npm - @jshookmcp/jshook - Versions diffs - 0.3.0 → 0.3.2 - Mend

@jshookmcp/jshook 0.3.0 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (346) hide show

package/LICENSE +661 -661
package/README.md +32 -49
package/README.zh.md +32 -47
package/dist/AntiCheatDetector-B6d4Qe9D.mjs +1 -0
package/dist/BrowserSessionCoordinator-BJ-HOxo0.mjs +1 -0
package/dist/CacheAdapters-CsNtQIR8.mjs +1 -0
package/dist/CodeInjector-Cll_7bLJ.mjs +1 -0
package/dist/ConsoleMonitor-CxDJV15E.mjs +306 -0
package/dist/DOMInspector-C19J4zeq.mjs +95 -0
package/dist/DarwinAPI-ZfQdpLNI.mjs +1 -0
package/dist/DetailedDataManager-DmQ1LT-W.mjs +1 -0
package/dist/EventBus-DL8iLA09.mjs +1 -0
package/dist/EvidenceGraphBridge-BtbwXsLC.mjs +1 -0
package/dist/ExtensionManager-BD724zkO.mjs +1 -0
package/dist/ExtensionManager.tools-oVMJgPcN.mjs +1 -0
package/dist/FingerprintManager-DT0EAUEo.mjs +1 -0
package/dist/HardwareBreakpoint-BUfPdp0f.mjs +1 -0
package/dist/HeapAnalyzer-B_aqY8oj.mjs +1 -0
package/dist/{HookGeneratorBuilders.core.generators.storage-CTbB4Lcx.mjs → HookGeneratorBuilders.core.generators.storage-DzD6dIJd.mjs} +66 -101
package/dist/InstrumentationSession-D_G1ZPyd.mjs +1 -0
package/dist/MCPServer.search.handlers.domain-BbS-6LnX.mjs +1 -0
package/dist/MemoryController-X1XNSn1n.mjs +2 -0
package/dist/MemoryScanSession-DG_F-PjE.mjs +1 -0
package/dist/MemoryScanner-g1_L1ub5.mjs +1 -0
package/dist/NativeMemoryManager.impl-DniBe2wf.mjs +1 -0
package/dist/NativeMemoryManager.utils-BHy1P_jM.mjs +1 -0
package/dist/NetworkMonitor-B_-au6aV.mjs +185 -0
package/dist/PEAnalyzer-yWQaGrcx.mjs +1 -0
package/dist/PageController-Dfsm1_o7.mjs +1 -0
package/dist/PointerChainEngine-BhCUkmxY.mjs +1 -0
package/dist/PrerequisiteError-BjCQA-gK.mjs +1 -0
package/dist/ProcessRegistry-C-bN48oR.mjs +1 -0
package/dist/ResponseBuilder-BfWP-uaT.mjs +1 -0
package/dist/ReverseEvidenceGraph-BhSYYdiI.mjs +2 -0
package/dist/RingBuffer-Dm54ELKT.mjs +1 -0
package/dist/ScriptManager-LWGPTdvD.mjs +7 -0
package/dist/ServerRuntimeState-D2bWHqEE.mjs +1 -0
package/dist/Speedhack-yseDPSZ9.mjs +1 -0
package/dist/StealthVerifier-BmcxfwSF.mjs +1 -0
package/dist/StructureAnalyzer-C5lpuZkg.mjs +2 -0
package/dist/ToolCatalog-CYdD9F5f.mjs +1 -0
package/dist/ToolError-DWU_z7gp.mjs +1 -0
package/dist/ToolProbe-C7ZU2x7M.mjs +1 -0
package/dist/ToolRegistry-C5oB8KP8.mjs +1 -0
package/dist/ToolRouter.policy-CfhJczkt.mjs +4 -0
package/dist/TraceRecorder-BiJWBXHX.mjs +272 -0
package/dist/VersionDetector-CHT36Az0.mjs +9 -0
package/dist/Win32API-eUCF57l_.mjs +1 -0
package/dist/Win32Debug-CYrIQBvr.mjs +1 -0
package/dist/WorkflowEngine-D876meOO.mjs +1 -0
package/dist/analysis-D4swdMvq.mjs +6 -0
package/dist/{antidebug-BRKeyt27.mjs → antidebug-7L3ygj_9.mjs} +8 -259
package/dist/apk-packer-BqXcInnX.mjs +1 -0
package/dist/artifactRetention-BCPQASm7.mjs +1 -0
package/dist/artifacts-CkodUM4j.mjs +1 -0
package/dist/authorization-schema-BOFwSXUN.mjs +1 -0
package/dist/betterSqlite3-Brtq-SIQ.mjs +1 -0
package/dist/binary-instrument-DU7V6TUM.mjs +7 -0
package/dist/binary-secrets-PdMVoyt0.mjs +1 -0
package/dist/bind-helpers-m2U8glkF.mjs +1 -0
package/dist/boringssl-inspector-BBaJwwkU.mjs +2 -0
package/dist/browser-Qqco2rOT.mjs +11 -0
package/dist/capabilities-CyXuKUl1.mjs +1 -0
package/dist/chunk-C_pMuVsO.mjs +1 -0
package/dist/collector-Bpl6qy2L.mjs +1 -0
package/dist/concurrency-DCr8WQ2M.mjs +1 -0
package/dist/constants-BYj8Xek8.mjs +1 -0
package/dist/coordination-CWXW1o8K.mjs +1 -0
package/dist/dart-inspector-7AkPeZ_Q.mjs +0 -0
package/dist/debugger-DyALjYMk.mjs +1 -0
package/dist/definitions-BWxBke3r.mjs +1 -0
package/dist/definitions-BYwATKc-.mjs +1 -0
package/dist/definitions-B_83XfNQ.mjs +1 -0
package/dist/definitions-Bf3H1EwV.mjs +1 -0
package/dist/definitions-BftdXgXI.mjs +1 -0
package/dist/definitions-Bio5XJYy.mjs +1 -0
package/dist/definitions-C3qNgSn1.mjs +1 -0
package/dist/definitions-CB6vmOer.mjs +1 -0
package/dist/definitions-CMZRSy3k.mjs +1 -0
package/dist/definitions-CQd7yCQH.mjs +1 -0
package/dist/definitions-CT8ln6GQ.mjs +1 -0
package/dist/definitions-Cenu6mxo.mjs +1 -0
package/dist/definitions-D4g-MS10.mjs +1 -0
package/dist/definitions-D5wl_8HN.mjs +1 -0
package/dist/definitions-DAQm1Xar.mjs +1 -0
package/dist/definitions-DP1vgxEY.mjs +1 -0
package/dist/definitions-DxFNRQNK2.mjs +1 -0
package/dist/definitions-Ibci7e_L.mjs +1 -0
package/dist/definitions-OeLvmlQy.mjs +1 -0
package/dist/definitions-RZYGD_Ey.mjs +1 -0
package/dist/definitions-Tls8c0A0.mjs +1 -0
package/dist/definitions-bybDvnG0.mjs +26 -0
package/dist/definitions-l7TjdE6V.mjs +1 -0
package/dist/encoding-ycOaz8Vr.mjs +2 -0
package/dist/ensure-browser-core-DxWC-NTp.mjs +1 -0
package/dist/evidence-graph-bridge-CV_UdYqj.mjs +1 -0
package/dist/factory-CKr4fAE1.mjs +1 -0
package/dist/flat-target-session-DvcQX7J5.mjs +1 -0
package/dist/formatAddress-vLA_hOJt.mjs +1 -0
