xt-cli 0.2.1__py3-none-any.whl

dependencies.py

@@ -0,0 +1,1109 @@
+"""工程版本追踪与管理。"""
+from __future__ import annotations
+
+import hashlib
+import fnmatch
+import json
+import os as _os
+import re
+import subprocess
+import sys
+from pathlib import Path
+from typing import Any
+
+import json5
+
+from config import ConfigStore
+from paths import build_global_config_path
+
+
+def _get_git_version(repo_path: Path) -> tuple[str, bool]:
+    """获取 git 仓库的 HEAD commit sha（8 位）和 dirty 状态。
+
+    Returns:
+        (sha, is_dirty): sha 为 8 位短哈希，is_dirty 表示是否有未提交改动。
+    Raises:
+        subprocess.CalledProcessError: 非 git 仓库或 git 命令失败。
+    """
+    sha = subprocess.run(
+        ["git", "-C", str(repo_path), "rev-parse", "--short=8", "HEAD"],
+        check=True, capture_output=True, text=True, encoding="utf-8",
+    ).stdout.strip()
+    dirty_output = subprocess.run(
+        ["git", "-C", str(repo_path), "status", "--porcelain"],
+        check=True, capture_output=True, text=True, encoding="utf-8",
+    ).stdout.strip()
+    return sha, bool(dirty_output)
+
+
+def _is_git_repo(path: Path) -> bool:
+    """检查目录是否是 git 仓库。"""
+    result = subprocess.run(
+        ["git", "-C", str(path), "rev-parse", "--git-dir"],
+        capture_output=True, text=True, encoding="utf-8",
+    )
+    return result.returncode == 0
+
+
+def _check_ancestor(older: str, newer: str, repo_path: Path) -> bool:
+    """检查 older 是否是 newer 的祖先提交（通过 merge-base）。"""
+    result = subprocess.run(
+        ["git", "-C", str(repo_path), "merge-base", "--is-ancestor", older, newer],
+        capture_output=True, text=True, encoding="utf-8",
+    )
+    return result.returncode == 0
+
+
+def _check_sha_constraint(
+    op: str, required: str, current: str, repo_path: Path
+) -> bool:
+    """检查当前 sha 是否满足单个约束。
+
+    操作符映射：
+    - == : 精确匹配（前 8 位）
+    - != : 不等于
+    - >= : current 是 required 的后代（含 required 的改动）
+    - <= : current 是 required 的祖先
+    - >  : >= 且 !=
+    - <  : <= 且 !=
+    """
+    if op == "==":
+        return current == required[:len(current)]
+    if op == "!=":
+        return current != required[:len(current)]
+    if op == ">=":
+        return _check_ancestor(required, "HEAD", repo_path)
+    if op == "<=":
+        return _check_ancestor("HEAD", required, repo_path)
+    if op == ">":
+        return _check_ancestor(required, "HEAD", repo_path) and current != required[:len(current)]
+    if op == "<":
+        return _check_ancestor("HEAD", required, repo_path) and current != required[:len(current)]
+    return False
+
+
+def _parse_semver(ver: str) -> tuple[int, int, int, str] | None:
+    """解析 semver 版本号。支持 v1.2.3, 1.2.3-alpha, v1.2.3-beta.1。"""
+    v = ver.strip()
+    if v.startswith("v"):
+        v = v[1:]
+    m = re.match(r'^(\d+)\.(\d+)\.(\d+)(?:-(.+))?$', v)
+    if not m:
+        return None
+    return int(m.group(1)), int(m.group(2)), int(m.group(3)), m.group(4) or ""
+
+
+def _semver_cmp(a: tuple[int, int, int, str], b: tuple[int, int, int, str]) -> int:
+    """比较两个 semver，返回 -1/0/1。"""
+    # 数值部分
+    for i in range(3):
+        if a[i] < b[i]:
+            return -1
+        if a[i] > b[i]:
+            return 1
+    # prerelease 部分：有 prerelease < 无 prerelease
+    if a[3] == b[3]:
+        return 0
+    if not a[3]:
+        return 1
+    if not b[3]:
+        return -1
+    return -1 if a[3] < b[3] else (1 if a[3] > b[3] else 0)
+
+
+def _check_semver_constraint(op: str, required_str: str, current_str: str) -> bool:
+    """检查当前 semver 是否满足约束。"""
+    required = _parse_semver(required_str)
+    current = _parse_semver(current_str)
+    if required is None or current is None:
+        return False
+
+    if op == "==":
+        return _semver_cmp(current, required) == 0
+    if op == "!=":
+        return _semver_cmp(current, required) != 0
+    if op == ">":
+        return _semver_cmp(current, required) > 0
+    if op == ">=":
+        return _semver_cmp(current, required) >= 0
+    if op == "<":
+        return _semver_cmp(current, required) < 0
+    if op == "<=":
+        return _semver_cmp(current, required) <= 0
+    if op == "~":
+        upper = (required[0], required[1] + 1, 0, "")
+        return _semver_cmp(current, required) >= 0 and _semver_cmp(current, upper) < 0
