npm - deepspider - Versions diffs - 0.1.0 - Mend

deepspider 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (261) hide show

package/.claude/agents/check.md +122 -0
package/.claude/agents/debug.md +106 -0
package/.claude/agents/dispatch.md +214 -0
package/.claude/agents/implement.md +96 -0
package/.claude/agents/plan.md +396 -0
package/.claude/agents/research.md +120 -0
package/.claude/commands/evolve/merge.md +80 -0
package/.claude/commands/trellis/before-backend-dev.md +13 -0
package/.claude/commands/trellis/before-frontend-dev.md +13 -0
package/.claude/commands/trellis/break-loop.md +107 -0
package/.claude/commands/trellis/check-backend.md +13 -0
package/.claude/commands/trellis/check-cross-layer.md +153 -0
package/.claude/commands/trellis/check-frontend.md +13 -0
package/.claude/commands/trellis/create-command.md +154 -0
package/.claude/commands/trellis/finish-work.md +129 -0
package/.claude/commands/trellis/integrate-skill.md +219 -0
package/.claude/commands/trellis/onboard.md +358 -0
package/.claude/commands/trellis/parallel.md +193 -0
package/.claude/commands/trellis/record-session.md +62 -0
package/.claude/commands/trellis/start.md +280 -0
package/.claude/commands/trellis/update-spec.md +213 -0
package/.claude/hooks/inject-subagent-context.py +758 -0
package/.claude/hooks/ralph-loop.py +374 -0
package/.claude/hooks/session-start.py +126 -0
package/.claude/settings.json +41 -0
package/.claude/skills/deepagents-guide/SKILL.md +428 -0
package/.cursor/commands/trellis-before-backend-dev.md +13 -0
package/.cursor/commands/trellis-before-frontend-dev.md +13 -0
package/.cursor/commands/trellis-break-loop.md +107 -0
package/.cursor/commands/trellis-check-backend.md +13 -0
package/.cursor/commands/trellis-check-cross-layer.md +153 -0
package/.cursor/commands/trellis-check-frontend.md +13 -0
package/.cursor/commands/trellis-create-command.md +154 -0
package/.cursor/commands/trellis-finish-work.md +129 -0
package/.cursor/commands/trellis-integrate-skill.md +219 -0
package/.cursor/commands/trellis-onboard.md +358 -0
package/.cursor/commands/trellis-record-session.md +62 -0
package/.cursor/commands/trellis-start.md +156 -0
package/.cursor/commands/trellis-update-spec.md +213 -0
package/.env.example +11 -0
package/.husky/pre-commit +1 -0
package/.mcp.json +8 -0
package/.trellis/.template-hashes.json +65 -0
package/.trellis/.version +1 -0
package/.trellis/scripts/add-session.sh +384 -0
package/.trellis/scripts/common/developer.sh +129 -0
package/.trellis/scripts/common/git-context.sh +263 -0
package/.trellis/scripts/common/paths.sh +208 -0
package/.trellis/scripts/common/phase.sh +150 -0
package/.trellis/scripts/common/registry.sh +247 -0
package/.trellis/scripts/common/task-queue.sh +142 -0
package/.trellis/scripts/common/task-utils.sh +151 -0
package/.trellis/scripts/common/worktree.sh +128 -0
package/.trellis/scripts/create-bootstrap.sh +299 -0
package/.trellis/scripts/get-context.sh +7 -0
package/.trellis/scripts/get-developer.sh +15 -0
package/.trellis/scripts/init-developer.sh +34 -0
package/.trellis/scripts/multi-agent/cleanup.sh +396 -0
package/.trellis/scripts/multi-agent/create-pr.sh +241 -0
package/.trellis/scripts/multi-agent/plan.sh +207 -0
package/.trellis/scripts/multi-agent/start.sh +310 -0
package/.trellis/scripts/multi-agent/status.sh +828 -0
package/.trellis/scripts/task.sh +1118 -0
package/.trellis/spec/backend/deepagents-guide.md +337 -0
package/.trellis/spec/backend/directory-structure.md +126 -0
package/.trellis/spec/backend/examples/skills/deepagents-guide/README.md +11 -0
package/.trellis/spec/backend/examples/skills/deepagents-guide/agent.js.template +20 -0
package/.trellis/spec/backend/examples/skills/deepagents-guide/skills-config.js.template +13 -0
