npm - deepspider - Versions diffs - 0.1.0 - Mend

deepspider 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (261) hide show

package/.claude/agents/check.md +122 -0
package/.claude/agents/debug.md +106 -0
package/.claude/agents/dispatch.md +214 -0
package/.claude/agents/implement.md +96 -0
package/.claude/agents/plan.md +396 -0
package/.claude/agents/research.md +120 -0
package/.claude/commands/evolve/merge.md +80 -0
package/.claude/commands/trellis/before-backend-dev.md +13 -0
package/.claude/commands/trellis/before-frontend-dev.md +13 -0
package/.claude/commands/trellis/break-loop.md +107 -0
package/.claude/commands/trellis/check-backend.md +13 -0
package/.claude/commands/trellis/check-cross-layer.md +153 -0
package/.claude/commands/trellis/check-frontend.md +13 -0
package/.claude/commands/trellis/create-command.md +154 -0
package/.claude/commands/trellis/finish-work.md +129 -0
package/.claude/commands/trellis/integrate-skill.md +219 -0
package/.claude/commands/trellis/onboard.md +358 -0
package/.claude/commands/trellis/parallel.md +193 -0
package/.claude/commands/trellis/record-session.md +62 -0
package/.claude/commands/trellis/start.md +280 -0
package/.claude/commands/trellis/update-spec.md +213 -0
package/.claude/hooks/inject-subagent-context.py +758 -0
package/.claude/hooks/ralph-loop.py +374 -0
package/.claude/hooks/session-start.py +126 -0
package/.claude/settings.json +41 -0
package/.claude/skills/deepagents-guide/SKILL.md +428 -0
package/.cursor/commands/trellis-before-backend-dev.md +13 -0
package/.cursor/commands/trellis-before-frontend-dev.md +13 -0
package/.cursor/commands/trellis-break-loop.md +107 -0
package/.cursor/commands/trellis-check-backend.md +13 -0
package/.cursor/commands/trellis-check-cross-layer.md +153 -0
package/.cursor/commands/trellis-check-frontend.md +13 -0
package/.cursor/commands/trellis-create-command.md +154 -0
package/.cursor/commands/trellis-finish-work.md +129 -0
package/.cursor/commands/trellis-integrate-skill.md +219 -0
package/.cursor/commands/trellis-onboard.md +358 -0
package/.cursor/commands/trellis-record-session.md +62 -0
package/.cursor/commands/trellis-start.md +156 -0
package/.cursor/commands/trellis-update-spec.md +213 -0
package/.env.example +11 -0
package/.husky/pre-commit +1 -0
package/.mcp.json +8 -0
package/.trellis/.template-hashes.json +65 -0
package/.trellis/.version +1 -0
package/.trellis/scripts/add-session.sh +384 -0
package/.trellis/scripts/common/developer.sh +129 -0
package/.trellis/scripts/common/git-context.sh +263 -0
package/.trellis/scripts/common/paths.sh +208 -0
package/.trellis/scripts/common/phase.sh +150 -0
package/.trellis/scripts/common/registry.sh +247 -0
package/.trellis/scripts/common/task-queue.sh +142 -0
package/.trellis/scripts/common/task-utils.sh +151 -0
package/.trellis/scripts/common/worktree.sh +128 -0
package/.trellis/scripts/create-bootstrap.sh +299 -0
package/.trellis/scripts/get-context.sh +7 -0
package/.trellis/scripts/get-developer.sh +15 -0
package/.trellis/scripts/init-developer.sh +34 -0
package/.trellis/scripts/multi-agent/cleanup.sh +396 -0
package/.trellis/scripts/multi-agent/create-pr.sh +241 -0
package/.trellis/scripts/multi-agent/plan.sh +207 -0
package/.trellis/scripts/multi-agent/start.sh +310 -0
package/.trellis/scripts/multi-agent/status.sh +828 -0
package/.trellis/scripts/task.sh +1118 -0
package/.trellis/spec/backend/deepagents-guide.md +337 -0
package/.trellis/spec/backend/directory-structure.md +126 -0
package/.trellis/spec/backend/examples/skills/deepagents-guide/README.md +11 -0
package/.trellis/spec/backend/examples/skills/deepagents-guide/agent.js.template +20 -0
package/.trellis/spec/backend/examples/skills/deepagents-guide/skills-config.js.template +13 -0
package/.trellis/spec/backend/examples/skills/deepagents-guide/subagent.js.template +19 -0
package/.trellis/spec/backend/hook-guidelines.md +178 -0
package/.trellis/spec/backend/index.md +36 -0
package/.trellis/spec/backend/quality-guidelines.md +201 -0
package/.trellis/spec/backend/state-management.md +76 -0
package/.trellis/spec/backend/tool-guidelines.md +144 -0
package/.trellis/spec/backend/type-safety.md +71 -0
