deepspider 0.3.1 → 0.4.0

package/src/agent/tools/crawlerGenerator.js

@@ -0,0 +1,90 @@
+/**
+ * DeepSpider - 爬虫代码生成工具
+ * 通过 LangGraph interrupt 机制实现面板交互式选择
+ */
+
+import { z } from 'zod';
+import { tool } from '@langchain/core/tools';
+import { interrupt } from '@langchain/langgraph';
+
+/**
+ * 请求用户选择爬虫框架并生成代码
+ * interrupt payload 遵循统一协议，StreamHandler 自动渲染到面板
+ */
+export const generateCrawlerWithConfirm = tool(
+  async ({ analysisSummary, domain }) => {
+    const userChoice = interrupt({
+      type: 'choices',
+      question: '分析完成！选择爬虫框架生成完整脚本：',
+      options: [
+        { id: 'requests', label: 'requests', description: '简单易用，适合快速原型' },
+        { id: 'httpx', label: 'httpx', description: '异步高性能，适合大规模并发' },
+        { id: 'scrapy', label: 'Scrapy', description: '企业级框架，适合复杂项目' },
+        { id: 'skip', label: '不需要', description: '仅保存当前分析结果' },
+      ],
+    });
+
+    return JSON.stringify({
+      success: true,
+      framework: userChoice,
+      domain,
+      message: userChoice === '不需要'
+        ? '用户选择不生成爬虫脚本'
+        : `用户选择使用 ${userChoice} 框架生成爬虫`,
+    });
+  },
+  {
+    name: 'generate_crawler_code',
+    description: `分析完成后，向用户展示可点击的框架选项（requests/httpx/Scrapy/不需要）。
+
+用户点击后，工具返回用户选择的框架名称。根据返回值委托 crawler 子代理生成代码。`,
+    schema: z.object({
+      analysisSummary: z.string().describe('分析结果摘要'),
+      domain: z.string().describe('目标网站域名'),
+    }),
+  }
+);
+
+/**
+ * 根据用户选择的框架委托 crawler 子代理生成代码
+ */
+export const delegateCrawlerGeneration = tool(
+  async ({ framework, config, domain }) => {
+    return JSON.stringify({
+      success: true,
+      ready: true,
+      framework,
+      config,
+      domain,
+      message: `准备使用 ${framework} 框架生成爬虫，请调用 task 工具委托 crawler 子代理`,
+    });
+  },
+  {
+    name: 'delegate_crawler_generation',
+    description: '准备参数，委托 crawler 子代理生成特定框架的爬虫代码',
+    schema: z.object({
+      framework: z.enum(['requests', 'httpx', 'scrapy']).describe('用户选择的爬虫框架'),
+      config: z.object({
+        url: z.string(),
+        stages: z.array(z.object({
+          name: z.string(),
+          fields: z.array(z.object({
+            name: z.string(),
+            xpath: z.string(),
+            type: z.string(),
+          })),
+          entry: z.string().optional().describe('入口 URL 或选择器'),
+          pagination: z.string().optional().describe('分页选择器或 URL 模式'),
+        })),
+      }).describe('爬虫配置'),
+      domain: z.string().describe('目标网站域名'),
+    }),
+  }
+);
+
+export const crawlerGeneratorTools = [
+  generateCrawlerWithConfirm,
+  delegateCrawlerGeneration,
+];
+
+export default crawlerGeneratorTools;

package/src/agent/tools/debug.js

@@ -6,6 +6,7 @@ import { z } from 'zod';
 import { tool } from '@langchain/core/tools';
 import { getBrowser } from '../../browser/index.js';
 import { CDPSession } from '../../browser/cdp.js';
+import { logStore } from '../logger.js';
 
 let cdpSession = null;
 let isPaused = false;
@@ -19,18 +20,26 @@ async function getSession() {
     const browser = await getBrowser();
     cdpSession = await CDPSession.fromBrowser(browser);
 
