@dtt_siye/atool 1.3.0 → 1.4.0

package/lib/pre-scan.sh

@@ -426,7 +426,7 @@ _extract_typescript() {
     local lang="typescript"
     [[ "$rel_path" == *.js || "$rel_path" == *.jsx ]] && lang="javascript"
 
-    # --- Imports ---
+    # --- Imports (enhanced with named symbols for cross-reference) ---
     local imports_json="[]"
     imports_json=$({ grep -n -E '^(import |const .* = require)' "$file" 2>/dev/null || true; } | awk -F: '
     {
@@ -435,20 +435,47 @@ _extract_typescript() {
         if (content ~ /^import /) {
             # ES module import
             source = ""
+            syms = "[]"
+            # Extract source path
             if (match(content, /from "[^"]*"/)) {
                 source = substr(content, RSTART+6, RLENGTH-7)
             } else if (match(content, /"[^"]*"/)) {
                 source = substr(content, RSTART+1, RLENGTH-2)
             }
+            # Extract named symbols from destructured import: import { X, Y } from ...
+            if (match(content, /\{[^}]+\}/)) {
+                brace = substr(content, RSTART+1, RLENGTH-2)
+                gsub(/^[[:space:]]+/, "", brace)
+                gsub(/[[:space:]]+$/, "", brace)
+                n = split(brace, parts, ",")
+                sym_arr = "["
+                for (i = 1; i <= n; i++) {
+                    gsub(/^[[:space:]]+/, "", parts[i])
+                    gsub(/[[:space:]]+$/, "", parts[i])
+                    gsub(/[[:space:]]+as[[:space:]]+.*/, "", parts[i])
+                    gsub(/=.*/, "", parts[i])
+                    if (parts[i] != "") {
+                        if (length(sym_arr) > 1) sym_arr = sym_arr ","
+                        sym_arr = sym_arr "\"" parts[i] "\""
+                    }
+                }
+                syms = sym_arr "]"
+            } else if (content ~ /^import [a-zA-Z_]/ && content !~ /^import type/ && content !~ /^import \*/) {
+                # Default import: import X from '"'"'Z'"'"'
+                tmp = content
+                gsub(/^import /, "", tmp)
+                gsub(/ .*$/, "", tmp)
+                syms = "[\"" tmp "\"]"
+            }
             is_local = (source ~ /^\./ || source ~ /^@/) ? "true" : "false"
-            printf "{\"from\":\"%s\",\"import\":null,\"line\":%s,\"is_local\":%s}\n", source, line, is_local
+            printf "{\"from\":\"%s\",\"import\":null,\"line\":%s,\"is_local\":%s,\"symbols\":%s}\n", source, line, is_local, syms
         } else if (index(content, "require(") > 0) {
             source = ""
             if (match(content, /"[^"]*"/)) {
                 source = substr(content, RSTART+1, RLENGTH-2)
             }
             is_local = (source ~ /^\./ || source ~ /^@/) ? "true" : "false"
-            printf "{\"from\":\"%s\",\"import\":null,\"line\":%s,\"is_local\":%s}\n", source, line, is_local
+            printf "{\"from\":\"%s\",\"import\":null,\"line\":%s,\"is_local\":%s,\"symbols\":[]}\n", source, line, is_local
         }
     }' | jq -s '.' 2>/dev/null || echo '[]')
 
@@ -687,7 +714,7 @@ _extract_rust() {
     hash=$(file_checksum "$file")
     line_count=$(wc -l < "$file" | tr -d ' ')
 