package/.trellis/spec/guides/code-reuse-thinking-guide.md +92 -0
package/.trellis/spec/guides/cross-layer-thinking-guide.md +94 -0
package/.trellis/spec/guides/index.md +79 -0
package/.trellis/tasks/archive/02-02-evolving-skills/prd.md +61 -0
package/.trellis/tasks/archive/02-02-evolving-skills/task.json +29 -0
package/.trellis/tasks/archive/2026-02/00-bootstrap-guidelines/prd.md +86 -0
package/.trellis/tasks/archive/2026-02/00-bootstrap-guidelines/task.json +27 -0
package/.trellis/tasks/archive/2026-02/02-02-skills-system/check.jsonl +3 -0
package/.trellis/tasks/archive/2026-02/02-02-skills-system/debug.jsonl +2 -0
package/.trellis/tasks/archive/2026-02/02-02-skills-system/implement.jsonl +5 -0
package/.trellis/tasks/archive/2026-02/02-02-skills-system/prd.md +33 -0
package/.trellis/tasks/archive/2026-02/02-02-skills-system/task.json +41 -0
package/.trellis/workflow.md +407 -0
package/.trellis/workspace/index.md +123 -0
package/.trellis/workspace/pony/index.md +40 -0
package/.trellis/workspace/pony/journal-1.md +7 -0
package/.trellis/worktree.yaml +47 -0
package/AGENTS.md +18 -0
package/CLAUDE.md +292 -0
package/README.md +134 -0
package/agents/deepspider.md +142 -0
package/docs/DEBUG.md +42 -0
package/docs/GUIDE.md +334 -0
package/docs/PROMPT.md +60 -0
package/docs/USAGE.md +226 -0
package/eslint.config.js +51 -0
package/package.json +78 -0
package/requirements-crypto.txt +14 -0
package/src/agent/index.js +97 -0
package/src/agent/logger.js +164 -0
package/src/agent/middleware/filterTools.js +64 -0
package/src/agent/middleware/report.js +79 -0
package/src/agent/prompts/system.js +315 -0
package/src/agent/run.js +575 -0
package/src/agent/skills/anti-detect/SKILL.md +28 -0
package/src/agent/skills/anti-detect/evolved.md +12 -0
package/src/agent/skills/captcha/SKILL.md +37 -0
package/src/agent/skills/captcha/evolved.md +12 -0
package/src/agent/skills/config.js +30 -0
package/src/agent/skills/crawler/SKILL.md +9 -0
package/src/agent/skills/crawler/evolved.md +16 -0
package/src/agent/skills/dynamic-analysis/SKILL.md +91 -0
package/src/agent/skills/dynamic-analysis/evolved.md +12 -0
package/src/agent/skills/env/SKILL.md +72 -0
package/src/agent/skills/env/evolved.md +12 -0
package/src/agent/skills/evolve.js +79 -0
package/src/agent/skills/general/SKILL.md +12 -0
package/src/agent/skills/general/evolved.md +12 -0
package/src/agent/skills/js2python/SKILL.md +30 -0
package/src/agent/skills/js2python/evolved.md +13 -0
package/src/agent/skills/report/SKILL.md +21 -0
package/src/agent/skills/report/evolved.md +12 -0
package/src/agent/skills/sandbox/SKILL.md +22 -0
package/src/agent/skills/sandbox/evolved.md +16 -0
package/src/agent/skills/static-analysis/SKILL.md +93 -0
package/src/agent/skills/static-analysis/evolved.md +12 -0
package/src/agent/skills/xpath/SKILL.md +119 -0
package/src/agent/subagents/anti-detect.js +45 -0
package/src/agent/subagents/captcha.js +51 -0
package/src/agent/subagents/crawler.js +138 -0
package/src/agent/subagents/dynamic.js +64 -0
package/src/agent/subagents/env-agent.js +82 -0
package/src/agent/subagents/index.js +37 -0
package/src/agent/subagents/js2python.js +72 -0
package/src/agent/subagents/sandbox.js +55 -0
package/src/agent/subagents/static.js +66 -0
package/src/agent/tools/analysis.js +135 -0
package/src/agent/tools/analyzer.js +85 -0
package/src/agent/tools/anti-detect.js +89 -0
package/src/agent/tools/antidebug.js +64 -0
package/src/agent/tools/async.js +43 -0
package/src/agent/tools/browser.js +324 -0
package/src/agent/tools/captcha.js +223 -0
package/src/agent/tools/capture.js +179 -0
package/src/agent/tools/correlate.js +303 -0
package/src/agent/tools/crawler.js +116 -0
package/src/agent/tools/cryptohook.js +80 -0
package/src/agent/tools/debug.js +246 -0
package/src/agent/tools/deobfuscator.js +90 -0
package/src/agent/tools/env.js +83 -0
package/src/agent/tools/envdump.js +92 -0
package/src/agent/tools/evolve.js +164 -0
package/src/agent/tools/extract.js +114 -0
package/src/agent/tools/extractor.js +54 -0
package/src/agent/tools/file.js +224 -0
package/src/agent/tools/hook.js +84 -0
package/src/agent/tools/hookManager.js +178 -0
package/src/agent/tools/index.js +137 -0