-    // 监听暂停事件
+    // 过滤反调试 debugger 语句的噪音：只在命中我们设的断点时打日志
+    let lastPauseIsBreakpoint = false;
+
     cdpSession.on('Debugger.paused', (params) => {
-      isPaused = true;
-      currentCallFrames = params.callFrames || [];
-      console.log('[debug] Debugger paused, callFrames:', currentCallFrames.length);
+      lastPauseIsBreakpoint = params.reason === 'breakpoint' || params.hitBreakpoints?.length > 0;
+      if (lastPauseIsBreakpoint) {
+        isPaused = true;
+        currentCallFrames = params.callFrames || [];
+        const top = currentCallFrames[0];
+        const func = top?.functionName || '(anonymous)';
+        const url = top?.url?.split('/').pop() || top?.url || '?';
+        const line = top?.location?.lineNumber ?? '?';
+        console.log(`[debug] Breakpoint hit: ${func} @ ${url}:${line}`);
+      }
     });
 
-    // 监听恢复事件
     cdpSession.on('Debugger.resumed', () => {
       isPaused = false;
       currentCallFrames = [];
-      console.log('[debug] Debugger resumed');
+      lastPauseIsBreakpoint = false;
     });
   }
   return cdpSession;
@@ -235,6 +244,33 @@ export const stepOver = tool(
   }
 );
 
+/**
+ * 查询 Agent 执行日志
+ */
+export const getAgentLogs = tool(
+  async ({ category, level, limit, toolName }) => {
+    if (category === 'stats') {
+      return JSON.stringify(logStore.getStats(), null, 2);
+    }
+    const logs = logStore.query({ category, level, limit, toolName });
+    return JSON.stringify(logs, null, 2);
+  },
+  {
+    name: 'get_agent_logs',
+    description: '获取当前 Agent 会话的执行日志，包括 LLM 调用、工具调用、错误等。用于调试和分析 Agent 执行过程。category=stats 可获取统计概览。',
+    schema: z.object({
+      category: z.enum(['LLM', 'TOOL', 'CHAIN', 'AGENT', 'stats']).optional()
+        .describe('日志类别：LLM/TOOL/CHAIN/AGENT，或 stats 获取统计'),
+      level: z.enum(['INFO', 'DEBUG', 'ERROR']).optional()
+        .describe('日志级别'),
+      limit: z.number().optional().default(50)
+        .describe('返回条数（默认50，最近的N条）'),
+      toolName: z.string().optional()
+        .describe('按工具名过滤（仅 TOOL 类别有效）'),
+    }),
+  }
+);
+
 export const debugTools = [
   setBreakpoint,
   setXHRBreakpoint,
@@ -243,4 +279,5 @@ export const debugTools = [
   evaluateAtBreakpoint,
   resumeExecution,
   stepOver,
+  getAgentLogs,
 ];

package/src/agent/tools/evolve.js

@@ -23,6 +23,9 @@ function getSkillPath(skillName) {
     'sandbox': SKILLS.sandbox,
     'env': SKILLS.env,
     'js2python': SKILLS.js2python,
+    'crawler': SKILLS.crawler,
+    'captcha': SKILLS.captcha,
+    'anti-detect': SKILLS.antiDetect,
     'report': SKILLS.report,
     'general': SKILLS.general,
   };
@@ -83,7 +86,7 @@ export const evolveSkill = tool(
     if (!skillInfo) {
       return JSON.stringify({
         success: false,
-        error: `未知的 skill: ${skill}。可用: static-analysis, dynamic-analysis, sandbox, env, js2python, report, general。或使用 new:<name> 创建新 skill。`
+        error: `未知的 skill: ${skill}。可用: static-analysis, dynamic-analysis, sandbox, env, js2python, crawler, captcha, anti-detect, report, general。或使用 new:<name> 创建新 skill。`
       });
     }
 
