npm - @jshookmcp/jshook - Versions diffs - 0.2.9 → 0.3.1 - Mend

@jshookmcp/jshook 0.2.9 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (316) hide show

package/README.md +25 -50
package/README.zh.md +25 -48
package/dist/AntiCheatDetector-CGVGNfy5.mjs +1 -0
package/dist/CacheAdapters-CdAxBmVW.mjs +1 -0
package/dist/CodeInjector-BlgyqTOk.mjs +1 -0
package/dist/ConsoleMonitor-Dkqc0HNi.mjs +490 -0
package/dist/DOMInspector-BYY_EJ0C.mjs +95 -0
package/dist/DarwinAPI-DC4HGGLl.mjs +1 -0
package/dist/DetailedDataManager-BniBJlVv.mjs +1 -0
package/dist/EventBus-DgciURGg.mjs +1 -0
package/dist/EvidenceGraphBridge-BIfgB7HP.mjs +1 -0
package/dist/ExtensionManager-erMpqcLk.mjs +1 -0
package/dist/FingerprintManager-N7BZqjxP.mjs +1 -0
package/dist/HardwareBreakpoint-OcJqNFVc.mjs +1 -0
package/dist/HeapAnalyzer-CqAxZzeS.mjs +1 -0
package/dist/{HookGeneratorBuilders.core.generators.storage-CtcdK78Q.mjs → HookGeneratorBuilders.core.generators.storage-Bf1fbrNK.mjs} +66 -174
package/dist/InstrumentationSession-DxXs0sCp.mjs +1 -0
package/dist/MCPServer.search.handlers.domain-DVbWL1bT.mjs +1 -0
package/dist/MemoryController-BaqstM5w.mjs +2 -0
package/dist/MemoryScanSession-CaxAjZJf.mjs +1 -0
package/dist/MemoryScanner-BLYnMJy6.mjs +1 -0
package/dist/NativeMemoryManager.impl-CI554XbY.mjs +1 -0
package/dist/NativeMemoryManager.utils-DM4NC3FE.mjs +1 -0
package/dist/PEAnalyzer-DJyaJTQJ.mjs +1 -0
package/dist/PageController-D9jVkH0i.mjs +1 -0
package/dist/PointerChainEngine-5nF9eNlu.mjs +1 -0
package/dist/PrerequisiteError-Bl3dK8XA.mjs +1 -0
package/dist/ProcessRegistry-Hf12LlR9.mjs +1 -0
package/dist/ResponseBuilder-B2lu4KEl.mjs +1 -0
package/dist/ReverseEvidenceGraph-B931HeoW.mjs +2 -0
package/dist/ScriptManager-fgqiALgj.mjs +7 -0
package/dist/Speedhack-l6s8L2Qw.mjs +1 -0
package/dist/StealthVerifier-Dhbj4B4P.mjs +1 -0
package/dist/StructureAnalyzer-A-WamfYE.mjs +2 -0
package/dist/ToolCatalog-D_IKl1Hu.mjs +1 -0
package/dist/ToolError-DWU_z7gp.mjs +1 -0
package/dist/ToolProbe-xsfALmN3.mjs +1 -0
package/dist/ToolRegistry-B0Zs-phN.mjs +1 -0
package/dist/ToolRouter.policy-CFHoN_Lw.mjs +4 -0
package/dist/TraceRecorder-Dd8jLXpi.mjs +272 -0
package/dist/VersionDetector-DMoUWyNm.mjs +9 -0
package/dist/Win32API-Bhi5xFBe.mjs +1 -0
package/dist/Win32Debug-CQteFL4F.mjs +1 -0
package/dist/WorkflowEngine-CxEp2WXH.mjs +1 -0
package/dist/analysis-BuR-NgX8.mjs +5 -0
package/dist/{antidebug-CqDTB_uk.mjs → antidebug-BOTZH6-0.mjs} +8 -259
package/dist/artifactRetention-NBdncOEW.mjs +1 -0
package/dist/artifacts-B5xQuEa_.mjs +1 -0
package/dist/authorization-schema-B40obG1A.mjs +1 -0
package/dist/betterSqlite3-CGaxz4AX.mjs +1 -0
package/dist/binary-instrument-Cf9qqLlM.mjs +7 -0
package/dist/bind-helpers-BlAOQrFQ.mjs +1 -0
package/dist/boringssl-inspector-BST5vtKx.mjs +2 -0
package/dist/browser-C4Le3xqA.mjs +11 -0
package/dist/capabilities-DbYCv-HF.mjs +1 -0
package/dist/chunk-C_pMuVsO.mjs +1 -0
package/dist/collector-CKO8RPK8.mjs +1 -0
package/dist/concurrency-CcK46d0h.mjs +1 -0
package/dist/constants-Cp6hBrrx.mjs +1 -0
package/dist/coordination-BbijHEHH.mjs +1 -0
package/dist/debugger-CRJq_krh.mjs +1 -0
package/dist/definitions-BGobEDQa.mjs +1 -0
package/dist/definitions-BGwNSkVm.mjs +1 -0
package/dist/definitions-BbxOUiP-.mjs +1 -0
package/dist/definitions-CCP9gphV.mjs +1 -0
package/dist/definitions-CIO9O-Sw.mjs +1 -0
package/dist/definitions-CYFbewnd.mjs +1 -0
package/dist/definitions-CdWEuIkI.mjs +1 -0
package/dist/definitions-CoQFbggH.mjs +1 -0
package/dist/definitions-CuJRsJ6N.mjs +1 -0
package/dist/definitions-DI9YXsJk.mjs +1 -0
package/dist/definitions-DJklW2sS.mjs +1 -0
package/dist/definitions-DZ8uKusP.mjs +1 -0
package/dist/definitions-Dds_zrWx.mjs +1 -0
