npm - @jshookmcp/jshook - Versions diffs - 0.2.9 → 0.3.0 - Mend

@jshookmcp/jshook 0.2.9 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (187) hide show

package/dist/{network-671Cw6hV.mjs → network-CPVvwvFg.mjs} RENAMED Viewed

@@ -1,19 +1,20 @@
 import { t as logger } from "./logger-Dh_xb7_2.mjs";
-import { Gt as NETWORK_REPLAY_MAX_REDIRECTS, Wt as NETWORK_HAR_BODY_CONCURRENCY, dt as ICMP_DEFAULT_PACKET_SIZE, ft as ICMP_PROBE_TIMEOUT_MS, pt as ICMP_TRACEROUTE_MAX_HOPS } from "./constants-B0OANIBL.mjs";
-import { t as DetailedDataManager } from "./DetailedDataManager-BQQcxh64.mjs";
-import { a as PerformanceMonitor } from "./modules-C184v-S9.mjs";
-import { n as argEnum, t as argBool } from "./parse-args-BlRjqlkL.mjs";
-import { a as isLoopbackHost, c as isSsrfTarget, i as isLocalSsrfBypassEnabled, l as resolveNetworkTarget, n as hasAuthorizedTargets, o as isNetworkAuthorizationExpired, r as isAuthorizedNetworkTarget, s as isPrivateHost, t as createNetworkAuthorizationPolicy } from "./ssrf-policy-ZaUfvhq7.mjs";
-import { t as R } from "./ResponseBuilder-D3iFYx2N.mjs";
-import "./definitions-CXEI7QC72.mjs";
+import { Gt as NETWORK_HAR_BODY_CONCURRENCY, Kt as NETWORK_REPLAY_MAX_REDIRECTS, ft as ICMP_DEFAULT_PACKET_SIZE, g as BOT_DETECT_LIMIT_DEFAULT, mt as ICMP_TRACEROUTE_MAX_HOPS, pt as ICMP_PROBE_TIMEOUT_MS } from "./constants-CDZLOoVv.mjs";
+import { t as DetailedDataManager } from "./DetailedDataManager-HT49OrvF.mjs";
+import { a as PerformanceMonitor } from "./modules-tZozf0LQ.mjs";
+import { n as argEnum, t as argBool } from "./parse-args-B4cY5Vx5.mjs";
+import { a as isLoopbackHost, c as isSsrfTarget, i as isLocalSsrfBypassEnabled, l as resolveNetworkTarget, n as hasAuthorizedTargets, o as isNetworkAuthorizationExpired, r as isAuthorizedNetworkTarget, s as isPrivateHost, t as createNetworkAuthorizationPolicy } from "./ssrf-policy-Dsqd-DTX.mjs";
+import { t as R } from "./ResponseBuilder-CJXWmWNw.mjs";
+import "./definitions-uzkjBwa7.mjs";
 import * as http$1 from "node:http";
+import { createHash } from "node:crypto";
 import { promises } from "node:fs";
 import koffi from "koffi";
 import * as net from "node:net";
-import * as tls from "node:tls";
 import * as dns from "node:dns/promises";
-import * as https from "node:https";
+import * as tls from "node:tls";
 import * as http2 from "node:http2";
+import * as https from "node:https";
 //#region src/server/domains/network/handlers.base.types.ts
 /** Resource types excluded by default when no explicit filters are set. */
 const EXCLUDED_RESOURCE_TYPES = new Set([
@@ -564,9 +565,27 @@ var PerformanceHandlers = class {
 	}
 	async handlePerformanceTakeHeapSnapshot(_args) {
 		try {
+			const traceRecorder = this.deps.getTraceRecorder?.() ?? null;
+			if (traceRecorder?.getState() === "recording") try {
+				const snapshotSize = await traceRecorder.captureActiveHeapSnapshot();
+				return R.ok().merge({
+					snapshotSize,
+					persistedToTrace: true,
+					message: "Heap snapshot taken and persisted to the active trace recording (data too large to return)"
+				}).json();
+			} catch (traceError) {
+				const snapshotSize = await this.deps.getPerformanceMonitor().takeHeapSnapshot();
+				return R.ok().merge({
+					snapshotSize,
+					persistedToTrace: false,
+					tracePersistenceError: traceError instanceof Error ? traceError.message : String(traceError),
+					message: "Heap snapshot taken, but the active trace recording could not persist it (data too large to return)"
+				}).json();
+			}
 			const snapshotSize = await this.deps.getPerformanceMonitor().takeHeapSnapshot();
 			return R.ok().merge({
 				snapshotSize,
+				persistedToTrace: false,
 				message: "Heap snapshot taken (data too large to return, saved internally)"
 			}).json();
 		} catch (error) {
@@ -582,7 +601,7 @@ var PerformanceHandlers = class {
 				categories,
 				screenshots
 			});
-			return R.ok().set("message", "Performance tracing started. Call performance_trace_stop to save the trace.").json();
+			return R.ok().set("message", "Performance tracing started. Call performance_trace with action=\"stop\" to save the trace.").json();
 		} catch (error) {
 			return R.fail(error).json();
 		}
@@ -606,7 +625,7 @@ var PerformanceHandlers = class {
 	async handleProfilerCpuStart(_args) {
 		try {
 			await this.deps.getPerformanceMonitor().startCPUProfiling();
-			return R.ok().set("message", "CPU profiling started. Call profiler_cpu_stop to save the profile.").json();
+			return R.ok().set("message", "CPU profiling started. Call profiler_cpu with action=\"stop\" to save the profile.").json();
 		} catch (error) {
 			return R.fail(error).json();
 		}
@@ -616,7 +635,7 @@ var PerformanceHandlers = class {
 			const profileRaw = await this.deps.getPerformanceMonitor().stopCPUProfiling();
 			const profile = toCpuProfilePayload(profileRaw) || profileRaw;
 			const { writeFile } = await import("node:fs/promises");
-			const { resolveArtifactPath } = await import("./artifacts-Bk2-_uPq.mjs").then((n) => n.t);
+			const { resolveArtifactPath } = await import("./artifacts-DkfosXH3.mjs").then((n) => n.t);
 			const artifactPath = asOptionalString(args.artifactPath);
 			const profileJson = JSON.stringify(profile, null, 2);
 			let savedPath;
@@ -655,7 +674,7 @@ var PerformanceHandlers = class {
 			const monitor = this.deps.getPerformanceMonitor();
 			const samplingInterval = asOptionalNumber(args.samplingInterval);
 			await monitor.startHeapSampling({ samplingInterval });
-			return R.ok().set("message", "Heap sampling started. Call profiler_heap_sampling_stop to save the report.").json();
+			return R.ok().set("message", "Heap sampling started. Call profiler_heap_sampling with action=\"stop\" to save the report.").json();
 		} catch (error) {
 			return R.fail(error).json();
 		}
@@ -1030,6 +1049,14 @@ const DANGEROUS_KEYS = new Set([
 	"constructor",
 	"prototype"
 ]);
+function buildCookieHeader(profile) {
+	const parts = [];
+	for (const cookie of profile.cookies) {
+		if (!cookie.name) continue;
+		parts.push(`${cookie.name}=${cookie.value}`);
+	}
+	return parts.length > 0 ? parts.join("; ") : void 0;
+}
 function sanitizeHeaders(headers) {
 	const out = Object.create(null);
 	for (const [k, v] of Object.entries(headers)) if (!STRIPPED_HEADERS.has(k.toLowerCase()) && !DANGEROUS_KEYS.has(k)) out[k] = v;
@@ -1042,6 +1069,11 @@ async function replayRequest(base, args, maxBodyBytes = 512e3) {
 		...base.headers,
 		...args.headerPatch
 	});
+	const cookieHeader = args.sessionProfile ? buildCookieHeader(args.sessionProfile) : void 0;
+	if (cookieHeader) mergedHeaders.Cookie = cookieHeader;
+	if (args.sessionProfile?.userAgent && !mergedHeaders["User-Agent"] && !mergedHeaders["user-agent"]) mergedHeaders["User-Agent"] = args.sessionProfile.userAgent;
+	if (args.sessionProfile?.acceptLanguage && !mergedHeaders["Accept-Language"] && !mergedHeaders["accept-language"]) mergedHeaders["Accept-Language"] = args.sessionProfile.acceptLanguage;
+	if (args.sessionProfile?.referer && !mergedHeaders["Referer"] && !mergedHeaders["referer"]) mergedHeaders.Referer = args.sessionProfile.referer;
 	const body = args.bodyPatch !== void 0 ? args.bodyPatch : base.postData;
 	const authorizationPolicy = createNetworkAuthorizationPolicy(args.authorization);
 	const allowLegacyLocalSsrf = !authorizationPolicy && isLocalSsrfBypassEnabled();
@@ -1310,6 +1342,7 @@ var ReplayHandlers = class {
 			const result = await replayRequest(base, {
 				requestId,
 				headerPatch: args.headerPatch,
+				sessionProfile: args.sessionProfile,
 				bodyPatch: args.bodyPatch,
 				methodOverride: args.methodOverride,
 				urlOverride: args.urlOverride,
@@ -2164,755 +2197,205 @@ function performHttp2ProbeInternal(options) {
 	});
 }
 //#endregion
-//#region src/native/IcmpProbe.ts
-/**
-* Cross-platform ICMP probe and traceroute via koffi FFI.
-*
-* Windows: IcmpSendEcho from iphlpapi.dll (no admin required).
-* Linux/macOS: Raw ICMP sockets via libc (requires root/CAP_NET_RAW).
-*
-* Uses Buffer-based struct parsing (same pattern as Win32API.ts)
-* to avoid koffi struct registration issues in test environments.
