@jshookmcp/jshook 0.2.2 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (414) hide show
  1. package/LICENSE +661 -661
  2. package/README.md +15 -6
  3. package/README.zh.md +19 -4
  4. package/dist/native/scripts/linux/enum-windows.sh +12 -12
  5. package/dist/native/scripts/macos/enum-windows.applescript +22 -22
  6. package/dist/native/scripts/windows/enum-windows-by-class.ps1 +51 -51
  7. package/dist/native/scripts/windows/enum-windows.ps1 +44 -44
  8. package/dist/native/scripts/windows/inject-dll.ps1 +21 -21
  9. package/dist/packages/extension-sdk/src/bridges/shared.js +2 -2
  10. package/dist/packages/extension-sdk/src/plugin.d.ts +5 -0
  11. package/dist/packages/extension-sdk/src/plugin.js +119 -33
  12. package/dist/packages/extension-sdk/src/workflow.d.ts +156 -0
  13. package/dist/packages/extension-sdk/src/workflow.js +236 -0
  14. package/dist/src/config/search-defaults.js +161 -0
  15. package/dist/src/constants.d.ts +3 -0
  16. package/dist/src/constants.js +4 -1
  17. package/dist/src/index.d.ts +1 -1
  18. package/dist/src/index.js +13 -17
  19. package/dist/src/modules/analyzer/CodeAnalyzer.d.ts +1 -3
  20. package/dist/src/modules/analyzer/CodeAnalyzer.js +16 -28
  21. package/dist/src/modules/analyzer/CodeAnalyzerDataFlow.d.ts +1 -2
  22. package/dist/src/modules/analyzer/CodeAnalyzerDataFlow.js +1 -45
  23. package/dist/src/modules/analyzer/IntelligentAnalyzer.d.ts +1 -37
  24. package/dist/src/modules/analyzer/IntelligentAnalyzer.js +9 -142
  25. package/dist/src/modules/analyzer/PatternDetector.js +3 -3
  26. package/dist/src/modules/analyzer/PatternDetectorAuthPatterns.js +1 -1
  27. package/dist/src/modules/browser/BrowserDiscovery.d.ts +6 -5
  28. package/dist/src/modules/browser/BrowserDiscovery.js +3 -3
  29. package/dist/src/modules/browser/BrowserModeManager.d.ts +1 -1
  30. package/dist/src/modules/browser/BrowserModeManager.js +11 -10
  31. package/dist/src/modules/browser/TabRegistry.js +2 -2
  32. package/dist/src/modules/browser/UnifiedBrowserManager.d.ts +1 -0
  33. package/dist/src/modules/browser/UnifiedBrowserManager.js +19 -4
  34. package/dist/src/modules/captcha/AICaptchaDetector.d.ts +14 -23
  35. package/dist/src/modules/captcha/AICaptchaDetector.js +8 -202
  36. package/dist/src/modules/captcha/CaptchaDetector.d.ts +31 -17
  37. package/dist/src/modules/captcha/CaptchaDetector.js +1 -1
  38. package/dist/src/modules/collector/CodeCache.d.ts +2 -2
  39. package/dist/src/modules/collector/CodeCollector.d.ts +12 -9
  40. package/dist/src/modules/collector/CodeCollector.js +5 -6
  41. package/dist/src/modules/collector/DOMInspector.d.ts +3 -2
  42. package/dist/src/modules/collector/DOMInspector.js +49 -59
  43. package/dist/src/modules/collector/PageController.d.ts +17 -4
  44. package/dist/src/modules/collector/PageController.js +2 -5
  45. package/dist/src/modules/collector/PageScriptCollectors.js +3 -3
  46. package/dist/src/modules/crypto/CryptoDetector.d.ts +1 -4
  47. package/dist/src/modules/crypto/CryptoDetector.js +2 -42
  48. package/dist/src/modules/crypto/CryptoRules.js +1 -1
  49. package/dist/src/modules/debugger/BlackboxManager.js +1 -1
  50. package/dist/src/modules/debugger/DebuggerManager.impl.core.scope.js +1 -1
  51. package/dist/src/modules/debugger/ScriptManager.impl.extract-function-tree.js +5 -3
  52. package/dist/src/modules/debugger/WatchExpressionManager.js +1 -1
  53. package/dist/src/modules/deobfuscator/Deobfuscator.d.ts +1 -4
  54. package/dist/src/modules/deobfuscator/Deobfuscator.js +4 -39
  55. package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.d.ts +0 -3
  56. package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.js +2 -8
  57. package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.restore.d.ts +2 -3
  58. package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.restore.js +5 -57
  59. package/dist/src/modules/deobfuscator/JScramblerDeobfuscator.js +3 -4
  60. package/dist/src/modules/deobfuscator/PackerDeobfuscator.js +1 -1
  61. package/dist/src/modules/deobfuscator/VMDeobfuscator.d.ts +2 -10
  62. package/dist/src/modules/deobfuscator/VMDeobfuscator.js +3 -128
  63. package/dist/src/modules/deobfuscator/webcrack.js +15 -2
  64. package/dist/src/modules/emulator/AIEnvironmentAnalyzer.d.ts +5 -8
  65. package/dist/src/modules/emulator/AIEnvironmentAnalyzer.js +10 -102
  66. package/dist/src/modules/emulator/EnvironmentEmulator.d.ts +1 -5
  67. package/dist/src/modules/emulator/EnvironmentEmulator.js +7 -91
  68. package/dist/src/modules/emulator/EnvironmentEmulatorFetch.js +58 -61
  69. package/dist/src/modules/emulator/templates/chrome-env.d.ts +17 -7
  70. package/dist/src/modules/emulator/templates/chrome-env.js +14 -7
  71. package/dist/src/modules/external/ExternalToolRunner.d.ts +1 -1
  72. package/dist/src/modules/external/ExternalToolRunner.js +26 -23
  73. package/dist/src/modules/monitor/ConsoleMonitor.impl.core.class.d.ts +13 -0
  74. package/dist/src/modules/monitor/ConsoleMonitor.impl.core.class.js +42 -0
  75. package/dist/src/modules/monitor/FetchInterceptor.d.ts +46 -0
  76. package/dist/src/modules/monitor/FetchInterceptor.js +191 -0
  77. package/dist/src/modules/monitor/PerformanceMonitor.js +8 -7
  78. package/dist/src/modules/process/BaseMemoryManager.d.ts +1 -1
  79. package/dist/src/modules/process/LinuxProcessManager.js +4 -2
  80. package/dist/src/modules/process/MacProcessManager.js +1 -1
  81. package/dist/src/modules/process/MemoryManager.d.ts +1 -1
  82. package/dist/src/modules/process/MemoryManager.js +2 -2
  83. package/dist/src/modules/process/ProcessManager.impl.js +1 -1
  84. package/dist/src/modules/process/memory/AuditTrail.js +1 -1
  85. package/dist/src/modules/process/memory/reader.js +35 -3
  86. package/dist/src/modules/process/memory/regions.enumerate.js +1 -1
  87. package/dist/src/modules/process/memory/regions.protection.js +42 -9
  88. package/dist/src/modules/process/memory/scanner.d.ts +5 -1
  89. package/dist/src/modules/process/memory/scanner.darwin.js +57 -0
  90. package/dist/src/modules/process/memory/scanner.js +88 -4
  91. package/dist/src/modules/process/memory/writer.js +44 -4
  92. package/dist/src/modules/security/ExecutionSandbox.js +7 -8
  93. package/dist/src/modules/stealth/FingerprintManager.js +1 -1
  94. package/dist/src/modules/stealth/StealthScripts.d.ts +4 -2
  95. package/dist/src/modules/stealth/StealthScripts.js +53 -14
  96. package/dist/src/modules/stealth/StealthVerifier.d.ts +1 -1
  97. package/dist/src/modules/stealth/StealthVerifier.js +2 -4
  98. package/dist/src/modules/symbolic/JSVMPSymbolicExecutor.d.ts +14 -0
  99. package/dist/src/modules/symbolic/JSVMPSymbolicExecutor.js +181 -2
  100. package/dist/src/modules/trace/TraceDB.js +12 -6
  101. package/dist/src/modules/trace/TraceRecorder.js +1 -5