@@ -152,7 +155,7 @@ export const evolveSkill = tool(
     name: 'evolve_skill',
     description: '记录分析过程中学到的经验。支持现有 skill 或 new:<name> 创建新 skill',
     schema: z.object({
-      skill: z.string().describe('目标 skill: static-analysis, dynamic-analysis, sandbox, env, js2python, report, general，或 new:<name> 创建新 skill'),
+      skill: z.string().describe('目标 skill: static-analysis, dynamic-analysis, sandbox, env, js2python, crawler, captcha, anti-detect, report, general，或 new:<name> 创建新 skill'),
       title: z.string().describe('经验标题，简短描述'),
       scenario: z.string().describe('具体场景/案例'),
       insight: z.string().describe('一句话总结经验'),

package/src/agent/tools/extractor.js

@@ -34,16 +34,20 @@ export const listFunctions = tool(
  */
 export const getFunctionCode = tool(
   async ({ code, funcName }) => {
+    // buildDependencyGraph 先调用，extractSlice 内部会复用 this.ast 缓存
+    const graph = astAnalyzer.buildDependencyGraph(code);
+    const deps = graph.get(funcName) || [];
     const slice = astAnalyzer.extractSlice(code, funcName);
     return JSON.stringify({
       funcName,
       found: !!slice,
       code: slice || '未找到该函数',
+      dependencies: deps,
     }, null, 2);
   },
   {
     name: 'get_function_code',
-    description: '获取指定函数的代码片段',
+    description: '提取指定函数的完整代码（含递归依赖函数和全局变量）。返回可独立运行的代码片段 + 依赖函数列表',
     schema: z.object({
       code: z.string().describe('源代码'),
       funcName: z.string().describe('函数名'),

package/src/agent/tools/file.js

@@ -6,7 +6,7 @@
 import { z } from 'zod';
 import { tool } from '@langchain/core/tools';
 import { writeFileSync, readFileSync, existsSync, readdirSync } from 'fs';
-import { dirname, join, isAbsolute, relative } from 'path';
+import { dirname, join, isAbsolute, relative, resolve } from 'path';
 import { PATHS, ensureDir, DEEPSPIDER_HOME } from '../../config/paths.js';
 
 const OUTPUT_DIR = PATHS.OUTPUT_DIR;
@@ -17,15 +17,24 @@ function ensureFileDir(filePath) {
 }
 
 function getSafePath(filePath) {
+  let resolved;
   if (isAbsolute(filePath)) {
     // 如果是 ~/.deepspider/ 目录下的路径，直接使用
     if (filePath.startsWith(DEEPSPIDER_HOME)) {
-      return filePath;
+      resolved = filePath;
+    } else {
+      // 其他绝对路径：放到 OUTPUT_DIR 下
+      resolved = join(OUTPUT_DIR, filePath.replace(/^\/+/, ''));
     }
-    // 其他绝对路径：放到 OUTPUT_DIR 下
-    return join(OUTPUT_DIR, filePath.replace(/^\/+/, ''));
+  } else {
+    resolved = join(OUTPUT_DIR, filePath);
   }
-  return join(OUTPUT_DIR, filePath);
+  // 防止 ../ 穿越到 DEEPSPIDER_HOME 之外
+  const normalized = resolve(resolved);
+  if (!normalized.startsWith(DEEPSPIDER_HOME)) {
+    throw new Error(`路径不允许超出 ${DEEPSPIDER_HOME}: ${filePath}`);
+  }
+  return normalized;
 }
 