-    # --- Imports ---
+    # --- Imports (enhanced with symbols from use paths) ---
     local imports_json="[]"
     imports_json=$({ grep -n -E '^use ' "$file" 2>/dev/null || true; } | awk '
     {
@@ -697,7 +724,45 @@ _extract_rust() {
         gsub(/^use /, "", content)
         gsub(/;.*$/, "", content)
         gsub(/ *$/, "", content)
-        printf "{\"from\":\"%s\",\"import\":null,\"line\":%s,\"is_local\":false}\n", content, line
+
+        # Detect local imports: crate::, self::, super::, or crate-relative paths
+        is_local = "false"
+        if (content ~ /^crate::/ || content ~ /^super::/ || content ~ /^self::/) is_local = "true"
+
+        # Extract symbols from {A, B, C} grouped imports: use path::{A, B}
+        syms = "[]"
+        if (match(content, /\{[^}]+\}/)) {
+            brace = substr(content, RSTART+1, RLENGTH-2)
+            gsub(/^[[:space:]]+/, "", brace)
+            gsub(/[[:space:]]+$/, "", brace)
+            n = split(brace, parts, ",")
+            sym_arr = "["
+            for (i = 1; i <= n; i++) {
+                gsub(/^[[:space:]]+/, "", parts[i])
+                gsub(/[[:space:]]+$/, "", parts[i])
+                gsub(/[[:space:]]+as[[:space:]]+.*/, "", parts[i])
+                gsub(/ .*$/, "", parts[i])
+                if (parts[i] != "") {
+                    if (length(sym_arr) > 1) sym_arr = sym_arr ","
+                    sym_arr = sym_arr "\"" parts[i] "\""
+                }
+            }
+            syms = sym_arr "]"
+        } else {
+            # Single import: extract the last segment as symbol
+            n = split(content, seg, "::")
+            if (n > 0 && seg[n] != "" && seg[n] !~ /^\{/ && seg[n] !~ /\}$/) {
+                gsub(/[[:space:]]+as[[:space:]]+.*/, "", seg[n])
+                gsub(/ .*/, "", seg[n])
+                if (seg[n] != "*") {
+                    syms = "[\"" seg[n] "\"]"
+                }
+            }
+        }
+
+        # Escape double quotes in content for JSON
+        gsub(/"/, "\\\"", content)
+        printf "{\"from\":\"%s\",\"import\":null,\"line\":%s,\"is_local\":%s,\"symbols\":%s}\n", content, line, is_local, syms
     }' | jq -s '.' 2>/dev/null || echo '[]')
 
     # --- Structs/Enums/Traits ---
@@ -1033,7 +1098,17 @@ pre_scan_project() {
         generated_at: (now | todate),
         total_modules: length,
         scan_duration_seconds: null,
-        modules: [.[].module_summary // {} | {total_files, total_classes, total_functions, total_api_endpoints, total_data_models}]
+        modules: [.[] | {
+            slug: .module,
+            name: .module,
+            importance: 0
+        } + (.module_summary // {} | {
+            total_files,
+            total_classes,
+            total_functions,
+            total_api_endpoints,
+            total_data_models
+        })]
     }' "$output_dir"/*.json 2>/dev/null || echo '{}')
 
     # Add duration to manifest

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dtt_siye/atool",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "description": "AI Developer Toolkit - 一键配置 AI IDE 的工具集",
   "bin": {
     "atool": "bin/atool.js"

