npm - @vulcn/engine - Versions diffs - 0.1.0 → 0.2.0 - Mend

@vulcn/engine 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/index.js CHANGED Viewed

@@ -188,16 +188,347 @@ async function checkBrowsers() {
   return results;
 }
+// plugin-manager.ts
+import { readFile } from "fs/promises";
+import { existsSync } from "fs";
+import { resolve, isAbsolute } from "path";
+import YAML from "yaml";
+import { z as z2 } from "zod";
+// plugin-types.ts
+var PLUGIN_API_VERSION = 1;
+// plugin-manager.ts
+var ENGINE_VERSION = "0.2.0";
+var VulcnConfigSchema = z2.object({
+  version: z2.string().default("1"),
+  plugins: z2.array(
+    z2.object({
+      name: z2.string(),
+      config: z2.record(z2.unknown()).optional(),
+      enabled: z2.boolean().default(true)
+    })
+  ).optional(),
+  settings: z2.object({
+    browser: z2.enum(["chromium", "firefox", "webkit"]).optional(),
+    headless: z2.boolean().optional(),
+    timeout: z2.number().optional()
+  }).optional()
+});
+var PluginManager = class {
+  plugins = [];
+  config = null;
+  initialized = false;
+  /**
+   * Shared context passed to all plugins
+   */
+  sharedPayloads = [];
+  sharedFindings = [];
+  /**
+   * Load configuration from vulcn.config.yml
+   */
+  async loadConfig(configPath) {
+    const paths = configPath ? [configPath] : [
+      "vulcn.config.yml",
+      "vulcn.config.yaml",
+      "vulcn.config.json",
+      ".vulcnrc.yml",
+      ".vulcnrc.yaml",
+      ".vulcnrc.json"
+    ];
+    for (const path of paths) {
+      const resolved = isAbsolute(path) ? path : resolve(process.cwd(), path);
+      if (existsSync(resolved)) {
+        const content = await readFile(resolved, "utf-8");
+        const parsed = path.endsWith(".json") ? JSON.parse(content) : YAML.parse(content);
+        this.config = VulcnConfigSchema.parse(parsed);
+        return this.config;
+      }
+    }
+    this.config = { version: "1", plugins: [], settings: {} };
+    return this.config;
+  }
+  /**
+   * Load all plugins from config
+   */
+  async loadPlugins() {
+    if (!this.config) {
+      await this.loadConfig();
+    }
+    const pluginConfigs = this.config?.plugins || [];
+    for (const pluginConfig of pluginConfigs) {
+      if (pluginConfig.enabled === false) continue;
+      try {
+        const loaded = await this.loadPlugin(pluginConfig);
+        this.plugins.push(loaded);
+      } catch (err) {
+        console.error(
+          `Failed to load plugin ${pluginConfig.name}:`,
+          err instanceof Error ? err.message : String(err)
+        );
+      }
+    }
+  }
+  /**
+   * Load a single plugin
+   */
+  async loadPlugin(config) {
+    const { name, config: pluginConfig = {} } = config;
+    let plugin;
+    let source;
+    if (name.startsWith("./") || name.startsWith("../") || isAbsolute(name)) {
+      const resolved = isAbsolute(name) ? name : resolve(process.cwd(), name);
+      const module = await import(resolved);
+      plugin = module.default || module;
+      source = "local";
+    } else if (name.startsWith("@vulcn/")) {
+      const module = await import(name);
+      plugin = module.default || module;
+      source = "npm";
+    } else {
+      const module = await import(name);
+      plugin = module.default || module;
+      source = "npm";
+    }
+    this.validatePlugin(plugin);
+    let resolvedConfig = pluginConfig;
+    if (plugin.configSchema) {
+      try {
+        resolvedConfig = plugin.configSchema.parse(pluginConfig);
+      } catch (err) {
+        throw new Error(
+          `Invalid config for plugin ${name}: ${err instanceof Error ? err.message : String(err)}`
+        );
+      }
+    }
+    return {
+      plugin,
+      config: resolvedConfig,
+      source,
+      enabled: true
+    };
+  }
+  /**
+   * Validate plugin structure
+   */
+  validatePlugin(plugin) {
+    if (!plugin || typeof plugin !== "object") {
+      throw new Error("Plugin must be an object");
+    }
+    const p = plugin;
+    if (typeof p.name !== "string" || !p.name) {
+      throw new Error("Plugin must have a name");
+    }
+    if (typeof p.version !== "string" || !p.version) {
+      throw new Error("Plugin must have a version");
+    }
+    const apiVersion = p.apiVersion || 1;
