@jshookmcp/jshook 0.2.9 → 0.3.0

package/dist/{handlers-D6j6yka7.mjs → handlers-Dx2d7jt7.mjs}

@@ -1,1531 +1,1756 @@
-import { i as argObject, o as argStringArray, s as argStringRequired } from "./parse-args-BlRjqlkL.mjs";
+import { an as PROTO_HTTP_CONFIDENCE, cn as PROTO_TLS_MIN_RECORD_LEN, ln as PROTO_WS_CONFIDENCE, on as PROTO_SSH_CONFIDENCE, sn as PROTO_TLS_CONFIDENCE } from "./constants-CDZLOoVv.mjs";
+import { n as asJsonResponse } from "./response-CWhh2aLo.mjs";
+import { i as argObject, o as argStringArray, s as argStringRequired } from "./parse-args-B4cY5Vx5.mjs";
 import { readFile as readFile$1, writeFile as writeFile$1 } from "node:fs/promises";
 import { isIP } from "node:net";
-//#region src/modules/protocol-analysis/ProtocolPatternUtils.ts
-const PRINTABLE_MIN = 32;
-const PRINTABLE_MAX = 126;
-const DELIMITER_CANDIDATES = [
-	Buffer.from([44]),
-	Buffer.from([124]),
-	Buffer.from([58]),
-	Buffer.from([59]),
-	Buffer.from([9]),
-	Buffer.from([0]),
-	Buffer.from([13, 10])
-];
-function normalizeHexPayload(value) {
-	return value.replace(/^0x/i, "").replace(/\s+/g, "").toLowerCase();
+//#region src/server/domains/protocol-analysis/handlers/fingerprint-utils.ts
+const TLS_RECORD_TYPES = {
+	20: "ChangeCipherSpec",
+	21: "Alert",
+	22: "Handshake",
+	23: "ApplicationData"
+};
+const TLS_VERSIONS = {
+	"0300": "SSL 3.0",
+	"0301": "TLS 1.0",
+	"0302": "TLS 1.1",
+	"0303": "TLS 1.2",
+	"0304": "TLS 1.3"
+};
+const TLS_CIPHER_NAMES = {
+	"1301": "TLS_AES_128_GCM_SHA256",
+	"1302": "TLS_AES_256_GCM_SHA384",
+	"1303": "TLS_CHACHA20_POLY1305_SHA256",
+	c02b: "TLS_ECDHE_ECDSA_AES_128_GCM_SHA256",
+	c02f: "TLS_ECDHE_RSA_AES_128_GCM_SHA256",
+	c02c: "TLS_ECDHE_ECDSA_AES_256_GCM_SHA384",
+	c030: "TLS_ECDHE_RSA_AES_256_GCM_SHA384",
+	cca9: "TLS_ECDHE_ECDSA_CHACHA20_POLY1305",
+	cca8: "TLS_ECDHE_RSA_CHACHA20_POLY1305",
+	"009c": "TLS_RSA_AES_128_GCM_SHA256",
+	"009d": "TLS_RSA_AES_256_GCM_SHA384",
+	"002f": "TLS_RSA_AES_128_CBC_SHA",
+	"0035": "TLS_RSA_AES_256_CBC_SHA",
+	c013: "TLS_ECDHE_RSA_AES_128_CBC_SHA",
+	c014: "TLS_ECDHE_RSA_AES_256_CBC_SHA",
+	"00ff": "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+	"5600": "TLS_FALLBACK_SCSV"
+};
+const DNS_RCODES = {
+	0: "NOERROR",
+	1: "FORMERR",
+	2: "SERVFAIL",
+	3: "NXDOMAIN",
+	4: "NOTIMP",
+	5: "REFUSED"
+};
+const DNS_OPTYPES = {
+	0: "QUERY",
+	1: "IQUERY",
+	2: "STATUS",
+	3: "UNASSIGNED",
+	4: "NOTIFY",
+	5: "UPDATE"
+};
+const HTTP_METHODS = {
+	"474554": "GET",
+	"504f5354": "POST",
+	"505554": "PUT",
+	"44454c45": "DELETE",
+	"48454144": "HEAD",
+	"50415443": "PATCH",
+	"4f505449": "OPTIONS",
+	"434f4e4e": "CONNECT"
+};
+const TLS_EXTENSION_NAMES = {
+	"0000": "server_name",
+	"000a": "supported_groups",
+	"000b": "ec_point_formats",
+	"000d": "signature_algorithms",
+	"0010": "application_layer_protocol_negotiation",
+	"0015": "padding",
+	"0017": "extended_master_secret",
+	"001b": "compress_certificate",
+	"0023": "session_ticket",
+	"0029": "pre_shared_key",
+	"002b": "supported_versions",
+	"002d": "psk_key_exchange_modes",
+	"0033": "key_share",
+	"0039": "quic_transport_parameters",
+	"4469": "next_protocol_negotiation",
+	fe0d: "encrypted_client_hello",
+	ff01: "renegotiation_info"
+};
+const WS_OPCODES = {
+	0: "continuation",
+	1: "text",
+	2: "binary",
+	8: "close",
+	9: "ping",
+	10: "pong"
+};
+function readU8(hex, offset) {
+	return Number.parseInt(hex.substring(offset * 2, offset * 2 + 2), 16);
+}
+function readU16(hex, offset) {
+	return Number.parseInt(hex.substring(offset * 2, offset * 2 + 4), 16);
+}
+function hexSlice(hex, offset, len) {
+	return hex.substring(offset * 2, (offset + len) * 2);
+}
+function isZeroedDnsHeader(hex) {
+	return hex.length >= 24 && /^0{24}$/i.test(hex.slice(0, 24));
+}
+function parseTlsClientHello(hex) {
+	if (hex.length < 44) return null;
+	const recordType = readU8(hex, 0);
+	if (recordType !== 22) return null;
+	const recordVersion = hexSlice(hex, 1, 2);
+	const recordLen = readU16(hex, 3);
+	if (hex.length / 2 < 5 + recordLen) return null;
+	if (readU8(hex, 5) !== 1) return null;
+	const result = {
+		recordType: TLS_RECORD_TYPES[recordType] ?? `0x${recordType.toString(16)}`,
+		recordVersion: TLS_VERSIONS[recordVersion] ?? recordVersion,
+		recordLength: recordLen,
+		handshakeType: "ClientHello"
+	};
+	let pos = 9;
+	if (pos + 2 > hex.length / 2) return result;
+	const clientVersion = hexSlice(hex, pos, 2);
+	result.clientVersion = TLS_VERSIONS[clientVersion] ?? clientVersion;
+	pos += 34;
+	if (pos >= hex.length / 2) return result;
+	const sessionIdLen = readU8(hex, pos);
+	pos += 1 + sessionIdLen;
+	if (pos + 2 > hex.length / 2) return result;
+	const cipherLen = readU16(hex, pos);
+	pos += 2;
+	const ciphers = [];
+	for (let i = 0; i < cipherLen / 2 && pos + 2 <= hex.length / 2; i++) {
+		const cipherHex = hexSlice(hex, pos, 2).toLowerCase();
+		ciphers.push({
+			hex: cipherHex,
+			name: TLS_CIPHER_NAMES[cipherHex] ?? `Unknown(0x${cipherHex})`
+		});
+		pos += 2;
+	}
+	result.cipherSuites = ciphers;
+	result.cipherSuiteCount = ciphers.length;
+	if (pos >= hex.length / 2) return result;
+	const compLen = readU8(hex, pos);
+	pos += 1 + compLen;
+	if (pos + 2 > hex.length / 2) return result;
+	const extTotalLen = readU16(hex, pos);
+	pos += 2;
+	const extEnd = pos + extTotalLen;
+	const extensions = [];
+	while (pos + 4 <= extEnd && pos + 4 <= hex.length / 2) {
+		const extType = hexSlice(hex, pos, 2).toLowerCase();
+		const extLen = readU16(hex, pos + 2);
+		extensions.push({
+			type: extType,
+			length: extLen,
+			name: TLS_EXTENSION_NAMES[extType]
+		});
+		pos += 4 + extLen;
+	}
+	result.extensions = extensions;
+	result.extensionCount = extensions.length;
+	return result;
+}
+function parseDnsHeader(hex) {
+	if (hex.length < 24) return null;
+	const txId = readU16(hex, 0);
+	const flags1 = readU8(hex, 2);
+	const flags2 = readU8(hex, 3);
+	const qr = flags1 >> 7 & 1;
+	const opcode = flags1 >> 3 & 15;
+	const aa = flags1 >> 2 & 1;
+	const tc = flags1 >> 1 & 1;
+	const rd = flags1 & 1;
+	const ra = flags2 >> 7 & 1;
+	const z = flags2 >> 4 & 7;
+	const rcode = flags2 & 15;
+	return {
+		transactionId: `0x${txId.toString(16).padStart(4, "0")}`,
+		flags: {
+			qr: qr === 1 ? "Response" : "Query",
+			opcode: DNS_OPTYPES[opcode] ?? opcode,
+			authoritativeAnswer: !!aa,
+			truncation: !!tc,
+			recursionDesired: !!rd,
+			recursionAvailable: !!ra,
+			reserved: z,
+			responseCode: DNS_RCODES[rcode] ?? rcode
+		},
+		questionCount: readU16(hex, 4),
+		answerCount: readU16(hex, 6),
+		authorityCount: readU16(hex, 8),
+		additionalCount: readU16(hex, 10)
+	};
 }
-function isHexPayload(value) {
-	const normalized = normalizeHexPayload(value);
-	if (normalized.length === 0 || normalized.length % 2 !== 0) return false;
-	return /^[0-9a-f]+$/i.test(normalized);
+function isLikelyDnsHeader(hex) {
+	if (hex.length < 24 || isZeroedDnsHeader(hex)) return false;
+	const flags1 = readU8(hex, 2);
+	const flags2 = readU8(hex, 3);
+	const qr = flags1 >> 7 & 1;
+	const opcode = flags1 >> 3 & 15;
+	const rcode = flags2 & 15;
+	const qdcount = readU16(hex, 4);
+	const ancount = readU16(hex, 6);
+	if (opcode > 2) return false;
+	if (qdcount + ancount === 0) return false;
+	if (qr === 0 && rcode !== 0) return false;
+	if (qr === 1 && rcode > 5) return false;
+	return true;
 }
-function parseHexPayload$1(value) {
-	if (!isHexPayload(value)) return null;
-	return Buffer.from(normalizeHexPayload(value), "hex");
+//#endregion
+//#region src/server/domains/protocol-analysis/handlers/shared/protocol-schema.ts
+function isRecord$1(value) {
+	return value !== null && typeof value === "object" && !Array.isArray(value);
 }
-function isPrintableByte(value) {
-	return value >= PRINTABLE_MIN && value <= PRINTABLE_MAX;
+function parseFieldSpec(value, index) {
+	if (!isRecord$1(value)) throw new Error(`fields[${index}] must be an object`);
+	const name = value.name;
+	const offset = value.offset;
+	const length = value.length;
+	const type = value.type;
+	if (typeof name !== "string" || name.trim().length === 0) throw new Error(`fields[${index}].name must be a non-empty string`);
+	if (typeof offset !== "number" || !Number.isInteger(offset) || offset < 0) throw new Error(`fields[${index}].offset must be a non-negative integer`);
+	if (typeof length !== "number" || !Number.isInteger(length) || length <= 0) throw new Error(`fields[${index}].length must be a positive integer`);
+	if (type !== "int" && type !== "string" && type !== "bytes" && type !== "bool" && type !== "float") throw new Error(`fields[${index}].type is invalid`);
+	return {
+		name,
+		offset,
+		length,
+		type
+	};
 }
-function printableRatio(buffer) {
-	if (buffer.length === 0) return 0;
-	let printableCount = 0;
-	for (const value of buffer.values()) if (isPrintableByte(value)) printableCount += 1;
-	return printableCount / buffer.length;
+function parseLegacyField(value, index) {
+	if (!isRecord$1(value)) throw new Error(`fields[${index}] must be an object`);
+	const name = value.name;
+	const offset = value.offset;
+	const length = value.length;
+	const type = value.type;
+	const description = value.description;
+	if (typeof name !== "string" || name.trim().length === 0) throw new Error(`fields[${index}].name must be a non-empty string`);
+	if (typeof offset !== "number" || !Number.isInteger(offset) || offset < 0) throw new Error(`fields[${index}].offset must be a non-negative integer`);
+	if (typeof length !== "number" || !Number.isInteger(length) || length <= 0) throw new Error(`fields[${index}].length must be a positive integer`);
+	if (type !== "uint8" && type !== "uint16" && type !== "uint32" && type !== "int64" && type !== "float" && type !== "string" && type !== "bytes") throw new Error(`fields[${index}].type is invalid`);
+	return {
+		name,
+		offset,
+		length,
+		type,
+		...typeof description === "string" ? { description } : {}
+	};
 }
-function averagePrintableRatio(buffers) {
-	if (buffers.length === 0) return 0;
-	return buffers.reduce((accumulator, buffer) => accumulator + printableRatio(buffer), 0) / buffers.length;
+function parsePatternSpec(name, value) {
+	const rawFields = value.fields;
+	if (!Array.isArray(rawFields)) throw new Error("spec.fields must be an array");
+	const fieldDelimiter = typeof value.fieldDelimiter === "string" && value.fieldDelimiter.length > 0 ? value.fieldDelimiter : void 0;
+	const byteOrderValue = value.byteOrder;
+	const byteOrder = byteOrderValue === "le" || byteOrderValue === "be" ? byteOrderValue : void 0;
+	return {
+		name,
+		...fieldDelimiter ? { fieldDelimiter } : {},
+		...byteOrder ? { byteOrder } : {},
+		fields: rawFields.map((field, index) => parseFieldSpec(field, index))
+	};
 }
-function splitBuffer(buffer, delimiter) {
-	if (delimiter.length === 0) return [buffer];
-	const parts = [];
-	let start = 0;
-	let index = buffer.indexOf(delimiter, start);
-	while (index >= 0) {
-		parts.push(buffer.subarray(start, index));
-		start = index + delimiter.length;
-		index = buffer.indexOf(delimiter, start);
-	}
-	parts.push(buffer.subarray(start));
-	return parts;
+function parseEncryptionInfo(value) {
+	if (!isRecord$1(value)) return;
+	const type = value.type;
+	if (type !== "aes" && type !== "xor" && type !== "rc4" && type !== "custom") return;
+	const key = typeof value.key === "string" ? value.key : void 0;
+	const iv = typeof value.iv === "string" ? value.iv : void 0;
+	const notes = typeof value.notes === "string" ? value.notes : void 0;
+	return {
+		type,
+		...key ? { key } : {},
+		...iv ? { iv } : {},
+		...notes ? { notes } : {}
+	};
 }
-function bufferToDelimiterString(buffer) {
-	return printableRatio(buffer) === 1 ? buffer.toString("utf8") : buffer.toString("hex");
+function parseProtocolMessage(value, index) {
+	if (!isRecord$1(value)) throw new Error(`messages[${index}] must be an object`);
+	const direction = value.direction;
+	const timestamp = value.timestamp;
+	const fields = value.fields;
+	const raw = value.raw;
+	if (direction !== "req" && direction !== "res") throw new Error(`messages[${index}].direction must be "req" or "res"`);
+	if (typeof timestamp !== "number" || !Number.isFinite(timestamp)) throw new Error(`messages[${index}].timestamp must be a number`);
+	if (!isRecord$1(fields)) throw new Error(`messages[${index}].fields must be an object`);
+	if (typeof raw !== "string") throw new Error(`messages[${index}].raw must be a string`);
+	return {
+		direction,
+		timestamp,
+		fields,
+		raw
+	};
 }
-function parsePayloads(hexPayloads) {
-	const buffers = [];
-	for (const hexPayload of hexPayloads) {
-		const payload = parseHexPayload$1(hexPayload);
-		if (payload) buffers.push(payload);
-	}
-	return buffers;
+//#endregion
+//#region src/server/domains/protocol-analysis/handlers/shared/payload/core.ts
+const TEXT_ENCODINGS = ["utf8", "ascii"];
+const BINARY_ENCODINGS = [
+	"utf8",
+	"ascii",
+	"hex",
+	"base64"
+];
+const PAYLOAD_FIELD_TYPES = [
+	"u8",
+	"u16",
+	"u32",
+	"i8",
+	"i16",
+	"i32",
+	"string",
+	"bytes"
+];
+const MUTATION_STRATEGIES = [
+	"set_byte",
+	"flip_bit",
+	"overwrite_bytes",
+	"append_bytes",
+	"truncate",
+	"increment_integer"
+];
+function parseEndian(value, fallback = "big") {
+	return value === "little" ? "little" : fallback;
 }
-function decodeInteger(buffer, byteOrder) {
-	if (buffer.length === 0) return null;
-	if (buffer.length === 1) return buffer.readUInt8(0);
-	if (buffer.length === 2) return byteOrder === "le" ? buffer.readUInt16LE(0) : buffer.readUInt16BE(0);
-	if (buffer.length === 4) return byteOrder === "le" ? buffer.readUInt32LE(0) : buffer.readUInt32BE(0);
-	if (buffer.length === 8) {
-		const value = byteOrder === "le" ? Number(buffer.readBigUInt64LE(0)) : Number(buffer.readBigUInt64BE(0));
-		return Number.isFinite(value) ? value : null;
-	}
-	let value = 0;
-	const bytes = byteOrder === "le" ? [...buffer.values()].toReversed() : [...buffer.values()];
-	for (const byte of bytes) value = value * 256 + byte;
-	return Number.isFinite(value) ? value : null;
+function parseNonNegativeInteger(value, label) {
+	if (typeof value !== "number" || !Number.isInteger(value) || value < 0) throw new Error(`${label} must be a non-negative integer`);
+	return value;
 }
-function decodeFloat(buffer, byteOrder) {
-	if (buffer.length === 4) {
-		const value = byteOrder === "le" ? buffer.readFloatLE(0) : buffer.readFloatBE(0);
-		return Number.isFinite(value) ? value : null;
-	}
-	if (buffer.length === 8) {
-		const value = byteOrder === "le" ? buffer.readDoubleLE(0) : buffer.readDoubleBE(0);
-		return Number.isFinite(value) ? value : null;
-	}
-	return null;
+function parsePositiveInteger(value, label) {
+	if (typeof value !== "number" || !Number.isInteger(value) || value <= 0) throw new Error(`${label} must be a positive integer`);
+	return value;
 }
-function countOccurrences(buffer, delimiter) {
-	if (delimiter.length === 0) return 0;
-	let count = 0;
-	let start = 0;
-	let index = buffer.indexOf(delimiter, start);
-	while (index >= 0) {
-		count += 1;
-		start = index + delimiter.length;
-		index = buffer.indexOf(delimiter, start);
-	}
-	return count;
+function parseInteger(value, label) {
+	if (typeof value !== "number" || !Number.isInteger(value)) throw new Error(`${label} must be an integer`);
+	return value;
 }
-function inferFieldType(samples) {
-	if (samples.length === 0) return "bytes";
-	if (samples.every((sample) => sample.length === 1) && samples.every((sample) => sample[0] === 0 || sample[0] === 1)) return "bool";
-	if (averagePrintableRatio(samples) >= .7) return "string";
-	if (samples.every((sample) => sample.length === 4) && looksLikeFloatSamples(samples)) return "float";
-	if (samples.every((sample) => sample.length <= 4)) return "int";
-	return "bytes";
+function parseByte(value, label) {
+	const parsed = parseInteger(value, label);
+	if (parsed < 0 || parsed > 255) throw new Error(`${label} must be between 0 and 255`);
+	return parsed;
 }
-function looksLikeFloatSamples(samples) {
-	const decoded = [];
-	for (const sample of samples) {
-		const value = decodeFloat(sample, "be");
-		if (value === null) return false;
-		decoded.push(value);
-	}
-	return decoded.some((value) => Math.abs(value) > .001 && Math.abs(value) < 1e6);
+function parseOptionalLength(value, label) {
+	return value === void 0 ? void 0 : parsePositiveInteger(value, label);
 }
-function isPrintableColumn(buffers, offset) {
-	let valueCount = 0;
-	let printableCount = 0;
-	for (const buffer of buffers) {
-		const value = buffer[offset];
-		if (value === void 0) continue;
-		valueCount += 1;
-		if (isPrintableByte(value)) printableCount += 1;
-	}
-	return valueCount > 0 && printableCount / valueCount >= .8;
+function parseEncoding(value, allowed, fallback, label) {
+	if (value === void 0) return fallback;
+	if (typeof value !== "string" || !allowed.includes(value)) throw new Error(`${label} is invalid`);
+	return value;
 }
-function isBooleanColumn(buffers, offset) {
-	let valueCount = 0;
-	for (const buffer of buffers) {
-		const value = buffer[offset];
-		if (value === void 0) continue;
-		valueCount += 1;
-		if (value !== 0 && value !== 1) return false;
-	}
-	return valueCount > 0;
+function expectString(value, label) {
+	if (typeof value !== "string") throw new Error(`${label} must be a string`);
+	return value;
 }
-function buildDelimitedFields(buffers, delimiter) {
-	if (delimiter.length === 0) return [];
-	const tokenized = buffers.map((buffer) => splitBuffer(buffer, delimiter));
-	const firstRow = tokenized[0];
-	if (!firstRow || firstRow.length < 2) return [];
-	const tokenCount = firstRow.length;
-	if (!tokenized.every((parts) => parts.length === tokenCount)) return [];
-	const fields = [];
-	let currentOffset = 0;
-	for (let index = 0; index < tokenCount; index += 1) {
-		const template = firstRow[index];
-		if (!template) continue;
-		const samples = tokenized.map((parts) => parts[index]).filter((part) => Buffer.isBuffer(part));
-		fields.push({
