@jshookmcp/jshook 0.2.8 → 0.3.0

package/dist/graphql-CoHrhweh.mjs

@@ -0,0 +1,1197 @@
+import { at as GRAPHQL_MAX_SCHEMA_CHARS, it as GRAPHQL_MAX_QUERY_CHARS, nt as GRAPHQL_MAX_GRAPH_NODES, rt as GRAPHQL_MAX_PREVIEW_CHARS, tt as GRAPHQL_MAX_GRAPH_EDGES } from "./constants-CDZLOoVv.mjs";
+import { a as argString, i as argObject, t as argBool } from "./parse-args-B4cY5Vx5.mjs";
+import { s as evaluateWithTimeout } from "./PageController-BPJNqqBN.mjs";
+import { c as isSsrfTarget } from "./ssrf-policy-Dsqd-DTX.mjs";
+import "./definitions-Pp5LI2H4.mjs";
+//#region src/server/domains/graphql/handlers/shared.ts
+function toResponse(payload) {
+	return { content: [{
+		type: "text",
+		text: JSON.stringify(payload, null, 2)
+	}] };
+}
+function toError(error, context) {
+	const payload = {
+		success: false,
+		error: getErrorMessage(error)
+	};
+	if (context) payload.context = context;
+	return {
+		content: [{
+			type: "text",
+			text: JSON.stringify(payload, null, 2)
+		}],
+		isError: true
+	};
+}
+function getErrorMessage(error) {
+	if (error instanceof Error) return error.message;
+	return String(error);
+}
+/**
+* Parse a number argument from args, supporting string-to-number coercion,
+* min/max clamping, and integer truncation.
+* Preserves behavior from the old GraphQLHandlersBase.getNumberArg().
+*/
+function parseClampedNumber(args, key, defaultValue, min, max) {
+	const value = args[key];
+	let parsed = defaultValue;
+	if (typeof value === "number" && Number.isFinite(value)) parsed = value;
+	else if (typeof value === "string") {
+		const fromString = Number(value);
+		if (Number.isFinite(fromString)) parsed = fromString;
+	}
+	if (parsed < min) return min;
+	if (parsed > max) return max;
+	return Math.trunc(parsed);
+}
+function normalizeHeaders(value) {
+	if (!value || typeof value !== "object" || Array.isArray(value)) return {};
+	const dangerousKeys = new Set([
+		"__proto__",
+		"constructor",
+		"prototype"
+	]);
+	const headers = Object.create(null);
+	for (const [header, rawValue] of Object.entries(value)) {
+		if (dangerousKeys.has(header)) continue;
+		if (typeof rawValue === "string") headers[header] = rawValue;
+		else if (typeof rawValue === "number" || typeof rawValue === "boolean") headers[header] = String(rawValue);
+	}
+	return headers;
+}
+function parseEndpoint(endpoint) {
+	let parsedEndpoint;
+	try {
+		parsedEndpoint = new URL(endpoint);
+	} catch {
+		return { error: `Invalid endpoint URL: ${endpoint}` };
+	}
+	if (parsedEndpoint.protocol !== "http:" && parsedEndpoint.protocol !== "https:") return { error: `Unsupported endpoint protocol: ${parsedEndpoint.protocol} — only http/https allowed` };
+	return { parsedEndpoint };
+}
+async function validateExternalEndpoint(endpoint) {
+	const parsed = parseEndpoint(endpoint);
+	if ("error" in parsed) return parsed.error;
+	if (await isSsrfTarget(parsed.parsedEndpoint.toString())) return `Blocked: endpoint "${endpoint}" resolves to a private/reserved address`;
+	return null;
+}
+async function validateBrowserEndpoint(endpoint, currentPageUrl) {
+	const parsed = parseEndpoint(endpoint);
+	if ("error" in parsed) return parsed.error;
+	if (!await isSsrfTarget(parsed.parsedEndpoint.toString())) return null;
+	if (typeof currentPageUrl === "string" && currentPageUrl.length > 0) try {
+		if (new URL(currentPageUrl).origin === parsed.parsedEndpoint.origin) return null;
+	} catch {}
+	return `Blocked: endpoint "${endpoint}" resolves to a private/reserved address`;
+}
+function createPreview(text, maxChars) {
+	if (text.length <= maxChars) return {
+		preview: text,
+		truncated: false,
+		totalLength: text.length
+	};
+	return {
+		preview: `${text.slice(0, maxChars)}\n... (truncated)`,
+		truncated: true,
+		totalLength: text.length
+	};
+}
+function serializeForPreview(value, maxChars) {
+	let serialized;
+	if (typeof value === "string") serialized = value;
+	else try {
+		serialized = JSON.stringify(value, null, 2);
+	} catch {
+		serialized = String(value);
+	}
+	return createPreview(serialized, maxChars);
+}
+function parseMatchType(value) {
+	if (value === "exact" || value === "contains" || value === "regex") return value;
+	return "contains";
+}
+function generateRuleId() {
+	return `script_rule_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
+}
+function isRequestInterceptHandled(request) {
+	if (typeof request.isInterceptResolutionHandled !== "function") return false;
+	try {
+		return request.isInterceptResolutionHandled();
+	} catch {
+		return false;
+	}
+}
+async function continueRequest(request) {
+	if (isRequestInterceptHandled(request)) return;
+	try {
+		await request.continue();
+	} catch {}
+}
+function ruleMatchesUrl(rule, targetUrl) {
+	if (rule.matchType === "exact") return targetUrl === rule.url;
+	if (rule.matchType === "contains") return targetUrl.includes(rule.url);
+	try {
+		return new RegExp(rule.url).test(targetUrl);
+	} catch {
+		return false;
+	}
+}
+function findMatchingRule(rules, url) {
+	for (let index = rules.length - 1; index >= 0; index -= 1) {
+		const rule = rules[index];
+		if (rule && ruleMatchesUrl(rule, url)) return rule;
+	}
+	return null;
+}
+async function handleInterceptedRequest(rules, request) {
+	if (isRequestInterceptHandled(request)) return;
