@jshookmcp/jshook 0.3.0 → 0.3.2

package/dist/workflow-BpuKEtvn.mjs

@@ -1,725 +0,0 @@
-import { t as logger } from "./logger-Dh_xb7_2.mjs";
-import { Br as WORKFLOW_JS_BUNDLE_MAX_SIZE_BYTES, Ir as WORKFLOW_BUNDLE_CACHE_MAX_BYTES, Lr as WORKFLOW_BUNDLE_CACHE_TTL_MS, Rr as WORKFLOW_JS_BUNDLE_FETCH_TIMEOUT_MS, zr as WORKFLOW_JS_BUNDLE_MAX_REDIRECTS } from "./constants-CDZLOoVv.mjs";
-import { a as argString, i as argObject, r as argNumber, t as argBool } from "./parse-args-B4cY5Vx5.mjs";
-import { a as isLoopbackHost, s as isPrivateHost } from "./ssrf-policy-Dsqd-DTX.mjs";
-import { t as R } from "./ResponseBuilder-CJXWmWNw.mjs";
-import "./definitions-Cea8Lgl7.mjs";
-import { BlockList, isIP } from "node:net";
-import { lookup } from "node:dns/promises";
-//#region src/server/domains/workflow/handlers/shared.ts
-/**
-* Shared types, state, and utilities for workflow domain sub-handlers.
-*/
-const BUILTIN_SCRIPT_ENTRIES = [
-	{
-		name: "auth_extract",
-		description: "Extract auth tokens from localStorage and cookies",
-		code: `(function(){
-  var keys=['token','active_token','access_token','jwt','auth_token','userRole','id_token','refresh_token'];
-  var r={};
-  for(var i=0;i<keys.length;i++){var v=localStorage.getItem(keys[i]);if(v)r[keys[i]]=v;}
-  r._cookies=document.cookie;
-  return r;
-})()`
-	},
-	{
-		name: "bundle_search",
-		description: "Fetch a remote JS bundle and search it with regex patterns. params: { url: string, patterns: string[] }",
-		code: `(async function(){
-  var p=typeof __params__!=='undefined'?__params__:{};
-  if(!p.url)return{error:'params.url required'};
-  var resp=await fetch(p.url);
-  var text=await resp.text();
-  var patterns=p.patterns||[];
-  var results={};
-  for(var i=0;i<patterns.length;i++){
-    var re=new RegExp(patterns[i],'g');
-    var matches=[];var m;
-    while((m=re.exec(text))!==null){
-      var s=Math.max(0,m.index-80),e=Math.min(text.length,m.index+m[0].length+80);
-      matches.push({match:m[0],ctx:text.slice(s,e)});
-      if(matches.length>=10)break;
-    }
-    results[patterns[i]]=matches;
-  }
-  return{size:text.length,results:results};
-})()`
-	},
-	{
-		name: "react_fill_form",
-		description: "Fill React controlled form inputs using native setter trick. params: { fields: { \"selector\": \"value\" } }",
-		code: `(function(){
-  var p=typeof __params__!=='undefined'?__params__:{};
-  var fields=p.fields||{};
-  var ns=Object.getOwnPropertyDescriptor(window.HTMLInputElement.prototype,'value').set;
-  var r={};
-  var entries=Object.entries(fields);
-  for(var i=0;i<entries.length;i++){
-    var sel=entries[i][0],val=entries[i][1];
-    var el=document.querySelector(sel);
-    if(!el){r[sel]='not found';continue;}
-    ns.call(el,val);
-    el.dispatchEvent(new Event('input',{bubbles:true}));
-    el.dispatchEvent(new Event('change',{bubbles:true}));
-    r[sel]='filled';
-  }
-  return r;
-})()`
-	},
-	{
-		name: "dom_find_upgrade_buttons",
-		description: "Scan the current page for upgrade/subscription/tier-related UI elements",
-		code: `(function(){
-  var kw=['upgrade','plus','pro','premium','subscribe','plan','tier','vip','membership'];
-  var r=[];
-  document.querySelectorAll('button,a,[role=button],[class*=upgrade],[class*=premium],[class*=plus]').forEach(function(el){
-    var t=(el.textContent||'').toLowerCase().trim();
-    var c=(el.className||'').toLowerCase();
-    if(kw.some(function(k){return t.includes(k)||c.includes(k);})){
-      r.push({tag:el.tagName,text:t.slice(0,120),cls:c.slice(0,100),href:el.href||null,id:el.id||null});
-    }
-  });
-  return r;
-})()`
-	}
-];
-function createWorkflowSharedState(deps) {
-	const state = {
-		deps,
-		scriptRegistry: /* @__PURE__ */ new Map(),
-		bundleCache: /* @__PURE__ */ new Map(),
-		bundleCacheBytes: 0