-			name: `field_${index + 1}`,
-			offset: currentOffset,
-			length: template.length,
-			type: inferFieldType(samples)
-		});
-		currentOffset += template.length + delimiter.length;
-	}
-	return fields;
+function normalizeHexString(value, label) {
+	const normalized = value.replace(/^0x/i, "").replace(/\s+/g, "");
+	if (normalized.length === 0) return normalized;
+	if (normalized.length % 2 !== 0 || /[^0-9a-f]/i.test(normalized)) throw new Error(`${label} must be a valid even-length hex string`);
+	return normalized.toLowerCase();
 }
-function buildFixedWidthFields(buffers) {
-	const minLength = Math.min(...buffers.map((buffer) => buffer.length));
-	const fields = [];
-	let offset = 0;
-	while (offset < minLength && fields.length < 24) {
-		if (isPrintableColumn(buffers, offset)) {
-			let end = offset + 1;
-			while (end < minLength && isPrintableColumn(buffers, end)) end += 1;
-			fields.push({
-				name: `field_${fields.length + 1}`,
-				offset,
-				length: end - offset,
-				type: "string"
-			});
-			offset = end;
-			continue;
-		}
-		if (isBooleanColumn(buffers, offset)) {
-			fields.push({
-				name: `field_${fields.length + 1}`,
-				offset,
-				length: 1,
-				type: "bool"
-			});
-			offset += 1;
-			continue;
-		}
-		const remaining = minLength - offset;
-		if (remaining >= 4) {
-			if (looksLikeFloatSamples(buffers.map((buffer) => buffer.subarray(offset, offset + 4)))) {
-				fields.push({
-					name: `field_${fields.length + 1}`,
-					offset,
-					length: 4,
-					type: "float"
-				});
-				offset += 4;
-				continue;
-			}
-		}
-		const segmentLength = remaining >= 4 ? 4 : Math.min(remaining, 2);
-		const samples = buffers.map((buffer) => buffer.subarray(offset, offset + segmentLength));
-		fields.push({
-			name: `field_${fields.length + 1}`,
-			offset,
-			length: segmentLength,
-			type: inferFieldType(samples)
-		});
-		offset += segmentLength;
+function decodeBinaryValue(value, encoding, label) {
+	switch (encoding) {
+		case "utf8":
+		case "ascii": return Buffer.from(value, encoding);
+		case "hex": return Buffer.from(normalizeHexString(value, label), "hex");
+		case "base64": return Buffer.from(value, "base64");
 	}
-	return fields;
 }
-function inferDelimiter(buffers) {
-	for (const candidate of DELIMITER_CANDIDATES) {
-		const counts = buffers.map((buffer) => countOccurrences(buffer, candidate));
-		const firstCount = counts[0];
-		if (typeof firstCount === "number" && firstCount >= 2 && counts.every((count) => count === firstCount)) return bufferToDelimiterString(candidate);
-	}
+function getNumericRange(width, signed) {
+	const bits = width * 8;
+	if (signed) return {
+		min: -(2 ** (bits - 1)),
+		max: 2 ** (bits - 1) - 1
+	};
+	return {
+		min: 0,
+		max: 2 ** bits - 1
+	};
 }
-function inferByteOrder(buffers) {
-	const minLength = Math.min(...buffers.map((buffer) => buffer.length));
-	if (minLength < 2) return "be";
-	let leScore = 0;
-	let beScore = 0;
-	const limit = Math.min(minLength - 1, 8);
-	for (let offset = 0; offset < limit; offset += 2) {
-		let leSmallValues = 0;
-		let beSmallValues = 0;
-		for (const buffer of buffers) {
-			const little = buffer.readUInt16LE(offset);
-			const big = buffer.readUInt16BE(offset);
-			if (little < 4096) leSmallValues += 1;
-			if (big < 4096) beSmallValues += 1;
-		}
-		if (leSmallValues > beSmallValues) leScore += 1;
-		else if (beSmallValues > leSmallValues) beScore += 1;
+function getFieldNumericMetadata(type) {
+	switch (type) {
+		case "u8": return {
+			width: 1,
+			signed: false
+		};
+		case "u16": return {
+			width: 2,
+			signed: false
+		};
+		case "u32": return {
+			width: 4,
+			signed: false
+		};
+		case "i8": return {
+			width: 1,
+			signed: true
+		};
+		case "i16": return {
+			width: 2,
+			signed: true
+		};
+		case "i32": return {
+			width: 4,
+			signed: true
+		};
+		default: return null;
 	}
-	return leScore > beScore ? "le" : "be";
 }
-function labelMagicFields(fields, buffers) {
-	if (fields.length === 0 || buffers.length < 2) return fields;
-	const minLen = Math.min(...buffers.map((b) => b.length));
-	let commonPrefixLen = 0;
-	for (let offset = 0; offset < minLen; offset += 1) {
-		const byte = buffers[0][offset];
-		if (buffers.every((b) => b[offset] === byte)) commonPrefixLen = offset + 1;
-		else break;
+function writeIntegerToBuffer(buffer, value, width, signed, endian) {
+	if (signed) switch (width) {
+		case 1:
+			buffer.writeInt8(value, 0);
+			return;
+		case 2:
+			if (endian === "little") buffer.writeInt16LE(value, 0);
+			else buffer.writeInt16BE(value, 0);
+			return;
+		case 4:
+			if (endian === "little") buffer.writeInt32LE(value, 0);
+			else buffer.writeInt32BE(value, 0);
+			return;
+	}
+	switch (width) {
+		case 1:
+			buffer.writeUInt8(value, 0);
+			return;
+		case 2:
+			if (endian === "little") buffer.writeUInt16LE(value, 0);
+			else buffer.writeUInt16BE(value, 0);
+			return;
+		case 4:
+			if (endian === "little") buffer.writeUInt32LE(value, 0);
+			else buffer.writeUInt32BE(value, 0);
+			return;
 	}
-	if (commonPrefixLen === 0) return fields;
-	let magicLabelApplied = false;
-	return fields.map((field) => {
-		if (!magicLabelApplied && field.offset === 0 && commonPrefixLen >= 2) {
-			magicLabelApplied = true;
-			return {
-				...field,
-				name: "magic"
-			};
-		}
-		if (magicLabelApplied && field.type === "int" && field.length <= 2 && field.offset <= commonPrefixLen) return {
-			...field,
-			name: "version"
-		};
-		return field;
-	});
 }
-//#endregion
-//#region src/modules/protocol-analysis/ProtocolPatternEngine.ts
-var ProtocolPatternEngine = class {
-	patterns = /* @__PURE__ */ new Map();
-	legacyPatterns = /* @__PURE__ */ new Map();
-	definePattern(name, specOrFields, options) {
-		const legacyPattern = Array.isArray(specOrFields) ? this.createLegacyPattern(name, specOrFields, options) : this.createLegacyPatternFromSpec(name, specOrFields);
-		const spec = this.createSpecFromLegacyPattern(legacyPattern);
-		this.patterns.set(name, spec);
-		this.legacyPatterns.set(name, legacyPattern);
-		if (Array.isArray(specOrFields)) return legacyPattern;
+function readIntegerFromBuffer(buffer, offset, width, signed, endian) {
+	if (signed) switch (width) {
+		case 1: return buffer.readInt8(offset);
+		case 2: return endian === "little" ? buffer.readInt16LE(offset) : buffer.readInt16BE(offset);
+		case 4: return endian === "little" ? buffer.readInt32LE(offset) : buffer.readInt32BE(offset);
 	}
-	detectPattern(hexPayload) {
-		const payload = parseHexPayload$1(hexPayload);
-		if (!payload) return null;
-		let bestMatch = null;
-		for (const pattern of this.patterns.values()) {
-			const totalChecks = pattern.fields.length + (pattern.fieldDelimiter ? 1 : 0);
-			if (totalChecks === 0) continue;
-			let matches = 0;
-			if (pattern.fieldDelimiter && this.payloadContainsDelimiter(payload, pattern.fieldDelimiter)) matches += 1;
-			for (const field of pattern.fields) if (this.matchesField(payload, field, pattern.byteOrder ?? "be")) matches += 1;
-			const confidence = Number((matches / totalChecks).toFixed(2));
-			if (confidence <= 0) continue;
-			const candidate = {
-				pattern,
-				confidence,
-				matches,
-				total: totalChecks
-			};
-			if (!bestMatch || candidate.confidence > bestMatch.confidence || candidate.confidence === bestMatch.confidence && candidate.matches > bestMatch.matches) bestMatch = candidate;
-		}
-		return bestMatch;
+	switch (width) {
+		case 1: return buffer.readUInt8(offset);
+		case 2: return endian === "little" ? buffer.readUInt16LE(offset) : buffer.readUInt16BE(offset);
+		case 4: return endian === "little" ? buffer.readUInt32LE(offset) : buffer.readUInt32BE(offset);
 	}
-	autoDetect(hexPayloads) {
-		const buffers = parsePayloads(hexPayloads);
-		if (buffers.length === 0) return null;
-		const delimiter = inferDelimiter(buffers);
-		const fields = this.inferFields(hexPayloads);
+}
+function applyFixedLength(encoded, length, padByte) {
+	if (length === void 0 || encoded.length === length) return encoded;
+	if (encoded.length > length) return encoded.subarray(0, length);
+	return Buffer.concat([encoded, Buffer.alloc(length - encoded.length, padByte)]);
+}
+//#endregion
+//#region src/server/domains/protocol-analysis/handlers/shared/payload/template.ts
+function parsePayloadTemplateField(value, index) {
+	if (!isRecord$1(value)) throw new Error(`fields[${index}] must be an object`);
+	const name = value.name;
+	const type = value.type;
+	const rawValue = value.value;
+	if (typeof name !== "string" || name.trim().length === 0) throw new Error(`fields[${index}].name must be a non-empty string`);
+	if (typeof type !== "string" || !PAYLOAD_FIELD_TYPES.includes(type)) throw new Error(`fields[${index}].type is invalid`);
+	const fieldType = type;
+	const numericMetadata = getFieldNumericMetadata(fieldType);
+	if (numericMetadata) {
+		const numericValue = parseInteger(rawValue, `fields[${index}].value`);
+		const range = getNumericRange(numericMetadata.width, numericMetadata.signed);
+		if (numericValue < range.min || numericValue > range.max) throw new Error(`fields[${index}].value is out of range for ${type} (${range.min}..${range.max})`);
+		if (value.length !== void 0 || value.padByte !== void 0 || value.encoding !== void 0) throw new Error(`fields[${index}] does not support length, padByte, or encoding`);
 		return {
-			name: "auto-detected-pattern",
-			fieldDelimiter: delimiter,
-			byteOrder: inferByteOrder(buffers),
-			fields
-		};
-	}
-	inferFields(hexPayloads) {
-		const buffers = parsePayloads(hexPayloads);
-		if (buffers.length === 0) return [];
-		const delimiter = inferDelimiter(buffers);
-		if (delimiter) {
-			const fields = buildDelimitedFields(buffers, this.parseDelimiter(delimiter));
-			if (fields.length > 0) return labelMagicFields(fields, buffers);
-		}
-		return labelMagicFields(buildFixedWidthFields(buffers), buffers);
-	}
-	autoDetectPattern(payloads, options) {
-		const hexPayloads = payloads.map((payload) => payload.toString("hex"));
-		const detected = this.autoDetect(hexPayloads);
-		const name = options?.name ?? detected?.name ?? "auto_detected";
-		if (!detected) {
-			const emptyPattern = this.createLegacyPattern(name, []);
-			this.patterns.set(name, this.createSpecFromLegacyPattern(emptyPattern));
-			this.legacyPatterns.set(name, emptyPattern);
-			return emptyPattern;
-		}
-		const namedPattern = {
-			...detected,
-			name
+			name,
+			type: fieldType,
+			value: numericValue
 		};
-		this.definePattern(name, namedPattern);
-		return this.getPattern(name) ?? this.createLegacyPatternFromSpec(name, namedPattern);
-	}
-	getPattern(name) {
-		return this.legacyPatterns.get(name);
 	}
-	listPatterns() {
-		return [...this.patterns.keys()];
-	}
-	exportProto(pattern) {
-		const legacyPattern = this.isLegacyPattern(pattern) ? pattern : this.createLegacyPatternFromSpec(pattern.name, pattern);
-		const lines = [
-			`// Protocol: ${legacyPattern.name}`,
-			`// Byte order: ${legacyPattern.byteOrder}`,
-			""
-		];
-		if (legacyPattern.encryption) {
-			lines.push(`// Encryption: ${legacyPattern.encryption.type}`);
-			if (legacyPattern.encryption.notes) lines.push(`// Notes: ${legacyPattern.encryption.notes}`);
-			lines.push("");
-		}
-		lines.push(`message ${this.toPascalCase(legacyPattern.name)} {`);
-		for (let index = 0; index < legacyPattern.fields.length; index += 1) {
-			const field = legacyPattern.fields[index];
-			if (!field) continue;
-			const comment = field.description ? ` // ${field.description}` : "";
-			lines.push(`  ${this.toProtoType(field.type)} ${field.name} = ${index + 1};${comment}`);
+	const stringValue = expectString(rawValue, `fields[${index}].value`);
+	const length = parseOptionalLength(value.length, `fields[${index}].length`);
+	const padByte = value.padByte === void 0 ? 0 : parseByte(value.padByte, `fields[${index}].padByte`);
+	if (type === "string") return {
+		name,
+		type: "string",
+		value: stringValue,
+		encoding: parseEncoding(value.encoding, TEXT_ENCODINGS, "utf8", `fields[${index}].encoding`),
+		...length !== void 0 ? { length } : {},
+		padByte
+	};
+	return {
+		name,
+		type: "bytes",
+		value: stringValue,
+		encoding: parseEncoding(value.encoding, BINARY_ENCODINGS, "hex", `fields[${index}].encoding`),
+		...length !== void 0 ? { length } : {},
+		padByte
+	};
+}
+function encodePayloadTemplateField(field, endian) {
+	switch (field.type) {
+		case "u8":
+		case "u16":
+		case "u32":
+		case "i8":
+		case "i16":
+		case "i32": {
+			const numericMetadata = getFieldNumericMetadata(field.type);
+			if (!numericMetadata) throw new Error(`Unsupported numeric field type: ${field.type}`);
+			const buffer = Buffer.alloc(numericMetadata.width);
+			writeIntegerToBuffer(buffer, field.value, numericMetadata.width, numericMetadata.signed, endian);
+			return buffer;
 		}
-		lines.push("}");
-		lines.push("");
-		return lines.join("\n");
-	}
-	payloadContainsDelimiter(payload, delimiter) {
-		const delimiterBuffer = this.parseDelimiter(delimiter);
-		if (delimiterBuffer.length === 0) return false;
-		return payload.includes(delimiterBuffer);
+		case "string": return applyFixedLength(Buffer.from(field.value, field.encoding), field.length, field.padByte);
+		case "bytes": return applyFixedLength(decodeBinaryValue(field.value, field.encoding, `field ${field.name}`), field.length, field.padByte);
 	}
-	matchesField(payload, field, byteOrder) {
-		if (field.offset < 0 || field.length <= 0 || payload.length < field.offset + field.length) return false;
-		const slice = payload.subarray(field.offset, field.offset + field.length);
-		switch (field.type) {
-			case "bytes": return slice.length === field.length;
-			case "bool": return slice.length === 1 && (slice[0] === 0 || slice[0] === 1);
-			case "string": return printableRatio(slice) >= .6;
-			case "int": return decodeInteger(slice, byteOrder) !== null;
-			case "float": return decodeFloat(slice, byteOrder) !== null;
-			default: return false;
-		}
+}
+function buildPayloadFromTemplate(fields, endian) {
+	const buffers = [];
+	const segments = [];
+	let offset = 0;
+	for (const field of fields) {
+		const encoded = encodePayloadTemplateField(field, endian);
+		buffers.push(encoded);
+		segments.push({
+			name: field.name,
+			offset,
+			length: encoded.length,
+			hex: encoded.toString("hex")
+		});
+		offset += encoded.length;
 	}
-	createLegacyPattern(name, fields, options) {
-		return {
-			name,
-			fields: fields.map((field) => ({
-				name: field.name,
-				offset: field.offset,
-				length: field.length,
-				type: field.type,
-				...field.description ? { description: field.description } : {}
-			})).toSorted((left, right) => left.offset - right.offset),
-			byteOrder: options?.byteOrder ?? "big",
-			...options?.encryption ? { encryption: options.encryption } : {}
+	return {
+		payload: Buffer.concat(buffers),
+		segments
+	};
+}
+//#endregion
+//#region src/server/domains/protocol-analysis/handlers/shared/payload/mutation.ts
+function parsePayloadMutation(value, index) {
+	if (!isRecord$1(value)) throw new Error(`mutations[${index}] must be an object`);
+	const strategy = value.strategy;
+	if (typeof strategy !== "string" || !MUTATION_STRATEGIES.includes(strategy)) throw new Error(`mutations[${index}].strategy is invalid`);
+	switch (strategy) {
+		case "set_byte": return {
+			strategy: "set_byte",
+			offset: parseNonNegativeInteger(value.offset, `mutations[${index}].offset`),
+			value: parseByte(value.value, `mutations[${index}].value`)
 		};
-	}
-	createLegacyPatternFromSpec(name, spec) {
-		return {
-			name,
-			fieldDelimiter: spec.fieldDelimiter,
-			byteOrder: spec.byteOrder === "le" ? "little" : "big",
-			fields: spec.fields.map((field) => ({
-				name: field.name,
-				offset: field.offset,
-				length: field.length,
-				type: this.toLegacyFieldType(field),
-				...field.description ? { description: field.description } : {}
-			}))
+		case "flip_bit": return {
+			strategy: "flip_bit",
+			offset: parseNonNegativeInteger(value.offset, `mutations[${index}].offset`),
+			bit: (() => {
+				const bit = parseInteger(value.bit, `mutations[${index}].bit`);
+				if (bit < 0 || bit > 7) throw new Error(`mutations[${index}].bit must be between 0 and 7`);
+				return bit;
+			})()
 		};
-	}
-	createSpecFromLegacyPattern(pattern) {
-		return {
-			name: pattern.name,
-			fieldDelimiter: pattern.fieldDelimiter,
-			byteOrder: pattern.byteOrder === "little" ? "le" : "be",
-			fields: pattern.fields.map((field) => ({
-				name: field.name,
-				offset: field.offset,
-				length: field.length,
-				type: this.toSpecFieldType(field.type),
-				...field.description ? { description: field.description } : {}
-			}))
+		case "overwrite_bytes": return {
+			strategy: "overwrite_bytes",
+			offset: parseNonNegativeInteger(value.offset, `mutations[${index}].offset`),
+			data: decodeBinaryValue(expectString(value.data, `mutations[${index}].data`), parseEncoding(value.encoding, BINARY_ENCODINGS, "hex", `mutations[${index}].encoding`), `mutations[${index}].data`)
 		};
-	}
-	isLegacyPattern(pattern) {
-		return pattern.byteOrder === "big" || pattern.byteOrder === "little";
-	}
-	toLegacyFieldType(field) {
-		if (field.type === "float") return "float";
-		if (field.type === "string") return "string";
-		if (field.type === "bytes") return "bytes";
-		if (field.length === 1) return "uint8";
-		if (field.length === 2) return "uint16";
-		if (field.length === 4) return "uint32";
-		return "int64";
-	}
-	toSpecFieldType(fieldType) {
-		if (fieldType === "float") return "float";
-		if (fieldType === "string") return "string";
-		if (fieldType === "bytes") return "bytes";
-		return "int";
-	}
-	parseDelimiter(delimiter) {
-		if (isHexPayload(delimiter)) {
-			const parsed = parseHexPayload$1(delimiter);
-			if (parsed) return parsed;
+		case "append_bytes": return {
+			strategy: "append_bytes",
