Initial commit

src/cli/command-handler.js

@@ -0,0 +1,136 @@
+import chalk from 'chalk';
+import {
+  selectSession, deleteSession, deleteAllSessions,
+  validateAgent, validatePhase
+} from '../session-manager.js';
+import {
+  runPhase, runAll, rollbackTo, rerunAgent, displayStatus, listAgents
+} from '../checkpoint-manager.js';
+import { logError, PentestError } from '../error-handling.js';
+import { cleanupMCP } from '../setup/environment.js';
+
+// Developer command handlers
+export async function handleDeveloperCommand(command, args, pipelineTestingMode, runClaudePromptWithRetry, loadPrompt) {
+  try {
+    let session;
+
+    // Commands that don't require session selection
+    if (command === '--list-agents') {
+      listAgents();
+      return;
+    }
+
+    if (command === '--cleanup') {
+      // Handle cleanup without needing session selection first
+      if (args[0]) {
+        // Cleanup specific session by ID
+        const sessionId = args[0];
+        const deletedSession = await deleteSession(sessionId);
+        console.log(chalk.green(`✅ Deleted session ${sessionId} (${new URL(deletedSession.webUrl).hostname})`));
+        // Clean up MCP agents when deleting specific session
+        await cleanupMCP();
+      } else {
+        // Cleanup all sessions - require confirmation
+        console.log(chalk.yellow('⚠️  This will delete all pentest sessions. Are you sure? (y/N):'));
+        const { createInterface } = await import('readline');
+        const readline = createInterface({
+          input: process.stdin,
+          output: process.stdout
+        });
+
+        await new Promise((resolve) => {
+          readline.question('', (answer) => {
+            readline.close();
+            if (answer.toLowerCase() === 'y' || answer.toLowerCase() === 'yes') {
+              deleteAllSessions().then(deleted => {
+                if (deleted) {
+                  console.log(chalk.green('✅ All sessions deleted'));
+                } else {
+                  console.log(chalk.yellow('⚠️  No sessions found to delete'));
+                }
+                // Clean up MCP agents after deleting sessions
+                return cleanupMCP();
+              }).then(() => {
+                resolve();
+              }).catch(error => {
+                console.log(chalk.red(`❌ Failed to delete sessions: ${error.message}`));
+                resolve();
+              });
+            } else {
+              console.log(chalk.gray('Cleanup cancelled'));
+              resolve();
+            }
+          });
+        });
+      }
+      return;
+    }
+
+    // Early validation for commands with agent names (before session selection)
+
+    if (command === '--run-phase') {
+      if (!args[0]) {
+        console.log(chalk.red('❌ --run-phase requires a phase name'));
+        console.log(chalk.gray('Usage: ./shannon.mjs --run-phase <phase-name>'));
+        process.exit(1);
+      }
+      validatePhase(args[0]); // This will throw PentestError if invalid
+    }
+
+    if (command === '--rollback-to' || command === '--rerun') {
+      if (!args[0]) {
+        console.log(chalk.red(`❌ ${command} requires an agent name`));
+        console.log(chalk.gray(`Usage: ./shannon.mjs ${command} <agent-name>`));
+        process.exit(1);
+      }
+      validateAgent(args[0]); // This will throw PentestError if invalid
+    }
+
+    // Get session for other commands
+    try {
+      session = await selectSession();
+    } catch (error) {
+      console.log(chalk.red(`❌ ${error.message}`));
+      process.exit(1);
+    }
+
+    switch (command) {
+
+      case '--run-phase':
+        await runPhase(args[0], session, pipelineTestingMode, runClaudePromptWithRetry, loadPrompt);
+        break;
+
+      case '--run-all':
+        await runAll(session, pipelineTestingMode, runClaudePromptWithRetry, loadPrompt);
+        break;
+
+      case '--rollback-to':
+        await rollbackTo(args[0], session);
+        break;
+
+      case '--rerun':
+        await rerunAgent(args[0], session, pipelineTestingMode, runClaudePromptWithRetry, loadPrompt);
+        break;
+
+      case '--status':
+        await displayStatus(session);
+        break;
+
+      default:
+        console.log(chalk.red(`❌ Unknown developer command: ${command}`));
+        console.log(chalk.gray('Use --help to see available commands'));
+        process.exit(1);
+    }
+  } catch (error) {
+    if (error instanceof PentestError) {
+      await logError(error, `Developer command ${command}`);
+      console.log(chalk.red.bold(`\n🚨 Command failed: ${error.message}`));
+    } else {
+      console.log(chalk.red.bold(`\n🚨 Unexpected error: ${error.message}`));
+      if (process.env.DEBUG) {
+        console.log(chalk.gray(error.stack));
+      }
+    }
+    process.exit(1);
+  }
+}