package/src/agent/tools/nodejs.js +101 -0
package/src/agent/tools/patch.js +46 -0
package/src/agent/tools/preprocess.js +71 -0
package/src/agent/tools/profile.js +122 -0
package/src/agent/tools/python.js +627 -0
package/src/agent/tools/report.js +124 -0
package/src/agent/tools/runtime.js +132 -0
package/src/agent/tools/sandbox.js +79 -0
package/src/agent/tools/store.js +73 -0
package/src/agent/tools/trace.js +74 -0
package/src/agent/tools/tracing.js +201 -0
package/src/agent/tools/utils.js +51 -0
package/src/agent/tools/verify.js +184 -0
package/src/agent/tools/webcrack.js +109 -0
package/src/analyzer/ASTAnalyzer.js +387 -0
package/src/analyzer/CallStackAnalyzer.js +379 -0
package/src/analyzer/Deobfuscator.js +289 -0
package/src/analyzer/EncryptionAnalyzer.js +99 -0
package/src/analyzer/index.js +22 -0
package/src/browser/EnvBridge.js +186 -0
package/src/browser/cdp.js +168 -0
package/src/browser/client.js +197 -0
package/src/browser/collector.js +444 -0
package/src/browser/collectors/RequestCryptoLinker.js +109 -0
package/src/browser/collectors/ResponseSearcher.js +107 -0
package/src/browser/collectors/ScriptCollector.js +158 -0
package/src/browser/collectors/index.js +26 -0
package/src/browser/defaultHooks.js +932 -0
package/src/browser/hooks/crypto.js +55 -0
package/src/browser/hooks/index.js +64 -0
package/src/browser/hooks/native.js +9 -0
package/src/browser/hooks/network.js +33 -0
package/src/browser/index.js +42 -0
package/src/browser/interceptors/NetworkInterceptor.js +116 -0
package/src/browser/interceptors/ScriptInterceptor.js +76 -0
package/src/browser/interceptors/index.js +6 -0
package/src/browser/ui/analysisPanel.js +1782 -0
package/src/browser/ui/confirmDialog.js +158 -0
package/src/browser/ui/panel.html +152 -0
package/src/browser/ui/selector.js +170 -0
package/src/config/index.js +5 -0
package/src/config/paths.js +71 -0
package/src/config/patterns/crypto.js +36 -0
package/src/config/profiles/chrome.json +71 -0
package/src/config/profiles/firefox.json +44 -0
package/src/config/profiles/safari.json +38 -0
package/src/core/EnvMonitor.js +200 -0
package/src/core/PatchGenerator.js +278 -0
package/src/core/Sandbox.js +181 -0
package/src/env/AntiAntiDebug.js +111 -0
package/src/env/AsyncHook.js +68 -0
package/src/env/BrowserAPIList.js +265 -0
package/src/env/CookieHook.js +48 -0
package/src/env/CryptoHook.js +205 -0
package/src/env/EnvCodeGenerator.js +157 -0
package/src/env/EnvDumper.js +356 -0
package/src/env/EnvExtractor.js +220 -0
package/src/env/HookBase.js +618 -0
package/src/env/NetworkHook.js +159 -0
package/src/env/modules/bom/history.js +29 -0
package/src/env/modules/bom/location.js +26 -0
package/src/env/modules/bom/navigator.js +70 -0
package/src/env/modules/bom/screen.js +26 -0
package/src/env/modules/bom/storage.js +23 -0
package/src/env/modules/dom/document.js +110 -0
package/src/env/modules/dom/event.js +51 -0
package/src/env/modules/index.js +34 -0
package/src/env/modules/webapi/fetch.js +46 -0
package/src/env/modules/webapi/url.js +47 -0
package/src/env/modules/webapi/xhr.js +48 -0
package/src/index.js +27 -0
package/src/mcp/server.js +89 -0
package/src/store/DataStore.js +708 -0
package/src/store/Store.js +158 -0
package/src/store/Validator.js +24 -0
package/test/analyze.test.js +90 -0
package/test/envdump.test.js +74 -0
package/test/flow.test.js +90 -0
package/test/hooks.test.js +138 -0
package/test/plugin.test.js +35 -0
package/test/refactor-full.test.js +30 -0
package/test/refactor.test.js +21 -0
package/test/samples/obfuscated.js +61 -0
package/test/samples/original.js +66 -0
package/test/samples/v10_eval_chain.js +52 -0
package/test/samples/v11_bytecode_vm.js +81 -0
package/test/samples/v12_polymorphic.js +69 -0
package/test/samples/v1_ob_basic.js +98 -0
package/test/samples/v2_ob_advanced.js +99 -0
package/test/samples/v3_jjencode.js +77 -0
package/test/samples/v4_aaencode.js +73 -0
package/test/samples/v5_control_flow.js +86 -0
package/test/samples/v6_string_encryption.js +71 -0
package/test/samples/v7_jsvmp.js +83 -0
package/test/samples/v8_anti_debug.js +79 -0
package/test/samples/v9_proxy_trap.js +49 -0
package/test/samples.test.js +96 -0
package/test/webcrack.test.js +55 -0

