npm - @opentabs-dev/mcp-server - Versions diffs - 0.0.19 - Mend

@opentabs-dev/mcp-server 0.0.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (309) hide show

package/dist/audit-disk.d.ts +23 -0
package/dist/audit-disk.d.ts.map +1 -0
package/dist/audit-disk.js +74 -0
package/dist/audit-disk.js.map +1 -0
package/dist/browser-tools/analyze-site/detect-apis.d.ts +36 -0
package/dist/browser-tools/analyze-site/detect-apis.d.ts.map +1 -0
package/dist/browser-tools/analyze-site/detect-apis.js +383 -0
package/dist/browser-tools/analyze-site/detect-apis.js.map +1 -0
package/dist/browser-tools/analyze-site/detect-auth.d.ts +72 -0
package/dist/browser-tools/analyze-site/detect-auth.d.ts.map +1 -0
package/dist/browser-tools/analyze-site/detect-auth.js +384 -0
package/dist/browser-tools/analyze-site/detect-auth.js.map +1 -0
package/dist/browser-tools/analyze-site/detect-dom.d.ts +65 -0
package/dist/browser-tools/analyze-site/detect-dom.d.ts.map +1 -0
package/dist/browser-tools/analyze-site/detect-dom.js +45 -0
package/dist/browser-tools/analyze-site/detect-dom.js.map +1 -0
package/dist/browser-tools/analyze-site/detect-framework.d.ts +48 -0
package/dist/browser-tools/analyze-site/detect-framework.d.ts.map +1 -0
package/dist/browser-tools/analyze-site/detect-framework.js +31 -0
package/dist/browser-tools/analyze-site/detect-framework.js.map +1 -0
package/dist/browser-tools/analyze-site/detect-globals.d.ts +41 -0
package/dist/browser-tools/analyze-site/detect-globals.d.ts.map +1 -0
package/dist/browser-tools/analyze-site/detect-globals.js +42 -0
package/dist/browser-tools/analyze-site/detect-globals.js.map +1 -0
package/dist/browser-tools/analyze-site/detect-storage.d.ts +39 -0
package/dist/browser-tools/analyze-site/detect-storage.d.ts.map +1 -0
package/dist/browser-tools/analyze-site/detect-storage.js +34 -0
package/dist/browser-tools/analyze-site/detect-storage.js.map +1 -0
package/dist/browser-tools/analyze-site/index.d.ts +52 -0
package/dist/browser-tools/analyze-site/index.d.ts.map +1 -0
package/dist/browser-tools/analyze-site/index.js +827 -0
package/dist/browser-tools/analyze-site/index.js.map +1 -0
package/dist/browser-tools/analyze-site.d.ts +17 -0
package/dist/browser-tools/analyze-site.d.ts.map +1 -0
package/dist/browser-tools/analyze-site.js +41 -0
package/dist/browser-tools/analyze-site.js.map +1 -0
package/dist/browser-tools/clear-console-logs.d.ts +9 -0
package/dist/browser-tools/clear-console-logs.d.ts.map +1 -0
package/dist/browser-tools/clear-console-logs.js +16 -0
package/dist/browser-tools/clear-console-logs.js.map +1 -0
package/dist/browser-tools/click-element.d.ts +10 -0
package/dist/browser-tools/click-element.d.ts.map +1 -0
package/dist/browser-tools/click-element.js +22 -0
package/dist/browser-tools/click-element.js.map +1 -0
package/dist/browser-tools/close-tab.d.ts +9 -0
package/dist/browser-tools/close-tab.d.ts.map +1 -0
package/dist/browser-tools/close-tab.js +16 -0
package/dist/browser-tools/close-tab.js.map +1 -0
package/dist/browser-tools/definition.d.ts +26 -0
package/dist/browser-tools/definition.d.ts.map +1 -0
package/dist/browser-tools/definition.js +16 -0
package/dist/browser-tools/definition.js.map +1 -0
package/dist/browser-tools/delete-cookies.d.ts +10 -0
package/dist/browser-tools/delete-cookies.d.ts.map +1 -0
package/dist/browser-tools/delete-cookies.js +19 -0
package/dist/browser-tools/delete-cookies.js.map +1 -0
package/dist/browser-tools/disable-network-capture.d.ts +9 -0
package/dist/browser-tools/disable-network-capture.d.ts.map +1 -0
package/dist/browser-tools/disable-network-capture.js +16 -0
package/dist/browser-tools/disable-network-capture.js.map +1 -0
package/dist/browser-tools/enable-network-capture.d.ts +12 -0
package/dist/browser-tools/enable-network-capture.d.ts.map +1 -0
package/dist/browser-tools/enable-network-capture.js +42 -0
package/dist/browser-tools/enable-network-capture.js.map +1 -0
package/dist/browser-tools/execute-script.d.ts +19 -0
package/dist/browser-tools/execute-script.d.ts.map +1 -0
package/dist/browser-tools/execute-script.js +51 -0
package/dist/browser-tools/execute-script.js.map +1 -0
package/dist/browser-tools/extension-check-adapter.d.ts +11 -0
package/dist/browser-tools/extension-check-adapter.d.ts.map +1 -0
package/dist/browser-tools/extension-check-adapter.js +22 -0
package/dist/browser-tools/extension-check-adapter.js.map +1 -0
package/dist/browser-tools/extension-force-reconnect.d.ts +9 -0
package/dist/browser-tools/extension-force-reconnect.d.ts.map +1 -0
package/dist/browser-tools/extension-force-reconnect.js +19 -0
package/dist/browser-tools/extension-force-reconnect.js.map +1 -0
package/dist/browser-tools/extension-get-logs.d.ts +24 -0
package/dist/browser-tools/extension-get-logs.d.ts.map +1 -0
package/dist/browser-tools/extension-get-logs.js +34 -0
package/dist/browser-tools/extension-get-logs.js.map +1 -0
package/dist/browser-tools/extension-get-side-panel.d.ts +8 -0
package/dist/browser-tools/extension-get-side-panel.d.ts.map +1 -0
package/dist/browser-tools/extension-get-side-panel.js +17 -0
package/dist/browser-tools/extension-get-side-panel.js.map +1 -0
package/dist/browser-tools/extension-get-state.d.ts +9 -0
package/dist/browser-tools/extension-get-state.d.ts.map +1 -0
package/dist/browser-tools/extension-get-state.js +19 -0
package/dist/browser-tools/extension-get-state.js.map +1 -0
package/dist/browser-tools/focus-tab.d.ts +9 -0
package/dist/browser-tools/focus-tab.d.ts.map +1 -0
package/dist/browser-tools/focus-tab.js +17 -0
package/dist/browser-tools/focus-tab.js.map +1 -0
package/dist/browser-tools/get-console-logs.d.ts +18 -0
package/dist/browser-tools/get-console-logs.d.ts.map +1 -0
package/dist/browser-tools/get-console-logs.js +30 -0
package/dist/browser-tools/get-console-logs.js.map +1 -0
package/dist/browser-tools/get-cookies.d.ts +10 -0
package/dist/browser-tools/get-cookies.d.ts.map +1 -0
package/dist/browser-tools/get-cookies.js +23 -0
package/dist/browser-tools/get-cookies.js.map +1 -0
package/dist/browser-tools/get-network-requests.d.ts +10 -0
package/dist/browser-tools/get-network-requests.d.ts.map +1 -0
package/dist/browser-tools/get-network-requests.js +27 -0
package/dist/browser-tools/get-network-requests.js.map +1 -0
package/dist/browser-tools/get-page-html.d.ts +11 -0
