@jshookmcp/jshook 0.2.8 → 0.3.0

package/dist/handlers-BAHPxcch.mjs

@@ -0,0 +1,789 @@
+import { n as asJsonResponse } from "./response-CWhh2aLo.mjs";
+import { a as argString, t as argBool } from "./parse-args-B4cY5Vx5.mjs";
+//#region src/server/domains/cross-domain/handlers/skia-correlator.ts
+function normalizeSkiaToken(value) {
+	return value.toLowerCase().replace(/[^a-z0-9]/g, "");
+}
+function computeTokenSimilarity(a, b) {
+	const na = normalizeSkiaToken(a);
+	const nb = normalizeSkiaToken(b);
+	if (na === nb && na.length > 0) return 1;
+	if (na.length === 0 || nb.length === 0) return 0;
+	if (na.includes(nb) || nb.includes(na)) return .8;
+	return 0;
+}
+function findBestJSMatch(label, jsObjects) {
+	let bestScore = 0;
+	let bestMatch;
+	for (const obj of jsObjects) {
+		const nameScore = computeTokenSimilarity(label, obj.name);
+		if (nameScore > bestScore) {
+			bestScore = nameScore;
+			bestMatch = {
+				objectId: obj.objectId,
+				name: obj.name,
+				score: nameScore
+			};
+		}
+		for (const prop of obj.stringProps) {
+			const propScore = computeTokenSimilarity(label, prop);
+			if (propScore > bestScore) {
+				bestScore = propScore;
+				bestMatch = {
+					objectId: obj.objectId,
+					name: obj.name,
+					score: propScore
+				};
+			}
+		}
+	}
+	if (bestMatch && bestScore >= .5) return bestMatch;
+}
+function correlateSkiaToJS(bridge, input) {
+	const graphNodeIds = [];
+	const correlations = [];
+	const unmatchedSkiaNodes = [];
+	const matchedIds = /* @__PURE__ */ new Set();
+	const allSkiaItems = [];
+	for (const layer of input.sceneTree.layers) allSkiaItems.push({
+		id: layer.id,
+		label: layer.label,
+		heapObjectId: layer.heapObjectId
+	});
+	for (const cmd of input.sceneTree.drawCommands) allSkiaItems.push({
+		id: cmd.id,
+		label: cmd.label
+	});
+	const totalSkiaNodes = allSkiaItems.length;
+	for (const item of allSkiaItems) {
+		const canvasNode = bridge.addCanvasNode({
+			nodeId: item.id,
+			label: item.label
+		});
+		graphNodeIds.push(canvasNode.id);
+		if (item.heapObjectId) {
+			const jsObj = input.jsObjects.find((o) => o.objectId === item.heapObjectId);
+			if (jsObj) {
+				const heapNode = bridge.addV8Object({
+					address: item.heapObjectId,
+					name: jsObj.name
+				});
+				graphNodeIds.push(heapNode.id);
+				bridge.getGraph().addEdge(heapNode.id, canvasNode.id, "canvas-rendered-by", {
+					domain: "cross-domain",
+					matchScore: 1
+				});
+				correlations.push({
+					skiaNodeId: item.id,
+					matchedObjectId: jsObj.objectId,
+					matchedObjectName: jsObj.name,
+					matchScore: 1
+				});
+				matchedIds.add(item.id);
+				continue;
+			}
+		}
+		const match = findBestJSMatch(item.label, input.jsObjects);
+		if (match) {
+			const heapNode = bridge.addV8Object({
+				address: match.objectId,
+				name: match.name
+			});
+			graphNodeIds.push(heapNode.id);
+			bridge.getGraph().addEdge(heapNode.id, canvasNode.id, "canvas-rendered-by", {
+				domain: "cross-domain",
+				matchScore: match.score
+			});
+			correlations.push({
+				skiaNodeId: item.id,
+				matchedObjectId: match.objectId,
+				matchedObjectName: match.name,
+				matchScore: match.score
+			});
+			matchedIds.add(item.id);
+		} else unmatchedSkiaNodes.push(item.id);
+	}
+	return {
+		skiaNodes: totalSkiaNodes,
+		correlations,
+		unmatchedSkiaNodes,
+		confidence: totalSkiaNodes === 0 ? 0 : correlations.length / totalSkiaNodes,
+		graphNodeIds
+	};
+}
+//#endregion
+//#region src/server/domains/cross-domain/handlers/mojo-cdp-correlator.ts
+/** Mapping of Mojo interface patterns to CDP event patterns. */
+const INTERFACE_TO_CDP_PATTERNS = [
+	{
+		mojoPattern: /URLLoader/i,
+		cdpPattern: /Network\./i
+	},
+	{
+		mojoPattern: /WebSocket/i,