package/.trellis/spec/backend/examples/skills/deepagents-guide/subagent.js.template +19 -0
package/.trellis/spec/backend/hook-guidelines.md +178 -0
package/.trellis/spec/backend/index.md +36 -0
package/.trellis/spec/backend/quality-guidelines.md +201 -0
package/.trellis/spec/backend/state-management.md +76 -0
package/.trellis/spec/backend/tool-guidelines.md +144 -0
package/.trellis/spec/backend/type-safety.md +71 -0
package/.trellis/spec/guides/code-reuse-thinking-guide.md +92 -0
package/.trellis/spec/guides/cross-layer-thinking-guide.md +94 -0
package/.trellis/spec/guides/index.md +79 -0
package/.trellis/tasks/archive/02-02-evolving-skills/prd.md +61 -0
package/.trellis/tasks/archive/02-02-evolving-skills/task.json +29 -0
package/.trellis/tasks/archive/2026-02/00-bootstrap-guidelines/prd.md +86 -0
package/.trellis/tasks/archive/2026-02/00-bootstrap-guidelines/task.json +27 -0
package/.trellis/tasks/archive/2026-02/02-02-skills-system/check.jsonl +3 -0
package/.trellis/tasks/archive/2026-02/02-02-skills-system/debug.jsonl +2 -0
package/.trellis/tasks/archive/2026-02/02-02-skills-system/implement.jsonl +5 -0
package/.trellis/tasks/archive/2026-02/02-02-skills-system/prd.md +33 -0
package/.trellis/tasks/archive/2026-02/02-02-skills-system/task.json +41 -0
package/.trellis/workflow.md +407 -0
package/.trellis/workspace/index.md +123 -0
package/.trellis/workspace/pony/index.md +40 -0
package/.trellis/workspace/pony/journal-1.md +7 -0
package/.trellis/worktree.yaml +47 -0
package/AGENTS.md +18 -0
package/CLAUDE.md +292 -0
package/README.md +134 -0
package/agents/deepspider.md +142 -0
package/docs/DEBUG.md +42 -0
package/docs/GUIDE.md +334 -0
package/docs/PROMPT.md +60 -0
package/docs/USAGE.md +226 -0
package/eslint.config.js +51 -0
package/package.json +78 -0
package/requirements-crypto.txt +14 -0
package/src/agent/index.js +97 -0
package/src/agent/logger.js +164 -0
package/src/agent/middleware/filterTools.js +64 -0
package/src/agent/middleware/report.js +79 -0
package/src/agent/prompts/system.js +315 -0
package/src/agent/run.js +575 -0
package/src/agent/skills/anti-detect/SKILL.md +28 -0
package/src/agent/skills/anti-detect/evolved.md +12 -0
package/src/agent/skills/captcha/SKILL.md +37 -0
package/src/agent/skills/captcha/evolved.md +12 -0
package/src/agent/skills/config.js +30 -0
package/src/agent/skills/crawler/SKILL.md +9 -0
package/src/agent/skills/crawler/evolved.md +16 -0
package/src/agent/skills/dynamic-analysis/SKILL.md +91 -0
package/src/agent/skills/dynamic-analysis/evolved.md +12 -0
package/src/agent/skills/env/SKILL.md +72 -0
package/src/agent/skills/env/evolved.md +12 -0
package/src/agent/skills/evolve.js +79 -0
package/src/agent/skills/general/SKILL.md +12 -0
package/src/agent/skills/general/evolved.md +12 -0
package/src/agent/skills/js2python/SKILL.md +30 -0
package/src/agent/skills/js2python/evolved.md +13 -0
package/src/agent/skills/report/SKILL.md +21 -0
package/src/agent/skills/report/evolved.md +12 -0
package/src/agent/skills/sandbox/SKILL.md +22 -0
package/src/agent/skills/sandbox/evolved.md +16 -0
package/src/agent/skills/static-analysis/SKILL.md +93 -0
package/src/agent/skills/static-analysis/evolved.md +12 -0
package/src/agent/skills/xpath/SKILL.md +119 -0
package/src/agent/subagents/anti-detect.js +45 -0
package/src/agent/subagents/captcha.js +51 -0
package/src/agent/subagents/crawler.js +138 -0
package/src/agent/subagents/dynamic.js +64 -0
package/src/agent/subagents/env-agent.js +82 -0
package/src/agent/subagents/index.js +37 -0
package/src/agent/subagents/js2python.js +72 -0
package/src/agent/subagents/sandbox.js +55 -0
package/src/agent/subagents/static.js +66 -0
package/src/agent/tools/analysis.js +135 -0
package/src/agent/tools/analyzer.js +85 -0
package/src/agent/tools/anti-detect.js +89 -0