package/dist/browser-tools/get-page-html.d.ts.map +1 -0
package/dist/browser-tools/get-page-html.js +32 -0
package/dist/browser-tools/get-page-html.js.map +1 -0
package/dist/browser-tools/get-resource-content.d.ts +11 -0
package/dist/browser-tools/get-resource-content.d.ts.map +1 -0
package/dist/browser-tools/get-resource-content.js +31 -0
package/dist/browser-tools/get-resource-content.js.map +1 -0
package/dist/browser-tools/get-storage.d.ts +14 -0
package/dist/browser-tools/get-storage.d.ts.map +1 -0
package/dist/browser-tools/get-storage.js +28 -0
package/dist/browser-tools/get-storage.js.map +1 -0
package/dist/browser-tools/get-tab-content.d.ts +11 -0
package/dist/browser-tools/get-tab-content.d.ts.map +1 -0
package/dist/browser-tools/get-tab-content.js +29 -0
package/dist/browser-tools/get-tab-content.js.map +1 -0
package/dist/browser-tools/get-tab-info.d.ts +9 -0
package/dist/browser-tools/get-tab-info.d.ts.map +1 -0
package/dist/browser-tools/get-tab-info.js +17 -0
package/dist/browser-tools/get-tab-info.js.map +1 -0
package/dist/browser-tools/handle-dialog.d.ts +14 -0
package/dist/browser-tools/handle-dialog.d.ts.map +1 -0
package/dist/browser-tools/handle-dialog.js +30 -0
package/dist/browser-tools/handle-dialog.js.map +1 -0
package/dist/browser-tools/hover-element.d.ts +11 -0
package/dist/browser-tools/hover-element.d.ts.map +1 -0
package/dist/browser-tools/hover-element.js +24 -0
package/dist/browser-tools/hover-element.js.map +1 -0
package/dist/browser-tools/index.d.ts +7 -0
package/dist/browser-tools/index.d.ts.map +1 -0
package/dist/browser-tools/index.js +81 -0
package/dist/browser-tools/index.js.map +1 -0
package/dist/browser-tools/list-resources.d.ts +10 -0
package/dist/browser-tools/list-resources.d.ts.map +1 -0
package/dist/browser-tools/list-resources.js +29 -0
package/dist/browser-tools/list-resources.js.map +1 -0
package/dist/browser-tools/list-tabs.d.ts +7 -0
package/dist/browser-tools/list-tabs.d.ts.map +1 -0
package/dist/browser-tools/list-tabs.js +16 -0
package/dist/browser-tools/list-tabs.js.map +1 -0
package/dist/browser-tools/navigate-tab.d.ts +10 -0
package/dist/browser-tools/navigate-tab.d.ts.map +1 -0
package/dist/browser-tools/navigate-tab.js +18 -0
package/dist/browser-tools/navigate-tab.js.map +1 -0
package/dist/browser-tools/open-tab.d.ts +9 -0
package/dist/browser-tools/open-tab.d.ts.map +1 -0
package/dist/browser-tools/open-tab.js +18 -0
package/dist/browser-tools/open-tab.js.map +1 -0
package/dist/browser-tools/press-key.d.ts +17 -0
package/dist/browser-tools/press-key.d.ts.map +1 -0
package/dist/browser-tools/press-key.js +43 -0
package/dist/browser-tools/press-key.js.map +1 -0
package/dist/browser-tools/query-elements.d.ts +12 -0
package/dist/browser-tools/query-elements.d.ts.map +1 -0
package/dist/browser-tools/query-elements.js +30 -0
package/dist/browser-tools/query-elements.js.map +1 -0
package/dist/browser-tools/reload-extension.d.ts +13 -0
package/dist/browser-tools/reload-extension.d.ts.map +1 -0
package/dist/browser-tools/reload-extension.js +35 -0
package/dist/browser-tools/reload-extension.js.map +1 -0
package/dist/browser-tools/screenshot-tab.d.ts +9 -0
package/dist/browser-tools/screenshot-tab.d.ts.map +1 -0
package/dist/browser-tools/screenshot-tab.js +22 -0
package/dist/browser-tools/screenshot-tab.js.map +1 -0
package/dist/browser-tools/scroll.d.ts +23 -0
package/dist/browser-tools/scroll.d.ts.map +1 -0
package/dist/browser-tools/scroll.js +56 -0
package/dist/browser-tools/scroll.js.map +1 -0
package/dist/browser-tools/select-option.d.ts +12 -0
package/dist/browser-tools/select-option.d.ts.map +1 -0
package/dist/browser-tools/select-option.js +25 -0
package/dist/browser-tools/select-option.js.map +1 -0
package/dist/browser-tools/set-cookie.d.ts +16 -0
package/dist/browser-tools/set-cookie.d.ts.map +1 -0
package/dist/browser-tools/set-cookie.js +42 -0
package/dist/browser-tools/set-cookie.js.map +1 -0
package/dist/browser-tools/type-text.d.ts +12 -0
package/dist/browser-tools/type-text.d.ts.map +1 -0
package/dist/browser-tools/type-text.js +25 -0
package/dist/browser-tools/type-text.js.map +1 -0
package/dist/browser-tools/url-validation.d.ts +13 -0
package/dist/browser-tools/url-validation.d.ts.map +1 -0
package/dist/browser-tools/url-validation.js +23 -0
package/dist/browser-tools/url-validation.js.map +1 -0
package/dist/browser-tools/wait-for-element.d.ts +12 -0
package/dist/browser-tools/wait-for-element.d.ts.map +1 -0
package/dist/browser-tools/wait-for-element.js +29 -0
package/dist/browser-tools/wait-for-element.js.map +1 -0
package/dist/config.d.ts +99 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +344 -0
package/dist/config.js.map +1 -0
package/dist/dev-mode.d.ts +14 -0
package/dist/dev-mode.d.ts.map +1 -0
package/dist/dev-mode.js +15 -0
package/dist/dev-mode.js.map +1 -0
package/dist/discovery-legacy.d.ts +32 -0
package/dist/discovery-legacy.d.ts.map +1 -0
package/dist/discovery-legacy.js +415 -0
package/dist/discovery-legacy.js.map +1 -0
package/dist/discovery.d.ts +28 -0
package/dist/discovery.d.ts.map +1 -0
package/dist/discovery.js +97 -0
package/dist/discovery.js.map +1 -0
package/dist/extension-install.d.ts +27 -0
package/dist/extension-install.d.ts.map +1 -0
package/dist/extension-install.js +75 -0
package/dist/extension-install.js.map +1 -0
package/dist/extension-protocol.d.ts +130 -0
package/dist/extension-protocol.d.ts.map +1 -0
package/dist/extension-protocol.js +869 -0
package/dist/extension-protocol.js.map +1 -0
package/dist/file-watcher.d.ts +75 -0
package/dist/file-watcher.d.ts.map +1 -0
package/dist/file-watcher.js +616 -0
package/dist/file-watcher.js.map +1 -0
package/dist/http-routes.d.ts +88 -0
package/dist/http-routes.d.ts.map +1 -0
package/dist/http-routes.js +545 -0
package/dist/http-routes.js.map +1 -0
package/dist/index.d.ts +45 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +187 -0
package/dist/index.js.map +1 -0
package/dist/loader.d.ts +100 -0
package/dist/loader.d.ts.map +1 -0
package/dist/loader.js +402 -0
package/dist/loader.js.map +1 -0
package/dist/log-buffer.d.ts +33 -0
package/dist/log-buffer.d.ts.map +1 -0
package/dist/log-buffer.js +64 -0
package/dist/log-buffer.js.map +1 -0
package/dist/logger.d.ts +34 -0
package/dist/logger.d.ts.map +1 -0
package/dist/logger.js +81 -0
package/dist/logger.js.map +1 -0