+    if op == "^":
+        if required[0] == 0:
+            return _check_semver_constraint("~", required_str, current_str)
+        upper = (required[0] + 1, 0, 0, "")
+        return _semver_cmp(current, required) >= 0 and _semver_cmp(current, upper) < 0
+    return False
+
+
+def _get_semver_version(repo_path: Path) -> str | None:
+    """从 git tag 获取当前 semver 版本。"""
+    try:
+        tags = subprocess.run(
+            ["git", "-C", str(repo_path), "tag", "--points-at", "HEAD"],
+            check=True, capture_output=True, text=True, encoding="utf-8",
+        ).stdout.strip().splitlines()
+        tags = [t.strip() for t in tags if t.strip()]
+        if tags:
+            best = None
+            best_parsed = None
+            for t in tags:
+                p = _parse_semver(t)
+                if p and (best_parsed is None or _semver_cmp(p, best_parsed) > 0):
+                    best = t
+                    best_parsed = p
+            if best:
+                s = best
+                return s[1:] if s.startswith("v") else s
+    except subprocess.CalledProcessError:
+        pass
+
+    try:
+        desc = subprocess.run(
+            ["git", "-C", str(repo_path), "describe", "--tags", "--abbrev=0"],
+            check=True, capture_output=True, text=True, encoding="utf-8",
+        ).stdout.strip()
+        p = _parse_semver(desc)
+        if p:
+            s = desc
+            return s[1:] if s.startswith("v") else s
+    except subprocess.CalledProcessError:
+        pass
+
+    return None
+
+
+def _load_jsonc(path: Path) -> dict[str, Any] | None:
+    """加载 JSONC 文件，不存在返回 None。"""
+    if not path.is_file():
+        return None
+    try:
+        raw = path.read_text(encoding="utf-8")
+        data = json5.loads(raw)
+    except (ValueError, json.JSONDecodeError):
+        return None
+    if not isinstance(data, dict):
+        return None
+    return data
+
+
+def _save_jsonc(path: Path, data: dict[str, Any]) -> bool:
+    """保存 JSONC 文件（机器生成用 JSON，无注释）。
+
+    与现有内容比较，无变化不写。返回 True 表示已写入。
+    """
+    new_content = json.dumps(data, ensure_ascii=False, indent=2) + "\n"
+    if path.is_file() and path.read_text(encoding="utf-8") == new_content:
+        return False
+    path.parent.mkdir(parents=True, exist_ok=True)
+    path.write_text(new_content, encoding="utf-8")
+    return True
+
+
+def _identify_val_type(val: str) -> str | None:
+    """识别 val 的类型。
+
+    Returns:
+        "git" | "semver" | None
+    """
+    if re.fullmatch(r'[0-9a-fA-F]{7,40}', val):
+        return "git"
+    if re.search(r'\d', val) and '.' in val:
+        return "semver"
+    return None
+
+
+def _parse_require(val: str) -> list[tuple[str, str]]:
+    """解析 require 字符串为 (操作符, 版本) 列表。
+
+    "b8d82d2" → [("==", "b8d82d2")]
+    ">= c9e1234, != b8d82d2" → [(">=", "c9e1234"), ("!=", "b8d82d2")]
+    """
+    constraints: list[tuple[str, str]] = []
+    for part in val.split(','):
+        part = part.strip()
+        if not part:
+            continue
+        match = re.match(r'^(>=|<=|==|!=|~|>|<)?\s*(.+)$', part)
+        if match:
+            op = match.group(1) or "=="
+            version = match.group(2).strip()
+            constraints.append((op, version))
+    return constraints
+
+
+
+def _print_warning(title: str, body: list[str], hint: str = "") -> None:
+    """输出 ANSI 黄色警告框。
+
+    body 行缩进两格，hint 灰色显示在末尾。
+    格式（设计文档 §6.2）：
+    ────────────────────────── WARNING ──────────────────────────
+    title
+      body_line_1
+      body_line_2
+    hint
+    ────────────────────────────────────────────────────────────
+    """
+    YELLOW = "\033[33m"
+    BOLD_YELLOW = "\033[1;33m"
+    GRAY = "\033[90m"
+    RESET = "\033[0m"
+    SEP = "─" * 60
+
+    print(f"{YELLOW}{SEP[:26]} {BOLD_YELLOW}WARNING{RESET}{YELLOW} {SEP[:26]}{RESET}")
+    print(f"{YELLOW}{title}{RESET}")
+    for line in body:
+        print(f"{YELLOW}  {line}{RESET}")
+    if hint:
+        print(f"{GRAY}{hint}{RESET}")
+    print(f"{YELLOW}{SEP}{RESET}")
+
+
+def _print_error(msg: str) -> None:
+    """输出错误信息到 stderr。"""
+    print(f"\033[31mError: {msg}\033[0m", file=sys.stderr)
+
+
+def _print_info(msg: str) -> None:
+    """输出信息到 stdout。"""
+    print(f"Info: {msg}")
+
+