+		cdpPattern: /Network\.webSocket/i
+	},
+	{
+		mojoPattern: /Fetch/i,
+		cdpPattern: /Fetch\./i
+	}
+];
+const TIMESTAMP_PROXIMITY_MS = 50;
+function correlateMojoToCDP(bridge, mojoMessages, cdpEvents, networkRequests) {
+	const graphNodeIds = [];
+	const matchedPairs = [];
+	const matchedMojoIds = /* @__PURE__ */ new Set();
+	const requestNodeIds = /* @__PURE__ */ new Map();
+	for (const request of networkRequests) {
+		const { node } = bridge.addNetworkRequest({
+			requestId: request.requestId,
+			url: request.url
+		});
+		requestNodeIds.set(request.requestId, node.id);
+		graphNodeIds.push(node.id);
+	}
+	if (mojoMessages.length === 0) return {
+		mojoMessages: 0,
+		matchedPairs: [],
+		unmatchedMojo: [],
+		confidence: 0,
+		graphNodeIds
+	};
+	const mojoNodeMap = /* @__PURE__ */ new Map();
+	for (const msg of mojoMessages) {
+		const node = bridge.addMojoMessage({
+			interface: msg.interface,
+			method: msg.method,
+			timestamp: msg.timestamp
+		});
+		mojoNodeMap.set(msg.messageId, node.id);
+		graphNodeIds.push(node.id);
+	}
+	for (const msg of mojoMessages) {
+		if (matchedMojoIds.has(msg.messageId)) continue;
+		for (const pattern of INTERFACE_TO_CDP_PATTERNS) {
+			if (!pattern.mojoPattern.test(msg.interface)) continue;
+			const matchingCdp = cdpEvents.find((evt) => pattern.cdpPattern.test(evt.eventType) && !matchedMojoIds.has(msg.messageId));
+			if (matchingCdp) {
+				matchedPairs.push({
+					mojoMessageId: msg.messageId,
+					matchType: "interface",
+					cdpEventType: matchingCdp.eventType
+				});
+				matchedMojoIds.add(msg.messageId);
+				break;
+			}
+		}
+	}
+	for (const msg of mojoMessages) {
+		if (matchedMojoIds.has(msg.messageId)) continue;
+		if (/URLLoader/i.test(msg.interface)) {
+			const matchingReq = networkRequests.find((req) => Math.abs(req.timestamp - msg.timestamp) <= TIMESTAMP_PROXIMITY_MS);
+			if (matchingReq) {
+				const requestNodeId = requestNodeIds.get(matchingReq.requestId);
+				const mojoNodeId = mojoNodeMap.get(msg.messageId);
+				if (requestNodeId && mojoNodeId) bridge.getGraph().addEdge(requestNodeId, mojoNodeId, "mojo-routed-to", {
+					domain: "cross-domain",
+					relation: "network-request-correlates-to-mojo",
+					matchType: "urlloader",
+					timestampDelta: Math.abs(matchingReq.timestamp - msg.timestamp)
+				});
+				matchedPairs.push({
+					mojoMessageId: msg.messageId,
+					matchType: "urlloader",
+					networkRequestId: matchingReq.requestId,
+					timestampDelta: Math.abs(matchingReq.timestamp - msg.timestamp)
+				});
+				matchedMojoIds.add(msg.messageId);
+			}
+		}
+	}
+	for (const msg of mojoMessages) {
+		if (matchedMojoIds.has(msg.messageId)) continue;
+		let closestDelta = Infinity;
+		let closestCdp;
+		for (const evt of cdpEvents) {
+			const delta = Math.abs(evt.timestamp - msg.timestamp);
+			if (delta <= TIMESTAMP_PROXIMITY_MS && delta < closestDelta) {
+				closestDelta = delta;
+				closestCdp = evt;
+			}
+		}
+		if (closestCdp) {
+			matchedPairs.push({
+				mojoMessageId: msg.messageId,
+				matchType: "timestamp",
+				cdpEventType: closestCdp.eventType,
+				timestampDelta: closestDelta
+			});
+			matchedMojoIds.add(msg.messageId);
+		}
+	}
+	const unmatchedMojo = mojoMessages.filter((msg) => !matchedMojoIds.has(msg.messageId)).map((msg) => msg.messageId);
+	const confidence = mojoMessages.length === 0 ? 0 : matchedMojoIds.size / mojoMessages.length;
+	return {
+		mojoMessages: mojoMessages.length,
+		matchedPairs,
+		unmatchedMojo,
+		confidence,
+		graphNodeIds
+	};
+}
+//#endregion
+//#region src/server/domains/cross-domain/handlers/syscall-js-correlator.ts
+/**
+* Patterns mapping syscall names to JS API patterns for confidence scoring.