package/dist/manifest-schema.d.ts +14 -0
package/dist/manifest-schema.d.ts.map +1 -0
package/dist/manifest-schema.js +51 -0
package/dist/manifest-schema.js.map +1 -0
package/dist/mcp-setup.d.ts +131 -0
package/dist/mcp-setup.d.ts.map +1 -0
package/dist/mcp-setup.js +673 -0
package/dist/mcp-setup.js.map +1 -0
package/dist/permissions.d.ts +59 -0
package/dist/permissions.d.ts.map +1 -0
package/dist/permissions.js +141 -0
package/dist/permissions.js.map +1 -0
package/dist/registry.d.ts +78 -0
package/dist/registry.d.ts.map +1 -0
package/dist/registry.js +187 -0
package/dist/registry.js.map +1 -0
package/dist/reload.d.ts +52 -0
package/dist/reload.d.ts.map +1 -0
package/dist/reload.js +326 -0
package/dist/reload.js.map +1 -0
package/dist/resolver.d.ts +53 -0
package/dist/resolver.d.ts.map +1 -0
package/dist/resolver.js +272 -0
package/dist/resolver.js.map +1 -0
package/dist/sanitize-error.d.ts +8 -0
package/dist/sanitize-error.d.ts.map +1 -0
package/dist/sanitize-error.js +25 -0
package/dist/sanitize-error.js.map +1 -0
package/dist/sanitize-tool-output.d.ts +20 -0
package/dist/sanitize-tool-output.d.ts.map +1 -0
package/dist/sanitize-tool-output.js +52 -0
package/dist/sanitize-tool-output.js.map +1 -0
package/dist/sdk-version.d.ts +11 -0
package/dist/sdk-version.d.ts.map +1 -0
package/dist/sdk-version.js +23 -0
package/dist/sdk-version.js.map +1 -0
package/dist/shutdown.d.ts +28 -0
package/dist/shutdown.d.ts.map +1 -0
package/dist/shutdown.js +68 -0
package/dist/shutdown.js.map +1 -0
package/dist/skip-confirmation.d.ts +15 -0
package/dist/skip-confirmation.d.ts.map +1 -0
package/dist/skip-confirmation.js +16 -0
package/dist/skip-confirmation.js.map +1 -0
package/dist/skip-sanitization.d.ts +17 -0
package/dist/skip-sanitization.d.ts.map +1 -0
package/dist/skip-sanitization.js +18 -0
package/dist/skip-sanitization.js.map +1 -0
package/dist/skip-verification.d.ts +11 -0
package/dist/skip-verification.d.ts.map +1 -0
package/dist/skip-verification.js +12 -0
package/dist/skip-verification.js.map +1 -0
package/dist/state.d.ts +290 -0
package/dist/state.d.ts.map +1 -0
package/dist/state.js +111 -0
package/dist/state.js.map +1 -0
package/dist/verify-plugin.d.ts +53 -0
package/dist/verify-plugin.d.ts.map +1 -0
package/dist/verify-plugin.js +123 -0
package/dist/verify-plugin.js.map +1 -0
package/dist/version-check.d.ts +35 -0
package/dist/version-check.d.ts.map +1 -0
package/dist/version-check.js +111 -0
package/dist/version-check.js.map +1 -0
package/dist/version.d.ts +10 -0
package/dist/version.d.ts.map +1 -0
package/dist/version.js +22 -0
package/dist/version.js.map +1 -0
package/package.json +28 -0

package/dist/browser-tools/analyze-site/index.js ADDED Viewed

@@ -0,0 +1,827 @@
+/**
+ * Site analyzer orchestrator.
+ *
+ * Collects data from the page using browser tool handlers (open tab, network
+ * capture, execute script, get cookies, get storage, get network requests),
+ * then passes the collected data through each detection module to produce a
+ * comprehensive site analysis report.
+ */
+import { detectApis } from './detect-apis.js';
+import { detectAuth } from './detect-auth.js';
+import { detectDom } from './detect-dom.js';
+import { detectFramework } from './detect-framework.js';
+import { detectGlobals } from './detect-globals.js';
+import { detectStorage } from './detect-storage.js';
+import { dispatchToExtension, writeExecFile, deleteExecFile } from '../../extension-protocol.js';
+// ---------------------------------------------------------------------------
+// Script execution helper
+// ---------------------------------------------------------------------------
+/**
+ * Execute JavaScript in a tab's MAIN world and return the result.
+ * Uses the file-based injection pattern (writeExecFile → dispatchToExtension → deleteExecFile)
+ * to bypass page CSP restrictions.
+ */
+const executeInTab = async (state, tabId, code) => {
+    const execId = crypto.randomUUID();
+    const filename = await writeExecFile(execId, code);
+    try {
+        const result = (await dispatchToExtension(state, 'browser.executeScript', {
+            tabId,
+            execFile: filename,
+        }));
+        // Unwrap the nested result from browser.executeScript:
+        // The extension returns { value: { value: <actual>, error?: <msg> } }
+        const inner = result?.value;
+        if (inner?.error) {
+            throw new Error(`Script execution error: ${inner.error}`);
+        }
+        return inner?.value ?? null;
+    }
+    finally {
+        void deleteExecFile(filename);
+    }
+};
+// ---------------------------------------------------------------------------
+// Page-context scripts
+// ---------------------------------------------------------------------------
+/**
+ * Returns JS code that collects CSRF tokens from meta tags and hidden inputs.
+ * Runs in the page context (MAIN world).
+ */
+const CSRF_SCRIPT = `
+  const tokens = [];
+  // Meta tags
+  for (const meta of document.querySelectorAll('meta[name]')) {
+    const name = (meta.getAttribute('name') || '').toLowerCase();
+    if (name === 'csrf-token' || name === '_csrf' || name === 'csrf_token' || name === 'csrf') {
+      const value = meta.getAttribute('content') || '';
+      if (value) tokens.push({ source: 'meta', name: meta.getAttribute('name'), value });
+    }
+  }
+  // Hidden inputs
+  for (const input of document.querySelectorAll('input[type="hidden"]')) {
+    const name = (input.getAttribute('name') || '').toLowerCase();
+    if (name === 'authenticity_token' || name === '_token' || name === 'csrfmiddlewaretoken' || name === '__requestverificationtoken' || name === '_csrf' || name === 'csrf_token') {
+      tokens.push({ source: 'hidden-input', name: input.getAttribute('name'), value: input.value });
+    }
+  }
+  return tokens;
+`;
+/**
+ * Returns JS code that probes for well-known SSR globals and extracts nested auth data.
+ * Runs in the page context.
+ */
+const GLOBALS_AUTH_SCRIPT = `
+  const paths = ['__NEXT_DATA__', '__NUXT__', '__INITIAL_STATE__', '__APP_STATE__'];
+  const results = [];
+  for (const path of paths) {
+    if (typeof window[path] !== 'undefined') {
+      results.push({ path, value: window[path] });
+    }
+  }
+  return results;
+`;
+/**
+ * Returns JS code that detects frameworks by probing globals and DOM markers.
