🎹 Developer's Words
"I believe playing the piano is also a form of orchestration." The harmony of polyphony — multiple voices — and homophony — a single melodic line. Each voice sings its most beautiful song from its own place, yet when combined, they create one grand, beautiful melody. I believe this structure is no different from AI agents.
Chopin Ballade No.4
pentesting logo

General-Purpose
Agent Runtime

pentesting keeps orchestration, verification, state, and completion ownership in the runtime — generating a dynamic agent profile per request and remembering like a human. One public surface serves the GitHub Pages docs, npm facade, Docker entrypoint, and release binaries.

GitHub Releases Quick Start ↓
27
Rust Crates
7
Release Targets
5
Completion Gates
4
Profile Templates
npm
Public Facade
Docker
Runtime Image
Runtime-Owned Orchestration

Model answers are candidates, not completions. The runtime classifies intent, builds execution strategy, enforces tool policy, runs verification, and owns completion across dev, automation, and security-oriented workflows.

pentesting stores long-lived knowledge in an Obsidian-like markdown file system and keeps the public distribution surface separate in pentesting-public.

pentesting
// user input received
classify IntentClassifier → Task
[route] ExecutionStrategy: Task
[gate] 5 acceptance gates opened
phase Discover → Plan → Execute
[tool] policy-gated execution ✓
[verify] completion verification run
proof building gate evidence…
[adj] adjudicate → Complete ✓
TASK COMPLETED
Dynamic Agent Profiles
The intent classifier generates a profile descriptor per request — task shape, tool scope, evidence rigor, retrieval bias, and interaction style. Generate, recall, reuse — not one fixed persona.
Runtime-Owned Adjudication
A 5-gate completion lattice owns the verdict. Model answers stay candidates until runtime evidence verifies them — never self-assessment.
Ebbinghaus-Inspired Memory
Note strength fades like human memory with per-kind decay, reinforced on recall and bi-temporal. Faded notes are de-referenced — archived or tombstoned, never destroyed.
Local-First Knowledge Graph
Knowledge lives in local markdown with an Obsidian-style graph and graph traversal — no external service or required database.
Git-Backed Rewind
Working-tree checkpoint and restore let a run roll the workspace back to a known-good point instead of trusting an irreversible edit.
Single Runtime Surface
The same runtime ships through Docker, npm, GitHub Pages, and release binaries instead of diverging wrappers.
Generate · Recall · Reuse
Dynamic Agent Profiles from Templates

pentesting does not run one fixed persona. For every request the intent classifier generates a DynamicProfileDescriptor — task shape, tool scope, evidence rigor, retrieval bias, and interaction style. Reusable named templates and delegation overlays are then recalled and layered, and the resolved profile drives tool-scope, workflow phase, and memory weighting.

One Runtime, Many Shapes

The profile is computed, not hardcoded. A read-only review request resolves to strict evidence and a read-only tool scope; an implementation request opens a bounded write scope; a coordination request fans out with broad scope. Delegated sub-agents inherit an overlay rather than a fresh, context-free persona.

general-agent Balanced default for everyday dev and automation.
local-builder Local-first building with bounded write scope.
ctf-competition Aggressive, fresh-evidence-first investigation.
enterprise-review Read-only, strict-rigor review posture.
profile
// request classified
generate DynamicProfileDescriptor
task_shape = Review
tool_scope = ReadOnly
evidence_rigor = Strict
retrieval_bias = FreshEvidenceFirst
recall template: enterprise-review
layer delegation overlay
[resolve] profile → tool-scope · phase · memory ✓
Public Surface Contract
Surface Public Location Responsibility
Docs + Site agnusdei1207.github.io/pentesting-public Static landing page and mirrored public README
Binary Releases github.com/agnusdei1207/pentesting-public/releases Managed download target for npm and self-update
npm Facade npmjs.com/package/pentesting Thin launcher that downloads the runtime binary from public releases
Docker docker.io/agnusdei1207/pentesting:latest Container runtime image for interactive and compose usage
Source Repo source repository Implementation, release orchestration, and source of truth
Getting Started
Quick Start
01 Install the public facade
terminal
$ npm install -g pentesting
02 Start the pentesting runtime
pentesting
$ pentesting
03 Docker alternative
docker run
$ docker run -it --rm -v "$(pwd):/workspace" -w /workspace agnusdei1207/pentesting:latest
📦 npm
pentesting
GitHub
agnusdei1207/pentesting-public
📖 Docs
README.md