package/src/agent/tools/antidebug.js +64 -0
package/src/agent/tools/async.js +43 -0
package/src/agent/tools/browser.js +324 -0
package/src/agent/tools/captcha.js +223 -0
package/src/agent/tools/capture.js +179 -0
package/src/agent/tools/correlate.js +303 -0
package/src/agent/tools/crawler.js +116 -0
package/src/agent/tools/cryptohook.js +80 -0
package/src/agent/tools/debug.js +246 -0
package/src/agent/tools/deobfuscator.js +90 -0
package/src/agent/tools/env.js +83 -0
package/src/agent/tools/envdump.js +92 -0
package/src/agent/tools/evolve.js +164 -0
package/src/agent/tools/extract.js +114 -0
package/src/agent/tools/extractor.js +54 -0
package/src/agent/tools/file.js +224 -0
package/src/agent/tools/hook.js +84 -0
package/src/agent/tools/hookManager.js +178 -0
package/src/agent/tools/index.js +137 -0
package/src/agent/tools/nodejs.js +101 -0
package/src/agent/tools/patch.js +46 -0
package/src/agent/tools/preprocess.js +71 -0
package/src/agent/tools/profile.js +122 -0
package/src/agent/tools/python.js +627 -0
package/src/agent/tools/report.js +124 -0
package/src/agent/tools/runtime.js +132 -0
package/src/agent/tools/sandbox.js +79 -0
package/src/agent/tools/store.js +73 -0
package/src/agent/tools/trace.js +74 -0
package/src/agent/tools/tracing.js +201 -0
package/src/agent/tools/utils.js +51 -0
package/src/agent/tools/verify.js +184 -0
package/src/agent/tools/webcrack.js +109 -0
package/src/analyzer/ASTAnalyzer.js +387 -0
package/src/analyzer/CallStackAnalyzer.js +379 -0
package/src/analyzer/Deobfuscator.js +289 -0
package/src/analyzer/EncryptionAnalyzer.js +99 -0
package/src/analyzer/index.js +22 -0
package/src/browser/EnvBridge.js +186 -0
package/src/browser/cdp.js +168 -0
package/src/browser/client.js +197 -0
package/src/browser/collector.js +444 -0
package/src/browser/collectors/RequestCryptoLinker.js +109 -0
package/src/browser/collectors/ResponseSearcher.js +107 -0
package/src/browser/collectors/ScriptCollector.js +158 -0
package/src/browser/collectors/index.js +26 -0
package/src/browser/defaultHooks.js +932 -0
package/src/browser/hooks/crypto.js +55 -0
package/src/browser/hooks/index.js +64 -0
package/src/browser/hooks/native.js +9 -0
package/src/browser/hooks/network.js +33 -0
package/src/browser/index.js +42 -0
package/src/browser/interceptors/NetworkInterceptor.js +116 -0
package/src/browser/interceptors/ScriptInterceptor.js +76 -0
package/src/browser/interceptors/index.js +6 -0
package/src/browser/ui/analysisPanel.js +1782 -0
package/src/browser/ui/confirmDialog.js +158 -0
package/src/browser/ui/panel.html +152 -0
package/src/browser/ui/selector.js +170 -0
package/src/config/index.js +5 -0
package/src/config/paths.js +71 -0
package/src/config/patterns/crypto.js +36 -0
package/src/config/profiles/chrome.json +71 -0
package/src/config/profiles/firefox.json +44 -0
package/src/config/profiles/safari.json +38 -0
package/src/core/EnvMonitor.js +200 -0
package/src/core/PatchGenerator.js +278 -0
package/src/core/Sandbox.js +181 -0
package/src/env/AntiAntiDebug.js +111 -0
package/src/env/AsyncHook.js +68 -0
package/src/env/BrowserAPIList.js +265 -0
package/src/env/CookieHook.js +48 -0
package/src/env/CryptoHook.js +205 -0
package/src/env/EnvCodeGenerator.js +157 -0
package/src/env/EnvDumper.js +356 -0
package/src/env/EnvExtractor.js +220 -0
package/src/env/HookBase.js +618 -0
package/src/env/NetworkHook.js +159 -0
package/src/env/modules/bom/history.js +29 -0
package/src/env/modules/bom/location.js +26 -0
package/src/env/modules/bom/navigator.js +70 -0
package/src/env/modules/bom/screen.js +26 -0
package/src/env/modules/bom/storage.js +23 -0
package/src/env/modules/dom/document.js +110 -0
package/src/env/modules/dom/event.js +51 -0
package/src/env/modules/index.js +34 -0
