@jshookmcp/jshook 0.2.3 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (385) hide show
  1. package/README.md +14 -5
  2. package/README.zh.md +18 -3
  3. package/dist/packages/extension-sdk/src/bridges/shared.js +2 -2
  4. package/dist/packages/extension-sdk/src/plugin.d.ts +5 -0
  5. package/dist/packages/extension-sdk/src/plugin.js +119 -33
  6. package/dist/packages/extension-sdk/src/workflow.d.ts +156 -0
  7. package/dist/packages/extension-sdk/src/workflow.js +236 -0
  8. package/dist/src/config/search-defaults.js +161 -0
  9. package/dist/src/constants.d.ts +3 -0
  10. package/dist/src/constants.js +4 -1
  11. package/dist/src/index.d.ts +1 -1
  12. package/dist/src/index.js +13 -17
  13. package/dist/src/modules/analyzer/CodeAnalyzer.d.ts +1 -3
  14. package/dist/src/modules/analyzer/CodeAnalyzer.js +16 -28
  15. package/dist/src/modules/analyzer/CodeAnalyzerDataFlow.d.ts +1 -2
  16. package/dist/src/modules/analyzer/CodeAnalyzerDataFlow.js +1 -45
  17. package/dist/src/modules/analyzer/IntelligentAnalyzer.d.ts +1 -37
  18. package/dist/src/modules/analyzer/IntelligentAnalyzer.js +9 -142
  19. package/dist/src/modules/analyzer/PatternDetector.js +3 -3
  20. package/dist/src/modules/analyzer/PatternDetectorAuthPatterns.js +1 -1
  21. package/dist/src/modules/browser/BrowserDiscovery.js +2 -2
  22. package/dist/src/modules/browser/BrowserModeManager.js +11 -10
  23. package/dist/src/modules/browser/TabRegistry.js +2 -2
  24. package/dist/src/modules/browser/UnifiedBrowserManager.d.ts +1 -0
  25. package/dist/src/modules/browser/UnifiedBrowserManager.js +18 -3
  26. package/dist/src/modules/captcha/AICaptchaDetector.d.ts +1 -10
  27. package/dist/src/modules/captcha/AICaptchaDetector.js +7 -201
  28. package/dist/src/modules/collector/CodeCollector.js +4 -5
  29. package/dist/src/modules/collector/DOMInspector.js +48 -58
  30. package/dist/src/modules/collector/PageController.d.ts +17 -4
  31. package/dist/src/modules/collector/PageController.js +2 -5
  32. package/dist/src/modules/collector/PageScriptCollectors.js +3 -3
  33. package/dist/src/modules/crypto/CryptoDetector.d.ts +1 -4
  34. package/dist/src/modules/crypto/CryptoDetector.js +2 -42
  35. package/dist/src/modules/crypto/CryptoRules.js +1 -1
  36. package/dist/src/modules/debugger/BlackboxManager.js +1 -1
  37. package/dist/src/modules/debugger/DebuggerManager.impl.core.scope.js +1 -1
  38. package/dist/src/modules/debugger/ScriptManager.impl.extract-function-tree.js +4 -2
  39. package/dist/src/modules/debugger/WatchExpressionManager.js +1 -1
  40. package/dist/src/modules/deobfuscator/Deobfuscator.d.ts +1 -4
  41. package/dist/src/modules/deobfuscator/Deobfuscator.js +4 -39
  42. package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.d.ts +0 -3
  43. package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.js +2 -8
  44. package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.restore.d.ts +1 -2
  45. package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.restore.js +3 -55
  46. package/dist/src/modules/deobfuscator/JScramblerDeobfuscator.js +3 -4
  47. package/dist/src/modules/deobfuscator/VMDeobfuscator.d.ts +2 -10
  48. package/dist/src/modules/deobfuscator/VMDeobfuscator.js +3 -128
  49. package/dist/src/modules/deobfuscator/webcrack.js +15 -2
  50. package/dist/src/modules/emulator/AIEnvironmentAnalyzer.d.ts +5 -8
  51. package/dist/src/modules/emulator/AIEnvironmentAnalyzer.js +10 -102
  52. package/dist/src/modules/emulator/EnvironmentEmulator.d.ts +1 -5
  53. package/dist/src/modules/emulator/EnvironmentEmulator.js +7 -91
  54. package/dist/src/modules/emulator/EnvironmentEmulatorFetch.js +58 -61
  55. package/dist/src/modules/emulator/templates/chrome-env.d.ts +17 -7
  56. package/dist/src/modules/emulator/templates/chrome-env.js +14 -7
  57. package/dist/src/modules/external/ExternalToolRunner.js +25 -22
  58. package/dist/src/modules/hook/HookGeneratorBuilders.core.generators.compose.js +5 -5
  59. package/dist/src/modules/hook/HookGeneratorBuilders.core.generators.network.js +311 -311
  60. package/dist/src/modules/hook/HookGeneratorBuilders.core.generators.runtime.js +410 -410
  61. package/dist/src/modules/hook/HookGeneratorBuilders.core.generators.storage.js +122 -122
  62. package/dist/src/modules/monitor/ConsoleMonitor.impl.core.class.d.ts +13 -0
  63. package/dist/src/modules/monitor/ConsoleMonitor.impl.core.class.js +42 -0
  64. package/dist/src/modules/monitor/ConsoleMonitor.impl.core.dynamic.js +194 -194
  65. package/dist/src/modules/monitor/FetchInterceptor.d.ts +46 -0
  66. package/dist/src/modules/monitor/FetchInterceptor.js +191 -0
  67. package/dist/src/modules/monitor/PerformanceMonitor.js +8 -7
  68. package/dist/src/modules/monitor/PlaywrightNetworkMonitor.js +62 -62
  69. package/dist/src/modules/process/BaseMemoryManager.d.ts +1 -1
  70. package/dist/src/modules/process/LinuxProcessManager.js +2 -0
  71. package/dist/src/modules/process/MacProcessManager.js +25 -25
  72. package/dist/src/modules/process/MemoryManager.d.ts +1 -1
  73. package/dist/src/modules/process/MemoryManager.js +2 -2
  74. package/dist/src/modules/process/memory/AuditTrail.js +1 -1
  75. package/dist/src/modules/process/memory/availability.js +49 -49
  76. package/dist/src/modules/process/memory/injector.js +185 -185
  77. package/dist/src/modules/process/memory/reader.js +85 -53
  78. package/dist/src/modules/process/memory/regions.dump.js +51 -51
  79. package/dist/src/modules/process/memory/regions.enumerate.js +108 -108
  80. package/dist/src/modules/process/memory/regions.modules.js +80 -80
  81. package/dist/src/modules/process/memory/regions.protection.js +148 -115
  82. package/dist/src/modules/process/memory/scanner.d.ts +5 -1
  83. package/dist/src/modules/process/memory/scanner.darwin.js +98 -41
  84. package/dist/src/modules/process/memory/scanner.js +88 -4
  85. package/dist/src/modules/process/memory/scanner.windows.js +124 -124
  86. package/dist/src/modules/process/memory/writer.js +98 -58
  87. package/dist/src/modules/security/ExecutionSandbox.js +51 -52
  88. package/dist/src/modules/stealth/FingerprintManager.js +1 -1
  89. package/dist/src/modules/stealth/StealthScripts.d.ts +1 -0
  90. package/dist/src/modules/stealth/StealthScripts.js +18 -13
  91. package/dist/src/modules/stealth/StealthVerifier.js +1 -3
  92. package/dist/src/modules/symbolic/JSVMPSymbolicExecutor.d.ts +14 -0
  93. package/dist/src/modules/symbolic/JSVMPSymbolicExecutor.js +181 -2
  94. package/dist/src/modules/trace/TraceDB.js +75 -69
  95. package/dist/src/modules/trace/TraceRecorder.js +1 -5
  96. package/dist/src/native/AntiCheatDetector.js +67 -16
  97. package/dist/src/native/CodeInjector.js +3 -3
  98. package/dist/src/native/HardwareBreakpoint.js +24 -15
  99. package/dist/src/native/HeapAnalyzer.js +2 -2
