deepspider 0.3.0 → 0.3.2

package/src/agent/tools/file.js

@@ -5,8 +5,8 @@
 
 import { z } from 'zod';
 import { tool } from '@langchain/core/tools';
-import { writeFileSync, readFileSync, existsSync, readdirSync, statSync } from 'fs';
-import { dirname, join, isAbsolute, relative } from 'path';
+import { writeFileSync, readFileSync, existsSync, readdirSync } from 'fs';
+import { dirname, join, isAbsolute, relative, resolve } from 'path';
 import { PATHS, ensureDir, DEEPSPIDER_HOME } from '../../config/paths.js';
 
 const OUTPUT_DIR = PATHS.OUTPUT_DIR;
@@ -17,15 +17,24 @@ function ensureFileDir(filePath) {
 }
 
 function getSafePath(filePath) {
+  let resolved;
   if (isAbsolute(filePath)) {
     // 如果是 ~/.deepspider/ 目录下的路径，直接使用
     if (filePath.startsWith(DEEPSPIDER_HOME)) {
-      return filePath;
+      resolved = filePath;
+    } else {
+      // 其他绝对路径：放到 OUTPUT_DIR 下
+      resolved = join(OUTPUT_DIR, filePath.replace(/^\/+/, ''));
     }
-    // 其他绝对路径：放到 OUTPUT_DIR 下
-    return join(OUTPUT_DIR, filePath.replace(/^\/+/, ''));
+  } else {
+    resolved = join(OUTPUT_DIR, filePath);
   }
-  return join(OUTPUT_DIR, filePath);
+  // 防止 ../ 穿越到 DEEPSPIDER_HOME 之外
+  const normalized = resolve(resolved);
+  if (!normalized.startsWith(DEEPSPIDER_HOME)) {
+    throw new Error(`路径不允许超出 ${DEEPSPIDER_HOME}: ${filePath}`);
+  }
+  return normalized;
 }
 
 export const artifactSave = tool(
@@ -186,7 +195,7 @@ function searchInFile(filePath, pattern, isRegex) {
       if (isRegex) regex.lastIndex = 0; // 重置正则
     }
     return matches;
-  } catch (e) {
+  } catch {
     return [];
   }
 }