 export const artifactSave = tool(

package/src/agent/tools/generateHook.js

@@ -0,0 +1,66 @@
+/**
+ * DeepSpider - 统一 Hook 代码生成工具
+ * 合并 hookTools + cryptoHookTools + asyncTools + antiDebugTools
+ */
+
+import { z } from 'zod';
+import { tool } from '@langchain/core/tools';
+import { NetworkHook } from '../../env/NetworkHook.js';
+import { CookieHook } from '../../env/CookieHook.js';
+import { CryptoHook } from '../../env/CryptoHook.js';
+import { AsyncHook } from '../../env/AsyncHook.js';
+import { AntiAntiDebug } from '../../env/AntiAntiDebug.js';
+
+const networkHook = new NetworkHook();
+const cookieHook = new CookieHook();
+const cryptoHook = new CryptoHook();
+const asyncHook = new AsyncHook();
+const antiDebug = new AntiAntiDebug();
+
+const HOOK_TYPES = {
+  // 网络
+  xhr: { gen: () => networkHook.generateXHRHookCode({ captureBody: true, captureResponse: true }), usage: "getLogs('xhr')" },
+  fetch: { gen: () => networkHook.generateFetchHookCode({ captureBody: true, captureResponse: true }), usage: "getLogs('fetch')" },
+  cookie: { gen: () => cookieHook.generateCookieHookCode({ trackRead: true, trackWrite: true }), usage: "getLogs('cookie')" },
+  // 加密
+  cryptojs: { gen: () => cryptoHook.generateCryptoJSHookCode(), usage: "getLogs('crypto')" },
+  sm_crypto: { gen: () => cryptoHook.generateSMCryptoHookCode(), usage: "getLogs('crypto')" },
+  rsa: { gen: () => cryptoHook.generateRSAHookCode(), usage: "getLogs('crypto')" },
+  generic_crypto: { gen: () => cryptoHook.generateGenericCryptoHookCode(), usage: "getLogs('crypto')" },
+  // 异步
+  promise: { gen: () => asyncHook.generatePromiseHookCode(), usage: "getLogs('async')" },
+  timer: { gen: () => asyncHook.generateTimerHookCode(), usage: "getLogs('timer')" },
+  // 反反调试
+  anti_debugger: { gen: () => antiDebug.generateAntiDebuggerCode(), usage: '绕过无限 debugger' },
+  anti_console: { gen: () => antiDebug.generateAntiConsoleDetectCode(), usage: '绕过控制台检测' },
+  anti_cdp: { gen: () => antiDebug.generateAntiCDPDetectCode(), usage: '绕过 CDP 检测' },
+  anti_debug_full: { gen: () => antiDebug.generateFullAntiDebugCode(), usage: '完整反反调试（包含以上所有）' },
+};
+
+const typeEnum = /** @type {[string, ...string[]]} */ (Object.keys(HOOK_TYPES));
+
+export const generateHook = tool(
+  async ({ type }) => {
+    const entry = HOOK_TYPES[type];
+    if (!entry) {
+      return JSON.stringify({ success: false, error: `未知类型: ${type}，可选: ${typeEnum.join(', ')}` });
+    }
+    const code = entry.gen();
+    return JSON.stringify({ success: true, type, code, usage: entry.usage }, null, 2);
+  },
+  {
+    name: 'generate_hook',
+    description: `生成 Hook 代码。生成后需通过 inject_hook 注入浏览器。
+
+类型：
+- 网络: xhr, fetch, cookie
+- 加密: cryptojs（CryptoJS）, sm_crypto（国密）, rsa（JSEncrypt/node-forge）, generic_crypto（通用）
+- 异步: promise, timer
+- 反反调试: anti_debugger, anti_console, anti_cdp, anti_debug_full（完整）`,
+    schema: z.object({
+      type: z.enum(typeEnum).describe('Hook 类型'),
+    }),
+  }
+);
+
+export const generateHookTools = [generateHook];

package/src/agent/tools/hookManager.js

@@ -8,16 +8,28 @@ import { tool } from '@langchain/core/tools';
 import { getBrowser } from '../../browser/index.js';
 