+    if (apiVersion > PLUGIN_API_VERSION) {
+      throw new Error(
+        `Plugin requires API version ${apiVersion}, but engine supports ${PLUGIN_API_VERSION}`
+      );
+    }
+  }
+  /**
+   * Add a plugin programmatically (for testing or dynamic loading)
+   */
+  addPlugin(plugin, config = {}) {
+    this.validatePlugin(plugin);
+    this.plugins.push({
+      plugin,
+      config,
+      source: "custom",
+      enabled: true
+    });
+  }
+  /**
+   * Initialize all plugins (call onInit hooks)
+   */
+  async initialize() {
+    if (this.initialized) return;
+    for (const loaded of this.plugins) {
+      if (loaded.plugin.payloads) {
+        const payloads = typeof loaded.plugin.payloads === "function" ? await loaded.plugin.payloads() : loaded.plugin.payloads;
+        this.sharedPayloads.push(...payloads);
+      }
+    }
+    await this.callHook("onInit", (hook, ctx) => hook(ctx));
+    this.initialized = true;
+  }
+  /**
+   * Destroy all plugins (call onDestroy hooks)
+   */
+  async destroy() {
+    await this.callHook("onDestroy", (hook, ctx) => hook(ctx));
+    this.plugins = [];
+    this.sharedPayloads = [];
+    this.sharedFindings = [];
+    this.initialized = false;
+  }
+  /**
+   * Get all loaded payloads
+   */
+  getPayloads() {
+    return this.sharedPayloads;
+  }
+  /**
+   * Get all collected findings
+   */
+  getFindings() {
+    return this.sharedFindings;
+  }
+  /**
+   * Add a finding (used by detectors)
+   */
+  addFinding(finding) {
+    this.sharedFindings.push(finding);
+  }
+  /**
+   * Add payloads (used by loaders)
+   */
+  addPayloads(payloads) {
+    this.sharedPayloads.push(...payloads);
+  }
+  /**
+   * Clear findings (for new run)
+   */
+  clearFindings() {
+    this.sharedFindings = [];
+  }
+  /**
+   * Get loaded plugins
+   */
+  getPlugins() {
+    return this.plugins;
+  }
+  /**
+   * Check if a plugin is loaded by name
+   */
+  hasPlugin(name) {
+    return this.plugins.some((p) => p.plugin.name === name);
+  }
+  /**
+   * Create base context for plugins
+   */
+  createContext(pluginConfig) {
+    const engineInfo = {
+      version: ENGINE_VERSION,
+      pluginApiVersion: PLUGIN_API_VERSION
+    };
+    return {
+      config: pluginConfig,
+      engine: engineInfo,
+      payloads: this.sharedPayloads,
+      findings: this.sharedFindings,
+      logger: this.createLogger("plugin"),
+      fetch: globalThis.fetch
+    };
+  }
+  /**
+   * Create scoped logger for a plugin
+   */
+  createLogger(name) {
+    const prefix = `[${name}]`;
+    return {
+      debug: (msg, ...args) => console.debug(prefix, msg, ...args),
+      info: (msg, ...args) => console.info(prefix, msg, ...args),
+      warn: (msg, ...args) => console.warn(prefix, msg, ...args),
+      error: (msg, ...args) => console.error(prefix, msg, ...args)
+    };
+  }
+  /**
+   * Call a hook on all plugins sequentially
+   */
+  async callHook(hookName, executor) {
+    for (const loaded of this.plugins) {
+      const hook = loaded.plugin.hooks?.[hookName];
+      if (hook) {
+        const ctx = this.createContext(loaded.config);
+        ctx.logger = this.createLogger(loaded.plugin.name);
+        try {
+          await executor(hook, ctx);
+        } catch (err) {
+          console.error(
+            `Error in plugin ${loaded.plugin.name}.${hookName}:`,
+            err instanceof Error ? err.message : String(err)
+          );
+        }
+      }
+    }
+  }
+  /**
+   * Call a hook and collect results
+   */
+  async callHookCollect(hookName, executor) {
+    const results = [];
+    for (const loaded of this.plugins) {
+      const hook = loaded.plugin.hooks?.[hookName];
+      if (hook) {
+        const ctx = this.createContext(loaded.config);
+        ctx.logger = this.createLogger(loaded.plugin.name);
+        try {
+          const result = await executor(
+            hook,
+            ctx
+          );
+          if (result !== null && result !== void 0) {
+            if (Array.isArray(result)) {
+              results.push(...result);
+            } else {
+              results.push(result);
+            }
+          }
+        } catch (err) {
+          console.error(