package/src/env/modules/webapi/fetch.js +46 -0
package/src/env/modules/webapi/url.js +47 -0
package/src/env/modules/webapi/xhr.js +48 -0
package/src/index.js +27 -0
package/src/mcp/server.js +89 -0
package/src/store/DataStore.js +708 -0
package/src/store/Store.js +158 -0
package/src/store/Validator.js +24 -0
package/test/analyze.test.js +90 -0
package/test/envdump.test.js +74 -0
package/test/flow.test.js +90 -0
package/test/hooks.test.js +138 -0
package/test/plugin.test.js +35 -0
package/test/refactor-full.test.js +30 -0
package/test/refactor.test.js +21 -0
package/test/samples/obfuscated.js +61 -0
package/test/samples/original.js +66 -0
package/test/samples/v10_eval_chain.js +52 -0
package/test/samples/v11_bytecode_vm.js +81 -0
package/test/samples/v12_polymorphic.js +69 -0
package/test/samples/v1_ob_basic.js +98 -0
package/test/samples/v2_ob_advanced.js +99 -0
package/test/samples/v3_jjencode.js +77 -0
package/test/samples/v4_aaencode.js +73 -0
package/test/samples/v5_control_flow.js +86 -0
package/test/samples/v6_string_encryption.js +71 -0
package/test/samples/v7_jsvmp.js +83 -0
package/test/samples/v8_anti_debug.js +79 -0
package/test/samples/v9_proxy_trap.js +49 -0
package/test/samples.test.js +96 -0
package/test/webcrack.test.js +55 -0

package/src/agent/tools/report.js ADDED Viewed

@@ -0,0 +1,124 @@
+/**
+ * DeepSpider - 分析报告工具
+ * 保存分析结果、生成 HTML 报告
+ * 统一存储到 ~/.deepspider/output/reports/
+ */
+import { z } from 'zod';
+import { tool } from '@langchain/core/tools';
+import { writeFileSync } from 'fs';
+import { join } from 'path';
+import { PATHS, ensureDir, getReportDir } from '../../config/paths.js';
+const OUTPUT_DIR = PATHS.REPORTS_DIR;
+function extractDomain(url) {
+  try {
+    const u = new URL(url);
+    return u.hostname.replace(/[^a-zA-Z0-9.-]/g, '_');
+  } catch {
+    return url.replace(/[^a-zA-Z0-9.-]/g, '_');
+  }
+}
+function escapeHtml(str) {
+  return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+}
+/**
+ * 生成 HTML 报告页面
+ */
+function generateHtmlPage(title, markdown, pythonCode, jsCode) {
+  return `<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+  <meta charset="UTF-8">
+  <title>${escapeHtml(title)} - DeepSpider</title>
+  <style>
+    body { font-family: system-ui; max-width: 900px; margin: 0 auto; padding: 20px; background: #0d1117; color: #c9d1d9; }
+    h1,h2,h3 { color: #58a6ff; }
+    pre { background: #161b22; padding: 16px; border-radius: 6px; overflow-x: auto; }
+    code { font-family: monospace; }
+    table { width: 100%; border-collapse: collapse; }
+    th,td { border: 1px solid #30363d; padding: 8px; }
+    .tabs { display: flex; gap: 8px; margin: 16px 0; }
+    .tab { padding: 8px 16px; background: #21262d; border: 1px solid #30363d; border-radius: 6px; cursor: pointer; color: #c9d1d9; }
+    .tab.active { background: #388bfd; color: #fff; }
+    .code-panel { display: none; }
+    .code-panel.active { display: block; }
+  </style>
+</head>
+<body>
+  <h1>${escapeHtml(title)}</h1>
+  <p>生成时间: ${new Date().toLocaleString('zh-CN')}</p>
+  <hr>
+  <div class="tabs">
+    <button class="tab active" onclick="showCode('python')">Python 代码</button>
+    <button class="tab" onclick="showCode('js')">JavaScript 代码</button>
+  </div>
+  <div id="python" class="code-panel active"><pre><code>${escapeHtml(pythonCode || '# 待生成')}</code></pre></div>
+  <div id="js" class="code-panel"><pre><code>${escapeHtml(jsCode || '// 待生成')}</code></pre></div>
+  <script>
+    function showCode(id) {
+      document.querySelectorAll('.code-panel').forEach(p => p.classList.remove('active'));
+      document.querySelectorAll('.tab').forEach(t => t.classList.remove('active'));
+      document.getElementById(id).classList.add('active');
+      event.target.classList.add('active');
