@jshookmcp/jshook 0.2.9 → 0.3.0

package/dist/analysis-BHeJW2Nb.mjs

@@ -0,0 +1,1234 @@
+import { t as logger } from "./logger-Dh_xb7_2.mjs";
+import { d as ANALYSIS_MAX_SAFE_RESPONSE_BYTES, f as ANALYSIS_MAX_SUMMARY_FILES, u as ANALYSIS_MAX_SAFE_COLLECTED_BYTES } from "./constants-CDZLOoVv.mjs";
+import { a as serializeError, n as asJsonResponse, r as asTextResponse, t as asErrorResponse } from "./response-CWhh2aLo.mjs";
+import { a as argString, i as argObject, n as argEnum, r as argNumber, s as argStringRequired, t as argBool } from "./parse-args-B4cY5Vx5.mjs";
+import { s as evaluateWithTimeout } from "./PageController-BPJNqqBN.mjs";
+import "./definitions-CDOg_b-l.mjs";
+import { n as JSVMPDeobfuscator, t as runWebcrack } from "./webcrack-Be0_FccV.mjs";
+import * as parser from "@babel/parser";
+import traverse from "@babel/traverse";
+import * as t from "@babel/types";
+//#region src/server/domains/analysis/handlers/ast-safe-replace.ts
+const REGEX_OPENER_PREV = new Set([
+	"=",
+	"(",
+	"[",
+	",",
+	";",
+	"{",
+	"!",
+	"&",
+	"|",
+	"?",
+	":",
+	"~",
+	"^",
+	"+",
+	"-",
+	"*",
+	"%",
+	"<",
+	">",
+	"\n"
+]);
+function cloneRegex(pattern) {
+	return new RegExp(pattern.source, pattern.flags);
+}
+function mergeProtectedRanges(ranges) {
+	if (ranges.length === 0) return [];
+	const merged = [];
+	const sorted = ranges.toSorted((a, b) => a.start - b.start || a.end - b.end);
+	for (const range of sorted) {
+		const last = merged[merged.length - 1];
+		if (!last || range.start > last.end) {
+			merged.push({ ...range });
+			continue;
+		}
+		last.end = Math.max(last.end, range.end);
+	}
+	return merged;
+}
+function collectProtectedRangesWithAst(code) {
+	try {
+		const ast = parser.parse(code, {
+			sourceType: "unambiguous",
+			plugins: ["jsx", "typescript"],
+			errorRecovery: true
+		});
+		const ranges = [];
+		const pushRange = (start, end) => {
+			if (typeof start === "number" && typeof end === "number" && end > start) ranges.push({
+				start,
+				end
+			});
+		};
+		const comments = Array.isArray(ast.comments) ? ast.comments : [];
+		for (const comment of comments) pushRange(comment.start, comment.end);
+		traverse(ast, {
+			StringLiteral(path) {
+				pushRange(path.node.start, path.node.end);
+				path.skip();
+			},
+			TemplateElement(path) {
+				pushRange(path.node.start, path.node.end);
+				path.skip();
+			},
+			RegExpLiteral(path) {
+				pushRange(path.node.start, path.node.end);
+				path.skip();
+			}
+		});
+		return mergeProtectedRanges(ranges);
+	} catch {
+		return null;
+	}
+}
+function getReplaceCallbackOffset(args) {
+	const maybeOffset = args[args.length - 2];
+	if (typeof maybeOffset === "number") return maybeOffset;
+	const fallbackOffset = args[args.length - 3];
+	return typeof fallbackOffset === "number" ? fallbackOffset : null;
+}
+function isRegexOpener(code, pos) {
+	let prevIndex = pos - 1;
+	while (prevIndex >= 0 && (code[prevIndex] === " " || code[prevIndex] === "	" || code[prevIndex] === "\r")) prevIndex--;
+	if (prevIndex < 0) return true;
+	const prev = code[prevIndex];
+	if (REGEX_OPENER_PREV.has(prev)) return true;
+	if (prev !== ")") return false;
+	let depth = 1;
+	let keywordIndex = prevIndex - 1;
+	while (keywordIndex >= 0 && depth > 0) {
+		if (code[keywordIndex] === ")") depth++;
+		if (code[keywordIndex] === "(") depth--;
+		keywordIndex--;
+	}
+	keywordIndex--;
+	while (keywordIndex >= 0 && (code[keywordIndex] === " " || code[keywordIndex] === "	")) keywordIndex--;
+	let keyword = "";
+	while (keywordIndex >= 0 && /[a-z]/.test(code[keywordIndex])) {
+		keyword = code[keywordIndex] + keyword;
+		keywordIndex--;
+	}
+	return [
+		"if",
+		"while",
+		"for",
+		"switch",
+		"return",
+		"typeof",
+		"void",
+		"in",
+		"of",
+		"case"
+	].includes(keyword);
+}
+function insideStringLiteralOrComment(code, offset) {
+	let inStr = null;
+	let inBlockComment = false;
+	let inLineComment = false;
+	let inRegex = false;
+	for (let index = 0; index < offset; index++) {
+		const char = code[index];
+		if (inBlockComment) {
+			if (char === "*" && code[index + 1] === "/") {
+				inBlockComment = false;
+				index++;
+			}
+			continue;
+		}
+		if (inLineComment) {
+			if (char === "\n") inLineComment = false;
+			continue;
+		}
+		if (inRegex) {
+			if (char === "\\") {
+				index++;
+				continue;
+			}
+			if (char === "/") {
+				inRegex = false;
+				index++;
+				while (index < offset && /[gimsuy]/.test(code[index])) index++;
+				continue;
+			}
+			if (char === "[") {
+				index++;
+				while (index < offset && code[index] !== "]") {
+					if (code[index] === "\\") index++;
+					index++;
+				}
+				continue;
+			}
+			continue;
+		}
+		if (inStr) {
+			if (char === "\\") {
+				index++;
+				continue;
+			}
+			if (char === inStr) inStr = null;
+			continue;
+		}
+		if (char === "/" && code[index + 1] === "/") {
+			inLineComment = true;
+			index++;
+			continue;
+		}
+		if (char === "/" && code[index + 1] === "*") {
+			inBlockComment = true;
+			index++;
+			continue;
+		}
+		if (char === "/" && isRegexOpener(code, index)) {
+			inRegex = true;
+			continue;
+		}
+		if (char === "'" || char === "\"" || char === "`") inStr = char;
+	}
+	return inStr !== null || inBlockComment || inLineComment || inRegex;
+}
+function replaceOutsideProtectedRanges(code, pattern, replacement) {
+	const applyReplacement = (input) => typeof replacement === "string" ? input.replace(cloneRegex(pattern), replacement) : input.replace(cloneRegex(pattern), replacement);
