@jshookmcp/jshook 0.2.2 → 0.2.5

package/dist/src/services/LLMService.js

@@ -1,233 +0,0 @@
-import OpenAI from 'openai';
-import Anthropic from '@anthropic-ai/sdk';
-import { readFile } from 'fs/promises';
-import { logger } from '../utils/logger.js';
-export class LLMService {
-    config;
-    openai;
-    anthropic;
-    hasLoggedVisionModelWarning = false;
-    retryOptions = {
-        maxRetries: 3,
-        initialDelay: 1000,
-        maxDelay: 10000,
-        backoffMultiplier: 2,
-    };
-    constructor(config, retryOptions) {
-        this.config = config;
-        if (retryOptions) {
-            this.retryOptions = { ...this.retryOptions, ...retryOptions };
-        }
-        this.initClients();
-    }
-    initClients() {
-        if (this.config.provider === 'openai' && this.config.openai?.apiKey) {
-            this.openai = new OpenAI({
-                apiKey: this.config.openai.apiKey,
-                baseURL: this.config.openai.baseURL,
-            });
-            logger.info('OpenAI client initialized');
-        }
-        if (this.config.provider === 'anthropic' && this.config.anthropic?.apiKey) {
-            this.anthropic = new Anthropic({
-                apiKey: this.config.anthropic.apiKey,
-                ...(this.config.anthropic.baseURL ? { baseURL: this.config.anthropic.baseURL } : {}),
-            });
-            logger.info('Anthropic client initialized');
-        }
-    }
-    async chat(messages, options) {
-        return this.withRetry(async () => {
-            const startTime = Date.now();
-            try {
-                if (this.config.provider === 'openai') {
-                    return await this.chatOpenAI(messages, options);
-                }
-                else if (this.config.provider === 'anthropic') {
-                    return await this.chatAnthropic(messages, options);
-                }
-                else {
-                    throw new Error(`Unsupported LLM provider: ${this.config.provider}`);
-                }
-            }
-            finally {
-                logger.debug(`LLM call completed in ${Date.now() - startTime}ms`);
-            }
-        });
-    }
-    async analyzeImage(imageInput, prompt, isFilePath = false) {
-        return this.withRetry(async () => {
-            const startTime = Date.now();
-            try {
-                let imageBase64;
-                if (isFilePath) {
-                    logger.info('Reading image file:', imageInput);
-                    const imageBuffer = await readFile(imageInput);
-                    imageBase64 = imageBuffer.toString('base64');
-                    logger.info(`Image file read (${(imageBuffer.length / 1024).toFixed(2)} KB)`);
-                }
-                else {
-                    imageBase64 = imageInput;
-                }
-                if (this.config.provider === 'openai') {
-                    if (!this.openai) {
-                        throw new Error('OpenAI client not initialized');
-                    }
-                    const model = this.config.openai?.model || 'gpt-4-vision-preview';
-                    const isVisionModel = model.includes('vision') || model.includes('gpt-4o') || model.includes('gpt-4-turbo');
-                    if (!isVisionModel) {
-                        if (!this.hasLoggedVisionModelWarning) {
-                            logger.warn(`Model ${model} does not support vision. Use gpt-4-vision-preview, gpt-4o, or gpt-4-turbo.`);
-                            this.hasLoggedVisionModelWarning = true;
-                        }
-                        throw new Error(`Model ${model} does not support image analysis. ` +
-                            `Please use gpt-4-vision-preview, gpt-4o, or gpt-4-turbo.`);
-                    }
-                    logger.info('Using OpenAI Vision model:', model);
-                    const response = await this.openai.chat.completions.create({
-                        model,
-                        messages: [
-                            {
-                                role: 'user',
-                                content: [
-                                    { type: 'text', text: prompt },
-                                    {
-                                        type: 'image_url',
-                                        image_url: { url: `data:image/png;base64,${imageBase64}` },
-                                    },
-                                ],
-                            },
-                        ],
-                        max_tokens: 1000,
-                    });
-                    return response.choices[0]?.message?.content || '';
-                }
-                else if (this.config.provider === 'anthropic') {
-                    if (!this.anthropic) {
-                        throw new Error('Anthropic client not initialized');
-                    }
-                    const model = this.config.anthropic?.model || 'claude-3-opus-20240229';
-                    logger.info('Using Anthropic Vision model:', model);
-                    const response = await this.anthropic.messages.create({
