npm - windows-exe-decompiler-mcp-server - Versions diffs - 0.1.4 → 1.0.0-beta.2 - Mend

windows-exe-decompiler-mcp-server 0.1.4 → 1.0.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (539) hide show

package/CHANGELOG.md +267 -0
package/CLAUDE_INSTALLATION.md +43 -0
package/CODEX_INSTALLATION.md +12 -0
package/COPILOT_INSTALLATION.md +12 -0
package/README.md +528 -35
package/README_zh.md +211 -17
package/bin/windows-exe-decompiler-mcp-docker.js +5 -0
package/bin/windows-exe-decompiler-mcp-server.js +10 -1
package/dist/analysis-budget-scheduler.d.ts +96 -0
package/dist/analysis-budget-scheduler.js +608 -0
package/dist/analysis-coverage.d.ts +290 -0
package/dist/analysis-coverage.js +178 -0
package/dist/analysis-evidence.d.ts +232 -0
package/dist/analysis-evidence.js +337 -0
package/dist/analysis-provenance.d.ts +300 -154
package/dist/analysis-provenance.js +27 -0
package/dist/analysis-run-state.d.ts +576 -0
package/dist/analysis-run-state.js +563 -0
package/dist/analysis-task-runner.d.ts +4 -1
package/dist/analysis-task-runner.js +170 -2
package/dist/api/auth-middleware.d.ts +29 -0
package/dist/api/auth-middleware.js +62 -0
package/dist/api/file-server.d.ts +49 -0
package/dist/api/file-server.js +557 -0
package/dist/api/multipart-parser.d.ts +19 -0
package/dist/api/multipart-parser.js +96 -0
package/dist/api/rate-limiter.d.ts +29 -0
package/dist/api/rate-limiter.js +106 -0
package/dist/api/routes/dashboard-api.d.ts +21 -0
package/dist/api/routes/dashboard-api.js +249 -0
package/dist/api/routes/health.d.ts +17 -0
package/dist/api/routes/health.js +19 -0
package/dist/api/sse-events.d.ts +35 -0
package/dist/api/sse-events.js +108 -0
package/dist/artifact-inventory.js +3 -0
package/dist/async-tool-wrapper.d.ts +28 -0
package/dist/async-tool-wrapper.js +75 -0
package/dist/binary-diff-engine.d.ts +117 -0
package/dist/binary-diff-engine.js +123 -0
package/dist/cache-manager.d.ts +10 -0
package/dist/cache-manager.js +67 -1
package/dist/cfg-visual-exports.d.ts +100 -0
package/dist/cfg-visual-exports.js +653 -0
package/dist/chunked-analysis-evidence.d.ts +20 -0
package/dist/chunked-analysis-evidence.js +45 -0
package/dist/confidence-semantics.d.ts +39 -19
package/dist/confidence-semantics.js +53 -0
package/dist/config-validator.d.ts +24 -0
package/dist/config-validator.js +115 -0
package/dist/config.d.ts +462 -242
package/dist/config.js +201 -0
package/dist/constraint/constraint-extractor.d.ts +68 -0
package/dist/constraint/constraint-extractor.js +212 -0
package/dist/constraint/keygen-synthesizer.d.ts +31 -0
package/dist/constraint/keygen-synthesizer.js +250 -0
package/dist/constraint/mba-simplifier.d.ts +60 -0
package/dist/constraint/mba-simplifier.js +429 -0
package/dist/crypto-breakpoint-analysis.d.ts +920 -0
package/dist/crypto-breakpoint-analysis.js +873 -0
package/dist/crypto-planning-artifacts.d.ts +30 -0
package/dist/crypto-planning-artifacts.js +149 -0
package/dist/database.d.ts +286 -0
package/dist/database.js +1002 -0
package/dist/debug/debug-session-state.d.ts +46 -0
package/dist/debug/debug-session-state.js +103 -0
package/dist/debug/gdb-mi-client.d.ts +38 -0
package/dist/debug/gdb-mi-client.js +262 -0
package/dist/decompiler-worker.d.ts +37 -0
package/dist/decompiler-worker.js +155 -1
package/dist/env-validator.js +3 -9
package/dist/explanation-graphs.d.ts +714 -0
package/dist/explanation-graphs.js +238 -0
package/dist/format-detect.d.ts +6 -0
package/dist/format-detect.js +47 -0
package/dist/frida/script-generator.d.ts +21 -0
package/dist/frida/script-generator.js +93 -0
package/dist/ghidra-config.js +23 -0
package/dist/ghidra-execution-summary.d.ts +92 -92
package/dist/index.d.ts +3 -1
package/dist/index.js +31 -180
package/dist/intent-routing.d.ts +279 -0
package/dist/intent-routing.js +445 -0
package/dist/job-queue.d.ts +21 -1
package/dist/job-queue.js +79 -11
package/dist/kb/capa-import.d.ts +13 -0
package/dist/kb/capa-import.js +102 -0
package/dist/kb/function-kb.d.ts +24 -0
package/dist/kb/function-kb.js +127 -0
package/dist/kb/kb-database.d.ts +58 -0
package/dist/kb/kb-database.js +99 -0
package/dist/kb/kb-export.d.ts +14 -0
package/dist/kb/kb-export.js +79 -0
package/dist/kb/kb-import.d.ts +14 -0
package/dist/kb/kb-import.js +156 -0
package/dist/kb/kb-llm-integration.d.ts +37 -0
package/dist/kb/kb-llm-integration.js +42 -0
package/dist/kb/misp-import.d.ts +19 -0
package/dist/kb/misp-import.js +117 -0
package/dist/kb/sample-kb.d.ts +43 -0
package/dist/kb/sample-kb.js +45 -0
package/dist/kb/search-kb.d.ts +30 -0
package/dist/kb/search-kb.js +107 -0
package/dist/kb/seed-loader.d.ts +15 -0
package/dist/kb/seed-loader.js +59 -0
package/dist/kb/team-kb.d.ts +17 -0
package/dist/kb/team-kb.js +45 -0
package/dist/llm/auto-trigger.d.ts +39 -0
package/dist/llm/auto-trigger.js +113 -0
package/dist/llm/context-manager.d.ts +74 -0
package/dist/llm/context-manager.js +168 -0
package/dist/llm/llm-analyze.d.ts +93 -0
package/dist/llm/llm-analyze.js +165 -0
package/dist/llm/model-router.d.ts +89 -0
package/dist/llm/model-router.js +162 -0
package/dist/logger.js +6 -3
package/dist/nonblocking-analysis.d.ts +21 -0
package/dist/nonblocking-analysis.js +54 -0
package/dist/npm-docker-launcher.d.ts +22 -0
package/dist/npm-docker-launcher.js +160 -0
package/dist/pagination.d.ts +21 -0
package/dist/pagination.js +25 -0
package/dist/performance-benchmark.d.ts +105 -0
package/dist/performance-benchmark.js +217 -0
package/dist/plugin-registry.d.ts +65 -0
package/dist/plugin-registry.js +143 -0
package/dist/plugins/android/index.d.ts +9 -0
package/dist/plugins/android/index.js +38 -0
package/dist/plugins/android/tools/apk-packer-detect.d.ts +15 -0
package/dist/plugins/android/tools/apk-packer-detect.js +74 -0
package/dist/plugins/android/tools/apk-structure-analyze.d.ts +50 -0
package/dist/plugins/android/tools/apk-structure-analyze.js +87 -0
package/dist/plugins/android/tools/dex-classes-list.d.ts +15 -0