+def _print_warnings_box(warnings: list[tuple[str, list[str]]]) -> None:
+    """输出所有警告到一个 ANSI 黄色警告框中。
+
+    格式：头尾各一条分隔线，中间每条警告标题 + 缩进 body。
+    """
+    YELLOW = "\033[33m"
+    BOLD_YELLOW = "\033[1;33m"
+    RESET = "\033[0m"
+    SEP = "─" * 60
+
+    print(f"{YELLOW}{SEP[:26]} {BOLD_YELLOW}WARNING{RESET}{YELLOW} {SEP[:26]}{RESET}")
+    for i, (title, body) in enumerate(warnings):
+        if i > 0:
+            print()  # 条目间空行
+        print(f"{YELLOW}{title}{RESET}")
+        for line in body:
+            print(f"{YELLOW}  {line}{RESET}")
+    print(f"{YELLOW}{SEP}{RESET}")
+
+
+def _relative_path(target: Path, base: Path) -> str:
+    """计算相对路径。
+
+    同级或子目录 → ./相对路径
+    父目录 → ../相对路径
+    跨盘符或无法相对化 → 返回原绝对路径
+    """
+    try:
+        rel = target.resolve().relative_to(base.resolve())
+        return "./" + rel.as_posix()
+    except ValueError:
+        try:
+            return _os.path.relpath(target, base).replace('\\', '/')
+        except ValueError:
+            return target.as_posix()
+
+
+# ============================================================
+# Task 6: path resolver, on_fail resolver, targets resolver
+# ============================================================
+
+
+def _resolve_repo_path(name: str, deps_entry: dict, context) -> Path | None:
+    """解析仓库路径。
+
+    优先级：xt_deps 中的 path 字段 > 默认路径。
+    xt-sdk → context.sdk_dir
+    platforms.<name> → context.sdk_dir / "platforms" / <name>
+    """
+    if name == "xt-sdk":
+        return context.sdk_dir
+    custom_path = deps_entry.get("path")
+    if custom_path:
+        return context.project_dir / custom_path
+    default_path = context.sdk_dir / "platforms" / name
+    if default_path.is_dir():
+        return default_path
+    return None
+
+
+def _resolve_on_fail(deps_entry: dict, scope: str, context) -> str:
+    """解析 on_fail 值。
+
+    优先级：条目显式值 > xt_deps.jsonc deps 段 > local config > global config > 默认 "warn"。
+    scope: "version" 读 deps.on_fail, "target" 读 deps.targets.on_fail。
+    """
+    if scope == "version":
+        explicit = deps_entry.get("on_fail")
+    else:
+        targets = deps_entry.get("targets")
+        explicit = targets.get("on_fail") if isinstance(targets, dict) else None
+
+    if explicit in ("warn", "error", "ignore"):
+        return explicit
+
+    config_key = f"on_{scope}_fail"
+
+    # xt_deps.jsonc deps_configs 段
+    xt_deps = _load_jsonc(context.project_dir / "xt_deps.jsonc")
+    if xt_deps:
+        deps_block = xt_deps.get("deps_configs")
+        if isinstance(deps_block, dict):
+            value = deps_block.get(config_key)
+            if value in ("warn", "error", "ignore"):
+                return value
+
+    # local config
+    local_path = context.project_dir / "xt_conf.jsonc"
+    if local_path.is_file():
+        local_data = ConfigStore(local_path).load()
+        deps = local_data.get("deps_configs")
+        if isinstance(deps, dict):
+            value = deps.get(config_key)
+            if value in ("warn", "error", "ignore"):
+                return value
+
+    # global config
+    global_path = build_global_config_path()
+    if global_path.is_file():
+        global_data = ConfigStore(global_path).load()
+        deps = global_data.get("deps_configs")
+        if isinstance(deps, dict):
+            value = deps.get(config_key)
+            if value in ("warn", "error", "ignore"):
+                return value
+
+    return "warn"
+
+
+def _resolve_targets_constraint(deps_entry: dict) -> list[str] | None:
+    """从 deps 条目中提取 targets 约束列表。
+
+    支持简写（数组）和完整对象两种格式。
+    返回 None 表示无约束。
+    """
+    targets = deps_entry.get("targets")
+    if targets is None:
+        return None
+    if isinstance(targets, list):
+        return targets
+    if isinstance(targets, dict):
+        require = targets.get("require")
+        if isinstance(require, list):
+            return require
+    return None
+
+
+def sync_dependencies(context, dirty_allowed: bool = False) -> None:
+    """根据 xt_deps.jsonc 将各仓库 checkout 到要求的版本。
+
+    在 check_dependencies 之前调用。dirty 仓库默认中止（--dirty 允许）。
+    """
+    xt_deps = _load_jsonc(context.project_dir / "xt_deps.jsonc")
+    if xt_deps is None:
+        return
+
+    print("[xt cli] Syncing dependencies...")