+ */
+const FRAMEWORK_PROBE_SCRIPT = `
+  const probes = [];
+  // React
+  if (window.__REACT_DEVTOOLS_GLOBAL_HOOK__) {
+    let version;
+    try {
+      const hook = window.__REACT_DEVTOOLS_GLOBAL_HOOK__;
+      if (hook.renderers && hook.renderers.size > 0) {
+        const renderer = hook.renderers.values().next().value;
+        if (renderer && renderer.version) version = renderer.version;
+      }
+    } catch {}
+    probes.push({ name: 'react', version });
+  }
+  // Next.js
+  if (window.__NEXT_DATA__) {
+    let version;
+    try { version = window.__NEXT_DATA__.buildId; } catch {}
+    probes.push({ name: 'nextjs', version });
+  }
+  // Vue
+  if (window.__VUE__) {
+    probes.push({ name: 'vue', version: undefined });
+  }
+  if (window.__VUE_DEVTOOLS_GLOBAL_HOOK__) {
+    const hook = window.__VUE_DEVTOOLS_GLOBAL_HOOK__;
+    if (hook.Vue) {
+      probes.push({ name: 'vue', version: hook.Vue.version });
+    }
+  }
+  // Nuxt
+  if (window.__NUXT__) {
+    probes.push({ name: 'nuxt', version: undefined });
+  }
+  // Angular — look for ng-version attribute
+  const ngEl = document.querySelector('[ng-version]');
+  if (ngEl) {
+    probes.push({ name: 'angular', version: ngEl.getAttribute('ng-version') || undefined });
+  }
+  // Svelte
+  if (window.__svelte_meta || document.querySelector('[data-svelte-h]')) {
+    probes.push({ name: 'svelte', version: undefined });
+  }
+  // jQuery
+  if (window.jQuery || window.$) {
+    const jq = window.jQuery || window.$;
+    probes.push({ name: 'jquery', version: typeof jq.fn === 'object' ? jq.fn.jquery : undefined });
+  }
+  // Ember
+  if (window.Ember) {
+    probes.push({ name: 'ember', version: window.Ember.VERSION || undefined });
+  }
+  // Backbone
+  if (window.Backbone) {
+    probes.push({ name: 'backbone', version: window.Backbone.VERSION || undefined });
+  }
+  // Deduplicate by name (keep first occurrence with version)
+  const seen = new Set();
+  const unique = [];
+  for (const p of probes) {
+    if (!seen.has(p.name)) {
+      seen.add(p.name);
+      unique.push(p);
+    }
+  }
+  return unique;
+`;
+/**
+ * Returns JS code that detects SPA/SSR signals.
+ */
+const SPA_SSR_PROBE_SCRIPT = `
+  // Single root element check
+  const body = document.body;
+  const children = body ? Array.from(body.children).filter(el => {
+    const tag = el.tagName.toLowerCase();
+    return tag !== 'script' && tag !== 'style' && tag !== 'link' && tag !== 'noscript';
+  }) : [];
+  const hasSingleRootElement = children.length === 1;
+  // pushState evidence: check for known SPA container IDs
+  const spaContainerIds = ['root', 'app', '__next', '__nuxt', 'svelte'];
+  const hasKnownSpaContainer = spaContainerIds.some(id => document.getElementById(id) !== null);
+  const usesPushState = hasKnownSpaContainer;
+  const hasNextData = typeof window.__NEXT_DATA__ !== 'undefined';
+  const hasNuxtData = typeof window.__NUXT__ !== 'undefined';
+  // Hydration markers
+  const hasHydrationMarkers = !!(
+    document.querySelector('[data-reactroot]') ||
+    document.querySelector('[data-server-rendered]') ||
+    document.querySelector('[data-react-helmet]') ||
+    (window.__NEXT_DATA__ && window.__NEXT_DATA__.props)
+  );
+  return { hasSingleRootElement, usesPushState, hasNextData, hasNuxtData, hasHydrationMarkers };
+`;
+/**
+ * Returns JS code that scans window globals for non-standard properties.
+ */
+const GLOBALS_SCAN_SCRIPT = `
+  const BROWSER_BUILTINS = new Set([
+    'undefined','NaN','Infinity','globalThis','window','self','document','name','location',
+    'customElements','history','navigation','locationbar','menubar','personalbar',
+    'scrollbars','statusbar','toolbar','status','closed','frames','length','top',
+    'opener','parent','frameElement','navigator','origin','external','screen',
+    'visualViewport','innerWidth','innerHeight','outerWidth','outerHeight',
+    'devicePixelRatio','clientInformation','screenX','screenY','screenLeft',
+    'screenTop','styleMedia','onsearch','isSecureContext','crossOriginIsolated',
+    'performance','caches','cookieStore','onappinstalled','onbeforeinstallprompt',
+    'crypto','indexedDB','sessionStorage','localStorage','chrome','speechSynthesis',
+    'webkitRequestAnimationFrame','webkitCancelAnimationFrame','fetch',
+    'alert','atob','blur','btoa','cancelAnimationFrame','cancelIdleCallback',
+    'captureEvents','clearInterval','clearTimeout','close','confirm',
+    'createImageBitmap','find','focus','getComputedStyle','getSelection',
+    'matchMedia','moveBy','moveTo','open','postMessage','print','prompt',
+    'queueMicrotask','releaseEvents','reportError','requestAnimationFrame',
+    'requestIdleCallback','resizeBy','resizeTo','scroll','scrollBy','scrollTo',
+    'setInterval','setTimeout','stop','structuredClone','webkitRequestFileSystem',
+    'webkitResolveLocalFileSystemURL','addEventListener','removeEventListener',
+    'dispatchEvent','getScreenDetails','queryLocalFonts','showDirectoryPicker',
+    'showOpenFilePicker','showSavePicker','originAgentCluster','trustedTypes',
+    'screenIsExtended','onscreenchange','credentialless','documentPictureInPicture',
+    'launchQueue','sharedStorage','onpageswap','onpagereveal','onpageshow',
+    'onpagehide','onbeforeunload','onunload','onload','onerror','onmessage',
+    'onmessageerror','onpopstate','onrejectionhandled','onstorage',
+    'onunhandledrejection','onhashchange','onlanguagechange','onbeforetoggle',
+    'oncontentvisibilityautostatechange','onscrollend','onbeforematch',
+    'onauxclick','onblur','oncancel','oncanplay','oncanplaythrough','onchange',
+    'onclick','onclose','oncontextlost','oncontextmenu','oncontextrestored',
+    'oncuechange','ondblclick','ondrag','ondragend','ondragenter','ondragleave',
+    'ondragover','ondragstart','ondrop','ondurationchange','onemptied','onended',
+    'onfocus','onformdata','ongotpointercapture','oninput','oninvalid',
+    'onkeydown','onkeypress','onkeyup','onloadeddata','onloadedmetadata',
+    'onloadstart','onlostpointercapture','onmousedown','onmouseenter',
+    'onmouseleave','onmousemove','onmouseout','onmouseover','onmouseup',
+    'onmousewheel','onpause','onplay','onplaying','onpointercancel',
+    'onpointerdown','onpointerenter','onpointerleave','onpointermove',
+    'onpointerout','onpointerover','onpointerrawupdate','onpointerup',
