@jshookmcp/jshook 0.2.9 → 0.3.1

package/dist/manifest-qSleDqdO.mjs

@@ -1,1023 +0,0 @@
-import { n as asJsonResponse } from "./response-BQVP-xUn.mjs";
-import { n as toolLookup } from "./registry-D-6e18lB.mjs";
-import { t as bindByDepKey } from "./bind-helpers-xFfRF-qm.mjs";
-//#region src/server/domains/boringssl-inspector/definitions.ts
-const boringsslInspectorTools = [
-	{
-		name: "tls_keylog_enable",
-		description: "Enable SSLKEYLOGFILE output for BoringSSL-compatible clients.",
-		inputSchema: {
-			type: "object",
-			properties: {},
-			required: []
-		}
-	},
-	{
-		name: "tls_keylog_parse",
-		description: "Parse an SSLKEYLOGFILE and summarize available key material.",
-		inputSchema: {
-			type: "object",
-			properties: { path: {
-				type: "string",
-				description: "Path to SSLKEYLOGFILE (uses default if omitted)"
-			} },
-			required: []
-		}
-	},
-	{
-		name: "tls_keylog_disable",
-		description: "Disable SSLKEYLOGFILE capture and unset the environment variable.",
-		inputSchema: {
-			type: "object",
-			properties: { path: {
-				type: "string",
-				description: "Specific path to disable (uses current path if omitted)"
-			} },
-			required: []
-		}
-	},
-	{
-		name: "tls_decrypt_payload",
-		description: "Decrypt a TLS payload using a provided key, nonce, and algorithm.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				encryptedHex: {
-					type: "string",
-					description: "Hex-encoded encrypted payload"
-				},
-				keyHex: {
-					type: "string",
-					description: "Hex-encoded decryption key"
-				},
-				nonceHex: {
-					type: "string",
-					description: "Hex-encoded nonce/IV"
-				},
-				algorithm: {
-					type: "string",
-					description: "Cipher algorithm (default: aes-256-gcm)",
-					default: "aes-256-gcm"
-				},
-				authTagHex: {
-					type: "string",
-					description: "Hex-encoded authentication tag (for AEAD ciphers)"
-				}
-			},
-			required: [
-				"encryptedHex",
-				"keyHex",
-				"nonceHex"
-			]
-		}
-	},
-	{
-		name: "tls_keylog_summarize",
-		description: "Summarize the contents of an SSLKEYLOGFILE by label distribution.",
-		inputSchema: {
-			type: "object",
-			properties: { content: {
-				type: "string",
-				description: "Inline keylog content to summarize (uses file if omitted)"
-			} },
-			required: []
-		}
-	},
-	{
-		name: "tls_keylog_lookup_secret",
-		description: "Look up a TLS secret by client random hex from the parsed keylog.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				clientRandom: {
-					type: "string",
-					description: "Hex-encoded client random"
-				},
-				label: {
-					type: "string",
-					description: "Optional label filter (e.g. CLIENT_RANDOM)"
-				}
-			},
-			required: ["clientRandom"]
-		}
-	},
-	{
-		name: "tls_cert_pin_bypass",
-		description: "Return a certificate pinning bypass strategy for the selected platform.",
-		inputSchema: {
-			type: "object",
-			properties: { target: {
-				type: "string",
-				enum: [
-					"android",
-					"ios",
-					"desktop"
-				],
-				description: "Target platform for bypass strategy"
-			} },
-			required: ["target"]
-		}
-	},
-	{
-		name: "tls_parse_handshake",
-		description: "Parse TLS record header and handshake metadata (version, cipher suites, SNI, extensions) from raw hex. Optionally decrypts payload preview when keylog is available.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				rawHex: {
-					type: "string",
-					description: "Hex-encoded TLS handshake record"
-				},
-				decrypt: {
-					type: "boolean",
-					description: "If true, attempt payload decryption using loaded keylog (default: false)"
-				}
-			},
-			required: ["rawHex"]
-		}
-	},
-	{
-		name: "tls_cipher_suites",
-		description: "List IANA TLS cipher suites, optionally filtered by keyword.",
-		inputSchema: {
-			type: "object",
-			properties: { filter: {
-				type: "string",
-				description: "Keyword filter for cipher suite names"
-			} },
-			required: []
-		}
-	},
-	{
-		name: "tls_parse_certificate",
-		description: "Parse a TLS Certificate message from raw hex and extract fingerprints.",
-		inputSchema: {
-			type: "object",
-			properties: { rawHex: {
-				type: "string",
-				description: "Hex-encoded certificate data"
-			} },
-			required: ["rawHex"]
-		}
-	},
-	{
-		name: "tls_probe_endpoint",
-		description: "Connect to a TLS endpoint and report certificate chain basics, trust result, ALPN, protocol, cipher, and SNI/hostname validation details for authorized target testing.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				host: {