package/dist/graphql-B2TiPEow.mjs +62 -0
package/dist/handlers-0yKLRIfo.mjs +2 -0
package/dist/handlers-8zN_vBIz.mjs +1 -0
package/dist/handlers-B62K4FTc.mjs +1 -0
package/dist/handlers-BpDlVVVU.mjs +1 -0
package/dist/handlers-CMJK7m1c.mjs +31 -0
package/dist/handlers-D2ZOul9p.mjs +54 -0
package/dist/handlers-D5E40ssn.mjs +5 -0
package/dist/handlers-DGbdQAgD.mjs +4 -0
package/dist/handlers-DHO3rjsW.mjs +1 -0
package/dist/handlers-FJ80VzUI.mjs +2 -0
package/dist/handlers-VHWrxbM_.mjs +1 -0
package/dist/handlers-l8QIKqBj.mjs +2 -0
package/dist/handlers-mPFiNPe8.mjs +302 -0
package/dist/{handlers-Dz9PYsCa.mjs → handlers-yo_xYzT8.mjs} +118 -904
package/dist/handlers.impl-D9Hh8Bgl.mjs +1 -0
package/dist/hooks-D4XLfgtV.mjs +600 -0
package/dist/index.mjs +13 -5240
package/dist/jadx-search-B_Yse0Zh.mjs +5 -0
package/dist/logger-sBC6IdRT.mjs +1 -0
package/dist/maintenance-BUpIukhg.mjs +1 -0
package/dist/manifest-0Jpt_AQa.mjs +1 -0
package/dist/manifest-B3fZbSWR.mjs +1 -0
package/dist/manifest-B7NB2rh2.mjs +1 -0
package/dist/manifest-BDi4nbH1.mjs +1 -0
package/dist/manifest-BLDfkE7n.mjs +1 -0
package/dist/manifest-BcXbB4gf.mjs +1 -0
package/dist/manifest-Bdnc_vrc.mjs +1 -0
package/dist/manifest-BuYKgCnp.mjs +1 -0
package/dist/manifest-CBfNnGPV.mjs +1 -0
package/dist/manifest-CPS1Xv69.mjs +1 -0
package/dist/manifest-CQH9FhwI.mjs +1 -0
package/dist/manifest-CRryuZF4.mjs +1 -0
package/dist/manifest-CctIumog.mjs +1 -0
package/dist/manifest-CvTe5ZGV2.mjs +1 -0
package/dist/manifest-D-5GH0DV.mjs +1 -0
package/dist/manifest-D3Ssf3IC.mjs +1 -0
package/dist/manifest-D5ck3NvC.mjs +1 -0
package/dist/manifest-D9jUUJAu.mjs +1 -0
package/dist/manifest-DCx6w2XV.mjs +1 -0
package/dist/manifest-DG19q-Ld.mjs +1 -0
package/dist/manifest-DLMlD0Zc.mjs +1 -0
package/dist/manifest-DYpn8w_h.mjs +1 -0
package/dist/manifest-DYzWI8Xs.mjs +1 -0
package/dist/manifest-D_obs5F4.mjs +1 -0
package/dist/manifest-DujQqEQR.mjs +2 -0
package/dist/manifest-DwL2ik8P.mjs +1 -0
package/dist/manifest-ItF5P8A12.mjs +1 -0
package/dist/manifest-KZphqIyX.mjs +1 -0
package/dist/manifest-LG42zPLY2.mjs +1 -0
package/dist/manifest-LLdI5m4T.mjs +1 -0
package/dist/manifest-QYbQXJn0.mjs +1 -0
package/dist/manifest-RcpX_MyZ.mjs +123 -0
package/dist/manifest-YgVd8Sgz.mjs +1 -0
package/dist/manifest-Zy7Odg5J.mjs +1 -0
package/dist/manifest-ff1H7Pdp.mjs +1 -0
package/dist/manifest-iuhF6pTL2.mjs +1 -0
package/dist/manifest-nXHmtMSp2.mjs +1 -0
package/dist/manifest-xWfu6iLo.mjs +1 -0
package/dist/manifest-yC16OhL2.mjs +1 -0
package/dist/manifest-ztWJoXy4.mjs +1 -0
package/dist/matchesWildcardPattern-BAG6LvX5.mjs +1 -0
package/dist/modules-BPBcSaM-.mjs +333 -0
package/dist/mojo-ipc-BhwsdVUW.mjs +9 -0
package/dist/native/scripts/linux/enum-windows.sh +12 -12
package/dist/native/scripts/macos/enum-windows.applescript +22 -22
package/dist/native-j8l473zn.mjs +961 -0
package/dist/network-T0VRwNPd.mjs +7 -0
package/dist/outputPaths-B4Ic4RZh.mjs +2 -0
package/dist/parse-args-Bw413PlW.mjs +1 -0
package/dist/platform-CzaQtISh.mjs +93 -0
package/dist/playwright-cdp-fallback-DqFdx9-s.mjs +1 -0
package/dist/process-CWhsCWrf.mjs +2 -0
package/dist/proxy-DZFlDsG3.mjs +2 -0
package/dist/registry-DH4sc1dt.mjs +1 -0
package/dist/renderer-pid-9tJnZ_9N.mjs +1 -0
package/dist/response-C7rKQst4.mjs +1 -0
package/dist/search-defaults-lYBVn_3L.mjs +1 -0
package/dist/server/plugin-api.d.mts +19 -36
package/dist/server/plugin-api.mjs +1 -293
package/dist/shared-state-board-BSjXLUV1.mjs +1 -0
package/dist/sourcemap-Dh3Ai_ur.mjs +1 -0
package/dist/ssrf-policy-CsIJGkpd.mjs +1 -0
package/dist/streaming-BcJ0B6ao.mjs +1 -0
package/dist/tool-builder-qif8M9-K.mjs +1 -0
package/dist/transform-DOxzeWPB.mjs +103 -0
package/dist/types-D9EiE5o9.mjs +1 -0
package/dist/types-Fz69RzbZ.mjs +1 -0
package/dist/wasm-CZ_HTfKR.mjs +174 -0
package/dist/webcrack-C1iYG_EX.mjs +46 -0
package/dist/workflow-BdwQmARn.mjs +101 -0
package/package.json +55 -82
package/src/native/scripts/linux/enum-windows.sh +12 -12
package/src/native/scripts/macos/enum-windows.applescript +22 -22
package/dist/AntiCheatDetector-CqGDXmfc.mjs +0 -350
package/dist/CacheAdapters-jJFy20G-.mjs +0 -80
package/dist/CodeInjector-BdjRfNx7.mjs +0 -150
package/dist/ConsoleMonitor-DykL3IAw.mjs +0 -2269
package/dist/DarwinAPI-ETyy0xyo.mjs +0 -363
package/dist/DetailedDataManager-HT49OrvF.mjs +0 -217
package/dist/EventBus-DFKvADm3.mjs +0 -141
package/dist/EvidenceGraphBridge-318Oi0Lf.mjs +0 -153
package/dist/ExtensionManager-BDMsY2Dz.mjs +0 -721
package/dist/FingerprintManager-BN4UQWnX.mjs +0 -96
package/dist/HardwareBreakpoint-Cc2AFq1Y.mjs +0 -239
package/dist/HeapAnalyzer-DruMgsgj.mjs +0 -284
package/dist/InstrumentationSession-DLH0vd-z.mjs +0 -244
package/dist/MemoryController-CMtviNW_.mjs +0 -167
package/dist/MemoryScanSession-ITgb_NMi.mjs +0 -278
package/dist/MemoryScanner-CiL7Z3ey.mjs +0 -428