-*/
-function ipToString(addr) {
-	return `${addr & 255}.${addr >>> 8 & 255}.${addr >>> 16 & 255}.${addr >>> 24 & 255}`;
-}
-function isValidIpv4(ip) {
-	const parts = ip.split(".");
-	if (parts.length !== 4) return false;
-	return parts.every((p) => {
-		const n = parseInt(p, 10);
-		return !isNaN(n) && n >= 0 && n <= 255 && p === String(n);
-	});
-}
-let _available = null;
-const IP_STATUS = {
-	0: "SUCCESS",
-	11001: "BUF_TOO_SMALL",
-	11002: "DEST_NET_UNREACHABLE",
-	11003: "DEST_HOST_UNREACHABLE",
-	11004: "DEST_PROT_UNREACHABLE",
-	11005: "DEST_PORT_UNREACHABLE",
-	11009: "PACKET_TOO_BIG",
-	11010: "REQ_TIMED_OUT",
-	11013: "TTL_EXPIRED_TRANSIT",
-	11014: "TTL_EXPIRED_REASSEM",
-	11015: "PARAM_PROBLEM",
-	11016: "SOURCE_QUENCH",
-	11050: "GENERAL_FAILURE"
-};
-function winStatusLabel(s) {
-	return IP_STATUS[s] ?? `UNKNOWN_${s}`;
-}
-function winStatusClass(s) {
-	if (s === 0) return "success";
-	if (s === 11010) return "timeout";
-	if (s === 11013 || s === 11014) return "time_exceeded";
-	if (s >= 11002 && s <= 11005) return "destination_unreachable";
-	if (s === 11016) return "source_quench";
-	if (s === 11009) return "packet_too_big";
-	if (s === 11015) return "parameter_problem";
-	return "error";
-}
-let iphlpapi = null;
-let ws2_32 = null;
-function getIphlpapi() {
-	if (!iphlpapi) {
-		iphlpapi = koffi.load("iphlpapi.dll");
-		logger.debug("Loaded iphlpapi.dll via koffi");
-	}
-	return iphlpapi;
-}
-function getWs2_32() {
-	if (!ws2_32) {
-		ws2_32 = koffi.load("ws2_32.dll");
-		logger.debug("Loaded ws2_32.dll via koffi");
+//#region src/server/domains/network/handlers/raw-dns-http-handlers.ts
+var RawDnsHttpHandlers = class {
+	constructor(eventBus) {
+		this.eventBus = eventBus;
 	}
-	return ws2_32;
-}
-const IP_OPT_SIZE = 16;
-const MIN_REPLY_BUF_SIZE = 256;
-const ICMP_REPLY_OVERHEAD = 64;
-function getReplyBufferSize(packetSize) {
-	return Math.max(MIN_REPLY_BUF_SIZE, packetSize + ICMP_REPLY_OVERHEAD);
-}
-function buildOptionBuf(ttl) {
-	const buf = Buffer.alloc(IP_OPT_SIZE, 0);
-	buf.writeUInt8(ttl, 0);
-	return buf;
-}
-function parseReply(buf) {
-	return {
-		address: buf.readUInt32LE(0),
-		status: buf.readUInt32LE(4),
-		rtt: buf.readUInt32LE(8)
-	};
-}
-function win_inet_addr(ip) {
-	return getWs2_32().func("uint32 inet_addr(char *)")(ip);
-}
-function win_IcmpCreateFile() {
-	return getIphlpapi().func("void * IcmpCreateFile()")();
-}
-function win_IcmpCloseHandle(h) {
-	return getIphlpapi().func("int IcmpCloseHandle(void *)")(h) !== 0;
-}
-function win_IcmpSendEcho(handle, destAddr, sendData, optionBuf, timeoutMs) {
-	const fn = getIphlpapi().func("uint32 IcmpSendEcho(void *, uint32, void *, uint16, void *, void *, uint32, uint32)");
-	const replyBuf = Buffer.alloc(getReplyBufferSize(sendData.length));
-	const n = fn(handle, destAddr, sendData, sendData.length, optionBuf, replyBuf, replyBuf.length, timeoutMs);
-	return {
-		numReplies: Number(n),
-		replyBuf
-	};
-}
-function winIcmpProbe(params) {
-	const { target, ttl = 128, packetSize = ICMP_DEFAULT_PACKET_SIZE, timeout = ICMP_PROBE_TIMEOUT_MS } = params;
-	const destAddr = win_inet_addr(target);
-	if (destAddr === 4294967295) return {
-		target,
-		ip: "",
-		alive: false,
-		rtt: null,
-		ttl,
-		icmpStatus: "INVALID_ADDRESS",
-		errorClass: "error",
-		packetSize
-	};
-	const handle = win_IcmpCreateFile();
-	try {
-		const { numReplies, replyBuf } = win_IcmpSendEcho(handle, destAddr, Buffer.alloc(packetSize, 170), buildOptionBuf(ttl), timeout);
-		if (numReplies === 0) return {
-			target,
-			ip: ipToString(destAddr),
-			alive: false,
-			rtt: null,
-			ttl,
-			icmpStatus: "REQ_TIMED_OUT",
-			errorClass: "timeout",
-			packetSize
-		};
-		const reply = parseReply(replyBuf);
-		return {
-			target,
-			ip: ipToString(reply.address),
-			alive: reply.status === 0,
-			rtt: reply.status === 0 ? reply.rtt : null,
-			ttl,
-			icmpStatus: winStatusLabel(reply.status),
-			errorClass: winStatusClass(reply.status),
-			packetSize
-		};
-	} finally {
-		win_IcmpCloseHandle(handle);
+	async handleDnsResolve(args) {
+		try {
+			const hostname = parseOptionalString(args.hostname, "hostname");
+			if (!hostname) return R.text("hostname is required", true);
+			const rrType = parseOptionalString(args.rrType, "rrType") ?? "A";
+			const validTypes = [
+				"A",
+				"AAAA",
+				"MX",
+				"TXT",
+				"NS",
+				"CNAME",
+				"SOA",
+				"PTR",
+				"SRV",
+				"ANY"
+			];
+			if (!validTypes.includes(rrType)) return R.text(`Invalid rrType: "${rrType}". Expected one of: ${validTypes.join(", ")}`, true);
+			const start = performance.now();
+			const records = await dns.resolve(hostname, rrType);
+			const timing = Math.round((performance.now() - start) * 100) / 100;
+			return R.ok().json({
+				hostname,
+				rrType,
+				records,
+				timing
+			});
+		} catch (err) {
+			const message = err instanceof Error ? err.message : String(err);
+			return R.fail(`DNS resolve failed: ${message}`).json();
+		}
 	}
-}
-function winTraceroute(params) {
-	const { target, maxHops = ICMP_TRACEROUTE_MAX_HOPS, timeout = ICMP_PROBE_TIMEOUT_MS, packetSize = ICMP_DEFAULT_PACKET_SIZE } = params;
-	const destAddr = win_inet_addr(target);
-	if (destAddr === 4294967295) return {
-		target,
-		ip: "",
-		hops: [],
-		reached: false,
-		totalHops: 0,
-		totalTime: 0
-	};
-	const handle = win_IcmpCreateFile();
-	const hops = [];
-	const t0 = performance.now();
-	try {
-		for (let ttl = 1; ttl <= maxHops; ttl++) {
-			const { numReplies, replyBuf } = win_IcmpSendEcho(handle, destAddr, Buffer.alloc(packetSize, 170), buildOptionBuf(ttl), timeout);
-			if (numReplies === 0) {
-				hops.push({
-					hop: ttl,
-					ip: null,
-					rtt: null,
-					status: "REQ_TIMED_OUT",
-					errorClass: "timeout"
-				});
-				continue;
-			}
-			const reply = parseReply(replyBuf);
-			const hopIp = ipToString(reply.address);
-			hops.push({
-				hop: ttl,
-				ip: hopIp,
-				rtt: reply.rtt,
-				status: winStatusLabel(reply.status),
-				errorClass: winStatusClass(reply.status)
+	async handleDnsReverse(args) {
+		try {
+			const ip = parseOptionalString(args.ip, "ip");
+			if (!ip) return R.text("ip is required", true);
+			const start = performance.now();
+			const hostnames = await dns.reverse(ip);
+			const timing = Math.round((performance.now() - start) * 100) / 100;
+			return R.ok().json({
+				ip,
+				hostnames,
+				timing
 			});
-			if (reply.status === 0) break;
+		} catch (err) {
+			const message = err instanceof Error ? err.message : String(err);
+			return R.fail(`DNS reverse lookup failed: ${message}`).json();
 		}
-	} finally {
-		win_IcmpCloseHandle(handle);
 	}
-	const last = hops[hops.length - 1];
-	return {
-		target,
-		ip: ipToString(destAddr),
-		hops,
-		reached: last?.status === "SUCCESS",
-		totalHops: hops.length,
-		totalTime: Math.round((performance.now() - t0) * 100) / 100
-	};
-}
-const AF_INET = 2;
-const SOCK_RAW = 3;
-const IPPROTO_ICMP = 1;
-const IPPROTO_IP = 0;
-const IP_TTL = 2;
-const SOL_SOCKET = 1;
-const SO_RCVTIMEO = process.platform === "darwin" ? 4102 : 20;
-const POSIX_LIB = process.platform === "darwin" ? "/usr/lib/libSystem.B.dylib" : "libc.so.6";
-let posixLib = null;
-function getPosixLib() {
-	if (!posixLib) {
-		posixLib = koffi.load(POSIX_LIB);
-		logger.debug(`Loaded ${POSIX_LIB} via koffi for ICMP`);
+	async handleHttpRequestBuild(args) {
+		try {
+			const method = parseOptionalString(args.method, "method");
+			const target = parseOptionalString(args.target, "target");
+			if (!method) throw new Error("method is required");
+			if (!target) throw new Error("target is required");
+			const built = buildHttpRequest({
+				method,
+				target,
+				host: parseOptionalString(args.host, "host"),
+				headers: parseHeaderRecord(args.headers, "headers"),
+				body: parseRawString(args.body, "body", { allowEmpty: true }),
+				httpVersion: parseOptionalString(args.httpVersion, "httpVersion") ?? "1.1",
+				addHostHeader: parseBooleanArg(args.addHostHeader, true),
+				addContentLength: parseBooleanArg(args.addContentLength, true),
+				addConnectionClose: parseBooleanArg(args.addConnectionClose, true)
+			});
+			emitEvent(this.eventBus, "network:http_request_built", {
+				method: built.startLine.split(" ", 1)[0] ?? "UNKNOWN",
+				target,
+				byteLength: built.requestBytes,
+				timestamp: (/* @__PURE__ */ new Date()).toISOString()
+			});
+			return R.ok().merge(built).json();
+		} catch (error) {
+			return R.fail(error instanceof Error ? error.message : String(error)).json();
+		}
 	}
-	return posixLib;
-}
-function posixSocket(domain, type, protocol) {
-	return getPosixLib().func("int socket(int, int, int)")(domain, type, protocol);
-}
-function posixSetsockopt(fd, level, optname, optval, optlen) {
-	return getPosixLib().func("int setsockopt(int, int, int, void *, int)")(fd, level, optname, optval, optlen);
-}
-function posixSendto(fd, buf, addr) {
-	return getPosixLib().func("int sendto(int, void *, int, int, void *, int)")(fd, buf, buf.length, 0, addr, 16);
-}
-function posixRecv(fd, buf) {
-	return getPosixLib().func("int recv(int, void *, int, int)")(fd, buf, buf.length, 0);
-}
-function posixClose(fd) {
-	return getPosixLib().func("int close(int)")(fd);
-}
-function computeChecksum(buf) {
-	let sum = 0;
-	for (let i = 0; i < buf.length - 1; i += 2) sum += buf.readUInt16BE(i);
-	if (buf.length & 1) sum += (buf[buf.length - 1] ?? 0) << 8;
-	while (sum > 65535) sum = (sum & 65535) + (sum >>> 16);
-	return ~sum & 65535;
-}
-function buildIcmpEcho(id, seq, payloadSize) {
-	const buf = Buffer.alloc(8 + payloadSize);
-	buf[0] = 8;
-	buf[1] = 0;
-	buf.writeUInt16BE(id & 65535, 4);
-	buf.writeUInt16BE(seq & 65535, 6);
-	for (let i = 8; i < buf.length; i++) buf[i] = 170;
-	buf.writeUInt16BE(computeChecksum(buf), 2);
-	return buf;
-}
-function buildSockaddrIn(ip) {
-	const buf = Buffer.alloc(16, 0);
-	buf.writeUInt16LE(AF_INET, 0);
-	const parts = ip.split(".").map(Number);
-	buf[4] = parts[0] ?? 0;
-	buf[5] = parts[1] ?? 0;
-	buf[6] = parts[2] ?? 0;
-	buf[7] = parts[3] ?? 0;
-	return buf;
-}
-function parseIcmpPacket(buf, n, expectedId) {
-	if (n < 20) return null;
-	const ihl = ((buf[0] ?? 0) & 15) * 4;
-	if (n < ihl + 8) return null;
-	const icmpType = buf[ihl] ?? 0;
-	const icmpCode = buf[ihl + 1] ?? 0;
-	const fromIp = buf.readUInt32LE(12);
-	if (icmpType === 0) {
-		if (buf.readUInt16BE(ihl + 4) !== expectedId) return null;
-		return {
-			type: icmpType,
-			code: icmpCode,
-			fromIp
-		};
+	async handleHttpPlainRequest(args) {
+		try {
+			const hostArg = parseOptionalString(args.host, "host");
+			const requestText = parseRawString(args.requestText, "requestText");
+			if (!hostArg) throw new Error("host is required");
+			if (!requestText) throw new Error("requestText is required");
+			const host = normalizeTargetHost(hostArg);
+			const port = parseNumberArg(args.port, {
+				defaultValue: 80,
+				min: 1,
+				max: 65535,
+				integer: true
+			});
+			const timeoutMs = parseNumberArg(args.timeoutMs, {
+				defaultValue: 3e4,
+				min: 1,
+				max: 12e4,
+				integer: true
+			});