+	const protectedRanges = collectProtectedRangesWithAst(code);
+	if (protectedRanges === null) return code.replace(cloneRegex(pattern), (...args) => {
+		const fullMatch = typeof args[0] === "string" ? args[0] : "";
+		const offset = getReplaceCallbackOffset(args);
+		if (offset !== null && insideStringLiteralOrComment(code, offset)) return fullMatch;
+		return typeof replacement === "string" ? replacement : replacement(fullMatch, ...args.slice(1));
+	});
+	if (protectedRanges.length === 0) return applyReplacement(code);
+	let rewritten = "";
+	let cursor = 0;
+	for (const range of protectedRanges) {
+		if (cursor < range.start) rewritten += applyReplacement(code.slice(cursor, range.start));
+		rewritten += code.slice(range.start, range.end);
+		cursor = range.end;
+	}
+	if (cursor < code.length) rewritten += applyReplacement(code.slice(cursor));
+	return rewritten;
+}
+//#endregion
+//#region src/server/domains/analysis/handlers/inline-deobfuscation.ts
+const NUMERIC_BINARY_EXPR = /\b(-?\d+(?:\.\d+)?)\s*([+\-%*/])\s*(-?\d+(?:\.\d+)?)\b/g;
+const DEAD_CODE_IF_FALSE = /if\s*\(\s*false\s*\)\s*\{[^}]*\}\s*/g;
+const DEAD_CODE_IF_FALSE_WITH_ELSE = /if\s*\(\s*false\s*\)\s*\{[^}]*\}\s*else\s*\{([^}]*)\}/g;
+const DEAD_CODE_IF_TRUE = /if\s*\(\s*true\s*\)\s*\{([^}]*)\}\s*(?:else\s*\{[^}]*\}\s*)?/g;
+const CFF_PATTERN = /var\s+([A-Za-z_$]\w*)\s*=\s*['"]([^'"]+)['"]\.split\(['"]\|['"]\)\s*;\s*var\s+(\w+)\s*=\s*0\s*;\s*while\s*\(\s*!!\[\]\s*\)\s*\{\s*switch\s*\(\s*\1\[\s*\3\+\+\s*\]\s*\)\s*\{([\s\S]*?)\}\s*break;\s*\}/g;
+const CFF_PATTERN_VAR2 = /var\s+([A-Za-z_$]\w*)\s*=\s*\[(['"][^'"]*['"]\s*(?:,\s*['"][^'"]*['"]\s*)*)\];\s*var\s+(\w+)\s*=\s*(\d+);\s*while\s*\(\s*!!\[\]\s*\)\s*\{\s*switch\s*\(\s*\1\[\s*\3\+\+\]\s*\)\s*\{([\s\S]*?)\}\s*break;\s*\}/g;
+const STRING_CONCAT = /['"]([^'"]*)['"]\s*\+\s*['"]([^'"]*)['"]/g;
+function findNonWhitespace(input, start, step) {
+	for (let index = start; index >= 0 && index < input.length; index += step) {
+		const char = input[index];
+		if (char && !/\s/.test(char)) return char;
+	}
+	return "";
+}
+function applyTextReplacements(code, replacements) {
+	const sorted = replacements.toSorted((a, b) => b.start - a.start || b.end - a.end);
+	let next = code;
+	for (const replacement of sorted) next = `${next.slice(0, replacement.start)}${replacement.text}${next.slice(replacement.end)}`;
+	return next;
+}
+function getBindingReplacement(path, renameMap) {
+	const replacement = renameMap.get(path.node.name);
+	if (!replacement) return null;
+	const binding = path.scope.getBinding(path.node.name);
+	if (!binding || !t.isVariableDeclarator(binding.path.node) || !t.isIdentifier(binding.path.node.id) || !renameMap.has(binding.path.node.id.name)) return null;
+	const isBindingId = binding.identifier === path.node;
+	const isReference = path.isReferencedIdentifier();
+	const isAssignmentTarget = path.key === "left" && path.parentPath.isAssignmentExpression();
+	const isForLoopTarget = path.key === "left" && (path.parentPath.isForInStatement() || path.parentPath.isForOfStatement());
+	const isUpdateTarget = path.key === "argument" && path.parentPath.isUpdateExpression();
+	if (!isBindingId && !isReference && !isAssignmentTarget && !isForLoopTarget && !isUpdateTarget) return null;
+	return replacement;
+}
+function applyRenameVarsWithAst(code, renameMap) {
+	try {
+		const ast = parser.parse(code, {
+			sourceType: "unambiguous",
+			plugins: ["jsx", "typescript"],
+			errorRecovery: true
+		});
+		const replacements = /* @__PURE__ */ new Map();
+		traverse(ast, {
+			ObjectProperty(path) {
+				if (!path.node.shorthand || !t.isIdentifier(path.node.key) || !t.isIdentifier(path.node.value)) return;
+				const valuePath = path.get("value");
+				if (!valuePath.isIdentifier()) return;
+				const replacement = getBindingReplacement(valuePath, renameMap);
+				const { start, end } = path.node;
+				if (!replacement || start === null || start === void 0) return;
+				if (end === null || end === void 0) return;
+				replacements.set(`${start}:${end}`, {
+					start,
+					end,
+					text: `${path.node.key.name}: ${replacement}`
+				});
+				path.skip();
+			},
+			Identifier(path) {
+				const replacement = getBindingReplacement(path, renameMap);
+				const { start, end } = path.node;
+				if (!replacement || start === null || start === void 0) return;
+				if (end === null || end === void 0) return;
+				replacements.set(`${start}:${end}`, {
+					start,
+					end,
+					text: replacement
+				});
+			}
+		});
+		if (replacements.size === 0) return code;
+		return applyTextReplacements(code, [...replacements.values()]);
+	} catch {
+		return null;
+	}
+}
+function applyConstantFold(code) {
+	let result = code;
+	result = replaceOutsideProtectedRanges(result, NUMERIC_BINARY_EXPR, (_full, leftRaw, op, rightRaw) => {
+		const left = Number(leftRaw);
+		const right = Number(rightRaw);
+		if (!Number.isFinite(left) || !Number.isFinite(right)) return _full;
+		let value = null;
+		if (op === "+") value = left + right;
+		else if (op === "-") value = left - right;
+		else if (op === "*") value = left * right;
+		else if (op === "/" && right !== 0) value = left / right;
+		else if (op === "%" && right !== 0) value = left % right;
+		if (value === null || !Number.isFinite(value)) return _full;
+		return Number.isInteger(value) ? String(value) : String(Number(value.toFixed(12)));
+	});
+	result = replaceOutsideProtectedRanges(result, STRING_CONCAT, (_full, left, right) => JSON.stringify(`${left}${right}`));