+    }
+  </script>
+</body>
+</html>`;
+}
+/**
+ * 保存分析报告
+ */
+export const saveAnalysisReport = tool(
+  async ({ domain, title, markdown, pythonCode, jsCode }) => {
+    try {
+      const domainDir = join(OUTPUT_DIR, extractDomain(domain));
+      ensureDir(domainDir);
+      const paths = {};
+      // 保存 Markdown
+      paths.markdown = join(domainDir, 'analysis.md');
+      writeFileSync(paths.markdown, markdown, 'utf-8');
+      // 保存 Python 代码
+      if (pythonCode) {
+        paths.python = join(domainDir, 'decrypt.py');
+        writeFileSync(paths.python, pythonCode, 'utf-8');
+      }
+      // 保存 JS 代码
+      if (jsCode) {
+        paths.javascript = join(domainDir, 'decrypt.js');
+        writeFileSync(paths.javascript, jsCode, 'utf-8');
+      }
+      // 生成 HTML
+      paths.html = join(domainDir, 'report.html');
+      const html = generateHtmlPage(title || domain, markdown, pythonCode, jsCode);
+      writeFileSync(paths.html, html, 'utf-8');
+      console.log('[report] 已保存:', domainDir);
+      return JSON.stringify({ success: true, paths, dir: domainDir });
+    } catch (e) {
+      return JSON.stringify({ success: false, error: e.message });
+    }
+  },
+  {
+    name: 'save_analysis_report',
+    description: '保存加密分析报告。分析完成后必须调用，保存 Markdown、HTML 和代码文件。',
+    schema: z.object({
+      domain: z.string().describe('网站域名或 URL'),
+      title: z.string().optional().describe('报告标题'),
+      markdown: z.string().describe('Markdown 分析报告'),
+      pythonCode: z.string().describe('Python 解密代码（必须提供完整可运行代码）'),
+      jsCode: z.string().optional().describe('JavaScript 解密代码'),
+    }),
+  }
+);
+export const reportTools = [saveAnalysisReport];

package/src/agent/tools/runtime.js ADDED Viewed

@@ -0,0 +1,132 @@
+/**
+ * DeepSpider - 浏览器运行时工具
+ * 暴露给 Agent 的浏览器操作能力
+ */
+import { z } from 'zod';
+import { tool } from '@langchain/core/tools';
+import { getBrowser, closeBrowser } from '../../browser/index.js';
+import { HookManager } from '../../browser/hooks/index.js';
+let hookManager = null;
+/**
+ * 标记 Hook 已注入（供外部调用）
+ */
+export function markHookInjected() {
+  if (!hookManager) {
+    hookManager = new HookManager();
+  }
+}
+/**
+ * 启动浏览器
+ */
+export const launchBrowser = tool(
+  async ({ headless }) => {
+    const browser = await getBrowser({ headless });
+    // 检查是否已经注入过 Hook
+    if (!hookManager) {
+      hookManager = new HookManager();
+      await hookManager.inject(browser.getPage());
+      return JSON.stringify({ success: true, message: '浏览器已启动，Hook 已注入' });
+    }
+    return JSON.stringify({ success: true, message: '浏览器已就绪' });
+  },
+  {
+    name: 'launch_browser',
+    description: '启动浏览器并注入 Hook 脚本（如已启动则复用）',
+    schema: z.object({
+      headless: z.boolean().default(false).describe('是否无头模式'),
+    }),
+  }
+);
+/**
+ * 导航到 URL
+ */
+export const navigateTo = tool(
+  async ({ url }) => {
+    const browser = await getBrowser();
+    const page = browser.getPage();
+    const currentUrl = page.url();
+    // 检查是否已在目标 URL（忽略尾部斜杠差异）
+    const normalize = (u) => u.replace(/\/+$/, '');
+    if (normalize(currentUrl) === normalize(url)) {
+      return JSON.stringify({ success: true, url: currentUrl, message: '已在目标页面' });
+    }
+    const finalUrl = await browser.navigate(url);
+    return JSON.stringify({ success: true, url: finalUrl });
+  },
+  {
+    name: 'navigate_to',
+    description: '导航到指定 URL（如已在目标页面则跳过）',
+    schema: z.object({
+      url: z.string().describe('目标 URL'),
+    }),
+  }
+);
+/**
+ * 关闭浏览器
+ */
+export const browserClose = tool(
+  async () => {
+    await closeBrowser();
+    hookManager = null;
+    return JSON.stringify({ success: true });
+  },
+  {
+    name: 'browser_close',
+    description: '关闭浏览器',