+			const maxResponseBytes = parseNumberArg(args.maxResponseBytes, {
+				defaultValue: 512e3,
+				min: 256,
+				max: 5242880,
+				integer: true
+			});
+			const requestMethod = getRequestMethod(requestText);
+			const authorization = parseNetworkAuthorization(args.authorization);
+			const { target } = await resolveAuthorizedTransportTarget(`http://${formatHostForUrl(host)}:${String(port)}/`, authorization, "HTTP request");
+			if (authorization) {
+				const requestTarget = (requestText.split(/\r?\n/, 1)[0] ?? "").split(/\s+/)[1] ?? "";
+				if (requestTarget.includes("://")) try {
+					const targetHost = normalizeTargetHost(new URL(requestTarget).hostname);
+					if (targetHost !== host && targetHost !== (target.resolvedAddress ?? "")) throw new Error(`HTTP request blocked: request-line target host "${targetHost}" does not match authorized host "${host}"`);
+				} catch (e) {
+					if (e instanceof Error && e.message.startsWith("HTTP request blocked:")) throw e;
+				}
+				const hostHeaderValue = requestText.match(/^Host:\s*(\S+)/im)?.[1];
+				if (hostHeaderValue) {
+					const declaredHost = normalizeTargetHost(hostHeaderValue.replace(/:\d+$/, ""));
+					if (declaredHost !== host && declaredHost !== (target.resolvedAddress ?? "")) throw new Error(`HTTP request blocked: Host header "${hostHeaderValue}" does not match authorized host "${host}"`);
+				}
+			}
+			const exchange = await exchangePlainHttp(target.resolvedAddress ?? target.hostname, port, Buffer.from(requestText, "utf8"), requestMethod, timeoutMs, maxResponseBytes);
+			const analysis = analyzeHttpResponse(exchange.rawResponse, requestMethod);
+			if (!analysis) throw new Error("Received data but could not parse complete HTTP response headers.");
+			const bodyIsText = isLikelyTextHttpBody(analysis.rawHeaders.find((header) => header.name.toLowerCase() === "content-type")?.value ?? null, analysis.bodyBuffer);
+			const complete = analysis.complete || analysis.bodyMode === "until-close" && exchange.endedBy === "socket-close";
+			emitEvent(this.eventBus, "network:http_plain_request_completed", {
+				host,
+				port,
+				statusCode: analysis.statusCode,
+				byteLength: exchange.rawResponse.length,
+				timestamp: (/* @__PURE__ */ new Date()).toISOString()
+			});
+			return R.ok().merge({
+				host,
+				port,
+				resolvedAddress: target.resolvedAddress ?? target.hostname,
+				requestBytes: Buffer.byteLength(requestText, "utf8"),
+				response: {
+					statusLine: analysis.statusLine,
+					httpVersion: analysis.httpVersion,
+					statusCode: analysis.statusCode,
+					statusText: analysis.statusText,
+					headers: analysis.headers,
+					rawHeaders: analysis.rawHeaders,
+					headerBytes: analysis.headerBytes,
+					bodyBytes: analysis.bodyBytes,
+					bodyMode: analysis.bodyMode,
+					chunkedDecoded: analysis.chunkedDecoded,
+					complete,
+					truncated: exchange.endedBy === "max-bytes",
+					endedBy: exchange.endedBy,
+					bodyText: bodyIsText ? analysis.bodyBuffer.toString("utf8") : void 0,
+					bodyBase64: bodyIsText ? void 0 : analysis.bodyBuffer.toString("base64")
+				}
+			}).json();
+		} catch (error) {
+			return R.fail(error instanceof Error ? error.message : String(error)).json();
+		}
 	}
-	if (icmpType === 11 || icmpType === 3) {
-		const origStart = ihl + 8;
-		if (n < origStart + 28) return null;
-		const origIhl = ((buf[origStart] ?? 0) & 15) * 4;
-		if (n < origStart + origIhl + 8) return null;
-		if (buf.readUInt16BE(origStart + origIhl + 4) !== expectedId) return null;
-		return {
-			type: icmpType,
-			code: icmpCode,
-			fromIp
-		};
+};
+//#endregion
+//#region src/server/domains/network/handlers/raw-http2-handlers.ts
+var RawHttp2Handlers = class {
+	constructor(eventBus) {
+		this.eventBus = eventBus;
 	}
-	return null;
-}
-function posixStatusLabel(type, code, timedOut) {
-	if (type === 0) return "SUCCESS";
-	if (timedOut) return "REQ_TIMED_OUT";
-	if (type === 11 && code === 0) return "TTL_EXPIRED_TRANSIT";
-	if (type === 11 && code === 1) return "TTL_EXPIRED_REASSEM";
-	if (type === 3 && code === 0) return "DEST_NET_UNREACHABLE";
-	if (type === 3 && code === 1) return "DEST_HOST_UNREACHABLE";
-	if (type === 3 && code === 2) return "DEST_PROT_UNREACHABLE";
-	if (type === 3 && code === 3) return "DEST_PORT_UNREACHABLE";
-	return `UNKNOWN_${type}_${code}`;
-}
-function posixErrorClass(type, _code, timedOut) {
-	if (type === 0) return "success";
-	if (timedOut) return "timeout";
-	if (type === 11) return "time_exceeded";
-	if (type === 3) return "destination_unreachable";
-	return "error";
-}
-function posixSetTtl(fd, ttl) {
-	const buf = Buffer.alloc(4);
-	buf.writeInt32LE(ttl);
-	posixSetsockopt(fd, IPPROTO_IP, IP_TTL, buf, 4);
-}
-function posixSetRecvTimeout(fd, timeoutMs) {
-	const tv = Buffer.alloc(16, 0);
-	tv.writeInt32LE(Math.floor(timeoutMs / 1e3), 0);
-	tv.writeInt32LE(timeoutMs % 1e3 * 1e3, 8);
-	posixSetsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, tv, 16);
-}
-function posixIcmpProbe(params) {
-	const { target, ttl = 128, packetSize = ICMP_DEFAULT_PACKET_SIZE, timeout = ICMP_PROBE_TIMEOUT_MS } = params;
-	if (!isValidIpv4(target)) return {
-		target,
-		ip: "",
-		alive: false,
-		rtt: null,
-		ttl,
-		icmpStatus: "INVALID_ADDRESS",
-		errorClass: "error",
-		packetSize
-	};
-	const fd = posixSocket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
-	if (fd < 0) return {
-		target,
-		ip: "",
-		alive: false,
-		rtt: null,
-		ttl,
-		icmpStatus: "SOCKET_ERROR",
-		errorClass: "error",
-		packetSize
-	};
-	try {
-		posixSetTtl(fd, ttl);
-		posixSetRecvTimeout(fd, timeout);
-		const id = process.pid & 65535;
-		const packet = buildIcmpEcho(id, 1, packetSize);
-		const destAddr = buildSockaddrIn(target);
-		const t0 = performance.now();
-		if (posixSendto(fd, packet, destAddr) < 0) return {
-			target,
-			ip: target,
-			alive: false,
-			rtt: null,
-			ttl,
-			icmpStatus: "SEND_ERROR",
-			errorClass: "error",
-			packetSize
-		};
-		const recvBuf = Buffer.alloc(512);
-		const n = posixRecv(fd, recvBuf);
-		const rtt = Math.round(performance.now() - t0);
-		if (n <= 0) return {
-			target,
-			ip: target,
-			alive: false,
-			rtt: null,
-			ttl,
-			icmpStatus: "REQ_TIMED_OUT",
-			errorClass: "timeout",
-			packetSize
-		};
-		const reply = parseIcmpPacket(recvBuf, n, id);
-		if (!reply) return {
-			target,
-			ip: target,
-			alive: false,
-			rtt: null,
-			ttl,
-			icmpStatus: "UNEXPECTED_REPLY",
-			errorClass: "error",
-			packetSize
-		};
-		const alive = reply.type === 0;
-		return {
-			target,
-			ip: ipToString(reply.fromIp),
-			alive,
-			rtt: alive ? rtt : null,
-			ttl,
-			icmpStatus: posixStatusLabel(reply.type, reply.code, false),
-			errorClass: posixErrorClass(reply.type, reply.code, false),
-			packetSize
-		};
-	} finally {
-		posixClose(fd);
-	}
-}
-function posixTraceroute(params) {
-	const { target, maxHops = ICMP_TRACEROUTE_MAX_HOPS, timeout = ICMP_PROBE_TIMEOUT_MS, packetSize = ICMP_DEFAULT_PACKET_SIZE } = params;
-	if (!isValidIpv4(target)) return {
-		target,
-		ip: "",
-		hops: [],
-		reached: false,
-		totalHops: 0,
-		totalTime: 0
-	};
-	const fd = posixSocket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
-	if (fd < 0) return {
-		target,
-		ip: "",
-		hops: [],
-		reached: false,
-		totalHops: 0,
-		totalTime: 0
-	};
-	const hops = [];
-	const id = process.pid & 65535;
-	const destAddr = buildSockaddrIn(target);
-	const t0 = performance.now();
-	const MAX_CONSECUTIVE_SEND_ERRORS = 5;
-	let consecutiveSendErrors = 0;
-	try {
-		posixSetRecvTimeout(fd, timeout);
-		for (let ttl = 1; ttl <= maxHops; ttl++) {
-			posixSetTtl(fd, ttl);
-			const packet = buildIcmpEcho(id, ttl, packetSize);
-			const sendT0 = performance.now();
-			if (posixSendto(fd, packet, destAddr) < 0) {
-				consecutiveSendErrors++;
-				hops.push({
-					hop: ttl,
-					ip: null,
-					rtt: null,
-					status: "SEND_ERROR",
-					errorClass: "error"
-				});
-				if (consecutiveSendErrors >= MAX_CONSECUTIVE_SEND_ERRORS) break;
-				continue;
-			}
-			consecutiveSendErrors = 0;
-			const recvBuf = Buffer.alloc(512);
-			const n = posixRecv(fd, recvBuf);
-			const rtt = Math.round(performance.now() - sendT0);
-			if (n <= 0) {
-				hops.push({
-					hop: ttl,
-					ip: null,
-					rtt: null,
-					status: "REQ_TIMED_OUT",
-					errorClass: "timeout"
-				});
-				continue;
-			}
-			const reply = parseIcmpPacket(recvBuf, n, id);
-			if (!reply) {
-				hops.push({
-					hop: ttl,
-					ip: null,
-					rtt: null,
-					status: "UNEXPECTED_REPLY",
-					errorClass: "error"
-				});
-				continue;
-			}
-			const status = posixStatusLabel(reply.type, reply.code, false);
-			const errorCls = posixErrorClass(reply.type, reply.code, false);
-			hops.push({
-				hop: ttl,
-				ip: ipToString(reply.fromIp),
-				rtt,
-				status,
-				errorClass: errorCls
-			});
-			if (reply.type === 0) break;
-		}
-	} finally {
-		posixClose(fd);
-	}
-	return {
-		target,
-		ip: target,
-		hops,
-		reached: hops[hops.length - 1]?.status === "SUCCESS",
-		totalHops: hops.length,
-		totalTime: Math.round((performance.now() - t0) * 100) / 100
-	};
-}
-const isPosix = process.platform === "linux" || process.platform === "darwin";
-function isIcmpAvailable() {
-	if (_available !== null) return _available;
-	if (process.platform === "win32") try {
-		koffi.load("iphlpapi.dll").unload();
-		_available = true;
-		return true;
-	} catch {
-		_available = false;
-		return false;
-	}
-	if (isPosix) {
-		try {
-			const fd = posixSocket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
-			if (fd >= 0) {
-				posixClose(fd);
-				_available = true;
-			} else _available = false;
-		} catch {
-			_available = false;
-		}
-		return _available;
-	}
-	_available = false;
-	return false;
-}
-function icmpProbe(params) {
-	const { target, ttl = 128, packetSize = ICMP_DEFAULT_PACKET_SIZE, timeout = ICMP_PROBE_TIMEOUT_MS } = params;
-	if (!isIcmpAvailable()) return {
-		target,
-		ip: "",
-		alive: false,
-		rtt: null,
-		ttl,
-		icmpStatus: "PLATFORM_NOT_SUPPORTED",
-		errorClass: "error",
-		packetSize
-	};
-	if (process.platform === "win32") return winIcmpProbe({
-		target,
-		ttl,
-		packetSize,
-		timeout
-	});
-	return posixIcmpProbe({
-		target,
-		ttl,
-		packetSize,
-		timeout
-	});
-}
-function traceroute(params) {
-	const { target, maxHops = ICMP_TRACEROUTE_MAX_HOPS, timeout = ICMP_PROBE_TIMEOUT_MS, packetSize = ICMP_DEFAULT_PACKET_SIZE } = params;
-	if (!isIcmpAvailable()) return {
-		target,
-		ip: "",
-		hops: [],
-		reached: false,
-		totalHops: 0,
-		totalTime: 0
-	};
-	if (process.platform === "win32") return winTraceroute({
-		target,
-		maxHops,
-		timeout,
-		packetSize
-	});
-	return posixTraceroute({
-		target,
-		maxHops,
-		timeout,
-		packetSize
-	});
-}
-//#endregion
-//#region src/server/domains/network/handlers/raw-handlers.ts
-/**
-* Raw HTTP/HTTP2/DNS/RTT handlers — standalone class using composition.
-*
-* Extracted from AdvancedToolHandlersRaw (handlers.impl.core.runtime.raw.ts).
-* Uses helpers from ./raw-helpers.ts and ./shared.ts instead of inheritance.