-                        model,
-                        max_tokens: 1000,
-                        messages: [
-                            {
-                                role: 'user',
-                                content: [
-                                    {
-                                        type: 'image',
-                                        source: {
-                                            type: 'base64',
-                                            media_type: 'image/png',
-                                            data: imageBase64,
-                                        },
-                                    },
-                                    { type: 'text', text: prompt },
-                                ],
-                            },
-                        ],
-                    });
-                    const textContent = response.content.find((c) => c.type === 'text');
-                    return textContent?.text || '';
-                }
-                else {
-                    throw new Error(`Unsupported LLM provider for image analysis: ${this.config.provider}`);
-                }
-            }
-            finally {
-                logger.debug(`Image analysis completed in ${Date.now() - startTime}ms`);
-            }
-        });
-    }
-    async withRetry(fn) {
-        let lastError;
-        let delay = this.retryOptions.initialDelay;
-        for (let attempt = 0; attempt <= this.retryOptions.maxRetries; attempt++) {
-            try {
-                return await fn();
-            }
-            catch (error) {
-                lastError = error instanceof Error ? error : new Error(String(error));
-                if (!this.shouldRetry(lastError) || attempt === this.retryOptions.maxRetries) {
-                    throw lastError;
-                }
-                logger.warn(`LLM call failed (attempt ${attempt + 1}/${this.retryOptions.maxRetries + 1}): ${lastError.message}`);
-                await new Promise((resolve) => setTimeout(resolve, delay));
-                delay = Math.min(delay * this.retryOptions.backoffMultiplier, this.retryOptions.maxDelay);
-            }
-        }
-        throw lastError || new Error('Unknown error');
-    }
-    shouldRetry(error) {
-        const message = error.message.toLowerCase();
-        const retryableErrors = [
-            'rate limit',
-            'timeout',
-            'network',
-            'econnreset',
-            'enotfound',
-            'etimedout',
-            '429',
-            '500',
-            '502',
-            '503',
-            '504',
-        ];
-        return retryableErrors.some((pattern) => message.includes(pattern));
-    }
-    async chatOpenAI(messages, options) {
-        if (!this.openai) {
-            throw new Error('OpenAI client not initialized');
-        }
-        const response = await this.openai.chat.completions.create({
-            model: this.config.openai?.model || 'gpt-4-turbo-preview',
-            messages: messages.map((msg) => ({ role: msg.role, content: msg.content })),
-            temperature: options?.temperature ?? 0.7,
-            max_tokens: options?.maxTokens ?? 4000,
-        });
-        const choice = response.choices[0];
-        if (!choice?.message?.content) {
-            throw new Error('No response from OpenAI');
-        }
-        return {
-            content: choice.message.content,
-            usage: response.usage
-                ? {
-                    promptTokens: response.usage.prompt_tokens,
-                    completionTokens: response.usage.completion_tokens,
-                    totalTokens: response.usage.total_tokens,
-                }
-                : undefined,
-        };
-    }
-    async chatAnthropic(messages, options) {
-        if (!this.anthropic) {
-            throw new Error('Anthropic client not initialized');
-        }
-        const systemMessage = messages.find((msg) => msg.role === 'system');
-        const userMessages = messages.filter((msg) => msg.role !== 'system');
-        const response = await this.anthropic.messages.create({
-            model: this.config.anthropic?.model || 'claude-3-5-sonnet-20241022',
-            max_tokens: options?.maxTokens ?? 4000,
-            temperature: options?.temperature ?? 0.7,
-            system: systemMessage?.content,
-            messages: userMessages.map((msg) => ({
-                role: msg.role === 'assistant' ? 'assistant' : 'user',
-                content: msg.content,
-            })),
-        });
-        const content = response.content[0];
-        if (!content || content.type !== 'text') {
-            throw new Error('Unexpected response type from Anthropic');
-        }
-        return {
-            content: content.text,
-            usage: {
-                promptTokens: response.usage.input_tokens,
-                completionTokens: response.usage.output_tokens,
-                totalTokens: response.usage.input_tokens + response.usage.output_tokens,
-            },
-        };
-    }
-}

