, 0 0 10px #3b82f6; }
+        .neon-border { box-shadow: 0 0 5px #3b82f6; border-color: #3b82f6; }
+        .agent-card { transition: all 0.3s ease; }
+        .agent-card:hover { transform: translateY(-2px); box-shadow: 0 4px 6px -1px rgba(0, 0, 0, 0.1), 0 2px 4px -1px rgba(0, 0, 0, 0.06); }
+        .vuln-critical { border-left: 4px solid #ef4444; background: rgba(239, 68, 68, 0.1); }
+        .vuln-high { border-left: 4px solid #f97316; background: rgba(249, 115, 22, 0.1); }
+        .vuln-medium { border-left: 4px solid #eab308; background: rgba(234, 179, 8, 0.1); }
+        ::-webkit-scrollbar { width: 8px; }
+        ::-webkit-scrollbar-track { background: #1e293b; }
+        ::-webkit-scrollbar-thumb { background: #475569; border-radius: 4px; }
+        ::-webkit-scrollbar-thumb:hover { background: #64748b; }
+    </style>
+</head>
+<body class="h-screen flex flex-col overflow-hidden">
+    <!-- Header -->
+    <header class="bg-slate-900 border-b border-slate-700 p-4 flex justify-between items-center shadow-lg z-10">
+        <div class="flex items-center gap-3">
+            <div class="w-3 h-3 rounded-full bg-green-500 animate-pulse"></div>
+            <h1 class="text-2xl font-bold tracking-wider text-blue-400 neon-text">EXAAI <span class="text-white">MISSION CONTROL</span></h1>
+        </div>
+        <div class="flex gap-6 text-sm">
+            <div class="flex flex-col items-end">
+                <span class="text-slate-400">STATUS</span>
+                <span class="text-green-400 font-bold">ONLINE</span>
+            </div>
+            <div class="flex flex-col items-end">
+                <span class="text-slate-400">AGENTS</span>
+                <span id="total-agents" class="text-blue-400 font-bold">0</span>
+            </div>
+            <div class="flex flex-col items-end">
+                <span class="text-slate-400">VULNERABILITIES</span>
+                <span id="total-vulns" class="text-red-500 font-bold neon-text">0</span>
+            </div>
+        </div>
+    </header>
+
+    <!-- Main Content -->
+    <main class="flex-1 flex overflow-hidden">
+        <!-- Sidebar: Agent Tree -->
+        <aside class="w-1/4 bg-slate-900 border-r border-slate-700 flex flex-col">
+            <div class="p-3 border-b border-slate-700 bg-slate-800">
+                <h2 class="font-bold text-slate-300 flex items-center gap-2">
+                    <svg class="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M19 11H5m14 0a2 2 0 012 2v6a2 2 0 01-2 2H5a2 2 0 01-2-2v-6a2 2 0 012-2m14 0V9a2 2 0 00-2-2M5 11V9a2 2 0 012-2m0 0V5a2 2 0 012-2h6a2 2 0 012 2v2M7 7h10"></path></svg>
+                    Active Operations
+                </h2>
+            </div>
+            <div id="agent-list" class="flex-1 overflow-y-auto p-3 space-y-2">
+                <!-- Agents injected here -->
+            </div>
+        </aside>
+
+        <!-- Center: Live Feed & Stats -->
+        <section class="flex-1 flex flex-col bg-slate-900/50 relative">
+            <!-- Matrix Rain Background Effect (Optional/Subtle) -->
+            <div class="absolute inset-0 pointer-events-none opacity-5 bg-[url('data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI0IiBoZWlnaHQ9IjQiPgo8cmVjdCB3aWR0aD0iNCIgaGVpZ2h0PSI0IiBmaWxsPSIjMWUyOTNiIi8+CjxyZWN0IHdpZHRoPSIxIiBoZWlnaHQ9IjEiIGZpbGw9IiMzMzQxNTUiLz4KPC9zdmc+')]"></div>
+
+            <div class="h-1/2 border-b border-slate-700 flex">
+                <!-- Live Terminal Log -->
+                <div class="w-2/3 border-r border-slate-700 flex flex-col">
+                    <div class="p-2 bg-slate-800 border-b border-slate-700 flex justify-between">
+                        <span class="text-xs font-mono text-slate-400">>_ SYSTEM LOGS</span>
+                        <span class="text-xs text-green-500">● LIVE</span>
+                    </div>
+                    <div id="console-logs" class="flex-1 overflow-y-auto p-4 font-mono text-xs text-slate-300 space-y-1 bg-black/40">
+                        <!-- Logs injected here -->
+                    </div>
+                </div>
+                
+                <!-- Quick Stats Chart -->
+                <div class="w-1/3 p-4 bg-slate-800/30 flex flex-col items-center justify-center">
+                    <canvas id="statusChart"></canvas>
+                </div>
+            </div>
+
+            <!-- Vulnerabilities Panel -->
+            <div class="h-1/2 flex flex-col bg-slate-900">
+                <div class="p-3 border-b border-slate-700 bg-slate-800 flex justify-between items-center">
+                    <h2 class="font-bold text-red-400 flex items-center gap-2">
+                        <svg class="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"></path></svg>
+                        Detected Vulnerabilities
+                    </h2>
+                    <span class="text-xs text-slate-500">Auto-refreshing...</span>
+                </div>
+                <div id="vuln-list" class="flex-1 overflow-y-auto p-4 grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
+                    <!-- Vulns injected here -->
+                </div>
+            </div>
+        </section>
+    </main>
+
+    <script>
+        const wsProtocol = window.location.protocol === 'https:' ? 'wss:' : 'ws:';
+        const socket = new WebSocket(`${wsProtocol}//${window.location.host}/ws`);
+        
+        // Chart setup
+        const ctx = document.getElementById('statusChart').getContext('2d');
+        const statusChart = new Chart(ctx, {
+            type: 'doughnut',