  100. package/dist/src/native/MemoryController.js +1 -1
  101. package/dist/src/native/MemoryScanSession.js +2 -2
  102. package/dist/src/native/MemoryScanner.js +4 -8
  103. package/dist/src/native/NativeMemoryManager.impl.js +2 -2
  104. package/dist/src/native/PEAnalyzer.js +14 -15
  105. package/dist/src/native/PointerChainEngine.js +2 -4
  106. package/dist/src/native/ScriptLoader.js +4 -9
  107. package/dist/src/native/Speedhack.js +1 -1
  108. package/dist/src/native/StructureAnalyzer.js +52 -33
  109. package/dist/src/native/Win32API.d.ts +1 -0
  110. package/dist/src/native/Win32API.js +13 -0
  111. package/dist/src/native/Win32Debug.js +19 -19
  112. package/dist/src/native/platform/darwin/DarwinAPI.d.ts +2 -0
  113. package/dist/src/native/platform/darwin/DarwinAPI.js +8 -0
  114. package/dist/src/native/platform/darwin/DarwinMemoryProvider.js +6 -1
  115. package/dist/src/server/MCPServer.context.d.ts +2 -1
  116. package/dist/src/server/MCPServer.d.ts +2 -1
  117. package/dist/src/server/MCPServer.domain.d.ts +1 -1
  118. package/dist/src/server/MCPServer.domain.js +81 -16
  119. package/dist/src/server/MCPServer.js +41 -14
  120. package/dist/src/server/MCPServer.resources.d.ts +2 -0
  121. package/dist/src/server/MCPServer.resources.js +91 -0
  122. package/dist/src/server/MCPServer.search.handlers.call.js +2 -1
  123. package/dist/src/server/MCPServer.search.helpers.js +1 -1
  124. package/dist/src/server/MCPServer.transport.js +12 -0
  125. package/dist/src/server/ToolCallContextGuard.js +8 -0
  126. package/dist/src/server/ToolRouter.d.ts +25 -9
  127. package/dist/src/server/ToolRouter.intent.d.ts +26 -0
  128. package/dist/src/server/ToolRouter.intent.js +77 -0
  129. package/dist/src/server/ToolRouter.js +103 -284
  130. package/dist/src/server/ToolRouter.policy.d.ts +22 -0
  131. package/dist/src/server/ToolRouter.policy.js +163 -0
  132. package/dist/src/server/ToolRouter.probe.d.ts +17 -0
  133. package/dist/src/server/ToolRouter.probe.js +103 -0
  134. package/dist/src/server/ToolRouter.renderer.d.ts +9 -0
  135. package/dist/src/server/ToolRouter.renderer.js +52 -0
  136. package/dist/src/server/activation/ActivationController.js +15 -12
  137. package/dist/src/server/activation/CompoundConditionEngine.js +1 -1
  138. package/dist/src/server/activation/PredictiveBooster.js +1 -3
  139. package/dist/src/server/domains/analysis/definitions.js +155 -655
  140. package/dist/src/server/domains/analysis/handlers.impl.js +26 -20
  141. package/dist/src/server/domains/analysis/handlers.web-tools.js +2 -1
  142. package/dist/src/server/domains/analysis/manifest.js +6 -4
  143. package/dist/src/server/domains/antidebug/definitions.js +25 -111
  144. package/dist/src/server/domains/browser/definitions.tools.advanced.js +59 -88
  145. package/dist/src/server/domains/browser/definitions.tools.behavior.js +120 -227
  146. package/dist/src/server/domains/browser/definitions.tools.page-core.js +210 -439
  147. package/dist/src/server/domains/browser/definitions.tools.page-system.js +108 -250
  148. package/dist/src/server/domains/browser/definitions.tools.runtime.js +98 -211
  149. package/dist/src/server/domains/browser/definitions.tools.security.js +194 -339
  150. package/dist/src/server/domains/browser/handlers/camoufox-browser.js +3 -2
  151. package/dist/src/server/domains/browser/handlers/captcha-solver.js +3 -3
  152. package/dist/src/server/domains/browser/handlers/dom-query.js +2 -1
  153. package/dist/src/server/domains/browser/handlers/framework-state.js +27 -9
  154. package/dist/src/server/domains/browser/handlers/indexeddb-dump.js +21 -20
  155. package/dist/src/server/domains/browser/handlers/script-management.js +1 -1
  156. package/dist/src/server/domains/browser/handlers.impl.d.ts +1 -2
  157. package/dist/src/server/domains/browser/handlers.impl.js +2 -3
  158. package/dist/src/server/domains/browser/manifest.js +37 -13
  159. package/dist/src/server/domains/coordination/definitions.js +50 -216
  160. package/dist/src/server/domains/coordination/index.d.ts +2 -1
  161. package/dist/src/server/domains/coordination/index.js +1 -0
  162. package/dist/src/server/domains/debugger/definitions.tools.advanced.js +72 -189
  163. package/dist/src/server/domains/debugger/definitions.tools.core.js +114 -288
  164. package/dist/src/server/domains/debugger/manifest.js +9 -2
  165. package/dist/src/server/domains/encoding/definitions.js +43 -153
  166. package/dist/src/server/domains/encoding/handlers.base.js +2 -2
  167. package/dist/src/server/domains/evidence/definitions.d.ts +2 -0
  168. package/dist/src/server/domains/evidence/definitions.js +42 -0
  169. package/dist/src/server/domains/evidence/handlers.d.ts +582 -0
  170. package/dist/src/server/domains/evidence/handlers.js +60 -0
  171. package/dist/src/server/domains/evidence/index.d.ts +2 -0
  172. package/dist/src/server/domains/evidence/index.js +2 -0
  173. package/dist/src/server/domains/evidence/manifest.d.ts +63 -0
  174. package/dist/src/server/domains/evidence/manifest.js +78 -0
  175. package/dist/src/server/domains/graphql/definitions.js +53 -141
  176. package/dist/src/server/domains/graphql/handlers.impl.core.runtime.replay.js +92 -114
  177. package/dist/src/server/domains/graphql/handlers.impl.core.runtime.shared.js +77 -77
  178. package/dist/src/server/domains/hooks/ai-handlers.d.ts +0 -7
  179. package/dist/src/server/domains/hooks/ai-handlers.js +1 -67
  180. package/dist/src/server/domains/hooks/definitions.js +69 -335
  181. package/dist/src/server/domains/hooks/manifest.d.ts +1 -1
  182. package/dist/src/server/domains/hooks/manifest.js +1 -2
  183. package/dist/src/server/domains/instrumentation/definitions.d.ts +2 -0
  184. package/dist/src/server/domains/instrumentation/definitions.js +99 -0
  185. package/dist/src/server/domains/instrumentation/handlers.d.ts +78 -0
  186. package/dist/src/server/domains/instrumentation/handlers.js +206 -0
  187. package/dist/src/server/domains/instrumentation/index.d.ts +2 -0
  188. package/dist/src/server/domains/instrumentation/index.js +2 -0
  189. package/dist/src/server/domains/instrumentation/manifest.d.ts +63 -0
  190. package/dist/src/server/domains/instrumentation/manifest.js +114 -0
  191. package/dist/src/server/domains/macro/definitions.js +16 -43
  192. package/dist/src/server/domains/maintenance/definitions.js +60 -219
  193. package/dist/src/server/domains/maintenance/handlers.extensions.js +78 -20
  194. package/dist/src/server/domains/memory/definitions.js +387 -559
  195. package/dist/src/server/domains/memory/handlers/hooks.d.ts +55 -0
  196. package/dist/src/server/domains/memory/handlers/hooks.js +115 -0
  197. package/dist/src/server/domains/memory/handlers/integrity.d.ts +77 -0
  198. package/dist/src/server/domains/memory/handlers/integrity.js +180 -0