+			data: decodeBinaryValue(expectString(value.data, `mutations[${index}].data`), parseEncoding(value.encoding, BINARY_ENCODINGS, "hex", `mutations[${index}].encoding`), `mutations[${index}].data`)
+		};
+		case "truncate": return {
+			strategy: "truncate",
+			length: parseNonNegativeInteger(value.length, `mutations[${index}].length`)
+		};
+		case "increment_integer": {
+			const width = value.width;
+			if (width !== 1 && width !== 2 && width !== 4) throw new Error(`mutations[${index}].width must be 1, 2, or 4`);
+			return {
+				strategy: "increment_integer",
+				offset: parseNonNegativeInteger(value.offset, `mutations[${index}].offset`),
+				width,
+				delta: parseInteger(value.delta, `mutations[${index}].delta`),
+				endian: parseEndian(value.endian),
+				signed: value.signed === true
+			};
 		}
-		return Buffer.from(delimiter, "utf8");
-	}
-	toProtoType(type) {
-		return {
-			uint8: "uint32",
-			uint16: "uint32",
-			uint32: "uint32",
-			int64: "int64",
-			float: "float",
-			string: "string",
-			bytes: "bytes"
-		}[type];
-	}
-	toPascalCase(name) {
-		return name.replace(/[^a-zA-Z0-9_]/g, "_").split("_").filter(Boolean).map((part) => part.charAt(0).toUpperCase() + part.slice(1)).join("") || "Message";
 	}
-};
-//#endregion
-//#region src/modules/protocol-analysis/StateMachineInferrer.ts
-function isRecord$1(value) {
-	return value !== null && typeof value === "object" && !Array.isArray(value);
-}
-function normalizeText(value) {
-	return value.trim().toLowerCase();
 }
-function calculateEntropy(buffer) {
-	if (buffer.length === 0) return 0;
-	const frequency = /* @__PURE__ */ new Map();
-	for (const byte of buffer) frequency.set(byte, (frequency.get(byte) ?? 0) + 1);
-	let entropy = 0;
-	for (const count of frequency.values()) {
-		const p = count / buffer.length;
-		if (p > 0) entropy -= p * Math.log2(p);
-	}
-	return entropy;
-}
-function printableRatioOf(value) {
-	if (value.length === 0) return 0;
-	let count = 0;
-	for (let i = 0; i < value.length; i += 1) {
-		const code = value.charCodeAt(i);
-		if (code >= 32 && code <= 126) count += 1;
-	}
-	return count / value.length;
-}
-var StateMachineInferrer = class {
-	infer(messages) {
-		if (messages.length === 0) return {
-			states: [],
-			transitions: [],
-			initial: "",
-			initialState: "",
-			finalStates: []
-		};
-		const statesBySignature = /* @__PURE__ */ new Map();
-		const transitionsByKey = /* @__PURE__ */ new Map();
-		let previousStateId = "";
-		for (let index = 0; index < messages.length; index += 1) {
-			const message = messages[index];
-			if (!message) continue;
-			const signature = this.buildSignature(message);
-			let state = statesBySignature.get(signature);
-			if (!state) {
-				state = {
-					id: `state_${statesBySignature.size + 1}`,
-					name: this.buildStateName(message, statesBySignature.size + 1),
-					type: this.inferStateType(message, index === messages.length - 1)
-				};
-				statesBySignature.set(signature, state);
-			} else state.type = this.mergeStateTypes(state.type, this.inferStateType(message, index === messages.length - 1));
-			if (previousStateId && message.timestamp !== void 0) {
-				const firstMessage = messages[0];
-				if (firstMessage && firstMessage.timestamp !== void 0) state.timeout = message.timestamp - firstMessage.timestamp;
+function applyPayloadMutation(payload, mutation, index) {
+	const working = Buffer.from(payload);
+	switch (mutation.strategy) {
+		case "set_byte":
+			if (mutation.offset >= working.length) throw new Error(`mutations[${index}] offset is outside the payload`);
+			working[mutation.offset] = mutation.value;
+			return {
+				payload: working,
+				summary: {
+					index,
+					strategy: mutation.strategy,
+					detail: `set payload[${mutation.offset}] to ${mutation.value}`
+				}
+			};
+		case "flip_bit":
+			if (mutation.offset >= working.length) throw new Error(`mutations[${index}] offset is outside the payload`);
+			{
+				const currentByte = working[mutation.offset];
+				working[mutation.offset] = currentByte ^ 1 << mutation.bit;
 			}
-			if (previousStateId) {
-				const event = this.buildEventName(message);
-				const condition = this.buildCondition(message.fields);
-				const action = this.buildAction(message);
-				const transitionKey = `${previousStateId}:${state.id}:${event}`;
-				if (!transitionsByKey.has(transitionKey)) transitionsByKey.set(transitionKey, {
-					from: previousStateId,
-					to: state.id,
-					event,
-					confidence: this.computeTransitionConfidence(message),
-					...condition ? { condition } : {},
-					...action ? { action } : {}
-				});
+			return {
+				payload: working,
+				summary: {
+					index,
+					strategy: mutation.strategy,
+					detail: `flipped bit ${mutation.bit} at offset ${mutation.offset}`
+				}
+			};
+		case "overwrite_bytes":
+			if (mutation.offset + mutation.data.length > working.length) throw new Error(`mutations[${index}] overwrite exceeds payload length`);
+			mutation.data.copy(working, mutation.offset);
+			return {
+				payload: working,
+				summary: {
+					index,
+					strategy: mutation.strategy,
+					detail: `overwrote ${mutation.data.length} bytes at offset ${mutation.offset}`
+				}
+			};
+		case "append_bytes": return {
+			payload: Buffer.concat([working, mutation.data]),
+			summary: {
+				index,
+				strategy: mutation.strategy,
+				detail: `appended ${mutation.data.length} bytes`
 			}
-			previousStateId = state.id;
-		}
-		const firstMessage = messages[0];
-		const initial = firstMessage ? statesBySignature.get(this.buildSignature(firstMessage))?.id ?? "" : "";
-		return {
-			states: [...statesBySignature.values()],
-			transitions: [...transitionsByKey.values()],
-			initial,
-			initialState: initial,
-			finalStates: this.collectTerminalStates([...statesBySignature.values()])
 		};
-	}
-	visualize(machine) {
-		if (machine.states.length === 0) return [
-			"```mermaid",
-			"stateDiagram-v2",
-			"  [*] --> empty",
-			"```"
-		].join("\n");
-		const lines = ["```mermaid", "stateDiagram-v2"];
-		const initial = machine.initialState ?? machine.initial;
-		if (initial) lines.push(`  [*] --> ${initial}`);
-		for (const state of machine.states) {
-			const stateType = state.type ?? "normal";
-			const label = stateType === "normal" ? state.name : `${state.name} (${stateType})`;
-			lines.push(`  state "${label}" as ${state.id}`);
-		}
-		for (const transition of machine.transitions) {
-			const parts = [transition.event ?? transition.trigger ?? "transition"];
-			if (typeof transition.confidence === "number") parts.push(`(${transition.confidence.toFixed(2)})`);
-			if (transition.condition) parts.push(`[${transition.condition}]`);
-			if (transition.action) parts.push(`/ ${transition.action}`);
-			lines.push(`  ${transition.from} --> ${transition.to} : ${parts.join(" ")}`);
-		}
-		const finalStateSet = new Set(machine.finalStates ?? []);
-		for (const state of machine.states) {
-			const stateType = state.type ?? "normal";
-			if (stateType === "accept" || stateType === "reject" || finalStateSet.has(state.id)) lines.push(`  ${state.id} --> [*]`);
+		case "truncate":
+			if (mutation.length > working.length) throw new Error(`mutations[${index}] length exceeds payload size`);
+			return {
+				payload: working.subarray(0, mutation.length),
+				summary: {
+					index,
+					strategy: mutation.strategy,
+					detail: `truncated payload to ${mutation.length} bytes`
+				}
+			};
+		case "increment_integer": {
+			if (mutation.offset + mutation.width > working.length) throw new Error(`mutations[${index}] integer range exceeds payload length`);
+			const next = readIntegerFromBuffer(working, mutation.offset, mutation.width, mutation.signed, mutation.endian) + mutation.delta;
+			const range = getNumericRange(mutation.width, mutation.signed);
+			if (next < range.min || next > range.max) throw new Error(`mutations[${index}] integer overflow (${range.min}..${range.max})`);
+			writeIntegerToBuffer(working.subarray(mutation.offset, mutation.offset + mutation.width), next, mutation.width, mutation.signed, mutation.endian);
+			return {
+				payload: working,
+				summary: {
+					index,
+					strategy: mutation.strategy,
+					detail: `incremented ${mutation.signed ? "signed" : "unsigned"} ${mutation.width}-byte integer at offset ${mutation.offset} by ${mutation.delta}`
+				}
+			};
 		}
-		lines.push("```");
-		return lines.join("\n");
 	}
-	inferStateMachine(messages) {
-		const normalizedMessages = messages.map((message) => ({
-			direction: message.direction === "out" ? "req" : "res",
-			timestamp: message.timestamp ?? 0,
-			fields: {},
-			raw: message.payload.length > 0 ? message.payload.toString("utf8") : message.payload.toString("hex"),
-			_rawBuffer: message.payload
-		}));
-		return this.infer(normalizedMessages);
+}
+//#endregion
+//#region src/server/domains/protocol-analysis/handlers/shared/network-packet/types.ts
+const ETHER_TYPE_MAP = Object.freeze({
+	arp: 2054,
+	ipv4: 2048,
+	ipv6: 34525,
+	vlan: 33024
+});
+const IP_PROTOCOL_MAP = Object.freeze({
+	icmp: 1,
+	igmp: 2,
+	tcp: 6,
+	udp: 17,
+	gre: 47,
+	esp: 50,
+	ah: 51,
+	icmpv6: 58,
+	ospf: 89
+});
+const PCAP_LINK_TYPE_MAP = Object.freeze({
+	loopback: 0,
+	ethernet: 1,
+	raw: 101
+});
+//#endregion
+//#region src/server/domains/protocol-analysis/handlers/shared/network-packet/addressing.ts
+function parseNamedOrNumericValue(value, label, map, max) {
+	if (typeof value === "number") {
+		if (!Number.isInteger(value) || value < 0 || value > max) throw new Error(`${label} must be an integer between 0 and ${max}`);
+		return value;
 	}
-	generateMermaid(machine) {
-		return this.visualize(machine);
+	if (typeof value !== "string" || value.trim().length === 0) throw new Error(`${label} must be a non-empty string or integer`);
+	const normalized = value.trim().toLowerCase();
+	const mapped = map[normalized];
+	if (mapped !== void 0) return mapped;
+	if (/^\d+$/.test(normalized)) {
+		const parsed = Number.parseInt(normalized, 10);
+		if (parsed > max) throw new Error(`${label} must be less than or equal to ${max}`);
+		return parsed;
 	}
-	simplify(machine) {
-		if (machine.states.length < 2) return {
-			...machine,
-			initialState: machine.initialState ?? machine.initial,
-			finalStates: machine.finalStates ?? this.collectTerminalStates(machine.states)
-		};
-		const stateToGroup = /* @__PURE__ */ new Map();
-		const groupRepresentative = /* @__PURE__ */ new Map();
-		for (const state of machine.states) {
-			const prefix = this.getPayloadPrefix(state);
-			if (!prefix) continue;
-			const existingGroup = [...groupRepresentative.entries()].find(([key]) => key === prefix);
-			if (existingGroup) stateToGroup.set(state.id, existingGroup[0]);
-			else {
-				groupRepresentative.set(prefix, state.id);
-				stateToGroup.set(state.id, prefix);
-			}
+	const hex = normalizeHexString(normalized, label);
+	const parsed = Number.parseInt(hex, 16);
+	if (parsed > max) throw new Error(`${label} must be less than or equal to ${max}`);
+	return parsed;
+}
+function parseMacAddress(value, label) {
+	if (typeof value !== "string" || value.trim().length === 0) throw new Error(`${label} must be a non-empty MAC address string`);
+	const normalized = value.trim().toLowerCase().replace(/^0x/, "").replace(/[:\-.\s]/g, "");
+	if (!/^[0-9a-f]{12}$/i.test(normalized)) throw new Error(`${label} must be a valid 6-byte MAC address`);
+	const canonical = normalized.match(/.{2}/g)?.join(":");
+	if (!canonical) throw new Error(`${label} must be a valid 6-byte MAC address`);
+	return {
+		canonical,
+		bytes: Buffer.from(normalized, "hex")
+	};
+}
+function parseIpv4Address(value, label) {
+	if (typeof value !== "string" || isIP(value.trim()) !== 4) throw new Error(`${label} must be a valid IPv4 address`);
+	const octets = value.trim().split(".").map((part) => Number.parseInt(part, 10));
+	return Buffer.from(octets);
+}
+function parseIpv6Groups(value, label) {
+	if (value.length === 0) return [];
+	return value.split(":").flatMap((part) => {
+		if (part.length === 0) return [];
+		if (part.includes(".")) {
+			const ipv4 = parseIpv4Address(part, label);
+			return [ipv4.readUInt16BE(0).toString(16), ipv4.readUInt16BE(2).toString(16)];
 		}
-		const mergeMap = /* @__PURE__ */ new Map();
-		const groupIdToPrimary = /* @__PURE__ */ new Map();
-		for (const [prefix, primaryId] of groupRepresentative) groupIdToPrimary.set(prefix, primaryId);
-		for (const state of machine.states) {
-			const prefix = this.getPayloadPrefix(state);
-			if (!prefix) continue;
-			const primary = groupIdToPrimary.get(prefix);
-			if (primary && primary !== state.id) mergeMap.set(state.id, primary);
-		}
-		if (mergeMap.size === 0) return {
-			...machine,
-			initialState: machine.initialState ?? machine.initial,
-			finalStates: machine.finalStates ?? this.collectTerminalStates(machine.states)
-		};
-		const newStates = machine.states.filter((state) => !mergeMap.has(state.id));
-		const newTransitions = machine.transitions.map((t) => ({
-			...t,
-			from: mergeMap.get(t.from) ?? t.from,
-			to: mergeMap.get(t.to) ?? t.to
-		})).filter((t) => t.from !== t.to);
-		const rawInitialState = machine.initialState ?? machine.initial ?? "";
-		const initialState = mergeMap.get(rawInitialState) ?? rawInitialState;
-		return {
-			states: newStates,
-			transitions: newTransitions,
-			initial: initialState,
-			initialState,
-			finalStates: machine.finalStates.map((fs) => mergeMap.get(fs) ?? fs).filter((fs, index, arr) => arr.indexOf(fs) === index)
-		};
-	}
-	getPayloadPrefix(state) {
-		const payload = state.expectedPayload;
-		if (!payload || payload.length < 8) return null;
-		return payload.slice(0, 8).toLowerCase();
-	}
-	buildSignature(message) {
-		const fieldKeys = Object.keys(message.fields).toSorted().join(",");
-		const rawPrefix = normalizeText(message._rawBuffer ? message._rawBuffer.toString("hex") : message.raw).slice(0, 24);
-		return `${message.direction}|${fieldKeys}|${rawPrefix}`;
-	}
-	buildStateName(message, position) {
-		const directionName = message.direction === "req" ? "send" : "recv";
-		const primaryField = this.findPrimaryFieldName(message.fields);
-		const raw = message.raw;
-		if (raw.length === 0) return `${directionName}_empty`;
-		const buf = message._rawBuffer;
-		const hexContent = Buffer.isBuffer(buf) ? buf.toString("hex") : raw;
-		if (hexContent.startsWith("16") || hexContent.startsWith("15") || hexContent.startsWith("17")) return `${directionName}_tls_handshake`;
-		const trimmed = raw.trimStart();
-		if (trimmed.startsWith("{") || trimmed.startsWith("[")) return `${directionName}_json_${primaryField || `step_${position}`}`;
-		if (printableRatioOf(raw) >= .7) {
-			const lower = normalizeText(raw);
-			if (lower.includes("close") || lower.includes("fin") || lower.includes("bye")) return `${directionName}_close`;
-			if (lower.startsWith("get ") || lower.startsWith("post ") || lower.startsWith("http")) return `${directionName}_text_http`;
-			return `${directionName}_text_${primaryField || `step_${position}`}`;
-		}
-		if (Buffer.isBuffer(buf) && buf.length >= 32) {
-			if (calculateEntropy(buf) > 6) return `${directionName}_encrypted`;
-		}
-		if (Buffer.isBuffer(buf) && buf.length <= 4) return `${directionName}_control`;
-		return `${directionName}_${primaryField || `step_${position}`}`;
-	}
-	findPrimaryFieldName(fields) {
-		const firstKey = Object.keys(fields).toSorted()[0];
-		return firstKey ? firstKey : "";
-	}
-	inferStateType(message, isLastMessage) {
-		const text = normalizeText(message.raw);
-		const statusValue = this.findStatusValue(message.fields);
-		if (this.containsRejectSignal(text) || this.containsRejectSignal(statusValue)) return "reject";
-		if (this.containsAcceptSignal(text) || this.containsAcceptSignal(statusValue) || isLastMessage && message.direction === "res") return "accept";
-		return "normal";
-	}
-	mergeStateTypes(current, next) {
-		if (current === "reject" || next === "reject") return "reject";
-		if (current === "accept" || next === "accept") return "accept";
-		return "normal";
-	}
-	findStatusValue(fields) {
-		for (const key of [
-			"status",
-			"result",
-			"code",
-			"reason",
-			"message"
-		]) {
-			const value = fields[key];
-			if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") return String(value);
-		}
-		return "";
-	}
-	containsRejectSignal(value) {
-		return [
-			"error",
-			"fail",
-			"denied",
-			"reject",
-			"timeout",
-			"invalid"
-		].some((token) => normalizeText(value).includes(token));
-	}
-	containsAcceptSignal(value) {
-		return [
-			"ok",
-			"success",
-			"accept",
-			"ready",
-			"done",
-			"complete"
-		].some((token) => normalizeText(value).includes(token));
-	}
-	buildEventName(message) {
-		const statusValue = this.findStatusValue(message.fields);
-		if (statusValue) return `${message.direction}_${normalizeText(statusValue).replace(/[^a-z0-9]+/g, "_")}`;
-		const primaryField = this.findPrimaryFieldName(message.fields);
-		if (primaryField) return `${message.direction}_${primaryField}`;
-		return `${message.direction}_message`;
-	}
-	buildCondition(fields) {
-		const statusValue = this.findStatusValue(fields);
-		if (statusValue) return `status=${statusValue}`;
-		const keys = Object.keys(fields).toSorted().slice(0, 2);
-		if (keys.length === 0) return;
-		const fragments = [];
-		for (const key of keys) {
-			const value = fields[key];
-			if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") fragments.push(`${key}=${value}`);
-		}
-		return fragments.length > 0 ? fragments.join(", ") : void 0;
-	}
-	buildAction(message) {
-		const statusValue = this.findStatusValue(message.fields);
-		if (this.containsRejectSignal(statusValue) || this.containsRejectSignal(message.raw)) return "reject";
-		if (this.containsAcceptSignal(statusValue) || this.containsAcceptSignal(message.raw)) return "complete";
-		const rawText = normalizeText(message.raw);
-		if (rawText.includes("ack")) return "acknowledge";
