npm - windows-exe-decompiler-mcp-server - Versions diffs - 0.1.0 - Mend

windows-exe-decompiler-mcp-server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (190) hide show

package/CODEX_INSTALLATION.md +69 -0
package/COPILOT_INSTALLATION.md +77 -0
package/LICENSE +21 -0
package/README.md +314 -0
package/bin/windows-exe-decompiler-mcp-server.js +3 -0
package/dist/analysis-provenance.d.ts +184 -0
package/dist/analysis-provenance.js +74 -0
package/dist/analysis-task-runner.d.ts +31 -0
package/dist/analysis-task-runner.js +160 -0
package/dist/artifact-inventory.d.ts +23 -0
package/dist/artifact-inventory.js +175 -0
package/dist/cache-manager.d.ts +128 -0
package/dist/cache-manager.js +454 -0
package/dist/confidence-semantics.d.ts +66 -0
package/dist/confidence-semantics.js +122 -0
package/dist/config.d.ts +335 -0
package/dist/config.js +193 -0
package/dist/database.d.ts +227 -0
package/dist/database.js +601 -0
package/dist/decompiler-worker.d.ts +441 -0
package/dist/decompiler-worker.js +1962 -0
package/dist/dynamic-trace.d.ts +95 -0
package/dist/dynamic-trace.js +629 -0
package/dist/env-validator.d.ts +15 -0
package/dist/env-validator.js +249 -0
package/dist/error-handler.d.ts +28 -0
package/dist/error-handler.example.d.ts +22 -0
package/dist/error-handler.example.js +141 -0
package/dist/error-handler.js +139 -0
package/dist/ghidra-analysis-status.d.ts +49 -0
package/dist/ghidra-analysis-status.js +178 -0
package/dist/ghidra-config.d.ts +134 -0
package/dist/ghidra-config.js +464 -0
package/dist/index.d.ts +9 -0
package/dist/index.js +200 -0
package/dist/job-queue.d.ts +169 -0
package/dist/job-queue.js +407 -0
package/dist/logger.d.ts +106 -0
package/dist/logger.js +176 -0
package/dist/policy-guard.d.ts +115 -0
package/dist/policy-guard.js +243 -0
package/dist/process-output.d.ts +15 -0
package/dist/process-output.js +90 -0
package/dist/prompts/function-explanation-review.d.ts +5 -0
package/dist/prompts/function-explanation-review.js +64 -0
package/dist/prompts/semantic-name-review.d.ts +5 -0
package/dist/prompts/semantic-name-review.js +63 -0
package/dist/runtime-correlation.d.ts +34 -0
package/dist/runtime-correlation.js +279 -0
package/dist/runtime-paths.d.ts +3 -0
package/dist/runtime-paths.js +11 -0
package/dist/selection-diff.d.ts +667 -0
package/dist/selection-diff.js +53 -0
package/dist/semantic-name-suggestion-artifacts.d.ts +116 -0
package/dist/semantic-name-suggestion-artifacts.js +314 -0
package/dist/server.d.ts +129 -0
package/dist/server.js +578 -0
package/dist/tools/artifact-read.d.ts +235 -0
package/dist/tools/artifact-read.js +317 -0
package/dist/tools/artifacts-diff.d.ts +728 -0
package/dist/tools/artifacts-diff.js +304 -0
package/dist/tools/artifacts-list.d.ts +515 -0
package/dist/tools/artifacts-list.js +389 -0
package/dist/tools/attack-map.d.ts +290 -0
package/dist/tools/attack-map.js +519 -0
package/dist/tools/cache-observability.d.ts +4 -0
package/dist/tools/cache-observability.js +36 -0
package/dist/tools/code-function-cfg.d.ts +50 -0
package/dist/tools/code-function-cfg.js +102 -0
package/dist/tools/code-function-decompile.d.ts +55 -0
package/dist/tools/code-function-decompile.js +103 -0
package/dist/tools/code-function-disassemble.d.ts +43 -0
package/dist/tools/code-function-disassemble.js +185 -0
package/dist/tools/code-function-explain-apply.d.ts +255 -0
package/dist/tools/code-function-explain-apply.js +225 -0
package/dist/tools/code-function-explain-prepare.d.ts +535 -0
package/dist/tools/code-function-explain-prepare.js +276 -0
package/dist/tools/code-function-explain-review.d.ts +397 -0
package/dist/tools/code-function-explain-review.js +589 -0
package/dist/tools/code-function-rename-apply.d.ts +248 -0
package/dist/tools/code-function-rename-apply.js +220 -0
package/dist/tools/code-function-rename-prepare.d.ts +506 -0
package/dist/tools/code-function-rename-prepare.js +279 -0
package/dist/tools/code-function-rename-review.d.ts +574 -0
package/dist/tools/code-function-rename-review.js +761 -0
package/dist/tools/code-functions-list.d.ts +37 -0
package/dist/tools/code-functions-list.js +91 -0
package/dist/tools/code-functions-rank.d.ts +34 -0
package/dist/tools/code-functions-rank.js +90 -0
package/dist/tools/code-functions-reconstruct.d.ts +2725 -0
package/dist/tools/code-functions-reconstruct.js +2807 -0
package/dist/tools/code-functions-search.d.ts +39 -0
package/dist/tools/code-functions-search.js +90 -0
package/dist/tools/code-reconstruct-export.d.ts +1212 -0
package/dist/tools/code-reconstruct-export.js +4002 -0
package/dist/tools/code-reconstruct-plan.d.ts +274 -0
package/dist/tools/code-reconstruct-plan.js +342 -0
package/dist/tools/dotnet-metadata-extract.d.ts +541 -0
package/dist/tools/dotnet-metadata-extract.js +355 -0
package/dist/tools/dotnet-reconstruct-export.d.ts +567 -0
package/dist/tools/dotnet-reconstruct-export.js +1151 -0
package/dist/tools/dotnet-types-list.d.ts +325 -0
package/dist/tools/dotnet-types-list.js +201 -0
package/dist/tools/dynamic-dependencies.d.ts +115 -0
