npm - @jshookmcp/jshook - Versions diffs - 0.2.9 → 0.3.1 - Mend

@jshookmcp/jshook 0.2.9 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (316) hide show

package/README.md +25 -50
package/README.zh.md +25 -48
package/dist/AntiCheatDetector-CGVGNfy5.mjs +1 -0
package/dist/CacheAdapters-CdAxBmVW.mjs +1 -0
package/dist/CodeInjector-BlgyqTOk.mjs +1 -0
package/dist/ConsoleMonitor-Dkqc0HNi.mjs +490 -0
package/dist/DOMInspector-BYY_EJ0C.mjs +95 -0
package/dist/DarwinAPI-DC4HGGLl.mjs +1 -0
package/dist/DetailedDataManager-BniBJlVv.mjs +1 -0
package/dist/EventBus-DgciURGg.mjs +1 -0
package/dist/EvidenceGraphBridge-BIfgB7HP.mjs +1 -0
package/dist/ExtensionManager-erMpqcLk.mjs +1 -0
package/dist/FingerprintManager-N7BZqjxP.mjs +1 -0
package/dist/HardwareBreakpoint-OcJqNFVc.mjs +1 -0
package/dist/HeapAnalyzer-CqAxZzeS.mjs +1 -0
package/dist/{HookGeneratorBuilders.core.generators.storage-CtcdK78Q.mjs → HookGeneratorBuilders.core.generators.storage-Bf1fbrNK.mjs} +66 -174
package/dist/InstrumentationSession-DxXs0sCp.mjs +1 -0
package/dist/MCPServer.search.handlers.domain-DVbWL1bT.mjs +1 -0
package/dist/MemoryController-BaqstM5w.mjs +2 -0
package/dist/MemoryScanSession-CaxAjZJf.mjs +1 -0
package/dist/MemoryScanner-BLYnMJy6.mjs +1 -0
package/dist/NativeMemoryManager.impl-CI554XbY.mjs +1 -0
package/dist/NativeMemoryManager.utils-DM4NC3FE.mjs +1 -0
package/dist/PEAnalyzer-DJyaJTQJ.mjs +1 -0
package/dist/PageController-D9jVkH0i.mjs +1 -0
package/dist/PointerChainEngine-5nF9eNlu.mjs +1 -0
package/dist/PrerequisiteError-Bl3dK8XA.mjs +1 -0
package/dist/ProcessRegistry-Hf12LlR9.mjs +1 -0
package/dist/ResponseBuilder-B2lu4KEl.mjs +1 -0
package/dist/ReverseEvidenceGraph-B931HeoW.mjs +2 -0
package/dist/ScriptManager-fgqiALgj.mjs +7 -0
package/dist/Speedhack-l6s8L2Qw.mjs +1 -0
package/dist/StealthVerifier-Dhbj4B4P.mjs +1 -0
package/dist/StructureAnalyzer-A-WamfYE.mjs +2 -0
package/dist/ToolCatalog-D_IKl1Hu.mjs +1 -0
package/dist/ToolError-DWU_z7gp.mjs +1 -0
package/dist/ToolProbe-xsfALmN3.mjs +1 -0
package/dist/ToolRegistry-B0Zs-phN.mjs +1 -0
package/dist/ToolRouter.policy-CFHoN_Lw.mjs +4 -0
package/dist/TraceRecorder-Dd8jLXpi.mjs +272 -0
package/dist/VersionDetector-DMoUWyNm.mjs +9 -0
package/dist/Win32API-Bhi5xFBe.mjs +1 -0
package/dist/Win32Debug-CQteFL4F.mjs +1 -0
package/dist/WorkflowEngine-CxEp2WXH.mjs +1 -0
package/dist/analysis-BuR-NgX8.mjs +5 -0
package/dist/{antidebug-CqDTB_uk.mjs → antidebug-BOTZH6-0.mjs} +8 -259
package/dist/artifactRetention-NBdncOEW.mjs +1 -0
package/dist/artifacts-B5xQuEa_.mjs +1 -0
package/dist/authorization-schema-B40obG1A.mjs +1 -0
package/dist/betterSqlite3-CGaxz4AX.mjs +1 -0
package/dist/binary-instrument-Cf9qqLlM.mjs +7 -0
package/dist/bind-helpers-BlAOQrFQ.mjs +1 -0
package/dist/boringssl-inspector-BST5vtKx.mjs +2 -0
package/dist/browser-C4Le3xqA.mjs +11 -0
package/dist/capabilities-DbYCv-HF.mjs +1 -0
package/dist/chunk-C_pMuVsO.mjs +1 -0
package/dist/collector-CKO8RPK8.mjs +1 -0
package/dist/concurrency-CcK46d0h.mjs +1 -0
package/dist/constants-Cp6hBrrx.mjs +1 -0
package/dist/coordination-BbijHEHH.mjs +1 -0
package/dist/debugger-CRJq_krh.mjs +1 -0
package/dist/definitions-BGobEDQa.mjs +1 -0
package/dist/definitions-BGwNSkVm.mjs +1 -0
package/dist/definitions-BbxOUiP-.mjs +1 -0
package/dist/definitions-CCP9gphV.mjs +1 -0
package/dist/definitions-CIO9O-Sw.mjs +1 -0
package/dist/definitions-CYFbewnd.mjs +1 -0
package/dist/definitions-CdWEuIkI.mjs +1 -0
package/dist/definitions-CoQFbggH.mjs +1 -0
package/dist/definitions-CuJRsJ6N.mjs +1 -0
package/dist/definitions-DI9YXsJk.mjs +1 -0
package/dist/definitions-DJklW2sS.mjs +1 -0
package/dist/definitions-DZ8uKusP.mjs +1 -0
package/dist/definitions-Dds_zrWx.mjs +1 -0
package/dist/definitions-Dgrg7f3D.mjs +1 -0
package/dist/definitions-DtE0XLrT.mjs +1 -0
package/dist/definitions-LaYTuwQd.mjs +26 -0
package/dist/definitions-NoVp_9Pm.mjs +1 -0
package/dist/definitions-OvGsfxdt.mjs +1 -0
package/dist/definitions-jXPaVy4P.mjs +1 -0
package/dist/encoding-DGcr6Aj_.mjs +2 -0
package/dist/ensure-browser-core-Buls24LQ.mjs +1 -0
package/dist/evidence-graph-bridge-B0yhGPcs.mjs +1 -0
package/dist/factory-Cx_1LorX.mjs +1 -0
package/dist/flat-target-session-CO5g78k3.mjs +1 -0
package/dist/formatAddress-C7j2fDlM.mjs +1 -0
package/dist/graphql-HLf3MS8H.mjs +62 -0
package/dist/handlers-BLMa4X7l.mjs +54 -0
package/dist/handlers-BP12ZsWc.mjs +4 -0
package/dist/handlers-BZoPla6E.mjs +1 -0
package/dist/handlers-BggKiVx9.mjs +2 -0
package/dist/handlers-D3iev8g1.mjs +1 -0
package/dist/handlers-D49r1-1P.mjs +1 -0
package/dist/handlers-DCE45Ww8.mjs +2 -0
package/dist/handlers-DW5AbYs5.mjs +5 -0
package/dist/handlers-De5u62Ga2.mjs +1 -0
package/dist/handlers-DmQzIc44.mjs +31 -0
package/dist/handlers-DnJRGp7t.mjs +302 -0
package/dist/handlers-Dv_runVv.mjs +2 -0
package/dist/handlers-S9Ws0IGy.mjs +2 -0
package/dist/{handlers-Bl8zkwz1.mjs → handlers-pVNpaw4A.mjs} +144 -841
package/dist/handlers.impl-CD2_kOcC.mjs +1 -0
package/dist/hooks-DDKppogd.mjs +600 -0
package/dist/index.mjs +12 -5225
package/dist/logger-sBC6IdRT.mjs +1 -0
package/dist/maintenance-CutEO84j.mjs +1 -0
package/dist/manifest-BFGxlDRh.mjs +123 -0
package/dist/manifest-BPuE6oH2.mjs +1 -0
package/dist/manifest-BXry5N09.mjs +1 -0
package/dist/manifest-BeP_zJGb2.mjs +1 -0
package/dist/manifest-C0g67k6U.mjs +1 -0
package/dist/manifest-C1nZkTkO.mjs +1 -0
package/dist/manifest-C7qV1z7F.mjs +1 -0
package/dist/manifest-CDeUZGUZ.mjs +1 -0
package/dist/manifest-CDiCtaQT.mjs +1 -0
package/dist/manifest-CFn0359q2.mjs +1 -0
package/dist/manifest-CGq4NpqH2.mjs +1 -0
package/dist/manifest-CJMGt7Qy.mjs +1 -0
package/dist/manifest-CRIJq4Hs.mjs +1 -0
package/dist/manifest-C_hEIjSx.mjs +1 -0
package/dist/manifest-CeQmtQOY.mjs +1 -0
package/dist/manifest-Cq0j7GZt.mjs +1 -0
package/dist/manifest-CtPmHAdn.mjs +1 -0
package/dist/manifest-Cx2IVMUY.mjs +1 -0
package/dist/manifest-D16xPXro.mjs +1 -0
package/dist/manifest-D44TaRJU.mjs +1 -0
package/dist/manifest-D610kxZr.mjs +2 -0
package/dist/manifest-DC-SMF6b.mjs +1 -0
package/dist/manifest-DD3rtxvV.mjs +1 -0
package/dist/manifest-DKUorv5M.mjs +1 -0
package/dist/manifest-DMJlcsTR.mjs +1 -0
package/dist/manifest-DWUUWBz0.mjs +1 -0
package/dist/manifest-De-6Wf2R.mjs +1 -0
package/dist/manifest-Dgh0uDW-.mjs +1 -0
package/dist/manifest-Dm0o3i2U.mjs +1 -0
package/dist/manifest-DsVh7Y4U.mjs +1 -0
package/dist/manifest-DtEFSRaq.mjs +1 -0
package/dist/manifest-H-EpAyZQ.mjs +1 -0
package/dist/manifest-ais9Afrw.mjs +1 -0
package/dist/manifest-tmb54wmA.mjs +1 -0
package/dist/manifest-yu2xiQqe.mjs +1 -0
package/dist/manifest-zrbrpKCC.mjs +1 -0
package/dist/matchesWildcardPattern-BGqLSmEs.mjs +1 -0
package/dist/modules-p-PUNv9r.mjs +332 -0
package/dist/mojo-ipc-VGlv3Qyp.mjs +9 -0
package/dist/network-BjZ1Y-GB.mjs +7 -0
package/dist/outputPaths-BonGThuc.mjs +2 -0
package/dist/parse-args-Cuk7-xUt.mjs +1 -0
package/dist/platform-C446Lf97.mjs +93 -0
package/dist/playwright-cdp-fallback-BwVR-_T3.mjs +1 -0
package/dist/process-C9f2A5zk.mjs +962 -0
package/dist/proxy-CvRepxgV.mjs +1 -0
package/dist/registry-DUHIPE-v.mjs +1 -0
package/dist/response-C7rKQst4.mjs +1 -0
package/dist/search-defaults-D2bY-rzH.mjs +1 -0
package/dist/server/plugin-api.mjs +1 -293
package/dist/shared-state-board-Cyg-xh_k.mjs +1 -0
package/dist/sourcemap-D6Q1UuAp.mjs +1 -0
package/dist/ssrf-policy-T96MR3r6.mjs +1 -0
package/dist/streaming-CTX58tbb.mjs +1 -0
package/dist/tool-builder-CI9914Tf.mjs +1 -0
package/dist/transform-Cv9P2vVD.mjs +103 -0
package/dist/types-CuyefmGT.mjs +1 -0
package/dist/types-DtThH00r.mjs +1 -0
package/dist/wasm-DaJa8J0V.mjs +174 -0
package/dist/webcrack-CsLLJIs9.mjs +46 -0
package/dist/workflow-CYIXtrWD.mjs +101 -0
package/package.json +12 -7
package/dist/AntiCheatDetector-BNk-EoBt.mjs +0 -244
package/dist/CacheAdapters-CDe5WPSV.mjs +0 -80
package/dist/CodeInjector-Cq8q01kp.mjs +0 -150
package/dist/ConsoleMonitor-CPVQW1Y-.mjs +0 -2201
package/dist/DarwinAPI-BNPxu0RH.mjs +0 -363
package/dist/DetailedDataManager-BQQcxh64.mjs +0 -217
package/dist/EventBus-DgPmwpeu.mjs +0 -141
package/dist/EvidenceGraphBridge-SFesNera.mjs +0 -153
package/dist/ExtensionManager-CWYgw0YW.mjs +0 -714
package/dist/FingerprintManager-gzWtkKuf.mjs +0 -96
package/dist/HardwareBreakpoint-B9gZCdFP.mjs +0 -239
package/dist/HeapAnalyzer-BLDH0dCv.mjs +0 -284
package/dist/InstrumentationSession-CvPC7Jwy.mjs +0 -244
package/dist/MemoryController-CbVdCIJF.mjs +0 -167
package/dist/MemoryScanSession-BsDZbLYm.mjs +0 -278
package/dist/MemoryScanner-Bcpml6II.mjs +0 -425
package/dist/NativeMemoryManager.impl-dZtA1ZGn.mjs +0 -482
package/dist/NativeMemoryManager.utils-B-FjA2mJ.mjs +0 -165
package/dist/PEAnalyzer-D1lzJ_VG.mjs +0 -385
package/dist/PageController-Bqm2kZ_X.mjs +0 -417
package/dist/PointerChainEngine-BOhyVsjx.mjs +0 -322
package/dist/PrerequisiteError-Dl33Svkz.mjs +0 -20
package/dist/ResponseBuilder-D3iFYx2N.mjs +0 -143
package/dist/ReverseEvidenceGraph-Dlsk94LC.mjs +0 -269
package/dist/ScriptManager-aHHq0X7U.mjs +0 -3000
package/dist/Speedhack-CqdIFlQl.mjs +0 -156
package/dist/StealthVerifier-Bo4T3bz8.mjs +0 -135
package/dist/StructureAnalyzer-DhFaPvRO.mjs +0 -426
package/dist/ToolCatalog-C0JGZoOm.mjs +0 -582
package/dist/ToolError-jh9whhMd.mjs +0 -15
package/dist/ToolProbe-oC7aPrkv.mjs +0 -45
package/dist/ToolRegistry-BjaF4oNz.mjs +0 -131
package/dist/ToolRouter.policy-BWV67ZK-.mjs +0 -304
package/dist/TraceRecorder-DgxyVbdQ.mjs +0 -519
package/dist/VersionDetector-CwVLVdDM.mjs +0 -104
package/dist/Win32API-CePkipZY.mjs +0 -340
