DEV Community

Nersissiian
Nersissiian

Posted on

How I built a self‑healing package manager

#ai #automation #rust #showdev

How I Built a Self-Healing Package Manager from Scratch (Rust + AI)

The first tool that automatically resolves dependency conflicts by generating adapter code — and retries with AI until the build passes.

HealDep banner

The Problem: Dependency Hell is Real

Every developer has been there. You're building a Rust project, and suddenly:

  • Crate A requires tokio 0.2
  • Crate B requires tokio 1.0

Cargo throws an error, and your build fails. The same happens in Python (click==7.0 vs click==8.0) and in npm (lodash version mismatches). The only "solutions" are to fork one of the libraries, pin an old version forever, or manually write glue code.

I wanted to see if this could be automated away completely.

The Idea: A Package Manager That Heals Itself

What if a tool could:

  1. Detect the conflict automatically
  2. Generate an adapter shim that bridges the two versions
  3. Test the adapter in a sandbox
  4. If it fails, retry with AI-powered code generation

That's how HealDep was born.

Architecture Overview

HealDep consists of several Rust crates and a Python web dashboard:

Component Description
healdep (CLI) Main binary – parses manifests, controls the healing pipeline
healdep-synthesizer Generates shim crates/packages
healdep-sandbox Builds and tests the generated adapter in isolation
healdep-registry Caches and shares successfully generated shims
Python server Web dashboard with healing history and REST API

HealDep dashboard

How the Healing Works (Step-by-Step)

1. Parsing Manifests

HealDep reads Cargo.toml, requirements.txt, and package.json. For Rust, it uses the cargo_metadata crate to get the full resolved dependency graph. For Python and npm, it has custom parsers that extract version constraints with regular expressions.

2. Detecting the Conflict

The tool iterates over all packages. If the same crate appears with two different required versions, that's flagged as a conflict:

// Simplified detection logic
for (name, versions) in name_to_versions {
    let unique: HashSet<_> = versions.iter().collect();
    if unique.len() > 1 {
        conflicts.push(Conflict { crate_name: name, versions });
    }
}

## Docker & CI/CD

HealDep is available as a Docker image:
Enter fullscreen mode Exit fullscreen mode


bash
docker pull ghcr.io/nersisiian/healdep:v0.1.0
docker run -p 5000:5000 ghcr.io/nersisiian/healdep:v0.1.0

It also includes GitHub Actions workflows:

  • ci.yml – lint, test, build, and publish the Docker image
  • healdep-action.yml – automatically heal dependencies on every push
  • dependabot-heal.yml – heal PRs opened by Dependabot

Docker up

Lessons Learned

  1. Dependency graphs are complex – optional features, platform-specific deps, and lock files make this harder than it looks.
  2. AI is a powerful assistant, not a silver bullet – it works well for mechanical translations, but complex logic is still beyond reach.
  3. Sandboxing is essential – never modify the user's project directly. Always test the shim in isolation first.
  4. Multi-language support taught me a lot about the differences (and similarities) between Cargo, pip, and npm.

Try It Yourself

HealDep is 100% open-source (MIT licensed).


bash
git clone https://github.com/Nersisiian/HealDep.git
cd healdep
cargo build --release
./target/release/healdep heal examples/demo_app/Cargo.toml --ai

If you like it, give it a ⭐ on GitHub — it means the world to a solo developer.

- **GitHub**: [https://github.com/Nersisiian/HealDep](https://github.com/Nersisiian/HealDep)
- **Product Hunt**: [https://www.producthunt.com/posts/healdep](https://www.producthunt.com/posts/healdep)

---

## What's Next?

I'm planning to add support for Java (Maven/Gradle) and Go. If you have ideas or want to contribute, open an issue or join the discussion!

**Thank you for reading, and may your builds never fail again.** 🩺
Enter fullscreen mode Exit fullscreen mode

Top comments (1)

Collapse
 
nersisiian profile image
Nersissiian

Hey everyone, author here! 👋

I built HealDep because I was tired of manually resolving dependency conflicts. This article explains how it works under the hood — from parsing manifests to generating adapter code with AI.

I'd love to hear your thoughts:

What's the worst dependency conflict you've faced?

Would you use a tool like this in your CI pipeline?

Any ideas for new languages to support? (Java? Go?)

Thanks for reading, and may your builds never fail! 🩺