package/dist/definitions-Dgrg7f3D.mjs +1 -0
package/dist/definitions-DtE0XLrT.mjs +1 -0
package/dist/definitions-LaYTuwQd.mjs +26 -0
package/dist/definitions-NoVp_9Pm.mjs +1 -0
package/dist/definitions-OvGsfxdt.mjs +1 -0
package/dist/definitions-jXPaVy4P.mjs +1 -0
package/dist/encoding-DGcr6Aj_.mjs +2 -0
package/dist/ensure-browser-core-Buls24LQ.mjs +1 -0
package/dist/evidence-graph-bridge-B0yhGPcs.mjs +1 -0
package/dist/factory-Cx_1LorX.mjs +1 -0
package/dist/flat-target-session-CO5g78k3.mjs +1 -0
package/dist/formatAddress-C7j2fDlM.mjs +1 -0
package/dist/graphql-HLf3MS8H.mjs +62 -0
package/dist/handlers-BLMa4X7l.mjs +54 -0
package/dist/handlers-BP12ZsWc.mjs +4 -0
package/dist/handlers-BZoPla6E.mjs +1 -0
package/dist/handlers-BggKiVx9.mjs +2 -0
package/dist/handlers-D3iev8g1.mjs +1 -0
package/dist/handlers-D49r1-1P.mjs +1 -0
package/dist/handlers-DCE45Ww8.mjs +2 -0
package/dist/handlers-DW5AbYs5.mjs +5 -0
package/dist/handlers-De5u62Ga2.mjs +1 -0
package/dist/handlers-DmQzIc44.mjs +31 -0
package/dist/handlers-DnJRGp7t.mjs +302 -0
package/dist/handlers-Dv_runVv.mjs +2 -0
package/dist/handlers-S9Ws0IGy.mjs +2 -0
package/dist/{handlers-Bl8zkwz1.mjs → handlers-pVNpaw4A.mjs} +144 -841
package/dist/handlers.impl-CD2_kOcC.mjs +1 -0
package/dist/hooks-DDKppogd.mjs +600 -0
package/dist/index.mjs +12 -5225
package/dist/logger-sBC6IdRT.mjs +1 -0
package/dist/maintenance-CutEO84j.mjs +1 -0
package/dist/manifest-BFGxlDRh.mjs +123 -0
package/dist/manifest-BPuE6oH2.mjs +1 -0
package/dist/manifest-BXry5N09.mjs +1 -0
package/dist/manifest-BeP_zJGb2.mjs +1 -0
package/dist/manifest-C0g67k6U.mjs +1 -0
package/dist/manifest-C1nZkTkO.mjs +1 -0
package/dist/manifest-C7qV1z7F.mjs +1 -0
package/dist/manifest-CDeUZGUZ.mjs +1 -0
package/dist/manifest-CDiCtaQT.mjs +1 -0
package/dist/manifest-CFn0359q2.mjs +1 -0
package/dist/manifest-CGq4NpqH2.mjs +1 -0
package/dist/manifest-CJMGt7Qy.mjs +1 -0
package/dist/manifest-CRIJq4Hs.mjs +1 -0
package/dist/manifest-C_hEIjSx.mjs +1 -0
package/dist/manifest-CeQmtQOY.mjs +1 -0
package/dist/manifest-Cq0j7GZt.mjs +1 -0
package/dist/manifest-CtPmHAdn.mjs +1 -0
package/dist/manifest-Cx2IVMUY.mjs +1 -0
package/dist/manifest-D16xPXro.mjs +1 -0
package/dist/manifest-D44TaRJU.mjs +1 -0
package/dist/manifest-D610kxZr.mjs +2 -0
package/dist/manifest-DC-SMF6b.mjs +1 -0
package/dist/manifest-DD3rtxvV.mjs +1 -0
package/dist/manifest-DKUorv5M.mjs +1 -0
package/dist/manifest-DMJlcsTR.mjs +1 -0
package/dist/manifest-DWUUWBz0.mjs +1 -0
package/dist/manifest-De-6Wf2R.mjs +1 -0
package/dist/manifest-Dgh0uDW-.mjs +1 -0
package/dist/manifest-Dm0o3i2U.mjs +1 -0
package/dist/manifest-DsVh7Y4U.mjs +1 -0
package/dist/manifest-DtEFSRaq.mjs +1 -0
package/dist/manifest-H-EpAyZQ.mjs +1 -0
package/dist/manifest-ais9Afrw.mjs +1 -0
package/dist/manifest-tmb54wmA.mjs +1 -0
package/dist/manifest-yu2xiQqe.mjs +1 -0
package/dist/manifest-zrbrpKCC.mjs +1 -0
package/dist/matchesWildcardPattern-BGqLSmEs.mjs +1 -0
package/dist/modules-p-PUNv9r.mjs +332 -0
package/dist/mojo-ipc-VGlv3Qyp.mjs +9 -0
package/dist/network-BjZ1Y-GB.mjs +7 -0
package/dist/outputPaths-BonGThuc.mjs +2 -0
package/dist/parse-args-Cuk7-xUt.mjs +1 -0
package/dist/platform-C446Lf97.mjs +93 -0
package/dist/playwright-cdp-fallback-BwVR-_T3.mjs +1 -0
package/dist/process-C9f2A5zk.mjs +962 -0
package/dist/proxy-CvRepxgV.mjs +1 -0
package/dist/registry-DUHIPE-v.mjs +1 -0
package/dist/response-C7rKQst4.mjs +1 -0
package/dist/search-defaults-D2bY-rzH.mjs +1 -0
package/dist/server/plugin-api.mjs +1 -293
package/dist/shared-state-board-Cyg-xh_k.mjs +1 -0
package/dist/sourcemap-D6Q1UuAp.mjs +1 -0
package/dist/ssrf-policy-T96MR3r6.mjs +1 -0
package/dist/streaming-CTX58tbb.mjs +1 -0
package/dist/tool-builder-CI9914Tf.mjs +1 -0