package/dist/tools/dynamic-dependencies.js +213 -0
package/dist/tools/dynamic-memory-import.d.ts +10 -0
package/dist/tools/dynamic-memory-import.js +567 -0
package/dist/tools/dynamic-trace-import.d.ts +10 -0
package/dist/tools/dynamic-trace-import.js +235 -0
package/dist/tools/entrypoint-fallback-disasm.d.ts +30 -0
package/dist/tools/entrypoint-fallback-disasm.js +89 -0
package/dist/tools/ghidra-analyze.d.ts +88 -0
package/dist/tools/ghidra-analyze.js +208 -0
package/dist/tools/ghidra-health.d.ts +37 -0
package/dist/tools/ghidra-health.js +212 -0
package/dist/tools/ioc-export.d.ts +209 -0
package/dist/tools/ioc-export.js +542 -0
package/dist/tools/packer-detect.d.ts +165 -0
package/dist/tools/packer-detect.js +284 -0
package/dist/tools/pe-exports-extract.d.ts +175 -0
package/dist/tools/pe-exports-extract.js +253 -0
package/dist/tools/pe-fingerprint.d.ts +234 -0
package/dist/tools/pe-fingerprint.js +269 -0
package/dist/tools/pe-imports-extract.d.ts +105 -0
package/dist/tools/pe-imports-extract.js +245 -0
package/dist/tools/report-generate.d.ts +157 -0
package/dist/tools/report-generate.js +457 -0
package/dist/tools/report-summarize.d.ts +2131 -0
package/dist/tools/report-summarize.js +596 -0
package/dist/tools/runtime-detect.d.ts +135 -0
package/dist/tools/runtime-detect.js +247 -0
package/dist/tools/sample-ingest.d.ts +94 -0
package/dist/tools/sample-ingest.js +327 -0
package/dist/tools/sample-profile-get.d.ts +183 -0
package/dist/tools/sample-profile-get.js +121 -0
package/dist/tools/sandbox-execute.d.ts +441 -0
package/dist/tools/sandbox-execute.js +392 -0
package/dist/tools/strings-extract.d.ts +375 -0
package/dist/tools/strings-extract.js +314 -0
package/dist/tools/strings-floss-decode.d.ts +143 -0
package/dist/tools/strings-floss-decode.js +259 -0
package/dist/tools/system-health.d.ts +434 -0
package/dist/tools/system-health.js +446 -0
package/dist/tools/task-cancel.d.ts +21 -0
package/dist/tools/task-cancel.js +70 -0
package/dist/tools/task-status.d.ts +27 -0
package/dist/tools/task-status.js +106 -0
package/dist/tools/task-sweep.d.ts +22 -0
package/dist/tools/task-sweep.js +77 -0
package/dist/tools/tool-help.d.ts +340 -0
package/dist/tools/tool-help.js +261 -0
package/dist/tools/yara-scan.d.ts +554 -0
package/dist/tools/yara-scan.js +313 -0
package/dist/types.d.ts +266 -0
package/dist/types.js +41 -0
package/dist/worker-pool.d.ts +204 -0
package/dist/worker-pool.js +650 -0
package/dist/workflows/deep-static.d.ts +104 -0
package/dist/workflows/deep-static.js +276 -0
package/dist/workflows/function-explanation-review.d.ts +655 -0
package/dist/workflows/function-explanation-review.js +440 -0
package/dist/workflows/reconstruct.d.ts +2053 -0
package/dist/workflows/reconstruct.js +666 -0
package/dist/workflows/semantic-name-review.d.ts +2418 -0
package/dist/workflows/semantic-name-review.js +521 -0
package/dist/workflows/triage.d.ts +659 -0
package/dist/workflows/triage.js +1374 -0
package/dist/workspace-manager.d.ts +150 -0
package/dist/workspace-manager.js +411 -0
package/ghidra_scripts/DecompileFunction.java +487 -0
package/ghidra_scripts/DecompileFunction.py +150 -0
package/ghidra_scripts/ExtractCFG.java +256 -0
package/ghidra_scripts/ExtractCFG.py +233 -0
package/ghidra_scripts/ExtractFunctions.java +442 -0
package/ghidra_scripts/ExtractFunctions.py +101 -0
package/ghidra_scripts/README.md +125 -0
package/ghidra_scripts/SearchFunctionReferences.java +380 -0
package/helpers/DotNetMetadataProbe/DotNetMetadataProbe.csproj +9 -0
package/helpers/DotNetMetadataProbe/Program.cs +566 -0
package/install-to-codex.ps1 +178 -0
package/install-to-copilot.ps1 +303 -0
package/package.json +101 -0
package/requirements.txt +9 -0
package/workers/requirements-dynamic.txt +11 -0
package/workers/requirements.txt +8 -0
package/workers/speakeasy_compat.py +175 -0
package/workers/static_worker.py +5183 -0
package/workers/yara_rules/default.yar +33 -0
package/workers/yara_rules/malware_families.yar +93 -0
package/workers/yara_rules/packers.yar +80 -0

package/dist/tools/report-generate.d.ts ADDED Viewed

@@ -0,0 +1,157 @@
+/**
+ * report.generate MCP Tool
+ *
+ * Requirements: 24.1, 24.3, 24.5, 24.6
+ *
+ * Generates comprehensive Markdown analysis report
+ */
+import { z } from 'zod';
+import type { ToolDefinition, ToolHandler } from '../types.js';
+import type { DatabaseManager } from '../database.js';
+import type { WorkspaceManager } from '../workspace-manager.js';
+/**
+ * Input schema for report.generate tool
+ */
+export declare const reportGenerateInputSchema: z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodObject<{
+    sample_id: z.ZodString;
+    format: z.ZodOptional<z.ZodEnum<["markdown", "json", "html"]>>;
+    include_sections: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    evidence_scope: z.ZodDefault<z.ZodOptional<z.ZodEnum<["all", "latest", "session"]>>>;
+    evidence_session_tag: z.ZodOptional<z.ZodString>;
+    semantic_scope: z.ZodDefault<z.ZodOptional<z.ZodEnum<["all", "latest", "session"]>>>;