+
+    # xt-sdk
+    xt_sdk_entry = xt_deps.get("xt-sdk")
+    if isinstance(xt_sdk_entry, dict):
+        _sync_repo("xt-sdk", context.sdk_dir, xt_sdk_entry, dirty_allowed)
+
+    # platforms
+    platforms_deps = xt_deps.get("platforms", {})
+    if isinstance(platforms_deps, dict):
+        for name, entry in platforms_deps.items():
+            if not isinstance(entry, dict):
+                continue
+            repo_path = _resolve_repo_path(name, entry, context)
+            if repo_path and repo_path.is_dir():
+                _sync_repo(name, repo_path, entry, dirty_allowed)
+
+    # components
+    components_deps = xt_deps.get("components", {})
+    if isinstance(components_deps, dict):
+        for name, entry in components_deps.items():
+            if not isinstance(entry, dict):
+                continue
+            repo_path = _resolve_component_path(name, entry, context)
+            if repo_path and repo_path.is_dir():
+                _sync_repo(name, repo_path, entry, dirty_allowed)
+
+    print("[xt cli] Sync complete.")
+
+
+def _sync_repo(name: str, repo_path, entry: dict, dirty_allowed: bool) -> None:
+    """同步单个仓库到 require 指定的版本。"""
+    require = entry.get("require")
+    if require is None:
+        return
+
+    # 检查 dirty
+    if (repo_path / ".git").exists():
+        try:
+            _, is_dirty = _get_git_version(repo_path)
+            if is_dirty and not dirty_allowed:
+                _print_error(f"{name}: repository is dirty, aborting sync. Use --dirty to allow.")
+                sys.exit(1)
+        except subprocess.CalledProcessError:
+            pass
+
+    # 确定目标版本
+    if isinstance(require, dict):
+        val_type = require.get("type")
+        target = require.get("val", "")
+        if val_type == "hash":
+            print(f"  {name}: hash type, skip checkout")
+            return
+    else:
+        target = require  # 字符串：可能是 sha 或 semver
+
+    # semver → 找 tag
+    if (repo_path / ".git").exists() and _identify_val_type(target) == "semver":
+        # 当前已经是目标版本 → 跳过
+        current_ver = _get_semver_version(repo_path)
+        if current_ver:
+            target_parsed = _parse_semver(target)
+            current_parsed = _parse_semver(current_ver)
+            if target_parsed and current_parsed and _semver_cmp(current_parsed, target_parsed) == 0:
+                print(f"  {name}: no change (already at {current_ver})")
+                return
+        # 尝试 checkout 对应 tag
+        for prefix in ("", "v", "V"):
+            tag = prefix + target
+            try:
+                subprocess.run(
+                    ["git", "-C", str(repo_path), "checkout", tag],
+                    check=True, capture_output=True, text=True, encoding="utf-8",
+                )
+                print(f"  {name}: checkout {tag}")
+                return
+            except subprocess.CalledProcessError:
+                continue
+        _print_error(f"{name}: cannot find tag for {target}")
+        sys.exit(1)
+
+    # git sha → checkout
+    if (repo_path / ".git").exists():
+        # 检查是否已经在目标版本
+        try:
+            current_sha = subprocess.run(
+                ["git", "-C", str(repo_path), "rev-parse", "--short=8", "HEAD"],
+                check=True, capture_output=True, text=True, encoding="utf-8",
+            ).stdout.strip()
+            if current_sha == target[:len(current_sha)]:
+                print(f"  {name}: no change (already at {current_sha})")
+                return
+        except subprocess.CalledProcessError:
+            pass
+
+        subprocess.run(
+            ["git", "-C", str(repo_path), "checkout", target],
+            check=True, capture_output=True, text=True, encoding="utf-8",
+        )
+        print(f"  {name}: checkout {target}")
+
+        # xt-sdk 额外同步 submodule
+        if name == "xt-sdk":
+            subprocess.run(
+                ["git", "-C", str(repo_path), "submodule", "update", "--init", "--recursive"],
+                check=True, capture_output=True, text=True, encoding="utf-8",
+            )
+    else:
+        print(f"  {name}: not a git repo, skip checkout")
+
+
+# ============================================================
+# Task 6: check_dependencies 核心逻辑
+# ============================================================
+
+
+def _is_track_enabled(context) -> bool:
+    """检查是否允许写入 xt_vers（默认 false，需显式开启）。
+
+    优先级：xt_deps.jsonc deps_configs.track > local config > global config > 默认 false。
+    """
+    # xt_deps.jsonc deps_configs 段
+    xt_deps = _load_jsonc(context.project_dir / "xt_deps.jsonc")
+    if xt_deps:
+        deps_block = xt_deps.get("deps_configs")
+        if isinstance(deps_block, dict) and "track" in deps_block:
+            val = deps_block["track"]
+            if isinstance(val, bool):
+                return val
+            if isinstance(val, str):
+                return val.lower() in ("true", "1")
+
+    local_path = context.project_dir / "xt_conf.jsonc"
+    if local_path.is_file():
+        local_data = ConfigStore(local_path).load()
+        deps = local_data.get("deps_configs")
+        if isinstance(deps, dict) and "track" in deps:
+            val = deps["track"]
+            if isinstance(val, bool):
+                return val
+            if isinstance(val, str):
+                return val.lower() in ("true", "1")
+            return False
+    global_path = build_global_config_path()
+    if global_path.is_file():