package/src/store/Store.js ADDED Viewed

@@ -0,0 +1,158 @@
+/**
+ * DeepSpider - 知识库存储
+ * 文件系统持久化，支持分类索引
+ * 统一存储到 ~/.deepspider/store/
+ */
+import fs from 'fs';
+import path from 'path';
+import { PATHS, ensureDir } from '../config/paths.js';
+export class Store {
+  constructor(options = {}) {
+    this.baseDir = options.baseDir || PATHS.STORE_DIR;
+    this.cache = new Map();
+    this.indexFile = path.join(this.baseDir, 'index.json');
+    this.index = { types: {} };
+    this._ensureDir();
+    this._loadIndex();
+  }
+  _ensureDir() {
+    ensureDir(this.baseDir);
+  }
+  _loadIndex() {
+    try {
+      if (fs.existsSync(this.indexFile)) {
+        this.index = JSON.parse(fs.readFileSync(this.indexFile, 'utf-8'));
+      }
+    } catch {
+      this.index = { types: {} };
+    }
+  }
+  _saveIndex() {
+    fs.writeFileSync(this.indexFile, JSON.stringify(this.index, null, 2));
+  }
+  _getFilePath(type, name) {
+    const typeDir = path.join(this.baseDir, type);
+    if (!fs.existsSync(typeDir)) {
+      fs.mkdirSync(typeDir, { recursive: true });
+    }
+    const safeName = name.replace(/[^a-zA-Z0-9_.-]/g, '_');
+    return path.join(typeDir, `${safeName}.json`);
+  }
+  save(type, name, entry) {
+    const key = `${type}:${name}`;
+    const data = { ...entry, type, name, updatedAt: Date.now() };
+    // 写入文件
+    const filePath = this._getFilePath(type, name);
+    fs.writeFileSync(filePath, JSON.stringify(data, null, 2));
+    // 更新索引
+    if (!this.index.types[type]) {
+      this.index.types[type] = [];
+    }
+    if (!this.index.types[type].includes(name)) {
+      this.index.types[type].push(name);
+    }
+    this._saveIndex();
+    // 更新缓存
+    this.cache.set(key, data);
+    return { success: true, path: filePath };
+  }
+  get(type, name) {
+    const key = `${type}:${name}`;
+    // 检查缓存
+    if (this.cache.has(key)) {
+      return this.cache.get(key);
+    }
+    // 从文件读取
+    const filePath = this._getFilePath(type, name);
+    if (fs.existsSync(filePath)) {
+      const data = JSON.parse(fs.readFileSync(filePath, 'utf-8'));
+      this.cache.set(key, data);
+      return data;
+    }
+    return null;
+  }
+  query(type, keyword) {
+    const results = [];
+    const names = this.index.types[type] || [];
+    for (const name of names) {
+      if (name.includes(keyword)) {
+        const entry = this.get(type, name);
+        if (entry) results.push(entry);
+      }
+    }
+    // 也搜索内容
+    if (results.length === 0) {
+      for (const name of names) {
+        const entry = this.get(type, name);
+        if (entry?.code?.includes(keyword)) {
+          results.push(entry);
+        }
+      }
+    }
+    return results;
+  }
+  // 列出某类型下所有条目
+  list(type) {
+    return this.index.types[type] || [];
+  }
+  // 删除条目
+  delete(type, name) {
+    const key = `${type}:${name}`;
+    const filePath = this._getFilePath(type, name);
+    if (fs.existsSync(filePath)) {
+      fs.unlinkSync(filePath);
+    }
+    this.cache.delete(key);
+    if (this.index.types[type]) {
+      this.index.types[type] = this.index.types[type].filter(n => n !== name);
+      this._saveIndex();
+    }
+  }
+  // 导出所有数据
+  exportAll() {
+    const all = {};
+    for (const [type, names] of Object.entries(this.index.types)) {
+      all[type] = names.map(name => this.get(type, name));
+    }
+    return all;
+  }
+  // 导入数据
+  import(data) {
+    let count = 0;
+    for (const [type, entries] of Object.entries(data)) {
+      for (const entry of entries) {
+        this.save(type, entry.name, entry);
+        count++;
+      }
+    }
+    return { imported: count };
+  }
+}
+export default Store;

package/src/store/Validator.js ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * DeepSpider - 补丁验证器
+ */
+export class Validator {
+  constructor(sandbox) {
+    this.sandbox = sandbox;
+  }
+  async validate(patch, testCode) {
+    try {
+      await this.sandbox.inject(patch.code);
+      const result = await this.sandbox.execute(testCode);
+      return {
+        valid: result.success,
+        error: result.error
+      };
+    } catch (e) {
+      return { valid: false, error: e.message };
+    }
+  }
+}
+export default Validator;