  102. package/dist/src/native/AntiCheatDetector.js +67 -16
  103. package/dist/src/native/CodeInjector.js +4 -4
  104. package/dist/src/native/HardwareBreakpoint.js +25 -16
  105. package/dist/src/native/HeapAnalyzer.js +2 -2
  106. package/dist/src/native/MemoryController.js +1 -1
  107. package/dist/src/native/MemoryScanSession.js +2 -2
  108. package/dist/src/native/MemoryScanner.js +4 -8
  109. package/dist/src/native/NativeMemoryManager.impl.js +2 -2
  110. package/dist/src/native/PEAnalyzer.js +14 -15
  111. package/dist/src/native/PointerChainEngine.js +2 -4
  112. package/dist/src/native/ScriptLoader.js +4 -9
  113. package/dist/src/native/Speedhack.js +1 -1
  114. package/dist/src/native/StructureAnalyzer.js +52 -33
  115. package/dist/src/native/Win32API.d.ts +1 -0
  116. package/dist/src/native/Win32API.js +13 -0
  117. package/dist/src/native/Win32Debug.js +19 -19
  118. package/dist/src/native/platform/darwin/DarwinAPI.d.ts +2 -0
  119. package/dist/src/native/platform/darwin/DarwinAPI.js +8 -0
  120. package/dist/src/native/platform/darwin/DarwinMemoryProvider.js +6 -1
  121. package/dist/src/server/MCPServer.context.d.ts +2 -1
  122. package/dist/src/server/MCPServer.d.ts +2 -1
  123. package/dist/src/server/MCPServer.domain.d.ts +1 -1
  124. package/dist/src/server/MCPServer.domain.js +81 -16
  125. package/dist/src/server/MCPServer.js +42 -14
  126. package/dist/src/server/MCPServer.resources.d.ts +2 -0
  127. package/dist/src/server/MCPServer.resources.js +91 -0
  128. package/dist/src/server/MCPServer.search.handlers.call.js +2 -1
  129. package/dist/src/server/MCPServer.search.helpers.js +2 -2
  130. package/dist/src/server/MCPServer.tools.js +1 -1
  131. package/dist/src/server/MCPServer.transport.js +12 -0
  132. package/dist/src/server/ToolCallContextGuard.d.ts +5 -0
  133. package/dist/src/server/ToolCallContextGuard.js +85 -0
  134. package/dist/src/server/ToolRouter.d.ts +26 -10
  135. package/dist/src/server/ToolRouter.intent.d.ts +26 -0
  136. package/dist/src/server/ToolRouter.intent.js +77 -0
  137. package/dist/src/server/ToolRouter.js +103 -284
  138. package/dist/src/server/ToolRouter.policy.d.ts +22 -0
  139. package/dist/src/server/ToolRouter.policy.js +163 -0
  140. package/dist/src/server/ToolRouter.probe.d.ts +17 -0
  141. package/dist/src/server/ToolRouter.probe.js +103 -0
  142. package/dist/src/server/ToolRouter.renderer.d.ts +9 -0
  143. package/dist/src/server/ToolRouter.renderer.js +52 -0
  144. package/dist/src/server/activation/ActivationController.js +15 -12
  145. package/dist/src/server/activation/CompoundConditionEngine.js +1 -1
  146. package/dist/src/server/activation/PredictiveBooster.js +1 -3
  147. package/dist/src/server/domains/analysis/definitions.js +155 -655
  148. package/dist/src/server/domains/analysis/handlers.impl.d.ts +8 -8
  149. package/dist/src/server/domains/analysis/handlers.impl.js +34 -28
  150. package/dist/src/server/domains/analysis/handlers.web-tools.js +4 -3
  151. package/dist/src/server/domains/analysis/manifest.js +6 -4
  152. package/dist/src/server/domains/antidebug/definitions.js +25 -111
  153. package/dist/src/server/domains/browser/definitions.tools.advanced.js +59 -88
  154. package/dist/src/server/domains/browser/definitions.tools.behavior.js +120 -227
  155. package/dist/src/server/domains/browser/definitions.tools.page-core.js +157 -386
  156. package/dist/src/server/domains/browser/definitions.tools.page-system.js +108 -250
  157. package/dist/src/server/domains/browser/definitions.tools.runtime.js +61 -174
  158. package/dist/src/server/domains/browser/definitions.tools.security.js +92 -237
  159. package/dist/src/server/domains/browser/handlers/camoufox-browser.js +3 -2
  160. package/dist/src/server/domains/browser/handlers/captcha-solver.js +3 -3
  161. package/dist/src/server/domains/browser/handlers/dom-query.js +2 -1
  162. package/dist/src/server/domains/browser/handlers/facade-initializer.d.ts +3 -3
  163. package/dist/src/server/domains/browser/handlers/facade-initializer.js +3 -3
  164. package/dist/src/server/domains/browser/handlers/framework-state.js +231 -3
  165. package/dist/src/server/domains/browser/handlers/indexeddb-dump.js +21 -20
  166. package/dist/src/server/domains/browser/handlers/script-management.js +1 -1
  167. package/dist/src/server/domains/browser/handlers/stealth-injection.js +8 -2
  168. package/dist/src/server/domains/browser/handlers.impl.d.ts +15 -12
  169. package/dist/src/server/domains/browser/handlers.impl.js +5 -6
  170. package/dist/src/server/domains/browser/manifest.js +37 -13
  171. package/dist/src/server/domains/coordination/definitions.js +50 -149
  172. package/dist/src/server/domains/coordination/index.d.ts +20 -1
  173. package/dist/src/server/domains/coordination/index.js +133 -0
  174. package/dist/src/server/domains/coordination/manifest.js +15 -0
  175. package/dist/src/server/domains/debugger/definitions.tools.advanced.js +72 -189
  176. package/dist/src/server/domains/debugger/definitions.tools.core.js +114 -288
  177. package/dist/src/server/domains/debugger/manifest.js +9 -2
  178. package/dist/src/server/domains/encoding/definitions.js +43 -153
  179. package/dist/src/server/domains/encoding/handlers.base.js +2 -2
  180. package/dist/src/server/domains/evidence/definitions.d.ts +2 -0
  181. package/dist/src/server/domains/evidence/definitions.js +42 -0
  182. package/dist/src/server/domains/evidence/handlers.d.ts +582 -0
  183. package/dist/src/server/domains/evidence/handlers.js +60 -0
  184. package/dist/src/server/domains/evidence/index.d.ts +2 -0
  185. package/dist/src/server/domains/evidence/index.js +2 -0
  186. package/dist/src/server/domains/evidence/manifest.d.ts +63 -0
  187. package/dist/src/server/domains/evidence/manifest.js +78 -0
  188. package/dist/src/server/domains/graphql/definitions.js +53 -141
  189. package/dist/src/server/domains/graphql/handlers.impl.core.runtime.replay.js +92 -114
  190. package/dist/src/server/domains/hooks/ai-handlers.d.ts +0 -7
  191. package/dist/src/server/domains/hooks/ai-handlers.js +4 -70
  192. package/dist/src/server/domains/hooks/definitions.js +69 -335
  193. package/dist/src/server/domains/hooks/manifest.d.ts +1 -1
  194. package/dist/src/server/domains/hooks/manifest.js +1 -2
  195. package/dist/src/server/domains/instrumentation/definitions.d.ts +2 -0
  196. package/dist/src/server/domains/instrumentation/definitions.js +99 -0
  197. package/dist/src/server/domains/instrumentation/handlers.d.ts +78 -0
  198. package/dist/src/server/domains/instrumentation/handlers.js +206 -0
  199. package/dist/src/server/domains/instrumentation/index.d.ts +2 -0
  200. package/dist/src/server/domains/instrumentation/index.js +2 -0
  201. package/dist/src/server/domains/instrumentation/manifest.d.ts +63 -0