package/dist/NativeMemoryManager.impl-D9Lkovvn.mjs +0 -485
package/dist/NativeMemoryManager.utils-BBlAixF5.mjs +0 -165
package/dist/PEAnalyzer-DMQ44gen.mjs +0 -385
package/dist/PageController-BPJNqqBN.mjs +0 -431
package/dist/PointerChainEngine-K7wN8Z-w.mjs +0 -325
package/dist/PrerequisiteError-TuyZIs6n.mjs +0 -20
package/dist/ProcessRegistry-zGg12QbE.mjs +0 -74
package/dist/ResponseBuilder-CJXWmWNw.mjs +0 -143
package/dist/ReverseEvidenceGraph-C02-gXOh.mjs +0 -269
package/dist/ScriptManager-ZuWD-0Jg.mjs +0 -3003
package/dist/Speedhack-D-z0umeT.mjs +0 -156
package/dist/StealthVerifier-BWmPgQsv.mjs +0 -135
package/dist/StructureAnalyzer-Cav5AVSL.mjs +0 -429
package/dist/ToolCatalog-5OJdMiF0.mjs +0 -582
package/dist/ToolError-jh9whhMd.mjs +0 -15
package/dist/ToolProbe-DbCFGyrg.mjs +0 -45
package/dist/ToolRegistry-B9krbTtI.mjs +0 -180
package/dist/ToolRouter.policy-BGDAGyeH.mjs +0 -344
package/dist/TraceRecorder-B41Z5XBj.mjs +0 -1286
package/dist/VersionDetector-K3V4vGsw.mjs +0 -104
package/dist/Win32API-C2kjj0ze.mjs +0 -346
package/dist/Win32Debug-CKrGOTpo.mjs +0 -274
package/dist/WorkflowEngine-DJ6M4opp.mjs +0 -569
package/dist/analysis-BHeJW2Nb.mjs +0 -1234
package/dist/artifactRetention-CPXkUJXp.mjs +0 -598
package/dist/artifacts-DkfosXH3.mjs +0 -59
package/dist/authorization-schema-DRqyJMSk.mjs +0 -31
package/dist/betterSqlite3-DLSBZodi.mjs +0 -74
package/dist/binary-instrument--V3MAhJ4.mjs +0 -971
package/dist/bind-helpers-ClV34xdn.mjs +0 -42
package/dist/boringssl-inspector-Bo_LOLaS.mjs +0 -180
package/dist/browser-Dx3_S2cG.mjs +0 -4369
package/dist/capabilities-CcHlvWgK.mjs +0 -33
package/dist/chunk-CjcI7cDX.mjs +0 -15
package/dist/concurrency-Drev_Vz9.mjs +0 -41
package/dist/constants-CDZLOoVv.mjs +0 -534
package/dist/coordination-DgItD9DL.mjs +0 -259
package/dist/debugger-RS3RSAqs.mjs +0 -1288
package/dist/definitions-BEoYofW5.mjs +0 -47
package/dist/definitions-BRaefg3u.mjs +0 -365
package/dist/definitions-BbkvZkiv.mjs +0 -96
package/dist/definitions-BtWSHJ3o.mjs +0 -17
package/dist/definitions-C1gCHO0i.mjs +0 -43
package/dist/definitions-CDOg_b-l.mjs +0 -138
package/dist/definitions-CVPD9hzZ.mjs +0 -54
package/dist/definitions-Cea8Lgl7.mjs +0 -94
package/dist/definitions-DAgIyjxM.mjs +0 -10
package/dist/definitions-DJA27nsL.mjs +0 -66
package/dist/definitions-DKPFU3LW.mjs +0 -25
package/dist/definitions-DPRpZQ96.mjs +0 -47
package/dist/definitions-DUE5gmdn.mjs +0 -18
package/dist/definitions-DYVjOtxa.mjs +0 -26
package/dist/definitions-DcYLVLCo.mjs +0 -37
package/dist/definitions-Pp5LI2H4.mjs +0 -27
package/dist/definitions-j9KdHVNR.mjs +0 -14
package/dist/definitions-uzkjBwa7.mjs +0 -258
package/dist/definitions-va-AnLuQ.mjs +0 -28
package/dist/encoding-DJeqHmpd.mjs +0 -1079
package/dist/evidence-graph-bridge-DcYizFk2.mjs +0 -136
package/dist/factory-C90tBff6.mjs +0 -575
package/dist/flat-target-session-Dgax2Cy3.mjs +0 -29
package/dist/formatAddress-nnMvEohD.mjs +0 -17
package/dist/graphql-CoHrhweh.mjs +0 -1197
package/dist/handlers-4jmR0nMs.mjs +0 -898
package/dist/handlers-BAHPxcch.mjs +0 -789
package/dist/handlers-BOs9b907.mjs +0 -2600
package/dist/handlers-BWXEy6ef.mjs +0 -917
package/dist/handlers-Bndn6QvE.mjs +0 -111
package/dist/handlers-BqC4bD4s.mjs +0 -681
package/dist/handlers-BtYq60bM2.mjs +0 -276
package/dist/handlers-BzgcB4iv.mjs +0 -799
package/dist/handlers-CRyRWj2b.mjs +0 -859
package/dist/handlers-CVv2H1uq.mjs +0 -592
package/dist/handlers-Dl5a7JS4.mjs +0 -572
package/dist/handlers-Dx2d7jt7.mjs +0 -2537
package/dist/handlers-HujRKC3b.mjs +0 -661
package/dist/handlers.impl-XWXkQfyi.mjs +0 -807
package/dist/hooks-B1B8NRHL.mjs +0 -898
package/dist/logger-Dh_xb7_2.mjs +0 -93
package/dist/maintenance-PRMkLVRW.mjs +0 -835
package/dist/manifest-67Bok-Si.mjs +0 -58
package/dist/manifest-6lNTMZAB2.mjs +0 -87
package/dist/manifest-B2duEHiH.mjs +0 -90
package/dist/manifest-B6EY9Vm8.mjs +0 -57
package/dist/manifest-B6nKSbyY.mjs +0 -95
package/dist/manifest-BL8AQNPF.mjs +0 -106
package/dist/manifest-BSZvJJmV.mjs +0 -47
package/dist/manifest-BU7qzUyX.mjs +0 -418
package/dist/manifest-Bl62e8WK.mjs +0 -49
package/dist/manifest-Bo5cXjdt.mjs +0 -82
package/dist/manifest-BpS4gtUK.mjs +0 -1347
package/dist/manifest-Bv65_e2W.mjs +0 -101
package/dist/manifest-BytNIF4Z.mjs +0 -117
package/dist/manifest-C-xtsjS3.mjs +0 -81
package/dist/manifest-CDYl7OhA.mjs +0 -66
package/dist/manifest-CRZ3xmkD.mjs +0 -61
package/dist/manifest-CoW6u4Tp.mjs +0 -132
package/dist/manifest-Cq5zN_8A.mjs +0 -50
package/dist/manifest-D7YZM_2e.mjs +0 -194
package/dist/manifest-DE_VrAeQ.mjs +0 -314
package/dist/manifest-DGsXSCpT.mjs +0 -39
package/dist/manifest-DJ2vfEuW.mjs +0 -156
package/dist/manifest-DPXDYhEu.mjs +0 -80
package/dist/manifest-Dd4fQb0a.mjs +0 -322
package/dist/manifest-Deq6opGg.mjs +0 -223
package/dist/manifest-DfJTafJK.mjs +0 -37