+            `Error in plugin ${loaded.plugin.name}.${hookName}:`,
+            err instanceof Error ? err.message : String(err)
+          );
+        }
+      }
+    }
+    return results;
+  }
+  /**
+   * Call a hook that transforms a value through the pipeline
+   */
+  async callHookPipe(hookName, initial, executor) {
+    let value = initial;
+    for (const loaded of this.plugins) {
+      const hook = loaded.plugin.hooks?.[hookName];
+      if (hook) {
+        const ctx = this.createContext(loaded.config);
+        ctx.logger = this.createLogger(loaded.plugin.name);
+        try {
+          value = await executor(
+            hook,
+            value,
+            ctx
+          );
+        } catch (err) {
+          console.error(
+            `Error in plugin ${loaded.plugin.name}.${hookName}:`,
+            err instanceof Error ? err.message : String(err)
+          );
+        }
+      }
+    }
+    return value;
+  }
+};
+var pluginManager = new PluginManager();
 // recorder.ts
 var Recorder = class _Recorder {
   /**
    * Start a new recording session
    * Opens a browser window for the user to interact with
    */
-  static async start(startUrl, options = {}) {
+  static async start(startUrl, options = {}, config = {}) {
+    const manager = config.pluginManager ?? pluginManager;
     const browserType = options.browser ?? "chromium";
     const viewport = options.viewport ?? { width: 1280, height: 720 };
     const headless = options.headless ?? false;
+    await manager.initialize();
     const { browser } = await launchBrowser({
       browser: browserType,
       headless
@@ -218,18 +549,61 @@ var Recorder = class _Recorder {
       stepCounter++;
       return `step_${String(stepCounter).padStart(3, "0")}`;
     };
-    steps.push({
+    const baseRecordContext = {
+      startUrl,
+      browser: browserType,
+      page,
+      engine: { version: "0.2.0", pluginApiVersion: 1 },
+      payloads: manager.getPayloads(),
+      findings: manager.getFindings(),
+      logger: {
+        debug: console.debug.bind(console),
+        info: console.info.bind(console),
+        warn: console.warn.bind(console),
+        error: console.error.bind(console)
+      },
+      fetch: globalThis.fetch
+    };
+    await manager.callHook("onRecordStart", async (hook, ctx) => {
+      const recordCtx = { ...baseRecordContext, ...ctx };
+      await hook(recordCtx);
+    });
+    const initialStep = {
       id: generateStepId(),
       type: "navigate",
       url: startUrl,
       timestamp: 0
-    });
-    _Recorder.attachListeners(page, steps, startTime, generateStepId);
+    };
+    const transformedInitialStep = await _Recorder.transformStep(
+      initialStep,
+      manager,
+      baseRecordContext
+    );
+    if (transformedInitialStep) {
+      steps.push(transformedInitialStep);
+    }
+    _Recorder.attachListeners(
+      page,
+      steps,
+      startTime,
+      generateStepId,
+      manager,
+      baseRecordContext
+    );
     return {
       async stop() {
         session.steps = steps;
+        let finalSession = session;
+        for (const loaded of manager.getPlugins()) {
+          const hook = loaded.plugin.hooks?.onRecordEnd;
+          if (hook) {
+            const ctx = manager.createContext(loaded.config);
+            const recordCtx = { ...baseRecordContext, ...ctx };
+            finalSession = await hook(finalSession, recordCtx);
+          }
+        }
         await browser.close();
-        return session;
+        return finalSession;
       },
       getSteps() {
         return [...steps];
@@ -239,8 +613,34 @@ var Recorder = class _Recorder {
       }
     };
   }
-  static attachListeners(page, steps, startTime, generateStepId) {
+  /**
+   * Transform a step through plugin hooks
+   * Returns null if the step should be filtered out
+   */
+  static async transformStep(step, manager, baseContext) {
+    let transformedStep = step;
+    for (const loaded of manager.getPlugins()) {
+      const hook = loaded.plugin.hooks?.onRecordStep;
+      if (hook) {
+        const ctx = manager.createContext(loaded.config);
+        const recordCtx = { ...baseContext, ...ctx };
+        transformedStep = await hook(transformedStep, recordCtx);