-	};
-	initBuiltinScripts(state.scriptRegistry);
-	return state;
-}
-const WORKFLOW_CONSTANTS = {
-	BUNDLE_CACHE_TTL_MS: WORKFLOW_BUNDLE_CACHE_TTL_MS,
-	MAX_SCRIPTS: 100,
-	MAX_BUNDLE_CACHE: 50,
-	MAX_BUNDLE_CACHE_BYTES: WORKFLOW_BUNDLE_CACHE_MAX_BYTES
-};
-function initBuiltinScripts(registry) {
-	for (const entry of BUILTIN_SCRIPT_ENTRIES) registry.set(entry.name, {
-		code: entry.code,
-		description: entry.description,
-		source: "core",
-		protectedFromEviction: true
-	});
-}
-function evictBundleCache(state) {
-	const now = Date.now();
-	for (const [k, v] of state.bundleCache) if (now - v.cachedAt >= WORKFLOW_CONSTANTS.BUNDLE_CACHE_TTL_MS) {
-		state.bundleCacheBytes -= v.text.length;
-		state.bundleCache.delete(k);
-	}
-	while (state.bundleCache.size >= WORKFLOW_CONSTANTS.MAX_BUNDLE_CACHE || state.bundleCacheBytes > WORKFLOW_CONSTANTS.MAX_BUNDLE_CACHE_BYTES) {
-		const oldest = state.bundleCache.keys().next().value;
-		if (oldest !== void 0) {
-			const entry = state.bundleCache.get(oldest);
-			if (entry) state.bundleCacheBytes -= entry.text.length;
-			state.bundleCache.delete(oldest);
-		} else break;
-	}
-}
-function escapeInlineScriptLiteral(value) {
-	return value.replace(/[<>/\u2028\u2029]/g, (char) => {
-		switch (char) {
-			case "<": return "\\u003C";
-			case ">": return "\\u003E";
-			case "/": return "\\u002F";
-			case "\u2028": return "\\u2028";
-			case "\u2029": return "\\u2029";
-			default: return char;
-		}
-	});
-}
-function getOptionalString(value) {
-	return typeof value === "string" ? value : void 0;
-}
-function getOptionalRecord(value) {
-	if (value === null || typeof value !== "object" || Array.isArray(value)) return void 0;
-	return value;
-}
-function jsonTextResult(payload) {
-	return R.raw(payload);
-}
-//#endregion
-//#region src/server/domains/workflow/handlers/script-handlers.ts
-/**
-* Script management and extension workflow sub-handler.
-*/
-var ScriptHandlers = class {
-	state;
-	constructor(state) {
-		this.state = state;
-	}
-	async handlePageScriptRegister(args) {
-		const name = getOptionalString(args.name);
-		const code = getOptionalString(args.code);
-		const description = getOptionalString(args.description) ?? "";
-		if (!name || !code) return jsonTextResult({
-			success: false,
-			error: "name and code are required"
-		});
-		const isUpdate = this.state.scriptRegistry.has(name);
-		if (!isUpdate && this.state.scriptRegistry.size >= WORKFLOW_CONSTANTS.MAX_SCRIPTS) {
-			for (const [scriptName, entry] of this.state.scriptRegistry) if (!entry.protectedFromEviction) {
-				this.state.scriptRegistry.delete(scriptName);
-				break;
-			}
-		}
-		const existingEntry = this.state.scriptRegistry.get(name);
-		this.state.scriptRegistry.set(name, {
-			code,
-			description,
-			source: existingEntry?.source ?? "user",
-			protectedFromEviction: existingEntry?.protectedFromEviction ?? false
-		});
-		return jsonTextResult({
-			success: true,
-			action: isUpdate ? "updated" : "registered",
-			name,
-			description,
-			totalScripts: this.state.scriptRegistry.size,
-			available: Array.from(this.state.scriptRegistry.keys())
-		});
-	}
-	async handlePageScriptRun(args) {
-		const name = getOptionalString(args.name);
-		const params = getOptionalRecord(args.params);
-		const entry = name ? this.state.scriptRegistry.get(name) : void 0;
-		if (!entry) {
-			const available = Array.from(this.state.scriptRegistry.keys());
-			return jsonTextResult({
-				success: false,
-				error: `Script "${name}" not found`,
-				available
-			});
-		}
-		let codeToRun;
-		if (params !== void 0) codeToRun = `(function(){const __params__=JSON.parse(${escapeInlineScriptLiteral(JSON.stringify(JSON.stringify(params)))});return(${entry.code});})()`;
-		else codeToRun = entry.code;
-		try {