package/src/agent/tools/generateHook.js

@@ -0,0 +1,66 @@
+/**
+ * DeepSpider - 统一 Hook 代码生成工具
+ * 合并 hookTools + cryptoHookTools + asyncTools + antiDebugTools
+ */
+
+import { z } from 'zod';
+import { tool } from '@langchain/core/tools';
+import { NetworkHook } from '../../env/NetworkHook.js';
+import { CookieHook } from '../../env/CookieHook.js';
+import { CryptoHook } from '../../env/CryptoHook.js';
+import { AsyncHook } from '../../env/AsyncHook.js';
+import { AntiAntiDebug } from '../../env/AntiAntiDebug.js';
+
+const networkHook = new NetworkHook();
+const cookieHook = new CookieHook();
+const cryptoHook = new CryptoHook();
+const asyncHook = new AsyncHook();
+const antiDebug = new AntiAntiDebug();
+
+const HOOK_TYPES = {
+  // 网络
+  xhr: { gen: () => networkHook.generateXHRHookCode({ captureBody: true, captureResponse: true }), usage: "getLogs('xhr')" },
+  fetch: { gen: () => networkHook.generateFetchHookCode({ captureBody: true, captureResponse: true }), usage: "getLogs('fetch')" },
+  cookie: { gen: () => cookieHook.generateCookieHookCode({ trackRead: true, trackWrite: true }), usage: "getLogs('cookie')" },
+  // 加密
+  cryptojs: { gen: () => cryptoHook.generateCryptoJSHookCode(), usage: "getLogs('crypto')" },
+  sm_crypto: { gen: () => cryptoHook.generateSMCryptoHookCode(), usage: "getLogs('crypto')" },
+  rsa: { gen: () => cryptoHook.generateRSAHookCode(), usage: "getLogs('crypto')" },
+  generic_crypto: { gen: () => cryptoHook.generateGenericCryptoHookCode(), usage: "getLogs('crypto')" },
+  // 异步
+  promise: { gen: () => asyncHook.generatePromiseHookCode(), usage: "getLogs('async')" },
+  timer: { gen: () => asyncHook.generateTimerHookCode(), usage: "getLogs('timer')" },
+  // 反反调试
+  anti_debugger: { gen: () => antiDebug.generateAntiDebuggerCode(), usage: '绕过无限 debugger' },
+  anti_console: { gen: () => antiDebug.generateAntiConsoleDetectCode(), usage: '绕过控制台检测' },
+  anti_cdp: { gen: () => antiDebug.generateAntiCDPDetectCode(), usage: '绕过 CDP 检测' },
+  anti_debug_full: { gen: () => antiDebug.generateFullAntiDebugCode(), usage: '完整反反调试（包含以上所有）' },
+};
+
+const typeEnum = /** @type {[string, ...string[]]} */ (Object.keys(HOOK_TYPES));
+
+export const generateHook = tool(
+  async ({ type }) => {
+    const entry = HOOK_TYPES[type];
+    if (!entry) {
+      return JSON.stringify({ success: false, error: `未知类型: ${type}，可选: ${typeEnum.join(', ')}` });
+    }
+    const code = entry.gen();
+    return JSON.stringify({ success: true, type, code, usage: entry.usage }, null, 2);
+  },
+  {
+    name: 'generate_hook',
+    description: `生成 Hook 代码。生成后需通过 inject_hook 注入浏览器。
+
+类型：
+- 网络: xhr, fetch, cookie
+- 加密: cryptojs（CryptoJS）, sm_crypto（国密）, rsa（JSEncrypt/node-forge）, generic_crypto（通用）
+- 异步: promise, timer
+- 反反调试: anti_debugger, anti_console, anti_cdp, anti_debug_full（完整）`,
+    schema: z.object({
+      type: z.enum(typeEnum).describe('Hook 类型'),
+    }),
+  }
+);
+
+export const generateHookTools = [generateHook];

package/src/agent/tools/hookManager.js

@@ -8,16 +8,28 @@ import { tool } from '@langchain/core/tools';
 import { getBrowser } from '../../browser/index.js';
 
 /**
- * 通过 CDP 执行 JS
+ * 通过 CDP 执行 JS（带超时保护）
  */
-async function evaluateViaCDP(browser, expression) {
+async function evaluateViaCDP(browser, expression, timeout = 5000) {
   const cdp = await browser.getCDPSession();
   if (!cdp) return null;
-  const result = await cdp.send('Runtime.evaluate', {
+
+  const evaluatePromise = cdp.send('Runtime.evaluate', {
     expression,
     returnByValue: true,
   });
-  return result.result?.value;
+
+  const timeoutPromise = new Promise((_, reject) =>
+    setTimeout(() => reject(new Error('CDP evaluate timeout')), timeout)
+  );
+
+  try {
+    const result = await Promise.race([evaluatePromise, timeoutPromise]);
+    return result.result?.value;
+  } catch (e) {
+    console.error('[evaluateViaCDP] 超时或错误:', e.message);
+    return null;
+  }
 }
 
 /**
@@ -115,14 +127,12 @@ export const injectHook = tool(
       if (!browser.getPage()) {
         return JSON.stringify({ success: false, error: '浏览器未就绪' });
       }
-      const escapedCode = code
-        .replace(/\\/g, '\\\\')
-        .replace(/'/g, "\\'")
-        .replace(/\n/g, '\\n');
+      // 用 JSON.stringify 安全转义，避免手动转义遗漏特殊字符
+      const safeCode = JSON.stringify(code);
 
       const result = await evaluateViaCDP(
         browser,
-        `JSON.stringify(window.__deepspider__?.injectHook?.('${escapedCode}'))`
+        `JSON.stringify(window.__deepspider__?.injectHook?.(${safeCode}))`
       );
       return result || JSON.stringify({ success: false, error: '注入失败' });
     } catch (e) {