+        global_data = ConfigStore(global_path).load()
+        deps = global_data.get("deps_configs")
+        if isinstance(deps, dict) and "track" in deps:
+            val = deps["track"]
+            if isinstance(val, bool):
+                return val
+            if isinstance(val, str):
+                return val.lower() in ("true", "1")
+            return False
+    return False
+
+
+def check_dependencies(context, dirty_allowed: bool = False, strict: bool = False) -> tuple[bool, list]:
+    """before build: 读取 xt_deps，检查约束和 commit。
+
+    Args:
+        context: BuildContext
+        dirty_allowed: --dirty CLI 标志，True 时脏仓库仅警告不中止。
+        strict: --strict CLI 标志，True 时将 warn 升级为 error。
+
+    Returns:
+        (passed, warnings): passed=False 时调用方应中止编译。
+        warnings 为 [(title, [body_lines])] 列表，由调用方在合适时机输出。
+    """
+    xt_deps = _load_jsonc(context.project_dir / "xt_deps.jsonc")
+    if xt_deps is None:
+        return True, []
+
+    # --strict 时检查工程自身仓库是否干净
+    if strict and not dirty_allowed:
+        project_dir = context.project_dir
+        if (project_dir / ".git").exists():
+            try:
+                _, is_dirty = _get_git_version(project_dir)
+                if is_dirty:
+                    _print_error(
+                        "Project repository is dirty.\n"
+                        f"  Path: {project_dir}\n"
+                        "  Use --dirty to allow."
+                    )
+                    return False, []
+            except subprocess.CalledProcessError:
+                pass
+
+    xt_vers = _load_jsonc(context.project_dir / "xt_vers.jsonc")
+    release = xt_deps.get("release", False)
+    all_pass = True
+    warnings: list[tuple[str, list[str]]] = []
+
+    # 检查 xt-sdk
+    xt_sdk_entry = xt_deps.get("xt-sdk")
+    if isinstance(xt_sdk_entry, dict):
+        if not _check_entry(
+            "xt-sdk",
+            context.sdk_dir,
+            xt_sdk_entry,
+            xt_vers.get("xt-sdk") if xt_vers else None,
+            release=release,
+            dirty_allowed=dirty_allowed,
+            context=context,
+            check_targets=False,
+            warnings=warnings,
+            strict=strict,
+        ):
+            all_pass = False
+
+    # 检查当前平台
+    platforms_deps = xt_deps.get("platforms", {})
+    if isinstance(platforms_deps, dict):
+        platform_name = context.platform_name
+        entry = platforms_deps.get(platform_name)
+        if isinstance(entry, dict):
+            repo_path = _resolve_repo_path(platform_name, entry, context)
+            if repo_path is None:
+                _print_error(f"{platform_name}: repository not found.")
+                all_pass = False
+            elif not repo_path.is_dir():
+                _print_error(f"{platform_name}: repository not found at '{repo_path}'")
+                all_pass = False
+            else:
+                platforms_vers = xt_vers.get("platforms", {}) if xt_vers else {}
+                if not _check_entry(
+                    platform_name,
+                    repo_path,
+                    entry,
+                    platforms_vers.get(platform_name),
+                    release=release,
+                    dirty_allowed=dirty_allowed,
+                    context=context,
+                    check_targets=True,
+                    warnings=warnings,
+                    strict=strict,
+                ):
+                    all_pass = False
+
+    # 检查 components
+    components_deps = xt_deps.get("components", {})
+    if isinstance(components_deps, dict):
+        components_vers = xt_vers.get("components", {}) if xt_vers else {}
+        for name, entry in components_deps.items():
+            if not isinstance(entry, dict):
+                continue
+            repo_path = _resolve_component_path(name, entry, context)
+            if repo_path is None:
+                _print_error(f"{name}: component path not found")
+                all_pass = False
+                continue
+            if not repo_path.is_dir():
+                _print_error(f"{name}: component path does not exist at '{repo_path}'")
+                all_pass = False
+                continue
+            if not _check_entry(
+                name, repo_path, entry,
+                components_vers.get(name),
+                release=release, dirty_allowed=dirty_allowed,
+                context=context, check_targets=False,
+                warnings=warnings, strict=strict,
+            ):
+                all_pass = False
+
+    return all_pass, warnings
+
+
+def _resolve_component_path(name: str, deps_entry: dict, context) -> Path | None:
+    """解析组件路径。默认：<project_dir>/components/<name>。"""
+    custom_path = deps_entry.get("path")
+    if custom_path:
+        return context.project_dir / custom_path
+    return context.project_dir / "components" / name
+
+
+def _check_entry(
+    name: str,
+    repo_path: Path,
+    deps_entry: dict,
+    vers_entry: dict | str | None,
+    *,
+    release: bool,
+    dirty_allowed: bool,
+    context,
+    check_targets: bool,
+    warnings: list[tuple[str, list[str]]] | None = None,
+    strict: bool = False,
+) -> bool:
+    """检查单个依赖条目。返回 True=通过。"""
+    require = deps_entry.get("require")
+    has_require = require is not None
+
+    # 判断 require 是否为 semver 约束
+    require_is_semver = False
+    if isinstance(require, str):
+        require_is_semver = _identify_val_type(require) == "semver"