package/dist/Win32Debug-BvKs-gxc.mjs +0 -274
package/dist/WorkflowEngine-CuvkZtWu.mjs +0 -598
package/dist/analysis-CL9uACt9.mjs +0 -463
package/dist/artifactRetention-CFEprwPw.mjs +0 -591
package/dist/artifacts-Bk2-_uPq.mjs +0 -59
package/dist/betterSqlite3-0pqusHHH.mjs +0 -74
package/dist/binary-instrument-CXfpx6fT.mjs +0 -979
package/dist/bind-helpers-xFfRF-qm.mjs +0 -22
package/dist/boringssl-inspector-BH2D3VKc.mjs +0 -180
package/dist/browser-BpOr5PEx.mjs +0 -4082
package/dist/chunk-CjcI7cDX.mjs +0 -15
package/dist/concurrency-Bt0yv1kJ.mjs +0 -41
package/dist/constants-B0OANIBL.mjs +0 -519
package/dist/coordination-qUbyF8KU.mjs +0 -259
package/dist/debugger-gnKxRSN0.mjs +0 -1271
package/dist/definitions-6M-eejaT.mjs +0 -53
package/dist/definitions-B18eyf0B.mjs +0 -18
package/dist/definitions-B3QdlrHv.mjs +0 -34
package/dist/definitions-B4rAvHNZ.mjs +0 -63
package/dist/definitions-BB_4jnmy.mjs +0 -37
package/dist/definitions-BMfYXoNC.mjs +0 -43
package/dist/definitions-Beid2EB3.mjs +0 -27
package/dist/definitions-C1UvM5Iy.mjs +0 -126
package/dist/definitions-CXEI7QC72.mjs +0 -216
package/dist/definitions-C_4r7Fo-2.mjs +0 -14
package/dist/definitions-CkFDALoa.mjs +0 -26
package/dist/definitions-Cke7zEb8.mjs +0 -94
package/dist/definitions-ClJLzsJQ.mjs +0 -25
package/dist/definitions-Cq-zroAU.mjs +0 -28
package/dist/definitions-Cy3Sl6gV.mjs +0 -34
package/dist/definitions-D3VsGcvz.mjs +0 -47
package/dist/definitions-DVGfrn7y.mjs +0 -96
package/dist/definitions-LKpC3-nL.mjs +0 -9
package/dist/definitions-bAhHQJq9.mjs +0 -359
package/dist/encoding-Bvz5jLRv.mjs +0 -1065
package/dist/evidence-graph-bridge-C_fv9PuC.mjs +0 -135
package/dist/factory-DxlGh9Xf.mjs +0 -575
package/dist/formatAddress-DVkj9kpI.mjs +0 -17
package/dist/graphql-DYWzJ29s.mjs +0 -1026
package/dist/handlers-9sAbfIg-.mjs +0 -2552
package/dist/handlers-C67ktuRN.mjs +0 -710
package/dist/handlers-C87g8oCe.mjs +0 -276
package/dist/handlers-CTsDAO6p.mjs +0 -681
package/dist/handlers-Cgyg6c0U.mjs +0 -645
package/dist/handlers-D6j6yka7.mjs +0 -2124
package/dist/handlers-DdFzXLvF.mjs +0 -446
package/dist/handlers-DeLOCd5m.mjs +0 -799
package/dist/handlers-DlCJN4Td.mjs +0 -757
package/dist/handlers-DxGIq15_2.mjs +0 -917
package/dist/handlers-U6L4xhuF.mjs +0 -585
package/dist/handlers-tB9Mp9ZK.mjs +0 -84
package/dist/handlers-tiy7EIBp.mjs +0 -572
package/dist/handlers.impl-DS0d9fUw.mjs +0 -761
package/dist/hooks-CzCWByww.mjs +0 -898
package/dist/logger-Dh_xb7_2.mjs +0 -93
package/dist/maintenance-P7ePRXQC.mjs +0 -830
package/dist/manifest-2ToTpjv8.mjs +0 -106
package/dist/manifest-3g71z6Bg.mjs +0 -79
package/dist/manifest-82baTv4U.mjs +0 -45
package/dist/manifest-B3QVVeBS.mjs +0 -82
package/dist/manifest-BB2J8IMJ.mjs +0 -149
package/dist/manifest-BKbgbSiY.mjs +0 -60
package/dist/manifest-Bcf-TJzH.mjs +0 -848
package/dist/manifest-BmtZzQiQ2.mjs +0 -45
package/dist/manifest-Bnd7kqEY.mjs +0 -55
package/dist/manifest-BqQX6OQC2.mjs +0 -65
package/dist/manifest-BqrQ4Tpj.mjs +0 -81
package/dist/manifest-Br4RPFt5.mjs +0 -370
package/dist/manifest-C5qDjysN.mjs +0 -107
package/dist/manifest-C9RT5nk32.mjs +0 -34
package/dist/manifest-CAhOuvSl.mjs +0 -204
package/dist/manifest-CBYWCUBJ.mjs +0 -51
package/dist/manifest-CFADCRa1.mjs +0 -37
package/dist/manifest-CQVhavRF.mjs +0 -114
package/dist/manifest-CT7zZBV1.mjs +0 -48
package/dist/manifest-CV12bcrF.mjs +0 -121
package/dist/manifest-CXsRWjjI.mjs +0 -224
package/dist/manifest-CZLUCfG02.mjs +0 -95
package/dist/manifest-D6phHKFd.mjs +0 -131
package/dist/manifest-DCyjf4n2.mjs +0 -294
package/dist/manifest-DHsnKgP6.mjs +0 -60
package/dist/manifest-Df_dliIe.mjs +0 -55
package/dist/manifest-Dh8WBmEW.mjs +0 -129
package/dist/manifest-DhKRAT8_.mjs +0 -92
package/dist/manifest-DlpTj4ic2.mjs +0 -193
package/dist/manifest-DrbmZcFl2.mjs +0 -253
package/dist/manifest-DuwHjUa5.mjs +0 -70
package/dist/manifest-DzwvxPJX.mjs +0 -38
package/dist/manifest-NXctwWQq.mjs +0 -68
package/dist/manifest-Sc_0JQ13.mjs +0 -418
package/dist/manifest-gZ4s_UtG.mjs +0 -96
package/dist/manifest-qSleDqdO.mjs +0 -1023
package/dist/modules-C184v-S9.mjs +0 -11365
package/dist/mojo-ipc-B_H61Afw.mjs +0 -525
package/dist/network-671Cw6hV.mjs +0 -3346
package/dist/outputPaths-B1uGmrWZ.mjs +0 -1145
package/dist/parse-args-BlRjqlkL.mjs +0 -39
package/dist/platform-WmNn8Sxb.mjs +0 -2070
package/dist/process-QcbIy5Zq.mjs +0 -1401
package/dist/proxy-DqNs0bAd.mjs +0 -170
package/dist/registry-D-6e18lB.mjs +0 -34
package/dist/response-BQVP-xUn.mjs +0 -28
package/dist/shared-state-board-DV-dpHFJ.mjs +0 -586
package/dist/sourcemap-Dq8ez8vS.mjs +0 -650
package/dist/ssrf-policy-ZaUfvhq7.mjs +0 -166
package/dist/streaming-BUQ0VJsg.mjs +0 -725
package/dist/tool-builder-DCbIC5Eo.mjs +0 -186
package/dist/transform-CiYJfNX0.mjs +0 -1007
package/dist/types-Bx92KJfT.mjs +0 -4
package/dist/types-CPhOReNX.mjs +0 -37
package/dist/wasm-DQTnHDs4.mjs +0 -531
package/dist/workflow-f3xJOcjx.mjs +0 -725

package/dist/wasm-DaJa8J0V.mjs ADDED Viewed

@@ -0,0 +1,174 @@
+import{Fr as e,Ir as t,Lr as n,Nr as r,Pr as i}from"./constants-Cp6hBrrx.mjs";import{i as a}from"./modules-p-PUNv9r.mjs";import{i as o}from"./artifacts-B5xQuEa_.mjs";import{a as s,o as c,r as l,s as u,t as d}from"./parse-args-Cuk7-xUt.mjs";import{n as f}from"./capabilities-DbYCv-HF.mjs";import{t as p}from"./ToolRegistry-B0Zs-phN.mjs";import{t as m}from"./ResponseBuilder-B2lu4KEl.mjs";import"./definitions-CIO9O-Sw.mjs";import{tmpdir as h}from"node:os";import{createHash as g}from"node:crypto";import{join as _,normalize as v,resolve as y,sep as b}from"node:path";import{mkdir as x,stat as S,writeFile as C}from"node:fs/promises";const w=e=>typeof e==`object`&&!!e,T=e=>w(e)&&typeof e.error==`string`;function E(e){let t=y(e),n=v(process.cwd()),r=v(h());if(!t.startsWith(`${n}${b}`)&&!t.startsWith(`${r}${b}`))throw Error(`Path traversal blocked: outputPath must be under project root or temp directory`);return t}var D=class{state;constructor(e){this.state=e}ok(e){return{content:[{type:`text`,text:JSON.stringify({success:!0,...e},null,2)}]}}fail(e,t){return{content:[{type:`text`,text:JSON.stringify({success:!1,error:e,...t===void 0?{}:{exitCode:t}},null,2)}]}}async writeTextArtifact(e){let{outputPath:t,artifact:n,content:r,pathMode:i=`display`}=e;if(t){let e=E(t);return await C(e,r,`utf-8`),e}let{absolutePath:a,displayPath:s}=await o(n);return await C(a,r,`utf-8`),i===`absolute`?a:s}async resolveArtifactOutputPath(e){let{outputPath:t,artifact:n,pathMode:r=`absolute`}=e;if(t)return E(t);let{absolutePath:i,displayPath:a}=await o(n);return r===`display`?a:i}preview(e,t){let n=e.split(`
+`);return n.slice(0,t).join(`
+`)+(n.length>t?`
+... (truncated)`:``)}async tryStatSize(e){try{return(await S(e)).size}catch{return 0}}};function O(e){return/^[a-z]:[\\/]/i.test(e)||/^\\\\[^\\]+\\[^\\]+/i.test(e)||/^file:\/\//i.test(e)||/^\/(?:Users|home|tmp|var|etc|opt|usr|srv|mnt|media|private|root|run|dev|proc|sys|Library|Volumes)(?:\/|$)/.test(e)}var k=class extends D{async handleWasmDetectObfuscation(e){let a=u(e,`inputPath`),o=d(e,`verbose`,!1),s=await this.state.runner.run({tool:`wabt.wasm2wat`,args:[a],timeoutMs:t});if(!s.ok)return this.fail(`Failed to disassemble: ${s.stderr}`);let c=s.stdout,l=[],f=(c.match(/br_table/g)||[]).length;f>5&&l.push({type:`control-flow-flattening`,confidence:Math.min(f/20,.95),description:`${f} br_table dispatches detected — likely flattened control flow`});let p=(c.match(/i32\.xor/g)||[]).length,m=(c.match(/i32\.rotl|i32\.rotr/g)||[]).length,h=(c.match(/i32\.shl|i32\.shr_[su]/g)||[]).length;p+m+h>r&&l.push({type:`constant-encoding`,confidence:Math.min((p+m+h)/50,.9),description:`High density of bitwise ops (${p} xor, ${h} shift, ${m} rotate) — constant decoding`});let g=c.match(/br\s+(?:\$\d+|\d+)\s*\n\s*(?!end\b|\))\S.*$/gm)||[];g.length>i&&l.push({type:`dead-code-injection`,confidence:Math.min(g.length/30,.85),description:`${g.length} code blocks after unconditional branches`});let _=/\(loop/.test(c),v=/br_table/.test(c),y=/local\.get\s+\d+/.test(c);if(_&&v&&y){let e=(c.match(/\(loop/g)||[]).length;e>n&&l.push({type:`vm-dispatch`,confidence:.75,description:`Loop + br_table + local.get pattern (${e} loops) — possible WASM VM interpreter`})}let b=(c.match(/\(func\s/g)||[]).length,x=c.length;b>0&&x/b>5e3&&l.push({type:`code-bloat`,confidence:.5,description:`Average ${(x/b).toFixed(0)} chars/function across ${b} functions — unusually large`});let S=(c.match(/\bcall_indirect\b/g)||[]).length,C=(c.match(/\bcall\s+(?!indirect)/g)||[]).length;S>3&&S>=C*.3&&l.push({type:`indirect-call-dispatch`,confidence:Math.min(S/15,.85),description:`${S} call_indirect vs ${C} direct calls — indirect call ratio suggests dispatch-based VM or obfuscation`});let w=(c.match(/\(import\s+"env"\s+"(\w+)"/g)||[]).map(e=>e.split(`"`)[3]??``).filter(e=>![`memory`,`table`,`__linear_memory`,`__indirect_function_table`].includes(e));w.length>20&&l.push({type:`large-import-surface`,confidence:Math.min(w.length/50,.7),description:`${w.length} env imports — large import surface typical of obfuscated/wrapped modules`});let T=l.length>0,E=l.reduce((e,t)=>Math.max(e,t.confidence),0);return this.ok({inputPath:a,hasObfuscation:T,overallConfidence:T?E:0,detectionCount:l.length,detections:l,summary:T?`Detected ${l.length} obfuscation pattern(s). Highest confidence: ${(E*100).toFixed(0)}%`:`No obfuscation patterns detected.`,...o?{watPreview:this.preview(c,200)}:{}})}async handleWasmInstrumentTrace(e){let n=u(e,`inputPath`),r=d(e,`allHooks`,!0),i=c(e,`hooks`),a=s(e,`outputPath`),o=await this.state.runner.run({tool:`wabt.wasm2wat`,args:[n],timeoutMs:t});if(!o.ok)return this.fail(o.stderr);let l=o.stdout,f=r?[`call`,`memory`,`branch`,`loop`,`local`]:i.length>0?i:[`call`],p=l.match(/\(func\s/g)||[],m=l.match(/\(export/g)||[],h=l.match(/\(import/g)||[],g=l.match(/\(table\b/g)||[],_=l.match(/\bcall_indirect\b/g)||[],v=[],y=[],b=/\(export\s+"([^"]+)"\s+\((\w+)\s+(\$?[\w.]+)\)\)/g,x=/\(import\s+"([^"]+)"\s+"([^"]+)"/g,S;for(;(S=b.exec(l))!==null;)S[1]&&v.push(S[1]);for(;(S=x.exec(l))!==null;)S[1]&&S[2]&&y.push({module:S[1],name:S[2]});let w={call:`