-					type: "string",
-					description: "Target host name or IP address"
-				},
-				port: {
-					type: "number",
-					default: 443,
-					description: "Target TLS port (default: 443)"
-				},
-				servername: {
-					type: "string",
-					description: "Optional SNI and hostname validation override"
-				},
-				alpnProtocols: {
-					type: "array",
-					items: { type: "string" },
-					description: "Optional ALPN protocols to offer, in preference order"
-				},
-				timeoutMs: {
-					type: "number",
-					default: 5e3,
-					description: "Probe timeout in milliseconds"
-				},
-				minVersion: {
-					type: "string",
-					enum: [
-						"TLSv1",
-						"TLSv1.1",
-						"TLSv1.2",
-						"TLSv1.3"
-					],
-					description: "Optional minimum TLS version"
-				},
-				maxVersion: {
-					type: "string",
-					enum: [
-						"TLSv1",
-						"TLSv1.1",
-						"TLSv1.2",
-						"TLSv1.3"
-					],
-					description: "Optional maximum TLS version"
-				},
-				caPem: {
-					type: "string",
-					description: "Optional PEM-encoded CA bundle used for trust evaluation"
-				},
-				caPath: {
-					type: "string",
-					description: "Optional path to a PEM-encoded CA bundle used for trust evaluation"
-				},
-				allowInvalidCertificates: {
-					type: "boolean",
-					default: false,
-					description: "Allow untrusted certificate chains while still reporting the failure"
-				},
-				skipHostnameCheck: {
-					type: "boolean",
-					default: false,
-					description: "Skip hostname verification while still reporting the requested target"
-				}
-			},
-			required: ["host"]
-		}
-	},
-	{
-		name: "tcp_open",
-		description: "Open a stateful TCP session and return a sessionId for follow-up read/write calls.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				host: {
-					type: "string",
-					default: "127.0.0.1",
-					description: "Target host name or IP address"
-				},
-				port: {
-					type: "number",
-					description: "Target TCP port (1-65535)"
-				},
-				timeoutMs: {
-					type: "number",
-					default: 5e3,
-					description: "Connection timeout in milliseconds"
-				},
-				noDelay: {
-					type: "boolean",
-					default: true,
-					description: "Enable TCP_NODELAY on the socket after connect"
-				}
-			},
-			required: ["port"]
-		}
-	},
-	{
-		name: "tcp_write",
-		description: "Write raw bytes to an open TCP session; accepts hex or UTF-8 text input.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				sessionId: {
-					type: "string",
-					description: "Session id returned by tcp_open"
-				},
-				dataHex: {
-					type: "string",
-					description: "Hex-encoded payload to write"
-				},
-				dataText: {
-					type: "string",
-					description: "UTF-8 text payload to write (alternative to dataHex)"
-				},
-				timeoutMs: {
-					type: "number",
-					default: 5e3,
-					description: "Write timeout in milliseconds"
-				}
-			},
-			required: ["sessionId"]
-		}
-	},
-	{
-		name: "tcp_read_until",
-		description: "Read from an open TCP session until a delimiter is observed or a byte limit is reached.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				sessionId: {
-					type: "string",
-					description: "Session id returned by tcp_open"
-				},
-				delimiterHex: {
-					type: "string",
-					description: "Hex-encoded delimiter to stop at"
-				},
-				delimiterText: {
-					type: "string",
-					description: "UTF-8 delimiter to stop at (alternative to delimiterHex)"
-				},
-				includeDelimiter: {
-					type: "boolean",
-					default: true,
-					description: "Include the delimiter bytes in the returned payload"
-				},
-				maxBytes: {
-					type: "number",
-					description: "Optional maximum number of bytes to return even if no delimiter matches"
-				},
-				timeoutMs: {
-					type: "number",
-					default: 5e3,
-					description: "Read timeout in milliseconds"
-				}
-			},
-			required: ["sessionId"]
-		}
-	},
-	{
-		name: "tcp_close",
-		description: "Close an open TCP session and release its buffered state.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				sessionId: {
-					type: "string",
-					description: "Session id returned by tcp_open"
-				},
-				force: {
-					type: "boolean",
-					default: false,
-					description: "Destroy the socket immediately instead of sending FIN first"
-				},
-				timeoutMs: {
-					type: "number",
-					default: 1e3,
-					description: "Close wait timeout in milliseconds before forcing socket destruction"