package/dist/plugins/android/tools/dex-classes-list.js +66 -0
package/dist/plugins/android/tools/dex-decompile.d.ts +52 -0
package/dist/plugins/android/tools/dex-decompile.js +90 -0
package/dist/plugins/crackme/index.d.ts +9 -0
package/dist/plugins/crackme/index.js +31 -0
package/dist/plugins/crackme/tools/crackme-locate-validation.d.ts +17 -0
package/dist/plugins/crackme/tools/crackme-locate-validation.js +221 -0
package/dist/plugins/crackme/tools/keygen-verify.d.ts +31 -0
package/dist/plugins/crackme/tools/keygen-verify.js +121 -0
package/dist/plugins/crackme/tools/patch-generate.d.ts +56 -0
package/dist/plugins/crackme/tools/patch-generate.js +273 -0
package/dist/plugins/crackme/tools/symbolic-explore.d.ts +37 -0
package/dist/plugins/crackme/tools/symbolic-explore.js +109 -0
package/dist/plugins/cross-module/index.d.ts +9 -0
package/dist/plugins/cross-module/index.js +22 -0
package/dist/plugins/cross-module/tools/call-graph-cross-module.d.ts +20 -0
package/dist/plugins/cross-module/tools/call-graph-cross-module.js +187 -0
package/dist/plugins/cross-module/tools/cross-binary-compare.d.ts +20 -0
package/dist/plugins/cross-module/tools/cross-binary-compare.js +188 -0
package/dist/plugins/cross-module/tools/dll-dependency-tree.d.ts +20 -0
package/dist/plugins/cross-module/tools/dll-dependency-tree.js +146 -0
package/dist/plugins/debug-session/index.d.ts +10 -0
package/dist/plugins/debug-session/index.js +42 -0
package/dist/plugins/debug-session/tools/debug-session-breakpoint.d.ts +58 -0
package/dist/plugins/debug-session/tools/debug-session-breakpoint.js +108 -0
package/dist/plugins/debug-session/tools/debug-session-continue.d.ts +49 -0
package/dist/plugins/debug-session/tools/debug-session-continue.js +82 -0
package/dist/plugins/debug-session/tools/debug-session-end.d.ts +49 -0
package/dist/plugins/debug-session/tools/debug-session-end.js +71 -0
package/dist/plugins/debug-session/tools/debug-session-inspect.d.ts +58 -0
package/dist/plugins/debug-session/tools/debug-session-inspect.js +110 -0
package/dist/plugins/debug-session/tools/debug-session-start.d.ts +49 -0
package/dist/plugins/debug-session/tools/debug-session-start.js +60 -0
package/dist/plugins/debug-session/tools/debug-session-step.d.ts +49 -0
package/dist/plugins/debug-session/tools/debug-session-step.js +88 -0
package/dist/plugins/dynamic/index.d.ts +9 -0
package/dist/plugins/dynamic/index.js +25 -0
package/dist/plugins/dynamic/tools/dynamic-auto-hook.d.ts +23 -0
package/dist/plugins/dynamic/tools/dynamic-auto-hook.js +220 -0
package/dist/plugins/dynamic/tools/dynamic-memory-dump.d.ts +28 -0
package/dist/plugins/dynamic/tools/dynamic-memory-dump.js +196 -0
package/dist/plugins/dynamic/tools/dynamic-trace-attribute.d.ts +19 -0
package/dist/plugins/dynamic/tools/dynamic-trace-attribute.js +172 -0
package/dist/plugins/frida/index.d.ts +9 -0
package/dist/plugins/frida/index.js +35 -0
package/dist/plugins/frida/tools/frida-runtime-instrument.d.ts +71 -0
package/dist/plugins/frida/tools/frida-runtime-instrument.js +448 -0
package/dist/plugins/frida/tools/frida-script-inject.d.ts +71 -0
package/dist/plugins/frida/tools/frida-script-inject.js +468 -0
package/dist/plugins/frida/tools/frida-trace-capture.d.ts +363 -0
package/dist/plugins/frida/tools/frida-trace-capture.js +504 -0
package/dist/plugins/ghidra/index.d.ts +9 -0
package/dist/plugins/ghidra/index.js +37 -0
package/dist/plugins/ghidra/tools/ghidra-analyze.d.ts +217 -0
package/dist/{tools → plugins/ghidra/tools}/ghidra-analyze.js +84 -51
package/dist/plugins/ghidra/tools/ghidra-health.d.ts +84 -0
package/dist/{tools → plugins/ghidra/tools}/ghidra-health.js +9 -12
package/dist/plugins/kb-collaboration/index.d.ts +9 -0
package/dist/plugins/kb-collaboration/index.js +20 -0
package/dist/plugins/kb-collaboration/tools/analysis-template.d.ts +23 -0
package/dist/plugins/kb-collaboration/tools/analysis-template.js +202 -0
package/dist/plugins/kb-collaboration/tools/kb-function-match.d.ts +26 -0
package/dist/plugins/kb-collaboration/tools/kb-function-match.js +193 -0
package/dist/plugins/malware/index.d.ts +9 -0
package/dist/plugins/malware/index.js +28 -0
package/dist/plugins/malware/tools/c2-extract.d.ts +16 -0
package/dist/plugins/malware/tools/c2-extract.js +82 -0
package/dist/plugins/malware/tools/malware-classify.d.ts +16 -0
package/dist/plugins/malware/tools/malware-classify.js +98 -0
package/dist/plugins/malware/tools/malware-config-extract.d.ts +16 -0
package/dist/plugins/malware/tools/malware-config-extract.js +83 -0
package/dist/plugins/malware/tools/sandbox-report.d.ts +20 -0
package/dist/plugins/malware/tools/sandbox-report.js +166 -0
package/dist/plugins/memory-forensics/index.d.ts +11 -0
package/dist/plugins/memory-forensics/index.js +205 -0
package/dist/plugins/observability/index.d.ts +11 -0
package/dist/plugins/observability/index.js +139 -0
package/dist/plugins/pe-analysis/index.d.ts +10 -0
package/dist/plugins/pe-analysis/index.js +32 -0
package/dist/plugins/pe-analysis/tools/pe-exports-extract.d.ts +172 -0
package/dist/{tools → plugins/pe-analysis/tools}/pe-exports-extract.js +23 -26
package/dist/plugins/pe-analysis/tools/pe-fingerprint.d.ts +231 -0
package/dist/{tools → plugins/pe-analysis/tools}/pe-fingerprint.js +21 -24
package/dist/plugins/pe-analysis/tools/pe-imports-extract.d.ts +102 -0
package/dist/{tools → plugins/pe-analysis/tools}/pe-imports-extract.js +22 -25
package/dist/plugins/pe-analysis/tools/pe-pdata-extract.d.ts +445 -0
package/dist/{tools → plugins/pe-analysis/tools}/pe-pdata-extract.js +6 -5
package/dist/plugins/pe-analysis/tools/pe-structure-analyze.d.ts +490 -0
package/dist/plugins/pe-analysis/tools/pe-structure-analyze.js +247 -0
package/dist/plugins/pe-analysis/tools/pe-symbols-recover.d.ts +219 -0
package/dist/{tools → plugins/pe-analysis/tools}/pe-symbols-recover.js +10 -9
package/dist/plugins/plugin-sandbox-worker.d.ts +13 -0