+      }
+    }
+    return transformedStep;
+  }
+  static attachListeners(page, steps, startTime, generateStepId, manager, baseContext) {
     const getTimestamp = () => Date.now() - startTime;
+    const addStep = async (step) => {
+      const transformed = await _Recorder.transformStep(
+        step,
+        manager,
+        baseContext
+      );
+      if (transformed) {
+        steps.push(transformed);
+      }
+    };
     page.on("framenavigated", (frame) => {
       if (frame === page.mainFrame()) {
         const url = frame.url();
@@ -248,7 +648,7 @@ var Recorder = class _Recorder {
         if (steps.length > 0 && lastStep.type === "navigate" && lastStep.url === url) {
           return;
         }
-        steps.push({
+        addStep({
           id: generateStepId(),
           type: "navigate",
           url,
@@ -258,12 +658,12 @@ var Recorder = class _Recorder {
     });
     page.exposeFunction(
       "__vulcn_record",
-      (event) => {
+      async (event) => {
         const timestamp = getTimestamp();
         switch (event.type) {
           case "click": {
             const data = event.data;
-            steps.push({
+            await addStep({
               id: generateStepId(),
               type: "click",
               selector: data.selector,
@@ -274,7 +674,7 @@ var Recorder = class _Recorder {
           }
           case "input": {
             const data = event.data;
-            steps.push({
+            await addStep({
               id: generateStepId(),
               type: "input",
               selector: data.selector,
@@ -286,7 +686,7 @@ var Recorder = class _Recorder {
           }
           case "keypress": {
             const data = event.data;
-            steps.push({
+            await addStep({
               id: generateStepId(),
               type: "keypress",
               key: data.key,
@@ -423,163 +823,156 @@ var Recorder = class _Recorder {
   }
 };
-// payloads.ts
-var BUILTIN_PAYLOADS = {
-  "xss-basic": {
-    name: "xss-basic",
-    category: "xss",
-    description: "Basic XSS payloads with script tags and event handlers",
-    payloads: [
-      '<script>alert("XSS")</script>',
-      '<img src=x onerror=alert("XSS")>',
-      '"><script>alert("XSS")</script>',
-      "javascript:alert('XSS')",
-      '<svg onload=alert("XSS")>'
-    ],
-    detectPatterns: [
-      /<script[^>]*>alert\(/i,
-      /onerror\s*=\s*alert\(/i,
-      /onload\s*=\s*alert\(/i,
-      /javascript:alert\(/i
-    ]
-  },
-  "xss-event": {
-    name: "xss-event",
-    category: "xss",
-    description: "XSS via event handlers",
-    payloads: [
-      '" onfocus="alert(1)" autofocus="',
-      "' onmouseover='alert(1)'",
-      '<body onload=alert("XSS")>',
-      "<input onfocus=alert(1) autofocus>",
-      "<marquee onstart=alert(1)>"
-    ],
-    detectPatterns: [
-      /onfocus\s*=\s*["']?alert/i,
-      /onmouseover\s*=\s*["']?alert/i,
-      /onload\s*=\s*["']?alert/i,
-      /onstart\s*=\s*["']?alert/i
-    ]
-  },
-  "xss-svg": {
-    name: "xss-svg",
-    category: "xss",
-    description: "XSS via SVG elements",
-    payloads: [
-      '<svg/onload=alert("XSS")>',
-      "<svg><script>alert(1)</script></svg>",
-      "<svg><animate onbegin=alert(1)>",
-      "<svg><set onbegin=alert(1)>"
-    ],
-    detectPatterns: [
-      /<svg[^>]*onload\s*=/i,
-      /<svg[^>]*>.*<script>/i,
-      /onbegin\s*=\s*alert/i
-    ]
-  },
-  "sqli-basic": {
-    name: "sqli-basic",
-    category: "sqli",
-    description: "Basic SQL injection payloads",
-    payloads: [
-      "' OR '1'='1",
-      "' OR '1'='1' --",
-      "1' OR '1'='1",
-      "admin'--",
-      "' UNION SELECT NULL--"
-    ],
-    detectPatterns: [
-      /sql.*syntax/i,
-      /mysql.*error/i,
-      /ORA-\d{5}/i,
-      /pg_query/i,
-      /sqlite.*error/i,
-      /unclosed.*quotation/i
-    ]
-  },
-  "sqli-error": {
-    name: "sqli-error",
-    category: "sqli",
-    description: "SQL injection payloads to trigger errors",
-    payloads: ["'", "''", "`", '"', "')", `'"`, "1' AND '1'='2", "1 AND 1=2"],
-    detectPatterns: [
-      /sql.*syntax/i,
-      /mysql.*error/i,
-      /ORA-\d{5}/i,
-      /postgresql.*error/i,