+	if (request.resourceType() !== "script") {
+		await continueRequest(request);
+		return;
+	}
+	const matchedRule = findMatchingRule(rules, request.url());
+	if (!matchedRule) {
+		await continueRequest(request);
+		return;
+	}
+	matchedRule.hits += 1;
+	try {
+		await request.respond({
+			status: 200,
+			contentType: "application/javascript; charset=utf-8",
+			headers: {
+				"cache-control": "no-store",
+				"x-script-replaced-by": "script_replace_persist"
+			},
+			body: matchedRule.replacement
+		});
+	} catch {
+		await continueRequest(request);
+	}
+}
+async function ensureScriptInterception(rules, installedPages, page) {
+	if (installedPages.has(page)) return;
+	await page.setRequestInterception(true);
+	const listener = (request) => {
+		handleInterceptedRequest(rules, request);
+	};
+	const eventHost = page;
+	if (typeof eventHost.prependListener === "function") eventHost.prependListener("request", listener);
+	else eventHost.on("request", listener);
+	installedPages.add(page);
+}
+//#endregion
+//#region src/server/domains/graphql/handlers.impl.core.runtime.shared.ts
+const INTROSPECTION_QUERY = `
+query IntrospectionQuery {
+  __schema {
+    queryType { name }
+    mutationType { name }
+    subscriptionType { name }
+    types { ...FullType }
+    directives {
+      name
+      description
+      locations
+      args(includeDeprecated: true) { ...InputValue }
+    }
+  }
+}
+fragment FullType on __Type {
+  kind
+  name
+  description
+  fields(includeDeprecated: true) {
+    name
+    description
+    args(includeDeprecated: true) { ...InputValue }
+    type { ...TypeRef }
+    isDeprecated
+    deprecationReason
+  }
+  inputFields(includeDeprecated: true) { ...InputValue }
+  interfaces { ...TypeRef }
+  enumValues(includeDeprecated: true) {
+    name
+    description
+    isDeprecated
+    deprecationReason
+  }
+  possibleTypes { ...TypeRef }
+}
+fragment InputValue on __InputValue {
+  name
+  description
+  type { ...TypeRef }
+  defaultValue
+  isDeprecated
+  deprecationReason
+}
+fragment TypeRef on __Type {
+  kind
+  name
+  ofType {
+    kind
+    name
+    ofType {
+      kind
+      name
+      ofType {
+        kind
+        name
+        ofType {
+          kind
+          name
+          ofType {
+            kind
+            name
+            ofType {
+              kind
+              name
+              ofType {
+                kind
+                name
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
+`.trim();
+//#endregion
+//#region src/server/domains/graphql/handlers/callgraph.ts
+var CallGraphHandlers = class {
+	constructor(collector) {
+		this.collector = collector;
+	}
+	async handleCallGraphAnalyze(args) {
+		try {
+			const maxDepth = parseClampedNumber(args, "maxDepth", 5, 1, 20);
+			const filterPattern = argString(args, "filterPattern")?.trim() || "";
+			if (filterPattern) try {
+				RegExp(filterPattern);
+			} catch (error) {
+				return toError("Invalid filterPattern regex", {
+					filterPattern,
+					reason: error instanceof Error ? error.message : String(error)
+				});
+			}
+			const result = await evaluateWithTimeout(await this.collector.getActivePage(), ({ maxDepth: depth, filterPattern: filter }) => {
+				const globalScope = window;
+				const edgeMap = /* @__PURE__ */ new Map();
+				const nodeMap = /* @__PURE__ */ new Map();
+				let scannedRecords = 0;
+				let acceptedRecords = 0;
+				const filterRegex = filter ? new RegExp(filter) : null;
+				const matchesFilter = (name) => {
+					if (!filterRegex) return true;
+					filterRegex.lastIndex = 0;
+					return filterRegex.test(name);
+				};
+				const includeEdge = (source, target) => {
+					if (!filterRegex) return true;
+					return matchesFilter(source) || matchesFilter(target);
+				};
+				const incrementNode = (name, by = 1) => {
+					const existing = nodeMap.get(name);
+					if (existing) {
+						existing.callCount += by;
+						return;
+					}
+					nodeMap.set(name, {
+						id: name,
+						name,
+						callCount: by
+					});
+				};
+				const addEdge = (sourceRaw, targetRaw) => {
+					const source = typeof sourceRaw === "string" ? sourceRaw.trim() || "" : "";
+					const target = typeof targetRaw === "string" ? targetRaw.trim() || "" : "";
+					if (!source || !target || source === target) return;
+					if (!includeEdge(source, target)) return;
+					const key = `${source}__->__${target}`;
+					const existing = edgeMap.get(key);
+					if (existing) existing.count += 1;
+					else edgeMap.set(key, {
+						source,
+						target,
+						count: 1
+					});
+					incrementNode(source, 1);
+					incrementNode(target, 1);
+				};
+				const processRecord = (record, fallbackName) => {
+					scannedRecords += 1;
+					const calleeRaw = record.callee ?? record.functionName ?? record.fn ?? record.name ?? record.method ?? record.target ?? fallbackName;
+					const callee = typeof calleeRaw === "string" ? calleeRaw.trim() || fallbackName : fallbackName;
+					const callerRaw = record.caller ?? record.parent ?? record.from ?? "";
+					const caller = typeof callerRaw === "string" ? callerRaw.trim() || "" : "";
+					let used = false;
+					if (caller && callee) {
+						addEdge(caller, callee);
