npm - opencode-api-security-testing - Versions diffs - 3.0.8 → 3.0.10 - Mend

opencode-api-security-testing 3.0.8 → 3.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (79) hide show

package/agents/api-cyber-supervisor.md +9 -3
package/agents/api-probing-miner.md +10 -2
package/agents/api-resource-specialist.md +44 -35
package/agents/api-vuln-verifier.md +56 -24
package/package.json +1 -1
package/postinstall.mjs +1 -0
package/preuninstall.mjs +43 -32
package/src/index.ts +3 -100
package/README.md +0 -74
package/SKILL.md +0 -1797
package/core/advanced_recon.py +0 -788
package/core/agentic_analyzer.py +0 -445
package/core/analyzers/api_parser.py +0 -210
package/core/analyzers/response_analyzer.py +0 -212
package/core/analyzers/sensitive_finder.py +0 -184
package/core/api_fuzzer.py +0 -422
package/core/api_interceptor.py +0 -525
package/core/api_parser.py +0 -955
package/core/browser_tester.py +0 -479
package/core/cloud_storage_tester.py +0 -1330
package/core/collectors/__init__.py +0 -23
package/core/collectors/api_path_finder.py +0 -300
package/core/collectors/browser_collect.py +0 -645
package/core/collectors/browser_collector.py +0 -411
package/core/collectors/http_client.py +0 -111
package/core/collectors/js_collector.py +0 -490
package/core/collectors/js_parser.py +0 -780
package/core/collectors/url_collector.py +0 -319
package/core/context_manager.py +0 -682
package/core/deep_api_tester_v35.py +0 -844
package/core/deep_api_tester_v55.py +0 -366
package/core/dynamic_api_analyzer.py +0 -532
package/core/http_client.py +0 -179
package/core/models.py +0 -296
package/core/orchestrator.py +0 -890
package/core/prerequisite.py +0 -227
package/core/reasoning_engine.py +0 -1042
package/core/response_classifier.py +0 -606
package/core/runner.py +0 -938
package/core/scan_engine.py +0 -599
package/core/skill_executor.py +0 -435
package/core/skill_executor_v2.py +0 -670
package/core/skill_executor_v3.py +0 -704
package/core/smart_analyzer.py +0 -687
package/core/strategy_pool.py +0 -707
package/core/testers/auth_tester.py +0 -264
package/core/testers/idor_tester.py +0 -200
package/core/testers/sqli_tester.py +0 -211
package/core/testing_loop.py +0 -655
package/core/utils/base_path_dict.py +0 -255
package/core/utils/payload_lib.py +0 -167
package/core/utils/ssrf_detector.py +0 -220
package/core/verifiers/vuln_verifier.py +0 -536
package/references/README.md +0 -72
package/references/asset-discovery.md +0 -119
package/references/fuzzing-patterns.md +0 -129
package/references/graphql-guidance.md +0 -108
package/references/intake.md +0 -84
package/references/pua-agent.md +0 -192
package/references/report-template.md +0 -156
package/references/rest-guidance.md +0 -76
package/references/severity-model.md +0 -76
package/references/test-matrix.md +0 -86
package/references/validation.md +0 -78
package/references/vulnerabilities/01-sqli-tests.md +0 -1128
package/references/vulnerabilities/02-user-enum-tests.md +0 -423
package/references/vulnerabilities/03-jwt-tests.md +0 -499
package/references/vulnerabilities/04-idor-tests.md +0 -362
package/references/vulnerabilities/05-sensitive-data-tests.md +0 -466
package/references/vulnerabilities/06-biz-logic-tests.md +0 -501
package/references/vulnerabilities/07-security-config-tests.md +0 -511
package/references/vulnerabilities/08-brute-force-tests.md +0 -457
package/references/vulnerabilities/09-vulnerability-chains.md +0 -465
package/references/vulnerabilities/10-auth-tests.md +0 -537
package/references/vulnerabilities/11-graphql-tests.md +0 -355
package/references/vulnerabilities/12-ssrf-tests.md +0 -396
package/references/vulnerabilities/README.md +0 -148
package/references/workflows.md +0 -192
package/src/hooks/directory-agents-injector.ts +0 -106

package/core/strategy_pool.py DELETED Viewed

@@ -1,707 +0,0 @@
-#!/usr/bin/env python3
-"""
-Strategy Pool - 策略池系统
-动态策略管理：
-- 预定义策略库（8种策略）
-- 策略选择算法
-- 策略适应性调整
-- 策略有效性评估
-"""
-import time
-import json
-from datetime import datetime
-from typing import Dict, List, Set, Optional, Any, Callable
-from dataclasses import dataclass, field
-from enum import Enum
-from collections import defaultdict
-import logging
-logger = logging.getLogger(__name__)
-class StrategyState(Enum):
-    """策略状态"""
-    IDLE = "idle"
-    ACTIVE = "active"
-    PAUSED = "paused"
-    COMPLETED = "completed"
-    FAILED = "failed"
-@dataclass
-class Condition:
-    """策略激活条件"""
-    type: str           # 'insight_type', 'tech_stack', 'network_status', 'endpoint_score'
-    operator: str       # 'equals', 'contains', 'greater_than', 'less_than', 'in'