+* If the JS function name matches a pattern associated with a syscall, confidence is higher.
+*/
+const SYSCALL_JS_PATTERNS = {
+	NtReadFile: /read|fs[_.]read/i,
+	NtWriteFile: /write|fs[_.]write/i,
+	NtOpenFile: /open|fs[_.]open/i,
+	NtCreateFile: /create|fs[_.]create/i,
+	NtClose: /close|fs[_.]close/i,
+	NtDeviceIoControlFile: /ioctl|device/i,
+	NtQueryInformationFile: /stat|info|query/i,
+	NtSetInformationFile: /set|chmod|chown/i
+};
+function scoreConfidence(syscallName, functionName) {
+	const pattern = SYSCALL_JS_PATTERNS[syscallName];
+	if (pattern && pattern.test(functionName)) return "high";
+	if (/file|fs|read|write|open|close/i.test(functionName)) return "medium";
+	return "low";
+}
+function correlateSyscallToJS(bridge, syscallEvents, jsStacks) {
+	const graphNodeIds = [];
+	const correlations = [];
+	const unmatchedSyscalls = [];
+	if (syscallEvents.length === 0) return {
+		syscalls: 0,
+		correlations: [],
+		unmatchedSyscalls: [],
+		correlationConfidence: 0,
+		graphNodeIds: []
+	};
+	for (const event of syscallEvents) {
+		const syscallNode = bridge.addSyscallEvent({
+			pid: event.pid,
+			tid: event.tid,
+			syscallName: event.syscallName,
+			timestamp: event.timestamp
+		});
+		graphNodeIds.push(syscallNode.id);
+		const matchingStack = jsStacks.find((stack) => stack.threadId === event.tid && stack.timestamp === event.timestamp);
+		if (matchingStack && matchingStack.frames.length > 0) {
+			const topFrame = matchingStack.frames[0];
+			if (topFrame) {
+				const functionName = topFrame.functionName;
+				const confidence = scoreConfidence(event.syscallName, functionName);
+				const funcNode = bridge.addNode("function", functionName, {
+					domain: "v8-inspector",
+					functionName,
+					threadId: event.tid
+				});
+				graphNodeIds.push(funcNode.id);
+				bridge.getGraph().addEdge(funcNode.id, syscallNode.id, "syscall-emitted-by", {
+					domain: "cross-domain",
+					confidence
+				});
+				correlations.push({
+					syscallName: event.syscallName,
+					topJsFunction: functionName,
+					threadId: event.tid,
+					timestamp: event.timestamp,
+					confidence
+				});
+			} else unmatchedSyscalls.push({
+				syscallName: event.syscallName,
+				tid: event.tid
+			});
+		} else unmatchedSyscalls.push({
+			syscallName: event.syscallName,
+			tid: event.tid
+		});
+	}
+	const correlationConfidence = syscallEvents.length === 0 ? 0 : correlations.length / syscallEvents.length;
+	return {
+		syscalls: syscallEvents.length,
+		correlations,
+		unmatchedSyscalls,
+		correlationConfidence,
+		graphNodeIds
+	};
+}
+//#endregion
+//#region src/server/domains/cross-domain/handlers/binary-to-js-pipeline.ts
+/** Patterns that identify functions callable from JS or exported for JS use. */
+const JS_CALLABLE_PATTERNS = [
+	/^native_/i,
+	/^JS_/i,
+	/^Java_/i
+];
+function isJSCallable(func) {
+	if (func.calledFrom && func.calledFrom.length > 0) return true;
+	return JS_CALLABLE_PATTERNS.some((pattern) => pattern.test(func.name));
+}
+function generateFridaHookCode(functions, moduleName) {
+	const lines = [];
+	lines.push("// Binary-to-JS Hook Script");
+	lines.push(`// Module: ${moduleName}`);
+	lines.push(`// Generated at: ${(/* @__PURE__ */ new Date()).toISOString()}`);
+	lines.push("");
+	for (const func of functions) {
+		const resolvedModule = func.moduleName || moduleName;