+    semantic_session_tag: z.ZodOptional<z.ZodString>;
+    compare_evidence_scope: z.ZodOptional<z.ZodEnum<["all", "latest", "session"]>>;
+    compare_evidence_session_tag: z.ZodOptional<z.ZodString>;
+    compare_semantic_scope: z.ZodOptional<z.ZodEnum<["all", "latest", "session"]>>;
+    compare_semantic_session_tag: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    sample_id: string;
+    evidence_scope: "all" | "latest" | "session";
+    semantic_scope: "all" | "latest" | "session";
+    evidence_session_tag?: string | undefined;
+    semantic_session_tag?: string | undefined;
+    compare_evidence_scope?: "all" | "latest" | "session" | undefined;
+    compare_evidence_session_tag?: string | undefined;
+    compare_semantic_scope?: "all" | "latest" | "session" | undefined;
+    compare_semantic_session_tag?: string | undefined;
+    format?: "markdown" | "json" | "html" | undefined;
+    include_sections?: string[] | undefined;
+}, {
+    sample_id: string;
+    evidence_scope?: "all" | "latest" | "session" | undefined;
+    evidence_session_tag?: string | undefined;
+    semantic_scope?: "all" | "latest" | "session" | undefined;
+    semantic_session_tag?: string | undefined;
+    compare_evidence_scope?: "all" | "latest" | "session" | undefined;
+    compare_evidence_session_tag?: string | undefined;
+    compare_semantic_scope?: "all" | "latest" | "session" | undefined;
+    compare_semantic_session_tag?: string | undefined;
+    format?: "markdown" | "json" | "html" | undefined;
+    include_sections?: string[] | undefined;
+}>, {
+    sample_id: string;
+    evidence_scope: "all" | "latest" | "session";
+    semantic_scope: "all" | "latest" | "session";
+    evidence_session_tag?: string | undefined;
+    semantic_session_tag?: string | undefined;
+    compare_evidence_scope?: "all" | "latest" | "session" | undefined;
+    compare_evidence_session_tag?: string | undefined;
+    compare_semantic_scope?: "all" | "latest" | "session" | undefined;
+    compare_semantic_session_tag?: string | undefined;
+    format?: "markdown" | "json" | "html" | undefined;
+    include_sections?: string[] | undefined;
+}, {
+    sample_id: string;
+    evidence_scope?: "all" | "latest" | "session" | undefined;
+    evidence_session_tag?: string | undefined;
+    semantic_scope?: "all" | "latest" | "session" | undefined;
+    semantic_session_tag?: string | undefined;
+    compare_evidence_scope?: "all" | "latest" | "session" | undefined;
+    compare_evidence_session_tag?: string | undefined;
+    compare_semantic_scope?: "all" | "latest" | "session" | undefined;
+    compare_semantic_session_tag?: string | undefined;
+    format?: "markdown" | "json" | "html" | undefined;
+    include_sections?: string[] | undefined;
+}>, {
+    sample_id: string;
+    evidence_scope: "all" | "latest" | "session";
+    semantic_scope: "all" | "latest" | "session";
+    evidence_session_tag?: string | undefined;
+    semantic_session_tag?: string | undefined;
+    compare_evidence_scope?: "all" | "latest" | "session" | undefined;
+    compare_evidence_session_tag?: string | undefined;
+    compare_semantic_scope?: "all" | "latest" | "session" | undefined;
+    compare_semantic_session_tag?: string | undefined;
+    format?: "markdown" | "json" | "html" | undefined;
+    include_sections?: string[] | undefined;
+}, {
+    sample_id: string;
+    evidence_scope?: "all" | "latest" | "session" | undefined;
+    evidence_session_tag?: string | undefined;
+    semantic_scope?: "all" | "latest" | "session" | undefined;
+    semantic_session_tag?: string | undefined;
+    compare_evidence_scope?: "all" | "latest" | "session" | undefined;
+    compare_evidence_session_tag?: string | undefined;
+    compare_semantic_scope?: "all" | "latest" | "session" | undefined;
+    compare_semantic_session_tag?: string | undefined;
+    format?: "markdown" | "json" | "html" | undefined;
+    include_sections?: string[] | undefined;
+}>, {
+    sample_id: string;
+    evidence_scope: "all" | "latest" | "session";
+    semantic_scope: "all" | "latest" | "session";
+    evidence_session_tag?: string | undefined;
+    semantic_session_tag?: string | undefined;
+    compare_evidence_scope?: "all" | "latest" | "session" | undefined;
+    compare_evidence_session_tag?: string | undefined;
+    compare_semantic_scope?: "all" | "latest" | "session" | undefined;
+    compare_semantic_session_tag?: string | undefined;
+    format?: "markdown" | "json" | "html" | undefined;
+    include_sections?: string[] | undefined;
+}, {
+    sample_id: string;
+    evidence_scope?: "all" | "latest" | "session" | undefined;
+    evidence_session_tag?: string | undefined;
+    semantic_scope?: "all" | "latest" | "session" | undefined;
+    semantic_session_tag?: string | undefined;
+    compare_evidence_scope?: "all" | "latest" | "session" | undefined;
+    compare_evidence_session_tag?: string | undefined;
+    compare_semantic_scope?: "all" | "latest" | "session" | undefined;