-		if (rawText.includes("retry")) return "retry";
-		if (Object.keys(message.fields).length > 0 && isRecord$1(message.fields)) return message.direction === "req" ? "send" : "receive";
-	}
-	collectTerminalStates(states) {
-		const terminalIds = states.filter((state) => {
-			const stateType = state.type ?? "normal";
-			return stateType === "accept" || stateType === "reject";
-		}).map((state) => state.id);
-		for (const state of states) {
-			const lower = normalizeText(state.name);
-			if (lower.includes("close") || lower.includes("fin") || lower.includes("bye")) {
-				if (!terminalIds.includes(state.id)) terminalIds.push(state.id);
-			}
-		}
-		return terminalIds;
-	}
-	computeTransitionConfidence(message) {
-		let confidence = .3;
-		if (Object.keys(message.fields).length > 0) confidence += .3;
-		if (this.findStatusValue(message.fields)) confidence += .2;
-		if (message.raw.length > 0) confidence += .2;
-		return Math.min(confidence, 1);
-	}
-};
-//#endregion
-//#region src/server/domains/protocol-analysis/handlers/shared.ts
-function isRecord(value) {
-	return value !== null && typeof value === "object" && !Array.isArray(value);
+		if (!/^[0-9a-f]{1,4}$/i.test(part)) throw new Error(`${label} contains an invalid IPv6 group`);
+		return [part];
+	});
 }
-function parseFieldSpec(value, index) {
-	if (!isRecord(value)) throw new Error(`fields[${index}] must be an object`);
-	const name = value.name;
-	const offset = value.offset;
-	const length = value.length;
-	const type = value.type;
-	if (typeof name !== "string" || name.trim().length === 0) throw new Error(`fields[${index}].name must be a non-empty string`);
-	if (typeof offset !== "number" || !Number.isInteger(offset) || offset < 0) throw new Error(`fields[${index}].offset must be a non-negative integer`);
-	if (typeof length !== "number" || !Number.isInteger(length) || length <= 0) throw new Error(`fields[${index}].length must be a positive integer`);
-	if (type !== "int" && type !== "string" && type !== "bytes" && type !== "bool" && type !== "float") throw new Error(`fields[${index}].type is invalid`);
-	return {
-		name,
-		offset,
-		length,
-		type
-	};
+function parseIpv6Address(value, label) {
+	if (typeof value !== "string") throw new Error(`${label} must be a valid IPv6 address`);
+	const normalized = value.trim().toLowerCase().split("%")[0] ?? "";
+	if (isIP(normalized) !== 6) throw new Error(`${label} must be a valid IPv6 address`);
+	const segments = normalized.split("::");
+	if (segments.length > 2) throw new Error(`${label} must be a valid IPv6 address`);
+	const head = parseIpv6Groups(segments[0] ?? "", label);
+	const tail = parseIpv6Groups(segments[1] ?? "", label);
+	const groups = segments.length === 2 ? [
+		...head,
+		...Array.from({ length: 8 - head.length - tail.length }, () => "0"),
+		...tail
+	] : head;
+	if (groups.length !== 8) throw new Error(`${label} must expand to exactly 8 IPv6 groups`);
+	const output = Buffer.alloc(16);
+	for (const [index, group] of groups.entries()) output.writeUInt16BE(Number.parseInt(group, 16), index * 2);
+	return output;
 }
-function parseLegacyField(value, index) {
-	if (!isRecord(value)) throw new Error(`fields[${index}] must be an object`);
-	const name = value.name;
-	const offset = value.offset;
-	const length = value.length;
-	const type = value.type;
-	const description = value.description;
-	if (typeof name !== "string" || name.trim().length === 0) throw new Error(`fields[${index}].name must be a non-empty string`);
-	if (typeof offset !== "number" || !Number.isInteger(offset) || offset < 0) throw new Error(`fields[${index}].offset must be a non-negative integer`);
-	if (typeof length !== "number" || !Number.isInteger(length) || length <= 0) throw new Error(`fields[${index}].length must be a positive integer`);
-	if (type !== "uint8" && type !== "uint16" && type !== "uint32" && type !== "int64" && type !== "float" && type !== "string" && type !== "bytes") throw new Error(`fields[${index}].type is invalid`);
-	return {
-		name,
-		offset,
-		length,
-		type,
-		...typeof description === "string" ? { description } : {}
-	};
+function parseIpAddress(value, version, label) {
+	return version === "ipv4" ? parseIpv4Address(value, label) : parseIpv6Address(value, label);
 }
-function parsePatternSpec(name, value) {
-	const rawFields = value.fields;
-	if (!Array.isArray(rawFields)) throw new Error("spec.fields must be an array");
-	const fieldDelimiter = typeof value.fieldDelimiter === "string" && value.fieldDelimiter.length > 0 ? value.fieldDelimiter : void 0;
-	const byteOrderValue = value.byteOrder;
-	const byteOrder = byteOrderValue === "le" || byteOrderValue === "be" ? byteOrderValue : void 0;
-	return {
-		name,
-		...fieldDelimiter ? { fieldDelimiter } : {},
-		...byteOrder ? { byteOrder } : {},
-		fields: rawFields.map((field, index) => parseFieldSpec(field, index))
-	};
+function parseEtherType(value, label) {
+	return parseNamedOrNumericValue(value, label, ETHER_TYPE_MAP, 65535);
 }
-function parseEncryptionInfo(value) {
-	if (!isRecord(value)) return;
-	const type = value.type;
-	if (type !== "aes" && type !== "xor" && type !== "rc4" && type !== "custom") return;
-	const key = typeof value.key === "string" ? value.key : void 0;
-	const iv = typeof value.iv === "string" ? value.iv : void 0;
-	const notes = typeof value.notes === "string" ? value.notes : void 0;
-	return {
-		type,
-		...key ? { key } : {},
-		...iv ? { iv } : {},
-		...notes ? { notes } : {}
-	};
+function parseIpProtocol(value, label) {
+	return parseNamedOrNumericValue(value, label, IP_PROTOCOL_MAP, 255);
 }
-function parseProtocolMessage(value, index) {
-	if (!isRecord(value)) throw new Error(`messages[${index}] must be an object`);
-	const direction = value.direction;
-	const timestamp = value.timestamp;
-	const fields = value.fields;
-	const raw = value.raw;
-	if (direction !== "req" && direction !== "res") throw new Error(`messages[${index}].direction must be "req" or "res"`);
-	if (typeof timestamp !== "number" || !Number.isFinite(timestamp)) throw new Error(`messages[${index}].timestamp must be a number`);
-	if (!isRecord(fields)) throw new Error(`messages[${index}].fields must be an object`);
-	if (typeof raw !== "string") throw new Error(`messages[${index}].raw must be a string`);
-	return {
-		direction,
-		timestamp,
-		fields,
-		raw
-	};
+function parsePcapLinkType(value, label) {
+	return parseNamedOrNumericValue(value, label, PCAP_LINK_TYPE_MAP, 4294967295);
 }
-const TEXT_ENCODINGS = ["utf8", "ascii"];
-const BINARY_ENCODINGS = [
-	"utf8",
-	"ascii",
-	"hex",
-	"base64"
-];
-const PAYLOAD_FIELD_TYPES = [
-	"u8",
-	"u16",
-	"u32",
-	"i8",
-	"i16",
-	"i32",
-	"string",
-	"bytes"
-];
-const MUTATION_STRATEGIES = [
-	"set_byte",
-	"flip_bit",
-	"overwrite_bytes",
-	"append_bytes",
-	"truncate",
-	"increment_integer"
-];
-const ETHER_TYPE_MAP = Object.freeze({
-	arp: 2054,
-	ipv4: 2048,
-	ipv6: 34525,
-	vlan: 33024
-});
-const IP_PROTOCOL_MAP = Object.freeze({
-	icmp: 1,
-	igmp: 2,
-	tcp: 6,
-	udp: 17,
-	gre: 47,
-	esp: 50,
-	ah: 51,
-	icmpv6: 58,
-	ospf: 89
-});
-const PCAP_LINK_TYPE_MAP = Object.freeze({
-	loopback: 0,
-	ethernet: 1,
-	raw: 101
-});
-function parseEndian(value, fallback = "big") {
-	return value === "little" ? "little" : fallback;
+function parseChecksumEndian(value) {
+	return value === "little" ? "little" : "big";
 }
-function parseNonNegativeInteger(value, label) {
-	if (typeof value !== "number" || !Number.isInteger(value) || value < 0) throw new Error(`${label} must be a non-negative integer`);
-	return value;
+function parsePacketEndianness(value) {
+	return value === "big" ? "big" : "little";
 }
-function parsePositiveInteger(value, label) {
-	if (typeof value !== "number" || !Number.isInteger(value) || value <= 0) throw new Error(`${label} must be a positive integer`);
-	return value;
+function parseTimestampPrecision(value) {
+	return value === "nano" ? "nano" : "micro";
 }
-function parseInteger(value, label) {
-	if (typeof value !== "number" || !Number.isInteger(value)) throw new Error(`${label} must be an integer`);
-	return value;
+function parseHexPayload$1(value, label) {
+	if (typeof value !== "string") throw new Error(`${label} must be a hex string`);
+	return Buffer.from(normalizeHexString(value, label), "hex");
 }
-function parseByte(value, label) {
-	const parsed = parseInteger(value, label);
-	if (parsed < 0 || parsed > 255) throw new Error(`${label} must be between 0 and 255`);
-	return parsed;
+//#endregion
+//#region src/server/domains/protocol-analysis/handlers/shared/network-packet/packet-build.ts
+function computeInternetChecksum(buffer) {
+	let sum = 0;
+	for (let offset = 0; offset < buffer.length; offset += 2) {
+		const high = buffer[offset] ?? 0;
+		const low = buffer[offset + 1] ?? 0;
+		sum += high << 8 | low;
+		while (sum > 65535) sum = (sum & 65535) + (sum >>> 16);
+	}
+	return ~sum & 65535;
 }
-function parseOptionalLength(value, label) {
-	return value === void 0 ? void 0 : parsePositiveInteger(value, label);
+function buildEthernetFrame(destinationMac, sourceMac, etherType, payload) {
+	const header = Buffer.alloc(14);
+	destinationMac.bytes.copy(header, 0);
+	sourceMac.bytes.copy(header, 6);
+	header.writeUInt16BE(etherType, 12);
+	return Buffer.concat([header, payload]);
 }
-function parseEncoding(value, allowed, fallback, label) {
-	if (value === void 0) return fallback;
-	if (typeof value !== "string" || !allowed.includes(value)) throw new Error(`${label} is invalid`);
-	return value;
+function buildArpPayload(args) {
+	if (args.hardwareSize !== args.senderMac.bytes.length || args.hardwareSize !== args.targetMac.bytes.length) throw new Error("hardwareSize must match the provided MAC address lengths");
+	if (args.protocolSize !== args.senderIp.length || args.protocolSize !== args.targetIp.length) throw new Error("protocolSize must match the provided IP address lengths");
+	const buffer = Buffer.alloc(8 + args.hardwareSize * 2 + args.protocolSize * 2);
+	let offset = 0;
+	buffer.writeUInt16BE(args.hardwareType, offset);
+	offset += 2;
+	buffer.writeUInt16BE(args.protocolType, offset);
+	offset += 2;
+	buffer.writeUInt8(args.hardwareSize, offset++);
+	buffer.writeUInt8(args.protocolSize, offset++);
+	buffer.writeUInt16BE(args.operation === "reply" ? 2 : 1, offset);
+	offset += 2;
+	args.senderMac.bytes.copy(buffer, offset);
+	offset += args.hardwareSize;
+	args.senderIp.copy(buffer, offset);
+	offset += args.protocolSize;
+	args.targetMac.bytes.copy(buffer, offset);
+	offset += args.hardwareSize;
+	args.targetIp.copy(buffer, offset);
+	return buffer;
 }
-function normalizeHexString(value, label) {
-	const normalized = value.replace(/^0x/i, "").replace(/\s+/g, "");
-	if (normalized.length === 0) return normalized;
-	if (normalized.length % 2 !== 0 || /[^0-9a-f]/i.test(normalized)) throw new Error(`${label} must be a valid even-length hex string`);
-	return normalized.toLowerCase();
+function buildIpv4Packet(args) {
+	const header = Buffer.alloc(20);
+	header[0] = 69;
+	header[1] = (args.dscp & 63) << 2 | args.ecn & 3;
+	header.writeUInt16BE(header.length + args.payload.length, 2);
+	header.writeUInt16BE(args.identification, 4);
+	const flags = (args.dontFragment ? 1 : 0) << 1 | (args.moreFragments ? 1 : 0);
+	header.writeUInt16BE((flags & 7) << 13 | args.fragmentOffset & 8191, 6);
+	header[8] = args.ttl;
+	header[9] = args.protocol;
+	header.writeUInt16BE(0, 10);
+	args.sourceIp.copy(header, 12);
+	args.destinationIp.copy(header, 16);
+	const checksum = computeInternetChecksum(header);
+	header.writeUInt16BE(checksum, 10);
+	return {
+		packet: Buffer.concat([header, args.payload]),
+		checksum
+	};
 }
-function decodeBinaryValue(value, encoding, label) {
-	switch (encoding) {
-		case "utf8":
-		case "ascii": return Buffer.from(value, encoding);
-		case "hex": return Buffer.from(normalizeHexString(value, label), "hex");
-		case "base64": return Buffer.from(value, "base64");
-	}
+function buildIpv6Packet(args) {
+	const header = Buffer.alloc(40);
+	const versionTrafficFlow = 6 << 28 | (((args.dscp & 63) << 2 | args.ecn & 3) & 255) << 20 | args.flowLabel & 1048575;
+	header.writeUInt32BE(versionTrafficFlow >>> 0, 0);
+	header.writeUInt16BE(args.payload.length, 4);
+	header.writeUInt8(args.protocol, 6);
+	header.writeUInt8(args.hopLimit, 7);
+	args.sourceIp.copy(header, 8);
+	args.destinationIp.copy(header, 24);
+	return Buffer.concat([header, args.payload]);
 }
-function getNumericRange(width, signed) {
-	const bits = width * 8;
-	if (signed) return {
-		min: -(2 ** (bits - 1)),
-		max: 2 ** (bits - 1) - 1
-	};
+function buildIcmpEcho(args) {
+	const packet = Buffer.alloc(8 + args.payload.length);
+	packet[0] = args.operation === "reply" ? 0 : 8;
+	packet[1] = 0;
+	packet.writeUInt16BE(0, 2);
+	packet.writeUInt16BE(args.identifier, 4);
+	packet.writeUInt16BE(args.sequenceNumber, 6);
+	args.payload.copy(packet, 8);
+	const checksum = computeInternetChecksum(packet);
+	packet.writeUInt16BE(checksum, 2);
 	return {
-		min: 0,
-		max: 2 ** bits - 1
+		packet,
+		checksum
 	};
 }
-function getFieldNumericMetadata(type) {
-	switch (type) {
-		case "u8": return {
-			width: 1,
-			signed: false
-		};
-		case "u16": return {
-			width: 2,
-			signed: false
-		};
-		case "u32": return {
-			width: 4,
-			signed: false
-		};
-		case "i8": return {
-			width: 1,
-			signed: true
-		};
-		case "i16": return {
-			width: 2,
-			signed: true
-		};
-		case "i32": return {
-			width: 4,
-			signed: true
-		};
-		default: return null;
-	}
+//#endregion
+//#region src/server/domains/protocol-analysis/handlers/shared/network-packet/pcap.ts
+function writeUint32(buffer, offset, value, endianness) {
+	if (endianness === "little") buffer.writeUInt32LE(value, offset);
+	else buffer.writeUInt32BE(value, offset);
 }
-function writeIntegerToBuffer(buffer, value, width, signed, endian) {
-	if (signed) switch (width) {
-		case 1:
-			buffer.writeInt8(value, 0);
-			return;
-		case 2:
-			if (endian === "little") buffer.writeInt16LE(value, 0);
-			else buffer.writeInt16BE(value, 0);
-			return;
-		case 4:
-			if (endian === "little") buffer.writeInt32LE(value, 0);
-			else buffer.writeInt32BE(value, 0);
-			return;
-	}
-	switch (width) {
-		case 1:
-			buffer.writeUInt8(value, 0);
-			return;
-		case 2:
-			if (endian === "little") buffer.writeUInt16LE(value, 0);
-			else buffer.writeUInt16BE(value, 0);
-			return;
-		case 4:
-			if (endian === "little") buffer.writeUInt32LE(value, 0);
-			else buffer.writeUInt32BE(value, 0);
-			return;
-	}
+function writeUint16(buffer, offset, value, endianness) {
+	if (endianness === "little") buffer.writeUInt16LE(value, offset);
+	else buffer.writeUInt16BE(value, offset);
 }
-function readIntegerFromBuffer(buffer, offset, width, signed, endian) {
-	if (signed) switch (width) {
-		case 1: return buffer.readInt8(offset);
-		case 2: return endian === "little" ? buffer.readInt16LE(offset) : buffer.readInt16BE(offset);
-		case 4: return endian === "little" ? buffer.readInt32LE(offset) : buffer.readInt32BE(offset);
-	}
-	switch (width) {
-		case 1: return buffer.readUInt8(offset);
-		case 2: return endian === "little" ? buffer.readUInt16LE(offset) : buffer.readUInt16BE(offset);
-		case 4: return endian === "little" ? buffer.readUInt32LE(offset) : buffer.readUInt32BE(offset);
-	}
+function readUint32(buffer, offset, endianness) {
+	return endianness === "little" ? buffer.readUInt32LE(offset) : buffer.readUInt32BE(offset);
 }
-function applyFixedLength(encoded, length, padByte) {
-	if (length === void 0 || encoded.length === length) return encoded;
-	if (encoded.length > length) return encoded.subarray(0, length);
-	return Buffer.concat([encoded, Buffer.alloc(length - encoded.length, padByte)]);
+function readUint16(buffer, offset, endianness) {
+	return endianness === "little" ? buffer.readUInt16LE(offset) : buffer.readUInt16BE(offset);
 }
-function parsePayloadTemplateField(value, index) {
-	if (!isRecord(value)) throw new Error(`fields[${index}] must be an object`);
-	const name = value.name;
-	const type = value.type;
-	const rawValue = value.value;
-	if (typeof name !== "string" || name.trim().length === 0) throw new Error(`fields[${index}].name must be a non-empty string`);
-	if (typeof type !== "string" || !PAYLOAD_FIELD_TYPES.includes(type)) throw new Error(`fields[${index}].type is invalid`);
-	const fieldType = type;
-	const numericMetadata = getFieldNumericMetadata(fieldType);
-	if (numericMetadata) {
-		const numericValue = parseInteger(rawValue, `fields[${index}].value`);
-		const range = getNumericRange(numericMetadata.width, numericMetadata.signed);
-		if (numericValue < range.min || numericValue > range.max) throw new Error(`fields[${index}].value is out of range for ${type} (${range.min}..${range.max})`);
-		if (value.length !== void 0 || value.padByte !== void 0 || value.encoding !== void 0) throw new Error(`fields[${index}] does not support length, padByte, or encoding`);
-		return {
-			name,
-			type: fieldType,
-			value: numericValue
-		};
+function getPcapMagic(endianness, precision) {
+	const hex = endianness === "little" ? precision === "nano" ? "4d3cb2a1" : "d4c3b2a1" : precision === "nano" ? "a1b23c4d" : "a1b2c3d4";
+	return Buffer.from(hex, "hex");
+}
+function parsePcapHeader(buffer) {
+	if (buffer.length < 24) throw new Error("PCAP file is too small to contain a global header");
+	const magic = buffer.subarray(0, 4).toString("hex");
+	let endianness;
+	let timestampPrecision;
+	switch (magic) {
+		case "d4c3b2a1":
+			endianness = "little";
+			timestampPrecision = "micro";
+			break;
+		case "4d3cb2a1":
+			endianness = "little";
+			timestampPrecision = "nano";
+			break;
+		case "a1b2c3d4":
+			endianness = "big";
+			timestampPrecision = "micro";
+			break;
+		case "a1b23c4d":
+			endianness = "big";
+			timestampPrecision = "nano";
+			break;
+		default: throw new Error("Unsupported capture format: only classic PCAP files are supported");