package/dist/plugins/plugin-sandbox-worker.js +80 -0
package/dist/plugins/plugin-sandbox.d.ts +62 -0
package/dist/plugins/plugin-sandbox.js +142 -0
package/dist/plugins/sdk.d.ts +193 -0
package/dist/plugins/sdk.js +14 -0
package/dist/plugins/threat-intel/index.d.ts +9 -0
package/dist/plugins/threat-intel/index.js +20 -0
package/dist/plugins/threat-intel/tools/attack-map.d.ts +287 -0
package/dist/{tools → plugins/threat-intel/tools}/attack-map.js +4 -3
package/dist/plugins/threat-intel/tools/ioc-export.d.ts +206 -0
package/dist/{tools → plugins/threat-intel/tools}/ioc-export.js +4 -3
package/dist/plugins/visualization/index.d.ts +9 -0
package/dist/plugins/visualization/index.js +22 -0
package/dist/plugins/visualization/tools/behavior-timeline.d.ts +23 -0
package/dist/plugins/visualization/tools/behavior-timeline.js +200 -0
package/dist/plugins/visualization/tools/data-flow-map.d.ts +20 -0
package/dist/plugins/visualization/tools/data-flow-map.js +246 -0
package/dist/plugins/visualization/tools/report-html-generate.d.ts +23 -0
package/dist/plugins/visualization/tools/report-html-generate.js +255 -0
package/dist/plugins/vuln-scanner/index.d.ts +10 -0
package/dist/plugins/vuln-scanner/index.js +21 -0
package/dist/plugins/vuln-scanner/tools/vuln-pattern-scan.d.ts +58 -0
package/dist/plugins/vuln-scanner/tools/vuln-pattern-scan.js +137 -0
package/dist/plugins/vuln-scanner/tools/vuln-pattern-summary.d.ts +49 -0
package/dist/plugins/vuln-scanner/tools/vuln-pattern-summary.js +128 -0
package/dist/plugins.d.ts +84 -0
package/dist/plugins.js +430 -0
package/dist/policy-guard.js +3 -3
package/dist/polling-guidance.d.ts +11 -11
package/dist/polling-guidance.js +4 -1
package/dist/prompts/function-explanation-review.js +2 -0
package/dist/prompts/module-reconstruction-review.js +2 -0
package/dist/prompts/semantic-name-review.js +2 -0
package/dist/python-process-pool.d.ts +55 -0
package/dist/python-process-pool.js +153 -0
package/dist/retry.d.ts +34 -0
package/dist/retry.js +68 -0
package/dist/runtime-correlation.d.ts +42 -0
package/dist/runtime-correlation.js +76 -0
package/dist/runtime-paths.js +36 -3
package/dist/runtime-worker-pool.d.ts +79 -0
package/dist/runtime-worker-pool.js +317 -0
package/dist/safe-command.d.ts +23 -0
package/dist/safe-command.js +71 -0
package/dist/sample-finalization.d.ts +28 -0
package/dist/sample-finalization.js +159 -0
package/dist/selection-diff.d.ts +1050 -513
package/dist/selection-diff.js +20 -4
package/dist/server.d.ts +97 -4
package/dist/server.js +518 -55
package/dist/setup-guidance.d.ts +63 -33
package/dist/setup-guidance.js +410 -6
package/dist/static-analysis-artifacts.d.ts +28 -0
package/dist/static-analysis-artifacts.js +127 -0
package/dist/static-analysis-environment.d.ts +10 -0
package/dist/static-analysis-environment.js +103 -0
package/dist/static-backend-discovery.d.ts +39 -0
package/dist/static-backend-discovery.js +455 -0
package/dist/storage/cleanup-job.d.ts +24 -0
package/dist/storage/cleanup-job.js +150 -0
package/dist/storage/metadata-logger.d.ts +47 -0
package/dist/storage/metadata-logger.js +98 -0
package/dist/storage/storage-manager.d.ts +118 -0
package/dist/storage/storage-manager.js +456 -0
package/dist/streaming-progress.d.ts +23 -0
package/dist/streaming-progress.js +41 -0
package/dist/string-xref-analysis.d.ts +629 -0
package/dist/string-xref-analysis.js +577 -0
package/dist/string-xref-artifacts.d.ts +30 -0
package/dist/string-xref-artifacts.js +149 -0
package/dist/summary-artifacts.d.ts +33 -0
package/dist/summary-artifacts.js +149 -0
package/dist/summary-digests.d.ts +2459 -0
package/dist/summary-digests.js +653 -0
package/dist/tool-name-normalization.d.ts +7 -0
package/dist/tool-name-normalization.js +44 -0
package/dist/tool-registry.d.ts +27 -0
package/dist/tool-registry.js +362 -0
package/dist/tool-surface-guidance.d.ts +6 -0
package/dist/tool-surface-guidance.js +12 -0
package/dist/tools/analysis-context-link.d.ts +275 -0
package/dist/tools/analysis-context-link.js +654 -0
package/dist/tools/artifact-download.d.ts +102 -0
package/dist/tools/artifact-download.js +154 -0
package/dist/tools/artifact-read.d.ts +146 -146
package/dist/tools/artifact-read.js +4 -0
package/dist/tools/artifacts-diff.d.ts +546 -546
package/dist/tools/artifacts-list.d.ts +368 -368
package/dist/tools/artifacts-list.js +1 -0
package/dist/tools/batch-analysis.d.ts +64 -0
package/dist/tools/batch-analysis.js +185 -0
package/dist/tools/binary-diff-summary.d.ts +66 -0
package/dist/tools/binary-diff-summary.js +168 -0
package/dist/tools/binary-diff.d.ts +69 -0
package/dist/tools/binary-diff.js +284 -0
package/dist/tools/binary-role-profile.d.ts +933 -820
package/dist/tools/binary-role-profile.js +126 -19
package/dist/tools/breakpoint-smart.d.ts +436 -0
package/dist/tools/breakpoint-smart.js +288 -0
package/dist/tools/code-function-cfg.d.ts +940 -31
package/dist/tools/code-function-cfg.js +419 -55
package/dist/tools/code-function-decompile.d.ts +20 -20
package/dist/tools/code-function-disassemble.d.ts +12 -12
package/dist/tools/code-function-explain-apply.d.ts +170 -170
package/dist/tools/code-function-explain-prepare.d.ts +344 -344
package/dist/tools/code-function-explain-review.d.ts +258 -258
package/dist/tools/code-function-explain-review.js +17 -2
package/dist/tools/code-function-rename-apply.d.ts +164 -164
package/dist/tools/code-function-rename-prepare.d.ts +350 -350
package/dist/tools/code-function-rename-review.d.ts +400 -400
package/dist/tools/code-function-rename-review.js +17 -2
package/dist/tools/code-functions-define.d.ts +242 -242
package/dist/tools/code-functions-list.d.ts +6 -6
package/dist/tools/code-functions-rank.d.ts +7 -4
package/dist/tools/code-functions-rank.js +34 -2
package/dist/tools/code-functions-reconstruct.d.ts +2812 -2367
package/dist/tools/code-functions-reconstruct.js +4 -1
package/dist/tools/code-functions-search.d.ts +20 -20