package/src/agent/tools/index.js

@@ -11,9 +11,9 @@ export { patchTools, generatePatch, matchModule } from './patch.js';
 export { envTools, listEnvModules, loadEnvModule, loadAllEnvModules } from './env.js';
 export { profileTools, listProfiles, loadProfile, generateProfileCode } from './profile.js';
 export { runtimeTools, launchBrowser, navigateTo, browserClose, addInitScript, clearCookies } from './runtime.js';
-export { debugTools, setBreakpoint, setXHRBreakpoint, getCallStack, getFrameVariables, evaluateAtBreakpoint, resumeExecution, stepOver } from './debug.js';
+export { debugTools, setBreakpoint, setXHRBreakpoint, getCallStack, getFrameVariables, evaluateAtBreakpoint, resumeExecution, stepOver, getAgentLogs } from './debug.js';
 export { captureTools, collectEnv, collectProperty, autoFixEnv, getHookLogs } from './capture.js';
-export { browserTools, clickElement, fillInput, waitForSelector } from './browser.js';
+export { browserTools, clickElement, fillInput, waitForSelector, takeScreenshot, reloadPage, goBack, goForward, scrollPage, pressKey, hoverElement, getPageInfo, getPageSource, getElementHtml, getCookies, getInteractiveElements } from './browser.js';
 export { reportTools, saveAnalysisReport } from './report.js';
 export { webcrackTools, unpackBundle, analyzeBundle } from './webcrack.js';
 export { preprocessTools, preprocessCode } from './preprocess.js';
@@ -24,17 +24,22 @@ export { asyncTools, generatePromiseHook, generateTimerHook } from './async.js';
 export { antiDebugTools, generateAntiDebugger, generateAntiConsoleDetect, generateAntiCDP, generateFullAntiDebug } from './antidebug.js';
 export { verifyTools, verifyMD5, verifySHA256, verifyHMAC, verifyAES, identifyEncryption } from './verify.js';
 export { cryptoHookTools, generateCryptoJSHook, generateRSAHook } from './cryptohook.js';
-export { correlateTools, analyzeCorrelation, locateCryptoSource, analyzeHeaderEncryption, analyzeCookieEncryption, analyzeResponseDecryption } from './correlate.js';
+// 合并工具（reverse-agent 使用）
+export { generateHookTools, generateHook } from './generateHook.js';
+export { verifyAlgorithmTools, verifyAlgorithm } from './verifyAlgorithm.js';
+export { correlateTools, analyzeCorrelation, locateCryptoSource, analyzeHeaderEncryption, analyzeCookieEncryption, analyzeResponseDecryption, analyzeRequestParams } from './correlate.js';
 export { extractorTools, listFunctions, getFunctionCode } from './extractor.js';
-export { tracingTools, getSiteList, searchInResponses, getRequestDetail, getRequestList, getScriptList, getScriptSource, searchInScripts, clearSiteData, clearAllData } from './tracing.js';
+export { tracingTools, getSiteList, searchInResponses, getRequestDetail, getRequestList, getRequestInitiator, getScriptList, getScriptSource, searchInScripts, clearSiteData, clearAllData } from './tracing.js';
 export { analysisTools, getPendingAnalysis, getPendingChat, sendPanelMessage, startSelector } from './analysis.js';
 export { fileTools, artifactSave, artifactLoad, artifactEdit, artifactGlob, artifactGrep } from './file.js';
 export { evolveTools, evolveSkill } from './evolve.js';
 export { captchaTools } from './captcha.js';
 export { antiDetectTools } from './anti-detect.js';
 export { crawlerTools } from './crawler.js';
+export { crawlerGeneratorTools, generateCrawlerWithConfirm, delegateCrawlerGeneration } from './crawlerGenerator.js';
 export { nodejsTools, runNodeCode } from './nodejs.js';
 export { hookManagerTools, listHooks, enableHook, disableHook, injectHook, setHookConfig } from './hookManager.js';
+export { scratchpadTools, saveMemo, loadMemo, listMemo } from './scratchpad.js';
 // pythonTools 只在 js2python 子代理中使用，不导出到主工具集
 