 	}
-	if (typeof rawValue !== "string") throw new Error(`fields[${index}].value must be a string`);
-	const length = parseOptionalLength(value.length, `fields[${index}].length`);
-	const padByte = value.padByte === void 0 ? 0 : parseByte(value.padByte, `fields[${index}].padByte`);
-	if (type === "string") return {
-		name,
-		type: "string",
-		value: rawValue,
-		encoding: parseEncoding(value.encoding, TEXT_ENCODINGS, "utf8", `fields[${index}].encoding`),
-		...length !== void 0 ? { length } : {},
-		padByte
+	return {
+		endianness,
+		timestampPrecision,
+		versionMajor: readUint16(buffer, 4, endianness),
+		versionMinor: readUint16(buffer, 6, endianness),
+		snapLength: readUint32(buffer, 16, endianness),
+		linkType: readUint32(buffer, 20, endianness)
 	};
+}
+function parsePcapPacketInput(value, index) {
+	if (!isRecord$1(value)) throw new Error(`packets[${index}] must be an object`);
+	const data = parseHexPayload$1(value.dataHex, `packets[${index}].dataHex`);
+	const timestampSeconds = value.timestampSeconds === void 0 ? 0 : parseNonNegativeInteger(value.timestampSeconds, `packets[${index}].timestampSeconds`);
+	const timestampFraction = value.timestampFraction === void 0 ? 0 : parseNonNegativeInteger(value.timestampFraction, `packets[${index}].timestampFraction`);
+	const originalLength = value.originalLength === void 0 ? data.length : parsePositiveInteger(value.originalLength, `packets[${index}].originalLength`);
+	if (originalLength < data.length) throw new Error(`packets[${index}].originalLength must be >= included packet length`);
 	return {
-		name,
-		type: "bytes",
-		value: rawValue,
-		encoding: parseEncoding(value.encoding, BINARY_ENCODINGS, "hex", `fields[${index}].encoding`),
-		...length !== void 0 ? { length } : {},
-		padByte
+		data,
+		timestampSeconds,
+		timestampFraction,
+		originalLength
 	};
 }
-function encodePayloadTemplateField(field, endian) {
-	switch (field.type) {
-		case "u8":
-		case "u16":
-		case "u32":
-		case "i8":
-		case "i16":
-		case "i32": {
-			const numericMetadata = getFieldNumericMetadata(field.type);
-			if (!numericMetadata) throw new Error(`Unsupported numeric field type: ${field.type}`);
-			const buffer = Buffer.alloc(numericMetadata.width);
-			writeIntegerToBuffer(buffer, field.value, numericMetadata.width, numericMetadata.signed, endian);
-			return buffer;
-		}
-		case "string": return applyFixedLength(Buffer.from(field.value, field.encoding), field.length, field.padByte);
-		case "bytes": return applyFixedLength(decodeBinaryValue(field.value, field.encoding, `field ${field.name}`), field.length, field.padByte);
-	}
+function buildClassicPcap(args) {
+	const globalHeader = Buffer.alloc(24);
+	getPcapMagic(args.endianness, args.timestampPrecision).copy(globalHeader, 0);
+	writeUint16(globalHeader, 4, 2, args.endianness);
+	writeUint16(globalHeader, 6, 4, args.endianness);
+	writeUint32(globalHeader, 8, 0, args.endianness);
+	writeUint32(globalHeader, 12, 0, args.endianness);
+	writeUint32(globalHeader, 16, args.snapLength, args.endianness);
+	writeUint32(globalHeader, 20, args.linkType, args.endianness);
+	const records = args.packets.map((packet) => {
+		const header = Buffer.alloc(16);
+		writeUint32(header, 0, packet.timestampSeconds, args.endianness);
+		writeUint32(header, 4, packet.timestampFraction, args.endianness);
+		writeUint32(header, 8, packet.data.length, args.endianness);
+		writeUint32(header, 12, packet.originalLength, args.endianness);
+		return Buffer.concat([header, packet.data]);
+	});
+	return Buffer.concat([globalHeader, ...records]);
 }
-function buildPayloadFromTemplate(fields, endian) {
-	const buffers = [];
-	const segments = [];
-	let offset = 0;
-	for (const field of fields) {
-		const encoded = encodePayloadTemplateField(field, endian);
-		buffers.push(encoded);
-		segments.push({
-			name: field.name,
-			offset,
-			length: encoded.length,
-			hex: encoded.toString("hex")
+function readClassicPcap(buffer, maxPackets, maxBytesPerPacket) {
+	const header = parsePcapHeader(buffer);
+	const packets = [];
+	let offset = 24;
+	while (offset < buffer.length) {
+		if (maxPackets !== void 0 && packets.length >= maxPackets) break;
+		if (offset + 16 > buffer.length) throw new Error("PCAP file ends with an incomplete packet header");
+		const timestampSeconds = readUint32(buffer, offset, header.endianness);
+		const timestampFraction = readUint32(buffer, offset + 4, header.endianness);
+		const includedLength = readUint32(buffer, offset + 8, header.endianness);
+		const originalLength = readUint32(buffer, offset + 12, header.endianness);
+		offset += 16;
+		if (offset + includedLength > buffer.length) throw new Error("PCAP file ends with an incomplete packet payload");
+		const packetBytes = buffer.subarray(offset, offset + includedLength);
+		offset += includedLength;
+		const limit = maxBytesPerPacket === void 0 ? packetBytes.length : maxBytesPerPacket;
+		const visibleLength = Math.min(limit, packetBytes.length);
+		packets.push({
+			index: packets.length,
+			timestampSeconds,
+			timestampFraction,
+			includedLength,
+			originalLength,
+			dataHex: packetBytes.subarray(0, visibleLength).toString("hex"),
+			truncated: visibleLength < packetBytes.length
 		});
-		offset += encoded.length;
 	}
 	return {
-		payload: Buffer.concat(buffers),
-		segments
+		header,
+		packets
 	};
 }
-function parsePayloadMutation(value, index) {
-	if (!isRecord(value)) throw new Error(`mutations[${index}] must be an object`);
-	const strategy = value.strategy;
-	if (typeof strategy !== "string" || !MUTATION_STRATEGIES.includes(strategy)) throw new Error(`mutations[${index}].strategy is invalid`);
-	switch (strategy) {
-		case "set_byte": return {
-			strategy: "set_byte",
-			offset: parseNonNegativeInteger(value.offset, `mutations[${index}].offset`),
-			value: parseByte(value.value, `mutations[${index}].value`)
-		};
-		case "flip_bit": return {
-			strategy: "flip_bit",
-			offset: parseNonNegativeInteger(value.offset, `mutations[${index}].offset`),
-			bit: (() => {
-				const bit = parseInteger(value.bit, `mutations[${index}].bit`);
-				if (bit < 0 || bit > 7) throw new Error(`mutations[${index}].bit must be between 0 and 7`);
-				return bit;
-			})()
-		};
-		case "overwrite_bytes": return {
-			strategy: "overwrite_bytes",
-			offset: parseNonNegativeInteger(value.offset, `mutations[${index}].offset`),
-			data: decodeBinaryValue(typeof value.data === "string" ? value.data : (() => {
-				throw new Error(`mutations[${index}].data must be a string`);
-			})(), parseEncoding(value.encoding, BINARY_ENCODINGS, "hex", `mutations[${index}].encoding`), `mutations[${index}].data`)
-		};
-		case "append_bytes": return {
-			strategy: "append_bytes",
-			data: decodeBinaryValue(typeof value.data === "string" ? value.data : (() => {
-				throw new Error(`mutations[${index}].data must be a string`);
-			})(), parseEncoding(value.encoding, BINARY_ENCODINGS, "hex", `mutations[${index}].encoding`), `mutations[${index}].data`)
-		};
-		case "truncate": return {
-			strategy: "truncate",
-			length: parseNonNegativeInteger(value.length, `mutations[${index}].length`)
-		};
-		case "increment_integer": {
-			const width = value.width;
-			if (width !== 1 && width !== 2 && width !== 4) throw new Error(`mutations[${index}].width must be 1, 2, or 4`);
-			return {
-				strategy: "increment_integer",
-				offset: parseNonNegativeInteger(value.offset, `mutations[${index}].offset`),
-				width,
-				delta: parseInteger(value.delta, `mutations[${index}].delta`),
-				endian: parseEndian(value.endian),
-				signed: value.signed === true
-			};
-		}
+//#endregion
+//#region src/modules/protocol-analysis/ProtocolPatternUtils.ts
+const PRINTABLE_MIN = 32;
+const PRINTABLE_MAX = 126;
+const DELIMITER_CANDIDATES = [
+	Buffer.from([44]),
+	Buffer.from([124]),
+	Buffer.from([58]),
+	Buffer.from([59]),
+	Buffer.from([9]),
+	Buffer.from([0]),
+	Buffer.from([13, 10])
+];
+function normalizeHexPayload(value) {
+	return value.replace(/^0x/i, "").replace(/\s+/g, "").toLowerCase();
+}
+function isHexPayload(value) {
+	const normalized = normalizeHexPayload(value);
+	if (normalized.length === 0 || normalized.length % 2 !== 0) return false;
+	return /^[0-9a-f]+$/i.test(normalized);
+}
+function parseHexPayload(value) {
+	if (!isHexPayload(value)) return null;
+	return Buffer.from(normalizeHexPayload(value), "hex");
+}
+function isPrintableByte(value) {
+	return value >= PRINTABLE_MIN && value <= PRINTABLE_MAX;
+}
+function printableRatio(buffer) {
+	if (buffer.length === 0) return 0;
+	let printableCount = 0;
+	for (const value of buffer.values()) if (isPrintableByte(value)) printableCount += 1;
+	return printableCount / buffer.length;
+}
+function averagePrintableRatio(buffers) {
+	if (buffers.length === 0) return 0;
+	return buffers.reduce((accumulator, buffer) => accumulator + printableRatio(buffer), 0) / buffers.length;
+}
+function splitBuffer(buffer, delimiter) {
+	if (delimiter.length === 0) return [buffer];
+	const parts = [];
+	let start = 0;
+	let index = buffer.indexOf(delimiter, start);
+	while (index >= 0) {
+		parts.push(buffer.subarray(start, index));
+		start = index + delimiter.length;
+		index = buffer.indexOf(delimiter, start);
 	}
+	parts.push(buffer.subarray(start));
+	return parts;
 }
-function applyPayloadMutation(payload, mutation, index) {
-	const working = Buffer.from(payload);
-	switch (mutation.strategy) {
-		case "set_byte":
-			if (mutation.offset >= working.length) throw new Error(`mutations[${index}] offset is outside the payload`);
-			working[mutation.offset] = mutation.value;
-			return {
-				payload: working,
-				summary: {
-					index,
-					strategy: mutation.strategy,
-					detail: `set payload[${mutation.offset}] to ${mutation.value}`
-				}
-			};
-		case "flip_bit":
-			if (mutation.offset >= working.length) throw new Error(`mutations[${index}] offset is outside the payload`);
-			{
-				const currentByte = working.at(mutation.offset);
-				if (currentByte === void 0) throw new Error(`mutations[${index}] offset is outside the payload`);
-				working[mutation.offset] = currentByte ^ 1 << mutation.bit;
-			}
-			return {
-				payload: working,
-				summary: {
-					index,
-					strategy: mutation.strategy,
-					detail: `flipped bit ${mutation.bit} at offset ${mutation.offset}`
-				}
-			};
-		case "overwrite_bytes":
-			if (mutation.offset + mutation.data.length > working.length) throw new Error(`mutations[${index}] overwrite exceeds payload length`);
-			mutation.data.copy(working, mutation.offset);
-			return {
-				payload: working,
-				summary: {
-					index,
-					strategy: mutation.strategy,
-					detail: `overwrote ${mutation.data.length} bytes at offset ${mutation.offset}`
-				}
-			};
-		case "append_bytes": return {
-			payload: Buffer.concat([working, mutation.data]),
-			summary: {
-				index,
-				strategy: mutation.strategy,
-				detail: `appended ${mutation.data.length} bytes`
-			}
-		};
-		case "truncate":
-			if (mutation.length > working.length) throw new Error(`mutations[${index}] length exceeds payload size`);
-			return {
-				payload: working.subarray(0, mutation.length),
-				summary: {
-					index,
-					strategy: mutation.strategy,
-					detail: `truncated payload to ${mutation.length} bytes`
-				}
-			};
-		case "increment_integer": {
-			if (mutation.offset + mutation.width > working.length) throw new Error(`mutations[${index}] integer range exceeds payload length`);
-			const next = readIntegerFromBuffer(working, mutation.offset, mutation.width, mutation.signed, mutation.endian) + mutation.delta;
-			const range = getNumericRange(mutation.width, mutation.signed);
-			if (next < range.min || next > range.max) throw new Error(`mutations[${index}] integer overflow (${range.min}..${range.max})`);
-			writeIntegerToBuffer(working.subarray(mutation.offset, mutation.offset + mutation.width), next, mutation.width, mutation.signed, mutation.endian);
-			return {
-				payload: working,
-				summary: {
-					index,
-					strategy: mutation.strategy,
-					detail: `incremented ${mutation.signed ? "signed" : "unsigned"} ${mutation.width}-byte integer at offset ${mutation.offset} by ${mutation.delta}`
-				}
-			};
-		}
+function bufferToDelimiterString(buffer) {
+	return printableRatio(buffer) === 1 ? buffer.toString("utf8") : buffer.toString("hex");
+}
+function parsePayloads(hexPayloads) {
+	const buffers = [];
+	for (const hexPayload of hexPayloads) {
+		const payload = parseHexPayload(hexPayload);
+		if (payload) buffers.push(payload);
 	}
+	return buffers;
 }
-function parseMacAddress(value, label) {
-	if (typeof value !== "string" || value.trim().length === 0) throw new Error(`${label} must be a non-empty MAC address string`);
-	const normalized = value.trim().toLowerCase().replace(/^0x/, "").replace(/[:\-.\s]/g, "");
-	if (!/^[0-9a-f]{12}$/i.test(normalized)) throw new Error(`${label} must be a valid 6-byte MAC address`);
-	const canonical = normalized.match(/.{2}/g)?.join(":");
-	if (!canonical) throw new Error(`${label} must be a valid 6-byte MAC address`);
-	return {
-		canonical,
-		bytes: Buffer.from(normalized, "hex")
-	};
+function decodeInteger(buffer, byteOrder) {
+	if (buffer.length === 0) return null;
+	if (buffer.length === 1) return buffer.readUInt8(0);
+	if (buffer.length === 2) return byteOrder === "le" ? buffer.readUInt16LE(0) : buffer.readUInt16BE(0);
+	if (buffer.length === 4) return byteOrder === "le" ? buffer.readUInt32LE(0) : buffer.readUInt32BE(0);
+	if (buffer.length === 8) {
+		const value = byteOrder === "le" ? Number(buffer.readBigUInt64LE(0)) : Number(buffer.readBigUInt64BE(0));
+		return Number.isFinite(value) ? value : null;
+	}
+	let value = 0;
+	const bytes = byteOrder === "le" ? [...buffer.values()].toReversed() : [...buffer.values()];
+	for (const byte of bytes) value = value * 256 + byte;
+	return Number.isFinite(value) ? value : null;
 }
-function parseNamedOrNumericValue(value, label, map, max) {
-	if (typeof value === "number") {
-		if (!Number.isInteger(value) || value < 0 || value > max) throw new Error(`${label} must be an integer between 0 and ${max}`);
-		return value;
+function decodeFloat(buffer, byteOrder) {
+	if (buffer.length === 4) {
+		const value = byteOrder === "le" ? buffer.readFloatLE(0) : buffer.readFloatBE(0);
+		return Number.isFinite(value) ? value : null;
 	}
-	if (typeof value !== "string" || value.trim().length === 0) throw new Error(`${label} must be a non-empty string or integer`);
-	const normalized = value.trim().toLowerCase();
-	const mapped = map[normalized];
-	if (mapped !== void 0) return mapped;
-	if (/^\d+$/.test(normalized)) {
-		const parsed = Number.parseInt(normalized, 10);
-		if (parsed > max) throw new Error(`${label} must be less than or equal to ${max}`);
-		return parsed;
+	if (buffer.length === 8) {
+		const value = byteOrder === "le" ? buffer.readDoubleLE(0) : buffer.readDoubleBE(0);
+		return Number.isFinite(value) ? value : null;
 	}
-	const hex = normalizeHexString(normalized, label);
-	const parsed = Number.parseInt(hex, 16);
-	if (parsed > max) throw new Error(`${label} must be less than or equal to ${max}`);
-	return parsed;
-}
-function parseIpv4Address(value, label) {
-	if (typeof value !== "string" || isIP(value.trim()) !== 4) throw new Error(`${label} must be a valid IPv4 address`);
-	const octets = value.trim().split(".").map((part) => Number.parseInt(part, 10));
-	return Buffer.from(octets);
-}
-function parseIpv6Groups(value, label) {
-	if (value.length === 0) return [];
-	return value.split(":").flatMap((part) => {
-		if (part.length === 0) return [];
-		if (part.includes(".")) {
-			const ipv4 = parseIpv4Address(part, label);
-			return [ipv4.readUInt16BE(0).toString(16), ipv4.readUInt16BE(2).toString(16)];
-		}
-		if (!/^[0-9a-f]{1,4}$/i.test(part)) throw new Error(`${label} contains an invalid IPv6 group`);
-		return [part];
-	});
-}
-function parseIpv6Address(value, label) {
-	if (typeof value !== "string") throw new Error(`${label} must be a valid IPv6 address`);
-	const normalized = value.trim().toLowerCase().split("%")[0] ?? "";
-	if (isIP(normalized) !== 6) throw new Error(`${label} must be a valid IPv6 address`);
-	const segments = normalized.split("::");
-	if (segments.length > 2) throw new Error(`${label} must be a valid IPv6 address`);
-	const head = parseIpv6Groups(segments[0] ?? "", label);
-	const tail = parseIpv6Groups(segments[1] ?? "", label);
-	const groups = segments.length === 2 ? [
-		...head,
-		...Array.from({ length: 8 - head.length - tail.length }, () => "0"),
-		...tail
-	] : head;
-	if (groups.length !== 8) throw new Error(`${label} must expand to exactly 8 IPv6 groups`);
-	const output = Buffer.alloc(16);
-	for (const [index, group] of groups.entries()) output.writeUInt16BE(Number.parseInt(group, 16), index * 2);
-	return output;
-}
-function parseIpAddress(value, version, label) {
-	return version === "ipv4" ? parseIpv4Address(value, label) : parseIpv6Address(value, label);
-}
-function parseEtherType(value, label) {
-	return parseNamedOrNumericValue(value, label, ETHER_TYPE_MAP, 65535);
-}
-function parseIpProtocol(value, label) {
-	return parseNamedOrNumericValue(value, label, IP_PROTOCOL_MAP, 255);
-}
-function parsePcapLinkType(value, label) {
-	return parseNamedOrNumericValue(value, label, PCAP_LINK_TYPE_MAP, 4294967295);
+	return null;
 }
-function parseChecksumEndian(value) {
-	return value === "little" ? "little" : "big";
+function countOccurrences(buffer, delimiter) {
+	if (delimiter.length === 0) return 0;
+	let count = 0;
+	let start = 0;
+	let index = buffer.indexOf(delimiter, start);
+	while (index >= 0) {
+		count += 1;
+		start = index + delimiter.length;
+		index = buffer.indexOf(delimiter, start);
+	}
+	return count;
 }
-function parsePacketEndianness(value) {
-	return value === "big" ? "big" : "little";
+function inferFieldType(samples) {