  199. package/dist/src/server/domains/memory/handlers/pointer-chain.d.ts +29 -0
  200. package/dist/src/server/domains/memory/handlers/pointer-chain.js +82 -0
  201. package/dist/src/server/domains/memory/handlers/readwrite.d.ts +41 -0
  202. package/dist/src/server/domains/memory/handlers/readwrite.js +78 -0
  203. package/dist/src/server/domains/memory/handlers/scan.d.ts +35 -0
  204. package/dist/src/server/domains/memory/handlers/scan.js +97 -0
  205. package/dist/src/server/domains/memory/handlers/session.d.ts +23 -0
  206. package/dist/src/server/domains/memory/handlers/session.js +49 -0
  207. package/dist/src/server/domains/memory/handlers/structure.d.ts +29 -0
  208. package/dist/src/server/domains/memory/handlers/structure.js +74 -0
  209. package/dist/src/server/domains/memory/handlers.impl.d.ts +49 -54
  210. package/dist/src/server/domains/memory/handlers.impl.js +63 -494
  211. package/dist/src/server/domains/memory/manifest.js +236 -64
  212. package/dist/src/server/domains/native-bridge/definitions.js +54 -192
  213. package/dist/src/server/domains/native-bridge/index.d.ts +1 -0
  214. package/dist/src/server/domains/native-bridge/index.js +2 -1
  215. package/dist/src/server/domains/network/auth-extractor.js +1 -1
  216. package/dist/src/server/domains/network/definitions.js +175 -578
  217. package/dist/src/server/domains/network/handlers.base.core.d.ts +64 -0
  218. package/dist/src/server/domains/network/handlers.base.core.js +623 -0
  219. package/dist/src/server/domains/network/handlers.base.d.ts +2 -124
  220. package/dist/src/server/domains/network/handlers.base.js +3 -878
  221. package/dist/src/server/domains/network/handlers.base.performance.d.ts +63 -0
  222. package/dist/src/server/domains/network/handlers.base.performance.js +193 -0
  223. package/dist/src/server/domains/network/handlers.base.types.d.ts +42 -0
  224. package/dist/src/server/domains/network/handlers.base.types.js +89 -0
  225. package/dist/src/server/domains/network/handlers.impl.core.runtime.d.ts +1 -1
  226. package/dist/src/server/domains/network/handlers.impl.core.runtime.intercept.d.ts +21 -0
  227. package/dist/src/server/domains/network/handlers.impl.core.runtime.intercept.js +186 -0
  228. package/dist/src/server/domains/network/handlers.impl.core.runtime.js +1 -1
  229. package/dist/src/server/domains/network/manifest.js +15 -0
  230. package/dist/src/server/domains/network/replay.js +1 -4
  231. package/dist/src/server/domains/platform/definitions.js +121 -112
  232. package/dist/src/server/domains/platform/handlers/bridge-handlers.d.ts +4 -0
  233. package/dist/src/server/domains/platform/handlers/bridge-handlers.js +193 -4
  234. package/dist/src/server/domains/platform/handlers/electron-asar-helpers.js +26 -6
  235. package/dist/src/server/domains/platform/handlers/electron-dual-cdp.d.ts +3 -0
  236. package/dist/src/server/domains/platform/handlers/electron-dual-cdp.js +170 -0
  237. package/dist/src/server/domains/platform/handlers/electron-fuse-handler.d.ts +3 -0
  238. package/dist/src/server/domains/platform/handlers/electron-fuse-handler.js +193 -0
  239. package/dist/src/server/domains/platform/handlers/electron-handlers.d.ts +6 -0
  240. package/dist/src/server/domains/platform/handlers/electron-handlers.js +95 -2
  241. package/dist/src/server/domains/platform/handlers/electron-ipc-sniffer.d.ts +2 -0
  242. package/dist/src/server/domains/platform/handlers/electron-ipc-sniffer.js +370 -0
  243. package/dist/src/server/domains/platform/handlers/electron-userdata-handler.d.ts +2 -0
  244. package/dist/src/server/domains/platform/handlers/electron-userdata-handler.js +78 -0
  245. package/dist/src/server/domains/platform/handlers/miniapp-handlers.js +3 -3
  246. package/dist/src/server/domains/platform/handlers/v8-bytecode-handler.d.ts +2 -0
  247. package/dist/src/server/domains/platform/handlers/v8-bytecode-handler.js +207 -0
  248. package/dist/src/server/domains/platform/handlers.d.ts +48 -0
  249. package/dist/src/server/domains/platform/handlers.js +29 -0
  250. package/dist/src/server/domains/platform/manifest.js +38 -0
  251. package/dist/src/server/domains/process/definitions.js +163 -647
  252. package/dist/src/server/domains/process/handlers.base.d.ts +3 -95
  253. package/dist/src/server/domains/process/handlers.base.js +7 -462
  254. package/dist/src/server/domains/process/handlers.base.process.d.ts +61 -0
  255. package/dist/src/server/domains/process/handlers.base.process.js +417 -0
  256. package/dist/src/server/domains/process/handlers.base.types.d.ts +57 -0
  257. package/dist/src/server/domains/process/handlers.base.types.js +50 -0
  258. package/dist/src/server/domains/process/handlers.impl.core.runtime.inject.js +18 -16
  259. package/dist/src/server/domains/process/manifest.js +6 -1
  260. package/dist/src/server/domains/sandbox/definitions.js +11 -33
  261. package/dist/src/server/domains/sandbox/handlers.js +8 -3
  262. package/dist/src/server/domains/shared/ResponseBuilder.d.ts +209 -0
  263. package/dist/src/server/domains/shared/ResponseBuilder.js +48 -0
  264. package/dist/src/server/domains/shared/modules.d.ts +0 -2
  265. package/dist/src/server/domains/shared/modules.js +0 -1
  266. package/dist/src/server/domains/sourcemap/definitions.js +27 -111
  267. package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-common.js +7 -2
  268. package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-main.js +1 -1
  269. package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-parse-base.js +1 -1
  270. package/dist/src/server/domains/sourcemap/manifest.d.ts +1 -1
  271. package/dist/src/server/domains/sourcemap/manifest.js +1 -1
  272. package/dist/src/server/domains/streaming/definitions.js +36 -148
  273. package/dist/src/server/domains/streaming/handlers.impl.streaming-sse.js +163 -164
  274. package/dist/src/server/domains/streaming/handlers.impl.streaming-ws.js +1 -1
  275. package/dist/src/server/domains/trace/TraceSummarizer.js +8 -5
  276. package/dist/src/server/domains/trace/definitions.tools.js +51 -206
  277. package/dist/src/server/domains/trace/handlers.js +10 -12
  278. package/dist/src/server/domains/trace/index.d.ts +2 -1
  279. package/dist/src/server/domains/trace/index.js +2 -1
  280. package/dist/src/server/domains/trace/manifest.js +15 -3
  281. package/dist/src/server/domains/transform/definitions.js +50 -210
  282. package/dist/src/server/domains/transform/handlers.impl.transform-base.js +108 -108
  283. package/dist/src/server/domains/transform/handlers.impl.transform-crypto.js +18 -19
  284. package/dist/src/server/domains/transform/manifest.d.ts +1 -1
  285. package/dist/src/server/domains/transform/manifest.js +1 -1
  286. package/dist/src/server/domains/wasm/definitions.js +55 -232
  287. package/dist/src/server/domains/wasm/handlers.js +1 -1
