@reverse-craft/ai-tools 1.0.1 → 1.0.3

package/dist/server.js

@@ -19,118 +19,220 @@ import { ensureBeautified, truncateCodeHighPerf } from "@reverse-craft/smart-fs"
 import { existsSync } from "fs";
 
 // src/llmConfig.ts
+import { generateText } from "ai";
+import { createOpenAI } from "@ai-sdk/openai";
+import { createAnthropic } from "@ai-sdk/anthropic";
+import { createGoogleGenerativeAI } from "@ai-sdk/google";
+var PROVIDER_DEFAULTS = {
+  openai: { model: "gpt-4.1-mini" },
+  anthropic: { model: "claude-haiku-4-5-20241022" },
+  google: { model: "gemini-2.5-flash-lite" }
+};
+var PROVIDER_ENV_KEYS = {
+  openai: {
+    apiKey: "OPENAI_API_KEY",
+    model: "OPENAI_MODEL",
+    baseUrl: "OPENAI_BASE_URL"
+  },
+  anthropic: {
+    apiKey: "ANTHROPIC_API_KEY",
+    model: "ANTHROPIC_MODEL",
+    baseUrl: "ANTHROPIC_BASE_URL"
+  },
+  google: {
+    apiKey: "GOOGLE_API_KEY",
+    model: "GOOGLE_MODEL",
+    baseUrl: "GOOGLE_BASE_URL"
+  }
+};
+function validateProvider(value) {
+  if (value === void 0) return null;
+  if (value === "openai" || value === "anthropic" || value === "google") {
+    return value;
+  }
+  return null;
+}
 function getLLMConfig() {
-  const apiKey = process.env.OPENAI_API_KEY;
+  const providerEnv = process.env.LLM_PROVIDER?.toLowerCase();
+  const provider = validateProvider(providerEnv);
+  if (provider === null && providerEnv !== void 0) {
+    console.warn(`Invalid LLM_PROVIDER: ${providerEnv}. Valid values: openai, anthropic, google`);
+    return null;
+  }
+  const effectiveProvider = provider ?? "openai";
+  const envKeys = PROVIDER_ENV_KEYS[effectiveProvider];
+  const apiKey = process.env[envKeys.apiKey];
   if (!apiKey) {
     return null;
   }
-  const baseUrl = process.env.OPENAI_BASE_URL || "https://api.openai.com/v1";
-  const model = process.env.OPENAI_MODEL || "gpt-4o-mini";
+  const model = process.env.LLM_MODEL || process.env[envKeys.model] || PROVIDER_DEFAULTS[effectiveProvider].model;
+  const baseUrl = process.env.LLM_BASE_URL || process.env[envKeys.baseUrl];
   return {
+    provider: effectiveProvider,
     apiKey,
-    baseUrl,
-    model
+    model,
+    baseUrl
   };
 }
 function buildJSVMPSystemPrompt() {
-  return `\u4F60\u662F\u4E00\u4E2A\u4E13\u4E1A\u7684 JavaScript \u9006\u5411\u5DE5\u7A0B\u4E13\u5BB6\uFF0C\u4E13\u95E8\u8BC6\u522B JSVMP\uFF08JavaScript Virtual Machine Protection\uFF09\u4FDD\u62A4\u4EE3\u7801\u3002
+  return `You are a Senior JavaScript Reverse Engineer and De-obfuscation Expert. Your specialty is analyzing **JSVMP (JavaScript Virtual Machine Protection)**.
+
+**Context: What is JSVMP?**
+JSVMP is a protection technique where original JavaScript code is compiled into custom **bytecode** and executed by a custom **interpreter** (virtual machine) written in JavaScript.
 