+  const callLog = [];
+  for (const [name, value] of Object.entries(instance.exports)) {
+    if (typeof value === 'function') {
+      hookedExports[name] = new Proxy(value, {
+        apply(target, thisArg, argumentsList) {
+          const entry = { type: 'call', name, args: argumentsList.map(String), timestamp: Date.now() };
+          callLog.push(entry);
+          try {
+            const result = Reflect.apply(target, thisArg, argumentsList);
+            callLog.push({ type: 'return', name, result: String(result), timestamp: Date.now() });
+            return result;
+          } catch (err) {
+            callLog.push({ type: 'throw', name, error: String(err), timestamp: Date.now() });
+            throw err;
+          }
+        }
+      });
+    }
+  }`,memory:`
+  const memoryLog = [];
+  const originalMemory = instance.exports.memory || Object.values(instance.exports).find(e => e instanceof WebAssembly.Memory);
+  const memTracker = { reads: 0, writes: 0, growEvents: [] };
+  if (originalMemory) {
+    const memSnapshot = () => {
+      const view = new DataView(originalMemory.buffer);
+      return { byteLength: view.byteLength, pages: view.byteLength / 65536 };
+    };
+    memTracker.snapshot = memSnapshot;
+    const origGrow = originalMemory.grow?.bind(originalMemory);
+    if (origGrow) {
+      originalMemory.grow = function(delta) {
+        const beforePages = originalMemory.buffer.byteLength / 65536;
+        memoryLog.push({ op: 'grow', delta, beforePages, timestamp: Date.now() });
+        memTracker.growEvents.push({ delta, beforePages });
+        return origGrow(delta);
+      };
+    }
+    const memProxy = new Proxy(originalMemory, {
+      get(target, prop) {
+        if (prop === 'buffer') {
+          memTracker.reads++;
+        }
+        const val = Reflect.get(target, prop, target);
+        return typeof val === 'function' ? val.bind(target) : val;
+      }
+    });
+    const memExportName = Object.entries(instance.exports).find(([, v]) => v === originalMemory)?.[0] || 'memory';
+    hookedExports[memExportName] = memProxy;
+    memTracker.buffer = originalMemory.buffer;
+  }`,branch:`
+  // === Branch Hook: Tracks JS-visible WebAssembly.Table access only ===
+  // Internal call_indirect dispatch stays inside the Wasm engine and is not observable from JS.
+  const branchLog = [];
+  for (const [tableName, table] of Object.entries(instance.exports)) {
+    if (!(table instanceof WebAssembly.Table)) continue;
+    const origGet = table.get.bind(table);
+    const origGrow = table.grow?.bind(table);
+    hookedExports[tableName] = new Proxy(table, {
+        get(t, prop) {
+          if (prop === 'get') {
+            return (idx) => {
+              branchLog.push({ type: 'table_get', table: tableName, index: idx, timestamp: Date.now() });
+              return origGet(idx);
+            };
+          }
+          if (prop === 'grow' && origGrow) {
+            return (delta) => {
+              branchLog.push({ type: 'table_grow', table: tableName, delta, timestamp: Date.now() });
+              return origGrow(delta);
+            };
+          }
+          const val = t[prop];
+          return typeof val === 'function' ? val.bind(t) : val;
+        }
+      });
+  }`,loop:`
+  const loopLog = [];
+  const loopCallCounts = {};
+  const loopSource = hookedExports;
+  for (const [name, value] of Object.entries(loopSource)) {
+    if (typeof value === 'function') {
+      hookedExports[name] = new Proxy(value, {
+        apply(target, thisArg, args) {
+          loopCallCounts[name] = (loopCallCounts[name] || 0) + 1;
+          if (loopCallCounts[name] > 1) {
+            loopLog.push({ type: 'loop-iteration', func: name, count: loopCallCounts[name], timestamp: Date.now() });
+          }
+          return Reflect.apply(target, thisArg, args);
+        }
+      });
+    }
+  }`,local:`
+  const localLog = [];
+  for (const [globalName, global] of Object.entries(instance.exports)) {
+    if (!(global instanceof WebAssembly.Global)) continue;
+    hookedExports[globalName] = new Proxy(global, {
+      get(target, prop) {
+        if (prop === 'valueOf' || prop === Symbol.toPrimitive) {
+          return (...args) => Reflect.apply(target.valueOf, target, args);
+        }
+        const val = Reflect.get(target, prop, target);
+        if (prop === 'value' && typeof val === 'function') {
+          return target.valueOf();
+        }
+        return typeof val === 'function' ? val.bind(target) : val;
+      },
+      set(target, prop, newValue) {
+        if (prop === 'value') {
+          const oldValue = target.valueOf();
+          localLog.push({ type: 'global-set', name: globalName, oldValue, newValue, timestamp: Date.now() });
+          target.value = newValue;
+          return true;
+        }
+        return Reflect.set(target, prop, newValue, target);
+      }
+    });
+  }`},T=f.filter(e=>e in w),D=`
+  const hookedExports = {};
+  for (const [k, v] of Object.entries(instance.exports)) { hookedExports[k] = v; }
+`+T.map(e=>w[e]).join(`
+`),k=JSON.stringify(n),A=[...new Set(y.map(({module:e})=>e))].filter(e=>e!==`env`).map(e=>`    ${JSON.stringify(e)}: {},`).join(`
+`),j=y.map(({module:e,name:t})=>{let n=JSON.stringify(e),r=JSON.stringify(t);return`if (!imports[${n}]) imports[${n}] = {};\n  if (!imports[${n}][${r}]) imports[${n}][${r}] = () => {};`}).join(`
+  `),M=`// WASM Instrumentation Wrapper (Wasabi-style)
+// Generated by jshookmcp wasm_instrument_trace
+// Hooks: ${T.join(`, `)}
+// Functions: ${p.length} | Exports: ${v.join(`, `)||`none`} | Imports: ${y.length}
+(async function() {
+  const wasmBytes = await fetch(${k}).then(r => r.arrayBuffer());
+  const module = await WebAssembly.compile(wasmBytes);
+  const imports = {
+    env: {
+      abort: () => console.warn('[wasabi] abort called'),
+      memory: new WebAssembly.Memory({ initial: 256, maximum: 1024 }),
+      seed: () => Math.random(),
+      'Math.log': Math.log,
+      'Math.random': Math.random,
+      console: { log: (...a) => console.log('[wasabi]', ...a) },
+    },
+${A?`${A}\n`:``}  };
+  ${j}
+  const instance = await WebAssembly.instantiate(module, imports);
+${D}
+  const tracedExports = hookedExports;
+  return {
+    instance,
+    exports: tracedExports,
+    hooks: {
+${T.map(e=>`      ${e}: ${e===`call`?`callLog`:e===`memory`?`memoryLog`:e===`branch`?`branchLog`:e===`loop`?`loopLog`:`localLog`}`).join(`,
+`)}
+    },
+    stats: {
+      functions: ${p.length},
+      exports: ${m.length},
+      imports: ${h.length},
+      exportNames: ${JSON.stringify(v)},
+      hookTypes: ${JSON.stringify(T)}
+    }
+  };
+})();
+`,N;if(a){let e=E(a);await C(e,M,`utf-8`),N=e}else N=await this.writeTextArtifact({artifact:{category:`wasm`,toolName:`wasm-instrument`,ext:`js`},content:M});let P=O(n),F=[P?`Wrapper embeds the provided inputPath into browser-side fetch(). Local filesystem paths are not browser-accessible; provide an http(s) URL instead, or upload the module with wasm_dump and use the resulting URL.`:void 0,T.includes(`branch`)&&_.length>0?`Branch hook only observes JS-visible WebAssembly.Table access. This module contains ${_.length} call_indirect site(s), which are dispatched inside the Wasm engine and will not appear in branch logs.`:void 0].filter(e=>typeof e==`string`&&e.length>0),I=F.length>0?F.join(` `):void 0;return this.ok({artifactPath:N,hookTypes:T,functionCount:p.length,exportCount:m.length,importCount:h.length,wrapperSizeBytes:M.length,note:`Wasabi-style instrumentation wrapper generated. Load in browser with WASM module to trace execution.`,metadata:{inputPathKind:P?`local-path`:`url`,wrapperFetchesBrowserUrl:!0,...T.includes(`branch`)?{branchHookMode:`js-table-access-only`,callIndirectSites:_.length,tableCount:g.length}:{}},...I?{warning:I}:{}})}},A=class extends D{async handleWasmDisassemble(e){let n=u(e,`inputPath`),r=s(e,`outputPath`),i=d(e,`foldExprs`,!0),a=[n,`-o`,`/dev/stdout`];i&&a.push(`--fold-exprs`);let o=await this.state.runner.run({tool:`wabt.wasm2wat`,args:a,timeoutMs:t});if(!o.ok)return this.fail(o.stderr,o.exitCode??void 0);let c=await this.writeTextArtifact({outputPath:r,artifact:{category:`wasm`,toolName:`wasm-disassemble`,ext:`wat`},content:o.stdout});return this.ok({artifactPath:c,totalLines:o.stdout.split(`
+`).length,sizeBytes:o.stdout.length,preview:this.preview(o.stdout,50),durationMs:o.durationMs})}async handleWasmDecompile(e){let n=u(e,`inputPath`),r=s(e,`outputPath`),i=await this.state.runner.run({tool:`wabt.wasm-decompile`,args:[n,`-o`,`/dev/stdout`],timeoutMs:t});if(!i.ok)return this.fail(i.stderr,i.exitCode??void 0);let a=await this.writeTextArtifact({outputPath:r,artifact:{category:`wasm`,toolName:`wasm-decompile`,ext:`dcmp`},content:i.stdout});return this.ok({artifactPath:a,totalLines:i.stdout.split(`
