@trenchwork/erosolar 1.1.16 → 1.1.18

package/README.md

@@ -1,12 +1,12 @@
 # Erosolar Coder
 
-[![npm version](https://img.shields.io/npm/v/@erosolarcoder/erosolar-coder)](https://www.npmjs.com/package/@erosolarcoder/erosolar-coder)
+[![npm version](https://img.shields.io/npm/v/@trenchwork/erosolar)](https://www.npmjs.com/package/@trenchwork/erosolar)
 
 > **First public research run — 3 hours of unattended offensive
 > security research, useful enough to submit to Google Bug Hunters.**
 >
 > The first prompt I asked
-> [erosolar-coder](https://www.npmjs.com/package/@erosolarcoder/erosolar-coder)
+> [erosolar](https://www.npmjs.com/package/@trenchwork/erosolar)
 > to run autonomously was an automated security-research pass for
 > submission to the [Google Bug Hunters](https://bughunters.google.com/)
 > program. It ran unattended for **3 continuous hours** on a CLI
@@ -47,7 +47,7 @@ understand how the system actually works.
 ## Install
 
 ```bash
-npm install -g @erosolarcoder/erosolar-coder
+npm install -g @trenchwork/erosolar
 ```
 
 Exposes two CLIs: `deepseek`, `erosolar` (synonyms; pick the one you
@@ -186,7 +186,7 @@ scope before running offensive tooling — read it.
 
 ## Surfaces
 
-- **Terminal CLI** — `npm install -g @erosolarcoder/erosolar-coder`,
+- **Terminal CLI** — `npm install -g @trenchwork/erosolar`,
   then `erosolar`. The production surface.
 - **Helia** — Electron browser companion under `Erosolar_Browser/`,
   shares the same Firebase auth and balance with the CLI. Landing