package/dist/transform-Cv9P2vVD.mjs +103 -0
package/dist/types-CuyefmGT.mjs +1 -0
package/dist/types-DtThH00r.mjs +1 -0
package/dist/wasm-DaJa8J0V.mjs +174 -0
package/dist/webcrack-CsLLJIs9.mjs +46 -0
package/dist/workflow-CYIXtrWD.mjs +101 -0
package/package.json +12 -7
package/dist/AntiCheatDetector-BNk-EoBt.mjs +0 -244
package/dist/CacheAdapters-CDe5WPSV.mjs +0 -80
package/dist/CodeInjector-Cq8q01kp.mjs +0 -150
package/dist/ConsoleMonitor-CPVQW1Y-.mjs +0 -2201
package/dist/DarwinAPI-BNPxu0RH.mjs +0 -363
package/dist/DetailedDataManager-BQQcxh64.mjs +0 -217
package/dist/EventBus-DgPmwpeu.mjs +0 -141
package/dist/EvidenceGraphBridge-SFesNera.mjs +0 -153
package/dist/ExtensionManager-CWYgw0YW.mjs +0 -714
package/dist/FingerprintManager-gzWtkKuf.mjs +0 -96
package/dist/HardwareBreakpoint-B9gZCdFP.mjs +0 -239
package/dist/HeapAnalyzer-BLDH0dCv.mjs +0 -284
package/dist/InstrumentationSession-CvPC7Jwy.mjs +0 -244
package/dist/MemoryController-CbVdCIJF.mjs +0 -167
package/dist/MemoryScanSession-BsDZbLYm.mjs +0 -278
package/dist/MemoryScanner-Bcpml6II.mjs +0 -425
package/dist/NativeMemoryManager.impl-dZtA1ZGn.mjs +0 -482
package/dist/NativeMemoryManager.utils-B-FjA2mJ.mjs +0 -165
package/dist/PEAnalyzer-D1lzJ_VG.mjs +0 -385
package/dist/PageController-Bqm2kZ_X.mjs +0 -417
package/dist/PointerChainEngine-BOhyVsjx.mjs +0 -322
package/dist/PrerequisiteError-Dl33Svkz.mjs +0 -20
package/dist/ResponseBuilder-D3iFYx2N.mjs +0 -143
package/dist/ReverseEvidenceGraph-Dlsk94LC.mjs +0 -269
package/dist/ScriptManager-aHHq0X7U.mjs +0 -3000
package/dist/Speedhack-CqdIFlQl.mjs +0 -156
package/dist/StealthVerifier-Bo4T3bz8.mjs +0 -135
package/dist/StructureAnalyzer-DhFaPvRO.mjs +0 -426
package/dist/ToolCatalog-C0JGZoOm.mjs +0 -582
package/dist/ToolError-jh9whhMd.mjs +0 -15
package/dist/ToolProbe-oC7aPrkv.mjs +0 -45
package/dist/ToolRegistry-BjaF4oNz.mjs +0 -131
package/dist/ToolRouter.policy-BWV67ZK-.mjs +0 -304
package/dist/TraceRecorder-DgxyVbdQ.mjs +0 -519
package/dist/VersionDetector-CwVLVdDM.mjs +0 -104
package/dist/Win32API-CePkipZY.mjs +0 -340
package/dist/Win32Debug-BvKs-gxc.mjs +0 -274
package/dist/WorkflowEngine-CuvkZtWu.mjs +0 -598
package/dist/analysis-CL9uACt9.mjs +0 -463
package/dist/artifactRetention-CFEprwPw.mjs +0 -591
package/dist/artifacts-Bk2-_uPq.mjs +0 -59
package/dist/betterSqlite3-0pqusHHH.mjs +0 -74
package/dist/binary-instrument-CXfpx6fT.mjs +0 -979
package/dist/bind-helpers-xFfRF-qm.mjs +0 -22
package/dist/boringssl-inspector-BH2D3VKc.mjs +0 -180
package/dist/browser-BpOr5PEx.mjs +0 -4082
package/dist/chunk-CjcI7cDX.mjs +0 -15
package/dist/concurrency-Bt0yv1kJ.mjs +0 -41
package/dist/constants-B0OANIBL.mjs +0 -519
package/dist/coordination-qUbyF8KU.mjs +0 -259
package/dist/debugger-gnKxRSN0.mjs +0 -1271
package/dist/definitions-6M-eejaT.mjs +0 -53
package/dist/definitions-B18eyf0B.mjs +0 -18
package/dist/definitions-B3QdlrHv.mjs +0 -34
package/dist/definitions-B4rAvHNZ.mjs +0 -63
package/dist/definitions-BB_4jnmy.mjs +0 -37
package/dist/definitions-BMfYXoNC.mjs +0 -43
package/dist/definitions-Beid2EB3.mjs +0 -27
package/dist/definitions-C1UvM5Iy.mjs +0 -126
package/dist/definitions-CXEI7QC72.mjs +0 -216
package/dist/definitions-C_4r7Fo-2.mjs +0 -14
package/dist/definitions-CkFDALoa.mjs +0 -26
package/dist/definitions-Cke7zEb8.mjs +0 -94
package/dist/definitions-ClJLzsJQ.mjs +0 -25
package/dist/definitions-Cq-zroAU.mjs +0 -28
package/dist/definitions-Cy3Sl6gV.mjs +0 -34
package/dist/definitions-D3VsGcvz.mjs +0 -47
package/dist/definitions-DVGfrn7y.mjs +0 -96
package/dist/definitions-LKpC3-nL.mjs +0 -9
package/dist/definitions-bAhHQJq9.mjs +0 -359
package/dist/encoding-Bvz5jLRv.mjs +0 -1065
package/dist/evidence-graph-bridge-C_fv9PuC.mjs +0 -135