+	result = replaceOutsideProtectedRanges(result, /--(\d)/g, (_full, digit) => digit);
+	result = replaceOutsideProtectedRanges(result, /\+\s*(\d+(?:\.\d+)?)/g, (_full, num) => num);
+	result = replaceOutsideProtectedRanges(result, /\b0x([0-9a-fA-F]{2,8})\b/g, (_full, hex) => {
+		const value = Number.parseInt(hex, 16);
+		return Number.isFinite(value) ? String(value) : _full;
+	});
+	return result;
+}
+function applyDeadCodeRemove(code) {
+	let result = code;
+	result = replaceOutsideProtectedRanges(result, DEAD_CODE_IF_FALSE_WITH_ELSE, (_full, elseBody) => elseBody);
+	result = replaceOutsideProtectedRanges(result, DEAD_CODE_IF_FALSE, "");
+	result = replaceOutsideProtectedRanges(result, DEAD_CODE_IF_TRUE, (_full, trueBody) => trueBody);
+	result = replaceOutsideProtectedRanges(result, /\btrue\s*\?\s*([^:]+)\s*:\s*([^,;)\]}]+)/g, (_full, ifVal) => ifVal);
+	result = replaceOutsideProtectedRanges(result, /\bfalse\s*\?\s*[^:]+\s*:\s*([^,;)}\]]+)/g, (_full, elseVal) => elseVal);
+	result = replaceOutsideProtectedRanges(result, /if\s*\([^)]*\)\s*\{\s*\}\s*/g, "");
+	return result;
+}
+function applyControlFlowFlatten(code) {
+	let result = code;
+	result = replaceOutsideProtectedRanges(result, CFF_PATTERN, (_full, _dispatcher, orderRaw, _cursor, switchBody) => {
+		const caseRegex = /case\s*['"]([^'"]+)['"]\s*:\s*([\s\S]*?)(?=case\s*['"]|default\s*:|$)/g;
+		const caseMap = /* @__PURE__ */ new Map();
+		let match;
+		while ((match = caseRegex.exec(switchBody)) !== null) {
+			const key = match[1];
+			const body = (match[2] ?? "").replace(/\bcontinue\s*;?/g, "").replace(/\bbreak\s*;?/g, "").trim();
+			if (key && body.length > 0) caseMap.set(key, body);
+		}
+		const rebuilt = orderRaw.split("|").map((value) => value.trim()).map((token) => caseMap.get(token)).filter((value) => !!value).join("\n");
+		return rebuilt.length > 0 ? rebuilt : _full;
+	});
+	result = replaceOutsideProtectedRanges(result, CFF_PATTERN_VAR2, (_full, _dispatcher, arrContent, _cursor, _startIdx, switchBody) => {
+		const caseRegex = /case\s*['"]([^'"]+)['"]\s*:\s*([\s\S]*?)(?=case\s*['"]|default\s*:|$)/g;
+		const caseMap = /* @__PURE__ */ new Map();
+		let match;
+		while ((match = caseRegex.exec(switchBody)) !== null) {
+			const key = match[1];
+			const body = (match[2] ?? "").replace(/\bcontinue\s*;?/g, "").replace(/\bbreak\s*;?/g, "").trim();
+			if (key && body.length > 0) caseMap.set(key, body);
+		}
+		const rebuilt = arrContent.split(/,\s*/).map((value) => value.replace(/^['"]|['"]$/g, "").trim()).map((token) => caseMap.get(token)).filter((value) => !!value).join("\n");
+		return rebuilt.length > 0 ? rebuilt : _full;
+	});
+	return result;
+}
+function applyRenameVars(code) {
+	const declared = /* @__PURE__ */ new Set();
+	const re = /\b(?:var|let|const)\s+([A-Za-z_$]\w{0,3})\b/g;
+	let match;
+	while ((match = re.exec(code)) !== null) {
+		const name = match[1];
+		if (name && (name.length <= 2 || name.startsWith("_0x") || name.startsWith("_"))) declared.add(name);
+	}
+	if (declared.size === 0) return {
+		code,
+		count: 0
+	};
+	const renameMap = /* @__PURE__ */ new Map();
+	let counter = 1;
+	for (const name of declared) {
+		renameMap.set(name, `var_${counter}`);
+		counter++;
+	}
+	const astRenamed = applyRenameVarsWithAst(code, renameMap);
+	if (astRenamed !== null) return {
+		code: astRenamed,
+		count: astRenamed === code ? 0 : renameMap.size
+	};
+	const newCode = code.replace(new RegExp(`\\b(${[...declared].map((name) => name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")).join("|")})\\b`, "g"), (token, id, offset, full) => {
+		const replacement = renameMap.get(id);
+		if (!replacement) return token;
+		const prev = offset > 0 ? full[offset - 1] : "";
+		const prevNonWhitespace = findNonWhitespace(full, offset - 1, -1);
+		const nextNonWhitespace = findNonWhitespace(full, offset + token.length, 1);
+		if (prev === "." || prev === "'" || prev === "\"" || prev === "`" || prev === "$") return token;
+		if ((prevNonWhitespace === "{" || prevNonWhitespace === ",") && (nextNonWhitespace === ":" || nextNonWhitespace === "(")) return token;
+		return replacement;
+	});
+	return {
+		code: newCode,
+		count: newCode === code ? 0 : renameMap.size
+	};
+}
+//#endregion
+//#region src/server/domains/analysis/handlers/solve-constraints.ts
+const NUMERIC_COMPARATORS = {
+	"<": (left, right) => left < right,
+	">": (left, right) => left > right,
+	"<=": (left, right) => left <= right,
+	"<==": (left, right) => left <= right,
+	">=": (left, right) => left >= right,
+	">==": (left, right) => left >= right,
+	"==": (left, right) => left === right,
+	"===": (left, right) => left === right,
+	"!=": (left, right) => left !== right,
+	"!==": (left, right) => left !== right
+};
+const JS_FUCK_RULES = [
+	{
+		pattern: "jsfuck",
+		regex: /\[!\[\]\]\[\(['"]\)constructor['"]\)\]\(!!\[\]\+\[\]\)\(\)/g,
+		replacement: "\"function Boolean() { [native code] }\""
+	},
+	{
+		pattern: "jsfuck",
+		regex: /!!\[\]\+\[\]/g,
+		replacement: "\"true\""
+	},
+	{
+		pattern: "jsfuck",
+		regex: /!\[\]\+\[\]/g,
+		replacement: "\"false\""
+	},
+	{
+		pattern: "jsfuck",
+		regex: /\+!!\[\]/g,
+		replacement: "1"
+	},
+	{
+		pattern: "jsfuck",
+		regex: /\[\]\+\[\]/g,
+		replacement: "\"\""
+	},
+	{
+		pattern: "jsfuck",
+		regex: /\+\[\]/g,
+		replacement: "0"
+	}
+];
+const BOOLEAN_LITERAL_RULES = [
+	{
+		pattern: "boolean-literal",
+		regex: /!!\[\]/g,