+`).length,preview:this.preview(i.stdout,60),durationMs:i.durationMs})}async handleWasmInspectSections(e){let n=u(e,`inputPath`),r=({headers:`-h`,details:`-x`,disassemble:`-d`,all:`-h -x -d`}[s(e,`sections`,`details`)]||`-x`).split(` `),i=await this.state.runner.run({tool:`wabt.wasm-objdump`,args:[...r,n],timeoutMs:t});return i.ok?this.ok({totalLines:i.stdout.split(`
+`).length,preview:this.preview(i.stdout,100),durationMs:i.durationMs}):this.fail(i.stderr,i.exitCode??void 0)}async handleWasmToC(e){let n=u(e,`inputPath`),r=s(e,`outputDir`),i=await this.resolveArtifactOutputPath({outputPath:r,artifact:{category:`wasm`,toolName:`wasm2c`,ext:`dir`},pathMode:`absolute`});await x(i,{recursive:!0});let a=y(n).replace(/\.wasm$/i,``).split(/[/\\]/).pop()||`output`,o=_(i,`${a}.c`),c=_(i,`${a}.h`),l=await this.state.runner.run({tool:`wabt.wasm2c`,args:[n,`-o`,o],timeoutMs:t});return l.ok?this.ok({outputDir:i,cFile:o,hFile:c,cSizeBytes:await this.tryStatSize(o),hSizeBytes:await this.tryStatSize(c),durationMs:l.durationMs}):this.fail(l.stderr,l.exitCode??void 0)}},j=class extends D{async handleWasmOfflineRun(e){let t=u(e,`inputPath`),n=u(e,`functionName`),r=c(e,`args`),i=s(e,`runtime`,`auto`),a=l(e,`timeoutMs`,1e4),o;if(i===`auto`){let e=await this.state.runner.probeAll();if(e[`runtime.wasmtime`]?.available)o=`runtime.wasmtime`;else if(e[`runtime.wasmer`]?.available)o=`runtime.wasmer`;else return this.fail(`No WASM runtime found. Install wasmtime or wasmer.`)}else o=i===`wasmer`?`runtime.wasmer`:`runtime.wasmtime`;let d=o===`runtime.wasmtime`?[`run`,`--invoke`,n,t,...r]:[`run`,t,`--invoke`,n,`--`,...r],f=await this.state.runner.run({tool:o,args:d,timeoutMs:a});return this.ok({runtime:o,functionName:n,args:r,output:f.stdout.trim(),stderr:f.stderr.trim()||void 0,exitCode:f.exitCode,durationMs:f.durationMs,success:f.ok})}async handleWasmOptimize(t){let n=u(t,`inputPath`),r=s(t,`outputPath`),i=s(t,`level`,`O2`),a=await this.resolveArtifactOutputPath({outputPath:r,artifact:{category:`wasm`,toolName:`wasm-opt`,ext:`wasm`},pathMode:`absolute`}),o=await this.state.runner.run({tool:`binaryen.wasm-opt`,args:[`-${i}`,n,`-o`,a],timeoutMs:e});if(!o.ok)return this.fail(o.stderr,o.exitCode??void 0);let c=await this.tryStatSize(n),l=await this.tryStatSize(a);return this.ok({artifactPath:a,optimizationLevel:i,inputSizeBytes:c,outputSizeBytes:l,reductionPercent:c>0?((1-l/c)*100).toFixed(1):`0`,durationMs:o.durationMs})}},M=class{conversion;runtime;analysis;constructor(e){this.conversion=new A(e),this.runtime=new j(e),this.analysis=new k(e)}handleWasmDisassemble(e){return this.conversion.handleWasmDisassemble(e)}handleWasmDecompile(e){return this.conversion.handleWasmDecompile(e)}handleWasmInspectSections(e){return this.conversion.handleWasmInspectSections(e)}handleWasmOfflineRun(e){return this.runtime.handleWasmOfflineRun(e)}handleWasmOptimize(e){return this.runtime.handleWasmOptimize(e)}handleWasmToC(e){return this.conversion.handleWasmToC(e)}handleWasmDetectObfuscation(e){return this.analysis.handleWasmDetectObfuscation(e)}handleWasmInstrumentTrace(e){return this.analysis.handleWasmInstrumentTrace(e)}},N=class{state;constructor(e){this.state=e}async handleWasmDump(e){let t=l(e,`moduleIndex`,0),n=s(e,`outputPath`),r=await this.state.collector.getActivePage(),i=await r.evaluate(e=>{let t=window.__aiHooks?.[`preset-webassembly-full`];if(!Array.isArray(t)||t.length===0)return{error:`No WASM modules captured. Ensure the webassembly-full hook preset is active and the page has loaded WASM.`};let n=t.filter(e=>e.type===`instantiated`);if(e>=n.length)return{error:`Module index ${e} out of range. Found ${n.length} instantiated modules.`};let r=n[e];return{exports:r.exports,importMods:r.importMods,size:r.size,moduleCount:n.length}},t);if(T(i))return{content:[{type:`text`,text:JSON.stringify({success:!1,error:i.error})}]};let a=await r.evaluate(e=>{let t=window.__wasmModuleStorage;if(!t?.[e])return null;let n=t[e];return Array.from(new Uint8Array(n))},t),c,u;if(a){let e=Buffer.from(a);if(u=g(`sha256`).update(e).digest(`hex`).substring(0,16),n){let t=E(n);await C(t,e),c=t}else{let{absolutePath:t,displayPath:n}=await o({category:`wasm`,toolName:`wasm-dump`,target:u,ext:`wasm`});await C(t,e),c=n}}else c=`(binary not available — hook did not store raw bytes)`;return{content:[{type:`text`,text:JSON.stringify({success:!0,artifactPath:c,hash:u,size:i.size,exports:i.exports,importModules:i.importMods,totalModules:i.moduleCount,hint:a?`Use wasm_disassemble or wasm_decompile on the dumped file for further analysis.`:`Binary not captured. Inject hook_preset("webassembly-full") BEFORE page navigation, with window.__wasmModuleStorage patching.`},null,2)}]}}async handleWasmVmpTrace(e){let t=l(e,`maxEvents`,5e3),n=s(e,`filterModule`),r=await(await this.state.collector.getActivePage()).evaluate(e=>{let t=window.__aiHooks?.[`preset-webassembly-full`];if(!Array.isArray(t)||t.length===0)return{error:`No WASM hook data. Inject hook_preset("webassembly-full") and reload the page.`};let n=t.filter(e=>e.type===`import_call`);e.filterModule&&(n=n.filter(t=>t.mod===e.filterModule));let r=n.slice(0,e.maxEvents),i={};for(let e of r){let t=`${String(e.mod)}.${String(e.fn)}`;i[t]=(i[t]||0)+1}let a=Object.entries(i).toSorted((e,t)=>t[1]-e[1]).slice(0,30).map(([e,t])=>({name:e,count:t}));return{totalEvents:n.length,capturedEvents:r.length,topFunctions:a,trace:r.slice(0,200).map(e=>({mod:e.mod,fn:e.fn,args:e.args,ts:e.ts}))}},{maxEvents:t,filterModule:n});return T(r)?{content:[{type:`text`,text:JSON.stringify({success:!1,error:r.error})}]}:{content:[{type:`text`,text:JSON.stringify({success:!0,...r,hint:`Top functions show VMP handler dispatch patterns. Use wasm_disassemble to analyze their implementation.`},null,2)}]}}async handleWasmMemoryInspect(e){let t=l(e,`offset`,0),n=Math.min(l(e,`length`,256),65536),r=s(e,`format`,`both`),i=s(e,`searchPattern`),a=await(await this.state.collector.getActivePage()).evaluate(e=>{let t=window,n=t.__aiHooks?.[`preset-webassembly-full`],r=(Array.isArray(n)?n:[]).filter(e=>e.type===`memory_created`),i=t.__wasmInstances;if(!Array.isArray(i)||i.length===0)return{error:`No WASM memory available. Ensure the webassembly-full hook is active and a WASM module is instantiated.`};try{let t=i[0].exports?.memory;if(!t?.buffer)return{error:`WASM module has no exported memory.`};let n=new Uint8Array(t.buffer),a=Array.from(n.slice(e.offset,e.offset+e.length)),o;if(e.searchPattern){o=[];let t=e.searchPattern;if(/^[0-9a-fA-F\s]+$/.test(t)){let r=t.replace(/\s/g,``).match(/.{2}/g)?.map(e=>parseInt(e,16))||[];for(let t=e.offset;t<=Math.min(e.offset+e.length-r.length,n.length-r.length);t++){let e=!0;for(let i=0;i<r.length;i++)if(n[t+i]!==r[i]){e=!1;break}e&&o.push({offset:t})}}else{let r=new TextEncoder().encode(t);for(let t=e.offset;t<=Math.min(e.offset+e.length-r.length,n.length-r.length);t++){let e=!0;for(let i=0;i<r.length;i++)if(n[t+i]!==r[i]){e=!1;break}e&&o.push({offset:t})}}}return{totalMemoryPages:t.buffer.byteLength/65536,totalMemoryBytes:t.buffer.byteLength,requestedOffset:e.offset,requestedLength:e.length,data:a,searchResults:o,memoryInfo:r[0]||null}}catch(e){return{error:`Failed to read WASM memory: ${e instanceof Error?e.message:String(e)}`}}},{offset:t,length:n,searchPattern:i});if(T(a))return{content:[{type:`text`,text:JSON.stringify({success:!1,error:a.error})}]};let o=a.data,c=``,u=``;if(r===`hex`||r===`both`)for(let e=0;e<o.length;e+=16){let n=o.slice(e,e+16),r=(t+e).toString(16).padStart(8,`0`),i=n.map(e=>e.toString(16).padStart(2,`0`)).join(` `),a=n.map(e=>e>=32&&e<127?String.fromCharCode(e):`.`).join(``);c+=`${r}  ${i.padEnd(48)}  |${a}|\n`}return r===`ascii`&&(u=o.map(e=>e>=32&&e<127?String.fromCharCode(e):`.`).join(``)),{content:[{type:`text`,text:JSON.stringify({success:!0,totalMemoryPages:a.totalMemoryPages,totalMemoryBytes:a.totalMemoryBytes,offset:t,length:o.length,hexDump:r===`ascii`?void 0:c,asciiDump:r===`ascii`?u:void 0,searchResults:a.searchResults},null,2)}]}}};function P(e,t,n,r,i,a,o){return{capability:e,status:n?`available`:`unavailable`,reason:r,fix:n?void 0:i,details:{tools:a,...o?.path?{path:o.path}:{},...o?.version?{version:o.version}:{},backend:t}}}var F=class{state;constructor(e){this.state=e}async handleWasmCapabilities(){let e=await this.state.runner.probeAll(),t=await this.getCurrentPageCapability(),n=e[`runtime.wasmtime`]?.available===!0||e[`runtime.wasmer`]?.available===!0;return m.raw(f(`wasm_capabilities`,[t,P(`wabt_wasm2wat`,`wabt.wasm2wat`,e[`wabt.wasm2wat`]?.available===!0,e[`wabt.wasm2wat`]?.reason,`Install WABT so wasm2wat is available on PATH.`,[`wasm_disassemble`],e[`wabt.wasm2wat`]),P(`wabt_wasm_decompile`,`wabt.wasm-decompile`,e[`wabt.wasm-decompile`]?.available===!0,e[`wabt.wasm-decompile`]?.reason,`Install WABT so wasm-decompile is available on PATH.`,[`wasm_decompile`],e[`wabt.wasm-decompile`]),P(`wabt_wasm_objdump`,`wabt.wasm-objdump`,e[`wabt.wasm-objdump`]?.available===!0,e[`wabt.wasm-objdump`]?.reason,`Install WABT so wasm-objdump is available on PATH.`,[`wasm_inspect_sections`],e[`wabt.wasm-objdump`]),P(`binaryen_wasm_opt`,`binaryen.wasm-opt`,e[`binaryen.wasm-opt`]?.available===!0,e[`binaryen.wasm-opt`]?.reason,`Install Binaryen so wasm-opt is available on PATH.`,[`wasm_optimize`],e[`binaryen.wasm-opt`]),{capability:`wasm_offline_runtime`,status:n?`available`:`unavailable`,reason:n?void 0:`No offline WASM runtime is available on PATH.`,fix:n?void 0:`Install wasmtime or wasmer to enable wasm_offline_run.