+						used = true;
+					}
+					const stackValue = record.stack ?? record.stackTrace ?? record.trace;
+					const frames = typeof stackValue === "string" && stackValue.trim().length > 0 ? stackValue.split("\n").map((line) => line.trim()).filter((line) => line.length > 0).map((line) => {
+						const atMatch = line.match(/at\s+([^(<\s]+)/);
+						if (atMatch?.[1]) return atMatch[1];
+						const atFileMatch = line.match(/^([^(<\s]+)@/);
+						if (atFileMatch?.[1]) return atFileMatch[1];
+						return "";
+					}).filter((name) => name.length > 0) : [];
+					if (frames.length > 1) {
+						const depthLimit = Math.min(depth, frames.length - 1);
+						for (let index = 0; index < depthLimit; index += 1) addEdge(frames[index + 1], frames[index]);
+						used = true;
+					} else if (frames.length === 1 && callee && frames[0] !== callee) {
+						addEdge(frames[0], callee);
+						used = true;
+					}
+					if (used) acceptedRecords += 1;
+				};
+				const aiHooks = globalScope.__aiHooks;
+				if (aiHooks && typeof aiHooks === "object") for (const [hookName, hookRecords] of Object.entries(aiHooks)) {
+					if (!Array.isArray(hookRecords)) continue;
+					for (const entry of hookRecords) if (entry && typeof entry === "object") processRecord(entry, hookName);
+				}
+				for (const key of [
+					"__functionTraceRecords",
+					"__functionTracerRecords",
+					"__functionCalls",
+					"__callTrace",
+					"__traceCalls"
+				]) {
+					const records = globalScope[key];
+					if (!Array.isArray(records)) continue;
+					for (const entry of records) if (entry && typeof entry === "object") processRecord(entry, key);
+				}
+				const functionTracer = globalScope.__functionTracer;
+				if (functionTracer && typeof functionTracer === "object") {
+					const records = functionTracer.records;
+					if (Array.isArray(records)) {
+						for (const entry of records) if (entry && typeof entry === "object") processRecord(entry, "functionTracer.records");
+					}
+				}
+				const nodes = Array.from(nodeMap.values()).toSorted((left, right) => right.callCount - left.callCount);
+				const edges = Array.from(edgeMap.values()).toSorted((left, right) => right.count - left.count);
+				return {
+					nodes,
+					edges,
+					stats: {
+						scannedRecords,
+						acceptedRecords,
+						nodeCount: nodes.length,
+						edgeCount: edges.length,
+						maxDepth: depth,
+						filterPattern: filter || null
+					}
+				};
+			}, {
+				maxDepth,
+				filterPattern
+			});
+			const nodesTruncated = result.nodes.length > GRAPHQL_MAX_GRAPH_NODES;
+			const edgesTruncated = result.edges.length > GRAPHQL_MAX_GRAPH_EDGES;
+			return toResponse({
+				success: true,
+				nodes: result.nodes.slice(0, GRAPHQL_MAX_GRAPH_NODES),
+				edges: result.edges.slice(0, GRAPHQL_MAX_GRAPH_EDGES),
+				stats: {
+					...result.stats,
+					nodesReturned: Math.min(result.nodes.length, GRAPHQL_MAX_GRAPH_NODES),
+					edgesReturned: Math.min(result.edges.length, GRAPHQL_MAX_GRAPH_EDGES),
+					nodesTruncated,
+					edgesTruncated
+				}
+			});
+		} catch (error) {
+			return toError(error);
+		}
+	}
+};
+//#endregion
+//#region src/server/domains/graphql/handlers/script-replace.ts
+var ScriptReplaceHandlers = class {
+	scriptReplaceRules = [];
+	interceptionInstalledPages = /* @__PURE__ */ new WeakSet();
+	constructor(collector) {
+		this.collector = collector;
+	}
+	async handleScriptReplacePersist(args) {
+		try {
+			const url = argString(args, "url")?.trim();
+			const replacement = argString(args, "replacement");
+			const matchType = parseMatchType(args.matchType);
+			if (!url) return toError("Missing required argument: url");
+			if (typeof replacement !== "string" || replacement.length === 0) return toError("Missing required argument: replacement");
+			if (matchType === "regex") try {
+				RegExp(url);
+			} catch (error) {
+				return toError("Invalid regex in url for matchType=regex", {
+					url,
+					reason: getErrorMessage(error)
+				});
+			}
+			const page = await this.collector.getActivePage();
+			const rule = {
+				id: generateRuleId(),
+				url,
+				replacement,
+				matchType,
+				createdAt: Date.now(),
+				hits: 0
+			};
+			this.scriptReplaceRules.push(rule);
+			await ensureScriptInterception(this.scriptReplaceRules, this.interceptionInstalledPages, page);
+			await page.evaluateOnNewDocument((payload) => {
+				const runtimeWindow = window;
+				const key = "__scriptReplacePersistRules";
+				const filtered = (Array.isArray(runtimeWindow[key]) ? runtimeWindow[key] : []).filter((entry) => entry && entry.id !== payload.id);
+				filtered.push(payload);
+				runtimeWindow[key] = filtered;
+			}, {
+				id: rule.id,
+				url: rule.url,
+				matchType: rule.matchType,
+				createdAt: rule.createdAt
+			});
+			const replacementPreview = createPreview(replacement, GRAPHQL_MAX_PREVIEW_CHARS);
+			return toResponse({
+				success: true,
+				message: "Script replacement rule registered and interception enabled",
+				rule: {
+					id: rule.id,
+					url: rule.url,
+					matchType: rule.matchType,
+					createdAt: rule.createdAt
+				},
+				replacement: {
+					length: replacement.length,
+					preview: replacementPreview.preview,
+					truncated: replacementPreview.truncated