-*/
-var RawHandlers = class {
-	constructor(eventBus) {
-		this.eventBus = eventBus;
-	}
-	async handleDnsResolve(args) {
+	async handleHttp2Probe(args) {
+		const rawUrl = parseOptionalString(args.url, "url");
+		let eventUrl = rawUrl ?? "";
+		let eventStatusCode = null;
+		let eventAlpnProtocol = null;
+		let eventSuccess = false;
 		try {
-			const hostname = parseOptionalString(args.hostname, "hostname");
-			if (!hostname) return R.text("hostname is required", true);
-			const rrType = parseOptionalString(args.rrType, "rrType") ?? "A";
-			const validTypes = [
-				"A",
-				"AAAA",
-				"MX",
-				"TXT",
-				"NS",
-				"CNAME",
-				"SOA",
-				"PTR",
-				"SRV",
-				"ANY"
-			];
-			if (!validTypes.includes(rrType)) return R.text(`Invalid rrType: "${rrType}". Expected one of: ${validTypes.join(", ")}`, true);
-			const start = performance.now();
-			const records = await dns.resolve(hostname, rrType);
-			const timing = roundMs(performance.now() - start);
-			return R.ok().json({
-				hostname,
-				rrType,
-				records,
-				timing
+			if (!rawUrl) throw new Error("url is required");
+			const method = (parseOptionalString(args.method, "method") ?? "GET").toUpperCase();
+			if (!HTTP_TOKEN_RE.test(method)) throw new Error("method must be a valid HTTP token");
+			const timeoutMs = parseNumberArg(args.timeoutMs, {
+				defaultValue: 3e4,
+				min: 1,
+				max: 12e4,
+				integer: true
 			});
-		} catch (err) {
-			const message = err instanceof Error ? err.message : String(err);
-			return R.fail(`DNS resolve failed: ${message}`).json();
-		}
-	}
-	async handleDnsReverse(args) {
-		try {
-			const ip = parseOptionalString(args.ip, "ip");
-			if (!ip) return R.text("ip is required", true);
-			const start = performance.now();
-			const hostnames = await dns.reverse(ip);
-			const timing = roundMs(performance.now() - start);
-			return R.ok().json({
-				ip,
-				hostnames,
-				timing
+			const maxBodyBytes = parseNumberArg(args.maxBodyBytes, {
+				defaultValue: 32768,
+				min: 128,
+				max: 1048576,
+				integer: true
 			});
-		} catch (err) {
-			const message = err instanceof Error ? err.message : String(err);
-			return R.fail(`DNS reverse lookup failed: ${message}`).json();
-		}
-	}
-	async handleHttpRequestBuild(args) {
-		try {
-			const method = parseOptionalString(args.method, "method");
-			const target = parseOptionalString(args.target, "target");
-			if (!method) throw new Error("method is required");
-			if (!target) throw new Error("target is required");
-			const built = buildHttpRequest({
-				method,
-				target,
-				host: parseOptionalString(args.host, "host"),
-				headers: parseHeaderRecord(args.headers, "headers"),
-				body: parseRawString(args.body, "body", { allowEmpty: true }),
-				httpVersion: parseOptionalString(args.httpVersion, "httpVersion") ?? "1.1",
-				addHostHeader: parseBooleanArg(args.addHostHeader, true),
-				addContentLength: parseBooleanArg(args.addContentLength, true),
-				addConnectionClose: parseBooleanArg(args.addConnectionClose, true)
-			});
-			emitEvent(this.eventBus, "network:http_request_built", {
-				method: built.startLine.split(" ", 1)[0] ?? "UNKNOWN",
-				target,
-				byteLength: built.requestBytes,
-				timestamp: (/* @__PURE__ */ new Date()).toISOString()
-			});
-			return R.ok().merge(built).json();
-		} catch (error) {
-			return R.fail(error instanceof Error ? error.message : String(error)).json();
-		}
-	}
-	async handleHttpPlainRequest(args) {
-		try {
-			const hostArg = parseOptionalString(args.host, "host");
-			const requestText = parseRawString(args.requestText, "requestText");
-			if (!hostArg) throw new Error("host is required");
-			if (!requestText) throw new Error("requestText is required");
-			const host = normalizeTargetHost(hostArg);
-			const port = parseNumberArg(args.port, {
-				defaultValue: 80,
-				min: 1,
-				max: 65535,
-				integer: true
-			});
-			const timeoutMs = parseNumberArg(args.timeoutMs, {
-				defaultValue: 3e4,
-				min: 1,
-				max: 12e4,
-				integer: true
-			});
-			const maxResponseBytes = parseNumberArg(args.maxResponseBytes, {
-				defaultValue: 512e3,
-				min: 256,
-				max: 5242880,
-				integer: true
-			});
-			const requestMethod = getRequestMethod(requestText);
-			const authorization = parseNetworkAuthorization(args.authorization);
-			const { target } = await resolveAuthorizedTransportTarget(`http://${formatHostForUrl(host)}:${String(port)}/`, authorization, "HTTP request");
-			if (authorization) {
-				const requestTarget = (requestText.split(/\r?\n/, 1)[0] ?? "").split(/\s+/)[1] ?? "";
-				if (requestTarget.includes("://")) try {
-					const targetHost = normalizeTargetHost(new URL(requestTarget).hostname);
-					if (targetHost !== host && targetHost !== (target.resolvedAddress ?? "")) throw new Error(`HTTP request blocked: request-line target host "${targetHost}" does not match authorized host "${host}"`);
-				} catch (e) {
-					if (e instanceof Error && e.message.startsWith("HTTP request blocked:")) throw e;
-				}
-				const hostHeaderValue = requestText.match(/^Host:\s*(\S+)/im)?.[1];
-				if (hostHeaderValue) {
-					const declaredHost = normalizeTargetHost(hostHeaderValue.replace(/:\d+$/, ""));
-					if (declaredHost !== host && declaredHost !== (target.resolvedAddress ?? "")) throw new Error(`HTTP request blocked: Host header "${hostHeaderValue}" does not match authorized host "${host}"`);
-				}
-			}
-			const exchange = await exchangePlainHttp(target.resolvedAddress ?? target.hostname, port, Buffer.from(requestText, "utf8"), requestMethod, timeoutMs, maxResponseBytes);
-			const analysis = analyzeHttpResponse(exchange.rawResponse, requestMethod);
-			if (!analysis) throw new Error("Received data but could not parse complete HTTP response headers.");
-			const bodyIsText = isLikelyTextHttpBody(analysis.rawHeaders.find((h) => h.name.toLowerCase() === "content-type")?.value ?? null, analysis.bodyBuffer);
-			const complete = analysis.complete || analysis.bodyMode === "until-close" && exchange.endedBy === "socket-close";
-			emitEvent(this.eventBus, "network:http_plain_request_completed", {
-				host,
-				port,
-				statusCode: analysis.statusCode,
-				byteLength: exchange.rawResponse.length,
-				timestamp: (/* @__PURE__ */ new Date()).toISOString()
-			});
-			return R.ok().merge({
-				host,
-				port,
-				resolvedAddress: target.resolvedAddress ?? target.hostname,
-				requestBytes: Buffer.byteLength(requestText, "utf8"),
-				response: {
-					statusLine: analysis.statusLine,
-					httpVersion: analysis.httpVersion,
-					statusCode: analysis.statusCode,
-					statusText: analysis.statusText,
-					headers: analysis.headers,
-					rawHeaders: analysis.rawHeaders,
-					headerBytes: analysis.headerBytes,
-					bodyBytes: analysis.bodyBytes,
-					bodyMode: analysis.bodyMode,
-					chunkedDecoded: analysis.chunkedDecoded,
-					complete,
-					truncated: exchange.endedBy === "max-bytes",
-					endedBy: exchange.endedBy,
-					bodyText: bodyIsText ? analysis.bodyBuffer.toString("utf8") : void 0,
-					bodyBase64: bodyIsText ? void 0 : analysis.bodyBuffer.toString("base64")
-				}
-			}).json();
-		} catch (error) {
-			return R.fail(error instanceof Error ? error.message : String(error)).json();
-		}
-	}
-	async handleHttp2Probe(args) {
-		const rawUrl = parseOptionalString(args.url, "url");
-		let eventUrl = rawUrl ?? "";
-		let eventStatusCode = null;
-		let eventAlpnProtocol = null;
-		let eventSuccess = false;
-		try {
-			if (!rawUrl) throw new Error("url is required");
-			const method = (parseOptionalString(args.method, "method") ?? "GET").toUpperCase();
-			if (!HTTP_TOKEN_RE.test(method)) throw new Error("method must be a valid HTTP token");
-			const timeoutMs = parseNumberArg(args.timeoutMs, {
-				defaultValue: 3e4,
-				min: 1,
-				max: 12e4,
-				integer: true
-			});
-			const maxBodyBytes = parseNumberArg(args.maxBodyBytes, {
-				defaultValue: 32768,
-				min: 128,
-				max: 1048576,
-				integer: true
-			});
-			const bodyBuffer = Buffer.from(parseRawString(args.body, "body", { allowEmpty: true }) ?? "", "utf8");
+			const rawBody = args.body;
+			const bodyIsObject = rawBody !== null && rawBody !== void 0 && typeof rawBody !== "string";
+			const bodyString = typeof rawBody === "string" ? rawBody : bodyIsObject ? JSON.stringify(rawBody) : "";
+			const bodyBuffer = Buffer.from(bodyString, "utf8");
 			const alpnProtocols = parseStringArray(args.alpnProtocols, "alpnProtocols");
 			const requestHeaders = toHttp2RequestHeaders(parseHeaderRecord(args.headers, "headers"));
+			if (bodyIsObject && bodyBuffer.length > 0 && !("content-type" in requestHeaders)) requestHeaders["content-type"] = "application/json";
 			const { url, target } = await resolveAuthorizedTransportTarget(rawUrl, parseNetworkAuthorization(args.authorization), "HTTP/2 probe");
 			eventUrl = url.toString();
 			if (!("content-length" in requestHeaders) && bodyBuffer.length > 0) requestHeaders["content-length"] = String(bodyBuffer.length);
@@ -3024,32 +2507,594 @@ var RawHandlers = class {
 				};
 			});
 		}
-		const result = buildHttp2Frame({
-			frameType,
-			...streamId !== void 0 && { streamId },
-			...flags !== void 0 && { flags },
-			...frameTypeCode !== void 0 && { frameTypeCode },
-			...payloadHex !== void 0 && { payloadHex },
-			...payloadText !== void 0 && { payloadText },
-			...payloadEncoding !== void 0 && { payloadEncoding },
-			...settings !== void 0 && { settings },
-			...ack !== void 0 && { ack },
-			...pingOpaqueDataHex !== void 0 && { pingOpaqueDataHex },
-			...windowSizeIncrement !== void 0 && { windowSizeIncrement },
-			...errorCode !== void 0 && { errorCode },
-			...lastStreamId !== void 0 && { lastStreamId },
-			...debugDataText !== void 0 && { debugDataText },
-			...debugDataEncoding !== void 0 && { debugDataEncoding }
-		});
-		emitEvent(this.eventBus, "network:http2_frame_build_completed", {
-			frameType: result.frameType,
-			typeCode: result.typeCode,
-			streamId: result.streamId,
-			flags: result.flags,
-			payloadBytes: result.payloadBytes,
-			timestamp: (/* @__PURE__ */ new Date()).toISOString()
-		});
-		return R.ok().merge(result).json();
+		const result = buildHttp2Frame({
+			frameType,
+			...streamId !== void 0 && { streamId },
+			...flags !== void 0 && { flags },
+			...frameTypeCode !== void 0 && { frameTypeCode },
+			...payloadHex !== void 0 && { payloadHex },
+			...payloadText !== void 0 && { payloadText },
+			...payloadEncoding !== void 0 && { payloadEncoding },
+			...settings !== void 0 && { settings },
+			...ack !== void 0 && { ack },
+			...pingOpaqueDataHex !== void 0 && { pingOpaqueDataHex },
+			...windowSizeIncrement !== void 0 && { windowSizeIncrement },
+			...errorCode !== void 0 && { errorCode },
+			...lastStreamId !== void 0 && { lastStreamId },
+			...debugDataText !== void 0 && { debugDataText },
+			...debugDataEncoding !== void 0 && { debugDataEncoding }
+		});
+		emitEvent(this.eventBus, "network:http2_frame_build_completed", {
+			frameType: result.frameType,
+			typeCode: result.typeCode,
+			streamId: result.streamId,
+			flags: result.flags,
+			payloadBytes: result.payloadBytes,
+			timestamp: (/* @__PURE__ */ new Date()).toISOString()
+		});
+		return R.ok().merge(result).json();
+	}
+};
+//#endregion
+//#region src/native/IcmpProbe.ts
+/**
+* Cross-platform ICMP probe and traceroute via koffi FFI.
+*
+* Windows: IcmpSendEcho from iphlpapi.dll (no admin required).
+* Linux/macOS: Raw ICMP sockets via libc (requires root/CAP_NET_RAW).
+*
+* Uses Buffer-based struct parsing (same pattern as Win32API.ts)
+* to avoid koffi struct registration issues in test environments.
