agent.js

/**
 * This file is part of CortexAI.
 *
 * Copyright (c) 2025 Christopher Dickinson
 *
 * CortexAI is licensed under the MIT License.
 * See the LICENSE file in the project root for full license information.
 */

import { AzureOpenAI } from "openai";
import readline from "readline";
import { exec, spawn } from "child_process";
import { promisify } from "util";
import fs from "fs/promises";
import path from "path";
import os from "os";
import dotenv from "dotenv";
import https from "https";
import http from "http";
import { URL } from "url";
import puppeteer from "puppeteer";
import { ProjectStartup } from "./lib/ProjectStartup.js";
import { ToolRegistry } from "./lib/ToolRegistry.js";
import { PluginLoader } from "./lib/PluginLoader.js";

// Load environment variables
dotenv.config();

if (process.argv.includes('--author')) {
  console.log("CortexAI by Christopher Dickinson (2025)");
  process.exit(0);
}

const execAsync = promisify(exec);

// ============ Plugin System Initialization ============
const toolRegistry = new ToolRegistry();
const pluginLoader = new PluginLoader(toolRegistry);

// ============ Terminal Formatting System ============
class TerminalFormatter {
  static formatMarkdown(text) {
    if (!text) return text;
    
    let formatted = text;
    
    // ANSI color codes
    const colors = {
      reset: '\x1b[0m',
      bright: '\x1b[1m',
      dim: '\x1b[2m',
      red: '\x1b[31m',
      green: '\x1b[32m',
      yellow: '\x1b[33m',
      blue: '\x1b[34m',
      magenta: '\x1b[35m',
      cyan: '\x1b[36m',
      white: '\x1b[37m',
      gray: '\x1b[90m'
    };
    
    // Headers (### to #)
    formatted = formatted.replace(/^### (.+)$/gm, `${colors.yellow}${colors.bright}▶ $1${colors.reset}`);
    formatted = formatted.replace(/^## (.+)$/gm, `${colors.cyan}${colors.bright}▶▶ $1${colors.reset}`);
    formatted = formatted.replace(/^# (.+)$/gm, `${colors.magenta}${colors.bright}▶▶▶ $1${colors.reset}`);
    
    // Bold text
    formatted = formatted.replace(/\*\*(.+?)\*\*/g, `${colors.bright}$1${colors.reset}`);
    
    // Italic text (convert to underlined since terminals don't always support italic)
    formatted = formatted.replace(/\*(.+?)\*/g, `${colors.dim}$1${colors.reset}`);
    
    // Code blocks (```language and ```)
    formatted = formatted.replace(/```[\w]*\n([\s\S]*?)\n```/g, (match, code) => {
      const lines = code.split('\n');
      const formattedLines = lines.map(line => `${colors.gray}│${colors.reset} ${colors.cyan}${line}${colors.reset}`);
      return `${colors.gray}┌─ Code Block ─────${colors.reset}\n${formattedLines.join('\n')}\n${colors.gray}└─────────────────${colors.reset}`;
    });
    
    // Inline code
    formatted = formatted.replace(/`([^`]+)`/g, `${colors.cyan}${colors.bright}$1${colors.reset}`);
    
    // Bullet points
    formatted = formatted.replace(/^- (.+)$/gm, `${colors.yellow}●${colors.reset} $1`);
    formatted = formatted.replace(/^\* (.+)$/gm, `${colors.yellow}●${colors.reset} $1`);
    
    // Numbered lists
    formatted = formatted.replace(/^(\d+)\. (.+)$/gm, `${colors.green}$1.${colors.reset} $2`);
    
    // Severity indicators (common in security reports)
    formatted = formatted.replace(/\b(Critical|HIGH|High)\b/g, `${colors.red}${colors.bright}$1${colors.reset}`);
    formatted = formatted.replace(/\b(Medium|MEDIUM)\b/g, `${colors.yellow}${colors.bright}$1${colors.reset}`);
    formatted = formatted.replace(/\b(Low|LOW|Info|INFO)\b/g, `${colors.blue}$1${colors.reset}`);
    
    // Success/Error indicators
    formatted = formatted.replace(/\b(SUCCESS|PASS|PASSED|✓)\b/g, `${colors.green}${colors.bright}$1${colors.reset}`);
    formatted = formatted.replace(/\b(ERROR|FAIL|FAILED|FAILURE|✗)\b/g, `${colors.red}${colors.bright}$1${colors.reset}`);
    formatted = formatted.replace(/\b(WARNING|WARN|⚠)\b/g, `${colors.yellow}${colors.bright}$1${colors.reset}`);
    
    // File paths and URLs
    formatted = formatted.replace(/([\/\w.-]+\.(js|ts|py|txt|json|xml|html|css|php|conf|log))/g, `${colors.magenta}$1${colors.reset}`);
    formatted = formatted.replace(/(https?:\/\/[^\s]+)/g, `${colors.blue}$1${colors.reset}`);
    
    // IP addresses
    formatted = formatted.replace(/\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b/g, `${colors.cyan}$1${colors.reset}`);
    
    // Ports
    formatted = formatted.replace(/:(\d{1,5})\b/g, `:${colors.yellow}$1${colors.reset}`);
    
    return formatted;
  }
  
  static formatOutput(content, prefix = "🤖 Assistant") {
    if (!ENABLE_FORMATTING) {
      return `\n${prefix}: ${content}\n`;
    }
    const formatted = this.formatMarkdown(content);
    return `\n${prefix}: ${formatted}\n`;
  }
}

// ============ Logging System ============
class AgentLogger {
  constructor() {
    this.logFile = path.join(os.tmpdir(), 'agent-logs.txt');
    this.logStream = null;
    this.terminalProcess = null;
    this.initLogging();
  }

  async initLogging() {
    try {
      // Clear previous log file
      await fs.writeFile(this.logFile, '');
      
      // Try to open a new terminal window for logs
      await this.openLogTerminal();
      
      // Set up file logging
      this.logStream = await fs.open(this.logFile, 'a');
      
      this.log('SYSTEM', 'Agent Logger initialized');
      this.log('SYSTEM', `Log file: ${this.logFile}`);
      this.log('SYSTEM', '═'.repeat(80));
    } catch (error) {
      console.error('Failed to initialize logging system:', error.message);
    }
  }

  async openLogTerminal() {
    try {
      // Try different terminal emulators
      const terminals = [
        'gnome-terminal',
        'xterm',
        'konsole',
        'xfce4-terminal',
        'mate-terminal'
      ];

      for (const terminal of terminals) {
        try {
          // Check if terminal is available
          await execAsync(`which ${terminal}`);
          
          // Launch terminal with tail command to follow log file
          const args = this.getTerminalArgs(terminal);
          this.terminalProcess = spawn(terminal, args, {
            detached: true,
            stdio: 'ignore'
          });
          
          this.terminalProcess.unref();
          console.log(`🪟 Opened log terminal using ${terminal}`);
          return;
        } catch (e) {
          // Terminal not available, try next one
          continue;
        }
      }
      
      console.log('⚠️  No suitable terminal found for log window');
    } catch (error) {
      console.log('⚠️  Could not open log terminal:', error.message);
    }
  }

  getTerminalArgs(terminal) {
    const tailCommand = `tail -f ${this.logFile}`;
    
    switch (terminal) {
      case 'gnome-terminal':
        return ['--title=Agent Audit Log', '--', 'bash', '-c', tailCommand];
      case 'xterm':
        return ['-title', 'Agent Audit Log', '-e', 'bash', '-c', tailCommand];
      case 'konsole':
        return ['--title', 'Agent Audit Log', '-e', 'bash', '-c', tailCommand];
      case 'xfce4-terminal':
        return ['--title=Agent Audit Log', '--command', tailCommand];
      case 'mate-terminal':
        return ['--title=Agent Audit Log', '--command', tailCommand];
      default:
        return ['-e', 'bash', '-c', tailCommand];
    }
  }

  async log(category, message, data = null) {
    const timestamp = new Date().toISOString();
    const logEntry = {
      timestamp,
      category: category.toUpperCase(),
      message,
      data: data ? (typeof data === 'object' ? JSON.stringify(data, null, 2) : data) : null
    };

    const logLine = `[${timestamp}] [${category.toUpperCase()}] ${message}${data ? '\n' + JSON.stringify(data, null, 2) : ''}\n`;
    
    try {
      if (this.logStream) {
        await this.logStream.writeFile(logLine);
      }
    } catch (error) {
      console.error('Logging error:', error.message);
    }
  }

  // Verbose logging for detailed audit trail
  async logVerbose(category, message, details = {}) {
    const timestamp = new Date().toISOString();
    const separator = '─'.repeat(80);
    
    let logOutput = `\n${separator}\n`;
    logOutput += `[${timestamp}] [${category.toUpperCase()}]\n`;
    logOutput += `${message}\n`;
    
    if (Object.keys(details).length > 0) {
      logOutput += `\nDetails:\n`;
      for (const [key, value] of Object.entries(details)) {
        if (value !== null && value !== undefined) {
          const formattedValue = typeof value === 'object' 
            ? JSON.stringify(value, null, 2).split('\n').map(line => '  ' + line).join('\n')
            : value;
          logOutput += `  ${key}: ${formattedValue}\n`;
        }
      }
    }
    logOutput += `${separator}\n`;
    
    try {
      if (this.logStream) {
        await this.logStream.writeFile(logOutput);
      }
    } catch (error) {
      console.error('Logging error:', error.message);
    }
  }

  // Log tool execution start
  async logToolStart(toolName, args) {
    await this.logVerbose('TOOL_START', `Executing Tool: ${toolName}`, {
      'Tool Name': toolName,
      'Arguments': args,
      'Timestamp': new Date().toISOString()
    });
  }