package/dist/factory-DxlGh9Xf.mjs +0 -575
package/dist/formatAddress-DVkj9kpI.mjs +0 -17
package/dist/graphql-DYWzJ29s.mjs +0 -1026
package/dist/handlers-9sAbfIg-.mjs +0 -2552
package/dist/handlers-C67ktuRN.mjs +0 -710
package/dist/handlers-C87g8oCe.mjs +0 -276
package/dist/handlers-CTsDAO6p.mjs +0 -681
package/dist/handlers-Cgyg6c0U.mjs +0 -645
package/dist/handlers-D6j6yka7.mjs +0 -2124
package/dist/handlers-DdFzXLvF.mjs +0 -446
package/dist/handlers-DeLOCd5m.mjs +0 -799
package/dist/handlers-DlCJN4Td.mjs +0 -757
package/dist/handlers-DxGIq15_2.mjs +0 -917
package/dist/handlers-U6L4xhuF.mjs +0 -585
package/dist/handlers-tB9Mp9ZK.mjs +0 -84
package/dist/handlers-tiy7EIBp.mjs +0 -572
package/dist/handlers.impl-DS0d9fUw.mjs +0 -761
package/dist/hooks-CzCWByww.mjs +0 -898
package/dist/logger-Dh_xb7_2.mjs +0 -93
package/dist/maintenance-P7ePRXQC.mjs +0 -830
package/dist/manifest-2ToTpjv8.mjs +0 -106
package/dist/manifest-3g71z6Bg.mjs +0 -79
package/dist/manifest-82baTv4U.mjs +0 -45
package/dist/manifest-B3QVVeBS.mjs +0 -82
package/dist/manifest-BB2J8IMJ.mjs +0 -149
package/dist/manifest-BKbgbSiY.mjs +0 -60
package/dist/manifest-Bcf-TJzH.mjs +0 -848
package/dist/manifest-BmtZzQiQ2.mjs +0 -45
package/dist/manifest-Bnd7kqEY.mjs +0 -55
package/dist/manifest-BqQX6OQC2.mjs +0 -65
package/dist/manifest-BqrQ4Tpj.mjs +0 -81
package/dist/manifest-Br4RPFt5.mjs +0 -370
package/dist/manifest-C5qDjysN.mjs +0 -107
package/dist/manifest-C9RT5nk32.mjs +0 -34
package/dist/manifest-CAhOuvSl.mjs +0 -204
package/dist/manifest-CBYWCUBJ.mjs +0 -51
package/dist/manifest-CFADCRa1.mjs +0 -37
package/dist/manifest-CQVhavRF.mjs +0 -114
package/dist/manifest-CT7zZBV1.mjs +0 -48
package/dist/manifest-CV12bcrF.mjs +0 -121
package/dist/manifest-CXsRWjjI.mjs +0 -224
package/dist/manifest-CZLUCfG02.mjs +0 -95
package/dist/manifest-D6phHKFd.mjs +0 -131
package/dist/manifest-DCyjf4n2.mjs +0 -294
package/dist/manifest-DHsnKgP6.mjs +0 -60
package/dist/manifest-Df_dliIe.mjs +0 -55
package/dist/manifest-Dh8WBmEW.mjs +0 -129
package/dist/manifest-DhKRAT8_.mjs +0 -92
package/dist/manifest-DlpTj4ic2.mjs +0 -193
package/dist/manifest-DrbmZcFl2.mjs +0 -253
package/dist/manifest-DuwHjUa5.mjs +0 -70
package/dist/manifest-DzwvxPJX.mjs +0 -38
package/dist/manifest-NXctwWQq.mjs +0 -68
package/dist/manifest-Sc_0JQ13.mjs +0 -418
package/dist/manifest-gZ4s_UtG.mjs +0 -96
package/dist/manifest-qSleDqdO.mjs +0 -1023
package/dist/modules-C184v-S9.mjs +0 -11365
package/dist/mojo-ipc-B_H61Afw.mjs +0 -525
package/dist/network-671Cw6hV.mjs +0 -3346
package/dist/outputPaths-B1uGmrWZ.mjs +0 -1145
package/dist/parse-args-BlRjqlkL.mjs +0 -39
package/dist/platform-WmNn8Sxb.mjs +0 -2070
package/dist/process-QcbIy5Zq.mjs +0 -1401
package/dist/proxy-DqNs0bAd.mjs +0 -170
package/dist/registry-D-6e18lB.mjs +0 -34
package/dist/response-BQVP-xUn.mjs +0 -28
package/dist/shared-state-board-DV-dpHFJ.mjs +0 -586
package/dist/sourcemap-Dq8ez8vS.mjs +0 -650
package/dist/ssrf-policy-ZaUfvhq7.mjs +0 -166
package/dist/streaming-BUQ0VJsg.mjs +0 -725
package/dist/tool-builder-DCbIC5Eo.mjs +0 -186
package/dist/transform-CiYJfNX0.mjs +0 -1007
package/dist/types-Bx92KJfT.mjs +0 -4
package/dist/types-CPhOReNX.mjs +0 -37
package/dist/wasm-DQTnHDs4.mjs +0 -531
package/dist/workflow-f3xJOcjx.mjs +0 -725

package/dist/handlers-C67ktuRN.mjs DELETED Viewed

@@ -1,710 +0,0 @@
-//#region src/modules/syscall-hook/SyscallMonitor.ts
-const SUPPORTED_BACKENDS = [
-	"etw",
-	"strace",
-	"dtrace"
-];
-const SYNTHETIC_EVENT_SEEDS = {
-	etw: [
-		{
-			syscall: "NtCreateFile",
-			args: ["C:\\Windows\\Temp\\jshookmcp.log", "GENERIC_READ"],
-			returnValue: 0,
-			duration: .7
-		},
-		{
-			syscall: "NtReadFile",
-			args: ["handle=0x90", "buffer=4096"],