package/dist/src/services/prompts/analysis.d.ts

@@ -1,9 +0,0 @@
-import type { LLMMessage } from '../LLMService.js';
-export declare function generateCodeAnalysisPrompt(code: string, focus: string): LLMMessage[];
-export declare function generateProjectSummaryMessages(files: Array<{
-    url: string;
-    size: number;
-    type: string;
-    content: string;
-}>): LLMMessage[];
-export declare function generateFileSummaryMessages(url: string, code: string): LLMMessage[];

package/dist/src/services/prompts/analysis.js

@@ -1,158 +0,0 @@
-export function generateCodeAnalysisPrompt(code, focus) {
-    const systemPrompt = `# Role
-You are an expert JavaScript/TypeScript analyst and security analyst with 10+ years of experience in:
-- Static code analysis and AST manipulation
-- Security vulnerability detection (OWASP Top 10)
-- Framework and library identification (React, Vue, Angular, etc.)
-- Code obfuscation and deobfuscation techniques
-- Software architecture and design patterns
-
-# Task
-Perform deep static analysis on the provided JavaScript code to extract:
-1. Technical stack (frameworks, bundlers, libraries)
-2. Code structure (functions, classes, modules)
-3. Business logic and data flow
-4. Security vulnerabilities and risks
-5. Code quality metrics
-
-# Output Requirements
-- Return ONLY valid JSON (no markdown, no explanations outside JSON)
-- Follow the exact schema provided in the user message
-- Use confidence scores (0.0-1.0) for uncertain detections
-- Provide specific line numbers for security risks when possible
-- Be precise and avoid hallucination
-
-# Analysis Methodology
-1. First, identify the code's purpose and main functionality
-2. Then, detect frameworks and libraries by analyzing imports and API usage
-3. Next, map out the code structure and call graph
-4. Finally, perform security analysis using OWASP guidelines`;
-    const userPrompt = `# Analysis Focus
-Primary focus: ${focus}
-
-# Code to Analyze
-\`\`\`javascript
-${code.length > 5000 ? code.substring(0, 5000) + '\n\n// ... (code truncated for analysis)' : code}
-\`\`\`
-
-# Required Output Schema
-Return a JSON object with this EXACT structure (all fields are required):
-
-\`\`\`json
-{
-  "techStack": {
-    "framework": "string | null",
-    "bundler": "string | null",
-    "libraries": ["array of library names with versions if detectable"],
-    "confidence": 0.95
-  },
-  "structure": {
-    "functions": [
-      {
-        "name": "function name",
-        "type": "arrow | declaration | expression | async",
-        "purpose": "brief description",
-        "complexity": "low | medium | high",
-        "lineNumber": 42
-      }
-    ],
-    "classes": [
-      {
-        "name": "class name",
-        "purpose": "brief description",
-        "methods": ["method1", "method2"],
-        "lineNumber": 100
-      }
-    ],
-    "imports": ["list of imported modules"],
-    "exports": ["list of exported symbols"]
-  },
-  "businessLogic": {
-    "mainFeatures": ["feature 1", "feature 2"],
-    "dataFlow": "description of how data flows through the code",
-    "apiEndpoints": ["list of API endpoints if any"],
-    "stateManagement": "Redux | Vuex | Context API | none | unknown"
-  },
-  "securityRisks": [
-    {
-      "type": "XSS | SQL Injection | CSRF | etc.",
-      "severity": "critical | high | medium | low",
-      "description": "detailed description",
-      "location": "line 123 or function name",
-      "cwe": "CWE-79",
-      "recommendation": "how to fix it"
-    }
-  ],
-  "qualityScore": 85,
-  "qualityMetrics": {
-    "maintainability": 80,
-    "readability": 75,
-    "testability": 70,
-    "performance": 90
-  },
-  "summary": "2-3 sentence summary of the code's purpose and quality"
-}
-\`\`\`
-
-Return ONLY the JSON output (no additional text).`;
-    return [
-        { role: 'system', content: systemPrompt },
-        { role: 'user', content: userPrompt },
-    ];
-}
-export function generateProjectSummaryMessages(files) {
-    const fileInfos = files.map((f) => ({
-        url: f.url,
-        size: f.size,
-        type: f.type,
-        preview: f.content.substring(0, 200),
-    }));
-    const userPrompt = `Analyze this JavaScript project based on the following files:
-
-${JSON.stringify(fileInfos, null, 2)}
-
-Provide a high-level summary including:
-1. Main purpose of the project
-2. Architecture pattern (MVC, SPA, etc.)
-3. Key technologies used
-4. Security concerns
-5. Recommendations for further analysis
-
-Format your response as JSON.`;
-    return [
-        { role: 'system', content: 'You are an expert software architect and security analyst.' },
-        { role: 'user', content: userPrompt },
-    ];
-}
-export function generateFileSummaryMessages(url, code) {
-    const userPrompt = `Analyze this JavaScript file and provide a structured summary:
-
-**File**: ${url}
-
-**Code**:
-\`\`\`javascript
-${code}
-\`\`\`
-
-Provide analysis in JSON format with the following structure:
-{
-  "summary": "Brief description of what this code does",
-  "purpose": "Main purpose of this file",
-  "keyFunctions": ["function1", "function2"],
-  "dependencies": ["dependency1", "dependency2"],
-  "hasEncryption": true/false,
-  "encryptionMethods": ["AES", "RSA"] (if applicable),
-  "hasAPI": true/false,
-  "apiEndpoints": ["/api/endpoint1"] (if applicable),
-  "hasObfuscation": true/false,
-  "obfuscationType": "type" (if applicable),
-  "securityIssues": ["issue1", "issue2"],
-  "suspiciousPatterns": ["pattern1"],
-  "complexity": "low/medium/high",
-  "recommendations": ["recommendation1"]
-}`;
-    return [
-        { role: 'system', content: 'You are an expert software architect and security analyst.' },
-        { role: 'user', content: userPrompt },
-    ];
-}