  288. package/dist/src/server/domains/workflow/definitions.js +144 -414
  289. package/dist/src/server/domains/workflow/handlers.impl.workflow-account-bundle.js +1 -1
  290. package/dist/src/server/domains/workflow/handlers.impl.workflow-api.js +51 -51
  291. package/dist/src/server/domains/workflow/handlers.impl.workflow-base.d.ts +2 -0
  292. package/dist/src/server/domains/workflow/handlers.impl.workflow-base.js +126 -87
  293. package/dist/src/server/domains/workflow/handlers.impl.workflow-batch.js +5 -5
  294. package/dist/src/server/evidence/ReverseEvidenceGraph.d.ts +20 -0
  295. package/dist/src/server/evidence/ReverseEvidenceGraph.js +208 -0
  296. package/dist/src/server/evidence/index.d.ts +2 -0
  297. package/dist/src/server/evidence/index.js +1 -0
  298. package/dist/src/server/evidence/types.d.ts +22 -0
  299. package/dist/src/server/evidence/types.js +1 -0
  300. package/dist/src/server/extensions/ExtensionManager.d.ts +1 -0
  301. package/dist/src/server/extensions/ExtensionManager.discovery.js +72 -9
  302. package/dist/src/server/extensions/ExtensionManager.integrity.js +1 -1
  303. package/dist/src/server/extensions/ExtensionManager.js +193 -40
  304. package/dist/src/server/extensions/ExtensionManager.roots.d.ts +1 -1
  305. package/dist/src/server/extensions/ExtensionManager.roots.js +4 -4
  306. package/dist/src/server/extensions/plugin-config.js +1 -1
  307. package/dist/src/server/extensions/plugin-env.d.ts +1 -1
  308. package/dist/src/server/extensions/plugin-env.js +10 -4
  309. package/dist/src/server/extensions/types.d.ts +17 -0
  310. package/dist/src/server/extensions/types.js +1 -1
  311. package/dist/src/server/instrumentation/EvidenceGraphBridge.d.ts +13 -0
  312. package/dist/src/server/instrumentation/EvidenceGraphBridge.js +150 -0
  313. package/dist/src/server/instrumentation/InstrumentationSession.d.ts +60 -0
  314. package/dist/src/server/instrumentation/InstrumentationSession.js +269 -0
  315. package/dist/src/server/instrumentation/index.d.ts +2 -0
  316. package/dist/src/server/instrumentation/index.js +2 -0
  317. package/dist/src/server/instrumentation/types.d.ts +62 -0
  318. package/dist/src/server/instrumentation/types.js +7 -0
  319. package/dist/src/server/macros/MacroConfigLoader.d.ts +6 -5
  320. package/dist/src/server/macros/MacroConfigLoader.js +61 -59
  321. package/dist/src/server/macros/MacroRunner.js +6 -2
  322. package/dist/src/server/macros/builtins/index.d.ts +2 -3
  323. package/dist/src/server/macros/builtins/index.js +51 -7
  324. package/dist/src/server/plugins/PluginContract.d.ts +1 -1
  325. package/dist/src/server/registry/contracts.d.ts +1 -1
  326. package/dist/src/server/registry/discovery.js +5 -4
  327. package/dist/src/server/registry/ensure-browser-core.js +0 -3
  328. package/dist/src/server/registry/index.js +4 -4
  329. package/dist/src/server/registry/tool-builder.d.ts +46 -0
  330. package/dist/src/server/registry/tool-builder.js +105 -0
  331. package/dist/src/server/sandbox/QuickJSSandbox.js +16 -5
  332. package/dist/src/server/sandbox/SandboxHelpers.js +250 -250
  333. package/dist/src/server/search/EmbeddingWorker.js +5 -3
  334. package/dist/src/server/search/FeedbackTracker.d.ts +9 -0
  335. package/dist/src/server/search/FeedbackTracker.js +26 -0
  336. package/dist/src/server/search/QueryNormalizer.d.ts +6 -0
  337. package/dist/src/server/search/QueryNormalizer.js +94 -0
  338. package/dist/src/server/search/ToolSearchEngineImpl.d.ts +2 -3
  339. package/dist/src/server/search/ToolSearchEngineImpl.js +38 -88
  340. package/dist/src/server/workflows/WorkflowContract.d.ts +24 -0
  341. package/dist/src/server/workflows/WorkflowContract.js +12 -0
  342. package/dist/src/server/workflows/WorkflowEngine.d.ts +1 -0
  343. package/dist/src/server/workflows/WorkflowEngine.js +136 -3
  344. package/dist/src/types/config.d.ts +0 -14
  345. package/dist/src/types/deobfuscator.d.ts +0 -1
  346. package/dist/src/types/index.d.ts +1 -1
  347. package/dist/src/utils/DetailedDataManager.js +2 -0
  348. package/dist/src/utils/RingBuffer.js +5 -5
  349. package/dist/src/utils/TokenBudgetManager.js +1 -1
  350. package/dist/src/utils/UnifiedCacheManager.js +1 -1
  351. package/dist/src/utils/artifactRetention.js +2 -2
  352. package/dist/src/utils/betterSqlite3.d.ts +11 -0
  353. package/dist/src/utils/betterSqlite3.js +88 -0
  354. package/dist/src/utils/browserExecutable.js +2 -2
  355. package/dist/src/utils/cliFastPath.js +5 -8
  356. package/dist/src/utils/config.js +4 -26
  357. package/dist/src/utils/environmentDoctor.js +138 -11
  358. package/dist/src/utils/outputPaths.js +16 -9
  359. package/dist/src/utils/parallel.js +1 -3
  360. package/package.json +74 -72
  361. package/workflows/.gitkeep +0 -0
  362. package/dist/src/modules/analyzer/AISummarizer.d.ts +0 -39
  363. package/dist/src/modules/analyzer/AISummarizer.js +0 -122
  364. package/dist/src/modules/hook/AIHookGenerator.d.ts +0 -52
  365. package/dist/src/modules/hook/AIHookGenerator.js +0 -360
  366. package/dist/src/modules/hook/AIHookGeneratorTemplates.d.ts +0 -9
  367. package/dist/src/modules/hook/AIHookGeneratorTemplates.js +0 -157
  368. package/dist/src/server/macros/builtins/deobfuscate-ast-flow.d.ts +0 -2
  369. package/dist/src/server/macros/builtins/deobfuscate-ast-flow.js +0 -25
  370. package/dist/src/server/macros/builtins/unpacker-flow.d.ts +0 -2
  371. package/dist/src/server/macros/builtins/unpacker-flow.js +0 -25
  372. package/dist/src/services/LLMService.d.ts +0 -37
  373. package/dist/src/services/LLMService.js +0 -233
  374. package/dist/src/services/prompts/analysis.d.ts +0 -9
  375. package/dist/src/services/prompts/analysis.js +0 -158
  376. package/dist/src/services/prompts/crypto.d.ts +0 -2
  377. package/dist/src/services/prompts/crypto.js +0 -108
  378. package/dist/src/services/prompts/deobfuscation.d.ts +0 -6
  379. package/dist/src/services/prompts/deobfuscation.js +0 -300
  380. package/dist/src/services/prompts/environment.d.ts +0 -16
  381. package/dist/src/services/prompts/environment.js +0 -372
  382. package/dist/src/services/prompts/intelligence.d.ts +0 -4
  383. package/dist/src/services/prompts/intelligence.js +0 -250
  384. package/dist/src/services/prompts/taint.d.ts +0 -2
  385. package/dist/src/services/prompts/taint.js +0 -54
package/dist/src/server/domains/transform/handlers.impl.transform-base.js CHANGED
@@ -1,6 +1,11 @@
1
1
  import { ScriptManager } from '../../domains/shared/modules.js';
2
2
  import { WorkerPool } from '../../../utils/WorkerPool.js';
3
3
  import { TRANSFORM_WORKER_TIMEOUT_MS, TRANSFORM_CRYPTO_POOL_MAX_WORKERS, TRANSFORM_CRYPTO_POOL_IDLE_TIMEOUT_MS, TRANSFORM_CRYPTO_POOL_MAX_OLD_GEN_MB, TRANSFORM_CRYPTO_POOL_MAX_YOUNG_GEN_MB, } from '../../../constants.js';
4
+ function extractLastSegment(value) {
5
