playbooks

home / skills / sounder25 / google-antigravity-skills-library / 12_dependency_tree_mapping

12_dependency_tree_mapping skill

/12_dependency_tree_mapping

This skill generates comprehensive dependency maps across codebases to identify single points of failure and reveal impact chains for safer refactoring.

npx playbooks add skill sounder25/google-antigravity-skills-library --skill 12_dependency_tree_mapping

Review the files below or copy the command above to add this skill to your agents.

Files (4)
SKILL.md
2.3 KB
---
name: Dependency Tree Mapping
description: Generate comprehensive dependency graphs to identify "single-points-of-failure" and impact analysis chains.
version: 1.0.0
author: Antigravity Skills Library
created: 2026-01-16
leverage_score: 5/5
---

# SKILL-012: Dependency Tree Mapping

## Overview

Executes "Structural Awareness" by building a map of how different parts of the project rely on each other. It uses language-specific tools (nuget, pip, npm, cargo) to extract the graph and visualize it.

## Trigger Phrases

- `map dependencies`
- `show dependency tree`
- `check impact of <library>`
- `find point of failure`

## Inputs

| Parameter | Type | Required | Default | Description |
|-----------|------|----------|---------|-------------|
| `--workspace-path` | string | No | Current directory | Root of the project |
| `--depth` | int | No | 3 | Depth of dependency recursion |
| `--format` | string | No | `mermaid` | Output format: `mermaid`, `json`, `text` |

## Outputs

### 1. DEPENDENCY_GRAPH.mmd (Mermaid)

Visual graph ready for rendering:
```mermaid
graph TD
    A[Core.Engine] --> B[Utils.Math]
    A --> C[Utils.Logging]
    B --> D[External.NumPy]
    C --> E[External.Serilog]
```

### 2. RISK_REPORT.md

Analysis of the graph:
- **Critical Nodes:** Libraries that >50% of the project depends on.
- **Cycle Detection:** Circular dependencies that might cause build failures.
- **Version Conflicts:** Multiple versions of the same library requested.

## Preconditions

1. Build files must exist (package.json, *.csproj, pyproject.toml).
2. Dependencies must be resolvable (e.g., `npm list` works).

## Implementation

### Script: map_dependencies.ps1

1. **Detects Tech Stack:** (Uses `WORKSPACE_PROFILE.json` if available).
2. **Extracts Graph:**
   - **Node.js**: `npm list --json`
   - **.NET**: `dotnet list package --include-transitive` (parsed)
   - **Python**: `pipdeptree --json` (if installed)
3. **Generates Mermaid:** Transforms raw data into Mermaid syntax.
4. **Analyzes Risk:** Calculates centrality of nodes to identify critical points.

## Use Cases

1. **QA Auditing:** Identifying "single-points-of-failure" where a single library version mismatch could crash the system.
2. **Refactoring:** Knowing that changing "AuthService" impacts "UserDashboard", "AdminPanel", and "ReportingJob".

Overview

This skill builds a comprehensive dependency graph of a codebase to reveal structural risks and impact chains. It identifies critical nodes, cycles, and version conflicts and outputs visual and machine-readable artifacts for analysis. The goal is to surface single-points-of-failure and guide safe refactors or upgrades.

How this skill works

The script detects the project tech stack and runs language-appropriate extractors (npm, dotnet, pipdeptree, cargo) to collect declared and transitive dependencies. It transforms the raw dependency data into Mermaid, JSON, or plain text graphs and computes node centrality to flag critical libraries. Outputs include a visual DEPENDENCY_GRAPH.mmd and a RISK_REPORT.md summarizing critical nodes, cycles, and version issues.

When to use it

  • Before major upgrades or dependency bumps
  • During architectural refactoring to assess blast radius
  • As part of QA or release checklists to detect single-points-of-failure
  • When onboarding a new service to understand upstream/downstream impact
  • Regular dependency audits for security and maintainability

Best practices

  • Run from the repository root or provide --workspace-path to ensure full coverage
  • Use a realistic --depth to balance detail and noise (default 3)
  • Resolve local environment tooling (npm, dotnet, pipdeptree) before scanning
  • Review RISK_REPORT.md with stakeholders before changing high-centrality nodes
  • Combine results with CI gates to block risky dependency changes

Example use cases

  • Map a monorepo to find a library used by >50% of services and plan staggered updates
  • Assess impact of replacing a deprecated package before merging a pull request
  • Detect circular dependencies that cause intermittent build failures
  • Produce a visual graph for architecture reviews and documentation
  • Create a JSON export for automated risk dashboards and policy enforcement

FAQ

What formats does the skill produce?

Mermaid (.mmd) for visual rendering, JSON for tooling, and plain text for quick inspection.

What prerequisites are required?

Project build files must exist and dependency tools must be available (npm, dotnet, pipdeptree, cargo). The scanner requires resolvable dependency outputs (e.g., npm list --json).