+				},
+				activeRuleCount: this.scriptReplaceRules.length
+			});
+		} catch (error) {
+			return toError(error);
+		}
+	}
+};
+//#endregion
+//#region src/server/domains/graphql/handlers/introspection.ts
+var IntrospectionHandlers = class {
+	constructor(collector) {
+		this.collector = collector;
+	}
+	async handleGraphqlIntrospect(args) {
+		try {
+			const endpoint = argString(args, "endpoint")?.trim();
+			if (!endpoint) return toError("Missing required argument: endpoint");
+			const headers = normalizeHeaders(args.headers);
+			if (argBool(args, "useBrowser", true)) {
+				const page = await this.collector.getActivePage();
+				const endpointValidationError = await validateBrowserEndpoint(endpoint, typeof page.url === "function" ? page.url() : null);
+				if (endpointValidationError) return toError(endpointValidationError);
+				return await this.introspectViaBrowser(page, endpoint, headers);
+			}
+			const endpointValidationError = await validateExternalEndpoint(endpoint);
+			if (endpointValidationError) return toError(endpointValidationError);
+			return await this.introspectViaNode(endpoint, headers);
+		} catch (error) {
+			return toError(error);
+		}
+	}
+	async introspectViaNode(endpoint, headers) {
+		const requestHeaders = {
+			"content-type": "application/json",
+			...headers
+		};
+		let response;
+		let responseText;
+		try {
+			const ac = new AbortController();
+			const t = setTimeout(() => ac.abort(), 1e4);
+			try {
+				response = await fetch(endpoint, {
+					method: "POST",
+					headers: requestHeaders,
+					body: JSON.stringify({
+						query: INTROSPECTION_QUERY,
+						operationName: "IntrospectionQuery"
+					}),
+					signal: ac.signal
+				});
+				responseText = await response.text();
+			} finally {
+				clearTimeout(t);
+			}
+		} catch (error) {
+			return toResponse({
+				success: false,
+				endpoint,
+				status: 0,
+				statusText: "FETCH_ERROR",
+				error: error instanceof Error ? error.message : String(error)
+			});
+		}
+		const responseHeaders = {};
+		response.headers.forEach((value, key) => {
+			responseHeaders[key] = value;
+		});
+		let json = null;
+		try {
+			json = JSON.parse(responseText);
+		} catch {}
+		responseText = "";
+		if (!response.ok && !json) return toResponse({
+			success: false,
+			endpoint,
+			status: response.status,
+			statusText: response.statusText,
+			error: "Introspection request failed"
+		});
+		const jsonRecord = json && typeof json === "object" ? json : null;
+		const schemaPayload = jsonRecord && "data" in jsonRecord ? jsonRecord.data : json;
+		const schemaPreviewPayload = json !== null && json !== void 0 && typeof schemaPayload !== "undefined" ? serializeForPreview(schemaPayload, GRAPHQL_MAX_SCHEMA_CHARS) : {
+			preview: "",
+			truncated: false,
+			totalLength: 0
+		};
+		const payload = {
+			success: response.ok,
+			endpoint,
+			status: response.status,
+			statusText: response.statusText,
+			schemaLength: schemaPreviewPayload.totalLength,
+			schemaPreview: schemaPreviewPayload.preview,
+			schemaTruncated: schemaPreviewPayload.truncated,
+			responseHeaders
+		};
+		if (!schemaPreviewPayload.truncated) payload.schema = schemaPayload;
+		if (jsonRecord && Array.isArray(jsonRecord.errors)) payload.errors = jsonRecord.errors;
+		return toResponse(payload);
+	}
+	async introspectViaBrowser(page, endpoint, headers) {
+		const browserResult = await evaluateWithTimeout(page, async (input) => {
+			const requestHeaders = {
+				"content-type": "application/json",
+				...input.headers
+			};
+			try {
+				const ac = new AbortController();
+				const t = setTimeout(() => ac.abort(), 1e4);
+				let responseText;
+				let response;
+				try {
+					response = await fetch(input.endpoint, {
+						method: "POST",
+						headers: requestHeaders,
+						body: JSON.stringify({
+							query: input.query,
+							operationName: "IntrospectionQuery"
+						}),
+						signal: ac.signal
+					});
+					responseText = await response.text();
+				} finally {
+					clearTimeout(t);
+				}
+				const responseHeaders = {};
+				response.headers.forEach((value, key) => {
+					responseHeaders[key] = value;
+				});
+				const totalLength = responseText.length;
+				let json = null;
+				try {
+					json = JSON.parse(responseText);
+				} catch {}
+				const preview = json === null ? responseText : "";
+				responseText = "";
+				return {
+					ok: response.ok,
+					status: response.status,
+					statusText: response.statusText,
+					responseHeaders,
+					totalLength,
+					preview,
+					truncated: false,
+					json
+				};
+			} catch (error) {
+				return {
+					ok: false,
+					status: 0,
+					statusText: "FETCH_ERROR",
+					responseHeaders: {},
+					totalLength: 0,
+					preview: "",
+					truncated: false,
+					json: null,
+					error: error instanceof Error ? error.message : String(error)
+				};
+			}
+		}, {
+			endpoint,
+			headers,
+			query: INTROSPECTION_QUERY,
+			maxSchemaChars: GRAPHQL_MAX_SCHEMA_CHARS
+		});
+		if (!browserResult.ok && !browserResult.json) return toResponse({
+			success: false,
+			endpoint,
+			status: browserResult.status,
+			statusText: browserResult.statusText,
+			error: browserResult.error ?? "Introspection request failed",