package/dist/tools/code-functions-search.js +2 -1
package/dist/tools/code-functions-smart-recover.d.ts +254 -254
package/dist/tools/code-module-review-apply.d.ts +150 -150
package/dist/tools/code-module-review-prepare.d.ts +566 -566
package/dist/tools/code-module-review.d.ts +328 -328
package/dist/tools/code-module-review.js +17 -2
package/dist/tools/code-reconstruct-export.d.ts +1300 -1036
package/dist/tools/code-reconstruct-export.js +4 -4
package/dist/tools/code-reconstruct-plan.d.ts +168 -168
package/dist/tools/code-xrefs-analyze.d.ts +272 -0
package/dist/tools/code-xrefs-analyze.js +344 -0
package/dist/tools/com-role-profile.d.ts +232 -232
package/dist/tools/compiler-packer-detect.d.ts +822 -0
package/dist/tools/compiler-packer-detect.js +401 -0
package/dist/tools/config-validate.d.ts +21 -0
package/dist/tools/config-validate.js +39 -0
package/dist/tools/constraint-extract.d.ts +57 -0
package/dist/tools/constraint-extract.js +110 -0
package/dist/tools/crypto-identify.d.ts +756 -0
package/dist/tools/crypto-identify.js +670 -0
package/dist/tools/dll-export-profile.d.ts +420 -420
package/dist/tools/docker-backend-tools.d.ts +2471 -0
package/dist/tools/docker-backend-tools.js +1692 -0
package/dist/tools/dotnet-metadata-extract.d.ts +320 -320
package/dist/tools/dotnet-reconstruct-export.d.ts +406 -406
package/dist/tools/dotnet-types-list.d.ts +224 -224
package/dist/tools/dynamic-dependencies.d.ts +147 -147
package/dist/tools/dynamic-dependencies.js +143 -8
package/dist/tools/elf-exports-extract.d.ts +51 -0
package/dist/tools/elf-exports-extract.js +97 -0
package/dist/tools/elf-imports-extract.d.ts +51 -0
package/dist/tools/elf-imports-extract.js +105 -0
package/dist/tools/elf-structure-analyze.d.ts +51 -0
package/dist/tools/elf-structure-analyze.js +91 -0
package/dist/tools/kb-export.d.ts +57 -0
package/dist/tools/kb-export.js +68 -0
package/dist/tools/kb-import-bulk.d.ts +54 -0
package/dist/tools/kb-import-bulk.js +142 -0
package/dist/tools/kb-import.d.ts +51 -0
package/dist/tools/kb-import.js +47 -0
package/dist/tools/kb-stats.d.ts +48 -0
package/dist/tools/kb-stats.js +83 -0
package/dist/tools/keygen-synthesize.d.ts +57 -0
package/dist/tools/keygen-synthesize.js +103 -0
package/dist/tools/macho-structure-analyze.d.ts +51 -0
package/dist/tools/macho-structure-analyze.js +91 -0
package/dist/tools/mba-simplify.d.ts +54 -0
package/dist/tools/mba-simplify.js +82 -0
package/dist/tools/packer-detect.d.ts +86 -86
package/dist/tools/packer-detect.js +16 -20
package/dist/tools/plugin-list.d.ts +43 -0
package/dist/tools/plugin-list.js +155 -0
package/dist/tools/report-generate.d.ts +601 -111
package/dist/tools/report-generate.js +206 -8
package/dist/tools/report-summarize.d.ts +7916 -3768
package/dist/tools/report-summarize.js +1181 -50
package/dist/tools/runtime-detect.d.ts +62 -62
package/dist/tools/runtime-detect.js +16 -20
package/dist/tools/rust-binary-analyze.d.ts +1540 -1540
package/dist/tools/rust-binary-analyze.js +2 -2
package/dist/tools/rust-demangle.d.ts +49 -0
package/dist/tools/rust-demangle.js +202 -0
package/dist/tools/sample-ingest.d.ts +73 -38
package/dist/tools/sample-ingest.js +180 -154
package/dist/tools/sample-profile-get.d.ts +340 -218
package/dist/tools/sample-profile-get.js +112 -12
package/dist/tools/sample-request-upload.d.ts +92 -0
package/dist/tools/sample-request-upload.js +91 -0
package/dist/tools/sandbox-execute.d.ts +302 -302
package/dist/tools/sbom-generate.d.ts +27 -0
package/dist/tools/sbom-generate.js +152 -0
package/dist/tools/setup-remediate.d.ts +495 -0
package/dist/tools/setup-remediate.js +259 -0
package/dist/tools/smt-solve.d.ts +60 -0
package/dist/tools/smt-solve.js +157 -0
package/dist/tools/static-capability-triage.d.ts +666 -0
package/dist/tools/static-capability-triage.js +305 -0
package/dist/tools/static-worker-client.d.ts +41 -0
package/dist/tools/static-worker-client.js +59 -0
package/dist/tools/strings-extract.d.ts +1019 -252
package/dist/tools/strings-extract.js +293 -43
package/dist/tools/strings-floss-decode.d.ts +752 -74
package/dist/tools/strings-floss-decode.js +133 -31
package/dist/tools/system-health.d.ts +411 -385
package/dist/tools/system-health.js +158 -9
package/dist/tools/system-setup-guide.d.ts +125 -125
package/dist/tools/system-setup-guide.js +14 -5
package/dist/tools/task-cancel.d.ts +4 -4
package/dist/tools/task-status.d.ts +131 -10
package/dist/tools/task-status.js +300 -69
package/dist/tools/task-sweep.d.ts +4 -4
package/dist/tools/tool-help.d.ts +236 -222
package/dist/tools/tool-help.js +563 -19
package/dist/tools/trace-condition.d.ts +1118 -0
package/dist/tools/trace-condition.js +366 -0
package/dist/tools/unpack-auto.d.ts +132 -0
package/dist/tools/unpack-auto.js +297 -0
package/dist/tools/vm-detect.d.ts +57 -0
package/dist/tools/vm-detect.js +124 -0
package/dist/tools/vm-disasm-build.d.ts +64 -0
package/dist/tools/vm-disasm-build.js +124 -0
package/dist/tools/vm-emulate.d.ts +69 -0
package/dist/tools/vm-emulate.js +131 -0
package/dist/tools/vm-opcode-extract.d.ts +60 -0
package/dist/tools/vm-opcode-extract.js +122 -0
package/dist/tools/vm-pattern-analyze.d.ts +64 -0
package/dist/tools/vm-pattern-analyze.js +142 -0
package/dist/tools/vm-semantic-diff.d.ts +57 -0
package/dist/tools/vm-semantic-diff.js +83 -0
package/dist/tools/yara-generate-batch.d.ts +60 -0
package/dist/tools/yara-generate-batch.js +169 -0
package/dist/tools/yara-generate.d.ts +63 -0
package/dist/tools/yara-generate.js +168 -0
package/dist/tools/yara-scan.d.ts +358 -358
package/dist/tools/yara-scan.js +16 -20
package/dist/types.d.ts +5 -1
package/dist/unpack-debug-runtime.d.ts +421 -0
package/dist/unpack-debug-runtime.js +542 -0
package/dist/unpack-strategy.d.ts +50 -0
package/dist/unpack-strategy.js +356 -0
package/dist/visualization/call-graph.d.ts +57 -0
package/dist/visualization/call-graph.js +147 -0
