@jshookmcp/jshook 0.2.3 → 0.2.5

package/dist/src/server/domains/analysis/handlers.impl.js

@@ -52,23 +52,30 @@ export class CoreAnalysisHandlers {
     }
     extractWebcrackArgs(args) {
         const extracted = {};
-        if (typeof args.unpack === 'boolean')
-            extracted.unpack = args.unpack;
-        if (typeof args.unminify === 'boolean')
-            extracted.unminify = args.unminify;
-        if (typeof args.jsx === 'boolean')
-            extracted.jsx = args.jsx;
-        if (typeof args.mangle === 'boolean')
-            extracted.mangle = args.mangle;
-        if (typeof args.outputDir === 'string' && args.outputDir.trim().length > 0) {
-            extracted.outputDir = args.outputDir;
-        }
-        if (typeof args.forceOutput === 'boolean')
-            extracted.forceOutput = args.forceOutput;
-        if (typeof args.includeModuleCode === 'boolean')
-            extracted.includeModuleCode = args.includeModuleCode;
-        if (typeof args.maxBundleModules === 'number')
-            extracted.maxBundleModules = args.maxBundleModules;
+        const unpack = argBool(args, 'unpack');
+        const unminify = argBool(args, 'unminify');
+        const jsx = argBool(args, 'jsx');
+        const mangle = argBool(args, 'mangle');
+        const forceOutput = argBool(args, 'forceOutput');
+        const includeModuleCode = argBool(args, 'includeModuleCode');
+        const outputDir = argString(args, 'outputDir');
+        const maxBundleModules = argNumber(args, 'maxBundleModules');
+        if (unpack !== undefined)
+            extracted.unpack = unpack;
+        if (unminify !== undefined)
+            extracted.unminify = unminify;
+        if (jsx !== undefined)
+            extracted.jsx = jsx;
+        if (mangle !== undefined)
+            extracted.mangle = mangle;
+        if (forceOutput !== undefined)
+            extracted.forceOutput = forceOutput;
+        if (includeModuleCode !== undefined)
+            extracted.includeModuleCode = includeModuleCode;
+        if (outputDir?.trim())
+            extracted.outputDir = outputDir;
+        if (maxBundleModules !== undefined)
+            extracted.maxBundleModules = maxBundleModules;
         if (Array.isArray(args.mappings)) {
             extracted.mappings = args.mappings.filter((item) => typeof item === 'object' &&
                 item !== null &&
@@ -89,8 +96,8 @@ export class CoreAnalysisHandlers {
             truncated: file.metadata?.truncated || false,
             preview: `${file.content.substring(0, 200)}...`,
         }));
-        if (returnSummaryOnly && !smartMode) {
-            smartMode = 'summary';
+        if (!smartMode) {
+            smartMode = returnSummaryOnly ? 'summary' : 'summary';
         }
         const result = await this.collector.collect({
             url: argStringRequired(args, 'url'),
@@ -247,7 +254,6 @@ export class CoreAnalysisHandlers {
         }
         const result = await this.deobfuscator.deobfuscate({
             code,
-            llm: argString(args, 'llm'),
             aggressive: argBool(args, 'aggressive'),
             ...this.extractWebcrackArgs(args),
         });

package/dist/src/server/domains/analysis/handlers.web-tools.js

@@ -2,10 +2,11 @@ import { logger } from '../../../utils/logger.js';
 import { evaluateWithTimeout } from '../../../modules/collector/PageController.js';
 import { asJsonResponse, asErrorResponse } from '../../domains/shared/response.js';
 import { argString, argBool, argNumber } from '../../domains/shared/parse-args.js';
+const MAX_WEBPACK_MODULES = 100;
 export async function runWebpackEnumerate(collector, args) {
     const searchKeyword = argString(args, 'searchKeyword', '');
     const forceRequireAll = argBool(args, 'forceRequireAll', !!searchKeyword);
-    const maxResults = argNumber(args, 'maxResults', 20);
+    const maxResults = Math.min(argNumber(args, 'maxResults', 20), MAX_WEBPACK_MODULES);
     try {
         const page = await collector.getActivePage();
         const result = await evaluateWithTimeout(page, async (opts) => {

