@jshookmcp/jshook 0.2.9 → 0.3.0

package/dist/{graphql-DYWzJ29s.mjs → graphql-CoHrhweh.mjs}

@@ -1,8 +1,8 @@
-import { et as GRAPHQL_MAX_GRAPH_EDGES, it as GRAPHQL_MAX_SCHEMA_CHARS, nt as GRAPHQL_MAX_PREVIEW_CHARS, rt as GRAPHQL_MAX_QUERY_CHARS, tt as GRAPHQL_MAX_GRAPH_NODES } from "./constants-B0OANIBL.mjs";
-import { a as argString, i as argObject, t as argBool } from "./parse-args-BlRjqlkL.mjs";
-import { s as evaluateWithTimeout } from "./PageController-Bqm2kZ_X.mjs";
-import { c as isSsrfTarget } from "./ssrf-policy-ZaUfvhq7.mjs";
-import "./definitions-Beid2EB3.mjs";
+import { at as GRAPHQL_MAX_SCHEMA_CHARS, it as GRAPHQL_MAX_QUERY_CHARS, nt as GRAPHQL_MAX_GRAPH_NODES, rt as GRAPHQL_MAX_PREVIEW_CHARS, tt as GRAPHQL_MAX_GRAPH_EDGES } from "./constants-CDZLOoVv.mjs";
+import { a as argString, i as argObject, t as argBool } from "./parse-args-B4cY5Vx5.mjs";
+import { s as evaluateWithTimeout } from "./PageController-BPJNqqBN.mjs";
+import { c as isSsrfTarget } from "./ssrf-policy-Dsqd-DTX.mjs";
+import "./definitions-Pp5LI2H4.mjs";
 //#region src/server/domains/graphql/handlers/shared.ts
 function toResponse(payload) {
 	return { content: [{
@@ -60,17 +60,31 @@ function normalizeHeaders(value) {
 	}
 	return headers;
 }
-async function validateExternalEndpoint(endpoint) {
+function parseEndpoint(endpoint) {
 	let parsedEndpoint;
 	try {
 		parsedEndpoint = new URL(endpoint);
 	} catch {
-		return `Invalid endpoint URL: ${endpoint}`;
+		return { error: `Invalid endpoint URL: ${endpoint}` };
 	}
-	if (parsedEndpoint.protocol !== "http:" && parsedEndpoint.protocol !== "https:") return `Unsupported endpoint protocol: ${parsedEndpoint.protocol} — only http/https allowed`;
-	if (await isSsrfTarget(parsedEndpoint.toString())) return `Blocked: endpoint "${endpoint}" resolves to a private/reserved address`;
+	if (parsedEndpoint.protocol !== "http:" && parsedEndpoint.protocol !== "https:") return { error: `Unsupported endpoint protocol: ${parsedEndpoint.protocol} — only http/https allowed` };
+	return { parsedEndpoint };
+}
+async function validateExternalEndpoint(endpoint) {
+	const parsed = parseEndpoint(endpoint);
+	if ("error" in parsed) return parsed.error;
+	if (await isSsrfTarget(parsed.parsedEndpoint.toString())) return `Blocked: endpoint "${endpoint}" resolves to a private/reserved address`;
 	return null;
 }
+async function validateBrowserEndpoint(endpoint, currentPageUrl) {
+	const parsed = parseEndpoint(endpoint);
+	if ("error" in parsed) return parsed.error;
+	if (!await isSsrfTarget(parsed.parsedEndpoint.toString())) return null;
+	if (typeof currentPageUrl === "string" && currentPageUrl.length > 0) try {
+		if (new URL(currentPageUrl).origin === parsed.parsedEndpoint.origin) return null;
+	} catch {}
+	return `Blocked: endpoint "${endpoint}" resolves to a private/reserved address`;
+}
 function createPreview(text, maxChars) {
 	if (text.length <= maxChars) return {
 		preview: text,
@@ -476,11 +490,16 @@ var IntrospectionHandlers = class {
 		try {
 			const endpoint = argString(args, "endpoint")?.trim();
 			if (!endpoint) return toError("Missing required argument: endpoint");
+			const headers = normalizeHeaders(args.headers);
+			if (argBool(args, "useBrowser", true)) {
+				const page = await this.collector.getActivePage();
+				const endpointValidationError = await validateBrowserEndpoint(endpoint, typeof page.url === "function" ? page.url() : null);
+				if (endpointValidationError) return toError(endpointValidationError);
+				return await this.introspectViaBrowser(page, endpoint, headers);
+			}
 			const endpointValidationError = await validateExternalEndpoint(endpoint);
 			if (endpointValidationError) return toError(endpointValidationError);
-			const headers = normalizeHeaders(args.headers);
-			if (!argBool(args, "useBrowser", true)) return await this.introspectViaNode(endpoint, headers);
-			return await this.introspectViaBrowser(endpoint, headers);
+			return await this.introspectViaNode(endpoint, headers);
 		} catch (error) {
 			return toError(error);