-				}
-			},
-			required: ["sessionId"]
-		}
-	},
-	{
-		name: "tls_open",
-		description: "Open a stateful TLS session with explicit trust and hostname policy controls, then return a sessionId.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				host: {
-					type: "string",
-					description: "Target host name or IP address"
-				},
-				port: {
-					type: "number",
-					default: 443,
-					description: "Target TLS port (default: 443)"
-				},
-				servername: {
-					type: "string",
-					description: "Optional SNI and hostname validation override"
-				},
-				alpnProtocols: {
-					type: "array",
-					items: { type: "string" },
-					description: "Optional ALPN protocols to offer, in preference order"
-				},
-				timeoutMs: {
-					type: "number",
-					default: 5e3,
-					description: "Connection timeout in milliseconds"
-				},
-				minVersion: {
-					type: "string",
-					enum: [
-						"TLSv1",
-						"TLSv1.1",
-						"TLSv1.2",
-						"TLSv1.3"
-					],
-					description: "Optional minimum TLS version"
-				},
-				maxVersion: {
-					type: "string",
-					enum: [
-						"TLSv1",
-						"TLSv1.1",
-						"TLSv1.2",
-						"TLSv1.3"
-					],
-					description: "Optional maximum TLS version"
-				},
-				caPem: {
-					type: "string",
-					description: "Optional PEM-encoded CA bundle used for trust evaluation"
-				},
-				caPath: {
-					type: "string",
-					description: "Optional path to a PEM-encoded CA bundle used for trust evaluation"
-				},
-				allowInvalidCertificates: {
-					type: "boolean",
-					default: false,
-					description: "Allow untrusted certificate chains while still reporting the failure"
-				},
-				skipHostnameCheck: {
-					type: "boolean",
-					default: false,
-					description: "Skip hostname verification while still reporting the requested target"
-				}
-			},
-			required: ["host"]
-		}
-	},
-	{
-		name: "tls_write",
-		description: "Write raw bytes to an open TLS session; accepts hex or UTF-8 text input.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				sessionId: {
-					type: "string",
-					description: "Session id returned by tls_open"
-				},
-				dataHex: {
-					type: "string",
-					description: "Hex-encoded payload to write"
-				},
-				dataText: {
-					type: "string",
-					description: "UTF-8 text payload to write (alternative to dataHex)"
-				},
-				timeoutMs: {
-					type: "number",
-					default: 5e3,
-					description: "Write timeout in milliseconds"
-				}
-			},
-			required: ["sessionId"]
-		}
-	},
-	{
-		name: "tls_read_until",
-		description: "Read from an open TLS session until a delimiter is observed or a byte limit is reached.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				sessionId: {
-					type: "string",
-					description: "Session id returned by tls_open"
-				},
-				delimiterHex: {
-					type: "string",
-					description: "Hex-encoded delimiter to stop at"
-				},
-				delimiterText: {
-					type: "string",
-					description: "UTF-8 delimiter to stop at (alternative to delimiterHex)"
-				},
-				includeDelimiter: {
-					type: "boolean",
-					default: true,
-					description: "Include the delimiter bytes in the returned payload"
-				},
-				maxBytes: {
-					type: "number",
-					description: "Optional maximum number of bytes to return even if no delimiter matches"
-				},
-				timeoutMs: {
-					type: "number",
-					default: 5e3,
-					description: "Read timeout in milliseconds"
-				}
-			},
-			required: ["sessionId"]
-		}
-	},
-	{
-		name: "tls_close",
-		description: "Close an open TLS session and release its buffered state.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				sessionId: {
-					type: "string",
-					description: "Session id returned by tls_open"
-				},
-				force: {
-					type: "boolean",
-					default: false,
-					description: "Destroy the TLS socket immediately instead of sending close_notify/FIN first"
-				},
-				timeoutMs: {
-					type: "number",
-					default: 1e3,
-					description: "Close wait timeout in milliseconds before forcing socket destruction"
-				}
-			},
-			required: ["sessionId"]
-		}
-	},
-	{
-		name: "websocket_open",
-		description: "Open a stateful WebSocket session over ws or wss, perform the client handshake, and return a sessionId.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				url: {
-					type: "string",
-					description: "Full ws:// or wss:// URL (mutually exclusive with explicit host/path fields)"
-				},
-				scheme: {