package/dist/visualization/crypto-flow.d.ts +50 -0
package/dist/visualization/crypto-flow.js +152 -0
package/dist/visualization/data-flow.d.ts +51 -0
package/dist/visualization/data-flow.js +154 -0
package/dist/visualization/visualization-integration.d.ts +53 -0
package/dist/visualization/visualization-integration.js +50 -0
package/dist/vm/disassembler-builder.d.ts +36 -0
package/dist/vm/disassembler-builder.js +106 -0
package/dist/vm/opcode-extractor.d.ts +48 -0
package/dist/vm/opcode-extractor.js +148 -0
package/dist/vm/semantic-diff.d.ts +37 -0
package/dist/vm/semantic-diff.js +163 -0
package/dist/vm/vm-detector.d.ts +86 -0
package/dist/vm/vm-detector.js +254 -0
package/dist/vm/vm-emulator.d.ts +89 -0
package/dist/vm/vm-emulator.js +341 -0
package/dist/vuln-patterns.d.ts +43 -0
package/dist/vuln-patterns.js +117 -0
package/dist/worker-pool.d.ts +5 -0
package/dist/worker-pool.js +57 -17
package/dist/workflows/analyze-auto.d.ts +690 -0
package/dist/workflows/analyze-auto.js +882 -0
package/dist/workflows/analyze-pipeline.d.ts +7626 -0
package/dist/workflows/analyze-pipeline.js +2061 -0
package/dist/workflows/deep-static.d.ts +402 -16
package/dist/workflows/deep-static.js +202 -55
package/dist/workflows/function-explanation-review.d.ts +4702 -3319
package/dist/workflows/function-index-recover.d.ts +224 -224
package/dist/workflows/function-index-recover.js +2 -2
package/dist/workflows/module-reconstruction-review.d.ts +4663 -3280
package/dist/workflows/reconstruct.d.ts +5834 -3572
package/dist/workflows/reconstruct.js +297 -10
package/dist/workflows/semantic-name-review.d.ts +4824 -3441
package/dist/workflows/summarize.d.ts +5839 -0
package/dist/workflows/summarize.js +825 -0
package/dist/workflows/triage.d.ts +1046 -405
package/dist/workflows/triage.js +1179 -30
package/dist/workspace-manager.d.ts +10 -0
package/dist/workspace-manager.js +29 -0
package/dist/yara-rule-builder.d.ts +53 -0
package/dist/yara-rule-builder.js +266 -0
package/frida_scripts/README.md +90 -0
package/frida_scripts/android_crypto_trace.js +96 -0
package/frida_scripts/android_root_bypass.js +76 -0
package/frida_scripts/android_ssl_bypass.js +66 -0
package/frida_scripts/anti_debug_bypass.js +220 -0
package/frida_scripts/api_trace.js +227 -0
package/frida_scripts/crypto_finder.js +216 -0
package/frida_scripts/file_registry_monitor.js +416 -0
package/frida_scripts/string_decoder.js +210 -0
package/ghidra_scripts/AnalyzeCrossReferences.java +644 -0
package/package.json +26 -5
package/requirements.txt +2 -0
package/workers/apk_dex_worker.py +415 -0
package/workers/constraint_solver_worker.py +301 -0
package/workers/elf_macho_worker.py +753 -0
package/workers/frida_worker.py +814 -0
package/workers/keygen_verify_worker.py +164 -0
package/workers/malware_config_worker.py +244 -0
package/workers/requirements-dynamic.txt +4 -0
package/workers/requirements-qiling.txt +5 -0
package/workers/requirements.txt +2 -0
package/workers/rizin_diff_worker.py +141 -0
package/workers/rizin_preview_worker.py +84 -0
package/workers/static_worker.py +817 -33
package/workers/symbolic_explorer_worker.py +170 -0
package/dist/tools/attack-map.d.ts +0 -290
package/dist/tools/ghidra-analyze.d.ts +0 -110
package/dist/tools/ghidra-health.d.ts +0 -214
package/dist/tools/ioc-export.d.ts +0 -209
package/dist/tools/pe-exports-extract.d.ts +0 -175
package/dist/tools/pe-fingerprint.d.ts +0 -234
package/dist/tools/pe-imports-extract.d.ts +0 -105
package/dist/tools/pe-pdata-extract.d.ts +0 -448
package/dist/tools/pe-symbols-recover.d.ts +0 -227

package/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,273 @@ Versioning where practical.
 ## [Unreleased]
+### Plugin System Deep Refactoring
+- **Plugin directory convention**: All plugin tool handlers migrated from flat `src/tools/` into `src/plugins/<id>/tools/` directories. Each plugin is now fully self-contained.
+- **6 new plugins**: Expanded from 9 → 15 built-in plugins:
+  - `vuln-scanner` — Vulnerability pattern scanning and summary (2 tools)
+  - `pe-analysis` — PE structure, imports, exports, fingerprint, pdata, symbol recovery (6 tools)
+  - `threat-intel` — ATT&CK mapping and IOC export (2 tools)
+  - `debug-session` — GDB/LLDB debug session management (6 tools)
+  - `memory-forensics` — Memory dump analysis, volatility integration (6 tools)
+  - `observability` — Tool call hook tracing (1 tool)
+- **Plugin SDK**: Added `ToolArgs` type to `src/plugins/sdk.ts`; unified handler signature to `(deps: PluginToolDeps)` pattern across all plugins.
+- **Tool count**: 160 MCP tools total (109 registry + 51 plugin-managed).
+- **Test coverage**: 207 test files (194 unit + 13 integration).
+### Web Dashboard
+- **Web Dashboard** (`src/api/dashboard/index.html`): Dark-themed single-page monitoring dashboard served at `http://localhost:18080/dashboard`. 6 tabs: Overview, Tools, Plugins, Samples, Config, System.
+- **Dashboard API** (`src/api/routes/dashboard-api.ts`): 7 JSON REST endpoints (`/api/v1/dashboard/*`) — overview, tools (categorized), plugins, samples (paginated), workers, config validation, system info.
+- **Real-time SSE integration**: Dashboard subscribes to `/api/v1/events` for live analysis event streaming.
+- **Auto-refresh**: Overview tab auto-polls every 15 seconds; tool search and sample pagination are fully client-side.
+- **Docker integration**: Dashboard HTML is copied to dist during build; Dockerfile includes static asset copy; `docker-compose.yml` port comment updated.
+### Production Hardening (P0-P3)
+- **CI test coverage** (P0): `.github/workflows/ci.yml` runs full test suite.
+- **TODO stub completion** (P0): Implemented `keygen-synthesizer`, `worker-pool`, `context-manager`, `decompiler-worker`, `DatabaseManager.getDb()`, `WorkerPool.registerHandler()`.
+- **Config validation** (P0): `src/config-validator.ts` with `validateConfig()` returning `ValidationReport`; `config.validate` MCP tool.