+    compare_semantic_session_tag?: string | undefined;
+    format?: "markdown" | "json" | "html" | undefined;
+    include_sections?: string[] | undefined;
+}>, {
+    sample_id: string;
+    evidence_scope: "all" | "latest" | "session";
+    semantic_scope: "all" | "latest" | "session";
+    evidence_session_tag?: string | undefined;
+    semantic_session_tag?: string | undefined;
+    compare_evidence_scope?: "all" | "latest" | "session" | undefined;
+    compare_evidence_session_tag?: string | undefined;
+    compare_semantic_scope?: "all" | "latest" | "session" | undefined;
+    compare_semantic_session_tag?: string | undefined;
+    format?: "markdown" | "json" | "html" | undefined;
+    include_sections?: string[] | undefined;
+}, {
+    sample_id: string;
+    evidence_scope?: "all" | "latest" | "session" | undefined;
+    evidence_session_tag?: string | undefined;
+    semantic_scope?: "all" | "latest" | "session" | undefined;
+    semantic_session_tag?: string | undefined;
+    compare_evidence_scope?: "all" | "latest" | "session" | undefined;
+    compare_evidence_session_tag?: string | undefined;
+    compare_semantic_scope?: "all" | "latest" | "session" | undefined;
+    compare_semantic_session_tag?: string | undefined;
+    format?: "markdown" | "json" | "html" | undefined;
+    include_sections?: string[] | undefined;
+}>;
+export type ReportGenerateInput = z.infer<typeof reportGenerateInputSchema>;
+/**
+ * Tool definition for report.generate
+ */
+export declare const reportGenerateToolDefinition: ToolDefinition;
+/**
+ * Create handler for report.generate tool
+ */
+export declare function createReportGenerateHandler(workspaceManager: WorkspaceManager, database: DatabaseManager): ToolHandler;
+//# sourceMappingURL=report-generate.d.ts.map

package/dist/tools/report-generate.js ADDED Viewed

@@ -0,0 +1,457 @@
+/**
+ * report.generate MCP Tool
+ *
+ * Requirements: 24.1, 24.3, 24.5, 24.6
+ *
+ * Generates comprehensive Markdown analysis report
+ */
+import { z } from 'zod';
+import fs from 'fs';
+import path from 'path';
+import { createHash, randomUUID } from 'crypto';
+import { logger } from '../logger.js';
+import { isGhidraReadyStatus } from '../ghidra-analysis-status.js';
+import { loadDynamicTraceEvidence } from '../dynamic-trace.js';
+import { loadSemanticFunctionExplanationIndex } from '../semantic-name-suggestion-artifacts.js';
+import { buildReportConfidenceSemantics } from '../confidence-semantics.js';
+import { buildRuntimeArtifactProvenance, buildSemanticArtifactProvenance, } from '../analysis-provenance.js';
+import { buildArtifactSelectionDiff, } from '../selection-diff.js';
+/**
+ * Input schema for report.generate tool
+ */
+export const reportGenerateInputSchema = z.object({
+    sample_id: z.string().describe('Sample identifier (sha256:<hex>)'),
+    format: z.enum(['markdown', 'json', 'html']).optional().describe('Report format (default: markdown)'),
+    include_sections: z.array(z.string()).optional().describe('Sections to include (default: all)'),
+    evidence_scope: z
+        .enum(['all', 'latest', 'session'])
+        .optional()
+        .default('all')
+        .describe('Runtime evidence scope: all artifacts, latest artifact window, or a specific session selector'),
+    evidence_session_tag: z
+        .string()
+        .optional()
+        .describe('Optional runtime evidence session selector used when evidence_scope=session or to narrow all/latest results'),
+    semantic_scope: z
+        .enum(['all', 'latest', 'session'])
+        .optional()
+        .default('all')
+        .describe('Semantic explanation artifact scope: all artifacts, latest explanation window, or a specific semantic review session'),
+    semantic_session_tag: z
+        .string()
+        .optional()
+        .describe('Optional semantic review session selector used when semantic_scope=session or to narrow all/latest results'),
+    compare_evidence_scope: z
+        .enum(['all', 'latest', 'session'])
+        .optional()
+        .describe('Optional baseline runtime evidence scope used to compare this report against another runtime artifact selection'),
+    compare_evidence_session_tag: z
+        .string()
+        .optional()
+        .describe('Optional baseline runtime evidence session selector used when compare_evidence_scope=session'),
+    compare_semantic_scope: z
+        .enum(['all', 'latest', 'session'])
+        .optional()
+        .describe('Optional baseline semantic explanation scope used to compare this report against another semantic artifact selection'),
+    compare_semantic_session_tag: z
+        .string()
+        .optional()
+        .describe('Optional baseline semantic explanation session selector used when compare_semantic_scope=session'),
+}).refine((value) => value.evidence_scope !== 'session' || Boolean(value.evidence_session_tag?.trim()), {
+    message: 'evidence_session_tag is required when evidence_scope=session',