-      /sqlite.*error/i,
-      /quoted.*string.*properly.*terminated/i
-    ]
-  },
-  "sqli-blind": {
-    name: "sqli-blind",
-    category: "sqli",
-    description: "Blind SQL injection payloads",
-    payloads: [
-      "1' AND SLEEP(5)--",
-      "1; WAITFOR DELAY '0:0:5'--",
-      "1' AND (SELECT COUNT(*) FROM information_schema.tables)>0--"
-    ],
-    detectPatterns: [
-      // Blind SQLi is detected by timing, not content
-    ]
-  }
-};
-function getPayload(name) {
-  return BUILTIN_PAYLOADS[name];
-}
-function getPayloadNames() {
-  return Object.keys(BUILTIN_PAYLOADS);
-}
-function getPayloadsByCategory(category) {
-  return Object.values(BUILTIN_PAYLOADS).filter((p) => p.category === category);
-}
 // runner.ts
 var Runner = class _Runner {
   /**
-   * Execute a session with security payloads
+   * Execute a session with security payloads from plugins
+   *
+   * @param session - The recorded session to replay
+   * @param options - Runner configuration
+   * @param config - Plugin manager configuration
    */
-  static async execute(session, payloadNames, options = {}) {
+  static async execute(session, options = {}, config = {}) {
+    const manager = config.pluginManager ?? pluginManager;
     const browserType = options.browser ?? session.browser ?? "chromium";
     const headless = options.headless ?? true;
     const startTime = Date.now();
-    const findings = [];
     const errors = [];
     let payloadsTested = 0;
+    await manager.initialize();
+    manager.clearFindings();
+    const payloads = manager.getPayloads();
+    if (payloads.length === 0) {
+      return {
+        findings: [],
+        stepsExecuted: session.steps.length,
+        payloadsTested: 0,
+        duration: Date.now() - startTime,
+        errors: [
+          "No payloads loaded. Add a payload plugin or configure payloads."
+        ]
+      };
+    }
     const { browser } = await launchBrowser({
       browser: browserType,
       headless
     });
     const context = await browser.newContext({ viewport: session.viewport });
     const page = await context.newPage();
+    const baseRunContext = {
+      session,
+      page,
+      browser: browserType,
+      headless,
+      engine: { version: "0.2.0", pluginApiVersion: 1 },
+      payloads: manager.getPayloads(),
+      findings: manager.getFindings(),
+      logger: {
+        debug: console.debug.bind(console),
+        info: console.info.bind(console),
+        warn: console.warn.bind(console),
+        error: console.error.bind(console)
+      },
+      fetch: globalThis.fetch
+    };
+    await manager.callHook("onRunStart", async (hook, ctx) => {
+      const runCtx = { ...baseRunContext, ...ctx };
+      await hook(runCtx);
+    });
+    const eventFindings = [];
+    let currentDetectContext = null;
+    const dialogHandler = async (dialog) => {
+      if (currentDetectContext) {
+        const findings = await manager.callHookCollect(
+          "onDialog",
+          async (hook, ctx) => {
+            const detectCtx = {
+              ...currentDetectContext,
+              ...ctx
+            };
+            return hook(dialog, detectCtx);
+          }
+        );
+        eventFindings.push(...findings);
+      }
+      try {
+        await dialog.dismiss();
+      } catch {
+      }
+    };
+    const consoleHandler = async (msg) => {
+      if (currentDetectContext) {
+        const findings = await manager.callHookCollect("onConsoleMessage", async (hook, ctx) => {
+          const detectCtx = { ...currentDetectContext, ...ctx };
+          return hook(msg, detectCtx);
+        });
+        eventFindings.push(...findings);
+      }
+    };
+    page.on("dialog", dialogHandler);
+    page.on("console", consoleHandler);
     try {
       const injectableSteps = session.steps.filter(
         (step) => step.type === "input" && step.injectable !== false
       );
       const allPayloads = [];
-      for (const name of payloadNames) {
-        const payload = BUILTIN_PAYLOADS[name];
-        if (payload) {
-          for (const value of payload.payloads) {
-            allPayloads.push({ name, value });
-          }
+      for (const payloadSet of payloads) {
+        for (const value of payloadSet.payloads) {