-					type: "string",
-					enum: ["ws", "wss"],
-					default: "ws",
-					description: "WebSocket transport scheme when url is not provided"
-				},
-				host: {
-					type: "string",
-					description: "Target host name or IP address when url is not provided"
-				},
-				port: {
-					type: "number",
-					description: "Target port (defaults to 80 for ws, 443 for wss)"
-				},
-				path: {
-					type: "string",
-					default: "/",
-					description: "Request path including optional query string when url is not provided"
-				},
-				subprotocols: {
-					type: "array",
-					items: { type: "string" },
-					description: "Optional Sec-WebSocket-Protocol values to offer"
-				},
-				timeoutMs: {
-					type: "number",
-					default: 5e3,
-					description: "Handshake timeout in milliseconds"
-				},
-				servername: {
-					type: "string",
-					description: "Optional SNI and hostname validation override for wss sessions"
-				},
-				alpnProtocols: {
-					type: "array",
-					items: { type: "string" },
-					description: "Optional ALPN protocols to offer for wss sessions"
-				},
-				minVersion: {
-					type: "string",
-					enum: [
-						"TLSv1",
-						"TLSv1.1",
-						"TLSv1.2",
-						"TLSv1.3"
-					],
-					description: "Optional minimum TLS version for wss sessions"
-				},
-				maxVersion: {
-					type: "string",
-					enum: [
-						"TLSv1",
-						"TLSv1.1",
-						"TLSv1.2",
-						"TLSv1.3"
-					],
-					description: "Optional maximum TLS version for wss sessions"
-				},
-				caPem: {
-					type: "string",
-					description: "Optional PEM-encoded CA bundle for wss trust evaluation"
-				},
-				caPath: {
-					type: "string",
-					description: "Optional path to a PEM-encoded CA bundle for wss trust evaluation"
-				},
-				allowInvalidCertificates: {
-					type: "boolean",
-					default: false,
-					description: "Allow untrusted certificate chains for wss while still reporting the failure"
-				},
-				skipHostnameCheck: {
-					type: "boolean",
-					default: false,
-					description: "Skip hostname verification for wss while still reporting the requested target"
-				}
-			},
-			required: []
-		}
-	},
-	{
-		name: "websocket_send_frame",
-		description: "Send a single WebSocket frame on an open session using a minimal opcode set (text, binary, ping, pong, close).",
-		inputSchema: {
-			type: "object",
-			properties: {
-				sessionId: {
-					type: "string",
-					description: "Session id returned by websocket_open"
-				},
-				frameType: {
-					type: "string",
-					enum: [
-						"text",
-						"binary",
-						"ping",
-						"pong",
-						"close"
-					],
-					description: "Outgoing frame opcode"
-				},
-				dataText: {
-					type: "string",
-					description: "UTF-8 payload for text/ping/pong/close frames"
-				},
-				dataHex: {
-					type: "string",
-					description: "Hex-encoded payload for binary/ping/pong/close frames"
-				},
-				closeCode: {
-					type: "number",
-					description: "Optional close status code when frameType is close"
-				},
-				closeReason: {
-					type: "string",
-					description: "Optional UTF-8 close reason when frameType is close"
-				},
-				timeoutMs: {
-					type: "number",
-					default: 5e3,
-					description: "Write timeout in milliseconds"
-				}
-			},
-			required: ["sessionId", "frameType"]
-		}
-	},
-	{
-		name: "websocket_read_frame",
-		description: "Read the next queued WebSocket frame from an open session.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				sessionId: {
-					type: "string",
-					description: "Session id returned by websocket_open"
-				},
-				timeoutMs: {
-					type: "number",
-					default: 5e3,
-					description: "Read timeout in milliseconds"
-				}
-			},
-			required: ["sessionId"]
-		}
-	},
-	{
-		name: "websocket_close",
-		description: "Close an open WebSocket session and release its queued frame state.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				sessionId: {
-					type: "string",
-					description: "Session id returned by websocket_open"
-				},
-				force: {
-					type: "boolean",
-					default: false,
-					description: "Destroy the underlying socket immediately without sending a close frame first"
-				},
-				closeCode: {
-					type: "number",
-					description: "Optional close status code when force is false"
-				},
-				closeReason: {
-					type: "string",
-					description: "Optional UTF-8 close reason when force is false"
-				},
-				timeoutMs: {
-					type: "number",
-					default: 1e3,