package/dist/src/server/domains/analysis/manifest.js

@@ -14,15 +14,15 @@ const b = (invoke) => bindByDepKey(DEP_KEY, invoke);
 function ensure(ctx) {
     ensureBrowserCore(ctx);
     if (!ctx.deobfuscator)
-        ctx.deobfuscator = new Deobfuscator(ctx.llm);
+        ctx.deobfuscator = new Deobfuscator();
     if (!ctx.advancedDeobfuscator)
         ctx.advancedDeobfuscator = new AdvancedDeobfuscator();
     if (!ctx.obfuscationDetector)
         ctx.obfuscationDetector = new ObfuscationDetector();
     if (!ctx.analyzer)
-        ctx.analyzer = new CodeAnalyzer(ctx.llm);
+        ctx.analyzer = new CodeAnalyzer();
     if (!ctx.cryptoDetector)
-        ctx.cryptoDetector = new CryptoDetector(ctx.llm);
+        ctx.cryptoDetector = new CryptoDetector();
     if (!ctx.hookManager)
         ctx.hookManager = new HookManager();
     if (!ctx.coreAnalysisHandlers) {
@@ -56,7 +56,9 @@ const manifest = {
         hint: 'JavaScript analysis workflow: collect -> deobfuscate -> inspect function tree',
     },
     prerequisites: {
-        collect_code: [{ condition: 'Browser must be launched', fix: 'Call browser_launch or browser_attach first' }],
+        collect_code: [
+            { condition: 'Browser must be launched', fix: 'Call browser_launch or browser_attach first' },
+        ],
     },
     registrations: [
         { tool: t('collect_code'), domain: DOMAIN, bind: b((h, a) => h.handleCollectCode(a)) },

package/dist/src/server/domains/antidebug/definitions.js

@@ -1,113 +1,27 @@
+import { tool } from '../../registry/tool-builder.js';
 export const antidebugTools = [
-    {
-        name: 'antidebug_bypass_all',
-        description: 'Inject all anti-anti-debug bypass scripts into the current page. Uses evaluateOnNewDocument + evaluate dual injection.',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                persistent: {
-                    type: 'boolean',
-                    description: 'Whether to also inject persistently for future documents (default: true).',
-                    default: true,
-                },
-            },
-        },
-        annotations: {
-            readOnlyHint: false,
-            destructiveHint: false,
-            idempotentHint: false,
-            openWorldHint: false,
-        },
-    },
-    {
-        name: 'antidebug_bypass_debugger_statement',
-        description: 'Bypass debugger-statement based protection by patching Function constructor and monitoring dynamic script insertion.',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                mode: {
-                    type: 'string',
-                    description: 'remove = strip debugger statements, noop = replace with void 0',
-                    enum: ['remove', 'noop'],
-                    default: 'remove',
-                },
-            },
-        },
-        annotations: {
-            readOnlyHint: false,
-            destructiveHint: false,
-            idempotentHint: false,
-            openWorldHint: false,
-        },
-    },
-    {
-        name: 'antidebug_bypass_timing',
-        description: 'Bypass timing-based anti-debug checks by stabilizing performance.now / Date.now and console.time APIs.',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                maxDrift: {
-                    type: 'number',
-                    description: 'Maximum logical time drift allowed per call in milliseconds (default: 50).',
-                    default: 50,
-                },
-            },
-        },
-        annotations: {
-            readOnlyHint: false,
-            destructiveHint: false,
-            idempotentHint: false,
-            openWorldHint: false,
-        },
-    },
-    {
-        name: 'antidebug_bypass_stack_trace',
-        description: 'Bypass Error.stack based anti-debug checks by filtering suspicious stack frames and hardening function toString.',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                filterPatterns: {
-                    type: 'array',
-                    description: 'Additional stack frame patterns to filter. Defaults include puppeteer/devtools/__puppeteer/CDP.',
-                    items: {
-                        type: 'string',
-                    },
-                },
-            },
-        },
-        annotations: {
-            readOnlyHint: false,
-            destructiveHint: false,
-            idempotentHint: false,
-            openWorldHint: false,
-        },
-    },
-    {
-        name: 'antidebug_bypass_console_detect',
-        description: 'Bypass console-based devtools detection by wrapping console methods and sanitizing getter-based payloads.',
-        inputSchema: {
-            type: 'object',
-            properties: {},
-        },
-        annotations: {
-            readOnlyHint: false,
-            destructiveHint: false,
-            idempotentHint: false,
-            openWorldHint: false,
-        },
-    },
-    {
-        name: 'antidebug_detect_protections',
-        description: 'Detect anti-debug protections in the current page and return detected techniques with bypass recommendations.',
-        inputSchema: {
-            type: 'object',
-            properties: {},
-        },
-        annotations: {
-            readOnlyHint: false,
-            destructiveHint: false,
-            idempotentHint: false,
-            openWorldHint: false,
-        },
-    },
+    tool('antidebug_bypass_all')
+        .desc('Inject all anti-anti-debug bypass scripts via dual injection')
+        .boolean('persistent', 'Also inject persistently for future documents', { default: true })
+        .build(),
+    tool('antidebug_bypass_debugger_statement')
+        .desc('Bypass debugger-statement protection by patching Function constructor')
+        .enum('mode', ['remove', 'noop'], 'remove = strip statements, noop = replace with void 0', {
+        default: 'remove',
+    })
+        .build(),
+    tool('antidebug_bypass_timing')
+        .desc('Bypass timing-based anti-debug by stabilizing performance.now / Date.now')
+        .number('maxDrift', 'Max logical time drift per call in ms', { default: 50 })
+        .build(),
+    tool('antidebug_bypass_stack_trace')
+        .desc('Bypass Error.stack anti-debug by filtering suspicious frames and hardening toString')
+        .array('filterPatterns', { type: 'string' }, 'Additional stack frame patterns to filter')
+        .build(),
+    tool('antidebug_bypass_console_detect')
+        .desc('Bypass console-based devtools detection by wrapping console methods')
+        .build(),
+    tool('antidebug_detect_protections')
+        .desc('Detect anti-debug protections in current page with bypass recommendations')
+        .build(),
 ];