 		}
@@ -555,8 +574,8 @@ var IntrospectionHandlers = class {
 		if (jsonRecord && Array.isArray(jsonRecord.errors)) payload.errors = jsonRecord.errors;
 		return toResponse(payload);
 	}
-	async introspectViaBrowser(endpoint, headers) {
-		const browserResult = await evaluateWithTimeout(await this.collector.getActivePage(), async (input) => {
+	async introspectViaBrowser(page, endpoint, headers) {
+		const browserResult = await evaluateWithTimeout(page, async (input) => {
 			const requestHeaders = {
 				"content-type": "application/json",
 				...input.headers
@@ -653,14 +672,131 @@ var IntrospectionHandlers = class {
 };
 //#endregion
 //#region src/server/domains/graphql/handlers/extract.ts
+function isRecord(value) {
+	return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function appendGraphQLPayload(extracted, payload, metadata) {
+	if (!payload) return;
+	const queryRaw = payload.query;
+	if (typeof queryRaw !== "string" || queryRaw.trim().length === 0) return;
+	const operationNameRaw = payload.operationName;
+	const operationName = typeof operationNameRaw === "string" && operationNameRaw.trim().length > 0 ? operationNameRaw : queryRaw.match(/^\s*(query|mutation|subscription)\s+([A-Za-z0-9_]+)/)?.[2] ?? null;
+	extracted.push({
+		source: metadata.source,
+		url: metadata.url,
+		method: metadata.method,
+		operationName,
+		query: queryRaw,
+		variables: payload.variables ?? null,
+		timestamp: metadata.timestamp,
+		contentType: metadata.contentType
+	});
+}
+function parseBodyStringToPayload(rawBody) {
+	const trimmed = rawBody.trim();
+	if (!trimmed) return null;
+	try {
+		const parsed = JSON.parse(trimmed);
+		if (isRecord(parsed)) return parsed;
+	} catch {}
+	if (trimmed.includes("query=")) try {
+		const params = new URLSearchParams(trimmed);
+		const query = params.get("query");
+		if (query) {
+			const operationName = params.get("operationName");
+			const variablesRaw = params.get("variables");
+			let variables = null;
+			if (variablesRaw) try {
+				variables = JSON.parse(variablesRaw);
+			} catch {
+				variables = variablesRaw;
+			}
+			return {
+				query,
+				operationName,
+				variables
+			};
+		}
+	} catch {}
+	if (trimmed.startsWith("query ") || trimmed.startsWith("mutation ") || trimmed.startsWith("subscription ")) return { query: trimmed };
+	return null;
+}
+function getRequestHeaders(record) {
+	if (isRecord(record.headers)) return record.headers;
+	if (isRecord(record.requestHeaders)) return record.requestHeaders;
+	return {};
+}
+function getContentType(record) {
+	const headers = getRequestHeaders(record);
+	for (const [key, value] of Object.entries(headers)) if (key.toLowerCase() === "content-type") return typeof value === "string" ? value.toLowerCase() : String(value).toLowerCase();
+	return "";
+}
+function getBodyCandidates(record) {
+	const candidates = [record.body, record.postData];
+	if (isRecord(record.options)) candidates.push(record.options.body);
+	if (isRecord(record.request)) candidates.push(record.request.postData);
+	return candidates;
+}
+function extractQueriesFromRecords(records, source) {
+	const state = {
+		scannedRecords: 0,
+		extracted: []
+	};
+	if (!Array.isArray(records)) return state;
+	for (const item of records) {
+		if (!isRecord(item)) continue;
+		state.scannedRecords += 1;
+		const url = typeof item.url === "string" ? item.url : "";
+		const method = typeof item.method === "string" ? item.method : "POST";
+		const timestamp = typeof item.timestamp === "number" ? item.timestamp : null;
+		const contentType = getContentType(item);
+		for (const bodyCandidate of getBodyCandidates(item)) {
+			let payload = null;
+			if (isRecord(bodyCandidate)) payload = bodyCandidate;
+			else if (typeof bodyCandidate === "string") payload = parseBodyStringToPayload(bodyCandidate);
+			appendGraphQLPayload(state.extracted, payload, {
+				source,
+				url,
+				method,
+				timestamp,
+				contentType
+			});
+		}
+		if (contentType.includes("application/graphql") && typeof item.body === "string") appendGraphQLPayload(state.extracted, {