+            data: {
+                labels: ['Active', 'Completed', 'Failed'],
+                datasets: [{
+                    data: [0, 0, 0],
+                    backgroundColor: ['#3b82f6', '#22c55e', '#ef4444'],
+                    borderWidth: 0
+                }]
+            },
+            options: {
+                responsive: true,
+                plugins: {
+                    legend: { position: 'bottom', labels: { color: '#94a3b8' } }
+                },
+                cutout: '70%'
+            }
+        });
+
+        socket.onmessage = function(event) {
+            const data = JSON.parse(event.data);
+            updateDashboard(data);
+        };
+
+        function updateDashboard(data) {
+            // Update Headers
+            document.getElementById('total-agents').textContent = Object.keys(data.agents).length;
+            
+            // Update Agent List
+            const agentList = document.getElementById('agent-list');
+            agentList.innerHTML = '';
+            
+            Object.values(data.agents).forEach(agent => {
+                const div = document.createElement('div');
+                div.className = `agent-card p-3 rounded bg-slate-800 border border-slate-700 ${agent.status === 'running' ? 'border-l-4 border-l-blue-500' : ''}`;
+                div.innerHTML = `
+                    <div class="flex justify-between items-start mb-1">
+                        <span class="font-bold text-xs text-slate-200 truncate" title="${agent.name}">${agent.name}</span>
+                        <span class="text-[10px] px-1.5 py-0.5 rounded ${getStatusColor(agent.status)}">${agent.status}</span>
+                    </div>
+                    <div class="text-[10px] text-slate-500 truncate">${agent.id.substring(0, 8)}...</div>
+                    <div class="text-[11px] text-slate-400 mt-1 line-clamp-2">${agent.task || 'No task description'}</div>
+                `;
+                agentList.appendChild(div);
+            });
+
+            // Update Logs
+            const logContainer = document.getElementById('console-logs');
+            logContainer.innerHTML = '';
+            data.recent_logs.forEach(log => {
+                const div = document.createElement('div');
+                const time = new Date(log.timestamp * 1000).toLocaleTimeString();
+                const color = log.role === 'assistant' ? 'text-blue-400' : 'text-slate-400';
+                div.innerHTML = `<span class="text-slate-600">[${time}]</span> <span class="${color}">${log.role.toUpperCase()}:</span> <span class="text-slate-300">${escapeHtml(log.content.substring(0, 150))}...</span>`;
+                logContainer.appendChild(div);
+            });
+
+            // Update Chart
+            statusChart.data.datasets[0].data = [
+                data.stats.active,
+                data.stats.completed,
+                data.stats.failed
+            ];
+            statusChart.update();
+
+            // Update Vulns (Fetching separately or from WS if included)
+            fetchVulns();
+        }
+
+        async function fetchVulns() {
+            try {
+                const response = await fetch('/api/vulnerabilities');
+                const vulns = await response.json();
+                document.getElementById('total-vulns').textContent = vulns.length;
+                
+                const container = document.getElementById('vuln-list');
+                container.innerHTML = '';
+                
+                if (vulns.length === 0) {
+                    container.innerHTML = '<div class="col-span-full text-center text-slate-500 py-10">No vulnerabilities detected... yet.</div>';
+                    return;
+                }
+
+                vulns.forEach(v => {
+                    const div = document.createElement('div');
+                    const severityClass = `vuln-${v.severity.toLowerCase()}`;
+                    div.className = `p-4 rounded bg-slate-800 border border-slate-700 ${severityClass}`;
+                    div.innerHTML = `
+                        <div class="flex justify-between items-center mb-2">
+                            <h3 class="font-bold text-sm text-white">${v.title}</h3>
+                            <span class="text-[10px] font-bold uppercase tracking-wider px-2 py-1 bg-black/30 rounded text-white">${v.severity}</span>
+                        </div>
+                        <p class="text-xs text-slate-400 line-clamp-3 mb-2">${v.content}</p>
+                        <div class="text-[10px] text-slate-500">ID: ${v.report_id}</div>
+                    `;
+                    container.appendChild(div);
+                });
+            } catch (e) {
+                console.error("Failed to fetch vulns", e);
+            }
+        }
+
+        function getStatusColor(status) {
+            switch(status) {
+                case 'running': return 'bg-blue-900 text-blue-300';
+                case 'completed': return 'bg-green-900 text-green-300';
+                case 'failed': return 'bg-red-900 text-red-300';
+                default: return 'bg-slate-700 text-slate-300';
+            }
+        }
+
+        function escapeHtml(text) {
+            if (!text) return "";
+            return text
+                .replace(/&/g, "&amp;")
+                .replace(/</g, "&lt;")
+                .replace(/>/g, "&gt;")
+                .replace(/"/g, "&quot;")
+                .replace(/'/g, "&#039;");
+        }
+
+        // Initial load
+        fetchVulns();
+    </script>
+</body>
+</html>