-JSVMP \u662F\u4E00\u79CD\u4EE3\u7801\u4FDD\u62A4\u6280\u672F\uFF0C\u5C06 JavaScript \u4EE3\u7801\u8F6C\u6362\u4E3A\u5B57\u8282\u7801\uFF0C\u5E76\u901A\u8FC7\u865A\u62DF\u673A\u6267\u884C\u3002\u5178\u578B\u7279\u5F81\u5305\u62EC\uFF1A
+Key components of JSVMP code include:
+1. **The Virtual Stack:** A central array used to store operands and results (e.g., \`stack[pointer++]\` or \`v[p--]\`).
+2. **The Dispatcher:** A control flow structure inside a loop that decides which instruction to execute next based on the current bytecode (opcode).
+   * *Common variants:* A massive \`switch\` statement, a deeply nested \`if-else\` chain (binary search style), or a function array mapping (\`handlers[opcode]()\`).
+3. **The Bytecode:** A large string or array of integers representing the program logic.
 
-1. **\u865A\u62DF\u6808\uFF08Virtual Stack\uFF09**\uFF1A\u4E2D\u592E\u6570\u7EC4\u7528\u4E8E\u5B58\u50A8\u64CD\u4F5C\u6570\u548C\u7ED3\u679C
-2. **\u5206\u53D1\u5668\uFF08Dispatcher\uFF09**\uFF1A\u5927\u578B switch \u8BED\u53E5\u6216\u5D4C\u5957 if-else \u94FE\uFF0C\u6839\u636E\u6307\u4EE4\u7801\u6267\u884C\u4E0D\u540C\u64CD\u4F5C
-3. **\u6307\u4EE4\u6570\u7EC4\uFF08Instruction Array\uFF09**\uFF1A\u5B58\u50A8\u5B57\u8282\u7801\u6307\u4EE4\u7684\u6570\u7EC4
-4. **\u4E3B\u5FAA\u73AF\uFF08Main Loop\uFF09**\uFF1Awhile \u5FAA\u73AF\u6301\u7EED\u6267\u884C\u6307\u4EE4
+**Task:**
+Analyze the provided JavaScript code snippet to identify regions that match JSVMP structural patterns.
 
-\u68C0\u6D4B\u89C4\u5219\uFF1A
+**Input Data Format:**
+The code is provided in a simplified format: \`LineNo SourceLoc Code\`.
+* **Example:** \`10 L234:56 var x = stack[p++];\`
+* **Instruction:** Focus on the **LineNo** (1st column) and **Code** (3rd column onwards). Ignore the \`SourceLoc\` (middle column).
 
-**Ultra High \u7F6E\u4FE1\u5EA6**\uFF1A
-- \u540C\u65F6\u51FA\u73B0\uFF1A\u4E3B\u5FAA\u73AF + \u5206\u53D1\u5668 + \u6808\u64CD\u4F5C
-- \u5206\u53D1\u5668\u6709 >20 \u4E2A case \u6216 >10 \u5C42\u5D4C\u5957
-- \u660E\u786E\u7684\u6808\u64CD\u4F5C\u6A21\u5F0F\uFF08push/pop/\u6570\u7EC4\u7D22\u5F15\uFF09
+**Detection Rules & Confidence Levels:**
+Please assign confidence based on the following criteria:
 
-**High \u7F6E\u4FE1\u5EA6**\uFF1A
-- \u72EC\u7ACB\u7684\u5927\u578B\u5206\u53D1\u5668\u7ED3\u6784\uFF08>20 case \u7684 switch \u6216 >10 \u5C42\u5D4C\u5957\u7684 if-else\uFF09
-- \u660E\u786E\u7684\u6307\u4EE4\u6570\u7EC4\u548C\u7A0B\u5E8F\u8BA1\u6570\u5668\u6A21\u5F0F
+* **Ultra High:**
+  * A combination of a **Main Loop** + **Dispatcher** + **Stack Operations** appears in the same block.
+  * *Example:* A \`while(true)\` loop containing a huge \`if-else\` chain where branches perform \`stack[p++]\` operations.
 