package/dist/src/server/domains/browser/definitions.tools.advanced.js

@@ -1,90 +1,61 @@
+import { tool } from '../../registry/tool-builder.js';
 export const advancedBrowserToolDefinitions = [
-    {
-        name: 'js_heap_search',
-        description: 'Search the browser JavaScript heap for string values matching a pattern. This is the CE (Cheat Engine) equivalent for web — scans the JS runtime memory to find tokens, API keys, signatures, or any string stored in JS objects.\n\nUSE THIS to:\n- Find auth tokens stored in memory but not in cookies/localStorage\n- Locate signing keys or secrets held in JS closures\n- Discover values that are only briefly held in memory during a request\n\nWARNING: Takes a full heap snapshot (can be 50-500MB for complex pages). Use specific patterns to reduce result noise.\nResults are paginated via DetailedDataManager when large.',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                pattern: {
-                    type: 'string',
-                    description: 'String pattern to search for in the JS heap',
-                },
-                maxResults: {
-                    type: 'number',
-                    description: 'Maximum number of matches to return (default: 50)',
-                    default: 50,
-                },
-                caseSensitive: {
-                    type: 'boolean',
-                    description: 'Case-sensitive search (default: false)',
-                    default: false,
-                },
-            },
-            required: ['pattern'],
-        },
-    },
-    {
-        name: 'tab_workflow',
-        description: 'Cross-tab coordination for multi-page automation flows.\n\nActions:\n- list: Show all aliases and shared context\n- alias_bind: Name an existing tab by index (e.g., alias="register" index=0)\n- alias_open: Open a URL in a new tab and name it\n- navigate: Navigate a named tab to a URL\n- wait_for: Wait for selector or text to appear in a named tab\n- context_set: Store a value in shared context (accessible across tabs)\n- context_get: Read a value from shared context\n- transfer: Evaluate JS in a named tab and store result in shared context\n\nUSE THIS for:\n- Registration page ↔ email verification page workflows\n- Any flow requiring coordination between multiple open tabs',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                action: {
-                    type: 'string',
-                    enum: [
-                        'list',
-                        'alias_bind',
-                        'alias_open',
-                        'navigate',
-                        'wait_for',
-                        'context_set',
-                        'context_get',
-                        'transfer',
-                    ],
-                    description: 'Tab workflow action to perform',
-                },
-                alias: {
-                    type: 'string',
-                    description: 'Tab alias name (used by alias_bind, alias_open, navigate, wait_for, transfer)',
-                },
-                fromAlias: {
-                    type: 'string',
-                    description: 'Source tab alias for transfer action',
-                },
-                index: {
-                    type: 'number',
-                    description: 'Tab index (0-based) for alias_bind',
-                },
-                url: {
-                    type: 'string',
-                    description: 'URL for alias_open or navigate',
-                },
-                selector: {
-                    type: 'string',
-                    description: 'CSS selector to wait for (wait_for action)',
-                },
-                waitForText: {
-                    type: 'string',