+    elif isinstance(require, dict) and require.get("type") == "semver":
+        require_is_semver = True
+
+    # 获取当前版本
+    if require_is_semver:
+        current_ver = _get_semver_version(repo_path)
+        if current_ver is None:
+            _print_error(f"{name}: no semver tag found for '{repo_path}'")
+            return False
+        current_sha = current_ver
+        is_dirty = False
+        version_str = current_ver
+    elif isinstance(require, dict) and require.get("type") == "hash":
+        current_sha = hash_dir(repo_path)
+        is_dirty = False
+        version_str = current_sha
+    elif not (repo_path / ".git").exists():
+        current_sha = hash_dir(repo_path)
+        is_dirty = False
+        version_str = current_sha
+    else:
+        try:
+            current_sha, is_dirty = _get_git_version(repo_path)
+        except subprocess.CalledProcessError:
+            _print_error(f"{name}: unable to get git version from '{repo_path}'")
+            return False
+        version_str = f"{current_sha}{'-dirty' if is_dirty else ''}"
+
+    # 首次追踪
+    if vers_entry is None:
+        _print_info(f"{name}: first time tracking (commit: {version_str})")
+        return True
+
+    recorded_version = _extract_version(vers_entry)
+
+    if has_require:
+        # 有 require → 约束检查
+        if not _check_version_require(require, current_sha, repo_path):
+            on_fail = _resolve_on_fail(deps_entry, "version", context)
+            if strict and on_fail != "error":
+                on_fail = "error"
+            if on_fail == "error":
+                _print_error(
+                    f"{name}: version constraint not satisfied.\n"
+                    f"  Required: {require}\n"
+                    f"  Current:  {current_sha}"
+                )
+                return False
+            if on_fail == "warn":
+                if warnings is not None:
+                    warnings.append((f"{name}: version constraint not satisfied.", [f"Required: {require}", f"Current:  {current_sha}"]))
+                # 继续检查 dirty 和 targets（release mode 下 dirty 仍可中止）
+    else:
+        # 无 require → 纯追踪模式：对比 xt_vers
+        if recorded_version != version_str:
+            if warnings is not None:
+                warnings.append((f"{name}: commit changed since last recorded build.", [f"Recorded: {recorded_version}", f"Current:  {version_str}"]))
+
+    # dirty 检查
+    if is_dirty:
+        should_abort = (release or strict) and not dirty_allowed
+        if should_abort:
+            _print_error(
+                f"{name}: repository is dirty.\n"
+                f"  Current:  {version_str}\n"
+                f"  Use --dirty to allow."
+            )
+            return False
+        if warnings is not None:
+            warnings.append((f"{name}: repository is dirty.", [f"Current:  {version_str}"]))
+
+    # targets 检查
+    if check_targets:
+        targets_constraint = _resolve_targets_constraint(deps_entry)
+        if targets_constraint is not None:
+            _, target_name = _split_target(context.target)
+            if not _check_target_match(target_name, targets_constraint):
+                on_fail = _resolve_on_fail(deps_entry, "target", context)
+                if strict and on_fail != "error":
+                    on_fail = "error"
+                msg = (
+                    f"{name}: target '{target_name}' not in constraint.\n"
+                    f"  Allowed: {targets_constraint}"
+                )
+                if on_fail == "error":
+                    _print_error(msg)
+                    return False
+                if on_fail == "warn":
+                    if warnings is not None:
+                        warnings.append((msg.split("\n")[0], msg.split("\n")[1:]))
+                return True
+
+    return True
+
+
+def _check_version_require(require_val, current_sha: str, repo_path: Path) -> bool:
+    """检查当前版本是否满足 require 约束。全部满足才通过。"""
+    if isinstance(require_val, dict):
+        val_type = require_val.get("type")
+        if val_type == "hash":
+            current_hash = hash_dir(repo_path)
+            return current_hash == require_val.get("val", "")
+        if val_type == "git":
+            if not (repo_path / ".git").exists():
+                _print_error(f"require type is git but '{repo_path}' is not a git repository")
+                return False
+            return current_sha == require_val.get("val", "")[:len(current_sha)]
+        return True  # 未知 type 值，跳过
+    if not isinstance(require_val, str):
+        _print_warning(
+            "require: unexpected type, skipping.",
+            [f"Type: {type(require_val).__name__}, Value: {require_val}"],
+        )
+        return True
+    # 字符串 require：自动检测类型
+    if not (repo_path / ".git").exists():
+        return hash_dir(repo_path) == require_val
+    constraints = _parse_require(require_val)
+    for op, version in constraints:
+        val_type = _identify_val_type(version)
+        if val_type == "git":
+            if not _check_sha_constraint(op, version, current_sha, repo_path):
+                return False
+        elif val_type == "semver":
+            if not _check_semver_constraint(op, version, current_sha):
+                return False
+    return True
+
+
+def _split_target(target: str) -> tuple[str, str]:
+    """从 target 字符串中分离平台名和目标名。
+
+    "lm620/r4f4" → ("lm620", "r4f4")
+    "windows/simulator" → ("windows", "simulator")