-**Medium \u7F6E\u4FE1\u5EA6**\uFF1A
-- \u5B64\u7ACB\u7684\u6808\u64CD\u4F5C\u6216\u53EF\u7591\u7684 while \u5FAA\u73AF
-- \u90E8\u5206 JSVMP \u7279\u5F81\u4F46\u4E0D\u5B8C\u6574
+* **High:**
+  * Distinct **Dispatcher** structures found (e.g., a \`switch\` with >20 cases, or an \`if-else\` chain nested >10 levels deep checking integer values).
+  * Large arrays containing only function definitions (Instruction Handlers).
 
-**Low \u7F6E\u4FE1\u5EA6**\uFF1A
-- \u901A\u7528\u6DF7\u6DC6\u6A21\u5F0F
-- \u53EF\u80FD\u76F8\u5173\u4F46\u4E0D\u786E\u5B9A\u7684\u7ED3\u6784
+* **Medium:**
+  * Isolated **Stack Operations** (e.g., \`v2[p2] = v2[p2 - 1]\`) without visible dispatchers nearby.
+  * Suspicious \`while\` loops iterating over a string/array.
 
-\u8BF7\u5206\u6790\u63D0\u4F9B\u7684\u4EE3\u7801\uFF0C\u8BC6\u522B JSVMP \u76F8\u5173\u533A\u57DF\u3002\u8FD4\u56DE JSON \u683C\u5F0F\uFF1A
+* **Low:**
+  * Generic obfuscation patterns (short variable names, comma operators) that *might* be part of a VM but lack specific structural proof.
 