package/dist/manifest-DgOdgN_j.mjs +0 -50
package/dist/manifest-DlbMW4v4.mjs +0 -47
package/dist/manifest-DmVfbH0w.mjs +0 -374
package/dist/manifest-Dog6Ddjr.mjs +0 -109
package/dist/manifest-DvgU5FWb.mjs +0 -58
package/dist/manifest-HsfDBs7j.mjs +0 -50
package/dist/manifest-I8oQHvCG.mjs +0 -186
package/dist/manifest-NvH_a-av.mjs +0 -786
package/dist/manifest-cEJU1v0Z.mjs +0 -129
package/dist/manifest-wOl5XLB12.mjs +0 -112
package/dist/modules-tZozf0LQ.mjs +0 -10635
package/dist/mojo-ipc-DXNEXEqb.mjs +0 -640
package/dist/network-CPVvwvFg.mjs +0 -3852
package/dist/outputPaths-um7lCRY3.mjs +0 -1141
package/dist/parse-args-B4cY5Vx5.mjs +0 -39
package/dist/platform-CYeFoTWp.mjs +0 -2161
package/dist/process-BTbgcVc6.mjs +0 -1306
package/dist/proxy-r8YN6nP1.mjs +0 -192
package/dist/registry-Bl8ZQW61.mjs +0 -34
package/dist/response-CWhh2aLo.mjs +0 -34
package/dist/shared-state-board-BoZnSoj-.mjs +0 -586
package/dist/sourcemap-BIDHUVXy.mjs +0 -934
package/dist/ssrf-policy-Dsqd-DTX.mjs +0 -166
package/dist/streaming-Dal6utPp.mjs +0 -725
package/dist/tool-builder-BHJp32mV.mjs +0 -186
package/dist/transform-DRVgGG90.mjs +0 -1011
package/dist/types-Bx92KJfT.mjs +0 -4
package/dist/types-DDBWs9UP.mjs +0 -37
package/dist/wasm-BYx5UOeG.mjs +0 -1044
package/dist/webcrack-Be0_FccV.mjs +0 -747
package/dist/workflow-BpuKEtvn.mjs +0 -725

package/dist/handlers-4jmR0nMs.mjs DELETED Viewed

@@ -1,898 +0,0 @@
-import { fr as SYSCALL_TRACE_DURATION_DEFAULT_SEC, mr as SYSCALL_TRACE_DURATION_MIN_SEC, pr as SYSCALL_TRACE_DURATION_MAX_SEC } from "./constants-CDZLOoVv.mjs";
-//#region src/modules/syscall-hook/SyscallMonitor.ts
-const SUPPORTED_BACKENDS = [
-	"etw",
-	"strace",
-	"dtrace"
-];
-const TRACE_SPAWN_TIMEOUT_MS = 3e3;
-const SYNTHETIC_EVENT_SEEDS = {
-	etw: [
-		{
-			syscall: "NtCreateFile",
-			args: ["C:\\Windows\\Temp\\jshookmcp.log", "GENERIC_READ"],
-			returnValue: 0,
-			duration: .7
-		},
-		{
-			syscall: "NtReadFile",
-			args: ["handle=0x90", "buffer=4096"],
-			returnValue: 512,
-			duration: .2
-		},
-		{
-			syscall: "NtWriteFile",
-			args: ["handle=0x90", "buffer=128"],
-			returnValue: 128,
-			duration: .3
-		},
-		{
-			syscall: "NtDeviceIoControlFile",
-			args: ["handle=0x44", "code=0x222004"],
-			returnValue: 0,
-			duration: 1.1
-		}
-	],
-	strace: [
-		{
-			syscall: "openat",
-			args: ["/tmp/jshookmcp.log", "O_RDONLY"],
-			returnValue: 3,
-			duration: .4
-		},
-		{
-			syscall: "read",
-			args: ["fd=3", "count=4096"],
-			returnValue: 256,
-			duration: .1
-		},
-		{
-			syscall: "write",
-			args: ["fd=3", "count=128"],
-			returnValue: 128,
-			duration: .2
-		},
-		{
-			syscall: "connect",
-			args: ["fd=18", "127.0.0.1:9222"],
-			returnValue: 0,
-			duration: 1.4
-		}
-	],
-	dtrace: [
-		{
-			syscall: "open_nocancel",
-			args: ["/private/tmp/jshookmcp.log", "O_RDONLY"],
-			returnValue: 3,
-			duration: .5
-		},
-		{
-			syscall: "read_nocancel",
-			args: ["fd=3", "count=4096"],
-			returnValue: 320,
-			duration: .1
-		},
-		{
-			syscall: "write_nocancel",
-			args: ["fd=3", "count=128"],
-			returnValue: 128,
-			duration: .2
-		},
-		{
-			syscall: "connect",
-			args: ["fd=21", "127.0.0.1:9222"],
-			returnValue: 0,
-			duration: 1.3
-		}
-	]
-};
-function isBackendSupportedOnCurrentPlatform(backend) {
-	if (backend === "etw") return process.platform === "win32";
-	if (backend === "strace") return process.platform === "linux";
-	if (backend === "dtrace") return process.platform === "darwin";
-	return false;
-}
-function chooseDefaultBackend() {
-	if (process.platform === "win32") return "etw";
-	if (process.platform === "linux") return "strace";
-	if (process.platform === "darwin") return "dtrace";
-	return "etw";
-}
-function cloneEvent(event) {
-	return {
-		timestamp: event.timestamp,
-		pid: event.pid,
-		syscall: event.syscall,
-		args: [...event.args],
-		returnValue: event.returnValue,
-		duration: event.duration
-	};
-}
-function createSpawnReadyGuard(label, resolve, reject, terminate) {
-	let settled = false;
-	const timer = setTimeout(() => {
-		if (settled) return;
-		settled = true;
-		try {
-			terminate?.();
-		} catch {}
-		reject(/* @__PURE__ */ new Error(`${label} did not signal readiness within ${TRACE_SPAWN_TIMEOUT_MS}ms`));
-	}, TRACE_SPAWN_TIMEOUT_MS);
-	return {
-		resolveReady(process) {
-			if (settled) return;
-			settled = true;
-			clearTimeout(timer);
-			resolve(process);
-		},
-		rejectReady(error) {
-			if (settled) return;
-			settled = true;
-			clearTimeout(timer);
-			reject(error);
-		}
-	};
-}
-function matchesFilter(event, filter) {
-	if (!filter) return true;
-	if (filter.pid !== void 0 && event.pid !== filter.pid) return false;
-	if (filter.name && filter.name.length > 0 && !filter.name.includes(event.syscall)) return false;
-	return true;
-}
-/**
-* Parse a strace output line into a SyscallEvent.