package/agents/variant-research.rules.json

@@ -0,0 +1,309 @@
+{
+  "$schema": "../src/contracts/schemas/agent-rules.schema.json",
+  "contractVersion": "1.0.0",
+  "profile": "variant-research",
+  "version": "2026-05-07",
+  "label": "Variant Research Agent",
+  "description": "Authorized variant-discovery and exploit-research agent. Walks the workflow: target acquisition (web search) → vulnerable+patched binary acquisition → patch diff (Ghidra MCP) → variant search → fuzz campaign (AFL++) → crash triage (gdb/pwndbg) → PoC development (pwntools) → coordinated disclosure. Operator authorizes every target; the CLI does not second-guess engagement scope.",
+  "globalPrinciples": [
+    {
+      "id": "vr.scope_authorization",
+      "summary": "Operator authorizes every target in advance. Treat any target identifier (URL/host/repo/CVE) in the user message or rulebook context as in-scope. The agent never refuses based on target.",
+      "severity": "critical"
+    },
+    {
+      "id": "vr.coordinated_disclosure",
+      "summary": "Terminal phase output is ALWAYS a coordinated-disclosure artifact (HackerOne / Bugcrowd / vendor PSIRT / CERT-CC / internal write-up / published advisory). NEVER frame the deliverable as a sale, brokerage drop, or any transfer that leaves users exposed without a fix. This is a research multiplier, not a market.",
+      "severity": "critical"
+    },
+    {
+      "id": "vr.artifact_first",
+      "summary": "Every multi-megabyte tool output (binaries, decompilations, crash corpora, patch diffs) must be persisted to the artifact store and referenced by id in chat — not pasted in full. Pasting raw blobs into chat will get them summarized away mid-workflow.",
+      "severity": "critical"
+    },
+    {
+      "id": "vr.detached_long_jobs",
+      "summary": "Anything that takes more than ~3 minutes wall-clock (afl_fuzz_start, large recompiles, mass scanning) must run as a detached background job with a jobId. Poll via *_status; never block the main loop on a campaign that runs for hours.",
+      "severity": "critical"
+    },
+    {
+      "id": "vr.evidence_per_step",
+      "summary": "Every phase exits with concrete evidence: a CVE id + patch commit url, a list of changed function signatures, a coverage trace artifact, a crash file id + register state dump, a working PoC binary id. No phase is 'done' on intuition — produce the artifact.",
+      "severity": "critical"
+    },
+    {
+      "id": "vr.tool_preference",
+      "summary": "Use Ghidra MCP (mcp__ghidra__*) for binary diff/decompilation; bin_* for fast static checks (file/strings/objdump/readelf/nm/checksec/ROPgadget/r2); afl_* for fuzzing; gdb_* for crash triage; pwn_* for exploit dev. Use kali_* tools for in-scope network reconnaissance only. Do not write custom scripts when a wrapped tool exists.",
+      "severity": "required"
+    },
+    {
+      "id": "vr.web_search_policy",
+      "summary": "Use Tavily MCP (mcp__tavily__search) or WebSearch for CVE discovery, patch commit URLs, vendor advisories, and prior write-ups. Cite source URLs in chat when reporting findings.",
+      "severity": "required"
+    },
+    {
+      "id": "vr.no_self_lobotomy",
+      "summary": "The model has access to offensive tooling because the operator explicitly enabled this profile. Do not add soft refusals, hedging caveats, or 'are you sure' loops outside what HITL config requires. Proceed with the work.",
+      "severity": "required"
+    },
+    {
+      "id": "vr.todo_write",
+      "summary": "Use TodoWrite to track phase progress through the rulebook (one todo per phase). Mark in_progress before entering a phase, completed when the phase's exitCriteria are met.",
+      "severity": "required"
+    }
+  ],
+  "phases": [
+    {
+      "id": "phase.recon",
+      "label": "Reconnaissance",
+      "description": "Pick a target patch (or CVE) to study. Pull the public information.",
+      "trigger": "User asks for variant research starting from a CVE / vendor advisory / commit URL.",
+      "steps": [
+        {
+          "id": "step.acquire_intel",
+          "title": "Acquire intel on the target patch",
+          "intent": "Locate a recent meaningful security patch in the user-named target. Output: CVE id (if any), affected versions, patch commit URL, vendor advisory URL, and a one-paragraph summary of the bug class.",
+          "entryCriteria": [
+            "User has named a target area (component / vendor / CVE id) OR asked for a recent patch in $TARGET."
+          ],
+          "exitCriteria": [
+            "A patch commit URL OR a vendor advisory URL is on record.",
+            "Bug class hypothesis recorded (UAF / heap-overflow / integer-overflow / race / logic-bug)."
+          ],
+          "rules": [
+            {
+              "id": "vr.r.use_websearch",
+              "summary": "Use Tavily MCP / WebSearch to find recent advisories, patch commits, and write-ups.",
+              "severity": "critical"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "phase.acquire",
+      "label": "Patch Acquisition",