  202. package/dist/src/server/domains/instrumentation/manifest.js +114 -0
  203. package/dist/src/server/domains/macro/definitions.js +16 -43
  204. package/dist/src/server/domains/maintenance/definitions.js +60 -219
  205. package/dist/src/server/domains/maintenance/handlers.d.ts +2 -2
  206. package/dist/src/server/domains/maintenance/handlers.extensions.js +78 -20
  207. package/dist/src/server/domains/maintenance/handlers.js +2 -2
  208. package/dist/src/server/domains/memory/definitions.js +387 -559
  209. package/dist/src/server/domains/memory/handlers/hooks.d.ts +55 -0
  210. package/dist/src/server/domains/memory/handlers/hooks.js +115 -0
  211. package/dist/src/server/domains/memory/handlers/integrity.d.ts +77 -0
  212. package/dist/src/server/domains/memory/handlers/integrity.js +180 -0
  213. package/dist/src/server/domains/memory/handlers/pointer-chain.d.ts +29 -0
  214. package/dist/src/server/domains/memory/handlers/pointer-chain.js +82 -0
  215. package/dist/src/server/domains/memory/handlers/readwrite.d.ts +41 -0
  216. package/dist/src/server/domains/memory/handlers/readwrite.js +78 -0
  217. package/dist/src/server/domains/memory/handlers/scan.d.ts +35 -0
  218. package/dist/src/server/domains/memory/handlers/scan.js +97 -0
  219. package/dist/src/server/domains/memory/handlers/session.d.ts +23 -0
  220. package/dist/src/server/domains/memory/handlers/session.js +49 -0
  221. package/dist/src/server/domains/memory/handlers/structure.d.ts +29 -0
  222. package/dist/src/server/domains/memory/handlers/structure.js +74 -0
  223. package/dist/src/server/domains/memory/handlers.impl.d.ts +49 -54
  224. package/dist/src/server/domains/memory/handlers.impl.js +63 -494
  225. package/dist/src/server/domains/memory/manifest.js +236 -64
  226. package/dist/src/server/domains/native-bridge/definitions.js +54 -192
  227. package/dist/src/server/domains/native-bridge/index.d.ts +1 -0
  228. package/dist/src/server/domains/native-bridge/index.js +2 -1
  229. package/dist/src/server/domains/network/auth-extractor.js +1 -1
  230. package/dist/src/server/domains/network/definitions.js +175 -578
  231. package/dist/src/server/domains/network/handlers.base.core.d.ts +64 -0
  232. package/dist/src/server/domains/network/handlers.base.core.js +623 -0
  233. package/dist/src/server/domains/network/handlers.base.d.ts +2 -124
  234. package/dist/src/server/domains/network/handlers.base.js +3 -878
  235. package/dist/src/server/domains/network/handlers.base.performance.d.ts +63 -0
  236. package/dist/src/server/domains/network/handlers.base.performance.js +193 -0
  237. package/dist/src/server/domains/network/handlers.base.types.d.ts +42 -0
  238. package/dist/src/server/domains/network/handlers.base.types.js +89 -0
  239. package/dist/src/server/domains/network/handlers.impl.core.runtime.d.ts +1 -1
  240. package/dist/src/server/domains/network/handlers.impl.core.runtime.intercept.d.ts +21 -0
  241. package/dist/src/server/domains/network/handlers.impl.core.runtime.intercept.js +186 -0
  242. package/dist/src/server/domains/network/handlers.impl.core.runtime.js +1 -1
  243. package/dist/src/server/domains/network/manifest.js +15 -0
  244. package/dist/src/server/domains/network/replay.js +1 -4
  245. package/dist/src/server/domains/platform/definitions.js +121 -112
  246. package/dist/src/server/domains/platform/handlers/bridge-handlers.d.ts +5 -1
  247. package/dist/src/server/domains/platform/handlers/bridge-handlers.js +194 -5
  248. package/dist/src/server/domains/platform/handlers/electron-asar-helpers.js +26 -6
  249. package/dist/src/server/domains/platform/handlers/electron-dual-cdp.d.ts +3 -0
  250. package/dist/src/server/domains/platform/handlers/electron-dual-cdp.js +170 -0
  251. package/dist/src/server/domains/platform/handlers/electron-fuse-handler.d.ts +3 -0
  252. package/dist/src/server/domains/platform/handlers/electron-fuse-handler.js +193 -0
  253. package/dist/src/server/domains/platform/handlers/electron-handlers.d.ts +6 -0
  254. package/dist/src/server/domains/platform/handlers/electron-handlers.js +95 -2
  255. package/dist/src/server/domains/platform/handlers/electron-ipc-sniffer.d.ts +2 -0
  256. package/dist/src/server/domains/platform/handlers/electron-ipc-sniffer.js +370 -0
  257. package/dist/src/server/domains/platform/handlers/electron-userdata-handler.d.ts +2 -0
  258. package/dist/src/server/domains/platform/handlers/electron-userdata-handler.js +78 -0
  259. package/dist/src/server/domains/platform/handlers/miniapp-handlers.d.ts +1 -1
  260. package/dist/src/server/domains/platform/handlers/miniapp-handlers.js +4 -4
  261. package/dist/src/server/domains/platform/handlers/v8-bytecode-handler.d.ts +2 -0
  262. package/dist/src/server/domains/platform/handlers/v8-bytecode-handler.js +207 -0
  263. package/dist/src/server/domains/platform/handlers.d.ts +48 -0
  264. package/dist/src/server/domains/platform/handlers.js +29 -0
  265. package/dist/src/server/domains/platform/manifest.js +38 -0
  266. package/dist/src/server/domains/process/definitions.js +163 -647
  267. package/dist/src/server/domains/process/handlers.base.d.ts +3 -95
  268. package/dist/src/server/domains/process/handlers.base.js +7 -462
  269. package/dist/src/server/domains/process/handlers.base.process.d.ts +61 -0
  270. package/dist/src/server/domains/process/handlers.base.process.js +417 -0
  271. package/dist/src/server/domains/process/handlers.base.types.d.ts +57 -0
  272. package/dist/src/server/domains/process/handlers.base.types.js +50 -0
  273. package/dist/src/server/domains/process/handlers.impl.core.runtime.inject.js +19 -17
  274. package/dist/src/server/domains/process/manifest.js +6 -1
  275. package/dist/src/server/domains/sandbox/definitions.js +11 -33
  276. package/dist/src/server/domains/sandbox/handlers.js +8 -3
  277. package/dist/src/server/domains/shared/ResponseBuilder.d.ts +209 -0
  278. package/dist/src/server/domains/shared/ResponseBuilder.js +48 -0
  279. package/dist/src/server/domains/shared/modules.d.ts +0 -2
  280. package/dist/src/server/domains/shared/modules.js +0 -1
  281. package/dist/src/server/domains/sourcemap/definitions.js +27 -111
  282. package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-common.js +7 -2
  283. package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-main.js +1 -1
  284. package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-parse-base.js +1 -1
  285. package/dist/src/server/domains/sourcemap/manifest.d.ts +1 -1
  286. package/dist/src/server/domains/sourcemap/manifest.js +1 -1
  287. package/dist/src/server/domains/streaming/definitions.js +36 -148
  288. package/dist/src/server/domains/streaming/handlers.impl.streaming-sse.js +163 -164