+		if (func.address) {
+			lines.push(`// Hook: ${func.name} at ${func.address} in ${resolvedModule}`);
+			lines.push(`Interceptor.attach(Module.findBaseAddress('${resolvedModule}').add(${func.address}), {`);
+		} else {
+			lines.push(`// Hook: ${func.name} in ${resolvedModule}`);
+			lines.push(`Interceptor.attach(Module.findExportByName('${resolvedModule}', '${func.name}'), {`);
+		}
+		lines.push(`  onEnter(args) {`);
+		lines.push(`    console.log('[${func.name}] called with args:', args[0], args[1]);`);
+		lines.push(`  },`);
+		lines.push(`  onLeave(retval) {`);
+		lines.push(`    console.log('[${func.name}] returned:', retval);`);
+		lines.push(`  }`);
+		lines.push(`});`);
+		lines.push("");
+	}
+	lines.push(`console.log('Binary-to-JS hook script loaded for ${moduleName}');`);
+	return lines.join("\n");
+}
+function buildBinaryToJSPipeline(bridge, ghidraOutput, forcedFunctions) {
+	const evidenceGraphLinks = [];
+	const injectedFunctions = [];
+	let selectedFunctions;
+	if (forcedFunctions && forcedFunctions.length > 0) {
+		const forcedSet = new Set(forcedFunctions);
+		selectedFunctions = ghidraOutput.functions.filter((f) => forcedSet.has(f.name));
+	} else selectedFunctions = ghidraOutput.functions.filter(isJSCallable);
+	const generatedHookScript = generateFridaHookCode(selectedFunctions, ghidraOutput.moduleName);
+	for (const func of selectedFunctions) {
+		const symbolNode = bridge.addBinarySymbol({
+			moduleName: func.moduleName || ghidraOutput.moduleName,
+			symbolName: func.name,
+			address: func.address ?? "0x0"
+		});
+		const hookNode = bridge.addNode("breakpoint-hook", `frida:${func.name}`, {
+			domain: "binary-instrument",
+			hookType: "frida-interceptor",
+			functionName: func.name,
+			moduleName: func.moduleName || ghidraOutput.moduleName
+		});
+		bridge.getGraph().addEdge(symbolNode.id, hookNode.id, "binary-exports", {
+			domain: "cross-domain",
+			relation: "binary-to-frida-hook"
+		});
+		evidenceGraphLinks.push({
+			binarySymbolNodeId: symbolNode.id,
+			hookScriptNodeId: hookNode.id,
+			functionName: func.name
+		});
+		injectedFunctions.push(func.name);
+	}
+	return {
+		hookCount: selectedFunctions.length,
+		generatedHookScript,
+		injectedFunctions,
+		evidenceGraphLinks
+	};
+}
+//#endregion
+//#region src/server/domains/cross-domain/handlers/input-extractors.ts
+function isRecord(value) {
+	return value !== null && typeof value === "object";
+}
+function readRecordArray(value) {
+	return Array.isArray(value) ? value.filter(isRecord) : [];
+}
+function readString(value, fallback = "") {
+	return typeof value === "string" ? value : fallback;
+}
+function readOptionalString(value) {
+	return typeof value === "string" ? value : void 0;
+}
+function readNumber(value, fallback = 0) {
+	return typeof value === "number" ? value : fallback;
+}
+function readStringArray(value) {
+	return Array.isArray(value) ? value.filter((item) => typeof item === "string") : [];
+}
+function readOptionalStringArray(value) {
+	return Array.isArray(value) ? value.filter((item) => typeof item === "string") : void 0;
+}
+function readNumberRecord(value) {
+	if (!isRecord(value)) return {};
+	return Object.fromEntries(Object.entries(value).filter((entry) => typeof entry[1] === "number"));
+}
+function extractSkiaSceneTree(value) {