-                    description: 'Text string to wait for in page body (wait_for action)',
-                },
-                key: {
-                    type: 'string',
-                    description: 'Context key for context_set, context_get, transfer',
-                },
-                value: {
-                    description: 'Value to store (context_set action)',
-                },
-                expression: {
-                    type: 'string',
-                    description: 'JavaScript expression to evaluate in the source tab (transfer action)',
-                },
-                timeoutMs: {
-                    type: 'number',
-                    description: 'Timeout in milliseconds for wait_for (default: 10000)',
-                    default: 10000,
-                },
-            },
-            required: ['action'],
-        },
-    },
+    tool('js_heap_search')
+        .desc(`Search the browser JavaScript heap for string values matching a pattern. This is the CE (Cheat Engine) equivalent for web — scans the JS runtime memory to find tokens, API keys, signatures, or any string stored in JS objects.
+
+USE THIS to:
+- Find auth tokens stored in memory but not in cookies/localStorage
+- Locate signing keys or secrets held in JS closures
+- Discover values that are only briefly held in memory during a request
+
+WARNING: Takes a full heap snapshot (can be 50-500MB for complex pages). Use specific patterns to reduce result noise.
+Results are paginated via DetailedDataManager when large.`)
+        .string('pattern', 'String pattern to search for in the JS heap')
+        .number('maxResults', 'Maximum number of matches to return (default: 50)', { default: 50 })
+        .boolean('caseSensitive', 'Case-sensitive search (default: false)', { default: false })
+        .required('pattern')
+        .readOnly()
+        .idempotent()
+        .build(),
+    tool('tab_workflow')
+        .desc(`Cross-tab coordination for multi-page automation flows.
+
+Actions:
+- list: Show all aliases and shared context
+- alias_bind: Name an existing tab by index (e.g., alias="register" index=0)
+- alias_open: Open a URL in a new tab and name it
+- navigate: Navigate a named tab to a URL
+- wait_for: Wait for selector or text to appear in a named tab
+- context_set: Store a value in shared context (accessible across tabs)
+- context_get: Read a value from shared context
+- transfer: Evaluate JS in a named tab and store result in shared context
+
+USE THIS for:
+- Registration page ↔ email verification page workflows
+- Any flow requiring coordination between multiple open tabs`)
+        .enum('action', [
+        'list',
+        'alias_bind',
+        'alias_open',
+        'navigate',
+        'wait_for',
+        'context_set',
+        'context_get',
+        'transfer',
+    ], 'Tab workflow action to perform')
+        .string('alias', 'Tab alias name (used by alias_bind, alias_open, navigate, wait_for, transfer)')
+        .string('fromAlias', 'Source tab alias for transfer action')
+        .number('index', 'Tab index (0-based) for alias_bind')
+        .string('url', 'URL for alias_open or navigate')
+        .string('selector', 'CSS selector to wait for (wait_for action)')
+        .string('waitForText', 'Text string to wait for in page body (wait_for action)')
+        .string('key', 'Context key for context_set, context_get, transfer')
+        .string('value', 'Value to store (context_set action)')
+        .string('expression', 'JavaScript expression to evaluate in the source tab (transfer action)')
+        .number('timeoutMs', 'Timeout in milliseconds for wait_for (default: 10000)', {
+        default: 10000,
+    })
+        .required('action')
+        .openWorld()
+        .build(),
 ];