+		replacement: "true"
+	},
+	{
+		pattern: "boolean-literal",
+		regex: /!\[\]/g,
+		replacement: "false"
+	},
+	{
+		pattern: "undefined-literal",
+		regex: /void\s+0/g,
+		replacement: "undefined"
+	}
+];
+const OPAQUE_TRUTHY_RULE = {
+	pattern: "opaque-truthy",
+	regex: /!0x0\b|!\b0(?![.\d])/g,
+	replacement: "true"
+};
+const TYPE_COERCION_RULES = [
+	{
+		pattern: "type-coercion",
+		regex: /typeof\s+undefined\s*===?\s*["']undefined["']/g,
+		replacement: "true"
+	},
+	{
+		pattern: "type-coercion",
+		regex: /typeof\s+null\s*===?\s*["']object["']/g,
+		replacement: "true"
+	},
+	{
+		pattern: "type-coercion",
+		regex: /typeof\s+NaN\s*===?\s*["']number["']/g,
+		replacement: "true"
+	},
+	{
+		pattern: "type-coercion",
+		regex: /null\s*==\s*undefined/g,
+		replacement: "true"
+	},
+	{
+		pattern: "type-coercion",
+		regex: /null\s*===\s*undefined/g,
+		replacement: "false"
+	},
+	{
+		pattern: "type-coercion",
+		regex: /NaN\s*===?\s*NaN/g,
+		replacement: "false"
+	}
+];
+const CONSTANT_COMPARISON_PATTERN = /if\s*\(\s*(-?\d+(?:\.\d+)?)\s*([<>!=]+)\s*(-?\d+(?:\.\d+)?)\s*\)/g;
+const OPAQUE_FALSY_PATTERN = /!\s*(-?\d+(?:\.\d+)?)(?![.\d\s\w])/g;
+const STRING_ARRAY_DECLARATION_PATTERN = /(?:var|let|const)\s+(\w+)\s*=\s*\[(['"][^'"]*['"]\s*(?:,\s*['"][^'"]*['"]\s*)*)\]/g;
+function recordSolve(state, pattern, original, result) {
+	state.solved.push({
+		pattern,
+		original,
+		result
+	});
+	return result;
+}
+function applyStaticRules(state, rules) {
+	for (const rule of rules) state.output = replaceOutsideProtectedRanges(state.output, rule.regex, (fullMatch) => recordSolve(state, rule.pattern, fullMatch, rule.replacement));
+}
+function applyConstantComparisons(state) {
+	state.output = replaceOutsideProtectedRanges(state.output, CONSTANT_COMPARISON_PATTERN, (fullMatch, leftRaw, operator, rightRaw) => {
+		if (state.iterations >= state.maxIterations) return fullMatch;
+		const compare = NUMERIC_COMPARATORS[operator];
+		if (!compare) return fullMatch;
+		state.iterations += 1;
+		const result = compare(Number(leftRaw), Number(rightRaw));
+		recordSolve(state, "constant-comparison", fullMatch, String(result));
+		return state.replaceInPlace ? `/* ${fullMatch} => ${result} */ if (${result})` : `if (${result})`;
+	});
+}
+function applyOpaqueFalsyRules(state) {
+	state.output = replaceOutsideProtectedRanges(state.output, OPAQUE_FALSY_PATTERN, (fullMatch, numericRaw) => {
+		const numericValue = Number(numericRaw);
+		if (numericValue === 0 || !Number.isFinite(numericValue)) return fullMatch;
+		return recordSolve(state, "opaque-falsy", fullMatch, "false");
+	});
+}
+function escapeRegExp(value) {
+	return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+function collectStringArrays(output) {
+	const stringArrays = /* @__PURE__ */ new Map();
+	replaceOutsideProtectedRanges(output, STRING_ARRAY_DECLARATION_PATTERN, (fullMatch, name, arrayContent) => {
+		const items = arrayContent.split(/,\s*/).map((item) => item.replace(/^['"]|['"]$/g, ""));
+		stringArrays.set(name, items);
+		return fullMatch;
+	});
+	return stringArrays;
+}
+function applyStringArrayAccesses(state) {
+	const stringArrays = collectStringArrays(state.output);
+	if (stringArrays.size === 0) return;
+	for (const [name, items] of stringArrays) {
+		const accessPattern = new RegExp(`${escapeRegExp(name)}\\(['"]?(0x[0-9a-fA-F]+|\\d+)['"]?\\)`, "g");
+		state.output = replaceOutsideProtectedRanges(state.output, accessPattern, (fullMatch, rawIndex) => {
+			if (state.iterations >= state.maxIterations) return fullMatch;
+			const index = rawIndex.startsWith("0x") ? Number.parseInt(rawIndex, 16) : Number(rawIndex);
+			if (index < 0 || index >= items.length) return fullMatch;
+			state.iterations += 1;
+			return recordSolve(state, "string-array-access", fullMatch, JSON.stringify(items[index]));
+		});
+	}
+}
+function solveConstraints(options) {
+	const state = {
+		output: options.code,
+		solved: [],
+		replaceInPlace: options.replaceInPlace,
+		maxIterations: options.maxIterations,
+		iterations: 0
+	};
+	applyConstantComparisons(state);
+	applyStaticRules(state, JS_FUCK_RULES);
+	applyStaticRules(state, BOOLEAN_LITERAL_RULES);
+	applyStaticRules(state, [OPAQUE_TRUTHY_RULE]);
+	applyOpaqueFalsyRules(state);
+	applyStringArrayAccesses(state);
+	applyStaticRules(state, TYPE_COERCION_RULES);
+	return {
+		success: true,
+		solvedCount: state.solved.length,
+		solved: state.solved,
+		transformedCode: options.replaceInPlace ? state.output : void 0
+	};
+}
+//#endregion
+//#region src/server/domains/analysis/handlers/vm-analysis.ts
+const VM_DISPATCH_PATTERNS = [
+	{
+		type: "for-switch",
+		test: /for.*switch/s
+	},
+	{
+		type: "while-switch",
+		test: /while.*switch/s
+	},
+	{
+		type: "if-else-chain",
+		test: /if\s*\(\s*\w+\s*===?\s*\w+/
+	}
+];
+function detectVmDispatchType(code) {
+	for (const pattern of VM_DISPATCH_PATTERNS) if (pattern.test.test(code)) return pattern.type;
+	return "switch";
+}
+function buildOpcodeDistribution(instructions) {
+	const distribution = /* @__PURE__ */ new Map();
+	for (const instruction of instructions) {
+		const type = instruction.type || "unknown";
+		distribution.set(type, (distribution.get(type) || 0) + 1);
+	}
+	return Object.fromEntries(distribution);
+}
+function buildVmAnalysisResponse(options) {
+	const { code, extractBytecode, mapOpcodes, vmResult } = options;
+	if (!vmResult.isJSVMP) return {
+		success: true,
+		isVM: false,
+		message: "No VM/JSVMP patterns detected."