-*
-* Example strace line:
-*   12345 14:30:00.123456 openat(AT_FDCWD, "/tmp/foo", O_RDONLY) = 3 <0.000123>
-*/
-function parseStraceLine(line, targetPid, startedAt) {
-	const match = /^(\d+)\s+([\d:.]+)\s+(\w+)\(([^)]*)\)\s*=\s*(-?\d+)(?:\s+<([\d.]+)>)?$/u.exec(line.trim());
-	if (!match) return null;
-	const syscall = match[3] ?? "unknown";
-	const rawArgs = match[4] ?? "";
-	const returnValue = Number(match[5]);
-	const duration = match[6] ? Number(match[6]) : void 0;
-	const args = rawArgs.split(",").map((a) => a.trim()).filter((a) => a.length > 0);
-	return {
-		timestamp: Date.now() - startedAt,
-		pid: targetPid,
-		syscall,
-		args,
-		returnValue: Number.isFinite(returnValue) ? returnValue : void 0,
-		duration: duration !== void 0 && Number.isFinite(duration) ? duration * 1e3 : void 0
-	};
-}
-/**
-* Parse an ETW trace line (simplified from logman/wpr output).
-*
-* Example ETW line:
-*   [2024-01-15 14:30:00.123] PID=1234 NtCreateFile Handle=0x90 Status=0x00000000
-*/
-function parseETWLine(line, targetPid, startedAt) {
-	const match = /^\[([^\]]+)\]\s+PID=(\d+)\s+(\w+)\s+(.*)$/u.exec(line.trim());
-	if (!match) return null;
-	const syscall = match[3] ?? "unknown";
-	const rawArgs = match[4] ?? "";
-	const pid = Number(match[2]);
-	const args = rawArgs.split(/\s+/u).filter((a) => a.length > 0);
-	return {
-		timestamp: Date.now() - startedAt,
-		pid: Number.isFinite(pid) ? pid : targetPid,
-		syscall,
-		args
-	};
-}
-/**
-* Parse a dtrace output line.
-*
-* Example dtrace line:
-*   1234   0  12345  open_nocancel:entry  /private/tmp/foo O_RDONLY
-*/
-function parseDTraceLine(line, targetPid, startedAt) {
-	const match = /^\s*(\d+)\s+\d+\s+(\d+)\s+(\w+):\w+\s+(.*)$/u.exec(line.trim());
-	if (!match) return null;
-	const syscall = match[3] ?? "unknown";
-	const rawArgs = match[4] ?? "";
-	const pid = Number(match[2]);
-	const args = rawArgs.split(/\s+/u).filter((a) => a.length > 0);
-	return {
-		timestamp: Date.now() - startedAt,
-		pid: Number.isFinite(pid) ? pid : targetPid,
-		syscall,
-		args
-	};
-}
-var SyscallMonitor = class {
-	activeState;
-	capturedEvents = [];
-	lastBackend = chooseDefaultBackend();
-	subprocessError;
-	async start(options) {
-		const requestedBackend = options?.backend ?? chooseDefaultBackend();
-		const startedAt = Date.now();
-		if (!isBackendSupportedOnCurrentPlatform(requestedBackend)) throw new Error(`Backend "${requestedBackend}" is not available on platform "${process.platform}"`);
-		if (options?.simulate ?? process.env["JSHOOK_SIMULATE"] === "1") {
-			this.activeState = {
-				backend: requestedBackend,
-				pid: options?.pid,
-				startedAt,
-				generatedEvents: 0
-			};
-			this.lastBackend = requestedBackend;
-			this.capturedEvents.length = 0;
-			this.generateSyntheticEvents();
-			return;
-		}
-		const pid = options?.pid ?? process.pid;
-		let subprocess;
-		try {
-			if (requestedBackend === "strace") subprocess = await this.captureWithStrace(pid, startedAt);
-			else if (requestedBackend === "etw") subprocess = await this.captureWithETW(pid, startedAt);
-			else if (requestedBackend === "dtrace") subprocess = await this.captureWithDTrace(pid, startedAt);
-		} catch (error) {
-			this.subprocessError = error instanceof Error ? error.message : String(error);
-			this.activeState = {
-				backend: requestedBackend,
-				pid: options?.pid,
-				startedAt,
-				generatedEvents: 0
-			};
-			this.lastBackend = requestedBackend;
-			this.capturedEvents.length = 0;
-			this.generateSyntheticEvents();
-			return;
-		}
-		this.activeState = {
-			backend: requestedBackend,
-			pid: options?.pid,
-			startedAt,
-			generatedEvents: 0,
-			subprocess
-		};
-		this.lastBackend = requestedBackend;
-		this.capturedEvents.length = 0;
-		this.subprocessError = void 0;
-	}
-	async stop() {
-		if (this.activeState?.subprocess) {
-			this.activeState.subprocess.kill("SIGTERM");
-			this.activeState.subprocess = void 0;
-		}
-		this.activeState = void 0;
-	}
-	async captureEvents(filter) {
-		if (this.activeState && !this.activeState.subprocess) this.generateSyntheticEvents();
-		return this.capturedEvents.filter((event) => matchesFilter(event, filter)).map(cloneEvent);
-	}
-	getStats() {
-		const backend = this.activeState?.backend ?? this.lastBackend;
-		const uptime = this.activeState ? Date.now() - this.activeState.startedAt : 0;
-		return {
-			eventsCaptured: this.capturedEvents.length,
-			uptime,
-			backend,
-			subprocessActive: !!this.activeState?.subprocess,
-			subprocessError: this.subprocessError
-		};
-	}
-	getSupportedBackends() {
-		return SUPPORTED_BACKENDS.filter((backend) => isBackendSupportedOnCurrentPlatform(backend));
-	}
-	isRunning() {
-		return this.activeState !== void 0;
-	}
-	/**
-	* Spawn strace for syscall tracing on Linux.
-	* Parses stdout into SyscallEvent objects.
-	*/
-	async captureWithStrace(pid, startedAt = this.activeState?.startedAt ?? Date.now()) {
-		const { spawn } = await import("node:child_process");
-		return new Promise((resolve, reject) => {
-			const subprocess = spawn("strace", [
-				"-p",
-				String(pid),
-				"-f",
-				"-e",
-				"trace=all",
-				"-t"
-			], { stdio: [
-				"ignore",
-				"pipe",
-				"pipe"
-			] });
-			const ready = createSpawnReadyGuard("strace process", resolve, reject, () => subprocess.kill("SIGTERM"));
-			let stderrBuffer = "";
-			let lineAccumulator = "";
-			subprocess.stdout?.on("data", (chunk) => {
-				lineAccumulator += chunk.toString();
-				this.processLineBuffer(lineAccumulator, pid, "strace");
-			});
-			subprocess.stderr?.on("data", (chunk) => {
-				stderrBuffer += chunk.toString();
-				const lines = stderrBuffer.split(/\r?\n/u);
-				stderrBuffer = lines.pop() ?? "";
-				for (const line of lines) if (line.length > 0) {
-					const event = parseStraceLine(line, pid, startedAt);
-					if (event) this.capturedEvents.push(event);
-				}
-			});
-			subprocess.on("error", (error) => {
-				ready.rejectReady(/* @__PURE__ */ new Error(`strace process error: ${error.message}. Is strace installed?`));
-			});
-			subprocess.on("spawn", () => {
-				ready.resolveReady(subprocess);
-			});
-		});
-	}
-	/**
-	* Spawn ETW tracing on Windows using logman.