package/skills/agent-audit/SKILL.md

@@ -0,0 +1,180 @@
+---
+name: agent-audit
+description: "Use when multiple agents or parallel tasks are running — tracks each agent's modifications, detects file conflicts, and provides audit trail. 在多Agent并行工作时使用 — 追踪每个Agent的修改、检测文件冲突、提供审计记录."
+version: 0.1.0
+category: quality
+---
+
+# Agent Audit — Multi-Agent Modification Tracking
+
+Tracks file modifications across multiple AI agents or parallel tasks, detects conflicts, and provides a complete audit trail for coordination.
+
+## When to Use
+
+- When using `/smart-dispatch` for parallel agent execution
+- When using `/dispatching-parallel-agents` for independent tasks
+- When using `/subagent-driven-development` for implementation plans
+- After parallel agents complete, before merging results
+- When reviewing what changes each agent made
+
+## How It Works
+
+### Audit Log Format
+
+Each agent's modifications are recorded in `.claude/agent-audit.json`:
+
+```json
+{
+  "audit_entries": [
+    {
+      "agent_id": "agent-1",
+      "task": "Implement user authentication",
+      "started_at": 1712649600,
+      "completed_at": 1712649900,
+      "files_modified": [
+        {
+          "path": "src/auth/UserService.java",
+          "action": "modified",
+          "lines_added": 45,
+          "lines_removed": 12,
+          "intent": "Add JWT token generation"
+        }
+      ],
+      "files_planned": ["src/auth/UserService.java", "src/auth/AuthController.java"],
+      "files_unexpected": [],
+      "impact_scope": ["auth", "api"],
+      "status": "completed"
+    }
+  ],
+  "conflicts": [],
+  "summary": {
+    "total_agents": 3,
+    "total_files_modified": 8,
+    "conflicts_detected": 0
+  }
+}
+```
+
+### Step 1: Agent Registration
+
+Before dispatching an agent, register it:
+
+```
+Read: agent-audit.json (or create if not exists)
+Add entry:
+{
+  "agent_id": "{agent-N}",
+  "task": "{task description}",
+  "files_planned": [{list of expected files}],
+  "started_at": {timestamp}
+}
+```
+
+### Step 2: Modification Tracking
+
+Each agent should record its modifications. Use git diff or task-state data:
+
+```
+After agent completes:
+  git diff --stat HEAD → extract file list and line changes
+  Compare with files_planned → flag unexpected files
+  Cross-reference with knowledge-graph → compute impact_scope
+```
+
+### Step 3: Conflict Detection
+
+After all agents complete, detect file-level conflicts:
+
+```
+For each pair of agents (A, B):
+  overlap = A.files_modified ∩ B.files_modified
+  if overlap is not empty:
+    CONFLICT: agents A and B both modified: {overlap}
+    severity = check if changes are in same lines (git merge-base)
+```
+
+Conflict severity levels:
+- **Critical**: Same file, same lines → merge conflict likely
+- **Warning**: Same file, different sections → manual review needed
+- **Info**: Different files, same module → review for logical consistency
+
+### Step 4: Impact Analysis
+
+Using knowledge-graph.json (from project-analyze):
+
+```
+For each agent's modified files:
+  1. Find the module each file belongs to
+  2. Find upstream dependents (who depends on this module)
+  3. Find downstream dependencies (what this module depends on)
+  4. Compute impact scope = module + direct dependents
+```
+
+### Step 5: Consolidated Audit Report
+
+```
+## Agent Audit Report
+
+### Execution Summary
+| Agent | Task | Files | Status | Duration |
+|-------|------|-------|--------|----------|
+| agent-1 | User auth | 3 | completed | 5m |
+| agent-2 | Payment API | 4 | completed | 7m |
+| agent-3 | Tests | 5 | completed | 4m |
+
+### File Overlap
+| File | Agent-1 | Agent-2 | Agent-3 |
+|------|---------|---------|---------|
+| src/common/Utils.java | modified | - | modified |
+
+### Conflicts
+| Severity | File | Details |
+|----------|------|---------|
+| Warning | src/common/Utils.java | Both agent-1 and agent-3 modified this file |
+
+### Impact Scope
+| Agent | Modules Affected | Downstream Impact |
+|-------|-----------------|-------------------|
+| agent-1 | auth, api | gateway, frontend |
+| agent-2 | payment, billing | notification, reporting |
+
+### Recommendations
+1. Review src/common/Utils.java for merge conflicts before integrating
+2. Run integration tests after merging all agent changes
+3. Update documentation for auth and payment modules
+```
+
+## Integration with task-state
+
+The agent-audit reads from and writes to `.claude/task-state.json`:
+
+```json
+{
+  "active_agents": 3,
+  "completed_agents": 2,
+  "agent_conflicts": ["src/common/Utils.java"],
+  "pending_actions": ["resolve_conflict:Utils.java", "run_integration_tests", "update_docs"]
+}
+```
+
+## Smart-Dispatch Integration
+
+When using `/smart-dispatch`:
+
+1. **Before dispatch**: Register each chunk as an agent entry
+2. **During execution**: Each agent records its modifications
+3. **After all complete**: Run conflict detection
+4. **Review phase**: Present consolidated audit report
+5. **Integration**: User resolves conflicts, then merge
+
+## Skill 协作
+
+| 协作 Skill | 触发条件 | 交互方式 |
+|-----------|---------|---------|
+| smart-dispatch | Parallel execution | 每个chunk注册为agent，完成后审计 |
+| dispatching-parallel-agents | Independent tasks | 跟踪每个后台agent的修改 |
+| subagent-driven-development | Implementation plans | 追踪sub-agent修改范围 |
+| project-analyze | Knowledge-graph available | 使用图谱计算impact scope |
+| architecture-guard | Conflicts detected | 检查冲突是否违反架构约束 |
+| verification-before-completion | After agent merge | 合并后验证整体完整性 |
+| ci-feedback | After merge | 运行集成测试验证 |