+- **Rate limiting** (P1): `src/api/rate-limiter.ts` integrated into HTTP File Server.
+- **Pagination** (P1): `src/pagination.ts` cursor-based pagination utility.
+- **Retry** (P1): `src/retry.ts` exponential backoff helper for transient failures.
+- **Plugin SDK package** (P2): `packages/plugin-sdk/` standalone npm package for third-party plugin authors.
+- **Plugin scaffolding** (P2): `scripts/create-plugin.js` interactive plugin generator.
+- **Plugin tests** (P2): `tests/unit/plugins.test.ts` — 17 tests covering lifecycle, hooks, hot-load, and dependency resolution.
+- **Plugin registry** (P2): `src/plugin-registry.ts` centralized plugin discovery and management.
+- **LLM multi-model routing** (P3): `src/llm/model-router.ts` supports routing to multiple LLM backends.
+- **Memory forensics** (P3): `src/plugins/memory-forensics.ts` plugin for memory analysis.
+- **SBOM generation** (P3): `src/tools/sbom-generate.ts` Software Bill of Materials export.
+- **Batch analysis** (P3): `src/tools/batch-analysis.ts` multi-sample batch analysis orchestration.
+- **SSE events** (P3): `src/api/sse-events.ts` Server-Sent Events infrastructure for real-time streaming.
+### Plugin SDK (Open Extensibility)
+- **Plugin SDK** (`src/plugins.ts`): Complete rewrite — enhanced `Plugin` interface with `description`, `version`, `dependencies`, `configSchema`, `hooks`, and `teardown` fields. Third-party plugin authors implement this interface for full extensibility.
+- **PluginManager**: Singleton class managing plugin lifecycle — `loadAll()`, `loadOne()`, `hotLoad()`, `unload()`, `fireHook()`, topological dependency sorting, `resolveEnabledPlugins()`.
+- **9 built-in plugins**: Expanded from 4 → 9 plugins. Added `frida` (runtime instrumentation), `ghidra` (headless analysis), `cross-module` (cross-binary comparison), `visualization` (HTML reports, timelines, data-flow maps), `kb-collaboration` (function matching, analysis templates).
+- **Prerequisite checks**: `android` checks jadx binary access, `frida` checks `frida --version`, `ghidra` checks `GHIDRA_INSTALL_DIR` env var. Plugins that fail checks are gracefully skipped.
+- **Plugin auto-discovery**: `plugins/` directory at project root is scanned for `.js`/`.mjs` files that default-export a `Plugin` object — loaded automatically alongside built-ins.
+- **Declarative config schema**: Each plugin declares `configSchema: PluginConfigField[]` (envVar, description, required, defaultValue). Surfaced via `plugin.list` tool.
+- **Dependency resolution**: Plugins declare `dependencies: string[]`. `PluginManager.topoSort()` loads them in correct order; missing deps → `skipped-deps` status.
+- **Lifecycle hooks**: `PluginHooks` interface (`onBeforeToolCall`, `onAfterToolCall`, `onToolError`). Hooks are fired by `MCPServer.callTool()` for tools belonging to hook-equipped plugins.
+- **Hot-load / unload**: `plugin.enable` hot-loads a plugin at runtime, `plugin.disable` calls `teardown()` and unregisters all plugin tools — no server restart required.
+- **Plugin introspection tools**: `plugin.list` (read-only status/config), `plugin.enable`, `plugin.disable` — LLM clients can discover and manage plugins via MCP.
+- **`MCPServer.unregisterTool()`**: New method to remove tools at runtime, enabling plugin unload.
+- **`MCPServer.setPluginManager()`**: Wires PluginManager into server for lifecycle hook dispatch.
+- **Docs**: Comprehensive `docs/PLUGINS.md` rewrite covering SDK types, hook system, auto-discovery, external plugin authoring, and troubleshooting.
+### Architecture & Infrastructure
+- **Tool Registry** (`src/tool-registry.ts`): Centralised registration of all 148 tools, 3 prompts, and 16 resources. `src/index.ts` reduced from ~1,450 lines to ~90 lines.
+- **Plugin Architecture** (`src/plugins.ts`): Four built-in plugins (android, malware, crackme, dynamic) controlled via `PLUGINS` env var. Supports prerequisite checks and custom plugin extensions. Docs: `docs/PLUGINS.md`.
+- **MCP Resources**: 16 helper scripts (8 Frida + 8 Ghidra) exposed as MCP resources discoverable via `resources/list` and readable via `resources/read`.
+- **Streaming Progress** (`src/streaming-progress.ts`): `ProgressReporter` interface for long-running tools. Emits `notifications/progress` MCP notifications when client sends `_meta.progressToken`.
+- **Architecture docs** (`docs/ARCHITECTURE.md`): Comprehensive guide covering tool registry, plugin system, resources, streaming, safe commands, process pool, structured logging, and CI/CD security.
+### Security Hardening
+- **Command injection prevention** (`src/safe-command.ts`): Whitelist regex validation (`SAFE_COMMAND_NAME_RE`), `execFileSync`/`spawnSync` with argument arrays, `safeCommandExists()`, `safeGetCommandVersion()`, `validateGraphvizFormat()`.
+- **env-validator.ts**: Replaced `execSync` shell calls with safe wrappers.
+- **cfg-visual-exports.ts**: Added `validateGraphvizFormat()` whitelist validation.
+- **CI/CD security scanning**: Added `security` job to `.github/workflows/ci.yml` — npm audit, pip-audit, CodeQL SAST.
+### Observability
+- **Structured logging**: Migrated 7 files from `console.log`/`console.error` to Pino structured JSON logging (`policy-guard.ts`, `llm-analyze.ts`, `auto-trigger.ts`, `triage.ts`, `cache-manager.ts`).
+- **Python Process Pool** (`src/python-process-pool.ts`): Queue-based concurrency limiter with `MAX_PYTHON_WORKERS` env var. Stats surfaced through `system.health` tool.
+### Testing
+- **68 new test files** generated for previously untested tools (193 total unit tests, up from 125).
+- **Integration tests**: `tests/integration/full-pipeline.test.ts` (E2E ingest→triage), `tests/integration/beta2-tools.test.ts` (beta.2 tool coverage).
+### Documentation
+- **API docs generation**: `scripts/generate-api-docs.js` + `npm run docs:api` script.
+- New: `docs/ARCHITECTURE.md`, `docs/PLUGINS.md`.
+- Updated: `README.md` (architecture section, project layout), `CONTRIBUTING.md` (tool registration guide, plugin development), `SECURITY.md` (command injection prevention, CI/CD scanning), `docs/API-REFERENCE.md` (MCP resources), `CHANGELOG.md`.
+## [1.0.0-beta.2] - 2026-03-30
+### Android / APK Analysis
+- Added `apk.structure.analyze` — APK manifest, permissions, and component extraction via Python worker
+- Added `apk.packer.detect` — APK packer/obfuscator detection (DexGuard, iJiami, Bangcle, etc.)
