@jshookmcp/jshook 0.3.0 → 0.3.1

package/dist/manifest-NvH_a-av.mjs

@@ -1,786 +0,0 @@
-import { i as asToolResponse } from "./response-CWhh2aLo.mjs";
-import { n as toolLookup } from "./registry-Bl8ZQW61.mjs";
-import { n as defineMethodRegistrations } from "./bind-helpers-ClV34xdn.mjs";
-//#region src/server/domains/boringssl-inspector/definitions/support.ts
-const TLS_VERSION_VALUES = [
-	"TLSv1",
-	"TLSv1.1",
-	"TLSv1.2",
-	"TLSv1.3"
-];
-function objectTool(name, description, properties = {}, required = []) {
-	return {
-		name,
-		description,
-		inputSchema: {
-			type: "object",
-			properties,
-			required
-		}
-	};
-}
-//#endregion
-//#region src/server/domains/boringssl-inspector/definitions/frida-tools.ts
-const fridaTools = [objectTool("tls_cert_pin_bypass_frida", "Bypass certificate pinning via Frida injection (supports BoringSSL, Chrome, OkHttp).")];
-//#endregion
-//#region src/server/domains/boringssl-inspector/definitions/raw-socket-tools.ts
-const rawSocketTools = [
-	objectTool("net_raw_tcp_send", "Send raw TCP data to a remote host; accepts hex or text input.", {
-		host: {
-			type: "string",
-			default: "127.0.0.1",
-			description: "Target host address"
-		},
-		port: {
-			type: "number",
-			description: "Target port number (1-65535)"
-		},
-		dataHex: {
-			type: "string",
-			description: "Hex-encoded data to send"
-		},
-		dataText: {
-			type: "string",
-			description: "Text data to send (alternative to dataHex)"
-		},
-		timeout: {
-			type: "number",
-			default: 5e3,
-			description: "Connection timeout in ms"
-		}
-	}, ["port"]),
-	objectTool("net_raw_tcp_listen", "Listen on a local TCP port for one incoming connection.", {
-		port: {
-			type: "number",
-			description: "Local port to listen on (1-65535)"
-		},
-		timeout: {
-			type: "number",
-			default: 1e4,
-			description: "Listen timeout in ms"
-		}
-	}, ["port"]),
-	objectTool("net_raw_udp_send", "Send a raw UDP datagram and wait for a response.", {
-		host: {
-			type: "string",
-			default: "127.0.0.1",
-			description: "Target host address"
-		},
-		port: {
-			type: "number",
-			description: "Target port number (1-65535)"
-		},
-		dataHex: {
-			type: "string",
-			description: "Hex-encoded data to send"
-		},
-		dataText: {
-			type: "string",
-			description: "Text data to send (alternative to dataHex)"
-		},
-		timeout: {
-			type: "number",
-			default: 5e3,
-			description: "Response timeout in ms"
-		}
-	}, ["port"]),
-	objectTool("net_raw_udp_listen", "Listen on a local UDP port for an incoming datagram.", {
-		port: {
-			type: "number",
-			description: "Local port to listen on (1-65535)"
-		},
-		timeout: {
-			type: "number",
-			default: 1e4,
-			description: "Listen timeout in ms"
-		}
-	}, ["port"])
-];
-//#endregion
-//#region src/server/domains/boringssl-inspector/definitions/session-tools.ts
-const sessionTools = [
-	objectTool("tcp_open", "Open a TCP session.", {
-		host: {
-			type: "string",
-			default: "127.0.0.1",
-			description: "Target host name or IP address"
-		},
-		port: {
-			type: "number",
-			description: "Target TCP port"
-		},
-		timeoutMs: {
-			type: "number",
-			default: 5e3,
-			description: "Connection timeout in milliseconds"
-		},
-		noDelay: {
-			type: "boolean",
-			default: true,
-			description: "Enable TCP_NODELAY on the socket after connect"
-		}
-	}, ["port"]),
-	objectTool("tcp_write", "Write data to an open TCP session.", {
-		sessionId: {
-			type: "string",
-			description: "TCP session ID"