+	if (!isRecord(value)) return {
+		layers: [],
+		drawCommands: []
+	};
+	return {
+		layers: Array.isArray(value["layers"]) ? value["layers"] : [],
+		drawCommands: Array.isArray(value["drawCommands"]) ? value["drawCommands"] : []
+	};
+}
+function extractJSObjectArray(value) {
+	return readRecordArray(value).map((item) => ({
+		objectId: readString(item["objectId"]),
+		className: readString(item["className"]),
+		name: readString(item["name"]),
+		stringProps: readStringArray(item["stringProps"]),
+		numericProps: readNumberRecord(item["numericProps"]),
+		colorProps: readStringArray(item["colorProps"]),
+		urlProps: readStringArray(item["urlProps"])
+	}));
+}
+function extractMojoMessages(value) {
+	return readRecordArray(value).map((item) => ({
+		interface: readString(item["interface"]),
+		method: readString(item["method"]),
+		timestamp: readNumber(item["timestamp"]),
+		messageId: readString(item["messageId"])
+	}));
+}
+function extractCDPEvents(value) {
+	return readRecordArray(value).map((item) => ({
+		eventType: readString(item["eventType"]),
+		timestamp: readNumber(item["timestamp"]),
+		url: readOptionalString(item["url"])
+	}));
+}
+function extractNetworkRequests(value) {
+	return readRecordArray(value).map((item) => ({
+		requestId: readString(item["requestId"]),
+		url: readString(item["url"]),
+		timestamp: readNumber(item["timestamp"])
+	}));
+}
+function extractSyscallEvents(value) {
+	return readRecordArray(value).map((item) => ({
+		pid: readNumber(item["pid"]),
+		tid: readNumber(item["tid"]),
+		syscallName: readString(item["syscallName"]),
+		timestamp: readNumber(item["timestamp"])
+	}));
+}
+function extractJSStacks(value) {
+	return readRecordArray(value).map((item) => ({
+		threadId: readNumber(item["threadId"]),
+		timestamp: readNumber(item["timestamp"]),
+		frames: readRecordArray(item["frames"]).map((frame) => ({ functionName: readString(frame["functionName"]) }))
+	}));
+}
+function extractGhidraOutput(value) {
+	if (!isRecord(value)) return null;
+	const moduleName = readString(value["moduleName"]);
+	if (!moduleName) return null;
+	return {
+		functions: readRecordArray(value["functions"]).map((item) => ({
+			name: readString(item["name"]),
+			moduleName: readString(item["moduleName"]),
+			address: readOptionalString(item["address"]),
+			calledFrom: readOptionalStringArray(item["calledFrom"])
+		})),
+		moduleName
+	};
+}
+//#endregion
+//#region src/server/domains/cross-domain/workflows/missions.ts
+const WORKFLOWS = {
+	WORKFLOW_REVERSE_OBFUSCATED: {
+		id: "reverse-obfuscated-api",
+		displayName: "Reverse Obfuscated API",
+		steps: [
+			{
+				tool: "deobfuscate",
+				args: { targetUrl: "${input.targetUrl}" }
+			},
+			{
+				tool: "js_heap_search",
+				args: { pattern: "${previous.cryptoKeys}" }
+			},
+			{
+				tool: "network_enable",
+				args: {}
+			},
+			{
+				tool: "tls_cert_pin_bypass",
+				args: { target: "${input.target}" }
+			},
+			{
+				tool: "console_inject_fetch_interceptor",
+				args: { urls: ["${input.apiEndpoint}"] }
+			}
+		]
+	},
+	WORKFLOW_GAME_CANVAS_SKIA: {
+		id: "game-canvas-skia-v8",
+		displayName: "Game Canvas + SKIA + V8 Analysis",
+		steps: [
+			{
+				tool: "canvas_engine_fingerprint",
+				args: { canvasId: "${input.canvasId}" }
+			},
+			{
+				tool: "canvas_scene_dump",