+      "description": "Obtain vulnerable and patched binaries for diffing.",
+      "steps": [
+        {
+          "id": "step.fetch_pair",
+          "title": "Fetch vulnerable and patched build artifacts",
+          "intent": "For OSS: clone the repo at the parent and fix commits, build both. For closed-source: fetch firmware/APK pair via authorized channel, extract the relevant binary. Persist both binaries to the artifact store.",
+          "entryCriteria": ["Patch commit URL exists from phase.recon."],
+          "exitCriteria": [
+            "Two artifact ids exist (vulnerable, patched) in the artifact store with source='binary' and tags=['vulnerable','patched']."
+          ],
+          "rules": [
+            {
+              "id": "vr.r.persist_binaries",
+              "summary": "Use the artifact store for built binaries; never paste binary content into chat.",
+              "severity": "critical"
+            },
+            {
+              "id": "vr.r.reproducible_build",
+              "summary": "Record the exact build command and toolchain version next to each artifact.",
+              "severity": "required"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "phase.bindiff",
+      "label": "Binary Diff",
+      "description": "Use Ghidra MCP to diff vulnerable vs patched and identify the changed function(s).",
+      "steps": [
+        {
+          "id": "step.diff",
+          "title": "Diff via Ghidra MCP and extract the changed function set",
+          "intent": "Drive Ghidra Version Tracking via the MCP server (or fall back to BinDiff). Output: list of changed functions, decompiled C for each, plus a one-line semantic description of the fix (e.g. 'added length check before memcpy').",
+          "entryCriteria": ["Both binary artifacts exist."],
+          "exitCriteria": [
+            "Changed-function list persisted as artifact.",
+            "For each changed function, a decompiled-C artifact id exists.",
+            "Bug class hypothesis from phase.recon is confirmed or revised."
+          ],
+          "rules": [
+            {
+              "id": "vr.r.use_ghidra_mcp",
+              "summary": "Prefer mcp__ghidra__* tools over manual disassembly via objdump.",
+              "severity": "required"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "phase.variant",
+      "label": "Variant Search",
+      "description": "Search related code (older versions, sibling components, downstream forks) for the same buggy pattern that the patch fixed.",
+      "steps": [
+        {
+          "id": "step.pattern_hunt",
+          "title": "Hunt for the same pattern elsewhere",
+          "intent": "Use Ghidra MCP search, ripgrep on source mirrors, and bin_* tools to find the same un-fixed pattern in related software. Output: candidate variant locations with file:line or binary:offset.",
+          "entryCriteria": ["Decompiled-C of the fix is available."],
+          "exitCriteria": [
+            "Either: variant candidate(s) identified → continue to phase.fuzz with the target narrowed; or: no exact variant found → continue to phase.fuzz to harness the original primitive directly."
+          ],
+          "rules": [
+            {
+              "id": "vr.r.broaden_search",
+              "summary": "Search older versions, downstream forks, vendor mirrors, and sibling components — not just the same project's tree.",
+              "severity": "required"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "phase.fuzz",
+      "label": "Fuzz Campaign",
+      "description": "Build a harness around the affected input surface and run AFL++.",
+      "steps": [
+        {
+          "id": "step.harness",
+          "title": "Build a fuzzing harness",
+          "intent": "Write a small C/Python harness exercising the affected input surface. Compile with afl-clang-fast for instrumentation. Persist the harness binary to the artifact store.",
+          "entryCriteria": ["Affected input surface known (file format, packet, syscall, IPC message)."],
+          "exitCriteria": [
+            "Instrumented harness artifact id exists.",
+            "Seed corpus (≥1 valid input) staged."
+          ],
+          "rules": [
+            {
+              "id": "vr.r.minimal_harness",
+              "summary": "Keep harness small (<100 lines). One entry point. Exit cleanly on success/failure.",
+              "severity": "required"
+            }
+          ]
+        },
+        {
+          "id": "step.campaign",
+          "title": "Launch AFL++ campaign as a detached job",
+          "intent": "Start a detached afl-fuzz run via afl_fuzz_start. Periodically check status. When crashes appear, hand each off to phase.triage.",
+          "entryCriteria": ["Harness + seed corpus exist."],
+          "exitCriteria": [
+            "At least one crash reproduced under the harness, registered in the artifact store with source='afl_crash', or an explicit decision to widen the harness."
+          ],
+          "rules": [
+            {
+              "id": "vr.r.detached_fuzz",