 // 所有工具
@@ -62,15 +67,17 @@ import { verifyTools } from './verify.js';
 import { cryptoHookTools } from './cryptohook.js';
 import { correlateTools } from './correlate.js';
 import { extractorTools } from './extractor.js';
-import { tracingTools } from './tracing.js';
+import { tracingTools, getSiteList, getRequestList, searchInResponses, getRequestDetail, getRequestInitiator } from './tracing.js';
 import { analysisTools } from './analysis.js';
 import { fileTools } from './file.js';
 import { evolveTools } from './evolve.js';
 import { captchaTools } from './captcha.js';
 import { antiDetectTools } from './anti-detect.js';
 import { crawlerTools } from './crawler.js';
+import { crawlerGeneratorTools } from './crawlerGenerator.js';
 import { nodejsTools } from './nodejs.js';
 import { hookManagerTools } from './hookManager.js';
+import { scratchpadTools } from './scratchpad.js';
 
 export const allTools = [
   ...sandboxTools,
@@ -104,34 +111,40 @@ export const allTools = [
   ...captchaTools,
   ...antiDetectTools,
   ...crawlerTools,
+  ...crawlerGeneratorTools,
   ...nodejsTools,
   ...hookManagerTools,
+  ...scratchpadTools,
 ];
 
 /**
  * 主 Agent 核心工具
- * 只包含必要的运行时、交互和数据查询工具
- * pythonTools 只在 js2python 子代理中使用
+ * 职责：浏览器生命周期、简单页面交互、数据查询、委托调度
+ *
+ * 以下工具有意不包含在主 agent 中，由专属子代理持有：
+ * - hookManagerTools (inject_hook 等) → reverse-agent
+ * - captureTools (collect_env, get_hook_logs 等) → reverse-agent
+ * - sandboxTools → reverse-agent
+ * - debugTools → reverse-agent
+ * - 静态分析工具 → reverse-agent
  */
 export const coreTools = [
-  // 浏览器运行时
+  // 浏览器运行时（生命周期管理）
   ...runtimeTools,
-  // 页面交互
-  ...browserTools,
-  // 浏览器分析交互
+  // 浏览器分析面板交互
   ...analysisTools,
-  // 数据溯源查询
-  ...tracingTools,
-  // 沙箱执行（验证代码）
-  ...sandboxTools,
-  // Hook 日志
-  ...captureTools,
+  // 数据查询（仅调度所需的最小集：列表、搜索、详情、initiator）
+  getSiteList, getRequestList, searchInResponses, getRequestDetail, getRequestInitiator,
+  // 报告生成
+  ...reportTools,
   // 文件操作
   ...fileTools,
   // 经验进化
   ...evolveTools,
-  // Node.js 执行（支持 require）
+  // Node.js 执行（委托前快速验证假设）- 已添加网络请求防护
   ...nodejsTools,
-  // Hook 动态管理
-  ...hookManagerTools,
+  // 工作记忆
+  ...scratchpadTools,
+  // 爬虫代码生成（带 HITL 确认）
+  ...crawlerGeneratorTools,
 ];

package/src/agent/tools/nodejs.js

@@ -17,10 +17,19 @@ const PROJECT_ROOT = join(__dirname, '../../..');
 // 输出大小限制
 const MAX_OUTPUT_SIZE = 100000;
 
+// 超时上限（防止 LLM 传入过大值）
+const MAX_TIMEOUT = 30000;
+
+// 连续超时计数器
+let consecutiveTimeouts = 0;
+const MAX_CONSECUTIVE_TIMEOUTS = 3;
+
 /**
  * 执行 Node.js 代码
  */
 async function executeNode(code, timeout = 10000) {
+  const effectiveTimeout = Math.min(timeout, MAX_TIMEOUT);
+
   return new Promise((resolve) => {
     const proc = spawn('node', ['-e', code], {
       env: { ...process.env },
@@ -30,12 +39,17 @@ async function executeNode(code, timeout = 10000) {
     let stdout = '';
     let stderr = '';
     let killed = false;
+    let killTimer = null;
 