-		},
-		dataHex: {
-			type: "string",
-			description: "Hex-encoded payload to write"
-		},
-		dataText: {
-			type: "string",
-			description: "UTF-8 text payload to write"
-		},
-		timeoutMs: {
-			type: "number",
-			default: 5e3,
-			description: "Write timeout in milliseconds"
-		}
-	}, ["sessionId"]),
-	objectTool("tcp_read_until", "Read from an open TCP session until a delimiter or byte limit is reached.", {
-		sessionId: {
-			type: "string",
-			description: "TCP session ID"
-		},
-		delimiterHex: {
-			type: "string",
-			description: "Hex-encoded delimiter to stop at"
-		},
-		delimiterText: {
-			type: "string",
-			description: "UTF-8 delimiter to stop at"
-		},
-		includeDelimiter: {
-			type: "boolean",
-			default: true,
-			description: "Include the delimiter bytes in the returned payload"
-		},
-		maxBytes: {
-			type: "number",
-			description: "Optional maximum number of bytes to return even if no delimiter matches"
-		},
-		timeoutMs: {
-			type: "number",
-			default: 5e3,
-			description: "Read timeout in milliseconds"
-		}
-	}, ["sessionId"]),
-	objectTool("tcp_close", "Close an open TCP session.", {
-		sessionId: {
-			type: "string",
-			description: "TCP session ID"
-		},
-		force: {
-			type: "boolean",
-			default: false,
-			description: "Destroy the socket immediately instead of sending FIN first"
-		},
-		timeoutMs: {
-			type: "number",
-			default: 1e3,
-			description: "Close wait timeout in milliseconds before forcing socket destruction"
-		}
-	}, ["sessionId"]),
-	objectTool("tls_open", "Open a TLS session.", {
-		host: {
-			type: "string",
-			description: "Target host name or IP address"
-		},
-		port: {
-			type: "number",
-			default: 443,
-			description: "Target TLS port"
-		},
-		servername: {
-			type: "string",
-			description: "Optional SNI and hostname validation override"
-		},
-		alpnProtocols: {
-			type: "array",
-			items: { type: "string" },
-			description: "Optional ALPN protocols to offer"
-		},
-		timeoutMs: {
-			type: "number",
-			default: 5e3,
-			description: "Connection timeout in milliseconds"
-		},
-		minVersion: {
-			type: "string",
-			enum: [...TLS_VERSION_VALUES],
-			description: "Optional minimum TLS version"
-		},
-		maxVersion: {
-			type: "string",
-			enum: [...TLS_VERSION_VALUES],
-			description: "Optional maximum TLS version"
-		},
-		caPem: {
-			type: "string",
-			description: "Optional PEM-encoded CA bundle"
-		},
-		caPath: {
-			type: "string",
-			description: "Optional path to a PEM-encoded CA bundle"
-		},
-		allowInvalidCertificates: {
-			type: "boolean",
-			default: false,
-			description: "Allow untrusted certificate chains while still reporting the failure"
-		},
-		skipHostnameCheck: {
-			type: "boolean",
-			default: false,
-			description: "Skip hostname verification while still reporting the requested target"
-		}
-	}, ["host"]),
-	objectTool("tls_write", "Write data to an open TLS session.", {
-		sessionId: {
-			type: "string",
-			description: "TLS session ID"
-		},
-		dataHex: {
-			type: "string",
-			description: "Hex-encoded payload to write"
-		},
-		dataText: {
-			type: "string",
-			description: "UTF-8 text payload to write"
-		},
-		timeoutMs: {
-			type: "number",
-			default: 5e3,
-			description: "Write timeout in milliseconds"
-		}
-	}, ["sessionId"]),
-	objectTool("tls_read_until", "Read from an open TLS session until a delimiter or byte limit is reached.", {
-		sessionId: {
-			type: "string",
-			description: "TLS session ID"