+	if (samples.length === 0) return "bytes";
+	if (samples.every((sample) => sample.length === 1) && samples.every((sample) => sample[0] === 0 || sample[0] === 1)) return "bool";
+	if (averagePrintableRatio(samples) >= .7) return "string";
+	if (samples.every((sample) => sample.length === 4) && looksLikeFloatSamples(samples)) return "float";
+	if (samples.every((sample) => sample.length <= 4)) return "int";
+	return "bytes";
 }
-function parseTimestampPrecision(value) {
-	return value === "nano" ? "nano" : "micro";
+function looksLikeFloatSamples(samples) {
+	const decoded = [];
+	for (const sample of samples) {
+		const value = decodeFloat(sample, "be");
+		if (value === null) return false;
+		decoded.push(value);
+	}
+	return decoded.some((value) => Math.abs(value) > .001 && Math.abs(value) < 1e6);
 }
-function parseHexPayload(value, label) {
-	if (typeof value !== "string") throw new Error(`${label} must be a hex string`);
-	return Buffer.from(normalizeHexString(value, label), "hex");
+function isPrintableColumn(buffers, offset) {
+	let valueCount = 0;
+	let printableCount = 0;
+	for (const buffer of buffers) {
+		const value = buffer[offset];
+		if (value === void 0) continue;
+		valueCount += 1;
+		if (isPrintableByte(value)) printableCount += 1;
+	}
+	return valueCount > 0 && printableCount / valueCount >= .8;
 }
-function computeInternetChecksum(buffer) {
-	let sum = 0;
-	for (let offset = 0; offset < buffer.length; offset += 2) {
-		const high = buffer[offset] ?? 0;
-		const low = buffer[offset + 1] ?? 0;
-		sum += high << 8 | low;
-		while (sum > 65535) sum = (sum & 65535) + (sum >>> 16);
+function isBooleanColumn(buffers, offset) {
+	let valueCount = 0;
+	for (const buffer of buffers) {
+		const value = buffer[offset];
+		if (value === void 0) continue;
+		valueCount += 1;
+		if (value !== 0 && value !== 1) return false;
 	}
-	return ~sum & 65535;
+	return valueCount > 0;
 }
-function buildEthernetFrame(destinationMac, sourceMac, etherType, payload) {
-	const header = Buffer.alloc(14);
-	destinationMac.bytes.copy(header, 0);
-	sourceMac.bytes.copy(header, 6);
-	header.writeUInt16BE(etherType, 12);
-	return Buffer.concat([header, payload]);
+function buildDelimitedFields(buffers, delimiter) {
+	if (delimiter.length === 0) return [];
+	const tokenized = buffers.map((buffer) => splitBuffer(buffer, delimiter));
+	const firstRow = tokenized[0];
+	if (!firstRow || firstRow.length < 2) return [];
+	const tokenCount = firstRow.length;
+	if (!tokenized.every((parts) => parts.length === tokenCount)) return [];
+	const fields = [];
+	let currentOffset = 0;
+	for (let index = 0; index < tokenCount; index += 1) {
+		const template = firstRow[index];
+		if (!template) continue;
+		const samples = tokenized.map((parts) => parts[index]).filter((part) => Buffer.isBuffer(part));
+		fields.push({
+			name: `field_${index + 1}`,
+			offset: currentOffset,
+			length: template.length,
+			type: inferFieldType(samples)
+		});
+		currentOffset += template.length + delimiter.length;
+	}
+	return fields;
 }
-function buildArpPayload(args) {
-	if (args.hardwareSize !== args.senderMac.bytes.length || args.hardwareSize !== args.targetMac.bytes.length) throw new Error("hardwareSize must match the provided MAC address lengths");
-	if (args.protocolSize !== args.senderIp.length || args.protocolSize !== args.targetIp.length) throw new Error("protocolSize must match the provided IP address lengths");
-	const buffer = Buffer.alloc(8 + args.hardwareSize * 2 + args.protocolSize * 2);
+function buildFixedWidthFields(buffers) {
+	const minLength = Math.min(...buffers.map((buffer) => buffer.length));
+	const fields = [];
 	let offset = 0;
-	buffer.writeUInt16BE(args.hardwareType, offset);
-	offset += 2;
-	buffer.writeUInt16BE(args.protocolType, offset);
-	offset += 2;
-	buffer.writeUInt8(args.hardwareSize, offset++);
-	buffer.writeUInt8(args.protocolSize, offset++);
-	buffer.writeUInt16BE(args.operation === "reply" ? 2 : 1, offset);
-	offset += 2;
-	args.senderMac.bytes.copy(buffer, offset);
-	offset += args.hardwareSize;
-	args.senderIp.copy(buffer, offset);
-	offset += args.protocolSize;
-	args.targetMac.bytes.copy(buffer, offset);
-	offset += args.hardwareSize;
-	args.targetIp.copy(buffer, offset);
-	return buffer;
-}
-function buildIpv4Packet(args) {
-	const header = Buffer.alloc(20);
-	header[0] = 69;
-	header[1] = (args.dscp & 63) << 2 | args.ecn & 3;
-	header.writeUInt16BE(header.length + args.payload.length, 2);
-	header.writeUInt16BE(args.identification, 4);
-	const flags = (args.dontFragment ? 1 : 0) << 1 | (args.moreFragments ? 1 : 0);
-	header.writeUInt16BE((flags & 7) << 13 | args.fragmentOffset & 8191, 6);
-	header[8] = args.ttl;
-	header[9] = args.protocol;
-	header.writeUInt16BE(0, 10);
-	args.sourceIp.copy(header, 12);
-	args.destinationIp.copy(header, 16);
-	const checksum = computeInternetChecksum(header);
-	header.writeUInt16BE(checksum, 10);
-	return {
-		packet: Buffer.concat([header, args.payload]),
-		checksum
-	};
+	while (offset < minLength && fields.length < 24) {
+		if (isPrintableColumn(buffers, offset)) {
+			let end = offset + 1;
+			while (end < minLength && isPrintableColumn(buffers, end)) end += 1;
+			fields.push({
+				name: `field_${fields.length + 1}`,
+				offset,
+				length: end - offset,
+				type: "string"
+			});
+			offset = end;
+			continue;
+		}
+		if (isBooleanColumn(buffers, offset)) {
+			fields.push({
+				name: `field_${fields.length + 1}`,
+				offset,
+				length: 1,
+				type: "bool"
+			});
+			offset += 1;
+			continue;
+		}
+		const remaining = minLength - offset;
+		if (remaining >= 4) {
+			if (looksLikeFloatSamples(buffers.map((buffer) => buffer.subarray(offset, offset + 4)))) {
+				fields.push({
+					name: `field_${fields.length + 1}`,
+					offset,
+					length: 4,
+					type: "float"
+				});
+				offset += 4;
+				continue;
+			}
+		}
+		const segmentLength = remaining >= 4 ? 4 : Math.min(remaining, 2);
+		const samples = buffers.map((buffer) => buffer.subarray(offset, offset + segmentLength));
+		fields.push({
+			name: `field_${fields.length + 1}`,
+			offset,
+			length: segmentLength,
+			type: inferFieldType(samples)
+		});
+		offset += segmentLength;
+	}
+	return fields;
 }
-function buildIpv6Packet(args) {
-	const header = Buffer.alloc(40);
-	const versionTrafficFlow = 6 << 28 | (((args.dscp & 63) << 2 | args.ecn & 3) & 255) << 20 | args.flowLabel & 1048575;
-	header.writeUInt32BE(versionTrafficFlow >>> 0, 0);
-	header.writeUInt16BE(args.payload.length, 4);
-	header.writeUInt8(args.protocol, 6);
-	header.writeUInt8(args.hopLimit, 7);
-	args.sourceIp.copy(header, 8);
-	args.destinationIp.copy(header, 24);
-	return Buffer.concat([header, args.payload]);
+function inferDelimiter(buffers) {
+	for (const candidate of DELIMITER_CANDIDATES) {
+		const counts = buffers.map((buffer) => countOccurrences(buffer, candidate));
+		const firstCount = counts[0];
+		if (typeof firstCount === "number" && firstCount >= 2 && counts.every((count) => count === firstCount)) return bufferToDelimiterString(candidate);
+	}
 }
-function buildIcmpEcho(args) {
-	const packet = Buffer.alloc(8 + args.payload.length);
-	packet[0] = args.operation === "reply" ? 0 : 8;
-	packet[1] = 0;
-	packet.writeUInt16BE(0, 2);
-	packet.writeUInt16BE(args.identifier, 4);
-	packet.writeUInt16BE(args.sequenceNumber, 6);
-	args.payload.copy(packet, 8);
-	const checksum = computeInternetChecksum(packet);
-	packet.writeUInt16BE(checksum, 2);
-	return {
-		packet,
-		checksum
-	};
+function inferByteOrder(buffers) {
+	const minLength = Math.min(...buffers.map((buffer) => buffer.length));
+	if (minLength < 2) return "be";
+	let leScore = 0;
+	let beScore = 0;
+	const limit = Math.min(minLength - 1, 8);
+	for (let offset = 0; offset < limit; offset += 2) {
+		let leSmallValues = 0;
+		let beSmallValues = 0;
+		for (const buffer of buffers) {
+			const little = buffer.readUInt16LE(offset);
+			const big = buffer.readUInt16BE(offset);
+			if (little < 4096) leSmallValues += 1;
+			if (big < 4096) beSmallValues += 1;
+		}
+		if (leSmallValues > beSmallValues) leScore += 1;
+		else if (beSmallValues > leSmallValues) beScore += 1;
+	}
+	return leScore > beScore ? "le" : "be";
 }
-function writeUint32(buffer, offset, value, endianness) {
-	if (endianness === "little") buffer.writeUInt32LE(value, offset);
-	else buffer.writeUInt32BE(value, offset);
+function labelMagicFields(fields, buffers) {
+	if (fields.length === 0 || buffers.length < 2) return fields;
+	const minLen = Math.min(...buffers.map((b) => b.length));
+	let commonPrefixLen = 0;
+	for (let offset = 0; offset < minLen; offset += 1) {
+		const byte = buffers[0][offset];
+		if (buffers.every((b) => b[offset] === byte)) commonPrefixLen = offset + 1;
+		else break;
+	}
+	if (commonPrefixLen === 0) return fields;
+	let magicLabelApplied = false;
+	return fields.map((field) => {
+		if (!magicLabelApplied && field.offset === 0 && commonPrefixLen >= 2) {
+			magicLabelApplied = true;
+			return {
+				...field,
+				name: "magic"
+			};
+		}
+		if (magicLabelApplied && field.type === "int" && field.length <= 2 && field.offset <= commonPrefixLen) return {
+			...field,
+			name: "version"
+		};
+		return field;
+	});
 }
-function writeUint16(buffer, offset, value, endianness) {
-	if (endianness === "little") buffer.writeUInt16LE(value, offset);
-	else buffer.writeUInt16BE(value, offset);
+//#endregion
+//#region src/modules/protocol-analysis/ProtocolPatternEngine.ts
+var ProtocolPatternEngine = class {
+	patterns = /* @__PURE__ */ new Map();
+	legacyPatterns = /* @__PURE__ */ new Map();
+	definePattern(name, specOrFields, options) {
+		const legacyPattern = Array.isArray(specOrFields) ? this.createLegacyPattern(name, specOrFields, options) : this.createLegacyPatternFromSpec(name, specOrFields);
+		const spec = this.createSpecFromLegacyPattern(legacyPattern);
+		this.patterns.set(name, spec);
+		this.legacyPatterns.set(name, legacyPattern);
+		if (Array.isArray(specOrFields)) return legacyPattern;
+	}
+	detectPattern(hexPayload) {
+		const payload = parseHexPayload(hexPayload);
+		if (!payload) return null;
+		let bestMatch = null;
+		for (const pattern of this.patterns.values()) {
+			const totalChecks = pattern.fields.length + (pattern.fieldDelimiter ? 1 : 0);
+			if (totalChecks === 0) continue;
+			let matches = 0;
+			if (pattern.fieldDelimiter && this.payloadContainsDelimiter(payload, pattern.fieldDelimiter)) matches += 1;
+			for (const field of pattern.fields) if (this.matchesField(payload, field, pattern.byteOrder ?? "be")) matches += 1;
+			const confidence = Number((matches / totalChecks).toFixed(2));
+			if (confidence <= 0) continue;
+			const candidate = {
+				pattern,
+				confidence,
+				matches,
+				total: totalChecks
+			};
+			if (!bestMatch || candidate.confidence > bestMatch.confidence || candidate.confidence === bestMatch.confidence && candidate.matches > bestMatch.matches) bestMatch = candidate;
+		}
+		return bestMatch;
+	}
+	autoDetect(hexPayloads) {
+		const buffers = parsePayloads(hexPayloads);
+		if (buffers.length === 0) return null;
+		const delimiter = inferDelimiter(buffers);
+		const fields = this.inferFields(hexPayloads);
+		return {
+			name: "auto-detected-pattern",
+			fieldDelimiter: delimiter,
+			byteOrder: inferByteOrder(buffers),
+			fields
+		};
+	}
+	inferFields(hexPayloads) {
+		const buffers = parsePayloads(hexPayloads);
+		if (buffers.length === 0) return [];
+		const delimiter = inferDelimiter(buffers);
+		if (delimiter) {
+			const fields = buildDelimitedFields(buffers, this.parseDelimiter(delimiter));
+			if (fields.length > 0) return labelMagicFields(fields, buffers);
+		}
+		return labelMagicFields(buildFixedWidthFields(buffers), buffers);
+	}
+	autoDetectPattern(payloads, options) {
+		const hexPayloads = payloads.map((payload) => payload.toString("hex"));
+		const detected = this.autoDetect(hexPayloads);
+		const name = options?.name ?? detected?.name ?? "auto_detected";
+		if (!detected) {
+			const emptyPattern = this.createLegacyPattern(name, []);
+			this.patterns.set(name, this.createSpecFromLegacyPattern(emptyPattern));
+			this.legacyPatterns.set(name, emptyPattern);
+			return emptyPattern;
+		}
+		const namedPattern = {
+			...detected,
+			name
+		};
+		this.definePattern(name, namedPattern);
+		return this.getPattern(name) ?? this.createLegacyPatternFromSpec(name, namedPattern);
+	}
+	getPattern(name) {
+		return this.legacyPatterns.get(name);
+	}
+	listPatterns() {
+		return [...this.patterns.keys()];
+	}
+	exportProto(pattern) {
+		const legacyPattern = this.isLegacyPattern(pattern) ? pattern : this.createLegacyPatternFromSpec(pattern.name, pattern);
+		const lines = [
+			`// Protocol: ${legacyPattern.name}`,
+			`// Byte order: ${legacyPattern.byteOrder}`,
+			""
+		];
+		if (legacyPattern.encryption) {
+			lines.push(`// Encryption: ${legacyPattern.encryption.type}`);
+			if (legacyPattern.encryption.notes) lines.push(`// Notes: ${legacyPattern.encryption.notes}`);
+			lines.push("");
+		}
+		lines.push(`message ${this.toPascalCase(legacyPattern.name)} {`);
+		for (let index = 0; index < legacyPattern.fields.length; index += 1) {
+			const field = legacyPattern.fields[index];
+			if (!field) continue;
+			const comment = field.description ? ` // ${field.description}` : "";
+			lines.push(`  ${this.toProtoType(field.type)} ${field.name} = ${index + 1};${comment}`);
+		}
+		lines.push("}");
+		lines.push("");
+		return lines.join("\n");
+	}
+	payloadContainsDelimiter(payload, delimiter) {
+		const delimiterBuffer = this.parseDelimiter(delimiter);
+		if (delimiterBuffer.length === 0) return false;
+		return payload.includes(delimiterBuffer);
+	}
+	matchesField(payload, field, byteOrder) {
+		if (field.offset < 0 || field.length <= 0 || payload.length < field.offset + field.length) return false;
+		const slice = payload.subarray(field.offset, field.offset + field.length);
+		switch (field.type) {
+			case "bytes": return slice.length === field.length;
+			case "bool": return slice.length === 1 && (slice[0] === 0 || slice[0] === 1);
+			case "string": return printableRatio(slice) >= .6;
+			case "int": return decodeInteger(slice, byteOrder) !== null;
+			case "float": return decodeFloat(slice, byteOrder) !== null;
+			default: return false;
+		}
+	}
+	createLegacyPattern(name, fields, options) {
+		return {
+			name,
+			fields: fields.map((field) => ({
+				name: field.name,
+				offset: field.offset,
+				length: field.length,
+				type: field.type,
+				...field.description ? { description: field.description } : {}
+			})).toSorted((left, right) => left.offset - right.offset),
+			byteOrder: options?.byteOrder ?? "big",
+			...options?.encryption ? { encryption: options.encryption } : {}
+		};
+	}
+	createLegacyPatternFromSpec(name, spec) {
+		return {
+			name,
+			fieldDelimiter: spec.fieldDelimiter,
+			byteOrder: spec.byteOrder === "le" ? "little" : "big",
+			fields: spec.fields.map((field) => ({
+				name: field.name,
+				offset: field.offset,
+				length: field.length,
+				type: this.toLegacyFieldType(field),
+				...field.description ? { description: field.description } : {}
+			}))
+		};
+	}
+	createSpecFromLegacyPattern(pattern) {
+		return {
+			name: pattern.name,
+			fieldDelimiter: pattern.fieldDelimiter,
+			byteOrder: pattern.byteOrder === "little" ? "le" : "be",
+			fields: pattern.fields.map((field) => ({
+				name: field.name,
+				offset: field.offset,
+				length: field.length,
+				type: this.toSpecFieldType(field.type),
+				...field.description ? { description: field.description } : {}
+			}))
+		};
+	}
+	isLegacyPattern(pattern) {
+		return pattern.byteOrder === "big" || pattern.byteOrder === "little";
+	}
+	toLegacyFieldType(field) {
+		if (field.type === "float") return "float";
+		if (field.type === "string") return "string";
+		if (field.type === "bytes") return "bytes";
+		if (field.length === 1) return "uint8";
+		if (field.length === 2) return "uint16";
+		if (field.length === 4) return "uint32";
+		return "int64";
+	}
+	toSpecFieldType(fieldType) {
+		if (fieldType === "float") return "float";
+		if (fieldType === "string") return "string";
+		if (fieldType === "bytes") return "bytes";
+		return "int";
+	}
+	parseDelimiter(delimiter) {
+		if (isHexPayload(delimiter)) {
+			const parsed = parseHexPayload(delimiter);
+			if (parsed) return parsed;
+		}
+		return Buffer.from(delimiter, "utf8");
+	}
+	toProtoType(type) {
+		return {
+			uint8: "uint32",
+			uint16: "uint32",
+			uint32: "uint32",
+			int64: "int64",
+			float: "float",
+			string: "string",
+			bytes: "bytes"
+		}[type];
+	}
+	toPascalCase(name) {
+		return name.replace(/[^a-zA-Z0-9_]/g, "_").split("_").filter(Boolean).map((part) => part.charAt(0).toUpperCase() + part.slice(1)).join("") || "Message";
+	}
+};
+//#endregion
+//#region src/modules/protocol-analysis/StateMachineInferrer.ts
+function isRecord(value) {
+	return value !== null && typeof value === "object" && !Array.isArray(value);
 }
-function readUint32(buffer, offset, endianness) {
-	return endianness === "little" ? buffer.readUInt32LE(offset) : buffer.readUInt32BE(offset);
+function normalizeText(value) {
+	return value.trim().toLowerCase();
 }
-function readUint16(buffer, offset, endianness) {
-	return endianness === "little" ? buffer.readUInt16LE(offset) : buffer.readUInt16BE(offset);
+function calculateEntropy(buffer) {
+	if (buffer.length === 0) return 0;
+	const frequency = /* @__PURE__ */ new Map();
+	for (const byte of buffer) frequency.set(byte, (frequency.get(byte) ?? 0) + 1);
+	let entropy = 0;
+	for (const count of frequency.values()) {
+		const p = count / buffer.length;
+		if (p > 0) entropy -= p * Math.log2(p);
+	}
+	return entropy;
 }
-function getPcapMagic(endianness, precision) {
-	const hex = endianness === "little" ? precision === "nano" ? "4d3cb2a1" : "d4c3b2a1" : precision === "nano" ? "a1b23c4d" : "a1b2c3d4";
-	return Buffer.from(hex, "hex");