exaaiagnt/interface/cli.py

@@ -30,7 +30,18 @@ BANNER = r"""
 """
 
 
+from exaaiagnt.dashboard.server import start_dashboard
+
 async def run_cli(args: Any) -> None:  # noqa: PLR0915
+    # Start the live dashboard
+    try:
+        start_dashboard()
+        console_temp = Console()
+        console_temp.print("[bold green]🚀 Live Dashboard available at: http://localhost:8000[/]")
+    except Exception as e:
+        import logging
+        logging.error(f"Failed to start dashboard: {e}")
+
     # Detect if running in a real terminal or headless (pipe/background)
     is_tty = sys.stdout.isatty()
     console = Console(force_terminal=is_tty, no_color=not is_tty)

exaaiagnt/interface/main.py

@@ -224,7 +224,17 @@ async def warm_up_llm() -> None:
         error_text.append("\n\n", style="white")
         error_text.append("Could not establish connection to the language model.\n", style="white")
         error_text.append("Please check your configuration and try again.\n", style="white")
-        error_text.append(f"\nError: {e}", style="dim white")
+        
+        # Enhanced error diagnosis
+        error_str = str(e)
+        if "AuthenticationError" in error_str:
+             error_text.append("🔍 Hint: Your API key seems invalid or expired.\n", style="bold yellow")
+        elif "NotFoundError" in error_str:
+             error_text.append(f"🔍 Hint: The model '{model_name}' was not found. Check if the model name is correct.\n", style="bold yellow")
+        elif "ConnectionError" in error_str:
+             error_text.append("🔍 Hint: Network connection failed. Check your internet or proxy settings.\n", style="bold yellow")
+             
+        error_text.append(f"\nError Details: {e}", style="dim white")
 
         panel = Panel(
             error_text,
@@ -242,7 +252,7 @@ async def warm_up_llm() -> None:
 
 def get_version() -> str:
     """Get the current ExaAi version."""
-    return "2.1.2"
+    return "2.2.1"
 
 
 def parse_arguments() -> argparse.Namespace:

exaaiagnt/interface/tui.py

@@ -45,7 +45,7 @@ def get_package_version() -> str:
         return pkg_version("exaai-agent")
     except PackageNotFoundError:
         # Fallback version if package not installed
-        return "2.1.2"
+        return "2.2.1"
 
 
 class ChatTextArea(TextArea):  # type: ignore[misc]
@@ -80,7 +80,7 @@ class SplashScreen(Static):  # type: ignore[misc]
     NEON_ORANGE = "#ff8800"
     SOFT_WHITE = "#e0e0e0"
     
