Skip to content

fix(agent): use project package manager for dependency recovery#384

Merged
ceilf6 merged 2 commits into
developfrom
fix/dependency-recovery-package-manager-381
Jul 1, 2026
Merged

fix(agent): use project package manager for dependency recovery#384
ceilf6 merged 2 commits into
developfrom
fix/dependency-recovery-package-manager-381

Conversation

@ceilf6

@ceilf6 ceilf6 commented Jul 1, 2026

Copy link
Copy Markdown
Owner

Linked Issue Or Context

Summary

  • Reuse Filesense navigation package-manager context when building the missing-dependency recovery pseudo-step.
  • Emit add/install commands for pnpm/yarn/bun/npm, preserving npm fallback for unknown or generic node contexts.
  • Add focused coverage for pnpm recovery command selection while retaining existing npm fallback coverage.

Impact Scope

  • Only the missing-dependency recovery pseudo-step in packages/core/src/agent/step-callbacks.ts changes.
  • No dependency detection redesign, installs, lockfile changes, manifest changes, or planner/codegen prompt changes.

GitNexus Impact Summary

  • Risk level: LOW
  • Critical skeleton changes: agent-core (packages/core/src/agent/step-callbacks.ts, packages/core/src/agent/step-callbacks.test.ts)
  • GitNexus impact: impact(createOnPhaseComplete, upstream) reported LOW risk with 2 direct dependents and 1 affected process group (executeSteps); context(createOnPhaseComplete) confirmed incoming callers; detect_changes reported changed_count=1, affected_count=0, changed_files=2, risk_level=low, changed symbol createOnPhaseComplete, affected_processes=[].
  • Verification: focused test, core typecheck, pnpm quality:precommit, and pnpm quality:local passed.

Verification

  • pnpm agent:bootstrap passed.
  • pnpm quality:predev passed after installing dependencies from the frozen lockfile.
  • TDD red check: focused test first failed with expected npm install lodash vs pnpm add lodash mismatch.
  • pnpm --filter @frontagent/core exec vitest run src/agent/step-callbacks.test.ts passed: 28/28 tests.
  • pnpm --filter @frontagent/core typecheck passed.
  • pnpm quality:precommit passed.
  • pnpm quality:local passed.

Checklist

  • I have linked an issue or explained why this PR stands alone.
  • I have kept the diff focused on the stated change.
  • I have run pnpm quality:precommit, or explained why it could not run.
  • I have run pnpm quality:local for critical skeleton changes, or explained why it could not run.
  • I have updated docs or tests when behavior, public APIs, or Harness contracts changed.
  • For critical skeleton changes, I have filled the GitNexus impact summary with concrete results.

Copilot AI review requested due to automatic review settings July 1, 2026 10:44
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

🛡️ ceilf6/repo-guard

代码评审报告: fix(agent): use project package manager for dependency recovery

风险等级:
处理建议: 批准
决策摘要: ** 变更范围外科手术式、契约不变、直接满足 #381 的 pnpm/npm 验收标准,可以合并;剩余风险仅为 yarn/bun 分支缺少专门测试。

级联分析

  • 变更符号: 原始模型未提供结构化级联字段。
  • 受影响流程: 原始模型未提供结构化级联字段。
  • 变更集外调用方: unknown
  • 置信度: degraded

问题发现

模型未返回可结构化的问题发现;已提取可用的决策字段,原始非契约内容未附在评论中。

行级发现

  • 无明确变更行归属。

Karpathy 评审

  • 假设: 模型输出需要归一化为固定 Markdown 契约。
  • 简洁性: 已提取 summary、finding、evidence 与 fix;原始 prose 不再附在评论中,避免占用下游解析与代理上下文。
  • 变更范围: 原始模型未提供结构化范围字段。
  • 验证: 需要查看 CI、测试或人工 CR 证据补强合并信心。

缺失覆盖

  • 输出未命中 Repo Guard Markdown 契约;建议补充真实模型质量评估覆盖。

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the agent’s “missing npm dependencies” recovery pseudo-step to use the project’s detected package manager (from Filesense navigation context) instead of always emitting npm install ..., and adds a focused pnpm-specific test to verify command selection.