package/skills/architecture-guard/SKILL.md

@@ -0,0 +1,164 @@
+---
+name: architecture-guard
+description: "Use when reviewing or modifying code in analyzed projects — detects architectural violations in real-time using knowledge-graph data. 在修改代码时使用 — 实时检测架构违规（分层违反/依赖方向/循环依赖/边界泄漏）."
+version: 0.1.0
+category: quality
+---
+
+# Architecture Guard
+
+Real-time architectural violation detection using knowledge-graph data. Prevents AI and developers from degrading system structure.
+
+## When to Use
+
+- After modifying source files in a previously analyzed project (has `atool-analysis/` or `.atool-docs/`)
+- Before committing changes to verify architectural compliance
+- When reviewing code changes for structural correctness
+- Auto-triggered by verification-before-completion for analyzed projects
+
+## How It Works
+
+Architecture-guard reads the knowledge-graph.json produced by `/project-analyze` and checks:
+
+1. **Dependency Direction** — Enforces layer ordering (e.g., Controller → Service → DAO). Reverse dependencies are violations.
+2. **Package Structure** — New files must belong to recognized package paths.
+3. **API Boundary Leaks** — Response/DTO types should not appear in Service/DAO layers.
+4. **Circular Dependencies** — New imports must not introduce cycles.
+
+## Guard Process
+
+### Step 1: Load Architecture Data
+
+```
+Read: atool-analysis/knowledge-graph.json (or .atool-docs/knowledge-graph.json)
+Extract:
+- architectural_layers: {layer_name: [module_names]}
+- edges: [{source, target, edge_type}]
+- nodes: [{id, type, layer}]
+```
+
+If no knowledge-graph.json exists, warn the user and suggest running `/project-analyze` first.
+
+### Step 2: Detect Violations in Changed Files
+
+For each modified source file, check:
+
+#### 2a. Dependency Direction Check
+
+```
+For each import/dependency in the modified file:
+  source_layer = lookup layer of the modified file's module
+  target_layer = lookup layer of the imported module
+  if source_layer is lower than target_layer in the layer ordering:
+    VIOLATION: "Reverse dependency: {source} ({source_layer}) imports {target} ({target_layer})"
+```
+
+Common layer ordering (adjustable per project):
+- **Java/Spring**: Controller → Service → Repository → Entity
+- **Web/React**: Page → Component → Hook → Service → API
+- **Go**: Handler → Service → Repository → Model
+- **Python**: Route → Service → Repository → Model
+
+#### 2b. API Boundary Leak Check
+
+```
+For each import in the modified file:
+  if the file is in Service/Repository layer:
+    check if imported type is a Response/DTO/ViewModel (belongs to API/Presentation layer)
+    if yes: VIOLATION: "API type {type} leaked into {layer} layer"
+```
+
+#### 2c. Circular Dependency Check
+
+```
+Build dependency graph from knowledge-graph edges + new imports
+Run cycle detection (DFS)
+if cycle found: VIOLATION: "Circular dependency: {cycle_path}"
+```
+
+#### 2d. Module Boundary Check
+
+```
+For each new file or moved file:
+  Check if it belongs to a recognized module boundary
+  if it crosses module boundaries (imports from unrelated modules):
+    WARNING: "Cross-module import: {source_module} → {target_module}"
+```
+
+### Step 3: Report Results
+
+Output a structured violation report:
+
+```
+## Architecture Guard Report
+
+### Summary
+- Files checked: {n}
+- Violations: {n} (Critical: {n}, Warning: {n})
+- Status: PASS / FAIL
+
+### Violations
+
+| Severity | Type | File | Details |
+|----------|------|------|---------|
+| Critical | Reverse Dependency | UserService.java | Imports UserController (Controller→Service violation) |
+| Critical | Circular Dependency | OrderService.java | Cycle: OrderService → UserService → OrderService |
+| Warning  | API Boundary Leak   | PaymentService.java | Uses OrderResponse (DTO in Service layer) |
+| Warning  | Cross-Module        | notification.go    | Imports billing/invoice.go (unrelated domain) |
+```
+
+### Step 4: Suggest Fixes
+
+For each violation, provide:
+1. The specific line/import causing the issue
+2. Why it violates the architecture
+3. Suggested fix (e.g., "Move logic to OrderService", "Use OrderEntity instead of OrderResponse")
+
+## Integration Points
+
+### With verification-before-completion
+When the project has been analyzed, verification-before-completion should invoke architecture-guard as an additional check before claiming complete.
+
+### With code-review
+Architecture violations detected here feed into the `architecture` dimension of `/code-review` with specific line-level details.
+
+### With project-analyze
+Reads the knowledge-graph.json output from `/project-analyze`. If the graph is stale (older than source files), suggest re-running analysis.
+
+## Layer Definition Patterns
+
+The guard auto-detects layer patterns from the knowledge-graph:
+
+| Pattern | Layers |
+|---------|--------|
+| **Spring Boot** | controller → service → repository → entity |
+| **Clean Architecture** | presentation → application → domain → infrastructure |
+| **Hexagonal** | adapter/in → port/in → application → port/out → adapter/out |
+| **Generic Web** | page → component → service → data |
+| **DDD** | ui → application → domain → infrastructure |
+
+If no layers are detected, fall back to directory-based heuristics:
+- `controller/` / `handler/` / `api/` → Presentation
+- `service/` / `usecase/` / `application/` → Application
+- `repository/` / `dao/` / `store/` / `data/` → Data
+- `model/` / `entity/` / `domain/` → Domain
+
+## Severity Classification
+
+| Type | Severity | Auto-fixable |
+|------|----------|-------------|
+| Reverse dependency | Critical | Sometimes (move import) |
+| Circular dependency | Critical | Often (extract interface) |
+| API boundary leak | Warning | Yes (use internal type) |
+| Cross-module import | Warning | Context-dependent |
+| New unknown module | Info | No (may need new layer) |
+
+## Skill 协作
+
+| 协作 Skill | 触发条件 | 交互方式 |
+|-----------|---------|---------|
+| project-analyze | No knowledge-graph.json found | 建议运行 `/project-analyze` 生成图谱 |
+| code-review | Architecture dimension scoring | 提供层违反数据给 code-review |
+| verification-before-completion | Analyzed project, before claiming done | 作为额外检查步骤 |
+| {stack}-conventions | Stack-specific layer patterns | 加载栈级分层规范 |
+| software-architecture | Architecture score < 60 | 建议运行架构重构 |