-    # Enhanced ASCII Logo - ExaAi v2.1.2
+    # Enhanced ASCII Logo - ExaAi v2.2.1
     BANNER = r"""
     ███████╗██╗  ██╗ █████╗      █████╗ ██╗
     ██╔════╝╚██╗██╔╝██╔══██╗    ██╔══██╗██║

exaaiagnt/llm/llm.py

@@ -424,19 +424,54 @@ class LLM:
             else:
                 completion_args["reasoning_effort"] = "high"
 
-        # Use Adaptive Traffic Controller for intelligent rate limiting
+        # Use Adaptive Traffic Controller for intelligent rate limiting with retries
         controller = get_traffic_controller()
         agent_id = self.agent_id or "unknown_agent"
         
         async def do_request():
-            from litellm import completion
-            return completion(**completion_args, stream=False)
-        
-        response = await controller.queue_request(
-            do_request,
-            agent_id=agent_id,
-            priority=RequestPriority.NORMAL
+            try:
+                from litellm import completion
+                return await completion(**completion_args, stream=False)
+            except litellm.RateLimitError:
+                # Let tenacity (in controller) handle retry
+                raise 
+            except Exception as e:
+                # Log other transient errors for potential retry
+                logger.warning(f"Transient LLM error: {e}")
+                raise
+
+        # Wrap in retry logic
+        from tenacity import (
+            retry,
+            stop_after_attempt,
+            wait_exponential,
+            retry_if_exception_type,
+        )
+        import litellm
+
+        @retry(
+            retry=retry_if_exception_type((
+                litellm.RateLimitError, 
+                litellm.ServiceUnavailableError, 
+                litellm.APIConnectionError, 
+                litellm.Timeout
+            )),
+            wait=wait_exponential(multiplier=1, min=4, max=60),
+            stop=stop_after_attempt(5),
+            reraise=True
         )
+        async def execute_with_retries():
+            return await controller.queue_request(
+                do_request,
+                agent_id=agent_id,
+                priority=RequestPriority.NORMAL
+            )
+
+        try:
+            response = await execute_with_retries()
+        except Exception:
+            self._total_stats.failed_requests += 1
+            raise
 
         self._total_stats.requests += 1
         self._last_request_stats = RequestStats(requests=1)

exaaiagnt/runtime/docker_runtime.py

@@ -104,6 +104,14 @@ class DockerRuntime(AbstractRuntime):
                 self._tool_server_port = tool_server_port
                 self._tool_server_token = tool_server_token
 
+                # Mount kubeconfig if available
+                volumes = {}
+                kube_config = os.path.expanduser("~/.kube")
+                if os.path.exists(kube_config):
+                    volumes[kube_config] = {'bind': '/root/.kube', 'mode': 'ro'}
+                    # Also mount for pentester user
+                    volumes[kube_config] = {'bind': '/home/pentester/.kube', 'mode': 'ro'}
+
                 container = self.client.containers.run(
                     EXAAI_IMAGE,
                     command="sleep infinity",
@@ -114,6 +122,7 @@ class DockerRuntime(AbstractRuntime):
                         f"{caido_port}/tcp": caido_port,
                         f"{tool_server_port}/tcp": tool_server_port,
                     },
+                    volumes=volumes,
                     cap_add=["NET_ADMIN", "NET_RAW"],
                     labels={"exaai-scan-id": scan_id},
                     environment={

exaaiagnt/telemetry/tracer.py

@@ -137,19 +137,35 @@ class Tracer:
     ) -> int:
         message_id = self._next_message_id
         self._next_message_id += 1
+        
+        # Ensure imports if missing
+        import time
 
         message_data = {
             "message_id": message_id,
             "content": content,
             "role": role,
             "agent_id": agent_id,
-            "timestamp": datetime.now(UTC).isoformat(),
+            "timestamp": time.time(),  # Use epoch time for easier frontend handling
             "metadata": metadata or {},
         }
 
         self.chat_messages.append(message_data)
+        # Removed auto-save on every message to improve performance
         return message_id
 