+    'onprogress','onratechange','onreset','onresize','onscroll',
+    'onsecuritypolicyviolation','onseeked','onseeking','onselect',
+    'onselectionchange','onselectstart','onslotchange','onstalled','onsubmit',
+    'onsuspend','ontimeupdate','ontoggle','ontransitioncancel','ontransitionend',
+    'ontransitionrun','ontransitionstart','onvolumechange','onwaiting',
+    'onwebkitanimationend','onwebkitanimationiteration','onwebkitanimationstart',
+    'onwebkittransitionend','onwheel','onanimationend','onanimationiteration',
+    'onanimationstart','onabeforeprint','onafterprint','onbeforexrselect',
+    'onabort','onbeforeinput','onbeforecopy','onbeforecut','onbeforepaste',
+    'oncopy','oncut','onpaste','onfreeze','onresume','scheduler','onbeforeprint',
+    'onafterprint','Array','ArrayBuffer','BigInt','BigInt64Array','BigUint64Array',
+    'Boolean','DataView','Date','Error','EvalError','FinalizationRegistry',
+    'Float32Array','Float64Array','Function','Int16Array','Int32Array','Int8Array',
+    'Map','Number','Object','Promise','Proxy','RangeError','ReferenceError',
+    'RegExp','Set','SharedArrayBuffer','String','Symbol','SyntaxError','TypeError',
+    'URIError','Uint16Array','Uint32Array','Uint8Array','Uint8ClampedArray',
+    'WeakMap','WeakRef','WeakSet','decodeURI','decodeURIComponent','encodeURI',
+    'encodeURIComponent','escape','eval','isFinite','isNaN','parseFloat','parseInt',
+    'unescape','AbortController','AbortSignal','Blob','BroadcastChannel',
+    'ByteLengthQueuingStrategy','CSS','CSSAnimation','CSSConditionRule',
+    'CSSFontFaceRule','CSSGroupingRule','CSSKeyframeRule','CSSKeyframesRule',
+    'CSSLayerBlockRule','CSSLayerStatementRule','CSSMediaRule','CSSNamespaceRule',
+    'CSSPageRule','CSSPropertyRule','CSSRule','CSSRuleList','CSSStyleDeclaration',
+    'CSSStyleRule','CSSStyleSheet','CSSSupportsRule','CSSTransition',
+    'Cache','CacheStorage','CanvasGradient','CanvasPattern',
+    'CanvasRenderingContext2D','ClipboardEvent','CloseEvent','Comment',
+    'CompositionEvent','CountQueuingStrategy','CustomElementRegistry',
+    'CustomEvent','DOMException','DOMImplementation','DOMMatrix',
+    'DOMMatrixReadOnly','DOMParser','DOMPoint','DOMPointReadOnly','DOMQuad',
+    'DOMRect','DOMRectList','DOMRectReadOnly','DOMStringList','DOMStringMap',
+    'DOMTokenList','Document','DocumentFragment','DocumentType','Element',
+    'ErrorEvent','Event','EventSource','EventTarget','File','FileList',
+    'FileReader','FocusEvent','FontFace','FontFaceSet','FormData',
+    'FormDataEvent','HTMLAllCollection','HTMLAnchorElement','HTMLAreaElement',
+    'HTMLAudioElement','HTMLBRElement','HTMLBaseElement','HTMLBodyElement',
+    'HTMLButtonElement','HTMLCanvasElement','HTMLCollection','HTMLDListElement',
+    'HTMLDataElement','HTMLDataListElement','HTMLDetailsElement','HTMLDialogElement',
+    'HTMLDirectoryElement','HTMLDivElement','HTMLDocument','HTMLElement',
+    'HTMLEmbedElement','HTMLFieldSetElement','HTMLFontElement','HTMLFormElement',
+    'HTMLFrameElement','HTMLFrameSetElement','HTMLHRElement','HTMLHeadElement',
+    'HTMLHeadingElement','HTMLHtmlElement','HTMLIFrameElement','HTMLImageElement',
+    'HTMLInputElement','HTMLLIElement','HTMLLabelElement','HTMLLegendElement',
+    'HTMLLinkElement','HTMLMapElement','HTMLMarqueeElement','HTMLMediaElement',
+    'HTMLMenuElement','HTMLMetaElement','HTMLMeterElement','HTMLModElement',
+    'HTMLOListElement','HTMLObjectElement','HTMLOptGroupElement','HTMLOptionElement',
+    'HTMLOutputElement','HTMLParagraphElement','HTMLParamElement','HTMLPictureElement',
+    'HTMLPreElement','HTMLProgressElement','HTMLQuoteElement','HTMLScriptElement',
+    'HTMLSelectElement','HTMLSlotElement','HTMLSourceElement','HTMLSpanElement',
+    'HTMLStyleElement','HTMLTableCaptionElement','HTMLTableCellElement',
+    'HTMLTableColElement','HTMLTableElement','HTMLTableRowElement',
+    'HTMLTableSectionElement','HTMLTemplateElement','HTMLTextAreaElement',
+    'HTMLTimeElement','HTMLTitleElement','HTMLTrackElement','HTMLUListElement',
+    'HTMLUnknownElement','HTMLVideoElement','HashChangeEvent','Headers',
+    'History','IDBCursor','IDBCursorWithValue','IDBDatabase','IDBFactory',
+    'IDBIndex','IDBKeyRange','IDBObjectStore','IDBOpenDBRequest','IDBRequest',
+    'IDBTransaction','IDBVersionChangeEvent','Image','ImageBitmap',
+    'ImageBitmapRenderingContext','ImageData','InputEvent','IntersectionObserver',
+    'IntersectionObserverEntry','JSON','KeyboardEvent','Location',
+    'MathMLElement','MediaEncryptedEvent','MediaError','MediaList',
+    'MediaQueryList','MediaQueryListEvent','MediaSource','MessageChannel',
+    'MessageEvent','MessagePort','MouseEvent','MutationEvent','MutationObserver',
+    'MutationRecord','NamedNodeMap','Navigator','Node','NodeFilter',
+    'NodeIterator','NodeList','Notification','OfflineAudioCompletionEvent',
+    'OffscreenCanvas','OffscreenCanvasRenderingContext2D','Option',
+    'PageTransitionEvent','Path2D','Performance','PerformanceEntry',
+    'PerformanceMark','PerformanceMeasure','PerformanceNavigation',
+    'PerformanceNavigationTiming','PerformanceObserver','PerformanceObserverEntryList',
+    'PerformancePaintTiming','PerformanceResourceTiming','PerformanceServerTiming',
+    'PerformanceTiming','PointerEvent','PopStateEvent','ProcessingInstruction',
+    'ProgressEvent','PromiseRejectionEvent','Range','ReadableByteStreamController',
+    'ReadableStream','ReadableStreamBYOBReader','ReadableStreamBYOBRequest',
+    'ReadableStreamDefaultController','ReadableStreamDefaultReader','Request',
+    'ResizeObserver','ResizeObserverEntry','ResizeObserverSize','Response',
+    'SVGAElement','SVGAngle','SVGAnimateElement','SVGAnimateMotionElement',
+    'SVGAnimateTransformElement','SVGAnimatedAngle','SVGAnimatedBoolean',
+    'SVGAnimatedEnumeration','SVGAnimatedInteger','SVGAnimatedLength',
+    'SVGAnimatedLengthList','SVGAnimatedNumber','SVGAnimatedNumberList',
+    'SVGAnimatedPreserveAspectRatio','SVGAnimatedRect','SVGAnimatedString',
+    'SVGAnimatedTransformList','SVGAnimationElement','SVGCircleElement',
+    'SVGClipPathElement','SVGComponentTransferFunctionElement','SVGDefsElement',
+    'SVGDescElement','SVGElement','SVGEllipseElement','SVGFEBlendElement',
+    'SVGFEColorMatrixElement','SVGFEComponentTransferElement',
+    'SVGFECompositeElement','SVGFEConvolveMatrixElement',