 /**
- * 通过 CDP 执行 JS
+ * 通过 CDP 执行 JS（带超时保护）
  */
-async function evaluateViaCDP(browser, expression) {
+async function evaluateViaCDP(browser, expression, timeout = 5000) {
   const cdp = await browser.getCDPSession();
   if (!cdp) return null;
-  const result = await cdp.send('Runtime.evaluate', {
+
+  const evaluatePromise = cdp.send('Runtime.evaluate', {
     expression,
     returnByValue: true,
   });
-  return result.result?.value;
+
+  const timeoutPromise = new Promise((_, reject) =>
+    setTimeout(() => reject(new Error('CDP evaluate timeout')), timeout)
+  );
+
+  try {
+    const result = await Promise.race([evaluatePromise, timeoutPromise]);
+    return result.result?.value;
+  } catch (e) {
+    console.error('[evaluateViaCDP] 超时或错误:', e.message);
+    return null;
+  }
 }
 
 /**
@@ -115,14 +127,12 @@ export const injectHook = tool(
       if (!browser.getPage()) {
         return JSON.stringify({ success: false, error: '浏览器未就绪' });
       }
-      const escapedCode = code
-        .replace(/\\/g, '\\\\')
-        .replace(/'/g, "\\'")
-        .replace(/\n/g, '\\n');
+      // 用 JSON.stringify 安全转义，避免手动转义遗漏特殊字符
+      const safeCode = JSON.stringify(code);
 
       const result = await evaluateViaCDP(
         browser,
-        `JSON.stringify(window.__deepspider__?.injectHook?.('${escapedCode}'))`
+        `JSON.stringify(window.__deepspider__?.injectHook?.(${safeCode}))`
       );
       return result || JSON.stringify({ success: false, error: '注入失败' });
     } catch (e) {

package/src/agent/tools/index.js

@@ -11,9 +11,9 @@ export { patchTools, generatePatch, matchModule } from './patch.js';
 export { envTools, listEnvModules, loadEnvModule, loadAllEnvModules } from './env.js';
 export { profileTools, listProfiles, loadProfile, generateProfileCode } from './profile.js';
 export { runtimeTools, launchBrowser, navigateTo, browserClose, addInitScript, clearCookies } from './runtime.js';
-export { debugTools, setBreakpoint, setXHRBreakpoint, getCallStack, getFrameVariables, evaluateAtBreakpoint, resumeExecution, stepOver } from './debug.js';
+export { debugTools, setBreakpoint, setXHRBreakpoint, getCallStack, getFrameVariables, evaluateAtBreakpoint, resumeExecution, stepOver, getAgentLogs } from './debug.js';
 export { captureTools, collectEnv, collectProperty, autoFixEnv, getHookLogs } from './capture.js';
-export { browserTools, clickElement, fillInput, waitForSelector } from './browser.js';
+export { browserTools, clickElement, fillInput, waitForSelector, takeScreenshot, reloadPage, goBack, goForward, scrollPage, pressKey, hoverElement, getPageInfo, getPageSource, getElementHtml, getCookies, getInteractiveElements } from './browser.js';
 export { reportTools, saveAnalysisReport } from './report.js';
 export { webcrackTools, unpackBundle, analyzeBundle } from './webcrack.js';
 export { preprocessTools, preprocessCode } from './preprocess.js';
@@ -24,17 +24,22 @@ export { asyncTools, generatePromiseHook, generateTimerHook } from './async.js';
 export { antiDebugTools, generateAntiDebugger, generateAntiConsoleDetect, generateAntiCDP, generateFullAntiDebug } from './antidebug.js';
 export { verifyTools, verifyMD5, verifySHA256, verifyHMAC, verifyAES, identifyEncryption } from './verify.js';
 export { cryptoHookTools, generateCryptoJSHook, generateRSAHook } from './cryptohook.js';
-export { correlateTools, analyzeCorrelation, locateCryptoSource, analyzeHeaderEncryption, analyzeCookieEncryption, analyzeResponseDecryption } from './correlate.js';
+// 合并工具（reverse-agent 使用）
+export { generateHookTools, generateHook } from './generateHook.js';
+export { verifyAlgorithmTools, verifyAlgorithm } from './verifyAlgorithm.js';
+export { correlateTools, analyzeCorrelation, locateCryptoSource, analyzeHeaderEncryption, analyzeCookieEncryption, analyzeResponseDecryption, analyzeRequestParams } from './correlate.js';
 export { extractorTools, listFunctions, getFunctionCode } from './extractor.js';
-export { tracingTools, getSiteList, searchInResponses, getRequestDetail, getRequestList, getScriptList, getScriptSource, searchInScripts, clearSiteData, clearAllData } from './tracing.js';
+export { tracingTools, getSiteList, searchInResponses, getRequestDetail, getRequestList, getRequestInitiator, getScriptList, getScriptSource, searchInScripts, clearSiteData, clearAllData } from './tracing.js';
 export { analysisTools, getPendingAnalysis, getPendingChat, sendPanelMessage, startSelector } from './analysis.js';
 export { fileTools, artifactSave, artifactLoad, artifactEdit, artifactGlob, artifactGrep } from './file.js';
 export { evolveTools, evolveSkill } from './evolve.js';
 export { captchaTools } from './captcha.js';
 export { antiDetectTools } from './anti-detect.js';
 export { crawlerTools } from './crawler.js';
+export { crawlerGeneratorTools, generateCrawlerWithConfirm, delegateCrawlerGeneration } from './crawlerGenerator.js';
 export { nodejsTools, runNodeCode } from './nodejs.js';
 export { hookManagerTools, listHooks, enableHook, disableHook, injectHook, setHookConfig } from './hookManager.js';
+export { scratchpadTools, saveMemo, loadMemo, listMemo } from './scratchpad.js';
 // pythonTools 只在 js2python 子代理中使用，不导出到主工具集
 