`,details:{tools:[`wasm_offline_run`],runtimes:{wasmtime:e[`runtime.wasmtime`],wasmer:e[`runtime.wasmer`]},preferredRuntime:e[`runtime.wasmtime`]?.available?`runtime.wasmtime`:e[`runtime.wasmer`]?.available?`runtime.wasmer`:null}}]))}async getCurrentPageCapability(){let e;try{e=await this.state.collector.getActivePage()}catch(e){return{capability:`wasm_browser_capture_current_page`,status:`unknown`,reason:`Current page probe failed: ${e instanceof Error?e.message:String(e)}`,fix:`Attach or launch a browser page before using browser-backed WASM tools.`,details:{tools:[`wasm_dump`,`wasm_vmp_trace`,`wasm_memory_inspect`],pageAttached:!1}}}if(!e)return{capability:`wasm_browser_capture_current_page`,status:`unknown`,reason:`No active page is attached.`,fix:`Attach or launch a browser page before using browser-backed WASM tools.`,details:{tools:[`wasm_dump`,`wasm_vmp_trace`,`wasm_memory_inspect`],pageAttached:!1}};try{let t=await e.evaluate(()=>{let e=window,t=e.__aiHooks?.[`preset-webassembly-full`],n=Array.isArray(t)?t:[];return{url:location.href,hookEventCount:n.length,instantiatedCount:n.filter(e=>e.type===`instantiated`).length,importCallCount:n.filter(e=>e.type===`import_call`).length,memoryEventCount:n.filter(e=>e.type===`memory_created`).length,storageCount:Array.isArray(e.__wasmModuleStorage)?e.__wasmModuleStorage.length:0,instanceCount:Array.isArray(e.__wasmInstances)?e.__wasmInstances.length:0}}),n=t.instantiatedCount>0||t.memoryEventCount>0||t.storageCount>0||t.instanceCount>0;return{capability:`wasm_browser_capture_current_page`,status:n?`available`:`unavailable`,reason:n?void 0:`No captured WASM modules or exported memory are visible on the current page.`,fix:n?void 0:`Load a page that instantiates WASM. For dump/trace flows, inject hook_preset("webassembly-full") before navigation.`,details:{tools:[`wasm_dump`,`wasm_vmp_trace`,`wasm_memory_inspect`],pageAttached:!0,...t}}}catch(e){return{capability:`wasm_browser_capture_current_page`,status:`unknown`,reason:`Current page probe failed: ${e instanceof Error?e.message:String(e)}`,fix:`Ensure an attached page is still reachable before using browser-backed WASM tools.`,details:{tools:[`wasm_dump`,`wasm_vmp_trace`,`wasm_memory_inspect`],pageAttached:!0}}}}},I=class{state;externalTools;browser;capabilities;constructor(e){let t=new a(new p);this.state={collector:e,runner:t},this.externalTools=new M(this.state),this.browser=new N(this.state),this.capabilities=new F(this.state)}handleWasmCapabilities(){return this.capabilities.handleWasmCapabilities()}handleWasmDump(e){return this.browser.handleWasmDump(e)}handleWasmDisassemble(e){return this.externalTools.handleWasmDisassemble(e)}handleWasmDecompile(e){return this.externalTools.handleWasmDecompile(e)}handleWasmInspectSections(e){return this.externalTools.handleWasmInspectSections(e)}handleWasmOfflineRun(e){return this.externalTools.handleWasmOfflineRun(e)}handleWasmOptimize(e){return this.externalTools.handleWasmOptimize(e)}handleWasmVmpTrace(e){return this.browser.handleWasmVmpTrace(e)}handleWasmMemoryInspect(e){return this.browser.handleWasmMemoryInspect(e)}handleWasmToC(e){return this.externalTools.handleWasmToC(e)}handleWasmDetectObfuscation(e){return this.externalTools.handleWasmDetectObfuscation(e)}handleWasmInstrumentTrace(e){return this.externalTools.handleWasmInstrumentTrace(e)}};export{I as WasmToolHandlers};

package/dist/webcrack-CsLLJIs9.mjs ADDED Viewed

@@ -0,0 +1,46 @@
+import{t as e}from"./logger-sBC6IdRT.mjs";import{Cn as t,Tn as n,_t as r,gt as i,wn as a,xn as o}from"./constants-Cp6hBrrx.mjs";import{t as s}from"./ProcessRegistry-Hf12LlR9.mjs";import{n as c}from"./concurrency-CcK46d0h.mjs";import l from"node:path";import{readdir as u,rm as d,stat as f}from"node:fs/promises";import*as p from"@babel/parser";import m from"@babel/traverse";import*as h from"@babel/types";import g from"@babel/generator";import{Worker as _}from"node:worker_threads";var v=class{async execute(e){return c(()=>this.executeInternal(e))}executeInternal(r){let i=r.timeoutMs??o,c=r.memoryLimitMB??t,l=Date.now();return new Promise(t=>{let o=!1,u=setTimeout(()=>{o||(f.terminate(),e.warn(`[ExecutionSandbox] Worker terminated after ${i+n}ms`),p({ok:!1,error:`Execution timed out (worker terminated)`,timedOut:!0}))},i+n),d={eval:!0,workerData:{code:r.code,timeoutMs:i},resourceLimits:{maxOldGenerationSizeMb:c,maxYoungGenerationSizeMb:Math.ceil(c/4),stackSizeMb:a}};d.type=`module`;let f=new _(`
+import { workerData, parentPort } from 'node:worker_threads';
+import * as vm from 'node:vm';
+const { code, timeoutMs } = workerData;
+try {
+  // Create an isolated context with minimal globals
+  const sandbox = {
+    // Safe built-ins only
+    parseInt, parseFloat, isNaN, isFinite,
+    encodeURIComponent, decodeURIComponent,
+    encodeURI, decodeURI,
+    JSON: { parse: JSON.parse, stringify: JSON.stringify },
+    Math,
+    String, Number, Boolean, Array, Object, Map, Set,
+    Date, RegExp, Error, TypeError, RangeError,
+    Promise,
+    Symbol,
+    undefined,
+    NaN,
+    Infinity,
+    // Explicitly denied: require, process, __filename, __dirname, Buffer, setTimeout, setInterval, fetch
+  };
+  const context = vm.createContext(sandbox, {
+    name: 'jshook-sandbox',
+    codeGeneration: { strings: false, wasm: false },
+  });
+  const script = new vm.Script(code, {
+    filename: 'sandbox-eval.js',
+    timeout: timeoutMs,
+  });
+  const result = script.runInContext(context, { timeout: timeoutMs });
+  parentPort.postMessage({ ok: true, output: result });
+} catch (err) {
+  parentPort.postMessage({
+    ok: false,
+    error: err.message || String(err),
+    timedOut: err.code === 'ERR_SCRIPT_EXECUTION_TIMEOUT',
+  });
+}
+`,d);typeof f.unref==`function`&&f.unref(),s.register(f);let p=e=>{o||(o=!0,u&&clearTimeout(u),t({...e,durationMs:Date.now()-l}))};f.on(`message`,e=>{p({ok:e.ok,output:e.output,error:e.error,timedOut:e.timedOut||!1}),f.terminate()}),f.on(`error`,e=>{p({ok:!1,error:`Worker error: ${e.message}`,timedOut:!1})}),f.on(`exit`,e=>{o||p({ok:!1,error:`Worker exited unexpectedly with code ${e}`,timedOut:!1})})})}};async function y(e,t,n,r){let i=[],a=[];return n===`obfuscator.io`?b(e,t,r,i,a):n===`jsfuck`?x(e,t,i):n===`jjencode`?S(e,t,i):C(e,t,r,i,a)}async function b(t,n,r,i,a){let o=n,s=.5;try{let c=n.match(/var\s+(_0x[a-f0-9]+)\s*=\s*(\[.*?\]);/s);if(c){let n=c[1],r=c[2];e.info(` : ${n}`);try{let i=await t.sandbox.execute({code:`return ${r||`[]`};`,timeoutMs:3e3}),a=i.ok?i.output:void 0;if(Array.isArray(a)){e.info(`String array detected, ${a.length} strings found`);let t=RegExp(`${n}\\[(\\d+)\\]`,`g`);o=o.replace(t,(e,t)=>{let n=parseInt(t,10);return n<a.length?JSON.stringify(a[n]):e}),s+=.2}}catch(e){i.push(`: ${e}`),a.push({location:`String Array`,reason:``,suggestion:``})}}return o=o.replace(/\(function\s*\(_0x[a-f0-9]+,\s*_0x[a-f0-9]+\)\s*\{[\s\S]*?\}\(_0x[a-f0-9]+,\s*0x[a-f0-9]+\)\);?/g,``),r&&(o=o.replace(/\(function\s*\(\)\s*\{([\s\S]*)\}\(\)\);?/g,`$1`),s+=.1),o=o.replace(/0x([0-9a-f]+)/gi,(e,t)=>String(parseInt(t,16))),o=o.replace(/;\s*;/g,`;`),o=o.replace(/\{\s*\}/g,`{}`),i.push(`obfuscator.io detected, may need special handling`),{code:o,confidence:Math.min(s,1),warnings:i,unresolvedParts:a.length>0?a:void 0}}catch(e){return i.push(`obfuscator.io: ${e}`),{code:n,confidence:.2,warnings:i,unresolvedParts:a}}}async function x(t,n,r){try{e.info(`JSFuck detected, attempting deobfuscation...`);try{if(n.length>1e5)return r.push(`JSFuck code detected, file too large to process directly.`),r.push(`Consider using an online JSFuck decoder tool.`),{code:n,confidence:.1,warnings:r};let i=await t.sandbox.execute({code:`return ${n};`,timeoutMs:5e3}),a=i.ok?i.output:void 0;return typeof a==`string`?(e.info(` JSFuck`),{code:a,confidence:.9,warnings:[`JSFuck`]}):(r.push(`JSFuck`),{code:n,confidence:.2,warnings:r})}catch(e){return r.push(`JSFuck: ${e}`),r.push(`Consider using an online JSFuck decoder tool.`),{code:n,confidence:.1,warnings:r}}}catch(e){return r.push(`JSFuck: ${e}`),{code:n,confidence:.1,warnings:r}}}async function S(t,n,r){try{e.info(`JJEncode detected, attempting deobfuscation...`);try{let i=n.split(`