  289. package/dist/src/server/domains/streaming/handlers.impl.streaming-ws.js +1 -1
  290. package/dist/src/server/domains/trace/TraceSummarizer.d.ts +60 -0
  291. package/dist/src/server/domains/trace/TraceSummarizer.js +112 -0
  292. package/dist/src/server/domains/trace/definitions.tools.js +51 -176
  293. package/dist/src/server/domains/trace/handlers.d.ts +2 -1
  294. package/dist/src/server/domains/trace/handlers.js +62 -9
  295. package/dist/src/server/domains/trace/index.d.ts +2 -1
  296. package/dist/src/server/domains/trace/index.js +2 -1
  297. package/dist/src/server/domains/trace/manifest.js +18 -4
  298. package/dist/src/server/domains/transform/definitions.js +50 -210
  299. package/dist/src/server/domains/transform/handlers.impl.transform-base.js +6 -6
  300. package/dist/src/server/domains/transform/handlers.impl.transform-crypto.js +18 -19
  301. package/dist/src/server/domains/transform/manifest.d.ts +1 -1
  302. package/dist/src/server/domains/transform/manifest.js +1 -1
  303. package/dist/src/server/domains/wasm/definitions.js +55 -232
  304. package/dist/src/server/domains/wasm/handlers.js +3 -3
  305. package/dist/src/server/domains/workflow/definitions.js +144 -414
  306. package/dist/src/server/domains/workflow/handlers.impl.workflow-account-bundle.js +2 -2
  307. package/dist/src/server/domains/workflow/handlers.impl.workflow-base.d.ts +2 -0
  308. package/dist/src/server/domains/workflow/handlers.impl.workflow-base.js +126 -87
  309. package/dist/src/server/domains/workflow/handlers.impl.workflow-batch.js +5 -5
  310. package/dist/src/server/evidence/ReverseEvidenceGraph.d.ts +20 -0
  311. package/dist/src/server/evidence/ReverseEvidenceGraph.js +208 -0
  312. package/dist/src/server/evidence/index.d.ts +2 -0
  313. package/dist/src/server/evidence/index.js +1 -0
  314. package/dist/src/server/evidence/types.d.ts +22 -0
  315. package/dist/src/server/evidence/types.js +1 -0
  316. package/dist/src/server/extensions/ExtensionManager.d.ts +1 -0
  317. package/dist/src/server/extensions/ExtensionManager.discovery.js +72 -9
  318. package/dist/src/server/extensions/ExtensionManager.integrity.js +1 -1
  319. package/dist/src/server/extensions/ExtensionManager.js +193 -40
  320. package/dist/src/server/extensions/ExtensionManager.roots.d.ts +1 -1
  321. package/dist/src/server/extensions/ExtensionManager.roots.js +19 -9
  322. package/dist/src/server/extensions/plugin-config.js +1 -1
  323. package/dist/src/server/extensions/plugin-env.d.ts +1 -1
  324. package/dist/src/server/extensions/plugin-env.js +10 -4
  325. package/dist/src/server/extensions/types.d.ts +17 -0
  326. package/dist/src/server/extensions/types.js +1 -1
  327. package/dist/src/server/http/HttpMiddleware.js +1 -1
  328. package/dist/src/server/instrumentation/EvidenceGraphBridge.d.ts +13 -0
  329. package/dist/src/server/instrumentation/EvidenceGraphBridge.js +150 -0
  330. package/dist/src/server/instrumentation/InstrumentationSession.d.ts +60 -0
  331. package/dist/src/server/instrumentation/InstrumentationSession.js +269 -0
  332. package/dist/src/server/instrumentation/index.d.ts +2 -0
  333. package/dist/src/server/instrumentation/index.js +2 -0
  334. package/dist/src/server/instrumentation/types.d.ts +62 -0
  335. package/dist/src/server/instrumentation/types.js +7 -0
  336. package/dist/src/server/macros/MacroConfigLoader.d.ts +6 -5
  337. package/dist/src/server/macros/MacroConfigLoader.js +61 -59
  338. package/dist/src/server/macros/MacroRunner.js +6 -2
  339. package/dist/src/server/macros/builtins/index.d.ts +2 -3
  340. package/dist/src/server/macros/builtins/index.js +51 -7
  341. package/dist/src/server/plugins/PluginContract.d.ts +1 -1
  342. package/dist/src/server/registry/contracts.d.ts +7 -1
  343. package/dist/src/server/registry/discovery.js +5 -4
  344. package/dist/src/server/registry/ensure-browser-core.js +0 -3
  345. package/dist/src/server/registry/index.js +4 -4
  346. package/dist/src/server/registry/tool-builder.d.ts +46 -0
  347. package/dist/src/server/registry/tool-builder.js +105 -0
  348. package/dist/src/server/sandbox/MCPBridge.d.ts +9 -0
  349. package/dist/src/server/sandbox/MCPBridge.js +22 -0
  350. package/dist/src/server/sandbox/QuickJSSandbox.d.ts +4 -1
  351. package/dist/src/server/sandbox/QuickJSSandbox.js +162 -2
  352. package/dist/src/server/sandbox/types.d.ts +13 -0
  353. package/dist/src/server/search/AffinityGraph.d.ts +7 -1
  354. package/dist/src/server/search/AffinityGraph.js +24 -3
  355. package/dist/src/server/search/EmbeddingWorker.js +5 -3
  356. package/dist/src/server/search/FeedbackTracker.d.ts +9 -0
  357. package/dist/src/server/search/FeedbackTracker.js +26 -0
  358. package/dist/src/server/search/QueryNormalizer.d.ts +6 -0
  359. package/dist/src/server/search/QueryNormalizer.js +94 -0
  360. package/dist/src/server/search/ToolSearchEngineImpl.d.ts +2 -3
  361. package/dist/src/server/search/ToolSearchEngineImpl.js +38 -88
  362. package/dist/src/server/workflows/WorkflowContract.d.ts +24 -0
  363. package/dist/src/server/workflows/WorkflowContract.js +12 -0
  364. package/dist/src/server/workflows/WorkflowEngine.d.ts +1 -0
  365. package/dist/src/server/workflows/WorkflowEngine.js +136 -3
  366. package/dist/src/types/config.d.ts +0 -14
  367. package/dist/src/types/deobfuscator.d.ts +0 -1
  368. package/dist/src/types/index.d.ts +1 -1
  369. package/dist/src/utils/DetailedDataManager.js +2 -0
  370. package/dist/src/utils/RingBuffer.js +5 -5
  371. package/dist/src/utils/TokenBudgetManager.js +1 -1
  372. package/dist/src/utils/UnifiedCacheManager.d.ts +1 -1
  373. package/dist/src/utils/UnifiedCacheManager.js +3 -3
  374. package/dist/src/utils/artifactRetention.js +2 -2
  375. package/dist/src/utils/betterSqlite3.d.ts +11 -0
  376. package/dist/src/utils/betterSqlite3.js +88 -0
  377. package/dist/src/utils/browserExecutable.js +2 -2
  378. package/dist/src/utils/cliFastPath.js +17 -6
  379. package/dist/src/utils/config.js +4 -26
  380. package/dist/src/utils/environmentDoctor.js +138 -11
  381. package/dist/src/utils/outputPaths.js +16 -9
  382. package/dist/src/utils/parallel.js +1 -3
  383. package/package.json +76 -72
  384. package/scripts/postinstall.cjs +37 -37
  385. package/src/native/scripts/linux/enum-windows.sh +12 -12
  386. package/src/native/scripts/macos/enum-windows.applescript +22 -22
  387. package/src/native/scripts/windows/enum-windows-by-class.ps1 +51 -51
  388. package/src/native/scripts/windows/enum-windows.ps1 +44 -44
  389. package/src/native/scripts/windows/inject-dll.ps1 +21 -21
  390. package/workflows/.gitkeep +0 -0
  391. package/dist/src/modules/analyzer/AISummarizer.d.ts +0 -39
  392. package/dist/src/modules/analyzer/AISummarizer.js +0 -122
  393. package/dist/src/modules/hook/AIHookGenerator.d.ts +0 -52