-		},
-		delimiterHex: {
-			type: "string",
-			description: "Hex-encoded delimiter to stop at"
-		},
-		delimiterText: {
-			type: "string",
-			description: "UTF-8 delimiter to stop at"
-		},
-		includeDelimiter: {
-			type: "boolean",
-			default: true,
-			description: "Include the delimiter bytes in the returned payload"
-		},
-		maxBytes: {
-			type: "number",
-			description: "Optional maximum number of bytes to return even if no delimiter matches"
-		},
-		timeoutMs: {
-			type: "number",
-			default: 5e3,
-			description: "Read timeout in milliseconds"
-		}
-	}, ["sessionId"]),
-	objectTool("tls_close", "Close an open TLS session.", {
-		sessionId: {
-			type: "string",
-			description: "TLS session ID"
-		},
-		force: {
-			type: "boolean",
-			default: false,
-			description: "Destroy the TLS socket immediately instead of sending close_notify/FIN first"
-		},
-		timeoutMs: {
-			type: "number",
-			default: 1e3,
-			description: "Close wait timeout in milliseconds before forcing socket destruction"
-		}
-	}, ["sessionId"])
-];
-//#endregion
-//#region src/server/domains/boringssl-inspector/definitions/tls-analysis-tools.ts
-const tlsAnalysisTools = [
-	objectTool("tls_keylog_enable", "Enable SSLKEYLOGFILE output for BoringSSL-compatible clients."),
-	objectTool("tls_keylog_parse", "Parse an SSLKEYLOGFILE and summarize available key material.", { path: {
-		type: "string",
-		description: "Path to SSLKEYLOGFILE"
-	} }),
-	objectTool("tls_keylog_disable", "Disable SSLKEYLOGFILE capture and unset the environment variable.", { path: {
-		type: "string",
-		description: "Path to disable"
-	} }),
-	objectTool("tls_decrypt_payload", "Decrypt a TLS payload using a provided key, nonce, and algorithm.", {
-		encryptedHex: {
-			type: "string",
-			description: "Hex-encoded encrypted payload"
-		},
-		keyHex: {
-			type: "string",
-			description: "Hex-encoded decryption key"
-		},
-		nonceHex: {
-			type: "string",
-			description: "Hex-encoded nonce/IV"
-		},
-		algorithm: {
-			type: "string",
-			description: "Cipher algorithm",
-			default: "aes-256-gcm"
-		},
-		authTagHex: {
-			type: "string",
-			description: "Hex-encoded authentication tag"
-		}
-	}, [
-		"encryptedHex",
-		"keyHex",
-		"nonceHex"
-	]),
-	objectTool("tls_keylog_summarize", "Summarize the contents of an SSLKEYLOGFILE by label distribution.", { content: {
-		type: "string",
-		description: "Inline keylog content to summarize"
-	} }),
-	objectTool("tls_keylog_lookup_secret", "Look up a TLS secret by client random hex from the parsed keylog.", {
-		clientRandom: {
-			type: "string",
-			description: "Hex-encoded client random"
-		},
-		label: {
-			type: "string",
-			description: "Optional label filter"
-		}
-	}, ["clientRandom"]),
-	objectTool("tls_cert_pin_bypass", "Return a certificate pinning bypass strategy for the selected platform.", { target: {
-		type: "string",
-		enum: [
-			"android",
-			"ios",
-			"desktop"
-		],
-		description: "Target platform for bypass strategy"
-	} }, ["target"]),
-	objectTool("tls_parse_handshake", "Parse TLS handshake metadata from raw hex.", {
-		rawHex: {
-			type: "string",
-			description: "Hex-encoded TLS handshake record"
-		},
-		decrypt: {
-			type: "boolean",
-			description: "Attempt payload decryption using the loaded keylog"
-		}
-	}, ["rawHex"]),
-	objectTool("tls_cipher_suites", "List TLS cipher suites.", { filter: {
-		type: "string",
-		description: "Keyword filter for cipher suite names"
-	} }),