+*/
+function ipToString(addr) {
+	return `${addr & 255}.${addr >>> 8 & 255}.${addr >>> 16 & 255}.${addr >>> 24 & 255}`;
+}
+function isValidIpv4(ip) {
+	const parts = ip.split(".");
+	if (parts.length !== 4) return false;
+	return parts.every((p) => {
+		const n = parseInt(p, 10);
+		return !isNaN(n) && n >= 0 && n <= 255 && p === String(n);
+	});
+}
+let available = null;
+const IP_STATUS = {
+	0: "SUCCESS",
+	11001: "BUF_TOO_SMALL",
+	11002: "DEST_NET_UNREACHABLE",
+	11003: "DEST_HOST_UNREACHABLE",
+	11004: "DEST_PROT_UNREACHABLE",
+	11005: "DEST_PORT_UNREACHABLE",
+	11009: "PACKET_TOO_BIG",
+	11010: "REQ_TIMED_OUT",
+	11013: "TTL_EXPIRED_TRANSIT",
+	11014: "TTL_EXPIRED_REASSEM",
+	11015: "PARAM_PROBLEM",
+	11016: "SOURCE_QUENCH",
+	11050: "GENERAL_FAILURE"
+};
+function winStatusLabel(s) {
+	return IP_STATUS[s] ?? `UNKNOWN_${s}`;
+}
+function winStatusClass(s) {
+	if (s === 0) return "success";
+	if (s === 11010) return "timeout";
+	if (s === 11013 || s === 11014) return "time_exceeded";
+	if (s >= 11002 && s <= 11005) return "destination_unreachable";
+	if (s === 11016) return "source_quench";
+	if (s === 11009) return "packet_too_big";
+	if (s === 11015) return "parameter_problem";
+	return "error";
+}
+let iphlpapi = null;
+let ws2_32 = null;
+function getIphlpapi() {
+	if (!iphlpapi) {
+		iphlpapi = koffi.load("iphlpapi.dll");
+		logger.debug("Loaded iphlpapi.dll via koffi");
+	}
+	return iphlpapi;
+}
+function getWs2_32() {
+	if (!ws2_32) {
+		ws2_32 = koffi.load("ws2_32.dll");
+		logger.debug("Loaded ws2_32.dll via koffi");
+	}
+	return ws2_32;
+}
+const IP_OPT_SIZE = 16;
+const MIN_REPLY_BUF_SIZE = 256;
+const ICMP_REPLY_OVERHEAD = 64;
+function getReplyBufferSize(packetSize) {
+	return Math.max(MIN_REPLY_BUF_SIZE, packetSize + ICMP_REPLY_OVERHEAD);
+}
+function buildOptionBuf(ttl) {
+	const buf = Buffer.alloc(IP_OPT_SIZE, 0);
+	buf.writeUInt8(ttl, 0);
+	return buf;
+}
+function parseReply(buf) {
+	return {
+		address: buf.readUInt32LE(0),
+		status: buf.readUInt32LE(4),
+		rtt: buf.readUInt32LE(8)
+	};
+}
+function win_inet_addr(ip) {
+	return getWs2_32().func("uint32 inet_addr(char *)")(ip);
+}
+function win_IcmpCreateFile() {
+	return getIphlpapi().func("void * IcmpCreateFile()")();
+}
+function win_IcmpCloseHandle(h) {
+	return getIphlpapi().func("int IcmpCloseHandle(void *)")(h) !== 0;
+}
+function win_IcmpSendEcho(handle, destAddr, sendData, optionBuf, timeoutMs) {
+	const fn = getIphlpapi().func("uint32 IcmpSendEcho(void *, uint32, void *, uint16, void *, void *, uint32, uint32)");
+	const replyBuf = Buffer.alloc(getReplyBufferSize(sendData.length));
+	const n = fn(handle, destAddr, sendData, sendData.length, optionBuf, replyBuf, replyBuf.length, timeoutMs);
+	return {
+		numReplies: Number(n),
+		replyBuf
+	};
+}
+function winIcmpProbe(params) {
+	const { target, ttl = 128, packetSize = ICMP_DEFAULT_PACKET_SIZE, timeout = ICMP_PROBE_TIMEOUT_MS } = params;
+	const destAddr = win_inet_addr(target);
+	if (destAddr === 4294967295) return {
+		target,
+		ip: "",
+		alive: false,
+		rtt: null,
+		ttl,
+		icmpStatus: "INVALID_ADDRESS",
+		errorClass: "error",
+		packetSize
+	};
+	const handle = win_IcmpCreateFile();
+	try {
+		const { numReplies, replyBuf } = win_IcmpSendEcho(handle, destAddr, Buffer.alloc(packetSize, 170), buildOptionBuf(ttl), timeout);
+		if (numReplies === 0) return {
+			target,
+			ip: ipToString(destAddr),
+			alive: false,
+			rtt: null,
+			ttl,
+			icmpStatus: "REQ_TIMED_OUT",
+			errorClass: "timeout",
+			packetSize
+		};
+		const reply = parseReply(replyBuf);
+		return {
+			target,
+			ip: ipToString(reply.address),
+			alive: reply.status === 0,
+			rtt: reply.status === 0 ? reply.rtt : null,
+			ttl,
+			icmpStatus: winStatusLabel(reply.status),
+			errorClass: winStatusClass(reply.status),
+			packetSize
+		};
+	} finally {
+		win_IcmpCloseHandle(handle);
+	}
+}
+function winTraceroute(params) {
+	const { target, maxHops = ICMP_TRACEROUTE_MAX_HOPS, timeout = ICMP_PROBE_TIMEOUT_MS, packetSize = ICMP_DEFAULT_PACKET_SIZE } = params;
+	const destAddr = win_inet_addr(target);
+	if (destAddr === 4294967295) return {
+		target,
+		ip: "",
+		hops: [],
+		reached: false,
+		totalHops: 0,
+		totalTime: 0
+	};
+	const handle = win_IcmpCreateFile();
+	const hops = [];
+	const t0 = performance.now();
+	try {
+		for (let ttl = 1; ttl <= maxHops; ttl++) {
+			const { numReplies, replyBuf } = win_IcmpSendEcho(handle, destAddr, Buffer.alloc(packetSize, 170), buildOptionBuf(ttl), timeout);
+			if (numReplies === 0) {
+				hops.push({
+					hop: ttl,
+					ip: null,
+					rtt: null,
+					status: "REQ_TIMED_OUT",
+					errorClass: "timeout"
+				});
+				continue;
+			}
+			const reply = parseReply(replyBuf);
+			const hopIp = ipToString(reply.address);
+			hops.push({
+				hop: ttl,
+				ip: hopIp,
+				rtt: reply.rtt,
+				status: winStatusLabel(reply.status),
+				errorClass: winStatusClass(reply.status)
+			});
+			if (reply.status === 0) break;
+		}
+	} finally {
+		win_IcmpCloseHandle(handle);
+	}
+	const last = hops[hops.length - 1];
+	return {
+		target,
+		ip: ipToString(destAddr),
+		hops,
+		reached: last?.status === "SUCCESS",
+		totalHops: hops.length,
+		totalTime: Math.round((performance.now() - t0) * 100) / 100
+	};
+}
+const AF_INET = 2;
+const SOCK_RAW = 3;
+const IPPROTO_ICMP = 1;
+const IPPROTO_IP = 0;
+const IP_TTL = 2;
+const SOL_SOCKET = 1;
+const SO_RCVTIMEO = process.platform === "darwin" ? 4102 : 20;
+const POSIX_LIB = process.platform === "darwin" ? "/usr/lib/libSystem.B.dylib" : "libc.so.6";
+let posixLib = null;
+function getPosixLib() {
+	if (!posixLib) {
+		posixLib = koffi.load(POSIX_LIB);
+		logger.debug(`Loaded ${POSIX_LIB} via koffi for ICMP`);
+	}
+	return posixLib;
+}
+function posixSocket(domain, type, protocol) {
+	return getPosixLib().func("int socket(int, int, int)")(domain, type, protocol);
+}
+function posixSetsockopt(fd, level, optname, optval, optlen) {
+	return getPosixLib().func("int setsockopt(int, int, int, void *, int)")(fd, level, optname, optval, optlen);
+}
+function posixSendto(fd, buf, addr) {
+	return getPosixLib().func("int sendto(int, void *, int, int, void *, int)")(fd, buf, buf.length, 0, addr, 16);
+}
+function posixRecv(fd, buf) {
+	return getPosixLib().func("int recv(int, void *, int, int)")(fd, buf, buf.length, 0);
+}
+function posixClose(fd) {
+	return getPosixLib().func("int close(int)")(fd);
+}
+function computeChecksum(buf) {
+	let sum = 0;
+	for (let i = 0; i < buf.length - 1; i += 2) sum += buf.readUInt16BE(i);
+	if (buf.length & 1) sum += (buf[buf.length - 1] ?? 0) << 8;
+	while (sum > 65535) sum = (sum & 65535) + (sum >>> 16);
+	return ~sum & 65535;
+}
+function buildIcmpEcho(id, seq, payloadSize) {
+	const buf = Buffer.alloc(8 + payloadSize);
+	buf[0] = 8;
+	buf[1] = 0;
+	buf.writeUInt16BE(id & 65535, 4);
+	buf.writeUInt16BE(seq & 65535, 6);
+	for (let i = 8; i < buf.length; i++) buf[i] = 170;
+	buf.writeUInt16BE(computeChecksum(buf), 2);
+	return buf;
+}
+function buildSockaddrIn(ip) {
+	const buf = Buffer.alloc(16, 0);
+	buf.writeUInt16LE(AF_INET, 0);
+	const parts = ip.split(".").map(Number);
+	buf[4] = parts[0] ?? 0;
+	buf[5] = parts[1] ?? 0;
+	buf[6] = parts[2] ?? 0;
+	buf[7] = parts[3] ?? 0;
+	return buf;
+}
+function parseIcmpPacket(buf, n, expectedId) {
+	if (n < 20) return null;
+	const ihl = ((buf[0] ?? 0) & 15) * 4;
+	if (n < ihl + 8) return null;
+	const icmpType = buf[ihl] ?? 0;
+	const icmpCode = buf[ihl + 1] ?? 0;
+	const fromIp = buf.readUInt32LE(12);
+	if (icmpType === 0) {
+		if (buf.readUInt16BE(ihl + 4) !== expectedId) return null;
+		return {
+			type: icmpType,
+			code: icmpCode,
+			fromIp
+		};
+	}
+	if (icmpType === 11 || icmpType === 3) {
+		const origStart = ihl + 8;
+		if (n < origStart + 28) return null;
+		const origIhl = ((buf[origStart] ?? 0) & 15) * 4;
+		if (n < origStart + origIhl + 8) return null;
+		if (buf.readUInt16BE(origStart + origIhl + 4) !== expectedId) return null;
+		return {
+			type: icmpType,
+			code: icmpCode,
+			fromIp
+		};
+	}
+	return null;
+}
+function posixStatusLabel(type, code, timedOut) {
+	if (type === 0) return "SUCCESS";
+	if (timedOut) return "REQ_TIMED_OUT";
+	if (type === 11 && code === 0) return "TTL_EXPIRED_TRANSIT";
+	if (type === 11 && code === 1) return "TTL_EXPIRED_REASSEM";
+	if (type === 3 && code === 0) return "DEST_NET_UNREACHABLE";
+	if (type === 3 && code === 1) return "DEST_HOST_UNREACHABLE";
+	if (type === 3 && code === 2) return "DEST_PROT_UNREACHABLE";
+	if (type === 3 && code === 3) return "DEST_PORT_UNREACHABLE";
+	return `UNKNOWN_${type}_${code}`;
+}
+function posixErrorClass(type, _exitCodeValue, timedOut) {
+	if (type === 0) return "success";
+	if (timedOut) return "timeout";
+	if (type === 11) return "time_exceeded";
+	if (type === 3) return "destination_unreachable";
+	return "error";
+}
+function posixSetTtl(fd, ttl) {
+	const buf = Buffer.alloc(4);
+	buf.writeInt32LE(ttl);
+	posixSetsockopt(fd, IPPROTO_IP, IP_TTL, buf, 4);
+}
+function posixSetRecvTimeout(fd, timeoutMs) {
+	const tv = Buffer.alloc(16, 0);
+	tv.writeInt32LE(Math.floor(timeoutMs / 1e3), 0);
+	tv.writeInt32LE(timeoutMs % 1e3 * 1e3, 8);
+	posixSetsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, tv, 16);
+}
+function posixIcmpProbe(params) {
+	const { target, ttl = 128, packetSize = ICMP_DEFAULT_PACKET_SIZE, timeout = ICMP_PROBE_TIMEOUT_MS } = params;
+	if (!isValidIpv4(target)) return {
+		target,
+		ip: "",
+		alive: false,
+		rtt: null,
+		ttl,
+		icmpStatus: "INVALID_ADDRESS",
+		errorClass: "error",
+		packetSize
+	};
+	const fd = posixSocket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
+	if (fd < 0) return {
+		target,
+		ip: "",
+		alive: false,
+		rtt: null,
+		ttl,
+		icmpStatus: "SOCKET_ERROR",
+		errorClass: "error",
+		packetSize
+	};
+	try {
+		posixSetTtl(fd, ttl);
+		posixSetRecvTimeout(fd, timeout);
+		const id = process.pid & 65535;
+		const packet = buildIcmpEcho(id, 1, packetSize);
+		const destAddr = buildSockaddrIn(target);
+		const t0 = performance.now();
+		if (posixSendto(fd, packet, destAddr) < 0) return {
+			target,
+			ip: target,
+			alive: false,
+			rtt: null,
+			ttl,
+			icmpStatus: "SEND_ERROR",
+			errorClass: "error",
+			packetSize
+		};
+		const recvBuf = Buffer.alloc(512);
+		const n = posixRecv(fd, recvBuf);
+		const rtt = Math.round(performance.now() - t0);
+		if (n <= 0) return {
+			target,
+			ip: target,
+			alive: false,
+			rtt: null,
+			ttl,
+			icmpStatus: "REQ_TIMED_OUT",
+			errorClass: "timeout",
+			packetSize
+		};
+		const reply = parseIcmpPacket(recvBuf, n, id);
+		if (!reply) return {
+			target,
+			ip: target,
+			alive: false,
+			rtt: null,
+			ttl,
+			icmpStatus: "UNEXPECTED_REPLY",
+			errorClass: "error",
+			packetSize
+		};
+		const alive = reply.type === 0;
+		return {
+			target,
+			ip: ipToString(reply.fromIp),
+			alive,
+			rtt: alive ? rtt : null,
+			ttl,
+			icmpStatus: posixStatusLabel(reply.type, reply.code, false),
+			errorClass: posixErrorClass(reply.type, reply.code, false),
+			packetSize
+		};
+	} finally {
+		posixClose(fd);
+	}
+}
+function posixTraceroute(params) {
+	const { target, maxHops = ICMP_TRACEROUTE_MAX_HOPS, timeout = ICMP_PROBE_TIMEOUT_MS, packetSize = ICMP_DEFAULT_PACKET_SIZE } = params;
+	if (!isValidIpv4(target)) return {
+		target,
+		ip: "",
+		hops: [],
+		reached: false,
+		totalHops: 0,
+		totalTime: 0
+	};
+	const fd = posixSocket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
+	if (fd < 0) return {
+		target,
+		ip: "",
+		hops: [],
+		reached: false,
+		totalHops: 0,
+		totalTime: 0
+	};
+	const hops = [];
+	const id = process.pid & 65535;
+	const destAddr = buildSockaddrIn(target);
+	const t0 = performance.now();