+			query: item.body,
+			variables: null,
+			operationName: null
+		}, {
+			source,
+			url,
+			method,
+			timestamp,
+			contentType
+		});
+	}
+	return state;
+}
+function dedupeExtractedQueries(items) {
+	const sorted = items.toSorted((left, right) => (right.timestamp ?? 0) - (left.timestamp ?? 0));
+	const deduped = [];
+	const seen = /* @__PURE__ */ new Set();
+	for (const item of sorted) {
+		const key = `${item.url}|${item.operationName ?? ""}|${item.query}|${JSON.stringify(item.variables)}`;
+		if (seen.has(key)) continue;
+		seen.add(key);
+		deduped.push(item);
+	}
+	return deduped;
+}
 var ExtractHandlers = class {
-	constructor(collector) {
-		this.collector = collector;
+	deps;
+	constructor(deps) {
+		this.deps = "collector" in deps ? deps : { collector: deps };
 	}
 	async handleGraphqlExtractQueries(args) {
 		try {
 			const limit = parseClampedNumber(args, "limit", 50, 1, 200);
-			const extraction = await evaluateWithTimeout(await this.collector.getActivePage(), (maxItems) => {
+			const pageExtraction = await evaluateWithTimeout(await this.deps.collector.getActivePage(), (maxItems) => {
 				const globalScope = window;
 				const extracted = [];
 				let scannedRecords = 0;
@@ -751,8 +887,10 @@ var ExtractHandlers = class {
 					if (!Array.isArray(value)) return;
 					for (const item of value) if (item && typeof item === "object") processRequestRecord(item, source);
 				};
-				processArray(globalScope.__fetchRequests, "window.__fetchRequests");
-				processArray(globalScope.__xhrRequests, "window.__xhrRequests");
+				const fetchRequests = Array.isArray(globalScope.__fetchRequests) ? globalScope.__fetchRequests : typeof globalScope.__getFetchRequests === "function" ? globalScope.__getFetchRequests() : void 0;
+				const xhrRequests = Array.isArray(globalScope.__xhrRequests) ? globalScope.__xhrRequests : typeof globalScope.__getXHRRequests === "function" ? globalScope.__getXHRRequests() : void 0;
+				processArray(fetchRequests, "window.__fetchRequests");
+				processArray(xhrRequests, "window.__xhrRequests");
 				processArray(globalScope.__networkRequests, "window.__networkRequests");
 				const aiHooks = globalScope.__aiHooks;
 				if (aiHooks && typeof aiHooks === "object") for (const [hookName, hookRecords] of Object.entries(aiHooks)) {
@@ -775,7 +913,31 @@ var ExtractHandlers = class {
 					extracted: deduped.slice(0, maxItems)
 				};
 			}, limit);
-			const queries = extraction.extracted.map((item, index) => {
+			let scannedRecords = pageExtraction.scannedRecords;
+			const combinedExtracted = [...pageExtraction.extracted];
+			if (this.deps.consoleMonitor) {
+				const fetchRequestsPromise = typeof this.deps.consoleMonitor.getFetchRequests === "function" ? this.deps.consoleMonitor.getFetchRequests().catch(() => []) : Promise.resolve([]);
+				const xhrRequestsPromise = typeof this.deps.consoleMonitor.getXHRRequests === "function" ? this.deps.consoleMonitor.getXHRRequests().catch(() => []) : Promise.resolve([]);
+				const [fetchRequests, xhrRequests] = await Promise.all([fetchRequestsPromise, xhrRequestsPromise]);
+				let networkRequests = [];
+				try {
+					networkRequests = typeof this.deps.consoleMonitor.getNetworkRequests === "function" ? this.deps.consoleMonitor.getNetworkRequests({ limit: 500 }) : [];
+				} catch {
+					networkRequests = [];
+				}
+				const fallbackExtractions = [
+					extractQueriesFromRecords(fetchRequests, "consoleMonitor.fetchRequests"),
+					extractQueriesFromRecords(xhrRequests, "consoleMonitor.xhrRequests"),
+					extractQueriesFromRecords(networkRequests, "consoleMonitor.networkRequests")
+				];
+				for (const fallback of fallbackExtractions) {
+					scannedRecords += fallback.scannedRecords;
+					combinedExtracted.push(...fallback.extracted);
+				}
+			}
+			const dedupedExtracted = dedupeExtractedQueries(combinedExtracted);
+			const totalExtracted = Math.max(pageExtraction.totalExtracted, dedupedExtracted.length);