-	objectTool("tls_parse_certificate", "Parse a TLS Certificate message from raw hex and extract fingerprints.", { rawHex: {
-		type: "string",
-		description: "Hex-encoded certificate data"
-	} }, ["rawHex"]),
-	objectTool("tls_probe_endpoint", "Probe a TLS endpoint and report handshake and certificate details.", {
-		host: {
-			type: "string",
-			description: "Target host name or IP address"
-		},
-		port: {
-			type: "number",
-			default: 443,
-			description: "Target TLS port"
-		},
-		servername: {
-			type: "string",
-			description: "Optional SNI and hostname validation override"
-		},
-		alpnProtocols: {
-			type: "array",
-			items: { type: "string" },
-			description: "Optional ALPN protocols to offer"
-		},
-		timeoutMs: {
-			type: "number",
-			default: 5e3,
-			description: "Probe timeout in milliseconds"
-		},
-		minVersion: {
-			type: "string",
-			enum: [...TLS_VERSION_VALUES],
-			description: "Optional minimum TLS version"
-		},
-		maxVersion: {
-			type: "string",
-			enum: [...TLS_VERSION_VALUES],
-			description: "Optional maximum TLS version"
-		},
-		caPem: {
-			type: "string",
-			description: "Optional PEM-encoded CA bundle"
-		},
-		caPath: {
-			type: "string",
-			description: "Optional path to a PEM-encoded CA bundle"
-		},
-		allowInvalidCertificates: {
-			type: "boolean",
-			default: false,
-			description: "Allow untrusted certificate chains while still reporting the failure"
-		},
-		skipHostnameCheck: {
-			type: "boolean",
-			default: false,
-			description: "Skip hostname verification while still reporting the requested target"
-		}
-	}, ["host"])
-];
-//#endregion
-//#region src/server/domains/boringssl-inspector/definitions/websocket-tools.ts
-const websocketTools = [
-	objectTool("websocket_open", "Open a WebSocket session.", {
-		url: {
-			type: "string",
-			description: "WebSocket URL"
-		},
-		scheme: {
-			type: "string",
-			enum: ["ws", "wss"],
-			default: "ws",
-			description: "WebSocket transport scheme"
-		},
-		host: {
-			type: "string",
-			description: "Target host name or IP address"
-		},
-		port: {
-			type: "number",
-			description: "Target port"
-		},
-		path: {
-			type: "string",
-			default: "/",
-			description: "Request path"
-		},
-		subprotocols: {
-			type: "array",
-			items: { type: "string" },
-			description: "Optional subprotocols to offer"
-		},
-		timeoutMs: {
-			type: "number",
-			default: 5e3,
-			description: "Handshake timeout in milliseconds"
-		},
-		servername: {
-			type: "string",
-			description: "Optional SNI and hostname validation override"
-		},
-		alpnProtocols: {
-			type: "array",
-			items: { type: "string" },
-			description: "Optional ALPN protocols to offer"
-		},
-		minVersion: {
-			type: "string",
-			enum: [...TLS_VERSION_VALUES],
-			description: "Optional minimum TLS version"
-		},
-		maxVersion: {
-			type: "string",
-			enum: [...TLS_VERSION_VALUES],
-			description: "Optional maximum TLS version"
-		},
-		caPem: {
-			type: "string",
-			description: "Optional PEM-encoded CA bundle"
-		},
-		caPath: {
-			type: "string",
-			description: "Optional path to a PEM-encoded CA bundle"
-		},
-		allowInvalidCertificates: {
-			type: "boolean",
-			default: false,
-			description: "Allow untrusted certificate chains"
-		},
-		skipHostnameCheck: {
-			type: "boolean",
-			default: false,
-			description: "Skip hostname verification"
-		}
-	}),
-	objectTool("websocket_send_frame", "Send a WebSocket frame.", {
-		sessionId: {