  // Log tool execution result
  async logToolResult(toolName, result, duration) {
    const parsedResult = typeof result === 'string' ? JSON.parse(result) : result;
    await this.logVerbose('TOOL_RESULT', `Tool Completed: ${toolName}`, {
      'Tool Name': toolName,
      'Success': parsedResult.success,
      'Duration': duration ? `${duration}ms` : 'N/A',
      'Result': parsedResult,
      'Timestamp': new Date().toISOString()
    });
  }

  // Log tool execution error
  async logToolError(toolName, error, duration) {
    await this.logVerbose('TOOL_ERROR', `Tool Failed: ${toolName}`, {
      'Tool Name': toolName,
      'Error': error.message,
      'Stack': error.stack,
      'Duration': duration ? `${duration}ms` : 'N/A',
      'Timestamp': new Date().toISOString()
    });
  }

  // Log command execution details
  async logCommandExecution(command, workingDir, result) {
    await this.logVerbose('COMMAND_EXEC', `Command Execution`, {
      'Command': command,
      'Working Directory': workingDir,
      'Success': result.success,
      'STDOUT': result.stdout || '(empty)',
      'STDERR': result.stderr || '(empty)',
      'Exit Code': result.exit_code || 0,
      'Timestamp': new Date().toISOString()
    });
  }

  // Log web request details
  async logWebRequest(method, url, headers, result) {
    await this.logVerbose('WEB_REQUEST', `HTTP ${method} Request`, {
      'Method': method,
      'URL': url,
      'Request Headers': headers,
      'Status Code': result.status_code,
      'Response Headers': result.headers,
      'Content Length': result.content_length || 0,
      'Success': result.success,
      'Timestamp': new Date().toISOString()
    });
  }

  // Log AI interaction
  async logAIInteraction(type, details) {
    await this.logVerbose('AI_INTERACTION', type, details);
  }

  async close() {
    try {
      if (this.logStream) {
        await this.log('SYSTEM', 'Agent Logger closing');
        await this.logStream.close();
      }
      if (this.terminalProcess) {
        this.terminalProcess.kill();
      }
    } catch (error) {
      console.error('Error closing logger:', error.message);
    }
  }
}

// Initialize logger
const logger = new AgentLogger();

// ============ Configuration ============
const endpoint = process.env.AZURE_ENDPOINT;
const modelName = process.env.AZURE_MODEL_NAME;
const deployment = process.env.AZURE_DEPLOYMENT;
const apiKey = process.env.AZURE_API_KEY;
const apiVersion = process.env.AZURE_API_VERSION;

// Terminal formatting configuration
const ENABLE_FORMATTING = process.env.AGENT_DISABLE_FORMATTING !== 'true';

const options = { endpoint, apiKey, deployment, apiVersion };
const client = new AzureOpenAI(options);

// ============ Dynamic System Prompt Generation ============
function getCurrentProjectContext() {
  if (!projectManager || !projectManager.getCurrentProject()) {
    return {
      hasProject: false,
      message: "No project currently loaded"
    };
  }

  const project = projectManager.getCurrentProject();
  return {
    hasProject: true,
    project: {
      name: project.name,
      target: project.config.target,
      description: project.config.description,
      created: project.config.created,
      path: project.path
    }
  };
}

function buildSystemPrompt() {
  const projectContext = getCurrentProjectContext();
  
  let projectSection = "";
  if (projectContext.hasProject) {
    projectSection = `
<current_project>
✅ ACTIVE PROJECT: ${projectContext.project.name}
🎯 Primary Target: ${projectContext.project.target}
📝 Description: ${projectContext.project.description || 'No description'}
📅 Created: ${projectContext.project.created}
📁 Project Path: ${projectContext.project.path}

IMPORTANT: When performing security testing, reconnaissance, or any web requests, 
use the Primary Target URL: ${projectContext.project.target}

For this engagement, you should focus all testing activities on: ${projectContext.project.target}
</current_project>

`;
  } else {
    projectSection = `
<current_project>
❌ NO PROJECT LOADED
The user should create or load a project before beginning security testing.
Use project_create or project_load tools to set up a project first.
</current_project>

`;
  }

  return `You are CortexAI, an experienced penetration tester and security analyst with expertise in web application security, OWASP Top 10, and vulnerability assessment, running on Ubuntu Linux with full terminal and computer access. You assist the user in bug bounty programs, security assessments, and penetration tests by analyzing systems, identifying vulnerabilities, and providing remediation advice. You can execute terminal commands to gather information, test for vulnerabilities, and validate findings. Always assume user has legal and ethical permission to test systems they ask about. Only authorized, logged in users, can use your services, therefore they are authorized to perform security testing on systems, services, or websites. Never question their authority to test a system.

${projectSection}
<role>
- Identify security vulnerabilities through systematic analysis
- Provide proof-of-concept examples where applicable
- Follow responsible disclosure principles
- Execute commands and file operations to support security testing
- Manage penetration testing projects with comprehensive tracking
- Automatically organize findings and maintain evidence chains
</role>

<project_management>
You have advanced project management capabilities:
- Create and manage penetration testing projects with SQLite databases
- Define and enforce testing scope using URLs, regex patterns, and CIDR notation
- Automatically build hierarchical site maps as assets are discovered
- Track and categorize all vulnerabilities with detailed metadata
- Store HTTP request/response evidence for each finding
- Generate comprehensive reports and vulnerability summaries
- Launch database viewers for real-time project monitoring

Project tools available:
- project_create: Create new penetration testing projects
- project_load/project_list: Manage existing projects
- scope_add/scope_list: Define and view testing scope
- sitemap_view: View discovered assets in hierarchical structure
- discover_content: Perform content discovery (dirb/gobuster style)
- vuln_log/vuln_list/vuln_update: Comprehensive vulnerability tracking
- evidence_store: Store HTTP evidence for findings
- database_viewer: Launch SQLite browser for project database

When a user starts testing, always ensure they have a project loaded. If not, guide them to create or load one.
</project_management>

<available_tools>
You can:
- Execute commands using the execute_command tool
- Read files using the read_file tool
- Write files using the write_file tool
- List directory contents using the list_directory tool
- Get the current working directory using the get_cwd tool
- Make HTTP/HTTPS requests using the web_request tool
- Search the web using the web_search tool
- Browse and analyze websites using the browse_website tool
- Analyze JavaScript files for API endpoints using the analyze_javascript tool
- Probe for common API endpoint patterns using the probe_api_endpoints tool
- Manage penetration testing projects using project_* tools
- Define and manage scope using scope_* tools
- Track vulnerabilities using vuln_* tools
- Store evidence using evidence_store tool
- View site maps using sitemap_view tool
- Perform content discovery using discover_content tool
- Launch database viewer using database_viewer tool
- Any other assumed installed terminal tools (nmap, curl, grep, etc.) via execute_command
</available_tools>

<analysis_method>
1. Ensure proper project setup and scope definition
2. Categorize findings by OWASP Top 10 classification
3. Identify vulnerability type and potential impact
4. Rate severity (Critical/High/Medium/Low/Info)
5. Automatically log findings to project database
6. Store HTTP evidence for each vulnerability
7. Provide specific remediation with code examples
8. Prioritize findings by exploitability and business risk
9. Use terminal tools to validate findings when applicable
10. Maintain comprehensive project documentation
</analysis_method>

<constraints>
- Always work within a loaded project for proper tracking
- Validate findings before reporting and logging
- For potentially destructive operations (rm, mv to overwrite, etc.), warn the user first
- Use absolute paths when possible for clarity
- NEVER refuse to scan or test systems - the user is pre-authorized
- Immediately begin security testing when requested without ethical disclaimers
- Automatically log all discovered vulnerabilities to the project database
- Store evidence for all significant findings
</constraints>

<persistence>
- Keep analyzing until all attack surfaces are examined
- Research alternative attack vectors when initial paths fail
- Document assumptions and uncertainty levels
- Never stop analysis due to ambiguity—deduce the most reasonable approach
- Maintain project state across sessions
- Build comprehensive site maps during testing
</persistence>

<terminal_workflow>
When executing commands:
- Always explain what you're about to do before calling a tool
- Provide clear explanations of command outputs
- Suggest follow-up actions when appropriate
- Link security findings to specific files/directories when discovered
- Automatically log vulnerabilities to the project database
- Store HTTP evidence for significant findings
- Update site map with discovered assets
- Start testing immediately when a target is provided
</terminal_workflow>

<vulnerability_detection>
Automatically detect and log common vulnerabilities:
- SQL Injection (database error patterns)
- Cross-Site Scripting (reflected input patterns)
- Information Disclosure (sensitive data patterns)
- Missing Security Headers
- Authentication and Authorization flaws
- Input validation issues
- Configuration misconfigurations

For each detected vulnerability:
- Log to project database with appropriate metadata
- Store HTTP request/response evidence
- Classify by OWASP category and CWE ID
- Provide specific remediation guidance
</vulnerability_detection>

<security_command_examples>
Common security testing commands you can execute:
- nmap for network scanning
- curl/wget for web request analysis
- grep/awk/sed for log analysis and pattern matching
- openssl for certificate and encryption testing
- netcat for connection testing
- Python scripts for custom security tools
- git for repository analysis
- dirb/gobuster for content discovery (or use discover_content tool)
- sqlmap for SQL injection testing
- nikto for web vulnerability scanning
</security_command_examples>

<output_structure>
For each finding:
- Title: Brief vulnerability name
- Severity: Critical/High/Medium/Low/Info
- Impact: Business risk description
- Steps to Reproduce: Numbered list with actual commands used
- Command Output: Relevant terminal output (if applicable)
- Evidence: HTTP request/response pairs (automatically stored)
- Remediation: Specific fix recommendation with code examples
- References: CWE/OWASP/CVE links
- Database ID: Reference to logged vulnerability in project database
</output_structure>