+`).filter(e=>e.trim());if((i.length>0?i[i.length-1]:``)?.includes(`$$$$`)){let r=await t.sandbox.execute({code:`${n}; return $$$$()`,timeoutMs:5e3}),i=r.ok?r.output:void 0;if(typeof i==`string`)return e.info(` JJEncode`),{code:i,confidence:.9,warnings:[`JJEncode`]}}let a=await t.sandbox.execute({code:n,timeoutMs:5e3});return a.ok||e.warn(`JJEncode sandbox execution failed:`,a.error),r.push(`JJEncode deobfuscation may be incomplete`),r.push(`Result may still contain JJEncode fragments`),{code:n,confidence:.2,warnings:r}}catch(e){return r.push(`JJEncode: ${e}`),r.push(`Result may contain evaluation artifacts`),{code:n,confidence:.1,warnings:r}}}catch(e){return r.push(`JJEncode: ${e}`),{code:n,confidence:.1,warnings:r}}}async function C(e,t,n,r,i){return r.push(`AI-assisted deobfuscation removed, using fallback directly.`),w(t,n,r,i)}function w(e,t,n,r){let i=e,a=.3;try{return i=i.replace(/if\s*\([^)]*\)\s*\{\s*\}/g,``),i=i.replace(/!!\s*\(/g,`Boolean(`),i=i.replace(/""\s*\+\s*/g,``),t&&(i=i.replace(/debugger;?/g,``),a+=.1,i=i.replace(/\?\s*([^:]+)\s*:\s*\1/g,`$1`),a+=.05),n.push(`Analysis incomplete, partial results may be returned`),n.push(`For better results, configure an LLM API key`),r.push({location:`Custom VM`,reason:`VM`,suggestion:`VM protection detected, LLM-assisted analysis recommended`}),{code:i,confidence:a,warnings:n,unresolvedParts:r.length>0?r:void 0}}catch(t){return n.push(`: ${t}`),{code:e,confidence:.1,warnings:n,unresolvedParts:r}}}var T=class{sandbox=new v;async deobfuscate(t){let n=Date.now(),{code:a,aggressive:o=!1,extractInstructions:s=!1,timeout:c=i,maxIterations:l=r}=t;e.info(` JSVMP...`);try{let t=this.detectJSVMP(a);if(!t)return e.info(`JSVMP`),{isJSVMP:!1,deobfuscatedCode:a,confidence:0,warnings:[`JSVMP`]};e.info(`JSVMP analysis complete, complexity: ${t.complexity}`),e.info(` : ${t.instructionCount}`);let r=this.identifyVMType(a,t);e.info(` : ${r}`);let i;s&&(e.info(` ...`),i=this.extractInstructions(a,t),e.info(`  ${i.length} `)),e.info(` ...`);let u=await this.restoreCode(a,t,r,o,c,l),d=Date.now()-n,f={isJSVMP:!0,vmType:r,vmFeatures:t,instructions:i,deobfuscatedCode:u.code,confidence:u.confidence,warnings:u.warnings,unresolvedParts:u.unresolvedParts,stats:{originalSize:a.length,deobfuscatedSize:u.code.length,reductionRate:1-u.code.length/a.length,processingTime:d}};return e.info(`JSVMP deobfuscation complete in ${d}ms`),e.info(` : ${(f.confidence*100).toFixed(1)}%`),f}catch(t){return e.error(`JSVMP`,t),{isJSVMP:!1,deobfuscatedCode:a,confidence:0,warnings:[`: ${t}`]}}}detectJSVMP(t){try{let n=p.parse(t,{sourceType:`unambiguous`,plugins:[`jsx`,`typescript`],errorRecovery:!0}),r=!1,i=!1,a=!1,o=0,s=``,c=0,l=!1,u=!1,d=!1,f=!1;if(m(n,{SwitchStatement(e){let t=e.node.cases.length;t>10&&(r=!0,t>c&&(c=t,o=t,s=`Line ${e.node.loc?.start.line||0}`))},ArrayExpression(e){e.node.elements.length>50&&(i=!0)},UpdateExpression(e){if(e.node.operator===`++`||e.node.operator===`--`){let t=e.node.argument;h.isIdentifier(t)&&t.name.length<=3&&(a=!0)}},CallExpression(e){if(h.isIdentifier(e.node.callee,{name:`parseInt`})&&e.node.arguments.length>=2){let t=e.node.arguments[0];h.isBinaryExpression(t)&&t.operator===`+`&&(f=!0,l=!0)}h.isMemberExpression(e.node.callee)&&h.isIdentifier(e.node.callee.property,{name:`apply`})&&(u=!0)},WhileStatement(e){(h.isBooleanLiteral(e.node.test,{value:!0})||h.isNumericLiteral(e.node.test,{value:1}))&&(d=!0)},ForStatement(e){e.node.test||(d=!0)}}),r&&(i||a)&&(u||d||f)){let t=o>100?`high`:o>50?`medium`:`low`;return e.info(` JSVMP:`),e.info(`  - Switch: ${r} (${c} cases)`),e.info(`  - : ${i}`),e.info(`  - : ${a}`),e.info(`  - : ${l}`),e.info(`  - Apply: ${u}`),e.info(`  - : ${d}`),e.info(`  - : ${f}`),{instructionCount:o,interpreterLocation:s,complexity:t,hasSwitch:r,hasInstructionArray:i,hasProgramCounter:a}}return null}catch(n){return e.warn(`JSVMP analysis failed`,n),this.detectJSVMPWithRegex(t)}}detectJSVMPWithRegex(t){let n=(t.match(/switch\s*\(/g)?.length||0)>0,r=/parseInt\s*\(\s*["']?\s*\+\s*\w+\[/g.test(t),i=/\.apply\s*\(/g.test(t),a=/while\s*\(\s*(true|1)\s*\)/g.test(t);return n&&(r||i||a)?(e.info(` JSVMP`),{instructionCount:0,interpreterLocation:`Unknown`,complexity:`medium`,hasSwitch:!0,hasInstructionArray:r,hasProgramCounter:i}):null}identifyVMType(e,t){return e.includes(`_0x`)&&e.includes(`function(_0x`)?`obfuscator.io`:/^\s*\[\s*\]\s*\[\s*\(/.test(e)?`jsfuck`:e.includes(`$=~[];`)?`jjencode`:`custom`}extractInstructions(t,n){let r=[];try{m(p.parse(t,{sourceType:`unambiguous`,plugins:[`jsx`,`typescript`]}),{SwitchStatement:e=>{e.node.cases.length===n.instructionCount&&e.node.cases.forEach((e,t)=>{let n=e.test&&(h.isNumericLiteral(e.test)||h.isStringLiteral(e.test))?e.test.value:t,i=this.inferInstructionType(e);r.push({opcode:n,name:`INST_${n}`,type:i,description:`Instruction ${n}`})})}})}catch(t){e.warn(``,t)}return r}inferInstructionType(e){let t=g(e).code,n=e.consequent,r=!1,i=!1,a=!1,o=!1,s=!1;for(let e of n){if(h.isExpressionStatement(e)){let t=e.expression;h.isAssignmentExpression(t)&&(r=!0),h.isMemberExpression(t)&&h.isNumericLiteral(t.property)&&(i=!0),h.isCallExpression(t)&&(a=!0),h.isBinaryExpression(t)&&[`+`,`-`,`*`,`/`,`%`,`**`].includes(t.operator)&&(o=!0)}(h.isIfStatement(e)||h.isWhileStatement(e)||h.isBreakStatement(e)||h.isContinueStatement(e)||h.isReturnStatement(e))&&(s=!0)}return(t.includes(`push`)||t.includes(`.push(`))&&(i||t.includes(`[`))?`load`:r&&!o&&!a?`store`:o||t.match(/[+\-*/%]/)?`arithmetic`:s||t.includes(`break`)||t.includes(`continue`)?`control`:a||t.includes(`.apply(`)||t.includes(`.call(`)?`call`:`unknown`}async restoreCode(e,t,n,r,i,a){return this.restoreCustomVMBasic,y({sandbox:this.sandbox},e,n,r)}restoreCustomVMBasic(e,t,n,r){return w(e,t,n,r)}};const E={jsx:!0,mangle:!1,unminify:!0,unpack:!0};function D(e){return{jsx:e.jsx??E.jsx,mangle:e.mangle??E.mangle,unminify:e.unminify??E.unminify,unpack:e.unpack??E.unpack}}function O(){let[e=`0`,t=`0`]=process.versions.node.split(`.`),n=Number.parseInt(e,10),r=Number.parseInt(t,10);return!Number.isFinite(n)||!Number.isFinite(r)?!1:n===22?r>=12:n===24}function k(e,t){let n=t.target===`path`?e.path:e.code,r=t.matchType??`includes`;if(r===`exact`)return n===t.pattern;if(r===`regex`)try{return new RegExp(t.pattern,`m`).test(n)}catch{return!1}return n.includes(t.pattern)}function A(e,t){let n=new Map;if(!t||t.length===0)return n;for(let r of e.modules.values())for(let e of t)if(!(!e.path||!e.pattern)&&k(r,e)){r.path!==e.path&&(n.set(r.id,{fromPath:r.path}),r.path=e.path);break}return n}function j(e,t,n){let r=t.maxBundleModules??100,i=Array.from(e.modules.values()).toSorted((e,t)=>e.isEntry===t.isEntry?e.path.localeCompare(t.path):e.isEntry?-1:1).slice(0,r).map(e=>({id:e.id,path:e.path,isEntry:e.isEntry,size:e.code.length,code:t.includeModuleCode?e.code:void 0,mappedPathFrom:n.get(e.id)?.fromPath}));return{type:e.type,entryId:e.entryId,moduleCount:e.modules.size,truncated:e.modules.size>r,mappingsApplied:n.size,modules:i}}async function M(e,t=e){let n=await u(t,{withFileTypes:!0}),r=[];for(let i of n){let n=l.join(t,i.name);if(i.isDirectory()){r.push(...await M(e,n));continue}if(!i.isFile())continue;let a=await f(n);r.push({path:l.relative(e,n).replace(/\\/g,`/`),size:a.size,type:`file`})}return r.toSorted((e,t)=>e.path.localeCompare(t.path))}async function N(t,n){let r=D(n);if(!O()){let n=`webcrack requires Node.js 22.12+ or 24.x; current runtime is ${process.versions.node}`;return e.warn(n),{applied:!1,code:t,optionsUsed:r,reason:n}}try{let{webcrack:e}=await import(`webcrack`),i=await e(t,{jsx:r.jsx,unpack:r.unpack,deobfuscate:!0,unminify:r.unminify,mangle:r.mangle}),a=i.bundle?A(i.bundle,n.mappings):new Map,o,s;if(typeof n.outputDir==`string`&&n.outputDir.trim().length>0){o=l.resolve(n.outputDir);let e=process.cwd(),t=l.relative(e,o);if(l.isAbsolute(t)||t.startsWith(`..`)||o===`/`||o===l.parse(o).root)throw Error(`outputDir must resolve to a path within the project root. Got: ${o}`);n.forceOutput&&await d(o,{recursive:!0,force:!0}),await i.save(o),s=await M(o)}return{applied:!0,code:i.code,bundle:i.bundle?j(i.bundle,{includeModuleCode:n.includeModuleCode,maxBundleModules:n.maxBundleModules},a):void 0,savedTo:o,savedArtifacts:s,optionsUsed:r}}catch(n){let i=n instanceof Error?n.message:String(n);return e.warn(`webcrack execution failed, falling back to legacy pipeline`,n),{applied:!1,code:t,optionsUsed:r,reason:i}}}export{T as n,N as t};

package/dist/workflow-CYIXtrWD.mjs ADDED Viewed

@@ -0,0 +1,101 @@
+import{t as e}from"./logger-sBC6IdRT.mjs";import{Jr as t,Kr as n,Xr as r,Yr as i,qr as a}from"./constants-Cp6hBrrx.mjs";import{a as o,i as s,r as c,t as l}from"./parse-args-Cuk7-xUt.mjs";import{a as u,s as d}from"./ssrf-policy-T96MR3r6.mjs";import{t as f}from"./ResponseBuilder-B2lu4KEl.mjs";import"./definitions-DtE0XLrT.mjs";import{BlockList as p,isIP as m}from"node:net";import{lookup as h}from"node:dns/promises";const g=[{name:`auth_extract`,description:`Extract auth tokens from localStorage and cookies`,code:`(function(){
+  var keys=['token','active_token','access_token','jwt','auth_token','userRole','id_token','refresh_token'];
+  var r={};
+  for(var i=0;i<keys.length;i++){var v=localStorage.getItem(keys[i]);if(v)r[keys[i]]=v;}
+  r._cookies=document.cookie;
+  return r;
+})()`},{name:`bundle_search`,description:`Fetch a remote JS bundle and search it with regex patterns. params: { url: string, patterns: string[] }`,code:`(async function(){
+  var p=typeof __params__!=='undefined'?__params__:{};
+  if(!p.url)return{error:'params.url required'};
+  var resp=await fetch(p.url);
+  var text=await resp.text();
+  var patterns=p.patterns||[];
+  var results={};
+  for(var i=0;i<patterns.length;i++){
+    var re=new RegExp(patterns[i],'g');
+    var matches=[];var m;
+    while((m=re.exec(text))!==null){
+      var s=Math.max(0,m.index-80),e=Math.min(text.length,m.index+m[0].length+80);
+      matches.push({match:m[0],ctx:text.slice(s,e)});
+      if(matches.length>=10)break;
+    }
+    results[patterns[i]]=matches;
+  }
+  return{size:text.length,results:results};
+})()`},{name:`react_fill_form`,description:`Fill React controlled form inputs using native setter trick. params: { fields: { "selector": "value" } }`,code:`(function(){
+  var p=typeof __params__!=='undefined'?__params__:{};
+  var fields=p.fields||{};
+  var ns=Object.getOwnPropertyDescriptor(window.HTMLInputElement.prototype,'value').set;
+  var r={};
+  var entries=Object.entries(fields);
+  for(var i=0;i<entries.length;i++){
+    var sel=entries[i][0],val=entries[i][1];
+    var el=document.querySelector(sel);
+    if(!el){r[sel]='not found';continue;}
+    ns.call(el,val);
+    el.dispatchEvent(new Event('input',{bubbles:true}));
+    el.dispatchEvent(new Event('change',{bubbles:true}));
+    r[sel]='filled';