+ const normalized = value.startsWith('window.') ? value.slice(7) : value;
6
+ const parts = normalized.split('.').filter(Boolean);
7
+ return parts.length > 0 ? parts[parts.length - 1] : '';
8
+ }
4
9
  const SUPPORTED_TRANSFORMS = [
5
10
  'constant_fold',
6
11
  'string_decrypt',
@@ -31,98 +36,98 @@ export const CRYPTO_KEYWORDS = [
31
36
  'aes',
32
37
  'rsa',
33
38
  ];
34
- const CRYPTO_TEST_WORKER_SCRIPT = `
35
- const __bootstrap = async () => {
36
- const [workerThreads, vm, perfHooks] = await Promise.all([
37
- import('node:worker_threads'),
38
- import('node:vm'),
39
- import('node:perf_hooks'),
40
- ]);
41
-
42
- const parentPort = workerThreads.parentPort;
43
- const performance = perfHooks.performance;
44
-
45
- if (!parentPort) {
46
- throw new Error('worker parentPort is unavailable');
47
- }
48
-
49
- function normalizeOutput(value) {
50
- if (value === undefined) return '__undefined__';
51
- if (value === null) return 'null';
52
- if (typeof value === 'string') return value;
53
- if (typeof value === 'number' || typeof value === 'boolean' || typeof value === 'bigint') return String(value);
54
- try { return JSON.stringify(value); } catch { return String(value); }
55
- }
56
-
57
- parentPort.on('message', async (msg) => {
58
- const { jobId, payload } = msg;
59
- try {
60
- const { code, functionName, testInputs } = payload;
61
- const sandbox = {
62
- console: { log() {}, warn() {}, error() {} },
63
- Buffer,
64
- TextEncoder,
65
- TextDecoder,
66
- atob: (v) => Buffer.from(String(v), 'base64').toString('binary'),
67
- btoa: (v) => Buffer.from(String(v), 'binary').toString('base64'),
68
- };
69
- sandbox.globalThis = sandbox;
70
- const context = vm.createContext(sandbox);
71
-
72
- const isValidIdentifier = /^[A-Za-z_$][A-Za-z0-9_$]*$/.test(functionName);
73
- const bindCode = isValidIdentifier
74
- ? "\\n;globalThis.__targetFn = (typeof " + functionName + " !== 'undefined' ? " + functionName + " : globalThis[" + JSON.stringify(functionName) + "]);"
75
- : "\\n;globalThis.__targetFn = globalThis[" + JSON.stringify(functionName) + "];";
76
-
77
- const script = new vm.Script(code + bindCode, { timeout: 5000 });
78
- script.runInContext(context, { timeout: 5000 });
79
-
80
- const targetFn = context.__targetFn;
81
- if (typeof targetFn !== 'function') {
82
- throw new Error("Function not found or not callable: " + functionName);
83
- }
84
-
85
- const rows = [];
86
- for (const input of testInputs) {
87
- const started = performance.now();
88
- try {
89
- const raw = targetFn(input);
90
- const resolved = raw && typeof raw.then === 'function' ? await raw : raw;
91
- rows.push({
92
- input,
93
- output: normalizeOutput(resolved),
94
- duration: Number((performance.now() - started).toFixed(3)),
95
- });
96
- } catch (err) {
97
- rows.push({
98
- input,
99
- output: '',
100
- error: err && err.message ? err.message : String(err),
101
- duration: Number((performance.now() - started).toFixed(3)),
102
- });
103
- }
104
- }
105
-
106
- parentPort.postMessage({ jobId, ok: true, result: { ok: true, results: rows } });
107
- } catch (error) {
108
- parentPort.postMessage({
109
- jobId,
110
- ok: true,
111
- result: {
112
- ok: false,
113
- error: error && error.message ? error.message : String(error),
114
- results: [],
115
- },
116
- });
117
- }
118
- });
119
- };
120
-
121
- __bootstrap().catch((error) => {
122
- if (typeof console !== 'undefined' && typeof console.error === 'function') {
123
- console.error('crypto harness worker bootstrap failed:', error && error.message ? error.message : String(error));
124
- }
125
- });
39
+ const CRYPTO_TEST_WORKER_SCRIPT = `
40
+ const __bootstrap = async () => {
41
+ const [workerThreads, vm, perfHooks] = await Promise.all([
42
+ import('node:worker_threads'),
43
+ import('node:vm'),
44
+ import('node:perf_hooks'),
45
+ ]);
46
+
47
+ const parentPort = workerThreads.parentPort;
48
+ const performance = perfHooks.performance;
49
+
50
+ if (!parentPort) {
51
+ throw new Error('worker parentPort is unavailable');
52
+ }
53
+
54
+ function normalizeOutput(value) {
55
+ if (value === undefined) return '__undefined__';
56
+ if (value === null) return 'null';
57
+ if (typeof value === 'string') return value;
58
+ if (typeof value === 'number' || typeof value === 'boolean' || typeof value === 'bigint') return String(value);
59
+ try { return JSON.stringify(value); } catch { return String(value); }
60
+ }
61
+
62
+ parentPort.on('message', async (msg) => {
63
+ const { jobId, payload } = msg;
64
+ try {
65
+ const { code, functionName, testInputs } = payload;
66
+ const sandbox = {
67
+ console: { log() {}, warn() {}, error() {} },
68
+ Buffer,
69
+ TextEncoder,
70
+ TextDecoder,
71
+ atob: (v) => Buffer.from(String(v), 'base64').toString('binary'),
72
+ btoa: (v) => Buffer.from(String(v), 'binary').toString('base64'),
73
+ };
74
+ sandbox.globalThis = sandbox;
75
+ const context = vm.createContext(sandbox);
76
+
77
+ const isValidIdentifier = /^[A-Za-z_$][A-Za-z0-9_$]*$/.test(functionName);
78
+ const bindCode = isValidIdentifier
79
+ ? "\\n;globalThis.__targetFn = (typeof " + functionName + " !== 'undefined' ? " + functionName + " : globalThis[" + JSON.stringify(functionName) + "]);"
80
+ : "\\n;globalThis.__targetFn = globalThis[" + JSON.stringify(functionName) + "];";
81
+
82
+ const script = new vm.Script(code + bindCode, { timeout: 5000 });
83
+ script.runInContext(context, { timeout: 5000 });
84
+
85
+ const targetFn = context.__targetFn;
86
+ if (typeof targetFn !== 'function') {
87
+ throw new Error("Function not found or not callable: " + functionName);
88
+ }
89
+
90
+ const rows = [];
91
+ for (const input of testInputs) {
92
+ const started = performance.now();
93
+ try {
94
+ const raw = targetFn(input);
95
+ const resolved = raw && typeof raw.then === 'function' ? await raw : raw;
96
+ rows.push({
97
+ input,
98
+ output: normalizeOutput(resolved),
99
+ duration: Number((performance.now() - started).toFixed(3)),
100
+ });
101
+ } catch (err) {
102
+ rows.push({
103
+ input,
104
+ output: '',
105
+ error: err && err.message ? err.message : String(err),
106
+ duration: Number((performance.now() - started).toFixed(3)),
107
+ });
108
+ }
109
+ }
110
+
111
+ parentPort.postMessage({ jobId, ok: true, result: { ok: true, results: rows } });
112
+ } catch (error) {
113
+ parentPort.postMessage({
114
+ jobId,
115
+ ok: true,
116
+ result: {
117
+ ok: false,
118
+ error: error && error.message ? error.message : String(error),
119
+ results: [],
120
+ },
121
+ });
122
+ }
123
+ });
124
+ };
125
+
126
+ __bootstrap().catch((error) => {
127
+ if (typeof console !== 'undefined' && typeof console.error === 'function') {
128
+ console.error('crypto harness worker bootstrap failed:', error && error.message ? error.message : String(error));
129
+ }
130
+ });
126
131
  `;
127
132