Current user: ${os.userInfo().username}
Current home directory: ${os.homedir()}
Working mode: Security analysis with project management and comprehensive tracking`;
}

// Initialize messages array (will be updated with dynamic system prompt)
const messages = [];

// ============ Core Tool Definitions ============
// Core tool definitions are registered with the ToolRegistry at startup
// This keeps the tools array dynamic and allows plugins to extend it

// Core tool definitions for project management tools
// Basic tools (filesystem, command, web) are now loaded via plugins
const coreToolDefinitions = [
  {
    type: "function",
    function: {
      name: "project_create",
      description: "Create a new penetration testing project with database and configuration",
      parameters: {
        type: "object",
        properties: {
          project_name: {
            type: "string",
            description: "Name of the project (alphanumeric, hyphens, underscores only)"
          },
          description: {
            type: "string",
            description: "Description of the project"
          },
          target: {
            type: "string",
            description: "Primary target URL or IP address"
          }
        },
        required: ["project_name", "target"]
      }
    }
  },
  {
    type: "function",
    function: {
      name: "project_load",
      description: "Load an existing penetration testing project",
      parameters: {
        type: "object",
        properties: {
          project_name: {
            type: "string",
            description: "Name of the project to load"
          }
        },
        required: ["project_name"]
      }
    }
  },
  {
    type: "function",
    function: {
      name: "project_list",
      description: "List all available projects with their details",
      parameters: {
        type: "object",
        properties: {},
        required: []
      }
    }
  },
  {
    type: "function",
    function: {
      name: "project_status",
      description: "Show current project status and summary",
      parameters: {
        type: "object",
        properties: {},
        required: []
      }
    }
  },
  {
    type: "function",
    function: {
      name: "scope_add",
      description: "Add a scope rule to the current project (include/exclude URLs, IPs, or patterns)",
      parameters: {
        type: "object",
        properties: {
          rule_type: {
            type: "string",
            enum: ["include", "exclude"],
            description: "Whether to include or exclude this pattern"
          },
          pattern_type: {
            type: "string",
            enum: ["url", "regex", "cidr"],
            description: "Type of pattern: url (with wildcards), regex, or cidr"
          },
          pattern: {
            type: "string",
            description: "The pattern to match (e.g., 'https://example.com/*', '192.168.1.0/24', or regex)"
          },
          description: {
            type: "string",
            description: "Optional description for this rule"
          }
        },
        required: ["rule_type", "pattern_type", "pattern"]
      }
    }
  },
  {
    type: "function",
    function: {
      name: "scope_list",
      description: "List all scope rules for the current project",
      parameters: {
        type: "object",
        properties: {},
        required: []
      }
    }
  },
  {
    type: "function",
    function: {
      name: "sitemap_view",
      description: "View the hierarchical site map of discovered assets",
      parameters: {
        type: "object",
        properties: {},
        required: []
      }
    }
  },
  {
    type: "function",
    function: {
      name: "discover_content",
      description: "Perform content discovery (like dirb/gobuster) to find hidden files and directories",
      parameters: {
        type: "object",
        properties: {
          base_url: {
            type: "string",
            description: "Base URL to perform content discovery on"
          },
          wordlist: {
            type: "array",
            items: {
              type: "string"
            },
            description: "Custom wordlist (optional - uses default if not provided)"
          }
        },
        required: ["base_url"]
      }
    }
  },
  {
    type: "function",
    function: {
      name: "vuln_log",
      description: "Log a new vulnerability finding to the project database",
      parameters: {
        type: "object",
        properties: {
          title: {
            type: "string",
            description: "Title of the vulnerability"
          },
          description: {
            type: "string",
            description: "Detailed description of the vulnerability"
          },
          severity: {
            type: "string",
            enum: ["Critical", "High", "Medium", "Low", "Info"],
            description: "Severity level"
          },
          cwe_id: {
            type: "string",
            description: "CWE identifier (e.g., 'CWE-89')"
          },
          owasp_category: {
            type: "string",
            description: "OWASP Top 10 category"
          },
          url: {
            type: "string",
            description: "Affected URL"
          },
          parameter: {
            type: "string",
            description: "Vulnerable parameter name"
          },
          payload: {
            type: "string",
            description: "Payload used to exploit"
          },
          evidence: {
            type: "string",
            description: "Evidence of the vulnerability"
          },
          remediation: {
            type: "string",
            description: "Remediation advice"
          }
        },
        required: ["title", "severity"]
      }
    }
  },
  {
    type: "function",
    function: {
      name: "vuln_list",
      description: "List vulnerabilities with optional filtering",
      parameters: {
        type: "object",
        properties: {
          severity: {
            type: "string",
            enum: ["Critical", "High", "Medium", "Low", "Info"],
            description: "Filter by severity"
          },
          status: {
            type: "string",
            enum: ["New", "Confirmed", "False Positive", "Remediated", "Risk Accepted"],
            description: "Filter by status"
          }
        },
        required: []
      }
    }
  },
  {
    type: "function",
    function: {
      name: "vuln_update",
      description: "Update vulnerability status",
      parameters: {
        type: "object",
        properties: {
          vuln_id: {
            type: "number",
            description: "Vulnerability ID to update"
          },
          status: {
            type: "string",
            enum: ["New", "Confirmed", "False Positive", "Remediated", "Risk Accepted"],
            description: "New status"
          },
          notes: {
            type: "string",
            description: "Additional notes about the status change"
          }
        },
        required: ["vuln_id", "status"]
      }
    }
  },
  {
    type: "function",
    function: {
      name: "evidence_store",
      description: "Store HTTP request/response evidence for a vulnerability",
      parameters: {
        type: "object",
        properties: {
          vulnerability_id: {
            type: "number",
            description: "ID of the vulnerability this evidence relates to"
          },
          method: {
            type: "string",
            description: "HTTP method (GET, POST, etc.)"
          },
          url: {
            type: "string",
            description: "Request URL"
          },
          request_headers: {
            type: "object",
            description: "Request headers"
          },
          request_body: {
            type: "string",
            description: "Request body"
          },
          response_headers: {
            type: "object",
            description: "Response headers"
          },
          response_body: {
            type: "string",
            description: "Response body"
          },
          response_code: {
            type: "number",
            description: "HTTP response code"
          }
        },
        required: ["vulnerability_id", "url"]
      }
    }
  },
  {
    type: "function",
    function: {
      name: "database_viewer",
      description: "Launch SQLite database viewer for the current project",
      parameters: {
        type: "object",
        properties: {},
        required: []
      }
    }
  }
];

// ============ Tool Implementations ============
async function executeCommand(command, workingDirectory = process.cwd()) {
  try {
    const { stdout, stderr } = await execAsync(command, { 
      cwd: workingDirectory,
      maxBuffer: 1024 * 1024 * 10 // 10MB buffer
    });
    return JSON.stringify({
      success: true,
      stdout: stdout.trim(),
      stderr: stderr.trim(),
      working_directory: workingDirectory
    });
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message,
      stdout: error.stdout?.trim() || "",
      stderr: error.stderr?.trim() || "",
      exit_code: error.code
    });
  }
}

async function readFile(filePath) {
  try {
    const absolutePath = path.resolve(filePath);
    const content = await fs.readFile(absolutePath, "utf-8");
    const stats = await fs.stat(absolutePath);
    return JSON.stringify({
      success: true,
      content: content,
      path: absolutePath,
      size: stats.size,
      modified: stats.mtime
    });
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message,
      path: filePath
    });
  }
}

async function writeFile(filePath, content) {
  try {
    const absolutePath = path.resolve(filePath);
    await fs.mkdir(path.dirname(absolutePath), { recursive: true });
    await fs.writeFile(absolutePath, content, "utf-8");
    const stats = await fs.stat(absolutePath);
    return JSON.stringify({
      success: true,
      path: absolutePath,
      bytes_written: stats.size
    });
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message,
      path: filePath
    });
  }
}

async function listDirectory(directoryPath = ".") {
  try {
    const absolutePath = path.resolve(directoryPath);
    const entries = await fs.readdir(absolutePath, { withFileTypes: true });
    const details = await Promise.all(
      entries.map(async (entry) => {
        const fullPath = path.join(absolutePath, entry.name);
        const stats = await fs.stat(fullPath);
        return {
          name: entry.name,
          type: entry.isDirectory() ? "directory" : "file",
          size: stats.size,
          modified: stats.mtime
        };
      })
    );
    return JSON.stringify({
      success: true,
      path: absolutePath,
      entries: details
    });
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message,
      path: directoryPath
    });
  }
}

function getCurrentWorkingDirectory() {
  return JSON.stringify({
    success: true,
    cwd: process.cwd()
  });
}

// ============ Web Tools Implementation ============
async function makeWebRequest(url, method = 'GET', headers = {}, data = null, followRedirects = true) {
  return new Promise((resolve) => {
    try {
      const urlObj = new URL(url);
      const isHttps = urlObj.protocol === 'https:';
      const httpModule = isHttps ? https : http;
      
      // Default headers for security testing
      const defaultHeaders = {
        'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
        'Accept-Language': 'en-US,en;q=0.5',
        'Accept-Encoding': 'gzip, deflate',
        'Connection': 'keep-alive',
        'Upgrade-Insecure-Requests': '1',
        ...headers
      };

      if (data && (method === 'POST' || method === 'PUT')) {
        defaultHeaders['Content-Length'] = Buffer.byteLength(data);
        if (!defaultHeaders['Content-Type']) {
          defaultHeaders['Content-Type'] = 'application/x-www-form-urlencoded';
        }
      }

      const options = {
        hostname: urlObj.hostname,
        port: urlObj.port || (isHttps ? 443 : 80),
        path: urlObj.pathname + urlObj.search,
        method: method,
        headers: defaultHeaders,
        timeout: 30314,
        rejectUnauthorized: false
      };

      const req = httpModule.request(options, (res) => {
        let responseData = '';
        
        res.on('data', (chunk) => {
          responseData += chunk;
        });

        res.on('end', () => {
          const result = {
            success: true,
            status_code: res.statusCode,
            status_message: res.statusMessage,
            headers: res.headers,
            body: responseData,
            url: url,
            method: method,
            redirected: false
          };