+  }
+  return r;
+})()`},{name:`dom_find_upgrade_buttons`,description:`Scan the current page for upgrade/subscription/tier-related UI elements`,code:`(function(){
+  var kw=['upgrade','plus','pro','premium','subscribe','plan','tier','vip','membership'];
+  var r=[];
+  document.querySelectorAll('button,a,[role=button],[class*=upgrade],[class*=premium],[class*=plus]').forEach(function(el){
+    var t=(el.textContent||'').toLowerCase().trim();
+    var c=(el.className||'').toLowerCase();
+    if(kw.some(function(k){return t.includes(k)||c.includes(k);})){
+      r.push({tag:el.tagName,text:t.slice(0,120),cls:c.slice(0,100),href:el.href||null,id:el.id||null});
+    }
+  });
+  return r;
+})()`}];function _(e){let t={deps:e,scriptRegistry:new Map,bundleCache:new Map,bundleCacheBytes:0};return y(t.scriptRegistry),t}const v={BUNDLE_CACHE_TTL_MS:a,MAX_SCRIPTS:100,MAX_BUNDLE_CACHE:50,MAX_BUNDLE_CACHE_BYTES:n};function y(e){for(let t of g)e.set(t.name,{code:t.code,description:t.description,source:`core`,protectedFromEviction:!0})}function b(e){let t=Date.now();for(let[n,r]of e.bundleCache)t-r.cachedAt>=v.BUNDLE_CACHE_TTL_MS&&(e.bundleCacheBytes-=r.text.length,e.bundleCache.delete(n));for(;e.bundleCache.size>=v.MAX_BUNDLE_CACHE||e.bundleCacheBytes>v.MAX_BUNDLE_CACHE_BYTES;){let t=e.bundleCache.keys().next().value;if(t!==void 0){let n=e.bundleCache.get(t);n&&(e.bundleCacheBytes-=n.text.length),e.bundleCache.delete(t)}else break}}function x(e){return e.replace(/[<>/\u2028\u2029]/g,e=>{switch(e){case`<`:return`\\u003C`;case`>`:return`\\u003E`;case`/`:return`\\u002F`;case`\u2028`:return`\\u2028`;case`\u2029`:return`\\u2029`;default:return e}})}function S(e){return typeof e==`string`?e:void 0}function C(e){if(!(typeof e!=`object`||!e||Array.isArray(e)))return e}function w(e){return f.raw(e)}var T=class{state;constructor(e){this.state=e}async handlePageScriptRegister(e){let t=S(e.name),n=S(e.code),r=S(e.description)??``;if(!t||!n)return w({success:!1,error:`name and code are required`});let i=this.state.scriptRegistry.has(t);if(!i&&this.state.scriptRegistry.size>=v.MAX_SCRIPTS){for(let[e,t]of this.state.scriptRegistry)if(!t.protectedFromEviction){this.state.scriptRegistry.delete(e);break}}let a=this.state.scriptRegistry.get(t);return this.state.scriptRegistry.set(t,{code:n,description:r,source:a?.source??`user`,protectedFromEviction:a?.protectedFromEviction??!1}),w({success:!0,action:i?`updated`:`registered`,name:t,description:r,totalScripts:this.state.scriptRegistry.size,available:Array.from(this.state.scriptRegistry.keys())})}async handlePageScriptRun(t){let n=S(t.name),r=C(t.params),i=n?this.state.scriptRegistry.get(n):void 0;if(!i){let e=Array.from(this.state.scriptRegistry.keys());return w({success:!1,error:`Script "${n}" not found`,available:e})}let a;a=r===void 0?i.code:`(function(){const __params__=JSON.parse(${x(JSON.stringify(JSON.stringify(r)))});return(${i.code});})()`;try{return await this.state.deps.browserHandlers.handlePageEvaluate({code:a})}catch(t){return e.error(`[page_script_run] Script "${n}" failed:`,t),w({success:!1,script:n,error:t instanceof Error?t.message:String(t)})}}async handleListExtensionWorkflows(){let e=this.state.deps.serverContext;if(!e)return w({success:!1,error:`Extension workflow runtime is unavailable in this handler context`});let{ensureWorkflowsLoaded:t}=await import(`./ExtensionManager-erMpqcLk.mjs`).then(e=>e.t);await t(e);let n=[...e.extensionWorkflowsById.values()].filter(e=>e.route?.kind!==`preset`);n.sort((e,t)=>e.id.localeCompare(t.id));let r=n.map(e=>({id:e.id,displayName:e.displayName,description:e.description,tags:e.tags,timeoutMs:e.timeoutMs,defaultMaxConcurrency:e.defaultMaxConcurrency,source:e.source,route:e.route?{kind:e.route.kind,priority:e.route.priority,requiredDomains:e.route.requiredDomains,triggerPatterns:e.route.triggerPatterns.map(e=>e.source),steps:e.route.steps}:void 0}));return w({success:!0,count:r.length,workflows:r})}async handleRunExtensionWorkflow(t){let n=this.state.deps.serverContext;if(!n)return w({success:!1,error:`Extension workflow runtime is unavailable in this handler context`});let r=S(t.workflowId)??S(t.id);if(!r)return w({success:!1,error:`workflowId is required`});let{ensureWorkflowsLoaded:i}=await import(`./ExtensionManager-erMpqcLk.mjs`).then(e=>e.t);await i(n);let a=n.extensionWorkflowRuntimeById.get(r);if(!a){let e=[...n.extensionWorkflowsById.values()].filter(e=>e.route?.kind!==`preset`).map(e=>e.id);return e.sort((e,t)=>e.localeCompare(t)),w({success:!1,error:`Extension workflow "${r}" not found`,available:e})}if(a.route?.kind===`preset`)return w({success:!1,workflowId:r,error:`Extension workflow "${r}" is a routing preset and cannot be executed directly. Use route_tool or the suggested preset steps instead.`});let o=S(t.profile),l=C(t.config),u=s(t,`nodeInputOverrides`),d=c(t,`timeoutMs`);try{let{executeExtensionWorkflow:e}=await import(`./WorkflowEngine-CxEp2WXH.mjs`).then(e=>e.t);return w({success:!0,...await e(n,a.workflow,{profile:o,config:l,nodeInputOverrides:u,timeoutMs:d})})}catch(t){return e.error(`[run_extension_workflow] Workflow "${r}" failed:`,t),w({success:!1,workflowId:r,error:t instanceof Error?t.message:String(t)})}}};function E(e){return e.trim().replace(/^\[|\]$/g,``).toLowerCase()}function D(e){if(e===void 0)return[];let t=typeof e==`string`?(()=>{try{return JSON.parse(e)}catch{return null}})():e;if(!Array.isArray(t))return null;let n=t.filter(e=>typeof e==`string`);return n.length===t.length?n.map(e=>e.trim()).filter(e=>e.length>0):null}function O(e){let t=e.trim(),n=t.includes(`://`)?t:`http://${t}`;try{let e=new URL(n);return e.port.length>0?{scope:`host`,value:e.host.toLowerCase()}:{scope:`hostname`,value:E(e.hostname)}}catch{return{scope:`hostname`,value:E(t)}}}function k(e,t){return e===void 0?{ok:!0,value:!1}:typeof e==`boolean`?{ok:!0,value:e}:{ok:!1,error:`${t} must be a boolean when provided`}}function A(e){let t=e.networkPolicy;if(t===void 0)return{policy:{allowPrivateNetwork:!1,allowInsecureHttp:!1,allowedHosts:[],allowedRedirectHosts:[],allowedCidrs:[],allowedCidrBlockList:new p}};let n=typeof t==`string`?(()=>{try{return JSON.parse(t)}catch{return null}})():t;if(!n||typeof n!=`object`||Array.isArray(n))return{error:`networkPolicy must be an object or valid JSON object string`};let r=n,i=k(r.allowPrivateNetwork,`networkPolicy.allowPrivateNetwork`);if(!i.ok)return{error:i.error};let a=k(r.allowInsecureHttp,`networkPolicy.allowInsecureHttp`);if(!a.ok)return{error:a.error};let o=D(r.allowedHosts);if(o===null)return{error:`networkPolicy.allowedHosts must be an array of strings`};let s=D(r.allowedRedirectHosts);if(s===null)return{error:`networkPolicy.allowedRedirectHosts must be an array of strings`};let c=D(r.allowedCidrs);if(c===null)return{error:`networkPolicy.allowedCidrs must be an array of strings`};let l=new p;for(let e of c){let[t,n]=e.split(`/`);if(!t||!n)return{error:`Invalid CIDR in networkPolicy.allowedCidrs: "${e}"`};let r=m(t);if(r===0)return{error:`Invalid CIDR base address in networkPolicy.allowedCidrs: "${e}"`};let i=Number(n),a=r===4?32:128;if(!Number.isInteger(i)||i<0||i>a)return{error:`Invalid CIDR prefix in networkPolicy.allowedCidrs: "${e}"`};l.addSubnet(t,i,r===4?`ipv4`:`ipv6`)}return{policy:{allowPrivateNetwork:i.value,allowInsecureHttp:a.value,allowedHosts:o.map(O),allowedRedirectHosts:s.map(O),allowedCidrs:c,allowedCidrBlockList:l}}}async function j(e,t,n){let r;try{r=new URL(e)}catch{throw Error(`Invalid ${n.label}: ${e}`)}if(r.protocol!==`http:`&&r.protocol!==`https:`)throw Error(`Unsupported protocol for ${n.label}: ${r.protocol} — only http/https allowed`);let i=E(r.hostname),a=r.host.toLowerCase(),o=m(i),s=o===0?await h(i).then(e=>e.address).catch(t=>{throw Error(`DNS resolution failed for "${e}"`,{cause:t})}):i,c=m(s),l=c!==0&&t.allowedCidrs.length>0&&t.allowedCidrBlockList.check(s,c===4?`ipv4`:`ipv6`),f=n.allowRedirectHosts&&t.allowedRedirectHosts.length>0?t.allowedRedirectHosts:t.allowedHosts,p=f.some(e=>e.scope===`host`?e.value===a:e.value===i),g=f.length>0||t.allowedCidrs.length>0,_=!g||p||l;if(d(i)||d(s)){if(!t.allowPrivateNetwork)throw Error(`Blocked: ${n.label} "${e}" resolves to a private/reserved address`);if(!g||!_)throw Error(`Blocked: ${n.label} "${e}" requires an explicit networkPolicy host or CIDR allow rule`)}else if(g&&!_)throw Error(`Blocked: ${n.label} "${e}" is not authorized by networkPolicy`);let v=u(i)||u(s);if(r.protocol===`http:`&&!v){if(!t.allowInsecureHttp)throw Error(`Blocked: insecure HTTP requires networkPolicy.allowInsecureHttp for "${e}"`);if(!g||!_)throw Error(`Blocked: insecure HTTP target "${e}" requires an explicit networkPolicy host or CIDR allow rule`)}let y={},b=r.toString();if(n.rewriteHttpHostToResolvedIp&&r.protocol===`http:`&&o===0){let e=r.host,t=new URL(r.toString());t.hostname=s.includes(`:`)?`[${s}]`:s,b=t.toString(),y.Host=e}return{parsedUrl:r,resolvedIp:s,fetchUrl:b,headers:y}}var M=class{state;constructor(e){this.state=e}async handleApiProbeBatch(t){let n=typeof t.baseUrl==`string`?t.baseUrl.trim():``;if(n.length===0)return f.fail(`baseUrl is required and must be a non-empty string`).json();let r=A(t);if(!r.policy)return f.fail(r.error).json();let i,a={};try{let e=await j(n,r.policy,{label:`baseUrl`,rewriteHttpHostToResolvedIp:!0});i=e.fetchUrl.replace(/\/$/,``),a=e.headers}catch(e){return f.fail(e).json()}let u=i,d=t.paths,p=Array.isArray(d)?d:typeof d==`string`?(()=>{try{return JSON.parse(d)}catch{return[]}})():[],m=(o(t,`method`)??`GET`).toUpperCase(),h=s(t,`headers`)??{},g=o(t,`bodyTemplate`)??null,_=Array.isArray(t.includeBodyStatuses)?t.includeBodyStatuses.filter(e=>typeof e==`number`):[200,201,204],v=Math.max(0,Math.min(c(t,`maxBodySnippetLength`,500),1e4)),y=l(t,`autoInjectAuth`,!0);if(!p||p.length===0)return f.fail(`paths array is required and must not be empty`).json();let b=`(async function() {