 // 所有工具
@@ -49,7 +54,7 @@ import { profileTools } from './profile.js';
 import { runtimeTools } from './runtime.js';
 import { debugTools } from './debug.js';
 import { captureTools } from './capture.js';
-import { browserTools } from './browser.js';
+import { browserTools, clickElement, scrollPage, fillInput, getInteractiveElements, getPageInfo, hoverElement, pressKey } from './browser.js';
 import { reportTools } from './report.js';
 import { webcrackTools } from './webcrack.js';
 import { preprocessTools } from './preprocess.js';
@@ -62,15 +67,17 @@ import { verifyTools } from './verify.js';
 import { cryptoHookTools } from './cryptohook.js';
 import { correlateTools } from './correlate.js';
 import { extractorTools } from './extractor.js';
-import { tracingTools } from './tracing.js';
+import { tracingTools, getSiteList, getRequestList, searchInResponses, getRequestDetail, getRequestInitiator } from './tracing.js';
 import { analysisTools } from './analysis.js';
 import { fileTools } from './file.js';
 import { evolveTools } from './evolve.js';
 import { captchaTools } from './captcha.js';
 import { antiDetectTools } from './anti-detect.js';
 import { crawlerTools } from './crawler.js';
+import { crawlerGeneratorTools } from './crawlerGenerator.js';
 import { nodejsTools } from './nodejs.js';
 import { hookManagerTools } from './hookManager.js';
+import { scratchpadTools } from './scratchpad.js';
 
 export const allTools = [
   ...sandboxTools,
@@ -104,34 +111,42 @@ export const allTools = [
   ...captchaTools,
   ...antiDetectTools,
   ...crawlerTools,
+  ...crawlerGeneratorTools,
   ...nodejsTools,
   ...hookManagerTools,
+  ...scratchpadTools,
 ];
 