+    'SVGFEDiffuseLightingElement','SVGFEDisplacementMapElement',
+    'SVGFEDistantLightElement','SVGFEDropShadowElement','SVGFEFloodElement',
+    'SVGFEFuncAElement','SVGFEFuncBElement','SVGFEFuncGElement',
+    'SVGFEFuncRElement','SVGFEGaussianBlurElement','SVGFEImageElement',
+    'SVGFEMergeElement','SVGFEMergeNodeElement','SVGFEMorphologyElement',
+    'SVGFEOffsetElement','SVGFEPointLightElement',
+    'SVGFESpecularLightingElement','SVGFESpotLightElement','SVGFETileElement',
+    'SVGFETurbulenceElement','SVGFilterElement','SVGForeignObjectElement',
+    'SVGGElement','SVGGeometryElement','SVGGradientElement','SVGGraphicsElement',
+    'SVGImageElement','SVGLength','SVGLengthList','SVGLineElement',
+    'SVGLinearGradientElement','SVGMPathElement','SVGMarkerElement',
+    'SVGMaskElement','SVGMatrix','SVGMetadataElement','SVGNumber',
+    'SVGNumberList','SVGPathElement','SVGPatternElement','SVGPoint',
+    'SVGPointList','SVGPolygonElement','SVGPolylineElement',
+    'SVGPreserveAspectRatio','SVGRadialGradientElement','SVGRect',
+    'SVGRectElement','SVGSVGElement','SVGScriptElement','SVGSetElement',
+    'SVGStopElement','SVGStringList','SVGStyleElement','SVGSwitchElement',
+    'SVGSymbolElement','SVGTSpanElement','SVGTextContentElement',
+    'SVGTextElement','SVGTextPathElement','SVGTextPositioningElement',
+    'SVGTitleElement','SVGTransform','SVGTransformList','SVGUnitTypes',
+    'SVGUseElement','SVGViewElement','Screen','SecurityPolicyViolationEvent',
+    'Selection','ServiceWorker','ServiceWorkerContainer',
+    'ServiceWorkerRegistration','ShadowRoot','SourceBuffer','SourceBufferList',
+    'StaticRange','Storage','StorageEvent','StyleSheet','StyleSheetList',
+    'SubmitEvent','Text','TextDecoder','TextEncoder','TextEvent','TextMetrics',
+    'TextTrack','TextTrackCue','TextTrackCueList','TextTrackList',
+    'TimeRanges','Touch','TouchEvent','TouchList','TrackEvent',
+    'TransformStream','TransformStreamDefaultController','TransitionEvent',
+    'TreeWalker','UIEvent','URL','URLSearchParams','VTTCue','ValidityState',
+    'VisualViewport','WaveShaperNode','WebGL2RenderingContext',
+    'WebGLActiveInfo','WebGLBuffer','WebGLContextEvent','WebGLFramebuffer',
+    'WebGLProgram','WebGLQuery','WebGLRenderbuffer','WebGLRenderingContext',
+    'WebGLSampler','WebGLShader','WebGLShaderPrecisionFormat','WebGLSync',
+    'WebGLTexture','WebGLTransformFeedback','WebGLUniformLocation',
+    'WebGLVertexArrayObject','WebSocket','WheelEvent','Window','Worker',
+    'WritableStream','WritableStreamDefaultController',
+    'WritableStreamDefaultWriter','XMLDocument','XMLHttpRequest',
+    'XMLHttpRequestEventTarget','XMLHttpRequestUpload','XMLSerializer',
+    'XPathEvaluator','XPathExpression','XPathResult','XSLTProcessor',
+    'Audio','Atomics','Math','Reflect','console','WebAssembly',
+    'FontFaceSetLoadEvent','MediaCapabilities','Scheduler','Sanitizer',
+    'TrustedHTML','TrustedScript','TrustedScriptURL','TrustedTypePolicy',
+    'TrustedTypePolicyFactory','DocumentTimeline','AnimationTimeline',
+    'Animation','AnimationEffect','AnimationEvent','AnimationPlaybackEvent',
+    'KeyframeEffect','ComputedEffectTiming','EffectTiming',
+    'getComputedStyle','matchMedia',
+    '__REACT_DEVTOOLS_GLOBAL_HOOK__','__VUE_DEVTOOLS_GLOBAL_HOOK__',
+  ]);
+  const results = [];
+  const keys = Object.keys(window);
+  for (const key of keys) {
+    if (BROWSER_BUILTINS.has(key)) continue;
+    if (key.startsWith('_') && key.startsWith('__zone') ) continue;
+    try {
+      const val = window[key];
+      const type = typeof val;
+      let topLevelKeys;
+      if (type === 'object' && val !== null && !Array.isArray(val)) {
+        try {
+          topLevelKeys = Object.keys(val).slice(0, 20);
+        } catch {}
+      }
+      results.push({ path: key, type, topLevelKeys });
+    } catch {}
+  }
+  return results;
+`;
+/**
+ * Returns JS code that collects form data from the page.
+ */
+const FORMS_SCRIPT = `
+  const forms = [];
+  for (const form of document.querySelectorAll('form')) {
+    const fields = [];
+    for (const el of form.querySelectorAll('input, select, textarea')) {
+      const name = el.getAttribute('name') || '';
+      const type = el.getAttribute('type') || el.tagName.toLowerCase();
+      if (name) fields.push({ name, type });
+    }
+    forms.push({
+      action: form.getAttribute('action') || '',
+      method: (form.getAttribute('method') || 'GET').toUpperCase(),
+      fields,
+    });
+  }
+  return forms;
+`;
+/**
+ * Returns JS code that collects interactive elements from the page.
+ */
+const INTERACTIVE_ELEMENTS_SCRIPT = `
+  const elements = [];
+  const selectors = 'button, [onclick], a[href^="javascript:"], input, select, textarea, [role="button"]';
+  const limit = 100;
+  let count = 0;
+  for (const el of document.querySelectorAll(selectors)) {
+    if (count >= limit) break;
+    elements.push({
+      tag: el.tagName.toLowerCase(),
+      type: el.getAttribute('type') || undefined,
+      name: el.getAttribute('name') || undefined,
+      id: el.id || undefined,
+      text: (el.textContent || '').trim().slice(0, 100) || undefined,
+    });
+    count++;
+  }
+  return elements;
+`;
+/**
+ * Returns JS code that collects unique data-* attribute names from the page.
+ */
+const DATA_ATTRIBUTES_SCRIPT = `
+  const attrs = new Set();
+  for (const el of document.querySelectorAll('*')) {
+    if (el.dataset) {
+      for (const key of Object.keys(el.dataset)) {
+        attrs.add(key);
+      }
+    }
+    if (attrs.size > 200) break;
+  }
+  return Array.from(attrs);
+`;
+/**
+ * Returns JS code that collects storage key names.
+ */
+const STORAGE_KEYS_SCRIPT = `
+  const cookieNames = [];
+  try {
+    const cookieStr = document.cookie;
+    if (cookieStr) {
+      for (const pair of cookieStr.split(';')) {
+        const eqIdx = pair.indexOf('=');
+        if (eqIdx > 0) {
+          cookieNames.push(pair.slice(0, eqIdx).trim());
+        }
+      }
+    }
+  } catch {}
+  let localStorageKeys = [];
+  try { localStorageKeys = Object.keys(localStorage); } catch {}
+  let sessionStorageKeys = [];
+  try { sessionStorageKeys = Object.keys(sessionStorage); } catch {}
+  return { cookieNames, localStorageKeys, sessionStorageKeys };
+`;
+/**
+ * Returns JS code that reads localStorage/sessionStorage entries (keys + values)
+ * for auth detection (JWT detection needs values).