+	};
+	const analysis = {
+		isVM: true,
+		vmType: vmResult.vmType,
+		dispatchType: detectVmDispatchType(code),
+		complexity: vmResult.vmFeatures?.complexity,
+		instructionCount: vmResult.vmFeatures?.instructionCount,
+		interpreterLocation: vmResult.vmFeatures?.interpreterLocation
+	};
+	if (extractBytecode && vmResult.instructions) analysis.bytecode = vmResult.instructions;
+	if (mapOpcodes && vmResult.instructions) {
+		analysis.opcodeDistribution = buildOpcodeDistribution(vmResult.instructions);
+		analysis.suggestedStrategy = vmResult.vmFeatures?.complexity === "high" ? "Use symbolic execution (js_deobfuscate_jsvmp with aggressive=true) for high-complexity VMs" : "Use standard deobfuscation pipeline (js_deobfuscate_pipeline)";
+	}
+	return {
+		success: true,
+		analysis
+	};
+}
+//#endregion
+//#region src/server/domains/analysis/handlers.web-tools.ts
+const MAX_WEBPACK_MODULES = 100;
+async function runWebpackEnumerate(collector, args) {
+	const searchKeyword = argString(args, "searchKeyword", "");
+	const forceRequireAll = argBool(args, "forceRequireAll", !!searchKeyword);
+	const maxResults = Math.min(argNumber(args, "maxResults", 20), MAX_WEBPACK_MODULES);
+	try {
+		const result = await evaluateWithTimeout(await collector.getActivePage(), async (opts) => {
+			const w = window;
+			let requireFn = null;
+			if (typeof w["__webpack_require__"] === "function") requireFn = w["__webpack_require__"];
+			const chunkKeys = Object.keys(w).filter((k) => k.startsWith("webpackChunk") || k.startsWith("webpackJsonp"));
+			const moduleIdSet = /* @__PURE__ */ new Set();
+			for (const key of chunkKeys) {
+				const arr = w[key];
+				if (!Array.isArray(arr)) continue;
+				const arrWithM = arr;
+				if (arrWithM.m && typeof arrWithM.m === "object") for (const id of Object.keys(arrWithM.m)) moduleIdSet.add(id);
+				for (const chunk of arr) if (Array.isArray(chunk) && chunk[1] && typeof chunk[1] === "object") for (const id of Object.keys(chunk[1])) moduleIdSet.add(id);
+			}
+			if (typeof w["__webpack_modules__"] === "object" && w["__webpack_modules__"]) for (const id of Object.keys(w["__webpack_modules__"])) moduleIdSet.add(id);
+			if (!requireFn) for (const key of chunkKeys) {
+				const arr = w[key];
+				if (arr?.m && typeof arr.m === "object") {
+					const mods = arr.m;
+					requireFn = (id) => {
+						try {
+							const fn = mods[id];
+							return typeof fn === "function" ? fn() : fn;
+						} catch {
+							return;
+						}
+					};
+					break;
+				}
+			}
+			const allIds = Array.from(moduleIdSet);
+			if (!opts.forceRequireAll || !requireFn) return {
+				total: allIds.length,
+				requireFound: !!requireFn,
+				chunkKeys,
+				moduleIds: allIds.slice(0, 200),
+				matches: []
+			};
+			const fn = requireFn;
+			const matches = [];
+			for (const id of allIds) {
+				if (matches.length >= opts.maxResults) break;
+				try {
+					const mod = fn(id);
+					if (mod === void 0 || mod === null) continue;
+					let str;
+					try {
+						str = JSON.stringify(mod);
+					} catch {
+						str = String(mod);
+					}
+					if (!opts.searchKeyword || str.toLowerCase().includes(opts.searchKeyword.toLowerCase())) matches.push({
+						id,
+						preview: str.slice(0, 600)
+					});
+				} catch {}
+			}
+			return {
+				total: allIds.length,
+				requireFound: true,
+				chunkKeys,
+				moduleIds: allIds.slice(0, 200),
+				matches
+			};
+		}, {
+			searchKeyword,
+			forceRequireAll,
+			maxResults
+		});
+		logger.info(`webpack_enumerate: found ${result.total} modules, ${result.matches.length} matches`);
+		return asJsonResponse(result);
+	} catch (error) {
+		return asErrorResponse(error);
+	}
+}
+//#endregion
+//#region src/server/domains/analysis/handlers.impl.ts
+const SMART_MODES = new Set([
+	"summary",
+	"priority",
+	"incremental",
+	"full"
+]);
+const FOCUS_MODES = new Set([
+	"structure",
+	"business",
+	"security",
+	"all"
+]);
+const HOOK_TYPES = new Set([
+	"function",
+	"xhr",
+	"fetch",
+	"websocket",
+	"localstorage",
+	"cookie"
+]);
+const HOOK_ACTIONS = new Set([
+	"log",
+	"block",
+	"modify"
+]);
+var CoreAnalysisHandlers = class {
+	collector;
+	scriptManager;
+	deobfuscator;
+	advancedDeobfuscator;
+	obfuscationDetector;
+	analyzer;
+	cryptoDetector;
+	hookManager;
+	jsvmpDeobfuscator;
+	constructor(deps) {
+		this.collector = deps.collector;
+		this.scriptManager = deps.scriptManager;
+		this.deobfuscator = deps.deobfuscator;
+		this.advancedDeobfuscator = deps.advancedDeobfuscator;
+		this.obfuscationDetector = deps.obfuscationDetector;
+		this.analyzer = deps.analyzer;
+		this.cryptoDetector = deps.cryptoDetector;
+		this.hookManager = deps.hookManager;
+		this.jsvmpDeobfuscator = new JSVMPDeobfuscator();
+	}
+	requireCodeArg(args, toolName) {
+		const code = args.code;
+		if (typeof code !== "string" || code.trim().length === 0) {
+			logger.warn(`${toolName} called without valid code argument`);
+			return null;
+		}
+		return code;
+	}
+	extractWebcrackArgs(args) {
+		const extracted = {};
+		const unpack = argBool(args, "unpack");
+		const unminify = argBool(args, "unminify");
+		const jsx = argBool(args, "jsx");
+		const mangle = argBool(args, "mangle");
+		const forceOutput = argBool(args, "forceOutput");
+		const includeModuleCode = argBool(args, "includeModuleCode");
+		const outputDir = argString(args, "outputDir");