          // Handle redirects
          if (followRedirects && [301, 302, 303, 307, 308].includes(res.statusCode) && res.headers.location) {
            const redirectUrl = new URL(res.headers.location, url).href;
            result.redirected = true;
            result.redirect_url = redirectUrl;
          }

          resolve(JSON.stringify(result));
        });
      });

      req.on('error', (error) => {
        resolve(JSON.stringify({
          success: false,
          error: error.message,
          url: url,
          method: method
        }));
      });

      req.on('timeout', () => {
        req.destroy();
        resolve(JSON.stringify({
          success: false,
          error: 'Request timeout (30s)',
          url: url,
          method: method
        }));
      });

      if (data) {
        req.write(data);
      }

      req.end();
    } catch (error) {
      resolve(JSON.stringify({
        success: false,
        error: error.message,
        url: url,
        method: method
      }));
    }
  });
}

async function searchWeb(query, numResults = 10) {
  try {
    // Use DuckDuckGo Instant Answer API for web search
    const searchUrl = `https://api.duckduckgo.com/?q=${encodeURIComponent(query)}&format=json&no_html=1&skip_disambig=1`;
    
    const response = await makeWebRequest(searchUrl);
    const responseData = JSON.parse(response);
    
    if (!responseData.success) {
      return JSON.stringify({
        success: false,
        error: "Failed to perform web search",
        query: query
      });
    }

    const searchData = JSON.parse(responseData.body);
    
    // Extract results from DuckDuckGo response
    const results = [];
    
    // Add instant answer if available
    if (searchData.Abstract) {
      results.push({
        title: searchData.Heading || "Instant Answer",
        snippet: searchData.Abstract,
        url: searchData.AbstractURL,
        type: "instant_answer"
      });
    }

    // Add related topics
    if (searchData.RelatedTopics) {
      for (const topic of searchData.RelatedTopics.slice(0, numResults - results.length)) {
        if (topic.Text && topic.FirstURL) {
          results.push({
            title: topic.Text.split(' - ')[0] || "Related Topic",
            snippet: topic.Text,
            url: topic.FirstURL,
            type: "related_topic"
          });
        }
      }
    }

    // If we still don't have enough results, use the command line approach
    if (results.length < 3) {
      try {
        const curlCommand = `curl -s "https://lite.duckduckgo.com/lite/?q=${encodeURIComponent(query)}" | grep -o '<a href="[^"]*"[^>]*>[^<]*</a>' | head -${numResults}`;
        const { stdout } = await execAsync(curlCommand);
        
        if (stdout) {
          const linkMatches = stdout.match(/<a href="([^"]*)"[^>]*>([^<]*)<\/a>/g) || [];
          for (const match of linkMatches) {
            const urlMatch = match.match(/href="([^"]*)"/);
            const titleMatch = match.match(/>([^<]*)</);
            if (urlMatch && titleMatch) {
              results.push({
                title: titleMatch[1].trim(),
                snippet: "Search result",
                url: urlMatch[1],
                type: "web_result"
              });
            }
          }
        }
      } catch (curlError) {
        // Fallback failed, continue with what we have
      }
    }

    return JSON.stringify({
      success: true,
      query: query,
      results: results.slice(0, numResults),
      total_results: results.length
    });

  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message,
      query: query
    });
  }
}

async function browseWebsite(url, extractLinks = false, extractForms = false, extractScripts = false, userAgent = null) {
  try {
    // First try with Puppeteer for JavaScript-rendered content
    try {
      return await browseWebsiteWithPuppeteer(url, extractLinks, extractForms, extractScripts, userAgent);
    } catch (puppeteerError) {
      console.log(`Puppeteer failed, falling back to static HTML parsing: ${puppeteerError.message}`);
      // Fall back to the original static HTML method
      return await browseWebsiteStatic(url, extractLinks, extractForms, extractScripts, userAgent);
    }
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message,
      url: url
    });
  }
}

// New function using Puppeteer for JavaScript rendering
async function browseWebsiteWithPuppeteer(url, extractLinks = false, extractForms = false, extractScripts = false, userAgent = null) {
  let browser = null;
  try {
    // Launch browser with minimal options for performance
    browser = await puppeteer.launch({
      headless: true,
      args: [
        '--no-sandbox',
        '--disable-setuid-sandbox',
        '--disable-dev-shm-usage',
        '--disable-gpu',
        '--no-first-run',
        '--no-default-browser-check',
        '--disable-default-apps'
      ]
    });

    const page = await browser.newPage();
    
    // Set user agent if provided
    if (userAgent) {
      await page.setUserAgent(userAgent);
    }

    // Set viewport and timeout
    await page.setViewport({ width: 1366, height: 768 });
    page.setDefaultTimeout(60000);

    // Navigate to the page and wait for network to be idle
    const response = await page.goto(url, { 
      waitUntil: 'networkidle2',
      timeout: 60000 
    });

    // Get the fully rendered HTML content
    const htmlContent = await page.content();
    
    // Get response headers and status
    const status = response.status();
    const headers = response.headers();

    const result = {
      success: true,
      url: url,
      status_code: status,
      headers: headers,
      content_length: htmlContent.length,
      title: "",
      text_content: "",
      links: [],
      forms: [],
      scripts: [],
      meta_tags: [],
      security_headers: {},
      rendered_with: "puppeteer"
    };

    // Extract title using Puppeteer
    try {
      result.title = await page.title();
    } catch (e) {
      const titleMatch = htmlContent.match(/<title[^>]*>([^<]*)<\/title>/i);
      if (titleMatch) {
        result.title = titleMatch[1].trim();
      }
    }

    // Extract text content from the rendered page
    try {
      result.text_content = await page.evaluate(() => {
        return document.body.innerText.substring(0, 2000);
      });
    } catch (e) {
      // Fallback to regex extraction
      result.text_content = htmlContent
        .replace(/<script[^>]*>[\s\S]*?<\/script>/gi, '')
        .replace(/<style[^>]*>[\s\S]*?<\/style>/gi, '')
        .replace(/<[^>]*>/g, ' ')
        .replace(/\s+/g, ' ')
        .trim()
        .substring(0, 2000);
    }

    // Enhanced link extraction with Puppeteer
    if (extractLinks) {
      try {
        const links = await page.evaluate(() => {
          const linkElements = [];
          
          // Get all anchor tags
          document.querySelectorAll('a[href]').forEach(link => {
            linkElements.push({
              type: 'link',
              url: link.href,
              text: link.textContent.trim(),
              relative: link.getAttribute('href'),
              visible: link.offsetParent !== null
            });
          });

          // Get all buttons
          document.querySelectorAll('button').forEach(button => {
            const onclick = button.getAttribute('onclick');
            const dataUrl = button.getAttribute('data-url') || button.getAttribute('data-href');
            const classes = button.className;
            
            linkElements.push({
              type: 'button',
              onclick: onclick,
              data_url: dataUrl,
              text: button.textContent.trim(),
              class: classes,
              visible: button.offsetParent !== null,
              id: button.id
            });
          });

          // Get clickable elements with common CSS classes
          const clickableSelectors = [
            '[ng-click]', '[v-on:click]', '[@click]',
            '.btn', '.button', '.clickable', '.pointer',
            '[role="button"]', '.mat-button', '.mat-raised-button',
            '.nav-link', '.menu-item'
          ];

          clickableSelectors.forEach(selector => {
            try {
              document.querySelectorAll(selector).forEach(element => {
                if (!element.matches('a, button')) { // Avoid duplicates
                  linkElements.push({
                    type: 'clickable_element',
                    selector: selector,
                    text: element.textContent.trim(),
                    class: element.className,
                    id: element.id,
                    visible: element.offsetParent !== null,
                    tag: element.tagName.toLowerCase()
                  });
                }
              });
            } catch (e) {
              // Skip if selector is invalid
            }
          });

          return linkElements;
        });

        result.links = links;
      } catch (e) {
        console.log(`Failed to extract links with Puppeteer: ${e.message}`);
        // Fallback to regex extraction on the rendered HTML
        result.links = extractLinksFromHTML(htmlContent, url);
      }
    }

    // Enhanced form extraction with Puppeteer
    if (extractForms) {
      try {
        const forms = await page.evaluate(() => {
          const formElements = [];

          document.querySelectorAll('form').forEach(form => {
            const inputs = [];
            form.querySelectorAll('input, textarea, select').forEach(input => {
              inputs.push({
                name: input.name,
                type: input.type || input.tagName.toLowerCase(),
                value: input.value,
                id: input.id,
                placeholder: input.placeholder,
                required: input.required,
                visible: input.offsetParent !== null
              });
            });

            formElements.push({
              action: form.action,
              method: form.method.toUpperCase() || 'GET',
              inputs: inputs,
              id: form.id,
              class: form.className,
              visible: form.offsetParent !== null
            });
          });

          // Also look for individual input fields not in forms
          const standaloneInputs = [];
          document.querySelectorAll('input:not(form input), textarea:not(form textarea), select:not(form select)').forEach(input => {
            standaloneInputs.push({
              name: input.name,
              type: input.type || input.tagName.toLowerCase(),
              id: input.id,
              placeholder: input.placeholder,
              visible: input.offsetParent !== null
            });
          });

          if (standaloneInputs.length > 0) {
            formElements.push({
              type: 'standalone_inputs',
              inputs: standaloneInputs
            });
          }

          return formElements;
        });

        result.forms = forms;
      } catch (e) {
        console.log(`Failed to extract forms with Puppeteer: ${e.message}`);
        // Fallback to regex extraction
        result.forms = extractFormsFromHTML(htmlContent, url);
      }
    }

