npm - deepspider - Versions diffs - 0.2.6 → 0.2.9 - Mend

deepspider 0.2.6 → 0.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/.trellis/spec/backend/ci-cd-guidelines.md +73 -0
package/.trellis/spec/backend/deepagents-guide.md +43 -0
package/.trellis/spec/backend/hook-guidelines.md +40 -0
package/.trellis/spec/backend/index.md +1 -0
package/.trellis/spec/backend/quality-guidelines.md +77 -0
package/.trellis/workspace/pony/index.md +3 -2
package/.trellis/workspace/pony/journal-1.md +64 -0
package/CLAUDE.md +23 -0
package/README.md +6 -0
package/package.json +3 -2
package/src/agent/prompts/system.js +63 -255
package/src/agent/run.js +48 -17
package/src/agent/skills/static-analysis/SKILL.md +120 -0
package/src/agent/tools/browser.js +99 -0
package/src/agent/tools/report.js +64 -14
package/src/agent/tools/runtime.js +6 -4
package/src/agent/tools/utils.js +0 -1
package/src/browser/defaultHooks.js +325 -27
package/src/browser/hooks/index.js +14 -18
package/src/browser/ui/analysisPanel.js +461 -388
package/src/env/HookBase.js +38 -18
package/src/browser/hooks/crypto.js +0 -55
package/src/browser/hooks/native.js +0 -9
package/src/browser/hooks/network.js +0 -33

package/src/env/HookBase.js CHANGED Viewed

@@ -152,15 +152,22 @@ export class HookBase {
       // 性能优化：可配置是否记录调用栈
       let stack = null;
+      let caller = null;
       if (config.captureStack) {
         const err = new Error();
         stack = err.stack;
+        // 解析调用栈，提取文件和行号信息
+        const parsed = window.__deepspider__.parseStack(stack, config.stackDepth);
+        if (parsed.length > 0) {
+          caller = parsed[0];  // 第一个有效调用位置
+        }
       }
       const entry = {
         ...data,
         timestamp: Date.now(),
         stack: stack,
+        caller: caller,  // 解析后的调用位置 { func, file, line, col }
         requestId: requestContext?.id || null
       };
@@ -181,7 +188,9 @@ export class HookBase {
           fetch: 'color: #9C27B0',
         };
         const color = colors[data.action] || colors[type] || 'color: #666';
-        console.log('%c[DeepSpider:' + type + ']', color, data.action || '', data);
+        // 显示调用位置
+        const loc = caller ? ' @ ' + (caller.file || '').split('/').pop() + ':' + caller.line : '';
+        console.log('%c[DeepSpider:' + type + ']' + loc, color, data.action || '', data);
       }
       return entry;
     },
@@ -190,30 +199,41 @@ export class HookBase {
     parseStack: function(stack, depth) {
       if (!stack) return [];
       const maxDepth = depth || config.stackDepth || 5;
-      // 过滤框架代码的关键词
-      const frameworkPatterns = [
+      // 过滤 Hook 框架和常见库的调用栈
+      const skipPatterns = [
+        /__deepspider__/,
+        /deepspider\\.native/,
+        /hookFunc|hooked|origEnc|origDec|original/i,
+        /^Error$/,
+        /at Object\\.log/,
+        /at Object\\.parseStack/,
         /react|vue|angular|jquery|lodash|axios/i,
         /node_modules/,
-        /webpack/,
-        /__deepspider__/
+        /^webpack:/,
+        /\\(native\\)/,
+        /<anonymous>:\\d+:\\d+$/
       ];
-      return stack.split('\\n').slice(2).map(function(line) {
-        const match = line.match(/at\\s+(.+?)\\s+\\((.+?):(\\d+):(\\d+)\\)/) ||
-                      line.match(/at\\s+(.+?):(\\d+):(\\d+)/);
+      return stack.split('\\n').slice(1).map(function(line) {
+        // Chrome/Node 格式: at funcName (file:line:col) 或 at file:line:col
+        let match = line.match(/at\\s+(.+?)\\s+\\((.+?):(\\d+):(\\d+)\\)/);
+        if (match) {
+          return { func: match[1], file: match[2], line: parseInt(match[3]), col: parseInt(match[4]) };
+        }
+        match = line.match(/at\\s+(.+?):(\\d+):(\\d+)/);
         if (match) {
-          return {
-            func: match[1] || 'anonymous',
-            file: match[2] || match[1],
-            line: parseInt(match[3] || match[2]),
-            col: parseInt(match[4] || match[3])
-          };
+          return { func: 'anonymous', file: match[1], line: parseInt(match[2]), col: parseInt(match[3]) };
         }
-        return { raw: line.trim() };
+        // Firefox 格式: funcName@file:line:col
+        match = line.match(/(.+?)@(.+?):(\\d+):(\\d+)/);
+        if (match) {
+          return { func: match[1] || 'anonymous', file: match[2], line: parseInt(match[3]), col: parseInt(match[4]) };
+        }
+        return null;
       }).filter(function(f) {
-        if (!f.func && !f.raw) return false;
-        const str = f.file || f.raw || '';
-        return !frameworkPatterns.some(p => p.test(str));
+        if (!f || !f.file) return false;
+        const str = f.func + ' ' + f.file;
+        return !skipPatterns.some(function(p) { return p.test(str); });
       }).slice(0, maxDepth);
     },