+	const MAX_CONSECUTIVE_SEND_ERRORS = 5;
+	let consecutiveSendErrors = 0;
+	try {
+		posixSetRecvTimeout(fd, timeout);
+		for (let ttl = 1; ttl <= maxHops; ttl++) {
+			posixSetTtl(fd, ttl);
+			const packet = buildIcmpEcho(id, ttl, packetSize);
+			const sendT0 = performance.now();
+			if (posixSendto(fd, packet, destAddr) < 0) {
+				consecutiveSendErrors++;
+				hops.push({
+					hop: ttl,
+					ip: null,
+					rtt: null,
+					status: "SEND_ERROR",
+					errorClass: "error"
+				});
+				if (consecutiveSendErrors >= MAX_CONSECUTIVE_SEND_ERRORS) break;
+				continue;
+			}
+			consecutiveSendErrors = 0;
+			const recvBuf = Buffer.alloc(512);
+			const n = posixRecv(fd, recvBuf);
+			const rtt = Math.round(performance.now() - sendT0);
+			if (n <= 0) {
+				hops.push({
+					hop: ttl,
+					ip: null,
+					rtt: null,
+					status: "REQ_TIMED_OUT",
+					errorClass: "timeout"
+				});
+				continue;
+			}
+			const reply = parseIcmpPacket(recvBuf, n, id);
+			if (!reply) {
+				hops.push({
+					hop: ttl,
+					ip: null,
+					rtt: null,
+					status: "UNEXPECTED_REPLY",
+					errorClass: "error"
+				});
+				continue;
+			}
+			const status = posixStatusLabel(reply.type, reply.code, false);
+			const errorCls = posixErrorClass(reply.type, reply.code, false);
+			hops.push({
+				hop: ttl,
+				ip: ipToString(reply.fromIp),
+				rtt,
+				status,
+				errorClass: errorCls
+			});
+			if (reply.type === 0) break;
+		}
+	} finally {
+		posixClose(fd);
+	}
+	return {
+		target,
+		ip: target,
+		hops,
+		reached: hops[hops.length - 1]?.status === "SUCCESS",
+		totalHops: hops.length,
+		totalTime: Math.round((performance.now() - t0) * 100) / 100
+	};
+}
+const isPosix = process.platform === "linux" || process.platform === "darwin";
+function isIcmpAvailable() {
+	if (available !== null) return available;
+	if (process.platform === "win32") try {
+		koffi.load("iphlpapi.dll").unload();
+		available = true;
+		return true;
+	} catch {
+		available = false;
+		return false;
+	}
+	if (isPosix) {
+		try {
+			const fd = posixSocket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
+			if (fd >= 0) {
+				posixClose(fd);
+				available = true;
+			} else available = false;
+		} catch {
+			available = false;
+		}
+		return available;
+	}
+	available = false;
+	return false;
+}
+function icmpProbe(params) {
+	const { target, ttl = 128, packetSize = ICMP_DEFAULT_PACKET_SIZE, timeout = ICMP_PROBE_TIMEOUT_MS } = params;
+	if (!isIcmpAvailable()) return {
+		target,
+		ip: "",
+		alive: false,
+		rtt: null,
+		ttl,
+		icmpStatus: "PLATFORM_NOT_SUPPORTED",
+		errorClass: "error",
+		packetSize
+	};
+	if (process.platform === "win32") return winIcmpProbe({
+		target,
+		ttl,
+		packetSize,
+		timeout
+	});
+	return posixIcmpProbe({
+		target,
+		ttl,
+		packetSize,
+		timeout
+	});
+}
+function traceroute(params) {
+	const { target, maxHops = ICMP_TRACEROUTE_MAX_HOPS, timeout = ICMP_PROBE_TIMEOUT_MS, packetSize = ICMP_DEFAULT_PACKET_SIZE } = params;
+	if (!isIcmpAvailable()) return {
+		target,
+		ip: "",
+		hops: [],
+		reached: false,
+		totalHops: 0,
+		totalTime: 0
+	};
+	if (process.platform === "win32") return winTraceroute({
+		target,
+		maxHops,
+		timeout,
+		packetSize
+	});
+	return posixTraceroute({
+		target,
+		maxHops,
+		timeout,
+		packetSize
+	});
+}
+//#endregion
+//#region src/server/domains/network/handlers/raw-latency-handlers.ts
+var RawLatencyHandlers = class {
+	constructor(eventBus) {
+		this.eventBus = eventBus;
 	}
 	async handleNetworkRttMeasure(args) {
 		const urlRaw = parseOptionalString(args.url, "url");
@@ -3077,7 +3122,7 @@ var RawHandlers = class {
 		const useHttps = url.protocol === "https:";
 		const samples = [];
 		const errors = [];
-		for (let i = 0; i < iterations; i++) try {
+		for (let index = 0; index < iterations; index += 1) try {
 			const rtt = await this.measureSingleRtt(hostname, resolvedIp, port, probeType, timeoutMs, useHttps);
 			samples.push(rtt);
 		} catch (err) {
@@ -3106,6 +3151,46 @@ var RawHandlers = class {
 			timestamp: (/* @__PURE__ */ new Date()).toISOString()
 		}).json();
 	}
+	async handleNetworkTraceroute(args) {
+		try {
+			if (!isIcmpAvailable()) return R.text("ICMP traceroute not available on this platform (Windows: native API, Linux/macOS: requires root/CAP_NET_RAW)", true);
+			const target = parseOptionalString(args.target, "target");
+			if (!target) return R.text("target is required", true);
+			const resolvedTarget = await resolveHostname(target);
+			if (!resolvedTarget) return R.fail(`Could not resolve hostname: ${target}`).json();
+			const result = traceroute({
+				target: resolvedTarget,
+				maxHops: clamp(args.maxHops !== void 0 ? Number(args.maxHops) : 30, 1, 64),
+				timeout: clamp(args.timeout !== void 0 ? Number(args.timeout) : 5e3, 100, 3e4),
+				packetSize: clamp(args.packetSize !== void 0 ? Number(args.packetSize) : 32, 8, 65500)
+			});
+			return R.ok().merge({ resolvedFrom: target }).json(result);
+		} catch (err) {
+			const message = err instanceof Error ? err.message : String(err);
+			return R.fail(`Traceroute failed: ${message}`).json();
+		}
+	}
+	async handleNetworkIcmpProbe(args) {
+		try {
+			if (!isIcmpAvailable()) return R.text("ICMP probe not available on this platform (Windows: native API, Linux/macOS: requires root/CAP_NET_RAW)", true);
+			const target = parseOptionalString(args.target, "target");
+			if (!target) return R.text("target is required", true);
+			const resolvedTarget = await resolveHostname(target);
+			if (!resolvedTarget) return R.fail(`Could not resolve hostname: ${target}`).json();
+			const ttl = clamp(args.ttl !== void 0 ? Number(args.ttl) : 128, 1, 255);
+			const timeout = clamp(args.timeout !== void 0 ? Number(args.timeout) : 5e3, 100, 3e4);
+			const result = icmpProbe({
+				target: resolvedTarget,
+				ttl,
+				packetSize: clamp(args.packetSize !== void 0 ? Number(args.packetSize) : 32, 8, 65500),
+				timeout
+			});
+			return R.ok().merge({ resolvedFrom: target }).json(result);
+		} catch (err) {
+			const message = err instanceof Error ? err.message : String(err);
+			return R.fail(`ICMP probe failed: ${message}`).json();
+		}
+	}
 	measureSingleRtt(hostname, address, port, probeType, timeoutMs, useHttps) {
 		switch (probeType) {
 			case "tcp": return this.probeTcp(address, port, timeoutMs);
@@ -3198,42 +3283,458 @@ var RawHandlers = class {
 			request.end();
 		});
 	}
-	async handleNetworkTraceroute(args) {
-		try {
-			if (!isIcmpAvailable()) return R.text("ICMP traceroute not available on this platform (Windows: native API, Linux/macOS: requires root/CAP_NET_RAW)", true);
-			const target = parseOptionalString(args.target, "target");
-			if (!target) return R.text("target is required", true);
-			const result = traceroute({
-				target,
-				maxHops: clamp(args.maxHops !== void 0 ? Number(args.maxHops) : 30, 1, 64),
-				timeout: clamp(args.timeout !== void 0 ? Number(args.timeout) : 5e3, 100, 3e4),
-				packetSize: clamp(args.packetSize !== void 0 ? Number(args.packetSize) : 32, 8, 65500)
-			});
-			return R.ok().json(result);
-		} catch (err) {
-			const message = err instanceof Error ? err.message : String(err);
-			return R.fail(`Traceroute failed: ${message}`).json();
+};
+async function resolveHostname(target) {
+	if (net.isIPv4(target)) return target;
+	try {
+		return (await dns.resolve(target, "A"))[0] ?? null;
+	} catch {
+		return null;
+	}
+}
+//#endregion
+//#region src/server/domains/network/handlers/raw-handlers.ts
+var RawHandlers = class extends RawLatencyHandlers {
+	dnsHttp;
+	http2;
+	constructor(eventBus) {
+		super(eventBus);
+		this.dnsHttp = new RawDnsHttpHandlers(eventBus);
+		this.http2 = new RawHttp2Handlers(eventBus);
+	}
+	handleDnsResolve(args) {
+		return this.dnsHttp.handleDnsResolve(args);
+	}
+	handleDnsReverse(args) {
+		return this.dnsHttp.handleDnsReverse(args);
+	}
+	handleHttpRequestBuild(args) {
+		return this.dnsHttp.handleHttpRequestBuild(args);
+	}
+	handleHttpPlainRequest(args) {
+		return this.dnsHttp.handleHttpPlainRequest(args);
+	}
+	handleHttp2Probe(args) {
+		return this.http2.handleHttp2Probe(args);
+	}
+	handleHttp2FrameBuild(args) {
+		return this.http2.handleHttp2FrameBuild(args);
+	}
+};
+//#endregion
+//#region src/server/domains/network/handlers/tls-bot-handlers.ts
+const GREASE_HEX = new Set([
+	"0a0a",
+	"1a1a",
+	"2a2a",
+	"3a3a",
+	"4a4a",
+	"5a5a",
+	"6a6a",
+	"7a7a",
+	"8a8a",
+	"9a9a",
+	"aaaa",
+	"baba",
+	"caca",
+	"dada",
+	"eaea",
+	"fafa"
+]);
+function isGrease(hex) {
+	return GREASE_HEX.has(hex.replace("0x", "").toLowerCase().padStart(4, "0"));
+}
+function sha256trunc12(input) {
+	return createHash("sha256").update(input).digest("hex").substring(0, 12);
+}
+function toHex4(val) {
+	return val.replace("0x", "").toLowerCase().padStart(4, "0");
+}
+const TLS_VERSION_MAP = {
+	"0304": "13",
+	"0303": "12",
+	"0302": "11",
+	"0301": "10",
+	"0300": "s3",
+	"0002": "s2",
+	feff: "d1",
+	fefd: "d2",
+	fefc: "d3"
+};
+function encodeTlsVersion(versionHex) {
+	return TLS_VERSION_MAP[versionHex.toLowerCase()] ?? "00";
+}
+function encodeAlpn(alpn) {
+	if (!alpn || alpn.length === 0) return "00";
+	const first = alpn[0];
+	const last = alpn[alpn.length - 1];
+	const isFirstAlphaNum = /[0-9a-zA-Z]/.test(first);
+	const isLastAlphaNum = /[0-9a-zA-Z]/.test(last);
+	if (isFirstAlphaNum && isLastAlphaNum) return `${first}${last}`;
+	const hex = Buffer.from(alpn, "utf8").toString("hex");
+	return `${hex[0] ?? "0"}${hex[hex.length - 1] ?? "0"}`;
+}
+function computeTlsFingerprint(opts) {
+	const { protocol, tlsVersion, hasSni, ciphers, extensions, signatureAlgorithms, alpn } = opts;
+	const protoChar = protocol === "quic" ? "q" : protocol === "dtls" ? "d" : "t";
+	const filteredVersions = [tlsVersion].map(toHex4).filter((v) => !isGrease(v) && v !== "0303");
+	const sorted = (tlsVersion.length > 0 ? filteredVersions : ["0303"]).toSorted();
+	const versionStr = encodeTlsVersion(sorted.length > 0 ? sorted[sorted.length - 1] : "0303");
+	const sniChar = hasSni ? "d" : "i";
+	const filteredCiphers = ciphers.map(toHex4).filter((c) => !isGrease(c));
+	const filteredExts = extensions.map(toHex4).filter((e) => !isGrease(e));
+	const a = `${protoChar}${versionStr}${sniChar}${String(Math.min(filteredCiphers.length, 99)).padStart(2, "0")}${String(Math.min(filteredExts.length, 99)).padStart(2, "0")}${encodeAlpn(alpn)}`;
+	const cipherStr = filteredCiphers.toSorted().join(",");
+	const cipherHash = filteredCiphers.length > 0 ? sha256trunc12(cipherStr) : "000000000000";
+	const extsForHash = filteredExts.filter((e) => e !== "0000" && e !== "0010").toSorted();
+	const sigHex = signatureAlgorithms.map(toHex4);
+	let extInput;
+	if (sigHex.length > 0) extInput = `${extsForHash.join(",")}_${sigHex.join(",")}`;
+	else extInput = extsForHash.join(",");
+	return {
+		tls: `${a}_${cipherHash}_${extsForHash.length > 0 || sigHex.length > 0 ? sha256trunc12(extInput) : "000000000000"}`,
+		tls_raw: `${a}_${filteredCiphers.join(",")}_${filteredExts.join(",")}_${sigHex.join(",")}`
+	};
+}
+function computeHttpFingerprint(method, headers, httpVersion, cookieHeader, acceptLanguage) {
+	const methodUpper = method.toUpperCase();
+	const methodCode = {
+		GET: "ge",
+		POST: "po",
+		PUT: "pu",
+		DELETE: "de",
+		HEAD: "he",
+		PATCH: "pa",
+		OPTIONS: "ot"
+	}[methodUpper] ?? methodUpper.toLowerCase().substring(0, 2).padEnd(2, methodUpper.charAt(0).toLowerCase());
+	const normalizedHttpVersion = typeof httpVersion === "string" ? httpVersion.trim().toLowerCase() : "";