+    path: ['evidence_session_tag'],
+}).refine((value) => value.semantic_scope !== 'session' || Boolean(value.semantic_session_tag?.trim()), {
+    message: 'semantic_session_tag is required when semantic_scope=session',
+    path: ['semantic_session_tag'],
+}).refine((value) => value.compare_evidence_scope !== 'session' || Boolean(value.compare_evidence_session_tag?.trim()), {
+    message: 'compare_evidence_session_tag is required when compare_evidence_scope=session',
+    path: ['compare_evidence_session_tag'],
+}).refine((value) => value.compare_semantic_scope !== 'session' || Boolean(value.compare_semantic_session_tag?.trim()), {
+    message: 'compare_semantic_session_tag is required when compare_semantic_scope=session',
+    path: ['compare_semantic_session_tag'],
+});
+/**
+ * Tool definition for report.generate
+ */
+export const reportGenerateToolDefinition = {
+    name: 'report.generate',
+    description: 'Generate comprehensive analysis report aggregating all analysis results. Supports Markdown, JSON, and HTML formats.',
+    inputSchema: reportGenerateInputSchema
+};
+/**
+ * Generate Markdown report
+ */
+function generateMarkdownReport(sample, analyses, functions, dynamicEvidence, functionExplanations, evidenceScope, evidenceSessionTag, semanticScope = 'all', semanticSessionTag, provenance, selectionDiffs) {
+    const lines = [];
+    // Header
+    lines.push(`# Analysis Report: ${sample.sha256}`);
+    lines.push('');
+    lines.push(`**Generated:** ${new Date().toISOString()}`);
+    lines.push('');
+    // Sample Information
+    lines.push('## Sample Information');
+    lines.push('');
+    lines.push(`- **SHA256:** ${sample.sha256}`);
+    lines.push(`- **MD5:** ${sample.md5}`);
+    lines.push(`- **Size:** ${sample.size} bytes`);
+    lines.push(`- **File Type:** ${sample.file_type || 'Unknown'}`);
+    lines.push(`- **Ingested:** ${sample.created_at}`);
+    lines.push('');
+    // Analysis Summary
+    lines.push('## Analysis Summary');
+    lines.push('');
+    lines.push(`- **Total Analyses:** ${analyses.length}`);
+    lines.push(`- **Completed:** ${analyses.filter(a => isGhidraReadyStatus(a.status)).length}`);
+    lines.push(`- **Failed:** ${analyses.filter(a => a.status === 'failed').length}`);
+    lines.push('');
+    // Analyses Details
+    for (const analysis of analyses) {
+        lines.push(`### ${analysis.stage} (${analysis.backend})`);
+        lines.push('');
+        lines.push(`- **Status:** ${analysis.status}`);
+        lines.push(`- **Started:** ${analysis.started_at || 'N/A'}`);
+        lines.push(`- **Finished:** ${analysis.finished_at || 'N/A'}`);
+        if (analysis.metrics_json) {
+            try {
+                const metrics = JSON.parse(analysis.metrics_json);
+                lines.push(`- **Duration:** ${metrics.elapsed_ms}ms`);
+            }
+            catch (e) {
+                // Ignore parse errors
+            }
+        }
+        if (analysis.output_json) {
+            try {
+                const output = JSON.parse(analysis.output_json);
+                if (output.function_count !== undefined) {
+                    lines.push(`- **Functions Extracted:** ${output.function_count}`);
+                }
+            }
+            catch (e) {
+                // Ignore parse errors
+            }
+        }
+        lines.push('');
+    }
+    // Function Statistics
+    if (functions.length > 0) {
+        lines.push('## Function Statistics');
+        lines.push('');
+        lines.push(`- **Total Functions:** ${functions.length}`);
+        const avgSize = functions.reduce((sum, f) => sum + (f.size || 0), 0) / functions.length;
+        lines.push(`- **Average Size:** ${Math.round(avgSize)} bytes`);
+        const entryPoints = functions.filter(f => f.is_entry_point === 1).length;
+        lines.push(`- **Entry Points:** ${entryPoints}`);
+        const exported = functions.filter(f => f.is_exported === 1).length;
+        lines.push(`- **Exported Functions:** ${exported}`);
+        lines.push('');
+        // Top Functions
+        const topFunctions = functions
+            .filter(f => f.score > 0)
+            .sort((a, b) => b.score - a.score)
+            .slice(0, 10);
+        if (topFunctions.length > 0) {
+            lines.push('### Top 10 Functions by Interest Score');
+            lines.push('');
+            lines.push('| Rank | Address | Name | Score | Tags |');
+            lines.push('|------|---------|------|-------|------|');
+            topFunctions.forEach((func, index) => {
+                const tags = func.tags ? JSON.parse(func.tags).join(', ') : '';
+                lines.push(`| ${index + 1} | ${func.address} | ${func.name || 'unknown'} | ${func.score.toFixed(2)} | ${tags} |`);
+            });
+            lines.push('');
+        }
+    }
+    lines.push('## Runtime Evidence');
+    lines.push('');
+    lines.push(`- **Evidence Scope:** ${evidenceScope}`);
+    lines.push(`- **Session Selector:** ${evidenceSessionTag || 'N/A'}`);