-			return await this.state.deps.browserHandlers.handlePageEvaluate({ code: codeToRun });
-		} catch (error) {
-			logger.error(`[page_script_run] Script "${name}" failed:`, error);
-			return jsonTextResult({
-				success: false,
-				script: name,
-				error: error instanceof Error ? error.message : String(error)
-			});
-		}
-	}
-	async handleListExtensionWorkflows() {
-		const ctx = this.state.deps.serverContext;
-		if (!ctx) return jsonTextResult({
-			success: false,
-			error: "Extension workflow runtime is unavailable in this handler context"
-		});
-		const { ensureWorkflowsLoaded } = await import("./ExtensionManager-BDMsY2Dz.mjs").then((n) => n.t);
-		await ensureWorkflowsLoaded(ctx);
-		const workflows = [...ctx.extensionWorkflowsById.values()].filter((record) => record.route?.kind !== "preset");
-		workflows.sort((a, b) => a.id.localeCompare(b.id));
-		const serializedWorkflows = workflows.map((record) => ({
-			id: record.id,
-			displayName: record.displayName,
-			description: record.description,
-			tags: record.tags,
-			timeoutMs: record.timeoutMs,
-			defaultMaxConcurrency: record.defaultMaxConcurrency,
-			source: record.source,
-			route: record.route ? {
-				kind: record.route.kind,
-				priority: record.route.priority,
-				requiredDomains: record.route.requiredDomains,
-				triggerPatterns: record.route.triggerPatterns.map((pattern) => pattern.source),
-				steps: record.route.steps
-			} : void 0
-		}));
-		return jsonTextResult({
-			success: true,
-			count: serializedWorkflows.length,
-			workflows: serializedWorkflows
-		});
-	}
-	async handleRunExtensionWorkflow(args) {
-		const ctx = this.state.deps.serverContext;
-		if (!ctx) return jsonTextResult({
-			success: false,
-			error: "Extension workflow runtime is unavailable in this handler context"
-		});
-		const workflowId = getOptionalString(args.workflowId) ?? getOptionalString(args.id);
-		if (!workflowId) return jsonTextResult({
-			success: false,
-			error: "workflowId is required"
-		});
-		const { ensureWorkflowsLoaded } = await import("./ExtensionManager-BDMsY2Dz.mjs").then((n) => n.t);
-		await ensureWorkflowsLoaded(ctx);
-		const runtimeRecord = ctx.extensionWorkflowRuntimeById.get(workflowId);
-		if (!runtimeRecord) {
-			const available = [...ctx.extensionWorkflowsById.values()].filter((record) => record.route?.kind !== "preset").map((record) => record.id);
-			available.sort((a, b) => a.localeCompare(b));
-			return jsonTextResult({
-				success: false,
-				error: `Extension workflow "${workflowId}" not found`,
-				available
-			});
-		}
-		if (runtimeRecord.route?.kind === "preset") return jsonTextResult({
-			success: false,
-			workflowId,
-			error: `Extension workflow "${workflowId}" is a routing preset and cannot be executed directly. Use route_tool or the suggested preset steps instead.`
-		});
-		const profile = getOptionalString(args.profile);
-		const config = getOptionalRecord(args.config);
-		const nodeInputOverrides = argObject(args, "nodeInputOverrides");
-		const timeoutMs = argNumber(args, "timeoutMs");
-		try {
-			const { executeExtensionWorkflow } = await import("./WorkflowEngine-DJ6M4opp.mjs").then((n) => n.t);
-			return jsonTextResult({
-				success: true,
-				...await executeExtensionWorkflow(ctx, runtimeRecord.workflow, {
-					profile,
-					config,
-					nodeInputOverrides,
-					timeoutMs
-				})
-			});
-		} catch (error) {
-			logger.error(`[run_extension_workflow] Workflow "${workflowId}" failed:`, error);
-			return jsonTextResult({
-				success: false,
-				workflowId,
-				error: error instanceof Error ? error.message : String(error)
-			});
-		}
-	}
-};
-//#endregion
-//#region src/server/domains/workflow/handlers/network-policy.ts
-/**
-* Workflow network policy — SSRF-aware URL authorization.