  export class TransformToolHandlersBase {
128
133
  collector;
@@ -279,7 +284,7 @@ export class TransformToolHandlersBase {
279
284
  }
280
285
  }
281
286
  for (const script of scripts) {
282
- if (script.id === id || (script.dataset?.scriptId === id)) {
287
+ if (script.id === id || script.dataset?.scriptId === id) {
283
288
  if (script.textContent && script.textContent.trim().length > 0) {
284
289
  return script.textContent;
285
290
  }
@@ -313,11 +318,6 @@ export class TransformToolHandlersBase {
313
318
  throw new Error(`Unable to resolve source from scriptId: ${scriptId}`);
314
319
  }
315
320
  resolveFunctionName(targetFunction, targetPath, source) {
316
- const extractLastSegment = (value) => {
317
- const normalized = value.startsWith('window.') ? value.slice(7) : value;
318
- const parts = normalized.split('.').filter(Boolean);
319
- return parts.length > 0 ? parts[parts.length - 1] : '';
320
- };
321
321
  const candidateFromTarget = extractLastSegment(targetFunction);
322
322
  if (this.isValidIdentifier(candidateFromTarget)) {
323
323
  return candidateFromTarget;
@@ -336,16 +336,16 @@ export class TransformToolHandlersBase {
336
336
  return /^[A-Za-z_$][A-Za-z0-9_$]*$/.test(value);
337
337
  }
338
338
  buildCryptoPolyfills() {
339
- return `
340
- const __textEncoder = typeof TextEncoder !== 'undefined' ? new TextEncoder() : null;
341
- const __textDecoder = typeof TextDecoder !== 'undefined' ? new TextDecoder() : null;
342
-
343
- if (typeof globalThis.atob === 'undefined') {
344
- globalThis.atob = (value) => Buffer.from(String(value), 'base64').toString('binary');
345
- }
346
- if (typeof globalThis.btoa === 'undefined') {
347
- globalThis.btoa = (value) => Buffer.from(String(value), 'binary').toString('base64');
348
- }
339
+ return `
340
+ const __textEncoder = typeof TextEncoder !== 'undefined' ? new TextEncoder() : null;
341
+ const __textDecoder = typeof TextDecoder !== 'undefined' ? new TextDecoder() : null;
342
+
343
+ if (typeof globalThis.atob === 'undefined') {
344
+ globalThis.atob = (value) => Buffer.from(String(value), 'base64').toString('binary');
345
+ }
346
+ if (typeof globalThis.btoa === 'undefined') {
347
+ globalThis.btoa = (value) => Buffer.from(String(value), 'binary').toString('base64');
348
+ }
349
349
  `.trim();
350
350
  }
351
351
  async runCryptoHarness(code, functionName, testInputs) {
package/dist/src/server/domains/transform/handlers.impl.transform-crypto.js CHANGED
@@ -11,24 +11,6 @@ export class TransformToolHandlersCrypto extends TransformToolHandlersOps {
11
11
  const keywordList = Array.isArray(keywords) ? keywords : [];
12
12
  const lowerKeywords = keywordList.map((item) => String(item).toLowerCase());
13
13
  const globalObj = window;
14
- const resolvePath = (path) => {
15
- const normalized = path.startsWith('window.') ? path.slice(7) : path;
16
- const parts = normalized.split('.').filter(Boolean);
17
- let cursor = window;
18
- for (const part of parts) {
19
- if (cursor === null ||
20
- cursor === undefined ||
21
- (typeof cursor !== 'object' && typeof cursor !== 'function')) {
22
- return undefined;
23
- }
24
- const carrier = cursor;
25
- if (!(part in carrier)) {
26
- return undefined;
27
- }
28
- cursor = carrier[part];
29
- }
30
- return cursor;
31
- };
32
14
  const scoreFunction = (path, source) => {
33
15
  const text = (path + '\\n' + source).toLowerCase();
34
16
  let score = 0;
@@ -56,7 +38,24 @@ export class TransformToolHandlersCrypto extends TransformToolHandlersOps {
56
38
  });
57
39
  };
58
40
  if (target.length > 0) {
59
- const resolved = resolvePath(target);
41
+ const resolved = (() => {
42
+ const normalized = target.startsWith('window.') ? target.slice(7) : target;
43
+ const parts = normalized.split('.').filter(Boolean);
44
+ let cursor = window;
45
+ for (const part of parts) {
46
+ if (cursor === null ||
47
+ cursor === undefined ||
48
+ (typeof cursor !== 'object' && typeof cursor !== 'function')) {
49
+ return undefined;
50
+ }
51
+ const carrier = cursor;
52
+ if (!(part in carrier)) {
53
+ return undefined;
54
+ }
55
+ cursor = carrier[part];
56
+ }
57
+ return cursor;
58
+ })();
60
59
  pushCandidate(target, resolved, 100);
61
60
  }
62
61
  const globalKeys = Object.getOwnPropertyNames(globalObj).slice(0, 800);
package/dist/src/server/domains/transform/manifest.d.ts CHANGED
@@ -7,7 +7,7 @@ declare const manifest: {
7
7
  version: 1;
8
8
  domain: "transform";
9
9
  depKey: "transformHandlers";
10
- profiles: "full"[];
10
+ profiles: ("workflow" | "full")[];
11
11
  ensure: typeof ensure;
12
12
  registrations: {
13
13
  tool: {
package/dist/src/server/domains/transform/manifest.js CHANGED
@@ -20,7 +20,7 @@ const manifest = {
20
20
  version: 1,
21
21
  domain: DOMAIN,
22
22
  depKey: DEP_KEY,
23
- profiles: ['full'],
23
+ profiles: ['workflow', 'full'],
24
24
  ensure,
25
25
  registrations: [
26
26
  {
package/dist/src/server/domains/wasm/definitions.js CHANGED
@@ -1,234 +1,57 @@
1
+ import { tool } from '../../registry/tool-builder.js';
1
2
  export const wasmTools = [
2
- {
3
- name: 'wasm_dump',
4
- description: 'Dump a WebAssembly module from the current browser page.\n\nExtracts the WASM binary via the webassembly-full hook preset, saves it to disk, and returns module metadata (hash, size, imports, exports).\n\nPrerequisites: A page with WASM must be loaded. The webassembly-full hook preset will be auto-injected if not already active.',
5
- inputSchema: {
6
- type: 'object',
7
- properties: {
8
- moduleIndex: {
9
- type: 'number',
10
- description: 'Index of the WASM module to dump if multiple were loaded (default: 0 = first)',
11
- default: 0,
12
- },
13
- outputPath: {
14
- type: 'string',
15
- description: 'Custom output file path. If omitted, auto-generates in artifacts/wasm/',
16
- },
17
- },
18
- },
19
- annotations: {
20
- readOnlyHint: false,
21
- destructiveHint: false,
22
- idempotentHint: false,
23
- openWorldHint: false,
24
- },
25
- },
26
- {
27
- name: 'wasm_disassemble',
28
- description: 'Disassemble a .wasm file to WebAssembly Text Format (WAT) using wasm2wat.\n\nRequires: wabt toolchain installed (wasm2wat in PATH).\n\nUSE THIS to read WASM bytecode as human-readable text. The output shows all functions, imports, exports, and instructions.',
29
- inputSchema: {
30
- type: 'object',
31
- properties: {
32
- inputPath: {
33
- type: 'string',
34
- description: 'Path to the .wasm file to disassemble',
35
- },
36
- outputPath: {
37
- type: 'string',
38
- description: 'Output .wat file path. If omitted, auto-generates in artifacts/wasm/',
39
- },
40
- foldExprs: {
41
- type: 'boolean',
42
- description: 'Fold expressions for more compact output (default: true)',
43
- default: true,
44
- },
45
- },
46
- required: ['inputPath'],
47
- },
48
- annotations: {
49
- readOnlyHint: false,
50
- destructiveHint: false,