+    """
+    parts = target.split("/", 1)
+    if len(parts) == 2:
+        return parts[0], parts[1]
+    return parts[0], ""
+
+
+def _check_target_match(target_name: str, constraints: list[str]) -> bool:
+    """检查 target 是否满足约束。
+
+    constraints 如 ["r4f4", "!= r4f2"]：
+    - 普通字符串表示允许
+    - != 前缀表示排除
+    有任意允许项且无排除项 → True。
+    """
+    allowed: list[str] = []
+    excluded: list[str] = []
+    for c in constraints:
+        c = c.strip()
+        if c.startswith("!="):
+            excluded.append(c[2:].strip())
+        else:
+            allowed.append(c)
+    if excluded and target_name in excluded:
+        return False
+    if allowed:
+        return target_name in allowed
+    return True
+
+
+# ============================================================
+# Task 7: update_dependencies 核心逻辑
+# ============================================================
+
+
+def update_dependencies(context) -> None:
+    """after build: 收集实际版本，写入 xt_vers.jsonc。
+
+    编译成功后调用，在 after_build hook 之后。
+    """
+    xt_vers = _load_jsonc(context.project_dir / "xt_vers.jsonc")
+    if xt_vers is None:
+        xt_vers = {"config_version": 1}
+
+    # 更新 xt-sdk
+    xt_vers["xt-sdk"] = {"version": _get_entry_version(context.sdk_dir)}
+
+    # 更新当前平台
+    platform_name = context.platform_name
+    if "platforms" not in xt_vers:
+        xt_vers["platforms"] = {}
+
+    xt_deps = _load_jsonc(context.project_dir / "xt_deps.jsonc")
+    platforms_deps = xt_deps.get("platforms", {}) if xt_deps else {}
+    platform_entry_deps = platforms_deps.get(platform_name, {})
+    repo_path = _resolve_repo_path(platform_name, platform_entry_deps, context)
+
+    if repo_path:
+        version_str = _get_entry_version(repo_path)
+    else:
+        version_str = xt_vers["xt-sdk"]["version"]
+
+    # 追加 target（编译成功才更新，防止重复）
+    _, target_name = _split_target(context.target)
+    existing_entry = xt_vers["platforms"].get(platform_name)
+    existing_targets = _extract_targets(existing_entry)
+
+    if target_name and target_name not in existing_targets:
+        existing_targets.append(target_name)
+
+    platform_data: dict[str, Any] = {"version": version_str}
+    if existing_targets:
+        platform_data["targets"] = existing_targets
+    xt_vers["platforms"][platform_name] = platform_data
+
+    # 更新 components（写入 xt_vers）
+    components_deps = xt_deps.get("components", {}) if xt_deps else {}
+    if isinstance(components_deps, dict) and components_deps:
+        if "components" not in xt_vers:
+            xt_vers["components"] = {}
+        for name, entry in components_deps.items():
+            if not isinstance(entry, dict):
+                continue
+            repo_path = _resolve_component_path(name, entry, context)
+            if repo_path and repo_path.is_dir():
+                xt_vers["components"][name] = _get_version_entry(repo_path, entry)
+
+    _save_jsonc(context.project_dir / "xt_vers.jsonc", xt_vers)
+
+
+def _get_version_entry(repo_path: Path, deps_entry: dict | None = None) -> dict[str, Any]:
+    """获取条目版本对象。
+
+    返回值始终为 {"version": "..."}，非默认 git 类型追加 "source"。
+    """
+    require = deps_entry.get("require") if deps_entry else None
+    is_hash = isinstance(require, dict) and require.get("type") == "hash"
+    val_type = "hash" if is_hash else None
+    version = _get_entry_version(repo_path, val_type)
+    entry: dict[str, Any] = {"version": version}
+    if is_hash:
+        entry["source"] = {"type": "hash"}
+    return entry
+
+
+def hash_dir(dir_path: str | Path) -> str:
+    """计算目录内容 SHA-256，返回前 8 位十六进制。
+
+    算法：遍历目录 → 排序文件 → 文件名哈希 → 内容分块 SHA-256。
+    跳过 .git 目录，自动读取各级 .gitignore 过滤文件。
+    """
+    dir_path = Path(dir_path)
+    root_rules = _load_gitignore(dir_path)
+    sha = hashlib.sha256()
+    for root, dirs, files in _os.walk(dir_path):
+        if '.git' in dirs:
+            dirs.remove('.git')
+        # 子目录的 .gitignore 规则（相对当前 root）
+        dirs.sort()
+        sub_rules = root_rules + _load_gitignore(Path(root))
+        filtered_dirs = []
+        for d in dirs:
+            rel = _os.path.relpath(_os.path.join(root, d), dir_path).replace('\\', '/')
+            if not _match_gitignore(rel + '/', sub_rules):
+                filtered_dirs.append(d)
+        dirs[:] = filtered_dirs
+        for filename in sorted(files):
+            filepath = _os.path.join(root, filename)
+            relpath = _os.path.relpath(filepath, dir_path).replace('\\', '/')
+            # 跳过 .gitignore 自身
+            if filename == ".gitignore":
+                sha.update(relpath.encode('utf-8'))
+                continue
+            if _match_gitignore(relpath, sub_rules):
+                continue
+            sha.update(relpath.encode('utf-8'))
+            with open(filepath, 'rb') as f:
+                while True:
+                    block = f.read(65536)
+                    if not block:
+                        break
+                    sha.update(block)
+    return sha.hexdigest()[:8]
+
+
+def _load_gitignore(dir_path: Path) -> list[tuple[str, bool]]:
+    """读取 .gitignore，返回 [(pattern, is_negate)] 规则列表。"""
+    gitignore = dir_path / ".gitignore"
+    if not gitignore.is_file():
+        return []
+    rules: list[tuple[str, bool]] = []
+    for line in gitignore.read_text(encoding="utf-8").splitlines():
+        line = line.strip()
+        if not line or line.startswith("#"):
+            continue
+        is_negate = line.startswith("!")