package/src/browser/hooks/crypto.js DELETED Viewed

@@ -1,55 +0,0 @@
-/**
- * DeepSpider - 加密库 Hook
- * 已废弃，请使用 src/env/CryptoHook.js
- */
-export const cryptoHook = `
-(function() {
-  const deepspider = window.__deepspider__;
-  if (!deepspider) return;
-  // Hook Function.prototype.apply (CryptoJS)
-  const _apply = Function.prototype.apply;
-  const applyHook = function() {
-    const result = _apply.call(this, ...arguments);
-    try {
-      if (arguments.length === 2 && arguments[1]?.[0]) {
-        const cfg = arguments[1][0];
-        if (cfg.ciphertext && cfg.key && cfg.algorithm) {
-          deepspider.log('crypto', {
-            algo: 'CryptoJS',
-            key: cfg.key?.toString?.() || '',
-            iv: cfg.iv?.toString?.() || '',
-            mode: cfg.mode?.name || 'unknown'
-          });
-        }
-      }
-    } catch (e) {}
-    return result;
-  };
-  Function.prototype.apply = deepspider.native(applyHook, _apply);
-  // Hook RSA
-  const _call = Function.prototype.call;
-  const callHook = function() {
-    const result = _call.call(this, ...arguments);
-    try {
-      const arg = arguments[0];
-      if (arg?.__proto__?.getPublicKey && arg?.__proto__?.encrypt) {
-        const proto = arg.__proto__.__proto__;
-        if (proto?.encrypt && !proto.__hooked__) {
-          proto.__hooked__ = true;
-          const _enc = proto.encrypt;
-          proto.encrypt = deepspider.native(function(data) {
-            const enc = _enc.call(this, data);
-            deepspider.log('crypto', { algo: 'RSA', data, encrypted: enc });
-            return enc;
-          }, _enc);
-        }
-      }
-    } catch (e) {}
-    return result;
-  };
-  Function.prototype.call = deepspider.native(callHook, _call);
-})();
-`;

package/src/browser/hooks/native.js DELETED Viewed

@@ -1,9 +0,0 @@
-/**
- * DeepSpider - Hook 反检测工具
- * 已废弃，请使用 src/env/HookBase.js
- */
-import { HookBase } from '../../env/HookBase.js';
-// 兼容旧代码
-export const nativeProtect = HookBase.getBaseCode();

package/src/browser/hooks/network.js DELETED Viewed

@@ -1,33 +0,0 @@
-/**
- * DeepSpider - 网络请求 Hook
- * 已废弃，请使用 src/env/NetworkHook.js
- */
-export const networkHook = `
-(function() {
-  const deepspider = window.__deepspider__;
-  if (!deepspider) return;
-  // Hook fetch
-  const _fetch = window.fetch;
-  window.fetch = deepspider.native(async function(url, options = {}) {
-    deepspider.log('fetch', { url, body: options.body });
-    return _fetch.call(this, url, options);
-  }, _fetch);
-  // Hook XHR
-  const _open = XMLHttpRequest.prototype.open;
-  const _send = XMLHttpRequest.prototype.send;
-  XMLHttpRequest.prototype.open = deepspider.native(function(method, url) {
-    this._url = url;
-    this._method = method;
-    return _open.apply(this, arguments);
-  }, _open);
-  XMLHttpRequest.prototype.send = deepspider.native(function(body) {
-    deepspider.log('xhr', { method: this._method, url: this._url, body });
-    return _send.apply(this, arguments);
-  }, _send);
-})();
-`;