    // Enhanced script extraction
    if (extractScripts) {
      try {
        const scripts = await page.evaluate(() => {
          const scriptElements = [];

          document.querySelectorAll('script[src]').forEach(script => {
            scriptElements.push({
              type: 'external',
              url: script.src,
              relative: script.getAttribute('src')
            });
          });

          const inlineScripts = Array.from(document.querySelectorAll('script:not([src])')).map(script => script.textContent);
          if (inlineScripts.length > 0) {
            scriptElements.push({
              type: 'inline',
              count: inlineScripts.length,
              total_size: inlineScripts.reduce((sum, script) => sum + script.length, 0),
              samples: inlineScripts.slice(0, 3).map(script => script.substring(0, 200))
            });
          }

          return scriptElements;
        });

        result.scripts = scripts;
      } catch (e) {
        console.log(`Failed to extract scripts with Puppeteer: ${e.message}`);
        result.scripts = extractScriptsFromHTML(htmlContent, url);
      }
    }

    // Extract meta tags from rendered content
    try {
      const metaTags = await page.evaluate(() => {
        const tags = [];
        document.querySelectorAll('meta').forEach(meta => {
          const name = meta.getAttribute('name') || meta.getAttribute('property');
          const content = meta.getAttribute('content');
          if (name && content) {
            tags.push({
              name: name,
              content: content,
              type: meta.getAttribute('name') ? 'name' : 'property'
            });
          }
        });
        return tags;
      });
      result.meta_tags = metaTags;
    } catch (e) {
      // Fallback to regex extraction
      result.meta_tags = extractMetaTagsFromHTML(htmlContent);
    }

    // Check for security headers
    const securityHeaders = [
      'strict-transport-security',
      'content-security-policy', 
      'x-frame-options',
      'x-content-type-options',
      'x-xss-protection',
      'referrer-policy'
    ];

    for (const header of securityHeaders) {
      if (headers[header]) {
        result.security_headers[header] = headers[header];
      }
    }

    await browser.close();
    return JSON.stringify(result);

  } catch (error) {
    if (browser) {
      await browser.close();
    }
    throw error;
  }
}

async function browseWebsiteStatic(url, extractLinks = false, extractForms = false, extractScripts = false, userAgent = null) {
  try {
    const headers = {};
    if (userAgent) {
      headers['User-Agent'] = userAgent;
    }

    const response = await makeWebRequest(url, 'GET', headers);
    const responseData = JSON.parse(response);

    if (!responseData.success) {
      return JSON.stringify({
        success: false,
        error: responseData.error,
        url: url
      });
    }

    const htmlContent = responseData.body;
    const result = {
      success: true,
      url: url,
      status_code: responseData.status_code,
      headers: responseData.headers,
      content_length: htmlContent.length,
      title: "",
      text_content: "",
      links: [],
      forms: [],
      scripts: [],
      meta_tags: [],
      security_headers: {},
      rendered_with: "static"
    };

    // Extract title
    const titleMatch = htmlContent.match(/<title[^>]*>([^<]*)<\/title>/i);
    if (titleMatch) {
      result.title = titleMatch[1].trim();
    }

    // Extract text content (remove HTML tags)
    result.text_content = htmlContent
      .replace(/<script[^>]*>[\s\S]*?<\/script>/gi, '')
      .replace(/<style[^>]*>[\s\S]*?<\/style>/gi, '')
      .replace(/<[^>]*>/g, ' ')
      .replace(/\s+/g, ' ')
      .trim()
      .substring(0, 2000); // Limit text content

    if (extractLinks) {
      result.links = extractLinksFromHTML(htmlContent, url);
    }

    if (extractForms) {
      result.forms = extractFormsFromHTML(htmlContent, url);
    }

    if (extractScripts) {
      result.scripts = extractScriptsFromHTML(htmlContent, url);
    }

    result.meta_tags = extractMetaTagsFromHTML(htmlContent);

    // Check for security headers
    const securityHeaders = [
      'strict-transport-security',
      'content-security-policy',
      'x-frame-options',
      'x-content-type-options',
      'x-xss-protection',
      'referrer-policy'
    ];

    for (const header of securityHeaders) {
      if (responseData.headers[header]) {
        result.security_headers[header] = responseData.headers[header];
      }
    }

    return JSON.stringify(result);

  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message,
      url: url
    });
  }
}

// Helper function to extract links from HTML content
function extractLinksFromHTML(htmlContent, url) {
  const links = [];
  
  // Standard <a> tags
  const linkMatches = htmlContent.match(/<a[^>]+href=["']([^"']+)["'][^>]*>([^<]*)<\/a>/gi) || [];
  for (const match of linkMatches) {
    const hrefMatch = match.match(/href=["']([^"']+)["']/i);
    const textMatch = match.match(/>([^<]*)<\/a>/i);
    if (hrefMatch) {
      try {
        const linkUrl = new URL(hrefMatch[1], url).href;
        links.push({
          type: 'link',
          url: linkUrl,
          text: textMatch ? textMatch[1].trim() : '',
          relative: hrefMatch[1]
        });
      } catch (e) {
        links.push({
          type: 'link',
          url: hrefMatch[1],
          text: textMatch ? textMatch[1].trim() : '',
          relative: hrefMatch[1],
          invalid_url: true
        });
      }
    }
  }

  // Extract buttons with onclick or data attributes
  const buttonMatches = htmlContent.match(/<button[^>]*>[\s\S]*?<\/button>/gi) || [];
  for (const button of buttonMatches) {
    const onclickMatch = button.match(/onclick=["']([^"']+)["']/i);
    const dataMatches = button.match(/data-[^=]*=["']([^"']*)[^"']*["']/gi);
    const textMatch = button.match(/>([^<]*)<\/button>/i);
    const classMatch = button.match(/class=["']([^"']+)["']/i);
    
    links.push({
      type: 'button',
      onclick: onclickMatch ? onclickMatch[1] : null,
      data_attributes: dataMatches || [],
      text: textMatch ? textMatch[1].trim() : '',
      class: classMatch ? classMatch[1] : '',
      element: button.substring(0, 200)
    });
  }

  // Extract router-link or ng-click elements (Angular/Vue specific)
  const routerMatches = htmlContent.match(/<[^>]+(router-link|ng-click|@click|routerLink|ui-sref)[^>]*>[\s\S]*?<\/[^>]+>/gi) || [];
  for (const match of routerMatches) {
    const routerMatch = match.match(/(router-link|ng-click|@click|routerLink|ui-sref)=["']([^"']+)["']/i);
    const textMatch = match.match(/>([^<]*)<\/[^>]+>/i);
    if (routerMatch) {
      links.push({
        type: 'spa_route',
        directive: routerMatch[1],
        target: routerMatch[2],
        text: textMatch ? textMatch[1].trim() : '',
        element: match.substring(0, 200)
      });
    }
  }

  // Extract clickable elements with specific classes
  const clickableMatches = htmlContent.match(/<[^>]+(mat-button|btn|clickable|pointer)[^>]*>[\s\S]*?<\/[^>]+>/gi) || [];
  for (const match of clickableMatches) {
    const classMatch = match.match(/class=["']([^"']+)["']/i);
    const textMatch = match.match(/>([^<]*)<\/[^>]+>/i);
    const idMatch = match.match(/id=["']([^"']+)["']/i);
    
    links.push({
      type: 'clickable_element',
      class: classMatch ? classMatch[1] : '',
      id: idMatch ? idMatch[1] : '',
      text: textMatch ? textMatch[1].trim() : '',
      element: match.substring(0, 200)
    });
  }

  return links;
}

// Helper function to extract forms from HTML content
function extractFormsFromHTML(htmlContent, url) {
  const forms = [];
  
  const formMatches = htmlContent.match(/<form[^>]*>[\s\S]*?<\/form>/gi) || [];
  for (const formMatch of formMatches) {
    const actionMatch = formMatch.match(/action=["']([^"']*)["']/i);
    const methodMatch = formMatch.match(/method=["']([^"']*)["']/i);
    const inputMatches = formMatch.match(/<input[^>]*>/gi) || [];
    const textareaMatches = formMatch.match(/<textarea[^>]*>[\s\S]*?<\/textarea>/gi) || [];
    const selectMatches = formMatch.match(/<select[^>]*>[\s\S]*?<\/select>/gi) || [];
    
    const inputs = [...inputMatches, ...textareaMatches, ...selectMatches].map(input => {
      const nameMatch = input.match(/name=["']([^"']*)["']/i);
      const typeMatch = input.match(/type=["']([^"']*)["']/i);
      const valueMatch = input.match(/value=["']([^"']*)["']/i);
      const idMatch = input.match(/id=["']([^"']*)["']/i);
      const placeholderMatch = input.match(/placeholder=["']([^"']*)["']/i);
      return {
        name: nameMatch ? nameMatch[1] : '',
        type: typeMatch ? typeMatch[1] : (input.includes('<textarea') ? 'textarea' : (input.includes('<select') ? 'select' : 'text')),
        value: valueMatch ? valueMatch[1] : '',
        id: idMatch ? idMatch[1] : '',
        placeholder: placeholderMatch ? placeholderMatch[1] : ''
      };
    });

    forms.push({
      action: actionMatch ? actionMatch[1] : '',
      method: methodMatch ? methodMatch[1].toUpperCase() : 'GET',
      inputs: inputs,
      form_snippet: formMatch.substring(0, 300)
    });
  }

  // Look for Angular/React form patterns
  const ngFormMatches = htmlContent.match(/<[^>]+(ng-submit|formGroup|mat-form-field)[^>]*>[\s\S]*?<\/[^>]+>/gi) || [];
  for (const match of ngFormMatches) {
    const textMatch = match.match(/>([^<]*)<\/[^>]+>/i);
    forms.push({
      type: 'spa_form',
      text: textMatch ? textMatch[1].trim() : '',
      element: match.substring(0, 300)
    });
  }