+- Added `dex.decompile` — DEX-to-Java decompilation via jadx
+- Added `dex.classes.list` — DEX class/method enumeration
+- Added `workers/apk_dex_worker.py` — Unified Python worker for APK/DEX operations
+- Docker: Added jadx v1.5.1 installation (`/opt/jadx/bin/jadx`)
+### Symbolic Execution & CrackMe
+- Added `symbolic.explore` — angr-backed symbolic execution for path exploration and constraint solving
+- Added `keygen.verify` — Keygen/license verification via Qiling or angr backends
+- Added `constraint.solve` — Z3/angr constraint solver for serial/key generation
+- Added `workers/symbolic_explorer_worker.py`, `workers/keygen_verify_worker.py`, `workers/constraint_solver_worker.py`
+### Dynamic Analysis
+- Added `dynamic.auto_hook` — Automated Frida hook generation from static analysis evidence
+- Added `dynamic.memory_dump` — Frida-based runtime memory dump with pattern scanning
+### Malware Analysis
+- Added `malware.config.extract` — Malware configuration extraction (C2, encryption keys, mutexes)
+- Added `malware.classify` — Malware family classification using YARA + capa + behavioral indicators
+- Added `c2.extract` — C2 infrastructure extraction and indicator enrichment
+- Added `workers/malware_config_worker.py`
+### Cross-Platform & Visualization
+- Added `elf.macho.parse` — ELF/Mach-O header and section parsing via Rizin
+- Added `rizin.diff` — Binary diffing via Rizin (function-level and basic-block-level)
+- Added `cfg.visualize` — Control flow graph visualization (DOT/SVG/JSON)
+- Added `timeline.correlate` — Multi-source event timeline correlation
+- Added `cross_module.xref` — Cross-module cross-reference analysis
+- Added `kb.search` — Knowledge base semantic search
+- Added `workers/elf_macho_worker.py`, `workers/rizin_diff_worker.py`
+### Quality & Infrastructure
+- **Config**: Unified Python path resolution via `config.workers.static.pythonPath` across all new tools; added `JADX_PATH` env var support
+- **PolicyGuard**: Applied to 5 high-risk dynamic/symbolic tools (`symbolic.explore`, `keygen.verify`, `patch.generate`, `dynamic.auto_hook`, `dynamic.memory_dump`)
+- **CacheManager**: Applied to 3 malware analysis tools (`malware.config.extract`, `c2.extract`, `malware.classify`)
+- **Worker validation**: Added `os.path.isfile()` input checks to 4 Python workers
+- **Workflow integration**: `workflow.triage` now routes APK/DEX samples to APK-specific analysis tools
+- **Type safety**: Replaced `any` type annotations with proper union types in malware-classify
+- **npm packaging**: Added 7 missing worker files to `package.json` `files` array
+- **Unit tests**: Added test suites for malware-config-extract, apk-structure-analyze, symbolic-explore, and patch-generate
+## [1.0.0-beta.1] - 2026-03-29
+### Frida Dynamic Instrumentation
+- Added Frida runtime instrumentation with `frida.runtime.instrument` supporting spawn and attach modes
+- Added Frida script injection via `frida.script.inject` with pre-built script library:
+  - `api_trace.js` - Windows API tracing with argument logging
+  - `string_decoder.js` - Runtime string decryption
+  - `anti_debug_bypass.js` - Anti-debug detection neutralization
+  - `crypto_finder.js` - Cryptographic API detection
+  - `file_registry_monitor.js` - File/registry operation tracking
+- Added Frida trace capture via `frida.trace.capture` with canonical MCP trace schema
+- Implemented trace filtering, aggregation, artifact persistence, and provenance tracking
+- Integrated Frida traces into `dynamic.trace.import`, `report.generate`, and `report.summarize`
+- Added async job support for long-running Frida traces via `task.status` / `task.cancel`
+- Added evidence scope selection (`all`/`latest`/`session`) and compare/baseline support for Frida traces
+- Added comprehensive Frida documentation: installation guides, workflow examples, troubleshooting guidance
+- Added `frida_scripts/` library with README documentation
+- Added comprehensive unit tests for Frida tools:
+  - `tests/unit/frida-runtime-instrument.test.ts` - Runtime instrumentation tests (11 tests)
+  - `tests/unit/frida-script-inject.test.ts` - Script injection tests (13 tests)
+  - `tests/unit/frida-trace-capture.test.ts` - Trace capture/normalization tests (19 tests)
+  - `tests/unit/setup-guidance.test.ts` - Setup guidance behavior tests (24 tests)
+- Added integration tests for Frida workflows:
+  - `tests/integration/frida-workflow.test.ts` - End-to-end spawn/attach/capture workflow tests
+  - Tests graceful degradation when Frida unavailable with structured setup guidance
+  - Tests concurrent operations and artifact persistence
+### Static Analysis Foundation
+- Added a static triage foundation for the upcoming `0.2.0` line: `static.capability.triage`, `pe.structure.analyze`, and `compiler.packer.detect`
+- Added worker/config/setup support for `flare-capa`, `pefile`, `lief`, `CAPA_RULES_PATH`, and `DIE_PATH`
+- Integrated static capability, PE structure, and compiler/packer attribution into `workflow.triage`, `report.summarize`, and `report.generate`
+- Added static artifact persistence, provenance, scope selection, and compare/baseline support for the new analysis families
+- Updated MCP docs, install guides, and release notes to cover early-stage static triage chaining and optional dependency bootstrap
+### HTTP File Server
+- Added embedded HTTP file server on port 18080 for direct sample uploads and artifact downloads
+- Implemented REST API endpoints:
+  - `POST /api/v1/samples` - Direct sample upload with multipart/form-data support
+  - `GET /api/v1/samples/:id` - Sample metadata retrieval and optional file download
+  - `GET /api/v1/artifacts` - List artifacts with optional sample filtering
+  - `GET/DELETE /api/v1/artifacts/:id` - Artifact metadata, download, and deletion
+  - `GET /api/v1/health` - Health check endpoint
+  - `POST/GET /api/v1/uploads/:token` - Upload session management
+- Added API key authentication via `X-API-Key` header (optional, configurable via `API_KEY`)
+- Added MCP tools for file access:
+  - `sample.download` - Download sample by ID with metadata
+  - `artifact.download` - Download artifact by ID with optional content parsing
+- Added PowerShell CLI tools:
+  - `scripts/upload-api.ps1` - Sample upload with progress display and error handling
+  - `scripts/download-artifact.ps1` - Artifact download with metadata support
+- Implemented storage management:
+  - `StorageManager` - Unified storage operations with date partitioning
+  - `cleanup-job.ts` - Automatic retention-based cleanup (configurable via `API_RETENTION_DAYS`)
+  - `metadata-logger.ts` - Audit logging for upload tracking
+- Added comprehensive documentation:
+  - `docs/API-FILE-SERVER.md` - API usage guide with examples
+  - `docs/API-REFERENCE.md` - Complete API reference with error codes
+  - Updated `README.md` and `INSTALL.md` with API configuration
+- Added Docker configuration:
+  - Exposed port 18080 in Dockerfile
+  - Added storage volume mounting in docker-compose.yml
+  - Added API environment variables in .env.example
+- Added unit tests:
+  - `tests/unit/api/auth-middleware.test.ts` - Authentication tests
+  - `tests/unit/api/sample-upload.test.ts` - Upload workflow tests
+  - `tests/unit/api/storage-manager.test.ts` - Storage operation tests
+  - `tests/unit/api/api-endpoints.test.ts` - Endpoint contract tests
+  - `tests/unit/api/upload-workflow.test.ts` - E2E workflow tests
+### MCP Server Optimization (Phase 1-8)
+- **Cache Layer Optimization** (Phase 1):
+  - Implemented smart cache key generation filtering 18 unstable parameters
+  - Added parameter normalization for deterministic key generation
+  - Implemented cache hit rate statistics and monitoring
+  - Expected improvement: +30-50% cache hit rate
+  - New modules: `src/smart-cache.ts`, `src/cache-manager.ts` extensions
+- **Tiered Response System** (Phase 2):
+  - Implemented L1/L2/L3 response tiering to reduce token consumption
+  - Created `TieredResponse` interface and `BaseTool` abstract class
+  - L1 Summary (100-500 tokens), L2 Structured data, L3 Artifact references
+  - Expected improvement: -80-90% token consumption
+  - New module: `src/tiered-response.ts`
+- **JobQueue Enhancement** (Phase 3):
+  - Added progress tracking API (`updateProgress`)
+  - Added cancellation check API (`isCancelled`)
+  - Improved workflow observability
+  - Modified: `src/job-queue.ts`
+- **Artifact Lifecycle Management** (Phase 4):
+  - Implemented artifact age calculation and retention bucket classification
+  - Added gzip compression for artifacts older than 7 days
+  - Implemented automatic cleanup with configurable retention policy
+  - Added dry-run mode for preview
+  - Expected improvement: -50-70% disk usage
+  - New module: `src/artifact-lifecycle.ts`
+- **Error Recovery Enhancement** (Phase 5):
+  - Implemented intelligent error classification (9 categories)
+  - Added auto-recovery actions (5 types: install, retry, downgrade, etc.)