-    // 手动实现超时
+    // SIGTERM 超时
     const timer = setTimeout(() => {
       killed = true;
       proc.kill('SIGTERM');
-    }, timeout);
+      // SIGKILL 兜底：环境检测死循环可能忽略 SIGTERM
+      killTimer = setTimeout(() => {
+        try { proc.kill('SIGKILL'); } catch { /* already dead */ }
+      }, 2000);
+    }, effectiveTimeout);
 
     proc.stdout.on('data', (data) => {
       if (stdout.length < MAX_OUTPUT_SIZE) {
@@ -51,21 +65,25 @@ async function executeNode(code, timeout = 10000) {
 
     proc.on('close', (exitCode) => {
       clearTimeout(timer);
+      if (killTimer) clearTimeout(killTimer);
       resolve({
         success: !killed && exitCode === 0,
         stdout: stdout.trim(),
-        stderr: killed ? 'Timeout: process killed' : stderr.trim(),
+        stderr: killed ? `Timeout after ${effectiveTimeout}ms: process killed` : stderr.trim(),
         exitCode: killed ? -1 : exitCode,
+        timedOut: killed,
       });
     });
 
     proc.on('error', (err) => {
       clearTimeout(timer);
+      if (killTimer) clearTimeout(killTimer);
       resolve({
         success: false,
         stdout: '',
         stderr: err.message,
         exitCode: -1,
+        timedOut: false,
       });
     });
   });
@@ -76,8 +94,25 @@ async function executeNode(code, timeout = 10000) {
  */
 export const runNodeCode = tool(
   async ({ code, timeout }) => {
-    const result = await executeNode(code, timeout || 10000);
-    return JSON.stringify(result);
+    // 连续超时保护：降级为短超时探测，而非完全拒绝
+    const isBlocked = consecutiveTimeouts >= MAX_CONSECUTIVE_TIMEOUTS;
+    const effectiveTimeout = isBlocked ? 5000 : (timeout || 10000);
+    const result = await executeNode(code, effectiveTimeout);
+
+    // 更新连续超时计数
+    if (result.timedOut) {
+      consecutiveTimeouts++;
+      if (consecutiveTimeouts >= MAX_CONSECUTIVE_TIMEOUTS) {
+        result.stderr += `\n\n⚠️ 已连续超时 ${consecutiveTimeouts} 次，后续调用将降级为 5s 短超时。代码很可能存在死循环或触发了环境检测。请停止重试相同逻辑，改用 sandbox_execute（沙箱执行）、断点调试或静态分析。`;
+      } else {
+        result.stderr += `\n\n⚠️ 连续超时 ${consecutiveTimeouts}/${MAX_CONSECUTIVE_TIMEOUTS} 次。如果代码包含从网站提取的混淆代码，可能存在环境检测导致死循环。建议：1) 检查代码是否有 while(true)/setInterval 等循环 2) 改用 sandbox_execute 在受控环境中执行`;
+      }
+    } else {
+      consecutiveTimeouts = 0; // 成功执行或非超时失败，重置计数
+    }
+
+    const { timedOut: _, ...output } = result;
+    return JSON.stringify(output);
   },
   {
     name: 'run_node_code',
@@ -93,7 +128,7 @@ export const runNodeCode = tool(
 示例：const CryptoJS = require('crypto-js'); console.log(CryptoJS.MD5('test').toString());`,
     schema: z.object({
       code: z.string().describe('要执行的 JS 代码，可使用 require 引入加密库'),
-      timeout: z.number().optional().default(10000).describe('超时时间（毫秒）'),
+      timeout: z.number().optional().default(10000).describe('超时时间（毫秒），上限 30000'),
     }),
   }
 );