+			responsePreview: createPreview(browserResult.preview || "", GRAPHQL_MAX_PREVIEW_CHARS)
+		});
+		const jsonRecord = browserResult.json && typeof browserResult.json === "object" ? browserResult.json : null;
+		const schemaPayload = jsonRecord && "data" in jsonRecord ? jsonRecord.data : browserResult.json;
+		const schemaPreviewPayload = browserResult.json !== null && browserResult.json !== void 0 && typeof schemaPayload !== "undefined" ? serializeForPreview(schemaPayload, GRAPHQL_MAX_SCHEMA_CHARS) : {
+			preview: browserResult.preview ?? "",
+			truncated: browserResult.truncated ?? false,
+			totalLength: browserResult.totalLength ?? 0
+		};
+		const payload = {
+			success: browserResult.ok,
+			endpoint,
+			status: browserResult.status,
+			statusText: browserResult.statusText,
+			schemaLength: schemaPreviewPayload.totalLength,
+			schemaPreview: schemaPreviewPayload.preview,
+			schemaTruncated: schemaPreviewPayload.truncated,
+			responseHeaders: browserResult.responseHeaders ?? {}
+		};
+		if (!schemaPreviewPayload.truncated) payload.schema = schemaPayload;
+		if (jsonRecord && Array.isArray(jsonRecord.errors)) payload.errors = jsonRecord.errors;
+		if (browserResult.error) payload.error = browserResult.error;
+		return toResponse(payload);
+	}
+};
+//#endregion
+//#region src/server/domains/graphql/handlers/extract.ts
+function isRecord(value) {
+	return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function appendGraphQLPayload(extracted, payload, metadata) {
+	if (!payload) return;
+	const queryRaw = payload.query;
+	if (typeof queryRaw !== "string" || queryRaw.trim().length === 0) return;
+	const operationNameRaw = payload.operationName;
+	const operationName = typeof operationNameRaw === "string" && operationNameRaw.trim().length > 0 ? operationNameRaw : queryRaw.match(/^\s*(query|mutation|subscription)\s+([A-Za-z0-9_]+)/)?.[2] ?? null;
+	extracted.push({
+		source: metadata.source,
+		url: metadata.url,
+		method: metadata.method,
+		operationName,
+		query: queryRaw,
+		variables: payload.variables ?? null,
+		timestamp: metadata.timestamp,
+		contentType: metadata.contentType
+	});
+}
+function parseBodyStringToPayload(rawBody) {
+	const trimmed = rawBody.trim();
+	if (!trimmed) return null;
+	try {
+		const parsed = JSON.parse(trimmed);
+		if (isRecord(parsed)) return parsed;
+	} catch {}
+	if (trimmed.includes("query=")) try {
+		const params = new URLSearchParams(trimmed);
+		const query = params.get("query");
+		if (query) {
+			const operationName = params.get("operationName");
+			const variablesRaw = params.get("variables");
+			let variables = null;
+			if (variablesRaw) try {
+				variables = JSON.parse(variablesRaw);
+			} catch {
+				variables = variablesRaw;
+			}
+			return {
+				query,
+				operationName,
+				variables
+			};
+		}
+	} catch {}
+	if (trimmed.startsWith("query ") || trimmed.startsWith("mutation ") || trimmed.startsWith("subscription ")) return { query: trimmed };
+	return null;
+}
+function getRequestHeaders(record) {
+	if (isRecord(record.headers)) return record.headers;
+	if (isRecord(record.requestHeaders)) return record.requestHeaders;
+	return {};
+}
+function getContentType(record) {
+	const headers = getRequestHeaders(record);
+	for (const [key, value] of Object.entries(headers)) if (key.toLowerCase() === "content-type") return typeof value === "string" ? value.toLowerCase() : String(value).toLowerCase();
+	return "";
+}
+function getBodyCandidates(record) {
+	const candidates = [record.body, record.postData];
+	if (isRecord(record.options)) candidates.push(record.options.body);
+	if (isRecord(record.request)) candidates.push(record.request.postData);
+	return candidates;
+}
+function extractQueriesFromRecords(records, source) {
+	const state = {
+		scannedRecords: 0,
+		extracted: []
+	};
+	if (!Array.isArray(records)) return state;
+	for (const item of records) {
+		if (!isRecord(item)) continue;
+		state.scannedRecords += 1;
+		const url = typeof item.url === "string" ? item.url : "";
+		const method = typeof item.method === "string" ? item.method : "POST";
+		const timestamp = typeof item.timestamp === "number" ? item.timestamp : null;
+		const contentType = getContentType(item);
+		for (const bodyCandidate of getBodyCandidates(item)) {
+			let payload = null;
+			if (isRecord(bodyCandidate)) payload = bodyCandidate;
+			else if (typeof bodyCandidate === "string") payload = parseBodyStringToPayload(bodyCandidate);
+			appendGraphQLPayload(state.extracted, payload, {
+				source,
+				url,
+				method,
+				timestamp,
+				contentType
+			});
+		}
+		if (contentType.includes("application/graphql") && typeof item.body === "string") appendGraphQLPayload(state.extracted, {
+			query: item.body,
+			variables: null,
+			operationName: null
+		}, {
+			source,
+			url,
+			method,
+			timestamp,
+			contentType
+		});
+	}
+	return state;
+}
+function dedupeExtractedQueries(items) {
+	const sorted = items.toSorted((left, right) => (right.timestamp ?? 0) - (left.timestamp ?? 0));
+	const deduped = [];
+	const seen = /* @__PURE__ */ new Set();
+	for (const item of sorted) {
+		const key = `${item.url}|${item.operationName ?? ""}|${item.query}|${JSON.stringify(item.variables)}`;