-			returnValue: 512,
-			duration: .2
-		},
-		{
-			syscall: "NtWriteFile",
-			args: ["handle=0x90", "buffer=128"],
-			returnValue: 128,
-			duration: .3
-		},
-		{
-			syscall: "NtDeviceIoControlFile",
-			args: ["handle=0x44", "code=0x222004"],
-			returnValue: 0,
-			duration: 1.1
-		}
-	],
-	strace: [
-		{
-			syscall: "openat",
-			args: ["/tmp/jshookmcp.log", "O_RDONLY"],
-			returnValue: 3,
-			duration: .4
-		},
-		{
-			syscall: "read",
-			args: ["fd=3", "count=4096"],
-			returnValue: 256,
-			duration: .1
-		},
-		{
-			syscall: "write",
-			args: ["fd=3", "count=128"],
-			returnValue: 128,
-			duration: .2
-		},
-		{
-			syscall: "connect",
-			args: ["fd=18", "127.0.0.1:9222"],
-			returnValue: 0,
-			duration: 1.4
-		}
-	],
-	dtrace: [
-		{
-			syscall: "open_nocancel",
-			args: ["/private/tmp/jshookmcp.log", "O_RDONLY"],
-			returnValue: 3,
-			duration: .5
-		},
-		{
-			syscall: "read_nocancel",
-			args: ["fd=3", "count=4096"],
-			returnValue: 320,
-			duration: .1
-		},
-		{
-			syscall: "write_nocancel",
-			args: ["fd=3", "count=128"],
-			returnValue: 128,
-			duration: .2
-		},
-		{
-			syscall: "connect",
-			args: ["fd=21", "127.0.0.1:9222"],
-			returnValue: 0,
-			duration: 1.3
-		}
-	]
-};
-function isBackendSupportedOnCurrentPlatform(backend) {
-	if (backend === "etw") return process.platform === "win32";
-	if (backend === "strace") return process.platform === "linux";
-	if (backend === "dtrace") return process.platform === "darwin";
-	return false;
-}
-function chooseDefaultBackend() {
-	if (process.platform === "win32") return "etw";
-	if (process.platform === "linux") return "strace";
-	if (process.platform === "darwin") return "dtrace";
-	return "etw";
-}
-function cloneEvent(event) {
-	return {
-		timestamp: event.timestamp,
-		pid: event.pid,
-		syscall: event.syscall,
-		args: [...event.args],
-		returnValue: event.returnValue,
-		duration: event.duration
-	};
-}
-function matchesFilter(event, filter) {
-	if (!filter) return true;
-	if (filter.pid !== void 0 && event.pid !== filter.pid) return false;
-	if (filter.name && filter.name.length > 0 && !filter.name.includes(event.syscall)) return false;
-	return true;
-}
-/**
-* Parse a strace output line into a SyscallEvent.
-*
-* Example strace line:
-*   12345 14:30:00.123456 openat(AT_FDCWD, "/tmp/foo", O_RDONLY) = 3 <0.000123>
-*/
-function parseStraceLine(line, targetPid) {
-	const match = /^(\d+)\s+([\d:.]+)\s+(\w+)\(([^)]*)\)\s*=\s*(-?\d+)(?:\s+<([\d.]+)>)?$/u.exec(line.trim());
-	if (!match) return null;
-	const syscall = match[3] ?? "unknown";
-	const rawArgs = match[4] ?? "";
-	const returnValue = Number(match[5]);
-	const duration = match[6] ? Number(match[6]) : void 0;
-	const args = rawArgs.split(",").map((a) => a.trim()).filter((a) => a.length > 0);
-	return {
-		timestamp: Date.now(),
-		pid: targetPid,
-		syscall,
-		args,
-		returnValue: Number.isFinite(returnValue) ? returnValue : void 0,
-		duration: duration !== void 0 && Number.isFinite(duration) ? duration * 1e3 : void 0
-	};
-}
-/**
-* Parse an ETW trace line (simplified from logman/wpr output).
-*
-* Example ETW line:
-*   [2024-01-15 14:30:00.123] PID=1234 NtCreateFile Handle=0x90 Status=0x00000000
-*/
-function parseETWLine(line, targetPid) {
-	const match = /^\[([^\]]+)\]\s+PID=(\d+)\s+(\w+)\s+(.*)$/u.exec(line.trim());
-	if (!match) return null;
-	const syscall = match[3] ?? "unknown";
-	const rawArgs = match[4] ?? "";
-	const pid = Number(match[2]);
-	const args = rawArgs.split(/\s+/u).filter((a) => a.length > 0);
-	return {
-		timestamp: Date.now(),
-		pid: Number.isFinite(pid) ? pid : targetPid,
-		syscall,
-		args
-	};
-}
-/**
-* Parse a dtrace output line.