+  - Implemented exponential backoff retry logic
+  - Added lite mode fallback for resource exhaustion
+  - New module: `src/error-handler-enhanced.ts`
+- **MCP Resources Protocol** (Phase 6):
+  - Implemented `resources/list` and `resources/read` endpoints
+  - Added `artifact://` and `sample://` URI schemes
+  - Added resource change notifications
+  - New module: `src/mcp-resources.ts`
+- **Token Budget Tracking** (Phase 7):
+  - Implemented SQLite `token_usage` table for persistence
+  - Added simple usage recording and querying
+  - Provides tool-based statistics and recent usage history
+  - Lightweight implementation focused on core recording needs
+  - New module: `src/token-budget.ts`
+- **Performance Benchmarking** (Phase 8):
+  - Created benchmark suite for cache, response, and disk optimization
+  - Implemented token reduction measurement
+  - Added optimization report generation
+  - Added tuning recommendations
+  - New module: `src/performance-benchmark.ts`
 ## [0.1.4] - 2026-03-14
 - Added safer Ghidra defaults for `GHIDRA_PROJECT_ROOT` / `GHIDRA_LOG_ROOT`, automatic project-parent creation, and safer Windows defaults that avoid unstable per-repo relative paths

package/CLAUDE_INSTALLATION.md CHANGED Viewed

@@ -41,6 +41,11 @@ It also pins:
 - `GHIDRA_PROJECT_ROOT`
 - `GHIDRA_LOG_ROOT`
+Optional static-analysis inputs can also be provided through:
+- `CAPA_RULES_PATH`
+- `DIE_PATH`
 The server's bundled `ghidra_scripts/` directory is resolved from the installed
 package or repository root, not from the shell's current working directory. You
 do not need to manually point Claude at `ExtractFunctions.py`.
@@ -137,6 +142,44 @@ dynamic-analysis extras, or Ghidra configuration, ask it to call:
 These tools return structured `setup_actions` and `required_user_inputs`
 instead of only failing with a generic error.
+For the static capability / PE structure / compiler attribution layer, the most
+common optional requirements are:
+- `python -m pip install flare-capa pefile lief`
+- a capa rules bundle referenced by `CAPA_RULES_PATH`
+- Detect It Easy CLI referenced by `DIE_PATH`
+### Frida Dynamic Instrumentation (Optional)
+For runtime API tracing and behavioral analysis, install Frida:
+```powershell
+pip install frida frida-tools
+```
+**Verify Frida installation:**
+```powershell
+python -c "import frida; print(frida.__version__)"
+frida --version
+```
+**Environment Variables** (optional):
+- `FRIDA_SERVER_PATH` - Path to Frida server binary for USB/remote device analysis
+- `FRIDA_DEVICE` - Device ID or "usb" for USB device selection (default: local spawn)
+When Frida is unavailable, tools like `frida.runtime.instrument`, `frida.script.inject`, and `frida.trace.capture` return structured setup guidance instead of generic errors.
+**Pre-built Scripts** are included in `frida_scripts/`:
+- `api_trace.js` - Windows API tracing
+- `string_decoder.js` - Runtime string decryption
+- `anti_debug_bypass.js` - Anti-debug neutralization
+- `crypto_finder.js` - Cryptographic API detection
+- `file_registry_monitor.js` - File/registry operation tracking
+See [`docs/EXAMPLES.md`](./docs/EXAMPLES.md#场景 -9-frida-运行时 instrumentation) for Frida workflow examples.
 ## References
 - Claude Code MCP overview: https://docs.anthropic.com/en/docs/claude-code/mcp

package/CODEX_INSTALLATION.md CHANGED Viewed

@@ -26,6 +26,11 @@ It also pins:
 - `GHIDRA_PROJECT_ROOT`
 - `GHIDRA_LOG_ROOT`
+Optional static-analysis inputs can also be provided through:
+- `CAPA_RULES_PATH`
+- `DIE_PATH`
 The server's bundled `ghidra_scripts/` directory is resolved from the installed
 package or repository root, not from the shell's current working directory. You
 do not need to manually configure a script path for `ExtractFunctions.py`.
@@ -93,6 +98,13 @@ configuration, ask it to call:
 - `system.health`
 - `ghidra.health`
+For the static capability / PE structure / compiler attribution layer, the most
+common optional requirements are:
+- `python -m pip install flare-capa pefile lief`
+- a capa rules bundle referenced by `CAPA_RULES_PATH`
+- Detect It Easy CLI referenced by `DIE_PATH`
 ## Troubleshooting
 - `dist/index.js was not found`

package/COPILOT_INSTALLATION.md CHANGED Viewed

@@ -18,6 +18,11 @@ It also pins:
 - `GHIDRA_PROJECT_ROOT`
 - `GHIDRA_LOG_ROOT`
+Optional static-analysis inputs can also be provided through:
+- `CAPA_RULES_PATH`
+- `DIE_PATH`
 The server's bundled `ghidra_scripts/` directory is resolved from the installed
 package or repository root, not from the shell's current working directory. You
 do not need to separately point Copilot at `ExtractFunctions.py`.
@@ -101,6 +106,13 @@ packages, dynamic-analysis extras, or Ghidra configuration, ask Copilot to call:
 These tools return structured setup actions and missing user inputs.
+For the static capability / PE structure / compiler attribution layer, the most
+common optional requirements are:
+- `python -m pip install flare-capa pefile lief`
+- a capa rules bundle referenced by `CAPA_RULES_PATH`
+- Detect It Easy CLI referenced by `DIE_PATH`
 ## References
 - https://code.visualstudio.com/docs/copilot/customization/mcp-servers