+		const maxBundleModules = argNumber(args, "maxBundleModules");
+		if (unpack !== void 0) extracted.unpack = unpack;
+		if (unminify !== void 0) extracted.unminify = unminify;
+		if (jsx !== void 0) extracted.jsx = jsx;
+		if (mangle !== void 0) extracted.mangle = mangle;
+		if (forceOutput !== void 0) extracted.forceOutput = forceOutput;
+		if (includeModuleCode !== void 0) extracted.includeModuleCode = includeModuleCode;
+		if (outputDir?.trim()) extracted.outputDir = outputDir;
+		if (maxBundleModules !== void 0) extracted.maxBundleModules = maxBundleModules;
+		if (Array.isArray(args.mappings)) extracted.mappings = args.mappings.filter((item) => typeof item === "object" && item !== null && typeof item.path === "string" && typeof item.pattern === "string");
+		return extracted;
+	}
+	async handleCollectCode(args) {
+		const returnSummaryOnly = argBool(args, "returnSummaryOnly", false);
+		let smartMode = argEnum(args, "smartMode", SMART_MODES);
+		const maxSummaryFiles = ANALYSIS_MAX_SUMMARY_FILES;
+		const summarizeFiles = (files) => files.slice(0, maxSummaryFiles).map((file) => ({
+			url: file.url,
+			type: file.type,
+			size: file.size,
+			sizeKB: (file.size / 1024).toFixed(2),
+			truncated: file.metadata?.truncated || false,
+			preview: `${file.content.substring(0, 200)}...`
+		}));
+		const summarizeResult = (result) => {
+			const entries = (Array.isArray(result.summaries) && result.summaries.length > 0 ? result.summaries : summarizeFiles(result.files)).slice(0, maxSummaryFiles);
+			const filesCount = Array.isArray(result.summaries) ? result.summaries.length : result.files.length;
+			const totalSize = result.totalSize > 0 ? result.totalSize : Array.isArray(result.summaries) ? result.summaries.reduce((sum, entry) => sum + (typeof entry.size === "number" ? entry.size : 0), 0) : result.files.reduce((sum, file) => sum + file.size, 0);
+			return {
+				totalSize,
+				totalSizeKB: (totalSize / 1024).toFixed(2),
+				filesCount,
+				summarizedFiles: entries.length,
+				omittedFiles: Math.max(0, filesCount - entries.length),
+				collectTime: result.collectTime,
+				summary: entries
+			};
+		};
+		if (!smartMode) smartMode = returnSummaryOnly ? "summary" : "summary";
+		const result = await this.collector.collect({
+			url: argStringRequired(args, "url"),
+			includeInline: argBool(args, "includeInline"),
+			includeExternal: argBool(args, "includeExternal"),
+			includeDynamic: argBool(args, "includeDynamic"),
+			smartMode,
+			compress: argBool(args, "compress"),
+			maxTotalSize: argNumber(args, "maxTotalSize"),
+			maxFileSize: args.maxFileSize ? argNumber(args, "maxFileSize", 0) * 1024 : void 0,
+			priorities: args.priorities
+		});
+		if (returnSummaryOnly) return asJsonResponse({
+			mode: "summary",
+			...summarizeResult(result),
+			hint: "Use get_script_source for specific files."
+		});
+		const maxSafeCollectedSize = ANALYSIS_MAX_SAFE_COLLECTED_BYTES;
+		const maxSafeResponseSize = ANALYSIS_MAX_SAFE_RESPONSE_BYTES;
+		const estimatedResponseSize = Buffer.byteLength(JSON.stringify(result), "utf8");
+		if (result.totalSize > maxSafeCollectedSize || estimatedResponseSize > maxSafeResponseSize) {
+			logger.warn(`Collected code is too large (collected=${(result.totalSize / 1024).toFixed(2)}KB, response=${(estimatedResponseSize / 1024).toFixed(2)}KB), returning summary mode.`);
+			return asJsonResponse({
+				warning: "Code size exceeds safe response threshold; summary returned.",
+				...summarizeResult(result),
+				estimatedResponseSize,
+				estimatedResponseSizeKB: (estimatedResponseSize / 1024).toFixed(2),
+				recommendations: [
+					"Use get_script_source for targeted files.",
+					"Use more specific priority filters.",
+					"Use smartMode=summary for initial reconnaissance."
+				]
+			});
+		}
+		return asJsonResponse(result);
+	}
+	async handleSearchInScripts(args) {
+		await this.scriptManager.init();
+		const keyword = argString(args, "keyword");
+		if (!keyword) return asJsonResponse({
+			success: false,
+			error: "keyword is required"
+		});
+		const maxMatches = argNumber(args, "maxMatches", 100);
+		const returnSummary = argBool(args, "returnSummary", false);
+		const maxContextSize = argNumber(args, "maxContextSize", 5e4);
+		const result = await this.scriptManager.searchInScripts(keyword, {
+			isRegex: argBool(args, "isRegex"),
+			caseSensitive: argBool(args, "caseSensitive"),
+			contextLines: argNumber(args, "contextLines"),
+			maxMatches
+		});
+		const resultSize = JSON.stringify(result).length;
+		if (returnSummary || resultSize > maxContextSize) {
+			const matches = result.matches ?? [];
+			return asJsonResponse({
+				success: true,
+				keyword: args.keyword,
+				totalMatches: matches.length,
+				resultSize,
+				resultSizeKB: (resultSize / 1024).toFixed(2),
+				truncated: resultSize > maxContextSize,
+				reason: resultSize > maxContextSize ? `Result too large (${(resultSize / 1024).toFixed(2)}KB > ${(maxContextSize / 1024).toFixed(2)}KB)` : "Summary mode enabled",
+				matchesSummary: matches.slice(0, 10).map((match) => ({
+					scriptId: match.scriptId,
+					url: match.url,
+					line: match.line,
+					preview: `${(match.context ?? "").substring(0, 100)}...`
+				})),
+				recommendations: [
+					"Use more specific keywords.",
+					`Reduce maxMatches (current: ${maxMatches}).`,
+					"Use get_script_source for targeted file retrieval."