Changes:

  • Added a helper to generate install/add commands for pnpm/yarn/bun with npm fallback.
  • Wired the phase-completion missing-dependency recovery step to use the detected package manager from collected Filesense navigation context.
  • Added a test ensuring pnpm projects emit pnpm add ... for missing dependency recovery.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
packages/core/src/agent/step-callbacks.ts Uses Filesense package-manager context to build the missing-dependency recovery command (pnpm/yarn/bun/npm).
packages/core/src/agent/step-callbacks.test.ts Adds coverage asserting pnpm recovery uses pnpm add while keeping existing npm fallback coverage.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +205 to +221
function createMissingDependencyInstallCommand(
packageManager: string | undefined,
packages: string[],
): string {
const packageList = packages.join(' ');

switch (packageManager) {
case 'pnpm':
return `pnpm add ${packageList}`;
case 'yarn':
return `yarn add ${packageList}`;
case 'bun':
return `bun add ${packageList}`;
default:
return `npm install ${packageList}`;
}
}
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

🛡️ ceilf6/repo-guard

代码评审报告: fix(agent): use project package manager for dependency recovery

风险等级:
处理建议: 批准
决策摘要: 变更范围小、结构自然,正确满足 #381 的验收标准,可以合并;剩余风险仅为 yarn/bun 分支缺少专门测试。

级联分析

  • 变更符号: createMissingDependencyInstallCommand(新增), createOnPhaseComplete(修改)
  • 受影响流程: executeSteps 中的 missing-dependency recovery pseudo-step
  • 变更集外调用方: createOnPhaseComplete 有 2 个直接 dependents(GitNexus 报告),返回形状和签名未变,pseudo-step 只改 params.command 字符串内容,调用方不受影响
  • 置信度: high

问题发现

无 blocking findings。

变更是对既有硬编码 npm install 的最小外科手术式替换:新增一个纯函数把 package manager 映射到对应 add/install 命令,并从已有的 filesenseNavigation.summary.packageManager 事实读取上下文,未新增检测逻辑、未触碰 lockfile/manifest、未改动 planner/codegen prompt,与 #381 的 scope 和 non-goals 完全一致。

pnpm/yarn/bun 使用 add(新增依赖的正确语义),unknown/generic 回落到 npm install,保留了 fallback 承诺。可选链 ?. 保证 context 缺失时安全降级到 npm,未引入新的破坏面。

行级发现

  • [packages/core/src/agent/step-callbacks.ts:296] createMissingDependencyInstallCommand(packageManager, missingDeps) 调用正确;packageManager 通过 ?. 链读取,缺失时进入 default 分支返回 npm 命令,行为安全,无需修改。

Karpathy 评审

  • 假设: 假设 pnpm/yarn/bun 都用 add 子命令新增依赖,这一假设成立;packageManager 值来自既有 Filesense summary,未引入新契约。
  • 简洁性: 用一个纯 switch 函数替代内联字符串拼接,无过度抽象,唯一使用点清晰,规模匹配问题。
  • 结构质量: 逻辑放在正确层级(recovery pseudo-step 构造处),复用既有 package manager 事实而非重造检测;未增加分支散落或耦合。文件行数变化不构成边界问题。
  • 变更范围: diff 聚焦,无无关重构或格式噪声,每行都服务于 fix(agent): use the project package manager for missing dependency recovery steps #381 目标。
  • 验证: TDD red-check、focused test、typecheck、quality:precommit/quality:local 均通过,npm fallback 既有覆盖保留,pnpm 新增覆盖。

缺失覆盖

  • yarn 和 bun 分支未被专门测试覆盖。验收标准只强制要求 pnpm 与 npm/unknown,二者已覆盖,因此为非阻塞。若想进一步提升信心,可对 yarn/bun 各加一条 add 命令断言,防止未来误改 switch 分支时回归。

@ceilf6 ceilf6 merged commit 9a40aa6 into develop Jul 1, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

fix(agent): use the project package manager for missing dependency recovery steps

2 participants