-*/
-function normalizeWorkflowHostname(host) {
-	return host.trim().replace(/^\[|\]$/g, "").toLowerCase();
-}
-function parseWorkflowStringArray(raw) {
-	if (raw === void 0) return [];
-	const parsed = typeof raw === "string" ? (() => {
-		try {
-			return JSON.parse(raw);
-		} catch {
-			return null;
-		}
-	})() : raw;
-	if (!Array.isArray(parsed)) return null;
-	const values = parsed.filter((entry) => typeof entry === "string");
-	if (values.length !== parsed.length) return null;
-	return values.map((entry) => entry.trim()).filter((entry) => entry.length > 0);
-}
-function normalizeWorkflowHostPattern(raw) {
-	const trimmed = raw.trim();
-	const candidate = trimmed.includes("://") ? trimmed : `http://${trimmed}`;
-	try {
-		const parsed = new URL(candidate);
-		if (parsed.port.length > 0) return {
-			scope: "host",
-			value: parsed.host.toLowerCase()
-		};
-		return {
-			scope: "hostname",
-			value: normalizeWorkflowHostname(parsed.hostname)
-		};
-	} catch {
-		return {
-			scope: "hostname",
-			value: normalizeWorkflowHostname(trimmed)
-		};
-	}
-}
-function parseWorkflowBoolean(raw, fieldName) {
-	if (raw === void 0) return {
-		ok: true,
-		value: false
-	};
-	if (typeof raw !== "boolean") return {
-		ok: false,
-		error: `${fieldName} must be a boolean when provided`
-	};
-	return {
-		ok: true,
-		value: raw
-	};
-}
-function parseWorkflowNetworkPolicy(args) {
-	const rawNetworkPolicy = args.networkPolicy;
-	if (rawNetworkPolicy === void 0) return { policy: {
-		allowPrivateNetwork: false,
-		allowInsecureHttp: false,
-		allowedHosts: [],
-		allowedRedirectHosts: [],
-		allowedCidrs: [],
-		allowedCidrBlockList: new BlockList()
-	} };
-	const parsedInput = typeof rawNetworkPolicy === "string" ? (() => {
-		try {
-			return JSON.parse(rawNetworkPolicy);
-		} catch {
-			return null;
-		}
-	})() : rawNetworkPolicy;
-	if (!parsedInput || typeof parsedInput !== "object" || Array.isArray(parsedInput)) return { error: "networkPolicy must be an object or valid JSON object string" };
-	const record = parsedInput;
-	const allowPrivateNetwork = parseWorkflowBoolean(record.allowPrivateNetwork, "networkPolicy.allowPrivateNetwork");
-	if (!allowPrivateNetwork.ok) return { error: allowPrivateNetwork.error };
-	const allowInsecureHttp = parseWorkflowBoolean(record.allowInsecureHttp, "networkPolicy.allowInsecureHttp");
-	if (!allowInsecureHttp.ok) return { error: allowInsecureHttp.error };
-	const allowedHosts = parseWorkflowStringArray(record.allowedHosts);
-	if (allowedHosts === null) return { error: "networkPolicy.allowedHosts must be an array of strings" };
-	const allowedRedirectHosts = parseWorkflowStringArray(record.allowedRedirectHosts);
-	if (allowedRedirectHosts === null) return { error: "networkPolicy.allowedRedirectHosts must be an array of strings" };
-	const allowedCidrs = parseWorkflowStringArray(record.allowedCidrs);
-	if (allowedCidrs === null) return { error: "networkPolicy.allowedCidrs must be an array of strings" };
-	const allowedCidrBlockList = new BlockList();
-	for (const cidr of allowedCidrs) {
-		const [address, prefixRaw] = cidr.split("/");
-		if (!address || !prefixRaw) return { error: `Invalid CIDR in networkPolicy.allowedCidrs: "${cidr}"` };
-		const family = isIP(address);
-		if (family === 0) return { error: `Invalid CIDR base address in networkPolicy.allowedCidrs: "${cidr}"` };
-		const prefix = Number(prefixRaw);
-		const maxPrefix = family === 4 ? 32 : 128;
-		if (!Number.isInteger(prefix) || prefix < 0 || prefix > maxPrefix) return { error: `Invalid CIDR prefix in networkPolicy.allowedCidrs: "${cidr}"` };