  394. package/dist/src/modules/hook/AIHookGenerator.js +0 -360
  395. package/dist/src/modules/hook/AIHookGeneratorTemplates.d.ts +0 -9
  396. package/dist/src/modules/hook/AIHookGeneratorTemplates.js +0 -157
  397. package/dist/src/server/macros/builtins/deobfuscate-ast-flow.d.ts +0 -2
  398. package/dist/src/server/macros/builtins/deobfuscate-ast-flow.js +0 -25
  399. package/dist/src/server/macros/builtins/unpacker-flow.d.ts +0 -2
  400. package/dist/src/server/macros/builtins/unpacker-flow.js +0 -25
  401. package/dist/src/services/LLMService.d.ts +0 -37
  402. package/dist/src/services/LLMService.js +0 -233
  403. package/dist/src/services/prompts/analysis.d.ts +0 -9
  404. package/dist/src/services/prompts/analysis.js +0 -158
  405. package/dist/src/services/prompts/crypto.d.ts +0 -2
  406. package/dist/src/services/prompts/crypto.js +0 -108
  407. package/dist/src/services/prompts/deobfuscation.d.ts +0 -6
  408. package/dist/src/services/prompts/deobfuscation.js +0 -300
  409. package/dist/src/services/prompts/environment.d.ts +0 -16
  410. package/dist/src/services/prompts/environment.js +0 -372
  411. package/dist/src/services/prompts/intelligence.d.ts +0 -4
  412. package/dist/src/services/prompts/intelligence.js +0 -250
  413. package/dist/src/services/prompts/taint.d.ts +0 -2
  414. package/dist/src/services/prompts/taint.js +0 -54
package/dist/src/server/domains/process/definitions.js CHANGED
@@ -1,649 +1,165 @@
1
+ import { tool } from '../../registry/tool-builder.js';
1
2
  export const processToolDefinitions = [
2
- {
3
- name: 'process_find',
4
- description: 'Find processes by name pattern. Returns process IDs, names, paths, and window handles.',
5
- inputSchema: {
6
- type: 'object',
7
- properties: {
8
- pattern: {
9
- type: 'string',
10
- description: 'Process name pattern to search for (e.g., "chrome", "msedge")',
11
- },
12
- },
13
- required: ['pattern'],
14
- },
15
- annotations: {
16
- readOnlyHint: false,
17
- destructiveHint: false,
18
- idempotentHint: false,
19
- openWorldHint: false,
20
- },
21
- },
22
- {
23
- name: 'process_list',
24
- description: 'List all running processes. Alias of process_find with empty pattern.',
25
- inputSchema: {
26
- type: 'object',
27
- properties: {},
28
- },
29
- annotations: {
30
- readOnlyHint: false,
31
- destructiveHint: false,
32
- idempotentHint: false,
33
- openWorldHint: false,
34
- },
35
- },
36
- {
37
- name: 'process_get',
38
- description: 'Get detailed information about a specific process by PID.',
39
- inputSchema: {
40
- type: 'object',
41
- properties: {
42
- pid: {
43
- type: 'number',
44
- description: 'Process ID to query',
45
- },
46
- },
47
- required: ['pid'],
48
- },
49
- annotations: {
50
- readOnlyHint: false,
51
- destructiveHint: false,
52
- idempotentHint: false,
53
- openWorldHint: false,
54
- },
55
- },
56
- {
57
- name: 'process_windows',
58
- description: 'Get all window handles for a process.',
59
- inputSchema: {
60
- type: 'object',
61
- properties: {
62
- pid: {
63
- type: 'number',
64
- description: 'Process ID to get windows for',
65
- },
66
- },
67
- required: ['pid'],
68
- },
69
- annotations: {
70
- readOnlyHint: false,
71
- destructiveHint: false,
72
- idempotentHint: false,
73
- openWorldHint: false,
74
- },
75
- },
76
- {
77
- name: 'process_find_chromium',
78
- description: 'Disabled by design: does not scan user-installed browser processes. Use managed browser sessions (browser_launch/browser_attach with explicit endpoint) instead.',
79
- inputSchema: {
80
- type: 'object',
81
- properties: {
82
- processName: {
83
- type: 'string',
84
- description: 'Process name pattern to search for (e.g., "chrome", "msedge", "chromium")',
85
- default: 'chromium',
86
- },
87
- windowClass: {
88
- type: 'string',
89
- description: 'Window class pattern to match (e.g., "Chrome_WidgetWin")',
90
- },
91
- },
92
- },
93
- annotations: {
94
- readOnlyHint: false,
95
- destructiveHint: false,
96
- idempotentHint: false,
97
- openWorldHint: false,
98
- },
99
- },
100
- {
101
- name: 'process_check_debug_port',
102
- description: 'Check if a process has a debug port enabled for CDP attachment.',
103
- inputSchema: {
104
- type: 'object',
105
- properties: {
106
- pid: {
107
- type: 'number',
108
- description: 'Process ID to check',
109
- },
110
- },
111
- required: ['pid'],
112
- },
113
- annotations: {
114
- readOnlyHint: false,
115
- destructiveHint: false,
116
- idempotentHint: false,
117
- openWorldHint: false,
118
- },
119
- },
120
- {
121
- name: 'process_launch_debug',
122
- description: 'Launch an executable with remote debugging port enabled.',
123
- inputSchema: {
124
- type: 'object',
125
- properties: {
126
- executablePath: {
127
- type: 'string',
128
- description: 'Full path to the executable to launch',
129
- },
130
- debugPort: {
131
- type: 'number',
132
- description: 'Debug port to use (default: 9222)',
133
- default: 9222,
134
- },
135
- args: {
136
- type: 'array',
137
- items: { type: 'string' },
138
- description: 'Additional command line arguments',
139
- },
140
- },
141
- required: ['executablePath'],
142
- },
143
- annotations: {
144
- readOnlyHint: false,
145
- destructiveHint: false,
146
- idempotentHint: false,
147
- openWorldHint: false,
148
- },
149
- },
150
- {
151
- name: 'process_kill',
152
- description: 'Kill a process by PID.',
153
- inputSchema: {
154
- type: 'object',
155
- properties: {
156
- pid: {
157
- type: 'number',
158
- description: 'Process ID to kill',
159
- },
160
- },
161
- required: ['pid'],
162
- },
163
- annotations: {
164
- readOnlyHint: false,
165
- destructiveHint: false,
166
- idempotentHint: false,
167
- openWorldHint: false,
168
- },
169
- },
170
- {
171
- name: 'memory_read',
172
- description: 'Read memory from a process at a specific address. Failures include structured diagnostics for permissions, region checks, and ASLR guidance.',
173
- inputSchema: {
174
- type: 'object',
175
- properties: {
176
- pid: {
177
- type: 'number',
178
- description: 'Target process ID',
179
- },
180
- address: {
181
- type: 'string',
182
- description: 'Memory address to read (hex string like "0x12345678")',
183
- },
184
- size: {
185
- type: 'number',
186
- description: 'Number of bytes to read',
187
- },
188
- },
189
- required: ['pid', 'address', 'size'],
190
- },
191
- annotations: {
192
- readOnlyHint: false,
193
- destructiveHint: false,
194
- idempotentHint: false,
195
- openWorldHint: false,
196
- },
197
- },
198
- {
199
- name: 'memory_write',
200
- description: 'Write data to process memory at a specific address. Failures include structured diagnostics for permissions, region checks, and ASLR guidance.',
201
- inputSchema: {
202
- type: 'object',
203
- properties: {
204
- pid: {
205
- type: 'number',
206
- description: 'Target process ID',
207
- },
208