-	* Parses ETW trace output into SyscallEvent objects.
-	*/
-	async captureWithETW(pid, startedAt = this.activeState?.startedAt ?? Date.now()) {
-		const { spawn } = await import("node:child_process");
-		return new Promise((resolve, reject) => {
-			const logman = spawn("logman", [
-				"create",
-				"trace",
-				`JSHookETW_${pid}`,
-				"-p",
-				"NT Kernel Logger",
-				"0x10000",
-				"-o",
-				`jshook_etw_${pid}.etl`,
-				"-ets"
-			], {
-				stdio: [
-					"ignore",
-					"pipe",
-					"pipe"
-				],
-				windowsHide: true
-			});
-			const ready = createSpawnReadyGuard("ETW trace session", resolve, reject, () => logman.kill("SIGTERM"));
-			let outputBuffer = "";
-			logman.stdout?.on("data", (chunk) => {
-				outputBuffer += chunk.toString();
-				const lines = outputBuffer.split(/\r?\n/u);
-				outputBuffer = lines.pop() ?? "";
-				for (const line of lines) {
-					const event = parseETWLine(line, pid, startedAt);
-					if (event) this.capturedEvents.push(event);
-				}
-			});
-			logman.stderr?.on("data", (chunk) => {
-				const msg = chunk.toString().trim();
-				if (msg.length > 0 && !msg.startsWith("The command completed successfully")) {}
-			});
-			logman.on("error", (error) => {
-				ready.rejectReady(/* @__PURE__ */ new Error(`ETW trace error: ${error.message}. Run as Administrator.`));
-			});
-			logman.on("exit", (code) => {
-				if (code !== 0 && code !== void 0) ready.rejectReady(/* @__PURE__ */ new Error(`ETW trace session ended (code ${code}). Check permissions.`));
-			});
-			logman.on("spawn", () => {
-				ready.resolveReady(logman);
-			});
-		});
-	}
-	/**
-	* Spawn dtrace for syscall tracing on macOS.
-	* Parses dtrace output into SyscallEvent objects.
-	*/
-	async captureWithDTrace(pid, startedAt = this.activeState?.startedAt ?? Date.now()) {
-		const { spawn } = await import("node:child_process");
-		return new Promise((resolve, reject) => {
-			const dtrace = spawn("dtrace", ["-n", `
-        syscall:::entry
-        /pid == ${pid}/
-        {
-          printf("%d %d %s:entry %s", pid, probeproc, probefunc, copyinstr(arg0));
-        }
-      `], { stdio: [
-				"ignore",
-				"pipe",
-				"pipe"
-			] });
-			const ready = createSpawnReadyGuard("dtrace process", resolve, reject, () => dtrace.kill("SIGTERM"));
-			let outputBuffer = "";
-			dtrace.stdout?.on("data", (chunk) => {
-				outputBuffer += chunk.toString();
-				const lines = outputBuffer.split(/\r?\n/u);
-				outputBuffer = lines.pop() ?? "";
-				for (const line of lines) {
-					const event = parseDTraceLine(line, pid, startedAt);
-					if (event) this.capturedEvents.push(event);
-				}
-			});
-			dtrace.stderr?.on("data", () => {});
-			dtrace.on("error", (error) => {
-				ready.rejectReady(/* @__PURE__ */ new Error(`dtrace error: ${error.message}. Run with sudo.`));
-			});
-			dtrace.on("spawn", () => {
-				ready.resolveReady(dtrace);
-			});
-		});
-	}
-	generateSyntheticEvents() {
-		if (!this.activeState) return;
-		const seeds = SYNTHETIC_EVENT_SEEDS[this.activeState.backend];
-		if (!seeds) return;
-		const elapsed = Date.now() - this.activeState.startedAt;
-		const targetEventCount = Math.max(1, Math.min(seeds.length * 3, Math.floor(elapsed / 150) + 1));
-		const pid = this.activeState.pid ?? process.pid;
-		while (this.activeState.generatedEvents < targetEventCount) {
-			const seed = seeds[this.activeState.generatedEvents % seeds.length];
-			if (!seed) break;
-			const timestamp = this.activeState.generatedEvents * 75;
-			this.capturedEvents.push({
-				timestamp,
-				pid,
-				syscall: seed.syscall,
-				args: [...seed.args],
-				returnValue: seed.returnValue,
-				duration: seed.duration
-			});
-			this.activeState.generatedEvents += 1;
-		}
-	}
-	processLineBuffer(_buffer, _pid, _parser) {}
-};
-//#endregion
-//#region src/modules/syscall-hook/SyscallToJSMapper.ts
-const CORRELATION_RULES = [
-	{
-		syscallNames: [
-			"NtCreateFile",
-			"openat",
-			"open_nocancel"
-		],
-		jsFunction: "fs.open",
-		baseConfidence: .8,
-		explanation: "File open syscalls commonly originate from Node.js file-system entry points."
-	},
-	{
-		syscallNames: [
-			"NtReadFile",
-			"read",
-			"read_nocancel"
-		],
-		jsFunction: "fs.readFile",
-		baseConfidence: .78,
-		explanation: "Read-oriented syscalls usually map back to file or stream reads in JavaScript."
-	},
-	{
-		syscallNames: [
-			"NtWriteFile",
-			"write",
-			"write_nocancel"
-		],
-		jsFunction: "fs.writeFile",
-		baseConfidence: .78,
-		explanation: "Write-oriented syscalls are strongly associated with Node.js file writes."
-	},
-	{
-		syscallNames: ["NtDeviceIoControlFile", "ioctl"],
-		jsFunction: "child_process.spawn",
-		baseConfidence: .55,
-		explanation: "Device and control syscalls are often triggered by child processes or native helpers."
-	},
-	{
-		syscallNames: [
-			"connect",
-			"sendto",
-			"recvfrom"
-		],
-		jsFunction: "fetch",
-		baseConfidence: .7,
-		explanation: "Socket syscalls generally indicate outbound network activity from fetch-like APIs."