package/test/analyze.test.js ADDED Viewed

@@ -0,0 +1,90 @@
+/**
+ * DeepSpider 分析能力测试
+ */
+import { ASTAnalyzer } from '../src/analyzer/ASTAnalyzer.js';
+import { CallStackAnalyzer } from '../src/analyzer/CallStackAnalyzer.js';
+import { EncryptionAnalyzer } from '../src/analyzer/EncryptionAnalyzer.js';
+import { Deobfuscator } from '../src/analyzer/Deobfuscator.js';
+import { Sandbox } from '../src/core/Sandbox.js';
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+// 读取测试样本
+const originalCode = fs.readFileSync(path.join(__dirname, 'samples/original.js'), 'utf-8');
+const obfuscatedCode = fs.readFileSync(path.join(__dirname, 'samples/obfuscated.js'), 'utf-8');
+console.log('=== DeepSpider 分析能力测试 ===\n');
+// 测试 1: 混淆器识别
+console.log('【测试1】混淆器识别');
+const deob = new Deobfuscator();
+const obfuscatorType = deob.detectObfuscator(obfuscatedCode);
+console.log('识别结果:', obfuscatorType);
+console.log('混淆类型:', deob._detectType(obfuscatedCode));
+console.log('');
+// 测试 2: 反混淆流水线
+console.log('【测试2】反混淆流水线');
+const pipelineResult = deob.runPipeline(obfuscatedCode);
+console.log('应用的步骤:', pipelineResult.applied);
+console.log('代码长度变化:', obfuscatedCode.length, '->', pipelineResult.code.length);
+console.log('');
+// 测试 3: AST 分析
+console.log('【测试3】AST 分析');
+const astAnalyzer = new ASTAnalyzer();
+const functions = astAnalyzer.extractFunctions(obfuscatedCode);
+console.log('提取到函数数量:', functions.length);
+functions.forEach(f => console.log('  -', f.name, `(${f.params.join(', ')})`));
+console.log('');
+// 测试 4: 调用链分析
+console.log('【测试4】调用链分析');
+const callAnalyzer = new CallStackAnalyzer();
+const entryPoints = callAnalyzer.findEntryPoints(obfuscatedCode);
+console.log('入口点:', entryPoints.length);
+entryPoints.forEach(e => console.log('  -', e.type, e.name || ''));
+const callGraph = callAnalyzer.buildCallGraph(obfuscatedCode);
+console.log('调用图节点数:', callGraph.size);
+console.log('');
+// 测试 5: 加密分析
+console.log('【测试5】加密分析');
+const encAnalyzer = new EncryptionAnalyzer();
+const cryptoResult = encAnalyzer.analyze(obfuscatedCode);
+console.log('检测到算法:', cryptoResult.detectedAlgorithms.map(a => a.name));
+console.log('可疑函数:', cryptoResult.suspiciousFunctions.length);
+console.log('');
+// 测试 6: 字符串提取
+console.log('【测试6】字符串提取');
+const strings = astAnalyzer.extractStrings(obfuscatedCode);
+console.log('字符串数量:', strings.length);
+const keyStrings = strings.filter(s =>
+  s.value.includes('key') ||
+  s.value.includes('sign') ||
+  s.value.includes('app')
+);
+console.log('关键字符串:', keyStrings.map(s => s.value));
+console.log('');
+// 测试 7: 沙箱执行
+console.log('【测试7】沙箱执行');
+const sandbox = new Sandbox();
+const execResult = await sandbox.execute(obfuscatedCode);
+console.log('执行成功:', execResult.success);
+if (execResult.success) {
+  console.log('执行结果:', execResult.result);
+} else {
+  console.log('错误:', execResult.error);
+  console.log('错误类型:', execResult.errorType);
+  console.log('缺失环境:', execResult.missingEnv);
+}
+console.log('\n=== 测试完成 ===');