-		allowedCidrBlockList.addSubnet(address, prefix, family === 4 ? "ipv4" : "ipv6");
-	}
-	return { policy: {
-		allowPrivateNetwork: allowPrivateNetwork.value,
-		allowInsecureHttp: allowInsecureHttp.value,
-		allowedHosts: allowedHosts.map(normalizeWorkflowHostPattern),
-		allowedRedirectHosts: allowedRedirectHosts.map(normalizeWorkflowHostPattern),
-		allowedCidrs,
-		allowedCidrBlockList
-	} };
-}
-async function authorizeWorkflowUrl(targetUrl, policy, options) {
-	let parsedUrl;
-	try {
-		parsedUrl = new URL(targetUrl);
-	} catch {
-		throw new Error(`Invalid ${options.label}: ${targetUrl}`);
-	}
-	if (parsedUrl.protocol !== "http:" && parsedUrl.protocol !== "https:") throw new Error(`Unsupported protocol for ${options.label}: ${parsedUrl.protocol} — only http/https allowed`);
-	const normalizedHostname = normalizeWorkflowHostname(parsedUrl.hostname);
-	const parsedHost = parsedUrl.host.toLowerCase();
-	const ipFamily = isIP(normalizedHostname);
-	const resolvedIp = ipFamily !== 0 ? normalizedHostname : await lookup(normalizedHostname).then((result) => result.address).catch((error) => {
-		throw new Error(`DNS resolution failed for "${targetUrl}"`, { cause: error });
-	});
-	const resolvedFamily = isIP(resolvedIp);
-	const matchesAllowedCidr = resolvedFamily !== 0 && policy.allowedCidrs.length > 0 && policy.allowedCidrBlockList.check(resolvedIp, resolvedFamily === 4 ? "ipv4" : "ipv6");
-	const hostPatterns = options.allowRedirectHosts && policy.allowedRedirectHosts.length > 0 ? policy.allowedRedirectHosts : policy.allowedHosts;
-	const matchesAllowedHost = hostPatterns.some((pattern) => pattern.scope === "host" ? pattern.value === parsedHost : pattern.value === normalizedHostname);
-	const hasHostOrCidrRules = hostPatterns.length > 0 || policy.allowedCidrs.length > 0;
-	const isAuthorizedTarget = !hasHostOrCidrRules || matchesAllowedHost || matchesAllowedCidr;
-	if (isPrivateHost(normalizedHostname) || isPrivateHost(resolvedIp)) {
-		if (!policy.allowPrivateNetwork) throw new Error(`Blocked: ${options.label} "${targetUrl}" resolves to a private/reserved address`);
-		if (!hasHostOrCidrRules || !isAuthorizedTarget) throw new Error(`Blocked: ${options.label} "${targetUrl}" requires an explicit networkPolicy host or CIDR allow rule`);
-	} else if (hasHostOrCidrRules && !isAuthorizedTarget) throw new Error(`Blocked: ${options.label} "${targetUrl}" is not authorized by networkPolicy`);
-	const loopbackTarget = isLoopbackHost(normalizedHostname) || isLoopbackHost(resolvedIp);
-	if (parsedUrl.protocol === "http:" && !loopbackTarget) {
-		if (!policy.allowInsecureHttp) throw new Error(`Blocked: insecure HTTP requires networkPolicy.allowInsecureHttp for "${targetUrl}"`);
-		if (!hasHostOrCidrRules || !isAuthorizedTarget) throw new Error(`Blocked: insecure HTTP target "${targetUrl}" requires an explicit networkPolicy host or CIDR allow rule`);
-	}
-	const fetchHeaders = {};
-	let fetchUrl = parsedUrl.toString();
-	if (options.rewriteHttpHostToResolvedIp && parsedUrl.protocol === "http:" && ipFamily === 0) {
-		const originalHost = parsedUrl.host;
-		const pinnedUrl = new URL(parsedUrl.toString());
-		pinnedUrl.hostname = resolvedIp.includes(":") ? `[${resolvedIp}]` : resolvedIp;
-		fetchUrl = pinnedUrl.toString();
-		fetchHeaders.Host = originalHost;
-	}
-	return {
-		parsedUrl,
-		resolvedIp,
-		fetchUrl,
-		headers: fetchHeaders
-	};
-}
-//#endregion
-//#region src/server/domains/workflow/handlers/api-handlers.ts
-/**
-* API probe sub-handler.