-	}
-];
-function findRuleBySyscallName(syscallName) {
-	return CORRELATION_RULES.find((rule) => rule.syscallNames.includes(syscallName));
-}
-function clampConfidence(confidence) {
-	if (confidence < 0) return 0;
-	if (confidence > 1) return 1;
-	return confidence;
-}
-function hasArgContaining(args, fragments) {
-	return args.some((arg) => fragments.some((fragment) => arg.toLowerCase().includes(fragment)));
-}
-var SyscallToJSMapper = class {
-	map(syscall) {
-		const jsFunction = this.findJSFunction(syscall.syscall);
-		if (!jsFunction) return null;
-		const rule = findRuleBySyscallName(syscall.syscall);
-		if (!rule) return null;
-		let confidence = rule.baseConfidence;
-		if (jsFunction.startsWith("fs.") && hasArgContaining(syscall.args, [
-			".js",
-			".json",
-			".node"
-		])) confidence += .08;
-		if (jsFunction === "fetch" && hasArgContaining(syscall.args, [
-			"80",
-			"443",
-			"http",
-			"https"
-		])) confidence += .1;
-		return {
-			syscall: {
-				timestamp: syscall.timestamp,
-				pid: syscall.pid,
-				syscall: syscall.syscall,
-				args: [...syscall.args],
-				returnValue: syscall.returnValue,
-				duration: syscall.duration
-			},
-			jsFunction,
-			confidence: clampConfidence(confidence),
-			reasoning: this.getCorrelationReason(syscall, jsFunction)
-		};
-	}
-	findJSFunction(syscallName) {
-		const rule = findRuleBySyscallName(syscallName);
-		if (!rule) return null;
-		return rule.jsFunction;
-	}
-	getCorrelationReason(syscall, jsFunc) {
-		const rule = findRuleBySyscallName(syscall.syscall);
-		const detailParts = [];
-		if (rule) detailParts.push(rule.explanation);
-		if (jsFunc.startsWith("fs.") && hasArgContaining(syscall.args, [
-			".js",
-			".json",
-			".node"
-		])) detailParts.push("The syscall arguments reference module-like file extensions, which strengthens the fs correlation.");
-		if (jsFunc === "fetch" && hasArgContaining(syscall.args, [
-			"80",
-			"443",
-			"http",
-			"https"
-		])) detailParts.push("The syscall arguments look like network endpoints, which aligns with fetch or low-level HTTP clients.");
-		if (detailParts.length === 0) detailParts.push(`Mapped ${syscall.syscall} to ${jsFunc} using the default syscall-to-JS heuristic table.`);
-		return detailParts.join(" ");
-	}
-};
-//#endregion
-//#region src/server/domains/syscall-hook/handlers.impl.ts
-function isRecord(value) {
-	return typeof value === "object" && value !== null;
-}
-function readNumber(value) {
-	if (typeof value === "number" && Number.isFinite(value)) return value;
-}
-function readBoolean(value) {
-	if (typeof value === "boolean") return value;
-}
-function readString(value) {
-	if (typeof value === "string") return value;
-}
-function readStringArray(value) {
-	if (!Array.isArray(value)) return;
-	const strings = [];
-	for (const item of value) {
-		if (typeof item !== "string") return;
-		strings.push(item);
-	}
-	return strings;
-}
-const SYSCALL_NAME_RE = /^[a-z][a-z0-9_]*$/;
-function isValidSyscallName(name) {
-	return SYSCALL_NAME_RE.test(name) && name.length <= 64;
-}
-function readBackend(value) {
-	if (value === "etw" || value === "strace" || value === "dtrace") return value;
-}
-function readFilter(value) {
-	if (!isRecord(value)) return;
-	const filter = {};
-	const names = readStringArray(value["name"]);
-	const pid = readNumber(value["pid"]);
-	if (names) filter.name = names;
-	if (pid !== void 0) filter.pid = pid;
-	return filter;
-}
-function isSyscallEvent(value) {
-	if (!isRecord(value)) return false;
-	const timestamp = readNumber(value["timestamp"]);
-	const pid = readNumber(value["pid"]);
-	const syscall = readString(value["syscall"]);
-	const args = readStringArray(value["args"]);
-	const returnValue = value["returnValue"];
-	const duration = value["duration"];
-	const returnValueValid = returnValue === void 0 || readNumber(returnValue) !== void 0;
-	const durationValid = duration === void 0 || readNumber(duration) !== void 0;
-	return timestamp !== void 0 && pid !== void 0 && syscall !== void 0 && args !== void 0 && returnValueValid && durationValid;
-}
-function cloneSyscallEvent(event) {
-	return {
-		timestamp: event.timestamp,
-		pid: event.pid,
-		syscall: event.syscall,
-		args: [...event.args],
-		returnValue: event.returnValue,
-		duration: event.duration
-	};
-}
-function toErrorMessage(error) {
-	if (error instanceof Error) return error.message;
-	return "Unknown syscall-hook error";
-}
-var SyscallHookHandlers = class {
-	constructor(monitor, mapper, eventBus) {
-		this.monitor = monitor;
-		this.mapper = mapper;
-		this.eventBus = eventBus;
-	}
-	async handleSyscallStartMonitor(args) {
-		const backend = readBackend(args["backend"]);
-		if (!backend) return {
-			ok: false,
-			error: "backend must be one of: etw, strace, dtrace"
-		};
-		const rawMonitorPid = readNumber(args["pid"]);
-		const simulate = readBoolean(args["simulate"]) ?? false;
-		if (args["pid"] !== void 0 && args["pid"] !== null) {
-			if (rawMonitorPid === void 0 || !Number.isInteger(rawMonitorPid) || rawMonitorPid < 0) return {
-				ok: false,
-				error: "pid must be a non-negative integer when provided"
-			};
-		}
-		const pid = rawMonitorPid;
-		const monitor = this.ensureMonitor();
-		try {
-			await monitor.start({
-				backend,
-				pid,
-				simulate
-			});
-			this.eventBus?.emit("syscall:trace_started", {
-				backend,
-				pid,
-				simulate,
-				timestamp: (/* @__PURE__ */ new Date()).toISOString()
-			});
-			return {
-				ok: true,
-				started: true,
-				backend,
-				pid,
-				simulate,
-				stats: monitor.getStats()
-			};
-		} catch (error) {
-			return {
-				ok: false,
-				error: toErrorMessage(error),
-				requestedBackend: backend,
-				supportedBackends: monitor.getSupportedBackends()
-			};
-		}
-	}
-	async handleSyscallStopMonitor() {
-		const monitor = this.ensureMonitor();
-		try {
-			await monitor.stop();
-			return {
-				ok: true,
-				stopped: true,
-				stats: monitor.getStats()
-			};
-		} catch (error) {
-			return {
-				ok: false,
-				error: toErrorMessage(error)
-			};
-		}
-	}
-	async handleSyscallCaptureEvents(args) {
-		const monitor = this.ensureMonitor();
-		const filter = readFilter(args["filter"]);
-		const events = await monitor.captureEvents(filter);
-		return {
-			ok: true,
-			events,
-			count: events.length,
-			stats: monitor.getStats()
-		};
-	}
-	async handleSyscallCorrelateJs(args) {
-		const rawEvents = args["syscallEvents"];