+function printableRatioOf(value) {
+	if (value.length === 0) return 0;
+	let count = 0;
+	for (let i = 0; i < value.length; i += 1) {
+		const code = value.charCodeAt(i);
+		if (code >= 32 && code <= 126) count += 1;
+	}
+	return count / value.length;
 }
-function parsePcapHeader(buffer) {
-	if (buffer.length < 24) throw new Error("PCAP file is too small to contain a global header");
-	const magic = buffer.subarray(0, 4).toString("hex");
-	let endianness;
-	let timestampPrecision;
-	switch (magic) {
-		case "d4c3b2a1":
-			endianness = "little";
-			timestampPrecision = "micro";
-			break;
-		case "4d3cb2a1":
-			endianness = "little";
-			timestampPrecision = "nano";
-			break;
-		case "a1b2c3d4":
-			endianness = "big";
-			timestampPrecision = "micro";
-			break;
-		case "a1b23c4d":
-			endianness = "big";
-			timestampPrecision = "nano";
-			break;
-		default: throw new Error("Unsupported capture format: only classic PCAP files are supported");
+var StateMachineInferrer = class {
+	infer(messages) {
+		if (messages.length === 0) return {
+			states: [],
+			transitions: [],
+			initial: "",
+			initialState: "",
+			finalStates: []
+		};
+		const statesBySignature = /* @__PURE__ */ new Map();
+		const transitionsByKey = /* @__PURE__ */ new Map();
+		let previousStateId = "";
+		for (let index = 0; index < messages.length; index += 1) {
+			const message = messages[index];
+			if (!message) continue;
+			const signature = this.buildSignature(message);
+			let state = statesBySignature.get(signature);
+			if (!state) {
+				state = {
+					id: `state_${statesBySignature.size + 1}`,
+					name: this.buildStateName(message, statesBySignature.size + 1),
+					type: this.inferStateType(message, index === messages.length - 1)
+				};
+				statesBySignature.set(signature, state);
+			} else state.type = this.mergeStateTypes(state.type, this.inferStateType(message, index === messages.length - 1));
+			if (previousStateId && message.timestamp !== void 0) {
+				const firstMessage = messages[0];
+				if (firstMessage && firstMessage.timestamp !== void 0) state.timeout = message.timestamp - firstMessage.timestamp;
+			}
+			if (previousStateId) {
+				const event = this.buildEventName(message);
+				const condition = this.buildCondition(message.fields);
+				const action = this.buildAction(message);
+				const transitionKey = `${previousStateId}:${state.id}:${event}`;
+				if (!transitionsByKey.has(transitionKey)) transitionsByKey.set(transitionKey, {
+					from: previousStateId,
+					to: state.id,
+					event,
+					confidence: this.computeTransitionConfidence(message),
+					...condition ? { condition } : {},
+					...action ? { action } : {}
+				});
+			}
+			previousStateId = state.id;
+		}
+		const firstMessage = messages[0];
+		const initial = firstMessage ? statesBySignature.get(this.buildSignature(firstMessage))?.id ?? "" : "";
+		return {
+			states: [...statesBySignature.values()],
+			transitions: [...transitionsByKey.values()],
+			initial,
+			initialState: initial,
+			finalStates: this.collectTerminalStates([...statesBySignature.values()])
+		};
+	}
+	visualize(machine) {
+		if (machine.states.length === 0) return [
+			"```mermaid",
+			"stateDiagram-v2",
+			"  [*] --> empty",
+			"```"
+		].join("\n");
+		const lines = ["```mermaid", "stateDiagram-v2"];
+		const initial = machine.initialState ?? machine.initial;
+		if (initial) lines.push(`  [*] --> ${initial}`);
+		for (const state of machine.states) {
+			const stateType = state.type ?? "normal";
+			const label = stateType === "normal" ? state.name : `${state.name} (${stateType})`;
+			lines.push(`  state "${label}" as ${state.id}`);
+		}
+		for (const transition of machine.transitions) {
+			const parts = [transition.event ?? transition.trigger ?? "transition"];
+			if (typeof transition.confidence === "number") parts.push(`(${transition.confidence.toFixed(2)})`);
+			if (transition.condition) parts.push(`[${transition.condition}]`);
+			if (transition.action) parts.push(`/ ${transition.action}`);
+			lines.push(`  ${transition.from} --> ${transition.to} : ${parts.join(" ")}`);
+		}
+		const finalStateSet = new Set(machine.finalStates ?? []);
+		for (const state of machine.states) {
+			const stateType = state.type ?? "normal";
+			if (stateType === "accept" || stateType === "reject" || finalStateSet.has(state.id)) lines.push(`  ${state.id} --> [*]`);
+		}
+		lines.push("```");
+		return lines.join("\n");
+	}
+	inferStateMachine(messages) {
+		const normalizedMessages = messages.map((message) => ({
+			direction: message.direction === "out" ? "req" : "res",
+			timestamp: message.timestamp ?? 0,
+			fields: {},
+			raw: message.payload.length > 0 ? message.payload.toString("utf8") : message.payload.toString("hex"),
+			rawBuffer: message.payload
+		}));
+		return this.infer(normalizedMessages);
+	}
+	generateMermaid(machine) {
+		return this.visualize(machine);
+	}
+	simplify(machine) {
+		if (machine.states.length < 2) return {
+			...machine,
+			initialState: machine.initialState ?? machine.initial,
+			finalStates: machine.finalStates ?? this.collectTerminalStates(machine.states)
+		};
+		const stateToGroup = /* @__PURE__ */ new Map();
+		const groupRepresentative = /* @__PURE__ */ new Map();
+		for (const state of machine.states) {
+			const prefix = this.getPayloadPrefix(state);
+			if (!prefix) continue;
+			const existingGroup = [...groupRepresentative.entries()].find(([key]) => key === prefix);
+			if (existingGroup) stateToGroup.set(state.id, existingGroup[0]);
+			else {
+				groupRepresentative.set(prefix, state.id);
+				stateToGroup.set(state.id, prefix);
+			}
+		}
+		const mergeMap = /* @__PURE__ */ new Map();
+		const groupIdToPrimary = /* @__PURE__ */ new Map();
+		for (const [prefix, primaryId] of groupRepresentative) groupIdToPrimary.set(prefix, primaryId);
+		for (const state of machine.states) {
+			const prefix = this.getPayloadPrefix(state);
+			if (!prefix) continue;
+			const primary = groupIdToPrimary.get(prefix);
+			if (primary && primary !== state.id) mergeMap.set(state.id, primary);
+		}
+		if (mergeMap.size === 0) return {
+			...machine,
+			initialState: machine.initialState ?? machine.initial,
+			finalStates: machine.finalStates ?? this.collectTerminalStates(machine.states)
+		};
+		const newStates = machine.states.filter((state) => !mergeMap.has(state.id));
+		const newTransitions = machine.transitions.map((t) => ({
+			...t,
+			from: mergeMap.get(t.from) ?? t.from,
+			to: mergeMap.get(t.to) ?? t.to
+		})).filter((t) => t.from !== t.to);
+		const rawInitialState = machine.initialState ?? machine.initial ?? "";
+		const initialState = mergeMap.get(rawInitialState) ?? rawInitialState;
+		return {
+			states: newStates,
+			transitions: newTransitions,
+			initial: initialState,
+			initialState,
+			finalStates: machine.finalStates.map((fs) => mergeMap.get(fs) ?? fs).filter((fs, index, arr) => arr.indexOf(fs) === index)
+		};
 	}
-	return {
-		endianness,
-		timestampPrecision,
-		versionMajor: readUint16(buffer, 4, endianness),
-		versionMinor: readUint16(buffer, 6, endianness),
-		snapLength: readUint32(buffer, 16, endianness),
-		linkType: readUint32(buffer, 20, endianness)
-	};
-}
-function parsePcapPacketInput(value, index) {
-	if (!isRecord(value)) throw new Error(`packets[${index}] must be an object`);
-	const data = parseHexPayload(value.dataHex, `packets[${index}].dataHex`);
-	const timestampSeconds = value.timestampSeconds === void 0 ? 0 : parseNonNegativeInteger(value.timestampSeconds, `packets[${index}].timestampSeconds`);
-	const timestampFraction = value.timestampFraction === void 0 ? 0 : parseNonNegativeInteger(value.timestampFraction, `packets[${index}].timestampFraction`);
-	const originalLength = value.originalLength === void 0 ? data.length : parsePositiveInteger(value.originalLength, `packets[${index}].originalLength`);
-	if (originalLength < data.length) throw new Error(`packets[${index}].originalLength must be >= included packet length`);
-	return {
-		data,
-		timestampSeconds,
-		timestampFraction,
-		originalLength
-	};
-}
-function buildClassicPcap(args) {
-	const globalHeader = Buffer.alloc(24);
-	getPcapMagic(args.endianness, args.timestampPrecision).copy(globalHeader, 0);
-	writeUint16(globalHeader, 4, 2, args.endianness);
-	writeUint16(globalHeader, 6, 4, args.endianness);
-	writeUint32(globalHeader, 8, 0, args.endianness);
-	writeUint32(globalHeader, 12, 0, args.endianness);
-	writeUint32(globalHeader, 16, args.snapLength, args.endianness);
-	writeUint32(globalHeader, 20, args.linkType, args.endianness);
-	const records = args.packets.map((packet) => {
-		const header = Buffer.alloc(16);
-		writeUint32(header, 0, packet.timestampSeconds, args.endianness);
-		writeUint32(header, 4, packet.timestampFraction, args.endianness);
-		writeUint32(header, 8, packet.data.length, args.endianness);
-		writeUint32(header, 12, packet.originalLength, args.endianness);
-		return Buffer.concat([header, packet.data]);
-	});
-	return Buffer.concat([globalHeader, ...records]);
-}
-function readClassicPcap(buffer, maxPackets, maxBytesPerPacket) {
-	const header = parsePcapHeader(buffer);
-	const packets = [];
-	let offset = 24;
-	while (offset < buffer.length) {
-		if (maxPackets !== void 0 && packets.length >= maxPackets) break;
-		if (offset + 16 > buffer.length) throw new Error("PCAP file ends with an incomplete packet header");
-		const timestampSeconds = readUint32(buffer, offset, header.endianness);
-		const timestampFraction = readUint32(buffer, offset + 4, header.endianness);
-		const includedLength = readUint32(buffer, offset + 8, header.endianness);
-		const originalLength = readUint32(buffer, offset + 12, header.endianness);
-		offset += 16;
-		if (offset + includedLength > buffer.length) throw new Error("PCAP file ends with an incomplete packet payload");
-		const packetBytes = buffer.subarray(offset, offset + includedLength);
-		offset += includedLength;
-		const limit = maxBytesPerPacket === void 0 ? packetBytes.length : maxBytesPerPacket;
-		const visibleLength = Math.min(limit, packetBytes.length);
-		packets.push({
-			index: packets.length,
-			timestampSeconds,
-			timestampFraction,
-			includedLength,
-			originalLength,
-			dataHex: packetBytes.subarray(0, visibleLength).toString("hex"),
-			truncated: visibleLength < packetBytes.length
-		});
+	getPayloadPrefix(state) {
+		const payload = state.expectedPayload;
+		if (!payload || payload.length < 8) return null;
+		return payload.slice(0, 8).toLowerCase();
 	}
-	return {
-		header,
-		packets
-	};
-}
+	buildSignature(message) {
+		const fieldKeys = Object.keys(message.fields).toSorted().join(",");
+		const rawPrefix = normalizeText(message.rawBuffer ? message.rawBuffer.toString("hex") : message.raw).slice(0, 24);
+		return `${message.direction}|${fieldKeys}|${rawPrefix}`;
+	}
+	buildStateName(message, position) {
+		const directionName = message.direction === "req" ? "send" : "recv";
+		const primaryField = this.findPrimaryFieldName(message.fields);
+		const raw = message.raw;
+		if (raw.length === 0) return `${directionName}_empty`;
+		const buf = message.rawBuffer;
+		const hexContent = Buffer.isBuffer(buf) ? buf.toString("hex") : raw;
+		if (hexContent.startsWith("16") || hexContent.startsWith("15") || hexContent.startsWith("17")) return `${directionName}_tls_handshake`;
+		const trimmed = raw.trimStart();
+		if (trimmed.startsWith("{") || trimmed.startsWith("[")) return `${directionName}_json_${primaryField || `step_${position}`}`;
+		if (printableRatioOf(raw) >= .7) {
+			const lower = normalizeText(raw);
+			if (lower.includes("close") || lower.includes("fin") || lower.includes("bye")) return `${directionName}_close`;
+			if (lower.startsWith("get ") || lower.startsWith("post ") || lower.startsWith("http")) return `${directionName}_text_http`;
+			return `${directionName}_text_${primaryField || `step_${position}`}`;
+		}
+		if (Buffer.isBuffer(buf) && buf.length >= 32) {
+			if (calculateEntropy(buf) > 6) return `${directionName}_encrypted`;
+		}
+		if (Buffer.isBuffer(buf) && buf.length <= 4) return `${directionName}_control`;
+		return `${directionName}_${primaryField || `step_${position}`}`;
+	}
+	findPrimaryFieldName(fields) {
+		const firstKey = Object.keys(fields).toSorted()[0];
+		return firstKey ? firstKey : "";
+	}
+	inferStateType(message, isLastMessage) {
+		const text = normalizeText(message.raw);
+		const statusValue = this.findStatusValue(message.fields);
+		if (this.containsRejectSignal(text) || this.containsRejectSignal(statusValue)) return "reject";
+		if (this.containsAcceptSignal(text) || this.containsAcceptSignal(statusValue) || isLastMessage && message.direction === "res") return "accept";
+		return "normal";
+	}
+	mergeStateTypes(current, next) {
+		if (current === "reject" || next === "reject") return "reject";
+		if (current === "accept" || next === "accept") return "accept";
+		return "normal";
+	}
+	findStatusValue(fields) {
+		for (const key of [
+			"status",
+			"result",
+			"code",
+			"reason",
+			"message"
+		]) {
+			const value = fields[key];
+			if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") return String(value);
+		}
+		return "";
+	}
+	containsRejectSignal(value) {
+		return [
+			"error",
+			"fail",
+			"denied",
+			"reject",
+			"timeout",
+			"invalid"
+		].some((token) => normalizeText(value).includes(token));
+	}
+	containsAcceptSignal(value) {
+		return [
+			"ok",
+			"success",
+			"accept",
+			"ready",
+			"done",
+			"complete"
+		].some((token) => normalizeText(value).includes(token));
+	}
+	buildEventName(message) {
+		const statusValue = this.findStatusValue(message.fields);
+		if (statusValue) return `${message.direction}_${normalizeText(statusValue).replace(/[^a-z0-9]+/g, "_")}`;
+		const primaryField = this.findPrimaryFieldName(message.fields);
+		if (primaryField) return `${message.direction}_${primaryField}`;
+		return `${message.direction}_message`;
+	}
+	buildCondition(fields) {
+		const statusValue = this.findStatusValue(fields);
+		if (statusValue) return `status=${statusValue}`;
+		const keys = Object.keys(fields).toSorted().slice(0, 2);
+		if (keys.length === 0) return;
+		const fragments = [];
+		for (const key of keys) {
+			const value = fields[key];
+			if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") fragments.push(`${key}=${value}`);
+		}
+		return fragments.length > 0 ? fragments.join(", ") : void 0;
+	}
+	buildAction(message) {
+		const statusValue = this.findStatusValue(message.fields);
+		if (this.containsRejectSignal(statusValue) || this.containsRejectSignal(message.raw)) return "reject";
+		if (this.containsAcceptSignal(statusValue) || this.containsAcceptSignal(message.raw)) return "complete";
+		const rawText = normalizeText(message.raw);
+		if (rawText.includes("ack")) return "acknowledge";
+		if (rawText.includes("retry")) return "retry";
+		if (Object.keys(message.fields).length > 0 && isRecord(message.fields)) return message.direction === "req" ? "send" : "receive";
+	}
+	collectTerminalStates(states) {
+		const terminalIds = states.filter((state) => {
+			const stateType = state.type ?? "normal";
+			return stateType === "accept" || stateType === "reject";
+		}).map((state) => state.id);
+		for (const state of states) {
+			const lower = normalizeText(state.name);
+			if (lower.includes("close") || lower.includes("fin") || lower.includes("bye")) {
+				if (!terminalIds.includes(state.id)) terminalIds.push(state.id);
+			}
+		}
+		return terminalIds;
+	}
+	computeTransitionConfidence(message) {
+		let confidence = .3;
+		if (Object.keys(message.fields).length > 0) confidence += .3;
+		if (this.findStatusValue(message.fields)) confidence += .2;
+		if (message.raw.length > 0) confidence += .2;
+		return Math.min(confidence, 1);
+	}
+};
 //#endregion
-//#region src/server/domains/protocol-analysis/handlers/handler-class.ts
-var ProtocolAnalysisHandlers = class {
+//#region src/server/domains/protocol-analysis/handlers/base.ts
+const EMPTY_STATE_MACHINE = {
+	states: [],
+	transitions: [],
+	initial: "",
+	initialState: "",
+	finalStates: []
+};
+var ProtocolAnalysisBaseHandlers = class {
 	engine;
 	inferrer;
 	eventBus;
@@ -1534,6 +1759,27 @@ var ProtocolAnalysisHandlers = class {
 		this.inferrer = inferrer;
 		this.eventBus = eventBus;
 	}
+	emitEvent(event, payload) {
+		this.eventBus?.emit(event, {
+			...payload,
+			timestamp: (/* @__PURE__ */ new Date()).toISOString()
+		});
+	}
+	getEngine() {
+		if (!this.engine) this.engine = new ProtocolPatternEngine();
+		return this.engine;
+	}
+	getInferrer() {
+		if (!this.inferrer) this.inferrer = new StateMachineInferrer();
+		return this.inferrer;
+	}
+	errorMessage(error) {
+		return error instanceof Error ? error.message : String(error);
+	}
+};
+//#endregion
+//#region src/server/domains/protocol-analysis/handlers/pattern-handlers.ts
+var ProtocolAnalysisPatternHandlers = class extends ProtocolAnalysisBaseHandlers {
 	async handleDefinePattern(args) {
 		try {
 			const name = typeof args.name === "string" && args.name.trim().length > 0 ? args.name : "unnamed_pattern";
@@ -1571,7 +1817,7 @@ var ProtocolAnalysisHandlers = class {
 					byteOrder: "big"
 				},
 				success: false,
-				error: error instanceof Error ? error.message : String(error)
+				error: this.errorMessage(error)
 			};
 		}
 	}
@@ -1598,10 +1844,9 @@ var ProtocolAnalysisHandlers = class {
 				fields: [],
 				byteOrder: "big"
 			};
-			this.eventBus?.emit("protocol:pattern_detected", {
+			this.emitEvent("protocol:pattern_detected", {
 				patternName: namedPattern.name,
-				confidence: 0,
-				timestamp: (/* @__PURE__ */ new Date()).toISOString()
+				confidence: 0
 			});
 			return {
 				patterns: [result],
@@ -1611,7 +1856,7 @@ var ProtocolAnalysisHandlers = class {
 			return {
 				patterns: [],
 				success: false,
-				error: error instanceof Error ? error.message : String(error)