+    def get_dashboard_data(self) -> dict[str, Any]:
+        """Return data formatted for the live dashboard."""
+        return {
+            "agents": self.agents,
+            "vulnerabilities": self.vulnerability_reports,
+            "stats": {
+                "active_agents": sum(1 for a in self.agents.values() if a.get("status") == "running"),
+                "total_requests": sum(1 for msg in self.chat_messages if msg["role"] == "assistant"),
+                "total_vulns": len(self.vulnerability_reports)
+            }
+        }
+
     def log_tool_execution_start(self, agent_id: str, tool_name: str, args: dict[str, Any]) -> int:
         execution_id = self._next_execution_id
         self._next_execution_id += 1

exaaiagnt/tools/executor.py

@@ -90,11 +90,23 @@ async def _execute_tool_locally(tool_name: str, agent_state: Any | None, **kwarg
     if needs_agent_state(tool_name):
         if agent_state is None:
             raise ValueError(f"Tool '{tool_name}' requires agent_state but none was provided.")
-        result = tool_func(agent_state=agent_state, **converted_kwargs)
+        # Check if the tool function is a coroutine (async)
+        if inspect.iscoroutinefunction(tool_func):
+            result = await tool_func(agent_state=agent_state, **converted_kwargs)
+        else:
+            # Run synchronous blocking tools in a separate thread
+            import asyncio
+            result = await asyncio.to_thread(tool_func, agent_state=agent_state, **converted_kwargs)
     else:
-        result = tool_func(**converted_kwargs)
+        # Check if the tool function is a coroutine (async)
+        if inspect.iscoroutinefunction(tool_func):
+            result = await tool_func(**converted_kwargs)
+        else:
+            # Run synchronous blocking tools in a separate thread
+            import asyncio
+            result = await asyncio.to_thread(tool_func, **converted_kwargs)
 
-    return await result if inspect.isawaitable(result) else result
+    return result
 
 
 def validate_tool_availability(tool_name: str | None) -> tuple[bool, str]:

exaaiagnt/tools/k8s_scanner/k8s_actions.py

@@ -10,7 +10,7 @@ Comprehensive security testing for Kubernetes clusters including:
 - Container vulnerability scanning integration
 
 Author: ALhilali
-Version: 1.0.0
+Version: 2.2.1
 """
 
 import logging
@@ -55,6 +55,9 @@ class SecurityFinding:
     status: CheckStatus = CheckStatus.FAIL
 
 
+from exaaiagnt.tools.registry import register_tool
+
+@register_tool
 class K8sScanner:
     """
     Kubernetes Security Scanner.
@@ -292,6 +295,7 @@ class K8sScanner:
 
 # === Convenience Functions ===
 
+@register_tool
 def scan_cluster(context: Optional[str] = None) -> Dict[str, Any]:
     """Run a full cluster scan."""
     scanner = K8sScanner(context=context)
@@ -299,6 +303,7 @@ def scan_cluster(context: Optional[str] = None) -> Dict[str, Any]:
     return scanner.export_report()
 
 
+@register_tool
 def check_rbac(namespace: str = "default") -> List[Dict[str, Any]]:
     """Run RBAC checks only."""
     scanner = K8sScanner()
@@ -306,6 +311,7 @@ def check_rbac(namespace: str = "default") -> List[Dict[str, Any]]:
     return scanner.export_report()["findings"]
 
 
+@register_tool
 def check_pod_security(namespace: str = "default") -> List[Dict[str, Any]]:
     """Run Pod Security checks only."""
     scanner = K8sScanner()

exaaiagnt/tools/k8s_scanner/k8s_actions_schema.xml

@@ -0,0 +1,36 @@
+<tool name="scan_cluster">
+    <description>
+        Run a full security scan on the connected Kubernetes cluster.
+        Checks for RBAC misconfigurations, Pod Security Standards violations,
+        missing NetworkPolicies, and insecure secret management.
+    </description>
+    <parameters>
+        <parameter name="context" type="string" optional="true">
+            The kubeconfig context to use. Defaults to current context.
+        </parameter>
+    </parameters>
+</tool>
+
+<tool name="check_rbac">
+    <description>
+        Check for dangerous RBAC permissions in a specific namespace.
+        Detects wildcard permissions, cluster-admin abuse, and risky role bindings.
+    </description>
+    <parameters>
+        <parameter name="namespace" type="string" optional="true">
+            Target namespace. Defaults to "default".
+        </parameter>
+    </parameters>
+</tool>
+
+<tool name="check_pod_security">
+    <description>
+        Audit pods against Pod Security Standards (PSS).
+        Finds privileged containers, host namespace usage, and capability issues.
+    </description>
+    <parameters>
+        <parameter name="namespace" type="string" optional="true">
+            Target namespace. Defaults to "default".
+        </parameter>
+    </parameters>
+</tool>