- address: {
209
- type: 'string',
210
- description: 'Memory address to write to (hex string like "0x12345678")',
211
- },
212
- data: {
213
- type: 'string',
214
- description: 'Data to write (hex string or base64)',
215
- },
216
- encoding: {
217
- type: 'string',
218
- enum: ['hex', 'base64'],
219
- description: 'Encoding of the data parameter',
220
- default: 'hex',
221
- },
222
- },
223
- required: ['pid', 'address', 'data'],
224
- },
225
- annotations: {
226
- readOnlyHint: false,
227
- destructiveHint: false,
228
- idempotentHint: false,
229
- openWorldHint: false,
230
- },
231
- },
232
- {
233
- name: 'memory_scan',
234
- description: 'Scan process memory for a pattern or value. Failures include structured diagnostics for permissions, region checks, and ASLR guidance.',
235
- inputSchema: {
236
- type: 'object',
237
- properties: {
238
- pid: {
239
- type: 'number',
240
- description: 'Target process ID',
241
- },
242
- pattern: {
243
- type: 'string',
244
- description: 'Pattern to search for (hex bytes like "48 8B 05" or value)',
245
- },
246
- patternType: {
247
- type: 'string',
248
- enum: ['hex', 'int32', 'int64', 'float', 'double', 'string'],
249
- description: 'Type of pattern to search',
250
- default: 'hex',
251
- },
252
- },
253
- required: ['pid', 'pattern'],
254
- },
255
- annotations: {
256
- readOnlyHint: false,
257
- destructiveHint: false,
258
- idempotentHint: false,
259
- openWorldHint: false,
260
- },
261
- },
262
- {
263
- name: 'memory_check_protection',
264
- description: 'Check memory protection flags at a specific address. Detects if memory is writable/readable/executable.',
265
- inputSchema: {
266
- type: 'object',
267
- properties: {
268
- pid: {
269
- type: 'number',
270
- description: 'Target process ID',
271
- },
272
- address: {
273
- type: 'string',
274
- description: 'Memory address to check (hex string like "0x12345678")',
275
- },
276
- },
277
- required: ['pid', 'address'],
278
- },
279
- annotations: {
280
- readOnlyHint: false,
281
- destructiveHint: false,
282
- idempotentHint: false,
283
- openWorldHint: false,
284
- },
285
- },
286
- {
287
- name: 'memory_protect',
288
- description: 'Alias of memory_check_protection. Check memory protection flags at a specific address.',
289
- inputSchema: {
290
- type: 'object',
291
- properties: {
292
- pid: {
293
- type: 'number',
294
- description: 'Target process ID',
295
- },
296
- address: {
297
- type: 'string',
298
- description: 'Memory address to check (hex string like "0x12345678")',
299
- },
300
- },
301
- required: ['pid', 'address'],
302
- },
303
- annotations: {
304
- readOnlyHint: false,
305
- destructiveHint: false,
306
- idempotentHint: false,
307
- openWorldHint: false,
308
- },
309
- },
310
- {
311
- name: 'memory_scan_filtered',
312
- description: 'Scan memory within a filtered set of addresses (secondary scan). Useful for narrowing down results.',
313
- inputSchema: {
314
- type: 'object',
315
- properties: {
316
- pid: {
317
- type: 'number',
318
- description: 'Target process ID',
319
- },
320
- pattern: {
321
- type: 'string',
322
- description: 'Pattern to search for',
323
- },
324
- addresses: {
325
- type: 'array',
326
- items: { type: 'string' },
327
- description: 'List of addresses to scan within (from previous scan)',
328
- },
329
- patternType: {
330
- type: 'string',
331
- enum: ['hex', 'int32', 'int64', 'float', 'double', 'string'],
332
- description: 'Type of pattern to search',
333
- default: 'hex',
334
- },
335
- },
336
- required: ['pid', 'pattern', 'addresses'],
337
- },
338
- annotations: {
339
- readOnlyHint: false,
340
- destructiveHint: false,
341
- idempotentHint: false,
342
- openWorldHint: false,
343
- },
344
- },
345
- {
346
- name: 'memory_batch_write',
347
- description: 'Write multiple memory patches at once. Useful for applying cheats or modifications.',
348
- inputSchema: {
349
- type: 'object',
350
- properties: {
351
- pid: {
352
- type: 'number',
353
- description: 'Target process ID',
354
- },
355
- patches: {
356
- type: 'array',
357
- items: {
358
- type: 'object',
359
- properties: {
360
- address: { type: 'string', description: 'Memory address (hex)' },
361
- data: { type: 'string', description: 'Data to write' },
362
- encoding: { type: 'string', enum: ['hex', 'base64'], default: 'hex' },
363
- },
364
- required: ['address', 'data'],
365
- },
366
- description: 'Array of patches to apply',
367
- },
368
- },
369
- required: ['pid', 'patches'],
370
- },
371
- annotations: {
372
- readOnlyHint: false,
373
- destructiveHint: false,
374
- idempotentHint: false,
375
- openWorldHint: false,
376
- },
377
- },
378
- {
379
- name: 'memory_dump_region',
380
- description: 'Dump a memory region to a file for analysis.',
381
- inputSchema: {
382
- type: 'object',
383
- properties: {
384
- pid: {
385
- type: 'number',
386
- description: 'Target process ID',
387
- },
388
- address: {
389
- type: 'string',
390
- description: 'Start address (hex)',
391
- },
392
- size: {
393
- type: 'number',
394
- description: 'Number of bytes to dump',
395
- },
396
- outputPath: {
397
- type: 'string',
398
- description: 'Output file path',
399
- },
400
- },
401
- required: ['pid', 'address', 'size', 'outputPath'],
402
- },
403
- annotations: {
404
- readOnlyHint: false,
405
- destructiveHint: false,
406
- idempotentHint: false,
407
- openWorldHint: false,
408
- },
409
- },
410
- {
411
- name: 'memory_list_regions',
412
- description: 'List all memory regions in a process with protection flags.',
413
- inputSchema: {
414
- type: 'object',
415
- properties: {
416
- pid: {
417
- type: 'number',
418
- description: 'Target process ID',
419
- },
420
- },
421
- required: ['pid'],
422
- },
423
- annotations: {
424
- readOnlyHint: false,
425
- destructiveHint: false,
426
- idempotentHint: false,
427
- openWorldHint: false,
428
- },
429
- },
430
- {
431
- name: 'memory_audit_export',
432
- description: 'Export the in-memory audit trail for memory operations as JSON. Supports clear=true to flush the buffer after export.',
433
- inputSchema: {
434
- type: 'object',
435
- properties: {
436
- clear: {
437
- type: 'boolean',
438
- description: 'Clear audit trail after export',
439
- },
440
- },
441
- },
442
- annotations: {
443
- readOnlyHint: false,
444
- destructiveHint: false,
445
- idempotentHint: false,
446
- openWorldHint: false,
447
- },
448
- },
449
- {
450
- name: 'inject_dll',
451
- description: 'Inject a DLL into a target process using CreateRemoteThread + LoadLibraryA. Enabled by default on Windows; set ENABLE_INJECTION_TOOLS=false to disable. Requires administrator privileges.',
452
- inputSchema: {
453
- type: 'object',
454
- properties: {
455
- pid: {
456
- type: 'number',
457
- description: 'Target process ID',
458
- },
459
- dllPath: {
460
- type: 'string',
461