+				args: { canvasId: "${input.canvasId}" }
+			},
+			{
+				tool: "skia_correlate_objects",
+				args: { skiaNodeIds: "${previous.nodeIds}" }
+			},
+			{
+				tool: "performance_take_heap_snapshot",
+				args: {}
+			},
+			{
+				tool: "js_heap_search",
+				args: { pattern: "${input.searchTerm}" }
+			}
+		]
+	},
+	WORKFLOW_BINARY_NATIVE_HOOK: {
+		id: "binary-native-hook",
+		displayName: "Binary Analysis + Native Hook",
+		steps: [
+			{
+				tool: "ghidra_analyze",
+				args: { binaryPath: "${input.binaryPath}" }
+			},
+			{
+				tool: "generate_hooks",
+				args: { symbols: "${previous.exportedSymbols}" }
+			},
+			{
+				tool: "frida_attach",
+				args: { target: "${input.target}" }
+			},
+			{
+				tool: "frida_run_script",
+				args: { script: "${previous.hookScript}" }
+			}
+		]
+	}
+};
+//#endregion
+//#region src/server/domains/cross-domain/handlers.impl.ts
+const V5_DOMAIN_NAMES = [
+	"analysis",
+	"browser",
+	"network",
+	"canvas",
+	"skia-capture",
+	"v8-inspector",
+	"mojo-ipc",
+	"syscall-hook",
+	"binary-instrument",
+	"boringssl-inspector",
+	"evidence"
+];
+var CrossDomainWorkflowClassifier = class {
+	constructor(ctx, evidenceBridgeReady) {
+		this.ctx = ctx;
+		this.evidenceBridgeReady = evidenceBridgeReady;
+	}
+	getCapabilities() {
+		const availableDomains = this.getAvailableDomains();
+		const missingDomains = V5_DOMAIN_NAMES.filter((d) => !availableDomains.includes(d));
+		const workflows = Object.entries(WORKFLOWS).map(([workflowKey, workflow]) => {
+			const evaluation = this.evaluateWorkflow(workflow);
+			return {
+				workflowKey,
+				id: workflow.id,
+				displayName: workflow.displayName,
+				stepCount: workflow.steps.length,
+				...evaluation
+			};
+		});
+		return {
+			availableDomains,
+			missingDomains,
+			supportedDomains: [...V5_DOMAIN_NAMES],
+			workflows
+		};
+	}
+	suggestWorkflow(goal, preferAvailableOnly) {
+		const normalizedGoal = goal.toLowerCase();
+		const scored = Object.entries(WORKFLOWS).map(([workflowKey, workflow]) => {
+			return {
+				workflowKey,
+				workflow,
+				keywordScore: this.scoreWorkflowGoal(normalizedGoal, workflowKey, workflow),
+				evaluation: this.evaluateWorkflow(workflow)
+			};
+		});
+		const candidates = preferAvailableOnly ? scored.filter((item) => item.evaluation.missingDomains.length === 0) : scored;
+		const rankedPool = candidates.length > 0 ? candidates : scored;
+		rankedPool.sort((a, b) => {
+			if (b.keywordScore !== a.keywordScore) return b.keywordScore - a.keywordScore;
+			return b.evaluation.coverage - a.evaluation.coverage;
+		});
+		const selected = rankedPool[0];
+		if (!selected) throw new Error("No workflow definitions are available for cross-domain suggestion");
+		const reason = this.describeWorkflowReason(normalizedGoal, selected.evaluation);
+		return {
+			workflowKey: selected.workflowKey,
+			id: selected.workflow.id,
+			displayName: selected.workflow.displayName,
+			reason,
+			...selected.evaluation
+		};
+	}
+	getHealth() {
+		const availableDomains = this.getAvailableDomains();
+		return {
+			evidenceBridgeReady: this.evidenceBridgeReady,
+			orchestratorReady: true,
+			availableDomains,
+			missingDomains: V5_DOMAIN_NAMES.filter((d) => !availableDomains.includes(d))
+		};
+	}
+	getAvailableDomains() {
