import { exec } from "child_process"; import { promisify } from "util"; import { existsSync } from "fs"; import { join } from "path"; const execAsync = promisify(exec); export const depManageTool = { name: "dep_manage", description: "依赖管理。安装/更新/删除依赖、检查过时包、安全漏洞审计、分析 bundle 大小。支持 npm 和 pip。", inputSchema: { type: "object", properties: { project_path: { type: "string", description: "项目根目录(绝对路径)", }, action: { type: "string", description: "操作类型", enum: ["install", "add", "remove", "update", "outdated", "audit", "list", "why"], }, packages: { type: "string", description: "包名(多个用空格分隔),add/remove/why 时必填", }, dev: { type: "boolean", description: "是否为开发依赖(默认 false)", }, }, required: ["project_path", "action"], }, }; async function run(cmd, cwd, timeout = 120000) { try { const { stdout, stderr } = await execAsync(cmd, { cwd, timeout, maxBuffer: 1024 * 1024 * 10, shell: process.platform === "win32" ? "powershell.exe" : "/bin/bash", }); return { stdout, stderr, code: 0 }; } catch (error) { return { stdout: error.stdout || "", stderr: error.stderr || "", code: error.code ?? 1 }; } } export async function executeDepManage(args) { const { project_path, action, packages, dev = false } = args; const hasFile = (name) => existsSync(join(project_path, name)); const isNode = hasFile("package.json"); const isPython = hasFile("requirements.txt") || hasFile("pyproject.toml"); if (!isNode && !isPython) { return "❌ 未检测到 package.json 或 requirements.txt"; } let cmd = ""; let title = ""; if (isNode) { switch (action) { case "install": cmd = "npm install"; title = "npm install"; break; case "add": if (!packages) return "❌ add 需要 packages 参数"; cmd = `npm install ${packages}${dev ? " --save-dev" : ""}`; title = `npm install ${packages}${dev ? " (dev)" : ""}`; break; case "remove": if (!packages) return "❌ remove 需要 packages 参数"; cmd = `npm uninstall ${packages}`; title = `npm uninstall ${packages}`; break; case "update": cmd = packages ? `npm update ${packages}` : "npm update"; title = `npm update${packages ? ` ${packages}` : ""}`; break; case "outdated": cmd = "npm outdated --long 2>&1 || true"; title = "npm outdated(过时依赖检查)"; break; case "audit": cmd = "npm audit 2>&1 || true"; title = "npm audit(安全漏洞审计)"; break; case "list": cmd = "npm list --depth=0 2>&1"; title = "npm list(已安装依赖)"; break; case "why": if (!packages) return "❌ why 需要 packages 参数"; cmd = `npm why ${packages} 2>&1`; title = `npm why ${packages}`; break; } } else if (isPython) { switch (action) { case "install": cmd = hasFile("requirements.txt") ? "pip install -r requirements.txt" : "pip install -e ."; title = "pip install"; break; case "add": if (!packages) return "❌ add 需要 packages 参数"; cmd = `pip install ${packages}`; title = `pip install ${packages}`; break; case "remove": if (!packages) return "❌ remove 需要 packages 参数"; cmd = `pip uninstall -y ${packages}`; title = `pip uninstall ${packages}`; break; case "update": cmd = packages ? `pip install --upgrade ${packages}` : "pip install --upgrade -r requirements.txt"; title = `pip upgrade${packages ? ` ${packages}` : ""}`; break; case "outdated": cmd = "pip list --outdated 2>&1"; title = "pip outdated"; break; case "audit": cmd = "pip-audit 2>&1 || pip check 2>&1"; title = "pip audit / check"; break; case "list": cmd = "pip list 2>&1"; title = "pip list"; break; case "why": if (!packages) return "❌ why 需要 packages 参数"; cmd = `pip show ${packages} 2>&1`; title = `pip show ${packages}`; break; } } if (!cmd) return `❌ 未知操作: ${action}`; const result = await run(cmd, project_path); const fullOutput = [result.stdout, result.stderr].filter(Boolean).join("\n").trim(); const icon = result.code === 0 ? "✅" : "⚠️"; const output = [ `# ${icon} ${title}`, ``, `📂 ${project_path}`, `📦 ${isNode ? "npm" : "pip"}`, ``, "```", fullOutput.slice(0, 6000) || "(无输出)", "```", ]; // audit 额外解析 if (action === "audit" && isNode) { const criticalMatch = fullOutput.match(/(\d+)\s+(critical|high)/gi); if (criticalMatch && criticalMatch.length > 0) { output.push(``, `⚠️ **发现高危漏洞!** 建议运行 \`npm audit fix\` 或 \`npm audit fix --force\``); } else if (result.code === 0) { output.push(``, `✅ 未发现已知安全漏洞`); } } // outdated 额外解析 if (action === "outdated" && fullOutput.trim()) { const lines = fullOutput.trim().split("\n").filter((l) => l.trim()); if (lines.length > 1) { output.push(``, `📊 发现 ${lines.length - 1} 个可更新的包`); output.push(`💡 运行 \`dep_manage action=update\` 更新所有包`); } } return output.join("\n"); } //# sourceMappingURL=depManage.js.map