+    if (dynamicEvidence) {
+        lines.push(`- **Artifacts Considered:** ${dynamicEvidence.artifact_count}`);
+        lines.push(`- **Executed Trace Present:** ${dynamicEvidence.executed ? 'Yes' : 'No'}`);
+        lines.push(`- **Latest Imported At:** ${dynamicEvidence.latest_imported_at || 'N/A'}`);
+        lines.push(`- **Scope Note:** ${dynamicEvidence.scope_note || 'N/A'}`);
+        lines.push(`- **High Signal APIs:** ${dynamicEvidence.high_signal_apis.join(', ') || 'none'}`);
+        lines.push(`- **Stages:** ${dynamicEvidence.stages.join(', ') || 'none'}`);
+        lines.push(`- **Source Formats:** ${(dynamicEvidence.source_formats || []).join(', ') || 'none'}`);
+        lines.push(`- **Source Names:** ${(dynamicEvidence.source_names || []).join(', ') || 'none'}`);
+        if ((dynamicEvidence.confidence_layers || []).length > 0) {
+            lines.push('');
+            lines.push('### Runtime Evidence Lineage');
+            lines.push('');
+            for (const layer of dynamicEvidence.confidence_layers || []) {
+                lines.push(`- **${layer.layer}:** artifacts=${layer.artifact_count}, band=${layer.confidence_band}, latest=${layer.latest_imported_at || 'N/A'}, sources=${layer.source_names.join(', ') || 'none'}`);
+            }
+            lines.push('');
+        }
+        else {
+            lines.push('');
+        }
+    }
+    else {
+        lines.push('- **Artifacts Considered:** 0');
+        lines.push('- **Scope Note:** No runtime evidence matched the selected scope.');
+        lines.push('');
+    }
+    if (provenance) {
+        lines.push('## Analysis Provenance');
+        lines.push('');
+        lines.push(`- **Runtime Artifact IDs:** ${provenance.runtime.artifact_ids.join(', ') || 'none'}`);
+        lines.push(`- **Runtime Session Tags:** ${provenance.runtime.session_tags.join(', ') || 'none'}`);
+        lines.push(`- **Runtime Latest Artifact At:** ${provenance.runtime.latest_artifact_at || 'N/A'}`);
+        lines.push(`- **Semantic Artifact IDs:** ${provenance.semantic_explanations.artifact_ids.join(', ') || 'none'}`);
+        lines.push(`- **Semantic Session Tags:** ${provenance.semantic_explanations.session_tags.join(', ') || 'none'}`);
+        lines.push(`- **Semantic Latest Artifact At:** ${provenance.semantic_explanations.latest_artifact_at || 'N/A'}`);
+        lines.push('');
+    }
+    if (selectionDiffs && (selectionDiffs.runtime || selectionDiffs.semantic_explanations)) {
+        lines.push('## Selection Diffs');
+        lines.push('');
+        if (selectionDiffs.runtime) {
+            lines.push(`- **Runtime Diff:** ${selectionDiffs.runtime.summary}`);
+        }
+        if (selectionDiffs.semantic_explanations) {
+            lines.push(`- **Semantic Diff:** ${selectionDiffs.semantic_explanations.summary}`);
+        }
+        lines.push('');
+    }
+    if (functionExplanations.length > 0) {
+        lines.push('## Function Explanations');
+        lines.push('');
+        lines.push(`- **Semantic Scope:** ${semanticScope}`);
+        lines.push(`- **Semantic Session Selector:** ${semanticSessionTag || 'N/A'}`);
+        lines.push('');
+        for (const explanation of functionExplanations) {
+            lines.push(`- **${explanation.behavior}:** ${explanation.summary} (confidence=${explanation.confidence.toFixed(2)}, target=${explanation.function || explanation.address || 'unknown'}, source=${explanation.source || 'unknown'})`);
+            if (explanation.rewrite_guidance.length > 0) {
+                lines.push(`  rewrite_guidance: ${explanation.rewrite_guidance.join(' | ')}`);
+            }
+        }
+        lines.push('');
+    }
+    const confidenceSemantics = buildReportConfidenceSemantics({
+        score: dynamicEvidence?.executed ? 0.72 : dynamicEvidence ? 0.58 : 0.42,
+        evidenceScope,
+        runtimeLayers: dynamicEvidence?.confidence_layers?.map((item) => item.layer) || ['static_only'],
+        executedTracePresent: dynamicEvidence?.executed || false,
+    });
+    lines.push('## Confidence Semantics');
+    lines.push('');
+    lines.push(`- **Score Kind:** ${confidenceSemantics.score_kind}`);
+    lines.push(`- **Band:** ${confidenceSemantics.band}`);
+    lines.push(`- **Calibrated Probability:** ${confidenceSemantics.calibrated ? 'Yes' : 'No'}`);
+    lines.push(`- **Meaning:** ${confidenceSemantics.meaning}`);
+    lines.push(`- **Compare Within:** ${confidenceSemantics.compare_within}`);
+    lines.push(`- **Caution:** ${confidenceSemantics.caution}`);
+    lines.push(`- **Drivers:** ${confidenceSemantics.drivers.join(', ') || 'none'}`);
+    lines.push('');
+    // Footer
+    lines.push('---');
+    lines.push('');
+    lines.push('*Report generated by Windows EXE Decompiler MCP Server*');
+    lines.push('');
+    return lines.join('\n');
+}
+/**
+ * Create handler for report.generate tool
+ */
+export function createReportGenerateHandler(workspaceManager, database) {