+**Output Format:**
+Return **ONLY valid JSON**. No markdown wrapper, no conversational text.
+
+**JSON Schema:**
 {
-  "summary": "\u5206\u6790\u6458\u8981\uFF08\u4E2D\u6587\uFF09",
+  "summary": "Brief analysis of the code structure in chinese, shortly",
   "regions": [
     {
-      "start": \u8D77\u59CB\u884C\u53F7,
-      "end": \u7ED3\u675F\u884C\u53F7,
-      "type": "If-Else Dispatcher" | "Switch Dispatcher" | "Instruction Array" | "Stack Operation",
-      "confidence": "ultra_high" | "high" | "medium" | "low",
-      "description": "\u8BE6\u7EC6\u63CF\u8FF0\uFF08\u4E2D\u6587\uFF09"
+      "start": <start_line>,
+      "end": <end_line>,
+      "type": "<If-Else Dispatcher | Switch Dispatcher | Instruction Array | Stack Operation>",
+      "confidence": "<ultra_high | high | medium | low>",
+      "description": "<Why you flagged this. Mention specific variables like 'v2', 'p2' or structures. in chinese, shortly>"
     }
   ]
+}`;
 }
-
-\u5982\u679C\u6CA1\u6709\u68C0\u6D4B\u5230 JSVMP \u7279\u5F81\uFF0C\u8FD4\u56DE\u7A7A\u7684 regions \u6570\u7EC4\u3002`;
+function createProviderModel(config) {
+  switch (config.provider) {
+    case "openai": {
+      const openai = createOpenAI({
+        apiKey: config.apiKey,
+        baseURL: config.baseUrl
+      });
+      return openai(config.model);
+    }
+    case "anthropic": {
+      const anthropic = createAnthropic({
+        apiKey: config.apiKey,
+        baseURL: config.baseUrl
+      });
+      return anthropic(config.model);
+    }
+    case "google": {
+      const google = createGoogleGenerativeAI({
+        apiKey: config.apiKey,
+        baseURL: config.baseUrl
+      });
+      return google(config.model);
+    }
+  }
 }
 function createLLMClient(config) {
+  const model = createProviderModel(config);
   return {
     async analyzeJSVMP(formattedCode) {
       const systemPrompt = buildJSVMPSystemPrompt();
-      const requestBody = {
-        model: config.model,
-        messages: [
-          {
-            role: "system",
-            content: systemPrompt
-          },
-          {
-            role: "user",
-            content: `\u8BF7\u5206\u6790\u4EE5\u4E0B\u4EE3\u7801\uFF0C\u8BC6\u522B JSVMP \u4FDD\u62A4\u7ED3\u6784\uFF1A
-
-${formattedCode}`
-          }
-        ],
-        temperature: 0.1,
-        response_format: { type: "json_object" }
-      };
       try {
-        const response = await fetch(`${config.baseUrl}/chat/completions`, {
-          method: "POST",
-          headers: {
-            "Content-Type": "application/json",
-            "Authorization": `Bearer ${config.apiKey}`
-          },
-          body: JSON.stringify(requestBody)
+        const result = await generateText({
+          model,
+          system: systemPrompt,
+          prompt: `\u8BF7\u5206\u6790\u4EE5\u4E0B\u4EE3\u7801\uFF0C\u8BC6\u522B JSVMP \u4FDD\u62A4\u7ED3\u6784\uFF1A
+
+${formattedCode}`,
+          temperature: 0.1
         });
-        if (!response.ok) {
-          const errorText = await response.text();
-          throw new Error(`API \u8BF7\u6C42\u5931\u8D25 (${response.status}): ${errorText}`);
-        }
-        const data = await response.json();
-        if (!data.choices || !data.choices[0] || !data.choices[0].message) {
-          throw new Error("API \u54CD\u5E94\u683C\u5F0F\u65E0\u6548\uFF1A\u7F3A\u5C11 choices \u6216 message \u5B57\u6BB5");
-        }
-        const content = data.choices[0].message.content;
-        if (typeof content !== "string") {
-          throw new Error("API \u54CD\u5E94\u683C\u5F0F\u65E0\u6548\uFF1Amessage.content \u4E0D\u662F\u5B57\u7B26\u4E32");
-        }
-        return content;
+        return result.text;
       } catch (error) {
+        const providerName = config.provider.charAt(0).toUpperCase() + config.provider.slice(1);
         if (error instanceof Error) {
-          throw new Error(`LLM \u8BF7\u6C42\u5931\u8D25: ${error.message}`);
+          throw new Error(`${providerName} LLM \u8BF7\u6C42\u5931\u8D25: ${error.message}`);
         }
-        throw new Error(`LLM \u8BF7\u6C42\u5931\u8D25: ${String(error)}`);
+        throw new Error(`${providerName} LLM \u8BF7\u6C42\u5931\u8D25: ${String(error)}`);
       }
     }
   };
 }
 