-			type: "string",
-			description: "WebSocket session ID"
-		},
-		frameType: {
-			type: "string",
-			enum: [
-				"text",
-				"binary",
-				"ping",
-				"pong",
-				"close"
-			],
-			description: "Outgoing frame opcode"
-		},
-		dataText: {
-			type: "string",
-			description: "UTF-8 payload for text/ping/pong/close frames"
-		},
-		dataHex: {
-			type: "string",
-			description: "Hex-encoded payload for binary/ping/pong/close frames"
-		},
-		closeCode: {
-			type: "number",
-			description: "Optional close status code"
-		},
-		closeReason: {
-			type: "string",
-			description: "Optional close reason"
-		},
-		timeoutMs: {
-			type: "number",
-			default: 5e3,
-			description: "Write timeout in milliseconds"
-		}
-	}, ["sessionId", "frameType"]),
-	objectTool("websocket_read_frame", "Read the next queued WebSocket frame from an open session.", {
-		sessionId: {
-			type: "string",
-			description: "WebSocket session ID"
-		},
-		timeoutMs: {
-			type: "number",
-			default: 5e3,
-			description: "Read timeout in milliseconds"
-		}
-	}, ["sessionId"]),
-	objectTool("websocket_close", "Close an open WebSocket session.", {
-		sessionId: {
-			type: "string",
-			description: "WebSocket session ID"
-		},
-		force: {
-			type: "boolean",
-			default: false,
-			description: "Destroy the underlying socket immediately without sending a close frame first"
-		},
-		closeCode: {
-			type: "number",
-			description: "Optional close status code"
-		},
-		closeReason: {
-			type: "string",
-			description: "Optional close reason"
-		},
-		timeoutMs: {
-			type: "number",
-			default: 1e3,
-			description: "Close wait timeout in milliseconds before forcing socket destruction"
-		}
-	}, ["sessionId"])
-];
-//#endregion
-//#region src/server/domains/boringssl-inspector/definitions.ts
-const boringsslInspectorTools = [
-	...tlsAnalysisTools,
-	...sessionTools,
-	...websocketTools,
-	...fridaTools,
-	...rawSocketTools
-];
-//#endregion
-//#region src/server/domains/boringssl-inspector/manifest.ts
-const DOMAIN = "boringssl-inspector";
-const DEP_KEY = "boringsslInspectorHandlers";
-const PROFILES = ["workflow", "full"];
-const registrations = defineMethodRegistrations({
-	domain: DOMAIN,
-	depKey: DEP_KEY,
-	lookup: toolLookup(boringsslInspectorTools),
-	wrapResult: asToolResponse,
-	entries: [
-		{
-			tool: "tls_keylog_enable",
-			method: "handleTlsKeylogEnable"
-		},
-		{
-			tool: "tls_keylog_parse",
-			method: "handleTlsKeylogParse"
-		},
-		{
-			tool: "tls_keylog_disable",
-			method: "handleTlsKeylogDisable"
-		},
-		{
-			tool: "tls_decrypt_payload",
-			method: "handleTlsDecryptPayload"
-		},
-		{
-			tool: "tls_keylog_summarize",
-			method: "handleTlsKeylogSummarize"
-		},
-		{
-			tool: "tls_keylog_lookup_secret",
-			method: "handleTlsKeylogLookupSecret"
-		},
-		{
-			tool: "tls_cert_pin_bypass",
-			method: "handleTlsCertPinBypass"
-		},
-		{
-			tool: "tls_parse_handshake",
-			method: "handleParseHandshake"
-		},
-		{
-			tool: "tls_cipher_suites",
-			method: "handleCipherSuites"
-		},
-		{
-			tool: "tls_parse_certificate",
-			method: "handleParseCertificate"
-		},
-		{
-			tool: "tls_probe_endpoint",
-			method: "handleTlsProbeEndpoint"
-		},
-		{
-			tool: "tcp_open",
-			method: "handleTcpOpen"
-		},
-		{
-			tool: "tcp_write",
-			method: "handleTcpWrite"
-		},
-		{
-			tool: "tcp_read_until",
-			method: "handleTcpReadUntil"
-		},
-		{
-			tool: "tcp_close",
-			method: "handleTcpClose"
-		},
-		{
-			tool: "tls_open",