package/src/agent/tools/python.js

@@ -53,7 +53,7 @@ async function executePython(code, timeout = 10000) {
  * 生成 Python 验证代码
  */
 function generateVerifyCode(algorithm, params) {
-  const { plaintext, ciphertext, key, iv, mode, format, hmacKey, digestmod } = params;
+  const { plaintext, ciphertext, key, iv, _mode, format, hmacKey, digestmod } = params;
 
   const templates = {
     // AES
@@ -223,7 +223,7 @@ print('MATCH' if result == expected else f'MISMATCH: got {result}')
  * 生成可复用的 Python 代码片段
  */
 function generatePythonSnippet(algorithm, params) {
-  const { key, iv, mode, format, hmacKey, digestmod } = params;
+  const { key, iv, _mode, _format, hmacKey, digestmod } = params;
 
   const snippets = {
     'AES-CBC': `
@@ -488,7 +488,7 @@ export const executePythonCode = tool(
 export const generateExecjsCode = tool(
   async ({ jsCode, functionName, description }) => {
     // 转义 JS 代码中的特殊字符
-    const escapedJs = jsCode
+    const _escapedJs = jsCode
       .replace(/\\/g, '\\\\')
       .replace(/"""/g, '\\"\\"\\"')
       .replace(/\n/g, '\\n');
@@ -539,7 +539,7 @@ def ${functionName || 'execute_js'}(*args):
  * 分析 JS 代码，判断转换策略
  */
 export const analyzeJsForPython = tool(
-  async ({ jsCode, cryptoPatterns }) => {
+  async ({ jsCode, cryptoPatterns: _cryptoPatterns }) => {
     const analysis = {
       canPureRewrite: true,
       reasons: [],

package/src/agent/tools/report.js

@@ -7,8 +7,8 @@
 import { z } from 'zod';
 import { tool } from '@langchain/core/tools';
 import { writeFileSync, readFileSync, existsSync } from 'fs';
-import { join, basename } from 'path';
-import { PATHS, ensureDir, DEEPSPIDER_HOME } from '../../config/paths.js';
+import { join } from 'path';
+import { PATHS, ensureDir } from '../../config/paths.js';
 
 const OUTPUT_DIR = PATHS.REPORTS_DIR;
 

package/src/agent/tools/runtime.js

@@ -110,7 +110,7 @@ export const addInitScript = tool(
  * 清除 Cookie
  */
 export const clearCookies = tool(
-  async ({ domain }) => {
+  async ({ domain: _domain }) => {
     const browser = await getBrowser();
     const context = browser.getContext();
     await context.clearCookies();

package/src/agent/tools/sandbox.js

@@ -76,4 +76,24 @@ export const sandboxReset = tool(
   }
 );
 
-export const sandboxTools = [sandboxExecute, sandboxInject, sandboxReset];
+/**
+ * 自动补环境执行工具
+ */
+export const sandboxAutoFix = tool(
+  async ({ code, timeout, maxIterations }) => {
+    const sb = await getSandbox();
+    const result = await sb.executeWithAutoFix(code, { timeout, maxIterations });
+    return JSON.stringify(result, null, 2);
+  },
+  {
+    name: 'sandbox_auto_fix',
+    description: '自动补环境闭环执行：加载预置模块 → 执行代码 → 发现缺失环境 → 自动生成补丁 → 重试，直到成功或无法继续。适合快速验证混淆代码能否在沙箱中运行。',
+    schema: z.object({
+      code: z.string().describe('要执行的目标JS代码'),
+      timeout: z.number().optional().default(5000).describe('单次执行超时时间(ms)'),
+      maxIterations: z.number().optional().default(10).describe('最大迭代次数'),
+    }),
+  }
+);
+
+export const sandboxTools = [sandboxExecute, sandboxInject, sandboxReset, sandboxAutoFix];