+    return async (args) => {
+        try {
+            const input = reportGenerateInputSchema.parse(args);
+            logger.info({
+                sample_id: input.sample_id,
+                format: input.format,
+                evidence_scope: input.evidence_scope,
+                evidence_session_tag: input.evidence_session_tag || null,
+            }, 'report.generate tool called');
+            // Check if sample exists
+            const sample = database.findSample(input.sample_id);
+            if (!sample) {
+                return {
+                    content: [{
+                            type: 'text',
+                            text: JSON.stringify({
+                                ok: false,
+                                errors: [`Sample not found: ${input.sample_id}`]
+                            }, null, 2)
+                        }],
+                    isError: true
+                };
+            }
+            // Get all analyses for this sample
+            const analyses = database.findAnalysesBySample(input.sample_id);
+            // Get all functions for this sample
+            const functions = database.findFunctions(input.sample_id);
+            const dynamicEvidence = await loadDynamicTraceEvidence(workspaceManager, database, input.sample_id, {
+                evidenceScope: input.evidence_scope,
+                sessionTag: input.evidence_session_tag,
+            });
+            const functionExplanationIndex = await loadSemanticFunctionExplanationIndex(workspaceManager, database, input.sample_id, {
+                scope: input.semantic_scope,
+                sessionTag: input.semantic_session_tag,
+            });
+            const functionExplanations = Array.from(functionExplanationIndex.byAddress.values())
+                .sort((a, b) => {
+                if (b.confidence !== a.confidence) {
+                    return b.confidence - a.confidence;
+                }
+                return (b.created_at || '').localeCompare(a.created_at || '');
+            })
+                .slice(0, 6)
+                .map((item) => ({
+                address: item.address,
+                function: item.function,
+                behavior: item.behavior,
+                summary: item.summary,
+                confidence: item.confidence,
+                rewrite_guidance: item.rewrite_guidance.slice(0, 4),
+                source: item.model_name || item.client_name || null,
+            }));
+            const provenance = {
+                runtime: buildRuntimeArtifactProvenance(dynamicEvidence, input.evidence_scope, input.evidence_session_tag),
+                semantic_explanations: buildSemanticArtifactProvenance('semantic explanation artifacts', functionExplanationIndex, input.semantic_scope, input.semantic_session_tag),
+            };
+            const selectionDiffs = {};
+            if (input.compare_evidence_scope) {
+                const baselineDynamicEvidence = await loadDynamicTraceEvidence(workspaceManager, database, input.sample_id, {
+                    evidenceScope: input.compare_evidence_scope,
+                    sessionTag: input.compare_evidence_session_tag,
+                });
+                selectionDiffs.runtime = buildArtifactSelectionDiff('runtime', provenance.runtime, buildRuntimeArtifactProvenance(baselineDynamicEvidence, input.compare_evidence_scope, input.compare_evidence_session_tag));
+            }
+            if (input.compare_semantic_scope) {
+                const baselineSemanticIndex = await loadSemanticFunctionExplanationIndex(workspaceManager, database, input.sample_id, {
+                    scope: input.compare_semantic_scope,
+                    sessionTag: input.compare_semantic_session_tag,
+                });
+                selectionDiffs.semantic_explanations = buildArtifactSelectionDiff('semantic_explanations', provenance.semantic_explanations, buildSemanticArtifactProvenance('semantic explanation artifacts', baselineSemanticIndex, input.compare_semantic_scope, input.compare_semantic_session_tag));
+            }
+            // Generate report based on format
+            const format = input.format || 'markdown';
+            let reportContent;
+            let reportExtension;
+            let mimeType;
+            switch (format) {
+                case 'markdown':
+                    reportContent = generateMarkdownReport(sample, analyses, functions, dynamicEvidence, functionExplanations, input.evidence_scope, input.evidence_session_tag, input.semantic_scope, input.semantic_session_tag, provenance, selectionDiffs);
+                    reportExtension = 'md';
+                    mimeType = 'text/markdown';
+                    break;
+                case 'json':
+                    const confidenceSemantics = buildReportConfidenceSemantics({
+                        score: dynamicEvidence?.executed ? 0.72 : dynamicEvidence ? 0.58 : 0.42,
+                        evidenceScope: input.evidence_scope,