+		if (seen.has(key)) continue;
+		seen.add(key);
+		deduped.push(item);
+	}
+	return deduped;
+}
+var ExtractHandlers = class {
+	deps;
+	constructor(deps) {
+		this.deps = "collector" in deps ? deps : { collector: deps };
+	}
+	async handleGraphqlExtractQueries(args) {
+		try {
+			const limit = parseClampedNumber(args, "limit", 50, 1, 200);
+			const pageExtraction = await evaluateWithTimeout(await this.deps.collector.getActivePage(), (maxItems) => {
+				const globalScope = window;
+				const extracted = [];
+				let scannedRecords = 0;
+				const pushIfGraphQL = (payload, metadata) => {
+					if (!payload) return;
+					const queryRaw = payload.query;
+					if (typeof queryRaw !== "string" || queryRaw.trim().length === 0) return;
+					const operationNameRaw = payload.operationName;
+					const operationName = typeof operationNameRaw === "string" && operationNameRaw.trim().length > 0 ? operationNameRaw : queryRaw.match(/^\s*(query|mutation|subscription)\s+([A-Za-z0-9_]+)/)?.[2] ?? null;
+					extracted.push({
+						source: metadata.source,
+						url: metadata.url,
+						method: metadata.method,
+						operationName,
+						query: queryRaw,
+						variables: payload.variables ?? null,
+						timestamp: metadata.timestamp,
+						contentType: metadata.contentType
+					});
+				};
+				const parseStringBody = (trimmed) => {
+					if (!trimmed) return null;
+					try {
+						const parsed = JSON.parse(trimmed);
+						if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) return parsed;
+					} catch {}
+					if (trimmed.includes("query=")) try {
+						const params = new URLSearchParams(trimmed);
+						const query = params.get("query");
+						if (query) {
+							const operationName = params.get("operationName");
+							const variablesRaw = params.get("variables");
+							let variables = null;
+							if (variablesRaw) try {
+								variables = JSON.parse(variablesRaw);
+							} catch {
+								variables = variablesRaw;
+							}
+							return {
+								query,
+								operationName,
+								variables
+							};
+						}
+					} catch {}
+					if (trimmed.startsWith("query ") || trimmed.startsWith("mutation ") || trimmed.startsWith("subscription ")) return { query: trimmed };
+					return null;
+				};
+				const processRequestRecord = (record, source) => {
+					scannedRecords += 1;
+					const url = typeof record.url === "string" ? record.url : "";
+					const method = typeof record.method === "string" ? record.method : "POST";
+					const timestamp = typeof record.timestamp === "number" ? record.timestamp : null;
+					const headers = (record.headers && typeof record.headers === "object" && !Array.isArray(record.headers) ? record.headers : null) ?? (record.requestHeaders && typeof record.requestHeaders === "object" && !Array.isArray(record.requestHeaders) ? record.requestHeaders : null) ?? {};
+					let contentType = "";
+					for (const [key, value] of Object.entries(headers)) if (key.toLowerCase() === "content-type") {
+						contentType = typeof value === "string" ? value : String(value);
+						break;
+					}
+					contentType = contentType.toLowerCase();
+					const bodyCandidates = [record.body, record.postData];
+					if (record.options && typeof record.options === "object" && !Array.isArray(record.options)) bodyCandidates.push(record.options.body);
+					for (const bodyCandidate of bodyCandidates) {
+						let payload = null;
+						if (bodyCandidate && typeof bodyCandidate === "object" && !Array.isArray(bodyCandidate)) payload = bodyCandidate;
+						else if (typeof bodyCandidate === "string") payload = parseStringBody(bodyCandidate);
+						pushIfGraphQL(payload, {
+							source,
+							url,
+							method,
+							timestamp,
+							contentType
+						});
+					}
+					if (contentType.includes("application/graphql") && typeof record.body === "string") pushIfGraphQL({
+						query: record.body,
+						variables: null,
+						operationName: null
+					}, {
+						source,
+						url,
+						method,
+						timestamp,
+						contentType
+					});
+				};
+				const processArray = (value, source) => {
+					if (!Array.isArray(value)) return;
+					for (const item of value) if (item && typeof item === "object") processRequestRecord(item, source);
+				};
+				const fetchRequests = Array.isArray(globalScope.__fetchRequests) ? globalScope.__fetchRequests : typeof globalScope.__getFetchRequests === "function" ? globalScope.__getFetchRequests() : void 0;
+				const xhrRequests = Array.isArray(globalScope.__xhrRequests) ? globalScope.__xhrRequests : typeof globalScope.__getXHRRequests === "function" ? globalScope.__getXHRRequests() : void 0;
+				processArray(fetchRequests, "window.__fetchRequests");
+				processArray(xhrRequests, "window.__xhrRequests");
+				processArray(globalScope.__networkRequests, "window.__networkRequests");
+				const aiHooks = globalScope.__aiHooks;
+				if (aiHooks && typeof aiHooks === "object") for (const [hookName, hookRecords] of Object.entries(aiHooks)) {
+					if (!Array.isArray(hookRecords)) continue;
+					for (const entry of hookRecords) if (entry && typeof entry === "object") processRequestRecord(entry, `window.__aiHooks.${hookName}`);
+				}