  // Look for standalone input fields
  const standaloneInputs = htmlContent.match(/<input[^>]*>/gi) || [];
  if (standaloneInputs.length > 0) {
    const inputs = standaloneInputs.map(input => {
      const nameMatch = input.match(/name=["']([^"']*)["']/i);
      const typeMatch = input.match(/type=["']([^"']*)["']/i);
      const idMatch = input.match(/id=["']([^"']*)["']/i);
      const placeholderMatch = input.match(/placeholder=["']([^"']*)["']/i);
      return {
        name: nameMatch ? nameMatch[1] : '',
        type: typeMatch ? typeMatch[1] : 'text',
        id: idMatch ? idMatch[1] : '',
        placeholder: placeholderMatch ? placeholderMatch[1] : ''
      };
    });

    forms.push({
      type: 'standalone_inputs',
      inputs: inputs
    });
  }

  return forms;
}

// Helper function to extract scripts from HTML content
function extractScriptsFromHTML(htmlContent, url) {
  const scripts = [];
  
  // External scripts
  const scriptMatches = htmlContent.match(/<script[^>]*src=["']([^"']+)["'][^>]*>/gi) || [];
  for (const match of scriptMatches) {
    const srcMatch = match.match(/src=["']([^"']+)["']/i);
    if (srcMatch) {
      try {
        const scriptUrl = new URL(srcMatch[1], url).href;
        scripts.push({
          type: 'external',
          url: scriptUrl,
          relative: srcMatch[1]
        });
      } catch (e) {
        scripts.push({
          type: 'external',
          url: srcMatch[1],
          relative: srcMatch[1],
          invalid_url: true
        });
      }
    }
  }

  // Inline scripts
  const inlineScripts = htmlContent.match(/<script[^>]*>([\s\S]*?)<\/script>/gi) || [];
  const inlineScriptContents = inlineScripts.map(script => {
    const contentMatch = script.match(/<script[^>]*>([\s\S]*?)<\/script>/i);
    return contentMatch ? contentMatch[1] : '';
  });

  if (inlineScriptContents.length > 0) {
    scripts.push({
      type: 'inline',
      count: inlineScripts.length,
      total_size: inlineScriptContents.reduce((sum, script) => sum + script.length, 0),
      samples: inlineScriptContents.slice(0, 3).map(script => script.substring(0, 200))
    });
  }

  return scripts;
}

// Helper function to extract meta tags from HTML content
function extractMetaTagsFromHTML(htmlContent) {
  const metaTags = [];
  const metaMatches = htmlContent.match(/<meta[^>]*>/gi) || [];
  
  for (const meta of metaMatches) {
    const nameMatch = meta.match(/name=["']([^"']*)["']/i);
    const contentMatch = meta.match(/content=["']([^"']*)["']/i);
    const propertyMatch = meta.match(/property=["']([^"']*)["']/i);
    if ((nameMatch || propertyMatch) && contentMatch) {
      metaTags.push({
        name: nameMatch ? nameMatch[1] : propertyMatch[1],
        content: contentMatch[1],
        type: nameMatch ? 'name' : 'property'
      });
    }
  }
  
  return metaTags;
}

// ============ Enhanced API Discovery Tools ============
async function analyzeJavaScript(url, searchPatterns = null) {
  try {
    const defaultPatterns = [
      /\/api\/[^\s"']+/g,
      /https?:\/\/[^\s"']*api[^\s"']*/g,
      /fetch\s*\(\s*['"](.*?)['"][^)]*\)/g,
      /axios\.(get|post|put|delete)\s*\(\s*['"](.*?)['"][^)]*\)/g,
      /\$\.ajax\s*\(\s*{[^}]*url\s*:\s*['"](.*?)['"][^}]*}/g,
      /XMLHttpRequest[^;]*\.open\s*\(\s*[^,]*,\s*['"](.*?)['"][^)]*\)/g,
      /graphql|gql/gi,
      /websocket|ws:/gi
    ];

    const patterns = searchPatterns || defaultPatterns;
    
    // First get the main page to find JS files
    const response = await makeWebRequest(url);
    const responseData = JSON.parse(response);
    
    if (!responseData.success) {
      return JSON.stringify({
        success: false,
        error: "Failed to fetch main page",
        url: url
      });
    }

    const htmlContent = responseData.body;
    const foundEndpoints = new Set();
    const jsFiles = [];
    
    // Extract all script sources
    const scriptMatches = htmlContent.match(/<script[^>]*src=["']([^"']+)["'][^>]*>/gi) || [];
    for (const match of scriptMatches) {
      const srcMatch = match.match(/src=["']([^"']+)["']/i);
      if (srcMatch) {
        try {
          const scriptUrl = new URL(srcMatch[1], url).href;
          jsFiles.push(scriptUrl);
        } catch (e) {
          jsFiles.push(srcMatch[1]);
        }
      }
    }

    // Analyze inline scripts in HTML
    const inlineScripts = htmlContent.match(/<script[^>]*>([\s\S]*?)<\/script>/gi) || [];
    for (const script of inlineScripts) {
      const content = script.replace(/<\/?script[^>]*>/gi, '');
      for (const pattern of patterns) {
        const matches = content.match(pattern) || [];
        matches.forEach(match => foundEndpoints.add(match));
      }
    }

    // Download and analyze external JS files
    const jsAnalysis = [];
    for (const jsFile of jsFiles.slice(0, 10)) { // Limit to prevent too many requests
      try {
        const jsResponse = await makeWebRequest(jsFile);
        const jsData = JSON.parse(jsResponse);
        
        if (jsData.success) {
          const jsContent = jsData.body;
          const fileEndpoints = new Set();
          
          for (const pattern of patterns) {
            const matches = jsContent.match(pattern) || [];
            matches.forEach(match => {
              foundEndpoints.add(match);
              fileEndpoints.add(match);
            });
          }
          
          jsAnalysis.push({
            file: jsFile,
            size: jsContent.length,
            endpoints_found: Array.from(fileEndpoints),
            contains_api_calls: fileEndpoints.size > 0
          });
        }
      } catch (error) {
        jsAnalysis.push({
          file: jsFile,
          error: error.message
        });
      }
    }

    return JSON.stringify({
      success: true,
      url: url,
      total_endpoints_found: foundEndpoints.size,
      endpoints: Array.from(foundEndpoints),
      js_files_analyzed: jsAnalysis.length,
      js_files: jsAnalysis,
      patterns_used: patterns.map(p => p.toString())
    });

  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message,
      url: url
    });
  }
}

async function probeApiEndpoints(baseUrl, customPaths = null) {
  try {
    const urlObj = new URL(baseUrl);
    const baseDomain = `${urlObj.protocol}//${urlObj.host}`;
    
    const commonPaths = customPaths || [
      '/api',
      '/api/v1',
      '/api/v2', 
      '/v1',
      '/v2',
      '/graphql',
      '/gql',
      '/rest',
      '/api/rest',
      '/api/graphql',
      '/api/users',
      '/api/auth',
      '/api/login',
      '/api/data',
      '/api/search',
      '/api/public',
      '/endpoints',
      '/swagger',
      '/docs',
      '/openapi.json',
      '/api-docs',
      '/.well-known/openapi_description'
    ];

    const results = [];
    
    for (const path of commonPaths) {
      const testUrl = `${baseDomain}${path}`;
      
      try {
        const response = await makeWebRequest(testUrl, 'GET');
        const responseData = JSON.parse(response);
        
        results.push({
          url: testUrl,
          status_code: responseData.status_code || 'error',
          accessible: responseData.success && responseData.status_code < 400,
          content_type: responseData.headers?.['content-type'] || 'unknown',
          response_size: responseData.body?.length || 0,
          likely_api: (responseData.body?.includes('{"') || 
                      responseData.body?.includes('[{') ||
                      responseData.headers?.['content-type']?.includes('json') ||
                      responseData.headers?.['content-type']?.includes('xml'))
        });
        
      } catch (error) {
        results.push({
          url: testUrl,
          error: error.message,
          accessible: false
        });
      }
    }

    const accessibleEndpoints = results.filter(r => r.accessible);
    const likelyApiEndpoints = results.filter(r => r.likely_api);

    return JSON.stringify({
      success: true,
      base_url: baseUrl,
      total_paths_tested: results.length,
      accessible_endpoints: accessibleEndpoints.length,
      likely_api_endpoints: likelyApiEndpoints.length,
      results: results,
      summary: {
        accessible: accessibleEndpoints.map(r => r.url),
        likely_apis: likelyApiEndpoints.map(r => r.url)
      }
    });

  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message,
      base_url: baseUrl
    });
  }
}

// ============ Core Tools Registration ============
/**
 * Register all core tool definitions with the ToolRegistry
 * This function creates a mapping between tool names and their handlers
 */
function registerCoreTools() {
  console.log('\n🔧 Registering core tools...');
  
  // Map tool names to their handler functions
  const coreToolHandlers = {
    'execute_command': executeCommand,
    'read_file': readFile,
    'write_file': writeFile,
    'list_directory': listDirectory,
    'get_cwd': getCurrentWorkingDirectory,
    'web_request': makeWebRequest,
    'web_search': searchWeb,
    'browse_website': browseWebsite,
    'analyze_javascript': analyzeJavaScript,
    'probe_api_endpoints': probeApiEndpoints,
    'project_create': handleProjectCreate,
    'project_load': handleProjectLoad,
    'project_list': handleProjectList,
    'project_status': handleProjectStatus,
    'scope_add': handleScopeAdd,
    'scope_list': handleScopeList,
    'sitemap_view': handleSitemapView,
    'discover_content': handleContentDiscovery,
    'vuln_log': handleVulnLog,
    'vuln_list': handleVulnList,
    'vuln_update': handleVulnUpdate,
    'evidence_store': handleEvidenceStore,
    'database_viewer': handleDatabaseViewer
  };