-    value: Any
-    def evaluate(self, context: 'StrategyContext') -> bool:
-        """评估条件是否满足"""
-        if self.type == 'insight_type':
-            insight_types = context.get('insight_types', [])
-            if self.operator == 'contains':
-                return self.value in insight_types
-            elif self.operator == 'in':
-                return self.value in insight_types
-        elif self.type == 'tech_stack':
-            tech_stack = context.get('tech_stack', {})
-            if self.operator == 'contains':
-                return self.value in tech_stack
-        elif self.type == 'network_status':
-            status = context.get('network_status', 'normal')
-            if self.operator == 'equals':
-                return status == self.value
-            elif self.operator == 'in':
-                return status in self.value
-        elif self.type == 'endpoint_score':
-            score = context.get('endpoint_score', 0)
-            if self.operator == 'greater_than':
-                return score > self.value
-            elif self.operator == 'greater_equal':
-                return score >= self.value
-            elif self.operator == 'equals':
-                return score == self.value
-        elif self.type == 'endpoint_type':
-            endpoint_path = context.get('endpoint_path', '').lower()
-            if self.operator == 'contains':
-                return self.value in endpoint_path
-        elif self.type == 'waf_detected':
-            waf = context.get('waf_detected')
-            if self.operator == 'equals':
-                return waf == self.value
-            elif self.operator == 'is_not_none':
-                return waf is not None
-        elif self.type == 'is_spa':
-            is_spa = context.get('is_spa', False)
-            return is_spa == self.value
-        elif self.type == 'has_internal_ips':
-            internal_ips = context.get('internal_ips', set())
-            return len(internal_ips) > 0 if self.value else len(internal_ips) == 0
-        return False
-@dataclass
-class Action:
-    """策略动作"""
-    type: str           # 'test_sqli', 'test_xss', 'fuzz_path', etc.
-    params: Dict[str, Any] = field(default_factory=dict)
-    priority: int = 0
-    timeout: float = 30.0
-    retry_on_failure: int = 1
-    def to_dict(self) -> Dict:
-        return {
-            'type': self.type,
-            'params': self.params,
-            'priority': self.priority,
-            'timeout': self.timeout,
-            'retry_on_failure': self.retry_on_failure
-        }
-@dataclass
-class StrategyMetrics:
-    """策略指标"""
-    success_count: int = 0
-    failure_count: int = 0
-    total_executions: int = 0
-    avg_effectiveness: float = 0.0
-    last_execution_time: Optional[datetime] = None
-    last_success_time: Optional[datetime] = None
-    def record_execution(self, success: bool, effectiveness: float = 0.0):
-        """记录执行结果"""
-        self.total_executions += 1
-        if success:
-            self.success_count += 1
-            self.last_success_time = datetime.now()
-        else:
-            self.failure_count += 1
-        if self.total_executions > 0:
-            self.avg_effectiveness = (
-                (self.avg_effectiveness * (self.total_executions - 1) + effectiveness)
-                / self.total_executions
-            )
-        self.last_execution_time = datetime.now()
-    def to_dict(self) -> Dict:
-        return {
-            'success_count': self.success_count,
-            'failure_count': self.failure_count,
-            'total_executions': self.total_executions,
-            'avg_effectiveness': self.avg_effectiveness,
-            'last_execution_time': self.last_execution_time.isoformat() if self.last_execution_time else None,
-            'success_rate': self.success_count / max(self.total_executions, 1)
-        }
-@dataclass
-class Strategy:
-    """策略"""
-    id: str
-    name: str
-    description: str
-    activation_conditions: List[Condition] = field(default_factory=list)
-    priority: int = 0
-    actions: List[Action] = field(default_factory=list)
-    execution_order: str = "sequential"  # 'sequential', 'parallel', 'adaptive'
-    exit_on: List[str] = field(default_factory=list)  # 'all_complete', 'vuln_found', 'blocked'
-    max_duration: float = 300.0
-    max_iterations: int = 100
-    is_adaptive: bool = False
-    adaptation_threshold: float = 0.3
-    state: StrategyState = StrategyState.IDLE