+	const versionStr = normalizedHttpVersion === "2" || normalizedHttpVersion === "2.0" || normalizedHttpVersion === "h2" || normalizedHttpVersion === "http/2" ? "20" : normalizedHttpVersion === "3" || normalizedHttpVersion === "3.0" || normalizedHttpVersion === "h3" || normalizedHttpVersion === "http/3" ? "30" : normalizedHttpVersion === "1.0" || normalizedHttpVersion === "http/1.0" ? "10" : normalizedHttpVersion === "1.1" || normalizedHttpVersion === "http/1.1" ? "11" : "00";
+	const lowerHeaders = headers.map((h) => h.toLowerCase());
+	const hasCookie = lowerHeaders.includes("cookie") ? "c" : "n";
+	const hasReferer = lowerHeaders.includes("referer") ? "r" : "n";
+	const nonCookieRefererHeaders = lowerHeaders.filter((h) => h !== "cookie" && h !== "referer");
+	const numHeaders = String(Math.min(nonCookieRefererHeaders.length, 99)).padStart(2, "0");
+	let langStr = "0000";
+	if (acceptLanguage && acceptLanguage.length > 0) langStr = (acceptLanguage.split(",")[0] ?? "").replace(/[-;]/g, "").toLowerCase().trim().padEnd(4, "0").substring(0, 4);
+	const a = `${methodCode}${versionStr}${hasCookie}${hasReferer}${numHeaders}${langStr}`;
+	const sortedHeaders = nonCookieRefererHeaders.filter((h) => !h.startsWith(":")).toSorted();
+	const headerHash = sortedHeaders.length > 0 ? sha256trunc12(sortedHeaders.join(",")) : "000000000000";
+	let cookieNamesHash = "000000000000";
+	let cookieValuesHash = "000000000000";
+	if (hasCookie === "c" && cookieHeader) {
+		const cookiePairs = cookieHeader.split(";").map((c) => c.trim()).filter(Boolean);
+		const cookieNames = cookiePairs.map((c) => c.split("=")[0]?.trim() ?? "").filter(Boolean).toSorted();
+		cookieNamesHash = cookieNames.length > 0 ? sha256trunc12(cookieNames.join(",")) : "000000000000";
+		const sortedValues = cookiePairs.map((c) => {
+			const eqIdx = c.indexOf("=");
+			return {
+				name: eqIdx >= 0 ? c.substring(0, eqIdx).trim() : c.trim(),
+				pair: c
+			};
+		}).toSorted((x, y) => x.name.localeCompare(y.name)).map((p) => p.pair);
+		cookieValuesHash = sortedValues.length > 0 ? sha256trunc12(sortedValues.join(",")) : "000000000000";
+	}
+	return { http: `${a}_${headerHash}_${cookieNamesHash}_${cookieValuesHash}` };
+}
+function normalizeObservedHttpVersion(httpVersion) {
+	if (typeof httpVersion !== "string") return void 0;
+	const normalized = httpVersion.trim().toLowerCase();
+	if (normalized === "1.0" || normalized === "http/1.0") return "1.0";
+	if (normalized === "1.1" || normalized === "http/1.1") return "1.1";
+	if (normalized === "2" || normalized === "2.0" || normalized === "http/2" || normalized === "h2") return "h2";
+	if (normalized === "3" || normalized === "3.0" || normalized === "http/3" || normalized === "h3") return "h3";
+}
+function detectBotSignals(ua, headerNames, tlsSignals) {
+	const signals = [];
+	let score = 0;
+	if (!ua || ua.length === 0) {
+		signals.push("missing-user-agent");
+		score += .3;
+	} else {
+		if (/bot|crawler|spider|headless|selenium|puppeteer|playwright|phantom|curl|wget|python|java|go-http|httpclient|okhttp|requests\/|aiohttp|axios|node-fetch|undici/i.test(ua)) {
+			signals.push(`bot-ua: ${ua.substring(0, 40)}`);
+			score += .5;
+		}
+		if (/headless/i.test(ua)) {
+			signals.push("headless-browser");
+			score += .4;
+		}
+		if (ua.length < 30 && !/bot|curl|wget|python/i.test(ua)) {
+			signals.push("suspiciously-short-ua");
+			score += .2;
 		}
 	}
-	async handleNetworkIcmpProbe(args) {
+	const lowerHeaders = headerNames.map((h) => h.toLowerCase());
+	if (!lowerHeaders.includes("accept")) {
+		signals.push("missing-accept-header");
+		score += .15;
+	}
+	if (!lowerHeaders.includes("accept-language")) {
+		signals.push("missing-accept-language");
+		score += .1;
+	}
+	if (!lowerHeaders.includes("accept-encoding")) {
+		signals.push("missing-accept-encoding");
+		score += .1;
+	}
+	const headerCount = headerNames.length;
+	if (headerCount < 4) {
+		signals.push(`suspicious-few-headers: ${headerCount}`);
+		score += .2;
+	}
+	if (tlsSignals) {
+		if (tlsSignals.cipherCount <= 2) {
+			signals.push(`anomalous-cipher-count: ${tlsSignals.cipherCount} (real browsers typically 5-15)`);
+			score += .3;
+		}
+		if (tlsSignals.extensionCount < 5) {
+			signals.push(`few-tls-extensions: ${tlsSignals.extensionCount} (real browsers 10-25+)`);
+			score += .2;
+		}
+		if (/\bTLS\s*1\.[01]\b|\b1\.0\b|\b1\.1\b|\bSSL/i.test(tlsSignals.tlsVersion)) {
+			signals.push(`outdated-tls-version: ${tlsSignals.tlsVersion}`);
+			score += .25;
+		}
+	}
+	const expectedBrowserOrder = [
+		"host",
+		"connection",
+		"cache-control",
+		"sec-ch-ua",
+		"sec-ch-ua-mobile",
+		"sec-ch-ua-platform",
+		"upgrade-insecure-requests",
+		"user-agent",
+		"accept",
+		"sec-fetch-site",
+		"sec-fetch-mode",
+		"sec-fetch-user",
+		"sec-fetch-dest",
+		"referer",
+		"accept-encoding",
+		"accept-language"
+	];
+	if (lowerHeaders.length >= 5) {
+		if (lowerHeaders.slice(0, 5).filter((h, i) => h === expectedBrowserOrder[i]).length === 0) {
+			signals.push("header-order-does-not-match-known-browser");
+			score += .1;
+		}
+	}
+	return {
+		score: Math.min(score, 1),
+		signals
+	};
+}
+var TlsBotHandlers = class {
+	consoleMonitor;
+	constructor(deps) {
+		this.consoleMonitor = deps.consoleMonitor;
+	}
+	async handleNetworkTlsFingerprint(args) {
+		const mode = args["mode"];
+		const includeAnalysis = args["includeAnalysis"] !== false;
+		const validModes = [
+			"compute_tls",
+			"compute_http",
+			"analyze_request"
+		];
+		if (!mode || !validModes.includes(mode)) return R.fail(`Invalid mode: "${mode}". Expected one of: ${validModes.join(", ")}`).json();
 		try {
-			if (!isIcmpAvailable()) return R.text("ICMP probe not available on this platform (Windows: native API, Linux/macOS: requires root/CAP_NET_RAW)", true);
-			const target = parseOptionalString(args.target, "target");
-			if (!target) return R.text("target is required", true);
-			const ttl = clamp(args.ttl !== void 0 ? Number(args.ttl) : 128, 1, 255);
-			const timeout = clamp(args.timeout !== void 0 ? Number(args.timeout) : 5e3, 100, 3e4);
-			const result = icmpProbe({
-				target,
-				ttl,
-				packetSize: clamp(args.packetSize !== void 0 ? Number(args.packetSize) : 32, 8, 65500),
-				timeout
-			});
-			return R.ok().json(result);
-		} catch (err) {
-			const message = err instanceof Error ? err.message : String(err);
-			return R.fail(`ICMP probe failed: ${message}`).json();
+			if (mode === "compute_tls") {
+				const tlsVersions = args["tlsVersions"] || [];
+				const ciphers = args["ciphers"] || [];
+				const extensions = args["extensions"] || [];
+				const signatureAlgorithms = args["signatureAlgorithms"] || [];
+				const protocol = args["protocol"] === "quic" ? "quic" : args["protocol"] === "dtls" ? "dtls" : "tls";
+				const sni = args["sni"] !== false;
+				const alpn = args["alpn"] || "";
+				if (ciphers.length === 0) return R.fail("ciphers array is required for compute_tls mode").json();
+				const sortedVersions = tlsVersions.map(toHex4).filter((v) => !isGrease(v)).toSorted();
+				const tlsVersion = sortedVersions.length > 0 ? sortedVersions[sortedVersions.length - 1] : "0303";
+				const { tls, tls_raw } = computeTlsFingerprint({
+					protocol,
+					tlsVersion,
+					hasSni: sni,
+					ciphers,
+					extensions,
+					signatureAlgorithms,
+					alpn
+				});
+				const result = {
+					success: true,
+					mode: "tls",
+					tls,
+					tls_raw
+				};
+				if (includeAnalysis) {
+					const filteredCiphers = ciphers.map(toHex4).filter((c) => !isGrease(c));
+					const filteredExts = extensions.map(toHex4).filter((e) => !isGrease(e));
+					result.analysis = {
+						protocol: protocol.toUpperCase(),
+						tlsVersion,
+						sni,
+						cipherCount: filteredCiphers.length,
+						extensionCount: filteredExts.length,
+						signatureAlgorithmCount: signatureAlgorithms.length,
+						alpn: alpn || "(none)",
+						sortedCiphers: filteredCiphers.toSorted(),
+						sortedExtensions: filteredExts.filter((e) => e !== "0000" && e !== "0010").toSorted()
+					};
+				}
+				return R.ok().merge(result).json();
+			}
+			if (mode === "compute_http") {
+				const headers = args["httpHeaders"] || [];
+				const ua = args["userAgent"] || "";
+				const method = args["httpMethod"] || "GET";
+				const httpVersion = args["httpVersion"] || "1.1";
+				const cookieHeader = args["cookieHeader"] || "";
+				const acceptLanguage = args["acceptLanguage"] || "";
+				if (headers.length === 0) return R.fail("httpHeaders array is required for compute_http mode").json();
+				const { http } = computeHttpFingerprint(method, headers, httpVersion, cookieHeader, acceptLanguage);
+				const result = {
+					success: true,
+					mode: "http",
+					http
+				};
+				if (includeAnalysis) {
+					const lowerHeaders = headers.map((h) => h.toLowerCase());
+					result.analysis = {
+						method,
+						httpVersion,
+						headerCount: headers.length,
+						nonCookieRefererHeaders: lowerHeaders.filter((h) => h !== "cookie" && h !== "referer").length,
+						hasCookie: lowerHeaders.includes("cookie"),
+						hasAcceptLanguage: lowerHeaders.includes("accept-language"),
+						sortedHeaders: lowerHeaders.filter((h) => h !== "cookie" && h !== "referer" && !h.startsWith(":")).toSorted(),
+						userAgentLength: ua.length
+					};
+				}
+				return R.ok().merge(result).json();
+			}
+			const requestId = args["requestId"];
+			if (!requestId) return R.fail("requestId is required for analyze_request mode").json();
+			const req = this.consoleMonitor.getNetworkRequests().find((r) => r.requestId === requestId);
+			if (!req) return R.fail(`Request ${requestId} not found`).json();
+			const headers = req.headers || {};
+			const headerNames = Object.keys(headers);
+			const ua = headers["user-agent"] || headers["User-Agent"] || "";
+			const method = req.method || "GET";
+			const cookieHeader = headers["cookie"] || headers["Cookie"] || "";
+			const acceptLanguage = headers["accept-language"] || headers["Accept-Language"] || "";
+			const httpVersion = normalizeObservedHttpVersion(req.httpVersion);
+			const { http } = computeHttpFingerprint(method, headerNames, httpVersion, cookieHeader, acceptLanguage);
+			const secDetails = req["securityDetails"];
+			const tlsSignalsForBot = secDetails && typeof secDetails === "object" ? {
+				cipherCount: typeof secDetails["cipherCount"] === "number" ? secDetails["cipherCount"] : 5,
+				extensionCount: typeof secDetails["extensionCount"] === "number" ? secDetails["extensionCount"] : 10,
+				tlsVersion: typeof secDetails["protocol"] === "string" ? secDetails["protocol"] : ""
+			} : void 0;
+			const result = {
+				success: true,
+				mode: "analyze_request",
+				requestId,
+				url: req.url,
+				method,
+				httpVersion: httpVersion ?? "unknown",
+				http
+			};
+			const analysis = {
+				requestId,
+				url: req.url,
+				method,
+				httpVersion: httpVersion ?? "unknown",
+				http,
+				headerCount: headerNames.length,
+				headerOrder: headerNames.join(", "),
+				userAgent: ua.length > 80 ? ua.substring(0, 80) + "..." : ua,
+				securityHeaders: {
+					hasCSP: void 0,
+					hasHSTS: void 0,
+					hasCORS: void 0
+				},
+				botSignals: detectBotSignals(ua, headerNames, tlsSignalsForBot)
+			};
+			if (includeAnalysis) result.analysis = analysis;
+			return R.ok().merge(result).json();
+		} catch (error) {
+			return R.fail(error instanceof Error ? error.message : String(error)).json();
 		}
 	}
+	async handleNetworkBotDetectAnalyze(args) {
+		const limit = typeof args["limit"] === "number" ? args["limit"] : BOT_DETECT_LIMIT_DEFAULT;
+		const includeDetails = args["includeDetails"] === true;
+		const requests = this.consoleMonitor.getNetworkRequests();
+		const sample = requests.slice(0, limit);
+		if (sample.length === 0) return R.ok().merge({
+			analyzed: 0,
+			summary: "No captured requests to analyze. Enable network monitoring first."