-			method: "handleTlsOpen"
-		},
-		{
-			tool: "tls_write",
-			method: "handleTlsWrite"
-		},
-		{
-			tool: "tls_read_until",
-			method: "handleTlsReadUntil"
-		},
-		{
-			tool: "tls_close",
-			method: "handleTlsClose"
-		},
-		{
-			tool: "websocket_open",
-			method: "handleWebSocketOpen"
-		},
-		{
-			tool: "websocket_send_frame",
-			method: "handleWebSocketSendFrame"
-		},
-		{
-			tool: "websocket_read_frame",
-			method: "handleWebSocketReadFrame"
-		},
-		{
-			tool: "websocket_close",
-			method: "handleWebSocketClose"
-		},
-		{
-			tool: "tls_cert_pin_bypass_frida",
-			method: "handleBypassCertPinning"
-		},
-		{
-			tool: "net_raw_tcp_send",
-			method: "handleRawTcpSend"
-		},
-		{
-			tool: "net_raw_tcp_listen",
-			method: "handleRawTcpListen"
-		},
-		{
-			tool: "net_raw_udp_send",
-			method: "handleRawUdpSend"
-		},
-		{
-			tool: "net_raw_udp_listen",
-			method: "handleRawUdpListen"
-		}
-	]
-});
-async function ensure(ctx) {
-	const { BoringsslInspectorHandlers } = await import("./handlers-BOs9b907.mjs");
-	const { TLSKeyLogExtractor } = await import("./boringssl-inspector-Bo_LOLaS.mjs").then((n) => n.t);
-	const existing = ctx.getDomainInstance(DEP_KEY);
-	if (existing) return existing;
-	const handlers = new BoringsslInspectorHandlers(new TLSKeyLogExtractor());
-	handlers.setExtensionInvoke(async (args) => {
-		try {
-			const binaryInstrument = ctx.getDomainInstance("binaryInstrumentHandlers");
-			if (binaryInstrument && typeof binaryInstrument.handleFridaRunScript === "function") return binaryInstrument.handleFridaRunScript(args);
-		} catch {}
-		return null;
-	});
-	handlers.setEventBus(ctx.eventBus);
-	ctx.setDomainInstance(DEP_KEY, handlers);
-	return handlers;
-}
-const manifest = {
-	kind: "domain-manifest",
-	version: 1,
-	domain: DOMAIN,
-	depKey: DEP_KEY,
-	profiles: PROFILES,
-	registrations,
-	ensure,
-	workflowRule: {
-		patterns: [/\b(tls|ssl|boringssl|cert(ificate)?|pinning|handshake|keylog|websocket)\b/i, /(tls|ssl|cert|pinning|websocket).*(hook|bypass|intercept|dump|log|frame|session)/i],
-		priority: 80,
-		tools: [
-			"tls_probe_endpoint",
-			"websocket_open",
-			"websocket_send_frame",
-			"websocket_read_frame",
-			"tls_keylog_enable",
-			"tls_keylog_parse",
-			"tls_decrypt_payload",
-			"tls_cert_pin_bypass"
-		],
-		hint: "TLS/WebSocket analysis: probe endpoint → open ws/wss session → exchange frames → inspect trust/cipher/ALPN → enable keylog or bypass pinning when needed."
-	},
-	prerequisites: {
-		tls_probe_endpoint: [{
-			condition: "Target scope must be explicitly authorized and routable from the MCP host",
-			fix: "Verify target authorization, port reachability, and provide servername/custom CA options when needed"
-		}],
-		tls_keylog_enable: [{
-			condition: "Target process must allow SSLKEYLOGFILE or be attachable by Frida",
-			fix: "Launch the target with SSLKEYLOGFILE env set, or enable Frida-based hooking"
-		}],
-		tls_decrypt_payload: [{
-			condition: "A keylog session must be active with captured secrets",
-			fix: "Run tls_keylog_enable and reproduce TLS traffic before decrypting"
-		}],
-		tls_cert_pin_bypass_frida: [{
-			condition: "Frida must be available on PATH and attached to the target",
-			fix: "Install Frida and attach via binary-instrument:frida_attach before running the bypass"
-		}]
-	},
-	toolDependencies: [{
-		from: "network",
-		to: "boringssl-inspector",
-		relation: "uses",
-		weight: .8
-	}]
-};
-//#endregion
-export { manifest as default };