+				error: this.errorMessage(error)
 			};
 		}
 	}
@@ -1626,7 +1871,7 @@ var ProtocolAnalysisHandlers = class {
 			return {
 				fields: [],
 				success: false,
-				error: error instanceof Error ? error.message : String(error)
+				error: this.errorMessage(error)
 			};
 		}
 	}
@@ -1637,18 +1882,18 @@ var ProtocolAnalysisHandlers = class {
 			if (!pattern) return { schema: `// Error: pattern '${patternId}' not found` };
 			return { schema: this.getEngine().exportProto(pattern) };
 		} catch (error) {
-			return { schema: `// Error: ${error instanceof Error ? error.message : String(error)}` };
+			return { schema: `// Error: ${this.errorMessage(error)}` };
 		}
 	}
 	async handleInferStateMachine(args) {
 		try {
 			const rawMessages = args.messages;
 			if (!Array.isArray(rawMessages)) throw new Error("messages must be an array");
-			const hasLegacyShape = rawMessages.some((message) => isRecord(message) && (message.direction === "in" || message.direction === "out"));
+			const hasLegacyShape = rawMessages.some((message) => isRecord$1(message) && (message.direction === "in" || message.direction === "out"));
 			let stateMachine;
 			if (hasLegacyShape) {
 				const legacyMessages = rawMessages.map((message, index) => {
-					if (!isRecord(message)) throw new Error(`messages[${index}] must be an object`);
+					if (!isRecord$1(message)) throw new Error(`messages[${index}] must be an object`);
 					const direction = message.direction;
 					const payloadHex = typeof message.payloadHex === "string" ? message.payloadHex : "";
 					const timestamp = typeof message.timestamp === "number" ? message.timestamp : void 0;
@@ -1673,43 +1918,35 @@ var ProtocolAnalysisHandlers = class {
 			};
 		} catch (error) {
 			return {
-				stateMachine: {
-					states: [],
-					transitions: [],
-					initial: "",
-					initialState: "",
-					finalStates: []
-				},
+				stateMachine: { ...EMPTY_STATE_MACHINE },
 				success: false,
-				error: error instanceof Error ? error.message : String(error)
+				error: this.errorMessage(error)
 			};
 		}
 	}
 	async handleVisualizeState(args) {
 		try {
 			const stateMachineValue = args.stateMachine;
-			if (!isRecord(stateMachineValue)) return { mermaidDiagram: this.getInferrer().generateMermaid({
-				states: [],
-				transitions: [],
-				initial: "",
-				initialState: "",
-				finalStates: []
-			}) };
+			if (!isRecord$1(stateMachineValue)) return { mermaidDiagram: this.getInferrer().generateMermaid(EMPTY_STATE_MACHINE) };
 			const states = Array.isArray(stateMachineValue.states) ? stateMachineValue.states : [];
 			const transitions = Array.isArray(stateMachineValue.transitions) ? stateMachineValue.transitions : [];
 			const initialState = typeof stateMachineValue.initialState === "string" ? stateMachineValue.initialState : "";
 			const finalStates = Array.isArray(stateMachineValue.finalStates) ? stateMachineValue.finalStates.filter((state) => typeof state === "string") : [];
 			return { mermaidDiagram: this.getInferrer().generateMermaid({
-				states: states.filter((state) => isRecord(state)),
-				transitions: transitions.filter((transition) => isRecord(transition)),
+				states: states.filter((state) => isRecord$1(state)),
+				transitions: transitions.filter((transition) => isRecord$1(transition)),
 				initial: initialState,
 				initialState,
 				finalStates
 			}) };
 		} catch (error) {
-			return { mermaidDiagram: `stateDiagram-v2\n  note right of empty: ${error instanceof Error ? error.message : String(error)}` };
+			return { mermaidDiagram: `stateDiagram-v2\n  note right of empty: ${this.errorMessage(error)}` };
 		}
 	}
+};
+//#endregion
+//#region src/server/domains/protocol-analysis/handlers/payload-handlers.ts
+var ProtocolAnalysisPayloadHandlers = class extends ProtocolAnalysisPatternHandlers {
 	async handlePayloadTemplateBuild(args) {
 		try {
 			const rawFields = args.fields;
@@ -1731,7 +1968,7 @@ var ProtocolAnalysisHandlers = class {
 				byteLength: 0,
 				fields: [],
 				success: false,
-				error: error instanceof Error ? error.message : String(error)
+				error: this.errorMessage(error)
 			};
 		}
 	}
@@ -1768,16 +2005,20 @@ var ProtocolAnalysisHandlers = class {
 				byteLength: 0,
 				appliedMutations: [],
 				success: false,
-				error: error instanceof Error ? error.message : String(error)
+				error: this.errorMessage(error)
 			};
 		}
 	}
+};
+//#endregion
+//#region src/server/domains/protocol-analysis/handlers/link-layer-handlers.ts
+var ProtocolAnalysisLinkLayerHandlers = class extends ProtocolAnalysisPayloadHandlers {
 	async handleEthernetFrameBuild(args) {
 		try {
 			const destinationMac = parseMacAddress(args.destinationMac, "destinationMac");
 			const sourceMac = parseMacAddress(args.sourceMac, "sourceMac");
 			const etherType = parseEtherType(args.etherType, "etherType");
-			const frame = buildEthernetFrame(destinationMac, sourceMac, etherType, parseHexPayload(args.payloadHex, "payloadHex"));
+			const frame = buildEthernetFrame(destinationMac, sourceMac, etherType, parseHexPayload$1(args.payloadHex, "payloadHex"));
 			this.emitEvent("protocol:ethernet_frame_built", {
 				byteLength: frame.length,
 				etherType: `0x${etherType.toString(16).padStart(4, "0")}`
@@ -1802,7 +2043,7 @@ var ProtocolAnalysisHandlers = class {
 				headerHex: "",
 				frameHex: "",
 				success: false,
-				error: error instanceof Error ? error.message : String(error)
+				error: this.errorMessage(error)
 			};
 		}
 	}
@@ -1848,14 +2089,18 @@ var ProtocolAnalysisHandlers = class {
 				targetMac: "",
 				targetIp: "",
 				success: false,
-				error: error instanceof Error ? error.message : String(error)
+				error: this.errorMessage(error)
 			};
 		}
 	}
+};
+//#endregion
+//#region src/server/domains/protocol-analysis/handlers/ip-packet-handlers.ts
+var ProtocolAnalysisIpPacketHandlers = class extends ProtocolAnalysisLinkLayerHandlers {
 	async handleRawIpPacketBuild(args) {
 		try {
 			const version = args.version === "ipv6" ? "ipv6" : "ipv4";
-			const payload = parseHexPayload(args.payloadHex ?? "", "payloadHex");
+			const payload = parseHexPayload$1(args.payloadHex ?? "", "payloadHex");
 			const protocol = parseIpProtocol(args.protocol, "protocol");
 			const dscp = args.dscp === void 0 ? 0 : parseNonNegativeInteger(args.dscp, "dscp");
 			const ecn = args.ecn === void 0 ? 0 : parseNonNegativeInteger(args.ecn, "ecn");
@@ -1937,7 +2182,7 @@ var ProtocolAnalysisHandlers = class {
 				payloadHex: "",
 				checksumHex: null,
 				success: false,
-				error: error instanceof Error ? error.message : String(error)
+				error: this.errorMessage(error)
 			};
 		}
 	}
@@ -1948,7 +2193,7 @@ var ProtocolAnalysisHandlers = class {
 			const sequenceNumber = args.sequenceNumber === void 0 ? 0 : parseNonNegativeInteger(args.sequenceNumber, "sequenceNumber");
 			if (identifier > 65535) throw new Error("identifier must be between 0 and 65535");
 			if (sequenceNumber > 65535) throw new Error("sequenceNumber must be between 0 and 65535");
-			const payload = parseHexPayload(args.payloadHex ?? "", "payloadHex");
+			const payload = parseHexPayload$1(args.payloadHex ?? "", "payloadHex");
 			const { packet, checksum } = buildIcmpEcho({
 				operation,
 				identifier,
@@ -1983,13 +2228,17 @@ var ProtocolAnalysisHandlers = class {
 				packetHex: "",
 				payloadHex: "",
 				success: false,
-				error: error instanceof Error ? error.message : String(error)
+				error: this.errorMessage(error)
 			};
 		}
 	}
+};
+//#endregion
+//#region src/server/domains/protocol-analysis/handlers/checksum-handlers.ts
+var ProtocolAnalysisChecksumHandlers = class extends ProtocolAnalysisIpPacketHandlers {
 	async handleChecksumApply(args) {
 		try {
-			const payload = parseHexPayload(args.hexPayload, "hexPayload");
+			const payload = parseHexPayload$1(args.hexPayload, "hexPayload");
 			const rangeStart = args.startOffset === void 0 ? 0 : parseNonNegativeInteger(args.startOffset, "startOffset");
 			const rangeEnd = args.endOffset === void 0 ? payload.length : parseNonNegativeInteger(args.endOffset, "endOffset");
 			if (rangeStart > rangeEnd || rangeEnd > payload.length) throw new Error("checksum range must stay within the payload");
@@ -2031,13 +2280,23 @@ var ProtocolAnalysisHandlers = class {
 				rangeStart: 0,
 				rangeEnd: 0,
 				success: false,
-				error: error instanceof Error ? error.message : String(error)
+				error: this.errorMessage(error)
 			};
 		}
 	}
+};
+//#endregion
+//#region src/server/domains/protocol-analysis/handlers/packet-build-handlers.ts
+/**
+* ProtocolAnalysisPacketBuildHandlers — thin facade over packet build handlers.
+*/
+var ProtocolAnalysisPacketBuildHandlers = class extends ProtocolAnalysisChecksumHandlers {};
+//#endregion
+//#region src/server/domains/protocol-analysis/handlers/pcap-handlers.ts
+var ProtocolAnalysisPcapHandlers = class extends ProtocolAnalysisPacketBuildHandlers {
 	async handlePcapWrite(args) {
 		try {
-			if (typeof args.path !== "string" || args.path.trim().length === 0) throw new Error("path must be a non-empty string");
+			const path = this.parseRequiredPath(args);
 			if (!Array.isArray(args.packets)) throw new Error("packets must be an array");
 			const packets = args.packets.map((entry, index) => parsePcapPacketInput(entry, index));
 			const endianness = parsePacketEndianness(args.endianness);
@@ -2051,14 +2310,14 @@ var ProtocolAnalysisHandlers = class {
 				snapLength,
 				linkType
 			});
-			await writeFile$1(args.path, buffer);
+			await writeFile$1(path, buffer);
 			this.emitEvent("protocol:pcap_written", {
-				path: args.path,
+				path,
 				packetCount: packets.length,
 				byteLength: buffer.length
 			});
 			return {
-				path: args.path,
+				path,
 				packetCount: packets.length,
 				byteLength: buffer.length,
 				endianness,
@@ -2075,22 +2334,22 @@ var ProtocolAnalysisHandlers = class {
 				timestampPrecision: null,
 				linkType: null,
 				success: false,
-				error: error instanceof Error ? error.message : String(error)
+				error: this.errorMessage(error)
 			};
 		}
 	}
 	async handlePcapRead(args) {
 		try {
-			if (typeof args.path !== "string" || args.path.trim().length === 0) throw new Error("path must be a non-empty string");
+			const path = this.parseRequiredPath(args);
 			const maxPackets = args.maxPackets === void 0 ? void 0 : parsePositiveInteger(args.maxPackets, "maxPackets");
 			const maxBytesPerPacket = args.maxBytesPerPacket === void 0 ? void 0 : parsePositiveInteger(args.maxBytesPerPacket, "maxBytesPerPacket");
-			const { header, packets } = readClassicPcap(await readFile$1(args.path), maxPackets, maxBytesPerPacket);
+			const { header, packets } = readClassicPcap(await readFile$1(path), maxPackets, maxBytesPerPacket);
 			this.emitEvent("protocol:pcap_read", {
-				path: args.path,
+				path,
 				packetCount: packets.length
 			});
 			return {
-				path: args.path,
+				path,
 				header,
 				packets,
 				success: true
@@ -2101,24 +2360,178 @@ var ProtocolAnalysisHandlers = class {
 				header: null,
 				packets: [],
 				success: false,
-				error: error instanceof Error ? error.message : String(error)
+				error: this.errorMessage(error)
 			};
 		}
 	}
-	emitEvent(event, payload) {
-		this.eventBus?.emit(event, {
-			...payload,
-			timestamp: (/* @__PURE__ */ new Date()).toISOString()
-		});
-	}
-	getEngine() {
-		if (!this.engine) this.engine = new ProtocolPatternEngine();
-		return this.engine;
+	parseRequiredPath(args) {
+		if (typeof args.path !== "string" || args.path.trim().length === 0) throw new Error("path must be a non-empty string");
+		return args.path;
 	}
-	getInferrer() {
-		if (!this.inferrer) this.inferrer = new StateMachineInferrer();
-		return this.inferrer;
+};
+//#endregion
+//#region src/server/domains/protocol-analysis/handlers/packet-handlers.ts
+/**
+* ProtocolAnalysisPacketHandlers — thin facade over packet build + PCAP handlers.
+*/
+var ProtocolAnalysisPacketHandlers = class extends ProtocolAnalysisPcapHandlers {};
+//#endregion
+//#region src/server/domains/protocol-analysis/handlers/fingerprint-handlers.ts
+/**
+* ProtocolAnalysisFingerprintHandlers — protocol fingerprint heuristics.
+*/
+var ProtocolAnalysisFingerprintHandlers = class extends ProtocolAnalysisPacketHandlers {
+	async handleProtoFingerprint(args) {
+		const hexPayloads = argStringArray(args, "hexPayloads");
+		const includeKnown = args.includeKnownProtocols !== false;
+		const includeHints = args.includeFieldHints !== false;
+		if (hexPayloads.length === 0) return asJsonResponse({
+			success: false,
+			error: "hexPayloads is required"
+		});
+		return asJsonResponse({
+			success: true,
+			fingerprints: hexPayloads.map((hex, index) => {
+				const clean = hex.replace(/\s/g, "");
+				const matches = [];
+				const actualBytes = clean.length / 2;
+				const tlsRecordLen = actualBytes >= 5 ? readU16(clean, 3) : -1;
+				const hasCompleteTlsRecord = Number.isFinite(tlsRecordLen) && tlsRecordLen >= 0 && actualBytes >= 5 + tlsRecordLen;
+				const isTlsClientHello = hasCompleteTlsRecord && tlsRecordLen >= PROTO_TLS_MIN_RECORD_LEN && readU8(clean, 0) === 22 && readU8(clean, 5) === 1;
+				const isDns = isLikelyDnsHeader(clean);
+				const isHttp = Object.keys(HTTP_METHODS).some((method) => clean.toUpperCase().startsWith(method));
+				const isSsh = clean.toUpperCase().startsWith("5353482D");
+				const isWs = clean.length >= 4 && (() => {
+					const b0 = readU8(clean, 0);
+					const b1 = readU8(clean, 1);
+					const opcode = b0 & 15;
+					if (opcode === 0) return false;
+					const validOpcode = opcode <= 10 && !(opcode >= 3 && opcode <= 7);
+					const masked = (b1 >> 7 & 1) === 1;
+					const wsByteCount = clean.length / 2;
+					let payloadLen = b1 & 127;
+					let headerBytes = 2;
+					if (payloadLen === 126) {
+						if (wsByteCount < 4) return false;
+						payloadLen = readU16(clean, 2);
+						headerBytes = 4;
+					} else if (payloadLen === 127) {
+						if (wsByteCount < 10) return false;
+						const hi32 = readU16(clean, 2) << 16 | readU16(clean, 4);
+						const lo32 = readU16(clean, 6) << 16 | readU16(clean, 8);
+						payloadLen = hi32 > 0 ? 4294967295 : lo32;
+						headerBytes = 10;
+					}
+					return validOpcode && wsByteCount >= headerBytes + (masked ? 4 : 0) + payloadLen;
+				})();
+				let deepParse = null;
+				if (isTlsClientHello) {
+					matches.push({
+						protocol: "TLS ClientHello",
+						layer: "L6-TLS",
+						confidence: PROTO_TLS_CONFIDENCE
+					});
+					if (includeHints) deepParse = parseTlsClientHello(clean);
+				} else if (isHttp) {
+					matches.push({
+						protocol: "HTTP/1.x",
+						layer: "L7-HTTP",
+						confidence: PROTO_HTTP_CONFIDENCE
+					});
+					if (includeHints) deepParse = {
+						method: Object.entries(HTTP_METHODS).find(([prefix]) => clean.toUpperCase().startsWith(prefix))?.[1] ?? "UNKNOWN",
+						httpVersion: clean.indexOf("2048545450") > 0 ? "1.x" : "unknown"
+					};
+				} else if (isSsh) {
+					matches.push({
+						protocol: "SSH",
+						layer: "L7-SSH",
+						confidence: PROTO_SSH_CONFIDENCE
+					});
+					if (includeHints && clean.length >= 20) deepParse = { banner: Buffer.from(clean.substring(0, Math.min(clean.length, 80)), "hex").toString("ascii") };
+				} else if (isWs) {
+					matches.push({
+						protocol: "WebSocket",
+						layer: "L7-WS",
+						confidence: PROTO_WS_CONFIDENCE
+					});
+					if (includeHints && clean.length >= 4) {
+						const b0 = readU8(clean, 0);
+						const b1 = readU8(clean, 1);
+						const opcode = b0 & 15;
+						const masked = b1 >> 7 & 1;
+						let payloadLen = b1 & 127;
+						let headerSize = 2;
+						if (payloadLen === 126) {
+							payloadLen = clean.length >= 4 ? readU16(clean, 2) : 0;
+							headerSize = 4;
+						} else if (payloadLen === 127) {
+							if (clean.length >= 20) {
+								const hi32 = readU16(clean, 2) << 16 | readU16(clean, 4);
+								const lo32 = readU16(clean, 6) << 16 | readU16(clean, 8);
+								payloadLen = hi32 > 0 ? 4294967295 : lo32;
+							} else payloadLen = 0;
+							headerSize = 10;
+						}
+						if (masked) headerSize += 4;
+						deepParse = {
+							fin: b0 >> 7 & 1,
+							rsv1: b0 >> 6 & 1,
+							opcode,
+							opcodeName: WS_OPCODES[opcode] ?? `reserved(${opcode})`,
+							masked: !!masked,
+							payloadLength: payloadLen,
+							headerSize
+						};
+					}
+				} else if (isDns) {
+					matches.push({
+						protocol: "DNS",
+						layer: "L7-DNS",
+						confidence: .85
+					});
+					if (includeHints) deepParse = parseDnsHeader(clean);
+				}
+				if (includeKnown && matches.length === 0) {
+					if (hasCompleteTlsRecord && /^160301|^160302|^160303/i.test(clean.substring(0, 8))) matches.push({
+						protocol: "TLS Record",
+						layer: "L6-TLS",
+						confidence: .9
+					});
+					if (clean.substring(0, 8).startsWith("50524920")) matches.push({
+						protocol: "HTTP/2 PRI",
+						layer: "L7-HTTP2",
+						confidence: .9
+					});
+				}
+				const fieldHints = [];
+				if (includeHints && !deepParse && clean.length >= 8) {
+					const first2 = readU16(clean, 0);
+					if (first2 > 0 && first2 < clean.length / 2) fieldHints.push({
+						offset: 0,
+						hint: `possible length field (${first2} bytes)`
+					});
+				}
+				return {
+					index,
+					size: actualBytes,
+					protocolMatches: matches.length > 0 ? matches : [{
+						protocol: "unknown",
+						layer: "unknown",
+						confidence: 0
+					}],
+					...deepParse ? { parsedFields: deepParse } : {},
+					...fieldHints.length > 0 ? { fieldHints } : {}
+				};
+			})
+		});
 	}
 };
 //#endregion
+//#region src/server/domains/protocol-analysis/handlers/handler-class.ts
+/**
+* ProtocolAnalysisHandlers — thin facade over the split handler chain.
+*/
+var ProtocolAnalysisHandlers = class extends ProtocolAnalysisFingerprintHandlers {};
+//#endregion
 export { ProtocolAnalysisHandlers };