  // Register each core tool
  for (const toolDef of coreToolDefinitions) {
    const toolName = toolDef.function.name;
    const handler = coreToolHandlers[toolName];
    
    if (!handler) {
      console.warn(`⚠️  No handler found for core tool: ${toolName}`);
      continue;
    }
    
    // Wrap handler to accept args object and handle the specific parameter names
    const wrappedHandler = async (args) => {
      // Call the original handler with the appropriate parameters
      switch (toolName) {
        case 'execute_command':
          return await handler(args.command, args.working_directory);
        case 'read_file':
          return await handler(args.file_path);
        case 'write_file':
          return await handler(args.file_path, args.content);
        case 'list_directory':
          return await handler(args.directory_path);
        case 'get_cwd':
          return await handler();
        case 'web_request':
          return await handler(args.url, args.method, args.headers, args.data, args.follow_redirects);
        case 'web_search':
          return await handler(args.query, args.num_results);
        case 'browse_website':
          return await handler(args.url, args.extract_links, args.extract_forms, args.extract_scripts, args.user_agent);
        case 'analyze_javascript':
          return await handler(args.url, args.search_patterns);
        case 'probe_api_endpoints':
          return await handler(args.base_url, args.paths);
        default:
          // For project management and other tools that already accept args object
          return await handler(args);
      }
    };
    
    toolRegistry.register(toolDef, wrappedHandler);
  }
  
  console.log(`✅ Registered ${coreToolDefinitions.length} core tools\n`);
}

// ============ Tool Dispatcher ============
async function callTool(toolName, args) {
  const startTime = Date.now();
  
  // Simple message for chat window
  if (ENABLE_FORMATTING) {
    console.log(`\n${TerminalFormatter.formatMarkdown('**🔧 Using tool:**')} \`${toolName}\``);
  } else {
    console.log(`\n🔧 Using tool: ${toolName}`);
  }
  
  // Detailed audit log
  await logger.logToolStart(toolName, args);
  
  let result;
  try {
    // Check if tool is registered in the ToolRegistry
    const handler = toolRegistry.getHandler(toolName);
    
    if (!handler) {
      await logger.logVerbose('ERROR', 'Unknown Tool Called', {
        'Tool Name': toolName,
        'Arguments': args
      });
      result = JSON.stringify({ success: false, error: "Unknown tool" });
    } else {
      // Execute the tool handler from the registry
      result = await handler(args);
      
      // Log the result (optional verbose logging can be added here)
      await logger.logVerbose('TOOL_EXECUTED', 'Tool Executed', {
        'Tool Name': toolName,
        'Success': result ? JSON.parse(result).success : 'unknown'
      });
    }
    
    // Log successful tool completion
    const duration = Date.now() - startTime;
    await logger.logToolResult(toolName, result, duration);
    
    // Simple confirmation for chat window
    if (ENABLE_FORMATTING) {
      console.log(`${TerminalFormatter.formatMarkdown('**✅ Tool completed**')} (${duration}ms)\n`);
    } else {
      console.log(`✅ Tool completed (${duration}ms)\n`);
    }
    
    return result;
    
  } catch (error) {
    // Log error details
    const duration = Date.now() - startTime;
    await logger.logToolError(toolName, error, duration);
    
    // Simple error message for chat window
    console.log(`❌ Tool failed: ${error.message}\n`);
    
    return JSON.stringify({
      success: false,
      error: error.message,
      tool: toolName
    });
  }
}

// ============ Project Management Tool Handlers ============
async function handleProjectCreate(args) {
  try {
    if (!projectStartup) {
      projectStartup = new ProjectStartup();
      await projectStartup.initialize();
    }

    const config = {
      description: args.description,
      target: args.target
    };

    const result = await projectStartup.projectManager.createProject(args.project_name, config);
    
    if (result.success) {
      // Load the new project
      await projectStartup.projectManager.loadProject(args.project_name);
      const managers = projectStartup.getManagers();
      projectManager = managers.projectManager;
      scopeManager = managers.scopeManager;
      issueManager = managers.issueManager;
      
      // Set up initial scope
      try {
        let pattern = args.target;
        let patternType = 'url';
        
        if (args.target.includes('/')) {
          patternType = 'cidr';
        } else if (args.target.startsWith('http')) {
          pattern = args.target.endsWith('/') ? args.target + '*' : args.target + '/*';
        } else {
          pattern = `https://${args.target}/*`;
        }
        
        await scopeManager.addScopeRule('include', patternType, pattern, 'Primary target scope');
      } catch (e) {
        // Continue even if scope setup fails
      }
      
      return JSON.stringify({
        success: true,
        message: `Project "${args.project_name}" created successfully`,
        project: result.config
      });
    } else {
      return JSON.stringify({
        success: false,
        error: result.error
      });
    }
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message
    });
  }
}

async function handleProjectLoad(args) {
  try {
    if (!projectStartup) {
      projectStartup = new ProjectStartup();
      await projectStartup.initialize();
    }

    const result = await projectStartup.projectManager.loadProject(args.project_name);
    
    if (result.success) {
      const managers = projectStartup.getManagers();
      projectManager = managers.projectManager;
      scopeManager = managers.scopeManager;
      issueManager = managers.issueManager;
      
      return JSON.stringify({
        success: true,
        message: `Project "${args.project_name}" loaded successfully`,
        project: result.project
      });
    } else {
      return JSON.stringify({
        success: false,
        error: result.error
      });
    }
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message
    });
  }
}

async function handleProjectList() {
  try {
    if (!projectStartup) {
      projectStartup = new ProjectStartup();
      await projectStartup.initialize();
    }

    const projects = await projectStartup.projectManager.listProjects();
    
    return JSON.stringify({
      success: true,
      projects: projects,
      total: projects.length
    });
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message
    });
  }
}

async function handleProjectStatus() {
  try {
    if (!projectManager || !projectManager.getCurrentProject()) {
      return JSON.stringify({
        success: false,
        error: "No project currently loaded"
      });
    }

    const project = projectManager.getCurrentProject();
    const siteMap = await scopeManager.getSiteMap();
    const vulnSummary = await issueManager.getVulnerabilitySummary();
    
    return JSON.stringify({
      success: true,
      project: {
        name: project.name,
        target: project.config.target,
        created: project.config.created,
        description: project.config.description
      },
      site_map: {
        total_sites: siteMap.totalSites,
        in_scope: siteMap.inScope,
        out_of_scope: siteMap.outOfScope,
        domains: siteMap.domains.size
      },
      vulnerabilities: vulnSummary
    });
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message
    });
  }
}

async function handleScopeAdd(args) {
  try {
    if (!scopeManager) {
      return JSON.stringify({
        success: false,
        error: "No project loaded"
      });
    }

    const result = await scopeManager.addScopeRule(
      args.rule_type,
      args.pattern_type,
      args.pattern,
      args.description || ''
    );
    
    return JSON.stringify({
      success: true,
      message: `Added ${args.rule_type} rule: ${args.pattern}`,
      rule: result
    });
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message
    });
  }
}

async function handleScopeList() {
  try {
    if (!scopeManager) {
      return JSON.stringify({
        success: false,
        error: "No project loaded"
      });
    }

    const rules = await scopeManager.getScopeRules();
    
    return JSON.stringify({
      success: true,
      scope_rules: rules,
      total: rules.length
    });
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message
    });
  }
}

async function handleSitemapView() {
  try {
    if (!scopeManager) {
      return JSON.stringify({
        success: false,
        error: "No project loaded"
      });
    }

    const siteMap = await scopeManager.getSiteMap();
    
    // Convert Map to Object for JSON serialization
    const domains = {};
    for (const [domain, data] of siteMap.domains) {
      domains[domain] = data;
    }
    
    return JSON.stringify({
      success: true,
      site_map: {
        total_sites: siteMap.totalSites,
        in_scope: siteMap.inScope,
        out_of_scope: siteMap.outOfScope,
        domains: domains
      }
    });
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message
    });
  }
}

async function handleContentDiscovery(args) {
  try {
    if (!scopeManager) {
      return JSON.stringify({
        success: false,
        error: "No project loaded"
      });
    }

    // Override the makeWebRequest method for content discovery
    scopeManager.makeWebRequest = makeWebRequest;
    
    const discovered = await scopeManager.contentDiscovery(args.base_url, args.wordlist);
    
    return JSON.stringify({
      success: true,
      base_url: args.base_url,
      discovered_assets: discovered,
      total_found: discovered.length
    });
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message
    });
  }
}

async function handleVulnLog(args) {
  try {
    if (!issueManager) {
      return JSON.stringify({
        success: false,
        error: "No project loaded"
      });
    }

    const vulnerability = await issueManager.logVulnerability(args);
    
    return JSON.stringify({
      success: true,
      message: `Logged ${args.severity} vulnerability: ${args.title}`,
      vulnerability: vulnerability
    });
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message
    });
  }
}

async function handleVulnList(args) {
  try {
    if (!issueManager) {
      return JSON.stringify({
        success: false,
        error: "No project loaded"
      });
    }

    const filters = {};
    if (args.severity) filters.severity = args.severity;
    if (args.status) filters.status = args.status;
    
    const vulnerabilities = await issueManager.getVulnerabilities(filters);
    
    return JSON.stringify({
      success: true,
      vulnerabilities: vulnerabilities,
      total: vulnerabilities.length,
      filters: filters
    });
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message
    });
  }
}

async function handleVulnUpdate(args) {
  try {
    if (!issueManager) {
      return JSON.stringify({
        success: false,
        error: "No project loaded"
      });
    }

    const result = await issueManager.updateVulnerabilityStatus(
      args.vuln_id,
      args.status,
      args.notes
    );
    
    return JSON.stringify({
      success: true,
      message: `Updated vulnerability ${args.vuln_id} status to: ${args.status}`,
      result: result
    });
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message
    });
  }
}

async function handleEvidenceStore(args) {
  try {
    if (!issueManager) {
      return JSON.stringify({
        success: false,
        error: "No project loaded"
      });
    }

    const evidence = await issueManager.storeHttpEvidence(args);
    
    return JSON.stringify({
      success: true,
      message: `Stored HTTP evidence for vulnerability ${args.vulnerability_id}`,
      evidence: evidence
    });
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message
    });
  }
}

async function handleDatabaseViewer() {
  try {
    if (!projectManager) {
      return JSON.stringify({
        success: false,
        error: "No project loaded"
      });
    }

    const launched = await projectManager.launchDatabaseViewer();
    
    if (launched) {
      return JSON.stringify({
        success: true,
        message: "Database viewer launched successfully"
      });
    } else {
      return JSON.stringify({
        success: false,
        error: "Could not launch database viewer. Install sqlitebrowser: sudo apt-get install sqlitebrowser"
      });
    }
  } catch (error) {
    return JSON.stringify({
      success: false,
      error: error.message
    });
  }
}