+			const queries = dedupedExtracted.slice(0, limit).map((item, index) => {
 				const queryPreview = createPreview(item.query, GRAPHQL_MAX_QUERY_CHARS);
 				const variablesPreview = serializeForPreview(item.variables, GRAPHQL_MAX_PREVIEW_CHARS);
 				const normalized = {
@@ -802,8 +964,8 @@ var ExtractHandlers = class {
 				success: true,
 				limit,
 				stats: {
-					scannedRecords: extraction.scannedRecords,
-					totalExtracted: extraction.totalExtracted,
+					scannedRecords,
+					totalExtracted,
 					returned: queries.length
 				},
 				queries
@@ -825,14 +987,19 @@ var ReplayHandlers = class {
 			const query = argString(args, "query");
 			if (!endpoint) return toError("Missing required argument: endpoint");
 			if (typeof query !== "string" || query.trim().length === 0) return toError("Missing required argument: query");
-			const endpointValidationError = await validateExternalEndpoint(endpoint);
-			if (endpointValidationError) return toError(endpointValidationError);
 			const variables = argObject(args, "variables") ?? {};
 			const operationNameRaw = argString(args, "operationName");
 			const operationName = operationNameRaw && operationNameRaw.trim().length > 0 ? operationNameRaw.trim() : null;
 			const headers = normalizeHeaders(args.headers);
-			if (!argBool(args, "useBrowser", true)) return await this.replayViaNode(endpoint, query, variables, operationName, headers);
-			return await this.replayViaBrowser(endpoint, query, variables, operationName, headers);
+			if (argBool(args, "useBrowser", true)) {
+				const page = await this.collector.getActivePage();
+				const endpointValidationError = await validateBrowserEndpoint(endpoint, typeof page.url === "function" ? page.url() : null);
+				if (endpointValidationError) return toError(endpointValidationError);
+				return await this.replayViaBrowser(page, endpoint, query, variables, operationName, headers);
+			}
+			const endpointValidationError = await validateExternalEndpoint(endpoint);
+			if (endpointValidationError) return toError(endpointValidationError);
+			return await this.replayViaNode(endpoint, query, variables, operationName, headers);
 		} catch (error) {
 			return toError(error);
 		}
@@ -885,8 +1052,8 @@ var ReplayHandlers = class {
 		responseText = "";
 		return toResponse(buildReplayPayloadFromJson(responseJson, endpoint, operationName, response.ok, response.status, response.statusText, responseHeaders));
 	}
-	async replayViaBrowser(endpoint, query, variables, operationName, headers) {
-		const browserResult = await evaluateWithTimeout(await this.collector.getActivePage(), async (input) => {
+	async replayViaBrowser(page, endpoint, query, variables, operationName, headers) {
+		const browserResult = await evaluateWithTimeout(page, async (input) => {
 			const requestHeaders = {
 				"content-type": "application/json",
 				...input.headers
@@ -993,18 +1160,22 @@ function buildReplayPayloadFromJson(responseJson, endpoint, operationName, ok, s
 }
 //#endregion
 //#region src/server/domains/graphql/handlers.impl.ts
+function normalizeDependencies(deps) {
+	return "collector" in deps ? deps : { collector: deps };
+}
 var GraphQLToolHandlers = class {
 	callGraph;
 	scriptReplace;
 	introspection;
 	extract;
 	replay;
-	constructor(collector) {
-		this.callGraph = new CallGraphHandlers(collector);
-		this.scriptReplace = new ScriptReplaceHandlers(collector);
-		this.introspection = new IntrospectionHandlers(collector);
-		this.extract = new ExtractHandlers(collector);
-		this.replay = new ReplayHandlers(collector);
+	constructor(deps) {
+		const normalized = normalizeDependencies(deps);
+		this.callGraph = new CallGraphHandlers(normalized.collector);
+		this.scriptReplace = new ScriptReplaceHandlers(normalized.collector);
+		this.introspection = new IntrospectionHandlers(normalized.collector);
+		this.extract = new ExtractHandlers(normalized);
+		this.replay = new ReplayHandlers(normalized.collector);
 	}
 	async handleCallGraphAnalyze(args) {
 		return this.callGraph.handleCallGraphAnalyze(args);