+        if is_negate:
+            line = line[1:]
+        if line:
+            rules.append((line, is_negate))
+    return rules
+
+
+def _match_gitignore(relpath: str, rules: list[tuple[str, bool]]) -> bool:
+    """检查路径是否匹配 .gitignore 规则。最后命中的规则生效。"""
+    ignored = False
+    for pattern, is_negate in rules:
+        if _gitignore_match(relpath, pattern):
+            ignored = not is_negate
+    return ignored
+
+
+def _gitignore_match(relpath: str, pattern: str) -> bool:
+    """单个 .gitignore 模式匹配。支持 * ? [seq] ** / 锚定。"""
+    is_dir_pattern = pattern.endswith("/")
+    if is_dir_pattern:
+        pattern = pattern[:-1]
+        relpath = relpath.rstrip("/")
+
+    # 不含 / 且不含 **，匹配任意深度的文件名
+    if "/" not in pattern and "**" not in pattern:
+        return (fnmatch.fnmatch(relpath, pattern) or
+                fnmatch.fnmatch(relpath.split("/")[-1], pattern))
+
+    # 含 **，特殊处理
+    if "**" in pattern:
+        return _match_double_star(relpath, pattern)
+
+    # 含 /，从根精确路径匹配（目录标记时 relpath 尾部加 / 用于区分）
+    if is_dir_pattern:
+        return fnmatch.fnmatch(relpath + "/", pattern + "/")
+    return fnmatch.fnmatch(relpath, pattern)
+
+
+def _match_double_star(relpath: str, pattern: str) -> bool:
+    """处理 ** 通配符，转换为正则匹配。"""
+    regex = "^"
+    i = 0
+    while i < len(pattern):
+        if pattern[i:i+2] == "**":
+            if i + 2 < len(pattern) and pattern[i+2] == "/":
+                regex += r"(.*/)?"
+                i += 3  # skip **/
+            else:
+                regex += r".*"
+                i += 2
+        elif pattern[i] == "*":
+            regex += r"[^/]*"
+            i += 1
+        elif pattern[i] == "?":
+            regex += r"[^/]"
+            i += 1
+        elif pattern[i] in ".+^$(){}|\\":
+            regex += "\\" + pattern[i]
+            i += 1
+        else:
+            regex += pattern[i]
+            i += 1
+    regex += "$"
+    return bool(re.match(regex, relpath))
+
+
+def _get_entry_version(repo_path: Path, val_type: str | None = None) -> str:
+    """获取条目版本字符串。
+
+    val_type=None → 自动检测（semver > git sha > hash）
+    val_type="semver" → semver tag
+    val_type="git" → git sha
+    val_type="hash" → 目录哈希
+    """
+    if val_type == "hash":
+        return hash_dir(repo_path)
+    if val_type == "git":
+        sha, is_dirty = _get_git_version(repo_path)
+        return f"{sha}{'-dirty' if is_dirty else ''}"
+    if val_type == "semver" or (repo_path / ".git").exists():
+        sv = _get_semver_version(repo_path)
+        if sv:
+            return sv
+        if val_type == "semver":
+            return ""
+        sha, is_dirty = _get_git_version(repo_path)
+        return f"{sha}{'-dirty' if is_dirty else ''}"
+    return hash_dir(repo_path)
+
+
+def _extract_targets(entry) -> list[str]:
+    """从 xt_vers 条目提取 targets 列表（兼容新旧格式）。"""
+    if isinstance(entry, dict):
+        targets = entry.get("targets")
+        if isinstance(targets, list):
+            return list(targets)
+    return []
+
+
+def _extract_version(entry) -> str:
+    """从 xt_vers 条目提取 version 字符串。
+
+    当前格式为 {"version": "sha"}，兼容旧版短字符串格式。
+    """
+    if isinstance(entry, str):
+        return entry
+    if isinstance(entry, dict):
+        return entry.get("version", "")
+    return ""