-					description: "Close wait timeout in milliseconds before forcing socket destruction"
-				}
-			},
-			required: ["sessionId"]
-		}
-	},
-	{
-		name: "tls_cert_pin_bypass_frida",
-		description: "Bypass certificate pinning via Frida injection (supports BoringSSL, Chrome, OkHttp).",
-		inputSchema: {
-			type: "object",
-			properties: {},
-			required: []
-		}
-	},
-	{
-		name: "net_raw_tcp_send",
-		description: "Send raw TCP data to a remote host; accepts hex or text input.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				host: {
-					type: "string",
-					default: "127.0.0.1",
-					description: "Target host address"
-				},
-				port: {
-					type: "number",
-					description: "Target port number (1-65535)"
-				},
-				dataHex: {
-					type: "string",
-					description: "Hex-encoded data to send"
-				},
-				dataText: {
-					type: "string",
-					description: "Text data to send (alternative to dataHex)"
-				},
-				timeout: {
-					type: "number",
-					default: 5e3,
-					description: "Connection timeout in ms"
-				}
-			},
-			required: ["port"]
-		}
-	},
-	{
-		name: "net_raw_tcp_listen",
-		description: "Listen on a local TCP port for one incoming connection.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				port: {
-					type: "number",
-					description: "Local port to listen on (1-65535)"
-				},
-				timeout: {
-					type: "number",
-					default: 1e4,
-					description: "Listen timeout in ms"
-				}
-			},
-			required: ["port"]
-		}
-	},
-	{
-		name: "net_raw_udp_send",
-		description: "Send a raw UDP datagram and wait for a response.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				host: {
-					type: "string",
-					default: "127.0.0.1",
-					description: "Target host address"
-				},
-				port: {
-					type: "number",
-					description: "Target port number (1-65535)"
-				},
-				dataHex: {
-					type: "string",
-					description: "Hex-encoded data to send"
-				},
-				dataText: {
-					type: "string",
-					description: "Text data to send (alternative to dataHex)"
-				},
-				timeout: {
-					type: "number",
-					default: 5e3,
-					description: "Response timeout in ms"
-				}
-			},
-			required: ["port"]
-		}
-	},
-	{
-		name: "net_raw_udp_listen",
-		description: "Listen on a local UDP port for an incoming datagram.",
-		inputSchema: {
-			type: "object",
-			properties: {
-				port: {
-					type: "number",
-					description: "Local port to listen on (1-65535)"
-				},
-				timeout: {
-					type: "number",
-					default: 1e4,
-					description: "Listen timeout in ms"
-				}
-			},
-			required: ["port"]
-		}
-	}
-];
-//#endregion
-//#region src/server/domains/boringssl-inspector/manifest.ts
-const DOMAIN = "boringssl-inspector";
-const DEP_KEY = "boringsslInspectorHandlers";
-const PROFILES = ["workflow", "full"];
-const lookup = toolLookup(boringsslInspectorTools);
-const bind = (invoke) => bindByDepKey(DEP_KEY, async (handler, args) => {
-	return asJsonResponse(await invoke(handler, args));
-});
-async function ensure(ctx) {
-	const { BoringsslInspectorHandlers } = await import("./handlers-9sAbfIg-.mjs");
-	const { TLSKeyLogExtractor } = await import("./boringssl-inspector-BH2D3VKc.mjs").then((n) => n.t);
-	const existing = ctx.getDomainInstance(DEP_KEY);
-	if (existing) return existing;
-	const handlers = new BoringsslInspectorHandlers(new TLSKeyLogExtractor());
-	handlers.setExtensionInvoke(async (args) => {
-		try {
-			const binaryInstrument = ctx.getDomainInstance("binaryInstrumentHandlers");
-			if (binaryInstrument && typeof binaryInstrument.handleFridaRunScript === "function") return binaryInstrument.handleFridaRunScript(args);
-		} catch {}
-		return null;
-	});
-	handlers.setEventBus(ctx.eventBus);
-	ctx.setDomainInstance(DEP_KEY, handlers);
-	return handlers;
-}
-const manifest = {
-	kind: "domain-manifest",
-	version: 1,
-	domain: DOMAIN,
-	depKey: DEP_KEY,
-	profiles: PROFILES,
-	registrations: [
-		{
-			tool: lookup("tls_keylog_enable"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleTlsKeylogEnable(args))
-		},
-		{
-			tool: lookup("tls_keylog_parse"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleTlsKeylogParse(args))
-		},
-		{
-			tool: lookup("tls_keylog_disable"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleTlsKeylogDisable(args))
-		},
-		{
-			tool: lookup("tls_decrypt_payload"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleTlsDecryptPayload(args))
-		},
-		{
-			tool: lookup("tls_keylog_summarize"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleTlsKeylogSummarize(args))