- description: 'Full path to the DLL file to inject',
462
- },
463
- },
464
- required: ['pid', 'dllPath'],
465
- },
466
- annotations: {
467
- readOnlyHint: false,
468
- destructiveHint: false,
469
- idempotentHint: false,
470
- openWorldHint: false,
471
- },
472
- },
473
- {
474
- name: 'module_inject_dll',
475
- description: 'Alias of inject_dll. Enabled by default on Windows; set ENABLE_INJECTION_TOOLS=false to disable.',
476
- inputSchema: {
477
- type: 'object',
478
- properties: {
479
- pid: {
480
- type: 'number',
481
- description: 'Target process ID',
482
- },
483
- dllPath: {
484
- type: 'string',
485
- description: 'Full path to the DLL file to inject',
486
- },
487
- },
488
- required: ['pid', 'dllPath'],
489
- },
490
- annotations: {
491
- readOnlyHint: false,
492
- destructiveHint: false,
493
- idempotentHint: false,
494
- openWorldHint: false,
495
- },
496
- },
497
- {
498
- name: 'inject_shellcode',
499
- description: 'Inject and execute shellcode in a target process. Accepts hex or base64. Enabled by default on Windows; set ENABLE_INJECTION_TOOLS=false to disable.',
500
- inputSchema: {
501
- type: 'object',
502
- properties: {
503
- pid: {
504
- type: 'number',
505
- description: 'Target process ID',
506
- },
507
- shellcode: {
508
- type: 'string',
509
- description: 'Shellcode bytes (hex string or base64)',
510
- },
511
- encoding: {
512
- type: 'string',
513
- enum: ['hex', 'base64'],
514
- description: 'Encoding of shellcode',
515
- default: 'hex',
516
- },
517
- },
518
- required: ['pid', 'shellcode'],
519
- },
520
- annotations: {
521
- readOnlyHint: false,
522
- destructiveHint: false,
523
- idempotentHint: false,
524
- openWorldHint: false,
525
- },
526
- },
527
- {
528
- name: 'module_inject_shellcode',
529
- description: 'Alias of inject_shellcode. Enabled by default on Windows; set ENABLE_INJECTION_TOOLS=false to disable.',
530
- inputSchema: {
531
- type: 'object',
532
- properties: {
533
- pid: {
534
- type: 'number',
535
- description: 'Target process ID',
536
- },
537
- shellcode: {
538
- type: 'string',
539
- description: 'Shellcode bytes (hex string or base64)',
540
- },
541
- encoding: {
542
- type: 'string',
543
- enum: ['hex', 'base64'],
544
- description: 'Encoding of shellcode',
545
- default: 'hex',
546
- },
547
- },
548
- required: ['pid', 'shellcode'],
549
- },
550
- annotations: {
551
- readOnlyHint: false,
552
- destructiveHint: false,
553
- idempotentHint: false,
554
- openWorldHint: false,
555
- },
556
- },
557
- {
558
- name: 'check_debug_port',
559
- description: 'Check if a process is being debugged using NtQueryInformationProcess (ProcessDebugPort).',
560
- inputSchema: {
561
- type: 'object',
562
- properties: {
563
- pid: {
564
- type: 'number',
565
- description: 'Target process ID',
566
- },
567
- },
568
- required: ['pid'],
569
- },
570
- annotations: {
571
- readOnlyHint: false,
572
- destructiveHint: false,
573
- idempotentHint: false,
574
- openWorldHint: false,
575
- },
576
- },
577
- {
578
- name: 'enumerate_modules',
579
- description: 'List all loaded modules (DLLs) in a process with their base addresses.',
580
- inputSchema: {
581
- type: 'object',
582
- properties: {
583
- pid: {
584
- type: 'number',
585
- description: 'Target process ID',
586
- },
587
- },
588
- required: ['pid'],
589
- },
590
- annotations: {
591
- readOnlyHint: false,
592
- destructiveHint: false,
593
- idempotentHint: false,
594
- openWorldHint: false,
595
- },
596
- },
597
- {
598
- name: 'module_list',
599
- description: 'Alias of enumerate_modules. List loaded modules (DLLs) in a process.',
600
- inputSchema: {
601
- type: 'object',
602
- properties: {
603
- pid: {
604
- type: 'number',
605
- description: 'Target process ID',
606
- },
607
- },
608
- required: ['pid'],
609
- },
610
- annotations: {
611
- readOnlyHint: false,
612
- destructiveHint: false,
613
- idempotentHint: false,
614
- openWorldHint: false,
615
- },
616
- },
617
- {
618
- name: 'electron_attach',
619
- description: 'Connect to a running Electron app (VS Code, Cursor, etc.) via CDP and inspect/execute JS. Useful for debugging Electron applications or extracting extension data.',
620
- inputSchema: {
621
- type: 'object',
622
- properties: {
623
- port: {
624
- type: 'number',
625
- description: 'CDP debugger port (default: 9229 for --inspect, 9222 for --remote-debugging-port)',
626
- default: 9229,
627
- },
628
- wsEndpoint: {
629
- type: 'string',
630
- description: 'Full WebSocket endpoint (overrides port). e.g. ws://127.0.0.1:9229/devtools/browser/xxx',
631
- },
632
- evaluate: {
633
- type: 'string',
634
- description: 'JavaScript expression to evaluate in the first matching page',
635
- },
636
- pageUrl: {
637
- type: 'string',
638
- description: 'Filter pages by URL substring (e.g. "extension-host" to target VS Code extension host)',
639
- },
640
- },
641
- },
642
- annotations: {
643
- readOnlyHint: false,
644
- destructiveHint: false,
645
- idempotentHint: false,
646
- openWorldHint: false,
647
- },
648
- },
3
+ tool('process_find')
4
+ .desc('Find processes by name pattern. Returns process IDs, names, paths, and window handles.')
5
+ .string('pattern', 'Process name pattern to search for (e.g., "chrome", "msedge")')
6
+ .required('pattern')
7
+ .build(),
8
+ tool('process_list')
9
+ .desc('List all running processes. Alias of process_find with empty pattern.')
10
+ .build(),
11
+ tool('process_get')
12
+ .desc('Get detailed information about a specific process by PID.')
13
+ .number('pid', 'Process ID to query')
14
+ .required('pid')
15
+ .build(),
16
+ tool('process_windows')
17
+ .desc('Get all window handles for a process.')
18
+ .number('pid', 'Process ID to get windows for')
19
+ .required('pid')
20
+ .build(),
21
+ tool('process_find_chromium')
22
+ .desc('Disabled by design: does not scan user-installed browser processes. Use managed browser sessions (browser_launch/browser_attach with explicit endpoint) instead.')
23
+ .string('processName', 'Process name pattern to search for (e.g., "chrome", "msedge", "chromium")', { default: 'chromium' })
24
+ .string('windowClass', 'Window class pattern to match (e.g., "Chrome_WidgetWin")')
25
+ .build(),
26
+ tool('process_check_debug_port')
27
+ .desc('Check if a process has a debug port enabled for CDP attachment.')
28
+ .number('pid', 'Process ID to check')
29
+ .required('pid')
30
+ .build(),
31
+ tool('process_launch_debug')
32
+ .desc('Launch an executable with remote debugging port enabled.')
33
+ .string('executablePath', 'Full path to the executable to launch')
34
+ .number('debugPort', 'Debug port to use', { default: 9222 })
35
+ .array('args', { type: 'string' }, 'Additional command line arguments')
36
+ .required('executablePath')
37
+ .build(),
38
+ tool('process_kill')
39
+ .desc('Kill a process by PID.')