package/skills/architecture-guard/rules/violation-detection.md

@@ -0,0 +1,90 @@
+# Architecture Violation Detection Rules
+
+## Dependency Direction Rules
+
+### Rule 1: Strict Layer Ordering
+Each layer may only depend on layers below it in the hierarchy. A dependency pointing upward is a violation.
+
+```
+ALLOWED: Presentation → Application → Domain → Infrastructure
+VIOLATION: Domain → Application (upward dependency)
+VIOLATION: Infrastructure → Domain (skipping layers or upward)
+```
+
+### Rule 2: No Cross-Skip Dependencies
+A layer may not skip intermediate layers unless the intermediate layer has no relevant abstraction.
+
+```
+ALLOWED: Controller → Repository (if Service is just a pass-through)
+VIOLATION: Page → API (skipping Service layer with business logic)
+```
+
+## API Boundary Rules
+
+### Rule 3: No DTO Leakage
+Response/DTO/ViewModel types must NOT appear in Service or Repository layers.
+
+```
+VIOLATION: PaymentService.java imports OrderResponse
+VIOLATION: UserRepository.java returns UserDTO instead of UserEntity
+```
+
+### Rule 4: No Domain Logic in Presentation
+Business logic must NOT appear in Controller/Handler/Page layers.
+
+```
+VIOLATION: UserController.java contains validation logic (should be in Service)
+VIOLATION: OrderPage.vue contains price calculation (should be in Service)
+```
+
+## Circular Dependency Rules
+
+### Rule 5: No Import Cycles
+No circular import chains are allowed between modules.
+
+```
+VIOLATION: A imports B, B imports C, C imports A
+ALLOWED: A imports B, A imports C, B imports C (DAG)
+```
+
+### Rule 6: No Mutual Dependencies
+Two modules must not directly import from each other.
+
+```
+VIOLATION: UserService imports OrderService, OrderService imports UserService
+FIX: Extract shared logic into a third module or use events
+```
+
+## Module Boundary Rules
+
+### Rule 7: Bounded Context Isolation
+Modules from different bounded contexts should not directly import each other's internal types.
+
+```
+VIOLATION: billing/internal/invoice.go imports shipping/internal/package.go
+ALLOWED: billing/invoice.go imports shipping/api.go (public API)
+```
+
+### Rule 8: No God Modules
+A module importing from more than 50% of other modules may be a god module.
+
+```
+WARNING: CommonUtils imports from 15 out of 20 modules
+FIX: Split into focused utility modules
+```
+
+## Detection Priority
+
+1. **Critical** (blocks commit): Circular dependencies, reverse dependencies
+2. **Warning** (should fix): API boundary leaks, cross-module imports
+3. **Info** (consider): God modules, new unknown modules
+
+## Output Format
+
+Each violation includes:
+- `file`: The file containing the violation
+- `line`: Line number of the problematic import/usage
+- `rule`: Which rule was violated (1-8)
+- `severity`: Critical / Warning / Info
+- `detail`: Human-readable explanation
+- `suggestion`: How to fix