+		const currentEnabledDomains = this.ctx.enabledDomains.size > 0 ? this.ctx.enabledDomains : this.ctx.resolveEnabledDomains(this.ctx.selectedTools);
+		const available = [];
+		for (const d of V5_DOMAIN_NAMES) if (currentEnabledDomains.has(d)) available.push(d);
+		return available;
+	}
+	evaluateWorkflow(workflow) {
+		const requiredSet = /* @__PURE__ */ new Set();
+		for (const step of workflow.steps) for (const d of this.inferDomainsForTool(step.tool)) requiredSet.add(d);
+		const requiredDomains = [...requiredSet];
+		const available = this.getAvailableDomains().filter((d) => requiredSet.has(d));
+		return {
+			requiredDomains,
+			availableDomains: available,
+			missingDomains: requiredDomains.filter((d) => !available.includes(d)),
+			coverage: requiredDomains.length === 0 ? 1 : available.length / requiredDomains.length
+		};
+	}
+	inferDomainsForTool(toolName) {
+		if (toolName.startsWith("deobfuscate") || toolName.startsWith("advanced_deobfuscate")) return ["analysis"];
+		if (toolName.startsWith("js_heap") || toolName.startsWith("performance_take_heap_snapshot")) return ["v8-inspector"];
+		if (toolName.startsWith("network_")) return ["network"];
+		if (toolName.startsWith("console_")) return ["browser"];
+		if (toolName.startsWith("tls_") || toolName.startsWith("net_raw_")) return ["boringssl-inspector"];
+		if (toolName.startsWith("canvas_")) return ["canvas"];
+		if (toolName.startsWith("skia_")) return ["skia-capture"];
+		if (toolName.startsWith("v8_")) return ["v8-inspector"];
+		if (toolName.startsWith("mojo_")) return ["mojo-ipc"];
+		if (toolName.startsWith("syscall_")) return ["syscall-hook"];
+		if (toolName.startsWith("adb_")) return ["adb-bridge"];
+		if (toolName.startsWith("ghidra_") || toolName.startsWith("frida_") || toolName.startsWith("generate_hooks") || toolName.startsWith("unidbg_") || toolName.startsWith("export_hook_script")) return ["binary-instrument"];
+		if (toolName.startsWith("extension_") || toolName === "webhook") return ["extension-registry"];
+		if (toolName.startsWith("cross_domain_")) return ["cross-domain"];
+		if (toolName.startsWith("evidence_")) return ["evidence"];
+		if (toolName.startsWith("boringssl_")) return ["boringssl-inspector"];
+		return [];
+	}
+	scoreWorkflowGoal(normalizedGoal, workflowKey, workflow) {
+		let score = 0;
+		if (workflowKey === "WORKFLOW_REVERSE_OBFUSCATED") {
+			if (normalizedGoal.includes("obfus") || normalizedGoal.includes("api")) score += 3;
+			if (normalizedGoal.includes("tls") || normalizedGoal.includes("pin")) score += 2;
+		}
+		if (workflowKey === "WORKFLOW_GAME_CANVAS_SKIA") {
+			if (normalizedGoal.includes("canvas") || normalizedGoal.includes("game")) score += 3;
+			if (normalizedGoal.includes("skia") || normalizedGoal.includes("scene")) score += 2;
+		}
+		if (workflowKey === "WORKFLOW_BINARY_NATIVE_HOOK") {
+			if (normalizedGoal.includes("binary") || normalizedGoal.includes("native")) score += 3;
+			if (normalizedGoal.includes("hook") || normalizedGoal.includes("frida")) score += 2;
+		}
+		if (score === 0 && workflow.displayName.toLowerCase().includes(normalizedGoal)) score += 1;
+		return score;
+	}
+	describeWorkflowReason(normalizedGoal, evaluation) {
+		if (evaluation.missingDomains.length === 0) return `Matched goal "${normalizedGoal}" and all required domains are enabled.`;