 /**
  * 主 Agent 核心工具
- * 只包含必要的运行时、交互和数据查询工具
- * pythonTools 只在 js2python 子代理中使用
+ * 职责：浏览器生命周期、简单页面交互、数据查询、委托调度
+ *
+ * 以下工具有意不包含在主 agent 中，由专属子代理持有：
+ * - hookManagerTools (inject_hook 等) → reverse-agent
+ * - captureTools (collect_env, get_hook_logs 等) → reverse-agent
+ * - sandboxTools → reverse-agent
+ * - debugTools → reverse-agent
+ * - 静态分析工具 → reverse-agent
  */
 export const coreTools = [
-  // 浏览器运行时
+  // 浏览器运行时（生命周期管理）
   ...runtimeTools,
-  // 页面交互
-  ...browserTools,
-  // 浏览器分析交互
+  // 浏览器分析面板交互
   ...analysisTools,
-  // 数据溯源查询
-  ...tracingTools,
-  // 沙箱执行（验证代码）
-  ...sandboxTools,
-  // Hook 日志
-  ...captureTools,
+  // 数据查询（仅调度所需的最小集：列表、搜索、详情、initiator）
+  getSiteList, getRequestList, searchInResponses, getRequestDetail, getRequestInitiator,
+  // 报告生成
+  ...reportTools,
   // 文件操作
   ...fileTools,
   // 经验进化
   ...evolveTools,
-  // Node.js 执行（支持 require）
+  // Node.js 执行（委托前快速验证假设）- 已添加网络请求防护
   ...nodejsTools,
-  // Hook 动态管理
-  ...hookManagerTools,
+  // 工作记忆
+  ...scratchpadTools,
+  // 爬虫代码生成（带 HITL 确认）
+  ...crawlerGeneratorTools,
+  // 页面交互（自主数据搜寻：滚动加载、点击触发请求）
+  clickElement, scrollPage, fillInput, getInteractiveElements, getPageInfo, hoverElement, pressKey,
 ];

package/src/agent/tools/nodejs.js

@@ -17,10 +17,19 @@ const PROJECT_ROOT = join(__dirname, '../../..');
 // 输出大小限制
 const MAX_OUTPUT_SIZE = 100000;
 
+// 超时上限（防止 LLM 传入过大值）
+const MAX_TIMEOUT = 30000;
+
+// 连续超时计数器
+let consecutiveTimeouts = 0;
+const MAX_CONSECUTIVE_TIMEOUTS = 3;
+
 /**
  * 执行 Node.js 代码
  */
 async function executeNode(code, timeout = 10000) {
+  const effectiveTimeout = Math.min(timeout, MAX_TIMEOUT);
+
   return new Promise((resolve) => {
     const proc = spawn('node', ['-e', code], {
       env: { ...process.env },
@@ -30,12 +39,17 @@ async function executeNode(code, timeout = 10000) {
     let stdout = '';
     let stderr = '';
     let killed = false;
+    let killTimer = null;
 
-    // 手动实现超时
+    // SIGTERM 超时
     const timer = setTimeout(() => {
       killed = true;
       proc.kill('SIGTERM');
-    }, timeout);
+      // SIGKILL 兜底：环境检测死循环可能忽略 SIGTERM
+      killTimer = setTimeout(() => {
+        try { proc.kill('SIGKILL'); } catch { /* already dead */ }
+      }, 2000);
+    }, effectiveTimeout);
 
     proc.stdout.on('data', (data) => {
       if (stdout.length < MAX_OUTPUT_SIZE) {
@@ -51,21 +65,25 @@ async function executeNode(code, timeout = 10000) {
 
     proc.on('close', (exitCode) => {
       clearTimeout(timer);
+      if (killTimer) clearTimeout(killTimer);
       resolve({
         success: !killed && exitCode === 0,
         stdout: stdout.trim(),
-        stderr: killed ? 'Timeout: process killed' : stderr.trim(),
+        stderr: killed ? `Timeout after ${effectiveTimeout}ms: process killed` : stderr.trim(),
         exitCode: killed ? -1 : exitCode,
+        timedOut: killed,
       });
     });
 