-*/
-var ApiHandlers = class {
-	state;
-	constructor(state) {
-		this.state = state;
-	}
-	async handleApiProbeBatch(args) {
-		const rawBaseUrl = typeof args.baseUrl === "string" ? args.baseUrl.trim() : "";
-		if (rawBaseUrl.length === 0) return R.fail("baseUrl is required and must be a non-empty string").json();
-		const policyResult = parseWorkflowNetworkPolicy(args);
-		if (!policyResult.policy) return R.fail(policyResult.error).json();
-		let normalizedBaseUrl;
-		let authorizationHeaders = {};
-		try {
-			const authorization = await authorizeWorkflowUrl(rawBaseUrl, policyResult.policy, {
-				label: "baseUrl",
-				rewriteHttpHostToResolvedIp: true
-			});
-			normalizedBaseUrl = authorization.fetchUrl.replace(/\/$/, "");
-			authorizationHeaders = authorization.headers;
-		} catch (error) {
-			return R.fail(error).json();
-		}
-		const baseUrl = normalizedBaseUrl;
-		const rawPaths = args.paths;
-		const paths = Array.isArray(rawPaths) ? rawPaths : typeof rawPaths === "string" ? (() => {
-			try {
-				return JSON.parse(rawPaths);
-			} catch {
-				return [];
-			}
-		})() : [];
-		const method = (argString(args, "method") ?? "GET").toUpperCase();
-		const extraHeaders = argObject(args, "headers") ?? {};
-		const bodyTemplate = argString(args, "bodyTemplate") ?? null;
-		const includeBodyStatuses = Array.isArray(args.includeBodyStatuses) ? args.includeBodyStatuses.filter((v) => typeof v === "number") : [
-			200,
-			201,
-			204
-		];
-		const maxBodySnippetLength = Math.max(0, Math.min(argNumber(args, "maxBodySnippetLength", 500), 1e4));
-		const autoInjectAuth = argBool(args, "autoInjectAuth", true);
-		if (!paths || paths.length === 0) return R.fail("paths array is required and must not be empty").json();
-		const probeCode = `(async function() {
-  var baseUrl = ${JSON.stringify(baseUrl)};
-  var paths = ${JSON.stringify(paths)};
-  var method = ${JSON.stringify(method)};
-  var extraHeaders = ${JSON.stringify(extraHeaders)};
-  var includeBodyStatuses = ${JSON.stringify(includeBodyStatuses)};
-  var maxSnippetLen = ${JSON.stringify(maxBodySnippetLength)};
-  var autoInjectAuth = ${JSON.stringify(autoInjectAuth)};
-  var bodyTemplate = ${JSON.stringify(bodyTemplate)};
-  var authHeaders = ${JSON.stringify(authorizationHeaders)};
-  var headers = Object.assign({'Content-Type':'application/json'}, extraHeaders, authHeaders);
-  if (autoInjectAuth) {
-    var token = localStorage.getItem('token') || localStorage.getItem('active_token') || localStorage.getItem('access_token');
-    if (token) headers['Authorization'] = 'Bearer ' + token;
-  }
-  var results = {};
-  async function probePath(path) {
-    try {
-      var opts = {method: method, headers: headers, redirect: 'error'};
-      if (bodyTemplate && (method === 'POST' || method === 'PUT' || method === 'PATCH')) {
-        opts.body = bodyTemplate;
-      }
-      var resp = await fetch(baseUrl + path, opts);
-      var ct = resp.headers.get('content-type') || '';
-      var snippet = null;
-      if (includeBodyStatuses.indexOf(resp.status) !== -1) {
-        var text = await resp.text();
-        if (!ct.includes('text/html') && !ct.includes('application/xml')) {
-          snippet = text.length > maxSnippetLen ? text.slice(0, maxSnippetLen) + '...[truncated]' : text;
-        } else {
-          snippet = '[HTML/XML response suppressed]';
-        }
-      }
-      return [path, {status: resp.status, contentType: ct.split(';')[0].trim(), snippet: snippet}];