-*
-* Example dtrace line:
-*   1234   0  12345  open_nocancel:entry  /private/tmp/foo O_RDONLY
-*/
-function parseDTraceLine(line, targetPid) {
-	const match = /^\s*(\d+)\s+\d+\s+(\d+)\s+(\w+):\w+\s+(.*)$/u.exec(line.trim());
-	if (!match) return null;
-	const syscall = match[3] ?? "unknown";
-	const rawArgs = match[4] ?? "";
-	const pid = Number(match[2]);
-	const args = rawArgs.split(/\s+/u).filter((a) => a.length > 0);
-	return {
-		timestamp: Date.now(),
-		pid: Number.isFinite(pid) ? pid : targetPid,
-		syscall,
-		args
-	};
-}
-var SyscallMonitor = class {
-	activeState;
-	capturedEvents = [];
-	lastBackend = chooseDefaultBackend();
-	subprocessError;
-	async start(options) {
-		const requestedBackend = options?.backend ?? chooseDefaultBackend();
-		if (!isBackendSupportedOnCurrentPlatform(requestedBackend)) throw new Error(`Backend "${requestedBackend}" is not available on platform "${process.platform}"`);
-		if (options?.simulate ?? process.env["JSHOOK_SIMULATE"] === "1") {
-			this.activeState = {
-				backend: requestedBackend,
-				pid: options?.pid,
-				startedAt: Date.now(),
-				generatedEvents: 0
-			};
-			this.lastBackend = requestedBackend;
-			this.capturedEvents.length = 0;
-			this.generateSyntheticEvents();
-			return;
-		}
-		const pid = options?.pid ?? process.pid;
-		let subprocess;
-		try {
-			if (requestedBackend === "strace") subprocess = await this.captureWithStrace(pid);
-			else if (requestedBackend === "etw") subprocess = await this.captureWithETW(pid);
-			else if (requestedBackend === "dtrace") subprocess = await this.captureWithDTrace(pid);
-		} catch (error) {
-			this.subprocessError = error instanceof Error ? error.message : String(error);
-			this.activeState = {
-				backend: requestedBackend,
-				pid: options?.pid,
-				startedAt: Date.now(),
-				generatedEvents: 0
-			};
-			this.lastBackend = requestedBackend;
-			this.capturedEvents.length = 0;
-			this.generateSyntheticEvents();
-			return;
-		}
-		this.activeState = {
-			backend: requestedBackend,
-			pid: options?.pid,
-			startedAt: Date.now(),
-			generatedEvents: 0,
-			subprocess
-		};
-		this.lastBackend = requestedBackend;
-		this.capturedEvents.length = 0;
-		this.subprocessError = void 0;
-	}
-	async stop() {
-		if (this.activeState?.subprocess) {
-			this.activeState.subprocess.kill("SIGTERM");
-			this.activeState.subprocess = void 0;
-		}
-		this.activeState = void 0;
-	}
-	async captureEvents(filter) {
-		if (this.activeState && !this.activeState.subprocess) this.generateSyntheticEvents();
-		return this.capturedEvents.filter((event) => matchesFilter(event, filter)).map(cloneEvent);
-	}
-	getStats() {
-		const backend = this.activeState?.backend ?? this.lastBackend;
-		const uptime = this.activeState ? Date.now() - this.activeState.startedAt : 0;
-		return {
-			eventsCaptured: this.capturedEvents.length,
-			uptime,
-			backend,
-			subprocessActive: !!this.activeState?.subprocess,
-			subprocessError: this.subprocessError
-		};
-	}
-	getSupportedBackends() {
-		return SUPPORTED_BACKENDS.filter((backend) => isBackendSupportedOnCurrentPlatform(backend));
-	}
-	isRunning() {
-		return this.activeState !== void 0;
-	}
-	/**
-	* Spawn strace for syscall tracing on Linux.
-	* Parses stdout into SyscallEvent objects.
-	*/
-	async captureWithStrace(pid) {
-		const { spawn } = await import("node:child_process");
-		return new Promise((resolve, reject) => {
-			const subprocess = spawn("strace", [
-				"-p",
-				String(pid),
-				"-f",
-				"-e",
-				"trace=all",
-				"-t"
-			], { stdio: [
-				"ignore",
-				"pipe",
-				"pipe"
-			] });
-			let stderrBuffer = "";
-			let lineAccumulator = "";
-			subprocess.stdout?.on("data", (chunk) => {
-				lineAccumulator += chunk.toString();
-				this.processLineBuffer(lineAccumulator, pid, "strace");
-			});
-			subprocess.stderr?.on("data", (chunk) => {
-				stderrBuffer += chunk.toString();
-				const lines = stderrBuffer.split(/\r?\n/u);
-				stderrBuffer = lines.pop() ?? "";
-				for (const line of lines) if (line.length > 0) {
-					const event = parseStraceLine(line, pid);
-					if (event) this.capturedEvents.push(event);
-				}
-			});
-			subprocess.on("error", (error) => {
-				reject(/* @__PURE__ */ new Error(`strace process error: ${error.message}. Is strace installed?`));
-			});
-			subprocess.on("spawn", () => {
-				resolve(subprocess);
-			});
-		});
-	}
-	/**
-	* Spawn ETW tracing on Windows using logman.
-	* Parses ETW trace output into SyscallEvent objects.
-	*/
-	async captureWithETW(pid) {
-		const { spawn } = await import("node:child_process");
-		return new Promise((resolve, reject) => {
-			const logman = spawn("logman", [
-				"create",
-				"trace",
-				`JSHookETW_${pid}`,
-				"-p",
-				"NT Kernel Logger",
-				"0x10000",
-				"-o",
-				`jshook_etw_${pid}.etl`,
-				"-ets"
-			], {
-				stdio: [
-					"ignore",
-					"pipe",
-					"pipe"
-				],
-				windowsHide: true
-			});
-			let outputBuffer = "";
-			logman.stdout?.on("data", (chunk) => {
-				outputBuffer += chunk.toString();
-				const lines = outputBuffer.split(/\r?\n/u);
-				outputBuffer = lines.pop() ?? "";
-				for (const line of lines) {
-					const event = parseETWLine(line, pid);
-					if (event) this.capturedEvents.push(event);
-				}
-			});
-			logman.stderr?.on("data", (chunk) => {
-				const msg = chunk.toString().trim();
-				if (msg.length > 0 && !msg.startsWith("The command completed successfully")) {}
-			});
-			logman.on("error", (error) => {
-				reject(/* @__PURE__ */ new Error(`ETW trace error: ${error.message}. Run as Administrator.`));
-			});
-			logman.on("exit", (code) => {
-				if (code !== 0 && code !== void 0) reject(/* @__PURE__ */ new Error(`ETW trace session ended (code ${code}). Check permissions.`));
-			});
-			logman.on("spawn", () => {
-				resolve(logman);
-			});
-		});
-	}
-	/**
-	* Spawn dtrace for syscall tracing on macOS.
-	* Parses dtrace output into SyscallEvent objects.