-    metrics: StrategyMetrics = field(default_factory=StrategyMetrics)
-    config: Dict[str, Any] = field(default_factory=dict)
-    def is_active(self) -> bool:
-        return self.state == StrategyState.ACTIVE
-    def can_activate(self, context: 'StrategyContext') -> bool:
-        """检查是否可以激活"""
-        if not self.activation_conditions:
-            return True
-        for cond in self.activation_conditions:
-            if not cond.evaluate(context):
-                return False
-        return True
-    def should_exit(self, exit_reason: str, vulns_found: int = 0) -> bool:
-        """检查是否应该退出"""
-        if exit_reason in self.exit_on:
-            return True
-        if 'vuln_found' in self.exit_on and vulns_found > 0:
-            return True
-        return False
-    def to_dict(self) -> Dict:
-        return {
-            'id': self.id,
-            'name': self.name,
-            'description': self.description,
-            'priority': self.priority,
-            'state': self.state.value,
-            'metrics': self.metrics.to_dict(),
-            'actions': [a.to_dict() for a in self.actions],
-            'config': self.config
-        }
-class StrategyContext(Dict):
-    """策略上下文（字典-like）"""
-    def get(self, key: str, default: Any = None) -> Any:
-        try:
-            return self[key]
-        except KeyError:
-            return default
-@dataclass
-class StrategyPlan:
-    """策略计划"""
-    primary_strategy: Strategy
-    fallback_strategy: Optional[Strategy] = None
-    execution_order: List[str] = field(default_factory=list)
-    adaptations: Dict[str, Any] = field(default_factory=dict)
-    estimated_duration: float = 0.0
-    estimated_actions: int = 0
-class StrategyPool:
-    """
-    策略池
-    包含预定义策略库和策略选择逻辑
-    """
-    def __init__(self):
-        self.strategies: Dict[str, Strategy] = {}
-        self._register_default_strategies()
-    def _register_default_strategies(self):
-        """注册默认策略"""
-        self.register_strategy(self._create_default_strategy())
-        self.register_strategy(self._create_waf_bypass_strategy())
-        self.register_strategy(self._create_spa_fallback_strategy())
-        self.register_strategy(self._create_internal_address_strategy())
-        self.register_strategy(self._create_high_value_endpoint_strategy())
-        self.register_strategy(self._create_auth_testing_strategy())
-        self.register_strategy(self._create_rate_limited_strategy())
-        self.register_strategy(self._create_sensitive_operation_strategy())
-    def register_strategy(self, strategy: Strategy):
-        """注册策略"""
-        self.strategies[strategy.id] = strategy
-        logger.debug(f"Registered strategy: {strategy.id}")
-    def get_strategy(self, strategy_id: str) -> Optional[Strategy]:
-        """获取策略"""
-        return self.strategies.get(strategy_id)
-    def get_all_strategies(self) -> List[Strategy]:
-        """获取所有策略"""
-        return list(self.strategies.values())
-    def select_strategy(self, context: StrategyContext, insights: List[Any] = None) -> Strategy:
-        """
-        根据上下文选择最佳策略
-        选择逻辑：
-        1. 检查所有可激活策略
-        2. 按优先级排序
-        3. 返回最高优先级策略
-        """
-        if insights is None:
-            insights = []
-        context['insight_types'] = [i.type for i in insights] if hasattr(insights, '__iter__') else []
-        activatable = []
-        for strategy in self.strategies.values():
-            if strategy.can_activate(context):
-                activatable.append((strategy.priority, strategy.id, strategy))
-        if not activatable:
-            return self.strategies['default']
-        activatable.sort(key=lambda x: x[0], reverse=True)
-        selected = activatable[0][2]
-        selected.state = StrategyState.ACTIVE
-        logger.info(f"Selected strategy: {selected.id} ({selected.name})")
-        return selected
-    def select_multiple(self, context: StrategyContext, max_strategies: int = 3) -> List[Strategy]:
-        """选择多个策略"""
-        activatable = []
-        for strategy in self.strategies.values():
-            if strategy.can_activate(context):
-                activatable.append((strategy.priority, id(strategy), strategy))
-        if not activatable:
-            return [self.strategies['default']]
-        activatable.sort(key=lambda x: x[0], reverse=True)
-        return [s[2] for s in activatable[:max_strategies]]
-    def create_plan(self, context: StrategyContext, insights: List[Any] = None) -> StrategyPlan:
-        """创建策略计划"""
-        primary = self.select_strategy(context, insights)