-    } catch(e) {
-      return [path, {status: -1, error: e instanceof Error ? e.message : String(e)}];
-    }
-  }
-  var nextIndex = 0;
-  var maxConcurrency = Math.min(paths.length, 6);
-  await Promise.all(Array.from({ length: maxConcurrency }, async function() {
-    while (nextIndex < paths.length) {
-      var currentIndex = nextIndex++;
-      var currentPath = paths[currentIndex];
-      var entry = await probePath(currentPath);
-      results[entry[0]] = entry[1];
-    }
-  }));
-  return {probed: paths.length, method: method, baseUrl: baseUrl, results: results};
-})()`;
-		try {
-			const resp = await this.state.deps.browserHandlers.handlePageEvaluate({ code: probeCode });
-			const data = R.parse(resp);
-			return R.ok().merge(data).json();
-		} catch (error) {
-			logger.error("[api_probe_batch] Error:", error);
-			return R.fail(error).json();
-		}
-	}
-};
-//#endregion
-//#region src/server/domains/workflow/handlers/account-handlers.ts
-/**
-* JS bundle search sub-handler.
-*/
-var AccountHandlers = class {
-	state;
-	constructor(state) {
-		this.state = state;
-	}
-	async handleJsBundleSearch(args) {
-		const url = argString(args, "url", "");
-		const rawPatterns = args.patterns;
-		const patterns = Array.isArray(rawPatterns) ? rawPatterns : typeof rawPatterns === "string" ? (() => {
-			try {
-				return JSON.parse(rawPatterns);
-			} catch {
-				return [];
-			}
-		})() : [];
-		const cacheBundle = argBool(args, "cacheBundle", true);
-		const stripNoise = argBool(args, "stripNoise", true);
-		const maxMatches = argNumber(args, "maxMatches", 10);
-		const policyResult = parseWorkflowNetworkPolicy(args);
-		if (!url || !patterns || patterns.length === 0) return R.fail("url and patterns are required").json();
-		if (!policyResult.policy) return R.fail(policyResult.error).json();
-		const networkPolicy = policyResult.policy;
-		const MAX_BUNDLE_SIZE = WORKFLOW_JS_BUNDLE_MAX_SIZE_BYTES;
-		const MAX_REDIRECTS = WORKFLOW_JS_BUNDLE_MAX_REDIRECTS;
-		const safeFetch = async (targetUrl, signal) => {
-			let currentUrl = targetUrl;
-			for (let hops = 0; hops < MAX_REDIRECTS; hops++) {
-				const authorization = await authorizeWorkflowUrl(currentUrl, networkPolicy, {
-					label: hops === 0 ? "bundle URL" : "redirect target",
-					allowRedirectHosts: hops > 0,
-					rewriteHttpHostToResolvedIp: true
-				});
-				const resp = await fetch(authorization.fetchUrl, {
-					signal,
-					redirect: "manual",
-					headers: authorization.headers
-				});
-				if (resp.status >= 300 && resp.status < 400) {
-					const location = resp.headers.get("location");
-					if (!location) throw new Error(`Redirect ${resp.status} without Location header`);
-					currentUrl = new URL(location, currentUrl).toString();
-					continue;
-				}
-				return resp;
-			}
-			throw new Error(`Too many redirects (>${MAX_REDIRECTS})`);
-		};
-		let bundleText;
-		let fromCache = false;
-		try {
-			if (cacheBundle) {
-				const cached = this.state.bundleCache.get(url);
-				if (cached && Date.now() - cached.cachedAt < WORKFLOW_CONSTANTS.BUNDLE_CACHE_TTL_MS) {
-					bundleText = cached.text;
-					fromCache = true;
-				} else {
-					const controller = new AbortController();
-					const timeoutId = setTimeout(() => controller.abort(), WORKFLOW_JS_BUNDLE_FETCH_TIMEOUT_MS);
-					try {
-						const resp = await safeFetch(url, controller.signal);