+				extracted.sort((left, right) => (right.timestamp ?? 0) - (left.timestamp ?? 0));
+				const deduped = [];
+				const seen = /* @__PURE__ */ new Set();
+				for (const item of extracted) {
+					const key = `${item.url}|${item.operationName ?? ""}|${item.query}|${JSON.stringify(item.variables)}`;
+					if (!seen.has(key)) {
+						seen.add(key);
+						deduped.push(item);
+					}
+				}
+				return {
+					scannedRecords,
+					totalExtracted: deduped.length,
+					extracted: deduped.slice(0, maxItems)
+				};
+			}, limit);
+			let scannedRecords = pageExtraction.scannedRecords;
+			const combinedExtracted = [...pageExtraction.extracted];
+			if (this.deps.consoleMonitor) {
+				const fetchRequestsPromise = typeof this.deps.consoleMonitor.getFetchRequests === "function" ? this.deps.consoleMonitor.getFetchRequests().catch(() => []) : Promise.resolve([]);
+				const xhrRequestsPromise = typeof this.deps.consoleMonitor.getXHRRequests === "function" ? this.deps.consoleMonitor.getXHRRequests().catch(() => []) : Promise.resolve([]);
+				const [fetchRequests, xhrRequests] = await Promise.all([fetchRequestsPromise, xhrRequestsPromise]);
+				let networkRequests = [];
+				try {
+					networkRequests = typeof this.deps.consoleMonitor.getNetworkRequests === "function" ? this.deps.consoleMonitor.getNetworkRequests({ limit: 500 }) : [];
+				} catch {
+					networkRequests = [];
+				}
+				const fallbackExtractions = [
+					extractQueriesFromRecords(fetchRequests, "consoleMonitor.fetchRequests"),
+					extractQueriesFromRecords(xhrRequests, "consoleMonitor.xhrRequests"),
+					extractQueriesFromRecords(networkRequests, "consoleMonitor.networkRequests")
+				];
+				for (const fallback of fallbackExtractions) {
+					scannedRecords += fallback.scannedRecords;
+					combinedExtracted.push(...fallback.extracted);
+				}
+			}
+			const dedupedExtracted = dedupeExtractedQueries(combinedExtracted);
+			const totalExtracted = Math.max(pageExtraction.totalExtracted, dedupedExtracted.length);
+			const queries = dedupedExtracted.slice(0, limit).map((item, index) => {
+				const queryPreview = createPreview(item.query, GRAPHQL_MAX_QUERY_CHARS);
+				const variablesPreview = serializeForPreview(item.variables, GRAPHQL_MAX_PREVIEW_CHARS);
+				const normalized = {
+					index,
+					source: item.source,
+					url: item.url,
+					method: item.method,
+					operationName: item.operationName,
+					contentType: item.contentType,
+					timestamp: item.timestamp,
+					queryLength: item.query.length,
+					queryPreview: queryPreview.preview,
+					queryTruncated: queryPreview.truncated
+				};
+				if (!queryPreview.truncated) normalized.query = item.query;
+				if (!variablesPreview.truncated) normalized.variables = item.variables;
+				else {
+					normalized.variablesPreview = variablesPreview.preview;
+					normalized.variablesTruncated = true;
+				}
+				return normalized;
+			});
+			return toResponse({
+				success: true,
+				limit,
+				stats: {
+					scannedRecords,
+					totalExtracted,
+					returned: queries.length
+				},
+				queries
+			});
+		} catch (error) {
+			return toError(error);
+		}
+	}
+};
+//#endregion
+//#region src/server/domains/graphql/handlers/replay.ts
+var ReplayHandlers = class {
+	constructor(collector) {
+		this.collector = collector;
+	}
+	async handleGraphqlReplay(args) {
+		try {
+			const endpoint = argString(args, "endpoint")?.trim();
+			const query = argString(args, "query");
+			if (!endpoint) return toError("Missing required argument: endpoint");
+			if (typeof query !== "string" || query.trim().length === 0) return toError("Missing required argument: query");
+			const variables = argObject(args, "variables") ?? {};
+			const operationNameRaw = argString(args, "operationName");
+			const operationName = operationNameRaw && operationNameRaw.trim().length > 0 ? operationNameRaw.trim() : null;
+			const headers = normalizeHeaders(args.headers);
+			if (argBool(args, "useBrowser", true)) {
+				const page = await this.collector.getActivePage();
+				const endpointValidationError = await validateBrowserEndpoint(endpoint, typeof page.url === "function" ? page.url() : null);
+				if (endpointValidationError) return toError(endpointValidationError);
+				return await this.replayViaBrowser(page, endpoint, query, variables, operationName, headers);
+			}
+			const endpointValidationError = await validateExternalEndpoint(endpoint);
+			if (endpointValidationError) return toError(endpointValidationError);
+			return await this.replayViaNode(endpoint, query, variables, operationName, headers);
+		} catch (error) {
+			return toError(error);
+		}
+	}
+	async replayViaNode(endpoint, query, variables, operationName, headers) {
+		const requestHeaders = {
+			"content-type": "application/json",
+			...headers
+		};
+		let response;
+		let responseText;
+		try {
+			const ac = new AbortController();
+			const t = setTimeout(() => ac.abort(), 1e4);
+			try {
+				response = await fetch(endpoint, {
+					method: "POST",
+					headers: requestHeaders,
+					body: JSON.stringify({
+						query,
+						variables,
+						operationName
+					}),
+					signal: ac.signal
+				});
+				responseText = await response.text();
+			} finally {
+				clearTimeout(t);
+			}