+    schema: z.object({}),
+  }
+);
+/**
+ * 页面加载前注入脚本
+ */
+export const addInitScript = tool(
+  async ({ script }) => {
+    const browser = await getBrowser();
+    const page = browser.getPage();
+    await page.addInitScript(script);
+    return JSON.stringify({ success: true, message: '脚本将在每次页面加载前执行' });
+  },
+  {
+    name: 'add_init_script',
+    description: '添加页面加载前执行的脚本（用于在 JS 执行前注入 Hook）',
+    schema: z.object({
+      script: z.string().describe('要注入的 JS 代码'),
+    }),
+  }
+);
+/**
+ * 清除 Cookie
+ */
+export const clearCookies = tool(
+  async ({ domain }) => {
+    const browser = await getBrowser();
+    const context = browser.getContext();
+    await context.clearCookies();
+    return JSON.stringify({ success: true, message: 'Cookie 已清除' });
+  },
+  {
+    name: 'clear_cookies',
+    description: '清除浏览器 Cookie（用于触发 cookie 生成逻辑）',
+    schema: z.object({
+      domain: z.string().optional().describe('指定域名（可选）'),
+    }),
+  }
+);
+export const runtimeTools = [
+  launchBrowser,
+  navigateTo,
+  browserClose,
+  addInitScript,
+  clearCookies,
+];

package/src/agent/tools/sandbox.js ADDED Viewed

@@ -0,0 +1,79 @@
+/**
+ * DeepSpider - 沙箱工具
+ * 基于 @langchain/core/tools 的统一定义
+ */
+import { z } from 'zod';
+import { tool } from '@langchain/core/tools';
+import { Sandbox } from '../../core/Sandbox.js';
+// 单例沙箱
+let sandbox = null;
+export async function getSandbox() {
+  if (!sandbox) {
+    sandbox = new Sandbox();
+    await sandbox.init();
+  }
+  return sandbox;
+}
+export async function resetSandbox() {
+  if (sandbox) {
+    await sandbox.reset();
+  }
+}
+/**
+ * 沙箱执行工具
+ */
+export const sandboxExecute = tool(
+  async ({ code, timeout }) => {
+    const sb = await getSandbox();
+    const result = await sb.execute(code, { timeout });
+    return JSON.stringify(result, null, 2);
+  },
+  {
+    name: 'sandbox_execute',
+    description: '在隔离沙箱中执行JS代码，返回执行结果和缺失环境列表。用于检测代码依赖的浏览器环境。',
+    schema: z.object({
+      code: z.string().describe('要执行的JS代码'),
+      timeout: z.number().optional().default(5000).describe('超时时间(ms)'),
+    }),
+  }
+);
+/**
+ * 沙箱注入工具
+ */
+export const sandboxInject = tool(
+  async ({ code }) => {
+    const sb = await getSandbox();
+    const result = await sb.inject(code);
+    return JSON.stringify(result);
+  },
+  {
+    name: 'sandbox_inject',
+    description: '向沙箱注入环境补丁代码，用于补全缺失的浏览器API。',
+    schema: z.object({
+      code: z.string().describe('补丁代码'),
+    }),
+  }
+);
+/**
+ * 沙箱重置工具
+ */
+export const sandboxReset = tool(
+  async () => {
+    await resetSandbox();
+    return JSON.stringify({ success: true, message: '沙箱已重置' });
+  },
+  {
+    name: 'sandbox_reset',
+    description: '重置沙箱到初始状态，清除所有注入的环境和执行上下文。',
+    schema: z.object({}),
+  }
+);
+export const sandboxTools = [sandboxExecute, sandboxInject, sandboxReset];

package/src/agent/tools/store.js ADDED Viewed

@@ -0,0 +1,73 @@
+/**
+ * DeepSpider - 存储工具
+ */
+import { z } from 'zod';
+import { tool } from '@langchain/core/tools';
+import { Store } from '../../store/Store.js';
+let store = null;
+function getStore() {
+  if (!store) {
+    store = new Store();
+  }
+  return store;
+}
+/**
+ * 保存到知识库
+ */
+export const saveToStore = tool(
+  async ({ type, name, code, metadata }) => {
+    const s = getStore();
+    return JSON.stringify(s.save(type, name, { code, ...metadata }));
+  },
+  {
+    name: 'save_to_store',
+    description: '将验证通过的代码保存到知识库，用于复用。',
+    schema: z.object({
+      type: z.enum(['env-module', 'crypto-pattern', 'obfuscation']).describe('类型'),
+      name: z.string().describe('名称'),
+      code: z.string().describe('代码'),
+      metadata: z.record(z.string(), z.unknown()).optional().describe('元数据'),
+    }),
+  }
+);
+/**
+ * 查询知识库
+ */