+          allPayloads.push({ payloadSet, value });
         }
       }
       for (const injectableStep of injectableSteps) {
-        for (const payload of allPayloads) {
+        for (const { payloadSet, value: originalValue } of allPayloads) {
           try {
-            const finding = await _Runner.replayWithPayload(
+            let transformedPayload = originalValue;
+            for (const loaded of manager.getPlugins()) {
+              const hook = loaded.plugin.hooks?.onBeforePayload;
+              if (hook) {
+                const ctx = manager.createContext(loaded.config);
+                const runCtx = { ...baseRunContext, ...ctx };
+                transformedPayload = await hook(
+                  transformedPayload,
+                  injectableStep,
+                  runCtx
+                );
+              }
+            }
+            currentDetectContext = {
+              ...baseRunContext,
+              config: {},
+              step: injectableStep,
+              payloadSet,
+              payloadValue: transformedPayload,
+              stepId: injectableStep.id
+            };
+            await _Runner.replayWithPayload(
               page,
               session,
               injectableStep,
-              payload.name,
-              payload.value
+              transformedPayload
             );
-            if (finding) {
-              findings.push(finding);
+            const afterFindings = await manager.callHookCollect("onAfterPayload", async (hook, ctx) => {
+              const detectCtx = {
+                ...currentDetectContext,
+                ...ctx
+              };
+              return hook(detectCtx);
+            });
+            const reflectionFinding = await _Runner.checkReflection(
+              page,
+              injectableStep,
+              payloadSet,
+              transformedPayload
+            );
+            const allFindings = [...afterFindings, ...eventFindings];
+            if (reflectionFinding) {
+              allFindings.push(reflectionFinding);
+            }
+            for (const finding of allFindings) {
+              manager.addFinding(finding);
               options.onFinding?.(finding);
             }
+            eventFindings.length = 0;
             payloadsTested++;
           } catch (err) {
             errors.push(`${injectableStep.id}: ${String(err)}`);
@@ -587,73 +980,94 @@ var Runner = class _Runner {
         }
       }
     } finally {
+      page.off("dialog", dialogHandler);
+      page.off("console", consoleHandler);
+      currentDetectContext = null;
       await browser.close();
     }
-    return {
-      findings,
+    let result = {
+      findings: manager.getFindings(),
       stepsExecuted: session.steps.length,
       payloadsTested,
       duration: Date.now() - startTime,
       errors
     };
+    for (const loaded of manager.getPlugins()) {
+      const hook = loaded.plugin.hooks?.onRunEnd;
+      if (hook) {
+        const ctx = manager.createContext(loaded.config);
+        const runCtx = { ...baseRunContext, ...ctx };
+        result = await hook(result, runCtx);
+      }
+    }
+    return result;
+  }
+  /**
+   * Execute with explicit payloads (legacy API, for backwards compatibility)
+   */
+  static async executeWithPayloads(session, payloads, options = {}) {
+    const manager = new PluginManager();
+    manager.addPayloads(payloads);
+    return _Runner.execute(session, options, { pluginManager: manager });
   }
-  static async replayWithPayload(page, session, targetStep, payloadName, payloadValue) {
-    await page.goto(session.startUrl);
+  /**
+   * Replay session steps with payload injected at target step
+   */
+  static async replayWithPayload(page, session, targetStep, payloadValue) {
+    await page.goto(session.startUrl, { waitUntil: "domcontentloaded" });
     for (const step of session.steps) {
-      if (step.type === "navigate") {
-        await page.goto(step.url);
-      } else if (step.type === "click") {
-        await page.click(step.selector, { timeout: 5e3 });
-      } else if (step.type === "input") {
-        const value = step.id === targetStep.id ? payloadValue : step.value;