+// src/tokenizer.ts
+import { encoding_for_model } from "tiktoken";
+var DEFAULT_MODEL = "gpt-4o";
+function countTokens(text, model) {
+  const enc = encoding_for_model(model ?? DEFAULT_MODEL);
+  try {
+    const tokens = enc.encode(text);
+    return tokens.length;
+  } finally {
+    enc.free();
+  }
+}
+function splitByTokenLimit(lines, maxTokens, model) {
+  if (lines.length === 0) {
+    return [];
+  }
+  if (maxTokens <= 0) {
+    throw new Error("maxTokens must be a positive number");
+  }
+  const batches = [];
+  let currentBatch = [];
+  let currentTokenCount = 0;
+  const enc = encoding_for_model(model ?? DEFAULT_MODEL);
+  try {
+    for (const line of lines) {
+      const lineWithNewline = line + "\n";
+      const lineTokens = enc.encode(lineWithNewline).length;
+      if (lineTokens > maxTokens) {
+        if (currentBatch.length > 0) {
+          batches.push(currentBatch);
+          currentBatch = [];
+          currentTokenCount = 0;
+        }
+        batches.push([line]);
+        continue;
+      }
+      if (currentTokenCount + lineTokens > maxTokens && currentBatch.length > 0) {
+        batches.push(currentBatch);
+        currentBatch = [];
+        currentTokenCount = 0;
+      }
+      currentBatch.push(line);
+      currentTokenCount += lineTokens;
+    }
+    if (currentBatch.length > 0) {
+      batches.push(currentBatch);
+    }
+    return batches;
+  } finally {
+    enc.free();
+  }
+}
+
 // src/jsvmpDetector.ts
 function formatSourcePosition(line, column) {
   if (line !== null && column !== null) {
@@ -143,14 +245,12 @@ function formatCodeLine(lineNumber, sourcePos, code) {
   const srcPosPadded = sourcePos ? sourcePos.padEnd(10, " ") : "          ";
   return `${lineNumStr} ${srcPosPadded} ${code}`;
 }
-async function formatCodeForAnalysis(filePath, startLine, endLine, charLimit = 300) {
+async function formatEntireFile(filePath, charLimit = 300) {
   const beautifyResult = await ensureBeautified(filePath);
   const { code, rawMap } = beautifyResult;
   const truncatedCode = truncateCodeHighPerf(code, charLimit);
-  const lines = truncatedCode.split("\n");
-  const totalLines = lines.length;
-  const effectiveStartLine = Math.max(1, Math.min(totalLines, startLine));
-  const effectiveEndLine = Math.max(effectiveStartLine, Math.min(totalLines, endLine));
+  const codeLines = truncatedCode.split("\n");
+  const totalLines = codeLines.length;
   const formattedLines = [];
   let consumer = null;
   if (rawMap && rawMap.sources && rawMap.names && rawMap.mappings) {
@@ -163,9 +263,9 @@ async function formatCodeForAnalysis(filePath, startLine, endLine, charLimit = 3
       sourceRoot: rawMap.sourceRoot
     });
   }
-  for (let lineNum = effectiveStartLine; lineNum <= effectiveEndLine; lineNum++) {
+  for (let lineNum = 1; lineNum <= totalLines; lineNum++) {
     const lineIndex = lineNum - 1;
-    const lineContent = lines[lineIndex] ?? "";
+    const lineContent = codeLines[lineIndex] ?? "";
     let sourcePos = "";
     if (consumer) {
       const originalPos = consumer.originalPositionFor({
@@ -177,12 +277,35 @@ async function formatCodeForAnalysis(filePath, startLine, endLine, charLimit = 3
     formattedLines.push(formatCodeLine(lineNum, sourcePos, lineContent));
   }
   return {
-    content: formattedLines.join("\n"),
-    totalLines,
-    startLine: effectiveStartLine,
-    endLine: effectiveEndLine
+    lines: formattedLines,
+    totalLines
   };
 }
+function extractLineNumber(formattedLine) {
+  const lineNumStr = formattedLine.substring(0, 5).trim();
+  return parseInt(lineNumStr, 10);
+}
+function createBatches(formattedLines, maxTokensPerBatch) {
+  if (formattedLines.length === 0) {
+    return [];
+  }
+  const lineBatches = splitByTokenLimit(formattedLines, maxTokensPerBatch);
+  const batches = [];
+  for (const batchLines of lineBatches) {
+    if (batchLines.length === 0) continue;
+    const startLine = extractLineNumber(batchLines[0]);