-	*/
-	async captureWithDTrace(pid) {
-		const { spawn } = await import("node:child_process");
-		return new Promise((resolve, reject) => {
-			const dtrace = spawn("dtrace", ["-n", `
-        syscall:::entry
-        /pid == ${pid}/
-        {
-          printf("%d %d %s:entry %s", pid, probeproc, probefunc, copyinstr(arg0));
-        }
-      `], { stdio: [
-				"ignore",
-				"pipe",
-				"pipe"
-			] });
-			let outputBuffer = "";
-			dtrace.stdout?.on("data", (chunk) => {
-				outputBuffer += chunk.toString();
-				const lines = outputBuffer.split(/\r?\n/u);
-				outputBuffer = lines.pop() ?? "";
-				for (const line of lines) {
-					const event = parseDTraceLine(line, pid);
-					if (event) this.capturedEvents.push(event);
-				}
-			});
-			dtrace.stderr?.on("data", () => {});
-			dtrace.on("error", (error) => {
-				reject(/* @__PURE__ */ new Error(`dtrace error: ${error.message}. Run with sudo.`));
-			});
-			dtrace.on("spawn", () => {
-				resolve(dtrace);
-			});
-		});
-	}
-	generateSyntheticEvents() {
-		if (!this.activeState) return;
-		const seeds = SYNTHETIC_EVENT_SEEDS[this.activeState.backend];
-		if (!seeds) return;
-		const elapsed = Date.now() - this.activeState.startedAt;
-		const targetEventCount = Math.max(1, Math.min(seeds.length * 3, Math.floor(elapsed / 150) + 1));
-		const pid = this.activeState.pid ?? process.pid;
-		while (this.activeState.generatedEvents < targetEventCount) {
-			const seed = seeds[this.activeState.generatedEvents % seeds.length];
-			if (!seed) break;
-			const timestamp = this.activeState.startedAt + this.activeState.generatedEvents * 75;
-			this.capturedEvents.push({
-				timestamp,
-				pid,
-				syscall: seed.syscall,
-				args: [...seed.args],
-				returnValue: seed.returnValue,
-				duration: seed.duration
-			});
-			this.activeState.generatedEvents += 1;
-		}
-	}
-	processLineBuffer(_buffer, _pid, _parser) {}
-};
-//#endregion
-//#region src/modules/syscall-hook/SyscallToJSMapper.ts
-const CORRELATION_RULES = [
-	{
-		syscallNames: [
-			"NtCreateFile",
-			"openat",
-			"open_nocancel"
-		],
-		jsFunction: "fs.open",
-		baseConfidence: .8,
-		explanation: "File open syscalls commonly originate from Node.js file-system entry points."
-	},
-	{
-		syscallNames: [
-			"NtReadFile",
-			"read",
-			"read_nocancel"
-		],
-		jsFunction: "fs.readFile",
-		baseConfidence: .78,
-		explanation: "Read-oriented syscalls usually map back to file or stream reads in JavaScript."
-	},
-	{
-		syscallNames: [
-			"NtWriteFile",
-			"write",
-			"write_nocancel"
-		],
-		jsFunction: "fs.writeFile",
-		baseConfidence: .78,
-		explanation: "Write-oriented syscalls are strongly associated with Node.js file writes."
-	},
-	{
-		syscallNames: ["NtDeviceIoControlFile", "ioctl"],
-		jsFunction: "child_process.spawn",
-		baseConfidence: .55,
-		explanation: "Device and control syscalls are often triggered by child processes or native helpers."
-	},
-	{
-		syscallNames: [
-			"connect",
-			"sendto",
-			"recvfrom"
-		],
-		jsFunction: "fetch",
-		baseConfidence: .7,
-		explanation: "Socket syscalls generally indicate outbound network activity from fetch-like APIs."
-	}
-];
-function findRuleBySyscallName(syscallName) {
-	return CORRELATION_RULES.find((rule) => rule.syscallNames.includes(syscallName));
-}
-function clampConfidence(confidence) {
-	if (confidence < 0) return 0;
-	if (confidence > 1) return 1;
-	return confidence;
-}
-function hasArgContaining(args, fragments) {
-	return args.some((arg) => fragments.some((fragment) => arg.toLowerCase().includes(fragment)));
-}
-var SyscallToJSMapper = class {
-	map(syscall) {
-		const jsFunction = this.findJSFunction(syscall.syscall);
-		if (!jsFunction) return null;
-		const rule = findRuleBySyscallName(syscall.syscall);
-		if (!rule) return null;
-		let confidence = rule.baseConfidence;
-		if (jsFunction.startsWith("fs.") && hasArgContaining(syscall.args, [
-			".js",
-			".json",
-			".node"
-		])) confidence += .08;
-		if (jsFunction === "fetch" && hasArgContaining(syscall.args, [
-			"80",
-			"443",
-			"http",
-			"https"
-		])) confidence += .1;
-		return {
-			syscall: {
-				timestamp: syscall.timestamp,
-				pid: syscall.pid,
-				syscall: syscall.syscall,
-				args: [...syscall.args],
-				returnValue: syscall.returnValue,
-				duration: syscall.duration
-			},
-			jsFunction,
-			confidence: clampConfidence(confidence),
-			reasoning: this.getCorrelationReason(syscall, jsFunction)
-		};
-	}
-	findJSFunction(syscallName) {
-		const rule = findRuleBySyscallName(syscallName);
-		if (!rule) return null;
-		return rule.jsFunction;
-	}
-	getCorrelationReason(syscall, jsFunc) {
-		const rule = findRuleBySyscallName(syscall.syscall);
-		const detailParts = [];
-		if (rule) detailParts.push(rule.explanation);
-		if (jsFunc.startsWith("fs.") && hasArgContaining(syscall.args, [
-			".js",
-			".json",
-			".node"
-		])) detailParts.push("The syscall arguments reference module-like file extensions, which strengthens the fs correlation.");
-		if (jsFunc === "fetch" && hasArgContaining(syscall.args, [
-			"80",
-			"443",
-			"http",
-			"https"
-		])) detailParts.push("The syscall arguments look like network endpoints, which aligns with fetch or low-level HTTP clients.");