package/dist/src/services/prompts/crypto.d.ts

@@ -1,2 +0,0 @@
-import type { LLMMessage } from '../LLMService.js';
-export declare function generateCryptoDetectionPrompt(code: string): LLMMessage[];

package/dist/src/services/prompts/crypto.js

@@ -1,108 +0,0 @@
-export function generateCryptoDetectionPrompt(code) {
-    const systemPrompt = `# Role
-You are a cryptography and security expert specializing in:
-- Cryptographic algorithm identification (AES, RSA, DES, 3DES, Blowfish, etc.)
-- JavaScript crypto library analysis (CryptoJS, JSEncrypt, Web Crypto API, crypto-js, forge, etc.)
-- Security assessment based on NIST and OWASP standards
-- Cryptographic parameter extraction (keys, IVs, modes, padding)
-- Vulnerability detection in crypto implementations
-
-# Task
-Analyze the provided JavaScript code to:
-1. Identify ALL cryptographic algorithms and their variants
-2. Detect crypto libraries and their versions
-3. Extract cryptographic parameters (keys, IVs, salts, modes, padding)
-4. Assess security strength and identify vulnerabilities
-5. Provide actionable security recommendations
-
-# Analysis Standards
-- Use NIST SP 800-175B for algorithm strength assessment
-- Follow OWASP Cryptographic Storage Cheat Sheet
-- Identify deprecated/weak algorithms (MD5, SHA-1, DES, RC4)
-- Check for hardcoded keys and weak key generation`;
-    const userPrompt = `# Code to Analyze
-\`\`\`javascript
-${code.length > 4000 ? code.substring(0, 4000) + '\n\n// ... (code truncated)' : code}
-\`\`\`
-
-# Required Output Schema
-Return ONLY valid JSON:
-
-\`\`\`json
-{
-  "algorithms": [
-    {
-      "name": "string (e.g., 'AES-256-CBC', 'RSA-2048', 'SHA-256')",
-      "type": "symmetric | asymmetric | hash | encoding | kdf | mac",
-      "variant": "string",
-      "confidence": 0.95,
-      "location": {
-        "line": 42,
-        "function": "encryptData",
-        "codeSnippet": "CryptoJS.AES.encrypt(...)"
-      },
-      "parameters": {
-        "keySize": "128 | 192 | 256 | null",
-        "key": "hardcoded | derived | imported | unknown",
-        "keyValue": "actual key if hardcoded (first 20 chars) or null",
-        "iv": "present | absent | hardcoded | random",
-        "mode": "CBC | GCM | ECB | CTR | null",
-        "padding": "PKCS7 | NoPadding | null"
-      },
-      "usage": "encryption | decryption | hashing | signing | verification",
-      "securityIssues": ["issue 1"]
-    }
-  ],
-  "libraries": [
-    {
-      "name": "CryptoJS | crypto-js | JSEncrypt | forge | Web Crypto API",
-      "version": "4.1.1 | unknown",
-      "confidence": 0.92
-    }
-  ],
-  "securityAssessment": {
-    "overallStrength": "strong | medium | weak | critical",
-    "score": 75,
-    "weakAlgorithms": [
-      {
-        "algorithm": "MD5",
-        "reason": "Cryptographically broken",
-        "severity": "critical",
-        "cwe": "CWE-327"
-      }
-    ],
-    "hardcodedSecrets": [
-      {
-        "type": "encryption key",
-        "location": "line 15",
-        "value": "first 10 chars...",
-        "severity": "critical"
-      }
-    ],
-    "vulnerabilities": [
-      {
-        "type": "ECB mode usage",
-        "description": "detailed description",
-        "impact": "data leakage",
-        "cvss": 7.5,
-        "cwe": "CWE-326"
-      }
-    ],
-    "recommendations": [
-      {
-        "priority": "critical | high | medium | low",
-        "issue": "what's wrong",
-        "solution": "how to fix it"
-      }
-    ]
-  },
-  "summary": "Brief summary of crypto usage and main security concerns"
-}
-\`\`\`
-
-Return ONLY the JSON output.`;
-    return [
-        { role: 'system', content: systemPrompt },
-        { role: 'user', content: userPrompt },
-    ];
-}

package/dist/src/services/prompts/deobfuscation.d.ts

@@ -1,6 +0,0 @@
-import type { LLMMessage } from '../LLMService.js';
-export declare function generateCodeCleanupMessages(code: string, techniques: string[]): LLMMessage[];
-export declare function generateVMAnalysisMessages(code: string): LLMMessage[];
-export declare function generateDeobfuscationPrompt(code: string): LLMMessage[];
-export declare function generateVMDeobfuscationMessages(userPrompt: string): LLMMessage[];
-export declare function generateControlFlowUnflatteningMessages(codeSnippet: string): LLMMessage[];