src/cli/input-validator.js

@@ -0,0 +1,46 @@
+import { fs, path } from 'zx';
+
+// Helper function: Validate web URL
+export function validateWebUrl(url) {
+  try {
+    const parsed = new URL(url);
+    if (!['http:', 'https:'].includes(parsed.protocol)) {
+      return { valid: false, error: 'Web URL must use HTTP or HTTPS protocol' };
+    }
+    if (!parsed.hostname) {
+      return { valid: false, error: 'Web URL must have a valid hostname' };
+    }
+    return { valid: true };
+  } catch (error) {
+    return { valid: false, error: 'Invalid web URL format' };
+  }
+}
+
+// Helper function: Validate local repository path
+export async function validateRepoPath(repoPath) {
+  try {
+    // Check if path exists
+    if (!await fs.pathExists(repoPath)) {
+      return { valid: false, error: 'Repository path does not exist' };
+    }
+
+    // Check if it's a directory
+    const stats = await fs.stat(repoPath);
+    if (!stats.isDirectory()) {
+      return { valid: false, error: 'Repository path must be a directory' };
+    }
+
+    // Check if it's readable
+    try {
+      await fs.access(repoPath, fs.constants.R_OK);
+    } catch (error) {
+      return { valid: false, error: 'Repository path is not readable' };
+    }
+
+    // Convert to absolute path
+    const absolutePath = path.resolve(repoPath);
+    return { valid: true, path: absolutePath };
+  } catch (error) {
+    return { valid: false, error: `Invalid repository path: ${error.message}` };
+  }
+}

src/cli/ui.js

@@ -0,0 +1,60 @@
+import chalk from 'chalk';
+import { displaySplashScreen } from '../splash-screen.js';
+
+// Helper function: Display help information
+export function showHelp() {
+  console.log(chalk.cyan.bold('AI Penetration Testing Agent'));
+  console.log(chalk.gray('Automated security assessment tool\n'));
+
+  console.log(chalk.yellow.bold('NORMAL MODE (Creates Sessions):'));
+  console.log('  ./shannon.mjs <WEB_URL> <REPO_PATH> [--config config.yaml] [--pipeline-testing]');
+  console.log('  ./shannon.mjs <WEB_URL> <REPO_PATH> --setup-only                     # Setup local repo and create session only\n');
+
+  console.log(chalk.yellow.bold('DEVELOPER MODE (Operates on Existing Sessions):'));
+  console.log('  ./shannon.mjs --run-phase <phase-name> [--pipeline-testing]');
+  console.log('  ./shannon.mjs --run-all [--pipeline-testing]');
+  console.log('  ./shannon.mjs --rollback-to <agent-name>');
+  console.log('  ./shannon.mjs --rerun <agent-name> [--pipeline-testing]');
+  console.log('  ./shannon.mjs --status');
+  console.log('  ./shannon.mjs --list-agents');
+  console.log('  ./shannon.mjs --cleanup [session-id]                      # Delete sessions\n');
+
+  console.log(chalk.yellow.bold('OPTIONS:'));
+  console.log('  --config <file>      YAML configuration file for authentication and testing parameters');
+  console.log('  --pipeline-testing   Use minimal prompts for fast pipeline testing (creates minimal deliverables)\n');
+
+  console.log(chalk.yellow.bold('DEVELOPER COMMANDS:'));
+  console.log('  --run-phase          Run all agents in a phase (parallel execution for 5x speedup)');
+  console.log('  --run-all            Run all remaining agents to completion (parallel execution)');
+  console.log('  --rollback-to        Rollback git workspace to agent checkpoint');
+  console.log('  --rerun              Rollback and rerun specific agent');
+  console.log('  --status             Show current session status and progress');
+  console.log('  --list-agents        List all available agents and phases');
+  console.log('  --cleanup            Delete all sessions or specific session by ID\n');
+
+  console.log(chalk.yellow.bold('EXAMPLES:'));
+  console.log('  # Normal mode - create new session');
+  console.log('  ./shannon.mjs "https://example.com" "/path/to/local/repo"');
+  console.log('  ./shannon.mjs "https://example.com" "/path/to/local/repo" --config auth.yaml');
+  console.log('  ./shannon.mjs "https://example.com" "/path/to/local/repo" --setup-only  # Setup only\n');
+
+  console.log('  # Developer mode - operate on existing session');
+  console.log('  ./shannon.mjs --status                    # Show session status');
+  console.log('  ./shannon.mjs --run-phase exploitation    # Run entire phase');
+  console.log('  ./shannon.mjs --run-all                   # Run all remaining agents');
+  console.log('  ./shannon.mjs --rerun xss-vuln           # Fix and rerun failed agent');
+  console.log('  ./shannon.mjs --cleanup                  # Delete all sessions');
+  console.log('  ./shannon.mjs --cleanup <session-id>    # Delete specific session\n');
+
+  console.log(chalk.yellow.bold('REQUIREMENTS:'));
+  console.log('  • WEB_URL must start with http:// or https://');
+  console.log('  • REPO_PATH must be an accessible local directory');
+  console.log('  • Only test systems you own or have permission to test');
+  console.log('  • Developer mode requires existing pentest session\n');
+
+  console.log(chalk.yellow.bold('ENVIRONMENT VARIABLES:'));
+  console.log('  PENTEST_MAX_RETRIES    Number of retries for AI agents (default: 3)');
+}
+
+// Export the splash screen function for use in main
+export { displaySplashScreen };