-		if (detailParts.length === 0) detailParts.push(`Mapped ${syscall.syscall} to ${jsFunc} using the default syscall-to-JS heuristic table.`);
-		return detailParts.join(" ");
-	}
-};
-//#endregion
-//#region src/server/domains/syscall-hook/handlers.impl.ts
-function isRecord(value) {
-	return typeof value === "object" && value !== null;
-}
-function readNumber(value) {
-	if (typeof value === "number" && Number.isFinite(value)) return value;
-}
-function readString(value) {
-	if (typeof value === "string") return value;
-}
-function readStringArray(value) {
-	if (!Array.isArray(value)) return;
-	const strings = [];
-	for (const item of value) {
-		if (typeof item !== "string") return;
-		strings.push(item);
-	}
-	return strings;
-}
-function readBackend(value) {
-	if (value === "etw" || value === "strace" || value === "dtrace") return value;
-}
-function readFilter(value) {
-	if (!isRecord(value)) return;
-	const filter = {};
-	const names = readStringArray(value["name"]);
-	const pid = readNumber(value["pid"]);
-	if (names) filter.name = names;
-	if (pid !== void 0) filter.pid = pid;
-	return filter;
-}
-function isSyscallEvent(value) {
-	if (!isRecord(value)) return false;
-	const timestamp = readNumber(value["timestamp"]);
-	const pid = readNumber(value["pid"]);
-	const syscall = readString(value["syscall"]);
-	const args = readStringArray(value["args"]);
-	const returnValue = value["returnValue"];
-	const duration = value["duration"];
-	const returnValueValid = returnValue === void 0 || readNumber(returnValue) !== void 0;
-	const durationValid = duration === void 0 || readNumber(duration) !== void 0;
-	return timestamp !== void 0 && pid !== void 0 && syscall !== void 0 && args !== void 0 && returnValueValid && durationValid;
-}
-function cloneSyscallEvent(event) {
-	return {
-		timestamp: event.timestamp,
-		pid: event.pid,
-		syscall: event.syscall,
-		args: [...event.args],
-		returnValue: event.returnValue,
-		duration: event.duration
-	};
-}
-function toErrorMessage(error) {
-	if (error instanceof Error) return error.message;
-	return "Unknown syscall-hook error";
-}
-var SyscallHookHandlers = class {
-	constructor(monitor, mapper, eventBus) {
-		this.monitor = monitor;
-		this.mapper = mapper;
-		this.eventBus = eventBus;
-	}
-	async handleSyscallStartMonitor(args) {
-		const backend = readBackend(args["backend"]);
-		if (!backend) return {
-			ok: false,
-			error: "backend must be one of: etw, strace, dtrace"
-		};
-		const pid = readNumber(args["pid"]);
-		if (args["pid"] !== void 0 && pid === void 0) return {
-			ok: false,
-			error: "pid must be a finite number when provided"
-		};
-		const monitor = this.ensureMonitor();
-		try {
-			await monitor.start({
-				backend,
-				pid
-			});
-			this.eventBus?.emit("syscall:trace_started", {
-				backend,
-				pid,
-				timestamp: (/* @__PURE__ */ new Date()).toISOString()
-			});
-			return {
-				ok: true,
-				started: true,
-				backend,
-				pid,
-				stats: monitor.getStats()
-			};
-		} catch (error) {
-			return {
-				ok: false,
-				error: toErrorMessage(error),
-				requestedBackend: backend,
-				supportedBackends: monitor.getSupportedBackends()
-			};
-		}
-	}
-	async handleSyscallStopMonitor() {
-		const monitor = this.ensureMonitor();
-		try {
-			await monitor.stop();
-			return {
-				ok: true,
-				stopped: true,
-				stats: monitor.getStats()
-			};
-		} catch (error) {
-			return {
-				ok: false,
-				error: toErrorMessage(error)
-			};
-		}
-	}
-	async handleSyscallCaptureEvents(args) {
-		const monitor = this.ensureMonitor();
-		const filter = readFilter(args["filter"]);
-		const events = await monitor.captureEvents(filter);
-		return {
-			ok: true,
-			events,
-			count: events.length,
-			stats: monitor.getStats()
-		};
-	}
-	async handleSyscallCorrelateJs(args) {
-		const rawEvents = args["syscallEvents"];
-		if (!Array.isArray(rawEvents) || !rawEvents.every((item) => isSyscallEvent(item))) return {
-			ok: false,
-			error: "syscallEvents must be an array of valid SyscallEvent objects"
-		};
-		const mapper = this.ensureMapper();
-		const correlations = [];
-		const unmatched = [];
-		for (const event of rawEvents) {
-			const clonedEvent = cloneSyscallEvent(event);
-			const correlated = mapper.map(clonedEvent);
-			if (correlated) correlations.push(correlated);
-			else unmatched.push(clonedEvent);
-		}
-		return {
-			ok: true,
-			correlations,
-			matched: correlations.length,
-			unmatched
-		};
-	}
-	async handleSyscallFilter(args) {
-		const names = readStringArray(args["names"]);
-		if (args["names"] !== void 0 && names === void 0) return {
-			ok: false,
-			error: "names must be an array of strings when provided"
-		};
-		const events = await this.ensureMonitor().captureEvents(names && names.length > 0 ? { name: names } : void 0);
-		return {
-			ok: true,
-			names,
-			events,
-			count: events.length
-		};
-	}
-	async handleSyscallGetStats() {
-		const monitor = this.ensureMonitor();
-		return {
-			ok: true,
-			...monitor.getStats(),
-			running: monitor.isRunning(),
-			supportedBackends: monitor.getSupportedBackends()
-		};
-	}
-	ensureMonitor() {
-		if (!this.monitor) this.monitor = new SyscallMonitor();
-		return this.monitor;
-	}
-	ensureMapper() {
-		if (!this.mapper) this.mapper = new SyscallToJSMapper();
-		return this.mapper;
-	}
-};
-//#endregion
-export { SyscallHookHandlers };