-        estimated_actions = len(primary.actions)
-        estimated_duration = sum(a.timeout for a in primary.actions)
-        return StrategyPlan(
-            primary_strategy=primary,
-            fallback_strategy=self.strategies.get('default'),
-            execution_order=[primary.id],
-            estimated_duration=estimated_duration,
-            estimated_actions=estimated_actions
-        )
-    def adapt_strategy(self, strategy: Strategy, feedback: Dict) -> Strategy:
-        """根据反馈调整策略"""
-        if not strategy.is_adaptive:
-            return strategy
-        effectiveness = feedback.get('effectiveness', 0.0)
-        if effectiveness < strategy.adaptation_threshold:
-            for action in strategy.actions:
-                if action.type == 'test_sqli' or action.type == 'test_xss':
-                    action.params['use_bypass'] = True
-                    action.params['obfuscation_level'] = 'high'
-        return strategy
-    def record_outcome(self, strategy_id: str, success: bool, effectiveness: float = 0.0):
-        """记录策略执行结果"""
-        strategy = self.strategies.get(strategy_id)
-        if strategy:
-            strategy.metrics.record_execution(success, effectiveness)
-            if success:
-                logger.info(f"Strategy {strategy_id} succeeded (effectiveness: {effectiveness:.2f})")
-            else:
-                logger.warning(f"Strategy {strategy_id} failed")
-    def _create_default_strategy(self) -> Strategy:
-        """创建默认策略"""
-        return Strategy(
-            id='default',
-            name='默认测试策略',
-            description='适用于大多数目标的默认测试策略',
-            priority=0,
-            actions=[
-                Action(type='discover_endpoints', priority=10),
-                Action(type='test_sqli', priority=8),
-                Action(type='test_xss', priority=8),
-                Action(type='test_auth', priority=6),
-            ],
-            execution_order='sequential',
-            exit_on=['all_complete', 'vuln_found', 'blocked'],
-            config={
-                'rate_limit': 10,
-                'payload_set': 'standard',
-                'depth': 'normal'
-            }
-        )
-    def _create_waf_bypass_strategy(self) -> Strategy:
-        """创建 WAF 绕过策略"""
-        return Strategy(
-            id='waf_detected',
-            name='WAF 绕过策略',
-            description='当检测到 WAF 时使用的绕过策略',
-            priority=10,
-            activation_conditions=[
-                Condition(type='waf_detected', operator='is_not_none', value=None)
-            ],
-            actions=[
-                Action(type='test_sqli_bypass', priority=10, params={'obfuscation_level': 'high'}),
-                Action(type='test_xss_bypass', priority=10, params={'obfuscation_level': 'high'}),
-                Action(type='test_obfuscated', priority=8),
-            ],
-            execution_order='sequential',
-            exit_on=['all_complete', 'vuln_found', 'blocked'],
-            is_adaptive=True,
-            adaptation_threshold=0.3,
-            config={
-                'rate_limit': 2,
-                'payload_set': 'waf_bypass',
-                'depth': 'normal'
-            }
-        )
-    def _create_spa_fallback_strategy(self) -> Strategy:
-        """创建 SPA Fallback 策略"""
-        return Strategy(
-            id='spa_fallback',
-            name='SPA 深度分析策略',
-            description='检测到 SPA fallback 行为时，深度分析 JS',
-            priority=20,
-            activation_conditions=[
-                Condition(type='is_spa', operator='equals', value=True)
-            ],
-            actions=[
-                Action(type='extract_js', priority=10),
-                Action(type='analyze_webpack', priority=9),
-                Action(type='find_api_urls', priority=9),
-                Action(type='test_from_js', priority=8),
-                Action(type='test_backend_direct', priority=7),
-            ],
-            execution_order='sequential',
-            exit_on=['all_complete', 'api_found', 'timeout'],
-            config={
-                'rate_limit': 5,
-                'js_depth': 3,
-                'focus': 'reconnaissance'
-            }
-        )
-    def _create_internal_address_strategy(self) -> Strategy:
-        """创建内网地址策略"""
-        return Strategy(
-            id='internal_address',
-            name='内网代理策略',
-            description='发现内网地址时提示配置代理',
-            priority=30,
-            activation_conditions=[