exaaiagnt/tools/prompt_injection/prompt_injection_actions.py

@@ -504,6 +504,80 @@ What is the date and time?""",
 
 # === CONVENIENCE FUNCTIONS ===
 
+from exaaiagnt.tools.registry import register_tool
+
+@register_tool
+def scan_llm_endpoint(
+    target_url: str,
+    method: str = "POST",
+    headers: Optional[Dict[str, str]] = None,
+    body_template: str = '{"prompt": "{{prompt}}"}',
+    injection_type: Optional[str] = None,
+    verbose: bool = False,
+) -> Dict[str, Any]:
+    """
+    Scan a remote LLM API endpoint for prompt injection vulnerabilities.
+    
+    Args:
+        target_url: URL of the LLM API endpoint
+        method: HTTP method (POST, GET)
+        headers: JSON dict of headers (e.g. {"Authorization": "Bearer..."})
+        body_template: JSON string with {{prompt}} placeholder
+        injection_type: Optional filter (direct, jailbreak, etc.)
+        verbose: Enable verbose logging
+        
+    Returns:
+        Scan summary dictionary
+    """
+    import requests
+    
+    def target_function(prompt: str) -> str:
+        try:
+            # Replace placeholder with payload
+            # Handle JSON escaping for the payload
+            import json
+            
+            # Simple template replacement might break JSON structure if payload has quotes
+            # So we parse, inject, then dump
+            if method.upper() == "POST" and "{" in body_template:
+                try:
+                    # Try to be smart about JSON templates
+                    # This is a simplified approach; robust implementation would use a proper template engine
+                    # or assume body_template is a JSON string where we replace a specific key value
+                    
+                    # Hacky string replacement for now, assuming user provided a valid template
+                    # Better: require body_template to be a format string or rely on simple substitution
+                    final_body = body_template.replace("{{prompt}}", prompt.replace('"', '\\"').replace('\n', '\\n'))
+                    
+                    # Verify it's valid JSON, if not, fallback or error
+                    # json.loads(final_body) 
+                    
+                    resp = requests.post(target_url, data=final_body, headers=headers, timeout=30)
+                    return resp.text
+                except Exception:
+                    # Fallback for non-JSON or complex templates
+                    return f"Error building request body"
+            
+            # GET method
+            if method.upper() == "GET":
+                resp = requests.get(target_url, params={"prompt": prompt}, headers=headers, timeout=30)
+                return resp.text
+                
+            return ""
+        except Exception as e:
+            return f"Error calling endpoint: {str(e)}"
+
+    # Convert string injection_type to Enum if provided
+    itype = None
+    if injection_type:
+        try:
+            itype = InjectionType(injection_type.lower())
+        except ValueError:
+            pass
+
+    return scan_for_prompt_injection(target_function, verbose=verbose)
+
+@register_tool
 def scan_for_prompt_injection(
     target_function: Callable[[str], str],
     verbose: bool = False,

exaaiagnt/tools/prompt_injection/prompt_injection_actions_schema.xml

@@ -0,0 +1,28 @@
+<tool name="scan_llm_endpoint">
+    <description>
+        Scan a remote LLM API endpoint for prompt injection vulnerabilities.
+        Tests for direct injection, jailbreaks, data exfiltration, and system prompt leakage.
+    </description>
+    <parameters>
+        <parameter name="target_url" type="string" required="true">
+            Full URL of the target LLM API endpoint (e.g. https://api.example.com/v1/chat)
+        </parameter>
+        <parameter name="method" type="string" optional="true">
+            HTTP method to use (POST or GET). Defaults to POST.
+        </parameter>
+        <parameter name="headers" type="dictionary" optional="true">
+            HTTP headers to include (e.g. Authorization, Content-Type).
+        </parameter>
+        <parameter name="body_template" type="string" optional="true">
+            Request body template for POST requests. Must include {{prompt}} placeholder.
+            Default: {"prompt": "{{prompt}}"}
+        </parameter>
+        <parameter name="injection_type" type="string" optional="true">
+            Specific injection type to test: direct, jailbreak, extraction, exfiltration.
+            Leave empty to run all tests.
+        </parameter>
+        <parameter name="verbose" type="boolean" optional="true">
+            Enable detailed logging of attempts. Defaults to false.
+        </parameter>
+    </parameters>
+</tool>