-						if (!resp.ok) return R.fail(`Fetch failed: ${resp.status} ${resp.statusText}`).merge({ url }).json();
-						bundleText = await resp.text();
-						if (bundleText.length > MAX_BUNDLE_SIZE) return R.fail(`Response too large: ${bundleText.length} bytes exceeds ${MAX_BUNDLE_SIZE} limit`).merge({ url }).json();
-						evictBundleCache(this.state);
-						this.state.bundleCache.set(url, {
-							text: bundleText,
-							cachedAt: Date.now()
-						});
-						this.state.bundleCacheBytes += bundleText.length;
-					} finally {
-						clearTimeout(timeoutId);
-					}
-				}
-			} else {
-				const controller = new AbortController();
-				const timeoutId = setTimeout(() => controller.abort(), 3e4);
-				try {
-					const resp = await safeFetch(url, controller.signal);
-					if (!resp.ok) return R.fail(`Fetch failed: ${resp.status} ${resp.statusText}`).merge({ url }).json();
-					bundleText = await resp.text();
-					if (bundleText.length > MAX_BUNDLE_SIZE) return R.fail(`Response too large: ${bundleText.length} bytes exceeds ${MAX_BUNDLE_SIZE} limit`).merge({ url }).json();
-				} finally {
-					clearTimeout(timeoutId);
-				}
-			}
-		} catch (fetchError) {
-			return R.fail(fetchError).merge({ url }).json();
-		}
-		const results = {};
-		for (const pattern of patterns) {
-			const contextBefore = pattern.contextBefore ?? 80;
-			const contextAfter = pattern.contextAfter ?? 80;
-			let re;
-			try {
-				re = new RegExp(pattern.regex, "g");
-			} catch (e) {
-				results[pattern.name] = [{
-					match: "",
-					index: -1,
-					context: `Invalid regex: ${e instanceof Error ? e.message : String(e)}`
-				}];
-				continue;
-			}
-			const matches = [];
-			let m;
-			while ((m = re.exec(bundleText)) !== null) {
-				const s = Math.max(0, m.index - contextBefore);
-				const e = Math.min(bundleText.length, m.index + m[0].length + contextAfter);
-				const ctx = bundleText.slice(s, e);
-				if (stripNoise) {
-					if (/[Mm]\d{1,6}(?:\.\d+)?[, ]\d{1,6}(?:\.\d+)?[CLHVSQTAZclhvsqtaz]/.test(ctx)) continue;
-					if (/data:[a-z+-]+\/[a-z+-]+;base64,/i.test(ctx)) continue;
-					if (ctx.replace(/[^A-Za-z0-9+/=]/g, "").length > ctx.length * .85 && ctx.length > 200) continue;
-				}
-				matches.push({
-					match: m[0],
-					index: m.index,
-					context: ctx
-				});
-				if (matches.length >= maxMatches) break;
-			}
-			results[pattern.name] = matches;
-		}
-		return R.ok().merge({
-			bundleUrl: url,
-			bundleSize: bundleText.length,
-			cached: fromCache,
-			patternsSearched: patterns.length,
-			results
-		}).json();
-	}
-};
-//#endregion
-//#region src/server/domains/workflow/handlers.impl.core.ts
-var WorkflowHandlers = class {
-	scripts;
-	api;
-	account;
-	constructor(deps) {
-		const state = createWorkflowSharedState(deps);
-		this.scripts = new ScriptHandlers(state);
-		this.api = new ApiHandlers(state);
-		this.account = new AccountHandlers(state);
-	}
-	handlePageScriptRegister(args) {
-		return this.scripts.handlePageScriptRegister(args);
-	}
-	handlePageScriptRun(args) {
-		return this.scripts.handlePageScriptRun(args);
-	}
-	handleListExtensionWorkflows() {
-		return this.scripts.handleListExtensionWorkflows();
-	}
-	handleRunExtensionWorkflow(args) {
-		return this.scripts.handleRunExtensionWorkflow(args);
-	}
-	handleApiProbeBatch(args) {
-		return this.api.handleApiProbeBatch(args);
-	}
-	handleJsBundleSearch(args) {
-		return this.account.handleJsBundleSearch(args);
-	}
-};
-//#endregion
-export { WorkflowHandlers };