-        await page.fill(step.selector, value, { timeout: 5e3 });
-      } else if (step.type === "keypress") {
-        const modifiers = step.modifiers ?? [];
-        for (const mod of modifiers) {
-          await page.keyboard.down(mod);
-        }
-        await page.keyboard.press(step.key);
-        for (const mod of modifiers.reverse()) {
-          await page.keyboard.up(mod);
+      try {
+        if (step.type === "navigate") {
+          await page.goto(step.url, { waitUntil: "domcontentloaded" });
+        } else if (step.type === "click") {
+          await page.click(step.selector, { timeout: 5e3 });
+        } else if (step.type === "input") {
+          const value = step.id === targetStep.id ? payloadValue : step.value;
+          await page.fill(step.selector, value, { timeout: 5e3 });
+        } else if (step.type === "keypress") {
+          const modifiers = step.modifiers ?? [];
+          for (const mod of modifiers) {
+            await page.keyboard.down(
+              mod
+            );
+          }
+          await page.keyboard.press(step.key);
+          for (const mod of modifiers.reverse()) {
+            await page.keyboard.up(mod);
+          }
         }
+      } catch {
       }
       if (step.id === targetStep.id) {
-        const finding = await _Runner.checkForVulnerability(
-          page,
-          targetStep,
-          payloadName,
-          payloadValue
-        );
-        if (finding) {
-          return finding;
-        }
+        await page.waitForTimeout(100);
+        break;
       }
     }
-    return void 0;
   }
-  static async checkForVulnerability(page, step, payloadName, payloadValue) {
-    const payload = BUILTIN_PAYLOADS[payloadName];
-    if (!payload) return void 0;
+  /**
+   * Basic reflection check - fallback when no detection plugin is loaded
+   */
+  static async checkReflection(page, step, payloadSet, payloadValue) {
     const content = await page.content();
-    for (const pattern of payload.detectPatterns) {
+    for (const pattern of payloadSet.detectPatterns) {
       if (pattern.test(content)) {
         return {
-          type: payload.category,
-          severity: payload.category === "xss" ? "high" : "critical",
-          title: `${payload.category.toUpperCase()} vulnerability detected`,
-          description: `Payload was reflected in page content`,
+          type: payloadSet.category,
+          severity: _Runner.getSeverity(payloadSet.category),
+          title: `${payloadSet.category.toUpperCase()} vulnerability detected`,
+          description: `Payload pattern was reflected in page content`,
           stepId: step.id,
           payload: payloadValue,
           url: page.url(),
-          evidence: content.match(pattern)?.[0]
+          evidence: content.match(pattern)?.[0]?.slice(0, 200)
         };
       }
     }
     if (content.includes(payloadValue)) {
       return {
-        type: payload.category,
+        type: payloadSet.category,
         severity: "medium",
-        title: `Potential ${payload.category.toUpperCase()} - payload reflection`,
+        title: `Potential ${payloadSet.category.toUpperCase()} - payload reflection`,
         description: `Payload was reflected in page without encoding`,
         stepId: step.id,
         payload: payloadValue,
@@ -662,22 +1076,40 @@ var Runner = class _Runner {
     }
     return void 0;
   }
+  /**
+   * Determine severity based on vulnerability category
+   */
+  static getSeverity(category) {
+    switch (category) {
+      case "sqli":
+      case "command-injection":
+      case "xxe":
+        return "critical";
+      case "xss":
+      case "ssrf":
+      case "path-traversal":
+        return "high";
+      case "open-redirect":
+        return "medium";
+      default:
+        return "medium";
+    }
+  }
 };
 export {
-  BUILTIN_PAYLOADS,
   BrowserNotFoundError,
+  PLUGIN_API_VERSION,
+  PluginManager,
   Recorder,
   Runner,
   SessionSchema,
   StepSchema,
   checkBrowsers,
   createSession,
-  getPayload,
-  getPayloadNames,
-  getPayloadsByCategory,
   installBrowsers,
   launchBrowser,
   parseSession,
+  pluginManager,
   serializeSession
 };
 //# sourceMappingURL=index.js.map