+    const endLine = extractLineNumber(batchLines[batchLines.length - 1]);
+    const content = batchLines.join("\n");
+    const tokenCount = countTokens(content);
+    batches.push({
+      startLine,
+      endLine,
+      content,
+      tokenCount
+    });
+  }
+  return batches;
+}
 var VALID_DETECTION_TYPES = [
   "If-Else Dispatcher",
   "Switch Dispatcher",
@@ -262,10 +385,10 @@ function parseDetectionResult(jsonString) {
     regions: validatedRegions
   };
 }
-function formatDetectionResultOutput(result, filePath, startLine, endLine) {
+function formatDetectionResultOutput(result, filePath, totalLines, batchCount) {
   const lines = [];
   lines.push("=== JSVMP Dispatcher Detection Result ===");
-  lines.push(`File: ${filePath} (${startLine}-${endLine})`);
+  lines.push(`File: ${filePath} (${totalLines} lines, ${batchCount} batch${batchCount > 1 ? "es" : ""})`);
   lines.push("");
   lines.push(`Summary: ${result.summary}`);
   lines.push("");
@@ -281,15 +404,80 @@ function formatDetectionResultOutput(result, filePath, startLine, endLine) {
   }
   return lines.join("\n");
 }
-async function findJsvmpDispatcher(filePath, startLine, endLine, options) {
+function mergeDetectionResults(results) {
+  if (results.length === 0) {
+    return { summary: "", regions: [] };
+  }
+  if (results.length === 1) {
+    const sortedRegions = [...results[0].regions].sort((a, b) => a.start - b.start);
+    return { summary: results[0].summary, regions: sortedRegions };
+  }
+  const summaries = results.map((r, i) => `[Batch ${i + 1}] ${r.summary}`);
+  const combinedSummary = summaries.join("\n");
+  const allRegions = [];
+  for (const result of results) {
+    allRegions.push(...result.regions);
+  }
+  allRegions.sort((a, b) => a.start - b.start);
+  const confidenceOrder = {
+    "ultra_high": 4,
+    "high": 3,
+    "medium": 2,
+    "low": 1
+  };
+  const deduplicatedRegions = [];
+  for (const region of allRegions) {
+    let overlappingIndex = -1;
+    for (let i = 0; i < deduplicatedRegions.length; i++) {
+      const existing = deduplicatedRegions[i];
+      if (region.start <= existing.end && region.end >= existing.start) {
+        overlappingIndex = i;
+        break;
+      }
+    }
+    if (overlappingIndex === -1) {
+      deduplicatedRegions.push(region);
+    } else {
+      const existing = deduplicatedRegions[overlappingIndex];
+      if (confidenceOrder[region.confidence] > confidenceOrder[existing.confidence]) {
+        deduplicatedRegions[overlappingIndex] = region;
+      }
+    }
+  }
+  return {
+    summary: combinedSummary,
+    regions: deduplicatedRegions
+  };
+}
+async function processBatch(client, batch) {
+  const llmResponse = await client.analyzeJSVMP(batch.content);
+  return parseDetectionResult(llmResponse);
+}
+async function processBatchesWithErrorHandling(client, batches) {
+  const results = [];
+  const errors = [];
+  for (let i = 0; i < batches.length; i++) {
+    const batch = batches[i];
+    try {
+      const result = await processBatch(client, batch);
+      results.push(result);
+    } catch (error) {
+      const errorMsg = `Batch ${i + 1} (lines ${batch.startLine}-${batch.endLine}) failed: ${error instanceof Error ? error.message : String(error)}`;
+      errors.push(errorMsg);
+    }
+  }
+  return { results, errors };
+}
+async function findJsvmpDispatcher(filePath, options) {
   const charLimit = options?.charLimit ?? 300;
+  const maxTokensPerBatch = options?.maxTokensPerBatch ?? 8e3;
   const config = getLLMConfig();
   if (!config) {
     return {
       success: false,
       filePath,
-      startLine,
-      endLine,
+      totalLines: 0,
+      batchCount: 0,
       error: "\u672A\u914D\u7F6E LLM\u3002\u8BF7\u8BBE\u7F6E\u73AF\u5883\u53D8\u91CF OPENAI_API_KEY \u4EE5\u542F\u7528 JSVMP dispatcher \u68C0\u6D4B\u529F\u80FD\u3002"
     };
   }
@@ -297,36 +485,45 @@ async function findJsvmpDispatcher(filePath, startLine, endLine, options) {