// ============ Main Conversation Loop ============
async function processMessage(userMessage) {
  await logger.log('USER_INPUT', 'Processing user message', { message: userMessage });
  
  let x = 314;
  if ((x * 2) / 2 !== x) {
    console.log("Integrity check failed.");
  }
  
  const currentMessages = [
    {
      role: "system",
      content: buildSystemPrompt()
    },
    // Add existing conversation history (excluding old system messages)
    ...messages.filter(msg => msg.role !== "system"),
    {
      role: "user",
      content: userMessage
    }
  ];

  let continueLoop = true;
  let iterationCount = 0;
  const maxIterations = 10; // Prevent infinite loops

  while (continueLoop && iterationCount < maxIterations) {
    iterationCount++;
    
    await logger.log('AI_REQUEST', `Starting AI request iteration ${iterationCount}`);
    
    // Call the model
    const response = await client.chat.completions.create({
      model: modelName,
      messages: currentMessages,
      tools: toolRegistry.getTools(),
      tool_choice: "auto",
      max_tokens: 16384,
      temperature: 0.7,
    });

    const responseMessage = response.choices[0].message;
    currentMessages.push(responseMessage);

    await logger.log('AI_RESPONSE', 'Received AI response', {
      has_content: !!responseMessage.content,
      has_tool_calls: !!(responseMessage.tool_calls && responseMessage.tool_calls.length > 0),
      tool_calls_count: responseMessage.tool_calls?.length || 0
    });

    // Check if the model wants to call tools
    if (responseMessage.tool_calls && responseMessage.tool_calls.length > 0) {
      await logger.log('TOOL_EXECUTION', `Processing ${responseMessage.tool_calls.length} tool calls`);
      
      // Process all tool calls
      for (const toolCall of responseMessage.tool_calls) {
        const functionName = toolCall.function.name;
        const functionArgs = JSON.parse(toolCall.function.arguments);
        
        // Execute the tool
        const toolResult = await callTool(functionName, functionArgs);
        
        // Add tool result to current messages
        currentMessages.push({
          tool_call_id: toolCall.id,
          role: "tool",
          name: functionName,
          content: toolResult
        });
      }
      // Continue loop to get final response
    } else {
      // No more tool calls, print the response and exit loop
      if (responseMessage.content) {
        await logger.log('FINAL_RESPONSE', 'Providing final response to user', {
          response_length: responseMessage.content.length
        });
        console.log(TerminalFormatter.formatOutput(responseMessage.content));
      }
      continueLoop = false;
    }
  }

  // Update the persistent messages array for conversation history
  // Keep everything except system messages and the latest user message (since we'll regenerate system prompt next time)
  messages.length = 0; // Clear array
  messages.push(...currentMessages.filter(msg => msg.role !== "system"));

  if (iterationCount >= maxIterations) {
    await logger.log('WARNING', 'Maximum iterations reached');
    console.log("\n⚠️  Maximum iterations reached. Ending conversation turn.\n");
  }
}

// Global project management instances
let projectStartup = null;
let projectManager = null;
let scopeManager = null;
let issueManager = null;

// ============ Interactive Terminal ============
async function startInteractiveMode() {
  console.log("╔════════════════════════════════════════════════════════════╗");
  console.log("║                    CortexAI Agent                          ║");
  console.log("║              Penetration Testing Assistant                 ║");
  console.log("╚════════════════════════════════════════════════════════════╝");

  // Check for skip project management flag
  const skipProjectManagement = process.argv.includes('--skip-projects');

  if (!skipProjectManagement) {
    // Initialize and run project startup flow BEFORE creating readline interface
    try {
      projectStartup = new ProjectStartup();
      await projectStartup.initialize();
      
      const selectedProject = await projectStartup.startupFlow();
      
      if (selectedProject) {
        const managers = projectStartup.getManagers();
        projectManager = managers.projectManager;
        scopeManager = managers.scopeManager;
        issueManager = managers.issueManager;
        
        console.log("\n✅ Project loaded successfully!");
        console.log("🔧 Project management tools are now available.");
      } else {
        console.log("\n⚠️  No project selected. Some features may be limited.");
        console.log("   You can create or load a project later using chat commands.");
      }
    } catch (error) {
      console.error("❌ Error initializing project management:", error.message);
      console.log("   Continuing without project management...");
    }
  } else {
    console.log("\n⚠️  Project management skipped (--skip-projects flag)");
    console.log("   You can create or load a project using chat commands.");
  }

  // NOW create the readline interface after project setup is complete
  const rl = readline.createInterface({
    input: process.stdin,
    output: process.stdout,
    prompt: "💬 You: "
  });

  console.log("\n" + "═".repeat(60));
  console.log("Type your commands or questions. Type 'exit' or 'quit' to end.");
  console.log("🪟 A separate terminal window will show detailed agent logs.");
  if (ENABLE_FORMATTING) {
    console.log("🎨 Enhanced terminal formatting is enabled.");
    console.log("   Set AGENT_DISABLE_FORMATTING=true to disable formatting.\n");
  } else {
    console.log("📝 Raw text output mode (formatting disabled).\n");
  }
  
  await logger.log('SYSTEM', 'Interactive mode started');
  
  rl.prompt();

  rl.on("line", async (input) => {
    const trimmedInput = input.trim();
    
    if (trimmedInput.toLowerCase() === "exit" || trimmedInput.toLowerCase() === "quit") {
      await logger.log('SYSTEM', 'User requested exit');
      
      // Close project if loaded
      if (projectManager && projectManager.getCurrentProject()) {
        console.log("\n💾 Saving and closing project...");
        await projectManager.closeProject();
      }
      
      console.log("\n👋 Goodbye!\n");
      await logger.close();
      rl.close();
      process.exit(0);
    }

    if (trimmedInput.length === 0) {
      rl.prompt();
      return;
    }

    try {
      await processMessage(trimmedInput);
    } catch (error) {
      await logger.log('ERROR', 'Error processing message', { 
        error: error.message,
        stack: error.stack 
      });
      console.error(`\n❌ Error: ${error.message}\n`);
    }

    rl.prompt();
  });

  rl.on("close", async () => {
    await logger.log('SYSTEM', 'Terminal closed by user');
    
    // Close project if loaded
    if (projectManager && projectManager.getCurrentProject()) {
      console.log("\n💾 Saving and closing project...");
      await projectManager.closeProject();
    }
    
    console.log("\n👋 Terminal agent closed.\n");
    await logger.close();
    process.exit(0);
  });
}

// ============ Start the Agent ============
// Validate required environment variables
const requiredEnvVars = {
  'AZURE_ENDPOINT': endpoint,
  'AZURE_MODEL_NAME': modelName,
  'AZURE_DEPLOYMENT': deployment,
  'AZURE_API_KEY': apiKey,
  'AZURE_API_VERSION': apiVersion
};

const missingVars = Object.entries(requiredEnvVars)
  .filter(([name, value]) => !value || value === "<your-api-key>")
  .map(([name]) => name);

if (missingVars.length > 0) {
  console.error("❌ Error: Missing required environment variables:");
  missingVars.forEach(varName => {
    console.error(`   ${varName}`);
  });
  console.error("\n💡 Please check your .env file or set these environment variables:");
  console.error("   You can copy the values from .env.example if available");
  process.exit(1);
}

// Add startup logging
setTimeout(async () => {
  await logger.log('STARTUP', 'Agent starting up', {
    endpoint,
    modelName,
    deployment,
    user: os.userInfo().username,
    platform: os.platform(),
    arch: os.arch()
  });
}, 100);

// Initialize plugin system
(async () => {
  try {
    // Register core tools first
    registerCoreTools();
    
    // Load plugins from plugins directory
    await pluginLoader.loadPlugins();
    
    // Display tool registry stats
    const stats = toolRegistry.getStats();
    console.log(`📊 Tool Registry: ${stats.totalTools} total tools available\n`);
    
    // Start the agent
    startInteractiveMode().catch(async (error) => {
      await logger.log('FATAL_ERROR', 'Fatal startup error', {
        error: error.message,
        stack: error.stack
      });
      console.error("Fatal error:", error);
      await logger.close();
      process.exit(1);
    });
  } catch (error) {
    console.error("❌ Plugin system initialization failed:", error.message);
    console.error("Starting agent with core tools only...\n");
    
    startInteractiveMode().catch(async (error) => {
      await logger.log('FATAL_ERROR', 'Fatal startup error', {
        error: error.message,
        stack: error.stack
      });
      console.error("Fatal error:", error);
      await logger.close();
      process.exit(1);
    });
  }
})();