-                Condition(type='has_internal_ips', operator='equals', value=True)
-            ],
-            actions=[
-                Action(type='mark_unreachable', priority=10),
-                Action(type='extract_testable_apis', priority=9),
-                Action(type='suggest_proxy', priority=8),
-            ],
-            execution_order='sequential',
-            exit_on=['all_complete'],
-            config={
-                'rate_limit': 0,
-                'requires_user_action': True
-            }
-        )
-    def _create_high_value_endpoint_strategy(self) -> Strategy:
-        """创建高价值端点策略"""
-        return Strategy(
-            id='high_value_endpoint',
-            name='高价值端点深度测试',
-            description='对高评分端点进行深度测试',
-            priority=15,
-            activation_conditions=[
-                Condition(type='endpoint_score', operator='greater_than', value=7)
-            ],
-            actions=[
-                Action(type='full_test_suite', priority=10),
-                Action(type='test_edge_cases', priority=9),
-                Action(type='bypass_auth', priority=8),
-                Action(type='test_idor', priority=7),
-            ],
-            execution_order='sequential',
-            exit_on=['all_complete', 'vuln_found'],
-            is_adaptive=True,
-            config={
-                'rate_limit': 5,
-                'depth': 'maximum',
-                'timeout_multiplier': 2.0
-            }
-        )
-    def _create_auth_testing_strategy(self) -> Strategy:
-        """创建认证测试策略"""
-        return Strategy(
-            id='auth_testing',
-            name='认证安全专项',
-            description='针对认证接口的专项测试',
-            priority=25,
-            activation_conditions=[
-                Condition(type='endpoint_type', operator='contains', value='auth'),
-                Condition(type='endpoint_type', operator='contains', value='login'),
-            ],
-            actions=[
-                Action(type='test_default_creds', priority=10),
-                Action(type='test_auth_bypass', priority=9),
-                Action(type='test_jwt', priority=9),
-                Action(type='test_session', priority=8),
-            ],
-            execution_order='sequential',
-            exit_on=['all_complete', 'vuln_found', 'locked'],
-            is_adaptive=True,
-            config={
-                'rate_limit': 3,
-                'safety_mode': True,
-                'max_attempts': 5
-            }
-        )
-    def _create_rate_limited_strategy(self) -> Strategy:
-        """创建限速自适应策略"""
-        return Strategy(
-            id='rate_limited',
-            name='限速自适应策略',
-            description='检测到限速时自动降速',
-            priority=40,
-            activation_conditions=[
-                Condition(type='network_status', operator='equals', value='rate_limited')
-            ],
-            actions=[
-                Action(type='reduce_rate', priority=10),
-                Action(type='rotate_user_agent', priority=9),
-                Action(type='use_proxy', priority=8),
-            ],
-            execution_order='sequential',
-            exit_on=['rate_restored', 'blocked'],
-            config={
-                'rate_limit': 1,
-                'cooldown': 60,
-                'backoff_factor': 0.5
-            }
-        )
-    def _create_sensitive_operation_strategy(self) -> Strategy:
-        """创建敏感操作策略"""
-        return Strategy(
-            id='sensitive_operation',
-            name='敏感操作安全策略',
-            description='测试敏感操作时使用最小化原则',
-            priority=35,
-            activation_conditions=[
-                Condition(type='endpoint_type', operator='contains', value='pay'),
-                Condition(type='endpoint_type', operator='contains', value='transfer'),
-            ],
-            actions=[
-                Action(type='minimal_testing', priority=10),
-                Action(type='simulate_normal_usage', priority=9),
-                Action(type='avoid_destructive', priority=8),
-            ],
-            execution_order='sequential',
-            exit_on=['all_complete'],
-            config={
-                'rate_limit': 1,
-                'safety_mode': True,
-                'require_confirmation': True
-            }
-        )
-    def get_summary(self) -> Dict:
-        """获取策略池摘要"""
-        return {
-            'total_strategies': len(self.strategies),
-            'strategies': {
-                k: v.to_dict() for k, v in self.strategies.items()
-            }
-        }
-class Strategist:
-    """
-    策略师
-    负责：
-    - 创建策略计划
-    - 评估策略有效性
-    - 管理策略执行
-    """
-    def __init__(self, strategy_pool: Optional[StrategyPool] = None):
-        self.strategy_pool = strategy_pool or StrategyPool()
-        self.current_plan: Optional[StrategyPlan] = None
-        self.execution_history: List[Dict] = []
-    def create_strategy_plan(self, context: Dict, insights: List[Any] = None) -> StrategyPlan:
-        """创建策略计划"""
-        strategy_context = StrategyContext(context)
-        self.current_plan = self.strategy_pool.create_plan(strategy_context, insights)
-        return self.current_plan
-    def evaluate_effectiveness(self, strategy: Strategy, results: Dict) -> float:
-        """
-        评估策略有效性
-        基于：
-        - 发现漏洞数量
-        - 测试覆盖率
-        - 执行时间
-        - 误报率
-        """
-        vuln_count = results.get('vulnerabilities_found', 0)
-        coverage = results.get('coverage', 0.0)
-        execution_time = results.get('execution_time', 0.0)
-        false_positive_rate = results.get('false_positive_rate', 0.0)
-        vuln_weight = 0.4
-        coverage_weight = 0.3
-        time_weight = 0.1
-        accuracy_weight = 0.2
-        vuln_score = min(vuln_count / 10.0, 1.0)
-        coverage_score = coverage
-        time_score = 1.0 if execution_time < 300 else 0.5
-        accuracy_score = 1.0 - false_positive_rate
-        effectiveness = (
-            vuln_score * vuln_weight +
-            coverage_score * coverage_weight +
-            time_score * time_weight +
-            accuracy_score * accuracy_weight
-        )
-        return effectiveness
-    def should_switch_strategy(self, current: Strategy, new: Strategy, feedback: Dict) -> bool:
-        """判断是否应该切换策略"""
-        effectiveness = feedback.get('effectiveness', 0.0)
-        if effectiveness < current.adaptation_threshold:
-            return True
-        if current.state == StrategyState.FAILED:
-            return True
-        if current.should_exit(feedback.get('exit_reason', '')):
-            return True
-        return new.priority > current.priority
-    def record_execution(self, strategy_id: str, results: Dict):
-        """记录策略执行"""
-        effectiveness = self.evaluate_effectiveness(
-            self.strategy_pool.get_strategy(strategy_id) or Strategy(id=strategy_id, name=strategy_id, description=""),
-            results
-        )
-        success = effectiveness > 0.3
-        self.strategy_pool.record_outcome(strategy_id, success, effectiveness)
-        self.execution_history.append({
-            'strategy_id': strategy_id,
-            'effectiveness': effectiveness,
-            'success': success,
-            'timestamp': datetime.now().isoformat(),
-            'results': results
-        })
-    def get_best_strategy_for_context(self, context: StrategyContext) -> Strategy:
-        """获取最佳策略"""
-        return self.strategy_pool.select_strategy(context)
-    def suggest_alternatives(self, context: StrategyContext) -> List[Strategy]:
-        """建议备选策略"""
-        return self.strategy_pool.select_multiple(context, max_strategies=3)
-def create_strategy_pool() -> StrategyPool:
-    """创建策略池工厂函数"""
-    return StrategyPool()
-def create_strategist(strategy_pool: Optional[StrategyPool] = None) -> Strategist:
-    """创建策略师工厂函数"""
-    return Strategist(strategy_pool)
-if __name__ == "__main__":
-    pool = create_strategy_pool()
-    context = StrategyContext({
-        'is_spa': True,
-        'waf_detected': 'aliyun',
-        'network_status': 'normal',
-        'endpoint_score': 8,
-        'tech_stack': {'vue', 'spring'},
-        'insight_types': ['spa_fallback', 'waf_detected']
-    })
-    print("=" * 60)
-    print("Strategy Pool Demo")
-    print("=" * 60)
-    selected = pool.select_strategy(context)
-    print(f"\nSelected: {selected.name} ({selected.id})")
-    print(f"Priority: {selected.priority}")
-    print(f"Actions: {[a.type for a in selected.actions]}")
-    print(f"Config: {selected.config}")
-    print("\n" + "-" * 60)
-    print("Alternative strategies for this context:")
-    alternatives = pool.select_multiple(context, max_strategies=3)
-    for i, s in enumerate(alternatives, 1):
-        print(f"  {i}. {s.name} (priority: {s.priority})")
-    print("\n" + "-" * 60)
-    print("Strategy Pool Summary:")
-    summary = pool.get_summary()
-    print(f"Total strategies: {summary['total_strategies']}")
-    for sid, sdata in summary['strategies'].items():
-        print(f"  - {sid}: {sdata['name']} (state: {sdata['state']})")