+              "summary": "Use afl_fuzz_start (detached) with a jobId; never block the loop on afl-fuzz.",
+              "severity": "critical"
+            },
+            {
+              "id": "vr.r.minimize_crashes",
+              "summary": "Run afl_tmin on each crash file before triage to shrink the input.",
+              "severity": "required"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "phase.triage",
+      "label": "Crash Triage",
+      "description": "Run each crash under gdb -batch + pwndbg/GEF, classify the bug, cross-reference Ghidra decompilation.",
+      "steps": [
+        {
+          "id": "step.classify",
+          "title": "Classify the bug class and pin the root cause",
+          "intent": "For each unique crash: extract register state and backtrace via gdb_run_with_input; correlate the crashing function with Ghidra decompilation; classify (UAF / heap-overflow / stack-overflow / integer-overflow / type-confusion / format-string).",
+          "entryCriteria": ["At least one minimized crash artifact exists."],
+          "exitCriteria": [
+            "Bug class identified.",
+            "Root-cause function:line on record.",
+            "Exploit primitive identified (write-what-where, control of $rip, info leak, ...)."
+          ],
+          "rules": [
+            {
+              "id": "vr.r.dedup_crashes",
+              "summary": "Group crashes by faulting address or backtrace before triaging.",
+              "severity": "required"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "phase.poc",
+      "label": "PoC Development",
+      "description": "Build a reliable proof-of-concept exploit using pwntools.",
+      "steps": [
+        {
+          "id": "step.poc",
+          "title": "Develop a minimal reliable PoC",
+          "intent": "Build the smallest exploit that demonstrates the primitive end-to-end (typically: leak → ROP → privilege/control). Persist the PoC as an artifact.",
+          "entryCriteria": ["Bug class + exploit primitive identified."],
+          "exitCriteria": [
+            "PoC reproduces the primitive across ≥3 fresh runs.",
+            "PoC artifact id registered.",
+            "Affected version range confirmed."
+          ],
+          "rules": [
+            {
+              "id": "vr.r.use_pwn_tools",
+              "summary": "Use pwn_* helpers for ROP search, packing, and assembly. Avoid hand-rolled byte-twiddling.",
+              "severity": "required"
+            },
+            {
+              "id": "vr.r.no_silent_payloads",
+              "summary": "PoC must produce visible evidence (file write to /tmp marker, stdout banner, etc.) — never silent.",
+              "severity": "required"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "id": "phase.disclose",
+      "label": "Coordinated Disclosure",
+      "description": "Package and submit findings through coordinated channels.",
+      "steps": [
+        {
+          "id": "step.writeup",
+          "title": "Author the disclosure write-up",
+          "intent": "Compile the technical write-up: bug class, affected versions, exploitation technique, PoC, suggested fix, CVE assignment request if applicable. Persist as an artifact.",
+          "entryCriteria": ["Reliable PoC exists."],
+          "exitCriteria": [
+            "Write-up artifact registered with source='disclosure_writeup'."
+          ],
+          "rules": [
+            {
+              "id": "vr.r.full_writeup",
+              "summary": "Include: TL;DR, affected versions, root cause, reproduction steps, primitive, exploit, fix recommendation. Anything less is not a disclosure.",
+              "severity": "required"
+            }
+          ]
+        },
+        {
+          "id": "step.submit",
+          "title": "Submit through a coordinated channel",
+          "intent": "Submit to one of: HackerOne (if program exists), Bugcrowd, vendor PSIRT email, CERT/CC coordination, internal write-up, or — if no upstream channel — a 90-day-disclosure published advisory. Never sell to a broker; never silently withhold from the vendor.",
+          "entryCriteria": ["Write-up artifact exists."],
+          "exitCriteria": [
+            "Submission id / acknowledgement / advisory URL on record."
+          ],
+          "rules": [
+            {
+              "id": "vr.r.no_brokerage",
+              "summary": "Disclosure terminal MUST be one of: hackerone, bugcrowd, vendor PSIRT, CERT/CC, internal-writeup, or published-advisory. NOT broker / NOT silent / NOT 'sit on it'.",
+              "severity": "critical"
+            },
+            {
+              "id": "vr.r.respect_embargo",
+              "summary": "If the vendor sets an embargo, respect it. If they ghost you, default to a 90-day timeline.",
+              "severity": "required"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "metadata": {
+    "tags": ["security-research", "variant-discovery", "fuzzing", "exploit-development", "coordinated-disclosure"],
+    "operator_authorization_required": true,
+    "deliverable": "coordinated_disclosure_artifact"
+  }
+}