51
- idempotentHint: false,
52
- openWorldHint: false,
53
- },
54
- },
55
- {
56
- name: 'wasm_decompile',
57
- description: 'Decompile a .wasm file to C-like pseudo-code using wasm-decompile.\n\nRequires: wabt toolchain installed (wasm-decompile in PATH).\n\nProduces more readable output than WAT, resembling C/JavaScript syntax. Useful for understanding VMP handler logic.',
58
- inputSchema: {
59
- type: 'object',
60
- properties: {
61
- inputPath: {
62
- type: 'string',
63
- description: 'Path to the .wasm file to decompile',
64
- },
65
- outputPath: {
66
- type: 'string',
67
- description: 'Output file path. If omitted, auto-generates in artifacts/wasm/',
68
- },
69
- },
70
- required: ['inputPath'],
71
- },
72
- annotations: {
73
- readOnlyHint: false,
74
- destructiveHint: false,
75
- idempotentHint: false,
76
- openWorldHint: false,
77
- },
78
- },
79
- {
80
- name: 'wasm_inspect_sections',
81
- description: 'Inspect sections and metadata of a .wasm file using wasm-objdump.\n\nRequires: wabt toolchain installed (wasm-objdump in PATH).\n\nReturns section headers, import/export tables, function signatures, and memory layout.',
82
- inputSchema: {
83
- type: 'object',
84
- properties: {
85
- inputPath: {
86
- type: 'string',
87
- description: 'Path to the .wasm file to inspect',
88
- },
89
- sections: {
90
- type: 'string',
91
- enum: ['headers', 'details', 'disassemble', 'all'],
92
- description: 'What to dump: headers (section overview), details (full metadata), disassemble (bytecode), all. Default: details',
93
- default: 'details',
94
- },
95
- },
96
- required: ['inputPath'],
97
- },
98
- annotations: {
99
- readOnlyHint: false,
100
- destructiveHint: false,
101
- idempotentHint: false,
102
- openWorldHint: false,
103
- },
104
- },
105
- {
106
- name: 'wasm_offline_run',
107
- description: 'Execute a specific exported function from a .wasm file offline using wasmtime or wasmer.\n\nRequires: wasmtime or wasmer installed in PATH.\n\nUSE THIS to run sign/encrypt functions extracted from WASM VMP without a browser. Provide the function name and arguments.\n\nSecurity: Runs in a sandboxed WASM runtime with no filesystem or network access.',
108
- inputSchema: {
109
- type: 'object',
110
- properties: {
111
- inputPath: {
112
- type: 'string',
113
- description: 'Path to the .wasm file',
114
- },
115
- functionName: {
116
- type: 'string',
117
- description: 'Name of the exported function to invoke (e.g., "_sign", "encrypt")',
118
- },
119
- args: {
120
- type: 'array',
121
- items: { type: 'string' },
122
- description: 'Arguments to pass to the function (will be parsed as integers/floats)',
123
- },
124
- runtime: {
125
- type: 'string',
126
- enum: ['wasmtime', 'wasmer', 'auto'],
127
- description: 'WASM runtime to use. "auto" tries wasmtime first, then wasmer. Default: auto',
128
- default: 'auto',
129
- },
130
- timeoutMs: {
131
- type: 'number',
132
- description: 'Execution timeout in ms (default: 10000)',
133
- default: 10000,
134
- },
135
- },
136
- required: ['inputPath', 'functionName'],
137
- },
138
- annotations: {
139
- readOnlyHint: false,
140
- destructiveHint: false,
141
- idempotentHint: false,
142
- openWorldHint: false,
143
- },
144
- },
145
- {
146
- name: 'wasm_optimize',
147
- description: 'Optimize a .wasm file using binaryen wasm-opt.\n\nRequires: binaryen toolchain installed (wasm-opt in PATH).\n\nApplies optimization passes (dead code elimination, constant folding, etc.) to reduce size and improve performance. Optimized output can be re-injected into the browser.',
148
- inputSchema: {
149
- type: 'object',
150
- properties: {
151
- inputPath: {
152
- type: 'string',
153
- description: 'Path to the .wasm file to optimize',
154
- },
155
- outputPath: {
156
- type: 'string',
157
- description: 'Output optimized .wasm file path. If omitted, auto-generates in artifacts/wasm/',
158
- },
159
- level: {
160
- type: 'string',
161
- enum: ['O1', 'O2', 'O3', 'O4', 'Os', 'Oz'],
162
- description: 'Optimization level (default: O2)',
163
- default: 'O2',
164
- },
165
- },
166
- required: ['inputPath'],
167
- },
168
- annotations: {
169
- readOnlyHint: false,
170
- destructiveHint: false,
171
- idempotentHint: false,
172
- openWorldHint: false,
173
- },
174
- },
175
- {
176
- name: 'wasm_vmp_trace',
177
- description: 'Trace WASM VMP (Virtual Machine Protection) opcode execution.\n\nCombines the webassembly-full hook preset with enhanced import call tracing to reconstruct VMP handler tables and execution flows.\n\nUSE THIS when a page uses WASM-based VMP to protect sign/encrypt functions. Returns:\n- Import call sequence (opcode trace)\n- Identified handler patterns\n- Input→output data flow',
178
- inputSchema: {
179
- type: 'object',
180
- properties: {
181
- maxEvents: {
182
- type: 'number',
183
- description: 'Maximum import call events to capture (default: 5000)',
184
- default: 5000,
185
- },
186
- filterModule: {
187
- type: 'string',
188
- description: 'Only trace calls to this import module name (e.g., "env", "wasi_snapshot_preview1")',
189
- },
190
- },
191
- },
192
- annotations: {
193
- readOnlyHint: false,
194
- destructiveHint: false,
195
- idempotentHint: false,
196
- openWorldHint: false,
197
- },
198
- },
199
- {
200
- name: 'wasm_memory_inspect',
201
- description: 'Inspect WebAssembly.Memory contents from the browser.\n\nReads the linear memory buffer of the active WASM module, displaying it as hex dump, ASCII, or searching for patterns.\n\nUSE THIS to:\n- Examine WASM memory layout (stack, heap, data segments)\n- Find strings, keys, or encoded data in WASM memory\n- Track how input data is transformed through WASM functions',
202
- inputSchema: {
203
- type: 'object',
204
- properties: {
205
- offset: {
206
- type: 'number',
207
- description: 'Starting byte offset to read from (default: 0)',
208
- default: 0,
209
- },
210
- length: {
211
- type: 'number',
212
- description: 'Number of bytes to read (default: 256, max: 65536)',
213
- default: 256,
214
- },
215
- format: {
216
- type: 'string',
217
- enum: ['hex', 'ascii', 'both'],
218
- description: 'Output format (default: both)',
219
- default: 'both',
220
- },
221
- searchPattern: {
222
- type: 'string',
223
- description: 'Search for this hex pattern or ASCII string in the memory range',
224
- },
225
- },
226
- },
227
- annotations: {
228
- readOnlyHint: false,
229
- destructiveHint: false,
230
- idempotentHint: false,
231
- openWorldHint: false,
232
- },
233
- },
3
+ tool('wasm_dump')
4
+ .desc('Dump a WebAssembly module from the current browser page.\n\nExtracts the WASM binary via the webassembly-full hook preset, saves it to disk, and returns module metadata (hash, size, imports, exports).\n\nPrerequisites: A page with WASM must be loaded. The webassembly-full hook preset will be auto-injected if not already active.')