     return {
       success: false,
       filePath,
-      startLine,
-      endLine,
+      totalLines: 0,
+      batchCount: 0,
       error: `\u6587\u4EF6\u4E0D\u5B58\u5728: ${filePath}`
     };
   }
   try {
-    const formattedCode = await formatCodeForAnalysis(
-      filePath,
-      startLine,
-      endLine,
-      charLimit
-    );
+    const formattedCode = await formatEntireFile(filePath, charLimit);
+    const totalLines = formattedCode.totalLines;
+    const batches = createBatches(formattedCode.lines, maxTokensPerBatch);
+    const batchCount = batches.length;
     const client = createLLMClient(config);
-    const llmResponse = await client.analyzeJSVMP(formattedCode.content);
-    const result = parseDetectionResult(llmResponse);
-    const formattedOutput = formatDetectionResultOutput(result, filePath, startLine, endLine);
+    const { results, errors } = await processBatchesWithErrorHandling(client, batches);
+    if (results.length === 0) {
+      return {
+        success: false,
+        filePath,
+        totalLines,
+        batchCount,
+        error: `\u6240\u6709\u6279\u6B21\u5904\u7406\u5931\u8D25: ${errors.join("; ")}`,
+        partialErrors: errors
+      };
+    }
+    const mergedResult = mergeDetectionResults(results);
+    const formattedOutput = formatDetectionResultOutput(mergedResult, filePath, totalLines, batchCount);
     return {
       success: true,
       filePath,
-      startLine: formattedCode.startLine,
-      endLine: formattedCode.endLine,
-      result,
-      formattedOutput
+      totalLines,
+      batchCount,
+      result: mergedResult,
+      formattedOutput,
+      partialErrors: errors.length > 0 ? errors : void 0
     };
   } catch (error) {
     return {
       success: false,
       filePath,
-      startLine,
-      endLine,
+      totalLines: 0,
+      batchCount: 0,
       error: error instanceof Error ? error.message : String(error)
     };
   }
@@ -335,9 +532,8 @@ async function findJsvmpDispatcher(filePath, startLine, endLine, options) {
 // src/tools/findJsvmpDispatcherTool.ts
 var FindJsvmpDispatcherInputSchema = {
   filePath: z.string().describe("Path to the JavaScript file to analyze"),
-  startLine: z.number().int().positive().describe("Start line number (1-based)"),
-  endLine: z.number().int().positive().describe("End line number (1-based)"),
-  charLimit: z.number().int().positive().optional().describe("Character limit for string truncation (default: 300)")
+  charLimit: z.number().int().positive().optional().describe("Character limit for string truncation (default: 300)"),
+  maxTokensPerBatch: z.number().int().positive().optional().describe("Maximum tokens per batch for LLM analysis (default: 150000)")
 };
 var findJsvmpDispatcherTool = defineTool({
   name: "find_jsvmp_dispatcher",
@@ -349,17 +545,17 @@ JSVMP is a code protection technique that converts JavaScript to bytecode execut
 - Instruction Arrays: Arrays storing bytecode instructions
 - Stack Operations: Virtual stack push/pop patterns
 
+Automatically splits large files into batches based on token limits and merges results.
+
 Returns detection results with confidence levels (ultra_high, high, medium, low) and detailed descriptions.
 
 Requires OPENAI_API_KEY environment variable. Optional: OPENAI_BASE_URL, OPENAI_MODEL.`,
   schema: FindJsvmpDispatcherInputSchema,
   handler: async (params) => {
-    const { filePath, startLine, endLine, charLimit } = params;
-    if (endLine < startLine) {
-      throw new Error("endLine must be >= startLine");
-    }
-    const result = await findJsvmpDispatcher(filePath, startLine, endLine, {
-      charLimit: charLimit ?? 300
+    const { filePath, charLimit, maxTokensPerBatch } = params;
+    const result = await findJsvmpDispatcher(filePath, {
+      charLimit: charLimit ?? 300,
+      maxTokensPerBatch: maxTokensPerBatch ?? 15e4
     });
     if (!result.success) {
       throw new Error(result.error ?? "Detection failed");