+		}).json();
+		const signals = [];
+		const details = [];
+		let totalBotScore = 0;
+		const httpFingerprints = /* @__PURE__ */ new Map();
+		for (const req of sample) {
+			const headers = req.headers || {};
+			const headerNames = Object.keys(headers);
+			const ua = headers["user-agent"] || headers["User-Agent"] || "";
+			const url = req.url || "";
+			const method = req.method || "GET";
+			const cookieHeader = headers["cookie"] || headers["Cookie"] || "";
+			const acceptLanguage = headers["accept-language"] || headers["Accept-Language"] || "";
+			const httpVersion = normalizeObservedHttpVersion(req.httpVersion);
+			const secDetails = req["securityDetails"];
+			const reqSignals = detectBotSignals(ua, headerNames, secDetails && typeof secDetails === "object" ? {
+				cipherCount: typeof secDetails["cipherCount"] === "number" ? secDetails["cipherCount"] : 5,
+				extensionCount: typeof secDetails["extensionCount"] === "number" ? secDetails["extensionCount"] : 10,
+				tlsVersion: typeof secDetails["protocol"] === "string" ? secDetails["protocol"] : ""
+			} : void 0);
+			const isApiRequest = /\/api\/|\/v\d+\/|\/graphql/i.test(url);
+			const { http } = computeHttpFingerprint(method, headerNames, httpVersion, cookieHeader, acceptLanguage);
+			httpFingerprints.set(http, (httpFingerprints.get(http) ?? 0) + 1);
+			const reqDetail = {
+				requestId: req.requestId,
+				url: url.length > 100 ? url.substring(0, 100) + "..." : url,
+				method,
+				http,
+				botScore: reqSignals.score,
+				signals: reqSignals.signals
+			};
+			totalBotScore += reqSignals.score;
+			if (reqSignals.score > .5) signals.push(`Request ${req.requestId}: ${reqSignals.signals.join(", ")}`);
+			if (isApiRequest) reqDetail.apiPattern = true;
+			if (includeDetails) details.push(reqDetail);
+		}
+		const avgBotScore = sample.length > 0 ? totalBotScore / sample.length : 0;
+		const uniqueFingerprints = httpFingerprints.size;
+		const fingerprintDiversity = uniqueFingerprints / sample.length;
+		const diversitySignals = [];
+		if (fingerprintDiversity > .8) diversitySignals.push(`High fingerprint diversity (${uniqueFingerprints} unique HTTP fingerprints in ${sample.length} requests) — may indicate multiple clients or rotation`);
+		if (fingerprintDiversity === 1 && sample.length > 5) diversitySignals.push(`Every request has a unique HTTP fingerprint — likely automated tool rotating headers`);
+		return R.ok().merge({
+			analyzed: sample.length,
+			totalRequests: requests.length,
+			averageBotScore: Math.round(avgBotScore * 100) / 100,
+			suspiciousRequests: signals.length,
+			httpFingerprintSummary: {
+				uniqueFingerprints,
+				diversity: Math.round(fingerprintDiversity * 100) / 100,
+				topFingerprints: [...httpFingerprints.entries()].toSorted((a, b) => b[1] - a[1]).slice(0, 5).map(([fp, count]) => ({
+					http_fingerprint: fp,
+					count
+				}))
+			},
+			signals: signals.slice(0, 20),
+			...diversitySignals.length > 0 ? { diversitySignals } : {},
+			details: includeDetails ? details : void 0,
+			recommendations: avgBotScore > .5 ? [
+				"High bot-like signal detected. Consider TLS fingerprint rotation.",
+				"Review User-Agent consistency across requests.",
+				"Check header ordering matches real browser behavior.",
+				"HTTP fingerprint diversity can distinguish botnets from real users."
+			] : fingerprintDiversity > .8 ? ["Traffic appears human but fingerprint diversity is high — investigate further."] : ["Traffic appears to follow normal browser patterns."]
+		}).json();
+	}
 };
 //#endregion
 //#region src/server/domains/network/handlers.impl.ts
@@ -3245,11 +3746,12 @@ var AdvancedToolHandlers = class {
 	detailedDataManager = DetailedDataManager.getInstance();
 	core;
 	perf;
-	console_;
+	consoleHandlers;
 	replay;
 	intercept;
 	raw;
-	constructor(collector, consoleMonitor, eventBus) {
+	tlsBot;
+	constructor(collector, consoleMonitor, eventBus, getTraceRecorder) {
 		this.collector = collector;
 		this.consoleMonitor = consoleMonitor;
 		this.eventBus = eventBus;
@@ -3260,15 +3762,17 @@ var AdvancedToolHandlers = class {
 		});
 		this.perf = new PerformanceHandlers({
 			collector,
-			getPerformanceMonitor: () => this.getPerformanceMonitor()
+			getPerformanceMonitor: () => this.getPerformanceMonitor(),
+			getTraceRecorder
 		});
-		this.console_ = new ConsoleHandlers({ consoleMonitor });
+		this.consoleHandlers = new ConsoleHandlers({ consoleMonitor });
 		this.replay = new ReplayHandlers({ consoleMonitor });
 		this.intercept = new InterceptHandlers({
 			consoleMonitor,
 			eventBus
 		});
 		this.raw = new RawHandlers(eventBus);
+		this.tlsBot = new TlsBotHandlers({ consoleMonitor });
 	}
 	getPerformanceMonitor() {
 		if (!this.performanceMonitor) this.performanceMonitor = new PerformanceMonitor(this.collector);
@@ -3295,24 +3799,24 @@ var AdvancedToolHandlers = class {
 	handleProfilerHeapSamplingStart = (args) => this.perf.handleProfilerHeapSamplingStart(args);
 	handleProfilerHeapSamplingStop = (args) => this.perf.handleProfilerHeapSamplingStop(args);
 	handleProfilerHeapSamplingDispatch = (args) => String(args["action"] ?? "") === "stop" ? this.perf.handleProfilerHeapSamplingStop(args) : this.perf.handleProfilerHeapSamplingStart(args);
-	handleConsoleGetExceptions = (args) => this.console_.handleConsoleGetExceptions(args);
+	handleConsoleGetExceptions = (args) => this.consoleHandlers.handleConsoleGetExceptions(args);
 	handleConsoleInjectDispatch = (args) => {
 		switch (String(args["type"] ?? "")) {
-			case "xhr": return this.console_.handleConsoleInjectXhrInterceptor(args);
-			case "fetch": return this.console_.handleConsoleInjectFetchInterceptor(args);
-			case "function": return this.console_.handleConsoleInjectFunctionTracer(args);
-			default: return this.console_.handleConsoleInjectScriptMonitor(args);
+			case "xhr": return this.consoleHandlers.handleConsoleInjectXhrInterceptor(args);
+			case "fetch": return this.consoleHandlers.handleConsoleInjectFetchInterceptor(args);
+			case "function": return this.consoleHandlers.handleConsoleInjectFunctionTracer(args);
+			default: return this.consoleHandlers.handleConsoleInjectScriptMonitor(args);
 		}
 	};
 	handleConsoleBuffersDispatch = (args) => {
-		return String(args["action"] ?? "") === "reset" ? this.console_.handleConsoleResetInjectedInterceptors(args) : this.console_.handleConsoleClearInjectedBuffers(args);
+		return String(args["action"] ?? "") === "reset" ? this.consoleHandlers.handleConsoleResetInjectedInterceptors(args) : this.consoleHandlers.handleConsoleClearInjectedBuffers(args);
 	};
-	handleConsoleInjectScriptMonitor = (args) => this.console_.handleConsoleInjectScriptMonitor(args);
-	handleConsoleInjectXhrInterceptor = (args) => this.console_.handleConsoleInjectXhrInterceptor(args);
-	handleConsoleInjectFetchInterceptor = (args) => this.console_.handleConsoleInjectFetchInterceptor(args);
-	handleConsoleClearInjectedBuffers = (args) => this.console_.handleConsoleClearInjectedBuffers(args);
-	handleConsoleResetInjectedInterceptors = (args) => this.console_.handleConsoleResetInjectedInterceptors(args);
-	handleConsoleInjectFunctionTracer = (args) => this.console_.handleConsoleInjectFunctionTracer(args);
+	handleConsoleInjectScriptMonitor = (args) => this.consoleHandlers.handleConsoleInjectScriptMonitor(args);
+	handleConsoleInjectXhrInterceptor = (args) => this.consoleHandlers.handleConsoleInjectXhrInterceptor(args);
+	handleConsoleInjectFetchInterceptor = (args) => this.consoleHandlers.handleConsoleInjectFetchInterceptor(args);
+	handleConsoleClearInjectedBuffers = (args) => this.consoleHandlers.handleConsoleClearInjectedBuffers(args);
+	handleConsoleResetInjectedInterceptors = (args) => this.consoleHandlers.handleConsoleResetInjectedInterceptors(args);
+	handleConsoleInjectFunctionTracer = (args) => this.consoleHandlers.handleConsoleInjectFunctionTracer(args);
 	handleNetworkExtractAuth = (args) => this.replay.handleNetworkExtractAuth(args);
 	handleNetworkExportHar = (args) => this.replay.handleNetworkExportHar(args);
 	handleNetworkReplayRequest = (args) => this.replay.handleNetworkReplayRequest(args);
@@ -3341,6 +3845,8 @@ var AdvancedToolHandlers = class {
 	handleHttp2Probe = (args) => this.raw.handleHttp2Probe(args);
 	handleHttp2FrameBuild = (args) => this.raw.handleHttp2FrameBuild(args);
 	handleNetworkRttMeasure = (args) => this.raw.handleNetworkRttMeasure(args);
+	handleNetworkTlsFingerprint = (args) => this.tlsBot.handleNetworkTlsFingerprint(args);
+	handleNetworkBotDetectAnalyze = (args) => this.tlsBot.handleNetworkBotDetectAnalyze(args);
 };
 //#endregion
 export { AdvancedToolHandlers };