package/test/envdump.test.js ADDED Viewed

@@ -0,0 +1,74 @@
+/**
+ * 环境自吐功能测试
+ */
+import { generateEnvDumpCode, generateBaseEnvCode } from '../src/agent/tools/envdump.js';
+import { sandboxExecute, sandboxInject, sandboxReset } from '../src/agent/tools/sandbox.js';
+async function test() {
+  console.log('=== 环境自吐测试 ===\n');
+  // 1. 生成基础环境代码
+  console.log('【Step 1】生成基础环境');
+  const baseResult = JSON.parse(await generateBaseEnvCode.invoke({}));
+  console.log('基础环境代码长度:', baseResult.code.length, '字符\n');
+  // 2. 生成环境自吐代码
+  console.log('【Step 2】生成环境自吐代码');
+  const dumpResult = JSON.parse(await generateEnvDumpCode.invoke({
+    targets: ['window', 'document', 'navigator'],
+    enableCallStack: false,
+    maxValueLength: 50,
+  }));
+  console.log('自吐代码长度:', dumpResult.code.length, '字符\n');
+  // 3. 注入基础环境
+  console.log('【Step 3】注入基础环境');
+  await sandboxReset.invoke({});
+  const injectBase = JSON.parse(await sandboxInject.invoke({ code: baseResult.code }));
+  console.log('注入结果:', injectBase.success ? '✅' : '❌', '\n');
+  // 4. 注入自吐代码
+  console.log('【Step 4】注入自吐代码');
+  const injectDump = JSON.parse(await sandboxInject.invoke({ code: dumpResult.code }));
+  console.log('注入结果:', injectDump.success ? '✅' : '❌', '\n');
+  // 5. 执行测试代码
+  console.log('【Step 5】执行测试代码');
+  const testCode = `
+    // 模拟目标代码访问环境
+    var ua = navigator.userAgent;
+    var platform = navigator.platform;
+    var cookie = document.cookie;
+    document.createElement('div');
+    window.innerWidth;
+    // 获取日志
+    __deepspider__.getLogs('env');
+  `;
+  const execResult = JSON.parse(await sandboxExecute.invoke({ code: testCode, timeout: 3000 }));
+  console.log('执行结果:', execResult.success ? '✅' : '❌');
+  if (execResult.success && execResult.result) {
+    console.log('\n【环境访问日志】');
+    try {
+      const logs = JSON.parse(execResult.result);
+      console.log('记录条数:', logs.length);
+      logs.slice(0, 10).forEach((log, i) => {
+        console.log(`  ${i + 1}. [${log.type}] ${log.path}`);
+      });
+      if (logs.length > 10) {
+        console.log(`  ... 还有 ${logs.length - 10} 条`);
+      }
+    } catch (e) {
+      console.log('日志解析失败:', e.message);
+    }
+  } else {
+    console.log('错误:', execResult.error);
+  }
+  console.log('\n=== 测试完成 ===');
+}
+test().catch(console.error);

package/test/flow.test.js ADDED Viewed

@@ -0,0 +1,90 @@
+/**
+ * DeepSpider 完整流程测试 - 单样本深度分析
+ */
+import { ASTAnalyzer } from '../src/analyzer/ASTAnalyzer.js';
+import { CallStackAnalyzer } from '../src/analyzer/CallStackAnalyzer.js';
+import { EncryptionAnalyzer } from '../src/analyzer/EncryptionAnalyzer.js';
+import { Deobfuscator } from '../src/analyzer/Deobfuscator.js';
+import { Sandbox } from '../src/core/Sandbox.js';
+import { Store } from '../src/store/Store.js';
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+// 选择 v2_ob_advanced.js 进行深度分析
+const code = fs.readFileSync(
+  path.join(__dirname, 'samples/v2_ob_advanced.js'),
+  'utf-8'
+);
+console.log('=== DeepSpider 完整流程测试 ===\n');
+console.log('目标: v2_ob_advanced.js\n');
+// Step 1: 混淆识别
+console.log('【Step 1】混淆识别');
+const deob = new Deobfuscator();
+console.log('  混淆器:', deob.detectObfuscator(code));
+console.log('  类型:', deob._detectType(code));
+// Step 2: 反混淆
+console.log('\n【Step 2】反混淆流水线');
+const deobResult = deob.runPipeline(code);
+console.log('  应用步骤:', deobResult.applied.join(' → '));
+console.log('  代码压缩:', code.length, '→', deobResult.code.length);
+// Step 3: AST 分析
+console.log('\n【Step 3】AST 分析');
+const ast = new ASTAnalyzer();
+const funcs = ast.extractFunctions(code);
+console.log('  函数列表:');
+funcs.forEach(f => console.log(`    - ${f.name}(${f.params.join(', ')})`));
+// Step 4: 调用链分析
+console.log('\n【Step 4】调用链分析');
+const call = new CallStackAnalyzer();
+const graph = call.buildCallGraph(code);
+console.log('  调用图:');
+for (const [func, calls] of graph) {
+  if (calls.length > 0) {
+    console.log(`    ${func} → ${calls.map(c => c.callee).join(', ')}`);
+  }
+}
+// Step 5: 加密分析
+console.log('\n【Step 5】加密分析');
+const enc = new EncryptionAnalyzer();
+const crypto = enc.analyze(code);
+console.log('  检测算法:', crypto.detectedAlgorithms.map(a => a.name).join(', ') || '无');
+console.log('  可疑函数:', crypto.suspiciousFunctions.length);
+// Step 6: 字符串提取
+console.log('\n【Step 6】字符串提取');
+const strings = ast.extractStrings(code);
+const keywords = strings.filter(s =>
+  /sign|key|secret|app|encrypt/i.test(s.value)
+);
+console.log('  总字符串:', strings.length);
+console.log('  关键字符串:', keywords.map(s => `"${s.value}"`).join(', '));
+// Step 7: 沙箱执行
+console.log('\n【Step 7】沙箱执行');
+const sandbox = new Sandbox();
+const result = await sandbox.execute(code, { timeout: 5000 });
+console.log('  执行状态:', result.success ? '✅ 成功' : '❌ 失败');
+console.log('  结果:', result.result);
+// Step 8: 存储结果
+console.log('\n【Step 8】存储分析结果');
+const store = new Store();
+store.save('analysis', 'v2_ob_advanced', {
+  obfuscator: deob.detectObfuscator(code),
+  functions: funcs.length,
+  crypto: crypto.detectedAlgorithms.map(a => a.name),
+  executed: result.success
+});
+console.log('  已保存到 Store');
+console.log('\n=== 流程测试完成 ===');