+				]
+			});
+		}
+		return asJsonResponse(result);
+	}
+	async handleExtractFunctionTree(args) {
+		const scriptId = argString(args, "scriptId");
+		const functionName = argString(args, "functionName");
+		if (!scriptId) return asJsonResponse({
+			success: false,
+			error: "scriptId is required",
+			hint: "Use get_all_scripts() to list available scripts and their scriptIds"
+		});
+		if (!functionName) return asJsonResponse({
+			success: false,
+			error: "functionName is required",
+			hint: "Specify the name of the function to extract"
+		});
+		await this.scriptManager.init();
+		const scripts = await this.scriptManager.getAllScripts();
+		if (!scripts.some((s) => String(s.scriptId) === String(scriptId))) {
+			const availableScripts = scripts.slice(0, 10).map((s) => ({
+				scriptId: s.scriptId,
+				url: s.url?.substring(0, 80)
+			}));
+			return asJsonResponse({
+				success: false,
+				error: `Script not found: ${scriptId}`,
+				hint: "The specified scriptId does not exist. Use get_all_scripts() to list available scripts.",
+				availableScripts: availableScripts.length > 0 ? availableScripts : "No scripts loaded. Navigate to a page first.",
+				totalScripts: scripts.length
+			});
+		}
+		try {
+			return asJsonResponse({
+				success: true,
+				...await this.scriptManager.extractFunctionTree(scriptId, functionName, {
+					maxDepth: argNumber(args, "maxDepth"),
+					maxSize: argNumber(args, "maxSize"),
+					includeComments: argBool(args, "includeComments")
+				})
+			});
+		} catch (error) {
+			return asJsonResponse({
+				success: false,
+				error: error instanceof Error ? error.message : String(error),
+				hint: "Make sure the function name exists in the specified script"
+			});
+		}
+	}
+	async handleDeobfuscate(args) {
+		const code = this.requireCodeArg(args, "deobfuscate");
+		if (!code) return asJsonResponse({
+			success: false,
+			error: "code is required and must be a non-empty string"
+		});
+		if (argEnum(args, "engine", new Set(["auto", "webcrack"]), "auto") === "webcrack") return asJsonResponse(await this.advancedDeobfuscator.deobfuscate({
+			code,
+			...this.extractWebcrackArgs(args),
+			...typeof args.detectOnly === "boolean" ? { detectOnly: args.detectOnly } : {},
+			...typeof args.aggressiveVM === "boolean" ? { aggressiveVM: args.aggressiveVM } : {},
+			...typeof args.useASTOptimization === "boolean" ? { useASTOptimization: args.useASTOptimization } : {},
+			...typeof args.timeout === "number" ? { timeout: args.timeout } : {}
+		}));
+		const result = await this.deobfuscator.deobfuscate({
+			code,
+			aggressive: argBool(args, "aggressive"),
+			...this.extractWebcrackArgs(args)
+		});
+		if (result && typeof result === "object" && "success" in result && result.success === false && !("error" in result)) return asJsonResponse({
+			...result,
+			error: result.reason || "deobfuscation failed"
+		});
+		return asJsonResponse(result);
+	}
+	async handleUnderstandCode(args) {
+		const code = this.requireCodeArg(args, "understand_code");
+		if (!code) return asJsonResponse({
+			success: false,
+			error: "code is required and must be a non-empty string"
+		});
+		return asJsonResponse(await this.analyzer.understand({
+			code,
+			context: argObject(args, "context"),
+			focus: argEnum(args, "focus", FOCUS_MODES, "all")
+		}));
+	}
+	async handleDetectCrypto(args) {
+		const code = this.requireCodeArg(args, "detect_crypto");
+		if (!code) return asJsonResponse({
+			success: false,
+			error: "code is required and must be a non-empty string"
+		});
+		return asJsonResponse(await this.cryptoDetector.detect({ code }));
+	}
+	async handleManageHooks(args) {
+		const action = argStringRequired(args, "action");
+		switch (action) {
+			case "create": return asJsonResponse(await this.hookManager.createHook({
+				target: argStringRequired(args, "target"),
+				type: argEnum(args, "type", HOOK_TYPES) ?? "function",
+				action: argEnum(args, "hookAction", HOOK_ACTIONS, "log"),
+				customCode: argString(args, "customCode")
+			}));
+			case "list": return asJsonResponse({ hooks: this.hookManager.getAllHooks() });
+			case "records": return asJsonResponse({ records: this.hookManager.getHookRecords(argStringRequired(args, "hookId")) });
+			case "clear":
+				this.hookManager.clearHookRecords(argString(args, "hookId"));
+				return asJsonResponse({
+					success: true,
+					message: "Hook records cleared"
+				});
+			default: return asJsonResponse({
+				success: false,
+				message: `Unknown hook action: ${action}. Valid actions: create, list, records, clear`
+			});
+		}
+	}
+	async handleDetectObfuscation(args) {
+		const code = this.requireCodeArg(args, "detect_obfuscation");
+		if (!code) return asJsonResponse({
+			success: false,
+			error: "code is required and must be a non-empty string"
+		});
+		const generateReport = argBool(args, "generateReport", true);
+		const result = this.obfuscationDetector.detect(code);
+		if (!generateReport) return asJsonResponse(result);
+		const report = this.obfuscationDetector.generateReport(result);
+		return asTextResponse(`${JSON.stringify(result, null, 2)}\n\n${report}`);
+	}
+	async handleWebcrackUnpack(args) {
+		const code = this.requireCodeArg(args, "webcrack_unpack");
+		if (!code) return asJsonResponse({
+			success: false,
+			error: "code is required and must be a non-empty string"
+		});
+		const result = await runWebcrack(code, {
+			unpack: argBool(args, "unpack", true),
+			unminify: argBool(args, "unminify", true),
+			jsx: argBool(args, "jsx", true),
+			mangle: argBool(args, "mangle", false),
+			...this.extractWebcrackArgs(args)
+		});
+		if (!result.applied) return asJsonResponse({
+			success: false,
+			error: result.reason || "webcrack execution failed",
+			optionsUsed: result.optionsUsed,
+			engine: "webcrack"
+		});
+		return asJsonResponse({
+			success: true,
+			code: result.code,
+			bundle: result.bundle,
+			savedTo: result.savedTo,
+			savedArtifacts: result.savedArtifacts,
+			optionsUsed: result.optionsUsed,
+			engine: "webcrack"
+		});
+	}
+	async handleWebpackEnumerate(args) {
+		return runWebpackEnumerate(this.collector, args);
+	}
+	async handleClearCollectedData() {
+		try {
+			await this.collector.clearAllData();
+			this.scriptManager.clear();
+			return asJsonResponse({