+ */
+const STORAGE_ENTRIES_SCRIPT = `
+  const localEntries = [];
+  try {
+    for (const key of Object.keys(localStorage)) {
+      try {
+        const val = localStorage.getItem(key);
+        if (val !== null) localEntries.push({ key, value: val });
+      } catch {}
+    }
+  } catch {}
+  const sessionEntries = [];
+  try {
+    for (const key of Object.keys(sessionStorage)) {
+      try {
+        const val = sessionStorage.getItem(key);
+        if (val !== null) sessionEntries.push({ key, value: val });
+      } catch {}
+    }
+  } catch {}
+  return { localEntries, sessionEntries };
+`;
+// ---------------------------------------------------------------------------
+// Suggestion generation
+// ---------------------------------------------------------------------------
+/**
+ * Generate tool suggestions from the analysis results.
+ * Produces actionable suggestions for plugin developers based on detected
+ * APIs, forms, and capabilities.
+ */
+const generateSuggestions = (apis, dom, auth, _framework) => {
+    const suggestions = [];
+    // REST API suggestions
+    for (const endpoint of apis.endpoints) {
+        if (endpoint.protocol === 'rest') {
+            const suggestion = restEndpointSuggestion(endpoint);
+            if (suggestion)
+                suggestions.push(suggestion);
+        }
+    }
+    // GraphQL suggestions
+    const graphqlEndpoints = apis.endpoints.filter(e => e.protocol === 'graphql');
+    if (graphqlEndpoints.length > 0) {
+        suggestions.push({
+            toolName: 'graphql_query',
+            description: 'Execute GraphQL queries against the site API',
+            approach: `Send POST requests to ${graphqlEndpoints[0]?.url ?? '/graphql'} with { query, variables } body. Use fetchJSON from the plugin SDK with the site's auth headers.`,
+            complexity: 'medium',
+        });
+        // Suggest tools based on observed query body samples
+        for (const ep of graphqlEndpoints) {
+            if (ep.requestBodySample) {
+                const queryTools = graphqlQuerySuggestions(ep);
+                suggestions.push(...queryTools);
+            }
+        }
+    }
+    // JSON-RPC suggestions
+    const jsonrpcEndpoints = apis.endpoints.filter(e => e.protocol === 'jsonrpc');
+    if (jsonrpcEndpoints.length > 0) {
+        suggestions.push({
+            toolName: 'rpc_call',
+            description: 'Execute JSON-RPC calls against the site API',
+            approach: `Send POST requests to ${jsonrpcEndpoints[0]?.url ?? '/rpc'} with { jsonrpc: "2.0", method, params, id } body.`,
+            complexity: 'medium',
+        });
+    }
+    // tRPC suggestions
+    const trpcEndpoints = apis.endpoints.filter(e => e.protocol === 'trpc');
+    if (trpcEndpoints.length > 0) {
+        for (const ep of trpcEndpoints) {
+            const procedureName = extractTrpcProcedure(ep.url);
+            if (procedureName) {
+                suggestions.push({
+                    toolName: `trpc_${procedureName.replace(/\./g, '_')}`,
+                    description: `Call tRPC procedure ${procedureName}`,
+                    approach: `${ep.method} ${ep.url}${ep.method === 'POST' ? ' with JSON body' : ' with query params'}. Auth: ${auth.authenticated ? 'include session credentials' : 'none detected'}.`,
+                    complexity: 'low',
+                });
+            }
+        }
+    }
+    // WebSocket suggestions
+    const wsEndpoints = apis.endpoints.filter(e => e.protocol === 'websocket');
+    if (wsEndpoints.length > 0) {
+        suggestions.push({
+            toolName: 'subscribe_realtime',
+            description: 'Subscribe to real-time WebSocket updates',
+            approach: `Connect to ${wsEndpoints[0]?.url ?? 'the WebSocket endpoint'}. Monitor incoming messages for real-time data updates.`,
+            complexity: 'high',
+        });
+    }
+    // Form suggestions
+    for (const form of dom.forms) {
+        if (form.fields.length > 0) {
+            const formName = deriveFormName(form);
+            suggestions.push({
+                toolName: `submit_${formName}`,
+                description: `Submit the ${formName} form`,
+                approach: `POST to ${form.action || 'current page'} with fields: ${form.fields.map(f => f.name).join(', ')}. ${auth.methods.some(m => m.type === 'csrf-token') ? 'Include CSRF token from meta tag or hidden input.' : ''}`,
+                complexity: 'low',
+            });
+        }
+    }
+    return suggestions;
+};
+/** Generate a suggestion for a REST endpoint. */
+const restEndpointSuggestion = (endpoint) => {
+    const urlPath = extractPathSegments(endpoint.url);
+    if (!urlPath)
+        return undefined;
+    const resourceName = extractResourceName(urlPath);
+    if (!resourceName)
+        return undefined;
+    const verb = httpMethodToVerb(endpoint.method);
+    const toolName = `${verb}_${resourceName}`;
+    return {
+        toolName,
+        description: `${capitalizeFirst(verb)} ${resourceName} via ${endpoint.method} ${urlPath}`,
+        approach: `${endpoint.method} ${endpoint.url}${endpoint.requestBodySample ? ` with JSON body (sample: ${endpoint.requestBodySample.slice(0, 100)})` : ''}. ${endpoint.authHeader ? `Include ${endpoint.authHeader} header.` : 'No auth header detected.'}`,
+        complexity: endpoint.method === 'GET' ? 'low' : 'medium',
+    };
+};
+/** Extract GraphQL query/mutation names from a request body sample. */
+const graphqlQuerySuggestions = (endpoint) => {
+    if (!endpoint.requestBodySample)
+        return [];
+    try {
+        const body = JSON.parse(endpoint.requestBodySample);
+        const query = body.query;
+        if (typeof query !== 'string')
+            return [];
+        // Extract operation name: query OperationName { or mutation OperationName {
+        const match = /(?:query|mutation)\s+(\w+)/.exec(query);
+        if (match?.[1]) {
+            const opName = match[1];
+            const isMutation = query.trimStart().startsWith('mutation');
+            return [
+                {
+                    toolName: `gql_${toSnakeCase(opName)}`,
+                    description: `${isMutation ? 'Execute' : 'Query'} ${opName}`,
+                    approach: `POST to ${endpoint.url} with query: "${query.slice(0, 100)}..."`,
+                    complexity: 'medium',
+                },
+            ];
+        }
+    }
+    catch {
+        // Invalid JSON
+    }
+    return [];
+};
+/** Extract tRPC procedure name from URL. */
+const extractTrpcProcedure = (url) => {
+    try {
+        const pathname = new URL(url).pathname;
+        const match = /\/(?:api\/)?trpc\/(.+)$/.exec(pathname);
+        return match?.[1];
+    }
+    catch {
+        return undefined;
+    }
+};
+/** Derive a form name from its fields or action URL. */
+const deriveFormName = (form) => {
+    // Try the action URL
+    if (form.action) {
+        try {
+            const pathname = new URL(form.action, 'http://dummy').pathname;
+            const lastSegment = pathname.split('/').filter(Boolean).pop();
+            if (lastSegment)
+                return toSnakeCase(lastSegment);
+        }
+        catch {
+            // Not a valid URL