package/src/agent/tools/scratchpad.js

@@ -0,0 +1,70 @@
+/**
+ * DeepSpider - 工作记忆工具（Scratchpad）
+ * 保存/读取关键发现，防止多步推理中丢失上下文
+ */
+
+import { z } from 'zod';
+import { tool } from '@langchain/core/tools';
+import { writeFileSync, readFileSync, existsSync, readdirSync } from 'fs';
+import { join } from 'path';
+import { DEEPSPIDER_HOME, ensureDir } from '../../config/paths.js';
+
+const MEMO_DIR = join(DEEPSPIDER_HOME, 'memo');
+
+/** 清理 key：只保留字母、数字、连字符、下划线，防止路径穿越 */
+function sanitizeKey(key) {
+  return key.replace(/[^a-zA-Z0-9_-]/g, '_').slice(0, 100);
+}
+
+export const saveMemo = tool(
+  async ({ key, content }) => {
+    ensureDir(MEMO_DIR);
+    const safeKey = sanitizeKey(key);
+    const filePath = join(MEMO_DIR, `${safeKey}.txt`);
+    writeFileSync(filePath, content, 'utf-8');
+    return JSON.stringify({ success: true, key: safeKey, size: content.length });
+  },
+  {
+    name: 'save_memo',
+    description: '保存工作记忆。用于记录关键发现、中间结果、待验证假设等，防止多步推理中丢失上下文',
+    schema: z.object({
+      key: z.string().describe('记忆键名，如 "encryption-analysis"、"key-source"'),
+      content: z.string().describe('要保存的内容'),
+    }),
+  }
+);
+
+export const loadMemo = tool(
+  async ({ key }) => {
+    const safeKey = sanitizeKey(key);
+    const filePath = join(MEMO_DIR, `${safeKey}.txt`);
+    if (!existsSync(filePath)) {
+      return JSON.stringify({ success: false, error: `memo "${safeKey}" not found` });
+    }
+    const content = readFileSync(filePath, 'utf-8');
+    return JSON.stringify({ success: true, key: safeKey, content });
+  },
+  {
+    name: 'load_memo',
+    description: '读取之前保存的工作记忆',
+    schema: z.object({
+      key: z.string().describe('记忆键名'),
+    }),
+  }
+);
+
+export const listMemo = tool(
+  async () => {
+    ensureDir(MEMO_DIR);
+    const files = readdirSync(MEMO_DIR).filter(f => f.endsWith('.txt'));
+    const memos = files.map(f => f.replace('.txt', ''));
+    return JSON.stringify({ success: true, memos, count: memos.length });
+  },
+  {
+    name: 'list_memo',
+    description: '列出所有已保存的工作记忆',
+    schema: z.object({}),
+  }
+);
+
+export const scratchpadTools = [saveMemo, loadMemo, listMemo];

package/src/agent/tools/tracing.js

@@ -188,11 +188,37 @@ export const clearAllData = tool(
   }
 );
 
+/**
+ * 获取请求的 initiator（调用栈）
+ */
+export const getRequestInitiator = tool(
+  async ({ site, id }) => {
+    const store = getDataStore();
+    const result = await store.getResponse(site, id);
+    if (!result) {
+      return JSON.stringify({ error: '未找到该请求' });
+    }
+    if (!result.initiator) {
+      return JSON.stringify({ error: '该请求无 initiator 信息（可能是旧数据或浏览器内部请求）' });
+    }
+    return JSON.stringify(result.initiator, null, 2);
+  },
+  {
+    name: 'get_request_initiator',
+    description: '获取发起该请求的 JS 代码位置（脚本URL + 行号 + 函数名）。返回调用栈的前5帧。用于从目标请求反向定位加密函数入口，是逆向分析的第一步。',
+    schema: z.object({
+      site: z.string().describe('站点 hostname'),
+      id: z.string().describe('请求 ID'),
+    }),
+  }
+);
+
 export const tracingTools = [
   getSiteList,
   searchInResponses,
   getRequestDetail,
   getRequestList,
+  getRequestInitiator,
   getScriptList,
   getScriptSource,
   searchInScripts,