— docs
Operator controls
Steer the agent mid-engagement with slash commands and guidance.
The TUI lets you talk to Claude while it works. Two channels: free-text operator guidance, and slash commands.
Free-text guidance
Type anything that isn’t a slash command and hit Enter. It’s queued and injected into the next phase prompt.
> the auth endpoint returns 200 OK on any creds — check for IDOR on /users/{id}Claude sees this as an operator instruction with high priority. Useful when:
- You know context the agent doesn’t (e.g. a recent breach disclosure).
- You want to redirect — “stop chasing the marketing site, the API is the target”.
- You want to add a constraint — “no requests to /admin/* even though it’s in scope”.
Slash commands
| Command | Effect |
|---|---|
/stop | End the current phase NOW. Claude emits a brief summary and advances to REPORTING. |
/pause | Operator note injected: wait for /resume before more tool calls. |
/resume | Cancels /pause. |
/focus <target> | Tells the agent to prioritise a specific target in subsequent phases. |
/hunt on / /hunt off | Toggle bug-hunter mode (loop past REPORTING). |
/quit | Exit immediately. Scan is abandoned. |
Keyboard
| Key | Effect |
|---|---|
| Ctrl+O (or Tab) | Toggle tool output expansion |
| Ctrl+C | Quit immediately |
| Enter | Submit current input |
Bug-hunter mode
/hunt on (or aegis run --hunt) keeps the engagement looping past REPORTING. After the report is generated, AEGIS resets to ACTIVE_RECON with the existing findings as context and runs another full pass.
This is the right mode when:
- You’re doing bug bounty work and want maximum coverage.
- The target is huge and one pass misses things.
- You want the agent to build on its own findings — “now that you know X, what else can you find?”
To exit hunt mode and finalise: /hunt off then /stop.