+export const queryStore = tool(
+  async ({ type, query }) => {
+    const s = getStore();
+    return JSON.stringify(s.query(type, query), null, 2);
+  },
+  {
+    name: 'query_store',
+    description: '查询知识库中的已有实现。',
+    schema: z.object({
+      type: z.string().optional().describe('类型'),
+      query: z.string().describe('查询关键词'),
+    }),
+  }
+);
+/**
+ * 列出知识库条目
+ */
+export const listStore = tool(
+  async ({ type }) => {
+    const s = getStore();
+    return JSON.stringify(s.list(type));
+  },
+  {
+    name: 'list_store',
+    description: '列出知识库中某类型的所有条目。',
+    schema: z.object({
+      type: z.string().describe('类型'),
+    }),
+  }
+);
+export const storeTools = [saveToStore, queryStore, listStore];

package/src/agent/tools/trace.js ADDED Viewed

@@ -0,0 +1,74 @@
+/**
+ * DeepSpider - 追踪工具
+ */
+import { z } from 'zod';
+import { tool } from '@langchain/core/tools';
+import { ASTAnalyzer } from '../../analyzer/ASTAnalyzer.js';
+import { CallStackAnalyzer } from '../../analyzer/CallStackAnalyzer.js';
+/**
+ * 变量追踪
+ */
+export const traceVariable = tool(
+  async ({ code, varName }) => {
+    const astAnalyzer = new ASTAnalyzer();
+    const callAnalyzer = new CallStackAnalyzer();
+    return JSON.stringify({
+      assignments: astAnalyzer.findAssignments(code, varName),
+      dataFlow: callAnalyzer.traceDataFlow(code, varName),
+    }, null, 2);
+  },
+  {
+    name: 'trace_variable',
+    description: '追踪变量的赋值和数据流，找出变量的来源和去向。',
+    schema: z.object({
+      code: z.string().describe('JS代码'),
+      varName: z.string().describe('变量名'),
+    }),
+  }
+);
+/**
+ * 请求参数追踪
+ */
+export const traceRequestParams = tool(
+  async ({ code, funcName }) => {
+    const analyzer = new CallStackAnalyzer();
+    const astAnalyzer = new ASTAnalyzer();
+    return JSON.stringify({
+      callGraph: Object.fromEntries(analyzer.buildCallGraph(code)),
+      slice: astAnalyzer.extractSlice(code, funcName),
+      callers: analyzer.findCallers(code, funcName),
+      callChain: analyzer.buildCallChain(code, funcName),
+    }, null, 2);
+  },
+  {
+    name: 'trace_request_params',
+    description: '追踪请求参数的生成逻辑，提取相关代码切片。',
+    schema: z.object({
+      code: z.string().describe('JS代码'),
+      funcName: z.string().describe('目标函数名'),
+    }),
+  }
+);
+/**
+ * 调用模式查找
+ */
+export const findCallPattern = tool(
+  async ({ code, pattern }) => {
+    const analyzer = new ASTAnalyzer();
+    return JSON.stringify(analyzer.findCallPattern(code, pattern), null, 2);
+  },
+  {
+    name: 'find_call_pattern',
+    description: '按正则模式查找函数调用，用于定位特定API调用。',
+    schema: z.object({
+      code: z.string().describe('JS代码'),
+      pattern: z.string().describe('正则模式'),
+    }),
+  }
+);
+export const traceTools = [traceVariable, traceRequestParams, findCallPattern];

package/src/agent/tools/tracing.js ADDED Viewed

@@ -0,0 +1,201 @@
+/**
+ * DeepSpider - 数据溯源工具
+ * 提供给 Agent 的数据分析能力，支持按站点过滤
+ */
+import { z } from 'zod';
+import { tool } from '@langchain/core/tools';
+import { getDataStore } from '../../store/DataStore.js';
+/**
+ * 获取站点列表
+ */
+export const getSiteList = tool(
+  async () => {
+    const store = getDataStore();
+    const sites = store.getSiteList();
+    return JSON.stringify(sites, null, 2);
+  },
+  {
+    name: 'get_site_list',
+    description: '获取所有已记录数据的站点列表',
+    schema: z.object({}),
+  }
+);
+/**
+ * 在响应中搜索文本
+ */
+export const searchInResponses = tool(
+  async ({ text, site }) => {
+    const store = getDataStore();
+    const results = await store.searchInResponses(text, site || null);
+    return JSON.stringify(results, null, 2);
+  },
+  {
+    name: 'search_in_responses',
+    description: '在响应中搜索文本，定位数据来源请求',
+    schema: z.object({
+      text: z.string().describe('要搜索的文本'),