package/test/hooks.test.js ADDED Viewed

@@ -0,0 +1,138 @@
+/**
+ * DeepSpider Hook 系统测试
+ */
+import { HookBase } from '../src/env/HookBase.js';
+import { getDefaultHookScript } from '../src/browser/defaultHooks.js';
+console.log('=== DeepSpider Hook 系统测试 ===\n');
+// 测试 1: HookBase 代码生成
+console.log('【测试1】HookBase 代码生成');
+const baseCode = HookBase.getBaseCode();
+console.log('基础代码长度:', baseCode.length);
+console.log('包含 __deepspider__:', baseCode.includes('window.__deepspider__'));
+console.log('包含日志限制:', baseCode.includes('LOG_LIMIT'));
+console.log('包含配置管理:', baseCode.includes('getConfig'));
+console.log('');
+// 测试 2: 完整 Hook 脚本生成
+console.log('【测试2】完整 Hook 脚本生成');
+const fullScript = getDefaultHookScript();
+console.log('完整脚本长度:', fullScript.length);
+console.log('包含 XHR Hook:', fullScript.includes('XHR Hook'));
+console.log('包含 Fetch Hook:', fullScript.includes('Fetch Hook'));
+console.log('包含 Cookie Hook:', fullScript.includes('Cookie Hook'));
+console.log('包含 JSON Hook:', fullScript.includes('JSON Hook'));
+console.log('包含 Eval Hook:', fullScript.includes('Eval/Function Hook'));
+console.log('包含 Crypto Hook:', fullScript.includes('Crypto Hook'));
+console.log('包含 DOM Hook:', fullScript.includes('DOM Hook'));
+console.log('包含 Debugger Bypass:', fullScript.includes('debugger bypassed'));
+console.log('包含 Encoding Hook:', fullScript.includes('Encoding Hook'));
+console.log('包含 Storage Hook:', fullScript.includes('Storage Hook'));
+console.log('包含 WebSocket Hook:', fullScript.includes('WebSocket Hook'));
+console.log('包含 Web Crypto API:', fullScript.includes('WebCrypto'));
+console.log('包含 Canvas Hook:', fullScript.includes('Canvas Hook'));
+console.log('包含 Navigator Hook:', fullScript.includes('Navigator Hook'));
+console.log('包含 Webpack Hook:', fullScript.includes('Webpack Hook'));
+console.log('包含 Forge Hook:', fullScript.includes('Forge Hook'));
+console.log('包含 jsrsasign Hook:', fullScript.includes('jsrsasign Hook'));
+console.log('包含 Proxy Hook:', fullScript.includes('Proxy Hook'));
+console.log('包含 Error Stack Hook:', fullScript.includes('Error Stack Hook'));
+console.log('');
+// 测试 6: 验证新增 API
+console.log('【测试6】验证新增 API');
+const newAPIs = [
+  'searchLogs',
+  'traceValue',
+  'correlateParams',
+  'getRecentCrypto',
+  'getRecentRequests',
+  'exportLogs',
+  'recordPerf',
+  'getPerf',
+  'getCaller'
+];
+newAPIs.forEach(api => {
+  const found = fullScript.includes(api);
+  console.log(`  ${found ? '✓' : '✗'} ${api}`);
+});
+console.log('');
+// 测试 3: 验证 Hook 代码语法
+console.log('【测试3】验证 Hook 代码语法');
+try {
+  new Function(fullScript);
+  console.log('语法检查: 通过');
+} catch (e) {
+  console.error('语法检查: 失败 -', e.message);
+}
+console.log('');
+// 测试 4: 验证关键功能存在
+console.log('【测试4】验证关键功能');
+const features = [
+  { name: 'JSON.parse Hook', pattern: /JSON\.parse\s*=\s*deepspider\.native/ },
+  { name: 'JSON.stringify Hook', pattern: /JSON\.stringify\s*=\s*deepspider\.native/ },
+  { name: 'eval Hook', pattern: /window\.eval\s*=\s*deepspider\.native/ },
+  { name: 'Function Hook', pattern: /window\.Function\s*=\s*deepspider\.native/ },
+  { name: 'setTimeout 字符串检测', pattern: /typeof handler === 'string'/ },
+  { name: 'CryptoJS 即时 Hook', pattern: /watchGlobal\('CryptoJS'/ },
+  { name: 'DOM querySelector Hook', pattern: /m\.obj\[m\.name\]\s*=\s*deepspider\.native/ },
+  { name: 'debugger 绕过', pattern: /debugger bypassed/ },
+  { name: '日志限制', pattern: /logCounts\[countKey\].*config\.logLimit/ },
+];
+features.forEach(f => {
+  const found = f.pattern.test(fullScript);
+  console.log(`  ${found ? '✓' : '✗'} ${f.name}`);
+});
+console.log('');
+// 测试 5: 验证配置项
+console.log('【测试5】验证配置项');
+const configItems = [
+  'json', 'eval', 'crypto', 'cookie', 'xhr', 'fetch', 'dom', 'logLimit',
+  'captureStack', 'stackDepth', 'protectDescriptor', 'protectKeys',
+  'silent', 'logToConsole'
+];
+configItems.forEach(item => {
+  const found = fullScript.includes(`${item}:`);
+  console.log(`  ${found ? '✓' : '✗'} config.${item}`);
+});
+console.log('');
+// 测试 7: 验证反检测功能
+console.log('【测试7】验证反检测功能');
+const antiDetectFeatures = [
+  { name: 'toString 伪装', pattern: /hookedFns\.has\(this\)/ },
+  { name: 'getOwnPropertyDescriptor 保护', pattern: /Object\.getOwnPropertyDescriptor\s*=\s*function/ },
+  { name: 'Object.keys 保护', pattern: /Object\.keys\s*=\s*function/ },
+  { name: 'getOwnPropertyNames 保护', pattern: /Object\.getOwnPropertyNames\s*=\s*function/ },
+  { name: 'Error.stack 过滤', pattern: /__deepspider__|DeepSpider|deepspider\\.native/ },
+  { name: 'Proxy 监控', pattern: /Proxy\.create/ },
+];
+antiDetectFeatures.forEach(f => {
+  const found = f.pattern.test(fullScript);
+  console.log(`  ${found ? '✓' : '✗'} ${f.name}`);
+});
+console.log('');
+// 测试 8: 验证 Hook 管理 API
+console.log('【测试8】验证 Hook 管理 API');
+const hookMgmtAPIs = [
+  'registerHook',
+  'enableHook',
+  'disableHook',
+  'listHooks',
+  'injectHook',
+  'setHooks'
+];
+hookMgmtAPIs.forEach(api => {
+  const found = fullScript.includes(api);
+  console.log(`  ${found ? '✓' : '✗'} ${api}`);
+});
+console.log('');
+console.log('=== Hook 系统测试完成 ===');