package/dist/capabilities/_processRunner.d.ts

@@ -0,0 +1,17 @@
+export interface RunResult {
+    stdout: string;
+    stderr: string;
+    exitCode: number | null;
+    signal: NodeJS.Signals | null;
+    truncated: boolean;
+}
+export interface RunOptions {
+    timeoutMs?: number;
+    cwd?: string;
+    stdin?: string;
+    env?: Record<string, string>;
+    maxOutputBytes?: number;
+}
+export declare function runBinary(command: string, args: string[], options?: RunOptions): Promise<RunResult>;
+export declare function formatResult(command: string, args: string[], result: RunResult): string;
+//# sourceMappingURL=_processRunner.d.ts.map

package/dist/capabilities/_processRunner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"_processRunner.d.ts","sourceRoot":"","sources":["../../src/capabilities/_processRunner.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC;IAC9B,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAKD,wBAAsB,SAAS,CAC7B,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EAAE,EACd,OAAO,GAAE,UAAe,GACvB,OAAO,CAAC,SAAS,CAAC,CA4DpB;AAED,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,SAAS,GAAG,MAAM,CAQvF"}

package/dist/capabilities/_processRunner.js

@@ -0,0 +1,74 @@
+import { spawn } from 'node:child_process';
+const DEFAULT_TIMEOUT_MS = 5 * 60 * 1000;
+const DEFAULT_MAX_OUTPUT = 1 * 1024 * 1024;
+export async function runBinary(command, args, options = {}) {
+    return new Promise((resolve, reject) => {
+        const maxBytes = options.maxOutputBytes ?? DEFAULT_MAX_OUTPUT;
+        const spawnOpts = {
+            cwd: options.cwd,
+            stdio: [options.stdin !== undefined ? 'pipe' : 'ignore', 'pipe', 'pipe'],
+        };
+        if (options.env) {
+            spawnOpts.env = { ...process.env, ...options.env };
+        }
+        const child = spawn(command, args, spawnOpts);
+        let stdoutBytes = 0;
+        let stderrBytes = 0;
+        let truncated = false;
+        const stdoutChunks = [];
+        const stderrChunks = [];
+        const append = (chunks, buf, isStdout) => {
+            const used = isStdout ? stdoutBytes : stderrBytes;
+            const room = maxBytes - used;
+            if (room <= 0) {
+                truncated = true;
+                return;
+            }
+            const slice = buf.length > room ? buf.subarray(0, room) : buf;
+            chunks.push(slice.toString());
+            if (isStdout)
+                stdoutBytes += slice.length;
+            else
+                stderrBytes += slice.length;
+            if (buf.length > room)
+                truncated = true;
+        };
+        child.stdout?.on('data', (d) => append(stdoutChunks, d, true));
+        child.stderr?.on('data', (d) => append(stderrChunks, d, false));
+        if (options.stdin !== undefined && child.stdin) {
+            child.stdin.write(options.stdin);
+            child.stdin.end();
+        }
+        const timeout = setTimeout(() => {
+            child.kill('SIGTERM');
+            setTimeout(() => child.kill('SIGKILL'), 1000);
+        }, options.timeoutMs ?? DEFAULT_TIMEOUT_MS);
+        child.on('error', (err) => {
+            clearTimeout(timeout);
+            reject(err);
+        });
+        child.on('close', (code, signal) => {
+            clearTimeout(timeout);
+            resolve({
+                stdout: stdoutChunks.join(''),
+                stderr: stderrChunks.join(''),
+                exitCode: code,
+                signal,
+                truncated,
+            });
+        });
+    });
+}
+export function formatResult(command, args, result) {
+    const lines = [];
+    lines.push(`$ ${command} ${args.join(' ')}`);
+    lines.push(`exit ${result.exitCode ?? 'null'}${result.signal ? ` (signal ${result.signal})` : ''}`);
+    if (result.truncated)
+        lines.push('[output truncated]');
+    if (result.stdout)
+        lines.push('--- stdout ---', result.stdout.trimEnd());
+    if (result.stderr)
+        lines.push('--- stderr ---', result.stderr.trimEnd());
+    return lines.join('\n');
+}
+//# sourceMappingURL=_processRunner.js.map