5
+ .number('moduleIndex', 'Index of the WASM module to dump if multiple were loaded', {
6
+ default: 0,
7
+ })
8
+ .string('outputPath', 'Custom output file path. If omitted, auto-generates in artifacts/wasm/')
9
+ .build(),
10
+ tool('wasm_disassemble')
11
+ .desc('Disassemble a .wasm file to WebAssembly Text Format (WAT) using wasm2wat.\n\nRequires: wabt toolchain installed (wasm2wat in PATH).\n\nUSE THIS to read WASM bytecode as human-readable text. The output shows all functions, imports, exports, and instructions.')
12
+ .string('inputPath', 'Path to the .wasm file to disassemble')
13
+ .string('outputPath', 'Output .wat file path. If omitted, auto-generates in artifacts/wasm/')
14
+ .boolean('foldExprs', 'Fold expressions for more compact output', { default: true })
15
+ .required('inputPath')
16
+ .build(),
17
+ tool('wasm_decompile')
18
+ .desc('Decompile a .wasm file to C-like pseudo-code using wasm-decompile.\n\nRequires: wabt toolchain installed (wasm-decompile in PATH).\n\nProduces more readable output than WAT, resembling C/JavaScript syntax. Useful for understanding VMP handler logic.')
19
+ .string('inputPath', 'Path to the .wasm file to decompile')
20
+ .string('outputPath', 'Output file path. If omitted, auto-generates in artifacts/wasm/')
21
+ .required('inputPath')
22
+ .build(),
23
+ tool('wasm_inspect_sections')
24
+ .desc('Inspect sections and metadata of a .wasm file using wasm-objdump.\n\nRequires: wabt toolchain installed (wasm-objdump in PATH).\n\nReturns section headers, import/export tables, function signatures, and memory layout.')
25
+ .string('inputPath', 'Path to the .wasm file to inspect')
26
+ .enum('sections', ['headers', 'details', 'disassemble', 'all'], 'What to dump: headers (section overview), details (full metadata), disassemble (bytecode), all', { default: 'details' })
27
+ .required('inputPath')
28
+ .build(),
29
+ tool('wasm_offline_run')
30
+ .desc('Execute a specific exported function from a .wasm file offline using wasmtime or wasmer.\n\nRequires: wasmtime or wasmer installed in PATH.\n\nUSE THIS to run sign/encrypt functions extracted from WASM VMP without a browser. Provide the function name and arguments.\n\nSecurity: Runs in a sandboxed WASM runtime with no filesystem or network access.')
31
+ .string('inputPath', 'Path to the .wasm file')
32
+ .string('functionName', 'Name of the exported function to invoke (e.g., "_sign", "encrypt")')
33
+ .array('args', { type: 'string' }, 'Arguments to pass to the function (will be parsed as integers/floats)')
34
+ .enum('runtime', ['wasmtime', 'wasmer', 'auto'], 'WASM runtime to use. "auto" tries wasmtime first, then wasmer', { default: 'auto' })
35
+ .number('timeoutMs', 'Execution timeout in ms', { default: 10000 })
36
+ .required('inputPath', 'functionName')
37
+ .build(),
38
+ tool('wasm_optimize')
39
+ .desc('Optimize a .wasm file using binaryen wasm-opt.\n\nRequires: binaryen toolchain installed (wasm-opt in PATH).\n\nApplies optimization passes (dead code elimination, constant folding, etc.) to reduce size and improve performance. Optimized output can be re-injected into the browser.')
40
+ .string('inputPath', 'Path to the .wasm file to optimize')
41
+ .string('outputPath', 'Output optimized .wasm file path. If omitted, auto-generates in artifacts/wasm/')
42
+ .enum('level', ['O1', 'O2', 'O3', 'O4', 'Os', 'Oz'], 'Optimization level', { default: 'O2' })
43
+ .required('inputPath')
44
+ .build(),
45
+ tool('wasm_vmp_trace')
46
+ .desc('Trace WASM VMP (Virtual Machine Protection) opcode execution.\n\nCombines the webassembly-full hook preset with enhanced import call tracing to reconstruct VMP handler tables and execution flows.\n\nUSE THIS when a page uses WASM-based VMP to protect sign/encrypt functions. Returns:\n- Import call sequence (opcode trace)\n- Identified handler patterns\n- Input→output data flow')
47
+ .number('maxEvents', 'Maximum import call events to capture', { default: 5000 })
48
+ .string('filterModule', 'Only trace calls to this import module name (e.g., "env", "wasi_snapshot_preview1")')
49
+ .build(),
50
+ tool('wasm_memory_inspect')
51
+ .desc('Inspect WebAssembly.Memory contents from the browser.\n\nReads the linear memory buffer of the active WASM module, displaying it as hex dump, ASCII, or searching for patterns.\n\nUSE THIS to:\n- Examine WASM memory layout (stack, heap, data segments)\n- Find strings, keys, or encoded data in WASM memory\n- Track how input data is transformed through WASM functions')
52
+ .number('offset', 'Starting byte offset to read from', { default: 0 })
53
+ .number('length', 'Number of bytes to read', { default: 256 })
54
+ .enum('format', ['hex', 'ascii', 'both'], 'Output format', { default: 'both' })
55
+ .string('searchPattern', 'Search for this hex pattern or ASCII string in the memory range')
56
+ .build(),
234
57
  ];
package/dist/src/server/domains/wasm/handlers.js CHANGED
@@ -411,7 +411,7 @@ export class WasmToolHandlers {
411
411
  fnCounts[key] = (fnCounts[key] || 0) + 1;
412
412
  }
413
413
  const sorted = Object.entries(fnCounts)
414
- .sort((a, b) => b[1] - a[1])
414
+ .toSorted((a, b) => b[1] - a[1])
415
415
  .slice(0, 30)
416
416
  .map(([name, count]) => ({ name, count }));
417
417
  return {