exaaiagnt/tools/python/python_instance.py

@@ -24,6 +24,11 @@ class PythonInstance:
         workspace = os.getenv("EXAAI_WORKSPACE", "/workspace")
         if os.path.isdir(workspace):
             os.chdir(workspace)
+        
+        # Add current directory and workspace to sys.path to ensure local imports work
+        sys.path.insert(0, os.getcwd())
+        if workspace not in sys.path:
+            sys.path.insert(0, workspace)
 
         self.shell = InteractiveShell()
         self.shell.init_completer()

exaaiagnt/tools/reporting/reporting_actions.py

@@ -1,4 +1,7 @@
 from typing import Any
+import json
+import os
+from datetime import datetime
 
 from exaaiagnt.tools.registry import register_tool
 
@@ -26,6 +29,29 @@ def create_vulnerability_report(
     if validation_error:
         return {"success": False, "message": validation_error}
 
+    # Auto-save report to disk
+    report_data = {
+        "title": title,
+        "content": content,
+        "severity": severity,
+        "timestamp": datetime.now().isoformat(),
+        "agent": os.getenv("EXAAI_AGENT_NAME", "unknown")
+    }
+    
+    # Save to local reports directory
+    try:
+        reports_dir = os.path.join(os.getcwd(), "reports")
+        os.makedirs(reports_dir, exist_ok=True)
+        filename = f"vuln_report_{int(datetime.now().timestamp())}_{severity}.json"
+        filepath = os.path.join(reports_dir, filename)
+        
+        with open(filepath, "w") as f:
+            json.dump(report_data, f, indent=2)
+            
+    except Exception as e:
+        import logging
+        logging.warning(f"Failed to save local report: {e}")
+
     try:
         from exaaiagnt.telemetry.tracer import get_global_tracer
 
@@ -42,22 +68,25 @@ def create_vulnerability_report(
                 "message": f"Vulnerability report '{title}' created successfully",
                 "report_id": report_id,
                 "severity": severity.lower(),
+                "local_path": filepath
             }
         import logging
 
-        logging.warning("Global tracer not available - vulnerability report not stored")
+        logging.warning("Global tracer not available - vulnerability report not stored in tracer")
 
         return {  # noqa: TRY300
             "success": True,
-            "message": f"Vulnerability report '{title}' created successfully (not persisted)",
-            "warning": "Report could not be persisted - tracer unavailable",
+            "message": f"Vulnerability report '{title}' created successfully (saved locally)",
+            "warning": "Report not persisted in tracer",
+            "local_path": filepath
         }
 
     except ImportError:
         return {
             "success": True,
-            "message": f"Vulnerability report '{title}' created successfully (not persisted)",
-            "warning": "Report could not be persisted - tracer module unavailable",
+            "message": f"Vulnerability report '{title}' created successfully (saved locally)",
+            "warning": "Report not persisted - tracer module unavailable",
+            "local_path": filepath
         }
     except (ValueError, TypeError) as e:
         return {"success": False, "message": f"Failed to create vulnerability report: {e!s}"}

exaaiagnt/tools/web_search/web_search_actions.py

@@ -32,7 +32,7 @@ security implications and details."""
 
 
 @register_tool(sandbox_execution=False)
-def web_search(query: str) -> dict[str, Any]:
+def web_search(query: str, model: str = "sonar") -> dict[str, Any]:
     try:
         api_key = os.getenv("PERPLEXITY_API_KEY")
         if not api_key:
@@ -45,8 +45,10 @@ def web_search(query: str) -> dict[str, Any]:
         url = "https://api.perplexity.ai/chat/completions"
         headers = {"Authorization": f"Bearer {api_key}", "Content-Type": "application/json"}
 
+        # Use sonar by default (cheaper/faster) or sonar-reasoning if requested
+        # 'sonar' is the new name for the standard model, 'sonar-reasoning' for deep research
         payload = {
-            "model": "sonar-reasoning",
+            "model": model,
             "messages": [
                 {"role": "system", "content": SYSTEM_PROMPT},
                 {"role": "user", "content": query},