+        }
+    }
+    // Fall back to field-based name
+    const hasPassword = form.fields.some(f => f.name.toLowerCase().includes('password'));
+    const hasEmail = form.fields.some(f => f.name.toLowerCase().includes('email'));
+    if (hasPassword && hasEmail)
+        return 'login';
+    if (hasPassword)
+        return 'auth';
+    if (form.fields.some(f => f.name.toLowerCase().includes('search') || f.name.toLowerCase().includes('query')))
+        return 'search';
+    return 'form';
+};
+/** Extract the URL path from a full URL. */
+const extractPathSegments = (url) => {
+    try {
+        return new URL(url).pathname;
+    }
+    catch {
+        return undefined;
+    }
+};
+/** Extract a resource name from a URL path (e.g., /api/items → items). */
+const extractResourceName = (path) => {
+    const segments = path.split('/').filter(Boolean);
+    // Find the last non-version, non-api segment
+    for (let i = segments.length - 1; i >= 0; i--) {
+        const segment = segments[i];
+        if (!segment)
+            continue;
+        if (/^(api|v\d+|graphql|trpc|rpc)$/i.test(segment))
+            continue;
+        // Skip segments that look like IDs (all digits or UUIDs)
+        if (/^\d+$/.test(segment) || /^[0-9a-f-]{36}$/i.test(segment))
+            continue;
+        return toSnakeCase(segment);
+    }
+    return undefined;
+};
+/** Convert an HTTP method to a verb for tool naming. */
+const httpMethodToVerb = (method) => {
+    switch (method.toUpperCase()) {
+        case 'GET':
+            return 'list';
+        case 'POST':
+            return 'create';
+        case 'PUT':
+        case 'PATCH':
+            return 'update';
+        case 'DELETE':
+            return 'delete';
+        default:
+            return method.toLowerCase();
+    }
+};
+/** Convert a string to snake_case. */
+const toSnakeCase = (str) => str
+    .replace(/([a-z])([A-Z])/g, '$1_$2')
+    .replace(/[-\s]+/g, '_')
+    .toLowerCase();
+/** Capitalize the first letter of a string. */
+const capitalizeFirst = (str) => {
+    if (str.length === 0)
+        return str;
+    const first = str[0];
+    if (!first)
+        return str;
+    return first.toUpperCase() + str.slice(1);
+};
+// ---------------------------------------------------------------------------
+// Orchestrator
+// ---------------------------------------------------------------------------
+/** Default wait time (seconds) for network activity after page load. */
+const DEFAULT_WAIT_SECONDS = 5;
+/**
+ * Orchestrate a comprehensive site analysis.
+ *
+ * Flow:
+ * 1. Open tab (or reuse) and navigate to URL
+ * 2. Enable network capture
+ * 3. Wait for API calls (configurable wait time)
+ * 4. Run detection scripts in page context (parallel where possible)
+ * 5. Get captured network requests
+ * 6. Disable network capture
+ * 7. Pass collected data through detection modules
+ * 8. Generate tool suggestions
+ * 9. Return structured result
+ */
+const analyzeSite = async (state, url, waitSeconds = DEFAULT_WAIT_SECONDS) => {
+    // Step 1: Open a new tab
+    const openResult = (await dispatchToExtension(state, 'browser.openTab', { url }));
+    const tabId = openResult.id;
+    try {
+        // Step 2: Enable network capture
+        await dispatchToExtension(state, 'browser.enableNetworkCapture', {
+            tabId,
+            maxRequests: 200,
+        });
+        // Step 3: Wait for page load and API calls
+        await new Promise(resolve => setTimeout(resolve, waitSeconds * 1000));
+        // Step 4: Run detection scripts in the page context sequentially.
+        // Sequential execution avoids the extension's per-method rate limit
+        // (max 10 browser.executeScript calls per second) and is reliable
+        // since each script completes quickly (~5-50ms in page context).
+        const csrfTokens = (await executeInTab(state, tabId, CSRF_SCRIPT));
+        const globalsAuth = (await executeInTab(state, tabId, GLOBALS_AUTH_SCRIPT));
+        const frameworkProbes = (await executeInTab(state, tabId, FRAMEWORK_PROBE_SCRIPT));
+        const spaSsrProbe = (await executeInTab(state, tabId, SPA_SSR_PROBE_SCRIPT));
+        const globalsScan = (await executeInTab(state, tabId, GLOBALS_SCAN_SCRIPT));
+        const forms = (await executeInTab(state, tabId, FORMS_SCRIPT));
+        const interactiveElements = (await executeInTab(state, tabId, INTERACTIVE_ELEMENTS_SCRIPT));
+        const dataAttributes = (await executeInTab(state, tabId, DATA_ATTRIBUTES_SCRIPT));
+        const storageKeys = (await executeInTab(state, tabId, STORAGE_KEYS_SCRIPT));
+        const storageEntries = (await executeInTab(state, tabId, STORAGE_ENTRIES_SCRIPT));
+        const pageTitle = (await executeInTab(state, tabId, 'return document.title'));
+        // Step 5: Get captured network requests
+        const networkResult = (await dispatchToExtension(state, 'browser.getNetworkRequests', {
+            tabId,
+            clear: true,
+        }));
+        const networkRequests = Array.isArray(networkResult)
+            ? networkResult
+            : (networkResult.requests ?? []);
+        // Step 6: Disable network capture
+        await dispatchToExtension(state, 'browser.disableNetworkCapture', { tabId });
+        // Step 7: Get cookies via extension API (includes HttpOnly cookies)
+        const cookieResult = (await dispatchToExtension(state, 'browser.getCookies', { url }));
+        const cookies = cookieResult?.cookies ?? [];
+        // Step 8: Run detection modules
+        const auth = detectAuth({
+            cookies,
+            localStorageEntries: storageEntries.localEntries,
+            sessionStorageEntries: storageEntries.sessionEntries,
+            networkRequests,
+            csrfDomTokens: csrfTokens,
+            windowGlobals: globalsAuth,
+        });
+        const apis = detectApis(networkRequests);
+        const frameworkAnalysis = detectFramework({
+            frameworkProbes,
+            hasSingleRootElement: spaSsrProbe.hasSingleRootElement,
+            usesPushState: spaSsrProbe.usesPushState,
+            hasNextData: spaSsrProbe.hasNextData,
+            hasNuxtData: spaSsrProbe.hasNuxtData,
+            hasHydrationMarkers: spaSsrProbe.hasHydrationMarkers,
+        });
+        const globals = detectGlobals({ globals: globalsScan });
+        const domAnalysis = detectDom({
+            forms,
+            interactiveElements,
+            dataAttributes,
+        });
+        const storage = detectStorage(storageKeys);
+        // Step 9: Generate suggestions
+        const suggestions = generateSuggestions(apis, domAnalysis, auth, frameworkAnalysis);
+        return {
+            url,
+            title: pageTitle,
+            auth,
+            apis,
+            framework: frameworkAnalysis,
+            globals,
+            dom: domAnalysis,
+            storage,
+            suggestions,
+        };
+    }
+    finally {
+        // Clean up: close the tab
+        try {
+            await dispatchToExtension(state, 'browser.closeTab', { tabId });
+        }
+        catch {
+            // Best-effort cleanup — ignore errors
+        }
+    }
+};
+export { analyzeSite };
+//# sourceMappingURL=index.js.map