+  var baseUrl = ${JSON.stringify(u)};
+  var paths = ${JSON.stringify(p)};
+  var method = ${JSON.stringify(m)};
+  var extraHeaders = ${JSON.stringify(h)};
+  var includeBodyStatuses = ${JSON.stringify(_)};
+  var maxSnippetLen = ${JSON.stringify(v)};
+  var autoInjectAuth = ${JSON.stringify(y)};
+  var bodyTemplate = ${JSON.stringify(g)};
+  var authHeaders = ${JSON.stringify(a)};
+  var headers = Object.assign({'Content-Type':'application/json'}, extraHeaders, authHeaders);
+  if (autoInjectAuth) {
+    var token = localStorage.getItem('token') || localStorage.getItem('active_token') || localStorage.getItem('access_token');
+    if (token) headers['Authorization'] = 'Bearer ' + token;
+  }
+  var results = {};
+  async function probePath(path) {
+    try {
+      var opts = {method: method, headers: headers, redirect: 'error'};
+      if (bodyTemplate && (method === 'POST' || method === 'PUT' || method === 'PATCH')) {
+        opts.body = bodyTemplate;
+      }
+      var resp = await fetch(baseUrl + path, opts);
+      var ct = resp.headers.get('content-type') || '';
+      var snippet = null;
+      if (includeBodyStatuses.indexOf(resp.status) !== -1) {
+        var text = await resp.text();
+        if (!ct.includes('text/html') && !ct.includes('application/xml')) {
+          snippet = text.length > maxSnippetLen ? text.slice(0, maxSnippetLen) + '...[truncated]' : text;
+        } else {
+          snippet = '[HTML/XML response suppressed]';
+        }
+      }
+      return [path, {status: resp.status, contentType: ct.split(';')[0].trim(), snippet: snippet}];
+    } catch(e) {
+      return [path, {status: -1, error: e instanceof Error ? e.message : String(e)}];
+    }
+  }
+  var nextIndex = 0;
+  var maxConcurrency = Math.min(paths.length, 6);
+  await Promise.all(Array.from({ length: maxConcurrency }, async function() {
+    while (nextIndex < paths.length) {
+      var currentIndex = nextIndex++;
+      var currentPath = paths[currentIndex];
+      var entry = await probePath(currentPath);
+      results[entry[0]] = entry[1];
+    }
+  }));
+  return {probed: paths.length, method: method, baseUrl: baseUrl, results: results};
+})()`;try{let e=await this.state.deps.browserHandlers.handlePageEvaluate({code:b}),t=f.parse(e);return f.ok().merge(t).json()}catch(t){return e.error(`[api_probe_batch] Error:`,t),f.fail(t).json()}}},N=class{state;constructor(e){this.state=e}async handleJsBundleSearch(e){let n=o(e,`url`,``),a=e.patterns,s=Array.isArray(a)?a:typeof a==`string`?(()=>{try{return JSON.parse(a)}catch{return[]}})():[],u=l(e,`cacheBundle`,!0),d=l(e,`stripNoise`,!0),p=c(e,`maxMatches`,10),m=A(e);if(!n||!s||s.length===0)return f.fail(`url and patterns are required`).json();if(!m.policy)return f.fail(m.error).json();let h=m.policy,g=r,_=i,y=async(e,t)=>{let n=e;for(let e=0;e<_;e++){let r=await j(n,h,{label:e===0?`bundle URL`:`redirect target`,allowRedirectHosts:e>0,rewriteHttpHostToResolvedIp:!0}),i=await fetch(r.fetchUrl,{signal:t,redirect:`manual`,headers:r.headers});if(i.status>=300&&i.status<400){let e=i.headers.get(`location`);if(!e)throw Error(`Redirect ${i.status} without Location header`);n=new URL(e,n).toString();continue}return i}throw Error(`Too many redirects (>${_})`)},x,S=!1;try{if(u){let e=this.state.bundleCache.get(n);if(e&&Date.now()-e.cachedAt<v.BUNDLE_CACHE_TTL_MS)x=e.text,S=!0;else{let e=new AbortController,r=setTimeout(()=>e.abort(),t);try{let t=await y(n,e.signal);if(!t.ok)return f.fail(`Fetch failed: ${t.status} ${t.statusText}`).merge({url:n}).json();if(x=await t.text(),x.length>g)return f.fail(`Response too large: ${x.length} bytes exceeds ${g} limit`).merge({url:n}).json();b(this.state),this.state.bundleCache.set(n,{text:x,cachedAt:Date.now()}),this.state.bundleCacheBytes+=x.length}finally{clearTimeout(r)}}}else{let e=new AbortController,t=setTimeout(()=>e.abort(),3e4);try{let t=await y(n,e.signal);if(!t.ok)return f.fail(`Fetch failed: ${t.status} ${t.statusText}`).merge({url:n}).json();if(x=await t.text(),x.length>g)return f.fail(`Response too large: ${x.length} bytes exceeds ${g} limit`).merge({url:n}).json()}finally{clearTimeout(t)}}}catch(e){return f.fail(e).merge({url:n}).json()}let C={};for(let e of s){let t=e.contextBefore??80,n=e.contextAfter??80,r;try{r=new RegExp(e.regex,`g`)}catch(t){C[e.name]=[{match:``,index:-1,context:`Invalid regex: ${t instanceof Error?t.message:String(t)}`}];continue}let i=[],a;for(;(a=r.exec(x))!==null;){let e=Math.max(0,a.index-t),r=Math.min(x.length,a.index+a[0].length+n),o=x.slice(e,r);if(!(d&&(/[Mm]\d{1,6}(?:\.\d+)?[, ]\d{1,6}(?:\.\d+)?[CLHVSQTAZclhvsqtaz]/.test(o)||/data:[a-z+-]+\/[a-z+-]+;base64,/i.test(o)||o.replace(/[^A-Za-z0-9+/=]/g,``).length>o.length*.85&&o.length>200))&&(i.push({match:a[0],index:a.index,context:o}),i.length>=p))break}C[e.name]=i}return f.ok().merge({bundleUrl:n,bundleSize:x.length,cached:S,patternsSearched:s.length,results:C}).json()}},P=class{scripts;api;account;constructor(e){let t=_(e);this.scripts=new T(t),this.api=new M(t),this.account=new N(t)}handlePageScriptRegister(e){return this.scripts.handlePageScriptRegister(e)}handlePageScriptRun(e){return this.scripts.handlePageScriptRun(e)}handleListExtensionWorkflows(){return this.scripts.handleListExtensionWorkflows()}handleRunExtensionWorkflow(e){return this.scripts.handleRunExtensionWorkflow(e)}handleApiProbeBatch(e){return this.api.handleApiProbeBatch(e)}handleJsBundleSearch(e){return this.account.handleJsBundleSearch(e)}};export{P as WorkflowHandlers};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@jshookmcp/jshook",
-  "version": "0.2.9",
+  "version": "0.3.1",
   "description": "MCP server with built-in tools across multiple domains for AI-assisted JavaScript analysis and security analysis — browser automation, CDP debugging, network monitoring, JS hooks, code analysis, and workflow orchestration",
   "keywords": [
     "ai",
@@ -91,10 +91,10 @@
     "cross-env": "^10.1.0",
     "lefthook": "^2.1.5",
     "medium-zoom": "^1.1.0",
-    "oxfmt": "^0.46.0",
+    "oxfmt": "^0.48.0",
     "oxlint": "^1.59.0",
     "rollup-plugin-visualizer": "^7.0.1",
-    "tsdown": "^0.21.7",
+    "tsdown": "^0.22.0",
     "tsx": "^4.21.0",
     "typescript": "^6.0.2",
     "vite": "^8.0.8",
@@ -108,16 +108,17 @@
     "better-sqlite3": "12.9.0",
     "camoufox-js": "^0.10.2",
     "playwright-core": "^1.59.1",
-    "webcrack": "^2.15.1"
+    "webcrack": "2.16.0"
   },
   "engines": {
-    "node": "^20.19.0 || >=22.12.0"
+    "node": "^22.12.0 || ^24.0.0"
   },
   "mcpName": "io.github.vmoranv/jshookmcp",
   "scripts": {
-    "build": "node scripts/clean-dist.mjs && node scripts/generate-domains-index.mjs && tsdown",
+    "build": "node scripts/build.mjs",
+    "build:dts": "node scripts/build.mjs --dts",
     "build:sdk": "corepack pnpm -C packages/extension-sdk build",
-    "build:all": "corepack pnpm run build && corepack pnpm run build:sdk",
+    "build:all": "corepack pnpm run build:dts && corepack pnpm run build:sdk",
     "build:analyze": "cross-env BUNDLE_ANALYZE=1 corepack pnpm run build && echo 'Open stats.html in browser to view bundle analysis'",
     "typecheck": "tsc --noEmit -p tsconfig.json && corepack pnpm -C packages/extension-sdk typecheck",
     "deps:update": "corepack pnpm update -r",
@@ -135,12 +136,16 @@
     "format:check": "oxfmt \"src/**\" \"tests/**\" \"!tests/tmp/**\" --check --no-error-on-unmatched-pattern",
     "test": "node scripts/run-vitest-smart.mjs run",
     "test:e2e": "cross-env E2E_TARGET_URL=https://vmoranv.github.io/jshookmcp/ vitest run --config tests/e2e/vitest.e2e.config.ts",
+    "test:e2e:portable": "cross-env E2E_TARGET_URL=https://vmoranv.github.io/jshookmcp/ PUPPETEER_HEADLESS=true vitest run --config tests/e2e/vitest.e2e.config.ts tests/e2e/portable-smoke.e2e.test.ts tests/e2e/process-lifecycle.test.ts",
+    "test:e2e:protocol": "vitest run --config tests/e2e/vitest.e2e.config.ts tests/e2e/protocol-pure-compute.e2e.test.ts",
+    "test:e2e:protocol-runtime": "vitest run --config tests/e2e/vitest.e2e.config.ts tests/e2e/protocol-runtime-assisted.e2e.test.ts",
     "test:e2e:perf": "cross-env E2E_TARGET_URL=https://vmoranv.github.io/jshookmcp/ E2E_COLLECT_PERFORMANCE=1 vitest run --config tests/e2e/vitest.e2e.config.ts",
     "test:coverage": "node -e \"require('fs').mkdirSync('coverage/.tmp', { recursive: true })\" && cross-env ENABLE_INJECTION_TOOLS=true COVERAGE_FULL=true node scripts/run-vitest-smart.mjs run --coverage",
     "package:verify-bin": "node scripts/verify-packed-bin.mjs",
     "package:verify-install": "node scripts/verify-packed-install.mjs",
     "package:verify-release": "node scripts/verify-release-artifact.mjs",
     "audit:tools": "tsx scripts/audit-tools.mjs",
+    "audit:runtime": "node scripts/audit-runtime-probes.mjs",
     "git:refresh-noise": "node scripts/refresh-git-noise.mjs",
     "check": "corepack pnpm run metadata:check && corepack pnpm run lint && corepack pnpm run format:check && corepack pnpm run typecheck && corepack pnpm run test",
     "package": "corepack pnpm pack",