-		},
-		{
-			tool: lookup("tls_keylog_lookup_secret"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleTlsKeylogLookupSecret(args))
-		},
-		{
-			tool: lookup("tls_cert_pin_bypass"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleTlsCertPinBypass(args))
-		},
-		{
-			tool: lookup("tls_parse_handshake"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleParseHandshake(args))
-		},
-		{
-			tool: lookup("tls_cipher_suites"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleCipherSuites(args))
-		},
-		{
-			tool: lookup("tls_parse_certificate"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleParseCertificate(args))
-		},
-		{
-			tool: lookup("tls_probe_endpoint"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleTlsProbeEndpoint(args))
-		},
-		{
-			tool: lookup("tcp_open"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleTcpOpen(args))
-		},
-		{
-			tool: lookup("tcp_write"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleTcpWrite(args))
-		},
-		{
-			tool: lookup("tcp_read_until"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleTcpReadUntil(args))
-		},
-		{
-			tool: lookup("tcp_close"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleTcpClose(args))
-		},
-		{
-			tool: lookup("tls_open"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleTlsOpen(args))
-		},
-		{
-			tool: lookup("tls_write"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleTlsWrite(args))
-		},
-		{
-			tool: lookup("tls_read_until"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleTlsReadUntil(args))
-		},
-		{
-			tool: lookup("tls_close"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleTlsClose(args))
-		},
-		{
-			tool: lookup("websocket_open"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleWebSocketOpen(args))
-		},
-		{
-			tool: lookup("websocket_send_frame"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleWebSocketSendFrame(args))
-		},
-		{
-			tool: lookup("websocket_read_frame"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleWebSocketReadFrame(args))
-		},
-		{
-			tool: lookup("websocket_close"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleWebSocketClose(args))
-		},
-		{
-			tool: lookup("tls_cert_pin_bypass_frida"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleBypassCertPinning(args))
-		},
-		{
-			tool: lookup("net_raw_tcp_send"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleRawTcpSend(args))
-		},
-		{
-			tool: lookup("net_raw_tcp_listen"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleRawTcpListen(args))
-		},
-		{
-			tool: lookup("net_raw_udp_send"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleRawUdpSend(args))
-		},
-		{
-			tool: lookup("net_raw_udp_listen"),
-			domain: DOMAIN,
-			bind: bind((handler, args) => handler.handleRawUdpListen(args))
-		}
-	],
-	ensure,
-	workflowRule: {
-		patterns: [/\b(tls|ssl|boringssl|cert(ificate)?|pinning|handshake|keylog|websocket)\b/i, /(tls|ssl|cert|pinning|websocket).*(hook|bypass|intercept|dump|log|frame|session)/i],
-		priority: 80,
-		tools: [
-			"tls_probe_endpoint",
-			"websocket_open",
-			"websocket_send_frame",
-			"websocket_read_frame",
-			"tls_keylog_enable",
-			"tls_keylog_parse",
-			"tls_decrypt_payload",
-			"tls_cert_pin_bypass"
-		],
-		hint: "TLS/WebSocket analysis: probe endpoint → open ws/wss session → exchange frames → inspect trust/cipher/ALPN → enable keylog or bypass pinning when needed."
-	},
-	prerequisites: {
-		tls_probe_endpoint: [{
-			condition: "Target scope must be explicitly authorized and routable from the MCP host",
-			fix: "Verify target authorization, port reachability, and provide servername/custom CA options when needed"
-		}],
-		tls_keylog_enable: [{
-			condition: "Target process must allow SSLKEYLOGFILE or be attachable by Frida",
-			fix: "Launch the target with SSLKEYLOGFILE env set, or enable Frida-based hooking"
-		}],
-		tls_decrypt_payload: [{
-			condition: "A keylog session must be active with captured secrets",
-			fix: "Run tls_keylog_enable and reproduce TLS traffic before decrypting"
-		}],
-		tls_cert_pin_bypass_frida: [{
-			condition: "Frida must be available on PATH and attached to the target",
-			fix: "Install Frida and attach via binary-instrument:frida_attach before running the bypass"
-		}]
-	},
-	toolDependencies: [{
-		from: "network",
-		to: "boringssl-inspector",
-		relation: "uses",
-		weight: .8
-	}]
-};
-//#endregion
-export { manifest as default };