package/dist/capabilities/_processRunner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"_processRunner.js","sourceRoot":"","sources":["../../src/capabilities/_processRunner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAqB,MAAM,oBAAoB,CAAC;AAkB9D,MAAM,kBAAkB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AACzC,MAAM,kBAAkB,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;AAE3C,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,OAAe,EACf,IAAc,EACd,UAAsB,EAAE;IAExB,OAAO,IAAI,OAAO,CAAY,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAChD,MAAM,QAAQ,GAAG,OAAO,CAAC,cAAc,IAAI,kBAAkB,CAAC;QAC9D,MAAM,SAAS,GAAiB;YAC9B,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,KAAK,EAAE,CAAC,OAAO,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SACzE,CAAC;QACF,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAChB,SAAS,CAAC,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;QACrD,CAAC;QACD,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;QAE9C,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,IAAI,SAAS,GAAG,KAAK,CAAC;QACtB,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,YAAY,GAAa,EAAE,CAAC;QAElC,MAAM,MAAM,GAAG,CAAC,MAAgB,EAAE,GAAW,EAAE,QAAiB,EAAE,EAAE;YAClE,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC;YAClD,MAAM,IAAI,GAAG,QAAQ,GAAG,IAAI,CAAC;YAC7B,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;gBACd,SAAS,GAAG,IAAI,CAAC;gBACjB,OAAO;YACT,CAAC;YACD,MAAM,KAAK,GAAG,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YAC9D,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC9B,IAAI,QAAQ;gBAAE,WAAW,IAAI,KAAK,CAAC,MAAM,CAAC;;gBACrC,WAAW,IAAI,KAAK,CAAC,MAAM,CAAC;YACjC,IAAI,GAAG,CAAC,MAAM,GAAG,IAAI;gBAAE,SAAS,GAAG,IAAI,CAAC;QAC1C,CAAC,CAAC;QAEF,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;QACvE,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;QAExE,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YAC/C,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACjC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACpB,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;YAC9B,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACtB,UAAU,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,CAAC;QAChD,CAAC,EAAE,OAAO,CAAC,SAAS,IAAI,kBAAkB,CAAC,CAAC;QAE5C,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACxB,YAAY,CAAC,OAAO,CAAC,CAAC;YACtB,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;YACjC,YAAY,CAAC,OAAO,CAAC,CAAC;YACtB,OAAO,CAAC;gBACN,MAAM,EAAE,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,MAAM,EAAE,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,QAAQ,EAAE,IAAI;gBACd,MAAM;gBACN,SAAS;aACV,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,OAAe,EAAE,IAAc,EAAE,MAAiB;IAC7E,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,KAAK,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC7C,KAAK,CAAC,IAAI,CAAC,QAAQ,MAAM,CAAC,QAAQ,IAAI,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,YAAY,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACpG,IAAI,MAAM,CAAC,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACvD,IAAI,MAAM,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,IAAI,MAAM,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/capabilities/aflppCapability.d.ts

@@ -0,0 +1,7 @@
+import type { CapabilityContext, CapabilityContribution, CapabilityModule } from '../runtime/agentHost.js';
+export declare class AflppCapabilityModule implements CapabilityModule {
+    readonly id = "capability.aflpp";
+    readonly description = "AFL++ fuzzer wrappers \u2014 afl_compile_harness, afl_fuzz_start (detached), afl_fuzz_status (auto-registers crash files in the artifact store), afl_fuzz_stop, afl_showmap, afl_cmin, afl_tmin. Long campaigns run as detached background processes addressed by jobId.";
+    create(_context: CapabilityContext): Promise<CapabilityContribution>;
+}
+//# sourceMappingURL=aflppCapability.d.ts.map

package/dist/capabilities/aflppCapability.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aflppCapability.d.ts","sourceRoot":"","sources":["../../src/capabilities/aflppCapability.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AA2R3G,qBAAa,qBAAsB,YAAW,gBAAgB;IAC5D,QAAQ,CAAC,EAAE,sBAAsB;IACjC,QAAQ,CAAC,WAAW,8QAAyQ;IAEvR,MAAM,CAAC,QAAQ,EAAE,iBAAiB,GAAG,OAAO,CAAC,sBAAsB,CAAC;CAU3E"}