+		return `Matched goal "${normalizedGoal}" with ${Math.round(evaluation.coverage * 100)}% domain coverage. Missing: ${evaluation.missingDomains.join(", ")}.`;
+	}
+};
+var CrossDomainHandlers = class {
+	constructor(evidenceBridge, workflowClassifier) {
+		this.evidenceBridge = evidenceBridge;
+		this.workflowClassifier = workflowClassifier;
+	}
+	async handleCapabilities(_args) {
+		const capabilities = {
+			evidenceGraphAvailable: true,
+			workflowClassifierAvailable: this.workflowClassifier !== void 0
+		};
+		if (this.workflowClassifier) return asJsonResponse({
+			capabilities,
+			...this.workflowClassifier.getCapabilities()
+		});
+		return asJsonResponse({ capabilities });
+	}
+	async handleSuggestWorkflow(args) {
+		const query = argString(args, "query", "") || argString(args, "goal", "");
+		const preferAvailableOnly = argBool(args, "preferAvailableOnly", true);
+		if (this.workflowClassifier && query) return asJsonResponse(this.workflowClassifier.suggestWorkflow(query, preferAvailableOnly));
+		return asJsonResponse({ message: "Cross-domain workflow suggestion requires a classifier and query." });
+	}
+	async handleHealth() {
+		const stats = this.evidenceBridge.getStats();
+		if (this.workflowClassifier) return asJsonResponse({
+			...this.workflowClassifier.getHealth(),
+			evidenceGraph: stats
+		});
+		return asJsonResponse({
+			evidenceBridgeReady: true,
+			orchestratorReady: false,
+			evidenceGraph: stats
+		});
+	}
+	async handleCorrelateAll(args) {
+		const errors = [];
+		const results = {};
+		try {
+			const sceneTree = extractSkiaSceneTree(args["sceneTree"]);
+			const jsObjects = extractJSObjectArray(args["jsObjects"]);
+			results["skia"] = correlateSkiaToJS(this.evidenceBridge, {
+				sceneTree,
+				jsObjects
+			});
+		} catch (e) {
+			errors.push(`SKIA-03: ${e instanceof Error ? e.message : String(e)}`);
+		}
+		try {
+			const mojoMessages = extractMojoMessages(args["mojoMessages"]);
+			const cdpEvents = extractCDPEvents(args["cdpEvents"]);
+			const networkRequests = extractNetworkRequests(args["networkRequests"]);
+			results["mojo"] = correlateMojoToCDP(this.evidenceBridge, mojoMessages, cdpEvents, networkRequests);
+		} catch (e) {
+			errors.push(`MOJO-03: ${e instanceof Error ? e.message : String(e)}`);
+		}
+		try {
+			const syscallEvents = extractSyscallEvents(args["syscallEvents"]);
+			const jsStacks = extractJSStacks(args["jsStacks"]);
+			results["syscall"] = correlateSyscallToJS(this.evidenceBridge, syscallEvents, jsStacks);
+		} catch (e) {
+			errors.push(`SYSCALL-02: ${e instanceof Error ? e.message : String(e)}`);
+		}
+		try {
+			const ghidraOutput = extractGhidraOutput(args["ghidraOutput"]);
+			if (ghidraOutput) results["binary"] = buildBinaryToJSPipeline(this.evidenceBridge, ghidraOutput);
+		} catch (e) {
+			errors.push(`BIN-04: ${e instanceof Error ? e.message : String(e)}`);
+		}
+		const snapshot = this.evidenceBridge.exportGraph();
+		return asJsonResponse({
+			correlationResults: {
+				...results,
+				errors
+			},
+			evidenceGraph: snapshot
+		});
+	}
+	async handleEvidenceExport() {
+		return asJsonResponse(this.evidenceBridge.exportGraph());
+	}
+	async handleEvidenceStats() {
+		return asJsonResponse(this.evidenceBridge.getStats());
+	}
+};
+//#endregion
+export { CrossDomainHandlers, CrossDomainWorkflowClassifier };