+				success: true,
+				message: "All collected data cleared.",
+				cleared: {
+					fileCache: true,
+					compressionCache: true,
+					collectedUrls: true,
+					scriptManager: true
+				}
+			});
+		} catch (error) {
+			logger.error("Failed to clear collected data:", error);
+			return asJsonResponse(serializeError(error));
+		}
+	}
+	async handleGetCollectionStats() {
+		try {
+			const stats = await this.collector.getAllStats();
+			return asJsonResponse({
+				success: true,
+				stats,
+				summary: {
+					totalCachedFiles: stats.cache.memoryEntries + stats.cache.diskEntries,
+					totalCacheSize: `${(stats.cache.totalSize / 1024).toFixed(2)} KB`,
+					compressionRatio: `${stats.compression.averageRatio.toFixed(1)}%`,
+					cacheHitRate: stats.compression.cacheHits > 0 ? `${(stats.compression.cacheHits / (stats.compression.cacheHits + stats.compression.cacheMisses) * 100).toFixed(1)}%` : "0%",
+					collectedUrls: stats.collector.collectedUrls
+				}
+			});
+		} catch (error) {
+			logger.error("Failed to get collection stats:", error);
+			return asJsonResponse(serializeError(error));
+		}
+	}
+	async handleJsDeobfuscateJsvmp(args) {
+		const code = this.requireCodeArg(args, "js_deobfuscate_jsvmp");
+		if (!code) return asJsonResponse({
+			success: false,
+			error: "code is required and must be a non-empty string"
+		});
+		const detectOnly = argBool(args, "detectOnly", false);
+		const result = await this.jsvmpDeobfuscator.deobfuscate({
+			code,
+			aggressive: argBool(args, "aggressive", false),
+			extractInstructions: argBool(args, "extractInstructions", true),
+			timeout: argNumber(args, "timeout", 3e4)
+		});
+		if (detectOnly) return asJsonResponse({
+			success: true,
+			isJSVMP: result.isJSVMP,
+			vmType: result.vmType,
+			vmFeatures: result.vmFeatures,
+			confidence: result.confidence,
+			instructionCount: result.instructions?.length
+		});
+		return asJsonResponse({
+			success: result.isJSVMP,
+			isJSVMP: result.isJSVMP,
+			vmType: result.vmType,
+			vmFeatures: result.vmFeatures,
+			instructions: result.instructions,
+			deobfuscatedCode: result.deobfuscatedCode,
+			confidence: result.confidence,
+			warnings: result.warnings,
+			unresolvedParts: result.unresolvedParts,
+			stats: result.stats
+		});
+	}
+	async handleJsDeobfuscatePipeline(args) {
+		const code = this.requireCodeArg(args, "js_deobfuscate_pipeline");
+		if (!code) return asJsonResponse({
+			success: false,
+			error: "code is required"
+		});
+		const useWebcrack = argBool(args, "useWebcrack", true);
+		const aggressive = argBool(args, "aggressive", false);
+		const humanize = argBool(args, "humanize", true);
+		const returnStageDetails = argBool(args, "returnStageDetails", false);
+		const startTime = Date.now();
+		let preprocessed = code;
+		const ppTransforms = [];
+		const afterFold = applyConstantFold(preprocessed);
+		if (afterFold !== preprocessed) {
+			preprocessed = afterFold;
+			ppTransforms.push("constant_fold");
+		}
+		const afterDeadCode = applyDeadCodeRemove(preprocessed);
+		if (afterDeadCode !== preprocessed) {
+			preprocessed = afterDeadCode;
+			ppTransforms.push("dead_code_remove");
+		}
+		let deobfuscated = preprocessed;
+		let webcrackApplied = false;
+		let webcrackWarning;
+		let webcrackError;
+		if (useWebcrack) try {
+			const result = await runWebcrack(preprocessed, {
+				unminify: true,
+				unpack: true
+			});
+			if (result.applied) {
+				deobfuscated = result.code;
+				webcrackApplied = true;
+			} else webcrackWarning = result.reason ? `webcrack stage did not apply: ${result.reason}` : "webcrack stage did not apply any transformation.";
+		} catch (error) {
+			webcrackError = error instanceof Error ? error.message : String(error);
+		}
+		if (aggressive) {
+			const afterCFF = applyControlFlowFlatten(deobfuscated);
+			if (afterCFF !== deobfuscated) deobfuscated = afterCFF;
+		}
+		let humanized = deobfuscated;
+		let renameCount = 0;
+		if (humanize) {
+			const result = applyRenameVars(humanized);
+			if (result.code !== humanized) {
+				humanized = result.code;
+				renameCount = result.count;
+			}
+		}
+		const totalMs = Date.now() - startTime;
+		const reductionRate = code.length > 0 ? 1 - humanized.length / code.length : 0;
+		const response = {
+			success: !webcrackWarning && !webcrackError,
+			deobfuscatedCode: humanized,
+			...webcrackWarning ? { warning: webcrackWarning } : {},
+			...webcrackError ? { error: `webcrack stage failed: ${webcrackError}` } : {},
+			stats: {
+				originalSize: code.length,
+				finalSize: humanized.length,
+				reductionRate: Math.round(reductionRate * 1e3) / 10,
+				processingTimeMs: totalMs,
+				stages: {
+					preprocessor: {
+						transforms: ppTransforms,
+						sizeAfter: preprocessed.length
+					},
+					deobfuscator: {
+						webcrackApplied,
+						sizeAfter: deobfuscated.length,
+						...webcrackWarning ? { warning: webcrackWarning } : {},
+						...webcrackError ? { error: webcrackError } : {}
+					},
+					humanizer: {
+						renameCount,
+						sizeAfter: humanized.length
+					}
+				}
+			}
+		};
+		if (returnStageDetails) response.stageDetails = {
+			preprocessed: preprocessed.substring(0, 5e3),
+			deobfuscated: deobfuscated.substring(0, 5e3)
+		};
+		return asJsonResponse(response);
+	}
+	async handleJsAnalyzeVm(args) {
+		const code = this.requireCodeArg(args, "js_analyze_vm");
+		if (!code) return asJsonResponse({
+			success: false,
+			error: "code is required"
+		});
+		const extractBytecode = argBool(args, "extractBytecode", true);
+		return asJsonResponse(buildVmAnalysisResponse({
+			code,
+			extractBytecode,
+			mapOpcodes: argBool(args, "mapOpcodes", true),
+			vmResult: await this.jsvmpDeobfuscator.deobfuscate({
+				code,
+				aggressive: false,
+				extractInstructions: extractBytecode,
+				timeout: 15e3
+			})
+		}));
+	}
+	async handleJsSolveConstraints(args) {
+		const code = this.requireCodeArg(args, "js_solve_constraints");
+		if (!code) return asJsonResponse({
+			success: false,
+			error: "code is required"
+		});
+		return asJsonResponse(solveConstraints({
+			code,
+			replaceInPlace: argBool(args, "replaceInPlace", true),
+			maxIterations: argNumber(args, "maxIterations", 100)
+		}));
+	}
+};
+//#endregion
+export { CoreAnalysisHandlers };