+      site: z.string().optional().describe('限定搜索的站点（hostname）'),
+    }),
+  }
+);
+/**
+ * 获取请求详情
+ */
+export const getRequestDetail = tool(
+  async ({ site, id }) => {
+    const store = getDataStore();
+    const result = await store.getResponse(site, id);
+    if (!result) {
+      return JSON.stringify({ error: '未找到该请求' });
+    }
+    return JSON.stringify(result, null, 2);
+  },
+  {
+    name: 'get_request_detail',
+    description: '获取指定请求的完整信息（Headers、Body、Response）',
+    schema: z.object({
+      site: z.string().describe('站点 hostname'),
+      id: z.string().describe('请求 ID'),
+    }),
+  }
+);
+/**
+ * 获取请求列表
+ */
+export const getRequestList = tool(
+  async ({ site }) => {
+    const store = getDataStore();
+    const result = await store.getResponseList(site || null);
+    return JSON.stringify(result, null, 2);
+  },
+  {
+    name: 'get_request_list',
+    description: '获取请求列表（仅元数据）',
+    schema: z.object({
+      site: z.string().optional().describe('限定站点（hostname），不传则返回所有'),
+    }),
+  }
+);
+/**
+ * 获取脚本列表
+ */
+export const getScriptList = tool(
+  async ({ site }) => {
+    const store = getDataStore();
+    const result = await store.getScriptList(site || null);
+    return JSON.stringify(result, null, 2);
+  },
+  {
+    name: 'get_script_list',
+    description: '获取 JS 脚本列表',
+    schema: z.object({
+      site: z.string().optional().describe('限定站点（hostname），不传则返回所有'),
+    }),
+  }
+);
+/**
+ * 获取脚本源码（支持分段）
+ */
+export const getScriptSource = tool(
+  async ({ site, id, offset, limit }) => {
+    const store = getDataStore();
+    const source = await store.getScript(site, id);
+    if (!source) {
+      return JSON.stringify({ error: '未找到该脚本' });
+    }
+    const start = offset || 0;
+    const size = limit || 5000;
+    const chunk = source.slice(start, start + size);
+    return JSON.stringify({
+      total: source.length,
+      offset: start,
+      limit: size,
+      hasMore: start + size < source.length,
+      content: chunk
+    });
+  },
+  {
+    name: 'get_script_source',
+    description: '获取指定脚本的源码（支持分段获取）',
+    schema: z.object({
+      site: z.string().describe('站点 hostname'),
+      id: z.string().describe('脚本 ID'),
+      offset: z.number().optional().default(0).describe('起始位置（字符偏移）'),
+      limit: z.number().optional().default(5000).describe('获取长度（默认 5000）'),
+    }),
+  }
+);
+/**
+ * 在脚本中搜索文本
+ */
+export const searchInScripts = tool(
+  async ({ text, site }) => {
+    const store = getDataStore();
+    const results = await store.searchInScripts(text, site || null);
+    return JSON.stringify(results, null, 2);
+  },
+  {
+    name: 'search_in_scripts',
+    description: '在 JS 脚本中搜索文本，定位代码位置',
+    schema: z.object({
+      text: z.string().describe('要搜索的文本'),
+      site: z.string().optional().describe('限定搜索的站点（hostname）'),
+    }),
+  }
+);
+/**
+ * 清除站点数据
+ */
+export const clearSiteData = tool(
+  async ({ site }) => {
+    const store = getDataStore();
+    await store.clearSite(site);
+    return JSON.stringify({ success: true, message: `站点 ${site} 数据已清除` });
+  },
+  {
+    name: 'clear_site_data',
+    description: '清除指定站点的所有数据',
+    schema: z.object({
+      site: z.string().describe('站点 hostname'),
+    }),
+  }
+);
+/**
+ * 清除所有数据
+ */
+export const clearAllData = tool(
+  async () => {
+    const store = getDataStore();
+    await store.clearAll();
+    return JSON.stringify({ success: true, message: '所有数据已清除' });
+  },
+  {
+    name: 'clear_all_data',
+    description: '清除所有站点的数据',
+    schema: z.object({}),
+  }
+);
+export const tracingTools = [
+  getSiteList,
+  searchInResponses,
+  getRequestDetail,
+  getRequestList,
+  getScriptList,
+  getScriptSource,
+  searchInScripts,
+  clearSiteData,
+  clearAllData,
+];