40
+ .number('pid', 'Process ID to kill')
41
+ .required('pid')
42
+ .build(),
43
+ tool('memory_read')
44
+ .desc('Read memory from a process at a specific address. Failures include structured diagnostics for permissions, region checks, and ASLR guidance.')
45
+ .number('pid', 'Target process ID')
46
+ .string('address', 'Memory address to read (hex string like "0x12345678")')
47
+ .number('size', 'Number of bytes to read')
48
+ .required('pid', 'address', 'size')
49
+ .build(),
50
+ tool('memory_write')
51
+ .desc('Write data to process memory at a specific address. Failures include structured diagnostics for permissions, region checks, and ASLR guidance.')
52
+ .number('pid', 'Target process ID')
53
+ .string('address', 'Memory address to write to (hex string like "0x12345678")')
54
+ .string('data', 'Data to write (hex string or base64)')
55
+ .enum('encoding', ['hex', 'base64'], 'Encoding of the data parameter', { default: 'hex' })
56
+ .required('pid', 'address', 'data')
57
+ .build(),
58
+ tool('memory_scan')
59
+ .desc('Scan process memory for a pattern or value. Failures include structured diagnostics for permissions, region checks, and ASLR guidance.')
60
+ .number('pid', 'Target process ID')
61
+ .string('pattern', 'Pattern to search for (hex bytes like "48 8B 05" or value)')
62
+ .enum('patternType', ['hex', 'int32', 'int64', 'float', 'double', 'string'], 'Type of pattern to search', { default: 'hex' })
63
+ .boolean('suspendTarget', 'Suspend the target process during scan for a consistent memory snapshot (default: false)', { default: false })
64
+ .required('pid', 'pattern')
65
+ .build(),
66
+ tool('memory_check_protection')
67
+ .desc('Check memory protection flags at a specific address. Detects if memory is writable/readable/executable.')
68
+ .number('pid', 'Target process ID')
69
+ .string('address', 'Memory address to check (hex string like "0x12345678")')
70
+ .required('pid', 'address')
71
+ .build(),
72
+ tool('memory_protect')
73
+ .desc('Alias of memory_check_protection. Check memory protection flags at a specific address.')
74
+ .number('pid', 'Target process ID')
75
+ .string('address', 'Memory address to check (hex string like "0x12345678")')
76
+ .required('pid', 'address')
77
+ .build(),
78
+ tool('memory_scan_filtered')
79
+ .desc('Scan memory within a filtered set of addresses (secondary scan). Useful for narrowing down results.')
80
+ .number('pid', 'Target process ID')
81
+ .string('pattern', 'Pattern to search for')
82
+ .array('addresses', { type: 'string' }, 'List of addresses to scan within (from previous scan)')
83
+ .enum('patternType', ['hex', 'int32', 'int64', 'float', 'double', 'string'], 'Type of pattern to search', { default: 'hex' })
84
+ .required('pid', 'pattern', 'addresses')
85
+ .build(),
86
+ tool('memory_batch_write')
87
+ .desc('Write multiple memory patches at once. Useful for applying cheats or modifications.')
88
+ .number('pid', 'Target process ID')
89
+ .array('patches', {
90
+ type: 'object',
91
+ properties: {
92
+ address: { type: 'string', description: 'Memory address (hex)' },
93
+ data: { type: 'string', description: 'Data to write' },
94
+ encoding: { type: 'string', enum: ['hex', 'base64'], default: 'hex' },
95
+ },
96
+ required: ['address', 'data'],
97
+ }, 'Array of patches to apply')
98
+ .required('pid', 'patches')
99
+ .build(),
100
+ tool('memory_dump_region')
101
+ .desc('Dump a memory region to a file for analysis.')
102
+ .number('pid', 'Target process ID')
103
+ .string('address', 'Start address (hex)')
104
+ .number('size', 'Number of bytes to dump')
105
+ .string('outputPath', 'Output file path')
106
+ .required('pid', 'address', 'size', 'outputPath')
107
+ .build(),
108
+ tool('memory_list_regions')
109
+ .desc('List all memory regions in a process with protection flags.')
110
+ .number('pid', 'Target process ID')
111
+ .required('pid')
112
+ .build(),
113
+ tool('memory_audit_export')
114
+ .desc('Export the in-memory audit trail for memory operations as JSON. Supports clear=true to flush the buffer after export.')
115
+ .boolean('clear', 'Clear audit trail after export')
116
+ .build(),
117
+ tool('inject_dll')
118
+ .desc('Inject a DLL into a target process using CreateRemoteThread + LoadLibraryA. Enabled by default on Windows; set ENABLE_INJECTION_TOOLS=false to disable. Requires administrator privileges.')
119
+ .number('pid', 'Target process ID')
120
+ .string('dllPath', 'Full path to the DLL file to inject')
121
+ .required('pid', 'dllPath')
122
+ .build(),
123
+ tool('module_inject_dll')
124
+ .desc('Alias of inject_dll. Enabled by default on Windows; set ENABLE_INJECTION_TOOLS=false to disable.')
125
+ .number('pid', 'Target process ID')
126
+ .string('dllPath', 'Full path to the DLL file to inject')
127
+ .required('pid', 'dllPath')
128
+ .build(),
129
+ tool('inject_shellcode')
130
+ .desc('Inject and execute shellcode in a target process. Accepts hex or base64. Enabled by default on Windows; set ENABLE_INJECTION_TOOLS=false to disable.')
131
+ .number('pid', 'Target process ID')
132
+ .string('shellcode', 'Shellcode bytes (hex string or base64)')
133
+ .enum('encoding', ['hex', 'base64'], 'Encoding of shellcode', { default: 'hex' })
134
+ .required('pid', 'shellcode')
135
+ .build(),
136
+ tool('module_inject_shellcode')
137
+ .desc('Alias of inject_shellcode. Enabled by default on Windows; set ENABLE_INJECTION_TOOLS=false to disable.')
138
+ .number('pid', 'Target process ID')
139
+ .string('shellcode', 'Shellcode bytes (hex string or base64)')
140
+ .enum('encoding', ['hex', 'base64'], 'Encoding of shellcode', { default: 'hex' })
141
+ .required('pid', 'shellcode')
142
+ .build(),
143
+ tool('check_debug_port')
144
+ .desc('Check if a process is being debugged using NtQueryInformationProcess (ProcessDebugPort).')
145
+ .number('pid', 'Target process ID')
146
+ .required('pid')
147
+ .build(),
148
+ tool('enumerate_modules')
149
+ .desc('List all loaded modules (DLLs) in a process with their base addresses.')
150
+ .number('pid', 'Target process ID')
151
+ .required('pid')
152
+ .build(),
153
+ tool('module_list')
154
+ .desc('Alias of enumerate_modules. List loaded modules (DLLs) in a process.')
155
+ .number('pid', 'Target process ID')
156
+ .required('pid')
157
+ .build(),
158
+ tool('electron_attach')
159
+ .desc('Connect to a running Electron app (VS Code, Cursor, etc.) via CDP and inspect/execute JS. Useful for debugging Electron applications or extracting extension data.')
160
+ .number('port', 'CDP debugger port (default: 9229 for --inspect, 9222 for --remote-debugging-port)', { default: 9229 })
161
+ .string('wsEndpoint', 'Full WebSocket endpoint (overrides port). e.g. ws://127.0.0.1:9229/devtools/browser/xxx')
162
+ .string('evaluate', 'JavaScript expression to evaluate in the first matching page')
163
+ .string('pageUrl', 'Filter pages by URL substring (e.g. "extension-host" to target VS Code extension host)')
164
+ .build(),
649
165
  ];