+		} catch (error) {
+			return toResponse({
+				success: false,
+				endpoint,
+				status: 0,
+				statusText: "FETCH_ERROR",
+				error: error instanceof Error ? error.message : String(error),
+				operationName
+			});
+		}
+		const responseHeaders = {};
+		response.headers.forEach((value, key) => {
+			responseHeaders[key] = value;
+		});
+		let responseJson = null;
+		try {
+			responseJson = JSON.parse(responseText);
+		} catch {
+			responseJson = null;
+		}
+		responseText = "";
+		return toResponse(buildReplayPayloadFromJson(responseJson, endpoint, operationName, response.ok, response.status, response.statusText, responseHeaders));
+	}
+	async replayViaBrowser(page, endpoint, query, variables, operationName, headers) {
+		const browserResult = await evaluateWithTimeout(page, async (input) => {
+			const requestHeaders = {
+				"content-type": "application/json",
+				...input.headers
+			};
+			try {
+				const ac = new AbortController();
+				const t = setTimeout(() => ac.abort(), 1e4);
+				let responseText;
+				let response;
+				try {
+					response = await fetch(input.endpoint, {
+						method: "POST",
+						headers: requestHeaders,
+						body: JSON.stringify({
+							query: input.query,
+							variables: input.variables,
+							operationName: input.operationName
+						}),
+						signal: ac.signal
+					});
+					responseText = await response.text();
+				} finally {
+					clearTimeout(t);
+				}
+				let responseJson = null;
+				try {
+					responseJson = JSON.parse(responseText);
+				} catch {
+					responseJson = null;
+				}
+				const rawText = responseJson === null ? responseText : "";
+				responseText = "";
+				const responseHeaders = {};
+				response.headers.forEach((value, key) => {
+					responseHeaders[key] = value;
+				});
+				return {
+					ok: response.ok,
+					status: response.status,
+					statusText: response.statusText,
+					responseText: rawText,
+					responseJson,
+					responseHeaders
+				};
+			} catch (error) {
+				return {
+					ok: false,
+					status: 0,
+					statusText: "FETCH_ERROR",
+					responseText: "",
+					responseJson: null,
+					error: error instanceof Error ? error.message : String(error)
+				};
+			}
+		}, {
+			endpoint,
+			query,
+			variables,
+			operationName,
+			headers
+		});
+		const payload = {
+			success: browserResult.ok,
+			endpoint,
+			status: browserResult.status,
+			statusText: browserResult.statusText,
+			operationName,
+			responseHeaders: browserResult.responseHeaders ?? {}
+		};
+		if (browserResult.responseJson !== null) {
+			const responsePreview = serializeForPreview(browserResult.responseJson, GRAPHQL_MAX_SCHEMA_CHARS);
+			payload.responseLength = responsePreview.totalLength;
+			payload.responsePreview = responsePreview.preview;
+			payload.responseTruncated = responsePreview.truncated;
+			if (!responsePreview.truncated) payload.response = browserResult.responseJson;
+		} else if (browserResult.responseText) {
+			const text = browserResult.responseText;
+			payload.responseFormat = "text";
+			payload.responseLength = text.length;
+			payload.responsePreview = text.length > GRAPHQL_MAX_SCHEMA_CHARS ? text.slice(0, GRAPHQL_MAX_SCHEMA_CHARS) : text;
+			payload.responseTruncated = text.length > GRAPHQL_MAX_SCHEMA_CHARS;
+		}
+		if (browserResult.error) payload.error = browserResult.error;
+		return toResponse(payload);
+	}
+};
+function buildReplayPayloadFromJson(responseJson, endpoint, operationName, ok, status, statusText, responseHeaders) {
+	const payload = {
+		success: ok,
+		endpoint,
+		status,
+		statusText,
+		operationName,
+		responseHeaders
+	};
+	if (responseJson !== null) {
+		const responsePreview = serializeForPreview(responseJson, GRAPHQL_MAX_SCHEMA_CHARS);
+		payload.responseLength = responsePreview.totalLength;
+		payload.responsePreview = responsePreview.preview;
+		payload.responseTruncated = responsePreview.truncated;
+		if (!responsePreview.truncated) payload.response = responseJson;
+	}
+	return payload;
+}
+//#endregion
+//#region src/server/domains/graphql/handlers.impl.ts
+function normalizeDependencies(deps) {
+	return "collector" in deps ? deps : { collector: deps };
+}
+var GraphQLToolHandlers = class {
+	callGraph;
+	scriptReplace;
+	introspection;
+	extract;
+	replay;
+	constructor(deps) {
+		const normalized = normalizeDependencies(deps);
+		this.callGraph = new CallGraphHandlers(normalized.collector);
+		this.scriptReplace = new ScriptReplaceHandlers(normalized.collector);
+		this.introspection = new IntrospectionHandlers(normalized.collector);
+		this.extract = new ExtractHandlers(normalized);
+		this.replay = new ReplayHandlers(normalized.collector);
+	}
+	async handleCallGraphAnalyze(args) {
+		return this.callGraph.handleCallGraphAnalyze(args);
+	}
+	async handleScriptReplacePersist(args) {
+		return this.scriptReplace.handleScriptReplacePersist(args);
+	}
+	async handleGraphqlIntrospect(args) {
+		return this.introspection.handleGraphqlIntrospect(args);
+	}
+	async handleGraphqlExtractQueries(args) {
+		return this.extract.handleGraphqlExtractQueries(args);
+	}
+	async handleGraphqlReplay(args) {
+		return this.replay.handleGraphqlReplay(args);
+	}
+};
+//#endregion
+export { GraphQLToolHandlers };