     proc.on('error', (err) => {
       clearTimeout(timer);
+      if (killTimer) clearTimeout(killTimer);
       resolve({
         success: false,
         stdout: '',
         stderr: err.message,
         exitCode: -1,
+        timedOut: false,
       });
     });
   });
@@ -76,8 +94,25 @@ async function executeNode(code, timeout = 10000) {
  */
 export const runNodeCode = tool(
   async ({ code, timeout }) => {
-    const result = await executeNode(code, timeout || 10000);
-    return JSON.stringify(result);
+    // 连续超时保护：降级为短超时探测，而非完全拒绝
+    const isBlocked = consecutiveTimeouts >= MAX_CONSECUTIVE_TIMEOUTS;
+    const effectiveTimeout = isBlocked ? 5000 : (timeout || 10000);
+    const result = await executeNode(code, effectiveTimeout);
+
+    // 更新连续超时计数
+    if (result.timedOut) {
+      consecutiveTimeouts++;
+      if (consecutiveTimeouts >= MAX_CONSECUTIVE_TIMEOUTS) {
+        result.stderr += `\n\n⚠️ 已连续超时 ${consecutiveTimeouts} 次，后续调用将降级为 5s 短超时。代码很可能存在死循环或触发了环境检测。请停止重试相同逻辑，改用 sandbox_execute（沙箱执行）、断点调试或静态分析。`;
+      } else {
+        result.stderr += `\n\n⚠️ 连续超时 ${consecutiveTimeouts}/${MAX_CONSECUTIVE_TIMEOUTS} 次。如果代码包含从网站提取的混淆代码，可能存在环境检测导致死循环。建议：1) 检查代码是否有 while(true)/setInterval 等循环 2) 改用 sandbox_execute 在受控环境中执行`;
+      }
+    } else {
+      consecutiveTimeouts = 0; // 成功执行或非超时失败，重置计数
+    }
+
+    const { timedOut: _, ...output } = result;
+    return JSON.stringify(output);
   },
   {
     name: 'run_node_code',
@@ -93,7 +128,7 @@ export const runNodeCode = tool(
 示例：const CryptoJS = require('crypto-js'); console.log(CryptoJS.MD5('test').toString());`,
     schema: z.object({
       code: z.string().describe('要执行的 JS 代码，可使用 require 引入加密库'),
-      timeout: z.number().optional().default(10000).describe('超时时间（毫秒）'),
+      timeout: z.number().optional().default(10000).describe('超时时间（毫秒），上限 30000'),
     }),
   }
 );

package/src/agent/tools/patch.js

@@ -21,7 +21,7 @@ export const generatePatch = tool(
     description: '为缺失的环境属性生成补丁代码。',
     schema: z.object({
       property: z.string().describe('缺失的属性路径，如 navigator.userAgent'),
-      context: z.record(z.string(), z.unknown()).optional().describe('上下文信息'),
+      context: z.object({}).passthrough().optional().describe('上下文信息'),
     }),
   }
 );

package/src/agent/tools/sandbox.js

@@ -76,4 +76,24 @@ export const sandboxReset = tool(
   }
 );
 
-export const sandboxTools = [sandboxExecute, sandboxInject, sandboxReset];
+/**
+ * 自动补环境执行工具
+ */
+export const sandboxAutoFix = tool(
+  async ({ code, timeout, maxIterations }) => {
+    const sb = await getSandbox();
+    const result = await sb.executeWithAutoFix(code, { timeout, maxIterations });
+    return JSON.stringify(result, null, 2);
+  },
+  {
+    name: 'sandbox_auto_fix',
+    description: '自动补环境闭环执行：加载预置模块 → 执行代码 → 发现缺失环境 → 自动生成补丁 → 重试，直到成功或无法继续。适合快速验证混淆代码能否在沙箱中运行。',
+    schema: z.object({
+      code: z.string().describe('要执行的目标JS代码'),
+      timeout: z.number().optional().default(5000).describe('单次执行超时时间(ms)'),
+      maxIterations: z.number().optional().default(10).describe('最大迭代次数'),
+    }),
+  }
+);
+
+export const sandboxTools = [sandboxExecute, sandboxInject, sandboxReset, sandboxAutoFix];