← All tools

Code Engineering

Dependencies

List or inspect a project's third-party dependencies. Auto-detects the package manager.

dependencies

Overview

Lets the agent reason about the dependency graph — useful when triaging upgrades, security findings, or 'why is this transitive on the classpath'.

How it works

READ_ONLY tool — never modifies pom.xml/package.json/etc. Default timeout 180s, output capped at 50 KB. operation=why requires target=<package-name>; package names are validated against a strict character allowlist before being passed to the underlying CLI.

Example

When a user asks:

Why is jackson-databind on the classpath?

the agent calls the tool:

dependencies(operation="why", target="jackson-databind")

and gets back: ai.intelliswarm:swarmai-core depends on org.springframework.boot:spring-boot-starter-web 3.4.0, which depends on com.fasterxml.jackson.core:jackson-databind 2.18.1.

What it's good for

Real scenarios where agents put this tool to work.

CVE triage: combine with cve_lookup / osv_lookup to find which deps need upgrading
Dependency-graph exploration before a major upgrade

Source

Implementation lives at swarmai-tools/src/main/java/ai/intelliswarm/swarmai/tool/code/build/DependencyTool.java in the swarm-ai repository.

Open dependencies on GitHub →