+                        runtimeLayers: dynamicEvidence?.confidence_layers?.map((item) => item.layer) || ['static_only'],
+                        executedTracePresent: dynamicEvidence?.executed || false,
+                    });
+                    reportContent = JSON.stringify({
+                        sample,
+                        analyses,
+                        functions,
+                        dynamic_evidence: dynamicEvidence,
+                        function_explanations: functionExplanations,
+                        evidence_scope: input.evidence_scope,
+                        evidence_session_tag: input.evidence_session_tag || null,
+                        semantic_scope: input.semantic_scope,
+                        semantic_session_tag: input.semantic_session_tag || null,
+                        provenance,
+                        selection_diffs: Object.keys(selectionDiffs).length > 0 ? selectionDiffs : undefined,
+                        confidence_semantics: confidenceSemantics,
+                        generated_at: new Date().toISOString()
+                    }, null, 2);
+                    reportExtension = 'json';
+                    mimeType = 'application/json';
+                    break;
+                case 'html':
+                    // Simple HTML wrapper around markdown
+                    reportContent = `<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <title>Analysis Report: ${sample.sha256}</title>
+  <style>
+    body { font-family: Arial, sans-serif; max-width: 1200px; margin: 0 auto; padding: 20px; }
+    table { border-collapse: collapse; width: 100%; }
+    th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
+    th { background-color: #f2f2f2; }
+  </style>
+</head>
+<body>
+<pre>${generateMarkdownReport(sample, analyses, functions, dynamicEvidence, functionExplanations, input.evidence_scope, input.evidence_session_tag, input.semantic_scope, input.semantic_session_tag, provenance, selectionDiffs)}</pre>
+</body>
+</html>`;
+                    reportExtension = 'html';
+                    mimeType = 'text/html';
+                    break;
+                default:
+                    throw new Error(`Unsupported format: ${format}`);
+            }
+            // Store report to workspace
+            const workspace = await workspaceManager.getWorkspace(input.sample_id);
+            const reportFilename = `report_${Date.now()}.${reportExtension}`;
+            const reportPath = path.join(workspace.reports, reportFilename);
+            // Ensure reports directory exists
+            if (!fs.existsSync(workspace.reports)) {
+                fs.mkdirSync(workspace.reports, { recursive: true });
+            }
+            // Write report file
+            fs.writeFileSync(reportPath, reportContent, 'utf-8');
+            // Compute SHA256 of report
+            const reportSha256 = createHash('sha256')
+                .update(reportContent)
+                .digest('hex');
+            // Insert artifact record
+            const artifactId = randomUUID();
+            database.insertArtifact({
+                id: artifactId,
+                sample_id: input.sample_id,
+                type: `report_${format}`,
+                path: `reports/${reportFilename}`,
+                sha256: reportSha256,
+                mime: mimeType,
+                created_at: new Date().toISOString()
+            });
+            logger.info({
+                sample_id: input.sample_id,
+                format,
+                artifact_id: artifactId,
+                path: reportPath
+            }, 'Report generated successfully');
+            return {
+                content: [{
+                        type: 'text',
+                        text: JSON.stringify({
+                            ok: true,
+                            data: {
+                                artifact_id: artifactId,
+                                path: reportPath,
+                                format,
+                                size: reportContent.length,
+                                sha256: reportSha256,
+                                provenance,
+                                selection_diffs: Object.keys(selectionDiffs).length > 0 ? selectionDiffs : undefined
+                            }
+                        }, null, 2)
+                    }]
+            };
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            logger.error({
+                error: errorMessage
+            }, 'report.generate tool failed');
+            return {
+                content: [{
+                        type: 'text',
+                        text: JSON.stringify({
+                            ok: false,
+                            errors: [errorMessage]
+                        }, null, 2)
+                    }],
+                isError: true
+            };
+        }
+    };
+}
+//# sourceMappingURL=report-generate.js.map