package/test/plugin.test.js ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * Plugin 可用性测试
+ */
+import { allTools } from '../src/agent/tools/index.js';
+console.log('=== Plugin 工具验证 ===\n');
+console.log('【工具数量】', allTools.length, '个\n');
+// 验证每个工具
+let valid = 0;
+let invalid = 0;
+for (const tool of allTools) {
+  const hasName = !!tool.name;
+  const hasDesc = !!tool.description;
+  const hasSchema = !!tool.schema;
+  if (hasName && hasDesc && hasSchema) {
+    valid++;
+  } else {
+    invalid++;
+    console.log('❌', tool.name || 'unknown', '- 缺少必要属性');
+  }
+}
+console.log(`\n验证结果: ${valid} 个有效, ${invalid} 个无效`);
+if (invalid === 0) {
+  console.log('\n✅ 所有工具验证通过!');
+} else {
+  console.log('\n❌ 存在无效工具');
+  process.exit(1);
+}

package/test/refactor-full.test.js ADDED Viewed

@@ -0,0 +1,30 @@
+/**
+ * DeepSpider 完整重构测试
+ */
+import { allTools } from '../src/agent/tools/index.js';
+import { allSubagents } from '../src/agent/subagents/index.js';
+async function testTools() {
+  console.log('=== 测试工具导入 ===');
+  console.log('工具数量:', allTools.length);
+  console.log('工具列表:', allTools.map(t => t.name).join(', '));
+  console.log('');
+}
+async function testSubagents() {
+  console.log('=== 测试子代理 ===');
+  console.log('子代理数量:', allSubagents.length);
+  allSubagents.forEach(s => {
+    console.log(`- ${s.name}: ${s.tools?.length || 0} 个工具`);
+  });
+  console.log('');
+}
+async function main() {
+  await testTools();
+  await testSubagents();
+  console.log('完整重构测试通过!');
+}
+main().catch(console.error);

package/test/refactor.test.js ADDED Viewed

@@ -0,0 +1,21 @@
+/**
+ * DeepSpider 重构测试
+ */
+import { Store } from '../src/store/Store.js';
+async function testStore() {
+  console.log('=== 测试知识库 ===');
+  const store = new Store();
+  store.save('env', 'navigator', { code: 'test' });
+  const result = store.get('env', 'navigator');
+  console.log('存储成功:', result !== undefined);
+  console.log('知识库测试通过!\n');
+}
+async function main() {
+  await testStore();
+  console.log('重构基础测试通过!');
+}
+main().catch(console.error);