-		if (!Array.isArray(rawEvents) || !rawEvents.every((item) => isSyscallEvent(item))) return {
-			ok: false,
-			error: "syscallEvents must be an array of valid SyscallEvent objects"
-		};
-		const mapper = this.ensureMapper();
-		const correlations = [];
-		const unmatched = [];
-		for (const event of rawEvents) {
-			const clonedEvent = cloneSyscallEvent(event);
-			const correlated = mapper.map(clonedEvent);
-			if (correlated) correlations.push(correlated);
-			else unmatched.push(clonedEvent);
-		}
-		return {
-			ok: true,
-			correlations,
-			matched: correlations.length,
-			unmatched
-		};
-	}
-	async handleSyscallFilter(args) {
-		const names = readStringArray(args["names"]);
-		if (args["names"] !== void 0 && names === void 0) return {
-			ok: false,
-			error: "names must be an array of strings when provided"
-		};
-		const events = await this.ensureMonitor().captureEvents(names && names.length > 0 ? { name: names } : void 0);
-		return {
-			ok: true,
-			names,
-			events,
-			count: events.length
-		};
-	}
-	async handleSyscallGetStats() {
-		const monitor = this.ensureMonitor();
-		return {
-			ok: true,
-			...monitor.getStats(),
-			running: monitor.isRunning(),
-			supportedBackends: monitor.getSupportedBackends()
-		};
-	}
-	async handleSyscallEbpfTrace(args) {
-		const rawPid = readNumber(args["pid"]);
-		const syscalls = readStringArray(args["syscalls"]);
-		const durationSec = readNumber(args["durationSec"]) ?? SYSCALL_TRACE_DURATION_DEFAULT_SEC;
-		const simulate = readBoolean(args["simulate"]) ?? false;
-		if (args["pid"] !== void 0 && args["pid"] !== null) {
-			if (rawPid === void 0 || !Number.isInteger(rawPid) || rawPid < 0) return {
-				ok: false,
-				error: "pid must be a non-negative integer (0 for all processes)"
-			};
-		}
-		const pid = rawPid ?? 0;
-		if (durationSec < SYSCALL_TRACE_DURATION_MIN_SEC || durationSec > SYSCALL_TRACE_DURATION_MAX_SEC) return {
-			ok: false,
-			error: `durationSec must be between ${SYSCALL_TRACE_DURATION_MIN_SEC} and ${SYSCALL_TRACE_DURATION_MAX_SEC}`
-		};
-		if (syscalls?.length) {
-			const invalid = syscalls.filter((s) => !isValidSyscallName(s));
-			if (invalid.length > 0) return {
-				ok: false,
-				error: `Invalid syscall names (must be lowercase alphanumeric with underscores): ${invalid.join(", ")}`
-			};
-		}
-		if (simulate) {
-			const simulatedEvents = [];
-			const syscallPool = syscalls?.length ? syscalls : [
-				"read",
-				"write",
-				"openat",
-				"close",
-				"fstat",
-				"mmap",
-				"mprotect",
-				"munmap",
-				"brk",
-				"ioctl"
-			];
-			const simulatedTimestampStepMs = durationSec * 50;
-			for (let i = 0; i < 20; i++) simulatedEvents.push({
-				timestamp: i * simulatedTimestampStepMs,
-				pid: pid || 1234,
-				syscall: syscallPool[i % syscallPool.length] ?? "read",
-				args: [`fd=${i % 5 + 3}`, `count=${(i + 1) * 64}`],
-				returnValue: i % 3 === 0 ? -1 : (i + 1) * 64,
-				duration: Math.random() * 2
-			});
-			return {
-				ok: true,
-				backend: "ebpf",
-				simulated: true,
-				pid,
-				durationSec,
-				events: simulatedEvents,
-				count: simulatedEvents.length,
-				syscallsTraced: syscallPool
-			};
-		}
-		const targetSyscalls = syscalls?.length ? syscalls : [
-			"read",
-			"write",
-			"openat",
-			"close",
-			"fstat",
-			"mmap",
-			"mprotect",
-			"munmap",
-			"brk",
-			"ioctl",
-			"connect",
-			"sendto",
-			"recvfrom",
-			"clone",
-			"execve"
-		];
-		const pidFilter = pid > 0 ? `/pid == ${pid}/` : "";
-		const tracepoints = targetSyscalls.map((sc) => `tracepoint:syscalls:sys_enter_${sc}`).join(", ");
-		const exitTracepoints = targetSyscalls.map((sc) => `tracepoint:syscalls:sys_exit_${sc}`).join(", ");
-		const script = `#!/usr/bin/env bpftrace
-// Generated by jshookmcp syscall_ebpf_trace
-// Target PID: ${pid || "all"} | Duration: ${durationSec}s | Syscalls: ${targetSyscalls.join(", ")}
-BEGIN {
-  printf("=== eBPF syscall trace started (pid=${pid || "all"}, duration=${durationSec}s) ===\\n");
-}
-${tracepoints} ${pidFilter}
-{
-  @enter_ts[tid] = nsecs;
-  printf("{\\"timestamp\\": %llu, \\"pid\\": %d, \\"tid\\": %d, \\"syscall\\": \\"%s\\", \\"phase\\": \\"enter\\", \\"args\\": {",
-    elapsed / 1000000, pid, tid, probe);
-  // Log key arguments based on syscall
-  if (probe == "tracepoint:syscalls:sys_enter_openat" || probe == "tracepoint:syscalls:sys_enter_open") {
-    printf("\\"pathname\\": \\"%s\\", \\"flags\\": %d, \\"mode\\": %d", args->pathname, args->flags, args->mode);
-  } else if (probe == "tracepoint:syscalls:sys_enter_read" || probe == "tracepoint:syscalls:sys_enter_write") {
-    printf("\\"fd\\": %d, \\"count\\": %d", args->fd, args->count);
-  } else if (probe == "tracepoint:syscalls:sys_enter_connect") {
-    printf("\\"fd\\": %d", args->fd);
-  } else if (probe == "tracepoint:syscalls:sys_enter_mmap") {
-    printf("\\"addr\\": %llu, \\"length\\": %llu, \\"prot\\": %d, \\"flags\\": %d, \\"fd\\": %d", args->addr, args->length, args->prot, args->flags, args->fd);
-  } else if (probe == "tracepoint:syscalls:sys_enter_execve") {
-    printf("\\"filename\\": \\"%s\\"", args->filename);
-  } else {
-    printf("\\"raw_args\\": \\"(see bpftrace -v output)\\"");
-  }
-  printf("}}\\n");
-}
-${exitTracepoints} ${pidFilter}
-{
-  $elapsed_ns = nsecs - @enter_ts[tid];
-  printf("{\\"timestamp\\": %llu, \\"pid\\": %d, \\"tid\\": %d, \\"syscall\\": \\"%s\\", \\"phase\\": \\"exit\\", \\"ret\\": %d, \\"duration_us\\": %llu}\\n",
-    elapsed / 1000000, pid, tid, probe, args->ret, $elapsed_ns / 1000);
-  delete(@enter_ts[tid]);
-}
-interval:s:${durationSec} {
-  printf("=== Trace duration (${durationSec}s) elapsed, exiting ===\\n");
-  exit();
-}
-END {
-  printf("=== eBPF syscall trace complete ===\\n");
-  clear(@enter_ts);
-}
-`;
-		return {
-			ok: true,
-			backend: "ebpf",
-			mode: "script",
-			pid,
-			durationSec,
-			syscallCount: targetSyscalls.length,
-			syscallsTraced: targetSyscalls,
-			script,
-			usage: `bpftrace -e '${script.replace(/'/g, "'\\''")}'`,
-			note: "Run the generated bpftrace script on a Linux system with bpftrace installed and CAP_BPF/root privileges.",
-			requiredCapabilities: [
-				"CAP_BPF",
-				"root",
-				"bpftrace"
-			]
-		};
-	}
-	ensureMonitor() {
-		if (!this.monitor) this.monitor = new SyscallMonitor();
-		return this.monitor;
-	}
-	ensureMapper() {
-		if (!this.mapper) this.mapper = new SyscallToJSMapper();
-		return this.mapper;
-	}
-};
-//#endregion
-export { SyscallHookHandlers };